diff --git a/.DEREK.yml b/.DEREK.yml
index 3fd6789173495..1198da9513bde 100644
--- a/.DEREK.yml
+++ b/.DEREK.yml
@@ -3,11 +3,14 @@ curators:
   - alexellis
   - andrewhsu
   - anonymuse
+  - arkodg
   - chanwit
   - ehazlett
   - fntlnz
   - gianarb
+  - kolyshkin
   - mgoelzer
+  - olljanat
   - programmerq
   - rheinwein
   - ripcurld0
@@ -15,3 +18,5 @@ curators:
 
 features:
   - comments
+  - pr_description_required
+
diff --git a/.dockerignore b/.dockerignore
index 4a56f2e00c26a..a8eeb4b41f30a 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,7 +1,6 @@
-bundles
+.git
+.go-pkg-cache
 .gopath
+bundles
 vendor/pkg
-.go-pkg-cache
-.git
-hack/integration-cli-on-swarm/integration-cli-on-swarm
 
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 908185496518a..26e94ba4df628 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -4,17 +4,12 @@
 # KEEP THIS FILE SORTED. Order is important. Last match takes precedence.
 
 builder/**                              @tonistiigi
-client/**                               @dnephin
 contrib/mkimage/**                      @tianon
 daemon/graphdriver/devmapper/**         @rhvgoyal 
-daemon/graphdriver/lcow/**              @johnstep @jhowardmsft
 daemon/graphdriver/overlay/**           @dmcgowan
 daemon/graphdriver/overlay2/**          @dmcgowan
-daemon/graphdriver/windows/**           @johnstep @jhowardmsft
+daemon/graphdriver/windows/**           @johnstep
 daemon/logger/awslogs/**                @samuelkarp  
 hack/**                                 @tianon
-hack/integration-cli-on-swarm/**        @AkihiroSuda
-integration-cli/**                      @vdemeester
-integration/**                          @vdemeester
 plugin/**                               @cpuguy83
 project/**                              @thaJeztah
diff --git a/.gitignore b/.gitignore
index 392bf963c5e71..1605fa8930fee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@
 #  please consider a global .gitignore https://help.github.com/articles/ignoring-files
 *.exe
 *.exe~
+*.gz
 *.orig
 test.main
 .*.swp
@@ -16,9 +17,7 @@ autogen/
 bundles/
 cmd/dockerd/dockerd
 contrib/builder/rpm/*/changelog
-dockerversion/version_autogen.go
-dockerversion/version_autogen_unix.go
 vendor/pkg/
-hack/integration-cli-on-swarm/integration-cli-on-swarm
-coverage.txt
+go-test-report.json
 profile.out
+junit-report.xml
diff --git a/.mailmap b/.mailmap
index 55663177c64fc..cc2e8088d3b0b 100644
--- a/.mailmap
+++ b/.mailmap
@@ -9,7 +9,14 @@
 <21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
 <mr.wrfly@gmail.com> <wrfly@users.noreply.github.com>
 Aaron L. Xu <liker.xu@foxmail.com>
-Abhinandan Prativadi <abhi@docker.com>
+Abhinandan Prativadi <aprativadi@gmail.com>
+Abhinandan Prativadi <aprativadi@gmail.com> <abhi@docker.com>
+Abhinandan Prativadi <aprativadi@gmail.com> abhi <user.email>
+Abhishek Chanda <abhishek.becs@gmail.com>
+Abhishek Chanda <abhishek.becs@gmail.com> <abhishek.chanda@emc.com>
+Ada Mancini <ada@docker.com>
+Adam Dobrawy <naczelnik@jawnosc.tk>
+Adam Dobrawy <naczelnik@jawnosc.tk> <ad-m@users.noreply.github.com>
 Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
 Ahmed Kamal <email.ahmedkamal@googlemail.com>
 Ahmet Alp Balkan <ahmetb@microsoft.com> <ahmetalpbalkan@gmail.com>
@@ -17,12 +24,21 @@ AJ Bowen <aj@soulshake.net>
 AJ Bowen <aj@soulshake.net> <aj@gandi.net>
 AJ Bowen <aj@soulshake.net> <amy@gandi.net>
 Akihiro Matsushima <amatsusbit@gmail.com> <amatsus@users.noreply.github.com>
-Akihiro Suda <suda.akihiro@lab.ntt.co.jp> <suda.kyoto@gmail.com>
+Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
+Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.akihiro@lab.ntt.co.jp>
+Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.kyoto@gmail.com>
+Akshay Moghe <akshay.moghe@gmail.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
 Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
 Aleksandrs Fadins <aleks@s-ko.net>
+Alessandro Boch <aboch@tetrationanalytics.com>
+Alessandro Boch <aboch@tetrationanalytics.com>
 Alessandro Boch <aboch@tetrationanalytics.com> <aboch@docker.com>
+Alessandro Boch <aboch@tetrationanalytics.com> <aboch@socketplane.io>
+Alessandro Boch <aboch@tetrationanalytics.com> <aboch@users.noreply.github.com>
+Alex Chan <alex@alexwlchan.net>
+Alex Chan <alex@alexwlchan.net> <alex.chan@metaswitch.com>
 Alex Chen <alexchenunix@gmail.com> <root@localhost.localdomain>
 Alex Ellis <alexellis2@gmail.com>
 Alex Goodman <wagoodman@gmail.com> <wagoodman@users.noreply.github.com>
@@ -30,11 +46,17 @@ Alexander Larsson <alexl@redhat.com> <alexander.larsson@gmail.com>
 Alexander Morozov <lk4d4@docker.com>
 Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
 Alexandre Beslic <alexandre.beslic@gmail.com> <abronan@docker.com>
+Alexis Thomas <fr.alexisthomas@gmail.com>
 Alicia Lauerman <alicia@eta.im> <allydevour@me.com>
 Allen Sun <allensun.shl@alibaba-inc.com> <allen.sun@daocloud.io>
 Allen Sun <allensun.shl@alibaba-inc.com> <shlallen1990@gmail.com>
+Andrea Denisse Gómez <crypto.andrea@protonmail.ch>
+Andrew Kim <taeyeonkim90@gmail.com>
+Andrew Kim <taeyeonkim90@gmail.com> <akim01@fortinet.com>
 Andrew Weiss <andrew.weiss@docker.com> <andrew.weiss@microsoft.com>
 Andrew Weiss <andrew.weiss@docker.com> <andrew.weiss@outlook.com>
+Andrey Kolomentsev <andrey.kolomentsev@docker.com>
+Andrey Kolomentsev <andrey.kolomentsev@docker.com> <andrey.kolomentsev@gmail.com>
 André Martins  <aanm90@gmail.com> <martins@noironetworks.com>
 Andy Rothfusz <github@developersupport.net> <github@metaliveblog.com>
 Andy Smith <github@anarkystic.com>
@@ -47,28 +69,40 @@ Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@users.noreply.github.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
+Arko Dasgupta <arko.dasgupta@docker.com>
+Arko Dasgupta <arko.dasgupta@docker.com> <arkodg@users.noreply.github.com>
 Arnaud Porterie <arnaud.porterie@docker.com>
 Arnaud Porterie <arnaud.porterie@docker.com> <icecrime@gmail.com>
+Arnaud Rebillout <arnaud.rebillout@collabora.com>
+Arnaud Rebillout <arnaud.rebillout@collabora.com> <elboulangero@gmail.com>
 Arthur Gautier <baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
 Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
 Ben Bonnefoy <frenchben@docker.com>
 Ben Golub <ben.golub@dotcloud.com>
 Ben Toews <mastahyeti@gmail.com> <mastahyeti@users.noreply.github.com>
+Benny Ng <benny.tpng@gmail.com>
 Benoit Chesneau <bchesneau@gmail.com>
+Bevisy Zhang <binbin36520@gmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
 Bhumika Bayani <bhumikabayani@gmail.com>
 Bilal Amarni <bilal.amarni@gmail.com> <bamarni@users.noreply.github.com>
 Bill Wang <ozbillwang@gmail.com> <SydOps@users.noreply.github.com>
+Bily Zhang <xcoder@tenxcloud.com>
 Bin Liu <liubin0329@gmail.com>
 Bin Liu <liubin0329@gmail.com> <liubin0329@users.noreply.github.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Boaz Shuster <ripcurld.github@gmail.com>
+Boqin Qin <bobbqqin@gmail.com>
 Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.co>
 Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.org>
 Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
+Brian Goff <cpuguy83@gmail.com> <brian.goff@microsoft.com>
+Brian Goff <cpuguy83@gmail.com> <cpuguy@hey.com>
+Cameron Sparr <gh@sparr.email>
+Carlos de Paula <me@carlosedp.com>
 Chander Govindarajan <chandergovind@gmail.com>
 Chao Wang <wangchao.fnst@cn.fujitsu.com> <chaowang@localhost.localdomain>
 Charles Hooper <charles.hooper@dotcloud.com> <chooper@plumata.com>
@@ -77,12 +111,19 @@ Chen Chuanliang <chen.chuanliang@zte.com.cn>
 Chen Mingjie <chenmingjie0828@163.com>
 Chen Qiu <cheney-90@hotmail.com>
 Chen Qiu <cheney-90@hotmail.com> <21321229@zju.edu.cn>
+Chengfei Shang <cfshang@alauda.io>
 Chris Dias <cdias@microsoft.com>
 Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
+Chris Price <cprice@mirantis.com>
+Chris Price <cprice@mirantis.com> <chris.price@docker.com>
+Chris Telfer <ctelfer@docker.com>
+Chris Telfer <ctelfer@docker.com> <ctelfer@users.noreply.github.com>
 Christopher Biscardi <biscarch@sketcht.com>
 Christopher Latham <sudosurootdev@gmail.com>
+Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
 Corbin Coleman <corbin.coleman@docker.com>
+Cristian Ariza <dev@cristianrz.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejacksons@gmail.com>
@@ -105,6 +146,7 @@ Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> <root@vagrant-ubuntu-12.10.vagr
 Daniel Nephin <dnephin@docker.com> <dnephin@gmail.com>
 Daniel Norberg <dano@spotify.com> <daniel.norberg@gmail.com>
 Daniel Watkins <daniel@daniel-watkins.co.uk>
+Daniel Zhang <jmzwcn@gmail.com>
 Danny Yates <danny@codeaholics.org> <Danny.Yates@mailonline.co.uk>
 Darren Shepherd <darren.s.shepherd@gmail.com> <darren@rancher.com>
 Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
@@ -115,16 +157,27 @@ David M. Karr <davidmichaelkarr@gmail.com>
 David Sheets <dsheets@docker.com> <sheets@alum.mit.edu>
 David Sissitka <me@dsissitka.com>
 David Williamson <david.williamson@docker.com> <davidwilliamson@users.noreply.github.com>
+Derek Ch <denc716@gmail.com>
 Deshi Xiao <dxiao@redhat.com> <dsxiao@dataman-inc.com>
 Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
+Dhilip Kumars <dhilip.kumar.s@huawei.com>
 Diego Siqueira <dieg0@live.com>
 Diogo Monica <diogo@docker.com> <diogo.monica@gmail.com>
+Dmitry Sharshakov <d3dx12.xx@gmail.com>
+Dmitry Sharshakov <d3dx12.xx@gmail.com> <sh7dm@outlook.com>
+Dmytro Iakovliev <dmytro.iakovliev@zodiacsystems.com>
+Dominic Yin <yindongchao@inspur.com>
 Dominik Honnef <dominik@honnef.co> <dominikh@fork-bomb.org>
 Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
 Doug Tangren <d.tangren@gmail.com>
+Drew Erny <derny@mirantis.com>
+Drew Erny <derny@mirantis.com> <drew.erny@docker.com>
 Elan Ruusamäe <glen@pld-linux.org>
 Elan Ruusamäe <glen@pld-linux.org> <glen@delfi.ee>
 Elango Sivanandam <elango.siva@docker.com>
+Elango Sivanandam <elango.siva@docker.com> <elango@docker.com>
+Eli Uriegas <seemethere101@gmail.com>
+Eli Uriegas <seemethere101@gmail.com> <eli.uriegas@docker.com>
 Eric G. Noriega <enoriega@vizuri.com> <egnoriega@users.noreply.github.com>
 Eric Hanchrow <ehanchrow@ine.com> <eric.hanchrow@gmail.com>
 Eric Rosenberg <ehaydenr@gmail.com> <ehaydenr@users.noreply.github.com>
@@ -146,7 +199,9 @@ Feng Yan <fy2462@gmail.com>
 Fengtu Wang <wangfengtu@huawei.com> <wangfengtu@huawei.com>
 Francisco Carriedo <fcarriedo@gmail.com>
 Frank Rosquin <frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
+Frank Yang <yyb196@gmail.com>
 Frederick F. Kautz IV <fkautz@redhat.com> <fkautz@alumni.cmu.edu>
+Fu JinLin <withlin@yeah.net>
 Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
 Gaetan de Villele <gdevillele@gmail.com>
 Gang Qiao <qiaohai8866@gmail.com> <1373319223@qq.com>
@@ -154,14 +209,19 @@ Geon Kim <geon0250@gmail.com>
 George Kontridze <george@bugsnag.com>
 Gerwim Feiken <g.feiken@tfe.nl> <gerwim@gmail.com>
 Giampaolo Mancini <giampaolo@trampolineup.com>
+Giovan Isa Musthofa <giovanism@outlook.co.id>
 Gopikannan Venugopalsamy <gopikannan.venugopalsamy@gmail.com>
 Gou Rao <gou@portworx.com> <gourao@users.noreply.github.com>
+Grant Millar <rid@cylo.io>
+Grant Millar <rid@cylo.io> <grant@cylo.io>
+Grant Millar <rid@cylo.io> <grant@seednet.eu>
 Greg Stephens <greg@udon.org>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <charmes.guillaume@gmail.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume.charmes@dotcloud.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@charmes.net>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@docker.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@dotcloud.com>
+Gunadhya S. <6939749+gunadhya@users.noreply.github.com>
 Guri <odg0318@gmail.com>
 Gurjeet Singh <gurjeet@singh.im> <singh.gurjeet@gmail.com>
 Gustav Sinder <gustav.sinder@gmail.com>
@@ -170,6 +230,7 @@ Hakan Özler <hakan.ozler@kodcu.com>
 Hao Shu Wei <haosw@cn.ibm.com>
 Hao Shu Wei <haosw@cn.ibm.com> <haoshuwei1989@163.com>
 Harald Albers <github@albersweb.de> <albers@users.noreply.github.com>
+Harald Niesche <harald@niesche.de>
 Harold Cooper <hrldcpr@gmail.com>
 Harry Zhang <harryz@hyper.sh> <harryzhang@zju.edu.cn>
 Harry Zhang <harryz@hyper.sh> <resouer@163.com>
@@ -177,35 +238,53 @@ Harry Zhang <harryz@hyper.sh> <resouer@gmail.com>
 Harry Zhang <resouer@163.com>
 Harshal Patil <harshal.patil@in.ibm.com> <harche@users.noreply.github.com>
 Helen Xie <chenjg@harmonycloud.cn>
+Hiroyuki Sasagawa <hs19870702@gmail.com>
 Hollie Teal <hollie@docker.com>
 Hollie Teal <hollie@docker.com> <hollie.teal@docker.com>
 Hollie Teal <hollie@docker.com> <hollietealok@users.noreply.github.com>
 Hu Keping <hukeping@huawei.com>
+Hui Kang <hkang.sunysb@gmail.com>
+Hui Kang <hkang.sunysb@gmail.com> <kangh@us.ibm.com>
 Huu Nguyen <huu@prismskylabs.com> <whoshuu@gmail.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com> <1187766782@qq.com>
+Ian Campbell <ian.campbell@docker.com>
+Ian Campbell <ian.campbell@docker.com> <ijc@docker.com>
 Ilya Khlopotov <ilya.khlopotov@gmail.com>
+Iskander Sharipov <quasilyte@gmail.com>
 Ivan Markin <sw@nogoegst.net> <twim@riseup.net>
 Jack Laxson <jackjrabbit@gmail.com>
 Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
 Jacob Tomlinson <jacob@tom.linson.uk> <jacobtomlinson@users.noreply.github.com>
 Jaivish Kothari <janonymous.codevulture@gmail.com>
+Jake Moshenko <jake@devtable.com>
+Jakub Drahos <jdrahos@pulsepoint.com>
+Jakub Drahos <jdrahos@pulsepoint.com> <jack.drahos@gmail.com>
+James Nesbitt <jnesbitt@mirantis.com>
+James Nesbitt <jnesbitt@mirantis.com> <james.nesbitt@wunderkraut.com>
 Jamie Hannaford <jamie@limetree.org> <jamie.hannaford@rackspace.com>
+Jana Radhakrishnan <mrjana@docker.com>
+Jana Radhakrishnan <mrjana@docker.com> <mrjana@socketplane.io>
+Jean Rouge <rougej+github@gmail.com> <jer329@cornell.edu>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jean-Tiare Le Bigot <jt@yadutaf.fr> <admin@jtlebi.fr>
 Jeff Anderson <jeff@docker.com> <jefferya@programmerq.net>
 Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
 Jeroen Franse <jeroenfranse@gmail.com>
-Jessica Frazelle <acidburn@microsoft.com>
-Jessica Frazelle <acidburn@microsoft.com> <acidburn@docker.com>
-Jessica Frazelle <acidburn@microsoft.com> <acidburn@google.com>
-Jessica Frazelle <acidburn@microsoft.com> <jess@docker.com>
-Jessica Frazelle <acidburn@microsoft.com> <jess@mesosphere.com>
-Jessica Frazelle <acidburn@microsoft.com> <jessfraz@google.com>
-Jessica Frazelle <acidburn@microsoft.com> <jfrazelle@users.noreply.github.com>
-Jessica Frazelle <acidburn@microsoft.com> <me@jessfraz.com>
-Jessica Frazelle <acidburn@microsoft.com> <princess@docker.com>
+Jessica Frazelle <jess@oxide.computer>
+Jessica Frazelle <jess@oxide.computer> <acidburn@docker.com>
+Jessica Frazelle <jess@oxide.computer> <acidburn@google.com>
+Jessica Frazelle <jess@oxide.computer> <acidburn@microsoft.com>
+Jessica Frazelle <jess@oxide.computer> <jess@docker.com>
+Jessica Frazelle <jess@oxide.computer> <jess@mesosphere.com>
+Jessica Frazelle <jess@oxide.computer> <jessfraz@google.com>
+Jessica Frazelle <jess@oxide.computer> <jfrazelle@users.noreply.github.com>
+Jessica Frazelle <jess@oxide.computer> <me@jessfraz.com>
+Jessica Frazelle <jess@oxide.computer> <princess@docker.com>
+Jian Liao <jliao@alauda.io>
+Jiang Jinyang <jjyruby@gmail.com>
+Jiang Jinyang <jjyruby@gmail.com> <jiangjinyang@outlook.com>
 Jim Galasyn <jim.galasyn@docker.com>
 Jiuyue Ma <majiuyue@huawei.com>
 Joey Geiger <jgeiger@gmail.com>
@@ -214,19 +293,23 @@ Joffrey F <joffrey@docker.com> <f.joffrey@gmail.com>
 Joffrey F <joffrey@docker.com> <joffrey@dotcloud.com>
 Johan Euphrosine <proppy@google.com> <proppy@aminche.com>
 John Harris <john@johnharris.io>
-John Howard (VM) <John.Howard@microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhoward@ntdev.microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhowardmsft@users.noreply.github.com>
-John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
+John Howard <github@lowenna.com>
+John Howard <github@lowenna.com> <10522484+lowenna@users.noreply.github.com>
+John Howard <github@lowenna.com> <jhoward@microsoft.com>
+John Howard <github@lowenna.com> <jhoward@ntdev.microsoft.com>
+John Howard <github@lowenna.com> <jhowardmsft@users.noreply.github.com>
+John Howard <github@lowenna.com> <John.Howard@microsoft.com>
+John Howard <github@lowenna.com> <john.howard@microsoft.com>
 John Stephens <johnstep@docker.com> <johnstep@users.noreply.github.com>
+Jon Surrell <jon.surrell@gmail.com> <jon.surrell@automattic.com>
 Jonathan Choy <jonathan.j.choy@gmail.com>
 Jonathan Choy <jonathan.j.choy@gmail.com> <oni@tetsujinlabs.com>
-Jon Surrell <jon.surrell@gmail.com> <jon.surrell@automattic.com>
 Jordan Arentsen <blissdev@gmail.com>
 Jordan Jennings <jjn2009@gmail.com> <jjn2009@users.noreply.github.com>
 Jorit Kleine-Möllhoff <joppich@bricknet.de> <joppich@users.noreply.github.com>
-Jose Diaz-Gonzalez <jose@seatgeek.com> <josegonzalez@users.noreply.github.com>
+Jose Diaz-Gonzalez <email@josediazgonzalez.com>
+Jose Diaz-Gonzalez <email@josediazgonzalez.com> <jose@seatgeek.com>
+Jose Diaz-Gonzalez <email@josediazgonzalez.com> <josegonzalez@users.noreply.github.com>
 Josh Bonczkowski <josh.bonczkowski@gmail.com>
 Josh Eveleth <joshe@opendns.com> <jeveleth@users.noreply.github.com>
 Josh Hawn <josh.hawn@docker.com> <jlhawn@berkeley.edu>
@@ -236,6 +319,7 @@ Josh Wilson <josh.wilson@fivestars.com> <jcwilson@users.noreply.github.com>
 Joyce Jang <mail@joycejang.com>
 Julien Bordellier <julienbordellier@gmail.com> <git@julienbordellier.com>
 Julien Bordellier <julienbordellier@gmail.com> <me@julienbordellier.com>
+Jun Du <dujun5@huawei.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Cormack <justin.cormack@docker.com> <justin.cormack@unikernel.com>
 Justin Cormack <justin.cormack@docker.com> <justin@specialbusservice.com>
@@ -249,6 +333,8 @@ Kai Qiang Wu (Kennan) <wkq5325@gmail.com>
 Kai Qiang Wu (Kennan) <wkq5325@gmail.com> <wkqwu@cn.ibm.com>
 Kamil Domański <kamil@domanski.co>
 Kamjar Gerami <kami.gerami@gmail.com>
+Karthik Nayak <karthik.188@gmail.com>
+Karthik Nayak <karthik.188@gmail.com> <Karthik.188@gmail.com>
 Ken Cochrane <kencochrane@gmail.com> <KenCochrane@gmail.com>
 Ken Herner <kherner@progress.com> <chosenken@gmail.com>
 Ken Reese <krrgithub@gmail.com>
@@ -263,17 +349,25 @@ Konrad Kleine <konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
 Konstantin Gribov <grossws@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
+Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
+Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <btkushuwahak@KUNAL-PC.swh.swh.nttdata.co.jp>
 Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <kunal.kushwaha@gmail.com>
+Kyle Squizzato <ksquizz@gmail.com>
+Kyle Squizzato <ksquizz@gmail.com> <kyle.squizzato@docker.com>
 Lajos Papp <lajos.papp@sequenceiq.com> <lalyos@yahoo.com>
+Lei Gong <lgong@alauda.io>
 Lei Jitang <leijitang@huawei.com>
 Lei Jitang <leijitang@huawei.com> <leijitang@gmail.com>
+Lei Jitang <leijitang@huawei.com> <leijitang@outlook.com>
+Leiiwang <u2takey@gmail.com>
 Liang Mingqiang <mqliang.zju@gmail.com>
 Liang-Chi Hsieh <viirya@gmail.com>
 Liao Qingwei <liaoqingwei@huawei.com>
 Linus Heckemann <lheckemann@twig-world.com>
 Linus Heckemann <lheckemann@twig-world.com> <anonymouse2048@gmail.com>
 Lokesh Mandvekar <lsm5@fedoraproject.org> <lsm5@redhat.com>
-Lorenzo Fontana <lo@linux.com> <fontanalorenzo@me.com>
+Lorenzo Fontana <fontanalorenz@gmail.com> <fontanalorenzo@me.com>
+Lorenzo Fontana <fontanalorenz@gmail.com> <lo@linux.com>
 Louis Opter <kalessin@kalessin.fr>
 Louis Opter <kalessin@kalessin.fr> <louis@dotcloud.com>
 Luca Favatella <luca.favatella@erlang-solutions.com> <lucafavatella@users.noreply.github.com>
@@ -282,8 +376,11 @@ Lyn <energylyn@zju.edu.cn>
 Lynda O'Leary <lyndaoleary29@gmail.com>
 Lynda O'Leary <lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
 Ma Müller <mueller-ma@users.noreply.github.com>
+Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
+Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com> <madhanm@corp.microsoft.com>
 Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com> <madhanm@microsoft.com>
-Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
+Madhu Venugopal <mavenugo@gmail.com> <madhu@docker.com>
+Madhu Venugopal <mavenugo@gmail.com> <madhu@socketplane.io>
 Mageee <fangpuyi@foxmail.com> <21521230.zju.edu.cn>
 Mansi Nahar <mmn4185@rit.edu> <mansi.nahar@macbookpro-mansinahar.local>
 Mansi Nahar <mmn4185@rit.edu> <mansinahar@users.noreply.github.com>
@@ -296,6 +393,7 @@ Markan Patel <mpatel678@gmail.com>
 Markus Kortlang <hyp3rdino@googlemail.com> <markus.kortlang@lhsystems.com>
 Martin Redmond <redmond.martin@gmail.com> <martin@tinychat.com>
 Martin Redmond <redmond.martin@gmail.com> <xgithub@redmond5.com>
+Maru Newby <mnewby@thesprawl.net>
 Mary Anthony <mary.anthony@docker.com> <mary@docker.com>
 Mary Anthony <mary.anthony@docker.com> <moxieandmore@gmail.com>
 Mary Anthony <mary.anthony@docker.com> moxiegirl <mary@docker.com>
@@ -309,31 +407,44 @@ Matthew Mosesohn <raytrac3r@gmail.com>
 Matthew Mueller <mattmuelle@gmail.com>
 Matthias Kühnle <git.nivoc@neverbox.com> <kuehnle@online.de>
 Mauricio Garavaglia <mauricio@medallia.com> <mauriciogaravaglia@gmail.com>
+Maxwell <csuhp007@gmail.com>
+Maxwell <csuhp007@gmail.com> <csuhqg@foxmail.com>
+Menghui Chen <menghui.chen@alibaba-inc.com>
+Michael Beskin <mrbeskin@gmail.com>
 Michael Crosby <michael@docker.com> <crosby.michael@gmail.com>
 Michael Crosby <michael@docker.com> <crosbymichael@gmail.com>
 Michael Crosby <michael@docker.com> <michael@crosbymichael.com>
-Michał Gryko <github@odkurzacz.org>
 Michael Hudson-Doyle <michael.hudson@canonical.com> <michael.hudson@linaro.org>
 Michael Huettermann <michael@huettermann.net>
 Michael Käufl <docker@c.michael-kaeufl.de> <michael-k@users.noreply.github.com>
 Michael Nussbaum <michael.nussbaum@getbraintree.com>
 Michael Nussbaum <michael.nussbaum@getbraintree.com> <code@getbraintree.com>
 Michael Spetsiotis <michael_spets@hotmail.com>
+Michael Stapelberg <michael+gh@stapelberg.de>
+Michael Stapelberg <michael+gh@stapelberg.de> <stapelberg@google.com>
+Michal Kostrzewa <michal.kostrzewa@codilime.com>
+Michal Kostrzewa <michal.kostrzewa@codilime.com> <kostrzewa.michal@o2.pl>
 Michal Minář <miminar@redhat.com>
+Michał Gryko <github@odkurzacz.org>
 Michiel de Jong <michiel@unhosted.org>
 Mickaël Fortunato <morsi.morsicus@gmail.com>
 Miguel Angel Alvarez Cabrerizo <doncicuto@gmail.com> <30386061+doncicuto@users.noreply.github.com>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
 Mihai Borobocea <MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
+Mikael Davranche <mikael.davranche@corp.ovh.com>
+Mikael Davranche <mikael.davranche@corp.ovh.com> <mikael.davranche@corp.ovh.net>
 Mike Casas <mkcsas0@gmail.com> <mikecasas@users.noreply.github.com>
 Mike Goelzer <mike.goelzer@docker.com> <mgoelzer@docker.com>
 Milind Chawre <milindchawre@gmail.com>
 Misty Stanley-Jones <misty@docker.com> <misty@apache.org>
+Mohammad Banikazemi <MBanikazemi@gmail.com>
+Mohammad Banikazemi <MBanikazemi@gmail.com> <mb@us.ibm.com>
 Mohit Soni <mosoni@ebay.com> <mohitsoni1989@gmail.com>
 Moorthy RS <rsmoorthy@gmail.com> <rsmoorthy@users.noreply.github.com>
 Moysés Borges <moysesb@gmail.com>
 Moysés Borges <moysesb@gmail.com> <moyses.furtado@wplex.com.br>
 Nace Oroz <orkica@gmail.com>
+Natasha Jarus <linuxmercedes@gmail.com>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
 Neil Horman <nhorman@tuxdriver.com> <nhorman@hmswarspite.think-freely.org>
@@ -345,6 +456,11 @@ Nolan Darilek <nolan@thewordnerd.info>
 O.S. Tezer <ostezer@gmail.com>
 O.S. Tezer <ostezer@gmail.com> <ostezer@users.noreply.github.com>
 Oh Jinkyun <tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
+Oliver Reason <oli@overrateddev.co>
+Olli Janatuinen <olli.janatuinen@gmail.com>
+Olli Janatuinen <olli.janatuinen@gmail.com> <olljanat@users.noreply.github.com>
+Onur Filiz <onur.filiz@microsoft.com>
+Onur Filiz <onur.filiz@microsoft.com> <ofiliz@users.noreply.github.com>
 Ouyang Liduo <oyld0210@163.com>
 Patrick Stapleton <github@gdi2290.com>
 Paul Liljenberg <liljenberg.paul@gmail.com> <letters@paulnotcom.se>
@@ -358,22 +474,38 @@ Peter Waller <p@pwaller.net> <peter@scraperwiki.com>
 Phil Estes <estesp@linux.vnet.ibm.com> <estesp@gmail.com>
 Philip Alexander Etling <paetling@gmail.com>
 Philipp Gillé <philipp.gille@gmail.com> <philippgille@users.noreply.github.com>
+Prasanna Gautam <prasannagautam@gmail.com>
+Puneet Pruthi <puneet.pruthi@oracle.com>
+Puneet Pruthi <puneet.pruthi@oracle.com> <puneetpruthi@gmail.com>
 Qiang Huang <h.huangqiang@huawei.com>
 Qiang Huang <h.huangqiang@huawei.com> <qhuang@10.0.2.15>
+Qin TianHuan <tianhuan@bingotree.cn>
 Ray Tsang <rayt@google.com> <saturnism@users.noreply.github.com>
 Renaud Gaubert <rgaubert@nvidia.com> <renaud.gaubert@gmail.com>
 Robert Terhaar <rterhaar@atlanticdynamic.com> <robbyt@users.noreply.github.com>
 Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
 Roberto Muñoz Fernández <robertomf@gmail.com> <roberto.munoz.fernandez.contractor@bbva.com>
+Robin Thoni <robin@rthoni.com>
 Roman Dudin <katrmr@gmail.com> <decadent@users.noreply.github.com>
+Rong Zhang <rongzhang@alauda.io>
+Rongxiang Song <tinysong1226@gmail.com>
+Rony Weng <ronyweng@synology.com>
 Ross Boucher <rboucher@gmail.com>
+Rui Cao <ruicao@alauda.io>
 Runshen Zhu <runshen.zhu@gmail.com>
 Ryan Stelly <ryan.stelly@live.com>
+Ryoga Saito <contact@proelbtn.com>
+Ryoga Saito <contact@proelbtn.com> <proelbtn@users.noreply.github.com>
+Sainath Grandhi <sainath.grandhi@intel.com>
+Sainath Grandhi <sainath.grandhi@intel.com> <saiallforums@gmail.com>
 Sakeven Jiang <jc5930@sina.cn>
 Sandeep Bansal <sabansal@microsoft.com>
 Sandeep Bansal <sabansal@microsoft.com> <msabansal@microsoft.com>
+Santhosh Manohar <santhosh@docker.com>
 Sargun Dhillon <sargun@netflix.com> <sargun@sargun.me>
 Sean Lee <seanlee@tw.ibm.com> <scaleoutsean@users.noreply.github.com>
+Sebastiaan van Stijn <github@gone.nl>
+Sebastiaan van Stijn <github@gone.nl> <moby@example.com>
 Sebastiaan van Stijn <github@gone.nl> <sebastiaan@ws-key-sebas3.dpi1.dpi>
 Sebastiaan van Stijn <github@gone.nl> <thaJeztah@users.noreply.github.com>
 Shaun Kaasten <shaunk@gmail.com>
@@ -382,11 +514,14 @@ Shengbo Song <thomassong@tencent.com>
 Shengbo Song <thomassong@tencent.com> <mymneo@163.com>
 Shih-Yuan Lee <fourdollars@gmail.com>
 Shishir Mahajan <shishir.mahajan@redhat.com> <smahajan@redhat.com>
+Shu-Wai Chow <shu-wai.chow@seattlechildrens.org>
 Shukui Yang <yangshukui@huawei.com>
 Shuwei Hao <haosw@cn.ibm.com>
 Shuwei Hao <haosw@cn.ibm.com> <haoshuwei24@gmail.com>
 Sidhartha Mani <sidharthamn@gmail.com>
 Sjoerd Langkemper <sjoerd-github@linuxonly.nl> <sjoerd@byte.nl>
+Smark Meng <smark@freecoop.net>
+Smark Meng <smark@freecoop.net> <smarkm@users.noreply.github.com>
 Solomon Hykes <solomon@docker.com> <s@docker.com>
 Solomon Hykes <solomon@docker.com> <solomon.hykes@dotcloud.com>
 Solomon Hykes <solomon@docker.com> <solomon@dotcloud.com>
@@ -400,9 +535,12 @@ Stefan Berger <stefanb@linux.vnet.ibm.com>
 Stefan Berger <stefanb@linux.vnet.ibm.com> <stefanb@us.ibm.com>
 Stefan J. Wernli <swernli@microsoft.com> <swernli@ntdev.microsoft.com>
 Stefan S. <tronicum@user.github.com>
+Stefan Scherer <stefan.scherer@docker.com>
+Stefan Scherer <stefan.scherer@docker.com> <scherer_stefan@icloud.com>
 Stephan Spindler <shutefan@gmail.com> <shutefan@users.noreply.github.com>
-Stephen Day <stephen.day@docker.com>
-Stephen Day <stephen.day@docker.com> <stevvooe@users.noreply.github.com>
+Stephen Day <stevvooe@gmail.com>
+Stephen Day <stevvooe@gmail.com> <stephen.day@docker.com>
+Stephen Day <stevvooe@gmail.com> <stevvooe@users.noreply.github.com>
 Steve Desmond <steve@vtsv.ca> <stevedesmond-ca@users.noreply.github.com>
 Sun Gengze <690388648@qq.com>
 Sun Jianbo <wonderflow.sun@gmail.com>
@@ -418,24 +556,40 @@ Sylvain Bellemare <sylvain@ascribe.io>
 Sylvain Bellemare <sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
 Tangi Colin <tangicolin@gmail.com>
 Tejesh Mehta <tejesh.mehta@gmail.com> <tj@init.me>
+Terry Chu <zue.hterry@gmail.com>
+Terry Chu <zue.hterry@gmail.com> <jubosh.tw@gmail.com>
 Thatcher Peskens <thatcher@docker.com>
 Thatcher Peskens <thatcher@docker.com> <thatcher@dotcloud.com>
 Thatcher Peskens <thatcher@docker.com> <thatcher@gmx.net>
+Thiago Alves Silva <thiago.alves@aurea.com>
+Thiago Alves Silva <thiago.alves@aurea.com> <thiagoalves@users.noreply.github.com>
 Thomas Gazagnaire <thomas@gazagnaire.org> <thomas@gazagnaire.com>
 Thomas Léveil <thomasleveil@gmail.com>
 Thomas Léveil <thomasleveil@gmail.com> <thomasleveil@users.noreply.github.com>
 Tibor Vass <teabee89@gmail.com> <tibor@docker.com>
 Tibor Vass <teabee89@gmail.com> <tiborvass@users.noreply.github.com>
+Till Claassen <pixelistik@users.noreply.github.com>
 Tim Bart <tim@fewagainstmany.com>
 Tim Bosse <taim@bosboot.org> <maztaim@users.noreply.github.com>
+Tim Potter <tpot@hpe.com>
+Tim Potter <tpot@hpe.com> <tpot@Tims-MacBook-Pro.local>
 Tim Ruffles <oi@truffles.me.uk> <timruffles@googlemail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
+Tim Wagner <tim.wagner@freenet.ag>
+Tim Wagner <tim.wagner@freenet.ag> <33624860+herrwagner@users.noreply.github.com>
 Tim Zju <21651152@zju.edu.cn>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 Toli Kuznets <toli@docker.com>
 Tom Barlow <tomwbarlow@gmail.com>
+Tom Denham <tom@tomdee.co.uk>
+Tom Denham <tom@tomdee.co.uk> <tom.denham@metaswitch.com>
 Tom Sweeney <tsweeney@redhat.com>
+Tom Wilkie <tom.wilkie@gmail.com>
+Tom Wilkie <tom.wilkie@gmail.com> <tom@weave.works>
 Tõnis Tiigi <tonistiigi@gmail.com>
+Trace Andreason <tandreason@gmail.com>
+Trapier Marshall <tmarshall@mirantis.com>
+Trapier Marshall <tmarshall@mirantis.com> <trapier.marshall@docker.com>
 Trishna Guha <trishnaguha17@gmail.com>
 Tristan Carel <tristan@cogniteev.com>
 Tristan Carel <tristan@cogniteev.com> <tristan.carel@gmail.com>
@@ -449,15 +603,23 @@ Victor Vieux <victor.vieux@docker.com> <victor@docker.com>
 Victor Vieux <victor.vieux@docker.com> <victor@dotcloud.com>
 Victor Vieux <victor.vieux@docker.com> <victorvieux@gmail.com>
 Victor Vieux <victor.vieux@docker.com> <vieux@docker.com>
+Vikas Choudhary <choudharyvikas16@gmail.com>
+Vikram bir Singh <vsingh@mirantis.com>
+Vikram bir Singh <vsingh@mirantis.com> <vikrambir.singh@docker.com>
 Viktor Vojnovski <viktor.vojnovski@amadeus.com> <vojnovski@gmail.com>
 Vincent Batts <vbatts@redhat.com> <vbatts@hashbangbash.com>
 Vincent Bernat <Vincent.Bernat@exoscale.ch> <bernat@luffy.cx>
 Vincent Bernat <Vincent.Bernat@exoscale.ch> <vincent@bernat.im>
+Vincent Boulineau <vincent.boulineau@datadoghq.com>
 Vincent Demeester <vincent.demeester@docker.com> <vincent+github@demeester.fr>
 Vincent Demeester <vincent.demeester@docker.com> <vincent@demeester.fr>
 Vincent Demeester <vincent.demeester@docker.com> <vincent@sbr.pm>
 Vishnu Kannan <vishnuk@google.com>
+Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
+Vitaly Ostrosablin <vostrosablin@virtuozzo.com> <tmp6154@yandex.ru>
 Vladimir Rutsky <altsysrq@gmail.com> <iamironbob@gmail.com>
+Vladislav Kolesnikov <vkolesnikov@beget.ru>
+Vladislav Kolesnikov <vkolesnikov@beget.ru> <prime@vladqa.ru>
 Walter Stanish <walter@pratyeka.org>
 Wang Chao <chao.wang@ucloud.cn>
 Wang Chao <chao.wang@ucloud.cn> <wcwxyz@gmail.com>
@@ -469,11 +631,23 @@ Wang Yuexiao <wang.yuexiao@zte.com.cn>
 Wayne Chang <wayne@neverfear.org>
 Wayne Song <wsong@docker.com> <wsong@users.noreply.github.com>
 Wei Wu <wuwei4455@gmail.com> cizixs <cizixs@163.com>
+Wen Cheng Ma <wenchma@cn.ibm.com>
 Wenjun Tang <tangwj2@lenovo.com> <dodia@163.com>
 Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
 Will Weaver <monkey@buildingbananas.com>
+Wing-Kam Wong <wingkwong.code@gmail.com>
+WuLonghui <wlh6666@qq.com>
+Xian Chaobo <xianchaobo@huawei.com>
+Xian Chaobo <xianchaobo@huawei.com> <jimmyxian2004@yahoo.com.cn>
 Xianglin Gao <xlgao@zju.edu.cn>
+Xianjie <guxianjie@gmail.com>
+Xianjie <guxianjie@gmail.com> <datastream@datastream-laptop.local>
 Xianlu Bird <xianlubird@gmail.com>
+Xiao YongBiao <xyb4638@gmail.com>
+Xiao Zhang <xiaozhang0210@hotmail.com>
+Xiaodong Liu <liuxiaodong@loongson.cn>
+Xiaodong Zhang <a4012017@sina.com>
+Xiaohua Ding <xiao_hua_ding@sina.cn>
 Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
 Xuecong Liao <satorulogic@gmail.com>
 Yamasaki Masahide <masahide.y@gmail.com>
@@ -485,15 +659,25 @@ Yi EungJun <eungjun.yi@navercorp.com> <semtlenori@gmail.com>
 Ying Li <ying.li@docker.com>
 Ying Li <ying.li@docker.com> <cyli@twistedmatrix.com>
 Yong Tang <yong.tang.github@outlook.com> <yongtang@users.noreply.github.com>
+Yongxin Li <yxli@alauda.io>
 Yosef Fertel <yfertel@gmail.com> <frosforever@users.noreply.github.com>
 Yu Changchun <yuchangchun1@huawei.com>
 Yu Chengxia <yuchengxia@huawei.com>
 Yu Peng <yu.peng36@zte.com.cn>
 Yu Peng <yu.peng36@zte.com.cn> <yupeng36@zte.com.cn>
+Yue Zhang <zy675793960@yeah.net>
+Zach Gershman <zachgersh@gmail.com>
+Zach Gershman <zachgersh@gmail.com> <zachgersh@users.noreply.github.com>
 Zachary Jaffee <zjaffee@us.ibm.com> <zij@case.edu>
 Zachary Jaffee <zjaffee@us.ibm.com> <zjaffee@apache.org>
 ZhangHang <stevezhang2014@gmail.com>
 Zhenkun Bi <bi.zhenkun@zte.com.cn>
 Zhou Hao <zhouhao@cn.fujitsu.com>
+Zhoulin Xie <zhoulin.xie@daocloud.io>
 Zhu Kunjia <zhu.kunjia@zte.com.cn>
+Ziheng Liu <lzhfromustc@gmail.com>
 Zou Yu <zouyu7@huawei.com>
+Zuhayr Elahi <zuhayr.elahi@docker.com>
+Zuhayr Elahi <zuhayr.elahi@docker.com> <elahi.zuhayr@gmail.com>
+정재영 <jjy600901@gmail.com>
+정재영 <jjy600901@gmail.com> <43400316+J-jaeyoung@users.noreply.github.com>
diff --git a/AUTHORS b/AUTHORS
index c6c8fb40e3989..2ae76d2c2c9c5 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -4,6 +4,7 @@
 Aanand Prasad <aanand.prasad@gmail.com>
 Aaron Davidson <aaron@databricks.com>
 Aaron Feng <aaron.feng@gmail.com>
+Aaron Hnatiw <aaron@griddio.com>
 Aaron Huslage <huslage@gmail.com>
 Aaron L. Xu <liker.xu@foxmail.com>
 Aaron Lehmann <aaron.lehmann@docker.com>
@@ -11,12 +12,14 @@ Aaron Welch <welch@packet.net>
 Aaron.L.Xu <likexu@harmonycloud.cn>
 Abel Muiño <amuino@gmail.com>
 Abhijeet Kasurde <akasurde@redhat.com>
-Abhinandan Prativadi <abhi@docker.com>
+Abhinandan Prativadi <aprativadi@gmail.com>
 Abhinav Ajgaonkar <abhinav316@gmail.com>
 Abhishek Chanda <abhishek.becs@gmail.com>
 Abhishek Sharma <abhishek@asharma.me>
 Abin Shahab <ashahab@altiscale.com>
+Ada Mancini <ada@docker.com>
 Adam Avilla <aavilla@yp.com>
+Adam Dobrawy <naczelnik@jawnosc.tk>
 Adam Eijdenberg <adam.eijdenberg@gmail.com>
 Adam Kunk <adam.kunk@tiaa-cref.org>
 Adam Miller <admiller@redhat.com>
@@ -24,6 +27,7 @@ Adam Mills <adam@armills.info>
 Adam Pointer <adam.pointer@skybettingandgaming.com>
 Adam Singer <financeCoding@gmail.com>
 Adam Walz <adam@adamwalz.net>
+Adam Williams <awilliams@mirantis.com>
 Addam Hardy <addam.hardy@gmail.com>
 Aditi Rajagopal <arajagopal@us.ibm.com>
 Aditya <aditya@netroy.in>
@@ -43,17 +47,22 @@ AJ Bowen <aj@soulshake.net>
 Ajey Charantimath <ajey.charantimath@gmail.com>
 ajneu <ajneu@users.noreply.github.com>
 Akash Gupta <akagup@microsoft.com>
+Akhil Mohan <akhil.mohan@mayadata.io>
 Akihiro Matsushima <amatsusbit@gmail.com>
-Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
+Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akim Demaille <akim.demaille@docker.com>
 Akira Koyasu <mail@akirakoyasu.net>
 Akshay Karle <akshay.a.karle@gmail.com>
+Akshay Moghe <akshay.moghe@gmail.com>
 Al Tobey <al@ooyala.com>
 alambike <alambike@gmail.com>
+Alan Hoyle <alan@alanhoyle.com>
 Alan Scherger <flyinprogrammer@gmail.com>
 Alan Thompson <cloojure@gmail.com>
 Albert Callarisa <shark234@gmail.com>
 Albert Zhang <zhgwenming@gmail.com>
+Albin Kerouanton <albin@akerouanton.name>
+Alec Benson <albenson@redhat.com>
 Alejandro González Hevia <alejandrgh11@gmail.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksandrs Fadins <aleks@s-ko.net>
@@ -75,16 +84,19 @@ Alexander Boyd <alex@opengroove.org>
 Alexander Larsson <alexl@redhat.com>
 Alexander Midlash <amidlash@docker.com>
 Alexander Morozov <lk4d4@docker.com>
+Alexander Polakov <plhk@sdf.org>
 Alexander Shopov <ash@kambanaria.org>
 Alexandre Beslic <alexandre.beslic@gmail.com>
 Alexandre Garnier <zigarn@gmail.com>
 Alexandre González <agonzalezro@gmail.com>
 Alexandre Jomin <alexandrejomin@gmail.com>
 Alexandru Sfirlogea <alexandru.sfirlogea@gmail.com>
+Alexei Margasov <alexei38@yandex.ru>
 Alexey Guskov <lexag@mail.ru>
 Alexey Kotlyarov <alexey@infoxchange.net.au>
 Alexey Shamrin <shamrin@gmail.com>
-Alexis THOMAS <fr.alexisthomas@gmail.com>
+Alexis Ries <ries.alexis@gmail.com>
+Alexis Thomas <fr.alexisthomas@gmail.com>
 Alfred Landrum <alfred.landrum@docker.com>
 Ali Dehghani <ali.dehghani.g@gmail.com>
 Alicia Lauerman <alicia@eta.im>
@@ -97,6 +109,7 @@ Alvin Deng <alvin.q.deng@utexas.edu>
 Alvin Richards <alvin.richards@docker.com>
 amangoel <amangoel@gmail.com>
 Amen Belayneh <amenbelayneh@gmail.com>
+Ameya Gawde <agawde@mirantis.com>
 Amir Goldstein <amir73il@aquasec.com>
 Amit Bakshi <ambakshi@gmail.com>
 Amit Krishnan <amit.krishnan@oracle.com>
@@ -106,11 +119,13 @@ Amy Lindburg <amy.lindburg@docker.com>
 Anand Patil <anand.prabhakar.patil@gmail.com>
 AnandkumarPatel <anandkumarpatel@gmail.com>
 Anatoly Borodin <anatoly.borodin@gmail.com>
+Anca Iordache <anca.iordache@docker.com>
 Anchal Agrawal <aagrawa4@illinois.edu>
 Anda Xu <anda.xu@docker.com>
 Anders Janmyr <anders@janmyr.com>
 Andre Dublin <81dublin@gmail.com>
 Andre Granovsky <robotciti@live.com>
+Andrea Denisse Gómez <crypto.andrea@protonmail.ch>
 Andrea Luzzardi <aluzzardi@gmail.com>
 Andrea Turli <andrea.turli@gmail.com>
 Andreas Elvers <andreas@work.de>
@@ -118,6 +133,8 @@ Andreas Köhler <andi5.py@gmx.net>
 Andreas Savvides <andreas@editd.com>
 Andreas Tiefenthaler <at@an-ti.eu>
 Andrei Gherzan <andrei@resin.io>
+Andrei Ushakov <aushakov@netflix.com>
+Andrei Vagin <avagin@gmail.com>
 Andrew C. Bodine <acbodine@us.ibm.com>
 Andrew Clay Shafer <andrewcshafer@gmail.com>
 Andrew Duckworth <grillopress@gmail.com>
@@ -126,6 +143,7 @@ Andrew Gerrand <adg@golang.org>
 Andrew Guenther <guenther.andrew.j@gmail.com>
 Andrew He <he.andrew.mail@gmail.com>
 Andrew Hsu <andrewhsu@docker.com>
+Andrew Kim <taeyeonkim90@gmail.com>
 Andrew Kuklewicz <kookster@gmail.com>
 Andrew Macgregor <andrew.macgregor@agworld.com.au>
 Andrew Macpherson <hopscotch23@gmail.com>
@@ -137,6 +155,7 @@ Andrew Po <absourd.noise@gmail.com>
 Andrew Weiss <andrew.weiss@docker.com>
 Andrew Williams <williams.andrew@gmail.com>
 Andrews Medina <andrewsmedina@gmail.com>
+Andrey Kolomentsev <andrey.kolomentsev@docker.com>
 Andrey Petrov <andrey.petrov@shazow.net>
 Andrey Stolbovsky <andrey.stolbovsky@gmail.com>
 André Martins <aanm90@gmail.com>
@@ -145,12 +164,15 @@ Andy Chambers <anchambers@paypal.com>
 andy diller <dillera@gmail.com>
 Andy Goldstein <agoldste@redhat.com>
 Andy Kipp <andy@rstudio.com>
+Andy Lindeman <alindeman@salesforce.com>
 Andy Rothfusz <github@developersupport.net>
 Andy Smith <github@anarkystic.com>
 Andy Wilson <wilson.andrew.j+github@gmail.com>
 Anes Hasicic <anes.hasicic@gmail.com>
+Angel Velazquez <angelcar@amazon.com>
 Anil Belur <askb23@gmail.com>
 Anil Madhavapeddy <anil@recoil.org>
+Ankit Jain <ajatkj@yahoo.co.in>
 Ankush Agarwal <ankushagarwal11@gmail.com>
 Anonmily <michelle@michelleliu.io>
 Anran Qiao <anran.qiao@daocloud.io>
@@ -168,12 +190,15 @@ Antonio Murdaca <antonio.murdaca@gmail.com>
 Antonis Kalipetis <akalipetis@gmail.com>
 Antony Messerli <amesserl@rackspace.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com>
+Anuj Varma <anujvarma@thumbtack.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com>
 apocas <petermdias@gmail.com>
 Arash Deshmeh <adeshmeh@ca.ibm.com>
 ArikaChen <eaglesora@gmail.com>
+Arko Dasgupta <arko.dasgupta@docker.com>
 Arnaud Lefebvre <a.lefebvre@outlook.fr>
 Arnaud Porterie <arnaud.porterie@docker.com>
+Arnaud Rebillout <arnaud.rebillout@collabora.com>
 Arthur Barr <arthur.barr@uk.ibm.com>
 Arthur Gautier <baloo@gandi.net>
 Artur Meyster <arthurfbi@yahoo.com>
@@ -182,19 +207,23 @@ Asad Saeeduddin <masaeedu@gmail.com>
 Asbjørn Enge <asbjorn@hanafjedle.net>
 averagehuman <averagehuman@users.noreply.github.com>
 Avi Das <andas222@gmail.com>
+Avi Kivity <avi@scylladb.com>
 Avi Miller <avi.miller@oracle.com>
 Avi Vaid <avaid1996@gmail.com>
 ayoshitake <airandfingers@gmail.com>
 Azat Khuyiyakhmetov <shadow_uz@mail.ru>
+Bao Yonglei <baoyonglei@huawei.com>
 Bardia Keyoumarsi <bkeyouma@ucsc.edu>
 Barnaby Gray <barnaby@pickle.me.uk>
 Barry Allard <barry.allard@gmail.com>
 Bartłomiej Piotrowski <b@bpiotrowski.pl>
 Bastiaan Bakker <bbakker@xebia.com>
 bdevloed <boris.de.vloed@gmail.com>
+Bearice Ren <bearice@gmail.com>
 Ben Bonnefoy <frenchben@docker.com>
 Ben Firshman <ben@firshman.co.uk>
 Ben Golub <ben.golub@dotcloud.com>
+Ben Gould <ben@bengould.co.uk>
 Ben Hall <ben@benhall.me.uk>
 Ben Sargent <ben@brokendigits.com>
 Ben Severson <BenSeverson@users.noreply.github.com>
@@ -203,21 +232,28 @@ Ben Wiklund <ben@daisyowl.com>
 Benjamin Atkin <ben@benatkin.com>
 Benjamin Baker <Benjamin.baker@utexas.edu>
 Benjamin Boudreau <boudreau.benjamin@gmail.com>
+Benjamin Böhmke <benjamin@boehmke.net>
 Benjamin Yolken <yolken@stripe.com>
+Benny Ng <benny.tpng@gmail.com>
 Benoit Chesneau <bchesneau@gmail.com>
 Bernerd Schaefer <bj.schaefer@gmail.com>
 Bernhard M. Wiedemann <bwiedemann@suse.de>
 Bert Goethals <bert@bertg.be>
+Bertrand Roussel <broussel@sierrawireless.com>
+Bevisy Zhang <binbin36520@gmail.com>
 Bharath Thiruveedula <bharath_ves@hotmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
 Bhumika Bayani <bhumikabayani@gmail.com>
 Bilal Amarni <bilal.amarni@gmail.com>
 Bill Wang <ozbillwang@gmail.com>
+Billy Ridgway <wrridgwa@us.ibm.com>
+Bily Zhang <xcoder@tenxcloud.com>
 Bin Liu <liubin0329@gmail.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Blake Geno <blakegeno@gmail.com>
 Boaz Shuster <ripcurld.github@gmail.com>
 bobby abbott <ttobbaybbob@gmail.com>
+Boqin Qin <bobbqqin@gmail.com>
 Boris Pruessmann <boris@pruessmann.org>
 Boshi Lian <farmer1992@gmail.com>
 Bouke Haarsma <bouke@webatoom.nl>
@@ -232,6 +268,7 @@ Brendan Dixon <brendand@microsoft.com>
 Brent Salisbury <brent.salisbury@docker.com>
 Brett Higgins <brhiggins@arbor.net>
 Brett Kochendorfer <brett.kochendorfer@gmail.com>
+Brett Milford <brettmilford@gmail.com>
 Brett Randall <javabrett@gmail.com>
 Brian (bex) Exelbierd <bexelbie@redhat.com>
 Brian Bland <brian.bland@docker.com>
@@ -262,6 +299,7 @@ Byung Kang <byung.kang.ctr@amrdec.army.mil>
 Caleb Spare <cespare@gmail.com>
 Calen Pennington <cale@edx.org>
 Cameron Boehmer <cameron.boehmer@gmail.com>
+Cameron Sparr <gh@sparr.email>
 Cameron Spear <cameronspear@gmail.com>
 Campbell Allen <campbell.allen@gmail.com>
 Candid Dauth <cdauth@cdauth.eu>
@@ -271,6 +309,7 @@ Carl Loa Odin <carlodin@gmail.com>
 Carl X. Su <bcbcarl@gmail.com>
 Carlo Mion <mion00@gmail.com>
 Carlos Alexandro Becker <caarlos0@gmail.com>
+Carlos de Paula <me@carlosedp.com>
 Carlos Sanchez <carlos@apache.org>
 Carol Fager-Higgins <carol.fager-higgins@docker.com>
 Cary <caryhartline@users.noreply.github.com>
@@ -302,6 +341,7 @@ Chen Min <chenmin46@huawei.com>
 Chen Mingjie <chenmingjie0828@163.com>
 Chen Qiu <cheney-90@hotmail.com>
 Cheng-mean Liu <soccerl@microsoft.com>
+Chengfei Shang <cfshang@alauda.io>
 Chengguang Xu <cgxu519@gmx.com>
 chenyuzhu <chenyuzhi@oschina.cn>
 Chetan Birajdar <birajdar.chetan@gmail.com>
@@ -317,8 +357,10 @@ Chris Fordham <chris@fordham-nagy.id.au>
 Chris Gavin <chris@chrisgavin.me>
 Chris Gibson <chris@chrisg.io>
 Chris Khoo <chris.khoo@gmail.com>
+Chris Kreussling (Flatbush Gardener) <xrisfg@gmail.com>
 Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
 Chris McKinnel <chrismckinnel@gmail.com>
+Chris Price <cprice@mirantis.com>
 Chris Seto <chriskseto@gmail.com>
 Chris Snow <chsnow123@gmail.com>
 Chris St. Pierre <chris.a.st.pierre@gmail.com>
@@ -328,6 +370,7 @@ Chris Telfer <ctelfer@docker.com>
 Chris Wahl <github@wahlnetwork.com>
 Chris Weyl <cweyl@alumni.drew.edu>
 Chris White <me@cwprogram.com>
+Christian Becker <christian.becker@sixt.com>
 Christian Berendt <berendt@b1-systems.de>
 Christian Brauner <christian.brauner@ubuntu.com>
 Christian Böhme <developement@boehme3d.de>
@@ -336,6 +379,7 @@ Christian Persson <saser@live.se>
 Christian Rotzoll <ch.rotzoll@gmail.com>
 Christian Simon <simon@swine.de>
 Christian Stefanescu <st.chris@gmail.com>
+Christoph Ziebuhr <chris@codefrickler.de>
 Christophe Mehay <cmehay@online.net>
 Christophe Troestler <christophe.Troestler@umons.ac.be>
 Christophe Vidal <kriss@krizalys.com>
@@ -345,15 +389,18 @@ Christopher Currie <codemonkey+github@gmail.com>
 Christopher Jones <tophj@linux.vnet.ibm.com>
 Christopher Latham <sudosurootdev@gmail.com>
 Christopher Rigor <crigor@gmail.com>
-Christy Perez <christy@linux.vnet.ibm.com>
+Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com>
 Ciro S. Costa <ciro.costa@usp.br>
 Clayton Coleman <ccoleman@redhat.com>
+Clint Armstrong <clint@clintarmstrong.net>
 Clinton Kitson <clintonskitson@gmail.com>
+clubby789 <jamie@hill-daniel.co.uk>
 Cody Roseborough <crrosebo@amazon.com>
 Coenraad Loubser <coenraad@wish.org.za>
 Colin Dunklau <colin.dunklau@gmail.com>
 Colin Hebert <hebert.colin@gmail.com>
+Colin Panisset <github@clabber.com>
 Colin Rice <colin@daedrum.net>
 Colin Walters <walters@verbum.org>
 Collin Guarino <collin.guarino@gmail.com>
@@ -364,10 +411,13 @@ Corey Farrell <git@cfware.com>
 Cory Forsyth <cory.forsyth@gmail.com>
 cressie176 <github@stephen-cresswell.net>
 CrimsonGlory <CrimsonGlory@users.noreply.github.com>
+Cristian Ariza <dev@cristianrz.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 cristiano balducci <cristiano.balducci@gmail.com>
+Cristina Yenyxe Gonzalez Garcia <cristina.yenyxe@gmail.com>
 Cruceru Calin-Cristian <crucerucalincristian@gmail.com>
 CUI Wei <ghostplant@qq.com>
+Cuong Manh Le <cuong.manhle.vn@gmail.com>
 Cyprian Gracz <cyprian.gracz@micro-jumbo.eu>
 Cyril F <cyrilf7x@gmail.com>
 Daan van Berkel <daan.v.berkel.1980@gmail.com>
@@ -389,14 +439,17 @@ Dan Levy <dan@danlevy.net>
 Dan McPherson <dmcphers@redhat.com>
 Dan Stine <sw@stinemail.com>
 Dan Williams <me@deedubs.com>
+Dani Hodovic <dani.hodovic@gmail.com>
 Dani Louca <dani.louca@docker.com>
 Daniel Antlinger <d.antlinger@gmx.at>
+Daniel Black <daniel@linux.ibm.com>
 Daniel Dao <dqminh@cloudflare.com>
 Daniel Exner <dex@dragonslave.de>
 Daniel Farrell <dfarrell@redhat.com>
 Daniel Garcia <daniel@danielgarcia.info>
 Daniel Gasienica <daniel@gasienica.ch>
 Daniel Grunwell <mwgrunny@gmail.com>
+Daniel Helfand <helfand.4@gmail.com>
 Daniel Hiltgen <daniel.hiltgen@docker.com>
 Daniel J Walsh <dwalsh@redhat.com>
 Daniel Menet <membership@sontags.ch>
@@ -406,12 +459,14 @@ Daniel Norberg <dano@spotify.com>
 Daniel Nordberg <dnordberg@gmail.com>
 Daniel Robinson <gottagetmac@gmail.com>
 Daniel S <dan.streby@gmail.com>
+Daniel Sweet <danieljsweet@icloud.com>
 Daniel Von Fange <daniel@leancoder.com>
 Daniel Watkins <daniel@daniel-watkins.co.uk>
 Daniel X Moore <yahivin@gmail.com>
 Daniel YC Lin <dlin.tw@gmail.com>
 Daniel Zhang <jmzwcn@gmail.com>
 Danny Berger <dpb587@gmail.com>
+Danny Milosavljevic <dannym@scratchpost.org>
 Danny Yates <danny@codeaholics.org>
 Danyal Khaliq <danyal.khaliq@tenpearls.com>
 Darren Coxall <darren@darrencoxall.com>
@@ -425,6 +480,7 @@ Dave Henderson <dhenderson@gmail.com>
 Dave MacDonald <mindlapse@gmail.com>
 Dave Tucker <dt@docker.com>
 David Anderson <dave@natulte.net>
+David Bellotti <dbellotti@pivotal.io>
 David Calavera <david.calavera@gmail.com>
 David Chung <david.chung@docker.com>
 David Corking <dmc-source@dcorking.com>
@@ -439,9 +495,12 @@ David Lawrence <david.lawrence@docker.com>
 David Lechner <david@lechnology.com>
 David M. Karr <davidmichaelkarr@gmail.com>
 David Mackey <tdmackey@booleanhaiku.com>
+David Manouchehri <manouchehri@riseup.net>
 David Mat <david@davidmat.com>
 David Mcanulty <github@hellspark.com>
 David McKay <david@rawkode.com>
+David O'Rourke <david@scalefactory.com>
+David P Hilton <david.hilton.p@gmail.com>
 David Pelaez <pelaez89@gmail.com>
 David R. Jenni <david.r.jenni@gmail.com>
 David Röthlisberger <david@rothlis.net>
@@ -459,6 +518,7 @@ dcylabs <dcylabs@gmail.com>
 Debayan De <debayande@users.noreply.github.com>
 Deborah Gertrude Digges <deborah.gertrude.digges@gmail.com>
 deed02392 <georgehafiz@gmail.com>
+Deep Debroy <ddebroy@docker.com>
 Deng Guangxing <dengguangxing@huawei.com>
 Deni Bertovic <deni@kset.org>
 Denis Defreyne <denis@soundcloud.com>
@@ -474,15 +534,18 @@ Derek McGowan <derek@mcgstyle.net>
 Deric Crago <deric.crago@gmail.com>
 Deshi Xiao <dxiao@redhat.com>
 devmeyster <arthurfbi@yahoo.com>
+Devon Estes <devon.estes@klarna.com>
 Devvyn Murphy <devvyn@devvyn.com>
 Dharmit Shah <shahdharmit@gmail.com>
 Dhawal Yogesh Bhanushali <dbhanushali@vmware.com>
+Dhilip Kumars <dhilip.kumar.s@huawei.com>
 Diego Romero <idiegoromero@gmail.com>
 Diego Siqueira <dieg0@live.com>
 Dieter Reuter <dieter.reuter@me.com>
 Dillon Dixon <dillondixon@gmail.com>
 Dima Stopel <dima@twistlock.com>
 Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
+Dimitris Mandalidis <dimitris.mandalidis@gmail.com>
 Dimitris Rozakis <dimrozakis@gmail.com>
 Dimitry Andric <d.andric@activevideo.com>
 Dinesh Subhraveti <dineshs@altiscale.com>
@@ -496,11 +559,16 @@ Dmitri Shuralyov <shurcooL@gmail.com>
 Dmitry Demeshchuk <demeshchuk@gmail.com>
 Dmitry Gusev <dmitry.gusev@gmail.com>
 Dmitry Kononenko <d@dm42.ru>
+Dmitry Sharshakov <d3dx12.xx@gmail.com>
 Dmitry Shyshkin <dmitry@shyshkin.org.ua>
 Dmitry Smirnov <onlyjob@member.fsf.org>
 Dmitry V. Krivenok <krivenok.dmitry@gmail.com>
 Dmitry Vorobev <dimahabr@gmail.com>
+Dmytro Iakovliev <dmytro.iakovliev@zodiacsystems.com>
+docker-unir[bot] <docker-unir[bot]@users.noreply.github.com>
 Dolph Mathews <dolph.mathews@gmail.com>
+Dominic Tubach <dominic.tubach@to.com>
+Dominic Yin <yindongchao@inspur.com>
 Dominik Dingel <dingel@linux.vnet.ibm.com>
 Dominik Finkbeiner <finkes93@gmail.com>
 Dominik Honnef <dominik@honnef.co>
@@ -519,7 +587,7 @@ Douglas Curtis <dougcurtis1@gmail.com>
 Dr Nic Williams <drnicwilliams@gmail.com>
 dragon788 <dragon788@users.noreply.github.com>
 Dražen Lučanin <kermit666@gmail.com>
-Drew Erny <drew.erny@docker.com>
+Drew Erny <derny@mirantis.com>
 Drew Hubl <drew.hubl@gmail.com>
 Dustin Sallings <dustin@spy.net>
 Ed Costello <epc@epcostello.com>
@@ -531,7 +599,7 @@ Eivind Uggedal <eivind@uggedal.com>
 Elan Ruusamäe <glen@pld-linux.org>
 Elango Sivanandam <elango.siva@docker.com>
 Elena Morozova <lelenanam@gmail.com>
-Eli Uriegas <eli.uriegas@docker.com>
+Eli Uriegas <seemethere101@gmail.com>
 Elias Faxö <elias.faxo@tre.se>
 Elias Probst <mail@eliasprobst.eu>
 Elijah Zupancic <elijah@zupancic.name>
@@ -550,6 +618,7 @@ Eric Curtin <ericcurtin17@gmail.com>
 Eric G. Noriega <enoriega@vizuri.com>
 Eric Hanchrow <ehanchrow@ine.com>
 Eric Lee <thenorthsecedes@gmail.com>
+Eric Mountain <eric.mountain@datadoghq.com>
 Eric Myhre <hash@exultant.us>
 Eric Paris <eparis@redhat.com>
 Eric Rafaloff <erafaloff@gmail.com>
@@ -559,6 +628,7 @@ Eric Soderstrom <ericsoderstrom@gmail.com>
 Eric Yang <windfarer@gmail.com>
 Eric-Olivier Lamey <eo@lamey.me>
 Erica Windisch <erica@windisch.us>
+Erich Cordoba <erich.cm@yandex.com>
 Erik Bray <erik.m.bray@gmail.com>
 Erik Dubbelboer <erik@dubbelboer.com>
 Erik Hollensbe <github@hollensbe.org>
@@ -568,7 +638,10 @@ Erik St. Martin <alakriti@gmail.com>
 Erik Weathers <erikdw@gmail.com>
 Erno Hopearuoho <erno.hopearuoho@gmail.com>
 Erwin van der Koogh <info@erronis.nl>
+Espen Suenson <mail@espensuenson.dk>
 Ethan Bell <ebgamer29@gmail.com>
+Ethan Mosbaugh <ethan@replicated.com>
+Euan Harris <euan.harris@docker.com>
 Euan Kemp <euan.kemp@coreos.com>
 Eugen Krizo <eugen.krizo@gmail.com>
 Eugene Yakubovich <eugene.yakubovich@coreos.com>
@@ -580,12 +653,14 @@ Evan Phoenix <evan@fallingsnow.net>
 Evan Wies <evan@neomantra.net>
 Evelyn Xu <evelynhsu21@gmail.com>
 Everett Toews <everett.toews@rackspace.com>
+Evgeniy Makhrov <e.makhrov@corp.badoo.com>
 Evgeny Shmarnev <shmarnev@gmail.com>
 Evgeny Vereshchagin <evvers@ya.ru>
 Ewa Czechowska <ewa@ai-traders.com>
 Eystein Måløy Stenberg <eystein.maloy.stenberg@cfengine.com>
 ezbercih <cem.ezberci@gmail.com>
 Ezra Silvera <ezra@il.ibm.com>
+Fabian Kramm <kramm@covexo.com>
 Fabian Lauer <kontakt@softwareschmiede-saar.de>
 Fabian Raetz <fabian.raetz@gmail.com>
 Fabiano Rosas <farosas@br.ibm.com>
@@ -604,6 +679,7 @@ Fareed Dudhia <fareeddudhia@googlemail.com>
 Fathi Boudra <fathi.boudra@linaro.org>
 Federico Gimenez <fgimenez@coit.es>
 Felipe Oliveira <felipeweb.programador@gmail.com>
+Felipe Ruhland <felipe.ruhland@gmail.com>
 Felix Abecassis <fabecassis@nvidia.com>
 Felix Geisendörfer <felix@debuggable.com>
 Felix Hupfeld <felix@quobyte.com>
@@ -624,12 +700,14 @@ Florian <FWirtz@users.noreply.github.com>
 Florian Klein <florian.klein@free.fr>
 Florian Maier <marsmensch@users.noreply.github.com>
 Florian Noeding <noeding@adobe.com>
+Florian Schmaus <flo@geekplace.eu>
 Florian Weingarten <flo@hackvalue.de>
 Florin Asavoaie <florin.asavoaie@gmail.com>
 Florin Patan <florinpatan@gmail.com>
 fonglh <fonglh@gmail.com>
 Foysal Iqbal <foysal.iqbal.fb@gmail.com>
 Francesc Campoy <campoy@google.com>
+Francesco Degrassi <francesco.degrassi@optionfactory.net>
 Francesco Mari <mari.francesco@gmail.com>
 Francis Chuang <francis.chuang@boostport.com>
 Francisco Carriedo <fcarriedo@gmail.com>
@@ -638,16 +716,20 @@ Frank Groeneveld <frank@ivaldi.nl>
 Frank Herrmann <fgh@4gh.tv>
 Frank Macreery <frank@macreery.com>
 Frank Rosquin <frank.rosquin+github@gmail.com>
+Frank Yang <yyb196@gmail.com>
 Fred Lifton <fred.lifton@docker.com>
 Frederick F. Kautz IV <fkautz@redhat.com>
+Frederico F. de Oliveira <FreddieOliveira@users.noreply.github.com>
 Frederik Loeffert <frederik@zitrusmedia.de>
 Frederik Nordahl Jul Sabroe <frederikns@gmail.com>
 Freek Kalter <freek@kalteronline.org>
 Frieder Bluemle <frieder.bluemle@gmail.com>
+Fu JinLin <withlin@yeah.net>
 Félix Baylac-Jacqué <baylac.felix@gmail.com>
 Félix Cantournet <felix.cantournet@cloudwatt.com>
 Gabe Rosenhouse <gabe@missionst.com>
 Gabor Nagy <mail@aigeruth.hu>
+Gabriel L. Somlo <gsomlo@gmail.com>
 Gabriel Linder <linder.gabriel@gmail.com>
 Gabriel Monroy <gabriel@opdemand.com>
 Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
@@ -658,10 +740,11 @@ Gareth Rushgrove <gareth@morethanseven.net>
 Garrett Barboza <garrett@garrettbarboza.com>
 Gary Schaetz <gary@schaetzkc.com>
 Gaurav <gaurav.gosec@gmail.com>
-gautam, prasanna <prasannagautam@gmail.com>
+Gaurav Singh <gaurav1086@gmail.com>
 Gaël PORTAY <gael.portay@savoirfairelinux.com>
 Genki Takiuchi <genki@s21g.com>
 GennadySpb <lipenkov@gmail.com>
+Geoff Levand <geoff@infradead.org>
 Geoffrey Bachelet <grosfrais@gmail.com>
 Geon Kim <geon0250@gmail.com>
 George Kontridze <george@bugsnag.com>
@@ -676,6 +759,7 @@ Ghislain Bourgeois <ghislain.bourgeois@gmail.com>
 Giampaolo Mancini <giampaolo@trampolineup.com>
 Gianluca Borello <g.borello@gmail.com>
 Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
+Giovan Isa Musthofa <giovanism@outlook.co.id>
 gissehel <public-devgit-dantus@gissehel.org>
 Giuseppe Mazzotta <gdm85@users.noreply.github.com>
 Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
@@ -683,11 +767,12 @@ Gleb M Borisov <borisov.gleb@gmail.com>
 Glyn Normington <gnormington@gopivotal.com>
 GoBella <caili_welcome@163.com>
 Goffert van Gool <goffert@phusion.nl>
+Goldwyn Rodrigues <rgoldwyn@suse.com>
 Gopikannan Venugopalsamy <gopikannan.venugopalsamy@gmail.com>
 Gosuke Miyashita <gosukenator@gmail.com>
 Gou Rao <gou@portworx.com>
 Govinda Fichtner <govinda.fichtner@googlemail.com>
-Grant Millar <grant@cylo.io>
+Grant Millar <rid@cylo.io>
 Grant Reaber <grant.reaber@gmail.com>
 Graydon Hoare <graydon@pobox.com>
 Greg Fausak <greg@tacodata.com>
@@ -699,6 +784,7 @@ Guilhem Lettron <guilhem+github@lettron.fr>
 Guilherme Salgado <gsalgado@gmail.com>
 Guillaume Dufour <gdufour.prestataire@voyages-sncf.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com>
+Gunadhya S. <6939749+gunadhya@users.noreply.github.com>
 guoxiuyan <guoxiuyan@huawei.com>
 Guri <odg0318@gmail.com>
 Gurjeet Singh <gurjeet@singh.im>
@@ -706,15 +792,20 @@ Guruprasad <lgp171188@gmail.com>
 Gustav Sinder <gustav.sinder@gmail.com>
 gwx296173 <gaojing3@huawei.com>
 Günter Zöchbauer <guenter@gzoechbauer.com>
+Haichao Yang <yang.haichao@zte.com.cn>
 haikuoliu <haikuo@amazon.com>
 Hakan Özler <hakan.ozler@kodcu.com>
+Hamish Hutchings <moredhel@aoeu.me>
+Hannes Ljungberg <hannes@5monkeys.se>
 Hans Kristian Flaatten <hans@starefossen.com>
 Hans Rødtang <hansrodtang@gmail.com>
 Hao Shu Wei <haosw@cn.ibm.com>
 Hao Zhang <21521210@zju.edu.cn>
 Harald Albers <github@albersweb.de>
+Harald Niesche <harald@niesche.de>
 Harley Laue <losinggeneration@gmail.com>
 Harold Cooper <hrldcpr@gmail.com>
+Harrison Turton <harrisonturton@gmail.com>
 Harry Zhang <harryz@hyper.sh>
 Harshal Patil <harshal.patil@in.ibm.com>
 Harshal Patil <harshalp@linux.vnet.ibm.com>
@@ -726,17 +817,24 @@ Hector Castro <hectcastro@gmail.com>
 Helen Xie <chenjg@harmonycloud.cn>
 Henning Sprang <henning.sprang@gmail.com>
 Hiroshi Hatake <hatake@clear-code.com>
+Hiroyuki Sasagawa <hs19870702@gmail.com>
 Hobofan <goisser94@gmail.com>
 Hollie Teal <hollie@docker.com>
 Hong Xu <hong@topbug.net>
 Hongbin Lu <hongbin034@gmail.com>
+Hongxu Jia <hongxu.jia@windriver.com>
+Honza Pokorny <me@honza.ca>
+Hsing-Hui Hsu <hsinghui@amazon.com>
 hsinko <21551195@zju.edu.cn>
 Hu Keping <hukeping@huawei.com>
 Hu Tao <hutao@cn.fujitsu.com>
+HuanHuan Ye <logindaveye@gmail.com>
 Huanzhong Zhang <zhanghuanzhong90@gmail.com>
 Huayi Zhang <irachex@gmail.com>
+Hugo Barrera <hugo@barrera.io>
 Hugo Duncan <hugo@hugoduncan.org>
 Hugo Marisco <0x6875676f@gmail.com>
+Hui Kang <hkang.sunysb@gmail.com>
 Hunter Blanks <hunter@twilio.com>
 huqun <huqun@zju.edu.cn>
 Huu Nguyen <huu@prismskylabs.com>
@@ -766,8 +864,10 @@ Ilya Khlopotov <ilya.khlopotov@gmail.com>
 imre Fitos <imre.fitos+github@gmail.com>
 inglesp <peter.inglesby@gmail.com>
 Ingo Gottwald <in.gottwald@gmail.com>
+Innovimax <innovimax@gmail.com>
 Isaac Dupree <antispam@idupree.com>
 Isabel Jimenez <contact.isabeljimenez@gmail.com>
+Isaiah Grace <irgkenya4@gmail.com>
 Isao Jonas <isao.jonas@gmail.com>
 Iskander Sharipov <quasilyte@gmail.com>
 Ivan Babrou <ibobrik@gmail.com>
@@ -783,11 +883,12 @@ Jacob Edelman <edelman.jd@gmail.com>
 Jacob Tomlinson <jacob@tom.linson.uk>
 Jacob Vallejo <jakeev@amazon.com>
 Jacob Wen <jian.w.wen@oracle.com>
+Jaime Cepeda <jcepedavillamayor@gmail.com>
 Jaivish Kothari <janonymous.codevulture@gmail.com>
 Jake Champlin <jake.champlin.27@gmail.com>
 Jake Moshenko <jake@devtable.com>
 Jake Sanders <jsand@google.com>
-jakedt <jake@devtable.com>
+Jakub Drahos <jdrahos@pulsepoint.com>
 James Allen <jamesallen0108@gmail.com>
 James Carey <jecarey@us.ibm.com>
 James Carr <james.r.carr@gmail.com>
@@ -797,11 +898,13 @@ James Kyburz <james.kyburz@gmail.com>
 James Kyle <james@jameskyle.org>
 James Lal <james@lightsofapollo.com>
 James Mills <prologic@shortcircuit.net.au>
-James Nesbitt <james.nesbitt@wunderkraut.com>
+James Nesbitt <jnesbitt@mirantis.com>
 James Nugent <james@jen20.com>
 James Turnbull <james@lovedthanlost.net>
+James Watkins-Harvey <jwatkins@progi-media.com>
 Jamie Hannaford <jamie@limetree.org>
 Jamshid Afshar <jafshar@yahoo.com>
+Jan Chren <dev.rindeal@gmail.com>
 Jan Keromnes <janx@linux.com>
 Jan Koprowski <jan.koprowski@gmail.com>
 Jan Pazdziora <jpazdziora@redhat.com>
@@ -816,6 +919,7 @@ Jared Hocutt <jaredh@netapp.com>
 Jaroslaw Zabiello <hipertracker@gmail.com>
 jaseg <jaseg@jaseg.net>
 Jasmine Hegman <jasmine@jhegman.com>
+Jason A. Donenfeld <Jason@zx2c4.com>
 Jason Divock <jdivock@gmail.com>
 Jason Giedymin <jasong@apache.org>
 Jason Green <Jason.Green@AverInformatics.Com>
@@ -832,6 +936,7 @@ jaxgeller <jacksongeller@gmail.com>
 Jay <imjching@hotmail.com>
 Jay <teguhwpurwanto@gmail.com>
 Jay Kamat <github@jgkamat.33mail.com>
+Jean Rouge <rougej+github@gmail.com>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jean-Christophe Berthon <huygens@berthon.eu>
@@ -848,12 +953,14 @@ Jeff Minard <jeff@creditkarma.com>
 Jeff Nickoloff <jeff.nickoloff@gmail.com>
 Jeff Silberman <jsilberm@gmail.com>
 Jeff Welch <whatthejeff@gmail.com>
+Jeff Zvier <zvier20@gmail.com>
 Jeffrey Bolle <jeffreybolle@gmail.com>
 Jeffrey Morgan <jmorganca@gmail.com>
 Jeffrey van Gogh <jvg@google.com>
 Jenny Gebske <jennifer@gebske.de>
 Jeremy Chambers <jeremy@thehipbot.com>
 Jeremy Grosser <jeremy@synack.me>
+Jeremy Huntwork <jhuntwork@lightcubesolutions.com>
 Jeremy Price <jprice.rhit@gmail.com>
 Jeremy Qian <vanpire110@163.com>
 Jeremy Unruh <jeremybunruh@gmail.com>
@@ -862,29 +969,37 @@ Jeroen Franse <jeroenfranse@gmail.com>
 Jeroen Jacobs <github@jeroenj.be>
 Jesse Dearing <jesse.dearing@gmail.com>
 Jesse Dubay <jesse@thefortytwo.net>
-Jessica Frazelle <acidburn@microsoft.com>
+Jessica Frazelle <jess@oxide.computer>
 Jezeniel Zapanta <jpzapanta22@gmail.com>
 Jhon Honce <jhonce@redhat.com>
 Ji.Zhilong <zhilongji@gmail.com>
+Jian Liao <jliao@alauda.io>
 Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
+Jiang Jinyang <jjyruby@gmail.com>
+Jianyong Wu <jianyong.wu@arm.com>
 Jie Luo <luo612@zju.edu.cn>
+Jie Ma <jienius@outlook.com>
 Jihyun Hwang <jhhwang@telcoware.com>
 Jilles Oldenbeuving <ojilles@gmail.com>
 Jim Alateras <jima@comware.com.au>
+Jim Carroll <jim.carroll@docker.com>
+Jim Ehrismann <jim.ehrismann@docker.com>
 Jim Galasyn <jim.galasyn@docker.com>
+Jim Lin <b04705003@ntu.edu.tw>
 Jim Minter <jminter@redhat.com>
 Jim Perrin <jperrin@centos.org>
 Jimmy Cuadra <jimmy@jimmycuadra.com>
 Jimmy Puckett <jimmy.puckett@spinen.com>
 Jimmy Song <rootsongjc@gmail.com>
-jimmyxian <jimmyxian2004@yahoo.com.cn>
 Jinsoo Park <cellpjs@gmail.com>
+Jintao Zhang <zhangjintao9020@gmail.com>
+Jiri Appl <jiria@microsoft.com>
 Jiri Popelka <jpopelka@redhat.com>
 Jiuyue Ma <majiuyue@huawei.com>
 Jiří Župka <jzupka@redhat.com>
-jjy <jiangjinyang@outlook.com>
-jmzwcn <jmzwcn@gmail.com>
+Joakim Roubert <joakim.roubert@axis.com>
 Joao Fernandes <joao.fernandes@docker.com>
+Joao Trindade <trindade.joao@gmail.com>
 Joe Beda <joe.github@bedafamily.com>
 Joe Doliner <jdoliner@pachyderm.io>
 Joe Ferguson <joe@infosiftr.com>
@@ -908,7 +1023,7 @@ John Feminella <jxf@jxf.me>
 John Gardiner Myers <jgmyers@proofpoint.com>
 John Gossman <johngos@microsoft.com>
 John Harris <john@johnharris.io>
-John Howard (VM) <John.Howard@microsoft.com>
+John Howard <github@lowenna.com>
 John Laswell <john.n.laswell@gmail.com>
 John Maguire <jmaguire@duosecurity.com>
 John Mulhausen <john@docker.com>
@@ -922,7 +1037,10 @@ John Willis <john.willis@docker.com>
 Jon Johnson <jonjohnson@google.com>
 Jon Surrell <jon.surrell@gmail.com>
 Jon Wedaman <jweede@gmail.com>
+Jonas Dohse <jonas@dohse.ch>
+Jonas Heinrich <Jonas@JonasHeinrich.com>
 Jonas Pfenniger <jonas@pfenniger.name>
+Jonathan A. Schweder <jonathanschweder@gmail.com>
 Jonathan A. Sternberg <jonathansternberg@gmail.com>
 Jonathan Boulle <jonathanboulle@gmail.com>
 Jonathan Camp <jonathan@irondojo.com>
@@ -941,9 +1059,10 @@ Joost Cassee <joost@cassee.net>
 Jordan Arentsen <blissdev@gmail.com>
 Jordan Jennings <jjn2009@gmail.com>
 Jordan Sissel <jls@semicomplete.com>
+Jordi Massaguer Pla <jmassaguerpla@suse.de>
 Jorge Marin <chipironcin@users.noreply.github.com>
 Jorit Kleine-Möllhoff <joppich@bricknet.de>
-Jose Diaz-Gonzalez <jose@seatgeek.com>
+Jose Diaz-Gonzalez <email@josediazgonzalez.com>
 Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
 Joseph Hager <ajhager@gmail.com>
 Joseph Kern <jkern@semafour.net>
@@ -970,10 +1089,15 @@ Julien Dubois <julien.dubois@gmail.com>
 Julien Kassar <github@kassisol.com>
 Julien Maitrehenry <julien.maitrehenry@me.com>
 Julien Pervillé <julien.perville@perfect-memory.com>
+Julien Pivotto <roidelapluie@inuits.eu>
+Julio Guerra <julio@sqreen.com>
 Julio Montes <imc.coder@gmail.com>
+Jun Du <dujun5@huawei.com>
 Jun-Ru Chang <jrjang@gmail.com>
+junxu <xujun@cmss.chinamobile.com>
 Jussi Nummelin <jussi.nummelin@gmail.com>
 Justas Brazauskas <brazauskasjustas@gmail.com>
+Justen Martin <jmart@the-coder.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Force <justin.force@gmail.com>
 Justin Menga <justin.menga@gmail.com>
@@ -982,11 +1106,13 @@ Justin Simonelis <justin.p.simonelis@gmail.com>
 Justin Terry <juterry@microsoft.com>
 Justyn Temme <justyntemme@gmail.com>
 Jyrki Puttonen <jyrkiput@gmail.com>
+Jérémy Leherpeur <amenophis@leherpeur.net>
 Jérôme Petazzoni <jerome.petazzoni@docker.com>
 Jörg Thalheim <joerg@higgsboson.tk>
 K. Heller <pestophagous@gmail.com>
 Kai Blin <kai@samba.org>
 Kai Qiang Wu (Kennan) <wkq5325@gmail.com>
+Kaijie Chen <chen@kaijie.org>
 Kamil Domański <kamil@domanski.co>
 Kamjar Gerami <kami.gerami@gmail.com>
 Kanstantsin Shautsou <kanstantsin.sha@gmail.com>
@@ -997,7 +1123,7 @@ kargakis <kargakis@users.noreply.github.com>
 Karl Grzeszczak <karlgrz@gmail.com>
 Karol Duleba <mr.fuxi@gmail.com>
 Karthik Karanth <karanth.karthik@gmail.com>
-Karthik Nayak <Karthik.188@gmail.com>
+Karthik Nayak <karthik.188@gmail.com>
 Kasper Fabæch Brandt <poizan@poizan.dk>
 Kate Heddleston <kate.heddleston@gmail.com>
 Katie McLaughlin <katie@glasnt.com>
@@ -1007,6 +1133,7 @@ Kawsar Saiyeed <kawsar.saiyeed@projiris.com>
 Kay Yan <kay.yan@daocloud.io>
 kayrus <kay.diam@gmail.com>
 Kazuhiro Sera <seratch@gmail.com>
+Kazuyoshi Kato <katokazu@amazon.com>
 Ke Li <kel@splunk.com>
 Ke Xu <leonhartx.k@gmail.com>
 Kei Ohmura <ohmura.kei@gmail.com>
@@ -1019,6 +1146,7 @@ Ken Reese <krrgithub@gmail.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
 Kenjiro Nakayama <nakayamakenjiro@gmail.com>
 Kent Johnson <kentoj@gmail.com>
+Kenta Tada <Kenta.Tada@sony.com>
 Kevin "qwazerty" Houdebert <kevin.houdebert@gmail.com>
 Kevin Burke <kev@inburke.com>
 Kevin Clark <kevin.clark@gmail.com>
@@ -1029,6 +1157,7 @@ Kevin Kern <kaiwentan@harmonycloud.cn>
 Kevin Menard <kevin@nirvdrum.com>
 Kevin Meredith <kevin.m.meredith@gmail.com>
 Kevin P. Kucharczyk <kevinkucharczyk@gmail.com>
+Kevin Parsons <kevpar@microsoft.com>
 Kevin Richardson <kevin@kevinrichardson.co>
 Kevin Shi <kshi@andrew.cmu.edu>
 Kevin Wallace <kevin@pentabarf.net>
@@ -1048,16 +1177,20 @@ Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
 Konstantin Gribov <grossws@gmail.com>
 Konstantin L <sw.double@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
+Kostadin Plachkov <k.n.plachkov@gmail.com>
 Krasi Georgiev <krasi@vip-consult.solutions>
 Krasimir Georgiev <support@vip-consult.co.uk>
 Kris-Mikael Krister <krismikael@protonmail.com>
 Kristian Haugene <kristian.haugene@capgemini.com>
 Kristina Zabunova <triara.xiii@gmail.com>
+Krystian Wojcicki <kwojcicki@sympatico.ca>
 Kun Zhang <zkazure@gmail.com>
 Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 Kunal Tyagi <tyagi.kunal@live.com>
 Kyle Conroy <kyle.j.conroy@gmail.com>
 Kyle Linden <linden.kyle@gmail.com>
+Kyle Squizzato <ksquizz@gmail.com>
+Kyle Wuolle <kyle.wuolle@gmail.com>
 kyu <leehk1227@gmail.com>
 Lachlan Coote <lcoote@vmware.com>
 Lai Jiangshan <jiangshanlai@gmail.com>
@@ -1072,20 +1205,26 @@ Lars R. Damerow <lars@pixar.com>
 Lars-Magnus Skog <ralphtheninja@riseup.net>
 Laszlo Meszaros <lacienator@gmail.com>
 Laura Frank <ljfrank@gmail.com>
+Laurent Bernaille <laurent.bernaille@datadoghq.com>
 Laurent Erignoux <lerignoux@gmail.com>
 Laurie Voss <github@seldo.com>
 Leandro Siqueira <leandro.siqueira@gmail.com>
+Lee Calcote <leecalcote@gmail.com>
 Lee Chao <932819864@qq.com>
 Lee, Meng-Han <sunrisedm4@gmail.com>
 leeplay <hyeongkyu.lee@navercorp.com>
 Lei Gong <lgong@alauda.io>
 Lei Jitang <leijitang@huawei.com>
+Leiiwang <u2takey@gmail.com>
 Len Weincier <len@cloudafrica.net>
 Lennie <github@consolejunkie.net>
 Leo Gallucci <elgalu3@gmail.com>
+Leonardo Nodari <me@leonardonodari.it>
+Leonardo Taccari <leot@NetBSD.org>
 Leszek Kowalski <github@leszekkowalski.pl>
 Levi Blackstone <levi.blackstone@rackspace.com>
 Levi Gross <levi@levigross.com>
+Levi Harrison <levisamuelharrison@gmail.com>
 Lewis Daly <lewisdaly@me.com>
 Lewis Marshall <lewis@lmars.net>
 Lewis Peckover <lew+github@lew.io>
@@ -1094,8 +1233,12 @@ Liam Macgillavry <liam@kumina.nl>
 Liana Lo <liana.lixia@gmail.com>
 Liang Mingqiang <mqliang.zju@gmail.com>
 Liang-Chi Hsieh <viirya@gmail.com>
+liangwei <liangwei14@huawei.com>
 Liao Qingwei <liaoqingwei@huawei.com>
+Lifubang <lifubang@acmcoder.com>
+Lihua Tang <lhtang@alauda.io>
 Lily Guo <lily.guo@docker.com>
+limeidan <limeidan@loongson.cn>
 limsy <seongyeol37@gmail.com>
 Lin Lu <doraalin@163.com>
 LingFaKe <lingfake@huawei.com>
@@ -1113,8 +1256,9 @@ Lloyd Dewolf <foolswisdom@gmail.com>
 Lokesh Mandvekar <lsm5@fedoraproject.org>
 longliqiang88 <394564827@qq.com>
 Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
-Lorenzo Fontana <lo@linux.com>
+Lorenzo Fontana <fontanalorenz@gmail.com>
 Lotus Fenn <fenn.lotus@gmail.com>
+Louis Delossantos <ldelossa.ld@gmail.com>
 Louis Opter <kalessin@kalessin.fr>
 Luca Favatella <luca.favatella@erlang-solutions.com>
 Luca Marturana <lucamarturana@gmail.com>
@@ -1123,9 +1267,11 @@ Luca-Bogdan Grigorescu <Luca-Bogdan Grigorescu>
 Lucas Chan <lucas-github@lucaschan.com>
 Lucas Chi <lucas@teacherspayteachers.com>
 Lucas Molas <lmolas@fundacionsadosky.org.ar>
+Lucas Silvestre <lukas.silvestre@gmail.com>
 Luciano Mores <leslau@gmail.com>
 Luis Martínez de Bartolomé Izquierdo <lmartinez@biicode.com>
 Luiz Svoboda <luizek@gmail.com>
+Lukas Heeren <lukas-heeren@hotmail.com>
 Lukas Waslowski <cr7pt0gr4ph7@gmail.com>
 lukaspustina <lukas.pustina@centerdevice.com>
 Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
@@ -1138,7 +1284,7 @@ Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 Mabin <bin.ma@huawei.com>
 Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
 Madhav Puri <madhav.puri@gmail.com>
-Madhu Venugopal <madhu@socketplane.io>
+Madhu Venugopal <mavenugo@gmail.com>
 Mageee <fangpuyi@foxmail.com>
 Mahesh Tiyyagura <tmahesh@gmail.com>
 malnick <malnick@gmail..com>
@@ -1171,11 +1317,13 @@ Marius Gundersen <me@mariusgundersen.net>
 Marius Sturm <marius@graylog.com>
 Marius Voila <marius.voila@gmail.com>
 Mark Allen <mrallen1@yahoo.com>
+Mark Jeromin <mark.jeromin@sysfrog.net>
 Mark McGranaghan <mmcgrana@gmail.com>
 Mark McKinstry <mmckinst@umich.edu>
 Mark Milstein <mark@epiloque.com>
 Mark Oates <fl0yd@me.com>
 Mark Parker <godefroi@users.noreply.github.com>
+Mark Vainomaa <mikroskeem@mikroskeem.eu>
 Mark West <markewest@gmail.com>
 Markan Patel <mpatel678@gmail.com>
 Marko Mikulicic <mmikulicic@gmail.com>
@@ -1189,6 +1337,7 @@ Martin Kelly <martin@surround.io>
 Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
 Martin Muzatko <martin@happy-css.com>
 Martin Redmond <redmond.martin@gmail.com>
+Maru Newby <mnewby@thesprawl.net>
 Mary Anthony <mary.anthony@docker.com>
 Masahito Zembutsu <zembutsu@users.noreply.github.com>
 Masato Ohba <over.rye@gmail.com>
@@ -1201,6 +1350,7 @@ Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
 Mathieu Parent <math.parent@gmail.com>
 Matt Apperson <me@mattapperson.com>
 Matt Bachmann <bachmann.matt@gmail.com>
+Matt Bajor <matt@notevenremotelydorky.com>
 Matt Bentley <matt.bentley@docker.com>
 Matt Haggard <haggardii@gmail.com>
 Matt Hoyle <matt@deployable.co>
@@ -1220,25 +1370,33 @@ Matthew Riley <mattdr@google.com>
 Matthias Klumpp <matthias@tenstral.net>
 Matthias Kühnle <git.nivoc@neverbox.com>
 Matthias Rampke <mr@soundcloud.com>
+Matthieu Fronton <m@tthieu.fr>
 Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
+Mattias Jernberg <nostrad@gmail.com>
 Mauricio Garavaglia <mauricio@medallia.com>
 mauriyouth <mauriyouth@gmail.com>
+Max Harmathy <max.harmathy@web.de>
 Max Shytikov <mshytikov@gmail.com>
+Max Timchenko <maxvt@pagerduty.com>
 Maxim Fedchyshyn <sevmax@gmail.com>
 Maxim Ivanov <ivanov.maxim@gmail.com>
 Maxim Kulkin <mkulkin@mirantis.com>
 Maxim Treskin <zerthurd@gmail.com>
 Maxime Petazzoni <max@signalfuse.com>
+Maximiliano Maccanti <maccanti@amazon.com>
+Maxwell <csuhp007@gmail.com>
 Meaglith Ma <genedna@gmail.com>
 meejah <meejah@meejah.ca>
 Megan Kostick <mkostick@us.ibm.com>
 Mehul Kar <mehul.kar@gmail.com>
 Mei ChunTao <mei.chuntao@zte.com.cn>
 Mengdi Gao <usrgdd@gmail.com>
+Menghui Chen <menghui.chen@alibaba-inc.com>
 Mert Yazıcıoğlu <merty@users.noreply.github.com>
 mgniu <mgniu@dataman-inc.com>
 Micah Zoltu <micah@newrelic.com>
 Michael A. Smith <michael@smith-li.com>
+Michael Beskin <mrbeskin@gmail.com>
 Michael Bridgen <mikeb@squaremobius.net>
 Michael Brown <michael@netdirect.ca>
 Michael Chiang <mchiang@docker.com>
@@ -1261,22 +1419,29 @@ Michael Stapelberg <michael+gh@stapelberg.de>
 Michael Steinert <mike.steinert@gmail.com>
 Michael Thies <michaelthies78@gmail.com>
 Michael West <mwest@mdsol.com>
+Michael Zhao <michael.zhao@arm.com>
 Michal Fojtik <mfojtik@redhat.com>
 Michal Gebauer <mishak@mishak.net>
 Michal Jemala <michal.jemala@gmail.com>
+Michal Kostrzewa <michal.kostrzewa@codilime.com>
 Michal Minář <miminar@redhat.com>
+Michal Rostecki <mrostecki@opensuse.org>
 Michal Wieczorek <wieczorek-michal@wp.pl>
 Michaël Pailloncy <mpapo.dev@gmail.com>
 Michał Czeraszkiewicz <czerasz@gmail.com>
 Michał Gryko <github@odkurzacz.org>
+Michał Kosek <mihao@users.noreply.github.com>
 Michiel de Jong <michiel@unhosted.org>
 Mickaël Fortunato <morsi.morsicus@gmail.com>
 Mickaël Remars <mickael@remars.com>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
 Miguel Morales <mimoralea@gmail.com>
+Miguel Perez <miguel@voyat.com>
 Mihai Borobocea <MihaiBorob@gmail.com>
 Mihuleacc Sergiu <mihuleac.sergiu@gmail.com>
+Mikael Davranche <mikael.davranche@corp.ovh.com>
 Mike Brown <brownwm@us.ibm.com>
+Mike Bush <mpbush@gmail.com>
 Mike Casas <mkcsas0@gmail.com>
 Mike Chelen <michael.chelen@gmail.com>
 Mike Danese <mikedanese@google.com>
@@ -1301,7 +1466,8 @@ Misty Stanley-Jones <misty@docker.com>
 Mitch Capper <mitch.capper@gmail.com>
 Mizuki Urushida <z11111001011@gmail.com>
 mlarcher <github@ringabell.org>
-Mohammad Banikazemi <mb@us.ibm.com>
+Mohammad Banikazemi <MBanikazemi@gmail.com>
+Mohammad Nasirifar <farnasirim@gmail.com>
 Mohammed Aaqib Ansari <maaquib@gmail.com>
 Mohit Soni <mosoni@ebay.com>
 Moorthy RS <rsmoorthy@gmail.com>
@@ -1314,6 +1480,7 @@ Moysés Borges <moysesb@gmail.com>
 mrfly <mr.wrfly@gmail.com>
 Mrunal Patel <mrunalp@gmail.com>
 Muayyad Alsadi <alsadi@gmail.com>
+Muhammad Zohaib Aslam <zohaibse011@gmail.com>
 Mustafa Akın <mustafa91@gmail.com>
 Muthukumar R <muthur@gmail.com>
 Máximo Cuadros <mcuadros@gmail.com>
@@ -1326,9 +1493,12 @@ Nan Monnand Deng <monnand@gmail.com>
 Naoki Orii <norii@cs.cmu.edu>
 Natalie Parker <nparker@omnifone.com>
 Natanael Copa <natanael.copa@docker.com>
+Natasha Jarus <linuxmercedes@gmail.com>
 Nate Brennand <nate.brennand@clever.com>
 Nate Eagleson <nate@nateeag.com>
 Nate Jones <nate@endot.org>
+Nathan Carlson <carl4403@umn.edu>
+Nathan Herald <me@nathanherald.com>
 Nathan Hsieh <hsieh.nathan@gmail.com>
 Nathan Kleyn <nathan@nathankleyn.com>
 Nathan LeClaire <nathan.leclaire@docker.com>
@@ -1343,6 +1513,7 @@ Neyazul Haque <nuhaque@gmail.com>
 Nghia Tran <nghia@google.com>
 Niall O'Higgins <niallo@unworkable.org>
 Nicholas E. Rabenau <nerab@gmx.at>
+Nick Adcock <nick.adcock@docker.com>
 Nick DeCoursin <n.decoursin@foodpanda.com>
 Nick Irvine <nfirvine@nfirvine.com>
 Nick Neisen <nwneisen@gmail.com>
@@ -1351,6 +1522,7 @@ Nick Payne <nick@kurai.co.uk>
 Nick Russo <nicholasjamesrusso@gmail.com>
 Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
 Nick Stinemates <nick@stinemates.org>
+Nick Wood <nwood@microsoft.com>
 NickrenREN <yuquan.ren@easystack.cn>
 Nicola Kabar <nicolaka@gmail.com>
 Nicolas Borboën <ponsfrilus@gmail.com>
@@ -1366,6 +1538,7 @@ Nik Nyby <nikolas@gnu.org>
 Nikhil Chawla <chawlanikhil24@gmail.com>
 NikolaMandic <mn080202@gmail.com>
 Nikolas Garofil <nikolas.garofil@uantwerpen.be>
+Nikolay Edigaryev <edigaryev@gmail.com>
 Nikolay Milovanov <nmil@itransformers.net>
 Nirmal Mehta <nirmalkmehta@gmail.com>
 Nishant Totla <nishanttotla@gmail.com>
@@ -1375,20 +1548,29 @@ Noah Treuhaft <noah.treuhaft@docker.com>
 NobodyOnSE <ich@sektor.selfip.com>
 noducks <onemannoducks@gmail.com>
 Nolan Darilek <nolan@thewordnerd.info>
+Noriki Nakamura <noriki.nakamura@miraclelinux.com>
 nponeccop <andy.melnikov@gmail.com>
+Nurahmadie <nurahmadie@gmail.com>
 Nuutti Kotivuori <naked@iki.fi>
 nzwsch <hi@nzwsch.com>
 O.S. Tezer <ostezer@gmail.com>
 objectified <objectified@gmail.com>
+Odin Ugedal <odin@ugedal.com>
 Oguz Bilgic <fisyonet@gmail.com>
 Oh Jinkyun <tintypemolly@gmail.com>
 Ohad Schneider <ohadschn@users.noreply.github.com>
 ohmystack <jun.jiang02@ele.me>
 Ole Reifschneider <mail@ole-reifschneider.de>
 Oliver Neal <ItsVeryWindy@users.noreply.github.com>
+Oliver Reason <oli@overrateddev.co>
 Olivier Gambier <dmp42@users.noreply.github.com>
 Olle Jonsson <olle.jonsson@gmail.com>
+Olli Janatuinen <olli.janatuinen@gmail.com>
+Olly Pomeroy <oppomeroy@gmail.com>
+Omri Shiv <Omri.Shiv@teradata.com>
+Onur Filiz <onur.filiz@microsoft.com>
 Oriol Francès <oriolfa@gmail.com>
+Oscar Bonilla <6f6231@gmail.com>
 Oskar Niburski <oskarniburski@gmail.com>
 Otto Kekäläinen <otto@seravo.fi>
 Ouyang Liduo <oyld0210@163.com>
@@ -1396,14 +1578,17 @@ Ovidio Mallo <ovidio.mallo@gmail.com>
 Panagiotis Moustafellos <pmoust@elastic.co>
 Paolo G. Giarrusso <p.giarrusso@gmail.com>
 Pascal <pascalgn@users.noreply.github.com>
+Pascal Bach <pascal.bach@siemens.com>
 Pascal Borreli <pascal@borreli.com>
 Pascal Hartig <phartig@rdrei.net>
 Patrick Böänziger <patrick.baenziger@bsi-software.com>
 Patrick Devine <patrick.devine@docker.com>
+Patrick Haas <patrickhaas@google.com>
 Patrick Hemmer <patrick.hemmer@gmail.com>
 Patrick Stapleton <github@gdi2290.com>
 Patrik Cyvoct <patrik@ptrk.io>
 pattichen <craftsbear@gmail.com>
+Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
 Paul <paul9869@gmail.com>
 paul <paul@inkling.com>
 Paul Annesley <paul@annesley.cc>
@@ -1418,8 +1603,10 @@ Paul Liljenberg <liljenberg.paul@gmail.com>
 Paul Morie <pmorie@gmail.com>
 Paul Nasrat <pnasrat@gmail.com>
 Paul Weaver <pauweave@cisco.com>
+Paulo Gomes <pjbgf@linux.com>
 Paulo Ribeiro <paigr.io@gmail.com>
 Pavel Lobashov <ShockwaveNN@gmail.com>
+Pavel Matěja <pavel@verotel.cz>
 Pavel Pletenev <cpp.create@gmail.com>
 Pavel Pospisil <pospispa@gmail.com>
 Pavel Sutyrin <pavel.sutyrin@gmail.com>
@@ -1443,11 +1630,13 @@ Peter Edge <peter.edge@gmail.com>
 Peter Ericson <pdericson@gmail.com>
 Peter Esbensen <pkesbensen@gmail.com>
 Peter Jaffe <pjaffe@nevo.com>
+Peter Kang <peter@spell.run>
 Peter Malmgren <ptmalmgren@gmail.com>
 Peter Salvatore <peter@psftw.com>
 Peter Volpe <petervo@redhat.com>
 Peter Waller <p@pwaller.net>
 Petr Švihlík <svihlik.petr@gmail.com>
+Petros Angelatos <petrosagg@gmail.com>
 Phil <underscorephil@gmail.com>
 Phil Estes <estesp@linux.vnet.ibm.com>
 Phil Spitler <pspitler@gmail.com>
@@ -1466,26 +1655,31 @@ Pierre Dal-Pra <dalpra.pierre@gmail.com>
 Pierre Wacrenier <pierre.wacrenier@gmail.com>
 Pierre-Alain RIVIERE <pariviere@ippon.fr>
 Piotr Bogdan <ppbogdan@gmail.com>
-pixelistik <pixelistik@users.noreply.github.com>
+Piotr Karbowski <piotr.karbowski@protonmail.ch>
 Porjo <porjo38@yahoo.com.au>
 Poul Kjeldager Sørensen <pks@s-innovations.net>
 Pradeep Chhetri <pradeep@indix.com>
 Pradip Dhara <pradipd@microsoft.com>
+Pradipta Kr. Banerjee <bpradip@in.ibm.com>
 Prasanna Gautam <prasannagautam@gmail.com>
 Pratik Karki <prertik@outlook.com>
 Prayag Verma <prayag.verma@gmail.com>
 Priya Wadhwa <priyawadhwa@google.com>
 Projjol Banerji <probaner23@gmail.com>
 Przemek Hejman <przemyslaw.hejman@gmail.com>
+Puneet Pruthi <puneet.pruthi@oracle.com>
 Pure White <daniel48@126.com>
 pysqz <randomq@126.com>
 Qiang Huang <h.huangqiang@huawei.com>
+Qin TianHuan <tianhuan@bingotree.cn>
 Qinglan Peng <qinglanpeng@zju.edu.cn>
+Quan Tian <tianquan@cloudin.cn>
 qudongfang <qudongfang@gmail.com>
 Quentin Brossard <qbrossard@gmail.com>
 Quentin Perez <qperez@ocs.online.net>
 Quentin Tayssier <qtayssier@gmail.com>
 r0n22 <cameron.regan@gmail.com>
+Radostin Stoyanov <rstoyanov1@gmail.com>
 Rafal Jeczalik <rjeczalik@gmail.com>
 Rafe Colton <rafael.colton@gmail.com>
 Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
@@ -1499,8 +1693,10 @@ Ralph Bean <rbean@redhat.com>
 Ramkumar Ramachandra <artagnon@gmail.com>
 Ramon Brooker <rbrooker@aetherealmind.com>
 Ramon van Alteren <ramon@vanalteren.nl>
+RaviTeja Pothana <ravi-teja@live.com>
 Ray Tsang <rayt@google.com>
 ReadmeCritic <frankensteinbot@gmail.com>
+realityone <realityone@me.com>
 Recursive Madman <recursive.madman@gmx.de>
 Reficul <xuzhenglun@gmail.com>
 Regan McCooey <rmccooey27@aol.com>
@@ -1528,6 +1724,8 @@ Riku Voipio <riku.voipio@linaro.org>
 Riley Guerin <rileytg.dev@gmail.com>
 Ritesh H Shukla <sritesh@vmware.com>
 Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
+Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
+Rob Gulewich <rgulewich@netflix.com>
 Rob Vesse <rvesse@dotnetrdf.org>
 Robert Bachmann <rb@robertbachmann.at>
 Robert Bittle <guywithnose@gmail.com>
@@ -1536,11 +1734,13 @@ Robert Schneider <mail@shakeme.info>
 Robert Stern <lexandro2000@gmail.com>
 Robert Terhaar <rterhaar@atlanticdynamic.com>
 Robert Wallis <smilingrob@gmail.com>
+Robert Wang <robert@arctic.tw>
 Roberto G. Hashioka <roberto.hashioka@docker.com>
 Roberto Muñoz Fernández <robertomf@gmail.com>
 Robin Naundorf <r.naundorf@fh-muenster.de>
 Robin Schneider <ypid@riseup.net>
 Robin Speekenbrink <robin@kingsquare.nl>
+Robin Thoni <robin@rthoni.com>
 robpc <rpcann@gmail.com>
 Rodolfo Carvalho <rhcarvalho@gmail.com>
 Rodrigo Vaz <rodrigo.vaz@gmail.com>
@@ -1548,15 +1748,21 @@ Roel Van Nyen <roel.vannyen@gmail.com>
 Roger Peppe <rogpeppe@gmail.com>
 Rohit Jnagal <jnagal@google.com>
 Rohit Kadam <rohit.d.kadam@gmail.com>
+Rohit Kapur <rkapur@flatiron.com>
 Rojin George <rojingeorge@huawei.com>
 Roland Huß <roland@jolokia.org>
 Roland Kammerer <roland.kammerer@linbit.com>
 Roland Moriz <rmoriz@users.noreply.github.com>
 Roma Sokolov <sokolov.r.v@gmail.com>
 Roman Dudin <katrmr@gmail.com>
+Roman Mazur <roman@balena.io>
 Roman Strashkin <roman.strashkin@gmail.com>
 Ron Smits <ron.smits@gmail.com>
 Ron Williams <ron.a.williams@gmail.com>
+Rong Gao <gaoronggood@163.com>
+Rong Zhang <rongzhang@alauda.io>
+Rongxiang Song <tinysong1226@gmail.com>
+Rony Weng <ronyweng@synology.com>
 root <docker-dummy@example.com>
 root <root@lxdebmas.marist.edu>
 root <root@ubuntu-14.04-amd64-vbox>
@@ -1568,13 +1774,16 @@ Rovanion Luckey <rovanion.luckey@gmail.com>
 Royce Remer <royceremer@gmail.com>
 Rozhnov Alexandr <nox73@ya.ru>
 Rudolph Gottesheim <r.gottesheim@loot.at>
+Rui Cao <ruicao@alauda.io>
 Rui Lopes <rgl@ruilopes.com>
+Ruilin Li <liruilin4@huawei.com>
 Runshen Zhu <runshen.zhu@gmail.com>
 Russ Magee <rmagee@gmail.com>
 Ryan Abrams <rdabrams@gmail.com>
 Ryan Anderson <anderson.ryanc@gmail.com>
 Ryan Aslett <github@mixologic.com>
 Ryan Belgrave <rmb1993@gmail.com>
+Ryan Campbell <campbellr@gmail.com>
 Ryan Detzel <ryan.detzel@gmail.com>
 Ryan Fowler <rwfowler@gmail.com>
 Ryan Liu <ryanlyy@me.com>
@@ -1589,6 +1798,8 @@ Ryan Wallner <ryan.wallner@clusterhq.com>
 Ryan Zhang <ryan.zhang@docker.com>
 ryancooper7 <ryan.cooper7@gmail.com>
 RyanDeng <sheldon.d1018@gmail.com>
+Ryo Nakao <nakabonne@gmail.com>
+Ryoga Saito <contact@proelbtn.com>
 Rémy Greinhofer <remy.greinhofer@livelovely.com>
 s. rannou <mxs@sbrk.org>
 s00318865 <sunyuan3@huawei.com>
@@ -1606,6 +1817,7 @@ Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
 Sam Neirinck <sam@samneirinck.com>
 Sam Reis <sreis@atlassian.com>
 Sam Rijs <srijs@airpost.net>
+Sam Whited <sam@samwhited.com>
 Sambuddha Basu <sambuddhabasu1@gmail.com>
 Sami Wagiaalla <swagiaal@redhat.com>
 Samuel Andaya <samuel@andaya.net>
@@ -1619,12 +1831,15 @@ Santhosh Manohar <santhosh@docker.com>
 sapphiredev <se.imas.kr@gmail.com>
 Sargun Dhillon <sargun@netflix.com>
 Sascha Andres <sascha.andres@outlook.com>
+Sascha Grunert <sgrunert@suse.com>
+SataQiu <qiushida@beyondcent.com>
 Satnam Singh <satnam@raintown.org>
 Satoshi Amemiya <satoshi_amemiya@voyagegroup.com>
 Satoshi Tagomori <tagomoris@gmail.com>
 Scott Bessler <scottbessler@gmail.com>
 Scott Collier <emailscottcollier@gmail.com>
 Scott Johnston <scott@docker.com>
+Scott Percival <scottp@lastyard.com>
 Scott Stamp <scottstamp851@gmail.com>
 Scott Walls <sawalls@umich.edu>
 sdreyesg <sdreyesg@gmail.com>
@@ -1637,6 +1852,8 @@ Sean P. Kane <skane@newrelic.com>
 Sean Rodman <srodman7689@gmail.com>
 Sebastiaan van Steenis <mail@superseb.nl>
 Sebastiaan van Stijn <github@gone.nl>
+Sebastian Radloff <sradloff23@gmail.com>
+Sebastien Goasguen <runseb@gmail.com>
 Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
 Senthil Kumaran <senthil@uthcode.com>
 SeongJae Park <sj38.park@gmail.com>
@@ -1645,6 +1862,7 @@ Serge Hallyn <serge.hallyn@ubuntu.com>
 Sergey Alekseev <sergey.alekseev.minsk@gmail.com>
 Sergey Evstifeev <sergey.evstifeev@gmail.com>
 Sergii Kabashniuk <skabashnyuk@codenvy.com>
+Sergio Lopez <slp@redhat.com>
 Serhat Gülçiçek <serhat25@gmail.com>
 SeungUkLee <lsy931106@gmail.com>
 Sevki Hasirci <s@sevki.org>
@@ -1655,10 +1873,12 @@ shaunol <shaunol@gmail.com>
 Shawn Landden <shawn@churchofgit.com>
 Shawn Siefkas <shawn.siefkas@meredith.com>
 shawnhe <shawnhe@shawnhedeMacBook-Pro.local>
+Shayan Pooya <shayan@liveve.org>
 Shayne Wang <shaynexwang@gmail.com>
 Shekhar Gulati <shekhargulati84@gmail.com>
 Sheng Yang <sheng@yasker.org>
 Shengbo Song <thomassong@tencent.com>
+Shengjing Zhu <zhsj@debian.org>
 Shev Yan <yandong_8212@163.com>
 Shih-Yuan Lee <fourdollars@gmail.com>
 Shijiang Wei <mountkin@gmail.com>
@@ -1666,15 +1886,19 @@ Shijun Qin <qinshijun16@mails.ucas.ac.cn>
 Shishir Mahajan <shishir.mahajan@redhat.com>
 Shoubhik Bose <sbose78@gmail.com>
 Shourya Sarcar <shourya.sarcar@gmail.com>
+Shu-Wai Chow <shu-wai.chow@seattlechildrens.org>
 shuai-z <zs.broccoli@gmail.com>
 Shukui Yang <yangshukui@huawei.com>
 Shuwei Hao <haosw@cn.ibm.com>
 Sian Lerk Lau <kiawin@gmail.com>
+Siarhei Rasiukevich <s_rasiukevich@wargaming.net>
 Sidhartha Mani <sidharthamn@gmail.com>
 sidharthamani <sid@rancher.com>
 Silas Sewell <silas@sewell.org>
 Silvan Jegen <s.jegen@gmail.com>
+Simão Reis <smnrsti@gmail.com>
 Simei He <hesimei@zju.edu.cn>
+Simon Barendse <simon.barendse@gmail.com>
 Simon Eskildsen <sirup@sirupsen.com>
 Simon Ferquel <simon.ferquel@docker.com>
 Simon Leinen <simon.leinen@gmail.com>
@@ -1683,29 +1907,36 @@ Simon Taranto <simon.taranto@gmail.com>
 Simon Vikstrom <pullreq@devsn.se>
 Sindhu S <sindhus@live.in>
 Sjoerd Langkemper <sjoerd-github@linuxonly.nl>
+skanehira <sho19921005@gmail.com>
+Smark Meng <smark@freecoop.net>
 Solganik Alexander <solganik@gmail.com>
 Solomon Hykes <solomon@docker.com>
 Song Gao <song@gao.io>
 Soshi Katsuta <soshi.katsuta@gmail.com>
+Sotiris Salloumis <sotiris.salloumis@gmail.com>
 Soulou <leo@unbekandt.eu>
 Spencer Brown <spencer@spencerbrown.org>
 Spencer Smith <robertspencersmith@gmail.com>
+Spike Curtis <spike.curtis@metaswitch.com>
 Sridatta Thatipamala <sthatipamala@gmail.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Srini Brahmaroutu <srbrahma@us.ibm.com>
 Srinivasan Srivatsan <srinivasan.srivatsan@hpe.com>
+Staf Wagemakers <staf@wagemakers.be>
 Stanislav Bondarenko <stanislav.bondarenko@gmail.com>
+Stanislav Levin <slev@altlinux.org>
 Steeve Morin <steeve.morin@gmail.com>
 Stefan Berger <stefanb@linux.vnet.ibm.com>
 Stefan J. Wernli <swernli@microsoft.com>
 Stefan Praszalowicz <stefan@greplin.com>
 Stefan S. <tronicum@user.github.com>
-Stefan Scherer <scherer_stefan@icloud.com>
+Stefan Scherer <stefan.scherer@docker.com>
 Stefan Staudenmeyer <doerte@instana.com>
 Stefan Weil <sw@weilnetz.de>
 Stephan Spindler <shutefan@gmail.com>
+Stephen Benjamin <stephen@redhat.com>
 Stephen Crosby <stevecrozz@gmail.com>
-Stephen Day <stephen.day@docker.com>
+Stephen Day <stevvooe@gmail.com>
 Stephen Drake <stephen@xenolith.net>
 Stephen Rust <srust@blockbridge.com>
 Steve Desmond <steve@vtsv.ca>
@@ -1720,10 +1951,13 @@ Steven Iveson <sjiveson@outlook.com>
 Steven Merrill <steven.merrill@gmail.com>
 Steven Richards <steven@axiomzen.co>
 Steven Taylor <steven.taylor@me.com>
+Stig Larsson <stig@larsson.dev>
+Su Wang <su.wang@docker.com>
 Subhajit Ghosh <isubuz.g@gmail.com>
 Sujith Haridasan <sujith.h@gmail.com>
 Sun Gengze <690388648@qq.com>
 Sun Jianbo <wonderflow.sun@gmail.com>
+Sune Keller <sune.keller@gmail.com>
 Sunny Gogoi <indiasuny000@gmail.com>
 Suryakumar Sudar <surya.trunks@gmail.com>
 Sven Dowideit <SvenDowideit@home.org.au>
@@ -1747,16 +1981,19 @@ Ted M. Young <tedyoung@gmail.com>
 Tehmasp Chaudhri <tehmasp@gmail.com>
 Tejaswini Duggaraju <naduggar@microsoft.com>
 Tejesh Mehta <tejesh.mehta@gmail.com>
+Terry Chu <zue.hterry@gmail.com>
 terryding77 <550147740@qq.com>
 tgic <farmer1992@gmail.com>
 Thatcher Peskens <thatcher@docker.com>
 theadactyl <thea.lamkin@gmail.com>
 Thell 'Bo' Fowler <thell@tbfowler.name>
 Thermionix <bond711@gmail.com>
+Thiago Alves Silva <thiago.alves@aurea.com>
 Thijs Terlouw <thijsterlouw@gmail.com>
 Thomas Bikeev <thomas.bikeev@mac.com>
 Thomas Frössman <thomasf@jossystem.se>
 Thomas Gazagnaire <thomas@gazagnaire.org>
+Thomas Graf <tgraf@suug.ch>
 Thomas Grainger <tagrain@gmail.com>
 Thomas Hansen <thomas.hansen@gmail.com>
 Thomas Leonard <thomas.leonard@docker.com>
@@ -1774,6 +2011,9 @@ Tianyi Wang <capkurmagati@gmail.com>
 Tibor Vass <teabee89@gmail.com>
 Tiffany Jernigan <tiffany.f.j@gmail.com>
 Tiffany Low <tiffany@box.com>
+Till Claassen <pixelistik@users.noreply.github.com>
+Till Wegmüller <toasterson@gmail.com>
+Tim <elatllat@gmail.com>
 Tim Bart <tim@fewagainstmany.com>
 Tim Bosse <taim@bosboot.org>
 Tim Dettrick <t.dettrick@uq.edu.au>
@@ -1783,11 +2023,14 @@ Tim Potter <tpot@hpe.com>
 Tim Ruffles <oi@truffles.me.uk>
 Tim Smith <timbot@google.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
+Tim Wagner <tim.wagner@freenet.ag>
 Tim Wang <timwangdev@gmail.com>
 Tim Waugh <twaugh@redhat.com>
 Tim Wraight <tim.wraight@tangentlabs.co.uk>
 Tim Zju <21651152@zju.edu.cn>
+timchenxiaoyu <837829664@qq.com>
 timfeirg <kkcocogogo@gmail.com>
+Timo Rothenpieler <timo@rothenpieler.org>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 tjwebb123 <tjwebb123@users.noreply.github.com>
 tobe <tobegit3hub@gmail.com>
@@ -1796,6 +2039,7 @@ Tobias Bradtke <webwurst@gmail.com>
 Tobias Gesellchen <tobias@gesellix.de>
 Tobias Klauser <tklauser@distanz.ch>
 Tobias Munk <schmunk@usrbin.de>
+Tobias Pfandzelter <tobias@pfandzelter.com>
 Tobias Schmidt <ts@soundcloud.com>
 Tobias Schwab <tobias.schwab@dynport.de>
 Todd Crane <todd@toddcrane.com>
@@ -1809,14 +2053,19 @@ Tom Fotherby <tom+github@peopleperhour.com>
 Tom Howe <tom.howe@enstratius.com>
 Tom Hulihan <hulihan.tom159@gmail.com>
 Tom Maaswinkel <tom.maaswinkel@12wiki.eu>
+Tom Parker <palfrey@tevp.net>
 Tom Sweeney <tsweeney@redhat.com>
 Tom Wilkie <tom.wilkie@gmail.com>
 Tom X. Tobin <tomxtobin@tomxtobin.com>
+Tom Zhao <zlwangel@gmail.com>
+Tomas Janousek <tomi@nomi.cz>
+Tomas Kral <tomas.kral@gmail.com>
 Tomas Tomecek <ttomecek@redhat.com>
 Tomasz Kopczynski <tomek@kopczynski.net.pl>
 Tomasz Lipinski <tlipinski@users.noreply.github.com>
 Tomasz Nurkiewicz <nurkiewicz@gmail.com>
 Tommaso Visconti <tommaso.visconti@gmail.com>
+Tomoya Tabuchi <t@tomoyat1.com>
 Tomáš Hrčka <thrcka@redhat.com>
 Tonny Xu <tonny.xu@gmail.com>
 Tony Abboud <tdabboud@hotmail.com>
@@ -1824,10 +2073,11 @@ Tony Daws <tony@daws.ca>
 Tony Miller <mcfiredrill@gmail.com>
 toogley <toogley@mailbox.org>
 Torstein Husebø <torstein@huseboe.net>
+Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
 Tõnis Tiigi <tonistiigi@gmail.com>
-tpng <benny.tpng@gmail.com>
+Trace Andreason <tandreason@gmail.com>
 tracylihui <793912329@qq.com>
-Trapier Marshall <trapier.marshall@docker.com>
+Trapier Marshall <tmarshall@mirantis.com>
 Travis Cline <travis.cline@gmail.com>
 Travis Thieman <travis.thieman@gmail.com>
 Trent Ogren <tedwardo2@gmail.com>
@@ -1837,6 +2087,7 @@ Trevor Sullivan <pcgeek86@gmail.com>
 Trishna Guha <trishnaguha17@gmail.com>
 Tristan Carel <tristan@cogniteev.com>
 Troy Denton <trdenton@gmail.com>
+Ty Alexander <ty.alexander@sendgrid.com>
 Tycho Andersen <tycho@docker.com>
 Tyler Brock <tyler.brock@gmail.com>
 Tyler Brown <tylers.pile@gmail.com>
@@ -1847,7 +2098,9 @@ Umesh Yadav <umesh4257@gmail.com>
 Utz Bacher <utz.bacher@de.ibm.com>
 vagrant <vagrant@ubuntu-14.04-amd64-vbox>
 Vaidas Jablonskis <jablonskis@gmail.com>
+Valentin Kulesh <valentin.kulesh@virtuozzo.com>
 vanderliang <lansheng@meili-inc.com>
+Velko Ivanov <vivanov@deeperplane.com>
 Veres Lajos <vlajos@gmail.com>
 Victor Algaze <valgaze@gmail.com>
 Victor Coisne <victor.coisne@dotcloud.com>
@@ -1859,11 +2112,14 @@ Victor Palma <palma.victor@gmail.com>
 Victor Vieux <victor.vieux@docker.com>
 Victoria Bialas <victoria.bialas@docker.com>
 Vijaya Kumar K <vijayak@caviumnetworks.com>
+Vikas Choudhary <choudharyvikas16@gmail.com>
+Vikram bir Singh <vsingh@mirantis.com>
 Viktor Stanchev <me@viktorstanchev.com>
 Viktor Vojnovski <viktor.vojnovski@amadeus.com>
 VinayRaghavanKS <raghavan.vinay@gmail.com>
 Vincent Batts <vbatts@redhat.com>
 Vincent Bernat <Vincent.Bernat@exoscale.ch>
+Vincent Boulineau <vincent.boulineau@datadoghq.com>
 Vincent Demeester <vincent.demeester@docker.com>
 Vincent Giersch <vincent.giersch@ovh.net>
 Vincent Mayers <vincent.mayers@inbloom.org>
@@ -1882,6 +2138,7 @@ Vladimir Pouzanov <farcaller@google.com>
 Vladimir Rutsky <altsysrq@gmail.com>
 Vladimir Varankin <nek.narqo+git@gmail.com>
 VladimirAus <v_roudakov@yahoo.com>
+Vladislav Kolesnikov <vkolesnikov@beget.ru>
 Vlastimil Zeman <vlastimil.zeman@diffblue.com>
 Vojtech Vitek (V-Teq) <vvitek@redhat.com>
 waitingkuo <waitingkuo0527@gmail.com>
@@ -1894,12 +2151,16 @@ Wang Long <long.wanglong@huawei.com>
 Wang Ping <present.wp@icloud.com>
 Wang Xing <hzwangxing@corp.netease.com>
 Wang Yuexiao <wang.yuexiao@zte.com.cn>
+Wang Yumu <37442693@qq.com>
+wanghuaiqing <wanghuaiqing@loongson.cn>
 Ward Vandewege <ward@jhvc.com>
 WarheadsSE <max@warheads.net>
 Wassim Dhif <wassimdhif@gmail.com>
+Wataru Ishida <ishida.wataru@lab.ntt.co.jp>
 Wayne Chang <wayne@neverfear.org>
 Wayne Song <wsong@docker.com>
 Weerasak Chongnguluam <singpor@gmail.com>
+Wei Fu <fuweid89@gmail.com>
 Wei Wu <wuwei4455@gmail.com>
 Wei-Ting Kuo <waitingkuo0527@gmail.com>
 weipeng <weipeng@tuscloud.io>
@@ -1909,12 +2170,14 @@ Wen Cheng Ma <wenchma@cn.ibm.com>
 Wendel Fleming <wfleming@usc.edu>
 Wenjun Tang <tangwj2@lenovo.com>
 Wenkai Yin <yinw@vmware.com>
+wenlxie <wenlxie@ebay.com>
 Wentao Zhang <zhangwentao234@huawei.com>
 Wenxuan Zhao <viz@linux.com>
 Wenyu You <21551128@zju.edu.cn>
 Wenzhi Liang <wenzhi.liang@gmail.com>
 Wes Morgan <cap10morgan@gmail.com>
 Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
+Wiktor Kwapisiewicz <wiktor@metacode.biz>
 Will Dietz <w@wdtz.org>
 Will Rouesnel <w.rouesnel@gmail.com>
 Will Weaver <monkey@buildingbananas.com>
@@ -1925,18 +2188,32 @@ William Hubbs <w.d.hubbs@gmail.com>
 William Martin <wmartin@pivotal.io>
 William Riancho <wr.wllm@gmail.com>
 William Thurston <thurstw@amazon.com>
+Wilson Júnior <wilsonpjunior@gmail.com>
+Wing-Kam Wong <wingkwong.code@gmail.com>
 WiseTrem <shepelyov.g@gmail.com>
+Wolfgang Nagele <mail@wnagele.com>
 Wolfgang Powisch <powo@powo.priv.at>
 Wonjun Kim <wonjun.kim@navercorp.com>
+WuLonghui <wlh6666@qq.com>
 xamyzhao <x.amy.zhao@gmail.com>
+Xian Chaobo <xianchaobo@huawei.com>
 Xianglin Gao <xlgao@zju.edu.cn>
+Xianjie <guxianjie@gmail.com>
 Xianlu Bird <xianlubird@gmail.com>
+Xiao YongBiao <xyb4638@gmail.com>
+Xiao Zhang <xiaozhang0210@hotmail.com>
 XiaoBing Jiang <s7v7nislands@gmail.com>
+Xiaodong Liu <liuxiaodong@loongson.cn>
+Xiaodong Zhang <a4012017@sina.com>
+Xiaohua Ding <xiao_hua_ding@sina.cn>
+Xiaoxi He <xxhe@alauda.io>
 Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
 Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
+xichengliudui <1693291525@qq.com>
 xiekeyang <xiekeyang@huawei.com>
 Ximo Guanter Gonzálbez <joaquin.guantergonzalbez@telefonica.com>
 Xinbo Weng <xihuanbo_0521@zju.edu.cn>
+Xinfeng Liu <xinfeng.liu@gmail.com>
 Xinzi Zhou <imdreamrunner@gmail.com>
 Xiuming Chen <cc@cxm.cc>
 Xuecong Liao <satorulogic@gmail.com>
@@ -1946,11 +2223,14 @@ Yahya <ya7yaz@gmail.com>
 YAMADA Tsuyoshi <tyamada@minimum2scp.org>
 Yamasaki Masahide <masahide.y@gmail.com>
 Yan Feng <yanfeng2@huawei.com>
+Yan Zhu <yanzhu@alauda.io>
 Yang Bai <hamo.by@gmail.com>
+Yang Li <idealhack@gmail.com>
 Yang Pengfei <yangpengfei4@huawei.com>
 yangchenliang <yangchenliang@huawei.com>
 Yanqiang Miao <miao.yanqiang@zte.com.cn>
 Yao Zaiyong <yaozaiyong@hotmail.com>
+Yash Murty <yashmurty@gmail.com>
 Yassine Tijani <yasstij11@gmail.com>
 Yasunori Mahata <nori@mahata.net>
 Yazhong Liu <yorkiefixer@gmail.com>
@@ -1961,9 +2241,11 @@ Yihang Ho <hoyihang5@gmail.com>
 Ying Li <ying.li@docker.com>
 Yohei Ueda <yohei@jp.ibm.com>
 Yong Tang <yong.tang.github@outlook.com>
+Yongxin Li <yxli@alauda.io>
 Yongzhi Pan <panyongzhi@gmail.com>
 Yosef Fertel <yfertel@gmail.com>
 You-Sheng Yang (楊有勝) <vicamo@gmail.com>
+youcai <omegacoleman@gmail.com>
 Youcef YEKHLEF <yyekhlef@gmail.com>
 Yu Changchun <yuchangchun1@huawei.com>
 Yu Chengxia <yuchengxia@huawei.com>
@@ -1971,13 +2253,18 @@ Yu Peng <yu.peng36@zte.com.cn>
 Yu-Ju Hong <yjhong@google.com>
 Yuan Sun <sunyuan3@huawei.com>
 Yuanhong Peng <pengyuanhong@huawei.com>
+Yue Zhang <zy675793960@yeah.net>
 Yuhao Fang <fangyuhao@gmail.com>
 Yuichiro Kaneko <spiketeika@gmail.com>
+YujiOshima <yuji.oshima0x3fd@gmail.com>
 Yunxiang Huang <hyxqshk@vip.qq.com>
 Yurii Rashkovskii <yrashk@gmail.com>
+Yusuf Tarık Günaydın <yusuf_tarik@hotmail.com>
+Yves Blusseau <90z7oey02@sneakemail.com>
 Yves Junqueira <yves.junqueira@gmail.com>
 Zac Dover <zdover@redhat.com>
 Zach Borboa <zachborboa@gmail.com>
+Zach Gershman <zachgersh@gmail.com>
 Zachary Jaffee <zjaffee@us.ibm.com>
 Zain Memon <zain@inzain.net>
 Zaiste! <oh@zaiste.net>
@@ -1991,11 +2278,16 @@ ZhangHang <stevezhang2014@gmail.com>
 zhangxianwei <xianwei.zw@alibaba-inc.com>
 Zhenan Ye <21551168@zju.edu.cn>
 zhenghenghuo <zhenghenghuo@zju.edu.cn>
+Zhenhai Gao <gaozh1988@live.com>
 Zhenkun Bi <bi.zhenkun@zte.com.cn>
+ZhiPeng Lu <lu.zhipeng@zte.com.cn>
+zhipengzuo <zuozhipeng@baidu.com>
 Zhou Hao <zhouhao@cn.fujitsu.com>
+Zhoulin Xie <zhoulin.xie@daocloud.io>
 Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
 Zhu Kunjia <zhu.kunjia@zte.com.cn>
 Zhuoyun Wei <wzyboy@wzyboy.org>
+Ziheng Liu <lzhfromustc@gmail.com>
 Zilin Du <zilin.du@gmail.com>
 zimbatm <zimbatm@zimbatm.com>
 Ziming Dong <bnudzm@foxmail.com>
@@ -2004,13 +2296,15 @@ zmarouf <zeid.marouf@gmail.com>
 Zoltan Tombol <zoltan.tombol@gmail.com>
 Zou Yu <zouyu7@huawei.com>
 zqh <zqhxuyuan@gmail.com>
-Zuhayr Elahi <elahi.zuhayr@gmail.com>
+Zuhayr Elahi <zuhayr.elahi@docker.com>
 Zunayed Ali <zunayed@gmail.com>
 Álex González <agonzalezro@gmail.com>
 Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 Átila Camurça Alves <camurca.home@gmail.com>
 尹吉峰 <jifeng.yin@gmail.com>
+屈骏 <qujun@tiduyun.com>
 徐俊杰 <paco.xu@daocloud.io>
 慕陶 <jihui.xjh@alibaba-inc.com>
 搏通 <yufeng.pyf@alibaba-inc.com>
 黄艳红00139573 <huang.yanhong@zte.com.cn>
+정재영 <jjy600901@gmail.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 83fb9f4f090b8..8ae5f5493768b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -157,7 +157,7 @@ be found.
 + Ensure iptables initialization only happens once [docker/libnetwork#1676](https://github.com/docker/libnetwork/pull/1676)
 * Fix bad order of iptables filter rules [docker/libnetwork#961](https://github.com/docker/libnetwork/pull/961)
 + Add anonymous container alias to service record on attachable network [docker/libnetwork#1651](https://github.com/docker/libnetwork/pull/1651)
-+ Support for `com.docker.network.container_interface_prefix` driver label [docker/libnetwork#1667](https://github.com/docker/libnetwork/pull/1667)
++ Support for `com.docker.network.container_iface_prefix` driver label [docker/libnetwork#1667](https://github.com/docker/libnetwork/pull/1667)
 + Improve network list performance by omitting network details that are not used [#30673](https://github.com/docker/docker/pull/30673)
 
 ### Runtime
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index daefdadaed77c..c47cecb626357 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -27,10 +27,10 @@ issue, please bring it to their attention right away!
 Please **DO NOT** file a public issue, instead send your report privately to
 [security@docker.com](mailto:security@docker.com).
 
-Security reports are greatly appreciated and we will publicly thank you for it.
-We also like to send gifts&mdash;if you're into schwag, make sure to let
-us know. We currently do not offer a paid security bounty program, but are not
-ruling it out in the future.
+Security reports are greatly appreciated and we will publicly thank you for it,
+although we keep your name confidential if you request it. We also like to send
+gifts&mdash;if you're into schwag, make sure to let us know. We currently do not
+offer a paid security bounty program, but are not ruling it out in the future.
 
 
 ## Reporting other issues
diff --git a/Dockerfile b/Dockerfile
index aac99c5090fe7..5cbbfc61fbdf3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,172 +1,269 @@
-# This file describes the standard way to build Docker, using docker
-#
-# Usage:
-#
-# # Use make to build a development environment image and run it in a container.
-# # This is slow the first time.
-# make BIND_DIR=. shell
-#
-# The following commands are executed inside the running container.
+# syntax=docker/dockerfile:1.3
 
-# # Make a dockerd binary.
-# # hack/make.sh binary
-#
-# # Install dockerd to /usr/local/bin
-# # make install
-#
-# # Run unit tests
-# # hack/test/unit
-#
-# # Run tests e.g. integration, py
-# # hack/make.sh binary test-integration test-docker-py
-#
-# Note: AppArmor used to mess with privileged mode, but this is no longer
-# the case. Therefore, you don't have to disable it anymore.
-#
+ARG CROSS="false"
+ARG SYSTEMD="false"
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ARG GO_VERSION=1.17.4
+ARG DEBIAN_FRONTEND=noninteractive
+ARG VPNKIT_VERSION=0.5.0
+ARG DOCKER_BUILDTAGS="apparmor seccomp"
+
+ARG BASE_DEBIAN_DISTRO="bullseye"
+ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
 
-FROM golang:1.11.1 AS base
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+FROM ${GOLANG_IMAGE} AS base
+RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+ARG APT_MIRROR
+RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
+ && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list
+ENV GO111MODULE=off
 
 FROM base AS criu
-# Install CRIU for checkpoint/restore support
-ENV CRIU_VERSION 3.6
-# Install dependency packages specific to criu
-RUN apt-get update && apt-get install -y \
-	libnet-dev \
-	libprotobuf-c0-dev \
-	libprotobuf-dev \
-	libnl-3-dev \
-	libcap-dev \
-	protobuf-compiler \
-	protobuf-c-compiler \
-	python-protobuf \
-	&& mkdir -p /usr/src/criu \
-	&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
-	&& cd /usr/src/criu \
-	&& make \
-	&& make PREFIX=/build/ install-criu
+ARG DEBIAN_FRONTEND
+ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
+RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
+        echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \
+        && apt-get update \
+        && apt-get install -y --no-install-recommends criu \
+        && install -D /usr/sbin/criu /build/criu
 
 FROM base AS registry
-# Install two versions of the registry. The first is an older version that
-# only supports schema1 manifests. The second is a newer version that supports
-# both. This allows integration-cli tests to cover push/pull with both schema1
-# and schema2 manifests.
-ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
-ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& case $(dpkg --print-architecture) in \
-		amd64|ppc64*|s390x) \
-		(cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1"); \
-		GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
-			go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
-		;; \
-	   esac \
-	&& rm -rf "$GOPATH"
-
-
-
-FROM base AS docker-py
-# Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT 8b246db271a85d6541dc458838627e89c683e42f
-RUN git clone https://github.com/docker/docker-py.git /build \
-	&& cd /build \
-	&& git checkout -q $DOCKER_PY_COMMIT
+WORKDIR /go/src/github.com/docker/distribution
 
+# REGISTRY_VERSION specifies the version of the registry to build and install
+# from the https://github.com/docker/distribution repository. This version of
+# the registry is used to test both schema 1 and schema 2 manifests. Generally,
+# the version specified here should match a current release.
+ARG REGISTRY_VERSION=v2.3.0
 
+# REGISTRY_VERSION_SCHEMA1 specifies the version of the regsitry to build and
+# install from the https://github.com/docker/distribution repository. This is
+# an older (pre v2.3.0) version of the registry that only supports schema1
+# manifests. This version of the registry is not working on arm64, so installation
+# is skipped on that architecture.
+ARG REGISTRY_VERSION_SCHEMA1=v2.1.0
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=tmpfs,target=/go/src/ \
+        set -x \
+        && git clone https://github.com/docker/distribution.git . \
+        && git checkout -q "$REGISTRY_VERSION" \
+        && GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+           go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
+        && case $(dpkg --print-architecture) in \
+               amd64|armhf|ppc64*|s390x) \
+               git checkout -q "$REGISTRY_VERSION_SCHEMA1"; \
+               GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
+                   go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
+                ;; \
+           esac
 
 FROM base AS swagger
-# Install go-swagger for validating swagger.yaml
-ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/go-swagger/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \
-	&& (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \
-	&& go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \
-	&& rm -rf "$GOPATH"
-
-
-FROM base AS frozen-images
-RUN apt-get update && apt-get install -y jq ca-certificates --no-install-recommends
+WORKDIR $GOPATH/src/github.com/go-swagger/go-swagger
+
+# GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
+# install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
+#
+# Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix,
+# TODO: move to under moby/ or fix upstream go-swagger to work for us.
+ENV GO_SWAGGER_COMMIT c56166c036004ba7a3a321e5951ba472b9ae298c
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=tmpfs,target=/go/src/ \
+        set -x \
+        && git clone https://github.com/kolyshkin/go-swagger.git . \
+        && git checkout -q "$GO_SWAGGER_COMMIT" \
+        && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger
+
+FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
+ARG DEBIAN_FRONTEND
+RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \
+       apt-get update && apt-get install -y --no-install-recommends \
+           ca-certificates \
+           curl \
+           jq
 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
 COPY contrib/download-frozen-image-v2.sh /
+ARG TARGETARCH
 RUN /download-frozen-image-v2.sh /build \
-	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
-	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
-	busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \
-	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
-	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
-# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
-
-# Just a little hack so we don't have to install these deps twice, once for runc and once for dockerd
-FROM base AS runtime-dev
-RUN apt-get update && apt-get install -y \
-	libapparmor-dev \
-	libseccomp-dev
-
-
-FROM base AS tomlv
-ENV INSTALL_BINARY_NAME=tomlv
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
+        busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
+        debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
+        hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
+        arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
+# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
+
+FROM base AS cross-false
+
+FROM --platform=linux/amd64 base AS cross-true
+ARG DEBIAN_FRONTEND
+RUN dpkg --add-architecture arm64
+RUN dpkg --add-architecture armel
+RUN dpkg --add-architecture armhf
+RUN dpkg --add-architecture ppc64el
+RUN dpkg --add-architecture s390x
+RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            crossbuild-essential-arm64 \
+            crossbuild-essential-armel \
+            crossbuild-essential-armhf \
+            crossbuild-essential-ppc64el \
+            crossbuild-essential-s390x
+
+FROM cross-${CROSS} AS dev-base
+
+FROM dev-base AS runtime-dev-cross-false
+ARG DEBIAN_FRONTEND
+RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            binutils-mingw-w64 \
+            g++-mingw-w64-x86-64 \
+            libapparmor-dev \
+            libbtrfs-dev \
+            libdevmapper-dev \
+            libseccomp-dev \
+            libsystemd-dev \
+            libudev-dev
+
+FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true
+ARG DEBIAN_FRONTEND
+# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
+# on non-amd64 systems, so other architectures cannnot crossbuild amd64.
+RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            libapparmor-dev:arm64 \
+            libapparmor-dev:armel \
+            libapparmor-dev:armhf \
+            libapparmor-dev:ppc64el \
+            libapparmor-dev:s390x \
+            libseccomp-dev:arm64 \
+            libseccomp-dev:armel \
+            libseccomp-dev:armhf \
+            libseccomp-dev:ppc64el \
+            libseccomp-dev:s390x
+
+FROM runtime-dev-cross-${CROSS} AS runtime-dev
+
+FROM base AS tomll
+# GOTOML_VERSION specifies the version of the tomll binary to build and install
+# from the https://github.com/pelletier/go-toml repository. This binary is used
+# in CI in the hack/validate/toml script.
+#
+# When updating this version, consider updating the github.com/pelletier/go-toml
+# dependency in vendor.conf accordingly.
+ARG GOTOML_VERSION=v1.8.1
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \
+     && /build/tomll --help
 
 FROM base AS vndr
-ENV INSTALL_BINARY_NAME=vndr
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
-
-FROM base AS containerd
-RUN apt-get update && apt-get install -y btrfs-tools
-ENV INSTALL_BINARY_NAME=containerd
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
-
-FROM base AS proxy
-ENV INSTALL_BINARY_NAME=proxy
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
-
-FROM base AS gometalinter
-ENV INSTALL_BINARY_NAME=gometalinter
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
-
-FROM base AS dockercli
-ENV INSTALL_BINARY_NAME=dockercli
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+# VNDR_VERSION specifies the version of the vndr tool to build and install
+# from the https://github.com/LK4D4/vndr repository.
+#
+# The vndr tool is used to manage vendored go packages in the vendor directory,
+# and is pinned to a fixed version because different versions of this tool
+# can result in differences in the (go) files that are considered for vendoring.
+ARG VNDR_VERSION=v0.1.2
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        GOBIN=/build/ GO111MODULE=on go install "github.com/LK4D4/vndr@${VNDR_VERSION}" \
+     && /build/vndr --help
+
+FROM dev-base AS containerd
+ARG DEBIAN_FRONTEND
+RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            libbtrfs-dev
+ARG CONTAINERD_VERSION
+COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/containerd.installer /
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        PREFIX=/build /install.sh containerd
+
+FROM base AS golangci_lint
+ARG GOLANGCI_LINT_VERSION=v1.23.8
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \
+     && /build/golangci-lint --version
+
+FROM base AS gotestsum
+ARG GOTESTSUM_VERSION=v1.7.0
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
+     && /build/gotestsum --version
+
+FROM base AS shfmt
+ARG SHFMT_VERSION=v3.0.2
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \
+     && /build/shfmt --version
+
+FROM dev-base AS dockercli
+ARG DOCKERCLI_CHANNEL
+ARG DOCKERCLI_VERSION
+COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/dockercli.installer /
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        PREFIX=/build /install.sh dockercli
 
 FROM runtime-dev AS runc
-ENV INSTALL_BINARY_NAME=runc
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+ARG RUNC_VERSION
+ARG RUNC_BUILDTAGS
+COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/runc.installer /
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        PREFIX=/build /install.sh runc
+
+FROM dev-base AS tini
+ARG DEBIAN_FRONTEND
+ARG TINI_VERSION
+RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            cmake \
+            vim-common
+COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/tini.installer /
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        PREFIX=/build /install.sh tini
+
+FROM dev-base AS rootlesskit
+ARG ROOTLESSKIT_VERSION
+ARG PREFIX=/build
+COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/rootlesskit.installer /
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        /install.sh rootlesskit \
+     && "${PREFIX}"/rootlesskit --version \
+     && "${PREFIX}"/rootlesskit-docker-proxy --help
+COPY ./contrib/dockerd-rootless.sh /build
+COPY ./contrib/dockerd-rootless-setuptool.sh /build
 
-FROM base AS tini
-RUN apt-get update && apt-get install -y cmake vim-common
-COPY hack/dockerfile/install/install.sh ./install.sh
-ENV INSTALL_BINARY_NAME=tini
-COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+FROM --platform=amd64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-amd64
 
+FROM --platform=arm64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-arm64
 
+FROM scratch AS vpnkit
+COPY --from=vpnkit-amd64 /vpnkit /build/vpnkit.x86_64
+COPY --from=vpnkit-arm64 /vpnkit /build/vpnkit.aarch64
 
 # TODO: Some of this is only really needed for testing, it would be nice to split this up
-FROM runtime-dev AS dev
+FROM runtime-dev AS dev-systemd-false
+ARG DEBIAN_FRONTEND
 RUN groupadd -r docker
-RUN useradd --create-home --gid docker unprivilegeduser
+RUN useradd --create-home --gid docker unprivilegeduser \
+ && mkdir -p /home/unprivilegeduser/.local/share/docker \
+ && chown -R unprivilegeduser /home/unprivilegeduser
 # Let us use a .bashrc file
 RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
@@ -175,65 +272,133 @@ RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
 RUN ldconfig
 # This should only install packages that are specifically needed for the dev environment and nothing else
 # Do you really need to add another package here? Can it be done in a different build stage?
-RUN apt-get update && apt-get install -y \
-	apparmor \
-	aufs-tools \
-	bash-completion \
-	btrfs-tools \
-	iptables \
-	jq \
-	libdevmapper-dev \
-	libudev-dev \
-	libsystemd-dev \
-	binutils-mingw-w64 \
-	g++-mingw-w64-x86-64 \
-	net-tools \
-	pigz \
-	python-backports.ssl-match-hostname \
-	python-dev \
-	python-mock \
-	python-pip \
-	python-requests \
-	python-setuptools \
-	python-websocket \
-	python-wheel \
-	thin-provisioning-tools \
-	vim \
-	vim-common \
-	xfsprogs \
-	zip \
-	bzip2 \
-	xz-utils \
-	--no-install-recommends
-COPY --from=swagger /build/swagger* /usr/local/bin/
-COPY --from=frozen-images /build/ /docker-frozen-images
-COPY --from=gometalinter /build/ /usr/local/bin/
-COPY --from=tomlv /build/ /usr/local/bin/
-COPY --from=vndr /build/ /usr/local/bin/
-COPY --from=tini /build/ /usr/local/bin/
-COPY --from=runc /build/ /usr/local/bin/
-COPY --from=containerd /build/ /usr/local/bin/
-COPY --from=proxy /build/ /usr/local/bin/
-COPY --from=dockercli /build/ /usr/local/cli
-COPY --from=registry /build/registry* /usr/local/bin/
-COPY --from=criu /build/ /usr/local/
-COPY --from=docker-py /build/ /docker-py
-# TODO: This is for the docker-py tests, which shouldn't really be needed for
-# this image, but currently CI is expecting to run this image. This should be
-# split out into a separate image, including all the `python-*` deps installed
-# above.
-RUN cd /docker-py \
-	&& pip install docker-pycreds==0.2.1 \
-	&& pip install yamllint==1.5.0 \
-	&& pip install -r test-requirements.txt
+RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            apparmor \
+            bash-completion \
+            bzip2 \
+            inetutils-ping \
+            iproute2 \
+            iptables \
+            jq \
+            libcap2-bin \
+            libnet1 \
+            libnl-3-200 \
+            libprotobuf-c1 \
+            net-tools \
+            patch \
+            pigz \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            sudo \
+            thin-provisioning-tools \
+            uidmap \
+            vim \
+            vim-common \
+            xfsprogs \
+            xz-utils \
+            zip \
+            zstd
+
+
+# Switch to use iptables instead of nftables (to match the CI hosts)
+# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
+RUN update-alternatives --set iptables  /usr/sbin/iptables-legacy  || true \
+ && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
+ && update-alternatives --set arptables /usr/sbin/arptables-legacy || true
 
+RUN pip3 install yamllint==1.26.1
+
+COPY --from=dockercli     /build/ /usr/local/cli
+COPY --from=frozen-images /build/ /docker-frozen-images
+COPY --from=swagger       /build/ /usr/local/bin/
+COPY --from=tomll         /build/ /usr/local/bin/
+COPY --from=tini          /build/ /usr/local/bin/
+COPY --from=registry      /build/ /usr/local/bin/
+COPY --from=criu          /build/ /usr/local/bin/
+COPY --from=vndr          /build/ /usr/local/bin/
+COPY --from=gotestsum     /build/ /usr/local/bin/
+COPY --from=golangci_lint /build/ /usr/local/bin/
+COPY --from=shfmt         /build/ /usr/local/bin/
+COPY --from=runc          /build/ /usr/local/bin/
+COPY --from=containerd    /build/ /usr/local/bin/
+COPY --from=rootlesskit   /build/ /usr/local/bin/
+COPY --from=vpnkit        /build/ /usr/local/bin/
 ENV PATH=/usr/local/cli:$PATH
-ENV DOCKER_BUILDTAGS apparmor seccomp selinux
-# Options for hack/validate/gometalinter
-ENV GOMETALINTER_OPTS="--deadline=2m"
+ARG DOCKER_BUILDTAGS
+ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
 WORKDIR /go/src/github.com/docker/docker
 VOLUME /var/lib/docker
+VOLUME /home/unprivilegeduser/.local/share/docker
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
-# Upload docker source
+
+FROM dev-systemd-false AS dev-systemd-true
+RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            dbus \
+            dbus-user-session \
+            systemd \
+            systemd-sysv
+RUN mkdir -p hack \
+  && curl -o hack/dind-systemd https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/b70bac0daeea120456764248164c21684ade7d0d/docker-entrypoint.sh \
+  && chmod +x hack/dind-systemd
+ENTRYPOINT ["hack/dind-systemd"]
+
+FROM dev-systemd-${SYSTEMD} AS dev
+
+FROM runtime-dev AS binary-base
+ARG DOCKER_GITCOMMIT=HEAD
+ENV DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT}
+ARG VERSION
+ENV VERSION=${VERSION}
+ARG PLATFORM
+ENV PLATFORM=${PLATFORM}
+ARG PRODUCT
+ENV PRODUCT=${PRODUCT}
+ARG DEFAULT_PRODUCT_LICENSE
+ENV DEFAULT_PRODUCT_LICENSE=${DEFAULT_PRODUCT_LICENSE}
+ARG DOCKER_BUILDTAGS
+ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
+ENV PREFIX=/build
+# TODO: This is here because hack/make.sh binary copies these extras binaries
+# from $PATH into the bundles dir.
+# It would be nice to handle this in a different way.
+COPY --from=tini        /build/ /usr/local/bin/
+COPY --from=runc        /build/ /usr/local/bin/
+COPY --from=containerd  /build/ /usr/local/bin/
+COPY --from=rootlesskit /build/ /usr/local/bin/
+COPY --from=vpnkit      /build/ /usr/local/bin/
+WORKDIR /go/src/github.com/docker/docker
+
+FROM binary-base AS build-binary
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,target=/go/src/github.com/docker/docker \
+        hack/make.sh binary
+
+FROM binary-base AS build-dynbinary
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,target=/go/src/github.com/docker/docker \
+        hack/make.sh dynbinary
+
+FROM binary-base AS build-cross
+ARG DOCKER_CROSSPLATFORMS
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,target=/go/src/github.com/docker/docker \
+    --mount=type=tmpfs,target=/go/src/github.com/docker/docker/autogen \
+        hack/make.sh cross
+
+FROM scratch AS binary
+COPY --from=build-binary /build/bundles/ /
+
+FROM scratch AS dynbinary
+COPY --from=build-dynbinary /build/bundles/ /
+
+FROM scratch AS cross
+COPY --from=build-cross /build/bundles/ /
+
+FROM dev AS final
 COPY . /go/src/github.com/docker/docker
diff --git a/Dockerfile.e2e b/Dockerfile.e2e
index 48baa3b076bd3..6871a45a9b652 100644
--- a/Dockerfile.e2e
+++ b/Dockerfile.e2e
@@ -1,6 +1,7 @@
-## Step 1: Build tests
-FROM golang:1.11.1-alpine3.7 as builder
+ARG GO_VERSION=1.17.4
 
+FROM golang:${GO_VERSION}-alpine AS base
+ENV GO111MODULE=off
 RUN apk --no-cache add \
     bash \
     btrfs-progs-dev \
@@ -9,37 +10,55 @@ RUN apk --no-cache add \
     lvm2-dev \
     jq
 
+RUN mkdir -p /build/
 RUN mkdir -p /go/src/github.com/docker/docker/
 WORKDIR /go/src/github.com/docker/docker/
 
-# Generate frozen images
-COPY contrib/download-frozen-image-v2.sh contrib/download-frozen-image-v2.sh
-RUN contrib/download-frozen-image-v2.sh /output/docker-frozen-images \
-	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
-	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
-	busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \
-	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
-	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
+FROM base AS frozen-images
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /
+RUN /download-frozen-image-v2.sh /build \
+        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
+        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
+        debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
+        hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
+        arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
+# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
 
-# Install dockercli
-# Please edit hack/dockerfile/install/<name>.installer to update them.
-COPY hack/dockerfile/install hack/dockerfile/install
-RUN ./hack/dockerfile/install/install.sh dockercli
-
-# Set tag and add sources
-ARG DOCKER_GITCOMMIT
-ENV DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT:-undefined}
-ADD . .
+FROM base AS dockercli
+ENV INSTALL_BINARY_NAME=dockercli
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME
 
 # Build DockerSuite.TestBuild* dependency
-RUN CGO_ENABLED=0 go build -buildmode=pie -o /output/httpserver github.com/docker/docker/contrib/httpserver
+FROM base AS contrib
+COPY contrib/syscall-test           /build/syscall-test
+COPY contrib/httpserver/Dockerfile  /build/httpserver/Dockerfile
+COPY contrib/httpserver             contrib/httpserver
+RUN CGO_ENABLED=0 go build -buildmode=pie -o /build/httpserver/httpserver github.com/docker/docker/contrib/httpserver
 
-# Build the integration tests and copy the resulting binaries to /output/tests
+# Build the integration tests and copy the resulting binaries to /build/tests
+FROM base AS builder
+
+# Set tag and add sources
+COPY . .
+# Copy test sources tests that use assert can print errors
+RUN mkdir -p /build${PWD} && find integration integration-cli -name \*_test.go -exec cp --parents '{}' /build${PWD} \;
+# Build and install test binaries
+ARG DOCKER_GITCOMMIT=undefined
 RUN hack/make.sh build-integration-test-binary
-RUN mkdir -p /output/tests && find . -name test.main -exec cp --parents '{}' /output/tests \;
+RUN mkdir -p /build/tests && find . -name test.main -exec cp --parents '{}' /build/tests \;
 
-## Step 2: Generate testing image
-FROM alpine:3.7 as runner
+## Generate testing image
+FROM alpine:3.10 as runner
+
+ENV DOCKER_REMOTE_DAEMON=1
+ENV DOCKER_INTEGRATION_DAEMON_DEST=/
+ENTRYPOINT ["/scripts/run.sh"]
+
+# Add an unprivileged user to be used for tests which need it
+RUN addgroup docker && adduser -D -G docker unprivilegeduser -s /bin/ash
 
 # GNU tar is used for generating the emptyfs image
 RUN apk --no-cache add \
@@ -47,26 +66,21 @@ RUN apk --no-cache add \
     ca-certificates \
     g++ \
     git \
+    inetutils-ping \
     iptables \
+    libcap2-bin \
     pigz \
     tar \
     xz
 
-# Add an unprivileged user to be used for tests which need it
-RUN addgroup docker && adduser -D -G docker unprivilegeduser -s /bin/ash
-
-COPY contrib/httpserver/Dockerfile /tests/contrib/httpserver/Dockerfile
-COPY contrib/syscall-test /tests/contrib/syscall-test
-COPY integration-cli/fixtures /tests/integration-cli/fixtures
+COPY hack/test/e2e-run.sh       /scripts/run.sh
+COPY hack/make/.ensure-emptyfs  /scripts/ensure-emptyfs.sh
 
-COPY hack/test/e2e-run.sh /scripts/run.sh
-COPY hack/make/.ensure-emptyfs /scripts/ensure-emptyfs.sh
+COPY integration/testdata       /tests/integration/testdata
+COPY integration/build/testdata /tests/integration/build/testdata
+COPY integration-cli/fixtures   /tests/integration-cli/fixtures
 
-COPY --from=builder /output/docker-frozen-images /docker-frozen-images
-COPY --from=builder /output/httpserver /tests/contrib/httpserver/httpserver
-COPY --from=builder /output/tests /tests
-COPY --from=builder /usr/local/bin/docker /usr/bin/docker
-
-ENV DOCKER_REMOTE_DAEMON=1 DOCKER_INTEGRATION_DAEMON_DEST=/
-
-ENTRYPOINT ["/scripts/run.sh"]
+COPY --from=frozen-images /build/ /docker-frozen-images
+COPY --from=dockercli     /build/ /usr/bin/
+COPY --from=contrib       /build/ /tests/contrib/
+COPY --from=builder       /build/ /
diff --git a/Dockerfile.simple b/Dockerfile.simple
index a23d52927faa2..8ccdbe2453f85 100644
--- a/Dockerfile.simple
+++ b/Dockerfile.simple
@@ -5,7 +5,13 @@
 
 # This represents the bare minimum required to build and test Docker.
 
-FROM golang:1.11.1-stretch
+ARG GO_VERSION=1.17.4
+
+ARG BASE_DEBIAN_DISTRO="bullseye"
+ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
+
+FROM ${GOLANG_IMAGE}
+ENV GO111MODULE=off
 
 # allow replacing httpredir or deb mirror
 ARG APT_MIRROR=deb.debian.org
@@ -15,13 +21,13 @@ RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
-		btrfs-tools \
 		build-essential \
 		curl \
 		cmake \
 		gcc \
 		git \
 		libapparmor-dev \
+		libbtrfs-dev \
 		libdevmapper-dev \
 		libseccomp-dev \
 		ca-certificates \
@@ -33,7 +39,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		xfsprogs \
 		xz-utils \
 		\
-		aufs-tools \
 		vim-common \
 	&& rm -rf /var/lib/apt/lists/*
 
diff --git a/Dockerfile.windows b/Dockerfile.windows
index 180b9368d2c1f..da17d5ae60fc1 100644
--- a/Dockerfile.windows
+++ b/Dockerfile.windows
@@ -45,8 +45,8 @@
 #
 # 1. Clone the sources from github.com:
 #
-#    >>   git clone https://github.com/docker/docker.git C:\go\src\github.com\docker\docker
-#    >>   Cloning into 'C:\go\src\github.com\docker\docker'...
+#    >>   git clone https://github.com/docker/docker.git C:\gopath\src\github.com\docker\docker
+#    >>   Cloning into 'C:\gopath\src\github.com\docker\docker'...
 #    >>   remote: Counting objects: 186216, done.
 #    >>   remote: Compressing objects: 100% (21/21), done.
 #    >>   remote: Total 186216 (delta 5), reused 0 (delta 0), pack-reused 186195
@@ -59,7 +59,7 @@
 #
 # 2. Change directory to the cloned docker sources:
 #
-#    >>   cd C:\go\src\github.com\docker\docker 
+#    >>   cd C:\gopath\src\github.com\docker\docker 
 #
 #
 # 3. Build a docker image with the components required to build the docker binaries from source
@@ -79,8 +79,8 @@
 # 5. Copy the binaries out of the container, replacing HostPath with an appropriate destination 
 #    folder on the host system where you want the binaries to be located.
 #
-#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
-#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
+#    >>   docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
+#    >>   docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
 #
 #
 # 6. (Optional) Remove the interim container holding the built executable binaries:
@@ -147,24 +147,39 @@
 # The docker integration tests do not currently run in a container on Windows, predominantly
 # due to Windows not supporting privileged mode, so anything using a volume would fail.
 # They (along with the rest of the docker CI suite) can be run using 
-# https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
+# https://github.com/kevpar/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
 #
 # -----------------------------------------------------------------------------------------
 
 
 # The number of build steps below are explicitly minimised to improve performance.
+
+# Extremely important - do not change the following line to reference a "specific" image, 
+# such as `mcr.microsoft.com/windows/servercore:ltsc2019`. If using this Dockerfile in process
+# isolated containers, the kernel of the host must match the container image, and hence
+# would fail between Windows Server 2016 (aka RS1) and Windows Server 2019 (aka RS5).
+# It is expected that the image `microsoft/windowsservercore:latest` is present, and matches
+# the hosts kernel version before doing a build. 
 FROM microsoft/windowsservercore
 
 # Use PowerShell as the default shell
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
+ARG GO_VERSION=1.17.4
+ARG CONTAINERD_VERSION=1.5.8
+ARG GOTESTSUM_VERSION=v1.7.0
+
 # Environment variable notes:
 #  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
+#  - CONTAINERD_VERSION must be consistent with 'hack/dockerfile/install/containerd.installer' used by Linux.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
-ENV GO_VERSION=1.11.1 `
+ENV GO_VERSION=${GO_VERSION} `
+    CONTAINERD_VERSION=${CONTAINERD_VERSION} `
     GIT_VERSION=2.11.1 `
-    GOPATH=C:\go `
-    FROM_DOCKERFILE=1
+    GOPATH=C:\gopath `
+    GO111MODULE=off `
+    FROM_DOCKERFILE=1 `
+    GOTESTSUM_VERSION=${GOTESTSUM_VERSION}
 
 RUN `
   Function Test-Nano() { `
@@ -193,28 +208,30 @@ RUN `
       Throw ("Failed to download " + $source) `
       }`
     } else { `
+      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; `
       $webClient = New-Object System.Net.WebClient; `
       $webClient.DownloadFile($source, $target); `
     } `
   } `
   `
-  setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
+  setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin;C:\containerd\bin'); `
   `
   Write-Host INFO: Downloading git...; `
   $location='https://www.nuget.org/api/v2/package/GitForWindows/'+$Env:GIT_VERSION; `
   Download-File $location C:\gitsetup.zip; `
   `
   Write-Host INFO: Downloading go...; `
-  Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') C:\go.zip; `
+  $dlGoVersion=$Env:GO_VERSION -replace '\.0$',''; `
+  Download-File "https://golang.org/dl/go${dlGoVersion}.windows-amd64.zip" C:\go.zip; `
   `
   Write-Host INFO: Downloading compiler 1 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
+  Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
   `
   Write-Host INFO: Downloading compiler 2 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
+  Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
   `
   Write-Host INFO: Downloading compiler 3 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
+  Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
   `
   Write-Host INFO: Extracting git...; `
   Expand-Archive C:\gitsetup.zip C:\git-tmp; `
@@ -238,19 +255,45 @@ RUN `
   Remove-Item C:\binutils.zip; `
   Remove-Item C:\gitsetup.zip; `
   `
-  Write-Host INFO: Creating source directory...; `
-  New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null; `
+  Write-Host INFO: Downloading containerd; `
+  Install-Package -Force 7Zip4PowerShell; `
+  $location='https://github.com/containerd/containerd/releases/download/v'+$Env:CONTAINERD_VERSION+'/containerd-'+$Env:CONTAINERD_VERSION+'-windows-amd64.tar.gz'; `
+  Download-File $location C:\containerd.tar.gz; `
+  New-Item -Path C:\containerd -ItemType Directory; `
+  Expand-7Zip C:\containerd.tar.gz C:\; `
+  Expand-7Zip C:\containerd.tar C:\containerd; `
+  Remove-Item C:\containerd.tar.gz; `
+  Remove-Item C:\containerd.tar; `
+  `
+  # Ensure all directories exist that we will require below....
+  $srcDir = """$Env:GOPATH`\src\github.com\docker\docker\bundles"""; `
+  Write-Host INFO: Ensuring existence of directory $srcDir...; `
+  New-Item -Force -ItemType Directory -Path $srcDir | Out-Null; `
   `
   Write-Host INFO: Configuring git core.autocrlf...; `
-  C:\git\cmd\git config --global core.autocrlf true; `
+  C:\git\cmd\git config --global core.autocrlf true;
+
+RUN `
+  Function Install-GoTestSum() { `
+    $Env:GO111MODULE = 'on'; `
+    $tmpGobin = "${Env:GOBIN_TMP}"; `
+    $Env:GOBIN = """${Env:GOPATH}`\bin"""; `
+    Write-Host "INFO: Installing gotestsum version $Env:GOTESTSUM_VERSION in $Env:GOBIN"; `
+    &go install "gotest.tools/gotestsum@${Env:GOTESTSUM_VERSION}"; `
+    $Env:GOBIN = "${tmpGobin}"; `
+    $Env:GO111MODULE = 'off'; `
+    if ($LASTEXITCODE -ne 0) {  `
+      Throw '"gotestsum install failed..."'; `
+    } `
+  } `
   `
-  Write-Host INFO: Completed
+  Install-GoTestSum
 
 # Make PowerShell the default entrypoint
 ENTRYPOINT ["powershell.exe"]
 
 # Set the working directory to the location of the sources
-WORKDIR C:\go\src\github.com\docker\docker
+WORKDIR ${GOPATH}\src\github.com\docker\docker
 
 # Copy the sources into the container
 COPY . .
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000000000..00a6f955e915e
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,1324 @@
+#!groovy
+pipeline {
+    agent none
+
+    options {
+        buildDiscarder(logRotator(daysToKeepStr: '30'))
+        timeout(time: 2, unit: 'HOURS')
+        timestamps()
+    }
+    parameters {
+        booleanParam(name: 'unit_validate', defaultValue: true, description: 'amd64 (x86_64) unit tests and vendor check')
+        booleanParam(name: 'validate_force', defaultValue: false, description: 'force validation steps to be run, even if no changes were detected')
+        booleanParam(name: 'amd64', defaultValue: true, description: 'amd64 (x86_64) Build/Test')
+        booleanParam(name: 'rootless', defaultValue: true, description: 'amd64 (x86_64) Build/Test (Rootless mode)')
+        booleanParam(name: 'cgroup2', defaultValue: true, description: 'amd64 (x86_64) Build/Test (cgroup v2)')
+        booleanParam(name: 'arm64', defaultValue: true, description: 'ARM (arm64) Build/Test')
+        booleanParam(name: 's390x', defaultValue: false, description: 'IBM Z (s390x) Build/Test')
+        booleanParam(name: 'ppc64le', defaultValue: false, description: 'PowerPC (ppc64le) Build/Test')
+        booleanParam(name: 'windowsRS1', defaultValue: false, description: 'Windows 2016 (RS1) Build/Test')
+        booleanParam(name: 'windowsRS5', defaultValue: true, description: 'Windows 2019 (RS5) Build/Test')
+        booleanParam(name: 'windows2022', defaultValue: true, description: 'Windows 2022 (LTSC) Build/Test')
+        booleanParam(name: 'windows2022containerd', defaultValue: true, description: 'Windows 2022 (LTSC) with containerd Build/Test')
+        booleanParam(name: 'dco', defaultValue: true, description: 'Run the DCO check')
+    }
+    environment {
+        DOCKER_BUILDKIT     = '1'
+        DOCKER_EXPERIMENTAL = '1'
+        DOCKER_GRAPHDRIVER  = 'overlay2'
+        APT_MIRROR          = 'cdn-fastly.deb.debian.org'
+        CHECK_CONFIG_COMMIT = '33a3680e08d1007e72c3b3f1454f823d8e9948ee'
+        TESTDEBUG           = '0'
+        TIMEOUT             = '120m'
+    }
+    stages {
+        stage('pr-hack') {
+            when { changeRequest() }
+            steps {
+                script {
+                    echo "Workaround for PR auto-cancel feature. Borrowed from https://issues.jenkins-ci.org/browse/JENKINS-43353"
+                    def buildNumber = env.BUILD_NUMBER as int
+                    if (buildNumber > 1) milestone(buildNumber - 1)
+                    milestone(buildNumber)
+                }
+            }
+        }
+        stage('DCO-check') {
+            when {
+                beforeAgent true
+                expression { params.dco }
+            }
+            agent { label 'amd64 && ubuntu-1804 && overlay2' }
+            steps {
+                sh '''
+                docker run --rm \
+                  -v "$WORKSPACE:/workspace" \
+                  -e VALIDATE_REPO=${GIT_URL} \
+                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                  alpine sh -c 'apk add --no-cache -q bash git openssh-client && cd /workspace && hack/validate/dco'
+                '''
+            }
+        }
+        stage('Build') {
+            parallel {
+                stage('unit-validate') {
+                    when {
+                        beforeAgent true
+                        expression { params.unit_validate }
+                    }
+                    agent { label 'amd64 && ubuntu-1804 && overlay2' }
+                    environment {
+                        // On master ("non-pull-request"), force running some validation checks (vendor, swagger),
+                        // even if no files were changed. This allows catching problems caused by pull-requests
+                        // that were merged out-of-sequence.
+                        TEST_FORCE_VALIDATE = sh returnStdout: true, script: 'if [ "${BRANCH_NAME%%-*}" != "PR" ] || [ "${CHANGE_TARGET:-master}" != "master" ] || [ "${validate_force}" = "true" ]; then echo "1"; fi'
+                    }
+
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                                sh '''
+                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
+                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
+                                && bash ${WORKSPACE}/check-config.sh || true
+                                '''
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh 'docker build --force-rm --build-arg APT_MIRROR --build-arg CROSS=true -t docker:${GIT_COMMIT} .'
+                            }
+                        }
+                        stage("Validate") {
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  -v "$WORKSPACE/.git:/go/src/github.com/docker/docker/.git" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e TEST_FORCE_VALIDATE \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/validate/default
+                                '''
+                            }
+                        }
+                        stage("Docker-py") {
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary \
+                                    test-docker-py
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/test-docker-py/junit-report.xml', allowEmptyResults: true
+
+                                    sh '''
+                                    echo "Ensuring container killed."
+                                    docker rm -vf docker-pr$BUILD_NUMBER || true
+                                    '''
+
+                                    sh '''
+                                    echo 'Chowning /workspace to jenkins user'
+                                    docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                                    '''
+
+                                    catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                        sh '''
+                                        bundleName=docker-py
+                                        echo "Creating ${bundleName}-bundles.tar.gz"
+                                        tar -czf ${bundleName}-bundles.tar.gz bundles/test-docker-py/*.xml bundles/test-docker-py/*.log
+                                        '''
+
+                                        archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                                    }
+                                }
+                            }
+                        }
+                        stage("Static") {
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh binary
+                                '''
+                            }
+                        }
+                        stage("Cross") {
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh cross
+                                '''
+                            }
+                        }
+                        // needs to be last stage that calls make.sh for the junit report to work
+                        stage("Unit tests") {
+                            steps {
+                                sh '''
+                                sudo modprobe ip6table_filter
+                                '''
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/test/unit
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/junit-report*.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                        stage("Validate vendor") {
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/.git:/go/src/github.com/docker/docker/.git" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e TEST_FORCE_VALIDATE \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/validate/vendor
+                                '''
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo 'Ensuring container killed.'
+                            docker rm -vf docker-pr$BUILD_NUMBER || true
+                            '''
+
+                            sh '''
+                            echo 'Chowning /workspace to jenkins user'
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=unit
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                tar -czvf ${bundleName}-bundles.tar.gz bundles/junit-report*.xml bundles/go-test-report*.json bundles/profile*.out
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('amd64') {
+                    when {
+                        beforeAgent true
+                        expression { params.amd64 }
+                    }
+                    agent { label 'amd64 && ubuntu-1804 && overlay2' }
+
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                                sh '''
+                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
+                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
+                                && bash ${WORKSPACE}/check-config.sh || true
+                                '''
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh '''
+                                # todo: include ip_vs in base image
+                                sudo modprobe ip_vs
+
+                                docker build --force-rm --build-arg APT_MIRROR -t docker:${GIT_COMMIT} .
+                                '''
+                            }
+                        }
+                        stage("Run tests") {
+                            steps {
+                                sh '''#!/bin/bash
+                                # bash is needed so 'jobs -p' works properly
+                                # it also accepts setting inline envvars for functions without explicitly exporting
+                                set -x
+
+                                run_tests() {
+                                        [ -n "$TESTDEBUG" ] && rm= || rm=--rm;
+                                        docker run $rm -t --privileged \
+                                          -v "$WORKSPACE/bundles/${TEST_INTEGRATION_DEST}:/go/src/github.com/docker/docker/bundles" \
+                                          -v "$WORKSPACE/bundles/dynbinary-daemon:/go/src/github.com/docker/docker/bundles/dynbinary-daemon" \
+                                          -v "$WORKSPACE/.git:/go/src/github.com/docker/docker/.git" \
+                                          --name "$CONTAINER_NAME" \
+                                          -e KEEPBUNDLE=1 \
+                                          -e TESTDEBUG \
+                                          -e TESTFLAGS \
+                                          -e TEST_SKIP_INTEGRATION \
+                                          -e TEST_SKIP_INTEGRATION_CLI \
+                                          -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                          -e DOCKER_GRAPHDRIVER \
+                                          -e TIMEOUT \
+                                          -e VALIDATE_REPO=${GIT_URL} \
+                                          -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                          docker:${GIT_COMMIT} \
+                                          hack/make.sh \
+                                            "$1" \
+                                            test-integration
+                                }
+
+                                trap "exit" INT TERM
+                                trap 'pids=$(jobs -p); echo "Remaining pids to kill: [$pids]"; [ -z "$pids" ] || kill $pids' EXIT
+
+                                CONTAINER_NAME=docker-pr$BUILD_NUMBER
+
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  -v "$WORKSPACE/.git:/go/src/github.com/docker/docker/.git" \
+                                  --name ${CONTAINER_NAME}-build \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary
+
+                                # flaky + integration
+                                TEST_INTEGRATION_DEST=1 CONTAINER_NAME=${CONTAINER_NAME}-1 TEST_SKIP_INTEGRATION_CLI=1 run_tests test-integration-flaky &
+
+                                # integration-cli first set
+                                TEST_INTEGRATION_DEST=2 CONTAINER_NAME=${CONTAINER_NAME}-2 TEST_SKIP_INTEGRATION=1 TESTFLAGS="-test.run Test(DockerSuite|DockerNetworkSuite|DockerHubPullSuite|DockerRegistrySuite|DockerSchema1RegistrySuite|DockerRegistryAuthTokenSuite|DockerRegistryAuthHtpasswdSuite)/" run_tests &
+
+                                # integration-cli second set
+                                TEST_INTEGRATION_DEST=3 CONTAINER_NAME=${CONTAINER_NAME}-3 TEST_SKIP_INTEGRATION=1 TESTFLAGS="-test.run Test(DockerSwarmSuite|DockerDaemonSuite|DockerExternalVolumeSuite)/" run_tests &
+
+                                c=0
+                                for job in $(jobs -p); do
+                                        wait ${job} || c=$?
+                                done
+                                exit $c
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo "Ensuring container killed."
+                            cids=$(docker ps -aq -f name=docker-pr${BUILD_NUMBER}-*)
+                            [ -n "$cids" ] && docker rm -vf $cids || true
+                            '''
+
+                            sh '''
+                            echo "Chowning /workspace to jenkins user"
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=amd64
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                # exclude overlay2 directories
+                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('rootless') {
+                    when {
+                        beforeAgent true
+                        expression { params.rootless }
+                    }
+                    agent { label 'amd64 && ubuntu-1804 && overlay2' }
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                                sh '''
+                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
+                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
+                                && bash ${WORKSPACE}/check-config.sh || true
+                                '''
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh '''
+                                docker build --force-rm --build-arg APT_MIRROR -t docker:${GIT_COMMIT} .
+                                '''
+                            }
+                        }
+                        stage("Integration tests") {
+                            environment {
+                                DOCKER_ROOTLESS = '1'
+                                TEST_SKIP_INTEGRATION_CLI = '1'
+                            }
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_ROOTLESS \
+                                  -e TEST_SKIP_INTEGRATION_CLI \
+                                  -e TIMEOUT \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary \
+                                    test-integration
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo "Ensuring container killed."
+                            docker rm -vf docker-pr$BUILD_NUMBER || true
+                            '''
+
+                            sh '''
+                            echo "Chowning /workspace to jenkins user"
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=amd64-rootless
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                # exclude overlay2 directories
+                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+
+                stage('cgroup2') {
+                    when {
+                        beforeAgent true
+                        expression { params.cgroup2 }
+                    }
+                    agent { label 'amd64 && ubuntu-2004 && cgroup2' }
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh '''
+                                docker build --force-rm --build-arg APT_MIRROR --build-arg SYSTEMD=true -t docker:${GIT_COMMIT} .
+                                '''
+                            }
+                        }
+                        stage("Integration tests") {
+                            environment {
+                                DOCKER_SYSTEMD = '1' // recommended cgroup driver for v2
+                                TEST_SKIP_INTEGRATION_CLI = '1' // CLI tests do not support v2
+                            }
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_SYSTEMD \
+                                  -e TEST_SKIP_INTEGRATION_CLI \
+                                  -e TIMEOUT \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary \
+                                    test-integration
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo "Ensuring container killed."
+                            docker rm -vf docker-pr$BUILD_NUMBER || true
+                            '''
+
+                            sh '''
+                            echo "Chowning /workspace to jenkins user"
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=amd64-cgroup2
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                # exclude overlay2 directories
+                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+
+
+                stage('s390x') {
+                    when {
+                        beforeAgent true
+                        // Skip this stage on PRs unless the checkbox is selected
+                        anyOf {
+                            not { changeRequest() }
+                            expression { params.s390x }
+                        }
+                    }
+                    agent { label 's390x-ubuntu-2004' }
+
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                                sh '''
+                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
+                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
+                                && bash ${WORKSPACE}/check-config.sh || true
+                                '''
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh '''
+                                docker build --force-rm --build-arg APT_MIRROR -t docker:${GIT_COMMIT} .
+                                '''
+                            }
+                        }
+                        stage("Unit tests") {
+                            steps {
+                                sh '''
+                                sudo modprobe ip6table_filter
+                                '''
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/test/unit
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/junit-report*.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                        stage("Integration tests") {
+                            environment { TEST_SKIP_INTEGRATION_CLI = '1' }
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e TESTDEBUG \
+                                  -e TEST_SKIP_INTEGRATION_CLI \
+                                  -e TIMEOUT \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary \
+                                    test-integration
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo "Ensuring container killed."
+                            docker rm -vf docker-pr$BUILD_NUMBER || true
+                            '''
+
+                            sh '''
+                            echo "Chowning /workspace to jenkins user"
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=s390x-integration
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                # exclude overlay2 directories
+                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('s390x integration-cli') {
+                    when {
+                        beforeAgent true
+                        not { changeRequest() }
+                        expression { params.s390x }
+                    }
+                    agent { label 's390x-ubuntu-2004' }
+
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                                sh '''
+                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
+                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
+                                && bash ${WORKSPACE}/check-config.sh || true
+                                '''
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh '''
+                                docker build --force-rm --build-arg APT_MIRROR -t docker:${GIT_COMMIT} .
+                                '''
+                            }
+                        }
+                        stage("Integration-cli tests") {
+                            environment { TEST_SKIP_INTEGRATION = '1' }
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e TEST_SKIP_INTEGRATION \
+                                  -e TIMEOUT \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary \
+                                    test-integration
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo "Ensuring container killed."
+                            docker rm -vf docker-pr$BUILD_NUMBER || true
+                            '''
+
+                            sh '''
+                            echo "Chowning /workspace to jenkins user"
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=s390x-integration-cli
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                # exclude overlay2 directories
+                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('ppc64le') {
+                    when {
+                        beforeAgent true
+                        // Skip this stage on PRs unless the checkbox is selected
+                        anyOf {
+                            not { changeRequest() }
+                            expression { params.ppc64le }
+                        }
+                    }
+                    agent { label 'ppc64le-ubuntu-1604' }
+                    // ppc64le machines run on Docker 18.06, and buildkit has some
+                    // bugs on that version. Build and use buildx instead.
+                    environment {
+                        USE_BUILDX      = '1'
+                        DOCKER_BUILDKIT = '0'
+                    }
+
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                                sh '''
+                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
+                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
+                                && bash ${WORKSPACE}/check-config.sh || true
+                                '''
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh '''
+                                make bundles/buildx
+                                bundles/buildx build --load --force-rm --build-arg APT_MIRROR -t docker:${GIT_COMMIT} .
+                                '''
+                            }
+                        }
+                        stage("Unit tests") {
+                            steps {
+                                sh '''
+                                sudo modprobe ip6table_filter
+                                '''
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/test/unit
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/junit-report*.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                        stage("Integration tests") {
+                            environment { TEST_SKIP_INTEGRATION_CLI = '1' }
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e TESTDEBUG \
+                                  -e TEST_SKIP_INTEGRATION_CLI \
+                                  -e TIMEOUT \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary \
+                                    test-integration
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo "Ensuring container killed."
+                            docker rm -vf docker-pr$BUILD_NUMBER || true
+                            '''
+
+                            sh '''
+                            echo "Chowning /workspace to jenkins user"
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=ppc64le-integration
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                # exclude overlay2 directories
+                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('ppc64le integration-cli') {
+                    when {
+                        beforeAgent true
+                        not { changeRequest() }
+                        expression { params.ppc64le }
+                    }
+                    agent { label 'ppc64le-ubuntu-1604' }
+                    // ppc64le machines run on Docker 18.06, and buildkit has some
+                    // bugs on that version. Build and use buildx instead.
+                    environment {
+                        USE_BUILDX      = '1'
+                        DOCKER_BUILDKIT = '0'
+                    }
+
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                                sh '''
+                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
+                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
+                                && bash ${WORKSPACE}/check-config.sh || true
+                                '''
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh '''
+                                make bundles/buildx
+                                bundles/buildx build --load --force-rm --build-arg APT_MIRROR -t docker:${GIT_COMMIT} .
+                                '''
+                            }
+                        }
+                        stage("Integration-cli tests") {
+                            environment { TEST_SKIP_INTEGRATION = '1' }
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e TEST_SKIP_INTEGRATION \
+                                  -e TIMEOUT \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary \
+                                    test-integration
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo "Ensuring container killed."
+                            docker rm -vf docker-pr$BUILD_NUMBER || true
+                            '''
+
+                            sh '''
+                            echo "Chowning /workspace to jenkins user"
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=ppc64le-integration-cli
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                # exclude overlay2 directories
+                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('arm64') {
+                    when {
+                        beforeAgent true
+                        expression { params.arm64 }
+                    }
+                    agent { label 'arm64 && ubuntu-2004' }
+                    environment {
+                        TEST_SKIP_INTEGRATION_CLI = '1'
+                    }
+
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                                sh '''
+                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
+                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
+                                && bash ${WORKSPACE}/check-config.sh || true
+                                '''
+                            }
+                        }
+                        stage("Build dev image") {
+                            steps {
+                                sh 'docker build --force-rm --build-arg APT_MIRROR -t docker:${GIT_COMMIT} .'
+                            }
+                        }
+                        stage("Unit tests") {
+                            steps {
+                                sh '''
+                                sudo modprobe ip6table_filter
+                                '''
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/test/unit
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/junit-report*.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                        stage("Integration tests") {
+                            environment { TEST_SKIP_INTEGRATION_CLI = '1' }
+                            steps {
+                                sh '''
+                                docker run --rm -t --privileged \
+                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
+                                  --name docker-pr$BUILD_NUMBER \
+                                  -e DOCKER_EXPERIMENTAL \
+                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
+                                  -e DOCKER_GRAPHDRIVER \
+                                  -e TESTDEBUG \
+                                  -e TEST_SKIP_INTEGRATION_CLI \
+                                  -e TIMEOUT \
+                                  -e VALIDATE_REPO=${GIT_URL} \
+                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
+                                  docker:${GIT_COMMIT} \
+                                  hack/make.sh \
+                                    dynbinary \
+                                    test-integration
+                                '''
+                            }
+                            post {
+                                always {
+                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
+                                }
+                            }
+                        }
+                    }
+
+                    post {
+                        always {
+                            sh '''
+                            echo "Ensuring container killed."
+                            docker rm -vf docker-pr$BUILD_NUMBER || true
+                            '''
+
+                            sh '''
+                            echo "Chowning /workspace to jenkins user"
+                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
+                            '''
+
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                sh '''
+                                bundleName=arm64-integration
+                                echo "Creating ${bundleName}-bundles.tar.gz"
+                                # exclude overlay2 directories
+                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('win-RS1') {
+                    when {
+                        beforeAgent true
+                        // Skip this stage on PRs unless the windowsRS1 checkbox is selected
+                        anyOf {
+                            not { changeRequest() }
+                            expression { params.windowsRS1 }
+                        }
+                    }
+                    environment {
+                        DOCKER_BUILDKIT        = '0'
+                        DOCKER_DUT_DEBUG       = '1'
+                        SKIP_VALIDATION_TESTS  = '1'
+                        SOURCES_DRIVE          = 'd'
+                        SOURCES_SUBDIR         = 'gopath'
+                        TESTRUN_DRIVE          = 'd'
+                        TESTRUN_SUBDIR         = "CI"
+                        WINDOWS_BASE_IMAGE     = 'mcr.microsoft.com/windows/servercore'
+                        WINDOWS_BASE_IMAGE_TAG = 'ltsc2016'
+                    }
+                    agent {
+                        node {
+                            customWorkspace 'd:\\gopath\\src\\github.com\\docker\\docker'
+                            label 'windows-2016'
+                        }
+                    }
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                            }
+                        }
+                        stage("Run tests") {
+                            steps {
+                                powershell '''
+                                $ErrorActionPreference = 'Stop'
+                                [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+                                Invoke-WebRequest https://github.com/moby/docker-ci-zap/blob/master/docker-ci-zap.exe?raw=true -OutFile C:/Windows/System32/docker-ci-zap.exe
+                                ./hack/ci/windows.ps1
+                                exit $LastExitCode
+                                '''
+                            }
+                        }
+                    }
+                    post {
+                        always {
+                            junit testResults: 'bundles/junit-report-*.xml', allowEmptyResults: true
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                powershell '''
+                                cd $env:WORKSPACE
+                                $bundleName="windowsRS1-integration"
+                                Write-Host -ForegroundColor Green "Creating ${bundleName}-bundles.zip"
+
+                                # archiveArtifacts does not support env-vars to , so save the artifacts in a fixed location
+                                Compress-Archive -Path "bundles/CIDUT.out", "bundles/CIDUT.err", "bundles/junit-report-*.xml" -CompressionLevel Optimal -DestinationPath "${bundleName}-bundles.zip"
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.zip', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('win-RS5') {
+                    when {
+                        beforeAgent true
+                        expression { params.windowsRS5 }
+                    }
+                    environment {
+                        DOCKER_BUILDKIT        = '0'
+                        DOCKER_DUT_DEBUG       = '1'
+                        SKIP_VALIDATION_TESTS  = '1'
+                        SOURCES_DRIVE          = 'd'
+                        SOURCES_SUBDIR         = 'gopath'
+                        TESTRUN_DRIVE          = 'd'
+                        TESTRUN_SUBDIR         = "CI"
+                        WINDOWS_BASE_IMAGE     = 'mcr.microsoft.com/windows/servercore'
+                        WINDOWS_BASE_IMAGE_TAG = 'ltsc2019'
+                    }
+                    agent {
+                        node {
+                            customWorkspace 'd:\\gopath\\src\\github.com\\docker\\docker'
+                            label 'windows-2019'
+                        }
+                    }
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                            }
+                        }
+                        stage("Run tests") {
+                            steps {
+                                powershell '''
+                                $ErrorActionPreference = 'Stop'
+                                Invoke-WebRequest https://github.com/moby/docker-ci-zap/blob/master/docker-ci-zap.exe?raw=true -OutFile C:/Windows/System32/docker-ci-zap.exe
+                                ./hack/ci/windows.ps1
+                                exit $LastExitCode
+                                '''
+                            }
+                        }
+                    }
+                    post {
+                        always {
+                            junit testResults: 'bundles/junit-report-*.xml', allowEmptyResults: true
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
+                                powershell '''
+                                cd $env:WORKSPACE
+                                $bundleName="windowsRS5-integration"
+                                Write-Host -ForegroundColor Green "Creating ${bundleName}-bundles.zip"
+
+                                # archiveArtifacts does not support env-vars to , so save the artifacts in a fixed location
+                                Compress-Archive -Path "bundles/CIDUT.out", "bundles/CIDUT.err", "bundles/junit-report-*.xml" -CompressionLevel Optimal -DestinationPath "${bundleName}-bundles.zip"
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.zip', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('win-2022') {
+                    when {
+                        beforeAgent true
+                        expression { params.windows2022 }
+                    }
+                    environment {
+                        DOCKER_BUILDKIT        = '0'
+                        DOCKER_DUT_DEBUG       = '1'
+                        SKIP_VALIDATION_TESTS  = '1'
+                        SOURCES_DRIVE          = 'd'
+                        SOURCES_SUBDIR         = 'gopath'
+                        TESTRUN_DRIVE          = 'd'
+                        TESTRUN_SUBDIR         = "CI"
+                        WINDOWS_BASE_IMAGE     = 'mcr.microsoft.com/windows/servercore'
+                        // Available tags can be found at https://mcr.microsoft.com/v2/windows/servercore/tags/list
+                        WINDOWS_BASE_IMAGE_TAG = 'ltsc2022'
+                    }
+                    agent {
+                        node {
+                            customWorkspace 'd:\\gopath\\src\\github.com\\docker\\docker'
+                            label 'windows-2022'
+                        }
+                    }
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                            }
+                        }
+                        stage("Run tests") {
+                            steps {
+                                powershell '''
+                                $ErrorActionPreference = 'Stop'
+                                Invoke-WebRequest https://github.com/moby/docker-ci-zap/blob/master/docker-ci-zap.exe?raw=true -OutFile C:/Windows/System32/docker-ci-zap.exe
+                                ./hack/ci/windows.ps1
+                                exit $LastExitCode
+                                '''
+                            }
+                        }
+                    }
+                    post {
+                        always {
+                            junit testResults: 'bundles/junit-report-*.xml', allowEmptyResults: true
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.zip') {
+                                powershell '''
+                                cd $env:WORKSPACE
+                                $bundleName="win-2022-integration"
+                                Write-Host -ForegroundColor Green "Creating ${bundleName}-bundles.zip"
+
+                                # archiveArtifacts does not support env-vars to , so save the artifacts in a fixed location
+                                Compress-Archive -Path "bundles/CIDUT.out", "bundles/CIDUT.err", "bundles/junit-report-*.xml" -CompressionLevel Optimal -DestinationPath "${bundleName}-bundles.zip"
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.zip', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+                stage('win-2022-c8d') {
+                    when {
+                        beforeAgent true
+                        expression { params.windows2022containerd }
+                    }
+                    environment {
+                        DOCKER_BUILDKIT        = '0'
+                        DOCKER_DUT_DEBUG       = '1'
+                        SKIP_VALIDATION_TESTS  = '1'
+                        SOURCES_DRIVE          = 'd'
+                        SOURCES_SUBDIR         = 'gopath'
+                        TESTRUN_DRIVE          = 'd'
+                        TESTRUN_SUBDIR         = "CI"
+                        WINDOWS_BASE_IMAGE     = 'mcr.microsoft.com/windows/servercore'
+                        // Available tags can be found at https://mcr.microsoft.com/v2/windows/servercore/tags/list
+                        WINDOWS_BASE_IMAGE_TAG = 'ltsc2022'
+                        DOCKER_WINDOWS_CONTAINERD_RUNTIME = '1'
+                    }
+                    agent {
+                        node {
+                            customWorkspace 'd:\\gopath\\src\\github.com\\docker\\docker'
+                            label 'windows-2022'
+                        }
+                    }
+                    stages {
+                        stage("Print info") {
+                            steps {
+                                sh 'docker version'
+                                sh 'docker info'
+                            }
+                        }
+                        stage("Run tests") {
+                            steps {
+                                powershell '''
+                                $ErrorActionPreference = 'Stop'
+                                Invoke-WebRequest https://github.com/moby/docker-ci-zap/blob/master/docker-ci-zap.exe?raw=true -OutFile C:/Windows/System32/docker-ci-zap.exe
+                                ./hack/ci/windows.ps1
+                                exit $LastExitCode
+                                '''
+                            }
+                        }
+                    }
+                    post {
+                        always {
+                            junit testResults: 'bundles/junit-report-*.xml', allowEmptyResults: true
+                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.zip') {
+                                powershell '''
+                                cd $env:WORKSPACE
+                                $bundleName="win-2022-c8d-integration"
+                                Write-Host -ForegroundColor Green "Creating ${bundleName}-bundles.zip"
+
+                                # archiveArtifacts does not support env-vars to , so save the artifacts in a fixed location
+                                Compress-Archive -Path "bundles/CIDUT.out", "bundles/CIDUT.err", "bundles/containerd.out", "bundles/containerd.err", "bundles/junit-report-*.xml" -CompressionLevel Optimal -DestinationPath "${bundleName}-bundles.zip"
+                                '''
+
+                                archiveArtifacts artifacts: '*-bundles.zip', allowEmptyArchive: true
+                            }
+                        }
+                        cleanup {
+                            sh 'make clean'
+                            deleteDir()
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
diff --git a/MAINTAINERS b/MAINTAINERS
index 0aa8562a37997..cf1b17fb03b28 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -24,21 +24,17 @@
 	# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
 
 		people = [
-			"aaronlehmann",
 			"akihirosuda",
 			"anusha",
 			"coolljt0725",
 			"cpuguy83",
-			"crosbymichael",
-			"dnephin",
-			"duglin",
 			"estesp",
-			"jhowardmsft",
 			"johnstep",
 			"justincormack",
+			"kolyshkin",
 			"mhbauer",
-			"mlaventure",
 			"runcom",
+			"samuelkarp",
 			"stevvooe",
 			"thajeztah",
 			"tianon",
@@ -50,15 +46,6 @@
 			"yongtang"
 		]
 
-	[Org."Docs maintainers"]
-
-	# TODO Describe the docs maintainers role.
-
-		people = [
-			"misty",
-			"thajeztah"
-		]
-
 	[Org.Curators]
 
 	# The curators help ensure that incoming issues and pull requests are properly triaged and
@@ -74,13 +61,12 @@
 		people = [
 			"alexellis",
 			"andrewhsu",
-			"anonymuse",
-			"chanwit",
 			"fntlnz",
 			"gianarb",
+			"olljanat",
 			"programmerq",
-			"rheinwein",
 			"ripcurld",
+			"samwhited",
 			"thajeztah"
 		]
 
@@ -91,6 +77,12 @@
 	# Thank you!
 
 		people = [
+			# Aaron Lehmann was a maintainer for swarmkit, the registry, and the engine,
+			# and contributed many improvements, features, and bugfixes in those areas,
+			# among which "automated service rollbacks", templated secrets and configs,
+			# and resumable image layer downloads.
+			"aaronlehmann",
+
 			# Harald Albers is the mastermind behind the bash completion scripts for the
 			# Docker CLI. The completion scripts moved to the Docker CLI repository, so
 			# you can now find him perform his magic in the https://github.com/docker/cli repository.
@@ -110,6 +102,30 @@
 			# and tweets as @calavera.
 			"calavera",
 
+			# Michael Crosby was "chief maintainer" of the Docker project.
+			# During his time as a maintainer, Michael contributed to many
+			# milestones of the project; he was release captain of Docker v1.0.0,
+			# started the development of "libcontainer" (what later became runc)
+			# and containerd, as well as demoing cool hacks such as live migrating
+			# a game server container with checkpoint/restore.
+			#
+			# Michael is currently a maintainer of containerd, but you may see
+			# him around in other projects on GitHub.
+			"crosbymichael",
+
+			# Before becoming a maintainer, Daniel Nephin was a core contributor
+			# to "Fig" (now known as Docker Compose). As a maintainer for both the
+			# Engine and Docker CLI, Daniel contributed many features, among which
+			# the `docker stack` commands, allowing users to deploy their Docker
+			# Compose projects as a Swarm service.
+			"dnephin",
+
+			# Doug Davis contributed many features and fixes for the classic builder,
+			# such as "wildcard" copy, the dockerignore file, custom paths/names
+			# for the Dockerfile, as well as enhancements to the API and documentation.
+			# Follow Doug on Twitter, where he tweets as @duginabox.
+			"duglin",
+
 			# As a maintainer, Erik was responsible for the "builder", and
 			# started the first designs for the new networking model in
 			# Docker. Erik is now working on all kinds of plugins for Docker
@@ -118,7 +134,7 @@
 			# still stumble into him in our issue tracker, or on IRC.
 			"erikh",
 
-			# Evan Hazlett is the creator of of the Shipyard and Interlock open source projects,
+			# Evan Hazlett is the creator of the Shipyard and Interlock open source projects,
 			# and the author of "Orca", which became the foundation of Docker Universal Control
 			# Plane (UCP). As a maintainer, Evan helped integrating SwarmKit (secrets, tasks)
 			# into the Docker engine.
@@ -160,6 +176,16 @@
 			# check out her open source projects on GitHub https://github.com/jessfraz (a must-try).
 			"jessfraz",
 
+			# As a maintainer, John Howard managed to make the impossible possible;
+			# to run Docker on Windows. After facing many challenges, teaching
+			# fellow-maintainers that 'Windows is not Linux', and many changes in
+			# Windows Server to facilitate containers, native Windows containers
+			# saw the light of day in 2015.
+			#
+			# John is now enjoying life without containers: playing piano, painting,
+			# and walking his dogs, but you may occasionally see him drop by on GitHub.
+			"lowenna",
+
 			# Alexander Morozov contributed many features to Docker, worked on the premise of 
 			# what later became containerd (and worked on that too), and made a "stupid" Go
 			# vendor tool specifically for docker/docker needs: vndr (https://github.com/LK4D4/vndr).
@@ -173,6 +199,13 @@
 			# Swarm mode networking.
 			"mavenugo",
 
+			# As a maintainer, Kenfe-Mickaël Laventure worked on the container runtime,
+			# integrating containerd 1.0 with the daemon, and adding support for custom
+			# OCI runtimes, as well as implementing the `docker prune` subcommands,
+			# which was a welcome feature to be added. You can keep up with Mickaél on
+			# Twitter (@kmlaventure).
+			"mlaventure",
+
 			# As a docs maintainer, Mary Anthony contributed greatly to the Docker
 			# docs. She wrote the Docker Contributor Guide and Getting Started
 			# Guides. She helped create a doc build system independent of
@@ -247,7 +280,7 @@
 
 	[people.akihirosuda]
 	Name = "Akihiro Suda"
-	Email = "suda.akihiro@lab.ntt.co.jp"
+	Email = "akihiro.suda.cz@hco.ntt.co.jp"
 	GitHub = "AkihiroSuda"
 
 	[people.aluzzardi]
@@ -265,11 +298,6 @@
 	Email = "andrewhsu@docker.com"
 	GitHub = "andrewhsu"
 
-	[people.anonymuse]
-	Name = "Jesse White"
-	Email = "anonymuse@gmail.com"
-	GitHub = "anonymuse"
-
 	[people.anusha]
 	Name = "Anusha Ragunathan"
 	Email = "anusha@docker.com"
@@ -290,11 +318,6 @@
 	Email = "cpuguy83@gmail.com"
 	GitHub = "cpuguy83"
 
-	[people.chanwit]
-	Name = "Chanwit Kaewkasi"
-	Email = "chanwit@gmail.com"
-	GitHub = "chanwit"
-
 	[people.crosbymichael]
 	Name = "Michael Crosby"
 	Email = "crosbymichael@gmail.com"
@@ -345,11 +368,6 @@
 	Email = "james@lovedthanlost.net"
 	GitHub = "jamtur01"
 
-	[people.jhowardmsft]
-	Name = "John Howard"
-	Email = "jhoward@microsoft.com"
-	GitHub = "jhowardmsft"
-
 	[people.jessfraz]
 	Name = "Jessie Frazelle"
 	Email = "jess@linux.com"
@@ -365,11 +383,21 @@
 	Email = "justin.cormack@docker.com"
 	GitHub = "justincormack"
 
+	[people.kolyshkin]
+	Name = "Kir Kolyshkin"
+	Email = "kolyshkin@gmail.com"
+	GitHub = "kolyshkin"
+
 	[people.lk4d4]
 	Name = "Alexander Morozov"
 	Email = "lk4d4@docker.com"
 	GitHub = "lk4d4"
 
+	[people.lowenna]
+	Name = "John Howard"
+	Email = "github@lowenna.com"
+	GitHub = "lowenna"
+
 	[people.mavenugo]
 	Name = "Madhu Venugopal"
 	Email = "madhu@docker.com"
@@ -380,11 +408,6 @@
 	Email = "mbauer@us.ibm.com"
 	GitHub = "mhbauer"
 
-	[people.misty]
-	Name = "Misty Stanley-Jones"
-	Email = "misty@docker.com"
-	GitHub = "mistyhacks"
-
 	[people.mlaventure]
 	Name = "Kenfe-Mickaël Laventure"
 	Email = "mickael.laventure@gmail.com"
@@ -400,16 +423,16 @@
 	Email = "mrjana@docker.com"
 	GitHub = "mrjana"
 
+	[people.olljanat]
+	Name = "Olli Janatuinen"
+	Email = "olli.janatuinen@gmail.com"
+	GitHub = "olljanat"
+
 	[people.programmerq]
 	Name = "Jeff Anderson"
 	Email = "jeff@docker.com"
 	GitHub = "programmerq"
 
-	[people.rheinwein]
-	Name = "Laura Frank"
-	Email = "laura@codeship.com"
-	GitHub = "rheinwein"
-
 	[people.ripcurld]
 	Name = "Boaz Shuster"
 	Email = "ripcurld.github@gmail.com"
@@ -420,6 +443,16 @@
 	Email = "runcom@redhat.com"
 	GitHub = "runcom"
 
+	[people.samuelkarp]
+	Name = "Samuel Karp"
+	Email = "skarp@amazon.com"
+	GitHub = "samuelkarp"
+
+	[people.samwhited]
+	Name = "Sam Whited"
+	Email = "sam@samwhited.com"
+	GitHub = "samwhited"
+
 	[people.shykes]
 	Name = "Solomon Hykes"
 	Email = "solomon@docker.com"
diff --git a/Makefile b/Makefile
index 0efa32bc10c40..c7cd97f79a4a9 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,22 @@
 .PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate win
 
+BUILDX_VERSION ?= v0.6.0
+
+ifdef USE_BUILDX
+BUILDX ?= $(shell command -v buildx)
+BUILDX ?= $(shell command -v docker-buildx)
+DOCKER_BUILDX_CLI_PLUGIN_PATH ?= ~/.docker/cli-plugins/docker-buildx
+BUILDX ?= $(shell if [ -x "$(DOCKER_BUILDX_CLI_PLUGIN_PATH)" ]; then echo $(DOCKER_BUILDX_CLI_PLUGIN_PATH); fi)
+endif
+
+ifndef USE_BUILDX
+DOCKER_BUILDKIT := 1
+export DOCKER_BUILDKIT
+endif
+
+BUILDX ?= bundles/buildx
+DOCKER ?= docker
+
 # set the graph driver as the current graphdriver if not set
 DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))
 export DOCKER_GRAPHDRIVER
@@ -11,6 +28,12 @@ DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $$
 DOCKER_GITCOMMIT := $(shell git rev-parse --short HEAD || echo unsupported)
 export DOCKER_GITCOMMIT
 
+# allow overriding the repository and branch that validation scripts are running
+# against these are used in hack/validate/.validate to check what changed in the PR.
+export VALIDATE_REPO
+export VALIDATE_BRANCH
+export VALIDATE_ORIGIN_BRANCH
+
 # env vars passed through directly to Docker's build scripts
 # to allow things like `make KEEPBUNDLE=1 binary` easily
 # `project/PACKAGERS.md` have some limited documentation of some of these
@@ -28,6 +51,7 @@ DOCKER_ENVS := \
 	-e KEEPBUNDLE \
 	-e DOCKER_BUILD_ARGS \
 	-e DOCKER_BUILD_GOGC \
+	-e DOCKER_BUILD_OPTS \
 	-e DOCKER_BUILD_PKGS \
 	-e DOCKER_BUILDKIT \
 	-e DOCKER_BASH_COMPLETION_PATH \
@@ -39,19 +63,25 @@ DOCKER_ENVS := \
 	-e DOCKER_LDFLAGS \
 	-e DOCKER_PORT \
 	-e DOCKER_REMAP_ROOT \
+	-e DOCKER_ROOTLESS \
 	-e DOCKER_STORAGE_OPTS \
+	-e DOCKER_TEST_HOST \
 	-e DOCKER_USERLANDPROXY \
 	-e DOCKERD_ARGS \
+	-e TEST_FORCE_VALIDATE \
 	-e TEST_INTEGRATION_DIR \
+	-e TEST_SKIP_INTEGRATION \
+	-e TEST_SKIP_INTEGRATION_CLI \
+	-e TESTDEBUG \
 	-e TESTDIRS \
 	-e TESTFLAGS \
+	-e TESTFLAGS_INTEGRATION \
+	-e TESTFLAGS_INTEGRATION_CLI \
+	-e TEST_FILTER \
 	-e TIMEOUT \
-	-e HTTP_PROXY \
-	-e HTTPS_PROXY \
-	-e NO_PROXY \
-	-e http_proxy \
-	-e https_proxy \
-	-e no_proxy \
+	-e VALIDATE_REPO \
+	-e VALIDATE_BRANCH \
+	-e VALIDATE_ORIGIN_BRANCH \
 	-e VERSION \
 	-e PLATFORM \
 	-e DEFAULT_PRODUCT_LICENSE \
@@ -62,35 +92,35 @@ DOCKER_ENVS := \
 # (default to no bind mount if DOCKER_HOST is set)
 # note: BINDDIR is supported for backwards-compatibility here
 BIND_DIR := $(if $(BINDDIR),$(BINDDIR),$(if $(DOCKER_HOST),,bundles))
+
+# DOCKER_MOUNT can be overriden, but use at your own risk!
+ifndef DOCKER_MOUNT
 DOCKER_MOUNT := $(if $(BIND_DIR),-v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/docker/docker/$(BIND_DIR)")
+DOCKER_MOUNT := $(if $(DOCKER_BINDDIR_MOUNT_OPTS),$(DOCKER_MOUNT):$(DOCKER_BINDDIR_MOUNT_OPTS),$(DOCKER_MOUNT))
 
 # This allows the test suite to be able to run without worrying about the underlying fs used by the container running the daemon (e.g. aufs-on-aufs), so long as the host running the container is running a supported fs.
 # The volume will be cleaned up when the container is removed due to `--rm`.
 # Note that `BIND_DIR` will already be set to `bundles` if `DOCKER_HOST` is not set (see above BIND_DIR line), in such case this will do nothing since `DOCKER_MOUNT` will already be set.
 DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles) -v "$(CURDIR)/.git:/go/src/github.com/docker/docker/.git"
 
-# This allows to set the docker-dev container name
-DOCKER_CONTAINER_NAME := $(if $(CONTAINER_NAME),--name $(CONTAINER_NAME),)
-
 DOCKER_MOUNT_CACHE := -v docker-dev-cache:/root/.cache
 DOCKER_MOUNT_CLI := $(if $(DOCKER_CLI_PATH),-v $(shell dirname $(DOCKER_CLI_PATH)):/usr/local/cli,)
 DOCKER_MOUNT_BASH_COMPLETION := $(if $(DOCKER_BASH_COMPLETION_PATH),-v $(shell dirname $(DOCKER_BASH_COMPLETION_PATH)):/usr/local/completion/bash,)
 DOCKER_MOUNT := $(DOCKER_MOUNT) $(DOCKER_MOUNT_CACHE) $(DOCKER_MOUNT_CLI) $(DOCKER_MOUNT_BASH_COMPLETION)
+endif # ifndef DOCKER_MOUNT
+
+# This allows to set the docker-dev container name
+DOCKER_CONTAINER_NAME := $(if $(CONTAINER_NAME),--name $(CONTAINER_NAME),)
 
-GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
-GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
-DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
+DOCKER_IMAGE := docker-dev
 DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
 
-DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
+DOCKER_FLAGS := $(DOCKER) run --rm -i --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
 BUILD_APT_MIRROR := $(if $(DOCKER_BUILD_APT_MIRROR),--build-arg APT_MIRROR=$(DOCKER_BUILD_APT_MIRROR))
 export BUILD_APT_MIRROR
 
 SWAGGER_DOCS_PORT ?= 9000
 
-INTEGRATION_CLI_MASTER_IMAGE := $(if $(INTEGRATION_CLI_MASTER_IMAGE), $(INTEGRATION_CLI_MASTER_IMAGE), integration-cli-master)
-INTEGRATION_CLI_WORKER_IMAGE := $(if $(INTEGRATION_CLI_WORKER_IMAGE), $(INTEGRATION_CLI_WORKER_IMAGE), integration-cli-worker)
-
 define \n
 
 
@@ -106,20 +136,51 @@ endif
 
 DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)"
 
+DOCKER_BUILD_ARGS += --build-arg=GO_VERSION
+ifdef DOCKER_SYSTEMD
+DOCKER_BUILD_ARGS += --build-arg=SYSTEMD=true
+endif
+
+BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS} -f "$(DOCKERFILE)"
+ifdef USE_BUILDX
+BUILD_OPTS += $(BUILDX_BUILD_EXTRA_OPTS)
+BUILD_CMD := $(BUILDX) build
+else
+BUILD_CMD := $(DOCKER) build
+endif
+
+# This is used for the legacy "build" target and anything still depending on it
+BUILD_CROSS =
+ifdef DOCKER_CROSS
+BUILD_CROSS = --build-arg CROSS=$(DOCKER_CROSS)
+endif
+ifdef DOCKER_CROSSPLATFORMS
+BUILD_CROSS = --build-arg CROSS=true
+endif
+
+VERSION_AUTOGEN_ARGS = --build-arg VERSION --build-arg DOCKER_GITCOMMIT --build-arg PRODUCT --build-arg PLATFORM --build-arg DEFAULT_PRODUCT_LICENSE
+
 default: binary
 
-all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives
+all: build ## validate all checks, build linux binaries, run all tests,\ncross build non-linux binaries, and generate archives
 	$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh'
 
-binary: build ## build the linux binaries
-	$(DOCKER_RUN_DOCKER) hack/make.sh binary
+# This is only used to work around read-only bind mounts of the source code into
+# binary build targets. We end up mounting a tmpfs over autogen which allows us
+# to write build-time generated assets even though the source is mounted read-only
+# ...But in order to do so, this dir needs to already exist.
+autogen:
+	mkdir -p autogen
 
-dynbinary: build ## build the linux dynbinaries
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary
+binary: buildx autogen ## build statically linked linux binaries
+	$(BUILD_CMD) $(BUILD_OPTS) --output=bundles/ --target=$@ $(VERSION_AUTOGEN_ARGS) .
 
-build: bundles
-	$(warning The docker client CLI has moved to github.com/docker/cli. For a dev-test cycle involving the CLI, run:${\n} DOCKER_CLI_PATH=/host/path/to/cli/binary make shell ${\n} then change the cli and compile into a binary at the same location.${\n})
-	docker build ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)" -f "$(DOCKERFILE)" .
+dynbinary: buildx autogen ## build dynamically linked linux binaries
+	$(BUILD_CMD) $(BUILD_OPTS) --output=bundles/ --target=$@ $(VERSION_AUTOGEN_ARGS) .
+
+cross: BUILD_OPTS += --build-arg CROSS=true --build-arg DOCKER_CROSSPLATFORMS
+cross: buildx autogen ## cross build the binaries for darwin, freebsd and\nwindows
+	$(BUILD_CMD) $(BUILD_OPTS) --output=bundles/ --target=$@ $(VERSION_AUTOGEN_ARGS) .
 
 bundles:
 	mkdir bundles
@@ -131,19 +192,28 @@ clean: clean-cache
 clean-cache:
 	docker volume rm -f docker-dev-cache
 
-cross: build ## cross build the binaries for darwin, freebsd and\nwindows
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross
-
 help: ## this help
-	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z0-9_-]+:.*?## / {gsub("\\\\n",sprintf("\n%22c",""), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
 install: ## install the linux binaries
 	KEEPBUNDLE=1 hack/make.sh install-binary
 
 run: build ## run the docker daemon in a container
 	$(DOCKER_RUN_DOCKER) sh -c "KEEPBUNDLE=1 hack/make.sh install-binary run"
+ 
+.PHONY: build
+ifeq ($(BIND_DIR), .)
+build: shell_target := --target=dev
+else
+build: shell_target := --target=final
+endif
+ifdef USE_BUILDX
+build: buildx_load := --load
+endif
+build: buildx
+	$(BUILD_CMD) $(BUILD_OPTS) $(shell_target) $(buildx_load) $(BUILD_CROSS) -t "$(DOCKER_IMAGE)" .
 
-shell: build ## start a shell inside the build env
+shell: build  ## start a shell inside the build env
 	$(DOCKER_RUN_DOCKER) bash
 
 test: build test-unit ## run the unit, integration and docker-py tests
@@ -154,8 +224,16 @@ test-docker-py: build ## run the docker-py tests
 
 test-integration-cli: test-integration ## (DEPRECATED) use test-integration
 
+ifneq ($(and $(TEST_SKIP_INTEGRATION),$(TEST_SKIP_INTEGRATION_CLI)),)
+test-integration:
+	@echo Both integrations suites skipped per environment variables
+else
 test-integration: build ## run the integration tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration
+endif
+
+test-integration-flaky: build ## run the stress test for all new integration tests
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration-flaky
 
 test-unit: build ## run the unit tests
 	$(DOCKER_RUN_DOCKER) hack/test/unit
@@ -164,7 +242,7 @@ validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isol
 	$(DOCKER_RUN_DOCKER) hack/validate/all
 
 win: build ## cross build the binary for windows
-	$(DOCKER_RUN_DOCKER) hack/make.sh win
+	$(DOCKER_RUN_DOCKER) DOCKER_CROSSPLATFORMS=windows/amd64 hack/make.sh cross
 
 .PHONY: swagger-gen
 swagger-gen:
@@ -180,19 +258,15 @@ swagger-docs: ## preview the API documentation
 	@docker run --rm -v $(PWD)/api/swagger.yaml:/usr/share/nginx/html/swagger.yaml \
 		-e 'REDOC_OPTIONS=hide-hostname="true" lazy-rendering' \
 		-p $(SWAGGER_DOCS_PORT):80 \
-		bfirsh/redoc:1.6.2
-
-build-integration-cli-on-swarm: build ## build images and binary for running integration-cli on Swarm in parallel
-	@echo "Building hack/integration-cli-on-swarm (if build fails, please refer to hack/integration-cli-on-swarm/README.md)"
-	go build -buildmode=pie -o ./hack/integration-cli-on-swarm/integration-cli-on-swarm ./hack/integration-cli-on-swarm/host
-	@echo "Building $(INTEGRATION_CLI_MASTER_IMAGE)"
-	docker build -t $(INTEGRATION_CLI_MASTER_IMAGE) hack/integration-cli-on-swarm/agent
-	@echo "Building $(INTEGRATION_CLI_WORKER_IMAGE) from $(DOCKER_IMAGE)"
-	$(eval tmp := integration-cli-worker-tmp)
-# We mount pkgcache, but not bundle (bundle needs to be baked into the image)
-# For avoiding bakings DOCKER_GRAPHDRIVER and so on to image, we cannot use $(DOCKER_ENVS) here
-	docker run -t -d --name $(tmp) -e DOCKER_GITCOMMIT -e BUILDFLAGS --privileged $(DOCKER_IMAGE) top
-	docker exec $(tmp) hack/make.sh build-integration-test-binary dynbinary
-	docker exec $(tmp) go build -buildmode=pie -o /worker github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker
-	docker commit -c 'ENTRYPOINT ["/worker"]' $(tmp) $(INTEGRATION_CLI_WORKER_IMAGE)
-	docker rm -f $(tmp)
+		bfirsh/redoc:1.14.0
+
+.PHONY: buildx
+ifdef USE_BUILDX
+ifeq ($(BUILDX), bundles/buildx)
+buildx: bundles/buildx ## build buildx cli tool
+endif
+endif
+
+bundles/buildx: bundles ## build buildx CLI tool
+	curl -fsSL https://raw.githubusercontent.com/moby/buildkit/70deac12b5857a1aa4da65e90b262368e2f71500/hack/install-buildx | VERSION="$(BUILDX_VERSION)" BINDIR="$(@D)" bash
+	$@ version
diff --git a/NOTICE b/NOTICE
index 0c74e15b057f0..58b19b6d15b99 100644
--- a/NOTICE
+++ b/NOTICE
@@ -3,7 +3,7 @@ Copyright 2012-2017 Docker, Inc.
 
 This product includes software developed at Docker, Inc. (https://www.docker.com).
 
-This product contains software (https://github.com/kr/pty) developed
+This product contains software (https://github.com/creack/pty) developed
 by Keith Rarick, licensed under the MIT License.
 
 The following is courtesy of our legal counsel:
diff --git a/ROADMAP.md b/ROADMAP.md
index e2e6b2b960f80..775d0734ec93d 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -35,34 +35,83 @@ issue, in the Slack channel, or in person at the Moby Summits that happen every
 
 ## 1.1 Runtime improvements
 
-We introduced [`runC`](https://runc.io) as a standalone low-level tool for container
-execution in 2015, the first stage in spinning out parts of the Engine into standalone tools.
+Over time we have accumulated a lot of functionality in the container runtime
+aspect of Moby while also growing in other areas. Much of the container runtime
+pieces are now duplicated work available in other, lower level components such
+as [containerd](https://containerd.io).
 
-As runC continued evolving, and the OCI specification along with it, we created
-[`containerd`](https://github.com/containerd/containerd), a daemon to control and monitor `runC`.
-In late 2016 this was relaunched as the `containerd` 1.0 track, aiming to provide a common runtime
-for the whole spectrum of container systems, including Kubernetes, with wide community support.
-This change meant that there was an increased scope for `containerd`, including image management
-and storage drivers.
+Moby currently only utilizes containerd for basic runtime state management, e.g. starting
+and stopping a container, which is what the pre-containerd 1.0 daemon provided.
+Now that containerd is a full-fledged container runtime which supports full
+container life-cycle management, we would like to start relying more on containerd
+and removing the bits in Moby which are now duplicated. This will necessitate
+a significant effort to refactor and even remove large parts of Moby's codebase.
 
-Moby will rely on a long-running `containerd` companion daemon for all container execution
-related operations. This could open the door in the future for Engine restarts without interrupting
-running containers. The switch over to containerd 1.0 is an important goal for the project, and
-will result in a significant simplification of the functions implemented in this repository.
+Tracking issues:
 
-## 1.2 Internal decoupling
+- [#38043](https://github.com/moby/moby/issues/38043) Proposal: containerd image integration
+
+## 1.2 Image Builder
+
+Work is ongoing to integrate [BuildKit](https://github.com/moby/buildkit) into
+Moby and replace the "v0" build implementation. Buildkit offers better cache
+management, parallelizable build steps, and better extensibility while also
+keeping builds portable, a chief tenent of Moby's builder.
+
+Upon completion of this effort, users will have a builder that performs better
+while also being more extensible, enabling users to provide their own custom
+syntax which can be either Dockerfile-like or something completely different.
+
+See [buildpacks on buildkit](https://github.com/tonistiigi/buildkit-pack) as an
+example of this extensibility.
+
+New features for the builder and Dockerfile should be implemented first in the
+BuildKit backend using an external Dockerfile implementation from the container
+images. This allows everyone to test and evaluate the feature without upgrading
+their daemon. New features should go to the experimental channel first, and can be
+part of the `docker/dockerfile:experimental` image. From there they graduate to
+`docker/dockerfile:latest` and binary releases. The Dockerfile frontend source
+code is temporarily located at
+[https://github.com/moby/buildkit/tree/master/frontend/dockerfile](https://github.com/moby/buildkit/tree/master/frontend/dockerfile)
+with separate new features defined with go build tags.
+
+Tracking issues:
+
+- [#32925](https://github.com/moby/moby/issues/32925) discussion: builder future: buildkit
+
+## 1.3 Rootless Mode
+
+Running the daemon requires elevated privileges for many tasks. We would like to
+support running the daemon as a normal, unprivileged user without requiring `suid`
+binaries.
+
+Tracking issues:
+
+- [#37375](https://github.com/moby/moby/issues/37375) Proposal: allow running `dockerd` as an unprivileged user (aka rootless mode)
+
+## 1.4 Testing
+
+Moby has many tests, both unit and integration. Moby needs more tests which can
+cover the full spectrum functionality and edge cases out there.
+
+Tests in the `integration-cli` folder should also be migrated into (both in
+location and style) the `integration` folder. These newer tests are simpler to
+run in isolation, simpler to read, simpler to write, and more fully exercise the
+API. Meanwhile tests of the docker CLI should generally live in docker/cli.
+
+Tracking issues:
+
+- [#32866](https://github.com/moby/moby/issues/32866) Replace integration-cli suite with API test suite
+
+## 1.5 Internal decoupling
 
 A lot of work has been done in trying to decouple Moby internals. This process of creating
 standalone projects with a well defined function that attract a dedicated community should continue.
 As well as integrating `containerd` we would like to integrate [BuildKit](https://github.com/moby/buildkit)
 as the next standalone component.
-
 We see gRPC as the natural communication layer between decoupled components.
 
-## 1.3 Custom assembly tooling
-
-We have been prototyping the Moby [assembly tool](https://github.com/moby/tool) which was originally
-developed for LinuxKit and intend to turn it into a more generic packaging and assembly mechanism
-that can build not only the default version of Moby, as distribution packages or other useful forms,
-but can also build very different container systems, themselves built of cooperating daemons built in
-and running in containers. We intend to merge this functionality into this repo.
+In addition to pushing out large components into other projects, much of the
+internal code structure, and in particular the
+["Daemon"](https://godoc.org/github.com/docker/docker/daemon#Daemon) object,
+should be split into smaller, more manageable, and more testable components.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000000..5b2262c282a00
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Reporting security issues
+
+The Moby maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
+
+### Reporting a Vulnerability
+
+Please **DO NOT** file a public issue, instead send your report privately to security@docker.com.
+
+Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.
diff --git a/TESTING.md b/TESTING.md
index b2c53769ca052..fb0e4e9e6e078 100644
--- a/TESTING.md
+++ b/TESTING.md
@@ -28,7 +28,7 @@ Most code changes will fall into one of the following categories.
 ### Writing tests for new features
 
 New code should be covered by unit tests. If the code is difficult to test with
-a unit tests then that is a good sign that it should be refactored to make it
+unit tests, then that is a good sign that it should be refactored to make it
 easier to reuse and maintain. Consider accepting unexported interfaces instead
 of structs so that fakes can be provided for dependencies.
 
@@ -44,16 +44,23 @@ case. Error cases should be handled by unit tests.
 
 Bugs fixes should include a unit test case which exercises the bug.
 
-A bug fix may also include new assertions in an existing integration tests for the
+A bug fix may also include new assertions in existing integration tests for the
 API endpoint.
 
+### Writing new integration tests
+
+Note the `integration-cli` tests are deprecated; new tests will be rejected by
+the CI.
+
+Instead, implement new tests under `integration/`.
+
 ### Integration tests environment considerations
 
-When adding new tests or modifying existing test under `integration/`, testing 
+When adding new tests or modifying existing tests under `integration/`, testing
 environment should be properly considered. `skip.If` from 
 [gotest.tools/skip](https://godoc.org/gotest.tools/skip) can be used to make the 
 test run conditionally. Full testing environment conditions can be found at 
-[environment.go](https://github.com/moby/moby/blob/cb37987ee11655ed6bbef663d245e55922354c68/internal/test/environment/environment.go)
+[environment.go](https://github.com/moby/moby/blob/6b6eeed03b963a27085ea670f40cd5ff8a61f32e/testutil/environment/environment.go)
 
 Here is a quick example. If the test needs to interact with a docker daemon on 
 the same host, the following condition should be checked within the test code
@@ -67,6 +74,8 @@ If a remote daemon is detected, the test will be skipped.
 
 ## Running tests
 
+### Unit Tests
+
 To run the unit test suite:
 
 ```
@@ -82,8 +91,36 @@ The following environment variables may be used to run a subset of tests:
 * `TESTFLAGS` - flags passed to `go test`, to run tests which match a pattern
   use `TESTFLAGS="-test.run TestNameOrPrefix"`
 
+### Integration Tests
+
 To run the integration test suite:
 
 ```
 make test-integration
 ```
+
+This make target runs both the "integration" suite and the "integration-cli"
+suite.
+
+You can specify which integration test dirs to build and run by specifying
+the list of dirs in the TEST_INTEGRATION_DIR environment variable.
+
+You can also explicitly skip either suite by setting (any value) in
+TEST_SKIP_INTEGRATION and/or TEST_SKIP_INTEGRATION_CLI environment variables.
+
+Flags specific to each suite can be set in the TESTFLAGS_INTEGRATION and
+TESTFLAGS_INTEGRATION_CLI environment variables.
+
+If all you want is to specify a test filter to run, you can set the
+`TEST_FILTER` environment variable. This ends up getting passed directly to `go
+test -run` (or `go test -check-f`, depending on the test suite). It will also
+automatically set the other above mentioned environment variables accordingly.
+
+### Go Version
+
+You can change a version of golang used for building stuff that is being tested
+by setting `GO_VERSION` variable, for example:
+
+```
+make GO_VERSION=1.12.8 test
+```
diff --git a/api/common.go b/api/common.go
index 4582eb92e0c32..bee9b875a889b 100644
--- a/api/common.go
+++ b/api/common.go
@@ -3,7 +3,7 @@ package api // import "github.com/docker/docker/api"
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
-	DefaultVersion = "1.39"
+	DefaultVersion = "1.42"
 
 	// NoBaseImageSpecifier is the symbol used by the FROM
 	// command to specify that no base image is to be used.
diff --git a/api/common_unix.go b/api/common_unix.go
index 504b0c90d7bbf..19fc63d6589aa 100644
--- a/api/common_unix.go
+++ b/api/common_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package api // import "github.com/docker/docker/api"
diff --git a/api/server/backend/build/backend.go b/api/server/backend/build/backend.go
index 33df264cca985..0d81c0138a841 100644
--- a/api/server/backend/build/backend.go
+++ b/api/server/backend/build/backend.go
@@ -3,17 +3,19 @@ package build // import "github.com/docker/docker/api/server/backend/build"
 import (
 	"context"
 	"fmt"
+	"strconv"
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/builder"
 	buildkit "github.com/docker/docker/builder/builder-next"
-	"github.com/docker/docker/builder/fscache"
+	daemonevents "github.com/docker/docker/daemon/events"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/pkg/errors"
-	"golang.org/x/sync/errgroup"
+	"google.golang.org/grpc"
 )
 
 // ImageComponent provides an interface for working with images
@@ -30,14 +32,21 @@ type Builder interface {
 // Backend provides build functionality to the API router
 type Backend struct {
 	builder        Builder
-	fsCache        *fscache.FSCache
 	imageComponent ImageComponent
 	buildkit       *buildkit.Builder
+	eventsService  *daemonevents.Events
 }
 
 // NewBackend creates a new build backend from components
-func NewBackend(components ImageComponent, builder Builder, fsCache *fscache.FSCache, buildkit *buildkit.Builder) (*Backend, error) {
-	return &Backend{imageComponent: components, builder: builder, fsCache: fsCache, buildkit: buildkit}, nil
+func NewBackend(components ImageComponent, builder Builder, buildkit *buildkit.Builder, es *daemonevents.Events) (*Backend, error) {
+	return &Backend{imageComponent: components, builder: builder, buildkit: buildkit, eventsService: es}, nil
+}
+
+// RegisterGRPC registers buildkit controller to the grpc server.
+func (b *Backend) RegisterGRPC(s *grpc.Server) {
+	if b.buildkit != nil {
+		b.buildkit.RegisterGRPC(s)
+	}
 }
 
 // Build builds an image from a Source
@@ -82,6 +91,8 @@ func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string
 	if !useBuildKit {
 		stdout := config.ProgressWriter.StdoutFormatter
 		fmt.Fprintf(stdout, "Successfully built %s\n", stringid.TruncateID(imageID))
+	}
+	if imageID != "" {
 		err = tagger.TagImages(image.ID(imageID))
 	}
 	return imageID, err
@@ -89,34 +100,16 @@ func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string
 
 // PruneCache removes all cached build sources
 func (b *Backend) PruneCache(ctx context.Context, opts types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error) {
-	eg, ctx := errgroup.WithContext(ctx)
-
-	var fsCacheSize uint64
-	eg.Go(func() error {
-		var err error
-		fsCacheSize, err = b.fsCache.Prune(ctx)
-		if err != nil {
-			return errors.Wrap(err, "failed to prune fscache")
-		}
-		return nil
-	})
-
-	var buildCacheSize int64
-	var cacheIDs []string
-	eg.Go(func() error {
-		var err error
-		buildCacheSize, cacheIDs, err = b.buildkit.Prune(ctx, opts)
-		if err != nil {
-			return errors.Wrap(err, "failed to prune build cache")
-		}
-		return nil
-	})
-
-	if err := eg.Wait(); err != nil {
-		return nil, err
+	buildCacheSize, cacheIDs, err := b.buildkit.Prune(ctx, opts)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to prune build cache")
 	}
-
-	return &types.BuildCachePruneReport{SpaceReclaimed: fsCacheSize + uint64(buildCacheSize), CachesDeleted: cacheIDs}, nil
+	b.eventsService.Log("prune", events.BuilderEventType, events.Actor{
+		Attributes: map[string]string{
+			"reclaimed": strconv.FormatInt(buildCacheSize, 10),
+		},
+	})
+	return &types.BuildCachePruneReport{SpaceReclaimed: uint64(buildCacheSize), CachesDeleted: cacheIDs}, nil
 }
 
 // Cancel cancels the build by ID
diff --git a/api/server/httputils/errors.go b/api/server/httputils/errors.go
deleted file mode 100644
index a21affff3439f..0000000000000
--- a/api/server/httputils/errors.go
+++ /dev/null
@@ -1,131 +0,0 @@
-package httputils // import "github.com/docker/docker/api/server/httputils"
-
-import (
-	"fmt"
-	"net/http"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/errdefs"
-	"github.com/gorilla/mux"
-	"github.com/sirupsen/logrus"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/codes"
-)
-
-type causer interface {
-	Cause() error
-}
-
-// GetHTTPErrorStatusCode retrieves status code from error message.
-func GetHTTPErrorStatusCode(err error) int {
-	if err == nil {
-		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
-		return http.StatusInternalServerError
-	}
-
-	var statusCode int
-
-	// Stop right there
-	// Are you sure you should be adding a new error class here? Do one of the existing ones work?
-
-	// Note that the below functions are already checking the error causal chain for matches.
-	switch {
-	case errdefs.IsNotFound(err):
-		statusCode = http.StatusNotFound
-	case errdefs.IsInvalidParameter(err):
-		statusCode = http.StatusBadRequest
-	case errdefs.IsConflict(err) || errdefs.IsAlreadyExists(err):
-		statusCode = http.StatusConflict
-	case errdefs.IsUnauthorized(err):
-		statusCode = http.StatusUnauthorized
-	case errdefs.IsUnavailable(err):
-		statusCode = http.StatusServiceUnavailable
-	case errdefs.IsForbidden(err):
-		statusCode = http.StatusForbidden
-	case errdefs.IsNotModified(err):
-		statusCode = http.StatusNotModified
-	case errdefs.IsNotImplemented(err):
-		statusCode = http.StatusNotImplemented
-	case errdefs.IsSystem(err) || errdefs.IsUnknown(err) || errdefs.IsDataLoss(err) || errdefs.IsDeadline(err) || errdefs.IsCancelled(err):
-		statusCode = http.StatusInternalServerError
-	default:
-		statusCode = statusCodeFromGRPCError(err)
-		if statusCode != http.StatusInternalServerError {
-			return statusCode
-		}
-
-		if e, ok := err.(causer); ok {
-			return GetHTTPErrorStatusCode(e.Cause())
-		}
-
-		logrus.WithFields(logrus.Fields{
-			"module":     "api",
-			"error_type": fmt.Sprintf("%T", err),
-		}).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err)
-	}
-
-	if statusCode == 0 {
-		statusCode = http.StatusInternalServerError
-	}
-
-	return statusCode
-}
-
-func apiVersionSupportsJSONErrors(version string) bool {
-	const firstAPIVersionWithJSONErrors = "1.23"
-	return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
-}
-
-// MakeErrorHandler makes an HTTP handler that decodes a Docker error and
-// returns it in the response.
-func MakeErrorHandler(err error) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		statusCode := GetHTTPErrorStatusCode(err)
-		vars := mux.Vars(r)
-		if apiVersionSupportsJSONErrors(vars["version"]) {
-			response := &types.ErrorResponse{
-				Message: err.Error(),
-			}
-			WriteJSON(w, statusCode, response)
-		} else {
-			http.Error(w, grpc.ErrorDesc(err), statusCode)
-		}
-	}
-}
-
-// statusCodeFromGRPCError returns status code according to gRPC error
-func statusCodeFromGRPCError(err error) int {
-	switch grpc.Code(err) {
-	case codes.InvalidArgument: // code 3
-		return http.StatusBadRequest
-	case codes.NotFound: // code 5
-		return http.StatusNotFound
-	case codes.AlreadyExists: // code 6
-		return http.StatusConflict
-	case codes.PermissionDenied: // code 7
-		return http.StatusForbidden
-	case codes.FailedPrecondition: // code 9
-		return http.StatusBadRequest
-	case codes.Unauthenticated: // code 16
-		return http.StatusUnauthorized
-	case codes.OutOfRange: // code 11
-		return http.StatusBadRequest
-	case codes.Unimplemented: // code 12
-		return http.StatusNotImplemented
-	case codes.Unavailable: // code 14
-		return http.StatusServiceUnavailable
-	default:
-		if e, ok := err.(causer); ok {
-			return statusCodeFromGRPCError(e.Cause())
-		}
-		// codes.Canceled(1)
-		// codes.Unknown(2)
-		// codes.DeadlineExceeded(4)
-		// codes.ResourceExhausted(8)
-		// codes.Aborted(10)
-		// codes.Internal(13)
-		// codes.DataLoss(15)
-		return http.StatusInternalServerError
-	}
-}
diff --git a/api/server/httputils/errors_deprecated.go b/api/server/httputils/errors_deprecated.go
new file mode 100644
index 0000000000000..1263f02f9c60f
--- /dev/null
+++ b/api/server/httputils/errors_deprecated.go
@@ -0,0 +1,9 @@
+package httputils // import "github.com/docker/docker/api/server/httputils"
+import "github.com/docker/docker/errdefs"
+
+// GetHTTPErrorStatusCode retrieves status code from error message.
+//
+// Deprecated: use errdefs.GetHTTPErrorStatusCode
+func GetHTTPErrorStatusCode(err error) int {
+	return errdefs.GetHTTPErrorStatusCode(err)
+}
diff --git a/api/server/httputils/form_test.go b/api/server/httputils/form_test.go
index e7e2daea20cc8..2721b23e3919f 100644
--- a/api/server/httputils/form_test.go
+++ b/api/server/httputils/form_test.go
@@ -23,7 +23,7 @@ func TestBoolValue(t *testing.T) {
 	for c, e := range cases {
 		v := url.Values{}
 		v.Set("test", c)
-		r, _ := http.NewRequest("POST", "", nil)
+		r, _ := http.NewRequest(http.MethodPost, "", nil)
 		r.Form = v
 
 		a := BoolValue(r, "test")
@@ -34,14 +34,14 @@ func TestBoolValue(t *testing.T) {
 }
 
 func TestBoolValueOrDefault(t *testing.T) {
-	r, _ := http.NewRequest("GET", "", nil)
+	r, _ := http.NewRequest(http.MethodGet, "", nil)
 	if !BoolValueOrDefault(r, "queryparam", true) {
 		t.Fatal("Expected to get true default value, got false")
 	}
 
 	v := url.Values{}
 	v.Set("param", "")
-	r, _ = http.NewRequest("GET", "", nil)
+	r, _ = http.NewRequest(http.MethodGet, "", nil)
 	r.Form = v
 	if BoolValueOrDefault(r, "param", true) {
 		t.Fatal("Expected not to get true")
@@ -59,7 +59,7 @@ func TestInt64ValueOrZero(t *testing.T) {
 	for c, e := range cases {
 		v := url.Values{}
 		v.Set("test", c)
-		r, _ := http.NewRequest("POST", "", nil)
+		r, _ := http.NewRequest(http.MethodPost, "", nil)
 		r.Form = v
 
 		a := Int64ValueOrZero(r, "test")
@@ -79,7 +79,7 @@ func TestInt64ValueOrDefault(t *testing.T) {
 	for c, e := range cases {
 		v := url.Values{}
 		v.Set("test", c)
-		r, _ := http.NewRequest("POST", "", nil)
+		r, _ := http.NewRequest(http.MethodPost, "", nil)
 		r.Form = v
 
 		a, err := Int64ValueOrDefault(r, "test", -1)
@@ -95,7 +95,7 @@ func TestInt64ValueOrDefault(t *testing.T) {
 func TestInt64ValueOrDefaultWithError(t *testing.T) {
 	v := url.Values{}
 	v.Set("test", "invalid")
-	r, _ := http.NewRequest("POST", "", nil)
+	r, _ := http.NewRequest(http.MethodPost, "", nil)
 	r.Form = v
 
 	_, err := Int64ValueOrDefault(r, "test", -1)
diff --git a/api/server/httputils/httputils.go b/api/server/httputils/httputils.go
index 7303814997d85..accbb06eb3235 100644
--- a/api/server/httputils/httputils.go
+++ b/api/server/httputils/httputils.go
@@ -7,9 +7,13 @@ import (
 	"net/http"
 	"strings"
 
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
+	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc/status"
 )
 
 // APIVersionKey is the client's requested API version.
@@ -27,7 +31,7 @@ func HijackConnection(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {
 		return nil, nil, err
 	}
 	// Flush the options to make sure the client sets the raw mode
-	conn.Write([]byte{})
+	_, _ = conn.Write([]byte{})
 	return conn, conn, nil
 }
 
@@ -37,9 +41,9 @@ func CloseStreams(streams ...interface{}) {
 		if tcpc, ok := stream.(interface {
 			CloseWrite() error
 		}); ok {
-			tcpc.CloseWrite()
+			_ = tcpc.CloseWrite()
 		} else if closer, ok := stream.(io.Closer); ok {
-			closer.Close()
+			_ = closer.Close()
 		}
 	}
 }
@@ -88,6 +92,28 @@ func VersionFromContext(ctx context.Context) string {
 	return ""
 }
 
+// MakeErrorHandler makes an HTTP handler that decodes a Docker error and
+// returns it in the response.
+func MakeErrorHandler(err error) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		statusCode := errdefs.GetHTTPErrorStatusCode(err)
+		vars := mux.Vars(r)
+		if apiVersionSupportsJSONErrors(vars["version"]) {
+			response := &types.ErrorResponse{
+				Message: err.Error(),
+			}
+			_ = WriteJSON(w, statusCode, response)
+		} else {
+			http.Error(w, status.Convert(err).Message(), statusCode)
+		}
+	}
+}
+
+func apiVersionSupportsJSONErrors(version string) bool {
+	const firstAPIVersionWithJSONErrors = "1.23"
+	return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
+}
+
 // matchesContentType validates the content type against the expected one
 func matchesContentType(contentType, expectedType string) bool {
 	mimetype, _, err := mime.ParseMediaType(contentType)
diff --git a/api/server/httputils/write_log_stream.go b/api/server/httputils/write_log_stream.go
index 9e769c8b4d583..22be5bb1c3364 100644
--- a/api/server/httputils/write_log_stream.go
+++ b/api/server/httputils/write_log_stream.go
@@ -51,10 +51,10 @@ func WriteLogStream(_ context.Context, w io.Writer, msgs <-chan *backend.LogMess
 			logLine = append([]byte(msg.Timestamp.Format(jsonmessage.RFC3339NanoFixed)+" "), logLine...)
 		}
 		if msg.Source == "stdout" && config.ShowStdout {
-			outStream.Write(logLine)
+			_, _ = outStream.Write(logLine)
 		}
 		if msg.Source == "stderr" && config.ShowStderr {
-			errStream.Write(logLine)
+			_, _ = errStream.Write(logLine)
 		}
 	}
 }
diff --git a/api/server/middleware/debug.go b/api/server/middleware/debug.go
index 2cef1d46c3d36..1ec62602db145 100644
--- a/api/server/middleware/debug.go
+++ b/api/server/middleware/debug.go
@@ -18,7 +18,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 		logrus.Debugf("Calling %s %s", r.Method, r.RequestURI)
 
-		if r.Method != "POST" {
+		if r.Method != http.MethodPost {
 			return handler(ctx, w, r, vars)
 		}
 		if err := httputils.CheckForJSON(r); err != nil {
@@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 
 		var postForm map[string]interface{}
 		if err := json.Unmarshal(b, &postForm); err == nil {
-			maskSecretKeys(postForm, r.RequestURI)
+			maskSecretKeys(postForm)
 			formStr, errMarshal := json.Marshal(postForm)
 			if errMarshal == nil {
 				logrus.Debugf("form data: %s", string(formStr))
@@ -54,41 +54,37 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 	}
 }
 
-func maskSecretKeys(inp interface{}, path string) {
-	// Remove any query string from the path
-	idx := strings.Index(path, "?")
-	if idx != -1 {
-		path = path[:idx]
-	}
-	// Remove trailing / characters
-	path = strings.TrimRight(path, "/")
-
+func maskSecretKeys(inp interface{}) {
 	if arr, ok := inp.([]interface{}); ok {
 		for _, f := range arr {
-			maskSecretKeys(f, path)
+			maskSecretKeys(f)
 		}
 		return
 	}
 
 	if form, ok := inp.(map[string]interface{}); ok {
+		scrub := []string{
+			// Note: The Data field contains the base64-encoded secret in 'secret'
+			// and 'config' create and update requests. Currently, no other POST
+			// API endpoints use a data field, so we scrub this field unconditionally.
+			// Change this handling to be conditional if a new endpoint is added
+			// in future where this field should not be scrubbed.
+			"data",
+			"jointoken",
+			"password",
+			"secret",
+			"signingcakey",
+			"unlockkey",
+		}
 	loop0:
 		for k, v := range form {
-			for _, m := range []string{"password", "secret", "jointoken", "unlockkey", "signingcakey"} {
+			for _, m := range scrub {
 				if strings.EqualFold(m, k) {
 					form[k] = "*****"
 					continue loop0
 				}
 			}
-			maskSecretKeys(v, path)
-		}
-
-		// Route-specific redactions
-		if strings.HasSuffix(path, "/secrets/create") {
-			for k := range form {
-				if k == "Data" {
-					form[k] = "*****"
-				}
-			}
+			maskSecretKeys(v)
 		}
 	}
 }
diff --git a/api/server/middleware/debug_test.go b/api/server/middleware/debug_test.go
index a64b73e0d718b..49b24eec936c6 100644
--- a/api/server/middleware/debug_test.go
+++ b/api/server/middleware/debug_test.go
@@ -3,37 +3,31 @@ package middleware // import "github.com/docker/docker/api/server/middleware"
 import (
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestMaskSecretKeys(t *testing.T) {
 	tests := []struct {
-		path     string
+		doc      string
 		input    map[string]interface{}
 		expected map[string]interface{}
 	}{
 		{
-			path:     "/v1.30/secrets/create",
+			doc:      "secret/config create and update requests",
 			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
 			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
 		},
 		{
-			path:     "/v1.30/secrets/create//",
-			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
-			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
-		},
-
-		{
-			path:     "/secrets/create?key=val",
-			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
-			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
-		},
-		{
-			path: "/v1.30/some/other/path",
+			doc: "masking other fields (recursively)",
 			input: map[string]interface{}{
-				"password": "pass",
+				"password":     "pass",
+				"secret":       "secret",
+				"jointoken":    "jointoken",
+				"unlockkey":    "unlockkey",
+				"signingcakey": "signingcakey",
 				"other": map[string]interface{}{
+					"password":     "pass",
 					"secret":       "secret",
 					"jointoken":    "jointoken",
 					"unlockkey":    "unlockkey",
@@ -41,8 +35,13 @@ func TestMaskSecretKeys(t *testing.T) {
 				},
 			},
 			expected: map[string]interface{}{
-				"password": "*****",
+				"password":     "*****",
+				"secret":       "*****",
+				"jointoken":    "*****",
+				"unlockkey":    "*****",
+				"signingcakey": "*****",
 				"other": map[string]interface{}{
+					"password":     "*****",
 					"secret":       "*****",
 					"jointoken":    "*****",
 					"unlockkey":    "*****",
@@ -50,10 +49,27 @@ func TestMaskSecretKeys(t *testing.T) {
 				},
 			},
 		},
+		{
+			doc: "case insensitive field matching",
+			input: map[string]interface{}{
+				"PASSWORD": "pass",
+				"other": map[string]interface{}{
+					"PASSWORD": "pass",
+				},
+			},
+			expected: map[string]interface{}{
+				"PASSWORD": "*****",
+				"other": map[string]interface{}{
+					"PASSWORD": "*****",
+				},
+			},
+		},
 	}
 
 	for _, testcase := range tests {
-		maskSecretKeys(testcase.input, testcase.path)
-		assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
+		t.Run(testcase.doc, func(t *testing.T) {
+			maskSecretKeys(testcase.input)
+			assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
+		})
 	}
 }
diff --git a/api/server/middleware/version_test.go b/api/server/middleware/version_test.go
index edbc0bcaa589f..a102f8e6c4daf 100644
--- a/api/server/middleware/version_test.go
+++ b/api/server/middleware/version_test.go
@@ -8,8 +8,8 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/server/httputils"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestVersionMiddlewareVersion(t *testing.T) {
@@ -25,7 +25,7 @@ func TestVersionMiddlewareVersion(t *testing.T) {
 	m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
 	h := m.WrapHandler(handler)
 
-	req, _ := http.NewRequest("GET", "/containers/json", nil)
+	req, _ := http.NewRequest(http.MethodGet, "/containers/json", nil)
 	resp := httptest.NewRecorder()
 	ctx := context.Background()
 
@@ -76,7 +76,7 @@ func TestVersionMiddlewareWithErrorsReturnsHeaders(t *testing.T) {
 	m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
 	h := m.WrapHandler(handler)
 
-	req, _ := http.NewRequest("GET", "/containers/json", nil)
+	req, _ := http.NewRequest(http.MethodGet, "/containers/json", nil)
 	resp := httptest.NewRecorder()
 	ctx := context.Background()
 
diff --git a/api/server/router/build/build.go b/api/server/router/build/build.go
index e6b42ad163265..8ad89ac2b7629 100644
--- a/api/server/router/build/build.go
+++ b/api/server/router/build/build.go
@@ -31,8 +31,8 @@ func (r *buildRouter) Routes() []router.Route {
 
 func (r *buildRouter) initRoutes() {
 	r.routes = []router.Route{
-		router.NewPostRoute("/build", r.postBuild, router.WithCancel),
-		router.NewPostRoute("/build/prune", r.postPrune, router.WithCancel),
+		router.NewPostRoute("/build", r.postBuild),
+		router.NewPostRoute("/build/prune", r.postPrune),
 		router.NewPostRoute("/build/cancel", r.postCancel),
 	}
 }
diff --git a/api/server/router/build/build_routes.go b/api/server/router/build/build_routes.go
index f41a6d43e2281..9b57e689638c3 100644
--- a/api/server/router/build/build_routes.go
+++ b/api/server/router/build/build_routes.go
@@ -38,8 +38,36 @@ func (e invalidIsolationError) Error() string {
 func (e invalidIsolationError) InvalidParameter() {}
 
 func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBuildOptions, error) {
+	options := &types.ImageBuildOptions{
+		Version:        types.BuilderV1, // Builder V1 is the default, but can be overridden
+		Dockerfile:     r.FormValue("dockerfile"),
+		SuppressOutput: httputils.BoolValue(r, "q"),
+		NoCache:        httputils.BoolValue(r, "nocache"),
+		ForceRemove:    httputils.BoolValue(r, "forcerm"),
+		MemorySwap:     httputils.Int64ValueOrZero(r, "memswap"),
+		Memory:         httputils.Int64ValueOrZero(r, "memory"),
+		CPUShares:      httputils.Int64ValueOrZero(r, "cpushares"),
+		CPUPeriod:      httputils.Int64ValueOrZero(r, "cpuperiod"),
+		CPUQuota:       httputils.Int64ValueOrZero(r, "cpuquota"),
+		CPUSetCPUs:     r.FormValue("cpusetcpus"),
+		CPUSetMems:     r.FormValue("cpusetmems"),
+		CgroupParent:   r.FormValue("cgroupparent"),
+		NetworkMode:    r.FormValue("networkmode"),
+		Tags:           r.Form["t"],
+		ExtraHosts:     r.Form["extrahosts"],
+		SecurityOpt:    r.Form["securityopt"],
+		Squash:         httputils.BoolValue(r, "squash"),
+		Target:         r.FormValue("target"),
+		RemoteContext:  r.FormValue("remote"),
+		SessionID:      r.FormValue("session"),
+		BuildID:        r.FormValue("buildid"),
+	}
+
+	if runtime.GOOS != "windows" && options.SecurityOpt != nil {
+		return nil, errdefs.InvalidParameter(errors.New("The daemon on this platform does not support setting security options on build"))
+	}
+
 	version := httputils.VersionFromContext(ctx)
-	options := &types.ImageBuildOptions{}
 	if httputils.BoolValue(r, "forcerm") && versions.GreaterThanOrEqualTo(version, "1.12") {
 		options.Remove = true
 	} else if r.FormValue("rm") == "" && versions.GreaterThanOrEqualTo(version, "1.12") {
@@ -50,52 +78,37 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	if httputils.BoolValue(r, "pull") && versions.GreaterThanOrEqualTo(version, "1.16") {
 		options.PullParent = true
 	}
-
-	options.Dockerfile = r.FormValue("dockerfile")
-	options.SuppressOutput = httputils.BoolValue(r, "q")
-	options.NoCache = httputils.BoolValue(r, "nocache")
-	options.ForceRemove = httputils.BoolValue(r, "forcerm")
-	options.MemorySwap = httputils.Int64ValueOrZero(r, "memswap")
-	options.Memory = httputils.Int64ValueOrZero(r, "memory")
-	options.CPUShares = httputils.Int64ValueOrZero(r, "cpushares")
-	options.CPUPeriod = httputils.Int64ValueOrZero(r, "cpuperiod")
-	options.CPUQuota = httputils.Int64ValueOrZero(r, "cpuquota")
-	options.CPUSetCPUs = r.FormValue("cpusetcpus")
-	options.CPUSetMems = r.FormValue("cpusetmems")
-	options.CgroupParent = r.FormValue("cgroupparent")
-	options.NetworkMode = r.FormValue("networkmode")
-	options.Tags = r.Form["t"]
-	options.ExtraHosts = r.Form["extrahosts"]
-	options.SecurityOpt = r.Form["securityopt"]
-	options.Squash = httputils.BoolValue(r, "squash")
-	options.Target = r.FormValue("target")
-	options.RemoteContext = r.FormValue("remote")
 	if versions.GreaterThanOrEqualTo(version, "1.32") {
 		options.Platform = r.FormValue("platform")
 	}
+	if versions.GreaterThanOrEqualTo(version, "1.40") {
+		outputsJSON := r.FormValue("outputs")
+		if outputsJSON != "" {
+			var outputs []types.ImageBuildOutput
+			if err := json.Unmarshal([]byte(outputsJSON), &outputs); err != nil {
+				return nil, err
+			}
+			options.Outputs = outputs
+		}
+	}
 
-	if r.Form.Get("shmsize") != "" {
-		shmSize, err := strconv.ParseInt(r.Form.Get("shmsize"), 10, 64)
+	if s := r.Form.Get("shmsize"); s != "" {
+		shmSize, err := strconv.ParseInt(s, 10, 64)
 		if err != nil {
 			return nil, err
 		}
 		options.ShmSize = shmSize
 	}
 
-	if i := container.Isolation(r.FormValue("isolation")); i != "" {
-		if !container.Isolation.IsValid(i) {
-			return nil, invalidIsolationError(i)
+	if i := r.FormValue("isolation"); i != "" {
+		options.Isolation = container.Isolation(i)
+		if !options.Isolation.IsValid() {
+			return nil, invalidIsolationError(options.Isolation)
 		}
-		options.Isolation = i
 	}
 
-	if runtime.GOOS != "windows" && options.SecurityOpt != nil {
-		return nil, errdefs.InvalidParameter(errors.New("The daemon on this platform does not support setting security options on build"))
-	}
-
-	var buildUlimits = []*units.Ulimit{}
-	ulimitsJSON := r.FormValue("ulimits")
-	if ulimitsJSON != "" {
+	if ulimitsJSON := r.FormValue("ulimits"); ulimitsJSON != "" {
+		var buildUlimits = []*units.Ulimit{}
 		if err := json.Unmarshal([]byte(ulimitsJSON), &buildUlimits); err != nil {
 			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading ulimit settings")
 		}
@@ -114,8 +127,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	// the fact they mentioned it, we need to pass that along to the builder
 	// so that it can print a warning about "foo" being unused if there is
 	// no "ARG foo" in the Dockerfile.
-	buildArgsJSON := r.FormValue("buildargs")
-	if buildArgsJSON != "" {
+	if buildArgsJSON := r.FormValue("buildargs"); buildArgsJSON != "" {
 		var buildArgs = map[string]*string{}
 		if err := json.Unmarshal([]byte(buildArgsJSON), &buildArgs); err != nil {
 			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading build args")
@@ -123,8 +135,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 		options.BuildArgs = buildArgs
 	}
 
-	labelsJSON := r.FormValue("labels")
-	if labelsJSON != "" {
+	if labelsJSON := r.FormValue("labels"); labelsJSON != "" {
 		var labels = map[string]string{}
 		if err := json.Unmarshal([]byte(labelsJSON), &labels); err != nil {
 			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading labels")
@@ -132,40 +143,41 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 		options.Labels = labels
 	}
 
-	cacheFromJSON := r.FormValue("cachefrom")
-	if cacheFromJSON != "" {
+	if cacheFromJSON := r.FormValue("cachefrom"); cacheFromJSON != "" {
 		var cacheFrom = []string{}
 		if err := json.Unmarshal([]byte(cacheFromJSON), &cacheFrom); err != nil {
 			return nil, err
 		}
 		options.CacheFrom = cacheFrom
 	}
-	options.SessionID = r.FormValue("session")
-	options.BuildID = r.FormValue("buildid")
-	builderVersion, err := parseVersion(r.FormValue("version"))
-	if err != nil {
-		return nil, err
+
+	if bv := r.FormValue("version"); bv != "" {
+		v, err := parseVersion(bv)
+		if err != nil {
+			return nil, err
+		}
+		options.Version = v
 	}
-	options.Version = builderVersion
 
 	return options, nil
 }
 
 func parseVersion(s string) (types.BuilderVersion, error) {
-	if s == "" || s == string(types.BuilderV1) {
+	switch types.BuilderVersion(s) {
+	case types.BuilderV1:
 		return types.BuilderV1, nil
-	}
-	if s == string(types.BuilderBuildKit) {
+	case types.BuilderBuildKit:
 		return types.BuilderBuildKit, nil
+	default:
+		return "", errors.Errorf("invalid version %q", s)
 	}
-	return "", errors.Errorf("invalid version %s", s)
 }
 
 func (br *buildRouter) postPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	filters, err := filters.FromJSON(r.Form.Get("filters"))
+	fltrs, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
 		return errors.Wrap(err, "could not parse filters")
 	}
@@ -180,7 +192,7 @@ func (br *buildRouter) postPrune(ctx context.Context, w http.ResponseWriter, r *
 
 	opts := types.BuildCachePruneOptions{
 		All:         httputils.BoolValue(r, "all"),
-		Filters:     filters,
+		Filters:     fltrs,
 		KeepStorage: int64(ks),
 	}
 
@@ -223,12 +235,12 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 	}
 
 	output := ioutils.NewWriteFlusher(ww)
-	defer output.Close()
+	defer func() { _ = output.Close() }()
 
 	errf := func(err error) error {
 
 		if httputils.BoolValue(r, "q") && notVerboseBuffer.Len() > 0 {
-			output.Write(notVerboseBuffer.Bytes())
+			_, _ = output.Write(notVerboseBuffer.Bytes())
 		}
 
 		// Do not write the error in the http output if it's still empty.
@@ -279,7 +291,7 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 	// Everything worked so if -q was provided the output from the daemon
 	// should be just the image ID and we'll print that to stdout.
 	if buildOptions.SuppressOutput {
-		fmt.Fprintln(streamformatter.NewStdoutWriter(output), imgID)
+		_, _ = fmt.Fprintln(streamformatter.NewStdoutWriter(output), imgID)
 	}
 	return nil
 }
@@ -295,7 +307,7 @@ func getAuthConfigs(header http.Header) map[string]types.AuthConfig {
 	authConfigsJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authConfigsEncoded))
 	// Pulling an image does not error when no auth is provided so to remain
 	// consistent with the existing api decode errors are ignored
-	json.NewDecoder(authConfigsJSON).Decode(&authConfigs)
+	_ = json.NewDecoder(authConfigsJSON).Decode(&authConfigs)
 	return authConfigs
 }
 
@@ -417,7 +429,7 @@ func (w *wcf) notify() {
 	w.mu.Lock()
 	if !w.ready {
 		if w.buf.Len() > 0 {
-			io.Copy(w.Writer, w.buf)
+			_, _ = io.Copy(w.Writer, w.buf)
 		}
 		if w.flushed {
 			w.flusher.Flush()
diff --git a/api/server/router/container/container.go b/api/server/router/container/container.go
index 358f2bc2c17b5..df68fcb791149 100644
--- a/api/server/router/container/container.go
+++ b/api/server/router/container/container.go
@@ -10,13 +10,15 @@ type containerRouter struct {
 	backend Backend
 	decoder httputils.ContainerDecoder
 	routes  []router.Route
+	cgroup2 bool
 }
 
 // NewRouter initializes a new container router
-func NewRouter(b Backend, decoder httputils.ContainerDecoder) router.Router {
+func NewRouter(b Backend, decoder httputils.ContainerDecoder, cgroup2 bool) router.Router {
 	r := &containerRouter{
 		backend: b,
 		decoder: decoder,
+		cgroup2: cgroup2,
 	}
 	r.initRoutes()
 	return r
@@ -38,8 +40,8 @@ func (r *containerRouter) initRoutes() {
 		router.NewGetRoute("/containers/{name:.*}/changes", r.getContainersChanges),
 		router.NewGetRoute("/containers/{name:.*}/json", r.getContainersByName),
 		router.NewGetRoute("/containers/{name:.*}/top", r.getContainersTop),
-		router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs, router.WithCancel),
-		router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats, router.WithCancel),
+		router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs),
+		router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats),
 		router.NewGetRoute("/containers/{name:.*}/attach/ws", r.wsContainersAttach),
 		router.NewGetRoute("/exec/{id:.*}/json", r.getExecByID),
 		router.NewGetRoute("/containers/{name:.*}/archive", r.getContainersArchive),
@@ -51,7 +53,7 @@ func (r *containerRouter) initRoutes() {
 		router.NewPostRoute("/containers/{name:.*}/restart", r.postContainersRestart),
 		router.NewPostRoute("/containers/{name:.*}/start", r.postContainersStart),
 		router.NewPostRoute("/containers/{name:.*}/stop", r.postContainersStop),
-		router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait, router.WithCancel),
+		router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait),
 		router.NewPostRoute("/containers/{name:.*}/resize", r.postContainersResize),
 		router.NewPostRoute("/containers/{name:.*}/attach", r.postContainersAttach),
 		router.NewPostRoute("/containers/{name:.*}/copy", r.postContainersCopy), // Deprecated since 1.8, Errors out since 1.12
@@ -60,7 +62,7 @@ func (r *containerRouter) initRoutes() {
 		router.NewPostRoute("/exec/{name:.*}/resize", r.postContainerExecResize),
 		router.NewPostRoute("/containers/{name:.*}/rename", r.postContainerRename),
 		router.NewPostRoute("/containers/{name:.*}/update", r.postContainerUpdate),
-		router.NewPostRoute("/containers/prune", r.postContainersPrune, router.WithCancel),
+		router.NewPostRoute("/containers/prune", r.postContainersPrune),
 		router.NewPostRoute("/commit", r.postCommit),
 		// PUT
 		router.NewPutRoute("/containers/{name:.*}/archive", r.putContainersArchive),
diff --git a/api/server/router/container/container_routes.go b/api/server/router/container/container_routes.go
index 9282cea09ccc0..c3074aa3a0c0c 100644
--- a/api/server/router/container/container_routes.go
+++ b/api/server/router/container/container_routes.go
@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"syscall"
 
+	"github.com/containerd/containerd/platforms"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
@@ -18,7 +19,8 @@ import (
 	containerpkg "github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/signal"
+	"github.com/moby/sys/signal"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/net/websocket"
@@ -41,7 +43,7 @@ func (s *containerRouter) postCommit(ctx context.Context, w http.ResponseWriter,
 	}
 
 	config, _, _, err := s.decoder.DecodeConfig(r.Body)
-	if err != nil && err != io.EOF { //Do not fail if body is empty.
+	if err != nil && err != io.EOF { // Do not fail if body is empty.
 		return err
 	}
 
@@ -105,9 +107,14 @@ func (s *containerRouter) getContainersStats(ctx context.Context, w http.Respons
 	if !stream {
 		w.Header().Set("Content-Type", "application/json")
 	}
+	var oneShot bool
+	if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.41") {
+		oneShot = httputils.BoolValueOrDefault(r, "one-shot", false)
+	}
 
 	config := &backend.ContainerStatsConfig{
 		Stream:    stream,
+		OneShot:   oneShot,
 		OutStream: w,
 		Version:   httputils.VersionFromContext(ctx),
 	}
@@ -338,9 +345,6 @@ func (s *containerRouter) postContainersWait(ctx context.Context, w http.Respons
 		}
 	}
 
-	// Note: the context should get canceled if the client closes the
-	// connection since this handler has been wrapped by the
-	// router.WithCancel() wrapper.
 	waitC, err := s.backend.ContainerWait(ctx, vars["name"], waitCondition)
 	if err != nil {
 		return err
@@ -428,6 +432,16 @@ func (s *containerRouter) postContainerUpdate(ctx context.Context, w http.Respon
 	if err := decoder.Decode(&updateConfig); err != nil {
 		return err
 	}
+	if versions.LessThan(httputils.VersionFromContext(ctx), "1.40") {
+		updateConfig.PidsLimit = nil
+	}
+	if updateConfig.PidsLimit != nil && *updateConfig.PidsLimit <= 0 {
+		// Both `0` and `-1` are accepted to set "unlimited" when updating.
+		// Historically, any negative value was accepted, so treat them as
+		// "unlimited" as well.
+		var unlimited int64
+		updateConfig.PidsLimit = &unlimited
+	}
 
 	hostConfig := &container.HostConfig{
 		Resources:     updateConfig.Resources,
@@ -465,12 +479,54 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 		hostConfig.AutoRemove = false
 	}
 
+	if hostConfig != nil && versions.LessThan(version, "1.40") {
+		// Ignore BindOptions.NonRecursive because it was added in API 1.40.
+		for _, m := range hostConfig.Mounts {
+			if bo := m.BindOptions; bo != nil {
+				bo.NonRecursive = false
+			}
+		}
+		// Ignore KernelMemoryTCP because it was added in API 1.40.
+		hostConfig.KernelMemoryTCP = 0
+
+		// Older clients (API < 1.40) expects the default to be shareable, make them happy
+		if hostConfig.IpcMode.IsEmpty() {
+			hostConfig.IpcMode = container.IPCModeShareable
+		}
+	}
+	if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
+		// Older clients expect the default to be "host" on cgroup v1 hosts
+		if hostConfig.CgroupnsMode.IsEmpty() {
+			hostConfig.CgroupnsMode = container.CgroupnsModeHost
+		}
+	}
+
+	var platform *specs.Platform
+	if versions.GreaterThanOrEqualTo(version, "1.41") {
+		if v := r.Form.Get("platform"); v != "" {
+			p, err := platforms.Parse(v)
+			if err != nil {
+				return errdefs.InvalidParameter(err)
+			}
+			platform = &p
+		}
+	}
+
+	if hostConfig != nil && hostConfig.PidsLimit != nil && *hostConfig.PidsLimit <= 0 {
+		// Don't set a limit if either no limit was specified, or "unlimited" was
+		// explicitly set.
+		// Both `0` and `-1` are accepted as "unlimited", and historically any
+		// negative value was accepted, so treat those as "unlimited" as well.
+		hostConfig.PidsLimit = nil
+	}
+
 	ccr, err := s.backend.ContainerCreate(types.ContainerCreateConfig{
 		Name:             name,
 		Config:           config,
 		HostConfig:       hostConfig,
 		NetworkingConfig: networkingConfig,
 		AdjustCPUShares:  adjustCPUShares,
+		Platform:         platform,
 	})
 	if err != nil {
 		return err
@@ -570,7 +626,7 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 		// Remember to close stream if error happens
 		conn, _, errHijack := hijacker.Hijack()
 		if errHijack == nil {
-			statusCode := httputils.GetHTTPErrorStatusCode(err)
+			statusCode := errdefs.GetHTTPErrorStatusCode(err)
 			statusText := http.StatusText(statusCode)
 			fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n%s\r\n", statusCode, statusText, err.Error())
 			httputils.CloseStreams(conn)
diff --git a/api/server/router/container/copy.go b/api/server/router/container/copy.go
index 837836d001ce0..47de35a455672 100644
--- a/api/server/router/container/copy.go
+++ b/api/server/router/container/copy.go
@@ -6,12 +6,14 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	gddohttputil "github.com/golang/gddo/httputil"
 )
 
@@ -37,7 +39,10 @@ func (s *containerRouter) postContainersCopy(ctx context.Context, w http.Respons
 
 	cfg := types.CopyConfig{}
 	if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if cfg.Resource == "" {
diff --git a/api/server/router/container/exec.go b/api/server/router/container/exec.go
index 25125edb5f108..cf92be1d2baac 100644
--- a/api/server/router/container/exec.go
+++ b/api/server/router/container/exec.go
@@ -3,6 +3,7 @@ package container // import "github.com/docker/docker/api/server/router/containe
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -44,7 +45,10 @@ func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.Re
 
 	execConfig := &types.ExecConfig{}
 	if err := json.NewDecoder(r.Body).Decode(execConfig); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if len(execConfig.Cmd) == 0 {
@@ -84,7 +88,10 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 
 	execStartCheck := &types.ExecStartCheck{}
 	if err := json.NewDecoder(r.Body).Decode(execStartCheck); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if exists, err := s.backend.ExecExists(execName); !exists {
diff --git a/api/server/router/distribution/backend.go b/api/server/router/distribution/backend.go
index 5b881f036b499..6df6ad719a1d9 100644
--- a/api/server/router/distribution/backend.go
+++ b/api/server/router/distribution/backend.go
@@ -11,5 +11,5 @@ import (
 // Backend is all the methods that need to be implemented
 // to provide image specific functionality.
 type Backend interface {
-	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, bool, error)
+	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, error)
 }
diff --git a/api/server/router/distribution/distribution_routes.go b/api/server/router/distribution/distribution_routes.go
index 531dba69fcaa5..86b93d3c6290c 100644
--- a/api/server/router/distribution/distribution_routes.go
+++ b/api/server/router/distribution/distribution_routes.go
@@ -14,7 +14,8 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/docker/docker/errdefs"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -42,9 +43,10 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 
 	image := vars["name"]
 
+	// TODO why is reference.ParseAnyReference() / reference.ParseNormalizedNamed() not using the reference.ErrTagInvalidFormat (and so on) errors?
 	ref, err := reference.ParseAnyReference(image)
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 	namedRef, ok := ref.(reference.Named)
 	if !ok {
@@ -52,10 +54,10 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 			// full image ID
 			return errors.Errorf("no manifest found for full image ID")
 		}
-		return errors.Errorf("unknown image reference format: %s", image)
+		return errdefs.InvalidParameter(errors.Errorf("unknown image reference format: %s", image))
 	}
 
-	distrepo, _, err := s.backend.GetRepository(ctx, namedRef, config)
+	distrepo, err := s.backend.GetRepository(ctx, namedRef, config)
 	if err != nil {
 		return err
 	}
@@ -66,7 +68,7 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 
 		taggedRef, ok := namedRef.(reference.NamedTagged)
 		if !ok {
-			return errors.Errorf("image reference not tagged: %s", image)
+			return errdefs.InvalidParameter(errors.Errorf("image reference not tagged: %s", image))
 		}
 
 		descriptor, err := distrepo.Tags(ctx).Get(ctx, taggedRef.Tag())
@@ -92,6 +94,16 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 	}
 	mnfst, err := mnfstsrvc.Get(ctx, distributionInspect.Descriptor.Digest)
 	if err != nil {
+		switch err {
+		case reference.ErrReferenceInvalidFormat,
+			reference.ErrTagInvalidFormat,
+			reference.ErrDigestInvalidFormat,
+			reference.ErrNameContainsUppercase,
+			reference.ErrNameEmpty,
+			reference.ErrNameTooLong,
+			reference.ErrNameNotCanonical:
+			return errdefs.InvalidParameter(err)
+		}
 		return err
 	}
 
diff --git a/api/server/router/grpc/backend.go b/api/server/router/grpc/backend.go
new file mode 100644
index 0000000000000..52cc37cf2ca7e
--- /dev/null
+++ b/api/server/router/grpc/backend.go
@@ -0,0 +1,8 @@
+package grpc // import "github.com/docker/docker/api/server/router/grpc"
+
+import "google.golang.org/grpc"
+
+// Backend abstracts a registerable GRPC service.
+type Backend interface {
+	RegisterGRPC(*grpc.Server)
+}
diff --git a/api/server/router/grpc/grpc.go b/api/server/router/grpc/grpc.go
new file mode 100644
index 0000000000000..713600be4322d
--- /dev/null
+++ b/api/server/router/grpc/grpc.go
@@ -0,0 +1,41 @@
+package grpc // import "github.com/docker/docker/api/server/router/grpc"
+
+import (
+	"github.com/docker/docker/api/server/router"
+	"github.com/moby/buildkit/util/grpcerrors"
+	"golang.org/x/net/http2"
+	"google.golang.org/grpc"
+)
+
+type grpcRouter struct {
+	routes     []router.Route
+	grpcServer *grpc.Server
+	h2Server   *http2.Server
+}
+
+// NewRouter initializes a new grpc http router
+func NewRouter(backends ...Backend) router.Router {
+	opts := []grpc.ServerOption{grpc.UnaryInterceptor(grpcerrors.UnaryServerInterceptor), grpc.StreamInterceptor(grpcerrors.StreamServerInterceptor)}
+	server := grpc.NewServer(opts...)
+
+	r := &grpcRouter{
+		h2Server:   &http2.Server{},
+		grpcServer: server,
+	}
+	for _, b := range backends {
+		b.RegisterGRPC(r.grpcServer)
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routers to the session controller
+func (r *grpcRouter) Routes() []router.Route {
+	return r.routes
+}
+
+func (r *grpcRouter) initRoutes() {
+	r.routes = []router.Route{
+		router.NewPostRoute("/grpc", r.serveGRPC),
+	}
+}
diff --git a/api/server/router/grpc/grpc_routes.go b/api/server/router/grpc/grpc_routes.go
new file mode 100644
index 0000000000000..1fe0da472f6fd
--- /dev/null
+++ b/api/server/router/grpc/grpc_routes.go
@@ -0,0 +1,45 @@
+package grpc // import "github.com/docker/docker/api/server/router/grpc"
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/pkg/errors"
+	"golang.org/x/net/http2"
+)
+
+func (gr *grpcRouter) serveGRPC(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	h, ok := w.(http.Hijacker)
+	if !ok {
+		return errors.New("handler does not support hijack")
+	}
+	proto := r.Header.Get("Upgrade")
+	if proto == "" {
+		return errors.New("no upgrade proto in request")
+	}
+	if proto != "h2c" {
+		return errors.Errorf("protocol %s not supported", proto)
+	}
+
+	conn, _, err := h.Hijack()
+	if err != nil {
+		return err
+	}
+	resp := &http.Response{
+		StatusCode: http.StatusSwitchingProtocols,
+		ProtoMajor: 1,
+		ProtoMinor: 1,
+		Header:     http.Header{},
+	}
+	resp.Header.Set("Connection", "Upgrade")
+	resp.Header.Set("Upgrade", proto)
+
+	// set raw mode
+	conn.Write([]byte{})
+	resp.Write(conn)
+
+	// https://godoc.org/golang.org/x/net/http2#Server.ServeConn
+	// TODO: is it a problem that conn has already been written to?
+	gr.h2Server.ServeConn(conn, &http2.ServeConnOpts{Handler: gr.grpcServer})
+	return nil
+}
diff --git a/api/server/router/image/backend.go b/api/server/router/image/backend.go
index 5837f9a9bcdfd..624b6c7363ff2 100644
--- a/api/server/router/image/backend.go
+++ b/api/server/router/image/backend.go
@@ -22,7 +22,7 @@ type Backend interface {
 type imageBackend interface {
 	ImageDelete(imageRef string, force, prune bool) ([]types.ImageDeleteResponseItem, error)
 	ImageHistory(imageName string) ([]*image.HistoryResponseItem, error)
-	Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error)
+	Images(ctx context.Context, opts types.ImageListOptions) ([]*types.ImageSummary, error)
 	LookupImage(name string) (*types.ImageInspect, error)
 	TagImage(imageName, repository, tag string) (string, error)
 	ImagesPrune(ctx context.Context, pruneFilters filters.Args) (*types.ImagesPruneReport, error)
diff --git a/api/server/router/image/image.go b/api/server/router/image/image.go
index 6d5d87f63c977..42f89153b57ff 100644
--- a/api/server/router/image/image.go
+++ b/api/server/router/image/image.go
@@ -34,10 +34,10 @@ func (r *imageRouter) initRoutes() {
 		router.NewGetRoute("/images/{name:.*}/json", r.getImagesByName),
 		// POST
 		router.NewPostRoute("/images/load", r.postImagesLoad),
-		router.NewPostRoute("/images/create", r.postImagesCreate, router.WithCancel),
-		router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush, router.WithCancel),
+		router.NewPostRoute("/images/create", r.postImagesCreate),
+		router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush),
 		router.NewPostRoute("/images/{name:.*}/tag", r.postImagesTag),
-		router.NewPostRoute("/images/prune", r.postImagesPrune, router.WithCancel),
+		router.NewPostRoute("/images/prune", r.postImagesPrune),
 		// DELETE
 		router.NewDeleteRoute("/images/{name:.*}", r.deleteImages),
 	}
diff --git a/api/server/router/image/image_routes.go b/api/server/router/image/image_routes.go
index 85707c06d2ce3..9a4648bb49960 100644
--- a/api/server/router/image/image_routes.go
+++ b/api/server/router/image/image_routes.go
@@ -16,7 +16,6 @@ import (
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/streamformatter"
-	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/registry"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -50,50 +49,45 @@ func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrite
 			if err != nil {
 				return err
 			}
-			if err := system.ValidatePlatform(sp); err != nil {
-				return err
-			}
 			platform = &sp
 		}
 	}
 
-	if err == nil {
-		if image != "" { //pull
-			metaHeaders := map[string][]string{}
-			for k, v := range r.Header {
-				if strings.HasPrefix(k, "X-Meta-") {
-					metaHeaders[k] = v
-				}
+	if image != "" { // pull
+		metaHeaders := map[string][]string{}
+		for k, v := range r.Header {
+			if strings.HasPrefix(k, "X-Meta-") {
+				metaHeaders[k] = v
 			}
+		}
 
-			authEncoded := r.Header.Get("X-Registry-Auth")
-			authConfig := &types.AuthConfig{}
-			if authEncoded != "" {
-				authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
-				if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
-					// for a pull it is not an error if no auth was given
-					// to increase compatibility with the existing api it is defaulting to be empty
-					authConfig = &types.AuthConfig{}
-				}
+		authEncoded := r.Header.Get("X-Registry-Auth")
+		authConfig := &types.AuthConfig{}
+		if authEncoded != "" {
+			authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+			if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+				// for a pull it is not an error if no auth was given
+				// to increase compatibility with the existing api it is defaulting to be empty
+				authConfig = &types.AuthConfig{}
 			}
-			err = s.backend.PullImage(ctx, image, tag, platform, metaHeaders, authConfig, output)
-		} else { //import
-			src := r.Form.Get("fromSrc")
-			// 'err' MUST NOT be defined within this block, we need any error
-			// generated from the download to be available to the output
-			// stream processing below
-			os := ""
-			if platform != nil {
-				os = platform.OS
-			}
-			err = s.backend.ImportImage(src, repo, os, tag, message, r.Body, output, r.Form["changes"])
 		}
+		err = s.backend.PullImage(ctx, image, tag, platform, metaHeaders, authConfig, output)
+	} else { // import
+		src := r.Form.Get("fromSrc")
+		// 'err' MUST NOT be defined within this block, we need any error
+		// generated from the download to be available to the output
+		// stream processing below
+		os := ""
+		if platform != nil {
+			os = platform.OS
+		}
+		err = s.backend.ImportImage(src, repo, os, tag, message, r.Body, output, r.Form["changes"])
 	}
 	if err != nil {
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.FormatError(err))
+		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -138,7 +132,7 @@ func (s *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter,
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.FormatError(err))
+		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -163,7 +157,7 @@ func (s *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.FormatError(err))
+		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -179,7 +173,7 @@ func (s *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter,
 	output := ioutils.NewWriteFlusher(w)
 	defer output.Close()
 	if err := s.backend.LoadImage(r.Body, output, quiet); err != nil {
-		output.Write(streamformatter.FormatError(err))
+		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -233,13 +227,26 @@ func (s *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter,
 		return err
 	}
 
-	filterParam := r.Form.Get("filter")
-	// FIXME(vdemeester) This has been deprecated in 1.13, and is target for removal for v17.12
-	if filterParam != "" {
-		imageFilters.Add("reference", filterParam)
+	version := httputils.VersionFromContext(ctx)
+	if versions.LessThan(version, "1.41") {
+		// NOTE: filter is a shell glob string applied to repository names.
+		filterParam := r.Form.Get("filter")
+		if filterParam != "" {
+			imageFilters.Add("reference", filterParam)
+		}
+	}
+
+	var sharedSize bool
+	if versions.GreaterThanOrEqualTo(version, "1.42") {
+		// NOTE: Support for the "shared-size" parameter was added in API 1.42.
+		sharedSize = httputils.BoolValue(r, "shared-size")
 	}
 
-	images, err := s.backend.Images(imageFilters, httputils.BoolValue(r, "all"), false)
+	images, err := s.backend.Images(ctx, types.ImageListOptions{
+		All:        httputils.BoolValue(r, "all"),
+		Filters:    imageFilters,
+		SharedSize: sharedSize,
+	})
 	if err != nil {
 		return err
 	}
diff --git a/api/server/router/local.go b/api/server/router/local.go
index 79a323928ec10..f85d2f96e7df3 100644
--- a/api/server/router/local.go
+++ b/api/server/router/local.go
@@ -1,7 +1,6 @@
 package router // import "github.com/docker/docker/api/server/router"
 
 import (
-	"context"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
@@ -45,60 +44,30 @@ func NewRoute(method, path string, handler httputils.APIFunc, opts ...RouteWrapp
 
 // NewGetRoute initializes a new route with the http method GET.
 func NewGetRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute("GET", path, handler, opts...)
+	return NewRoute(http.MethodGet, path, handler, opts...)
 }
 
 // NewPostRoute initializes a new route with the http method POST.
 func NewPostRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute("POST", path, handler, opts...)
+	return NewRoute(http.MethodPost, path, handler, opts...)
 }
 
 // NewPutRoute initializes a new route with the http method PUT.
 func NewPutRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute("PUT", path, handler, opts...)
+	return NewRoute(http.MethodPut, path, handler, opts...)
 }
 
 // NewDeleteRoute initializes a new route with the http method DELETE.
 func NewDeleteRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute("DELETE", path, handler, opts...)
+	return NewRoute(http.MethodDelete, path, handler, opts...)
 }
 
 // NewOptionsRoute initializes a new route with the http method OPTIONS.
 func NewOptionsRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute("OPTIONS", path, handler, opts...)
+	return NewRoute(http.MethodOptions, path, handler, opts...)
 }
 
 // NewHeadRoute initializes a new route with the http method HEAD.
 func NewHeadRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute("HEAD", path, handler, opts...)
-}
-
-func cancellableHandler(h httputils.APIFunc) httputils.APIFunc {
-	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-		if notifier, ok := w.(http.CloseNotifier); ok {
-			notify := notifier.CloseNotify()
-			notifyCtx, cancel := context.WithCancel(ctx)
-			finished := make(chan struct{})
-			defer close(finished)
-			ctx = notifyCtx
-			go func() {
-				select {
-				case <-notify:
-					cancel()
-				case <-finished:
-				}
-			}()
-		}
-		return h(ctx, w, r, vars)
-	}
-}
-
-// WithCancel makes new route which embeds http.CloseNotifier feature to
-// context.Context of handler.
-func WithCancel(r Route) Route {
-	return localRoute{
-		method:  r.Method(),
-		path:    r.Path(),
-		handler: cancellableHandler(r.Handler()),
-	}
+	return NewRoute(http.MethodHead, path, handler, opts...)
 }
diff --git a/api/server/router/network/backend.go b/api/server/router/network/backend.go
index 42eb950ed83e8..6d63ceb473354 100644
--- a/api/server/router/network/backend.go
+++ b/api/server/router/network/backend.go
@@ -6,7 +6,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
-	"github.com/docker/libnetwork"
+	"github.com/docker/docker/libnetwork"
 )
 
 // Backend is all the methods that need to be implemented
diff --git a/api/server/router/network/network.go b/api/server/router/network/network.go
index 4eee970793120..d31883500b68b 100644
--- a/api/server/router/network/network.go
+++ b/api/server/router/network/network.go
@@ -36,7 +36,7 @@ func (r *networkRouter) initRoutes() {
 		router.NewPostRoute("/networks/create", r.postNetworkCreate),
 		router.NewPostRoute("/networks/{id:.*}/connect", r.postNetworkConnect),
 		router.NewPostRoute("/networks/{id:.*}/disconnect", r.postNetworkDisconnect),
-		router.NewPostRoute("/networks/prune", r.postNetworksPrune, router.WithCancel),
+		router.NewPostRoute("/networks/prune", r.postNetworksPrune),
 		// DELETE
 		router.NewDeleteRoute("/networks/{id:.*}", r.deleteNetwork),
 	}
diff --git a/api/server/router/network/network_routes.go b/api/server/router/network/network_routes.go
index 8b9382cb4523c..96b65c3777c8e 100644
--- a/api/server/router/network/network_routes.go
+++ b/api/server/router/network/network_routes.go
@@ -3,6 +3,7 @@ package network // import "github.com/docker/docker/api/server/router/network"
 import (
 	"context"
 	"encoding/json"
+	"io"
 	"net/http"
 	"strconv"
 	"strings"
@@ -13,8 +14,8 @@ import (
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/libnetwork"
-	netconst "github.com/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork"
+	netconst "github.com/docker/docker/libnetwork/datastore"
 	"github.com/pkg/errors"
 )
 
@@ -29,7 +30,7 @@ func (n *networkRouter) getNetworksList(ctx context.Context, w http.ResponseWrit
 	}
 
 	if err := network.ValidateFilters(filter); err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	var list []types.NetworkResource
@@ -215,7 +216,10 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
 	}
 
 	if err := json.NewDecoder(r.Body).Decode(&create); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if nws, err := n.cluster.GetNetworksByName(create.Name); err == nil && len(nws) > 0 {
@@ -261,7 +265,10 @@ func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseW
 	}
 
 	if err := json.NewDecoder(r.Body).Decode(&connect); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	// Unlike other operations, we does not check ambiguity of the name/ID here.
@@ -282,7 +289,10 @@ func (n *networkRouter) postNetworkDisconnect(ctx context.Context, w http.Respon
 	}
 
 	if err := json.NewDecoder(r.Body).Decode(&disconnect); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	return n.backend.DisconnectContainerFromNetwork(disconnect.Container, vars["id"], disconnect.Force)
diff --git a/api/server/router/plugin/plugin.go b/api/server/router/plugin/plugin.go
index 7a4f987aa3bfa..96190b3d03293 100644
--- a/api/server/router/plugin/plugin.go
+++ b/api/server/router/plugin/plugin.go
@@ -28,11 +28,11 @@ func (r *pluginRouter) initRoutes() {
 		router.NewGetRoute("/plugins/{name:.*}/json", r.inspectPlugin),
 		router.NewGetRoute("/plugins/privileges", r.getPrivileges),
 		router.NewDeleteRoute("/plugins/{name:.*}", r.removePlugin),
-		router.NewPostRoute("/plugins/{name:.*}/enable", r.enablePlugin), // PATCH?
+		router.NewPostRoute("/plugins/{name:.*}/enable", r.enablePlugin),
 		router.NewPostRoute("/plugins/{name:.*}/disable", r.disablePlugin),
-		router.NewPostRoute("/plugins/pull", r.pullPlugin, router.WithCancel),
-		router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin, router.WithCancel),
-		router.NewPostRoute("/plugins/{name:.*}/upgrade", r.upgradePlugin, router.WithCancel),
+		router.NewPostRoute("/plugins/pull", r.pullPlugin),
+		router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin),
+		router.NewPostRoute("/plugins/{name:.*}/upgrade", r.upgradePlugin),
 		router.NewPostRoute("/plugins/{name:.*}/set", r.setPlugin),
 		router.NewPostRoute("/plugins/create", r.createPlugin),
 	}
diff --git a/api/server/router/plugin/plugin_routes.go b/api/server/router/plugin/plugin_routes.go
index 4e816391d143a..8c36b51ecce11 100644
--- a/api/server/router/plugin/plugin_routes.go
+++ b/api/server/router/plugin/plugin_routes.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"io"
 	"net/http"
 	"strconv"
 	"strings"
@@ -12,6 +13,7 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/pkg/errors"
@@ -121,7 +123,7 @@ func (pr *pluginRouter) upgradePlugin(ctx context.Context, w http.ResponseWriter
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.FormatError(err))
+		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -160,7 +162,7 @@ func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.FormatError(err))
+		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -209,7 +211,7 @@ func (pr *pluginRouter) createPlugin(ctx context.Context, w http.ResponseWriter,
 	if err := pr.backend.CreateFromContext(ctx, r.Body, options); err != nil {
 		return err
 	}
-	//TODO: send progress bar
+	// TODO: send progress bar
 	w.WriteHeader(http.StatusNoContent)
 	return nil
 }
@@ -268,7 +270,7 @@ func (pr *pluginRouter) pushPlugin(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.FormatError(err))
+		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -276,7 +278,10 @@ func (pr *pluginRouter) pushPlugin(ctx context.Context, w http.ResponseWriter, r
 func (pr *pluginRouter) setPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var args []string
 	if err := json.NewDecoder(r.Body).Decode(&args); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 	if err := pr.backend.Set(vars["name"], args); err != nil {
 		return err
diff --git a/api/server/router/swarm/cluster.go b/api/server/router/swarm/cluster.go
index 52f950a3a926a..96385d619e1aa 100644
--- a/api/server/router/swarm/cluster.go
+++ b/api/server/router/swarm/cluster.go
@@ -37,7 +37,7 @@ func (sr *swarmRouter) initRoutes() {
 		router.NewPostRoute("/services/create", sr.createService),
 		router.NewPostRoute("/services/{id}/update", sr.updateService),
 		router.NewDeleteRoute("/services/{id}", sr.removeService),
-		router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs, router.WithCancel),
+		router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs),
 
 		router.NewGetRoute("/nodes", sr.getNodes),
 		router.NewGetRoute("/nodes/{id}", sr.getNode),
@@ -46,7 +46,7 @@ func (sr *swarmRouter) initRoutes() {
 
 		router.NewGetRoute("/tasks", sr.getTasks),
 		router.NewGetRoute("/tasks/{id}", sr.getTask),
-		router.NewGetRoute("/tasks/{id}/logs", sr.getTaskLogs, router.WithCancel),
+		router.NewGetRoute("/tasks/{id}/logs", sr.getTaskLogs),
 
 		router.NewGetRoute("/secrets", sr.getSecrets),
 		router.NewPostRoute("/secrets/create", sr.createSecret),
diff --git a/api/server/router/swarm/cluster_routes.go b/api/server/router/swarm/cluster_routes.go
index f984328322280..6ab097b4fda21 100644
--- a/api/server/router/swarm/cluster_routes.go
+++ b/api/server/router/swarm/cluster_routes.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"strconv"
 
@@ -21,7 +22,21 @@ import (
 func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.InitRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
+	}
+	version := httputils.VersionFromContext(ctx)
+
+	// DefaultAddrPool and SubnetSize were added in API 1.39. Ignore on older API versions.
+	if versions.LessThan(version, "1.39") {
+		req.DefaultAddrPool = nil
+		req.SubnetSize = 0
+	}
+	// DataPathPort was added in API 1.40. Ignore this option on older API versions.
+	if versions.LessThan(version, "1.40") {
+		req.DataPathPort = 0
 	}
 	nodeID, err := sr.backend.Init(req)
 	if err != nil {
@@ -34,7 +49,10 @@ func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r
 func (sr *swarmRouter) joinCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.JoinRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 	return sr.backend.Join(req)
 }
@@ -61,7 +79,10 @@ func (sr *swarmRouter) inspectCluster(ctx context.Context, w http.ResponseWriter
 func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var swarm types.Spec
 	if err := json.NewDecoder(r.Body).Decode(&swarm); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
@@ -112,7 +133,10 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 func (sr *swarmRouter) unlockCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.UnlockRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if err := sr.backend.UnlockSwarm(req); err != nil {
@@ -143,7 +167,19 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r
 		return errdefs.InvalidParameter(err)
 	}
 
-	services, err := sr.backend.GetServices(basictypes.ServiceListOptions{Filters: filter})
+	// the status query parameter is only support in API versions >= 1.41. If
+	// the client is using a lesser version, ignore the parameter.
+	cliVersion := httputils.VersionFromContext(ctx)
+	var status bool
+	if value := r.URL.Query().Get("status"); value != "" && !versions.LessThan(cliVersion, "1.41") {
+		var err error
+		status, err = strconv.ParseBool(value)
+		if err != nil {
+			return errors.Wrapf(errdefs.InvalidParameter(err), "invalid value for status: %s", value)
+		}
+	}
+
+	services, err := sr.backend.GetServices(basictypes.ServiceListOptions{Filters: filter, Status: status})
 	if err != nil {
 		logrus.Errorf("Error getting services: %v", err)
 		return err
@@ -154,15 +190,21 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var insertDefaults bool
+
 	if value := r.URL.Query().Get("insertDefaults"); value != "" {
 		var err error
 		insertDefaults, err = strconv.ParseBool(value)
 		if err != nil {
-			err := fmt.Errorf("invalid value for insertDefaults: %s", value)
 			return errors.Wrapf(errdefs.InvalidParameter(err), "invalid value for insertDefaults: %s", value)
 		}
 	}
 
+	// you may note that there is no code here to handle the "status" query
+	// parameter, as in getServices. the Status field is not supported when
+	// retrieving an individual service because the Backend API changes
+	// required to accommodate it would be too disruptive, and because that
+	// field is so rarely needed as part of an individual service inspection.
+
 	service, err := sr.backend.GetService(vars["id"], insertDefaults)
 	if err != nil {
 		logrus.Errorf("Error getting service %s: %v", vars["id"], err)
@@ -175,26 +217,21 @@ func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r
 func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var service types.ServiceSpec
 	if err := json.NewDecoder(r.Body).Decode(&service); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	// Get returns "" if the header does not exist
 	encodedAuth := r.Header.Get("X-Registry-Auth")
-	cliVersion := r.Header.Get("version")
 	queryRegistry := false
-	if cliVersion != "" {
-		if versions.LessThan(cliVersion, "1.30") {
+	if v := httputils.VersionFromContext(ctx); v != "" {
+		if versions.LessThan(v, "1.30") {
 			queryRegistry = true
 		}
-		if versions.LessThan(cliVersion, "1.39") {
-			if service.TaskTemplate.ContainerSpec != nil {
-				// Sysctls for docker swarm services weren't supported before
-				// API version 1.39
-				service.TaskTemplate.ContainerSpec.Sysctls = nil
-			}
-		}
+		adjustForAPIVersion(v, &service)
 	}
-
 	resp, err := sr.backend.CreateService(service, encodedAuth, queryRegistry)
 	if err != nil {
 		logrus.Errorf("Error creating service %s: %v", service.Name, err)
@@ -207,7 +244,10 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
 func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var service types.ServiceSpec
 	if err := json.NewDecoder(r.Body).Decode(&service); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
@@ -223,19 +263,12 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 	flags.EncodedRegistryAuth = r.Header.Get("X-Registry-Auth")
 	flags.RegistryAuthFrom = r.URL.Query().Get("registryAuthFrom")
 	flags.Rollback = r.URL.Query().Get("rollback")
-	cliVersion := r.Header.Get("version")
 	queryRegistry := false
-	if cliVersion != "" {
-		if versions.LessThan(cliVersion, "1.30") {
+	if v := httputils.VersionFromContext(ctx); v != "" {
+		if versions.LessThan(v, "1.30") {
 			queryRegistry = true
 		}
-		if versions.LessThan(cliVersion, "1.39") {
-			if service.TaskTemplate.ContainerSpec != nil {
-				// Sysctls for docker swarm services weren't supported before
-				// API version 1.39
-				service.TaskTemplate.ContainerSpec.Sysctls = nil
-			}
-		}
+		adjustForAPIVersion(v, &service)
 	}
 
 	resp, err := sr.backend.UpdateService(vars["id"], version, service, flags, queryRegistry)
@@ -309,7 +342,10 @@ func (sr *swarmRouter) getNode(ctx context.Context, w http.ResponseWriter, r *ht
 func (sr *swarmRouter) updateNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var node types.NodeSpec
 	if err := json.NewDecoder(r.Body).Decode(&node); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
@@ -388,7 +424,10 @@ func (sr *swarmRouter) getSecrets(ctx context.Context, w http.ResponseWriter, r
 func (sr *swarmRouter) createSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var secret types.SecretSpec
 	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 	version := httputils.VersionFromContext(ctx)
 	if secret.Templating != nil && versions.LessThan(version, "1.37") {
@@ -426,6 +465,9 @@ func (sr *swarmRouter) getSecret(ctx context.Context, w http.ResponseWriter, r *
 func (sr *swarmRouter) updateSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var secret types.SecretSpec
 	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
 		return errdefs.InvalidParameter(err)
 	}
 
@@ -459,7 +501,10 @@ func (sr *swarmRouter) getConfigs(ctx context.Context, w http.ResponseWriter, r
 func (sr *swarmRouter) createConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var config types.ConfigSpec
 	if err := json.NewDecoder(r.Body).Decode(&config); err != nil {
-		return err
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	version := httputils.VersionFromContext(ctx)
@@ -498,6 +543,9 @@ func (sr *swarmRouter) getConfig(ctx context.Context, w http.ResponseWriter, r *
 func (sr *swarmRouter) updateConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var config types.ConfigSpec
 	if err := json.NewDecoder(r.Body).Decode(&config); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
 		return errdefs.InvalidParameter(err)
 	}
 
diff --git a/api/server/router/swarm/helpers.go b/api/server/router/swarm/helpers.go
index 1f57074f92400..969724a1a2a9f 100644
--- a/api/server/router/swarm/helpers.go
+++ b/api/server/router/swarm/helpers.go
@@ -9,6 +9,8 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/versions"
 )
 
 // swarmLogs takes an http response, request, and selector, and writes the logs
@@ -64,3 +66,52 @@ func (sr *swarmRouter) swarmLogs(ctx context.Context, w io.Writer, r *http.Reque
 	httputils.WriteLogStream(ctx, w, msgs, logsConfig, !tty)
 	return nil
 }
+
+// adjustForAPIVersion takes a version and service spec and removes fields to
+// make the spec compatible with the specified version.
+func adjustForAPIVersion(cliVersion string, service *swarm.ServiceSpec) {
+	if cliVersion == "" {
+		return
+	}
+	if versions.LessThan(cliVersion, "1.40") {
+		if service.TaskTemplate.ContainerSpec != nil {
+			// Sysctls for docker swarm services weren't supported before
+			// API version 1.40
+			service.TaskTemplate.ContainerSpec.Sysctls = nil
+
+			if service.TaskTemplate.ContainerSpec.Privileges != nil && service.TaskTemplate.ContainerSpec.Privileges.CredentialSpec != nil {
+				// Support for setting credential-spec through configs was added in API 1.40
+				service.TaskTemplate.ContainerSpec.Privileges.CredentialSpec.Config = ""
+			}
+			for _, config := range service.TaskTemplate.ContainerSpec.Configs {
+				// support for the Runtime target was added in API 1.40
+				config.Runtime = nil
+			}
+		}
+
+		if service.TaskTemplate.Placement != nil {
+			// MaxReplicas for docker swarm services weren't supported before
+			// API version 1.40
+			service.TaskTemplate.Placement.MaxReplicas = 0
+		}
+	}
+	if versions.LessThan(cliVersion, "1.41") {
+		if service.TaskTemplate.ContainerSpec != nil {
+			// Capabilities and Ulimits for docker swarm services weren't
+			// supported before API version 1.41
+			service.TaskTemplate.ContainerSpec.CapabilityAdd = nil
+			service.TaskTemplate.ContainerSpec.CapabilityDrop = nil
+			service.TaskTemplate.ContainerSpec.Ulimits = nil
+		}
+		if service.TaskTemplate.Resources != nil && service.TaskTemplate.Resources.Limits != nil {
+			// Limits.Pids  not supported before API version 1.41
+			service.TaskTemplate.Resources.Limits.Pids = 0
+		}
+
+		// jobs were only introduced in API version 1.41. Nil out both Job
+		// modes; if the service is one of these modes and subsequently has no
+		// mode, then something down the pipe will thrown an error.
+		service.Mode.ReplicatedJob = nil
+		service.Mode.GlobalJob = nil
+	}
+}
diff --git a/api/server/router/swarm/helpers_test.go b/api/server/router/swarm/helpers_test.go
new file mode 100644
index 0000000000000..87fa220125db5
--- /dev/null
+++ b/api/server/router/swarm/helpers_test.go
@@ -0,0 +1,119 @@
+package swarm // import "github.com/docker/docker/api/server/router/swarm"
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/go-units"
+)
+
+func TestAdjustForAPIVersion(t *testing.T) {
+	var (
+		expectedSysctls = map[string]string{"foo": "bar"}
+	)
+	// testing the negative -- does this leave everything else alone? -- is
+	// prohibitively time-consuming to write, because it would need an object
+	// with literally every field filled in.
+	spec := &swarm.ServiceSpec{
+		TaskTemplate: swarm.TaskSpec{
+			ContainerSpec: &swarm.ContainerSpec{
+				Sysctls: expectedSysctls,
+				Privileges: &swarm.Privileges{
+					CredentialSpec: &swarm.CredentialSpec{
+						Config: "someconfig",
+					},
+				},
+				Configs: []*swarm.ConfigReference{
+					{
+						File: &swarm.ConfigReferenceFileTarget{
+							Name: "foo",
+							UID:  "bar",
+							GID:  "baz",
+						},
+						ConfigID:   "configFile",
+						ConfigName: "configFile",
+					},
+					{
+						Runtime:    &swarm.ConfigReferenceRuntimeTarget{},
+						ConfigID:   "configRuntime",
+						ConfigName: "configRuntime",
+					},
+				},
+				Ulimits: []*units.Ulimit{
+					{
+						Name: "nofile",
+						Soft: 100,
+						Hard: 200,
+					},
+				},
+			},
+			Placement: &swarm.Placement{
+				MaxReplicas: 222,
+			},
+			Resources: &swarm.ResourceRequirements{
+				Limits: &swarm.Limit{
+					Pids: 300,
+				},
+			},
+		},
+	}
+
+	// first, does calling this with a later version correctly NOT strip
+	// fields? do the later version first, so we can reuse this spec in the
+	// next test.
+	adjustForAPIVersion("1.41", spec)
+	if !reflect.DeepEqual(spec.TaskTemplate.ContainerSpec.Sysctls, expectedSysctls) {
+		t.Error("Sysctls was stripped from spec")
+	}
+
+	if spec.TaskTemplate.Resources.Limits.Pids == 0 {
+		t.Error("PidsLimit was stripped from spec")
+	}
+	if spec.TaskTemplate.Resources.Limits.Pids != 300 {
+		t.Error("PidsLimit did not preserve the value from spec")
+	}
+
+	if spec.TaskTemplate.ContainerSpec.Privileges.CredentialSpec.Config != "someconfig" {
+		t.Error("CredentialSpec.Config field was stripped from spec")
+	}
+
+	if spec.TaskTemplate.ContainerSpec.Configs[1].Runtime == nil {
+		t.Error("ConfigReferenceRuntimeTarget was stripped from spec")
+	}
+
+	if spec.TaskTemplate.Placement.MaxReplicas != 222 {
+		t.Error("MaxReplicas was stripped from spec")
+	}
+
+	if len(spec.TaskTemplate.ContainerSpec.Ulimits) == 0 {
+		t.Error("Ulimits were stripped from spec")
+	}
+
+	// next, does calling this with an earlier version correctly strip fields?
+	adjustForAPIVersion("1.29", spec)
+	if spec.TaskTemplate.ContainerSpec.Sysctls != nil {
+		t.Error("Sysctls was not stripped from spec")
+	}
+
+	if spec.TaskTemplate.Resources.Limits.Pids != 0 {
+		t.Error("PidsLimit was not stripped from spec")
+	}
+
+	if spec.TaskTemplate.ContainerSpec.Privileges.CredentialSpec.Config != "" {
+		t.Error("CredentialSpec.Config field was not stripped from spec")
+	}
+
+	if spec.TaskTemplate.ContainerSpec.Configs[1].Runtime != nil {
+		t.Error("ConfigReferenceRuntimeTarget was not stripped from spec")
+	}
+
+	if spec.TaskTemplate.Placement.MaxReplicas != 0 {
+		t.Error("MaxReplicas was not stripped from spec")
+	}
+
+	if len(spec.TaskTemplate.ContainerSpec.Ulimits) != 0 {
+		t.Error("Ulimits were not stripped from spec")
+	}
+
+}
diff --git a/api/server/router/system/backend.go b/api/server/router/system/backend.go
index f5d2d9810137c..1d704348c4991 100644
--- a/api/server/router/system/backend.go
+++ b/api/server/router/system/backend.go
@@ -10,12 +10,24 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 )
 
+// DiskUsageOptions holds parameters for system disk usage query.
+type DiskUsageOptions struct {
+	// Containers controls whether container disk usage should be computed.
+	Containers bool
+
+	// Images controls whether image disk usage should be computed.
+	Images bool
+
+	// Volumes controls whether volume disk usage should be computed.
+	Volumes bool
+}
+
 // Backend is the methods that need to be implemented to provide
 // system specific functionality.
 type Backend interface {
-	SystemInfo() (*types.Info, error)
+	SystemInfo() *types.Info
 	SystemVersion() types.Version
-	SystemDiskUsage(ctx context.Context) (*types.DiskUsage, error)
+	SystemDiskUsage(ctx context.Context, opts DiskUsageOptions) (*types.DiskUsage, error)
 	SubscribeToEvents(since, until time.Time, ef filters.Args) ([]events.Message, chan interface{})
 	UnsubscribeFromEvents(chan interface{})
 	AuthenticateToRegistry(ctx context.Context, authConfig *types.AuthConfig) (string, string, error)
diff --git a/api/server/router/system/system.go b/api/server/router/system/system.go
index bbe32fb4bba33..9624239aaeb83 100644
--- a/api/server/router/system/system.go
+++ b/api/server/router/system/system.go
@@ -2,8 +2,7 @@ package system // import "github.com/docker/docker/api/server/router/system"
 
 import (
 	"github.com/docker/docker/api/server/router"
-	"github.com/docker/docker/builder/builder-next"
-	"github.com/docker/docker/builder/fscache"
+	buildkit "github.com/docker/docker/builder/builder-next"
 )
 
 // systemRouter provides information about the Docker system overall.
@@ -12,17 +11,15 @@ type systemRouter struct {
 	backend  Backend
 	cluster  ClusterBackend
 	routes   []router.Route
-	fscache  *fscache.FSCache // legacy
 	builder  *buildkit.Builder
 	features *map[string]bool
 }
 
 // NewRouter initializes a new system router
-func NewRouter(b Backend, c ClusterBackend, fscache *fscache.FSCache, builder *buildkit.Builder, features *map[string]bool) router.Router {
+func NewRouter(b Backend, c ClusterBackend, builder *buildkit.Builder, features *map[string]bool) router.Router {
 	r := &systemRouter{
 		backend:  b,
 		cluster:  c,
-		fscache:  fscache,
 		builder:  builder,
 		features: features,
 	}
@@ -30,10 +27,11 @@ func NewRouter(b Backend, c ClusterBackend, fscache *fscache.FSCache, builder *b
 	r.routes = []router.Route{
 		router.NewOptionsRoute("/{anyroute:.*}", optionsHandler),
 		router.NewGetRoute("/_ping", r.pingHandler),
-		router.NewGetRoute("/events", r.getEvents, router.WithCancel),
+		router.NewHeadRoute("/_ping", r.pingHandler),
+		router.NewGetRoute("/events", r.getEvents),
 		router.NewGetRoute("/info", r.getInfo),
 		router.NewGetRoute("/version", r.getVersion),
-		router.NewGetRoute("/system/df", r.getDiskUsage, router.WithCancel),
+		router.NewGetRoute("/system/df", r.getDiskUsage),
 		router.NewPostRoute("/auth", r.postAuth),
 	}
 
diff --git a/api/server/router/system/system_routes.go b/api/server/router/system/system_routes.go
index a2ff692de37b9..d25d92204c60c 100644
--- a/api/server/router/system/system_routes.go
+++ b/api/server/router/system/system_routes.go
@@ -16,7 +16,7 @@ import (
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/pkg/ioutils"
-	pkgerrors "github.com/pkg/errors"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
 )
@@ -27,21 +27,28 @@ func optionsHandler(ctx context.Context, w http.ResponseWriter, r *http.Request,
 }
 
 func (s *systemRouter) pingHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	w.Header().Add("Cache-Control", "no-cache, no-store, must-revalidate")
+	w.Header().Add("Pragma", "no-cache")
+
 	builderVersion := build.BuilderVersion(*s.features)
 	if bv := builderVersion; bv != "" {
 		w.Header().Set("Builder-Version", string(bv))
 	}
+	if r.Method == http.MethodHead {
+		w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+		w.Header().Set("Content-Length", "0")
+		return nil
+	}
 	_, err := w.Write([]byte{'O', 'K'})
 	return err
 }
 
 func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	info, err := s.backend.SystemInfo()
-	if err != nil {
-		return err
-	}
+	info := s.backend.SystemInfo()
+
 	if s.cluster != nil {
 		info.Swarm = s.cluster.Info()
+		info.Warnings = append(info.Warnings, info.Swarm.Warnings...)
 	}
 
 	if versions.LessThan(httputils.VersionFromContext(ctx), "1.25") {
@@ -83,46 +90,86 @@ func (s *systemRouter) getVersion(ctx context.Context, w http.ResponseWriter, r
 }
 
 func (s *systemRouter) getDiskUsage(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	eg, ctx := errgroup.WithContext(ctx)
-
-	var du *types.DiskUsage
-	eg.Go(func() error {
-		var err error
-		du, err = s.backend.SystemDiskUsage(ctx)
+	if err := httputils.ParseForm(r); err != nil {
 		return err
-	})
+	}
 
-	var builderSize int64 // legacy
-	eg.Go(func() error {
-		var err error
-		builderSize, err = s.fscache.DiskUsage(ctx)
-		if err != nil {
-			return pkgerrors.Wrap(err, "error getting fscache build cache usage")
+	version := httputils.VersionFromContext(ctx)
+
+	var getContainers, getImages, getVolumes, getBuildCache bool
+	typeStrs, ok := r.Form["type"]
+	if versions.LessThan(version, "1.42") || !ok {
+		getContainers, getImages, getVolumes, getBuildCache = true, true, true, true
+	} else {
+		for _, typ := range typeStrs {
+			switch types.DiskUsageObject(typ) {
+			case types.ContainerObject:
+				getContainers = true
+			case types.ImageObject:
+				getImages = true
+			case types.VolumeObject:
+				getVolumes = true
+			case types.BuildCacheObject:
+				getBuildCache = true
+			default:
+				return invalidRequestError{Err: fmt.Errorf("unknown object type: %s", typ)}
+			}
 		}
-		return nil
-	})
+	}
+
+	eg, ctx := errgroup.WithContext(ctx)
+
+	var systemDiskUsage *types.DiskUsage
+	if getContainers || getImages || getVolumes {
+		eg.Go(func() error {
+			var err error
+			systemDiskUsage, err = s.backend.SystemDiskUsage(ctx, DiskUsageOptions{
+				Containers: getContainers,
+				Images:     getImages,
+				Volumes:    getVolumes,
+			})
+			return err
+		})
+	}
 
 	var buildCache []*types.BuildCache
-	eg.Go(func() error {
-		var err error
-		buildCache, err = s.builder.DiskUsage(ctx)
-		if err != nil {
-			return pkgerrors.Wrap(err, "error getting build cache usage")
-		}
-		return nil
-	})
+	if getBuildCache {
+		eg.Go(func() error {
+			var err error
+			buildCache, err = s.builder.DiskUsage(ctx)
+			if err != nil {
+				return errors.Wrap(err, "error getting build cache usage")
+			}
+			if buildCache == nil {
+				// Ensure empty `BuildCache` field is represented as empty JSON array(`[]`)
+				// instead of `null` to be consistent with `Images`, `Containers` etc.
+				buildCache = []*types.BuildCache{}
+			}
+			return nil
+		})
+	}
 
 	if err := eg.Wait(); err != nil {
 		return err
 	}
 
-	for _, b := range buildCache {
-		builderSize += b.Size
+	var builderSize int64
+	if versions.LessThan(version, "1.42") {
+		for _, b := range buildCache {
+			builderSize += b.Size
+		}
 	}
 
-	du.BuilderSize = builderSize
-	du.BuildCache = buildCache
-
+	du := types.DiskUsage{
+		BuildCache:  buildCache,
+		BuilderSize: builderSize,
+	}
+	if systemDiskUsage != nil {
+		du.LayersSize = systemDiskUsage.LayersSize
+		du.Images = systemDiskUsage.Images
+		du.Containers = systemDiskUsage.Containers
+		du.Volumes = systemDiskUsage.Volumes
+	}
 	return httputils.WriteJSON(w, http.StatusOK, du)
 }
 
@@ -165,7 +212,9 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *
 
 		if !onlyPastEvents {
 			dur := until.Sub(now)
-			timeout = time.After(dur)
+			timer := time.NewTimer(dur)
+			defer timer.Stop()
+			timeout = timer.C
 		}
 	}
 
diff --git a/api/server/router/volume/volume.go b/api/server/router/volume/volume.go
index 04f365e370c7b..875497b3eb54f 100644
--- a/api/server/router/volume/volume.go
+++ b/api/server/router/volume/volume.go
@@ -29,7 +29,7 @@ func (r *volumeRouter) initRoutes() {
 		router.NewGetRoute("/volumes/{name:.*}", r.getVolumeByName),
 		// POST
 		router.NewPostRoute("/volumes/create", r.postVolumesCreate),
-		router.NewPostRoute("/volumes/prune", r.postVolumesPrune, router.WithCancel),
+		router.NewPostRoute("/volumes/prune", r.postVolumesPrune),
 		// DELETE
 		router.NewDeleteRoute("/volumes/{name:.*}", r.deleteVolumes),
 	}
diff --git a/api/server/router/volume/volume_routes.go b/api/server/router/volume/volume_routes.go
index e892d1a52403d..4fa4cb53aab0e 100644
--- a/api/server/router/volume/volume_routes.go
+++ b/api/server/router/volume/volume_routes.go
@@ -56,7 +56,7 @@ func (v *volumeRouter) postVolumesCreate(ctx context.Context, w http.ResponseWri
 		if err == io.EOF {
 			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
 		}
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	volume, err := v.backend.Create(ctx, req.Name, req.Driver, opts.WithCreateOptions(req.DriverOpts), opts.WithCreateLabels(req.Labels))
diff --git a/api/server/router_swapper.go b/api/server/router_swapper.go
deleted file mode 100644
index e8087492c475c..0000000000000
--- a/api/server/router_swapper.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package server // import "github.com/docker/docker/api/server"
-
-import (
-	"net/http"
-	"sync"
-
-	"github.com/gorilla/mux"
-)
-
-// routerSwapper is an http.Handler that allows you to swap
-// mux routers.
-type routerSwapper struct {
-	mu     sync.Mutex
-	router *mux.Router
-}
-
-// Swap changes the old router with the new one.
-func (rs *routerSwapper) Swap(newRouter *mux.Router) {
-	rs.mu.Lock()
-	rs.router = newRouter
-	rs.mu.Unlock()
-}
-
-// ServeHTTP makes the routerSwapper to implement the http.Handler interface.
-func (rs *routerSwapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	rs.mu.Lock()
-	router := rs.router
-	rs.mu.Unlock()
-	router.ServeHTTP(w, r)
-}
diff --git a/api/server/server.go b/api/server/server.go
index 3b4e630c41613..a8ce5cb1637ef 100644
--- a/api/server/server.go
+++ b/api/server/server.go
@@ -12,6 +12,7 @@ import (
 	"github.com/docker/docker/api/server/router"
 	"github.com/docker/docker/api/server/router/debug"
 	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/errdefs"
 	"github.com/gorilla/mux"
 	"github.com/sirupsen/logrus"
 )
@@ -31,11 +32,10 @@ type Config struct {
 
 // Server contains instance details for the server
 type Server struct {
-	cfg           *Config
-	servers       []*HTTPServer
-	routers       []router.Router
-	routerSwapper *routerSwapper
-	middlewares   []middleware.Middleware
+	cfg         *Config
+	servers     []*HTTPServer
+	routers     []router.Router
+	middlewares []middleware.Middleware
 }
 
 // New returns a new instance of the server based on the specified configuration.
@@ -79,7 +79,7 @@ func (s *Server) Close() {
 func (s *Server) serveAPI() error {
 	var chErrors = make(chan error, len(s.servers))
 	for _, srv := range s.servers {
-		srv.srv.Handler = s.routerSwapper
+		srv.srv.Handler = s.createMux()
 		go func(srv *HTTPServer) {
 			var err error
 			logrus.Infof("API listen on %s", srv.l.Addr())
@@ -129,7 +129,8 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
 
 		// use intermediate variable to prevent "should not use basic type
 		// string as key in context.WithValue" golint errors
-		ctx := context.WithValue(context.Background(), dockerversion.UAStringKey{}, r.Header.Get("User-Agent"))
+		ctx := context.WithValue(r.Context(), dockerversion.UAStringKey{}, r.Header.Get("User-Agent"))
+		r = r.WithContext(ctx)
 		handlerFunc := s.handlerWithGlobalMiddlewares(handler)
 
 		vars := mux.Vars(r)
@@ -138,7 +139,7 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
 		}
 
 		if err := handlerFunc(ctx, w, r, vars); err != nil {
-			statusCode := httputils.GetHTTPErrorStatusCode(err)
+			statusCode := errdefs.GetHTTPErrorStatusCode(err)
 			if statusCode >= 500 {
 				logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
 			}
@@ -151,11 +152,6 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
 // This method also enables the Go profiler.
 func (s *Server) InitRouter(routers ...router.Router) {
 	s.routers = append(s.routers, routers...)
-
-	m := s.createMux()
-	s.routerSwapper = &routerSwapper{
-		router: m,
-	}
 }
 
 type pageNotFoundError struct{}
@@ -191,6 +187,7 @@ func (s *Server) createMux() *mux.Router {
 	notFoundHandler := httputils.MakeErrorHandler(pageNotFoundError{})
 	m.HandleFunc(versionMatcher+"/{path:.*}", notFoundHandler)
 	m.NotFoundHandler = notFoundHandler
+	m.MethodNotAllowedHandler = notFoundHandler
 
 	return m
 }
diff --git a/api/server/server_test.go b/api/server/server_test.go
index e0fac30ab7179..a3e8124a880f8 100644
--- a/api/server/server_test.go
+++ b/api/server/server_test.go
@@ -22,7 +22,7 @@ func TestMiddlewares(t *testing.T) {
 
 	srv.UseMiddleware(middleware.NewVersionMiddleware("0.1omega2", api.DefaultVersion, api.MinVersion))
 
-	req, _ := http.NewRequest("GET", "/containers/json", nil)
+	req, _ := http.NewRequest(http.MethodGet, "/containers/json", nil)
 	resp := httptest.NewRecorder()
 	ctx := context.Background()
 
diff --git a/api/swagger.yaml b/api/swagger.yaml
index 1cabb9b516b3c..b8b3ea0946554 100644
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -19,20 +19,26 @@ produces:
 consumes:
   - "application/json"
   - "text/plain"
-basePath: "/v1.39"
+basePath: "/v1.42"
 info:
   title: "Docker Engine API"
-  version: "1.39"
+  version: "1.42"
   x-logo:
     url: "https://docs.docker.com/images/logo-docker-main.png"
   description: |
-    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+    The Engine API is an HTTP API served by Docker Engine. It is the API the
+    Docker client uses to communicate with the Engine, so everything the Docker
+    client can do can be done with the API.
 
-    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps`
+    is `GET /containers/json`). The notable exception is running containers,
+    which consists of several API calls.
 
     # Errors
 
-    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+    The API uses standard HTTP status codes to indicate the success or failure
+    of the API call. The body of the response will be JSON in the following
+    format:
 
     ```
     {
@@ -49,8 +55,8 @@ info:
     the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
     is returned.
 
-    If you omit the version-prefix, the current version of the API (v1.39) is used.
-    For example, calling `/info` is the same as calling `/v1.39/info`. Using the
+    If you omit the version-prefix, the current version of the API (v1.42) is used.
+    For example, calling `/info` is the same as calling `/v1.42/info`. Using the
     API without a version-prefix is deprecated and will be removed in a future release.
 
     Engine releases in the near future should support this version of the API,
@@ -65,7 +71,11 @@ info:
 
     # Authentication
 
-    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+    Authentication for registries is handled client side. The client has to send
+    authentication details to various endpoints that need to communicate with
+    registries, such as `POST /images/(name)/push`. These are sent as
+    `X-Registry-Auth` header as a [base64url encoded](https://tools.ietf.org/html/rfc4648#section-5)
+    (JSON) string with the following structure:
 
     ```
     {
@@ -76,9 +86,11 @@ info:
     }
     ```
 
-    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+    The `serveraddress` is a domain/IP without a protocol. Throughout this
+    structure, double quotes are required.
 
-    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth),
+    you can just pass this instead of credentials:
 
     ```
     {
@@ -104,7 +116,9 @@ tags:
   - name: "Network"
     x-displayName: "Networks"
     description: |
-      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/engine/userguide/networking/) for more information.
+      Networks are user-defined networks that containers can be attached to.
+      See the [networking documentation](https://docs.docker.com/network/)
+      for more information.
   - name: "Volume"
     x-displayName: "Volumes"
     description: |
@@ -112,34 +126,46 @@ tags:
   - name: "Exec"
     x-displayName: "Exec"
     description: |
-      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+      Run new commands inside running containers. Refer to the
+      [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/)
+      for more information.
+
+      To exec a command in a container, you first need to create an exec instance,
+      then start it. These two API endpoints are wrapped up in a single command-line
+      command, `docker exec`.
 
-      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
   # Swarm things
   - name: "Swarm"
     x-displayName: "Swarm"
     description: |
-      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+      Engines can be clustered together in a swarm. Refer to the
+      [swarm mode documentation](https://docs.docker.com/engine/swarm/)
+      for more information.
   - name: "Node"
     x-displayName: "Nodes"
     description: |
-      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+      Nodes are instances of the Engine participating in a swarm. Swarm mode
+      must be enabled for these endpoints to work.
   - name: "Service"
     x-displayName: "Services"
     description: |
-      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+      Services are the definitions of tasks to run on a swarm. Swarm mode must
+      be enabled for these endpoints to work.
   - name: "Task"
     x-displayName: "Tasks"
     description: |
-      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+      A task is a container running on a swarm. It is the atomic scheduling unit
+      of swarm. Swarm mode must be enabled for these endpoints to work.
   - name: "Secret"
     x-displayName: "Secrets"
     description: |
-      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+      Secrets are sensitive data that can be used by services. Swarm mode must
+      be enabled for these endpoints to work.
   - name: "Config"
     x-displayName: "Configs"
     description: |
-      Configs are application configurations that can be used by services. Swarm mode must be enabled for these endpoints to work.
+      Configs are application configurations that can be used by services. Swarm
+      mode must be enabled for these endpoints to work.
   # System things
   - name: "Plugin"
     x-displayName: "Plugins"
@@ -210,6 +236,43 @@ definitions:
       PathInContainer: "/dev/deviceName"
       CgroupPermissions: "mrw"
 
+  DeviceRequest:
+    type: "object"
+    description: "A request for devices to be sent to device drivers"
+    properties:
+      Driver:
+        type: "string"
+        example: "nvidia"
+      Count:
+        type: "integer"
+        example: -1
+      DeviceIDs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "0"
+          - "1"
+          - "GPU-fef8089b-4820-abfc-e83e-94318197576e"
+      Capabilities:
+        description: |
+          A list of capabilities; an OR list of AND lists of capabilities.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          # gpu AND nvidia AND compute
+          - ["gpu", "nvidia", "compute"]
+      Options:
+        description: |
+          Driver-specific options, specified as a key/value pairs. These options
+          are passed directly to the driver.
+        type: "object"
+        additionalProperties:
+          type: "string"
+
   ThrottleDevice:
     type: "object"
     properties:
@@ -265,6 +328,10 @@ definitions:
               - "rshared"
               - "slave"
               - "rslave"
+          NonRecursive:
+            description: "Disable recursive bind mount."
+            type: "boolean"
+            default: false
       VolumeOptions:
         description: "Optional configuration for the `volume` type."
         type: "object"
@@ -304,26 +371,31 @@ definitions:
 
   RestartPolicy:
     description: |
-      The behavior to apply when the container exits. The default is not to restart.
+      The behavior to apply when the container exits. The default is not to
+      restart.
 
-      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+      An ever increasing delay (double the previous delay, starting at 100ms) is
+      added before each restart to prevent flooding the server.
     type: "object"
     properties:
       Name:
         type: "string"
         description: |
           - Empty string means not to restart
+          - `no` Do not automatically restart
           - `always` Always restart
           - `unless-stopped` Restart always except when the user has manually stopped the container
           - `on-failure` Restart only when the container exit code is non-zero
         enum:
           - ""
+          - "no"
           - "always"
           - "unless-stopped"
           - "on-failure"
       MaximumRetryCount:
         type: "integer"
-        description: "If `on-failure` is used, the number of times to retry before giving up"
+        description: |
+          If `on-failure` is used, the number of times to retry before giving up.
 
   Resources:
     description: "A container's resources (cgroups config, ulimits, etc)"
@@ -331,7 +403,9 @@ definitions:
     properties:
       # Applicable to all platforms
       CpuShares:
-        description: "An integer value representing this container's relative CPU weight versus other containers."
+        description: |
+          An integer value representing this container's relative CPU weight
+          versus other containers.
         type: "integer"
       Memory:
         description: "Memory limit in bytes."
@@ -340,7 +414,11 @@ definitions:
         default: 0
       # Applicable to UNIX platforms
       CgroupParent:
-        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        description: |
+          Path to `cgroups` under which the container's `cgroup` is created. If
+          the path is not absolute, the path is considered to be relative to the
+          `cgroups` path of the init process. Cgroups are created if they do not
+          already exist.
         type: "string"
       BlkioWeight:
         description: "Block IO weight (relative weight)."
@@ -349,7 +427,11 @@ definitions:
         maximum: 1000
       BlkioWeightDevice:
         description: |
-          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+          Block IO weight (relative device weight) in the form:
+
+          ```
+          [{"Path": "device_path", "Weight": weight}]
+          ```
         type: "array"
         items:
           type: "object"
@@ -361,25 +443,41 @@ definitions:
               minimum: 0
       BlkioDeviceReadBps:
         description: |
-          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+          Limit read rate (bytes per second) from a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
         type: "array"
         items:
           $ref: "#/definitions/ThrottleDevice"
       BlkioDeviceWriteBps:
         description: |
-          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+          Limit write rate (bytes per second) to a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
         type: "array"
         items:
           $ref: "#/definitions/ThrottleDevice"
       BlkioDeviceReadIOps:
         description: |
-          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+          Limit read rate (IO per second) from a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
         type: "array"
         items:
           $ref: "#/definitions/ThrottleDevice"
       BlkioDeviceWriteIOps:
         description: |
-          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+          Limit write rate (IO per second) to a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
         type: "array"
         items:
           $ref: "#/definitions/ThrottleDevice"
@@ -388,23 +486,31 @@ definitions:
         type: "integer"
         format: "int64"
       CpuQuota:
-        description: "Microseconds of CPU time that the container can get in a CPU period."
+        description: |
+          Microseconds of CPU time that the container can get in a CPU period.
         type: "integer"
         format: "int64"
       CpuRealtimePeriod:
-        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        description: |
+          The length of a CPU real-time period in microseconds. Set to 0 to
+          allocate no time allocated to real-time tasks.
         type: "integer"
         format: "int64"
       CpuRealtimeRuntime:
-        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        description: |
+          The length of a CPU real-time runtime in microseconds. Set to 0 to
+          allocate no time allocated to real-time tasks.
         type: "integer"
         format: "int64"
       CpusetCpus:
-        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        description: |
+          CPUs in which to allow execution (e.g., `0-3`, `0,1`).
         type: "string"
         example: "0-3"
       CpusetMems:
-        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        description: |
+          Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
+          effective on NUMA systems.
         type: "string"
       Devices:
         description: "A list of devices to add to the container."
@@ -417,12 +523,25 @@ definitions:
         items:
           type: "string"
           example: "c 13:* rwm"
-      DiskQuota:
-        description: "Disk limit (in bytes)."
+      DeviceRequests:
+        description: |
+          A list of requests for devices to be sent to device drivers.
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceRequest"
+      KernelMemory:
+        description: |
+          Kernel memory limit in bytes.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is deprecated as the kernel 5.4 deprecated
+          > `kmem.limit_in_bytes`.
         type: "integer"
         format: "int64"
-      KernelMemory:
-        description: "Kernel memory limit in bytes."
+        example: 209715200
+      KernelMemoryTCP:
+        description: "Hard limit for kernel TCP buffer memory (in bytes)."
         type: "integer"
         format: "int64"
       MemoryReservation:
@@ -430,16 +549,20 @@ definitions:
         type: "integer"
         format: "int64"
       MemorySwap:
-        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        description: |
+          Total memory limit (memory + swap). Set as `-1` to enable unlimited
+          swap.
         type: "integer"
         format: "int64"
       MemorySwappiness:
-        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        description: |
+          Tune a container's memory swappiness behavior. Accepts an integer
+          between 0 and 100.
         type: "integer"
         format: "int64"
         minimum: 0
         maximum: 100
-      NanoCPUs:
+      NanoCpus:
         description: "CPU quota in units of 10<sup>-9</sup> CPUs."
         type: "integer"
         format: "int64"
@@ -447,16 +570,26 @@ definitions:
         description: "Disable OOM Killer for the container."
         type: "boolean"
       Init:
-        description: "Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used."
+        description: |
+          Run an init inside the container that forwards signals and reaps
+          processes. This field is omitted if empty, and the default (as
+          configured on the daemon) is used.
         type: "boolean"
         x-nullable: true
       PidsLimit:
-        description: "Tune a container's pids limit. Set -1 for unlimited."
+        description: |
+          Tune a container's PIDs limit. Set `0` or `-1` for unlimited, or `null`
+          to not change.
         type: "integer"
         format: "int64"
+        x-nullable: true
       Ulimits:
         description: |
-          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+          A list of resource limits to set in the container. For example:
+
+          ```
+          {"Name": "nofile", "Soft": 1024, "Hard": 2048}
+          ```
         type: "array"
         items:
           type: "object"
@@ -475,14 +608,18 @@ definitions:
         description: |
           The number of usable CPUs (Windows only).
 
-          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+          On Windows Server containers, the processor resource controls are
+          mutually exclusive. The order of precedence is `CPUCount` first, then
+          `CPUShares`, and `CPUPercent` last.
         type: "integer"
         format: "int64"
       CpuPercent:
         description: |
           The usable percentage of the available CPUs (Windows only).
 
-          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+          On Windows Server containers, the processor resource controls are
+          mutually exclusive. The order of precedence is `CPUCount` first, then
+          `CPUShares`, and `CPUPercent` last.
         type: "integer"
         format: "int64"
       IOMaximumIOps:
@@ -490,12 +627,37 @@ definitions:
         type: "integer"
         format: "int64"
       IOMaximumBandwidth:
-        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        description: |
+          Maximum IO in bytes per second for the container system drive
+          (Windows only).
+        type: "integer"
+        format: "int64"
+
+  Limit:
+    description: |
+      An object describing a limit on resources which can be requested by a task.
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
         type: "integer"
         format: "int64"
+        example: 8272408576
+      Pids:
+        description: |
+          Limits the maximum number of PIDs in the container. Set `0` for unlimited.
+        type: "integer"
+        format: "int64"
+        default: 0
+        example: 100
 
   ResourceObject:
-    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    description: |
+      An object describing the resources which can be advertised by a node and
+      requested by a task.
     type: "object"
     properties:
       NanoCPUs:
@@ -510,7 +672,9 @@ definitions:
         $ref: "#/definitions/GenericResources"
 
   GenericResources:
-    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    description: |
+      User-defined resources can be either Integer resources (e.g, `SSD=3`) or
+      String resources (e.g, `GPU=UUID1`).
     type: "array"
     items:
       type: "object"
@@ -557,17 +721,92 @@ definitions:
         items:
           type: "string"
       Interval:
-        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        description: |
+          The time to wait between checks in nanoseconds. It should be 0 or at
+          least 1000000 (1 ms). 0 means inherit.
         type: "integer"
       Timeout:
-        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        description: |
+          The time to wait before considering the check to have hung. It should
+          be 0 or at least 1000000 (1 ms). 0 means inherit.
         type: "integer"
       Retries:
-        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        description: |
+          The number of consecutive failures needed to consider a container as
+          unhealthy. 0 means inherit.
         type: "integer"
       StartPeriod:
-        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        description: |
+          Start period for the container to initialize before starting
+          health-retries countdown in nanoseconds. It should be 0 or at least
+          1000000 (1 ms). 0 means inherit.
+        type: "integer"
+
+  Health:
+    description: |
+      Health stores information about the container's healthcheck results.
+    type: "object"
+    x-nullable: true
+    properties:
+      Status:
+        description: |
+          Status is one of `none`, `starting`, `healthy` or `unhealthy`
+
+          - "none"      Indicates there is no healthcheck
+          - "starting"  Starting indicates that the container is not yet ready
+          - "healthy"   Healthy indicates that the container is running correctly
+          - "unhealthy" Unhealthy indicates that the container has a problem
+        type: "string"
+        enum:
+          - "none"
+          - "starting"
+          - "healthy"
+          - "unhealthy"
+        example: "healthy"
+      FailingStreak:
+        description: "FailingStreak is the number of consecutive failures"
+        type: "integer"
+        example: 0
+      Log:
+        type: "array"
+        description: |
+          Log contains the last few results (oldest first)
+        items:
+          $ref: "#/definitions/HealthcheckResult"
+
+  HealthcheckResult:
+    description: |
+      HealthcheckResult stores information about a single run of a healthcheck probe
+    type: "object"
+    x-nullable: true
+    properties:
+      Start:
+        description: |
+          Date and time at which this check started in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "date-time"
+        example: "2020-01-04T10:44:24.496525531Z"
+      End:
+        description: |
+          Date and time at which this check ended in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2020-01-04T10:45:21.364524523Z"
+      ExitCode:
+        description: |
+          ExitCode meanings:
+
+          - `0` healthy
+          - `1` unhealthy
+          - `2` reserved (considered unhealthy)
+          - other values: error running probe
         type: "integer"
+        example: 0
+      Output:
+        description: "Output from last check"
+        type: "string"
 
   HostConfig:
     description: "Container configuration that depends on the host we are running on"
@@ -579,12 +818,44 @@ definitions:
           Binds:
             type: "array"
             description: |
-              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
-
-              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
-              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
-              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
-              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+              A list of volume bindings for this container. Each volume binding
+              is a string in one of these forms:
+
+              - `host-src:container-dest[:options]` to bind-mount a host path
+                into the container. Both `host-src`, and `container-dest` must
+                be an _absolute_ path.
+              - `volume-name:container-dest[:options]` to bind-mount a volume
+                managed by a volume driver into the container. `container-dest`
+                must be an _absolute_ path.
+
+              `options` is an optional, comma-delimited list of:
+
+              - `nocopy` disables automatic copying of data from the container
+                path to the volume. The `nocopy` flag only applies to named volumes.
+              - `[ro|rw]` mounts a volume read-only or read-write, respectively.
+                If omitted or set to `rw`, volumes are mounted read-write.
+              - `[z|Z]` applies SELinux labels to allow or deny multiple containers
+                to read and write to the same volume.
+                  - `z`: a _shared_ content label is applied to the content. This
+                    label indicates that multiple containers can share the volume
+                    content, for both reading and writing.
+                  - `Z`: a _private unshared_ label is applied to the content.
+                    This label indicates that only the current container can use
+                    a private volume. Labeling systems such as SELinux require
+                    proper labels to be placed on volume content that is mounted
+                    into a container. Without a label, the security system can
+                    prevent a container's processes from using the content. By
+                    default, the labels set by the host operating system are not
+                    modified.
+              - `[[r]shared|[r]slave|[r]private]` specifies mount
+                [propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
+                This only applies to bind-mounted volumes, not internal volumes
+                or named volumes. Mount propagation requires the source mount
+                point (the location where the source directory is mounted in the
+                host operating system) to have the correct propagation properties.
+                For shared volumes, the source mount point must be set to `shared`.
+                For slave volumes, the mount must be set to either `shared` or
+                `slave`.
             items:
               type: "string"
           ContainerIDFile:
@@ -612,25 +883,33 @@ definitions:
                   type: "string"
           NetworkMode:
             type: "string"
-            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
-              as a custom network's name to which this container should connect to."
+            description: |
+              Network mode to use for this container. Supported standard values
+              are: `bridge`, `host`, `none`, and `container:<name|id>`. Any
+              other value is taken as a custom network's name to which this
+              container should connect to.
           PortBindings:
             $ref: "#/definitions/PortMap"
           RestartPolicy:
             $ref: "#/definitions/RestartPolicy"
           AutoRemove:
             type: "boolean"
-            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+            description: |
+              Automatically remove the container when the container's process
+              exits. This has no effect if `RestartPolicy` is set.
           VolumeDriver:
             type: "string"
             description: "Driver that this container uses to mount volumes."
           VolumesFrom:
             type: "array"
-            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            description: |
+              A list of volumes to inherit from another container, specified in
+              the form `<container name>[:<ro|rw>]`.
             items:
               type: "string"
           Mounts:
-            description: "Specification for mounts to be added to the container."
+            description: |
+              Specification for mounts to be added to the container.
             type: "array"
             items:
               $ref: "#/definitions/Mount"
@@ -638,14 +917,31 @@ definitions:
           # Applicable to UNIX platforms
           CapAdd:
             type: "array"
-            description: "A list of kernel capabilities to add to the container."
+            description: |
+              A list of kernel capabilities to add to the container. Conflicts
+              with option 'Capabilities'.
             items:
               type: "string"
           CapDrop:
             type: "array"
-            description: "A list of kernel capabilities to drop from the container."
+            description: |
+              A list of kernel capabilities to drop from the container. Conflicts
+              with option 'Capabilities'.
             items:
               type: "string"
+          CgroupnsMode:
+            type: "string"
+            enum:
+              - "private"
+              - "host"
+            description: |
+              cgroup namespace mode for the container. Possible values are:
+
+              - `"private"`: the container runs in its own private cgroup namespace
+              - `"host"`: use the host system's cgroup namespace
+
+              If not specified, the daemon default is used, which can either be `"private"`
+              or `"host"`, depending on daemon version, kernel support and configuration.
           Dns:
             type: "array"
             description: "A list of DNS servers for the container to use."
@@ -664,43 +960,49 @@ definitions:
           ExtraHosts:
             type: "array"
             description: |
-              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts`
+              file. Specified in the form `["hostname:IP"]`.
             items:
               type: "string"
           GroupAdd:
             type: "array"
-            description: "A list of additional groups that the container process will run as."
+            description: |
+              A list of additional groups that the container process will run as.
             items:
               type: "string"
           IpcMode:
             type: "string"
             description: |
-                    IPC sharing mode for the container. Possible values are:
+              IPC sharing mode for the container. Possible values are:
 
-                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
-                    - `"private"`: own private IPC namespace
-                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
-                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
-                    - `"host"`: use the host system's IPC namespace
+              - `"none"`: own private IPC namespace, with /dev/shm not mounted
+              - `"private"`: own private IPC namespace
+              - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+              - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+              - `"host"`: use the host system's IPC namespace
 
-                    If not specified, daemon default is used, which can either be `"private"`
-                    or `"shareable"`, depending on daemon version and configuration.
+              If not specified, daemon default is used, which can either be `"private"`
+              or `"shareable"`, depending on daemon version and configuration.
           Cgroup:
             type: "string"
             description: "Cgroup to use for the container."
           Links:
             type: "array"
-            description: "A list of links for the container in the form `container_name:alias`."
+            description: |
+              A list of links for the container in the form `container_name:alias`.
             items:
               type: "string"
           OomScoreAdj:
             type: "integer"
-            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            description: |
+              An integer value containing the score given to the container in
+              order to tune OOM killer preferences.
             example: 500
           PidMode:
             type: "string"
             description: |
-              Set the PID (Process) Namespace mode for the container. It can be either:
+              Set the PID (Process) Namespace mode for the container. It can be
+              either:
 
               - `"container:<name|id>"`: joins another container's PID namespace
               - `"host"`: use the host's PID namespace inside the container
@@ -713,11 +1015,13 @@ definitions:
               Allocates an ephemeral host port for all of a container's
               exposed ports.
 
-              Ports are de-allocated when the container stops and allocated when the container starts.
-              The allocated port might be changed when restarting the container.
+              Ports are de-allocated when the container stops and allocated when
+              the container starts. The allocated port might be changed when
+              restarting the container.
 
-              The port is selected from the ephemeral port range that depends on the kernel.
-              For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
+              The port is selected from the ephemeral port range that depends on
+              the kernel. For example, on Linux the range is defined by
+              `/proc/sys/net/ipv4/ip_local_port_range`.
           ReadonlyRootfs:
             type: "boolean"
             description: "Mount the container's root filesystem as read only."
@@ -736,7 +1040,12 @@ definitions:
           Tmpfs:
             type: "object"
             description: |
-              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+              A map of container directories which should be replaced by tmpfs
+              mounts, and their corresponding mount options. For example:
+
+              ```
+              { "/run": "rw,noexec,nosuid,size=65536k" }
+              ```
             additionalProperties:
               type: "string"
           UTSMode:
@@ -744,15 +1053,23 @@ definitions:
             description: "UTS namespace to use for the container."
           UsernsMode:
             type: "string"
-            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+            description: |
+              Sets the usernamespace mode for the container when usernamespace
+              remapping option is enabled.
           ShmSize:
             type: "integer"
-            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            description: |
+              Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
             minimum: 0
           Sysctls:
             type: "object"
             description: |
-              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+              A list of kernel parameters (sysctls) to set in the container.
+              For example:
+
+              ```
+              {"net.ipv4.ip_forward": "1"}
+              ```
             additionalProperties:
               type: "string"
           Runtime:
@@ -761,7 +1078,8 @@ definitions:
           # Applicable to Windows
           ConsoleSize:
             type: "array"
-            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            description: |
+              Initial console size, as an `[height, width]` array. (Windows only)
             minItems: 2
             maxItems: 2
             items:
@@ -769,19 +1087,24 @@ definitions:
               minimum: 0
           Isolation:
             type: "string"
-            description: "Isolation technology of the container. (Windows only)"
+            description: |
+              Isolation technology of the container. (Windows only)
             enum:
               - "default"
               - "process"
               - "hyperv"
           MaskedPaths:
             type: "array"
-            description: "The list of paths to be masked inside the container (this overrides the default set of paths)"
+            description: |
+              The list of paths to be masked inside the container (this overrides
+              the default set of paths).
             items:
               type: "string"
           ReadonlyPaths:
             type: "array"
-            description: "The list of paths to be set as read-only inside the container (this overrides the default set of paths)"
+            description: |
+              The list of paths to be set as read-only inside the container
+              (this overrides the default set of paths).
             items:
               type: "string"
 
@@ -822,7 +1145,8 @@ definitions:
             - {}
           default: {}
       Tty:
-        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        description: |
+          Attach standard streams to a TTY, including `stdin` if it is not closed.
         type: "boolean"
         default: false
       OpenStdin:
@@ -835,12 +1159,15 @@ definitions:
         default: false
       Env:
         description: |
-          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+          A list of environment variables to set inside the container in the
+          form `["VAR=value", ...]`. A variable without `=` is removed from the
+          environment, rather than to have an empty value.
         type: "array"
         items:
           type: "string"
       Cmd:
-        description: "Command to run specified as a string or an array of strings."
+        description: |
+          Command to run specified as a string or an array of strings.
         type: "array"
         items:
           type: "string"
@@ -850,10 +1177,13 @@ definitions:
         description: "Command is already escaped (Windows only)"
         type: "boolean"
       Image:
-        description: "The name of the image to use when creating the container"
+        description: |
+          The name of the image to use when creating the container/
         type: "string"
       Volumes:
-        description: "An object mapping mount point paths inside the container to empty objects."
+        description: |
+          An object mapping mount point paths inside the container to empty
+          objects.
         type: "object"
         additionalProperties:
           type: "object"
@@ -867,7 +1197,9 @@ definitions:
         description: |
           The entry point for the container as a string or an array of strings.
 
-          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+          If the array consists of exactly one empty string (`[""]`) then the
+          entry point is reset to system default (i.e., the entry point used by
+          docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
         type: "array"
         items:
           type: "string"
@@ -878,7 +1210,8 @@ definitions:
         description: "MAC address of the container."
         type: "string"
       OnBuild:
-        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        description: |
+          `ONBUILD` metadata that were defined in the image's `Dockerfile`.
         type: "array"
         items:
           type: "string"
@@ -888,7 +1221,8 @@ definitions:
         additionalProperties:
           type: "string"
       StopSignal:
-        description: "Signal to stop a container as a string or unsigned integer."
+        description: |
+          Signal to stop a container as a string or unsigned integer.
         type: "string"
         default: "SIGTERM"
       StopTimeout:
@@ -896,17 +1230,54 @@ definitions:
         type: "integer"
         default: 10
       Shell:
-        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        description: |
+          Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
         type: "array"
         items:
           type: "string"
 
+  NetworkingConfig:
+    description: |
+      NetworkingConfig represents the container's networking configuration for
+      each of its interfaces.
+      It is used for the networking configs specified in the `docker create`
+      and `docker network connect` commands.
+    type: "object"
+    properties:
+      EndpointsConfig:
+        description: |
+          A mapping of network name to endpoint configuration for that network.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+    example:
+      # putting an example here, instead of using the example values from
+      # /definitions/EndpointSettings, because containers/create currently
+      # does not support attaching to multiple networks, so the example request
+      # would be confusing if it showed that multiple networks can be contained
+      # in the EndpointsConfig.
+      # TODO remove once we support multiple networks on container create (see https://github.com/moby/moby/blob/07e6b843594e061f82baa5fa23c2ff7d536c2a05/daemon/create.go#L323)
+      EndpointsConfig:
+        isolated_nw:
+          IPAMConfig:
+            IPv4Address: "172.20.30.33"
+            IPv6Address: "2001:db8:abcd::3033"
+            LinkLocalIPs:
+              - "169.254.34.68"
+              - "fe80::3468"
+          Links:
+            - "container_1"
+            - "container_2"
+          Aliases:
+            - "server_x"
+            - "server_y"
+
   NetworkSettings:
     description: "NetworkSettings exposes the network settings in the API"
     type: "object"
     properties:
       Bridge:
-        description: Name of the network'a bridge (for example, `docker0`).
+        description: Name of the network's bridge (for example, `docker0`).
         type: "string"
         example: "docker0"
       SandboxID:
@@ -1084,6 +1455,7 @@ definitions:
     type: "object"
     additionalProperties:
       type: "array"
+      x-nullable: true
       items:
         $ref: "#/definitions/PortBinding"
     example:
@@ -1108,7 +1480,6 @@ definitions:
       PortBinding represents a binding between a host IP address and a host
       port.
     type: "object"
-    x-nullable: true
     properties:
       HostIp:
         description: "Host IP address that the container's port is mapped to."
@@ -1343,13 +1714,16 @@ definitions:
           type: "string"
       Scope:
         type: "string"
-        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        description: |
+          The level at which the volume exists. Either `global` for cluster-wide,
+          or `local` for machine level.
         default: "local"
         x-nullable: false
         enum: ["local", "global"]
       Options:
         type: "object"
-        description: "The driver specific options used when creating the volume."
+        description: |
+          The driver specific options used when creating the volume.
         additionalProperties:
           type: "string"
       UsageData:
@@ -1467,7 +1841,12 @@ definitions:
         type: "string"
         default: "default"
       Config:
-        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        description: |
+          List of IPAM configuration options, specified as a map:
+
+          ```
+          {"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}
+          ```
         type: "array"
         items:
           type: "object"
@@ -1475,11 +1854,9 @@ definitions:
             type: "string"
       Options:
         description: "Driver-specific options, specified as a map."
-        type: "array"
-        items:
-          type: "object"
-          additionalProperties:
-            type: "string"
+        type: "object"
+        additionalProperties:
+          type: "string"
 
   NetworkContainer:
     type: "object"
@@ -1531,12 +1908,24 @@ definitions:
       Shared:
         type: "boolean"
       Size:
+        description: |
+          Amount of disk space used by the build cache (in bytes).
         type: "integer"
       CreatedAt:
-        type: "integer"
+        description: |
+          Date and time at which the build cache was created in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
       LastUsedAt:
-        type: "integer"
+        description: |
+          Date and time at which the build cache was last used in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
         x-nullable: true
+        example: "2017-08-09T07:09:37.632105588Z"
       UsageCount:
         type: "integer"
 
@@ -1802,6 +2191,25 @@ definitions:
         type: "string"
         x-nullable: false
 
+  PluginPrivilege:
+    description: |
+      Describes a permission the user has to accept upon installing
+      the plugin.
+    type: "object"
+    x-go-name: "PluginPrivilege"
+    properties:
+      Name:
+        type: "string"
+        example: "network"
+      Description:
+        type: "string"
+      Value:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "host"
+
   Plugin:
     description: "A plugin for the Engine API"
     type: "object"
@@ -1815,7 +2223,9 @@ definitions:
         x-nullable: false
         example: "tiborvass/sample-volume-plugin"
       Enabled:
-        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        description:
+          True if the plugin is running. False if the plugin is not running,
+          only installed.
         type: "boolean"
         x-nullable: false
         example: true
@@ -2017,13 +2427,16 @@ definitions:
 
   ObjectVersion:
     description: |
-      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
-      The client must send the version number along with the modified specification when updating these objects.
-      This approach ensures safe concurrency and determinism in that the change on the object
-      may not be applied if the version number has changed from the last read. In other words,
-      if two update requests specify the same base version, only one of the requests can succeed.
-      As a result, two separate update requests that happen at the same time will not
-      unintentionally overwrite each other.
+      The version number of the object such as node, service, etc. This is needed
+      to avoid conflicting writes. The client must send the version number along
+      with the modified specification when updating these objects.
+
+      This approach ensures safe concurrency and determinism in that the change
+      on the object may not be applied if the version number has changed from the
+      last read. In other words, if two update requests specify the same base
+      version, only one of the requests can succeed. As a result, two separate
+      update requests that happen at the same time will not unintentionally
+      overwrite each other.
     type: "object"
     properties:
       Index:
@@ -2192,17 +2605,23 @@ definitions:
             Name: "vieux/sshfs:latest"
 
   TLSInfo:
-    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    description: |
+      Information about the issuer of leaf TLS certificates and the trusted root
+      CA certificate.
     type: "object"
     properties:
       TrustRoot:
-        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        description: |
+          The root CA certificate(s) that are used to validate leaf TLS
+          certificates.
         type: "string"
       CertIssuerSubject:
-        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        description:
+          The base64-url-safe-encoded raw subject bytes of the issuer.
         type: "string"
       CertIssuerPublicKey:
-        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        description: |
+          The base64-url-safe-encoded raw public key bytes of the issuer.
         type: "string"
     example:
       TrustRoot: |
@@ -2298,7 +2717,9 @@ definitions:
         x-nullable: true
         properties:
           TaskHistoryRetentionLimit:
-            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            description: |
+              The number of historic tasks to keep per instance or node. If
+              negative, never remove completed or failed tasks.
             type: "integer"
             format: "int64"
             example: 10
@@ -2312,26 +2733,34 @@ definitions:
             format: "uint64"
             example: 10000
           KeepOldSnapshots:
-            description: "The number of snapshots to keep beyond the current snapshot."
+            description: |
+              The number of snapshots to keep beyond the current snapshot.
             type: "integer"
             format: "uint64"
           LogEntriesForSlowFollowers:
-            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            description: |
+              The number of log entries to keep around to sync up slow followers
+              after a snapshot is created.
             type: "integer"
             format: "uint64"
             example: 500
           ElectionTick:
             description: |
-              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+              The number of ticks that a follower will wait for a message from
+              the leader before becoming a candidate and starting an election.
+              `ElectionTick` must be greater than `HeartbeatTick`.
 
-              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+              A tick currently defaults to one second, so these translate
+              directly to seconds currently, but this is NOT guaranteed.
             type: "integer"
             example: 3
           HeartbeatTick:
             description: |
-              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+              The number of ticks between heartbeats. Every HeartbeatTick ticks,
+              the leader will send a heartbeat to the followers.
 
-              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+              A tick currently defaults to one second, so these translate
+              directly to seconds currently, but this is NOT guaranteed.
             type: "integer"
             example: 1
       Dispatcher:
@@ -2340,7 +2769,8 @@ definitions:
         x-nullable: true
         properties:
           HeartbeatPeriod:
-            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            description: |
+              The delay for an agent to send a heartbeat to the dispatcher.
             type: "integer"
             format: "int64"
             example: 5000000000
@@ -2355,36 +2785,53 @@ definitions:
             format: "int64"
             example: 7776000000000000
           ExternalCAs:
-            description: "Configuration for forwarding signing requests to an external certificate authority."
+            description: |
+              Configuration for forwarding signing requests to an external
+              certificate authority.
             type: "array"
             items:
               type: "object"
               properties:
                 Protocol:
-                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  description: |
+                    Protocol for communication with the external CA (currently
+                    only `cfssl` is supported).
                   type: "string"
                   enum:
                     - "cfssl"
                   default: "cfssl"
                 URL:
-                  description: "URL where certificate signing requests should be sent."
+                  description: |
+                    URL where certificate signing requests should be sent.
                   type: "string"
                 Options:
-                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  description: |
+                    An object with key/value pairs that are interpreted as
+                    protocol-specific options for the external CA driver.
                   type: "object"
                   additionalProperties:
                     type: "string"
                 CACert:
-                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  description: |
+                    The root CA certificate (in PEM format) this external CA uses
+                    to issue TLS certificates (assumed to be to the current swarm
+                    root CA certificate if not provided).
                   type: "string"
           SigningCACert:
-            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            description: |
+              The desired signing CA certificate for all swarm node TLS leaf
+              certificates, in PEM format.
             type: "string"
           SigningCAKey:
-            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            description: |
+              The desired signing CA key for all swarm node TLS leaf certificates,
+              in PEM format.
             type: "string"
           ForceRotate:
-            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            description: |
+              An integer whose purpose is to force swarm to generate a new
+              signing CA certificate and key, if none have been specified in
+              `SigningCACert` and `SigningCAKey`
             format: "uint64"
             type: "integer"
       EncryptionConfig:
@@ -2392,7 +2839,9 @@ definitions:
         type: "object"
         properties:
           AutoLockManagers:
-            description: "If set, generate a key and use it to lock data stored on the managers."
+            description: |
+              If set, generate a key and use it to lock data stored on the
+              managers.
             type: "boolean"
             example: false
       TaskDefaults:
@@ -2458,9 +2907,37 @@ definitions:
       TLSInfo:
         $ref: "#/definitions/TLSInfo"
       RootRotationInProgress:
-        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        description: |
+          Whether there is currently a root CA rotation in progress for the swarm
         type: "boolean"
         example: false
+      DataPathPort:
+        description: |
+          DataPathPort specifies the data path port number for data traffic.
+          Acceptable port range is 1024 to 49151.
+          If no port is set or is set to 0, the default port (4789) is used.
+        type: "integer"
+        format: "uint32"
+        default: 4789
+        example: 4789
+      DefaultAddrPool:
+        description: |
+          Default Address Pool specifies default subnet pools for global scope
+          networks.
+        type: "array"
+        items:
+          type: "string"
+          format: "CIDR"
+          example: ["10.10.0.0/16", "20.20.0.0/16"]
+      SubnetSize:
+        description: |
+          SubnetSize specifies the subnet size of the networks created from the
+          default subnet pool.
+        type: "integer"
+        format: "uint32"
+        maximum: 29
+        default: 24
+        example: 24
 
   JoinTokens:
     description: |
@@ -2515,17 +2992,7 @@ definitions:
           PluginPrivilege:
             type: "array"
             items:
-              description: "Describes a permission accepted by the user upon installing the plugin."
-              type: "object"
-              properties:
-                Name:
-                  type: "string"
-                Description:
-                  type: "string"
-                Value:
-                  type: "array"
-                  items:
-                    type: "string"
+              $ref: "#/definitions/PluginPrivilege"
       ContainerSpec:
         type: "object"
         description: |
@@ -2557,10 +3024,13 @@ definitions:
             items:
               type: "string"
           Hostname:
-            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            description: |
+              The hostname to use for the container, as a valid
+              [RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
             type: "string"
           Env:
-            description: "A list of environment variables in the form `VAR=value`."
+            description: |
+              A list of environment variables in the form `VAR=value`.
             type: "array"
             items:
               type: "string"
@@ -2572,7 +3042,8 @@ definitions:
             type: "string"
           Groups:
             type: "array"
-            description: "A list of additional groups that the container process will run as."
+            description: |
+              A list of additional groups that the container process will run as.
             items:
               type: "string"
           Privileges:
@@ -2583,30 +3054,48 @@ definitions:
                 type: "object"
                 description: "CredentialSpec for managed service account (Windows only)"
                 properties:
+                  Config:
+                    type: "string"
+                    example: "0bt9dmxjvjiqermk6xrop3ekq"
+                    description: |
+                      Load credential spec from a Swarm Config with the given ID.
+                      The specified config must also be present in the Configs
+                      field with the Runtime property set.
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
                   File:
                     type: "string"
+                    example: "spec.json"
                     description: |
-                      Load credential spec from this file. The file is read by the daemon, and must be present in the
-                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
-                      `C:\ProgramData\Docker\` on Windows.
+                      Load credential spec from this file. The file is read by
+                      the daemon, and must be present in the `CredentialSpecs`
+                      subdirectory in the docker data directory, which defaults
+                      to `C:\ProgramData\Docker\` on Windows.
 
-                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+                      For example, specifying `spec.json` loads
+                      `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
 
                       <p><br /></p>
 
-                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
                   Registry:
                     type: "string"
                     description: |
-                      Load credential spec from this value in the Windows registry. The specified registry value must be
-                      located in:
+                      Load credential spec from this value in the Windows
+                      registry. The specified registry value must be located in:
 
                       `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
 
                       <p><br /></p>
 
 
-                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
               SELinuxContext:
                 type: "object"
                 description: "SELinux labels of the container"
@@ -2636,7 +3125,9 @@ definitions:
             description: "Mount the container's root filesystem as read only."
             type: "boolean"
           Mounts:
-            description: "Specification for mounts to be added to containers created as part of the service."
+            description: |
+              Specification for mounts to be added to containers created as part
+              of the service.
             type: "array"
             items:
               $ref: "#/definitions/Mount"
@@ -2644,7 +3135,9 @@ definitions:
             description: "Signal to stop the container."
             type: "string"
           StopGracePeriod:
-            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            description: |
+              Amount of time to wait for the container to terminate before
+              forcefully killing it.
             type: "integer"
             format: "int64"
           HealthCheck:
@@ -2661,7 +3154,9 @@ definitions:
             items:
               type: "string"
           DNSConfig:
-            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            description: |
+              Specification for DNS related configurations in resolver configuration
+              file (`resolv.conf`).
             type: "object"
             properties:
               Nameservers:
@@ -2675,22 +3170,28 @@ definitions:
                 items:
                   type: "string"
               Options:
-                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                description: |
+                  A list of internal resolver variables to be modified (e.g.,
+                  `debug`, `ndots:3`, etc.).
                 type: "array"
                 items:
                   type: "string"
           Secrets:
-            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            description: |
+              Secrets contains references to zero or more secrets that will be
+              exposed to the service.
             type: "array"
             items:
               type: "object"
               properties:
                 File:
-                  description: "File represents a specific target that is backed by a file."
+                  description: |
+                    File represents a specific target that is backed by a file.
                   type: "object"
                   properties:
                     Name:
-                      description: "Name represents the final filename in the filesystem."
+                      description: |
+                        Name represents the final filename in the filesystem.
                       type: "string"
                     UID:
                       description: "UID represents the file UID."
@@ -2703,25 +3204,36 @@ definitions:
                       type: "integer"
                       format: "uint32"
                 SecretID:
-                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  description: |
+                    SecretID represents the ID of the specific secret that we're
+                    referencing.
                   type: "string"
                 SecretName:
                   description: |
-                    SecretName is the name of the secret that this references, but this is just provided for
-                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                    SecretName is the name of the secret that this references,
+                    but this is just provided for lookup/display purposes. The
+                    secret in the reference will be identified by its ID.
                   type: "string"
           Configs:
-            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            description: |
+              Configs contains references to zero or more configs that will be
+              exposed to the service.
             type: "array"
             items:
               type: "object"
               properties:
                 File:
-                  description: "File represents a specific target that is backed by a file."
+                  description: |
+                    File represents a specific target that is backed by a file.
+
+                    <p><br /><p>
+
+                    > **Note**: `Configs.File` and `Configs.Runtime` are mutually exclusive
                   type: "object"
                   properties:
                     Name:
-                      description: "Name represents the final filename in the filesystem."
+                      description: |
+                        Name represents the final filename in the filesystem.
                       type: "string"
                     UID:
                       description: "UID represents the file UID."
@@ -2733,23 +3245,41 @@ definitions:
                       description: "Mode represents the FileMode of the file."
                       type: "integer"
                       format: "uint32"
+                Runtime:
+                  description: |
+                    Runtime represents a target that is not mounted into the
+                    container but is used by the task
+
+                    <p><br /><p>
+
+                    > **Note**: `Configs.File` and `Configs.Runtime` are mutually
+                    > exclusive
+                  type: "object"
                 ConfigID:
-                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  description: |
+                    ConfigID represents the ID of the specific config that we're
+                    referencing.
                   type: "string"
                 ConfigName:
                   description: |
-                    ConfigName is the name of the config that this references, but this is just provided for
-                    lookup/display purposes. The config in the reference will be identified by its ID.
+                    ConfigName is the name of the config that this references,
+                    but this is just provided for lookup/display purposes. The
+                    config in the reference will be identified by its ID.
                   type: "string"
           Isolation:
             type: "string"
-            description: "Isolation technology of the containers running the service. (Windows only)"
+            description: |
+              Isolation technology of the containers running the service.
+              (Windows only)
             enum:
               - "default"
               - "process"
               - "hyperv"
           Init:
-            description: "Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used."
+            description: |
+              Run an init inside the container that forwards signals and reaps
+              processes. This field is omitted if empty, and the default (as
+              configured on the daemon) is used.
             type: "boolean"
             x-nullable: true
           Sysctls:
@@ -2764,6 +3294,44 @@ definitions:
             type: "object"
             additionalProperties:
               type: "string"
+          # This option is not used by Windows containers
+          CapabilityAdd:
+            type: "array"
+            description: |
+              A list of kernel capabilities to add to the default set
+              for the container.
+            items:
+              type: "string"
+            example:
+              - "CAP_NET_RAW"
+              - "CAP_SYS_ADMIN"
+              - "CAP_SYS_CHROOT"
+              - "CAP_SYSLOG"
+          CapabilityDrop:
+            type: "array"
+            description: |
+              A list of kernel capabilities to drop from the default set
+              for the container.
+            items:
+              type: "string"
+            example:
+              - "CAP_NET_RAW"
+          Ulimits:
+            description: |
+              A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Name:
+                  description: "Name of ulimit"
+                  type: "string"
+                Soft:
+                  description: "Soft limit"
+                  type: "integer"
+                Hard:
+                  description: "Hard limit"
+                  type: "integer"
       NetworkAttachmentSpec:
         description: |
           Read-only spec type for non-swarm containers attached to swarm overlay
@@ -2781,17 +3349,21 @@ definitions:
             description: "ID of the container represented by this task"
             type: "string"
       Resources:
-        description: "Resource requirements which apply to each individual container created as part of the service."
+        description: |
+          Resource requirements which apply to each individual container created
+          as part of the service.
         type: "object"
         properties:
           Limits:
             description: "Define resources limits."
-            $ref: "#/definitions/ResourceObject"
+            $ref: "#/definitions/Limit"
           Reservation:
             description: "Define resources reservation."
             $ref: "#/definitions/ResourceObject"
       RestartPolicy:
-        description: "Specification for the restart policy which applies to containers created as part of this service."
+        description: |
+          Specification for the restart policy which applies to containers
+          created as part of this service.
         type: "object"
         properties:
           Condition:
@@ -2806,12 +3378,16 @@ definitions:
             type: "integer"
             format: "int64"
           MaxAttempts:
-            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            description: |
+              Maximum attempts to restart a given container before giving up
+              (default value is 0, which is ignored).
             type: "integer"
             format: "int64"
             default: 0
           Window:
-            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            description: |
+              Windows is the time window used to evaluate the restart policy
+              (default value is 0, which is unbounded).
             type: "integer"
             format: "int64"
             default: 0
@@ -2819,7 +3395,27 @@ definitions:
         type: "object"
         properties:
           Constraints:
-            description: "An array of constraints."
+            description: |
+              An array of constraint expressions to limit the set of nodes where
+              a task can be scheduled. Constraint expressions can either use a
+              _match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
+              nodes that satisfy every expression (AND match). Constraints can
+              match node or Docker Engine labels as follows:
+
+              node attribute       | matches                        | example
+              ---------------------|--------------------------------|-----------------------------------------------
+              `node.id`            | Node ID                        | `node.id==2ivku8v2gvtg4`
+              `node.hostname`      | Node hostname                  | `node.hostname!=node-2`
+              `node.role`          | Node role (`manager`/`worker`) | `node.role==manager`
+              `node.platform.os`   | Node operating system          | `node.platform.os==windows`
+              `node.platform.arch` | Node architecture              | `node.platform.arch==x86_64`
+              `node.labels`        | User-defined node labels       | `node.labels.security==high`
+              `engine.labels`      | Docker Engine's labels         | `engine.labels.operatingsystem==ubuntu-14.04`
+
+              `engine.labels` apply to Docker Engine labels like operating system,
+              drivers, etc. Swarm administrators add `node.labels` for operational
+              purposes by using the [`node update endpoint`](#operation/NodeUpdate).
+
             type: "array"
             items:
               type: "string"
@@ -2827,8 +3423,13 @@ definitions:
               - "node.hostname!=node3.corp.example.com"
               - "node.role!=manager"
               - "node.labels.type==production"
+              - "node.platform.os==linux"
+              - "node.platform.arch==x86_64"
           Preferences:
-            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            description: |
+              Preferences provide a way to make the scheduler aware of factors
+              such as topology. They are provided in order from highest to
+              lowest precedence.
             type: "array"
             items:
               type: "object"
@@ -2837,13 +3438,21 @@ definitions:
                   type: "object"
                   properties:
                     SpreadDescriptor:
-                      description: "label descriptor, such as engine.labels.az"
+                      description: |
+                        label descriptor, such as `engine.labels.az`.
                       type: "string"
             example:
               - Spread:
                   SpreadDescriptor: "node.labels.datacenter"
               - Spread:
                   SpreadDescriptor: "node.labels.rack"
+          MaxReplicas:
+            description: |
+              Maximum number of replicas for per node (default value is 0, which
+              is unlimited)
+            type: "integer"
+            format: "int64"
+            default: 0
           Platforms:
             description: |
               Platforms stores all the platforms that the service's image can
@@ -2854,24 +3463,24 @@ definitions:
             items:
               $ref: "#/definitions/Platform"
       ForceUpdate:
-        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        description: |
+          A counter that triggers an update even if no relevant parameters have
+          been changed.
         type: "integer"
       Runtime:
-        description: "Runtime is the type of runtime specified for the task executor."
+        description: |
+          Runtime is the type of runtime specified for the task executor.
         type: "string"
       Networks:
+        description: "Specifies which networks the service should attach to."
         type: "array"
         items:
-          type: "object"
-          properties:
-            Target:
-              type: "string"
-            Aliases:
-              type: "array"
-              items:
-                type: "string"
+          $ref: "#/definitions/NetworkAttachmentConfig"
       LogDriver:
-        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        description: |
+          Specifies the log driver to use for tasks created from this spec. If
+          not present, the default one for the swarm will be used, finally
+          falling back to the engine default if not specified.
         type: "object"
         properties:
           Name:
@@ -2957,6 +3566,12 @@ definitions:
                 type: "integer"
       DesiredState:
         $ref: "#/definitions/TaskState"
+      JobIteration:
+        description: |
+          If the Service this Task belongs to is a job-mode service, contains
+          the JobIteration of the Service this Task was created for. Absent if
+          the Task was created for a Replicated or Global Service.
+        $ref: "#/definitions/ObjectVersion"
     example:
       ID: "0kzzo1i0y4jz6027t0k7aezc7"
       Version:
@@ -3049,12 +3664,37 @@ definitions:
                 format: "int64"
           Global:
             type: "object"
+          ReplicatedJob:
+            description: |
+              The mode used for services with a finite number of tasks that run
+              to a completed state.
+            type: "object"
+            properties:
+              MaxConcurrent:
+                description: |
+                  The maximum number of replicas to run simultaneously.
+                type: "integer"
+                format: "int64"
+                default: 1
+              TotalCompletions:
+                description: |
+                  The total number of replicas desired to reach the Completed
+                  state. If unset, will default to the value of `MaxConcurrent`
+                type: "integer"
+                format: "int64"
+          GlobalJob:
+            description: |
+              The mode used for services which run a task to the completed state
+              on each valid node.
+            type: "object"
       UpdateConfig:
         description: "Specification for the update strategy of the service."
         type: "object"
         properties:
           Parallelism:
-            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            description: |
+              Maximum number of tasks to be updated in one iteration (0 means
+              unlimited parallelism).
             type: "integer"
             format: "int64"
           Delay:
@@ -3062,22 +3702,32 @@ definitions:
             type: "integer"
             format: "int64"
           FailureAction:
-            description: "Action to take if an updated task fails to run, or stops running during the update."
+            description: |
+              Action to take if an updated task fails to run, or stops running
+              during the update.
             type: "string"
             enum:
               - "continue"
               - "pause"
               - "rollback"
           Monitor:
-            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            description: |
+              Amount of time to monitor each updated task for failures, in
+              nanoseconds.
             type: "integer"
             format: "int64"
           MaxFailureRatio:
-            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            description: |
+              The fraction of tasks that may fail during an update before the
+              failure action is invoked, specified as a floating point number
+              between 0 and 1.
             type: "number"
             default: 0
           Order:
-            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            description: |
+              The order of operations when rolling out an updated task. Either
+              the old task is shut down before the new task is started, or the
+              new task is started before the old task is shut down.
             type: "string"
             enum:
               - "stop-first"
@@ -3087,45 +3737,52 @@ definitions:
         type: "object"
         properties:
           Parallelism:
-            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            description: |
+              Maximum number of tasks to be rolled back in one iteration (0 means
+              unlimited parallelism).
             type: "integer"
             format: "int64"
           Delay:
-            description: "Amount of time between rollback iterations, in nanoseconds."
+            description: |
+              Amount of time between rollback iterations, in nanoseconds.
             type: "integer"
             format: "int64"
           FailureAction:
-            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            description: |
+              Action to take if an rolled back task fails to run, or stops
+              running during the rollback.
             type: "string"
             enum:
               - "continue"
               - "pause"
           Monitor:
-            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            description: |
+              Amount of time to monitor each rolled back task for failures, in
+              nanoseconds.
             type: "integer"
             format: "int64"
           MaxFailureRatio:
-            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            description: |
+              The fraction of tasks that may fail during a rollback before the
+              failure action is invoked, specified as a floating point number
+              between 0 and 1.
             type: "number"
             default: 0
           Order:
-            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            description: |
+              The order of operations when rolling back a task. Either the old
+              task is shut down before the new task is started, or the new task
+              is started before the old task is shut down.
             type: "string"
             enum:
               - "stop-first"
               - "start-first"
       Networks:
-        description: "Array of network names or IDs to attach the service to."
+        description: "Specifies which networks the service should attach to."
         type: "array"
         items:
-          type: "object"
-          properties:
-            Target:
-              type: "string"
-            Aliases:
-              type: "array"
-              items:
-                type: "string"
+          $ref: "#/definitions/NetworkAttachmentConfig"
+
       EndpointSpec:
         $ref: "#/definitions/EndpointSpec"
 
@@ -3152,7 +3809,7 @@ definitions:
 
           <p><br /></p>
 
-          - "ingress" makes the target port accessible on on every node,
+          - "ingress" makes the target port accessible on every node,
             regardless of whether there is a task for the service running on
             that node or not.
           - "host" bypasses the routing mesh and publish the port directly on
@@ -3170,15 +3827,17 @@ definitions:
     type: "object"
     properties:
       Mode:
-        description: "The mode of resolution to use for internal load balancing
-      between tasks."
+        description: |
+          The mode of resolution to use for internal load balancing between tasks.
         type: "string"
         enum:
           - "vip"
           - "dnsrr"
         default: "vip"
       Ports:
-        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        description: |
+          List of exposed ports that this service is accessible on from the
+          outside. Ports can only be provided if `vip` resolution mode is used.
         type: "array"
         items:
           $ref: "#/definitions/EndpointPortConfig"
@@ -3234,6 +3893,61 @@ definitions:
             format: "dateTime"
           Message:
             type: "string"
+      ServiceStatus:
+        description: |
+          The status of the service's tasks. Provided only when requested as
+          part of a ServiceList operation.
+        type: "object"
+        properties:
+          RunningTasks:
+            description: |
+              The number of tasks for the service currently in the Running state.
+            type: "integer"
+            format: "uint64"
+            example: 7
+          DesiredTasks:
+            description: |
+              The number of tasks for the service desired to be running.
+              For replicated services, this is the replica count from the
+              service spec. For global services, this is computed by taking
+              count of all tasks for the service with a Desired State other
+              than Shutdown.
+            type: "integer"
+            format: "uint64"
+            example: 10
+          CompletedTasks:
+            description: |
+              The number of tasks for a job that are in the Completed state.
+              This field must be cross-referenced with the service type, as the
+              value of 0 may mean the service is not in a job mode, or it may
+              mean the job-mode service has no tasks yet Completed.
+            type: "integer"
+            format: "uint64"
+      JobStatus:
+        description: |
+          The status of the service when it is in one of ReplicatedJob or
+          GlobalJob modes. Absent on Replicated and Global mode services. The
+          JobIteration is an ObjectVersion, but unlike the Service's version,
+          does not need to be sent with an update request.
+        type: "object"
+        properties:
+          JobIteration:
+            description: |
+              JobIteration is a value increased each time a Job is executed,
+              successfully or otherwise. "Executed", in this case, means the
+              job as a whole has been started, not that an individual Task has
+              been launched. A job is "Executed" when its ServiceSpec is
+              updated. JobIteration can be used to disambiguate Tasks belonging
+              to different executions of a job.  Though JobIteration will
+              increase with each subsequent execution, it may not necessarily
+              increase by 1, and so JobIteration should not be used to
+            $ref: "#/definitions/ObjectVersion"
+          LastExecution:
+            description: |
+              The last time, as observed by the server, that this job was
+              started.
+            type: "string"
+            format: "dateTime"
     example:
       ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
       Version:
@@ -3318,73 +4032,71 @@ definitions:
       Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
 
   ContainerSummary:
-    type: "array"
-    items:
-      type: "object"
-      properties:
-        Id:
-          description: "The ID of this container"
-          type: "string"
-          x-go-name: "ID"
-        Names:
-          description: "The names that this container has been given"
-          type: "array"
-          items:
-            type: "string"
-        Image:
-          description: "The name of the image used when creating this container"
-          type: "string"
-        ImageID:
-          description: "The ID of the image that this container was created from"
+    type: "object"
+    properties:
+      Id:
+        description: "The ID of this container"
+        type: "string"
+        x-go-name: "ID"
+      Names:
+        description: "The names that this container has been given"
+        type: "array"
+        items:
           type: "string"
-        Command:
-          description: "Command to run when starting the container"
+      Image:
+        description: "The name of the image used when creating this container"
+        type: "string"
+      ImageID:
+        description: "The ID of the image that this container was created from"
+        type: "string"
+      Command:
+        description: "Command to run when starting the container"
+        type: "string"
+      Created:
+        description: "When the container was created"
+        type: "integer"
+        format: "int64"
+      Ports:
+        description: "The ports exposed by this container"
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+      SizeRw:
+        description: "The size of files that have been created or changed by this container"
+        type: "integer"
+        format: "int64"
+      SizeRootFs:
+        description: "The total size of all the files in this container"
+        type: "integer"
+        format: "int64"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
           type: "string"
-        Created:
-          description: "When the container was created"
-          type: "integer"
-          format: "int64"
-        Ports:
-          description: "The ports exposed by this container"
-          type: "array"
-          items:
-            $ref: "#/definitions/Port"
-        SizeRw:
-          description: "The size of files that have been created or changed by this container"
-          type: "integer"
-          format: "int64"
-        SizeRootFs:
-          description: "The total size of all the files in this container"
-          type: "integer"
-          format: "int64"
-        Labels:
-          description: "User-defined key/value metadata."
-          type: "object"
-          additionalProperties:
+      State:
+        description: "The state of this container (e.g. `Exited`)"
+        type: "string"
+      Status:
+        description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+        type: "string"
+      HostConfig:
+        type: "object"
+        properties:
+          NetworkMode:
             type: "string"
-        State:
-          description: "The state of this container (e.g. `Exited`)"
-          type: "string"
-        Status:
-          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
-          type: "string"
-        HostConfig:
-          type: "object"
-          properties:
-            NetworkMode:
-              type: "string"
-        NetworkSettings:
-          description: "A summary of the container's network settings"
-          type: "object"
-          properties:
-            Networks:
-              type: "object"
-              additionalProperties:
-                $ref: "#/definitions/EndpointSettings"
-        Mounts:
-          type: "array"
-          items:
-            $ref: "#/definitions/Mount"
+      NetworkSettings:
+        description: "A summary of the container's network settings"
+        type: "object"
+        properties:
+          Networks:
+            type: "object"
+            additionalProperties:
+              $ref: "#/definitions/EndpointSettings"
+      Mounts:
+        type: "array"
+        items:
+          $ref: "#/definitions/Mount"
 
   Driver:
     description: "Driver represents a driver (network, logging, secrets)."
@@ -3422,7 +4134,7 @@ definitions:
           com.example.some-other-label: "some-other-value"
       Data:
         description: |
-          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
           data to store as secret.
 
           This field is only used to _create_ a secret, and is not returned by
@@ -3430,7 +4142,9 @@ definitions:
         type: "string"
         example: ""
       Driver:
-        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        description: |
+          Name of the secrets driver used to fetch the secret's value from an
+          external secret store.
         $ref: "#/definitions/Driver"
       Templating:
         description: |
@@ -3472,7 +4186,7 @@ definitions:
           type: "string"
       Data:
         description: |
-          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
           config data.
         type: "string"
       Templating:
@@ -3499,6 +4213,167 @@ definitions:
       Spec:
         $ref: "#/definitions/ConfigSpec"
 
+  ContainerState:
+    description: |
+      ContainerState stores container's running state. It's part of ContainerJSONBase
+      and will be returned by the "inspect" command.
+    type: "object"
+    x-nullable: true
+    properties:
+      Status:
+        description: |
+          String representation of the container state. Can be one of "created",
+          "running", "paused", "restarting", "removing", "exited", or "dead".
+        type: "string"
+        enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+        example: "running"
+      Running:
+        description: |
+          Whether this container is running.
+
+          Note that a running container can be _paused_. The `Running` and `Paused`
+          booleans are not mutually exclusive:
+
+          When pausing a container (on Linux), the freezer cgroup is used to suspend
+          all processes in the container. Freezing the process requires the process to
+          be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+          Use the `Status` field instead to determine if a container's state is "running".
+        type: "boolean"
+        example: true
+      Paused:
+        description: "Whether this container is paused."
+        type: "boolean"
+        example: false
+      Restarting:
+        description: "Whether this container is restarting."
+        type: "boolean"
+        example: false
+      OOMKilled:
+        description: |
+          Whether this container has been killed because it ran out of memory.
+        type: "boolean"
+        example: false
+      Dead:
+        type: "boolean"
+        example: false
+      Pid:
+        description: "The process ID of this container"
+        type: "integer"
+        example: 1234
+      ExitCode:
+        description: "The last exit code of this container"
+        type: "integer"
+        example: 0
+      Error:
+        type: "string"
+      StartedAt:
+        description: "The time when this container was last started."
+        type: "string"
+        example: "2020-01-06T09:06:59.461876391Z"
+      FinishedAt:
+        description: "The time when this container last exited."
+        type: "string"
+        example: "2020-01-06T09:07:59.461876391Z"
+      Health:
+        $ref: "#/definitions/Health"
+
+  SystemVersion:
+    type: "object"
+    description: |
+      Response of Engine API: GET "/version"
+    properties:
+      Platform:
+        type: "object"
+        required: [Name]
+        properties:
+          Name:
+            type: "string"
+      Components:
+        type: "array"
+        description: |
+          Information about system components
+        items:
+          type: "object"
+          x-go-name: ComponentVersion
+          required: [Name, Version]
+          properties:
+            Name:
+              description: |
+                Name of the component
+              type: "string"
+              example: "Engine"
+            Version:
+              description: |
+                Version of the component
+              type: "string"
+              x-nullable: false
+              example: "19.03.12"
+            Details:
+              description: |
+                Key/value pairs of strings with additional information about the
+                component. These values are intended for informational purposes
+                only, and their content is not defined, and not part of the API
+                specification.
+
+                These messages can be printed by the client as information to the user.
+              type: "object"
+              x-nullable: true
+      Version:
+        description: "The version of the daemon"
+        type: "string"
+        example: "19.03.12"
+      ApiVersion:
+        description: |
+          The default (and highest) API version that is supported by the daemon
+        type: "string"
+        example: "1.40"
+      MinAPIVersion:
+        description: |
+          The minimum API version that is supported by the daemon
+        type: "string"
+        example: "1.12"
+      GitCommit:
+        description: |
+          The Git commit of the source code that was used to build the daemon
+        type: "string"
+        example: "48a66213fe"
+      GoVersion:
+        description: |
+          The version Go used to compile the daemon, and the version of the Go
+          runtime in use.
+        type: "string"
+        example: "go1.13.14"
+      Os:
+        description: |
+          The operating system that the daemon is running on ("linux" or "windows")
+        type: "string"
+        example: "linux"
+      Arch:
+        description: |
+          The architecture that the daemon is running on
+        type: "string"
+        example: "amd64"
+      KernelVersion:
+        description: |
+          The kernel version (`uname -r`) that the daemon is running on.
+
+          This field is omitted when empty.
+        type: "string"
+        example: "4.19.76-linuxkit"
+      Experimental:
+        description: |
+          Indicates if the daemon is started with experimental features enabled.
+
+          This field is omitted when empty / false.
+        type: "boolean"
+        example: true
+      BuildTime:
+        description: |
+          The date and time that the daemon was compiled.
+        type: "string"
+        example: "2020-06-22T15:49:27.000000000+00:00"
+
   SystemInfo:
     type: "object"
     properties:
@@ -3573,44 +4448,6 @@ definitions:
           on Windows.
         type: "string"
         example: "/var/lib/docker"
-      SystemStatus:
-        description: |
-          Status information about this node (standalone Swarm API).
-
-          <p><br /></p>
-
-          > **Note**: The information returned in this field is only propagated
-          > by the Swarm standalone API, and is empty (`null`) when using
-          > built-in swarm mode.
-        type: "array"
-        items:
-          type: "array"
-          items:
-            type: "string"
-        example:
-          - ["Role", "primary"]
-          - ["State", "Healthy"]
-          - ["Strategy", "spread"]
-          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
-          - ["Nodes", "2"]
-          - [" swarm-agent-00", "192.168.99.102:2376"]
-          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
-          - ["  └ Status", "Healthy"]
-          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
-          - ["  └ Reserved CPUs", "0 / 1"]
-          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
-          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
-          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
-          - ["  └ ServerVersion", "17.06.0-ce"]
-          - [" swarm-manager", "192.168.99.101:2376"]
-          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
-          - ["  └ Status", "Healthy"]
-          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
-          - ["  └ Reserved CPUs", "0 / 1"]
-          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
-          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
-          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
-          - ["  └ ServerVersion", "17.06.0-ce"]
       Plugins:
         $ref: "#/definitions/PluginsInfo"
       MemoryLimit:
@@ -3622,19 +4459,30 @@ definitions:
         type: "boolean"
         example: true
       KernelMemory:
-        description: "Indicates if the host has kernel memory limit support enabled."
+        description: |
+          Indicates if the host has kernel memory limit support enabled.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is deprecated as the kernel 5.4 deprecated
+          > `kmem.limit_in_bytes`.
         type: "boolean"
         example: true
       CpuCfsPeriod:
-        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        description: |
+          Indicates if CPU CFS(Completely Fair Scheduler) period is supported by
+          the host.
         type: "boolean"
         example: true
       CpuCfsQuota:
-        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        description: |
+          Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by
+          the host.
         type: "boolean"
         example: true
       CPUShares:
-        description: "Indicates if CPU Shares limiting is supported by the host."
+        description: |
+          Indicates if CPU Shares limiting is supported by the host.
         type: "boolean"
         example: true
       CPUSet:
@@ -3644,6 +4492,10 @@ definitions:
           See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
         type: "boolean"
         example: true
+      PidsLimit:
+        description: "Indicates if the host kernel has PID limit support enabled."
+        type: "boolean"
+        example: true
       OomKillDisable:
         description: "Indicates if OOM killer disable is supported on the host."
         type: "boolean"
@@ -3660,7 +4512,9 @@ definitions:
         type: "boolean"
         example: true
       Debug:
-        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        description: |
+          Indicates if the daemon is running in debug-mode / with debug-level
+          logging enabled.
         type: "boolean"
         example: true
       NFd:
@@ -3691,9 +4545,16 @@ definitions:
         description: |
           The driver to use for managing cgroups.
         type: "string"
-        enum: ["cgroupfs", "systemd"]
+        enum: ["cgroupfs", "systemd", "none"]
         default: "cgroupfs"
         example: "cgroupfs"
+      CgroupVersion:
+        description: |
+          The version of the cgroup.
+        type: "string"
+        enum: ["1", "2"]
+        default: "1"
+        example: "1"
       NEventsListener:
         description: "Number of event listeners subscribed."
         type: "integer"
@@ -3713,6 +4574,17 @@ definitions:
           or "Windows Server 2016 Datacenter"
         type: "string"
         example: "Alpine Linux v3.5"
+      OSVersion:
+        description: |
+          Version of the host's operating system
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including its
+          > very existence, and the formatting of values, should not be considered
+          > stable, and may change without notice.
+        type: "string"
+        example: "16.04"
       OSType:
         description: |
           Generic type of the operating system of the host, as returned by the
@@ -3741,7 +4613,7 @@ definitions:
         example: 4
       MemTotal:
         description: |
-          Total amount of physical memory available on the host, in kilobytes (kB).
+          Total amount of physical memory available on the host, in bytes.
         type: "integer"
         format: "int64"
         example: 2095882240
@@ -3829,7 +4701,7 @@ definitions:
 
           <p><br /></p>
 
-          > **Note**: This field is only propagated when using standalone Swarm
+          > **Deprecated**: This field is only propagated when using standalone Swarm
           > mode, and overlay networking using an external k/v store. Overlay
           > networks with Swarm mode enabled use the built-in raft store, and
           > this field will be empty.
@@ -3843,7 +4715,7 @@ definitions:
 
           <p><br /></p>
 
-          > **Note**: This field is only propagated when using standalone Swarm
+          > **Deprecated**: This field is only propagated when using standalone Swarm
           > mode, and overlay networking using an external k/v store. Overlay
           > networks with Swarm mode enabled use the built-in raft store, and
           > this field will be empty.
@@ -3926,7 +4798,7 @@ definitions:
       SecurityOptions:
         description: |
           List of security features that are enabled on the daemon, such as
-          apparmor, seccomp, SELinux, and user-namespaces (userns).
+          apparmor, seccomp, SELinux, user-namespaces (userns), and rootless.
 
           Additional configuration options for each security feature may
           be present, and are included as a comma-separated list of key/value
@@ -3939,6 +4811,7 @@ definitions:
           - "name=seccomp,profile=default"
           - "name=selinux"
           - "name=userns"
+          - "name=rootless"
       ProductLicense:
         description: |
           Reports a summary of the product license on the daemon.
@@ -3947,6 +4820,25 @@ definitions:
           such as number of nodes, and expiration are included.
         type: "string"
         example: "Community Engine"
+      DefaultAddressPools:
+        description: |
+          List of custom default address pools for local networks, which can be
+          specified in the daemon.json file or dockerd option.
+
+          Example: a Base "10.10.0.0/16" with Size 24 will define the set of 256
+          10.10.[0-255].0/24 address pools.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Base:
+              description: "The network address in CIDR format"
+              type: "string"
+              example: "10.10.0.0/16"
+            Size:
+              description: "The network pool size"
+              type: "integer"
+              example: "24"
       Warnings:
         description: |
           List of warnings / informational messages about missing features, or
@@ -4292,37 +5184,221 @@ definitions:
           IP address and ports at which this node can be reached.
         type: "string"
 
+  NetworkAttachmentConfig:
+    description: |
+      Specifies how a service should be attached to a particular network.
+    type: "object"
+    properties:
+      Target:
+        description: |
+          The target network for attachment. Must be a network name or ID.
+        type: "string"
+      Aliases:
+        description: |
+          Discoverable alternate names for the service on this network.
+        type: "array"
+        items:
+          type: "string"
+      DriverOpts:
+        description: |
+          Driver attachment options for the network target.
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  EventActor:
+    description: |
+      Actor describes something that generates events, like a container, network,
+      or a volume.
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the object emitting the event"
+        type: "string"
+        example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+      Attributes:
+        description: |
+          Various key/value attributes of the object, depending on its type.
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-label-value"
+          image: "alpine:latest"
+          name: "my-container"
+
+  EventMessage:
+    description: |
+      EventMessage represents the information an event contains.
+    type: "object"
+    title: "SystemEventsResponse"
+    properties:
+      Type:
+        description: "The type of object emitting the event"
+        type: "string"
+        enum: ["builder", "config", "container", "daemon", "image", "network", "node", "plugin", "secret", "service", "volume"]
+        example: "container"
+      Action:
+        description: "The type of event"
+        type: "string"
+        example: "create"
+      Actor:
+        $ref: "#/definitions/EventActor"
+      scope:
+        description: |
+          Scope of the event. Engine events are `local` scope. Cluster (Swarm)
+          events are `swarm` scope.
+        type: "string"
+        enum: ["local", "swarm"]
+      time:
+        description: "Timestamp of event"
+        type: "integer"
+        format: "int64"
+        example: 1629574695
+      timeNano:
+        description: "Timestamp of event, with nanosecond accuracy"
+        type: "integer"
+        format: "int64"
+        example: 1629574695515050031
+
+  OCIDescriptor:
+    type: "object"
+    x-go-name: Descriptor
+    description: |
+      A descriptor struct containing digest, media type, and size, as defined in
+      the [OCI Content Descriptors Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md).
+    properties:
+      mediaType:
+        description: |
+          The media type of the object this schema refers to.
+        type: "string"
+        example: "application/vnd.docker.distribution.manifest.v2+json"
+      digest:
+        description: |
+          The digest of the targeted content.
+        type: "string"
+        example: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+      size:
+        description: |
+          The size in bytes of the blob.
+        type: "integer"
+        format: "int64"
+        example: 3987495
+      # TODO Not yet including these fields for now, as they are nil / omitted in our response.
+      # urls:
+      #   description: |
+      #     List of URLs from which this object MAY be downloaded.
+      #   type: "array"
+      #   items:
+      #     type: "string"
+      #     format: "uri"
+      # annotations:
+      #   description: |
+      #     Arbitrary metadata relating to the targeted content.
+      #   type: "object"
+      #   additionalProperties:
+      #     type: "string"
+      # platform:
+      #   $ref: "#/definitions/OCIPlatform"
+
+  OCIPlatform:
+    type: "object"
+    x-go-name: Platform
+    description: |
+      Describes the platform which the image in the manifest runs on, as defined
+      in the [OCI Image Index Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-index.md).
+    properties:
+      architecture:
+        description: |
+          The CPU architecture, for example `amd64` or `ppc64`.
+        type: "string"
+        example: "arm"
+      os:
+        description: |
+          The operating system, for example `linux` or `windows`.
+        type: "string"
+        example: "windows"
+      os.version:
+        description: |
+          Optional field specifying the operating system version, for example on
+          Windows `10.0.19041.1165`.
+        type: "string"
+        example: "10.0.19041.1165"
+      os.features:
+        description: |
+          Optional field specifying an array of strings, each listing a required
+          OS feature (for example on Windows `win32k`).
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "win32k"
+      variant:
+        description: |
+          Optional field specifying a variant of the CPU, for example `v7` to
+          specify ARMv7 when architecture is `arm`.
+        type: "string"
+        example: "v7"
+
+  DistributionInspect:
+    type: "object"
+    x-go-name: DistributionInspect
+    title: "DistributionInspectResponse"
+    required: [Descriptor, Platforms]
+    description: |
+      Describes the result obtained from contacting the registry to retrieve
+      image metadata.
+    properties:
+      Descriptor:
+        $ref: "#/definitions/OCIDescriptor"
+      Platforms:
+        type: "array"
+        description: |
+          An array containing all platforms supported by the image.
+        items:
+          $ref: "#/definitions/OCIPlatform"
+
 paths:
   /containers/json:
     get:
       summary: "List containers"
       description: |
-        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+        Returns a list of containers. For details on the format, see the
+        [inspect endpoint](#operation/ContainerInspect).
 
-        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
-        the list of linked containers is not propagated .
+        Note that it uses a different, smaller representation of a container
+        than inspecting a single container. For example, the list of linked
+        containers is not propagated .
       operationId: "ContainerList"
       produces:
         - "application/json"
       parameters:
         - name: "all"
           in: "query"
-          description: "Return all containers. By default, only running containers are shown"
+          description: |
+            Return all containers. By default, only running containers are shown.
           type: "boolean"
           default: false
         - name: "limit"
           in: "query"
-          description: "Return this number of most recently created containers, including non-running ones."
+          description: |
+            Return this number of most recently created containers, including
+            non-running ones.
           type: "integer"
         - name: "size"
           in: "query"
-          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          description: |
+            Return the size of container as fields `SizeRw` and `SizeRootFs`.
           type: "boolean"
           default: false
         - name: "filters"
           in: "query"
           description: |
-            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+            Filters to process on the container list, encoded as JSON (a
+            `map[string][]string`). For example, `{"status": ["paused"]}` will
+            only return paused containers.
+
+            Available filters:
 
             - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
             - `before`=(`<container id>` or `<container name>`)
@@ -4344,7 +5420,9 @@ paths:
         200:
           description: "no error"
           schema:
-            $ref: "#/definitions/ContainerSummary"
+            type: "array"
+            items:
+              $ref: "#/definitions/ContainerSummary"
           examples:
             application/json:
               - Id: "8dfafdbc3a40"
@@ -4493,9 +5571,11 @@ paths:
       parameters:
         - name: "name"
           in: "query"
-          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          description: |
+            Assign the specified name to the container. Must match
+            `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
           type: "string"
-          pattern: "/?[a-zA-Z0-9_-]+"
+          pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
         - name: "body"
           in: "body"
           description: "Container to create"
@@ -4507,14 +5587,7 @@ paths:
                   HostConfig:
                     $ref: "#/definitions/HostConfig"
                   NetworkingConfig:
-                    description: "This container's networking configuration."
-                    type: "object"
-                    properties:
-                      EndpointsConfig:
-                        description: "A mapping of network name to endpoint configuration for that network."
-                        type: "object"
-                        additionalProperties:
-                          $ref: "#/definitions/EndpointSettings"
+                    $ref: "#/definitions/NetworkingConfig"
             example:
               Hostname: ""
               Domainname: ""
@@ -4554,7 +5627,7 @@ paths:
                 MemorySwap: 0
                 MemoryReservation: 0
                 KernelMemory: 0
-                NanoCPUs: 500000
+                NanoCpus: 500000
                 CpuPercent: 80
                 CpuShares: 512
                 CpuPeriod: 100000
@@ -4576,11 +5649,19 @@ paths:
                   - {}
                 BlkioDeviceWriteIOps:
                   - {}
+                DeviceRequests:
+                  - Driver: "nvidia"
+                    Count: -1
+                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+                    Capabilities: [["gpu", "nvidia", "compute"]]
+                    Options:
+                      property1: "string"
+                      property2: "string"
                 MemorySwappiness: 60
                 OomKillDisable: false
                 OomScoreAdj: 500
                 PidMode: ""
-                PidsLimit: -1
+                PidsLimit: 0
                 PortBindings:
                   22/tcp:
                     - HostPort: "11022"
@@ -4663,12 +5744,12 @@ paths:
           schema:
             $ref: "#/definitions/ErrorResponse"
         404:
-          description: "no such container"
+          description: "no such image"
           schema:
             $ref: "#/definitions/ErrorResponse"
           examples:
             application/json:
-              message: "No such container: c2ada9df5af8"
+              message: "No such image: c2ada9df5af8"
         409:
           description: "conflict"
           schema:
@@ -4707,54 +5788,9 @@ paths:
                 items:
                   type: "string"
               State:
-                description: "The state of the container."
-                type: "object"
-                properties:
-                  Status:
-                    description: |
-                      The status of the container. For example, `"running"` or `"exited"`.
-                    type: "string"
-                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
-                  Running:
-                    description: |
-                      Whether this container is running.
-
-                      Note that a running container can be _paused_. The `Running` and `Paused`
-                      booleans are not mutually exclusive:
-
-                      When pausing a container (on Linux), the cgroups freezer is used to suspend
-                      all processes in the container. Freezing the process requires the process to
-                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
-
-                      Use the `Status` field instead to determine if a container's state is "running".
-                    type: "boolean"
-                  Paused:
-                    description: "Whether this container is paused."
-                    type: "boolean"
-                  Restarting:
-                    description: "Whether this container is restarting."
-                    type: "boolean"
-                  OOMKilled:
-                    description: "Whether this container has been killed because it ran out of memory."
-                    type: "boolean"
-                  Dead:
-                    type: "boolean"
-                  Pid:
-                    description: "The process ID of this container"
-                    type: "integer"
-                  ExitCode:
-                    description: "The last exit code of this container"
-                    type: "integer"
-                  Error:
-                    type: "string"
-                  StartedAt:
-                    description: "The time when this container was last started."
-                    type: "string"
-                  FinishedAt:
-                    description: "The time when this container last exited."
-                    type: "string"
+                $ref: "#/definitions/ContainerState"
               Image:
-                description: "The container's image"
+                description: "The container's image ID"
                 type: "string"
               ResolvConfPath:
                 type: "string"
@@ -4764,15 +5800,14 @@ paths:
                 type: "string"
               LogPath:
                 type: "string"
-              Node:
-                description: "TODO"
-                type: "object"
               Name:
                 type: "string"
               RestartCount:
                 type: "integer"
               Driver:
                 type: "string"
+              Platform:
+                type: "string"
               MountLabel:
                 type: "string"
               ProcessLabel:
@@ -4790,7 +5825,9 @@ paths:
               GraphDriver:
                 $ref: "#/definitions/GraphDriverData"
               SizeRw:
-                description: "The size of files that have been created or changed by this container."
+                description: |
+                  The size of files that have been created or changed by this
+                  container.
                 type: "integer"
                 format: "int64"
               SizeRootFs:
@@ -4822,6 +5859,8 @@ paths:
                 Domainname: ""
                 Env:
                   - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Healthcheck:
+                  Test: ["CMD-SHELL", "exit 0"]
                 Hostname: "ba033ac44011"
                 Image: "ubuntu"
                 Labels:
@@ -4867,6 +5906,14 @@ paths:
                 CpuRealtimePeriod: 1000000
                 CpuRealtimeRuntime: 10000
                 Devices: []
+                DeviceRequests:
+                  - Driver: "nvidia"
+                    Count: -1
+                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+                    Capabilities: [["gpu", "nvidia", "compute"]]
+                    Options:
+                      property1: "string"
+                      property2: "string"
                 IpcMode: ""
                 LxcConf: []
                 Memory: 0
@@ -4933,6 +5980,14 @@ paths:
                 Error: ""
                 ExitCode: 9
                 FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                Health:
+                  Status: "healthy"
+                  FailingStreak: 0
+                  Log:
+                    - Start: "2019-12-22T10:59:05.6385933Z"
+                      End: "2019-12-22T10:59:05.8078452Z"
+                      ExitCode: 0
+                      Output: ""
                 OOMKilled: false
                 Dead: false
                 Paused: false
@@ -4975,7 +6030,9 @@ paths:
   /containers/{id}/top:
     get:
       summary: "List processes running inside a container"
-      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      description: |
+        On Unix systems, this is done by running the `ps` command. This endpoint
+        is not supported on Windows.
       operationId: "ContainerTop"
       responses:
         200:
@@ -4991,7 +6048,9 @@ paths:
                 items:
                   type: "string"
               Processes:
-                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                description: |
+                  Each process running in the container, where each is process
+                  is an array of values corresponding to the titles.
                 type: "array"
                 items:
                   type: "array"
@@ -5056,18 +6115,19 @@ paths:
       description: |
         Get `stdout` and `stderr` logs from a container.
 
-        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+        Note: This endpoint works only for containers with the `json-file` or
+        `journald` logging driver.
       operationId: "ContainerLogs"
       responses:
-        101:
-          description: "logs returned as a stream"
-          schema:
-            type: "string"
-            format: "binary"
         200:
-          description: "logs returned as a string in response body"
+          description: |
+            logs returned as a stream in response body.
+            For the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+            Note that unlike the attach endpoint, the logs endpoint does not
+            upgrade the connection and does not set Content-Type.
           schema:
             type: "string"
+            format: "binary"
         404:
           description: "no such container"
           schema:
@@ -5087,10 +6147,7 @@ paths:
           type: "string"
         - name: "follow"
           in: "query"
-          description: |
-            Return the logs as a stream.
-
-            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          description: "Keep connection after returning logs."
           type: "boolean"
           default: false
         - name: "stdout"
@@ -5120,7 +6177,9 @@ paths:
           default: false
         - name: "tail"
           in: "query"
-          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
           type: "string"
           default: "all"
       tags: ["Container"]
@@ -5226,6 +6285,22 @@ paths:
         If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
         nil then for compatibility with older daemons the length of the
         corresponding `cpu_usage.percpu_usage` array should be used.
+
+        On a cgroup v2 host, the following fields are not set
+        * `blkio_stats`: all fields other than `io_service_bytes_recursive`
+        * `cpu_stats`: `cpu_usage.percpu_usage`
+        * `memory_stats`: `max_usage` and `failcnt`
+        Also, `memory_stats.stats` fields are incompatible with cgroup v1.
+
+        To calculate the values shown by the `stats` command of the docker cli tool
+        the following formulas can be used:
+        * used_memory = `memory_stats.usage - memory_stats.stats.cache`
+        * available_memory = `memory_stats.limit`
+        * Memory usage % = `(used_memory / available_memory) * 100.0`
+        * cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
+        * system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
+        * number_cpus = `lenght(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
+        * CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
       operationId: "ContainerStats"
       produces: ["application/json"]
       responses:
@@ -5344,14 +6419,23 @@ paths:
           type: "string"
         - name: "stream"
           in: "query"
-          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          description: |
+            Stream the output. If false, the stats will be output once and then
+            it will disconnect.
           type: "boolean"
           default: true
+        - name: "one-shot"
+          in: "query"
+          description: |
+            Only get a single stat instead of waiting for 2 cycles. Must be used
+            with `stream=false`.
+          type: "boolean"
+          default: false
       tags: ["Container"]
   /containers/{id}/resize:
     post:
       summary: "Resize a container TTY"
-      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      description: "Resize the TTY for a container."
       operationId: "ContainerResize"
       consumes:
         - "application/octet-stream"
@@ -5379,11 +6463,11 @@ paths:
           type: "string"
         - name: "h"
           in: "query"
-          description: "Height of the tty session in characters"
+          description: "Height of the TTY session in characters"
           type: "integer"
         - name: "w"
           in: "query"
-          description: "Width of the tty session in characters"
+          description: "Width of the TTY session in characters"
           type: "integer"
       tags: ["Container"]
   /containers/{id}/start:
@@ -5395,8 +6479,6 @@ paths:
           description: "no error"
         304:
           description: "container already started"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
         404:
           description: "no such container"
           schema:
@@ -5416,7 +6498,10 @@ paths:
           type: "string"
         - name: "detachKeys"
           in: "query"
-          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          description: |
+            Override the key sequence for detaching a container. Format is a
+            single character `[a-Z]` or `ctrl-<value>` where `<value>` is one
+            of: `a-z`, `@`, `^`, `[`, `,` or `_`.
           type: "string"
       tags: ["Container"]
   /containers/{id}/stop:
@@ -5428,8 +6513,6 @@ paths:
           description: "no error"
         304:
           description: "container already stopped"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
         404:
           description: "no such container"
           schema:
@@ -5484,7 +6567,9 @@ paths:
   /containers/{id}/kill:
     post:
       summary: "Kill a container"
-      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      description: |
+        Send a POSIX signal to a container, defaulting to killing to the
+        container.
       operationId: "ContainerKill"
       responses:
         204:
@@ -5522,7 +6607,9 @@ paths:
   /containers/{id}/update:
     post:
       summary: "Update a container"
-      description: "Change various configuration options of a container without having to recreate it."
+      description: |
+        Change various configuration options of a container without having to
+        recreate it.
       operationId: "ContainerUpdate"
       consumes: ["application/json"]
       produces: ["application/json"]
@@ -5620,9 +6707,12 @@ paths:
     post:
       summary: "Pause a container"
       description: |
-        Use the cgroups freezer to suspend all processes in a container.
+        Use the freezer cgroup to suspend all processes in a container.
 
-        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+        Traditionally, when suspending a process the `SIGSTOP` signal is used,
+        which is observable by the process being suspended. With the freezer
+        cgroup the process is unaware, and unable to capture, that it is being
+        suspended, and subsequently resumed.
       operationId: "ContainerPause"
       responses:
         204:
@@ -5675,15 +6765,20 @@ paths:
     post:
       summary: "Attach to a container"
       description: |
-        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+        Attach to a container to read its output or send it input. You can attach
+        to the same container multiple times and you can reattach to containers
+        that have been detached.
 
-        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+        Either the `stream` or `logs` parameter must be `true` for this endpoint
+        to do anything.
 
-        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+        See the [documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/)
+        for more details.
 
         ### Hijacking
 
-        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`,
+        and `stderr` on the same socket.
 
         This is the response from the daemon for an attach request:
 
@@ -5694,9 +6789,11 @@ paths:
         [STREAM]
         ```
 
-        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+        After the headers and two new lines, the TCP connection can now be used
+        for raw, bidirectional communication between the client and server.
 
-        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+        To hint potential proxies about connection hijacking, the Docker client
+        can also optionally send connection upgrade headers.
 
         For example, the client sends this request to upgrade the connection:
 
@@ -5706,7 +6803,8 @@ paths:
         Connection: Upgrade
         ```
 
-        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+        The Docker daemon will respond with a `101 UPGRADED` response, and will
+        similarly follow with the raw stream:
 
         ```
         HTTP/1.1 101 UPGRADED
@@ -5719,9 +6817,14 @@ paths:
 
         ### Stream format
 
-        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate),
+        the stream over the hijacked connected is multiplexed to separate out
+        `stdout` and `stderr`. The stream consists of a series of frames, each
+        containing a header and a payload.
 
-        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+        The header contains the information which the stream writes (`stdout` or
+        `stderr`). It also contains the size of the associated frame encoded in
+        the last four bytes (`uint32`).
 
         It is encoded on the first eight bytes like this:
 
@@ -5735,9 +6838,11 @@ paths:
         - 1: `stdout`
         - 2: `stderr`
 
-        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size
+        encoded as big endian.
 
-        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+        Following the header is the payload, which is the specified number of
+        bytes of `STREAM_TYPE`.
 
         The simplest way to implement this protocol is the following:
 
@@ -5749,7 +6854,10 @@ paths:
 
         ### Stream format when using a TTY
 
-        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate),
+        the stream is not multiplexed. The data exchanged over the hijacked
+        connection is simply the raw data from the process PTY and client's
+        `stdin`.
 
       operationId: "ContainerAttach"
       produces:
@@ -5782,21 +6890,28 @@ paths:
           type: "string"
         - name: "detachKeys"
           in: "query"
-          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          description: |
+            Override the key sequence for detaching a container.Format is a single
+            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
+            `@`, `^`, `[`, `,` or `_`.
           type: "string"
         - name: "logs"
           in: "query"
           description: |
             Replay previous logs from the container.
 
-            This is useful for attaching to a container that has started and you want to output everything since the container started.
+            This is useful for attaching to a container that has started and you
+            want to output everything since the container started.
 
-            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+            If `stream` is also enabled, once all the previous output has been
+            returned, it will seamlessly transition into streaming current
+            output.
           type: "boolean"
           default: false
         - name: "stream"
           in: "query"
-          description: "Stream attached streams from the time the request was made onwards"
+          description: |
+            Stream attached streams from the time the request was made onwards.
           type: "boolean"
           default: false
         - name: "stdin"
@@ -5847,7 +6962,10 @@ paths:
           type: "string"
         - name: "detachKeys"
           in: "query"
-          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          description: |
+            Override the key sequence for detaching a container.Format is a single
+            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
+            `@`, `^`, `[`, `,`, or `_`.
           type: "string"
         - name: "logs"
           in: "query"
@@ -5920,7 +7038,9 @@ paths:
           type: "string"
         - name: "condition"
           in: "query"
-          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          description: |
+            Wait until a container state reaches the given condition, either
+            'not-running' (default), 'next-exit', or 'removed'.
           type: "string"
           default: "not-running"
       tags: ["Container"]
@@ -5948,7 +7068,9 @@ paths:
             $ref: "#/definitions/ErrorResponse"
           examples:
             application/json:
-              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+              message: |
+                You cannot remove a running container: c2ada9df5af8. Stop the
+                container before attempting removal or force remove
         500:
           description: "server error"
           schema:
@@ -5961,7 +7083,7 @@ paths:
           type: "string"
         - name: "v"
           in: "query"
-          description: "Remove the volumes associated with the container."
+          description: "Remove anonymous volumes associated with the container."
           type: "boolean"
           default: false
         - name: "force"
@@ -5978,7 +7100,10 @@ paths:
   /containers/{id}/archive:
     head:
       summary: "Get information about files in a container"
-      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      description: |
+        A response header `X-Docker-Container-Path-Stat` is returned, containing
+        a base64 - encoded JSON object with some filesystem header information
+        about the path.
       operationId: "ContainerArchiveInfo"
       responses:
         200:
@@ -5986,7 +7111,9 @@ paths:
           headers:
             X-Docker-Container-Path-Stat:
               type: "string"
-              description: "A base64 - encoded JSON object with some filesystem header information about the path"
+              description: |
+                A base64 - encoded JSON object with some filesystem header
+                information about the path
         400:
           description: "Bad parameter"
           schema:
@@ -5995,7 +7122,10 @@ paths:
               - type: "object"
                 properties:
                   message:
-                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    description: |
+                      The error message. Either "must specify path parameter"
+                      (path cannot be empty) or "not a directory" (path was
+                      asserted to be a directory but exists as a file).
                     type: "string"
                     x-nullable: false
         404:
@@ -6037,7 +7167,10 @@ paths:
               - type: "object"
                 properties:
                   message:
-                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    description: |
+                      The error message. Either "must specify path parameter"
+                      (path cannot be empty) or "not a directory" (path was
+                      asserted to be a directory but exists as a file).
                     type: "string"
                     x-nullable: false
         404:
@@ -6101,16 +7234,29 @@ paths:
           required: true
           description: "Path to a directory in the container to extract the archive’s contents into. "
           type: "string"
-        - name: "noOverwriteDirNonDir"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: |
+            If `1`, `true`, or `True` then it will be an error if unpacking the
+            given content would cause an existing directory to be replaced with
+            a non-directory and vice versa.
+          type: "string"
+        - name: "copyUIDGID"
           in: "query"
-          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          description: |
+            If `1`, `true`, then it will copy UID/GID maps to the dest file or
+            dir
           type: "string"
         - name: "inputStream"
           in: "body"
           required: true
-          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          description: |
+            The input stream must be a tar archive compressed with one of the
+            following algorithms: `identity` (no compression), `gzip`, `bzip2`,
+            or `xz`.
           schema:
             type: "string"
+            format: "binary"
       tags: ["Container"]
   /containers/prune:
     post:
@@ -6205,7 +7351,10 @@ paths:
         - name: "filters"
           in: "query"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the images list.
+
+            Available filters:
 
             - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
             - `dangling=true`
@@ -6213,6 +7362,11 @@ paths:
             - `reference`=(`<image-name>[:<tag>]`)
             - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
           type: "string"
+        - name: "shared-size"
+          in: "query"
+          description: "Compute and show shared size as a `SharedSize` field on each image."
+          type: "boolean"
+          default: false
         - name: "digests"
           in: "query"
           description: "Show digest information as a `RepoDigests` field on each image."
@@ -6321,7 +7475,7 @@ paths:
 
 
             For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
-            the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
 
 
             [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
@@ -6340,10 +7494,11 @@ paths:
           type: "string"
         - name: "networkmode"
           in: "query"
-          description: "Sets the networking mode for the run commands during
-        build. Supported standard values are: `bridge`, `host`, `none`, and
-        `container:<name|id>`. Any other value is taken as a custom network's
-        name to which this container should connect to."
+          description: |
+            Sets the networking mode for the run commands during build. Supported
+            standard values are: `bridge`, `host`, `none`, and `container:<name|id>`.
+            Any other value is taken as a custom network's name or ID to which this
+            container should connect to.
           type: "string"
         - name: "Content-type"
           in: "header"
@@ -6383,6 +7538,11 @@ paths:
           description: "Target build stage"
           type: "string"
           default: ""
+        - name: "outputs"
+          in: "query"
+          description: "BuildKit output configuration"
+          type: "string"
+          default: ""
       responses:
         200:
           description: "no error"
@@ -6415,8 +7575,12 @@ paths:
           in: "query"
           type: "string"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the list of build cache objects. Available filters:
-            - `unused-for=<duration>`: duration relative to daemon's time, during which build cache was not used, in Go's duration format (e.g., '24h')
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the list of build cache objects.
+
+            Available filters:
+
+            - `until=<duration>`: duration relative to daemon's time, during which build cache was not used, in Go's duration format (e.g., '24h')
             - `id=<id>`
             - `parent=<id>`
             - `type=<string>`
@@ -6483,6 +7647,10 @@ paths:
           in: "query"
           description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
           type: "string"
+        - name: "message"
+          in: "query"
+          description: "Set commit message for imported image."
+          type: "string"
         - name: "inputImage"
           in: "body"
           description: "Image content if the value `-` has been specified in fromSrc query parameter"
@@ -6491,8 +7659,24 @@ paths:
           required: false
         - name: "X-Registry-Auth"
           in: "header"
-          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          description: |
+            A base64url-encoded auth configuration.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
           type: "string"
+        - name: "changes"
+          in: "query"
+          description: |
+            Apply `Dockerfile` instructions to the image that is created,
+            for example: `changes=ENV DEBUG=true`.
+            Note that `ENV DEBUG=true` should be URI component encoded.
+
+            Supported `Dockerfile` instructions:
+            `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
+          type: "array"
+          items:
+            type: "string"
         - name: "platform"
           in: "query"
           description: "Platform in the format os[/arch[/variant]]"
@@ -6690,7 +7874,9 @@ paths:
       description: |
         Push an image to a registry.
 
-        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+        If you wish to push an image on to a private registry, that image must
+        already have a tag which references the registry. For example,
+        `registry.example.com/myimage:latest`.
 
         The push is cancelled if the HTTP connection is closed.
       operationId: "ImagePush"
@@ -6719,7 +7905,11 @@ paths:
           type: "string"
         - name: "X-Registry-Auth"
           in: "header"
-          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          description: |
+            A base64url-encoded auth configuration.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
           type: "string"
           required: true
       tags: ["Image"]
@@ -6923,7 +8113,9 @@ paths:
   /auth:
     post:
       summary: "Check auth configuration"
-      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      description: |
+        Validate credentials for a registry and, if available, get an identity
+        token for accessing the registry without password.
       operationId: "SystemAuth"
       consumes: ["application/json"]
       produces: ["application/json"]
@@ -6986,63 +8178,7 @@ paths:
         200:
           description: "no error"
           schema:
-            type: "object"
-            title: "SystemVersionResponse"
-            properties:
-              Platform:
-                type: "object"
-                required: [Name]
-                properties:
-                  Name:
-                    type: "string"
-              Components:
-                type: "array"
-                items:
-                  type: "object"
-                  x-go-name: ComponentVersion
-                  required: [Name, Version]
-                  properties:
-                    Name:
-                      type: "string"
-                    Version:
-                      type: "string"
-                      x-nullable: false
-                    Details:
-                      type: "object"
-                      x-nullable: true
-
-              Version:
-                type: "string"
-              ApiVersion:
-                type: "string"
-              MinAPIVersion:
-                type: "string"
-              GitCommit:
-                type: "string"
-              GoVersion:
-                type: "string"
-              Os:
-                type: "string"
-              Arch:
-                type: "string"
-              KernelVersion:
-                type: "string"
-              Experimental:
-                type: "boolean"
-              BuildTime:
-                type: "string"
-          examples:
-            application/json:
-              Version: "17.04.0"
-              Os: "linux"
-              KernelVersion: "3.19.0-23-generic"
-              GoVersion: "go1.7.5"
-              GitCommit: "deadbee"
-              Arch: "amd64"
-              ApiVersion: "1.27"
-              MinAPIVersion: "1.12"
-              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
-              Experimental: true
+            $ref: "#/definitions/SystemVersion"
         500:
           description: "server error"
           schema:
@@ -7064,12 +8200,57 @@ paths:
             API-Version:
               type: "string"
               description: "Max API Version the server supports"
-            BuildKit-Version:
+            Builder-Version:
+              type: "string"
+              description: "Default version of docker image builder"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          headers:
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
+      tags: ["System"]
+    head:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPingHead"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "(empty)"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Builder-Version:
               type: "string"
               description: "Default version of docker image builder"
             Docker-Experimental:
               type: "boolean"
               description: "If the server is running with experimental mode enabled"
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
         500:
           description: "server error"
           schema:
@@ -7143,13 +8324,13 @@ paths:
 
         Various objects within Docker report events when something happens to them.
 
-        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune`
 
-        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
 
-        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+        Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune`
 
-        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, `remove`, and `prune`
 
         The Docker daemon reports these events: `reload`
 
@@ -7161,6 +8342,8 @@ paths:
 
         Configs report these events: `create`, `update`, and `remove`
 
+        The Builder reports `prune` events
+
       operationId: "SystemEvents"
       produces:
         - "application/json"
@@ -7168,44 +8351,7 @@ paths:
         200:
           description: "no error"
           schema:
-            type: "object"
-            title: "SystemEventsResponse"
-            properties:
-              Type:
-                description: "The type of object emitting the event"
-                type: "string"
-              Action:
-                description: "The type of event"
-                type: "string"
-              Actor:
-                type: "object"
-                properties:
-                  ID:
-                    description: "The ID of the object emitting the event"
-                    type: "string"
-                  Attributes:
-                    description: "Various key/value attributes of the object, depending on its type"
-                    type: "object"
-                    additionalProperties:
-                      type: "string"
-              time:
-                description: "Timestamp of event"
-                type: "integer"
-              timeNano:
-                description: "Timestamp of event, with nanosecond accuracy"
-                type: "integer"
-                format: "int64"
-          examples:
-            application/json:
-              Type: "container"
-              Action: "create"
-              Actor:
-                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
-                Attributes:
-                  com.example.some-label: "some-label-value"
-                  image: "alpine"
-                  name: "my-container"
-              time: 1461943101
+            $ref: "#/definitions/EventMessage"
         400:
           description: "bad parameter"
           schema:
@@ -7333,10 +8479,43 @@ paths:
                   UsageData:
                     Size: 10920104
                     RefCount: 2
+              BuildCache:
+                -
+                  ID: "hw53o5aio51xtltp5xjp8v7fx"
+                  Parent: ""
+                  Type: "regular"
+                  Description: "pulled from docker.io/library/debian@sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0"
+                  InUse: false
+                  Shared: true
+                  Size: 0
+                  CreatedAt: "2021-06-28T13:31:01.474619385Z"
+                  LastUsedAt: "2021-07-07T22:02:32.738075951Z"
+                  UsageCount: 26
+                -
+                  ID: "ndlpt0hhvkqcdfkputsk4cq9c"
+                  Parent: "hw53o5aio51xtltp5xjp8v7fx"
+                  Type: "regular"
+                  Description: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache"
+                  InUse: false
+                  Shared: true
+                  Size: 51
+                  CreatedAt: "2021-06-28T13:31:03.002625487Z"
+                  LastUsedAt: "2021-07-07T22:02:32.773909517Z"
+                  UsageCount: 26
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "type"
+          in: "query"
+          description: |
+            Object types, for which to compute and return data.
+          type: "array"
+          collectionFormat: multi
+          items:
+            type: "string"
+            enum: ["container", "image", "volume", "build-cache"]
       tags: ["System"]
   /images/{name}/get:
     get:
@@ -7389,11 +8568,16 @@ paths:
     get:
       summary: "Export several images"
       description: |
-        Get a tarball containing all images and metadata for several image repositories.
+        Get a tarball containing all images and metadata for several image
+        repositories.
 
-        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+        For each value of the `names` parameter: if it is a specific name and
+        tag (e.g. `ubuntu:latest`), then only that image (and its parents) are
+        returned; if it is an image ID, similarly only that image (and its parents)
+        are returned and there would be no names referenced in the 'repositories'
+        file for this image ID.
 
-        For details on the format, see [the export image endpoint](#operation/ImageGet).
+        For details on the format, see the [export image endpoint](#operation/ImageGet).
       operationId: "ImageGetAll"
       produces:
         - "application/x-tar"
@@ -7421,7 +8605,7 @@ paths:
       description: |
         Load a set of images and tags into a repository.
 
-        For details on the format, see [the export image endpoint](#operation/ImageGet).
+        For details on the format, see the [export image endpoint](#operation/ImageGet).
       operationId: "ImageLoad"
       consumes:
         - "application/x-tar"
@@ -7482,6 +8666,7 @@ paths:
           description: "Exec configuration"
           schema:
             type: "object"
+            title: "ExecConfig"
             properties:
               AttachStdin:
                 type: "boolean"
@@ -7494,12 +8679,16 @@ paths:
                 description: "Attach to `stderr` of the exec command."
               DetachKeys:
                 type: "string"
-                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+                description: |
+                  Override the key sequence for detaching a container. Format is
+                  a single character `[a-Z]` or `ctrl-<value>` where `<value>`
+                  is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
               Tty:
                 type: "boolean"
                 description: "Allocate a pseudo-TTY."
               Env:
-                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                description: |
+                  A list of environment variables in the form `["VAR=value", ...]`.
                 type: "array"
                 items:
                   type: "string"
@@ -7514,10 +8703,14 @@ paths:
                 default: false
               User:
                 type: "string"
-                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+                description: |
+                  The user, and optionally, group to run the exec process inside
+                  the container. Format is one of: `user`, `user:group`, `uid`,
+                  or `uid:gid`.
               WorkingDir:
                 type: "string"
-                description: "The working directory for the exec process inside the container."
+                description: |
+                  The working directory for the exec process inside the container.
             example:
               AttachStdin: false
               AttachStdout: true
@@ -7539,7 +8732,10 @@ paths:
   /exec/{id}/start:
     post:
       summary: "Start an exec instance"
-      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      description: |
+        Starts a previously set up exec instance. If detach is true, this endpoint
+        returns immediately after starting the command. Otherwise, it sets up an
+        interactive session with the command.
       operationId: "ExecStart"
       consumes:
         - "application/json"
@@ -7561,6 +8757,7 @@ paths:
           in: "body"
           schema:
             type: "object"
+            title: "ExecStartConfig"
             properties:
               Detach:
                 type: "boolean"
@@ -7580,7 +8777,9 @@ paths:
   /exec/{id}/resize:
     post:
       summary: "Resize an exec instance"
-      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      description: |
+        Resize the TTY session used by an exec instance. This endpoint only works
+        if `tty` was specified as part of creating and starting the exec instance.
       operationId: "ExecResize"
       responses:
         201:
@@ -7700,7 +8899,8 @@ paths:
               Warnings:
                 type: "array"
                 x-nullable: false
-                description: "Warnings that occurred when fetching the list of volumes"
+                description: |
+                  Warnings that occurred when fetching the list of volumes.
                 items:
                   type: "string"
 
@@ -7769,7 +8969,8 @@ paths:
             title: "VolumeConfig"
             properties:
               Name:
-                description: "The new volume's name. If not specified, Docker generates a name."
+                description: |
+                  The new volume's name. If not specified, Docker generates a name.
                 type: "string"
                 x-nullable: false
               Driver:
@@ -7778,7 +8979,9 @@ paths:
                 default: "local"
                 x-nullable: false
               DriverOpts:
-                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                description: |
+                  A mapping of driver options and values. These options are
+                  passed directly to the driver and are driver specific.
                 type: "object"
                 additionalProperties:
                   type: "string"
@@ -7892,10 +9095,12 @@ paths:
     get:
       summary: "List networks"
       description: |
-        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+        Returns a list of networks. For details on the format, see the
+        [network inspect endpoint](#operation/NetworkInspect).
 
-        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
-        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+        Note that it uses a different, smaller representation of a network than
+        inspecting a single network. For example, the list of containers attached
+        to the network is not propagated in API versions 1.28 and up.
       operationId: "NetworkList"
       produces:
         - "application/json"
@@ -7965,8 +9170,15 @@ paths:
         - name: "filters"
           in: "query"
           description: |
-            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+            JSON encoded value of the filters (a `map[string][]string`) to process
+            on the networks list.
+
+            Available filters:
 
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               networks that are not in use by a container. When set to `false`
+               (or `0`), only networks that are in use by one or more
+               containers are returned.
             - `driver=<driver-name>` Matches a network's driver.
             - `id=<network-id>` Matches all or part of a network ID.
             - `label=<key>` or `label=<key>=<value>` of a network label.
@@ -8080,13 +9292,21 @@ paths:
           required: true
           schema:
             type: "object"
+            title: "NetworkCreateRequest"
             required: ["Name"]
             properties:
               Name:
                 description: "The network's name."
                 type: "string"
               CheckDuplicate:
-                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                description: |
+                  Check for networks with duplicate names. Since Network is
+                  primarily keyed based on a random ID and not on the name, and
+                  network name is strictly a user-friendly alias to the network
+                  which is uniquely identified using ID, there is no guaranteed
+                  way to check for duplicates. CheckDuplicate is there to provide
+                  a best effort checking of any networks which has the same name
+                  but it is not guaranteed to catch all name collisions.
                 type: "boolean"
               Driver:
                 description: "Name of the network driver plugin to use."
@@ -8096,10 +9316,14 @@ paths:
                 description: "Restrict external access to the network."
                 type: "boolean"
               Attachable:
-                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                description: |
+                  Globally scoped network is manually attachable by regular
+                  containers from workers in swarm mode.
                 type: "boolean"
               Ingress:
-                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                description: |
+                  Ingress network is the network which provides the routing-mesh
+                  in swarm mode.
                 type: "boolean"
               IPAM:
                 description: "Optional custom IP scheme for the network."
@@ -8179,6 +9403,7 @@ paths:
           required: true
           schema:
             type: "object"
+            title: "NetworkConnectRequest"
             properties:
               Container:
                 type: "string"
@@ -8225,13 +9450,16 @@ paths:
           required: true
           schema:
             type: "object"
+            title: "NetworkDisconnectRequest"
             properties:
               Container:
                 type: "string"
-                description: "The ID or name of the container to disconnect from the network."
+                description: |
+                  The ID or name of the container to disconnect from the network.
               Force:
                 type: "boolean"
-                description: "Force the container to disconnect from the network."
+                description: |
+                  Force the container to disconnect from the network.
       tags: ["Network"]
   /networks/prune:
     post:
@@ -8288,7 +9516,10 @@ paths:
           in: "query"
           type: "string"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the plugin list.
+
+            Available filters:
 
             - `capability=<capability name>`
             - `enable=<true>|<false>`
@@ -8304,18 +9535,7 @@ paths:
           schema:
             type: "array"
             items:
-              description: "Describes a permission the user has to accept upon installing the plugin."
-              type: "object"
-              title: "PluginPrivilegeItem"
-              properties:
-                Name:
-                  type: "string"
-                Description:
-                  type: "string"
-                Value:
-                  type: "array"
-                  items:
-                    type: "string"
+              $ref: "#/definitions/PluginPrivilege"
             example:
               - Name: "network"
                 Description: ""
@@ -8336,7 +9556,9 @@ paths:
       parameters:
         - name: "remote"
           in: "query"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
       tags:
@@ -8347,7 +9569,8 @@ paths:
       summary: "Install a plugin"
       operationId: "PluginPull"
       description: |
-        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+        Pulls and installs a plugin. After the plugin is installed, it can be
+        enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
       produces:
         - "application/json"
       responses:
@@ -8376,24 +9599,19 @@ paths:
           type: "string"
         - name: "X-Registry-Auth"
           in: "header"
-          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          description: |
+            A base64url-encoded auth configuration to use when pulling a plugin
+            from a registry.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
           type: "string"
         - name: "body"
           in: "body"
           schema:
             type: "array"
             items:
-              description: "Describes a permission accepted by the user upon installing the plugin."
-              type: "object"
-              properties:
-                Name:
-                  type: "string"
-                Description:
-                  type: "string"
-                Value:
-                  type: "array"
-                  items:
-                    type: "string"
+              $ref: "#/definitions/PluginPrivilege"
             example:
               - Name: "network"
                 Description: ""
@@ -8428,7 +9646,9 @@ paths:
       parameters:
         - name: "name"
           in: "path"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
       tags: ["Plugin"]
@@ -8452,12 +9672,16 @@ paths:
       parameters:
         - name: "name"
           in: "path"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
         - name: "force"
           in: "query"
-          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          description: |
+            Disable the plugin before removing. This may result in issues if the
+            plugin is in use by a container.
           type: "boolean"
           default: false
       tags: ["Plugin"]
@@ -8479,7 +9703,9 @@ paths:
       parameters:
         - name: "name"
           in: "path"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
         - name: "timeout"
@@ -8506,7 +9732,9 @@ paths:
       parameters:
         - name: "name"
           in: "path"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
       tags: ["Plugin"]
@@ -8528,7 +9756,9 @@ paths:
       parameters:
         - name: "name"
           in: "path"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
         - name: "remote"
@@ -8541,24 +9771,19 @@ paths:
           type: "string"
         - name: "X-Registry-Auth"
           in: "header"
-          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          description: |
+            A base64url-encoded auth configuration to use when pulling a plugin
+            from a registry.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
           type: "string"
         - name: "body"
           in: "body"
           schema:
             type: "array"
             items:
-              description: "Describes a permission accepted by the user upon installing the plugin."
-              type: "object"
-              properties:
-                Name:
-                  type: "string"
-                Description:
-                  type: "string"
-                Value:
-                  type: "array"
-                  items:
-                    type: "string"
+              $ref: "#/definitions/PluginPrivilege"
             example:
               - Name: "network"
                 Description: ""
@@ -8589,7 +9814,9 @@ paths:
       parameters:
         - name: "name"
           in: "query"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
         - name: "tarContext"
@@ -8608,7 +9835,9 @@ paths:
       parameters:
         - name: "name"
           in: "path"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
       responses:
@@ -8632,7 +9861,9 @@ paths:
       parameters:
         - name: "name"
           in: "path"
-          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
           required: true
           type: "string"
         - name: "body"
@@ -8781,7 +10012,9 @@ paths:
             $ref: "#/definitions/NodeSpec"
         - name: "version"
           in: "query"
-          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          description: |
+            The version number of the node object being updated. This is required
+            to avoid conflicting writes.
           type: "integer"
           format: "int64"
           required: true
@@ -8840,26 +10073,50 @@ paths:
           required: true
           schema:
             type: "object"
+            title: "SwarmInitRequest"
             properties:
               ListenAddr:
-                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                description: |
+                  Listen address used for inter-manager communication, as well
+                  as determining the networking interface used for the VXLAN
+                  Tunnel Endpoint (VTEP). This can either be an address/port
+                  combination in the form `192.168.1.1:4567`, or an interface
+                  followed by a port number, like `eth0:4567`. If the port number
+                  is omitted, the default swarm listening port is used.
                 type: "string"
               AdvertiseAddr:
-                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                description: |
+                  Externally reachable address advertised to other nodes. This
+                  can either be an address/port combination in the form
+                  `192.168.1.1:4567`, or an interface followed by a port number,
+                  like `eth0:4567`. If the port number is omitted, the port
+                  number from the listen address is used. If `AdvertiseAddr` is
+                  not specified, it will be automatically detected when possible.
                 type: "string"
               DataPathAddr:
                 description: |
-                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
-                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
-                  is used.
-
-                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
-                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
-                  separate the container data traffic from the management traffic of the cluster.
+                  Address or interface to use for data path traffic (format:
+                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
+                  like `eth0`. If `DataPathAddr` is unspecified, the same address
+                  as `AdvertiseAddr` is used.
+
+                  The `DataPathAddr` specifies the address that global scope
+                  network drivers will publish towards other  nodes in order to
+                  reach the containers running on this node. Using this parameter
+                  it is possible to separate the container data traffic from the
+                  management traffic of the cluster.
                 type: "string"
+              DataPathPort:
+                description: |
+                  DataPathPort specifies the data path port number for data traffic.
+                  Acceptable port range is 1024 to 49151.
+                  if no port is set or is set to 0, default port 4789 will be used.
+                type: "integer"
+                format: "uint32"
               DefaultAddrPool:
                 description: |
-                  Default Address Pool specifies default subnet pools for global scope networks.
+                  Default Address Pool specifies default subnet pools for global
+                  scope networks.
                 type: "array"
                 items:
                   type: "string"
@@ -8869,7 +10126,8 @@ paths:
                 type: "boolean"
               SubnetSize:
                 description: |
-                  SubnetSize specifies the subnet size of the networks created from the default subnet pool
+                  SubnetSize specifies the subnet size of the networks created
+                  from the default subnet pool.
                 type: "integer"
                 format: "uint32"
               Spec:
@@ -8877,6 +10135,7 @@ paths:
             example:
               ListenAddr: "0.0.0.0:2377"
               AdvertiseAddr: "192.168.1.1:2377"
+              DataPathPort: 4789
               DefaultAddrPool: ["10.10.0.0/8", "20.20.0.0/8"]
               SubnetSize: 24
               ForceNewCluster: false
@@ -8913,27 +10172,43 @@ paths:
           required: true
           schema:
             type: "object"
+            title: "SwarmJoinRequest"
             properties:
               ListenAddr:
-                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                description: |
+                  Listen address used for inter-manager communication if the node
+                  gets promoted to manager, as well as determining the networking
+                  interface used for the VXLAN Tunnel Endpoint (VTEP).
                 type: "string"
               AdvertiseAddr:
-                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                description: |
+                  Externally reachable address advertised to other nodes. This
+                  can either be an address/port combination in the form
+                  `192.168.1.1:4567`, or an interface followed by a port number,
+                  like `eth0:4567`. If the port number is omitted, the port
+                  number from the listen address is used. If `AdvertiseAddr` is
+                  not specified, it will be automatically detected when possible.
                 type: "string"
               DataPathAddr:
                 description: |
-                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
-                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
-                  is used.
+                  Address or interface to use for data path traffic (format:
+                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
+                  like `eth0`. If `DataPathAddr` is unspecified, the same address
+                  as `AdvertiseAddr` is used.
 
-                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
-                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
-                  separate the container data traffic from the management traffic of the cluster.
+                  The `DataPathAddr` specifies the address that global scope
+                  network drivers will publish towards other nodes in order to
+                  reach the containers running on this node. Using this parameter
+                  it is possible to separate the container data traffic from the
+                  management traffic of the cluster.
 
                 type: "string"
               RemoteAddrs:
-                description: "Addresses of manager nodes already participating in the swarm."
-                type: "string"
+                description: |
+                  Addresses of manager nodes already participating in the swarm.
+                type: "array"
+                items:
+                  type: "string"
               JoinToken:
                 description: "Secret token for joining this swarm."
                 type: "string"
@@ -8961,7 +10236,9 @@ paths:
             $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "force"
-          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          description: |
+            Force leave swarm, even if this is the last manager or that it will
+            break the cluster.
           in: "query"
           type: "boolean"
           default: false
@@ -8993,7 +10270,9 @@ paths:
             $ref: "#/definitions/SwarmSpec"
         - name: "version"
           in: "query"
-          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          description: |
+            The version number of the swarm object being updated. This is
+            required to avoid conflicting writes.
           type: "integer"
           format: "int64"
           required: true
@@ -9054,6 +10333,7 @@ paths:
           required: true
           schema:
             type: "object"
+            title: "SwarmUnlockRequest"
             properties:
               UnlockKey:
                 description: "The swarm's unlock key."
@@ -9096,12 +10376,20 @@ paths:
           in: "query"
           type: "string"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the services list.
+
+            Available filters:
 
             - `id=<service id>`
             - `label=<service label>`
             - `mode=["replicated"|"global"]`
             - `name=<service name>`
+        - name: "status"
+          in: "query"
+          type: "boolean"
+          description: |
+            Include service status, with count of running and desired tasks.
       tags: ["Service"]
   /services/create:
     post:
@@ -9224,7 +10512,12 @@ paths:
                     foo: "bar"
         - name: "X-Registry-Auth"
           in: "header"
-          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          description: |
+            A base64url-encoded auth configuration for pulling from private
+            registries.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
           type: "string"
       tags: ["Service"]
   /services/{id}:
@@ -9360,25 +10653,37 @@ paths:
 
         - name: "version"
           in: "query"
-          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          description: |
+            The version number of the service object being updated. This is
+            required to avoid conflicting writes.
+            This version number should be the value as currently set on the
+            service *before* the update. You can find the current version by
+            calling `GET /services/{id}`
           required: true
           type: "integer"
         - name: "registryAuthFrom"
           in: "query"
+          description: |
+            If the `X-Registry-Auth` header is not specified, this parameter
+            indicates where to find registry authorization credentials.
           type: "string"
-          description: "If the X-Registry-Auth header is not specified, this
-  parameter indicates where to find registry authorization credentials. The
-  valid values are `spec` and `previous-spec`."
+          enum: ["spec", "previous-spec"]
           default: "spec"
         - name: "rollback"
           in: "query"
+          description: |
+            Set to this parameter to `previous` to cause a server-side rollback
+            to the previous service spec. The supplied spec will be ignored in
+            this case.
           type: "string"
-          description: "Set to this parameter to `previous` to cause a
-  server-side rollback to the previous service spec. The supplied spec will be
-  ignored in this case."
         - name: "X-Registry-Auth"
           in: "header"
-          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          description: |
+            A base64url-encoded auth configuration for pulling from private
+            registries.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
           type: "string"
 
       tags: ["Service"]
@@ -9386,23 +10691,18 @@ paths:
     get:
       summary: "Get service logs"
       description: |
-        Get `stdout` and `stderr` logs from a service.
+        Get `stdout` and `stderr` logs from a service. See also
+        [`/containers/{id}/logs`](#operation/ContainerLogs).
 
-        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+        **Note**: This endpoint works only for services with the `local`,
+        `json-file` or `journald` logging drivers.
       operationId: "ServiceLogs"
-      produces:
-        - "application/vnd.docker.raw-stream"
-        - "application/json"
       responses:
-        101:
-          description: "logs returned as a stream"
-          schema:
-            type: "string"
-            format: "binary"
         200:
-          description: "logs returned as a string in response body"
+          description: "logs returned as a stream in response body"
           schema:
             type: "string"
+            format: "binary"
         404:
           description: "no such service"
           schema:
@@ -9431,10 +10731,7 @@ paths:
           default: false
         - name: "follow"
           in: "query"
-          description: |
-            Return the logs as a stream.
-
-            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          description: "Keep connection after returning logs."
           type: "boolean"
           default: false
         - name: "stdout"
@@ -9459,7 +10756,9 @@ paths:
           default: false
         - name: "tail"
           in: "query"
-          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
           type: "string"
           default: "all"
       tags: ["Service"]
@@ -9600,7 +10899,10 @@ paths:
           in: "query"
           type: "string"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the tasks list.
+
+            Available filters:
 
             - `desired-state=(running | shutdown | accepted)`
             - `id=<task id>`
@@ -9644,22 +10946,17 @@ paths:
       summary: "Get task logs"
       description: |
         Get `stdout` and `stderr` logs from a task.
+        See also [`/containers/{id}/logs`](#operation/ContainerLogs).
 
-        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+        **Note**: This endpoint works only for services with the `local`,
+        `json-file` or `journald` logging drivers.
       operationId: "TaskLogs"
-      produces:
-        - "application/vnd.docker.raw-stream"
-        - "application/json"
       responses:
-        101:
-          description: "logs returned as a stream"
-          schema:
-            type: "string"
-            format: "binary"
         200:
-          description: "logs returned as a string in response body"
+          description: "logs returned as a stream in response body"
           schema:
             type: "string"
+            format: "binary"
         404:
           description: "no such task"
           schema:
@@ -9688,10 +10985,7 @@ paths:
           default: false
         - name: "follow"
           in: "query"
-          description: |
-            Return the logs as a stream.
-
-            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          description: "Keep connection after returning logs."
           type: "boolean"
           default: false
         - name: "stdout"
@@ -9716,9 +11010,12 @@ paths:
           default: false
         - name: "tail"
           in: "query"
-          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
           type: "string"
           default: "all"
+      tags: ["Task"]
   /secrets:
     get:
       summary: "List secrets"
@@ -9769,7 +11066,10 @@ paths:
           in: "query"
           type: "string"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the secrets list.
+
+            Available filters:
 
             - `id=<secret id>`
             - `label=<key> or label=<key>=value`
@@ -9926,10 +11226,15 @@ paths:
           in: "body"
           schema:
             $ref: "#/definitions/SecretSpec"
-          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+          description: |
+            The spec of the secret to update. Currently, only the Labels field
+            can be updated. All other fields must remain unchanged from the
+            [SecretInspect endpoint](#operation/SecretInspect) response values.
         - name: "version"
           in: "query"
-          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          description: |
+            The version number of the secret object being updated. This is
+            required to avoid conflicting writes.
           type: "integer"
           format: "int64"
           required: true
@@ -9968,7 +11273,10 @@ paths:
           in: "query"
           type: "string"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the configs list.
+
+            Available filters:
 
             - `id=<config id>`
             - `label=<key> or label=<key>=value`
@@ -10112,10 +11420,15 @@ paths:
           in: "body"
           schema:
             $ref: "#/definitions/ConfigSpec"
-          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+          description: |
+            The spec of the config to update. Currently, only the Labels field
+            can be updated. All other fields must remain unchanged from the
+            [ConfigInspect endpoint](#operation/ConfigInspect) response values.
         - name: "version"
           in: "query"
-          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          description: |
+            The version number of the config object being updated. This is
+            required to avoid conflicting writes.
           type: "integer"
           format: "int64"
           required: true
@@ -10123,7 +11436,8 @@ paths:
   /distribution/{name}/json:
     get:
       summary: "Get image information from the registry"
-      description: "Return image digest and platform information by contacting the registry."
+      description: |
+        Return image digest and platform information by contacting the registry.
       operationId: "DistributionInspect"
       produces:
         - "application/json"
@@ -10131,65 +11445,7 @@ paths:
         200:
           description: "descriptor and platform information"
           schema:
-            type: "object"
-            x-go-name: DistributionInspect
-            title: "DistributionInspectResponse"
-            required: [Descriptor, Platforms]
-            properties:
-              Descriptor:
-                type: "object"
-                description: "A descriptor struct containing digest, media type, and size"
-                properties:
-                  MediaType:
-                    type: "string"
-                  Size:
-                    type: "integer"
-                    format: "int64"
-                  Digest:
-                    type: "string"
-                  URLs:
-                    type: "array"
-                    items:
-                      type: "string"
-              Platforms:
-                type: "array"
-                description: "An array containing all platforms supported by the image"
-                items:
-                  type: "object"
-                  properties:
-                    Architecture:
-                      type: "string"
-                    OS:
-                      type: "string"
-                    OSVersion:
-                      type: "string"
-                    OSFeatures:
-                      type: "array"
-                      items:
-                        type: "string"
-                    Variant:
-                      type: "string"
-                    Features:
-                      type: "array"
-                      items:
-                        type: "string"
-          examples:
-            application/json:
-              Descriptor:
-                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
-                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
-                Size: 3987495
-                URLs:
-                  - ""
-              Platforms:
-                - Architecture: "amd64"
-                  OS: "linux"
-                  OSVersion: ""
-                  OSFeatures:
-                    - ""
-                  Variant: ""
-                  Features:
-                    - ""
+            $ref: "#/definitions/DistributionInspect"
         401:
           description: "Failed authentication or no image found"
           schema:
@@ -10212,14 +11468,13 @@ paths:
     post:
       summary: "Initialize interactive session"
       description: |
-        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
-
-        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
-        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+        Start a new interactive session with a server. Session allows server to
+        call back to the client for advanced capabilities.
 
         ### Hijacking
 
-        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows
+        the client to expose gPRC services on that connection.
 
         For example, the client sends this request to upgrade the connection:
 
@@ -10229,7 +11484,8 @@ paths:
         Connection: Upgrade
         ```
 
-        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+        The Docker daemon responds with a `101 UPGRADED` response follow with
+        the raw stream:
 
         ```
         HTTP/1.1 101 UPGRADED
@@ -10250,4 +11506,4 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
-      tags: ["Session (experimental)"]
+      tags: ["Session"]
diff --git a/api/templates/server/operation.gotmpl b/api/templates/server/operation.gotmpl
index cf24aacc5f6a1..828deb4735c39 100644
--- a/api/templates/server/operation.gotmpl
+++ b/api/templates/server/operation.gotmpl
@@ -1,8 +1,7 @@
-package {{ .Package }}
+package {{ .Package }} // import "github.com/docker/docker/api/types/{{ .Package }}"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
diff --git a/api/types/backend/backend.go b/api/types/backend/backend.go
index ef1e669c396f1..9880c632bdd4b 100644
--- a/api/types/backend/backend.go
+++ b/api/types/backend/backend.go
@@ -30,7 +30,7 @@ type ContainerAttachConfig struct {
 // expectation is for the logger endpoints to assemble the chunks using this
 // metadata.
 type PartialLogMetaData struct {
-	Last    bool   //true if this message is last of a partial
+	Last    bool   // true if this message is last of a partial
 	ID      string // identifies group of messages comprising a single record
 	Ordinal int    // ordering of message in partial group
 }
@@ -73,6 +73,7 @@ type LogSelector struct {
 // behavior of a backend.ContainerStats() call.
 type ContainerStatsConfig struct {
 	Stream    bool
+	OneShot   bool
 	OutStream io.Writer
 	Version   string
 }
diff --git a/api/types/client.go b/api/types/client.go
index 3b698c2c240d0..e3c06cef691a8 100644
--- a/api/types/client.go
+++ b/api/types/client.go
@@ -50,7 +50,7 @@ type ContainerCommitOptions struct {
 
 // ContainerExecInspect holds information returned by exec inspect.
 type ContainerExecInspect struct {
-	ExecID      string
+	ExecID      string `json:"ID"`
 	ContainerID string
 	Running     bool
 	ExitCode    int
@@ -59,7 +59,6 @@ type ContainerExecInspect struct {
 
 // ContainerListOptions holds parameters to list containers with.
 type ContainerListOptions struct {
-	Quiet   bool
 	Size    bool
 	All     bool
 	Latest  bool
@@ -187,6 +186,15 @@ type ImageBuildOptions struct {
 	// build request. The same identifier can be used to gracefully cancel the
 	// build with the cancel request.
 	BuildID string
+	// Outputs defines configurations for exporting build results. Only supported
+	// in BuildKit mode
+	Outputs []ImageBuildOutput
+}
+
+// ImageBuildOutput defines configuration for exporting a build result
+type ImageBuildOutput struct {
+	Type  string
+	Attrs map[string]string
 }
 
 // BuilderVersion sets the version of underlying builder to use
@@ -196,7 +204,7 @@ const (
 	// BuilderV1 is the first generation builder in docker daemon
 	BuilderV1 BuilderVersion = "1"
 	// BuilderBuildKit is builder based on moby/buildkit project
-	BuilderBuildKit = "2"
+	BuilderBuildKit BuilderVersion = "2"
 )
 
 // ImageBuildResponse holds information
@@ -227,10 +235,20 @@ type ImageImportOptions struct {
 	Platform string   // Platform is the target platform of the image
 }
 
-// ImageListOptions holds parameters to filter the list of images with.
+// ImageListOptions holds parameters to list images with.
 type ImageListOptions struct {
-	All     bool
+	// All controls whether all images in the graph are filtered, or just
+	// the heads.
+	All bool
+
+	// Filters is a JSON-encoded set of filter arguments.
 	Filters filters.Args
+
+	// SharedSize indicates whether the shared size of images should be computed.
+	SharedSize bool
+
+	// ContainerCount indicates whether container count should be computed.
+	ContainerCount bool
 }
 
 // ImageLoadResponse returns information to the client about a load process.
@@ -256,7 +274,7 @@ type ImagePullOptions struct {
 // if the privilege request fails.
 type RequestPrivilegeFunc func() (string, error)
 
-//ImagePushOptions holds information to push images.
+// ImagePushOptions holds information to push images.
 type ImagePushOptions ImagePullOptions
 
 // ImageRemoveOptions holds parameters to remove images.
@@ -354,6 +372,10 @@ type ServiceUpdateOptions struct {
 // ServiceListOptions holds parameters to list services with.
 type ServiceListOptions struct {
 	Filters filters.Args
+
+	// Status indicates whether the server should include the service task
+	// count of running and desired tasks.
+	Status bool
 }
 
 // ServiceInspectOptions holds parameters related to the "service inspect"
diff --git a/api/types/configs.go b/api/types/configs.go
index 178e911a7afc2..3dd133a3a58a4 100644
--- a/api/types/configs.go
+++ b/api/types/configs.go
@@ -3,6 +3,7 @@ package types // import "github.com/docker/docker/api/types"
 import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // configs holds structs used for internal communication between the
@@ -15,6 +16,7 @@ type ContainerCreateConfig struct {
 	Config           *container.Config
 	HostConfig       *container.HostConfig
 	NetworkingConfig *network.NetworkingConfig
+	Platform         *specs.Platform
 	AdjustCPUShares  bool
 }
 
diff --git a/api/types/container/config.go b/api/types/container/config.go
index 89ad08c23461f..f767195b94b41 100644
--- a/api/types/container/config.go
+++ b/api/types/container/config.go
@@ -54,7 +54,7 @@ type Config struct {
 	Env             []string            // List of environment variable to set in the container
 	Cmd             strslice.StrSlice   // Command to run when starting the container
 	Healthcheck     *HealthConfig       `json:",omitempty"` // Healthcheck describes how to check the container is healthy
-	ArgsEscaped     bool                `json:",omitempty"` // True if command is already escaped (Windows specific)
+	ArgsEscaped     bool                `json:",omitempty"` // True if command is already escaped (meaning treat as a command line) (Windows specific).
 	Image           string              // Name of the image as it was passed by the operator (e.g. could be symbolic)
 	Volumes         map[string]struct{} // List of volumes (mounts) used for the container
 	WorkingDir      string              // Current directory (PWD) in the command will be launched
diff --git a/api/types/container/container_changes.go b/api/types/container/container_changes.go
index c909d6ca3e9e7..16dd5019eef88 100644
--- a/api/types/container/container_changes.go
+++ b/api/types/container/container_changes.go
@@ -1,8 +1,7 @@
-package container
+package container // import "github.com/docker/docker/api/types/container"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
diff --git a/api/types/container/container_create.go b/api/types/container/container_create.go
index 49efa0f2c093c..d0c852f84d5c2 100644
--- a/api/types/container/container_create.go
+++ b/api/types/container/container_create.go
@@ -1,8 +1,7 @@
-package container
+package container // import "github.com/docker/docker/api/types/container"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
diff --git a/api/types/container/container_top.go b/api/types/container/container_top.go
index ba41edcf3f842..63381da36749a 100644
--- a/api/types/container/container_top.go
+++ b/api/types/container/container_top.go
@@ -1,8 +1,7 @@
-package container
+package container // import "github.com/docker/docker/api/types/container"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
@@ -11,7 +10,9 @@ package container
 // swagger:model ContainerTopOKBody
 type ContainerTopOKBody struct {
 
-	// Each process running in the container, where each is process is an array of values corresponding to the titles
+	// Each process running in the container, where each is process
+	// is an array of values corresponding to the titles.
+	//
 	// Required: true
 	Processes [][]string `json:"Processes"`
 
diff --git a/api/types/container/container_update.go b/api/types/container/container_update.go
index 7630ae54cd6d3..c10f175ea82f7 100644
--- a/api/types/container/container_update.go
+++ b/api/types/container/container_update.go
@@ -1,8 +1,7 @@
-package container
+package container // import "github.com/docker/docker/api/types/container"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
diff --git a/api/types/container/container_wait.go b/api/types/container/container_wait.go
index 9e3910a6b42ec..49e05ae669449 100644
--- a/api/types/container/container_wait.go
+++ b/api/types/container/container_wait.go
@@ -1,8 +1,7 @@
-package container
+package container // import "github.com/docker/docker/api/types/container"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
diff --git a/api/types/container/host_config.go b/api/types/container/host_config.go
index 4ef26fa6c878b..dcea6c8a5ae66 100644
--- a/api/types/container/host_config.go
+++ b/api/types/container/host_config.go
@@ -7,67 +7,106 @@ import (
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/go-connections/nat"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
+// CgroupnsMode represents the cgroup namespace mode of the container
+type CgroupnsMode string
+
+// cgroup namespace modes for containers
+const (
+	CgroupnsModeEmpty   CgroupnsMode = ""
+	CgroupnsModePrivate CgroupnsMode = "private"
+	CgroupnsModeHost    CgroupnsMode = "host"
+)
+
+// IsPrivate indicates whether the container uses its own private cgroup namespace
+func (c CgroupnsMode) IsPrivate() bool {
+	return c == CgroupnsModePrivate
+}
+
+// IsHost indicates whether the container shares the host's cgroup namespace
+func (c CgroupnsMode) IsHost() bool {
+	return c == CgroupnsModeHost
+}
+
+// IsEmpty indicates whether the container cgroup namespace mode is unset
+func (c CgroupnsMode) IsEmpty() bool {
+	return c == CgroupnsModeEmpty
+}
+
+// Valid indicates whether the cgroup namespace mode is valid
+func (c CgroupnsMode) Valid() bool {
+	return c.IsEmpty() || c.IsPrivate() || c.IsHost()
+}
+
 // Isolation represents the isolation technology of a container. The supported
 // values are platform specific
 type Isolation string
 
+// Isolation modes for containers
+const (
+	IsolationEmpty   Isolation = ""        // IsolationEmpty is unspecified (same behavior as default)
+	IsolationDefault Isolation = "default" // IsolationDefault is the default isolation mode on current daemon
+	IsolationProcess Isolation = "process" // IsolationProcess is process isolation mode
+	IsolationHyperV  Isolation = "hyperv"  // IsolationHyperV is HyperV isolation mode
+)
+
 // IsDefault indicates the default isolation technology of a container. On Linux this
 // is the native driver. On Windows, this is a Windows Server Container.
 func (i Isolation) IsDefault() bool {
-	return strings.ToLower(string(i)) == "default" || string(i) == ""
+	// TODO consider making isolation-mode strict (case-sensitive)
+	v := Isolation(strings.ToLower(string(i)))
+	return v == IsolationDefault || v == IsolationEmpty
 }
 
 // IsHyperV indicates the use of a Hyper-V partition for isolation
 func (i Isolation) IsHyperV() bool {
-	return strings.ToLower(string(i)) == "hyperv"
+	// TODO consider making isolation-mode strict (case-sensitive)
+	return Isolation(strings.ToLower(string(i))) == IsolationHyperV
 }
 
 // IsProcess indicates the use of process isolation
 func (i Isolation) IsProcess() bool {
-	return strings.ToLower(string(i)) == "process"
+	// TODO consider making isolation-mode strict (case-sensitive)
+	return Isolation(strings.ToLower(string(i))) == IsolationProcess
 }
 
-const (
-	// IsolationEmpty is unspecified (same behavior as default)
-	IsolationEmpty = Isolation("")
-	// IsolationDefault is the default isolation mode on current daemon
-	IsolationDefault = Isolation("default")
-	// IsolationProcess is process isolation mode
-	IsolationProcess = Isolation("process")
-	// IsolationHyperV is HyperV isolation mode
-	IsolationHyperV = Isolation("hyperv")
-)
-
 // IpcMode represents the container ipc stack.
 type IpcMode string
 
+// IpcMode constants
+const (
+	IPCModeNone      IpcMode = "none"
+	IPCModeHost      IpcMode = "host"
+	IPCModeContainer IpcMode = "container"
+	IPCModePrivate   IpcMode = "private"
+	IPCModeShareable IpcMode = "shareable"
+)
+
 // IsPrivate indicates whether the container uses its own private ipc namespace which can not be shared.
 func (n IpcMode) IsPrivate() bool {
-	return n == "private"
+	return n == IPCModePrivate
 }
 
 // IsHost indicates whether the container shares the host's ipc namespace.
 func (n IpcMode) IsHost() bool {
-	return n == "host"
+	return n == IPCModeHost
 }
 
 // IsShareable indicates whether the container's ipc namespace can be shared with another container.
 func (n IpcMode) IsShareable() bool {
-	return n == "shareable"
+	return n == IPCModeShareable
 }
 
 // IsContainer indicates whether the container uses another container's ipc namespace.
 func (n IpcMode) IsContainer() bool {
-	parts := strings.SplitN(string(n), ":", 2)
-	return len(parts) > 1 && parts[0] == "container"
+	return strings.HasPrefix(string(n), string(IPCModeContainer)+":")
 }
 
 // IsNone indicates whether container IpcMode is set to "none".
 func (n IpcMode) IsNone() bool {
-	return n == "none"
+	return n == IPCModeNone
 }
 
 // IsEmpty indicates whether container IpcMode is empty
@@ -82,9 +121,8 @@ func (n IpcMode) Valid() bool {
 
 // Container returns the name of the container ipc stack is going to be used.
 func (n IpcMode) Container() string {
-	parts := strings.SplitN(string(n), ":", 2)
-	if len(parts) > 1 && parts[0] == "container" {
-		return parts[1]
+	if n.IsContainer() {
+		return strings.TrimPrefix(string(n), string(IPCModeContainer)+":")
 	}
 	return ""
 }
@@ -122,7 +160,7 @@ func (n NetworkMode) ConnectedContainer() string {
 	return ""
 }
 
-//UserDefined indicates user-created network
+// UserDefined indicates user-created network
 func (n NetworkMode) UserDefined() string {
 	if n.IsUserDefined() {
 		return string(n)
@@ -244,6 +282,16 @@ func (n PidMode) Container() string {
 	return ""
 }
 
+// DeviceRequest represents a request for devices from a device driver.
+// Used by GPU device drivers.
+type DeviceRequest struct {
+	Driver       string            // Name of device driver
+	Count        int               // Number of devices to request (-1 = All)
+	DeviceIDs    []string          // List of device IDs as recognizable by the device driver
+	Capabilities [][]string        // An OR list of AND lists of device capabilities (e.g. "gpu")
+	Options      map[string]string // Options to pass onto the device driver
+}
+
 // DeviceMapping represents the device mapping between the host and the container.
 type DeviceMapping struct {
 	PathOnHost        string
@@ -293,7 +341,7 @@ type LogMode string
 
 // Available logging modes
 const (
-	LogModeUnset            = ""
+	LogModeUnset    LogMode = ""
 	LogModeBlocking LogMode = "blocking"
 	LogModeNonBlock LogMode = "non-blocking"
 )
@@ -327,13 +375,14 @@ type Resources struct {
 	CpusetMems           string          // CpusetMems 0-2, 0,1
 	Devices              []DeviceMapping // List of devices to map inside the container
 	DeviceCgroupRules    []string        // List of rule to be added to the device cgroup
-	DiskQuota            int64           // Disk limit (in bytes)
-	KernelMemory         int64           // Kernel memory limit (in bytes)
+	DeviceRequests       []DeviceRequest // List of device requests for device drivers
+	KernelMemory         int64           // Kernel memory limit (in bytes), Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
+	KernelMemoryTCP      int64           // Hard limit for kernel TCP buffer memory (in bytes)
 	MemoryReservation    int64           // Memory soft limit (in bytes)
 	MemorySwap           int64           // Total memory usage (memory + swap); set `-1` to enable unlimited swap
 	MemorySwappiness     *int64          // Tuning container memory swappiness behaviour
 	OomKillDisable       *bool           // Whether to disable OOM Killer or not
-	PidsLimit            int64           // Setting pids limit for a container
+	PidsLimit            *int64          // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change.
 	Ulimits              []*units.Ulimit // List of ulimits to be set in the container
 
 	// Applicable to Windows
@@ -369,6 +418,7 @@ type HostConfig struct {
 	// Applicable to UNIX platforms
 	CapAdd          strslice.StrSlice // List of kernel capabilities to add to the container
 	CapDrop         strslice.StrSlice // List of kernel capabilities to remove from the container
+	CgroupnsMode    CgroupnsMode      // Cgroup namespace mode to use for the container
 	DNS             []string          `json:"Dns"`        // List of DNS server to lookup
 	DNSOptions      []string          `json:"DnsOptions"` // List of DNSOption to look for
 	DNSSearch       []string          `json:"DnsSearch"`  // List of DNSSearch to look for
diff --git a/api/types/container/hostconfig_unix.go b/api/types/container/hostconfig_unix.go
index cf6fdf44026ca..24c4fa8d9002e 100644
--- a/api/types/container/hostconfig_unix.go
+++ b/api/types/container/hostconfig_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package container // import "github.com/docker/docker/api/types/container"
diff --git a/api/types/error_response_ext.go b/api/types/error_response_ext.go
new file mode 100644
index 0000000000000..f84f034cd545c
--- /dev/null
+++ b/api/types/error_response_ext.go
@@ -0,0 +1,6 @@
+package types
+
+// Error returns the error message
+func (e ErrorResponse) Error() string {
+	return e.Message
+}
diff --git a/api/types/events/events.go b/api/types/events/events.go
index 027c6edb7223e..9fe07e26fd2fe 100644
--- a/api/types/events/events.go
+++ b/api/types/events/events.go
@@ -1,31 +1,26 @@
 package events // import "github.com/docker/docker/api/types/events"
 
+// Type is used for event-types.
+type Type = string
+
+// List of known event types.
 const (
-	// ContainerEventType is the event type that containers generate
-	ContainerEventType = "container"
-	// DaemonEventType is the event type that daemon generate
-	DaemonEventType = "daemon"
-	// ImageEventType is the event type that images generate
-	ImageEventType = "image"
-	// NetworkEventType is the event type that networks generate
-	NetworkEventType = "network"
-	// PluginEventType is the event type that plugins generate
-	PluginEventType = "plugin"
-	// VolumeEventType is the event type that volumes generate
-	VolumeEventType = "volume"
-	// ServiceEventType is the event type that services generate
-	ServiceEventType = "service"
-	// NodeEventType is the event type that nodes generate
-	NodeEventType = "node"
-	// SecretEventType is the event type that secrets generate
-	SecretEventType = "secret"
-	// ConfigEventType is the event type that configs generate
-	ConfigEventType = "config"
+	BuilderEventType   Type = "builder"   // BuilderEventType is the event type that the builder generates.
+	ConfigEventType    Type = "config"    // ConfigEventType is the event type that configs generate.
+	ContainerEventType Type = "container" // ContainerEventType is the event type that containers generate.
+	DaemonEventType    Type = "daemon"    // DaemonEventType is the event type that daemon generate.
+	ImageEventType     Type = "image"     // ImageEventType is the event type that images generate.
+	NetworkEventType   Type = "network"   // NetworkEventType is the event type that networks generate.
+	NodeEventType      Type = "node"      // NodeEventType is the event type that nodes generate.
+	PluginEventType    Type = "plugin"    // PluginEventType is the event type that plugins generate.
+	SecretEventType    Type = "secret"    // SecretEventType is the event type that secrets generate.
+	ServiceEventType   Type = "service"   // ServiceEventType is the event type that services generate.
+	VolumeEventType    Type = "volume"    // VolumeEventType is the event type that volumes generate.
 )
 
 // Actor describes something that generates events,
 // like a container, or a network, or a volume.
-// It has a defined name and a set or attributes.
+// It has a defined name and a set of attributes.
 // The container attributes are its labels, other actors
 // can generate these attributes from other properties.
 type Actor struct {
@@ -37,11 +32,11 @@ type Actor struct {
 type Message struct {
 	// Deprecated information from JSONMessage.
 	// With data only in container events.
-	Status string `json:"status,omitempty"`
-	ID     string `json:"id,omitempty"`
-	From   string `json:"from,omitempty"`
+	Status string `json:"status,omitempty"` // Deprecated: use Action instead.
+	ID     string `json:"id,omitempty"`     // Deprecated: use Actor.ID instead.
+	From   string `json:"from,omitempty"`   // Deprecated: use Actor.Attributes["image"] instead.
 
-	Type   string
+	Type   Type
 	Action string
 	Actor  Actor
 	// Engine events are local scope. Cluster events are swarm scope.
diff --git a/api/types/filters/parse.go b/api/types/filters/parse.go
index a41e3d8d96ad6..4bc91cffd6e5c 100644
--- a/api/types/filters/parse.go
+++ b/api/types/filters/parse.go
@@ -5,7 +5,6 @@ package filters // import "github.com/docker/docker/api/types/filters"
 
 import (
 	"encoding/json"
-	"errors"
 	"regexp"
 	"strings"
 
@@ -37,39 +36,13 @@ func NewArgs(initialArgs ...KeyValuePair) Args {
 	return args
 }
 
-// ParseFlag parses a key=value string and adds it to an Args.
-//
-// Deprecated: Use Args.Add()
-func ParseFlag(arg string, prev Args) (Args, error) {
-	filters := prev
-	if len(arg) == 0 {
-		return filters, nil
-	}
-
-	if !strings.Contains(arg, "=") {
-		return filters, ErrBadFormat
+// Keys returns all the keys in list of Args
+func (args Args) Keys() []string {
+	keys := make([]string, 0, len(args.fields))
+	for k := range args.fields {
+		keys = append(keys, k)
 	}
-
-	f := strings.SplitN(arg, "=", 2)
-
-	name := strings.ToLower(strings.TrimSpace(f[0]))
-	value := strings.TrimSpace(f[1])
-
-	filters.Add(name, value)
-
-	return filters, nil
-}
-
-// ErrBadFormat is an error returned when a filter is not in the form key=value
-//
-// Deprecated: this error will be removed in a future version
-var ErrBadFormat = errors.New("bad format of filter (expected name=value)")
-
-// ToParam encodes the Args as args JSON encoded string
-//
-// Deprecated: use ToJSON
-func ToParam(a Args) (string, error) {
-	return ToJSON(a)
+	return keys
 }
 
 // MarshalJSON returns a JSON byte representation of the Args
@@ -93,7 +66,7 @@ func ToJSON(a Args) (string, error) {
 // then the encoded format will use an older legacy format where the values are a
 // list of strings, instead of a set.
 //
-// Deprecated: Use ToJSON
+// Deprecated: do not use in any new code; use ToJSON instead
 func ToParamWithVersion(version string, a Args) (string, error) {
 	if a.Len() == 0 {
 		return "", nil
@@ -107,13 +80,6 @@ func ToParamWithVersion(version string, a Args) (string, error) {
 	return ToJSON(a)
 }
 
-// FromParam decodes a JSON encoded string into Args
-//
-// Deprecated: use FromJSON
-func FromParam(p string) (Args, error) {
-	return FromJSON(p)
-}
-
 // FromJSON decodes a JSON encoded string into Args
 func FromJSON(p string) (Args, error) {
 	args := NewArgs()
@@ -188,7 +154,7 @@ func (args Args) Len() int {
 func (args Args) MatchKVList(key string, sources map[string]string) bool {
 	fieldValues := args.fields[key]
 
-	//do not filter if there is no filter set or cannot determine filter
+	// do not filter if there is no filter set or cannot determine filter
 	if len(fieldValues) == 0 {
 		return true
 	}
@@ -234,7 +200,7 @@ func (args Args) Match(field, source string) bool {
 // ExactMatch returns true if the source matches exactly one of the values.
 func (args Args) ExactMatch(key, source string) bool {
 	fieldValues, ok := args.fields[key]
-	//do not filter if there is no filter set or cannot determine filter
+	// do not filter if there is no filter set or cannot determine filter
 	if !ok || len(fieldValues) == 0 {
 		return true
 	}
@@ -247,7 +213,7 @@ func (args Args) ExactMatch(key, source string) bool {
 // matches exactly the value.
 func (args Args) UniqueExactMatch(key, source string) bool {
 	fieldValues := args.fields[key]
-	//do not filter if there is no filter set or cannot determine filter
+	// do not filter if there is no filter set or cannot determine filter
 	if len(fieldValues) == 0 {
 		return true
 	}
@@ -275,14 +241,6 @@ func (args Args) FuzzyMatch(key, source string) bool {
 	return false
 }
 
-// Include returns true if the key exists in the mapping
-//
-// Deprecated: use Contains
-func (args Args) Include(field string) bool {
-	_, ok := args.fields[field]
-	return ok
-}
-
 // Contains returns true if the key exists in the mapping
 func (args Args) Contains(field string) bool {
 	_, ok := args.fields[field]
@@ -323,6 +281,22 @@ func (args Args) WalkValues(field string, op func(value string) error) error {
 	return nil
 }
 
+// Clone returns a copy of args.
+func (args Args) Clone() (newArgs Args) {
+	newArgs.fields = make(map[string]map[string]bool, len(args.fields))
+	for k, m := range args.fields {
+		var mm map[string]bool
+		if m != nil {
+			mm = make(map[string]bool, len(m))
+			for kk, v := range m {
+				mm[kk] = v
+			}
+		}
+		newArgs.fields[k] = mm
+	}
+	return newArgs
+}
+
 func deprecatedArgs(d map[string][]string) map[string]map[string]bool {
 	m := map[string]map[string]bool{}
 	for k, v := range d {
diff --git a/api/types/filters/parse_test.go b/api/types/filters/parse_test.go
index e8345a1d5d524..4b68c9685dd2a 100644
--- a/api/types/filters/parse_test.go
+++ b/api/types/filters/parse_test.go
@@ -4,44 +4,10 @@ import (
 	"errors"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func TestParseArgs(t *testing.T) {
-	// equivalent of `docker ps -f 'created=today' -f 'image.name=ubuntu*' -f 'image.name=*untu'`
-	flagArgs := []string{
-		"created=today",
-		"image.name=ubuntu*",
-		"image.name=*untu",
-	}
-	var (
-		args = NewArgs()
-		err  error
-	)
-
-	for i := range flagArgs {
-		args, err = ParseFlag(flagArgs[i], args)
-		assert.NilError(t, err)
-	}
-	assert.Check(t, is.Len(args.Get("created"), 1))
-	assert.Check(t, is.Len(args.Get("image.name"), 2))
-}
-
-func TestParseArgsEdgeCase(t *testing.T) {
-	var args Args
-	args, err := ParseFlag("", args)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if args.Len() != 0 {
-		t.Fatalf("Expected an empty Args (map), got %v", args)
-	}
-	if args, err = ParseFlag("anything", args); err == nil || err != ErrBadFormat {
-		t.Fatalf("Expected ErrBadFormat, got %v", err)
-	}
-}
-
 func TestToJSON(t *testing.T) {
 	fields := map[string]map[string]bool{
 		"created":    {"today": true},
@@ -347,17 +313,6 @@ func TestContains(t *testing.T) {
 	}
 }
 
-func TestInclude(t *testing.T) {
-	f := NewArgs()
-	if f.Include("status") {
-		t.Fatal("Expected to not include a status key, got true")
-	}
-	f.Add("status", "running")
-	if !f.Include("status") {
-		t.Fatal("Expected to include a status key, got false")
-	}
-}
-
 func TestValidate(t *testing.T) {
 	f := NewArgs()
 	f.Add("status", "running")
@@ -382,14 +337,17 @@ func TestWalkValues(t *testing.T) {
 	f.Add("status", "running")
 	f.Add("status", "paused")
 
-	f.WalkValues("status", func(value string) error {
+	err := f.WalkValues("status", func(value string) error {
 		if value != "running" && value != "paused" {
 			t.Fatalf("Unexpected value %s", value)
 		}
 		return nil
 	})
+	if err != nil {
+		t.Fatalf("Expected no error, got %v", err)
+	}
 
-	err := f.WalkValues("status", func(value string) error {
+	err = f.WalkValues("status", func(value string) error {
 		return errors.New("return")
 	})
 	if err == nil {
@@ -421,3 +379,11 @@ func TestFuzzyMatch(t *testing.T) {
 		}
 	}
 }
+
+func TestClone(t *testing.T) {
+	f := NewArgs()
+	f.Add("foo", "bar")
+	f2 := f.Clone()
+	f2.Add("baz", "qux")
+	assert.Check(t, is.Len(f.Get("baz"), 0))
+}
diff --git a/api/types/image/image_history.go b/api/types/image/image_history.go
index d6b354bcdf389..e302bb0aebbe7 100644
--- a/api/types/image/image_history.go
+++ b/api/types/image/image_history.go
@@ -1,8 +1,7 @@
-package image
+package image // import "github.com/docker/docker/api/types/image"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
diff --git a/api/types/mount/mount.go b/api/types/mount/mount.go
index 3fef974df8835..443b8d07a9f3c 100644
--- a/api/types/mount/mount.go
+++ b/api/types/mount/mount.go
@@ -79,7 +79,8 @@ const (
 
 // BindOptions defines options specific to mounts of type "bind".
 type BindOptions struct {
-	Propagation Propagation `json:",omitempty"`
+	Propagation  Propagation `json:",omitempty"`
+	NonRecursive bool        `json:",omitempty"`
 }
 
 // VolumeOptions represents the options for a mount of type volume.
@@ -112,7 +113,7 @@ type TmpfsOptions struct {
 	// TODO(stevvooe): There are several more tmpfs flags, specified in the
 	// daemon, that are accepted. Only the most basic are added for now.
 	//
-	// From docker/docker/pkg/mount/flags.go:
+	// From https://github.com/moby/sys/blob/mount/v0.1.1/mount/flags.go#L47-L56
 	//
 	// var validFlags = map[string]bool{
 	// 	"":          true,
diff --git a/api/types/network/network.go b/api/types/network/network.go
index ccb448f23a214..437b184c67b5b 100644
--- a/api/types/network/network.go
+++ b/api/types/network/network.go
@@ -1,7 +1,6 @@
 package network // import "github.com/docker/docker/api/types/network"
 import (
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/errdefs"
 )
 
 // Address represents an IP address
@@ -13,7 +12,7 @@ type Address struct {
 // IPAM represents IP Address Management
 type IPAM struct {
 	Driver  string
-	Options map[string]string //Per network IPAM driver options
+	Options map[string]string // Per network IPAM driver options
 	Config  []IPAMConfig
 }
 
@@ -112,15 +111,16 @@ type ConfigReference struct {
 }
 
 var acceptedFilters = map[string]bool{
-	"driver": true,
-	"type":   true,
-	"name":   true,
-	"id":     true,
-	"label":  true,
-	"scope":  true,
+	"dangling": true,
+	"driver":   true,
+	"id":       true,
+	"label":    true,
+	"name":     true,
+	"scope":    true,
+	"type":     true,
 }
 
 // ValidateFilters validates the list of filter args with the available filters.
 func ValidateFilters(filter filters.Args) error {
-	return errdefs.InvalidParameter(filter.Validate(acceptedFilters))
+	return filter.Validate(acceptedFilters)
 }
diff --git a/api/types/registry/registry.go b/api/types/registry/registry.go
index 8789ad3b32101..53e47084c8d5e 100644
--- a/api/types/registry/registry.go
+++ b/api/types/registry/registry.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"net"
 
-	"github.com/opencontainers/image-spec/specs-go/v1"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // ServiceConfig stores daemon registry services configuration.
diff --git a/api/types/seccomp.go b/api/types/seccomp.go
deleted file mode 100644
index 67a41e1a89e87..0000000000000
--- a/api/types/seccomp.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package types // import "github.com/docker/docker/api/types"
-
-// Seccomp represents the config for a seccomp profile for syscall restriction.
-type Seccomp struct {
-	DefaultAction Action `json:"defaultAction"`
-	// Architectures is kept to maintain backward compatibility with the old
-	// seccomp profile.
-	Architectures []Arch         `json:"architectures,omitempty"`
-	ArchMap       []Architecture `json:"archMap,omitempty"`
-	Syscalls      []*Syscall     `json:"syscalls"`
-}
-
-// Architecture is used to represent a specific architecture
-// and its sub-architectures
-type Architecture struct {
-	Arch      Arch   `json:"architecture"`
-	SubArches []Arch `json:"subArchitectures"`
-}
-
-// Arch used for architectures
-type Arch string
-
-// Additional architectures permitted to be used for system calls
-// By default only the native architecture of the kernel is permitted
-const (
-	ArchX86         Arch = "SCMP_ARCH_X86"
-	ArchX86_64      Arch = "SCMP_ARCH_X86_64"
-	ArchX32         Arch = "SCMP_ARCH_X32"
-	ArchARM         Arch = "SCMP_ARCH_ARM"
-	ArchAARCH64     Arch = "SCMP_ARCH_AARCH64"
-	ArchMIPS        Arch = "SCMP_ARCH_MIPS"
-	ArchMIPS64      Arch = "SCMP_ARCH_MIPS64"
-	ArchMIPS64N32   Arch = "SCMP_ARCH_MIPS64N32"
-	ArchMIPSEL      Arch = "SCMP_ARCH_MIPSEL"
-	ArchMIPSEL64    Arch = "SCMP_ARCH_MIPSEL64"
-	ArchMIPSEL64N32 Arch = "SCMP_ARCH_MIPSEL64N32"
-	ArchPPC         Arch = "SCMP_ARCH_PPC"
-	ArchPPC64       Arch = "SCMP_ARCH_PPC64"
-	ArchPPC64LE     Arch = "SCMP_ARCH_PPC64LE"
-	ArchS390        Arch = "SCMP_ARCH_S390"
-	ArchS390X       Arch = "SCMP_ARCH_S390X"
-)
-
-// Action taken upon Seccomp rule match
-type Action string
-
-// Define actions for Seccomp rules
-const (
-	ActKill  Action = "SCMP_ACT_KILL"
-	ActTrap  Action = "SCMP_ACT_TRAP"
-	ActErrno Action = "SCMP_ACT_ERRNO"
-	ActTrace Action = "SCMP_ACT_TRACE"
-	ActAllow Action = "SCMP_ACT_ALLOW"
-)
-
-// Operator used to match syscall arguments in Seccomp
-type Operator string
-
-// Define operators for syscall arguments in Seccomp
-const (
-	OpNotEqual     Operator = "SCMP_CMP_NE"
-	OpLessThan     Operator = "SCMP_CMP_LT"
-	OpLessEqual    Operator = "SCMP_CMP_LE"
-	OpEqualTo      Operator = "SCMP_CMP_EQ"
-	OpGreaterEqual Operator = "SCMP_CMP_GE"
-	OpGreaterThan  Operator = "SCMP_CMP_GT"
-	OpMaskedEqual  Operator = "SCMP_CMP_MASKED_EQ"
-)
-
-// Arg used for matching specific syscall arguments in Seccomp
-type Arg struct {
-	Index    uint     `json:"index"`
-	Value    uint64   `json:"value"`
-	ValueTwo uint64   `json:"valueTwo"`
-	Op       Operator `json:"op"`
-}
-
-// Filter is used to conditionally apply Seccomp rules
-type Filter struct {
-	Caps   []string `json:"caps,omitempty"`
-	Arches []string `json:"arches,omitempty"`
-}
-
-// Syscall is used to match a group of syscalls in Seccomp
-type Syscall struct {
-	Name     string   `json:"name,omitempty"`
-	Names    []string `json:"names,omitempty"`
-	Action   Action   `json:"action"`
-	Args     []*Arg   `json:"args"`
-	Comment  string   `json:"comment"`
-	Includes Filter   `json:"includes"`
-	Excludes Filter   `json:"excludes"`
-}
diff --git a/api/types/swarm/config.go b/api/types/swarm/config.go
index a1555cf43eeeb..16202ccce6151 100644
--- a/api/types/swarm/config.go
+++ b/api/types/swarm/config.go
@@ -27,9 +27,14 @@ type ConfigReferenceFileTarget struct {
 	Mode os.FileMode
 }
 
+// ConfigReferenceRuntimeTarget is a target for a config specifying that it
+// isn't mounted into the container but instead has some other purpose.
+type ConfigReferenceRuntimeTarget struct{}
+
 // ConfigReference is a reference to a config in swarm
 type ConfigReference struct {
-	File       *ConfigReferenceFileTarget
+	File       *ConfigReferenceFileTarget    `json:",omitempty"`
+	Runtime    *ConfigReferenceRuntimeTarget `json:",omitempty"`
 	ConfigID   string
 	ConfigName string
 }
diff --git a/api/types/swarm/container.go b/api/types/swarm/container.go
index e12f09837fce8..af5e1c0bc2799 100644
--- a/api/types/swarm/container.go
+++ b/api/types/swarm/container.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/go-units"
 )
 
 // DNSConfig specifies DNS related configurations in resolver configuration file (resolv.conf)
@@ -33,6 +34,7 @@ type SELinuxContext struct {
 
 // CredentialSpec for managed service account (Windows only)
 type CredentialSpec struct {
+	Config   string
 	File     string
 	Registry string
 }
@@ -66,10 +68,13 @@ type ContainerSpec struct {
 	// The format of extra hosts on swarmkit is specified in:
 	// http://man7.org/linux/man-pages/man5/hosts.5.html
 	//    IP_address canonical_hostname [aliases...]
-	Hosts     []string            `json:",omitempty"`
-	DNSConfig *DNSConfig          `json:",omitempty"`
-	Secrets   []*SecretReference  `json:",omitempty"`
-	Configs   []*ConfigReference  `json:",omitempty"`
-	Isolation container.Isolation `json:",omitempty"`
-	Sysctls   map[string]string   `json:",omitempty"`
+	Hosts          []string            `json:",omitempty"`
+	DNSConfig      *DNSConfig          `json:",omitempty"`
+	Secrets        []*SecretReference  `json:",omitempty"`
+	Configs        []*ConfigReference  `json:",omitempty"`
+	Isolation      container.Isolation `json:",omitempty"`
+	Sysctls        map[string]string   `json:",omitempty"`
+	CapabilityAdd  []string            `json:",omitempty"`
+	CapabilityDrop []string            `json:",omitempty"`
+	Ulimits        []*units.Ulimit     `json:",omitempty"`
 }
diff --git a/api/types/swarm/runtime/plugin.pb.go b/api/types/swarm/runtime/plugin.pb.go
index 1fdc9b0436135..e45045866a6ea 100644
--- a/api/types/swarm/runtime/plugin.pb.go
+++ b/api/types/swarm/runtime/plugin.pb.go
@@ -1,6 +1,5 @@
-// Code generated by protoc-gen-gogo.
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: plugin.proto
-// DO NOT EDIT!
 
 /*
 	Package runtime is a generated protocol buffer package.
@@ -38,6 +37,7 @@ type PluginSpec struct {
 	Remote     string             `protobuf:"bytes,2,opt,name=remote,proto3" json:"remote,omitempty"`
 	Privileges []*PluginPrivilege `protobuf:"bytes,3,rep,name=privileges" json:"privileges,omitempty"`
 	Disabled   bool               `protobuf:"varint,4,opt,name=disabled,proto3" json:"disabled,omitempty"`
+	Env        []string           `protobuf:"bytes,5,rep,name=env" json:"env,omitempty"`
 }
 
 func (m *PluginSpec) Reset()                    { *m = PluginSpec{} }
@@ -73,6 +73,13 @@ func (m *PluginSpec) GetDisabled() bool {
 	return false
 }
 
+func (m *PluginSpec) GetEnv() []string {
+	if m != nil {
+		return m.Env
+	}
+	return nil
+}
+
 // PluginPrivilege describes a permission the user has to accept
 // upon installing a plugin.
 type PluginPrivilege struct {
@@ -160,6 +167,21 @@ func (m *PluginSpec) MarshalTo(dAtA []byte) (int, error) {
 		}
 		i++
 	}
+	if len(m.Env) > 0 {
+		for _, s := range m.Env {
+			dAtA[i] = 0x2a
+			i++
+			l = len(s)
+			for l >= 1<<7 {
+				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+				l >>= 7
+				i++
+			}
+			dAtA[i] = uint8(l)
+			i++
+			i += copy(dAtA[i:], s)
+		}
+	}
 	return i, nil
 }
 
@@ -208,24 +230,6 @@ func (m *PluginPrivilege) MarshalTo(dAtA []byte) (int, error) {
 	return i, nil
 }
 
-func encodeFixed64Plugin(dAtA []byte, offset int, v uint64) int {
-	dAtA[offset] = uint8(v)
-	dAtA[offset+1] = uint8(v >> 8)
-	dAtA[offset+2] = uint8(v >> 16)
-	dAtA[offset+3] = uint8(v >> 24)
-	dAtA[offset+4] = uint8(v >> 32)
-	dAtA[offset+5] = uint8(v >> 40)
-	dAtA[offset+6] = uint8(v >> 48)
-	dAtA[offset+7] = uint8(v >> 56)
-	return offset + 8
-}
-func encodeFixed32Plugin(dAtA []byte, offset int, v uint32) int {
-	dAtA[offset] = uint8(v)
-	dAtA[offset+1] = uint8(v >> 8)
-	dAtA[offset+2] = uint8(v >> 16)
-	dAtA[offset+3] = uint8(v >> 24)
-	return offset + 4
-}
 func encodeVarintPlugin(dAtA []byte, offset int, v uint64) int {
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
@@ -255,6 +259,12 @@ func (m *PluginSpec) Size() (n int) {
 	if m.Disabled {
 		n += 2
 	}
+	if len(m.Env) > 0 {
+		for _, s := range m.Env {
+			l = len(s)
+			n += 1 + l + sovPlugin(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -429,6 +439,35 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				}
 			}
 			m.Disabled = bool(v != 0)
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Env", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Env = append(m.Env, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipPlugin(dAtA[iNdEx:])
@@ -695,18 +734,21 @@ var (
 func init() { proto.RegisterFile("plugin.proto", fileDescriptorPlugin) }
 
 var fileDescriptorPlugin = []byte{
-	// 196 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xe2, 0x29, 0xc8, 0x29, 0x4d,
-	0xcf, 0xcc, 0xd3, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x57, 0x6a, 0x63, 0xe4, 0xe2, 0x0a, 0x00, 0x0b,
-	0x04, 0x17, 0xa4, 0x26, 0x0b, 0x09, 0x71, 0xb1, 0xe4, 0x25, 0xe6, 0xa6, 0x4a, 0x30, 0x2a, 0x30,
-	0x6a, 0x70, 0x06, 0x81, 0xd9, 0x42, 0x62, 0x5c, 0x6c, 0x45, 0xa9, 0xb9, 0xf9, 0x25, 0xa9, 0x12,
-	0x4c, 0x60, 0x51, 0x28, 0x4f, 0xc8, 0x80, 0x8b, 0xab, 0xa0, 0x28, 0xb3, 0x2c, 0x33, 0x27, 0x35,
-	0x3d, 0xb5, 0x58, 0x82, 0x59, 0x81, 0x59, 0x83, 0xdb, 0x48, 0x40, 0x0f, 0x62, 0x58, 0x00, 0x4c,
-	0x22, 0x08, 0x49, 0x8d, 0x90, 0x14, 0x17, 0x47, 0x4a, 0x66, 0x71, 0x62, 0x52, 0x4e, 0x6a, 0x8a,
-	0x04, 0x8b, 0x02, 0xa3, 0x06, 0x47, 0x10, 0x9c, 0xaf, 0x14, 0xcb, 0xc5, 0x8f, 0xa6, 0x15, 0xab,
-	0x63, 0x14, 0xb8, 0xb8, 0x53, 0x52, 0x8b, 0x93, 0x8b, 0x32, 0x0b, 0x4a, 0x32, 0xf3, 0xf3, 0xa0,
-	0x2e, 0x42, 0x16, 0x12, 0x12, 0xe1, 0x62, 0x2d, 0x4b, 0xcc, 0x29, 0x4d, 0x05, 0xbb, 0x88, 0x33,
-	0x08, 0xc2, 0x71, 0xe2, 0x39, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4,
-	0x18, 0x93, 0xd8, 0xc0, 0x9e, 0x37, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0xb8, 0x84, 0xad, 0x79,
-	0x0c, 0x01, 0x00, 0x00,
+	// 256 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x90, 0x4d, 0x4b, 0xc3, 0x30,
+	0x18, 0xc7, 0x89, 0xdd, 0xc6, 0xfa, 0x4c, 0x70, 0x04, 0x91, 0xe2, 0xa1, 0x94, 0x9d, 0x7a, 0x6a,
+	0x45, 0x2f, 0x82, 0x37, 0x0f, 0x9e, 0x47, 0xbc, 0x09, 0x1e, 0xd2, 0xf6, 0xa1, 0x06, 0x9b, 0x17,
+	0x92, 0xb4, 0xe2, 0x37, 0xf1, 0x23, 0x79, 0xf4, 0x23, 0x48, 0x3f, 0x89, 0x98, 0x75, 0x32, 0x64,
+	0xa7, 0xff, 0x4b, 0xc2, 0x9f, 0x1f, 0x0f, 0x9c, 0x9a, 0xae, 0x6f, 0x85, 0x2a, 0x8c, 0xd5, 0x5e,
+	0x6f, 0x3e, 0x08, 0xc0, 0x36, 0x14, 0x8f, 0x06, 0x6b, 0x4a, 0x61, 0xa6, 0xb8, 0xc4, 0x84, 0x64,
+	0x24, 0x8f, 0x59, 0xf0, 0xf4, 0x02, 0x16, 0x16, 0xa5, 0xf6, 0x98, 0x9c, 0x84, 0x76, 0x4a, 0xf4,
+	0x0a, 0xc0, 0x58, 0x31, 0x88, 0x0e, 0x5b, 0x74, 0x49, 0x94, 0x45, 0xf9, 0xea, 0x7a, 0x5d, 0xec,
+	0xc6, 0xb6, 0xfb, 0x07, 0x76, 0xf0, 0x87, 0x5e, 0xc2, 0xb2, 0x11, 0x8e, 0x57, 0x1d, 0x36, 0xc9,
+	0x2c, 0x23, 0xf9, 0x92, 0xfd, 0x65, 0xba, 0x86, 0x08, 0xd5, 0x90, 0xcc, 0xb3, 0x28, 0x8f, 0xd9,
+	0xaf, 0xdd, 0x3c, 0xc3, 0xd9, 0xbf, 0xb1, 0xa3, 0x78, 0x19, 0xac, 0x1a, 0x74, 0xb5, 0x15, 0xc6,
+	0x0b, 0xad, 0x26, 0xc6, 0xc3, 0x8a, 0x9e, 0xc3, 0x7c, 0xe0, 0x5d, 0x8f, 0x81, 0x31, 0x66, 0xbb,
+	0x70, 0xff, 0xf0, 0x39, 0xa6, 0xe4, 0x6b, 0x4c, 0xc9, 0xf7, 0x98, 0x92, 0xa7, 0xdb, 0x56, 0xf8,
+	0x97, 0xbe, 0x2a, 0x6a, 0x2d, 0xcb, 0x46, 0xd7, 0xaf, 0x68, 0xf7, 0xc2, 0x8d, 0x28, 0xfd, 0xbb,
+	0x41, 0x57, 0xba, 0x37, 0x6e, 0x65, 0x69, 0x7b, 0xe5, 0x85, 0xc4, 0xbb, 0x49, 0xab, 0x45, 0x38,
+	0xe4, 0xcd, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x99, 0xa8, 0xd9, 0x9b, 0x58, 0x01, 0x00, 0x00,
 }
diff --git a/api/types/swarm/runtime/plugin.proto b/api/types/swarm/runtime/plugin.proto
index 6d63b7783fd9f..9ef169046b4fa 100644
--- a/api/types/swarm/runtime/plugin.proto
+++ b/api/types/swarm/runtime/plugin.proto
@@ -9,6 +9,7 @@ message PluginSpec {
 	string remote = 2;
 	repeated PluginPrivilege privileges = 3;
 	bool disabled = 4;
+	repeated string env = 5;
 }
 
 // PluginPrivilege describes a permission the user has to accept
diff --git a/api/types/swarm/service.go b/api/types/swarm/service.go
index abf192e759414..6eb452d24d122 100644
--- a/api/types/swarm/service.go
+++ b/api/types/swarm/service.go
@@ -10,6 +10,17 @@ type Service struct {
 	PreviousSpec *ServiceSpec  `json:",omitempty"`
 	Endpoint     Endpoint      `json:",omitempty"`
 	UpdateStatus *UpdateStatus `json:",omitempty"`
+
+	// ServiceStatus is an optional, extra field indicating the number of
+	// desired and running tasks. It is provided primarily as a shortcut to
+	// calculating these values client-side, which otherwise would require
+	// listing all tasks for a service, an operation that could be
+	// computation and network expensive.
+	ServiceStatus *ServiceStatus `json:",omitempty"`
+
+	// JobStatus is the status of a Service which is in one of ReplicatedJob or
+	// GlobalJob modes. It is absent on Replicated and Global services.
+	JobStatus *JobStatus `json:",omitempty"`
 }
 
 // ServiceSpec represents the spec of a service.
@@ -32,8 +43,10 @@ type ServiceSpec struct {
 
 // ServiceMode represents the mode of a service.
 type ServiceMode struct {
-	Replicated *ReplicatedService `json:",omitempty"`
-	Global     *GlobalService     `json:",omitempty"`
+	Replicated    *ReplicatedService `json:",omitempty"`
+	Global        *GlobalService     `json:",omitempty"`
+	ReplicatedJob *ReplicatedJob     `json:",omitempty"`
+	GlobalJob     *GlobalJob         `json:",omitempty"`
 }
 
 // UpdateState is the state of a service update.
@@ -70,6 +83,32 @@ type ReplicatedService struct {
 // GlobalService is a kind of ServiceMode.
 type GlobalService struct{}
 
+// ReplicatedJob is the a type of Service which executes a defined Tasks
+// in parallel until the specified number of Tasks have succeeded.
+type ReplicatedJob struct {
+	// MaxConcurrent indicates the maximum number of Tasks that should be
+	// executing simultaneously for this job at any given time. There may be
+	// fewer Tasks that MaxConcurrent executing simultaneously; for example, if
+	// there are fewer than MaxConcurrent tasks needed to reach
+	// TotalCompletions.
+	//
+	// If this field is empty, it will default to a max concurrency of 1.
+	MaxConcurrent *uint64 `json:",omitempty"`
+
+	// TotalCompletions is the total number of Tasks desired to run to
+	// completion.
+	//
+	// If this field is empty, the value of MaxConcurrent will be used.
+	TotalCompletions *uint64 `json:",omitempty"`
+}
+
+// GlobalJob is the type of a Service which executes a Task on every Node
+// matching the Service's placement constraints. These tasks run to completion
+// and then exit.
+//
+// This type is deliberately empty.
+type GlobalJob struct{}
+
 const (
 	// UpdateFailureActionPause PAUSE
 	UpdateFailureActionPause = "pause"
@@ -122,3 +161,42 @@ type UpdateConfig struct {
 	// started, or the new task is started before the old task is shut down.
 	Order string
 }
+
+// ServiceStatus represents the number of running tasks in a service and the
+// number of tasks desired to be running.
+type ServiceStatus struct {
+	// RunningTasks is the number of tasks for the service actually in the
+	// Running state
+	RunningTasks uint64
+
+	// DesiredTasks is the number of tasks desired to be running by the
+	// service. For replicated services, this is the replica count. For global
+	// services, this is computed by taking the number of tasks with desired
+	// state of not-Shutdown.
+	DesiredTasks uint64
+
+	// CompletedTasks is the number of tasks in the state Completed, if this
+	// service is in ReplicatedJob or GlobalJob mode. This field must be
+	// cross-referenced with the service type, because the default value of 0
+	// may mean that a service is not in a job mode, or it may mean that the
+	// job has yet to complete any tasks.
+	CompletedTasks uint64
+}
+
+// JobStatus is the status of a job-type service.
+type JobStatus struct {
+	// JobIteration is a value increased each time a Job is executed,
+	// successfully or otherwise. "Executed", in this case, means the job as a
+	// whole has been started, not that an individual Task has been launched. A
+	// job is "Executed" when its ServiceSpec is updated. JobIteration can be
+	// used to disambiguate Tasks belonging to different executions of a job.
+	//
+	// Though JobIteration will increase with each subsequent execution, it may
+	// not necessarily increase by 1, and so JobIteration should not be used to
+	// keep track of the number of times a job has been executed.
+	JobIteration Version
+
+	// LastExecution is the time that the job was last executed, as observed by
+	// Swarm manager.
+	LastExecution time.Time `json:",omitempty"`
+}
diff --git a/api/types/swarm/swarm.go b/api/types/swarm/swarm.go
index b742cf1bfbb31..b25f9996462e0 100644
--- a/api/types/swarm/swarm.go
+++ b/api/types/swarm/swarm.go
@@ -14,6 +14,7 @@ type ClusterInfo struct {
 	RootRotationInProgress bool
 	DefaultAddrPool        []string
 	SubnetSize             uint32
+	DataPathPort           uint32
 }
 
 // Swarm represents a swarm.
@@ -153,6 +154,7 @@ type InitRequest struct {
 	ListenAddr       string
 	AdvertiseAddr    string
 	DataPathAddr     string
+	DataPathPort     uint32
 	ForceNewCluster  bool
 	Spec             Spec
 	AutoLockManagers bool
@@ -207,6 +209,8 @@ type Info struct {
 	Managers       int `json:",omitempty"`
 
 	Cluster *ClusterInfo `json:",omitempty"`
+
+	Warnings []string `json:",omitempty"`
 }
 
 // Peer represents a peer.
diff --git a/api/types/swarm/task.go b/api/types/swarm/task.go
index b35605d12fd2a..a6f7ab7b5c790 100644
--- a/api/types/swarm/task.go
+++ b/api/types/swarm/task.go
@@ -56,6 +56,12 @@ type Task struct {
 	DesiredState        TaskState           `json:",omitempty"`
 	NetworksAttachments []NetworkAttachment `json:",omitempty"`
 	GenericResources    []GenericResource   `json:",omitempty"`
+
+	// JobIteration is the JobIteration of the Service that this Task was
+	// spawned from, if the Service is a ReplicatedJob or GlobalJob. This is
+	// used to determine which Tasks belong to which run of the job. This field
+	// is absent if the Service mode is Replicated or Global.
+	JobIteration *Version `json:",omitempty"`
 }
 
 // TaskSpec represents the spec of a task.
@@ -85,13 +91,21 @@ type TaskSpec struct {
 	Runtime RuntimeType `json:",omitempty"`
 }
 
-// Resources represents resources (CPU/Memory).
+// Resources represents resources (CPU/Memory) which can be advertised by a
+// node and requested to be reserved for a task.
 type Resources struct {
 	NanoCPUs         int64             `json:",omitempty"`
 	MemoryBytes      int64             `json:",omitempty"`
 	GenericResources []GenericResource `json:",omitempty"`
 }
 
+// Limit describes limits on resources which can be requested by a task.
+type Limit struct {
+	NanoCPUs    int64 `json:",omitempty"`
+	MemoryBytes int64 `json:",omitempty"`
+	Pids        int64 `json:",omitempty"`
+}
+
 // GenericResource represents a "user defined" resource which can
 // be either an integer (e.g: SSD=3) or a string (e.g: SSD=sda1)
 type GenericResource struct {
@@ -119,7 +133,7 @@ type DiscreteGenericResource struct {
 
 // ResourceRequirements represents resources requirements.
 type ResourceRequirements struct {
-	Limits       *Resources `json:",omitempty"`
+	Limits       *Limit     `json:",omitempty"`
 	Reservations *Resources `json:",omitempty"`
 }
 
@@ -127,6 +141,7 @@ type ResourceRequirements struct {
 type Placement struct {
 	Constraints []string              `json:",omitempty"`
 	Preferences []PlacementPreference `json:",omitempty"`
+	MaxReplicas uint64                `json:",omitempty"`
 
 	// Platforms stores all the platforms that the image can run on.
 	// This field is used in the platform filter for scheduling. If empty,
diff --git a/api/types/types.go b/api/types/types.go
index a8fae3ba32d76..a186550d72421 100644
--- a/api/types/types.go
+++ b/api/types/types.go
@@ -39,6 +39,7 @@ type ImageInspect struct {
 	Author          string
 	Config          *container.Config
 	Architecture    string
+	Variant         string `json:",omitempty"`
 	Os              string
 	OsVersion       string `json:",omitempty"`
 	Size            int64
@@ -153,15 +154,17 @@ type Info struct {
 	Images             int
 	Driver             string
 	DriverStatus       [][2]string
-	SystemStatus       [][2]string
+	SystemStatus       [][2]string `json:",omitempty"` // SystemStatus is only propagated by the Swarm standalone API
 	Plugins            PluginsInfo
 	MemoryLimit        bool
 	SwapLimit          bool
-	KernelMemory       bool
+	KernelMemory       bool // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
+	KernelMemoryTCP    bool
 	CPUCfsPeriod       bool `json:"CpuCfsPeriod"`
 	CPUCfsQuota        bool `json:"CpuCfsQuota"`
 	CPUShares          bool
 	CPUSet             bool
+	PidsLimit          bool
 	IPv4Forwarding     bool
 	BridgeNfIptables   bool
 	BridgeNfIP6tables  bool `json:"BridgeNfIp6tables"`
@@ -172,9 +175,11 @@ type Info struct {
 	SystemTime         string
 	LoggingDriver      string
 	CgroupDriver       string
+	CgroupVersion      string `json:",omitempty"`
 	NEventsListener    int
 	KernelVersion      string
 	OperatingSystem    string
+	OSVersion          string
 	OSType             string
 	Architecture       string
 	IndexServerAddress string
@@ -190,23 +195,29 @@ type Info struct {
 	Labels             []string
 	ExperimentalBuild  bool
 	ServerVersion      string
-	ClusterStore       string
-	ClusterAdvertise   string
+	ClusterStore       string `json:",omitempty"` // Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
+	ClusterAdvertise   string `json:",omitempty"` // Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
 	Runtimes           map[string]Runtime
 	DefaultRuntime     string
 	Swarm              swarm.Info
 	// LiveRestoreEnabled determines whether containers should be kept
 	// running when the daemon is shutdown or upon daemon start if
 	// running containers are detected
-	LiveRestoreEnabled bool
-	Isolation          container.Isolation
-	InitBinary         string
-	ContainerdCommit   Commit
-	RuncCommit         Commit
-	InitCommit         Commit
-	SecurityOptions    []string
-	ProductLicense     string `json:",omitempty"`
-	Warnings           []string
+	LiveRestoreEnabled  bool
+	Isolation           container.Isolation
+	InitBinary          string
+	ContainerdCommit    Commit
+	RuncCommit          Commit
+	InitCommit          Commit
+	SecurityOptions     []string
+	ProductLicense      string               `json:",omitempty"`
+	DefaultAddressPools []NetworkAddressPool `json:",omitempty"`
+
+	// Warnings contains a slice of warnings that occurred  while collecting
+	// system information. These warnings are intended to be informational
+	// messages for the user, and are not intended to be parsed / used for
+	// other purposes, as they do not have a fixed format.
+	Warnings []string
 }
 
 // KeyValue holds a key/value pair
@@ -214,6 +225,12 @@ type KeyValue struct {
 	Key, Value string
 }
 
+// NetworkAddressPool is a temp struct used by Info struct
+type NetworkAddressPool struct {
+	Base string
+	Size int
+}
+
 // SecurityOpt contains the name and options of a security option
 type SecurityOpt struct {
 	Name    string
@@ -314,7 +331,7 @@ type ContainerState struct {
 }
 
 // ContainerNode stores information about the node that a container
-// is running on.  It's only available in Docker Swarm
+// is running on.  It's only used by the Docker Swarm standalone API
 type ContainerNode struct {
 	ID        string
 	IPAddress string `json:"IP"`
@@ -338,7 +355,7 @@ type ContainerJSONBase struct {
 	HostnamePath    string
 	HostsPath       string
 	LogPath         string
-	Node            *ContainerNode `json:",omitempty"`
+	Node            *ContainerNode `json:",omitempty"` // Node is only propagated by Docker Swarm standalone API
 	Name            string
 	RestartCount    int
 	Driver          string
@@ -506,6 +523,37 @@ type Checkpoint struct {
 type Runtime struct {
 	Path string   `json:"path"`
 	Args []string `json:"runtimeArgs,omitempty"`
+
+	// This is exposed here only for internal use
+	// It is not currently supported to specify custom shim configs
+	Shim *ShimConfig `json:"-"`
+}
+
+// ShimConfig is used by runtime to configure containerd shims
+type ShimConfig struct {
+	Binary string
+	Opts   interface{}
+}
+
+// DiskUsageObject represents an object type used for disk usage query filtering.
+type DiskUsageObject string
+
+const (
+	// ContainerObject represents a container DiskUsageObject.
+	ContainerObject DiskUsageObject = "container"
+	// ImageObject represents an image DiskUsageObject.
+	ImageObject DiskUsageObject = "image"
+	// VolumeObject represents a volume DiskUsageObject.
+	VolumeObject DiskUsageObject = "volume"
+	// BuildCacheObject represents a build-cache DiskUsageObject.
+	BuildCacheObject DiskUsageObject = "build-cache"
+)
+
+// DiskUsageOptions holds parameters for system disk usage query.
+type DiskUsageOptions struct {
+	// Types specifies what object types to include in the response. If empty,
+	// all object types are returned.
+	Types []DiskUsageObject
 }
 
 // DiskUsage contains response of Engine API:
@@ -516,7 +564,7 @@ type DiskUsage struct {
 	Containers  []*Container
 	Volumes     []*Volume
 	BuildCache  []*BuildCache
-	BuilderSize int64 // deprecated
+	BuilderSize int64 `json:",omitempty"` // Deprecated: deprecated in API 1.38, and no longer used since API 1.40.
 }
 
 // ContainersPruneReport contains the response for Engine API:
diff --git a/api/types/versions/compare.go b/api/types/versions/compare.go
index 8ccb0aa92ebe4..489e917ee52a3 100644
--- a/api/types/versions/compare.go
+++ b/api/types/versions/compare.go
@@ -8,6 +8,9 @@ import (
 // compare compares two version strings
 // returns -1 if v1 < v2, 1 if v1 > v2, 0 otherwise.
 func compare(v1, v2 string) int {
+	if v1 == v2 {
+		return 0
+	}
 	var (
 		currTab  = strings.Split(v1, ".")
 		otherTab = strings.Split(v2, ".")
diff --git a/api/types/volume.go b/api/types/volume.go
index b5ee96a500586..c69b08448df4c 100644
--- a/api/types/volume.go
+++ b/api/types/volume.go
@@ -27,10 +27,13 @@ type Volume struct {
 	Name string `json:"Name"`
 
 	// The driver specific options used when creating the volume.
+	//
 	// Required: true
 	Options map[string]string `json:"Options"`
 
-	// The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level.
+	// The level at which the volume exists. Either `global` for cluster-wide,
+	// or `local` for machine level.
+	//
 	// Required: true
 	Scope string `json:"Scope"`
 
diff --git a/api/types/volume/volume_create.go b/api/types/volume/volume_create.go
index f12e48612c56c..8538078dd663c 100644
--- a/api/types/volume/volume_create.go
+++ b/api/types/volume/volume_create.go
@@ -1,8 +1,7 @@
-package volume
+package volume // import "github.com/docker/docker/api/types/volume"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
@@ -15,7 +14,9 @@ type VolumeCreateBody struct {
 	// Required: true
 	Driver string `json:"Driver"`
 
-	// A mapping of driver options and values. These options are passed directly to the driver and are driver specific.
+	// A mapping of driver options and values. These options are
+	// passed directly to the driver and are driver specific.
+	//
 	// Required: true
 	DriverOpts map[string]string `json:"DriverOpts"`
 
@@ -24,6 +25,7 @@ type VolumeCreateBody struct {
 	Labels map[string]string `json:"Labels"`
 
 	// The new volume's name. If not specified, Docker generates a name.
+	//
 	// Required: true
 	Name string `json:"Name"`
 }
diff --git a/api/types/volume/volume_list.go b/api/types/volume/volume_list.go
index 020198f7371bc..be06179bf488d 100644
--- a/api/types/volume/volume_list.go
+++ b/api/types/volume/volume_list.go
@@ -1,8 +1,7 @@
-package volume
+package volume // import "github.com/docker/docker/api/types/volume"
 
 // ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
+// Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
@@ -17,7 +16,8 @@ type VolumeListOKBody struct {
 	// Required: true
 	Volumes []*types.Volume `json:"Volumes"`
 
-	// Warnings that occurred when fetching the list of volumes
+	// Warnings that occurred when fetching the list of volumes.
+	//
 	// Required: true
 	Warnings []string `json:"Warnings"`
 }
diff --git a/builder/builder-next/adapters/containerimage/pull.go b/builder/builder-next/adapters/containerimage/pull.go
index f94b4ebe9eb69..0926b36ade4b7 100644
--- a/builder/builder-next/adapters/containerimage/pull.go
+++ b/builder/builder-next/adapters/containerimage/pull.go
@@ -5,20 +5,23 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
+	"path"
 	"runtime"
 	"sync"
 	"time"
 
 	"github.com/containerd/containerd/content"
-	"github.com/containerd/containerd/errdefs"
+	containerderrors "github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/gc"
 	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/leases"
 	"github.com/containerd/containerd/platforms"
 	ctdreference "github.com/containerd/containerd/reference"
 	"github.com/containerd/containerd/remotes"
 	"github.com/containerd/containerd/remotes/docker"
 	"github.com/containerd/containerd/remotes/docker/schema1"
 	distreference "github.com/docker/distribution/reference"
+	dimages "github.com/docker/docker/daemon/images"
 	"github.com/docker/docker/distribution"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/distribution/xfer"
@@ -27,83 +30,54 @@ import (
 	pkgprogress "github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/reference"
 	"github.com/moby/buildkit/cache"
-	gw "github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/session"
-	"github.com/moby/buildkit/session/auth"
+	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/source"
 	"github.com/moby/buildkit/util/flightcontrol"
 	"github.com/moby/buildkit/util/imageutil"
+	"github.com/moby/buildkit/util/leaseutil"
 	"github.com/moby/buildkit/util/progress"
 	"github.com/moby/buildkit/util/resolver"
-	"github.com/moby/buildkit/util/tracing"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/opencontainers/image-spec/identity"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/time/rate"
 )
 
 // SourceOpt is options for creating the image source
 type SourceOpt struct {
-	SessionManager  *session.Manager
 	ContentStore    content.Store
 	CacheAccessor   cache.Accessor
 	ReferenceStore  reference.Store
 	DownloadManager distribution.RootFSDownloadManager
 	MetadataStore   metadata.V2MetadataService
 	ImageStore      image.Store
-	ResolverOpt     resolver.ResolveOptionsFunc
+	RegistryHosts   docker.RegistryHosts
+	LayerStore      layer.Store
+	LeaseManager    leases.Manager
+	GarbageCollect  func(ctx context.Context) (gc.Stats, error)
 }
 
-type imageSource struct {
+// Source is the source implementation for accessing container images
+type Source struct {
 	SourceOpt
 	g flightcontrol.Group
 }
 
 // NewSource creates a new image source
-func NewSource(opt SourceOpt) (source.Source, error) {
-	is := &imageSource{
-		SourceOpt: opt,
-	}
-
-	return is, nil
+func NewSource(opt SourceOpt) (*Source, error) {
+	return &Source{SourceOpt: opt}, nil
 }
 
-func (is *imageSource) ID() string {
+// ID returns image scheme identifier
+func (is *Source) ID() string {
 	return source.DockerImageScheme
 }
 
-func (is *imageSource) getResolver(ctx context.Context, rfn resolver.ResolveOptionsFunc, ref string) remotes.Resolver {
-	opt := docker.ResolverOptions{
-		Client:      tracing.DefaultClient,
-		Credentials: is.getCredentialsFromSession(ctx),
-	}
-	if rfn != nil {
-		opt = rfn(ref)
-	}
-	r := docker.NewResolver(opt)
-	return r
-}
-
-func (is *imageSource) getCredentialsFromSession(ctx context.Context) func(string) (string, string, error) {
-	id := session.FromContext(ctx)
-	if id == "" {
-		return nil
-	}
-	return func(host string) (string, string, error) {
-		timeoutCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-		defer cancel()
-
-		caller, err := is.SessionManager.Get(timeoutCtx, id)
-		if err != nil {
-			return "", "", err
-		}
-
-		return auth.CredentialsFunc(tracing.ContextWithSpanFromContext(context.TODO(), ctx), caller)(host)
-	}
-}
-
-func (is *imageSource) resolveLocal(refStr string) ([]byte, error) {
+func (is *Source) resolveLocal(refStr string) (*image.Image, error) {
 	ref, err := distreference.ParseNormalizedNamed(refStr)
 	if err != nil {
 		return nil, err
@@ -116,16 +90,23 @@ func (is *imageSource) resolveLocal(refStr string) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	return img.RawJSON(), nil
+	return img, nil
 }
 
-func (is *imageSource) resolveRemote(ctx context.Context, ref string, platform *ocispec.Platform) (digest.Digest, []byte, error) {
+func (is *Source) resolveRemote(ctx context.Context, ref string, platform *ocispec.Platform, sm *session.Manager, g session.Group) (digest.Digest, []byte, error) {
 	type t struct {
 		dgst digest.Digest
 		dt   []byte
 	}
-	res, err := is.g.Do(ctx, ref, func(ctx context.Context) (interface{}, error) {
-		dgst, dt, err := imageutil.Config(ctx, ref, is.getResolver(ctx, is.ResolverOpt, ref), is.ContentStore, platform)
+	p := platforms.DefaultSpec()
+	if platform != nil {
+		p = *platform
+	}
+	// key is used to synchronize resolutions that can happen in parallel when doing multi-stage.
+	key := "getconfig::" + ref + "::" + platforms.Format(p)
+	res, err := is.g.Do(ctx, key, func(ctx context.Context) (interface{}, error) {
+		res := resolver.DefaultPool.GetResolver(is.RegistryHosts, ref, "pull", sm, g)
+		dgst, dt, err := imageutil.Config(ctx, ref, res, is.ContentStore, is.LeaseManager, platform)
 		if err != nil {
 			return nil, err
 		}
@@ -139,14 +120,15 @@ func (is *imageSource) resolveRemote(ctx context.Context, ref string, platform *
 	return typed.dgst, typed.dt, nil
 }
 
-func (is *imageSource) ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (digest.Digest, []byte, error) {
+// ResolveImageConfig returns image config for an image
+func (is *Source) ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt, sm *session.Manager, g session.Group) (digest.Digest, []byte, error) {
 	resolveMode, err := source.ParseImageResolveMode(opt.ResolveMode)
 	if err != nil {
 		return "", nil, err
 	}
 	switch resolveMode {
 	case source.ResolveModeForcePull:
-		dgst, dt, err := is.resolveRemote(ctx, ref, opt.Platform)
+		dgst, dt, err := is.resolveRemote(ctx, ref, opt.Platform, sm, g)
 		// TODO: pull should fallback to local in case of failure to allow offline behavior
 		// the fallback doesn't work currently
 		return dgst, dt, err
@@ -163,18 +145,26 @@ func (is *imageSource) ResolveImageConfig(ctx context.Context, ref string, opt g
 		// default == prefer local, but in the future could be smarter
 		fallthrough
 	case source.ResolveModePreferLocal:
-		dt, err := is.resolveLocal(ref)
+		img, err := is.resolveLocal(ref)
 		if err == nil {
-			return "", dt, err
+			if opt.Platform != nil && !platformMatches(img, opt.Platform) {
+				logrus.WithField("ref", ref).Debugf("Requested build platform %s does not match local image platform %s, checking remote",
+					path.Join(opt.Platform.OS, opt.Platform.Architecture, opt.Platform.Variant),
+					path.Join(img.OS, img.Architecture, img.Variant),
+				)
+			} else {
+				return "", img.RawJSON(), err
+			}
 		}
 		// fallback to remote
-		return is.resolveRemote(ctx, ref, opt.Platform)
+		return is.resolveRemote(ctx, ref, opt.Platform, sm, g)
 	}
 	// should never happen
 	return "", nil, fmt.Errorf("builder cannot resolve image %s: invalid mode %q", ref, opt.ResolveMode)
 }
 
-func (is *imageSource) Resolve(ctx context.Context, id source.Identifier) (source.SourceInstance, error) {
+// Resolve returns access to pulling for an identifier
+func (is *Source) Resolve(ctx context.Context, id source.Identifier, sm *session.Manager, vtx solver.Vertex) (source.SourceInstance, error) {
 	imageIdentifier, ok := id.(*source.ImageIdentifier)
 	if !ok {
 		return nil, errors.Errorf("invalid image identifier %v", id)
@@ -186,28 +176,32 @@ func (is *imageSource) Resolve(ctx context.Context, id source.Identifier) (sourc
 	}
 
 	p := &puller{
-		src:      imageIdentifier,
-		is:       is,
-		resolver: is.getResolver(ctx, is.ResolverOpt, imageIdentifier.Reference.String()),
+		src: imageIdentifier,
+		is:  is,
+		//resolver: is.getResolver(is.RegistryHosts, imageIdentifier.Reference.String(), sm, g),
 		platform: platform,
+		sm:       sm,
 	}
 	return p, nil
 }
 
 type puller struct {
-	is               *imageSource
-	resolveOnce      sync.Once
+	is               *Source
 	resolveLocalOnce sync.Once
+	g                flightcontrol.Group
 	src              *source.ImageIdentifier
 	desc             ocispec.Descriptor
 	ref              string
-	resolveErr       error
-	resolver         remotes.Resolver
 	config           []byte
 	platform         ocispec.Platform
+	sm               *session.Manager
+}
+
+func (p *puller) resolver(g session.Group) remotes.Resolver {
+	return resolver.DefaultPool.GetResolver(p.is.RegistryHosts, p.src.Reference.String(), "pull", p.sm, g)
 }
 
-func (p *puller) mainManifestKey(dgst digest.Digest, platform ocispec.Platform) (digest.Digest, error) {
+func (p *puller) mainManifestKey(platform ocispec.Platform) (digest.Digest, error) {
 	dt, err := json.Marshal(struct {
 		Digest  digest.Digest
 		OS      string
@@ -248,31 +242,38 @@ func (p *puller) resolveLocal() {
 		}
 
 		if p.src.ResolveMode == source.ResolveModeDefault || p.src.ResolveMode == source.ResolveModePreferLocal {
-			dt, err := p.is.resolveLocal(p.src.Reference.String())
+			ref := p.src.Reference.String()
+			img, err := p.is.resolveLocal(ref)
 			if err == nil {
-				p.config = dt
+				if !platformMatches(img, &p.platform) {
+					logrus.WithField("ref", ref).Debugf("Requested build platform %s does not match local image platform %s, not resolving",
+						path.Join(p.platform.OS, p.platform.Architecture, p.platform.Variant),
+						path.Join(img.OS, img.Architecture, img.Variant),
+					)
+				} else {
+					p.config = img.RawJSON()
+				}
 			}
 		}
 	})
 }
 
-func (p *puller) resolve(ctx context.Context) error {
-	p.resolveOnce.Do(func() {
+func (p *puller) resolve(ctx context.Context, g session.Group) error {
+	_, err := p.g.Do(ctx, "", func(ctx context.Context) (_ interface{}, err error) {
 		resolveProgressDone := oneOffProgress(ctx, "resolve "+p.src.Reference.String())
+		defer func() {
+			resolveProgressDone(err)
+		}()
 
 		ref, err := distreference.ParseNormalizedNamed(p.src.Reference.String())
 		if err != nil {
-			p.resolveErr = err
-			resolveProgressDone(err)
-			return
+			return nil, err
 		}
 
 		if p.desc.Digest == "" && p.config == nil {
-			origRef, desc, err := p.resolver.Resolve(ctx, ref.String())
+			origRef, desc, err := p.resolver(g).Resolve(ctx, ref.String())
 			if err != nil {
-				p.resolveErr = err
-				resolveProgressDone(err)
-				return
+				return nil, err
 			}
 
 			p.desc = desc
@@ -287,58 +288,90 @@ func (p *puller) resolve(ctx context.Context) error {
 		if p.config == nil && p.desc.MediaType != images.MediaTypeDockerSchema1Manifest {
 			ref, err := distreference.WithDigest(ref, p.desc.Digest)
 			if err != nil {
-				p.resolveErr = err
-				resolveProgressDone(err)
-				return
+				return nil, err
 			}
-			_, dt, err := p.is.ResolveImageConfig(ctx, ref.String(), gw.ResolveImageConfigOpt{Platform: &p.platform, ResolveMode: resolveModeToString(p.src.ResolveMode)})
+			_, dt, err := p.is.ResolveImageConfig(ctx, ref.String(), llb.ResolveImageConfigOpt{Platform: &p.platform, ResolveMode: resolveModeToString(p.src.ResolveMode)}, p.sm, g)
 			if err != nil {
-				p.resolveErr = err
-				resolveProgressDone(err)
-				return
+				return nil, err
 			}
 
 			p.config = dt
 		}
-		resolveProgressDone(nil)
+		return nil, nil
 	})
-	return p.resolveErr
+	return err
 }
 
-func (p *puller) CacheKey(ctx context.Context, index int) (string, bool, error) {
+func (p *puller) CacheKey(ctx context.Context, g session.Group, index int) (string, solver.CacheOpts, bool, error) {
 	p.resolveLocal()
 
 	if p.desc.Digest != "" && index == 0 {
-		dgst, err := p.mainManifestKey(p.desc.Digest, p.platform)
+		dgst, err := p.mainManifestKey(p.platform)
 		if err != nil {
-			return "", false, err
+			return "", nil, false, err
 		}
-		return dgst.String(), false, nil
+		return dgst.String(), nil, false, nil
 	}
 
 	if p.config != nil {
-		return cacheKeyFromConfig(p.config).String(), true, nil
+		k := cacheKeyFromConfig(p.config).String()
+		if k == "" {
+			return digest.FromBytes(p.config).String(), nil, true, nil
+		}
+		return k, nil, true, nil
 	}
 
-	if err := p.resolve(ctx); err != nil {
-		return "", false, err
+	if err := p.resolve(ctx, g); err != nil {
+		return "", nil, false, err
 	}
 
 	if p.desc.Digest != "" && index == 0 {
-		dgst, err := p.mainManifestKey(p.desc.Digest, p.platform)
+		dgst, err := p.mainManifestKey(p.platform)
+		if err != nil {
+			return "", nil, false, err
+		}
+		return dgst.String(), nil, false, nil
+	}
+
+	if len(p.config) == 0 && p.desc.MediaType != images.MediaTypeDockerSchema1Manifest {
+		return "", nil, false, errors.Errorf("invalid empty config file resolved for %s", p.src.Reference.String())
+	}
+
+	k := cacheKeyFromConfig(p.config).String()
+	if k == "" || p.desc.MediaType == images.MediaTypeDockerSchema1Manifest {
+		dgst, err := p.mainManifestKey(p.platform)
 		if err != nil {
-			return "", false, err
+			return "", nil, false, err
 		}
-		return dgst.String(), false, nil
+		return dgst.String(), nil, true, nil
 	}
 
-	return cacheKeyFromConfig(p.config).String(), true, nil
+	return k, nil, true, nil
 }
 
-func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
+func (p *puller) getRef(ctx context.Context, diffIDs []layer.DiffID, opts ...cache.RefOption) (cache.ImmutableRef, error) {
+	var parent cache.ImmutableRef
+	if len(diffIDs) > 1 {
+		var err error
+		parent, err = p.getRef(ctx, diffIDs[:len(diffIDs)-1], opts...)
+		if err != nil {
+			return nil, err
+		}
+		defer parent.Release(context.TODO())
+	}
+	return p.is.CacheAccessor.GetByBlob(ctx, ocispec.Descriptor{
+		Annotations: map[string]string{
+			"containerd.io/uncompressed": diffIDs[len(diffIDs)-1].String(),
+		},
+	}, parent, opts...)
+}
+
+func (p *puller) Snapshot(ctx context.Context, g session.Group) (cache.ImmutableRef, error) {
 	p.resolveLocal()
-	if err := p.resolve(ctx); err != nil {
-		return nil, err
+	if len(p.config) == 0 {
+		if err := p.resolve(ctx, g); err != nil {
+			return nil, err
+		}
 	}
 
 	if p.config != nil {
@@ -347,16 +380,31 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 			if len(img.RootFS.DiffIDs) == 0 {
 				return nil, nil
 			}
-			ref, err := p.is.CacheAccessor.GetFromSnapshotter(ctx, string(img.RootFS.ChainID()), cache.WithDescription(fmt.Sprintf("from local %s", p.ref)))
-			if err != nil {
-				return nil, err
+			l, err := p.is.LayerStore.Get(img.RootFS.ChainID())
+			if err == nil {
+				layer.ReleaseAndLog(p.is.LayerStore, l)
+				ref, err := p.getRef(ctx, img.RootFS.DiffIDs, cache.WithDescription(fmt.Sprintf("from local %s", p.ref)))
+				if err != nil {
+					return nil, err
+				}
+				return ref, nil
 			}
-			return ref, nil
 		}
 	}
 
 	ongoing := newJobs(p.ref)
 
+	ctx, done, err := leaseutil.WithLease(ctx, p.is.LeaseManager, leases.WithExpiration(5*time.Minute), leaseutil.MakeTemporary)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		done(context.TODO())
+		if p.is.GarbageCollect != nil {
+			go p.is.GarbageCollect(context.TODO())
+		}
+	}()
+
 	pctx, stopProgress := context.WithCancel(ctx)
 
 	pw, _, ctx := progress.FromContext(ctx)
@@ -371,12 +419,16 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 		<-progressDone
 	}()
 
-	fetcher, err := p.resolver.Fetcher(ctx, p.ref)
+	fetcher, err := p.resolver(g).Fetcher(ctx, p.ref)
 	if err != nil {
 		stopProgress()
 		return nil, err
 	}
 
+	platform := platforms.Only(p.platform)
+
+	var nonLayers []digest.Digest
+
 	var (
 		schema1Converter *schema1.Converter
 		handlers         []images.Handler
@@ -397,6 +449,7 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 			case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest,
 				images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex,
 				images.MediaTypeDockerSchema2Config, ocispec.MediaTypeImageConfig:
+				nonLayers = append(nonLayers, desc.Digest)
 			default:
 				return nil, images.ErrSkipDesc
 			}
@@ -406,10 +459,10 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 
 		// Get all the children for a descriptor
 		childrenHandler := images.ChildrenHandler(p.is.ContentStore)
-		// Set any children labels for that content
-		childrenHandler = images.SetChildrenLabels(p.is.ContentStore, childrenHandler)
 		// Filter the children by the platform
-		childrenHandler = images.FilterPlatforms(childrenHandler, platforms.Default())
+		childrenHandler = images.FilterPlatforms(childrenHandler, platform)
+		// Limit manifests pulled to the best match in an index
+		childrenHandler = images.LimitManifests(childrenHandler, platform, 1)
 
 		handlers = append(handlers,
 			remotes.FetchHandler(p.is.ContentStore, fetcher),
@@ -417,7 +470,7 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 		)
 	}
 
-	if err := images.Dispatch(ctx, images.Handlers(handlers...), p.desc); err != nil {
+	if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, p.desc); err != nil {
 		stopProgress()
 		return nil, err
 	}
@@ -430,12 +483,12 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 		}
 	}
 
-	mfst, err := images.Manifest(ctx, p.is.ContentStore, p.desc, platforms.Default())
+	mfst, err := images.Manifest(ctx, p.is.ContentStore, p.desc, platform)
 	if err != nil {
 		return nil, err
 	}
 
-	config, err := images.Config(ctx, p.is.ContentStore, p.desc, platforms.Default())
+	config, err := images.Config(ctx, p.is.ContentStore, p.desc, platform)
 	if err != nil {
 		return nil, err
 	}
@@ -476,7 +529,7 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 						tm := time.Now()
 						end = &tm
 					}
-					pw.Write("extracting "+p.ID, progress.Status{
+					_ = pw.Write("extracting "+p.ID, progress.Status{
 						Action:    "extract",
 						Started:   &st.st,
 						Completed: end,
@@ -493,6 +546,9 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 	layers := make([]xfer.DownloadDescriptor, 0, len(mfst.Layers))
 
 	for i, desc := range mfst.Layers {
+		if err := desc.Digest.Validate(); err != nil {
+			return nil, errors.Wrap(err, "layer digest could not be validated")
+		}
 		ongoing.add(desc)
 		layers = append(layers, &layerDescriptor{
 			desc:    desc,
@@ -505,24 +561,31 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 
 	defer func() {
 		<-progressDone
-		for _, desc := range mfst.Layers {
-			p.is.ContentStore.Delete(context.TODO(), desc.Digest)
-		}
 	}()
 
 	r := image.NewRootFS()
 	rootFS, release, err := p.is.DownloadManager.Download(ctx, *r, runtime.GOOS, layers, pkgprogress.ChanOutput(pchan))
+	stopProgress()
 	if err != nil {
 		return nil, err
 	}
-	stopProgress()
 
-	ref, err := p.is.CacheAccessor.GetFromSnapshotter(ctx, string(rootFS.ChainID()), cache.WithDescription(fmt.Sprintf("pulled from %s", p.ref)))
+	ref, err := p.getRef(ctx, rootFS.DiffIDs, cache.WithDescription(fmt.Sprintf("pulled from %s", p.ref)))
 	release()
 	if err != nil {
 		return nil, err
 	}
 
+	// keep manifest blobs until ref is alive for cache
+	for _, nl := range nonLayers {
+		if err := p.is.LeaseManager.AddResource(ctx, leases.Lease{ID: ref.ID()}, leases.Resource{
+			ID:   nl.String(),
+			Type: "content",
+		}); err != nil {
+			return nil, err
+		}
+	}
+
 	// TODO: handle windows layers for cross platform builds
 
 	if p.src.RecordType != "" && cache.GetRecordType(ref) == "" {
@@ -537,7 +600,7 @@ func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
 
 // Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error)
 type layerDescriptor struct {
-	is      *imageSource
+	is      *Source
 	fetcher remotes.Fetcher
 	desc    ocispec.Descriptor
 	diffID  layer.DiffID
@@ -577,7 +640,7 @@ func (ld *layerDescriptor) Download(ctx context.Context, progressOutput pkgprogr
 		return nil, 0, err
 	}
 
-	return ioutil.NopCloser(content.NewReader(ra)), ld.desc.Size, nil
+	return io.NopCloser(content.NewReader(ra)), ld.desc.Size, nil
 }
 
 func (ld *layerDescriptor) Close() {
@@ -639,7 +702,7 @@ func showProgress(ctx context.Context, ongoing *jobs, cs content.Store, pw progr
 			refKey := remotes.MakeRefKey(ctx, j.Descriptor)
 			if a, ok := actives[refKey]; ok {
 				started := j.started
-				pw.Write(j.Digest.String(), progress.Status{
+				_ = pw.Write(j.Digest.String(), progress.Status{
 					Action:  a.Status,
 					Total:   int(a.Total),
 					Current: int(a.Offset),
@@ -651,8 +714,8 @@ func showProgress(ctx context.Context, ongoing *jobs, cs content.Store, pw progr
 			if !j.done {
 				info, err := cs.Info(context.TODO(), j.Digest)
 				if err != nil {
-					if errdefs.IsNotFound(err) {
-						// pw.Write(j.Digest.String(), progress.Status{
+					if containerderrors.IsNotFound(err) {
+						// _ = pw.Write(j.Digest.String(), progress.Status{
 						// 	Action: "waiting",
 						// })
 						continue
@@ -664,7 +727,7 @@ func showProgress(ctx context.Context, ongoing *jobs, cs content.Store, pw progr
 				if done || j.done {
 					started := j.started
 					createdAt := info.CreatedAt
-					pw.Write(j.Digest.String(), progress.Status{
+					_ = pw.Write(j.Digest.String(), progress.Status{
 						Action:    "done",
 						Current:   int(info.Size),
 						Total:     int(info.Size),
@@ -750,13 +813,13 @@ func oneOffProgress(ctx context.Context, id string) func(err error) error {
 	st := progress.Status{
 		Started: &now,
 	}
-	pw.Write(id, st)
+	_ = pw.Write(id, st)
 	return func(err error) error {
 		// TODO: set error on status
 		now := time.Now()
 		st.Completed = &now
-		pw.Write(id, st)
-		pw.Close()
+		_ = pw.Write(id, st)
+		_ = pw.Close()
 		return err
 	}
 }
@@ -767,10 +830,11 @@ func cacheKeyFromConfig(dt []byte) digest.Digest {
 	var img ocispec.Image
 	err := json.Unmarshal(dt, &img)
 	if err != nil {
+		logrus.WithError(err).Errorf("failed to unmarshal image config for cache key %v", err)
 		return digest.FromBytes(dt)
 	}
-	if img.RootFS.Type != "layers" {
-		return digest.FromBytes(dt)
+	if img.RootFS.Type != "layers" || len(img.RootFS.DiffIDs) == 0 {
+		return ""
 	}
 	return identity.ChainID(img.RootFS.DiffIDs)
 }
@@ -788,3 +852,13 @@ func resolveModeToString(rm source.ResolveMode) string {
 	}
 	return ""
 }
+
+func platformMatches(img *image.Image, p *ocispec.Platform) bool {
+	return dimages.OnlyPlatformWithFallback(*p).Match(ocispec.Platform{
+		Architecture: img.Architecture,
+		OS:           img.OS,
+		OSVersion:    img.OSVersion,
+		OSFeatures:   img.OSFeatures,
+		Variant:      img.Variant,
+	})
+}
diff --git a/builder/builder-next/adapters/localinlinecache/inlinecache.go b/builder/builder-next/adapters/localinlinecache/inlinecache.go
new file mode 100644
index 0000000000000..c5e19ce2d5d42
--- /dev/null
+++ b/builder/builder-next/adapters/localinlinecache/inlinecache.go
@@ -0,0 +1,168 @@
+package localinlinecache
+
+import (
+	"context"
+	"encoding/json"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/remotes/docker"
+	distreference "github.com/docker/distribution/reference"
+	imagestore "github.com/docker/docker/image"
+	"github.com/docker/docker/reference"
+	"github.com/moby/buildkit/cache/remotecache"
+	registryremotecache "github.com/moby/buildkit/cache/remotecache/registry"
+	v1 "github.com/moby/buildkit/cache/remotecache/v1"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/worker"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+func init() {
+	// See https://github.com/moby/buildkit/pull/1993.
+	v1.EmptyLayerRemovalSupported = false
+}
+
+// ResolveCacheImporterFunc returns a resolver function for local inline cache
+func ResolveCacheImporterFunc(sm *session.Manager, resolverFunc docker.RegistryHosts, cs content.Store, rs reference.Store, is imagestore.Store) remotecache.ResolveCacheImporterFunc {
+
+	upstream := registryremotecache.ResolveCacheImporterFunc(sm, cs, resolverFunc)
+
+	return func(ctx context.Context, group session.Group, attrs map[string]string) (remotecache.Importer, specs.Descriptor, error) {
+		if dt, err := tryImportLocal(rs, is, attrs["ref"]); err == nil {
+			return newLocalImporter(dt), specs.Descriptor{}, nil
+		}
+		return upstream(ctx, group, attrs)
+	}
+}
+
+func tryImportLocal(rs reference.Store, is imagestore.Store, refStr string) ([]byte, error) {
+	ref, err := distreference.ParseNormalizedNamed(refStr)
+	if err != nil {
+		return nil, err
+	}
+	dgst, err := rs.Get(ref)
+	if err != nil {
+		return nil, err
+	}
+	img, err := is.Get(imagestore.ID(dgst))
+	if err != nil {
+		return nil, err
+	}
+
+	return img.RawJSON(), nil
+}
+
+func newLocalImporter(dt []byte) remotecache.Importer {
+	return &localImporter{dt: dt}
+}
+
+type localImporter struct {
+	dt []byte
+}
+
+func (li *localImporter) Resolve(ctx context.Context, _ specs.Descriptor, id string, w worker.Worker) (solver.CacheManager, error) {
+	cc := v1.NewCacheChains()
+	if err := li.importInlineCache(ctx, li.dt, cc); err != nil {
+		return nil, err
+	}
+
+	keysStorage, resultStorage, err := v1.NewCacheKeyStorage(cc, w)
+	if err != nil {
+		return nil, err
+	}
+	return solver.NewCacheManager(id, keysStorage, resultStorage), nil
+}
+
+func (li *localImporter) importInlineCache(ctx context.Context, dt []byte, cc solver.CacheExporterTarget) error {
+	var img image
+
+	if err := json.Unmarshal(dt, &img); err != nil {
+		return err
+	}
+
+	if img.Cache == nil {
+		return nil
+	}
+
+	var config v1.CacheConfig
+	if err := json.Unmarshal(img.Cache, &config.Records); err != nil {
+		return err
+	}
+
+	createdDates, createdMsg, err := parseCreatedLayerInfo(img)
+	if err != nil {
+		return err
+	}
+
+	layers := v1.DescriptorProvider{}
+	for i, diffID := range img.Rootfs.DiffIDs {
+		dgst := digest.Digest(diffID.String())
+		desc := specs.Descriptor{
+			Digest:      dgst,
+			Size:        -1,
+			MediaType:   images.MediaTypeDockerSchema2Layer,
+			Annotations: map[string]string{},
+		}
+		if createdAt := createdDates[i]; createdAt != "" {
+			desc.Annotations["buildkit/createdat"] = createdAt
+		}
+		if createdBy := createdMsg[i]; createdBy != "" {
+			desc.Annotations["buildkit/description"] = createdBy
+		}
+		desc.Annotations["containerd.io/uncompressed"] = img.Rootfs.DiffIDs[i].String()
+		layers[dgst] = v1.DescriptorProviderPair{
+			Descriptor: desc,
+			Provider:   &emptyProvider{},
+		}
+		config.Layers = append(config.Layers, v1.CacheLayer{
+			Blob:        dgst,
+			ParentIndex: i - 1,
+		})
+	}
+
+	return v1.ParseConfig(config, layers, cc)
+}
+
+type image struct {
+	Rootfs struct {
+		DiffIDs []digest.Digest `json:"diff_ids"`
+	} `json:"rootfs"`
+	Cache   []byte `json:"moby.buildkit.cache.v0"`
+	History []struct {
+		Created    *time.Time `json:"created,omitempty"`
+		CreatedBy  string     `json:"created_by,omitempty"`
+		EmptyLayer bool       `json:"empty_layer,omitempty"`
+	} `json:"history,omitempty"`
+}
+
+func parseCreatedLayerInfo(img image) ([]string, []string, error) {
+	dates := make([]string, 0, len(img.Rootfs.DiffIDs))
+	createdBy := make([]string, 0, len(img.Rootfs.DiffIDs))
+	for _, h := range img.History {
+		if !h.EmptyLayer {
+			str := ""
+			if h.Created != nil {
+				dt, err := h.Created.MarshalText()
+				if err != nil {
+					return nil, nil, err
+				}
+				str = string(dt)
+			}
+			dates = append(dates, str)
+			createdBy = append(createdBy, h.CreatedBy)
+		}
+	}
+	return dates, createdBy, nil
+}
+
+type emptyProvider struct {
+}
+
+func (p *emptyProvider) ReaderAt(ctx context.Context, dec specs.Descriptor) (content.ReaderAt, error) {
+	return nil, errors.Errorf("ReaderAt not implemented for empty provider")
+}
diff --git a/builder/builder-next/adapters/snapshot/layer.go b/builder/builder-next/adapters/snapshot/layer.go
index ffde5eec51108..ed13def16fdee 100644
--- a/builder/builder-next/adapters/snapshot/layer.go
+++ b/builder/builder-next/adapters/snapshot/layer.go
@@ -12,12 +12,22 @@ import (
 	"golang.org/x/sync/errgroup"
 )
 
-func (s *snapshotter) EnsureLayer(ctx context.Context, key string) ([]layer.DiffID, error) {
+func (s *snapshotter) GetDiffIDs(ctx context.Context, key string) ([]layer.DiffID, error) {
 	if l, err := s.getLayer(key, true); err != nil {
 		return nil, err
 	} else if l != nil {
 		return getDiffChain(l), nil
 	}
+	return nil, nil
+}
+
+func (s *snapshotter) EnsureLayer(ctx context.Context, key string) ([]layer.DiffID, error) {
+	diffIDs, err := s.GetDiffIDs(ctx, key)
+	if err != nil {
+		return nil, err
+	} else if diffIDs != nil {
+		return diffIDs, nil
+	}
 
 	id, committed := s.getGraphDriverID(key)
 	if !committed {
diff --git a/builder/builder-next/adapters/snapshot/leasemanager.go b/builder/builder-next/adapters/snapshot/leasemanager.go
new file mode 100644
index 0000000000000..713af013a17d7
--- /dev/null
+++ b/builder/builder-next/adapters/snapshot/leasemanager.go
@@ -0,0 +1,133 @@
+package snapshot
+
+import (
+	"context"
+	"sync"
+
+	"github.com/containerd/containerd/leases"
+	"github.com/sirupsen/logrus"
+	bolt "go.etcd.io/bbolt"
+)
+
+type sLM struct {
+	manager leases.Manager
+	s       *snapshotter
+
+	mu         sync.Mutex
+	byLease    map[string]map[string]struct{}
+	bySnapshot map[string]map[string]struct{}
+}
+
+func newLeaseManager(s *snapshotter, lm leases.Manager) *sLM {
+	return &sLM{
+		s:       s,
+		manager: lm,
+
+		byLease:    map[string]map[string]struct{}{},
+		bySnapshot: map[string]map[string]struct{}{},
+	}
+}
+
+func (l *sLM) Create(ctx context.Context, opts ...leases.Opt) (leases.Lease, error) {
+	return l.manager.Create(ctx, opts...)
+}
+
+func (l *sLM) Delete(ctx context.Context, lease leases.Lease, opts ...leases.DeleteOpt) error {
+	if err := l.manager.Delete(ctx, lease, opts...); err != nil {
+		return err
+	}
+	l.mu.Lock()
+	if snaps, ok := l.byLease[lease.ID]; ok {
+		for sID := range snaps {
+			l.delRef(lease.ID, sID)
+		}
+	}
+	l.mu.Unlock()
+	return nil
+}
+
+func (l *sLM) List(ctx context.Context, filters ...string) ([]leases.Lease, error) {
+	return l.manager.List(ctx, filters...)
+}
+
+func (l *sLM) AddResource(ctx context.Context, lease leases.Lease, resource leases.Resource) error {
+	if err := l.manager.AddResource(ctx, lease, resource); err != nil {
+		return err
+	}
+	if resource.Type == "snapshots/default" {
+		l.mu.Lock()
+		l.addRef(lease.ID, resource.ID)
+		l.mu.Unlock()
+	}
+	return nil
+}
+
+func (l *sLM) DeleteResource(ctx context.Context, lease leases.Lease, resource leases.Resource) error {
+	if err := l.manager.DeleteResource(ctx, lease, resource); err != nil {
+		return err
+	}
+	if resource.Type == "snapshots/default" {
+		l.mu.Lock()
+		l.delRef(lease.ID, resource.ID)
+		l.mu.Unlock()
+	}
+	return nil
+}
+
+func (l *sLM) ListResources(ctx context.Context, lease leases.Lease) ([]leases.Resource, error) {
+	return l.manager.ListResources(ctx, lease)
+}
+
+func (l *sLM) addRef(lID, sID string) {
+	load := false
+	snapshots, ok := l.byLease[lID]
+	if !ok {
+		snapshots = map[string]struct{}{}
+		l.byLease[lID] = snapshots
+	}
+	if _, ok := snapshots[sID]; !ok {
+		snapshots[sID] = struct{}{}
+	}
+	leases, ok := l.bySnapshot[sID]
+	if !ok {
+		leases = map[string]struct{}{}
+		l.byLease[sID] = leases
+		load = true
+	}
+	if _, ok := leases[lID]; !ok {
+		leases[lID] = struct{}{}
+	}
+
+	if load {
+		l.s.getLayer(sID, true)
+		if _, ok := l.s.chainID(sID); ok {
+			l.s.db.Update(func(tx *bolt.Tx) error {
+				b, err := tx.CreateBucketIfNotExists([]byte(lID))
+				if err != nil {
+					return err
+				}
+				return b.Put(keyChainID, []byte(sID))
+			})
+		}
+	}
+}
+
+func (l *sLM) delRef(lID, sID string) {
+	snapshots, ok := l.byLease[lID]
+	if !ok {
+		delete(snapshots, sID)
+		if len(snapshots) == 0 {
+			delete(l.byLease, lID)
+		}
+	}
+	leases, ok := l.bySnapshot[sID]
+	if !ok {
+		delete(leases, lID)
+		if len(leases) == 0 {
+			delete(l.bySnapshot, sID)
+			if err := l.s.remove(context.TODO(), sID); err != nil {
+				logrus.Warnf("failed to remove snapshot %v", sID)
+			}
+		}
+	}
+}
diff --git a/builder/builder-next/adapters/snapshot/snapshot.go b/builder/builder-next/adapters/snapshot/snapshot.go
index e5e6942653d70..19ee488b8e92f 100644
--- a/builder/builder-next/adapters/snapshot/snapshot.go
+++ b/builder/builder-next/adapters/snapshot/snapshot.go
@@ -7,10 +7,12 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/containerd/containerd/leases"
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/snapshots"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/snapshot"
 	digest "github.com/opencontainers/go-digest"
@@ -20,14 +22,16 @@ import (
 
 var keyParent = []byte("parent")
 var keyCommitted = []byte("committed")
+var keyIsCommitted = []byte("iscommitted")
 var keyChainID = []byte("chainid")
 var keySize = []byte("size")
 
 // Opt defines options for creating the snapshotter
 type Opt struct {
-	GraphDriver graphdriver.Driver
-	LayerStore  layer.Store
-	Root        string
+	GraphDriver     graphdriver.Driver
+	LayerStore      layer.Store
+	Root            string
+	IdentityMapping *idtools.IdentityMapping
 }
 
 type graphIDRegistrar interface {
@@ -49,19 +53,17 @@ type snapshotter struct {
 	reg  graphIDRegistrar
 }
 
-var _ snapshot.SnapshotterBase = &snapshotter{}
-
 // NewSnapshotter creates a new snapshotter
-func NewSnapshotter(opt Opt) (snapshot.SnapshotterBase, error) {
+func NewSnapshotter(opt Opt, prevLM leases.Manager) (snapshot.Snapshotter, leases.Manager, error) {
 	dbPath := filepath.Join(opt.Root, "snapshots.db")
 	db, err := bolt.Open(dbPath, 0600, nil)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to open database file %s", dbPath)
+		return nil, nil, errors.Wrapf(err, "failed to open database file %s", dbPath)
 	}
 
 	reg, ok := opt.LayerStore.(graphIDRegistrar)
 	if !ok {
-		return nil, errors.Errorf("layerstore doesn't support graphID registration")
+		return nil, nil, errors.Errorf("layerstore doesn't support graphID registration")
 	}
 
 	s := &snapshotter{
@@ -70,18 +72,45 @@ func NewSnapshotter(opt Opt) (snapshot.SnapshotterBase, error) {
 		refs: map[string]layer.Layer{},
 		reg:  reg,
 	}
-	return s, nil
+
+	lm := newLeaseManager(s, prevLM)
+
+	ll, err := lm.List(context.TODO())
+	if err != nil {
+		return nil, nil, err
+	}
+	for _, l := range ll {
+		rr, err := lm.ListResources(context.TODO(), l)
+		if err != nil {
+			return nil, nil, err
+		}
+		for _, r := range rr {
+			if r.Type == "snapshots/default" {
+				lm.addRef(l.ID, r.ID)
+			}
+		}
+	}
+
+	return s, lm, nil
+}
+
+func (s *snapshotter) Name() string {
+	return "default"
+}
+
+func (s *snapshotter) IdentityMapping() *idtools.IdentityMapping {
+	return s.opt.IdentityMapping
 }
 
 func (s *snapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error {
 	origParent := parent
 	if parent != "" {
 		if l, err := s.getLayer(parent, false); err != nil {
-			return err
+			return errors.Wrapf(err, "failed to get parent layer %s", parent)
 		} else if l != nil {
 			parent, err = getGraphID(l)
 			if err != nil {
-				return err
+				return errors.Wrapf(err, "failed to get parent graphid %s", l.ChainID())
 			}
 		} else {
 			parent, _ = s.getGraphDriverID(parent)
@@ -136,23 +165,24 @@ func (s *snapshotter) getLayer(key string, withCommitted bool) (layer.Layer, err
 				return nil
 			}); err != nil {
 				s.mu.Unlock()
-				return nil, err
+				return nil, errors.WithStack(err)
 			}
+			s.mu.Unlock()
 			if id == "" {
-				s.mu.Unlock()
 				return nil, nil
 			}
+			return s.getLayer(string(id), withCommitted)
 		}
 		var err error
 		l, err = s.opt.LayerStore.Get(id)
 		if err != nil {
 			s.mu.Unlock()
-			return nil, err
+			return nil, errors.WithStack(err)
 		}
 		s.refs[key] = l
 		if err := s.db.Update(func(tx *bolt.Tx) error {
 			_, err := tx.CreateBucketIfNotExists([]byte(key))
-			return err
+			return errors.WithStack(err)
 		}); err != nil {
 			s.mu.Unlock()
 			return nil, err
@@ -244,24 +274,24 @@ func (s *snapshotter) Mounts(ctx context.Context, key string) (snapshot.Mountabl
 		id := identity.NewID()
 		var rwlayer layer.RWLayer
 		return &mountable{
-			acquire: func() ([]mount.Mount, error) {
+			idmap: s.opt.IdentityMapping,
+			acquire: func() ([]mount.Mount, func() error, error) {
 				rwlayer, err = s.opt.LayerStore.CreateRWLayer(id, l.ChainID(), nil)
 				if err != nil {
-					return nil, err
+					return nil, nil, err
 				}
 				rootfs, err := rwlayer.Mount("")
 				if err != nil {
-					return nil, err
+					return nil, nil, err
 				}
 				return []mount.Mount{{
-					Source:  rootfs.Path(),
-					Type:    "bind",
-					Options: []string{"rbind"},
-				}}, nil
-			},
-			release: func() error {
-				_, err := s.opt.LayerStore.ReleaseRWLayer(rwlayer)
-				return err
+						Source:  rootfs.Path(),
+						Type:    "bind",
+						Options: []string{"rbind"},
+					}}, func() error {
+						_, err := s.opt.LayerStore.ReleaseRWLayer(rwlayer)
+						return err
+					}, nil
 			},
 		}, nil
 	}
@@ -269,24 +299,28 @@ func (s *snapshotter) Mounts(ctx context.Context, key string) (snapshot.Mountabl
 	id, _ := s.getGraphDriverID(key)
 
 	return &mountable{
-		acquire: func() ([]mount.Mount, error) {
+		idmap: s.opt.IdentityMapping,
+		acquire: func() ([]mount.Mount, func() error, error) {
 			rootfs, err := s.opt.GraphDriver.Get(id, "")
 			if err != nil {
-				return nil, err
+				return nil, nil, err
 			}
 			return []mount.Mount{{
-				Source:  rootfs.Path(),
-				Type:    "bind",
-				Options: []string{"rbind"},
-			}}, nil
-		},
-		release: func() error {
-			return s.opt.GraphDriver.Put(id)
+					Source:  rootfs.Path(),
+					Type:    "bind",
+					Options: []string{"rbind"},
+				}}, func() error {
+					return s.opt.GraphDriver.Put(id)
+				}, nil
 		},
 	}, nil
 }
 
 func (s *snapshotter) Remove(ctx context.Context, key string) error {
+	return errors.Errorf("calling snapshot.remove is forbidden")
+}
+
+func (s *snapshotter) remove(ctx context.Context, key string) error {
 	l, err := s.getLayer(key, true)
 	if err != nil {
 		return err
@@ -295,8 +329,17 @@ func (s *snapshotter) Remove(ctx context.Context, key string) error {
 	id, _ := s.getGraphDriverID(key)
 
 	var found bool
+	var alreadyCommitted bool
 	if err := s.db.Update(func(tx *bolt.Tx) error {
-		found = tx.Bucket([]byte(key)) != nil
+		b := tx.Bucket([]byte(key))
+		found = b != nil
+
+		if b != nil {
+			if b.Get(keyIsCommitted) != nil {
+				alreadyCommitted = true
+				return nil
+			}
+		}
 		if found {
 			tx.DeleteBucket([]byte(key))
 			if id != key {
@@ -308,6 +351,10 @@ func (s *snapshotter) Remove(ctx context.Context, key string) error {
 		return err
 	}
 
+	if alreadyCommitted {
+		return nil
+	}
+
 	if l != nil {
 		s.mu.Lock()
 		delete(s.refs, key)
@@ -329,7 +376,14 @@ func (s *snapshotter) Commit(ctx context.Context, name, key string, opts ...snap
 		if err != nil {
 			return err
 		}
-		return b.Put(keyCommitted, []byte(key))
+		if err := b.Put(keyCommitted, []byte(key)); err != nil {
+			return err
+		}
+		b, err = tx.CreateBucketIfNotExists([]byte(key))
+		if err != nil {
+			return err
+		}
+		return b.Put(keyIsCommitted, []byte{})
 	})
 }
 
@@ -337,8 +391,8 @@ func (s *snapshotter) View(ctx context.Context, key, parent string, opts ...snap
 	return s.Mounts(ctx, parent)
 }
 
-func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
-	return errors.Errorf("not-implemented")
+func (s *snapshotter) Walk(context.Context, snapshots.WalkFunc, ...string) error {
+	return nil
 }
 
 func (s *snapshotter) Update(ctx context.Context, info snapshots.Info, fieldpaths ...string) (snapshots.Info, error) {
@@ -426,36 +480,55 @@ func (s *snapshotter) Close() error {
 }
 
 type mountable struct {
-	mu      sync.Mutex
-	mounts  []mount.Mount
-	acquire func() ([]mount.Mount, error)
-	release func() error
+	mu       sync.Mutex
+	mounts   []mount.Mount
+	acquire  func() ([]mount.Mount, func() error, error)
+	release  func() error
+	refCount int
+	idmap    *idtools.IdentityMapping
 }
 
-func (m *mountable) Mount() ([]mount.Mount, error) {
+func (m *mountable) Mount() ([]mount.Mount, func() error, error) {
 	m.mu.Lock()
 	defer m.mu.Unlock()
 
 	if m.mounts != nil {
-		return m.mounts, nil
+		m.refCount++
+		return m.mounts, m.releaseMount, nil
 	}
 
-	mounts, err := m.acquire()
+	mounts, release, err := m.acquire()
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	m.mounts = mounts
+	m.release = release
+	m.refCount = 1
 
-	return m.mounts, nil
+	return m.mounts, m.releaseMount, nil
 }
 
-func (m *mountable) Release() error {
+func (m *mountable) releaseMount() error {
 	m.mu.Lock()
 	defer m.mu.Unlock()
+
+	if m.refCount > 1 {
+		m.refCount--
+		return nil
+	}
+
+	m.refCount = 0
 	if m.release == nil {
 		return nil
 	}
 
 	m.mounts = nil
+	defer func() {
+		m.release = nil
+	}()
 	return m.release()
 }
+
+func (m *mountable) IdentityMapping() *idtools.IdentityMapping {
+	return m.idmap
+}
diff --git a/builder/builder-next/builder.go b/builder/builder-next/builder.go
index a51d8ec52c79b..5ee9d8e30d20f 100644
--- a/builder/builder-next/builder.go
+++ b/builder/builder-next/builder.go
@@ -2,37 +2,52 @@ package buildkit
 
 import (
 	"context"
+	"fmt"
 	"io"
 	"net"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
 
-	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/containerd/remotes/docker"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/builder"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/daemon/images"
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/streamformatter"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/libnetwork"
 	controlapi "github.com/moby/buildkit/api/services/control"
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/control"
 	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/session"
-	"github.com/moby/buildkit/solver/llbsolver"
 	"github.com/moby/buildkit/util/entitlements"
-	"github.com/moby/buildkit/util/resolver"
 	"github.com/moby/buildkit/util/tracing"
 	"github.com/pkg/errors"
 	"golang.org/x/sync/errgroup"
+	"google.golang.org/grpc"
 	grpcmetadata "google.golang.org/grpc/metadata"
 )
 
-var errMultipleFilterValues = errors.New("filters expect only one value")
+type errMultipleFilterValues struct{}
+
+func (errMultipleFilterValues) Error() string { return "filters expect only one value" }
+
+func (errMultipleFilterValues) InvalidParameter() {}
+
+type errConflictFilter struct {
+	a, b string
+}
+
+func (e errConflictFilter) Error() string {
+	return fmt.Sprintf("conflicting filters: %q and %q", e.a, e.b)
+}
+
+func (errConflictFilter) InvalidParameter() {}
 
 var cacheFields = map[string]bool{
 	"id":          true,
@@ -47,10 +62,6 @@ var cacheFields = map[string]bool{
 	"immutable": false,
 }
 
-func init() {
-	llbsolver.AllowNetworkHostUnstable = true
-}
-
 // Opt is option struct required for creating the builder
 type Opt struct {
 	SessionManager      *session.Manager
@@ -58,8 +69,12 @@ type Opt struct {
 	Dist                images.DistributionServices
 	NetworkController   libnetwork.NetworkController
 	DefaultCgroupParent string
-	ResolverOpt         resolver.ResolveOptionsFunc
+	RegistryHosts       docker.RegistryHosts
 	BuilderConfig       config.BuilderConfig
+	Rootless            bool
+	IdentityMapping     *idtools.IdentityMapping
+	DNSConfig           config.DNSConfig
+	ApparmorProfile     string
 }
 
 // Builder can build using BuildKit backend
@@ -75,6 +90,10 @@ type Builder struct {
 func New(opt Opt) (*Builder, error) {
 	reqHandler := newReqBodyHandler(tracing.DefaultTransport)
 
+	if opt.IdentityMapping != nil && opt.IdentityMapping.Empty() {
+		opt.IdentityMapping = nil
+	}
+
 	c, err := newController(reqHandler, opt)
 	if err != nil {
 		return nil, err
@@ -87,6 +106,11 @@ func New(opt Opt) (*Builder, error) {
 	return b, nil
 }
 
+// RegisterGRPC registers controller to the grpc server.
+func (b *Builder) RegisterGRPC(s *grpc.Server) {
+	b.controller.Register(s)
+}
+
 // Cancel cancels a build using ID
 func (b *Builder) Cancel(ctx context.Context, id string) error {
 	b.mu.Lock()
@@ -130,6 +154,9 @@ func (b *Builder) Prune(ctx context.Context, opts types.BuildCachePruneOptions)
 
 	validFilters := make(map[string]bool, 1+len(cacheFields))
 	validFilters["unused-for"] = true
+	validFilters["until"] = true
+	validFilters["label"] = true  // TODO(tiborvass): handle label
+	validFilters["label!"] = true // TODO(tiborvass): handle label!
 	for k, v := range cacheFields {
 		validFilters[k] = v
 	}
@@ -213,7 +240,9 @@ func (b *Builder) Build(ctx context.Context, opt backend.BuildConfig) (*builder.
 		}
 
 		defer func() {
+			b.mu.Lock()
 			delete(b.jobs, buildID)
+			b.mu.Unlock()
 		}()
 	}
 
@@ -269,13 +298,10 @@ func (b *Builder) Build(ctx context.Context, opt backend.BuildConfig) (*builder.
 	if opt.Options.Platform != "" {
 		// same as in newBuilder in builder/dockerfile.builder.go
 		// TODO: remove once opt.Options.Platform is of type specs.Platform
-		sp, err := platforms.Parse(opt.Options.Platform)
+		_, err := platforms.Parse(opt.Options.Platform)
 		if err != nil {
 			return nil, err
 		}
-		if err := system.ValidatePlatform(sp); err != nil {
-			return nil, err
-		}
 		frontendAttrs["platform"] = opt.Options.Platform
 	}
 
@@ -293,19 +319,45 @@ func (b *Builder) Build(ctx context.Context, opt backend.BuildConfig) (*builder.
 	}
 	frontendAttrs["add-hosts"] = extraHosts
 
+	exporterName := ""
 	exporterAttrs := map[string]string{}
 
-	if len(opt.Options.Tags) > 0 {
-		exporterAttrs["name"] = strings.Join(opt.Options.Tags, ",")
+	if len(opt.Options.Outputs) > 1 {
+		return nil, errors.Errorf("multiple outputs not supported")
+	} else if len(opt.Options.Outputs) == 0 {
+		exporterName = "moby"
+	} else {
+		// cacheonly is a special type for triggering skipping all exporters
+		if opt.Options.Outputs[0].Type != "cacheonly" {
+			exporterName = opt.Options.Outputs[0].Type
+			exporterAttrs = opt.Options.Outputs[0].Attrs
+		}
+	}
+
+	if exporterName == "moby" {
+		if len(opt.Options.Tags) > 0 {
+			exporterAttrs["name"] = strings.Join(opt.Options.Tags, ",")
+		}
+	}
+
+	cache := controlapi.CacheOptions{}
+
+	if inlineCache := opt.Options.BuildArgs["BUILDKIT_INLINE_CACHE"]; inlineCache != nil {
+		if b, err := strconv.ParseBool(*inlineCache); err == nil && b {
+			cache.Exports = append(cache.Exports, &controlapi.CacheOptionsEntry{
+				Type: "inline",
+			})
+		}
 	}
 
 	req := &controlapi.SolveRequest{
 		Ref:           id,
-		Exporter:      "moby",
+		Exporter:      exporterName,
 		ExporterAttrs: exporterAttrs,
 		Frontend:      "dockerfile.v0",
 		FrontendAttrs: frontendAttrs,
 		Session:       opt.Options.SessionID,
+		Cache:         cache,
 	}
 
 	if opt.Options.NetworkMode == "host" {
@@ -321,6 +373,9 @@ func (b *Builder) Build(ctx context.Context, opt backend.BuildConfig) (*builder.
 		if err != nil {
 			return err
 		}
+		if exporterName != "moby" {
+			return nil
+		}
 		id, ok := resp.ExporterResponse["containerimage.digest"]
 		if !ok {
 			return errors.Errorf("missing image id")
@@ -411,14 +466,6 @@ func (sp *pruneProxy) SendMsg(m interface{}) error {
 	return nil
 }
 
-type contentStoreNoLabels struct {
-	content.Store
-}
-
-func (c *contentStoreNoLabels) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) {
-	return content.Info{}, nil
-}
-
 type wrapRC struct {
 	io.ReadCloser
 	once   sync.Once
@@ -502,6 +549,7 @@ func toBuildkitExtraHosts(inp []string) (string, error) {
 	hosts := make([]string, 0, len(inp))
 	for _, h := range inp {
 		parts := strings.Split(h, ":")
+
 		if len(parts) != 2 || parts[0] == "" || net.ParseIP(parts[1]) == nil {
 			return "", errors.Errorf("invalid host %s", h)
 		}
@@ -511,39 +559,54 @@ func toBuildkitExtraHosts(inp []string) (string, error) {
 }
 
 func toBuildkitPruneInfo(opts types.BuildCachePruneOptions) (client.PruneInfo, error) {
-	var unusedFor time.Duration
-	unusedForValues := opts.Filters.Get("unused-for")
+	var until time.Duration
+	untilValues := opts.Filters.Get("until")          // canonical
+	unusedForValues := opts.Filters.Get("unused-for") // deprecated synonym for "until" filter
 
-	switch len(unusedForValues) {
-	case 0:
+	if len(untilValues) > 0 && len(unusedForValues) > 0 {
+		return client.PruneInfo{}, errConflictFilter{"until", "unused-for"}
+	}
+	filterKey := "until"
+	if len(unusedForValues) > 0 {
+		filterKey = "unused-for"
+	}
+	untilValues = append(untilValues, unusedForValues...)
 
+	switch len(untilValues) {
+	case 0:
+		// nothing to do
 	case 1:
 		var err error
-		unusedFor, err = time.ParseDuration(unusedForValues[0])
+		until, err = time.ParseDuration(untilValues[0])
 		if err != nil {
-			return client.PruneInfo{}, errors.Wrap(err, "unused-for filter expects a duration (e.g., '24h')")
+			return client.PruneInfo{}, errors.Wrapf(err, "%q filter expects a duration (e.g., '24h')", filterKey)
 		}
-
 	default:
-		return client.PruneInfo{}, errMultipleFilterValues
+		return client.PruneInfo{}, errMultipleFilterValues{}
 	}
 
 	bkFilter := make([]string, 0, opts.Filters.Len())
 	for cacheField := range cacheFields {
-		values := opts.Filters.Get(cacheField)
-		switch len(values) {
-		case 0:
-			bkFilter = append(bkFilter, cacheField)
-		case 1:
-			bkFilter = append(bkFilter, cacheField+"=="+values[0])
-		default:
-			return client.PruneInfo{}, errMultipleFilterValues
+		if opts.Filters.Contains(cacheField) {
+			values := opts.Filters.Get(cacheField)
+			switch len(values) {
+			case 0:
+				bkFilter = append(bkFilter, cacheField)
+			case 1:
+				if cacheField == "id" {
+					bkFilter = append(bkFilter, cacheField+"~="+values[0])
+				} else {
+					bkFilter = append(bkFilter, cacheField+"=="+values[0])
+				}
+			default:
+				return client.PruneInfo{}, errMultipleFilterValues{}
+			}
 		}
 	}
 	return client.PruneInfo{
 		All:          opts.All,
-		KeepDuration: unusedFor,
+		KeepDuration: until,
 		KeepBytes:    opts.KeepStorage,
-		Filter:       bkFilter,
+		Filter:       []string{strings.Join(bkFilter, ",")},
 	}, nil
 }
diff --git a/builder/builder-next/controller.go b/builder/builder-next/controller.go
index 5aafba2e4a525..fd086ca90e562 100644
--- a/builder/builder-next/controller.go
+++ b/builder/builder-next/controller.go
@@ -1,13 +1,19 @@
 package buildkit
 
 import (
+	"context"
 	"net/http"
 	"os"
 	"path/filepath"
 
 	"github.com/containerd/containerd/content/local"
+	ctdmetadata "github.com/containerd/containerd/metadata"
+	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/containerd/snapshots"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/builder/builder-next/adapters/containerimage"
+	"github.com/docker/docker/builder/builder-next/adapters/localinlinecache"
 	"github.com/docker/docker/builder/builder-next/adapters/snapshot"
 	containerimageexp "github.com/docker/docker/builder/builder-next/exporter"
 	"github.com/docker/docker/builder/builder-next/imagerefchecker"
@@ -17,22 +23,28 @@ import (
 	units "github.com/docker/go-units"
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/metadata"
-	registryremotecache "github.com/moby/buildkit/cache/remotecache/registry"
+	"github.com/moby/buildkit/cache/remotecache"
+	inlineremotecache "github.com/moby/buildkit/cache/remotecache/inline"
+	localremotecache "github.com/moby/buildkit/cache/remotecache/local"
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/control"
-	"github.com/moby/buildkit/exporter"
 	"github.com/moby/buildkit/frontend"
 	dockerfile "github.com/moby/buildkit/frontend/dockerfile/builder"
 	"github.com/moby/buildkit/frontend/gateway"
 	"github.com/moby/buildkit/frontend/gateway/forwarder"
-	"github.com/moby/buildkit/snapshot/blobmapping"
+	containerdsnapshot "github.com/moby/buildkit/snapshot/containerd"
 	"github.com/moby/buildkit/solver/bboltcachestorage"
+	"github.com/moby/buildkit/util/archutil"
+	"github.com/moby/buildkit/util/entitlements"
+	"github.com/moby/buildkit/util/leaseutil"
 	"github.com/moby/buildkit/worker"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	bolt "go.etcd.io/bbolt"
 )
 
 func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
-	if err := os.MkdirAll(opt.Root, 0700); err != nil {
+	if err := os.MkdirAll(opt.Root, 0711); err != nil {
 		return nil, err
 	}
 
@@ -48,33 +60,42 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
 		return nil, errors.Errorf("could not access graphdriver")
 	}
 
-	sbase, err := snapshot.NewSnapshotter(snapshot.Opt{
-		GraphDriver: driver,
-		LayerStore:  dist.LayerStore,
-		Root:        root,
-	})
+	store, err := local.NewStore(filepath.Join(root, "content"))
 	if err != nil {
 		return nil, err
 	}
 
-	store, err := local.NewStore(filepath.Join(root, "content"))
+	db, err := bolt.Open(filepath.Join(root, "containerdmeta.db"), 0644, nil)
 	if err != nil {
-		return nil, err
+		return nil, errors.WithStack(err)
 	}
-	store = &contentStoreNoLabels{store}
 
-	md, err := metadata.NewStore(filepath.Join(root, "metadata.db"))
+	mdb := ctdmetadata.NewDB(db, store, map[string]snapshots.Snapshotter{})
+
+	store = containerdsnapshot.NewContentStore(mdb.ContentStore(), "buildkit")
+
+	lm := leaseutil.WithNamespace(ctdmetadata.NewLeaseManager(mdb), "buildkit")
+
+	snapshotter, lm, err := snapshot.NewSnapshotter(snapshot.Opt{
+		GraphDriver:     driver,
+		LayerStore:      dist.LayerStore,
+		Root:            root,
+		IdentityMapping: opt.IdentityMapping,
+	}, lm)
 	if err != nil {
 		return nil, err
 	}
 
-	snapshotter := blobmapping.NewSnapshotter(blobmapping.Opt{
-		Content:       store,
-		Snapshotter:   sbase,
-		MetadataStore: md,
-	})
+	if err := cache.MigrateV2(context.Background(), filepath.Join(root, "metadata.db"), filepath.Join(root, "metadata_v2.db"), store, snapshotter, lm); err != nil {
+		return nil, err
+	}
 
-	layerGetter, ok := sbase.(imagerefchecker.LayerGetter)
+	md, err := metadata.NewStore(filepath.Join(root, "metadata_v2.db"))
+	if err != nil {
+		return nil, err
+	}
+
+	layerGetter, ok := snapshotter.(imagerefchecker.LayerGetter)
 	if !ok {
 		return nil, errors.Errorf("snapshotter does not implement layergetter")
 	}
@@ -88,31 +109,38 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
 		Snapshotter:     snapshotter,
 		MetadataStore:   md,
 		PruneRefChecker: refChecker,
+		LeaseManager:    lm,
+		ContentStore:    store,
+		GarbageCollect:  mdb.GarbageCollect,
 	})
 	if err != nil {
 		return nil, err
 	}
 
 	src, err := containerimage.NewSource(containerimage.SourceOpt{
-		SessionManager:  opt.SessionManager,
 		CacheAccessor:   cm,
 		ContentStore:    store,
 		DownloadManager: dist.DownloadManager,
 		MetadataStore:   dist.V2MetadataService,
 		ImageStore:      dist.ImageStore,
 		ReferenceStore:  dist.ReferenceStore,
-		ResolverOpt:     opt.ResolverOpt,
+		RegistryHosts:   opt.RegistryHosts,
+		LayerStore:      dist.LayerStore,
+		LeaseManager:    lm,
+		GarbageCollect:  mdb.GarbageCollect,
 	})
 	if err != nil {
 		return nil, err
 	}
 
-	exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController)
+	dns := getDNSConfig(opt.DNSConfig)
+
+	exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, dns, opt.Rootless, opt.IdentityMapping, opt.ApparmorProfile)
 	if err != nil {
 		return nil, err
 	}
 
-	differ, ok := sbase.(containerimageexp.Differ)
+	differ, ok := snapshotter.(containerimageexp.Differ)
 	if !ok {
 		return nil, errors.Errorf("snapshotter doesn't support differ")
 	}
@@ -136,9 +164,26 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
 		return nil, errors.Wrap(err, "could not get builder GC policy")
 	}
 
+	layers, ok := snapshotter.(mobyworker.LayerAccess)
+	if !ok {
+		return nil, errors.Errorf("snapshotter doesn't support differ")
+	}
+
+	p, err := parsePlatforms(archutil.SupportedPlatforms(true))
+	if err != nil {
+		return nil, err
+	}
+
+	leases, err := lm.List(context.TODO(), "labels.\"buildkit/lease.temporary\"")
+	if err != nil {
+		return nil, err
+	}
+	for _, l := range leases {
+		lm.Delete(context.TODO(), l)
+	}
+
 	wopt := mobyworker.Opt{
 		ID:                "moby",
-		SessionManager:    opt.SessionManager,
 		MetadataStore:     md,
 		ContentStore:      store,
 		CacheManager:      cm,
@@ -148,10 +193,10 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
 		ImageSource:       src,
 		DownloadManager:   dist.DownloadManager,
 		V2MetadataService: dist.V2MetadataService,
-		Exporters: map[string]exporter.Exporter{
-			"moby": exp,
-		},
-		Transport: rt,
+		Exporter:          exp,
+		Transport:         rt,
+		Layers:            layers,
+		Platforms:         p,
 	}
 
 	wc := &worker.Controller{}
@@ -167,12 +212,18 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
 	}
 
 	return control.NewController(control.Opt{
-		SessionManager:           opt.SessionManager,
-		WorkerController:         wc,
-		Frontends:                frontends,
-		CacheKeyStorage:          cacheStorage,
-		ResolveCacheImporterFunc: registryremotecache.ResolveCacheImporterFunc(opt.SessionManager, opt.ResolverOpt),
-		// TODO: set ResolveCacheExporterFunc for exporting cache
+		SessionManager:   opt.SessionManager,
+		WorkerController: wc,
+		Frontends:        frontends,
+		CacheKeyStorage:  cacheStorage,
+		ResolveCacheImporterFuncs: map[string]remotecache.ResolveCacheImporterFunc{
+			"registry": localinlinecache.ResolveCacheImporterFunc(opt.SessionManager, opt.RegistryHosts, store, dist.ReferenceStore, dist.ImageStore),
+			"local":    localremotecache.ResolveCacheImporterFunc(opt.SessionManager),
+		},
+		ResolveCacheExporterFuncs: map[string]remotecache.ResolveCacheExporterFunc{
+			"inline": inlineremotecache.ResolveCacheExporterFunc(),
+		},
+		Entitlements: getEntitlements(opt.BuilderConfig),
 	})
 }
 
@@ -206,7 +257,7 @@ func getGCPolicy(conf config.BuilderConfig, root string) ([]client.PruneInfo, er
 				gcPolicy[i], err = toBuildkitPruneInfo(types.BuildCachePruneOptions{
 					All:         p.All,
 					KeepStorage: b,
-					Filters:     p.Filter,
+					Filters:     filters.Args(p.Filter),
 				})
 				if err != nil {
 					return nil, err
@@ -216,3 +267,27 @@ func getGCPolicy(conf config.BuilderConfig, root string) ([]client.PruneInfo, er
 	}
 	return gcPolicy, nil
 }
+
+func parsePlatforms(platformsStr []string) ([]specs.Platform, error) {
+	out := make([]specs.Platform, 0, len(platformsStr))
+	for _, s := range platformsStr {
+		p, err := platforms.Parse(s)
+		if err != nil {
+			return nil, err
+		}
+		out = append(out, platforms.Normalize(p))
+	}
+	return out, nil
+}
+
+func getEntitlements(conf config.BuilderConfig) []string {
+	var ents []string
+	// Incase of no config settings, NetworkHost should be enabled & SecurityInsecure must be disabled.
+	if conf.Entitlements.NetworkHost == nil || *conf.Entitlements.NetworkHost {
+		ents = append(ents, string(entitlements.EntitlementNetworkHost))
+	}
+	if conf.Entitlements.SecurityInsecure != nil && *conf.Entitlements.SecurityInsecure {
+		ents = append(ents, string(entitlements.EntitlementSecurityInsecure))
+	}
+	return ents
+}
diff --git a/builder/builder-next/executor_unix.go b/builder/builder-next/executor_unix.go
index b3ea33c05c71f..468f13052394c 100644
--- a/builder/builder-next/executor_unix.go
+++ b/builder/builder-next/executor_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package buildkit
@@ -8,32 +9,56 @@ import (
 	"strconv"
 	"sync"
 
-	"github.com/docker/libnetwork"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/stringid"
 	"github.com/moby/buildkit/executor"
+	"github.com/moby/buildkit/executor/oci"
 	"github.com/moby/buildkit/executor/runcexecutor"
 	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/network"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
 )
 
 const networkName = "bridge"
 
-func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (executor.Executor, error) {
+func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, dnsConfig *oci.DNSConfig, rootless bool, idmap *idtools.IdentityMapping, apparmorProfile string) (executor.Executor, error) {
+	netRoot := filepath.Join(root, "net")
 	networkProviders := map[pb.NetMode]network.Provider{
-		pb.NetMode_UNSET: &bridgeProvider{NetworkController: net},
+		pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, Root: netRoot},
 		pb.NetMode_HOST:  network.NewHostProvider(),
 		pb.NetMode_NONE:  network.NewNoneProvider(),
 	}
+
+	// make sure net state directory is cleared from previous state
+	fis, err := os.ReadDir(netRoot)
+	if err == nil {
+		for _, fi := range fis {
+			fp := filepath.Join(netRoot, fi.Name())
+			if err := os.RemoveAll(fp); err != nil {
+				logrus.WithError(err).Errorf("failed to delete old network state: %v", fp)
+			}
+		}
+	}
+
 	return runcexecutor.New(runcexecutor.Opt{
 		Root:                filepath.Join(root, "executor"),
 		CommandCandidates:   []string{"runc"},
 		DefaultCgroupParent: cgroupParent,
+		Rootless:            rootless,
+		NoPivot:             os.Getenv("DOCKER_RAMDISK") != "",
+		IdentityMapping:     idmap,
+		DNS:                 dnsConfig,
+		ApparmorProfile:     apparmorProfile,
 	}, networkProviders)
 }
 
 type bridgeProvider struct {
 	libnetwork.NetworkController
+	Root string
 }
 
 func (p *bridgeProvider) New() (network.Namespace, error) {
@@ -63,13 +88,14 @@ func (iface *lnInterface) init(c libnetwork.NetworkController, n libnetwork.Netw
 	defer close(iface.ready)
 	id := identity.NewID()
 
-	ep, err := n.CreateEndpoint(id)
+	ep, err := n.CreateEndpoint(id, libnetwork.CreateOptionDisableResolution())
 	if err != nil {
 		iface.err = err
 		return
 	}
 
-	sbx, err := c.NewSandbox(id)
+	sbx, err := c.NewSandbox(id, libnetwork.OptionUseExternalKey(), libnetwork.OptionHostsPath(filepath.Join(iface.provider.Root, id, "hosts")),
+		libnetwork.OptionResolvConfPath(filepath.Join(iface.provider.Root, id, "resolv.conf")))
 	if err != nil {
 		iface.err = err
 		return
@@ -84,26 +110,45 @@ func (iface *lnInterface) init(c libnetwork.NetworkController, n libnetwork.Netw
 	iface.ep = ep
 }
 
-func (iface *lnInterface) Set(s *specs.Spec) {
+func (iface *lnInterface) Set(s *specs.Spec) error {
 	<-iface.ready
 	if iface.err != nil {
-		return
+		logrus.WithError(iface.err).Error("failed to set networking spec")
+		return iface.err
 	}
+	shortNetCtlrID := stringid.TruncateID(iface.provider.NetworkController.ID())
 	// attach netns to bridge within the container namespace, using reexec in a prestart hook
 	s.Hooks = &specs.Hooks{
 		Prestart: []specs.Hook{{
 			Path: filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"),
-			Args: []string{"libnetwork-setkey", iface.sbx.ContainerID(), iface.provider.NetworkController.ID()},
+			Args: []string{"libnetwork-setkey", "-exec-root=" + iface.provider.Config().Daemon.ExecRoot, iface.sbx.ContainerID(), shortNetCtlrID},
 		}},
 	}
+	return nil
 }
 
 func (iface *lnInterface) Close() error {
 	<-iface.ready
-	err := iface.sbx.Delete()
-	if iface.err != nil {
-		// iface.err takes precedence over cleanup errors
-		return iface.err
+	if iface.sbx != nil {
+		go func() {
+			if err := iface.sbx.Delete(); err != nil {
+				logrus.WithError(err).Errorf("failed to delete builder network sandbox")
+			}
+			if err := os.RemoveAll(filepath.Join(iface.provider.Root, iface.sbx.ContainerID())); err != nil {
+				logrus.WithError(err).Errorf("failed to delete builder sandbox directory")
+			}
+		}()
+	}
+	return iface.err
+}
+
+func getDNSConfig(cfg config.DNSConfig) *oci.DNSConfig {
+	if cfg.DNS != nil || cfg.DNSSearch != nil || cfg.DNSOptions != nil {
+		return &oci.DNSConfig{
+			Nameservers:   cfg.DNS,
+			SearchDomains: cfg.DNSSearch,
+			Options:       cfg.DNSOptions,
+		}
 	}
-	return err
+	return nil
 }
diff --git a/builder/builder-next/executor_windows.go b/builder/builder-next/executor_windows.go
index f19bf18655360..77d1fa096d629 100644
--- a/builder/builder-next/executor_windows.go
+++ b/builder/builder-next/executor_windows.go
@@ -3,20 +3,29 @@ package buildkit
 import (
 	"context"
 	"errors"
-	"io"
 
-	"github.com/docker/libnetwork"
-	"github.com/moby/buildkit/cache"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/executor"
+	"github.com/moby/buildkit/executor/oci"
 )
 
-func newExecutor(_, _ string, _ libnetwork.NetworkController) (executor.Executor, error) {
+func newExecutor(_, _ string, _ libnetwork.NetworkController, _ *oci.DNSConfig, _ bool, _ *idtools.IdentityMapping, _ string) (executor.Executor, error) {
 	return &winExecutor{}, nil
 }
 
 type winExecutor struct {
 }
 
-func (e *winExecutor) Exec(ctx context.Context, meta executor.Meta, rootfs cache.Mountable, mounts []executor.Mount, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error {
+func (w *winExecutor) Run(ctx context.Context, id string, root executor.Mount, mounts []executor.Mount, process executor.ProcessInfo, started chan<- struct{}) (err error) {
 	return errors.New("buildkit executor not implemented for windows")
 }
+
+func (w *winExecutor) Exec(ctx context.Context, id string, process executor.ProcessInfo) error {
+	return errors.New("buildkit executor not implemented for windows")
+}
+
+func getDNSConfig(config.DNSConfig) *oci.DNSConfig {
+	return nil
+}
diff --git a/builder/builder-next/exporter/export.go b/builder/builder-next/exporter/export.go
index e0c7db563c419..46503ad1e5dec 100644
--- a/builder/builder-next/exporter/export.go
+++ b/builder/builder-next/exporter/export.go
@@ -77,8 +77,7 @@ func (e *imageExporterInstance) Name() string {
 	return "exporting to image"
 }
 
-func (e *imageExporterInstance) Export(ctx context.Context, inp exporter.Source) (map[string]string, error) {
-
+func (e *imageExporterInstance) Export(ctx context.Context, inp exporter.Source, sessionID string) (map[string]string, error) {
 	if len(inp.Refs) > 1 {
 		return nil, fmt.Errorf("exporting multiple references to image store is currently unsupported")
 	}
@@ -117,12 +116,12 @@ func (e *imageExporterInstance) Export(ctx context.Context, inp exporter.Source)
 		layersDone := oneOffProgress(ctx, "exporting layers")
 
 		if err := ref.Finalize(ctx, true); err != nil {
-			return nil, err
+			return nil, layersDone(err)
 		}
 
 		diffIDs, err := e.opt.Differ.EnsureLayer(ctx, ref.ID())
 		if err != nil {
-			return nil, err
+			return nil, layersDone(err)
 		}
 
 		diffs = make([]digest.Digest, len(diffIDs))
@@ -130,7 +129,7 @@ func (e *imageExporterInstance) Export(ctx context.Context, inp exporter.Source)
 			diffs[i] = digest.Digest(diffIDs[i])
 		}
 
-		layersDone(nil)
+		_ = layersDone(nil)
 	}
 
 	if len(config) == 0 {
@@ -148,7 +147,7 @@ func (e *imageExporterInstance) Export(ctx context.Context, inp exporter.Source)
 
 	diffs, history = normalizeLayersAndHistory(diffs, history, ref)
 
-	config, err = patchImageConfig(config, diffs, history)
+	config, err = patchImageConfig(config, diffs, history, inp.Metadata[exptypes.ExporterInlineCache])
 	if err != nil {
 		return nil, err
 	}
@@ -160,7 +159,7 @@ func (e *imageExporterInstance) Export(ctx context.Context, inp exporter.Source)
 	if err != nil {
 		return nil, configDone(err)
 	}
-	configDone(nil)
+	_ = configDone(nil)
 
 	if e.opt.ReferenceStore != nil {
 		for _, targetName := range e.targetNames {
@@ -169,7 +168,7 @@ func (e *imageExporterInstance) Export(ctx context.Context, inp exporter.Source)
 			if err := e.opt.ReferenceStore.AddTag(targetName, digest.Digest(id), true); err != nil {
 				return nil, tagDone(err)
 			}
-			tagDone(nil)
+			_ = tagDone(nil)
 		}
 	}
 
diff --git a/builder/builder-next/exporter/writer.go b/builder/builder-next/exporter/writer.go
index e8fa143fc628b..53305caf8543a 100644
--- a/builder/builder-next/exporter/writer.go
+++ b/builder/builder-next/exporter/writer.go
@@ -26,7 +26,7 @@ func emptyImageConfig() ([]byte, error) {
 	}
 	img.RootFS.Type = "layers"
 	img.Config.WorkingDir = "/"
-	img.Config.Env = []string{"PATH=" + system.DefaultPathEnv}
+	img.Config.Env = []string{"PATH=" + system.DefaultPathEnvUnix}
 	dt, err := json.Marshal(img)
 	return dt, errors.Wrap(err, "failed to create empty image config")
 }
@@ -41,7 +41,7 @@ func parseHistoryFromConfig(dt []byte) ([]ocispec.History, error) {
 	return config.History, nil
 }
 
-func patchImageConfig(dt []byte, dps []digest.Digest, history []ocispec.History) ([]byte, error) {
+func patchImageConfig(dt []byte, dps []digest.Digest, history []ocispec.History, cache []byte) ([]byte, error) {
 	m := map[string]json.RawMessage{}
 	if err := json.Unmarshal(dt, &m); err != nil {
 		return nil, errors.Wrap(err, "failed to parse image config for patch")
@@ -77,6 +77,14 @@ func patchImageConfig(dt []byte, dps []digest.Digest, history []ocispec.History)
 		m["created"] = dt
 	}
 
+	if cache != nil {
+		dt, err = json.Marshal(cache)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to marshal cache")
+		}
+		m["moby.buildkit.cache.v0"] = dt
+	}
+
 	dt, err = json.Marshal(m)
 	return dt, errors.Wrap(err, "failed to marshal config after patch")
 }
@@ -129,6 +137,37 @@ func normalizeLayersAndHistory(diffs []digest.Digest, history []ocispec.History,
 		history[i] = h
 	}
 
+	// Find the first new layer time. Otherwise, the history item for a first
+	// metadata command would be the creation time of a base image layer.
+	// If there is no such then the last layer with timestamp.
+	var created *time.Time
+	var noCreatedTime bool
+	for _, h := range history {
+		if h.Created != nil {
+			created = h.Created
+			if noCreatedTime {
+				break
+			}
+		} else {
+			noCreatedTime = true
+		}
+	}
+
+	// Fill in created times for all history items to be either the first new
+	// layer time or the previous layer.
+	noCreatedTime = false
+	for i, h := range history {
+		if h.Created != nil {
+			if noCreatedTime {
+				created = h.Created
+			}
+		} else {
+			noCreatedTime = true
+			h.Created = created
+		}
+		history[i] = h
+	}
+
 	return diffs, history
 }
 
@@ -165,13 +204,13 @@ func oneOffProgress(ctx context.Context, id string) func(err error) error {
 	st := progress.Status{
 		Started: &now,
 	}
-	pw.Write(id, st)
+	_ = pw.Write(id, st)
 	return func(err error) error {
 		// TODO: set error on status
 		now := time.Now()
 		st.Completed = &now
-		pw.Write(id, st)
-		pw.Close()
+		_ = pw.Write(id, st)
+		_ = pw.Close()
 		return err
 	}
 }
diff --git a/builder/builder-next/imagerefchecker/checker.go b/builder/builder-next/imagerefchecker/checker.go
index 052391d5893fc..01dfab37d5a18 100644
--- a/builder/builder-next/imagerefchecker/checker.go
+++ b/builder/builder-next/imagerefchecker/checker.go
@@ -6,6 +6,7 @@ import (
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/moby/buildkit/cache"
+	digest "github.com/opencontainers/go-digest"
 )
 
 // LayerGetter abstracts away the snapshotter
@@ -57,7 +58,7 @@ type checker struct {
 	cache  map[string]bool
 }
 
-func (c *checker) Exists(key string) bool {
+func (c *checker) Exists(key string, chain []digest.Digest) bool {
 	if c.opt.ImageStore == nil {
 		return false
 	}
diff --git a/builder/builder-next/reqbodyhandler.go b/builder/builder-next/reqbodyhandler.go
index 48433908fb30f..91592182959c7 100644
--- a/builder/builder-next/reqbodyhandler.go
+++ b/builder/builder-next/reqbodyhandler.go
@@ -35,13 +35,14 @@ func (h *reqBodyHandler) newRequest(rc io.ReadCloser) (string, func()) {
 		h.mu.Lock()
 		delete(h.requests, id)
 		h.mu.Unlock()
+		rc.Close()
 	}
 }
 
 func (h *reqBodyHandler) RoundTrip(req *http.Request) (*http.Response, error) {
 	host := req.URL.Host
 	if strings.HasPrefix(host, urlPrefix) {
-		if req.Method != "GET" {
+		if req.Method != http.MethodGet {
 			return nil, errors.Errorf("invalid request")
 		}
 		id := strings.TrimPrefix(host, urlPrefix)
@@ -56,7 +57,7 @@ func (h *reqBodyHandler) RoundTrip(req *http.Request) (*http.Response, error) {
 
 		resp := &http.Response{
 			Status:        "200 OK",
-			StatusCode:    200,
+			StatusCode:    http.StatusOK,
 			Body:          rc,
 			ContentLength: -1,
 		}
diff --git a/builder/builder-next/worker/gc_unix.go b/builder/builder-next/worker/gc_unix.go
index 7457a06654e60..b25906b828409 100644
--- a/builder/builder-next/worker/gc_unix.go
+++ b/builder/builder-next/worker/gc_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package worker
@@ -11,7 +12,7 @@ func detectDefaultGCCap(root string) int64 {
 	if err := syscall.Statfs(root, &st); err != nil {
 		return defaultCap
 	}
-	diskSize := int64(st.Bsize) * int64(st.Blocks) // nolint unconvert
+	diskSize := int64(st.Bsize) * int64(st.Blocks) //nolint unconvert
 	avail := diskSize / 10
 	return (avail/(1<<30) + 1) * 1e9 // round up
 }
diff --git a/builder/builder-next/worker/gc_windows.go b/builder/builder-next/worker/gc_windows.go
index 1ffcce41dbc11..748be9041d16d 100644
--- a/builder/builder-next/worker/gc_windows.go
+++ b/builder/builder-next/worker/gc_windows.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package worker
diff --git a/builder/builder-next/worker/worker.go b/builder/builder-next/worker/worker.go
index 28d0d8bea645e..9476cb20a92d4 100644
--- a/builder/builder-next/worker/worker.go
+++ b/builder/builder-next/worker/worker.go
@@ -4,14 +4,16 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	nethttp "net/http"
 	"runtime"
+	"strings"
 	"time"
 
 	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/rootfs"
+	"github.com/docker/docker/builder/builder-next/adapters/containerimage"
 	"github.com/docker/docker/distribution"
 	distmetadata "github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/distribution/xfer"
@@ -21,43 +23,59 @@ import (
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/metadata"
 	"github.com/moby/buildkit/client"
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/executor"
 	"github.com/moby/buildkit/exporter"
+	localexporter "github.com/moby/buildkit/exporter/local"
+	tarexporter "github.com/moby/buildkit/exporter/tar"
 	"github.com/moby/buildkit/frontend"
-	gw "github.com/moby/buildkit/frontend/gateway/client"
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/snapshot"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/llbsolver/mounts"
 	"github.com/moby/buildkit/solver/llbsolver/ops"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/source"
 	"github.com/moby/buildkit/source/git"
 	"github.com/moby/buildkit/source/http"
 	"github.com/moby/buildkit/source/local"
+	"github.com/moby/buildkit/util/archutil"
+	"github.com/moby/buildkit/util/compression"
 	"github.com/moby/buildkit/util/contentutil"
 	"github.com/moby/buildkit/util/progress"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	bolt "go.etcd.io/bbolt"
+	"golang.org/x/sync/semaphore"
 )
 
+const labelCreatedAt = "buildkit/createdat"
+
+// LayerAccess provides access to a moby layer from a snapshot
+type LayerAccess interface {
+	GetDiffIDs(ctx context.Context, key string) ([]layer.DiffID, error)
+	EnsureLayer(ctx context.Context, key string) ([]layer.DiffID, error)
+}
+
 // Opt defines a structure for creating a worker.
 type Opt struct {
 	ID                string
 	Labels            map[string]string
 	GCPolicy          []client.PruneInfo
-	SessionManager    *session.Manager
 	MetadataStore     *metadata.Store
 	Executor          executor.Executor
 	Snapshotter       snapshot.Snapshotter
 	ContentStore      content.Store
 	CacheManager      cache.Manager
-	ImageSource       source.Source
-	Exporters         map[string]exporter.Exporter
+	ImageSource       *containerimage.Source
 	DownloadManager   distribution.RootFSDownloadManager
 	V2MetadataService distmetadata.V2MetadataService
 	Transport         nethttp.RoundTripper
+	Exporter          exporter.Exporter
+	Layers            LayerAccess
+	Platforms         []ocispec.Platform
 }
 
 // Worker is a local worker instance with dedicated snapshotter, cache, and so on.
@@ -99,9 +117,8 @@ func NewWorker(opt Opt) (*Worker, error) {
 	}
 
 	ss, err := local.NewSource(local.Opt{
-		SessionManager: opt.SessionManager,
-		CacheAccessor:  cm,
-		MetadataStore:  opt.MetadataStore,
+		CacheAccessor: cm,
+		MetadataStore: opt.MetadataStore,
 	})
 	if err == nil {
 		sm.Register(ss)
@@ -126,9 +143,23 @@ func (w *Worker) Labels() map[string]string {
 }
 
 // Platforms returns one or more platforms supported by the image.
-func (w *Worker) Platforms() []ocispec.Platform {
-	// does not handle lcow
-	return []ocispec.Platform{platforms.DefaultSpec()}
+func (w *Worker) Platforms(noCache bool) []ocispec.Platform {
+	if noCache {
+		pm := make(map[string]struct{}, len(w.Opt.Platforms))
+		for _, p := range w.Opt.Platforms {
+			pm[platforms.Format(p)] = struct{}{}
+		}
+		for _, p := range archutil.SupportedPlatforms(noCache) {
+			if _, ok := pm[p]; !ok {
+				pp, _ := platforms.Parse(p)
+				w.Opt.Platforms = append(w.Opt.Platforms, pp)
+			}
+		}
+	}
+	if len(w.Opt.Platforms) == 0 {
+		return []ocispec.Platform{platforms.DefaultSpec()}
+	}
+	return w.Opt.Platforms
 }
 
 // GCPolicy returns automatic GC Policy
@@ -136,23 +167,37 @@ func (w *Worker) GCPolicy() []client.PruneInfo {
 	return w.Opt.GCPolicy
 }
 
+// ContentStore returns content store
+func (w *Worker) ContentStore() content.Store {
+	return w.Opt.ContentStore
+}
+
+// MetadataStore returns the metadata store
+func (w *Worker) MetadataStore() *metadata.Store {
+	return w.Opt.MetadataStore
+}
+
 // LoadRef loads a reference by ID
-func (w *Worker) LoadRef(id string, hidden bool) (cache.ImmutableRef, error) {
+func (w *Worker) LoadRef(ctx context.Context, id string, hidden bool) (cache.ImmutableRef, error) {
 	var opts []cache.RefOption
 	if hidden {
 		opts = append(opts, cache.NoUpdateLastUsed)
 	}
-	return w.CacheManager.Get(context.TODO(), id, opts...)
+	return w.CacheManager().Get(ctx, id, opts...)
 }
 
 // ResolveOp converts a LLB vertex into a LLB operation
-func (w *Worker) ResolveOp(v solver.Vertex, s frontend.FrontendLLBBridge) (solver.Op, error) {
+func (w *Worker) ResolveOp(v solver.Vertex, s frontend.FrontendLLBBridge, sm *session.Manager) (solver.Op, error) {
 	if baseOp, ok := v.Sys().(*pb.Op); ok {
+		// TODO do we need to pass a value here? Where should it come from? https://github.com/moby/buildkit/commit/b3cf7c43cfefdfd7a945002c0e76b54e346ab6cf
+		var parallelism *semaphore.Weighted
 		switch op := baseOp.Op.(type) {
 		case *pb.Op_Source:
-			return ops.NewSourceOp(v, op, baseOp.Platform, w.SourceManager, w)
+			return ops.NewSourceOp(v, op, baseOp.Platform, w.SourceManager, parallelism, sm, w)
 		case *pb.Op_Exec:
-			return ops.NewExecOp(v, op, w.CacheManager, w.Opt.SessionManager, w.MetadataStore, w.Executor, w)
+			return ops.NewExecOp(v, op, baseOp.Platform, w.CacheManager(), parallelism, sm, w.Opt.MetadataStore, w.Executor(), w)
+		case *pb.Op_File:
+			return ops.NewFileOp(v, op, w.CacheManager(), parallelism, w.Opt.MetadataStore, w)
 		case *pb.Op_Build:
 			return ops.NewBuildOp(v, op, s, w)
 		}
@@ -161,47 +206,128 @@ func (w *Worker) ResolveOp(v solver.Vertex, s frontend.FrontendLLBBridge) (solve
 }
 
 // ResolveImageConfig returns image config for an image
-func (w *Worker) ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (digest.Digest, []byte, error) {
-	// ImageSource is typically source/containerimage
-	resolveImageConfig, ok := w.ImageSource.(resolveImageConfig)
-	if !ok {
-		return "", nil, errors.Errorf("worker %q does not implement ResolveImageConfig", w.ID())
-	}
-	return resolveImageConfig.ResolveImageConfig(ctx, ref, opt)
-}
-
-// Exec executes a process directly on a worker
-func (w *Worker) Exec(ctx context.Context, meta executor.Meta, rootFS cache.ImmutableRef, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error {
-	active, err := w.CacheManager.New(ctx, rootFS)
-	if err != nil {
-		return err
-	}
-	defer active.Release(context.TODO())
-	return w.Executor.Exec(ctx, meta, active, nil, stdin, stdout, stderr)
+func (w *Worker) ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt, sm *session.Manager, g session.Group) (digest.Digest, []byte, error) {
+	return w.ImageSource.ResolveImageConfig(ctx, ref, opt, sm, g)
 }
 
 // DiskUsage returns disk usage report
 func (w *Worker) DiskUsage(ctx context.Context, opt client.DiskUsageInfo) ([]*client.UsageInfo, error) {
-	return w.CacheManager.DiskUsage(ctx, opt)
+	return w.CacheManager().DiskUsage(ctx, opt)
 }
 
 // Prune deletes reclaimable build cache
 func (w *Worker) Prune(ctx context.Context, ch chan client.UsageInfo, info ...client.PruneInfo) error {
-	return w.CacheManager.Prune(ctx, ch, info...)
+	return w.CacheManager().Prune(ctx, ch, info...)
 }
 
 // Exporter returns exporter by name
-func (w *Worker) Exporter(name string) (exporter.Exporter, error) {
-	exp, ok := w.Exporters[name]
-	if !ok {
+func (w *Worker) Exporter(name string, sm *session.Manager) (exporter.Exporter, error) {
+	switch name {
+	case "moby":
+		return w.Opt.Exporter, nil
+	case client.ExporterLocal:
+		return localexporter.New(localexporter.Opt{
+			SessionManager: sm,
+		})
+	case client.ExporterTar:
+		return tarexporter.New(tarexporter.Opt{
+			SessionManager: sm,
+		})
+	default:
 		return nil, errors.Errorf("exporter %q could not be found", name)
 	}
-	return exp, nil
 }
 
 // GetRemote returns a remote snapshot reference for a local one
-func (w *Worker) GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool) (*solver.Remote, error) {
-	return nil, errors.Errorf("getremote not implemented")
+func (w *Worker) GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool, _ compression.Type, _ session.Group) (*solver.Remote, error) {
+	var diffIDs []layer.DiffID
+	var err error
+	if !createIfNeeded {
+		diffIDs, err = w.Layers.GetDiffIDs(ctx, ref.ID())
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		if err := ref.Finalize(ctx, true); err != nil {
+			return nil, err
+		}
+		diffIDs, err = w.Layers.EnsureLayer(ctx, ref.ID())
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	descriptors := make([]ocispec.Descriptor, len(diffIDs))
+	for i, dgst := range diffIDs {
+		descriptors[i] = ocispec.Descriptor{
+			MediaType: images.MediaTypeDockerSchema2Layer,
+			Digest:    digest.Digest(dgst),
+			Size:      -1,
+		}
+	}
+
+	return &solver.Remote{
+		Descriptors: descriptors,
+		Provider:    &emptyProvider{},
+	}, nil
+}
+
+// PruneCacheMounts removes the current cache snapshots for specified IDs
+func (w *Worker) PruneCacheMounts(ctx context.Context, ids []string) error {
+	mu := mounts.CacheMountsLocker()
+	mu.Lock()
+	defer mu.Unlock()
+
+	for _, id := range ids {
+		id = "cache-dir:" + id
+		sis, err := w.Opt.MetadataStore.Search(id)
+		if err != nil {
+			return err
+		}
+		for _, si := range sis {
+			for _, k := range si.Indexes() {
+				if k == id || strings.HasPrefix(k, id+":") {
+					if siCached := w.CacheManager().Metadata(si.ID()); siCached != nil {
+						si = siCached
+					}
+					if err := cache.CachePolicyDefault(si); err != nil {
+						return err
+					}
+					si.Queue(func(b *bolt.Bucket) error {
+						return si.SetValue(b, k, nil)
+					})
+					if err := si.Commit(); err != nil {
+						return err
+					}
+					// if ref is unused try to clean it up right away by releasing it
+					if mref, err := w.CacheManager().GetMutable(ctx, si.ID()); err == nil {
+						go mref.Release(context.TODO())
+					}
+					break
+				}
+			}
+		}
+	}
+
+	mounts.ClearActiveCacheMounts()
+	return nil
+}
+
+func (w *Worker) getRef(ctx context.Context, diffIDs []layer.DiffID, opts ...cache.RefOption) (cache.ImmutableRef, error) {
+	var parent cache.ImmutableRef
+	if len(diffIDs) > 1 {
+		var err error
+		parent, err = w.getRef(ctx, diffIDs[:len(diffIDs)-1], opts...)
+		if err != nil {
+			return nil, err
+		}
+		defer parent.Release(context.TODO())
+	}
+	return w.CacheManager().GetByBlob(context.TODO(), ocispec.Descriptor{
+		Annotations: map[string]string{
+			"containerd.io/uncompressed": diffIDs[len(diffIDs)-1].String(),
+		},
+	}, parent, opts...)
 }
 
 // FromRemote converts a remote snapshot reference to a local one
@@ -226,7 +352,7 @@ func (w *Worker) FromRemote(ctx context.Context, remote *solver.Remote) (cache.I
 
 	defer func() {
 		for _, l := range rootfs {
-			w.ContentStore.Delete(context.TODO(), l.Blob.Digest)
+			w.ContentStore().Delete(context.TODO(), l.Blob.Digest)
 		}
 	}()
 
@@ -237,11 +363,42 @@ func (w *Worker) FromRemote(ctx context.Context, remote *solver.Remote) (cache.I
 	}
 	defer release()
 
-	ref, err := w.CacheManager.GetFromSnapshotter(ctx, string(rootFS.ChainID()), cache.WithDescription(fmt.Sprintf("imported %s", remote.Descriptors[len(remote.Descriptors)-1].Digest)))
-	if err != nil {
-		return nil, err
+	if len(rootFS.DiffIDs) != len(layers) {
+		return nil, errors.Errorf("invalid layer count mismatch %d vs %d", len(rootFS.DiffIDs), len(layers))
+	}
+
+	for i := range rootFS.DiffIDs {
+		tm := time.Now()
+		if tmstr, ok := remote.Descriptors[i].Annotations[labelCreatedAt]; ok {
+			if err := (&tm).UnmarshalText([]byte(tmstr)); err != nil {
+				return nil, err
+			}
+		}
+		descr := fmt.Sprintf("imported %s", remote.Descriptors[i].Digest)
+		if v, ok := remote.Descriptors[i].Annotations["buildkit/description"]; ok {
+			descr = v
+		}
+		ref, err := w.getRef(ctx, rootFS.DiffIDs[:i+1], cache.WithDescription(descr), cache.WithCreationTime(tm))
+		if err != nil {
+			return nil, err
+		}
+		if i == len(remote.Descriptors)-1 {
+			return ref, nil
+		}
+		defer ref.Release(context.TODO())
 	}
-	return ref, nil
+
+	return nil, errors.Errorf("unreachable")
+}
+
+// Executor returns executor.Executor for running processes
+func (w *Worker) Executor() executor.Executor {
+	return w.Opt.Executor
+}
+
+// CacheManager returns cache.Manager for accessing local storage
+func (w *Worker) CacheManager() cache.Manager {
+	return w.Opt.CacheManager
 }
 
 type discardProgress struct{}
@@ -274,21 +431,24 @@ func (ld *layerDescriptor) DiffID() (layer.DiffID, error) {
 
 func (ld *layerDescriptor) Download(ctx context.Context, progressOutput pkgprogress.Output) (io.ReadCloser, int64, error) {
 	done := oneOffProgress(ld.pctx, fmt.Sprintf("pulling %s", ld.desc.Digest))
-	if err := contentutil.Copy(ctx, ld.w.ContentStore, ld.provider, ld.desc); err != nil {
+
+	// TODO should this write output to progressOutput? Or use something similar to loggerFromContext()? see https://github.com/moby/buildkit/commit/aa29e7729464f3c2a773e27795e584023c751cb8
+	discardLogs := func(_ []byte) {}
+	if err := contentutil.Copy(ctx, ld.w.ContentStore(), ld.provider, ld.desc, discardLogs); err != nil {
 		return nil, 0, done(err)
 	}
-	done(nil)
+	_ = done(nil)
 
-	ra, err := ld.w.ContentStore.ReaderAt(ctx, ld.desc)
+	ra, err := ld.w.ContentStore().ReaderAt(ctx, ld.desc)
 	if err != nil {
 		return nil, 0, err
 	}
 
-	return ioutil.NopCloser(content.NewReader(ra)), ld.desc.Size, nil
+	return io.NopCloser(content.NewReader(ra)), ld.desc.Size, nil
 }
 
 func (ld *layerDescriptor) Close() {
-	// ld.is.ContentStore.Delete(context.TODO(), ld.desc.Digest)
+	// ld.is.ContentStore().Delete(context.TODO(), ld.desc.Digest)
 }
 
 func (ld *layerDescriptor) Registered(diffID layer.DiffID) {
@@ -326,17 +486,20 @@ func oneOffProgress(ctx context.Context, id string) func(err error) error {
 	st := progress.Status{
 		Started: &now,
 	}
-	pw.Write(id, st)
+	_ = pw.Write(id, st)
 	return func(err error) error {
 		// TODO: set error on status
 		now := time.Now()
 		st.Completed = &now
-		pw.Write(id, st)
-		pw.Close()
+		_ = pw.Write(id, st)
+		_ = pw.Close()
 		return err
 	}
 }
 
-type resolveImageConfig interface {
-	ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (digest.Digest, []byte, error)
+type emptyProvider struct {
+}
+
+func (p *emptyProvider) ReaderAt(ctx context.Context, dec ocispec.Descriptor) (content.ReaderAt, error) {
+	return nil, errors.Errorf("ReaderAt not implemented for empty provider")
 }
diff --git a/builder/builder.go b/builder/builder.go
index 3eb0341417fe2..cf4d737e2baf7 100644
--- a/builder/builder.go
+++ b/builder/builder.go
@@ -60,8 +60,8 @@ type ImageBackend interface {
 type ExecBackend interface {
 	// ContainerAttachRaw attaches to container.
 	ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool, attached chan struct{}) error
-	// ContainerCreate creates a new Docker container and returns potential warnings
-	ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
+	// ContainerCreateIgnoreImagesArgsEscaped creates a new Docker container and returns potential warnings
+	ContainerCreateIgnoreImagesArgsEscaped(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
 	// ContainerRm removes a container specified by `id`.
 	ContainerRm(name string, config *types.ContainerRmConfig) error
 	// ContainerKill stops the container execution abruptly.
diff --git a/builder/dockerfile/buildargs.go b/builder/dockerfile/buildargs.go
index aa794fb7bcd71..965d1c6b1c2fe 100644
--- a/builder/dockerfile/buildargs.go
+++ b/builder/dockerfile/buildargs.go
@@ -19,6 +19,8 @@ var builtinAllowedBuildArgs = map[string]bool{
 	"ftp_proxy":   true,
 	"NO_PROXY":    true,
 	"no_proxy":    true,
+	"ALL_PROXY":   true,
+	"all_proxy":   true,
 }
 
 // BuildArgs manages arguments used by the builder
diff --git a/builder/dockerfile/buildargs_test.go b/builder/dockerfile/buildargs_test.go
index c3b82c83f4b60..08318ea310597 100644
--- a/builder/dockerfile/buildargs_test.go
+++ b/builder/dockerfile/buildargs_test.go
@@ -5,8 +5,8 @@ import (
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func strPtr(source string) *string {
@@ -19,6 +19,7 @@ func TestGetAllAllowed(t *testing.T) {
 		"ArgOverriddenByOptions":              strPtr("fromopt2"),
 		"ArgNoDefaultInDockerfileFromOptions": strPtr("fromopt3"),
 		"HTTP_PROXY":                          strPtr("theproxy"),
+		"all_proxy":                           strPtr("theproxy2"),
 	})
 
 	buildArgs.AddMetaArg("ArgFromMeta", strPtr("frommeta1"))
@@ -35,6 +36,7 @@ func TestGetAllAllowed(t *testing.T) {
 	all := buildArgs.GetAllAllowed()
 	expected := map[string]string{
 		"HTTP_PROXY":                          "theproxy",
+		"all_proxy":                           "theproxy2",
 		"ArgOverriddenByOptions":              "fromopt2",
 		"ArgWithDefaultInDockerfile":          "fromdockerfile1",
 		"ArgNoDefaultInDockerfileFromOptions": "fromopt3",
diff --git a/builder/dockerfile/builder.go b/builder/dockerfile/builder.go
index a6094a8973f11..ac3ba16c727eb 100644
--- a/builder/dockerfile/builder.go
+++ b/builder/dockerfile/builder.go
@@ -5,17 +5,14 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"sort"
 	"strings"
-	"time"
 
 	"github.com/containerd/containerd/platforms"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/builder"
-	"github.com/docker/docker/builder/fscache"
 	"github.com/docker/docker/builder/remotecontext"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/idtools"
@@ -25,7 +22,6 @@ import (
 	"github.com/moby/buildkit/frontend/dockerfile/instructions"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
 	"github.com/moby/buildkit/frontend/dockerfile/shell"
-	"github.com/moby/buildkit/session"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -49,31 +45,19 @@ const (
 	stepFormat = "Step %d/%d : %v"
 )
 
-// SessionGetter is object used to get access to a session by uuid
-type SessionGetter interface {
-	Get(ctx context.Context, uuid string) (session.Caller, error)
-}
-
 // BuildManager is shared across all Builder objects
 type BuildManager struct {
 	idMapping *idtools.IdentityMapping
 	backend   builder.Backend
 	pathCache pathCache // TODO: make this persistent
-	sg        SessionGetter
-	fsCache   *fscache.FSCache
 }
 
 // NewBuildManager creates a BuildManager
-func NewBuildManager(b builder.Backend, sg SessionGetter, fsCache *fscache.FSCache, identityMapping *idtools.IdentityMapping) (*BuildManager, error) {
+func NewBuildManager(b builder.Backend, identityMapping *idtools.IdentityMapping) (*BuildManager, error) {
 	bm := &BuildManager{
 		backend:   b,
 		pathCache: &syncmap.Map{},
-		sg:        sg,
 		idMapping: identityMapping,
-		fsCache:   fsCache,
-	}
-	if err := fsCache.RegisterTransport(remotecontext.ClientSessionRemote, NewClientSessionTransport()); err != nil {
-		return nil, err
 	}
 	return bm, nil
 }
@@ -100,12 +84,6 @@ func (bm *BuildManager) Build(ctx context.Context, config backend.BuildConfig) (
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 
-	if src, err := bm.initializeClientSession(ctx, cancel, config.Options); err != nil {
-		return nil, err
-	} else if src != nil {
-		source = src
-	}
-
 	builderOptions := builderOptions{
 		Options:        config.Options,
 		ProgressWriter: config.ProgressWriter,
@@ -120,39 +98,6 @@ func (bm *BuildManager) Build(ctx context.Context, config backend.BuildConfig) (
 	return b.build(source, dockerfile)
 }
 
-func (bm *BuildManager) initializeClientSession(ctx context.Context, cancel func(), options *types.ImageBuildOptions) (builder.Source, error) {
-	if options.SessionID == "" || bm.sg == nil {
-		return nil, nil
-	}
-	logrus.Debug("client is session enabled")
-
-	connectCtx, cancelCtx := context.WithTimeout(ctx, sessionConnectTimeout)
-	defer cancelCtx()
-
-	c, err := bm.sg.Get(connectCtx, options.SessionID)
-	if err != nil {
-		return nil, err
-	}
-	go func() {
-		<-c.Context().Done()
-		cancel()
-	}()
-	if options.RemoteContext == remotecontext.ClientSessionRemote {
-		st := time.Now()
-		csi, err := NewClientSessionSourceIdentifier(ctx, bm.sg, options.SessionID)
-		if err != nil {
-			return nil, err
-		}
-		src, err := bm.fsCache.SyncFrom(ctx, csi)
-		if err != nil {
-			return nil, err
-		}
-		logrus.Debugf("sync-time: %v", time.Since(st))
-		return src, nil
-	}
-	return nil, nil
-}
-
 // builderOptions are the dependencies required by the builder
 type builderOptions struct {
 	Options        *types.ImageBuildOptions
@@ -213,9 +158,6 @@ func newBuilder(clientCtx context.Context, options builderOptions) (*Builder, er
 		if err != nil {
 			return nil, err
 		}
-		if err := system.ValidatePlatform(sp); err != nil {
-			return nil, err
-		}
 		b.platform = &sp
 	}
 
@@ -244,7 +186,8 @@ func (b *Builder) build(source builder.Source, dockerfile *parser.Result) (*buil
 
 	stages, metaArgs, err := instructions.Parse(dockerfile.AST)
 	if err != nil {
-		if instructions.IsUnknownInstruction(err) {
+		var uiErr *instructions.UnknownInstruction
+		if errors.As(err, &uiErr) {
 			buildsFailed.WithValues(metricsUnknownInstructionError).Inc()
 		}
 		return nil, errdefs.InvalidParameter(err)
@@ -288,8 +231,10 @@ func processMetaArg(meta instructions.ArgCommand, shlex *shell.Lex, args *BuildA
 	}); err != nil {
 		return err
 	}
-	args.AddArg(meta.Key, meta.Value)
-	args.AddMetaArg(meta.Key, meta.Value)
+	for _, arg := range meta.Args {
+		args.AddArg(arg.Key, arg.Value)
+		args.AddMetaArg(arg.Key, arg.Value)
+	}
 	return nil
 }
 
@@ -308,10 +253,10 @@ func (b *Builder) dispatchDockerfileWithCancellation(parseResult []instructions.
 		totalCommands += len(stage.Commands)
 	}
 	shlex := shell.NewLex(escapeToken)
-	for _, meta := range metaArgs {
-		currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta)
+	for i := range metaArgs {
+		currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &metaArgs[i])
 
-		err := processMetaArg(meta, shlex, buildArgs)
+		err := processMetaArg(metaArgs[i], shlex, buildArgs)
 		if err != nil {
 			return nil, err
 		}
@@ -319,7 +264,8 @@ func (b *Builder) dispatchDockerfileWithCancellation(parseResult []instructions.
 
 	stagesResults := newStagesBuildResults()
 
-	for _, stage := range parseResult {
+	for _, s := range parseResult {
+		stage := s
 		if err := stagesResults.checkStageNameAvailable(stage.Name); err != nil {
 			return nil, err
 		}
@@ -399,8 +345,8 @@ func BuildFromConfig(config *container.Config, changes []string, os string) (*co
 		}
 	}
 
-	b.Stdout = ioutil.Discard
-	b.Stderr = ioutil.Discard
+	b.Stdout = io.Discard
+	b.Stderr = io.Discard
 	b.disableCommit = true
 
 	var commands []instructions.Command
diff --git a/builder/dockerfile/builder_unix.go b/builder/dockerfile/builder_unix.go
index c4453459b37e1..7d10028575d93 100644
--- a/builder/dockerfile/builder_unix.go
+++ b/builder/dockerfile/builder_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package dockerfile // import "github.com/docker/docker/builder/dockerfile"
diff --git a/builder/dockerfile/clientsession.go b/builder/dockerfile/clientsession.go
deleted file mode 100644
index b48090d7b5092..0000000000000
--- a/builder/dockerfile/clientsession.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package dockerfile // import "github.com/docker/docker/builder/dockerfile"
-
-import (
-	"context"
-	"time"
-
-	"github.com/docker/docker/builder/fscache"
-	"github.com/docker/docker/builder/remotecontext"
-	"github.com/moby/buildkit/session"
-	"github.com/moby/buildkit/session/filesync"
-	"github.com/pkg/errors"
-)
-
-const sessionConnectTimeout = 5 * time.Second
-
-// ClientSessionTransport is a transport for copying files from docker client
-// to the daemon.
-type ClientSessionTransport struct{}
-
-// NewClientSessionTransport returns new ClientSessionTransport instance
-func NewClientSessionTransport() *ClientSessionTransport {
-	return &ClientSessionTransport{}
-}
-
-// Copy data from a remote to a destination directory.
-func (cst *ClientSessionTransport) Copy(ctx context.Context, id fscache.RemoteIdentifier, dest string, cu filesync.CacheUpdater) error {
-	csi, ok := id.(*ClientSessionSourceIdentifier)
-	if !ok {
-		return errors.New("invalid identifier for client session")
-	}
-
-	return filesync.FSSync(ctx, csi.caller, filesync.FSSendRequestOpt{
-		IncludePatterns: csi.includePatterns,
-		DestDir:         dest,
-		CacheUpdater:    cu,
-	})
-}
-
-// ClientSessionSourceIdentifier is an identifier that can be used for requesting
-// files from remote client
-type ClientSessionSourceIdentifier struct {
-	includePatterns []string
-	caller          session.Caller
-	uuid            string
-}
-
-// NewClientSessionSourceIdentifier returns new ClientSessionSourceIdentifier instance
-func NewClientSessionSourceIdentifier(ctx context.Context, sg SessionGetter, uuid string) (*ClientSessionSourceIdentifier, error) {
-	csi := &ClientSessionSourceIdentifier{
-		uuid: uuid,
-	}
-	caller, err := sg.Get(ctx, uuid)
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to get session for %s", uuid)
-	}
-
-	csi.caller = caller
-	return csi, nil
-}
-
-// Transport returns transport identifier for remote identifier
-func (csi *ClientSessionSourceIdentifier) Transport() string {
-	return remotecontext.ClientSessionRemote
-}
-
-// SharedKey returns shared key for remote identifier. Shared key is used
-// for finding the base for a repeated transfer.
-func (csi *ClientSessionSourceIdentifier) SharedKey() string {
-	return csi.caller.SharedKey()
-}
-
-// Key returns unique key for remote identifier. Requests with same key return
-// same data.
-func (csi *ClientSessionSourceIdentifier) Key() string {
-	return csi.uuid
-}
diff --git a/builder/dockerfile/containerbackend.go b/builder/dockerfile/containerbackend.go
index 54adfb13f7fc0..8a2a70691186a 100644
--- a/builder/dockerfile/containerbackend.go
+++ b/builder/dockerfile/containerbackend.go
@@ -29,7 +29,7 @@ func newContainerManager(docker builder.ExecBackend) *containerManager {
 
 // Create a container
 func (c *containerManager) Create(runConfig *container.Config, hostConfig *container.HostConfig) (container.ContainerCreateCreatedBody, error) {
-	container, err := c.backend.ContainerCreate(types.ContainerCreateConfig{
+	container, err := c.backend.ContainerCreateIgnoreImagesArgsEscaped(types.ContainerCreateConfig{
 		Config:     runConfig,
 		HostConfig: hostConfig,
 	})
@@ -45,7 +45,7 @@ var errCancelled = errors.New("build cancelled")
 // Run a container by ID
 func (c *containerManager) Run(ctx context.Context, cID string, stdout, stderr io.Writer) (err error) {
 	attached := make(chan struct{})
-	errCh := make(chan error)
+	errCh := make(chan error, 1)
 	go func() {
 		errCh <- c.backend.ContainerAttachRaw(cID, nil, stdout, stderr, true, attached)
 	}()
diff --git a/builder/dockerfile/copy.go b/builder/dockerfile/copy.go
index ad9b08dfefdd6..6d8b19beb15d1 100644
--- a/builder/dockerfile/copy.go
+++ b/builder/dockerfile/copy.go
@@ -24,6 +24,7 @@ import (
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/pkg/urlutil"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
@@ -64,6 +65,7 @@ type copyInstruction struct {
 	dest                    string
 	chownStr                string
 	allowLocalDecompression bool
+	preserveOwnership       bool
 }
 
 // copier reads a raw COPY or ADD command, fetches remote sources using a downloader,
@@ -106,24 +108,16 @@ func copierFromDispatchRequest(req dispatchRequest, download sourceDownloader, i
 
 }
 
-func (o *copier) createCopyInstruction(args []string, cmdName string) (copyInstruction, error) {
-	inst := copyInstruction{cmdName: cmdName}
-	last := len(args) - 1
-
-	// Work in platform-specific filepath semantics
-	// TODO: This OS switch for paths is NOT correct and should not be supported.
-	// Maintained for backwards compatibility
-	pathOS := runtime.GOOS
-	if o.platform != nil {
-		pathOS = o.platform.OS
+func (o *copier) createCopyInstruction(sourcesAndDest instructions.SourcesAndDest, cmdName string) (copyInstruction, error) {
+	inst := copyInstruction{
+		cmdName: cmdName,
+		dest:    filepath.FromSlash(sourcesAndDest.DestPath),
 	}
-	inst.dest = fromSlash(args[last], pathOS)
-	separator := string(separator(pathOS))
-	infos, err := o.getCopyInfosForSourcePaths(args[0:last], inst.dest)
+	infos, err := o.getCopyInfosForSourcePaths(sourcesAndDest.SourcePaths, inst.dest)
 	if err != nil {
 		return inst, errors.Wrapf(err, "%s failed", cmdName)
 	}
-	if len(infos) > 1 && !strings.HasSuffix(inst.dest, separator) {
+	if len(infos) > 1 && !strings.HasSuffix(inst.dest, string(os.PathSeparator)) {
 		return inst, errors.Errorf("When using %s with more than one source file, the destination must be a directory and end with a /", cmdName)
 	}
 	inst.infos = infos
@@ -190,6 +184,9 @@ func (o *copier) Cleanup() {
 // TODO: allowWildcards can probably be removed by refactoring this function further.
 func (o *copier) calcCopyInfo(origPath string, allowWildcards bool) ([]copyInfo, error) {
 	imageSource := o.imageSource
+	if err := validateCopySourcePath(imageSource, origPath); err != nil {
+		return nil, err
+	}
 
 	// TODO: do this when creating copier. Requires validateCopySourcePath
 	// (and other below) to be aware of the difference sources. Why is it only
@@ -214,20 +211,13 @@ func (o *copier) calcCopyInfo(origPath string, allowWildcards bool) ([]copyInfo,
 		return nil, errors.Errorf("missing build context")
 	}
 
-	root := o.source.Root()
-
-	if err := validateCopySourcePath(imageSource, origPath, root.OS()); err != nil {
-		return nil, err
-	}
-
-	// Work in source OS specific filepath semantics
-	// For LCOW, this is NOT the daemon OS.
-	origPath = root.FromSlash(origPath)
-	origPath = strings.TrimPrefix(origPath, string(root.Separator()))
-	origPath = strings.TrimPrefix(origPath, "."+string(root.Separator()))
+	// Work in daemon-specific OS filepath semantics
+	origPath = filepath.FromSlash(origPath)
+	origPath = strings.TrimPrefix(origPath, string(os.PathSeparator))
+	origPath = strings.TrimPrefix(origPath, "."+string(os.PathSeparator))
 
 	// Deal with wildcards
-	if allowWildcards && containsWildcards(origPath, root.OS()) {
+	if allowWildcards && containsWildcards(origPath) {
 		return o.copyWithWildcards(origPath)
 	}
 
@@ -241,6 +231,8 @@ func (o *copier) calcCopyInfo(origPath string, allowWildcards bool) ([]copyInfo,
 	// Deal with the single file case
 	copyInfo, err := copyInfoForFile(o.source, origPath)
 	switch {
+	case imageSource == nil && errors.Is(err, os.ErrNotExist):
+		return nil, errors.Wrapf(err, "file not found in build context or excluded by .dockerignore")
 	case err != nil:
 		return nil, err
 	case copyInfo.hash != "":
@@ -259,19 +251,6 @@ func (o *copier) calcCopyInfo(origPath string, allowWildcards bool) ([]copyInfo,
 	return newCopyInfos(newCopyInfoFromSource(o.source, origPath, hash)), nil
 }
 
-func containsWildcards(name, platform string) bool {
-	isWindows := platform == "windows"
-	for i := 0; i < len(name); i++ {
-		ch := name[i]
-		if ch == '\\' && !isWindows {
-			i++
-		} else if ch == '*' || ch == '?' || ch == '[' {
-			return true
-		}
-	}
-	return false
-}
-
 func (o *copier) storeInPathCache(im *imageMount, path string, hash string) {
 	if im != nil {
 		o.pathCache.Store(im.ImageID()+path, hash)
@@ -314,6 +293,10 @@ func (o *copier) copyWithWildcards(origPath string) ([]copyInfo, error) {
 func copyInfoForFile(source builder.Source, path string) (copyInfo, error) {
 	fi, err := remotecontext.StatAt(source, path)
 	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			// return the relative path in the error, which is more user-friendly than the full path to the tmp-dir
+			return copyInfo{}, errors.WithStack(&os.PathError{Op: "stat", Path: path, Err: os.ErrNotExist})
+		}
 		return copyInfo{}, err
 	}
 
@@ -466,7 +449,7 @@ func downloadSource(output io.Writer, stdout io.Writer, srcURL string) (remote b
 
 type copyFileOptions struct {
 	decompress bool
-	identity   idtools.Identity
+	identity   *idtools.Identity
 	archiver   Archiver
 }
 
@@ -532,7 +515,7 @@ func isArchivePath(driver containerfs.ContainerFS, path string) bool {
 	return err == nil
 }
 
-func copyDirectory(archiver Archiver, source, dest *copyEndpoint, identity idtools.Identity) error {
+func copyDirectory(archiver Archiver, source, dest *copyEndpoint, identity *idtools.Identity) error {
 	destExists, err := isExistingDirectory(dest)
 	if err != nil {
 		return errors.Wrapf(err, "failed to query destination path")
@@ -541,19 +524,23 @@ func copyDirectory(archiver Archiver, source, dest *copyEndpoint, identity idtoo
 	if err := archiver.CopyWithTar(source.path, dest.path); err != nil {
 		return errors.Wrapf(err, "failed to copy directory")
 	}
-	// TODO: @gupta-ak. Investigate how LCOW permission mappings will work.
-	return fixPermissions(source.path, dest.path, identity, !destExists)
+	if identity != nil {
+		return fixPermissions(source.path, dest.path, *identity, !destExists)
+	}
+	return nil
 }
 
-func copyFile(archiver Archiver, source, dest *copyEndpoint, identity idtools.Identity) error {
-	if runtime.GOOS == "windows" && dest.driver.OS() == "linux" {
-		// LCOW
-		if err := dest.driver.MkdirAll(dest.driver.Dir(dest.path), 0755); err != nil {
-			return errors.Wrapf(err, "failed to create new directory")
+func copyFile(archiver Archiver, source, dest *copyEndpoint, identity *idtools.Identity) error {
+	if identity == nil {
+		// Use system.MkdirAll here, which is a custom version of os.MkdirAll
+		// modified for use on Windows to handle volume GUID paths. These paths
+		// are of the form \\?\Volume{<GUID>}\<path>. An example would be:
+		// \\?\Volume{dae8d3ac-b9a1-11e9-88eb-e8554b2ba1db}\bin\busybox.exe
+		if err := system.MkdirAll(filepath.Dir(dest.path), 0755); err != nil {
+			return err
 		}
 	} else {
-		if err := idtools.MkdirAllAndChownNew(filepath.Dir(dest.path), 0755, identity); err != nil {
-			// Normal containers
+		if err := idtools.MkdirAllAndChownNew(filepath.Dir(dest.path), 0755, *identity); err != nil {
 			return errors.Wrapf(err, "failed to create new directory")
 		}
 	}
@@ -561,8 +548,10 @@ func copyFile(archiver Archiver, source, dest *copyEndpoint, identity idtools.Id
 	if err := archiver.CopyFileWithTar(source.path, dest.path); err != nil {
 		return errors.Wrapf(err, "failed to copy file")
 	}
-	// TODO: @gupta-ak. Investigate how LCOW permission mappings will work.
-	return fixPermissions(source.path, dest.path, identity, false)
+	if identity != nil {
+		return fixPermissions(source.path, dest.path, *identity, false)
+	}
+	return nil
 }
 
 func endsInSlash(driver containerfs.Driver, path string) bool {
@@ -573,7 +562,7 @@ func endsInSlash(driver containerfs.Driver, path string) bool {
 func isExistingDirectory(point *copyEndpoint) (bool, error) {
 	destStat, err := point.driver.Stat(point.path)
 	switch {
-	case os.IsNotExist(err):
+	case errors.Is(err, os.ErrNotExist):
 		return false, nil
 	case err != nil:
 		return false, err
diff --git a/builder/dockerfile/copy_test.go b/builder/dockerfile/copy_test.go
index f559ff4fd8213..84b2a735f770b 100644
--- a/builder/dockerfile/copy_test.go
+++ b/builder/dockerfile/copy_test.go
@@ -5,9 +5,9 @@ import (
 	"testing"
 
 	"github.com/docker/docker/pkg/containerfs"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
 )
 
 func TestIsExistingDirectory(t *testing.T) {
diff --git a/builder/dockerfile/copy_unix.go b/builder/dockerfile/copy_unix.go
index 770226444545a..7c5a574ffb3d9 100644
--- a/builder/dockerfile/copy_unix.go
+++ b/builder/dockerfile/copy_unix.go
@@ -1,10 +1,13 @@
+//go:build !windows
 // +build !windows
 
 package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
 	"os"
+	"path"
 	"path/filepath"
+	"strings"
 
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
@@ -25,7 +28,7 @@ func fixPermissions(source, destination string, identity idtools.Identity, overr
 
 	// We Walk on the source rather than on the destination because we don't
 	// want to change permissions on things we haven't created or modified.
-	return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error {
+	return filepath.Walk(source, func(fullpath string, _ os.FileInfo, _ error) error {
 		// Do not alter the walk root iff. it existed before, as it doesn't fall under
 		// the domain of "things we should chown".
 		if skipChownRoot && source == fullpath {
@@ -43,6 +46,34 @@ func fixPermissions(source, destination string, identity idtools.Identity, overr
 	})
 }
 
-func validateCopySourcePath(imageSource *imageMount, origPath, platform string) error {
+// normalizeDest normalises the destination of a COPY/ADD command in a
+// platform semantically consistent way.
+func normalizeDest(workingDir, requested string) (string, error) {
+	dest := filepath.FromSlash(requested)
+	endsInSlash := strings.HasSuffix(dest, string(os.PathSeparator))
+
+	if !path.IsAbs(requested) {
+		dest = path.Join("/", filepath.ToSlash(workingDir), dest)
+		// Make sure we preserve any trailing slash
+		if endsInSlash {
+			dest += "/"
+		}
+	}
+	return dest, nil
+}
+
+func containsWildcards(name string) bool {
+	for i := 0; i < len(name); i++ {
+		ch := name[i]
+		if ch == '\\' {
+			i++
+		} else if ch == '*' || ch == '?' || ch == '[' {
+			return true
+		}
+	}
+	return false
+}
+
+func validateCopySourcePath(imageSource *imageMount, origPath string) error {
 	return nil
 }
diff --git a/builder/dockerfile/copy_windows.go b/builder/dockerfile/copy_windows.go
index 59c1a4b7c37bb..1a3a488516970 100644
--- a/builder/dockerfile/copy_windows.go
+++ b/builder/dockerfile/copy_windows.go
@@ -6,7 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/Microsoft/go-winio"
+	winio "github.com/Microsoft/go-winio"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/docker/docker/pkg/system"
@@ -14,7 +14,7 @@ import (
 	"golang.org/x/sys/windows"
 )
 
-var pathBlacklist = map[string]bool{
+var pathDenyList = map[string]bool{
 	"c:\\":        true,
 	"c:\\windows": true,
 }
@@ -43,8 +43,7 @@ func fixPermissionsReexec() {
 }
 
 func fixPermissionsWindows(source, destination, SID string) error {
-
-	privileges := []string{winio.SeRestorePrivilege, system.SeTakeOwnershipPrivilege}
+	privileges := []string{winio.SeRestorePrivilege, idtools.SeTakeOwnershipPrivilege}
 
 	err := winio.EnableProcessPrivileges(privileges)
 	if err != nil {
@@ -67,29 +66,79 @@ func fixPermissionsWindows(source, destination, SID string) error {
 	sddlString := system.SddlAdministratorsLocalSystem
 	sddlString += "(A;OICI;GRGWGXRCWDSD;;;" + SID + ")"
 
-	securityDescriptor, err := winio.SddlToSecurityDescriptor(sddlString)
+	securityDescriptor, err := windows.SecurityDescriptorFromString(sddlString)
 	if err != nil {
 		return err
 	}
 
-	var daclPresent uint32
-	var daclDefaulted uint32
-	var dacl *byte
-
-	err = system.GetSecurityDescriptorDacl(&securityDescriptor[0], &daclPresent, &dacl, &daclDefaulted)
+	dacl, _, err := securityDescriptor.DACL()
 	if err != nil {
 		return err
 	}
 
-	return system.SetNamedSecurityInfo(windows.StringToUTF16Ptr(destination), system.SE_FILE_OBJECT, system.OWNER_SECURITY_INFORMATION|system.DACL_SECURITY_INFORMATION, sid, nil, dacl, nil)
+	return windows.SetNamedSecurityInfo(destination, windows.SE_FILE_OBJECT, windows.OWNER_SECURITY_INFORMATION|windows.DACL_SECURITY_INFORMATION, sid, nil, dacl, nil)
 }
 
-func validateCopySourcePath(imageSource *imageMount, origPath, platform string) error {
-	// validate windows paths from other images + LCOW
-	if imageSource == nil || platform != "windows" {
-		return nil
+// normalizeDest normalises the destination of a COPY/ADD command in a
+// platform semantically consistent way.
+func normalizeDest(workingDir, requested string) (string, error) {
+	dest := filepath.FromSlash(requested)
+	endsInSlash := strings.HasSuffix(dest, string(os.PathSeparator))
+
+	// We are guaranteed that the working directory is already consistent,
+	// However, Windows also has, for now, the limitation that ADD/COPY can
+	// only be done to the system drive, not any drives that might be present
+	// as a result of a bind mount.
+	//
+	// So... if the path requested is Linux-style absolute (/foo or \\foo),
+	// we assume it is the system drive. If it is a Windows-style absolute
+	// (DRIVE:\\foo), error if DRIVE is not C. And finally, ensure we
+	// strip any configured working directories drive letter so that it
+	// can be subsequently legitimately converted to a Windows volume-style
+	// pathname.
+
+	// Not a typo - filepath.IsAbs, not system.IsAbs on this next check as
+	// we only want to validate where the DriveColon part has been supplied.
+	if filepath.IsAbs(dest) {
+		if strings.ToUpper(string(dest[0])) != "C" {
+			return "", fmt.Errorf("Windows does not support destinations not on the system drive (C:)")
+		}
+		dest = dest[2:] // Strip the drive letter
 	}
 
+	// Cannot handle relative where WorkingDir is not the system drive.
+	if len(workingDir) > 0 {
+		if ((len(workingDir) > 1) && !system.IsAbs(workingDir[2:])) || (len(workingDir) == 1) {
+			return "", fmt.Errorf("Current WorkingDir %s is not platform consistent", workingDir)
+		}
+		if !system.IsAbs(dest) {
+			if string(workingDir[0]) != "C" {
+				return "", fmt.Errorf("Windows does not support relative paths when WORKDIR is not the system drive")
+			}
+			dest = filepath.Join(string(os.PathSeparator), workingDir[2:], dest)
+			// Make sure we preserve any trailing slash
+			if endsInSlash {
+				dest += string(os.PathSeparator)
+			}
+		}
+	}
+	return dest, nil
+}
+
+func containsWildcards(name string) bool {
+	for i := 0; i < len(name); i++ {
+		ch := name[i]
+		if ch == '*' || ch == '?' || ch == '[' {
+			return true
+		}
+	}
+	return false
+}
+
+func validateCopySourcePath(imageSource *imageMount, origPath string) error {
+	if imageSource == nil {
+		return nil
+	}
 	origPath = filepath.FromSlash(origPath)
 	p := strings.ToLower(filepath.Clean(origPath))
 	if !filepath.IsAbs(p) {
@@ -97,13 +146,13 @@ func validateCopySourcePath(imageSource *imageMount, origPath, platform string)
 			if p[len(p)-2:] == ":." { // case where clean returns weird c:. paths
 				p = p[:len(p)-1]
 			}
-			p += "\\"
+			p += `\`
 		} else {
-			p = filepath.Join("c:\\", p)
+			p = filepath.Join(`c:\`, p)
 		}
 	}
-	if _, blacklisted := pathBlacklist[p]; blacklisted {
-		return errors.New("copy from c:\\ or c:\\windows is not allowed on windows")
+	if _, ok := pathDenyList[p]; ok {
+		return errors.New(`copy from c:\ or c:\windows is not allowed on windows`)
 	}
 	return nil
 }
diff --git a/builder/dockerfile/dispatchers.go b/builder/dockerfile/dispatchers.go
index f2da08ed4d6e8..66324a513edb9 100644
--- a/builder/dockerfile/dispatchers.go
+++ b/builder/dockerfile/dispatchers.go
@@ -16,18 +16,17 @@ import (
 
 	"github.com/containerd/containerd/platforms"
 	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/builder"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-connections/nat"
 	"github.com/moby/buildkit/frontend/dockerfile/instructions"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
 	"github.com/moby/buildkit/frontend/dockerfile/shell"
+	"github.com/moby/sys/signal"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
@@ -93,6 +92,9 @@ func dispatchLabel(d dispatchRequest, c *instructions.LabelCommand) error {
 // exist here. If you do not wish to have this automatic handling, use COPY.
 //
 func dispatchAdd(d dispatchRequest, c *instructions.AddCommand) error {
+	if c.Chmod != "" {
+		return errors.New("the --chmod option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled")
+	}
 	downloader := newRemoteSourceDownloader(d.builder.Output, d.builder.Stdout)
 	copier := copierFromDispatchRequest(d, downloader, nil)
 	defer copier.Cleanup()
@@ -112,6 +114,9 @@ func dispatchAdd(d dispatchRequest, c *instructions.AddCommand) error {
 // Same as 'ADD' but without the tar and remote url handling.
 //
 func dispatchCopy(d dispatchRequest, c *instructions.CopyCommand) error {
+	if c.Chmod != "" {
+		return errors.New("the --chmod option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled")
+	}
 	var im *imageMount
 	var err error
 	if c.From != "" {
@@ -127,7 +132,9 @@ func dispatchCopy(d dispatchRequest, c *instructions.CopyCommand) error {
 		return err
 	}
 	copyInstruction.chownStr = c.Chown
-
+	if c.From != "" && copyInstruction.chownStr == "" {
+		copyInstruction.preserveOwnership = true
+	}
 	return d.builder.performCopy(d, copyInstruction)
 }
 
@@ -165,9 +172,6 @@ func initializeStage(d dispatchRequest, cmd *instructions.Stage) error {
 		if err != nil {
 			return errors.Wrapf(err, "failed to parse platform %s", v)
 		}
-		if err := system.ValidatePlatform(p); err != nil {
-			return err
-		}
 		platform = &p
 	}
 
@@ -204,7 +208,8 @@ func dispatchTriggeredOnBuild(d dispatchRequest, triggers []string) error {
 		}
 		cmd, err := instructions.ParseCommand(ast.AST.Children[0])
 		if err != nil {
-			if instructions.IsUnknownInstruction(err) {
+			var uiErr *instructions.UnknownInstruction
+			if errors.As(err, &uiErr) {
 				buildsFailed.WithValues(metricsUnknownInstructionError).Inc()
 			}
 			return err
@@ -256,10 +261,7 @@ func (d *dispatchRequest) getImageOrStage(name string, platform *specs.Platform)
 		// from it.
 		if runtime.GOOS == "windows" {
 			if platform == nil || platform.OS == "linux" {
-				if !system.LCOWSupported() {
-					return nil, errors.New("Linux containers are not supported on this system")
-				}
-				imageImage.OS = "linux"
+				return nil, errors.New("Linux containers are not supported on this system")
 			} else if platform.OS == "windows" {
 				return nil, errors.New("Windows does not support FROM scratch")
 			} else {
@@ -330,14 +332,6 @@ func dispatchWorkdir(d dispatchRequest, c *instructions.WorkdirCommand) error {
 	return d.builder.commitContainer(d.state, containerID, runConfigWithCommentCmd)
 }
 
-func resolveCmdLine(cmd instructions.ShellDependantCmdLine, runConfig *container.Config, os string) []string {
-	result := cmd.CmdLine
-	if cmd.PrependShell && result != nil {
-		result = append(getShell(runConfig, os), result...)
-	}
-	return result
-}
-
 // RUN some command yo
 //
 // run a command and commit the image. Args are automatically prepended with
@@ -352,8 +346,14 @@ func dispatchRun(d dispatchRequest, c *instructions.RunCommand) error {
 	if !system.IsOSSupported(d.state.operatingSystem) {
 		return system.ErrNotSupportedOperatingSystem
 	}
+
+	if len(c.FlagsUsed) > 0 {
+		// classic builder RUN currently does not support any flags, so fail on the first one
+		return errors.Errorf("the --%s option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled", c.FlagsUsed[0])
+	}
+
 	stateRunConfig := d.state.runConfig
-	cmdFromArgs := resolveCmdLine(c.ShellDependantCmdLine, stateRunConfig, d.state.operatingSystem)
+	cmdFromArgs, argsEscaped := resolveCmdLine(c.ShellDependantCmdLine, stateRunConfig, d.state.operatingSystem, c.Name(), c.String())
 	buildArgs := d.state.buildArgs.FilterAllowed(stateRunConfig.Env)
 
 	saveCmd := cmdFromArgs
@@ -363,6 +363,7 @@ func dispatchRun(d dispatchRequest, c *instructions.RunCommand) error {
 
 	runConfigForCacheProbe := copyRunConfig(stateRunConfig,
 		withCmd(saveCmd),
+		withArgsEscaped(argsEscaped),
 		withEntrypointOverride(saveCmd, nil))
 	if hit, err := d.builder.probeCache(d.state, runConfigForCacheProbe); err != nil || hit {
 		return err
@@ -370,13 +371,11 @@ func dispatchRun(d dispatchRequest, c *instructions.RunCommand) error {
 
 	runConfig := copyRunConfig(stateRunConfig,
 		withCmd(cmdFromArgs),
+		withArgsEscaped(argsEscaped),
 		withEnv(append(stateRunConfig.Env, buildArgs...)),
 		withEntrypointOverride(saveCmd, strslice.StrSlice{""}),
 		withoutHealthcheck())
 
-	// set config as already being escaped, this prevents double escaping on windows
-	runConfig.ArgsEscaped = true
-
 	cID, err := d.builder.create(runConfig)
 	if err != nil {
 		return err
@@ -399,6 +398,12 @@ func dispatchRun(d dispatchRequest, c *instructions.RunCommand) error {
 		return err
 	}
 
+	// Don't persist the argsEscaped value in the committed image. Use the original
+	// from previous build steps (only CMD and ENTRYPOINT persist this).
+	if d.state.operatingSystem == "windows" {
+		runConfigForCacheProbe.ArgsEscaped = stateRunConfig.ArgsEscaped
+	}
+
 	return d.builder.commitContainer(d.state, cID, runConfigForCacheProbe)
 }
 
@@ -434,15 +439,23 @@ func prependEnvOnCmd(buildArgs *BuildArgs, buildArgVars []string, cmd strslice.S
 //
 func dispatchCmd(d dispatchRequest, c *instructions.CmdCommand) error {
 	runConfig := d.state.runConfig
-	cmd := resolveCmdLine(c.ShellDependantCmdLine, runConfig, d.state.operatingSystem)
+	cmd, argsEscaped := resolveCmdLine(c.ShellDependantCmdLine, runConfig, d.state.operatingSystem, c.Name(), c.String())
+
+	// We warn here as Windows shell processing operates differently to Linux.
+	// Linux:   /bin/sh -c "echo hello" world	--> hello
+	// Windows: cmd /s /c "echo hello" world	--> hello world
+	if d.state.operatingSystem == "windows" &&
+		len(runConfig.Entrypoint) > 0 &&
+		d.state.runConfig.ArgsEscaped != argsEscaped {
+		fmt.Fprintf(d.builder.Stderr, " ---> [Warning] Shell-form ENTRYPOINT and exec-form CMD may have unexpected results\n")
+	}
+
 	runConfig.Cmd = cmd
-	// set config as already being escaped, this prevents double escaping on windows
-	runConfig.ArgsEscaped = true
+	runConfig.ArgsEscaped = argsEscaped
 
 	if err := d.builder.commit(d.state, fmt.Sprintf("CMD %q", cmd)); err != nil {
 		return err
 	}
-
 	if len(c.ShellDependantCmdLine.CmdLine) != 0 {
 		d.state.cmdSet = true
 	}
@@ -477,8 +490,22 @@ func dispatchHealthcheck(d dispatchRequest, c *instructions.HealthCheckCommand)
 //
 func dispatchEntrypoint(d dispatchRequest, c *instructions.EntrypointCommand) error {
 	runConfig := d.state.runConfig
-	cmd := resolveCmdLine(c.ShellDependantCmdLine, runConfig, d.state.operatingSystem)
+	cmd, argsEscaped := resolveCmdLine(c.ShellDependantCmdLine, runConfig, d.state.operatingSystem, c.Name(), c.String())
+
+	// This warning is a little more complex than in dispatchCmd(), as the Windows base images (similar
+	// universally to almost every Linux image out there) have a single .Cmd field populated so that
+	// `docker run --rm image` starts the default shell which would typically be sh on Linux,
+	// or cmd on Windows. The catch to this is that if a dockerfile had `CMD ["c:\\windows\\system32\\cmd.exe"]`,
+	// we wouldn't be able to tell the difference. However, that would be highly unlikely, and besides, this
+	// is only trying to give a helpful warning of possibly unexpected results.
+	if d.state.operatingSystem == "windows" &&
+		d.state.runConfig.ArgsEscaped != argsEscaped &&
+		((len(runConfig.Cmd) == 1 && strings.ToLower(runConfig.Cmd[0]) != `c:\windows\system32\cmd.exe` && len(runConfig.Shell) == 0) || (len(runConfig.Cmd) > 1)) {
+		fmt.Fprintf(d.builder.Stderr, " ---> [Warning] Shell-form CMD and exec-form ENTRYPOINT may have unexpected results\n")
+	}
+
 	runConfig.Entrypoint = cmd
+	runConfig.ArgsEscaped = argsEscaped
 	if !d.state.cmdSet {
 		runConfig.Cmd = nil
 	}
@@ -566,14 +593,21 @@ func dispatchStopSignal(d dispatchRequest, c *instructions.StopSignalCommand) er
 // to builder using the --build-arg flag for expansion/substitution or passing to 'run'.
 // Dockerfile author may optionally set a default value of this variable.
 func dispatchArg(d dispatchRequest, c *instructions.ArgCommand) error {
-
-	commitStr := "ARG " + c.Key
-	if c.Value != nil {
-		commitStr += "=" + *c.Value
+	var commitStr strings.Builder
+	commitStr.WriteString("ARG ")
+	for i, arg := range c.Args {
+		if i > 0 {
+			commitStr.WriteString(" ")
+		}
+		commitStr.WriteString(arg.Key)
+		if arg.Value != nil {
+			commitStr.WriteString("=")
+			commitStr.WriteString(*arg.Value)
+		}
+		d.state.buildArgs.AddArg(arg.Key, arg.Value)
 	}
 
-	d.state.buildArgs.AddArg(c.Key, c.Value)
-	return d.builder.commit(d.state, commitStr)
+	return d.builder.commit(d.state, commitStr.String())
 }
 
 // SHELL powershell -command
diff --git a/builder/dockerfile/dispatchers_test.go b/builder/dockerfile/dispatchers_test.go
index d767d318fac28..75ae30b52d9e2 100644
--- a/builder/dockerfile/dispatchers_test.go
+++ b/builder/dockerfile/dispatchers_test.go
@@ -3,7 +3,9 @@ package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 import (
 	"bytes"
 	"context"
+	"fmt"
 	"runtime"
+	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
@@ -15,9 +17,10 @@ import (
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-connections/nat"
 	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/buildkit/frontend/dockerfile/parser"
 	"github.com/moby/buildkit/frontend/dockerfile/shell"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func newBuilderWithMockBackend() *Builder {
@@ -113,7 +116,7 @@ func TestFromScratch(t *testing.T) {
 	}
 	err := initializeStage(sb, cmd)
 
-	if runtime.GOOS == "windows" && !system.LCOWSupported() {
+	if runtime.GOOS == "windows" {
 		assert.Check(t, is.Error(err, "Linux containers are not supported on this system"))
 		return
 	}
@@ -137,10 +140,10 @@ func TestFromWithArg(t *testing.T) {
 	args := NewBuildArgs(make(map[string]*string))
 
 	val := "sometag"
-	metaArg := instructions.ArgCommand{KeyValuePairOptional: instructions.KeyValuePairOptional{
+	metaArg := instructions.ArgCommand{Args: []instructions.KeyValuePairOptional{{
 		Key:   "THETAG",
 		Value: &val,
-	}}
+	}}}
 	cmd := &instructions.Stage{
 		BaseName: "alpine:${THETAG}",
 	}
@@ -393,7 +396,7 @@ func TestArg(t *testing.T) {
 
 	argName := "foo"
 	argVal := "bar"
-	cmd := &instructions.ArgCommand{KeyValuePairOptional: instructions.KeyValuePairOptional{Key: argName, Value: &argVal}}
+	cmd := &instructions.ArgCommand{Args: []instructions.KeyValuePairOptional{{Key: argName, Value: &argVal}}}
 	err := dispatch(sb, cmd)
 	assert.NilError(t, err)
 
@@ -436,7 +439,14 @@ func TestRunWithBuildArgs(t *testing.T) {
 
 	runConfig := &container.Config{}
 	origCmd := strslice.StrSlice([]string{"cmd", "in", "from", "image"})
-	cmdWithShell := strslice.StrSlice(append(getShell(runConfig, runtime.GOOS), "echo foo"))
+
+	var cmdWithShell strslice.StrSlice
+	if runtime.GOOS == "windows" {
+		cmdWithShell = strslice.StrSlice([]string{strings.Join(append(getShell(runConfig, runtime.GOOS), []string{"echo foo"}...), " ")})
+	} else {
+		cmdWithShell = strslice.StrSlice(append(getShell(runConfig, runtime.GOOS), "echo foo"))
+	}
+
 	envVars := []string{"|1", "one=two"}
 	cachedCmd := strslice.StrSlice(append(envVars, cmdWithShell...))
 
@@ -478,13 +488,24 @@ func TestRunWithBuildArgs(t *testing.T) {
 	err := initializeStage(sb, from)
 	assert.NilError(t, err)
 	sb.state.buildArgs.AddArg("one", strPtr("two"))
-	run := &instructions.RunCommand{
-		ShellDependantCmdLine: instructions.ShellDependantCmdLine{
-			CmdLine:      strslice.StrSlice{"echo foo"},
-			PrependShell: true,
-		},
-	}
-	assert.NilError(t, dispatch(sb, run))
+
+	// This is hugely annoying. On the Windows side, it relies on the
+	// RunCommand being able to emit String() and Name() (as implemented by
+	// withNameAndCode). Unfortunately, that is internal, and no way to directly
+	// set. However, we can fortunately use ParseInstruction in the instructions
+	// package to parse a fake node which can be used as our instructions.RunCommand
+	// instead.
+	node := &parser.Node{
+		Original: `RUN echo foo`,
+		Value:    "run",
+	}
+	runint, err := instructions.ParseInstruction(node)
+	assert.NilError(t, err)
+	runinst := runint.(*instructions.RunCommand)
+	runinst.CmdLine = strslice.StrSlice{"echo foo"}
+	runinst.PrependShell = true
+
+	assert.NilError(t, dispatch(sb, runinst))
 
 	// Check that runConfig.Cmd has not been modified by run
 	assert.Check(t, is.DeepEqual(origCmd, sb.state.runConfig.Cmd))
@@ -526,11 +547,19 @@ func TestRunIgnoresHealthcheck(t *testing.T) {
 	assert.NilError(t, err)
 
 	expectedTest := []string{"CMD-SHELL", "curl -f http://localhost/ || exit 1"}
-	cmd := &instructions.HealthCheckCommand{
-		Health: &container.HealthConfig{
-			Test: expectedTest,
+	healthint, err := instructions.ParseInstruction(&parser.Node{
+		Original: `HEALTHCHECK CMD curl -f http://localhost/ || exit 1`,
+		Value:    "healthcheck",
+		Next: &parser.Node{
+			Value: "cmd",
+			Next: &parser.Node{
+				Value: `curl -f http://localhost/ || exit 1`,
+			},
 		},
-	}
+	})
+	assert.NilError(t, err)
+	cmd := healthint.(*instructions.HealthCheckCommand)
+
 	assert.NilError(t, dispatch(sb, cmd))
 	assert.Assert(t, sb.state.runConfig.Healthcheck != nil)
 
@@ -541,12 +570,57 @@ func TestRunIgnoresHealthcheck(t *testing.T) {
 	}
 
 	sb.state.buildArgs.AddArg("one", strPtr("two"))
-	run := &instructions.RunCommand{
-		ShellDependantCmdLine: instructions.ShellDependantCmdLine{
-			CmdLine:      strslice.StrSlice{"echo foo"},
-			PrependShell: true,
-		},
-	}
+	runint, err := instructions.ParseInstruction(&parser.Node{Original: `RUN echo foo`, Value: "run"})
+	assert.NilError(t, err)
+	run := runint.(*instructions.RunCommand)
+	run.PrependShell = true
+
 	assert.NilError(t, dispatch(sb, run))
 	assert.Check(t, is.DeepEqual(expectedTest, sb.state.runConfig.Healthcheck.Test))
 }
+
+func TestDispatchUnsupportedOptions(t *testing.T) {
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	sb.state.baseImage = &mockImage{}
+	sb.state.operatingSystem = runtime.GOOS
+
+	t.Run("ADD with chmod", func(t *testing.T) {
+		cmd := &instructions.AddCommand{
+			SourcesAndDest: instructions.SourcesAndDest{
+				SourcePaths: []string{"."},
+				DestPath:    ".",
+			},
+			Chmod: "0655",
+		}
+		err := dispatch(sb, cmd)
+		assert.Error(t, err, "the --chmod option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled")
+	})
+
+	t.Run("COPY with chmod", func(t *testing.T) {
+		cmd := &instructions.CopyCommand{
+			SourcesAndDest: instructions.SourcesAndDest{
+				SourcePaths: []string{"."},
+				DestPath:    ".",
+			},
+			Chmod: "0655",
+		}
+		err := dispatch(sb, cmd)
+		assert.Error(t, err, "the --chmod option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled")
+	})
+
+	t.Run("RUN with unsupported options", func(t *testing.T) {
+		runint, err := instructions.ParseInstruction(&parser.Node{Original: `RUN echo foo`, Value: "run"})
+		assert.NilError(t, err)
+		cmd := runint.(*instructions.RunCommand)
+
+		// classic builder "RUN" currently doesn't support any flags, but testing
+		// both "known" flags and "bogus" flags for completeness, and in case
+		// one or more of these flags will be supported in future
+		for _, f := range []string{"mount", "network", "security", "any-flag"} {
+			cmd.FlagsUsed = []string{f}
+			err := dispatch(sb, cmd)
+			assert.Error(t, err, fmt.Sprintf("the --%s option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled", f))
+		}
+	})
+}
diff --git a/builder/dockerfile/dispatchers_unix.go b/builder/dockerfile/dispatchers_unix.go
index b3ba380323abd..87dbe72192927 100644
--- a/builder/dockerfile/dispatchers_unix.go
+++ b/builder/dockerfile/dispatchers_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package dockerfile // import "github.com/docker/docker/builder/dockerfile"
@@ -6,6 +7,9 @@ import (
 	"errors"
 	"os"
 	"path/filepath"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
 )
 
 // normalizeWorkdir normalizes a user requested working directory in a
@@ -21,3 +25,13 @@ func normalizeWorkdir(_ string, current string, requested string) (string, error
 	}
 	return requested, nil
 }
+
+// resolveCmdLine takes a command line arg set and optionally prepends a platform-specific
+// shell in front of it.
+func resolveCmdLine(cmd instructions.ShellDependantCmdLine, runConfig *container.Config, os, _, _ string) ([]string, bool) {
+	result := cmd.CmdLine
+	if cmd.PrependShell && result != nil {
+		result = append(getShell(runConfig, os), result...)
+	}
+	return result, false
+}
diff --git a/builder/dockerfile/dispatchers_unix_test.go b/builder/dockerfile/dispatchers_unix_test.go
index c2aebfbb27314..3f39e26929720 100644
--- a/builder/dockerfile/dispatchers_unix_test.go
+++ b/builder/dockerfile/dispatchers_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package dockerfile // import "github.com/docker/docker/builder/dockerfile"
diff --git a/builder/dockerfile/dispatchers_windows.go b/builder/dockerfile/dispatchers_windows.go
index 7824d1169b4f1..4800ec9b8d193 100644
--- a/builder/dockerfile/dispatchers_windows.go
+++ b/builder/dockerfile/dispatchers_windows.go
@@ -9,7 +9,9 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/system"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
 )
 
 var pattern = regexp.MustCompile(`^[a-zA-Z]:\.$`)
@@ -93,3 +95,47 @@ func normalizeWorkdirWindows(current string, requested string) (string, error) {
 	// Upper-case drive letter
 	return (strings.ToUpper(string(requested[0])) + requested[1:]), nil
 }
+
+// resolveCmdLine takes a command line arg set and optionally prepends a platform-specific
+// shell in front of it. It returns either an array of arguments and an indication that
+// the arguments are not yet escaped; Or, an array containing a single command line element
+// along with an indication that the arguments are escaped so the runtime shouldn't escape.
+//
+// A better solution could be made, but it would be exceptionally invasive throughout
+// many parts of the daemon which are coded assuming Linux args array only only, not taking
+// account of Windows-natural command line semantics and it's argv handling. Put another way,
+// while what is here is good-enough, it could be improved, but would be highly invasive.
+//
+// The commands when this function is called are RUN, ENTRYPOINT and CMD.
+func resolveCmdLine(cmd instructions.ShellDependantCmdLine, runConfig *container.Config, os, command, original string) ([]string, bool) {
+
+	// Make sure we return an empty array if there is no cmd.CmdLine
+	if len(cmd.CmdLine) == 0 {
+		return []string{}, runConfig.ArgsEscaped
+	}
+
+	if os == "windows" { // ie WCOW
+		if cmd.PrependShell {
+			// WCOW shell-form. Return a single-element array containing the original command line prepended with the shell.
+			// Also indicate that it has not been escaped (so will be passed through directly to HCS). Note that
+			// we go back to the original un-parsed command line in the dockerfile line, strip off both the command part of
+			// it (RUN/ENTRYPOINT/CMD), and also strip any leading white space. IOW, we deliberately ignore any prior parsing
+			// so as to ensure it is treated exactly as a command line. For those interested, `RUN mkdir "c:/foo"` is a particularly
+			// good example of why this is necessary if you fancy debugging how cmd.exe and its builtin mkdir works. (Windows
+			// doesn't have a mkdir.exe, and I'm guessing cmd.exe has some very long unavoidable and unchangeable historical
+			// design decisions over how both its built-in echo and mkdir are coded. Probably more too.)
+			original = original[len(command):]               // Strip off the command
+			original = strings.TrimLeft(original, " \t\v\n") // Strip of leading whitespace
+			return []string{strings.Join(getShell(runConfig, os), " ") + " " + original}, true
+		}
+
+		// WCOW JSON/"exec" form.
+		return cmd.CmdLine, false
+	}
+
+	// LCOW - use args as an array, same as LCOL.
+	if cmd.PrependShell && cmd.CmdLine != nil {
+		return append(getShell(runConfig, os), cmd.CmdLine...), false
+	}
+	return cmd.CmdLine, false
+}
diff --git a/builder/dockerfile/dispatchers_windows_test.go b/builder/dockerfile/dispatchers_windows_test.go
index ae72092c4f44b..aef8b047dd99b 100644
--- a/builder/dockerfile/dispatchers_windows_test.go
+++ b/builder/dockerfile/dispatchers_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package dockerfile // import "github.com/docker/docker/builder/dockerfile"
diff --git a/builder/dockerfile/evaluator_test.go b/builder/dockerfile/evaluator_test.go
index 28607ead0d220..27e01954d0bf2 100644
--- a/builder/dockerfile/evaluator_test.go
+++ b/builder/dockerfile/evaluator_test.go
@@ -9,9 +9,9 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/moby/buildkit/frontend/dockerfile/instructions"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 type dispatchTestCase struct {
@@ -24,14 +24,16 @@ func init() {
 	reexec.Init()
 }
 
-func initDispatchTestCases() []dispatchTestCase {
-	dispatchTestCases := []dispatchTestCase{
+func TestDispatch(t *testing.T) {
+	if runtime.GOOS != "windows" {
+		skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	}
+	testCases := []dispatchTestCase{
 		{
 			name: "ADD multiple files to file",
 			cmd: &instructions.AddCommand{SourcesAndDest: instructions.SourcesAndDest{
-				"file1.txt",
-				"file2.txt",
-				"test",
+				SourcePaths: []string{"file1.txt", "file2.txt"},
+				DestPath:    "test",
 			}},
 			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
@@ -39,8 +41,8 @@ func initDispatchTestCases() []dispatchTestCase {
 		{
 			name: "Wildcard ADD multiple files to file",
 			cmd: &instructions.AddCommand{SourcesAndDest: instructions.SourcesAndDest{
-				"file*.txt",
-				"test",
+				SourcePaths: []string{"file*.txt"},
+				DestPath:    "test",
 			}},
 			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
@@ -48,9 +50,8 @@ func initDispatchTestCases() []dispatchTestCase {
 		{
 			name: "COPY multiple files to file",
 			cmd: &instructions.CopyCommand{SourcesAndDest: instructions.SourcesAndDest{
-				"file1.txt",
-				"file2.txt",
-				"test",
+				SourcePaths: []string{"file1.txt", "file2.txt"},
+				DestPath:    "test",
 			}},
 			expectedError: "When using COPY with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
@@ -58,9 +59,8 @@ func initDispatchTestCases() []dispatchTestCase {
 		{
 			name: "ADD multiple files to file with whitespace",
 			cmd: &instructions.AddCommand{SourcesAndDest: instructions.SourcesAndDest{
-				"test file1.txt",
-				"test file2.txt",
-				"test",
+				SourcePaths: []string{"test file1.txt", "test file2.txt"},
+				DestPath:    "test",
 			}},
 			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"test file1.txt": "test1", "test file2.txt": "test2"},
@@ -68,9 +68,8 @@ func initDispatchTestCases() []dispatchTestCase {
 		{
 			name: "COPY multiple files to file with whitespace",
 			cmd: &instructions.CopyCommand{SourcesAndDest: instructions.SourcesAndDest{
-				"test file1.txt",
-				"test file2.txt",
-				"test",
+				SourcePaths: []string{"test file1.txt", "test file2.txt"},
+				DestPath:    "test",
 			}},
 			expectedError: "When using COPY with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"test file1.txt": "test1", "test file2.txt": "test2"},
@@ -78,8 +77,8 @@ func initDispatchTestCases() []dispatchTestCase {
 		{
 			name: "COPY wildcard no files",
 			cmd: &instructions.CopyCommand{SourcesAndDest: instructions.SourcesAndDest{
-				"file*.txt",
-				"/tmp/",
+				SourcePaths: []string{"file*.txt"},
+				DestPath:    "/tmp/",
 			}},
 			expectedError: "COPY failed: no source files were specified",
 			files:         nil,
@@ -87,61 +86,51 @@ func initDispatchTestCases() []dispatchTestCase {
 		{
 			name: "COPY url",
 			cmd: &instructions.CopyCommand{SourcesAndDest: instructions.SourcesAndDest{
-				"https://index.docker.io/robots.txt",
-				"/",
+				SourcePaths: []string{"https://index.docker.io/robots.txt"},
+				DestPath:    "/",
 			}},
 			expectedError: "source can't be a URL for COPY",
 			files:         nil,
-		}}
-
-	return dispatchTestCases
-}
-
-func TestDispatch(t *testing.T) {
-	if runtime.GOOS != "windows" {
-		skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+		},
 	}
-	testCases := initDispatchTestCases()
 
-	for _, testCase := range testCases {
-		executeTestCase(t, testCase)
-	}
-}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+			defer cleanup()
 
-func executeTestCase(t *testing.T, testCase dispatchTestCase) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
-	defer cleanup()
+			for filename, content := range tc.files {
+				createTestTempFile(t, contextDir, filename, content, 0777)
+			}
 
-	for filename, content := range testCase.files {
-		createTestTempFile(t, contextDir, filename, content, 0777)
-	}
+			tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
 
-	tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
+			if err != nil {
+				t.Fatalf("Error when creating tar stream: %s", err)
+			}
 
-	if err != nil {
-		t.Fatalf("Error when creating tar stream: %s", err)
-	}
-
-	defer func() {
-		if err = tarStream.Close(); err != nil {
-			t.Fatalf("Error when closing tar stream: %s", err)
-		}
-	}()
+			defer func() {
+				if err = tarStream.Close(); err != nil {
+					t.Fatalf("Error when closing tar stream: %s", err)
+				}
+			}()
 
-	context, err := remotecontext.FromArchive(tarStream)
+			context, err := remotecontext.FromArchive(tarStream)
 
-	if err != nil {
-		t.Fatalf("Error when creating tar context: %s", err)
-	}
+			if err != nil {
+				t.Fatalf("Error when creating tar context: %s", err)
+			}
 
-	defer func() {
-		if err = context.Close(); err != nil {
-			t.Fatalf("Error when closing tar context: %s", err)
-		}
-	}()
+			defer func() {
+				if err = context.Close(); err != nil {
+					t.Fatalf("Error when closing tar context: %s", err)
+				}
+			}()
 
-	b := newBuilderWithMockBackend()
-	sb := newDispatchRequest(b, '`', context, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
-	err = dispatch(sb, testCase.cmd)
-	assert.Check(t, is.ErrorContains(err, testCase.expectedError))
+			b := newBuilderWithMockBackend()
+			sb := newDispatchRequest(b, '`', context, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+			err = dispatch(sb, tc.cmd)
+			assert.Check(t, is.ErrorContains(err, tc.expectedError))
+		})
+	}
 }
diff --git a/builder/dockerfile/imagecontext.go b/builder/dockerfile/imagecontext.go
index 08cb396a2bdfb..9d9a6c618ce5e 100644
--- a/builder/dockerfile/imagecontext.go
+++ b/builder/dockerfile/imagecontext.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"runtime"
 
+	"github.com/containerd/containerd/platforms"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/builder"
 	dockerimage "github.com/docker/docker/image"
@@ -56,7 +57,7 @@ func (m *imageSources) Get(idOrRef string, localOnly bool, platform *specs.Platf
 		return nil, err
 	}
 	im := newImageMount(image, layer)
-	m.Add(im)
+	m.Add(im, platform)
 	return im, nil
 }
 
@@ -70,16 +71,26 @@ func (m *imageSources) Unmount() (retErr error) {
 	return
 }
 
-func (m *imageSources) Add(im *imageMount) {
+func (m *imageSources) Add(im *imageMount, platform *specs.Platform) {
 	switch im.image {
 	case nil:
-		// set the OS for scratch images
-		os := runtime.GOOS
+		// Set the platform for scratch images
+		if platform == nil {
+			p := platforms.DefaultSpec()
+			platform = &p
+		}
+
 		// Windows does not support scratch except for LCOW
+		os := platform.OS
 		if runtime.GOOS == "windows" {
 			os = "linux"
 		}
-		im.image = &dockerimage.Image{V1Image: dockerimage.V1Image{OS: os}}
+
+		im.image = &dockerimage.Image{V1Image: dockerimage.V1Image{
+			OS:           os,
+			Architecture: platform.Architecture,
+			Variant:      platform.Variant,
+		}}
 	default:
 		m.byImageID[im.image.ImageID()] = im
 	}
@@ -88,9 +99,8 @@ func (m *imageSources) Add(im *imageMount) {
 
 // imageMount is a reference to an image that can be used as a builder.Source
 type imageMount struct {
-	image  builder.Image
-	source builder.Source
-	layer  builder.ROLayer
+	image builder.Image
+	layer builder.ROLayer
 }
 
 func newImageMount(image builder.Image, layer builder.ROLayer) *imageMount {
diff --git a/builder/dockerfile/imagecontext_test.go b/builder/dockerfile/imagecontext_test.go
new file mode 100644
index 0000000000000..ad4de31f2b8f9
--- /dev/null
+++ b/builder/dockerfile/imagecontext_test.go
@@ -0,0 +1,106 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"fmt"
+	"runtime"
+	"testing"
+
+	"github.com/containerd/containerd/platforms"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/image"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
+)
+
+func getMockImageSource(getImageImage builder.Image, getImageLayer builder.ROLayer, getImageError error) *imageSources {
+	return &imageSources{
+		byImageID: make(map[string]*imageMount),
+		mounts:    []*imageMount{},
+		getImage: func(name string, localOnly bool, platform *ocispec.Platform) (builder.Image, builder.ROLayer, error) {
+			return getImageImage, getImageLayer, getImageError
+		},
+	}
+}
+
+func getMockImageMount() *imageMount {
+	return &imageMount{
+		image: nil,
+		layer: nil,
+	}
+}
+
+func TestAddScratchImageAddsToMounts(t *testing.T) {
+	is := getMockImageSource(nil, nil, fmt.Errorf("getImage is not implemented"))
+	im := getMockImageMount()
+
+	// We are testing whether the imageMount is added to is.mounts
+	assert.Equal(t, len(is.mounts), 0)
+	is.Add(im, nil)
+	assert.Equal(t, len(is.mounts), 1)
+}
+
+func TestAddFromScratchPopulatesPlatform(t *testing.T) {
+	is := getMockImageSource(nil, nil, fmt.Errorf("getImage is not implemented"))
+
+	platforms := []*ocispec.Platform{
+		{
+			OS:           "linux",
+			Architecture: "amd64",
+		},
+		{
+			OS:           "linux",
+			Architecture: "arm64",
+			Variant:      "v8",
+		},
+	}
+
+	for i, platform := range platforms {
+		im := getMockImageMount()
+		assert.Equal(t, len(is.mounts), i)
+		is.Add(im, platform)
+		image, ok := im.image.(*image.Image)
+		assert.Assert(t, ok)
+		assert.Equal(t, image.OS, platform.OS)
+		assert.Equal(t, image.Architecture, platform.Architecture)
+		assert.Equal(t, image.Variant, platform.Variant)
+	}
+}
+
+func TestAddFromScratchDoesNotModifyArgPlatform(t *testing.T) {
+	is := getMockImageSource(nil, nil, fmt.Errorf("getImage is not implemented"))
+	im := getMockImageMount()
+
+	platform := &ocispec.Platform{
+		OS:           "windows",
+		Architecture: "amd64",
+	}
+	argPlatform := *platform
+
+	is.Add(im, &argPlatform)
+	// The way the code is written right now, this test
+	// really doesn't do much except on Windows.
+	assert.DeepEqual(t, *platform, argPlatform)
+}
+
+func TestAddFromScratchPopulatesPlatformIfNil(t *testing.T) {
+	is := getMockImageSource(nil, nil, fmt.Errorf("getImage is not implemented"))
+	im := getMockImageMount()
+	is.Add(im, nil)
+	image, ok := im.image.(*image.Image)
+	assert.Assert(t, ok)
+
+	expectedPlatform := platforms.DefaultSpec()
+	if runtime.GOOS == "windows" {
+		expectedPlatform.OS = "linux"
+	}
+	assert.Equal(t, expectedPlatform.OS, image.OS)
+	assert.Equal(t, expectedPlatform.Architecture, image.Architecture)
+	assert.Equal(t, expectedPlatform.Variant, image.Variant)
+}
+
+func TestImageSourceGetAddsToMounts(t *testing.T) {
+	is := getMockImageSource(nil, nil, nil)
+	_, err := is.Get("test", false, nil)
+	assert.NilError(t, err)
+	assert.Equal(t, len(is.mounts), 1)
+}
diff --git a/builder/dockerfile/internals.go b/builder/dockerfile/internals.go
index 1635981f177a2..0bc9d0e9efaee 100644
--- a/builder/dockerfile/internals.go
+++ b/builder/dockerfile/internals.go
@@ -8,10 +8,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"os"
-	"path"
-	"path/filepath"
-	"runtime"
 	"strings"
 
 	"github.com/docker/docker/api/types"
@@ -24,8 +20,8 @@ import (
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-connections/nat"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -117,15 +113,21 @@ func (b *Builder) exportImage(state *dispatchState, layer builder.RWLayer, paren
 		return err
 	}
 
-	// add an image mount without an image so the layer is properly unmounted
-	// if there is an error before we can add the full mount with image
-	b.imageSources.Add(newImageMount(nil, newLayer))
-
 	parentImage, ok := parent.(*image.Image)
 	if !ok {
 		return errors.Errorf("unexpected image type")
 	}
 
+	platform := &specs.Platform{
+		OS:           parentImage.OS,
+		Architecture: parentImage.Architecture,
+		Variant:      parentImage.Variant,
+	}
+
+	// add an image mount without an image so the layer is properly unmounted
+	// if there is an error before we can add the full mount with image
+	b.imageSources.Add(newImageMount(nil, newLayer), platform)
+
 	newImage := image.NewChildImage(parentImage, image.ChildConfig{
 		Author:          state.maintainer,
 		ContainerConfig: runConfig,
@@ -146,7 +148,7 @@ func (b *Builder) exportImage(state *dispatchState, layer builder.RWLayer, paren
 	}
 
 	state.imageID = exportedImage.ImageID()
-	b.imageSources.Add(newImageMount(exportedImage, newLayer))
+	b.imageSources.Add(newImageMount(exportedImage, newLayer), platform)
 	return nil
 }
 
@@ -204,7 +206,9 @@ func (b *Builder) performCopy(req dispatchRequest, inst copyInstruction) error {
 		opts := copyFileOptions{
 			decompress: inst.allowLocalDecompression,
 			archiver:   b.getArchiver(info.root, destInfo.root),
-			identity:   identity,
+		}
+		if !inst.preserveOwnership {
+			opts.identity = &identity
 		}
 		if err := performCopyForInfo(destInfo, info, opts); err != nil {
 			return errors.Wrapf(err, "failed to copy files")
@@ -216,7 +220,7 @@ func (b *Builder) performCopy(req dispatchRequest, inst copyInstruction) error {
 func createDestInfo(workingDir string, inst copyInstruction, rwLayer builder.RWLayer, platform string) (copyInfo, error) {
 	// Twiddle the destination when it's a relative path - meaning, make it
 	// relative to the WORKINGDIR
-	dest, err := normalizeDest(workingDir, inst.dest, platform)
+	dest, err := normalizeDest(workingDir, inst.dest)
 	if err != nil {
 		return copyInfo{}, errors.Wrapf(err, "invalid %s", inst.cmdName)
 	}
@@ -224,63 +228,6 @@ func createDestInfo(workingDir string, inst copyInstruction, rwLayer builder.RWL
 	return copyInfo{root: rwLayer.Root(), path: dest}, nil
 }
 
-// normalizeDest normalises the destination of a COPY/ADD command in a
-// platform semantically consistent way.
-func normalizeDest(workingDir, requested string, platform string) (string, error) {
-	dest := fromSlash(requested, platform)
-	endsInSlash := strings.HasSuffix(dest, string(separator(platform)))
-
-	if platform != "windows" {
-		if !path.IsAbs(requested) {
-			dest = path.Join("/", filepath.ToSlash(workingDir), dest)
-			// Make sure we preserve any trailing slash
-			if endsInSlash {
-				dest += "/"
-			}
-		}
-		return dest, nil
-	}
-
-	// We are guaranteed that the working directory is already consistent,
-	// However, Windows also has, for now, the limitation that ADD/COPY can
-	// only be done to the system drive, not any drives that might be present
-	// as a result of a bind mount.
-	//
-	// So... if the path requested is Linux-style absolute (/foo or \\foo),
-	// we assume it is the system drive. If it is a Windows-style absolute
-	// (DRIVE:\\foo), error if DRIVE is not C. And finally, ensure we
-	// strip any configured working directories drive letter so that it
-	// can be subsequently legitimately converted to a Windows volume-style
-	// pathname.
-
-	// Not a typo - filepath.IsAbs, not system.IsAbs on this next check as
-	// we only want to validate where the DriveColon part has been supplied.
-	if filepath.IsAbs(dest) {
-		if strings.ToUpper(string(dest[0])) != "C" {
-			return "", fmt.Errorf("Windows does not support destinations not on the system drive (C:)")
-		}
-		dest = dest[2:] // Strip the drive letter
-	}
-
-	// Cannot handle relative where WorkingDir is not the system drive.
-	if len(workingDir) > 0 {
-		if ((len(workingDir) > 1) && !system.IsAbs(workingDir[2:])) || (len(workingDir) == 1) {
-			return "", fmt.Errorf("Current WorkingDir %s is not platform consistent", workingDir)
-		}
-		if !system.IsAbs(dest) {
-			if string(workingDir[0]) != "C" {
-				return "", fmt.Errorf("Windows does not support relative paths when WORKDIR is not the system drive")
-			}
-			dest = filepath.Join(string(os.PathSeparator), workingDir[2:], dest)
-			// Make sure we preserve any trailing slash
-			if endsInSlash {
-				dest += string(os.PathSeparator)
-			}
-		}
-	}
-	return dest, nil
-}
-
 // For backwards compat, if there's just one info then use it as the
 // cache look-up string, otherwise hash 'em all into one
 func getSourceHashFromInfos(infos []copyInfo) string {
@@ -308,6 +255,12 @@ func withCmd(cmd []string) runConfigModifier {
 	}
 }
 
+func withArgsEscaped(argsEscaped bool) runConfigModifier {
+	return func(runConfig *container.Config) {
+		runConfig.ArgsEscaped = argsEscaped
+	}
+}
+
 // withCmdComment sets Cmd to a nop comment string. See withCmdCommentString for
 // why there are two almost identical versions of this.
 func withCmdComment(comment string, platform string) runConfigModifier {
@@ -433,8 +386,7 @@ func (b *Builder) probeAndCreate(dispatchState *dispatchState, runConfig *contai
 func (b *Builder) create(runConfig *container.Config) (string, error) {
 	logrus.Debugf("[BUILDER] Command to be executed: %v", runConfig.Cmd)
 
-	isWCOW := runtime.GOOS == "windows" && b.platform != nil && b.platform.OS == "windows"
-	hostConfig := hostConfigFromOptions(b.options, isWCOW)
+	hostConfig := hostConfigFromOptions(b.options)
 	container, err := b.containerManager.Create(runConfig, hostConfig)
 	if err != nil {
 		return "", err
@@ -447,7 +399,7 @@ func (b *Builder) create(runConfig *container.Config) (string, error) {
 	return container.ID, nil
 }
 
-func hostConfigFromOptions(options *types.ImageBuildOptions, isWCOW bool) *container.HostConfig {
+func hostConfigFromOptions(options *types.ImageBuildOptions) *container.HostConfig {
 	resources := container.Resources{
 		CgroupParent: options.CgroupParent,
 		CPUShares:    options.CPUShares,
@@ -470,31 +422,5 @@ func hostConfigFromOptions(options *types.ImageBuildOptions, isWCOW bool) *conta
 		LogConfig:  defaultLogConfig,
 		ExtraHosts: options.ExtraHosts,
 	}
-
-	// For WCOW, the default of 20GB hard-coded in the platform
-	// is too small for builder scenarios where many users are
-	// using RUN statements to install large amounts of data.
-	// Use 127GB as that's the default size of a VHD in Hyper-V.
-	if isWCOW {
-		hc.StorageOpt = make(map[string]string)
-		hc.StorageOpt["size"] = "127GB"
-	}
-
 	return hc
 }
-
-// fromSlash works like filepath.FromSlash but with a given OS platform field
-func fromSlash(path, platform string) string {
-	if platform == "windows" {
-		return strings.Replace(path, "/", "\\", -1)
-	}
-	return path
-}
-
-// separator returns a OS path separator for the given OS platform
-func separator(platform string) byte {
-	if platform == "windows" {
-		return '\\'
-	}
-	return '/'
-}
diff --git a/builder/dockerfile/internals_linux.go b/builder/dockerfile/internals_linux.go
index 5dbd86f147009..269f722d61c2c 100644
--- a/builder/dockerfile/internals_linux.go
+++ b/builder/dockerfile/internals_linux.go
@@ -6,7 +6,7 @@ import (
 	"strings"
 
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/symlink"
+	"github.com/moby/sys/symlink"
 	lcUser "github.com/opencontainers/runc/libcontainer/user"
 	"github.com/pkg/errors"
 )
diff --git a/builder/dockerfile/internals_linux_test.go b/builder/dockerfile/internals_linux_test.go
index 28c9cc81a8c86..6a2a8f6a8917d 100644
--- a/builder/dockerfile/internals_linux_test.go
+++ b/builder/dockerfile/internals_linux_test.go
@@ -7,8 +7,8 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/idtools"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestChownFlagParsing(t *testing.T) {
diff --git a/builder/dockerfile/internals_test.go b/builder/dockerfile/internals_test.go
index b1ef6c80d82ec..5353167ad637b 100644
--- a/builder/dockerfile/internals_test.go
+++ b/builder/dockerfile/internals_test.go
@@ -11,11 +11,15 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/builder"
 	"github.com/docker/docker/builder/remotecontext"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/go-connections/nat"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestEmptyDockerfile(t *testing.T) {
@@ -46,7 +50,7 @@ func TestDockerfileOutsideTheBuildContext(t *testing.T) {
 	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
 	defer cleanup()
 
-	expectedError := "Forbidden path outside the build context: ../../Dockerfile ()"
+	expectedError := "path outside the build context: ../../Dockerfile ()"
 	if runtime.GOOS == "windows" {
 		expectedError = "failed to resolve scoped path ../../Dockerfile ()"
 	}
@@ -176,3 +180,45 @@ func TestDeepCopyRunConfig(t *testing.T) {
 	copy.Shell[0] = "sh"
 	assert.Check(t, is.DeepEqual(fullMutableRunConfig(), runConfig))
 }
+
+type MockRWLayer struct{}
+
+func (l *MockRWLayer) Release() error                { return nil }
+func (l *MockRWLayer) Root() containerfs.ContainerFS { return nil }
+func (l *MockRWLayer) Commit() (builder.ROLayer, error) {
+	return &MockROLayer{
+		diffID: layer.DiffID(digest.Digest("sha256:1234")),
+	}, nil
+}
+
+type MockROLayer struct {
+	diffID layer.DiffID
+}
+
+func (l *MockROLayer) Release() error                       { return nil }
+func (l *MockROLayer) NewRWLayer() (builder.RWLayer, error) { return nil, nil }
+func (l *MockROLayer) DiffID() layer.DiffID                 { return l.diffID }
+
+func getMockBuildBackend() builder.Backend {
+	return &MockBackend{}
+}
+
+func TestExportImage(t *testing.T) {
+	ds := newDispatchState(NewBuildArgs(map[string]*string{}))
+	layer := &MockRWLayer{}
+	parentImage := &image.Image{
+		V1Image: image.V1Image{
+			OS:           "linux",
+			Architecture: "arm64",
+			Variant:      "v8",
+		},
+	}
+	runConfig := &container.Config{}
+
+	b := &Builder{
+		imageSources: getMockImageSource(nil, nil, nil),
+		docker:       getMockBuildBackend(),
+	}
+	err := b.exportImage(ds, layer, parentImage, runConfig)
+	assert.NilError(t, err)
+}
diff --git a/builder/dockerfile/internals_windows.go b/builder/dockerfile/internals_windows.go
index 82135a12ae689..0d26e69ef3e8d 100644
--- a/builder/dockerfile/internals_windows.go
+++ b/builder/dockerfile/internals_windows.go
@@ -11,8 +11,6 @@ import (
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/pkg/system"
-	"github.com/pkg/errors"
 	"golang.org/x/sys/windows"
 )
 
@@ -31,13 +29,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string
 		sid, err := windows.StringToSid(accountName)
 
 		if err == nil {
-			accountSid, err := sid.String()
-
-			if err != nil {
-				return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")
-			}
-
-			return idtools.Identity{SID: accountSid}, nil
+			return idtools.Identity{SID: sid.String()}, nil
 		}
 	}
 
@@ -46,21 +38,15 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string
 
 	// If this is a SID that is built-in and hence the same across all systems then use that.
 	if err == nil && (accType == windows.SidTypeAlias || accType == windows.SidTypeWellKnownGroup) {
-		accountSid, err := sid.String()
-
-		if err != nil {
-			return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")
-		}
-
-		return idtools.Identity{SID: accountSid}, nil
+		return idtools.Identity{SID: sid.String()}, nil
 	}
 
 	// Check if the account name is one unique to containers.
 	if strings.EqualFold(accountName, "ContainerAdministrator") {
-		return idtools.Identity{SID: system.ContainerAdministratorSidString}, nil
+		return idtools.Identity{SID: idtools.ContainerAdministratorSidString}, nil
 
 	} else if strings.EqualFold(accountName, "ContainerUser") {
-		return idtools.Identity{SID: system.ContainerUserSidString}, nil
+		return idtools.Identity{SID: idtools.ContainerUserSidString}, nil
 	}
 
 	// All other lookups failed, so therefore determine if the account in
@@ -83,7 +69,6 @@ func lookupNTAccount(builder *Builder, accountName string, state *dispatchState)
 	runConfig := copyRunConfig(state.runConfig,
 		withCmdCommentString("internal run to obtain NT account information.", optionsPlatform.OS))
 
-	runConfig.ArgsEscaped = true
 	runConfig.Cmd = []string{targetExecutable, "getaccountsid", accountName}
 
 	hostConfig := &container.HostConfig{Mounts: []mount.Mount{
diff --git a/builder/dockerfile/internals_windows_test.go b/builder/dockerfile/internals_windows_test.go
index 4f00623404dbb..59d84e5cce018 100644
--- a/builder/dockerfile/internals_windows_test.go
+++ b/builder/dockerfile/internals_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package dockerfile // import "github.com/docker/docker/builder/dockerfile"
@@ -6,8 +7,8 @@ import (
 	"fmt"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestNormalizeDest(t *testing.T) {
@@ -40,7 +41,7 @@ func TestNormalizeDest(t *testing.T) {
 	}
 	for _, testcase := range tests {
 		msg := fmt.Sprintf("Input: %s, %s", testcase.current, testcase.requested)
-		actual, err := normalizeDest(testcase.current, testcase.requested, "windows")
+		actual, err := normalizeDest(testcase.current, testcase.requested)
 		if testcase.etext == "" {
 			if !assert.Check(t, err, msg) {
 				continue
diff --git a/builder/dockerfile/metrics.go b/builder/dockerfile/metrics.go
index ceafa7ad629e5..eb5b5562f3742 100644
--- a/builder/dockerfile/metrics.go
+++ b/builder/dockerfile/metrics.go
@@ -1,7 +1,7 @@
 package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
-	"github.com/docker/go-metrics"
+	metrics "github.com/docker/go-metrics"
 )
 
 var (
diff --git a/builder/dockerfile/mockbackend_test.go b/builder/dockerfile/mockbackend_test.go
index 45cba00a8c016..81f74175a205a 100644
--- a/builder/dockerfile/mockbackend_test.go
+++ b/builder/dockerfile/mockbackend_test.go
@@ -28,7 +28,7 @@ func (m *MockBackend) ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout
 	return nil
 }
 
-func (m *MockBackend) ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error) {
+func (m *MockBackend) ContainerCreateIgnoreImagesArgsEscaped(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error) {
 	if m.containerCreateFunc != nil {
 		return m.containerCreateFunc(config)
 	}
@@ -82,7 +82,7 @@ func (m *MockBackend) MakeImageCache(cacheFrom []string) builder.ImageCache {
 }
 
 func (m *MockBackend) CreateImage(config []byte, parent string) (builder.Image, error) {
-	return nil, nil
+	return &mockImage{id: "test"}, nil
 }
 
 type mockImage struct {
@@ -104,7 +104,7 @@ func (i *mockImage) OperatingSystem() string {
 
 func (i *mockImage) MarshalJSON() ([]byte, error) {
 	type rawImage mockImage
-	return json.Marshal(rawImage(*i))
+	return json.Marshal(rawImage(*i)) //nolint:staticcheck
 }
 
 type mockImageCache struct {
diff --git a/builder/dockerfile/utils_test.go b/builder/dockerfile/utils_test.go
index 3d615f3460f24..98bdda2a7eb54 100644
--- a/builder/dockerfile/utils_test.go
+++ b/builder/dockerfile/utils_test.go
@@ -1,7 +1,6 @@
 package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -11,7 +10,7 @@ import (
 // It returns the created path and a cleanup function which is meant to be used as deferred call.
 // When an error occurs, it terminates the test.
 func createTestTempDir(t *testing.T, dir, prefix string) (string, func()) {
-	path, err := ioutil.TempDir(dir, prefix)
+	path, err := os.MkdirTemp(dir, prefix)
 
 	if err != nil {
 		t.Fatalf("Error when creating directory %s with prefix %s: %s", dir, prefix, err)
@@ -30,7 +29,7 @@ func createTestTempDir(t *testing.T, dir, prefix string) (string, func()) {
 // When an error occurs, it terminates the test
 func createTestTempFile(t *testing.T, dir, filename, contents string, perm os.FileMode) string {
 	filePath := filepath.Join(dir, filename)
-	err := ioutil.WriteFile(filePath, []byte(contents), perm)
+	err := os.WriteFile(filePath, []byte(contents), perm)
 
 	if err != nil {
 		t.Fatalf("Error when creating %s file: %s", filename, err)
diff --git a/builder/dockerignore/deprecated.go b/builder/dockerignore/deprecated.go
new file mode 100644
index 0000000000000..e387cc8ed24d9
--- /dev/null
+++ b/builder/dockerignore/deprecated.go
@@ -0,0 +1,17 @@
+// Package dockerignore is deprecated. Use github.com/moby/buildkit/frontend/dockerfile/dockerignore instead.
+package dockerignore
+
+import (
+	"io"
+
+	"github.com/moby/buildkit/frontend/dockerfile/dockerignore"
+)
+
+// ReadAll reads a .dockerignore file and returns the list of file patterns
+// to ignore. Note this will trim whitespace from each line as well
+// as use GO's "clean" func to get the shortest/cleanest path for each.
+//
+// Deprecated: use github.com/moby/buildkit/frontend/dockerfile/dockerignore.ReadAll instead.
+func ReadAll(reader io.Reader) ([]string, error) {
+	return dockerignore.ReadAll(reader)
+}
diff --git a/builder/dockerignore/dockerignore_test.go b/builder/dockerignore/dockerignore_test.go
deleted file mode 100644
index 06186cc12082a..0000000000000
--- a/builder/dockerignore/dockerignore_test.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package dockerignore // import "github.com/docker/docker/builder/dockerignore"
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestReadAll(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "dockerignore-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpDir)
-
-	di, err := ReadAll(nil)
-	if err != nil {
-		t.Fatalf("Expected not to have error, got %v", err)
-	}
-
-	if diLen := len(di); diLen != 0 {
-		t.Fatalf("Expected to have zero dockerignore entry, got %d", diLen)
-	}
-
-	diName := filepath.Join(tmpDir, ".dockerignore")
-	content := fmt.Sprintf("test1\n/test2\n/a/file/here\n\nlastfile\n# this is a comment\n! /inverted/abs/path\n!\n! \n")
-	err = ioutil.WriteFile(diName, []byte(content), 0777)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	diFd, err := os.Open(diName)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer diFd.Close()
-
-	di, err = ReadAll(diFd)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(di) != 7 {
-		t.Fatalf("Expected 5 entries, got %v", len(di))
-	}
-	if di[0] != "test1" {
-		t.Fatal("First element is not test1")
-	}
-	if di[1] != "test2" { // according to https://docs.docker.com/engine/reference/builder/#dockerignore-file, /foo/bar should be treated as foo/bar
-		t.Fatal("Second element is not test2")
-	}
-	if di[2] != "a/file/here" { // according to https://docs.docker.com/engine/reference/builder/#dockerignore-file, /foo/bar should be treated as foo/bar
-		t.Fatal("Third element is not a/file/here")
-	}
-	if di[3] != "lastfile" {
-		t.Fatal("Fourth element is not lastfile")
-	}
-	if di[4] != "!inverted/abs/path" {
-		t.Fatal("Fifth element is not !inverted/abs/path")
-	}
-	if di[5] != "!" {
-		t.Fatalf("Sixth element is not !, but %s", di[5])
-	}
-	if di[6] != "!" {
-		t.Fatalf("Sixth element is not !, but %s", di[6])
-	}
-}
diff --git a/builder/fscache/fscache.go b/builder/fscache/fscache.go
deleted file mode 100644
index 8897fe16d89bf..0000000000000
--- a/builder/fscache/fscache.go
+++ /dev/null
@@ -1,653 +0,0 @@
-package fscache // import "github.com/docker/docker/builder/fscache"
-
-import (
-	"archive/tar"
-	"context"
-	"crypto/sha256"
-	"encoding/json"
-	"hash"
-	"os"
-	"path/filepath"
-	"sort"
-	"sync"
-	"time"
-
-	"github.com/docker/docker/builder"
-	"github.com/docker/docker/builder/remotecontext"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/directory"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/tarsum"
-	"github.com/moby/buildkit/session/filesync"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"github.com/tonistiigi/fsutil"
-	fsutiltypes "github.com/tonistiigi/fsutil/types"
-	bolt "go.etcd.io/bbolt"
-	"golang.org/x/sync/singleflight"
-)
-
-const dbFile = "fscache.db"
-const cacheKey = "cache"
-const metaKey = "meta"
-
-// Backend is a backing implementation for FSCache
-type Backend interface {
-	Get(id string) (string, error)
-	Remove(id string) error
-}
-
-// FSCache allows syncing remote resources to cached snapshots
-type FSCache struct {
-	opt        Opt
-	transports map[string]Transport
-	mu         sync.Mutex
-	g          singleflight.Group
-	store      *fsCacheStore
-}
-
-// Opt defines options for initializing FSCache
-type Opt struct {
-	Backend  Backend
-	Root     string // for storing local metadata
-	GCPolicy GCPolicy
-}
-
-// GCPolicy defines policy for garbage collection
-type GCPolicy struct {
-	MaxSize         uint64
-	MaxKeepDuration time.Duration
-}
-
-// NewFSCache returns new FSCache object
-func NewFSCache(opt Opt) (*FSCache, error) {
-	store, err := newFSCacheStore(opt)
-	if err != nil {
-		return nil, err
-	}
-	return &FSCache{
-		store:      store,
-		opt:        opt,
-		transports: make(map[string]Transport),
-	}, nil
-}
-
-// Transport defines a method for syncing remote data to FSCache
-type Transport interface {
-	Copy(ctx context.Context, id RemoteIdentifier, dest string, cs filesync.CacheUpdater) error
-}
-
-// RemoteIdentifier identifies a transfer request
-type RemoteIdentifier interface {
-	Key() string
-	SharedKey() string
-	Transport() string
-}
-
-// RegisterTransport registers a new transport method
-func (fsc *FSCache) RegisterTransport(id string, transport Transport) error {
-	fsc.mu.Lock()
-	defer fsc.mu.Unlock()
-	if _, ok := fsc.transports[id]; ok {
-		return errors.Errorf("transport %v already exists", id)
-	}
-	fsc.transports[id] = transport
-	return nil
-}
-
-// SyncFrom returns a source based on a remote identifier
-func (fsc *FSCache) SyncFrom(ctx context.Context, id RemoteIdentifier) (builder.Source, error) { // cacheOpt
-	trasportID := id.Transport()
-	fsc.mu.Lock()
-	transport, ok := fsc.transports[id.Transport()]
-	if !ok {
-		fsc.mu.Unlock()
-		return nil, errors.Errorf("invalid transport %s", trasportID)
-	}
-
-	logrus.Debugf("SyncFrom %s %s", id.Key(), id.SharedKey())
-	fsc.mu.Unlock()
-	sourceRef, err, _ := fsc.g.Do(id.Key(), func() (interface{}, error) {
-		var sourceRef *cachedSourceRef
-		sourceRef, err := fsc.store.Get(id.Key())
-		if err == nil {
-			return sourceRef, nil
-		}
-
-		// check for unused shared cache
-		sharedKey := id.SharedKey()
-		if sharedKey != "" {
-			r, err := fsc.store.Rebase(sharedKey, id.Key())
-			if err == nil {
-				sourceRef = r
-			}
-		}
-
-		if sourceRef == nil {
-			var err error
-			sourceRef, err = fsc.store.New(id.Key(), sharedKey)
-			if err != nil {
-				return nil, errors.Wrap(err, "failed to create remote context")
-			}
-		}
-
-		if err := syncFrom(ctx, sourceRef, transport, id); err != nil {
-			sourceRef.Release()
-			return nil, err
-		}
-		if err := sourceRef.resetSize(-1); err != nil {
-			return nil, err
-		}
-		return sourceRef, nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	ref := sourceRef.(*cachedSourceRef)
-	if ref.src == nil { // failsafe
-		return nil, errors.Errorf("invalid empty pull")
-	}
-	wc := &wrappedContext{Source: ref.src, closer: func() error {
-		ref.Release()
-		return nil
-	}}
-	return wc, nil
-}
-
-// DiskUsage reports how much data is allocated by the cache
-func (fsc *FSCache) DiskUsage(ctx context.Context) (int64, error) {
-	return fsc.store.DiskUsage(ctx)
-}
-
-// Prune allows manually cleaning up the cache
-func (fsc *FSCache) Prune(ctx context.Context) (uint64, error) {
-	return fsc.store.Prune(ctx)
-}
-
-// Close stops the gc and closes the persistent db
-func (fsc *FSCache) Close() error {
-	return fsc.store.Close()
-}
-
-func syncFrom(ctx context.Context, cs *cachedSourceRef, transport Transport, id RemoteIdentifier) (retErr error) {
-	src := cs.src
-	if src == nil {
-		src = remotecontext.NewCachableSource(cs.Dir())
-	}
-
-	if !cs.cached {
-		if err := cs.storage.db.View(func(tx *bolt.Tx) error {
-			b := tx.Bucket([]byte(id.Key()))
-			dt := b.Get([]byte(cacheKey))
-			if dt != nil {
-				if err := src.UnmarshalBinary(dt); err != nil {
-					return err
-				}
-			} else {
-				return errors.Wrap(src.Scan(), "failed to scan cache records")
-			}
-			return nil
-		}); err != nil {
-			return err
-		}
-	}
-
-	dc := &detectChanges{f: src.HandleChange}
-
-	// todo: probably send a bucket to `Copy` and let it return source
-	// but need to make sure that tx is safe
-	if err := transport.Copy(ctx, id, cs.Dir(), dc); err != nil {
-		return errors.Wrapf(err, "failed to copy to %s", cs.Dir())
-	}
-
-	if !dc.supported {
-		if err := src.Scan(); err != nil {
-			return errors.Wrap(err, "failed to scan cache records after transfer")
-		}
-	}
-	cs.cached = true
-	cs.src = src
-	return cs.storage.db.Update(func(tx *bolt.Tx) error {
-		dt, err := src.MarshalBinary()
-		if err != nil {
-			return err
-		}
-		b := tx.Bucket([]byte(id.Key()))
-		return b.Put([]byte(cacheKey), dt)
-	})
-}
-
-type fsCacheStore struct {
-	mu       sync.Mutex
-	sources  map[string]*cachedSource
-	db       *bolt.DB
-	fs       Backend
-	gcTimer  *time.Timer
-	gcPolicy GCPolicy
-}
-
-// CachePolicy defines policy for keeping a resource in cache
-type CachePolicy struct {
-	Priority int
-	LastUsed time.Time
-}
-
-func defaultCachePolicy() CachePolicy {
-	return CachePolicy{Priority: 10, LastUsed: time.Now()}
-}
-
-func newFSCacheStore(opt Opt) (*fsCacheStore, error) {
-	if err := os.MkdirAll(opt.Root, 0700); err != nil {
-		return nil, err
-	}
-	p := filepath.Join(opt.Root, dbFile)
-	db, err := bolt.Open(p, 0600, nil)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to open database file %s")
-	}
-	s := &fsCacheStore{db: db, sources: make(map[string]*cachedSource), fs: opt.Backend, gcPolicy: opt.GCPolicy}
-	db.View(func(tx *bolt.Tx) error {
-		return tx.ForEach(func(name []byte, b *bolt.Bucket) error {
-			dt := b.Get([]byte(metaKey))
-			if dt == nil {
-				return nil
-			}
-			var sm sourceMeta
-			if err := json.Unmarshal(dt, &sm); err != nil {
-				return err
-			}
-			dir, err := s.fs.Get(sm.BackendID)
-			if err != nil {
-				return err // TODO: handle gracefully
-			}
-			source := &cachedSource{
-				refs:       make(map[*cachedSourceRef]struct{}),
-				id:         string(name),
-				dir:        dir,
-				sourceMeta: sm,
-				storage:    s,
-			}
-			s.sources[string(name)] = source
-			return nil
-		})
-	})
-
-	s.gcTimer = s.startPeriodicGC(5 * time.Minute)
-	return s, nil
-}
-
-func (s *fsCacheStore) startPeriodicGC(interval time.Duration) *time.Timer {
-	var t *time.Timer
-	t = time.AfterFunc(interval, func() {
-		if err := s.GC(); err != nil {
-			logrus.Errorf("build gc error: %v", err)
-		}
-		t.Reset(interval)
-	})
-	return t
-}
-
-func (s *fsCacheStore) Close() error {
-	s.gcTimer.Stop()
-	return s.db.Close()
-}
-
-func (s *fsCacheStore) New(id, sharedKey string) (*cachedSourceRef, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	var ret *cachedSource
-	if err := s.db.Update(func(tx *bolt.Tx) error {
-		b, err := tx.CreateBucket([]byte(id))
-		if err != nil {
-			return err
-		}
-		backendID := stringid.GenerateRandomID()
-		dir, err := s.fs.Get(backendID)
-		if err != nil {
-			return err
-		}
-		source := &cachedSource{
-			refs: make(map[*cachedSourceRef]struct{}),
-			id:   id,
-			dir:  dir,
-			sourceMeta: sourceMeta{
-				BackendID:   backendID,
-				SharedKey:   sharedKey,
-				CachePolicy: defaultCachePolicy(),
-			},
-			storage: s,
-		}
-		dt, err := json.Marshal(source.sourceMeta)
-		if err != nil {
-			return err
-		}
-		if err := b.Put([]byte(metaKey), dt); err != nil {
-			return err
-		}
-		s.sources[id] = source
-		ret = source
-		return nil
-	}); err != nil {
-		return nil, err
-	}
-	return ret.getRef(), nil
-}
-
-func (s *fsCacheStore) Rebase(sharedKey, newid string) (*cachedSourceRef, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	var ret *cachedSource
-	for id, snap := range s.sources {
-		if snap.SharedKey == sharedKey && len(snap.refs) == 0 {
-			if err := s.db.Update(func(tx *bolt.Tx) error {
-				if err := tx.DeleteBucket([]byte(id)); err != nil {
-					return err
-				}
-				b, err := tx.CreateBucket([]byte(newid))
-				if err != nil {
-					return err
-				}
-				snap.id = newid
-				snap.CachePolicy = defaultCachePolicy()
-				dt, err := json.Marshal(snap.sourceMeta)
-				if err != nil {
-					return err
-				}
-				if err := b.Put([]byte(metaKey), dt); err != nil {
-					return err
-				}
-				delete(s.sources, id)
-				s.sources[newid] = snap
-				return nil
-			}); err != nil {
-				return nil, err
-			}
-			ret = snap
-			break
-		}
-	}
-	if ret == nil {
-		return nil, errors.Errorf("no candidate for rebase")
-	}
-	return ret.getRef(), nil
-}
-
-func (s *fsCacheStore) Get(id string) (*cachedSourceRef, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	src, ok := s.sources[id]
-	if !ok {
-		return nil, errors.Errorf("not found")
-	}
-	return src.getRef(), nil
-}
-
-// DiskUsage reports how much data is allocated by the cache
-func (s *fsCacheStore) DiskUsage(ctx context.Context) (int64, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	var size int64
-
-	for _, snap := range s.sources {
-		if len(snap.refs) == 0 {
-			ss, err := snap.getSize(ctx)
-			if err != nil {
-				return 0, err
-			}
-			size += ss
-		}
-	}
-	return size, nil
-}
-
-// Prune allows manually cleaning up the cache
-func (s *fsCacheStore) Prune(ctx context.Context) (uint64, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	var size uint64
-
-	for id, snap := range s.sources {
-		select {
-		case <-ctx.Done():
-			logrus.Debugf("Cache prune operation cancelled, pruned size: %d", size)
-			// when the context is cancelled, only return current size and nil
-			return size, nil
-		default:
-		}
-		if len(snap.refs) == 0 {
-			ss, err := snap.getSize(ctx)
-			if err != nil {
-				return size, err
-			}
-			if err := s.delete(id); err != nil {
-				return size, errors.Wrapf(err, "failed to delete %s", id)
-			}
-			size += uint64(ss)
-		}
-	}
-	return size, nil
-}
-
-// GC runs a garbage collector on FSCache
-func (s *fsCacheStore) GC() error {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	var size uint64
-
-	ctx := context.Background()
-	cutoff := time.Now().Add(-s.gcPolicy.MaxKeepDuration)
-	var blacklist []*cachedSource
-
-	for id, snap := range s.sources {
-		if len(snap.refs) == 0 {
-			if cutoff.After(snap.CachePolicy.LastUsed) {
-				if err := s.delete(id); err != nil {
-					return errors.Wrapf(err, "failed to delete %s", id)
-				}
-			} else {
-				ss, err := snap.getSize(ctx)
-				if err != nil {
-					return err
-				}
-				size += uint64(ss)
-				blacklist = append(blacklist, snap)
-			}
-		}
-	}
-
-	sort.Sort(sortableCacheSources(blacklist))
-	for _, snap := range blacklist {
-		if size <= s.gcPolicy.MaxSize {
-			break
-		}
-		ss, err := snap.getSize(ctx)
-		if err != nil {
-			return err
-		}
-		if err := s.delete(snap.id); err != nil {
-			return errors.Wrapf(err, "failed to delete %s", snap.id)
-		}
-		size -= uint64(ss)
-	}
-	return nil
-}
-
-// keep mu while calling this
-func (s *fsCacheStore) delete(id string) error {
-	src, ok := s.sources[id]
-	if !ok {
-		return nil
-	}
-	if len(src.refs) > 0 {
-		return errors.Errorf("can't delete %s because it has active references", id)
-	}
-	delete(s.sources, id)
-	if err := s.db.Update(func(tx *bolt.Tx) error {
-		return tx.DeleteBucket([]byte(id))
-	}); err != nil {
-		return err
-	}
-	return s.fs.Remove(src.BackendID)
-}
-
-type sourceMeta struct {
-	SharedKey   string
-	BackendID   string
-	CachePolicy CachePolicy
-	Size        int64
-}
-
-type cachedSource struct {
-	sourceMeta
-	refs    map[*cachedSourceRef]struct{}
-	id      string
-	dir     string
-	src     *remotecontext.CachableSource
-	storage *fsCacheStore
-	cached  bool // keep track if cache is up to date
-}
-
-type cachedSourceRef struct {
-	*cachedSource
-}
-
-func (cs *cachedSource) Dir() string {
-	return cs.dir
-}
-
-// hold storage lock before calling
-func (cs *cachedSource) getRef() *cachedSourceRef {
-	ref := &cachedSourceRef{cachedSource: cs}
-	cs.refs[ref] = struct{}{}
-	return ref
-}
-
-// hold storage lock before calling
-func (cs *cachedSource) getSize(ctx context.Context) (int64, error) {
-	if cs.sourceMeta.Size < 0 {
-		ss, err := directory.Size(ctx, cs.dir)
-		if err != nil {
-			return 0, err
-		}
-		if err := cs.resetSize(ss); err != nil {
-			return 0, err
-		}
-		return ss, nil
-	}
-	return cs.sourceMeta.Size, nil
-}
-
-func (cs *cachedSource) resetSize(val int64) error {
-	cs.sourceMeta.Size = val
-	return cs.saveMeta()
-}
-func (cs *cachedSource) saveMeta() error {
-	return cs.storage.db.Update(func(tx *bolt.Tx) error {
-		b := tx.Bucket([]byte(cs.id))
-		dt, err := json.Marshal(cs.sourceMeta)
-		if err != nil {
-			return err
-		}
-		return b.Put([]byte(metaKey), dt)
-	})
-}
-
-func (csr *cachedSourceRef) Release() error {
-	csr.cachedSource.storage.mu.Lock()
-	defer csr.cachedSource.storage.mu.Unlock()
-	delete(csr.cachedSource.refs, csr)
-	if len(csr.cachedSource.refs) == 0 {
-		go csr.cachedSource.storage.GC()
-	}
-	return nil
-}
-
-type detectChanges struct {
-	f         fsutil.ChangeFunc
-	supported bool
-}
-
-func (dc *detectChanges) HandleChange(kind fsutil.ChangeKind, path string, fi os.FileInfo, err error) error {
-	if dc == nil {
-		return nil
-	}
-	return dc.f(kind, path, fi, err)
-}
-
-func (dc *detectChanges) MarkSupported(v bool) {
-	if dc == nil {
-		return
-	}
-	dc.supported = v
-}
-
-func (dc *detectChanges) ContentHasher() fsutil.ContentHasher {
-	return newTarsumHash
-}
-
-type wrappedContext struct {
-	builder.Source
-	closer func() error
-}
-
-func (wc *wrappedContext) Close() error {
-	if err := wc.Source.Close(); err != nil {
-		return err
-	}
-	return wc.closer()
-}
-
-type sortableCacheSources []*cachedSource
-
-// Len is the number of elements in the collection.
-func (s sortableCacheSources) Len() int {
-	return len(s)
-}
-
-// Less reports whether the element with
-// index i should sort before the element with index j.
-func (s sortableCacheSources) Less(i, j int) bool {
-	return s[i].CachePolicy.LastUsed.Before(s[j].CachePolicy.LastUsed)
-}
-
-// Swap swaps the elements with indexes i and j.
-func (s sortableCacheSources) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-func newTarsumHash(stat *fsutiltypes.Stat) (hash.Hash, error) {
-	fi := &fsutil.StatInfo{Stat: stat}
-	p := stat.Path
-	if fi.IsDir() {
-		p += string(os.PathSeparator)
-	}
-	h, err := archive.FileInfoHeader(p, fi, stat.Linkname)
-	if err != nil {
-		return nil, err
-	}
-	h.Name = p
-	h.Uid = int(stat.Uid)
-	h.Gid = int(stat.Gid)
-	h.Linkname = stat.Linkname
-	if stat.Xattrs != nil {
-		h.Xattrs = make(map[string]string)
-		for k, v := range stat.Xattrs {
-			h.Xattrs[k] = string(v)
-		}
-	}
-
-	tsh := &tarsumHash{h: h, Hash: sha256.New()}
-	tsh.Reset()
-	return tsh, nil
-}
-
-// Reset resets the Hash to its initial state.
-func (tsh *tarsumHash) Reset() {
-	tsh.Hash.Reset()
-	tarsum.WriteV1Header(tsh.h, tsh.Hash)
-}
-
-type tarsumHash struct {
-	hash.Hash
-	h *tar.Header
-}
diff --git a/builder/fscache/fscache_test.go b/builder/fscache/fscache_test.go
deleted file mode 100644
index 5108d65df1576..0000000000000
--- a/builder/fscache/fscache_test.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package fscache // import "github.com/docker/docker/builder/fscache"
-
-import (
-	"context"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-	"time"
-
-	"github.com/moby/buildkit/session/filesync"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-)
-
-func TestFSCache(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "fscache")
-	assert.Check(t, err)
-	defer os.RemoveAll(tmpDir)
-
-	backend := NewNaiveCacheBackend(filepath.Join(tmpDir, "backend"))
-
-	opt := Opt{
-		Root:     tmpDir,
-		Backend:  backend,
-		GCPolicy: GCPolicy{MaxSize: 15, MaxKeepDuration: time.Hour},
-	}
-
-	fscache, err := NewFSCache(opt)
-	assert.Check(t, err)
-
-	defer fscache.Close()
-
-	err = fscache.RegisterTransport("test", &testTransport{})
-	assert.Check(t, err)
-
-	src1, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo", "data", "bar"})
-	assert.Check(t, err)
-
-	dt, err := ioutil.ReadFile(filepath.Join(src1.Root().Path(), "foo"))
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(string(dt), "data"))
-
-	// same id doesn't recalculate anything
-	src2, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo", "data2", "bar"})
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(src1.Root().Path(), src2.Root().Path()))
-
-	dt, err = ioutil.ReadFile(filepath.Join(src1.Root().Path(), "foo"))
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(string(dt), "data"))
-	assert.Check(t, src2.Close())
-
-	src3, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo2", "data2", "bar"})
-	assert.Check(t, err)
-	assert.Check(t, src1.Root().Path() != src3.Root().Path())
-
-	dt, err = ioutil.ReadFile(filepath.Join(src3.Root().Path(), "foo2"))
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(string(dt), "data2"))
-
-	s, err := fscache.DiskUsage(context.TODO())
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(s, int64(0)))
-
-	assert.Check(t, src3.Close())
-
-	s, err = fscache.DiskUsage(context.TODO())
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(s, int64(5)))
-
-	// new upload with the same shared key shoutl overwrite
-	src4, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo3", "data3", "bar"})
-	assert.Check(t, err)
-	assert.Check(t, src1.Root().Path() != src3.Root().Path())
-
-	dt, err = ioutil.ReadFile(filepath.Join(src3.Root().Path(), "foo3"))
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(string(dt), "data3"))
-	assert.Check(t, is.Equal(src4.Root().Path(), src3.Root().Path()))
-	assert.Check(t, src4.Close())
-
-	s, err = fscache.DiskUsage(context.TODO())
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(s, int64(10)))
-
-	// this one goes over the GC limit
-	src5, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo4", "datadata", "baz"})
-	assert.Check(t, err)
-	assert.Check(t, src5.Close())
-
-	// GC happens async
-	time.Sleep(100 * time.Millisecond)
-
-	// only last insertion after GC
-	s, err = fscache.DiskUsage(context.TODO())
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(s, int64(8)))
-
-	// prune deletes everything
-	released, err := fscache.Prune(context.TODO())
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(released, uint64(8)))
-
-	s, err = fscache.DiskUsage(context.TODO())
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(s, int64(0)))
-}
-
-type testTransport struct {
-}
-
-func (t *testTransport) Copy(ctx context.Context, id RemoteIdentifier, dest string, cs filesync.CacheUpdater) error {
-	testid := id.(*testIdentifier)
-	return ioutil.WriteFile(filepath.Join(dest, testid.filename), []byte(testid.data), 0600)
-}
-
-type testIdentifier struct {
-	filename  string
-	data      string
-	sharedKey string
-}
-
-func (t *testIdentifier) Key() string {
-	return t.filename
-}
-func (t *testIdentifier) SharedKey() string {
-	return t.sharedKey
-}
-func (t *testIdentifier) Transport() string {
-	return "test"
-}
diff --git a/builder/fscache/naivedriver.go b/builder/fscache/naivedriver.go
deleted file mode 100644
index 053509aecffe9..0000000000000
--- a/builder/fscache/naivedriver.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package fscache // import "github.com/docker/docker/builder/fscache"
-
-import (
-	"os"
-	"path/filepath"
-
-	"github.com/pkg/errors"
-)
-
-// NewNaiveCacheBackend is a basic backend implementation for fscache
-func NewNaiveCacheBackend(root string) Backend {
-	return &naiveCacheBackend{root: root}
-}
-
-type naiveCacheBackend struct {
-	root string
-}
-
-func (tcb *naiveCacheBackend) Get(id string) (string, error) {
-	d := filepath.Join(tcb.root, id)
-	if err := os.MkdirAll(d, 0700); err != nil {
-		return "", errors.Wrapf(err, "failed to create tmp dir for %s", d)
-	}
-	return d, nil
-}
-func (tcb *naiveCacheBackend) Remove(id string) error {
-	return errors.WithStack(os.RemoveAll(filepath.Join(tcb.root, id)))
-}
diff --git a/builder/remotecontext/detect.go b/builder/remotecontext/detect.go
index 144eb570abde0..09f4d28434637 100644
--- a/builder/remotecontext/detect.go
+++ b/builder/remotecontext/detect.go
@@ -11,9 +11,10 @@ import (
 	"github.com/containerd/continuity/driver"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/builder"
-	"github.com/docker/docker/builder/dockerignore"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/urlutil"
+	"github.com/moby/buildkit/frontend/dockerfile/dockerignore"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -32,11 +33,7 @@ func Detect(config backend.BuildConfig) (remote builder.Source, dockerfile *pars
 	case remoteURL == "":
 		remote, dockerfile, err = newArchiveRemote(config.Source, dockerfilePath)
 	case remoteURL == ClientSessionRemote:
-		res, err := parser.Parse(config.Source)
-		if err != nil {
-			return nil, nil, err
-		}
-		return nil, res, nil
+		return nil, nil, errdefs.InvalidParameter(errors.New("experimental session with v1 builder is no longer supported, use builder version v2 (BuildKit) instead"))
 	case urlutil.IsGitURL(remoteURL):
 		remote, dockerfile, err = newGitRemote(remoteURL, dockerfilePath)
 	case urlutil.IsURL(remoteURL):
@@ -60,7 +57,7 @@ func newArchiveRemote(rc io.ReadCloser, dockerfilePath string) (builder.Source,
 func withDockerfileFromContext(c modifiableContext, dockerfilePath string) (builder.Source, *parser.Result, error) {
 	df, err := openAt(c, dockerfilePath)
 	if err != nil {
-		if os.IsNotExist(err) {
+		if errors.Is(err, os.ErrNotExist) {
 			if dockerfilePath == builder.DefaultDockerfileName {
 				lowercase := strings.ToLower(dockerfilePath)
 				if _, err := StatAt(c, lowercase); err == nil {
@@ -106,7 +103,7 @@ func newURLRemote(url string, dockerfilePath string, progressReader func(in io.R
 	switch contentType {
 	case mimeTypes.TextPlain:
 		res, err := parser.Parse(progressReader(content))
-		return nil, res, err
+		return nil, res, errdefs.InvalidParameter(err)
 	default:
 		source, err := FromArchive(progressReader(content))
 		if err != nil {
@@ -133,7 +130,7 @@ func removeDockerfile(c modifiableContext, filesToRemove ...string) error {
 	f.Close()
 	filesToRemove = append([]string{".dockerignore"}, filesToRemove...)
 	for _, fileToRemove := range filesToRemove {
-		if rm, _ := fileutils.Matches(fileToRemove, excludes); rm {
+		if rm, _ := fileutils.MatchesOrParentMatches(fileToRemove, excludes); rm {
 			if err := c.Remove(fileToRemove); err != nil {
 				logrus.Errorf("failed to remove %s: %v", fileToRemove, err)
 			}
@@ -146,11 +143,17 @@ func readAndParseDockerfile(name string, rc io.Reader) (*parser.Result, error) {
 	br := bufio.NewReader(rc)
 	if _, err := br.Peek(1); err != nil {
 		if err == io.EOF {
-			return nil, errors.Errorf("the Dockerfile (%s) cannot be empty", name)
+			return nil, errdefs.InvalidParameter(errors.Errorf("the Dockerfile (%s) cannot be empty", name))
 		}
 		return nil, errors.Wrap(err, "unexpected error reading Dockerfile")
 	}
-	return parser.Parse(br)
+
+	dockerfile, err := parser.Parse(br)
+	if err != nil {
+		return nil, errdefs.InvalidParameter(errors.Wrapf(err, "failed to parse %s", name))
+	}
+
+	return dockerfile, nil
 }
 
 func openAt(remote builder.Source, path string) (driver.File, error) {
@@ -177,7 +180,7 @@ func FullPath(remote builder.Source, path string) (string, error) {
 		if runtime.GOOS == "windows" {
 			return "", fmt.Errorf("failed to resolve scoped path %s (%s): %s. Possible cause is a forbidden path outside the build context", path, fullPath, err)
 		}
-		return "", fmt.Errorf("Forbidden path outside the build context: %s (%s)", path, fullPath) // backwards compat with old error
+		return "", fmt.Errorf("forbidden path outside the build context: %s (%s)", path, fullPath) // backwards compat with old error
 	}
 	return fullPath, nil
 }
diff --git a/builder/remotecontext/detect_test.go b/builder/remotecontext/detect_test.go
index 04b7686c7ad6c..71dfd7bbb9306 100644
--- a/builder/remotecontext/detect_test.go
+++ b/builder/remotecontext/detect_test.go
@@ -2,7 +2,6 @@ package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 
 import (
 	"errors"
-	"io/ioutil"
 	"log"
 	"os"
 	"sort"
@@ -20,7 +19,7 @@ const (
 
 const shouldStayFilename = "should_stay"
 
-func extractFilenames(files []os.FileInfo) []string {
+func extractFilenames(files []os.DirEntry) []string {
 	filenames := make([]string, len(files))
 
 	for i, file := range files {
@@ -31,7 +30,7 @@ func extractFilenames(files []os.FileInfo) []string {
 }
 
 func checkDirectory(t *testing.T, dir string, expectedFiles []string) {
-	files, err := ioutil.ReadDir(dir)
+	files, err := os.ReadDir(dir)
 
 	if err != nil {
 		t.Fatalf("Could not read directory: %s", err)
diff --git a/builder/remotecontext/git/gitutils.go b/builder/remotecontext/git/gitutils.go
index 77a45beff31cc..1dd07851ed199 100644
--- a/builder/remotecontext/git/gitutils.go
+++ b/builder/remotecontext/git/gitutils.go
@@ -1,17 +1,15 @@
 package git // import "github.com/docker/docker/builder/remotecontext/git"
 
 import (
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 
-	"github.com/docker/docker/pkg/symlink"
-	"github.com/docker/docker/pkg/urlutil"
+	"github.com/moby/sys/symlink"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 type gitRepo struct {
@@ -35,7 +33,7 @@ func Clone(remoteURL string) (string, error) {
 func cloneGitRepo(repo gitRepo) (checkoutDir string, err error) {
 	fetch := fetchArgs(repo.remote, repo.ref)
 
-	root, err := ioutil.TempDir("", "docker-build-git")
+	root, err := os.MkdirTemp("", "docker-build-git")
 	if err != nil {
 		return "", err
 	}
@@ -102,6 +100,11 @@ func parseRemoteURL(remoteURL string) (gitRepo, error) {
 		u.Fragment = ""
 		repo.remote = u.String()
 	}
+
+	if strings.HasPrefix(repo.ref, "-") {
+		return gitRepo{}, errors.Errorf("invalid refspec: %s", repo.ref)
+	}
+
 	return repo, nil
 }
 
@@ -124,22 +127,22 @@ func fetchArgs(remoteURL string, ref string) []string {
 		args = append(args, "--depth", "1")
 	}
 
-	return append(args, "origin", ref)
+	return append(args, "origin", "--", ref)
 }
 
 // Check if a given git URL supports a shallow git clone,
 // i.e. it is a non-HTTP server or a smart HTTP server.
 func supportsShallowClone(remoteURL string) bool {
-	if urlutil.IsURL(remoteURL) {
+	if scheme := getScheme(remoteURL); scheme == "http" || scheme == "https" {
 		// Check if the HTTP server is smart
 
 		// Smart servers must correctly respond to a query for the git-upload-pack service
 		serviceURL := remoteURL + "/info/refs?service=git-upload-pack"
 
 		// Try a HEAD request and fallback to a Get request on error
-		res, err := http.Head(serviceURL)
+		res, err := http.Head(serviceURL) // #nosec G107
 		if err != nil || res.StatusCode != http.StatusOK {
-			res, err = http.Get(serviceURL)
+			res, err = http.Get(serviceURL) // #nosec G107
 			if err == nil {
 				res.Body.Close()
 			}
@@ -200,5 +203,24 @@ func git(args ...string) ([]byte, error) {
 // isGitTransport returns true if the provided str is a git transport by inspecting
 // the prefix of the string for known protocols used in git.
 func isGitTransport(str string) bool {
-	return urlutil.IsURL(str) || strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "git@")
+	if strings.HasPrefix(str, "git@") {
+		return true
+	}
+
+	switch getScheme(str) {
+	case "git", "http", "https", "ssh":
+		return true
+	}
+
+	return false
+}
+
+// getScheme returns addresses' scheme in lowercase, or an empty
+// string in case address is an invalid URL.
+func getScheme(address string) string {
+	u, err := url.Parse(address)
+	if err != nil {
+		return ""
+	}
+	return u.Scheme
 }
diff --git a/builder/remotecontext/git/gitutils_test.go b/builder/remotecontext/git/gitutils_test.go
index 8c39679081f1e..17df6fa867e14 100644
--- a/builder/remotecontext/git/gitutils_test.go
+++ b/builder/remotecontext/git/gitutils_test.go
@@ -2,7 +2,6 @@ package git // import "github.com/docker/docker/builder/remotecontext/git"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -14,38 +13,113 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestParseRemoteURL(t *testing.T) {
-	dir, err := parseRemoteURL("git://github.com/user/repo.git")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual(gitRepo{"git://github.com/user/repo.git", "master", ""}, dir, cmpGitRepoOpt))
-
-	dir, err = parseRemoteURL("git://github.com/user/repo.git#mybranch:mydir/mysubdir/")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual(gitRepo{"git://github.com/user/repo.git", "mybranch", "mydir/mysubdir/"}, dir, cmpGitRepoOpt))
-
-	dir, err = parseRemoteURL("https://github.com/user/repo.git")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual(gitRepo{"https://github.com/user/repo.git", "master", ""}, dir, cmpGitRepoOpt))
-
-	dir, err = parseRemoteURL("https://github.com/user/repo.git#mybranch:mydir/mysubdir/")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual(gitRepo{"https://github.com/user/repo.git", "mybranch", "mydir/mysubdir/"}, dir, cmpGitRepoOpt))
-
-	dir, err = parseRemoteURL("git@github.com:user/repo.git")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual(gitRepo{"git@github.com:user/repo.git", "master", ""}, dir, cmpGitRepoOpt))
+	tests := []struct {
+		doc      string
+		url      string
+		expected gitRepo
+	}{
+		{
+			doc: "git scheme uppercase, no url-fragment",
+			url: "GIT://github.com/user/repo.git",
+			expected: gitRepo{
+				remote: "git://github.com/user/repo.git",
+				ref:    "master",
+			},
+		},
+		{
+			doc: "git scheme, no url-fragment",
+			url: "git://github.com/user/repo.git",
+			expected: gitRepo{
+				remote: "git://github.com/user/repo.git",
+				ref:    "master",
+			},
+		},
+		{
+			doc: "git scheme, with url-fragment",
+			url: "git://github.com/user/repo.git#mybranch:mydir/mysubdir/",
+			expected: gitRepo{
+				remote: "git://github.com/user/repo.git",
+				ref:    "mybranch",
+				subdir: "mydir/mysubdir/",
+			},
+		},
+		{
+			doc: "https scheme, no url-fragment",
+			url: "https://github.com/user/repo.git",
+			expected: gitRepo{
+				remote: "https://github.com/user/repo.git",
+				ref:    "master",
+			},
+		},
+		{
+			doc: "https scheme, with url-fragment",
+			url: "https://github.com/user/repo.git#mybranch:mydir/mysubdir/",
+			expected: gitRepo{
+				remote: "https://github.com/user/repo.git",
+				ref:    "mybranch",
+				subdir: "mydir/mysubdir/",
+			},
+		},
+		{
+			doc: "git@, no url-fragment",
+			url: "git@github.com:user/repo.git",
+			expected: gitRepo{
+				remote: "git@github.com:user/repo.git",
+				ref:    "master",
+			},
+		},
+		{
+			doc: "git@, with url-fragment",
+			url: "git@github.com:user/repo.git#mybranch:mydir/mysubdir/",
+			expected: gitRepo{
+				remote: "git@github.com:user/repo.git",
+				ref:    "mybranch",
+				subdir: "mydir/mysubdir/",
+			},
+		},
+		{
+			doc: "ssh, no url-fragment",
+			url: "ssh://github.com/user/repo.git",
+			expected: gitRepo{
+				remote: "ssh://github.com/user/repo.git",
+				ref:    "master",
+			},
+		},
+		{
+			doc: "ssh, with url-fragment",
+			url: "ssh://github.com/user/repo.git#mybranch:mydir/mysubdir/",
+			expected: gitRepo{
+				remote: "ssh://github.com/user/repo.git",
+				ref:    "mybranch",
+				subdir: "mydir/mysubdir/",
+			},
+		},
+		{
+			doc: "ssh, with url-fragment and user",
+			url: "ssh://foo%40barcorp.com@github.com/user/repo.git#mybranch:mydir/mysubdir/",
+			expected: gitRepo{
+				remote: "ssh://foo%40barcorp.com@github.com/user/repo.git",
+				ref:    "mybranch",
+				subdir: "mydir/mysubdir/",
+			},
+		},
+	}
 
-	dir, err = parseRemoteURL("git@github.com:user/repo.git#mybranch:mydir/mysubdir/")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual(gitRepo{"git@github.com:user/repo.git", "mybranch", "mydir/mysubdir/"}, dir, cmpGitRepoOpt))
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.doc, func(t *testing.T) {
+			repo, err := parseRemoteURL(tc.url)
+			assert.NilError(t, err)
+			assert.Check(t, is.DeepEqual(tc.expected, repo, cmp.AllowUnexported(gitRepo{})))
+		})
+	}
 }
 
-var cmpGitRepoOpt = cmp.AllowUnexported(gitRepo{})
-
 func TestCloneArgsSmartHttp(t *testing.T) {
 	mux := http.NewServeMux()
 	server := httptest.NewServer(mux)
@@ -59,7 +133,7 @@ func TestCloneArgsSmartHttp(t *testing.T) {
 	})
 
 	args := fetchArgs(serverURL.String(), "master")
-	exp := []string{"fetch", "--depth", "1", "origin", "master"}
+	exp := []string{"fetch", "--depth", "1", "origin", "--", "master"}
 	assert.Check(t, is.DeepEqual(exp, args))
 }
 
@@ -75,13 +149,13 @@ func TestCloneArgsDumbHttp(t *testing.T) {
 	})
 
 	args := fetchArgs(serverURL.String(), "master")
-	exp := []string{"fetch", "origin", "master"}
+	exp := []string{"fetch", "origin", "--", "master"}
 	assert.Check(t, is.DeepEqual(exp, args))
 }
 
 func TestCloneArgsGit(t *testing.T) {
 	args := fetchArgs("git://github.com/docker/docker", "master")
-	exp := []string{"fetch", "--depth", "1", "origin", "master"}
+	exp := []string{"fetch", "--depth", "1", "origin", "--", "master"}
 	assert.Check(t, is.DeepEqual(exp, args))
 }
 
@@ -96,7 +170,7 @@ func gitGetConfig(name string) string {
 }
 
 func TestCheckoutGit(t *testing.T) {
-	root, err := ioutil.TempDir("", "docker-build-git-checkout")
+	root, err := os.MkdirTemp("", "docker-build-git-checkout")
 	assert.NilError(t, err)
 	defer os.RemoveAll(root)
 
@@ -120,13 +194,13 @@ func TestCheckoutGit(t *testing.T) {
 	_, err = gitWithinDir(gitDir, "config", "user.name", "Docker test")
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0644)
+	err = os.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0644)
 	assert.NilError(t, err)
 
 	subDir := filepath.Join(gitDir, "subdir")
 	assert.NilError(t, os.Mkdir(subDir, 0755))
 
-	err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0644)
+	err = os.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0644)
 	assert.NilError(t, err)
 
 	if runtime.GOOS != "windows" {
@@ -148,10 +222,10 @@ func TestCheckoutGit(t *testing.T) {
 	_, err = gitWithinDir(gitDir, "checkout", "-b", "test")
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0644)
+	err = os.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0644)
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0644)
+	err = os.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0644)
 	assert.NilError(t, err)
 
 	_, err = gitWithinDir(gitDir, "add", "-A")
@@ -174,7 +248,7 @@ func TestCheckoutGit(t *testing.T) {
 	_, err = gitWithinDir(subrepoDir, "config", "user.name", "Docker test")
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(subrepoDir, "subfile"), []byte("subcontents"), 0644)
+	err = os.WriteFile(filepath.Join(subrepoDir, "subfile"), []byte("subcontents"), 0644)
 	assert.NilError(t, err)
 
 	_, err = gitWithinDir(subrepoDir, "add", "-A")
@@ -235,7 +309,7 @@ func TestCheckoutGit(t *testing.T) {
 		assert.NilError(t, err)
 		defer os.RemoveAll(r)
 		if c.submodule {
-			b, err := ioutil.ReadFile(filepath.Join(r, "sub/subfile"))
+			b, err := os.ReadFile(filepath.Join(r, "sub/subfile"))
 			assert.NilError(t, err)
 			assert.Check(t, is.Equal("subcontents", string(b)))
 		} else {
@@ -244,7 +318,7 @@ func TestCheckoutGit(t *testing.T) {
 			assert.Assert(t, os.IsNotExist(err))
 		}
 
-		b, err := ioutil.ReadFile(filepath.Join(r, "Dockerfile"))
+		b, err := os.ReadFile(filepath.Join(r, "Dockerfile"))
 		assert.NilError(t, err)
 		assert.Check(t, is.Equal(c.exp, string(b)))
 	}
@@ -276,3 +350,18 @@ func TestValidGitTransport(t *testing.T) {
 		}
 	}
 }
+
+func TestGitInvalidRef(t *testing.T) {
+	gitUrls := []string{
+		"git://github.com/moby/moby#--foo bar",
+		"git@github.com/moby/moby#--upload-pack=sleep;:",
+		"git@g.com:a/b.git#-B",
+		"git@g.com:a/b.git#with space",
+	}
+
+	for _, url := range gitUrls {
+		_, err := Clone(url)
+		assert.Assert(t, err != nil)
+		assert.Check(t, is.Contains(strings.ToLower(err.Error()), "invalid refspec"))
+	}
+}
diff --git a/builder/remotecontext/mimetype_test.go b/builder/remotecontext/mimetype_test.go
index df9c37877091f..cbcf31807a44d 100644
--- a/builder/remotecontext/mimetype_test.go
+++ b/builder/remotecontext/mimetype_test.go
@@ -3,8 +3,8 @@ package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 import (
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestDetectContentType(t *testing.T) {
diff --git a/builder/remotecontext/remote.go b/builder/remotecontext/remote.go
index 1fb80549b8b26..6eeadf521dda5 100644
--- a/builder/remotecontext/remote.go
+++ b/builder/remotecontext/remote.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
@@ -45,6 +44,7 @@ func downloadRemote(remoteURL string) (string, io.ReadCloser, error) {
 // GetWithStatusError does an http.Get() and returns an error if the
 // status code is 4xx or 5xx.
 func GetWithStatusError(address string) (resp *http.Response, err error) {
+	// #nosec G107
 	if resp, err = http.Get(address); err != nil {
 		if uerr, ok := err.(*url.Error); ok {
 			if derr, ok := uerr.Err.(*net.DNSError); ok && !derr.IsTimeout {
@@ -57,7 +57,7 @@ func GetWithStatusError(address string) (resp *http.Response, err error) {
 		return resp, nil
 	}
 	msg := fmt.Sprintf("failed to GET %s with status %s", address, resp.Status)
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	resp.Body.Close()
 	if err != nil {
 		return nil, errdefs.System(errors.New(msg + ": error reading body"))
diff --git a/builder/remotecontext/remote_test.go b/builder/remotecontext/remote_test.go
index a0101f7493853..a945181183187 100644
--- a/builder/remotecontext/remote_test.go
+++ b/builder/remotecontext/remote_test.go
@@ -3,19 +3,18 @@ package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"testing"
 
 	"github.com/docker/docker/builder"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
 )
 
-var binaryContext = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00} //xz magic
+var binaryContext = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00} // xz magic
 
 func TestSelectAcceptableMIME(t *testing.T) {
 	validMimeStrings := []string{
@@ -52,7 +51,7 @@ func TestSelectAcceptableMIME(t *testing.T) {
 
 func TestInspectEmptyResponse(t *testing.T) {
 	ct := "application/octet-stream"
-	br := ioutil.NopCloser(bytes.NewReader([]byte("")))
+	br := io.NopCloser(bytes.NewReader([]byte("")))
 	contentType, bReader, err := inspectResponse(ct, br, 0)
 	if err == nil {
 		t.Fatal("Should have generated an error for an empty response")
@@ -60,7 +59,7 @@ func TestInspectEmptyResponse(t *testing.T) {
 	if contentType != "application/octet-stream" {
 		t.Fatalf("Content type should be 'application/octet-stream' but is %q", contentType)
 	}
-	body, err := ioutil.ReadAll(bReader)
+	body, err := io.ReadAll(bReader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -71,7 +70,7 @@ func TestInspectEmptyResponse(t *testing.T) {
 
 func TestInspectResponseBinary(t *testing.T) {
 	ct := "application/octet-stream"
-	br := ioutil.NopCloser(bytes.NewReader(binaryContext))
+	br := io.NopCloser(bytes.NewReader(binaryContext))
 	contentType, bReader, err := inspectResponse(ct, br, int64(len(binaryContext)))
 	if err != nil {
 		t.Fatal(err)
@@ -79,7 +78,7 @@ func TestInspectResponseBinary(t *testing.T) {
 	if contentType != "application/octet-stream" {
 		t.Fatalf("Content type should be 'application/octet-stream' but is %q", contentType)
 	}
-	body, err := ioutil.ReadAll(bReader)
+	body, err := io.ReadAll(bReader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -96,7 +95,7 @@ func TestInspectResponseBinary(t *testing.T) {
 func TestResponseUnsupportedContentType(t *testing.T) {
 	content := []byte(dockerfileContents)
 	ct := "application/json"
-	br := ioutil.NopCloser(bytes.NewReader(content))
+	br := io.NopCloser(bytes.NewReader(content))
 	contentType, bReader, err := inspectResponse(ct, br, int64(len(dockerfileContents)))
 
 	if err == nil {
@@ -105,7 +104,7 @@ func TestResponseUnsupportedContentType(t *testing.T) {
 	if contentType != ct {
 		t.Fatalf("Should not have altered content-type: orig: %s, altered: %s", ct, contentType)
 	}
-	body, err := ioutil.ReadAll(bReader)
+	body, err := io.ReadAll(bReader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -117,7 +116,7 @@ func TestResponseUnsupportedContentType(t *testing.T) {
 func TestInspectResponseTextSimple(t *testing.T) {
 	content := []byte(dockerfileContents)
 	ct := "text/plain"
-	br := ioutil.NopCloser(bytes.NewReader(content))
+	br := io.NopCloser(bytes.NewReader(content))
 	contentType, bReader, err := inspectResponse(ct, br, int64(len(content)))
 	if err != nil {
 		t.Fatal(err)
@@ -125,7 +124,7 @@ func TestInspectResponseTextSimple(t *testing.T) {
 	if contentType != "text/plain" {
 		t.Fatalf("Content type should be 'text/plain' but is %q", contentType)
 	}
-	body, err := ioutil.ReadAll(bReader)
+	body, err := io.ReadAll(bReader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -136,7 +135,7 @@ func TestInspectResponseTextSimple(t *testing.T) {
 
 func TestInspectResponseEmptyContentType(t *testing.T) {
 	content := []byte(dockerfileContents)
-	br := ioutil.NopCloser(bytes.NewReader(content))
+	br := io.NopCloser(bytes.NewReader(content))
 	contentType, bodyReader, err := inspectResponse("", br, int64(len(content)))
 	if err != nil {
 		t.Fatal(err)
@@ -144,7 +143,7 @@ func TestInspectResponseEmptyContentType(t *testing.T) {
 	if contentType != "text/plain" {
 		t.Fatalf("Content type should be 'text/plain' but is %q", contentType)
 	}
-	body, err := ioutil.ReadAll(bodyReader)
+	body, err := io.ReadAll(bodyReader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -156,7 +155,7 @@ func TestInspectResponseEmptyContentType(t *testing.T) {
 func TestUnknownContentLength(t *testing.T) {
 	content := []byte(dockerfileContents)
 	ct := "text/plain"
-	br := ioutil.NopCloser(bytes.NewReader(content))
+	br := io.NopCloser(bytes.NewReader(content))
 	contentType, bReader, err := inspectResponse(ct, br, -1)
 	if err != nil {
 		t.Fatal(err)
@@ -164,7 +163,7 @@ func TestUnknownContentLength(t *testing.T) {
 	if contentType != "text/plain" {
 		t.Fatalf("Content type should be 'text/plain' but is %q", contentType)
 	}
-	body, err := ioutil.ReadAll(bReader)
+	body, err := io.ReadAll(bReader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -191,7 +190,7 @@ func TestDownloadRemote(t *testing.T) {
 	assert.NilError(t, err)
 
 	assert.Check(t, is.Equal(mimeTypes.TextPlain, contentType))
-	raw, err := ioutil.ReadAll(content)
+	raw, err := io.ReadAll(content)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(dockerfileContents, string(raw)))
 }
@@ -238,5 +237,5 @@ func TestGetWithStatusError(t *testing.T) {
 
 func readBody(b io.ReadCloser) ([]byte, error) {
 	defer b.Close()
-	return ioutil.ReadAll(b)
+	return io.ReadAll(b)
 }
diff --git a/builder/remotecontext/tarsum.go b/builder/remotecontext/tarsum.go
index b809cfb78b4f8..9e8c7d6072bde 100644
--- a/builder/remotecontext/tarsum.go
+++ b/builder/remotecontext/tarsum.go
@@ -6,7 +6,7 @@ import (
 
 	"github.com/docker/docker/pkg/containerfs"
 	iradix "github.com/hashicorp/go-immutable-radix"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/tonistiigi/fsutil"
 )
diff --git a/builder/remotecontext/tarsum_test.go b/builder/remotecontext/tarsum_test.go
index 46f128d9f0608..fd5d9edc2f198 100644
--- a/builder/remotecontext/tarsum_test.go
+++ b/builder/remotecontext/tarsum_test.go
@@ -1,7 +1,6 @@
 package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -10,7 +9,7 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/pkg/errors"
-	"gotest.tools/skip"
+	"gotest.tools/v3/skip"
 )
 
 const (
@@ -23,7 +22,7 @@ func init() {
 }
 
 func TestCloseRootDirectory(t *testing.T) {
-	contextDir, err := ioutil.TempDir("", "builder-tarsum-test")
+	contextDir, err := os.MkdirTemp("", "builder-tarsum-test")
 	defer os.RemoveAll(contextDir)
 	if err != nil {
 		t.Fatalf("Error with creating temporary directory: %s", err)
@@ -38,7 +37,7 @@ func TestCloseRootDirectory(t *testing.T) {
 
 	_, err = os.Stat(src.Root().Path())
 
-	if !os.IsNotExist(err) {
+	if !errors.Is(err, os.ErrNotExist) {
 		t.Fatal("Directory should not exist at this point")
 	}
 }
@@ -131,7 +130,7 @@ func TestRemoveDirectory(t *testing.T) {
 	}
 
 	_, err = src.Root().Stat(src.Root().Join(src.Root().Path(), relativePath))
-	if !os.IsNotExist(errors.Cause(err)) {
+	if !errors.Is(err, os.ErrNotExist) {
 		t.Fatalf("Directory should not exist at this point: %+v ", err)
 	}
 }
diff --git a/builder/remotecontext/utils_test.go b/builder/remotecontext/utils_test.go
index 6a4c707a6e1a0..9a44719f8a18e 100644
--- a/builder/remotecontext/utils_test.go
+++ b/builder/remotecontext/utils_test.go
@@ -1,7 +1,6 @@
 package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -11,7 +10,7 @@ import (
 // It returns the created path and a cleanup function which is meant to be used as deferred call.
 // When an error occurs, it terminates the test.
 func createTestTempDir(t *testing.T, dir, prefix string) (string, func()) {
-	path, err := ioutil.TempDir(dir, prefix)
+	path, err := os.MkdirTemp(dir, prefix)
 
 	if err != nil {
 		t.Fatalf("Error when creating directory %s with prefix %s: %s", dir, prefix, err)
@@ -32,7 +31,7 @@ func createTestTempDir(t *testing.T, dir, prefix string) (string, func()) {
 // whose parent directories are properly cleaned up.
 // When an error occurs, it terminates the test.
 func createTestTempSubdir(t *testing.T, dir, prefix string) string {
-	path, err := ioutil.TempDir(dir, prefix)
+	path, err := os.MkdirTemp(dir, prefix)
 
 	if err != nil {
 		t.Fatalf("Error when creating directory %s with prefix %s: %s", dir, prefix, err)
@@ -45,7 +44,7 @@ func createTestTempSubdir(t *testing.T, dir, prefix string) string {
 // When an error occurs, it terminates the test
 func createTestTempFile(t *testing.T, dir, filename, contents string, perm os.FileMode) string {
 	filePath := filepath.Join(dir, filename)
-	err := ioutil.WriteFile(filePath, []byte(contents), perm)
+	err := os.WriteFile(filePath, []byte(contents), perm)
 
 	if err != nil {
 		t.Fatalf("Error when creating %s file: %s", filename, err)
diff --git a/cli/cobra.go b/cli/cobra.go
index 8ed1fddc069f6..ac8e43f309db9 100644
--- a/cli/cobra.go
+++ b/cli/cobra.go
@@ -3,7 +3,7 @@ package cli // import "github.com/docker/docker/cli"
 import (
 	"fmt"
 
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
 	"github.com/spf13/cobra"
 )
 
diff --git a/cli/config/configdir.go b/cli/config/configdir.go
index 4bef4e104da48..f0b68ee3879ca 100644
--- a/cli/config/configdir.go
+++ b/cli/config/configdir.go
@@ -13,6 +13,8 @@ var (
 )
 
 // Dir returns the path to the configuration directory as specified by the DOCKER_CONFIG environment variable.
+// If DOCKER_CONFIG is unset, Dir returns ~/.docker .
+// Dir ignores XDG_CONFIG_HOME (same as the docker client).
 // TODO: this was copied from cli/config/configfile and should be removed once cmd/dockerd moves
 func Dir() string {
 	return configDir
diff --git a/client/README.md b/client/README.md
index 059dfb3ce7b95..992f18117df57 100644
--- a/client/README.md
+++ b/client/README.md
@@ -16,7 +16,7 @@ import (
 )
 
 func main() {
-	cli, err := client.NewEnvClient()
+	cli, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {
 		panic(err)
 	}
diff --git a/client/build_cancel.go b/client/build_cancel.go
index 74df495089178..b76bf366bb9e4 100644
--- a/client/build_cancel.go
+++ b/client/build_cancel.go
@@ -5,16 +5,12 @@ import (
 	"net/url"
 )
 
-// BuildCancel requests the daemon to cancel ongoing build request
+// BuildCancel requests the daemon to cancel the ongoing build request.
 func (cli *Client) BuildCancel(ctx context.Context, id string) error {
 	query := url.Values{}
 	query.Set("id", id)
 
 	serverResp, err := cli.post(ctx, "/build/cancel", query, nil, nil)
-	if err != nil {
-		return err
-	}
-	defer ensureReaderClosed(serverResp)
-
-	return nil
+	ensureReaderClosed(serverResp)
+	return err
 }
diff --git a/client/build_prune.go b/client/build_prune.go
index 42bbf99ef1085..397d67cdcf1ac 100644
--- a/client/build_prune.go
+++ b/client/build_prune.go
@@ -31,11 +31,11 @@ func (cli *Client) BuildCachePrune(ctx context.Context, opts types.BuildCachePru
 	query.Set("filters", filters)
 
 	serverResp, err := cli.post(ctx, "/build/prune", query, nil, nil)
+	defer ensureReaderClosed(serverResp)
 
 	if err != nil {
 		return nil, err
 	}
-	defer ensureReaderClosed(serverResp)
 
 	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
 		return nil, fmt.Errorf("Error retrieving disk usage: %v", err)
diff --git a/client/checkpoint_create_test.go b/client/checkpoint_create_test.go
index 5703c21904da7..cd2f544307dd3 100644
--- a/client/checkpoint_create_test.go
+++ b/client/checkpoint_create_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestCheckpointCreateError(t *testing.T) {
@@ -22,8 +23,8 @@ func TestCheckpointCreateError(t *testing.T) {
 		Exit:         true,
 	})
 
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -38,7 +39,7 @@ func TestCheckpointCreate(t *testing.T) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
 
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 
@@ -57,7 +58,7 @@ func TestCheckpointCreate(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/checkpoint_delete_test.go b/client/checkpoint_delete_test.go
index 117630d61ac7a..f132e52b6d293 100644
--- a/client/checkpoint_delete_test.go
+++ b/client/checkpoint_delete_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestCheckpointDeleteError(t *testing.T) {
@@ -21,8 +22,8 @@ func TestCheckpointDeleteError(t *testing.T) {
 		CheckpointID: "checkpoint_id",
 	})
 
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -34,12 +35,12 @@ func TestCheckpointDelete(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "DELETE" {
+			if req.Method != http.MethodDelete {
 				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/checkpoint_list.go b/client/checkpoint_list.go
index 2b73fb553f206..66d46dd161ba3 100644
--- a/client/checkpoint_list.go
+++ b/client/checkpoint_list.go
@@ -18,11 +18,11 @@ func (cli *Client) CheckpointList(ctx context.Context, container string, options
 	}
 
 	resp, err := cli.get(ctx, "/containers/"+container+"/checkpoints", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return checkpoints, wrapResponseError(err, resp, "container", container)
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&checkpoints)
-	ensureReaderClosed(resp)
 	return checkpoints, err
 }
diff --git a/client/checkpoint_list_test.go b/client/checkpoint_list_test.go
index d5cfcda0e52fe..673956340fcb9 100644
--- a/client/checkpoint_list_test.go
+++ b/client/checkpoint_list_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestCheckpointListError(t *testing.T) {
@@ -19,8 +20,8 @@ func TestCheckpointListError(t *testing.T) {
 	}
 
 	_, err := client.CheckpointList(context.Background(), "container_id", types.CheckpointListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -42,7 +43,7 @@ func TestCheckpointList(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/client.go b/client/client.go
index 5031502acf16b..fa511897e0e55 100644
--- a/client/client.go
+++ b/client/client.go
@@ -2,13 +2,13 @@
 Package client is a Go client for the Docker Engine API.
 
 For more information about the Engine API, see the documentation:
-https://docs.docker.com/engine/reference/api/
+https://docs.docker.com/engine/api/
 
 Usage
 
 You use the library by creating a client object and calling methods on it. The
-client can be created either from environment variables with NewEnvClient, or
-configured manually with NewClient.
+client can be created either from environment variables with NewClientWithOpts(client.FromEnv),
+or configured manually with NewClient().
 
 For example, to list running containers (the equivalent of "docker ps"):
 
@@ -23,7 +23,7 @@ For example, to list running containers (the equivalent of "docker ps"):
 	)
 
 	func main() {
-		cli, err := client.NewEnvClient()
+		cli, err := client.NewClientWithOpts(client.FromEnv)
 		if err != nil {
 			panic(err)
 		}
@@ -47,16 +47,13 @@ import (
 	"net"
 	"net/http"
 	"net/url"
-	"os"
 	"path"
-	"path/filepath"
 	"strings"
 
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/go-connections/sockets"
-	"github.com/docker/go-connections/tlsconfig"
 	"github.com/pkg/errors"
 )
 
@@ -84,13 +81,22 @@ type Client struct {
 	customHTTPHeaders map[string]string
 	// manualOverride is set to true when the version was set by users.
 	manualOverride bool
+
+	// negotiateVersion indicates if the client should automatically negotiate
+	// the API version to use when making requests. API version negotiation is
+	// performed on the first request, after which negotiated is set to "true"
+	// so that subsequent requests do not re-negotiate.
+	negotiateVersion bool
+
+	// negotiated indicates that API version negotiation took place
+	negotiated bool
 }
 
 // CheckRedirect specifies the policy for dealing with redirect responses:
 // If the request is non-GET return `ErrRedirect`. Otherwise use the last response.
 //
 // Go 1.8 changes behavior for HTTP redirects (specifically 301, 307, and 308) in the client .
-// The Docker client (and by extension docker API client) can be made to to send a request
+// The Docker client (and by extension docker API client) can be made to send a request
 // like POST /containers//start where what would normally be in the name section of the URL is empty.
 // This triggers an HTTP 301 from the daemon.
 // In go 1.8 this 301 will be converted to a GET request, and ends up getting a 404 from the daemon.
@@ -103,137 +109,6 @@ func CheckRedirect(req *http.Request, via []*http.Request) error {
 	return ErrRedirect
 }
 
-// NewEnvClient initializes a new API client based on environment variables.
-// See FromEnv for a list of support environment variables.
-//
-// Deprecated: use NewClientWithOpts(FromEnv)
-func NewEnvClient() (*Client, error) {
-	return NewClientWithOpts(FromEnv)
-}
-
-// FromEnv configures the client with values from environment variables.
-//
-// Supported environment variables:
-// DOCKER_HOST to set the url to the docker server.
-// DOCKER_API_VERSION to set the version of the API to reach, leave empty for latest.
-// DOCKER_CERT_PATH to load the TLS certificates from.
-// DOCKER_TLS_VERIFY to enable or disable TLS verification, off by default.
-func FromEnv(c *Client) error {
-	if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" {
-		options := tlsconfig.Options{
-			CAFile:             filepath.Join(dockerCertPath, "ca.pem"),
-			CertFile:           filepath.Join(dockerCertPath, "cert.pem"),
-			KeyFile:            filepath.Join(dockerCertPath, "key.pem"),
-			InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "",
-		}
-		tlsc, err := tlsconfig.Client(options)
-		if err != nil {
-			return err
-		}
-
-		c.client = &http.Client{
-			Transport:     &http.Transport{TLSClientConfig: tlsc},
-			CheckRedirect: CheckRedirect,
-		}
-	}
-
-	if host := os.Getenv("DOCKER_HOST"); host != "" {
-		if err := WithHost(host)(c); err != nil {
-			return err
-		}
-	}
-
-	if version := os.Getenv("DOCKER_API_VERSION"); version != "" {
-		c.version = version
-		c.manualOverride = true
-	}
-	return nil
-}
-
-// WithTLSClientConfig applies a tls config to the client transport.
-func WithTLSClientConfig(cacertPath, certPath, keyPath string) func(*Client) error {
-	return func(c *Client) error {
-		opts := tlsconfig.Options{
-			CAFile:             cacertPath,
-			CertFile:           certPath,
-			KeyFile:            keyPath,
-			ExclusiveRootPools: true,
-		}
-		config, err := tlsconfig.Client(opts)
-		if err != nil {
-			return errors.Wrap(err, "failed to create tls config")
-		}
-		if transport, ok := c.client.Transport.(*http.Transport); ok {
-			transport.TLSClientConfig = config
-			return nil
-		}
-		return errors.Errorf("cannot apply tls config to transport: %T", c.client.Transport)
-	}
-}
-
-// WithDialer applies the dialer.DialContext to the client transport. This can be
-// used to set the Timeout and KeepAlive settings of the client.
-// Deprecated: use WithDialContext
-func WithDialer(dialer *net.Dialer) func(*Client) error {
-	return WithDialContext(dialer.DialContext)
-}
-
-// WithDialContext applies the dialer to the client transport. This can be
-// used to set the Timeout and KeepAlive settings of the client.
-func WithDialContext(dialContext func(ctx context.Context, network, addr string) (net.Conn, error)) func(*Client) error {
-	return func(c *Client) error {
-		if transport, ok := c.client.Transport.(*http.Transport); ok {
-			transport.DialContext = dialContext
-			return nil
-		}
-		return errors.Errorf("cannot apply dialer to transport: %T", c.client.Transport)
-	}
-}
-
-// WithVersion overrides the client version with the specified one
-func WithVersion(version string) func(*Client) error {
-	return func(c *Client) error {
-		c.version = version
-		return nil
-	}
-}
-
-// WithHost overrides the client host with the specified one.
-func WithHost(host string) func(*Client) error {
-	return func(c *Client) error {
-		hostURL, err := ParseHostURL(host)
-		if err != nil {
-			return err
-		}
-		c.host = host
-		c.proto = hostURL.Scheme
-		c.addr = hostURL.Host
-		c.basePath = hostURL.Path
-		if transport, ok := c.client.Transport.(*http.Transport); ok {
-			return sockets.ConfigureTransport(transport, c.proto, c.addr)
-		}
-		return errors.Errorf("cannot apply host to transport: %T", c.client.Transport)
-	}
-}
-
-// WithHTTPClient overrides the client http client with the specified one
-func WithHTTPClient(client *http.Client) func(*Client) error {
-	return func(c *Client) error {
-		if client != nil {
-			c.client = client
-		}
-		return nil
-	}
-}
-
-// WithHTTPHeaders overrides the client default http headers
-func WithHTTPHeaders(headers map[string]string) func(*Client) error {
-	return func(c *Client) error {
-		c.customHTTPHeaders = headers
-		return nil
-	}
-}
-
 // NewClientWithOpts initializes a new API client with default values. It takes functors
 // to modify values when creating it, like `NewClientWithOpts(WithVersion(…))`
 // It also initializes the custom http headers to add to each request.
@@ -241,7 +116,7 @@ func WithHTTPHeaders(headers map[string]string) func(*Client) error {
 // It won't send any version information if the version number is empty. It is
 // highly recommended that you set a version or your client may break if the
 // server is upgraded.
-func NewClientWithOpts(ops ...func(*Client) error) (*Client, error) {
+func NewClientWithOpts(ops ...Opt) (*Client, error) {
 	client, err := defaultHTTPClient(DefaultDockerHost)
 	if err != nil {
 		return nil, err
@@ -249,7 +124,6 @@ func NewClientWithOpts(ops ...func(*Client) error) (*Client, error) {
 	c := &Client{
 		host:    DefaultDockerHost,
 		version: api.DefaultVersion,
-		scheme:  "http",
 		client:  client,
 		proto:   defaultProto,
 		addr:    defaultAddr,
@@ -264,14 +138,18 @@ func NewClientWithOpts(ops ...func(*Client) error) (*Client, error) {
 	if _, ok := c.client.Transport.(http.RoundTripper); !ok {
 		return nil, fmt.Errorf("unable to verify TLS configuration, invalid transport %v", c.client.Transport)
 	}
-	tlsConfig := resolveTLSConfig(c.client.Transport)
-	if tlsConfig != nil {
-		// TODO(stevvooe): This isn't really the right way to write clients in Go.
-		// `NewClient` should probably only take an `*http.Client` and work from there.
-		// Unfortunately, the model of having a host-ish/url-thingy as the connection
-		// string has us confusing protocol and transport layers. We continue doing
-		// this to avoid breaking existing clients but this should be addressed.
-		c.scheme = "https"
+	if c.scheme == "" {
+		c.scheme = "http"
+
+		tlsConfig := resolveTLSConfig(c.client.Transport)
+		if tlsConfig != nil {
+			// TODO(stevvooe): This isn't really the right way to write clients in Go.
+			// `NewClient` should probably only take an `*http.Client` and work from there.
+			// Unfortunately, the model of having a host-ish/url-thingy as the connection
+			// string has us confusing protocol and transport layers. We continue doing
+			// this to avoid breaking existing clients but this should be addressed.
+			c.scheme = "https"
+		}
 	}
 
 	return c, nil
@@ -290,18 +168,6 @@ func defaultHTTPClient(host string) (*http.Client, error) {
 	}, nil
 }
 
-// NewClient initializes a new API client for the given host and API version.
-// It uses the given http client as transport.
-// It also initializes the custom http headers to add to each request.
-//
-// It won't send any version information if the version number is empty. It is
-// highly recommended that you set a version or your client may break if the
-// server is upgraded.
-// Deprecated: use NewClientWithOpts
-func NewClient(host string, version string, client *http.Client, httpHeaders map[string]string) (*Client, error) {
-	return NewClientWithOpts(WithHost(host), WithVersion(version), WithHTTPClient(client), WithHTTPHeaders(httpHeaders))
-}
-
 // Close the transport used by the client
 func (cli *Client) Close() error {
 	if t, ok := cli.client.Transport.(*http.Transport); ok {
@@ -312,8 +178,11 @@ func (cli *Client) Close() error {
 
 // getAPIPath returns the versioned request path to call the api.
 // It appends the query parameters to the path if they are not empty.
-func (cli *Client) getAPIPath(p string, query url.Values) string {
+func (cli *Client) getAPIPath(ctx context.Context, p string, query url.Values) string {
 	var apiPath string
+	if cli.negotiateVersion && !cli.negotiated {
+		cli.NegotiateAPIVersion(ctx)
+	}
 	if cli.version != "" {
 		v := strings.TrimPrefix(cli.version, "v")
 		apiPath = path.Join(cli.basePath, "/v"+v, p)
@@ -329,19 +198,31 @@ func (cli *Client) ClientVersion() string {
 }
 
 // NegotiateAPIVersion queries the API and updates the version to match the
-// API version. Any errors are silently ignored.
+// API version. Any errors are silently ignored. If a manual override is in place,
+// either through the `DOCKER_API_VERSION` environment variable, or if the client
+// was initialized with a fixed version (`opts.WithVersion(xx)`), no negotiation
+// will be performed.
 func (cli *Client) NegotiateAPIVersion(ctx context.Context) {
-	ping, _ := cli.Ping(ctx)
-	cli.NegotiateAPIVersionPing(ping)
+	if !cli.manualOverride {
+		ping, _ := cli.Ping(ctx)
+		cli.negotiateAPIVersionPing(ping)
+	}
 }
 
 // NegotiateAPIVersionPing updates the client version to match the Ping.APIVersion
-// if the ping version is less than the default version.
+// if the ping version is less than the default version.  If a manual override is
+// in place, either through the `DOCKER_API_VERSION` environment variable, or if
+// the client was initialized with a fixed version (`opts.WithVersion(xx)`), no
+// negotiation is performed.
 func (cli *Client) NegotiateAPIVersionPing(p types.Ping) {
-	if cli.manualOverride {
-		return
+	if !cli.manualOverride {
+		cli.negotiateAPIVersionPing(p)
 	}
+}
 
+// negotiateAPIVersionPing queries the API and updates the version to match the
+// API version. Any errors are silently ignored.
+func (cli *Client) negotiateAPIVersionPing(p types.Ping) {
 	// try the latest version before versioning headers existed
 	if p.APIVersion == "" {
 		p.APIVersion = "1.24"
@@ -356,6 +237,12 @@ func (cli *Client) NegotiateAPIVersionPing(p types.Ping) {
 	if versions.LessThan(p.APIVersion, cli.version) {
 		cli.version = p.APIVersion
 	}
+
+	// Store the results, so that automatic API version negotiation (if enabled)
+	// won't be performed on the next request.
+	if cli.negotiateVersion {
+		cli.negotiated = true
+	}
 }
 
 // DaemonHost returns the host address used by the client
@@ -365,7 +252,8 @@ func (cli *Client) DaemonHost() string {
 
 // HTTPClient returns a copy of the HTTP client bound to the server
 func (cli *Client) HTTPClient() *http.Client {
-	return &*cli.client
+	c := *cli.client
+	return &c
 }
 
 // ParseHostURL parses a url string, validates the string is a host url, and
@@ -393,21 +281,6 @@ func ParseHostURL(host string) (*url.URL, error) {
 	}, nil
 }
 
-// CustomHTTPHeaders returns the custom http headers stored by the client.
-func (cli *Client) CustomHTTPHeaders() map[string]string {
-	m := make(map[string]string)
-	for k, v := range cli.customHTTPHeaders {
-		m[k] = v
-	}
-	return m
-}
-
-// SetCustomHTTPHeaders that will be set on every HTTP request made by the client.
-// Deprecated: use WithHTTPHeaders when creating the client.
-func (cli *Client) SetCustomHTTPHeaders(headers map[string]string) {
-	cli.customHTTPHeaders = headers
-}
-
 // Dialer returns a dialer for a raw stream connection, with HTTP/1.1 header, that can be used for proxying the daemon connection.
 // Used by `docker dial-stdio` (docker/cli#889).
 func (cli *Client) Dialer() func(context.Context) (net.Conn, error) {
diff --git a/client/client_deprecated.go b/client/client_deprecated.go
new file mode 100644
index 0000000000000..54cdfc29a84b6
--- /dev/null
+++ b/client/client_deprecated.go
@@ -0,0 +1,23 @@
+package client
+
+import "net/http"
+
+// NewClient initializes a new API client for the given host and API version.
+// It uses the given http client as transport.
+// It also initializes the custom http headers to add to each request.
+//
+// It won't send any version information if the version number is empty. It is
+// highly recommended that you set a version or your client may break if the
+// server is upgraded.
+// Deprecated: use NewClientWithOpts
+func NewClient(host string, version string, client *http.Client, httpHeaders map[string]string) (*Client, error) {
+	return NewClientWithOpts(WithHost(host), WithVersion(version), WithHTTPClient(client), WithHTTPHeaders(httpHeaders))
+}
+
+// NewEnvClient initializes a new API client based on environment variables.
+// See FromEnv for a list of support environment variables.
+//
+// Deprecated: use NewClientWithOpts(FromEnv)
+func NewEnvClient() (*Client, error) {
+	return NewClientWithOpts(FromEnv)
+}
diff --git a/client/client_mock_test.go b/client/client_mock_test.go
index 390a1eed7d65b..c119e59bbbe05 100644
--- a/client/client_mock_test.go
+++ b/client/client_mock_test.go
@@ -3,7 +3,7 @@ package client // import "github.com/docker/docker/client"
 import (
 	"bytes"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 	"net/http"
 
 	"github.com/docker/docker/api/types"
@@ -37,7 +37,7 @@ func errorMock(statusCode int, message string) func(req *http.Request) (*http.Re
 
 		return &http.Response{
 			StatusCode: statusCode,
-			Body:       ioutil.NopCloser(bytes.NewReader(body)),
+			Body:       io.NopCloser(bytes.NewReader(body)),
 			Header:     header,
 		}, nil
 	}
@@ -47,7 +47,7 @@ func plainTextErrorMock(statusCode int, message string) func(req *http.Request)
 	return func(req *http.Request) (*http.Response, error) {
 		return &http.Response{
 			StatusCode: statusCode,
-			Body:       ioutil.NopCloser(bytes.NewReader([]byte(message))),
+			Body:       io.NopCloser(bytes.NewReader([]byte(message))),
 		}, nil
 	}
 }
diff --git a/client/client_test.go b/client/client_test.go
index 58bccaa311508..14739f2ca9e79 100644
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -2,21 +2,24 @@ package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
 	"runtime"
+	"strings"
 	"testing"
 
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/env"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/env"
+	"gotest.tools/v3/skip"
 )
 
-func TestNewEnvClient(t *testing.T) {
+func TestNewClientWithOpsFromEnv(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows")
 
 	testcases := []struct {
@@ -86,7 +89,7 @@ func TestNewEnvClient(t *testing.T) {
 	defer env.PatchAll(t, nil)()
 	for _, c := range testcases {
 		env.PatchAll(t, c.envs)
-		apiclient, err := NewEnvClient()
+		apiclient, err := NewClientWithOpts(FromEnv)
 		if c.expectedError != "" {
 			assert.Check(t, is.Error(err, c.expectedError), c.doc)
 		} else {
@@ -123,9 +126,10 @@ func TestGetAPIPath(t *testing.T) {
 		{"v1.22", "/networks/kiwl$%^", nil, "/v1.22/networks/kiwl$%25%5E"},
 	}
 
+	ctx := context.TODO()
 	for _, testcase := range testcases {
 		c := Client{version: testcase.version, basePath: "/"}
-		actual := c.getAPIPath(testcase.path, testcase.query)
+		actual := c.getAPIPath(ctx, testcase.path, testcase.query)
 		assert.Check(t, is.Equal(actual, testcase.expected))
 	}
 }
@@ -167,7 +171,7 @@ func TestParseHostURL(t *testing.T) {
 	}
 }
 
-func TestNewEnvClientSetsDefaultVersion(t *testing.T) {
+func TestNewClientWithOpsFromEnvSetsDefaultVersion(t *testing.T) {
 	defer env.PatchAll(t, map[string]string{
 		"DOCKER_HOST":        "",
 		"DOCKER_API_VERSION": "",
@@ -175,7 +179,7 @@ func TestNewEnvClientSetsDefaultVersion(t *testing.T) {
 		"DOCKER_CERT_PATH":   "",
 	})()
 
-	client, err := NewEnvClient()
+	client, err := NewClientWithOpts(FromEnv)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -183,7 +187,7 @@ func TestNewEnvClientSetsDefaultVersion(t *testing.T) {
 
 	expected := "1.22"
 	os.Setenv("DOCKER_API_VERSION", expected)
-	client, err = NewEnvClient()
+	client, err = NewClientWithOpts(FromEnv)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -195,7 +199,7 @@ func TestNewEnvClientSetsDefaultVersion(t *testing.T) {
 func TestNegotiateAPIVersionEmpty(t *testing.T) {
 	defer env.PatchAll(t, map[string]string{"DOCKER_API_VERSION": ""})()
 
-	client, err := NewEnvClient()
+	client, err := NewClientWithOpts(FromEnv)
 	assert.NilError(t, err)
 
 	ping := types.Ping{
@@ -219,7 +223,7 @@ func TestNegotiateAPIVersionEmpty(t *testing.T) {
 // TestNegotiateAPIVersion asserts that client.Client can
 // negotiate a compatible APIVersion with the server
 func TestNegotiateAPIVersion(t *testing.T) {
-	client, err := NewEnvClient()
+	client, err := NewClientWithOpts(FromEnv)
 	assert.NilError(t, err)
 
 	expected := "1.21"
@@ -251,7 +255,7 @@ func TestNegotiateAPVersionOverride(t *testing.T) {
 	expected := "9.99"
 	defer env.PatchAll(t, map[string]string{"DOCKER_API_VERSION": expected})()
 
-	client, err := NewEnvClient()
+	client, err := NewClientWithOpts(FromEnv)
 	assert.NilError(t, err)
 
 	ping := types.Ping{
@@ -265,6 +269,55 @@ func TestNegotiateAPVersionOverride(t *testing.T) {
 	assert.Check(t, is.Equal(expected, client.version))
 }
 
+func TestNegotiateAPIVersionAutomatic(t *testing.T) {
+	var pingVersion string
+	httpClient := newMockClient(func(req *http.Request) (*http.Response, error) {
+		resp := &http.Response{StatusCode: http.StatusOK, Header: http.Header{}}
+		resp.Header.Set("API-Version", pingVersion)
+		resp.Body = io.NopCloser(strings.NewReader("OK"))
+		return resp, nil
+	})
+
+	client, err := NewClientWithOpts(
+		WithHTTPClient(httpClient),
+		WithAPIVersionNegotiation(),
+	)
+	assert.NilError(t, err)
+
+	ctx := context.Background()
+	assert.Equal(t, client.ClientVersion(), api.DefaultVersion)
+
+	// First request should trigger negotiation
+	pingVersion = "1.35"
+	_, _ = client.Info(ctx)
+	assert.Equal(t, client.ClientVersion(), "1.35")
+
+	// Once successfully negotiated, subsequent requests should not re-negotiate
+	pingVersion = "1.25"
+	_, _ = client.Info(ctx)
+	assert.Equal(t, client.ClientVersion(), "1.35")
+}
+
+// TestNegotiateAPIVersionWithEmptyVersion asserts that initializing a client
+// with an empty version string does still allow API-version negotiation
+func TestNegotiateAPIVersionWithEmptyVersion(t *testing.T) {
+	client, err := NewClientWithOpts(WithVersion(""))
+	assert.NilError(t, err)
+
+	client.NegotiateAPIVersionPing(types.Ping{APIVersion: "1.35"})
+	assert.Equal(t, client.version, "1.35")
+}
+
+// TestNegotiateAPIVersionWithFixedVersion asserts that initializing a client
+// with an fixed version disables API-version negotiation
+func TestNegotiateAPIVersionWithFixedVersion(t *testing.T) {
+	client, err := NewClientWithOpts(WithVersion("1.35"))
+	assert.NilError(t, err)
+
+	client.NegotiateAPIVersionPing(types.Ping{APIVersion: "1.31"})
+	assert.Equal(t, client.version, "1.35")
+}
+
 type roundTripFunc func(*http.Request) (*http.Response, error)
 
 func (rtf roundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
diff --git a/client/client_unix.go b/client/client_unix.go
index 3d24470ba3aae..5846f888fea21 100644
--- a/client/client_unix.go
+++ b/client/client_unix.go
@@ -1,4 +1,5 @@
-// +build linux freebsd openbsd darwin
+//go:build linux || freebsd || openbsd || netbsd || darwin || solaris || illumos || dragonfly
+// +build linux freebsd openbsd netbsd darwin solaris illumos dragonfly
 
 package client // import "github.com/docker/docker/client"
 
diff --git a/client/config_create.go b/client/config_create.go
index c8b802ad356c0..f6b1881fc3691 100644
--- a/client/config_create.go
+++ b/client/config_create.go
@@ -8,18 +8,18 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 )
 
-// ConfigCreate creates a new Config.
+// ConfigCreate creates a new config.
 func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error) {
 	var response types.ConfigCreateResponse
 	if err := cli.NewVersionError("1.30", "config create"); err != nil {
 		return response, err
 	}
 	resp, err := cli.post(ctx, "/configs/create", nil, config, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return response, err
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
-	ensureReaderClosed(resp)
 	return response, err
 }
diff --git a/client/config_create_test.go b/client/config_create_test.go
index a6408792db931..18b18b5401734 100644
--- a/client/config_create_test.go
+++ b/client/config_create_test.go
@@ -5,15 +5,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestConfigCreateUnsupported(t *testing.T) {
@@ -31,8 +32,8 @@ func TestConfigCreateError(t *testing.T) {
 		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ConfigCreate(context.Background(), swarm.ConfigSpec{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -44,7 +45,7 @@ func TestConfigCreate(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			b, err := json.Marshal(types.ConfigCreateResponse{
@@ -55,7 +56,7 @@ func TestConfigCreate(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusCreated,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/config_inspect.go b/client/config_inspect.go
index 4ac566ad89fc7..f1b0d7f7536ce 100644
--- a/client/config_inspect.go
+++ b/client/config_inspect.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 
 	"github.com/docker/docker/api/types/swarm"
 )
@@ -18,12 +18,12 @@ func (cli *Client) ConfigInspectWithRaw(ctx context.Context, id string) (swarm.C
 		return swarm.Config{}, nil, err
 	}
 	resp, err := cli.get(ctx, "/configs/"+id, nil, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return swarm.Config{}, nil, wrapResponseError(err, resp, "config", id)
 	}
-	defer ensureReaderClosed(resp)
 
-	body, err := ioutil.ReadAll(resp.body)
+	body, err := io.ReadAll(resp.body)
 	if err != nil {
 		return swarm.Config{}, nil, err
 	}
diff --git a/client/config_inspect_test.go b/client/config_inspect_test.go
index 76a5dae9e5ebc..139d6022cc8ce 100644
--- a/client/config_inspect_test.go
+++ b/client/config_inspect_test.go
@@ -5,15 +5,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestConfigInspectNotFound(t *testing.T) {
@@ -55,8 +56,8 @@ func TestConfigInspectError(t *testing.T) {
 	}
 
 	_, _, err := client.ConfigInspectWithRaw(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -88,7 +89,7 @@ func TestConfigInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/config_list.go b/client/config_list.go
index 2b9d54606bf35..565acc6e27332 100644
--- a/client/config_list.go
+++ b/client/config_list.go
@@ -27,12 +27,12 @@ func (cli *Client) ConfigList(ctx context.Context, options types.ConfigListOptio
 	}
 
 	resp, err := cli.get(ctx, "/configs", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return nil, err
 	}
 
 	var configs []swarm.Config
 	err = json.NewDecoder(resp.body).Decode(&configs)
-	ensureReaderClosed(resp)
 	return configs, err
 }
diff --git a/client/config_list_test.go b/client/config_list_test.go
index b35a5929531ef..9c4cf6642b7f8 100644
--- a/client/config_list_test.go
+++ b/client/config_list_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -13,8 +13,9 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestConfigListUnsupported(t *testing.T) {
@@ -33,8 +34,8 @@ func TestConfigListError(t *testing.T) {
 	}
 
 	_, err := client.ConfigList(context.Background(), types.ConfigListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -91,7 +92,7 @@ func TestConfigList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
diff --git a/client/config_remove.go b/client/config_remove.go
index a96871e98b71d..93de0d8445b55 100644
--- a/client/config_remove.go
+++ b/client/config_remove.go
@@ -2,12 +2,12 @@ package client // import "github.com/docker/docker/client"
 
 import "context"
 
-// ConfigRemove removes a Config.
+// ConfigRemove removes a config.
 func (cli *Client) ConfigRemove(ctx context.Context, id string) error {
 	if err := cli.NewVersionError("1.30", "config remove"); err != nil {
 		return err
 	}
 	resp, err := cli.delete(ctx, "/configs/"+id, nil, nil)
-	ensureReaderClosed(resp)
+	defer ensureReaderClosed(resp)
 	return wrapResponseError(err, resp, "config", id)
 }
diff --git a/client/config_remove_test.go b/client/config_remove_test.go
index 9c0c0f9337e2c..1573f318ae398 100644
--- a/client/config_remove_test.go
+++ b/client/config_remove_test.go
@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestConfigRemoveUnsupported(t *testing.T) {
@@ -29,8 +30,8 @@ func TestConfigRemoveError(t *testing.T) {
 	}
 
 	err := client.ConfigRemove(context.Background(), "config_id")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -43,12 +44,12 @@ func TestConfigRemove(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "DELETE" {
+			if req.Method != http.MethodDelete {
 				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
diff --git a/client/config_update.go b/client/config_update.go
index 39e59cf858904..ba79ae64e5920 100644
--- a/client/config_update.go
+++ b/client/config_update.go
@@ -8,7 +8,7 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 )
 
-// ConfigUpdate attempts to update a Config
+// ConfigUpdate attempts to update a config
 func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error {
 	if err := cli.NewVersionError("1.30", "config update"); err != nil {
 		return err
diff --git a/client/config_update_test.go b/client/config_update_test.go
index 1299f8278ca7c..7b6d15be87950 100644
--- a/client/config_update_test.go
+++ b/client/config_update_test.go
@@ -4,14 +4,15 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestConfigUpdateUnsupported(t *testing.T) {
@@ -30,8 +31,8 @@ func TestConfigUpdateError(t *testing.T) {
 	}
 
 	err := client.ConfigUpdate(context.Background(), "config_id", swarm.Version{}, swarm.ConfigSpec{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -44,12 +45,12 @@ func TestConfigUpdate(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
diff --git a/client/container_commit.go b/client/container_commit.go
index 377a2ea681c12..cd7f7634646f7 100644
--- a/client/container_commit.go
+++ b/client/container_commit.go
@@ -10,7 +10,7 @@ import (
 	"github.com/docker/docker/api/types"
 )
 
-// ContainerCommit applies changes into a container and creates a new tagged image.
+// ContainerCommit applies changes to a container and creates a new tagged image.
 func (cli *Client) ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error) {
 	var repository, tag string
 	if options.Reference != "" {
@@ -45,11 +45,11 @@ func (cli *Client) ContainerCommit(ctx context.Context, container string, option
 
 	var response types.IDResponse
 	resp, err := cli.post(ctx, "/commit", query, options.Config, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return response, err
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
-	ensureReaderClosed(resp)
 	return response, err
 }
diff --git a/client/container_commit_test.go b/client/container_commit_test.go
index 8e3fe8b730aeb..80aca7bbb33ba 100644
--- a/client/container_commit_test.go
+++ b/client/container_commit_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerCommitError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestContainerCommitError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerCommit(context.Background(), "nothing", types.ContainerCommitOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -75,7 +76,7 @@ func TestContainerCommit(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/container_copy.go b/client/container_copy.go
index d706260cee0fd..c0a47c14e31b3 100644
--- a/client/container_copy.go
+++ b/client/container_copy.go
@@ -14,17 +14,17 @@ import (
 	"github.com/docker/docker/api/types"
 )
 
-// ContainerStatPath returns Stat information about a path inside the container filesystem.
+// ContainerStatPath returns stat information about a path inside the container filesystem.
 func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (types.ContainerPathStat, error) {
 	query := url.Values{}
 	query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.
 
 	urlStr := "/containers/" + containerID + "/archive"
 	response, err := cli.head(ctx, urlStr, query, nil)
+	defer ensureReaderClosed(response)
 	if err != nil {
 		return types.ContainerPathStat{}, wrapResponseError(err, response, "container:path", containerID+":"+path)
 	}
-	defer ensureReaderClosed(response)
 	return getContainerPathStatFromHeader(response.header)
 }
 
@@ -45,11 +45,12 @@ func (cli *Client) CopyToContainer(ctx context.Context, containerID, dstPath str
 	apiPath := "/containers/" + containerID + "/archive"
 
 	response, err := cli.putRaw(ctx, apiPath, query, content, nil)
+	defer ensureReaderClosed(response)
 	if err != nil {
 		return wrapResponseError(err, response, "container:path", containerID+":"+dstPath)
 	}
-	defer ensureReaderClosed(response)
 
+	// TODO this code converts non-error status-codes (e.g., "204 No Content") into an error; verify if this is the desired behavior
 	if response.statusCode != http.StatusOK {
 		return fmt.Errorf("unexpected status code from daemon: %d", response.statusCode)
 	}
@@ -69,6 +70,7 @@ func (cli *Client) CopyFromContainer(ctx context.Context, containerID, srcPath s
 		return nil, types.ContainerPathStat{}, wrapResponseError(err, response, "container:path", containerID+":"+srcPath)
 	}
 
+	// TODO this code converts non-error status-codes (e.g., "204 No Content") into an error; verify if this is the desired behavior
 	if response.statusCode != http.StatusOK {
 		return nil, types.ContainerPathStat{}, fmt.Errorf("unexpected status code from daemon: %d", response.statusCode)
 	}
diff --git a/client/container_copy_test.go b/client/container_copy_test.go
index efddbef20dba5..c94aa5e1aa3e2 100644
--- a/client/container_copy_test.go
+++ b/client/container_copy_test.go
@@ -6,12 +6,13 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerStatPathError(t *testing.T) {
@@ -19,8 +20,8 @@ func TestContainerStatPathError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerStatPath(context.Background(), "container_id", "path")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -39,7 +40,7 @@ func TestContainerStatPathNoHeaderError(t *testing.T) {
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
@@ -57,7 +58,7 @@ func TestContainerStatPath(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "HEAD" {
+			if req.Method != http.MethodHead {
 				return nil, fmt.Errorf("expected HEAD method, got %s", req.Method)
 			}
 			query := req.URL.Query()
@@ -75,7 +76,7 @@ func TestContainerStatPath(t *testing.T) {
 			base64PathStat := base64.StdEncoding.EncodeToString(content)
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 				Header: http.Header{
 					"X-Docker-Container-Path-Stat": []string{base64PathStat},
 				},
@@ -99,8 +100,8 @@ func TestCopyToContainerError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.CopyToContainer(context.Background(), "container_id", "path/to/file", bytes.NewReader([]byte("")), types.CopyToContainerOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -114,6 +115,7 @@ func TestCopyToContainerNotFoundError(t *testing.T) {
 	}
 }
 
+// TODO TestCopyToContainerNotStatusOKError expects a non-error status-code ("204 No Content") to produce an error; verify if this is the desired behavior
 func TestCopyToContainerNotStatusOKError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusNoContent, "No content")),
@@ -132,7 +134,7 @@ func TestCopyToContainer(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "PUT" {
+			if req.Method != http.MethodPut {
 				return nil, fmt.Errorf("expected PUT method, got %s", req.Method)
 			}
 			query := req.URL.Query()
@@ -145,7 +147,7 @@ func TestCopyToContainer(t *testing.T) {
 				return nil, fmt.Errorf("noOverwriteDirNonDir not set in URL query properly, expected true, got %s", noOverwriteDirNonDir)
 			}
 
-			content, err := ioutil.ReadAll(req.Body)
+			content, err := io.ReadAll(req.Body)
 			if err != nil {
 				return nil, err
 			}
@@ -158,7 +160,7 @@ func TestCopyToContainer(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
@@ -175,8 +177,8 @@ func TestCopyFromContainerError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, _, err := client.CopyFromContainer(context.Background(), "container_id", "path/to/file")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -190,6 +192,7 @@ func TestCopyFromContainerNotFoundError(t *testing.T) {
 	}
 }
 
+// TODO TestCopyFromContainerNotStatusOKError expects a non-error status-code ("204 No Content") to produce an error; verify if this is the desired behavior
 func TestCopyFromContainerNotStatusOKError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusNoContent, "No content")),
@@ -205,7 +208,7 @@ func TestCopyFromContainerNoHeaderError(t *testing.T) {
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
@@ -223,7 +226,7 @@ func TestCopyFromContainer(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "GET" {
+			if req.Method != http.MethodGet {
 				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
 			}
 			query := req.URL.Query()
@@ -243,7 +246,7 @@ func TestCopyFromContainer(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("content"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("content"))),
 				Header: http.Header{
 					"X-Docker-Container-Path-Stat": []string{base64PathStat},
 				},
@@ -260,7 +263,7 @@ func TestCopyFromContainer(t *testing.T) {
 	if stat.Mode != 0700 {
 		t.Fatalf("expected container path stat mode to be 0700, got '%v'", stat.Mode)
 	}
-	content, err := ioutil.ReadAll(r)
+	content, err := io.ReadAll(r)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/client/container_create.go b/client/container_create.go
index d269a61894aee..47d15c2bbd6bc 100644
--- a/client/container_create.go
+++ b/client/container_create.go
@@ -4,11 +4,12 @@ import (
 	"context"
 	"encoding/json"
 	"net/url"
-	"strings"
+	"path"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 type configWrapper struct {
@@ -17,9 +18,9 @@ type configWrapper struct {
 	NetworkingConfig *network.NetworkingConfig
 }
 
-// ContainerCreate creates a new container based in the given configuration.
+// ContainerCreate creates a new container based on the given configuration.
 // It can be associated with a name, but it's not mandatory.
-func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, containerName string) (container.ContainerCreateCreatedBody, error) {
+func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.ContainerCreateCreatedBody, error) {
 	var response container.ContainerCreateCreatedBody
 
 	if err := cli.NewVersionError("1.25", "stop timeout"); config != nil && config.StopTimeout != nil && err != nil {
@@ -31,7 +32,15 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
 		hostConfig.AutoRemove = false
 	}
 
+	if err := cli.NewVersionError("1.41", "specify container image platform"); platform != nil && err != nil {
+		return response, err
+	}
+
 	query := url.Values{}
+	if p := formatPlatform(platform); p != "" {
+		query.Set("platform", p)
+	}
+
 	if containerName != "" {
 		query.Set("name", containerName)
 	}
@@ -43,14 +52,23 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
 	}
 
 	serverResp, err := cli.post(ctx, "/containers/create", query, body, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
-		if serverResp.statusCode == 404 && strings.Contains(err.Error(), "No such image") {
-			return response, objectNotFoundError{object: "image", id: config.Image}
-		}
 		return response, err
 	}
 
 	err = json.NewDecoder(serverResp.body).Decode(&response)
-	ensureReaderClosed(serverResp)
 	return response, err
 }
+
+// formatPlatform returns a formatted string representing platform (e.g. linux/arm/v7).
+//
+// Similar to containerd's platforms.Format(), but does allow components to be
+// omitted (e.g. pass "architecture" only, without "os":
+// https://github.com/containerd/containerd/blob/v1.5.2/platforms/platforms.go#L243-L263
+func formatPlatform(platform *specs.Platform) string {
+	if platform == nil {
+		return ""
+	}
+	return path.Join(platform.OS, platform.Architecture, platform.Variant)
+}
diff --git a/client/container_create_test.go b/client/container_create_test.go
index d46e70492dbfe..2a8c5eef2b752 100644
--- a/client/container_create_test.go
+++ b/client/container_create_test.go
@@ -5,30 +5,31 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerCreateError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
-	_, err := client.ContainerCreate(context.Background(), nil, nil, nil, "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error while testing StatusInternalServerError, got %v", err)
+	_, err := client.ContainerCreate(context.Background(), nil, nil, nil, nil, "nothing")
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error while testing StatusInternalServerError, got %T", err)
 	}
 
 	// 404 doesn't automatically means an unknown image
 	client = &Client{
 		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
 	}
-	_, err = client.ContainerCreate(context.Background(), nil, nil, nil, "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error while testing StatusNotFound, got %v", err)
+	_, err = client.ContainerCreate(context.Background(), nil, nil, nil, nil, "nothing")
+	if err == nil || !IsErrNotFound(err) {
+		t.Fatalf("expected a Server Error while testing StatusNotFound, got %T", err)
 	}
 }
 
@@ -36,9 +37,9 @@ func TestContainerCreateImageNotFound(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusNotFound, "No such image")),
 	}
-	_, err := client.ContainerCreate(context.Background(), &container.Config{Image: "unknown_image"}, nil, nil, "unknown")
+	_, err := client.ContainerCreate(context.Background(), &container.Config{Image: "unknown_image"}, nil, nil, nil, "unknown")
 	if err == nil || !IsErrNotFound(err) {
-		t.Fatalf("expected an imageNotFound error, got %v", err)
+		t.Fatalf("expected an imageNotFound error, got %v, %T", err, err)
 	}
 }
 
@@ -61,12 +62,12 @@ func TestContainerCreateWithName(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
 
-	r, err := client.ContainerCreate(context.Background(), nil, nil, nil, "container_name")
+	r, err := client.ContainerCreate(context.Background(), nil, nil, nil, nil, "container_name")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -96,7 +97,7 @@ func TestContainerCreateAutoRemove(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}
 	}
@@ -105,14 +106,14 @@ func TestContainerCreateAutoRemove(t *testing.T) {
 		client:  newMockClient(autoRemoveValidator(false)),
 		version: "1.24",
 	}
-	if _, err := client.ContainerCreate(context.Background(), nil, &container.HostConfig{AutoRemove: true}, nil, ""); err != nil {
+	if _, err := client.ContainerCreate(context.Background(), nil, &container.HostConfig{AutoRemove: true}, nil, nil, ""); err != nil {
 		t.Fatal(err)
 	}
 	client = &Client{
 		client:  newMockClient(autoRemoveValidator(true)),
 		version: "1.25",
 	}
-	if _, err := client.ContainerCreate(context.Background(), nil, &container.HostConfig{AutoRemove: true}, nil, ""); err != nil {
+	if _, err := client.ContainerCreate(context.Background(), nil, &container.HostConfig{AutoRemove: true}, nil, nil, ""); err != nil {
 		t.Fatal(err)
 	}
 }
diff --git a/client/container_diff.go b/client/container_diff.go
index 3b7c90c96c95e..29dac8491df51 100644
--- a/client/container_diff.go
+++ b/client/container_diff.go
@@ -13,11 +13,11 @@ func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]con
 	var changes []container.ContainerChangeResponseItem
 
 	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/changes", url.Values{}, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return changes, err
 	}
 
 	err = json.NewDecoder(serverResp.body).Decode(&changes)
-	ensureReaderClosed(serverResp)
 	return changes, err
 }
diff --git a/client/container_diff_test.go b/client/container_diff_test.go
index ac215f34038fb..14e243343ea54 100644
--- a/client/container_diff_test.go
+++ b/client/container_diff_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerDiffError(t *testing.T) {
@@ -18,10 +19,9 @@ func TestContainerDiffError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerDiff(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
-
 }
 
 func TestContainerDiff(t *testing.T) {
@@ -46,7 +46,7 @@ func TestContainerDiff(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/container_exec.go b/client/container_exec.go
index 535536b1e0ff7..e3ee755b71dc2 100644
--- a/client/container_exec.go
+++ b/client/container_exec.go
@@ -16,11 +16,11 @@ func (cli *Client) ContainerExecCreate(ctx context.Context, container string, co
 	}
 
 	resp, err := cli.post(ctx, "/containers/"+container+"/exec", nil, config, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return response, err
 	}
 	err = json.NewDecoder(resp.body).Decode(&response)
-	ensureReaderClosed(resp)
 	return response, err
 }
 
diff --git a/client/container_exec_test.go b/client/container_exec_test.go
index 68b900bf147b1..3daae491d8a7b 100644
--- a/client/container_exec_test.go
+++ b/client/container_exec_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerExecCreateError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestContainerExecCreateError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerExecCreate(context.Background(), "container_id", types.ExecConfig{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -30,7 +31,7 @@ func TestContainerExecCreate(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			// FIXME validate the content is the given ExecConfig ?
@@ -52,7 +53,7 @@ func TestContainerExecCreate(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
@@ -73,8 +74,8 @@ func TestContainerExecStartError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerExecStart(context.Background(), "nothing", types.ExecStartCheck{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -98,7 +99,7 @@ func TestContainerExecStart(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
@@ -117,8 +118,8 @@ func TestContainerExecInspectError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerExecInspect(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -138,7 +139,7 @@ func TestContainerExecInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/container_export_test.go b/client/container_export_test.go
index 8f6c8dce642c6..1a19aebd93108 100644
--- a/client/container_export_test.go
+++ b/client/container_export_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerExportError(t *testing.T) {
@@ -15,8 +17,8 @@ func TestContainerExportError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerExport(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -30,7 +32,7 @@ func TestContainerExport(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("response"))),
 			}, nil
 		}),
 	}
@@ -39,7 +41,7 @@ func TestContainerExport(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer body.Close()
-	content, err := ioutil.ReadAll(body)
+	content, err := io.ReadAll(body)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/client/container_inspect.go b/client/container_inspect.go
index f453064cf8f44..43db32bd973a1 100644
--- a/client/container_inspect.go
+++ b/client/container_inspect.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
@@ -16,13 +16,13 @@ func (cli *Client) ContainerInspect(ctx context.Context, containerID string) (ty
 		return types.ContainerJSON{}, objectNotFoundError{object: "container", id: containerID}
 	}
 	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return types.ContainerJSON{}, wrapResponseError(err, serverResp, "container", containerID)
 	}
 
 	var response types.ContainerJSON
 	err = json.NewDecoder(serverResp.body).Decode(&response)
-	ensureReaderClosed(serverResp)
 	return response, err
 }
 
@@ -36,12 +36,12 @@ func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID stri
 		query.Set("size", "1")
 	}
 	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", query, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return types.ContainerJSON{}, nil, wrapResponseError(err, serverResp, "container", containerID)
 	}
-	defer ensureReaderClosed(serverResp)
 
-	body, err := ioutil.ReadAll(serverResp.body)
+	body, err := io.ReadAll(serverResp.body)
 	if err != nil {
 		return types.ContainerJSON{}, nil, err
 	}
diff --git a/client/container_inspect_test.go b/client/container_inspect_test.go
index 92a77f6aea419..54c70d030491d 100644
--- a/client/container_inspect_test.go
+++ b/client/container_inspect_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -20,8 +21,8 @@ func TestContainerInspectError(t *testing.T) {
 	}
 
 	_, err := client.ContainerInspect(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -67,7 +68,7 @@ func TestContainerInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
@@ -87,6 +88,8 @@ func TestContainerInspect(t *testing.T) {
 	}
 }
 
+// TestContainerInspectNode tests that the "Node" field is included in the "inspect"
+// output. This information is only present when connected to a Swarm standalone API.
 func TestContainerInspectNode(t *testing.T) {
 	client := &Client{
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
@@ -107,7 +110,7 @@ func TestContainerInspectNode(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/container_kill_test.go b/client/container_kill_test.go
index 85bb5ee559348..6db886d2c52d3 100644
--- a/client/container_kill_test.go
+++ b/client/container_kill_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerKillError(t *testing.T) {
@@ -15,8 +17,8 @@ func TestContainerKillError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerKill(context.Background(), "nothing", "SIGKILL")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -33,7 +35,7 @@ func TestContainerKill(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/container_list.go b/client/container_list.go
index 9c218e2218aed..a973de597fdf3 100644
--- a/client/container_list.go
+++ b/client/container_list.go
@@ -35,6 +35,7 @@ func (cli *Client) ContainerList(ctx context.Context, options types.ContainerLis
 	}
 
 	if options.Filters.Len() > 0 {
+		//nolint:staticcheck // ignore SA1019 for old code
 		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
 
 		if err != nil {
@@ -45,12 +46,12 @@ func (cli *Client) ContainerList(ctx context.Context, options types.ContainerLis
 	}
 
 	resp, err := cli.get(ctx, "/containers/json", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return nil, err
 	}
 
 	var containers []types.Container
 	err = json.NewDecoder(resp.body).Decode(&containers)
-	ensureReaderClosed(resp)
 	return containers, err
 }
diff --git a/client/container_list_test.go b/client/container_list_test.go
index 809f20f5c7ea2..dfd3494ca6132 100644
--- a/client/container_list_test.go
+++ b/client/container_list_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerListError(t *testing.T) {
@@ -19,8 +20,8 @@ func TestContainerListError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerList(context.Background(), types.ContainerListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -72,7 +73,7 @@ func TestContainerList(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/container_logs_test.go b/client/container_logs_test.go
index 6d6e34e101272..07c3bbd137fb0 100644
--- a/client/container_logs_test.go
+++ b/client/container_logs_test.go
@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@@ -14,8 +13,9 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestContainerLogsNotFoundError(t *testing.T) {
@@ -33,7 +33,9 @@ func TestContainerLogsError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerLogs(context.Background(), "container_id", types.ContainerLogsOptions{})
-	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 	_, err = client.ContainerLogs(context.Background(), "container_id", types.ContainerLogsOptions{
 		Since: "2006-01-02TZ",
 	})
@@ -132,7 +134,7 @@ func TestContainerLogs(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("response"))),
 				}, nil
 			}),
 		}
@@ -143,7 +145,7 @@ func TestContainerLogs(t *testing.T) {
 		}
 		assert.NilError(t, err)
 		defer body.Close()
-		content, err := ioutil.ReadAll(body)
+		content, err := io.ReadAll(body)
 		assert.NilError(t, err)
 		assert.Check(t, is.Contains(string(content), "response"))
 	}
@@ -153,7 +155,7 @@ func ExampleClient_ContainerLogs_withTimeout() {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 
-	client, _ := NewEnvClient()
+	client, _ := NewClientWithOpts(FromEnv)
 	reader, err := client.ContainerLogs(ctx, "container_id", types.ContainerLogsOptions{})
 	if err != nil {
 		log.Fatal(err)
diff --git a/client/container_pause_test.go b/client/container_pause_test.go
index d1f73a67f34e6..45cbe21498dec 100644
--- a/client/container_pause_test.go
+++ b/client/container_pause_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerPauseError(t *testing.T) {
@@ -15,8 +17,8 @@ func TestContainerPauseError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerPause(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -29,7 +31,7 @@ func TestContainerPause(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/container_prune.go b/client/container_prune.go
index 14f88d93bac39..04383deaaffc3 100644
--- a/client/container_prune.go
+++ b/client/container_prune.go
@@ -23,10 +23,10 @@ func (cli *Client) ContainersPrune(ctx context.Context, pruneFilters filters.Arg
 	}
 
 	serverResp, err := cli.post(ctx, "/containers/prune", query, nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return report, err
 	}
-	defer ensureReaderClosed(serverResp)
 
 	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
 		return report, fmt.Errorf("Error retrieving disk usage: %v", err)
diff --git a/client/container_prune_test.go b/client/container_prune_test.go
index 6a830d01dcacb..9525efc3bc4a9 100644
--- a/client/container_prune_test.go
+++ b/client/container_prune_test.go
@@ -5,15 +5,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestContainersPruneError(t *testing.T) {
@@ -25,7 +26,9 @@ func TestContainersPruneError(t *testing.T) {
 	filters := filters.NewArgs()
 
 	_, err := client.ContainersPrune(context.Background(), filters)
-	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 }
 
 func TestContainersPrune(t *testing.T) {
@@ -111,7 +114,7 @@ func TestContainersPrune(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 			version: "1.25",
diff --git a/client/container_remove.go b/client/container_remove.go
index ab4cfc16f8786..df81461b889c5 100644
--- a/client/container_remove.go
+++ b/client/container_remove.go
@@ -22,6 +22,6 @@ func (cli *Client) ContainerRemove(ctx context.Context, containerID string, opti
 	}
 
 	resp, err := cli.delete(ctx, "/containers/"+containerID, query, nil)
-	ensureReaderClosed(resp)
+	defer ensureReaderClosed(resp)
 	return wrapResponseError(err, resp, "container", containerID)
 }
diff --git a/client/container_remove_test.go b/client/container_remove_test.go
index d94d8313041e8..ffc15eaf7efb1 100644
--- a/client/container_remove_test.go
+++ b/client/container_remove_test.go
@@ -4,14 +4,15 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestContainerRemoveError(t *testing.T) {
@@ -19,7 +20,9 @@ func TestContainerRemoveError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerRemove(context.Background(), "container_id", types.ContainerRemoveOptions{})
-	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 }
 
 func TestContainerRemoveNotFoundError(t *testing.T) {
@@ -53,7 +56,7 @@ func TestContainerRemove(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/container_rename_test.go b/client/container_rename_test.go
index 42be60902860d..5ccc18eb3c1a0 100644
--- a/client/container_rename_test.go
+++ b/client/container_rename_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerRenameError(t *testing.T) {
@@ -15,8 +17,8 @@ func TestContainerRenameError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerRename(context.Background(), "nothing", "newNothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -33,7 +35,7 @@ func TestContainerRename(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/container_resize_test.go b/client/container_resize_test.go
index 3c10fd7e6905e..0fd63fe3e63ed 100644
--- a/client/container_resize_test.go
+++ b/client/container_resize_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerResizeError(t *testing.T) {
@@ -17,8 +18,8 @@ func TestContainerResizeError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerResize(context.Background(), "container_id", types.ResizeOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -27,8 +28,8 @@ func TestContainerExecResizeError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerExecResize(context.Background(), "exec_id", types.ResizeOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -76,7 +77,7 @@ func resizeTransport(expectedURL string) func(req *http.Request) (*http.Response
 		}
 		return &http.Response{
 			StatusCode: http.StatusOK,
-			Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 		}, nil
 	}
 }
diff --git a/client/container_restart.go b/client/container_restart.go
index 41e421969f47a..aa0d6485de39b 100644
--- a/client/container_restart.go
+++ b/client/container_restart.go
@@ -9,7 +9,7 @@ import (
 )
 
 // ContainerRestart stops and starts a container again.
-// It makes the daemon to wait for the container to be up again for
+// It makes the daemon wait for the container to be up again for
 // a specific amount of time, given the timeout.
 func (cli *Client) ContainerRestart(ctx context.Context, containerID string, timeout *time.Duration) error {
 	query := url.Values{}
diff --git a/client/container_restart_test.go b/client/container_restart_test.go
index 27e81da5d8745..085da26b70f95 100644
--- a/client/container_restart_test.go
+++ b/client/container_restart_test.go
@@ -4,11 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 	"time"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerRestartError(t *testing.T) {
@@ -17,8 +19,8 @@ func TestContainerRestartError(t *testing.T) {
 	}
 	timeout := 0 * time.Second
 	err := client.ContainerRestart(context.Background(), "nothing", &timeout)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -35,7 +37,7 @@ func TestContainerRestart(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/container_start_test.go b/client/container_start_test.go
index 277c585caa526..07fce72e5d2a0 100644
--- a/client/container_start_test.go
+++ b/client/container_start_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerStartError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestContainerStartError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerStart(context.Background(), "nothing", types.ContainerStartOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -45,7 +46,7 @@ func TestContainerStart(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/container_stats.go b/client/container_stats.go
index 6ef44c77480c1..0a6488dde8266 100644
--- a/client/container_stats.go
+++ b/client/container_stats.go
@@ -24,3 +24,19 @@ func (cli *Client) ContainerStats(ctx context.Context, containerID string, strea
 	osType := getDockerOS(resp.header.Get("Server"))
 	return types.ContainerStats{Body: resp.body, OSType: osType}, err
 }
+
+// ContainerStatsOneShot gets a single stat entry from a container.
+// It differs from `ContainerStats` in that the API should not wait to prime the stats
+func (cli *Client) ContainerStatsOneShot(ctx context.Context, containerID string) (types.ContainerStats, error) {
+	query := url.Values{}
+	query.Set("stream", "0")
+	query.Set("one-shot", "1")
+
+	resp, err := cli.get(ctx, "/containers/"+containerID+"/stats", query, nil)
+	if err != nil {
+		return types.ContainerStats{}, err
+	}
+
+	osType := getDockerOS(resp.header.Get("Server"))
+	return types.ContainerStats{Body: resp.body, OSType: osType}, err
+}
diff --git a/client/container_stats_test.go b/client/container_stats_test.go
index d88596315c9df..933b67ca8846a 100644
--- a/client/container_stats_test.go
+++ b/client/container_stats_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerStatsError(t *testing.T) {
@@ -15,8 +17,8 @@ func TestContainerStatsError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerStats(context.Background(), "nothing", false)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -49,7 +51,7 @@ func TestContainerStats(t *testing.T) {
 
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("response"))),
 				}, nil
 			}),
 		}
@@ -58,7 +60,7 @@ func TestContainerStats(t *testing.T) {
 			t.Fatal(err)
 		}
 		defer resp.Body.Close()
-		content, err := ioutil.ReadAll(resp.Body)
+		content, err := io.ReadAll(resp.Body)
 		if err != nil {
 			t.Fatal(err)
 		}
diff --git a/client/container_stop_test.go b/client/container_stop_test.go
index e9af74525af9b..f5df1805cb9be 100644
--- a/client/container_stop_test.go
+++ b/client/container_stop_test.go
@@ -4,11 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 	"time"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerStopError(t *testing.T) {
@@ -17,8 +19,8 @@ func TestContainerStopError(t *testing.T) {
 	}
 	timeout := 0 * time.Second
 	err := client.ContainerStop(context.Background(), "nothing", &timeout)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -35,7 +37,7 @@ func TestContainerStop(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/container_top.go b/client/container_top.go
index 9c9fce7a040ec..a5b78999bf0a7 100644
--- a/client/container_top.go
+++ b/client/container_top.go
@@ -18,11 +18,11 @@ func (cli *Client) ContainerTop(ctx context.Context, containerID string, argumen
 	}
 
 	resp, err := cli.get(ctx, "/containers/"+containerID+"/top", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return response, err
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
-	ensureReaderClosed(resp)
 	return response, err
 }
diff --git a/client/container_top_test.go b/client/container_top_test.go
index 48daba7783a8d..35d5c42397844 100644
--- a/client/container_top_test.go
+++ b/client/container_top_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"reflect"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerTopError(t *testing.T) {
@@ -19,8 +20,8 @@ func TestContainerTopError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerTop(context.Background(), "nothing", []string{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -56,7 +57,7 @@ func TestContainerTop(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/container_unpause_test.go b/client/container_unpause_test.go
index 000699190a20e..42eef30fcacdb 100644
--- a/client/container_unpause_test.go
+++ b/client/container_unpause_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerUnpauseError(t *testing.T) {
@@ -15,8 +17,8 @@ func TestContainerUnpauseError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerUnpause(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -29,7 +31,7 @@ func TestContainerUnpause(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/container_update.go b/client/container_update.go
index 14e7f23dfb8aa..bf68a5300e9da 100644
--- a/client/container_update.go
+++ b/client/container_update.go
@@ -7,16 +7,15 @@ import (
 	"github.com/docker/docker/api/types/container"
 )
 
-// ContainerUpdate updates resources of a container
+// ContainerUpdate updates the resources of a container.
 func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error) {
 	var response container.ContainerUpdateOKBody
 	serverResp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return response, err
 	}
 
 	err = json.NewDecoder(serverResp.body).Decode(&response)
-
-	ensureReaderClosed(serverResp)
 	return response, err
 }
diff --git a/client/container_update_test.go b/client/container_update_test.go
index 41c6485ec84c4..83ae098be0ba9 100644
--- a/client/container_update_test.go
+++ b/client/container_update_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerUpdateError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestContainerUpdateError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerUpdate(context.Background(), "nothing", container.UpdateConfig{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -39,7 +40,7 @@ func TestContainerUpdate(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/container_wait_test.go b/client/container_wait_test.go
index 11a9203ddcc24..ab42272887912 100644
--- a/client/container_wait_test.go
+++ b/client/container_wait_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"strings"
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestContainerWaitError(t *testing.T) {
@@ -24,8 +25,8 @@ func TestContainerWaitError(t *testing.T) {
 	case result := <-resultC:
 		t.Fatalf("expected to not get a wait result, got %d", result.StatusCode)
 	case err := <-errC:
-		if err.Error() != "Error response from daemon: Server error" {
-			t.Fatalf("expected a Server Error, got %v", err)
+		if !errdefs.IsSystem(err) {
+			t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 		}
 	}
 }
@@ -45,7 +46,7 @@ func TestContainerWait(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
@@ -65,7 +66,7 @@ func ExampleClient_ContainerWait_withTimeout() {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 
-	client, _ := NewEnvClient()
+	client, _ := NewClientWithOpts(FromEnv)
 	_, errC := client.ContainerWait(ctx, "container_id", "")
 	if err := <-errC; err != nil {
 		log.Fatal(err)
diff --git a/client/disk_usage.go b/client/disk_usage.go
index 8eb30eb5de226..ba0d92e9e669c 100644
--- a/client/disk_usage.go
+++ b/client/disk_usage.go
@@ -4,23 +4,30 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net/url"
 
 	"github.com/docker/docker/api/types"
 )
 
 // DiskUsage requests the current data usage from the daemon
-func (cli *Client) DiskUsage(ctx context.Context) (types.DiskUsage, error) {
-	var du types.DiskUsage
+func (cli *Client) DiskUsage(ctx context.Context, options types.DiskUsageOptions) (types.DiskUsage, error) {
+	var query url.Values
+	if len(options.Types) > 0 {
+		query = url.Values{}
+		for _, t := range options.Types {
+			query.Add("type", string(t))
+		}
+	}
 
-	serverResp, err := cli.get(ctx, "/system/df", nil, nil)
+	serverResp, err := cli.get(ctx, "/system/df", query, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
-		return du, err
+		return types.DiskUsage{}, err
 	}
-	defer ensureReaderClosed(serverResp)
 
+	var du types.DiskUsage
 	if err := json.NewDecoder(serverResp.body).Decode(&du); err != nil {
-		return du, fmt.Errorf("Error retrieving disk usage: %v", err)
+		return types.DiskUsage{}, fmt.Errorf("Error retrieving disk usage: %v", err)
 	}
-
 	return du, nil
 }
diff --git a/client/disk_usage_test.go b/client/disk_usage_test.go
index 3968f75e62aeb..d64a511db0b8d 100644
--- a/client/disk_usage_test.go
+++ b/client/disk_usage_test.go
@@ -5,21 +5,22 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestDiskUsageError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
-	_, err := client.DiskUsage(context.Background())
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	_, err := client.DiskUsage(context.Background(), types.DiskUsageOptions{})
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -45,11 +46,11 @@ func TestDiskUsage(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
-	if _, err := client.DiskUsage(context.Background()); err != nil {
+	if _, err := client.DiskUsage(context.Background(), types.DiskUsageOptions{}); err != nil {
 		t.Fatal(err)
 	}
 }
diff --git a/client/distribution_inspect.go b/client/distribution_inspect.go
index 7245bbeeda4d1..7f36c99a01667 100644
--- a/client/distribution_inspect.go
+++ b/client/distribution_inspect.go
@@ -8,7 +8,7 @@ import (
 	registrytypes "github.com/docker/docker/api/types/registry"
 )
 
-// DistributionInspect returns the image digest with full Manifest
+// DistributionInspect returns the image digest with the full manifest.
 func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) {
 	// Contact the registry to retrieve digest and platform information
 	var distributionInspect registrytypes.DistributionInspect
@@ -28,11 +28,11 @@ func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegist
 	}
 
 	resp, err := cli.get(ctx, "/distribution/"+image+"/json", url.Values{}, headers)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return distributionInspect, err
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&distributionInspect)
-	ensureReaderClosed(resp)
 	return distributionInspect, err
 }
diff --git a/client/distribution_inspect_test.go b/client/distribution_inspect_test.go
index a23d5f55d59fb..bb5eda4ae0ca7 100644
--- a/client/distribution_inspect_test.go
+++ b/client/distribution_inspect_test.go
@@ -6,8 +6,8 @@ import (
 	"testing"
 
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestDistributionInspectUnsupported(t *testing.T) {
diff --git a/client/errors.go b/client/errors.go
index 0461af329d5d2..041bc8d49c44c 100644
--- a/client/errors.go
+++ b/client/errors.go
@@ -5,6 +5,7 @@ import (
 	"net/http"
 
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -23,8 +24,7 @@ func (err errConnectionFailed) Error() string {
 
 // IsErrConnectionFailed returns true if the error is caused by connection failed.
 func IsErrConnectionFailed(err error) bool {
-	_, ok := errors.Cause(err).(errConnectionFailed)
-	return ok
+	return errors.As(err, &errConnectionFailed{})
 }
 
 // ErrorConnectionFailed returns an error with host in the error message when connection to docker daemon failed.
@@ -32,16 +32,20 @@ func ErrorConnectionFailed(host string) error {
 	return errConnectionFailed{host: host}
 }
 
+// Deprecated: use the errdefs.NotFound() interface instead. Kept for backward compatibility
 type notFound interface {
 	error
-	NotFound() bool // Is the error a NotFound error
+	NotFound() bool
 }
 
 // IsErrNotFound returns true if the error is a NotFound error, which is returned
 // by the API when some object is not found.
 func IsErrNotFound(err error) bool {
-	te, ok := err.(notFound)
-	return ok && te.NotFound()
+	var e notFound
+	if errors.As(err, &e) {
+		return true
+	}
+	return errdefs.IsNotFound(err)
 }
 
 type objectNotFoundError struct {
@@ -49,9 +53,7 @@ type objectNotFoundError struct {
 	id     string
 }
 
-func (e objectNotFoundError) NotFound() bool {
-	return true
-}
+func (e objectNotFoundError) NotFound() {}
 
 func (e objectNotFoundError) Error() string {
 	return fmt.Sprintf("Error: No such %s: %s", e.object, e.id)
@@ -64,7 +66,7 @@ func wrapResponseError(err error, resp serverResponse, object, id string) error
 	case resp.statusCode == http.StatusNotFound:
 		return objectNotFoundError{object: object, id: id}
 	case resp.statusCode == http.StatusNotImplemented:
-		return notImplementedError{message: err.Error()}
+		return errdefs.NotImplemented(err)
 	default:
 		return err
 	}
@@ -83,8 +85,10 @@ func (u unauthorizedError) Error() string {
 // IsErrUnauthorized returns true if the error is caused
 // when a remote registry authentication fails
 func IsErrUnauthorized(err error) bool {
-	_, ok := err.(unauthorizedError)
-	return ok
+	if _, ok := err.(unauthorizedError); ok {
+		return ok
+	}
+	return errdefs.IsUnauthorized(err)
 }
 
 type pluginPermissionDenied struct {
@@ -118,8 +122,10 @@ func (e notImplementedError) NotImplemented() bool {
 // This is returned by the API when a requested feature has not been
 // implemented.
 func IsErrNotImplemented(err error) bool {
-	te, ok := err.(notImplementedError)
-	return ok && te.NotImplemented()
+	if _, ok := err.(notImplementedError); ok {
+		return ok
+	}
+	return errdefs.IsNotImplemented(err)
 }
 
 // NewVersionError returns an error if the APIVersion required
diff --git a/client/events.go b/client/events.go
index 6e56538955ee6..f0dc9d9e12f32 100644
--- a/client/events.go
+++ b/client/events.go
@@ -90,6 +90,7 @@ func buildEventsQueryParams(cliVersion string, options types.EventsOptions) (url
 	}
 
 	if options.Filters.Len() > 0 {
+		//nolint:staticcheck // ignore SA1019 for old code
 		filterJSON, err := filters.ToParamWithVersion(cliVersion, options.Filters)
 		if err != nil {
 			return nil, err
diff --git a/client/events_test.go b/client/events_test.go
index 4a39901b45b1f..bcd11ab252d54 100644
--- a/client/events_test.go
+++ b/client/events_test.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
@@ -14,6 +13,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestEventsErrorInOptions(t *testing.T) {
@@ -52,8 +52,8 @@ func TestEventsErrorFromServer(t *testing.T) {
 	}
 	_, errs := client.Events(context.Background(), types.EventsOptions{})
 	err := <-errs
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -90,17 +90,17 @@ func TestEvents(t *testing.T) {
 			},
 			events: []events.Message{
 				{
-					Type:   "container",
+					Type:   events.BuilderEventType,
 					ID:     "1",
 					Action: "create",
 				},
 				{
-					Type:   "container",
+					Type:   events.BuilderEventType,
 					ID:     "2",
 					Action: "die",
 				},
 				{
-					Type:   "container",
+					Type:   events.BuilderEventType,
 					ID:     "3",
 					Action: "create",
 				},
@@ -137,7 +137,7 @@ func TestEvents(t *testing.T) {
 
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(buffer),
+					Body:       io.NopCloser(buffer),
 				}, nil
 			}),
 		}
diff --git a/client/hijack.go b/client/hijack.go
index 0ac8248f2c7be..e1dc49ef0f66a 100644
--- a/client/hijack.go
+++ b/client/hijack.go
@@ -23,8 +23,8 @@ func (cli *Client) postHijacked(ctx context.Context, path string, query url.Valu
 		return types.HijackedResponse{}, err
 	}
 
-	apiPath := cli.getAPIPath(path, query)
-	req, err := http.NewRequest("POST", apiPath, bodyEncoded)
+	apiPath := cli.getAPIPath(ctx, path, query)
+	req, err := http.NewRequest(http.MethodPost, apiPath, bodyEncoded)
 	if err != nil {
 		return types.HijackedResponse{}, err
 	}
@@ -38,6 +38,17 @@ func (cli *Client) postHijacked(ctx context.Context, path string, query url.Valu
 	return types.HijackedResponse{Conn: conn, Reader: bufio.NewReader(conn)}, err
 }
 
+// DialHijack returns a hijacked connection with negotiated protocol proto.
+func (cli *Client) DialHijack(ctx context.Context, url, proto string, meta map[string][]string) (net.Conn, error) {
+	req, err := http.NewRequest(http.MethodPost, url, nil)
+	if err != nil {
+		return nil, err
+	}
+	req = cli.addHeaders(req, meta)
+
+	return cli.setupHijackConn(ctx, req, proto)
+}
+
 // fallbackDial is used when WithDialer() was not called.
 // See cli.Dialer().
 func fallbackDial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) {
@@ -76,6 +87,8 @@ func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto
 
 	// Server hijacks the connection, error 'connection closed' expected
 	resp, err := clientconn.Do(req)
+
+	//nolint:staticcheck // ignore SA1019 for connecting to old (pre go1.8) daemons
 	if err != httputil.ErrPersistEOF {
 		if err != nil {
 			return nil, err
diff --git a/client/hijack_test.go b/client/hijack_test.go
index d71dc9ea38cc8..67d3894756021 100644
--- a/client/hijack_test.go
+++ b/client/hijack_test.go
@@ -3,7 +3,7 @@ package client
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"net/http/httptest"
@@ -13,7 +13,7 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestTLSCloseWriter(t *testing.T) {
@@ -25,13 +25,13 @@ func TestTLSCloseWriter(t *testing.T) {
 		defer close(chErr)
 		if err := httputils.ParseForm(req); err != nil {
 			chErr <- errors.Wrap(err, "error parsing form")
-			http.Error(w, err.Error(), 500)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 		r, rw, err := httputils.HijackConnection(w)
 		if err != nil {
 			chErr <- errors.Wrap(err, "error hijacking connection")
-			http.Error(w, err.Error(), 500)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 		defer r.Close()
@@ -61,7 +61,7 @@ func TestTLSCloseWriter(t *testing.T) {
 			break
 		}
 	}
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	ts.Listener = l
 	defer l.Close()
@@ -76,13 +76,13 @@ func TestTLSCloseWriter(t *testing.T) {
 	defer ts.Close()
 
 	serverURL, err := url.Parse(ts.URL)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
-	client, err := NewClient("tcp://"+serverURL.Host, "", ts.Client(), nil)
-	assert.Assert(t, err)
+	client, err := NewClientWithOpts(WithHost("tcp://"+serverURL.Host), WithHTTPClient(ts.Client()))
+	assert.NilError(t, err)
 
 	resp, err := client.postHijacked(context.Background(), "/asdf", url.Values{}, nil, map[string][]string{"Content-Type": {"text/plain"}})
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	defer resp.Close()
 
 	if _, ok := resp.Conn.(types.CloseWriter); !ok {
@@ -90,10 +90,10 @@ func TestTLSCloseWriter(t *testing.T) {
 	}
 
 	_, err = resp.Conn.Write([]byte("hello"))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
-	b, err := ioutil.ReadAll(resp.Reader)
-	assert.Assert(t, err)
+	b, err := io.ReadAll(resp.Reader)
+	assert.NilError(t, err)
 	assert.Assert(t, string(b) == "hello")
 	assert.Assert(t, resp.CloseWrite())
 
diff --git a/client/image_build.go b/client/image_build.go
index 9add3c10b348b..d16e1d8ea98ae 100644
--- a/client/image_build.go
+++ b/client/image_build.go
@@ -14,8 +14,8 @@ import (
 	"github.com/docker/docker/api/types/container"
 )
 
-// ImageBuild sends request to the daemon to build images.
-// The Body in the response implement an io.ReadCloser and it's up to the caller to
+// ImageBuild sends a request to the daemon to build images.
+// The Body in the response implements an io.ReadCloser and it's up to the caller to
 // close it.
 func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) {
 	query, err := cli.imageBuildOptionsToQuery(options)
@@ -134,5 +134,13 @@ func (cli *Client) imageBuildOptionsToQuery(options types.ImageBuildOptions) (ur
 		query.Set("buildid", options.BuildID)
 	}
 	query.Set("version", string(options.Version))
+
+	if options.Outputs != nil {
+		outputsJSON, err := json.Marshal(options.Outputs)
+		if err != nil {
+			return query, err
+		}
+		query.Set("outputs", string(outputsJSON))
+	}
 	return query, nil
 }
diff --git a/client/image_build_test.go b/client/image_build_test.go
index 95c11bc3e5e9a..3d6c0a972d97c 100644
--- a/client/image_build_test.go
+++ b/client/image_build_test.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"reflect"
 	"strings"
@@ -12,7 +12,8 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/go-units"
+	"github.com/docker/docker/errdefs"
+	units "github.com/docker/go-units"
 )
 
 func TestImageBuildError(t *testing.T) {
@@ -20,8 +21,8 @@ func TestImageBuildError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ImageBuild(context.Background(), nil, types.ImageBuildOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -194,7 +195,7 @@ func TestImageBuild(t *testing.T) {
 				headers.Add("Server", "Docker/v1.23 (MyOS)")
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 					Header:     headers,
 				}, nil
 			}),
@@ -206,7 +207,7 @@ func TestImageBuild(t *testing.T) {
 		if buildResponse.OSType != "MyOS" {
 			t.Fatalf("expected OSType to be 'MyOS', got %s", buildResponse.OSType)
 		}
-		response, err := ioutil.ReadAll(buildResponse.Body)
+		response, err := io.ReadAll(buildResponse.Body)
 		if err != nil {
 			t.Fatal(err)
 		}
diff --git a/client/image_create.go b/client/image_create.go
index 239380474e618..b1c0227775ce5 100644
--- a/client/image_create.go
+++ b/client/image_create.go
@@ -10,7 +10,7 @@ import (
 	"github.com/docker/docker/api/types"
 )
 
-// ImageCreate creates a new image based in the parent options.
+// ImageCreate creates a new image based on the parent options.
 // It returns the JSON content in the response body.
 func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
 	ref, err := reference.ParseNormalizedNamed(parentReference)
diff --git a/client/image_create_test.go b/client/image_create_test.go
index b89f16d27b7d6..3095cbc05b8be 100644
--- a/client/image_create_test.go
+++ b/client/image_create_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImageCreateError(t *testing.T) {
@@ -17,8 +18,8 @@ func TestImageCreateError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ImageCreate(context.Background(), "reference", types.ImageCreateOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -51,7 +52,7 @@ func TestImageCreate(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
@@ -62,7 +63,7 @@ func TestImageCreate(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	response, err := ioutil.ReadAll(createResponse)
+	response, err := io.ReadAll(createResponse)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/client/image_history.go b/client/image_history.go
index 0151b9517f250..b5bea10d8f638 100644
--- a/client/image_history.go
+++ b/client/image_history.go
@@ -12,11 +12,11 @@ import (
 func (cli *Client) ImageHistory(ctx context.Context, imageID string) ([]image.HistoryResponseItem, error) {
 	var history []image.HistoryResponseItem
 	serverResp, err := cli.get(ctx, "/images/"+imageID+"/history", url.Values{}, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return history, err
 	}
 
 	err = json.NewDecoder(serverResp.body).Decode(&history)
-	ensureReaderClosed(serverResp)
 	return history, err
 }
diff --git a/client/image_history_test.go b/client/image_history_test.go
index 0217bf575a34d..bb4a2b11fc2e4 100644
--- a/client/image_history_test.go
+++ b/client/image_history_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/image"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImageHistoryError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestImageHistoryError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ImageHistory(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -46,7 +47,7 @@ func TestImageHistory(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/image_import.go b/client/image_import.go
index c2972ea950eb8..c5de42cb799d3 100644
--- a/client/image_import.go
+++ b/client/image_import.go
@@ -10,11 +10,11 @@ import (
 	"github.com/docker/docker/api/types"
 )
 
-// ImageImport creates a new image based in the source options.
+// ImageImport creates a new image based on the source options.
 // It returns the JSON content in the response body.
 func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error) {
 	if ref != "" {
-		//Check if the given image name can be resolved
+		// Check if the given image name can be resolved
 		if _, err := reference.ParseNormalizedNamed(ref); err != nil {
 			return nil, err
 		}
diff --git a/client/image_import_test.go b/client/image_import_test.go
index 944cd52fecef2..34f1e0642fe8d 100644
--- a/client/image_import_test.go
+++ b/client/image_import_test.go
@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"reflect"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImageImportError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestImageImportError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ImageImport(context.Background(), types.ImageImportSource{}, "image:tag", types.ImageImportOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -55,7 +56,7 @@ func TestImageImport(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("response"))),
 			}, nil
 		}),
 	}
@@ -70,7 +71,7 @@ func TestImageImport(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	response, err := ioutil.ReadAll(importResponse)
+	response, err := io.ReadAll(importResponse)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/client/image_inspect.go b/client/image_inspect.go
index 2f8f6d2f1416c..03aa12d8b4cdd 100644
--- a/client/image_inspect.go
+++ b/client/image_inspect.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 
 	"github.com/docker/docker/api/types"
 )
@@ -15,12 +15,12 @@ func (cli *Client) ImageInspectWithRaw(ctx context.Context, imageID string) (typ
 		return types.ImageInspect{}, nil, objectNotFoundError{object: "image", id: imageID}
 	}
 	serverResp, err := cli.get(ctx, "/images/"+imageID+"/json", nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return types.ImageInspect{}, nil, wrapResponseError(err, serverResp, "image", imageID)
 	}
-	defer ensureReaderClosed(serverResp)
 
-	body, err := ioutil.ReadAll(serverResp.body)
+	body, err := io.ReadAll(serverResp.body)
 	if err != nil {
 		return types.ImageInspect{}, nil, err
 	}
diff --git a/client/image_inspect_test.go b/client/image_inspect_test.go
index a910872d1c726..893552a2e44c4 100644
--- a/client/image_inspect_test.go
+++ b/client/image_inspect_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"reflect"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -21,8 +22,8 @@ func TestImageInspectError(t *testing.T) {
 	}
 
 	_, _, err := client.ImageInspectWithRaw(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -66,7 +67,7 @@ func TestImageInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/image_list.go b/client/image_list.go
index 32fae27b375e4..a4d7505094cd5 100644
--- a/client/image_list.go
+++ b/client/image_list.go
@@ -24,6 +24,7 @@ func (cli *Client) ImageList(ctx context.Context, options types.ImageListOptions
 		}
 	}
 	if optionFilters.Len() > 0 {
+		//nolint:staticcheck // ignore SA1019 for old code
 		filterJSON, err := filters.ToParamWithVersion(cli.version, optionFilters)
 		if err != nil {
 			return images, err
@@ -35,11 +36,11 @@ func (cli *Client) ImageList(ctx context.Context, options types.ImageListOptions
 	}
 
 	serverResp, err := cli.get(ctx, "/images/json", query, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return images, err
 	}
 
 	err = json.NewDecoder(serverResp.body).Decode(&images)
-	ensureReaderClosed(serverResp)
 	return images, err
 }
diff --git a/client/image_list_test.go b/client/image_list_test.go
index 3ba5239a536fc..4619393ff3cb9 100644
--- a/client/image_list_test.go
+++ b/client/image_list_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImageListError(t *testing.T) {
@@ -20,8 +21,8 @@ func TestImageListError(t *testing.T) {
 	}
 
 	_, err := client.ImageList(context.Background(), types.ImageListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -95,7 +96,7 @@ func TestImageList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
@@ -136,7 +137,7 @@ func TestImageListApiBefore125(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 		version: "1.24",
diff --git a/client/image_load_test.go b/client/image_load_test.go
index 116317da75f34..4e53cb83a3f2c 100644
--- a/client/image_load_test.go
+++ b/client/image_load_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImageLoadError(t *testing.T) {
@@ -16,8 +18,8 @@ func TestImageLoadError(t *testing.T) {
 	}
 
 	_, err := client.ImageLoad(context.Background(), nil, true)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -69,7 +71,7 @@ func TestImageLoad(t *testing.T) {
 				headers.Add("Content-Type", loadCase.responseContentType)
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte(expectedOutput))),
+					Body:       io.NopCloser(bytes.NewReader([]byte(expectedOutput))),
 					Header:     headers,
 				}, nil
 			}),
@@ -83,7 +85,7 @@ func TestImageLoad(t *testing.T) {
 		if imageLoadResponse.JSON != loadCase.expectedResponseJSON {
 			t.Fatalf("expected a JSON response, was not.")
 		}
-		body, err := ioutil.ReadAll(imageLoadResponse.Body)
+		body, err := io.ReadAll(imageLoadResponse.Body)
 		if err != nil {
 			t.Fatal(err)
 		}
diff --git a/client/image_prune.go b/client/image_prune.go
index 78ee3f6c496f3..56af6d7f98f4f 100644
--- a/client/image_prune.go
+++ b/client/image_prune.go
@@ -23,10 +23,10 @@ func (cli *Client) ImagesPrune(ctx context.Context, pruneFilters filters.Args) (
 	}
 
 	serverResp, err := cli.post(ctx, "/images/prune", query, nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return report, err
 	}
-	defer ensureReaderClosed(serverResp)
 
 	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
 		return report, fmt.Errorf("Error retrieving disk usage: %v", err)
diff --git a/client/image_prune_test.go b/client/image_prune_test.go
index 9b0839bb6c12b..a3652a10034f7 100644
--- a/client/image_prune_test.go
+++ b/client/image_prune_test.go
@@ -5,15 +5,17 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
+	"github.com/docker/docker/errdefs"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestImagesPruneError(t *testing.T) {
@@ -22,10 +24,10 @@ func TestImagesPruneError(t *testing.T) {
 		version: "1.25",
 	}
 
-	filters := filters.NewArgs()
-
-	_, err := client.ImagesPrune(context.Background(), filters)
-	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+	_, err := client.ImagesPrune(context.Background(), filters.NewArgs())
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 }
 
 func TestImagesPrune(t *testing.T) {
@@ -106,7 +108,7 @@ func TestImagesPrune(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 			version: "1.25",
diff --git a/client/image_pull.go b/client/image_pull.go
index d97aacf8c5291..a23975591be27 100644
--- a/client/image_pull.go
+++ b/client/image_pull.go
@@ -3,12 +3,12 @@ package client // import "github.com/docker/docker/client"
 import (
 	"context"
 	"io"
-	"net/http"
 	"net/url"
 	"strings"
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 // ImagePull requests the docker host to pull an image from a remote registry.
@@ -35,7 +35,7 @@ func (cli *Client) ImagePull(ctx context.Context, refStr string, options types.I
 	}
 
 	resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
-	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
+	if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
 		newAuthHeader, privilegeErr := options.PrivilegeFunc()
 		if privilegeErr != nil {
 			return nil, privilegeErr
diff --git a/client/image_pull_test.go b/client/image_pull_test.go
index 361c5c2be37a3..92793e1e3994a 100644
--- a/client/image_pull_test.go
+++ b/client/image_pull_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImagePullReferenceParseError(t *testing.T) {
@@ -30,8 +31,8 @@ func TestImagePullAnyError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ImagePull(context.Background(), "myimage", types.ImagePullOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -40,8 +41,8 @@ func TestImagePullStatusUnauthorizedError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
 	}
 	_, err := client.ImagePull(context.Background(), "myimage", types.ImagePullOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
-		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	if !errdefs.IsUnauthorized(err) {
+		t.Fatalf("expected a Unauthorized Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -70,8 +71,8 @@ func TestImagePullWithUnauthorizedErrorAndAnotherUnauthorizedError(t *testing.T)
 	_, err := client.ImagePull(context.Background(), "myimage", types.ImagePullOptions{
 		PrivilegeFunc: privilegeFunc,
 	})
-	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
-		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	if !errdefs.IsUnauthorized(err) {
+		t.Fatalf("expected a Unauthorized Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -86,7 +87,7 @@ func TestImagePullWithPrivilegedFuncNoError(t *testing.T) {
 			if auth == "NotValid" {
 				return &http.Response{
 					StatusCode: http.StatusUnauthorized,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
 				}, nil
 			}
 			if auth != "IAmValid" {
@@ -103,7 +104,7 @@ func TestImagePullWithPrivilegedFuncNoError(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("hello world"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("hello world"))),
 			}, nil
 		}),
 	}
@@ -117,7 +118,7 @@ func TestImagePullWithPrivilegedFuncNoError(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	body, err := ioutil.ReadAll(resp)
+	body, err := io.ReadAll(resp)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -177,7 +178,7 @@ func TestImagePullWithoutErrors(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte(expectedOutput))),
+					Body:       io.NopCloser(bytes.NewReader([]byte(expectedOutput))),
 				}, nil
 			}),
 		}
@@ -187,7 +188,7 @@ func TestImagePullWithoutErrors(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		body, err := ioutil.ReadAll(resp)
+		body, err := io.ReadAll(resp)
 		if err != nil {
 			t.Fatal(err)
 		}
diff --git a/client/image_push.go b/client/image_push.go
index a15871c2b4480..845580d4a4cdb 100644
--- a/client/image_push.go
+++ b/client/image_push.go
@@ -4,11 +4,11 @@ import (
 	"context"
 	"errors"
 	"io"
-	"net/http"
 	"net/url"
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 // ImagePush requests the docker host to push an image to a remote registry.
@@ -25,18 +25,17 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options types.Im
 		return nil, errors.New("cannot push a digest reference")
 	}
 
-	tag := ""
 	name := reference.FamiliarName(ref)
-
-	if nameTaggedRef, isNamedTagged := ref.(reference.NamedTagged); isNamedTagged {
-		tag = nameTaggedRef.Tag()
-	}
-
 	query := url.Values{}
-	query.Set("tag", tag)
+	if !options.All {
+		ref = reference.TagNameOnly(ref)
+		if tagged, ok := ref.(reference.Tagged); ok {
+			query.Set("tag", tagged.Tag())
+		}
+	}
 
 	resp, err := cli.tryImagePush(ctx, name, query, options.RegistryAuth)
-	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
+	if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
 		newAuthHeader, privilegeErr := options.PrivilegeFunc()
 		if privilegeErr != nil {
 			return nil, privilegeErr
diff --git a/client/image_push_test.go b/client/image_push_test.go
index 0693601af1917..9b161717caac4 100644
--- a/client/image_push_test.go
+++ b/client/image_push_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImagePushReferenceError(t *testing.T) {
@@ -35,8 +36,8 @@ func TestImagePushAnyError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ImagePush(context.Background(), "myimage", types.ImagePushOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -45,8 +46,8 @@ func TestImagePushStatusUnauthorizedError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
 	}
 	_, err := client.ImagePush(context.Background(), "myimage", types.ImagePushOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
-		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	if !errdefs.IsUnauthorized(err) {
+		t.Fatalf("expected a Unauthorized Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -75,8 +76,8 @@ func TestImagePushWithUnauthorizedErrorAndAnotherUnauthorizedError(t *testing.T)
 	_, err := client.ImagePush(context.Background(), "myimage", types.ImagePushOptions{
 		PrivilegeFunc: privilegeFunc,
 	})
-	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
-		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	if !errdefs.IsUnauthorized(err) {
+		t.Fatalf("expected a Unauthorized Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -91,7 +92,7 @@ func TestImagePushWithPrivilegedFuncNoError(t *testing.T) {
 			if auth == "NotValid" {
 				return &http.Response{
 					StatusCode: http.StatusUnauthorized,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
 				}, nil
 			}
 			if auth != "IAmValid" {
@@ -104,7 +105,7 @@ func TestImagePushWithPrivilegedFuncNoError(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("hello world"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("hello world"))),
 			}, nil
 		}),
 	}
@@ -118,7 +119,7 @@ func TestImagePushWithPrivilegedFuncNoError(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	body, err := ioutil.ReadAll(resp)
+	body, err := io.ReadAll(resp)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -130,50 +131,70 @@ func TestImagePushWithPrivilegedFuncNoError(t *testing.T) {
 func TestImagePushWithoutErrors(t *testing.T) {
 	expectedOutput := "hello world"
 	expectedURLFormat := "/images/%s/push"
-	pullCases := []struct {
+	testCases := []struct {
+		all           bool
 		reference     string
 		expectedImage string
 		expectedTag   string
 	}{
 		{
+			all:           false,
 			reference:     "myimage",
 			expectedImage: "myimage",
-			expectedTag:   "",
+			expectedTag:   "latest",
 		},
 		{
+			all:           false,
 			reference:     "myimage:tag",
 			expectedImage: "myimage",
 			expectedTag:   "tag",
 		},
+		{
+			all:           true,
+			reference:     "myimage",
+			expectedImage: "myimage",
+			expectedTag:   "",
+		},
+		{
+			all:           true,
+			reference:     "myimage:anything",
+			expectedImage: "myimage",
+			expectedTag:   "",
+		},
 	}
-	for _, pullCase := range pullCases {
-		client := &Client{
-			client: newMockClient(func(req *http.Request) (*http.Response, error) {
-				expectedURL := fmt.Sprintf(expectedURLFormat, pullCase.expectedImage)
-				if !strings.HasPrefix(req.URL.Path, expectedURL) {
-					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
-				}
-				query := req.URL.Query()
-				tag := query.Get("tag")
-				if tag != pullCase.expectedTag {
-					return nil, fmt.Errorf("tag not set in URL query properly. Expected '%s', got %s", pullCase.expectedTag, tag)
-				}
-				return &http.Response{
-					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte(expectedOutput))),
-				}, nil
-			}),
-		}
-		resp, err := client.ImagePush(context.Background(), pullCase.reference, types.ImagePushOptions{})
-		if err != nil {
-			t.Fatal(err)
-		}
-		body, err := ioutil.ReadAll(resp)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if string(body) != expectedOutput {
-			t.Fatalf("expected '%s', got %s", expectedOutput, string(body))
-		}
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(fmt.Sprintf("%s,all-tags=%t", tc.reference, tc.all), func(t *testing.T) {
+			client := &Client{
+				client: newMockClient(func(req *http.Request) (*http.Response, error) {
+					expectedURL := fmt.Sprintf(expectedURLFormat, tc.expectedImage)
+					if !strings.HasPrefix(req.URL.Path, expectedURL) {
+						return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+					}
+					query := req.URL.Query()
+					tag := query.Get("tag")
+					if tag != tc.expectedTag {
+						return nil, fmt.Errorf("tag not set in URL query properly. Expected '%s', got %s", tc.expectedTag, tag)
+					}
+					return &http.Response{
+						StatusCode: http.StatusOK,
+						Body:       io.NopCloser(bytes.NewReader([]byte(expectedOutput))),
+					}, nil
+				}),
+			}
+			resp, err := client.ImagePush(context.Background(), tc.reference, types.ImagePushOptions{
+				All: tc.all,
+			})
+			if err != nil {
+				t.Fatal(err)
+			}
+			body, err := io.ReadAll(resp)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if string(body) != expectedOutput {
+				t.Fatalf("expected '%s', got %s", expectedOutput, string(body))
+			}
+		})
 	}
 }
diff --git a/client/image_remove.go b/client/image_remove.go
index 45d6e6f0dbad2..84a41af0f2ca7 100644
--- a/client/image_remove.go
+++ b/client/image_remove.go
@@ -21,11 +21,11 @@ func (cli *Client) ImageRemove(ctx context.Context, imageID string, options type
 
 	var dels []types.ImageDeleteResponseItem
 	resp, err := cli.delete(ctx, "/images/"+imageID, query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return dels, wrapResponseError(err, resp, "image", imageID)
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&dels)
-	ensureReaderClosed(resp)
 	return dels, err
 }
diff --git a/client/image_remove_test.go b/client/image_remove_test.go
index acc6bc9177602..919baa2f68434 100644
--- a/client/image_remove_test.go
+++ b/client/image_remove_test.go
@@ -5,14 +5,15 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestImageRemoveError(t *testing.T) {
@@ -21,7 +22,9 @@ func TestImageRemoveError(t *testing.T) {
 	}
 
 	_, err := client.ImageRemove(context.Background(), "image_id", types.ImageRemoveOptions{})
-	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 }
 
 func TestImageRemoveImageNotFound(t *testing.T) {
@@ -63,7 +66,7 @@ func TestImageRemove(t *testing.T) {
 				if !strings.HasPrefix(req.URL.Path, expectedURL) {
 					return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, req.URL)
 				}
-				if req.Method != "DELETE" {
+				if req.Method != http.MethodDelete {
 					return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 				}
 				query := req.URL.Query()
@@ -87,7 +90,7 @@ func TestImageRemove(t *testing.T) {
 
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+					Body:       io.NopCloser(bytes.NewReader(b)),
 				}, nil
 			}),
 		}
diff --git a/client/image_save_test.go b/client/image_save_test.go
index a40055e583e99..c90a742c4a572 100644
--- a/client/image_save_test.go
+++ b/client/image_save_test.go
@@ -4,11 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"reflect"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImageSaveError(t *testing.T) {
@@ -16,8 +18,8 @@ func TestImageSaveError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ImageSave(context.Background(), []string{"nothing"})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -37,7 +39,7 @@ func TestImageSave(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("response"))),
 			}, nil
 		}),
 	}
@@ -45,7 +47,7 @@ func TestImageSave(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	response, err := ioutil.ReadAll(saveResponse)
+	response, err := io.ReadAll(saveResponse)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/client/image_search.go b/client/image_search.go
index 176de3c582404..5f40a22a964cc 100644
--- a/client/image_search.go
+++ b/client/image_search.go
@@ -4,15 +4,15 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"net/http"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/errdefs"
 )
 
-// ImageSearch makes the docker host to search by a term in a remote registry.
+// ImageSearch makes the docker host search by a term in a remote registry.
 // The list of results is not sorted in any fashion.
 func (cli *Client) ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) {
 	var results []registry.SearchResult
@@ -29,7 +29,8 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I
 	}
 
 	resp, err := cli.tryImageSearch(ctx, query, options.RegistryAuth)
-	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
+	defer ensureReaderClosed(resp)
+	if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
 		newAuthHeader, privilegeErr := options.PrivilegeFunc()
 		if privilegeErr != nil {
 			return results, privilegeErr
@@ -41,7 +42,6 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&results)
-	ensureReaderClosed(resp)
 	return results, err
 }
 
diff --git a/client/image_search_test.go b/client/image_search_test.go
index 1456cd606fbe1..ced6deeb2bdb5 100644
--- a/client/image_search_test.go
+++ b/client/image_search_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -13,6 +13,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImageSearchAnyError(t *testing.T) {
@@ -20,8 +21,8 @@ func TestImageSearchAnyError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -30,8 +31,8 @@ func TestImageSearchStatusUnauthorizedError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
 	}
 	_, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
-		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	if !errdefs.IsUnauthorized(err) {
+		t.Fatalf("expected a Unauthorized Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -60,8 +61,8 @@ func TestImageSearchWithUnauthorizedErrorAndAnotherUnauthorizedError(t *testing.
 	_, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{
 		PrivilegeFunc: privilegeFunc,
 	})
-	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
-		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	if !errdefs.IsUnauthorized(err) {
+		t.Fatalf("expected a Unauthorized Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -76,7 +77,7 @@ func TestImageSearchWithPrivilegedFuncNoError(t *testing.T) {
 			if auth == "NotValid" {
 				return &http.Response{
 					StatusCode: http.StatusUnauthorized,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
 				}, nil
 			}
 			if auth != "IAmValid" {
@@ -97,7 +98,7 @@ func TestImageSearchWithPrivilegedFuncNoError(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
@@ -148,7 +149,7 @@ func TestImageSearchWithoutErrors(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/image_tag_test.go b/client/image_tag_test.go
index 2923bb995ba12..63653af20744e 100644
--- a/client/image_tag_test.go
+++ b/client/image_tag_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestImageTagError(t *testing.T) {
@@ -16,8 +18,8 @@ func TestImageTagError(t *testing.T) {
 	}
 
 	err := client.ImageTag(context.Background(), "image_id", "repo:tag")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -118,7 +120,7 @@ func TestImageTag(t *testing.T) {
 				if !strings.HasPrefix(req.URL.Path, expectedURL) {
 					return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, req.URL)
 				}
-				if req.Method != "POST" {
+				if req.Method != http.MethodPost {
 					return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 				}
 				query := req.URL.Query()
@@ -130,7 +132,7 @@ func TestImageTag(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+					Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 				}, nil
 			}),
 		}
diff --git a/client/info.go b/client/info.go
index 121f256ab1cce..c856704e23f4f 100644
--- a/client/info.go
+++ b/client/info.go
@@ -13,10 +13,10 @@ import (
 func (cli *Client) Info(ctx context.Context) (types.Info, error) {
 	var info types.Info
 	serverResp, err := cli.get(ctx, "/info", url.Values{}, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return info, err
 	}
-	defer ensureReaderClosed(serverResp)
 
 	if err := json.NewDecoder(serverResp.body).Decode(&info); err != nil {
 		return info, fmt.Errorf("Error reading remote info: %v", err)
diff --git a/client/info_test.go b/client/info_test.go
index 866d8e8849b97..f1d538373823a 100644
--- a/client/info_test.go
+++ b/client/info_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestInfoServerError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestInfoServerError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.Info(context.Background())
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -28,7 +29,7 @@ func TestInfoInvalidResponseJSONError(t *testing.T) {
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("invalid json"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("invalid json"))),
 			}, nil
 		}),
 	}
@@ -56,7 +57,7 @@ func TestInfo(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/interface.go b/client/interface.go
index d190f8e58db8e..7277d1bbdd296 100644
--- a/client/interface.go
+++ b/client/interface.go
@@ -16,6 +16,7 @@ import (
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 	volumetypes "github.com/docker/docker/api/types/volume"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // CommonAPIClient is the common methods between stable and experimental versions of APIClient.
@@ -38,7 +39,7 @@ type CommonAPIClient interface {
 	ServerVersion(ctx context.Context) (types.Version, error)
 	NegotiateAPIVersion(ctx context.Context)
 	NegotiateAPIVersionPing(types.Ping)
-	DialSession(ctx context.Context, proto string, meta map[string][]string) (net.Conn, error)
+	DialHijack(ctx context.Context, url, proto string, meta map[string][]string) (net.Conn, error)
 	Dialer() func(context.Context) (net.Conn, error)
 	Close() error
 }
@@ -47,7 +48,7 @@ type CommonAPIClient interface {
 type ContainerAPIClient interface {
 	ContainerAttach(ctx context.Context, container string, options types.ContainerAttachOptions) (types.HijackedResponse, error)
 	ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error)
-	ContainerCreate(ctx context.Context, config *containertypes.Config, hostConfig *containertypes.HostConfig, networkingConfig *networktypes.NetworkingConfig, containerName string) (containertypes.ContainerCreateCreatedBody, error)
+	ContainerCreate(ctx context.Context, config *containertypes.Config, hostConfig *containertypes.HostConfig, networkingConfig *networktypes.NetworkingConfig, platform *specs.Platform, containerName string) (containertypes.ContainerCreateCreatedBody, error)
 	ContainerDiff(ctx context.Context, container string) ([]containertypes.ContainerChangeResponseItem, error)
 	ContainerExecAttach(ctx context.Context, execID string, config types.ExecStartCheck) (types.HijackedResponse, error)
 	ContainerExecCreate(ctx context.Context, container string, config types.ExecConfig) (types.IDResponse, error)
@@ -67,6 +68,7 @@ type ContainerAPIClient interface {
 	ContainerRestart(ctx context.Context, container string, timeout *time.Duration) error
 	ContainerStatPath(ctx context.Context, container, path string) (types.ContainerPathStat, error)
 	ContainerStats(ctx context.Context, container string, stream bool) (types.ContainerStats, error)
+	ContainerStatsOneShot(ctx context.Context, container string) (types.ContainerStats, error)
 	ContainerStart(ctx context.Context, container string, options types.ContainerStartOptions) error
 	ContainerStop(ctx context.Context, container string, timeout *time.Duration) error
 	ContainerTop(ctx context.Context, container string, arguments []string) (containertypes.ContainerTopOKBody, error)
@@ -166,7 +168,7 @@ type SystemAPIClient interface {
 	Events(ctx context.Context, options types.EventsOptions) (<-chan events.Message, <-chan error)
 	Info(ctx context.Context) (types.Info, error)
 	RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error)
-	DiskUsage(ctx context.Context) (types.DiskUsage, error)
+	DiskUsage(ctx context.Context, options types.DiskUsageOptions) (types.DiskUsage, error)
 	Ping(ctx context.Context) (types.Ping, error)
 }
 
diff --git a/client/login.go b/client/login.go
index 7d66181900401..f058520638238 100644
--- a/client/login.go
+++ b/client/login.go
@@ -3,7 +3,6 @@ package client // import "github.com/docker/docker/client"
 import (
 	"context"
 	"encoding/json"
-	"net/http"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
@@ -14,16 +13,13 @@ import (
 // It returns unauthorizedError when the authentication fails.
 func (cli *Client) RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error) {
 	resp, err := cli.post(ctx, "/auth", url.Values{}, auth, nil)
+	defer ensureReaderClosed(resp)
 
-	if resp.statusCode == http.StatusUnauthorized {
-		return registry.AuthenticateOKBody{}, unauthorizedError{err}
-	}
 	if err != nil {
 		return registry.AuthenticateOKBody{}, err
 	}
 
 	var response registry.AuthenticateOKBody
 	err = json.NewDecoder(resp.body).Decode(&response)
-	ensureReaderClosed(resp)
 	return response, err
 }
diff --git a/client/network_connect_test.go b/client/network_connect_test.go
index 07a3ba692ea39..30f2f254d63cd 100644
--- a/client/network_connect_test.go
+++ b/client/network_connect_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestNetworkConnectError(t *testing.T) {
@@ -20,8 +21,8 @@ func TestNetworkConnectError(t *testing.T) {
 	}
 
 	err := client.NetworkConnect(context.Background(), "network_id", "container_id", nil)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -34,7 +35,7 @@ func TestNetworkConnectEmptyNilEndpointSettings(t *testing.T) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
 
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 
@@ -53,7 +54,7 @@ func TestNetworkConnectEmptyNilEndpointSettings(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
@@ -73,7 +74,7 @@ func TestNetworkConnect(t *testing.T) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
 
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 
@@ -96,7 +97,7 @@ func TestNetworkConnect(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/network_create.go b/client/network_create.go
index 41da2ac6109ab..278d9383a86b2 100644
--- a/client/network_create.go
+++ b/client/network_create.go
@@ -15,11 +15,11 @@ func (cli *Client) NetworkCreate(ctx context.Context, name string, options types
 	}
 	var response types.NetworkCreateResponse
 	serverResp, err := cli.post(ctx, "/networks/create", nil, networkCreateRequest, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return response, err
 	}
 
-	json.NewDecoder(serverResp.body).Decode(&response)
-	ensureReaderClosed(serverResp)
+	err = json.NewDecoder(serverResp.body).Decode(&response)
 	return response, err
 }
diff --git a/client/network_create_test.go b/client/network_create_test.go
index 894c98ebb3ab1..72969864b7682 100644
--- a/client/network_create_test.go
+++ b/client/network_create_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestNetworkCreateError(t *testing.T) {
@@ -19,8 +20,8 @@ func TestNetworkCreateError(t *testing.T) {
 	}
 
 	_, err := client.NetworkCreate(context.Background(), "mynetwork", types.NetworkCreate{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -33,7 +34,7 @@ func TestNetworkCreate(t *testing.T) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
 
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 
@@ -46,7 +47,7 @@ func TestNetworkCreate(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/network_disconnect_test.go b/client/network_disconnect_test.go
index b27b955e2ee03..5a44bcd8e054d 100644
--- a/client/network_disconnect_test.go
+++ b/client/network_disconnect_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestNetworkDisconnectError(t *testing.T) {
@@ -19,8 +20,8 @@ func TestNetworkDisconnectError(t *testing.T) {
 	}
 
 	err := client.NetworkDisconnect(context.Background(), "network_id", "container_id", false)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -33,7 +34,7 @@ func TestNetworkDisconnect(t *testing.T) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
 
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 
@@ -52,7 +53,7 @@ func TestNetworkDisconnect(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/network_inspect.go b/client/network_inspect.go
index 025f6d8757dab..ecf20ceb6e46f 100644
--- a/client/network_inspect.go
+++ b/client/network_inspect.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
@@ -34,12 +34,12 @@ func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string,
 		query.Set("scope", options.Scope)
 	}
 	resp, err = cli.get(ctx, "/networks/"+networkID, query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return networkResource, nil, wrapResponseError(err, resp, "network", networkID)
 	}
-	defer ensureReaderClosed(resp)
 
-	body, err := ioutil.ReadAll(resp.body)
+	body, err := io.ReadAll(resp.body)
 	if err != nil {
 		return networkResource, nil, err
 	}
diff --git a/client/network_inspect_test.go b/client/network_inspect_test.go
index 699bccba675a0..84278fff6522e 100644
--- a/client/network_inspect_test.go
+++ b/client/network_inspect_test.go
@@ -4,72 +4,45 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"fmt"
-	"io/ioutil"
+	"errors"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/network"
-	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func TestNetworkInspectError(t *testing.T) {
-	client := &Client{
-		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
-	}
-
-	_, err := client.NetworkInspect(context.Background(), "nothing", types.NetworkInspectOptions{})
-	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
-}
-
-func TestNetworkInspectNotFoundError(t *testing.T) {
-	client := &Client{
-		client: newMockClient(errorMock(http.StatusNotFound, "missing")),
-	}
-
-	_, err := client.NetworkInspect(context.Background(), "unknown", types.NetworkInspectOptions{})
-	assert.Check(t, is.Error(err, "Error: No such network: unknown"))
-	assert.Check(t, IsErrNotFound(err))
-}
-
-func TestNetworkInspectWithEmptyID(t *testing.T) {
-	client := &Client{
-		client: newMockClient(func(req *http.Request) (*http.Response, error) {
-			return nil, errors.New("should not make request")
-		}),
-	}
-	_, _, err := client.NetworkInspectWithRaw(context.Background(), "", types.NetworkInspectOptions{})
-	if !IsErrNotFound(err) {
-		t.Fatalf("Expected NotFoundError, got %v", err)
-	}
-}
-
 func TestNetworkInspect(t *testing.T) {
-	expectedURL := "/networks/network_id"
 	client := &Client{
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
-			if !strings.HasPrefix(req.URL.Path, expectedURL) {
-				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			if req.Method != http.MethodGet {
+				return nil, errors.New("expected GET method, got " + req.Method)
 			}
-			if req.Method != "GET" {
-				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
+			if req.URL.Path == "/networks/" {
+				return errorMock(http.StatusInternalServerError, "client should not make a request for empty IDs")(req)
+			}
+			if strings.HasPrefix(req.URL.Path, "/networks/unknown") {
+				return errorMock(http.StatusNotFound, "Error: No such network: unknown")(req)
+			}
+			if strings.HasPrefix(req.URL.Path, "/networks/test-500-response") {
+				return errorMock(http.StatusInternalServerError, "Server error")(req)
+			}
+			// other test-cases all use "network_id"
+			if !strings.HasPrefix(req.URL.Path, "/networks/network_id") {
+				return nil, errors.New("expected URL '/networks/network_id', got " + req.URL.Path)
+			}
+			if strings.Contains(req.URL.RawQuery, "scope=global") {
+				return errorMock(http.StatusNotFound, "Error: No such network: unknown")(req)
 			}
-
 			var (
 				content []byte
 				err     error
 			)
-			if strings.Contains(req.URL.RawQuery, "scope=global") {
-				return &http.Response{
-					StatusCode: http.StatusNotFound,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
-				}, nil
-			}
-
 			if strings.Contains(req.URL.RawQuery, "verbose=true") {
 				s := map[string]network.ServiceInfo{
 					"web": {},
@@ -87,32 +60,45 @@ func TestNetworkInspect(t *testing.T) {
 				return nil, err
 			}
 			return &http.Response{
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
 
-	r, err := client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if r.Name != "mynetwork" {
-		t.Fatalf("expected `mynetwork`, got %s", r.Name)
-	}
-
-	r, err = client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{Verbose: true})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if r.Name != "mynetwork" {
-		t.Fatalf("expected `mynetwork`, got %s", r.Name)
-	}
-	_, ok := r.Services["web"]
-	if !ok {
-		t.Fatalf("expected service `web` missing in the verbose output")
-	}
-
-	_, err = client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{Scope: "global"})
-	assert.Check(t, is.Error(err, "Error: No such network: network_id"))
+	t.Run("empty ID", func(t *testing.T) {
+		// verify that the client does not create a request if the network-ID/name is empty.
+		_, err := client.NetworkInspect(context.Background(), "", types.NetworkInspectOptions{})
+		assert.Check(t, IsErrNotFound(err))
+	})
+	t.Run("no options", func(t *testing.T) {
+		r, err := client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{})
+		assert.NilError(t, err)
+		assert.Equal(t, r.Name, "mynetwork")
+	})
+	t.Run("verbose", func(t *testing.T) {
+		r, err := client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{Verbose: true})
+		assert.NilError(t, err)
+		assert.Equal(t, r.Name, "mynetwork")
+		_, ok := r.Services["web"]
+		if !ok {
+			t.Fatalf("expected service `web` missing in the verbose output")
+		}
+	})
+	t.Run("global scope", func(t *testing.T) {
+		_, err := client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{Scope: "global"})
+		assert.Check(t, is.Error(err, "Error: No such network: network_id"))
+		assert.Check(t, IsErrNotFound(err))
+	})
+	t.Run("unknown network", func(t *testing.T) {
+		_, err := client.NetworkInspect(context.Background(), "unknown", types.NetworkInspectOptions{})
+		assert.Check(t, is.Error(err, "Error: No such network: unknown"))
+		assert.Check(t, IsErrNotFound(err))
+	})
+	t.Run("server error", func(t *testing.T) {
+		// Just testing that an internal server error is converted correctly by the client
+		_, err := client.NetworkInspect(context.Background(), "test-500-response", types.NetworkInspectOptions{})
+		assert.Check(t, errdefs.IsSystem(err))
+	})
 }
diff --git a/client/network_list.go b/client/network_list.go
index f16b2f5624048..ed2acb55711dd 100644
--- a/client/network_list.go
+++ b/client/network_list.go
@@ -13,6 +13,7 @@ import (
 func (cli *Client) NetworkList(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error) {
 	query := url.Values{}
 	if options.Filters.Len() > 0 {
+		//nolint:staticcheck // ignore SA1019 for old code
 		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
 		if err != nil {
 			return nil, err
@@ -22,10 +23,10 @@ func (cli *Client) NetworkList(ctx context.Context, options types.NetworkListOpt
 	}
 	var networkResources []types.NetworkResource
 	resp, err := cli.get(ctx, "/networks", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return networkResources, err
 	}
 	err = json.NewDecoder(resp.body).Decode(&networkResources)
-	ensureReaderClosed(resp)
 	return networkResources, err
 }
diff --git a/client/network_list_test.go b/client/network_list_test.go
index 5263808cfd202..66e15e1290e7c 100644
--- a/client/network_list_test.go
+++ b/client/network_list_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestNetworkListError(t *testing.T) {
@@ -22,8 +23,8 @@ func TestNetworkListError(t *testing.T) {
 	_, err := client.NetworkList(context.Background(), types.NetworkListOptions{
 		Filters: filters.NewArgs(),
 	})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -73,7 +74,7 @@ func TestNetworkList(t *testing.T) {
 				if !strings.HasPrefix(req.URL.Path, expectedURL) {
 					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 				}
-				if req.Method != "GET" {
+				if req.Method != http.MethodGet {
 					return nil, fmt.Errorf("expected GET method, got %s", req.Method)
 				}
 				query := req.URL.Query()
@@ -92,7 +93,7 @@ func TestNetworkList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
diff --git a/client/network_prune.go b/client/network_prune.go
index 6418b8b607048..cebb18821925e 100644
--- a/client/network_prune.go
+++ b/client/network_prune.go
@@ -23,10 +23,10 @@ func (cli *Client) NetworksPrune(ctx context.Context, pruneFilters filters.Args)
 	}
 
 	serverResp, err := cli.post(ctx, "/networks/prune", query, nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return report, err
 	}
-	defer ensureReaderClosed(serverResp)
 
 	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
 		return report, fmt.Errorf("Error retrieving network prune report: %v", err)
diff --git a/client/network_prune_test.go b/client/network_prune_test.go
index 7a5d340e51953..d5019efc692ae 100644
--- a/client/network_prune_test.go
+++ b/client/network_prune_test.go
@@ -5,15 +5,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestNetworksPruneError(t *testing.T) {
@@ -25,8 +26,8 @@ func TestNetworksPruneError(t *testing.T) {
 	filters := filters.NewArgs()
 
 	_, err := client.NetworksPrune(context.Background(), filters)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -100,7 +101,7 @@ func TestNetworksPrune(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 			version: "1.25",
diff --git a/client/network_remove.go b/client/network_remove.go
index 12741437be35f..e71b16d86929a 100644
--- a/client/network_remove.go
+++ b/client/network_remove.go
@@ -5,6 +5,6 @@ import "context"
 // NetworkRemove removes an existent network from the docker host.
 func (cli *Client) NetworkRemove(ctx context.Context, networkID string) error {
 	resp, err := cli.delete(ctx, "/networks/"+networkID, nil, nil)
-	ensureReaderClosed(resp)
+	defer ensureReaderClosed(resp)
 	return wrapResponseError(err, resp, "network", networkID)
 }
diff --git a/client/network_remove_test.go b/client/network_remove_test.go
index ac40af74e6a11..e7dddff86ee1a 100644
--- a/client/network_remove_test.go
+++ b/client/network_remove_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestNetworkRemoveError(t *testing.T) {
@@ -16,8 +18,8 @@ func TestNetworkRemoveError(t *testing.T) {
 	}
 
 	err := client.NetworkRemove(context.Background(), "network_id")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -29,12 +31,12 @@ func TestNetworkRemove(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "DELETE" {
+			if req.Method != http.MethodDelete {
 				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
diff --git a/client/node_inspect.go b/client/node_inspect.go
index 593b2e9f0b3f7..b58db528567bf 100644
--- a/client/node_inspect.go
+++ b/client/node_inspect.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 
 	"github.com/docker/docker/api/types/swarm"
 )
@@ -15,12 +15,12 @@ func (cli *Client) NodeInspectWithRaw(ctx context.Context, nodeID string) (swarm
 		return swarm.Node{}, nil, objectNotFoundError{object: "node", id: nodeID}
 	}
 	serverResp, err := cli.get(ctx, "/nodes/"+nodeID, nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return swarm.Node{}, nil, wrapResponseError(err, serverResp, "node", nodeID)
 	}
-	defer ensureReaderClosed(serverResp)
 
-	body, err := ioutil.ReadAll(serverResp.body)
+	body, err := io.ReadAll(serverResp.body)
 	if err != nil {
 		return swarm.Node{}, nil, err
 	}
diff --git a/client/node_inspect_test.go b/client/node_inspect_test.go
index d0fdace7fe35e..ae97061a8b999 100644
--- a/client/node_inspect_test.go
+++ b/client/node_inspect_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -20,8 +21,8 @@ func TestNodeInspectError(t *testing.T) {
 	}
 
 	_, _, err := client.NodeInspectWithRaw(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -63,7 +64,7 @@ func TestNodeInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/node_list.go b/client/node_list.go
index 9883f6fc52d5f..c212906bc718e 100644
--- a/client/node_list.go
+++ b/client/node_list.go
@@ -25,12 +25,12 @@ func (cli *Client) NodeList(ctx context.Context, options types.NodeListOptions)
 	}
 
 	resp, err := cli.get(ctx, "/nodes", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return nil, err
 	}
 
 	var nodes []swarm.Node
 	err = json.NewDecoder(resp.body).Decode(&nodes)
-	ensureReaderClosed(resp)
 	return nodes, err
 }
diff --git a/client/node_list_test.go b/client/node_list_test.go
index 784a754a595d6..5851cd1a77789 100644
--- a/client/node_list_test.go
+++ b/client/node_list_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -13,6 +13,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestNodeListError(t *testing.T) {
@@ -21,8 +22,8 @@ func TestNodeListError(t *testing.T) {
 	}
 
 	_, err := client.NodeList(context.Background(), types.NodeListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -78,7 +79,7 @@ func TestNodeList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
diff --git a/client/node_remove.go b/client/node_remove.go
index e7a75057155ba..03ab878097418 100644
--- a/client/node_remove.go
+++ b/client/node_remove.go
@@ -15,6 +15,6 @@ func (cli *Client) NodeRemove(ctx context.Context, nodeID string, options types.
 	}
 
 	resp, err := cli.delete(ctx, "/nodes/"+nodeID, query, nil)
-	ensureReaderClosed(resp)
+	defer ensureReaderClosed(resp)
 	return wrapResponseError(err, resp, "node", nodeID)
 }
diff --git a/client/node_remove_test.go b/client/node_remove_test.go
index 85f828b849b0e..37b5964be18b5 100644
--- a/client/node_remove_test.go
+++ b/client/node_remove_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestNodeRemoveError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestNodeRemoveError(t *testing.T) {
 	}
 
 	err := client.NodeRemove(context.Background(), "node_id", types.NodeRemoveOptions{Force: false})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -45,7 +46,7 @@ func TestNodeRemove(t *testing.T) {
 				if !strings.HasPrefix(req.URL.Path, expectedURL) {
 					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 				}
-				if req.Method != "DELETE" {
+				if req.Method != http.MethodDelete {
 					return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 				}
 				force := req.URL.Query().Get("force")
@@ -55,7 +56,7 @@ func TestNodeRemove(t *testing.T) {
 
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 				}, nil
 			}),
 		}
diff --git a/client/node_update_test.go b/client/node_update_test.go
index d89e1ed85892f..772c6fbc89246 100644
--- a/client/node_update_test.go
+++ b/client/node_update_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestNodeUpdateError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestNodeUpdateError(t *testing.T) {
 	}
 
 	err := client.NodeUpdate(context.Background(), "node_id", swarm.Version{}, swarm.NodeSpec{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -31,12 +32,12 @@ func TestNodeUpdate(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
diff --git a/client/options.go b/client/options.go
new file mode 100644
index 0000000000000..6f77f0955f698
--- /dev/null
+++ b/client/options.go
@@ -0,0 +1,172 @@
+package client
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/pkg/errors"
+)
+
+// Opt is a configuration option to initialize a client
+type Opt func(*Client) error
+
+// FromEnv configures the client with values from environment variables.
+//
+// Supported environment variables:
+// DOCKER_HOST to set the url to the docker server.
+// DOCKER_API_VERSION to set the version of the API to reach, leave empty for latest.
+// DOCKER_CERT_PATH to load the TLS certificates from.
+// DOCKER_TLS_VERIFY to enable or disable TLS verification, off by default.
+func FromEnv(c *Client) error {
+	if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" {
+		options := tlsconfig.Options{
+			CAFile:             filepath.Join(dockerCertPath, "ca.pem"),
+			CertFile:           filepath.Join(dockerCertPath, "cert.pem"),
+			KeyFile:            filepath.Join(dockerCertPath, "key.pem"),
+			InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "",
+		}
+		tlsc, err := tlsconfig.Client(options)
+		if err != nil {
+			return err
+		}
+
+		c.client = &http.Client{
+			Transport:     &http.Transport{TLSClientConfig: tlsc},
+			CheckRedirect: CheckRedirect,
+		}
+	}
+
+	if host := os.Getenv("DOCKER_HOST"); host != "" {
+		if err := WithHost(host)(c); err != nil {
+			return err
+		}
+	}
+
+	if version := os.Getenv("DOCKER_API_VERSION"); version != "" {
+		if err := WithVersion(version)(c); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// WithDialer applies the dialer.DialContext to the client transport. This can be
+// used to set the Timeout and KeepAlive settings of the client.
+// Deprecated: use WithDialContext
+func WithDialer(dialer *net.Dialer) Opt {
+	return WithDialContext(dialer.DialContext)
+}
+
+// WithDialContext applies the dialer to the client transport. This can be
+// used to set the Timeout and KeepAlive settings of the client.
+func WithDialContext(dialContext func(ctx context.Context, network, addr string) (net.Conn, error)) Opt {
+	return func(c *Client) error {
+		if transport, ok := c.client.Transport.(*http.Transport); ok {
+			transport.DialContext = dialContext
+			return nil
+		}
+		return errors.Errorf("cannot apply dialer to transport: %T", c.client.Transport)
+	}
+}
+
+// WithHost overrides the client host with the specified one.
+func WithHost(host string) Opt {
+	return func(c *Client) error {
+		hostURL, err := ParseHostURL(host)
+		if err != nil {
+			return err
+		}
+		c.host = host
+		c.proto = hostURL.Scheme
+		c.addr = hostURL.Host
+		c.basePath = hostURL.Path
+		if transport, ok := c.client.Transport.(*http.Transport); ok {
+			return sockets.ConfigureTransport(transport, c.proto, c.addr)
+		}
+		return errors.Errorf("cannot apply host to transport: %T", c.client.Transport)
+	}
+}
+
+// WithHTTPClient overrides the client http client with the specified one
+func WithHTTPClient(client *http.Client) Opt {
+	return func(c *Client) error {
+		if client != nil {
+			c.client = client
+		}
+		return nil
+	}
+}
+
+// WithTimeout configures the time limit for requests made by the HTTP client
+func WithTimeout(timeout time.Duration) Opt {
+	return func(c *Client) error {
+		c.client.Timeout = timeout
+		return nil
+	}
+}
+
+// WithHTTPHeaders overrides the client default http headers
+func WithHTTPHeaders(headers map[string]string) Opt {
+	return func(c *Client) error {
+		c.customHTTPHeaders = headers
+		return nil
+	}
+}
+
+// WithScheme overrides the client scheme with the specified one
+func WithScheme(scheme string) Opt {
+	return func(c *Client) error {
+		c.scheme = scheme
+		return nil
+	}
+}
+
+// WithTLSClientConfig applies a tls config to the client transport.
+func WithTLSClientConfig(cacertPath, certPath, keyPath string) Opt {
+	return func(c *Client) error {
+		opts := tlsconfig.Options{
+			CAFile:             cacertPath,
+			CertFile:           certPath,
+			KeyFile:            keyPath,
+			ExclusiveRootPools: true,
+		}
+		config, err := tlsconfig.Client(opts)
+		if err != nil {
+			return errors.Wrap(err, "failed to create tls config")
+		}
+		if transport, ok := c.client.Transport.(*http.Transport); ok {
+			transport.TLSClientConfig = config
+			return nil
+		}
+		return errors.Errorf("cannot apply tls config to transport: %T", c.client.Transport)
+	}
+}
+
+// WithVersion overrides the client version with the specified one. If an empty
+// version is specified, the value will be ignored to allow version negotiation.
+func WithVersion(version string) Opt {
+	return func(c *Client) error {
+		if version != "" {
+			c.version = version
+			c.manualOverride = true
+		}
+		return nil
+	}
+}
+
+// WithAPIVersionNegotiation enables automatic API version negotiation for the client.
+// With this option enabled, the client automatically negotiates the API version
+// to use when making requests. API version negotiation is performed on the first
+// request; subsequent requests will not re-negotiate.
+func WithAPIVersionNegotiation() Opt {
+	return func(c *Client) error {
+		c.negotiateVersion = true
+		return nil
+	}
+}
diff --git a/client/options_test.go b/client/options_test.go
new file mode 100644
index 0000000000000..e853357123c4b
--- /dev/null
+++ b/client/options_test.go
@@ -0,0 +1,16 @@
+package client
+
+import (
+	"testing"
+	"time"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestOptionWithTimeout(t *testing.T) {
+	timeout := 10 * time.Second
+	c, err := NewClientWithOpts(WithTimeout(timeout))
+	assert.NilError(t, err)
+	assert.Check(t, c.client != nil)
+	assert.Equal(t, c.client.Timeout, timeout)
+}
diff --git a/client/ping.go b/client/ping.go
index dec1423e38911..a9af001ef46b5 100644
--- a/client/ping.go
+++ b/client/ping.go
@@ -2,34 +2,65 @@ package client // import "github.com/docker/docker/client"
 
 import (
 	"context"
+	"net/http"
 	"path"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
-// Ping pings the server and returns the value of the "Docker-Experimental", "Builder-Version", "OS-Type" & "API-Version" headers
+// Ping pings the server and returns the value of the "Docker-Experimental",
+// "Builder-Version", "OS-Type" & "API-Version" headers. It attempts to use
+// a HEAD request on the endpoint, but falls back to GET if HEAD is not supported
+// by the daemon.
 func (cli *Client) Ping(ctx context.Context) (types.Ping, error) {
 	var ping types.Ping
-	req, err := cli.buildRequest("GET", path.Join(cli.basePath, "/_ping"), nil, nil)
+
+	// Using cli.buildRequest() + cli.doRequest() instead of cli.sendRequest()
+	// because ping requests are used during API version negotiation, so we want
+	// to hit the non-versioned /_ping endpoint, not /v1.xx/_ping
+	req, err := cli.buildRequest(http.MethodHead, path.Join(cli.basePath, "/_ping"), nil, nil)
 	if err != nil {
 		return ping, err
 	}
 	serverResp, err := cli.doRequest(ctx, req)
+	if err == nil {
+		defer ensureReaderClosed(serverResp)
+		switch serverResp.statusCode {
+		case http.StatusOK, http.StatusInternalServerError:
+			// Server handled the request, so parse the response
+			return parsePingResponse(cli, serverResp)
+		}
+	} else if IsErrConnectionFailed(err) {
+		return ping, err
+	}
+
+	req, err = cli.buildRequest(http.MethodGet, path.Join(cli.basePath, "/_ping"), nil, nil)
 	if err != nil {
 		return ping, err
 	}
+	serverResp, err = cli.doRequest(ctx, req)
 	defer ensureReaderClosed(serverResp)
+	if err != nil {
+		return ping, err
+	}
+	return parsePingResponse(cli, serverResp)
+}
 
-	if serverResp.header != nil {
-		ping.APIVersion = serverResp.header.Get("API-Version")
-
-		if serverResp.header.Get("Docker-Experimental") == "true" {
-			ping.Experimental = true
-		}
-		ping.OSType = serverResp.header.Get("OSType")
-		if bv := serverResp.header.Get("Builder-Version"); bv != "" {
-			ping.BuilderVersion = types.BuilderVersion(bv)
-		}
+func parsePingResponse(cli *Client, resp serverResponse) (types.Ping, error) {
+	var ping types.Ping
+	if resp.header == nil {
+		err := cli.checkResponseErr(resp)
+		return ping, errdefs.FromStatusCode(err, resp.statusCode)
+	}
+	ping.APIVersion = resp.header.Get("API-Version")
+	ping.OSType = resp.header.Get("OSType")
+	if resp.header.Get("Docker-Experimental") == "true" {
+		ping.Experimental = true
+	}
+	if bv := resp.header.Get("Builder-Version"); bv != "" {
+		ping.BuilderVersion = types.BuilderVersion(bv)
 	}
-	return ping, cli.checkResponseErr(serverResp)
+	err := cli.checkResponseErr(resp)
+	return ping, errdefs.FromStatusCode(err, resp.statusCode)
 }
diff --git a/client/ping_test.go b/client/ping_test.go
index 10bbbe811de62..ae3a1f986cdee 100644
--- a/client/ping_test.go
+++ b/client/ping_test.go
@@ -3,13 +3,13 @@ package client // import "github.com/docker/docker/client"
 import (
 	"context"
 	"errors"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // TestPingFail tests that when a server sends a non-successful response that we
@@ -26,19 +26,19 @@ func TestPingFail(t *testing.T) {
 				resp.Header.Set("API-Version", "awesome")
 				resp.Header.Set("Docker-Experimental", "true")
 			}
-			resp.Body = ioutil.NopCloser(strings.NewReader("some error with the server"))
+			resp.Body = io.NopCloser(strings.NewReader("some error with the server"))
 			return resp, nil
 		}),
 	}
 
 	ping, err := client.Ping(context.Background())
-	assert.Check(t, is.ErrorContains(err, ""))
+	assert.ErrorContains(t, err, "some error with the server")
 	assert.Check(t, is.Equal(false, ping.Experimental))
 	assert.Check(t, is.Equal("", ping.APIVersion))
 
 	withHeader = true
 	ping2, err := client.Ping(context.Background())
-	assert.Check(t, is.ErrorContains(err, ""))
+	assert.ErrorContains(t, err, "some error with the server")
 	assert.Check(t, is.Equal(true, ping2.Experimental))
 	assert.Check(t, is.Equal("awesome", ping2.APIVersion))
 }
@@ -52,13 +52,13 @@ func TestPingWithError(t *testing.T) {
 			resp.Header = http.Header{}
 			resp.Header.Set("API-Version", "awesome")
 			resp.Header.Set("Docker-Experimental", "true")
-			resp.Body = ioutil.NopCloser(strings.NewReader("some error with the server"))
+			resp.Body = io.NopCloser(strings.NewReader("some error with the server"))
 			return resp, errors.New("some error")
 		}),
 	}
 
 	ping, err := client.Ping(context.Background())
-	assert.Check(t, is.ErrorContains(err, ""))
+	assert.ErrorContains(t, err, "some error")
 	assert.Check(t, is.Equal(false, ping.Experimental))
 	assert.Check(t, is.Equal("", ping.APIVersion))
 }
@@ -68,16 +68,62 @@ func TestPingWithError(t *testing.T) {
 func TestPingSuccess(t *testing.T) {
 	client := &Client{
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
-			resp := &http.Response{StatusCode: http.StatusInternalServerError}
+			resp := &http.Response{StatusCode: http.StatusOK}
 			resp.Header = http.Header{}
 			resp.Header.Set("API-Version", "awesome")
 			resp.Header.Set("Docker-Experimental", "true")
-			resp.Body = ioutil.NopCloser(strings.NewReader("some error with the server"))
+			resp.Body = io.NopCloser(strings.NewReader("OK"))
 			return resp, nil
 		}),
 	}
 	ping, err := client.Ping(context.Background())
-	assert.Check(t, is.ErrorContains(err, ""))
+	assert.NilError(t, err)
 	assert.Check(t, is.Equal(true, ping.Experimental))
 	assert.Check(t, is.Equal("awesome", ping.APIVersion))
 }
+
+// TestPingHeadFallback tests that the client falls back to GET if HEAD fails.
+func TestPingHeadFallback(t *testing.T) {
+	tests := []struct {
+		status   int
+		expected string
+	}{
+		{
+			status:   http.StatusOK,
+			expected: http.MethodHead,
+		},
+		{
+			status:   http.StatusInternalServerError,
+			expected: http.MethodHead,
+		},
+		{
+			status:   http.StatusNotFound,
+			expected: "HEAD, GET",
+		},
+		{
+			status:   http.StatusMethodNotAllowed,
+			expected: "HEAD, GET",
+		},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(http.StatusText(tc.status), func(t *testing.T) {
+			var reqs []string
+			client := &Client{
+				client: newMockClient(func(req *http.Request) (*http.Response, error) {
+					reqs = append(reqs, req.Method)
+					resp := &http.Response{StatusCode: http.StatusOK}
+					if req.Method == http.MethodHead {
+						resp.StatusCode = tc.status
+					}
+					resp.Header = http.Header{}
+					resp.Header.Add("API-Version", strings.Join(reqs, ", "))
+					return resp, nil
+				}),
+			}
+			ping, _ := client.Ping(context.Background())
+			assert.Check(t, is.Equal(ping.APIVersion, tc.expected))
+		})
+	}
+}
diff --git a/client/plugin_create.go b/client/plugin_create.go
index 4591db50fda59..b95dbaf68633b 100644
--- a/client/plugin_create.go
+++ b/client/plugin_create.go
@@ -18,9 +18,6 @@ func (cli *Client) PluginCreate(ctx context.Context, createContext io.Reader, cr
 	query.Set("name", createOptions.RepoName)
 
 	resp, err := cli.postRaw(ctx, "/plugins/create", query, createContext, headers)
-	if err != nil {
-		return err
-	}
 	ensureReaderClosed(resp)
 	return err
 }
diff --git a/client/plugin_disable_test.go b/client/plugin_disable_test.go
index ac2413d6c5358..f042adc3208d7 100644
--- a/client/plugin_disable_test.go
+++ b/client/plugin_disable_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestPluginDisableError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestPluginDisableError(t *testing.T) {
 	}
 
 	err := client.PluginDisable(context.Background(), "plugin_name", types.PluginDisableOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -31,12 +32,12 @@ func TestPluginDisable(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/plugin_enable_test.go b/client/plugin_enable_test.go
index 911ccaf1e9181..c7f7a1be7b5bf 100644
--- a/client/plugin_enable_test.go
+++ b/client/plugin_enable_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestPluginEnableError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestPluginEnableError(t *testing.T) {
 	}
 
 	err := client.PluginEnable(context.Background(), "plugin_name", types.PluginEnableOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -31,12 +32,12 @@ func TestPluginEnable(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/plugin_inspect.go b/client/plugin_inspect.go
index 0ab7beaee8fbb..4a90bec51a0cb 100644
--- a/client/plugin_inspect.go
+++ b/client/plugin_inspect.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 
 	"github.com/docker/docker/api/types"
 )
@@ -15,12 +15,12 @@ func (cli *Client) PluginInspectWithRaw(ctx context.Context, name string) (*type
 		return nil, nil, objectNotFoundError{object: "plugin", id: name}
 	}
 	resp, err := cli.get(ctx, "/plugins/"+name+"/json", nil, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return nil, nil, wrapResponseError(err, resp, "plugin", name)
 	}
 
-	defer ensureReaderClosed(resp)
-	body, err := ioutil.ReadAll(resp.body)
+	body, err := io.ReadAll(resp.body)
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/client/plugin_inspect_test.go b/client/plugin_inspect_test.go
index 74ca0f0fc0cd2..898d02e5432fa 100644
--- a/client/plugin_inspect_test.go
+++ b/client/plugin_inspect_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -20,8 +21,8 @@ func TestPluginInspectError(t *testing.T) {
 	}
 
 	_, _, err := client.PluginInspectWithRaw(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -52,7 +53,7 @@ func TestPluginInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/plugin_install.go b/client/plugin_install.go
index 13baa40a9b063..012afe61cacf0 100644
--- a/client/plugin_install.go
+++ b/client/plugin_install.go
@@ -4,11 +4,11 @@ import (
 	"context"
 	"encoding/json"
 	"io"
-	"net/http"
 	"net/url"
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -78,7 +78,7 @@ func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileg
 
 func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values, options types.PluginInstallOptions) (types.PluginPrivileges, error) {
 	resp, err := cli.tryPluginPrivileges(ctx, query, options.RegistryAuth)
-	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
+	if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
 		// todo: do inspect before to check existing name before checking privileges
 		newAuthHeader, privilegeErr := options.PrivilegeFunc()
 		if privilegeErr != nil {
diff --git a/client/plugin_list.go b/client/plugin_list.go
index ade1051a97009..cf1935e2f5ee5 100644
--- a/client/plugin_list.go
+++ b/client/plugin_list.go
@@ -15,6 +15,7 @@ func (cli *Client) PluginList(ctx context.Context, filter filters.Args) (types.P
 	query := url.Values{}
 
 	if filter.Len() > 0 {
+		//nolint:staticcheck // ignore SA1019 for old code
 		filterJSON, err := filters.ToParamWithVersion(cli.version, filter)
 		if err != nil {
 			return plugins, err
@@ -22,11 +23,11 @@ func (cli *Client) PluginList(ctx context.Context, filter filters.Args) (types.P
 		query.Set("filters", filterJSON)
 	}
 	resp, err := cli.get(ctx, "/plugins", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return plugins, wrapResponseError(err, resp, "plugin", "")
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&plugins)
-	ensureReaderClosed(resp)
 	return plugins, err
 }
diff --git a/client/plugin_list_test.go b/client/plugin_list_test.go
index 7dc351dceb7a4..c2643c3663946 100644
--- a/client/plugin_list_test.go
+++ b/client/plugin_list_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestPluginListError(t *testing.T) {
@@ -20,8 +21,8 @@ func TestPluginListError(t *testing.T) {
 	}
 
 	_, err := client.PluginList(context.Background(), filters.NewArgs())
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -91,7 +92,7 @@ func TestPluginList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
diff --git a/client/plugin_push_test.go b/client/plugin_push_test.go
index 20b23a1173cba..4b5a0e2e30b88 100644
--- a/client/plugin_push_test.go
+++ b/client/plugin_push_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestPluginPushError(t *testing.T) {
@@ -16,8 +18,8 @@ func TestPluginPushError(t *testing.T) {
 	}
 
 	_, err := client.PluginPush(context.Background(), "plugin_name", "")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -29,7 +31,7 @@ func TestPluginPush(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			auth := req.Header.Get("X-Registry-Auth")
@@ -38,7 +40,7 @@ func TestPluginPush(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/plugin_remove.go b/client/plugin_remove.go
index 8563bab0dbcf2..51ca1040d6d29 100644
--- a/client/plugin_remove.go
+++ b/client/plugin_remove.go
@@ -15,6 +15,6 @@ func (cli *Client) PluginRemove(ctx context.Context, name string, options types.
 	}
 
 	resp, err := cli.delete(ctx, "/plugins/"+name, query, nil)
-	ensureReaderClosed(resp)
+	defer ensureReaderClosed(resp)
 	return wrapResponseError(err, resp, "plugin", name)
 }
diff --git a/client/plugin_remove_test.go b/client/plugin_remove_test.go
index e6c76342ee548..210a92d73c696 100644
--- a/client/plugin_remove_test.go
+++ b/client/plugin_remove_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestPluginRemoveError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestPluginRemoveError(t *testing.T) {
 	}
 
 	err := client.PluginRemove(context.Background(), "plugin_name", types.PluginRemoveOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -31,12 +32,12 @@ func TestPluginRemove(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "DELETE" {
+			if req.Method != http.MethodDelete {
 				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/plugin_set_test.go b/client/plugin_set_test.go
index 2e97904b86feb..6b54023988956 100644
--- a/client/plugin_set_test.go
+++ b/client/plugin_set_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestPluginSetError(t *testing.T) {
@@ -16,8 +18,8 @@ func TestPluginSetError(t *testing.T) {
 	}
 
 	err := client.PluginSet(context.Background(), "plugin_name", []string{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -29,12 +31,12 @@ func TestPluginSet(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/request.go b/client/request.go
index 9b8639a1e5faf..475ce4bd40454 100644
--- a/client/request.go
+++ b/client/request.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
@@ -15,8 +14,8 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context/ctxhttp"
 )
 
 // serverResponse is a wrapper for http API responses.
@@ -29,12 +28,12 @@ type serverResponse struct {
 
 // head sends an http request to the docker API using the method HEAD.
 func (cli *Client) head(ctx context.Context, path string, query url.Values, headers map[string][]string) (serverResponse, error) {
-	return cli.sendRequest(ctx, "HEAD", path, query, nil, headers)
+	return cli.sendRequest(ctx, http.MethodHead, path, query, nil, headers)
 }
 
 // get sends an http request to the docker API using the method GET with a specific Go context.
 func (cli *Client) get(ctx context.Context, path string, query url.Values, headers map[string][]string) (serverResponse, error) {
-	return cli.sendRequest(ctx, "GET", path, query, nil, headers)
+	return cli.sendRequest(ctx, http.MethodGet, path, query, nil, headers)
 }
 
 // post sends an http request to the docker API using the method POST with a specific Go context.
@@ -43,30 +42,21 @@ func (cli *Client) post(ctx context.Context, path string, query url.Values, obj
 	if err != nil {
 		return serverResponse{}, err
 	}
-	return cli.sendRequest(ctx, "POST", path, query, body, headers)
+	return cli.sendRequest(ctx, http.MethodPost, path, query, body, headers)
 }
 
 func (cli *Client) postRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers map[string][]string) (serverResponse, error) {
-	return cli.sendRequest(ctx, "POST", path, query, body, headers)
-}
-
-// put sends an http request to the docker API using the method PUT.
-func (cli *Client) put(ctx context.Context, path string, query url.Values, obj interface{}, headers map[string][]string) (serverResponse, error) {
-	body, headers, err := encodeBody(obj, headers)
-	if err != nil {
-		return serverResponse{}, err
-	}
-	return cli.sendRequest(ctx, "PUT", path, query, body, headers)
+	return cli.sendRequest(ctx, http.MethodPost, path, query, body, headers)
 }
 
 // putRaw sends an http request to the docker API using the method PUT.
 func (cli *Client) putRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers map[string][]string) (serverResponse, error) {
-	return cli.sendRequest(ctx, "PUT", path, query, body, headers)
+	return cli.sendRequest(ctx, http.MethodPut, path, query, body, headers)
 }
 
 // delete sends an http request to the docker API using the method DELETE.
 func (cli *Client) delete(ctx context.Context, path string, query url.Values, headers map[string][]string) (serverResponse, error) {
-	return cli.sendRequest(ctx, "DELETE", path, query, nil, headers)
+	return cli.sendRequest(ctx, http.MethodDelete, path, query, nil, headers)
 }
 
 type headers map[string][]string
@@ -88,7 +78,7 @@ func encodeBody(obj interface{}, headers headers) (io.Reader, headers, error) {
 }
 
 func (cli *Client) buildRequest(method, path string, body io.Reader, headers headers) (*http.Request, error) {
-	expectedPayload := (method == "POST" || method == "PUT")
+	expectedPayload := (method == http.MethodPost || method == http.MethodPut)
 	if expectedPayload && body == nil {
 		body = bytes.NewReader([]byte{})
 	}
@@ -115,34 +105,40 @@ func (cli *Client) buildRequest(method, path string, body io.Reader, headers hea
 }
 
 func (cli *Client) sendRequest(ctx context.Context, method, path string, query url.Values, body io.Reader, headers headers) (serverResponse, error) {
-	req, err := cli.buildRequest(method, cli.getAPIPath(path, query), body, headers)
+	req, err := cli.buildRequest(method, cli.getAPIPath(ctx, path, query), body, headers)
 	if err != nil {
 		return serverResponse{}, err
 	}
+
 	resp, err := cli.doRequest(ctx, req)
-	if err != nil {
-		return resp, err
+	switch {
+	case errors.Is(err, context.Canceled):
+		return serverResponse{}, errdefs.Cancelled(err)
+	case errors.Is(err, context.DeadlineExceeded):
+		return serverResponse{}, errdefs.Deadline(err)
+	case err == nil:
+		err = cli.checkResponseErr(resp)
 	}
-	return resp, cli.checkResponseErr(resp)
+	return resp, errdefs.FromStatusCode(err, resp.statusCode)
 }
 
 func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResponse, error) {
 	serverResp := serverResponse{statusCode: -1, reqURL: req.URL}
 
-	resp, err := ctxhttp.Do(ctx, cli.client, req)
+	req = req.WithContext(ctx)
+	resp, err := cli.client.Do(req)
 	if err != nil {
 		if cli.scheme != "https" && strings.Contains(err.Error(), "malformed HTTP response") {
 			return serverResp, fmt.Errorf("%v.\n* Are you trying to connect to a TLS-enabled daemon without TLS?", err)
 		}
 
 		if cli.scheme == "https" && strings.Contains(err.Error(), "bad certificate") {
-			return serverResp, fmt.Errorf("The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings: %v", err)
+			return serverResp, errors.Wrap(err, "The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings")
 		}
 
 		// Don't decorate context sentinel errors; users may be comparing to
 		// them directly.
-		switch err {
-		case context.Canceled, context.DeadlineExceeded:
+		if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
 			return serverResp, err
 		}
 
@@ -176,7 +172,13 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp
 		// this is localised - for example in French the error would be
 		// `open //./pipe/docker_engine: Le fichier spécifié est introuvable.`
 		if strings.Contains(err.Error(), `open //./pipe/docker_engine`) {
-			err = errors.New(err.Error() + " In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.")
+			// Checks if client is running with elevated privileges
+			if f, elevatedErr := os.Open("\\\\.\\PHYSICALDRIVE0"); elevatedErr == nil {
+				err = errors.Wrap(err, "In the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect.")
+			} else {
+				f.Close()
+				err = errors.Wrap(err, "This error may indicate that the docker daemon is not running.")
+			}
 		}
 
 		return serverResp, errors.Wrap(err, "error during connect")
@@ -195,17 +197,21 @@ func (cli *Client) checkResponseErr(serverResp serverResponse) error {
 		return nil
 	}
 
-	bodyMax := 1 * 1024 * 1024 // 1 MiB
-	bodyR := &io.LimitedReader{
-		R: serverResp.body,
-		N: int64(bodyMax),
-	}
-	body, err := ioutil.ReadAll(bodyR)
-	if err != nil {
-		return err
-	}
-	if bodyR.N == 0 {
-		return fmt.Errorf("request returned %s with a message (> %d bytes) for API route and version %s, check if the server supports the requested API version", http.StatusText(serverResp.statusCode), bodyMax, serverResp.reqURL)
+	var body []byte
+	var err error
+	if serverResp.body != nil {
+		bodyMax := 1 * 1024 * 1024 // 1 MiB
+		bodyR := &io.LimitedReader{
+			R: serverResp.body,
+			N: int64(bodyMax),
+		}
+		body, err = io.ReadAll(bodyR)
+		if err != nil {
+			return err
+		}
+		if bodyR.N == 0 {
+			return fmt.Errorf("request returned %s with a message (> %d bytes) for API route and version %s, check if the server supports the requested API version", http.StatusText(serverResp.statusCode), bodyMax, serverResp.reqURL)
+		}
 	}
 	if len(body) == 0 {
 		return fmt.Errorf("request returned %s for API route and version %s, check if the server supports the requested API version", http.StatusText(serverResp.statusCode), serverResp.reqURL)
@@ -220,14 +226,14 @@ func (cli *Client) checkResponseErr(serverResp serverResponse) error {
 	if (cli.version == "" || versions.GreaterThan(cli.version, "1.23")) && ct == "application/json" {
 		var errorResponse types.ErrorResponse
 		if err := json.Unmarshal(body, &errorResponse); err != nil {
-			return fmt.Errorf("Error reading JSON: %v", err)
+			return errors.Wrap(err, "Error reading JSON")
 		}
-		errorMessage = errorResponse.Message
+		errorMessage = strings.TrimSpace(errorResponse.Message)
 	} else {
-		errorMessage = string(body)
+		errorMessage = strings.TrimSpace(string(body))
 	}
 
-	return fmt.Errorf("Error response from daemon: %s", strings.TrimSpace(errorMessage))
+	return errors.Wrap(errors.New(errorMessage), "Error response from daemon")
 }
 
 func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request {
@@ -240,10 +246,8 @@ func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request
 		req.Header.Set(k, v)
 	}
 
-	if headers != nil {
-		for k, v := range headers {
-			req.Header[k] = v
-		}
+	for k, v := range headers {
+		req.Header[k] = v
 	}
 	return req
 }
@@ -261,7 +265,7 @@ func encodeData(data interface{}) (*bytes.Buffer, error) {
 func ensureReaderClosed(response serverResponse) {
 	if response.body != nil {
 		// Drain up to 512 bytes and close the body to let the Transport reuse the connection
-		io.CopyN(ioutil.Discard, response.body, 512)
+		io.CopyN(io.Discard, response.body, 512)
 		response.body.Close()
 	}
 }
diff --git a/client/request_test.go b/client/request_test.go
index 2847a9a4a3f8d..6e5a6e81f21c1 100644
--- a/client/request_test.go
+++ b/client/request_test.go
@@ -3,16 +3,19 @@ package client // import "github.com/docker/docker/client"
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"math/rand"
 	"net/http"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // TestSetHostHeader should set fake host for local communications, set real host
@@ -63,7 +66,7 @@ func TestSetHostHeader(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+					Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 				}, nil
 			}),
 
@@ -72,7 +75,7 @@ func TestSetHostHeader(t *testing.T) {
 			basePath: hostURL.Path,
 		}
 
-		_, err = client.sendRequest(context.Background(), "GET", testURL, nil, nil, nil)
+		_, err = client.sendRequest(context.Background(), http.MethodGet, testURL, nil, nil, nil)
 		assert.NilError(t, err)
 	}
 }
@@ -85,8 +88,8 @@ func TestPlainTextError(t *testing.T) {
 		client: newMockClient(plainTextErrorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerList(context.Background(), types.ContainerListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -96,7 +99,7 @@ func TestInfiniteError(t *testing.T) {
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			resp := &http.Response{StatusCode: http.StatusInternalServerError}
 			resp.Header = http.Header{}
-			resp.Body = ioutil.NopCloser(infinitR)
+			resp.Body = io.NopCloser(infinitR)
 			return resp, nil
 		}),
 	}
@@ -104,3 +107,43 @@ func TestInfiniteError(t *testing.T) {
 	_, err := client.Ping(context.Background())
 	assert.Check(t, is.ErrorContains(err, "request returned Internal Server Error"))
 }
+
+func TestCanceledContext(t *testing.T) {
+	testURL := "/test"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			assert.Equal(t, req.Context().Err(), context.Canceled)
+
+			return &http.Response{}, context.Canceled
+		}),
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+
+	_, err := client.sendRequest(ctx, http.MethodGet, testURL, nil, nil, nil)
+	assert.Equal(t, true, errdefs.IsCancelled(err))
+	assert.Equal(t, true, errors.Is(err, context.Canceled))
+}
+
+func TestDeadlineExceededContext(t *testing.T) {
+	testURL := "/test"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			assert.Equal(t, req.Context().Err(), context.DeadlineExceeded)
+
+			return &http.Response{}, context.DeadlineExceeded
+		}),
+	}
+
+	ctx, cancel := context.WithDeadline(context.Background(), time.Now())
+	defer cancel()
+
+	<-ctx.Done()
+
+	_, err := client.sendRequest(ctx, http.MethodGet, testURL, nil, nil, nil)
+	assert.Equal(t, true, errdefs.IsDeadline(err))
+	assert.Equal(t, true, errors.Is(err, context.DeadlineExceeded))
+}
diff --git a/client/secret_create.go b/client/secret_create.go
index 09fae82f2a1bb..c65d38a191f45 100644
--- a/client/secret_create.go
+++ b/client/secret_create.go
@@ -8,18 +8,18 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 )
 
-// SecretCreate creates a new Secret.
+// SecretCreate creates a new secret.
 func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) {
 	var response types.SecretCreateResponse
 	if err := cli.NewVersionError("1.25", "secret create"); err != nil {
 		return response, err
 	}
 	resp, err := cli.post(ctx, "/secrets/create", nil, secret, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return response, err
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
-	ensureReaderClosed(resp)
 	return response, err
 }
diff --git a/client/secret_create_test.go b/client/secret_create_test.go
index 419bdbcbc6213..1b30825e203d1 100644
--- a/client/secret_create_test.go
+++ b/client/secret_create_test.go
@@ -5,15 +5,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestSecretCreateUnsupported(t *testing.T) {
@@ -31,8 +32,8 @@ func TestSecretCreateError(t *testing.T) {
 		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.SecretCreate(context.Background(), swarm.SecretSpec{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -44,7 +45,7 @@ func TestSecretCreate(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			b, err := json.Marshal(types.SecretCreateResponse{
@@ -55,7 +56,7 @@ func TestSecretCreate(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusCreated,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/secret_inspect.go b/client/secret_inspect.go
index e8322f4589108..c07c9550d448d 100644
--- a/client/secret_inspect.go
+++ b/client/secret_inspect.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 
 	"github.com/docker/docker/api/types/swarm"
 )
@@ -18,12 +18,12 @@ func (cli *Client) SecretInspectWithRaw(ctx context.Context, id string) (swarm.S
 		return swarm.Secret{}, nil, objectNotFoundError{object: "secret", id: id}
 	}
 	resp, err := cli.get(ctx, "/secrets/"+id, nil, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return swarm.Secret{}, nil, wrapResponseError(err, resp, "secret", id)
 	}
-	defer ensureReaderClosed(resp)
 
-	body, err := ioutil.ReadAll(resp.body)
+	body, err := io.ReadAll(resp.body)
 	if err != nil {
 		return swarm.Secret{}, nil, err
 	}
diff --git a/client/secret_inspect_test.go b/client/secret_inspect_test.go
index 6c84799b1767a..094a609206aeb 100644
--- a/client/secret_inspect_test.go
+++ b/client/secret_inspect_test.go
@@ -5,15 +5,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestSecretInspectUnsupported(t *testing.T) {
@@ -32,8 +33,8 @@ func TestSecretInspectError(t *testing.T) {
 	}
 
 	_, _, err := client.SecretInspectWithRaw(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -77,7 +78,7 @@ func TestSecretInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/secret_list.go b/client/secret_list.go
index f6bf7ba470de1..a0289c9f440f2 100644
--- a/client/secret_list.go
+++ b/client/secret_list.go
@@ -27,12 +27,12 @@ func (cli *Client) SecretList(ctx context.Context, options types.SecretListOptio
 	}
 
 	resp, err := cli.get(ctx, "/secrets", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return nil, err
 	}
 
 	var secrets []swarm.Secret
 	err = json.NewDecoder(resp.body).Decode(&secrets)
-	ensureReaderClosed(resp)
 	return secrets, err
 }
diff --git a/client/secret_list_test.go b/client/secret_list_test.go
index 72323b055faa0..df330aa7253c9 100644
--- a/client/secret_list_test.go
+++ b/client/secret_list_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -13,8 +13,9 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestSecretListUnsupported(t *testing.T) {
@@ -33,8 +34,8 @@ func TestSecretListError(t *testing.T) {
 	}
 
 	_, err := client.SecretList(context.Background(), types.SecretListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -91,7 +92,7 @@ func TestSecretList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
diff --git a/client/secret_remove.go b/client/secret_remove.go
index e9d5218293205..f6c69e57f8504 100644
--- a/client/secret_remove.go
+++ b/client/secret_remove.go
@@ -2,12 +2,12 @@ package client // import "github.com/docker/docker/client"
 
 import "context"
 
-// SecretRemove removes a Secret.
+// SecretRemove removes a secret.
 func (cli *Client) SecretRemove(ctx context.Context, id string) error {
 	if err := cli.NewVersionError("1.25", "secret remove"); err != nil {
 		return err
 	}
 	resp, err := cli.delete(ctx, "/secrets/"+id, nil, nil)
-	ensureReaderClosed(resp)
+	defer ensureReaderClosed(resp)
 	return wrapResponseError(err, resp, "secret", id)
 }
diff --git a/client/secret_remove_test.go b/client/secret_remove_test.go
index bdfccf6be86d6..64057e6d74f75 100644
--- a/client/secret_remove_test.go
+++ b/client/secret_remove_test.go
@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestSecretRemoveUnsupported(t *testing.T) {
@@ -29,8 +30,8 @@ func TestSecretRemoveError(t *testing.T) {
 	}
 
 	err := client.SecretRemove(context.Background(), "secret_id")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -43,12 +44,12 @@ func TestSecretRemove(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "DELETE" {
+			if req.Method != http.MethodDelete {
 				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
diff --git a/client/secret_update.go b/client/secret_update.go
index 164256bbc15b5..d082dcef75ccc 100644
--- a/client/secret_update.go
+++ b/client/secret_update.go
@@ -8,7 +8,7 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 )
 
-// SecretUpdate attempts to update a Secret
+// SecretUpdate attempts to update a secret.
 func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
 	if err := cli.NewVersionError("1.25", "secret update"); err != nil {
 		return err
diff --git a/client/secret_update_test.go b/client/secret_update_test.go
index c7670b440c37b..75ccdc979000e 100644
--- a/client/secret_update_test.go
+++ b/client/secret_update_test.go
@@ -4,14 +4,15 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestSecretUpdateUnsupported(t *testing.T) {
@@ -30,8 +31,8 @@ func TestSecretUpdateError(t *testing.T) {
 	}
 
 	err := client.SecretUpdate(context.Background(), "secret_id", swarm.Version{}, swarm.SecretSpec{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -44,12 +45,12 @@ func TestSecretUpdate(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
diff --git a/client/service_create.go b/client/service_create.go
index 8fadda4a9064d..a07315f71fe28 100644
--- a/client/service_create.go
+++ b/client/service_create.go
@@ -9,14 +9,13 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
 
-// ServiceCreate creates a new Service.
+// ServiceCreate creates a new service.
 func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) {
-	var distErr error
-
+	var response types.ServiceCreateResponse
 	headers := map[string][]string{
 		"version": {cli.version},
 	}
@@ -31,61 +30,74 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,
 	}
 
 	if err := validateServiceSpec(service); err != nil {
-		return types.ServiceCreateResponse{}, err
+		return response, err
 	}
 
 	// ensure that the image is tagged
-	var imgPlatforms []swarm.Platform
-	if service.TaskTemplate.ContainerSpec != nil {
+	var resolveWarning string
+	switch {
+	case service.TaskTemplate.ContainerSpec != nil:
 		if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
 			service.TaskTemplate.ContainerSpec.Image = taggedImg
 		}
 		if options.QueryRegistry {
-			var img string
-			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.ContainerSpec.Image, options.EncodedRegistryAuth)
-			if img != "" {
-				service.TaskTemplate.ContainerSpec.Image = img
-			}
+			resolveWarning = resolveContainerSpecImage(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
 		}
-	}
-
-	// ensure that the image is tagged
-	if service.TaskTemplate.PluginSpec != nil {
+	case service.TaskTemplate.PluginSpec != nil:
 		if taggedImg := imageWithTagString(service.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
 			service.TaskTemplate.PluginSpec.Remote = taggedImg
 		}
 		if options.QueryRegistry {
-			var img string
-			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.PluginSpec.Remote, options.EncodedRegistryAuth)
-			if img != "" {
-				service.TaskTemplate.PluginSpec.Remote = img
-			}
+			resolveWarning = resolvePluginSpecRemote(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
 		}
 	}
 
-	if service.TaskTemplate.Placement == nil && len(imgPlatforms) > 0 {
-		service.TaskTemplate.Placement = &swarm.Placement{}
-	}
-	if len(imgPlatforms) > 0 {
-		service.TaskTemplate.Placement.Platforms = imgPlatforms
-	}
-
-	var response types.ServiceCreateResponse
 	resp, err := cli.post(ctx, "/services/create", nil, service, headers)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return response, err
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
-
-	if distErr != nil {
-		response.Warnings = append(response.Warnings, digestWarning(service.TaskTemplate.ContainerSpec.Image))
+	if resolveWarning != "" {
+		response.Warnings = append(response.Warnings, resolveWarning)
 	}
 
-	ensureReaderClosed(resp)
 	return response, err
 }
 
+func resolveContainerSpecImage(ctx context.Context, cli DistributionAPIClient, taskSpec *swarm.TaskSpec, encodedAuth string) string {
+	var warning string
+	if img, imgPlatforms, err := imageDigestAndPlatforms(ctx, cli, taskSpec.ContainerSpec.Image, encodedAuth); err != nil {
+		warning = digestWarning(taskSpec.ContainerSpec.Image)
+	} else {
+		taskSpec.ContainerSpec.Image = img
+		if len(imgPlatforms) > 0 {
+			if taskSpec.Placement == nil {
+				taskSpec.Placement = &swarm.Placement{}
+			}
+			taskSpec.Placement.Platforms = imgPlatforms
+		}
+	}
+	return warning
+}
+
+func resolvePluginSpecRemote(ctx context.Context, cli DistributionAPIClient, taskSpec *swarm.TaskSpec, encodedAuth string) string {
+	var warning string
+	if img, imgPlatforms, err := imageDigestAndPlatforms(ctx, cli, taskSpec.PluginSpec.Remote, encodedAuth); err != nil {
+		warning = digestWarning(taskSpec.PluginSpec.Remote)
+	} else {
+		taskSpec.PluginSpec.Remote = img
+		if len(imgPlatforms) > 0 {
+			if taskSpec.Placement == nil {
+				taskSpec.Placement = &swarm.Placement{}
+			}
+			taskSpec.Placement.Platforms = imgPlatforms
+		}
+	}
+	return warning
+}
+
 func imageDigestAndPlatforms(ctx context.Context, cli DistributionAPIClient, image, encodedAuth string) (string, []swarm.Platform, error) {
 	distributionInspect, err := cli.DistributionInspect(ctx, image, encodedAuth)
 	var platforms []swarm.Platform
@@ -119,7 +131,7 @@ func imageDigestAndPlatforms(ctx context.Context, cli DistributionAPIClient, ima
 
 // imageWithDigestString takes an image string and a digest, and updates
 // the image string if it didn't originally contain a digest. It returns
-// an empty string if there are no updates.
+// image unmodified in other situations.
 func imageWithDigestString(image string, dgst digest.Digest) string {
 	namedRef, err := reference.ParseNormalizedNamed(image)
 	if err == nil {
@@ -131,7 +143,7 @@ func imageWithDigestString(image string, dgst digest.Digest) string {
 			}
 		}
 	}
-	return ""
+	return image
 }
 
 // imageWithTagString takes an image string, and returns a tagged image
diff --git a/client/service_create_test.go b/client/service_create_test.go
index 9f51c18223b8a..af6dd65e7f01c 100644
--- a/client/service_create_test.go
+++ b/client/service_create_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -13,10 +13,11 @@ import (
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/opencontainers/go-digest"
-	"github.com/opencontainers/image-spec/specs-go/v1"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	digest "github.com/opencontainers/go-digest"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestServiceCreateError(t *testing.T) {
@@ -24,8 +25,8 @@ func TestServiceCreateError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ServiceCreate(context.Background(), swarm.ServiceSpec{}, types.ServiceCreateOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -36,7 +37,7 @@ func TestServiceCreate(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			b, err := json.Marshal(types.ServiceCreateResponse{
@@ -47,7 +48,7 @@ func TestServiceCreate(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
@@ -86,7 +87,7 @@ func TestServiceCreateCompatiblePlatforms(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+					Body:       io.NopCloser(bytes.NewReader(b)),
 				}, nil
 			} else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/") {
 				b, err := json.Marshal(registrytypes.DistributionInspect{
@@ -105,7 +106,7 @@ func TestServiceCreateCompatiblePlatforms(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+					Body:       io.NopCloser(bytes.NewReader(b)),
 				}, nil
 			} else {
 				return nil, fmt.Errorf("unexpected URL '%s'", req.URL.Path)
@@ -162,7 +163,7 @@ func TestServiceCreateDigestPinning(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+					Body:       io.NopCloser(bytes.NewReader(b)),
 				}, nil
 			} else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/cannotresolve") {
 				// unresolvable image
@@ -179,7 +180,7 @@ func TestServiceCreateDigestPinning(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+					Body:       io.NopCloser(bytes.NewReader(b)),
 				}, nil
 			}
 			return nil, fmt.Errorf("unexpected URL '%s'", req.URL.Path)
diff --git a/client/service_inspect.go b/client/service_inspect.go
index de6aa22de76d8..c5368bab1e3c8 100644
--- a/client/service_inspect.go
+++ b/client/service_inspect.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
@@ -20,12 +20,12 @@ func (cli *Client) ServiceInspectWithRaw(ctx context.Context, serviceID string,
 	query := url.Values{}
 	query.Set("insertDefaults", fmt.Sprintf("%v", opts.InsertDefaults))
 	serverResp, err := cli.get(ctx, "/services/"+serviceID, query, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return swarm.Service{}, nil, wrapResponseError(err, serverResp, "service", serviceID)
 	}
-	defer ensureReaderClosed(serverResp)
 
-	body, err := ioutil.ReadAll(serverResp.body)
+	body, err := io.ReadAll(serverResp.body)
 	if err != nil {
 		return swarm.Service{}, nil, err
 	}
diff --git a/client/service_inspect_test.go b/client/service_inspect_test.go
index b69332ccc6a23..96b337c71715e 100644
--- a/client/service_inspect_test.go
+++ b/client/service_inspect_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -21,8 +22,8 @@ func TestServiceInspectError(t *testing.T) {
 	}
 
 	_, _, err := client.ServiceInspectWithRaw(context.Background(), "nothing", types.ServiceInspectOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -64,7 +65,7 @@ func TestServiceInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/service_list.go b/client/service_list.go
index 7d53e2b9b9e06..f97ec75a5cb76 100644
--- a/client/service_list.go
+++ b/client/service_list.go
@@ -23,13 +23,17 @@ func (cli *Client) ServiceList(ctx context.Context, options types.ServiceListOpt
 		query.Set("filters", filterJSON)
 	}
 
+	if options.Status {
+		query.Set("status", "true")
+	}
+
 	resp, err := cli.get(ctx, "/services", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return nil, err
 	}
 
 	var services []swarm.Service
 	err = json.NewDecoder(resp.body).Decode(&services)
-	ensureReaderClosed(resp)
 	return services, err
 }
diff --git a/client/service_list_test.go b/client/service_list_test.go
index 9903f9e71cfb6..4021f810bb8a1 100644
--- a/client/service_list_test.go
+++ b/client/service_list_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -13,6 +13,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestServiceListError(t *testing.T) {
@@ -21,8 +22,8 @@ func TestServiceListError(t *testing.T) {
 	}
 
 	_, err := client.ServiceList(context.Background(), types.ServiceListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -78,7 +79,7 @@ func TestServiceList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
diff --git a/client/service_logs_test.go b/client/service_logs_test.go
index 28f3ab5c6b669..ee2592c7bc480 100644
--- a/client/service_logs_test.go
+++ b/client/service_logs_test.go
@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@@ -14,8 +13,9 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestServiceLogsError(t *testing.T) {
@@ -23,7 +23,9 @@ func TestServiceLogsError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ServiceLogs(context.Background(), "service_id", types.ContainerLogsOptions{})
-	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 	_, err = client.ServiceLogs(context.Background(), "service_id", types.ContainerLogsOptions{
 		Since: "2006-01-02TZ",
 	})
@@ -101,7 +103,7 @@ func TestServiceLogs(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("response"))),
 				}, nil
 			}),
 		}
@@ -112,7 +114,7 @@ func TestServiceLogs(t *testing.T) {
 		}
 		assert.NilError(t, err)
 		defer body.Close()
-		content, err := ioutil.ReadAll(body)
+		content, err := io.ReadAll(body)
 		assert.NilError(t, err)
 		assert.Check(t, is.Contains(string(content), "response"))
 	}
@@ -122,7 +124,7 @@ func ExampleClient_ServiceLogs_withTimeout() {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 
-	client, _ := NewEnvClient()
+	client, _ := NewClientWithOpts(FromEnv)
 	reader, err := client.ServiceLogs(ctx, "service_id", types.ContainerLogsOptions{})
 	if err != nil {
 		log.Fatal(err)
diff --git a/client/service_remove.go b/client/service_remove.go
index fe3421bec82f0..953a2adf5aec4 100644
--- a/client/service_remove.go
+++ b/client/service_remove.go
@@ -5,6 +5,6 @@ import "context"
 // ServiceRemove kills and removes a service.
 func (cli *Client) ServiceRemove(ctx context.Context, serviceID string) error {
 	resp, err := cli.delete(ctx, "/services/"+serviceID, nil, nil)
-	ensureReaderClosed(resp)
+	defer ensureReaderClosed(resp)
 	return wrapResponseError(err, resp, "service", serviceID)
 }
diff --git a/client/service_remove_test.go b/client/service_remove_test.go
index d2379a1366392..a6d6f37cb4727 100644
--- a/client/service_remove_test.go
+++ b/client/service_remove_test.go
@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestServiceRemoveError(t *testing.T) {
@@ -19,7 +20,9 @@ func TestServiceRemoveError(t *testing.T) {
 	}
 
 	err := client.ServiceRemove(context.Background(), "service_id")
-	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 }
 
 func TestServiceRemoveNotFoundError(t *testing.T) {
@@ -40,12 +43,12 @@ func TestServiceRemove(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "DELETE" {
+			if req.Method != http.MethodDelete {
 				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
diff --git a/client/service_update.go b/client/service_update.go
index 5a7a61b01ffd1..c63895f74f252 100644
--- a/client/service_update.go
+++ b/client/service_update.go
@@ -10,11 +10,13 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 )
 
-// ServiceUpdate updates a Service.
+// ServiceUpdate updates a Service. The version number is required to avoid conflicting writes.
+// It should be the value as set *before* the update. You can find this value in the Meta field
+// of swarm.Service, which can be found using ServiceInspectWithRaw.
 func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options types.ServiceUpdateOptions) (types.ServiceUpdateResponse, error) {
 	var (
-		query   = url.Values{}
-		distErr error
+		query    = url.Values{}
+		response = types.ServiceUpdateResponse{}
 	)
 
 	headers := map[string][]string{
@@ -36,57 +38,38 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version
 	query.Set("version", strconv.FormatUint(version.Index, 10))
 
 	if err := validateServiceSpec(service); err != nil {
-		return types.ServiceUpdateResponse{}, err
+		return response, err
 	}
 
-	var imgPlatforms []swarm.Platform
 	// ensure that the image is tagged
-	if service.TaskTemplate.ContainerSpec != nil {
+	var resolveWarning string
+	switch {
+	case service.TaskTemplate.ContainerSpec != nil:
 		if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
 			service.TaskTemplate.ContainerSpec.Image = taggedImg
 		}
 		if options.QueryRegistry {
-			var img string
-			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.ContainerSpec.Image, options.EncodedRegistryAuth)
-			if img != "" {
-				service.TaskTemplate.ContainerSpec.Image = img
-			}
+			resolveWarning = resolveContainerSpecImage(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
 		}
-	}
-
-	// ensure that the image is tagged
-	if service.TaskTemplate.PluginSpec != nil {
+	case service.TaskTemplate.PluginSpec != nil:
 		if taggedImg := imageWithTagString(service.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
 			service.TaskTemplate.PluginSpec.Remote = taggedImg
 		}
 		if options.QueryRegistry {
-			var img string
-			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.PluginSpec.Remote, options.EncodedRegistryAuth)
-			if img != "" {
-				service.TaskTemplate.PluginSpec.Remote = img
-			}
+			resolveWarning = resolvePluginSpecRemote(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
 		}
 	}
 
-	if service.TaskTemplate.Placement == nil && len(imgPlatforms) > 0 {
-		service.TaskTemplate.Placement = &swarm.Placement{}
-	}
-	if len(imgPlatforms) > 0 {
-		service.TaskTemplate.Placement.Platforms = imgPlatforms
-	}
-
-	var response types.ServiceUpdateResponse
 	resp, err := cli.post(ctx, "/services/"+serviceID+"/update", query, service, headers)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return response, err
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
-
-	if distErr != nil {
-		response.Warnings = append(response.Warnings, digestWarning(service.TaskTemplate.ContainerSpec.Image))
+	if resolveWarning != "" {
+		response.Warnings = append(response.Warnings, resolveWarning)
 	}
 
-	ensureReaderClosed(resp)
 	return response, err
 }
diff --git a/client/service_update_test.go b/client/service_update_test.go
index 9a0a9ce0ddb5d..b1801bf0b60fa 100644
--- a/client/service_update_test.go
+++ b/client/service_update_test.go
@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestServiceUpdateError(t *testing.T) {
@@ -19,8 +20,8 @@ func TestServiceUpdateError(t *testing.T) {
 	}
 
 	_, err := client.ServiceUpdate(context.Background(), "service_id", swarm.Version{}, swarm.ServiceSpec{}, types.ServiceUpdateOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -54,7 +55,7 @@ func TestServiceUpdate(t *testing.T) {
 				if !strings.HasPrefix(req.URL.Path, expectedURL) {
 					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 				}
-				if req.Method != "POST" {
+				if req.Method != http.MethodPost {
 					return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 				}
 				version := req.URL.Query().Get("version")
@@ -63,7 +64,7 @@ func TestServiceUpdate(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte("{}"))),
+					Body:       io.NopCloser(bytes.NewReader([]byte("{}"))),
 				}, nil
 			}),
 		}
diff --git a/client/session.go b/client/session.go
deleted file mode 100644
index df199f3d03ab3..0000000000000
--- a/client/session.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package client // import "github.com/docker/docker/client"
-
-import (
-	"context"
-	"net"
-	"net/http"
-)
-
-// DialSession returns a connection that can be used communication with daemon
-func (cli *Client) DialSession(ctx context.Context, proto string, meta map[string][]string) (net.Conn, error) {
-	req, err := http.NewRequest("POST", "/session", nil)
-	if err != nil {
-		return nil, err
-	}
-	req = cli.addHeaders(req, meta)
-
-	return cli.setupHijackConn(ctx, req, proto)
-}
diff --git a/client/swarm_get_unlock_key.go b/client/swarm_get_unlock_key.go
index 0c50c01a8c094..19f59dd582a90 100644
--- a/client/swarm_get_unlock_key.go
+++ b/client/swarm_get_unlock_key.go
@@ -10,12 +10,12 @@ import (
 // SwarmGetUnlockKey retrieves the swarm's unlock key.
 func (cli *Client) SwarmGetUnlockKey(ctx context.Context) (types.SwarmUnlockKeyResponse, error) {
 	serverResp, err := cli.get(ctx, "/swarm/unlockkey", nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return types.SwarmUnlockKeyResponse{}, err
 	}
 
 	var response types.SwarmUnlockKeyResponse
 	err = json.NewDecoder(serverResp.body).Decode(&response)
-	ensureReaderClosed(serverResp)
 	return response, err
 }
diff --git a/client/swarm_get_unlock_key_test.go b/client/swarm_get_unlock_key_test.go
index a1e460c1dc51d..3bfbcde529fdf 100644
--- a/client/swarm_get_unlock_key_test.go
+++ b/client/swarm_get_unlock_key_test.go
@@ -5,14 +5,15 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestSwarmGetUnlockKeyError(t *testing.T) {
@@ -21,7 +22,9 @@ func TestSwarmGetUnlockKeyError(t *testing.T) {
 	}
 
 	_, err := client.SwarmGetUnlockKey(context.Background())
-	assert.Check(t, is.ErrorContains(err, "Error response from daemon: Server error"))
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 }
 
 func TestSwarmGetUnlockKey(t *testing.T) {
@@ -33,7 +36,7 @@ func TestSwarmGetUnlockKey(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "GET" {
+			if req.Method != http.MethodGet {
 				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
 			}
 
@@ -48,7 +51,7 @@ func TestSwarmGetUnlockKey(t *testing.T) {
 
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				Body:       io.NopCloser(bytes.NewReader(b)),
 			}, nil
 		}),
 	}
diff --git a/client/swarm_init.go b/client/swarm_init.go
index 742ca0f0416a3..da3c1637ef049 100644
--- a/client/swarm_init.go
+++ b/client/swarm_init.go
@@ -10,12 +10,12 @@ import (
 // SwarmInit initializes the swarm.
 func (cli *Client) SwarmInit(ctx context.Context, req swarm.InitRequest) (string, error) {
 	serverResp, err := cli.post(ctx, "/swarm/init", nil, req, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return "", err
 	}
 
 	var response string
 	err = json.NewDecoder(serverResp.body).Decode(&response)
-	ensureReaderClosed(serverResp)
 	return response, err
 }
diff --git a/client/swarm_init_test.go b/client/swarm_init_test.go
index 1abadc75e92ca..3579af3e819a6 100644
--- a/client/swarm_init_test.go
+++ b/client/swarm_init_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestSwarmInitError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestSwarmInitError(t *testing.T) {
 	}
 
 	_, err := client.SwarmInit(context.Background(), swarm.InitRequest{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -31,12 +32,12 @@ func TestSwarmInit(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(`"body"`))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(`"body"`))),
 			}, nil
 		}),
 	}
diff --git a/client/swarm_inspect.go b/client/swarm_inspect.go
index cfaabb25b1ef1..b52b67a8849bc 100644
--- a/client/swarm_inspect.go
+++ b/client/swarm_inspect.go
@@ -10,12 +10,12 @@ import (
 // SwarmInspect inspects the swarm.
 func (cli *Client) SwarmInspect(ctx context.Context) (swarm.Swarm, error) {
 	serverResp, err := cli.get(ctx, "/swarm", nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return swarm.Swarm{}, err
 	}
 
 	var response swarm.Swarm
 	err = json.NewDecoder(serverResp.body).Decode(&response)
-	ensureReaderClosed(serverResp)
 	return response, err
 }
diff --git a/client/swarm_inspect_test.go b/client/swarm_inspect_test.go
index 954adc94c6493..4c56b34fcc41f 100644
--- a/client/swarm_inspect_test.go
+++ b/client/swarm_inspect_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestSwarmInspectError(t *testing.T) {
@@ -19,8 +20,8 @@ func TestSwarmInspectError(t *testing.T) {
 	}
 
 	_, err := client.SwarmInspect(context.Background())
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -41,7 +42,7 @@ func TestSwarmInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/swarm_join_test.go b/client/swarm_join_test.go
index e67f2bdecfc19..933ad9380ecac 100644
--- a/client/swarm_join_test.go
+++ b/client/swarm_join_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestSwarmJoinError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestSwarmJoinError(t *testing.T) {
 	}
 
 	err := client.SwarmJoin(context.Background(), swarm.JoinRequest{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -31,12 +32,12 @@ func TestSwarmJoin(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/swarm_leave_test.go b/client/swarm_leave_test.go
index 3dd3711d04519..89fcac8cf873b 100644
--- a/client/swarm_leave_test.go
+++ b/client/swarm_leave_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestSwarmLeaveError(t *testing.T) {
@@ -16,8 +18,8 @@ func TestSwarmLeaveError(t *testing.T) {
 	}
 
 	err := client.SwarmLeave(context.Background(), false)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -43,7 +45,7 @@ func TestSwarmLeave(t *testing.T) {
 				if !strings.HasPrefix(req.URL.Path, expectedURL) {
 					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 				}
-				if req.Method != "POST" {
+				if req.Method != http.MethodPost {
 					return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 				}
 				force := req.URL.Query().Get("force")
@@ -52,7 +54,7 @@ func TestSwarmLeave(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+					Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 				}, nil
 			}),
 		}
diff --git a/client/swarm_unlock_test.go b/client/swarm_unlock_test.go
index b3bcc5d922cc2..b308c9052da2f 100644
--- a/client/swarm_unlock_test.go
+++ b/client/swarm_unlock_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestSwarmUnlockError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestSwarmUnlockError(t *testing.T) {
 	}
 
 	err := client.SwarmUnlock(context.Background(), swarm.UnlockRequest{UnlockKey: "SWMKEY-1-y6guTZNTwpQeTL5RhUfOsdBdXoQjiB2GADHSRJvbXeU"})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -31,12 +32,12 @@ func TestSwarmUnlock(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/swarm_update_test.go b/client/swarm_update_test.go
index e908bf7860aab..66fc6b4e28a3e 100644
--- a/client/swarm_update_test.go
+++ b/client/swarm_update_test.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestSwarmUpdateError(t *testing.T) {
@@ -18,8 +19,8 @@ func TestSwarmUpdateError(t *testing.T) {
 	}
 
 	err := client.SwarmUpdate(context.Background(), swarm.Version{}, swarm.Spec{}, swarm.UpdateFlags{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -31,12 +32,12 @@ func TestSwarmUpdate(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Body:       io.NopCloser(bytes.NewReader([]byte(""))),
 			}, nil
 		}),
 	}
diff --git a/client/task_inspect.go b/client/task_inspect.go
index e1c0a736da589..410fc526e268e 100644
--- a/client/task_inspect.go
+++ b/client/task_inspect.go
@@ -4,23 +4,23 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 
 	"github.com/docker/docker/api/types/swarm"
 )
 
-// TaskInspectWithRaw returns the task information and its raw representation..
+// TaskInspectWithRaw returns the task information and its raw representation.
 func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) {
 	if taskID == "" {
 		return swarm.Task{}, nil, objectNotFoundError{object: "task", id: taskID}
 	}
 	serverResp, err := cli.get(ctx, "/tasks/"+taskID, nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return swarm.Task{}, nil, wrapResponseError(err, serverResp, "task", taskID)
 	}
-	defer ensureReaderClosed(serverResp)
 
-	body, err := ioutil.ReadAll(serverResp.body)
+	body, err := io.ReadAll(serverResp.body)
 	if err != nil {
 		return swarm.Task{}, nil, err
 	}
diff --git a/client/task_inspect_test.go b/client/task_inspect_test.go
index fe5c5bd778af4..f8ed67cf192c1 100644
--- a/client/task_inspect_test.go
+++ b/client/task_inspect_test.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -20,8 +21,8 @@ func TestTaskInspectError(t *testing.T) {
 	}
 
 	_, _, err := client.TaskInspectWithRaw(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -52,7 +53,7 @@ func TestTaskInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/task_list.go b/client/task_list.go
index 42d20c1b8d1ab..4869b44493b1e 100644
--- a/client/task_list.go
+++ b/client/task_list.go
@@ -24,12 +24,12 @@ func (cli *Client) TaskList(ctx context.Context, options types.TaskListOptions)
 	}
 
 	resp, err := cli.get(ctx, "/tasks", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return nil, err
 	}
 
 	var tasks []swarm.Task
 	err = json.NewDecoder(resp.body).Decode(&tasks)
-	ensureReaderClosed(resp)
 	return tasks, err
 }
diff --git a/client/task_list_test.go b/client/task_list_test.go
index 16d0edaa0ac63..939319fffd562 100644
--- a/client/task_list_test.go
+++ b/client/task_list_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -13,6 +13,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestTaskListError(t *testing.T) {
@@ -21,8 +22,8 @@ func TestTaskListError(t *testing.T) {
 	}
 
 	_, err := client.TaskList(context.Background(), types.TaskListOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -78,7 +79,7 @@ func TestTaskList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
diff --git a/client/version.go b/client/version.go
index 1989f6d6d2baf..8f17ff4e87af1 100644
--- a/client/version.go
+++ b/client/version.go
@@ -10,12 +10,12 @@ import (
 // ServerVersion returns information of the docker client and server host.
 func (cli *Client) ServerVersion(ctx context.Context) (types.Version, error) {
 	resp, err := cli.get(ctx, "/version", nil, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return types.Version{}, err
 	}
 
 	var server types.Version
 	err = json.NewDecoder(resp.body).Decode(&server)
-	ensureReaderClosed(resp)
 	return server, err
 }
diff --git a/client/volume_create.go b/client/volume_create.go
index f1f6fcdc4a2da..92761b3c639ea 100644
--- a/client/volume_create.go
+++ b/client/volume_create.go
@@ -12,10 +12,10 @@ import (
 func (cli *Client) VolumeCreate(ctx context.Context, options volumetypes.VolumeCreateBody) (types.Volume, error) {
 	var volume types.Volume
 	resp, err := cli.post(ctx, "/volumes/create", nil, options, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return volume, err
 	}
 	err = json.NewDecoder(resp.body).Decode(&volume)
-	ensureReaderClosed(resp)
 	return volume, err
 }
diff --git a/client/volume_create_test.go b/client/volume_create_test.go
index cfab1918454c4..9f8624a2923d5 100644
--- a/client/volume_create_test.go
+++ b/client/volume_create_test.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	volumetypes "github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestVolumeCreateError(t *testing.T) {
@@ -20,8 +21,8 @@ func TestVolumeCreateError(t *testing.T) {
 	}
 
 	_, err := client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -34,7 +35,7 @@ func TestVolumeCreate(t *testing.T) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
 
-			if req.Method != "POST" {
+			if req.Method != http.MethodPost {
 				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
 			}
 
@@ -48,7 +49,7 @@ func TestVolumeCreate(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/volume_inspect.go b/client/volume_inspect.go
index f840682d2ec7f..5c5b3f905c54c 100644
--- a/client/volume_inspect.go
+++ b/client/volume_inspect.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 
 	"github.com/docker/docker/api/types"
 )
@@ -23,12 +23,12 @@ func (cli *Client) VolumeInspectWithRaw(ctx context.Context, volumeID string) (t
 
 	var volume types.Volume
 	resp, err := cli.get(ctx, "/volumes/"+volumeID, nil, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return volume, nil, wrapResponseError(err, resp, "volume", volumeID)
 	}
-	defer ensureReaderClosed(resp)
 
-	body, err := ioutil.ReadAll(resp.body)
+	body, err := io.ReadAll(resp.body)
 	if err != nil {
 		return volume, nil, err
 	}
diff --git a/client/volume_inspect_test.go b/client/volume_inspect_test.go
index 04f00129b7142..1aa2a54448016 100644
--- a/client/volume_inspect_test.go
+++ b/client/volume_inspect_test.go
@@ -5,15 +5,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestVolumeInspectError(t *testing.T) {
@@ -22,7 +23,9 @@ func TestVolumeInspectError(t *testing.T) {
 	}
 
 	_, err := client.VolumeInspect(context.Background(), "nothing")
-	assert.Check(t, is.ErrorContains(err, "Error response from daemon: Server error"))
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
+	}
 }
 
 func TestVolumeInspectNotFound(t *testing.T) {
@@ -59,7 +62,7 @@ func TestVolumeInspect(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "GET" {
+			if req.Method != http.MethodGet {
 				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
 			}
 			content, err := json.Marshal(expected)
@@ -68,7 +71,7 @@ func TestVolumeInspect(t *testing.T) {
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				Body:       io.NopCloser(bytes.NewReader(content)),
 			}, nil
 		}),
 	}
diff --git a/client/volume_list.go b/client/volume_list.go
index 284554d67c036..942498dde2c74 100644
--- a/client/volume_list.go
+++ b/client/volume_list.go
@@ -15,6 +15,7 @@ func (cli *Client) VolumeList(ctx context.Context, filter filters.Args) (volumet
 	query := url.Values{}
 
 	if filter.Len() > 0 {
+		//nolint:staticcheck // ignore SA1019 for old code
 		filterJSON, err := filters.ToParamWithVersion(cli.version, filter)
 		if err != nil {
 			return volumes, err
@@ -22,11 +23,11 @@ func (cli *Client) VolumeList(ctx context.Context, filter filters.Args) (volumet
 		query.Set("filters", filterJSON)
 	}
 	resp, err := cli.get(ctx, "/volumes", query, nil)
+	defer ensureReaderClosed(resp)
 	if err != nil {
 		return volumes, err
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&volumes)
-	ensureReaderClosed(resp)
 	return volumes, err
 }
diff --git a/client/volume_list_test.go b/client/volume_list_test.go
index 2a83823f7ef9f..d26bb51405e36 100644
--- a/client/volume_list_test.go
+++ b/client/volume_list_test.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -13,6 +13,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	volumetypes "github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/errdefs"
 )
 
 func TestVolumeListError(t *testing.T) {
@@ -21,8 +22,8 @@ func TestVolumeListError(t *testing.T) {
 	}
 
 	_, err := client.VolumeList(context.Background(), filters.NewArgs())
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -82,7 +83,7 @@ func TestVolumeList(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+					Body:       io.NopCloser(bytes.NewReader(content)),
 				}, nil
 			}),
 		}
diff --git a/client/volume_prune.go b/client/volume_prune.go
index 70041efed8b1b..6e324708f2b13 100644
--- a/client/volume_prune.go
+++ b/client/volume_prune.go
@@ -23,10 +23,10 @@ func (cli *Client) VolumesPrune(ctx context.Context, pruneFilters filters.Args)
 	}
 
 	serverResp, err := cli.post(ctx, "/volumes/prune", query, nil, nil)
+	defer ensureReaderClosed(serverResp)
 	if err != nil {
 		return report, err
 	}
-	defer ensureReaderClosed(serverResp)
 
 	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
 		return report, fmt.Errorf("Error retrieving volume prune report: %v", err)
diff --git a/client/volume_remove.go b/client/volume_remove.go
index fc5a71d3349e1..79decdafab88d 100644
--- a/client/volume_remove.go
+++ b/client/volume_remove.go
@@ -16,6 +16,6 @@ func (cli *Client) VolumeRemove(ctx context.Context, volumeID string, force bool
 		}
 	}
 	resp, err := cli.delete(ctx, "/volumes/"+volumeID, query, nil)
-	ensureReaderClosed(resp)
+	defer ensureReaderClosed(resp)
 	return wrapResponseError(err, resp, "volume", volumeID)
 }
diff --git a/client/volume_remove_test.go b/client/volume_remove_test.go
index 31fb3d71aa6b9..7581f72e8f5bc 100644
--- a/client/volume_remove_test.go
+++ b/client/volume_remove_test.go
@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/errdefs"
 )
 
 func TestVolumeRemoveError(t *testing.T) {
@@ -16,8 +18,8 @@ func TestVolumeRemoveError(t *testing.T) {
 	}
 
 	err := client.VolumeRemove(context.Background(), "volume_id", false)
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	if !errdefs.IsSystem(err) {
+		t.Fatalf("expected a Server Error, got %[1]T: %[1]v", err)
 	}
 }
 
@@ -29,12 +31,12 @@ func TestVolumeRemove(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			if req.Method != "DELETE" {
+			if req.Method != http.MethodDelete {
 				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				Body:       io.NopCloser(bytes.NewReader([]byte("body"))),
 			}, nil
 		}),
 	}
diff --git a/cmd/docker-proxy/main.go b/cmd/docker-proxy/main.go
new file mode 100644
index 0000000000000..c2832b3fe3e66
--- /dev/null
+++ b/cmd/docker-proxy/main.go
@@ -0,0 +1,72 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"net"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/ishidawataru/sctp"
+)
+
+func main() {
+	f := os.NewFile(3, "signal-parent")
+	host, container := parseHostContainerAddrs()
+
+	p, err := NewProxy(host, container)
+	if err != nil {
+		fmt.Fprintf(f, "1\n%s", err)
+		f.Close()
+		os.Exit(1)
+	}
+	go handleStopSignals(p)
+	fmt.Fprint(f, "0\n")
+	f.Close()
+
+	// Run will block until the proxy stops
+	p.Run()
+}
+
+// parseHostContainerAddrs parses the flags passed on reexec to create the TCP/UDP/SCTP
+// net.Addrs to map the host and container ports
+func parseHostContainerAddrs() (host net.Addr, container net.Addr) {
+	var (
+		proto         = flag.String("proto", "tcp", "proxy protocol")
+		hostIP        = flag.String("host-ip", "", "host ip")
+		hostPort      = flag.Int("host-port", -1, "host port")
+		containerIP   = flag.String("container-ip", "", "container ip")
+		containerPort = flag.Int("container-port", -1, "container port")
+	)
+
+	flag.Parse()
+
+	switch *proto {
+	case "tcp":
+		host = &net.TCPAddr{IP: net.ParseIP(*hostIP), Port: *hostPort}
+		container = &net.TCPAddr{IP: net.ParseIP(*containerIP), Port: *containerPort}
+	case "udp":
+		host = &net.UDPAddr{IP: net.ParseIP(*hostIP), Port: *hostPort}
+		container = &net.UDPAddr{IP: net.ParseIP(*containerIP), Port: *containerPort}
+	case "sctp":
+		host = &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: net.ParseIP(*hostIP)}}, Port: *hostPort}
+		container = &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: net.ParseIP(*containerIP)}}, Port: *containerPort}
+	default:
+		log.Fatalf("unsupported protocol %s", *proto)
+	}
+
+	return host, container
+}
+
+func handleStopSignals(p Proxy) {
+	s := make(chan os.Signal, 10)
+	signal.Notify(s, os.Interrupt, syscall.SIGTERM)
+
+	for range s {
+		p.Close()
+
+		os.Exit(0)
+	}
+}
diff --git a/cmd/docker-proxy/network_proxy_test.go b/cmd/docker-proxy/network_proxy_test.go
new file mode 100644
index 0000000000000..7f6fb2c5bdf87
--- /dev/null
+++ b/cmd/docker-proxy/network_proxy_test.go
@@ -0,0 +1,310 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"net"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/ishidawataru/sctp"
+	"gotest.tools/v3/skip"
+)
+
+var testBuf = []byte("Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo")
+var testBufSize = len(testBuf)
+
+type EchoServer interface {
+	Run()
+	Close()
+	LocalAddr() net.Addr
+}
+
+type EchoServerOptions struct {
+	TCPHalfClose bool
+}
+
+type StreamEchoServer struct {
+	listener net.Listener
+	testCtx  *testing.T
+	opts     EchoServerOptions
+}
+
+type UDPEchoServer struct {
+	conn    net.PacketConn
+	testCtx *testing.T
+}
+
+func NewEchoServer(t *testing.T, proto, address string, opts EchoServerOptions) EchoServer {
+	var server EchoServer
+	if !strings.HasPrefix(proto, "tcp") && opts.TCPHalfClose {
+		t.Fatalf("TCPHalfClose is not supported for %s", proto)
+	}
+
+	switch {
+	case strings.HasPrefix(proto, "tcp"):
+		listener, err := net.Listen(proto, address)
+		if err != nil {
+			t.Fatal(err)
+		}
+		server = &StreamEchoServer{listener: listener, testCtx: t, opts: opts}
+	case strings.HasPrefix(proto, "udp"):
+		socket, err := net.ListenPacket(proto, address)
+		if err != nil {
+			t.Fatal(err)
+		}
+		server = &UDPEchoServer{conn: socket, testCtx: t}
+	case strings.HasPrefix(proto, "sctp"):
+		addr, err := sctp.ResolveSCTPAddr(proto, address)
+		if err != nil {
+			t.Fatal(err)
+		}
+		listener, err := sctp.ListenSCTP(proto, addr)
+		if err != nil {
+			t.Fatal(err)
+		}
+		server = &StreamEchoServer{listener: listener, testCtx: t}
+	default:
+		t.Fatalf("unknown protocol: %s", proto)
+	}
+	return server
+}
+
+func (server *StreamEchoServer) Run() {
+	go func() {
+		for {
+			client, err := server.listener.Accept()
+			if err != nil {
+				return
+			}
+			go func(client net.Conn) {
+				if server.opts.TCPHalfClose {
+					data, err := io.ReadAll(client)
+					if err != nil {
+						server.testCtx.Logf("io.ReadAll() failed for the client: %v\n", err.Error())
+					}
+					if _, err := client.Write(data); err != nil {
+						server.testCtx.Logf("can't echo to the client: %v\n", err.Error())
+					}
+					client.(*net.TCPConn).CloseWrite()
+				} else {
+					if _, err := io.Copy(client, client); err != nil {
+						server.testCtx.Logf("can't echo to the client: %v\n", err.Error())
+					}
+					client.Close()
+				}
+			}(client)
+		}
+	}()
+}
+
+func (server *StreamEchoServer) LocalAddr() net.Addr { return server.listener.Addr() }
+func (server *StreamEchoServer) Close()              { server.listener.Close() }
+
+func (server *UDPEchoServer) Run() {
+	go func() {
+		readBuf := make([]byte, 1024)
+		for {
+			read, from, err := server.conn.ReadFrom(readBuf)
+			if err != nil {
+				return
+			}
+			for i := 0; i != read; {
+				written, err := server.conn.WriteTo(readBuf[i:read], from)
+				if err != nil {
+					break
+				}
+				i += written
+			}
+		}
+	}()
+}
+
+func (server *UDPEchoServer) LocalAddr() net.Addr { return server.conn.LocalAddr() }
+func (server *UDPEchoServer) Close()              { server.conn.Close() }
+
+func testProxyAt(t *testing.T, proto string, proxy Proxy, addr string, halfClose bool) {
+	defer proxy.Close()
+	go proxy.Run()
+	var client net.Conn
+	var err error
+	if strings.HasPrefix(proto, "sctp") {
+		var a *sctp.SCTPAddr
+		a, err = sctp.ResolveSCTPAddr(proto, addr)
+		if err != nil {
+			t.Fatal(err)
+		}
+		client, err = sctp.DialSCTP(proto, nil, a)
+	} else {
+		client, err = net.Dial(proto, addr)
+	}
+
+	if err != nil {
+		t.Fatalf("Can't connect to the proxy: %v", err)
+	}
+	defer client.Close()
+	client.SetDeadline(time.Now().Add(10 * time.Second))
+	if _, err = client.Write(testBuf); err != nil {
+		t.Fatal(err)
+	}
+	if halfClose {
+		if proto != "tcp" {
+			t.Fatalf("halfClose is not supported for %s", proto)
+		}
+		client.(*net.TCPConn).CloseWrite()
+	}
+	recvBuf := make([]byte, testBufSize)
+	if _, err = client.Read(recvBuf); err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(testBuf, recvBuf) {
+		t.Fatal(fmt.Errorf("Expected [%v] but got [%v]", testBuf, recvBuf))
+	}
+}
+
+func testProxy(t *testing.T, proto string, proxy Proxy, halfClose bool) {
+	testProxyAt(t, proto, proxy, proxy.FrontendAddr().String(), halfClose)
+}
+
+func testTCP4Proxy(t *testing.T, halfClose bool) {
+	backend := NewEchoServer(t, "tcp", "127.0.0.1:0", EchoServerOptions{TCPHalfClose: halfClose})
+	defer backend.Close()
+	backend.Run()
+	frontendAddr := &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 0}
+	proxy, err := NewProxy(frontendAddr, backend.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	testProxy(t, "tcp", proxy, halfClose)
+}
+
+func TestTCP4Proxy(t *testing.T) {
+	testTCP4Proxy(t, false)
+}
+
+func TestTCP4ProxyHalfClose(t *testing.T) {
+	testTCP4Proxy(t, true)
+}
+
+func TestTCP6Proxy(t *testing.T) {
+	t.Skip("Need to start CI docker with --ipv6")
+	backend := NewEchoServer(t, "tcp", "[::1]:0", EchoServerOptions{})
+	defer backend.Close()
+	backend.Run()
+	frontendAddr := &net.TCPAddr{IP: net.IPv6loopback, Port: 0}
+	proxy, err := NewProxy(frontendAddr, backend.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	testProxy(t, "tcp", proxy, false)
+}
+
+func TestTCPDualStackProxy(t *testing.T) {
+	// If I understand `godoc -src net favoriteAddrFamily` (used by the
+	// net.Listen* functions) correctly this should work, but it doesn't.
+	t.Skip("No support for dual stack yet")
+	backend := NewEchoServer(t, "tcp", "[::1]:0", EchoServerOptions{})
+	defer backend.Close()
+	backend.Run()
+	frontendAddr := &net.TCPAddr{IP: net.IPv6loopback, Port: 0}
+	proxy, err := NewProxy(frontendAddr, backend.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	ipv4ProxyAddr := &net.TCPAddr{
+		IP:   net.IPv4(127, 0, 0, 1),
+		Port: proxy.FrontendAddr().(*net.TCPAddr).Port,
+	}
+	testProxyAt(t, "tcp", proxy, ipv4ProxyAddr.String(), false)
+}
+
+func TestUDP4Proxy(t *testing.T) {
+	backend := NewEchoServer(t, "udp", "127.0.0.1:0", EchoServerOptions{})
+	defer backend.Close()
+	backend.Run()
+	frontendAddr := &net.UDPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 0}
+	proxy, err := NewProxy(frontendAddr, backend.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	testProxy(t, "udp", proxy, false)
+}
+
+func TestUDP6Proxy(t *testing.T) {
+	t.Skip("Need to start CI docker with --ipv6")
+	backend := NewEchoServer(t, "udp", "[::1]:0", EchoServerOptions{})
+	defer backend.Close()
+	backend.Run()
+	frontendAddr := &net.UDPAddr{IP: net.IPv6loopback, Port: 0}
+	proxy, err := NewProxy(frontendAddr, backend.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	testProxy(t, "udp", proxy, false)
+}
+
+func TestUDPWriteError(t *testing.T) {
+	frontendAddr := &net.UDPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 0}
+	// Hopefully, this port will be free: */
+	backendAddr := &net.UDPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 25587}
+	proxy, err := NewProxy(frontendAddr, backendAddr)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer proxy.Close()
+	go proxy.Run()
+	client, err := net.Dial("udp", "127.0.0.1:25587")
+	if err != nil {
+		t.Fatalf("Can't connect to the proxy: %v", err)
+	}
+	defer client.Close()
+	// Make sure the proxy doesn't stop when there is no actual backend:
+	client.Write(testBuf)
+	client.Write(testBuf)
+	backend := NewEchoServer(t, "udp", "127.0.0.1:25587", EchoServerOptions{})
+	defer backend.Close()
+	backend.Run()
+	client.SetDeadline(time.Now().Add(10 * time.Second))
+	if _, err = client.Write(testBuf); err != nil {
+		t.Fatal(err)
+	}
+	recvBuf := make([]byte, testBufSize)
+	if _, err = client.Read(recvBuf); err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(testBuf, recvBuf) {
+		t.Fatal(fmt.Errorf("Expected [%v] but got [%v]", testBuf, recvBuf))
+	}
+}
+
+func TestSCTP4Proxy(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "sctp is not supported on windows")
+
+	backend := NewEchoServer(t, "sctp", "127.0.0.1:0", EchoServerOptions{})
+	defer backend.Close()
+	backend.Run()
+	frontendAddr := &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: net.IPv4(127, 0, 0, 1)}}, Port: 0}
+	proxy, err := NewProxy(frontendAddr, backend.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	testProxy(t, "sctp", proxy, false)
+}
+
+func TestSCTP6Proxy(t *testing.T) {
+	t.Skip("Need to start CI docker with --ipv6")
+	skip.If(t, runtime.GOOS == "windows", "sctp is not supported on windows")
+
+	backend := NewEchoServer(t, "sctp", "[::1]:0", EchoServerOptions{})
+	defer backend.Close()
+	backend.Run()
+	frontendAddr := &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: net.IPv6loopback}}, Port: 0}
+	proxy, err := NewProxy(frontendAddr, backend.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	testProxy(t, "sctp", proxy, false)
+}
diff --git a/cmd/docker-proxy/proxy.go b/cmd/docker-proxy/proxy.go
new file mode 100644
index 0000000000000..1bd8f9d8e1b36
--- /dev/null
+++ b/cmd/docker-proxy/proxy.go
@@ -0,0 +1,50 @@
+// docker-proxy provides a network Proxy interface and implementations for TCP
+// and UDP.
+package main
+
+import (
+	"net"
+
+	"github.com/ishidawataru/sctp"
+)
+
+// ipVersion refers to IP version - v4 or v6
+type ipVersion string
+
+const (
+	// IPv4 is version 4
+	ipv4 ipVersion = "4"
+	// IPv4 is version 6
+	ipv6 ipVersion = "6"
+)
+
+// Proxy defines the behavior of a proxy. It forwards traffic back and forth
+// between two endpoints : the frontend and the backend.
+// It can be used to do software port-mapping between two addresses.
+// e.g. forward all traffic between the frontend (host) 127.0.0.1:3000
+// to the backend (container) at 172.17.42.108:4000.
+type Proxy interface {
+	// Run starts forwarding traffic back and forth between the front
+	// and back-end addresses.
+	Run()
+	// Close stops forwarding traffic and close both ends of the Proxy.
+	Close()
+	// FrontendAddr returns the address on which the proxy is listening.
+	FrontendAddr() net.Addr
+	// BackendAddr returns the proxied address.
+	BackendAddr() net.Addr
+}
+
+// NewProxy creates a Proxy according to the specified frontendAddr and backendAddr.
+func NewProxy(frontendAddr, backendAddr net.Addr) (Proxy, error) {
+	switch frontendAddr.(type) {
+	case *net.UDPAddr:
+		return NewUDPProxy(frontendAddr.(*net.UDPAddr), backendAddr.(*net.UDPAddr))
+	case *net.TCPAddr:
+		return NewTCPProxy(frontendAddr.(*net.TCPAddr), backendAddr.(*net.TCPAddr))
+	case *sctp.SCTPAddr:
+		return NewSCTPProxy(frontendAddr.(*sctp.SCTPAddr), backendAddr.(*sctp.SCTPAddr))
+	default:
+		panic("Unsupported protocol")
+	}
+}
diff --git a/cmd/docker-proxy/sctp_proxy.go b/cmd/docker-proxy/sctp_proxy.go
new file mode 100644
index 0000000000000..9b18686341a01
--- /dev/null
+++ b/cmd/docker-proxy/sctp_proxy.go
@@ -0,0 +1,98 @@
+package main
+
+import (
+	"io"
+	"log"
+	"net"
+	"sync"
+
+	"github.com/ishidawataru/sctp"
+)
+
+// SCTPProxy is a proxy for SCTP connections. It implements the Proxy interface to
+// handle SCTP traffic forwarding between the frontend and backend addresses.
+type SCTPProxy struct {
+	listener     *sctp.SCTPListener
+	frontendAddr *sctp.SCTPAddr
+	backendAddr  *sctp.SCTPAddr
+}
+
+// NewSCTPProxy creates a new SCTPProxy.
+func NewSCTPProxy(frontendAddr, backendAddr *sctp.SCTPAddr) (*SCTPProxy, error) {
+	// detect version of hostIP to bind only to correct version
+	ipVersion := ipv4
+	if frontendAddr.IPAddrs[0].IP.To4() == nil {
+		ipVersion = ipv6
+	}
+	listener, err := sctp.ListenSCTP("sctp"+string(ipVersion), frontendAddr)
+	if err != nil {
+		return nil, err
+	}
+	// If the port in frontendAddr was 0 then ListenSCTP will have a picked
+	// a port to listen on, hence the call to Addr to get that actual port:
+	return &SCTPProxy{
+		listener:     listener,
+		frontendAddr: listener.Addr().(*sctp.SCTPAddr),
+		backendAddr:  backendAddr,
+	}, nil
+}
+
+func (proxy *SCTPProxy) clientLoop(client *sctp.SCTPConn, quit chan bool) {
+	backend, err := sctp.DialSCTP("sctp", nil, proxy.backendAddr)
+	if err != nil {
+		log.Printf("Can't forward traffic to backend sctp/%v: %s\n", proxy.backendAddr, err)
+		client.Close()
+		return
+	}
+	clientC := sctp.NewSCTPSndRcvInfoWrappedConn(client)
+	backendC := sctp.NewSCTPSndRcvInfoWrappedConn(backend)
+
+	var wg sync.WaitGroup
+	var broker = func(to, from net.Conn) {
+		io.Copy(to, from)
+		from.Close()
+		to.Close()
+		wg.Done()
+	}
+
+	wg.Add(2)
+	go broker(clientC, backendC)
+	go broker(backendC, clientC)
+
+	finish := make(chan struct{})
+	go func() {
+		wg.Wait()
+		close(finish)
+	}()
+
+	select {
+	case <-quit:
+	case <-finish:
+	}
+	clientC.Close()
+	backendC.Close()
+	<-finish
+}
+
+// Run starts forwarding the traffic using SCTP.
+func (proxy *SCTPProxy) Run() {
+	quit := make(chan bool)
+	defer close(quit)
+	for {
+		client, err := proxy.listener.Accept()
+		if err != nil {
+			log.Printf("Stopping proxy on sctp/%v for sctp/%v (%s)", proxy.frontendAddr, proxy.backendAddr, err)
+			return
+		}
+		go proxy.clientLoop(client.(*sctp.SCTPConn), quit)
+	}
+}
+
+// Close stops forwarding the traffic.
+func (proxy *SCTPProxy) Close() { proxy.listener.Close() }
+
+// FrontendAddr returns the SCTP address on which the proxy is listening.
+func (proxy *SCTPProxy) FrontendAddr() net.Addr { return proxy.frontendAddr }
+
+// BackendAddr returns the SCTP proxied address.
+func (proxy *SCTPProxy) BackendAddr() net.Addr { return proxy.backendAddr }
diff --git a/cmd/docker-proxy/tcp_proxy.go b/cmd/docker-proxy/tcp_proxy.go
new file mode 100644
index 0000000000000..fe8c8fac9d5c5
--- /dev/null
+++ b/cmd/docker-proxy/tcp_proxy.go
@@ -0,0 +1,94 @@
+package main
+
+import (
+	"io"
+	"log"
+	"net"
+	"sync"
+)
+
+// TCPProxy is a proxy for TCP connections. It implements the Proxy interface to
+// handle TCP traffic forwarding between the frontend and backend addresses.
+type TCPProxy struct {
+	listener     *net.TCPListener
+	frontendAddr *net.TCPAddr
+	backendAddr  *net.TCPAddr
+}
+
+// NewTCPProxy creates a new TCPProxy.
+func NewTCPProxy(frontendAddr, backendAddr *net.TCPAddr) (*TCPProxy, error) {
+	// detect version of hostIP to bind only to correct version
+	ipVersion := ipv4
+	if frontendAddr.IP.To4() == nil {
+		ipVersion = ipv6
+	}
+	listener, err := net.ListenTCP("tcp"+string(ipVersion), frontendAddr)
+	if err != nil {
+		return nil, err
+	}
+	// If the port in frontendAddr was 0 then ListenTCP will have a picked
+	// a port to listen on, hence the call to Addr to get that actual port:
+	return &TCPProxy{
+		listener:     listener,
+		frontendAddr: listener.Addr().(*net.TCPAddr),
+		backendAddr:  backendAddr,
+	}, nil
+}
+
+func (proxy *TCPProxy) clientLoop(client *net.TCPConn, quit chan bool) {
+	backend, err := net.DialTCP("tcp", nil, proxy.backendAddr)
+	if err != nil {
+		log.Printf("Can't forward traffic to backend tcp/%v: %s\n", proxy.backendAddr, err)
+		client.Close()
+		return
+	}
+
+	var wg sync.WaitGroup
+	var broker = func(to, from *net.TCPConn) {
+		io.Copy(to, from)
+		from.CloseRead()
+		to.CloseWrite()
+		wg.Done()
+	}
+
+	wg.Add(2)
+	go broker(client, backend)
+	go broker(backend, client)
+
+	finish := make(chan struct{})
+	go func() {
+		wg.Wait()
+		close(finish)
+	}()
+
+	select {
+	case <-quit:
+	case <-finish:
+	}
+	client.Close()
+	backend.Close()
+	<-finish
+}
+
+// Run starts forwarding the traffic using TCP.
+func (proxy *TCPProxy) Run() {
+	quit := make(chan bool)
+	defer close(quit)
+	for {
+		client, err := proxy.listener.Accept()
+		if err != nil {
+			log.Printf("Stopping proxy on tcp/%v for tcp/%v (%s)", proxy.frontendAddr, proxy.backendAddr, err)
+			return
+		}
+		go proxy.clientLoop(client.(*net.TCPConn), quit)
+	}
+}
+
+// Close stops forwarding the traffic.
+func (proxy *TCPProxy) Close() { proxy.listener.Close() }
+
+// FrontendAddr returns the TCP address on which the proxy is listening.
+func (proxy *TCPProxy) FrontendAddr() net.Addr { return proxy.frontendAddr }
+
+// BackendAddr returns the TCP proxied address.
+func (proxy *TCPProxy) BackendAddr() net.Addr { return proxy.backendAddr }
diff --git a/cmd/docker-proxy/udp_proxy.go b/cmd/docker-proxy/udp_proxy.go
new file mode 100644
index 0000000000000..66bacafa4febf
--- /dev/null
+++ b/cmd/docker-proxy/udp_proxy.go
@@ -0,0 +1,173 @@
+package main
+
+import (
+	"encoding/binary"
+	"log"
+	"net"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+)
+
+const (
+	// UDPConnTrackTimeout is the timeout used for UDP connection tracking
+	UDPConnTrackTimeout = 90 * time.Second
+	// UDPBufSize is the buffer size for the UDP proxy
+	UDPBufSize = 65507
+)
+
+// A net.Addr where the IP is split into two fields so you can use it as a key
+// in a map:
+type connTrackKey struct {
+	IPHigh uint64
+	IPLow  uint64
+	Port   int
+}
+
+func newConnTrackKey(addr *net.UDPAddr) *connTrackKey {
+	if len(addr.IP) == net.IPv4len {
+		return &connTrackKey{
+			IPHigh: 0,
+			IPLow:  uint64(binary.BigEndian.Uint32(addr.IP)),
+			Port:   addr.Port,
+		}
+	}
+	return &connTrackKey{
+		IPHigh: binary.BigEndian.Uint64(addr.IP[:8]),
+		IPLow:  binary.BigEndian.Uint64(addr.IP[8:]),
+		Port:   addr.Port,
+	}
+}
+
+type connTrackMap map[connTrackKey]*net.UDPConn
+
+// UDPProxy is proxy for which handles UDP datagrams. It implements the Proxy
+// interface to handle UDP traffic forwarding between the frontend and backend
+// addresses.
+type UDPProxy struct {
+	listener       *net.UDPConn
+	frontendAddr   *net.UDPAddr
+	backendAddr    *net.UDPAddr
+	connTrackTable connTrackMap
+	connTrackLock  sync.Mutex
+}
+
+// NewUDPProxy creates a new UDPProxy.
+func NewUDPProxy(frontendAddr, backendAddr *net.UDPAddr) (*UDPProxy, error) {
+	// detect version of hostIP to bind only to correct version
+	ipVersion := ipv4
+	if frontendAddr.IP.To4() == nil {
+		ipVersion = ipv6
+	}
+	listener, err := net.ListenUDP("udp"+string(ipVersion), frontendAddr)
+	if err != nil {
+		return nil, err
+	}
+	return &UDPProxy{
+		listener:       listener,
+		frontendAddr:   listener.LocalAddr().(*net.UDPAddr),
+		backendAddr:    backendAddr,
+		connTrackTable: make(connTrackMap),
+	}, nil
+}
+
+func (proxy *UDPProxy) replyLoop(proxyConn *net.UDPConn, clientAddr *net.UDPAddr, clientKey *connTrackKey) {
+	defer func() {
+		proxy.connTrackLock.Lock()
+		delete(proxy.connTrackTable, *clientKey)
+		proxy.connTrackLock.Unlock()
+		proxyConn.Close()
+	}()
+
+	readBuf := make([]byte, UDPBufSize)
+	for {
+		proxyConn.SetReadDeadline(time.Now().Add(UDPConnTrackTimeout))
+	again:
+		read, err := proxyConn.Read(readBuf)
+		if err != nil {
+			if err, ok := err.(*net.OpError); ok && err.Err == syscall.ECONNREFUSED {
+				// This will happen if the last write failed
+				// (e.g: nothing is actually listening on the
+				// proxied port on the container), ignore it
+				// and continue until UDPConnTrackTimeout
+				// expires:
+				goto again
+			}
+			return
+		}
+		for i := 0; i != read; {
+			written, err := proxy.listener.WriteToUDP(readBuf[i:read], clientAddr)
+			if err != nil {
+				return
+			}
+			i += written
+		}
+	}
+}
+
+// Run starts forwarding the traffic using UDP.
+func (proxy *UDPProxy) Run() {
+	readBuf := make([]byte, UDPBufSize)
+	for {
+		read, from, err := proxy.listener.ReadFromUDP(readBuf)
+		if err != nil {
+			// NOTE: Apparently ReadFrom doesn't return
+			// ECONNREFUSED like Read do (see comment in
+			// UDPProxy.replyLoop)
+			if !isClosedError(err) {
+				log.Printf("Stopping proxy on udp/%v for udp/%v (%s)", proxy.frontendAddr, proxy.backendAddr, err)
+			}
+			break
+		}
+
+		fromKey := newConnTrackKey(from)
+		proxy.connTrackLock.Lock()
+		proxyConn, hit := proxy.connTrackTable[*fromKey]
+		if !hit {
+			proxyConn, err = net.DialUDP("udp", nil, proxy.backendAddr)
+			if err != nil {
+				log.Printf("Can't proxy a datagram to udp/%s: %s\n", proxy.backendAddr, err)
+				proxy.connTrackLock.Unlock()
+				continue
+			}
+			proxy.connTrackTable[*fromKey] = proxyConn
+			go proxy.replyLoop(proxyConn, from, fromKey)
+		}
+		proxy.connTrackLock.Unlock()
+		for i := 0; i != read; {
+			written, err := proxyConn.Write(readBuf[i:read])
+			if err != nil {
+				log.Printf("Can't proxy a datagram to udp/%s: %s\n", proxy.backendAddr, err)
+				break
+			}
+			i += written
+		}
+	}
+}
+
+// Close stops forwarding the traffic.
+func (proxy *UDPProxy) Close() {
+	proxy.listener.Close()
+	proxy.connTrackLock.Lock()
+	defer proxy.connTrackLock.Unlock()
+	for _, conn := range proxy.connTrackTable {
+		conn.Close()
+	}
+}
+
+// FrontendAddr returns the UDP address on which the proxy is listening.
+func (proxy *UDPProxy) FrontendAddr() net.Addr { return proxy.frontendAddr }
+
+// BackendAddr returns the proxied UDP address.
+func (proxy *UDPProxy) BackendAddr() net.Addr { return proxy.backendAddr }
+
+func isClosedError(err error) bool {
+	/* This comparison is ugly, but unfortunately, net.go doesn't export errClosing.
+	 * See:
+	 * http://golang.org/src/pkg/net/net.go
+	 * https://code.google.com/p/go/issues/detail?id=4337
+	 * https://groups.google.com/forum/#!msg/golang-nuts/0_aaCvBmOcM/SptmDyX1XJMJ
+	 */
+	return strings.HasSuffix(err.Error(), "use of closed network connection")
+}
diff --git a/cmd/dockerd/config.go b/cmd/dockerd/config.go
index 2c8ed8edb4a94..0f1dff4b8e3c1 100644
--- a/cmd/dockerd/config.go
+++ b/cmd/dockerd/config.go
@@ -3,8 +3,10 @@ package main
 import (
 	"runtime"
 
+	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/opts"
+	"github.com/docker/docker/plugin/executor/containerd"
 	"github.com/docker/docker/registry"
 	"github.com/spf13/pflag"
 )
@@ -17,8 +19,20 @@ const (
 )
 
 // installCommonConfigFlags adds flags to the pflag.FlagSet to configure the daemon
-func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
-	var maxConcurrentDownloads, maxConcurrentUploads int
+func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
+	var maxConcurrentDownloads, maxConcurrentUploads, maxDownloadAttempts int
+	defaultPidFile, err := getDefaultPidFile()
+	if err != nil {
+		return err
+	}
+	defaultDataRoot, err := getDefaultDataRoot()
+	if err != nil {
+		return err
+	}
+	defaultExecRoot, err := getDefaultExecRoot()
+	if err != nil {
+		return err
+	}
 
 	installRegistryServiceFlags(&conf.ServiceOptions, flags)
 
@@ -33,12 +47,12 @@ func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
 
 	// "--graph" is "soft-deprecated" in favor of "data-root". This flag was added
 	// before Docker 1.0, so won't be removed, only hidden, to discourage its usage.
-	flags.MarkHidden("graph")
+	_ = flags.MarkHidden("graph")
 
 	flags.StringVar(&conf.Root, "data-root", defaultDataRoot, "Root directory of persistent Docker state")
 
 	flags.BoolVarP(&conf.AutoRestart, "restart", "r", true, "--restart on the daemon has been deprecated in favor of --restart policies on docker run")
-	flags.MarkDeprecated("restart", "Please use a restart policy on docker run")
+	_ = flags.MarkDeprecated("restart", "Please use a restart policy on docker run")
 
 	// Windows doesn't support setting the storage driver - there is no choice as to which ones to use.
 	if runtime.GOOS != "windows" {
@@ -50,18 +64,25 @@ func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
 	flags.Var(opts.NewListOptsRef(&conf.DNS, opts.ValidateIPAddress), "dns", "DNS server to use")
 	flags.Var(opts.NewNamedListOptsRef("dns-opts", &conf.DNSOptions, nil), "dns-opt", "DNS options to use")
 	flags.Var(opts.NewListOptsRef(&conf.DNSSearch, opts.ValidateDNSSearch), "dns-search", "DNS search domains to use")
+	flags.Var(opts.NewIPOpt(&conf.HostGatewayIP, ""), "host-gateway-ip", "IP address that the special 'host-gateway' string in --add-host resolves to. Defaults to the IP address of the default bridge")
 	flags.Var(opts.NewNamedListOptsRef("labels", &conf.Labels, opts.ValidateLabel), "label", "Set key=value labels to the daemon")
 	flags.StringVar(&conf.LogConfig.Type, "log-driver", "json-file", "Default driver for container logs")
 	flags.Var(opts.NewNamedMapOpts("log-opts", conf.LogConfig.Config, nil), "log-opt", "Default log driver options for containers")
+
 	flags.StringVar(&conf.ClusterAdvertise, "cluster-advertise", "", "Address or interface name to advertise")
+	_ = flags.MarkDeprecated("cluster-advertise", "Swarm classic is deprecated. Please use Swarm-mode (docker swarm init)")
 	flags.StringVar(&conf.ClusterStore, "cluster-store", "", "URL of the distributed storage backend")
+	_ = flags.MarkDeprecated("cluster-store", "Swarm classic is deprecated. Please use Swarm-mode (docker swarm init)")
 	flags.Var(opts.NewNamedMapOpts("cluster-store-opts", conf.ClusterOpts, nil), "cluster-store-opt", "Set cluster store options")
+	_ = flags.MarkDeprecated("cluster-store-opt", "Swarm classic is deprecated. Please use Swarm-mode (docker swarm init)")
+
 	flags.StringVar(&conf.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API")
 	flags.IntVar(&maxConcurrentDownloads, "max-concurrent-downloads", config.DefaultMaxConcurrentDownloads, "Set the max concurrent downloads for each pull")
 	flags.IntVar(&maxConcurrentUploads, "max-concurrent-uploads", config.DefaultMaxConcurrentUploads, "Set the max concurrent uploads for each push")
+	flags.IntVar(&maxDownloadAttempts, "max-download-attempts", config.DefaultDownloadAttempts, "Set the max download attempts for each pull")
 	flags.IntVar(&conf.ShutdownTimeout, "shutdown-timeout", defaultShutdownTimeout, "Set the default shutdown timeout")
 	flags.IntVar(&conf.NetworkDiagnosticPort, "network-diagnostic-port", 0, "TCP port number of the network diagnostic server")
-	flags.MarkHidden("network-diagnostic-port")
+	_ = flags.MarkHidden("network-diagnostic-port")
 
 	flags.StringVar(&conf.SwarmDefaultAdvertiseAddr, "swarm-default-advertise-addr", "", "Set default address or interface for swarm advertised address")
 	flags.BoolVar(&conf.Experimental, "experimental", false, "Enable experimental features")
@@ -71,15 +92,20 @@ func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
 
 	flags.IntVar(&conf.NetworkControlPlaneMTU, "network-control-plane-mtu", config.DefaultNetworkMtu, "Network Control plane MTU")
 
-	// "--deprecated-key-path" is to allow configuration of the key used
-	// for the daemon ID and the deprecated image signing. It was never
-	// exposed as a command line option but is added here to allow
-	// overriding the default path in configuration.
-	flags.Var(opts.NewQuotedString(&conf.TrustKeyPath), "deprecated-key-path", "Path to key file for ID and image signing")
-	flags.MarkHidden("deprecated-key-path")
-
 	conf.MaxConcurrentDownloads = &maxConcurrentDownloads
 	conf.MaxConcurrentUploads = &maxConcurrentUploads
+	conf.MaxDownloadAttempts = &maxDownloadAttempts
+
+	flags.StringVar(&conf.ContainerdNamespace, "containerd-namespace", daemon.ContainersNamespace, "Containerd namespace to use")
+	flags.StringVar(&conf.ContainerdPluginNamespace, "containerd-plugins-namespace", containerd.PluginNamespace, "Containerd namespace to use for plugins")
+
+	flags.StringVar(&conf.DefaultRuntime, "default-runtime", config.StockRuntimeName, "Default OCI runtime for containers")
+
+	flags.StringVar(&conf.HTTPProxy, "http-proxy", "", "HTTP proxy URL to use for outgoing traffic")
+	flags.StringVar(&conf.HTTPSProxy, "https-proxy", "", "HTTPS proxy URL to use for outgoing traffic")
+	flags.StringVar(&conf.NoProxy, "no-proxy", "", "Comma-separated list of hosts or IP addresses for which the proxy is skipped")
+
+	return nil
 }
 
 func installRegistryServiceFlags(options *registry.ServiceOptions, flags *pflag.FlagSet) {
@@ -90,10 +116,4 @@ func installRegistryServiceFlags(options *registry.ServiceOptions, flags *pflag.
 	flags.Var(ana, "allow-nondistributable-artifacts", "Allow push of nondistributable artifacts to registry")
 	flags.Var(mirrors, "registry-mirror", "Preferred Docker registry mirror")
 	flags.Var(insecureRegistries, "insecure-registry", "Enable insecure registry communication")
-
-	if runtime.GOOS != "windows" {
-		// TODO: Remove this flag after 3 release cycles (18.03)
-		flags.BoolVar(&options.V2Only, "disable-legacy-registry", true, "Disable contacting legacy registries")
-		flags.MarkHidden("disable-legacy-registry")
-	}
 }
diff --git a/cmd/dockerd/config_common_unix.go b/cmd/dockerd/config_common_unix.go
index febf30ae9fca6..dfbc3e2e3d0e3 100644
--- a/cmd/dockerd/config_common_unix.go
+++ b/cmd/dockerd/config_common_unix.go
@@ -1,19 +1,50 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package main
 
 import (
+	"path/filepath"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/homedir"
 	"github.com/spf13/pflag"
 )
 
-var (
-	defaultPidFile  = "/var/run/docker.pid"
-	defaultDataRoot = "/var/lib/docker"
-	defaultExecRoot = "/var/run/docker"
-)
+func getDefaultPidFile() (string, error) {
+	if !honorXDG {
+		return "/var/run/docker.pid", nil
+	}
+	runtimeDir, err := homedir.GetRuntimeDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(runtimeDir, "docker.pid"), nil
+}
+
+func getDefaultDataRoot() (string, error) {
+	if !honorXDG {
+		return "/var/lib/docker", nil
+	}
+	dataHome, err := homedir.GetDataHome()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(dataHome, "docker"), nil
+}
+
+func getDefaultExecRoot() (string, error) {
+	if !honorXDG {
+		return "/var/run/docker", nil
+	}
+	runtimeDir, err := homedir.GetRuntimeDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(runtimeDir, "docker"), nil
+}
 
 // installUnixConfigFlags adds command-line options to the top-level flag parser for
 // the current process that are common across Unix platforms.
@@ -29,6 +60,4 @@ func installUnixConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
 	flags.BoolVar(&conf.BridgeConfig.InterContainerCommunication, "icc", true, "Enable inter-container communication")
 	flags.Var(opts.NewIPOpt(&conf.BridgeConfig.DefaultIP, "0.0.0.0"), "ip", "Default IP when binding container ports")
 	flags.Var(opts.NewNamedRuntimeOpt("runtimes", &conf.Runtimes, config.StockRuntimeName), "add-runtime", "Register an additional OCI compatible runtime")
-	flags.StringVar(&conf.DefaultRuntime, "default-runtime", config.StockRuntimeName, "Default OCI runtime for containers")
-
 }
diff --git a/cmd/dockerd/config_unix.go b/cmd/dockerd/config_unix.go
index 2dbd84b1db079..354d5da1968f9 100644
--- a/cmd/dockerd/config_unix.go
+++ b/cmd/dockerd/config_unix.go
@@ -1,18 +1,26 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package main
 
 import (
+	"os/exec"
+
+	"github.com/containerd/cgroups"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/opts"
-	"github.com/docker/go-units"
+	"github.com/docker/docker/rootless"
+	units "github.com/docker/go-units"
+	"github.com/pkg/errors"
 	"github.com/spf13/pflag"
 )
 
 // installConfigFlags adds flags to the pflag.FlagSet to configure the daemon
-func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
+func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
 	// First handle install flags which are consistent cross-platform
-	installCommonConfigFlags(conf, flags)
+	if err := installCommonConfigFlags(conf, flags); err != nil {
+		return err
+	}
 
 	// Then install flags common to unix platforms
 	installUnixConfigFlags(conf, flags)
@@ -27,24 +35,42 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
 	flags.BoolVar(&conf.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
 	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", &conf.Ulimits), "default-ulimit", "Default ulimits for containers")
 	flags.BoolVar(&conf.BridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
+	flags.BoolVar(&conf.BridgeConfig.EnableIP6Tables, "ip6tables", false, "Enable addition of ip6tables rules")
 	flags.BoolVar(&conf.BridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
 	flags.BoolVar(&conf.BridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
 	flags.BoolVar(&conf.BridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")
 	flags.StringVar(&conf.BridgeConfig.FixedCIDRv6, "fixed-cidr-v6", "", "IPv6 subnet for fixed IPs")
 	flags.BoolVar(&conf.BridgeConfig.EnableUserlandProxy, "userland-proxy", true, "Use userland proxy for loopback traffic")
-	flags.StringVar(&conf.BridgeConfig.UserlandProxyPath, "userland-proxy-path", "", "Path to the userland proxy binary")
+	defaultUserlandProxyPath := ""
+	if rootless.RunningWithRootlessKit() {
+		var err error
+		// use rootlesskit-docker-proxy for exposing the ports in RootlessKit netns to the initial namespace.
+		defaultUserlandProxyPath, err = exec.LookPath(rootless.RootlessKitDockerProxyBinary)
+		if err != nil {
+			return errors.Wrapf(err, "running with RootlessKit, but %s not installed", rootless.RootlessKitDockerProxyBinary)
+		}
+	}
+	flags.StringVar(&conf.BridgeConfig.UserlandProxyPath, "userland-proxy-path", defaultUserlandProxyPath, "Path to the userland proxy binary")
 	flags.StringVar(&conf.CgroupParent, "cgroup-parent", "", "Set parent cgroup for all containers")
 	flags.StringVar(&conf.RemappedRoot, "userns-remap", "", "User/Group setting for user namespaces")
 	flags.BoolVar(&conf.LiveRestoreEnabled, "live-restore", false, "Enable live restore of docker when containers are still running")
-	flags.IntVar(&conf.OOMScoreAdjust, "oom-score-adjust", -500, "Set the oom_score_adj for the daemon")
+	flags.IntVar(&conf.OOMScoreAdjust, "oom-score-adjust", 0, "Set the oom_score_adj for the daemon")
 	flags.BoolVar(&conf.Init, "init", false, "Run an init in the container to forward signals and reap processes")
 	flags.StringVar(&conf.InitPath, "init-path", "", "Path to the docker-init binary")
-	flags.Int64Var(&conf.CPURealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds")
-	flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds")
-	flags.StringVar(&conf.SeccompProfile, "seccomp-profile", "", "Path to seccomp profile")
+	flags.Int64Var(&conf.CPURealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds for the parent cgroup for all containers")
+	flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds for the parent cgroup for all containers")
+	flags.StringVar(&conf.SeccompProfile, "seccomp-profile", config.SeccompProfileDefault, `Path to seccomp profile. Use "unconfined" to disable the default seccomp profile`)
 	flags.Var(&conf.ShmSize, "default-shm-size", "Default shm size for containers")
 	flags.BoolVar(&conf.NoNewPrivileges, "no-new-privileges", false, "Set no-new-privileges by default for new containers")
-	flags.StringVar(&conf.IpcMode, "default-ipc-mode", config.DefaultIpcMode, `Default mode for containers ipc ("shareable" | "private")`)
+	flags.StringVar(&conf.IpcMode, "default-ipc-mode", string(config.DefaultIpcMode), `Default mode for containers ipc ("shareable" | "private")`)
 	flags.Var(&conf.NetworkConfig.DefaultAddressPools, "default-address-pool", "Default address pools for node specific local networks")
-
+	// rootless needs to be explicitly specified for running "rootful" dockerd in rootless dockerd (#38702)
+	// Note that defaultUserlandProxyPath and honorXDG are configured according to the value of rootless.RunningWithRootlessKit, not the value of --rootless.
+	flags.BoolVar(&conf.Rootless, "rootless", rootless.RunningWithRootlessKit(), "Enable rootless mode; typically used with RootlessKit")
+	defaultCgroupNamespaceMode := config.DefaultCgroupNamespaceMode
+	if cgroups.Mode() != cgroups.Unified {
+		defaultCgroupNamespaceMode = config.DefaultCgroupV1NamespaceMode
+	}
+	flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", string(defaultCgroupNamespaceMode), `Default mode for containers cgroup namespace ("host" | "private")`)
+	return nil
 }
diff --git a/cmd/dockerd/config_unix_test.go b/cmd/dockerd/config_unix_test.go
index d7dbf4b4cc5d7..1ffe4c1fbf2b8 100644
--- a/cmd/dockerd/config_unix_test.go
+++ b/cmd/dockerd/config_unix_test.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package main
@@ -7,15 +8,16 @@ import (
 
 	"github.com/docker/docker/daemon/config"
 	"github.com/spf13/pflag"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestDaemonParseShmSize(t *testing.T) {
 	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
 
 	conf := &config.Config{}
-	installConfigFlags(conf, flags)
+	err := installConfigFlags(conf, flags)
+	assert.NilError(t, err)
 	// By default `--default-shm-size=64M`
 	assert.Check(t, is.Equal(int64(64*1024*1024), conf.ShmSize.Value()))
 	assert.Check(t, flags.Set("default-shm-size", "128M"))
diff --git a/cmd/dockerd/config_windows.go b/cmd/dockerd/config_windows.go
index 36af76645ff95..88b76196dc34c 100644
--- a/cmd/dockerd/config_windows.go
+++ b/cmd/dockerd/config_windows.go
@@ -8,19 +8,28 @@ import (
 	"github.com/spf13/pflag"
 )
 
-var (
-	defaultPidFile  string
-	defaultDataRoot = filepath.Join(os.Getenv("programdata"), "docker")
-	defaultExecRoot = filepath.Join(os.Getenv("programdata"), "docker", "exec-root")
-)
+func getDefaultPidFile() (string, error) {
+	return "", nil
+}
+
+func getDefaultDataRoot() (string, error) {
+	return filepath.Join(os.Getenv("programdata"), "docker"), nil
+}
+
+func getDefaultExecRoot() (string, error) {
+	return filepath.Join(os.Getenv("programdata"), "docker", "exec-root"), nil
+}
 
 // installConfigFlags adds flags to the pflag.FlagSet to configure the daemon
-func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
+func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
 	// First handle install flags which are consistent cross-platform
-	installCommonConfigFlags(conf, flags)
+	if err := installCommonConfigFlags(conf, flags); err != nil {
+		return err
+	}
 
 	// Then platform-specific install flags.
 	flags.StringVar(&conf.BridgeConfig.FixedCIDR, "fixed-cidr", "", "IPv4 subnet for fixed IPs")
 	flags.StringVarP(&conf.BridgeConfig.Iface, "bridge", "b", "", "Attach containers to a virtual switch")
 	flags.StringVarP(&conf.SocketGroup, "group", "G", "", "Users or groups that can access the named pipe")
+	return nil
 }
diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go
index 2efa60b5c58db..2c9ae2951b916 100644
--- a/cmd/dockerd/daemon.go
+++ b/cmd/dockerd/daemon.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"net"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -11,7 +12,6 @@ import (
 	"time"
 
 	containerddefaults "github.com/containerd/containerd/defaults"
-	"github.com/docker/distribution/uuid"
 	"github.com/docker/docker/api"
 	apiserver "github.com/docker/docker/api/server"
 	buildbackend "github.com/docker/docker/api/server/backend/build"
@@ -21,6 +21,7 @@ import (
 	checkpointrouter "github.com/docker/docker/api/server/router/checkpoint"
 	"github.com/docker/docker/api/server/router/container"
 	distributionrouter "github.com/docker/docker/api/server/router/distribution"
+	grpcrouter "github.com/docker/docker/api/server/router/grpc"
 	"github.com/docker/docker/api/server/router/image"
 	"github.com/docker/docker/api/server/router/network"
 	pluginrouter "github.com/docker/docker/api/server/router/plugin"
@@ -30,8 +31,8 @@ import (
 	"github.com/docker/docker/api/server/router/volume"
 	buildkit "github.com/docker/docker/builder/builder-next"
 	"github.com/docker/docker/builder/dockerfile"
-	"github.com/docker/docker/builder/fscache"
 	"github.com/docker/docker/cli/debug"
+	"github.com/docker/docker/cmd/dockerd/trap"
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemon/cluster"
 	"github.com/docker/docker/daemon/config"
@@ -40,12 +41,14 @@ import (
 	"github.com/docker/docker/libcontainerd/supervisor"
 	dopts "github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/authorization"
+	"github.com/docker/docker/pkg/homedir"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/pidfile"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/plugin"
+	"github.com/docker/docker/rootless"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/go-connections/tlsconfig"
 	swarmapi "github.com/docker/swarmkit/api"
@@ -72,17 +75,28 @@ func NewDaemonCli() *DaemonCli {
 }
 
 func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
-	stopc := make(chan bool)
-	defer close(stopc)
-
-	// warn from uuid package when running the daemon
-	uuid.Loggerf = logrus.Warnf
-
 	opts.SetDefaultOptions(opts.flags)
 
 	if cli.Config, err = loadDaemonCliConfig(opts); err != nil {
 		return err
 	}
+
+	if opts.Validate {
+		// If config wasn't OK we wouldn't have made it this far.
+		fmt.Fprintln(os.Stderr, "configuration OK")
+		return nil
+	}
+
+	configureProxyEnv(cli.Config)
+
+	warnOnDeprecatedConfigOptions(cli.Config)
+
+	if err := configureDaemonLogs(cli.Config); err != nil {
+		return err
+	}
+
+	logrus.Info("Starting up")
+
 	cli.configFile = &opts.configFile
 	cli.flags = opts.flags
 
@@ -94,13 +108,20 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 		logrus.Warn("Running experimental build")
 	}
 
-	logrus.SetFormatter(&logrus.TextFormatter{
-		TimestampFormat: jsonmessage.RFC3339NanoFixed,
-		DisableColors:   cli.Config.RawLogs,
-		FullTimestamp:   true,
-	})
+	if cli.Config.IsRootless() {
+		logrus.Warn("Running in rootless mode. This mode has feature limitations.")
+	}
+	if rootless.RunningWithRootlessKit() {
+		logrus.Info("Running with RootlessKit integration")
+		if !cli.Config.IsRootless() {
+			return fmt.Errorf("rootless mode needs to be enabled for running with RootlessKit")
+		}
+	}
 
-	system.InitLCOW(cli.Config.Experimental)
+	// return human-friendly error before creating files
+	if runtime.GOOS == "linux" && os.Geteuid() != 0 {
+		return fmt.Errorf("dockerd needs to be started with root privileges. To run dockerd in rootless mode as an unprivileged user, see https://docs.docker.com/go/rootless/")
+	}
 
 	if err := setDefaultUmask(); err != nil {
 		return err
@@ -112,15 +133,18 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 		return err
 	}
 
-	if err := system.MkdirAll(cli.Config.ExecRoot, 0700, ""); err != nil {
+	if err := system.MkdirAll(cli.Config.ExecRoot, 0700); err != nil {
 		return err
 	}
 
+	potentiallyUnderRuntimeDir := []string{cli.Config.ExecRoot}
+
 	if cli.Pidfile != "" {
 		pf, err := pidfile.New(cli.Pidfile)
 		if err != nil {
 			return errors.Wrap(err, "failed to start daemon")
 		}
+		potentiallyUnderRuntimeDir = append(potentiallyUnderRuntimeDir, cli.Pidfile)
 		defer func() {
 			if err := pf.Remove(); err != nil {
 				logrus.Error(err)
@@ -128,6 +152,14 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 		}()
 	}
 
+	if cli.Config.IsRootless() {
+		// Set sticky bit if XDG_RUNTIME_DIR is set && the file is actually under XDG_RUNTIME_DIR
+		if _, err := homedir.StickRuntimeDirContents(potentiallyUnderRuntimeDir); err != nil {
+			// StickRuntimeDirContents returns nil error if XDG_RUNTIME_DIR is just unset
+			logrus.WithError(err).Warn("cannot set sticky bit on files under XDG_RUNTIME_DIR")
+		}
+	}
+
 	serverConfig, err := newAPIServerConfig(cli)
 	if err != nil {
 		return errors.Wrap(err, "failed to create API server")
@@ -140,36 +172,26 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 	}
 
 	ctx, cancel := context.WithCancel(context.Background())
-	if cli.Config.ContainerdAddr == "" && runtime.GOOS != "windows" {
-		if !systemContainerdRunning() {
-			opts, err := cli.getContainerdDaemonOpts()
-			if err != nil {
-				cancel()
-				return errors.Wrap(err, "failed to generate containerd options")
-			}
-
-			r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
-			if err != nil {
-				cancel()
-				return errors.Wrap(err, "failed to start containerd")
-			}
-			cli.Config.ContainerdAddr = r.Address()
-
-			// Try to wait for containerd to shutdown
-			defer r.WaitTimeout(10 * time.Second)
-		} else {
-			cli.Config.ContainerdAddr = containerddefaults.DefaultAddress
-		}
+	waitForContainerDShutdown, err := cli.initContainerD(ctx)
+	if waitForContainerDShutdown != nil {
+		defer waitForContainerDShutdown(10 * time.Second)
+	}
+	if err != nil {
+		cancel()
+		return err
 	}
 	defer cancel()
 
-	signal.Trap(func() {
+	stopc := make(chan bool)
+	defer close(stopc)
+
+	trap.Trap(func() {
 		cli.stop()
 		<-stopc // wait for daemonCli.start() to return
 	}, logrus.StandardLogger())
 
 	// Notify that the API is active, but before daemon is set up.
-	preNotifySystem()
+	preNotifyReady()
 
 	pluginStore := plugin.NewStore()
 
@@ -189,14 +211,10 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 		return errors.Wrap(err, "failed to validate authorization plugin")
 	}
 
-	// TODO: move into startMetricsServer()
-	if cli.Config.MetricsAddress != "" {
-		if !d.HasExperimental() {
-			return errors.Wrap(err, "metrics-addr is only supported when experimental is enabled")
-		}
-		if err := startMetricsServer(cli.Config.MetricsAddress); err != nil {
-			return err
-		}
+	cli.d = d
+
+	if err := startMetricsServer(cli.Config.MetricsAddress); err != nil {
+		return errors.Wrap(err, "failed to start metrics server")
 	}
 
 	c, err := createAndStartCluster(cli, d)
@@ -211,8 +229,6 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 
 	logrus.Info("Daemon has completed initialization")
 
-	cli.d = d
-
 	routerOptions, err := newRouterOptions(cli.Config, d)
 	if err != nil {
 		return err
@@ -233,13 +249,15 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 	go cli.api.Wait(serveAPIWait)
 
 	// after the daemon is done setting up we can notify systemd api
-	notifySystem()
+	notifyReady()
 
 	// Daemon is fully initialized and handling API traffic
 	// Wait for serve API to complete
 	errAPI := <-serveAPIWait
 	c.Cleanup()
 
+	// notify systemd that we're shutting down
+	notifyStopping()
 	shutdownDaemon(d)
 
 	// Stop notification processing and any background processes
@@ -249,13 +267,13 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 		return errors.Wrap(errAPI, "shutting down due to ServeAPI error")
 	}
 
+	logrus.Info("Daemon shutdown complete")
 	return nil
 }
 
 type routerOptions struct {
 	sessionManager *session.Manager
 	buildBackend   *buildbackend.Backend
-	buildCache     *fscache.FSCache // legacy
 	features       *map[string]bool
 	buildkit       *buildkit.Builder
 	daemon         *daemon.Daemon
@@ -270,21 +288,7 @@ func newRouterOptions(config *config.Config, d *daemon.Daemon) (routerOptions, e
 		return opts, errors.Wrap(err, "failed to create sessionmanager")
 	}
 
-	builderStateDir := filepath.Join(config.Root, "builder")
-
-	buildCache, err := fscache.NewFSCache(fscache.Opt{
-		Backend: fscache.NewNaiveCacheBackend(builderStateDir),
-		Root:    builderStateDir,
-		GCPolicy: fscache.GCPolicy{ // TODO: expose this in config
-			MaxSize:         1024 * 1024 * 512,  // 512MB
-			MaxKeepDuration: 7 * 24 * time.Hour, // 1 week
-		},
-	})
-	if err != nil {
-		return opts, errors.Wrap(err, "failed to create fscache")
-	}
-
-	manager, err := dockerfile.NewBuildManager(d.BuilderBackend(), sm, buildCache, d.IdentityMapping())
+	manager, err := dockerfile.NewBuildManager(d.BuilderBackend(), d.IdentityMapping())
 	if err != nil {
 		return opts, err
 	}
@@ -295,21 +299,24 @@ func newRouterOptions(config *config.Config, d *daemon.Daemon) (routerOptions, e
 		Dist:                d.DistributionServices(),
 		NetworkController:   d.NetworkController(),
 		DefaultCgroupParent: cgroupParent,
-		ResolverOpt:         d.NewResolveOptionsFunc(),
+		RegistryHosts:       d.RegistryHosts(),
 		BuilderConfig:       config.Builder,
+		Rootless:            d.Rootless(),
+		IdentityMapping:     d.IdentityMapping(),
+		DNSConfig:           config.DNSConfig,
+		ApparmorProfile:     daemon.DefaultApparmorProfile(),
 	})
 	if err != nil {
 		return opts, err
 	}
 
-	bb, err := buildbackend.NewBackend(d.ImageService(), manager, buildCache, bk)
+	bb, err := buildbackend.NewBackend(d.ImageService(), manager, bk, d.EventsService)
 	if err != nil {
 		return opts, errors.Wrap(err, "failed to create buildmanager")
 	}
 	return routerOptions{
 		sessionManager: sm,
 		buildBackend:   bb,
-		buildCache:     buildCache,
 		buildkit:       bk,
 		features:       d.Features(),
 		daemon:         d,
@@ -326,19 +333,6 @@ func (cli *DaemonCli) reloadConfig() {
 		}
 		cli.authzMiddleware.SetPlugins(c.AuthorizationPlugins)
 
-		// The namespaces com.docker.*, io.docker.*, org.dockerproject.* have been documented
-		// to be reserved for Docker's internal use, but this was never enforced.  Allowing
-		// configured labels to use these namespaces are deprecated for 18.05.
-		//
-		// The following will check the usage of such labels, and report a warning for deprecation.
-		//
-		// TODO: At the next stable release, the validation should be folded into the other
-		// configuration validation functions and an error will be returned instead, and this
-		// block should be deleted.
-		if err := config.ValidateReservedNamespaceLabels(c.Labels); err != nil {
-			logrus.Warnf("Configured labels using reserved namespaces is deprecated: %s", err)
-		}
-
 		if err := cli.d.Reload(c); err != nil {
 			logrus.Errorf("Error reconfiguring the daemon: %v", err)
 			return
@@ -379,10 +373,14 @@ func shutdownDaemon(d *daemon.Daemon) {
 		logrus.Debug("Clean shutdown succeeded")
 		return
 	}
+
+	timeout := time.NewTimer(time.Duration(shutdownTimeout) * time.Second)
+	defer timeout.Stop()
+
 	select {
 	case <-ch:
 		logrus.Debug("Clean shutdown succeeded")
-	case <-time.After(time.Duration(shutdownTimeout) * time.Second):
+	case <-timeout.C:
 		logrus.Error("Force shutdown daemon")
 	}
 }
@@ -393,8 +391,16 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
 	conf.Debug = opts.Debug
 	conf.Hosts = opts.Hosts
 	conf.LogLevel = opts.LogLevel
-	conf.TLS = opts.TLS
-	conf.TLSVerify = opts.TLSVerify
+
+	if opts.flags.Changed(FlagTLS) {
+		conf.TLS = &opts.TLS
+	}
+	if opts.flags.Changed(FlagTLSVerify) {
+		conf.TLSVerify = &opts.TLSVerify
+		v := true
+		conf.TLS = &v
+	}
+
 	conf.CommonTLSOptions = config.CommonTLSOptions{}
 
 	if opts.TLSOptions != nil {
@@ -404,9 +410,11 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
 	}
 
 	if conf.TrustKeyPath == "" {
-		conf.TrustKeyPath = filepath.Join(
-			getDaemonConfDir(conf.Root),
-			defaultTrustKeyFile)
+		daemonConfDir, err := getDaemonConfDir(conf.Root)
+		if err != nil {
+			return nil, err
+		}
+		conf.TrustKeyPath = filepath.Join(daemonConfDir, defaultTrustKeyFile)
 	}
 
 	if flags.Changed("graph") && flags.Changed("data-root") {
@@ -420,6 +428,7 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
 				return nil, errors.Wrapf(err, "unable to configure the Docker daemon with file %s", opts.configFile)
 			}
 		}
+
 		// the merged configuration can be nil if the config file didn't exist.
 		// leave the current configuration as it is if when that happens.
 		if c != nil {
@@ -431,17 +440,6 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
 		return nil, err
 	}
 
-	if runtime.GOOS != "windows" {
-		if flags.Changed("disable-legacy-registry") {
-			// TODO: Remove this error after 3 release cycles (18.03)
-			return nil, errors.New("ERROR: The '--disable-legacy-registry' flag has been removed. Interacting with legacy (v1) registries is no longer supported")
-		}
-		if !conf.V2Only {
-			// TODO: Remove this error after 3 release cycles (18.03)
-			return nil, errors.New("ERROR: The 'disable-legacy-registry' configuration option has been removed. Interacting with legacy (v1) registries is no longer supported")
-		}
-	}
-
 	if flags.Changed("graph") {
 		logrus.Warnf(`The "-g / --graph" flag is deprecated. Please use "--data-root" instead`)
 	}
@@ -451,41 +449,47 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
 	if err != nil {
 		return nil, err
 	}
-	// The namespaces com.docker.*, io.docker.*, org.dockerproject.* have been documented
-	// to be reserved for Docker's internal use, but this was never enforced.  Allowing
-	// configured labels to use these namespaces are deprecated for 18.05.
-	//
-	// The following will check the usage of such labels, and report a warning for deprecation.
-	//
-	// TODO: At the next stable release, the validation should be folded into the other
-	// configuration validation functions and an error will be returned instead, and this
-	// block should be deleted.
-	if err := config.ValidateReservedNamespaceLabels(newLabels); err != nil {
-		logrus.Warnf("Configured labels using reserved namespaces is deprecated: %s", err)
-	}
 	conf.Labels = newLabels
 
 	// Regardless of whether the user sets it to true or false, if they
 	// specify TLSVerify at all then we need to turn on TLS
 	if conf.IsValueSet(FlagTLSVerify) {
-		conf.TLS = true
+		v := true
+		conf.TLS = &v
 	}
 
-	// ensure that the log level is the one set after merging configurations
-	setLogLevel(conf.LogLevel)
+	if conf.TLSVerify == nil && conf.TLS != nil {
+		conf.TLSVerify = conf.TLS
+	}
 
 	return conf, nil
 }
 
+func warnOnDeprecatedConfigOptions(config *config.Config) {
+	if config.ClusterAdvertise != "" {
+		logrus.Warn(`The "cluster-advertise" option is deprecated. To be removed soon.`)
+	}
+	if config.ClusterStore != "" {
+		logrus.Warn(`The "cluster-store" option is deprecated. To be removed soon.`)
+	}
+	if len(config.ClusterOpts) > 0 {
+		logrus.Warn(`The "cluster-store-opt" option is deprecated. To be removed soon.`)
+	}
+}
+
 func initRouter(opts routerOptions) {
-	decoder := runconfig.ContainerDecoder{}
+	decoder := runconfig.ContainerDecoder{
+		GetSysInfo: func() *sysinfo.SysInfo {
+			return opts.daemon.RawSysInfo()
+		},
+	}
 
 	routers := []router.Router{
 		// we need to add the checkpoint router before the container router or the DELETE gets masked
 		checkpointrouter.NewRouter(opts.daemon, decoder),
-		container.NewRouter(opts.daemon, decoder),
+		container.NewRouter(opts.daemon, decoder, opts.daemon.RawSysInfo().CgroupUnified),
 		image.NewRouter(opts.daemon.ImageService()),
-		systemrouter.NewRouter(opts.daemon, opts.cluster, opts.buildCache, opts.buildkit, opts.features),
+		systemrouter.NewRouter(opts.daemon, opts.cluster, opts.buildkit, opts.features),
 		volume.NewRouter(opts.daemon.VolumesService()),
 		build.NewRouter(opts.buildBackend, opts.daemon, opts.features),
 		sessionrouter.NewRouter(opts.sessionManager),
@@ -494,6 +498,16 @@ func initRouter(opts routerOptions) {
 		distributionrouter.NewRouter(opts.daemon.ImageService()),
 	}
 
+	grpcBackends := []grpcrouter.Backend{}
+	for _, b := range []interface{}{opts.daemon, opts.buildBackend} {
+		if b, ok := b.(grpcrouter.Backend); ok {
+			grpcBackends = append(grpcBackends, b)
+		}
+	}
+	if len(grpcBackends) > 0 {
+		routers = append(routers, grpcrouter.NewRouter(grpcBackends...))
+	}
+
 	if opts.daemon.NetworkControllerEnabled() {
 		routers = append(routers, network.NewRouter(opts.daemon, opts.cluster))
 	}
@@ -559,7 +573,7 @@ func newAPIServerConfig(cli *DaemonCli) (*apiserver.Config, error) {
 		CorsHeaders: cli.Config.CorsHeaders,
 	}
 
-	if cli.Config.TLS {
+	if cli.Config.TLS != nil && *cli.Config.TLS {
 		tlsOptions := tlsconfig.Options{
 			CAFile:             cli.Config.CommonTLSOptions.CAFile,
 			CertFile:           cli.Config.CommonTLSOptions.CertFile,
@@ -567,7 +581,7 @@ func newAPIServerConfig(cli *DaemonCli) (*apiserver.Config, error) {
 			ExclusiveRootPools: true,
 		}
 
-		if cli.Config.TLSVerify {
+		if cli.Config.TLSVerify == nil || *cli.Config.TLSVerify {
 			// server requires and verifies client's certificate
 			tlsOptions.ClientAuth = tls.RequireAndVerifyClientCert
 		}
@@ -585,13 +599,49 @@ func newAPIServerConfig(cli *DaemonCli) (*apiserver.Config, error) {
 	return serverConfig, nil
 }
 
+// checkTLSAuthOK checks basically for an explicitly disabled TLS/TLSVerify
+// Going forward we do not want to support a scenario where dockerd listens
+//   on TCP without either TLS client auth (or an explicit opt-in to disable it)
+func checkTLSAuthOK(c *config.Config) bool {
+	if c.TLS == nil {
+		// Either TLS is enabled by default, in which case TLS verification should be enabled by default, or explicitly disabled
+		// Or TLS is disabled by default... in any of these cases, we can just take the default value as to how to proceed
+		return DefaultTLSValue
+	}
+
+	if !*c.TLS {
+		// TLS is explicitly disabled, which is supported
+		return true
+	}
+
+	if c.TLSVerify == nil {
+		// this actually shouldn't happen since we set TLSVerify on the config object anyway
+		// But in case it does get here, be cautious and assume this is not supported.
+		return false
+	}
+
+	// Either TLSVerify is explicitly enabled or disabled, both cases are supported
+	return true
+}
+
 func loadListeners(cli *DaemonCli, serverConfig *apiserver.Config) ([]string, error) {
 	var hosts []string
+	seen := make(map[string]struct{}, len(cli.Config.Hosts))
+
+	useTLS := DefaultTLSValue
+	if cli.Config.TLS != nil {
+		useTLS = *cli.Config.TLS
+	}
+
 	for i := 0; i < len(cli.Config.Hosts); i++ {
 		var err error
-		if cli.Config.Hosts[i], err = dopts.ParseHost(cli.Config.TLS, cli.Config.Hosts[i]); err != nil {
+		if cli.Config.Hosts[i], err = dopts.ParseHost(useTLS, honorXDG, cli.Config.Hosts[i]); err != nil {
 			return nil, errors.Wrapf(err, "error parsing -H %s", cli.Config.Hosts[i])
 		}
+		if _, ok := seen[cli.Config.Hosts[i]]; ok {
+			continue
+		}
+		seen[cli.Config.Hosts[i]] = struct{}{}
 
 		protoAddr := cli.Config.Hosts[i]
 		protoAddrParts := strings.SplitN(protoAddr, "://", 2)
@@ -603,14 +653,48 @@ func loadListeners(cli *DaemonCli, serverConfig *apiserver.Config) ([]string, er
 		addr := protoAddrParts[1]
 
 		// It's a bad idea to bind to TCP without tlsverify.
-		if proto == "tcp" && (serverConfig.TLSConfig == nil || serverConfig.TLSConfig.ClientAuth != tls.RequireAndVerifyClientCert) {
-			logrus.Warn("[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]")
+		authEnabled := serverConfig.TLSConfig != nil && serverConfig.TLSConfig.ClientAuth == tls.RequireAndVerifyClientCert
+		if proto == "tcp" && !authEnabled {
+			logrus.WithField("host", protoAddr).Warn("Binding to IP address without --tlsverify is insecure and gives root access on this machine to everyone who has access to your network.")
+			logrus.WithField("host", protoAddr).Warn("Binding to an IP address, even on localhost, can also give access to scripts run in a browser. Be safe out there!")
+			time.Sleep(time.Second)
+
+			// If TLSVerify is explicitly set to false we'll take that as "Please let me shoot myself in the foot"
+			// We do not want to continue to support a default mode where tls verification is disabled, so we do some extra warnings here and eventually remove support
+			if !checkTLSAuthOK(cli.Config) {
+				ipAddr, _, err := net.SplitHostPort(addr)
+				if err != nil {
+					return nil, errors.Wrap(err, "error parsing tcp address")
+				}
+
+				// shortcut all this extra stuff for literal "localhost"
+				// -H supports specifying hostnames, since we want to bypass this on loopback interfaces we'll look it up here.
+				if ipAddr != "localhost" {
+					ip := net.ParseIP(ipAddr)
+					if ip == nil {
+						ipA, err := net.ResolveIPAddr("ip", ipAddr)
+						if err != nil {
+							logrus.WithError(err).WithField("host", ipAddr).Error("Error looking up specified host address")
+						}
+						if ipA != nil {
+							ip = ipA.IP
+						}
+					}
+					if ip == nil || !ip.IsLoopback() {
+						logrus.WithField("host", protoAddr).Warn("Binding to an IP address without --tlsverify is deprecated. Startup is intentionally being slowed down to show this message")
+						logrus.WithField("host", protoAddr).Warn("Please consider generating tls certificates with client validation to prevent exposing unauthenticated root access to your network")
+						logrus.WithField("host", protoAddr).Warnf("You can override this by explicitly specifying '--%s=false' or '--%s=false'", FlagTLS, FlagTLSVerify)
+						logrus.WithField("host", protoAddr).Warnf("Support for listening on TCP without authentication or explicit intent to run without authentication will be removed in the next release")
+
+						time.Sleep(15 * time.Second)
+					}
+				}
+			}
 		}
 		ls, err := listeners.Init(proto, addr, serverConfig.SocketGroup, serverConfig.TLSConfig)
 		if err != nil {
 			return nil, err
 		}
-		ls = wrapListeners(proto, ls)
 		// If we're binding to a TCP port, make sure that a container doesn't try to use it.
 		if proto == "tcp" {
 			if err := allocateDaemonPort(addr); err != nil {
@@ -666,7 +750,60 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
 	return nil
 }
 
-func systemContainerdRunning() bool {
-	_, err := os.Lstat(containerddefaults.DefaultAddress)
-	return err == nil
+func systemContainerdRunning(honorXDG bool) (string, bool, error) {
+	addr := containerddefaults.DefaultAddress
+	if honorXDG {
+		runtimeDir, err := homedir.GetRuntimeDir()
+		if err != nil {
+			return "", false, err
+		}
+		addr = filepath.Join(runtimeDir, "containerd", "containerd.sock")
+	}
+	_, err := os.Lstat(addr)
+	return addr, err == nil, nil
+}
+
+// configureDaemonLogs sets the logrus logging level and formatting
+func configureDaemonLogs(conf *config.Config) error {
+	if conf.LogLevel != "" {
+		lvl, err := logrus.ParseLevel(conf.LogLevel)
+		if err != nil {
+			return fmt.Errorf("unable to parse logging level: %s", conf.LogLevel)
+		}
+		logrus.SetLevel(lvl)
+	} else {
+		logrus.SetLevel(logrus.InfoLevel)
+	}
+	logrus.SetFormatter(&logrus.TextFormatter{
+		TimestampFormat: jsonmessage.RFC3339NanoFixed,
+		DisableColors:   conf.RawLogs,
+		FullTimestamp:   true,
+	})
+	return nil
+}
+
+func configureProxyEnv(conf *config.Config) {
+	if p := conf.HTTPProxy; p != "" {
+		overrideProxyEnv("HTTP_PROXY", p)
+		overrideProxyEnv("http_proxy", p)
+	}
+	if p := conf.HTTPSProxy; p != "" {
+		overrideProxyEnv("HTTPS_PROXY", p)
+		overrideProxyEnv("https_proxy", p)
+	}
+	if p := conf.NoProxy; p != "" {
+		overrideProxyEnv("NO_PROXY", p)
+		overrideProxyEnv("no_proxy", p)
+	}
+}
+
+func overrideProxyEnv(name, val string) {
+	if oldVal := os.Getenv(name); oldVal != "" && oldVal != val {
+		logrus.WithFields(logrus.Fields{
+			"name":      name,
+			"old-value": config.MaskCredentials(oldVal),
+			"new-value": config.MaskCredentials(val),
+		}).Warn("overriding existing proxy variable with value from configuration")
+	}
+	_ = os.Setenv(name, val)
 }
diff --git a/cmd/dockerd/daemon_freebsd.go b/cmd/dockerd/daemon_freebsd.go
index 6d013b8103990..1bb49047c71ab 100644
--- a/cmd/dockerd/daemon_freebsd.go
+++ b/cmd/dockerd/daemon_freebsd.go
@@ -1,9 +1,13 @@
 package main
 
-// preNotifySystem sends a message to the host when the API is active, but before the daemon is
-func preNotifySystem() {
+// preNotifyReady sends a message to the host when the API is active, but before the daemon is
+func preNotifyReady() {
 }
 
-// notifySystem sends a message to the host when the server is ready to be used
-func notifySystem() {
+// notifyReady sends a message to the host when the server is ready to be used
+func notifyReady() {
+}
+
+// notifyStopping sends a message to the host when the server is shutting down
+func notifyStopping() {
 }
diff --git a/cmd/dockerd/daemon_linux.go b/cmd/dockerd/daemon_linux.go
index cf2d65275f625..aade57a8d3389 100644
--- a/cmd/dockerd/daemon_linux.go
+++ b/cmd/dockerd/daemon_linux.go
@@ -1,13 +1,18 @@
 package main
 
-import systemdDaemon "github.com/coreos/go-systemd/daemon"
+import systemdDaemon "github.com/coreos/go-systemd/v22/daemon"
 
-// preNotifySystem sends a message to the host when the API is active, but before the daemon is
-func preNotifySystem() {
+// preNotifyReady sends a message to the host when the API is active, but before the daemon is
+func preNotifyReady() {
 }
 
-// notifySystem sends a message to the host when the server is ready to be used
-func notifySystem() {
+// notifyReady sends a message to the host when the server is ready to be used
+func notifyReady() {
 	// Tell the init daemon we are accepting requests
 	go systemdDaemon.SdNotify(false, systemdDaemon.SdNotifyReady)
 }
+
+// notifyStopping sends a message to the host when the server is shutting down
+func notifyStopping() {
+	go systemdDaemon.SdNotify(false, systemdDaemon.SdNotifyStopping)
+}
diff --git a/cmd/dockerd/daemon_test.go b/cmd/dockerd/daemon_test.go
index ad447e3b90b5d..7628f40c87fe5 100644
--- a/cmd/dockerd/daemon_test.go
+++ b/cmd/dockerd/daemon_test.go
@@ -6,23 +6,27 @@ import (
 	"github.com/docker/docker/daemon/config"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
 )
 
-func defaultOptions(configFile string) *daemonOptions {
+func defaultOptions(t *testing.T, configFile string) *daemonOptions {
 	opts := newDaemonOptions(&config.Config{})
 	opts.flags = &pflag.FlagSet{}
 	opts.InstallFlags(opts.flags)
-	installConfigFlags(opts.daemonConfig, opts.flags)
+	if err := installConfigFlags(opts.daemonConfig, opts.flags); err != nil {
+		t.Fatal(err)
+	}
+	defaultDaemonConfigFile, err := getDefaultDaemonConfigFile()
+	assert.NilError(t, err)
 	opts.flags.StringVar(&opts.configFile, "config-file", defaultDaemonConfigFile, "")
 	opts.configFile = configFile
 	return opts
 }
 
 func TestLoadDaemonCliConfigWithoutOverriding(t *testing.T) {
-	opts := defaultOptions("")
+	opts := defaultOptions(t, "")
 	opts.Debug = true
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
@@ -34,7 +38,7 @@ func TestLoadDaemonCliConfigWithoutOverriding(t *testing.T) {
 }
 
 func TestLoadDaemonCliConfigWithTLS(t *testing.T) {
-	opts := defaultOptions("")
+	opts := defaultOptions(t, "")
 	opts.TLSOptions.CAFile = "/tmp/ca.pem"
 	opts.TLS = true
 
@@ -49,7 +53,7 @@ func TestLoadDaemonCliConfigWithConflicts(t *testing.T) {
 	defer tempFile.Remove()
 	configFile := tempFile.Path()
 
-	opts := defaultOptions(configFile)
+	opts := defaultOptions(t, configFile)
 	flags := opts.flags
 
 	assert.Check(t, flags.Set("config-file", configFile))
@@ -65,7 +69,7 @@ func TestLoadDaemonCliWithConflictingNodeGenericResources(t *testing.T) {
 	defer tempFile.Remove()
 	configFile := tempFile.Path()
 
-	opts := defaultOptions(configFile)
+	opts := defaultOptions(t, configFile)
 	flags := opts.flags
 
 	assert.Check(t, flags.Set("config-file", configFile))
@@ -77,7 +81,7 @@ func TestLoadDaemonCliWithConflictingNodeGenericResources(t *testing.T) {
 }
 
 func TestLoadDaemonCliWithConflictingLabels(t *testing.T) {
-	opts := defaultOptions("")
+	opts := defaultOptions(t, "")
 	flags := opts.flags
 
 	assert.Check(t, flags.Set("label", "foo=bar"))
@@ -88,7 +92,7 @@ func TestLoadDaemonCliWithConflictingLabels(t *testing.T) {
 }
 
 func TestLoadDaemonCliWithDuplicateLabels(t *testing.T) {
-	opts := defaultOptions("")
+	opts := defaultOptions(t, "")
 	flags := opts.flags
 
 	assert.Check(t, flags.Set("label", "foo=the-same"))
@@ -102,51 +106,50 @@ func TestLoadDaemonCliConfigWithTLSVerify(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"tlsverify": true}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	opts.TLSOptions.CAFile = "/tmp/ca.pem"
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
-	assert.Check(t, is.Equal(loadedConfig.TLS, true))
+	assert.Check(t, is.Equal(*loadedConfig.TLS, true))
 }
 
 func TestLoadDaemonCliConfigWithExplicitTLSVerifyFalse(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"tlsverify": false}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	opts.TLSOptions.CAFile = "/tmp/ca.pem"
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
-	assert.Check(t, loadedConfig.TLS)
+	assert.Check(t, *loadedConfig.TLS)
 }
 
 func TestLoadDaemonCliConfigWithoutTLSVerify(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(`{}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	opts.TLSOptions.CAFile = "/tmp/ca.pem"
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
-	assert.Check(t, !loadedConfig.TLS)
+	assert.Check(t, loadedConfig.TLS == nil)
 }
 
 func TestLoadDaemonCliConfigWithLogLevel(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"log-level": "warn"}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
 	assert.Check(t, is.Equal("warn", loadedConfig.LogLevel))
-	assert.Check(t, is.Equal(logrus.WarnLevel, logrus.GetLevel()))
 }
 
 func TestLoadDaemonConfigWithEmbeddedOptions(t *testing.T) {
@@ -154,7 +157,7 @@ func TestLoadDaemonConfigWithEmbeddedOptions(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
@@ -164,14 +167,14 @@ func TestLoadDaemonConfigWithEmbeddedOptions(t *testing.T) {
 
 func TestLoadDaemonConfigWithRegistryOptions(t *testing.T) {
 	content := `{
-		"allow-nondistributable-artifacts": ["allow-nondistributable-artifacts.com"],
-		"registry-mirrors": ["https://mirrors.docker.com"],
-		"insecure-registries": ["https://insecure.docker.com"]
+		"allow-nondistributable-artifacts": ["allow-nondistributable-artifacts.example.com"],
+		"registry-mirrors": ["https://mirrors.example.com"],
+		"insecure-registries": ["https://insecure-registry.example.com"]
 	}`
 	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
@@ -180,3 +183,22 @@ func TestLoadDaemonConfigWithRegistryOptions(t *testing.T) {
 	assert.Check(t, is.Len(loadedConfig.Mirrors, 1))
 	assert.Check(t, is.Len(loadedConfig.InsecureRegistries, 1))
 }
+
+func TestConfigureDaemonLogs(t *testing.T) {
+	conf := &config.Config{}
+	err := configureDaemonLogs(conf)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(logrus.InfoLevel, logrus.GetLevel()))
+
+	conf.LogLevel = "warn"
+	err = configureDaemonLogs(conf)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(logrus.WarnLevel, logrus.GetLevel()))
+
+	conf.LogLevel = "foobar"
+	err = configureDaemonLogs(conf)
+	assert.Error(t, err, "unable to parse logging level: foobar")
+
+	// log level should not be changed after a failure
+	assert.Check(t, is.Equal(logrus.WarnLevel, logrus.GetLevel()))
+}
diff --git a/cmd/dockerd/daemon_unix.go b/cmd/dockerd/daemon_unix.go
index 7b03e28594b2d..89e74ee8b6949 100644
--- a/cmd/dockerd/daemon_unix.go
+++ b/cmd/dockerd/daemon_unix.go
@@ -1,25 +1,50 @@
+//go:build !windows
 // +build !windows
 
 package main
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"os"
 	"os/signal"
 	"path/filepath"
 	"strconv"
+	"time"
 
 	"github.com/containerd/containerd/runtime/v1/linux"
-	"github.com/docker/docker/cmd/dockerd/hack"
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/libcontainerd/supervisor"
-	"github.com/docker/libnetwork/portallocator"
+	"github.com/docker/docker/libnetwork/portallocator"
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
-const defaultDaemonConfigFile = "/etc/docker/daemon.json"
+func getDefaultDaemonConfigDir() (string, error) {
+	if !honorXDG {
+		return "/etc/docker", nil
+	}
+	// NOTE: CLI uses ~/.docker while the daemon uses ~/.config/docker, because
+	// ~/.docker was not designed to store daemon configurations.
+	// In future, the daemon directory may be renamed to ~/.config/moby-engine (?).
+	configHome, err := homedir.GetConfigHome()
+	if err != nil {
+		return "", nil
+	}
+	return filepath.Join(configHome, "docker"), nil
+}
+
+func getDefaultDaemonConfigFile() (string, error) {
+	dir, err := getDefaultDaemonConfigDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(dir, "daemon.json"), nil
+}
 
 // setDefaultUmask sets the umask to 0022 to avoid problems
 // caused by custom umask
@@ -33,16 +58,16 @@ func setDefaultUmask() error {
 	return nil
 }
 
-func getDaemonConfDir(_ string) string {
-	return "/etc/docker"
+func getDaemonConfDir(_ string) (string, error) {
+	return getDefaultDaemonConfigDir()
 }
 
 func (cli *DaemonCli) getPlatformContainerdDaemonOpts() ([]supervisor.DaemonOpt, error) {
 	opts := []supervisor.DaemonOpt{
 		supervisor.WithOOMScore(cli.Config.OOMScoreAdjust),
 		supervisor.WithPlugin("linux", &linux.Config{
-			Shim:        daemon.DefaultShimBinary,
-			Runtime:     daemon.DefaultRuntimeBinary,
+			Shim:        config.DefaultShimBinary,
+			Runtime:     config.DefaultRuntimeBinary,
 			RuntimeRoot: filepath.Join(cli.Config.Root, "runc"),
 			ShimDebug:   cli.Config.Debug,
 		}),
@@ -51,7 +76,7 @@ func (cli *DaemonCli) getPlatformContainerdDaemonOpts() ([]supervisor.DaemonOpt,
 	return opts, nil
 }
 
-// setupConfigReloadTrap configures the USR2 signal to reload the configuration.
+// setupConfigReloadTrap configures the SIGHUP signal to reload the configuration.
 func (cli *DaemonCli) setupConfigReloadTrap() {
 	c := make(chan os.Signal, 1)
 	signal.Notify(c, unix.SIGHUP)
@@ -97,18 +122,6 @@ func allocateDaemonPort(addr string) error {
 	return nil
 }
 
-func wrapListeners(proto string, ls []net.Listener) []net.Listener {
-	switch proto {
-	case "unix":
-		ls[0] = &hack.MalformedHostHeaderOverride{Listener: ls[0]}
-	case "fd":
-		for i := range ls {
-			ls[i] = &hack.MalformedHostHeaderOverride{Listener: ls[i]}
-		}
-	}
-	return ls
-}
-
 func newCgroupParent(config *config.Config) string {
 	cgroupParent := "docker"
 	useSystemd := daemon.UsingSystemd(config)
@@ -123,3 +136,34 @@ func newCgroupParent(config *config.Config) string {
 	}
 	return cgroupParent
 }
+
+func (cli *DaemonCli) initContainerD(ctx context.Context) (func(time.Duration) error, error) {
+	var waitForShutdown func(time.Duration) error
+	if cli.Config.ContainerdAddr == "" {
+		systemContainerdAddr, ok, err := systemContainerdRunning(honorXDG)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not determine whether the system containerd is running")
+		}
+		if !ok {
+			logrus.Debug("Containerd not running, starting daemon managed containerd")
+			opts, err := cli.getContainerdDaemonOpts()
+			if err != nil {
+				return nil, errors.Wrap(err, "failed to generate containerd options")
+			}
+
+			r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
+			if err != nil {
+				return nil, errors.Wrap(err, "failed to start containerd")
+			}
+			logrus.Debug("Started daemon managed containerd")
+			cli.Config.ContainerdAddr = r.Address()
+
+			// Try to wait for containerd to shutdown
+			waitForShutdown = r.WaitTimeout
+		} else {
+			cli.Config.ContainerdAddr = systemContainerdAddr
+		}
+	}
+
+	return waitForShutdown, nil
+}
diff --git a/cmd/dockerd/daemon_unix_test.go b/cmd/dockerd/daemon_unix_test.go
index 692d0328c4167..4ead3d2d3d540 100644
--- a/cmd/dockerd/daemon_unix_test.go
+++ b/cmd/dockerd/daemon_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -6,9 +7,9 @@ import (
 	"testing"
 
 	"github.com/docker/docker/daemon/config"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
 )
 
 func TestLoadDaemonCliConfigWithDaemonFlags(t *testing.T) {
@@ -16,7 +17,7 @@ func TestLoadDaemonCliConfigWithDaemonFlags(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	opts.Debug = true
 	opts.LogLevel = "info"
 	assert.Check(t, opts.flags.Set("selinux-enabled", "true"))
@@ -37,7 +38,7 @@ func TestLoadDaemonConfigWithNetwork(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
@@ -54,7 +55,7 @@ func TestLoadDaemonConfigWithMapOptions(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
@@ -71,7 +72,7 @@ func TestLoadDaemonConfigWithTrueDefaultValues(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
@@ -90,7 +91,7 @@ func TestLoadDaemonConfigWithTrueDefaultValuesLeaveDefaults(t *testing.T) {
 	tempFile := fs.NewFile(t, "config", fs.WithContent(`{}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Path())
+	opts := defaultOptions(t, tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
 	assert.Assert(t, loadedConfig != nil)
diff --git a/cmd/dockerd/daemon_windows.go b/cmd/dockerd/daemon_windows.go
index 3b9ed9551f48b..ef06b0eb6da10 100644
--- a/cmd/dockerd/daemon_windows.go
+++ b/cmd/dockerd/daemon_windows.go
@@ -1,30 +1,34 @@
 package main
 
 import (
+	"context"
 	"fmt"
-	"net"
 	"os"
 	"path/filepath"
+	"time"
 
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/libcontainerd/supervisor"
+	"github.com/docker/docker/pkg/system"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
 )
 
-var defaultDaemonConfigFile = ""
+func getDefaultDaemonConfigFile() (string, error) {
+	return "", nil
+}
 
 // setDefaultUmask doesn't do anything on windows
 func setDefaultUmask() error {
 	return nil
 }
 
-func getDaemonConfDir(root string) string {
-	return filepath.Join(root, `\config`)
+func getDaemonConfDir(root string) (string, error) {
+	return filepath.Join(root, `\config`), nil
 }
 
-// preNotifySystem sends a message to the host when the API is active, but before the daemon is
-func preNotifySystem() {
+// preNotifyReady sends a message to the host when the API is active, but before the daemon is
+func preNotifyReady() {
 	// start the service now to prevent timeouts waiting for daemon to start
 	// but still (eventually) complete all requests that are sent after this
 	if service != nil {
@@ -35,8 +39,12 @@ func preNotifySystem() {
 	}
 }
 
-// notifySystem sends a message to the host when the server is ready to be used
-func notifySystem() {
+// notifyReady sends a message to the host when the server is ready to be used
+func notifyReady() {
+}
+
+// notifyStopping sends a message to the host when the server is shutting down
+func notifyStopping() {
 }
 
 // notifyShutdown is called after the daemon shuts down but before the process exits.
@@ -81,10 +89,11 @@ func allocateDaemonPort(addr string) error {
 	return nil
 }
 
-func wrapListeners(proto string, ls []net.Listener) []net.Listener {
-	return ls
-}
-
 func newCgroupParent(config *config.Config) string {
 	return ""
 }
+
+func (cli *DaemonCli) initContainerD(_ context.Context) (func(time.Duration) error, error) {
+	system.InitContainerdRuntime(cli.Config.ContainerdAddr)
+	return nil, nil
+}
diff --git a/cmd/dockerd/docker.go b/cmd/dockerd/docker.go
index 197bb49c92e12..647da5a4dcafa 100644
--- a/cmd/dockerd/docker.go
+++ b/cmd/dockerd/docker.go
@@ -3,19 +3,24 @@ package main
 import (
 	"fmt"
 	"os"
-	"runtime"
 
 	"github.com/docker/docker/cli"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/reexec"
-	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/rootless"
 	"github.com/moby/buildkit/util/apicaps"
+	"github.com/moby/term"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
-func newDaemonCommand() *cobra.Command {
+var (
+	honorXDG bool
+)
+
+func newDaemonCommand() (*cobra.Command, error) {
 	opts := newDaemonOptions(config.New())
 
 	cmd := &cobra.Command{
@@ -35,18 +40,32 @@ func newDaemonCommand() *cobra.Command {
 
 	flags := cmd.Flags()
 	flags.BoolP("version", "v", false, "Print version information and quit")
+	defaultDaemonConfigFile, err := getDefaultDaemonConfigFile()
+	if err != nil {
+		return nil, err
+	}
 	flags.StringVar(&opts.configFile, "config-file", defaultDaemonConfigFile, "Daemon configuration file")
 	opts.InstallFlags(flags)
-	installConfigFlags(opts.daemonConfig, flags)
+	if err := installConfigFlags(opts.daemonConfig, flags); err != nil {
+		return nil, err
+	}
 	installServiceFlags(flags)
 
-	return cmd
+	return cmd, nil
 }
 
 func init() {
 	if dockerversion.ProductName != "" {
 		apicaps.ExportedProduct = dockerversion.ProductName
 	}
+	// When running with RootlessKit, $XDG_RUNTIME_DIR, $XDG_DATA_HOME, and $XDG_CONFIG_HOME needs to be
+	// honored as the default dirs, because we are unlikely to have permissions to access the system-wide
+	// directories.
+	//
+	// Note that even running with --rootless, when not running with RootlessKit, honorXDG needs to be kept false,
+	// because the system-wide directories in the current mount namespace are expected to be accessible.
+	// ("rootful" dockerd in rootless dockerd, #38702)
+	honorXDG = rootless.RunningWithRootlessKit()
 }
 
 func main() {
@@ -54,21 +73,28 @@ func main() {
 		return
 	}
 
+	// initial log formatting; this setting is updated after the daemon configuration is loaded.
+	logrus.SetFormatter(&logrus.TextFormatter{
+		TimestampFormat: jsonmessage.RFC3339NanoFixed,
+		FullTimestamp:   true,
+	})
+
 	// Set terminal emulation based on platform as required.
 	_, stdout, stderr := term.StdStreams()
 
-	// @jhowardmsft - maybe there is a historic reason why on non-Windows, stderr is used
-	// here. However, on Windows it makes no sense and there is no need.
-	if runtime.GOOS == "windows" {
-		logrus.SetOutput(stdout)
-	} else {
-		logrus.SetOutput(stderr)
-	}
+	initLogging(stdout, stderr)
 
-	cmd := newDaemonCommand()
-	cmd.SetOutput(stdout)
-	if err := cmd.Execute(); err != nil {
+	onError := func(err error) {
 		fmt.Fprintf(stderr, "%s\n", err)
 		os.Exit(1)
 	}
+
+	cmd, err := newDaemonCommand()
+	if err != nil {
+		onError(err)
+	}
+	cmd.SetOut(stdout)
+	if err := cmd.Execute(); err != nil {
+		onError(err)
+	}
 }
diff --git a/cmd/dockerd/docker_unix.go b/cmd/dockerd/docker_unix.go
index 0dec48663d536..b7e30350ea67a 100644
--- a/cmd/dockerd/docker_unix.go
+++ b/cmd/dockerd/docker_unix.go
@@ -1,8 +1,19 @@
+//go:build !windows
 // +build !windows
 
 package main
 
+import (
+	"io"
+
+	"github.com/sirupsen/logrus"
+)
+
 func runDaemon(opts *daemonOptions) error {
 	daemonCli := NewDaemonCli()
 	return daemonCli.start(opts)
 }
+
+func initLogging(_, stderr io.Writer) {
+	logrus.SetOutput(stderr)
+}
diff --git a/cmd/dockerd/docker_windows.go b/cmd/dockerd/docker_windows.go
index bd8bc5a58eb56..a9e942a38bc05 100644
--- a/cmd/dockerd/docker_windows.go
+++ b/cmd/dockerd/docker_windows.go
@@ -1,8 +1,10 @@
 package main
 
 import (
+	"io"
 	"path/filepath"
 
+	"github.com/Microsoft/go-winio/pkg/etwlogrus"
 	_ "github.com/docker/docker/autogen/winresources/dockerd"
 	"github.com/sirupsen/logrus"
 )
@@ -36,3 +38,17 @@ func runDaemon(opts *daemonOptions) error {
 	notifyShutdown(err)
 	return err
 }
+
+func initLogging(stdout, _ io.Writer) {
+	// Maybe there is a historic reason why on non-Windows, stderr is used
+	// for output. However, on Windows it makes no sense and there is no need.
+	logrus.SetOutput(stdout)
+
+	// Provider ID: {6996f090-c5de-5082-a81e-5841acc3a635}
+	// Hook isn't closed explicitly, as it will exist until process exit.
+	// GUID is generated based on name - see Microsoft/go-winio/tools/etw-provider-gen.
+	if hook, err := etwlogrus.NewHook("Moby"); err == nil {
+		logrus.AddHook(hook)
+	}
+	return
+}
diff --git a/cmd/dockerd/hack/malformed_host_override.go b/cmd/dockerd/hack/malformed_host_override.go
deleted file mode 100644
index ddd5eb9d8be91..0000000000000
--- a/cmd/dockerd/hack/malformed_host_override.go
+++ /dev/null
@@ -1,121 +0,0 @@
-// +build !windows
-
-package hack // import "github.com/docker/docker/cmd/dockerd/hack"
-
-import "net"
-
-// MalformedHostHeaderOverride is a wrapper to be able
-// to overcome the 400 Bad request coming from old docker
-// clients that send an invalid Host header.
-type MalformedHostHeaderOverride struct {
-	net.Listener
-}
-
-// MalformedHostHeaderOverrideConn wraps the underlying unix
-// connection and keeps track of the first read from http.Server
-// which just reads the headers.
-type MalformedHostHeaderOverrideConn struct {
-	net.Conn
-	first bool
-}
-
-var closeConnHeader = []byte("\r\nConnection: close\r")
-
-// Read reads the first *read* request from http.Server to inspect
-// the Host header. If the Host starts with / then we're talking to
-// an old docker client which send an invalid Host header. To not
-// error out in http.Server we rewrite the first bytes of the request
-// to sanitize the Host header itself.
-// In case we're not dealing with old docker clients the data is just passed
-// to the server w/o modification.
-func (l *MalformedHostHeaderOverrideConn) Read(b []byte) (n int, err error) {
-	// http.Server uses a 4k buffer
-	if l.first && len(b) == 4096 {
-		// This keeps track of the first read from http.Server which just reads
-		// the headers
-		l.first = false
-		// The first read of the connection by http.Server is done limited to
-		// DefaultMaxHeaderBytes (usually 1 << 20) + 4096.
-		// Here we do the first read which gets us all the http headers to
-		// be inspected and modified below.
-		c, err := l.Conn.Read(b)
-		if err != nil {
-			return c, err
-		}
-
-		var (
-			start, end    int
-			firstLineFeed = -1
-			buf           []byte
-		)
-		for i := 0; i <= c-1-7; i++ {
-			if b[i] == '\n' && firstLineFeed == -1 {
-				firstLineFeed = i
-			}
-			if b[i] != '\n' {
-				continue
-			}
-
-			if b[i+1] == '\r' && b[i+2] == '\n' {
-				return c, nil
-			}
-
-			if b[i+1] != 'H' {
-				continue
-			}
-			if b[i+2] != 'o' {
-				continue
-			}
-			if b[i+3] != 's' {
-				continue
-			}
-			if b[i+4] != 't' {
-				continue
-			}
-			if b[i+5] != ':' {
-				continue
-			}
-			if b[i+6] != ' ' {
-				continue
-			}
-			if b[i+7] != '/' {
-				continue
-			}
-			// ensure clients other than the docker clients do not get this hack
-			if i != firstLineFeed {
-				return c, nil
-			}
-			start = i + 7
-			// now find where the value ends
-			for ii, bbb := range b[start:c] {
-				if bbb == '\n' {
-					end = start + ii
-					break
-				}
-			}
-			buf = make([]byte, 0, c+len(closeConnHeader)-(end-start))
-			// strip the value of the host header and
-			// inject `Connection: close` to ensure we don't reuse this connection
-			buf = append(buf, b[:start]...)
-			buf = append(buf, closeConnHeader...)
-			buf = append(buf, b[end:c]...)
-			copy(b, buf)
-			break
-		}
-		if len(buf) == 0 {
-			return c, nil
-		}
-		return len(buf), nil
-	}
-	return l.Conn.Read(b)
-}
-
-// Accept makes the listener accepts connections and wraps the connection
-// in a MalformedHostHeaderOverrideConn initializing first to true.
-func (l *MalformedHostHeaderOverride) Accept() (net.Conn, error) {
-	c, err := l.Listener.Accept()
-	if err != nil {
-		return c, err
-	}
-	return &MalformedHostHeaderOverrideConn{c, true}, nil
-}
diff --git a/cmd/dockerd/hack/malformed_host_override_test.go b/cmd/dockerd/hack/malformed_host_override_test.go
deleted file mode 100644
index 6874b059bea87..0000000000000
--- a/cmd/dockerd/hack/malformed_host_override_test.go
+++ /dev/null
@@ -1,124 +0,0 @@
-// +build !windows
-
-package hack // import "github.com/docker/docker/cmd/dockerd/hack"
-
-import (
-	"bytes"
-	"io"
-	"net"
-	"strings"
-	"testing"
-)
-
-type bufConn struct {
-	net.Conn
-	buf *bytes.Buffer
-}
-
-func (bc *bufConn) Read(b []byte) (int, error) {
-	return bc.buf.Read(b)
-}
-
-func TestHeaderOverrideHack(t *testing.T) {
-	tests := [][2][]byte{
-		{
-			[]byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\n"),
-			[]byte("GET /foo\nHost: \r\nConnection: close\r\nUser-Agent: Docker\r\n\r\n"),
-		},
-		{
-			[]byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\nFoo: Bar\r\n"),
-			[]byte("GET /foo\nHost: \r\nConnection: close\r\nUser-Agent: Docker\nFoo: Bar\r\n"),
-		},
-		{
-			[]byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\ntest something!"),
-			[]byte("GET /foo\nHost: \r\nConnection: close\r\nUser-Agent: Docker\r\n\r\ntest something!"),
-		},
-		{
-			[]byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\ntest something! " + strings.Repeat("test", 15000)),
-			[]byte("GET /foo\nHost: \r\nConnection: close\r\nUser-Agent: Docker\r\n\r\ntest something! " + strings.Repeat("test", 15000)),
-		},
-		{
-			[]byte("GET /foo\nFoo: Bar\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\n"),
-			[]byte("GET /foo\nFoo: Bar\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\n"),
-		},
-	}
-
-	// Test for https://github.com/docker/docker/issues/23045
-	h0 := "GET /foo\nUser-Agent: Docker\r\n\r\n"
-	h0 = h0 + strings.Repeat("a", 4096-len(h0)-1) + "\n"
-	tests = append(tests, [2][]byte{[]byte(h0), []byte(h0)})
-
-	for _, pair := range tests {
-		read := make([]byte, 4096)
-		client := &bufConn{
-			buf: bytes.NewBuffer(pair[0]),
-		}
-		l := MalformedHostHeaderOverrideConn{client, true}
-
-		n, err := l.Read(read)
-		if err != nil && err != io.EOF {
-			t.Fatalf("read: %d - %d, err: %v\n%s", n, len(pair[0]), err, string(read[:n]))
-		}
-		if !bytes.Equal(read[:n], pair[1][:n]) {
-			t.Fatalf("\n%s\n%s\n", read[:n], pair[1][:n])
-		}
-	}
-}
-
-func BenchmarkWithHack(b *testing.B) {
-	client, srv := net.Pipe()
-	done := make(chan struct{})
-	req := []byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\n")
-	read := make([]byte, 4096)
-	b.SetBytes(int64(len(req) * 30))
-
-	l := MalformedHostHeaderOverrideConn{client, true}
-	go func() {
-		for {
-			if _, err := srv.Write(req); err != nil {
-				srv.Close()
-				break
-			}
-			l.first = true // make sure each subsequent run uses the hack parsing
-		}
-		close(done)
-	}()
-
-	for i := 0; i < b.N; i++ {
-		for i := 0; i < 30; i++ {
-			if n, err := l.Read(read); err != nil && err != io.EOF {
-				b.Fatalf("read: %d - %d, err: %v\n%s", n, len(req), err, string(read[:n]))
-			}
-		}
-	}
-	l.Close()
-	<-done
-}
-
-func BenchmarkNoHack(b *testing.B) {
-	client, srv := net.Pipe()
-	done := make(chan struct{})
-	req := []byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\n")
-	read := make([]byte, 4096)
-	b.SetBytes(int64(len(req) * 30))
-
-	go func() {
-		for {
-			if _, err := srv.Write(req); err != nil {
-				srv.Close()
-				break
-			}
-		}
-		close(done)
-	}()
-
-	for i := 0; i < b.N; i++ {
-		for i := 0; i < 30; i++ {
-			if _, err := client.Read(read); err != nil && err != io.EOF {
-				b.Fatal(err)
-			}
-		}
-	}
-	client.Close()
-	<-done
-}
diff --git a/cmd/dockerd/metrics.go b/cmd/dockerd/metrics.go
index 20ceaf8466612..4ea8321b5d7a7 100644
--- a/cmd/dockerd/metrics.go
+++ b/cmd/dockerd/metrics.go
@@ -3,12 +3,16 @@ package main
 import (
 	"net"
 	"net/http"
+	"strings"
 
-	"github.com/docker/go-metrics"
+	metrics "github.com/docker/go-metrics"
 	"github.com/sirupsen/logrus"
 )
 
 func startMetricsServer(addr string) error {
+	if addr == "" {
+		return nil
+	}
 	if err := allocateDaemonPort(addr); err != nil {
 		return err
 	}
@@ -19,8 +23,9 @@ func startMetricsServer(addr string) error {
 	mux := http.NewServeMux()
 	mux.Handle("/metrics", metrics.Handler())
 	go func() {
-		if err := http.Serve(l, mux); err != nil {
-			logrus.Errorf("serve metrics api: %s", err)
+		logrus.Infof("metrics API listening on %s", l.Addr())
+		if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
+			logrus.WithError(err).Error("error serving metrics API")
 		}
 	}()
 	return nil
diff --git a/cmd/dockerd/options.go b/cmd/dockerd/options.go
index a6276add59c44..56f00059632a6 100644
--- a/cmd/dockerd/options.go
+++ b/cmd/dockerd/options.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"fmt"
 	"os"
 	"path/filepath"
 
@@ -9,7 +8,6 @@ import (
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/opts"
 	"github.com/docker/go-connections/tlsconfig"
-	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 )
 
@@ -22,6 +20,10 @@ const (
 	DefaultCertFile = "cert.pem"
 	// FlagTLSVerify is the flag name for the TLS verification option
 	FlagTLSVerify = "tlsverify"
+	// FlagTLS is the flag name for the TLS option
+	FlagTLS = "tls"
+	// DefaultTLSValue is the default value used for setting the tls option for tcp connections
+	DefaultTLSValue = false
 )
 
 var (
@@ -39,6 +41,7 @@ type daemonOptions struct {
 	TLS          bool
 	TLSVerify    bool
 	TLSOptions   *tlsconfig.Options
+	Validate     bool
 }
 
 // newDaemonOptions returns a new daemonFlags
@@ -51,13 +54,16 @@ func newDaemonOptions(config *config.Config) *daemonOptions {
 // InstallFlags adds flags for the common options on the FlagSet
 func (o *daemonOptions) InstallFlags(flags *pflag.FlagSet) {
 	if dockerCertPath == "" {
+		// cliconfig.Dir returns $DOCKER_CONFIG or ~/.docker.
+		// cliconfig.Dir does not look up $XDG_CONFIG_HOME
 		dockerCertPath = cliconfig.Dir()
 	}
 
 	flags.BoolVarP(&o.Debug, "debug", "D", false, "Enable debug mode")
+	flags.BoolVar(&o.Validate, "validate", false, "Validate daemon configuration and exit")
 	flags.StringVarP(&o.LogLevel, "log-level", "l", "info", `Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")`)
-	flags.BoolVar(&o.TLS, "tls", false, "Use TLS; implied by --tlsverify")
-	flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote")
+	flags.BoolVar(&o.TLS, FlagTLS, DefaultTLSValue, "Use TLS; implied by --tlsverify")
+	flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify || DefaultTLSValue, "Use TLS and verify the remote")
 
 	// TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file")
 
@@ -86,6 +92,11 @@ func (o *daemonOptions) SetDefaultOptions(flags *pflag.FlagSet) {
 		o.TLS = true
 	}
 
+	if o.TLS && !flags.Changed(FlagTLSVerify) {
+		// Enable tls verification unless explicitly disabled
+		o.TLSVerify = true
+	}
+
 	if !o.TLS {
 		o.TLSOptions = nil
 	} else {
@@ -106,17 +117,3 @@ func (o *daemonOptions) SetDefaultOptions(flags *pflag.FlagSet) {
 		}
 	}
 }
-
-// setLogLevel sets the logrus logging level
-func setLogLevel(logLevel string) {
-	if logLevel != "" {
-		lvl, err := logrus.ParseLevel(logLevel)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", logLevel)
-			os.Exit(1)
-		}
-		logrus.SetLevel(lvl)
-	} else {
-		logrus.SetLevel(logrus.InfoLevel)
-	}
-}
diff --git a/cmd/dockerd/options_test.go b/cmd/dockerd/options_test.go
index 691118f08fbe1..604a902bb52d1 100644
--- a/cmd/dockerd/options_test.go
+++ b/cmd/dockerd/options_test.go
@@ -7,8 +7,8 @@ import (
 	cliconfig "github.com/docker/docker/cli/config"
 	"github.com/docker/docker/daemon/config"
 	"github.com/spf13/pflag"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestCommonOptionsInstallFlags(t *testing.T) {
diff --git a/cmd/dockerd/service_unsupported.go b/cmd/dockerd/service_unsupported.go
index bbcb7f3f3b954..907fd6ebcafe6 100644
--- a/cmd/dockerd/service_unsupported.go
+++ b/cmd/dockerd/service_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
diff --git a/cmd/dockerd/service_windows.go b/cmd/dockerd/service_windows.go
index 00432af643160..e41906c17f0b3 100644
--- a/cmd/dockerd/service_windows.go
+++ b/cmd/dockerd/service_windows.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"os"
 	"os/exec"
@@ -12,7 +12,7 @@ import (
 	"time"
 	"unsafe"
 
-	"github.com/docker/docker/pkg/system"
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 	"golang.org/x/sys/windows"
@@ -52,7 +52,7 @@ func installServiceFlags(flags *pflag.FlagSet) {
 	flRegisterService = flags.Bool("register-service", false, "Register the service and exit")
 	flUnregisterService = flags.Bool("unregister-service", false, "Unregister the service and exit")
 	flRunService = flags.Bool("run-service", false, "")
-	flags.MarkHidden("run-service")
+	_ = flags.MarkHidden("run-service")
 }
 
 type handler struct {
@@ -171,7 +171,7 @@ func registerService() error {
 
 	// This dependency is required on build 14393 (RS1)
 	// it is added to the platform in newer builds
-	if system.GetOSVersion().Build == 14393 {
+	if osversion.Build() == osversion.RS1 {
 		depends = append(depends, "ConDrv")
 	}
 
@@ -293,7 +293,7 @@ func initService(daemonCli *DaemonCli) (bool, bool, error) {
 	}
 
 	logrus.AddHook(&etwHook{log})
-	logrus.SetOutput(ioutil.Discard)
+	logrus.SetOutput(io.Discard)
 
 	service = h
 	go func() {
@@ -372,7 +372,7 @@ Loop:
 
 func initPanicFile(path string) error {
 	var err error
-	panicFile, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0)
+	panicFile, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o200)
 	if err != nil {
 		return err
 	}
@@ -396,8 +396,8 @@ func initPanicFile(path string) error {
 	// Update STD_ERROR_HANDLE to point to the panic file so that Go writes to
 	// it when it panics. Remember the old stderr to restore it before removing
 	// the panic file.
-	sh := windows.STD_ERROR_HANDLE
-	h, err := windows.GetStdHandle(uint32(sh))
+	sh := uint32(windows.STD_ERROR_HANDLE)
+	h, err := windows.GetStdHandle(sh)
 	if err != nil {
 		return err
 	}
@@ -421,7 +421,7 @@ func initPanicFile(path string) error {
 func removePanicFile() {
 	if st, err := panicFile.Stat(); err == nil {
 		if st.Size() == 0 {
-			sh := windows.STD_ERROR_HANDLE
+			sh := uint32(windows.STD_ERROR_HANDLE)
 			setStdHandle.Call(uintptr(sh), uintptr(oldStderr))
 			panicFile.Close()
 			os.Remove(panicFile.Name())
diff --git a/cmd/dockerd/trap/testfiles/main.go b/cmd/dockerd/trap/testfiles/main.go
new file mode 100644
index 0000000000000..22cb60bd00952
--- /dev/null
+++ b/cmd/dockerd/trap/testfiles/main.go
@@ -0,0 +1,43 @@
+package main
+
+import (
+	"os"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/cmd/dockerd/trap"
+	"github.com/sirupsen/logrus"
+)
+
+func main() {
+	sigmap := map[string]os.Signal{
+		"TERM": syscall.SIGTERM,
+		"QUIT": syscall.SIGQUIT,
+		"INT":  os.Interrupt,
+	}
+	trap.Trap(func() {
+		time.Sleep(time.Second)
+		os.Exit(99)
+	}, logrus.StandardLogger())
+	go func() {
+		p, err := os.FindProcess(os.Getpid())
+		if err != nil {
+			panic(err)
+		}
+		s := os.Getenv("SIGNAL_TYPE")
+		multiple := os.Getenv("IF_MULTIPLE")
+		switch s {
+		case "TERM", "INT":
+			if multiple == "1" {
+				for {
+					p.Signal(sigmap[s])
+				}
+			} else {
+				p.Signal(sigmap[s])
+			}
+		case "QUIT":
+			p.Signal(sigmap[s])
+		}
+	}()
+	time.Sleep(2 * time.Second)
+}
diff --git a/cmd/dockerd/trap/trap.go b/cmd/dockerd/trap/trap.go
new file mode 100644
index 0000000000000..fa21d99d04554
--- /dev/null
+++ b/cmd/dockerd/trap/trap.go
@@ -0,0 +1,65 @@
+package trap // import "github.com/docker/docker/cmd/dockerd/trap"
+
+import (
+	"fmt"
+	"os"
+	gosignal "os/signal"
+	"sync/atomic"
+	"syscall"
+
+	"github.com/docker/docker/pkg/stack"
+)
+
+// Trap sets up a simplified signal "trap", appropriate for common
+// behavior expected from a vanilla unix command-line tool in general
+// (and the Docker engine in particular).
+//
+// * If SIGINT or SIGTERM are received, `cleanup` is called, then the process is terminated.
+// * If SIGINT or SIGTERM are received 3 times before cleanup is complete, then cleanup is
+//   skipped and the process is terminated immediately (allows force quit of stuck daemon)
+// * A SIGQUIT always causes an exit without cleanup, with a goroutine dump preceding exit.
+// * Ignore SIGPIPE events. These are generated by systemd when journald is restarted while
+//   the docker daemon is not restarted and also running under systemd.
+//   Fixes https://github.com/docker/docker/issues/19728
+//
+func Trap(cleanup func(), logger interface {
+	Info(args ...interface{})
+}) {
+	c := make(chan os.Signal, 1)
+	// we will handle INT, TERM, QUIT, SIGPIPE here
+	signals := []os.Signal{os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT, syscall.SIGPIPE}
+	gosignal.Notify(c, signals...)
+	go func() {
+		interruptCount := uint32(0)
+		for sig := range c {
+			if sig == syscall.SIGPIPE {
+				continue
+			}
+
+			go func(sig os.Signal) {
+				logger.Info(fmt.Sprintf("Processing signal '%v'", sig))
+				switch sig {
+				case os.Interrupt, syscall.SIGTERM:
+					if atomic.LoadUint32(&interruptCount) < 3 {
+						// Initiate the cleanup only once
+						if atomic.AddUint32(&interruptCount, 1) == 1 {
+							// Call the provided cleanup handler
+							cleanup()
+							os.Exit(0)
+						} else {
+							return
+						}
+					} else {
+						// 3 SIGTERM/INT signals received; force exit without cleanup
+						logger.Info("Forcing docker daemon shutdown without cleanup; 3 interrupts received")
+					}
+				case syscall.SIGQUIT:
+					stack.Dump()
+					logger.Info("Forcing docker daemon shutdown without cleanup on SIGQUIT")
+				}
+				// for the SIGINT/TERM, and SIGQUIT non-clean shutdown case, exit with 128 + signal #
+				os.Exit(128 + int(sig.(syscall.Signal)))
+			}(sig)
+		}
+	}()
+}
diff --git a/cmd/dockerd/trap/trap_linux_test.go b/cmd/dockerd/trap/trap_linux_test.go
new file mode 100644
index 0000000000000..b213516492864
--- /dev/null
+++ b/cmd/dockerd/trap/trap_linux_test.go
@@ -0,0 +1,66 @@
+//go:build linux
+// +build linux
+
+package trap // import "github.com/docker/docker/cmd/dockerd/trap"
+
+import (
+	"os"
+	"os/exec"
+	"syscall"
+	"testing"
+
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+func buildTestBinary(t *testing.T, tmpdir string, prefix string) (string, string) {
+	t.Helper()
+	tmpDir, err := os.MkdirTemp(tmpdir, prefix)
+	assert.NilError(t, err)
+	exePath := tmpDir + "/" + prefix
+	wd, _ := os.Getwd()
+	testHelperCode := wd + "/testfiles/main.go"
+	cmd := exec.Command("go", "build", "-o", exePath, testHelperCode)
+	err = cmd.Run()
+	assert.NilError(t, err)
+	return exePath, tmpDir
+}
+
+func TestTrap(t *testing.T) {
+	var sigmap = []struct {
+		name     string
+		signal   os.Signal
+		multiple bool
+	}{
+		{"TERM", syscall.SIGTERM, false},
+		{"QUIT", syscall.SIGQUIT, true},
+		{"INT", os.Interrupt, false},
+		{"TERM", syscall.SIGTERM, true},
+		{"INT", os.Interrupt, true},
+	}
+	exePath, tmpDir := buildTestBinary(t, "", "main")
+	defer os.RemoveAll(tmpDir)
+
+	for _, v := range sigmap {
+		t.Run(v.name, func(t *testing.T) {
+			cmd := exec.Command(exePath)
+			cmd.Env = append(os.Environ(), "SIGNAL_TYPE="+v.name)
+			if v.multiple {
+				cmd.Env = append(cmd.Env, "IF_MULTIPLE=1")
+			}
+			err := cmd.Start()
+			assert.NilError(t, err)
+			err = cmd.Wait()
+			e, ok := err.(*exec.ExitError)
+			assert.Assert(t, ok, "expected exec.ExitError, got %T", e)
+
+			code := e.Sys().(syscall.WaitStatus).ExitStatus()
+			if v.multiple {
+				assert.Check(t, is.DeepEqual(128+int(v.signal.(syscall.Signal)), code))
+			} else {
+				assert.Check(t, is.Equal(99, code))
+			}
+		})
+	}
+
+}
diff --git a/container/container.go b/container/container.go
index 6a5907c34b4dd..a8f267fb5912c 100644
--- a/container/container.go
+++ b/container/container.go
@@ -23,6 +23,7 @@ import (
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/jsonfilelog"
 	"github.com/docker/docker/daemon/logger/local"
+	"github.com/docker/docker/daemon/logger/loggerutils/cache"
 	"github.com/docker/docker/daemon/network"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
@@ -30,19 +31,22 @@ import (
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/restartmanager"
 	"github.com/docker/docker/volume"
 	volumemounts "github.com/docker/docker/volume/mounts"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 	agentexec "github.com/docker/swarmkit/agent/exec"
+	"github.com/moby/sys/signal"
+	"github.com/moby/sys/symlink"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
-const configFileName = "config.v2.json"
+const (
+	configFileName     = "config.v2.json"
+	hostConfigFileName = "hostconfig.json"
+)
 
 // ExitStatus provides exit reasons for a container.
 type ExitStatus struct {
@@ -104,8 +108,13 @@ type Container struct {
 	NoNewPrivileges bool
 
 	// Fields here are specific to Windows
-	NetworkSharedContainerID string   `json:"-"`
-	SharedEndpointList       []string `json:"-"`
+	NetworkSharedContainerID string            `json:"-"`
+	SharedEndpointList       []string          `json:"-"`
+	LocalLogCacheMeta        localLogCacheMeta `json:",omitempty"`
+}
+
+type localLogCacheMeta struct {
+	HaveNotifyEnabled bool
 }
 
 // NewBaseContainer creates a new container with its
@@ -152,12 +161,9 @@ func (container *Container) FromDisk() error {
 	return container.readHostConfig()
 }
 
-// toDisk saves the container configuration on disk and returns a deep copy.
+// toDisk writes the container's configuration (config.v2.json, hostconfig.json)
+// to disk and returns a deep copy.
 func (container *Container) toDisk() (*Container, error) {
-	var (
-		buf      bytes.Buffer
-		deepCopy Container
-	)
 	pth, err := container.ConfigPath()
 	if err != nil {
 		return nil, err
@@ -170,11 +176,13 @@ func (container *Container) toDisk() (*Container, error) {
 	}
 	defer f.Close()
 
+	var buf bytes.Buffer
 	w := io.MultiWriter(&buf, f)
 	if err := json.NewEncoder(w).Encode(container); err != nil {
 		return nil, err
 	}
 
+	var deepCopy Container
 	if err := json.NewDecoder(&buf).Decode(&deepCopy); err != nil {
 		return nil, err
 	}
@@ -182,7 +190,6 @@ func (container *Container) toDisk() (*Container, error) {
 	if err != nil {
 		return nil, err
 	}
-
 	return &deepCopy, nil
 }
 
@@ -238,7 +245,7 @@ func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error
 		return nil, err
 	}
 
-	f, err := ioutils.NewAtomicFileWriter(pth, 0644)
+	f, err := ioutils.NewAtomicFileWriter(pth, 0600)
 	if err != nil {
 		return nil, err
 	}
@@ -257,12 +264,6 @@ func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error
 
 // SetupWorkingDirectory sets up the container's working directory as set in container.Config.WorkingDir
 func (container *Container) SetupWorkingDirectory(rootIdentity idtools.Identity) error {
-	// TODO @jhowardmsft, @gupta-ak LCOW Support. This will need revisiting.
-	// We will need to do remote filesystem operations here.
-	if container.OS != runtime.GOOS {
-		return nil
-	}
-
 	if container.Config.WorkingDir == "" {
 		return nil
 	}
@@ -342,7 +343,7 @@ func (container *Container) ExitOnNext() {
 
 // HostConfigPath returns the path to the container's JSON hostconfig
 func (container *Container) HostConfigPath() (string, error) {
-	return container.GetRootResourcePath("hostconfig.json")
+	return container.GetRootResourcePath(hostConfigFileName)
 }
 
 // ConfigPath returns the path to the container's JSON config
@@ -415,6 +416,25 @@ func (container *Container) StartLogger() (logger.Logger, error) {
 		}
 		l = logger.NewRingLogger(l, info, bufferSize)
 	}
+
+	if _, ok := l.(logger.LogReader); !ok {
+		if cache.ShouldUseCache(cfg.Config) {
+			logPath, err := container.GetRootResourcePath("container-cached.log")
+			if err != nil {
+				return nil, err
+			}
+
+			if !container.LocalLogCacheMeta.HaveNotifyEnabled {
+				logrus.WithField("container", container.ID).WithField("driver", container.HostConfig.LogConfig.Type).Info("Configured log driver does not support reads, enabling local file cache for container logs")
+				container.LocalLogCacheMeta.HaveNotifyEnabled = true
+			}
+			info.LogPath = logPath
+			l, err = cache.WithLocalCache(l, info)
+			if err != nil {
+				return nil, errors.Wrap(err, "error setting up local container log cache")
+			}
+		}
+	}
 	return l, nil
 }
 
@@ -448,11 +468,7 @@ func (container *Container) ShouldRestart() bool {
 
 // AddMountPointWithVolume adds a new mount point configured with a volume to the container.
 func (container *Container) AddMountPointWithVolume(destination string, vol volume.Volume, rw bool) {
-	operatingSystem := container.OS
-	if operatingSystem == "" {
-		operatingSystem = runtime.GOOS
-	}
-	volumeParser := volumemounts.NewParser(operatingSystem)
+	volumeParser := volumemounts.NewParser()
 	container.MountPoints[destination] = &volumemounts.MountPoint{
 		Type:        mounttypes.TypeVolume,
 		Name:        vol.Name(),
@@ -502,7 +518,7 @@ func (container *Container) StopSignal() int {
 	}
 
 	if int(stopSignal) == 0 {
-		stopSignal, _ = signal.ParseSignal(signal.DefaultStopSignal)
+		stopSignal, _ = signal.ParseSignal(defaultStopSignal)
 	}
 	return int(stopSignal)
 }
@@ -512,7 +528,7 @@ func (container *Container) StopTimeout() int {
 	if container.Config.StopTimeout != nil {
 		return *container.Config.StopTimeout
 	}
-	return DefaultStopTimeout
+	return defaultStopTimeout
 }
 
 // InitDNSHostConfig ensures that the dns fields are never nil.
@@ -691,19 +707,38 @@ func getSecretTargetPath(r *swarmtypes.SecretReference) string {
 	return filepath.Join(containerSecretMountPath, r.File.Name)
 }
 
+// getConfigTargetPath makes sure that config paths inside the container are
+// absolute, as required by the runtime spec, and enforced by runc >= 1.0.0-rc94.
+// see https://github.com/opencontainers/runc/issues/2928
+func getConfigTargetPath(r *swarmtypes.ConfigReference) string {
+	if filepath.IsAbs(r.File.Name) {
+		return r.File.Name
+	}
+
+	return filepath.Join(containerConfigMountPath, r.File.Name)
+}
+
 // CreateDaemonEnvironment creates a new environment variable slice for this container.
 func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string {
 	// Setup environment
-	os := container.OS
-	if os == "" {
-		os = runtime.GOOS
-	}
-	env := []string{}
-	if runtime.GOOS != "windows" || (runtime.GOOS == "windows" && os == "linux") {
-		env = []string{
-			"PATH=" + system.DefaultPathEnv(os),
-			"HOSTNAME=" + container.Config.Hostname,
-		}
+	ctrOS := container.OS
+	if ctrOS == "" {
+		ctrOS = runtime.GOOS
+	}
+
+	// Figure out what size slice we need so we can allocate this all at once.
+	envSize := len(container.Config.Env)
+	if runtime.GOOS != "windows" {
+		envSize += 2 + len(linkedEnv)
+	}
+	if tty {
+		envSize++
+	}
+
+	env := make([]string, 0, envSize)
+	if runtime.GOOS != "windows" {
+		env = append(env, "PATH="+system.DefaultPathEnv(ctrOS))
+		env = append(env, "HOSTNAME="+container.Config.Hostname)
 		if tty {
 			env = append(env, "TERM=xterm")
 		}
@@ -730,7 +765,7 @@ func (i *rio) Close() error {
 }
 
 func (i *rio) Wait() {
-	i.sc.Wait()
+	i.sc.Wait(context.Background())
 
 	i.IO.Wait()
 }
diff --git a/container/container_unit_test.go b/container/container_unit_test.go
index 82b5864760fca..030583039df18 100644
--- a/container/container_unit_test.go
+++ b/container/container_unit_test.go
@@ -2,7 +2,6 @@ package container // import "github.com/docker/docker/container"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -10,8 +9,8 @@ import (
 	"github.com/docker/docker/api/types/container"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/logger/jsonfilelog"
-	"github.com/docker/docker/pkg/signal"
-	"gotest.tools/assert"
+	"github.com/moby/sys/signal"
+	"gotest.tools/v3/assert"
 )
 
 func TestContainerStopSignal(t *testing.T) {
@@ -19,7 +18,7 @@ func TestContainerStopSignal(t *testing.T) {
 		Config: &container.Config{},
 	}
 
-	def, err := signal.ParseSignal(signal.DefaultStopSignal)
+	def, err := signal.ParseSignal(defaultStopSignal)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -44,8 +43,8 @@ func TestContainerStopTimeout(t *testing.T) {
 	}
 
 	s := c.StopTimeout()
-	if s != DefaultStopTimeout {
-		t.Fatalf("Expected %v, got %v", DefaultStopTimeout, s)
+	if s != defaultStopTimeout {
+		t.Fatalf("Expected %v, got %v", defaultStopTimeout, s)
 	}
 
 	stopTimeout := 15
@@ -73,7 +72,7 @@ func TestContainerSecretReferenceDestTarget(t *testing.T) {
 }
 
 func TestContainerLogPathSetForJSONFileLogger(t *testing.T) {
-	containerRoot, err := ioutil.TempDir("", "TestContainerLogPathSetForJSONFileLogger")
+	containerRoot, err := os.MkdirTemp("", "TestContainerLogPathSetForJSONFileLogger")
 	assert.NilError(t, err)
 	defer os.RemoveAll(containerRoot)
 
@@ -98,7 +97,7 @@ func TestContainerLogPathSetForJSONFileLogger(t *testing.T) {
 }
 
 func TestContainerLogPathSetForRingLogger(t *testing.T) {
-	containerRoot, err := ioutil.TempDir("", "TestContainerLogPathSetForRingLogger")
+	containerRoot, err := os.MkdirTemp("", "TestContainerLogPathSetForRingLogger")
 	assert.NilError(t, err)
 	defer os.RemoveAll(containerRoot)
 
diff --git a/container/container_unix.go b/container/container_unix.go
index ed664f3eecc59..3dced869c438f 100644
--- a/container/container_unix.go
+++ b/container/container_unix.go
@@ -1,32 +1,36 @@
+//go:build !windows
 // +build !windows
 
 package container // import "github.com/docker/docker/container"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
+	"syscall"
 
 	"github.com/containerd/continuity/fs"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	mounttypes "github.com/docker/docker/api/types/mount"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/volume"
 	volumemounts "github.com/docker/docker/volume/mounts"
+	"github.com/moby/sys/mount"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
 )
 
 const (
-	// DefaultStopTimeout sets the default time, in seconds, to wait
+	// defaultStopSignal is the default syscall signal used to stop a container.
+	defaultStopSignal = "SIGTERM"
+
+	// defaultStopTimeout sets the default time, in seconds, to wait
 	// for the graceful container stop before forcefully terminating it.
-	DefaultStopTimeout = 10
+	defaultStopTimeout = 10
 
+	containerConfigMountPath = "/"
 	containerSecretMountPath = "/run/secrets"
 )
 
@@ -56,14 +60,14 @@ func (container *Container) BuildHostnameFile() error {
 		return err
 	}
 	container.HostnamePath = hostnamePath
-	return ioutil.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644)
+	return os.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644)
 }
 
 // NetworkMounts returns the list of network mounts.
 func (container *Container) NetworkMounts() []Mount {
 	var mounts []Mount
 	shared := container.HostConfig.NetworkMode.IsContainer()
-	parser := volumemounts.NewParser(container.OS)
+	parser := volumemounts.NewParser()
 	if container.ResolvConfPath != "" {
 		if _, err := os.Stat(container.ResolvConfPath); err != nil {
 			logrus.Warnf("ResolvConfPath set to %q, but can't stat this filename (err = %v); skipping", container.ResolvConfPath, err)
@@ -135,7 +139,7 @@ func (container *Container) CopyImagePathContent(v volume.Volume, destination st
 		return err
 	}
 
-	id := stringid.GenerateNonCryptoID()
+	id := stringid.GenerateRandomID()
 	path, err := v.Mount(id)
 	if err != nil {
 		return err
@@ -146,7 +150,7 @@ func (container *Container) CopyImagePathContent(v volume.Volume, destination st
 			logrus.Warnf("error while unmounting volume %s: %v", v.Name(), err)
 		}
 	}()
-	if err := label.Relabel(path, container.MountLabel, true); err != nil && err != unix.ENOTSUP {
+	if err := label.Relabel(path, container.MountLabel, true); err != nil && !errors.Is(err, syscall.ENOTSUP) {
 		return err
 	}
 	return copyExistingContents(rootfs, path)
@@ -174,8 +178,8 @@ func (container *Container) HasMountFor(path string) bool {
 	return false
 }
 
-// UnmountIpcMount uses the provided unmount function to unmount shm if it was mounted
-func (container *Container) UnmountIpcMount(unmount func(pth string) error) error {
+// UnmountIpcMount unmounts shm if it was mounted
+func (container *Container) UnmountIpcMount() error {
 	if container.HasMountFor("/dev/shm") {
 		return nil
 	}
@@ -189,10 +193,8 @@ func (container *Container) UnmountIpcMount(unmount func(pth string) error) erro
 	if shmPath == "" {
 		return nil
 	}
-	if err = unmount(shmPath); err != nil && !os.IsNotExist(err) {
-		if mounted, mErr := mount.Mounted(shmPath); mounted || mErr != nil {
-			return errors.Wrapf(err, "umount %s", shmPath)
-		}
+	if err = mount.Unmount(shmPath); err != nil && !errors.Is(err, os.ErrNotExist) {
+		return err
 	}
 	return nil
 }
@@ -200,7 +202,7 @@ func (container *Container) UnmountIpcMount(unmount func(pth string) error) erro
 // IpcMounts returns the list of IPC mounts
 func (container *Container) IpcMounts() []Mount {
 	var mounts []Mount
-	parser := volumemounts.NewParser(container.OS)
+	parser := volumemounts.NewParser()
 
 	if container.HasMountFor("/dev/shm") {
 		return mounts
@@ -244,7 +246,7 @@ func (container *Container) SecretMounts() ([]Mount, error) {
 		}
 		mounts = append(mounts, Mount{
 			Source:      fPath,
-			Destination: r.File.Name,
+			Destination: getConfigTargetPath(r),
 			Writable:    false,
 		})
 	}
@@ -343,6 +345,9 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi
 	if resources.CPURealtimeRuntime != 0 {
 		cResources.CPURealtimeRuntime = resources.CPURealtimeRuntime
 	}
+	if resources.PidsLimit != nil {
+		cResources.PidsLimit = resources.PidsLimit
+	}
 
 	// update HostConfig of container
 	if hostConfig.RestartPolicy.Name != "" {
@@ -382,16 +387,29 @@ func (container *Container) DetachAndUnmount(volumeEventLog func(name, action st
 
 	for _, mountPath := range mountPaths {
 		if err := mount.Unmount(mountPath); err != nil {
-			logrus.Warnf("%s unmountVolumes: Failed to do lazy umount fo volume '%s': %v", container.ID, mountPath, err)
+			logrus.WithError(err).WithField("container", container.ID).
+				Warn("Unable to unmount")
 		}
 	}
 	return container.UnmountVolumes(volumeEventLog)
 }
 
+// ignoreUnsupportedXAttrs ignores errors when extended attributes
+// are not supported
+func ignoreUnsupportedXAttrs() fs.CopyDirOpt {
+	xeh := func(dst, src, xattrKey string, err error) error {
+		if !errors.Is(err, syscall.ENOTSUP) {
+			return err
+		}
+		return nil
+	}
+	return fs.WithXAttrErrorHandler(xeh)
+}
+
 // copyExistingContents copies from the source to the destination and
 // ensures the ownership is appropriately set.
 func copyExistingContents(source, destination string) error {
-	dstList, err := ioutil.ReadDir(destination)
+	dstList, err := os.ReadDir(destination)
 	if err != nil {
 		return err
 	}
@@ -399,12 +417,11 @@ func copyExistingContents(source, destination string) error {
 		// destination is not empty, do not copy
 		return nil
 	}
-	return fs.CopyDir(destination, source)
+	return fs.CopyDir(destination, source, ignoreUnsupportedXAttrs())
 }
 
 // TmpfsMounts returns the list of tmpfs mounts
 func (container *Container) TmpfsMounts() ([]Mount, error) {
-	parser := volumemounts.NewParser(container.OS)
 	var mounts []Mount
 	for dest, data := range container.HostConfig.Tmpfs {
 		mounts = append(mounts, Mount{
@@ -413,6 +430,7 @@ func (container *Container) TmpfsMounts() ([]Mount, error) {
 			Data:        data,
 		})
 	}
+	parser := volumemounts.NewParser()
 	for dest, mnt := range container.MountPoints {
 		if mnt.Type == mounttypes.TypeTmpfs {
 			data, err := parser.ConvertTmpfsOptions(mnt.Spec.TmpfsOptions, mnt.Spec.ReadOnly)
@@ -429,11 +447,6 @@ func (container *Container) TmpfsMounts() ([]Mount, error) {
 	return mounts, nil
 }
 
-// EnableServiceDiscoveryOnDefaultNetwork Enable service discovery on default network
-func (container *Container) EnableServiceDiscoveryOnDefaultNetwork() bool {
-	return false
-}
-
 // GetMountPoints gives a platform specific transformation to types.MountPoint. Callers must hold a Container lock.
 func (container *Container) GetMountPoints() []types.MountPoint {
 	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
diff --git a/container/container_windows.go b/container/container_windows.go
index b5bdb5bc34363..8229480df762f 100644
--- a/container/container_windows.go
+++ b/container/container_windows.go
@@ -12,17 +12,21 @@ import (
 )
 
 const (
+	containerConfigMountPath         = `C:\`
 	containerSecretMountPath         = `C:\ProgramData\Docker\secrets`
 	containerInternalSecretMountPath = `C:\ProgramData\Docker\internal\secrets`
 	containerInternalConfigsDirPath  = `C:\ProgramData\Docker\internal\configs`
 
-	// DefaultStopTimeout is the timeout (in seconds) for the shutdown call on a container
-	DefaultStopTimeout = 30
+	// defaultStopSignal is the default syscall signal used to stop a container.
+	defaultStopSignal = "SIGTERM"
+
+	// defaultStopTimeout is the timeout (in seconds) for the shutdown call on a container
+	defaultStopTimeout = 30
 )
 
 // UnmountIpcMount unmounts Ipc related mounts.
 // This is a NOOP on windows.
-func (container *Container) UnmountIpcMount(unmount func(pth string) error) error {
+func (container *Container) UnmountIpcMount() error {
 	return nil
 }
 
@@ -41,7 +45,7 @@ func (container *Container) CreateSecretSymlinks() error {
 		if err != nil {
 			return err
 		}
-		if err := system.MkdirAll(filepath.Dir(resolvedPath), 0, ""); err != nil {
+		if err := system.MkdirAll(filepath.Dir(resolvedPath), 0); err != nil {
 			return err
 		}
 		if err := os.Symlink(filepath.Join(containerInternalSecretMountPath, r.SecretID), resolvedPath); err != nil {
@@ -87,11 +91,11 @@ func (container *Container) CreateConfigSymlinks() error {
 		if configRef.File == nil {
 			continue
 		}
-		resolvedPath, _, err := container.ResolvePath(configRef.File.Name)
+		resolvedPath, _, err := container.ResolvePath(getConfigTargetPath(configRef))
 		if err != nil {
 			return err
 		}
-		if err := system.MkdirAll(filepath.Dir(resolvedPath), 0, ""); err != nil {
+		if err := system.MkdirAll(filepath.Dir(resolvedPath), 0); err != nil {
 			return err
 		}
 		if err := os.Symlink(filepath.Join(containerInternalConfigsDirPath, configRef.ConfigID), resolvedPath); err != nil {
@@ -153,13 +157,12 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi
 		resources.CpusetMems != "" ||
 		len(resources.Devices) != 0 ||
 		len(resources.DeviceCgroupRules) != 0 ||
-		resources.DiskQuota != 0 ||
 		resources.KernelMemory != 0 ||
 		resources.MemoryReservation != 0 ||
 		resources.MemorySwap != 0 ||
 		resources.MemorySwappiness != nil ||
 		resources.OomKillDisable != nil ||
-		resources.PidsLimit != 0 ||
+		(resources.PidsLimit != nil && *resources.PidsLimit != 0) ||
 		len(resources.Ulimits) != 0 ||
 		resources.CPUCount != 0 ||
 		resources.CPUPercent != 0 ||
@@ -182,11 +185,6 @@ func (container *Container) BuildHostnameFile() error {
 	return nil
 }
 
-// EnableServiceDiscoveryOnDefaultNetwork Enable service discovery on default network
-func (container *Container) EnableServiceDiscoveryOnDefaultNetwork() bool {
-	return true
-}
-
 // GetMountPoints gives a platform specific transformation to types.MountPoint. Callers must hold a Container lock.
 func (container *Container) GetMountPoints() []types.MountPoint {
 	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
@@ -208,6 +206,6 @@ func (container *Container) ConfigsDirPath() string {
 }
 
 // ConfigFilePath returns the path to the on-disk location of a config.
-func (container *Container) ConfigFilePath(configRef swarmtypes.ConfigReference) string {
-	return filepath.Join(container.ConfigsDirPath(), configRef.ConfigID)
+func (container *Container) ConfigFilePath(configRef swarmtypes.ConfigReference) (string, error) {
+	return filepath.Join(container.ConfigsDirPath(), configRef.ConfigID), nil
 }
diff --git a/container/env.go b/container/env.go
index d225fd14714e1..e31088c88558d 100644
--- a/container/env.go
+++ b/container/env.go
@@ -9,22 +9,22 @@ import (
 func ReplaceOrAppendEnvValues(defaults, overrides []string) []string {
 	cache := make(map[string]int, len(defaults))
 	for i, e := range defaults {
-		parts := strings.SplitN(e, "=", 2)
-		cache[parts[0]] = i
+		index := strings.Index(e, "=")
+		cache[e[:index]] = i
 	}
 
 	for _, value := range overrides {
 		// Values w/o = means they want this env to be removed/unset.
-		if !strings.Contains(value, "=") {
+		index := strings.Index(value, "=")
+		if index < 0 {
+			// no "=" in value
 			if i, exists := cache[value]; exists {
 				defaults[i] = "" // Used to indicate it should be removed
 			}
 			continue
 		}
 
-		// Just do a normal set/update
-		parts := strings.SplitN(value, "=", 2)
-		if i, exists := cache[parts[0]]; exists {
+		if i, exists := cache[value[:index]]; exists {
 			defaults[i] = value
 		} else {
 			defaults = append(defaults, value)
diff --git a/container/env_test.go b/container/env_test.go
index 77856284c251a..432d43a4b2857 100644
--- a/container/env_test.go
+++ b/container/env_test.go
@@ -1,6 +1,11 @@
 package container // import "github.com/docker/docker/container"
 
-import "testing"
+import (
+	"crypto/rand"
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
 
 func TestReplaceAndAppendEnvVars(t *testing.T) {
 	var (
@@ -22,3 +27,47 @@ func TestReplaceAndAppendEnvVars(t *testing.T) {
 		t.Fatalf("expected TERM=xterm got '%s'", env[1])
 	}
 }
+
+func BenchmarkReplaceOrAppendEnvValues(b *testing.B) {
+	b.Run("0", func(b *testing.B) {
+		benchmarkReplaceOrAppendEnvValues(b, 0)
+	})
+	b.Run("100", func(b *testing.B) {
+		benchmarkReplaceOrAppendEnvValues(b, 100)
+	})
+	b.Run("1000", func(b *testing.B) {
+		benchmarkReplaceOrAppendEnvValues(b, 1000)
+	})
+	b.Run("10000", func(b *testing.B) {
+		benchmarkReplaceOrAppendEnvValues(b, 10000)
+	})
+}
+
+func benchmarkReplaceOrAppendEnvValues(b *testing.B, extraEnv int) {
+	b.StopTimer()
+	// remove FOO from env
+	// remove BAR from env (nop)
+	o := []string{"HOME=/root", "TERM=xterm", "FOO", "BAR"}
+
+	if extraEnv > 0 {
+		buf := make([]byte, 5)
+		for i := 0; i < extraEnv; i++ {
+			n, err := rand.Read(buf)
+			assert.NilError(b, err)
+			key := string(buf[:n])
+
+			n, err = rand.Read(buf)
+			assert.NilError(b, err)
+			val := string(buf[:n])
+
+			o = append(o, key+"="+val)
+		}
+	}
+	d := make([]string, 0, len(o)+2)
+	d = append(d, []string{"HOME=/", "FOO=foo_default"}...)
+
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		_ = ReplaceOrAppendEnvValues(d, o)
+	}
+}
diff --git a/container/health.go b/container/health.go
index 167ee9b476700..3e93142b98599 100644
--- a/container/health.go
+++ b/container/health.go
@@ -22,7 +22,7 @@ func (s *Health) String() string {
 	case types.Starting:
 		return "health: starting"
 	default: // Healthy and Unhealthy are clear on their own
-		return s.Health.Status
+		return status
 	}
 }
 
diff --git a/container/monitor.go b/container/monitor.go
index 1735e3487e2a1..ff4b3439e5395 100644
--- a/container/monitor.go
+++ b/container/monitor.go
@@ -33,8 +33,11 @@ func (container *Container) Reset(lock bool) {
 				container.LogCopier.Wait()
 				close(exit)
 			}()
+
+			timer := time.NewTimer(loggerCloseTimeout)
+			defer timer.Stop()
 			select {
-			case <-time.After(loggerCloseTimeout):
+			case <-timer.C:
 				logrus.Warn("Logger didn't exit in time: logs may be truncated")
 			case <-exit:
 			}
diff --git a/container/mounts_unix.go b/container/mounts_unix.go
index 62f4441dce0cf..168286889a011 100644
--- a/container/mounts_unix.go
+++ b/container/mounts_unix.go
@@ -1,12 +1,14 @@
+//go:build !windows
 // +build !windows
 
 package container // import "github.com/docker/docker/container"
 
 // Mount contains information for a mount operation.
 type Mount struct {
-	Source      string `json:"source"`
-	Destination string `json:"destination"`
-	Writable    bool   `json:"writable"`
-	Data        string `json:"data"`
-	Propagation string `json:"mountpropagation"`
+	Source       string `json:"source"`
+	Destination  string `json:"destination"`
+	Writable     bool   `json:"writable"`
+	Data         string `json:"data"`
+	Propagation  string `json:"mountpropagation"`
+	NonRecursive bool   `json:"nonrecursive"`
 }
diff --git a/container/state.go b/container/state.go
index 7c2a1ec81cdab..fe2b060d72dc5 100644
--- a/container/state.go
+++ b/container/state.go
@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
 // State holds the current container state, and has methods to get and
@@ -17,7 +17,7 @@ import (
 type State struct {
 	sync.Mutex
 	// Note that `Running` and `Paused` are not mutually exclusive:
-	// When pausing a container (on Linux), the cgroups freezer is used to suspend
+	// When pausing a container (on Linux), the freezer cgroup is used to suspend
 	// all processes in the container. Freezing the process requires the process to
 	// be running. As a result, paused containers are both `Running` _and_ `Paused`.
 	Running           bool
@@ -207,7 +207,7 @@ func (s *State) Wait(ctx context.Context, condition WaitCondition) <-chan StateS
 	// actually stopped.
 	waitRemove := s.waitRemove
 
-	resultC := make(chan StateStatus)
+	resultC := make(chan StateStatus, 1)
 
 	go func() {
 		select {
@@ -366,13 +366,6 @@ func (s *State) IsRemovalInProgress() bool {
 	return res
 }
 
-// SetDead sets the container state to "dead"
-func (s *State) SetDead() {
-	s.Lock()
-	s.Dead = true
-	s.Unlock()
-}
-
 // IsDead returns whether the Dead flag is set. Used by Container to check whether a container is dead.
 func (s *State) IsDead() bool {
 	s.Lock()
diff --git a/container/state_test.go b/container/state_test.go
index 4ad3c805edead..bf114ea1aafcd 100644
--- a/container/state_test.go
+++ b/container/state_test.go
@@ -109,7 +109,9 @@ func TestStateRunStop(t *testing.T) {
 	}
 
 	// Set the state to dead and removed.
-	s.SetDead()
+	s.Lock()
+	s.Dead = true
+	s.Unlock()
 	s.SetRemoved()
 
 	// Wait for removed status or timeout.
diff --git a/container/stream/attach.go b/container/stream/attach.go
index 1366dcb4994c4..0269a226b1bd6 100644
--- a/container/stream/attach.go
+++ b/container/stream/attach.go
@@ -5,7 +5,7 @@ import (
 	"io"
 
 	"github.com/docker/docker/pkg/pools"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
diff --git a/container/stream/streams.go b/container/stream/streams.go
index d81867c1daae8..83e6ded611db8 100644
--- a/container/stream/streams.go
+++ b/container/stream/streams.go
@@ -1,9 +1,9 @@
 package stream // import "github.com/docker/docker/container/stream"
 
 import (
+	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"strings"
 	"sync"
 
@@ -24,11 +24,12 @@ import (
 // copied and delivered to all StdoutPipe and StderrPipe consumers, using
 // a kind of "broadcaster".
 type Config struct {
-	sync.WaitGroup
+	wg        sync.WaitGroup
 	stdout    *broadcaster.Unbuffered
 	stderr    *broadcaster.Unbuffered
 	stdin     io.ReadCloser
 	stdinPipe io.WriteCloser
+	dio       *cio.DirectIO
 }
 
 // NewConfig creates a stream config and initializes
@@ -85,7 +86,7 @@ func (c *Config) NewInputPipes() {
 
 // NewNopInputPipe creates a new input pipe that will silently drop all messages in the input.
 func (c *Config) NewNopInputPipe() {
-	c.stdinPipe = ioutils.NopWriteCloser(ioutil.Discard)
+	c.stdinPipe = ioutils.NopWriteCloser(io.Discard)
 }
 
 // CloseStreams ensures that the configured streams are properly closed.
@@ -115,14 +116,15 @@ func (c *Config) CloseStreams() error {
 
 // CopyToPipe connects streamconfig with a libcontainerd.IOPipe
 func (c *Config) CopyToPipe(iop *cio.DirectIO) {
+	c.dio = iop
 	copyFunc := func(w io.Writer, r io.ReadCloser) {
-		c.Add(1)
+		c.wg.Add(1)
 		go func() {
 			if _, err := pools.Copy(w, r); err != nil {
 				logrus.Errorf("stream copy error: %v", err)
 			}
 			r.Close()
-			c.Done()
+			c.wg.Done()
 		}()
 	}
 
@@ -144,3 +146,23 @@ func (c *Config) CopyToPipe(iop *cio.DirectIO) {
 		}
 	}
 }
+
+// Wait for the stream to close
+// Wait supports timeouts via the context to unblock and forcefully
+// close the io streams
+func (c *Config) Wait(ctx context.Context) {
+	done := make(chan struct{}, 1)
+	go func() {
+		c.wg.Wait()
+		close(done)
+	}()
+	select {
+	case <-done:
+	case <-ctx.Done():
+		if c.dio != nil {
+			c.dio.Cancel()
+			c.dio.Wait()
+			c.dio.Close()
+		}
+	}
+}
diff --git a/container/view.go b/container/view.go
index b631499412868..962a20b9e1cd6 100644
--- a/container/view.go
+++ b/container/view.go
@@ -9,7 +9,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/go-connections/nat"
-	"github.com/hashicorp/go-memdb"
+	memdb "github.com/hashicorp/go-memdb"
 	"github.com/sirupsen/logrus"
 )
 
@@ -473,7 +473,7 @@ type namesByContainerIDIndexer struct{}
 func (e *namesByContainerIDIndexer) FromObject(obj interface{}) (bool, []byte, error) {
 	n, ok := obj.(nameAssociation)
 	if !ok {
-		return false, nil, fmt.Errorf(`%T does not have type "nameAssocation"`, obj)
+		return false, nil, fmt.Errorf(`%T does not have type "nameAssociation"`, obj)
 	}
 
 	// Add the null character as a terminator
diff --git a/container/view_test.go b/container/view_test.go
index 434b7c618d53b..290282c907dc0 100644
--- a/container/view_test.go
+++ b/container/view_test.go
@@ -1,23 +1,22 @@
 package container // import "github.com/docker/docker/container"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/pborman/uuid"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/google/uuid"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 var root string
 
 func TestMain(m *testing.M) {
 	var err error
-	root, err = ioutil.TempDir("", "docker-container-test-")
+	root, err = os.MkdirTemp("", "docker-container-test-")
 	if err != nil {
 		panic(err)
 	}
@@ -28,7 +27,7 @@ func TestMain(m *testing.M) {
 
 func newContainer(t *testing.T) *Container {
 	var (
-		id    = uuid.New()
+		id    = uuid.New().String()
 		cRoot = filepath.Join(root, id)
 	)
 	if err := os.MkdirAll(cRoot, 0755); err != nil {
diff --git a/contrib/REVIEWERS b/contrib/REVIEWERS
deleted file mode 100644
index 18e05a307018f..0000000000000
--- a/contrib/REVIEWERS
+++ /dev/null
@@ -1 +0,0 @@
-Tianon Gravi <admwiggin@gmail.com> (@tianon)
diff --git a/contrib/apparmor/template.go b/contrib/apparmor/template.go
index e5e1c8bed6df3..e6d0b6d37c58c 100644
--- a/contrib/apparmor/template.go
+++ b/contrib/apparmor/template.go
@@ -29,10 +29,11 @@ profile /usr/bin/docker (attach_disconnected, complain) {
   capability,
   owner /** rw,
   @{DOCKER_GRAPH_PATH}/** rwl,
-  @{DOCKER_GRAPH_PATH}/linkgraph.db k,
   @{DOCKER_GRAPH_PATH}/network/files/boltdb.db k,
   @{DOCKER_GRAPH_PATH}/network/files/local-kv.db k,
-  @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/linkgraph.db k,
+  # For user namespaces:
+  @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/network/files/boltdb.db k,
+  @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/network/files/local-kv.db k,
 
   # For non-root client use:
   /dev/urandom r,
diff --git a/contrib/busybox/Dockerfile b/contrib/busybox/Dockerfile
new file mode 100644
index 0000000000000..b2f40d53cd7ac
--- /dev/null
+++ b/contrib/busybox/Dockerfile
@@ -0,0 +1,30 @@
+# Source: https://frippery.org/busybox/
+# This Dockerfile builds a (32-bit) busybox images which is suitable for
+# running many of the integration-cli tests for Docker against a Windows
+# daemon. It will not run on nanoserver as that is 64-bit only.
+#
+# Based on https://github.com/jhowardmsft/busybox
+# John Howard (IRC jhowardmsft, Email john.howard@microsoft.com)
+#
+# To build: docker build -t busybox .
+# To publish: Needs someone with publishing rights
+ARG WINDOWS_BASE_IMAGE=mcr.microsoft.com/windows/servercore
+ARG WINDOWS_BASE_IMAGE_TAG=ltsc2019
+ARG BUSYBOX_VERSION=FRP-3329-gcf0fa4d13
+
+# Checksum taken from https://frippery.org/files/busybox/SHA256SUM
+ARG BUSYBOX_SHA256SUM=bfaeb88638e580fc522a68e69072e305308f9747563e51fa085eec60ca39a5ae
+
+FROM ${WINDOWS_BASE_IMAGE}:${WINDOWS_BASE_IMAGE_TAG}
+RUN mkdir C:\tmp && mkdir C:\bin
+ARG BUSYBOX_VERSION
+ARG BUSYBOX_SHA256SUM
+ADD https://frippery.org/files/busybox/busybox-w32-${BUSYBOX_VERSION}.exe /bin/busybox.exe
+RUN powershell \
+    if ((Get-FileHash -Path /bin/busybox.exe -Algorithm SHA256).Hash -ne $Env:BUSYBOX_SHA256SUM) { \
+        Throw \"Checksum validation failed\" \
+    }
+
+RUN setx /M PATH "C:\bin;%PATH%"
+RUN powershell busybox.exe --list ^|%{$nul = cmd /c mklink C:\bin\$_.exe busybox.exe}
+CMD ["sh"]
diff --git a/contrib/busybox/LICENSE b/contrib/busybox/LICENSE
new file mode 100644
index 0000000000000..178d7990937e7
--- /dev/null
+++ b/contrib/busybox/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 John Howard (Microsoft)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index 88eb8aa753494..617eb938938d4 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 set -e
 
 EXITCODE=0
@@ -6,20 +6,20 @@ EXITCODE=0
 # bits of this were adapted from lxc-checkconfig
 # see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in
 
-possibleConfigs=(
-	'/proc/config.gz'
-	"/boot/config-$(uname -r)"
-	"/usr/src/linux-$(uname -r)/.config"
-	'/usr/src/linux/.config'
-)
+possibleConfigs="
+	/proc/config.gz
+	/boot/config-$(uname -r)
+	/usr/src/linux-$(uname -r)/.config
+	/usr/src/linux/.config
+"
 
 if [ $# -gt 0 ]; then
 	CONFIG="$1"
 else
-	: ${CONFIG:="${possibleConfigs[0]}"}
+	: "${CONFIG:=/proc/config.gz}"
 fi
 
-if ! command -v zgrep &> /dev/null; then
+if ! command -v zgrep > /dev/null 2>&1; then
 	zgrep() {
 		zcat "$2" | grep "$1"
 	}
@@ -41,13 +41,13 @@ is_set_as_module() {
 }
 
 color() {
-	local codes=()
+	codes=
 	if [ "$1" = 'bold' ]; then
-		codes=( "${codes[@]}" '1' )
+		codes='1'
 		shift
 	fi
 	if [ "$#" -gt 0 ]; then
-		local code=
+		code=
 		case "$1" in
 			# see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors
 			black) code=30 ;;
@@ -60,17 +60,16 @@ color() {
 			white) code=37 ;;
 		esac
 		if [ "$code" ]; then
-			codes=( "${codes[@]}" "$code" )
+			codes="${codes:+$codes;}$code"
 		fi
 	fi
-	local IFS=';'
-	echo -en '\033['"${codes[*]}"'m'
+	printf '\033[%sm' "$codes"
 }
 wrap_color() {
 	text="$1"
 	shift
 	color "$@"
-	echo -n "$text"
+	printf '%s' "$text"
 	color reset
 	echo
 }
@@ -98,12 +97,13 @@ check_flag() {
 
 check_flags() {
 	for flag in "$@"; do
-		echo -n "- "; check_flag "$flag"
+		printf -- '- '
+		check_flag "$flag"
 	done
 }
 
 check_command() {
-	if command -v "$1" >/dev/null 2>&1; then
+	if command -v "$1" > /dev/null 2>&1; then
 		wrap_good "$1 command" 'available'
 	else
 		wrap_bad "$1 command" 'missing'
@@ -121,20 +121,26 @@ check_device() {
 }
 
 check_distro_userns() {
-	source /etc/os-release 2>/dev/null || /bin/true
-	if [[ "${ID}" =~ ^(centos|rhel)$ && "${VERSION_ID}" =~ ^7 ]]; then
-		# this is a CentOS7 or RHEL7 system
-		grep -q "user_namespace.enable=1" /proc/cmdline || {
-			# no user namespace support enabled
-			wrap_bad "  (RHEL7/CentOS7" "User namespaces disabled; add 'user_namespace.enable=1' to boot command line)"
-			EXITCODE=1
-		}
-	fi
+	. /etc/os-release 2> /dev/null || /bin/true
+	case "$ID" in
+		centos | rhel)
+			case "$VERSION_ID" in
+				7*)
+					# this is a CentOS7 or RHEL7 system
+					grep -q 'user_namespace.enable=1' /proc/cmdline || {
+						# no user namespace support enabled
+						wrap_bad "  (RHEL7/CentOS7" "User namespaces disabled; add 'user_namespace.enable=1' to boot command line)"
+						EXITCODE=1
+					}
+					;;
+			esac
+			;;
+	esac
 }
 
 if [ ! -e "$CONFIG" ]; then
 	wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config ..."
-	for tryConfig in "${possibleConfigs[@]}"; do
+	for tryConfig in $possibleConfigs; do
 		if [ -e "$tryConfig" ]; then
 			CONFIG="$tryConfig"
 			break
@@ -153,54 +159,85 @@ echo
 
 echo 'Generally Necessary:'
 
-echo -n '- '
-cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
-cgroupDir="$(dirname "$cgroupSubsystemDir")"
-if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then
-	echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"
+printf -- '- '
+if [ "$(stat -f -c %t /sys/fs/cgroup 2> /dev/null)" = '63677270' ]; then
+	wrap_good 'cgroup hierarchy' 'cgroupv2'
+	cgroupv2ControllerFile='/sys/fs/cgroup/cgroup.controllers'
+	if [ -f "$cgroupv2ControllerFile" ]; then
+		echo '  Controllers:'
+		for controller in cpu cpuset io memory pids; do
+			if grep -qE '(^| )'"$controller"'($| )' "$cgroupv2ControllerFile"; then
+				echo "  - $(wrap_good "$controller" 'available')"
+			else
+				echo "  - $(wrap_bad "$controller" 'missing')"
+			fi
+		done
+	else
+		wrap_bad "$cgroupv2ControllerFile" 'nonexistent??'
+	fi
+	# TODO find an efficient way to check if cgroup.freeze exists in subdir
 else
-	if [ "$cgroupSubsystemDir" ]; then
-		echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]"
+	cgroupSubsystemDir="$(sed -rne '/^[^ ]+ ([^ ]+) cgroup ([^ ]*,)?(cpu|cpuacct|cpuset|devices|freezer|memory)[, ].*$/ { s//\1/p; q }' /proc/mounts)"
+	cgroupDir="$(dirname "$cgroupSubsystemDir")"
+	if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then
+		echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"
 	else
-		echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')"
+		if [ "$cgroupSubsystemDir" ]; then
+			echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]"
+		else
+			wrap_bad 'cgroup hierarchy' 'nonexistent??'
+		fi
+		EXITCODE=1
+		echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
 	fi
-	EXITCODE=1
-	echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
 fi
 
-if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then
-	echo -n '- '
-	if command -v apparmor_parser &> /dev/null; then
-		echo "$(wrap_good 'apparmor' 'enabled and tools installed')"
+if [ "$(cat /sys/module/apparmor/parameters/enabled 2> /dev/null)" = 'Y' ]; then
+	printf -- '- '
+	if command -v apparmor_parser > /dev/null 2>&1; then
+		wrap_good 'apparmor' 'enabled and tools installed'
 	else
-		echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')"
-		echo -n '    '
-		if command -v apt-get &> /dev/null; then
-			echo "$(wrap_color '(use "apt-get install apparmor" to fix this)')"
-		elif command -v yum &> /dev/null; then
-			echo "$(wrap_color '(your best bet is "yum install apparmor-parser")')"
+		wrap_bad 'apparmor' 'enabled, but apparmor_parser missing'
+		printf '    '
+		if command -v apt-get > /dev/null 2>&1; then
+			wrap_color '(use "apt-get install apparmor" to fix this)'
+		elif command -v yum > /dev/null 2>&1; then
+			wrap_color '(your best bet is "yum install apparmor-parser")'
 		else
-			echo "$(wrap_color '(look for an "apparmor" package for your distribution)')"
+			wrap_color '(look for an "apparmor" package for your distribution)'
 		fi
 		EXITCODE=1
 	fi
 fi
 
-flags=(
-	NAMESPACES {NET,PID,IPC,UTS}_NS
-	CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG
-	KEYS
-	VETH BRIDGE BRIDGE_NETFILTER
-	NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE
-	NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS}
-	IP_NF_NAT NF_NAT NF_NAT_NEEDED
-
-	# required for bind-mounting /dev/mqueue into containers
+check_flags \
+	NAMESPACES NET_NS PID_NS IPC_NS UTS_NS \
+	CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG \
+	KEYS \
+	VETH BRIDGE BRIDGE_NETFILTER \
+	IP_NF_FILTER IP_NF_TARGET_MASQUERADE \
+	NETFILTER_XT_MATCH_ADDRTYPE \
+	NETFILTER_XT_MATCH_CONNTRACK \
+	NETFILTER_XT_MATCH_IPVS \
+	NETFILTER_XT_MARK \
+	IP_NF_NAT NF_NAT \
 	POSIX_MQUEUE
-)
-check_flags "${flags[@]}"
-if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -lt 8 ]; then
-        check_flags DEVPTS_MULTIPLE_INSTANCES
+# (POSIX_MQUEUE is required for bind-mounting /dev/mqueue into containers)
+
+if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -lt 8 ]); then
+	check_flags DEVPTS_MULTIPLE_INSTANCES
+fi
+
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; then
+	check_flags NF_NAT_IPV4
+fi
+
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 2 ]; then
+	check_flags NF_NAT_NEEDED
+fi
+# check availability of BPF_CGROUP_DEVICE support
+if [ "$kernelMajor" -ge 5 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -ge 15 ]); then
+	check_flags CGROUP_BPF
 fi
 
 echo
@@ -212,28 +249,40 @@ echo 'Optional Features:'
 }
 {
 	check_flags SECCOMP
+	check_flags SECCOMP_FILTER
 }
 {
 	check_flags CGROUP_PIDS
 }
 {
-	CODE=${EXITCODE}
-	check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED
-	if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then
+	check_flags MEMCG_SWAP
+	# Kernel v5.8+ removes MEMCG_SWAP_ENABLED.
+	if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then
+		CODE=${EXITCODE}
+		check_flags MEMCG_SWAP_ENABLED
+		# FIXME this check is cgroupv1-specific
+		if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then
+			echo "    $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)"
+			EXITCODE=${CODE}
+		elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then
+			echo "    $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)"
+		fi
+	else
+		# Kernel v5.8+ enables swap accounting by default.
 		echo "    $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)"
-		EXITCODE=${CODE}
-	elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then
-		echo "    $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)"
 	fi
 }
 {
 	if is_set LEGACY_VSYSCALL_NATIVE; then
-		echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled'
+		printf -- '- '
+		wrap_bad "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled'
 		echo "    $(wrap_color '(dangerous, provides an ASLR-bypassing target with usable ROP gadgets.)' bold black)"
 	elif is_set LEGACY_VSYSCALL_EMULATE; then
-		echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled'
+		printf -- '- '
+		wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled'
 	elif is_set LEGACY_VSYSCALL_NONE; then
-		echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NONE" 'enabled'
+		printf -- '- '
+		wrap_bad "CONFIG_LEGACY_VSYSCALL_NONE" 'enabled'
 		echo "    $(wrap_color '(containers using eglibc <= 2.13 will not work. Switch to' bold black)"
 		echo "    $(wrap_color ' "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscall=[native|emulate]"' bold black)"
 		echo "    $(wrap_color ' on kernel command line. Note that this will disable ASLR for the,' bold black)"
@@ -245,31 +294,38 @@ echo 'Optional Features:'
 	fi
 }
 
-if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -le 5 ]; then
+if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -le 5 ]); then
 	check_flags MEMCG_KMEM
 fi
 
-if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 18 ]; then
+if [ "$kernelMajor" -lt 3 ] || ([ "$kernelMajor" -eq 3 ] && [ "$kernelMinor" -le 18 ]); then
 	check_flags RESOURCE_COUNTERS
 fi
 
-if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 13 ]; then
+if [ "$kernelMajor" -lt 3 ] || ([ "$kernelMajor" -eq 3 ] && [ "$kernelMinor" -le 13 ]); then
 	netprio=NETPRIO_CGROUP
 else
 	netprio=CGROUP_NET_PRIO
 fi
 
-flags=(
-	BLK_CGROUP BLK_DEV_THROTTLING IOSCHED_CFQ CFQ_GROUP_IOSCHED
-	CGROUP_PERF
-	CGROUP_HUGETLB
-	NET_CLS_CGROUP $netprio
-	CFS_BANDWIDTH FAIR_GROUP_SCHED RT_GROUP_SCHED
-	IP_VS
-	IP_VS_NFCT
- 	IP_VS_RR
-)
-check_flags "${flags[@]}"
+if [ "$kernelMajor" -lt 5 ]; then
+	check_flags IOSCHED_CFQ CFQ_GROUP_IOSCHED
+fi
+
+check_flags \
+	BLK_CGROUP BLK_DEV_THROTTLING \
+	CGROUP_PERF \
+	CGROUP_HUGETLB \
+	NET_CLS_CGROUP $netprio \
+	CFS_BANDWIDTH FAIR_GROUP_SCHED RT_GROUP_SCHED \
+	IP_NF_TARGET_REDIRECT \
+	IP_VS \
+	IP_VS_NFCT \
+	IP_VS_PROTO_TCP \
+	IP_VS_PROTO_UDP \
+	IP_VS_RR \
+	SECURITY_SELINUX \
+	SECURITY_APPARMOR
 
 if ! is_set EXT4_USE_FOR_EXT2; then
 	check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY
@@ -288,16 +344,19 @@ if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY;
 fi
 
 echo '- Network Drivers:'
-echo '  - "'$(wrap_color 'overlay' blue)'":'
-check_flags VXLAN | sed 's/^/    /'
+echo "  - \"$(wrap_color 'overlay' blue)\":"
+check_flags VXLAN BRIDGE_VLAN_FILTERING | sed 's/^/    /'
 echo '      Optional (for encrypted networks):'
 check_flags CRYPTO CRYPTO_AEAD CRYPTO_GCM CRYPTO_SEQIV CRYPTO_GHASH \
-            XFRM XFRM_USER XFRM_ALGO INET_ESP INET_XFRM_MODE_TRANSPORT | sed 's/^/      /'
-echo '  - "'$(wrap_color 'ipvlan' blue)'":'
+	XFRM XFRM_USER XFRM_ALGO INET_ESP | sed 's/^/      /'
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 3 ]; then
+	check_flags INET_XFRM_MODE_TRANSPORT | sed 's/^/      /'
+fi
+echo "  - \"$(wrap_color 'ipvlan' blue)\":"
 check_flags IPVLAN | sed 's/^/    /'
-echo '  - "'$(wrap_color 'macvlan' blue)'":'
+echo "  - \"$(wrap_color 'macvlan' blue)\":"
 check_flags MACVLAN DUMMY | sed 's/^/    /'
-echo '  - "'$(wrap_color 'ftp,tftp client in container' blue)'":'
+echo "  - \"$(wrap_color 'ftp,tftp client in container' blue)\":"
 check_flags NF_NAT_FTP NF_CONNTRACK_FTP NF_NAT_TFTP NF_CONNTRACK_TFTP | sed 's/^/    /'
 
 # only fail if no storage drivers available
@@ -306,7 +365,7 @@ EXITCODE=0
 STORAGE=1
 
 echo '- Storage Drivers:'
-echo '  - "'$(wrap_color 'aufs' blue)'":'
+echo "  - \"$(wrap_color 'aufs' blue)\":"
 check_flags AUFS_FS | sed 's/^/    /'
 if ! is_set AUFS_FS && grep -q aufs /proc/filesystems; then
 	echo "      $(wrap_color '(note that some kernels include AUFS patches but not the AUFS_FS flag)' bold black)"
@@ -314,26 +373,29 @@ fi
 [ "$EXITCODE" = 0 ] && STORAGE=0
 EXITCODE=0
 
-echo '  - "'$(wrap_color 'btrfs' blue)'":'
+echo "  - \"$(wrap_color 'btrfs' blue)\":"
 check_flags BTRFS_FS | sed 's/^/    /'
 check_flags BTRFS_FS_POSIX_ACL | sed 's/^/    /'
 [ "$EXITCODE" = 0 ] && STORAGE=0
 EXITCODE=0
 
-echo '  - "'$(wrap_color 'devicemapper' blue)'":'
+echo "  - \"$(wrap_color 'devicemapper' blue)\":"
 check_flags BLK_DEV_DM DM_THIN_PROVISIONING | sed 's/^/    /'
 [ "$EXITCODE" = 0 ] && STORAGE=0
 EXITCODE=0
 
-echo '  - "'$(wrap_color 'overlay' blue)'":'
+echo "  - \"$(wrap_color 'overlay' blue)\":"
 check_flags OVERLAY_FS | sed 's/^/    /'
 [ "$EXITCODE" = 0 ] && STORAGE=0
 EXITCODE=0
 
-echo '  - "'$(wrap_color 'zfs' blue)'":'
-echo -n "    - "; check_device /dev/zfs
-echo -n "    - "; check_command zfs
-echo -n "    - "; check_command zpool
+echo "  - \"$(wrap_color 'zfs' blue)\":"
+printf '    - '
+check_device /dev/zfs
+printf '    - '
+check_command zfs
+printf '    - '
+check_command zpool
 [ "$EXITCODE" = 0 ] && STORAGE=0
 EXITCODE=0
 
@@ -342,14 +404,13 @@ EXITCODE=$CODE
 
 echo
 
-check_limit_over()
-{
-	if [ $(cat "$1") -le "$2" ]; then
-		wrap_bad "- $1" "$(cat $1)"
+check_limit_over() {
+	if [ "$(cat "$1")" -le "$2" ]; then
+		wrap_bad "- $1" "$(cat "$1")"
 		wrap_color "    This should be set to at least $2, for example set: sysctl -w kernel/keys/root_maxkeys=1000000" bold black
 		EXITCODE=1
 	else
-		wrap_good "- $1" "$(cat $1)"
+		wrap_good "- $1" "$(cat "$1")"
 	fi
 }
 
diff --git a/contrib/desktop-integration/README.md b/contrib/desktop-integration/README.md
deleted file mode 100644
index 85a01b9ee90fb..0000000000000
--- a/contrib/desktop-integration/README.md
+++ /dev/null
@@ -1,11 +0,0 @@
-Desktop Integration
-===================
-
-The ./contrib/desktop-integration contains examples of typical dockerized
-desktop applications.
-
-Examples
-========
-
-* Chromium: ./chromium/Dockerfile shows a way to dockerize a common application
-* Gparted: ./gparted/Dockerfile shows a way to dockerize a common application w devices
diff --git a/contrib/desktop-integration/chromium/Dockerfile b/contrib/desktop-integration/chromium/Dockerfile
deleted file mode 100644
index 187281644ff54..0000000000000
--- a/contrib/desktop-integration/chromium/Dockerfile
+++ /dev/null
@@ -1,36 +0,0 @@
-# VERSION:        0.1
-# DESCRIPTION:    Create chromium container with its dependencies
-# AUTHOR:         Jessica Frazelle <jess@docker.com>
-# COMMENTS:
-#   This file describes how to build a Chromium container with all
-#   dependencies installed. It uses native X11 unix socket.
-#   Tested on Debian Jessie
-# USAGE:
-#   # Download Chromium Dockerfile
-#   wget http://raw.githubusercontent.com/docker/docker/master/contrib/desktop-integration/chromium/Dockerfile
-#
-#   # Build chromium image
-#   docker build -t chromium .
-#
-#   # Run stateful data-on-host chromium. For ephemeral, remove -v /data/chromium:/data
-#   docker run -v /data/chromium:/data -v /tmp/.X11-unix:/tmp/.X11-unix \
-#   -e DISPLAY=unix$DISPLAY chromium
-
-#   # To run stateful dockerized data containers
-#   docker run --volumes-from chromium-data -v /tmp/.X11-unix:/tmp/.X11-unix \
-#   -e DISPLAY=unix$DISPLAY chromium
-
-# Base docker image
-FROM debian:jessie
-LABEL maintainer Jessica Frazelle <jess@docker.com>
-
-# Install Chromium
-RUN apt-get update && apt-get install -y \
-    chromium \
-    chromium-l10n \
-    libcanberra-gtk-module \
-    libexif-dev \
-    --no-install-recommends
-
-# Autorun chromium
-CMD ["/usr/bin/chromium", "--no-sandbox", "--user-data-dir=/data"]
diff --git a/contrib/desktop-integration/gparted/Dockerfile b/contrib/desktop-integration/gparted/Dockerfile
deleted file mode 100644
index 8a9b646ee4b4f..0000000000000
--- a/contrib/desktop-integration/gparted/Dockerfile
+++ /dev/null
@@ -1,31 +0,0 @@
-# VERSION:        0.1
-# DESCRIPTION:    Create gparted container with its dependencies
-# AUTHOR:         Jessica Frazelle <jess@docker.com>
-# COMMENTS:
-#   This file describes how to build a gparted container with all
-#   dependencies installed. It uses native X11 unix socket.
-#   Tested on Debian Jessie
-# USAGE:
-#   # Download gparted Dockerfile
-#   wget http://raw.githubusercontent.com/docker/docker/master/contrib/desktop-integration/gparted/Dockerfile
-#
-#   # Build gparted image
-#   docker build -t gparted .
-#
-#   docker run -v /tmp/.X11-unix:/tmp/.X11-unix \
-#     --device=/dev/sda:/dev/sda \
-#     -e DISPLAY=unix$DISPLAY gparted
-#
-
-# Base docker image
-FROM debian:jessie
-LABEL maintainer Jessica Frazelle <jess@docker.com>
-
-# Install Gparted and its dependencies
-RUN apt-get update && apt-get install -y \
-    gparted \
-    libcanberra-gtk-module \
-    --no-install-recommends
-
-# Autorun gparted
-CMD ["/usr/sbin/gparted"]
diff --git a/contrib/docker-device-tool/device_tool.go b/contrib/docker-device-tool/device_tool.go
index d3ec46a8b4d2d..a9f3d720c3f17 100644
--- a/contrib/docker-device-tool/device_tool.go
+++ b/contrib/docker-device-tool/device_tool.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -38,7 +39,7 @@ func byteSizeFromString(arg string) (int64, error) {
 
 	rest = strings.ToLower(strings.TrimSpace(rest))
 
-	var multiplier int64 = 1
+	var multiplier int64
 	switch rest {
 	case "":
 		multiplier = 1
diff --git a/contrib/docker-machine-install-bundle.sh b/contrib/docker-machine-install-bundle.sh
deleted file mode 100755
index eff821799c716..0000000000000
--- a/contrib/docker-machine-install-bundle.sh
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/usr/bin/env bash
-#
-# This script installs the bundle to Docker Machine instances, for the purpose
-# of testing the latest Docker with Swarm mode enabled.
-# Do not use in production.
-#
-# Requirements (on host to run this script)
-#  - bash is installed
-#  - Docker Machine is installed
-#  - GNU tar is installed
-#
-# Requirements (on Docker machine instances)
-#  - Docker can be managed via one of  `systemctl`, `service`, or `/etc/init.d/docker`
-#
-set -e
-set -o pipefail
-
-errexit() {
-    echo "$1"
-    exit 1
-}
-
-BUNDLE="bundles/$(cat VERSION)"
-
-bundle_files(){
-    # prefer dynbinary if exists
-    for f in dockerd docker-proxy; do
-	if [ -d $BUNDLE/dynbinary-daemon ]; then
-	    echo $BUNDLE/dynbinary-daemon/$f
-	else
-	    echo $BUNDLE/binary-daemon/$f
-	fi
-    done
-    for f in containerd ctr containerd-shim docker-init runc; do
-	echo $BUNDLE/binary-daemon/$f
-    done
-    if [ -d $BUNDLE/dynbinary-client ]; then
-	echo $BUNDLE/dynbinary-client/docker
-    else
-	echo $BUNDLE/binary-client/docker
-    fi
-}
-
-control_docker(){
-    m=$1; op=$2
-    # NOTE: `docker-machine ssh $m sh -c "foo bar"` does not work
-    #       (but `docker-machine ssh $m sh -c "foo\ bar"` works)
-    #       Anyway we avoid using `sh -c` here for avoiding confusion
-    cat <<EOF | docker-machine ssh $m sudo sh
-if command -v systemctl > /dev/null; then
-  systemctl $op docker
-elif command -v service > /dev/null; then
-  service docker $op
-elif [ -x /etc/init.d/docker ]; then
-  /etc/init.d/docker $op
-else
-  echo "not sure how to control the docker daemon"
-  exit 1
-fi
-EOF
-}
-
-detect_prefix(){
-    m=$1
-    script='dirname $(dirname $(which dockerd))'
-    echo $script | docker-machine ssh $m sh
-}
-
-install_to(){
-    m=$1; shift; files=$@
-    echo "$m: detecting docker"
-    prefix=$(detect_prefix $m)
-    echo "$m: detected docker on $prefix"
-    echo "$m: stopping docker"
-    control_docker $m stop
-    echo "$m: installing docker"
-    # NOTE: GNU tar is required because we use --transform here
-    # TODO: compression (should not be default)
-    tar ch --transform 's/.*\///' $files | docker-machine ssh $m sudo tar Cx $prefix/bin
-    echo "$m: starting docker"
-    control_docker $m start
-    echo "$m: done"
-}
-
-check_prereq(){
-    command -v docker-machine > /dev/null || errexit "docker-machine not installed"
-    ( tar --version | grep GNU > /dev/null ) || errexit "GNU tar not installed"
-}
-
-case "$1" in
-    "install")
-	shift; machines=$@
-	check_prereq
-	files=$(bundle_files)
-	echo "Files to be installed:"
-	for f in $files; do echo $f; done
-	pids=()
-	for m in $machines; do
-	    install_to $m $files &
-	    pids+=($!)
-	done
-	status=0
-	for pid in ${pids[@]}; do
-	    wait $pid || { status=$?; echo "background process $pid failed with exit status $status"; }
-	done
-	exit $status
-	;;
-    *)
-	errexit "Usage: $0 install MACHINES"
-	;;
-esac
diff --git a/contrib/dockerd-rootless-setuptool.sh b/contrib/dockerd-rootless-setuptool.sh
new file mode 100755
index 0000000000000..6324a59507126
--- /dev/null
+++ b/contrib/dockerd-rootless-setuptool.sh
@@ -0,0 +1,491 @@
+#!/bin/sh
+# dockerd-rootless-setuptool.sh: setup tool for dockerd-rootless.sh
+# Needs to be executed as a non-root user.
+#
+# Typical usage: dockerd-rootless-setuptool.sh install --force
+#
+# Documentation: https://docs.docker.com/go/rootless/
+set -eu
+
+# utility functions
+INFO() {
+	/bin/echo -e "\e[104m\e[97m[INFO]\e[49m\e[39m $@"
+}
+
+WARNING() {
+	/bin/echo >&2 -e "\e[101m\e[97m[WARNING]\e[49m\e[39m $@"
+}
+
+ERROR() {
+	/bin/echo >&2 -e "\e[101m\e[97m[ERROR]\e[49m\e[39m $@"
+}
+
+# constants
+DOCKERD_ROOTLESS_SH="dockerd-rootless.sh"
+SYSTEMD_UNIT="docker.service"
+CLI_CONTEXT="rootless"
+
+# CLI opt: --force
+OPT_FORCE=""
+# CLI opt: --skip-iptables
+OPT_SKIP_IPTABLES=""
+
+# global vars
+ARG0="$0"
+DOCKERD_ROOTLESS_SH_FLAGS=""
+BIN=""
+SYSTEMD=""
+CFG_DIR=""
+XDG_RUNTIME_DIR_CREATED=""
+
+# run checks and also initialize global vars
+init() {
+	# OS verification: Linux only
+	case "$(uname)" in
+		Linux) ;;
+
+		*)
+			ERROR "Rootless Docker cannot be installed on $(uname)"
+			exit 1
+			;;
+	esac
+
+	# User verification: deny running as root
+	if [ "$(id -u)" = "0" ]; then
+		ERROR "Refusing to install rootless Docker as the root user"
+		exit 1
+	fi
+
+	# set BIN
+	if ! BIN="$(command -v "$DOCKERD_ROOTLESS_SH" 2> /dev/null)"; then
+		ERROR "$DOCKERD_ROOTLESS_SH needs to be present under \$PATH"
+		exit 1
+	fi
+	BIN=$(dirname "$BIN")
+
+	# set SYSTEMD
+	if systemctl --user show-environment > /dev/null 2>&1; then
+		SYSTEMD=1
+	fi
+
+	# HOME verification
+	if [ -z "${HOME:-}" ] || [ ! -d "$HOME" ]; then
+		ERROR "HOME needs to be set"
+		exit 1
+	fi
+	if [ ! -w "$HOME" ]; then
+		ERROR "HOME needs to be writable"
+		exit 1
+	fi
+
+	# set CFG_DIR
+	CFG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}"
+
+	# Existing rootful docker verification
+	if [ -w /var/run/docker.sock ] && [ -z "$OPT_FORCE" ]; then
+		ERROR "Aborting because rootful Docker (/var/run/docker.sock) is running and accessible. Set --force to ignore."
+		exit 1
+	fi
+
+	# Validate XDG_RUNTIME_DIR and set XDG_RUNTIME_DIR_CREATED
+	if [ -z "${XDG_RUNTIME_DIR:-}" ] || [ ! -w "$XDG_RUNTIME_DIR" ]; then
+		if [ -n "$SYSTEMD" ]; then
+			ERROR "Aborting because systemd was detected but XDG_RUNTIME_DIR (\"$XDG_RUNTIME_DIR\") is not set, does not exist, or is not writable"
+			ERROR "Hint: this could happen if you changed users with 'su' or 'sudo'. To work around this:"
+			ERROR "- try again by first running with root privileges 'loginctl enable-linger <user>' where <user> is the unprivileged user and export XDG_RUNTIME_DIR to the value of RuntimePath as shown by 'loginctl show-user <user>'"
+			ERROR "- or simply log back in as the desired unprivileged user (ssh works for remote machines, machinectl shell works for local machines)"
+			exit 1
+		fi
+		export XDG_RUNTIME_DIR="$HOME/.docker/run"
+		mkdir -p -m 700 "$XDG_RUNTIME_DIR"
+		XDG_RUNTIME_DIR_CREATED=1
+	fi
+
+	instructions=""
+	# instruction: uidmap dependency check
+	if ! command -v newuidmap > /dev/null 2>&1; then
+		if command -v apt-get > /dev/null 2>&1; then
+			instructions=$(
+				cat <<- EOI
+					${instructions}
+					# Install newuidmap & newgidmap binaries
+					apt-get install -y uidmap
+				EOI
+			)
+		elif command -v dnf > /dev/null 2>&1; then
+			instructions=$(
+				cat <<- EOI
+					${instructions}
+					# Install newuidmap & newgidmap binaries
+					dnf install -y shadow-utils
+				EOI
+			)
+		elif command -v yum > /dev/null 2>&1; then
+			instructions=$(
+				cat <<- EOI
+					${instructions}
+					# Install newuidmap & newgidmap binaries
+					yum install -y shadow-utils
+				EOI
+			)
+		else
+			ERROR "newuidmap binary not found. Please install with a package manager."
+			exit 1
+		fi
+	fi
+
+	# instruction: iptables dependency check
+	faced_iptables_error=""
+	if ! command -v iptables > /dev/null 2>&1 && [ ! -f /sbin/iptables ] && [ ! -f /usr/sbin/iptables ]; then
+		faced_iptables_error=1
+		if [ -z "$OPT_SKIP_IPTABLES" ]; then
+			if command -v apt-get > /dev/null 2>&1; then
+				instructions=$(
+					cat <<- EOI
+						${instructions}
+						# Install iptables
+						apt-get install -y iptables
+					EOI
+				)
+			elif command -v dnf > /dev/null 2>&1; then
+				instructions=$(
+					cat <<- EOI
+						${instructions}
+						# Install iptables
+						dnf install -y iptables
+					EOI
+				)
+			elif command -v yum > /dev/null 2>&1; then
+				instructions=$(
+					cat <<- EOI
+						${instructions}
+						# Install iptables
+						yum install -y iptables
+					EOI
+				)
+			else
+				ERROR "iptables binary not found. Please install with a package manager."
+				exit 1
+			fi
+		fi
+	fi
+
+	# instruction: ip_tables module dependency check
+	if ! grep -q ip_tables /proc/modules 2> /dev/null && ! grep -q ip_tables /lib/modules/$(uname -r)/modules.builtin 2> /dev/null; then
+		faced_iptables_error=1
+		if [ -z "$OPT_SKIP_IPTABLES" ]; then
+			instructions=$(
+				cat <<- EOI
+					${instructions}
+					# Load ip_tables module
+					modprobe ip_tables
+				EOI
+			)
+		fi
+	fi
+
+	# set DOCKERD_ROOTLESS_SH_FLAGS
+	if [ -n "$faced_iptables_error" ] && [ -n "$OPT_SKIP_IPTABLES" ]; then
+		DOCKERD_ROOTLESS_SH_FLAGS="${DOCKERD_ROOTLESS_SH_FLAGS} --iptables=false"
+	fi
+
+	# instruction: Debian and Arch require setting unprivileged_userns_clone
+	if [ -f /proc/sys/kernel/unprivileged_userns_clone ]; then
+		if [ "1" != "$(cat /proc/sys/kernel/unprivileged_userns_clone)" ]; then
+			instructions=$(
+				cat <<- EOI
+					${instructions}
+					# Set kernel.unprivileged_userns_clone
+					cat <<EOT > /etc/sysctl.d/50-rootless.conf
+					kernel.unprivileged_userns_clone = 1
+					EOT
+					sysctl --system
+				EOI
+			)
+		fi
+	fi
+
+	# instruction: RHEL/CentOS 7 requires setting max_user_namespaces
+	if [ -f /proc/sys/user/max_user_namespaces ]; then
+		if [ "0" = "$(cat /proc/sys/user/max_user_namespaces)" ]; then
+			instructions=$(
+				cat <<- EOI
+					${instructions}
+					# Set user.max_user_namespaces
+					cat <<EOT > /etc/sysctl.d/51-rootless.conf
+					user.max_user_namespaces = 28633
+					EOT
+					sysctl --system
+				EOI
+			)
+		fi
+	fi
+
+	# instructions: validate subuid/subgid files for current user
+	if ! grep -q "^$(id -un):\|^$(id -u):" /etc/subuid 2> /dev/null; then
+		instructions=$(
+			cat <<- EOI
+				${instructions}
+				# Add subuid entry for $(id -un)
+				echo "$(id -un):100000:65536" >> /etc/subuid
+			EOI
+		)
+	fi
+	if ! grep -q "^$(id -un):\|^$(id -u):" /etc/subgid 2> /dev/null; then
+		instructions=$(
+			cat <<- EOI
+				${instructions}
+				# Add subgid entry for $(id -un)
+				echo "$(id -un):100000:65536" >> /etc/subgid
+			EOI
+		)
+	fi
+
+	# fail with instructions if requirements are not satisfied.
+	if [ -n "$instructions" ]; then
+		ERROR "Missing system requirements. Run the following commands to"
+		ERROR "install the requirements and run this tool again."
+		if [ -n "$faced_iptables_error" ] && [ -z "$OPT_SKIP_IPTABLES" ]; then
+			ERROR "Alternatively iptables checks can be disabled with --skip-iptables ."
+		fi
+		echo
+		echo "########## BEGIN ##########"
+		echo "sudo sh -eux <<EOF"
+		echo "$instructions" | sed -e '/^$/d'
+		echo "EOF"
+		echo "########## END ##########"
+		echo
+		exit 1
+	fi
+	# TODO: support printing non-essential but recommended instructions:
+	# - sysctl: "net.ipv4.ping_group_range"
+	# - sysctl: "net.ipv4.ip_unprivileged_port_start"
+	# - external binary: slirp4netns
+	# - external binary: fuse-overlayfs
+}
+
+# CLI subcommand: "check"
+cmd_entrypoint_check() {
+	# requirements are already checked in init()
+	INFO "Requirements are satisfied"
+}
+
+show_systemd_error() {
+	n="20"
+	ERROR "Failed to start ${SYSTEMD_UNIT}. Run \`journalctl -n ${n} --no-pager --user --unit ${SYSTEMD_UNIT}\` to show the error log."
+	ERROR "Before retrying installation, you might need to uninstall the current setup: \`$0 uninstall -f ; ${BIN}/rootlesskit rm -rf ${HOME}/.local/share/docker\`"
+	if journalctl -q -n ${n} --user --unit ${SYSTEMD_UNIT} | grep -qF "/run/xtables.lock: Permission denied"; then
+		ERROR "Failure likely related to https://github.com/moby/moby/issues/41230"
+		ERROR "This may work as a workaround: \`sudo dnf install -y policycoreutils-python-utils && sudo semanage permissive -a iptables_t\`"
+	fi
+}
+
+# install (systemd)
+install_systemd() {
+	mkdir -p "${CFG_DIR}/systemd/user"
+	unit_file="${CFG_DIR}/systemd/user/${SYSTEMD_UNIT}"
+	if [ -f "${unit_file}" ]; then
+		WARNING "File already exists, skipping: ${unit_file}"
+	else
+		INFO "Creating ${unit_file}"
+		cat <<- EOT > "${unit_file}"
+			[Unit]
+			Description=Docker Application Container Engine (Rootless)
+			Documentation=https://docs.docker.com/go/rootless/
+
+			[Service]
+			Environment=PATH=$BIN:/sbin:/usr/sbin:$PATH
+			ExecStart=$BIN/dockerd-rootless.sh $DOCKERD_ROOTLESS_SH_FLAGS
+			ExecReload=/bin/kill -s HUP \$MAINPID
+			TimeoutSec=0
+			RestartSec=2
+			Restart=always
+			StartLimitBurst=3
+			StartLimitInterval=60s
+			LimitNOFILE=infinity
+			LimitNPROC=infinity
+			LimitCORE=infinity
+			TasksMax=infinity
+			Delegate=yes
+			Type=notify
+			NotifyAccess=all
+			KillMode=mixed
+
+			[Install]
+			WantedBy=default.target
+		EOT
+		systemctl --user daemon-reload
+	fi
+	if ! systemctl --user --no-pager status "${SYSTEMD_UNIT}" > /dev/null 2>&1; then
+		INFO "starting systemd service ${SYSTEMD_UNIT}"
+		(
+			set -x
+			if ! systemctl --user start "${SYSTEMD_UNIT}"; then
+				set +x
+				show_systemd_error
+				exit 1
+			fi
+			sleep 3
+		)
+	fi
+	(
+		set -x
+		if ! systemctl --user --no-pager --full status "${SYSTEMD_UNIT}"; then
+			set +x
+			show_systemd_error
+			exit 1
+		fi
+		DOCKER_HOST="unix://$XDG_RUNTIME_DIR/docker.sock" $BIN/docker version
+		systemctl --user enable "${SYSTEMD_UNIT}"
+	)
+	INFO "Installed ${SYSTEMD_UNIT} successfully."
+	INFO "To control ${SYSTEMD_UNIT}, run: \`systemctl --user (start|stop|restart) ${SYSTEMD_UNIT}\`"
+	INFO "To run ${SYSTEMD_UNIT} on system startup, run: \`sudo loginctl enable-linger $(id -un)\`"
+	echo
+}
+
+# install (non-systemd)
+install_nonsystemd() {
+	INFO "systemd not detected, ${DOCKERD_ROOTLESS_SH} needs to be started manually:"
+	echo
+	echo "PATH=$BIN:/sbin:/usr/sbin:\$PATH ${DOCKERD_ROOTLESS_SH} ${DOCKERD_ROOTLESS_SH_FLAGS}"
+	echo
+}
+
+cli_ctx_exists() {
+	name="$1"
+	"${BIN}/docker" context inspect -f "{{.Name}}" "${name}" > /dev/null 2>&1
+}
+
+cli_ctx_create() {
+	name="$1"
+	host="$2"
+	description="$3"
+	"${BIN}/docker" context create "${name}" --docker "host=${host}" --description "${description}" > /dev/null
+}
+
+cli_ctx_rm() {
+	name="$1"
+	"${BIN}/docker" context rm -f "${name}" > /dev/null
+}
+
+# CLI subcommand: "install"
+cmd_entrypoint_install() {
+	# requirements are already checked in init()
+	if [ -z "$SYSTEMD" ]; then
+		install_nonsystemd
+	else
+		install_systemd
+	fi
+
+	if cli_ctx_exists "${CLI_CONTEXT}"; then
+		INFO "CLI context \"${CLI_CONTEXT}\" already exists"
+	else
+		INFO "Creating CLI context \"${CLI_CONTEXT}\""
+		cli_ctx_create "${CLI_CONTEXT}" "unix://${XDG_RUNTIME_DIR}/docker.sock" "Rootless mode"
+	fi
+
+	echo
+	INFO "Make sure the following environment variables are set (or add them to ~/.bashrc):"
+	echo
+	if [ -n "$XDG_RUNTIME_DIR_CREATED" ]; then
+		echo "# WARNING: systemd not found. You have to remove XDG_RUNTIME_DIR manually on every logout."
+		echo "export XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}"
+	fi
+	echo "export PATH=${BIN}:\$PATH"
+	echo "export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/docker.sock"
+	echo
+
+}
+
+# CLI subcommand: "uninstall"
+cmd_entrypoint_uninstall() {
+	# requirements are already checked in init()
+	if [ -z "$SYSTEMD" ]; then
+		INFO "systemd not detected, ${DOCKERD_ROOTLESS_SH} needs to be stopped manually:"
+	else
+		unit_file="${CFG_DIR}/systemd/user/${SYSTEMD_UNIT}"
+		(
+			set -x
+			systemctl --user stop "${SYSTEMD_UNIT}"
+		) || :
+		(
+			set -x
+			systemctl --user disable "${SYSTEMD_UNIT}"
+		) || :
+		rm -f "${unit_file}"
+		INFO "Uninstalled ${SYSTEMD_UNIT}"
+	fi
+
+	if cli_ctx_exists "${CLI_CONTEXT}"; then
+		cli_ctx_rm "${CLI_CONTEXT}"
+		INFO "Deleted CLI context \"${CLI_CONTEXT}\""
+	fi
+
+	INFO "This uninstallation tool does NOT remove Docker binaries and data."
+	INFO "To remove data, run: \`$BIN/rootlesskit rm -rf $HOME/.local/share/docker\`"
+}
+
+# text for --help
+usage() {
+	echo "Usage: ${ARG0} [OPTIONS] COMMAND"
+	echo
+	echo "A setup tool for Rootless Docker (${DOCKERD_ROOTLESS_SH})."
+	echo
+	echo "Documentation: https://docs.docker.com/go/rootless/"
+	echo
+	echo "Options:"
+	echo "  -f, --force                Ignore rootful Docker (/var/run/docker.sock)"
+	echo "      --skip-iptables        Ignore missing iptables"
+	echo
+	echo "Commands:"
+	echo "  check        Check prerequisites"
+	echo "  install      Install systemd unit (if systemd is available) and show how to manage the service"
+	echo "  uninstall    Uninstall systemd unit"
+}
+
+# parse CLI args
+if ! args="$(getopt -o hf --long help,force,skip-iptables -n "$ARG0" -- "$@")"; then
+	usage
+	exit 1
+fi
+eval set -- "$args"
+while [ "$#" -gt 0 ]; do
+	arg="$1"
+	shift
+	case "$arg" in
+		-h | --help)
+			usage
+			exit 0
+			;;
+		-f | --force)
+			OPT_FORCE=1
+			;;
+		--skip-iptables)
+			OPT_SKIP_IPTABLES=1
+			;;
+		--)
+			break
+			;;
+		*)
+			# XXX this means we missed something in our "getopt" arguments above!
+			ERROR "Scripting error, unknown argument '$arg' when parsing script arguments."
+			exit 1
+			;;
+	esac
+done
+
+command="${1:-}"
+if [ -z "$command" ]; then
+	ERROR "No command was specified. Run with --help to see the usage. Maybe you want to run \`$ARG0 install\`?"
+	exit 1
+fi
+
+if ! command -v "cmd_entrypoint_${command}" > /dev/null 2>&1; then
+	ERROR "Unknown command: ${command}. Run with --help to see the usage."
+	exit 1
+fi
+
+# main
+init
+"cmd_entrypoint_${command}"
diff --git a/contrib/dockerd-rootless.sh b/contrib/dockerd-rootless.sh
new file mode 100755
index 0000000000000..7f31016f6aef9
--- /dev/null
+++ b/contrib/dockerd-rootless.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+# dockerd-rootless.sh executes dockerd in rootless mode.
+#
+# Usage: dockerd-rootless.sh [DOCKERD_OPTIONS]
+#
+# External dependencies:
+# * newuidmap and newgidmap needs to be installed.
+# * /etc/subuid and /etc/subgid needs to be configured for the current user.
+# * Either one of slirp4netns (>= v0.4.0), VPNKit, lxc-user-nic needs to be installed.
+#
+# Recognized environment variables:
+# * DOCKERD_ROOTLESS_ROOTLESSKIT_NET=(slirp4netns|vpnkit|lxc-user-nic): the rootlesskit network driver. Defaults to "slirp4netns" if slirp4netns (>= v0.4.0) is installed. Otherwise defaults to "vpnkit".
+# * DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=NUM: the MTU value for the rootlesskit network driver. Defaults to 65520 for slirp4netns, 1500 for other drivers.
+# * DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=(builtin|slirp4netns): the rootlesskit port driver. Defaults to "builtin".
+# * DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX=(auto|true|false): whether to protect slirp4netns with a dedicated mount namespace. Defaults to "auto".
+# * DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP=(auto|true|false): whether to protect slirp4netns with seccomp. Defaults to "auto".
+#
+# See the documentation for the further information: https://docs.docker.com/go/rootless/
+
+set -e -x
+case "$1" in
+	"check" | "install" | "uninstall")
+		echo "Did you mean 'dockerd-rootless-setuptool.sh $@' ?"
+		exit 1
+		;;
+esac
+if ! [ -w "$XDG_RUNTIME_DIR" ]; then
+	echo "XDG_RUNTIME_DIR needs to be set and writable"
+	exit 1
+fi
+if ! [ -d "$HOME" ]; then
+	echo "HOME needs to be set and exist."
+	exit 1
+fi
+
+rootlesskit=""
+for f in docker-rootlesskit rootlesskit; do
+	if command -v $f > /dev/null 2>&1; then
+		rootlesskit=$f
+		break
+	fi
+done
+if [ -z "$rootlesskit" ]; then
+	echo "rootlesskit needs to be installed"
+	exit 1
+fi
+
+: "${DOCKERD_ROOTLESS_ROOTLESSKIT_NET:=}"
+: "${DOCKERD_ROOTLESS_ROOTLESSKIT_MTU:=}"
+: "${DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER:=builtin}"
+: "${DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX:=auto}"
+: "${DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP:=auto}"
+net=$DOCKERD_ROOTLESS_ROOTLESSKIT_NET
+mtu=$DOCKERD_ROOTLESS_ROOTLESSKIT_MTU
+if [ -z "$net" ]; then
+	if command -v slirp4netns > /dev/null 2>&1; then
+		# If --netns-type is present in --help, slirp4netns is >= v0.4.0.
+		if slirp4netns --help | grep -qw -- --netns-type; then
+			net=slirp4netns
+			if [ -z "$mtu" ]; then
+				mtu=65520
+			fi
+		else
+			echo "slirp4netns found but seems older than v0.4.0. Falling back to VPNKit."
+		fi
+	fi
+	if [ -z "$net" ]; then
+		if command -v vpnkit > /dev/null 2>&1; then
+			net=vpnkit
+		else
+			echo "Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed"
+			exit 1
+		fi
+	fi
+fi
+if [ -z "$mtu" ]; then
+	mtu=1500
+fi
+
+if [ -z "$_DOCKERD_ROOTLESS_CHILD" ]; then
+	_DOCKERD_ROOTLESS_CHILD=1
+	export _DOCKERD_ROOTLESS_CHILD
+	if [ "$(id -u)" = "0" ]; then
+		echo "This script must be executed as a non-privileged user"
+		exit 1
+	fi
+	# `selinuxenabled` always returns false in RootlessKit child, so we execute `selinuxenabled` in the parent.
+	# https://github.com/rootless-containers/rootlesskit/issues/94
+	if command -v selinuxenabled > /dev/null 2>&1 && selinuxenabled; then
+		_DOCKERD_ROOTLESS_SELINUX=1
+		export _DOCKERD_ROOTLESS_SELINUX
+	fi
+	# Re-exec the script via RootlessKit, so as to create unprivileged {user,mount,network} namespaces.
+	#
+	# --copy-up allows removing/creating files in the directories by creating tmpfs and symlinks
+	# * /etc: copy-up is required so as to prevent `/etc/resolv.conf` in the
+	#         namespace from being unexpectedly unmounted when `/etc/resolv.conf` is recreated on the host
+	#         (by either systemd-networkd or NetworkManager)
+	# * /run: copy-up is required so that we can create /run/docker (hardcoded for plugins) in our namespace
+	exec $rootlesskit \
+		--net=$net --mtu=$mtu \
+		--slirp4netns-sandbox=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX \
+		--slirp4netns-seccomp=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP \
+		--disable-host-loopback --port-driver=$DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER \
+		--copy-up=/etc --copy-up=/run \
+		--propagation=rslave \
+		$DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS \
+		$0 $@
+else
+	[ "$_DOCKERD_ROOTLESS_CHILD" = 1 ]
+	# remove the symlinks for the existing files in the parent namespace if any,
+	# so that we can create our own files in our mount namespace.
+	rm -f /run/docker /run/containerd /run/xtables.lock
+
+	if [ -n "$_DOCKERD_ROOTLESS_SELINUX" ]; then
+		# iptables requires /run in the child to be relabeled. The actual /run in the parent is unaffected.
+		# https://github.com/containers/podman/blob/e6fc34b71aa9d876b1218efe90e14f8b912b0603/libpod/networking_linux.go#L396-L401
+		# https://github.com/moby/moby/issues/41230
+		chcon system_u:object_r:iptables_var_run_t:s0 /run
+	fi
+
+	if [ "$(stat -c %T -f /etc)" = "tmpfs" ] && [ -L "/etc/ssl" ]; then
+		# Workaround for "x509: certificate signed by unknown authority" on openSUSE Tumbleweed.
+		# https://github.com/rootless-containers/rootlesskit/issues/225
+		realpath_etc_ssl=$(realpath /etc/ssl)
+		rm -f /etc/ssl
+		mkdir /etc/ssl
+		mount --rbind ${realpath_etc_ssl} /etc/ssl
+	fi
+
+	exec dockerd $@
+fi
diff --git a/contrib/dockerize-disk.sh b/contrib/dockerize-disk.sh
index 444e243abe9d2..744fc79d0f2f4 100755
--- a/contrib/dockerize-disk.sh
+++ b/contrib/dockerize-disk.sh
@@ -2,21 +2,21 @@
 set -e
 
 if ! command -v qemu-nbd &> /dev/null; then
-  echo >&2 'error: "qemu-nbd" not found!'
-  exit 1
+	echo >&2 'error: "qemu-nbd" not found!'
+	exit 1
 fi
 
 usage() {
-  echo "Convert disk image to docker image"
-  echo ""
-  echo "usage: $0 image-name disk-image-file [ base-image ]"
-  echo "   ie: $0 cirros:0.3.3 cirros-0.3.3-x86_64-disk.img"
-  echo "       $0 ubuntu:cloud ubuntu-14.04-server-cloudimg-amd64-disk1.img ubuntu:14.04"
+	echo "Convert disk image to docker image"
+	echo ""
+	echo "usage: $0 image-name disk-image-file [ base-image ]"
+	echo "   ie: $0 cirros:0.3.3 cirros-0.3.3-x86_64-disk.img"
+	echo "       $0 ubuntu:cloud ubuntu-14.04-server-cloudimg-amd64-disk1.img ubuntu:14.04"
 }
 
 if [ "$#" -lt 2 ]; then
-  usage
-  exit 1
+	usage
+	exit 1
 fi
 
 CURDIR=$(pwd)
@@ -24,7 +24,7 @@ CURDIR=$(pwd)
 image_name="${1%:*}"
 image_tag="${1#*:}"
 if [ "$image_tag" == "$1" ]; then
-  image_tag="latest"
+	image_tag="latest"
 fi
 
 disk_image_file="$2"
@@ -35,10 +35,10 @@ block_device=/dev/nbd0
 builddir=$(mktemp -d)
 
 cleanup() {
-  umount "$builddir/disk_image" || true
-  umount "$builddir/workdir" || true
-  qemu-nbd -d $block_device &> /dev/null || true
-  rm -rf $builddir
+	umount "$builddir/disk_image" || true
+	umount "$builddir/workdir" || true
+	qemu-nbd -d $block_device &> /dev/null || true
+	rm -rf $builddir
 }
 trap cleanup EXIT
 
@@ -55,18 +55,18 @@ base_image_mounts=""
 
 # Unpack base image
 if [ -n "$docker_base_image" ]; then
-  mkdir -p "$builddir/base"
-  docker pull "$docker_base_image"
-  docker save "$docker_base_image" | tar -xC "$builddir/base"
-
-  image_id=$(docker inspect -f "{{.Id}}" "$docker_base_image")
-  while [ -n "$image_id" ]; do
-    mkdir -p "$builddir/base/$image_id/layer"
-    tar -xf "$builddir/base/$image_id/layer.tar" -C "$builddir/base/$image_id/layer"
-
-    base_image_mounts="${base_image_mounts}:$builddir/base/$image_id/layer=ro+wh"
-    image_id=$(docker inspect -f "{{.Parent}}" "$image_id")
-  done
+	mkdir -p "$builddir/base"
+	docker pull "$docker_base_image"
+	docker save "$docker_base_image" | tar -xC "$builddir/base"
+
+	image_id=$(docker inspect -f "{{.Id}}" "$docker_base_image")
+	while [ -n "$image_id" ]; do
+		mkdir -p "$builddir/base/$image_id/layer"
+		tar -xf "$builddir/base/$image_id/layer.tar" -C "$builddir/base/$image_id/layer"
+
+		base_image_mounts="${base_image_mounts}:$builddir/base/$image_id/layer=ro+wh"
+		image_id=$(docker inspect -f "{{.Parent}}" "$image_id")
+	done
 fi
 
 # Mount work directory
@@ -75,20 +75,20 @@ mount -t aufs -o "br=$builddir/diff=rw${base_image_mounts},dio,xino=/dev/shm/auf
 # Update files
 cd $builddir
 LC_ALL=C diff -rq disk_image workdir \
-  | sed -re "s|Only in workdir(.*?): |DEL \1/|g;s|Only in disk_image(.*?): |ADD \1/|g;s|Files disk_image/(.+) and workdir/(.+) differ|UPDATE /\1|g" \
-  | while read action entry; do
-      case "$action" in
-        ADD|UPDATE)
-          cp -a "disk_image$entry" "workdir$entry"
-          ;;
-        DEL)
-          rm -rf "workdir$entry"
-          ;;
-        *)
-          echo "Error: unknown diff line: $action $entry" >&2
-          ;;
-      esac
-    done
+	| sed -re "s|Only in workdir(.*?): |DEL \1/|g;s|Only in disk_image(.*?): |ADD \1/|g;s|Files disk_image/(.+) and workdir/(.+) differ|UPDATE /\1|g" \
+	| while read action entry; do
+		case "$action" in
+			ADD | UPDATE)
+				cp -a "disk_image$entry" "workdir$entry"
+				;;
+			DEL)
+				rm -rf "workdir$entry"
+				;;
+			*)
+				echo "Error: unknown diff line: $action $entry" >&2
+				;;
+		esac
+	done
 
 # Pack new image
 new_image_id="$(for i in $(seq 1 32); do printf "%02x" $(($RANDOM % 256)); done)"
@@ -96,15 +96,15 @@ mkdir -p $builddir/result/$new_image_id
 cd diff
 tar -cf $builddir/result/$new_image_id/layer.tar *
 echo "1.0" > $builddir/result/$new_image_id/VERSION
-cat > $builddir/result/$new_image_id/json <<-EOS
-{ "docker_version": "1.4.1"
-, "id": "$new_image_id"
-, "created": "$(date -u +%Y-%m-%dT%H:%M:%S.%NZ)"
+cat > $builddir/result/$new_image_id/json <<- EOS
+	{ "docker_version": "1.4.1"
+	, "id": "$new_image_id"
+	, "created": "$(date -u +%Y-%m-%dT%H:%M:%S.%NZ)"
 EOS
 
 if [ -n "$docker_base_image" ]; then
-  image_id=$(docker inspect -f "{{.Id}}" "$docker_base_image")
-  echo ", \"parent\": \"$image_id\"" >> $builddir/result/$new_image_id/json
+ image_id=$(docker inspect -f "{{.Id}}" "$docker_base_image")
+ echo ", \"parent\": \"$image_id\"" >> $builddir/result/$new_image_id/json
 fi
 
 echo "}" >> $builddir/result/$new_image_id/json
diff --git a/contrib/download-frozen-image-v1.sh b/contrib/download-frozen-image-v1.sh
deleted file mode 100755
index 77c91d1f1b374..0000000000000
--- a/contrib/download-frozen-image-v1.sh
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-# hello-world                      latest              ef872312fe1b        3 months ago        910 B
-# hello-world                      latest              ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9   3 months ago        910 B
-
-# debian                           latest              f6fab3b798be        10 weeks ago        85.1 MB
-# debian                           latest              f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd   10 weeks ago        85.1 MB
-
-if ! command -v curl &> /dev/null; then
-	echo >&2 'error: "curl" not found!'
-	exit 1
-fi
-
-usage() {
-	echo "usage: $0 dir image[:tag][@image-id] ..."
-	echo "   ie: $0 /tmp/hello-world hello-world"
-	echo "       $0 /tmp/debian-jessie debian:jessie"
-	echo "       $0 /tmp/old-hello-world hello-world@ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9"
-	echo "       $0 /tmp/old-debian debian:latest@f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd"
-	[ -z "$1" ] || exit "$1"
-}
-
-dir="$1" # dir for building tar in
-shift || usage 1 >&2
-
-[ $# -gt 0 -a "$dir" ] || usage 2 >&2
-mkdir -p "$dir"
-
-# hacky workarounds for Bash 3 support (no associative arrays)
-images=()
-rm -f "$dir"/tags-*.tmp
-# repositories[busybox]='"latest": "...", "ubuntu-14.04": "..."'
-
-while [ $# -gt 0 ]; do
-	imageTag="$1"
-	shift
-	image="${imageTag%%[:@]*}"
-	tag="${imageTag#*:}"
-	imageId="${tag##*@}"
-	[ "$imageId" != "$tag" ] || imageId=
-	[ "$tag" != "$imageTag" ] || tag='latest'
-	tag="${tag%@*}"
-
-	imageFile="${image//\//_}" # "/" can't be in filenames :)
-
-	token="$(curl -sSL -o /dev/null -D- -H 'X-Docker-Token: true' "https://index.docker.io/v1/repositories/$image/images" | tr -d '\r' | awk -F ': *' '$1 == "X-Docker-Token" { print $2 }')"
-
-	if [ -z "$imageId" ]; then
-		imageId="$(curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/repositories/$image/tags/$tag")"
-		imageId="${imageId//\"/}"
-	fi
-
-	ancestryJson="$(curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/ancestry")"
-	if [ "${ancestryJson:0:1}" != '[' ]; then
-		echo >&2 "error: /v1/images/$imageId/ancestry returned something unexpected:"
-		echo >&2 "  $ancestryJson"
-		exit 1
-	fi
-
-	IFS=','
-	ancestry=( ${ancestryJson//[\[\] \"]/} )
-	unset IFS
-
-	if [ -s "$dir/tags-$imageFile.tmp" ]; then
-		echo -n ', ' >> "$dir/tags-$imageFile.tmp"
-	else
-		images=( "${images[@]}" "$image" )
-	fi
-	echo -n '"'"$tag"'": "'"$imageId"'"' >> "$dir/tags-$imageFile.tmp"
-
-	echo "Downloading '$imageTag' (${#ancestry[@]} layers)..."
-	for imageId in "${ancestry[@]}"; do
-		mkdir -p "$dir/$imageId"
-		echo '1.0' > "$dir/$imageId/VERSION"
-
-		curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/json" -o "$dir/$imageId/json"
-
-		# TODO figure out why "-C -" doesn't work here
-		# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
-		# "HTTP/1.1 416 Requested Range Not Satisfiable"
-		if [ -f "$dir/$imageId/layer.tar" ]; then
-			# TODO hackpatch for no -C support :'(
-			echo "skipping existing ${imageId:0:12}"
-			continue
-		fi
-		curl -SL --progress -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/layer" -o "$dir/$imageId/layer.tar" # -C -
-	done
-	echo
-done
-
-echo -n '{' > "$dir/repositories"
-firstImage=1
-for image in "${images[@]}"; do
-	imageFile="${image//\//_}" # "/" can't be in filenames :)
-
-	[ "$firstImage" ] || echo -n ',' >> "$dir/repositories"
-	firstImage=
-	echo -n $'\n\t' >> "$dir/repositories"
-	echo -n '"'"$image"'": { '"$(cat "$dir/tags-$imageFile.tmp")"' }' >> "$dir/repositories"
-done
-echo -n $'\n}\n' >> "$dir/repositories"
-
-rm -f "$dir"/tags-*.tmp
-
-echo "Download of images into '$dir' complete."
-echo "Use something like the following to load the result into a Docker daemon:"
-echo "  tar -cC '$dir' . | docker load"
diff --git a/contrib/download-frozen-image-v2.sh b/contrib/download-frozen-image-v2.sh
index 54b592307f88a..27a9b6c44bac7 100755
--- a/contrib/download-frozen-image-v2.sh
+++ b/contrib/download-frozen-image-v2.sh
@@ -6,14 +6,14 @@ set -eo pipefail
 
 # debian                           latest              f6fab3b798be        10 weeks ago        85.1 MB
 # debian                           latest              f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd   10 weeks ago        85.1 MB
-if ! command -v curl &> /dev/null; then
-	echo >&2 'error: "curl" not found!'
-	exit 1
-fi
-if ! command -v jq &> /dev/null; then
-	echo >&2 'error: "jq" not found!'
-	exit 1
-fi
+
+# check if essential commands are in our PATH
+for cmd in curl jq; do
+	if ! command -v $cmd &> /dev/null; then
+		echo >&2 "error: \"$cmd\" not found!"
+		exit 1
+	fi
+done
 
 usage() {
 	echo "usage: $0 dir image[:tag][@digest] ..."
@@ -24,7 +24,9 @@ usage() {
 dir="$1" # dir for building tar in
 shift || usage 1 >&2
 
-[ $# -gt 0 -a "$dir" ] || usage 2 >&2
+if ! [ $# -gt 0 ] && [ "$dir" ]; then
+	usage 2 >&2
+fi
 mkdir -p "$dir"
 
 # hacky workarounds for Bash 3 support (no associative arrays)
@@ -34,13 +36,11 @@ manifestJsonEntries=()
 doNotGenerateManifestJson=
 # repositories[busybox]='"latest": "...", "ubuntu-14.04": "..."'
 
-# bash v4 on Windows CI requires CRLF separator
+# bash v4 on Windows CI requires CRLF separator... and linux doesn't seem to care either way
 newlineIFS=$'\n'
-if [ "$(go env GOHOSTOS)" = 'windows' ]; then
-	major=$(echo ${BASH_VERSION%%[^0.9]} | cut -d. -f1)
-	if [ "$major" -ge 4 ]; then
-		newlineIFS=$'\r\n'
-	fi
+major=$(echo "${BASH_VERSION%%[^0.9]}" | cut -d. -f1)
+if [ "$major" -ge 4 ]; then
+	newlineIFS=$'\r\n'
 fi
 
 registryBase='https://registry-1.docker.io'
@@ -49,13 +49,18 @@ authService='registry.docker.io'
 
 # https://github.com/moby/moby/issues/33700
 fetch_blob() {
-	local token="$1"; shift
-	local image="$1"; shift
-	local digest="$1"; shift
-	local targetFile="$1"; shift
-	local curlArgs=( "$@" )
+	local token="$1"
+	shift
+	local image="$1"
+	shift
+	local digest="$1"
+	shift
+	local targetFile="$1"
+	shift
+	local curlArgs=("$@")
 
-	local curlHeaders="$(
+	local curlHeaders
+	curlHeaders="$(
 		curl -S "${curlArgs[@]}" \
 			-H "Authorization: Bearer $token" \
 			"$registryBase/v2/$image/blobs/$digest" \
@@ -63,10 +68,11 @@ fetch_blob() {
 			-D-
 	)"
 	curlHeaders="$(echo "$curlHeaders" | tr -d '\r')"
-	if grep -qE "^HTTP/[0-9].[0-9] 3" <<<"$curlHeaders"; then
+	if grep -qE "^HTTP/[0-9].[0-9] 3" <<< "$curlHeaders"; then
 		rm -f "$targetFile"
 
-		local blobRedirect="$(echo "$curlHeaders" | awk -F ': ' 'tolower($1) == "location" { print $2; exit }')"
+		local blobRedirect
+		blobRedirect="$(echo "$curlHeaders" | awk -F ': ' 'tolower($1) == "location" { print $2; exit }')"
 		if [ -z "$blobRedirect" ]; then
 			echo >&2 "error: failed fetching '$image' blob '$digest'"
 			echo "$curlHeaders" | head -1 >&2
@@ -81,17 +87,21 @@ fetch_blob() {
 
 # handle 'application/vnd.docker.distribution.manifest.v2+json' manifest
 handle_single_manifest_v2() {
-	local manifestJson="$1"; shift
+	local manifestJson="$1"
+	shift
 
-	local configDigest="$(echo "$manifestJson" | jq --raw-output '.config.digest')"
+	local configDigest
+	configDigest="$(echo "$manifestJson" | jq --raw-output '.config.digest')"
 	local imageId="${configDigest#*:}" # strip off "sha256:"
 
 	local configFile="$imageId.json"
 	fetch_blob "$token" "$image" "$configDigest" "$dir/$configFile" -s
 
-	local layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.layers[]')"
+	local layersFs
+	layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.layers[]')"
 	local IFS="$newlineIFS"
-	local layers=( $layersFs )
+	local layers
+	mapfile -t layers <<< "$layersFs"
 	unset IFS
 
 	echo "Downloading '$imageIdentifier' (${#layers[@]} layers)..."
@@ -100,8 +110,10 @@ handle_single_manifest_v2() {
 	for i in "${!layers[@]}"; do
 		local layerMeta="${layers[$i]}"
 
-		local layerMediaType="$(echo "$layerMeta" | jq --raw-output '.mediaType')"
-		local layerDigest="$(echo "$layerMeta" | jq --raw-output '.digest')"
+		local layerMediaType
+		layerMediaType="$(echo "$layerMeta" | jq --raw-output '.mediaType')"
+		local layerDigest
+		layerDigest="$(echo "$layerMeta" | jq --raw-output '.digest')"
 
 		# save the previous layer's ID
 		local parentId="$layerId"
@@ -113,10 +125,12 @@ handle_single_manifest_v2() {
 		echo '1.0' > "$dir/$layerId/VERSION"
 
 		if [ ! -s "$dir/$layerId/json" ]; then
-			local parentJson="$(printf ', parent: "%s"' "$parentId")"
-			local addJson="$(printf '{ id: "%s"%s }' "$layerId" "${parentId:+$parentJson}")"
+			local parentJson
+			parentJson="$(printf ', parent: "%s"' "$parentId")"
+			local addJson
+			addJson="$(printf '{ id: "%s"%s }' "$layerId" "${parentId:+$parentJson}")"
 			# this starter JSON is taken directly from Docker's own "docker save" output for unimportant layers
-			jq "$addJson + ." > "$dir/$layerId/json" <<-'EOJSON'
+			jq "$addJson + ." > "$dir/$layerId/json" <<- 'EOJSON'
 				{
 					"created": "0001-01-01T00:00:00Z",
 					"container_config": {
@@ -145,7 +159,7 @@ handle_single_manifest_v2() {
 		case "$layerMediaType" in
 			application/vnd.docker.image.rootfs.diff.tar.gzip)
 				local layerTar="$layerId/layer.tar"
-				layerFiles=( "${layerFiles[@]}" "$layerTar" )
+				layerFiles=("${layerFiles[@]}" "$layerTar")
 				# TODO figure out why "-C -" doesn't work here
 				# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
 				# "HTTP/1.1 416 Requested Range Not Satisfiable"
@@ -154,8 +168,9 @@ handle_single_manifest_v2() {
 					echo "skipping existing ${layerId:0:12}"
 					continue
 				fi
-				local token="$(curl -fsSL "$authBase/token?service=$authService&scope=repository:$image:pull" | jq --raw-output '.token')"
-				fetch_blob "$token" "$image" "$layerDigest" "$dir/$layerTar" --progress
+				local token
+				token="$(curl -fsSL "$authBase/token?service=$authService&scope=repository:$image:pull" | jq --raw-output '.token')"
+				fetch_blob "$token" "$image" "$layerDigest" "$dir/$layerTar" --progress-bar
 				;;
 
 			*)
@@ -169,17 +184,81 @@ handle_single_manifest_v2() {
 	imageId="$layerId"
 
 	# munge the top layer image manifest to have the appropriate image configuration for older daemons
-	local imageOldConfig="$(jq --raw-output --compact-output '{ id: .id } + if .parent then { parent: .parent } else {} end' "$dir/$imageId/json")"
+	local imageOldConfig
+	imageOldConfig="$(jq --raw-output --compact-output '{ id: .id } + if .parent then { parent: .parent } else {} end' "$dir/$imageId/json")"
 	jq --raw-output "$imageOldConfig + del(.history, .rootfs)" "$dir/$configFile" > "$dir/$imageId/json"
 
-	local manifestJsonEntry="$(
+	local manifestJsonEntry
+	manifestJsonEntry="$(
 		echo '{}' | jq --raw-output '. + {
 			Config: "'"$configFile"'",
 			RepoTags: ["'"${image#library\/}:$tag"'"],
 			Layers: '"$(echo '[]' | jq --raw-output ".$(for layerFile in "${layerFiles[@]}"; do echo " + [ \"$layerFile\" ]"; done)")"'
 		}'
 	)"
-	manifestJsonEntries=( "${manifestJsonEntries[@]}" "$manifestJsonEntry" )
+	manifestJsonEntries=("${manifestJsonEntries[@]}" "$manifestJsonEntry")
+}
+
+get_target_arch() {
+	if [ -n "${TARGETARCH:-}" ]; then
+		echo "${TARGETARCH}"
+		return 0
+	fi
+
+	if type go > /dev/null; then
+		go env GOARCH
+		return 0
+	fi
+
+	if type dpkg > /dev/null; then
+		debArch="$(dpkg --print-architecture)"
+		case "${debArch}" in
+			armel | armhf)
+				echo "arm"
+				return 0
+				;;
+			*64el)
+				echo "${debArch%el}le"
+				return 0
+				;;
+			*)
+				echo "${debArch}"
+				return 0
+				;;
+		esac
+	fi
+
+	if type uname > /dev/null; then
+		uArch="$(uname -m)"
+		case "${uArch}" in
+			x86_64)
+				echo amd64
+				return 0
+				;;
+			arm | armv[0-9]*)
+				echo arm
+				return 0
+				;;
+			aarch64)
+				echo arm64
+				return 0
+				;;
+			mips*)
+				echo >&2 "I see you are running on mips but I don't know how to determine endianness yet, so I cannot select a correct arch to fetch."
+				echo >&2 "Consider installing \"go\" on the system which I can use to determine the correct arch or specify it explictly by setting TARGETARCH"
+				exit 1
+				;;
+			*)
+				echo "${uArch}"
+				return 0
+				;;
+		esac
+
+	fi
+
+	# default value
+	echo >&2 "Unable to determine CPU arch, falling back to amd64. You can specify a target arch by setting TARGETARCH"
+	echo amd64
 }
 
 while [ $# -gt 0 ]; do
@@ -227,15 +306,16 @@ while [ $# -gt 0 ]; do
 				application/vnd.docker.distribution.manifest.list.v2+json)
 					layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.manifests[]')"
 					IFS="$newlineIFS"
-					layers=( $layersFs )
+					mapfile -t layers <<< "$layersFs"
 					unset IFS
 
 					found=""
+					targetArch="$(get_target_arch)"
 					# parse first level multi-arch manifest
 					for i in "${!layers[@]}"; do
 						layerMeta="${layers[$i]}"
 						maniArch="$(echo "$layerMeta" | jq --raw-output '.platform.architecture')"
-						if [ "$maniArch" = "$(go env GOARCH)" ]; then
+						if [ "$maniArch" = "${targetArch}" ]; then
 							digest="$(echo "$layerMeta" | jq --raw-output '.digest')"
 							# get second level single manifest
 							submanifestJson="$(
@@ -273,7 +353,7 @@ while [ $# -gt 0 ]; do
 
 			layersFs="$(echo "$manifestJson" | jq --raw-output '.fsLayers | .[] | .blobSum')"
 			IFS="$newlineIFS"
-			layers=( $layersFs )
+			mapfile -t layers <<< "$layersFs"
 			unset IFS
 
 			history="$(echo "$manifestJson" | jq '.history | [.[] | .v1Compatibility]')"
@@ -299,7 +379,7 @@ while [ $# -gt 0 ]; do
 					continue
 				fi
 				token="$(curl -fsSL "$authBase/token?service=$authService&scope=repository:$image:pull" | jq --raw-output '.token')"
-				fetch_blob "$token" "$image" "$imageLayer" "$dir/$layerId/layer.tar" --progress
+				fetch_blob "$token" "$image" "$imageLayer" "$dir/$layerId/layer.tar" --progress-bar
 			done
 			;;
 
@@ -314,7 +394,7 @@ while [ $# -gt 0 ]; do
 	if [ -s "$dir/tags-$imageFile.tmp" ]; then
 		echo -n ', ' >> "$dir/tags-$imageFile.tmp"
 	else
-		images=( "${images[@]}" "$image" )
+		images=("${images[@]}" "$image")
 	fi
 	echo -n '"'"$tag"'": "'"$imageId"'"' >> "$dir/tags-$imageFile.tmp"
 done
diff --git a/contrib/gitdm/generate_aliases.sh b/contrib/gitdm/generate_aliases.sh
index dfff5ff2048f6..f61b0ef8431c0 100755
--- a/contrib/gitdm/generate_aliases.sh
+++ b/contrib/gitdm/generate_aliases.sh
@@ -8,9 +8,9 @@
 #  $> ./generate_aliases <mailmap_file> > aliases
 #
 
-cat $1 | \
-    grep -v '^#' | \
-    sed 's/^[^<]*<\([^>]*\)>/\1/' | \
-    grep '<.*>' | sed -e 's/[<>]/ /g' | \
-    awk '{if ($3 != "") { print $3" "$1 } else {print $2" "$1}}' | \
-    sort | uniq
+cat $1 \
+	| grep -v '^#' \
+	| sed 's/^[^<]*<\([^>]*\)>/\1/' \
+	| grep '<.*>' | sed -e 's/[<>]/ /g' \
+	| awk '{if ($3 != "") { print $3" "$1 } else {print $2" "$1}}' \
+	| sort | uniq
diff --git a/contrib/init/openrc/docker.confd b/contrib/init/openrc/docker.confd
index 89183de46b9e7..cc599e6da4cce 100644
--- a/contrib/init/openrc/docker.confd
+++ b/contrib/init/openrc/docker.confd
@@ -16,6 +16,12 @@
 # where docker's pid get stored
 #DOCKER_PIDFILE="/run/docker.pid"
 
+# Settings for process limits (ulimit)
+#DOCKER_ULIMIT="-c unlimited -n 1048576 -u unlimited"
+
+# seconds to wait for sending SIGTERM and SIGKILL signals when stopping docker
+#DOCKER_RETRY="TERM/60/KILL/10"
+
 # where the docker daemon itself is run from
 #DOCKERD_BINARY="/usr/bin/dockerd"
 
diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd
index 6c968f607e9d2..3229223bad720 100644
--- a/contrib/init/openrc/docker.initd
+++ b/contrib/init/openrc/docker.initd
@@ -11,14 +11,18 @@ DOCKER_OUTFILE="${DOCKER_OUTFILE:-${DOCKER_LOGFILE}}"
 start_stop_daemon_args="--background \
 	--stderr \"${DOCKER_ERRFILE}\" --stdout \"${DOCKER_OUTFILE}\""
 
-start_pre() {
-	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
+extra_started_commands="reload"
+
+rc_ulimit="${DOCKER_ULIMIT:--c unlimited -n 1048576 -u unlimited}"
 
-	ulimit -n 1048576
+retry="${DOCKER_RETRY:-TERM/60/KILL/10}"
 
-	# Having non-zero limits causes performance problems due to accounting overhead
-	# in the kernel. We recommend using cgroups to do container-local accounting.
-	ulimit -u unlimited
+start_pre() {
+	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
+}
 
-	return 0
+reload() {
+	ebegin "Reloading ${RC_SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile "${pidfile}"
+	eend $? "Failed to stop ${RC_SVCNAME}"
 }
diff --git a/contrib/init/systemd/REVIEWERS b/contrib/init/systemd/REVIEWERS
deleted file mode 100644
index b9ba55b3fba91..0000000000000
--- a/contrib/init/systemd/REVIEWERS
+++ /dev/null
@@ -1,3 +0,0 @@
-Lokesh Mandvekar <lsm5@fedoraproject.org> (@lsm5)
-Brandon Philips <brandon.philips@coreos.com> (@philips)
-Jessie Frazelle <jess@docker.com> (@jfrazelle)
diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service
index 517463172b36e..fab73b8632db9 100644
--- a/contrib/init/systemd/docker.service
+++ b/contrib/init/systemd/docker.service
@@ -1,8 +1,8 @@
 [Unit]
 Description=Docker Application Container Engine
 Documentation=https://docs.docker.com
-After=network-online.target docker.socket firewalld.service
-Wants=network-online.target
+After=network-online.target docker.socket firewalld.service containerd.service
+Wants=network-online.target containerd.service
 Requires=docker.socket
 
 [Service]
@@ -10,25 +10,38 @@ Type=notify
 # the default is not to use systemd for cgroups because the delegate issues still
 # exists and systemd currently does not support the cgroup feature set required
 # for containers run by docker
-ExecStart=/usr/bin/dockerd -H fd://
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
 ExecReload=/bin/kill -s HUP $MAINPID
-LimitNOFILE=1048576
+TimeoutStartSec=0
+RestartSec=2
+Restart=always
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=60s
+
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
 LimitNPROC=infinity
 LimitCORE=infinity
-# Uncomment TasksMax if your systemd version supports it.
-# Only systemd 226 and above support this version.
-#TasksMax=infinity
-TimeoutStartSec=0
+
+# Comment TasksMax if your systemd version does not support it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+
 # set delegate yes so that systemd does not reset the cgroups of docker containers
 Delegate=yes
+
 # kill only the docker process, not all processes in the cgroup
 KillMode=process
-# restart the docker process if it exits prematurely
-Restart=on-failure
-StartLimitBurst=3
-StartLimitInterval=60s
+OOMScoreAdjust=-500
 
 [Install]
 WantedBy=multi-user.target
diff --git a/contrib/init/systemd/docker.service.rpm b/contrib/init/systemd/docker.service.rpm
deleted file mode 100644
index 6c60646b5680a..0000000000000
--- a/contrib/init/systemd/docker.service.rpm
+++ /dev/null
@@ -1,33 +0,0 @@
-[Unit]
-Description=Docker Application Container Engine
-Documentation=https://docs.docker.com
-After=network-online.target firewalld.service
-Wants=network-online.target
-
-[Service]
-Type=notify
-# the default is not to use systemd for cgroups because the delegate issues still
-# exists and systemd currently does not support the cgroup feature set required
-# for containers run by docker
-ExecStart=/usr/bin/dockerd
-ExecReload=/bin/kill -s HUP $MAINPID
-# Having non-zero Limit*s causes performance problems due to accounting overhead
-# in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNOFILE=infinity
-LimitNPROC=infinity
-LimitCORE=infinity
-# Uncomment TasksMax if your systemd version supports it.
-# Only systemd 226 and above support this version.
-#TasksMax=infinity
-TimeoutStartSec=0
-# set delegate yes so that systemd does not reset the cgroups of docker containers
-Delegate=yes
-# kill only the docker process, not all processes in the cgroup
-KillMode=process
-# restart the docker process if it exits prematurely
-Restart=on-failure
-StartLimitBurst=3
-StartLimitInterval=60s
-
-[Install]
-WantedBy=multi-user.target
diff --git a/contrib/init/systemd/docker.socket b/contrib/init/systemd/docker.socket
index 7dd95098e4ad7..c76a23296ec0e 100644
--- a/contrib/init/systemd/docker.socket
+++ b/contrib/init/systemd/docker.socket
@@ -1,9 +1,10 @@
 [Unit]
 Description=Docker Socket for the API
-PartOf=docker.service
 
 [Socket]
-ListenStream=/var/run/docker.sock
+# If /var/run is not implemented as a symlink to /run, you may need to
+# specify ListenStream=/var/run/docker.sock instead.
+ListenStream=/run/docker.sock
 SocketMode=0660
 SocketUser=root
 SocketGroup=docker
diff --git a/contrib/init/sysvinit-debian/docker b/contrib/init/sysvinit-debian/docker
index 9c8fa6be73e31..a2ba4f4b7d31a 100755
--- a/contrib/init/sysvinit-debian/docker
+++ b/contrib/init/sysvinit-debian/docker
@@ -46,7 +46,7 @@ fi
 
 check_init() {
 	# see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly)
-	if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
+	if [ -x /sbin/initctl ] && /sbin/initctl version 2> /dev/null | grep -q upstart; then
 		log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
 		exit 1
 	fi
@@ -85,7 +85,7 @@ cgroupfs_mount() {
 case "$1" in
 	start)
 		check_init
-		
+
 		fail_unless_root
 
 		cgroupfs_mount
@@ -110,9 +110,9 @@ case "$1" in
 			--pidfile "$DOCKER_SSD_PIDFILE" \
 			--make-pidfile \
 			-- \
-				-p "$DOCKER_PIDFILE" \
-				$DOCKER_OPTS \
-					>> "$DOCKER_LOGFILE" 2>&1
+			-p "$DOCKER_PIDFILE" \
+			$DOCKER_OPTS \
+			>> "$DOCKER_LOGFILE" 2>&1
 		log_end_msg $?
 		;;
 
@@ -131,7 +131,7 @@ case "$1" in
 	restart)
 		check_init
 		fail_unless_root
-		docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
+		docker_pid=$(cat "$DOCKER_SSD_PIDFILE" 2> /dev/null)
 		[ -n "$docker_pid" ] \
 			&& ps -p $docker_pid > /dev/null 2>&1 \
 			&& $0 stop
diff --git a/contrib/init/sysvinit-redhat/docker b/contrib/init/sysvinit-redhat/docker
index df9b02a2a451f..7bcb2d88adf18 100755
--- a/contrib/init/sysvinit-redhat/docker
+++ b/contrib/init/sysvinit-redhat/docker
@@ -109,10 +109,9 @@ rh_status() {
 }
 
 rh_status_q() {
-	rh_status >/dev/null 2>&1
+	rh_status > /dev/null 2>&1
 }
 
-
 check_for_cleanup() {
 	if [ -f ${pidfile} ]; then
 		/bin/ps -fp $(cat ${pidfile}) > /dev/null || rm ${pidfile}
@@ -141,13 +140,14 @@ case "$1" in
 	status)
 		rh_status
 		;;
-	condrestart|try-restart)
+	condrestart | try-restart)
 		rh_status_q || exit 0
 		restart
 		;;
 	*)
 		echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
 		exit 2
+		;;
 esac
 
 exit $?
diff --git a/contrib/init/upstart/REVIEWERS b/contrib/init/upstart/REVIEWERS
deleted file mode 100644
index 03ee2dde3dae6..0000000000000
--- a/contrib/init/upstart/REVIEWERS
+++ /dev/null
@@ -1,2 +0,0 @@
-Tianon Gravi <admwiggin@gmail.com> (@tianon)
-Jessie Frazelle <jess@docker.com> (@jfrazelle)
diff --git a/contrib/mac-install-bundle.sh b/contrib/mac-install-bundle.sh
index 2110d044d01f7..f51546e116fc5 100755
--- a/contrib/mac-install-bundle.sh
+++ b/contrib/mac-install-bundle.sh
@@ -20,26 +20,26 @@ DATABASE_KEY="$DATABASE/com.docker.driver.amd64-linux/bundle"
 [ -d "$DATABASE" ] || errexit "Docker for Mac must be installed for this script"
 
 case "$1" in
-"install")
-	[ -d "$BUNDLE" ] || errexit "cannot find bundle $BUNDLE"
-	[ -e "$CLIENT_PATH" ] || errexit "you need to run make cross first"
-	[ -e "$BUNDLE/binary-daemon/dockerd" ] || errexit "you need to build binaries first"
-	[ -f "$BUNDLE/binary-client/docker" ] || errexit "you need to build binaries first"
-	git -C "$DATABASE" reset --hard >/dev/null
-	echo "$BUNDLE_PATH" > "$DATABASE_KEY"
-	git -C "$DATABASE" add "$DATABASE_KEY"
-	git -C "$DATABASE" commit -m "update bundle to $BUNDLE_PATH"
-	rm -f /usr/local/bin/docker
-	cp "$CLIENT_PATH" /usr/local/bin
-	echo "Bundle installed. Restart Docker to use. To uninstall, reset Docker to factory defaults."
-	;;
-"undo")
-	git -C "$DATABASE" reset --hard >/dev/null
-	[ -f "$DATABASE_KEY" ] || errexit "bundle not set"
-	git -C "$DATABASE" rm "$DATABASE_KEY"
-	git -C "$DATABASE" commit -m "remove bundle"
-	rm -f /usr/local/bin/docker
-	ln -s "$HOME/Library/Group Containers/group.com.docker/bin/docker" /usr/local/bin
-	echo "Bundle removed. Using dev versions may cause issues, a reset to factory defaults is recommended."
-	;;
+	"install")
+		[ -d "$BUNDLE" ] || errexit "cannot find bundle $BUNDLE"
+		[ -e "$CLIENT_PATH" ] || errexit "you need to run make cross first"
+		[ -e "$BUNDLE/binary-daemon/dockerd" ] || errexit "you need to build binaries first"
+		[ -f "$BUNDLE/binary-client/docker" ] || errexit "you need to build binaries first"
+		git -C "$DATABASE" reset --hard > /dev/null
+		echo "$BUNDLE_PATH" > "$DATABASE_KEY"
+		git -C "$DATABASE" add "$DATABASE_KEY"
+		git -C "$DATABASE" commit -m "update bundle to $BUNDLE_PATH"
+		rm -f /usr/local/bin/docker
+		cp "$CLIENT_PATH" /usr/local/bin
+		echo "Bundle installed. Restart Docker to use. To uninstall, reset Docker to factory defaults."
+		;;
+	"undo")
+		git -C "$DATABASE" reset --hard > /dev/null
+		[ -f "$DATABASE_KEY" ] || errexit "bundle not set"
+		git -C "$DATABASE" rm "$DATABASE_KEY"
+		git -C "$DATABASE" commit -m "remove bundle"
+		rm -f /usr/local/bin/docker
+		ln -s "$HOME/Library/Group Containers/group.com.docker/bin/docker" /usr/local/bin
+		echo "Bundle removed. Using dev versions may cause issues, a reset to factory defaults is recommended."
+		;;
 esac
diff --git a/contrib/mkimage-alpine.sh b/contrib/mkimage-alpine.sh
index 16791a758d375..60bfc80dd9e16 100755
--- a/contrib/mkimage-alpine.sh
+++ b/contrib/mkimage-alpine.sh
@@ -19,13 +19,13 @@ tmp() {
 }
 
 apkv() {
-	curl -sSL $MAINREPO/$ARCH/APKINDEX.tar.gz | tar -Oxz |
-		grep --text '^P:apk-tools-static$' -A1 | tail -n1 | cut -d: -f2
+	curl -sSL $MAINREPO/$ARCH/APKINDEX.tar.gz | tar -Oxz \
+		| grep --text '^P:apk-tools-static$' -A1 | tail -n1 | cut -d: -f2
 }
 
 getapk() {
-	curl -sSL $MAINREPO/$ARCH/apk-tools-static-$(apkv).apk |
-		tar -xz -C $TMP sbin/apk.static
+	curl -sSL $MAINREPO/$ARCH/apk-tools-static-$(apkv).apk \
+		| tar -xz -C $TMP sbin/apk.static
 }
 
 mkbase() {
diff --git a/contrib/mkimage-arch.sh b/contrib/mkimage-arch.sh
index f941177122be1..a618f2ccab45f 100755
--- a/contrib/mkimage-arch.sh
+++ b/contrib/mkimage-arch.sh
@@ -4,54 +4,82 @@
 # requires root
 set -e
 
-hash pacstrap &>/dev/null || {
+# reset umask to default
+umask 022
+
+hash pacstrap &> /dev/null || {
 	echo "Could not find pacstrap. Run pacman -S arch-install-scripts"
 	exit 1
 }
 
-hash expect &>/dev/null || {
+hash expect &> /dev/null || {
 	echo "Could not find expect. Run pacman -S expect"
 	exit 1
 }
 
-
 export LANG="C.UTF-8"
 
 ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/rootfs-archlinux-XXXXXXXXXX)
 chmod 755 $ROOTFS
 
+# required packages
+PKGREQUIRED=(
+	bash
+	haveged
+	pacman
+	pacman-mirrorlist
+)
+
 # packages to ignore for space savings
 PKGIGNORE=(
-    cryptsetup
-    device-mapper
-    dhcpcd
-    iproute2
-    jfsutils
-    linux
-    lvm2
-    man-db
-    man-pages
-    mdadm
-    nano
-    netctl
-    openresolv
-    pciutils
-    pcmciautils
-    reiserfsprogs
-    s-nail
-    systemd-sysvcompat
-    usbutils
-    vi
-    xfsprogs
+	dhcpcd
+	diffutils
+	file
+	inetutils
+	iproute2
+	iputils
+	jfsutils
+	licenses
+	linux
+	linux-firmware
+	lvm2
+	man-db
+	man-pages
+	mdadm
+	nano
+	netctl
+	openresolv
+	pciutils
+	pcmciautils
+	psmisc
+	reiserfsprogs
+	s-nail
+	sysfsutils
+	systemd-sysvcompat
+	usbutils
+	vi
+	which
+	xfsprogs
 )
+
+PKGREMOVE=(
+	gawk
+	haveged
+	less
+	linux-libre
+	linux-libre-firmware
+)
+
+PKGREQUIRED="${PKGREQUIRED[*]}"
 IFS=','
 PKGIGNORE="${PKGIGNORE[*]}"
 unset IFS
+PKGREMOVE="${PKGREMOVE[*]}"
 
 arch="$(uname -m)"
 case "$arch" in
 	armv*)
-		if pacman -Q archlinuxarm-keyring >/dev/null 2>&1; then
+		if pacman -Q archlinuxarm-keyring > /dev/null 2>&1; then
 			pacman-key --init
 			pacman-key --populate archlinuxarm
 		else
@@ -79,7 +107,7 @@ esac
 
 export PACMAN_MIRRORLIST
 
-expect <<EOF
+expect << EOF
 	set send_slow {1 .1}
 	proc send {ignore arg} {
 		sleep .1
@@ -87,7 +115,7 @@ expect <<EOF
 	}
 	set timeout $EXPECT_TIMEOUT
 
-	spawn pacstrap -C $PACMAN_CONF -c -d -G -i $ROOTFS base haveged $PACMAN_EXTRA_PKGS --ignore $PKGIGNORE
+	spawn pacstrap -C $PACMAN_CONF -c -d -G -i $ROOTFS base $PKGREQUIRED $PACMAN_EXTRA_PKGS --ignore $PKGIGNORE
 	expect {
 		-exact "anyway? \[Y/n\] " { send -- "n\r"; exp_continue }
 		-exact "(default=all): " { send -- "\r"; exp_continue }
@@ -97,11 +125,11 @@ expect <<EOF
 EOF
 
 arch-chroot $ROOTFS /bin/sh -c 'rm -r /usr/share/man/*'
-arch-chroot $ROOTFS /bin/sh -c "haveged -w 1024; pacman-key --init; pkill haveged; pacman -Rs --noconfirm haveged; pacman-key --populate $ARCH_KEYRING; pkill gpg-agent"
-arch-chroot $ROOTFS /bin/sh -c "ln -s /usr/share/zoneinfo/UTC /etc/localtime"
+arch-chroot $ROOTFS /bin/sh -c "haveged -w 1024; pacman-key --init; pkill haveged; pacman-key --populate $ARCH_KEYRING"
+arch-chroot $ROOTFS /bin/sh -c "ln -sf /usr/share/zoneinfo/UTC /etc/localtime"
+arch-chroot $ROOTFS /bin/sh -c "for pkg in $PKGREMOVE; do if pacman -Qi \$pkg > /dev/null 2>&1; then pacman -Rs --noconfirm \$pkg; fi; done"
 echo 'en_US.UTF-8 UTF-8' > $ROOTFS/etc/locale.gen
 arch-chroot $ROOTFS locale-gen
-arch-chroot $ROOTFS /bin/sh -c 'echo $PACMAN_MIRRORLIST > /etc/pacman.d/mirrorlist'
 
 # udev doesn't work in containers, rebuild /dev
 DEV=$ROOTFS/dev
diff --git a/contrib/mkimage-crux.sh b/contrib/mkimage-crux.sh
index 3f0bdcae3c564..cb4fc23b0c261 100755
--- a/contrib/mkimage-crux.sh
+++ b/contrib/mkimage-crux.sh
@@ -5,9 +5,9 @@
 
 set -e
 
-die () {
-    echo >&2 "$@"
-    exit 1
+die() {
+	echo >&2 "$@"
+	exit 1
 }
 
 [ "$#" -eq 1 ] || die "1 argument(s) required, $# provided. Usage: ./mkimage-crux.sh /path/to/iso"
@@ -33,15 +33,15 @@ export PATH="$TMP/usr/bin:$PATH"
 mkdir -p $ROOTFS/var/lib/pkg
 touch $ROOTFS/var/lib/pkg/db
 for pkg in $CRUX/crux/core/*; do
-    pkgadd -r $ROOTFS $pkg
+	pkgadd -r $ROOTFS $pkg
 done
 
 # Remove agetty and inittab config
 if (grep agetty ${ROOTFS}/etc/inittab 2>&1 > /dev/null); then
-    echo "Removing agetty from /etc/inittab ..."
-    chroot ${ROOTFS} sed -i -e "/agetty/d" /etc/inittab
-    chroot ${ROOTFS} sed -i -e "/shutdown/d" /etc/inittab
-    chroot ${ROOTFS} sed -i -e "/^$/N;/^\n$/d" /etc/inittab
+	echo "Removing agetty from /etc/inittab ..."
+	chroot ${ROOTFS} sed -i -e "/agetty/d" /etc/inittab
+	chroot ${ROOTFS} sed -i -e "/shutdown/d" /etc/inittab
+	chroot ${ROOTFS} sed -i -e "/^$/N;/^\n$/d" /etc/inittab
 fi
 
 # Remove kernel source
diff --git a/contrib/mkimage-yum.sh b/contrib/mkimage-yum.sh
index 901280451b211..f36c82fbfe348 100755
--- a/contrib/mkimage-yum.sh
+++ b/contrib/mkimage-yum.sh
@@ -3,23 +3,24 @@
 # Create a base CentOS Docker image.
 #
 # This script is useful on systems with yum installed (e.g., building
-# a CentOS image on CentOS).  See contrib/mkimage-rinse.sh for a way
-# to build CentOS images on other systems.
+# a CentOS image on CentOS).
 
 set -e
 
 usage() {
-    cat <<EOOPTS
+	cat << EOOPTS
 $(basename $0) [OPTIONS] <name>
 OPTIONS:
   -p "<packages>"  The list of packages to install in the container.
-                   The default is blank.
+                   The default is blank. Can use multiple times.
   -g "<groups>"    The groups of packages to install in the container.
-                   The default is "Core".
+                   The default is "Core". Can use multiple times.
   -y <yumconf>     The path to the yum config to install packages from. The
                    default is /etc/yum.conf for Centos/RHEL and /etc/dnf/dnf.conf for Fedora
+  -t <tag>         Specify Tag information.
+                   default is reffered at /etc/{redhat,system}-release
 EOOPTS
-    exit 1
+	exit 1
 }
 
 # option defaults
@@ -28,32 +29,43 @@ if [ -f /etc/dnf/dnf.conf ] && command -v dnf &> /dev/null; then
 	yum_config=/etc/dnf/dnf.conf
 	alias yum=dnf
 fi
-install_groups="Core"
-while getopts ":y:p:g:h" opt; do
-    case $opt in
-        y)
-            yum_config=$OPTARG
-            ;;
-        h)
-            usage
-            ;;
-        p)
-            install_packages="$OPTARG"
-            ;;
-        g)
-            install_groups="$OPTARG"
-            ;;
-        \?)
-            echo "Invalid option: -$OPTARG"
-            usage
-            ;;
-    esac
+# for names with spaces, use double quotes (") as install_groups=('Core' '"Compute Node"')
+install_groups=()
+install_packages=()
+version=
+while getopts ":y:p:g:t:h" opt; do
+	case $opt in
+		y)
+			yum_config=$OPTARG
+			;;
+		h)
+			usage
+			;;
+		p)
+			install_packages+=("$OPTARG")
+			;;
+		g)
+			install_groups+=("$OPTARG")
+			;;
+		t)
+			version="$OPTARG"
+			;;
+		\?)
+			echo "Invalid option: -$OPTARG"
+			usage
+			;;
+	esac
 done
 shift $((OPTIND - 1))
 name=$1
 
 if [[ -z $name ]]; then
-    usage
+	usage
+fi
+
+# default to Core group if not specified otherwise
+if [ ${#install_groups[*]} -eq 0 ]; then
+	install_groups=('Core')
 fi
 
 target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)
@@ -78,21 +90,19 @@ if [ -d /etc/yum/vars ]; then
 	cp -a /etc/yum/vars "$target"/etc/yum/
 fi
 
-if [[ -n "$install_groups" ]];
-then
-    yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
-        --setopt=group_package_types=mandatory -y groupinstall "$install_groups"
+if [[ -n "$install_groups" ]]; then
+	yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
+		--setopt=group_package_types=mandatory -y groupinstall "${install_groups[@]}"
 fi
 
-if [[ -n "$install_packages" ]];
-then
-    yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
-        --setopt=group_package_types=mandatory -y install "$install_packages"
+if [[ -n "$install_packages" ]]; then
+	yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
+		--setopt=group_package_types=mandatory -y install "${install_packages[@]}"
 fi
 
 yum -c "$yum_config" --installroot="$target" -y clean all
 
-cat > "$target"/etc/sysconfig/network <<EOF
+cat > "$target"/etc/sysconfig/network << EOF
 NETWORKING=yes
 HOSTNAME=localhost.localdomain
 EOF
@@ -115,18 +125,18 @@ rm -rf "$target"/sbin/sln
 rm -rf "$target"/etc/ld.so.cache "$target"/var/cache/ldconfig
 mkdir -p --mode=0755 "$target"/var/cache/ldconfig
 
-version=
-for file in "$target"/etc/{redhat,system}-release
-do
-    if [ -r "$file" ]; then
-        version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$file")"
-        break
-    fi
-done
+if [ -z "$version" ]; then
+	for file in "$target"/etc/{redhat,system}-release; do
+		if [ -r "$file" ]; then
+			version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$file")"
+			break
+		fi
+	done
+fi
 
 if [ -z "$version" ]; then
-    echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
-    version=$name
+	echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
+	version=$name
 fi
 
 tar --numeric-owner -c -C "$target" . | docker import - $name:$version
diff --git a/contrib/mkimage.sh b/contrib/mkimage.sh
deleted file mode 100755
index ae05d139c3043..0000000000000
--- a/contrib/mkimage.sh
+++ /dev/null
@@ -1,120 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-mkimg="$(basename "$0")"
-
-usage() {
-	echo >&2 "usage: $mkimg [-d dir] [-t tag] [--compression algo| --no-compression] script [script-args]"
-	echo >&2 "   ie: $mkimg -t someuser/debian debootstrap --variant=minbase jessie"
-	echo >&2 "       $mkimg -t someuser/ubuntu debootstrap --include=ubuntu-minimal --components=main,universe trusty"
-	echo >&2 "       $mkimg -t someuser/busybox busybox-static"
-	echo >&2 "       $mkimg -t someuser/centos:5 rinse --distribution centos-5"
-	echo >&2 "       $mkimg -t someuser/mageia:4 mageia-urpmi --version=4"
-	echo >&2 "       $mkimg -t someuser/mageia:4 mageia-urpmi --version=4 --mirror=http://somemirror/"
-	exit 1
-}
-
-scriptDir="$(dirname "$(readlink -f "$BASH_SOURCE")")/mkimage"
-
-os=
-os=$(uname -o)
-
-optTemp=$(getopt --options '+d:t:c:hC' --longoptions 'dir:,tag:,compression:,no-compression,help' --name "$mkimg" -- "$@")
-eval set -- "$optTemp"
-unset optTemp
-
-dir=
-tag=
-compression="auto"
-while true; do
-	case "$1" in
-		-d|--dir) dir="$2" ; shift 2 ;;
-		-t|--tag) tag="$2" ; shift 2 ;;
-		--compression)    compression="$2"   ; shift 2 ;;
-		--no-compression) compression="none" ; shift 1 ;;
-		-h|--help) usage ;;
-		--) shift ; break ;;
-	esac
-done
-
-script="$1"
-[ "$script" ] || usage
-shift
-
-if [ "$compression" == 'auto' ] || [ -z "$compression" ]
-then
-    compression='xz'
-fi
-
-[ "$compression" == 'none' ] && compression=''
-
-if [ ! -x "$scriptDir/$script" ]; then
-	echo >&2 "error: $script does not exist or is not executable"
-	echo >&2 "  see $scriptDir for possible scripts"
-	exit 1
-fi
-
-# don't mistake common scripts like .febootstrap-minimize as image-creators
-if [[ "$script" == .* ]]; then
-	echo >&2 "error: $script is a script helper, not a script"
-	echo >&2 "  see $scriptDir for possible scripts"
-	exit 1
-fi
-
-delDir=
-if [ -z "$dir" ]; then
-	dir="$(mktemp -d ${TMPDIR:-/var/tmp}/docker-mkimage.XXXXXXXXXX)"
-	delDir=1
-fi
-
-rootfsDir="$dir/rootfs"
-( set -x; mkdir -p "$rootfsDir" )
-
-# pass all remaining arguments to $script
-"$scriptDir/$script" "$rootfsDir" "$@"
-
-# Docker mounts tmpfs at /dev and procfs at /proc so we can remove them
-rm -rf "$rootfsDir/dev" "$rootfsDir/proc"
-mkdir -p "$rootfsDir/dev" "$rootfsDir/proc"
-
-# make sure /etc/resolv.conf has something useful in it
-mkdir -p "$rootfsDir/etc"
-cat > "$rootfsDir/etc/resolv.conf" <<'EOF'
-nameserver 8.8.8.8
-nameserver 8.8.4.4
-EOF
-
-tarFile="$dir/rootfs.tar${compression:+.$compression}"
-touch "$tarFile"
-
-(
-	set -x
-	tar --numeric-owner --create --auto-compress --file "$tarFile" --directory "$rootfsDir" --transform='s,^./,,' .
-)
-
-echo >&2 "+ cat > '$dir/Dockerfile'"
-cat > "$dir/Dockerfile" <<EOF
-FROM scratch
-ADD $(basename "$tarFile") /
-EOF
-
-# if our generated image has a decent shell, let's set a default command
-for shell in /bin/bash /usr/bin/fish /usr/bin/zsh /bin/sh; do
-	if [ -x "$rootfsDir/$shell" ]; then
-		( set -x; echo 'CMD ["'"$shell"'"]' >> "$dir/Dockerfile" )
-		break
-	fi
-done
-
-( set -x; rm -rf "$rootfsDir" )
-
-if [ "$tag" ]; then
-	( set -x; docker build -t "$tag" "$dir" )
-elif [ "$delDir" ]; then
-	# if we didn't specify a tag and we're going to delete our dir, let's just build an untagged image so that we did _something_
-	( set -x; docker build "$dir" )
-fi
-
-if [ "$delDir" ]; then
-	( set -x; rm -rf "$dir" )
-fi
diff --git a/contrib/mkimage/.febootstrap-minimize b/contrib/mkimage/.febootstrap-minimize
deleted file mode 100755
index 7749e63fb0828..0000000000000
--- a/contrib/mkimage/.febootstrap-minimize
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-rootfsDir="$1"
-shift
-
-(
-	cd "$rootfsDir"
-
-	# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
-	#  locales
-	rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
-	#  docs and man pages
-	rm -rf usr/share/{man,doc,info,gnome/help}
-	#  cracklib
-	rm -rf usr/share/cracklib
-	#  i18n
-	rm -rf usr/share/i18n
-	#  yum cache
-	rm -rf var/cache/yum
-	mkdir -p --mode=0755 var/cache/yum
-	#  sln
-	rm -rf sbin/sln
-	#  ldconfig
-	#rm -rf sbin/ldconfig
-	rm -rf etc/ld.so.cache var/cache/ldconfig
-	mkdir -p --mode=0755 var/cache/ldconfig
-)
diff --git a/contrib/mkimage/busybox-static b/contrib/mkimage/busybox-static
deleted file mode 100755
index e15322b49dba4..0000000000000
--- a/contrib/mkimage/busybox-static
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-rootfsDir="$1"
-shift
-
-busybox="$(which busybox 2>/dev/null || true)"
-if [ -z "$busybox" ]; then
-	echo >&2 'error: busybox: not found'
-	echo >&2 '  install it with your distribution "busybox-static" package'
-	exit 1
-fi
-if ! ldd "$busybox" 2>&1 | grep -q 'not a dynamic executable'; then
-	echo >&2 "error: '$busybox' appears to be a dynamic executable"
-	echo >&2 '  you should install your distribution "busybox-static" package instead'
-	exit 1
-fi
-
-mkdir -p "$rootfsDir/bin"
-rm -f "$rootfsDir/bin/busybox" # just in case
-cp "$busybox" "$rootfsDir/bin/busybox"
-
-(
-	cd "$rootfsDir"
-
-	IFS=$'\n'
-	modules=( $(bin/busybox --list-modules) )
-	unset IFS
-
-	for module in "${modules[@]}"; do
-		mkdir -p "$(dirname "$module")"
-		ln -sf /bin/busybox "$module"
-	done
-)
diff --git a/contrib/mkimage/debootstrap b/contrib/mkimage/debootstrap
deleted file mode 100755
index 9f7d8987ad2a0..0000000000000
--- a/contrib/mkimage/debootstrap
+++ /dev/null
@@ -1,251 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-mkimgdeb="$(basename "$0")"
-mkimg="$(dirname "$0").sh"
-
-usage() {
-	echo >&2 "usage: $mkimgdeb rootfsDir suite [debootstrap-args]"
-	echo >&2 " note: $mkimgdeb meant to be used from $mkimg"
-	exit 1
-}
-
-rootfsDir="$1"
-if [ -z "$rootfsDir" ]; then
-	echo >&2 "error: rootfsDir is missing"
-	echo >&2
-	usage
-fi
-shift
-
-# we have to do a little fancy footwork to make sure "rootfsDir" becomes the second non-option argument to debootstrap
-
-before=()
-while [ $# -gt 0 ] && [[ "$1" == -* ]]; do
-	before+=( "$1" )
-	shift
-done
-
-suite="$1"
-if [ -z "$suite" ]; then
-	echo >&2 "error: suite is missing"
-	echo >&2
-	usage
-fi
-shift
-
-# get path to "chroot" in our current PATH
-chrootPath="$(type -P chroot || :)"
-if [ -z "$chrootPath" ]; then
-	echo >&2 "error: chroot not found. Are you root?"
-	echo >&2
-	usage
-fi
-
-rootfs_chroot() {
-	# "chroot" doesn't set PATH, so we need to set it explicitly to something our new debootstrap chroot can use appropriately!
-
-	# set PATH and chroot away!
-	PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
-		"$chrootPath" "$rootfsDir" "$@"
-}
-
-# allow for DEBOOTSTRAP=qemu-debootstrap ./mkimage.sh ...
-: ${DEBOOTSTRAP:=debootstrap}
-
-(
-	set -x
-	$DEBOOTSTRAP "${before[@]}" "$suite" "$rootfsDir" "$@"
-)
-
-# now for some Docker-specific tweaks
-
-# prevent init scripts from running during install/update
-echo >&2 "+ echo exit 101 > '$rootfsDir/usr/sbin/policy-rc.d'"
-cat > "$rootfsDir/usr/sbin/policy-rc.d" <<-'EOF'
-	#!/bin/sh
-
-	# For most Docker users, "apt-get install" only happens during "docker build",
-	# where starting services doesn't work and often fails in humorous ways. This
-	# prevents those failures by stopping the services from attempting to start.
-
-	exit 101
-EOF
-chmod +x "$rootfsDir/usr/sbin/policy-rc.d"
-
-# prevent upstart scripts from running during install/update
-(
-	set -x
-	rootfs_chroot dpkg-divert --local --rename --add /sbin/initctl
-	cp -a "$rootfsDir/usr/sbin/policy-rc.d" "$rootfsDir/sbin/initctl"
-	sed -i 's/^exit.*/exit 0/' "$rootfsDir/sbin/initctl"
-)
-
-# shrink a little, since apt makes us cache-fat (wheezy: ~157.5MB vs ~120MB)
-( set -x; rootfs_chroot apt-get clean )
-
-# this file is one APT creates to make sure we don't "autoremove" our currently
-# in-use kernel, which doesn't really apply to debootstraps/Docker images that
-# don't even have kernels installed
-rm -f "$rootfsDir/etc/apt/apt.conf.d/01autoremove-kernels"
-
-# Ubuntu 10.04 sucks... :)
-if strings "$rootfsDir/usr/bin/dpkg" | grep -q unsafe-io; then
-	# force dpkg not to call sync() after package extraction (speeding up installs)
-	echo >&2 "+ echo force-unsafe-io > '$rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup'"
-	cat > "$rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" <<-'EOF'
-		# For most Docker users, package installs happen during "docker build", which
-		# doesn't survive power loss and gets restarted clean afterwards anyhow, so
-		# this minor tweak gives us a nice speedup (much nicer on spinning disks,
-		# obviously).
-
-		force-unsafe-io
-	EOF
-fi
-
-if [ -d "$rootfsDir/etc/apt/apt.conf.d" ]; then
-	# _keep_ us lean by effectively running "apt-get clean" after every install
-	aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
-	echo >&2 "+ cat > '$rootfsDir/etc/apt/apt.conf.d/docker-clean'"
-	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-clean" <<-EOF
-		# Since for most Docker users, package installs happen in "docker build" steps,
-		# they essentially become individual layers due to the way Docker handles
-		# layering, especially using CoW filesystems.  What this means for us is that
-		# the caches that APT keeps end up just wasting space in those layers, making
-		# our layers unnecessarily large (especially since we'll normally never use
-		# these caches again and will instead just "docker build" again and make a brand
-		# new image).
-
-		# Ideally, these would just be invoking "apt-get clean", but in our testing,
-		# that ended up being cyclic and we got stuck on APT's lock, so we get this fun
-		# creation that's essentially just "apt-get clean".
-		DPkg::Post-Invoke { ${aptGetClean} };
-		APT::Update::Post-Invoke { ${aptGetClean} };
-
-		Dir::Cache::pkgcache "";
-		Dir::Cache::srcpkgcache "";
-
-		# Note that we do realize this isn't the ideal way to do this, and are always
-		# open to better suggestions (https://github.com/docker/docker/issues).
-	EOF
-
-	# remove apt-cache translations for fast "apt-get update"
-	echo >&2 "+ echo Acquire::Languages 'none' > '$rootfsDir/etc/apt/apt.conf.d/docker-no-languages'"
-	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-no-languages" <<-'EOF'
-		# In Docker, we don't often need the "Translations" files, so we're just wasting
-		# time and space by downloading them, and this inhibits that.  For users that do
-		# need them, it's a simple matter to delete this file and "apt-get update". :)
-
-		Acquire::Languages "none";
-	EOF
-
-	echo >&2 "+ echo Acquire::GzipIndexes 'true' > '$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes'"
-	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes" <<-'EOF'
-		# Since Docker users using "RUN apt-get update && apt-get install -y ..." in
-		# their Dockerfiles don't go delete the lists files afterwards, we want them to
-		# be as small as possible on-disk, so we explicitly request "gz" versions and
-		# tell Apt to keep them gzipped on-disk.
-
-		# For comparison, an "apt-get update" layer without this on a pristine
-		# "debian:wheezy" base image was "29.88 MB", where with this it was only
-		# "8.273 MB".
-
-		Acquire::GzipIndexes "true";
-		Acquire::CompressionTypes::Order:: "gz";
-	EOF
-
-	# update "autoremove" configuration to be aggressive about removing suggests deps that weren't manually installed
-	echo >&2 "+ echo Apt::AutoRemove::SuggestsImportant 'false' > '$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests'"
-	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests" <<-'EOF'
-		# Since Docker users are looking for the smallest possible final images, the
-		# following emerges as a very common pattern:
-
-		#   RUN apt-get update \
-		#       && apt-get install -y <packages> \
-		#       && <do some compilation work> \
-		#       && apt-get purge -y --auto-remove <packages>
-
-		# By default, APT will actually _keep_ packages installed via Recommends or
-		# Depends if another package Suggests them, even and including if the package
-		# that originally caused them to be installed is removed.  Setting this to
-		# "false" ensures that APT is appropriately aggressive about removing the
-		# packages it added.
-
-		# https://aptitude.alioth.debian.org/doc/en/ch02s05s05.html#configApt-AutoRemove-SuggestsImportant
-		Apt::AutoRemove::SuggestsImportant "false";
-	EOF
-fi
-
-if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then
-	# tweak sources.list, where appropriate
-	lsbDist=
-	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/os-release" ]; then
-		lsbDist="$(. "$rootfsDir/etc/os-release" && echo "$ID")"
-	fi
-	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/lsb-release" ]; then
-		lsbDist="$(. "$rootfsDir/etc/lsb-release" && echo "$DISTRIB_ID")"
-	fi
-	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/debian_version" ]; then
-		lsbDist='Debian'
-	fi
-	# normalize to lowercase for easier matching
-	lsbDist="$(echo "$lsbDist" | tr '[:upper:]' '[:lower:]')"
-	case "$lsbDist" in
-		debian)
-			# updates and security!
-			if curl -o /dev/null -s --head --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then
-				(
-					set -x
-					sed -i "
-						p;
-						s/ $suite / ${suite}-updates /
-					" "$rootfsDir/etc/apt/sources.list"
-					echo "deb http://security.debian.org $suite/updates main" >> "$rootfsDir/etc/apt/sources.list"
-				)
-			fi
-			;;
-		ubuntu)
-			# add the updates and security repositories
-			(
-				set -x
-				sed -i "
-					p;
-					s/ $suite / ${suite}-updates /; p;
-					s/ $suite-updates / ${suite}-security /
-				" "$rootfsDir/etc/apt/sources.list"
-			)
-			;;
-		tanglu)
-			# add the updates repository
-			if [ "$suite" != 'devel' ]; then
-				(
-					set -x
-					sed -i "
-						p;
-						s/ $suite / ${suite}-updates /
-					" "$rootfsDir/etc/apt/sources.list"
-				)
-			fi
-			;;
-		steamos)
-			# add contrib and non-free if "main" is the only component
-			(
-				set -x
-				sed -i "s/ $suite main$/ $suite main contrib non-free/" "$rootfsDir/etc/apt/sources.list"
-			)
-			;;
-	esac
-fi
-
-(
-	set -x
-
-	# make sure we're fully up-to-date
-	rootfs_chroot sh -xc 'apt-get update && apt-get dist-upgrade -y'
-
-	# delete all the apt list files since they're big and get stale quickly
-	rm -rf "$rootfsDir/var/lib/apt/lists"/*
-	# this forces "apt-get update" in dependent images, which is also good
-
-	mkdir "$rootfsDir/var/lib/apt/lists/partial" # Lucid... "E: Lists directory /var/lib/apt/lists/partial is missing."
-)
diff --git a/contrib/mkimage/mageia-urpmi b/contrib/mkimage/mageia-urpmi
deleted file mode 100755
index 93fb289cac394..0000000000000
--- a/contrib/mkimage/mageia-urpmi
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-#
-# Needs to be run from Mageia 4 or greater for kernel support for docker.
-#
-# Mageia 4 does not have docker available in official repos, so please
-# install and run the docker binary manually.
-#
-# Tested working versions are for Mageia 2 onwards (inc. cauldron).
-#
-set -e
-
-rootfsDir="$1"
-shift
-
-optTemp=$(getopt --options '+v:,m:' --longoptions 'version:,mirror:' --name mageia-urpmi -- "$@")
-eval set -- "$optTemp"
-unset optTemp
-
-installversion=
-mirror=
-while true; do
-	case "$1" in
-		-v|--version) installversion="$2" ; shift 2 ;;
-		-m|--mirror) mirror="$2" ; shift 2 ;;
-		--) shift ; break ;;
-	esac
-done
-
-if [ -z $installversion ]; then
-	# Attempt to match host version
-	if [ -r /etc/mageia-release ]; then
-		installversion="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' /etc/mageia-release)"
-	else
-		echo "Error: no version supplied and unable to detect host mageia version"
-		exit 1
-	fi
-fi
-
-if [ -z $mirror ]; then
-	# No mirror provided, default to mirrorlist
-	mirror="--mirrorlist https://mirrors.mageia.org/api/mageia.$installversion.x86_64.list"
-fi
-
-(
-	set -x
-	urpmi.addmedia --distrib \
-		$mirror \
-		--urpmi-root "$rootfsDir"
-	urpmi basesystem-minimal urpmi \
-		--auto \
-		--no-suggests \
-		--urpmi-root "$rootfsDir" \
-		--root "$rootfsDir"
-)
-
-"$(dirname "$BASH_SOURCE")/.febootstrap-minimize" "$rootfsDir"
-
-if [ -d "$rootfsDir/etc/sysconfig" ]; then
-	# allow networking init scripts inside the container to work without extra steps
-	echo 'NETWORKING=yes' > "$rootfsDir/etc/sysconfig/network"
-fi
diff --git a/contrib/mkimage/rinse b/contrib/mkimage/rinse
deleted file mode 100755
index 75eb4f0d9dfdc..0000000000000
--- a/contrib/mkimage/rinse
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-rootfsDir="$1"
-shift
-
-# specifying --arch below is safe because "$@" can override it and the "latest" one wins :)
-
-(
-	set -x
-	rinse --directory "$rootfsDir" --arch amd64 "$@"
-)
-
-"$(dirname "$BASH_SOURCE")/.febootstrap-minimize" "$rootfsDir"
-
-if [ -d "$rootfsDir/etc/sysconfig" ]; then
-	# allow networking init scripts inside the container to work without extra steps
-	echo 'NETWORKING=yes' > "$rootfsDir/etc/sysconfig/network"
-fi
-
-# make sure we're fully up-to-date, too
-(
-	set -x
-	chroot "$rootfsDir" yum update -y
-)
diff --git a/contrib/nnp-test/Dockerfile b/contrib/nnp-test/Dockerfile
index 026d86954f6e0..833c5c76c25e5 100644
--- a/contrib/nnp-test/Dockerfile
+++ b/contrib/nnp-test/Dockerfile
@@ -1,4 +1,5 @@
-FROM buildpack-deps:jessie
+FROM debian:bullseye-slim
+RUN apt-get update && apt-get install -y gcc libc6-dev --no-install-recommends
 
 COPY . /usr/src/
 
diff --git a/contrib/nuke-graph-directory.sh b/contrib/nuke-graph-directory.sh
index 3d2f49e869315..c0f807cd71ca2 100755
--- a/contrib/nuke-graph-directory.sh
+++ b/contrib/nuke-graph-directory.sh
@@ -31,7 +31,10 @@ echo "Nuking $dir ..."
 echo '  (if this is wrong, press Ctrl+C NOW!)'
 echo
 
-( set -x; sleep 10 )
+(
+	set -x
+	sleep 10
+)
 echo
 
 dir_in_dir() {
@@ -45,7 +48,10 @@ dir_in_dir() {
 for mount in $(awk '{ print $5 }' /proc/self/mountinfo); do
 	mount="$(readlink -f "$mount" || true)"
 	if [ "$dir" != "$mount" ] && dir_in_dir "$mount" "$dir"; then
-		( set -x; umount -f "$mount" )
+		(
+			set -x
+			umount -f "$mount"
+		)
 	fi
 done
 
@@ -54,11 +60,18 @@ if command -v btrfs > /dev/null 2>&1; then
 	# Find btrfs subvolumes under $dir checking for inode 256
 	# Source: http://stackoverflow.com/a/32865333
 	for subvol in $(find "$dir" -type d -inum 256 | sort -r); do
-		if [ "$dir" != "$subvol" ]; then
-			( set -x; btrfs subvolume delete "$subvol" )
+		if [ "$dir" != "$subvol" ] && subvolType="$(stat -f --format=%T "$subvol")" && [ "$subvolType" = "btrfs" ]; then
+			(
+				set -x
+				btrfs subvolume delete "$subvol"
+			)
 		fi
 	done
 fi
 
 # finally, DESTROY ALL THINGS
-( shopt -s dotglob; set -x; rm -rf "$dir"/* )
+(
+	shopt -s dotglob
+	set -x
+	rm -rf "$dir"/*
+)
diff --git a/contrib/report-issue.sh b/contrib/report-issue.sh
deleted file mode 100755
index cb54f1a5bc005..0000000000000
--- a/contrib/report-issue.sh
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/bin/sh
-
-# This is a convenience script for reporting issues that include a base
-# template of information. See https://github.com/docker/docker/pull/8845
-
-set -e
-
-DOCKER_ISSUE_URL=${DOCKER_ISSUE_URL:-"https://github.com/docker/docker/issues/new"}
-DOCKER_ISSUE_NAME_PREFIX=${DOCKER_ISSUE_NAME_PREFIX:-"Report: "}
-DOCKER=${DOCKER:-"docker"}
-DOCKER_COMMAND="${DOCKER}"
-export DOCKER_COMMAND
-
-# pulled from https://gist.github.com/cdown/1163649
-function urlencode() {
-	# urlencode <string>
-
-	local length="${#1}"
-	for (( i = 0; i < length; i++ )); do
-			local c="${1:i:1}"
-			case $c in
-					[a-zA-Z0-9.~_-]) printf "$c" ;;
-					*) printf '%%%02X' "'$c"
-			esac
-	done
-}
-
-function template() {
-# this should always match the template from CONTRIBUTING.md
-	cat <<- EOM
-	Description of problem:
-
-
-	\`docker version\`:
-	`${DOCKER_COMMAND} -D version`
-
-
-	\`docker info\`:
-	`${DOCKER_COMMAND} -D info`
-
-
-	\`uname -a\`:
-	`uname -a`
-
-
-	Environment details (AWS, VirtualBox, physical, etc.):
-
-
-	How reproducible:
-
-
-	Steps to Reproduce:
-	1.
-	2.
-	3.
-
-
-	Actual Results:
-
-
-	Expected Results:
-
-
-	Additional info:
-
-
-	EOM
-}
-
-function format_issue_url() {
-	if [ ${#@} -ne 2 ] ; then
-		return 1
-	fi
-	local issue_name=$(urlencode "${DOCKER_ISSUE_NAME_PREFIX}${1}")
-	local issue_body=$(urlencode "${2}")
-	echo "${DOCKER_ISSUE_URL}?title=${issue_name}&body=${issue_body}"
-}
-
-
-echo -ne "Do you use \`sudo\` to call docker? [y|N]: "
-read -r -n 1 use_sudo
-echo ""
-
-if [ "x${use_sudo}" = "xy" -o "x${use_sudo}" = "xY" ]; then
-	export DOCKER_COMMAND="sudo ${DOCKER}"
-fi
-
-echo -ne "Title of new issue?: "
-read -r issue_title
-echo ""
-
-issue_url=$(format_issue_url "${issue_title}" "$(template)")
-
-if which xdg-open 2>/dev/null >/dev/null ; then
-	echo -ne "Would like to launch this report in your browser? [Y|n]: "
-	read -r -n 1 launch_now
-	echo ""
-
-	if [ "${launch_now}" != "n" -a "${launch_now}" != "N" ]; then
-		xdg-open "${issue_url}"
-	fi
-fi
-
-echo "If you would like to manually open the url, you can open this link if your browser: ${issue_url}"
-
diff --git a/contrib/syntax/vim/LICENSE b/contrib/syntax/vim/LICENSE
deleted file mode 100644
index e67cdabd22e5f..0000000000000
--- a/contrib/syntax/vim/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-Copyright (c) 2013 Honza Pokorny
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/contrib/syntax/vim/README.md b/contrib/syntax/vim/README.md
index b73a30bea328a..684d11f47ae6d 100644
--- a/contrib/syntax/vim/README.md
+++ b/contrib/syntax/vim/README.md
@@ -3,28 +3,9 @@ dockerfile.vim
 
 Syntax highlighting for Dockerfiles
 
-Installation
-------------
-With [pathogen](https://github.com/tpope/vim-pathogen), the usual way...
+-------------------------------------------------------------------------------
 
-With [Vundle](https://github.com/gmarik/Vundle.vim)
-  
-    Plugin 'docker/docker' , {'rtp': '/contrib/syntax/vim/'}
+dockerfile.vim has been merged into upstream vim, and has therefore been deleted
+from here.  You can find the canonical version [here][1].
 
-With [vim-plug](https://github.com/junegunn/vim-plug)
-  
-    Plug 'docker/docker' , {'rtp': '/contrib/syntax/vim/'}   
-
-Features
---------
-
-The syntax highlighting includes:
-
-* The directives (e.g. `FROM`)
-* Strings
-* Comments
-
-License
--------
-
-BSD, short and sweet
+[1]: https://github.com/vim/vim/blob/master/runtime/syntax/dockerfile.vim
diff --git a/contrib/syntax/vim/doc/dockerfile.txt b/contrib/syntax/vim/doc/dockerfile.txt
deleted file mode 100644
index e69e2b7b30fca..0000000000000
--- a/contrib/syntax/vim/doc/dockerfile.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-*dockerfile.txt*  Syntax highlighting for Dockerfiles
-
-Author: Honza Pokorny <https://honza.ca>
-License: BSD
-
-INSTALLATION                                                     *installation*
-
-Drop it on your Pathogen path and you're all set.
-
-FEATURES                                                             *features*
-
-The syntax highlighting includes:
-
-* The directives (e.g. FROM)
-* Strings
-* Comments
-
- vim:tw=78:et:ft=help:norl:
diff --git a/contrib/syntax/vim/ftdetect/dockerfile.vim b/contrib/syntax/vim/ftdetect/dockerfile.vim
deleted file mode 100644
index a21dd14095ccf..0000000000000
--- a/contrib/syntax/vim/ftdetect/dockerfile.vim
+++ /dev/null
@@ -1 +0,0 @@
-au BufNewFile,BufRead [Dd]ockerfile,[Dd]ockerfile.*,*.[Dd]ockerfile set filetype=dockerfile
diff --git a/contrib/syntax/vim/syntax/dockerfile.vim b/contrib/syntax/vim/syntax/dockerfile.vim
deleted file mode 100644
index a067e6ad4c510..0000000000000
--- a/contrib/syntax/vim/syntax/dockerfile.vim
+++ /dev/null
@@ -1,31 +0,0 @@
-" dockerfile.vim - Syntax highlighting for Dockerfiles
-" Maintainer:   Honza Pokorny <https://honza.ca>
-" Version:      0.5
-
-
-if exists("b:current_syntax")
-    finish
-endif
-
-let b:current_syntax = "dockerfile"
-
-syntax case ignore
-
-syntax match dockerfileKeyword /\v^\s*(ONBUILD\s+)?(ADD|ARG|CMD|COPY|ENTRYPOINT|ENV|EXPOSE|FROM|HEALTHCHECK|LABEL|MAINTAINER|RUN|SHELL|STOPSIGNAL|USER|VOLUME|WORKDIR)\s/
-highlight link dockerfileKeyword Keyword
-
-syntax region dockerfileString start=/\v"/ skip=/\v\\./ end=/\v"/
-highlight link dockerfileString String
-
-syntax match dockerfileComment "\v^\s*#.*$"
-highlight link dockerfileComment Comment
-
-set commentstring=#\ %s
-
-" match "RUN", "CMD", and "ENTRYPOINT" lines, and parse them as shell
-let s:current_syntax = b:current_syntax
-unlet b:current_syntax
-syntax include @SH syntax/sh.vim
-let b:current_syntax = s:current_syntax
-syntax region shLine matchgroup=dockerfileKeyword start=/\v^\s*(RUN|CMD|ENTRYPOINT)\s/ end=/\v$/ contains=@SH
-" since @SH will handle "\" as part of the same line automatically, this "just works" for line continuation too, but with the caveat that it will highlight "RUN echo '" followed by a newline as if it were a block because the "'" is shell line continuation...  not sure how to fix that just yet (TODO)
diff --git a/contrib/syscall-test/Dockerfile b/contrib/syscall-test/Dockerfile
index f95f1758c0b24..8281a06776caa 100644
--- a/contrib/syscall-test/Dockerfile
+++ b/contrib/syscall-test/Dockerfile
@@ -1,4 +1,5 @@
-FROM buildpack-deps:jessie
+FROM debian:bullseye-slim
+RUN apt-get update && apt-get install -y gcc libc6-dev --no-install-recommends
 
 COPY . /usr/src/
 
diff --git a/contrib/vagrant-docker/README.md b/contrib/vagrant-docker/README.md
deleted file mode 100644
index 736c7899984c5..0000000000000
--- a/contrib/vagrant-docker/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# Vagrant integration
-
-Currently there are at least 4 different projects that we are aware of that deals
-with integration with [Vagrant](http://vagrantup.com/) at different levels. One
-approach is to use Docker as a [provisioner](http://docs.vagrantup.com/v2/provisioning/index.html)
-which means you can create containers and pull base images on VMs using Docker's
-CLI and the other is to use Docker as a [provider](http://docs.vagrantup.com/v2/providers/index.html),
-meaning you can use Vagrant to control Docker containers.
-
-
-### Provisioners
-
-* [Vocker](https://github.com/fgrehm/vocker)
-* [Ventriloquist](https://github.com/fgrehm/ventriloquist)
-
-### Providers
-
-* [docker-provider](https://github.com/fgrehm/docker-provider)
-* [vagrant-shell](https://github.com/destructuring/vagrant-shell)
-
-## Setting up Vagrant-docker with the Engine API
-
-The initial Docker upstart script will not work because it runs on `127.0.0.1`, which is not accessible to the host machine. Instead, we need to change the script to connect to `0.0.0.0`. To do this, modify `/etc/init/docker.conf` to look like this:
-
-```
-description     "Docker daemon"
-
-start on filesystem
-stop on runlevel [!2345]
-
-respawn
-
-script
-    /usr/bin/dockerd -H=tcp://0.0.0.0:2375
-end script
-```
-
-Once that's done, you need to set up an SSH tunnel between your host machine and the vagrant machine that's running Docker. This can be done by running the following command in a host terminal:
-
-```
-ssh -L 2375:localhost:2375 -p 2222 vagrant@localhost
-```
-
-(The first 2375 is what your host can connect to, the second 2375 is what port Docker is running on in the vagrant machine, and the 2222 is the port Vagrant is providing for SSH. If VirtualBox is the VM you're using, you can see what value "2222" should be by going to: Network > Adapter 1 > Advanced > Port Forwarding in the VirtualBox GUI.)
-
-Note that because the port has been changed, to run docker commands from within the command line you must run them like this:
-
-```
-sudo docker -H 0.0.0.0:2375 < commands for docker >
-```
diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
index 461f5c7f96b28..6376001613f7e 100644
--- a/daemon/apparmor_default.go
+++ b/daemon/apparmor_default.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -5,20 +6,29 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"fmt"
 
+	"github.com/containerd/containerd/pkg/apparmor"
 	aaprofile "github.com/docker/docker/profiles/apparmor"
-	"github.com/opencontainers/runc/libcontainer/apparmor"
 )
 
 // Define constants for native driver
 const (
-	defaultApparmorProfile = "docker-default"
+	unconfinedAppArmorProfile = "unconfined"
+	defaultAppArmorProfile    = "docker-default"
 )
 
+// DefaultApparmorProfile returns the name of the default apparmor profile
+func DefaultApparmorProfile() string {
+	if apparmor.HostSupports() {
+		return defaultAppArmorProfile
+	}
+	return ""
+}
+
 func ensureDefaultAppArmorProfile() error {
-	if apparmor.IsEnabled() {
-		loaded, err := aaprofile.IsLoaded(defaultApparmorProfile)
+	if apparmor.HostSupports() {
+		loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
 		if err != nil {
-			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultApparmorProfile, err)
+			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultAppArmorProfile, err)
 		}
 
 		// Nothing to do.
@@ -27,8 +37,8 @@ func ensureDefaultAppArmorProfile() error {
 		}
 
 		// Load the profile.
-		if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
-			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err)
+		if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
+			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
 		}
 	}
 
diff --git a/daemon/apparmor_default_unsupported.go b/daemon/apparmor_default_unsupported.go
index 51f9c526b3505..e3dc18b32b5ef 100644
--- a/daemon/apparmor_default_unsupported.go
+++ b/daemon/apparmor_default_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -5,3 +6,8 @@ package daemon // import "github.com/docker/docker/daemon"
 func ensureDefaultAppArmorProfile() error {
 	return nil
 }
+
+// DefaultApparmorProfile returns an empty string.
+func DefaultApparmorProfile() string {
+	return ""
+}
diff --git a/daemon/archive.go b/daemon/archive.go
index 9c7971b56ea3e..f443d12117e8c 100644
--- a/daemon/archive.go
+++ b/daemon/archive.go
@@ -31,34 +31,35 @@ type archiver interface {
 }
 
 // helper functions to extract or archive
-func extractArchive(i interface{}, src io.Reader, dst string, opts *archive.TarOptions) error {
+func extractArchive(i interface{}, src io.Reader, dst string, opts *archive.TarOptions, root string) error {
 	if ea, ok := i.(extractor); ok {
 		return ea.ExtractArchive(src, dst, opts)
 	}
-	return chrootarchive.Untar(src, dst, opts)
+
+	return chrootarchive.UntarWithRoot(src, dst, opts, root)
 }
 
-func archivePath(i interface{}, src string, opts *archive.TarOptions) (io.ReadCloser, error) {
+func archivePath(i interface{}, src string, opts *archive.TarOptions, root string) (io.ReadCloser, error) {
 	if ap, ok := i.(archiver); ok {
 		return ap.ArchivePath(src, opts)
 	}
-	return archive.TarWithOptions(src, opts)
+	return chrootarchive.Tar(src, opts, root)
 }
 
 // ContainerCopy performs a deprecated operation of archiving the resource at
 // the specified path in the container identified by the given name.
 func (daemon *Daemon) ContainerCopy(name string, res string) (io.ReadCloser, error) {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return nil, err
 	}
 
 	// Make sure an online file-system operation is permitted.
-	if err := daemon.isOnlineFSOperationPermitted(container); err != nil {
+	if err := daemon.isOnlineFSOperationPermitted(ctr); err != nil {
 		return nil, errdefs.System(err)
 	}
 
-	data, err := daemon.containerCopy(container, res)
+	data, err := daemon.containerCopy(ctr, res)
 	if err == nil {
 		return data, nil
 	}
@@ -72,17 +73,17 @@ func (daemon *Daemon) ContainerCopy(name string, res string) (io.ReadCloser, err
 // ContainerStatPath stats the filesystem resource at the specified path in the
 // container identified by the given name.
 func (daemon *Daemon) ContainerStatPath(name string, path string) (stat *types.ContainerPathStat, err error) {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return nil, err
 	}
 
 	// Make sure an online file-system operation is permitted.
-	if err := daemon.isOnlineFSOperationPermitted(container); err != nil {
+	if err := daemon.isOnlineFSOperationPermitted(ctr); err != nil {
 		return nil, errdefs.System(err)
 	}
 
-	stat, err = daemon.containerStatPath(container, path)
+	stat, err = daemon.containerStatPath(ctr, path)
 	if err == nil {
 		return stat, nil
 	}
@@ -97,17 +98,17 @@ func (daemon *Daemon) ContainerStatPath(name string, path string) (stat *types.C
 // specified path in the container identified by the given name. Returns a
 // tar archive of the resource and whether it was a directory or a single file.
 func (daemon *Daemon) ContainerArchivePath(name string, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error) {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return nil, nil, err
 	}
 
 	// Make sure an online file-system operation is permitted.
-	if err := daemon.isOnlineFSOperationPermitted(container); err != nil {
+	if err := daemon.isOnlineFSOperationPermitted(ctr); err != nil {
 		return nil, nil, errdefs.System(err)
 	}
 
-	content, stat, err = daemon.containerArchivePath(container, path)
+	content, stat, err = daemon.containerArchivePath(ctr, path)
 	if err == nil {
 		return content, stat, nil
 	}
@@ -125,17 +126,17 @@ func (daemon *Daemon) ContainerArchivePath(name string, path string) (content io
 // be an error if unpacking the given content would cause an existing directory
 // to be replaced with a non-directory and vice versa.
 func (daemon *Daemon) ContainerExtractToDir(name, path string, copyUIDGID, noOverwriteDirNonDir bool, content io.Reader) error {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
 
 	// Make sure an online file-system operation is permitted.
-	if err := daemon.isOnlineFSOperationPermitted(container); err != nil {
+	if err := daemon.isOnlineFSOperationPermitted(ctr); err != nil {
 		return errdefs.System(err)
 	}
 
-	err = daemon.containerExtractToDir(container, path, copyUIDGID, noOverwriteDirNonDir, content)
+	err = daemon.containerExtractToDir(ctr, path, copyUIDGID, noOverwriteDirNonDir, content)
 	if err == nil {
 		return nil
 	}
@@ -235,10 +236,16 @@ func (daemon *Daemon) containerArchivePath(container *container.Container, path
 	if driver.Base(resolvedPath) == "." {
 		resolvedPath += string(driver.Separator()) + "."
 	}
-	sourceDir, sourceBase := driver.Dir(resolvedPath), driver.Base(resolvedPath)
+
+	sourceDir := resolvedPath
+	sourceBase := "."
+
+	if stat.Mode&os.ModeDir == 0 { // not dir
+		sourceDir, sourceBase = driver.Split(resolvedPath)
+	}
 	opts := archive.TarResourceRebaseOpts(sourceBase, driver.Base(absPath))
 
-	data, err := archivePath(driver, sourceDir, opts)
+	data, err := archivePath(driver, sourceDir, opts, container.BaseFS.Path())
 	if err != nil {
 		return nil, nil, err
 	}
@@ -367,7 +374,7 @@ func (daemon *Daemon) containerExtractToDir(container *container.Container, path
 		}
 	}
 
-	if err := extractArchive(driver, content, resolvedPath, options); err != nil {
+	if err := extractArchive(driver, content, resolvedPath, options, container.BaseFS.Path()); err != nil {
 		return err
 	}
 
@@ -425,20 +432,17 @@ func (daemon *Daemon) containerCopy(container *container.Container, resource str
 		d, f := driver.Split(basePath)
 		basePath = d
 		filter = []string{f}
-	} else {
-		filter = []string{driver.Base(basePath)}
-		basePath = driver.Dir(basePath)
 	}
-	archive, err := archivePath(driver, basePath, &archive.TarOptions{
+	archv, err := archivePath(driver, basePath, &archive.TarOptions{
 		Compression:  archive.Uncompressed,
 		IncludeFiles: filter,
-	})
+	}, container.BaseFS.Path())
 	if err != nil {
 		return nil, err
 	}
 
-	reader := ioutils.NewReadCloserWrapper(archive, func() error {
-		err := archive.Close()
+	reader := ioutils.NewReadCloserWrapper(archv, func() error {
+		err := archv.Close()
 		container.DetachAndUnmount(daemon.LogVolumeEvent)
 		daemon.Unmount(container)
 		container.Unlock()
diff --git a/daemon/archive_tarcopyoptions_unix.go b/daemon/archive_tarcopyoptions_unix.go
index c456b410dd537..52f1ce7dbe340 100644
--- a/daemon/archive_tarcopyoptions_unix.go
+++ b/daemon/archive_tarcopyoptions_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
diff --git a/daemon/archive_unix.go b/daemon/archive_unix.go
index 50e6fe24be374..863788d72d8b4 100644
--- a/daemon/archive_unix.go
+++ b/daemon/archive_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -12,7 +13,7 @@ import (
 // cannot be configured with a read-only rootfs.
 func checkIfPathIsInAVolume(container *container.Container, absPath string) (bool, error) {
 	var toVolume bool
-	parser := volumemounts.NewParser(container.OS)
+	parser := volumemounts.NewParser()
 	for _, mnt := range container.MountPoints {
 		if toVolume = parser.HasResource(mnt, absPath); toVolume {
 			if mnt.RW {
diff --git a/daemon/attach.go b/daemon/attach.go
index 0e12441ad1e2e..c6553f79d3919 100644
--- a/daemon/attach.go
+++ b/daemon/attach.go
@@ -11,7 +11,7 @@ import (
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -27,15 +27,15 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA
 		}
 	}
 
-	container, err := daemon.GetContainer(prefixOrName)
+	ctr, err := daemon.GetContainer(prefixOrName)
 	if err != nil {
 		return err
 	}
-	if container.IsPaused() {
+	if ctr.IsPaused() {
 		err := fmt.Errorf("container %s is paused, unpause the container before attach", prefixOrName)
 		return errdefs.Conflict(err)
 	}
-	if container.IsRestarting() {
+	if ctr.IsRestarting() {
 		err := fmt.Errorf("container %s is restarting, wait until the container is running", prefixOrName)
 		return errdefs.Conflict(err)
 	}
@@ -44,11 +44,11 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA
 		UseStdin:   c.UseStdin,
 		UseStdout:  c.UseStdout,
 		UseStderr:  c.UseStderr,
-		TTY:        container.Config.Tty,
-		CloseStdin: container.Config.StdinOnce,
+		TTY:        ctr.Config.Tty,
+		CloseStdin: ctr.Config.StdinOnce,
 		DetachKeys: keys,
 	}
-	container.StreamConfig.AttachStreams(&cfg)
+	ctr.StreamConfig.AttachStreams(&cfg)
 
 	inStream, outStream, errStream, err := c.GetStreams()
 	if err != nil {
@@ -56,7 +56,7 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA
 	}
 	defer inStream.Close()
 
-	if !container.Config.Tty && c.MuxStreams {
+	if !ctr.Config.Tty && c.MuxStreams {
 		errStream = stdcopy.NewStdWriter(errStream, stdcopy.Stderr)
 		outStream = stdcopy.NewStdWriter(outStream, stdcopy.Stdout)
 	}
@@ -71,7 +71,7 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA
 		cfg.Stderr = errStream
 	}
 
-	if err := daemon.containerAttach(container, &cfg, c.Logs, c.Stream); err != nil {
+	if err := daemon.containerAttach(ctr, &cfg, c.Logs, c.Stream); err != nil {
 		fmt.Fprintf(outStream, "Error attaching: %s\n", err)
 	}
 	return nil
@@ -79,7 +79,7 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA
 
 // ContainerAttachRaw attaches the provided streams to the container's stdio
 func (daemon *Daemon) ContainerAttachRaw(prefixOrName string, stdin io.ReadCloser, stdout, stderr io.Writer, doStream bool, attached chan struct{}) error {
-	container, err := daemon.GetContainer(prefixOrName)
+	ctr, err := daemon.GetContainer(prefixOrName)
 	if err != nil {
 		return err
 	}
@@ -87,10 +87,10 @@ func (daemon *Daemon) ContainerAttachRaw(prefixOrName string, stdin io.ReadClose
 		UseStdin:   stdin != nil,
 		UseStdout:  stdout != nil,
 		UseStderr:  stderr != nil,
-		TTY:        container.Config.Tty,
-		CloseStdin: container.Config.StdinOnce,
+		TTY:        ctr.Config.Tty,
+		CloseStdin: ctr.Config.StdinOnce,
 	}
-	container.StreamConfig.AttachStreams(&cfg)
+	ctr.StreamConfig.AttachStreams(&cfg)
 	close(attached)
 	if cfg.UseStdin {
 		cfg.Stdin = stdin
@@ -102,7 +102,7 @@ func (daemon *Daemon) ContainerAttachRaw(prefixOrName string, stdin io.ReadClose
 		cfg.Stderr = stderr
 	}
 
-	return daemon.containerAttach(container, &cfg, false, doStream)
+	return daemon.containerAttach(ctr, &cfg, false, doStream)
 }
 
 func (daemon *Daemon) containerAttach(c *container.Container, cfg *stream.AttachConfig, logs, doStream bool) error {
@@ -176,7 +176,8 @@ func (daemon *Daemon) containerAttach(c *container.Container, cfg *stream.Attach
 	ctx := c.InitAttachContext()
 	err := <-c.StreamConfig.CopyStreams(ctx, cfg)
 	if err != nil {
-		if _, ok := errors.Cause(err).(term.EscapeError); ok || err == context.Canceled {
+		var ierr term.EscapeError
+		if errors.Is(err, context.Canceled) || errors.As(err, &ierr) {
 			daemon.LogContainerEvent(c, "detach")
 		} else {
 			logrus.Errorf("attach failed with error: %v", err)
diff --git a/daemon/bindmount_unix.go b/daemon/bindmount_unix.go
deleted file mode 100644
index 028e300b06777..0000000000000
--- a/daemon/bindmount_unix.go
+++ /dev/null
@@ -1,5 +0,0 @@
-// +build linux freebsd
-
-package daemon // import "github.com/docker/docker/daemon"
-
-const bindMountType = "bind"
diff --git a/daemon/caps/utils.go b/daemon/caps/utils.go
deleted file mode 100644
index c5ded542eff7a..0000000000000
--- a/daemon/caps/utils.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package caps // import "github.com/docker/docker/daemon/caps"
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/syndtr/gocapability/capability"
-)
-
-var capabilityList Capabilities
-
-func init() {
-	last := capability.CAP_LAST_CAP
-	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
-	if last == capability.Cap(63) {
-		last = capability.CAP_BLOCK_SUSPEND
-	}
-	for _, cap := range capability.List() {
-		if cap > last {
-			continue
-		}
-		capabilityList = append(capabilityList,
-			&CapabilityMapping{
-				Key:   "CAP_" + strings.ToUpper(cap.String()),
-				Value: cap,
-			},
-		)
-	}
-}
-
-type (
-	// CapabilityMapping maps linux capability name to its value of capability.Cap type
-	// Capabilities is one of the security systems in Linux Security Module (LSM)
-	// framework provided by the kernel.
-	// For more details on capabilities, see http://man7.org/linux/man-pages/man7/capabilities.7.html
-	CapabilityMapping struct {
-		Key   string         `json:"key,omitempty"`
-		Value capability.Cap `json:"value,omitempty"`
-	}
-	// Capabilities contains all CapabilityMapping
-	Capabilities []*CapabilityMapping
-)
-
-// String returns <key> of CapabilityMapping
-func (c *CapabilityMapping) String() string {
-	return c.Key
-}
-
-// GetCapability returns CapabilityMapping which contains specific key
-func GetCapability(key string) *CapabilityMapping {
-	for _, capp := range capabilityList {
-		if capp.Key == key {
-			cpy := *capp
-			return &cpy
-		}
-	}
-	return nil
-}
-
-// GetAllCapabilities returns all of the capabilities
-func GetAllCapabilities() []string {
-	output := make([]string, len(capabilityList))
-	for i, capability := range capabilityList {
-		output[i] = capability.String()
-	}
-	return output
-}
-
-// inSlice tests whether a string is contained in a slice of strings or not.
-// Comparison is case insensitive
-func inSlice(slice []string, s string) bool {
-	for _, ss := range slice {
-		if strings.ToLower(s) == strings.ToLower(ss) {
-			return true
-		}
-	}
-	return false
-}
-
-// TweakCapabilities can tweak capabilities by adding or dropping capabilities
-// based on the basics capabilities.
-func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
-	var (
-		newCaps []string
-		allCaps = GetAllCapabilities()
-	)
-
-	// FIXME(tonistiigi): docker format is without CAP_ prefix, oci is with prefix
-	// Currently they are mixed in here. We should do conversion in one place.
-
-	// look for invalid cap in the drop list
-	for _, cap := range drops {
-		if strings.ToLower(cap) == "all" {
-			continue
-		}
-
-		if !inSlice(allCaps, "CAP_"+cap) {
-			return nil, fmt.Errorf("Unknown capability drop: %q", cap)
-		}
-	}
-
-	// handle --cap-add=all
-	if inSlice(adds, "all") {
-		basics = allCaps
-	}
-
-	if !inSlice(drops, "all") {
-		for _, cap := range basics {
-			// skip `all` already handled above
-			if strings.ToLower(cap) == "all" {
-				continue
-			}
-
-			// if we don't drop `all`, add back all the non-dropped caps
-			if !inSlice(drops, cap[4:]) {
-				newCaps = append(newCaps, strings.ToUpper(cap))
-			}
-		}
-	}
-
-	for _, cap := range adds {
-		// skip `all` already handled above
-		if strings.ToLower(cap) == "all" {
-			continue
-		}
-
-		cap = "CAP_" + cap
-
-		if !inSlice(allCaps, cap) {
-			return nil, fmt.Errorf("Unknown capability to add: %q", cap)
-		}
-
-		// add cap if not already in the list
-		if !inSlice(newCaps, cap) {
-			newCaps = append(newCaps, strings.ToUpper(cap))
-		}
-	}
-	return newCaps, nil
-}
diff --git a/daemon/changes.go b/daemon/changes.go
index 70b3f6b943c80..09f27b2161c1f 100644
--- a/daemon/changes.go
+++ b/daemon/changes.go
@@ -2,7 +2,6 @@ package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"errors"
-	"runtime"
 	"time"
 
 	"github.com/docker/docker/pkg/archive"
@@ -16,7 +15,7 @@ func (daemon *Daemon) ContainerChanges(name string) ([]archive.Change, error) {
 		return nil, err
 	}
 
-	if runtime.GOOS == "windows" && container.IsRunning() {
+	if isWindows && container.IsRunning() {
 		return nil, errors.New("Windows does not support diff of a running container")
 	}
 
diff --git a/daemon/checkpoint.go b/daemon/checkpoint.go
index 4a1cb0e10ebe0..5cbe8574abd3f 100644
--- a/daemon/checkpoint.go
+++ b/daemon/checkpoint.go
@@ -2,9 +2,7 @@ package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -36,16 +34,16 @@ func getCheckpointDir(checkDir, checkpointID, ctrName, ctrID, ctrCheckpointDir s
 			err2 = os.MkdirAll(checkpointAbsDir, 0700)
 		case err != nil:
 			err2 = err
-		case err == nil:
+		default:
 			err2 = fmt.Errorf("%s exists and is not a directory", checkpointAbsDir)
 		}
 	} else {
 		switch {
 		case err != nil:
-			err2 = fmt.Errorf("checkpoint %s does not exists for container %s", checkpointID, ctrName)
-		case err == nil && stat.IsDir():
+			err2 = fmt.Errorf("checkpoint %s does not exist for container %s", checkpointID, ctrName)
+		case stat.IsDir():
 			err2 = nil
-		case err == nil:
+		default:
 			err2 = fmt.Errorf("%s exists and is not a directory", checkpointAbsDir)
 		}
 	}
@@ -63,10 +61,6 @@ func (daemon *Daemon) CheckpointCreate(name string, config types.CheckpointCreat
 		return fmt.Errorf("Container %s not running", name)
 	}
 
-	if container.Config.Tty {
-		return fmt.Errorf("checkpoint not support on containers with tty")
-	}
-
 	if !validCheckpointNamePattern.MatchString(config.CheckpointID) {
 		return fmt.Errorf("Invalid checkpoint ID (%s), only %s are allowed", config.CheckpointID, validCheckpointNameChars)
 	}
@@ -95,7 +89,7 @@ func (daemon *Daemon) CheckpointDelete(name string, config types.CheckpointDelet
 	}
 	checkpointDir, err := getCheckpointDir(config.CheckpointDir, config.CheckpointID, name, container.ID, container.CheckpointDir(), false)
 	if err == nil {
-		return os.RemoveAll(filepath.Join(checkpointDir, config.CheckpointID))
+		return os.RemoveAll(checkpointDir)
 	}
 	return err
 }
@@ -118,7 +112,7 @@ func (daemon *Daemon) CheckpointList(name string, config types.CheckpointListOpt
 		return nil, err
 	}
 
-	dirs, err := ioutil.ReadDir(checkpointDir)
+	dirs, err := os.ReadDir(checkpointDir)
 	if err != nil {
 		return nil, err
 	}
@@ -127,15 +121,7 @@ func (daemon *Daemon) CheckpointList(name string, config types.CheckpointListOpt
 		if !d.IsDir() {
 			continue
 		}
-		path := filepath.Join(checkpointDir, d.Name(), "config.json")
-		data, err := ioutil.ReadFile(path)
-		if err != nil {
-			return nil, err
-		}
-		var cpt types.Checkpoint
-		if err := json.Unmarshal(data, &cpt); err != nil {
-			return nil, err
-		}
+		cpt := types.Checkpoint{Name: d.Name()}
 		out = append(out, cpt)
 	}
 
diff --git a/daemon/cluster.go b/daemon/cluster.go
index 62eb2a2e5957d..4f4dff185ea99 100644
--- a/daemon/cluster.go
+++ b/daemon/cluster.go
@@ -3,7 +3,7 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	apitypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	lncluster "github.com/docker/libnetwork/cluster"
+	lncluster "github.com/docker/docker/libnetwork/cluster"
 )
 
 // Cluster is the interface for github.com/docker/docker/daemon/cluster.(*Cluster).
diff --git a/daemon/cluster/cluster.go b/daemon/cluster/cluster.go
index 35ba5a93789e3..38a38223621c2 100644
--- a/daemon/cluster/cluster.go
+++ b/daemon/cluster/cluster.go
@@ -41,9 +41,11 @@ package cluster // import "github.com/docker/docker/daemon/cluster"
 import (
 	"context"
 	"fmt"
+	"math"
 	"net"
 	"os"
 	"path/filepath"
+	"runtime"
 	"sync"
 	"time"
 
@@ -51,25 +53,27 @@ import (
 	types "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/controllers/plugin"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
-	"github.com/docker/docker/pkg/signal"
-	lncluster "github.com/docker/libnetwork/cluster"
+	lncluster "github.com/docker/docker/libnetwork/cluster"
+	"github.com/docker/docker/pkg/stack"
 	swarmapi "github.com/docker/swarmkit/api"
 	swarmnode "github.com/docker/swarmkit/node"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
 )
 
-const swarmDirName = "swarm"
-const controlSocket = "control.sock"
-const swarmConnectTimeout = 20 * time.Second
-const swarmRequestTimeout = 20 * time.Second
-const stateFile = "docker-state.json"
-const defaultAddr = "0.0.0.0:2377"
-
 const (
-	initialReconnectDelay = 100 * time.Millisecond
-	maxReconnectDelay     = 30 * time.Second
-	contextPrefix         = "com.docker.swarm"
+	swarmDirName                   = "swarm"
+	controlSocket                  = "control.sock"
+	swarmConnectTimeout            = 20 * time.Second
+	swarmRequestTimeout            = 20 * time.Second
+	stateFile                      = "docker-state.json"
+	defaultAddr                    = "0.0.0.0:2377"
+	isWindows                      = runtime.GOOS == "windows"
+	initialReconnectDelay          = 100 * time.Millisecond
+	maxReconnectDelay              = 30 * time.Second
+	contextPrefix                  = "com.docker.swarm"
+	defaultRecvSizeForListResponse = math.MaxInt32 // the max recv limit grpc <1.4.0
 )
 
 // NetworkSubnetsProvider exposes functions for retrieving the subnets
@@ -184,8 +188,11 @@ func (c *Cluster) Start() error {
 	}
 	c.nr = nr
 
+	timer := time.NewTimer(swarmConnectTimeout)
+	defer timer.Stop()
+
 	select {
-	case <-time.After(swarmConnectTimeout):
+	case <-timer.C:
 		logrus.Error("swarm component could not be started before timeout was reached")
 	case err := <-nr.Ready():
 		if err != nil {
@@ -346,7 +353,7 @@ func (c *Cluster) currentNodeState() nodeState {
 // Call with read lock.
 func (c *Cluster) errNoManager(st nodeState) error {
 	if st.swarmNode == nil {
-		if errors.Cause(st.err) == errSwarmLocked {
+		if errors.Is(st.err, errSwarmLocked) {
 			return errSwarmLocked
 		}
 		if st.err == errSwarmCertificatesExpired {
@@ -386,7 +393,7 @@ func (c *Cluster) Cleanup() {
 
 	if err := node.Stop(); err != nil {
 		logrus.Errorf("failed to shut down cluster node: %v", err)
-		signal.DumpStacks("")
+		stack.Dump()
 	}
 
 	c.mu.Lock()
@@ -397,7 +404,10 @@ func (c *Cluster) Cleanup() {
 func managerStats(client swarmapi.ControlClient, currentNodeID string) (current bool, reachable int, unreachable int, err error) {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
-	nodes, err := client.ListNodes(ctx, &swarmapi.ListNodesRequest{})
+	nodes, err := client.ListNodes(
+		ctx, &swarmapi.ListNodesRequest{},
+		grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse),
+	)
 	if err != nil {
 		return false, 0, 0, err
 	}
diff --git a/daemon/cluster/configs.go b/daemon/cluster/configs.go
index 6b373e618b111..f44adb284e92b 100644
--- a/daemon/cluster/configs.go
+++ b/daemon/cluster/configs.go
@@ -7,6 +7,7 @@ import (
 	types "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/convert"
 	swarmapi "github.com/docker/swarmkit/api"
+	"google.golang.org/grpc"
 )
 
 // GetConfig returns a config from a managed swarm cluster
@@ -44,7 +45,8 @@ func (c *Cluster) GetConfigs(options apitypes.ConfigListOptions) ([]types.Config
 	defer cancel()
 
 	r, err := state.controlClient.ListConfigs(ctx,
-		&swarmapi.ListConfigsRequest{Filters: filters})
+		&swarmapi.ListConfigsRequest{Filters: filters},
+		grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse))
 	if err != nil {
 		return nil, err
 	}
diff --git a/daemon/cluster/controllers/plugin/controller.go b/daemon/cluster/controllers/plugin/controller.go
index 371f918d39964..7d4b64a65d5d4 100644
--- a/daemon/cluster/controllers/plugin/controller.go
+++ b/daemon/cluster/controllers/plugin/controller.go
@@ -3,7 +3,6 @@ package plugin // import "github.com/docker/docker/daemon/cluster/controllers/pl
 import (
 	"context"
 	"io"
-	"io/ioutil"
 	"net/http"
 
 	"github.com/docker/distribution/reference"
@@ -11,7 +10,7 @@ import (
 	"github.com/docker/docker/api/types/swarm/runtime"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/plugin"
-	"github.com/docker/docker/plugin/v2"
+	v2 "github.com/docker/docker/plugin/v2"
 	"github.com/docker/swarmkit/api"
 	"github.com/gogo/protobuf/proto"
 	"github.com/pkg/errors"
@@ -34,7 +33,6 @@ type Controller struct {
 
 	pluginID  string
 	serviceID string
-	taskID    string
 
 	// hook used to signal tests that `Wait()` is actually ready and waiting
 	signalWaitReady func()
@@ -119,10 +117,10 @@ func (p *Controller) Prepare(ctx context.Context) (err error) {
 			}
 		}
 		p.pluginID = pl.GetID()
-		return p.backend.Upgrade(ctx, remote, p.spec.Name, nil, &authConfig, privs, ioutil.Discard)
+		return p.backend.Upgrade(ctx, remote, p.spec.Name, nil, &authConfig, privs, io.Discard)
 	}
 
-	if err := p.backend.Pull(ctx, remote, p.spec.Name, nil, &authConfig, privs, ioutil.Discard, plugin.WithSwarmService(p.serviceID)); err != nil {
+	if err := p.backend.Pull(ctx, remote, p.spec.Name, nil, &authConfig, privs, io.Discard, plugin.WithSwarmService(p.serviceID), plugin.WithEnv(p.spec.Env)); err != nil {
 		return err
 	}
 	pl, err = p.backend.Get(p.spec.Name)
diff --git a/daemon/cluster/controllers/plugin/controller_test.go b/daemon/cluster/controllers/plugin/controller_test.go
index 8329d44766d18..8130e6f48b42e 100644
--- a/daemon/cluster/controllers/plugin/controller_test.go
+++ b/daemon/cluster/controllers/plugin/controller_test.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
@@ -15,7 +14,7 @@ import (
 	"github.com/docker/docker/api/types/swarm/runtime"
 	"github.com/docker/docker/pkg/pubsub"
 	"github.com/docker/docker/plugin"
-	"github.com/docker/docker/plugin/v2"
+	v2 "github.com/docker/docker/plugin/v2"
 	"github.com/sirupsen/logrus"
 )
 
@@ -108,7 +107,7 @@ func TestWaitCancel(t *testing.T) {
 	}
 
 	ctxCancel, cancel := context.WithCancel(ctx)
-	chErr := make(chan error)
+	chErr := make(chan error, 1)
 	go func() {
 		chErr <- c.Wait(ctxCancel)
 	}()
@@ -134,7 +133,7 @@ func TestWaitDisabled(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	chErr := make(chan error)
+	chErr := make(chan error, 1)
 	go func() {
 		chErr <- c.Wait(ctx)
 	}()
@@ -215,7 +214,7 @@ func TestWaitEnabled(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	chErr := make(chan error)
+	chErr := make(chan error, 1)
 	go func() {
 		chErr <- c.Wait(ctx)
 	}()
@@ -321,7 +320,7 @@ func TestRemove(t *testing.T) {
 
 func newTestController(b Backend, disabled bool) *Controller {
 	return &Controller{
-		logger:  &logrus.Entry{Logger: &logrus.Logger{Out: ioutil.Discard}},
+		logger:  &logrus.Entry{Logger: &logrus.Logger{Out: io.Discard}},
 		backend: b,
 		spec: runtime.PluginSpec{
 			Name:     pluginTestName,
diff --git a/daemon/cluster/convert/container.go b/daemon/cluster/convert/container.go
index effd362a12992..a743442331ff2 100644
--- a/daemon/cluster/convert/container.go
+++ b/daemon/cluster/convert/container.go
@@ -1,15 +1,16 @@
 package convert // import "github.com/docker/docker/daemon/cluster/convert"
 
 import (
-	"errors"
 	"fmt"
 	"strings"
 
 	"github.com/docker/docker/api/types/container"
 	mounttypes "github.com/docker/docker/api/types/mount"
 	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/go-units"
 	swarmapi "github.com/docker/swarmkit/api"
 	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
@@ -18,25 +19,28 @@ func containerSpecFromGRPC(c *swarmapi.ContainerSpec) *types.ContainerSpec {
 		return nil
 	}
 	containerSpec := &types.ContainerSpec{
-		Image:      c.Image,
-		Labels:     c.Labels,
-		Command:    c.Command,
-		Args:       c.Args,
-		Hostname:   c.Hostname,
-		Env:        c.Env,
-		Dir:        c.Dir,
-		User:       c.User,
-		Groups:     c.Groups,
-		StopSignal: c.StopSignal,
-		TTY:        c.TTY,
-		OpenStdin:  c.OpenStdin,
-		ReadOnly:   c.ReadOnly,
-		Hosts:      c.Hosts,
-		Secrets:    secretReferencesFromGRPC(c.Secrets),
-		Configs:    configReferencesFromGRPC(c.Configs),
-		Isolation:  IsolationFromGRPC(c.Isolation),
-		Init:       initFromGRPC(c.Init),
-		Sysctls:    c.Sysctls,
+		Image:          c.Image,
+		Labels:         c.Labels,
+		Command:        c.Command,
+		Args:           c.Args,
+		Hostname:       c.Hostname,
+		Env:            c.Env,
+		Dir:            c.Dir,
+		User:           c.User,
+		Groups:         c.Groups,
+		StopSignal:     c.StopSignal,
+		TTY:            c.TTY,
+		OpenStdin:      c.OpenStdin,
+		ReadOnly:       c.ReadOnly,
+		Hosts:          c.Hosts,
+		Secrets:        secretReferencesFromGRPC(c.Secrets),
+		Configs:        configReferencesFromGRPC(c.Configs),
+		Isolation:      IsolationFromGRPC(c.Isolation),
+		Init:           initFromGRPC(c.Init),
+		Sysctls:        c.Sysctls,
+		CapabilityAdd:  c.CapabilityAdd,
+		CapabilityDrop: c.CapabilityDrop,
+		Ulimits:        ulimitsFromGRPC(c.Ulimits),
 	}
 
 	if c.DNSConfig != nil {
@@ -52,13 +56,7 @@ func containerSpecFromGRPC(c *swarmapi.ContainerSpec) *types.ContainerSpec {
 		containerSpec.Privileges = &types.Privileges{}
 
 		if c.Privileges.CredentialSpec != nil {
-			containerSpec.Privileges.CredentialSpec = &types.CredentialSpec{}
-			switch c.Privileges.CredentialSpec.Source.(type) {
-			case *swarmapi.Privileges_CredentialSpec_File:
-				containerSpec.Privileges.CredentialSpec.File = c.Privileges.CredentialSpec.GetFile()
-			case *swarmapi.Privileges_CredentialSpec_Registry:
-				containerSpec.Privileges.CredentialSpec.Registry = c.Privileges.CredentialSpec.GetRegistry()
-			}
+			containerSpec.Privileges.CredentialSpec = credentialSpecFromGRPC(c.Privileges.CredentialSpec)
 		}
 
 		if c.Privileges.SELinuxContext != nil {
@@ -83,7 +81,8 @@ func containerSpecFromGRPC(c *swarmapi.ContainerSpec) *types.ContainerSpec {
 
 		if m.BindOptions != nil {
 			mount.BindOptions = &mounttypes.BindOptions{
-				Propagation: mounttypes.Propagation(strings.ToLower(swarmapi.Mount_BindOptions_MountPropagation_name[int32(m.BindOptions.Propagation)])),
+				Propagation:  mounttypes.Propagation(strings.ToLower(swarmapi.Mount_BindOptions_MountPropagation_name[int32(m.BindOptions.Propagation)])),
+				NonRecursive: m.BindOptions.NonRecursive,
 			}
 		}
 
@@ -184,14 +183,26 @@ func secretReferencesFromGRPC(sr []*swarmapi.SecretReference) []*types.SecretRef
 	return refs
 }
 
-func configReferencesToGRPC(sr []*types.ConfigReference) []*swarmapi.ConfigReference {
+func configReferencesToGRPC(sr []*types.ConfigReference) ([]*swarmapi.ConfigReference, error) {
 	refs := make([]*swarmapi.ConfigReference, 0, len(sr))
 	for _, s := range sr {
 		ref := &swarmapi.ConfigReference{
 			ConfigID:   s.ConfigID,
 			ConfigName: s.ConfigName,
 		}
-		if s.File != nil {
+		switch {
+		case s.Runtime == nil && s.File == nil:
+			return nil, errors.New("either File or Runtime should be set")
+		case s.Runtime != nil && s.File != nil:
+			return nil, errors.New("cannot specify both File and Runtime")
+		case s.Runtime != nil:
+			// Runtime target was added in API v1.40 and takes precedence over
+			// File target. However, File and Runtime targets are mutually exclusive,
+			// so we should never have both.
+			ref.Target = &swarmapi.ConfigReference_Runtime{
+				Runtime: &swarmapi.RuntimeTarget{},
+			}
+		case s.File != nil:
 			ref.Target = &swarmapi.ConfigReference_File{
 				File: &swarmapi.FileTarget{
 					Name: s.File.Name,
@@ -205,28 +216,32 @@ func configReferencesToGRPC(sr []*types.ConfigReference) []*swarmapi.ConfigRefer
 		refs = append(refs, ref)
 	}
 
-	return refs
+	return refs, nil
 }
 
 func configReferencesFromGRPC(sr []*swarmapi.ConfigReference) []*types.ConfigReference {
 	refs := make([]*types.ConfigReference, 0, len(sr))
 	for _, s := range sr {
-		target := s.GetFile()
-		if target == nil {
-			// not a file target
-			logrus.Warnf("config target not a file: config=%s", s.ConfigID)
-			continue
+
+		r := &types.ConfigReference{
+			ConfigID:   s.ConfigID,
+			ConfigName: s.ConfigName,
 		}
-		refs = append(refs, &types.ConfigReference{
-			File: &types.ConfigReferenceFileTarget{
+		if target := s.GetRuntime(); target != nil {
+			r.Runtime = &types.ConfigReferenceRuntimeTarget{}
+		} else if target := s.GetFile(); target != nil {
+			r.File = &types.ConfigReferenceFileTarget{
 				Name: target.Name,
 				UID:  target.UID,
 				GID:  target.GID,
 				Mode: target.Mode,
-			},
-			ConfigID:   s.ConfigID,
-			ConfigName: s.ConfigName,
-		})
+			}
+		} else {
+			// not a file target
+			logrus.Warnf("config target not known: config=%s", s.ConfigID)
+			continue
+		}
+		refs = append(refs, r)
 	}
 
 	return refs
@@ -234,25 +249,27 @@ func configReferencesFromGRPC(sr []*swarmapi.ConfigReference) []*types.ConfigRef
 
 func containerToGRPC(c *types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
 	containerSpec := &swarmapi.ContainerSpec{
-		Image:      c.Image,
-		Labels:     c.Labels,
-		Command:    c.Command,
-		Args:       c.Args,
-		Hostname:   c.Hostname,
-		Env:        c.Env,
-		Dir:        c.Dir,
-		User:       c.User,
-		Groups:     c.Groups,
-		StopSignal: c.StopSignal,
-		TTY:        c.TTY,
-		OpenStdin:  c.OpenStdin,
-		ReadOnly:   c.ReadOnly,
-		Hosts:      c.Hosts,
-		Secrets:    secretReferencesToGRPC(c.Secrets),
-		Configs:    configReferencesToGRPC(c.Configs),
-		Isolation:  isolationToGRPC(c.Isolation),
-		Init:       initToGRPC(c.Init),
-		Sysctls:    c.Sysctls,
+		Image:          c.Image,
+		Labels:         c.Labels,
+		Command:        c.Command,
+		Args:           c.Args,
+		Hostname:       c.Hostname,
+		Env:            c.Env,
+		Dir:            c.Dir,
+		User:           c.User,
+		Groups:         c.Groups,
+		StopSignal:     c.StopSignal,
+		TTY:            c.TTY,
+		OpenStdin:      c.OpenStdin,
+		ReadOnly:       c.ReadOnly,
+		Hosts:          c.Hosts,
+		Secrets:        secretReferencesToGRPC(c.Secrets),
+		Isolation:      isolationToGRPC(c.Isolation),
+		Init:           initToGRPC(c.Init),
+		Sysctls:        c.Sysctls,
+		CapabilityAdd:  c.CapabilityAdd,
+		CapabilityDrop: c.CapabilityDrop,
+		Ulimits:        ulimitsToGRPC(c.Ulimits),
 	}
 
 	if c.DNSConfig != nil {
@@ -272,22 +289,11 @@ func containerToGRPC(c *types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
 		containerSpec.Privileges = &swarmapi.Privileges{}
 
 		if c.Privileges.CredentialSpec != nil {
-			containerSpec.Privileges.CredentialSpec = &swarmapi.Privileges_CredentialSpec{}
-
-			if c.Privileges.CredentialSpec.File != "" && c.Privileges.CredentialSpec.Registry != "" {
-				return nil, errors.New("cannot specify both \"file\" and \"registry\" credential specs")
-			}
-			if c.Privileges.CredentialSpec.File != "" {
-				containerSpec.Privileges.CredentialSpec.Source = &swarmapi.Privileges_CredentialSpec_File{
-					File: c.Privileges.CredentialSpec.File,
-				}
-			} else if c.Privileges.CredentialSpec.Registry != "" {
-				containerSpec.Privileges.CredentialSpec.Source = &swarmapi.Privileges_CredentialSpec_Registry{
-					Registry: c.Privileges.CredentialSpec.Registry,
-				}
-			} else {
-				return nil, errors.New("must either provide \"file\" or \"registry\" for credential spec")
+			cs, err := credentialSpecToGRPC(c.Privileges.CredentialSpec)
+			if err != nil {
+				return nil, errors.Wrap(err, "invalid CredentialSpec")
 			}
+			containerSpec.Privileges.CredentialSpec = cs
 		}
 
 		if c.Privileges.SELinuxContext != nil {
@@ -301,6 +307,14 @@ func containerToGRPC(c *types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
 		}
 	}
 
+	if c.Configs != nil {
+		configs, err := configReferencesToGRPC(c.Configs)
+		if err != nil {
+			return nil, errors.Wrap(err, "invalid Config")
+		}
+		containerSpec.Configs = configs
+	}
+
 	// Mounts
 	for _, m := range c.Mounts {
 		mount := swarmapi.Mount{
@@ -321,6 +335,14 @@ func containerToGRPC(c *types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
 			} else if string(m.BindOptions.Propagation) != "" {
 				return nil, fmt.Errorf("invalid MountPropagation: %q", m.BindOptions.Propagation)
 			}
+
+			if m.BindOptions.NonRecursive {
+				if mount.BindOptions == nil {
+					// the propagation defaults to rprivate
+					mount.BindOptions = &swarmapi.Mount_BindOptions{}
+				}
+				mount.BindOptions.NonRecursive = m.BindOptions.NonRecursive
+			}
 		}
 
 		if m.VolumeOptions != nil {
@@ -353,6 +375,60 @@ func containerToGRPC(c *types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
 	return containerSpec, nil
 }
 
+func credentialSpecFromGRPC(c *swarmapi.Privileges_CredentialSpec) *types.CredentialSpec {
+	cs := &types.CredentialSpec{}
+	switch c.Source.(type) {
+	case *swarmapi.Privileges_CredentialSpec_Config:
+		cs.Config = c.GetConfig()
+	case *swarmapi.Privileges_CredentialSpec_File:
+		cs.File = c.GetFile()
+	case *swarmapi.Privileges_CredentialSpec_Registry:
+		cs.Registry = c.GetRegistry()
+	}
+	return cs
+}
+
+func credentialSpecToGRPC(c *types.CredentialSpec) (*swarmapi.Privileges_CredentialSpec, error) {
+	var opts []string
+
+	if c.Config != "" {
+		opts = append(opts, `"config"`)
+	}
+	if c.File != "" {
+		opts = append(opts, `"file"`)
+	}
+	if c.Registry != "" {
+		opts = append(opts, `"registry"`)
+	}
+	l := len(opts)
+	switch {
+	case l == 0:
+		return nil, errors.New(`must either provide "file", "registry", or "config" for credential spec`)
+	case l == 2:
+		return nil, fmt.Errorf("cannot specify both %s and %s credential specs", opts[0], opts[1])
+	case l > 2:
+		return nil, fmt.Errorf("cannot specify both %s, and %s credential specs", strings.Join(opts[:l-1], ", "), opts[l-1])
+	}
+
+	spec := &swarmapi.Privileges_CredentialSpec{}
+	switch {
+	case c.Config != "":
+		spec.Source = &swarmapi.Privileges_CredentialSpec_Config{
+			Config: c.Config,
+		}
+	case c.File != "":
+		spec.Source = &swarmapi.Privileges_CredentialSpec_File{
+			File: c.File,
+		}
+	case c.Registry != "":
+		spec.Source = &swarmapi.Privileges_CredentialSpec_Registry{
+			Registry: c.Registry,
+		}
+	}
+
+	return spec, nil
+}
+
 func healthConfigFromGRPC(h *swarmapi.HealthConfig) *container.HealthConfig {
 	interval, _ := gogotypes.DurationFromProto(h.Interval)
 	timeout, _ := gogotypes.DurationFromProto(h.Timeout)
@@ -398,3 +474,31 @@ func isolationToGRPC(i container.Isolation) swarmapi.ContainerSpec_Isolation {
 	}
 	return swarmapi.ContainerIsolationDefault
 }
+
+func ulimitsFromGRPC(u []*swarmapi.ContainerSpec_Ulimit) []*units.Ulimit {
+	ulimits := make([]*units.Ulimit, len(u))
+
+	for i, ulimit := range u {
+		ulimits[i] = &units.Ulimit{
+			Name: ulimit.Name,
+			Soft: ulimit.Soft,
+			Hard: ulimit.Hard,
+		}
+	}
+
+	return ulimits
+}
+
+func ulimitsToGRPC(u []*units.Ulimit) []*swarmapi.ContainerSpec_Ulimit {
+	ulimits := make([]*swarmapi.ContainerSpec_Ulimit, len(u))
+
+	for i, ulimit := range u {
+		ulimits[i] = &swarmapi.ContainerSpec_Ulimit{
+			Name: ulimit.Name,
+			Soft: ulimit.Soft,
+			Hard: ulimit.Hard,
+		}
+	}
+
+	return ulimits
+}
diff --git a/daemon/cluster/convert/network.go b/daemon/cluster/convert/network.go
index 34660fc4ffc9d..356e7b7397c65 100644
--- a/daemon/cluster/convert/network.go
+++ b/daemon/cluster/convert/network.go
@@ -6,7 +6,7 @@ import (
 	basictypes "github.com/docker/docker/api/types"
 	networktypes "github.com/docker/docker/api/types/network"
 	types "github.com/docker/docker/api/types/swarm"
-	netconst "github.com/docker/libnetwork/datastore"
+	netconst "github.com/docker/docker/libnetwork/datastore"
 	swarmapi "github.com/docker/swarmkit/api"
 	gogotypes "github.com/gogo/protobuf/types"
 )
@@ -47,10 +47,10 @@ func networkFromGRPC(n *swarmapi.Network) types.Network {
 		network.CreatedAt, _ = gogotypes.TimestampFromProto(n.Meta.CreatedAt)
 		network.UpdatedAt, _ = gogotypes.TimestampFromProto(n.Meta.UpdatedAt)
 
-		//Annotations
+		// Annotations
 		network.Spec.Annotations = annotationsFromGRPC(n.Spec.Annotations)
 
-		//DriverConfiguration
+		// DriverConfiguration
 		if n.Spec.DriverConfig != nil {
 			network.Spec.DriverConfiguration = &types.Driver{
 				Name:    n.Spec.DriverConfig.Name,
@@ -58,7 +58,7 @@ func networkFromGRPC(n *swarmapi.Network) types.Network {
 			}
 		}
 
-		//DriverState
+		// DriverState
 		if n.DriverState != nil {
 			network.DriverState = types.Driver{
 				Name:    n.DriverState.Name,
diff --git a/daemon/cluster/convert/node.go b/daemon/cluster/convert/node.go
index 00636b6ab42b1..488fb909e69e7 100644
--- a/daemon/cluster/convert/node.go
+++ b/daemon/cluster/convert/node.go
@@ -29,10 +29,10 @@ func NodeFromGRPC(n swarmapi.Node) types.Node {
 	node.CreatedAt, _ = gogotypes.TimestampFromProto(n.Meta.CreatedAt)
 	node.UpdatedAt, _ = gogotypes.TimestampFromProto(n.Meta.UpdatedAt)
 
-	//Annotations
+	// Annotations
 	node.Spec.Annotations = annotationsFromGRPC(n.Spec.Annotations)
 
-	//Description
+	// Description
 	if n.Description != nil {
 		node.Description.Hostname = n.Description.Hostname
 		if n.Description.Platform != nil {
@@ -58,7 +58,7 @@ func NodeFromGRPC(n swarmapi.Node) types.Node {
 		}
 	}
 
-	//Manager
+	// Manager
 	if n.ManagerStatus != nil {
 		node.ManagerStatus = &types.ManagerStatus{
 			Leader:       n.ManagerStatus.Leader,
diff --git a/daemon/cluster/convert/service.go b/daemon/cluster/convert/service.go
index 09b023c9d7d3f..4161f89479598 100644
--- a/daemon/cluster/convert/service.go
+++ b/daemon/cluster/convert/service.go
@@ -44,6 +44,15 @@ func ServiceFromGRPC(s swarmapi.Service) (types.Service, error) {
 	service.CreatedAt, _ = gogotypes.TimestampFromProto(s.Meta.CreatedAt)
 	service.UpdatedAt, _ = gogotypes.TimestampFromProto(s.Meta.UpdatedAt)
 
+	if s.JobStatus != nil {
+		service.JobStatus = &types.JobStatus{
+			JobIteration: types.Version{
+				Index: s.JobStatus.JobIteration.Index,
+			},
+		}
+		service.JobStatus.LastExecution, _ = gogotypes.TimestampFromProto(s.JobStatus.LastExecution)
+	}
+
 	// UpdateStatus
 	if s.UpdateStatus != nil {
 		service.UpdateStatus = &types.UpdateStatus{}
@@ -131,6 +140,13 @@ func serviceSpecFromGRPC(spec *swarmapi.ServiceSpec) (*types.ServiceSpec, error)
 		convertedSpec.Mode.Replicated = &types.ReplicatedService{
 			Replicas: &t.Replicated.Replicas,
 		}
+	case *swarmapi.ServiceSpec_ReplicatedJob:
+		convertedSpec.Mode.ReplicatedJob = &types.ReplicatedJob{
+			MaxConcurrent:    &t.ReplicatedJob.MaxConcurrent,
+			TotalCompletions: &t.ReplicatedJob.TotalCompletions,
+		}
+	case *swarmapi.ServiceSpec_GlobalJob:
+		convertedSpec.Mode.GlobalJob = &types.GlobalJob{}
 	}
 
 	return convertedSpec, nil
@@ -177,6 +193,10 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 			if err != nil {
 				return swarmapi.ServiceSpec{}, err
 			}
+			if s.TaskTemplate.Resources != nil && s.TaskTemplate.Resources.Limits != nil {
+				// TODO remove this (or keep for backward compat) once SwarmKit API moved PidsLimit into Resources
+				containerSpec.PidsLimit = s.TaskTemplate.Resources.Limits.Pids
+			}
 			spec.Task.Runtime = &swarmapi.TaskSpec_Container{Container: containerSpec}
 		} else {
 			// If the ContainerSpec is nil, we can't set the task runtime
@@ -246,6 +266,7 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 		spec.Task.Placement = &swarmapi.Placement{
 			Constraints: s.TaskTemplate.Placement.Constraints,
 			Preferences: preferences,
+			MaxReplicas: s.TaskTemplate.Placement.MaxReplicas,
 			Platforms:   platforms,
 		}
 	}
@@ -282,14 +303,52 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 	}
 
 	// Mode
-	if s.Mode.Global != nil && s.Mode.Replicated != nil {
-		return swarmapi.ServiceSpec{}, fmt.Errorf("cannot specify both replicated mode and global mode")
+	numModes := 0
+	if s.Mode.Global != nil {
+		numModes++
+	}
+	if s.Mode.Replicated != nil {
+		numModes++
+	}
+	if s.Mode.ReplicatedJob != nil {
+		numModes++
+	}
+	if s.Mode.GlobalJob != nil {
+		numModes++
+	}
+
+	if numModes > 1 {
+		return swarmapi.ServiceSpec{}, fmt.Errorf("must specify only one service mode")
 	}
 
 	if s.Mode.Global != nil {
 		spec.Mode = &swarmapi.ServiceSpec_Global{
 			Global: &swarmapi.GlobalService{},
 		}
+	} else if s.Mode.GlobalJob != nil {
+		spec.Mode = &swarmapi.ServiceSpec_GlobalJob{
+			GlobalJob: &swarmapi.GlobalJob{},
+		}
+	} else if s.Mode.ReplicatedJob != nil {
+		// if the service is a replicated job, we have two different kinds of
+		// values that might need to be defaulted.
+
+		r := &swarmapi.ReplicatedJob{}
+		if s.Mode.ReplicatedJob.MaxConcurrent != nil {
+			r.MaxConcurrent = *s.Mode.ReplicatedJob.MaxConcurrent
+		} else {
+			r.MaxConcurrent = 1
+		}
+
+		if s.Mode.ReplicatedJob.TotalCompletions != nil {
+			r.TotalCompletions = *s.Mode.ReplicatedJob.TotalCompletions
+		} else {
+			r.TotalCompletions = r.MaxConcurrent
+		}
+
+		spec.Mode = &swarmapi.ServiceSpec_ReplicatedJob{
+			ReplicatedJob: r,
+		}
 	} else if s.Mode.Replicated != nil && s.Mode.Replicated.Replicas != nil {
 		spec.Mode = &swarmapi.ServiceSpec_Replicated{
 			Replicated: &swarmapi.ReplicatedService{Replicas: *s.Mode.Replicated.Replicas},
@@ -341,15 +400,31 @@ func GenericResourcesFromGRPC(genericRes []*swarmapi.GenericResource) []types.Ge
 	return generic
 }
 
-func resourcesFromGRPC(res *swarmapi.ResourceRequirements) *types.ResourceRequirements {
+// resourcesFromGRPC creates a ResourceRequirements from the GRPC TaskSpec.
+// We currently require the whole TaskSpec to be passed, because PidsLimit
+// is returned as part of the container spec, instead of Resources
+// TODO move PidsLimit to Resources in the Swarm API
+func resourcesFromGRPC(ts *swarmapi.TaskSpec) *types.ResourceRequirements {
 	var resources *types.ResourceRequirements
-	if res != nil {
-		resources = &types.ResourceRequirements{}
+
+	if cs := ts.GetContainer(); cs != nil && cs.PidsLimit != 0 {
+		resources = &types.ResourceRequirements{
+			Limits: &types.Limit{
+				Pids: cs.PidsLimit,
+			},
+		}
+	}
+	if ts.Resources != nil {
+		if resources == nil {
+			resources = &types.ResourceRequirements{}
+		}
+		res := ts.Resources
 		if res.Limits != nil {
-			resources.Limits = &types.Resources{
-				NanoCPUs:    res.Limits.NanoCPUs,
-				MemoryBytes: res.Limits.MemoryBytes,
+			if resources.Limits == nil {
+				resources.Limits = &types.Limit{}
 			}
+			resources.Limits.NanoCPUs = res.Limits.NanoCPUs
+			resources.Limits.MemoryBytes = res.Limits.MemoryBytes
 		}
 		if res.Reservations != nil {
 			resources.Reservations = &types.Resources{
@@ -386,6 +461,7 @@ func resourcesToGRPC(res *types.ResourceRequirements) *swarmapi.ResourceRequirem
 	if res != nil {
 		reqs = &swarmapi.ResourceRequirements{}
 		if res.Limits != nil {
+			// TODO add PidsLimit once Swarm API has been updated to move it into Limits
 			reqs.Limits = &swarmapi.Resources{
 				NanoCPUs:    res.Limits.NanoCPUs,
 				MemoryBytes: res.Limits.MemoryBytes,
@@ -472,6 +548,7 @@ func placementFromGRPC(p *swarmapi.Placement) *types.Placement {
 	}
 	r := &types.Placement{
 		Constraints: p.Constraints,
+		MaxReplicas: p.MaxReplicas,
 	}
 
 	for _, pref := range p.Preferences {
@@ -601,7 +678,7 @@ func taskSpecFromGRPC(taskSpec swarmapi.TaskSpec) (types.TaskSpec, error) {
 	}
 
 	t := types.TaskSpec{
-		Resources:     resourcesFromGRPC(taskSpec.Resources),
+		Resources:     resourcesFromGRPC(&taskSpec),
 		RestartPolicy: restartPolicyFromGRPC(taskSpec.Restart),
 		Placement:     placementFromGRPC(taskSpec.Placement),
 		LogDriver:     driverFromGRPC(taskSpec.LogDriver),
diff --git a/daemon/cluster/convert/service_test.go b/daemon/cluster/convert/service_test.go
index ad5f0d4494246..2b4ef94eee8e9 100644
--- a/daemon/cluster/convert/service_test.go
+++ b/daemon/cluster/convert/service_test.go
@@ -8,7 +8,7 @@ import (
 	"github.com/docker/docker/api/types/swarm/runtime"
 	swarmapi "github.com/docker/swarmkit/api"
 	google_protobuf3 "github.com/gogo/protobuf/types"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestServiceConvertFromGRPCRuntimeContainer(t *testing.T) {
@@ -233,6 +233,167 @@ func TestServiceConvertFromGRPCIsolation(t *testing.T) {
 	}
 }
 
+func TestServiceConvertToGRPCCredentialSpec(t *testing.T) {
+	cases := []struct {
+		name        string
+		from        swarmtypes.CredentialSpec
+		to          swarmapi.Privileges_CredentialSpec
+		expectedErr string
+	}{
+		{
+			name:        "empty credential spec",
+			from:        swarmtypes.CredentialSpec{},
+			to:          swarmapi.Privileges_CredentialSpec{},
+			expectedErr: `invalid CredentialSpec: must either provide "file", "registry", or "config" for credential spec`,
+		},
+		{
+			name: "config and file credential spec",
+			from: swarmtypes.CredentialSpec{
+				Config: "0bt9dmxjvjiqermk6xrop3ekq",
+				File:   "spec.json",
+			},
+			to:          swarmapi.Privileges_CredentialSpec{},
+			expectedErr: `invalid CredentialSpec: cannot specify both "config" and "file" credential specs`,
+		},
+		{
+			name: "config and registry credential spec",
+			from: swarmtypes.CredentialSpec{
+				Config:   "0bt9dmxjvjiqermk6xrop3ekq",
+				Registry: "testing",
+			},
+			to:          swarmapi.Privileges_CredentialSpec{},
+			expectedErr: `invalid CredentialSpec: cannot specify both "config" and "registry" credential specs`,
+		},
+		{
+			name: "file and registry credential spec",
+			from: swarmtypes.CredentialSpec{
+				File:     "spec.json",
+				Registry: "testing",
+			},
+			to:          swarmapi.Privileges_CredentialSpec{},
+			expectedErr: `invalid CredentialSpec: cannot specify both "file" and "registry" credential specs`,
+		},
+		{
+			name: "config and file and registry credential spec",
+			from: swarmtypes.CredentialSpec{
+				Config:   "0bt9dmxjvjiqermk6xrop3ekq",
+				File:     "spec.json",
+				Registry: "testing",
+			},
+			to:          swarmapi.Privileges_CredentialSpec{},
+			expectedErr: `invalid CredentialSpec: cannot specify both "config", "file", and "registry" credential specs`,
+		},
+		{
+			name: "config credential spec",
+			from: swarmtypes.CredentialSpec{Config: "0bt9dmxjvjiqermk6xrop3ekq"},
+			to: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_Config{Config: "0bt9dmxjvjiqermk6xrop3ekq"},
+			},
+		},
+		{
+			name: "file credential spec",
+			from: swarmtypes.CredentialSpec{File: "foo.json"},
+			to: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_File{File: "foo.json"},
+			},
+		},
+		{
+			name: "registry credential spec",
+			from: swarmtypes.CredentialSpec{Registry: "testing"},
+			to: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_Registry{Registry: "testing"},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		c := c
+		t.Run(c.name, func(t *testing.T) {
+			s := swarmtypes.ServiceSpec{
+				TaskTemplate: swarmtypes.TaskSpec{
+					ContainerSpec: &swarmtypes.ContainerSpec{
+						Privileges: &swarmtypes.Privileges{
+							CredentialSpec: &c.from,
+						},
+					},
+				},
+			}
+
+			res, err := ServiceSpecToGRPC(s)
+			if c.expectedErr != "" {
+				assert.Error(t, err, c.expectedErr)
+				return
+			}
+
+			assert.NilError(t, err)
+			v, ok := res.Task.Runtime.(*swarmapi.TaskSpec_Container)
+			if !ok {
+				t.Fatal("expected type swarmapi.TaskSpec_Container")
+			}
+			assert.DeepEqual(t, c.to, *v.Container.Privileges.CredentialSpec)
+		})
+	}
+}
+
+func TestServiceConvertFromGRPCCredentialSpec(t *testing.T) {
+	cases := []struct {
+		name string
+		from swarmapi.Privileges_CredentialSpec
+		to   *swarmtypes.CredentialSpec
+	}{
+		{
+			name: "empty credential spec",
+			from: swarmapi.Privileges_CredentialSpec{},
+			to:   &swarmtypes.CredentialSpec{},
+		},
+		{
+			name: "config credential spec",
+			from: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_Config{Config: "0bt9dmxjvjiqermk6xrop3ekq"},
+			},
+			to: &swarmtypes.CredentialSpec{Config: "0bt9dmxjvjiqermk6xrop3ekq"},
+		},
+		{
+			name: "file credential spec",
+			from: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_File{File: "foo.json"},
+			},
+			to: &swarmtypes.CredentialSpec{File: "foo.json"},
+		},
+		{
+			name: "registry credential spec",
+			from: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_Registry{Registry: "testing"},
+			},
+			to: &swarmtypes.CredentialSpec{Registry: "testing"},
+		},
+	}
+
+	for _, tc := range cases {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			gs := swarmapi.Service{
+				Spec: swarmapi.ServiceSpec{
+					Task: swarmapi.TaskSpec{
+						Runtime: &swarmapi.TaskSpec_Container{
+							Container: &swarmapi.ContainerSpec{
+								Privileges: &swarmapi.Privileges{
+									CredentialSpec: &tc.from,
+								},
+							},
+						},
+					},
+				},
+			}
+
+			svc, err := ServiceFromGRPC(gs)
+			assert.NilError(t, err)
+			assert.DeepEqual(t, svc.Spec.TaskTemplate.ContainerSpec.Privileges.CredentialSpec, tc.to)
+		})
+	}
+}
+
 func TestServiceConvertToGRPCNetworkAtachmentRuntime(t *testing.T) {
 	someid := "asfjkl"
 	s := swarmtypes.ServiceSpec{
@@ -306,3 +467,147 @@ func TestTaskConvertFromGRPCNetworkAttachment(t *testing.T) {
 		t.Fatalf("expected Runtime to be %v", swarmtypes.RuntimeNetworkAttachment)
 	}
 }
+
+// TestServiceConvertFromGRPCConfigs tests that converting config references
+// from GRPC is correct
+func TestServiceConvertFromGRPCConfigs(t *testing.T) {
+	cases := []struct {
+		name string
+		from *swarmapi.ConfigReference
+		to   *swarmtypes.ConfigReference
+	}{
+		{
+			name: "file",
+			from: &swarmapi.ConfigReference{
+				ConfigID:   "configFile",
+				ConfigName: "configFile",
+				Target: &swarmapi.ConfigReference_File{
+					// skip mode, if everything else here works mode will too. otherwise we'd need to import os.
+					File: &swarmapi.FileTarget{Name: "foo", UID: "bar", GID: "baz"},
+				},
+			},
+			to: &swarmtypes.ConfigReference{
+				ConfigID:   "configFile",
+				ConfigName: "configFile",
+				File:       &swarmtypes.ConfigReferenceFileTarget{Name: "foo", UID: "bar", GID: "baz"},
+			},
+		},
+		{
+			name: "runtime",
+			from: &swarmapi.ConfigReference{
+				ConfigID:   "configRuntime",
+				ConfigName: "configRuntime",
+				Target:     &swarmapi.ConfigReference_Runtime{Runtime: &swarmapi.RuntimeTarget{}},
+			},
+			to: &swarmtypes.ConfigReference{
+				ConfigID:   "configRuntime",
+				ConfigName: "configRuntime",
+				Runtime:    &swarmtypes.ConfigReferenceRuntimeTarget{},
+			},
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			grpcService := swarmapi.Service{
+				Spec: swarmapi.ServiceSpec{
+					Task: swarmapi.TaskSpec{
+						Runtime: &swarmapi.TaskSpec_Container{
+							Container: &swarmapi.ContainerSpec{
+								Configs: []*swarmapi.ConfigReference{tc.from},
+							},
+						},
+					},
+				},
+			}
+
+			engineService, err := ServiceFromGRPC(grpcService)
+			assert.NilError(t, err)
+			assert.DeepEqual(t,
+				engineService.Spec.TaskTemplate.ContainerSpec.Configs[0],
+				tc.to,
+			)
+		})
+	}
+}
+
+// TestServiceConvertToGRPCConfigs tests that converting config references to
+// GRPC is correct
+func TestServiceConvertToGRPCConfigs(t *testing.T) {
+	cases := []struct {
+		name        string
+		from        *swarmtypes.ConfigReference
+		to          *swarmapi.ConfigReference
+		expectedErr string
+	}{
+		{
+			name: "file",
+			from: &swarmtypes.ConfigReference{
+				ConfigID:   "configFile",
+				ConfigName: "configFile",
+				File:       &swarmtypes.ConfigReferenceFileTarget{Name: "foo", UID: "bar", GID: "baz"},
+			},
+			to: &swarmapi.ConfigReference{
+				ConfigID:   "configFile",
+				ConfigName: "configFile",
+				Target: &swarmapi.ConfigReference_File{
+					// skip mode, if everything else here works mode will too. otherwise we'd need to import os.
+					File: &swarmapi.FileTarget{Name: "foo", UID: "bar", GID: "baz"},
+				},
+			},
+		},
+		{
+			name: "runtime",
+			from: &swarmtypes.ConfigReference{
+				ConfigID:   "configRuntime",
+				ConfigName: "configRuntime",
+				Runtime:    &swarmtypes.ConfigReferenceRuntimeTarget{},
+			},
+			to: &swarmapi.ConfigReference{
+				ConfigID:   "configRuntime",
+				ConfigName: "configRuntime",
+				Target:     &swarmapi.ConfigReference_Runtime{Runtime: &swarmapi.RuntimeTarget{}},
+			},
+		},
+		{
+			name: "file and runtime",
+			from: &swarmtypes.ConfigReference{
+				ConfigID:   "fileAndRuntime",
+				ConfigName: "fileAndRuntime",
+				File:       &swarmtypes.ConfigReferenceFileTarget{},
+				Runtime:    &swarmtypes.ConfigReferenceRuntimeTarget{},
+			},
+			expectedErr: "invalid Config: cannot specify both File and Runtime",
+		},
+		{
+			name: "none",
+			from: &swarmtypes.ConfigReference{
+				ConfigID:   "none",
+				ConfigName: "none",
+			},
+			expectedErr: "invalid Config: either File or Runtime should be set",
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			engineServiceSpec := swarmtypes.ServiceSpec{
+				TaskTemplate: swarmtypes.TaskSpec{
+					ContainerSpec: &swarmtypes.ContainerSpec{
+						Configs: []*swarmtypes.ConfigReference{tc.from},
+					},
+				},
+			}
+
+			grpcServiceSpec, err := ServiceSpecToGRPC(engineServiceSpec)
+			if tc.expectedErr != "" {
+				assert.Error(t, err, tc.expectedErr)
+				return
+			}
+
+			assert.NilError(t, err)
+			taskRuntime := grpcServiceSpec.Task.Runtime.(*swarmapi.TaskSpec_Container)
+			assert.DeepEqual(t, taskRuntime.Container.Configs[0], tc.to)
+		})
+	}
+}
diff --git a/daemon/cluster/convert/swarm.go b/daemon/cluster/convert/swarm.go
index 643505badf61f..bdad2a5ea711c 100644
--- a/daemon/cluster/convert/swarm.go
+++ b/daemon/cluster/convert/swarm.go
@@ -42,6 +42,7 @@ func SwarmFromGRPC(c swarmapi.Cluster) types.Swarm {
 			RootRotationInProgress: c.RootCA.RootRotation != nil,
 			DefaultAddrPool:        c.DefaultAddressPool,
 			SubnetSize:             c.SubnetSize,
+			DataPathPort:           c.VXLANUDPPort,
 		},
 		JoinTokens: types.JoinTokens{
 			Worker:  c.RootCA.JoinTokens.Worker,
diff --git a/daemon/cluster/convert/task.go b/daemon/cluster/convert/task.go
index 72e2805e1eecb..b29cf4871fa91 100644
--- a/daemon/cluster/convert/task.go
+++ b/daemon/cluster/convert/task.go
@@ -51,6 +51,12 @@ func TaskFromGRPC(t swarmapi.Task) (types.Task, error) {
 		task.NetworksAttachments = append(task.NetworksAttachments, networkAttachmentFromGRPC(na))
 	}
 
+	if t.JobIteration != nil {
+		task.JobIteration = &types.Version{
+			Index: t.JobIteration.Index,
+		}
+	}
+
 	if t.Status.PortStatus == nil {
 		return task, nil
 	}
diff --git a/daemon/cluster/executor/backend.go b/daemon/cluster/executor/backend.go
index cfbc86ce366da..f342d522fcade 100644
--- a/daemon/cluster/executor/backend.go
+++ b/daemon/cluster/executor/backend.go
@@ -17,11 +17,11 @@ import (
 	containerpkg "github.com/docker/docker/container"
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
 	networkSettings "github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/libnetwork/cluster"
+	networktypes "github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/plugin"
 	volumeopts "github.com/docker/docker/volume/service/opts"
-	"github.com/docker/libnetwork"
-	"github.com/docker/libnetwork/cluster"
-	networktypes "github.com/docker/libnetwork/types"
 	"github.com/docker/swarmkit/agent/exec"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
@@ -48,7 +48,7 @@ type Backend interface {
 	SetContainerDependencyStore(name string, store exec.DependencyGetter) error
 	SetContainerSecretReferences(name string, refs []*swarmtypes.SecretReference) error
 	SetContainerConfigReferences(name string, refs []*swarmtypes.ConfigReference) error
-	SystemInfo() (*types.Info, error)
+	SystemInfo() *types.Info
 	Containers(config *types.ContainerListOptions) ([]*types.Container, error)
 	SetNetworkBootstrapKeys([]*networktypes.EncryptionKey) error
 	DaemonJoinsCluster(provider cluster.Provider)
@@ -61,6 +61,7 @@ type Backend interface {
 	PluginManager() *plugin.Manager
 	PluginGetter() *plugin.Store
 	GetAttachmentStore() *networkSettings.AttachmentStore
+	HasExperimental() bool
 }
 
 // VolumeBackend is used by an executor to perform volume operations
@@ -71,6 +72,6 @@ type VolumeBackend interface {
 // ImageBackend is used by an executor to perform image operations
 type ImageBackend interface {
 	PullImage(ctx context.Context, image, tag string, platform *specs.Platform, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
-	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, bool, error)
+	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, error)
 	LookupImage(name string) (*types.ImageInspect, error)
 }
diff --git a/daemon/cluster/executor/container/adapter.go b/daemon/cluster/executor/container/adapter.go
index 720b8447fc803..00b47e77ce228 100644
--- a/daemon/cluster/executor/container/adapter.go
+++ b/daemon/cluster/executor/container/adapter.go
@@ -20,13 +20,13 @@ import (
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemon/cluster/convert"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
+	"github.com/docker/docker/libnetwork"
 	volumeopts "github.com/docker/docker/volume/service/opts"
-	"github.com/docker/libnetwork"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
 	gogotypes "github.com/gogo/protobuf/types"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/time/rate"
@@ -97,7 +97,7 @@ func (c *containerAdapter) pullImage(ctx context.Context) error {
 	pr, pw := io.Pipe()
 	metaHeaders := map[string][]string{}
 	go func() {
-		// TODO @jhowardmsft LCOW Support: This will need revisiting as
+		// TODO LCOW Support: This will need revisiting as
 		// the stack is built up to include LCOW support for swarm.
 		err := c.imageBackend.PullImage(ctx, c.container.image(), "", nil, metaHeaders, authConfig, pw)
 		pw.CloseWithError(err)
@@ -222,12 +222,17 @@ func (c *containerAdapter) createNetworks(ctx context.Context) error {
 }
 
 func (c *containerAdapter) removeNetworks(ctx context.Context) error {
+	var (
+		activeEndpointsError *libnetwork.ActiveEndpointsError
+		errNoSuchNetwork     libnetwork.ErrNoSuchNetwork
+	)
+
 	for name, v := range c.container.networksAttachments {
 		if err := c.backend.DeleteManagedNetwork(v.Network.ID); err != nil {
-			switch errors.Cause(err).(type) {
-			case *libnetwork.ActiveEndpointsError:
+			switch {
+			case errors.As(err, &activeEndpointsError):
 				continue
-			case libnetwork.ErrNoSuchNetwork:
+			case errors.As(err, &errNoSuchNetwork):
 				continue
 			default:
 				log.G(ctx).Errorf("network %s remove failed: %v", name, err)
@@ -426,6 +431,7 @@ func (c *containerAdapter) remove(ctx context.Context) error {
 func (c *containerAdapter) createVolumes(ctx context.Context) error {
 	// Create plugin volumes that are embedded inside a Mount
 	for _, mount := range c.container.task.Spec.GetContainer().Mounts {
+		mount := mount
 		if mount.Type != api.MountTypeVolume {
 			continue
 		}
diff --git a/daemon/cluster/executor/container/container.go b/daemon/cluster/executor/container/container.go
index b26076bcd8c8c..7ee0b0dee5694 100644
--- a/daemon/cluster/executor/container/container.go
+++ b/daemon/cluster/executor/container/container.go
@@ -6,7 +6,6 @@ import (
 	"net"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/sirupsen/logrus"
 
@@ -21,8 +20,9 @@ import (
 	"github.com/docker/docker/daemon/cluster/convert"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
+	netconst "github.com/docker/docker/libnetwork/datastore"
 	"github.com/docker/go-connections/nat"
-	netconst "github.com/docker/libnetwork/datastore"
+	"github.com/docker/go-units"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/api/genericresource"
@@ -31,10 +31,6 @@ import (
 )
 
 const (
-	// Explicitly use the kernel's default setting for CPU quota of 100ms.
-	// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt
-	cpuQuotaPeriod = 100 * time.Millisecond
-
 	// systemLabelPrefix represents the reserved namespace for system labels.
 	systemLabelPrefix = "com.docker.swarm"
 )
@@ -103,10 +99,6 @@ func (c *containerConfig) taskID() string {
 	return c.task.ID
 }
 
-func (c *containerConfig) endpoint() *api.Endpoint {
-	return c.task.Endpoint
-}
-
 func (c *containerConfig) spec() *api.ContainerSpec {
 	return c.task.Spec.GetContainer()
 }
@@ -290,7 +282,9 @@ func convertMount(m api.Mount) enginemount.Mount {
 	}
 
 	if m.BindOptions != nil {
-		mount.BindOptions = &enginemount.BindOptions{}
+		mount.BindOptions = &enginemount.BindOptions{
+			NonRecursive: m.BindOptions.NonRecursive,
+		}
 		switch m.BindOptions.Propagation {
 		case api.MountPropagationRPrivate:
 			mount.BindOptions.Propagation = enginemount.PropagationRPrivate
@@ -367,6 +361,8 @@ func (c *containerConfig) hostConfig() *enginecontainer.HostConfig {
 		Isolation:      c.isolation(),
 		Init:           c.init(),
 		Sysctls:        c.spec().Sysctls,
+		CapAdd:         c.spec().CapabilityAdd,
+		CapDrop:        c.spec().CapabilityDrop,
 	}
 
 	if c.spec().DNSConfig != nil {
@@ -437,6 +433,21 @@ func (c *containerConfig) volumeCreateRequest(mount *api.Mount) *volumetypes.Vol
 func (c *containerConfig) resources() enginecontainer.Resources {
 	resources := enginecontainer.Resources{}
 
+	// set pids limit
+	pidsLimit := c.spec().PidsLimit
+	if pidsLimit > 0 {
+		resources.PidsLimit = &pidsLimit
+	}
+
+	resources.Ulimits = make([]*units.Ulimit, len(c.spec().Ulimits))
+	for i, ulimit := range c.spec().Ulimits {
+		resources.Ulimits[i] = &units.Ulimit{
+			Name: ulimit.Name,
+			Soft: ulimit.Soft,
+			Hard: ulimit.Hard,
+		}
+	}
+
 	// If no limits are specified let the engine use its defaults.
 	//
 	// TODO(aluzzardi): We might want to set some limits anyway otherwise
@@ -451,9 +462,7 @@ func (c *containerConfig) resources() enginecontainer.Resources {
 	}
 
 	if r.Limits.NanoCPUs > 0 {
-		// CPU Period must be set in microseconds.
-		resources.CPUPeriod = int64(cpuQuotaPeriod / time.Microsecond)
-		resources.CPUQuota = r.Limits.NanoCPUs * resources.CPUPeriod / 1e9
+		resources.NanoCPUs = r.Limits.NanoCPUs
 	}
 
 	return resources
@@ -651,6 +660,8 @@ func (c *containerConfig) applyPrivileges(hc *enginecontainer.HostConfig) {
 			hc.SecurityOpt = append(hc.SecurityOpt, "credentialspec=file://"+credentials.GetFile())
 		case *api.Privileges_CredentialSpec_Registry:
 			hc.SecurityOpt = append(hc.SecurityOpt, "credentialspec=registry://"+credentials.GetRegistry())
+		case *api.Privileges_CredentialSpec_Config:
+			hc.SecurityOpt = append(hc.SecurityOpt, "credentialspec=config://"+credentials.GetConfig())
 		}
 	}
 
diff --git a/daemon/cluster/executor/container/container_test.go b/daemon/cluster/executor/container/container_test.go
index 5f967c2f771c8..88ba8beb1ca54 100644
--- a/daemon/cluster/executor/container/container_test.go
+++ b/daemon/cluster/executor/container/container_test.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/docker/docker/api/types/container"
 	swarmapi "github.com/docker/swarmkit/api"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestIsolationConversion(t *testing.T) {
@@ -80,3 +80,56 @@ func TestContainerLabels(t *testing.T) {
 	labels := c.labels()
 	assert.DeepEqual(t, expected, labels)
 }
+
+func TestCredentialSpecConversion(t *testing.T) {
+	cases := []struct {
+		name string
+		from swarmapi.Privileges_CredentialSpec
+		to   []string
+	}{
+		{
+			name: "none",
+			from: swarmapi.Privileges_CredentialSpec{},
+			to:   nil,
+		},
+		{
+			name: "config",
+			from: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_Config{Config: "0bt9dmxjvjiqermk6xrop3ekq"},
+			},
+			to: []string{"credentialspec=config://0bt9dmxjvjiqermk6xrop3ekq"},
+		},
+		{
+			name: "file",
+			from: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_File{File: "foo.json"},
+			},
+			to: []string{"credentialspec=file://foo.json"},
+		},
+		{
+			name: "registry",
+			from: swarmapi.Privileges_CredentialSpec{
+				Source: &swarmapi.Privileges_CredentialSpec_Registry{Registry: "testing"},
+			},
+			to: []string{"credentialspec=registry://testing"},
+		},
+	}
+	for _, c := range cases {
+		c := c
+		t.Run(c.name, func(t *testing.T) {
+			task := swarmapi.Task{
+				Spec: swarmapi.TaskSpec{
+					Runtime: &swarmapi.TaskSpec_Container{
+						Container: &swarmapi.ContainerSpec{
+							Privileges: &swarmapi.Privileges{
+								CredentialSpec: &c.from,
+							},
+						},
+					},
+				},
+			}
+			config := containerConfig{task: &task}
+			assert.DeepEqual(t, c.to, config.hostConfig().SecurityOpt)
+		})
+	}
+}
diff --git a/daemon/cluster/executor/container/controller.go b/daemon/cluster/executor/container/controller.go
index 5552b13328951..e3491a4b95e81 100644
--- a/daemon/cluster/executor/container/controller.go
+++ b/daemon/cluster/executor/container/controller.go
@@ -11,8 +11,8 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
+	"github.com/docker/docker/libnetwork"
 	"github.com/docker/go-connections/nat"
-	"github.com/docker/libnetwork"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
@@ -204,9 +204,10 @@ func (r *controller) Start(ctx context.Context) error {
 		return exec.ErrTaskStarted
 	}
 
+	var lnErr libnetwork.ErrNoSuchNetwork
 	for {
 		if err := r.adapter.start(ctx); err != nil {
-			if _, ok := errors.Cause(err).(libnetwork.ErrNoSuchNetwork); ok {
+			if errors.As(err, &lnErr) {
 				// Retry network creation again if we
 				// failed because some of the networks
 				// were not found.
@@ -369,11 +370,17 @@ func (r *controller) Shutdown(ctx context.Context) error {
 	}
 
 	if err := r.adapter.shutdown(ctx); err != nil {
-		if isUnknownContainer(err) || isStoppedContainer(err) {
-			return nil
+		if !(isUnknownContainer(err) || isStoppedContainer(err)) {
+			return err
 		}
+	}
 
-		return err
+	// Try removing networks referenced in this task in case this
+	// task is the last one referencing it
+	if err := r.adapter.removeNetworks(ctx); err != nil {
+		if !isUnknownContainer(err) {
+			return err
+		}
 	}
 
 	return nil
@@ -419,15 +426,6 @@ func (r *controller) Remove(ctx context.Context) error {
 		log.G(ctx).WithError(err).Debug("shutdown failed on removal")
 	}
 
-	// Try removing networks referenced in this task in case this
-	// task is the last one referencing it
-	if err := r.adapter.removeNetworks(ctx); err != nil {
-		if isUnknownContainer(err) {
-			return nil
-		}
-		return err
-	}
-
 	if err := r.adapter.remove(ctx); err != nil {
 		if isUnknownContainer(err) {
 			return nil
@@ -511,7 +509,9 @@ func (r *controller) Logs(ctx context.Context, publisher exec.LogPublisher, opti
 	var (
 		// use a rate limiter to keep things under control but also provides some
 		// ability coalesce messages.
-		limiter = rate.NewLimiter(rate.Every(time.Second), 10<<20) // 10 MB/s
+		// this will implement a "token bucket" of size 10 MB, initially full and refilled
+		// at rate 10 MB tokens per second.
+		limiter = rate.NewLimiter(10<<20, 10<<20) // 10 MB/s
 		msgctx  = api.LogContext{
 			NodeID:    r.task.NodeID,
 			ServiceID: r.task.ServiceID,
@@ -638,7 +638,7 @@ func parsePortMap(portMap nat.PortMap) ([]*api.PortConfig, error) {
 			return nil, err
 		}
 
-		protocol := api.ProtocolTCP
+		var protocol api.PortConfig_Protocol
 		switch strings.ToLower(parts[1]) {
 		case "tcp":
 			protocol = api.ProtocolTCP
diff --git a/daemon/cluster/executor/container/executor.go b/daemon/cluster/executor/container/executor.go
index 940a943e4f791..66f21e8c7b768 100644
--- a/daemon/cluster/executor/container/executor.go
+++ b/daemon/cluster/executor/container/executor.go
@@ -15,12 +15,15 @@ import (
 	"github.com/docker/docker/daemon/cluster/convert"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
-	networktypes "github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork"
+	networktypes "github.com/docker/docker/libnetwork/types"
 	"github.com/docker/swarmkit/agent"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/api/naming"
+	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/template"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
@@ -32,6 +35,14 @@ type executor struct {
 	dependencies  exec.DependencyManager
 	mutex         sync.Mutex // This mutex protects the following node field
 	node          *api.NodeDescription
+
+	// nodeObj holds a copy of the swarmkit Node object from the time of the
+	// last call to executor.Configure. This allows us to discover which
+	// network attachments the node previously had, which further allows us to
+	// determine which, if any, need to be removed. nodeObj is not protected by
+	// a mutex, because it is only written to in the method (Configure) that it
+	// is read from. If that changes, it may need to be guarded.
+	nodeObj *api.Node
 }
 
 // NewExecutor returns an executor from the docker client.
@@ -47,10 +58,7 @@ func NewExecutor(b executorpkg.Backend, p plugin.Backend, i executorpkg.ImageBac
 
 // Describe returns the underlying node description from the docker client.
 func (e *executor) Describe(ctx context.Context) (*api.NodeDescription, error) {
-	info, err := e.backend.SystemInfo()
-	if err != nil {
-		return nil, err
-	}
+	info := e.backend.SystemInfo()
 
 	plugins := map[api.PluginDescription]struct{}{}
 	addPlugins := func(typ string, names []string) {
@@ -160,6 +168,40 @@ func (e *executor) Configure(ctx context.Context, node *api.Node) error {
 		attachments[na.Network.ID] = na.Addresses[0]
 	}
 
+	// discover which, if any, attachments have been removed.
+	//
+	// we aren't responsible directly for creating these networks. that is
+	// handled indirectly when a container using that network is created.
+	// however, when it comes time to remove the network, none of the relevant
+	// tasks may exist anymore. this means we should go ahead and try to remove
+	// any network we know to no longer be in use.
+
+	// removeAttachments maps the network ID to a boolean. This boolean
+	// indicates whether the attachment in question is totally removed (true),
+	// or has just had its IP changed (false)
+	removeAttachments := make(map[string]bool)
+
+	// the first time we Configure, nodeObj wil be nil, because it will not be
+	// set yet. in that case, skip this check.
+	if e.nodeObj != nil {
+		for _, na := range e.nodeObj.Attachments {
+			// same thing as above, check sanity of the attachments so we don't
+			// get a panic.
+			if na == nil || na.Network == nil || len(na.Addresses) == 0 {
+				logrus.WithField("NetworkAttachment", fmt.Sprintf("%#v", na)).
+					Warnf("skipping nil or malformed node network attachment entry")
+				continue
+			}
+
+			// now, check if the attachment exists and shares the same IP address.
+			if ip, ok := attachments[na.Network.ID]; !ok || na.Addresses[0] != ip {
+				// if the map entry exists, then the network still exists, and the
+				// IP must be what has changed
+				removeAttachments[na.Network.ID] = !ok
+			}
+		}
+	}
+
 	if (ingressNA == nil) && (node.Attachment != nil) && (len(node.Attachment.Addresses) > 0) {
 		ingressNA = node.Attachment
 		attachments[ingressNA.Network.ID] = ingressNA.Addresses[0]
@@ -200,6 +242,42 @@ func (e *executor) Configure(ctx context.Context, node *api.Node) error {
 		return err
 	}
 
+	var (
+		activeEndpointsError *libnetwork.ActiveEndpointsError
+		errNoSuchNetwork     libnetwork.ErrNoSuchNetwork
+	)
+
+	// now, finally, remove any network LB attachments that we no longer have.
+	for nw, gone := range removeAttachments {
+		err := e.backend.DeleteManagedNetwork(nw)
+		switch {
+		case err == nil:
+			continue
+		case errors.As(err, &activeEndpointsError):
+			// this is the purpose of the boolean in the map. it's literally
+			// just to log an appropriate, informative error. i'm unsure if
+			// this can ever actually occur, but we need to know if it does.
+			if gone {
+				log.G(ctx).Warnf("network %s should be removed, but still has active attachments", nw)
+			} else {
+				log.G(ctx).Warnf(
+					"network %s should have its node LB IP changed, but cannot be removed because of active attachments",
+					nw,
+				)
+			}
+			continue
+		case errors.As(err, &errNoSuchNetwork):
+			// NoSuchNetworkError indicates the network is already gone.
+			continue
+		default:
+			log.G(ctx).Errorf("network %s remove failed: %v", nw, err)
+		}
+	}
+
+	// now update our copy of the node object, reset the attachment store, and
+	// return
+	e.nodeObj = node
+
 	return e.backend.GetAttachmentStore().ResetAttachments(attachments)
 }
 
@@ -229,8 +307,7 @@ func (e *executor) Controller(t *api.Task) (exec.Controller, error) {
 		}
 		switch runtimeKind {
 		case string(swarmtypes.RuntimePlugin):
-			info, _ := e.backend.SystemInfo()
-			if !info.ExperimentalBuild {
+			if !e.backend.HasExperimental() {
 				return ctlr, fmt.Errorf("runtime type %q only supported in experimental", swarmtypes.RuntimePlugin)
 			}
 			c, err := plugin.NewController(e.pluginBackend, t)
diff --git a/daemon/cluster/executor/container/health_test.go b/daemon/cluster/executor/container/health_test.go
index 03d6273635548..3c2aeb6d1714e 100644
--- a/daemon/cluster/executor/container/health_test.go
+++ b/daemon/cluster/executor/container/health_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package container // import "github.com/docker/docker/daemon/cluster/executor/container"
diff --git a/daemon/cluster/executor/container/validate_test.go b/daemon/cluster/executor/container/validate_test.go
index 5e4694ff1bb8f..a7fa27099874f 100644
--- a/daemon/cluster/executor/container/validate_test.go
+++ b/daemon/cluster/executor/container/validate_test.go
@@ -1,7 +1,6 @@
 package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
-	"io/ioutil"
 	"os"
 	"strings"
 	"testing"
@@ -50,7 +49,7 @@ func TestControllerValidateMountBind(t *testing.T) {
 	}
 
 	// with proper source
-	tmpdir, err := ioutil.TempDir("", "TestControllerValidateMountBind")
+	tmpdir, err := os.MkdirTemp("", "TestControllerValidateMountBind")
 	if err != nil {
 		t.Fatalf("failed to create temp dir: %v", err)
 	}
@@ -86,7 +85,7 @@ func TestControllerValidateMountVolume(t *testing.T) {
 }
 
 func TestControllerValidateMountTarget(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestControllerValidateMountTarget")
+	tmpdir, err := os.MkdirTemp("", "TestControllerValidateMountTarget")
 	if err != nil {
 		t.Fatalf("failed to create temp dir: %v", err)
 	}
diff --git a/daemon/cluster/executor/container/validate_unix_test.go b/daemon/cluster/executor/container/validate_unix_test.go
index 7a3f053621310..bf57b9c7ffaf0 100644
--- a/daemon/cluster/executor/container/validate_unix_test.go
+++ b/daemon/cluster/executor/container/validate_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package container // import "github.com/docker/docker/daemon/cluster/executor/container"
diff --git a/daemon/cluster/executor/container/validate_windows_test.go b/daemon/cluster/executor/container/validate_windows_test.go
index e0d5bc2e60714..09f3ff4a1e7a2 100644
--- a/daemon/cluster/executor/container/validate_windows_test.go
+++ b/daemon/cluster/executor/container/validate_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package container // import "github.com/docker/docker/daemon/cluster/executor/container"
diff --git a/daemon/cluster/listen_addr.go b/daemon/cluster/listen_addr.go
index 44ea5fce42f31..ca49a93568d39 100644
--- a/daemon/cluster/listen_addr.go
+++ b/daemon/cluster/listen_addr.go
@@ -95,7 +95,7 @@ func validateDefaultAddrPool(defaultAddrPool []string, size uint32) error {
 		// defaultAddrPool is not defined
 		return nil
 	}
-	//if size is not set, then we use default value 24
+	// if size is not set, then we use default value 24
 	if size == 0 {
 		size = 24
 	}
@@ -123,6 +123,25 @@ func validateDefaultAddrPool(defaultAddrPool []string, size uint32) error {
 	return nil
 }
 
+// getDataPathPort validates vxlan udp port (data path port) number.
+// if no port is set, the default (4789) is returned
+// valid port numbers are between 1024 and 49151
+func getDataPathPort(portNum uint32) (uint32, error) {
+	// if the value comes as 0 by any reason we set it to default value 4789
+	if portNum == 0 {
+		portNum = 4789
+		return portNum, nil
+	}
+	// IANA procedures for each range in detail
+	// The Well Known Ports, aka the System Ports, from 0-1023
+	// The Registered Ports, aka the User Ports, from 1024-49151
+	// The Dynamic Ports, aka the Private Ports, from 49152-65535
+	// So we can allow range between 1024 to 49151
+	if portNum < 1024 || portNum > 49151 {
+		return 0, fmt.Errorf("Datapath port number is not in valid range (1024-49151) : %d", portNum)
+	}
+	return portNum, nil
+}
 func resolveDataPathAddr(dataPathAddr string) (string, error) {
 	if dataPathAddr == "" {
 		// dataPathAddr is not defined
diff --git a/daemon/cluster/listen_addr_others.go b/daemon/cluster/listen_addr_others.go
index fe75848e57f79..de3d25381b05e 100644
--- a/daemon/cluster/listen_addr_others.go
+++ b/daemon/cluster/listen_addr_others.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package cluster // import "github.com/docker/docker/daemon/cluster"
diff --git a/daemon/cluster/noderunner.go b/daemon/cluster/noderunner.go
index aa905d6780410..6bb2f47448349 100644
--- a/daemon/cluster/noderunner.go
+++ b/daemon/cluster/noderunner.go
@@ -4,14 +4,13 @@ import (
 	"context"
 	"fmt"
 	"path/filepath"
-	"runtime"
 	"strings"
 	"sync"
 	"time"
 
 	types "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/executor/container"
-	lncluster "github.com/docker/libnetwork/cluster"
+	lncluster "github.com/docker/docker/libnetwork/cluster"
 	swarmapi "github.com/docker/swarmkit/api"
 	swarmallocator "github.com/docker/swarmkit/manager/allocator/cnmallocator"
 	swarmnode "github.com/docker/swarmkit/node"
@@ -57,6 +56,8 @@ type nodeStartConfig struct {
 	DefaultAddressPool []string
 	// SubnetSize contains subnet size of DefaultAddressPool
 	SubnetSize uint32
+	// DataPathPort contains Data path port (VXLAN UDP port) number that is used for data traffic.
+	DataPathPort uint32
 	// JoinInProgress is set to true if a join operation has started, but
 	// not completed yet.
 	JoinInProgress bool
@@ -102,7 +103,7 @@ func (n *nodeRunner) Start(conf nodeStartConfig) error {
 
 func (n *nodeRunner) start(conf nodeStartConfig) error {
 	var control string
-	if runtime.GOOS == "windows" {
+	if isWindows {
 		control = `\\.\pipe\` + controlSocket
 	} else {
 		control = filepath.Join(n.cluster.runtimeRoot, controlSocket)
@@ -125,6 +126,7 @@ func (n *nodeRunner) start(conf nodeStartConfig) error {
 		NetworkConfig: &swarmallocator.NetworkConfig{
 			DefaultAddrPool: conf.DefaultAddressPool,
 			SubnetSize:      conf.SubnetSize,
+			VXLANUDPPort:    conf.DataPathPort,
 		},
 		JoinAddr:  joinAddr,
 		StateDir:  n.cluster.root,
@@ -295,6 +297,11 @@ func (n *nodeRunner) Stop() error {
 		n.cancelReconnect = nil
 	}
 	if n.swarmNode == nil {
+		// even though the swarm node is nil we still may need
+		// to send a node leave event to perform any cleanup required.
+		if n.cluster != nil {
+			n.cluster.SendClusterEvent(lncluster.EventNodeLeave)
+		}
 		n.mu.Unlock()
 		return nil
 	}
@@ -320,7 +327,7 @@ func (n *nodeRunner) State() nodeState {
 	ns := n.nodeState
 
 	if ns.err != nil || n.cancelReconnect != nil {
-		if errors.Cause(ns.err) == errSwarmLocked {
+		if errors.Is(ns.err, errSwarmLocked) {
 			ns.status = types.LocalNodeStateLocked
 		} else {
 			ns.status = types.LocalNodeStateError
diff --git a/daemon/cluster/nodes.go b/daemon/cluster/nodes.go
index 3c073b0bacc86..f0d70fe1ff6c6 100644
--- a/daemon/cluster/nodes.go
+++ b/daemon/cluster/nodes.go
@@ -8,6 +8,7 @@ import (
 	"github.com/docker/docker/daemon/cluster/convert"
 	"github.com/docker/docker/errdefs"
 	swarmapi "github.com/docker/swarmkit/api"
+	"google.golang.org/grpc"
 )
 
 // GetNodes returns a list of all nodes known to a cluster.
@@ -30,7 +31,9 @@ func (c *Cluster) GetNodes(options apitypes.NodeListOptions) ([]types.Node, erro
 
 	r, err := state.controlClient.ListNodes(
 		ctx,
-		&swarmapi.ListNodesRequest{Filters: filters})
+		&swarmapi.ListNodesRequest{Filters: filters},
+		grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse),
+	)
 	if err != nil {
 		return nil, err
 	}
@@ -63,7 +66,7 @@ func (c *Cluster) GetNode(input string) (types.Node, error) {
 
 // UpdateNode updates existing nodes properties.
 func (c *Cluster) UpdateNode(input string, version uint64, spec types.NodeSpec) error {
-	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+	return c.lockedManagerAction(func(_ context.Context, state nodeState) error {
 		nodeSpec, err := convert.NodeSpecToGRPC(spec)
 		if err != nil {
 			return errdefs.InvalidParameter(err)
diff --git a/daemon/cluster/secrets.go b/daemon/cluster/secrets.go
index c6fd842081678..6f652eb54d6b0 100644
--- a/daemon/cluster/secrets.go
+++ b/daemon/cluster/secrets.go
@@ -7,6 +7,7 @@ import (
 	types "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/convert"
 	swarmapi "github.com/docker/swarmkit/api"
+	"google.golang.org/grpc"
 )
 
 // GetSecret returns a secret from a managed swarm cluster
@@ -44,7 +45,9 @@ func (c *Cluster) GetSecrets(options apitypes.SecretListOptions) ([]types.Secret
 	defer cancel()
 
 	r, err := state.controlClient.ListSecrets(ctx,
-		&swarmapi.ListSecretsRequest{Filters: filters})
+		&swarmapi.ListSecretsRequest{Filters: filters},
+		grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse),
+	)
 	if err != nil {
 		return nil, err
 	}
diff --git a/daemon/cluster/services.go b/daemon/cluster/services.go
index c14037645c915..5b7536b0e2265 100644
--- a/daemon/cluster/services.go
+++ b/daemon/cluster/services.go
@@ -23,6 +23,7 @@ import (
 	gogotypes "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
 )
 
 // GetServices returns all services of a managed swarm cluster.
@@ -67,13 +68,21 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv
 
 	r, err := state.controlClient.ListServices(
 		ctx,
-		&swarmapi.ListServicesRequest{Filters: filters})
+		&swarmapi.ListServicesRequest{Filters: filters},
+		grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse),
+	)
 	if err != nil {
 		return nil, err
 	}
 
 	services := make([]types.Service, 0, len(r.Services))
 
+	// if the  user requests the service statuses, we'll store the IDs needed
+	// in this slice
+	var serviceIDs []string
+	if options.Status {
+		serviceIDs = make([]string, 0, len(r.Services))
+	}
 	for _, service := range r.Services {
 		if options.Filters.Contains("mode") {
 			var mode string
@@ -82,12 +91,19 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv
 				mode = "global"
 			case *swarmapi.ServiceSpec_Replicated:
 				mode = "replicated"
+			case *swarmapi.ServiceSpec_ReplicatedJob:
+				mode = "replicated-job"
+			case *swarmapi.ServiceSpec_GlobalJob:
+				mode = "global-job"
 			}
 
 			if !options.Filters.ExactMatch("mode", mode) {
 				continue
 			}
 		}
+		if options.Status {
+			serviceIDs = append(serviceIDs, service.ID)
+		}
 		svcs, err := convert.ServiceFromGRPC(*service)
 		if err != nil {
 			return nil, err
@@ -95,6 +111,50 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv
 		services = append(services, svcs)
 	}
 
+	if options.Status {
+		// Listing service statuses is a separate call because, while it is the
+		// most common UI operation, it is still just a UI operation, and it
+		// would be improper to include this data in swarm's Service object.
+		// We pay the cost with some complexity here, but this is still way
+		// more efficient than marshalling and unmarshalling all the JSON
+		// needed to list tasks and get this data otherwise client-side
+		resp, err := state.controlClient.ListServiceStatuses(
+			ctx,
+			&swarmapi.ListServiceStatusesRequest{Services: serviceIDs},
+			grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse),
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		// we'll need to match up statuses in the response with the services in
+		// the list operation. if we did this by operating on two lists, the
+		// result would be quadratic. instead, make a mapping of service IDs to
+		// service statuses so that this is roughly linear. additionally,
+		// convert the status response to an engine api service status here.
+		serviceMap := map[string]*types.ServiceStatus{}
+		for _, status := range resp.Statuses {
+			serviceMap[status.ServiceID] = &types.ServiceStatus{
+				RunningTasks:   status.RunningTasks,
+				DesiredTasks:   status.DesiredTasks,
+				CompletedTasks: status.CompletedTasks,
+			}
+		}
+
+		// because this is a list of values and not pointers, make sure we
+		// actually alter the value when iterating.
+		for i, service := range services {
+			// the return value of the ListServiceStatuses operation is
+			// guaranteed to contain a value in the response for every argument
+			// in the request, so we can safely do this assignment. and even if
+			// it wasn't, and the service ID was for some reason absent from
+			// this map, the resulting value of service.Status would just be
+			// nil -- the same thing it was before
+			service.ServiceStatus = serviceMap[service.ID]
+			services[i] = service
+		}
+	}
+
 	return services, nil
 }
 
@@ -141,8 +201,7 @@ func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string, queryRe
 		case *swarmapi.TaskSpec_Generic:
 			switch serviceSpec.Task.GetGeneric().Kind {
 			case string(types.RuntimePlugin):
-				info, _ := c.config.Backend.SystemInfo()
-				if !info.ExperimentalBuild {
+				if !c.config.Backend.HasExperimental() {
 					return fmt.Errorf("runtime type %q only supported in experimental", types.RuntimePlugin)
 				}
 				if s.TaskTemplate.PluginSpec == nil {
@@ -574,7 +633,7 @@ func (c *Cluster) imageWithDigestString(ctx context.Context, image string, authC
 			return "", errors.Errorf("image reference not tagged: %s", image)
 		}
 
-		repo, _, err := c.config.ImageBackend.GetRepository(ctx, taggedRef, authConfig)
+		repo, err := c.config.ImageBackend.GetRepository(ctx, taggedRef, authConfig)
 		if err != nil {
 			return "", err
 		}
diff --git a/daemon/cluster/swarm.go b/daemon/cluster/swarm.go
index 65dfe9eb45a05..e7bb7cc21d572 100644
--- a/daemon/cluster/swarm.go
+++ b/daemon/cluster/swarm.go
@@ -13,12 +13,13 @@ import (
 	"github.com/docker/docker/daemon/cluster/convert"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/stack"
 	swarmapi "github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/manager/encryption"
 	swarmnode "github.com/docker/swarmkit/node"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
 )
 
 // Init initializes new cluster from user provided request.
@@ -32,6 +33,7 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) {
 			// API handlers to finish before shutting down the node.
 			c.mu.Lock()
 			if !c.nr.nodeState.IsManager() {
+				c.mu.Unlock()
 				return "", errSwarmNotManager
 			}
 			c.mu.Unlock()
@@ -92,10 +94,15 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) {
 		}
 	}
 
-	//Validate Default Address Pool input
 	if err := validateDefaultAddrPool(req.DefaultAddrPool, req.SubnetSize); err != nil {
 		return "", err
 	}
+
+	port, err := getDataPathPort(req.DataPathPort)
+	if err != nil {
+		return "", err
+	}
+
 	nr, err := c.newNodeRunner(nodeStartConfig{
 		forceNewCluster:    req.ForceNewCluster,
 		autolock:           req.AutoLockManagers,
@@ -106,6 +113,7 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) {
 		DefaultAddressPool: req.DefaultAddrPool,
 		SubnetSize:         req.SubnetSize,
 		availability:       req.Availability,
+		DataPathPort:       port,
 	})
 	if err != nil {
 		return "", err
@@ -187,8 +195,11 @@ func (c *Cluster) Join(req types.JoinRequest) error {
 	c.nr = nr
 	c.mu.Unlock()
 
+	timeout := time.NewTimer(swarmConnectTimeout)
+	defer timeout.Stop()
+
 	select {
-	case <-time.After(swarmConnectTimeout):
+	case <-timeout.C:
 		return errSwarmJoinTimeoutReached
 	case err := <-nr.Ready():
 		if err != nil {
@@ -336,7 +347,7 @@ func (c *Cluster) UnlockSwarm(req types.UnlockRequest) error {
 	c.mu.Unlock()
 
 	if err := <-nr.Ready(); err != nil {
-		if errors.Cause(err) == errSwarmLocked {
+		if errors.Is(err, errSwarmLocked) {
 			return invalidUnlockKey{}
 		}
 		return errors.Errorf("swarm component could not be started: %v", err)
@@ -360,7 +371,7 @@ func (c *Cluster) Leave(force bool) error {
 
 	c.mu.Unlock()
 
-	if errors.Cause(state.err) == errSwarmLocked && !force {
+	if errors.Is(state.err, errSwarmLocked) && !force {
 		// leave a locked swarm without --force is not allowed
 		return errors.WithStack(notAvailableError("Swarm is encrypted and locked. Please unlock it first or use `--force` to ignore this message."))
 	}
@@ -388,7 +399,7 @@ func (c *Cluster) Leave(force bool) error {
 	// release readers in here
 	if err := nr.Stop(); err != nil {
 		logrus.Errorf("failed to shut down cluster node: %v", err)
-		signal.DumpStacks("")
+		stack.Dump()
 		return err
 	}
 
@@ -442,7 +453,10 @@ func (c *Cluster) Info() types.Info {
 
 		info.Cluster = &swarm.ClusterInfo
 
-		if r, err := state.controlClient.ListNodes(ctx, &swarmapi.ListNodesRequest{}); err != nil {
+		if r, err := state.controlClient.ListNodes(
+			ctx, &swarmapi.ListNodesRequest{},
+			grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse),
+		); err != nil {
 			info.Error = err.Error()
 		} else {
 			info.Nodes = len(r.Nodes)
@@ -452,6 +466,20 @@ func (c *Cluster) Info() types.Info {
 				}
 			}
 		}
+
+		switch info.LocalNodeState {
+		case types.LocalNodeStateInactive, types.LocalNodeStateLocked, types.LocalNodeStateError:
+			// nothing to do
+		default:
+			if info.Managers == 2 {
+				const warn string = `WARNING: Running Swarm in a two-manager configuration. This configuration provides
+         no fault tolerance, and poses a high risk to lose control over the cluster.
+         Refer to https://docs.docker.com/engine/swarm/admin_guide/ to configure the
+         Swarm for fault-tolerance.`
+
+				info.Warnings = append(info.Warnings, warn)
+			}
+		}
 	}
 
 	if state.swarmNode != nil {
diff --git a/daemon/cluster/tasks.go b/daemon/cluster/tasks.go
index de1240dfe89e1..f1001ea0bac3c 100644
--- a/daemon/cluster/tasks.go
+++ b/daemon/cluster/tasks.go
@@ -8,6 +8,7 @@ import (
 	types "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/convert"
 	swarmapi "github.com/docker/swarmkit/api"
+	"google.golang.org/grpc"
 )
 
 // GetTasks returns a list of tasks matching the filter options.
@@ -53,7 +54,9 @@ func (c *Cluster) GetTasks(options apitypes.TaskListOptions) ([]types.Task, erro
 
 		r, err = state.controlClient.ListTasks(
 			ctx,
-			&swarmapi.ListTasksRequest{Filters: filters})
+			&swarmapi.ListTasksRequest{Filters: filters},
+			grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse),
+		)
 		return err
 	}); err != nil {
 		return nil, err
diff --git a/daemon/cluster/utils.go b/daemon/cluster/utils.go
index d55e0012b7558..e1493de413e29 100644
--- a/daemon/cluster/utils.go
+++ b/daemon/cluster/utils.go
@@ -2,7 +2,6 @@ package cluster // import "github.com/docker/docker/daemon/cluster"
 
 import (
 	"encoding/json"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -10,7 +9,7 @@ import (
 )
 
 func loadPersistentState(root string) (*nodeStartConfig, error) {
-	dt, err := ioutil.ReadFile(filepath.Join(root, stateFile))
+	dt, err := os.ReadFile(filepath.Join(root, stateFile))
 	if err != nil {
 		return nil, err
 	}
@@ -40,7 +39,7 @@ func clearPersistentState(root string) error {
 	// todo: backup this data instead of removing?
 	// rather than delete the entire swarm directory, delete the contents in order to preserve the inode
 	// (for example, allowing it to be bind-mounted)
-	files, err := ioutil.ReadDir(root)
+	files, err := os.ReadDir(root)
 	if err != nil {
 		return err
 	}
diff --git a/daemon/commit.go b/daemon/commit.go
index 0f6f440514b9f..302e9a95d6fe5 100644
--- a/daemon/commit.go
+++ b/daemon/commit.go
@@ -40,7 +40,7 @@ func merge(userConf, imageConf *containertypes.Config) error {
 			imageEnvKey := strings.Split(imageEnv, "=")[0]
 			for _, userEnv := range userConf.Env {
 				userEnvKey := strings.Split(userEnv, "=")[0]
-				if runtime.GOOS == "windows" {
+				if isWindows {
 					// Case insensitive environment variables on Windows
 					imageEnvKey = strings.ToUpper(imageEnvKey)
 					userEnvKey = strings.ToUpper(userEnvKey)
@@ -68,7 +68,6 @@ func merge(userConf, imageConf *containertypes.Config) error {
 	if len(userConf.Entrypoint) == 0 {
 		if len(userConf.Cmd) == 0 {
 			userConf.Cmd = imageConf.Cmd
-			userConf.ArgsEscaped = imageConf.ArgsEscaped
 		}
 
 		if userConf.Entrypoint == nil {
@@ -125,7 +124,7 @@ func (daemon *Daemon) CreateImageFromContainer(name string, c *backend.CreateIma
 	}
 
 	// It is not possible to commit a running container on Windows
-	if (runtime.GOOS == "windows") && container.IsRunning() {
+	if isWindows && container.IsRunning() {
 		return "", errors.Errorf("%+v does not support commit of a running container", runtime.GOOS)
 	}
 
diff --git a/daemon/config/builder.go b/daemon/config/builder.go
index ac85e76b303d7..07eb5ced20bc8 100644
--- a/daemon/config/builder.go
+++ b/daemon/config/builder.go
@@ -1,12 +1,57 @@
 package config
 
-import "github.com/docker/docker/api/types/filters"
+import (
+	"encoding/json"
+	"fmt"
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/api/types/filters"
+)
 
 // BuilderGCRule represents a GC rule for buildkit cache
 type BuilderGCRule struct {
-	All         bool         `json:",omitempty"`
-	Filter      filters.Args `json:",omitempty"`
-	KeepStorage string       `json:",omitempty"`
+	All         bool            `json:",omitempty"`
+	Filter      BuilderGCFilter `json:",omitempty"`
+	KeepStorage string          `json:",omitempty"`
+}
+
+// BuilderGCFilter contains garbage-collection filter rules for a BuildKit builder
+type BuilderGCFilter filters.Args
+
+// MarshalJSON returns a JSON byte representation of the BuilderGCFilter
+func (x *BuilderGCFilter) MarshalJSON() ([]byte, error) {
+	f := filters.Args(*x)
+	keys := f.Keys()
+	sort.Strings(keys)
+	arr := make([]string, 0, len(keys))
+	for _, k := range keys {
+		values := f.Get(k)
+		for _, v := range values {
+			arr = append(arr, fmt.Sprintf("%s=%s", k, v))
+		}
+	}
+	return json.Marshal(arr)
+}
+
+// UnmarshalJSON fills the BuilderGCFilter values structure from JSON input
+func (x *BuilderGCFilter) UnmarshalJSON(data []byte) error {
+	var arr []string
+	f := filters.NewArgs()
+	if err := json.Unmarshal(data, &arr); err != nil {
+		// backwards compat for deprecated buggy form
+		err := json.Unmarshal(data, &f)
+		*x = BuilderGCFilter(f)
+		return err
+	}
+	for _, s := range arr {
+		fields := strings.SplitN(s, "=", 2)
+		name := strings.ToLower(strings.TrimSpace(fields[0]))
+		value := strings.TrimSpace(fields[1])
+		f.Add(name, value)
+	}
+	*x = BuilderGCFilter(f)
+	return nil
 }
 
 // BuilderGCConfig contains GC config for a buildkit builder
@@ -16,7 +61,14 @@ type BuilderGCConfig struct {
 	DefaultKeepStorage string          `json:",omitempty"`
 }
 
+// BuilderEntitlements contains settings to enable/disable entitlements
+type BuilderEntitlements struct {
+	NetworkHost      *bool `json:"network-host,omitempty"`
+	SecurityInsecure *bool `json:"security-insecure,omitempty"`
+}
+
 // BuilderConfig contains config for the builder
 type BuilderConfig struct {
-	GC BuilderGCConfig `json:",omitempty"`
+	GC           BuilderGCConfig     `json:",omitempty"`
+	Entitlements BuilderEntitlements `json:",omitempty"`
 }
diff --git a/daemon/config/builder_test.go b/daemon/config/builder_test.go
new file mode 100644
index 0000000000000..6b4576446b493
--- /dev/null
+++ b/daemon/config/builder_test.go
@@ -0,0 +1,44 @@
+package config
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/filters"
+	"github.com/google/go-cmp/cmp"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/fs"
+)
+
+func TestBuilderGC(t *testing.T) {
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{
+  "builder": {
+    "gc": {
+      "enabled": true,
+      "policy": [
+        {"keepStorage": "10GB", "filter": ["unused-for=2200h"]},
+        {"keepStorage": "50GB", "filter": {"unused-for": {"3300h": true}}},
+        {"keepStorage": "100GB", "all": true}
+      ]
+    }
+  }
+}`))
+	defer tempFile.Remove()
+	configFile := tempFile.Path()
+
+	cfg, err := MergeDaemonConfigurations(&Config{}, nil, configFile)
+	assert.NilError(t, err)
+	assert.Assert(t, cfg.Builder.GC.Enabled)
+	f1 := filters.NewArgs()
+	f1.Add("unused-for", "2200h")
+	f2 := filters.NewArgs()
+	f2.Add("unused-for", "3300h")
+	expectedPolicy := []BuilderGCRule{
+		{KeepStorage: "10GB", Filter: BuilderGCFilter(f1)},
+		{KeepStorage: "50GB", Filter: BuilderGCFilter(f2)}, /* parsed from deprecated form */
+		{KeepStorage: "100GB", All: true},
+	}
+	assert.DeepEqual(t, cfg.Builder.GC.Policy, expectedPolicy, cmp.AllowUnexported(BuilderGCFilter{}))
+	// double check to please the skeptics
+	assert.Assert(t, filters.Args(cfg.Builder.GC.Policy[0].Filter).UniqueExactMatch("unused-for", "2200h"))
+	assert.Assert(t, filters.Args(cfg.Builder.GC.Policy[1].Filter).UniqueExactMatch("unused-for", "3300h"))
+}
diff --git a/daemon/config/config.go b/daemon/config/config.go
index 8b2c844a579f0..fa534f3249b9d 100644
--- a/daemon/config/config.go
+++ b/daemon/config/config.go
@@ -3,13 +3,11 @@ package config // import "github.com/docker/docker/daemon/config"
 import (
 	"bytes"
 	"encoding/json"
-	"errors"
 	"fmt"
-	"io"
-	"io/ioutil"
+	"net"
+	"net/url"
 	"os"
 	"reflect"
-	"runtime"
 	"strings"
 	"sync"
 
@@ -19,6 +17,7 @@ import (
 	"github.com/docker/docker/pkg/discovery"
 	"github.com/docker/docker/registry"
 	"github.com/imdario/mergo"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 )
@@ -32,9 +31,10 @@ const (
 	// maximum number of uploads that
 	// may take place at a time for each push.
 	DefaultMaxConcurrentUploads = 5
-	// StockRuntimeName is the reserved name/alias used to represent the
-	// OCI runtime being shipped with the docker daemon package.
-	StockRuntimeName = "runc"
+	// DefaultDownloadAttempts is the default value for
+	// maximum number of attempts that
+	// may take place at a time for each pull when the connection is lost.
+	DefaultDownloadAttempts = 5
 	// DefaultShmSize is the default value for container's shm size
 	DefaultShmSize = int64(67108864)
 	// DefaultNetworkMtu is the default value for network MTU
@@ -43,8 +43,33 @@ const (
 	DisableNetworkBridge = "none"
 	// DefaultInitBinary is the name of the default init binary
 	DefaultInitBinary = "docker-init"
+	// DefaultShimBinary is the default shim to be used by containerd if none
+	// is specified
+	DefaultShimBinary = "containerd-shim"
+	// DefaultRuntimeBinary is the default runtime to be used by
+	// containerd if none is specified
+	DefaultRuntimeBinary = "runc"
+
+	// LinuxV1RuntimeName is the runtime used to specify the containerd v1 shim with the runc binary
+	// Note this is different than io.containerd.runc.v1 which would be the v1 shim using the v2 shim API.
+	// This is specifically for the v1 shim using the v1 shim API.
+	LinuxV1RuntimeName = "io.containerd.runtime.v1.linux"
+	// LinuxV2RuntimeName is the runtime used to specify the containerd v2 runc shim
+	LinuxV2RuntimeName = "io.containerd.runc.v2"
+
+	// SeccompProfileDefault is the built-in default seccomp profile.
+	SeccompProfileDefault = "builtin"
+	// SeccompProfileUnconfined is a special profile name for seccomp to use an
+	// "unconfined" seccomp profile.
+	SeccompProfileUnconfined = "unconfined"
 )
 
+var builtinRuntimes = map[string]bool{
+	StockRuntimeName:   true,
+	LinuxV1RuntimeName: true,
+	LinuxV2RuntimeName: true,
+}
+
 // flatOptions contains configuration keys
 // that MUST NOT be parsed as deep structures.
 // Use this to differentiate these options
@@ -64,6 +89,8 @@ var flatOptions = map[string]bool{
 var skipValidateOptions = map[string]bool{
 	"features": true,
 	"builder":  true,
+	// Corresponding flag has been removed because it was already unusable
+	"deprecated-key-path": true,
 }
 
 // skipDuplicates contains configuration keys that
@@ -108,6 +135,14 @@ type CommonTLSOptions struct {
 	KeyFile  string `json:"tlskey,omitempty"`
 }
 
+// DNSConfig defines the DNS configurations.
+type DNSConfig struct {
+	DNS           []string `json:"dns,omitempty"`
+	DNSOptions    []string `json:"dns-opts,omitempty"`
+	DNSSearch     []string `json:"dns-search,omitempty"`
+	HostGatewayIP net.IP   `json:"host-gateway-ip,omitempty"`
+}
+
 // CommonConfig defines the configuration of a docker daemon which is
 // common across platforms.
 // It includes json tags to deserialize configuration from a file
@@ -118,9 +153,6 @@ type CommonConfig struct {
 	AutoRestart           bool                      `json:"-"`
 	Context               map[string][]string       `json:"-"`
 	DisableBridge         bool                      `json:"-"`
-	DNS                   []string                  `json:"dns,omitempty"`
-	DNSOptions            []string                  `json:"dns-opts,omitempty"`
-	DNSSearch             []string                  `json:"dns-search,omitempty"`
 	ExecOptions           []string                  `json:"exec-opts,omitempty"`
 	GraphDriver           string                    `json:"storage-driver,omitempty"`
 	GraphOptions          []string                  `json:"storage-opts,omitempty"`
@@ -134,6 +166,7 @@ type CommonConfig struct {
 	ExecRoot              string                    `json:"exec-root,omitempty"`
 	SocketGroup           string                    `json:"group,omitempty"`
 	CorsHeaders           string                    `json:"api-cors-header,omitempty"`
+	ProxyConfig
 
 	// TrustKeyPath is used to generate the daemon ID and for signing schema 1 manifests
 	// when pushing to a registry which does not support schema 2. This field is marked as
@@ -148,15 +181,18 @@ type CommonConfig struct {
 	// ClusterStore is the storage backend used for the cluster information. It is used by both
 	// multihost networking (to store networks and endpoints information) and by the node discovery
 	// mechanism.
+	// Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
 	ClusterStore string `json:"cluster-store,omitempty"`
 
 	// ClusterOpts is used to pass options to the discovery package for tuning libkv settings, such
 	// as TLS configuration settings.
+	// Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
 	ClusterOpts map[string]string `json:"cluster-store-opts,omitempty"`
 
 	// ClusterAdvertise is the network endpoint that the Engine advertises for the purpose of node
 	// discovery. This should be a 'host:port' combination on which that daemon instance is
 	// reachable by other hosts.
+	// Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
 	ClusterAdvertise string `json:"cluster-advertise,omitempty"`
 
 	// MaxConcurrentDownloads is the maximum number of downloads that
@@ -167,6 +203,10 @@ type CommonConfig struct {
 	// may take place at a time for each push.
 	MaxConcurrentUploads *int `json:"max-concurrent-uploads,omitempty"`
 
+	// MaxDownloadAttempts is the maximum number of attempts that
+	// may take place at a time for each push.
+	MaxDownloadAttempts *int `json:"max-download-attempts,omitempty"`
+
 	// ShutdownTimeout is the timeout value (in seconds) the daemon will wait for the container
 	// to stop when daemon is being shutdown
 	ShutdownTimeout int `json:"shutdown-timeout,omitempty"`
@@ -174,8 +214,8 @@ type CommonConfig struct {
 	Debug     bool     `json:"debug,omitempty"`
 	Hosts     []string `json:"hosts,omitempty"`
 	LogLevel  string   `json:"log-level,omitempty"`
-	TLS       bool     `json:"tls,omitempty"`
-	TLSVerify bool     `json:"tlsverify,omitempty"`
+	TLS       *bool    `json:"tls,omitempty"`
+	TLSVerify *bool    `json:"tlsverify,omitempty"`
 
 	// Embedded structs that allow config
 	// deserialization without the full struct.
@@ -199,6 +239,7 @@ type CommonConfig struct {
 
 	MetricsAddress string `json:"metrics-addr"`
 
+	DNSConfig
 	LogConfig
 	BridgeConfig // bridgeConfig holds bridge network specific configuration.
 	NetworkConfig
@@ -229,6 +270,18 @@ type CommonConfig struct {
 	Features map[string]bool `json:"features,omitempty"`
 
 	Builder BuilderConfig `json:"builder,omitempty"`
+
+	ContainerdNamespace       string `json:"containerd-namespace,omitempty"`
+	ContainerdPluginNamespace string `json:"containerd-plugin-namespace,omitempty"`
+
+	DefaultRuntime string `json:"default-runtime,omitempty"`
+}
+
+// ProxyConfig holds the proxy-configuration for the daemon.
+type ProxyConfig struct {
+	HTTPProxy  string `json:"http-proxy,omitempty"`
+	HTTPSProxy string `json:"https-proxy,omitempty"`
+	NoProxy    string `json:"no-proxy,omitempty"`
 }
 
 // IsValueSet returns true if a configuration value
@@ -243,14 +296,14 @@ func (conf *Config) IsValueSet(name string) bool {
 
 // New returns a new fully initialized Config struct
 func New() *Config {
-	config := Config{}
-	config.LogConfig.Config = make(map[string]string)
-	config.ClusterOpts = make(map[string]string)
-
-	if runtime.GOOS != "linux" {
-		config.V2Only = true
+	return &Config{
+		CommonConfig: CommonConfig{
+			LogConfig: LogConfig{
+				Config: make(map[string]string),
+			},
+			ClusterOpts: make(map[string]string),
+		},
 	}
-	return &config
 }
 
 // ParseClusterAdvertiseSettings parses the specified advertise settings
@@ -264,7 +317,7 @@ func ParseClusterAdvertiseSettings(clusterStore, clusterAdvertise string) (strin
 
 	advertise, err := discovery.ParseAdvertise(clusterAdvertise)
 	if err != nil {
-		return "", fmt.Errorf("discovery advertise parsing failed (%v)", err)
+		return "", errors.Wrap(err, "discovery advertise parsing failed")
 	}
 	return advertise, nil
 }
@@ -293,38 +346,19 @@ func GetConflictFreeLabels(labels []string) ([]string, error) {
 	return newLabels, nil
 }
 
-// ValidateReservedNamespaceLabels errors if the reserved namespaces com.docker.*,
-// io.docker.*, org.dockerproject.* are used in a configured engine label.
-//
-// TODO: This is a separate function because we need to warn users first of the
-// deprecation.  When we return an error, this logic can be added to Validate
-// or GetConflictFreeLabels instead of being here.
-func ValidateReservedNamespaceLabels(labels []string) error {
-	for _, label := range labels {
-		lowered := strings.ToLower(label)
-		if strings.HasPrefix(lowered, "com.docker.") || strings.HasPrefix(lowered, "io.docker.") ||
-			strings.HasPrefix(lowered, "org.dockerproject.") {
-			return fmt.Errorf(
-				"label %s not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for Docker's internal use",
-				label)
-		}
-	}
-	return nil
-}
-
 // Reload reads the configuration in the host and reloads the daemon and server.
 func Reload(configFile string, flags *pflag.FlagSet, reload func(*Config)) error {
 	logrus.Infof("Got signal to reload configuration, reloading from: %s", configFile)
 	newConfig, err := getConflictFreeConfiguration(configFile, flags)
 	if err != nil {
 		if flags.Changed("config-file") || !os.IsNotExist(err) {
-			return fmt.Errorf("unable to configure the Docker daemon with file %s: %v", configFile, err)
+			return errors.Wrapf(err, "unable to configure the Docker daemon with file %s", configFile)
 		}
 		newConfig = New()
 	}
 
 	if err := Validate(newConfig); err != nil {
-		return fmt.Errorf("file configuration validation failed (%v)", err)
+		return errors.Wrap(err, "file configuration validation failed")
 	}
 
 	// Check if duplicate label-keys with different values are found
@@ -355,7 +389,7 @@ func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, config
 	}
 
 	if err := Validate(fileConfig); err != nil {
-		return nil, fmt.Errorf("configuration validation from file failed (%v)", err)
+		return nil, errors.Wrap(err, "configuration validation from file failed")
 	}
 
 	// merge flags configuration on top of the file configuration
@@ -366,7 +400,7 @@ func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, config
 	// We need to validate again once both fileConfig and flagsConfig
 	// have been merged
 	if err := Validate(fileConfig); err != nil {
-		return nil, fmt.Errorf("merged configuration validation from file and command line flags failed (%v)", err)
+		return nil, errors.Wrap(err, "merged configuration validation from file and command line flags failed")
 	}
 
 	return fileConfig, nil
@@ -376,17 +410,22 @@ func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, config
 // It compares that configuration with the one provided by the flags,
 // and returns an error if there are conflicts.
 func getConflictFreeConfiguration(configFile string, flags *pflag.FlagSet) (*Config, error) {
-	b, err := ioutil.ReadFile(configFile)
+	b, err := os.ReadFile(configFile)
 	if err != nil {
 		return nil, err
 	}
 
 	var config Config
-	var reader io.Reader
+
+	b = bytes.TrimSpace(b)
+	if len(b) == 0 {
+		// empty config file
+		return &config, nil
+	}
+
 	if flags != nil {
 		var jsonConfig map[string]interface{}
-		reader = bytes.NewReader(b)
-		if err := json.NewDecoder(reader).Decode(&jsonConfig); err != nil {
+		if err := json.Unmarshal(b, &jsonConfig); err != nil {
 			return nil, err
 		}
 
@@ -429,8 +468,7 @@ func getConflictFreeConfiguration(configFile string, flags *pflag.FlagSet) (*Con
 		config.ValuesSet = configSet
 	}
 
-	reader = bytes.NewReader(b)
-	if err := json.NewDecoder(reader).Decode(&config); err != nil {
+	if err := json.Unmarshal(b, &config); err != nil {
 		return nil, err
 	}
 
@@ -438,7 +476,7 @@ func getConflictFreeConfiguration(configFile string, flags *pflag.FlagSet) (*Con
 		logrus.Warn(`The "graph" config file option is deprecated. Please use "data-root" instead.`)
 
 		if config.Root != "" {
-			return nil, fmt.Errorf(`cannot specify both "graph" and "data-root" config file options`)
+			return nil, errors.New(`cannot specify both "graph" and "data-root" config file options`)
 		}
 
 		config.Root = config.RootDeprecated
@@ -480,9 +518,7 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
 	if len(unknownKeys) > 0 {
 		unknownNamedConflicts := func(f *pflag.Flag) {
 			if namedOption, ok := f.Value.(opts.NamedOption); ok {
-				if _, valid := unknownKeys[namedOption.Name()]; valid {
-					delete(unknownKeys, namedOption.Name())
-				}
+				delete(unknownKeys, namedOption.Name())
 			}
 		}
 		flags.VisitAll(unknownNamedConflicts)
@@ -498,6 +534,11 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
 
 	var conflicts []string
 	printConflict := func(name string, flagValue, fileValue interface{}) string {
+		switch name {
+		case "http-proxy", "https-proxy":
+			flagValue = MaskCredentials(flagValue.(string))
+			fileValue = MaskCredentials(fileValue.(string))
+		}
 		return fmt.Sprintf("%s: (from flag: %v, from file: %v)", name, flagValue, fileValue)
 	}
 
@@ -529,7 +570,7 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
 
 // Validate validates some specific configs.
 // such as config.DNS, config.Labels, config.DNSSearch,
-// as well as config.MaxConcurrentDownloads, config.MaxConcurrentUploads.
+// as well as config.MaxConcurrentDownloads, config.MaxConcurrentUploads and config.MaxDownloadAttempts.
 func Validate(config *Config) error {
 	// validate DNS
 	for _, dns := range config.DNS {
@@ -559,6 +600,9 @@ func Validate(config *Config) error {
 	if config.MaxConcurrentUploads != nil && *config.MaxConcurrentUploads < 0 {
 		return fmt.Errorf("invalid max concurrent uploads: %d", *config.MaxConcurrentUploads)
 	}
+	if err := ValidateMaxDownloadAttempts(config); err != nil {
+		return err
+	}
 
 	// validate that "default" runtime is not reset
 	if runtimes := config.GetAllRuntimes(); len(runtimes) > 0 {
@@ -571,10 +615,12 @@ func Validate(config *Config) error {
 		return err
 	}
 
-	if defaultRuntime := config.GetDefaultRuntimeName(); defaultRuntime != "" && defaultRuntime != StockRuntimeName {
-		runtimes := config.GetAllRuntimes()
-		if _, ok := runtimes[defaultRuntime]; !ok {
-			return fmt.Errorf("specified default runtime '%s' does not exist", defaultRuntime)
+	if defaultRuntime := config.GetDefaultRuntimeName(); defaultRuntime != "" {
+		if !builtinRuntimes[defaultRuntime] {
+			runtimes := config.GetAllRuntimes()
+			if _, ok := runtimes[defaultRuntime]; !ok {
+				return fmt.Errorf("specified default runtime '%s' does not exist", defaultRuntime)
+			}
 		}
 	}
 
@@ -582,6 +628,14 @@ func Validate(config *Config) error {
 	return config.ValidatePlatformConfig()
 }
 
+// ValidateMaxDownloadAttempts validates if the max-download-attempts is within the valid range
+func ValidateMaxDownloadAttempts(config *Config) error {
+	if config.MaxDownloadAttempts != nil && *config.MaxDownloadAttempts <= 0 {
+		return fmt.Errorf("invalid max download attempts: %d", *config.MaxDownloadAttempts)
+	}
+	return nil
+}
+
 // ModifiedDiscoverySettings returns whether the discovery configuration has been modified or not.
 func ModifiedDiscoverySettings(config *Config, backendType, advertise string, clusterOpts map[string]string) bool {
 	if config.ClusterStore != backendType || config.ClusterAdvertise != advertise {
@@ -596,3 +650,22 @@ func ModifiedDiscoverySettings(config *Config, backendType, advertise string, cl
 
 	return !reflect.DeepEqual(config.ClusterOpts, clusterOpts)
 }
+
+// GetDefaultRuntimeName returns the current default runtime
+func (conf *Config) GetDefaultRuntimeName() string {
+	conf.Lock()
+	rt := conf.DefaultRuntime
+	conf.Unlock()
+
+	return rt
+}
+
+// MaskCredentials masks credentials that are in an URL.
+func MaskCredentials(rawURL string) string {
+	parsedURL, err := url.Parse(rawURL)
+	if err != nil || parsedURL.User == nil {
+		return rawURL
+	}
+	parsedURL.User = url.UserPassword("xxxxx", "xxxxx")
+	return parsedURL.String()
+}
diff --git a/daemon/config/config_common_unix.go b/daemon/config/config_common_unix.go
deleted file mode 100644
index 0a862d3b50a9b..0000000000000
--- a/daemon/config/config_common_unix.go
+++ /dev/null
@@ -1,77 +0,0 @@
-// +build linux freebsd
-
-package config // import "github.com/docker/docker/daemon/config"
-
-import (
-	"net"
-
-	"github.com/docker/docker/api/types"
-)
-
-// CommonUnixConfig defines configuration of a docker daemon that is
-// common across Unix platforms.
-type CommonUnixConfig struct {
-	Runtimes          map[string]types.Runtime `json:"runtimes,omitempty"`
-	DefaultRuntime    string                   `json:"default-runtime,omitempty"`
-	DefaultInitBinary string                   `json:"default-init,omitempty"`
-}
-
-type commonUnixBridgeConfig struct {
-	DefaultIP                   net.IP `json:"ip,omitempty"`
-	IP                          string `json:"bip,omitempty"`
-	DefaultGatewayIPv4          net.IP `json:"default-gateway,omitempty"`
-	DefaultGatewayIPv6          net.IP `json:"default-gateway-v6,omitempty"`
-	InterContainerCommunication bool   `json:"icc,omitempty"`
-}
-
-// GetRuntime returns the runtime path and arguments for a given
-// runtime name
-func (conf *Config) GetRuntime(name string) *types.Runtime {
-	conf.Lock()
-	defer conf.Unlock()
-	if rt, ok := conf.Runtimes[name]; ok {
-		return &rt
-	}
-	return nil
-}
-
-// GetDefaultRuntimeName returns the current default runtime
-func (conf *Config) GetDefaultRuntimeName() string {
-	conf.Lock()
-	rt := conf.DefaultRuntime
-	conf.Unlock()
-
-	return rt
-}
-
-// GetAllRuntimes returns a copy of the runtimes map
-func (conf *Config) GetAllRuntimes() map[string]types.Runtime {
-	conf.Lock()
-	rts := conf.Runtimes
-	conf.Unlock()
-	return rts
-}
-
-// GetExecRoot returns the user configured Exec-root
-func (conf *Config) GetExecRoot() string {
-	return conf.ExecRoot
-}
-
-// GetInitPath returns the configured docker-init path
-func (conf *Config) GetInitPath() string {
-	conf.Lock()
-	defer conf.Unlock()
-	if conf.InitPath != "" {
-		return conf.InitPath
-	}
-	if conf.DefaultInitBinary != "" {
-		return conf.DefaultInitBinary
-	}
-	return DefaultInitBinary
-}
-
-// GetResolvConf returns the appropriate resolv.conf
-// Check setupResolvConf on how this is selected
-func (conf *Config) GetResolvConf() string {
-	return conf.ResolvConf
-}
diff --git a/daemon/config/config_common_unix_test.go b/daemon/config/config_common_unix_test.go
deleted file mode 100644
index 47774a8ec1a18..0000000000000
--- a/daemon/config/config_common_unix_test.go
+++ /dev/null
@@ -1,84 +0,0 @@
-// +build !windows
-
-package config // import "github.com/docker/docker/daemon/config"
-
-import (
-	"testing"
-
-	"github.com/docker/docker/api/types"
-)
-
-func TestCommonUnixValidateConfigurationErrors(t *testing.T) {
-	testCases := []struct {
-		config *Config
-	}{
-		// Can't override the stock runtime
-		{
-			config: &Config{
-				CommonUnixConfig: CommonUnixConfig{
-					Runtimes: map[string]types.Runtime{
-						StockRuntimeName: {},
-					},
-				},
-			},
-		},
-		// Default runtime should be present in runtimes
-		{
-			config: &Config{
-				CommonUnixConfig: CommonUnixConfig{
-					Runtimes: map[string]types.Runtime{
-						"foo": {},
-					},
-					DefaultRuntime: "bar",
-				},
-			},
-		},
-	}
-	for _, tc := range testCases {
-		err := Validate(tc.config)
-		if err == nil {
-			t.Fatalf("expected error, got nil for config %v", tc.config)
-		}
-	}
-}
-
-func TestCommonUnixGetInitPath(t *testing.T) {
-	testCases := []struct {
-		config           *Config
-		expectedInitPath string
-	}{
-		{
-			config: &Config{
-				InitPath: "some-init-path",
-			},
-			expectedInitPath: "some-init-path",
-		},
-		{
-			config: &Config{
-				CommonUnixConfig: CommonUnixConfig{
-					DefaultInitBinary: "foo-init-bin",
-				},
-			},
-			expectedInitPath: "foo-init-bin",
-		},
-		{
-			config: &Config{
-				InitPath: "init-path-A",
-				CommonUnixConfig: CommonUnixConfig{
-					DefaultInitBinary: "init-path-B",
-				},
-			},
-			expectedInitPath: "init-path-A",
-		},
-		{
-			config:           &Config{},
-			expectedInitPath: "docker-init",
-		},
-	}
-	for _, tc := range testCases {
-		initPath := tc.config.GetInitPath()
-		if initPath != tc.expectedInitPath {
-			t.Fatalf("expected initPath to be %v, got %v", tc.expectedInitPath, initPath)
-		}
-	}
-}
diff --git a/daemon/config/config_linux.go b/daemon/config/config_linux.go
new file mode 100644
index 0000000000000..498e9e74fb511
--- /dev/null
+++ b/daemon/config/config_linux.go
@@ -0,0 +1,166 @@
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/opts"
+	units "github.com/docker/go-units"
+)
+
+const (
+	// DefaultIpcMode is default for container's IpcMode, if not set otherwise
+	DefaultIpcMode = containertypes.IPCModePrivate
+
+	// DefaultCgroupNamespaceMode is the default mode for containers cgroup namespace when using cgroups v2.
+	DefaultCgroupNamespaceMode = containertypes.CgroupnsModePrivate
+
+	// DefaultCgroupV1NamespaceMode is the default mode for containers cgroup namespace when using cgroups v1.
+	DefaultCgroupV1NamespaceMode = containertypes.CgroupnsModeHost
+
+	// StockRuntimeName is the reserved name/alias used to represent the
+	// OCI runtime being shipped with the docker daemon package.
+	StockRuntimeName = "runc"
+)
+
+// BridgeConfig stores all the bridge driver specific
+// configuration.
+type BridgeConfig struct {
+	commonBridgeConfig
+
+	// Fields below here are platform specific.
+	DefaultIP                   net.IP `json:"ip,omitempty"`
+	IP                          string `json:"bip,omitempty"`
+	DefaultGatewayIPv4          net.IP `json:"default-gateway,omitempty"`
+	DefaultGatewayIPv6          net.IP `json:"default-gateway-v6,omitempty"`
+	InterContainerCommunication bool   `json:"icc,omitempty"`
+
+	EnableIPv6          bool   `json:"ipv6,omitempty"`
+	EnableIPTables      bool   `json:"iptables,omitempty"`
+	EnableIP6Tables     bool   `json:"ip6tables,omitempty"`
+	EnableIPForward     bool   `json:"ip-forward,omitempty"`
+	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
+	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`
+	UserlandProxyPath   string `json:"userland-proxy-path,omitempty"`
+	FixedCIDRv6         string `json:"fixed-cidr-v6,omitempty"`
+}
+
+// Config defines the configuration of a docker daemon.
+// It includes json tags to deserialize configuration from a file
+// using the same names that the flags in the command line uses.
+type Config struct {
+	CommonConfig
+
+	// Fields below here are platform specific.
+	Runtimes             map[string]types.Runtime `json:"runtimes,omitempty"`
+	DefaultInitBinary    string                   `json:"default-init,omitempty"`
+	CgroupParent         string                   `json:"cgroup-parent,omitempty"`
+	EnableSelinuxSupport bool                     `json:"selinux-enabled,omitempty"`
+	RemappedRoot         string                   `json:"userns-remap,omitempty"`
+	Ulimits              map[string]*units.Ulimit `json:"default-ulimits,omitempty"`
+	CPURealtimePeriod    int64                    `json:"cpu-rt-period,omitempty"`
+	CPURealtimeRuntime   int64                    `json:"cpu-rt-runtime,omitempty"`
+	OOMScoreAdjust       int                      `json:"oom-score-adjust,omitempty"`
+	Init                 bool                     `json:"init,omitempty"`
+	InitPath             string                   `json:"init-path,omitempty"`
+	SeccompProfile       string                   `json:"seccomp-profile,omitempty"`
+	ShmSize              opts.MemBytes            `json:"default-shm-size,omitempty"`
+	NoNewPrivileges      bool                     `json:"no-new-privileges,omitempty"`
+	IpcMode              string                   `json:"default-ipc-mode,omitempty"`
+	CgroupNamespaceMode  string                   `json:"default-cgroupns-mode,omitempty"`
+	// ResolvConf is the path to the configuration of the host resolver
+	ResolvConf string `json:"resolv-conf,omitempty"`
+	Rootless   bool   `json:"rootless,omitempty"`
+}
+
+// GetRuntime returns the runtime path and arguments for a given
+// runtime name
+func (conf *Config) GetRuntime(name string) *types.Runtime {
+	conf.Lock()
+	defer conf.Unlock()
+	if rt, ok := conf.Runtimes[name]; ok {
+		return &rt
+	}
+	return nil
+}
+
+// GetAllRuntimes returns a copy of the runtimes map
+func (conf *Config) GetAllRuntimes() map[string]types.Runtime {
+	conf.Lock()
+	rts := conf.Runtimes
+	conf.Unlock()
+	return rts
+}
+
+// GetExecRoot returns the user configured Exec-root
+func (conf *Config) GetExecRoot() string {
+	return conf.ExecRoot
+}
+
+// GetInitPath returns the configured docker-init path
+func (conf *Config) GetInitPath() string {
+	conf.Lock()
+	defer conf.Unlock()
+	if conf.InitPath != "" {
+		return conf.InitPath
+	}
+	if conf.DefaultInitBinary != "" {
+		return conf.DefaultInitBinary
+	}
+	return DefaultInitBinary
+}
+
+// GetResolvConf returns the appropriate resolv.conf
+// Check setupResolvConf on how this is selected
+func (conf *Config) GetResolvConf() string {
+	return conf.ResolvConf
+}
+
+// IsSwarmCompatible defines if swarm mode can be enabled in this config
+func (conf *Config) IsSwarmCompatible() error {
+	if conf.ClusterStore != "" || conf.ClusterAdvertise != "" {
+		return fmt.Errorf("--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
+	}
+	if conf.LiveRestoreEnabled {
+		return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode")
+	}
+	return nil
+}
+
+func verifyDefaultIpcMode(mode string) error {
+	const hint = `use "shareable" or "private"`
+
+	dm := containertypes.IpcMode(mode)
+	if !dm.Valid() {
+		return fmt.Errorf("default IPC mode setting (%v) is invalid; "+hint, dm)
+	}
+	if dm != "" && !dm.IsPrivate() && !dm.IsShareable() {
+		return fmt.Errorf(`IPC mode "%v" is not supported as default value; `+hint, dm)
+	}
+	return nil
+}
+
+func verifyDefaultCgroupNsMode(mode string) error {
+	cm := containertypes.CgroupnsMode(mode)
+	if !cm.Valid() {
+		return fmt.Errorf(`default cgroup namespace mode (%v) is invalid; use "host" or "private"`, cm)
+	}
+
+	return nil
+}
+
+// ValidatePlatformConfig checks if any platform-specific configuration settings are invalid.
+func (conf *Config) ValidatePlatformConfig() error {
+	if err := verifyDefaultIpcMode(conf.IpcMode); err != nil {
+		return err
+	}
+
+	return verifyDefaultCgroupNsMode(conf.CgroupNamespaceMode)
+}
+
+// IsRootless returns conf.Rootless on Linux but false on Windows
+func (conf *Config) IsRootless() bool {
+	return conf.Rootless
+}
diff --git a/daemon/config/config_linux_test.go b/daemon/config/config_linux_test.go
new file mode 100644
index 0000000000000..cfc635567dfd4
--- /dev/null
+++ b/daemon/config/config_linux_test.go
@@ -0,0 +1,202 @@
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/opts"
+	units "github.com/docker/go-units"
+	"github.com/spf13/pflag"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
+)
+
+func TestGetConflictFreeConfiguration(t *testing.T) {
+	configFileData := `
+		{
+			"debug": true,
+			"default-ulimits": {
+				"nofile": {
+					"Name": "nofile",
+					"Hard": 2048,
+					"Soft": 1024
+				}
+			},
+			"log-opts": {
+				"tag": "test_tag"
+			}
+		}`
+
+	file := fs.NewFile(t, "docker-config", fs.WithContent(configFileData))
+	defer file.Remove()
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	var debug bool
+	flags.BoolVarP(&debug, "debug", "D", false, "")
+	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", nil), "default-ulimit", "")
+	flags.Var(opts.NewNamedMapOpts("log-opts", nil, nil), "log-opt", "")
+
+	cc, err := getConflictFreeConfiguration(file.Path(), flags)
+	assert.NilError(t, err)
+
+	assert.Check(t, cc.Debug)
+
+	expectedUlimits := map[string]*units.Ulimit{
+		"nofile": {
+			Name: "nofile",
+			Hard: 2048,
+			Soft: 1024,
+		},
+	}
+
+	assert.Check(t, is.DeepEqual(expectedUlimits, cc.Ulimits))
+}
+
+func TestDaemonConfigurationMerge(t *testing.T) {
+	configFileData := `
+		{
+			"debug": true,
+			"default-ulimits": {
+				"nofile": {
+					"Name": "nofile",
+					"Hard": 2048,
+					"Soft": 1024
+				}
+			},
+			"log-opts": {
+				"tag": "test_tag"
+			}
+		}`
+
+	file := fs.NewFile(t, "docker-config", fs.WithContent(configFileData))
+	defer file.Remove()
+
+	c := &Config{
+		CommonConfig: CommonConfig{
+			AutoRestart: true,
+			LogConfig: LogConfig{
+				Type:   "syslog",
+				Config: map[string]string{"tag": "test"},
+			},
+		},
+	}
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	var debug bool
+	flags.BoolVarP(&debug, "debug", "D", false, "")
+	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", nil), "default-ulimit", "")
+	flags.Var(opts.NewNamedMapOpts("log-opts", nil, nil), "log-opt", "")
+
+	cc, err := MergeDaemonConfigurations(c, flags, file.Path())
+	assert.NilError(t, err)
+
+	assert.Check(t, cc.Debug)
+	assert.Check(t, cc.AutoRestart)
+
+	expectedLogConfig := LogConfig{
+		Type:   "syslog",
+		Config: map[string]string{"tag": "test_tag"},
+	}
+
+	assert.Check(t, is.DeepEqual(expectedLogConfig, cc.LogConfig))
+
+	expectedUlimits := map[string]*units.Ulimit{
+		"nofile": {
+			Name: "nofile",
+			Hard: 2048,
+			Soft: 1024,
+		},
+	}
+
+	assert.Check(t, is.DeepEqual(expectedUlimits, cc.Ulimits))
+}
+
+func TestDaemonConfigurationMergeShmSize(t *testing.T) {
+	data := `{"default-shm-size": "1g"}`
+
+	file := fs.NewFile(t, "docker-config", fs.WithContent(data))
+	defer file.Remove()
+
+	c := &Config{}
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	shmSize := opts.MemBytes(DefaultShmSize)
+	flags.Var(&shmSize, "default-shm-size", "")
+
+	cc, err := MergeDaemonConfigurations(c, flags, file.Path())
+	assert.NilError(t, err)
+
+	expectedValue := 1 * 1024 * 1024 * 1024
+	assert.Check(t, is.Equal(int64(expectedValue), cc.ShmSize.Value()))
+}
+
+func TestUnixValidateConfigurationErrors(t *testing.T) {
+	testCases := []struct {
+		config *Config
+	}{
+		// Can't override the stock runtime
+		{
+			config: &Config{
+				Runtimes: map[string]types.Runtime{
+					StockRuntimeName: {},
+				},
+			},
+		},
+		// Default runtime should be present in runtimes
+		{
+			config: &Config{
+				Runtimes: map[string]types.Runtime{
+					"foo": {},
+				},
+				CommonConfig: CommonConfig{
+					DefaultRuntime: "bar",
+				},
+			},
+		},
+	}
+	for _, tc := range testCases {
+		err := Validate(tc.config)
+		if err == nil {
+			t.Fatalf("expected error, got nil for config %v", tc.config)
+		}
+	}
+}
+
+func TestUnixGetInitPath(t *testing.T) {
+	testCases := []struct {
+		config           *Config
+		expectedInitPath string
+	}{
+		{
+			config: &Config{
+				InitPath: "some-init-path",
+			},
+			expectedInitPath: "some-init-path",
+		},
+		{
+			config: &Config{
+				DefaultInitBinary: "foo-init-bin",
+			},
+			expectedInitPath: "foo-init-bin",
+		},
+		{
+			config: &Config{
+				InitPath:          "init-path-A",
+				DefaultInitBinary: "init-path-B",
+			},
+			expectedInitPath: "init-path-A",
+		},
+		{
+			config:           &Config{},
+			expectedInitPath: "docker-init",
+		},
+	}
+	for _, tc := range testCases {
+		initPath := tc.config.GetInitPath()
+		if initPath != tc.expectedInitPath {
+			t.Fatalf("expected initPath to be %v, got %v", tc.expectedInitPath, initPath)
+		}
+	}
+}
diff --git a/daemon/config/config_test.go b/daemon/config/config_test.go
index 6998ed3312342..35ac9a0147074 100644
--- a/daemon/config/config_test.go
+++ b/daemon/config/config_test.go
@@ -1,18 +1,18 @@
 package config // import "github.com/docker/docker/daemon/config"
 
 import (
-	"io/ioutil"
 	"os"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/daemon/discovery"
+	"github.com/docker/docker/libnetwork/ipamutils"
 	"github.com/docker/docker/opts"
 	"github.com/spf13/pflag"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
+	"gotest.tools/v3/skip"
 )
 
 func TestDaemonConfigurationNotFound(t *testing.T) {
@@ -23,7 +23,7 @@ func TestDaemonConfigurationNotFound(t *testing.T) {
 }
 
 func TestDaemonBrokenConfiguration(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
+	f, err := os.CreateTemp("", "docker-config-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -76,7 +76,7 @@ func TestFindConfigurationConflictsWithNamedOptions(t *testing.T) {
 }
 
 func TestDaemonConfigurationMergeConflicts(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
+	f, err := os.CreateTemp("", "docker-config-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -99,7 +99,7 @@ func TestDaemonConfigurationMergeConflicts(t *testing.T) {
 }
 
 func TestDaemonConfigurationMergeConcurrent(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
+	f, err := os.CreateTemp("", "docker-config-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -115,7 +115,7 @@ func TestDaemonConfigurationMergeConcurrent(t *testing.T) {
 }
 
 func TestDaemonConfigurationMergeConcurrentError(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
+	f, err := os.CreateTemp("", "docker-config-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -131,7 +131,7 @@ func TestDaemonConfigurationMergeConcurrentError(t *testing.T) {
 }
 
 func TestDaemonConfigurationMergeConflictsWithInnerStructs(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
+	f, err := os.CreateTemp("", "docker-config-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -153,6 +153,48 @@ func TestDaemonConfigurationMergeConflictsWithInnerStructs(t *testing.T) {
 	}
 }
 
+// Test for #40711
+func TestDaemonConfigurationMergeDefaultAddressPools(t *testing.T) {
+	emptyConfigFile := fs.NewFile(t, "config", fs.WithContent(`{}`))
+	defer emptyConfigFile.Remove()
+	configFile := fs.NewFile(t, "config", fs.WithContent(`{"default-address-pools":[{"base": "10.123.0.0/16", "size": 24 }]}`))
+	defer configFile.Remove()
+
+	expected := []*ipamutils.NetworkToSplit{{Base: "10.123.0.0/16", Size: 24}}
+
+	t.Run("empty config file", func(t *testing.T) {
+		var conf = Config{}
+		flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+		flags.Var(&conf.NetworkConfig.DefaultAddressPools, "default-address-pool", "")
+		flags.Set("default-address-pool", "base=10.123.0.0/16,size=24")
+
+		config, err := MergeDaemonConfigurations(&conf, flags, emptyConfigFile.Path())
+		assert.NilError(t, err)
+		assert.DeepEqual(t, config.DefaultAddressPools.Value(), expected)
+	})
+
+	t.Run("config file", func(t *testing.T) {
+		var conf = Config{}
+		flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+		flags.Var(&conf.NetworkConfig.DefaultAddressPools, "default-address-pool", "")
+
+		config, err := MergeDaemonConfigurations(&conf, flags, configFile.Path())
+		assert.NilError(t, err)
+		assert.DeepEqual(t, config.DefaultAddressPools.Value(), expected)
+	})
+
+	t.Run("with conflicting options", func(t *testing.T) {
+		var conf = Config{}
+		flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+		flags.Var(&conf.NetworkConfig.DefaultAddressPools, "default-address-pool", "")
+		flags.Set("default-address-pool", "base=10.123.0.0/16,size=24")
+
+		_, err := MergeDaemonConfigurations(&conf, flags, configFile.Path())
+		assert.ErrorContains(t, err, "the following directives are specified both as a flag and in the configuration file")
+		assert.ErrorContains(t, err, "default-address-pools")
+	})
+}
+
 func TestFindConfigurationConflictsWithUnknownKeys(t *testing.T) {
 	config := map[string]interface{}{"tls-verify": "true"}
 	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
@@ -188,138 +230,148 @@ func TestFindConfigurationConflictsWithMergedValues(t *testing.T) {
 	}
 }
 
-func TestValidateReservedNamespaceLabels(t *testing.T) {
-	for _, validLabels := range [][]string{
-		nil, // no error if there are no labels
-		{ // no error if there aren't any reserved namespace labels
-			"hello=world",
-			"label=me",
-		},
-		{ // only reserved namespaces that end with a dot are invalid
-			"com.dockerpsychnotreserved.label=value",
-			"io.dockerproject.not=reserved",
-			"org.docker.not=reserved",
-		},
-	} {
-		assert.Check(t, ValidateReservedNamespaceLabels(validLabels))
-	}
-
-	for _, invalidLabel := range []string{
-		"com.docker.feature=enabled",
-		"io.docker.configuration=0",
-		"org.dockerproject.setting=on",
-		// casing doesn't matter
-		"COM.docker.feature=enabled",
-		"io.DOCKER.CONFIGURATION=0",
-		"Org.Dockerproject.Setting=on",
-	} {
-		err := ValidateReservedNamespaceLabels([]string{
-			"valid=label",
-			invalidLabel,
-			"another=valid",
-		})
-		assert.Check(t, is.ErrorContains(err, invalidLabel))
-	}
-}
-
 func TestValidateConfigurationErrors(t *testing.T) {
-	minusNumber := -10
+	intPtr := func(i int) *int { return &i }
+
 	testCases := []struct {
-		config *Config
+		name        string
+		config      *Config
+		expectedErr string
 	}{
 		{
+			name: "single label without value",
 			config: &Config{
 				CommonConfig: CommonConfig{
 					Labels: []string{"one"},
 				},
 			},
+			expectedErr: "bad attribute format: one",
 		},
 		{
+			name: "multiple label without value",
 			config: &Config{
 				CommonConfig: CommonConfig{
 					Labels: []string{"foo=bar", "one"},
 				},
 			},
+			expectedErr: "bad attribute format: one",
 		},
 		{
+			name: "single DNS, invalid IP-address",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					DNS: []string{"1.1.1.1o"},
+					DNSConfig: DNSConfig{
+						DNS: []string{"1.1.1.1o"},
+					},
 				},
 			},
+			expectedErr: "1.1.1.1o is not an ip address",
 		},
 		{
+			name: "multiple DNS, invalid IP-address",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					DNS: []string{"2.2.2.2", "1.1.1.1o"},
+					DNSConfig: DNSConfig{
+						DNS: []string{"2.2.2.2", "1.1.1.1o"},
+					},
 				},
 			},
+			expectedErr: "1.1.1.1o is not an ip address",
 		},
 		{
+			name: "single DNSSearch",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					DNSSearch: []string{"123456"},
+					DNSConfig: DNSConfig{
+						DNSSearch: []string{"123456"},
+					},
 				},
 			},
+			expectedErr: "123456 is not a valid domain",
 		},
 		{
+			name: "multiple DNSSearch",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					DNSSearch: []string{"a.b.c", "123456"},
+					DNSConfig: DNSConfig{
+						DNSSearch: []string{"a.b.c", "123456"},
+					},
 				},
 			},
+			expectedErr: "123456 is not a valid domain",
 		},
 		{
+			name: "negative max-concurrent-downloads",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					MaxConcurrentDownloads: &minusNumber,
-					// This is weird...
-					ValuesSet: map[string]interface{}{
-						"max-concurrent-downloads": -1,
-					},
+					MaxConcurrentDownloads: intPtr(-10),
 				},
 			},
+			expectedErr: "invalid max concurrent downloads: -10",
 		},
 		{
+			name: "negative max-concurrent-uploads",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					MaxConcurrentUploads: &minusNumber,
-					// This is weird...
-					ValuesSet: map[string]interface{}{
-						"max-concurrent-uploads": -1,
-					},
+					MaxConcurrentUploads: intPtr(-10),
+				},
+			},
+			expectedErr: "invalid max concurrent uploads: -10",
+		},
+		{
+			name: "negative max-download-attempts",
+			config: &Config{
+				CommonConfig: CommonConfig{
+					MaxDownloadAttempts: intPtr(-10),
+				},
+			},
+			expectedErr: "invalid max download attempts: -10",
+		},
+		{
+			name: "zero max-download-attempts",
+			config: &Config{
+				CommonConfig: CommonConfig{
+					MaxDownloadAttempts: intPtr(0),
 				},
 			},
+			expectedErr: "invalid max download attempts: 0",
 		},
 		{
+			name: "generic resource without =",
 			config: &Config{
 				CommonConfig: CommonConfig{
 					NodeGenericResources: []string{"foo"},
 				},
 			},
+			expectedErr: "could not parse GenericResource: incorrect term foo, missing '=' or malformed expression",
 		},
 		{
+			name: "generic resource mixed named and discrete",
 			config: &Config{
 				CommonConfig: CommonConfig{
 					NodeGenericResources: []string{"foo=bar", "foo=1"},
 				},
 			},
+			expectedErr: "could not parse GenericResource: mixed discrete and named resources in expression 'foo=[bar 1]'",
 		},
 	}
 	for _, tc := range testCases {
-		err := Validate(tc.config)
-		if err == nil {
-			t.Fatalf("expected error, got nil for config %v", tc.config)
-		}
+		t.Run(tc.name, func(t *testing.T) {
+			err := Validate(tc.config)
+			assert.Error(t, err, tc.expectedErr)
+		})
 	}
 }
 
 func TestValidateConfiguration(t *testing.T) {
-	minusNumber := 4
+	intPtr := func(i int) *int { return &i }
+
 	testCases := []struct {
+		name   string
 		config *Config
 	}{
 		{
+			name: "with label",
 			config: &Config{
 				CommonConfig: CommonConfig{
 					Labels: []string{"one=two"},
@@ -327,42 +379,51 @@ func TestValidateConfiguration(t *testing.T) {
 			},
 		},
 		{
+			name: "with dns",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					DNS: []string{"1.1.1.1"},
+					DNSConfig: DNSConfig{
+						DNS: []string{"1.1.1.1"},
+					},
 				},
 			},
 		},
 		{
+			name: "with dns-search",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					DNSSearch: []string{"a.b.c"},
+					DNSConfig: DNSConfig{
+						DNSSearch: []string{"a.b.c"},
+					},
 				},
 			},
 		},
 		{
+			name: "with max-concurrent-downloads",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					MaxConcurrentDownloads: &minusNumber,
-					// This is weird...
-					ValuesSet: map[string]interface{}{
-						"max-concurrent-downloads": -1,
-					},
+					MaxConcurrentDownloads: intPtr(4),
 				},
 			},
 		},
 		{
+			name: "with max-concurrent-uploads",
 			config: &Config{
 				CommonConfig: CommonConfig{
-					MaxConcurrentUploads: &minusNumber,
-					// This is weird...
-					ValuesSet: map[string]interface{}{
-						"max-concurrent-uploads": -1,
-					},
+					MaxConcurrentUploads: intPtr(4),
 				},
 			},
 		},
 		{
+			name: "with max-download-attempts",
+			config: &Config{
+				CommonConfig: CommonConfig{
+					MaxDownloadAttempts: intPtr(4),
+				},
+			},
+		},
+		{
+			name: "with multiple node generic resources",
 			config: &Config{
 				CommonConfig: CommonConfig{
 					NodeGenericResources: []string{"foo=bar", "foo=baz"},
@@ -370,6 +431,7 @@ func TestValidateConfiguration(t *testing.T) {
 			},
 		},
 		{
+			name: "with node generic resources",
 			config: &Config{
 				CommonConfig: CommonConfig{
 					NodeGenericResources: []string{"foo=1"},
@@ -378,10 +440,10 @@ func TestValidateConfiguration(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
-		err := Validate(tc.config)
-		if err != nil {
-			t.Fatalf("expected no error, got error %v", err)
-		}
+		t.Run(tc.name, func(t *testing.T) {
+			err := Validate(tc.config)
+			assert.NilError(t, err)
+		})
 	}
 }
 
@@ -476,7 +538,7 @@ func TestReloadDefaultConfigNotExist(t *testing.T) {
 // TestReloadBadDefaultConfig tests that when `--config-file` is not set
 // and the default configuration file exists and is bad return an error
 func TestReloadBadDefaultConfig(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
+	f, err := os.CreateTemp("", "docker-config-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -516,3 +578,49 @@ func TestReloadWithDuplicateLabels(t *testing.T) {
 	err := Reload(configFile, flags, func(c *Config) {})
 	assert.Check(t, err)
 }
+
+func TestMaskURLCredentials(t *testing.T) {
+	tests := []struct {
+		rawURL    string
+		maskedURL string
+	}{
+		{
+			rawURL:    "",
+			maskedURL: "",
+		}, {
+			rawURL:    "invalidURL",
+			maskedURL: "invalidURL",
+		}, {
+			rawURL:    "http://proxy.example.com:80/",
+			maskedURL: "http://proxy.example.com:80/",
+		}, {
+			rawURL:    "http://USER:PASSWORD@proxy.example.com:80/",
+			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
+		}, {
+			rawURL:    "http://PASSWORD:PASSWORD@proxy.example.com:80/",
+			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
+		}, {
+			rawURL:    "http://USER:@proxy.example.com:80/",
+			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
+		}, {
+			rawURL:    "http://:PASSWORD@proxy.example.com:80/",
+			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
+		}, {
+			rawURL:    "http://USER@docker:password@proxy.example.com:80/",
+			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
+		}, {
+			rawURL:    "http://USER%40docker:password@proxy.example.com:80/",
+			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
+		}, {
+			rawURL:    "http://USER%40docker:pa%3Fsword@proxy.example.com:80/",
+			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
+		}, {
+			rawURL:    "http://USER%40docker:pa%3Fsword@proxy.example.com:80/hello%20world",
+			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/hello%20world",
+		},
+	}
+	for _, test := range tests {
+		maskedURL := MaskCredentials(test.rawURL)
+		assert.Equal(t, maskedURL, test.maskedURL)
+	}
+}
diff --git a/daemon/config/config_unix.go b/daemon/config/config_unix.go
deleted file mode 100644
index 5ed6abd89e8fd..0000000000000
--- a/daemon/config/config_unix.go
+++ /dev/null
@@ -1,89 +0,0 @@
-// +build linux freebsd
-
-package config // import "github.com/docker/docker/daemon/config"
-
-import (
-	"fmt"
-
-	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/opts"
-	"github.com/docker/go-units"
-)
-
-const (
-	// DefaultIpcMode is default for container's IpcMode, if not set otherwise
-	DefaultIpcMode = "shareable" // TODO: change to private
-)
-
-// Config defines the configuration of a docker daemon.
-// It includes json tags to deserialize configuration from a file
-// using the same names that the flags in the command line uses.
-type Config struct {
-	CommonConfig
-
-	// These fields are common to all unix platforms.
-	CommonUnixConfig
-	// Fields below here are platform specific.
-	CgroupParent         string                   `json:"cgroup-parent,omitempty"`
-	EnableSelinuxSupport bool                     `json:"selinux-enabled,omitempty"`
-	RemappedRoot         string                   `json:"userns-remap,omitempty"`
-	Ulimits              map[string]*units.Ulimit `json:"default-ulimits,omitempty"`
-	CPURealtimePeriod    int64                    `json:"cpu-rt-period,omitempty"`
-	CPURealtimeRuntime   int64                    `json:"cpu-rt-runtime,omitempty"`
-	OOMScoreAdjust       int                      `json:"oom-score-adjust,omitempty"`
-	Init                 bool                     `json:"init,omitempty"`
-	InitPath             string                   `json:"init-path,omitempty"`
-	SeccompProfile       string                   `json:"seccomp-profile,omitempty"`
-	ShmSize              opts.MemBytes            `json:"default-shm-size,omitempty"`
-	NoNewPrivileges      bool                     `json:"no-new-privileges,omitempty"`
-	IpcMode              string                   `json:"default-ipc-mode,omitempty"`
-	// ResolvConf is the path to the configuration of the host resolver
-	ResolvConf string `json:"resolv-conf,omitempty"`
-}
-
-// BridgeConfig stores all the bridge driver specific
-// configuration.
-type BridgeConfig struct {
-	commonBridgeConfig
-
-	// These fields are common to all unix platforms.
-	commonUnixBridgeConfig
-
-	// Fields below here are platform specific.
-	EnableIPv6          bool   `json:"ipv6,omitempty"`
-	EnableIPTables      bool   `json:"iptables,omitempty"`
-	EnableIPForward     bool   `json:"ip-forward,omitempty"`
-	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
-	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`
-	UserlandProxyPath   string `json:"userland-proxy-path,omitempty"`
-	FixedCIDRv6         string `json:"fixed-cidr-v6,omitempty"`
-}
-
-// IsSwarmCompatible defines if swarm mode can be enabled in this config
-func (conf *Config) IsSwarmCompatible() error {
-	if conf.ClusterStore != "" || conf.ClusterAdvertise != "" {
-		return fmt.Errorf("--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
-	}
-	if conf.LiveRestoreEnabled {
-		return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode")
-	}
-	return nil
-}
-
-func verifyDefaultIpcMode(mode string) error {
-	const hint = "Use \"shareable\" or \"private\"."
-
-	dm := containertypes.IpcMode(mode)
-	if !dm.Valid() {
-		return fmt.Errorf("Default IPC mode setting (%v) is invalid. "+hint, dm)
-	}
-	if dm != "" && !dm.IsPrivate() && !dm.IsShareable() {
-		return fmt.Errorf("IPC mode \"%v\" is not supported as default value. "+hint, dm)
-	}
-	return nil
-}
-
-// ValidatePlatformConfig checks if any platform-specific configuration settings are invalid.
-func (conf *Config) ValidatePlatformConfig() error {
-	return verifyDefaultIpcMode(conf.IpcMode)
-}
diff --git a/daemon/config/config_unix_test.go b/daemon/config/config_unix_test.go
deleted file mode 100644
index 529b6777050e7..0000000000000
--- a/daemon/config/config_unix_test.go
+++ /dev/null
@@ -1,134 +0,0 @@
-// +build !windows
-
-package config // import "github.com/docker/docker/daemon/config"
-
-import (
-	"testing"
-
-	"github.com/docker/docker/opts"
-	"github.com/docker/go-units"
-	"github.com/spf13/pflag"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
-)
-
-func TestGetConflictFreeConfiguration(t *testing.T) {
-	configFileData := `
-		{
-			"debug": true,
-			"default-ulimits": {
-				"nofile": {
-					"Name": "nofile",
-					"Hard": 2048,
-					"Soft": 1024
-				}
-			},
-			"log-opts": {
-				"tag": "test_tag"
-			}
-		}`
-
-	file := fs.NewFile(t, "docker-config", fs.WithContent(configFileData))
-	defer file.Remove()
-
-	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
-	var debug bool
-	flags.BoolVarP(&debug, "debug", "D", false, "")
-	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", nil), "default-ulimit", "")
-	flags.Var(opts.NewNamedMapOpts("log-opts", nil, nil), "log-opt", "")
-
-	cc, err := getConflictFreeConfiguration(file.Path(), flags)
-	assert.NilError(t, err)
-
-	assert.Check(t, cc.Debug)
-
-	expectedUlimits := map[string]*units.Ulimit{
-		"nofile": {
-			Name: "nofile",
-			Hard: 2048,
-			Soft: 1024,
-		},
-	}
-
-	assert.Check(t, is.DeepEqual(expectedUlimits, cc.Ulimits))
-}
-
-func TestDaemonConfigurationMerge(t *testing.T) {
-	configFileData := `
-		{
-			"debug": true,
-			"default-ulimits": {
-				"nofile": {
-					"Name": "nofile",
-					"Hard": 2048,
-					"Soft": 1024
-				}
-			},
-			"log-opts": {
-				"tag": "test_tag"
-			}
-		}`
-
-	file := fs.NewFile(t, "docker-config", fs.WithContent(configFileData))
-	defer file.Remove()
-
-	c := &Config{
-		CommonConfig: CommonConfig{
-			AutoRestart: true,
-			LogConfig: LogConfig{
-				Type:   "syslog",
-				Config: map[string]string{"tag": "test"},
-			},
-		},
-	}
-
-	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
-
-	var debug bool
-	flags.BoolVarP(&debug, "debug", "D", false, "")
-	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", nil), "default-ulimit", "")
-	flags.Var(opts.NewNamedMapOpts("log-opts", nil, nil), "log-opt", "")
-
-	cc, err := MergeDaemonConfigurations(c, flags, file.Path())
-	assert.NilError(t, err)
-
-	assert.Check(t, cc.Debug)
-	assert.Check(t, cc.AutoRestart)
-
-	expectedLogConfig := LogConfig{
-		Type:   "syslog",
-		Config: map[string]string{"tag": "test_tag"},
-	}
-
-	assert.Check(t, is.DeepEqual(expectedLogConfig, cc.LogConfig))
-
-	expectedUlimits := map[string]*units.Ulimit{
-		"nofile": {
-			Name: "nofile",
-			Hard: 2048,
-			Soft: 1024,
-		},
-	}
-
-	assert.Check(t, is.DeepEqual(expectedUlimits, cc.Ulimits))
-}
-
-func TestDaemonConfigurationMergeShmSize(t *testing.T) {
-	data := `{"default-shm-size": "1g"}`
-
-	file := fs.NewFile(t, "docker-config", fs.WithContent(data))
-	defer file.Remove()
-
-	c := &Config{}
-
-	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
-	shmSize := opts.MemBytes(DefaultShmSize)
-	flags.Var(&shmSize, "default-shm-size", "")
-
-	cc, err := MergeDaemonConfigurations(c, flags, file.Path())
-	assert.NilError(t, err)
-
-	expectedValue := 1 * 1024 * 1024 * 1024
-	assert.Check(t, is.Equal(int64(expectedValue), cc.ShmSize.Value()))
-}
diff --git a/daemon/config/config_windows.go b/daemon/config/config_windows.go
index 0aa7d54bf29a2..29d7dbaa16c58 100644
--- a/daemon/config/config_windows.go
+++ b/daemon/config/config_windows.go
@@ -4,6 +4,12 @@ import (
 	"github.com/docker/docker/api/types"
 )
 
+const (
+	// This is used by the `default-runtime` flag in dockerd as the default value.
+	// On windows we'd prefer to keep this empty so the value is auto-detected based on other options.
+	StockRuntimeName = ""
+)
+
 // BridgeConfig stores all the bridge driver specific
 // configuration.
 type BridgeConfig struct {
@@ -11,8 +17,8 @@ type BridgeConfig struct {
 }
 
 // Config defines the configuration of a docker daemon.
-// These are the configuration settings that you pass
-// to the docker daemon when you launch it with say: `dockerd -e windows`
+// It includes json tags to deserialize configuration from a file
+// using the same names that the flags in the command line uses.
 type Config struct {
 	CommonConfig
 
@@ -26,16 +32,6 @@ func (conf *Config) GetRuntime(name string) *types.Runtime {
 	return nil
 }
 
-// GetInitPath returns the configure docker-init path
-func (conf *Config) GetInitPath() string {
-	return ""
-}
-
-// GetDefaultRuntimeName returns the current default runtime
-func (conf *Config) GetDefaultRuntimeName() string {
-	return StockRuntimeName
-}
-
 // GetAllRuntimes returns a copy of the runtimes map
 func (conf *Config) GetAllRuntimes() map[string]types.Runtime {
 	return map[string]types.Runtime{}
@@ -46,6 +42,11 @@ func (conf *Config) GetExecRoot() string {
 	return ""
 }
 
+// GetInitPath returns the configured docker-init path
+func (conf *Config) GetInitPath() string {
+	return ""
+}
+
 // IsSwarmCompatible defines if swarm mode can be enabled in this config
 func (conf *Config) IsSwarmCompatible() error {
 	return nil
@@ -55,3 +56,8 @@ func (conf *Config) IsSwarmCompatible() error {
 func (conf *Config) ValidatePlatformConfig() error {
 	return nil
 }
+
+// IsRootless returns conf.Rootless on Linux but false on Windows
+func (conf *Config) IsRootless() bool {
+	return false
+}
diff --git a/daemon/config/config_windows_test.go b/daemon/config/config_windows_test.go
index 09417ee388307..95cfaf255aa00 100644
--- a/daemon/config/config_windows_test.go
+++ b/daemon/config/config_windows_test.go
@@ -1,19 +1,17 @@
-// +build windows
-
 package config // import "github.com/docker/docker/daemon/config"
 
 import (
-	"io/ioutil"
+	"os"
 	"testing"
 
 	"github.com/docker/docker/opts"
 	"github.com/spf13/pflag"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestDaemonConfigurationMerge(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
+	f, err := os.CreateTemp("", "docker-config-")
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/daemon/configs_unsupported.go b/daemon/configs_unsupported.go
index ae6f14f54e691..ce98148ee71bd 100644
--- a/daemon/configs_unsupported.go
+++ b/daemon/configs_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package daemon // import "github.com/docker/docker/daemon"
diff --git a/daemon/container.go b/daemon/container.go
index c8e2053970a72..5ac4865a04f88 100644
--- a/daemon/container.go
+++ b/daemon/container.go
@@ -3,10 +3,8 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"fmt"
 	"os"
-	"path"
 	"path/filepath"
 	"runtime"
-	"strings"
 	"time"
 
 	containertypes "github.com/docker/docker/api/types/container"
@@ -15,15 +13,17 @@ import (
 	"github.com/docker/docker/daemon/network"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
+	"github.com/docker/docker/oci/caps"
 	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/pkg/truncindex"
 	"github.com/docker/docker/runconfig"
 	volumemounts "github.com/docker/docker/volume/mounts"
 	"github.com/docker/go-connections/nat"
-	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/moby/sys/signal"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // GetContainer looks for a container using the provided information, which could be
@@ -90,20 +90,18 @@ func (daemon *Daemon) containerRoot(id string) string {
 // Load reads the contents of a container from disk
 // This is typically done at startup.
 func (daemon *Daemon) load(id string) (*container.Container, error) {
-	container := daemon.newBaseContainer(id)
+	ctr := daemon.newBaseContainer(id)
 
-	if err := container.FromDisk(); err != nil {
-		return nil, err
-	}
-	if err := label.ReserveLabel(container.ProcessLabel); err != nil {
+	if err := ctr.FromDisk(); err != nil {
 		return nil, err
 	}
+	selinux.ReserveLabel(ctr.ProcessLabel)
 
-	if container.ID != id {
-		return container, fmt.Errorf("Container %s is stored at %s", container.ID, id)
+	if ctr.ID != id {
+		return ctr, fmt.Errorf("Container %s is stored at %s", ctr.ID, id)
 	}
 
-	return container, nil
+	return ctr, nil
 }
 
 // Register makes a container object usable by the daemon as <container.ID>
@@ -152,13 +150,13 @@ func (daemon *Daemon) newContainer(name string, operatingSystem string, config *
 	base.Created = time.Now().UTC()
 	base.Managed = managed
 	base.Path = entrypoint
-	base.Args = args //FIXME: de-duplicate from config
+	base.Args = args // FIXME: de-duplicate from config
 	base.Config = config
 	base.HostConfig = &containertypes.HostConfig{}
 	base.ImageID = imgID
 	base.NetworkSettings = &network.Settings{IsAnonymousEndpoint: noExplicitName}
 	base.Name = name
-	base.Driver = daemon.imageService.GraphDriverForOS(operatingSystem)
+	base.Driver = daemon.imageService.GraphDriverName()
 	base.OS = operatingSystem
 	return base, err
 }
@@ -231,128 +229,156 @@ func (daemon *Daemon) setHostConfig(container *container.Container, hostConfig *
 
 // verifyContainerSettings performs validation of the hostconfig and config
 // structures.
-func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
+func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) (warnings []string, err error) {
 	// First perform verification of settings common across all platforms.
-	if config != nil {
-		if config.WorkingDir != "" {
-			wdInvalid := false
-			if runtime.GOOS == platform {
-				config.WorkingDir = filepath.FromSlash(config.WorkingDir) // Ensure in platform semantics
-				if !system.IsAbs(config.WorkingDir) {
-					wdInvalid = true
-				}
-			} else {
-				// LCOW. Force Unix semantics
-				config.WorkingDir = strings.Replace(config.WorkingDir, string(os.PathSeparator), "/", -1)
-				if !path.IsAbs(config.WorkingDir) {
-					wdInvalid = true
-				}
-			}
-			if wdInvalid {
-				return nil, fmt.Errorf("the working directory '%s' is invalid, it needs to be an absolute path", config.WorkingDir)
-			}
-		}
+	if err = validateContainerConfig(config); err != nil {
+		return warnings, err
+	}
+	if err := validateHostConfig(hostConfig); err != nil {
+		return warnings, err
+	}
 
-		if len(config.StopSignal) > 0 {
-			_, err := signal.ParseSignal(config.StopSignal)
-			if err != nil {
-				return nil, err
-			}
-		}
+	// Now do platform-specific verification
+	warnings, err = verifyPlatformContainerSettings(daemon, hostConfig, update)
+	for _, w := range warnings {
+		logrus.Warn(w)
+	}
+	return warnings, err
+}
 
-		// Validate if Env contains empty variable or not (e.g., ``, `=foo`)
-		for _, env := range config.Env {
-			if _, err := opts.ValidateEnv(env); err != nil {
-				return nil, err
-			}
+func validateContainerConfig(config *containertypes.Config) error {
+	if config == nil {
+		return nil
+	}
+	if err := translateWorkingDir(config); err != nil {
+		return err
+	}
+	if len(config.StopSignal) > 0 {
+		if _, err := signal.ParseSignal(config.StopSignal); err != nil {
+			return err
 		}
-
-		// Validate the healthcheck params of Config
-		if config.Healthcheck != nil {
-			if config.Healthcheck.Interval != 0 && config.Healthcheck.Interval < containertypes.MinimumDuration {
-				return nil, errors.Errorf("Interval in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
-			}
-
-			if config.Healthcheck.Timeout != 0 && config.Healthcheck.Timeout < containertypes.MinimumDuration {
-				return nil, errors.Errorf("Timeout in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
-			}
-
-			if config.Healthcheck.Retries < 0 {
-				return nil, errors.Errorf("Retries in Healthcheck cannot be negative")
-			}
-
-			if config.Healthcheck.StartPeriod != 0 && config.Healthcheck.StartPeriod < containertypes.MinimumDuration {
-				return nil, errors.Errorf("StartPeriod in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
-			}
+	}
+	// Validate if Env contains empty variable or not (e.g., ``, `=foo`)
+	for _, env := range config.Env {
+		if _, err := opts.ValidateEnv(env); err != nil {
+			return err
 		}
 	}
+	return validateHealthCheck(config.Healthcheck)
+}
 
+func validateHostConfig(hostConfig *containertypes.HostConfig) error {
 	if hostConfig == nil {
-		return nil, nil
+		return nil
 	}
 
 	if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
-		return nil, errors.Errorf("can't create 'AutoRemove' container with restart policy")
+		return errors.Errorf("can't create 'AutoRemove' container with restart policy")
 	}
-
 	// Validate mounts; check if host directories still exist
-	parser := volumemounts.NewParser(platform)
-	for _, cfg := range hostConfig.Mounts {
+	parser := volumemounts.NewParser()
+	for _, c := range hostConfig.Mounts {
+		cfg := c
 		if err := parser.ValidateMountConfig(&cfg); err != nil {
-			return nil, err
+			return err
 		}
 	}
-
 	for _, extraHost := range hostConfig.ExtraHosts {
 		if _, err := opts.ValidateExtraHost(extraHost); err != nil {
-			return nil, err
+			return err
 		}
 	}
+	if err := validatePortBindings(hostConfig.PortBindings); err != nil {
+		return err
+	}
+	if err := validateRestartPolicy(hostConfig.RestartPolicy); err != nil {
+		return err
+	}
+	if err := validateCapabilities(hostConfig); err != nil {
+		return err
+	}
+	if !hostConfig.Isolation.IsValid() {
+		return errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
+	}
+	return nil
+}
+
+func validateCapabilities(hostConfig *containertypes.HostConfig) error {
+	if _, err := caps.NormalizeLegacyCapabilities(hostConfig.CapAdd); err != nil {
+		return errors.Wrap(err, "invalid CapAdd")
+	}
+	if _, err := caps.NormalizeLegacyCapabilities(hostConfig.CapDrop); err != nil {
+		return errors.Wrap(err, "invalid CapDrop")
+	}
+	// TODO consider returning warnings if "Privileged" is combined with Capabilities, CapAdd and/or CapDrop
+	return nil
+}
+
+// validateHealthCheck validates the healthcheck params of Config
+func validateHealthCheck(healthConfig *containertypes.HealthConfig) error {
+	if healthConfig == nil {
+		return nil
+	}
+	if healthConfig.Interval != 0 && healthConfig.Interval < containertypes.MinimumDuration {
+		return errors.Errorf("Interval in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
+	}
+	if healthConfig.Timeout != 0 && healthConfig.Timeout < containertypes.MinimumDuration {
+		return errors.Errorf("Timeout in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
+	}
+	if healthConfig.Retries < 0 {
+		return errors.Errorf("Retries in Healthcheck cannot be negative")
+	}
+	if healthConfig.StartPeriod != 0 && healthConfig.StartPeriod < containertypes.MinimumDuration {
+		return errors.Errorf("StartPeriod in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
+	}
+	return nil
+}
 
-	for port := range hostConfig.PortBindings {
+func validatePortBindings(ports nat.PortMap) error {
+	for port := range ports {
 		_, portStr := nat.SplitProtoPort(string(port))
 		if _, err := nat.ParsePort(portStr); err != nil {
-			return nil, errors.Errorf("invalid port specification: %q", portStr)
+			return errors.Errorf("invalid port specification: %q", portStr)
 		}
-		for _, pb := range hostConfig.PortBindings[port] {
+		for _, pb := range ports[port] {
 			_, err := nat.NewPort(nat.SplitProtoPort(pb.HostPort))
 			if err != nil {
-				return nil, errors.Errorf("invalid port specification: %q", pb.HostPort)
+				return errors.Errorf("invalid port specification: %q", pb.HostPort)
 			}
 		}
 	}
+	return nil
+}
 
-	p := hostConfig.RestartPolicy
-
-	switch p.Name {
+func validateRestartPolicy(policy containertypes.RestartPolicy) error {
+	switch policy.Name {
 	case "always", "unless-stopped", "no":
-		if p.MaximumRetryCount != 0 {
-			return nil, errors.Errorf("maximum retry count cannot be used with restart policy '%s'", p.Name)
+		if policy.MaximumRetryCount != 0 {
+			return errors.Errorf("maximum retry count cannot be used with restart policy '%s'", policy.Name)
 		}
 	case "on-failure":
-		if p.MaximumRetryCount < 0 {
-			return nil, errors.Errorf("maximum retry count cannot be negative")
+		if policy.MaximumRetryCount < 0 {
+			return errors.Errorf("maximum retry count cannot be negative")
 		}
 	case "":
 		// do nothing
+		return nil
 	default:
-		return nil, errors.Errorf("invalid restart policy '%s'", p.Name)
-	}
-
-	if !hostConfig.Isolation.IsValid() {
-		return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
+		return errors.Errorf("invalid restart policy '%s'", policy.Name)
 	}
+	return nil
+}
 
-	var (
-		err      error
-		warnings []string
-	)
-	// Now do platform-specific verification
-	if warnings, err = verifyPlatformContainerSettings(daemon, hostConfig, config, update); err != nil {
-		return warnings, err
+// translateWorkingDir translates the working-dir for the target platform,
+// and returns an error if the given path is not an absolute path.
+func translateWorkingDir(config *containertypes.Config) error {
+	if config.WorkingDir == "" {
+		return nil
 	}
-	if hostConfig.NetworkMode.IsHost() && len(hostConfig.PortBindings) > 0 {
-		warnings = append(warnings, "Published ports are discarded when using host network mode")
+	wd := filepath.FromSlash(config.WorkingDir) // Ensure in platform semantics
+	if !system.IsAbs(wd) {
+		return fmt.Errorf("the working directory '%s' is invalid, it needs to be an absolute path", config.WorkingDir)
 	}
-	return warnings, err
+	config.WorkingDir = wd
+	return nil
 }
diff --git a/daemon/container_linux.go b/daemon/container_linux.go
index e6f5bf2cccb96..8d449f700bbe1 100644
--- a/daemon/container_linux.go
+++ b/daemon/container_linux.go
@@ -1,4 +1,5 @@
-//+build !windows
+//go:build !windows
+// +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
 
@@ -7,8 +8,8 @@ import (
 	"github.com/docker/docker/errdefs"
 )
 
-func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
-	container.AppArmorProfile = "" //we don't care about the previous value.
+func (daemon *Daemon) saveAppArmorConfig(container *container.Container) error {
+	container.AppArmorProfile = "" // we don't care about the previous value.
 
 	if !daemon.apparmorEnabled {
 		return nil // if apparmor is disabled there is nothing to do here.
@@ -20,11 +21,11 @@ func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
 
 	if !container.HostConfig.Privileged {
 		if container.AppArmorProfile == "" {
-			container.AppArmorProfile = defaultApparmorProfile
+			container.AppArmorProfile = defaultAppArmorProfile
 		}
 
 	} else {
-		container.AppArmorProfile = "unconfined"
+		container.AppArmorProfile = unconfinedAppArmorProfile
 	}
 	return nil
 }
diff --git a/daemon/container_operations.go b/daemon/container_operations.go
index 909c7ccb275c6..4c3d37468a864 100644
--- a/daemon/container_operations.go
+++ b/daemon/container_operations.go
@@ -6,7 +6,6 @@ import (
 	"net"
 	"os"
 	"path"
-	"runtime"
 	"strings"
 	"time"
 
@@ -15,15 +14,15 @@ import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/network"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libnetwork"
+	netconst "github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/go-connections/nat"
-	"github.com/docker/libnetwork"
-	netconst "github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/options"
-	"github.com/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -116,6 +115,16 @@ func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]lib
 			return nil, err
 		}
 		parts := strings.SplitN(extraHost, ":", 2)
+		// If the IP Address is a string called "host-gateway", replace this
+		// value with the IP address stored in the daemon level HostGatewayIP
+		// config variable
+		if parts[1] == opts.HostGatewayName {
+			gateway := daemon.configStore.HostGatewayIP.String()
+			if gateway == "" {
+				return nil, fmt.Errorf("unable to derive the IP value for host-gateway")
+			}
+			parts[1] = gateway
+		}
 		sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(parts[0], parts[1]))
 	}
 
@@ -201,7 +210,14 @@ func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]lib
 		if alias != child.Name[1:] {
 			aliasList = aliasList + " " + child.Name[1:]
 		}
-		sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(aliasList, child.NetworkSettings.Networks[defaultNetName].IPAddress))
+		ipv4 := child.NetworkSettings.Networks[defaultNetName].IPAddress
+		ipv6 := child.NetworkSettings.Networks[defaultNetName].GlobalIPv6Address
+		if ipv4 != "" {
+			sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(aliasList, ipv4))
+		}
+		if ipv6 != "" {
+			sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(aliasList, ipv6))
+		}
 		cEndpointID = child.NetworkSettings.Networks[defaultNetName].EndpointID
 		if cEndpointID != "" {
 			childEndpoints = append(childEndpoints, cEndpointID)
@@ -238,7 +254,10 @@ func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]lib
 
 func (daemon *Daemon) updateNetworkSettings(container *container.Container, n libnetwork.Network, endpointConfig *networktypes.EndpointSettings) error {
 	if container.NetworkSettings == nil {
-		container.NetworkSettings = &network.Settings{Networks: make(map[string]*network.EndpointSettings)}
+		container.NetworkSettings = &network.Settings{}
+	}
+	if container.NetworkSettings.Networks == nil {
+		container.NetworkSettings.Networks = make(map[string]*network.EndpointSettings)
 	}
 
 	if !container.HostConfig.NetworkMode.IsHost() && containertypes.NetworkMode(n.Type()).IsHost() {
@@ -323,12 +342,12 @@ func (daemon *Daemon) updateNetwork(container *container.Container) error {
 		return nil
 	}
 
-	options, err := daemon.buildSandboxOptions(container)
+	sbOptions, err := daemon.buildSandboxOptions(container)
 	if err != nil {
 		return fmt.Errorf("Update network failed: %v", err)
 	}
 
-	if err := sb.Refresh(options...); err != nil {
+	if err := sb.Refresh(sbOptions...); err != nil {
 		return fmt.Errorf("Update network failed: Failure in refresh sandbox %s: %v", sid, err)
 	}
 
@@ -355,6 +374,15 @@ func (daemon *Daemon) findAndAttachNetwork(container *container.Container, idOrN
 		if container.Managed || !n.Info().Dynamic() {
 			return n, nil, nil
 		}
+		// Throw an error if the container is already attached to the network
+		if container.NetworkSettings.Networks != nil {
+			networkName := n.Name()
+			containerName := strings.TrimPrefix(container.Name, "/")
+			if nw, ok := container.NetworkSettings.Networks[networkName]; ok && nw.EndpointID != "" {
+				err := fmt.Errorf("%s is already attached to network %s", containerName, networkName)
+				return n, nil, errdefs.Conflict(err)
+			}
+		}
 	}
 
 	var addresses []string
@@ -498,17 +526,19 @@ func (daemon *Daemon) updateContainerNetworkSettings(container *container.Contai
 	}
 }
 
-func (daemon *Daemon) allocateNetwork(container *container.Container) error {
-	start := time.Now()
-	controller := daemon.netController
-
+func (daemon *Daemon) allocateNetwork(container *container.Container) (retErr error) {
 	if daemon.netController == nil {
 		return nil
 	}
 
+	var (
+		start      = time.Now()
+		controller = daemon.netController
+	)
+
 	// Cleanup any stale sandbox left over due to ungraceful daemon shutdown
 	if err := controller.SandboxDestroy(container.ID); err != nil {
-		logrus.Errorf("failed to cleanup up stale network sandbox for container %s", container.ID)
+		logrus.WithError(err).Errorf("failed to cleanup up stale network sandbox for container %s", container.ID)
 	}
 
 	if container.Config.NetworkDisabled || container.HostConfig.NetworkMode.IsContainer() {
@@ -556,17 +586,17 @@ func (daemon *Daemon) allocateNetwork(container *container.Container) error {
 	// create its network sandbox now if not present
 	if len(networks) == 0 {
 		if nil == daemon.getNetworkSandbox(container) {
-			options, err := daemon.buildSandboxOptions(container)
+			sbOptions, err := daemon.buildSandboxOptions(container)
 			if err != nil {
 				return err
 			}
-			sb, err := daemon.netController.NewSandbox(container.ID, options...)
+			sb, err := daemon.netController.NewSandbox(container.ID, sbOptions...)
 			if err != nil {
 				return err
 			}
 			updateSandboxNetworkSettings(container, sb)
 			defer func() {
-				if err != nil {
+				if retErr != nil {
 					sb.Delete()
 				}
 			}()
@@ -593,9 +623,9 @@ func (daemon *Daemon) getNetworkSandbox(container *container.Container) libnetwo
 	return sb
 }
 
-// hasUserDefinedIPAddress returns whether the passed endpoint configuration contains IP address configuration
-func hasUserDefinedIPAddress(epConfig *networktypes.EndpointSettings) bool {
-	return epConfig != nil && epConfig.IPAMConfig != nil && (len(epConfig.IPAMConfig.IPv4Address) > 0 || len(epConfig.IPAMConfig.IPv6Address) > 0)
+// hasUserDefinedIPAddress returns whether the passed IPAM configuration contains IP address configuration
+func hasUserDefinedIPAddress(ipamConfig *networktypes.EndpointIPAMConfig) bool {
+	return ipamConfig != nil && (len(ipamConfig.IPv4Address) > 0 || len(ipamConfig.IPv6Address) > 0)
 }
 
 // User specified ip address is acceptable only for networks with user specified subnets.
@@ -603,9 +633,18 @@ func validateNetworkingConfig(n libnetwork.Network, epConfig *networktypes.Endpo
 	if n == nil || epConfig == nil {
 		return nil
 	}
-	if !hasUserDefinedIPAddress(epConfig) {
+	if !containertypes.NetworkMode(n.Name()).IsUserDefined() {
+		if hasUserDefinedIPAddress(epConfig.IPAMConfig) && !enableIPOnPredefinedNetwork() {
+			return runconfig.ErrUnsupportedNetworkAndIP
+		}
+		if len(epConfig.Aliases) > 0 && !serviceDiscoveryOnDefaultNetwork() {
+			return runconfig.ErrUnsupportedNetworkAndAlias
+		}
+	}
+	if !hasUserDefinedIPAddress(epConfig.IPAMConfig) {
 		return nil
 	}
+
 	_, _, nwIPv4Configs, nwIPv6Configs := n.Info().IpamConfig()
 	for _, s := range []struct {
 		ipConfigured  bool
@@ -654,14 +693,7 @@ func cleanOperationalData(es *network.EndpointSettings) {
 
 func (daemon *Daemon) updateNetworkConfig(container *container.Container, n libnetwork.Network, endpointConfig *networktypes.EndpointSettings, updateSettings bool) error {
 
-	if !containertypes.NetworkMode(n.Name()).IsUserDefined() {
-		if hasUserDefinedIPAddress(endpointConfig) && !enableIPOnPredefinedNetwork() {
-			return runconfig.ErrUnsupportedNetworkAndIP
-		}
-		if endpointConfig != nil && len(endpointConfig.Aliases) > 0 && !container.EnableServiceDiscoveryOnDefaultNetwork() {
-			return runconfig.ErrUnsupportedNetworkAndAlias
-		}
-	} else {
+	if containertypes.NetworkMode(n.Name()).IsUserDefined() {
 		addShortID := true
 		shortID := stringid.TruncateID(container.ID)
 		for _, alias := range endpointConfig.Aliases {
@@ -673,6 +705,18 @@ func (daemon *Daemon) updateNetworkConfig(container *container.Container, n libn
 		if addShortID {
 			endpointConfig.Aliases = append(endpointConfig.Aliases, shortID)
 		}
+		if container.Name != container.Config.Hostname {
+			addHostname := true
+			for _, alias := range endpointConfig.Aliases {
+				if alias == container.Config.Hostname {
+					addHostname = false
+					break
+				}
+			}
+			if addHostname {
+				endpointConfig.Aliases = append(endpointConfig.Aliases, container.Config.Hostname)
+			}
+		}
 	}
 
 	if err := validateNetworkingConfig(n, endpointConfig); err != nil {
@@ -725,8 +769,7 @@ func (daemon *Daemon) connectToNetwork(container *container.Container, idOrName
 		}
 	}
 
-	err = daemon.updateNetworkConfig(container, n, endpointConfig, updateSettings)
-	if err != nil {
+	if err := daemon.updateNetworkConfig(container, n, endpointConfig, updateSettings); err != nil {
 		return err
 	}
 
@@ -753,20 +796,19 @@ func (daemon *Daemon) connectToNetwork(container *container.Container, idOrName
 		EndpointSettings: endpointConfig,
 		IPAMOperational:  operIPAM,
 	}
-	if _, ok := container.NetworkSettings.Networks[n.ID()]; ok {
-		delete(container.NetworkSettings.Networks, n.ID())
-	}
+
+	delete(container.NetworkSettings.Networks, n.ID())
 
 	if err := daemon.updateEndpointNetworkSettings(container, n, ep); err != nil {
 		return err
 	}
 
 	if sb == nil {
-		options, err := daemon.buildSandboxOptions(container)
+		sbOptions, err := daemon.buildSandboxOptions(container)
 		if err != nil {
 			return err
 		}
-		sb, err = controller.NewSandbox(container.ID, options...)
+		sb, err = controller.NewSandbox(container.ID, sbOptions...)
 		if err != nil {
 			return err
 		}
@@ -801,7 +843,7 @@ func (daemon *Daemon) connectToNetwork(container *container.Container, idOrName
 	return nil
 }
 
-func updateJoinInfo(networkSettings *network.Settings, n libnetwork.Network, ep libnetwork.Endpoint) error { // nolint: interfacer
+func updateJoinInfo(networkSettings *network.Settings, n libnetwork.Network, ep libnetwork.Endpoint) error {
 	if ep == nil {
 		return errors.New("invalid enppoint whhile building portmap info")
 	}
@@ -1040,8 +1082,6 @@ func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName
 				EndpointSettings: endpointConfig,
 			}
 		}
-	} else if !daemon.isNetworkHotPluggable() {
-		return fmt.Errorf(runtime.GOOS + " does not support connecting a running container to a network")
 	} else {
 		if err := daemon.connectToNetwork(container, idOrName, endpointConfig, true); err != nil {
 			return err
@@ -1070,8 +1110,6 @@ func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, netw
 			return fmt.Errorf("container %s is not connected to the network %s", container.ID, networkName)
 		}
 		delete(container.NetworkSettings.Networks, networkName)
-	} else if err == nil && !daemon.isNetworkHotPluggable() {
-		return fmt.Errorf(runtime.GOOS + " does not support connecting a running container to a network")
 	} else if err == nil {
 		if container.HostConfig.NetworkMode.IsHost() && containertypes.NetworkMode(n.Type()).IsHost() {
 			return runconfig.ErrConflictHostNetwork
@@ -1099,11 +1137,11 @@ func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, netw
 
 // ActivateContainerServiceBinding puts this container into load balancer active rotation and DNS response
 func (daemon *Daemon) ActivateContainerServiceBinding(containerName string) error {
-	container, err := daemon.GetContainer(containerName)
+	ctr, err := daemon.GetContainer(containerName)
 	if err != nil {
 		return err
 	}
-	sb := daemon.getNetworkSandbox(container)
+	sb := daemon.getNetworkSandbox(ctr)
 	if sb == nil {
 		return fmt.Errorf("network sandbox does not exist for container %s", containerName)
 	}
@@ -1112,11 +1150,11 @@ func (daemon *Daemon) ActivateContainerServiceBinding(containerName string) erro
 
 // DeactivateContainerServiceBinding removes this container from load balancer active rotation, and DNS response
 func (daemon *Daemon) DeactivateContainerServiceBinding(containerName string) error {
-	container, err := daemon.GetContainer(containerName)
+	ctr, err := daemon.GetContainer(containerName)
 	if err != nil {
 		return err
 	}
-	sb := daemon.getNetworkSandbox(container)
+	sb := daemon.getNetworkSandbox(ctr)
 	if sb == nil {
 		// If the network sandbox is not found, then there is nothing to deactivate
 		logrus.Debugf("Could not find network sandbox for container %s on service binding deactivation request", containerName)
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index 9953c7f3fddc5..039a61b1c3047 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -1,24 +1,23 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
-	"time"
 
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/links"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libnetwork"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/libnetwork"
+	"github.com/moby/sys/mount"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -61,33 +60,33 @@ func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]s
 func (daemon *Daemon) getIpcContainer(id string) (*container.Container, error) {
 	errMsg := "can't join IPC of container " + id
 	// Check the container exists
-	container, err := daemon.GetContainer(id)
+	ctr, err := daemon.GetContainer(id)
 	if err != nil {
 		return nil, errors.Wrap(err, errMsg)
 	}
 	// Check the container is running and not restarting
-	if err := daemon.checkContainer(container, containerIsRunning, containerIsNotRestarting); err != nil {
+	if err := daemon.checkContainer(ctr, containerIsRunning, containerIsNotRestarting); err != nil {
 		return nil, errors.Wrap(err, errMsg)
 	}
 	// Check the container ipc is shareable
-	if st, err := os.Stat(container.ShmPath); err != nil || !st.IsDir() {
+	if st, err := os.Stat(ctr.ShmPath); err != nil || !st.IsDir() {
 		if err == nil || os.IsNotExist(err) {
-			return nil, errors.New(errMsg + ": non-shareable IPC")
+			return nil, errors.New(errMsg + ": non-shareable IPC (hint: use IpcMode:shareable for the donor container)")
 		}
 		// stat() failed?
-		return nil, errors.Wrap(err, errMsg+": unexpected error from stat "+container.ShmPath)
+		return nil, errors.Wrap(err, errMsg+": unexpected error from stat "+ctr.ShmPath)
 	}
 
-	return container, nil
+	return ctr, nil
 }
 
-func (daemon *Daemon) getPidContainer(container *container.Container) (*container.Container, error) {
-	containerID := container.HostConfig.PidMode.Container()
-	container, err := daemon.GetContainer(containerID)
+func (daemon *Daemon) getPidContainer(ctr *container.Container) (*container.Container, error) {
+	containerID := ctr.HostConfig.PidMode.Container()
+	ctr, err := daemon.GetContainer(containerID)
 	if err != nil {
 		return nil, errors.Wrapf(err, "cannot join PID of a non running container: %s", containerID)
 	}
-	return container, daemon.checkContainer(container, containerIsRunning, containerIsNotRestarting)
+	return ctr, daemon.checkContainer(ctr, containerIsRunning, containerIsNotRestarting)
 }
 
 func containerIsRunning(c *container.Container) error {
@@ -206,7 +205,7 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		if err != nil {
 			return errors.Wrap(err, "unable to get secret from secret store")
 		}
-		if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+		if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
 			return errors.Wrap(err, "error injecting secret")
 		}
 
@@ -227,14 +226,21 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		}
 	}
 
-	for _, ref := range c.ConfigReferences {
+	for _, configRef := range c.ConfigReferences {
 		// TODO (ehazlett): use type switch when more are supported
-		if ref.File == nil {
-			logrus.Error("config target type is not a file target")
+		if configRef.File == nil {
+			// Runtime configs are not mounted into the container, but they're
+			// a valid type of config so we should not error when we encounter
+			// one.
+			if configRef.Runtime == nil {
+				logrus.Error("config target type is not a file or runtime target")
+			}
+			// However, in any case, this isn't a file config, so we have no
+			// further work to do
 			continue
 		}
 
-		fPath, err := c.ConfigFilePath(*ref)
+		fPath, err := c.ConfigFilePath(*configRef)
 		if err != nil {
 			return errors.Wrap(err, "error getting config file path for container")
 		}
@@ -243,22 +249,22 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		}
 
 		logrus.WithFields(logrus.Fields{
-			"name": ref.File.Name,
+			"name": configRef.File.Name,
 			"path": fPath,
 		}).Debug("injecting config")
-		config, err := c.DependencyStore.Configs().Get(ref.ConfigID)
+		config, err := c.DependencyStore.Configs().Get(configRef.ConfigID)
 		if err != nil {
 			return errors.Wrap(err, "unable to get config from config store")
 		}
-		if err := ioutil.WriteFile(fPath, config.Spec.Data, ref.File.Mode); err != nil {
+		if err := os.WriteFile(fPath, config.Spec.Data, configRef.File.Mode); err != nil {
 			return errors.Wrap(err, "error injecting config")
 		}
 
-		uid, err := strconv.Atoi(ref.File.UID)
+		uid, err := strconv.Atoi(configRef.File.UID)
 		if err != nil {
 			return err
 		}
-		gid, err := strconv.Atoi(ref.File.GID)
+		gid, err := strconv.Atoi(configRef.File.GID)
 		if err != nil {
 			return err
 		}
@@ -266,7 +272,7 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
 			return errors.Wrap(err, "error setting ownership for config")
 		}
-		if err := os.Chmod(fPath, ref.File.Mode); err != nil {
+		if err := os.Chmod(fPath, configRef.File.Mode); err != nil {
 			return errors.Wrap(err, "error setting file mode for config")
 		}
 	}
@@ -323,36 +329,40 @@ func (daemon *Daemon) cleanupSecretDir(c *container.Container) {
 	if err := mount.RecursiveUnmount(dir); err != nil {
 		logrus.WithField("dir", dir).WithError(err).Warn("Error while attempting to unmount dir, this may prevent removal of container.")
 	}
-	if err := os.RemoveAll(dir); err != nil && !os.IsNotExist(err) {
+	if err := os.RemoveAll(dir); err != nil {
 		logrus.WithField("dir", dir).WithError(err).Error("Error removing dir.")
 	}
 }
 
-func killProcessDirectly(cntr *container.Container) error {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
-
-	// Block until the container to stops or timeout.
-	status := <-cntr.Wait(ctx, container.WaitConditionNotRunning)
-	if status.Err() != nil {
-		// Ensure that we don't kill ourselves
-		if pid := cntr.GetPID(); pid != 0 {
-			logrus.Infof("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", stringid.TruncateID(cntr.ID))
-			if err := unix.Kill(pid, 9); err != nil {
-				if err != unix.ESRCH {
-					return err
-				}
-				e := errNoSuchProcess{pid, 9}
-				logrus.Debug(e)
-				return e
-			}
+func killProcessDirectly(container *container.Container) error {
+	pid := container.GetPID()
+	// Ensure that we don't kill ourselves
+	if pid == 0 {
+		return nil
+	}
+
+	if err := unix.Kill(pid, 9); err != nil {
+		if err != unix.ESRCH {
+			return err
 		}
+		e := errNoSuchProcess{pid, 9}
+		logrus.WithError(e).WithField("container", container.ID).Debug("no such process")
+		return e
 	}
-	return nil
-}
 
-func detachMounted(path string) error {
-	return unix.Unmount(path, unix.MNT_DETACH)
+	// In case there were some exceptions(e.g., state of zombie and D)
+	if system.IsProcessAlive(pid) {
+		// Since we can not kill a zombie pid, add zombie check here
+		isZombie, err := system.IsProcessZombie(pid)
+		if err != nil {
+			logrus.WithError(err).WithField("container", container.ID).Warn("Container state is invalid")
+			return err
+		}
+		if isZombie {
+			return errdefs.System(errors.Errorf("container %s PID %d is zombie and can not be killed. Use the --init option when creating containers to run an init inside the container that forwards signals and reaps processes", stringid.TruncateID(container.ID), pid))
+		}
+	}
+	return nil
 }
 
 func isLinkable(child *container.Container) bool {
@@ -365,19 +375,60 @@ func enableIPOnPredefinedNetwork() bool {
 	return false
 }
 
-func (daemon *Daemon) isNetworkHotPluggable() bool {
-	return true
+// serviceDiscoveryOnDefaultNetwork indicates if service discovery is supported on the default network
+func serviceDiscoveryOnDefaultNetwork() bool {
+	return false
 }
 
 func (daemon *Daemon) setupPathsAndSandboxOptions(container *container.Container, sboxOptions *[]libnetwork.SandboxOption) error {
 	var err error
 
-	if container.HostConfig.NetworkMode.IsHost() {
-		// Point to the host files, so that will be copied into the container running in host mode
-		*sboxOptions = append(*sboxOptions, libnetwork.OptionOriginHostsPath("/etc/hosts"))
-		*sboxOptions = append(*sboxOptions, libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"))
-	} else {
-		*sboxOptions = append(*sboxOptions, libnetwork.OptionOriginResolvConfPath(daemon.configStore.GetResolvConf()))
+	// Set the correct paths for /etc/hosts and /etc/resolv.conf, based on the
+	// networking-mode of the container. Note that containers with "container"
+	// networking are already handled in "initializeNetworking()" before we reach
+	// this function, so do not have to be accounted for here.
+	switch {
+	case container.HostConfig.NetworkMode.IsHost():
+		// In host-mode networking, the container does not have its own networking
+		// namespace, so both `/etc/hosts` and `/etc/resolv.conf` should be the same
+		// as on the host itself. The container gets a copy of these files.
+		*sboxOptions = append(
+			*sboxOptions,
+			libnetwork.OptionOriginHostsPath("/etc/hosts"),
+			libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"),
+		)
+	case container.HostConfig.NetworkMode.IsUserDefined():
+		// The container uses a user-defined network. We use the embedded DNS
+		// server for container name resolution and to act as a DNS forwarder
+		// for external DNS resolution.
+		// We parse the DNS server(s) that are defined in /etc/resolv.conf on
+		// the host, which may be a local DNS server (for example, if DNSMasq or
+		// systemd-resolvd are in use). The embedded DNS server forwards DNS
+		// resolution to the DNS server configured on the host, which in itself
+		// may act as a forwarder for external DNS servers.
+		// If systemd-resolvd is used, the "upstream" DNS servers can be found in
+		// /run/systemd/resolve/resolv.conf. We do not query those DNS servers
+		// directly, as they can be dynamically reconfigured.
+		*sboxOptions = append(
+			*sboxOptions,
+			libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"),
+		)
+	default:
+		// For other situations, such as the default bridge network, container
+		// discovery / name resolution is handled through /etc/hosts, and no
+		// embedded DNS server is available. Without the embedded DNS, we
+		// cannot use local DNS servers on the host (for example, if DNSMasq or
+		// systemd-resolvd is used). If systemd-resolvd is used, we try to
+		// determine the external DNS servers that are used on the host.
+		// This situation is not ideal, because DNS servers configured in the
+		// container are not updated after the container is created, but the
+		// DNS servers on the host can be dynamically updated.
+		//
+		// Copy the host's resolv.conf for the container (/run/systemd/resolve/resolv.conf or /etc/resolv.conf)
+		*sboxOptions = append(
+			*sboxOptions,
+			libnetwork.OptionOriginResolvConfPath(daemon.configStore.GetResolvConf()),
+		)
 	}
 
 	container.HostsPath, err = container.GetRootResourcePath("hosts")
@@ -407,5 +458,5 @@ func (daemon *Daemon) setupContainerMountsRoot(c *container.Container) error {
 	if err != nil {
 		return err
 	}
-	return idtools.MkdirAllAndChown(p, 0700, daemon.idMapping.RootPair())
+	return idtools.MkdirAllAndChown(p, 0710, idtools.Identity{UID: idtools.CurrentIdentity().UID, GID: daemon.IdentityMapping().RootPair().GID})
 }
diff --git a/daemon/container_operations_windows.go b/daemon/container_operations_windows.go
index 349d3a1566fad..424536f239c1e 100644
--- a/daemon/container_operations_windows.go
+++ b/daemon/container_operations_windows.go
@@ -2,12 +2,11 @@ package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/libnetwork"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/libnetwork"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -44,11 +43,21 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
 	for _, configRef := range c.ConfigReferences {
 		// TODO (ehazlett): use type switch when more are supported
 		if configRef.File == nil {
-			logrus.Error("config target type is not a file target")
+			// Runtime configs are not mounted into the container, but they're
+			// a valid type of config so we should not error when we encounter
+			// one.
+			if configRef.Runtime == nil {
+				logrus.Error("config target type is not a file or runtime target")
+			}
+			// However, in any case, this isn't a file config, so we have no
+			// further work to do
 			continue
 		}
 
-		fPath := c.ConfigFilePath(*configRef)
+		fPath, err := c.ConfigFilePath(*configRef)
+		if err != nil {
+			return errors.Wrap(err, "error getting config file path for container")
+		}
 		log := logrus.WithFields(logrus.Fields{"name": configRef.File.Name, "path": fPath})
 
 		log.Debug("injecting config")
@@ -56,7 +65,7 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
 		if err != nil {
 			return errors.Wrap(err, "unable to get config from config store")
 		}
-		if err := ioutil.WriteFile(fPath, config.Spec.Data, configRef.File.Mode); err != nil {
+		if err := os.WriteFile(fPath, config.Spec.Data, configRef.File.Mode); err != nil {
 			return errors.Wrap(err, "error injecting config")
 		}
 	}
@@ -78,10 +87,6 @@ func (daemon *Daemon) mountVolumes(container *container.Container) error {
 	return nil
 }
 
-func detachMounted(path string) error {
-	return nil
-}
-
 func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 	if len(c.SecretReferences) == 0 {
 		return nil
@@ -131,7 +136,7 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		if err != nil {
 			return errors.Wrap(err, "unable to get secret from secret store")
 		}
-		if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+		if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
 			return errors.Wrap(err, "error injecting secret")
 		}
 	}
@@ -151,7 +156,8 @@ func enableIPOnPredefinedNetwork() bool {
 	return true
 }
 
-func (daemon *Daemon) isNetworkHotPluggable() bool {
+// serviceDiscoveryOnDefaultNetwork indicates if service discovery is supported on the default network
+func serviceDiscoveryOnDefaultNetwork() bool {
 	return true
 }
 
diff --git a/daemon/container_unix_test.go b/daemon/container_unix_test.go
index b4c5f84c7e794..da85f8f608153 100644
--- a/daemon/container_unix_test.go
+++ b/daemon/container_unix_test.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package daemon
@@ -9,7 +10,7 @@ import (
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/go-connections/nat"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 // TestContainerWarningHostAndPublishPorts that a warning is returned when setting network mode to host and specifying published ports.
@@ -24,6 +25,7 @@ func TestContainerWarningHostAndPublishPorts(t *testing.T) {
 			"8080": []nat.PortBinding{{HostPort: "8989"}},
 		}, warnings: []string{"Published ports are discarded when using host network mode"}},
 	}
+	muteLogs()
 
 	for _, tc := range testCases {
 		hostConfig := &containertypes.HostConfig{
@@ -32,12 +34,10 @@ func TestContainerWarningHostAndPublishPorts(t *testing.T) {
 			PortBindings: tc.ports,
 		}
 		cs := &config.Config{
-			CommonUnixConfig: config.CommonUnixConfig{
-				Runtimes: map[string]types.Runtime{"runc": {}},
-			},
+			Runtimes: map[string]types.Runtime{"runc": {}},
 		}
 		d := &Daemon{configStore: cs}
-		wrns, err := d.verifyContainerSettings("", hostConfig, &containertypes.Config{}, false)
+		wrns, err := d.verifyContainerSettings(hostConfig, &containertypes.Config{}, false)
 		assert.NilError(t, err)
 		assert.DeepEqual(t, tc.warnings, wrns)
 	}
diff --git a/daemon/container_windows.go b/daemon/container_windows.go
index 0ca8039dd6014..fa9ae50f8fb52 100644
--- a/daemon/container_windows.go
+++ b/daemon/container_windows.go
@@ -4,6 +4,6 @@ import (
 	"github.com/docker/docker/container"
 )
 
-func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
+func (daemon *Daemon) saveAppArmorConfig(container *container.Container) error {
 	return nil
 }
diff --git a/daemon/content.go b/daemon/content.go
new file mode 100644
index 0000000000000..01d1e2343d135
--- /dev/null
+++ b/daemon/content.go
@@ -0,0 +1,30 @@
+package daemon
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/content/local"
+	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/metadata"
+	"github.com/pkg/errors"
+	"go.etcd.io/bbolt"
+)
+
+func (d *Daemon) configureLocalContentStore() (content.Store, leases.Manager, error) {
+	if err := os.MkdirAll(filepath.Join(d.root, "content"), 0700); err != nil {
+		return nil, nil, errors.Wrap(err, "error creating dir for content store")
+	}
+	db, err := bbolt.Open(filepath.Join(d.root, "content", "metadata.db"), 0600, nil)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "error opening bolt db for content metadata store")
+	}
+	cs, err := local.NewStore(filepath.Join(d.root, "content", "data"))
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "error setting up content store")
+	}
+	md := metadata.NewDB(db, cs, nil)
+	d.mdDB = db
+	return md.ContentStore(), metadata.NewLeaseManager(md), nil
+}
diff --git a/daemon/create.go b/daemon/create.go
index 1afb1bebea328..70c1ac94ca1cb 100644
--- a/daemon/create.go
+++ b/daemon/create.go
@@ -7,192 +7,201 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containerd/containerd/platforms"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/images"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/runconfig"
-	"github.com/opencontainers/selinux/go-selinux/label"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
+type createOpts struct {
+	params                  types.ContainerCreateConfig
+	managed                 bool
+	ignoreImagesArgsEscaped bool
+}
+
 // CreateManagedContainer creates a container that is managed by a Service
 func (daemon *Daemon) CreateManagedContainer(params types.ContainerCreateConfig) (containertypes.ContainerCreateCreatedBody, error) {
-	return daemon.containerCreate(params, true)
+	return daemon.containerCreate(createOpts{
+		params:                  params,
+		managed:                 true,
+		ignoreImagesArgsEscaped: false})
 }
 
 // ContainerCreate creates a regular container
 func (daemon *Daemon) ContainerCreate(params types.ContainerCreateConfig) (containertypes.ContainerCreateCreatedBody, error) {
-	return daemon.containerCreate(params, false)
+	return daemon.containerCreate(createOpts{
+		params:                  params,
+		managed:                 false,
+		ignoreImagesArgsEscaped: false})
+}
+
+// ContainerCreateIgnoreImagesArgsEscaped creates a regular container. This is called from the builder RUN case
+// and ensures that we do not take the images ArgsEscaped
+func (daemon *Daemon) ContainerCreateIgnoreImagesArgsEscaped(params types.ContainerCreateConfig) (containertypes.ContainerCreateCreatedBody, error) {
+	return daemon.containerCreate(createOpts{
+		params:                  params,
+		managed:                 false,
+		ignoreImagesArgsEscaped: true})
 }
 
-func (daemon *Daemon) containerCreate(params types.ContainerCreateConfig, managed bool) (containertypes.ContainerCreateCreatedBody, error) {
+func (daemon *Daemon) containerCreate(opts createOpts) (containertypes.ContainerCreateCreatedBody, error) {
 	start := time.Now()
-	if params.Config == nil {
+	if opts.params.Config == nil {
 		return containertypes.ContainerCreateCreatedBody{}, errdefs.InvalidParameter(errors.New("Config cannot be empty in order to create a container"))
 	}
 
-	os := runtime.GOOS
-	if params.Config.Image != "" {
-		img, err := daemon.imageService.GetImage(params.Config.Image)
-		if err == nil {
-			os = img.OS
-		}
-	} else {
-		// This mean scratch. On Windows, we can safely assume that this is a linux
-		// container. On other platforms, it's the host OS (which it already is)
-		if runtime.GOOS == "windows" && system.LCOWSupported() {
-			os = "linux"
-		}
-	}
-
-	warnings, err := daemon.verifyContainerSettings(os, params.HostConfig, params.Config, false)
+	warnings, err := daemon.verifyContainerSettings(opts.params.HostConfig, opts.params.Config, false)
 	if err != nil {
 		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, errdefs.InvalidParameter(err)
 	}
 
-	err = verifyNetworkingConfig(params.NetworkingConfig)
+	if opts.params.Platform == nil && opts.params.Config.Image != "" {
+		if img, _ := daemon.imageService.GetImage(opts.params.Config.Image, opts.params.Platform); img != nil {
+			p := platforms.DefaultSpec()
+			imgPlat := v1.Platform{
+				OS:           img.OS,
+				Architecture: img.Architecture,
+				Variant:      img.Variant,
+			}
+
+			if !images.OnlyPlatformWithFallback(p).Match(imgPlat) {
+				warnings = append(warnings, fmt.Sprintf("The requested image's platform (%s) does not match the detected host platform (%s) and no specific platform was requested", platforms.Format(imgPlat), platforms.Format(p)))
+			}
+		}
+	}
+
+	err = verifyNetworkingConfig(opts.params.NetworkingConfig)
 	if err != nil {
 		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, errdefs.InvalidParameter(err)
 	}
 
-	if params.HostConfig == nil {
-		params.HostConfig = &containertypes.HostConfig{}
+	if opts.params.HostConfig == nil {
+		opts.params.HostConfig = &containertypes.HostConfig{}
 	}
-	err = daemon.adaptContainerSettings(params.HostConfig, params.AdjustCPUShares)
+	err = daemon.adaptContainerSettings(opts.params.HostConfig, opts.params.AdjustCPUShares)
 	if err != nil {
 		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, errdefs.InvalidParameter(err)
 	}
 
-	container, err := daemon.create(params, managed)
+	ctr, err := daemon.create(opts)
 	if err != nil {
 		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, err
 	}
 	containerActions.WithValues("create").UpdateSince(start)
 
-	return containertypes.ContainerCreateCreatedBody{ID: container.ID, Warnings: warnings}, nil
+	if warnings == nil {
+		warnings = make([]string, 0) // Create an empty slice to avoid https://github.com/moby/moby/issues/38222
+	}
+
+	return containertypes.ContainerCreateCreatedBody{ID: ctr.ID, Warnings: warnings}, nil
 }
 
 // Create creates a new container from the given configuration with a given name.
-func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) (retC *container.Container, retErr error) {
+func (daemon *Daemon) create(opts createOpts) (retC *container.Container, retErr error) {
 	var (
-		container *container.Container
-		img       *image.Image
-		imgID     image.ID
-		err       error
+		ctr   *container.Container
+		img   *image.Image
+		imgID image.ID
+		err   error
+		os    = runtime.GOOS
 	)
 
-	os := runtime.GOOS
-	if params.Config.Image != "" {
-		img, err = daemon.imageService.GetImage(params.Config.Image)
+	if opts.params.Config.Image != "" {
+		img, err = daemon.imageService.GetImage(opts.params.Config.Image, opts.params.Platform)
 		if err != nil {
 			return nil, err
 		}
-		if img.OS != "" {
-			os = img.OS
-		} else {
-			// default to the host OS except on Windows with LCOW
-			if runtime.GOOS == "windows" && system.LCOWSupported() {
-				os = "linux"
-			}
-		}
+		os = img.OperatingSystem()
 		imgID = img.ID()
-
-		if runtime.GOOS == "windows" && img.OS == "linux" && !system.LCOWSupported() {
+		if !system.IsOSSupported(os) {
 			return nil, errors.New("operating system on which parent image was created is not Windows")
 		}
-	} else {
-		if runtime.GOOS == "windows" {
-			os = "linux" // 'scratch' case.
-		}
+	} else if isWindows {
+		os = "linux" // 'scratch' case.
+	}
+
+	// On WCOW, if are not being invoked by the builder to create this container (where
+	// ignoreImagesArgEscaped will be true) - if the image already has its arguments escaped,
+	// ensure that this is replicated across to the created container to avoid double-escaping
+	// of the arguments/command line when the runtime attempts to run the container.
+	if os == "windows" && !opts.ignoreImagesArgsEscaped && img != nil && img.RunConfig().ArgsEscaped {
+		opts.params.Config.ArgsEscaped = true
 	}
 
-	if err := daemon.mergeAndVerifyConfig(params.Config, img); err != nil {
+	if err := daemon.mergeAndVerifyConfig(opts.params.Config, img); err != nil {
 		return nil, errdefs.InvalidParameter(err)
 	}
 
-	if err := daemon.mergeAndVerifyLogConfig(&params.HostConfig.LogConfig); err != nil {
+	if err := daemon.mergeAndVerifyLogConfig(&opts.params.HostConfig.LogConfig); err != nil {
 		return nil, errdefs.InvalidParameter(err)
 	}
 
-	if container, err = daemon.newContainer(params.Name, os, params.Config, params.HostConfig, imgID, managed); err != nil {
+	if ctr, err = daemon.newContainer(opts.params.Name, os, opts.params.Config, opts.params.HostConfig, imgID, opts.managed); err != nil {
 		return nil, err
 	}
 	defer func() {
 		if retErr != nil {
-			if err := daemon.cleanupContainer(container, true, true); err != nil {
+			if err := daemon.cleanupContainer(ctr, true, true); err != nil {
 				logrus.Errorf("failed to cleanup container on create error: %v", err)
 			}
 		}
 	}()
 
-	if err := daemon.setSecurityOptions(container, params.HostConfig); err != nil {
+	if err := daemon.setSecurityOptions(ctr, opts.params.HostConfig); err != nil {
 		return nil, err
 	}
 
-	container.HostConfig.StorageOpt = params.HostConfig.StorageOpt
-
-	// Fixes: https://github.com/moby/moby/issues/34074 and
-	// https://github.com/docker/for-win/issues/999.
-	// Merge the daemon's storage options if they aren't already present. We only
-	// do this on Windows as there's no effective sandbox size limit other than
-	// physical on Linux.
-	if runtime.GOOS == "windows" {
-		if container.HostConfig.StorageOpt == nil {
-			container.HostConfig.StorageOpt = make(map[string]string)
-		}
-		for _, v := range daemon.configStore.GraphOptions {
-			opt := strings.SplitN(v, "=", 2)
-			if _, ok := container.HostConfig.StorageOpt[opt[0]]; !ok {
-				container.HostConfig.StorageOpt[opt[0]] = opt[1]
-			}
-		}
-	}
+	ctr.HostConfig.StorageOpt = opts.params.HostConfig.StorageOpt
 
 	// Set RWLayer for container after mount labels have been set
-	rwLayer, err := daemon.imageService.CreateLayer(container, setupInitLayer(daemon.idMapping))
+	rwLayer, err := daemon.imageService.CreateLayer(ctr, setupInitLayer(daemon.idMapping))
 	if err != nil {
 		return nil, errdefs.System(err)
 	}
-	container.RWLayer = rwLayer
+	ctr.RWLayer = rwLayer
 
-	rootIDs := daemon.idMapping.RootPair()
-
-	if err := idtools.MkdirAndChown(container.Root, 0700, rootIDs); err != nil {
+	current := idtools.CurrentIdentity()
+	if err := idtools.MkdirAndChown(ctr.Root, 0710, idtools.Identity{UID: current.UID, GID: daemon.IdentityMapping().RootPair().GID}); err != nil {
 		return nil, err
 	}
-	if err := idtools.MkdirAndChown(container.CheckpointDir(), 0700, rootIDs); err != nil {
+	if err := idtools.MkdirAndChown(ctr.CheckpointDir(), 0700, current); err != nil {
 		return nil, err
 	}
 
-	if err := daemon.setHostConfig(container, params.HostConfig); err != nil {
+	if err := daemon.setHostConfig(ctr, opts.params.HostConfig); err != nil {
 		return nil, err
 	}
 
-	if err := daemon.createContainerOSSpecificSettings(container, params.Config, params.HostConfig); err != nil {
+	if err := daemon.createContainerOSSpecificSettings(ctr, opts.params.Config, opts.params.HostConfig); err != nil {
 		return nil, err
 	}
 
 	var endpointsConfigs map[string]*networktypes.EndpointSettings
-	if params.NetworkingConfig != nil {
-		endpointsConfigs = params.NetworkingConfig.EndpointsConfig
+	if opts.params.NetworkingConfig != nil {
+		endpointsConfigs = opts.params.NetworkingConfig.EndpointsConfig
 	}
 	// Make sure NetworkMode has an acceptable value. We do this to ensure
 	// backwards API compatibility.
-	runconfig.SetDefaultNetModeIfBlank(container.HostConfig)
+	runconfig.SetDefaultNetModeIfBlank(ctr.HostConfig)
 
-	daemon.updateContainerNetworkSettings(container, endpointsConfigs)
-	if err := daemon.Register(container); err != nil {
+	daemon.updateContainerNetworkSettings(ctr, endpointsConfigs)
+	if err := daemon.Register(ctr); err != nil {
 		return nil, err
 	}
-	stateCtr.set(container.ID, "stopped")
-	daemon.LogContainerEvent(container, "create")
-	return container, nil
+	stateCtr.set(ctr.ID, "stopped")
+	daemon.LogContainerEvent(ctr, "create")
+	return ctr, nil
 }
 
 func toHostConfigSelinuxLabels(labels []string) []string {
@@ -214,7 +223,7 @@ func (daemon *Daemon) generateSecurityOpt(hostConfig *containertypes.HostConfig)
 	pidMode := hostConfig.PidMode
 	privileged := hostConfig.Privileged
 	if ipcMode.IsHost() || pidMode.IsHost() || privileged {
-		return toHostConfigSelinuxLabels(label.DisableSecOpt()), nil
+		return toHostConfigSelinuxLabels(selinux.DisableSecOpt()), nil
 	}
 
 	var ipcLabel []string
@@ -226,7 +235,10 @@ func (daemon *Daemon) generateSecurityOpt(hostConfig *containertypes.HostConfig)
 		if err != nil {
 			return nil, err
 		}
-		ipcLabel = label.DupSecOpt(c.ProcessLabel)
+		ipcLabel, err = selinux.DupSecOpt(c.ProcessLabel)
+		if err != nil {
+			return nil, err
+		}
 		if pidContainer == "" {
 			return toHostConfigSelinuxLabels(ipcLabel), err
 		}
@@ -237,7 +249,10 @@ func (daemon *Daemon) generateSecurityOpt(hostConfig *containertypes.HostConfig)
 			return nil, err
 		}
 
-		pidLabel = label.DupSecOpt(c.ProcessLabel)
+		pidLabel, err = selinux.DupSecOpt(c.ProcessLabel)
+		if err != nil {
+			return nil, err
+		}
 		if ipcContainer == "" {
 			return toHostConfigSelinuxLabels(pidLabel), err
 		}
@@ -276,30 +291,31 @@ func verifyNetworkingConfig(nwConfig *networktypes.NetworkingConfig) error {
 	if nwConfig == nil || len(nwConfig.EndpointsConfig) == 0 {
 		return nil
 	}
-	if len(nwConfig.EndpointsConfig) == 1 {
-		for k, v := range nwConfig.EndpointsConfig {
-			if v == nil {
-				return errdefs.InvalidParameter(errors.Errorf("no EndpointSettings for %s", k))
+	if len(nwConfig.EndpointsConfig) > 1 {
+		l := make([]string, 0, len(nwConfig.EndpointsConfig))
+		for k := range nwConfig.EndpointsConfig {
+			l = append(l, k)
+		}
+		return errors.Errorf("Container cannot be connected to network endpoints: %s", strings.Join(l, ", "))
+	}
+
+	for k, v := range nwConfig.EndpointsConfig {
+		if v == nil {
+			return errdefs.InvalidParameter(errors.Errorf("no EndpointSettings for %s", k))
+		}
+		if v.IPAMConfig != nil {
+			if v.IPAMConfig.IPv4Address != "" && net.ParseIP(v.IPAMConfig.IPv4Address).To4() == nil {
+				return errors.Errorf("invalid IPv4 address: %s", v.IPAMConfig.IPv4Address)
 			}
-			if v.IPAMConfig != nil {
-				if v.IPAMConfig.IPv4Address != "" && net.ParseIP(v.IPAMConfig.IPv4Address).To4() == nil {
-					return errors.Errorf("invalid IPv4 address: %s", v.IPAMConfig.IPv4Address)
-				}
-				if v.IPAMConfig.IPv6Address != "" {
-					n := net.ParseIP(v.IPAMConfig.IPv6Address)
-					// if the address is an invalid network address (ParseIP == nil) or if it is
-					// an IPv4 address (To4() != nil), then it is an invalid IPv6 address
-					if n == nil || n.To4() != nil {
-						return errors.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address)
-					}
+			if v.IPAMConfig.IPv6Address != "" {
+				n := net.ParseIP(v.IPAMConfig.IPv6Address)
+				// if the address is an invalid network address (ParseIP == nil) or if it is
+				// an IPv4 address (To4() != nil), then it is an invalid IPv6 address
+				if n == nil || n.To4() != nil {
+					return errors.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address)
 				}
 			}
 		}
-		return nil
 	}
-	l := make([]string, 0, len(nwConfig.EndpointsConfig))
-	for k := range nwConfig.EndpointsConfig {
-		l = append(l, k)
-	}
-	return errors.Errorf("Container cannot be connected to network endpoints: %s", strings.Join(l, ", "))
+	return nil
 }
diff --git a/daemon/create_test.go b/daemon/create_test.go
index 3dba847d46b3d..5abe24d2cfb0f 100644
--- a/daemon/create_test.go
+++ b/daemon/create_test.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/errdefs"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 // Test case for 35752
diff --git a/daemon/create_unix.go b/daemon/create_unix.go
index 13857bab069a1..f6f9649eb5f5c 100644
--- a/daemon/create_unix.go
+++ b/daemon/create_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -41,12 +42,14 @@ func (daemon *Daemon) createContainerOSSpecificSettings(container *container.Con
 	}
 
 	for spec := range config.Volumes {
-		name := stringid.GenerateNonCryptoID()
+		name := stringid.GenerateRandomID()
 		destination := filepath.Clean(spec)
 
 		// Skip volumes for which we already have something mounted on that
 		// destination because of a --volume-from.
-		if container.IsDestinationMounted(destination) {
+		if container.HasMountFor(destination) {
+			logrus.WithField("container", container.ID).WithField("destination", spec).Debug("mountpoint already exists, skipping anonymous volume")
+			// Not an error, this could easily have come from the image config.
 			continue
 		}
 		path, err := container.GetResourcePath(destination)
diff --git a/daemon/create_windows.go b/daemon/create_windows.go
index 37e425a014af7..f47b732fbd3cd 100644
--- a/daemon/create_windows.go
+++ b/daemon/create_windows.go
@@ -3,7 +3,6 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"context"
 	"fmt"
-	"runtime"
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
@@ -14,21 +13,11 @@ import (
 
 // createContainerOSSpecificSettings performs host-OS specific container create functionality
 func (daemon *Daemon) createContainerOSSpecificSettings(container *container.Container, config *containertypes.Config, hostConfig *containertypes.HostConfig) error {
-
-	if container.OS == runtime.GOOS {
+	if containertypes.Isolation.IsDefault(hostConfig.Isolation) {
 		// Make sure the host config has the default daemon isolation if not specified by caller.
-		if containertypes.Isolation.IsDefault(containertypes.Isolation(hostConfig.Isolation)) {
-			hostConfig.Isolation = daemon.defaultIsolation
-		}
-	} else {
-		// LCOW must be a Hyper-V container as you can't run a shared kernel when one
-		// is a Windows kernel, the other is a Linux kernel.
-		if containertypes.Isolation.IsProcess(containertypes.Isolation(hostConfig.Isolation)) {
-			return fmt.Errorf("process isolation is invalid for Linux containers on Windows")
-		}
-		hostConfig.Isolation = "hyperv"
+		hostConfig.Isolation = daemon.defaultIsolation
 	}
-	parser := volumemounts.NewParser(container.OS)
+	parser := volumemounts.NewParser()
 	for spec := range config.Volumes {
 
 		mp, err := parser.ParseMountRaw(spec, hostConfig.VolumeDriver)
@@ -38,7 +27,7 @@ func (daemon *Daemon) createContainerOSSpecificSettings(container *container.Con
 
 		// If the mountpoint doesn't have a name, generate one.
 		if len(mp.Name) == 0 {
-			mp.Name = stringid.GenerateNonCryptoID()
+			mp.Name = stringid.GenerateRandomID()
 		}
 
 		// Skip volumes for which we already have something mounted on that
diff --git a/daemon/daemon.go b/daemon/daemon.go
index 14b31e76677c6..34bcb53768c17 100644
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@@ -8,9 +8,8 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
-	"math/rand"
 	"net"
+	"net/url"
 	"os"
 	"path"
 	"path/filepath"
@@ -19,13 +18,11 @@ import (
 	"sync"
 	"time"
 
-	"google.golang.org/grpc"
-
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/defaults"
 	"github.com/containerd/containerd/pkg/dialer"
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/containerd/containerd/remotes/docker"
-	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/swarm"
@@ -35,26 +32,23 @@ import (
 	"github.com/docker/docker/daemon/discovery"
 	"github.com/docker/docker/daemon/events"
 	"github.com/docker/docker/daemon/exec"
+	_ "github.com/docker/docker/daemon/graphdriver/register" // register graph drivers
 	"github.com/docker/docker/daemon/images"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/network"
-	"github.com/docker/docker/errdefs"
-	"github.com/moby/buildkit/util/resolver"
-	"github.com/moby/buildkit/util/tracing"
-	"github.com/sirupsen/logrus"
-	// register graph drivers
-	_ "github.com/docker/docker/daemon/graphdriver/register"
 	"github.com/docker/docker/daemon/stats"
 	dmetadata "github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
-	"github.com/docker/docker/libcontainerd"
-	"github.com/docker/docker/migrate/v1"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/libnetwork/cluster"
+	nwconfig "github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/pkg/truncindex"
 	"github.com/docker/docker/plugin"
@@ -63,14 +57,21 @@ import (
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
 	volumesservice "github.com/docker/docker/volume/service"
-	"github.com/docker/libnetwork"
-	"github.com/docker/libnetwork/cluster"
-	nwconfig "github.com/docker/libnetwork/config"
+	"github.com/moby/buildkit/util/resolver"
+	"github.com/moby/locker"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"go.etcd.io/bbolt"
+	"golang.org/x/sync/semaphore"
+	"golang.org/x/sync/singleflight"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/backoff"
 )
 
 // ContainersNamespace is the name of the namespace used for users containers
-const ContainersNamespace = "moby"
+const (
+	ContainersNamespace = "moby"
+)
 
 var (
 	errSystemNotSupported = errors.New("the Docker daemon is not supported on this platform")
@@ -78,34 +79,32 @@ var (
 
 // Daemon holds information about the Docker daemon.
 type Daemon struct {
-	ID                string
-	repository        string
-	containers        container.Store
-	containersReplica container.ViewDB
-	execCommands      *exec.Store
-	imageService      *images.ImageService
-	idIndex           *truncindex.TruncIndex
-	configStore       *config.Config
-	statsCollector    *stats.Collector
-	defaultLogConfig  containertypes.LogConfig
-	RegistryService   registry.Service
-	EventsService     *events.Events
-	netController     libnetwork.NetworkController
-	volumes           *volumesservice.VolumesService
-	discoveryWatcher  discovery.Reloader
-	root              string
-	seccompEnabled    bool
-	apparmorEnabled   bool
-	shutdown          bool
-	idMapping         *idtools.IdentityMapping
-	// TODO: move graphDrivers field to an InfoService
-	graphDrivers map[string]string // By operating system
-
-	PluginStore           *plugin.Store // todo: remove
+	ID                    string
+	repository            string
+	containers            container.Store
+	containersReplica     container.ViewDB
+	execCommands          *exec.Store
+	imageService          *images.ImageService
+	idIndex               *truncindex.TruncIndex
+	configStore           *config.Config
+	statsCollector        *stats.Collector
+	defaultLogConfig      containertypes.LogConfig
+	RegistryService       registry.Service
+	EventsService         *events.Events
+	netController         libnetwork.NetworkController
+	volumes               *volumesservice.VolumesService
+	discoveryWatcher      discovery.Reloader
+	root                  string
+	seccompEnabled        bool
+	apparmorEnabled       bool
+	shutdown              bool
+	idMapping             *idtools.IdentityMapping
+	graphDriver           string        // TODO: move graphDriver field to an InfoService
+	PluginStore           *plugin.Store // TODO: remove
 	pluginManager         *plugin.Manager
 	linkIndex             *linkIndex
 	containerdCli         *containerd.Client
-	containerd            libcontainerd.Client
+	containerd            libcontainerdtypes.Client
 	defaultIsolation      containertypes.Isolation // Default isolation mode on Windows
 	clusterProvider       cluster.Provider
 	cluster               Cluster
@@ -117,13 +116,19 @@ type Daemon struct {
 	seccompProfile     []byte
 	seccompProfilePath string
 
-	diskUsageRunning int32
-	pruneRunning     int32
-	hosts            map[string]bool // hosts stores the addresses the daemon is listening on
-	startupDone      chan struct{}
+	usage singleflight.Group
+
+	pruneRunning int32
+	hosts        map[string]bool // hosts stores the addresses the daemon is listening on
+	startupDone  chan struct{}
 
 	attachmentStore       network.AttachmentStore
 	attachableNetworkLock *locker.Locker
+
+	// This is used for Windows which doesn't currently support running on containerd
+	// It stores metadata for the content store (used for manifest caching)
+	// This needs to be closed on daemon exit
+	mdDB *bbolt.DB
 }
 
 // StoreHosts stores the addresses the daemon is listening on
@@ -146,208 +151,262 @@ func (daemon *Daemon) Features() *map[string]bool {
 	return &daemon.configStore.Features
 }
 
-// NewResolveOptionsFunc returns a call back function to resolve "registry-mirrors" and
-// "insecure-registries" for buildkit
-func (daemon *Daemon) NewResolveOptionsFunc() resolver.ResolveOptionsFunc {
-	return func(ref string) docker.ResolverOptions {
-		var (
-			registryKey = "docker.io"
-			mirrors     = make([]string, len(daemon.configStore.Mirrors))
-			m           = map[string]resolver.RegistryConf{}
-		)
-		// must trim "https://" or "http://" prefix
-		for i, v := range daemon.configStore.Mirrors {
-			v = strings.TrimPrefix(v, "https://")
-			v = strings.TrimPrefix(v, "http://")
-			mirrors[i] = v
+// RegistryHosts returns registry configuration in containerd resolvers format
+func (daemon *Daemon) RegistryHosts() docker.RegistryHosts {
+	var (
+		registryKey = "docker.io"
+		mirrors     = make([]string, len(daemon.configStore.Mirrors))
+		m           = map[string]resolver.RegistryConfig{}
+	)
+	// must trim "https://" or "http://" prefix
+	for i, v := range daemon.configStore.Mirrors {
+		if uri, err := url.Parse(v); err == nil {
+			v = uri.Host
 		}
-		// set "registry-mirrors"
-		m[registryKey] = resolver.RegistryConf{Mirrors: mirrors}
-		// set "insecure-registries"
-		for _, v := range daemon.configStore.InsecureRegistries {
-			v = strings.TrimPrefix(v, "http://")
-			m[v] = resolver.RegistryConf{
-				PlainHTTP: true,
+		mirrors[i] = v
+	}
+	// set mirrors for default registry
+	m[registryKey] = resolver.RegistryConfig{Mirrors: mirrors}
+
+	for _, v := range daemon.configStore.InsecureRegistries {
+		u, err := url.Parse(v)
+		c := resolver.RegistryConfig{}
+		if err == nil {
+			v = u.Host
+			t := true
+			if u.Scheme == "http" {
+				c.PlainHTTP = &t
+			} else {
+				c.Insecure = &t
 			}
 		}
-		def := docker.ResolverOptions{
-			Client: tracing.DefaultClient,
-		}
-
-		parsed, err := reference.ParseNormalizedNamed(ref)
-		if err != nil {
-			return def
-		}
-		host := reference.Domain(parsed)
+		m[v] = c
+	}
 
-		c, ok := m[host]
-		if !ok {
-			return def
+	for k, v := range m {
+		if d, err := registry.HostCertsDir(k); err == nil {
+			v.TLSConfigDir = []string{d}
+			m[k] = v
 		}
+	}
 
-		if len(c.Mirrors) > 0 {
-			def.Host = func(string) (string, error) {
-				return c.Mirrors[rand.Intn(len(c.Mirrors))], nil
+	certsDir := registry.CertsDir()
+	if fis, err := os.ReadDir(certsDir); err == nil {
+		for _, fi := range fis {
+			if _, ok := m[fi.Name()]; !ok {
+				m[fi.Name()] = resolver.RegistryConfig{
+					TLSConfigDir: []string{filepath.Join(certsDir, fi.Name())},
+				}
 			}
 		}
-
-		def.PlainHTTP = c.PlainHTTP
-
-		return def
 	}
+
+	return resolver.NewRegistryConfig(m)
 }
 
 func (daemon *Daemon) restore() error {
+	var mapLock sync.Mutex
 	containers := make(map[string]*container.Container)
 
 	logrus.Info("Loading containers: start.")
 
-	dir, err := ioutil.ReadDir(daemon.repository)
+	dir, err := os.ReadDir(daemon.repository)
 	if err != nil {
 		return err
 	}
 
+	// parallelLimit is the maximum number of parallel startup jobs that we
+	// allow (this is the limited used for all startup semaphores). The multipler
+	// (128) was chosen after some fairly significant benchmarking -- don't change
+	// it unless you've tested it significantly (this value is adjusted if
+	// RLIMIT_NOFILE is small to avoid EMFILE).
+	parallelLimit := adjustParallelLimit(len(dir), 128*runtime.NumCPU())
+
+	// Re-used for all parallel startup jobs.
+	var group sync.WaitGroup
+	sem := semaphore.NewWeighted(int64(parallelLimit))
+
 	for _, v := range dir {
-		id := v.Name()
-		container, err := daemon.load(id)
-		if err != nil {
-			logrus.Errorf("Failed to load container %v: %v", id, err)
-			continue
-		}
-		if !system.IsOSSupported(container.OS) {
-			logrus.Errorf("Failed to load container %v: %s (%q)", id, system.ErrNotSupportedOperatingSystem, container.OS)
-			continue
-		}
-		// Ignore the container if it does not support the current driver being used by the graph
-		currentDriverForContainerOS := daemon.graphDrivers[container.OS]
-		if (container.Driver == "" && currentDriverForContainerOS == "aufs") || container.Driver == currentDriverForContainerOS {
-			rwlayer, err := daemon.imageService.GetLayerByID(container.ID, container.OS)
+		group.Add(1)
+		go func(id string) {
+			defer group.Done()
+			_ = sem.Acquire(context.Background(), 1)
+			defer sem.Release(1)
+
+			log := logrus.WithField("container", id)
+
+			c, err := daemon.load(id)
 			if err != nil {
-				logrus.Errorf("Failed to load container mount %v: %v", id, err)
-				continue
+				log.WithError(err).Error("failed to load container")
+				return
+			}
+			if !system.IsOSSupported(c.OS) {
+				log.Errorf("failed to load container: %s (%q)", system.ErrNotSupportedOperatingSystem, c.OS)
+				return
 			}
-			container.RWLayer = rwlayer
-			logrus.Debugf("Loaded container %v, isRunning: %v", container.ID, container.IsRunning())
+			// Ignore the container if it does not support the current driver being used by the graph
+			if (c.Driver == "" && daemon.graphDriver == "aufs") || c.Driver == daemon.graphDriver {
+				rwlayer, err := daemon.imageService.GetLayerByID(c.ID)
+				if err != nil {
+					log.WithError(err).Error("failed to load container mount")
+					return
+				}
+				c.RWLayer = rwlayer
+				log.WithFields(logrus.Fields{
+					"running": c.IsRunning(),
+					"paused":  c.IsPaused(),
+				}).Debug("loaded container")
 
-			containers[container.ID] = container
-		} else {
-			logrus.Debugf("Cannot load container %s because it was created with another graph driver.", container.ID)
-		}
+				mapLock.Lock()
+				containers[c.ID] = c
+				mapLock.Unlock()
+			} else {
+				log.Debugf("cannot load container because it was created with another storage driver")
+			}
+		}(v.Name())
 	}
+	group.Wait()
 
 	removeContainers := make(map[string]*container.Container)
 	restartContainers := make(map[*container.Container]chan struct{})
 	activeSandboxes := make(map[string]interface{})
-	for id, c := range containers {
-		if err := daemon.registerName(c); err != nil {
-			logrus.Errorf("Failed to register container name %s: %s", c.ID, err)
-			delete(containers, id)
-			continue
-		}
-		if err := daemon.Register(c); err != nil {
-			logrus.Errorf("Failed to register container %s: %s", c.ID, err)
-			delete(containers, id)
-			continue
-		}
 
-		// The LogConfig.Type is empty if the container was created before docker 1.12 with default log driver.
-		// We should rewrite it to use the daemon defaults.
-		// Fixes https://github.com/docker/docker/issues/22536
-		if c.HostConfig.LogConfig.Type == "" {
-			if err := daemon.mergeAndVerifyLogConfig(&c.HostConfig.LogConfig); err != nil {
-				logrus.Errorf("Failed to verify log config for container %s: %q", c.ID, err)
-				continue
+	for _, c := range containers {
+		group.Add(1)
+		go func(c *container.Container) {
+			defer group.Done()
+			_ = sem.Acquire(context.Background(), 1)
+			defer sem.Release(1)
+
+			log := logrus.WithField("container", c.ID)
+
+			if err := daemon.registerName(c); err != nil {
+				log.WithError(err).Errorf("failed to register container name: %s", c.Name)
+				mapLock.Lock()
+				delete(containers, c.ID)
+				mapLock.Unlock()
+				return
 			}
-		}
+			if err := daemon.Register(c); err != nil {
+				log.WithError(err).Error("failed to register container")
+				mapLock.Lock()
+				delete(containers, c.ID)
+				mapLock.Unlock()
+				return
+			}
+		}(c)
 	}
+	group.Wait()
 
-	var (
-		wg      sync.WaitGroup
-		mapLock sync.Mutex
-	)
 	for _, c := range containers {
-		wg.Add(1)
+		group.Add(1)
 		go func(c *container.Container) {
-			defer wg.Done()
+			defer group.Done()
+			_ = sem.Acquire(context.Background(), 1)
+			defer sem.Release(1)
+
+			log := logrus.WithField("container", c.ID)
+
 			daemon.backportMountSpec(c)
 			if err := daemon.checkpointAndSave(c); err != nil {
-				logrus.WithError(err).WithField("container", c.ID).Error("error saving backported mountspec to disk")
+				log.WithError(err).Error("error saving backported mountspec to disk")
 			}
 
 			daemon.setStateCounter(c)
 
-			logrus.WithFields(logrus.Fields{
-				"container": c.ID,
-				"running":   c.IsRunning(),
-				"paused":    c.IsPaused(),
-			}).Debug("restoring container")
+			logger := func(c *container.Container) *logrus.Entry {
+				return log.WithFields(logrus.Fields{
+					"running":    c.IsRunning(),
+					"paused":     c.IsPaused(),
+					"restarting": c.IsRestarting(),
+				})
+			}
+
+			logger(c).Debug("restoring container")
 
 			var (
 				err      error
 				alive    bool
 				ec       uint32
 				exitedAt time.Time
+				process  libcontainerdtypes.Process
 			)
 
-			alive, _, err = daemon.containerd.Restore(context.Background(), c.ID, c.InitializeStdio)
+			alive, _, process, err = daemon.containerd.Restore(context.Background(), c.ID, c.InitializeStdio)
 			if err != nil && !errdefs.IsNotFound(err) {
-				logrus.Errorf("Failed to restore container %s with containerd: %s", c.ID, err)
+				logger(c).WithError(err).Error("failed to restore container with containerd")
 				return
 			}
+			logger(c).Debugf("alive: %v", alive)
 			if !alive {
-				ec, exitedAt, err = daemon.containerd.DeleteTask(context.Background(), c.ID)
-				if err != nil && !errdefs.IsNotFound(err) {
-					logrus.WithError(err).Errorf("Failed to delete container %s from containerd", c.ID)
-					return
+				// If process is not nil, cleanup dead container from containerd.
+				// If process is nil then the above `containerd.Restore` returned an errdefs.NotFoundError,
+				// and docker's view of the container state will be updated accorrdingly via SetStopped further down.
+				if process != nil {
+					logger(c).Debug("cleaning up dead container process")
+					ec, exitedAt, err = process.Delete(context.Background())
+					if err != nil && !errdefs.IsNotFound(err) {
+						logger(c).WithError(err).Error("failed to delete container from containerd")
+						return
+					}
 				}
 			} else if !daemon.configStore.LiveRestoreEnabled {
-				if err := daemon.kill(c, c.StopSignal()); err != nil && !errdefs.IsNotFound(err) {
-					logrus.WithError(err).WithField("container", c.ID).Error("error shutting down container")
+				logger(c).Debug("shutting down container considered alive by containerd")
+				if err := daemon.shutdownContainer(c); err != nil && !errdefs.IsNotFound(err) {
+					log.WithError(err).Error("error shutting down container")
 					return
 				}
+				c.ResetRestartManager(false)
 			}
 
 			if c.IsRunning() || c.IsPaused() {
+				logger(c).Debug("syncing container on disk state with real state")
+
 				c.RestartManager().Cancel() // manually start containers because some need to wait for swarm networking
 
-				if c.IsPaused() && alive {
+				switch {
+				case c.IsPaused() && alive:
 					s, err := daemon.containerd.Status(context.Background(), c.ID)
 					if err != nil {
-						logrus.WithError(err).WithField("container", c.ID).
-							Errorf("Failed to get container status")
+						logger(c).WithError(err).Error("failed to get container status")
 					} else {
-						logrus.WithField("container", c.ID).WithField("state", s).
-							Info("restored container paused")
+						logger(c).WithField("state", s).Info("restored container paused")
 						switch s {
-						case libcontainerd.StatusPaused, libcontainerd.StatusPausing:
+						case containerd.Paused, containerd.Pausing:
 							// nothing to do
-						case libcontainerd.StatusStopped:
+						case containerd.Stopped:
 							alive = false
-						case libcontainerd.StatusUnknown:
-							logrus.WithField("container", c.ID).
-								Error("Unknown status for container during restore")
+						case containerd.Unknown:
+							log.Error("unknown status for paused container during restore")
 						default:
 							// running
 							c.Lock()
 							c.Paused = false
 							daemon.setStateCounter(c)
+							daemon.updateHealthMonitor(c)
 							if err := c.CheckpointTo(daemon.containersReplica); err != nil {
-								logrus.WithError(err).WithField("container", c.ID).
-									Error("Failed to update stopped container state")
+								log.WithError(err).Error("failed to update paused container state")
 							}
 							c.Unlock()
 						}
 					}
+				case !c.IsPaused() && alive:
+					logger(c).Debug("restoring healthcheck")
+					c.Lock()
+					daemon.updateHealthMonitor(c)
+					c.Unlock()
 				}
 
 				if !alive {
+					logger(c).Debug("setting stopped state")
 					c.Lock()
 					c.SetStopped(&container.ExitStatus{ExitCode: int(ec), ExitedAt: exitedAt})
 					daemon.Cleanup(c)
 					if err := c.CheckpointTo(daemon.containersReplica); err != nil {
-						logrus.Errorf("Failed to update stopped container %s state: %v", c.ID, err)
+						log.WithError(err).Error("failed to update stopped container state")
 					}
 					c.Unlock()
+					logger(c).Debug("set stopped state")
 				}
 
 				// we call Mount and then Unmount to get BaseFs of the container
@@ -358,10 +417,10 @@ func (daemon *Daemon) restore() error {
 					// stopped/restarted/removed.
 					// See #29365 for related information.
 					// The error is only logged here.
-					logrus.Warnf("Failed to mount container on getting BaseFs path %v: %v", c.ID, err)
+					logger(c).WithError(err).Warn("failed to mount container to get BaseFs path")
 				} else {
 					if err := daemon.Unmount(c); err != nil {
-						logrus.Warnf("Failed to umount container on getting BaseFs path %v: %v", c.ID, err)
+						logger(c).WithError(err).Warn("failed to umount container to get BaseFs path")
 					}
 				}
 
@@ -369,7 +428,7 @@ func (daemon *Daemon) restore() error {
 				if !c.HostConfig.NetworkMode.IsContainer() && c.IsRunning() {
 					options, err := daemon.buildSandboxOptions(c)
 					if err != nil {
-						logrus.Warnf("Failed build sandbox option to restore container %s: %v", c.ID, err)
+						logger(c).WithError(err).Warn("failed to build sandbox option to restore container")
 					}
 					mapLock.Lock()
 					activeSandboxes[c.NetworkSettings.SandboxID] = options
@@ -405,17 +464,20 @@ func (daemon *Daemon) restore() error {
 				// associated volumes, network links or both to also
 				// be removed. So we put the container in the "dead"
 				// state and leave further processing up to them.
-				logrus.Debugf("Resetting RemovalInProgress flag from %v", c.ID)
 				c.RemovalInProgress = false
 				c.Dead = true
 				if err := c.CheckpointTo(daemon.containersReplica); err != nil {
-					logrus.Errorf("Failed to update RemovalInProgress container %s state: %v", c.ID, err)
+					log.WithError(err).Error("failed to update RemovalInProgress container state")
+				} else {
+					log.Debugf("reset RemovalInProgress state for container")
 				}
 			}
 			c.Unlock()
+			logger(c).Debug("done restoring container")
 		}(c)
 	}
-	wg.Wait()
+	group.Wait()
+
 	daemon.netController, err = daemon.initNetworkController(daemon.configStore, activeSandboxes)
 	if err != nil {
 		return fmt.Errorf("Error initializing network controller: %v", err)
@@ -423,29 +485,40 @@ func (daemon *Daemon) restore() error {
 
 	// Now that all the containers are registered, register the links
 	for _, c := range containers {
-		if err := daemon.registerLinks(c, c.HostConfig); err != nil {
-			logrus.Errorf("failed to register link for container %s: %v", c.ID, err)
-		}
+		group.Add(1)
+		go func(c *container.Container) {
+			_ = sem.Acquire(context.Background(), 1)
+
+			if err := daemon.registerLinks(c, c.HostConfig); err != nil {
+				logrus.WithField("container", c.ID).WithError(err).Error("failed to register link for container")
+			}
+
+			sem.Release(1)
+			group.Done()
+		}(c)
 	}
+	group.Wait()
 
-	group := sync.WaitGroup{}
 	for c, notifier := range restartContainers {
 		group.Add(1)
-
 		go func(c *container.Container, chNotify chan struct{}) {
-			defer group.Done()
+			_ = sem.Acquire(context.Background(), 1)
+
+			log := logrus.WithField("container", c.ID)
 
-			logrus.Debugf("Starting container %s", c.ID)
+			log.Debug("starting container")
 
 			// ignore errors here as this is a best effort to wait for children to be
 			//   running before we try to start the container
 			children := daemon.children(c)
-			timeout := time.After(5 * time.Second)
+			timeout := time.NewTimer(5 * time.Second)
+			defer timeout.Stop()
+
 			for _, child := range children {
 				if notifier, exists := restartContainers[child]; exists {
 					select {
 					case <-notifier:
-					case <-timeout:
+					case <-timeout.C:
 					}
 				}
 			}
@@ -453,25 +526,30 @@ func (daemon *Daemon) restore() error {
 			// Make sure networks are available before starting
 			daemon.waitForNetworks(c)
 			if err := daemon.containerStart(c, "", "", true); err != nil {
-				logrus.Errorf("Failed to start container %s: %s", c.ID, err)
+				log.WithError(err).Error("failed to start container")
 			}
 			close(chNotify)
-		}(c, notifier)
 
+			sem.Release(1)
+			group.Done()
+		}(c, notifier)
 	}
 	group.Wait()
 
-	removeGroup := sync.WaitGroup{}
 	for id := range removeContainers {
-		removeGroup.Add(1)
+		group.Add(1)
 		go func(cid string) {
+			_ = sem.Acquire(context.Background(), 1)
+
 			if err := daemon.ContainerRm(cid, &types.ContainerRmConfig{ForceRemove: true, RemoveVolume: true}); err != nil {
-				logrus.Errorf("Failed to remove container %s: %s", cid, err)
+				logrus.WithField("container", cid).WithError(err).Error("failed to remove container")
 			}
-			removeGroup.Done()
+
+			sem.Release(1)
+			group.Done()
 		}(id)
 	}
-	removeGroup.Wait()
+	group.Wait()
 
 	// any containers that were started above would already have had this done,
 	// however we need to now prepare the mountpoints for the rest of the containers as well.
@@ -492,13 +570,16 @@ func (daemon *Daemon) restore() error {
 
 		group.Add(1)
 		go func(c *container.Container) {
-			defer group.Done()
+			_ = sem.Acquire(context.Background(), 1)
+
 			if err := daemon.prepareMountPoints(c); err != nil {
-				logrus.Error(err)
+				logrus.WithField("container", c.ID).WithError(err).Error("failed to prepare mountpoints for container")
 			}
+
+			sem.Release(1)
+			group.Done()
 		}(c)
 	}
-
 	group.Wait()
 
 	logrus.Info("Loading containers: done.")
@@ -509,7 +590,18 @@ func (daemon *Daemon) restore() error {
 // RestartSwarmContainers restarts any autostart container which has a
 // swarm endpoint.
 func (daemon *Daemon) RestartSwarmContainers() {
-	group := sync.WaitGroup{}
+	ctx := context.Background()
+
+	// parallelLimit is the maximum number of parallel startup jobs that we
+	// allow (this is the limited used for all startup semaphores). The multipler
+	// (128) was chosen after some fairly significant benchmarking -- don't change
+	// it unless you've tested it significantly (this value is adjusted if
+	// RLIMIT_NOFILE is small to avoid EMFILE).
+	parallelLimit := adjustParallelLimit(len(daemon.List()), 128*runtime.NumCPU())
+
+	var group sync.WaitGroup
+	sem := semaphore.NewWeighted(int64(parallelLimit))
+
 	for _, c := range daemon.List() {
 		if !c.IsRunning() && !c.IsPaused() {
 			// Autostart all the containers which has a
@@ -518,14 +610,21 @@ func (daemon *Daemon) RestartSwarmContainers() {
 			if daemon.configStore.AutoRestart && c.ShouldRestart() && c.NetworkSettings.HasSwarmEndpoint && c.HasBeenStartedBefore {
 				group.Add(1)
 				go func(c *container.Container) {
-					defer group.Done()
+					if err := sem.Acquire(ctx, 1); err != nil {
+						// ctx is done.
+						group.Done()
+						return
+					}
+
 					if err := daemon.containerStart(c, "", "", true); err != nil {
-						logrus.Error(err)
+						logrus.WithField("container", c.ID).WithError(err).Error("failed to start swarm container")
 					}
+
+					sem.Release(1)
+					group.Done()
 				}(c)
 			}
 		}
-
 	}
 	group.Wait()
 }
@@ -537,6 +636,7 @@ func (daemon *Daemon) waitForNetworks(c *container.Container) {
 	if daemon.discoveryWatcher == nil {
 		return
 	}
+
 	// Make sure if the container has a network that requires discovery that the discovery service is available before starting
 	for netName := range c.NetworkSettings.Networks {
 		// If we get `ErrNoSuchNetwork` here, we can assume that it is due to discovery not being ready
@@ -545,13 +645,19 @@ func (daemon *Daemon) waitForNetworks(c *container.Container) {
 			if _, ok := err.(libnetwork.ErrNoSuchNetwork); !ok {
 				continue
 			}
+
 			// use a longish timeout here due to some slowdowns in libnetwork if the k/v store is on anything other than --net=host
 			// FIXME: why is this slow???
-			logrus.Debugf("Container %s waiting for network to be ready", c.Name)
+			dur := 60 * time.Second
+			timer := time.NewTimer(dur)
+
+			logrus.WithField("container", c.ID).Debugf("Container %s waiting for network to be ready", c.Name)
 			select {
 			case <-daemon.discoveryWatcher.ReadyCh():
-			case <-time.After(60 * time.Second):
+			case <-timer.C:
 			}
+			timer.Stop()
+
 			return
 		}
 	}
@@ -601,10 +707,14 @@ func (daemon *Daemon) DaemonLeavesCluster() {
 	// This is called also on graceful daemon shutdown. We need to
 	// wait, because the ingress release has to happen before the
 	// network controller is stopped.
+
 	if done, err := daemon.ReleaseIngress(); err == nil {
+		timeout := time.NewTimer(5 * time.Second)
+		defer timeout.Stop()
+
 		select {
 		case <-done:
-		case <-time.After(5 * time.Second):
+		case <-timeout.C:
 			logrus.Warn("timeout while waiting for ingress network removal")
 		}
 	} else {
@@ -641,7 +751,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 	}
 
 	// Ensure that we have a correct root key limit for launching containers.
-	if err := ModifyRootKeyLimit(); err != nil {
+	if err := modifyRootKeyLimit(); err != nil {
 		logrus.Warnf("unable to modify root key limit, number of containers could be limited by this quota: %v", err)
 	}
 
@@ -676,17 +786,17 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 	}
 
 	// set up the tmpDir to use a canonical path
-	tmp, err := prepareTempDir(config.Root, rootIDs)
+	tmp, err := prepareTempDir(config.Root)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err)
 	}
-	realTmp, err := getRealPath(tmp)
+	realTmp, err := fileutils.ReadSymlinkedDirectory(tmp)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
 	}
-	if runtime.GOOS == "windows" {
+	if isWindows {
 		if _, err := os.Stat(realTmp); err != nil && os.IsNotExist(err) {
-			if err := system.MkdirAll(realTmp, 0700, ""); err != nil {
+			if err := system.MkdirAll(realTmp, 0700); err != nil {
 				return nil, fmt.Errorf("Unable to create the TempDir (%s): %s", realTmp, err)
 			}
 		}
@@ -701,6 +811,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		PluginStore: pluginStore,
 		startupDone: make(chan struct{}),
 	}
+
 	// Ensure the daemon is properly shutdown if there is a failure during
 	// initialization
 	defer func() {
@@ -735,52 +846,48 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		logrus.Warnf("Failed to configure golang's threads limit: %v", err)
 	}
 
+	// ensureDefaultAppArmorProfile does nothing if apparmor is disabled
 	if err := ensureDefaultAppArmorProfile(); err != nil {
 		logrus.Errorf(err.Error())
 	}
 
 	daemonRepo := filepath.Join(config.Root, "containers")
-	if err := idtools.MkdirAllAndChown(daemonRepo, 0700, rootIDs); err != nil {
+	if err := idtools.MkdirAllAndChown(daemonRepo, 0710, idtools.Identity{
+		UID: idtools.CurrentIdentity().UID,
+		GID: rootIDs.GID,
+	}); err != nil {
 		return nil, err
 	}
 
 	// Create the directory where we'll store the runtime scripts (i.e. in
 	// order to support runtimeArgs)
 	daemonRuntimes := filepath.Join(config.Root, "runtimes")
-	if err := system.MkdirAll(daemonRuntimes, 0700, ""); err != nil {
+	if err := system.MkdirAll(daemonRuntimes, 0700); err != nil {
 		return nil, err
 	}
 	if err := d.loadRuntimes(); err != nil {
 		return nil, err
 	}
 
-	if runtime.GOOS == "windows" {
-		if err := system.MkdirAll(filepath.Join(config.Root, "credentialspecs"), 0, ""); err != nil {
+	if isWindows {
+		if err := system.MkdirAll(filepath.Join(config.Root, "credentialspecs"), 0); err != nil {
 			return nil, err
 		}
 	}
 
-	// On Windows we don't support the environment variable, or a user supplied graphdriver
-	// as Windows has no choice in terms of which graphdrivers to use. It's a case of
-	// running Windows containers on Windows - windowsfilter, running Linux containers on Windows,
-	// lcow. Unix platforms however run a single graphdriver for all containers, and it can
-	// be set through an environment variable, a daemon start parameter, or chosen through
-	// initialization of the layerstore through driver priority order for example.
-	d.graphDrivers = make(map[string]string)
-	layerStores := make(map[string]layer.Store)
-	if runtime.GOOS == "windows" {
-		d.graphDrivers[runtime.GOOS] = "windowsfilter"
-		if system.LCOWSupported() {
-			d.graphDrivers["linux"] = "lcow"
-		}
+	if isWindows {
+		// On Windows we don't support the environment variable, or a user supplied graphdriver
+		d.graphDriver = "windowsfilter"
 	} else {
-		driverName := os.Getenv("DOCKER_DRIVER")
-		if driverName == "" {
-			driverName = config.GraphDriver
+		// Unix platforms however run a single graphdriver for all containers, and it can
+		// be set through an environment variable, a daemon start parameter, or chosen through
+		// initialization of the layerstore through driver priority order for example.
+		if drv := os.Getenv("DOCKER_DRIVER"); drv != "" {
+			d.graphDriver = drv
+			logrus.Infof("Setting the storage driver from the $DOCKER_DRIVER environment variable (%s)", drv)
 		} else {
-			logrus.Infof("Setting the storage driver from the $DOCKER_DRIVER environment variable (%s)", driverName)
+			d.graphDriver = config.GraphDriver // May still be empty. Layerstore init determines instead.
 		}
-		d.graphDrivers[runtime.GOOS] = driverName // May still be empty. Layerstore init determines instead.
 	}
 
 	d.RegistryService = registryService
@@ -792,17 +899,41 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 	}
 	registerMetricsPluginCallback(d.PluginStore, metricsSockPath)
 
+	backoffConfig := backoff.DefaultConfig
+	backoffConfig.MaxDelay = 3 * time.Second
+	connParams := grpc.ConnectParams{
+		Backoff: backoffConfig,
+	}
 	gopts := []grpc.DialOption{
+		// WithBlock makes sure that the following containerd request
+		// is reliable.
+		//
+		// NOTE: In one edge case with high load pressure, kernel kills
+		// dockerd, containerd and containerd-shims caused by OOM.
+		// When both dockerd and containerd restart, but containerd
+		// will take time to recover all the existing containers. Before
+		// containerd serving, dockerd will failed with gRPC error.
+		// That bad thing is that restore action will still ignore the
+		// any non-NotFound errors and returns running state for
+		// already stopped container. It is unexpected behavior. And
+		// we need to restart dockerd to make sure that anything is OK.
+		//
+		// It is painful. Add WithBlock can prevent the edge case. And
+		// n common case, the containerd will be serving in shortly.
+		// It is not harm to add WithBlock for containerd connection.
+		grpc.WithBlock(),
+
 		grpc.WithInsecure(),
-		grpc.WithBackoffMaxDelay(3 * time.Second),
-		grpc.WithDialer(dialer.Dialer),
+		grpc.WithConnectParams(connParams),
+		grpc.WithContextDialer(dialer.ContextDialer),
 
 		// TODO(stevvooe): We may need to allow configuration of this on the client.
 		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(defaults.DefaultMaxRecvMsgSize)),
 		grpc.WithDefaultCallOptions(grpc.MaxCallSendMsgSize(defaults.DefaultMaxSendMsgSize)),
 	}
+
 	if config.ContainerdAddr != "" {
-		d.containerdCli, err = containerd.New(config.ContainerdAddr, containerd.WithDefaultNamespace(ContainersNamespace), containerd.WithDialOpts(gopts), containerd.WithTimeout(60*time.Second))
+		d.containerdCli, err = containerd.New(config.ContainerdAddr, containerd.WithDefaultNamespace(config.ContainerdNamespace), containerd.WithDialOpts(gopts), containerd.WithTimeout(60*time.Second))
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to dial %q", config.ContainerdAddr)
 		}
@@ -811,16 +942,22 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 	createPluginExec := func(m *plugin.Manager) (plugin.Executor, error) {
 		var pluginCli *containerd.Client
 
-		// Windows is not currently using containerd, keep the
-		// client as nil
 		if config.ContainerdAddr != "" {
-			pluginCli, err = containerd.New(config.ContainerdAddr, containerd.WithDefaultNamespace(pluginexec.PluginNamespace), containerd.WithDialOpts(gopts), containerd.WithTimeout(60*time.Second))
+			pluginCli, err = containerd.New(config.ContainerdAddr, containerd.WithDefaultNamespace(config.ContainerdPluginNamespace), containerd.WithDialOpts(gopts), containerd.WithTimeout(60*time.Second))
 			if err != nil {
 				return nil, errors.Wrapf(err, "failed to dial %q", config.ContainerdAddr)
 			}
 		}
 
-		return pluginexec.New(ctx, getPluginExecRoot(config.Root), pluginCli, m)
+		var rt types.Runtime
+		if runtime.GOOS != "windows" {
+			rtPtr, err := d.getRuntime(config.GetDefaultRuntimeName())
+			if err != nil {
+				return nil, err
+			}
+			rt = *rtPtr
+		}
+		return pluginexec.New(ctx, getPluginExecRoot(config.Root), pluginCli, config.ContainerdPluginNamespace, m, rt)
 	}
 
 	// Plugin system initialization should happen before restore. Do not change order.
@@ -842,44 +979,36 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		return nil, err
 	}
 
-	for operatingSystem, gd := range d.graphDrivers {
-		layerStores[operatingSystem], err = layer.NewStoreFromOptions(layer.StoreOptions{
-			Root:                      config.Root,
-			MetadataStorePathTemplate: filepath.Join(config.Root, "image", "%s", "layerdb"),
-			GraphDriver:               gd,
-			GraphDriverOptions:        config.GraphOptions,
-			IDMapping:                 idMapping,
-			PluginGetter:              d.PluginStore,
-			ExperimentalEnabled:       config.Experimental,
-			OS:                        operatingSystem,
-		})
-		if err != nil {
-			return nil, err
-		}
+	layerStore, err := layer.NewStoreFromOptions(layer.StoreOptions{
+		Root:                      config.Root,
+		MetadataStorePathTemplate: filepath.Join(config.Root, "image", "%s", "layerdb"),
+		GraphDriver:               d.graphDriver,
+		GraphDriverOptions:        config.GraphOptions,
+		IDMapping:                 idMapping,
+		PluginGetter:              d.PluginStore,
+		ExperimentalEnabled:       config.Experimental,
+		OS:                        runtime.GOOS,
+	})
+	if err != nil {
+		return nil, err
 	}
 
 	// As layerstore initialization may set the driver
-	for os := range d.graphDrivers {
-		d.graphDrivers[os] = layerStores[os].DriverName()
-	}
+	d.graphDriver = layerStore.DriverName()
 
 	// Configure and validate the kernels security support. Note this is a Linux/FreeBSD
 	// operation only, so it is safe to pass *just* the runtime OS graphdriver.
-	if err := configureKernelSecuritySupport(config, d.graphDrivers[runtime.GOOS]); err != nil {
+	if err := configureKernelSecuritySupport(config, d.graphDriver); err != nil {
 		return nil, err
 	}
 
-	imageRoot := filepath.Join(config.Root, "image", d.graphDrivers[runtime.GOOS])
+	imageRoot := filepath.Join(config.Root, "image", d.graphDriver)
 	ifs, err := image.NewFSStoreBackend(filepath.Join(imageRoot, "imagedb"))
 	if err != nil {
 		return nil, err
 	}
 
-	lgrMap := make(map[string]image.LayerGetReleaser)
-	for os, ls := range layerStores {
-		lgrMap[os] = ls
-	}
-	imageStore, err := image.NewImageStore(ifs, lgrMap)
+	imageStore, err := image.NewImageStore(ifs, layerStore)
 	if err != nil {
 		return nil, err
 	}
@@ -896,7 +1025,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 
 	trustDir := filepath.Join(config.Root, "trust")
 
-	if err := system.MkdirAll(trustDir, 0700, ""); err != nil {
+	if err := system.MkdirAll(trustDir, 0700); err != nil {
 		return nil, err
 	}
 
@@ -921,25 +1050,19 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		return nil, err
 	}
 
-	// No content-addressability migration on Windows as it never supported pre-CA
-	if runtime.GOOS != "windows" {
-		migrationStart := time.Now()
-		if err := v1.Migrate(config.Root, d.graphDrivers[runtime.GOOS], layerStores[runtime.GOOS], imageStore, rs, distributionMetadataStore); err != nil {
-			logrus.Errorf("Graph migration failed: %q. Your old graph data was found to be too inconsistent for upgrading to content-addressable storage. Some of the old data was probably not upgraded. We recommend starting over with a clean storage directory if possible.", err)
-		}
-		logrus.Infof("Graph migration to content-addressability took %.2f seconds", time.Since(migrationStart).Seconds())
-	}
-
 	// Discovery is only enabled when the daemon is launched with an address to advertise.  When
 	// initialized, the daemon is registered and we can store the discovery backend as it's read-only
 	if err := d.initDiscovery(config); err != nil {
 		return nil, err
 	}
 
-	sysInfo := sysinfo.New(false)
+	sysInfo := d.RawSysInfo()
+	for _, w := range sysInfo.Warnings {
+		logrus.Warn(w)
+	}
 	// Check if Devices cgroup is mounted, it is hard requirement for container security,
 	// on Linux.
-	if runtime.GOOS == "linux" && !sysInfo.CgroupDevicesEnabled {
+	if runtime.GOOS == "linux" && !sysInfo.CgroupDevicesEnabled && !userns.RunningInUserNS() {
 		return nil, errors.New("Devices cgroup isn't mounted")
 	}
 
@@ -961,26 +1084,44 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 
 	d.linkIndex = newLinkIndex()
 
-	// TODO: imageStore, distributionMetadataStore, and ReferenceStore are only
-	// used above to run migration. They could be initialized in ImageService
-	// if migration is called from daemon/images. layerStore might move as well.
-	d.imageService = images.NewImageService(images.ImageServiceConfig{
+	imgSvcConfig := images.ImageServiceConfig{
 		ContainerStore:            d.containers,
 		DistributionMetadataStore: distributionMetadataStore,
 		EventsService:             d.EventsService,
 		ImageStore:                imageStore,
-		LayerStores:               layerStores,
+		LayerStore:                layerStore,
 		MaxConcurrentDownloads:    *config.MaxConcurrentDownloads,
 		MaxConcurrentUploads:      *config.MaxConcurrentUploads,
+		MaxDownloadAttempts:       *config.MaxDownloadAttempts,
 		ReferenceStore:            rs,
 		RegistryService:           registryService,
 		TrustKey:                  trustKey,
-	})
+		ContentNamespace:          config.ContainerdNamespace,
+	}
+
+	// containerd is not currently supported with Windows.
+	// So sometimes d.containerdCli will be nil
+	// In that case we'll create a local content store... but otherwise we'll use containerd
+	if d.containerdCli != nil {
+		imgSvcConfig.Leases = d.containerdCli.LeasesService()
+		imgSvcConfig.ContentStore = d.containerdCli.ContentStore()
+	} else {
+		cs, lm, err := d.configureLocalContentStore()
+		if err != nil {
+			return nil, err
+		}
+		imgSvcConfig.ContentStore = cs
+		imgSvcConfig.Leases = lm
+	}
+
+	// TODO: imageStore, distributionMetadataStore, and ReferenceStore are only
+	// used above to run migration. They could be initialized in ImageService
+	// if migration is called from daemon/images. layerStore might move as well.
+	d.imageService = images.NewImageService(imgSvcConfig)
 
 	go d.execCommandGC()
 
-	d.containerd, err = libcontainerd.NewClient(ctx, d.containerdCli, filepath.Join(config.ExecRoot, "containerd"), ContainersNamespace, d)
-	if err != nil {
+	if err := d.initLibcontainerd(ctx); err != nil {
 		return nil, err
 	}
 
@@ -989,8 +1130,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 	}
 	close(d.startupDone)
 
-	// FIXME: this method never returns an error
-	info, _ := d.SystemInfo()
+	info := d.SystemInfo()
 
 	engineInfo.WithValues(
 		dockerversion.Version,
@@ -1000,25 +1140,16 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		info.KernelVersion,
 		info.OperatingSystem,
 		info.OSType,
+		info.OSVersion,
 		info.ID,
 	).Set(1)
 	engineCpus.Set(float64(info.NCPU))
 	engineMemory.Set(float64(info.MemTotal))
 
-	gd := ""
-	for os, driver := range d.graphDrivers {
-		if len(gd) > 0 {
-			gd += ", "
-		}
-		gd += driver
-		if len(d.graphDrivers) > 1 {
-			gd = fmt.Sprintf("%s (%s)", gd, os)
-		}
-	}
 	logrus.WithFields(logrus.Fields{
-		"version":        dockerversion.Version,
-		"commit":         dockerversion.GitCommit,
-		"graphdriver(s)": gd,
+		"version":     dockerversion.Version,
+		"commit":      dockerversion.GitCommit,
+		"graphdriver": d.graphDriver,
 	}).Info("Docker daemon")
 
 	return d, nil
@@ -1098,15 +1229,16 @@ func (daemon *Daemon) Shutdown() error {
 			if !c.IsRunning() {
 				return
 			}
-			logrus.Debugf("stopping %s", c.ID)
+			log := logrus.WithField("container", c.ID)
+			log.Debug("shutting down container")
 			if err := daemon.shutdownContainer(c); err != nil {
-				logrus.Errorf("Stop container error: %v", err)
+				log.WithError(err).Error("failed to shut down container")
 				return
 			}
-			if mountid, err := daemon.imageService.GetLayerMountID(c.ID, c.OS); err == nil {
+			if mountid, err := daemon.imageService.GetLayerMountID(c.ID); err == nil {
 				daemon.cleanupMountsByID(mountid)
 			}
-			logrus.Debugf("container stopped %s", c.ID)
+			log.Debugf("shut down container")
 		})
 	}
 
@@ -1140,6 +1272,10 @@ func (daemon *Daemon) Shutdown() error {
 		daemon.containerdCli.Close()
 	}
 
+	if daemon.mdDB != nil {
+		daemon.mdDB.Close()
+	}
+
 	return daemon.cleanupMounts()
 }
 
@@ -1153,7 +1289,7 @@ func (daemon *Daemon) Mount(container *container.Container) error {
 	if err != nil {
 		return err
 	}
-	logrus.Debugf("container mounted via layerStore: %v", dir)
+	logrus.WithField("container", container.ID).Debugf("container mounted via layerStore: %v", dir)
 
 	if container.BaseFS != nil && container.BaseFS.Path() != dir.Path() {
 		// The mount path reported by the graph driver should always be trusted on Windows, since the
@@ -1162,7 +1298,7 @@ func (daemon *Daemon) Mount(container *container.Container) error {
 		if runtime.GOOS != "windows" {
 			daemon.Unmount(container)
 			return fmt.Errorf("Error: driver %s is returning inconsistent paths for container %s ('%s' then '%s')",
-				daemon.imageService.GraphDriverForOS(container.OS), container.ID, container.BaseFS, dir)
+				daemon.imageService.GraphDriverName(), container.ID, container.BaseFS, dir)
 		}
 	}
 	container.BaseFS = dir // TODO: combine these fields
@@ -1175,7 +1311,7 @@ func (daemon *Daemon) Unmount(container *container.Container) error {
 		return errors.New("RWLayer of container " + container.ID + " is unexpectedly nil")
 	}
 	if err := container.RWLayer.Unmount(); err != nil {
-		logrus.Errorf("Error unmounting container %s: %s", container.ID, err)
+		logrus.WithField("container", container.ID).WithError(err).Error("error unmounting container")
 		return err
 	}
 
@@ -1209,7 +1345,7 @@ func (daemon *Daemon) Subnets() ([]net.IPNet, []net.IPNet) {
 // prepareTempDir prepares and returns the default directory to use
 // for temporary files.
 // If it doesn't exist, it is created. If it exists, its content is removed.
-func prepareTempDir(rootDir string, rootIdentity idtools.Identity) (string, error) {
+func prepareTempDir(rootDir string) (string, error) {
 	var tmpDir string
 	if tmpDir = os.Getenv("DOCKER_TMPDIR"); tmpDir == "" {
 		tmpDir = filepath.Join(rootDir, "tmp")
@@ -1227,9 +1363,7 @@ func prepareTempDir(rootDir string, rootIdentity idtools.Identity) (string, erro
 			}
 		}
 	}
-	// We don't remove the content of tmpdir if it's not the default,
-	// it may hold things that do not belong to us.
-	return tmpDir, idtools.MkdirAllAndChown(tmpDir, 0700, rootIdentity)
+	return tmpDir, idtools.MkdirAllAndChown(tmpDir, 0700, idtools.CurrentIdentity())
 }
 
 func (daemon *Daemon) setGenericResources(conf *config.Config) error {
@@ -1316,7 +1450,7 @@ func (daemon *Daemon) networkOptions(dconfig *config.Config, pg plugingetter.Plu
 	}
 
 	options = append(options, nwconfig.OptionLabels(dconfig.Labels))
-	options = append(options, driverOptions(dconfig)...)
+	options = append(options, driverOptions(dconfig))
 
 	if len(dconfig.NetworkConfig.DefaultAddressPools.Value()) > 0 {
 		options = append(options, nwconfig.OptionDefaultAddressPoolConfig(dconfig.NetworkConfig.DefaultAddressPools.Value()))
@@ -1371,7 +1505,7 @@ func CreateDaemonRoot(config *config.Config) error {
 	if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
 		realRoot = config.Root
 	} else {
-		realRoot, err = getRealPath(config.Root)
+		realRoot, err = fileutils.ReadSymlinkedDirectory(config.Root)
 		if err != nil {
 			return fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err)
 		}
diff --git a/daemon/daemon_linux.go b/daemon/daemon_linux.go
index 6a5790b4fc94e..120387c1435e8 100644
--- a/daemon/daemon_linux.go
+++ b/daemon/daemon_linux.go
@@ -9,18 +9,13 @@ import (
 	"strings"
 
 	"github.com/docker/docker/daemon/config"
-	"github.com/docker/docker/internal/procfs"
-	"github.com/docker/docker/pkg/fileutils"
-	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/libnetwork/resolvconf"
+	"github.com/moby/sys/mount"
+	"github.com/moby/sys/mountinfo"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
-const (
-	defaultResolvConf   = "/etc/resolv.conf"
-	alternateResolvConf = "/run/systemd/resolve/resolv.conf"
-)
-
 // On Linux, plugins use a static path for storing execution state,
 // instead of deriving path from daemon's exec-root. This is because
 // plugin socket files are created here and they cannot exceed max
@@ -44,18 +39,18 @@ func (daemon *Daemon) cleanupMountsFromReaderByID(reader io.Reader, id string, u
 	if daemon.root == "" {
 		return nil
 	}
-	var errors []string
+	var errs []string
 
 	regexps := getCleanPatterns(id)
 	sc := bufio.NewScanner(reader)
 	for sc.Scan() {
-		if fields := strings.Fields(sc.Text()); len(fields) >= 4 {
+		if fields := strings.Fields(sc.Text()); len(fields) > 4 {
 			if mnt := fields[4]; strings.HasPrefix(mnt, daemon.root) {
 				for _, p := range regexps {
 					if p.MatchString(mnt) {
 						if err := unmount(mnt); err != nil {
 							logrus.Error(err)
-							errors = append(errors, err.Error())
+							errs = append(errs, err.Error())
 						}
 					}
 				}
@@ -67,8 +62,8 @@ func (daemon *Daemon) cleanupMountsFromReaderByID(reader io.Reader, id string, u
 		return err
 	}
 
-	if len(errors) > 0 {
-		return fmt.Errorf("Error cleaning up mounts:\n%v", strings.Join(errors, "\n"))
+	if len(errs) > 0 {
+		return fmt.Errorf("Error cleaning up mounts:\n%v", strings.Join(errs, "\n"))
 	}
 
 	logrus.Debugf("Cleaning up old mountid %v: done.", id)
@@ -81,7 +76,7 @@ func (daemon *Daemon) cleanupMounts() error {
 		return err
 	}
 
-	info, err := mount.GetMounts(mount.SingleEntryFilter(daemon.root))
+	info, err := mountinfo.GetMounts(mountinfo.SingleEntryFilter(daemon.root))
 	if err != nil {
 		return errors.Wrap(err, "error reading mount table for cleanup")
 	}
@@ -128,15 +123,11 @@ func getCleanPatterns(id string) (regexps []*regexp.Regexp) {
 	return
 }
 
-func getRealPath(path string) (string, error) {
-	return fileutils.ReadSymlinkedDirectory(path)
-}
-
-func shouldUnmountRoot(root string, info *mount.Info) bool {
+func shouldUnmountRoot(root string, info *mountinfo.Info) bool {
 	if !strings.HasSuffix(root, info.Root) {
 		return false
 	}
-	return hasMountinfoOption(info.Optional, sharedPropagationOption)
+	return hasMountInfoOption(info.Optional, sharedPropagationOption)
 }
 
 // setupResolvConf sets the appropriate resolv.conf file if not specified
@@ -148,20 +139,5 @@ func setupResolvConf(config *config.Config) {
 	if config.ResolvConf != "" {
 		return
 	}
-
-	config.ResolvConf = defaultResolvConf
-	pids, err := procfs.PidOf("systemd-resolved")
-	if err != nil {
-		logrus.Errorf("unable to check systemd-resolved status: %s", err)
-		return
-	}
-	if len(pids) > 0 && pids[0] > 0 {
-		_, err := os.Stat(alternateResolvConf)
-		if err == nil {
-			logrus.Infof("systemd-resolved is running, so using resolvconf: %s", alternateResolvConf)
-			config.ResolvConf = alternateResolvConf
-			return
-		}
-		logrus.Infof("systemd-resolved is running, but %s is not present, fallback to %s", alternateResolvConf, defaultResolvConf)
-	}
+	config.ResolvConf = resolvconf.Path()
 }
diff --git a/daemon/daemon_linux_test.go b/daemon/daemon_linux_test.go
index 66d6aa20d8fb0..41b725ad85f68 100644
--- a/daemon/daemon_linux_test.go
+++ b/daemon/daemon_linux_test.go
@@ -1,22 +1,20 @@
+//go:build linux
 // +build linux
 
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 
 	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/config"
-	"github.com/docker/docker/oci"
-	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/moby/sys/mount"
+	"github.com/moby/sys/mountinfo"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 const mountsFixture = `142 78 0:38 / / rw,relatime - aufs none rw,si=573b861da0b3a05b,dio
@@ -115,58 +113,10 @@ func TestNotCleanupMounts(t *testing.T) {
 	}
 }
 
-// TestTmpfsDevShmSizeOverride checks that user-specified /dev/tmpfs mount
-// size is not overridden by the default shmsize (that should only be used
-// for default /dev/shm (as in "shareable" and "private" ipc modes).
-// https://github.com/moby/moby/issues/35271
-func TestTmpfsDevShmSizeOverride(t *testing.T) {
-	size := "777m"
-	mnt := "/dev/shm"
-
-	d := Daemon{
-		idMapping: &idtools.IdentityMapping{},
-	}
-	c := &container.Container{
-		HostConfig: &containertypes.HostConfig{
-			ShmSize: 48 * 1024, // size we should NOT end up with
-		},
-	}
-	ms := []container.Mount{
-		{
-			Source:      "tmpfs",
-			Destination: mnt,
-			Data:        "size=" + size,
-		},
-	}
-
-	// convert ms to spec
-	spec := oci.DefaultSpec()
-	err := setMounts(&d, &spec, c, ms)
-	assert.Check(t, err)
-
-	// Check the resulting spec for the correct size
-	found := false
-	for _, m := range spec.Mounts {
-		if m.Destination == mnt {
-			for _, o := range m.Options {
-				if !strings.HasPrefix(o, "size=") {
-					continue
-				}
-				t.Logf("%+v\n", m.Options)
-				assert.Check(t, is.Equal("size="+size, o))
-				found = true
-			}
-		}
-	}
-	if !found {
-		t.Fatal("/dev/shm not found in spec, or size option missing")
-	}
-}
-
 func TestValidateContainerIsolationLinux(t *testing.T) {
 	d := Daemon{}
 
-	_, err := d.verifyContainerSettings("linux", &containertypes.HostConfig{Isolation: containertypes.IsolationHyperV}, nil, false)
+	_, err := d.verifyContainerSettings(&containertypes.HostConfig{Isolation: containertypes.IsolationHyperV}, nil, false)
 	assert.Check(t, is.Error(err, "invalid isolation 'hyperv' on linux"))
 }
 
@@ -174,25 +124,25 @@ func TestShouldUnmountRoot(t *testing.T) {
 	for _, test := range []struct {
 		desc   string
 		root   string
-		info   *mount.Info
+		info   *mountinfo.Info
 		expect bool
 	}{
 		{
 			desc:   "root is at /",
 			root:   "/docker",
-			info:   &mount.Info{Root: "/docker", Mountpoint: "/docker"},
+			info:   &mountinfo.Info{Root: "/docker", Mountpoint: "/docker"},
 			expect: true,
 		},
 		{
 			desc:   "root is at in a submount from `/`",
 			root:   "/foo/docker",
-			info:   &mount.Info{Root: "/docker", Mountpoint: "/foo/docker"},
+			info:   &mountinfo.Info{Root: "/docker", Mountpoint: "/foo/docker"},
 			expect: true,
 		},
 		{
 			desc:   "root is mounted in from a parent mount namespace same root dir", // dind is an example of this
 			root:   "/docker",
-			info:   &mount.Info{Root: "/docker/volumes/1234657/_data", Mountpoint: "/docker"},
+			info:   &mountinfo.Info{Root: "/docker/volumes/1234657/_data", Mountpoint: "/docker"},
 			expect: false,
 		},
 	} {
@@ -223,7 +173,7 @@ func TestShouldUnmountRoot(t *testing.T) {
 
 func checkMounted(t *testing.T, p string, expect bool) {
 	t.Helper()
-	mounted, err := mount.Mounted(p)
+	mounted, err := mountinfo.Mounted(p)
 	assert.Check(t, err)
 	assert.Check(t, mounted == expect, "expected %v, actual %v", expect, mounted)
 }
@@ -235,31 +185,31 @@ func TestRootMountCleanup(t *testing.T) {
 
 	t.Parallel()
 
-	testRoot, err := ioutil.TempDir("", t.Name())
-	assert.Assert(t, err)
+	testRoot, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
 	defer os.RemoveAll(testRoot)
 	cfg := &config.Config{}
 
 	err = mount.MakePrivate(testRoot)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	defer mount.Unmount(testRoot)
 
 	cfg.ExecRoot = filepath.Join(testRoot, "exec")
 	cfg.Root = filepath.Join(testRoot, "daemon")
 
 	err = os.Mkdir(cfg.ExecRoot, 0755)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	err = os.Mkdir(cfg.Root, 0755)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	d := &Daemon{configStore: cfg, root: cfg.Root}
 	unmountFile := getUnmountOnShutdownPath(cfg)
 
 	t.Run("regular dir no mountpoint", func(t *testing.T) {
 		err = setupDaemonRootPropagation(cfg)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 		_, err = os.Stat(unmountFile)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 		checkMounted(t, cfg.Root, true)
 
 		assert.Assert(t, d.cleanupMounts())
@@ -271,11 +221,11 @@ func TestRootMountCleanup(t *testing.T) {
 
 	t.Run("root is a private mountpoint", func(t *testing.T) {
 		err = mount.MakePrivate(cfg.Root)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 		defer mount.Unmount(cfg.Root)
 
 		err = setupDaemonRootPropagation(cfg)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 		assert.Check(t, ensureShared(cfg.Root))
 
 		_, err = os.Stat(unmountFile)
@@ -287,11 +237,11 @@ func TestRootMountCleanup(t *testing.T) {
 	// mount is pre-configured with a shared mount
 	t.Run("root is a shared mountpoint", func(t *testing.T) {
 		err = mount.MakeShared(cfg.Root)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 		defer mount.Unmount(cfg.Root)
 
 		err = setupDaemonRootPropagation(cfg)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 
 		if _, err := os.Stat(unmountFile); err == nil {
 			t.Fatal("unmount file should not exist")
@@ -305,13 +255,13 @@ func TestRootMountCleanup(t *testing.T) {
 	// does not need mount but unmount file exists from previous run
 	t.Run("old mount file is cleaned up on setup if not needed", func(t *testing.T) {
 		err = mount.MakeShared(testRoot)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 		defer mount.MakePrivate(testRoot)
-		err = ioutil.WriteFile(unmountFile, nil, 0644)
-		assert.Assert(t, err)
+		err = os.WriteFile(unmountFile, nil, 0644)
+		assert.NilError(t, err)
 
 		err = setupDaemonRootPropagation(cfg)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 
 		_, err = os.Stat(unmountFile)
 		assert.Check(t, os.IsNotExist(err), err)
diff --git a/daemon/daemon_test.go b/daemon/daemon_test.go
index d89b0077fd6e2..1975f3cde3911 100644
--- a/daemon/daemon_test.go
+++ b/daemon/daemon_test.go
@@ -1,7 +1,6 @@
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -10,15 +9,15 @@ import (
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libnetwork"
 	_ "github.com/docker/docker/pkg/discovery/memory"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/truncindex"
 	volumesservice "github.com/docker/docker/volume/service"
 	"github.com/docker/go-connections/nat"
-	"github.com/docker/libnetwork"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 //
@@ -82,15 +81,15 @@ func TestGetContainer(t *testing.T) {
 	daemon.reserveName(c4.ID, c4.Name)
 	daemon.reserveName(c5.ID, c5.Name)
 
-	if container, _ := daemon.GetContainer("3cdbd1aa394fd68559fd1441d6eff2ab7c1e6363582c82febfaa8045df3bd8de"); container != c2 {
+	if ctr, _ := daemon.GetContainer("3cdbd1aa394fd68559fd1441d6eff2ab7c1e6363582c82febfaa8045df3bd8de"); ctr != c2 {
 		t.Fatal("Should explicitly match full container IDs")
 	}
 
-	if container, _ := daemon.GetContainer("75fb0b8009"); container != c4 {
+	if ctr, _ := daemon.GetContainer("75fb0b8009"); ctr != c4 {
 		t.Fatal("Should match a partial ID")
 	}
 
-	if container, _ := daemon.GetContainer("drunk_hawking"); container != c2 {
+	if ctr, _ := daemon.GetContainer("drunk_hawking"); ctr != c2 {
 		t.Fatal("Should match a full name")
 	}
 
@@ -99,7 +98,7 @@ func TestGetContainer(t *testing.T) {
 		t.Fatal("Should match a full name even though it collides with another container's ID")
 	}
 
-	if container, _ := daemon.GetContainer("d22d69a2b896"); container != c5 {
+	if ctr, _ := daemon.GetContainer("d22d69a2b896"); ctr != c5 {
 		t.Fatal("Should match a container where the provided prefix is an exact match to the its name, and is also a prefix for its ID")
 	}
 
@@ -147,7 +146,7 @@ func TestContainerInitDNS(t *testing.T) {
 		t.Skip("root required") // for chown
 	}
 
-	tmp, err := ioutil.TempDir("", "docker-container-test-")
+	tmp, err := os.MkdirTemp("", "docker-container-test-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -176,12 +175,12 @@ func TestContainerInitDNS(t *testing.T) {
 "UpdateDns":false,"Volumes":{},"VolumesRW":{},"AppliedVolumesFrom":null}`
 
 	// Container struct only used to retrieve path to config file
-	container := &container.Container{Root: containerPath}
-	configPath, err := container.ConfigPath()
+	ctr := &container.Container{Root: containerPath}
+	configPath, err := ctr.ConfigPath()
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err = ioutil.WriteFile(configPath, []byte(config), 0644); err != nil {
+	if err = os.WriteFile(configPath, []byte(config), 0644); err != nil {
 		t.Fatal(err)
 	}
 
@@ -190,11 +189,11 @@ func TestContainerInitDNS(t *testing.T) {
 "Devices":[],"NetworkMode":"bridge","IpcMode":"","PidMode":"","CapAdd":null,"CapDrop":null,"RestartPolicy":{"Name":"no","MaximumRetryCount":0},
 "SecurityOpt":null,"ReadonlyRootfs":false,"Ulimits":null,"LogConfig":{"Type":"","Config":null},"CgroupParent":""}`
 
-	hostConfigPath, err := container.HostConfigPath()
+	hostConfigPath, err := ctr.HostConfigPath()
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err = ioutil.WriteFile(hostConfigPath, []byte(hostConfig), 0644); err != nil {
+	if err = os.WriteFile(hostConfigPath, []byte(hostConfig), 0644); err != nil {
 		t.Fatal(err)
 	}
 
@@ -305,14 +304,15 @@ func TestMerge(t *testing.T) {
 func TestValidateContainerIsolation(t *testing.T) {
 	d := Daemon{}
 
-	_, err := d.verifyContainerSettings(runtime.GOOS, &containertypes.HostConfig{Isolation: containertypes.Isolation("invalid")}, nil, false)
+	_, err := d.verifyContainerSettings(&containertypes.HostConfig{Isolation: containertypes.Isolation("invalid")}, nil, false)
 	assert.Check(t, is.Error(err, "invalid isolation 'invalid' on "+runtime.GOOS))
 }
 
 func TestFindNetworkErrorType(t *testing.T) {
 	d := Daemon{}
 	_, err := d.FindNetwork("fakeNet")
-	_, ok := errors.Cause(err).(libnetwork.ErrNoSuchNetwork)
+	var nsn libnetwork.ErrNoSuchNetwork
+	ok := errors.As(err, &nsn)
 	if !errdefs.IsNotFound(err) || !ok {
 		t.Error("The FindNetwork method MUST always return an error that implements the NotFound interface and is ErrNoSuchNetwork")
 	}
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index b69eede21c44f..19f8ad8ca8b6a 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -6,7 +7,6 @@ import (
 	"bufio"
 	"context"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@@ -14,9 +14,13 @@ import (
 	"runtime/debug"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
-	containerd_cgroups "github.com/containerd/cgroups"
+	"github.com/containerd/cgroups"
+	statsV1 "github.com/containerd/cgroups/stats/v1"
+	statsV2 "github.com/containerd/cgroups/v2/stats"
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/blkiodev"
 	pblkiodev "github.com/docker/docker/api/types/blkiodev"
@@ -24,26 +28,26 @@ import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/daemon/initlayer"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libcontainerd/remote"
+	"github.com/docker/docker/libnetwork"
+	nwconfig "github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/drivers/bridge"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/options"
+	lntypes "github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/runconfig"
 	volumemounts "github.com/docker/docker/volume/mounts"
-	"github.com/docker/libnetwork"
-	nwconfig "github.com/docker/libnetwork/config"
-	"github.com/docker/libnetwork/drivers/bridge"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/options"
-	lntypes "github.com/docker/libnetwork/types"
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/moby/sys/mount"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -52,20 +56,14 @@ import (
 )
 
 const (
-	// DefaultShimBinary is the default shim to be used by containerd if none
-	// is specified
-	DefaultShimBinary = "containerd-shim"
-
-	// DefaultRuntimeBinary is the default runtime to be used by
-	// containerd if none is specified
-	DefaultRuntimeBinary = "runc"
+	isWindows = false
 
 	// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
 	linuxMinCPUShares = 2
 	linuxMaxCPUShares = 262144
 	platformSupported = true
-	// It's not kernel limit, we want this 4M limit to supply a reasonable functional container
-	linuxMinMemory = 4194304
+	// It's not kernel limit, we want this 6M limit to account for overhead during startup, and to supply a reasonable functional container
+	linuxMinMemory = 6291456
 	// constants for remapped root settings
 	defaultIDSpecifier = "default"
 	defaultRemappedID  = "dockremap"
@@ -73,10 +71,7 @@ const (
 	// constant for cgroup drivers
 	cgroupFsDriver      = "cgroupfs"
 	cgroupSystemdDriver = "systemd"
-
-	// DefaultRuntimeName is the default runtime to be used by
-	// containerd if none is specified
-	DefaultRuntimeName = "runc"
+	cgroupNoneDriver    = "none"
 )
 
 type containerGetter interface {
@@ -111,9 +106,26 @@ func getMemoryResources(config containertypes.Resources) *specs.LinuxMemory {
 		memory.Kernel = &config.KernelMemory
 	}
 
+	if config.KernelMemoryTCP != 0 {
+		memory.KernelTCP = &config.KernelMemoryTCP
+	}
+
 	return &memory
 }
 
+func getPidsLimit(config containertypes.Resources) *specs.LinuxPids {
+	if config.PidsLimit == nil {
+		return nil
+	}
+	if *config.PidsLimit <= 0 {
+		// docker API allows 0 and negative values to unset this to be consistent
+		// with default values. When updating values, runc requires -1 to unset
+		// the previous limit.
+		return &specs.LinuxPids{Limit: -1}
+	}
+	return &specs.LinuxPids{Limit: *config.PidsLimit}
+}
+
 func getCPUResources(config containertypes.Resources) (*specs.LinuxCPU, error) {
 	cpu := specs.LinuxCPU{}
 
@@ -170,12 +182,13 @@ func getBlkioWeightDevices(config containertypes.Resources) ([]specs.LinuxWeight
 
 	for _, weightDevice := range config.BlkioWeightDevice {
 		if err := unix.Stat(weightDevice.Path, &stat); err != nil {
-			return nil, err
+			return nil, errors.WithStack(&os.PathError{Op: "stat", Path: weightDevice.Path, Err: err})
 		}
 		weight := weightDevice.Weight
 		d := specs.LinuxWeightDevice{Weight: &weight}
-		d.Major = int64(stat.Rdev / 256)
-		d.Minor = int64(stat.Rdev % 256)
+		// The type is 32bit on mips.
+		d.Major = int64(unix.Major(uint64(stat.Rdev))) //nolint: unconvert
+		d.Minor = int64(unix.Minor(uint64(stat.Rdev))) //nolint: unconvert
 		blkioWeightDevices = append(blkioWeightDevices, d)
 	}
 
@@ -242,17 +255,53 @@ func getBlkioThrottleDevices(devs []*blkiodev.ThrottleDevice) ([]specs.LinuxThro
 
 	for _, d := range devs {
 		if err := unix.Stat(d.Path, &stat); err != nil {
-			return nil, err
+			return nil, errors.WithStack(&os.PathError{Op: "stat", Path: d.Path, Err: err})
 		}
 		d := specs.LinuxThrottleDevice{Rate: d.Rate}
-		d.Major = int64(stat.Rdev / 256)
-		d.Minor = int64(stat.Rdev % 256)
+		// the type is 32bit on mips
+		d.Major = int64(unix.Major(uint64(stat.Rdev))) //nolint: unconvert
+		d.Minor = int64(unix.Minor(uint64(stat.Rdev))) //nolint: unconvert
 		throttleDevices = append(throttleDevices, d)
 	}
 
 	return throttleDevices, nil
 }
 
+// adjustParallelLimit takes a number of objects and a proposed limit and
+// figures out if it's reasonable (and adjusts it accordingly). This is only
+// used for daemon startup, which does a lot of parallel loading of containers
+// (and if we exceed RLIMIT_NOFILE then we're in trouble).
+func adjustParallelLimit(n int, limit int) int {
+	// Rule-of-thumb overhead factor (how many files will each goroutine open
+	// simultaneously). Yes, this is ugly but to be frank this whole thing is
+	// ugly.
+	const overhead = 2
+
+	// On Linux, we need to ensure that parallelStartupJobs doesn't cause us to
+	// exceed RLIMIT_NOFILE. If parallelStartupJobs is too large, we reduce it
+	// and give a warning (since in theory the user should increase their
+	// ulimits to the largest possible value for dockerd).
+	var rlim unix.Rlimit
+	if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlim); err != nil {
+		logrus.Warnf("Couldn't find dockerd's RLIMIT_NOFILE to double-check startup parallelism factor: %v", err)
+		return limit
+	}
+	softRlimit := int(rlim.Cur)
+
+	// Much fewer containers than RLIMIT_NOFILE. No need to adjust anything.
+	if softRlimit > overhead*n {
+		return limit
+	}
+
+	// RLIMIT_NOFILE big enough, no need to adjust anything.
+	if softRlimit > overhead*limit {
+		return limit
+	}
+
+	logrus.Warnf("Found dockerd's open file ulimit (%v) is far too small -- consider increasing it significantly (at least %v)", softRlimit, overhead*limit)
+	return softRlimit / overhead
+}
+
 func checkKernel() error {
 	// Check for unsupported kernel versions
 	// FIXME: it would be cleaner to not test for specific versions, but rather
@@ -299,19 +348,37 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 	if hostConfig.IpcMode.IsEmpty() {
 		m := config.DefaultIpcMode
 		if daemon.configStore != nil {
-			m = daemon.configStore.IpcMode
+			m = containertypes.IpcMode(daemon.configStore.IpcMode)
+		}
+		hostConfig.IpcMode = m
+	}
+
+	// Set default cgroup namespace mode, if unset for container
+	if hostConfig.CgroupnsMode.IsEmpty() {
+		// for cgroup v2: unshare cgroupns even for privileged containers
+		// https://github.com/containers/libpod/pull/4374#issuecomment-549776387
+		if hostConfig.Privileged && cgroups.Mode() != cgroups.Unified {
+			hostConfig.CgroupnsMode = containertypes.CgroupnsModeHost
+		} else {
+			m := containertypes.CgroupnsModeHost
+			if cgroups.Mode() == cgroups.Unified {
+				m = containertypes.CgroupnsModePrivate
+			}
+			if daemon.configStore != nil {
+				m = containertypes.CgroupnsMode(daemon.configStore.CgroupNamespaceMode)
+			}
+			hostConfig.CgroupnsMode = m
 		}
-		hostConfig.IpcMode = containertypes.IpcMode(m)
 	}
 
 	adaptSharedNamespaceContainer(daemon, hostConfig)
 
 	var err error
-	opts, err := daemon.generateSecurityOpt(hostConfig)
+	secOpts, err := daemon.generateSecurityOpt(hostConfig)
 	if err != nil {
 		return err
 	}
-	hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, opts...)
+	hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, secOpts...)
 	if hostConfig.OomKillDisable == nil {
 		defaultOomKillDisable := false
 		hostConfig.OomKillDisable = &defaultOomKillDisable
@@ -350,23 +417,21 @@ func adaptSharedNamespaceContainer(daemon containerGetter, hostConfig *container
 	}
 }
 
-func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysinfo.SysInfo, update bool) ([]string, error) {
-	warnings := []string{}
+// verifyPlatformContainerResources performs platform-specific validation of the container's resource-configuration
+func verifyPlatformContainerResources(resources *containertypes.Resources, sysInfo *sysinfo.SysInfo, update bool) (warnings []string, err error) {
 	fixMemorySwappiness(resources)
 
 	// memory subsystem checks and adjustments
 	if resources.Memory != 0 && resources.Memory < linuxMinMemory {
-		return warnings, fmt.Errorf("Minimum memory limit allowed is 4MB")
+		return warnings, fmt.Errorf("Minimum memory limit allowed is 6MB")
 	}
 	if resources.Memory > 0 && !sysInfo.MemoryLimit {
 		warnings = append(warnings, "Your kernel does not support memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
-		logrus.Warn("Your kernel does not support memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
 		resources.Memory = 0
 		resources.MemorySwap = -1
 	}
 	if resources.Memory > 0 && resources.MemorySwap != -1 && !sysInfo.SwapLimit {
 		warnings = append(warnings, "Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.")
-		logrus.Warn("Your kernel does not support swap limit capabilities,or the cgroup is not mounted. Memory limited without swap.")
 		resources.MemorySwap = -1
 	}
 	if resources.Memory > 0 && resources.MemorySwap > 0 && resources.MemorySwap < resources.Memory {
@@ -377,7 +442,6 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 	}
 	if resources.MemorySwappiness != nil && !sysInfo.MemorySwappiness {
 		warnings = append(warnings, "Your kernel does not support memory swappiness capabilities or the cgroup is not mounted. Memory swappiness discarded.")
-		logrus.Warn("Your kernel does not support memory swappiness capabilities, or the cgroup is not mounted. Memory swappiness discarded.")
 		resources.MemorySwappiness = nil
 	}
 	if resources.MemorySwappiness != nil {
@@ -388,18 +452,22 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 	}
 	if resources.MemoryReservation > 0 && !sysInfo.MemoryReservation {
 		warnings = append(warnings, "Your kernel does not support memory soft limit capabilities or the cgroup is not mounted. Limitation discarded.")
-		logrus.Warn("Your kernel does not support memory soft limit capabilities or the cgroup is not mounted. Limitation discarded.")
 		resources.MemoryReservation = 0
 	}
 	if resources.MemoryReservation > 0 && resources.MemoryReservation < linuxMinMemory {
-		return warnings, fmt.Errorf("Minimum memory reservation allowed is 4MB")
+		return warnings, fmt.Errorf("Minimum memory reservation allowed is 6MB")
 	}
 	if resources.Memory > 0 && resources.MemoryReservation > 0 && resources.Memory < resources.MemoryReservation {
 		return warnings, fmt.Errorf("Minimum memory limit can not be less than memory reservation limit, see usage")
 	}
+	if resources.KernelMemory > 0 {
+		// Kernel memory limit is not supported on cgroup v2.
+		// Even on cgroup v1, kernel memory limit (`kmem.limit_in_bytes`) has been deprecated since kernel 5.4.
+		// https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0b5adf44cae99b3ebcc7
+		warnings = append(warnings, "Specifying a kernel memory limit is deprecated and will be removed in a future release.")
+	}
 	if resources.KernelMemory > 0 && !sysInfo.KernelMemory {
 		warnings = append(warnings, "Your kernel does not support kernel memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
-		logrus.Warn("Your kernel does not support kernel memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
 		resources.KernelMemory = 0
 	}
 	if resources.KernelMemory > 0 && resources.KernelMemory < linuxMinMemory {
@@ -407,22 +475,23 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 	}
 	if resources.KernelMemory > 0 && !kernel.CheckKernelVersion(4, 0, 0) {
 		warnings = append(warnings, "You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected and can cause your system to be unstable.")
-		logrus.Warn("You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected and can cause your system to be unstable.")
 	}
 	if resources.OomKillDisable != nil && !sysInfo.OomKillDisable {
 		// only produce warnings if the setting wasn't to *disable* the OOM Kill; no point
 		// warning the caller if they already wanted the feature to be off
 		if *resources.OomKillDisable {
 			warnings = append(warnings, "Your kernel does not support OomKillDisable. OomKillDisable discarded.")
-			logrus.Warn("Your kernel does not support OomKillDisable. OomKillDisable discarded.")
 		}
 		resources.OomKillDisable = nil
 	}
-
-	if resources.PidsLimit != 0 && !sysInfo.PidsLimit {
-		warnings = append(warnings, "Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
-		logrus.Warn("Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
-		resources.PidsLimit = 0
+	if resources.OomKillDisable != nil && *resources.OomKillDisable && resources.Memory == 0 {
+		warnings = append(warnings, "OOM killer is disabled for the container, but no memory limit is set, this can result in the system running out of resources.")
+	}
+	if resources.PidsLimit != nil && !sysInfo.PidsLimit {
+		if *resources.PidsLimit > 0 {
+			warnings = append(warnings, "Your kernel does not support PIDs limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
+		}
+		resources.PidsLimit = nil
 	}
 
 	// cpu subsystem checks and adjustments
@@ -432,8 +501,8 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 	if resources.NanoCPUs > 0 && resources.CPUQuota > 0 {
 		return warnings, fmt.Errorf("Conflicting options: Nano CPUs and CPU Quota cannot both be set")
 	}
-	if resources.NanoCPUs > 0 && (!sysInfo.CPUCfsPeriod || !sysInfo.CPUCfsQuota) {
-		return warnings, fmt.Errorf("NanoCPUs can not be set, as your kernel does not support CPU cfs period/quota or the cgroup is not mounted")
+	if resources.NanoCPUs > 0 && !sysInfo.CPUCfs {
+		return warnings, fmt.Errorf("NanoCPUs can not be set, as your kernel does not support CPU CFS scheduler or the cgroup is not mounted")
 	}
 	// The highest precision we could get on Linux is 0.001, by setting
 	//   cpu.cfs_period_us=1000ms
@@ -448,35 +517,27 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 
 	if resources.CPUShares > 0 && !sysInfo.CPUShares {
 		warnings = append(warnings, "Your kernel does not support CPU shares or the cgroup is not mounted. Shares discarded.")
-		logrus.Warn("Your kernel does not support CPU shares or the cgroup is not mounted. Shares discarded.")
 		resources.CPUShares = 0
 	}
-	if resources.CPUPeriod > 0 && !sysInfo.CPUCfsPeriod {
-		warnings = append(warnings, "Your kernel does not support CPU cfs period or the cgroup is not mounted. Period discarded.")
-		logrus.Warn("Your kernel does not support CPU cfs period or the cgroup is not mounted. Period discarded.")
+	if (resources.CPUPeriod != 0 || resources.CPUQuota != 0) && !sysInfo.CPUCfs {
+		warnings = append(warnings, "Your kernel does not support CPU CFS scheduler. CPU period/quota discarded.")
 		resources.CPUPeriod = 0
+		resources.CPUQuota = 0
 	}
 	if resources.CPUPeriod != 0 && (resources.CPUPeriod < 1000 || resources.CPUPeriod > 1000000) {
 		return warnings, fmt.Errorf("CPU cfs period can not be less than 1ms (i.e. 1000) or larger than 1s (i.e. 1000000)")
 	}
-	if resources.CPUQuota > 0 && !sysInfo.CPUCfsQuota {
-		warnings = append(warnings, "Your kernel does not support CPU cfs quota or the cgroup is not mounted. Quota discarded.")
-		logrus.Warn("Your kernel does not support CPU cfs quota or the cgroup is not mounted. Quota discarded.")
-		resources.CPUQuota = 0
-	}
 	if resources.CPUQuota > 0 && resources.CPUQuota < 1000 {
 		return warnings, fmt.Errorf("CPU cfs quota can not be less than 1ms (i.e. 1000)")
 	}
 	if resources.CPUPercent > 0 {
 		warnings = append(warnings, fmt.Sprintf("%s does not support CPU percent. Percent discarded.", runtime.GOOS))
-		logrus.Warnf("%s does not support CPU percent. Percent discarded.", runtime.GOOS)
 		resources.CPUPercent = 0
 	}
 
 	// cpuset subsystem checks and adjustments
 	if (resources.CpusetCpus != "" || resources.CpusetMems != "") && !sysInfo.Cpuset {
 		warnings = append(warnings, "Your kernel does not support cpuset or the cgroup is not mounted. Cpuset discarded.")
-		logrus.Warn("Your kernel does not support cpuset or the cgroup is not mounted. Cpuset discarded.")
 		resources.CpusetCpus = ""
 		resources.CpusetMems = ""
 	}
@@ -498,7 +559,6 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 	// blkio subsystem checks and adjustments
 	if resources.BlkioWeight > 0 && !sysInfo.BlkioWeight {
 		warnings = append(warnings, "Your kernel does not support Block I/O weight or the cgroup is not mounted. Weight discarded.")
-		logrus.Warn("Your kernel does not support Block I/O weight or the cgroup is not mounted. Weight discarded.")
 		resources.BlkioWeight = 0
 	}
 	if resources.BlkioWeight > 0 && (resources.BlkioWeight < 10 || resources.BlkioWeight > 1000) {
@@ -509,28 +569,23 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 	}
 	if len(resources.BlkioWeightDevice) > 0 && !sysInfo.BlkioWeightDevice {
 		warnings = append(warnings, "Your kernel does not support Block I/O weight_device or the cgroup is not mounted. Weight-device discarded.")
-		logrus.Warn("Your kernel does not support Block I/O weight_device or the cgroup is not mounted. Weight-device discarded.")
 		resources.BlkioWeightDevice = []*pblkiodev.WeightDevice{}
 	}
 	if len(resources.BlkioDeviceReadBps) > 0 && !sysInfo.BlkioReadBpsDevice {
 		warnings = append(warnings, "Your kernel does not support BPS Block I/O read limit or the cgroup is not mounted. Block I/O BPS read limit discarded.")
-		logrus.Warn("Your kernel does not support BPS Block I/O read limit or the cgroup is not mounted. Block I/O BPS read limit discarded")
 		resources.BlkioDeviceReadBps = []*pblkiodev.ThrottleDevice{}
 	}
 	if len(resources.BlkioDeviceWriteBps) > 0 && !sysInfo.BlkioWriteBpsDevice {
 		warnings = append(warnings, "Your kernel does not support BPS Block I/O write limit or the cgroup is not mounted. Block I/O BPS write limit discarded.")
-		logrus.Warn("Your kernel does not support BPS Block I/O write limit or the cgroup is not mounted. Block I/O BPS write limit discarded.")
 		resources.BlkioDeviceWriteBps = []*pblkiodev.ThrottleDevice{}
 
 	}
 	if len(resources.BlkioDeviceReadIOps) > 0 && !sysInfo.BlkioReadIOpsDevice {
 		warnings = append(warnings, "Your kernel does not support IOPS Block read limit or the cgroup is not mounted. Block I/O IOPS read limit discarded.")
-		logrus.Warn("Your kernel does not support IOPS Block I/O read limit in IO or the cgroup is not mounted. Block I/O IOPS read limit discarded.")
 		resources.BlkioDeviceReadIOps = []*pblkiodev.ThrottleDevice{}
 	}
 	if len(resources.BlkioDeviceWriteIOps) > 0 && !sysInfo.BlkioWriteIOpsDevice {
 		warnings = append(warnings, "Your kernel does not support IOPS Block write limit or the cgroup is not mounted. Block I/O IOPS write limit discarded.")
-		logrus.Warn("Your kernel does not support IOPS Block I/O write limit or the cgroup is not mounted. Block I/O IOPS write limit discarded.")
 		resources.BlkioDeviceWriteIOps = []*pblkiodev.ThrottleDevice{}
 	}
 
@@ -538,12 +593,13 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 }
 
 func (daemon *Daemon) getCgroupDriver() string {
-	cgroupDriver := cgroupFsDriver
-
 	if UsingSystemd(daemon.configStore) {
-		cgroupDriver = cgroupSystemdDriver
+		return cgroupSystemdDriver
+	}
+	if daemon.Rootless() {
+		return cgroupNoneDriver
 	}
-	return cgroupDriver
+	return cgroupFsDriver
 }
 
 // getCD gets the raw value of the native.cgroupdriver option, if set.
@@ -558,27 +614,64 @@ func getCD(config *config.Config) string {
 	return ""
 }
 
-// VerifyCgroupDriver validates native.cgroupdriver
-func VerifyCgroupDriver(config *config.Config) error {
+// verifyCgroupDriver validates native.cgroupdriver
+func verifyCgroupDriver(config *config.Config) error {
 	cd := getCD(config)
 	if cd == "" || cd == cgroupFsDriver || cd == cgroupSystemdDriver {
 		return nil
 	}
+	if cd == cgroupNoneDriver {
+		return fmt.Errorf("native.cgroupdriver option %s is internally used and cannot be specified manually", cd)
+	}
 	return fmt.Errorf("native.cgroupdriver option %s not supported", cd)
 }
 
 // UsingSystemd returns true if cli option includes native.cgroupdriver=systemd
 func UsingSystemd(config *config.Config) bool {
-	return getCD(config) == cgroupSystemdDriver
+	cd := getCD(config)
+
+	if cd == cgroupSystemdDriver {
+		return true
+	}
+	// On cgroup v2 hosts, default to systemd driver
+	if cd == "" && cgroups.Mode() == cgroups.Unified && isRunningSystemd() {
+		return true
+	}
+	return false
+}
+
+var (
+	runningSystemd bool
+	detectSystemd  sync.Once
+)
+
+// isRunningSystemd checks whether the host was booted with systemd as its init
+// system. This functions similarly to systemd's `sd_booted(3)`: internally, it
+// checks whether /run/systemd/system/ exists and is a directory.
+// http://www.freedesktop.org/software/systemd/man/sd_booted.html
+//
+// NOTE: This function comes from package github.com/coreos/go-systemd/util
+// It was borrowed here to avoid a dependency on cgo.
+func isRunningSystemd() bool {
+	detectSystemd.Do(func() {
+		fi, err := os.Lstat("/run/systemd/system")
+		if err != nil {
+			return
+		}
+		runningSystemd = fi.IsDir()
+	})
+	return runningSystemd
 }
 
 // verifyPlatformContainerSettings performs platform-specific validation of the
 // hostconfig and config structures.
-func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
-	var warnings []string
-	sysInfo := sysinfo.New(true)
+func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, update bool) (warnings []string, err error) {
+	if hostConfig == nil {
+		return nil, nil
+	}
+	sysInfo := daemon.RawSysInfo()
 
-	w, err := verifyContainerResources(&hostConfig.Resources, sysInfo, update)
+	w, err := verifyPlatformContainerResources(&hostConfig.Resources, sysInfo, update)
 
 	// no matter err is nil or not, w could have data in itself.
 	warnings = append(warnings, w...)
@@ -598,8 +691,11 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
 	// ip-forwarding does not affect container with '--net=host' (or '--net=none')
 	if sysInfo.IPv4ForwardingDisabled && !(hostConfig.NetworkMode.IsHost() || hostConfig.NetworkMode.IsNone()) {
 		warnings = append(warnings, "IPv4 forwarding is disabled. Networking will not work.")
-		logrus.Warn("IPv4 forwarding is disabled. Networking will not work")
 	}
+	if hostConfig.NetworkMode.IsHost() && len(hostConfig.PortBindings) > 0 {
+		warnings = append(warnings, "Published ports are discarded when using host network mode")
+	}
+
 	// check for various conflicting options with user namespaces
 	if daemon.configStore.RemappedRoot != "" && hostConfig.UsernsMode.IsPrivate() {
 		if hostConfig.Privileged {
@@ -626,66 +722,34 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
 		return warnings, fmt.Errorf("Unknown runtime specified %s", hostConfig.Runtime)
 	}
 
-	parser := volumemounts.NewParser(runtime.GOOS)
+	parser := volumemounts.NewParser()
 	for dest := range hostConfig.Tmpfs {
 		if err := parser.ValidateTmpfsMountDestination(dest); err != nil {
 			return warnings, err
 		}
 	}
 
-	return warnings, nil
-}
-
-func (daemon *Daemon) loadRuntimes() error {
-	return daemon.initRuntimes(daemon.configStore.Runtimes)
-}
-
-func (daemon *Daemon) initRuntimes(runtimes map[string]types.Runtime) (err error) {
-	runtimeDir := filepath.Join(daemon.configStore.Root, "runtimes")
-	// Remove old temp directory if any
-	os.RemoveAll(runtimeDir + "-old")
-	tmpDir, err := ioutils.TempDir(daemon.configStore.Root, "gen-runtimes")
-	if err != nil {
-		return errors.Wrap(err, "failed to get temp dir to generate runtime scripts")
+	if !hostConfig.CgroupnsMode.Valid() {
+		return warnings, fmt.Errorf("invalid cgroup namespace mode: %v", hostConfig.CgroupnsMode)
 	}
-	defer func() {
-		if err != nil {
-			if err1 := os.RemoveAll(tmpDir); err1 != nil {
-				logrus.WithError(err1).WithField("dir", tmpDir).
-					Warn("failed to remove tmp dir")
-			}
-			return
-		}
-
-		if err = os.Rename(runtimeDir, runtimeDir+"-old"); err != nil {
-			return
-		}
-		if err = os.Rename(tmpDir, runtimeDir); err != nil {
-			err = errors.Wrap(err, "failed to setup runtimes dir, new containers may not start")
-			return
-		}
-		if err = os.RemoveAll(runtimeDir + "-old"); err != nil {
-			logrus.WithError(err).WithField("dir", tmpDir).
-				Warn("failed to remove old runtimes dir")
-		}
-	}()
-
-	for name, rt := range runtimes {
-		if len(rt.Args) == 0 {
-			continue
+	if hostConfig.CgroupnsMode.IsPrivate() {
+		if !sysInfo.CgroupNamespaces {
+			warnings = append(warnings, "Your kernel does not support cgroup namespaces.  Cgroup namespace setting discarded.")
 		}
+	}
 
-		script := filepath.Join(tmpDir, name)
-		content := fmt.Sprintf("#!/bin/sh\n%s %s $@\n", rt.Path, strings.Join(rt.Args, " "))
-		if err := ioutil.WriteFile(script, []byte(content), 0700); err != nil {
-			return err
-		}
+	if hostConfig.Runtime == config.LinuxV1RuntimeName || (hostConfig.Runtime == "" && daemon.configStore.DefaultRuntime == config.LinuxV1RuntimeName) {
+		warnings = append(warnings, fmt.Sprintf("Configured runtime %q is deprecated and will be removed in the next release.", config.LinuxV1RuntimeName))
 	}
-	return nil
+
+	return warnings, nil
 }
 
 // verifyDaemonSettings performs validation of daemon config struct
 func verifyDaemonSettings(conf *config.Config) error {
+	if conf.ContainerdNamespace == conf.ContainerdPluginNamespace {
+		return errors.New("containers namespace and plugins namespace cannot be the same")
+	}
 	// Check for mutually incompatible config options
 	if conf.BridgeConfig.Iface != "" && conf.BridgeConfig.IP != "" {
 		return fmt.Errorf("You specified -b & --bip, mutually exclusive options. Please specify only one")
@@ -693,10 +757,13 @@ func verifyDaemonSettings(conf *config.Config) error {
 	if !conf.BridgeConfig.EnableIPTables && !conf.BridgeConfig.InterContainerCommunication {
 		return fmt.Errorf("You specified --iptables=false with --icc=false. ICC=false uses iptables to function. Please set --icc or --iptables to true")
 	}
+	if conf.BridgeConfig.EnableIP6Tables && !conf.Experimental {
+		return fmt.Errorf("ip6tables rules are only available if experimental features are enabled")
+	}
 	if !conf.BridgeConfig.EnableIPTables && conf.BridgeConfig.EnableIPMasq {
 		conf.BridgeConfig.EnableIPMasq = false
 	}
-	if err := VerifyCgroupDriver(conf); err != nil {
+	if err := verifyCgroupDriver(conf); err != nil {
 		return err
 	}
 	if conf.CgroupParent != "" && UsingSystemd(conf) {
@@ -705,29 +772,31 @@ func verifyDaemonSettings(conf *config.Config) error {
 		}
 	}
 
-	if conf.DefaultRuntime == "" {
-		conf.DefaultRuntime = config.StockRuntimeName
-	}
-	if conf.Runtimes == nil {
-		conf.Runtimes = make(map[string]types.Runtime)
+	if conf.Rootless && UsingSystemd(conf) && cgroups.Mode() != cgroups.Unified {
+		return fmt.Errorf("exec-opt native.cgroupdriver=systemd requires cgroup v2 for rootless mode")
 	}
-	conf.Runtimes[config.StockRuntimeName] = types.Runtime{Path: DefaultRuntimeName}
 
+	configureRuntimes(conf)
+	if rtName := conf.GetDefaultRuntimeName(); rtName != "" {
+		if conf.GetRuntime(rtName) == nil {
+			return fmt.Errorf("specified default runtime '%s' does not exist", rtName)
+		}
+		if rtName == config.LinuxV1RuntimeName {
+			logrus.Warnf("Configured default runtime %q is deprecated and will be removed in the next release.", config.LinuxV1RuntimeName)
+		}
+	}
 	return nil
 }
 
 // checkSystem validates platform-specific requirements
 func checkSystem() error {
-	if os.Geteuid() != 0 {
-		return fmt.Errorf("The Docker daemon needs to be run as root")
-	}
 	return checkKernel()
 }
 
 // configureMaxThreads sets the Go runtime max threads threshold
 // which is 90% of the kernel setting from /proc/sys/kernel/threads-max
 func configureMaxThreads(config *config.Config) error {
-	mt, err := ioutil.ReadFile("/proc/sys/kernel/threads-max")
+	mt, err := os.ReadFile("/proc/sys/kernel/threads-max")
 	if err != nil {
 		return err
 	}
@@ -751,31 +820,20 @@ func overlaySupportsSelinux() (bool, error) {
 	}
 	defer f.Close()
 
-	var symAddr, symType, symName, text string
-
 	s := bufio.NewScanner(f)
 	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return false, err
-		}
-
-		text = s.Text()
-		if _, err := fmt.Sscanf(text, "%s %s %s", &symAddr, &symType, &symName); err != nil {
-			return false, fmt.Errorf("Scanning '%s' failed: %s", text, err)
-		}
-
-		// Check for presence of symbol security_inode_copy_up.
-		if symName == "security_inode_copy_up" {
+		if strings.HasSuffix(s.Text(), " security_inode_copy_up") {
 			return true, nil
 		}
 	}
-	return false, nil
+
+	return false, s.Err()
 }
 
 // configureKernelSecuritySupport configures and validates security support for the kernel
 func configureKernelSecuritySupport(config *config.Config, driverName string) error {
 	if config.EnableSelinuxSupport {
-		if !selinuxEnabled() {
+		if !selinux.GetEnabled() {
 			logrus.Warn("Docker could not enable SELinux on the host system")
 			return nil
 		}
@@ -793,7 +851,7 @@ func configureKernelSecuritySupport(config *config.Config, driverName string) er
 			}
 		}
 	} else {
-		selinuxSetDisabled()
+		selinux.SetDisabled()
 	}
 	return nil
 }
@@ -811,6 +869,7 @@ func (daemon *Daemon) initNetworkController(config *config.Config, activeSandbox
 
 	if len(activeSandboxes) > 0 {
 		logrus.Info("There are old running containers, the network config will not take affect")
+		setHostGatewayIP(daemon.configStore, controller)
 		return controller, nil
 	}
 
@@ -847,20 +906,39 @@ func (daemon *Daemon) initNetworkController(config *config.Config, activeSandbox
 		removeDefaultBridgeInterface()
 	}
 
+	// Set HostGatewayIP to the default bridge's IP  if it is empty
+	setHostGatewayIP(daemon.configStore, controller)
+
 	return controller, nil
 }
 
-func driverOptions(config *config.Config) []nwconfig.Option {
-	bridgeConfig := options.Generic{
-		"EnableIPForwarding":  config.BridgeConfig.EnableIPForward,
-		"EnableIPTables":      config.BridgeConfig.EnableIPTables,
-		"EnableUserlandProxy": config.BridgeConfig.EnableUserlandProxy,
-		"UserlandProxyPath":   config.BridgeConfig.UserlandProxyPath}
-	bridgeOption := options.Generic{netlabel.GenericData: bridgeConfig}
-
-	dOptions := []nwconfig.Option{}
-	dOptions = append(dOptions, nwconfig.OptionDriverConfig("bridge", bridgeOption))
-	return dOptions
+// setHostGatewayIP sets cfg.HostGatewayIP to the default bridge's IP if it is empty.
+func setHostGatewayIP(config *config.Config, controller libnetwork.NetworkController) {
+	if config.HostGatewayIP != nil {
+		return
+	}
+	if n, err := controller.NetworkByName("bridge"); err == nil {
+		v4Info, v6Info := n.Info().IpamInfo()
+		var gateway net.IP
+		if len(v4Info) > 0 {
+			gateway = v4Info[0].Gateway.IP
+		} else if len(v6Info) > 0 {
+			gateway = v6Info[0].Gateway.IP
+		}
+		config.HostGatewayIP = gateway
+	}
+}
+
+func driverOptions(config *config.Config) nwconfig.Option {
+	return nwconfig.OptionDriverConfig("bridge", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"EnableIPForwarding":  config.BridgeConfig.EnableIPForward,
+			"EnableIPTables":      config.BridgeConfig.EnableIPTables,
+			"EnableIP6Tables":     config.BridgeConfig.EnableIP6Tables,
+			"EnableUserlandProxy": config.BridgeConfig.EnableUserlandProxy,
+			"UserlandProxyPath":   config.BridgeConfig.UserlandProxyPath,
+		},
+	})
 }
 
 func initBridgeDriver(controller libnetwork.NetworkController, config *config.Config) error {
@@ -881,12 +959,7 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *config.Co
 		netOption[bridge.DefaultBindingIP] = config.BridgeConfig.DefaultIP.String()
 	}
 
-	var (
-		ipamV4Conf *libnetwork.IpamConf
-		ipamV6Conf *libnetwork.IpamConf
-	)
-
-	ipamV4Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
+	ipamV4Conf := &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
 
 	nwList, nw6List, err := netutils.ElectInterfaceAddresses(bridgeName)
 	if err != nil {
@@ -915,11 +988,11 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *config.Co
 	}
 
 	if config.BridgeConfig.IP != "" {
-		ipamV4Conf.PreferredPool = config.BridgeConfig.IP
-		ip, _, err := net.ParseCIDR(config.BridgeConfig.IP)
+		ip, ipNet, err := net.ParseCIDR(config.BridgeConfig.IP)
 		if err != nil {
 			return err
 		}
+		ipamV4Conf.PreferredPool = ipNet.String()
 		ipamV4Conf.Gateway = ip.String()
 	} else if bridgeName == bridge.DefaultBridgeName && ipamV4Conf.PreferredPool != "" {
 		logrus.Infof("Default bridge (%s) is assigned with an IP address %s. Daemon option --bip can be used to set a preferred IP address", bridgeName, ipamV4Conf.PreferredPool)
@@ -938,8 +1011,14 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *config.Co
 		ipamV4Conf.AuxAddresses["DefaultGatewayIPv4"] = config.BridgeConfig.DefaultGatewayIPv4.String()
 	}
 
-	var deferIPv6Alloc bool
-	if config.BridgeConfig.FixedCIDRv6 != "" {
+	var (
+		deferIPv6Alloc bool
+		ipamV6Conf     *libnetwork.IpamConf
+	)
+
+	if config.BridgeConfig.EnableIPv6 && config.BridgeConfig.FixedCIDRv6 == "" {
+		return errdefs.InvalidParameter(errors.New("IPv6 is enabled for the default bridge, but no subnet is configured. Specify an IPv6 subnet using --fixed-cidr-v6"))
+	} else if config.BridgeConfig.FixedCIDRv6 != "" {
 		_, fCIDRv6, err := net.ParseCIDR(config.BridgeConfig.FixedCIDRv6)
 		if err != nil {
 			return err
@@ -954,10 +1033,10 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *config.Co
 		ones, _ := fCIDRv6.Mask.Size()
 		deferIPv6Alloc = ones <= 80
 
-		if ipamV6Conf == nil {
-			ipamV6Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
+		ipamV6Conf = &libnetwork.IpamConf{
+			AuxAddresses:  make(map[string]string),
+			PreferredPool: fCIDRv6.String(),
 		}
-		ipamV6Conf.PreferredPool = fCIDRv6.String()
 
 		// In case the --fixed-cidr-v6 is specified and the current docker0 bridge IPv6
 		// address belongs to the same network, we need to inform libnetwork about it, so
@@ -1120,11 +1199,11 @@ func setupRemappedRoot(config *config.Config) (*idtools.IdentityMapping, error)
 			logrus.Warn("User namespaces: root cannot be remapped with itself; user namespaces are OFF")
 			return &idtools.IdentityMapping{}, nil
 		}
-		logrus.Infof("User namespaces: ID ranges will be mapped to subuid/subgid ranges of: %s:%s", username, groupname)
+		logrus.Infof("User namespaces: ID ranges will be mapped to subuid/subgid ranges of: %s", username)
 		// update remapped root setting now that we have resolved them to actual names
 		config.RemappedRoot = fmt.Sprintf("%s:%s", username, groupname)
 
-		mappings, err := idtools.NewIdentityMapping(username, groupname)
+		mappings, err := idtools.NewIdentityMapping(username)
 		if err != nil {
 			return nil, errors.Wrap(err, "Can't create ID mappings")
 		}
@@ -1133,7 +1212,7 @@ func setupRemappedRoot(config *config.Config) (*idtools.IdentityMapping, error)
 	return &idtools.IdentityMapping{}, nil
 }
 
-func setupDaemonRoot(config *config.Config, rootDir string, rootIdentity idtools.Identity) error {
+func setupDaemonRoot(config *config.Config, rootDir string, remappedRoot idtools.Identity) error {
 	config.Root = rootDir
 	// the docker root metadata directory needs to have execute permissions for all users (g+x,o+x)
 	// so that syscalls executing as non-root, operating on subdirectories of the graph root
@@ -1153,15 +1232,21 @@ func setupDaemonRoot(config *config.Config, rootDir string, rootIdentity idtools
 		}
 	}
 
+	id := idtools.Identity{UID: idtools.CurrentIdentity().UID, GID: remappedRoot.GID}
+	// First make sure the current root dir has the correct perms.
+	if err := idtools.MkdirAllAndChown(config.Root, 0710, id); err != nil {
+		return errors.Wrapf(err, "could not create or set daemon root permissions: %s", config.Root)
+	}
+
 	// if user namespaces are enabled we will create a subtree underneath the specified root
 	// with any/all specified remapped root uid/gid options on the daemon creating
 	// a new subdirectory with ownership set to the remapped uid/gid (so as to allow
 	// `chdir()` to work for containers namespaced to that uid/gid)
 	if config.RemappedRoot != "" {
-		config.Root = filepath.Join(rootDir, fmt.Sprintf("%d.%d", rootIdentity.UID, rootIdentity.GID))
+		config.Root = filepath.Join(rootDir, fmt.Sprintf("%d.%d", remappedRoot.UID, remappedRoot.GID))
 		logrus.Debugf("Creating user namespaced daemon root: %s", config.Root)
 		// Create the root directory if it doesn't exist
-		if err := idtools.MkdirAllAndChown(config.Root, 0700, rootIdentity); err != nil {
+		if err := idtools.MkdirAllAndChown(config.Root, 0710, id); err != nil {
 			return fmt.Errorf("Cannot create daemon root: %s: %v", config.Root, err)
 		}
 		// we also need to verify that any pre-existing directories in the path to
@@ -1174,7 +1259,7 @@ func setupDaemonRoot(config *config.Config, rootDir string, rootIdentity idtools
 			if dirPath == "/" {
 				break
 			}
-			if !idtools.CanAccess(dirPath, rootIdentity) {
+			if !idtools.CanAccess(dirPath, remappedRoot) {
 				return fmt.Errorf("a subdirectory in your graphroot path (%s) restricts access to the remapped root uid/gid; please fix by allowing 'o+x' permissions on existing directories", config.Root)
 			}
 		}
@@ -1187,7 +1272,7 @@ func setupDaemonRoot(config *config.Config, rootDir string, rootIdentity idtools
 }
 
 func setupDaemonRootPropagation(cfg *config.Config) error {
-	rootParentMount, options, err := getSourceMount(cfg.Root)
+	rootParentMount, mountOptions, err := getSourceMount(cfg.Root)
 	if err != nil {
 		return errors.Wrap(err, "error getting daemon root's parent mount")
 	}
@@ -1203,7 +1288,7 @@ func setupDaemonRootPropagation(cfg *config.Config) error {
 		}
 	}()
 
-	if hasMountinfoOption(options, sharedPropagationOption, slavePropagationOption) {
+	if hasMountInfoOption(mountOptions, sharedPropagationOption, slavePropagationOption) {
 		cleanupOldFile = true
 		return nil
 	}
@@ -1219,7 +1304,11 @@ func setupDaemonRootPropagation(cfg *config.Config) error {
 		return nil
 	}
 
-	if err := ioutil.WriteFile(cleanupFile, nil, 0600); err != nil {
+	if err := os.MkdirAll(filepath.Dir(cleanupFile), 0700); err != nil {
+		return errors.Wrap(err, "error creating dir to store mount cleanup file")
+	}
+
+	if err := os.WriteFile(cleanupFile, nil, 0600); err != nil {
 		return errors.Wrap(err, "error writing file to signal mount cleanup on shutdown")
 	}
 	return nil
@@ -1244,12 +1333,26 @@ func (daemon *Daemon) registerLinks(container *container.Container, hostConfig *
 		}
 		child, err := daemon.GetContainer(name)
 		if err != nil {
+			if errdefs.IsNotFound(err) {
+				// Trying to link to a non-existing container is not valid, and
+				// should return an "invalid parameter" error. Returning a "not
+				// found" error here would make the client report the container's
+				// image could not be found (see moby/moby#39823)
+				err = errdefs.InvalidParameter(err)
+			}
 			return errors.Wrapf(err, "could not get container for %s", name)
 		}
 		for child.HostConfig.NetworkMode.IsContainer() {
 			parts := strings.SplitN(string(child.HostConfig.NetworkMode), ":", 2)
 			child, err = daemon.GetContainer(parts[1])
 			if err != nil {
+				if errdefs.IsNotFound(err) {
+					// Trying to link to a non-existing container is not valid, and
+					// should return an "invalid parameter" error. Returning a "not
+					// found" error here would make the client report the container's
+					// image could not be found (see moby/moby#39823)
+					err = errdefs.InvalidParameter(err)
+				}
 				return errors.Wrapf(err, "Could not get container for %s", parts[1])
 			}
 		}
@@ -1279,7 +1382,7 @@ func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container
 	return daemon.Unmount(container)
 }
 
-func copyBlkioEntry(entries []*containerd_cgroups.BlkIOEntry) []types.BlkioStatEntry {
+func copyBlkioEntry(entries []*statsV1.BlkIOEntry) []types.BlkioStatEntry {
 	out := make([]types.BlkioStatEntry, len(entries))
 	for i, re := range entries {
 		out[i] = types.BlkioStatEntry{
@@ -1306,6 +1409,17 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 	s := &types.StatsJSON{}
 	s.Read = cs.Read
 	stats := cs.Metrics
+	switch t := stats.(type) {
+	case *statsV1.Metrics:
+		return daemon.statsV1(s, t)
+	case *statsV2.Metrics:
+		return daemon.statsV2(s, t)
+	default:
+		return nil, errors.Errorf("unexpected type of metrics %+v", t)
+	}
+}
+
+func (daemon *Daemon) statsV1(s *types.StatsJSON, stats *statsV1.Metrics) (*types.StatsJSON, error) {
 	if stats.Blkio != nil {
 		s.BlkioStats = types.BlkioStats{
 			IoServiceBytesRecursive: copyBlkioEntry(stats.Blkio.IoServiceBytesRecursive),
@@ -1335,40 +1449,40 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 	}
 
 	if stats.Memory != nil {
-		raw := make(map[string]uint64)
-		raw["cache"] = stats.Memory.Cache
-		raw["rss"] = stats.Memory.RSS
-		raw["rss_huge"] = stats.Memory.RSSHuge
-		raw["mapped_file"] = stats.Memory.MappedFile
-		raw["dirty"] = stats.Memory.Dirty
-		raw["writeback"] = stats.Memory.Writeback
-		raw["pgpgin"] = stats.Memory.PgPgIn
-		raw["pgpgout"] = stats.Memory.PgPgOut
-		raw["pgfault"] = stats.Memory.PgFault
-		raw["pgmajfault"] = stats.Memory.PgMajFault
-		raw["inactive_anon"] = stats.Memory.InactiveAnon
-		raw["active_anon"] = stats.Memory.ActiveAnon
-		raw["inactive_file"] = stats.Memory.InactiveFile
-		raw["active_file"] = stats.Memory.ActiveFile
-		raw["unevictable"] = stats.Memory.Unevictable
-		raw["hierarchical_memory_limit"] = stats.Memory.HierarchicalMemoryLimit
-		raw["hierarchical_memsw_limit"] = stats.Memory.HierarchicalSwapLimit
-		raw["total_cache"] = stats.Memory.TotalCache
-		raw["total_rss"] = stats.Memory.TotalRSS
-		raw["total_rss_huge"] = stats.Memory.TotalRSSHuge
-		raw["total_mapped_file"] = stats.Memory.TotalMappedFile
-		raw["total_dirty"] = stats.Memory.TotalDirty
-		raw["total_writeback"] = stats.Memory.TotalWriteback
-		raw["total_pgpgin"] = stats.Memory.TotalPgPgIn
-		raw["total_pgpgout"] = stats.Memory.TotalPgPgOut
-		raw["total_pgfault"] = stats.Memory.TotalPgFault
-		raw["total_pgmajfault"] = stats.Memory.TotalPgMajFault
-		raw["total_inactive_anon"] = stats.Memory.TotalInactiveAnon
-		raw["total_active_anon"] = stats.Memory.TotalActiveAnon
-		raw["total_inactive_file"] = stats.Memory.TotalInactiveFile
-		raw["total_active_file"] = stats.Memory.TotalActiveFile
-		raw["total_unevictable"] = stats.Memory.TotalUnevictable
-
+		raw := map[string]uint64{
+			"cache":                     stats.Memory.Cache,
+			"rss":                       stats.Memory.RSS,
+			"rss_huge":                  stats.Memory.RSSHuge,
+			"mapped_file":               stats.Memory.MappedFile,
+			"dirty":                     stats.Memory.Dirty,
+			"writeback":                 stats.Memory.Writeback,
+			"pgpgin":                    stats.Memory.PgPgIn,
+			"pgpgout":                   stats.Memory.PgPgOut,
+			"pgfault":                   stats.Memory.PgFault,
+			"pgmajfault":                stats.Memory.PgMajFault,
+			"inactive_anon":             stats.Memory.InactiveAnon,
+			"active_anon":               stats.Memory.ActiveAnon,
+			"inactive_file":             stats.Memory.InactiveFile,
+			"active_file":               stats.Memory.ActiveFile,
+			"unevictable":               stats.Memory.Unevictable,
+			"hierarchical_memory_limit": stats.Memory.HierarchicalMemoryLimit,
+			"hierarchical_memsw_limit":  stats.Memory.HierarchicalSwapLimit,
+			"total_cache":               stats.Memory.TotalCache,
+			"total_rss":                 stats.Memory.TotalRSS,
+			"total_rss_huge":            stats.Memory.TotalRSSHuge,
+			"total_mapped_file":         stats.Memory.TotalMappedFile,
+			"total_dirty":               stats.Memory.TotalDirty,
+			"total_writeback":           stats.Memory.TotalWriteback,
+			"total_pgpgin":              stats.Memory.TotalPgPgIn,
+			"total_pgpgout":             stats.Memory.TotalPgPgOut,
+			"total_pgfault":             stats.Memory.TotalPgFault,
+			"total_pgmajfault":          stats.Memory.TotalPgMajFault,
+			"total_inactive_anon":       stats.Memory.TotalInactiveAnon,
+			"total_active_anon":         stats.Memory.TotalActiveAnon,
+			"total_inactive_file":       stats.Memory.TotalInactiveFile,
+			"total_active_file":         stats.Memory.TotalActiveFile,
+			"total_unevictable":         stats.Memory.TotalUnevictable,
+		}
 		if stats.Memory.Usage != nil {
 			s.MemoryStats = types.MemoryStats{
 				Stats:    raw,
@@ -1399,6 +1513,108 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 	return s, nil
 }
 
+func (daemon *Daemon) statsV2(s *types.StatsJSON, stats *statsV2.Metrics) (*types.StatsJSON, error) {
+	if stats.Io != nil {
+		var isbr []types.BlkioStatEntry
+		for _, re := range stats.Io.Usage {
+			isbr = append(isbr,
+				types.BlkioStatEntry{
+					Major: re.Major,
+					Minor: re.Minor,
+					Op:    "read",
+					Value: re.Rbytes,
+				},
+				types.BlkioStatEntry{
+					Major: re.Major,
+					Minor: re.Minor,
+					Op:    "write",
+					Value: re.Wbytes,
+				},
+			)
+		}
+		s.BlkioStats = types.BlkioStats{
+			IoServiceBytesRecursive: isbr,
+			// Other fields are unsupported
+		}
+	}
+
+	if stats.CPU != nil {
+		s.CPUStats = types.CPUStats{
+			CPUUsage: types.CPUUsage{
+				TotalUsage: stats.CPU.UsageUsec * 1000,
+				// PercpuUsage is not supported
+				UsageInKernelmode: stats.CPU.SystemUsec * 1000,
+				UsageInUsermode:   stats.CPU.UserUsec * 1000,
+			},
+			ThrottlingData: types.ThrottlingData{
+				Periods:          stats.CPU.NrPeriods,
+				ThrottledPeriods: stats.CPU.NrThrottled,
+				ThrottledTime:    stats.CPU.ThrottledUsec * 1000,
+			},
+		}
+	}
+
+	if stats.Memory != nil {
+		s.MemoryStats = types.MemoryStats{
+			// Stats is not compatible with v1
+			Stats: map[string]uint64{
+				"anon":                   stats.Memory.Anon,
+				"file":                   stats.Memory.File,
+				"kernel_stack":           stats.Memory.KernelStack,
+				"slab":                   stats.Memory.Slab,
+				"sock":                   stats.Memory.Sock,
+				"shmem":                  stats.Memory.Shmem,
+				"file_mapped":            stats.Memory.FileMapped,
+				"file_dirty":             stats.Memory.FileDirty,
+				"file_writeback":         stats.Memory.FileWriteback,
+				"anon_thp":               stats.Memory.AnonThp,
+				"inactive_anon":          stats.Memory.InactiveAnon,
+				"active_anon":            stats.Memory.ActiveAnon,
+				"inactive_file":          stats.Memory.InactiveFile,
+				"active_file":            stats.Memory.ActiveFile,
+				"unevictable":            stats.Memory.Unevictable,
+				"slab_reclaimable":       stats.Memory.SlabReclaimable,
+				"slab_unreclaimable":     stats.Memory.SlabUnreclaimable,
+				"pgfault":                stats.Memory.Pgfault,
+				"pgmajfault":             stats.Memory.Pgmajfault,
+				"workingset_refault":     stats.Memory.WorkingsetRefault,
+				"workingset_activate":    stats.Memory.WorkingsetActivate,
+				"workingset_nodereclaim": stats.Memory.WorkingsetNodereclaim,
+				"pgrefill":               stats.Memory.Pgrefill,
+				"pgscan":                 stats.Memory.Pgscan,
+				"pgsteal":                stats.Memory.Pgsteal,
+				"pgactivate":             stats.Memory.Pgactivate,
+				"pgdeactivate":           stats.Memory.Pgdeactivate,
+				"pglazyfree":             stats.Memory.Pglazyfree,
+				"pglazyfreed":            stats.Memory.Pglazyfreed,
+				"thp_fault_alloc":        stats.Memory.ThpFaultAlloc,
+				"thp_collapse_alloc":     stats.Memory.ThpCollapseAlloc,
+			},
+			Usage: stats.Memory.Usage,
+			// MaxUsage is not supported
+			Limit: stats.Memory.UsageLimit,
+		}
+		// if the container does not set memory limit, use the machineMemory
+		if s.MemoryStats.Limit > daemon.machineMemory && daemon.machineMemory > 0 {
+			s.MemoryStats.Limit = daemon.machineMemory
+		}
+		if stats.MemoryEvents != nil {
+			// Failcnt is set to the "oom" field of the "memory.events" file.
+			// See https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html
+			s.MemoryStats.Failcnt = stats.MemoryEvents.Oom
+		}
+	}
+
+	if stats.Pids != nil {
+		s.PidsStats = types.PidsStats{
+			Current: stats.Pids.Current,
+			Limit:   stats.Pids.Limit,
+		}
+	}
+
+	return s, nil
+}
+
 // setDefaultIsolation determines the default isolation mode for the
 // daemon to run in. This is only applicable on Windows
 func (daemon *Daemon) setDefaultIsolation() error {
@@ -1438,7 +1654,7 @@ func setMayDetachMounts() error {
 		// Setting may_detach_mounts does not work in an
 		// unprivileged container. Ignore the error, but log
 		// it if we appear not to be in that situation.
-		if !rsystem.RunningInUserNS() {
+		if !userns.RunningInUserNS() {
 			logrus.Debugf("Permission denied writing %q to /proc/sys/fs/may_detach_mounts", "1")
 		}
 		return nil
@@ -1447,6 +1663,9 @@ func setMayDetachMounts() error {
 }
 
 func setupOOMScoreAdj(score int) error {
+	if score == 0 {
+		return nil
+	}
 	f, err := os.OpenFile("/proc/self/oom_score_adj", os.O_WRONLY, 0)
 	if err != nil {
 		return err
@@ -1458,7 +1677,7 @@ func setupOOMScoreAdj(score int) error {
 		// Setting oom_score_adj does not work in an
 		// unprivileged container. Ignore the error, but log
 		// it if we appear not to be in that situation.
-		if !rsystem.RunningInUserNS() {
+		if !userns.RunningInUserNS() {
 			logrus.Debugf("Permission denied writing %q to /proc/self/oom_score_adj", stringScore)
 		}
 		return nil
@@ -1467,57 +1686,74 @@ func setupOOMScoreAdj(score int) error {
 	return err
 }
 
-func (daemon *Daemon) initCgroupsPath(path string) error {
+func (daemon *Daemon) initCPURtController(mnt, path string) error {
 	if path == "/" || path == "." {
 		return nil
 	}
 
-	if daemon.configStore.CPURealtimePeriod == 0 && daemon.configStore.CPURealtimeRuntime == 0 {
-		return nil
-	}
-
 	// Recursively create cgroup to ensure that the system and all parent cgroups have values set
 	// for the period and runtime as this limits what the children can be set to.
-	daemon.initCgroupsPath(filepath.Dir(path))
-
-	mnt, root, err := cgroups.FindCgroupMountpointAndRoot("cpu")
-	if err != nil {
+	if err := daemon.initCPURtController(mnt, filepath.Dir(path)); err != nil {
 		return err
 	}
-	// When docker is run inside docker, the root is based of the host cgroup.
-	// Should this be handled in runc/libcontainer/cgroups ?
-	if strings.HasPrefix(root, "/docker/") {
-		root = "/"
-	}
 
-	path = filepath.Join(mnt, root, path)
-	sysinfo := sysinfo.New(true)
-	if err := maybeCreateCPURealTimeFile(sysinfo.CPURealtimePeriod, daemon.configStore.CPURealtimePeriod, "cpu.rt_period_us", path); err != nil {
+	path = filepath.Join(mnt, path)
+	if err := os.MkdirAll(path, 0755); err != nil {
 		return err
 	}
-	return maybeCreateCPURealTimeFile(sysinfo.CPURealtimeRuntime, daemon.configStore.CPURealtimeRuntime, "cpu.rt_runtime_us", path)
+	if err := maybeCreateCPURealTimeFile(daemon.configStore.CPURealtimePeriod, "cpu.rt_period_us", path); err != nil {
+		return err
+	}
+	return maybeCreateCPURealTimeFile(daemon.configStore.CPURealtimeRuntime, "cpu.rt_runtime_us", path)
 }
 
-func maybeCreateCPURealTimeFile(sysinfoPresent bool, configValue int64, file string, path string) error {
-	if sysinfoPresent && configValue != 0 {
-		if err := os.MkdirAll(path, 0755); err != nil {
-			return err
-		}
-		if err := ioutil.WriteFile(filepath.Join(path, file), []byte(strconv.FormatInt(configValue, 10)), 0700); err != nil {
-			return err
-		}
+func maybeCreateCPURealTimeFile(configValue int64, file string, path string) error {
+	if configValue == 0 {
+		return nil
 	}
-	return nil
+	return os.WriteFile(filepath.Join(path, file), []byte(strconv.FormatInt(configValue, 10)), 0700)
 }
 
 func (daemon *Daemon) setupSeccompProfile() error {
-	if daemon.configStore.SeccompProfile != "" {
-		daemon.seccompProfilePath = daemon.configStore.SeccompProfile
-		b, err := ioutil.ReadFile(daemon.configStore.SeccompProfile)
+	switch profile := daemon.configStore.SeccompProfile; profile {
+	case "", config.SeccompProfileDefault:
+		daemon.seccompProfilePath = config.SeccompProfileDefault
+	case config.SeccompProfileUnconfined:
+		daemon.seccompProfilePath = config.SeccompProfileUnconfined
+	default:
+		daemon.seccompProfilePath = profile
+		b, err := os.ReadFile(profile)
 		if err != nil {
-			return fmt.Errorf("opening seccomp profile (%s) failed: %v", daemon.configStore.SeccompProfile, err)
+			return fmt.Errorf("opening seccomp profile (%s) failed: %v", profile, err)
 		}
 		daemon.seccompProfile = b
 	}
 	return nil
 }
+
+// RawSysInfo returns *sysinfo.SysInfo .
+func (daemon *Daemon) RawSysInfo() *sysinfo.SysInfo {
+	var siOpts []sysinfo.Opt
+	if daemon.getCgroupDriver() == cgroupSystemdDriver {
+		if euid := os.Getenv("ROOTLESSKIT_PARENT_EUID"); euid != "" {
+			siOpts = append(siOpts, sysinfo.WithCgroup2GroupPath("/user.slice/user-"+euid+".slice"))
+		}
+	}
+	return sysinfo.New(siOpts...)
+}
+
+func recursiveUnmount(target string) error {
+	return mount.RecursiveUnmount(target)
+}
+
+func (daemon *Daemon) initLibcontainerd(ctx context.Context) error {
+	var err error
+	daemon.containerd, err = remote.NewClient(
+		ctx,
+		daemon.containerdCli,
+		filepath.Join(daemon.configStore.ExecRoot, "containerd"),
+		daemon.configStore.ContainerdNamespace,
+		daemon,
+	)
+	return err
+}
diff --git a/daemon/daemon_unix_test.go b/daemon/daemon_unix_test.go
index 36c6030988572..9c1b146ca19bb 100644
--- a/daemon/daemon_unix_test.go
+++ b/daemon/daemon_unix_test.go
@@ -1,16 +1,22 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"errors"
-	"io/ioutil"
 	"os"
+	"path/filepath"
 	"testing"
 
+	"github.com/docker/docker/api/types/blkiodev"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/pkg/sysinfo"
+	"golang.org/x/sys/unix"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 type fakeContainerGetter struct {
@@ -18,11 +24,11 @@ type fakeContainerGetter struct {
 }
 
 func (f *fakeContainerGetter) GetContainer(cid string) (*container.Container, error) {
-	container, ok := f.containers[cid]
+	ctr, ok := f.containers[cid]
 	if !ok {
 		return nil, errors.New("container not found")
 	}
-	return container, nil
+	return ctr, nil
 }
 
 // Unix test as uses settings which are not available on Windows
@@ -53,7 +59,7 @@ func TestAdjustSharedNamespaceContainerName(t *testing.T) {
 
 // Unix test as uses settings which are not available on Windows
 func TestAdjustCPUShares(t *testing.T) {
-	tmp, err := ioutil.TempDir("", "docker-daemon-unix-test-")
+	tmp, err := os.MkdirTemp("", "docker-daemon-unix-test-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -62,6 +68,7 @@ func TestAdjustCPUShares(t *testing.T) {
 		repository: tmp,
 		root:       tmp,
 	}
+	muteLogs()
 
 	hostConfig := &containertypes.HostConfig{
 		Resources: containertypes.Resources{CPUShares: linuxMinCPUShares - 1},
@@ -92,7 +99,7 @@ func TestAdjustCPUShares(t *testing.T) {
 
 // Unix test as uses settings which are not available on Windows
 func TestAdjustCPUSharesNoAdjustment(t *testing.T) {
-	tmp, err := ioutil.TempDir("", "docker-daemon-unix-test-")
+	tmp, err := os.MkdirTemp("", "docker-daemon-unix-test-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -131,85 +138,85 @@ func TestAdjustCPUSharesNoAdjustment(t *testing.T) {
 
 // Unix test as uses settings which are not available on Windows
 func TestParseSecurityOptWithDeprecatedColon(t *testing.T) {
-	container := &container.Container{}
-	config := &containertypes.HostConfig{}
+	ctr := &container.Container{}
+	cfg := &containertypes.HostConfig{}
 
 	// test apparmor
-	config.SecurityOpt = []string{"apparmor=test_profile"}
-	if err := parseSecurityOpt(container, config); err != nil {
+	cfg.SecurityOpt = []string{"apparmor=test_profile"}
+	if err := parseSecurityOpt(ctr, cfg); err != nil {
 		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
 	}
-	if container.AppArmorProfile != "test_profile" {
-		t.Fatalf("Unexpected AppArmorProfile, expected: \"test_profile\", got %q", container.AppArmorProfile)
+	if ctr.AppArmorProfile != "test_profile" {
+		t.Fatalf("Unexpected AppArmorProfile, expected: \"test_profile\", got %q", ctr.AppArmorProfile)
 	}
 
 	// test seccomp
 	sp := "/path/to/seccomp_test.json"
-	config.SecurityOpt = []string{"seccomp=" + sp}
-	if err := parseSecurityOpt(container, config); err != nil {
+	cfg.SecurityOpt = []string{"seccomp=" + sp}
+	if err := parseSecurityOpt(ctr, cfg); err != nil {
 		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
 	}
-	if container.SeccompProfile != sp {
-		t.Fatalf("Unexpected AppArmorProfile, expected: %q, got %q", sp, container.SeccompProfile)
+	if ctr.SeccompProfile != sp {
+		t.Fatalf("Unexpected AppArmorProfile, expected: %q, got %q", sp, ctr.SeccompProfile)
 	}
 
 	// test valid label
-	config.SecurityOpt = []string{"label=user:USER"}
-	if err := parseSecurityOpt(container, config); err != nil {
+	cfg.SecurityOpt = []string{"label=user:USER"}
+	if err := parseSecurityOpt(ctr, cfg); err != nil {
 		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
 	}
 
 	// test invalid label
-	config.SecurityOpt = []string{"label"}
-	if err := parseSecurityOpt(container, config); err == nil {
+	cfg.SecurityOpt = []string{"label"}
+	if err := parseSecurityOpt(ctr, cfg); err == nil {
 		t.Fatal("Expected parseSecurityOpt error, got nil")
 	}
 
 	// test invalid opt
-	config.SecurityOpt = []string{"test"}
-	if err := parseSecurityOpt(container, config); err == nil {
+	cfg.SecurityOpt = []string{"test"}
+	if err := parseSecurityOpt(ctr, cfg); err == nil {
 		t.Fatal("Expected parseSecurityOpt error, got nil")
 	}
 }
 
 func TestParseSecurityOpt(t *testing.T) {
-	container := &container.Container{}
-	config := &containertypes.HostConfig{}
+	ctr := &container.Container{}
+	cfg := &containertypes.HostConfig{}
 
 	// test apparmor
-	config.SecurityOpt = []string{"apparmor=test_profile"}
-	if err := parseSecurityOpt(container, config); err != nil {
+	cfg.SecurityOpt = []string{"apparmor=test_profile"}
+	if err := parseSecurityOpt(ctr, cfg); err != nil {
 		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
 	}
-	if container.AppArmorProfile != "test_profile" {
-		t.Fatalf("Unexpected AppArmorProfile, expected: \"test_profile\", got %q", container.AppArmorProfile)
+	if ctr.AppArmorProfile != "test_profile" {
+		t.Fatalf("Unexpected AppArmorProfile, expected: \"test_profile\", got %q", ctr.AppArmorProfile)
 	}
 
 	// test seccomp
 	sp := "/path/to/seccomp_test.json"
-	config.SecurityOpt = []string{"seccomp=" + sp}
-	if err := parseSecurityOpt(container, config); err != nil {
+	cfg.SecurityOpt = []string{"seccomp=" + sp}
+	if err := parseSecurityOpt(ctr, cfg); err != nil {
 		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
 	}
-	if container.SeccompProfile != sp {
-		t.Fatalf("Unexpected SeccompProfile, expected: %q, got %q", sp, container.SeccompProfile)
+	if ctr.SeccompProfile != sp {
+		t.Fatalf("Unexpected SeccompProfile, expected: %q, got %q", sp, ctr.SeccompProfile)
 	}
 
 	// test valid label
-	config.SecurityOpt = []string{"label=user:USER"}
-	if err := parseSecurityOpt(container, config); err != nil {
+	cfg.SecurityOpt = []string{"label=user:USER"}
+	if err := parseSecurityOpt(ctr, cfg); err != nil {
 		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
 	}
 
 	// test invalid label
-	config.SecurityOpt = []string{"label"}
-	if err := parseSecurityOpt(container, config); err == nil {
+	cfg.SecurityOpt = []string{"label"}
+	if err := parseSecurityOpt(ctr, cfg); err == nil {
 		t.Fatal("Expected parseSecurityOpt error, got nil")
 	}
 
 	// test invalid opt
-	config.SecurityOpt = []string{"test"}
-	if err := parseSecurityOpt(container, config); err == nil {
+	cfg.SecurityOpt = []string{"test"}
+	if err := parseSecurityOpt(ctr, cfg); err == nil {
 		t.Fatal("Expected parseSecurityOpt error, got nil")
 	}
 }
@@ -218,28 +225,28 @@ func TestParseNNPSecurityOptions(t *testing.T) {
 	daemon := &Daemon{
 		configStore: &config.Config{NoNewPrivileges: true},
 	}
-	container := &container.Container{}
-	config := &containertypes.HostConfig{}
+	ctr := &container.Container{}
+	cfg := &containertypes.HostConfig{}
 
 	// test NNP when "daemon:true" and "no-new-privileges=false""
-	config.SecurityOpt = []string{"no-new-privileges=false"}
+	cfg.SecurityOpt = []string{"no-new-privileges=false"}
 
-	if err := daemon.parseSecurityOpt(container, config); err != nil {
+	if err := daemon.parseSecurityOpt(ctr, cfg); err != nil {
 		t.Fatalf("Unexpected daemon.parseSecurityOpt error: %v", err)
 	}
-	if container.NoNewPrivileges {
-		t.Fatalf("container.NoNewPrivileges should be FALSE: %v", container.NoNewPrivileges)
+	if ctr.NoNewPrivileges {
+		t.Fatalf("container.NoNewPrivileges should be FALSE: %v", ctr.NoNewPrivileges)
 	}
 
 	// test NNP when "daemon:false" and "no-new-privileges=true""
 	daemon.configStore.NoNewPrivileges = false
-	config.SecurityOpt = []string{"no-new-privileges=true"}
+	cfg.SecurityOpt = []string{"no-new-privileges=true"}
 
-	if err := daemon.parseSecurityOpt(container, config); err != nil {
+	if err := daemon.parseSecurityOpt(ctr, cfg); err != nil {
 		t.Fatalf("Unexpected daemon.parseSecurityOpt error: %v", err)
 	}
-	if !container.NoNewPrivileges {
-		t.Fatalf("container.NoNewPrivileges should be TRUE: %v", container.NoNewPrivileges)
+	if !ctr.NoNewPrivileges {
+		t.Fatalf("container.NoNewPrivileges should be TRUE: %v", ctr.NoNewPrivileges)
 	}
 }
 
@@ -266,3 +273,169 @@ func TestNetworkOptions(t *testing.T) {
 		t.Fatal("Expected networkOptions error, got nil")
 	}
 }
+
+func TestVerifyPlatformContainerResources(t *testing.T) {
+	t.Parallel()
+	var (
+		no  = false
+		yes = true
+	)
+
+	withMemoryLimit := func(si *sysinfo.SysInfo) {
+		si.MemoryLimit = true
+	}
+	withSwapLimit := func(si *sysinfo.SysInfo) {
+		si.SwapLimit = true
+	}
+	withOomKillDisable := func(si *sysinfo.SysInfo) {
+		si.OomKillDisable = true
+	}
+
+	tests := []struct {
+		name             string
+		resources        containertypes.Resources
+		sysInfo          sysinfo.SysInfo
+		update           bool
+		expectedWarnings []string
+	}{
+		{
+			name:             "no-oom-kill-disable",
+			resources:        containertypes.Resources{},
+			sysInfo:          sysInfo(t, withMemoryLimit),
+			expectedWarnings: []string{},
+		},
+		{
+			name: "oom-kill-disable-disabled",
+			resources: containertypes.Resources{
+				OomKillDisable: &no,
+			},
+			sysInfo:          sysInfo(t, withMemoryLimit),
+			expectedWarnings: []string{},
+		},
+		{
+			name: "oom-kill-disable-not-supported",
+			resources: containertypes.Resources{
+				OomKillDisable: &yes,
+			},
+			sysInfo: sysInfo(t, withMemoryLimit),
+			expectedWarnings: []string{
+				"Your kernel does not support OomKillDisable. OomKillDisable discarded.",
+			},
+		},
+		{
+			name: "oom-kill-disable-without-memory-constraints",
+			resources: containertypes.Resources{
+				OomKillDisable: &yes,
+				Memory:         0,
+			},
+			sysInfo: sysInfo(t, withMemoryLimit, withOomKillDisable, withSwapLimit),
+			expectedWarnings: []string{
+				"OOM killer is disabled for the container, but no memory limit is set, this can result in the system running out of resources.",
+			},
+		},
+		{
+			name: "oom-kill-disable-with-memory-constraints-but-no-memory-limit-support",
+			resources: containertypes.Resources{
+				OomKillDisable: &yes,
+				Memory:         linuxMinMemory,
+			},
+			sysInfo: sysInfo(t, withOomKillDisable),
+			expectedWarnings: []string{
+				"Your kernel does not support memory limit capabilities or the cgroup is not mounted. Limitation discarded.",
+				"OOM killer is disabled for the container, but no memory limit is set, this can result in the system running out of resources.",
+			},
+		},
+		{
+			name: "oom-kill-disable-with-memory-constraints",
+			resources: containertypes.Resources{
+				OomKillDisable: &yes,
+				Memory:         linuxMinMemory,
+			},
+			sysInfo:          sysInfo(t, withMemoryLimit, withOomKillDisable, withSwapLimit),
+			expectedWarnings: []string{},
+		},
+	}
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			warnings, err := verifyPlatformContainerResources(&tc.resources, &tc.sysInfo, tc.update)
+			assert.NilError(t, err)
+			for _, w := range tc.expectedWarnings {
+				assert.Assert(t, is.Contains(warnings, w))
+			}
+		})
+	}
+}
+
+func sysInfo(t *testing.T, opts ...func(*sysinfo.SysInfo)) sysinfo.SysInfo {
+	t.Helper()
+	si := sysinfo.SysInfo{}
+
+	for _, opt := range opts {
+		opt(&si)
+	}
+
+	if si.OomKillDisable {
+		t.Log(t.Name(), "OOM disable supported")
+	}
+	return si
+}
+
+const (
+	// prepare major 0x1FD(509 in decimal) and minor 0x130(304)
+	DEVNO  = 0x11FD30
+	MAJOR  = 509
+	MINOR  = 304
+	WEIGHT = 1024
+)
+
+func deviceTypeMock(t *testing.T, testAndCheck func(string)) {
+	if os.Getuid() != 0 {
+		t.Skip("root required") // for mknod
+	}
+
+	t.Parallel()
+
+	tempDir, err := os.MkdirTemp("", "tempDevDir"+t.Name())
+	assert.NilError(t, err, "create temp file")
+	tempFile := filepath.Join(tempDir, "dev")
+
+	defer os.RemoveAll(tempDir)
+
+	if err = unix.Mknod(tempFile, unix.S_IFCHR, DEVNO); err != nil {
+		t.Fatalf("mknod error %s(%x): %v", tempFile, DEVNO, err)
+	}
+
+	testAndCheck(tempFile)
+}
+
+func TestGetBlkioWeightDevices(t *testing.T) {
+	deviceTypeMock(t, func(tempFile string) {
+		mockResource := containertypes.Resources{
+			BlkioWeightDevice: []*blkiodev.WeightDevice{{Path: tempFile, Weight: WEIGHT}},
+		}
+
+		weightDevs, err := getBlkioWeightDevices(mockResource)
+
+		assert.NilError(t, err, "getBlkioWeightDevices")
+		assert.Check(t, is.Len(weightDevs, 1), "getBlkioWeightDevices")
+		assert.Check(t, weightDevs[0].Major == MAJOR, "get major device type")
+		assert.Check(t, weightDevs[0].Minor == MINOR, "get minor device type")
+		assert.Check(t, *weightDevs[0].Weight == WEIGHT, "get device weight")
+	})
+}
+
+func TestGetBlkioThrottleDevices(t *testing.T) {
+	deviceTypeMock(t, func(tempFile string) {
+		mockDevs := []*blkiodev.ThrottleDevice{{Path: tempFile, Rate: WEIGHT}}
+
+		retDevs, err := getBlkioThrottleDevices(mockDevs)
+
+		assert.NilError(t, err, "getBlkioThrottleDevices")
+		assert.Check(t, is.Len(retDevs, 1), "getBlkioThrottleDevices")
+		assert.Check(t, retDevs[0].Major == MAJOR, "get major device type")
+		assert.Check(t, retDevs[0].Minor == MINOR, "get minor device type")
+		assert.Check(t, retDevs[0].Rate == WEIGHT, "get device rate")
+	})
+}
diff --git a/daemon/daemon_unsupported.go b/daemon/daemon_unsupported.go
index 6d8ac6224bd05..7666d14f6ee60 100644
--- a/daemon/daemon_unsupported.go
+++ b/daemon/daemon_unsupported.go
@@ -1,9 +1,19 @@
+//go:build !linux && !freebsd && !windows
 // +build !linux,!freebsd,!windows
 
 package daemon // import "github.com/docker/docker/daemon"
-import "github.com/docker/docker/daemon/config"
+
+import (
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/pkg/sysinfo"
+)
 
 const platformSupported = false
 
 func setupResolvConf(config *config.Config) {
 }
+
+// RawSysInfo returns *sysinfo.SysInfo .
+func (daemon *Daemon) RawSysInfo() *sysinfo.SysInfo {
+	return sysinfo.New()
+}
diff --git a/daemon/daemon_windows.go b/daemon/daemon_windows.go
index e534d7ecccbf6..b9e932f0ec1b5 100644
--- a/daemon/daemon_windows.go
+++ b/daemon/daemon_windows.go
@@ -3,28 +3,32 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"context"
 	"fmt"
+	"math"
 	"path/filepath"
+	"runtime"
 	"strings"
 
 	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/libcontainerd/local"
+	"github.com/docker/docker/libcontainerd/remote"
+	"github.com/docker/docker/libnetwork"
+	nwconfig "github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/datastore"
+	winlibnetwork "github.com/docker/docker/libnetwork/drivers/windows"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
 	"github.com/docker/docker/pkg/containerfs"
-	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/platform"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/libnetwork"
-	nwconfig "github.com/docker/libnetwork/config"
-	"github.com/docker/libnetwork/datastore"
-	winlibnetwork "github.com/docker/libnetwork/drivers/windows"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/options"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
@@ -32,14 +36,23 @@ import (
 )
 
 const (
-	defaultNetworkSpace  = "172.16.0.0/12"
+	isWindows            = true
 	platformSupported    = true
 	windowsMinCPUShares  = 1
 	windowsMaxCPUShares  = 10000
 	windowsMinCPUPercent = 1
 	windowsMaxCPUPercent = 100
+
+	windowsV1RuntimeName = "com.docker.hcsshim.v1"
+	windowsV2RuntimeName = "io.containerd.runhcs.v1"
 )
 
+// Windows containers are much larger than Linux containers and each of them
+// have > 20 system processes which why we use much smaller parallelism value.
+func adjustParallelLimit(n int, limit int) int {
+	return int(math.Max(1, math.Floor(float64(runtime.NumCPU())*.8)))
+}
+
 // Windows has no concept of an execution state directory. So use config.Root here.
 func getPluginExecRoot(root string) string {
 	return filepath.Join(root, "plugins")
@@ -75,8 +88,8 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 	return nil
 }
 
-func verifyContainerResources(resources *containertypes.Resources, isHyperv bool) ([]string, error) {
-	warnings := []string{}
+// verifyPlatformContainerResources performs platform-specific validation of the container's resource-configuration
+func verifyPlatformContainerResources(resources *containertypes.Resources, isHyperv bool) (warnings []string, err error) {
 	fixMemorySwappiness(resources)
 	if !isHyperv {
 		// The processor resource controls are mutually exclusive on
@@ -85,18 +98,15 @@ func verifyContainerResources(resources *containertypes.Resources, isHyperv bool
 		if resources.CPUCount > 0 {
 			if resources.CPUShares > 0 {
 				warnings = append(warnings, "Conflicting options: CPU count takes priority over CPU shares on Windows Server Containers. CPU shares discarded")
-				logrus.Warn("Conflicting options: CPU count takes priority over CPU shares on Windows Server Containers. CPU shares discarded")
 				resources.CPUShares = 0
 			}
 			if resources.CPUPercent > 0 {
 				warnings = append(warnings, "Conflicting options: CPU count takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
-				logrus.Warn("Conflicting options: CPU count takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
 				resources.CPUPercent = 0
 			}
 		} else if resources.CPUShares > 0 {
 			if resources.CPUPercent > 0 {
 				warnings = append(warnings, "Conflicting options: CPU shares takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
-				logrus.Warn("Conflicting options: CPU shares takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
 				resources.CPUPercent = 0
 			}
 		}
@@ -124,14 +134,12 @@ func verifyContainerResources(resources *containertypes.Resources, isHyperv bool
 		return warnings, fmt.Errorf("range of CPUs is from 0.01 to %d.00, as there are only %d CPUs available", sysinfo.NumCPU(), sysinfo.NumCPU())
 	}
 
-	osv := system.GetOSVersion()
-	if resources.NanoCPUs > 0 && isHyperv && osv.Build < 16175 {
+	if resources.NanoCPUs > 0 && isHyperv && osversion.Build() < osversion.RS3 {
 		leftoverNanoCPUs := resources.NanoCPUs % 1e9
 		if leftoverNanoCPUs != 0 && resources.NanoCPUs > 1e9 {
 			resources.NanoCPUs = ((resources.NanoCPUs + 1e9/2) / 1e9) * 1e9
 			warningString := fmt.Sprintf("Your current OS version does not support Hyper-V containers with NanoCPUs greater than 1000000000 but not divisible by 1000000000. NanoCPUs rounded to %d", resources.NanoCPUs)
 			warnings = append(warnings, warningString)
-			logrus.Warn(warningString)
 		}
 	}
 
@@ -180,7 +188,7 @@ func verifyContainerResources(resources *containertypes.Resources, isHyperv bool
 	if resources.OomKillDisable != nil && *resources.OomKillDisable {
 		return warnings, fmt.Errorf("invalid option: Windows does not support OomKillDisable")
 	}
-	if resources.PidsLimit != 0 {
+	if resources.PidsLimit != nil && *resources.PidsLimit != 0 {
 		return warnings, fmt.Errorf("invalid option: Windows does not support PidsLimit")
 	}
 	if len(resources.Ulimits) != 0 {
@@ -191,20 +199,21 @@ func verifyContainerResources(resources *containertypes.Resources, isHyperv bool
 
 // verifyPlatformContainerSettings performs platform-specific validation of the
 // hostconfig and config structures.
-func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
-	warnings := []string{}
-	osv := system.GetOSVersion()
+func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, update bool) (warnings []string, err error) {
+	if hostConfig == nil {
+		return nil, nil
+	}
 	hyperv := daemon.runAsHyperVContainer(hostConfig)
 
 	// On RS5, we allow (but don't strictly support) process isolation on Client SKUs.
 	// Prior to RS5, we don't allow process isolation on Client SKUs.
 	// @engine maintainers. This block should not be removed. It partially enforces licensing
-	// restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this.
-	if !hyperv && system.IsWindowsClient() && osv.Build < 17763 {
+	// restrictions on Windows. Ping Microsoft folks if there are concerns or PRs to change this.
+	if !hyperv && system.IsWindowsClient() && osversion.Build() < osversion.RS5 {
 		return warnings, fmt.Errorf("Windows client operating systems earlier than version 1809 can only run Hyper-V containers")
 	}
 
-	w, err := verifyContainerResources(&hostConfig.Resources, hyperv)
+	w, err := verifyPlatformContainerResources(&hostConfig.Resources, hyperv)
 	warnings = append(warnings, w...)
 	return warnings, err
 }
@@ -216,13 +225,12 @@ func verifyDaemonSettings(config *config.Config) error {
 
 // checkSystem validates platform-specific requirements
 func checkSystem() error {
-	// Validate the OS version. Note that docker.exe must be manifested for this
+	// Validate the OS version. Note that dockerd.exe must be manifested for this
 	// call to return the correct version.
-	osv := system.GetOSVersion()
-	if osv.MajorVersion < 10 {
+	if osversion.Get().MajorVersion < 10 {
 		return fmt.Errorf("This version of Windows does not support the docker daemon")
 	}
-	if osv.Build < 14393 {
+	if osversion.Build() < osversion.RS1 {
 		return fmt.Errorf("The docker daemon requires build 14393 or later of Windows Server 2016 or Windows 10")
 	}
 
@@ -343,8 +351,10 @@ func (daemon *Daemon) initNetworkController(config *config.Config, activeSandbox
 		controller.WalkNetworks(s)
 
 		drvOptions := make(map[string]string)
-
+		nid := ""
 		if n != nil {
+			nid = n.ID()
+
 			// global networks should not be deleted by local HNS
 			if n.Info().Scope() == datastore.GlobalScope {
 				continue
@@ -389,7 +399,7 @@ func (daemon *Daemon) initNetworkController(config *config.Config, activeSandbox
 		}
 
 		v6Conf := []*libnetwork.IpamConf{}
-		_, err := controller.NewNetwork(strings.ToLower(v.Type), name, "",
+		_, err := controller.NewNetwork(strings.ToLower(v.Type), name, nid,
 			libnetwork.NetworkOptionGeneric(options.Generic{
 				netlabel.GenericData: netOption,
 			}),
@@ -425,17 +435,10 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *config.Co
 
 	if config.BridgeConfig.FixedCIDR != "" {
 		subnetPrefix = config.BridgeConfig.FixedCIDR
-	} else {
-		// TP5 doesn't support properly detecting subnet
-		osv := system.GetOSVersion()
-		if osv.Build < 14360 {
-			subnetPrefix = defaultNetworkSpace
-		}
 	}
 
 	if subnetPrefix != "" {
-		ipamV4Conf := libnetwork.IpamConf{}
-		ipamV4Conf.PreferredPool = subnetPrefix
+		ipamV4Conf := libnetwork.IpamConf{PreferredPool: subnetPrefix}
 		v4Conf := []*libnetwork.IpamConf{&ipamV4Conf}
 		v6Conf := []*libnetwork.IpamConf{}
 		ipamOption = libnetwork.NetworkOptionIpam("default", "", v4Conf, v6Conf, nil)
@@ -469,6 +472,10 @@ func (daemon *Daemon) cleanupMounts() error {
 	return nil
 }
 
+func recursiveUnmount(_ string) error {
+	return nil
+}
+
 func setupRemappedRoot(config *config.Config) (*idtools.IdentityMapping, error) {
 	return &idtools.IdentityMapping{}, nil
 }
@@ -497,37 +504,26 @@ func (daemon *Daemon) runAsHyperVContainer(hostConfig *containertypes.HostConfig
 // conditionalMountOnStart is a platform specific helper function during the
 // container start to call mount.
 func (daemon *Daemon) conditionalMountOnStart(container *container.Container) error {
-	// Bail out now for Linux containers. We cannot mount the containers filesystem on the
-	// host as it is a non-Windows filesystem.
-	if system.LCOWSupported() && container.OS != "windows" {
+	if daemon.runAsHyperVContainer(container.HostConfig) {
+		// We do not mount if a Hyper-V container as it needs to be mounted inside the
+		// utility VM, not the host.
 		return nil
 	}
-
-	// We do not mount if a Hyper-V container as it needs to be mounted inside the
-	// utility VM, not the host.
-	if !daemon.runAsHyperVContainer(container.HostConfig) {
-		return daemon.Mount(container)
-	}
-	return nil
+	return daemon.Mount(container)
 }
 
 // conditionalUnmountOnCleanup is a platform specific helper function called
 // during the cleanup of a container to unmount.
 func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container) error {
-	// Bail out now for Linux containers
-	if system.LCOWSupported() && container.OS != "windows" {
+	if daemon.runAsHyperVContainer(container.HostConfig) {
+		// We do not unmount if a Hyper-V container
 		return nil
 	}
-
-	// We do not unmount if a Hyper-V container
-	if !daemon.runAsHyperVContainer(container.HostConfig) {
-		return daemon.Unmount(container)
-	}
-	return nil
+	return daemon.Unmount(container)
 }
 
-func driverOptions(config *config.Config) []nwconfig.Option {
-	return []nwconfig.Option{}
+func driverOptions(_ *config.Config) nwconfig.Option {
+	return nil
 }
 
 func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
@@ -556,7 +552,7 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 			CPUUsage: types.CPUUsage{
 				TotalUsage:        hcss.Processor.TotalRuntime100ns,
 				UsageInKernelmode: hcss.Processor.RuntimeKernel100ns,
-				UsageInUsermode:   hcss.Processor.RuntimeKernel100ns,
+				UsageInUsermode:   hcss.Processor.RuntimeUser100ns,
 			},
 		}
 
@@ -595,10 +591,9 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 // daemon to run in. This is only applicable on Windows
 func (daemon *Daemon) setDefaultIsolation() error {
 	daemon.defaultIsolation = containertypes.Isolation("process")
-	osv := system.GetOSVersion()
 
 	// On client SKUs, default to Hyper-V. @engine maintainers. This
-	// should not be removed. Ping @jhowardmsft is there are PRs to
+	// should not be removed. Ping Microsoft folks is there are PRs to
 	// to change this.
 	if system.IsWindowsClient() {
 		daemon.defaultIsolation = containertypes.Isolation("hyperv")
@@ -619,10 +614,10 @@ func (daemon *Daemon) setDefaultIsolation() error {
 				daemon.defaultIsolation = containertypes.Isolation("hyperv")
 			}
 			if containertypes.Isolation(val).IsProcess() {
-				if system.IsWindowsClient() && osv.Build < 17763 {
+				if system.IsWindowsClient() && osversion.Build() < osversion.RS5 {
 					// On RS5, we allow (but don't strictly support) process isolation on Client SKUs.
 					// @engine maintainers. This block should not be removed. It partially enforces licensing
-					// restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this.
+					// restrictions on Windows. Ping Microsoft folks if there are concerns or PRs to change this.
 					return fmt.Errorf("Windows client operating systems earlier than version 1809 can only run Hyper-V containers")
 				}
 				daemon.defaultIsolation = containertypes.Isolation("process")
@@ -644,16 +639,6 @@ func (daemon *Daemon) setupSeccompProfile() error {
 	return nil
 }
 
-func getRealPath(path string) (string, error) {
-	if system.IsIoTCore() {
-		// Due to https://github.com/golang/go/issues/20506, path expansion
-		// does not work correctly on the default IoT Core configuration.
-		// TODO @darrenstahlmsft remove this once golang/go/20506 is fixed
-		return path, nil
-	}
-	return fileutils.ReadSymlinkedDirectory(path)
-}
-
 func (daemon *Daemon) loadRuntimes() error {
 	return nil
 }
@@ -664,3 +649,47 @@ func (daemon *Daemon) initRuntimes(_ map[string]types.Runtime) error {
 
 func setupResolvConf(config *config.Config) {
 }
+
+// RawSysInfo returns *sysinfo.SysInfo .
+func (daemon *Daemon) RawSysInfo() *sysinfo.SysInfo {
+	return sysinfo.New()
+}
+
+func (daemon *Daemon) initLibcontainerd(ctx context.Context) error {
+	var err error
+
+	rt := daemon.configStore.GetDefaultRuntimeName()
+	if rt == "" {
+		if daemon.configStore.ContainerdAddr == "" {
+			rt = windowsV1RuntimeName
+		} else {
+			rt = windowsV2RuntimeName
+		}
+	}
+
+	switch rt {
+	case windowsV1RuntimeName:
+		daemon.containerd, err = local.NewClient(
+			ctx,
+			daemon.containerdCli,
+			filepath.Join(daemon.configStore.ExecRoot, "containerd"),
+			daemon.configStore.ContainerdNamespace,
+			daemon,
+		)
+	case windowsV2RuntimeName:
+		if daemon.configStore.ContainerdAddr == "" {
+			return fmt.Errorf("cannot use the specified runtime %q without containerd", rt)
+		}
+		daemon.containerd, err = remote.NewClient(
+			ctx,
+			daemon.containerdCli,
+			filepath.Join(daemon.configStore.ExecRoot, "containerd"),
+			daemon.configStore.ContainerdNamespace,
+			daemon,
+		)
+	default:
+		return fmt.Errorf("unknown windows runtime %s", rt)
+	}
+
+	return err
+}
diff --git a/daemon/daemon_windows_test.go b/daemon/daemon_windows_test.go
index a4d8b6a20a45a..32ee182588168 100644
--- a/daemon/daemon_windows_test.go
+++ b/daemon/daemon_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package daemon // import "github.com/docker/docker/daemon"
diff --git a/daemon/debugtrap_unix.go b/daemon/debugtrap_unix.go
index c8abe69bb6cba..4ed710cb47166 100644
--- a/daemon/debugtrap_unix.go
+++ b/daemon/debugtrap_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -6,17 +7,17 @@ import (
 	"os"
 	"os/signal"
 
-	stackdump "github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/stack"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
-func (d *Daemon) setupDumpStackTrap(root string) {
+func (daemon *Daemon) setupDumpStackTrap(root string) {
 	c := make(chan os.Signal, 1)
 	signal.Notify(c, unix.SIGUSR1)
 	go func() {
 		for range c {
-			path, err := stackdump.DumpStacks(root)
+			path, err := stack.DumpToFile(root)
 			if err != nil {
 				logrus.WithError(err).Error("failed to write goroutines dump")
 			} else {
diff --git a/daemon/debugtrap_unsupported.go b/daemon/debugtrap_unsupported.go
index e83d51f59783c..79e27ba6edf62 100644
--- a/daemon/debugtrap_unsupported.go
+++ b/daemon/debugtrap_unsupported.go
@@ -1,7 +1,8 @@
+//go:build !linux && !darwin && !freebsd && !windows
 // +build !linux,!darwin,!freebsd,!windows
 
 package daemon // import "github.com/docker/docker/daemon"
 
-func (d *Daemon) setupDumpStackTrap(_ string) {
+func (daemon *Daemon) setupDumpStackTrap(_ string) {
 	return
 }
diff --git a/daemon/debugtrap_windows.go b/daemon/debugtrap_windows.go
index b438d03812857..56e505e49bb24 100644
--- a/daemon/debugtrap_windows.go
+++ b/daemon/debugtrap_windows.go
@@ -5,19 +5,18 @@ import (
 	"os"
 	"unsafe"
 
-	winio "github.com/Microsoft/go-winio"
-	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/stack"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
 )
 
-func (d *Daemon) setupDumpStackTrap(root string) {
+func (daemon *Daemon) setupDumpStackTrap(root string) {
 	// Windows does not support signals like *nix systems. So instead of
 	// trapping on SIGUSR1 to dump stacks, we wait on a Win32 event to be
 	// signaled. ACL'd to builtin administrators and local system
-	event := "Global\\docker-daemon-" + fmt.Sprint(os.Getpid())
+	event := "Global\\stackdump-" + fmt.Sprint(os.Getpid())
 	ev, _ := windows.UTF16PtrFromString(event)
-	sd, err := winio.SddlToSecurityDescriptor("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
+	sd, err := windows.SecurityDescriptorFromString("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
 	if err != nil {
 		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", event, err.Error())
 		return
@@ -25,7 +24,7 @@ func (d *Daemon) setupDumpStackTrap(root string) {
 	var sa windows.SecurityAttributes
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 	h, err := windows.CreateEvent(&sa, 0, 0, ev)
 	if h == 0 || err != nil {
 		logrus.Errorf("failed to create debug stackdump event %s: %s", event, err.Error())
@@ -35,7 +34,7 @@ func (d *Daemon) setupDumpStackTrap(root string) {
 		logrus.Debugf("Stackdump - waiting signal at %s", event)
 		for {
 			windows.WaitForSingleObject(h, windows.INFINITE)
-			path, err := signal.DumpStacks(root)
+			path, err := stack.DumpToFile(root)
 			if err != nil {
 				logrus.WithError(err).Error("failed to write goroutines dump")
 			} else {
diff --git a/daemon/delete.go b/daemon/delete.go
index 2ccbff05fb4d5..668f232d1c2b3 100644
--- a/daemon/delete.go
+++ b/daemon/delete.go
@@ -11,6 +11,7 @@ import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/system"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -54,13 +55,13 @@ func (daemon *Daemon) rmLink(container *container.Container, name string) error
 	}
 	parent, n := path.Split(name)
 	if parent == "/" {
-		return fmt.Errorf("Conflict, cannot remove the default name of the container")
+		return fmt.Errorf("Conflict, cannot remove the default link name of the container")
 	}
 
 	parent = strings.TrimSuffix(parent, "/")
 	pe, err := daemon.containersReplica.Snapshot().GetID(parent)
 	if err != nil {
-		return fmt.Errorf("Cannot get parent %s for name %s", parent, name)
+		return fmt.Errorf("Cannot get parent %s for link name %s", parent, name)
 	}
 
 	daemon.releaseName(name)
@@ -134,7 +135,7 @@ func (daemon *Daemon) cleanupContainer(container *container.Container, forceRemo
 	}
 
 	linkNames := daemon.linkIndex.delete(container)
-	selinuxFreeLxcContexts(container.ProcessLabel)
+	selinux.ReleaseLabel(container.ProcessLabel)
 	daemon.idIndex.Delete(container.ID)
 	daemon.containers.Delete(container.ID)
 	daemon.containersReplica.Delete(container)
diff --git a/daemon/delete_test.go b/daemon/delete_test.go
index d600917b0c188..c95309e0121bc 100644
--- a/daemon/delete_test.go
+++ b/daemon/delete_test.go
@@ -2,19 +2,18 @@ package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func newDaemonWithTmpRoot(t *testing.T) (*Daemon, func()) {
-	tmp, err := ioutil.TempDir("", "docker-daemon-unix-test-")
+	tmp, err := os.MkdirTemp("", "docker-daemon-unix-test-")
 	assert.NilError(t, err)
 	d := &Daemon{
 		repository: tmp,
diff --git a/daemon/devices_linux.go b/daemon/devices_linux.go
new file mode 100644
index 0000000000000..a7b76eacafc8f
--- /dev/null
+++ b/daemon/devices_linux.go
@@ -0,0 +1,38 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/capabilities"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+var deviceDrivers = map[string]*deviceDriver{}
+
+type deviceDriver struct {
+	capset     capabilities.Set
+	updateSpec func(*specs.Spec, *deviceInstance) error
+}
+
+type deviceInstance struct {
+	req          container.DeviceRequest
+	selectedCaps []string
+}
+
+func registerDeviceDriver(name string, d *deviceDriver) {
+	deviceDrivers[name] = d
+}
+
+func (daemon *Daemon) handleDevice(req container.DeviceRequest, spec *specs.Spec) error {
+	if req.Driver == "" {
+		for _, dd := range deviceDrivers {
+			if selected := dd.capset.Match(req.Capabilities); selected != nil {
+				return dd.updateSpec(spec, &deviceInstance{req: req, selectedCaps: selected})
+			}
+		}
+	} else if dd := deviceDrivers[req.Driver]; dd != nil {
+		if selected := dd.capset.Match(req.Capabilities); selected != nil {
+			return dd.updateSpec(spec, &deviceInstance{req: req, selectedCaps: selected})
+		}
+	}
+	return incompatibleDeviceRequest{req.Driver, req.Capabilities}
+}
diff --git a/daemon/discovery/discovery.go b/daemon/discovery/discovery.go
index 092c57638a18d..985ab6a3a7635 100644
--- a/daemon/discovery/discovery.go
+++ b/daemon/discovery/discovery.go
@@ -148,12 +148,14 @@ func (d *daemonDiscoveryReloader) initHeartbeat(address string) error {
 	// Setup a short ticker until the first heartbeat has succeeded
 	t := time.NewTicker(500 * time.Millisecond)
 	defer t.Stop()
+
 	// timeout makes sure that after a period of time we stop being so aggressive trying to reach the discovery service
-	timeout := time.After(60 * time.Second)
+	timeout := time.NewTimer(60 * time.Second)
+	defer timeout.Stop()
 
 	for {
 		select {
-		case <-timeout:
+		case <-timeout.C:
 			return errors.New("timeout waiting for initial discovery")
 		case <-d.term:
 			return errors.New("terminated")
diff --git a/daemon/discovery/discovery_test.go b/daemon/discovery/discovery_test.go
index c354a2918d646..cc5f34a718214 100644
--- a/daemon/discovery/discovery_test.go
+++ b/daemon/discovery/discovery_test.go
@@ -5,8 +5,8 @@ import (
 	"testing"
 	"time"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestDiscoveryOptsErrors(t *testing.T) {
diff --git a/daemon/disk_usage.go b/daemon/disk_usage.go
index 5bec60d174142..b96e626f45288 100644
--- a/daemon/disk_usage.go
+++ b/daemon/disk_usage.go
@@ -3,48 +3,83 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"context"
 	"fmt"
-	"sync/atomic"
 
+	"github.com/docker/docker/api/server/router/system"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/sync/errgroup"
 )
 
-// SystemDiskUsage returns information about the daemon data disk usage
-func (daemon *Daemon) SystemDiskUsage(ctx context.Context) (*types.DiskUsage, error) {
-	if !atomic.CompareAndSwapInt32(&daemon.diskUsageRunning, 0, 1) {
-		return nil, fmt.Errorf("a disk usage operation is already running")
+// ContainerDiskUsage returns information about container data disk usage.
+func (daemon *Daemon) ContainerDiskUsage(ctx context.Context) ([]*types.Container, error) {
+	ch := daemon.usage.DoChan("ContainerDiskUsage", func() (interface{}, error) {
+		// Retrieve container list
+		containers, err := daemon.Containers(&types.ContainerListOptions{
+			Size: true,
+			All:  true,
+		})
+		if err != nil {
+			return nil, fmt.Errorf("failed to retrieve container list: %v", err)
+		}
+		return containers, nil
+	})
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case res := <-ch:
+		if res.Err != nil {
+			return nil, res.Err
+		}
+		return res.Val.([]*types.Container), nil
 	}
-	defer atomic.StoreInt32(&daemon.diskUsageRunning, 0)
+}
 
-	// Retrieve container list
-	allContainers, err := daemon.Containers(&types.ContainerListOptions{
-		Size: true,
-		All:  true,
-	})
-	if err != nil {
-		return nil, fmt.Errorf("failed to retrieve container list: %v", err)
+// SystemDiskUsage returns information about the daemon data disk usage.
+// Callers must not mutate contents of the returned fields.
+func (daemon *Daemon) SystemDiskUsage(ctx context.Context, opts system.DiskUsageOptions) (*types.DiskUsage, error) {
+	eg, ctx := errgroup.WithContext(ctx)
+
+	var containers []*types.Container
+	if opts.Containers {
+		eg.Go(func() error {
+			var err error
+			containers, err = daemon.ContainerDiskUsage(ctx)
+			return err
+		})
 	}
 
-	// Get all top images with extra attributes
-	allImages, err := daemon.imageService.Images(filters.NewArgs(), false, true)
-	if err != nil {
-		return nil, fmt.Errorf("failed to retrieve image list: %v", err)
+	var (
+		images     []*types.ImageSummary
+		layersSize int64
+	)
+	if opts.Images {
+		eg.Go(func() error {
+			var err error
+			images, err = daemon.imageService.ImageDiskUsage(ctx)
+			return err
+		})
+		eg.Go(func() error {
+			var err error
+			layersSize, err = daemon.imageService.LayerDiskUsage(ctx)
+			return err
+		})
 	}
 
-	localVolumes, err := daemon.volumes.LocalVolumesSize(ctx)
-	if err != nil {
-		return nil, err
+	var volumes []*types.Volume
+	if opts.Volumes {
+		eg.Go(func() error {
+			var err error
+			volumes, err = daemon.volumes.LocalVolumesSize(ctx)
+			return err
+		})
 	}
 
-	allLayersSize, err := daemon.imageService.LayerDiskUsage(ctx)
-	if err != nil {
+	if err := eg.Wait(); err != nil {
 		return nil, err
 	}
-
 	return &types.DiskUsage{
-		LayersSize: allLayersSize,
-		Containers: allContainers,
-		Volumes:    localVolumes,
-		Images:     allImages,
+		LayersSize: layersSize,
+		Containers: containers,
+		Volumes:    volumes,
+		Images:     images,
 	}, nil
 }
diff --git a/daemon/errors.go b/daemon/errors.go
index 6d02af3d547cf..6f9eb54039351 100644
--- a/daemon/errors.go
+++ b/daemon/errors.go
@@ -7,7 +7,7 @@ import (
 
 	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
-	"google.golang.org/grpc"
+	"google.golang.org/grpc/status"
 )
 
 func errNotRunning(id string) error {
@@ -80,6 +80,17 @@ func (e invalidIdentifier) Error() string {
 
 func (invalidIdentifier) InvalidParameter() {}
 
+type incompatibleDeviceRequest struct {
+	driver string
+	caps   [][]string
+}
+
+func (i incompatibleDeviceRequest) Error() string {
+	return fmt.Sprintf("could not select device driver %q with capabilities: %v", i.driver, i.caps)
+}
+
+func (incompatibleDeviceRequest) InvalidParameter() {}
+
 type duplicateMountPointError string
 
 func (e duplicateMountPointError) Error() string {
@@ -122,7 +133,7 @@ func (e startInvalidConfigError) Error() string {
 func (e startInvalidConfigError) InvalidParameter() {} // Is this right???
 
 func translateContainerdStartErr(cmd string, setExitCode func(int), err error) error {
-	errDesc := grpc.ErrorDesc(err)
+	errDesc := status.Convert(err).Message()
 	contains := func(s1, s2 string) bool {
 		return strings.Contains(strings.ToLower(s1), s2)
 	}
@@ -130,10 +141,10 @@ func translateContainerdStartErr(cmd string, setExitCode func(int), err error) e
 	// if we receive an internal error from the initial start of a container then lets
 	// return it instead of entering the restart loop
 	// set to 127 for container cmd not found/does not exist)
-	if contains(errDesc, cmd) &&
-		(contains(errDesc, "executable file not found") ||
-			contains(errDesc, "no such file or directory") ||
-			contains(errDesc, "system cannot find the file specified")) {
+	if contains(errDesc, "executable file not found") ||
+		contains(errDesc, "no such file or directory") ||
+		contains(errDesc, "system cannot find the file specified") ||
+		contains(errDesc, "failed to run runc create/exec call") {
 		setExitCode(127)
 		retErr = startInvalidConfigError(errDesc)
 	}
diff --git a/daemon/events.go b/daemon/events.go
index cf1634a198818..9b76fdbb97c29 100644
--- a/daemon/events.go
+++ b/daemon/events.go
@@ -10,7 +10,7 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/container"
 	daemonevents "github.com/docker/docker/daemon/events"
-	"github.com/docker/libnetwork"
+	"github.com/docker/docker/libnetwork"
 	swarmapi "github.com/docker/swarmkit/api"
 	gogotypes "github.com/gogo/protobuf/types"
 	"github.com/sirupsen/logrus"
@@ -87,7 +87,7 @@ func (daemon *Daemon) LogNetworkEventWithAttributes(nw libnetwork.Network, actio
 // LogDaemonEventWithAttributes generates an event related to the daemon itself with specific given attributes.
 func (daemon *Daemon) LogDaemonEventWithAttributes(action string, attributes map[string]string) {
 	if daemon.EventsService != nil {
-		if info, err := daemon.SystemInfo(); err == nil && info.Name != "" {
+		if info := daemon.SystemInfo(); info.Name != "" {
 			attributes["name"] = info.Name
 		}
 		actor := events.Actor{
diff --git a/daemon/events/events.go b/daemon/events/events.go
index 31af271fe628e..77f197c7bc714 100644
--- a/daemon/events/events.go
+++ b/daemon/events/events.go
@@ -79,7 +79,7 @@ func (e *Events) Evict(l chan interface{}) {
 }
 
 // Log creates a local scope message and publishes it
-func (e *Events) Log(action, eventType string, actor eventtypes.Actor) {
+func (e *Events) Log(action string, eventType eventtypes.Type, actor eventtypes.Actor) {
 	now := time.Now().UTC()
 	jm := eventtypes.Message{
 		Action:   action,
diff --git a/daemon/events/events_test.go b/daemon/events/events_test.go
index d11521567f412..6a193fc08459d 100644
--- a/daemon/events/events_test.go
+++ b/daemon/events/events_test.go
@@ -163,9 +163,9 @@ func TestLogEvents(t *testing.T) {
 // https://github.com/docker/docker/issues/20999
 // Fixtures:
 //
-//2016-03-07T17:28:03.022433271+02:00 container die 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)
-//2016-03-07T17:28:03.091719377+02:00 network disconnect 19c5ed41acb798f26b751e0035cd7821741ab79e2bbd59a66b5fd8abf954eaa0 (type=bridge, container=0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079, name=bridge)
-//2016-03-07T17:28:03.129014751+02:00 container destroy 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)
+// 2016-03-07T17:28:03.022433271+02:00 container die 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)
+// 2016-03-07T17:28:03.091719377+02:00 network disconnect 19c5ed41acb798f26b751e0035cd7821741ab79e2bbd59a66b5fd8abf954eaa0 (type=bridge, container=0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079, name=bridge)
+// 2016-03-07T17:28:03.129014751+02:00 container destroy 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)
 func TestLoadBufferedEvents(t *testing.T) {
 	now := time.Now()
 	f, err := timetypes.GetTimestamp("2016-03-07T17:28:03.100000000+02:00", now)
diff --git a/daemon/events/filter.go b/daemon/events/filter.go
index da06f18b0648c..f6856f6bc3e8e 100644
--- a/daemon/events/filter.go
+++ b/daemon/events/filter.go
@@ -102,7 +102,7 @@ func (ef *Filter) matchConfig(ev events.Message) bool {
 	return ef.fuzzyMatchName(ev, events.ConfigEventType)
 }
 
-func (ef *Filter) fuzzyMatchName(ev events.Message, eventType string) bool {
+func (ef *Filter) fuzzyMatchName(ev events.Message, eventType events.Type) bool {
 	return ef.filter.FuzzyMatch(eventType, ev.Actor.ID) ||
 		ef.filter.FuzzyMatch(eventType, ev.Actor.Attributes["name"])
 }
diff --git a/daemon/events/metrics.go b/daemon/events/metrics.go
index 199858d6e0bdc..bf939004bf618 100644
--- a/daemon/events/metrics.go
+++ b/daemon/events/metrics.go
@@ -1,6 +1,6 @@
 package events // import "github.com/docker/docker/daemon/events"
 
-import "github.com/docker/go-metrics"
+import metrics "github.com/docker/go-metrics"
 
 var (
 	eventsCounter    metrics.Counter
diff --git a/daemon/events/testutils/testutils.go b/daemon/events/testutils/testutils.go
index b6766adb90daf..c9ef45da2ac07 100644
--- a/daemon/events/testutils/testutils.go
+++ b/daemon/events/testutils/testutils.go
@@ -62,10 +62,9 @@ func Scan(text string) (*events.Message, error) {
 		attrs[kv[0]] = kv[1]
 	}
 
-	tu := time.Unix(t, tn)
 	return &events.Message{
 		Time:     t,
-		TimeNano: tu.UnixNano(),
+		TimeNano: time.Unix(t, tn).UnixNano(),
 		Type:     md["eventType"],
 		Action:   md["action"],
 		Actor: events.Actor{
diff --git a/daemon/events_test.go b/daemon/events_test.go
index df089976f27f2..85759cb1f64ee 100644
--- a/daemon/events_test.go
+++ b/daemon/events_test.go
@@ -15,7 +15,7 @@ func TestLogContainerEventCopyLabels(t *testing.T) {
 	_, l, _ := e.Subscribe()
 	defer e.Evict(l)
 
-	container := &container.Container{
+	ctr := &container.Container{
 		ID:   "container_id",
 		Name: "container_name",
 		Config: &containertypes.Config{
@@ -29,10 +29,10 @@ func TestLogContainerEventCopyLabels(t *testing.T) {
 	daemon := &Daemon{
 		EventsService: e,
 	}
-	daemon.LogContainerEvent(container, "create")
+	daemon.LogContainerEvent(ctr, "create")
 
-	if _, mutated := container.Config.Labels["image"]; mutated {
-		t.Fatalf("Expected to not mutate the container labels, got %q", container.Config.Labels)
+	if _, mutated := ctr.Config.Labels["image"]; mutated {
+		t.Fatalf("Expected to not mutate the container labels, got %q", ctr.Config.Labels)
 	}
 
 	validateTestAttributes(t, l, map[string]string{
@@ -46,7 +46,7 @@ func TestLogContainerEventWithAttributes(t *testing.T) {
 	_, l, _ := e.Subscribe()
 	defer e.Evict(l)
 
-	container := &container.Container{
+	ctr := &container.Container{
 		ID:   "container_id",
 		Name: "container_name",
 		Config: &containertypes.Config{
@@ -63,7 +63,7 @@ func TestLogContainerEventWithAttributes(t *testing.T) {
 		"node": "2",
 		"foo":  "bar",
 	}
-	daemon.LogContainerEventWithAttributes(container, "create", attributes)
+	daemon.LogContainerEventWithAttributes(ctr, "create", attributes)
 
 	validateTestAttributes(t, l, map[string]string{
 		"node": "1",
diff --git a/daemon/exec.go b/daemon/exec.go
index f0b43d725352c..a0b0623b8ffba 100644
--- a/daemon/exec.go
+++ b/daemon/exec.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"runtime"
 	"strings"
 	"time"
 
@@ -14,27 +15,27 @@ import (
 	"github.com/docker/docker/daemon/exec"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/pools"
-	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/sys/signal"
+	"github.com/moby/term"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
 // Seconds to wait after sending TERM before trying KILL
-const termProcessTimeout = 10
+const termProcessTimeout = 10 * time.Second
 
-func (d *Daemon) registerExecCommand(container *container.Container, config *exec.Config) {
+func (daemon *Daemon) registerExecCommand(container *container.Container, config *exec.Config) {
 	// Storing execs in container in order to kill them gracefully whenever the container is stopped or removed.
 	container.ExecCommands.Add(config.ID, config)
 	// Storing execs in daemon for easy access via Engine API.
-	d.execCommands.Add(config.ID, config)
+	daemon.execCommands.Add(config.ID, config)
 }
 
 // ExecExists looks up the exec instance and returns a bool if it exists or not.
 // It will also return the error produced by `getConfig`
-func (d *Daemon) ExecExists(name string) (bool, error) {
-	if _, err := d.getExecConfig(name); err != nil {
+func (daemon *Daemon) ExecExists(name string) (bool, error) {
+	if _, err := daemon.getExecConfig(name); err != nil {
 		return false, err
 	}
 	return true, nil
@@ -42,8 +43,8 @@ func (d *Daemon) ExecExists(name string) (bool, error) {
 
 // getExecConfig looks up the exec instance by name. If the container associated
 // with the exec instance is stopped or paused, it will return an error.
-func (d *Daemon) getExecConfig(name string) (*exec.Config, error) {
-	ec := d.execCommands.Get(name)
+func (daemon *Daemon) getExecConfig(name string) (*exec.Config, error) {
+	ec := daemon.execCommands.Get(name)
 	if ec == nil {
 		return nil, errExecNotFound(name)
 	}
@@ -53,54 +54,54 @@ func (d *Daemon) getExecConfig(name string) (*exec.Config, error) {
 	// saying the container isn't running, we should return a 404 so that
 	// the user sees the same error now that they will after the
 	// 5 minute clean-up loop is run which erases old/dead execs.
-	container := d.containers.Get(ec.ContainerID)
-	if container == nil {
+	ctr := daemon.containers.Get(ec.ContainerID)
+	if ctr == nil {
 		return nil, containerNotFound(name)
 	}
-	if !container.IsRunning() {
-		return nil, fmt.Errorf("Container %s is not running: %s", container.ID, container.State.String())
+	if !ctr.IsRunning() {
+		return nil, errNotRunning(ctr.ID)
 	}
-	if container.IsPaused() {
-		return nil, errExecPaused(container.ID)
+	if ctr.IsPaused() {
+		return nil, errExecPaused(ctr.ID)
 	}
-	if container.IsRestarting() {
-		return nil, errContainerIsRestarting(container.ID)
+	if ctr.IsRestarting() {
+		return nil, errContainerIsRestarting(ctr.ID)
 	}
 	return ec, nil
 }
 
-func (d *Daemon) unregisterExecCommand(container *container.Container, execConfig *exec.Config) {
+func (daemon *Daemon) unregisterExecCommand(container *container.Container, execConfig *exec.Config) {
 	container.ExecCommands.Delete(execConfig.ID, execConfig.Pid)
-	d.execCommands.Delete(execConfig.ID, execConfig.Pid)
+	daemon.execCommands.Delete(execConfig.ID, execConfig.Pid)
 }
 
-func (d *Daemon) getActiveContainer(name string) (*container.Container, error) {
-	container, err := d.GetContainer(name)
+func (daemon *Daemon) getActiveContainer(name string) (*container.Container, error) {
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return nil, err
 	}
 
-	if !container.IsRunning() {
-		return nil, errNotRunning(container.ID)
+	if !ctr.IsRunning() {
+		return nil, errNotRunning(ctr.ID)
 	}
-	if container.IsPaused() {
+	if ctr.IsPaused() {
 		return nil, errExecPaused(name)
 	}
-	if container.IsRestarting() {
-		return nil, errContainerIsRestarting(container.ID)
+	if ctr.IsRestarting() {
+		return nil, errContainerIsRestarting(ctr.ID)
 	}
-	return container, nil
+	return ctr, nil
 }
 
 // ContainerExecCreate sets up an exec in a running container.
-func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (string, error) {
-	cntr, err := d.getActiveContainer(name)
+func (daemon *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (string, error) {
+	cntr, err := daemon.getActiveContainer(name)
 	if err != nil {
 		return "", err
 	}
 
 	cmd := strslice.StrSlice(config.Cmd)
-	entrypoint, args := d.getEntrypointAndArgs(strslice.StrSlice{}, cmd)
+	entrypoint, args := daemon.getEntrypointAndArgs(strslice.StrSlice{}, cmd)
 
 	keys := []byte{}
 	if config.DetachKeys != "" {
@@ -124,7 +125,7 @@ func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (str
 	execConfig.User = config.User
 	execConfig.WorkingDir = config.WorkingDir
 
-	linkedEnv, err := d.setupLinkedContainers(cntr)
+	linkedEnv, err := daemon.setupLinkedContainers(cntr)
 	if err != nil {
 		return "", err
 	}
@@ -136,12 +137,12 @@ func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (str
 		execConfig.WorkingDir = cntr.Config.WorkingDir
 	}
 
-	d.registerExecCommand(cntr, execConfig)
+	daemon.registerExecCommand(cntr, execConfig)
 
 	attributes := map[string]string{
 		"execID": execConfig.ID,
 	}
-	d.LogContainerEventWithAttributes(cntr, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "), attributes)
+	daemon.LogContainerEventWithAttributes(cntr, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "), attributes)
 
 	return execConfig.ID, nil
 }
@@ -149,15 +150,15 @@ func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (str
 // ContainerExecStart starts a previously set up exec instance. The
 // std streams are set up.
 // If ctx is cancelled, the process is terminated.
-func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) (err error) {
+func (daemon *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) (err error) {
 	var (
 		cStdin           io.ReadCloser
 		cStdout, cStderr io.Writer
 	)
 
-	ec, err := d.getExecConfig(name)
+	ec, err := daemon.getExecConfig(name)
 	if err != nil {
-		return errExecNotFound(name)
+		return err
 	}
 
 	ec.Lock()
@@ -174,12 +175,15 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 	ec.Running = true
 	ec.Unlock()
 
-	c := d.containers.Get(ec.ContainerID)
+	c := daemon.containers.Get(ec.ContainerID)
+	if c == nil {
+		return containerNotFound(ec.ContainerID)
+	}
 	logrus.Debugf("starting exec command %s in container %s", ec.ID, c.ID)
 	attributes := map[string]string{
 		"execID": ec.ID,
 	}
-	d.LogContainerEventWithAttributes(c, "exec_start: "+ec.Entrypoint+" "+strings.Join(ec.Args, " "), attributes)
+	daemon.LogContainerEventWithAttributes(c, "exec_start: "+ec.Entrypoint+" "+strings.Join(ec.Args, " "), attributes)
 
 	defer func() {
 		if err != nil {
@@ -217,17 +221,28 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 		ec.StreamConfig.NewNopInputPipe()
 	}
 
-	p := &specs.Process{
-		Args:     append([]string{ec.Entrypoint}, ec.Args...),
-		Env:      ec.Env,
-		Terminal: ec.Tty,
-		Cwd:      ec.WorkingDir,
+	p := &specs.Process{}
+	if runtime.GOOS != "windows" {
+		ctr, err := daemon.containerdCli.LoadContainer(ctx, ec.ContainerID)
+		if err != nil {
+			return err
+		}
+		spec, err := ctr.Spec(ctx)
+		if err != nil {
+			return err
+		}
+		p = spec.Process
 	}
+	p.Args = append([]string{ec.Entrypoint}, ec.Args...)
+	p.Env = ec.Env
+	p.Cwd = ec.WorkingDir
+	p.Terminal = ec.Tty
+
 	if p.Cwd == "" {
 		p.Cwd = "/"
 	}
 
-	if err := d.execSetPlatformOpt(c, ec, p); err != nil {
+	if err := daemon.execSetPlatformOpt(c, ec, p); err != nil {
 		return err
 	}
 
@@ -248,7 +263,7 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 	// Synchronize with libcontainerd event loop
 	ec.Lock()
 	c.ExecCommands.Lock()
-	systemPid, err := d.containerd.Exec(ctx, c.ID, ec.ID, p, cStdin != nil, ec.InitializeStdio)
+	systemPid, err := daemon.containerd.Exec(ctx, c.ID, ec.ID, p, cStdin != nil, ec.InitializeStdio)
 	// the exec context should be ready, or error happened.
 	// close the chan to notify readiness
 	close(ec.Started)
@@ -264,11 +279,15 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 	select {
 	case <-ctx.Done():
 		logrus.Debugf("Sending TERM signal to process %v in container %v", name, c.ID)
-		d.containerd.SignalProcess(ctx, c.ID, name, int(signal.SignalMap["TERM"]))
+		daemon.containerd.SignalProcess(ctx, c.ID, name, int(signal.SignalMap["TERM"]))
+
+		timeout := time.NewTimer(termProcessTimeout)
+		defer timeout.Stop()
+
 		select {
-		case <-time.After(termProcessTimeout * time.Second):
-			logrus.Infof("Container %v, process %v failed to exit within %d seconds of signal TERM - using the force", c.ID, name, termProcessTimeout)
-			d.containerd.SignalProcess(ctx, c.ID, name, int(signal.SignalMap["KILL"]))
+		case <-timeout.C:
+			logrus.Infof("Container %v, process %v failed to exit within %v of signal TERM - using the force", c.ID, name, termProcessTimeout)
+			daemon.containerd.SignalProcess(ctx, c.ID, name, int(signal.SignalMap["KILL"]))
 		case <-attachErr:
 			// TERM signal worked
 		}
@@ -281,7 +300,7 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 			attributes := map[string]string{
 				"execID": ec.ID,
 			}
-			d.LogContainerEventWithAttributes(c, "exec_detach", attributes)
+			daemon.LogContainerEventWithAttributes(c, "exec_detach", attributes)
 		}
 	}
 	return nil
@@ -289,16 +308,16 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 
 // execCommandGC runs a ticker to clean up the daemon references
 // of exec configs that are no longer part of the container.
-func (d *Daemon) execCommandGC() {
+func (daemon *Daemon) execCommandGC() {
 	for range time.Tick(5 * time.Minute) {
 		var (
 			cleaned          int
-			liveExecCommands = d.containerExecIds()
+			liveExecCommands = daemon.containerExecIds()
 		)
-		for id, config := range d.execCommands.Commands() {
+		for id, config := range daemon.execCommands.Commands() {
 			if config.CanRemove {
 				cleaned++
-				d.execCommands.Delete(id, config.Pid)
+				daemon.execCommands.Delete(id, config.Pid)
 			} else {
 				if _, exists := liveExecCommands[id]; !exists {
 					config.CanRemove = true
@@ -313,9 +332,9 @@ func (d *Daemon) execCommandGC() {
 
 // containerExecIds returns a list of all the current exec ids that are in use
 // and running inside a container.
-func (d *Daemon) containerExecIds() map[string]struct{} {
+func (daemon *Daemon) containerExecIds() map[string]struct{} {
 	ids := map[string]struct{}{}
-	for _, c := range d.containers.List() {
+	for _, c := range daemon.containers.List() {
 		for _, id := range c.ExecCommands.List() {
 			ids[id] = struct{}{}
 		}
diff --git a/daemon/exec/exec.go b/daemon/exec/exec.go
index c036c46a0c8eb..f1b52598545dc 100644
--- a/daemon/exec/exec.go
+++ b/daemon/exec/exec.go
@@ -1,6 +1,7 @@
 package exec // import "github.com/docker/docker/daemon/exec"
 
 import (
+	"context"
 	"runtime"
 	"sync"
 
@@ -39,7 +40,7 @@ type Config struct {
 // NewConfig initializes the a new exec configuration
 func NewConfig() *Config {
 	return &Config{
-		ID:           stringid.GenerateNonCryptoID(),
+		ID:           stringid.GenerateRandomID(),
 		StreamConfig: stream.NewConfig(),
 		Started:      make(chan struct{}),
 	}
@@ -58,7 +59,7 @@ func (i *rio) Close() error {
 }
 
 func (i *rio) Wait() {
-	i.sc.Wait()
+	i.sc.Wait(context.Background())
 
 	i.IO.Wait()
 }
diff --git a/daemon/exec_linux.go b/daemon/exec_linux.go
index cd52f4886f84b..b683fef7de3ed 100644
--- a/daemon/exec_linux.go
+++ b/daemon/exec_linux.go
@@ -1,24 +1,22 @@
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
+
+	"github.com/containerd/containerd/pkg/apparmor"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/daemon/caps"
 	"github.com/docker/docker/daemon/exec"
-	"github.com/opencontainers/runc/libcontainer/apparmor"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/docker/docker/oci/caps"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 func (daemon *Daemon) execSetPlatformOpt(c *container.Container, ec *exec.Config, p *specs.Process) error {
 	if len(ec.User) > 0 {
-		uid, gid, additionalGids, err := getUser(c, ec.User)
+		var err error
+		p.User, err = getUser(c, ec.User)
 		if err != nil {
 			return err
 		}
-		p.User = specs.User{
-			UID:            uid,
-			GID:            gid,
-			AdditionalGids: additionalGids,
-		}
 	}
 	if ec.Privileged {
 		if p.Capabilities == nil {
@@ -29,19 +27,19 @@ func (daemon *Daemon) execSetPlatformOpt(c *container.Container, ec *exec.Config
 		p.Capabilities.Inheritable = p.Capabilities.Bounding
 		p.Capabilities.Effective = p.Capabilities.Bounding
 	}
-	if apparmor.IsEnabled() {
+	if apparmor.HostSupports() {
 		var appArmorProfile string
 		if c.AppArmorProfile != "" {
 			appArmorProfile = c.AppArmorProfile
 		} else if c.HostConfig.Privileged {
 			// `docker exec --privileged` does not currently disable AppArmor
 			// profiles. Privileged configuration of the container is inherited
-			appArmorProfile = "unconfined"
+			appArmorProfile = unconfinedAppArmorProfile
 		} else {
-			appArmorProfile = "docker-default"
+			appArmorProfile = defaultAppArmorProfile
 		}
 
-		if appArmorProfile == "docker-default" {
+		if appArmorProfile == defaultAppArmorProfile {
 			// Unattended upgrades and other fun services can unload AppArmor
 			// profiles inadvertently. Since we cannot store our profile in
 			// /etc/apparmor.d, nor can we practically add other ways of
@@ -54,6 +52,6 @@ func (daemon *Daemon) execSetPlatformOpt(c *container.Container, ec *exec.Config
 		}
 		p.ApparmorProfile = appArmorProfile
 	}
-	daemon.setRlimits(&specs.Spec{Process: p}, c)
-	return nil
+	s := &specs.Spec{Process: p}
+	return WithRlimits(daemon, c)(context.Background(), nil, nil, s)
 }
diff --git a/daemon/exec_linux_test.go b/daemon/exec_linux_test.go
index 0db7f080db106..ffef343898e79 100644
--- a/daemon/exec_linux_test.go
+++ b/daemon/exec_linux_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package daemon
@@ -5,49 +6,86 @@ package daemon
 import (
 	"testing"
 
+	"github.com/containerd/containerd/pkg/apparmor"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/daemon/exec"
-	"github.com/opencontainers/runc/libcontainer/apparmor"
-	"github.com/opencontainers/runtime-spec/specs-go"
-	"gotest.tools/assert"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"gotest.tools/v3/assert"
 )
 
-func TestExecSetPlatformOpt(t *testing.T) {
-	if !apparmor.IsEnabled() {
-		t.Skip("requires AppArmor to be enabled")
+func TestExecSetPlatformOptAppArmor(t *testing.T) {
+	appArmorEnabled := apparmor.HostSupports()
+
+	tests := []struct {
+		doc             string
+		privileged      bool
+		appArmorProfile string
+		expectedProfile string
+	}{
+		{
+			doc:             "default options",
+			expectedProfile: defaultAppArmorProfile,
+		},
+		{
+			doc:             "custom profile",
+			appArmorProfile: "my-custom-profile",
+			expectedProfile: "my-custom-profile",
+		},
+		{
+			doc:             "privileged container",
+			privileged:      true,
+			expectedProfile: unconfinedAppArmorProfile,
+		},
+		{
+			doc:             "privileged container, custom profile",
+			privileged:      true,
+			appArmorProfile: "my-custom-profile",
+			expectedProfile: "my-custom-profile",
+			// FIXME: execSetPlatformOpts prefers custom profiles over "privileged",
+			//        which looks like a bug (--privileged on the container should
+			//        disable apparmor, seccomp, and selinux); see the code at:
+			//        https://github.com/moby/moby/blob/46cdcd206c56172b95ba5c77b827a722dab426c5/daemon/exec_linux.go#L32-L40
+			// expectedProfile: unconfinedAppArmorProfile,
+		},
 	}
-	d := &Daemon{}
-	c := &container.Container{AppArmorProfile: "my-custom-profile"}
-	ec := &exec.Config{}
-	p := &specs.Process{}
-
-	err := d.execSetPlatformOpt(c, ec, p)
-	assert.NilError(t, err)
-	assert.Equal(t, "my-custom-profile", p.ApparmorProfile)
-}
 
-// TestExecSetPlatformOptPrivileged verifies that `docker exec --privileged`
-// does not disable AppArmor profiles. Exec currently inherits the `Privileged`
-// configuration of the container. See https://github.com/moby/moby/pull/31773#discussion_r105586900
-//
-// This behavior may change in future, but test for the behavior to prevent it
-// from being changed accidentally.
-func TestExecSetPlatformOptPrivileged(t *testing.T) {
-	if !apparmor.IsEnabled() {
-		t.Skip("requires AppArmor to be enabled")
+	d := &Daemon{configStore: &config.Config{}}
+
+	// Currently, `docker exec --privileged` inherits the Privileged configuration
+	// of the container, and does not disable AppArmor.
+	// See https://github.com/moby/moby/pull/31773#discussion_r105586900
+	//
+	// This behavior may change in future, but to verify the current behavior,
+	// we run the test both with "exec" and "exec --privileged", which should
+	// both give the same result.
+	for _, execPrivileged := range []bool{false, true} {
+		for _, tc := range tests {
+			tc := tc
+			doc := tc.doc
+			if !appArmorEnabled {
+				// no profile should be set if the host does not support AppArmor
+				doc += " (apparmor disabled)"
+				tc.expectedProfile = ""
+			}
+			if execPrivileged {
+				doc += " (exec privileged)"
+			}
+			t.Run(doc, func(t *testing.T) {
+				c := &container.Container{
+					AppArmorProfile: tc.appArmorProfile,
+					HostConfig: &containertypes.HostConfig{
+						Privileged: tc.privileged,
+					},
+				}
+				ec := &exec.Config{Privileged: execPrivileged}
+				p := &specs.Process{}
+
+				err := d.execSetPlatformOpt(c, ec, p)
+				assert.NilError(t, err)
+				assert.Equal(t, p.ApparmorProfile, tc.expectedProfile)
+			})
+		}
 	}
-	d := &Daemon{}
-	c := &container.Container{AppArmorProfile: "my-custom-profile"}
-	ec := &exec.Config{Privileged: true}
-	p := &specs.Process{}
-
-	err := d.execSetPlatformOpt(c, ec, p)
-	assert.NilError(t, err)
-	assert.Equal(t, "my-custom-profile", p.ApparmorProfile)
-
-	c.HostConfig = &containertypes.HostConfig{Privileged: true}
-	err = d.execSetPlatformOpt(c, ec, p)
-	assert.NilError(t, err)
-	assert.Equal(t, "unconfined", p.ApparmorProfile)
 }
diff --git a/daemon/exec_windows.go b/daemon/exec_windows.go
index c37ea9f31ae79..32f16e9282c2e 100644
--- a/daemon/exec_windows.go
+++ b/daemon/exec_windows.go
@@ -7,9 +7,7 @@ import (
 )
 
 func (daemon *Daemon) execSetPlatformOpt(c *container.Container, ec *exec.Config, p *specs.Process) error {
-	// Process arguments need to be escaped before sending to OCI.
 	if c.OS == "windows" {
-		p.Args = escapeArgs(p.Args)
 		p.User.Username = ec.User
 	}
 	return nil
diff --git a/daemon/export.go b/daemon/export.go
index 27bc35967d220..75d1a22dac315 100644
--- a/daemon/export.go
+++ b/daemon/export.go
@@ -3,7 +3,6 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"fmt"
 	"io"
-	"runtime"
 
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
@@ -15,26 +14,26 @@ import (
 // ContainerExport writes the contents of the container to the given
 // writer. An error is returned if the container cannot be found.
 func (daemon *Daemon) ContainerExport(name string, out io.Writer) error {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
 
-	if runtime.GOOS == "windows" && container.OS == "windows" {
+	if isWindows && ctr.OS == "windows" {
 		return fmt.Errorf("the daemon on this operating system does not support exporting Windows containers")
 	}
 
-	if container.IsDead() {
-		err := fmt.Errorf("You cannot export container %s which is Dead", container.ID)
+	if ctr.IsDead() {
+		err := fmt.Errorf("You cannot export container %s which is Dead", ctr.ID)
 		return errdefs.Conflict(err)
 	}
 
-	if container.IsRemovalInProgress() {
-		err := fmt.Errorf("You cannot export container %s which is being removed", container.ID)
+	if ctr.IsRemovalInProgress() {
+		err := fmt.Errorf("You cannot export container %s which is being removed", ctr.ID)
 		return errdefs.Conflict(err)
 	}
 
-	data, err := daemon.containerExport(container)
+	data, err := daemon.containerExport(ctr)
 	if err != nil {
 		return fmt.Errorf("Error exporting container %s: %v", name, err)
 	}
@@ -51,7 +50,7 @@ func (daemon *Daemon) containerExport(container *container.Container) (arch io.R
 	if !system.IsOSSupported(container.OS) {
 		return nil, fmt.Errorf("cannot export %s: %s ", container.ID, system.ErrNotSupportedOperatingSystem)
 	}
-	rwlayer, err := daemon.imageService.GetLayerByID(container.ID, container.OS)
+	rwlayer, err := daemon.imageService.GetLayerByID(container.ID)
 	if err != nil {
 		return nil, err
 	}
@@ -66,17 +65,17 @@ func (daemon *Daemon) containerExport(container *container.Container) (arch io.R
 		return nil, err
 	}
 
-	archive, err := archivePath(basefs, basefs.Path(), &archive.TarOptions{
+	archv, err := archivePath(basefs, basefs.Path(), &archive.TarOptions{
 		Compression: archive.Uncompressed,
 		UIDMaps:     daemon.idMapping.UIDs(),
 		GIDMaps:     daemon.idMapping.GIDs(),
-	})
+	}, basefs.Path())
 	if err != nil {
 		rwlayer.Unmount()
 		return nil, err
 	}
-	arch = ioutils.NewReadCloserWrapper(archive, func() error {
-		err := archive.Close()
+	arch = ioutils.NewReadCloserWrapper(archv, func() error {
+		err := archv.Close()
 		rwlayer.Unmount()
 		daemon.imageService.ReleaseLayer(rwlayer, container.OS)
 		return err
diff --git a/daemon/graphdriver/aufs/aufs.go b/daemon/graphdriver/aufs/aufs.go
index 114aa9a615e09..0935e447c0747 100644
--- a/daemon/graphdriver/aufs/aufs.go
+++ b/daemon/graphdriver/aufs/aufs.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 /*
@@ -27,25 +28,23 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
 	"sync"
-	"time"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/directory"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/locker"
-	mountpk "github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/system"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"github.com/moby/locker"
+	"github.com/moby/sys/mount"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -72,7 +71,6 @@ func init() {
 
 // Driver contains information about the filesystem mounted.
 type Driver struct {
-	sync.Mutex
 	root          string
 	uidMaps       []idtools.IDMap
 	gidMaps       []idtools.IDMap
@@ -81,6 +79,7 @@ type Driver struct {
 	pathCache     map[string]string
 	naiveDiff     graphdriver.DiffDriver
 	locker        *locker.Locker
+	mntL          sync.Mutex
 }
 
 // Init returns a new AUFS driver.
@@ -130,25 +129,31 @@ func Init(root string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		locker:    locker.New(),
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	currentID := idtools.CurrentIdentity()
+	_, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
 	if err != nil {
 		return nil, err
 	}
+	dirID := idtools.Identity{
+		UID: currentID.UID,
+		GID: rootGID,
+	}
+
 	// Create the root aufs driver dir
-	if err := idtools.MkdirAllAndChown(root, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+	if err := idtools.MkdirAllAndChown(root, 0710, dirID); err != nil {
 		return nil, err
 	}
 
 	// Populate the dir structure
 	for _, p := range paths {
-		if err := idtools.MkdirAllAndChown(path.Join(root, p), 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+		if err := idtools.MkdirAllAndChown(path.Join(root, p), 0710, dirID); err != nil {
 			return nil, err
 		}
 	}
 
 	for _, path := range []string{"mnt", "diff"} {
 		p := filepath.Join(root, path)
-		entries, err := ioutil.ReadDir(p)
+		entries, err := os.ReadDir(p)
 		if err != nil {
 			logger.WithError(err).WithField("dir", p).Error("error reading dir entries")
 			continue
@@ -178,7 +183,7 @@ func supportsAufs() error {
 	// proc/filesystems for when aufs is supported
 	exec.Command("modprobe", "aufs").Run()
 
-	if rsystem.RunningInUserNS() {
+	if userns.RunningInUserNS() {
 		return ErrAufsNested
 	}
 
@@ -307,36 +312,9 @@ func (a *Driver) Remove(id string) error {
 		mountpoint = a.getMountpoint(id)
 	}
 
-	logger := logger.WithField("layer", id)
-
-	var retries int
-	for {
-		mounted, err := a.mounted(mountpoint)
-		if err != nil {
-			if os.IsNotExist(err) {
-				break
-			}
-			return err
-		}
-		if !mounted {
-			break
-		}
-
-		err = a.unmount(mountpoint)
-		if err == nil {
-			break
-		}
-
-		if err != unix.EBUSY {
-			return errors.Wrapf(err, "aufs: unmount error: %s", mountpoint)
-		}
-		if retries >= 5 {
-			return errors.Wrapf(err, "aufs: unmount error after retries: %s", mountpoint)
-		}
-		// If unmount returns EBUSY, it could be a transient error. Sleep and retry.
-		retries++
-		logger.Warnf("unmount failed due to EBUSY: retry count: %d", retries)
-		time.Sleep(100 * time.Millisecond)
+	if err := a.unmount(mountpoint); err != nil {
+		logger.WithError(err).WithField("method", "Remove()").Warn()
+		return err
 	}
 
 	// Remove the layers file for the id
@@ -352,7 +330,7 @@ func (a *Driver) Remove(id string) error {
 	// way (so that docker doesn't find it anymore) before doing removal of
 	// the whole tree.
 	if err := atomicRemove(mountpoint); err != nil {
-		if errors.Cause(err) == unix.EBUSY {
+		if errors.Is(err, unix.EBUSY) {
 			logger.WithField("dir", mountpoint).WithError(err).Warn("error performing atomic remove due to EBUSY")
 		}
 		return errors.Wrapf(err, "could not remove mountpoint for id %s", id)
@@ -437,7 +415,7 @@ func (a *Driver) Put(id string) error {
 
 	err := a.unmount(m)
 	if err != nil {
-		logger.Debugf("Failed to unmount %s aufs: %v", id, err)
+		logger.WithError(err).WithField("method", "Put()").Warn()
 	}
 	return err
 }
@@ -547,9 +525,6 @@ func (a *Driver) getParentLayerPaths(id string) ([]string, error) {
 }
 
 func (a *Driver) mount(id string, target string, mountLabel string, layers []string) error {
-	a.Lock()
-	defer a.Unlock()
-
 	// If the id is mounted or we get an error return
 	if mounted, err := a.mounted(target); err != nil || mounted {
 		return err
@@ -564,9 +539,6 @@ func (a *Driver) mount(id string, target string, mountLabel string, layers []str
 }
 
 func (a *Driver) unmount(mountPath string) error {
-	a.Lock()
-	defer a.Unlock()
-
 	if mounted, err := a.mounted(mountPath); err != nil || !mounted {
 		return err
 	}
@@ -579,32 +551,29 @@ func (a *Driver) mounted(mountpoint string) (bool, error) {
 
 // Cleanup aufs and unmount all mountpoints
 func (a *Driver) Cleanup() error {
-	var dirs []string
-	if err := filepath.Walk(a.mntPath(), func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		if !info.IsDir() {
-			return nil
-		}
-		dirs = append(dirs, path)
-		return nil
-	}); err != nil {
-		return err
+	dir := a.mntPath()
+	files, err := os.ReadDir(dir)
+	if err != nil {
+		return errors.Wrap(err, "aufs readdir error")
 	}
+	for _, f := range files {
+		if !f.IsDir() {
+			continue
+		}
+
+		m := path.Join(dir, f.Name())
 
-	for _, m := range dirs {
 		if err := a.unmount(m); err != nil {
-			logger.Debugf("error unmounting %s: %s", m, err)
+			logger.WithError(err).WithField("method", "Cleanup()").Warn()
 		}
 	}
-	return mountpk.RecursiveUnmount(a.root)
+	return mount.RecursiveUnmount(a.root)
 }
 
 func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) {
 	defer func() {
 		if err != nil {
-			Unmount(target)
+			mount.Unmount(target)
 		}
 	}()
 
@@ -632,14 +601,29 @@ func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err erro
 		opts += ",dirperm1"
 	}
 	data := label.FormatMountLabel(fmt.Sprintf("%s,%s", string(b[:bp]), opts), mountLabel)
-	if err = mount("none", target, "aufs", 0, data); err != nil {
+	a.mntL.Lock()
+	err = unix.Mount("none", target, "aufs", 0, data)
+	a.mntL.Unlock()
+	if err != nil {
+		err = errors.Wrap(err, "mount target="+target+" data="+data)
 		return
 	}
 
-	for ; index < len(ro); index++ {
-		layer := fmt.Sprintf(":%s=ro+wh", ro[index])
-		data := label.FormatMountLabel(fmt.Sprintf("append%s", layer), mountLabel)
-		if err = mount("none", target, "aufs", unix.MS_REMOUNT, data); err != nil {
+	for index < len(ro) {
+		bp = 0
+		for ; index < len(ro); index++ {
+			layer := fmt.Sprintf("append:%s=ro+wh,", ro[index])
+			if bp+len(layer) > len(b) {
+				break
+			}
+			bp += copy(b[bp:], layer)
+		}
+		data := label.FormatMountLabel(string(b[:bp]), mountLabel)
+		a.mntL.Lock()
+		err = unix.Mount("none", target, "aufs", unix.MS_REMOUNT, data)
+		a.mntL.Unlock()
+		if err != nil {
+			err = errors.Wrap(err, "mount target="+target+" flags=MS_REMOUNT data="+data)
 			return
 		}
 	}
@@ -651,14 +635,14 @@ func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err erro
 // version of aufs.
 func useDirperm() bool {
 	enableDirpermLock.Do(func() {
-		base, err := ioutil.TempDir("", "docker-aufs-base")
+		base, err := os.MkdirTemp("", "docker-aufs-base")
 		if err != nil {
 			logger.Errorf("error checking dirperm1: %v", err)
 			return
 		}
 		defer os.RemoveAll(base)
 
-		union, err := ioutil.TempDir("", "docker-aufs-union")
+		union, err := os.MkdirTemp("", "docker-aufs-union")
 		if err != nil {
 			logger.Errorf("error checking dirperm1: %v", err)
 			return
@@ -666,7 +650,7 @@ func useDirperm() bool {
 		defer os.RemoveAll(union)
 
 		opts := fmt.Sprintf("br:%s,dirperm1,xino=/dev/shm/aufs.xino", base)
-		if err := mount("none", union, "aufs", 0, opts); err != nil {
+		if err := unix.Mount("none", union, "aufs", 0, opts); err != nil {
 			return
 		}
 		enableDirperm = true
diff --git a/daemon/graphdriver/aufs/aufs_test.go b/daemon/graphdriver/aufs/aufs_test.go
index fdc502ba65341..4c902f7848735 100644
--- a/daemon/graphdriver/aufs/aufs_test.go
+++ b/daemon/graphdriver/aufs/aufs_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
@@ -6,7 +7,6 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -17,8 +17,8 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/docker/docker/pkg/stringid"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 var (
@@ -690,7 +690,7 @@ func testMountMoreThan42Layers(t *testing.T, mountPath string) {
 	// Perform the actual mount for the top most image
 	point, err := driverGet(d, last, "")
 	assert.NilError(t, err)
-	files, err := ioutil.ReadDir(point)
+	files, err := os.ReadDir(point)
 	assert.NilError(t, err)
 	assert.Check(t, is.Len(files, expected))
 }
@@ -729,9 +729,9 @@ func BenchmarkConcurrentAccess(b *testing.B) {
 
 	numConcurrent := 256
 	// create a bunch of ids
-	var ids []string
+	ids := make([]string, numConcurrent)
 	for i := 0; i < numConcurrent; i++ {
-		ids = append(ids, stringid.GenerateNonCryptoID())
+		ids[i] = stringid.GenerateRandomID()
 	}
 
 	if err := d.Create(ids[0], "", nil); err != nil {
@@ -743,7 +743,7 @@ func BenchmarkConcurrentAccess(b *testing.B) {
 	}
 
 	parent := ids[1]
-	ids = append(ids[2:])
+	ids = ids[2:]
 
 	chErr := make(chan error, numConcurrent)
 	var outerGroup sync.WaitGroup
diff --git a/daemon/graphdriver/aufs/dirs.go b/daemon/graphdriver/aufs/dirs.go
index e60be5e3c9897..006c556c076d5 100644
--- a/daemon/graphdriver/aufs/dirs.go
+++ b/daemon/graphdriver/aufs/dirs.go
@@ -1,17 +1,17 @@
+//go:build linux
 // +build linux
 
 package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
 
 import (
 	"bufio"
-	"io/ioutil"
 	"os"
 	"path"
 )
 
 // Return all the directories
 func loadIds(root string) ([]string, error) {
-	dirs, err := ioutil.ReadDir(root)
+	dirs, err := os.ReadDir(root)
 	if err != nil {
 		return nil, err
 	}
diff --git a/daemon/graphdriver/aufs/mount.go b/daemon/graphdriver/aufs/mount.go
index 9f5510380cf88..33ee5a6400599 100644
--- a/daemon/graphdriver/aufs/mount.go
+++ b/daemon/graphdriver/aufs/mount.go
@@ -1,17 +1,56 @@
+//go:build linux
 // +build linux
 
 package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
 
 import (
 	"os/exec"
+	"syscall"
+	"time"
 
+	"github.com/moby/sys/mount"
+	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
 
 // Unmount the target specified.
 func Unmount(target string) error {
-	if err := exec.Command("auplink", target, "flush").Run(); err != nil {
-		logger.WithError(err).Warnf("Couldn't run auplink before unmount %s", target)
+	const retries = 5
+
+	// auplink flush
+	for i := 0; ; i++ {
+		out, err := exec.Command("auplink", target, "flush").CombinedOutput()
+		if err == nil {
+			break
+		}
+		rc := 0
+		if exiterr, ok := err.(*exec.ExitError); ok {
+			if status, ok := exiterr.Sys().(syscall.WaitStatus); ok {
+				rc = status.ExitStatus()
+			}
+		}
+		if i >= retries || rc != int(unix.EINVAL) {
+			logger.WithError(err).WithField("method", "Unmount").Warnf("auplink flush failed: %s", out)
+			break
+		}
+		// auplink failed to find target in /proc/self/mounts because
+		// kernel can't guarantee continuity while reading from it
+		// while mounts table is being changed
+		logger.Debugf("auplink flush error (retrying %d/%d): %s", i+1, retries, out)
+	}
+
+	// unmount
+	var err error
+	for i := 0; i < retries; i++ {
+		err = mount.Unmount(target)
+		if err != nil && errors.Is(err, unix.EBUSY) {
+			logger.Debugf("aufs unmount %s failed with EBUSY (retrying %d/%d)", target, i+1, retries)
+			time.Sleep(100 * time.Millisecond)
+			continue // try again
+		}
+		break
 	}
-	return unix.Unmount(target, 0)
+
+	// either no error occurred, or another error
+	return err
 }
diff --git a/daemon/graphdriver/aufs/mount_linux.go b/daemon/graphdriver/aufs/mount_linux.go
deleted file mode 100644
index 8d5ad8f32d681..0000000000000
--- a/daemon/graphdriver/aufs/mount_linux.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
-
-import "golang.org/x/sys/unix"
-
-func mount(source string, target string, fstype string, flags uintptr, data string) error {
-	return unix.Mount(source, target, fstype, flags, data)
-}
diff --git a/daemon/graphdriver/aufs/mount_unsupported.go b/daemon/graphdriver/aufs/mount_unsupported.go
deleted file mode 100644
index cf7f58c29ec0b..0000000000000
--- a/daemon/graphdriver/aufs/mount_unsupported.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// +build !linux
-
-package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
-
-import "errors"
-
-// MsRemount declared to specify a non-linux system mount.
-const MsRemount = 0
-
-func mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
-	return errors.New("mount is not implemented on this platform")
-}
diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
index 7ce7edef36e91..ee842cce09004 100644
--- a/daemon/graphdriver/btrfs/btrfs.go
+++ b/daemon/graphdriver/btrfs/btrfs.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
@@ -16,7 +17,6 @@ import "C"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"math"
 	"os"
 	"path"
@@ -26,13 +26,14 @@ import (
 	"sync"
 	"unsafe"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
+	"github.com/moby/sys/mount"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -70,11 +71,14 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		return nil, graphdriver.ErrPrerequisites
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
-	if err != nil {
-		return nil, err
+	remappedRoot := idtools.NewIDMappingsFromMaps(uidMaps, gidMaps)
+	currentID := idtools.CurrentIdentity()
+	dirID := idtools.Identity{
+		UID: currentID.UID,
+		GID: remappedRoot.RootPair().GID,
 	}
-	if err := idtools.MkdirAllAndChown(home, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+
+	if err := idtools.MkdirAllAndChown(home, 0710, dirID); err != nil {
 		return nil, err
 	}
 
@@ -100,7 +104,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 	}
 
 	if userDiskQuota {
-		if err := driver.subvolEnableQuota(); err != nil {
+		if err := driver.enableQuota(); err != nil {
 			return nil, err
 		}
 	}
@@ -134,7 +138,7 @@ func parseOptions(opt []string) (btrfsOptions, bool, error) {
 
 // Driver contains information about the filesystem mounted.
 type Driver struct {
-	//root of the file system
+	// root of the file system
 	home         string
 	uidMaps      []idtools.IDMap
 	gidMaps      []idtools.IDMap
@@ -169,18 +173,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 
 // Cleanup unmounts the home directory.
 func (d *Driver) Cleanup() error {
-	err := d.subvolDisableQuota()
-	umountErr := mount.Unmount(d.home)
-
-	// in case we have two errors, prefer the one from disableQuota()
-	if err != nil {
+	if err := mount.Unmount(d.home); err != nil {
 		return err
 	}
 
-	if umountErr != nil {
-		return errors.Wrapf(umountErr, "error unmounting %s", d.home)
-	}
-
 	return nil
 }
 
@@ -338,7 +334,7 @@ func (d *Driver) updateQuotaStatus() {
 	d.once.Do(func() {
 		if !d.quotaEnabled {
 			// In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed
-			if err := subvolQgroupStatus(d.home); err != nil {
+			if err := qgroupStatus(d.home); err != nil {
 				// quota is still not enabled
 				return
 			}
@@ -347,7 +343,7 @@ func (d *Driver) updateQuotaStatus() {
 	})
 }
 
-func (d *Driver) subvolEnableQuota() error {
+func (d *Driver) enableQuota() error {
 	d.updateQuotaStatus()
 
 	if d.quotaEnabled {
@@ -373,32 +369,6 @@ func (d *Driver) subvolEnableQuota() error {
 	return nil
 }
 
-func (d *Driver) subvolDisableQuota() error {
-	d.updateQuotaStatus()
-
-	if !d.quotaEnabled {
-		return nil
-	}
-
-	dir, err := openDir(d.home)
-	if err != nil {
-		return err
-	}
-	defer closeDir(dir)
-
-	var args C.struct_btrfs_ioctl_quota_ctl_args
-	args.cmd = C.BTRFS_QUOTA_CTL_DISABLE
-	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
-		uintptr(unsafe.Pointer(&args)))
-	if errno != 0 {
-		return fmt.Errorf("Failed to disable btrfs quota for %s: %v", dir, errno.Error())
-	}
-
-	d.quotaEnabled = false
-
-	return nil
-}
-
 func (d *Driver) subvolRescanQuota() error {
 	d.updateQuotaStatus()
 
@@ -441,11 +411,11 @@ func subvolLimitQgroup(path string, size uint64) error {
 	return nil
 }
 
-// subvolQgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
+// qgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
 // with search key of BTRFS_QGROUP_STATUS_KEY.
 // In case qgroup is enabled, the retuned key type will match BTRFS_QGROUP_STATUS_KEY.
 // For more details please see https://github.com/kdave/btrfs-progs/blob/v4.9/qgroup.c#L1035
-func subvolQgroupStatus(path string) error {
+func qgroupStatus(path string) error {
 	dir, err := openDir(path)
 	if err != nil {
 		return err
@@ -525,7 +495,14 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
 	if err != nil {
 		return err
 	}
-	if err := idtools.MkdirAllAndChown(subvolumes, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+
+	currentID := idtools.CurrentIdentity()
+	dirID := idtools.Identity{
+		UID: currentID.UID,
+		GID: rootGID,
+	}
+
+	if err := idtools.MkdirAllAndChown(subvolumes, 0710, dirID); err != nil {
 		return err
 	}
 	if parent == "" {
@@ -560,10 +537,10 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
 		if err := d.setStorageSize(path.Join(subvolumes, id), driver); err != nil {
 			return err
 		}
-		if err := idtools.MkdirAllAndChown(quotas, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+		if err := idtools.MkdirAllAndChown(quotas, 0700, idtools.CurrentIdentity()); err != nil {
 			return err
 		}
-		if err := ioutil.WriteFile(path.Join(quotas, id), []byte(fmt.Sprint(driver.options.size)), 0644); err != nil {
+		if err := os.WriteFile(path.Join(quotas, id), []byte(fmt.Sprint(driver.options.size)), 0644); err != nil {
 			return err
 		}
 	}
@@ -606,13 +583,13 @@ func (d *Driver) parseStorageOpt(storageOpt map[string]string, driver *Driver) e
 
 // Set btrfs storage size
 func (d *Driver) setStorageSize(dir string, driver *Driver) error {
-	if driver.options.size <= 0 {
+	if driver.options.size == 0 {
 		return fmt.Errorf("btrfs: invalid storage size: %s", units.HumanSize(float64(driver.options.size)))
 	}
 	if d.options.minSpace > 0 && driver.options.size < d.options.minSpace {
 		return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace)))
 	}
-	if err := d.subvolEnableQuota(); err != nil {
+	if err := d.enableQuota(); err != nil {
 		return err
 	}
 	return subvolLimitQgroup(dir, driver.options.size)
@@ -637,7 +614,18 @@ func (d *Driver) Remove(id string) error {
 	d.updateQuotaStatus()
 
 	if err := subvolDelete(d.subvolumesDir(), id, d.quotaEnabled); err != nil {
-		return err
+		if d.quotaEnabled {
+			// use strings.Contains() rather than errors.Is(), because subvolDelete() does not use %w yet
+			if userns.RunningInUserNS() && strings.Contains(err.Error(), "operation not permitted") {
+				err = errors.Wrap(err, `failed to delete subvolume without root (hint: remount btrfs on "user_subvol_rm_allowed" option, or update the kernel to >= 4.18, or change the storage driver to "fuse-overlayfs")`)
+			}
+			return err
+		}
+		// If quota is not enabled, fallback to rmdir syscall to delete subvolumes.
+		// This would allow unprivileged user to delete their owned subvolumes
+		// in kernel >= 4.18 without user_subvol_rm_allowed mount option.
+		//
+		// From https://github.com/containers/storage/pull/508/commits/831e32b6bdcb530acc4c1cb9059d3c6dba14208c
 	}
 	if err := system.EnsureRemoveAll(dir); err != nil {
 		return err
@@ -657,9 +645,9 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
 		return nil, fmt.Errorf("%s: not a directory", dir)
 	}
 
-	if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil {
+	if quota, err := os.ReadFile(d.quotasDirID(id)); err == nil {
 		if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace {
-			if err := d.subvolEnableQuota(); err != nil {
+			if err := d.enableQuota(); err != nil {
 				return nil, err
 			}
 			if err := subvolLimitQgroup(dir, size); err != nil {
diff --git a/daemon/graphdriver/btrfs/btrfs_test.go b/daemon/graphdriver/btrfs/btrfs_test.go
index b70e93bc2d328..63c3adbe1c813 100644
--- a/daemon/graphdriver/btrfs/btrfs_test.go
+++ b/daemon/graphdriver/btrfs/btrfs_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
diff --git a/daemon/graphdriver/btrfs/dummy_unsupported.go b/daemon/graphdriver/btrfs/dummy_unsupported.go
index d7793f879484c..490ba4c901668 100644
--- a/daemon/graphdriver/btrfs/dummy_unsupported.go
+++ b/daemon/graphdriver/btrfs/dummy_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux || !cgo
 // +build !linux !cgo
 
 package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
diff --git a/daemon/graphdriver/btrfs/version.go b/daemon/graphdriver/btrfs/version.go
index 2fb5c73555bdd..635e97681316c 100644
--- a/daemon/graphdriver/btrfs/version.go
+++ b/daemon/graphdriver/btrfs/version.go
@@ -1,4 +1,5 @@
-// +build linux,!btrfs_noversion
+//go:build linux
+// +build linux
 
 package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
 
diff --git a/daemon/graphdriver/btrfs/version_none.go b/daemon/graphdriver/btrfs/version_none.go
deleted file mode 100644
index 5c755f8177773..0000000000000
--- a/daemon/graphdriver/btrfs/version_none.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// +build linux,btrfs_noversion
-
-package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
-
-// TODO(vbatts) remove this work-around once supported linux distros are on
-// btrfs utilities of >= 3.16.1
-
-func btrfsBuildVersion() string {
-	return "-"
-}
-
-func btrfsLibVersion() int {
-	return -1
-}
diff --git a/daemon/graphdriver/btrfs/version_test.go b/daemon/graphdriver/btrfs/version_test.go
index 465daadb0d7e7..0f8652f0defdc 100644
--- a/daemon/graphdriver/btrfs/version_test.go
+++ b/daemon/graphdriver/btrfs/version_test.go
@@ -1,4 +1,5 @@
-// +build linux,!btrfs_noversion
+//go:build linux
+// +build linux
 
 package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
 
diff --git a/daemon/graphdriver/copy/copy.go b/daemon/graphdriver/copy/copy.go
index 86316fdfe7418..9ae30a3696e54 100644
--- a/daemon/graphdriver/copy/copy.go
+++ b/daemon/graphdriver/copy/copy.go
@@ -1,15 +1,8 @@
+//go:build linux
 // +build linux
 
 package copy // import "github.com/docker/docker/daemon/graphdriver/copy"
 
-/*
-#include <linux/fs.h>
-
-#ifndef FICLONE
-#define FICLONE		_IOW(0x94, 9, int)
-#endif
-*/
-import "C"
 import (
 	"container/list"
 	"fmt"
@@ -19,9 +12,9 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/system"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
 	"golang.org/x/sys/unix"
 )
 
@@ -50,7 +43,7 @@ func copyRegular(srcPath, dstPath string, fileinfo os.FileInfo, copyWithFileRang
 	defer dstFile.Close()
 
 	if *copyWithFileClone {
-		_, _, err = unix.Syscall(unix.SYS_IOCTL, dstFile.Fd(), C.FICLONE, srcFile.Fd())
+		err = unix.IoctlFileClone(int(dstFile.Fd()), int(srcFile.Fd()))
 		if err == nil {
 			return nil
 		}
@@ -141,9 +134,6 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
 		}
 
 		dstPath := filepath.Join(dstDir, relPath)
-		if err != nil {
-			return err
-		}
 
 		stat, ok := f.Sys().(*syscall.Stat_t)
 		if !ok {
@@ -152,9 +142,10 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
 
 		isHardlink := false
 
-		switch f.Mode() & os.ModeType {
-		case 0: // Regular file
-			id := fileID{dev: stat.Dev, ino: stat.Ino}
+		switch mode := f.Mode(); {
+		case mode.IsRegular():
+			// the type is 32bit on mips
+			id := fileID{dev: uint64(stat.Dev), ino: stat.Ino} //nolint: unconvert
 			if copyMode == Hardlink {
 				isHardlink = true
 				if err2 := os.Link(srcPath, dstPath); err2 != nil {
@@ -171,12 +162,12 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
 				copiedFiles[id] = dstPath
 			}
 
-		case os.ModeDir:
+		case mode.IsDir():
 			if err := os.Mkdir(dstPath, f.Mode()); err != nil && !os.IsExist(err) {
 				return err
 			}
 
-		case os.ModeSymlink:
+		case mode&os.ModeSymlink != 0:
 			link, err := os.Readlink(srcPath)
 			if err != nil {
 				return err
@@ -186,15 +177,15 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
 				return err
 			}
 
-		case os.ModeNamedPipe:
+		case mode&os.ModeNamedPipe != 0:
 			fallthrough
-		case os.ModeSocket:
+		case mode&os.ModeSocket != 0:
 			if err := unix.Mkfifo(dstPath, stat.Mode); err != nil {
 				return err
 			}
 
-		case os.ModeDevice:
-			if rsystem.RunningInUserNS() {
+		case mode&os.ModeDevice != 0:
+			if userns.RunningInUserNS() {
 				// cannot create a device if running in user namespace
 				return nil
 			}
@@ -203,7 +194,7 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
 			}
 
 		default:
-			return fmt.Errorf("unknown file type for %s", srcPath)
+			return fmt.Errorf("unknown file type (%d / %s) for %s", f.Mode(), f.Mode().String(), srcPath)
 		}
 
 		// Everything below is copying metadata from src to dst. All this metadata
@@ -233,7 +224,7 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
 		}
 
 		// system.Chtimes doesn't support a NOFOLLOW flag atm
-		// nolint: unconvert
+		//nolint: unconvert
 		if f.IsDir() {
 			dirsToSetMtimes.PushFront(&dirMtimeInfo{dstPath: &dstPath, stat: stat})
 		} else if !isSymlink {
diff --git a/daemon/graphdriver/copy/copy_test.go b/daemon/graphdriver/copy/copy_test.go
index 0f3b1670f741a..8dcd8d9d560e2 100644
--- a/daemon/graphdriver/copy/copy_test.go
+++ b/daemon/graphdriver/copy/copy_test.go
@@ -1,10 +1,10 @@
+//go:build linux
 // +build linux
 
 package copy // import "github.com/docker/docker/daemon/graphdriver/copy"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"math/rand"
 	"os"
 	"path/filepath"
@@ -14,8 +14,8 @@ import (
 
 	"github.com/docker/docker/pkg/system"
 	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestCopy(t *testing.T) {
@@ -31,11 +31,12 @@ func TestCopyWithoutRange(t *testing.T) {
 }
 
 func TestCopyDir(t *testing.T) {
-	srcDir, err := ioutil.TempDir("", "srcDir")
+	srcDir, err := os.MkdirTemp("", "srcDir")
 	assert.NilError(t, err)
+	defer os.RemoveAll(srcDir)
 	populateSrcDir(t, srcDir, 3)
 
-	dstDir, err := ioutil.TempDir("", "testdst")
+	dstDir, err := os.MkdirTemp("", "testdst")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dstDir)
 
@@ -53,7 +54,6 @@ func TestCopyDir(t *testing.T) {
 		}
 
 		dstPath := filepath.Join(dstDir, relPath)
-		assert.NilError(t, err)
 
 		// If we add non-regular dirs and files to the test
 		// then we need to add more checks here.
@@ -67,8 +67,7 @@ func TestCopyDir(t *testing.T) {
 		if srcFileSys.Dev == dstFileSys.Dev {
 			assert.Check(t, srcFileSys.Ino != dstFileSys.Ino)
 		}
-		// Todo: check size, and ctim is not equal
-		/// on filesystems that have granular ctimes
+		// Todo: check size, and ctim is not equal on filesystems that have granular ctimes
 		assert.Check(t, is.DeepEqual(srcFileSys.Mode, dstFileSys.Mode))
 		assert.Check(t, is.DeepEqual(srcFileSys.Uid, dstFileSys.Uid))
 		assert.Check(t, is.DeepEqual(srcFileSys.Gid, dstFileSys.Gid))
@@ -103,28 +102,28 @@ func populateSrcDir(t *testing.T, srcDir string, remainingDepth int) {
 	for i := 0; i < 10; i++ {
 		fileName := filepath.Join(srcDir, fmt.Sprintf("srcfile-%d", i))
 		// Owner read bit set
-		assert.NilError(t, ioutil.WriteFile(fileName, []byte{}, randomMode(0400)))
+		assert.NilError(t, os.WriteFile(fileName, []byte{}, randomMode(0400)))
 		assert.NilError(t, system.Chtimes(fileName, aTime, mTime))
 	}
 }
 
 func doCopyTest(t *testing.T, copyWithFileRange, copyWithFileClone *bool) {
-	dir, err := ioutil.TempDir("", "docker-copy-check")
+	dir, err := os.MkdirTemp("", "docker-copy-check")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
 	srcFilename := filepath.Join(dir, "srcFilename")
-	dstFilename := filepath.Join(dir, "dstilename")
+	dstFilename := filepath.Join(dir, "dstFilename")
 
 	r := rand.New(rand.NewSource(0))
 	buf := make([]byte, 1024)
 	_, err = r.Read(buf)
 	assert.NilError(t, err)
-	assert.NilError(t, ioutil.WriteFile(srcFilename, buf, 0777))
+	assert.NilError(t, os.WriteFile(srcFilename, buf, 0777))
 	fileinfo, err := os.Stat(srcFilename)
 	assert.NilError(t, err)
 
 	assert.NilError(t, copyRegular(srcFilename, dstFilename, fileinfo, copyWithFileRange, copyWithFileClone))
-	readBuf, err := ioutil.ReadFile(dstFilename)
+	readBuf, err := os.ReadFile(dstFilename)
 	assert.NilError(t, err)
 	assert.Check(t, is.DeepEqual(buf, readBuf))
 }
@@ -132,11 +131,11 @@ func doCopyTest(t *testing.T, copyWithFileRange, copyWithFileClone *bool) {
 func TestCopyHardlink(t *testing.T) {
 	var srcFile1FileInfo, srcFile2FileInfo, dstFile1FileInfo, dstFile2FileInfo unix.Stat_t
 
-	srcDir, err := ioutil.TempDir("", "srcDir")
+	srcDir, err := os.MkdirTemp("", "srcDir")
 	assert.NilError(t, err)
 	defer os.RemoveAll(srcDir)
 
-	dstDir, err := ioutil.TempDir("", "dstDir")
+	dstDir, err := os.MkdirTemp("", "dstDir")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dstDir)
 
@@ -144,7 +143,7 @@ func TestCopyHardlink(t *testing.T) {
 	srcFile2 := filepath.Join(srcDir, "file2")
 	dstFile1 := filepath.Join(dstDir, "file1")
 	dstFile2 := filepath.Join(dstDir, "file2")
-	assert.NilError(t, ioutil.WriteFile(srcFile1, []byte{}, 0777))
+	assert.NilError(t, os.WriteFile(srcFile1, []byte{}, 0777))
 	assert.NilError(t, os.Link(srcFile1, srcFile2))
 
 	assert.Check(t, DirCopy(srcDir, dstDir, Content, false))
diff --git a/daemon/graphdriver/devmapper/device_setup.go b/daemon/graphdriver/devmapper/device_setup.go
index e03e23c92f6ed..ec3d3aa93cab5 100644
--- a/daemon/graphdriver/devmapper/device_setup.go
+++ b/daemon/graphdriver/devmapper/device_setup.go
@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -139,7 +138,7 @@ func readLVMConfig(root string) (directLVMConfig, error) {
 	var cfg directLVMConfig
 
 	p := filepath.Join(root, "setup-config.json")
-	b, err := ioutil.ReadFile(p)
+	b, err := os.ReadFile(p)
 	if err != nil {
 		if os.IsNotExist(err) {
 			return cfg, nil
@@ -162,7 +161,7 @@ func writeLVMConfig(root string, cfg directLVMConfig) error {
 	if err != nil {
 		return errors.Wrap(err, "error marshalling direct lvm config")
 	}
-	err = ioutil.WriteFile(p, b, 0600)
+	err = os.WriteFile(p, b, 0600)
 	return errors.Wrap(err, "error writing direct lvm config to file")
 }
 
@@ -221,7 +220,7 @@ func setupDirectLVM(cfg directLVMConfig) error {
 	}
 
 	profile := fmt.Sprintf("activation{\nthin_pool_autoextend_threshold=%d\nthin_pool_autoextend_percent=%d\n}", cfg.AutoExtendThreshold, cfg.AutoExtendPercent)
-	err = ioutil.WriteFile(lvmProfileDir+"/docker-thinpool.profile", []byte(profile), 0600)
+	err = os.WriteFile(lvmProfileDir+"/docker-thinpool.profile", []byte(profile), 0600)
 	if err != nil {
 		return errors.Wrap(err, "error writing docker thinp autoextend profile")
 	}
diff --git a/daemon/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go
index 5dc01d71d9c52..e9c4634b67fe5 100644
--- a/daemon/graphdriver/devmapper/deviceset.go
+++ b/daemon/graphdriver/devmapper/deviceset.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
@@ -7,7 +8,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
@@ -24,10 +24,10 @@ import (
 	"github.com/docker/docker/pkg/dmesg"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/loopback"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
+	"github.com/moby/sys/mount"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -119,7 +119,7 @@ type DeviceSet struct {
 	deletionWorkerTicker  *time.Ticker
 	uidMaps               []idtools.IDMap
 	gidMaps               []idtools.IDMap
-	minFreeSpacePercent   uint32 //min free space percentage in thinpool
+	minFreeSpacePercent   uint32 // min free space percentage in thinpool
 	xfsNospaceRetries     string // max retries when xfs receives ENOSPC
 	lvmSetupConfig        directLVMConfig
 }
@@ -325,7 +325,7 @@ func (devices *DeviceSet) removeMetadata(info *devInfo) error {
 
 // Given json data and file path, write it to disk
 func (devices *DeviceSet) writeMetaFile(jsonData []byte, filePath string) error {
-	tmpFile, err := ioutil.TempFile(devices.metadataDir(), ".tmp")
+	tmpFile, err := os.CreateTemp(devices.metadataDir(), ".tmp")
 	if err != nil {
 		return fmt.Errorf("devmapper: Error creating metadata file: %s", err)
 	}
@@ -540,8 +540,14 @@ func xfsSupported() error {
 		return err // error text is descriptive enough
 	}
 
-	// Check if kernel supports xfs filesystem or not.
-	exec.Command("modprobe", "xfs").Run()
+	mountTarget, err := os.MkdirTemp("", "supportsXFS")
+	if err != nil {
+		return errors.Wrapf(err, "error checking for xfs support")
+	}
+
+	/* The mounting will fail--after the module has been loaded.*/
+	defer os.RemoveAll(mountTarget)
+	unix.Mount("none", mountTarget, "xfs", 0, "")
 
 	f, err := os.Open("/proc/filesystems")
 	if err != nil {
@@ -627,7 +633,7 @@ func (devices *DeviceSet) createFilesystem(info *devInfo) (err error) {
 
 func (devices *DeviceSet) migrateOldMetaData() error {
 	// Migrate old metadata file
-	jsonData, err := ioutil.ReadFile(devices.oldMetadataFile())
+	jsonData, err := os.ReadFile(devices.oldMetadataFile())
 	if err != nil && !os.IsNotExist(err) {
 		return err
 	}
@@ -949,7 +955,7 @@ func (devices *DeviceSet) loadMetadata(hash string) *devInfo {
 	info := &devInfo{Hash: hash, devices: devices}
 	logger := logrus.WithField("storage-driver", "devicemapper")
 
-	jsonData, err := ioutil.ReadFile(devices.metadataFile(info))
+	jsonData, err := os.ReadFile(devices.metadataFile(info))
 	if err != nil {
 		logger.Debugf("Failed to read %s with err: %v", devices.metadataFile(info), err)
 		return nil
@@ -1200,7 +1206,7 @@ func (devices *DeviceSet) growFS(info *devInfo) error {
 	options = joinMountOptions(options, devices.mountOptions)
 
 	if err := mount.Mount(info.DevName(), fsMountPoint, devices.BaseDeviceFilesystem, options); err != nil {
-		return fmt.Errorf("Error mounting '%s' on '%s' (fstype='%s' options='%s'): %s\n%v", info.DevName(), fsMountPoint, devices.BaseDeviceFilesystem, options, err, string(dmesg.Dmesg(256)))
+		return errors.Wrapf(err, "Failed to mount; dmesg: %s", string(dmesg.Dmesg(256)))
 	}
 
 	defer unix.Unmount(fsMountPoint, unix.MNT_DETACH)
@@ -1257,7 +1263,7 @@ func (devices *DeviceSet) setupBaseImage() error {
 }
 
 func setCloseOnExec(name string) {
-	fileInfos, _ := ioutil.ReadDir("/proc/self/fd")
+	fileInfos, _ := os.ReadDir("/proc/self/fd")
 	for _, i := range fileInfos {
 		link, _ := os.Readlink(filepath.Join("/proc/self/fd", i.Name()))
 		if link == name {
@@ -1351,7 +1357,7 @@ func (devices *DeviceSet) ResizePool(size int64) error {
 }
 
 func (devices *DeviceSet) loadTransactionMetaData() error {
-	jsonData, err := ioutil.ReadFile(devices.transactionMetaFile())
+	jsonData, err := os.ReadFile(devices.transactionMetaFile())
 	if err != nil {
 		// There is no active transaction. This will be the case
 		// during upgrade.
@@ -1434,7 +1440,7 @@ func (devices *DeviceSet) processPendingTransaction() error {
 }
 
 func (devices *DeviceSet) loadDeviceSetMetaData() error {
-	jsonData, err := ioutil.ReadFile(devices.deviceSetMetaFile())
+	jsonData, err := os.ReadFile(devices.deviceSetMetaFile())
 	if err != nil {
 		// For backward compatibility return success if file does
 		// not exist.
@@ -1527,7 +1533,8 @@ func getDeviceMajorMinor(file *os.File) (uint64, uint64, error) {
 		return 0, 0, err
 	}
 
-	dev := stat.Rdev
+	// the type is 32bit on mips
+	dev := uint64(stat.Rdev) //nolint: unconvert
 	majorNum := major(dev)
 	minorNum := minor(dev)
 
@@ -1685,8 +1692,8 @@ func (devices *DeviceSet) initDevmapper(doInit bool) (retErr error) {
 		}
 	}
 
-	//create the root dir of the devmapper driver ownership to match this
-	//daemon's remapped root uid/gid so containers can start properly
+	// create the root dir of the devmapper driver ownership to match this
+	// daemon's remapped root uid/gid so containers can start properly
 	uid, gid, err := idtools.GetRootUIDGID(devices.uidMaps, devices.gidMaps)
 	if err != nil {
 		return err
@@ -1738,7 +1745,8 @@ func (devices *DeviceSet) initDevmapper(doInit bool) (retErr error) {
 	//	- Managed by docker
 	//	- The target of this device is at major <maj> and minor <min>
 	//	- If <inode> is defined, use that file inside the device as a loopback image. Otherwise use the device itself.
-	devices.devicePrefix = fmt.Sprintf("docker-%d:%d-%d", major(st.Dev), minor(st.Dev), st.Ino)
+	// The type Dev in Stat_t is 32bit on mips.
+	devices.devicePrefix = fmt.Sprintf("docker-%d:%d-%d", major(uint64(st.Dev)), minor(uint64(st.Dev)), st.Ino) //nolint: unconvert
 	logger.Debugf("Generated prefix: %s", devices.devicePrefix)
 
 	// Check for the existence of the thin-pool device
@@ -2237,7 +2245,7 @@ func (devices *DeviceSet) cancelDeferredRemoval(info *devInfo) error {
 func (devices *DeviceSet) unmountAndDeactivateAll(dir string) {
 	logger := logrus.WithField("storage-driver", "devicemapper")
 
-	files, err := ioutil.ReadDir(dir)
+	files, err := os.ReadDir(dir)
 	if err != nil {
 		logger.Warnf("unmountAndDeactivate: %s", err)
 		return
@@ -2381,7 +2389,7 @@ func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error {
 	options = joinMountOptions(options, label.FormatMountLabel("", mountLabel))
 
 	if err := mount.Mount(info.DevName(), path, fstype, options); err != nil {
-		return fmt.Errorf("devmapper: Error mounting '%s' on '%s' (fstype='%s' options='%s'): %s\n%v", info.DevName(), path, fstype, options, err, string(dmesg.Dmesg(256)))
+		return errors.Wrapf(err, "Failed to mount; dmesg: %s", string(dmesg.Dmesg(256)))
 	}
 
 	if fstype == "xfs" && devices.xfsNospaceRetries != "" {
diff --git a/daemon/graphdriver/devmapper/devmapper_test.go b/daemon/graphdriver/devmapper/devmapper_test.go
index bda907a5d6748..7eb1795d17ca8 100644
--- a/daemon/graphdriver/devmapper/devmapper_test.go
+++ b/daemon/graphdriver/devmapper/devmapper_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
@@ -34,13 +35,14 @@ func initLoopbacks() error {
 	if err != nil {
 		return err
 	}
-	// create at least 8 loopback files, ya, that is a good number
-	for i := 0; i < 8; i++ {
+	// create at least 128 loopback files, since a few first ones
+	// might be already in use by the host OS
+	for i := 0; i < 128; i++ {
 		loopPath := fmt.Sprintf("/dev/loop%d", i)
 		// only create new loopback files if they don't exist
 		if _, err := os.Stat(loopPath); err != nil {
 			if mkerr := syscall.Mknod(loopPath,
-				uint32(statT.Mode|syscall.S_IFBLK), int((7<<8)|(i&0xff)|((i&0xfff00)<<12))); mkerr != nil {
+				uint32(statT.Mode|syscall.S_IFBLK), int((7<<8)|(i&0xff)|((i&0xfff00)<<12))); mkerr != nil { //nolint: unconvert
 				return mkerr
 			}
 			os.Chown(loopPath, int(statT.Uid), int(statT.Gid))
@@ -109,7 +111,7 @@ func testChangeLoopBackSize(t *testing.T, delta, expectDataSize, expectMetaDataS
 	if err := driver.Cleanup(); err != nil {
 		t.Fatal(err)
 	}
-	//Reload
+	// Reload
 	d, err := Init(driver.home, []string{
 		fmt.Sprintf("dm.loopdatasize=%d", defaultDataLoopbackSize+delta),
 		fmt.Sprintf("dm.loopmetadatasize=%d", defaultMetaDataLoopbackSize+delta),
@@ -135,7 +137,7 @@ func TestDevmapperLockReleasedDeviceDeletion(t *testing.T) {
 	// DeviceSet Lock. If lock has not been released, this will hang.
 	driver.DeviceSet.cleanupDeletedDevices()
 
-	doneChan := make(chan bool)
+	doneChan := make(chan bool, 1)
 
 	go func() {
 		driver.DeviceSet.Lock()
diff --git a/daemon/graphdriver/devmapper/driver.go b/daemon/graphdriver/devmapper/driver.go
index 899b1f8670979..7abdbe6163f51 100644
--- a/daemon/graphdriver/devmapper/driver.go
+++ b/daemon/graphdriver/devmapper/driver.go
@@ -1,10 +1,10 @@
+//go:build linux
 // +build linux
 
 package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"strconv"
@@ -13,10 +13,9 @@ import (
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/devicemapper"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/locker"
-	"github.com/docker/docker/pkg/mount"
-	"github.com/docker/go-units"
-	"github.com/pkg/errors"
+	units "github.com/docker/go-units"
+	"github.com/moby/locker"
+	"github.com/moby/sys/mount"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
@@ -129,11 +128,7 @@ func (d *Driver) Cleanup() error {
 		return err
 	}
 
-	if umountErr != nil {
-		return errors.Wrapf(umountErr, "error unmounting %s", d.home)
-	}
-
-	return nil
+	return umountErr
 }
 
 // CreateReadWrite creates a layer that is writable for use as a container
@@ -225,7 +220,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
 	if _, err := os.Stat(idFile); err != nil && os.IsNotExist(err) {
 		// Create an "id" file with the container/image id in it to help reconstruct this in case
 		// of later problems
-		if err := ioutil.WriteFile(idFile, []byte(id), 0600); err != nil {
+		if err := os.WriteFile(idFile, []byte(id), 0600); err != nil {
 			d.ctr.Decrement(mp)
 			d.DeviceSet.UnmountDevice(id, mp)
 			return nil, err
diff --git a/daemon/graphdriver/devmapper/mount.go b/daemon/graphdriver/devmapper/mount.go
index 78d05b079218e..724f64cd2b1c1 100644
--- a/daemon/graphdriver/devmapper/mount.go
+++ b/daemon/graphdriver/devmapper/mount.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
diff --git a/daemon/graphdriver/driver.go b/daemon/graphdriver/driver.go
index 109e00b3d83d3..a9e8ce4c919af 100644
--- a/daemon/graphdriver/driver.go
+++ b/daemon/graphdriver/driver.go
@@ -29,7 +29,7 @@ var (
 	drivers map[string]InitFunc
 )
 
-//CreateOpts contains optional arguments for Create() and CreateReadWrite()
+// CreateOpts contains optional arguments for Create() and CreateReadWrite()
 // methods.
 type CreateOpts struct {
 	MountLabel string
@@ -319,7 +319,7 @@ func isEmptyDir(name string) bool {
 func isDeprecated(name string) bool {
 	switch name {
 	// NOTE: when deprecating a driver, update daemon.fillDriverInfo() accordingly
-	case "devicemapper", "overlay":
+	case "aufs", "devicemapper", "overlay":
 		return true
 	}
 	return false
diff --git a/daemon/graphdriver/driver_linux.go b/daemon/graphdriver/driver_linux.go
index 61c6b24a9cb44..c4cfe8e891538 100644
--- a/daemon/graphdriver/driver_linux.go
+++ b/daemon/graphdriver/driver_linux.go
@@ -1,7 +1,7 @@
 package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 import (
-	"github.com/docker/docker/pkg/mount"
+	"github.com/moby/sys/mountinfo"
 	"golang.org/x/sys/unix"
 )
 
@@ -44,11 +44,13 @@ const (
 	FsMagicZfs = FsMagic(0x2fc12fc1)
 	// FsMagicOverlay filesystem id for overlay
 	FsMagicOverlay = FsMagic(0x794C7630)
+	// FsMagicFUSE filesystem id for FUSE
+	FsMagicFUSE = FsMagic(0x65735546)
 )
 
 var (
 	// List of drivers that should be used in an order
-	priority = "btrfs,zfs,overlay2,aufs,overlay,devicemapper,vfs"
+	priority = "overlay2,fuse-overlayfs,btrfs,zfs,aufs,overlay,devicemapper,vfs"
 
 	// FsNames maps filesystem id to name of the filesystem.
 	FsNames = map[FsMagic]string{
@@ -58,6 +60,7 @@ var (
 		FsMagicEcryptfs:    "ecryptfs",
 		FsMagicExtfs:       "extfs",
 		FsMagicF2fs:        "f2fs",
+		FsMagicFUSE:        "fuse",
 		FsMagicGPFS:        "gpfs",
 		FsMagicJffs2Fs:     "jffs2",
 		FsMagicJfs:         "jfs",
@@ -110,7 +113,7 @@ type defaultChecker struct {
 }
 
 func (c *defaultChecker) IsMounted(path string) bool {
-	m, _ := mount.Mounted(path)
+	m, _ := mountinfo.Mounted(path)
 	return m
 }
 
@@ -118,6 +121,9 @@ func (c *defaultChecker) IsMounted(path string) bool {
 func Mounted(fsType FsMagic, mountPath string) (bool, error) {
 	var buf unix.Statfs_t
 	if err := unix.Statfs(mountPath, &buf); err != nil {
+		if err == unix.ENOENT { // not exist, thus not mounted
+			err = nil
+		}
 		return false, err
 	}
 	return FsMagic(buf.Type) == fsType, nil
diff --git a/daemon/graphdriver/driver_test.go b/daemon/graphdriver/driver_test.go
index e6f973c397e87..474370203f4cc 100644
--- a/daemon/graphdriver/driver_test.go
+++ b/daemon/graphdriver/driver_test.go
@@ -1,16 +1,15 @@
 package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestIsEmptyDir(t *testing.T) {
-	tmp, err := ioutil.TempDir("", "test-is-empty-dir")
+	tmp, err := os.MkdirTemp("", "test-is-empty-dir")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tmp)
 
@@ -29,7 +28,7 @@ func TestIsEmptyDir(t *testing.T) {
 	d = filepath.Join(tmp, "dir-with-empty-file")
 	err = os.Mkdir(d, 0755)
 	assert.NilError(t, err)
-	_, err = ioutil.TempFile(d, "file")
+	_, err = os.CreateTemp(d, "file")
 	assert.NilError(t, err)
 	empty = isEmptyDir(d)
 	assert.Check(t, !empty)
diff --git a/daemon/graphdriver/driver_unsupported.go b/daemon/graphdriver/driver_unsupported.go
index 1f2e8f071b67f..60aea63b9ccad 100644
--- a/daemon/graphdriver/driver_unsupported.go
+++ b/daemon/graphdriver/driver_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows && !freebsd
 // +build !linux,!windows,!freebsd
 
 package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
diff --git a/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go b/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go
new file mode 100644
index 0000000000000..b31931a8ca733
--- /dev/null
+++ b/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go
@@ -0,0 +1,544 @@
+//go:build linux
+// +build linux
+
+package fuseoverlayfs // import "github.com/docker/docker/daemon/graphdriver/fuse-overlayfs"
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/containerd/containerd/pkg/userns"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/overlayutils"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/directory"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/system"
+	"github.com/moby/locker"
+	"github.com/moby/sys/mount"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+var (
+	// untar defines the untar method
+	untar = chrootarchive.UntarUncompressed
+)
+
+const (
+	driverName    = "fuse-overlayfs"
+	binary        = "fuse-overlayfs"
+	linkDir       = "l"
+	diffDirName   = "diff"
+	workDirName   = "work"
+	mergedDirName = "merged"
+	lowerFile     = "lower"
+	maxDepth      = 128
+
+	// idLength represents the number of random characters
+	// which can be used to create the unique link identifier
+	// for every layer. If this value is too long then the
+	// page size limit for the mount command may be exceeded.
+	// The idLength should be selected such that following equation
+	// is true (512 is a buffer for label metadata).
+	// ((idLength + len(linkDir) + 1) * maxDepth) <= (pageSize - 512)
+	idLength = 26
+)
+
+// Driver contains information about the home directory and the list of active
+// mounts that are created using this driver.
+type Driver struct {
+	home      string
+	uidMaps   []idtools.IDMap
+	gidMaps   []idtools.IDMap
+	ctr       *graphdriver.RefCounter
+	naiveDiff graphdriver.DiffDriver
+	locker    *locker.Locker
+}
+
+var (
+	logger = logrus.WithField("storage-driver", driverName)
+)
+
+func init() {
+	graphdriver.Register(driverName, Init)
+}
+
+// Init returns the naive diff driver for fuse-overlayfs.
+// If fuse-overlayfs is not supported on the host, the error
+// graphdriver.ErrNotSupported is returned.
+func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+	if _, err := exec.LookPath(binary); err != nil {
+		logger.Error(err)
+		return nil, graphdriver.ErrNotSupported
+	}
+	if !kernel.CheckKernelVersion(4, 18, 0) {
+		return nil, graphdriver.ErrNotSupported
+	}
+
+	remappedRoot := idtools.NewIDMappingsFromMaps(uidMaps, gidMaps)
+	currentID := idtools.CurrentIdentity()
+	dirID := idtools.Identity{
+		UID: currentID.UID,
+		GID: remappedRoot.RootPair().GID,
+	}
+
+	if err := idtools.MkdirAllAndChown(home, 0710, dirID); err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 700, currentID); err != nil {
+		return nil, err
+	}
+
+	d := &Driver{
+		home:    home,
+		uidMaps: uidMaps,
+		gidMaps: gidMaps,
+		ctr:     graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicFUSE)),
+		locker:  locker.New(),
+	}
+
+	d.naiveDiff = graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps)
+
+	return d, nil
+}
+
+func (d *Driver) String() string {
+	return driverName
+}
+
+// Status returns current driver information in a two dimensional string array.
+func (d *Driver) Status() [][2]string {
+	return [][2]string{}
+}
+
+// GetMetadata returns metadata about the overlay driver such as the LowerDir,
+// UpperDir, WorkDir, and MergeDir used to store data.
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	dir := d.dir(id)
+	if _, err := os.Stat(dir); err != nil {
+		return nil, err
+	}
+
+	metadata := map[string]string{
+		"WorkDir":   path.Join(dir, workDirName),
+		"MergedDir": path.Join(dir, mergedDirName),
+		"UpperDir":  path.Join(dir, diffDirName),
+	}
+
+	lowerDirs, err := d.getLowerDirs(id)
+	if err != nil {
+		return nil, err
+	}
+	if len(lowerDirs) > 0 {
+		metadata["LowerDir"] = strings.Join(lowerDirs, ":")
+	}
+
+	return metadata, nil
+}
+
+// Cleanup any state created by overlay which should be cleaned when daemon
+// is being shutdown. For now, we just have to unmount the bind mounted
+// we had created.
+func (d *Driver) Cleanup() error {
+	return mount.RecursiveUnmount(d.home)
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	if opts != nil && len(opts.StorageOpt) != 0 {
+		return fmt.Errorf("--storage-opt is not supported")
+	}
+	return d.create(id, parent, opts)
+}
+
+// Create is used to create the upper, lower, and merge directories required for overlay fs for a given id.
+// The parent filesystem is used to configure these directories for the overlay.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
+	if opts != nil && len(opts.StorageOpt) != 0 {
+		return fmt.Errorf("--storage-opt is not supported")
+	}
+	return d.create(id, parent, opts)
+}
+
+func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
+	dir := d.dir(id)
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return err
+	}
+	root := idtools.Identity{UID: rootUID, GID: rootGID}
+
+	dirID := idtools.Identity{
+		UID: rootUID,
+		GID: rootGID,
+	}
+
+	if err := idtools.MkdirAllAndChown(path.Dir(dir), 0710, dirID); err != nil {
+		return err
+	}
+	if err := idtools.MkdirAndChown(dir, 0710, dirID); err != nil {
+		return err
+	}
+
+	defer func() {
+		// Clean up on failure
+		if retErr != nil {
+			os.RemoveAll(dir)
+		}
+	}()
+
+	if opts != nil && len(opts.StorageOpt) > 0 {
+		return fmt.Errorf("--storage-opt is not supported")
+	}
+
+	if err := idtools.MkdirAndChown(path.Join(dir, diffDirName), 0755, root); err != nil {
+		return err
+	}
+
+	lid := overlayutils.GenerateID(idLength, logger)
+	if err := os.Symlink(path.Join("..", id, diffDirName), path.Join(d.home, linkDir, lid)); err != nil {
+		return err
+	}
+
+	// Write link id to link file
+	if err := os.WriteFile(path.Join(dir, "link"), []byte(lid), 0644); err != nil {
+		return err
+	}
+
+	// if no parent directory, done
+	if parent == "" {
+		return nil
+	}
+
+	if err := idtools.MkdirAndChown(path.Join(dir, workDirName), 0710, dirID); err != nil {
+		return err
+	}
+
+	if err := os.WriteFile(path.Join(d.dir(parent), "committed"), []byte{}, 0600); err != nil {
+		return err
+	}
+
+	lower, err := d.getLower(parent)
+	if err != nil {
+		return err
+	}
+	if lower != "" {
+		if err := os.WriteFile(path.Join(dir, lowerFile), []byte(lower), 0666); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (d *Driver) getLower(parent string) (string, error) {
+	parentDir := d.dir(parent)
+
+	// Ensure parent exists
+	if _, err := os.Lstat(parentDir); err != nil {
+		return "", err
+	}
+
+	// Read Parent link fileA
+	parentLink, err := os.ReadFile(path.Join(parentDir, "link"))
+	if err != nil {
+		return "", err
+	}
+	lowers := []string{path.Join(linkDir, string(parentLink))}
+
+	parentLower, err := os.ReadFile(path.Join(parentDir, lowerFile))
+	if err == nil {
+		parentLowers := strings.Split(string(parentLower), ":")
+		lowers = append(lowers, parentLowers...)
+	}
+	if len(lowers) > maxDepth {
+		return "", errors.New("max depth exceeded")
+	}
+	return strings.Join(lowers, ":"), nil
+}
+
+func (d *Driver) dir(id string) string {
+	return path.Join(d.home, id)
+}
+
+func (d *Driver) getLowerDirs(id string) ([]string, error) {
+	var lowersArray []string
+	lowers, err := os.ReadFile(path.Join(d.dir(id), lowerFile))
+	if err == nil {
+		for _, s := range strings.Split(string(lowers), ":") {
+			lp, err := os.Readlink(path.Join(d.home, s))
+			if err != nil {
+				return nil, err
+			}
+			lowersArray = append(lowersArray, path.Clean(path.Join(d.home, linkDir, lp)))
+		}
+	} else if !os.IsNotExist(err) {
+		return nil, err
+	}
+	return lowersArray, nil
+}
+
+// Remove cleans the directories that are created for this id.
+func (d *Driver) Remove(id string) error {
+	if id == "" {
+		return fmt.Errorf("refusing to remove the directories: id is empty")
+	}
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
+	dir := d.dir(id)
+	lid, err := os.ReadFile(path.Join(dir, "link"))
+	if err == nil {
+		if len(lid) == 0 {
+			logger.Errorf("refusing to remove empty link for layer %v", id)
+		} else if err := os.RemoveAll(path.Join(d.home, linkDir, string(lid))); err != nil {
+			logger.Debugf("Failed to remove link: %v", err)
+		}
+	}
+
+	if err := system.EnsureRemoveAll(dir); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	return nil
+}
+
+// Get creates and mounts the required file system for the given id and returns the mount path.
+func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr error) {
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
+	dir := d.dir(id)
+	if _, err := os.Stat(dir); err != nil {
+		return nil, err
+	}
+
+	diffDir := path.Join(dir, diffDirName)
+	lowers, err := os.ReadFile(path.Join(dir, lowerFile))
+	if err != nil {
+		// If no lower, just return diff directory
+		if os.IsNotExist(err) {
+			return containerfs.NewLocalContainerFS(diffDir), nil
+		}
+		return nil, err
+	}
+
+	mergedDir := path.Join(dir, mergedDirName)
+	if count := d.ctr.Increment(mergedDir); count > 1 {
+		return containerfs.NewLocalContainerFS(mergedDir), nil
+	}
+	defer func() {
+		if retErr != nil {
+			if c := d.ctr.Decrement(mergedDir); c <= 0 {
+				if unmounted := fusermountU(mergedDir); !unmounted {
+					if mntErr := unix.Unmount(mergedDir, 0); mntErr != nil {
+						logger.Errorf("error unmounting %v: %v", mergedDir, mntErr)
+					}
+				}
+				// Cleanup the created merged directory; see the comment in Put's rmdir
+				if rmErr := unix.Rmdir(mergedDir); rmErr != nil && !os.IsNotExist(rmErr) {
+					logger.Debugf("Failed to remove %s: %v: %v", id, rmErr, err)
+				}
+			}
+		}
+	}()
+
+	workDir := path.Join(dir, workDirName)
+	splitLowers := strings.Split(string(lowers), ":")
+	absLowers := make([]string, len(splitLowers))
+	for i, s := range splitLowers {
+		absLowers[i] = path.Join(d.home, s)
+	}
+	var readonly bool
+	if _, err := os.Stat(path.Join(dir, "committed")); err == nil {
+		readonly = true
+	} else if !os.IsNotExist(err) {
+		return nil, err
+	}
+
+	var opts string
+	if readonly {
+		opts = "lowerdir=" + diffDir + ":" + strings.Join(absLowers, ":")
+	} else {
+		opts = "lowerdir=" + strings.Join(absLowers, ":") + ",upperdir=" + diffDir + ",workdir=" + workDir
+	}
+
+	mountData := label.FormatMountLabel(opts, mountLabel)
+	mountTarget := mergedDir
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAndChown(mergedDir, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+		return nil, err
+	}
+
+	mountProgram := exec.Command(binary, "-o", mountData, mountTarget)
+	mountProgram.Dir = d.home
+	var b bytes.Buffer
+	mountProgram.Stderr = &b
+	if err = mountProgram.Run(); err != nil {
+		output := b.String()
+		if output == "" {
+			output = "<stderr empty>"
+		}
+		return nil, errors.Wrapf(err, "using mount program %s: %s", binary, output)
+	}
+
+	return containerfs.NewLocalContainerFS(mergedDir), nil
+}
+
+// Put unmounts the mount path created for the give id.
+// It also removes the 'merged' directory to force the kernel to unmount the
+// overlay mount in other namespaces.
+func (d *Driver) Put(id string) error {
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
+	dir := d.dir(id)
+	_, err := os.ReadFile(path.Join(dir, lowerFile))
+	if err != nil {
+		// If no lower, no mount happened and just return directly
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	mountpoint := path.Join(dir, mergedDirName)
+	if count := d.ctr.Decrement(mountpoint); count > 0 {
+		return nil
+	}
+	if unmounted := fusermountU(mountpoint); !unmounted {
+		if err := unix.Unmount(mountpoint, unix.MNT_DETACH); err != nil {
+			logger.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err)
+		}
+	}
+	// Remove the mountpoint here. Removing the mountpoint (in newer kernels)
+	// will cause all other instances of this mount in other mount namespaces
+	// to be unmounted. This is necessary to avoid cases where an overlay mount
+	// that is present in another namespace will cause subsequent mounts
+	// operations to fail with ebusy.  We ignore any errors here because this may
+	// fail on older kernels which don't have
+	// torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe applied.
+	if err := unix.Rmdir(mountpoint); err != nil && !os.IsNotExist(err) {
+		logger.Debugf("Failed to remove %s overlay: %v", id, err)
+	}
+	return nil
+}
+
+// Exists checks to see if the id is already mounted.
+func (d *Driver) Exists(id string) bool {
+	_, err := os.Stat(d.dir(id))
+	return err == nil
+}
+
+// isParent determines whether the given parent is the direct parent of the
+// given layer id
+func (d *Driver) isParent(id, parent string) bool {
+	lowers, err := d.getLowerDirs(id)
+	if err != nil {
+		return false
+	}
+	if parent == "" && len(lowers) > 0 {
+		return false
+	}
+
+	parentDir := d.dir(parent)
+	var ld string
+	if len(lowers) > 0 {
+		ld = filepath.Dir(lowers[0])
+	}
+	if ld == "" && parent == "" {
+		return true
+	}
+	return ld == parentDir
+}
+
+// ApplyDiff applies the new layer into a root
+func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64, err error) {
+	if !d.isParent(id, parent) {
+		return d.naiveDiff.ApplyDiff(id, parent, diff)
+	}
+
+	applyDir := d.getDiffPath(id)
+
+	logger.Debugf("Applying tar in %s", applyDir)
+	// Overlay doesn't need the parent id to apply the diff
+	if err := untar(diff, applyDir, &archive.TarOptions{
+		UIDMaps: d.uidMaps,
+		GIDMaps: d.gidMaps,
+		// Use AUFS whiteout format: https://github.com/containers/storage/blob/39a8d5ed9843844eafb5d2ba6e6a7510e0126f40/drivers/overlay/overlay.go#L1084-L1089
+		WhiteoutFormat: archive.AUFSWhiteoutFormat,
+		InUserNS:       userns.RunningInUserNS(),
+	}); err != nil {
+		return 0, err
+	}
+
+	return directory.Size(context.TODO(), applyDir)
+}
+
+func (d *Driver) getDiffPath(id string) string {
+	dir := d.dir(id)
+
+	return path.Join(dir, diffDirName)
+}
+
+// DiffSize calculates the changes between the specified id
+// and its parent and returns the size in bytes of the changes
+// relative to its base filesystem directory.
+func (d *Driver) DiffSize(id, parent string) (size int64, err error) {
+	return d.naiveDiff.DiffSize(id, parent)
+}
+
+// Diff produces an archive of the changes between the specified
+// layer and its parent layer which may be "".
+func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) {
+	return d.naiveDiff.Diff(id, parent)
+}
+
+// Changes produces a list of changes between the specified layer and its
+// parent layer. If parent is "", then all changes will be ADD changes.
+func (d *Driver) Changes(id, parent string) ([]archive.Change, error) {
+	return d.naiveDiff.Changes(id, parent)
+}
+
+// fusermountU is from https://github.com/containers/storage/blob/39a8d5ed9843844eafb5d2ba6e6a7510e0126f40/drivers/overlay/overlay.go#L1016-L1040
+func fusermountU(mountpoint string) (unmounted bool) {
+	// Attempt to unmount the FUSE mount using either fusermount or fusermount3.
+	// If they fail, fallback to unix.Unmount
+	for _, v := range []string{"fusermount3", "fusermount"} {
+		err := exec.Command(v, "-u", mountpoint).Run()
+		if err != nil && !os.IsNotExist(err) {
+			logrus.Debugf("Error unmounting %s with %s - %v", mountpoint, v, err)
+		}
+		if err == nil {
+			unmounted = true
+			break
+		}
+	}
+	// If fusermount|fusermount3 failed to unmount the FUSE file system, make sure all
+	// pending changes are propagated to the file system
+	if !unmounted {
+		fd, err := unix.Open(mountpoint, unix.O_DIRECTORY, 0)
+		if err == nil {
+			if err := unix.Syncfs(fd); err != nil {
+				logrus.Debugf("Error Syncfs(%s) - %v", mountpoint, err)
+			}
+			unix.Close(fd)
+		}
+	}
+	return
+}
diff --git a/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs_test.go b/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs_test.go
new file mode 100644
index 0000000000000..0d5b29e53846c
--- /dev/null
+++ b/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs_test.go
@@ -0,0 +1,86 @@
+//go:build linux
+// +build linux
+
+package fuseoverlayfs // import "github.com/docker/docker/daemon/graphdriver/fuse-overlayfs"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+func init() {
+	// Do not sure chroot to speed run time and allow archive
+	// errors or hangs to be debugged directly from the test process.
+	untar = archive.UntarUncompressed
+	graphdriver.ApplyUncompressedLayer = archive.ApplyUncompressedLayer
+
+	reexec.Init()
+}
+
+// This avoids creating a new driver for each test if all tests are run
+// Make sure to put new tests between TestFUSEOverlayFSSetup and TestFUSEOverlayFSTeardown
+func TestFUSEOverlayFSSetup(t *testing.T) {
+	graphtest.GetDriver(t, driverName)
+}
+
+func TestFUSEOverlayFSCreateEmpty(t *testing.T) {
+	graphtest.DriverTestCreateEmpty(t, driverName)
+}
+
+func TestFUSEOverlayFSCreateBase(t *testing.T) {
+	graphtest.DriverTestCreateBase(t, driverName)
+}
+
+func TestFUSEOverlayFSCreateSnap(t *testing.T) {
+	graphtest.DriverTestCreateSnap(t, driverName)
+}
+
+func TestFUSEOverlayFS128LayerRead(t *testing.T) {
+	graphtest.DriverTestDeepLayerRead(t, 128, driverName)
+}
+
+func TestFUSEOverlayFSTeardown(t *testing.T) {
+	graphtest.PutDriver(t)
+}
+
+// Benchmarks should always setup new driver
+
+func BenchmarkExists(b *testing.B) {
+	graphtest.DriverBenchExists(b, driverName)
+}
+
+func BenchmarkGetEmpty(b *testing.B) {
+	graphtest.DriverBenchGetEmpty(b, driverName)
+}
+
+func BenchmarkDiffBase(b *testing.B) {
+	graphtest.DriverBenchDiffBase(b, driverName)
+}
+
+func BenchmarkDiffSmallUpper(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10, 10, driverName)
+}
+
+func BenchmarkDiff10KFileUpper(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10, 10000, driverName)
+}
+
+func BenchmarkDiff10KFilesBottom(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10000, 10, driverName)
+}
+
+func BenchmarkDiffApply100(b *testing.B) {
+	graphtest.DriverBenchDiffApplyN(b, 100, driverName)
+}
+
+func BenchmarkDiff20Layers(b *testing.B) {
+	graphtest.DriverBenchDeepLayerDiff(b, 20, driverName)
+}
+
+func BenchmarkRead20Layers(b *testing.B) {
+	graphtest.DriverBenchDeepLayerRead(b, 20, driverName)
+}
diff --git a/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs_unsupported.go b/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs_unsupported.go
new file mode 100644
index 0000000000000..1b115345e9cc8
--- /dev/null
+++ b/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs_unsupported.go
@@ -0,0 +1,4 @@
+//go:build !linux
+// +build !linux
+
+package fuseoverlayfs // import "github.com/docker/docker/daemon/graphdriver/fuse-overlayfs"
diff --git a/daemon/graphdriver/graphtest/graphbench_unix.go b/daemon/graphdriver/graphtest/graphbench_unix.go
index 22de8d17813ad..378794a5310d0 100644
--- a/daemon/graphdriver/graphtest/graphbench_unix.go
+++ b/daemon/graphdriver/graphtest/graphbench_unix.go
@@ -1,15 +1,15 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package graphtest // import "github.com/docker/docker/daemon/graphdriver/graphtest"
 
 import (
 	"io"
-	"io/ioutil"
 	"testing"
 
 	contdriver "github.com/containerd/continuity/driver"
 	"github.com/docker/docker/pkg/stringid"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 // DriverBenchExists benchmarks calls to exist
@@ -76,7 +76,7 @@ func DriverBenchDiffBase(b *testing.B, drivername string, driveroptions ...strin
 		if err != nil {
 			b.Fatal(err)
 		}
-		_, err = io.Copy(ioutil.Discard, arch)
+		_, err = io.Copy(io.Discard, arch)
 		if err != nil {
 			b.Fatalf("Error copying archive: %s", err)
 		}
@@ -112,7 +112,7 @@ func DriverBenchDiffN(b *testing.B, bottom, top int, drivername string, driverop
 		if err != nil {
 			b.Fatal(err)
 		}
-		_, err = io.Copy(ioutil.Discard, arch)
+		_, err = io.Copy(io.Discard, arch)
 		if err != nil {
 			b.Fatalf("Error copying archive: %s", err)
 		}
@@ -172,6 +172,10 @@ func DriverBenchDiffApplyN(b *testing.B, fileCount int, drivername string, drive
 		b.StopTimer()
 		arch.Close()
 
+		// suppressing "SA9003: empty branch (staticcheck)" instead of commenting-out/removing
+		// these lines because removing/commenting these lines causes a ripple effect
+		// of changes, and there's still a to-do below
+		//nolint:staticcheck
 		if applyDiffSize != diffSize {
 			// TODO: enforce this
 			//b.Fatalf("Apply diff size different, got %d, expected %s", applyDiffSize, diffSize)
@@ -207,7 +211,7 @@ func DriverBenchDeepLayerDiff(b *testing.B, layerCount int, drivername string, d
 		if err != nil {
 			b.Fatal(err)
 		}
-		_, err = io.Copy(ioutil.Discard, arch)
+		_, err = io.Copy(io.Discard, arch)
 		if err != nil {
 			b.Fatalf("Error copying archive: %s", err)
 		}
diff --git a/daemon/graphdriver/graphtest/graphtest_unix.go b/daemon/graphdriver/graphtest/graphtest_unix.go
index e83d0bb2ad77e..8b6a6bf971505 100644
--- a/daemon/graphdriver/graphtest/graphtest_unix.go
+++ b/daemon/graphdriver/graphtest/graphtest_unix.go
@@ -1,24 +1,22 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package graphtest // import "github.com/docker/docker/daemon/graphdriver/graphtest"
 
 import (
 	"bytes"
-	"io/ioutil"
-	"math/rand"
+	"crypto/rand"
 	"os"
 	"path"
-	"reflect"
 	"testing"
-	"unsafe"
 
 	"github.com/docker/docker/daemon/graphdriver"
-	"github.com/docker/docker/daemon/graphdriver/quota"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/go-units"
+	"github.com/docker/docker/quota"
+	units "github.com/docker/go-units"
 	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 var (
@@ -35,7 +33,7 @@ type Driver struct {
 }
 
 func newDriver(t testing.TB, name string, options []string) *Driver {
-	root, err := ioutil.TempDir("", "docker-graphtest-")
+	root, err := os.MkdirTemp("", "docker-graphtest-")
 	assert.NilError(t, err)
 
 	assert.NilError(t, os.MkdirAll(root, 0755))
@@ -294,20 +292,12 @@ func DriverTestChanges(t testing.TB, drivername string, driverOptions ...string)
 }
 
 func writeRandomFile(path string, size uint64) error {
-	buf := make([]int64, size/8)
-
-	r := rand.NewSource(0)
-	for i := range buf {
-		buf[i] = r.Int63()
+	data := make([]byte, size)
+	_, err := rand.Read(data)
+	if err != nil {
+		return err
 	}
-
-	// Cast to []byte
-	header := *(*reflect.SliceHeader)(unsafe.Pointer(&buf))
-	header.Len *= 8
-	header.Cap *= 8
-	data := *(*[]byte)(unsafe.Pointer(&header))
-
-	return ioutil.WriteFile(path, data, 0700)
+	return os.WriteFile(path, data, 0700)
 }
 
 // DriverTestSetQuota Create a driver and test setting quota.
diff --git a/daemon/graphdriver/graphtest/testutil_unix.go b/daemon/graphdriver/graphtest/testutil_unix.go
index 6871dca09a690..1c3037c8aa06c 100644
--- a/daemon/graphdriver/graphtest/testutil_unix.go
+++ b/daemon/graphdriver/graphtest/testutil_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package graphtest // import "github.com/docker/docker/daemon/graphdriver/graphtest"
@@ -10,8 +11,8 @@ import (
 	contdriver "github.com/containerd/continuity/driver"
 	"github.com/docker/docker/daemon/graphdriver"
 	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func verifyFile(t testing.TB, path string, mode os.FileMode, uid, gid uint32) {
diff --git a/daemon/graphdriver/lcow/lcow.go b/daemon/graphdriver/lcow/lcow.go
deleted file mode 100644
index a26d13ede1f8b..0000000000000
--- a/daemon/graphdriver/lcow/lcow.go
+++ /dev/null
@@ -1,1100 +0,0 @@
-// +build windows
-
-// Maintainer:  jhowardmsft
-// Locale:      en-gb
-// About:       Graph-driver for Linux Containers On Windows (LCOW)
-//
-// This graphdriver runs in two modes. Yet to be determined which one will
-// be the shipping mode. The global mode is where a single utility VM
-// is used for all service VM tool operations. This isn't safe security-wise
-// as it's attaching a sandbox of multiple containers to it, containing
-// untrusted data. This may be fine for client devops scenarios. In
-// safe mode, a unique utility VM is instantiated for all service VM tool
-// operations. The downside of safe-mode is that operations are slower as
-// a new service utility VM has to be started and torn-down when needed.
-//
-// Options:
-//
-// The following options are read by the graphdriver itself:
-//
-//   * lcow.globalmode - Enables global service VM Mode
-//        -- Possible values:     true/false
-//        -- Default if omitted:  false
-//
-//   * lcow.sandboxsize - Specifies a custom sandbox size in GB for starting a container
-//        -- Possible values:      >= default sandbox size (opengcs defined, currently 20)
-//        -- Default if omitted:  20
-//
-// The following options are read by opengcs:
-//
-//   * lcow.kirdpath - Specifies a custom path to a kernel/initrd pair
-//        -- Possible values:      Any local path that is not a mapped drive
-//        -- Default if omitted:  %ProgramFiles%\Linux Containers
-//
-//   * lcow.kernel - Specifies a custom kernel file located in the `lcow.kirdpath` path
-//        -- Possible values:      Any valid filename
-//        -- Default if omitted:  bootx64.efi
-//
-//   * lcow.initrd - Specifies a custom initrd file located in the `lcow.kirdpath` path
-//        -- Possible values:      Any valid filename
-//        -- Default if omitted:  initrd.img
-//
-//   * lcow.bootparameters - Specifies additional boot parameters for booting in kernel+initrd mode
-//        -- Possible values:      Any valid linux kernel boot options
-//        -- Default if omitted:  <nil>
-//
-//   * lcow.vhdx - Specifies a custom vhdx file to boot (instead of a kernel+initrd)
-//        -- Possible values:      Any valid filename
-//        -- Default if omitted:  uvm.vhdx under `lcow.kirdpath`
-//
-//   * lcow.timeout - Specifies a timeout for utility VM operations in seconds
-//        -- Possible values:      >=0
-//        -- Default if omitted:  300
-
-// TODO: Grab logs from SVM at terminate or errors
-
-package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"sync"
-	"syscall"
-	"time"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/Microsoft/opengcs/client"
-	"github.com/docker/docker/daemon/graphdriver"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/containerfs"
-	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/system"
-	"github.com/sirupsen/logrus"
-)
-
-// init registers this driver to the register. It gets initialised by the
-// function passed in the second parameter, implemented in this file.
-func init() {
-	graphdriver.Register("lcow", InitDriver)
-}
-
-const (
-	// sandboxFilename is the name of the file containing a layer's sandbox (read-write layer).
-	sandboxFilename = "sandbox.vhdx"
-
-	// scratchFilename is the name of the scratch-space used by an SVM to avoid running out of memory.
-	scratchFilename = "scratch.vhdx"
-
-	// layerFilename is the name of the file containing a layer's read-only contents.
-	// Note this really is VHD format, not VHDX.
-	layerFilename = "layer.vhd"
-
-	// toolsScratchPath is a location in a service utility VM that the tools can use as a
-	// scratch space to avoid running out of memory.
-	toolsScratchPath = "/tmp/scratch"
-
-	// svmGlobalID is the ID used in the serviceVMs map for the global service VM when running in "global" mode.
-	svmGlobalID = "_lcow_global_svm_"
-
-	// cacheDirectory is the sub-folder under the driver's data-root used to cache blank sandbox and scratch VHDs.
-	cacheDirectory = "cache"
-
-	// scratchDirectory is the sub-folder under the driver's data-root used for scratch VHDs in service VMs
-	scratchDirectory = "scratch"
-
-	// errOperationPending is the HRESULT returned by the HCS when the VM termination operation is still pending.
-	errOperationPending syscall.Errno = 0xc0370103
-)
-
-// Driver represents an LCOW graph driver.
-type Driver struct {
-	dataRoot           string     // Root path on the host where we are storing everything.
-	cachedSandboxFile  string     // Location of the local default-sized cached sandbox.
-	cachedSandboxMutex sync.Mutex // Protects race conditions from multiple threads creating the cached sandbox.
-	cachedScratchFile  string     // Location of the local cached empty scratch space.
-	cachedScratchMutex sync.Mutex // Protects race conditions from multiple threads creating the cached scratch.
-	options            []string   // Graphdriver options we are initialised with.
-	globalMode         bool       // Indicates if running in an unsafe/global service VM mode.
-
-	// NOTE: It is OK to use a cache here because Windows does not support
-	// restoring containers when the daemon dies.
-	serviceVms *serviceVMMap // Map of the configs representing the service VM(s) we are running.
-}
-
-// layerDetails is the structure returned by a helper function `getLayerDetails`
-// for getting information about a layer folder
-type layerDetails struct {
-	filename  string // \path\to\sandbox.vhdx or \path\to\layer.vhd
-	size      int64  // size of the above file
-	isSandbox bool   // true if sandbox.vhdx
-}
-
-// deletefiles is a helper function for initialisation where we delete any
-// left-over scratch files in case we were previously forcibly terminated.
-func deletefiles(path string, f os.FileInfo, err error) error {
-	if strings.HasSuffix(f.Name(), ".vhdx") {
-		logrus.Warnf("lcowdriver: init: deleting stale scratch file %s", path)
-		return os.Remove(path)
-	}
-	return nil
-}
-
-// InitDriver returns a new LCOW storage driver.
-func InitDriver(dataRoot string, options []string, _, _ []idtools.IDMap) (graphdriver.Driver, error) {
-	title := "lcowdriver: init:"
-
-	cd := filepath.Join(dataRoot, cacheDirectory)
-	sd := filepath.Join(dataRoot, scratchDirectory)
-
-	d := &Driver{
-		dataRoot:          dataRoot,
-		options:           options,
-		cachedSandboxFile: filepath.Join(cd, sandboxFilename),
-		cachedScratchFile: filepath.Join(cd, scratchFilename),
-		serviceVms: &serviceVMMap{
-			svms: make(map[string]*serviceVMMapItem),
-		},
-		globalMode: false,
-	}
-
-	// Looks for relevant options
-	for _, v := range options {
-		opt := strings.SplitN(v, "=", 2)
-		if len(opt) == 2 {
-			switch strings.ToLower(opt[0]) {
-			case "lcow.globalmode":
-				var err error
-				d.globalMode, err = strconv.ParseBool(opt[1])
-				if err != nil {
-					return nil, fmt.Errorf("%s failed to parse value for 'lcow.globalmode' - must be 'true' or 'false'", title)
-				}
-				break
-			}
-		}
-	}
-
-	// Make sure the dataRoot directory is created
-	if err := idtools.MkdirAllAndChown(dataRoot, 0700, idtools.Identity{UID: 0, GID: 0}); err != nil {
-		return nil, fmt.Errorf("%s failed to create '%s': %v", title, dataRoot, err)
-	}
-
-	// Make sure the cache directory is created under dataRoot
-	if err := idtools.MkdirAllAndChown(cd, 0700, idtools.Identity{UID: 0, GID: 0}); err != nil {
-		return nil, fmt.Errorf("%s failed to create '%s': %v", title, cd, err)
-	}
-
-	// Make sure the scratch directory is created under dataRoot
-	if err := idtools.MkdirAllAndChown(sd, 0700, idtools.Identity{UID: 0, GID: 0}); err != nil {
-		return nil, fmt.Errorf("%s failed to create '%s': %v", title, sd, err)
-	}
-
-	// Delete any items in the scratch directory
-	filepath.Walk(sd, deletefiles)
-
-	logrus.Infof("%s dataRoot: %s globalMode: %t", title, dataRoot, d.globalMode)
-
-	return d, nil
-}
-
-func (d *Driver) getVMID(id string) string {
-	if d.globalMode {
-		return svmGlobalID
-	}
-	return id
-}
-
-// remapLongToShortContainerPath does the mapping of a long container path for a
-// SCSI attached disk, to a short container path where it's actually mounted.
-func remapLongToShortContainerPath(longContainerPath string, attachCounter uint64, svmName string) string {
-	shortContainerPath := longContainerPath
-	if shortContainerPath != "" && shortContainerPath != toolsScratchPath {
-		shortContainerPath = fmt.Sprintf("/tmp/d%d", attachCounter)
-		logrus.Debugf("lcowdriver: UVM %s: remapping %s --> %s", svmName, longContainerPath, shortContainerPath)
-	}
-	return shortContainerPath
-}
-
-// startServiceVMIfNotRunning starts a service utility VM if it is not currently running.
-// It can optionally be started with a mapped virtual disk. Returns a opengcs config structure
-// representing the VM.
-func (d *Driver) startServiceVMIfNotRunning(id string, mvdToAdd []hcsshim.MappedVirtualDisk, context string) (_ *serviceVM, err error) {
-	// Use the global ID if in global mode
-	id = d.getVMID(id)
-
-	title := "lcowdriver: startServiceVMIfNotRunning " + id
-
-	// Attempt to add ID to the service vm map
-	logrus.Debugf("%s: adding entry to service vm map", title)
-	svm, exists, err := d.serviceVms.add(id)
-	if err != nil && err == errVMisTerminating {
-		// VM is in the process of terminating. Wait until it's done and then try again
-		logrus.Debugf("%s: VM with current ID still in the process of terminating", title)
-		if err := svm.getStopError(); err != nil {
-			logrus.Debugf("%s: VM did not stop successfully: %s", title, err)
-			return nil, err
-		}
-		return d.startServiceVMIfNotRunning(id, mvdToAdd, context)
-	} else if err != nil {
-		logrus.Debugf("%s: failed to add service vm to map: %s", title, err)
-		return nil, fmt.Errorf("%s: failed to add to service vm map: %s", title, err)
-	}
-
-	if exists {
-		// Service VM is already up and running. In this case, just hot add the vhds.
-		// Note that hotAddVHDs will remap long to short container paths, so no need
-		// for us to that here.
-		logrus.Debugf("%s: service vm already exists. Just hot adding: %+v", title, mvdToAdd)
-		if err := svm.hotAddVHDs(mvdToAdd...); err != nil {
-			logrus.Debugf("%s: failed to hot add vhds on service vm creation: %s", title, err)
-			return nil, fmt.Errorf("%s: failed to hot add vhds on service vm: %s", title, err)
-		}
-		return svm, nil
-	}
-
-	// We are the first service for this id, so we need to start it
-	logrus.Debugf("%s: service vm doesn't exist. Now starting it up", title)
-
-	defer func() {
-		// Signal that start has finished, passing in the error if any.
-		svm.signalStartFinished(err)
-		if err != nil {
-			// We added a ref to the VM, since we failed, we should delete the ref.
-			d.terminateServiceVM(id, "error path on startServiceVMIfNotRunning", false)
-		}
-	}()
-
-	// Generate a default configuration
-	if err := svm.config.GenerateDefault(d.options); err != nil {
-		return nil, fmt.Errorf("%s: failed to generate default gogcs configuration for global svm (%s): %s", title, context, err)
-	}
-
-	// For the name, we deliberately suffix if safe-mode to ensure that it doesn't
-	// clash with another utility VM which may be running for the container itself.
-	// This also makes it easier to correlate through Get-ComputeProcess.
-	if id == svmGlobalID {
-		svm.config.Name = svmGlobalID
-	} else {
-		svm.config.Name = fmt.Sprintf("%s_svm", id)
-	}
-
-	// Ensure we take the cached scratch mutex around the check to ensure the file is complete
-	// and not in the process of being created by another thread.
-	scratchTargetFile := filepath.Join(d.dataRoot, scratchDirectory, fmt.Sprintf("%s.vhdx", id))
-
-	logrus.Debugf("%s: locking cachedScratchMutex", title)
-	d.cachedScratchMutex.Lock()
-	if _, err := os.Stat(d.cachedScratchFile); err == nil {
-		// Make a copy of cached scratch to the scratch directory
-		logrus.Debugf("%s: (%s) cloning cached scratch for mvd", title, context)
-		if err := client.CopyFile(d.cachedScratchFile, scratchTargetFile, true); err != nil {
-			logrus.Debugf("%s: releasing cachedScratchMutex on err: %s", title, err)
-			d.cachedScratchMutex.Unlock()
-			return nil, err
-		}
-
-		// Add the cached clone as a mapped virtual disk
-		logrus.Debugf("%s: (%s) adding cloned scratch as mvd", title, context)
-		mvd := hcsshim.MappedVirtualDisk{
-			HostPath:          scratchTargetFile,
-			ContainerPath:     toolsScratchPath,
-			CreateInUtilityVM: true,
-		}
-		svm.config.MappedVirtualDisks = append(svm.config.MappedVirtualDisks, mvd)
-		svm.scratchAttached = true
-	}
-
-	logrus.Debugf("%s: releasing cachedScratchMutex", title)
-	d.cachedScratchMutex.Unlock()
-
-	// Add mapped virtual disks. First those that are already in the configuration. Generally,
-	// the only one that will be here is the service VMs scratch. The exception is when invoked
-	// via the graphdrivers DiffGetter implementation.
-	for i, mvd := range svm.config.MappedVirtualDisks {
-		svm.attachCounter++
-		svm.attachedVHDs[mvd.HostPath] = &attachedVHD{refCount: 1, attachCounter: svm.attachCounter}
-
-		// No-op for the service VMs scratch disk. Only applicable in the DiffGetter interface invocation.
-		svm.config.MappedVirtualDisks[i].ContainerPath = remapLongToShortContainerPath(mvd.ContainerPath, svm.attachCounter, svm.config.Name)
-	}
-
-	// Then the remaining ones to add, and adding them to the startup configuration.
-	for _, mvd := range mvdToAdd {
-		svm.attachCounter++
-		svm.attachedVHDs[mvd.HostPath] = &attachedVHD{refCount: 1, attachCounter: svm.attachCounter}
-		mvd.ContainerPath = remapLongToShortContainerPath(mvd.ContainerPath, svm.attachCounter, svm.config.Name)
-		svm.config.MappedVirtualDisks = append(svm.config.MappedVirtualDisks, mvd)
-	}
-
-	// Start it.
-	logrus.Debugf("%s: (%s) starting %s", title, context, svm.config.Name)
-	if err := svm.config.StartUtilityVM(); err != nil {
-		return nil, fmt.Errorf("failed to start service utility VM (%s): %s", context, err)
-	}
-
-	// defer function to terminate the VM if the next steps fail
-	defer func() {
-		if err != nil {
-			waitTerminate(svm, fmt.Sprintf("%s: (%s)", title, context))
-		}
-	}()
-
-	// Now we have a running service VM, we can create the cached scratch file if it doesn't exist.
-	logrus.Debugf("%s: locking cachedScratchMutex", title)
-	d.cachedScratchMutex.Lock()
-	if _, err := os.Stat(d.cachedScratchFile); err != nil {
-		logrus.Debugf("%s: (%s) creating an SVM scratch", title, context)
-
-		// Don't use svm.CreateExt4Vhdx since that only works when the service vm is setup,
-		// but we're still in that process right now.
-		if err := svm.config.CreateExt4Vhdx(scratchTargetFile, client.DefaultVhdxSizeGB, d.cachedScratchFile); err != nil {
-			logrus.Debugf("%s: (%s) releasing cachedScratchMutex on error path", title, context)
-			d.cachedScratchMutex.Unlock()
-			logrus.Debugf("%s: failed to create vm scratch %s: %s", title, scratchTargetFile, err)
-			return nil, fmt.Errorf("failed to create SVM scratch VHDX (%s): %s", context, err)
-		}
-	}
-	logrus.Debugf("%s: (%s) releasing cachedScratchMutex", title, context)
-	d.cachedScratchMutex.Unlock()
-
-	// Hot-add the scratch-space if not already attached
-	if !svm.scratchAttached {
-		logrus.Debugf("%s: (%s) hot-adding scratch %s", title, context, scratchTargetFile)
-		if err := svm.hotAddVHDsAtStart(hcsshim.MappedVirtualDisk{
-			HostPath:          scratchTargetFile,
-			ContainerPath:     toolsScratchPath,
-			CreateInUtilityVM: true,
-		}); err != nil {
-			logrus.Debugf("%s: failed to hot-add scratch %s: %s", title, scratchTargetFile, err)
-			return nil, fmt.Errorf("failed to hot-add %s failed: %s", scratchTargetFile, err)
-		}
-		svm.scratchAttached = true
-		// Don't need to ref-count here as it will be done via hotAddVHDsAtStart() call above.
-	}
-
-	logrus.Debugf("%s: (%s) success", title, context)
-	return svm, nil
-}
-
-// terminateServiceVM terminates a service utility VM if its running if it's,
-// not being used by any goroutine, but does nothing when in global mode as it's
-// lifetime is limited to that of the daemon. If the force flag is set, then
-// the VM will be killed regardless of the ref count or if it's global.
-func (d *Driver) terminateServiceVM(id, context string, force bool) (err error) {
-	// We don't do anything in safe mode unless the force flag has been passed, which
-	// is only the case for cleanup at driver termination.
-	if d.globalMode && !force {
-		logrus.Debugf("lcowdriver: terminateservicevm: %s (%s) - doing nothing as in global mode", id, context)
-		return nil
-	}
-
-	id = d.getVMID(id)
-
-	var svm *serviceVM
-	var lastRef bool
-	if !force {
-		// In the not force case, we ref count
-		svm, lastRef, err = d.serviceVms.decrementRefCount(id)
-	} else {
-		// In the force case, we ignore the ref count and just set it to 0
-		svm, err = d.serviceVms.setRefCountZero(id)
-		lastRef = true
-	}
-
-	if err == errVMUnknown {
-		return nil
-	} else if err == errVMisTerminating {
-		return svm.getStopError()
-	} else if !lastRef {
-		return nil
-	}
-
-	// We run the deletion of the scratch as a deferred function to at least attempt
-	// clean-up in case of errors.
-	defer func() {
-		if svm.scratchAttached {
-			scratchTargetFile := filepath.Join(d.dataRoot, scratchDirectory, fmt.Sprintf("%s.vhdx", id))
-			logrus.Debugf("lcowdriver: terminateservicevm: %s (%s) - deleting scratch %s", id, context, scratchTargetFile)
-			if errRemove := os.Remove(scratchTargetFile); errRemove != nil {
-				logrus.Warnf("failed to remove scratch file %s (%s): %s", scratchTargetFile, context, errRemove)
-				err = errRemove
-			}
-		}
-
-		// This function shouldn't actually return error unless there is a bug
-		if errDelete := d.serviceVms.deleteID(id); errDelete != nil {
-			logrus.Warnf("failed to service vm from svm map %s (%s): %s", id, context, errDelete)
-		}
-
-		// Signal that this VM has stopped
-		svm.signalStopFinished(err)
-	}()
-
-	// Now it's possible that the service VM failed to start and now we are trying to terminate it.
-	// In this case, we will relay the error to the goroutines waiting for this vm to stop.
-	if err := svm.getStartError(); err != nil {
-		logrus.Debugf("lcowdriver: terminateservicevm: %s had failed to start up: %s", id, err)
-		return err
-	}
-
-	if err := waitTerminate(svm, fmt.Sprintf("terminateservicevm: %s (%s)", id, context)); err != nil {
-		return err
-	}
-
-	logrus.Debugf("lcowdriver: terminateservicevm: %s (%s) - success", id, context)
-	return nil
-}
-
-func waitTerminate(svm *serviceVM, context string) error {
-	if svm.config == nil {
-		return fmt.Errorf("lcowdriver: waitTermiante: Nil utility VM. %s", context)
-	}
-
-	logrus.Debugf("lcowdriver: waitTerminate: Calling terminate: %s", context)
-	if err := svm.config.Uvm.Terminate(); err != nil {
-		// We might get operation still pending from the HCS. In that case, we shouldn't return
-		// an error since we call wait right after.
-		underlyingError := err
-		if conterr, ok := err.(*hcsshim.ContainerError); ok {
-			underlyingError = conterr.Err
-		}
-
-		if syscallErr, ok := underlyingError.(syscall.Errno); ok {
-			underlyingError = syscallErr
-		}
-
-		if underlyingError != errOperationPending {
-			return fmt.Errorf("failed to terminate utility VM (%s): %s", context, err)
-		}
-		logrus.Debugf("lcowdriver: waitTerminate: uvm.Terminate() returned operation pending (%s)", context)
-	}
-
-	logrus.Debugf("lcowdriver: waitTerminate: (%s) - waiting for utility VM to terminate", context)
-	if err := svm.config.Uvm.WaitTimeout(time.Duration(svm.config.UvmTimeoutSeconds) * time.Second); err != nil {
-		return fmt.Errorf("failed waiting for utility VM to terminate (%s): %s", context, err)
-	}
-	return nil
-}
-
-// String returns the string representation of a driver. This should match
-// the name the graph driver has been registered with.
-func (d *Driver) String() string {
-	return "lcow"
-}
-
-// Status returns the status of the driver.
-func (d *Driver) Status() [][2]string {
-	return [][2]string{
-		{"LCOW", ""},
-		// TODO: Add some more info here - mode, home, ....
-	}
-}
-
-// Exists returns true if the given id is registered with this driver.
-func (d *Driver) Exists(id string) bool {
-	_, err := os.Lstat(d.dir(id))
-	logrus.Debugf("lcowdriver: exists: id %s %t", id, err == nil)
-	return err == nil
-}
-
-// CreateReadWrite creates a layer that is writable for use as a container
-// file system. That equates to creating a sandbox.
-func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
-	title := fmt.Sprintf("lcowdriver: createreadwrite: id %s", id)
-	logrus.Debugf(title)
-
-	// First we need to create the folder
-	if err := d.Create(id, parent, opts); err != nil {
-		return err
-	}
-
-	// Look for an explicit sandbox size option.
-	sandboxSize := uint64(client.DefaultVhdxSizeGB)
-	for k, v := range opts.StorageOpt {
-		switch strings.ToLower(k) {
-		case "lcow.sandboxsize":
-			var err error
-			sandboxSize, err = strconv.ParseUint(v, 10, 32)
-			if err != nil {
-				return fmt.Errorf("%s failed to parse value '%s' for 'lcow.sandboxsize'", title, v)
-			}
-			if sandboxSize < client.DefaultVhdxSizeGB {
-				return fmt.Errorf("%s 'lcow.sandboxsize' option cannot be less than %d", title, client.DefaultVhdxSizeGB)
-			}
-			break
-		}
-	}
-
-	// Massive perf optimisation here. If we know that the RW layer is the default size,
-	// and that the cached sandbox already exists, and we are running in safe mode, we
-	// can just do a simple copy into the layers sandbox file without needing to start a
-	// unique service VM. For a global service VM, it doesn't really matter. Of course,
-	// this is only the case where the sandbox is the default size.
-	//
-	// Make sure we have the sandbox mutex taken while we are examining it.
-	if sandboxSize == client.DefaultVhdxSizeGB {
-		logrus.Debugf("%s: locking cachedSandboxMutex", title)
-		d.cachedSandboxMutex.Lock()
-		_, err := os.Stat(d.cachedSandboxFile)
-		logrus.Debugf("%s: releasing cachedSandboxMutex", title)
-		d.cachedSandboxMutex.Unlock()
-		if err == nil {
-			logrus.Debugf("%s: using cached sandbox to populate", title)
-			if err := client.CopyFile(d.cachedSandboxFile, filepath.Join(d.dir(id), sandboxFilename), true); err != nil {
-				return err
-			}
-			return nil
-		}
-	}
-
-	logrus.Debugf("%s: creating SVM to create sandbox", title)
-	svm, err := d.startServiceVMIfNotRunning(id, nil, "createreadwrite")
-	if err != nil {
-		return err
-	}
-	defer d.terminateServiceVM(id, "createreadwrite", false)
-
-	// So the sandbox needs creating. If default size ensure we are the only thread populating the cache.
-	// Non-default size we don't store, just create them one-off so no need to lock the cachedSandboxMutex.
-	if sandboxSize == client.DefaultVhdxSizeGB {
-		logrus.Debugf("%s: locking cachedSandboxMutex for creation", title)
-		d.cachedSandboxMutex.Lock()
-		defer func() {
-			logrus.Debugf("%s: releasing cachedSandboxMutex for creation", title)
-			d.cachedSandboxMutex.Unlock()
-		}()
-	}
-
-	// Make sure we don't write to our local cached copy if this is for a non-default size request.
-	targetCacheFile := d.cachedSandboxFile
-	if sandboxSize != client.DefaultVhdxSizeGB {
-		targetCacheFile = ""
-	}
-
-	// Create the ext4 vhdx
-	logrus.Debugf("%s: creating sandbox ext4 vhdx", title)
-	if err := svm.createExt4VHDX(filepath.Join(d.dir(id), sandboxFilename), uint32(sandboxSize), targetCacheFile); err != nil {
-		logrus.Debugf("%s: failed to create sandbox vhdx for %s: %s", title, id, err)
-		return err
-	}
-	return nil
-}
-
-// Create creates the folder for the layer with the given id, and
-// adds it to the layer chain.
-func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
-	logrus.Debugf("lcowdriver: create: id %s parent: %s", id, parent)
-
-	parentChain, err := d.getLayerChain(parent)
-	if err != nil {
-		return err
-	}
-
-	var layerChain []string
-	if parent != "" {
-		if !d.Exists(parent) {
-			return fmt.Errorf("lcowdriver: cannot create layer folder with missing parent %s", parent)
-		}
-		layerChain = []string{d.dir(parent)}
-	}
-	layerChain = append(layerChain, parentChain...)
-
-	// Make sure layers are created with the correct ACL so that VMs can access them.
-	layerPath := d.dir(id)
-	logrus.Debugf("lcowdriver: create: id %s: creating %s", id, layerPath)
-	if err := system.MkdirAllWithACL(layerPath, 755, system.SddlNtvmAdministratorsLocalSystem); err != nil {
-		return err
-	}
-
-	if err := d.setLayerChain(id, layerChain); err != nil {
-		if err2 := os.RemoveAll(layerPath); err2 != nil {
-			logrus.Warnf("failed to remove layer %s: %s", layerPath, err2)
-		}
-		return err
-	}
-	logrus.Debugf("lcowdriver: create: id %s: success", id)
-
-	return nil
-}
-
-// Remove unmounts and removes the dir information.
-func (d *Driver) Remove(id string) error {
-	logrus.Debugf("lcowdriver: remove: id %s", id)
-	tmpID := fmt.Sprintf("%s-removing", id)
-	tmpLayerPath := d.dir(tmpID)
-	layerPath := d.dir(id)
-
-	logrus.Debugf("lcowdriver: remove: id %s: layerPath %s", id, layerPath)
-
-	// Unmount all the layers
-	err := d.Put(id)
-	if err != nil {
-		logrus.Debugf("lcowdriver: remove id %s: failed to unmount: %s", id, err)
-		return err
-	}
-
-	// for non-global case just kill the vm
-	if !d.globalMode {
-		if err := d.terminateServiceVM(id, fmt.Sprintf("Remove %s", id), true); err != nil {
-			return err
-		}
-	}
-
-	if err := os.Rename(layerPath, tmpLayerPath); err != nil && !os.IsNotExist(err) {
-		return err
-	}
-
-	if err := os.RemoveAll(tmpLayerPath); err != nil {
-		return err
-	}
-
-	logrus.Debugf("lcowdriver: remove: id %s: layerPath %s succeeded", id, layerPath)
-	return nil
-}
-
-// Get returns the rootfs path for the id. It is reference counted and
-// effectively can be thought of as a "mount the layer into the utility
-// vm if it isn't already". The contract from the caller of this is that
-// all Gets and Puts are matched. It -should- be the case that on cleanup,
-// nothing is mounted.
-//
-// For optimisation, we don't actually mount the filesystem (which in our
-// case means [hot-]adding it to a service VM. But we track that and defer
-// the actual adding to the point we need to access it.
-func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
-	title := fmt.Sprintf("lcowdriver: get: %s", id)
-	logrus.Debugf(title)
-
-	// Generate the mounts needed for the deferred operation.
-	disks, err := d.getAllMounts(id)
-	if err != nil {
-		logrus.Debugf("%s failed to get all layer details for %s: %s", title, d.dir(id), err)
-		return nil, fmt.Errorf("%s failed to get layer details for %s: %s", title, d.dir(id), err)
-	}
-
-	logrus.Debugf("%s: got layer mounts: %+v", title, disks)
-	return &lcowfs{
-		root:        unionMountName(disks),
-		d:           d,
-		mappedDisks: disks,
-		vmID:        d.getVMID(id),
-	}, nil
-}
-
-// Put does the reverse of get. If there are no more references to
-// the layer, it unmounts it from the utility VM.
-func (d *Driver) Put(id string) error {
-	title := fmt.Sprintf("lcowdriver: put: %s", id)
-
-	// Get the service VM that we need to remove from
-	svm, err := d.serviceVms.get(d.getVMID(id))
-	if err == errVMUnknown {
-		return nil
-	} else if err == errVMisTerminating {
-		return svm.getStopError()
-	}
-
-	// Generate the mounts that Get() might have mounted
-	disks, err := d.getAllMounts(id)
-	if err != nil {
-		logrus.Debugf("%s failed to get all layer details for %s: %s", title, d.dir(id), err)
-		return fmt.Errorf("%s failed to get layer details for %s: %s", title, d.dir(id), err)
-	}
-
-	// Now, we want to perform the unmounts, hot-remove and stop the service vm.
-	// We want to go though all the steps even if we have an error to clean up properly
-	err = svm.deleteUnionMount(unionMountName(disks), disks...)
-	if err != nil {
-		logrus.Debugf("%s failed to delete union mount %s: %s", title, id, err)
-	}
-
-	err1 := svm.hotRemoveVHDs(disks...)
-	if err1 != nil {
-		logrus.Debugf("%s failed to hot remove vhds %s: %s", title, id, err)
-		if err == nil {
-			err = err1
-		}
-	}
-
-	err1 = d.terminateServiceVM(id, fmt.Sprintf("Put %s", id), false)
-	if err1 != nil {
-		logrus.Debugf("%s failed to terminate service vm %s: %s", title, id, err1)
-		if err == nil {
-			err = err1
-		}
-	}
-	logrus.Debugf("Put succeeded on id %s", id)
-	return err
-}
-
-// Cleanup ensures the information the driver stores is properly removed.
-// We use this opportunity to cleanup any -removing folders which may be
-// still left if the daemon was killed while it was removing a layer.
-func (d *Driver) Cleanup() error {
-	title := "lcowdriver: cleanup"
-
-	items, err := ioutil.ReadDir(d.dataRoot)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-
-	// Note we don't return an error below - it's possible the files
-	// are locked. However, next time around after the daemon exits,
-	// we likely will be able to cleanup successfully. Instead we log
-	// warnings if there are errors.
-	for _, item := range items {
-		if item.IsDir() && strings.HasSuffix(item.Name(), "-removing") {
-			if err := os.RemoveAll(filepath.Join(d.dataRoot, item.Name())); err != nil {
-				logrus.Warnf("%s failed to cleanup %s: %s", title, item.Name(), err)
-			} else {
-				logrus.Infof("%s cleaned up %s", title, item.Name())
-			}
-		}
-	}
-
-	// Cleanup any service VMs we have running, along with their scratch spaces.
-	// We don't take the lock for this as it's taken in terminateServiceVm.
-	for k, v := range d.serviceVms.svms {
-		logrus.Debugf("%s svm entry: %s: %+v", title, k, v)
-		d.terminateServiceVM(k, "cleanup", true)
-	}
-
-	return nil
-}
-
-// Diff takes a layer (and it's parent layer which may be null, but
-// is ignored by this implementation below) and returns a reader for
-// a tarstream representing the layers contents. The id could be
-// a read-only "layer.vhd" or a read-write "sandbox.vhdx". The semantics
-// of this function dictate that the layer is already mounted.
-// However, as we do lazy mounting as a performance optimisation,
-// this will likely not be the case.
-func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) {
-	title := fmt.Sprintf("lcowdriver: diff: %s", id)
-
-	// Get VHDX info
-	ld, err := getLayerDetails(d.dir(id))
-	if err != nil {
-		logrus.Debugf("%s: failed to get vhdx information of %s: %s", title, d.dir(id), err)
-		return nil, err
-	}
-
-	// Start the SVM with a mapped virtual disk. Note that if the SVM is
-	// already running and we are in global mode, this will be
-	// hot-added.
-	mvd := hcsshim.MappedVirtualDisk{
-		HostPath:          ld.filename,
-		ContainerPath:     hostToGuest(ld.filename),
-		CreateInUtilityVM: true,
-		ReadOnly:          true,
-	}
-
-	logrus.Debugf("%s: starting service VM", title)
-	svm, err := d.startServiceVMIfNotRunning(id, []hcsshim.MappedVirtualDisk{mvd}, fmt.Sprintf("diff %s", id))
-	if err != nil {
-		return nil, err
-	}
-
-	logrus.Debugf("lcowdriver: diff: waiting for svm to finish booting")
-	err = svm.getStartError()
-	if err != nil {
-		d.terminateServiceVM(id, fmt.Sprintf("diff %s", id), false)
-		return nil, fmt.Errorf("lcowdriver: diff: svm failed to boot: %s", err)
-	}
-
-	// Obtain the tar stream for it
-	// The actual container path will have be remapped to a short name, so use that.
-	actualContainerPath := svm.getShortContainerPath(&mvd)
-	if actualContainerPath == "" {
-		return nil, fmt.Errorf("failed to get short container path for %+v in SVM %s", mvd, svm.config.Name)
-	}
-	logrus.Debugf("%s: %s %s, size %d, ReadOnly %t", title, ld.filename, actualContainerPath, ld.size, ld.isSandbox)
-	tarReadCloser, err := svm.config.VhdToTar(mvd.HostPath, actualContainerPath, ld.isSandbox, ld.size)
-	if err != nil {
-		svm.hotRemoveVHDs(mvd)
-		d.terminateServiceVM(id, fmt.Sprintf("diff %s", id), false)
-		return nil, fmt.Errorf("%s failed to export layer to tar stream for id: %s, parent: %s : %s", title, id, parent, err)
-	}
-
-	logrus.Debugf("%s id %s parent %s completed successfully", title, id, parent)
-
-	// In safe/non-global mode, we can't tear down the service VM until things have been read.
-	return ioutils.NewReadCloserWrapper(tarReadCloser, func() error {
-		tarReadCloser.Close()
-		svm.hotRemoveVHDs(mvd)
-		d.terminateServiceVM(id, fmt.Sprintf("diff %s", id), false)
-		return nil
-	}), nil
-}
-
-// ApplyDiff extracts the changeset from the given diff into the
-// layer with the specified id and parent, returning the size of the
-// new layer in bytes. The layer should not be mounted when calling
-// this function. Another way of describing this is that ApplyDiff writes
-// to a new layer (a VHD in LCOW) the contents of a tarstream it's given.
-func (d *Driver) ApplyDiff(id, parent string, diff io.Reader) (int64, error) {
-	logrus.Debugf("lcowdriver: applydiff: id %s", id)
-
-	svm, err := d.startServiceVMIfNotRunning(id, nil, fmt.Sprintf("applydiff %s", id))
-	if err != nil {
-		return 0, err
-	}
-	defer d.terminateServiceVM(id, fmt.Sprintf("applydiff %s", id), false)
-
-	logrus.Debugf("lcowdriver: applydiff: waiting for svm to finish booting")
-	err = svm.getStartError()
-	if err != nil {
-		return 0, fmt.Errorf("lcowdriver: applydiff: svm failed to boot: %s", err)
-	}
-
-	// TODO @jhowardmsft - the retries are temporary to overcome platform reliability issues.
-	// Obviously this will be removed as platform bugs are fixed.
-	retries := 0
-	for {
-		retries++
-		size, err := svm.config.TarToVhd(filepath.Join(d.dataRoot, id, layerFilename), diff)
-		if err != nil {
-			if retries <= 10 {
-				continue
-			}
-			return 0, err
-		}
-		return size, err
-	}
-}
-
-// Changes produces a list of changes between the specified layer
-// and its parent layer. If parent is "", then all changes will be ADD changes.
-// The layer should not be mounted when calling this function.
-func (d *Driver) Changes(id, parent string) ([]archive.Change, error) {
-	logrus.Debugf("lcowdriver: changes: id %s parent %s", id, parent)
-	// TODO @gupta-ak. Needs implementation with assistance from service VM
-	return nil, nil
-}
-
-// DiffSize calculates the changes between the specified layer
-// and its parent and returns the size in bytes of the changes
-// relative to its base filesystem directory.
-func (d *Driver) DiffSize(id, parent string) (size int64, err error) {
-	logrus.Debugf("lcowdriver: diffsize: id %s", id)
-	// TODO @gupta-ak. Needs implementation with assistance from service VM
-	return 0, nil
-}
-
-// GetMetadata returns custom driver information.
-func (d *Driver) GetMetadata(id string) (map[string]string, error) {
-	logrus.Debugf("lcowdriver: getmetadata: id %s", id)
-	m := make(map[string]string)
-	m["dir"] = d.dir(id)
-	return m, nil
-}
-
-// GetLayerPath gets the layer path on host (path to VHD/VHDX)
-func (d *Driver) GetLayerPath(id string) (string, error) {
-	return d.dir(id), nil
-}
-
-// dir returns the absolute path to the layer.
-func (d *Driver) dir(id string) string {
-	return filepath.Join(d.dataRoot, filepath.Base(id))
-}
-
-// getLayerChain returns the layer chain information.
-func (d *Driver) getLayerChain(id string) ([]string, error) {
-	jPath := filepath.Join(d.dir(id), "layerchain.json")
-	logrus.Debugf("lcowdriver: getlayerchain: id %s json %s", id, jPath)
-	content, err := ioutil.ReadFile(jPath)
-	if os.IsNotExist(err) {
-		return nil, nil
-	} else if err != nil {
-		return nil, fmt.Errorf("lcowdriver: getlayerchain: %s unable to read layerchain file %s: %s", id, jPath, err)
-	}
-
-	var layerChain []string
-	err = json.Unmarshal(content, &layerChain)
-	if err != nil {
-		return nil, fmt.Errorf("lcowdriver: getlayerchain: %s failed to unmarshall layerchain file %s: %s", id, jPath, err)
-	}
-	return layerChain, nil
-}
-
-// setLayerChain stores the layer chain information on disk.
-func (d *Driver) setLayerChain(id string, chain []string) error {
-	content, err := json.Marshal(&chain)
-	if err != nil {
-		return fmt.Errorf("lcowdriver: setlayerchain: %s failed to marshall layerchain json: %s", id, err)
-	}
-
-	jPath := filepath.Join(d.dir(id), "layerchain.json")
-	logrus.Debugf("lcowdriver: setlayerchain: id %s json %s", id, jPath)
-	err = ioutil.WriteFile(jPath, content, 0600)
-	if err != nil {
-		return fmt.Errorf("lcowdriver: setlayerchain: %s failed to write layerchain file: %s", id, err)
-	}
-	return nil
-}
-
-// getLayerDetails is a utility for getting a file name, size and indication of
-// sandbox for a VHD(x) in a folder. A read-only layer will be layer.vhd. A
-// read-write layer will be sandbox.vhdx.
-func getLayerDetails(folder string) (*layerDetails, error) {
-	var fileInfo os.FileInfo
-	ld := &layerDetails{
-		isSandbox: false,
-		filename:  filepath.Join(folder, layerFilename),
-	}
-
-	fileInfo, err := os.Stat(ld.filename)
-	if err != nil {
-		ld.filename = filepath.Join(folder, sandboxFilename)
-		if fileInfo, err = os.Stat(ld.filename); err != nil {
-			return nil, fmt.Errorf("failed to locate layer or sandbox in %s", folder)
-		}
-		ld.isSandbox = true
-	}
-	ld.size = fileInfo.Size()
-
-	return ld, nil
-}
-
-func (d *Driver) getAllMounts(id string) ([]hcsshim.MappedVirtualDisk, error) {
-	layerChain, err := d.getLayerChain(id)
-	if err != nil {
-		return nil, err
-	}
-	layerChain = append([]string{d.dir(id)}, layerChain...)
-
-	logrus.Debugf("getting all  layers: %v", layerChain)
-	disks := make([]hcsshim.MappedVirtualDisk, len(layerChain), len(layerChain))
-	for i := range layerChain {
-		ld, err := getLayerDetails(layerChain[i])
-		if err != nil {
-			logrus.Debugf("Failed to get LayerVhdDetails from %s: %s", layerChain[i], err)
-			return nil, err
-		}
-		disks[i].HostPath = ld.filename
-		disks[i].ContainerPath = hostToGuest(ld.filename)
-		disks[i].CreateInUtilityVM = true
-		disks[i].ReadOnly = !ld.isSandbox
-	}
-	return disks, nil
-}
-
-func hostToGuest(hostpath string) string {
-	// This is the "long" container path. At the point of which we are
-	// calculating this, we don't know which service VM we're going to be
-	// using, so we can't translate this to a short path yet, instead
-	// deferring until the point of which it's added to an SVM. We don't
-	// use long container paths in SVMs for SCSI disks, otherwise it can cause
-	// command line operations that we invoke to fail due to being over ~4200
-	// characters when there are ~47 layers involved. An example of this is
-	// the mount call to create the overlay across multiple SCSI-attached disks.
-	// It doesn't affect VPMem attached layers during container creation as
-	// these get mapped by openGCS to /tmp/N/M where N is a container instance
-	// number, and M is a layer number.
-	return fmt.Sprintf("/tmp/%s", filepath.Base(filepath.Dir(hostpath)))
-}
-
-func unionMountName(disks []hcsshim.MappedVirtualDisk) string {
-	return fmt.Sprintf("%s-mount", disks[0].ContainerPath)
-}
-
-type nopCloser struct {
-	io.Reader
-}
-
-func (nopCloser) Close() error {
-	return nil
-}
-
-type fileGetCloserFromSVM struct {
-	id  string
-	svm *serviceVM
-	mvd *hcsshim.MappedVirtualDisk
-	d   *Driver
-}
-
-func (fgc *fileGetCloserFromSVM) Close() error {
-	if fgc.svm != nil {
-		if fgc.mvd != nil {
-			if err := fgc.svm.hotRemoveVHDs(*fgc.mvd); err != nil {
-				// We just log this as we're going to tear down the SVM imminently unless in global mode
-				logrus.Errorf("failed to remove mvd %s: %s", fgc.mvd.ContainerPath, err)
-			}
-		}
-	}
-	if fgc.d != nil && fgc.svm != nil && fgc.id != "" {
-		if err := fgc.d.terminateServiceVM(fgc.id, fmt.Sprintf("diffgetter %s", fgc.id), false); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (fgc *fileGetCloserFromSVM) Get(filename string) (io.ReadCloser, error) {
-	errOut := &bytes.Buffer{}
-	outOut := &bytes.Buffer{}
-	// Must map to the actual "short" container path where the SCSI disk was mounted
-	actualContainerPath := fgc.svm.getShortContainerPath(fgc.mvd)
-	if actualContainerPath == "" {
-		return nil, fmt.Errorf("inconsistency detected: couldn't get short container path for %+v in utility VM %s", fgc.mvd, fgc.svm.config.Name)
-	}
-	file := path.Join(actualContainerPath, filename)
-	if err := fgc.svm.runProcess(fmt.Sprintf("cat %s", file), nil, outOut, errOut); err != nil {
-		logrus.Debugf("cat %s failed: %s", file, errOut.String())
-		return nil, err
-	}
-	return nopCloser{bytes.NewReader(outOut.Bytes())}, nil
-}
-
-// DiffGetter returns a FileGetCloser that can read files from the directory that
-// contains files for the layer differences. Used for direct access for tar-split.
-func (d *Driver) DiffGetter(id string) (graphdriver.FileGetCloser, error) {
-	title := fmt.Sprintf("lcowdriver: diffgetter: %s", id)
-	logrus.Debugf(title)
-
-	ld, err := getLayerDetails(d.dir(id))
-	if err != nil {
-		logrus.Debugf("%s: failed to get vhdx information of %s: %s", title, d.dir(id), err)
-		return nil, err
-	}
-
-	// Start the SVM with a mapped virtual disk. Note that if the SVM is
-	// already running and we are in global mode, this will be hot-added.
-	mvd := hcsshim.MappedVirtualDisk{
-		HostPath:          ld.filename,
-		ContainerPath:     hostToGuest(ld.filename),
-		CreateInUtilityVM: true,
-		ReadOnly:          true,
-	}
-
-	logrus.Debugf("%s: starting service VM", title)
-	svm, err := d.startServiceVMIfNotRunning(id, []hcsshim.MappedVirtualDisk{mvd}, fmt.Sprintf("diffgetter %s", id))
-	if err != nil {
-		return nil, err
-	}
-
-	logrus.Debugf("%s: waiting for svm to finish booting", title)
-	err = svm.getStartError()
-	if err != nil {
-		d.terminateServiceVM(id, fmt.Sprintf("diff %s", id), false)
-		return nil, fmt.Errorf("%s: svm failed to boot: %s", title, err)
-	}
-
-	return &fileGetCloserFromSVM{
-		id:  id,
-		svm: svm,
-		mvd: &mvd,
-		d:   d}, nil
-}
diff --git a/daemon/graphdriver/lcow/lcow_svm.go b/daemon/graphdriver/lcow/lcow_svm.go
deleted file mode 100644
index a70e1b2486e03..0000000000000
--- a/daemon/graphdriver/lcow/lcow_svm.go
+++ /dev/null
@@ -1,421 +0,0 @@
-// +build windows
-
-package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/Microsoft/opengcs/client"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-)
-
-// Code for all the service VM management for the LCOW graphdriver
-
-var errVMisTerminating = errors.New("service VM is shutting down")
-var errVMUnknown = errors.New("service vm id is unknown")
-var errVMStillHasReference = errors.New("Attemping to delete a VM that is still being used")
-
-// serviceVMMap is the struct representing the id -> service VM mapping.
-type serviceVMMap struct {
-	sync.Mutex
-	svms map[string]*serviceVMMapItem
-}
-
-// serviceVMMapItem is our internal structure representing an item in our
-// map of service VMs we are maintaining.
-type serviceVMMapItem struct {
-	svm      *serviceVM // actual service vm object
-	refCount int        // refcount for VM
-}
-
-// attachedVHD is for reference counting SCSI disks attached to a service VM,
-// and for a counter used to generate a short path name for the container path.
-type attachedVHD struct {
-	refCount      int
-	attachCounter uint64
-}
-
-type serviceVM struct {
-	sync.Mutex                     // Serialises operations being performed in this service VM.
-	scratchAttached bool           // Has a scratch been attached?
-	config          *client.Config // Represents the service VM item.
-
-	// Indicates that the vm is started
-	startStatus chan interface{}
-	startError  error
-
-	// Indicates that the vm is stopped
-	stopStatus chan interface{}
-	stopError  error
-
-	attachCounter uint64                  // Increasing counter for each add
-	attachedVHDs  map[string]*attachedVHD // Map ref counting all the VHDS we've hot-added/hot-removed.
-	unionMounts   map[string]int          // Map ref counting all the union filesystems we mounted.
-}
-
-// add will add an id to the service vm map. There are three cases:
-// 	- entry doesn't exist:
-// 		- add id to map and return a new vm that the caller can manually configure+start
-//	- entry does exist
-//  	- return vm in map and increment ref count
-//  - entry does exist but the ref count is 0
-//		- return the svm and errVMisTerminating. Caller can call svm.getStopError() to wait for stop
-func (svmMap *serviceVMMap) add(id string) (svm *serviceVM, alreadyExists bool, err error) {
-	svmMap.Lock()
-	defer svmMap.Unlock()
-	if svm, ok := svmMap.svms[id]; ok {
-		if svm.refCount == 0 {
-			return svm.svm, true, errVMisTerminating
-		}
-		svm.refCount++
-		return svm.svm, true, nil
-	}
-
-	// Doesn't exist, so create an empty svm to put into map and return
-	newSVM := &serviceVM{
-		startStatus:  make(chan interface{}),
-		stopStatus:   make(chan interface{}),
-		attachedVHDs: make(map[string]*attachedVHD),
-		unionMounts:  make(map[string]int),
-		config:       &client.Config{},
-	}
-	svmMap.svms[id] = &serviceVMMapItem{
-		svm:      newSVM,
-		refCount: 1,
-	}
-	return newSVM, false, nil
-}
-
-// get will get the service vm from the map. There are three cases:
-// 	- entry doesn't exist:
-// 		- return errVMUnknown
-//	- entry does exist
-//  	- return vm with no error
-//  - entry does exist but the ref count is 0
-//		- return the svm and errVMisTerminating. Caller can call svm.getStopError() to wait for stop
-func (svmMap *serviceVMMap) get(id string) (*serviceVM, error) {
-	svmMap.Lock()
-	defer svmMap.Unlock()
-	svm, ok := svmMap.svms[id]
-	if !ok {
-		return nil, errVMUnknown
-	}
-	if svm.refCount == 0 {
-		return svm.svm, errVMisTerminating
-	}
-	return svm.svm, nil
-}
-
-// decrementRefCount decrements the ref count of the given ID from the map. There are four cases:
-// 	- entry doesn't exist:
-// 		- return errVMUnknown
-//  - entry does exist but the ref count is 0
-//		- return the svm and errVMisTerminating. Caller can call svm.getStopError() to wait for stop
-//	- entry does exist but ref count is 1
-//  	- return vm and set lastRef to true. The caller can then stop the vm, delete the id from this map
-//      - and execute svm.signalStopFinished to signal the threads that the svm has been terminated.
-//	- entry does exist and ref count > 1
-//		- just reduce ref count and return svm
-func (svmMap *serviceVMMap) decrementRefCount(id string) (_ *serviceVM, lastRef bool, _ error) {
-	svmMap.Lock()
-	defer svmMap.Unlock()
-
-	svm, ok := svmMap.svms[id]
-	if !ok {
-		return nil, false, errVMUnknown
-	}
-	if svm.refCount == 0 {
-		return svm.svm, false, errVMisTerminating
-	}
-	svm.refCount--
-	return svm.svm, svm.refCount == 0, nil
-}
-
-// setRefCountZero works the same way as decrementRefCount, but sets ref count to 0 instead of decrementing it.
-func (svmMap *serviceVMMap) setRefCountZero(id string) (*serviceVM, error) {
-	svmMap.Lock()
-	defer svmMap.Unlock()
-
-	svm, ok := svmMap.svms[id]
-	if !ok {
-		return nil, errVMUnknown
-	}
-	if svm.refCount == 0 {
-		return svm.svm, errVMisTerminating
-	}
-	svm.refCount = 0
-	return svm.svm, nil
-}
-
-// deleteID deletes the given ID from the map. If the refcount is not 0 or the
-// VM does not exist, then this function returns an error.
-func (svmMap *serviceVMMap) deleteID(id string) error {
-	svmMap.Lock()
-	defer svmMap.Unlock()
-	svm, ok := svmMap.svms[id]
-	if !ok {
-		return errVMUnknown
-	}
-	if svm.refCount != 0 {
-		return errVMStillHasReference
-	}
-	delete(svmMap.svms, id)
-	return nil
-}
-
-func (svm *serviceVM) signalStartFinished(err error) {
-	svm.Lock()
-	svm.startError = err
-	svm.Unlock()
-	close(svm.startStatus)
-}
-
-func (svm *serviceVM) getStartError() error {
-	<-svm.startStatus
-	svm.Lock()
-	defer svm.Unlock()
-	return svm.startError
-}
-
-func (svm *serviceVM) signalStopFinished(err error) {
-	svm.Lock()
-	svm.stopError = err
-	svm.Unlock()
-	close(svm.stopStatus)
-}
-
-func (svm *serviceVM) getStopError() error {
-	<-svm.stopStatus
-	svm.Lock()
-	defer svm.Unlock()
-	return svm.stopError
-}
-
-// hotAddVHDs waits for the service vm to start and then attaches the vhds.
-func (svm *serviceVM) hotAddVHDs(mvds ...hcsshim.MappedVirtualDisk) error {
-	if err := svm.getStartError(); err != nil {
-		return err
-	}
-	return svm.hotAddVHDsAtStart(mvds...)
-}
-
-// hotAddVHDsAtStart works the same way as hotAddVHDs but does not wait for the VM to start.
-func (svm *serviceVM) hotAddVHDsAtStart(mvds ...hcsshim.MappedVirtualDisk) error {
-	svm.Lock()
-	defer svm.Unlock()
-	for i, mvd := range mvds {
-		if _, ok := svm.attachedVHDs[mvd.HostPath]; ok {
-			svm.attachedVHDs[mvd.HostPath].refCount++
-			logrus.Debugf("lcowdriver: UVM %s: %s already present, refCount now %d", svm.config.Name, mvd.HostPath, svm.attachedVHDs[mvd.HostPath].refCount)
-			continue
-		}
-
-		svm.attachCounter++
-		shortContainerPath := remapLongToShortContainerPath(mvd.ContainerPath, svm.attachCounter, svm.config.Name)
-		if err := svm.config.HotAddVhd(mvd.HostPath, shortContainerPath, mvd.ReadOnly, !mvd.AttachOnly); err != nil {
-			svm.hotRemoveVHDsNoLock(mvds[:i]...)
-			return err
-		}
-		svm.attachedVHDs[mvd.HostPath] = &attachedVHD{refCount: 1, attachCounter: svm.attachCounter}
-	}
-	return nil
-}
-
-// hotRemoveVHDs waits for the service vm to start and then removes the vhds.
-// The service VM must not be locked when calling this function.
-func (svm *serviceVM) hotRemoveVHDs(mvds ...hcsshim.MappedVirtualDisk) error {
-	if err := svm.getStartError(); err != nil {
-		return err
-	}
-	svm.Lock()
-	defer svm.Unlock()
-	return svm.hotRemoveVHDsNoLock(mvds...)
-}
-
-// hotRemoveVHDsNoLock removes VHDs from a service VM. When calling this function,
-// the contract is the service VM lock must be held.
-func (svm *serviceVM) hotRemoveVHDsNoLock(mvds ...hcsshim.MappedVirtualDisk) error {
-	var retErr error
-	for _, mvd := range mvds {
-		if _, ok := svm.attachedVHDs[mvd.HostPath]; !ok {
-			// We continue instead of returning an error if we try to hot remove a non-existent VHD.
-			// This is because one of the callers of the function is graphdriver.Put(). Since graphdriver.Get()
-			// defers the VM start to the first operation, it's possible that nothing have been hot-added
-			// when Put() is called. To avoid Put returning an error in that case, we simply continue if we
-			// don't find the vhd attached.
-			logrus.Debugf("lcowdriver: UVM %s: %s is not attached, not doing anything", svm.config.Name, mvd.HostPath)
-			continue
-		}
-
-		if svm.attachedVHDs[mvd.HostPath].refCount > 1 {
-			svm.attachedVHDs[mvd.HostPath].refCount--
-			logrus.Debugf("lcowdriver: UVM %s: %s refCount dropped to %d. not removing from UVM", svm.config.Name, mvd.HostPath, svm.attachedVHDs[mvd.HostPath].refCount)
-			continue
-		}
-
-		// last reference to VHD, so remove from VM and map
-		if err := svm.config.HotRemoveVhd(mvd.HostPath); err == nil {
-			delete(svm.attachedVHDs, mvd.HostPath)
-		} else {
-			// Take note of the error, but still continue to remove the other VHDs
-			logrus.Warnf("Failed to hot remove %s: %s", mvd.HostPath, err)
-			if retErr == nil {
-				retErr = err
-			}
-		}
-	}
-	return retErr
-}
-
-func (svm *serviceVM) createExt4VHDX(destFile string, sizeGB uint32, cacheFile string) error {
-	if err := svm.getStartError(); err != nil {
-		return err
-	}
-
-	svm.Lock()
-	defer svm.Unlock()
-	return svm.config.CreateExt4Vhdx(destFile, sizeGB, cacheFile)
-}
-
-// getShortContainerPath looks up where a SCSI disk was actually mounted
-// in a service VM when we remapped a long path name to a short name.
-func (svm *serviceVM) getShortContainerPath(mvd *hcsshim.MappedVirtualDisk) string {
-	if mvd.ContainerPath == "" {
-		return ""
-	}
-	avhd, ok := svm.attachedVHDs[mvd.HostPath]
-	if !ok {
-		return ""
-	}
-	return fmt.Sprintf("/tmp/d%d", avhd.attachCounter)
-}
-
-func (svm *serviceVM) createUnionMount(mountName string, mvds ...hcsshim.MappedVirtualDisk) (err error) {
-	if len(mvds) == 0 {
-		return fmt.Errorf("createUnionMount: error must have at least 1 layer")
-	}
-
-	if err = svm.getStartError(); err != nil {
-		return err
-	}
-
-	svm.Lock()
-	defer svm.Unlock()
-	if _, ok := svm.unionMounts[mountName]; ok {
-		svm.unionMounts[mountName]++
-		return nil
-	}
-
-	var lowerLayers []string
-	if mvds[0].ReadOnly {
-		lowerLayers = append(lowerLayers, svm.getShortContainerPath(&mvds[0]))
-	}
-
-	for i := 1; i < len(mvds); i++ {
-		lowerLayers = append(lowerLayers, svm.getShortContainerPath(&mvds[i]))
-	}
-
-	logrus.Debugf("Doing the overlay mount with union directory=%s", mountName)
-	errOut := &bytes.Buffer{}
-	if err = svm.runProcess(fmt.Sprintf("mkdir -p %s", mountName), nil, nil, errOut); err != nil {
-		return errors.Wrapf(err, "mkdir -p %s failed (%s)", mountName, errOut.String())
-	}
-
-	var cmd string
-	if len(mvds) == 1 {
-		// `FROM SCRATCH` case and the only layer. No overlay required.
-		cmd = fmt.Sprintf("mount %s %s", svm.getShortContainerPath(&mvds[0]), mountName)
-	} else if mvds[0].ReadOnly {
-		// Readonly overlay
-		cmd = fmt.Sprintf("mount -t overlay overlay -olowerdir=%s %s",
-			strings.Join(lowerLayers, ","),
-			mountName)
-	} else {
-		upper := fmt.Sprintf("%s/upper", svm.getShortContainerPath(&mvds[0]))
-		work := fmt.Sprintf("%s/work", svm.getShortContainerPath(&mvds[0]))
-
-		errOut := &bytes.Buffer{}
-		if err = svm.runProcess(fmt.Sprintf("mkdir -p %s %s", upper, work), nil, nil, errOut); err != nil {
-			return errors.Wrapf(err, "mkdir -p %s failed (%s)", mountName, errOut.String())
-		}
-
-		cmd = fmt.Sprintf("mount -t overlay overlay -olowerdir=%s,upperdir=%s,workdir=%s %s",
-			strings.Join(lowerLayers, ":"),
-			upper,
-			work,
-			mountName)
-	}
-
-	logrus.Debugf("createUnionMount: Executing mount=%s", cmd)
-	errOut = &bytes.Buffer{}
-	if err = svm.runProcess(cmd, nil, nil, errOut); err != nil {
-		return errors.Wrapf(err, "%s failed (%s)", cmd, errOut.String())
-	}
-
-	svm.unionMounts[mountName] = 1
-	return nil
-}
-
-func (svm *serviceVM) deleteUnionMount(mountName string, disks ...hcsshim.MappedVirtualDisk) error {
-	if err := svm.getStartError(); err != nil {
-		return err
-	}
-
-	svm.Lock()
-	defer svm.Unlock()
-	if _, ok := svm.unionMounts[mountName]; !ok {
-		return nil
-	}
-
-	if svm.unionMounts[mountName] > 1 {
-		svm.unionMounts[mountName]--
-		return nil
-	}
-
-	logrus.Debugf("Removing union mount %s", mountName)
-	if err := svm.runProcess(fmt.Sprintf("umount %s", mountName), nil, nil, nil); err != nil {
-		return err
-	}
-
-	delete(svm.unionMounts, mountName)
-	return nil
-}
-
-func (svm *serviceVM) runProcess(command string, stdin io.Reader, stdout io.Writer, stderr io.Writer) error {
-	var process hcsshim.Process
-	var err error
-	errOut := &bytes.Buffer{}
-
-	if stderr != nil {
-		process, err = svm.config.RunProcess(command, stdin, stdout, stderr)
-	} else {
-		process, err = svm.config.RunProcess(command, stdin, stdout, errOut)
-	}
-	if err != nil {
-		return err
-	}
-	defer process.Close()
-
-	process.WaitTimeout(time.Duration(int(time.Second) * svm.config.UvmTimeoutSeconds))
-	exitCode, err := process.ExitCode()
-	if err != nil {
-		return err
-	}
-
-	if exitCode != 0 {
-		// If the caller isn't explicitly capturing stderr output, then capture it here instead.
-		e := fmt.Sprintf("svm.runProcess: command %s failed with exit code %d", command, exitCode)
-		if stderr == nil {
-			e = fmt.Sprintf("%s. (%s)", e, errOut.String())
-		}
-		return fmt.Errorf(e)
-	}
-	return nil
-}
diff --git a/daemon/graphdriver/lcow/remotefs.go b/daemon/graphdriver/lcow/remotefs.go
deleted file mode 100644
index 29f15fd24cf66..0000000000000
--- a/daemon/graphdriver/lcow/remotefs.go
+++ /dev/null
@@ -1,139 +0,0 @@
-// +build windows
-
-package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"runtime"
-	"strings"
-	"sync"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/Microsoft/opengcs/service/gcsutils/remotefs"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/containerfs"
-	"github.com/sirupsen/logrus"
-)
-
-type lcowfs struct {
-	root        string
-	d           *Driver
-	mappedDisks []hcsshim.MappedVirtualDisk
-	vmID        string
-	currentSVM  *serviceVM
-	sync.Mutex
-}
-
-var _ containerfs.ContainerFS = &lcowfs{}
-
-// ErrNotSupported is an error for unsupported operations in the remotefs
-var ErrNotSupported = fmt.Errorf("not supported")
-
-// Functions to implement the ContainerFS interface
-func (l *lcowfs) Path() string {
-	return l.root
-}
-
-func (l *lcowfs) ResolveScopedPath(path string, rawPath bool) (string, error) {
-	logrus.Debugf("remotefs.resolvescopedpath inputs: %s %s ", path, l.root)
-
-	arg1 := l.Join(l.root, path)
-	if !rawPath {
-		// The l.Join("/", path) will make path an absolute path and then clean it
-		// so if path = ../../X, it will become /X.
-		arg1 = l.Join(l.root, l.Join("/", path))
-	}
-	arg2 := l.root
-
-	output := &bytes.Buffer{}
-	if err := l.runRemoteFSProcess(nil, output, remotefs.ResolvePathCmd, arg1, arg2); err != nil {
-		return "", err
-	}
-
-	logrus.Debugf("remotefs.resolvescopedpath success. Output: %s\n", output.String())
-	return output.String(), nil
-}
-
-func (l *lcowfs) OS() string {
-	return "linux"
-}
-
-func (l *lcowfs) Architecture() string {
-	return runtime.GOARCH
-}
-
-// Other functions that are used by docker like the daemon Archiver/Extractor
-func (l *lcowfs) ExtractArchive(src io.Reader, dst string, opts *archive.TarOptions) error {
-	logrus.Debugf("remotefs.ExtractArchve inputs: %s %+v", dst, opts)
-
-	tarBuf := &bytes.Buffer{}
-	if err := remotefs.WriteTarOptions(tarBuf, opts); err != nil {
-		return fmt.Errorf("failed to marshall tar opts: %s", err)
-	}
-
-	input := io.MultiReader(tarBuf, src)
-	if err := l.runRemoteFSProcess(input, nil, remotefs.ExtractArchiveCmd, dst); err != nil {
-		return fmt.Errorf("failed to extract archive to %s: %s", dst, err)
-	}
-	return nil
-}
-
-func (l *lcowfs) ArchivePath(src string, opts *archive.TarOptions) (io.ReadCloser, error) {
-	logrus.Debugf("remotefs.ArchivePath: %s %+v", src, opts)
-
-	tarBuf := &bytes.Buffer{}
-	if err := remotefs.WriteTarOptions(tarBuf, opts); err != nil {
-		return nil, fmt.Errorf("failed to marshall tar opts: %s", err)
-	}
-
-	r, w := io.Pipe()
-	go func() {
-		defer w.Close()
-		if err := l.runRemoteFSProcess(tarBuf, w, remotefs.ArchivePathCmd, src); err != nil {
-			logrus.Debugf("REMOTEFS: Failed to extract archive: %s %+v %s", src, opts, err)
-		}
-	}()
-	return r, nil
-}
-
-// Helper functions
-func (l *lcowfs) startVM() error {
-	l.Lock()
-	defer l.Unlock()
-	if l.currentSVM != nil {
-		return nil
-	}
-
-	svm, err := l.d.startServiceVMIfNotRunning(l.vmID, l.mappedDisks, fmt.Sprintf("lcowfs.startVM"))
-	if err != nil {
-		return err
-	}
-
-	if err = svm.createUnionMount(l.root, l.mappedDisks...); err != nil {
-		return err
-	}
-	l.currentSVM = svm
-	return nil
-}
-
-func (l *lcowfs) runRemoteFSProcess(stdin io.Reader, stdout io.Writer, args ...string) error {
-	if err := l.startVM(); err != nil {
-		return err
-	}
-
-	// Append remotefs prefix and setup as a command line string
-	cmd := fmt.Sprintf("%s %s", remotefs.RemotefsCmd, strings.Join(args, " "))
-	stderr := &bytes.Buffer{}
-	if err := l.currentSVM.runProcess(cmd, stdin, stdout, stderr); err != nil {
-		return err
-	}
-
-	eerr, err := remotefs.ReadError(stderr)
-	if eerr != nil {
-		// Process returned an error so return that.
-		return remotefs.ExportedToError(eerr)
-	}
-	return err
-}
diff --git a/daemon/graphdriver/lcow/remotefs_file.go b/daemon/graphdriver/lcow/remotefs_file.go
deleted file mode 100644
index 1f00bfff46da5..0000000000000
--- a/daemon/graphdriver/lcow/remotefs_file.go
+++ /dev/null
@@ -1,211 +0,0 @@
-// +build windows
-
-package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
-
-import (
-	"bytes"
-	"encoding/binary"
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"strconv"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/Microsoft/opengcs/service/gcsutils/remotefs"
-	"github.com/containerd/continuity/driver"
-)
-
-type lcowfile struct {
-	process   hcsshim.Process
-	stdin     io.WriteCloser
-	stdout    io.ReadCloser
-	stderr    io.ReadCloser
-	fs        *lcowfs
-	guestPath string
-}
-
-func (l *lcowfs) Open(path string) (driver.File, error) {
-	return l.OpenFile(path, os.O_RDONLY, 0)
-}
-
-func (l *lcowfs) OpenFile(path string, flag int, perm os.FileMode) (_ driver.File, err error) {
-	flagStr := strconv.FormatInt(int64(flag), 10)
-	permStr := strconv.FormatUint(uint64(perm), 8)
-
-	commandLine := fmt.Sprintf("%s %s %s %s %s", remotefs.RemotefsCmd, remotefs.OpenFileCmd, path, flagStr, permStr)
-	env := make(map[string]string)
-	env["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
-	processConfig := &hcsshim.ProcessConfig{
-		EmulateConsole:    false,
-		CreateStdInPipe:   true,
-		CreateStdOutPipe:  true,
-		CreateStdErrPipe:  true,
-		CreateInUtilityVm: true,
-		WorkingDirectory:  "/bin",
-		Environment:       env,
-		CommandLine:       commandLine,
-	}
-
-	process, err := l.currentSVM.config.Uvm.CreateProcess(processConfig)
-	if err != nil {
-		return nil, fmt.Errorf("failed to open file %s: %s", path, err)
-	}
-
-	stdin, stdout, stderr, err := process.Stdio()
-	if err != nil {
-		process.Kill()
-		process.Close()
-		return nil, fmt.Errorf("failed to open file pipes %s: %s", path, err)
-	}
-
-	lf := &lcowfile{
-		process:   process,
-		stdin:     stdin,
-		stdout:    stdout,
-		stderr:    stderr,
-		fs:        l,
-		guestPath: path,
-	}
-
-	if _, err := lf.getResponse(); err != nil {
-		return nil, fmt.Errorf("failed to open file %s: %s", path, err)
-	}
-	return lf, nil
-}
-
-func (l *lcowfile) Read(b []byte) (int, error) {
-	hdr := &remotefs.FileHeader{
-		Cmd:  remotefs.Read,
-		Size: uint64(len(b)),
-	}
-
-	if err := remotefs.WriteFileHeader(l.stdin, hdr, nil); err != nil {
-		return 0, err
-	}
-
-	buf, err := l.getResponse()
-	if err != nil {
-		return 0, err
-	}
-
-	n := copy(b, buf)
-	return n, nil
-}
-
-func (l *lcowfile) Write(b []byte) (int, error) {
-	hdr := &remotefs.FileHeader{
-		Cmd:  remotefs.Write,
-		Size: uint64(len(b)),
-	}
-
-	if err := remotefs.WriteFileHeader(l.stdin, hdr, b); err != nil {
-		return 0, err
-	}
-
-	_, err := l.getResponse()
-	if err != nil {
-		return 0, err
-	}
-
-	return len(b), nil
-}
-
-func (l *lcowfile) Seek(offset int64, whence int) (int64, error) {
-	seekHdr := &remotefs.SeekHeader{
-		Offset: offset,
-		Whence: int32(whence),
-	}
-
-	buf := &bytes.Buffer{}
-	if err := binary.Write(buf, binary.BigEndian, seekHdr); err != nil {
-		return 0, err
-	}
-
-	hdr := &remotefs.FileHeader{
-		Cmd:  remotefs.Write,
-		Size: uint64(buf.Len()),
-	}
-	if err := remotefs.WriteFileHeader(l.stdin, hdr, buf.Bytes()); err != nil {
-		return 0, err
-	}
-
-	resBuf, err := l.getResponse()
-	if err != nil {
-		return 0, err
-	}
-
-	var res int64
-	if err := binary.Read(bytes.NewBuffer(resBuf), binary.BigEndian, &res); err != nil {
-		return 0, err
-	}
-	return res, nil
-}
-
-func (l *lcowfile) Close() error {
-	hdr := &remotefs.FileHeader{
-		Cmd:  remotefs.Close,
-		Size: 0,
-	}
-
-	if err := remotefs.WriteFileHeader(l.stdin, hdr, nil); err != nil {
-		return err
-	}
-
-	_, err := l.getResponse()
-	return err
-}
-
-func (l *lcowfile) Readdir(n int) ([]os.FileInfo, error) {
-	nStr := strconv.FormatInt(int64(n), 10)
-
-	// Unlike the other File functions, this one can just be run without maintaining state,
-	// so just do the normal runRemoteFSProcess way.
-	buf := &bytes.Buffer{}
-	if err := l.fs.runRemoteFSProcess(nil, buf, remotefs.ReadDirCmd, l.guestPath, nStr); err != nil {
-		return nil, err
-	}
-
-	var info []remotefs.FileInfo
-	if err := json.Unmarshal(buf.Bytes(), &info); err != nil {
-		return nil, err
-	}
-
-	osInfo := make([]os.FileInfo, len(info))
-	for i := range info {
-		osInfo[i] = &info[i]
-	}
-	return osInfo, nil
-}
-
-func (l *lcowfile) getResponse() ([]byte, error) {
-	hdr, err := remotefs.ReadFileHeader(l.stdout)
-	if err != nil {
-		return nil, err
-	}
-
-	if hdr.Cmd != remotefs.CmdOK {
-		// Something went wrong during the openfile in the server.
-		// Parse stderr and return that as an error
-		eerr, err := remotefs.ReadError(l.stderr)
-		if eerr != nil {
-			return nil, remotefs.ExportedToError(eerr)
-		}
-
-		// Maybe the parsing went wrong?
-		if err != nil {
-			return nil, err
-		}
-
-		// At this point, we know something went wrong in the remotefs program, but
-		// we we don't know why.
-		return nil, fmt.Errorf("unknown error")
-	}
-
-	// Successful command, we might have some data to read (for Read + Seek)
-	buf := make([]byte, hdr.Size, hdr.Size)
-	if _, err := io.ReadFull(l.stdout, buf); err != nil {
-		return nil, err
-	}
-	return buf, nil
-}
diff --git a/daemon/graphdriver/lcow/remotefs_filedriver.go b/daemon/graphdriver/lcow/remotefs_filedriver.go
deleted file mode 100644
index f335868af6242..0000000000000
--- a/daemon/graphdriver/lcow/remotefs_filedriver.go
+++ /dev/null
@@ -1,123 +0,0 @@
-// +build windows
-
-package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
-
-import (
-	"bytes"
-	"encoding/json"
-	"os"
-	"strconv"
-
-	"github.com/Microsoft/opengcs/service/gcsutils/remotefs"
-
-	"github.com/containerd/continuity/driver"
-	"github.com/sirupsen/logrus"
-)
-
-var _ driver.Driver = &lcowfs{}
-
-func (l *lcowfs) Readlink(p string) (string, error) {
-	logrus.Debugf("removefs.readlink args: %s", p)
-
-	result := &bytes.Buffer{}
-	if err := l.runRemoteFSProcess(nil, result, remotefs.ReadlinkCmd, p); err != nil {
-		return "", err
-	}
-	return result.String(), nil
-}
-
-func (l *lcowfs) Mkdir(path string, mode os.FileMode) error {
-	return l.mkdir(path, mode, remotefs.MkdirCmd)
-}
-
-func (l *lcowfs) MkdirAll(path string, mode os.FileMode) error {
-	return l.mkdir(path, mode, remotefs.MkdirAllCmd)
-}
-
-func (l *lcowfs) mkdir(path string, mode os.FileMode, cmd string) error {
-	modeStr := strconv.FormatUint(uint64(mode), 8)
-	logrus.Debugf("remotefs.%s args: %s %s", cmd, path, modeStr)
-	return l.runRemoteFSProcess(nil, nil, cmd, path, modeStr)
-}
-
-func (l *lcowfs) Remove(path string) error {
-	return l.remove(path, remotefs.RemoveCmd)
-}
-
-func (l *lcowfs) RemoveAll(path string) error {
-	return l.remove(path, remotefs.RemoveAllCmd)
-}
-
-func (l *lcowfs) remove(path string, cmd string) error {
-	logrus.Debugf("remotefs.%s args: %s", cmd, path)
-	return l.runRemoteFSProcess(nil, nil, cmd, path)
-}
-
-func (l *lcowfs) Link(oldname, newname string) error {
-	return l.link(oldname, newname, remotefs.LinkCmd)
-}
-
-func (l *lcowfs) Symlink(oldname, newname string) error {
-	return l.link(oldname, newname, remotefs.SymlinkCmd)
-}
-
-func (l *lcowfs) link(oldname, newname, cmd string) error {
-	logrus.Debugf("remotefs.%s args: %s %s", cmd, oldname, newname)
-	return l.runRemoteFSProcess(nil, nil, cmd, oldname, newname)
-}
-
-func (l *lcowfs) Lchown(name string, uid, gid int64) error {
-	uidStr := strconv.FormatInt(uid, 10)
-	gidStr := strconv.FormatInt(gid, 10)
-
-	logrus.Debugf("remotefs.lchown args: %s %s %s", name, uidStr, gidStr)
-	return l.runRemoteFSProcess(nil, nil, remotefs.LchownCmd, name, uidStr, gidStr)
-}
-
-// Lchmod changes the mode of an file not following symlinks.
-func (l *lcowfs) Lchmod(path string, mode os.FileMode) error {
-	modeStr := strconv.FormatUint(uint64(mode), 8)
-	logrus.Debugf("remotefs.lchmod args: %s %s", path, modeStr)
-	return l.runRemoteFSProcess(nil, nil, remotefs.LchmodCmd, path, modeStr)
-}
-
-func (l *lcowfs) Mknod(path string, mode os.FileMode, major, minor int) error {
-	modeStr := strconv.FormatUint(uint64(mode), 8)
-	majorStr := strconv.FormatUint(uint64(major), 10)
-	minorStr := strconv.FormatUint(uint64(minor), 10)
-
-	logrus.Debugf("remotefs.mknod args: %s %s %s %s", path, modeStr, majorStr, minorStr)
-	return l.runRemoteFSProcess(nil, nil, remotefs.MknodCmd, path, modeStr, majorStr, minorStr)
-}
-
-func (l *lcowfs) Mkfifo(path string, mode os.FileMode) error {
-	modeStr := strconv.FormatUint(uint64(mode), 8)
-	logrus.Debugf("remotefs.mkfifo args: %s %s", path, modeStr)
-	return l.runRemoteFSProcess(nil, nil, remotefs.MkfifoCmd, path, modeStr)
-}
-
-func (l *lcowfs) Stat(p string) (os.FileInfo, error) {
-	return l.stat(p, remotefs.StatCmd)
-}
-
-func (l *lcowfs) Lstat(p string) (os.FileInfo, error) {
-	return l.stat(p, remotefs.LstatCmd)
-}
-
-func (l *lcowfs) stat(path string, cmd string) (os.FileInfo, error) {
-	logrus.Debugf("remotefs.stat inputs: %s %s", cmd, path)
-
-	output := &bytes.Buffer{}
-	err := l.runRemoteFSProcess(nil, output, cmd, path)
-	if err != nil {
-		return nil, err
-	}
-
-	var fi remotefs.FileInfo
-	if err := json.Unmarshal(output.Bytes(), &fi); err != nil {
-		return nil, err
-	}
-
-	logrus.Debugf("remotefs.stat success. got: %v\n", fi)
-	return &fi, nil
-}
diff --git a/daemon/graphdriver/lcow/remotefs_pathdriver.go b/daemon/graphdriver/lcow/remotefs_pathdriver.go
deleted file mode 100644
index 74895b0465428..0000000000000
--- a/daemon/graphdriver/lcow/remotefs_pathdriver.go
+++ /dev/null
@@ -1,212 +0,0 @@
-// +build windows
-
-package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
-
-import (
-	"errors"
-	"os"
-	pathpkg "path"
-	"path/filepath"
-	"sort"
-	"strings"
-
-	"github.com/containerd/continuity/pathdriver"
-)
-
-var _ pathdriver.PathDriver = &lcowfs{}
-
-// Continuity Path functions can be done locally
-func (l *lcowfs) Join(path ...string) string {
-	return pathpkg.Join(path...)
-}
-
-func (l *lcowfs) IsAbs(path string) bool {
-	return pathpkg.IsAbs(path)
-}
-
-func sameWord(a, b string) bool {
-	return a == b
-}
-
-// Implementation taken from the Go standard library
-func (l *lcowfs) Rel(basepath, targpath string) (string, error) {
-	baseVol := ""
-	targVol := ""
-	base := l.Clean(basepath)
-	targ := l.Clean(targpath)
-	if sameWord(targ, base) {
-		return ".", nil
-	}
-	base = base[len(baseVol):]
-	targ = targ[len(targVol):]
-	if base == "." {
-		base = ""
-	}
-	// Can't use IsAbs - `\a` and `a` are both relative in Windows.
-	baseSlashed := len(base) > 0 && base[0] == l.Separator()
-	targSlashed := len(targ) > 0 && targ[0] == l.Separator()
-	if baseSlashed != targSlashed || !sameWord(baseVol, targVol) {
-		return "", errors.New("Rel: can't make " + targpath + " relative to " + basepath)
-	}
-	// Position base[b0:bi] and targ[t0:ti] at the first differing elements.
-	bl := len(base)
-	tl := len(targ)
-	var b0, bi, t0, ti int
-	for {
-		for bi < bl && base[bi] != l.Separator() {
-			bi++
-		}
-		for ti < tl && targ[ti] != l.Separator() {
-			ti++
-		}
-		if !sameWord(targ[t0:ti], base[b0:bi]) {
-			break
-		}
-		if bi < bl {
-			bi++
-		}
-		if ti < tl {
-			ti++
-		}
-		b0 = bi
-		t0 = ti
-	}
-	if base[b0:bi] == ".." {
-		return "", errors.New("Rel: can't make " + targpath + " relative to " + basepath)
-	}
-	if b0 != bl {
-		// Base elements left. Must go up before going down.
-		seps := strings.Count(base[b0:bl], string(l.Separator()))
-		size := 2 + seps*3
-		if tl != t0 {
-			size += 1 + tl - t0
-		}
-		buf := make([]byte, size)
-		n := copy(buf, "..")
-		for i := 0; i < seps; i++ {
-			buf[n] = l.Separator()
-			copy(buf[n+1:], "..")
-			n += 3
-		}
-		if t0 != tl {
-			buf[n] = l.Separator()
-			copy(buf[n+1:], targ[t0:])
-		}
-		return string(buf), nil
-	}
-	return targ[t0:], nil
-}
-
-func (l *lcowfs) Base(path string) string {
-	return pathpkg.Base(path)
-}
-
-func (l *lcowfs) Dir(path string) string {
-	return pathpkg.Dir(path)
-}
-
-func (l *lcowfs) Clean(path string) string {
-	return pathpkg.Clean(path)
-}
-
-func (l *lcowfs) Split(path string) (dir, file string) {
-	return pathpkg.Split(path)
-}
-
-func (l *lcowfs) Separator() byte {
-	return '/'
-}
-
-func (l *lcowfs) Abs(path string) (string, error) {
-	// Abs is supposed to add the current working directory, which is meaningless in lcow.
-	// So, return an error.
-	return "", ErrNotSupported
-}
-
-// Implementation taken from the Go standard library
-func (l *lcowfs) Walk(root string, walkFn filepath.WalkFunc) error {
-	info, err := l.Lstat(root)
-	if err != nil {
-		err = walkFn(root, nil, err)
-	} else {
-		err = l.walk(root, info, walkFn)
-	}
-	if err == filepath.SkipDir {
-		return nil
-	}
-	return err
-}
-
-// walk recursively descends path, calling w.
-func (l *lcowfs) walk(path string, info os.FileInfo, walkFn filepath.WalkFunc) error {
-	err := walkFn(path, info, nil)
-	if err != nil {
-		if info.IsDir() && err == filepath.SkipDir {
-			return nil
-		}
-		return err
-	}
-
-	if !info.IsDir() {
-		return nil
-	}
-
-	names, err := l.readDirNames(path)
-	if err != nil {
-		return walkFn(path, info, err)
-	}
-
-	for _, name := range names {
-		filename := l.Join(path, name)
-		fileInfo, err := l.Lstat(filename)
-		if err != nil {
-			if err := walkFn(filename, fileInfo, err); err != nil && err != filepath.SkipDir {
-				return err
-			}
-		} else {
-			err = l.walk(filename, fileInfo, walkFn)
-			if err != nil {
-				if !fileInfo.IsDir() || err != filepath.SkipDir {
-					return err
-				}
-			}
-		}
-	}
-	return nil
-}
-
-// readDirNames reads the directory named by dirname and returns
-// a sorted list of directory entries.
-func (l *lcowfs) readDirNames(dirname string) ([]string, error) {
-	f, err := l.Open(dirname)
-	if err != nil {
-		return nil, err
-	}
-	files, err := f.Readdir(-1)
-	f.Close()
-	if err != nil {
-		return nil, err
-	}
-
-	names := make([]string, len(files), len(files))
-	for i := range files {
-		names[i] = files[i].Name()
-	}
-
-	sort.Strings(names)
-	return names, nil
-}
-
-// Note that Go's filepath.FromSlash/ToSlash convert between OS paths and '/'. Since the path separator
-// for LCOW (and Unix) is '/', they are no-ops.
-func (l *lcowfs) FromSlash(path string) string {
-	return path
-}
-
-func (l *lcowfs) ToSlash(path string) string {
-	return path
-}
-
-func (l *lcowfs) Match(pattern, name string) (matched bool, err error) {
-	return pathpkg.Match(pattern, name)
-}
diff --git a/daemon/graphdriver/overlay/overlay.go b/daemon/graphdriver/overlay/overlay.go
index 08c05e192f61c..6a51f59d55c4c 100644
--- a/daemon/graphdriver/overlay/overlay.go
+++ b/daemon/graphdriver/overlay/overlay.go
@@ -1,14 +1,12 @@
+//go:build linux
 // +build linux
 
 package overlay // import "github.com/docker/docker/daemon/graphdriver/overlay"
 
 import (
-	"bufio"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"strconv"
@@ -21,10 +19,10 @@ import (
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/fsutils"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/locker"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/system"
+	"github.com/moby/locker"
+	"github.com/moby/sys/mount"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
@@ -124,10 +122,6 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		return nil, err
 	}
 
-	if err := supportsOverlay(); err != nil {
-		return nil, graphdriver.ErrNotSupported
-	}
-
 	// Perform feature detection on /var/lib/docker/overlay if it's an existing directory.
 	// This covers situations where /var/lib/docker/overlay is a mount, and on a different
 	// filesystem than /var/lib/docker.
@@ -137,6 +131,11 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		testdir = filepath.Dir(testdir)
 	}
 
+	if err := overlayutils.SupportsOverlay(testdir, false); err != nil {
+		logrus.WithField("storage-driver", "overlay").Error(err)
+		return nil, graphdriver.ErrNotSupported
+	}
+
 	fsMagic, err := graphdriver.GetFSMagic(testdir)
 	if err != nil {
 		return nil, err
@@ -145,12 +144,6 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		backingFs = fsName
 	}
 
-	switch fsMagic {
-	case graphdriver.FsMagicAufs, graphdriver.FsMagicBtrfs, graphdriver.FsMagicEcryptfs, graphdriver.FsMagicNfsFs, graphdriver.FsMagicOverlay, graphdriver.FsMagicZfs:
-		logrus.WithField("storage-driver", "overlay").Errorf("'overlay' is not supported over %s", backingFs)
-		return nil, graphdriver.ErrIncompatibleFS
-	}
-
 	supportsDType, err := fsutils.SupportsDType(testdir)
 	if err != nil {
 		return nil, err
@@ -163,15 +156,20 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		logrus.WithField("storage-driver", "overlay").Warn(overlayutils.ErrDTypeNotSupported("overlay", backingFs))
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	currentID := idtools.CurrentIdentity()
+	_, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
 	if err != nil {
 		return nil, err
 	}
+	dirID := idtools.Identity{
+		UID: currentID.UID,
+		GID: rootGID,
+	}
+
 	// Create the driver home dir
-	if err := idtools.MkdirAllAndChown(home, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+	if err := idtools.MkdirAllAndChown(home, 0710, dirID); err != nil {
 		return nil, err
 	}
-
 	d := &Driver{
 		home:          home,
 		uidMaps:       uidMaps,
@@ -200,27 +198,6 @@ func parseOptions(options []string) (*overlayOptions, error) {
 	return o, nil
 }
 
-func supportsOverlay() error {
-	// We can try to modprobe overlay first before looking at
-	// proc/filesystems for when overlay is supported
-	exec.Command("modprobe", "overlay").Run()
-
-	f, err := os.Open("/proc/filesystems")
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		if s.Text() == "nodev\toverlay" {
-			return nil
-		}
-	}
-	logrus.WithField("storage-driver", "overlay").Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.")
-	return graphdriver.ErrNotSupported
-}
-
 func (d *Driver) String() string {
 	return "overlay"
 }
@@ -251,7 +228,7 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 		return metadata, nil
 	}
 
-	lowerID, err := ioutil.ReadFile(path.Join(dir, "lower-id"))
+	lowerID, err := os.ReadFile(path.Join(dir, "lower-id"))
 	if err != nil {
 		return nil, err
 	}
@@ -293,10 +270,12 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 	}
 	root := idtools.Identity{UID: rootUID, GID: rootGID}
 
-	if err := idtools.MkdirAllAndChown(path.Dir(dir), 0700, root); err != nil {
-		return err
+	currentID := idtools.CurrentIdentity()
+	dirID := idtools.Identity{
+		UID: currentID.UID,
+		GID: rootGID,
 	}
-	if err := idtools.MkdirAndChown(dir, 0700, root); err != nil {
+	if err := idtools.MkdirAndChown(dir, 0710, dirID); err != nil {
 		return err
 	}
 
@@ -309,6 +288,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 
 	// Toplevel images are just a "root" dir
 	if parent == "" {
+		// This must be 0755 otherwise unprivileged users will in the container will not be able to read / in the container
 		return idtools.MkdirAndChown(path.Join(dir, "root"), 0755, root)
 	}
 
@@ -329,17 +309,17 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 		if err := idtools.MkdirAndChown(path.Join(dir, "work"), 0700, root); err != nil {
 			return err
 		}
-		return ioutil.WriteFile(path.Join(dir, "lower-id"), []byte(parent), 0666)
+		return os.WriteFile(path.Join(dir, "lower-id"), []byte(parent), 0600)
 	}
 
 	// Otherwise, copy the upper and the lower-id from the parent
 
-	lowerID, err := ioutil.ReadFile(path.Join(parentDir, "lower-id"))
+	lowerID, err := os.ReadFile(path.Join(parentDir, "lower-id"))
 	if err != nil {
 		return err
 	}
 
-	if err := ioutil.WriteFile(path.Join(dir, "lower-id"), lowerID, 0666); err != nil {
+	if err := os.WriteFile(path.Join(dir, "lower-id"), lowerID, 0600); err != nil {
 		return err
 	}
 
@@ -405,7 +385,7 @@ func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, err erro
 			}
 		}
 	}()
-	lowerID, err := ioutil.ReadFile(path.Join(dir, "lower-id"))
+	lowerID, err := os.ReadFile(path.Join(dir, "lower-id"))
 	if err != nil {
 		return nil, err
 	}
@@ -485,7 +465,7 @@ func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64
 	// 2) ApplyDiff doesn't do any in-place writes to files (would break hardlinks)
 	// These are all currently true and are not expected to break
 
-	tmpRootDir, err := ioutil.TempDir(dir, "tmproot")
+	tmpRootDir, err := os.MkdirTemp(dir, "tmproot")
 	if err != nil {
 		return 0, err
 	}
diff --git a/daemon/graphdriver/overlay/overlay_test.go b/daemon/graphdriver/overlay/overlay_test.go
index b270122c63f1f..414d5f97c4470 100644
--- a/daemon/graphdriver/overlay/overlay_test.go
+++ b/daemon/graphdriver/overlay/overlay_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package overlay // import "github.com/docker/docker/daemon/graphdriver/overlay"
diff --git a/daemon/graphdriver/overlay/overlay_unsupported.go b/daemon/graphdriver/overlay/overlay_unsupported.go
index 8fc06ffecfa91..73128b58cd770 100644
--- a/daemon/graphdriver/overlay/overlay_unsupported.go
+++ b/daemon/graphdriver/overlay/overlay_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package overlay // import "github.com/docker/docker/daemon/graphdriver/overlay"
diff --git a/daemon/graphdriver/overlay2/check.go b/daemon/graphdriver/overlay2/check.go
index 1703b7a00c8a8..af5bc34650dac 100644
--- a/daemon/graphdriver/overlay2/check.go
+++ b/daemon/graphdriver/overlay2/check.go
@@ -1,15 +1,16 @@
+//go:build linux
 // +build linux
 
 package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
 	"syscall"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/pkg/system"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
@@ -19,8 +20,15 @@ import (
 // which copies up the opaque flag when copying up an opaque
 // directory or the kernel enable CONFIG_OVERLAY_FS_REDIRECT_DIR.
 // When these exist naive diff should be used.
+//
+// When running in a user namespace, returns errRunningInUserNS
+// immediately.
 func doesSupportNativeDiff(d string) error {
-	td, err := ioutil.TempDir(d, "opaque-bug-check")
+	if userns.RunningInUserNS() {
+		return errors.New("running in a user namespace")
+	}
+
+	td, err := os.MkdirTemp(d, "opaque-bug-check")
 	if err != nil {
 		return err
 	}
@@ -43,10 +51,10 @@ func doesSupportNativeDiff(d string) error {
 	if err := os.Mkdir(filepath.Join(td, "l3"), 0755); err != nil {
 		return err
 	}
-	if err := os.Mkdir(filepath.Join(td, "work"), 0755); err != nil {
+	if err := os.Mkdir(filepath.Join(td, workDirName), 0755); err != nil {
 		return err
 	}
-	if err := os.Mkdir(filepath.Join(td, "merged"), 0755); err != nil {
+	if err := os.Mkdir(filepath.Join(td, mergedDirName), 0755); err != nil {
 		return err
 	}
 
@@ -55,18 +63,18 @@ func doesSupportNativeDiff(d string) error {
 		return errors.Wrap(err, "failed to set opaque flag on middle layer")
 	}
 
-	opts := fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", path.Join(td, "l2"), path.Join(td, "l1"), path.Join(td, "l3"), path.Join(td, "work"))
-	if err := unix.Mount("overlay", filepath.Join(td, "merged"), "overlay", 0, opts); err != nil {
+	opts := fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", path.Join(td, "l2"), path.Join(td, "l1"), path.Join(td, "l3"), path.Join(td, workDirName))
+	if err := unix.Mount("overlay", filepath.Join(td, mergedDirName), "overlay", 0, opts); err != nil {
 		return errors.Wrap(err, "failed to mount overlay")
 	}
 	defer func() {
-		if err := unix.Unmount(filepath.Join(td, "merged"), 0); err != nil {
-			logger.Warnf("Failed to unmount check directory %v: %v", filepath.Join(td, "merged"), err)
+		if err := unix.Unmount(filepath.Join(td, mergedDirName), 0); err != nil {
+			logger.Warnf("Failed to unmount check directory %v: %v", filepath.Join(td, mergedDirName), err)
 		}
 	}()
 
 	// Touch file in d to force copy up of opaque directory "d" from "l2" to "l3"
-	if err := ioutil.WriteFile(filepath.Join(td, "merged", "d", "f"), []byte{}, 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(td, mergedDirName, "d", "f"), []byte{}, 0644); err != nil {
 		return errors.Wrap(err, "failed to write to merged directory")
 	}
 
@@ -80,7 +88,7 @@ func doesSupportNativeDiff(d string) error {
 	}
 
 	// rename "d1" to "d2"
-	if err := os.Rename(filepath.Join(td, "merged", "d1"), filepath.Join(td, "merged", "d2")); err != nil {
+	if err := os.Rename(filepath.Join(td, mergedDirName, "d1"), filepath.Join(td, mergedDirName, "d2")); err != nil {
 		// if rename failed with syscall.EXDEV, the kernel doesn't have CONFIG_OVERLAY_FS_REDIRECT_DIR enabled
 		if err.(*os.LinkError).Err == syscall.EXDEV {
 			return nil
@@ -99,35 +107,3 @@ func doesSupportNativeDiff(d string) error {
 
 	return nil
 }
-
-// supportsMultipleLowerDir checks if the system supports multiple lowerdirs,
-// which is required for the overlay2 driver. On 4.x kernels, multiple lowerdirs
-// are always available (so this check isn't needed), and backported to RHEL and
-// CentOS 3.x kernels (3.10.0-693.el7.x86_64 and up). This function is to detect
-// support on those kernels, without doing a kernel version compare.
-func supportsMultipleLowerDir(d string) error {
-	td, err := ioutil.TempDir(d, "multiple-lowerdir-check")
-	if err != nil {
-		return err
-	}
-	defer func() {
-		if err := os.RemoveAll(td); err != nil {
-			logger.Warnf("Failed to remove check directory %v: %v", td, err)
-		}
-	}()
-
-	for _, dir := range []string{"lower1", "lower2", "upper", "work", "merged"} {
-		if err := os.Mkdir(filepath.Join(td, dir), 0755); err != nil {
-			return err
-		}
-	}
-
-	opts := fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", path.Join(td, "lower2"), path.Join(td, "lower1"), path.Join(td, "upper"), path.Join(td, "work"))
-	if err := unix.Mount("overlay", filepath.Join(td, "merged"), "overlay", 0, opts); err != nil {
-		return errors.Wrap(err, "failed to mount overlay")
-	}
-	if err := unix.Unmount(filepath.Join(td, "merged"), 0); err != nil {
-		logger.Warnf("Failed to unmount check directory %v: %v", filepath.Join(td, "merged"), err)
-	}
-	return nil
-}
diff --git a/daemon/graphdriver/overlay2/mount.go b/daemon/graphdriver/overlay2/mount.go
index da409fc81a5e1..dcd7c0149009d 100644
--- a/daemon/graphdriver/overlay2/mount.go
+++ b/daemon/graphdriver/overlay2/mount.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
@@ -53,7 +54,7 @@ func mountFrom(dir, device, target, mType string, flags uintptr, label string) e
 		w.Close()
 		return fmt.Errorf("mountfrom error on re-exec cmd: %v", err)
 	}
-	//write the options to the pipe for the untar exec to read
+	// write the options to the pipe for the untar exec to read
 	if err := json.NewEncoder(w).Encode(options); err != nil {
 		w.Close()
 		return fmt.Errorf("mountfrom json encode to pipe failed: %v", err)
diff --git a/daemon/graphdriver/overlay2/overlay.go b/daemon/graphdriver/overlay2/overlay.go
index 6da1f25a34e62..444f600f556a4 100644
--- a/daemon/graphdriver/overlay2/overlay.go
+++ b/daemon/graphdriver/overlay2/overlay.go
@@ -1,16 +1,14 @@
+//go:build linux
 // +build linux
 
 package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
 
 import (
-	"bufio"
 	"context"
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"strconv"
@@ -19,20 +17,18 @@ import (
 
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/daemon/graphdriver/overlayutils"
-	"github.com/docker/docker/daemon/graphdriver/quota"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/directory"
 	"github.com/docker/docker/pkg/fsutils"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/locker"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
-	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/go-units"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"github.com/docker/docker/quota"
+	units "github.com/docker/go-units"
+	"github.com/moby/locker"
+	"github.com/moby/sys/mount"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
@@ -71,10 +67,13 @@ var (
 // that mounts do not fail due to length.
 
 const (
-	driverName = "overlay2"
-	linkDir    = "l"
-	lowerFile  = "lower"
-	maxDepth   = 128
+	driverName    = "overlay2"
+	linkDir       = "l"
+	diffDirName   = "diff"
+	workDirName   = "work"
+	mergedDirName = "merged"
+	lowerFile     = "lower"
+	maxDepth      = 128
 
 	// idLength represents the number of random characters
 	// which can be used to create the unique link identifier
@@ -113,7 +112,8 @@ var (
 	useNaiveDiffLock sync.Once
 	useNaiveDiffOnly bool
 
-	indexOff string
+	indexOff  string
+	userxattr string
 )
 
 func init() {
@@ -131,16 +131,6 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		return nil, err
 	}
 
-	if err := supportsOverlay(); err != nil {
-		return nil, graphdriver.ErrNotSupported
-	}
-
-	// require kernel 4.0.0 to ensure multiple lower dirs are supported
-	v, err := kernel.GetKernelVersion()
-	if err != nil {
-		return nil, err
-	}
-
 	// Perform feature detection on /var/lib/docker/overlay2 if it's an existing directory.
 	// This covers situations where /var/lib/docker/overlay2 is a mount, and on a different
 	// filesystem than /var/lib/docker.
@@ -150,6 +140,11 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		testdir = filepath.Dir(testdir)
 	}
 
+	if err := overlayutils.SupportsOverlay(testdir, true); err != nil {
+		logger.Error(err)
+		return nil, graphdriver.ErrNotSupported
+	}
+
 	fsMagic, err := graphdriver.GetFSMagic(testdir)
 	if err != nil {
 		return nil, err
@@ -158,32 +153,6 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		backingFs = fsName
 	}
 
-	switch fsMagic {
-	case graphdriver.FsMagicAufs, graphdriver.FsMagicEcryptfs, graphdriver.FsMagicNfsFs, graphdriver.FsMagicOverlay, graphdriver.FsMagicZfs:
-		logger.Errorf("'overlay2' is not supported over %s", backingFs)
-		return nil, graphdriver.ErrIncompatibleFS
-	case graphdriver.FsMagicBtrfs:
-		// Support for OverlayFS on BTRFS was added in kernel 4.7
-		// See https://btrfs.wiki.kernel.org/index.php/Changelog
-		if kernel.CompareKernelVersion(*v, kernel.VersionInfo{Kernel: 4, Major: 7, Minor: 0}) < 0 {
-			if !opts.overrideKernelCheck {
-				logger.Errorf("'overlay2' requires kernel 4.7 to use on %s", backingFs)
-				return nil, graphdriver.ErrIncompatibleFS
-			}
-			logger.Warn("Using pre-4.7.0 kernel for overlay2 on btrfs, may require kernel update")
-		}
-	}
-
-	if kernel.CompareKernelVersion(*v, kernel.VersionInfo{Kernel: 4, Major: 0, Minor: 0}) < 0 {
-		if opts.overrideKernelCheck {
-			logger.Warn("Using pre-4.0.0 kernel for overlay2, mount failures may require kernel update")
-		} else {
-			if err := supportsMultipleLowerDir(testdir); err != nil {
-				logger.Debugf("Multiple lower dirs not supported: %v", err)
-				return nil, graphdriver.ErrNotSupported
-			}
-		}
-	}
 	supportsDType, err := fsutils.SupportsDType(testdir)
 	if err != nil {
 		return nil, err
@@ -196,12 +165,20 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		logger.Warn(overlayutils.ErrDTypeNotSupported("overlay2", backingFs))
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	_, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
 	if err != nil {
 		return nil, err
 	}
-	// Create the driver home dir
-	if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+
+	cur := idtools.CurrentIdentity()
+	dirID := idtools.Identity{
+		UID: cur.UID,
+		GID: rootGID,
+	}
+	if err := idtools.MkdirAllAndChown(home, 0710, dirID); err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 0700, cur); err != nil {
 		return nil, err
 	}
 
@@ -240,7 +217,16 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		logger.Warnf("Unable to detect whether overlay kernel module supports index parameter: %s", err)
 	}
 
-	logger.Debugf("backingFs=%s, projectQuotaSupported=%v, indexOff=%q", backingFs, projectQuotaSupported, indexOff)
+	needsUserXattr, err := overlayutils.NeedsUserXAttr(home)
+	if err != nil {
+		logger.Warnf("Unable to detect whether overlay kernel module needs \"userxattr\" parameter: %s", err)
+	}
+	if needsUserXattr {
+		userxattr = "userxattr,"
+	}
+
+	logger.Debugf("backingFs=%s, projectQuotaSupported=%v, indexOff=%q, userxattr=%q",
+		backingFs, projectQuotaSupported, indexOff, userxattr)
 
 	return d, nil
 }
@@ -272,27 +258,6 @@ func parseOptions(options []string) (*overlayOptions, error) {
 	return o, nil
 }
 
-func supportsOverlay() error {
-	// We can try to modprobe overlay first before looking at
-	// proc/filesystems for when overlay is supported
-	exec.Command("modprobe", "overlay").Run()
-
-	f, err := os.Open("/proc/filesystems")
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		if s.Text() == "nodev\toverlay" {
-			return nil
-		}
-	}
-	logger.Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.")
-	return graphdriver.ErrNotSupported
-}
-
 func useNaiveDiff(home string) bool {
 	useNaiveDiffLock.Do(func() {
 		if err := doesSupportNativeDiff(home); err != nil {
@@ -314,6 +279,7 @@ func (d *Driver) Status() [][2]string {
 		{"Backing Filesystem", backingFs},
 		{"Supports d_type", strconv.FormatBool(d.supportsDType)},
 		{"Native Overlay Diff", strconv.FormatBool(!useNaiveDiff(d.home))},
+		{"userxattr", strconv.FormatBool(userxattr != "")},
 	}
 }
 
@@ -326,9 +292,9 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 	}
 
 	metadata := map[string]string{
-		"WorkDir":   path.Join(dir, "work"),
-		"MergedDir": path.Join(dir, "merged"),
-		"UpperDir":  path.Join(dir, "diff"),
+		"WorkDir":   path.Join(dir, workDirName),
+		"MergedDir": path.Join(dir, mergedDirName),
+		"UpperDir":  path.Join(dir, diffDirName),
 	}
 
 	lowerDirs, err := d.getLowerDirs(id)
@@ -352,23 +318,23 @@ func (d *Driver) Cleanup() error {
 // CreateReadWrite creates a layer that is writable for use as a container
 // file system.
 func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
-	if opts != nil && len(opts.StorageOpt) != 0 && !projectQuotaSupported {
-		return fmt.Errorf("--storage-opt is supported only for overlay over xfs with 'pquota' mount option")
-	}
-
 	if opts == nil {
 		opts = &graphdriver.CreateOpts{
-			StorageOpt: map[string]string{},
+			StorageOpt: make(map[string]string),
 		}
+	} else if opts.StorageOpt == nil {
+		opts.StorageOpt = make(map[string]string)
 	}
 
-	if _, ok := opts.StorageOpt["size"]; !ok {
-		if opts.StorageOpt == nil {
-			opts.StorageOpt = map[string]string{}
-		}
+	// Merge daemon default config.
+	if _, ok := opts.StorageOpt["size"]; !ok && d.options.quota.Size != 0 {
 		opts.StorageOpt["size"] = strconv.FormatUint(d.options.quota.Size, 10)
 	}
 
+	if _, ok := opts.StorageOpt["size"]; ok && !projectQuotaSupported {
+		return fmt.Errorf("--storage-opt is supported only for overlay over xfs with 'pquota' mount option")
+	}
+
 	return d.create(id, parent, opts)
 }
 
@@ -391,11 +357,15 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 		return err
 	}
 	root := idtools.Identity{UID: rootUID, GID: rootGID}
+	dirID := idtools.Identity{
+		UID: idtools.CurrentIdentity().UID,
+		GID: rootGID,
+	}
 
-	if err := idtools.MkdirAllAndChown(path.Dir(dir), 0700, root); err != nil {
+	if err := idtools.MkdirAllAndChown(path.Dir(dir), 0710, dirID); err != nil {
 		return err
 	}
-	if err := idtools.MkdirAndChown(dir, 0700, root); err != nil {
+	if err := idtools.MkdirAndChown(dir, 0710, dirID); err != nil {
 		return err
 	}
 
@@ -420,17 +390,17 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 		}
 	}
 
-	if err := idtools.MkdirAndChown(path.Join(dir, "diff"), 0755, root); err != nil {
+	if err := idtools.MkdirAndChown(path.Join(dir, diffDirName), 0755, root); err != nil {
 		return err
 	}
 
-	lid := generateID(idLength)
-	if err := os.Symlink(path.Join("..", id, "diff"), path.Join(d.home, linkDir, lid)); err != nil {
+	lid := overlayutils.GenerateID(idLength, logger)
+	if err := os.Symlink(path.Join("..", id, diffDirName), path.Join(d.home, linkDir, lid)); err != nil {
 		return err
 	}
 
 	// Write link id to link file
-	if err := ioutil.WriteFile(path.Join(dir, "link"), []byte(lid), 0644); err != nil {
+	if err := os.WriteFile(path.Join(dir, "link"), []byte(lid), 0644); err != nil {
 		return err
 	}
 
@@ -439,7 +409,11 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 		return nil
 	}
 
-	if err := idtools.MkdirAndChown(path.Join(dir, "work"), 0700, root); err != nil {
+	if err := idtools.MkdirAndChown(path.Join(dir, workDirName), 0700, root); err != nil {
+		return err
+	}
+
+	if err := os.WriteFile(path.Join(d.dir(parent), "committed"), []byte{}, 0600); err != nil {
 		return err
 	}
 
@@ -448,7 +422,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 		return err
 	}
 	if lower != "" {
-		if err := ioutil.WriteFile(path.Join(dir, lowerFile), []byte(lower), 0666); err != nil {
+		if err := os.WriteFile(path.Join(dir, lowerFile), []byte(lower), 0666); err != nil {
 			return err
 		}
 	}
@@ -485,13 +459,13 @@ func (d *Driver) getLower(parent string) (string, error) {
 	}
 
 	// Read Parent link fileA
-	parentLink, err := ioutil.ReadFile(path.Join(parentDir, "link"))
+	parentLink, err := os.ReadFile(path.Join(parentDir, "link"))
 	if err != nil {
 		return "", err
 	}
 	lowers := []string{path.Join(linkDir, string(parentLink))}
 
-	parentLower, err := ioutil.ReadFile(path.Join(parentDir, lowerFile))
+	parentLower, err := os.ReadFile(path.Join(parentDir, lowerFile))
 	if err == nil {
 		parentLowers := strings.Split(string(parentLower), ":")
 		lowers = append(lowers, parentLowers...)
@@ -508,7 +482,7 @@ func (d *Driver) dir(id string) string {
 
 func (d *Driver) getLowerDirs(id string) ([]string, error) {
 	var lowersArray []string
-	lowers, err := ioutil.ReadFile(path.Join(d.dir(id), lowerFile))
+	lowers, err := os.ReadFile(path.Join(d.dir(id), lowerFile))
 	if err == nil {
 		for _, s := range strings.Split(string(lowers), ":") {
 			lp, err := os.Readlink(path.Join(d.home, s))
@@ -531,7 +505,7 @@ func (d *Driver) Remove(id string) error {
 	d.locker.Lock(id)
 	defer d.locker.Unlock(id)
 	dir := d.dir(id)
-	lid, err := ioutil.ReadFile(path.Join(dir, "link"))
+	lid, err := os.ReadFile(path.Join(dir, "link"))
 	if err == nil {
 		if len(lid) == 0 {
 			logger.Errorf("refusing to remove empty link for layer %v", id)
@@ -555,8 +529,8 @@ func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr e
 		return nil, err
 	}
 
-	diffDir := path.Join(dir, "diff")
-	lowers, err := ioutil.ReadFile(path.Join(dir, lowerFile))
+	diffDir := path.Join(dir, diffDirName)
+	lowers, err := os.ReadFile(path.Join(dir, lowerFile))
 	if err != nil {
 		// If no lower, just return diff directory
 		if os.IsNotExist(err) {
@@ -565,7 +539,7 @@ func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr e
 		return nil, err
 	}
 
-	mergedDir := path.Join(dir, "merged")
+	mergedDir := path.Join(dir, mergedDirName)
 	if count := d.ctr.Increment(mergedDir); count > 1 {
 		return containerfs.NewLocalContainerFS(mergedDir), nil
 	}
@@ -583,13 +557,26 @@ func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr e
 		}
 	}()
 
-	workDir := path.Join(dir, "work")
+	workDir := path.Join(dir, workDirName)
 	splitLowers := strings.Split(string(lowers), ":")
 	absLowers := make([]string, len(splitLowers))
 	for i, s := range splitLowers {
 		absLowers[i] = path.Join(d.home, s)
 	}
-	opts := indexOff + "lowerdir=" + strings.Join(absLowers, ":") + ",upperdir=" + path.Join(dir, "diff") + ",workdir=" + path.Join(dir, "work")
+	var readonly bool
+	if _, err := os.Stat(path.Join(dir, "committed")); err == nil {
+		readonly = true
+	} else if !os.IsNotExist(err) {
+		return nil, err
+	}
+
+	var opts string
+	if readonly {
+		opts = indexOff + userxattr + "lowerdir=" + diffDir + ":" + strings.Join(absLowers, ":")
+	} else {
+		opts = indexOff + userxattr + "lowerdir=" + strings.Join(absLowers, ":") + ",upperdir=" + diffDir + ",workdir=" + workDir
+	}
+
 	mountData := label.FormatMountLabel(opts, mountLabel)
 	mount := unix.Mount
 	mountTarget := mergedDir
@@ -604,40 +591,37 @@ func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr e
 
 	pageSize := unix.Getpagesize()
 
-	// Go can return a larger page size than supported by the system
-	// as of go 1.7. This will be fixed in 1.8 and this block can be
-	// removed when building with 1.8.
-	// See https://github.com/golang/go/commit/1b9499b06989d2831e5b156161d6c07642926ee1
-	// See https://github.com/docker/docker/issues/27384
-	if pageSize > 4096 {
-		pageSize = 4096
-	}
-
 	// Use relative paths and mountFrom when the mount data has exceeded
 	// the page size. The mount syscall fails if the mount data cannot
 	// fit within a page and relative links make the mount data much
 	// smaller at the expense of requiring a fork exec to chroot.
-	if len(mountData) > pageSize {
-		opts = indexOff + "lowerdir=" + string(lowers) + ",upperdir=" + path.Join(id, "diff") + ",workdir=" + path.Join(id, "work")
+	if len(mountData) > pageSize-1 {
+		if readonly {
+			opts = indexOff + userxattr + "lowerdir=" + path.Join(id, diffDirName) + ":" + string(lowers)
+		} else {
+			opts = indexOff + userxattr + "lowerdir=" + string(lowers) + ",upperdir=" + path.Join(id, diffDirName) + ",workdir=" + path.Join(id, workDirName)
+		}
 		mountData = label.FormatMountLabel(opts, mountLabel)
-		if len(mountData) > pageSize {
+		if len(mountData) > pageSize-1 {
 			return nil, fmt.Errorf("cannot mount layer, mount label too large %d", len(mountData))
 		}
 
 		mount = func(source string, target string, mType string, flags uintptr, label string) error {
 			return mountFrom(d.home, source, target, mType, flags, label)
 		}
-		mountTarget = path.Join(id, "merged")
+		mountTarget = path.Join(id, mergedDirName)
 	}
 
 	if err := mount("overlay", mountTarget, "overlay", 0, mountData); err != nil {
 		return nil, fmt.Errorf("error creating overlay mount to %s: %v", mergedDir, err)
 	}
 
-	// chown "workdir/work" to the remapped root UID/GID. Overlay fs inside a
-	// user namespace requires this to move a directory from lower to upper.
-	if err := os.Chown(path.Join(workDir, "work"), rootUID, rootGID); err != nil {
-		return nil, err
+	if !readonly {
+		// chown "workdir/work" to the remapped root UID/GID. Overlay fs inside a
+		// user namespace requires this to move a directory from lower to upper.
+		if err := os.Chown(path.Join(workDir, workDirName), rootUID, rootGID); err != nil {
+			return nil, err
+		}
 	}
 
 	return containerfs.NewLocalContainerFS(mergedDir), nil
@@ -650,7 +634,7 @@ func (d *Driver) Put(id string) error {
 	d.locker.Lock(id)
 	defer d.locker.Unlock(id)
 	dir := d.dir(id)
-	_, err := ioutil.ReadFile(path.Join(dir, lowerFile))
+	_, err := os.ReadFile(path.Join(dir, lowerFile))
 	if err != nil {
 		// If no lower, no mount happened and just return directly
 		if os.IsNotExist(err) {
@@ -659,7 +643,7 @@ func (d *Driver) Put(id string) error {
 		return err
 	}
 
-	mountpoint := path.Join(dir, "merged")
+	mountpoint := path.Join(dir, mergedDirName)
 	if count := d.ctr.Decrement(mountpoint); count > 0 {
 		return nil
 	}
@@ -709,10 +693,11 @@ func (d *Driver) isParent(id, parent string) bool {
 
 // ApplyDiff applies the new layer into a root
 func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64, err error) {
-	if !d.isParent(id, parent) {
+	if useNaiveDiff(d.home) || !d.isParent(id, parent) {
 		return d.naiveDiff.ApplyDiff(id, parent, diff)
 	}
 
+	// never reach here if we are running in UserNS
 	applyDir := d.getDiffPath(id)
 
 	logger.Debugf("Applying tar in %s", applyDir)
@@ -721,7 +706,6 @@ func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64
 		UIDMaps:        d.uidMaps,
 		GIDMaps:        d.gidMaps,
 		WhiteoutFormat: archive.OverlayWhiteoutFormat,
-		InUserNS:       rsystem.RunningInUserNS(),
 	}); err != nil {
 		return 0, err
 	}
@@ -732,7 +716,7 @@ func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64
 func (d *Driver) getDiffPath(id string) string {
 	dir := d.dir(id)
 
-	return path.Join(dir, "diff")
+	return path.Join(dir, diffDirName)
 }
 
 // DiffSize calculates the changes between the specified id
@@ -752,6 +736,7 @@ func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) {
 		return d.naiveDiff.Diff(id, parent)
 	}
 
+	// never reach here if we are running in UserNS
 	diffPath := d.getDiffPath(id)
 	logger.Debugf("Tar with options on %s", diffPath)
 	return archive.TarWithOptions(diffPath, &archive.TarOptions{
diff --git a/daemon/graphdriver/overlay2/overlay_test.go b/daemon/graphdriver/overlay2/overlay_test.go
index 6befa7db57d4e..47f3f11005dfa 100644
--- a/daemon/graphdriver/overlay2/overlay_test.go
+++ b/daemon/graphdriver/overlay2/overlay_test.go
@@ -1,9 +1,9 @@
+//go:build linux
 // +build linux
 
 package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
 
 import (
-	"io/ioutil"
 	"os"
 	"testing"
 
@@ -23,7 +23,7 @@ func init() {
 }
 
 func skipIfNaive(t *testing.T) {
-	td, err := ioutil.TempDir("", "naive-check-")
+	td, err := os.MkdirTemp("", "naive-check-")
 	if err != nil {
 		t.Fatalf("Failed to create temp dir: %v", err)
 	}
diff --git a/daemon/graphdriver/overlay2/overlay_unsupported.go b/daemon/graphdriver/overlay2/overlay_unsupported.go
index 68b75a366af31..e34c13df60ae8 100644
--- a/daemon/graphdriver/overlay2/overlay_unsupported.go
+++ b/daemon/graphdriver/overlay2/overlay_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
diff --git a/daemon/graphdriver/overlayutils/overlayutils.go b/daemon/graphdriver/overlayutils/overlayutils.go
index 71f6d2d46077f..5100c87bf9b9e 100644
--- a/daemon/graphdriver/overlayutils/overlayutils.go
+++ b/daemon/graphdriver/overlayutils/overlayutils.go
@@ -1,11 +1,18 @@
+//go:build linux
 // +build linux
 
 package overlayutils // import "github.com/docker/docker/daemon/graphdriver/overlayutils"
 
 import (
 	"fmt"
+	"os"
+	"path"
+	"path/filepath"
 
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 // ErrDTypeNotSupported denotes that the backing filesystem doesn't support d_type.
@@ -23,3 +30,50 @@ func ErrDTypeNotSupported(driver, backingFs string) error {
 
 	return graphdriver.NotSupportedError(msg)
 }
+
+// SupportsOverlay checks if the system supports overlay filesystem
+// by performing an actual overlay mount.
+//
+// checkMultipleLowers parameter enables check for multiple lowerdirs,
+// which is required for the overlay2 driver.
+func SupportsOverlay(d string, checkMultipleLowers bool) error {
+	// We can't rely on go-selinux.GetEnabled() to detect whether SELinux is enabled,
+	// because RootlessKit doesn't mount /sys/fs/selinux in the child: https://github.com/rootless-containers/rootlesskit/issues/94
+	// So we check $_DOCKERD_ROOTLESS_SELINUX, which is set by dockerd-rootless.sh .
+	if os.Getenv("_DOCKERD_ROOTLESS_SELINUX") == "1" {
+		// Kernel 5.11 introduced support for rootless overlayfs, but incompatible with SELinux,
+		// so fallback to fuse-overlayfs.
+		// https://github.com/moby/moby/issues/42333
+		return errors.New("overlay is not supported for Rootless with SELinux")
+	}
+
+	td, err := os.MkdirTemp(d, "check-overlayfs-support")
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err := os.RemoveAll(td); err != nil {
+			logrus.Warnf("Failed to remove check directory %v: %v", td, err)
+		}
+	}()
+
+	for _, dir := range []string{"lower1", "lower2", "upper", "work", "merged"} {
+		if err := os.Mkdir(filepath.Join(td, dir), 0755); err != nil {
+			return err
+		}
+	}
+
+	mnt := filepath.Join(td, "merged")
+	lowerDir := path.Join(td, "lower2")
+	if checkMultipleLowers {
+		lowerDir += ":" + path.Join(td, "lower1")
+	}
+	opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerDir, path.Join(td, "upper"), path.Join(td, "work"))
+	if err := unix.Mount("overlay", mnt, "overlay", 0, opts); err != nil {
+		return errors.Wrap(err, "failed to mount overlay")
+	}
+	if err := unix.Unmount(mnt, 0); err != nil {
+		logrus.Warnf("Failed to unmount check directory %v: %v", mnt, err)
+	}
+	return nil
+}
diff --git a/daemon/graphdriver/overlay2/randomid.go b/daemon/graphdriver/overlayutils/randomid.go
similarity index 87%
rename from daemon/graphdriver/overlay2/randomid.go
rename to daemon/graphdriver/overlayutils/randomid.go
index 8f3f4627886c6..2c6706b38870c 100644
--- a/daemon/graphdriver/overlay2/randomid.go
+++ b/daemon/graphdriver/overlayutils/randomid.go
@@ -1,6 +1,7 @@
+//go:build linux
 // +build linux
 
-package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
+package overlayutils // import "github.com/docker/docker/daemon/graphdriver/overlayutils"
 
 import (
 	"crypto/rand"
@@ -11,11 +12,12 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
-// generateID creates a new random string identifier with the given length
-func generateID(l int) string {
+// GenerateID creates a new random string identifier with the given length
+func GenerateID(l int, logger *logrus.Entry) string {
 	const (
 		// ensures we backoff for less than 450ms total. Use the following to
 		// select new value, in units of 10ms:
diff --git a/daemon/graphdriver/overlayutils/userxattr.go b/daemon/graphdriver/overlayutils/userxattr.go
new file mode 100644
index 0000000000000..f5176c450da5d
--- /dev/null
+++ b/daemon/graphdriver/overlayutils/userxattr.go
@@ -0,0 +1,116 @@
+//go:build linux
+// +build linux
+
+// Forked from https://github.com/containerd/containerd/blob/9ade247b38b5a685244e1391c86ff41ab109556e/snapshots/overlay/check.go
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package overlayutils
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/pkg/userns"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/sirupsen/logrus"
+)
+
+// NeedsUserXAttr returns whether overlayfs should be mounted with the "userxattr" mount option.
+//
+// The "userxattr" option is needed for mounting overlayfs inside a user namespace with kernel >= 5.11.
+//
+// The "userxattr" option is NOT needed for the initial user namespace (aka "the host").
+//
+// Also, Ubuntu (since circa 2015) and Debian (since 10) with kernel < 5.11 can mount
+// the overlayfs in a user namespace without the "userxattr" option.
+//
+// The corresponding kernel commit: https://github.com/torvalds/linux/commit/2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1
+// > ovl: user xattr
+// >
+// > Optionally allow using "user.overlay." namespace instead of "trusted.overlay."
+// > ...
+// > Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the
+// > "user.overlay.redirect" or "user.overlay.metacopy" xattrs.
+// > ...
+//
+// The "userxattr" support is not exposed in "/sys/module/overlay/parameters".
+func NeedsUserXAttr(d string) (bool, error) {
+	if !userns.RunningInUserNS() {
+		// we are the real root (i.e., the root in the initial user NS),
+		// so we do never need "userxattr" opt.
+		return false, nil
+	}
+
+	// Fast path for kernel >= 5.11 .
+	//
+	// Keep in mind that distro vendors might be going to backport the patch to older kernels.
+	// So we can't completely remove the "slow path".
+	if kernel.CheckKernelVersion(5, 11, 0) {
+		return true, nil
+	}
+
+	tdRoot := filepath.Join(d, "userxattr-check")
+	if err := os.RemoveAll(tdRoot); err != nil {
+		logrus.WithError(err).Warnf("Failed to remove check directory %v", tdRoot)
+	}
+
+	if err := os.MkdirAll(tdRoot, 0700); err != nil {
+		return false, err
+	}
+
+	defer func() {
+		if err := os.RemoveAll(tdRoot); err != nil {
+			logrus.WithError(err).Warnf("Failed to remove check directory %v", tdRoot)
+		}
+	}()
+
+	td, err := os.MkdirTemp(tdRoot, "")
+	if err != nil {
+		return false, err
+	}
+
+	for _, dir := range []string{"lower1", "lower2", "upper", "work", "merged"} {
+		if err := os.Mkdir(filepath.Join(td, dir), 0755); err != nil {
+			return false, err
+		}
+	}
+
+	opts := []string{
+		fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", filepath.Join(td, "lower2"), filepath.Join(td, "lower1"), filepath.Join(td, "upper"), filepath.Join(td, "work")),
+		"userxattr",
+	}
+
+	m := mount.Mount{
+		Type:    "overlay",
+		Source:  "overlay",
+		Options: opts,
+	}
+
+	dest := filepath.Join(td, "merged")
+	if err := m.Mount(dest); err != nil {
+		// Probably the host is running Ubuntu/Debian kernel (< 5.11) with the userns patch but without the userxattr patch.
+		// Return false without error.
+		logrus.WithError(err).Debugf("cannot mount overlay with \"userxattr\", probably the kernel does not support userxattr")
+		return false, nil
+	}
+	if err := mount.UnmountAll(dest, 0); err != nil {
+		logrus.WithError(err).Warnf("Failed to unmount check directory %v", dest)
+	}
+	return true, nil
+}
diff --git a/daemon/graphdriver/plugin.go b/daemon/graphdriver/plugin.go
index b0983c566797c..00f1dc9b6df1b 100644
--- a/daemon/graphdriver/plugin.go
+++ b/daemon/graphdriver/plugin.go
@@ -7,7 +7,7 @@ import (
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
-	"github.com/docker/docker/plugin/v2"
+	v2 "github.com/docker/docker/plugin/v2"
 	"github.com/pkg/errors"
 )
 
diff --git a/daemon/graphdriver/quota/errors.go b/daemon/graphdriver/quota/errors.go
deleted file mode 100644
index 68e797470dfe7..0000000000000
--- a/daemon/graphdriver/quota/errors.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package quota // import "github.com/docker/docker/daemon/graphdriver/quota"
-
-import "github.com/docker/docker/errdefs"
-
-var (
-	_ errdefs.ErrNotImplemented = (*errQuotaNotSupported)(nil)
-)
-
-// ErrQuotaNotSupported indicates if were found the FS didn't have projects quotas available
-var ErrQuotaNotSupported = errQuotaNotSupported{}
-
-type errQuotaNotSupported struct {
-}
-
-func (e errQuotaNotSupported) NotImplemented() {}
-
-func (e errQuotaNotSupported) Error() string {
-	return "Filesystem does not support, or has not enabled quotas"
-}
diff --git a/daemon/graphdriver/quota/projectquota.go b/daemon/graphdriver/quota/projectquota.go
deleted file mode 100644
index 93e85823af845..0000000000000
--- a/daemon/graphdriver/quota/projectquota.go
+++ /dev/null
@@ -1,384 +0,0 @@
-// +build linux
-
-//
-// projectquota.go - implements XFS project quota controls
-// for setting quota limits on a newly created directory.
-// It currently supports the legacy XFS specific ioctls.
-//
-// TODO: use generic quota control ioctl FS_IOC_FS{GET,SET}XATTR
-//       for both xfs/ext4 for kernel version >= v4.5
-//
-
-package quota // import "github.com/docker/docker/daemon/graphdriver/quota"
-
-/*
-#include <stdlib.h>
-#include <dirent.h>
-#include <linux/fs.h>
-#include <linux/quota.h>
-#include <linux/dqblk_xfs.h>
-
-#ifndef FS_XFLAG_PROJINHERIT
-struct fsxattr {
-	__u32		fsx_xflags;
-	__u32		fsx_extsize;
-	__u32		fsx_nextents;
-	__u32		fsx_projid;
-	unsigned char	fsx_pad[12];
-};
-#define FS_XFLAG_PROJINHERIT	0x00000200
-#endif
-#ifndef FS_IOC_FSGETXATTR
-#define FS_IOC_FSGETXATTR		_IOR ('X', 31, struct fsxattr)
-#endif
-#ifndef FS_IOC_FSSETXATTR
-#define FS_IOC_FSSETXATTR		_IOW ('X', 32, struct fsxattr)
-#endif
-
-#ifndef PRJQUOTA
-#define PRJQUOTA	2
-#endif
-#ifndef XFS_PROJ_QUOTA
-#define XFS_PROJ_QUOTA	2
-#endif
-#ifndef Q_XSETPQLIM
-#define Q_XSETPQLIM QCMD(Q_XSETQLIM, PRJQUOTA)
-#endif
-#ifndef Q_XGETPQUOTA
-#define Q_XGETPQUOTA QCMD(Q_XGETQUOTA, PRJQUOTA)
-#endif
-
-const int Q_XGETQSTAT_PRJQUOTA = QCMD(Q_XGETQSTAT, PRJQUOTA);
-*/
-import "C"
-import (
-	"fmt"
-	"io/ioutil"
-	"path"
-	"path/filepath"
-	"unsafe"
-
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
-)
-
-// Quota limit params - currently we only control blocks hard limit
-type Quota struct {
-	Size uint64
-}
-
-// Control - Context to be used by storage driver (e.g. overlay)
-// who wants to apply project quotas to container dirs
-type Control struct {
-	backingFsBlockDev string
-	nextProjectID     uint32
-	quotas            map[string]uint32
-}
-
-// NewControl - initialize project quota support.
-// Test to make sure that quota can be set on a test dir and find
-// the first project id to be used for the next container create.
-//
-// Returns nil (and error) if project quota is not supported.
-//
-// First get the project id of the home directory.
-// This test will fail if the backing fs is not xfs.
-//
-// xfs_quota tool can be used to assign a project id to the driver home directory, e.g.:
-//    echo 999:/var/lib/docker/overlay2 >> /etc/projects
-//    echo docker:999 >> /etc/projid
-//    xfs_quota -x -c 'project -s docker' /<xfs mount point>
-//
-// In that case, the home directory project id will be used as a "start offset"
-// and all containers will be assigned larger project ids (e.g. >= 1000).
-// This is a way to prevent xfs_quota management from conflicting with docker.
-//
-// Then try to create a test directory with the next project id and set a quota
-// on it. If that works, continue to scan existing containers to map allocated
-// project ids.
-//
-func NewControl(basePath string) (*Control, error) {
-	//
-	// If we are running in a user namespace quota won't be supported for
-	// now since makeBackingFsDev() will try to mknod().
-	//
-	if rsystem.RunningInUserNS() {
-		return nil, ErrQuotaNotSupported
-	}
-
-	//
-	// create backing filesystem device node
-	//
-	backingFsBlockDev, err := makeBackingFsDev(basePath)
-	if err != nil {
-		return nil, err
-	}
-
-	// check if we can call quotactl with project quotas
-	// as a mechanism to determine (early) if we have support
-	hasQuotaSupport, err := hasQuotaSupport(backingFsBlockDev)
-	if err != nil {
-		return nil, err
-	}
-	if !hasQuotaSupport {
-		return nil, ErrQuotaNotSupported
-	}
-
-	//
-	// Get project id of parent dir as minimal id to be used by driver
-	//
-	minProjectID, err := getProjectID(basePath)
-	if err != nil {
-		return nil, err
-	}
-	minProjectID++
-
-	//
-	// Test if filesystem supports project quotas by trying to set
-	// a quota on the first available project id
-	//
-	quota := Quota{
-		Size: 0,
-	}
-	if err := setProjectQuota(backingFsBlockDev, minProjectID, quota); err != nil {
-		return nil, err
-	}
-
-	q := Control{
-		backingFsBlockDev: backingFsBlockDev,
-		nextProjectID:     minProjectID + 1,
-		quotas:            make(map[string]uint32),
-	}
-
-	//
-	// get first project id to be used for next container
-	//
-	err = q.findNextProjectID(basePath)
-	if err != nil {
-		return nil, err
-	}
-
-	logrus.Debugf("NewControl(%s): nextProjectID = %d", basePath, q.nextProjectID)
-	return &q, nil
-}
-
-// SetQuota - assign a unique project id to directory and set the quota limits
-// for that project id
-func (q *Control) SetQuota(targetPath string, quota Quota) error {
-
-	projectID, ok := q.quotas[targetPath]
-	if !ok {
-		projectID = q.nextProjectID
-
-		//
-		// assign project id to new container directory
-		//
-		err := setProjectID(targetPath, projectID)
-		if err != nil {
-			return err
-		}
-
-		q.quotas[targetPath] = projectID
-		q.nextProjectID++
-	}
-
-	//
-	// set the quota limit for the container's project id
-	//
-	logrus.Debugf("SetQuota(%s, %d): projectID=%d", targetPath, quota.Size, projectID)
-	return setProjectQuota(q.backingFsBlockDev, projectID, quota)
-}
-
-// setProjectQuota - set the quota for project id on xfs block device
-func setProjectQuota(backingFsBlockDev string, projectID uint32, quota Quota) error {
-	var d C.fs_disk_quota_t
-	d.d_version = C.FS_DQUOT_VERSION
-	d.d_id = C.__u32(projectID)
-	d.d_flags = C.XFS_PROJ_QUOTA
-
-	d.d_fieldmask = C.FS_DQ_BHARD | C.FS_DQ_BSOFT
-	d.d_blk_hardlimit = C.__u64(quota.Size / 512)
-	d.d_blk_softlimit = d.d_blk_hardlimit
-
-	var cs = C.CString(backingFsBlockDev)
-	defer C.free(unsafe.Pointer(cs))
-
-	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, C.Q_XSETPQLIM,
-		uintptr(unsafe.Pointer(cs)), uintptr(d.d_id),
-		uintptr(unsafe.Pointer(&d)), 0, 0)
-	if errno != 0 {
-		return fmt.Errorf("Failed to set quota limit for projid %d on %s: %v",
-			projectID, backingFsBlockDev, errno.Error())
-	}
-
-	return nil
-}
-
-// GetQuota - get the quota limits of a directory that was configured with SetQuota
-func (q *Control) GetQuota(targetPath string, quota *Quota) error {
-
-	projectID, ok := q.quotas[targetPath]
-	if !ok {
-		return fmt.Errorf("quota not found for path : %s", targetPath)
-	}
-
-	//
-	// get the quota limit for the container's project id
-	//
-	var d C.fs_disk_quota_t
-
-	var cs = C.CString(q.backingFsBlockDev)
-	defer C.free(unsafe.Pointer(cs))
-
-	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, C.Q_XGETPQUOTA,
-		uintptr(unsafe.Pointer(cs)), uintptr(C.__u32(projectID)),
-		uintptr(unsafe.Pointer(&d)), 0, 0)
-	if errno != 0 {
-		return fmt.Errorf("Failed to get quota limit for projid %d on %s: %v",
-			projectID, q.backingFsBlockDev, errno.Error())
-	}
-	quota.Size = uint64(d.d_blk_hardlimit) * 512
-
-	return nil
-}
-
-// getProjectID - get the project id of path on xfs
-func getProjectID(targetPath string) (uint32, error) {
-	dir, err := openDir(targetPath)
-	if err != nil {
-		return 0, err
-	}
-	defer closeDir(dir)
-
-	var fsx C.struct_fsxattr
-	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
-		uintptr(unsafe.Pointer(&fsx)))
-	if errno != 0 {
-		return 0, fmt.Errorf("Failed to get projid for %s: %v", targetPath, errno.Error())
-	}
-
-	return uint32(fsx.fsx_projid), nil
-}
-
-// setProjectID - set the project id of path on xfs
-func setProjectID(targetPath string, projectID uint32) error {
-	dir, err := openDir(targetPath)
-	if err != nil {
-		return err
-	}
-	defer closeDir(dir)
-
-	var fsx C.struct_fsxattr
-	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
-		uintptr(unsafe.Pointer(&fsx)))
-	if errno != 0 {
-		return fmt.Errorf("Failed to get projid for %s: %v", targetPath, errno.Error())
-	}
-	fsx.fsx_projid = C.__u32(projectID)
-	fsx.fsx_xflags |= C.FS_XFLAG_PROJINHERIT
-	_, _, errno = unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSSETXATTR,
-		uintptr(unsafe.Pointer(&fsx)))
-	if errno != 0 {
-		return fmt.Errorf("Failed to set projid for %s: %v", targetPath, errno.Error())
-	}
-
-	return nil
-}
-
-// findNextProjectID - find the next project id to be used for containers
-// by scanning driver home directory to find used project ids
-func (q *Control) findNextProjectID(home string) error {
-	files, err := ioutil.ReadDir(home)
-	if err != nil {
-		return fmt.Errorf("read directory failed : %s", home)
-	}
-	for _, file := range files {
-		if !file.IsDir() {
-			continue
-		}
-		path := filepath.Join(home, file.Name())
-		projid, err := getProjectID(path)
-		if err != nil {
-			return err
-		}
-		if projid > 0 {
-			q.quotas[path] = projid
-		}
-		if q.nextProjectID <= projid {
-			q.nextProjectID = projid + 1
-		}
-	}
-
-	return nil
-}
-
-func free(p *C.char) {
-	C.free(unsafe.Pointer(p))
-}
-
-func openDir(path string) (*C.DIR, error) {
-	Cpath := C.CString(path)
-	defer free(Cpath)
-
-	dir := C.opendir(Cpath)
-	if dir == nil {
-		return nil, fmt.Errorf("Can't open dir")
-	}
-	return dir, nil
-}
-
-func closeDir(dir *C.DIR) {
-	if dir != nil {
-		C.closedir(dir)
-	}
-}
-
-func getDirFd(dir *C.DIR) uintptr {
-	return uintptr(C.dirfd(dir))
-}
-
-// Get the backing block device of the driver home directory
-// and create a block device node under the home directory
-// to be used by quotactl commands
-func makeBackingFsDev(home string) (string, error) {
-	var stat unix.Stat_t
-	if err := unix.Stat(home, &stat); err != nil {
-		return "", err
-	}
-
-	backingFsBlockDev := path.Join(home, "backingFsBlockDev")
-	// Re-create just in case someone copied the home directory over to a new device
-	unix.Unlink(backingFsBlockDev)
-	err := unix.Mknod(backingFsBlockDev, unix.S_IFBLK|0600, int(stat.Dev))
-	switch err {
-	case nil:
-		return backingFsBlockDev, nil
-
-	case unix.ENOSYS:
-		return "", ErrQuotaNotSupported
-
-	default:
-		return "", fmt.Errorf("Failed to mknod %s: %v", backingFsBlockDev, err)
-	}
-}
-
-func hasQuotaSupport(backingFsBlockDev string) (bool, error) {
-	var cs = C.CString(backingFsBlockDev)
-	defer free(cs)
-	var qstat C.fs_quota_stat_t
-
-	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, uintptr(C.Q_XGETQSTAT_PRJQUOTA), uintptr(unsafe.Pointer(cs)), 0, uintptr(unsafe.Pointer(&qstat)), 0, 0)
-	if errno == 0 && qstat.qs_flags&C.FS_QUOTA_PDQ_ENFD > 0 && qstat.qs_flags&C.FS_QUOTA_PDQ_ACCT > 0 {
-		return true, nil
-	}
-
-	switch errno {
-	// These are the known fatal errors, consider all other errors (ENOTTY, etc.. not supporting quota)
-	case unix.EFAULT, unix.ENOENT, unix.ENOTBLK, unix.EPERM:
-	default:
-		return false, nil
-	}
-
-	return false, errno
-}
diff --git a/daemon/graphdriver/quota/projectquota_test.go b/daemon/graphdriver/quota/projectquota_test.go
deleted file mode 100644
index aa164cc4198a1..0000000000000
--- a/daemon/graphdriver/quota/projectquota_test.go
+++ /dev/null
@@ -1,152 +0,0 @@
-// +build linux
-
-package quota // import "github.com/docker/docker/daemon/graphdriver/quota"
-
-import (
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"testing"
-
-	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
-)
-
-// 10MB
-const testQuotaSize = 10 * 1024 * 1024
-const imageSize = 64 * 1024 * 1024
-
-func TestBlockDev(t *testing.T) {
-	mkfs, err := exec.LookPath("mkfs.xfs")
-	if err != nil {
-		t.Skip("mkfs.xfs not found in PATH")
-	}
-
-	// create a sparse image
-	imageFile, err := ioutil.TempFile("", "xfs-image")
-	if err != nil {
-		t.Fatal(err)
-	}
-	imageFileName := imageFile.Name()
-	defer os.Remove(imageFileName)
-	if _, err = imageFile.Seek(imageSize-1, 0); err != nil {
-		t.Fatal(err)
-	}
-	if _, err = imageFile.Write([]byte{0}); err != nil {
-		t.Fatal(err)
-	}
-	if err = imageFile.Close(); err != nil {
-		t.Fatal(err)
-	}
-
-	// The reason for disabling these options is sometimes people run with a newer userspace
-	// than kernelspace
-	out, err := exec.Command(mkfs, "-m", "crc=0,finobt=0", imageFileName).CombinedOutput()
-	if len(out) > 0 {
-		t.Log(string(out))
-	}
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	t.Run("testBlockDevQuotaDisabled", wrapMountTest(imageFileName, false, testBlockDevQuotaDisabled))
-	t.Run("testBlockDevQuotaEnabled", wrapMountTest(imageFileName, true, testBlockDevQuotaEnabled))
-	t.Run("testSmallerThanQuota", wrapMountTest(imageFileName, true, wrapQuotaTest(testSmallerThanQuota)))
-	t.Run("testBiggerThanQuota", wrapMountTest(imageFileName, true, wrapQuotaTest(testBiggerThanQuota)))
-	t.Run("testRetrieveQuota", wrapMountTest(imageFileName, true, wrapQuotaTest(testRetrieveQuota)))
-}
-
-func wrapMountTest(imageFileName string, enableQuota bool, testFunc func(t *testing.T, mountPoint, backingFsDev string)) func(*testing.T) {
-	return func(t *testing.T) {
-		mountOptions := "loop"
-
-		if enableQuota {
-			mountOptions = mountOptions + ",prjquota"
-		}
-
-		mountPointDir := fs.NewDir(t, "xfs-mountPoint")
-		defer mountPointDir.Remove()
-		mountPoint := mountPointDir.Path()
-
-		out, err := exec.Command("mount", "-o", mountOptions, imageFileName, mountPoint).CombinedOutput()
-		if err != nil {
-			_, err := os.Stat("/proc/fs/xfs")
-			if os.IsNotExist(err) {
-				t.Skip("no /proc/fs/xfs")
-			}
-		}
-
-		assert.NilError(t, err, "mount failed: %s", out)
-
-		defer func() {
-			assert.NilError(t, unix.Unmount(mountPoint, 0))
-		}()
-
-		backingFsDev, err := makeBackingFsDev(mountPoint)
-		assert.NilError(t, err)
-
-		testFunc(t, mountPoint, backingFsDev)
-	}
-}
-
-func testBlockDevQuotaDisabled(t *testing.T, mountPoint, backingFsDev string) {
-	hasSupport, err := hasQuotaSupport(backingFsDev)
-	assert.NilError(t, err)
-	assert.Check(t, !hasSupport)
-}
-
-func testBlockDevQuotaEnabled(t *testing.T, mountPoint, backingFsDev string) {
-	hasSupport, err := hasQuotaSupport(backingFsDev)
-	assert.NilError(t, err)
-	assert.Check(t, hasSupport)
-}
-
-func wrapQuotaTest(testFunc func(t *testing.T, ctrl *Control, mountPoint, testDir, testSubDir string)) func(t *testing.T, mountPoint, backingFsDev string) {
-	return func(t *testing.T, mountPoint, backingFsDev string) {
-		testDir, err := ioutil.TempDir(mountPoint, "per-test")
-		assert.NilError(t, err)
-		defer os.RemoveAll(testDir)
-
-		ctrl, err := NewControl(testDir)
-		assert.NilError(t, err)
-
-		testSubDir, err := ioutil.TempDir(testDir, "quota-test")
-		assert.NilError(t, err)
-		testFunc(t, ctrl, mountPoint, testDir, testSubDir)
-	}
-
-}
-
-func testSmallerThanQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
-	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
-	smallerThanQuotaFile := filepath.Join(testSubDir, "smaller-than-quota")
-	assert.NilError(t, ioutil.WriteFile(smallerThanQuotaFile, make([]byte, testQuotaSize/2), 0644))
-	assert.NilError(t, os.Remove(smallerThanQuotaFile))
-}
-
-func testBiggerThanQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
-	// Make sure the quota is being enforced
-	// TODO: When we implement this under EXT4, we need to shed CAP_SYS_RESOURCE, otherwise
-	// we're able to violate quota without issue
-	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
-
-	biggerThanQuotaFile := filepath.Join(testSubDir, "bigger-than-quota")
-	err := ioutil.WriteFile(biggerThanQuotaFile, make([]byte, testQuotaSize+1), 0644)
-	assert.Assert(t, is.ErrorContains(err, ""))
-	if err == io.ErrShortWrite {
-		assert.NilError(t, os.Remove(biggerThanQuotaFile))
-	}
-}
-
-func testRetrieveQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
-	// Validate that we can retrieve quota
-	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
-
-	var q Quota
-	assert.NilError(t, ctrl.GetQuota(testSubDir, &q))
-	assert.Check(t, is.Equal(uint64(testQuotaSize), q.Size))
-}
diff --git a/daemon/graphdriver/register/register_aufs.go b/daemon/graphdriver/register/register_aufs.go
index ec18d1d377c11..4c028f72ef747 100644
--- a/daemon/graphdriver/register/register_aufs.go
+++ b/daemon/graphdriver/register/register_aufs.go
@@ -1,3 +1,4 @@
+//go:build !exclude_graphdriver_aufs && linux
 // +build !exclude_graphdriver_aufs,linux
 
 package register // import "github.com/docker/docker/daemon/graphdriver/register"
diff --git a/daemon/graphdriver/register/register_btrfs.go b/daemon/graphdriver/register/register_btrfs.go
index 2f8c67056b591..5167f8553db14 100644
--- a/daemon/graphdriver/register/register_btrfs.go
+++ b/daemon/graphdriver/register/register_btrfs.go
@@ -1,3 +1,4 @@
+//go:build !exclude_graphdriver_btrfs && linux
 // +build !exclude_graphdriver_btrfs,linux
 
 package register // import "github.com/docker/docker/daemon/graphdriver/register"
diff --git a/daemon/graphdriver/register/register_devicemapper.go b/daemon/graphdriver/register/register_devicemapper.go
index ccbb8bfabe85e..ce16e36cca302 100644
--- a/daemon/graphdriver/register/register_devicemapper.go
+++ b/daemon/graphdriver/register/register_devicemapper.go
@@ -1,3 +1,4 @@
+//go:build !exclude_graphdriver_devicemapper && !static_build && linux
 // +build !exclude_graphdriver_devicemapper,!static_build,linux
 
 package register // import "github.com/docker/docker/daemon/graphdriver/register"
diff --git a/daemon/graphdriver/register/register_fuseoverlayfs.go b/daemon/graphdriver/register/register_fuseoverlayfs.go
new file mode 100644
index 0000000000000..c4ebdf262825b
--- /dev/null
+++ b/daemon/graphdriver/register/register_fuseoverlayfs.go
@@ -0,0 +1,9 @@
+//go:build !exclude_graphdriver_fuseoverlayfs && linux
+// +build !exclude_graphdriver_fuseoverlayfs,linux
+
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
+
+import (
+	// register the fuse-overlayfs graphdriver
+	_ "github.com/docker/docker/daemon/graphdriver/fuse-overlayfs"
+)
diff --git a/daemon/graphdriver/register/register_overlay.go b/daemon/graphdriver/register/register_overlay.go
index a2e384d5480d6..9b6c8c36db4e8 100644
--- a/daemon/graphdriver/register/register_overlay.go
+++ b/daemon/graphdriver/register/register_overlay.go
@@ -1,3 +1,4 @@
+//go:build !exclude_graphdriver_overlay && linux
 // +build !exclude_graphdriver_overlay,linux
 
 package register // import "github.com/docker/docker/daemon/graphdriver/register"
diff --git a/daemon/graphdriver/register/register_overlay2.go b/daemon/graphdriver/register/register_overlay2.go
index bcd2cee20e1a5..53233c50096d9 100644
--- a/daemon/graphdriver/register/register_overlay2.go
+++ b/daemon/graphdriver/register/register_overlay2.go
@@ -1,3 +1,4 @@
+//go:build !exclude_graphdriver_overlay2 && linux
 // +build !exclude_graphdriver_overlay2,linux
 
 package register // import "github.com/docker/docker/daemon/graphdriver/register"
diff --git a/daemon/graphdriver/register/register_windows.go b/daemon/graphdriver/register/register_windows.go
index cd612cbea96d6..2b6fb6911d6f9 100644
--- a/daemon/graphdriver/register/register_windows.go
+++ b/daemon/graphdriver/register/register_windows.go
@@ -2,6 +2,5 @@ package register // import "github.com/docker/docker/daemon/graphdriver/register
 
 import (
 	// register the windows graph drivers
-	_ "github.com/docker/docker/daemon/graphdriver/lcow"
 	_ "github.com/docker/docker/daemon/graphdriver/windows"
 )
diff --git a/daemon/graphdriver/register/register_zfs.go b/daemon/graphdriver/register/register_zfs.go
index b137ad25b7c06..2632864b4e0af 100644
--- a/daemon/graphdriver/register/register_zfs.go
+++ b/daemon/graphdriver/register/register_zfs.go
@@ -1,3 +1,4 @@
+//go:build (!exclude_graphdriver_zfs && linux) || (!exclude_graphdriver_zfs && freebsd)
 // +build !exclude_graphdriver_zfs,linux !exclude_graphdriver_zfs,freebsd
 
 package register // import "github.com/docker/docker/daemon/graphdriver/register"
diff --git a/daemon/graphdriver/vfs/copy_unsupported.go b/daemon/graphdriver/vfs/copy_unsupported.go
index 894ff02f020ad..1b0185fedb0b5 100644
--- a/daemon/graphdriver/vfs/copy_unsupported.go
+++ b/daemon/graphdriver/vfs/copy_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
diff --git a/daemon/graphdriver/vfs/driver.go b/daemon/graphdriver/vfs/driver.go
index 33e6bf6cc9c2f..f903393da2b03 100644
--- a/daemon/graphdriver/vfs/driver.go
+++ b/daemon/graphdriver/vfs/driver.go
@@ -6,12 +6,15 @@ import (
 	"path/filepath"
 
 	"github.com/docker/docker/daemon/graphdriver"
-	"github.com/docker/docker/daemon/graphdriver/quota"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/go-units"
+	"github.com/docker/docker/quota"
+	units "github.com/docker/go-units"
 	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
 )
 
 var (
@@ -30,13 +33,29 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		home:      home,
 		idMapping: idtools.NewIDMappingsFromMaps(uidMaps, gidMaps),
 	}
-	rootIDs := d.idMapping.RootPair()
-	if err := idtools.MkdirAllAndChown(home, 0700, rootIDs); err != nil {
+
+	if err := d.parseOptions(options); err != nil {
+		return nil, err
+	}
+	_, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return nil, err
+	}
+
+	dirID := idtools.Identity{
+		UID: idtools.CurrentIdentity().UID,
+		GID: rootGID,
+	}
+	if err := idtools.MkdirAllAndChown(home, 0710, dirID); err != nil {
 		return nil, err
 	}
 
 	setupDriverQuota(d)
 
+	if size := d.getQuotaOpt(); !d.quotaSupported() && size > 0 {
+		return nil, quota.ErrQuotaNotSupported
+	}
+
 	return graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps), nil
 }
 
@@ -69,11 +88,32 @@ func (d *Driver) Cleanup() error {
 	return nil
 }
 
+func (d *Driver) parseOptions(options []string) error {
+	for _, option := range options {
+		key, val, err := parsers.ParseKeyValueOpt(option)
+		if err != nil {
+			return errdefs.InvalidParameter(err)
+		}
+		switch key {
+		case "size":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return errdefs.InvalidParameter(err)
+			}
+			if err = d.setQuotaOpt(uint64(size)); err != nil {
+				return errdefs.InvalidParameter(errors.Wrap(err, "failed to set option size for vfs"))
+			}
+		default:
+			return errdefs.InvalidParameter(errors.Errorf("unknown option %s for vfs", key))
+		}
+	}
+	return nil
+}
+
 // CreateReadWrite creates a layer that is writable for use as a container
 // file system.
 func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
-	var err error
-	var size int64
+	quotaSize := d.getQuotaOpt()
 
 	if opts != nil {
 		for key, val := range opts.StorageOpt {
@@ -82,16 +122,18 @@ func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts
 				if !d.quotaSupported() {
 					return quota.ErrQuotaNotSupported
 				}
-				if size, err = units.RAMInBytes(val); err != nil {
-					return err
+				size, err := units.RAMInBytes(val)
+				if err != nil {
+					return errdefs.InvalidParameter(err)
 				}
+				quotaSize = uint64(size)
 			default:
-				return fmt.Errorf("Storage opt %s not supported", key)
+				return errdefs.InvalidParameter(errors.Errorf("Storage opt %s not supported", key))
 			}
 		}
 	}
 
-	return d.create(id, parent, uint64(size))
+	return d.create(id, parent, quotaSize)
 }
 
 // Create prepares the filesystem for the VFS driver and copies the directory for the given id under the parent.
@@ -106,7 +148,12 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
 func (d *Driver) create(id, parent string, size uint64) error {
 	dir := d.dir(id)
 	rootIDs := d.idMapping.RootPair()
-	if err := idtools.MkdirAllAndChown(filepath.Dir(dir), 0700, rootIDs); err != nil {
+
+	dirID := idtools.Identity{
+		UID: idtools.CurrentIdentity().UID,
+		GID: rootIDs.GID,
+	}
+	if err := idtools.MkdirAllAndChown(filepath.Dir(dir), 0710, dirID); err != nil {
 		return err
 	}
 	if err := idtools.MkdirAndChown(dir, 0755, rootIDs); err != nil {
diff --git a/daemon/graphdriver/vfs/quota_linux.go b/daemon/graphdriver/vfs/quota_linux.go
index 0d5c3a7b98fb2..372cbbb769b94 100644
--- a/daemon/graphdriver/vfs/quota_linux.go
+++ b/daemon/graphdriver/vfs/quota_linux.go
@@ -1,12 +1,14 @@
 package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
 
 import (
-	"github.com/docker/docker/daemon/graphdriver/quota"
+	"github.com/docker/docker/quota"
 	"github.com/sirupsen/logrus"
 )
 
+//nolint:structcheck
 type driverQuota struct {
 	quotaCtl *quota.Control
+	quotaOpt quota.Quota
 }
 
 func setupDriverQuota(driver *Driver) {
@@ -17,6 +19,15 @@ func setupDriverQuota(driver *Driver) {
 	}
 }
 
+func (d *Driver) setQuotaOpt(size uint64) error {
+	d.quotaOpt.Size = size
+	return nil
+}
+
+func (d *Driver) getQuotaOpt() uint64 {
+	return d.quotaOpt.Size
+}
+
 func (d *Driver) setupQuota(dir string, size uint64) error {
 	return d.quotaCtl.SetQuota(dir, quota.Quota{Size: size})
 }
diff --git a/daemon/graphdriver/vfs/quota_unsupported.go b/daemon/graphdriver/vfs/quota_unsupported.go
index 3ae60ac07cdde..ecd16ebdda9a0 100644
--- a/daemon/graphdriver/vfs/quota_unsupported.go
+++ b/daemon/graphdriver/vfs/quota_unsupported.go
@@ -1,8 +1,9 @@
+//go:build !linux
 // +build !linux
 
 package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
 
-import "github.com/docker/docker/daemon/graphdriver/quota"
+import "github.com/docker/docker/quota"
 
 type driverQuota struct {
 }
@@ -11,6 +12,14 @@ func setupDriverQuota(driver *Driver) error {
 	return nil
 }
 
+func (d *Driver) setQuotaOpt(size uint64) error {
+	return quota.ErrQuotaNotSupported
+}
+
+func (d *Driver) getQuotaOpt() uint64 {
+	return 0
+}
+
 func (d *Driver) setupQuota(dir string, size uint64) error {
 	return quota.ErrQuotaNotSupported
 }
diff --git a/daemon/graphdriver/vfs/vfs_test.go b/daemon/graphdriver/vfs/vfs_test.go
index 7c59ec32e26be..63db564518e6c 100644
--- a/daemon/graphdriver/vfs/vfs_test.go
+++ b/daemon/graphdriver/vfs/vfs_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
diff --git a/daemon/graphdriver/windows/windows.go b/daemon/graphdriver/windows/windows.go
index 347231b1044ac..a384f8cde1911 100644
--- a/daemon/graphdriver/windows/windows.go
+++ b/daemon/graphdriver/windows/windows.go
@@ -1,14 +1,15 @@
-//+build windows
+//go:build windows
+// +build windows
 
 package windows // import "github.com/docker/docker/daemon/graphdriver/windows"
 
 import (
+	"archive/tar"
 	"bufio"
 	"bytes"
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -19,11 +20,11 @@ import (
 	"time"
 	"unsafe"
 
-	"github.com/Microsoft/go-winio"
-	"github.com/Microsoft/go-winio/archive/tar"
+	winio "github.com/Microsoft/go-winio"
 	"github.com/Microsoft/go-winio/backuptar"
 	"github.com/Microsoft/go-winio/vhd"
 	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/containerfs"
@@ -31,15 +32,21 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/longpath"
 	"github.com/docker/docker/pkg/reexec"
-	"github.com/docker/docker/pkg/system"
 	units "github.com/docker/go-units"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
 )
 
-// filterDriver is an HCSShim driver type for the Windows Filter driver.
-const filterDriver = 1
+const (
+	// filterDriver is an HCSShim driver type for the Windows Filter driver.
+	filterDriver = 1
+	// For WCOW, the default of 20GB hard-coded in the platform
+	// is too small for builder scenarios where many users are
+	// using RUN or COPY statements to install large amounts of data.
+	// Use 127GB as that's the default size of a VHD in Hyper-V.
+	defaultSandboxSize = "127GB"
+)
 
 var (
 	// mutatedFiles is a list of files that are mutated by the import process
@@ -73,6 +80,10 @@ func (c *checker) IsMounted(path string) bool {
 	return false
 }
 
+type storageOptions struct {
+	size uint64
+}
+
 // Driver represents a windows graph driver.
 type Driver struct {
 	// info stores the shim driver information
@@ -80,8 +91,9 @@ type Driver struct {
 	ctr  *graphdriver.RefCounter
 	// it is safe for windows to use a cache here because it does not support
 	// restoring containers when the daemon dies.
-	cacheMu sync.Mutex
-	cache   map[string]string
+	cacheMu            sync.Mutex
+	cache              map[string]string
+	defaultStorageOpts *storageOptions
 }
 
 // InitFilter returns a new Windows storage filter driver.
@@ -100,13 +112,27 @@ func InitFilter(home string, options []string, uidMaps, gidMaps []idtools.IDMap)
 		return nil, fmt.Errorf("windowsfilter failed to create '%s': %v", home, err)
 	}
 
+	storageOpt := make(map[string]string)
+	storageOpt["size"] = defaultSandboxSize
+
+	for _, v := range options {
+		opt := strings.SplitN(v, "=", 2)
+		storageOpt[strings.ToLower(opt[0])] = opt[1]
+	}
+
+	storageOptions, err := parseStorageOpt(storageOpt)
+	if err != nil {
+		return nil, fmt.Errorf("windowsfilter failed to parse default storage options - %s", err)
+	}
+
 	d := &Driver{
 		info: hcsshim.DriverInfo{
 			HomeDir: home,
 			Flavour: filterDriver,
 		},
-		cache: make(map[string]string),
-		ctr:   graphdriver.NewRefCounter(&checker{}),
+		cache:              make(map[string]string),
+		ctr:                graphdriver.NewRefCounter(&checker{}),
+		defaultStorageOpts: storageOptions,
 	}
 	return d, nil
 }
@@ -231,8 +257,13 @@ func (d *Driver) create(id, parent, mountLabel string, readOnly bool, storageOpt
 			return fmt.Errorf("Failed to parse storage options - %s", err)
 		}
 
+		sandboxSize := d.defaultStorageOpts.size
 		if storageOptions.size != 0 {
-			if err := hcsshim.ExpandSandboxSize(d.info, id, storageOptions.size); err != nil {
+			sandboxSize = storageOptions.size
+		}
+
+		if sandboxSize != 0 {
+			if err := hcsshim.ExpandSandboxSize(d.info, id, sandboxSize); err != nil {
 				return err
 			}
 		}
@@ -272,7 +303,6 @@ func (d *Driver) Remove(id string) error {
 	// it is a transient error. Retry until it succeeds.
 	var computeSystems []hcsshim.ContainerProperties
 	retryCount := 0
-	osv := system.GetOSVersion()
 	for {
 		// Get and terminate any template VMs that are currently using the layer.
 		// Note: It is unfortunate that we end up in the graphdrivers Remove() call
@@ -286,7 +316,7 @@ func (d *Driver) Remove(id string) error {
 		// in RS1 and RS2 building during enumeration when a silo is going away
 		// for example under it, in HCS. AccessIsDenied added to fix 30278.
 		//
-		// TODO @jhowardmsft - For RS3, we can remove the retries. Also consider
+		// TODO: For RS3, we can remove the retries. Also consider
 		// using platform APIs (if available) to get this more succinctly. Also
 		// consider enhancing the Remove() interface to have context of why
 		// the remove is being called - that could improve efficiency by not
@@ -294,8 +324,10 @@ func (d *Driver) Remove(id string) error {
 		// not required.
 		computeSystems, err = hcsshim.GetContainers(hcsshim.ComputeSystemQuery{})
 		if err != nil {
-			if (osv.Build < 15139) &&
-				((err == hcsshim.ErrVmcomputeOperationInvalidState) || (err == hcsshim.ErrVmcomputeOperationAccessIsDenied)) {
+			if osversion.Build() >= osversion.RS3 {
+				return err
+			}
+			if (err == hcsshim.ErrVmcomputeOperationInvalidState) || (err == hcsshim.ErrVmcomputeOperationAccessIsDenied) {
 				if retryCount >= 500 {
 					break
 				}
@@ -338,11 +370,14 @@ func (d *Driver) Remove(id string) error {
 		// If permission denied, it's possible that the scratch is still mounted, an
 		// artifact after a hard daemon crash for example. Worth a shot to try detaching it
 		// before retrying the rename.
-		if detachErr := vhd.DetachVhd(filepath.Join(layerPath, "sandbox.vhdx")); detachErr != nil {
-			return errors.Wrapf(err, "failed to detach VHD: %s", detachErr)
-		}
-		if renameErr := os.Rename(layerPath, tmpLayerPath); renameErr != nil && !os.IsNotExist(renameErr) {
-			return errors.Wrapf(err, "second rename attempt following detach failed: %s", renameErr)
+		sandbox := filepath.Join(layerPath, "sandbox.vhdx")
+		if _, statErr := os.Stat(sandbox); statErr == nil {
+			if detachErr := vhd.DetachVhd(sandbox); detachErr != nil {
+				return errors.Wrapf(err, "failed to detach VHD: %s", detachErr)
+			}
+			if renameErr := os.Rename(layerPath, tmpLayerPath); renameErr != nil && !os.IsNotExist(renameErr) {
+				return errors.Wrapf(err, "second rename attempt following detach failed: %s", renameErr)
+			}
 		}
 	}
 	if err := hcsshim.DestroyLayer(d.info, tmpID); err != nil {
@@ -446,7 +481,7 @@ func (d *Driver) Put(id string) error {
 // We use this opportunity to cleanup any -removing folders which may be
 // still left if the daemon was killed while it was removing a layer.
 func (d *Driver) Cleanup() error {
-	items, err := ioutil.ReadDir(d.info.HomeDir)
+	items, err := os.ReadDir(d.info.HomeDir)
 	if err != nil {
 		if os.IsNotExist(err) {
 			return nil
@@ -797,13 +832,13 @@ func writeLayerReexec() {
 
 // writeLayer writes a layer from a tar file.
 func writeLayer(layerData io.Reader, home string, id string, parentLayerPaths ...string) (size int64, retErr error) {
-	err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege})
+	err := winio.EnableProcessPrivileges([]string{winio.SeSecurityPrivilege, winio.SeBackupPrivilege, winio.SeRestorePrivilege})
 	if err != nil {
 		return 0, err
 	}
 	if noreexec {
 		defer func() {
-			if err := winio.DisableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
+			if err := winio.DisableProcessPrivileges([]string{winio.SeSecurityPrivilege, winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
 				// This should never happen, but just in case when in debugging mode.
 				// See https://github.com/docker/docker/pull/28002#discussion_r86259241 for rationale.
 				panic("Failed to disabled process privileges while in non re-exec mode")
@@ -836,7 +871,7 @@ func writeLayer(layerData io.Reader, home string, id string, parentLayerPaths ..
 
 // resolveID computes the layerID information based on the given id.
 func (d *Driver) resolveID(id string) (string, error) {
-	content, err := ioutil.ReadFile(filepath.Join(d.dir(id), "layerID"))
+	content, err := os.ReadFile(filepath.Join(d.dir(id), "layerID"))
 	if os.IsNotExist(err) {
 		return id, nil
 	} else if err != nil {
@@ -847,13 +882,13 @@ func (d *Driver) resolveID(id string) (string, error) {
 
 // setID stores the layerId in disk.
 func (d *Driver) setID(id, altID string) error {
-	return ioutil.WriteFile(filepath.Join(d.dir(id), "layerId"), []byte(altID), 0600)
+	return os.WriteFile(filepath.Join(d.dir(id), "layerId"), []byte(altID), 0600)
 }
 
 // getLayerChain returns the layer chain information.
 func (d *Driver) getLayerChain(id string) ([]string, error) {
 	jPath := filepath.Join(d.dir(id), "layerchain.json")
-	content, err := ioutil.ReadFile(jPath)
+	content, err := os.ReadFile(jPath)
 	if os.IsNotExist(err) {
 		return nil, nil
 	} else if err != nil {
@@ -877,7 +912,7 @@ func (d *Driver) setLayerChain(id string, chain []string) error {
 	}
 
 	jPath := filepath.Join(d.dir(id), "layerchain.json")
-	err = ioutil.WriteFile(jPath, content, 0600)
+	err = os.WriteFile(jPath, content, 0600)
 	if err != nil {
 		return fmt.Errorf("Unable to write layerchain file - %s", err)
 	}
@@ -931,10 +966,6 @@ func (d *Driver) DiffGetter(id string) (graphdriver.FileGetCloser, error) {
 	return &fileGetCloserWithBackupPrivileges{d.dir(id)}, nil
 }
 
-type storageOptions struct {
-	size uint64
-}
-
 func parseStorageOpt(storageOpt map[string]string) (*storageOptions, error) {
 	options := storageOptions{}
 
diff --git a/daemon/graphdriver/zfs/zfs.go b/daemon/graphdriver/zfs/zfs.go
index 8a798778d2914..90c080a228c19 100644
--- a/daemon/graphdriver/zfs/zfs.go
+++ b/daemon/graphdriver/zfs/zfs.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package zfs // import "github.com/docker/docker/daemon/graphdriver/zfs"
@@ -15,10 +16,12 @@ import (
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
-	"github.com/mistifyio/go-zfs"
+	zfs "github.com/mistifyio/go-zfs"
+	"github.com/moby/sys/mount"
+	"github.com/moby/sys/mountinfo"
 	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
@@ -53,7 +56,7 @@ func Init(base string, opt []string, uidMaps, gidMaps []idtools.IDMap) (graphdri
 		return nil, graphdriver.ErrPrerequisites
 	}
 
-	file, err := os.OpenFile("/dev/zfs", os.O_RDWR, 600)
+	file, err := os.OpenFile("/dev/zfs", os.O_RDWR, 0600)
 	if err != nil {
 		logger.Debugf("cannot open /dev/zfs: %v", err)
 		return nil, graphdriver.ErrPrerequisites
@@ -102,11 +105,16 @@ func Init(base string, opt []string, uidMaps, gidMaps []idtools.IDMap) (graphdri
 		return nil, fmt.Errorf("BUG: zfs get all -t filesystem -rHp '%s' should contain '%s'", options.fsName, options.fsName)
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	_, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
 	if err != nil {
-		return nil, fmt.Errorf("Failed to get root uid/guid: %v", err)
+		return nil, err
+	}
+
+	dirID := idtools.Identity{
+		UID: idtools.CurrentIdentity().UID,
+		GID: rootGID,
 	}
-	if err := idtools.MkdirAllAndChown(base, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
+	if err := idtools.MkdirAllAndChown(base, 0710, dirID); err != nil {
 		return nil, fmt.Errorf("Failed to create '%s': %v", base, err)
 	}
 
@@ -147,7 +155,7 @@ func lookupZfsDataset(rootdir string) (string, error) {
 	}
 	wantedDev := stat.Dev
 
-	mounts, err := mount.GetMounts(nil)
+	mounts, err := mountinfo.GetMounts(nil)
 	if err != nil {
 		return "", err
 	}
@@ -157,7 +165,7 @@ func lookupZfsDataset(rootdir string) (string, error) {
 			continue // may fail on fuse file systems
 		}
 
-		if stat.Dev == wantedDev && m.Fstype == "zfs" {
+		if stat.Dev == wantedDev && m.FSType == "zfs" {
 			return m.Source, nil
 		}
 	}
@@ -390,7 +398,7 @@ func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr e
 	}
 
 	if err := mount.Mount(filesystem, mountpoint, "zfs", options); err != nil {
-		return nil, fmt.Errorf("error creating zfs mount of %s to %s: %v", filesystem, mountpoint, err)
+		return nil, errors.Wrap(err, "error creating zfs mount")
 	}
 
 	// this could be our first mount after creation of the filesystem, and the root dir may still have root
diff --git a/daemon/graphdriver/zfs/zfs_test.go b/daemon/graphdriver/zfs/zfs_test.go
index b5d6cb18c7971..f8bcdaf524057 100644
--- a/daemon/graphdriver/zfs/zfs_test.go
+++ b/daemon/graphdriver/zfs/zfs_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package zfs // import "github.com/docker/docker/daemon/graphdriver/zfs"
diff --git a/daemon/graphdriver/zfs/zfs_unsupported.go b/daemon/graphdriver/zfs/zfs_unsupported.go
index 1b77030684dbe..a1eda73e6973c 100644
--- a/daemon/graphdriver/zfs/zfs_unsupported.go
+++ b/daemon/graphdriver/zfs/zfs_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !freebsd
 // +build !linux,!freebsd
 
 package zfs // import "github.com/docker/docker/daemon/graphdriver/zfs"
diff --git a/daemon/health.go b/daemon/health.go
index ae0d7f8921bc1..d6ae1d1e292b0 100644
--- a/daemon/health.go
+++ b/daemon/health.go
@@ -10,7 +10,6 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/exec"
@@ -65,7 +64,7 @@ type cmdProbe struct {
 func (p *cmdProbe) run(ctx context.Context, d *Daemon, cntr *container.Container) (*types.HealthcheckResult, error) {
 	cmdSlice := strslice.StrSlice(cntr.Config.Healthcheck.Test)[1:]
 	if p.shell {
-		cmdSlice = append(getShell(cntr.Config), cmdSlice...)
+		cmdSlice = append(getShell(cntr), cmdSlice...)
 	}
 	entrypoint, args := d.getEntrypointAndArgs(strslice.StrSlice{}, cmdSlice)
 	execConfig := exec.NewConfig()
@@ -187,12 +186,18 @@ func handleProbeResult(d *Daemon, c *container.Container, result *types.Healthch
 func monitor(d *Daemon, c *container.Container, stop chan struct{}, probe probe) {
 	probeTimeout := timeoutWithDefault(c.Config.Healthcheck.Timeout, defaultProbeTimeout)
 	probeInterval := timeoutWithDefault(c.Config.Healthcheck.Interval, defaultProbeInterval)
+
+	intervalTimer := time.NewTimer(probeInterval)
+	defer intervalTimer.Stop()
+
 	for {
+		intervalTimer.Reset(probeInterval)
+
 		select {
 		case <-stop:
 			logrus.Debugf("Stop healthcheck monitoring for container %s (received while idle)", c.ID)
 			return
-		case <-time.After(probeInterval):
+		case <-intervalTimer.C:
 			logrus.Debugf("Running health check for container %s ...", c.ID)
 			startTime := time.Now()
 			ctx, cancelProbe := context.WithTimeout(context.Background(), probeTimeout)
@@ -268,7 +273,7 @@ func getProbe(c *container.Container) probe {
 // Ensure the health-check monitor is running or not, depending on the current
 // state of the container.
 // Called from monitor.go, with c locked.
-func (d *Daemon) updateHealthMonitor(c *container.Container) {
+func (daemon *Daemon) updateHealthMonitor(c *container.Container) {
 	h := c.State.Health
 	if h == nil {
 		return // No healthcheck configured
@@ -278,7 +283,7 @@ func (d *Daemon) updateHealthMonitor(c *container.Container) {
 	wantRunning := c.Running && !c.Paused && probe != nil
 	if wantRunning {
 		if stop := h.OpenMonitorChannel(); stop != nil {
-			go monitor(d, c, stop, probe)
+			go monitor(daemon, c, stop, probe)
 		}
 	} else {
 		h.CloseMonitorChannel()
@@ -289,14 +294,14 @@ func (d *Daemon) updateHealthMonitor(c *container.Container) {
 // initHealthMonitor is called from monitor.go and we should never be running
 // two instances at once.
 // Called with c locked.
-func (d *Daemon) initHealthMonitor(c *container.Container) {
+func (daemon *Daemon) initHealthMonitor(c *container.Container) {
 	// If no healthcheck is setup then don't init the monitor
 	if getProbe(c) == nil {
 		return
 	}
 
 	// This is needed in case we're auto-restarting
-	d.stopHealthchecks(c)
+	daemon.stopHealthchecks(c)
 
 	if h := c.State.Health; h != nil {
 		h.SetStatus(types.Starting)
@@ -307,12 +312,12 @@ func (d *Daemon) initHealthMonitor(c *container.Container) {
 		c.State.Health = h
 	}
 
-	d.updateHealthMonitor(c)
+	daemon.updateHealthMonitor(c)
 }
 
 // Called when the container is being stopped (whether because the health check is
 // failing or for any other reason).
-func (d *Daemon) stopHealthchecks(c *container.Container) {
+func (daemon *Daemon) stopHealthchecks(c *container.Container) {
 	h := c.State.Health
 	if h != nil {
 		h.CloseMonitorChannel()
@@ -370,12 +375,15 @@ func min(x, y int) int {
 	return y
 }
 
-func getShell(config *containertypes.Config) []string {
-	if len(config.Shell) != 0 {
-		return config.Shell
+func getShell(cntr *container.Container) []string {
+	if len(cntr.Config.Shell) != 0 {
+		return cntr.Config.Shell
 	}
 	if runtime.GOOS != "windows" {
 		return []string{"/bin/sh", "-c"}
 	}
+	if cntr.OS != runtime.GOOS {
+		return []string{"/bin/sh", "-c"}
+	}
 	return []string{"cmd", "/S", "/C"}
 }
diff --git a/daemon/health_test.go b/daemon/health_test.go
index db166317fd588..d761dbc2a8d80 100644
--- a/daemon/health_test.go
+++ b/daemon/health_test.go
@@ -78,6 +78,7 @@ func TestHealthStates(t *testing.T) {
 		EventsService:     e,
 		containersReplica: store,
 	}
+	muteLogs()
 
 	c.Config.Healthcheck = &containertypes.HealthConfig{
 		Retries: 1,
diff --git a/daemon/images/cache.go b/daemon/images/cache.go
index 3b433106e8a8b..445b1b9261831 100644
--- a/daemon/images/cache.go
+++ b/daemon/images/cache.go
@@ -15,7 +15,7 @@ func (i *ImageService) MakeImageCache(sourceRefs []string) builder.ImageCache {
 	cache := cache.New(i.imageStore)
 
 	for _, ref := range sourceRefs {
-		img, err := i.GetImage(ref)
+		img, err := i.GetImage(ref, nil)
 		if err != nil {
 			logrus.Warnf("Could not look up %s for cache resolution, skipping: %+v", ref, err)
 			continue
diff --git a/daemon/images/image.go b/daemon/images/image.go
index 79cc07c4fda46..8b966047811ed 100644
--- a/daemon/images/image.go
+++ b/daemon/images/image.go
@@ -1,11 +1,23 @@
 package images // import "github.com/docker/docker/daemon/images"
 
 import (
+	"context"
+	"encoding/json"
 	"fmt"
+	"io"
 
+	"github.com/containerd/containerd/content"
+	c8derrdefs "github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/platforms"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // ErrImageDoesNotExist is error returned when no image can be found for a reference.
@@ -24,8 +36,151 @@ func (e ErrImageDoesNotExist) Error() string {
 // NotFound implements the NotFound interface
 func (e ErrImageDoesNotExist) NotFound() {}
 
+type manifestList struct {
+	Manifests []specs.Descriptor `json:"manifests"`
+}
+
+type manifest struct {
+	Config specs.Descriptor `json:"config"`
+}
+
+func (i *ImageService) manifestMatchesPlatform(img *image.Image, platform specs.Platform) bool {
+	ctx := context.TODO()
+	logger := logrus.WithField("image", img.ID).WithField("desiredPlatform", platforms.Format(platform))
+
+	ls, leaseErr := i.leases.ListResources(context.TODO(), leases.Lease{ID: imageKey(img.ID().Digest())})
+	if leaseErr != nil {
+		logger.WithError(leaseErr).Error("Error looking up image leases")
+		return false
+	}
+
+	// Note we are comparing against manifest lists here, which we expect to always have a CPU variant set (where applicable).
+	// So there is no need for the fallback matcher here.
+	comparer := platforms.Only(platform)
+
+	var (
+		ml manifestList
+		m  manifest
+	)
+
+	makeRdr := func(ra content.ReaderAt) io.Reader {
+		return io.LimitReader(io.NewSectionReader(ra, 0, ra.Size()), 1e6)
+	}
+
+	for _, r := range ls {
+		logger := logger.WithField("resourceID", r.ID).WithField("resourceType", r.Type)
+		logger.Debug("Checking lease resource for platform match")
+		if r.Type != "content" {
+			continue
+		}
+
+		ra, err := i.content.ReaderAt(ctx, specs.Descriptor{Digest: digest.Digest(r.ID)})
+		if err != nil {
+			if c8derrdefs.IsNotFound(err) {
+				continue
+			}
+			logger.WithError(err).Error("Error looking up referenced manifest list for image")
+			continue
+		}
+
+		data, err := io.ReadAll(makeRdr(ra))
+		ra.Close()
+
+		if err != nil {
+			logger.WithError(err).Error("Error reading manifest list for image")
+			continue
+		}
+
+		ml.Manifests = nil
+
+		if err := json.Unmarshal(data, &ml); err != nil {
+			logger.WithError(err).Error("Error unmarshalling content")
+			continue
+		}
+
+		for _, md := range ml.Manifests {
+			switch md.MediaType {
+			case specs.MediaTypeImageManifest, images.MediaTypeDockerSchema2Manifest:
+			default:
+				continue
+			}
+
+			p := specs.Platform{
+				Architecture: md.Platform.Architecture,
+				OS:           md.Platform.OS,
+				Variant:      md.Platform.Variant,
+			}
+			if !comparer.Match(p) {
+				logger.WithField("otherPlatform", platforms.Format(p)).Debug("Manifest is not a match")
+				continue
+			}
+
+			// Here we have a platform match for the referenced manifest, let's make sure the manifest is actually for the image config we are using.
+
+			ra, err := i.content.ReaderAt(ctx, specs.Descriptor{Digest: md.Digest})
+			if err != nil {
+				logger.WithField("otherDigest", md.Digest).WithError(err).Error("Could not get reader for manifest")
+				continue
+			}
+
+			data, err := io.ReadAll(makeRdr(ra))
+			ra.Close()
+			if err != nil {
+				logger.WithError(err).Error("Error reading manifest for image")
+				continue
+			}
+
+			if err := json.Unmarshal(data, &m); err != nil {
+				logger.WithError(err).Error("Error desserializing manifest")
+				continue
+			}
+
+			if m.Config.Digest == img.ID().Digest() {
+				logger.WithField("manifestDigest", md.Digest).Debug("Found matching manifest for image")
+				return true
+			}
+
+			logger.WithField("otherDigest", md.Digest).Debug("Skipping non-matching manifest")
+		}
+	}
+
+	return false
+}
+
 // GetImage returns an image corresponding to the image referred to by refOrID.
-func (i *ImageService) GetImage(refOrID string) (*image.Image, error) {
+func (i *ImageService) GetImage(refOrID string, platform *specs.Platform) (retImg *image.Image, retErr error) {
+	defer func() {
+		if retErr != nil || retImg == nil || platform == nil {
+			return
+		}
+
+		imgPlat := specs.Platform{
+			OS:           retImg.OS,
+			Architecture: retImg.Architecture,
+			Variant:      retImg.Variant,
+		}
+		p := *platform
+		// Note that `platforms.Only` will fuzzy match this for us
+		// For example: an armv6 image will run just fine an an armv7 CPU, without emulation or anything.
+		if OnlyPlatformWithFallback(p).Match(imgPlat) {
+			return
+		}
+		// In some cases the image config can actually be wrong (e.g. classic `docker build` may not handle `--platform` correctly)
+		// So we'll look up the manifest list that coresponds to this imaage to check if at least the manifest list says it is the correct image.
+		if i.manifestMatchesPlatform(retImg, p) {
+			return
+		}
+
+		// This allows us to tell clients that we don't have the image they asked for
+		// Where this gets hairy is the image store does not currently support multi-arch images, e.g.:
+		//   An image `foo` may have a multi-arch manifest, but the image store only fetches the image for a specific platform
+		//   The image store does not store the manifest list and image tags are assigned to architecture specific images.
+		//   So we can have a `foo` image that is amd64 but the user requested armv7. If the user looks at the list of images.
+		//   This may be confusing.
+		//   The alternative to this is to return a errdefs.Conflict error with a helpful message, but clients will not be
+		//   able to automatically tell what causes the conflict.
+		retErr = errdefs.NotFound(errors.Errorf("image with reference %s was found but does not match the specified platform: wanted %s, actual: %s", refOrID, platforms.Format(p), platforms.Format(imgPlat)))
+	}()
 	ref, err := reference.ParseAnyReference(refOrID)
 	if err != nil {
 		return nil, errdefs.InvalidParameter(err)
@@ -62,3 +217,34 @@ func (i *ImageService) GetImage(refOrID string) (*image.Image, error) {
 
 	return nil, ErrImageDoesNotExist{ref}
 }
+
+// OnlyPlatformWithFallback uses `platforms.Only` with a fallback to handle the case where the platform
+//  being matched does not have a CPU variant.
+//
+// The reason for this is that CPU variant is not even if the official image config spec as of this writing.
+// See: https://github.com/opencontainers/image-spec/pull/809
+// Since Docker tends to compare platforms from the image config, we need to handle this case.
+func OnlyPlatformWithFallback(p specs.Platform) platforms.Matcher {
+	return &onlyFallbackMatcher{only: platforms.Only(p), p: platforms.Normalize(p)}
+}
+
+type onlyFallbackMatcher struct {
+	only platforms.Matcher
+	p    specs.Platform
+}
+
+func (m *onlyFallbackMatcher) Match(other specs.Platform) bool {
+	if m.only.Match(other) {
+		// It matches, no reason to fallback
+		return true
+	}
+	if other.Variant != "" {
+		// If there is a variant then this fallback does not apply, and there is no match
+		return false
+	}
+	otherN := platforms.Normalize(other)
+	otherN.Variant = "" // normalization adds a default variant... which is the whole problem with `platforms.Only`
+
+	return m.p.OS == otherN.OS &&
+		m.p.Architecture == otherN.Architecture
+}
diff --git a/daemon/images/image_builder.go b/daemon/images/image_builder.go
index cdf951c6f5649..52cd3d88ee60e 100644
--- a/daemon/images/image_builder.go
+++ b/daemon/images/image_builder.go
@@ -5,18 +5,23 @@ import (
 	"io"
 	"runtime"
 
+	"github.com/containerd/containerd/platforms"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/builder"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/registry"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 type roLayer struct {
@@ -161,7 +166,29 @@ func (i *ImageService) pullForBuilder(ctx context.Context, name string, authConf
 	if err := i.pullImageWithReference(ctx, ref, platform, nil, pullRegistryAuth, output); err != nil {
 		return nil, err
 	}
-	return i.GetImage(name)
+
+	img, err := i.GetImage(name, platform)
+	if errdefs.IsNotFound(err) && img != nil && platform != nil {
+		imgPlat := specs.Platform{
+			OS:           img.OS,
+			Architecture: img.BaseImgArch(),
+			Variant:      img.BaseImgVariant(),
+		}
+
+		p := *platform
+		if !platforms.Only(p).Match(imgPlat) {
+			po := streamformatter.NewJSONProgressOutput(output, false)
+			progress.Messagef(po, "", `
+WARNING: Pulled image with specified platform (%s), but the resulting image's configured platform (%s) does not match.
+This is most likely caused by a bug in the build system that created the fetched image (%s).
+Please notify the image author to correct the configuration.`,
+				platforms.Format(p), platforms.Format(imgPlat), name,
+			)
+			logrus.WithError(err).WithField("image", name).Warn("Ignoring error about platform mismatch where the manifest list points to an image whose configuration does not match the platform in the manifest.")
+			err = nil
+		}
+	}
+	return img, err
 }
 
 // GetImageAndReleasableLayer returns an image and releaseable layer for a reference or ID.
@@ -170,18 +197,21 @@ func (i *ImageService) pullForBuilder(ctx context.Context, name string, authConf
 func (i *ImageService) GetImageAndReleasableLayer(ctx context.Context, refOrID string, opts backend.GetImageAndLayerOptions) (builder.Image, builder.ROLayer, error) {
 	if refOrID == "" { // ie FROM scratch
 		os := runtime.GOOS
+		if runtime.GOOS == "windows" {
+			os = "linux"
+		}
 		if opts.Platform != nil {
 			os = opts.Platform.OS
 		}
 		if !system.IsOSSupported(os) {
 			return nil, nil, system.ErrNotSupportedOperatingSystem
 		}
-		layer, err := newROLayerForImage(nil, i.layerStores[os])
+		layer, err := newROLayerForImage(nil, i.layerStore)
 		return nil, layer, err
 	}
 
 	if opts.PullOption != backend.PullOptionForcePull {
-		image, err := i.GetImage(refOrID)
+		image, err := i.GetImage(refOrID, opts.Platform)
 		if err != nil && opts.PullOption == backend.PullOptionNoPull {
 			return nil, nil, err
 		}
@@ -190,7 +220,7 @@ func (i *ImageService) GetImageAndReleasableLayer(ctx context.Context, refOrID s
 			if !system.IsOSSupported(image.OperatingSystem()) {
 				return nil, nil, system.ErrNotSupportedOperatingSystem
 			}
-			layer, err := newROLayerForImage(image, i.layerStores[image.OperatingSystem()])
+			layer, err := newROLayerForImage(image, i.layerStore)
 			return image, layer, err
 		}
 	}
@@ -202,7 +232,7 @@ func (i *ImageService) GetImageAndReleasableLayer(ctx context.Context, refOrID s
 	if !system.IsOSSupported(image.OperatingSystem()) {
 		return nil, nil, system.ErrNotSupportedOperatingSystem
 	}
-	layer, err := newROLayerForImage(image, i.layerStores[image.OperatingSystem()])
+	layer, err := newROLayerForImage(image, i.layerStore)
 	return image, layer, err
 }
 
diff --git a/daemon/images/image_commit.go b/daemon/images/image_commit.go
index 4caba9f27b761..58854bdd6142c 100644
--- a/daemon/images/image_commit.go
+++ b/daemon/images/image_commit.go
@@ -8,17 +8,12 @@ import (
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/system"
 	"github.com/pkg/errors"
 )
 
 // CommitImage creates a new image from a commit config
 func (i *ImageService) CommitImage(c backend.CommitConfig) (image.ID, error) {
-	layerStore, ok := i.layerStores[c.ContainerOS]
-	if !ok {
-		return "", system.ErrNotSupportedOperatingSystem
-	}
-	rwTar, err := exportContainerRw(layerStore, c.ContainerID, c.ContainerMountLabel)
+	rwTar, err := exportContainerRw(i.layerStore, c.ContainerID, c.ContainerMountLabel)
 	if err != nil {
 		return "", err
 	}
@@ -39,11 +34,11 @@ func (i *ImageService) CommitImage(c backend.CommitConfig) (image.ID, error) {
 		}
 	}
 
-	l, err := layerStore.Register(rwTar, parent.RootFS.ChainID())
+	l, err := i.layerStore.Register(rwTar, parent.RootFS.ChainID())
 	if err != nil {
 		return "", err
 	}
-	defer layer.ReleaseAndLog(layerStore, l)
+	defer layer.ReleaseAndLog(i.layerStore, l)
 
 	cc := image.ChildConfig{
 		ContainerID:     c.ContainerID,
diff --git a/daemon/images/image_delete.go b/daemon/images/image_delete.go
index 94d6f872dda54..c4acf89999e99 100644
--- a/daemon/images/image_delete.go
+++ b/daemon/images/image_delete.go
@@ -64,7 +64,7 @@ func (i *ImageService) ImageDelete(imageRef string, force, prune bool) ([]types.
 	start := time.Now()
 	records := []types.ImageDeleteResponseItem{}
 
-	img, err := i.GetImage(imageRef)
+	img, err := i.GetImage(imageRef, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -369,7 +369,7 @@ func (i *ImageService) checkImageDeleteConflict(imgID image.ID, mask conflictTyp
 	if mask&conflictRunningContainer != 0 {
 		// Check if any running container is using the image.
 		running := func(c *container.Container) bool {
-			return c.IsRunning() && c.ImageID == imgID
+			return c.ImageID == imgID && c.IsRunning()
 		}
 		if container := i.containers.First(running); container != nil {
 			return &imageDeleteConflict{
diff --git a/daemon/images/image_events.go b/daemon/images/image_events.go
index d0b3064d7043a..1d8cfcd914dc8 100644
--- a/daemon/images/image_events.go
+++ b/daemon/images/image_events.go
@@ -11,7 +11,7 @@ func (i *ImageService) LogImageEvent(imageID, refName, action string) {
 
 // LogImageEventWithAttributes generates an event related to an image with specific given attributes.
 func (i *ImageService) LogImageEventWithAttributes(imageID, refName, action string, attributes map[string]string) {
-	img, err := i.GetImage(imageID)
+	img, err := i.GetImage(imageID, nil)
 	if err == nil && img.Config != nil {
 		// image has not been removed yet.
 		// it could be missing if the event is `delete`.
diff --git a/daemon/images/image_exporter.go b/daemon/images/image_exporter.go
index 58105dcb710cc..037a694b45597 100644
--- a/daemon/images/image_exporter.go
+++ b/daemon/images/image_exporter.go
@@ -12,14 +12,14 @@ import (
 // the same tag are exported. names is the set of tags to export, and
 // outStream is the writer which the images are written to.
 func (i *ImageService) ExportImage(names []string, outStream io.Writer) error {
-	imageExporter := tarexport.NewTarExporter(i.imageStore, i.layerStores, i.referenceStore, i)
+	imageExporter := tarexport.NewTarExporter(i.imageStore, i.layerStore, i.referenceStore, i)
 	return imageExporter.Save(names, outStream)
 }
 
 // LoadImage uploads a set of images into the repository. This is the
-// complement of ImageExport.  The input stream is an uncompressed tar
+// complement of ExportImage.  The input stream is an uncompressed tar
 // ball containing images and metadata.
 func (i *ImageService) LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error {
-	imageExporter := tarexport.NewTarExporter(i.imageStore, i.layerStores, i.referenceStore, i)
+	imageExporter := tarexport.NewTarExporter(i.imageStore, i.layerStore, i.referenceStore, i)
 	return imageExporter.Load(inTar, outStream, quiet)
 }
diff --git a/daemon/images/image_history.go b/daemon/images/image_history.go
index b4ca25b1b652b..373f979335ea9 100644
--- a/daemon/images/image_history.go
+++ b/daemon/images/image_history.go
@@ -14,7 +14,7 @@ import (
 // name by walking the image lineage.
 func (i *ImageService) ImageHistory(name string) ([]*image.HistoryResponseItem, error) {
 	start := time.Now()
-	img, err := i.GetImage(name)
+	img, err := i.GetImage(name, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -36,12 +36,12 @@ func (i *ImageService) ImageHistory(name string) ([]*image.HistoryResponseItem,
 				return nil, system.ErrNotSupportedOperatingSystem
 			}
 			rootFS.Append(img.RootFS.DiffIDs[layerCounter])
-			l, err := i.layerStores[img.OperatingSystem()].Get(rootFS.ChainID())
+			l, err := i.layerStore.Get(rootFS.ChainID())
 			if err != nil {
 				return nil, err
 			}
 			layerSize, err = l.DiffSize()
-			layer.ReleaseAndLog(i.layerStores[img.OperatingSystem()], l)
+			layer.ReleaseAndLog(i.layerStore, l)
 			if err != nil {
 				return nil, err
 			}
@@ -77,7 +77,7 @@ func (i *ImageService) ImageHistory(name string) ([]*image.HistoryResponseItem,
 		if id == "" {
 			break
 		}
-		histImg, err = i.GetImage(id.String())
+		histImg, err = i.GetImage(id.String(), nil)
 		if err != nil {
 			break
 		}
diff --git a/daemon/images/image_import.go b/daemon/images/image_import.go
index 8d54e0704fe77..bd0f60c674f1e 100644
--- a/daemon/images/image_import.go
+++ b/daemon/images/image_import.go
@@ -91,11 +91,11 @@ func (i *ImageService) ImportImage(src string, repository, os string, tag string
 	if err != nil {
 		return err
 	}
-	l, err := i.layerStores[os].Register(inflatedLayerData, "")
+	l, err := i.layerStore.Register(inflatedLayerData, "")
 	if err != nil {
 		return err
 	}
-	defer layer.ReleaseAndLog(i.layerStores[os], l)
+	defer layer.ReleaseAndLog(i.layerStore, l)
 
 	created := time.Now().UTC()
 	imgConfig, err := json.Marshal(&image.Image{
diff --git a/daemon/images/image_inspect.go b/daemon/images/image_inspect.go
index 16c4c9b2dc950..f19d4ad514cdb 100644
--- a/daemon/images/image_inspect.go
+++ b/daemon/images/image_inspect.go
@@ -14,7 +14,7 @@ import (
 // LookupImage looks up an image by name and returns it as an ImageInspect
 // structure.
 func (i *ImageService) LookupImage(name string) (*types.ImageInspect, error) {
-	img, err := i.GetImage(name)
+	img, err := i.GetImage(name, nil)
 	if err != nil {
 		return nil, errors.Wrapf(err, "no such image: %s", name)
 	}
@@ -37,11 +37,11 @@ func (i *ImageService) LookupImage(name string) (*types.ImageInspect, error) {
 	var layerMetadata map[string]string
 	layerID := img.RootFS.ChainID()
 	if layerID != "" {
-		l, err := i.layerStores[img.OperatingSystem()].Get(layerID)
+		l, err := i.layerStore.Get(layerID)
 		if err != nil {
 			return nil, err
 		}
-		defer layer.ReleaseAndLog(i.layerStores[img.OperatingSystem()], l)
+		defer layer.ReleaseAndLog(i.layerStore, l)
 		size, err = l.Size()
 		if err != nil {
 			return nil, err
@@ -76,6 +76,7 @@ func (i *ImageService) LookupImage(name string) (*types.ImageInspect, error) {
 		Author:          img.Author,
 		Config:          img.Config,
 		Architecture:    img.Architecture,
+		Variant:         img.Variant,
 		Os:              img.OperatingSystem(),
 		OsVersion:       img.OSVersion,
 		Size:            size,
@@ -86,7 +87,7 @@ func (i *ImageService) LookupImage(name string) (*types.ImageInspect, error) {
 		},
 	}
 
-	imageInspect.GraphDriver.Name = i.layerStores[img.OperatingSystem()].DriverName()
+	imageInspect.GraphDriver.Name = i.layerStore.DriverName()
 	imageInspect.GraphDriver.Data = layerMetadata
 
 	return imageInspect, nil
diff --git a/daemon/images/image_prune.go b/daemon/images/image_prune.go
index 313494f2f48d0..55332020feaed 100644
--- a/daemon/images/image_prune.go
+++ b/daemon/images/image_prune.go
@@ -3,17 +3,19 @@ package images // import "github.com/docker/docker/daemon/images"
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"sync/atomic"
 	"time"
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -66,12 +68,7 @@ func (i *ImageService) ImagesPrune(ctx context.Context, pruneFilters filters.Arg
 	}
 
 	// Filter intermediary images and get their unique size
-	allLayers := make(map[layer.ChainID]layer.Layer)
-	for _, ls := range i.layerStores {
-		for k, v := range ls.Map() {
-			allLayers[k] = v
-		}
-	}
+	allLayers := i.layerStore.Map()
 	topImages := map[image.ID]*image.Image{}
 	for id, img := range allImages {
 		select {
@@ -159,7 +156,11 @@ deleteImagesLoop:
 	if canceled {
 		logrus.Debugf("ImagesPrune operation cancelled: %#v", *rep)
 	}
-
+	i.eventsService.Log("prune", events.ImageEventType, events.Actor{
+		Attributes: map[string]string{
+			"reclaimed": strconv.FormatUint(rep.SpaceReclaimed, 10),
+		},
+	})
 	return rep, nil
 }
 
diff --git a/daemon/images/image_pull.go b/daemon/images/image_pull.go
index 3e6b4330373b9..bb8bce5aaa106 100644
--- a/daemon/images/image_pull.go
+++ b/daemon/images/image_pull.go
@@ -6,6 +6,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/namespaces"
 	dist "github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
@@ -13,9 +15,11 @@ import (
 	progressutils "github.com/docker/docker/distribution/utils"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/registry"
-	"github.com/opencontainers/go-digest"
+	"github.com/docker/docker/pkg/streamformatter"
+	digest "github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // PullImage initiates a pull operation. image is the repository name to pull, and
@@ -48,7 +52,29 @@ func (i *ImageService) PullImage(ctx context.Context, image, tag string, platfor
 
 	err = i.pullImageWithReference(ctx, ref, platform, metaHeaders, authConfig, outStream)
 	imageActions.WithValues("pull").UpdateSince(start)
-	return err
+	if err != nil {
+		return err
+	}
+
+	if platform != nil {
+		// If --platform was specified, check that the image we pulled matches
+		// the expected platform. This check is for situations where the image
+		// is a single-arch image, in which case (for backward compatibility),
+		// we allow the image to have a non-matching architecture. The code
+		// below checks for this situation, and returns a warning to the client,
+		// as well as logging it to the daemon logs.
+		img, err := i.GetImage(image, platform)
+
+		// Note that this is a special case where GetImage returns both an image
+		// and an error: https://github.com/docker/docker/blob/v20.10.7/daemon/images/image.go#L175-L183
+		if errdefs.IsNotFound(err) && img != nil {
+			po := streamformatter.NewJSONProgressOutput(outStream, false)
+			progress.Messagef(po, "", `WARNING: %s`, err.Error())
+			logrus.WithError(err).WithField("image", image).Warn("ignoring platform mismatch on single-arch image")
+		}
+	}
+
+	return nil
 }
 
 func (i *ImageService) pullImageWithReference(ctx context.Context, ref reference.Named, platform *specs.Platform, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
@@ -65,6 +91,25 @@ func (i *ImageService) pullImageWithReference(ctx context.Context, ref reference
 		close(writesDone)
 	}()
 
+	ctx = namespaces.WithNamespace(ctx, i.contentNamespace)
+	// Take out a temporary lease for everything that gets persisted to the content store.
+	// Before the lease is cancelled, any content we want to keep should have it's own lease applied.
+	ctx, done, err := tempLease(ctx, i.leases)
+	if err != nil {
+		return err
+	}
+	defer done(ctx)
+
+	cs := &contentStoreForPull{
+		ContentStore: i.content,
+		leases:       i.leases,
+	}
+	imageStore := &imageStoreForPull{
+		ImageConfigStore: distribution.NewImageConfigStoreFromStore(i.imageStore),
+		ingested:         cs,
+		leases:           i.leases,
+	}
+
 	imagePullConfig := &distribution.ImagePullConfig{
 		Config: distribution.Config{
 			MetaHeaders:      metaHeaders,
@@ -73,7 +118,7 @@ func (i *ImageService) pullImageWithReference(ctx context.Context, ref reference
 			RegistryService:  i.registryService,
 			ImageEventLogger: i.LogImageEvent,
 			MetadataStore:    i.distributionMetadataStore,
-			ImageStore:       distribution.NewImageConfigStoreFromStore(i.imageStore),
+			ImageStore:       imageStore,
 			ReferenceStore:   i.referenceStore,
 		},
 		DownloadManager: i.downloadManager,
@@ -81,46 +126,67 @@ func (i *ImageService) pullImageWithReference(ctx context.Context, ref reference
 		Platform:        platform,
 	}
 
-	err := distribution.Pull(ctx, ref, imagePullConfig)
+	err = distribution.Pull(ctx, ref, imagePullConfig, cs)
 	close(progressChan)
 	<-writesDone
 	return err
 }
 
 // GetRepository returns a repository from the registry.
-func (i *ImageService) GetRepository(ctx context.Context, ref reference.Named, authConfig *types.AuthConfig) (dist.Repository, bool, error) {
+func (i *ImageService) GetRepository(ctx context.Context, ref reference.Named, authConfig *types.AuthConfig) (dist.Repository, error) {
 	// get repository info
 	repoInfo, err := i.registryService.ResolveRepository(ref)
 	if err != nil {
-		return nil, false, err
+		return nil, errdefs.InvalidParameter(err)
 	}
 	// makes sure name is not empty or `scratch`
 	if err := distribution.ValidateRepoName(repoInfo.Name); err != nil {
-		return nil, false, errdefs.InvalidParameter(err)
+		return nil, errdefs.InvalidParameter(err)
 	}
 
 	// get endpoints
 	endpoints, err := i.registryService.LookupPullEndpoints(reference.Domain(repoInfo.Name))
 	if err != nil {
-		return nil, false, err
+		return nil, err
 	}
 
 	// retrieve repository
 	var (
-		confirmedV2 bool
-		repository  dist.Repository
-		lastError   error
+		repository dist.Repository
+		lastError  error
 	)
 
 	for _, endpoint := range endpoints {
-		if endpoint.Version == registry.APIVersion1 {
-			continue
-		}
-
-		repository, confirmedV2, lastError = distribution.NewV2Repository(ctx, repoInfo, endpoint, nil, authConfig, "pull")
-		if lastError == nil && confirmedV2 {
+		repository, lastError = distribution.NewV2Repository(ctx, repoInfo, endpoint, nil, authConfig, "pull")
+		if lastError == nil {
 			break
 		}
 	}
-	return repository, confirmedV2, lastError
+	return repository, lastError
+}
+
+func tempLease(ctx context.Context, mgr leases.Manager) (context.Context, func(context.Context) error, error) {
+	nop := func(context.Context) error { return nil }
+	_, ok := leases.FromContext(ctx)
+	if ok {
+		return ctx, nop, nil
+	}
+
+	// Use an expiration that ensures the lease is cleaned up at some point if there is a crash, SIGKILL, etc.
+	opts := []leases.Opt{
+		leases.WithRandomID(),
+		leases.WithExpiration(24 * time.Hour),
+		leases.WithLabels(map[string]string{
+			"moby.lease/temporary": time.Now().UTC().Format(time.RFC3339Nano),
+		}),
+	}
+	l, err := mgr.Create(ctx, opts...)
+	if err != nil {
+		return ctx, nop, errors.Wrap(err, "error creating temporary lease")
+	}
+
+	ctx = leases.WithLease(ctx, l.ID)
+	return ctx, func(ctx context.Context) error {
+		return mgr.Delete(ctx, l)
+	}, nil
 }
diff --git a/daemon/images/image_push.go b/daemon/images/image_push.go
index 4c7be8d2e9749..302ffd8eece1a 100644
--- a/daemon/images/image_push.go
+++ b/daemon/images/image_push.go
@@ -53,7 +53,7 @@ func (i *ImageService) PushImage(ctx context.Context, image, tag string, metaHea
 			ReferenceStore:   i.referenceStore,
 		},
 		ConfigMediaType: schema2.MediaTypeImageConfig,
-		LayerStores:     distribution.NewLayerProvidersFromStores(i.layerStores),
+		LayerStores:     distribution.NewLayerProvidersFromStore(i.layerStore),
 		TrustKey:        i.trustKey,
 		UploadManager:   i.uploadManager,
 	}
diff --git a/daemon/images/image_tag.go b/daemon/images/image_tag.go
index 4693611c3a199..becd2e2df3d77 100644
--- a/daemon/images/image_tag.go
+++ b/daemon/images/image_tag.go
@@ -8,7 +8,7 @@ import (
 // TagImage creates the tag specified by newTag, pointing to the image named
 // imageName (alternatively, imageName can also be an image ID).
 func (i *ImageService) TagImage(imageName, repository, tag string) (string, error) {
-	img, err := i.GetImage(imageName)
+	img, err := i.GetImage(imageName, nil)
 	if err != nil {
 		return "", err
 	}
diff --git a/daemon/images/image_unix.go b/daemon/images/image_unix.go
index 3f577271a2585..f28008488ee85 100644
--- a/daemon/images/image_unix.go
+++ b/daemon/images/image_unix.go
@@ -1,10 +1,9 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package images // import "github.com/docker/docker/daemon/images"
 
 import (
-	"runtime"
-
 	"github.com/sirupsen/logrus"
 )
 
@@ -17,17 +16,17 @@ func (i *ImageService) GetContainerLayerSize(containerID string) (int64, int64)
 
 	// Safe to index by runtime.GOOS as Unix hosts don't support multiple
 	// container operating systems.
-	rwlayer, err := i.layerStores[runtime.GOOS].GetRWLayer(containerID)
+	rwlayer, err := i.layerStore.GetRWLayer(containerID)
 	if err != nil {
 		logrus.Errorf("Failed to compute size of container rootfs %v: %v", containerID, err)
 		return sizeRw, sizeRootfs
 	}
-	defer i.layerStores[runtime.GOOS].ReleaseRWLayer(rwlayer)
+	defer i.layerStore.ReleaseRWLayer(rwlayer)
 
 	sizeRw, err = rwlayer.Size()
 	if err != nil {
 		logrus.Errorf("Driver %s couldn't return diff size of container %s: %s",
-			i.layerStores[runtime.GOOS].DriverName(), containerID, err)
+			i.layerStore.DriverName(), containerID, err)
 		// FIXME: GetSize should return an error. Not changing it now in case
 		// there is a side-effect.
 		sizeRw = -1
diff --git a/daemon/images/image_windows.go b/daemon/images/image_windows.go
index 6f4be49736701..035d7b7139a45 100644
--- a/daemon/images/image_windows.go
+++ b/daemon/images/image_windows.go
@@ -23,9 +23,9 @@ func (i *ImageService) GetLayerFolders(img *image.Image, rwLayer layer.RWLayer)
 		if !system.IsOSSupported(img.OperatingSystem()) {
 			return nil, errors.Wrapf(system.ErrNotSupportedOperatingSystem, "cannot get layerpath for ImageID %s", img.RootFS.ChainID())
 		}
-		layerPath, err := layer.GetLayerPath(i.layerStores[img.OperatingSystem()], img.RootFS.ChainID())
+		layerPath, err := layer.GetLayerPath(i.layerStore, img.RootFS.ChainID())
 		if err != nil {
-			return nil, errors.Wrapf(err, "failed to get layer path from graphdriver %s for ImageID %s", i.layerStores[img.OperatingSystem()], img.RootFS.ChainID())
+			return nil, errors.Wrapf(err, "failed to get layer path from graphdriver %s for ImageID %s", i.layerStore, img.RootFS.ChainID())
 		}
 		// Reverse order, expecting parent first
 		folders = append([]string{layerPath}, folders...)
diff --git a/daemon/images/images.go b/daemon/images/images.go
index d1ca978f3b131..e756bc334d399 100644
--- a/daemon/images/images.go
+++ b/daemon/images/images.go
@@ -1,6 +1,7 @@
 package images // import "github.com/docker/docker/daemon/images"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"sort"
@@ -10,7 +11,6 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
@@ -38,59 +38,54 @@ func (i *ImageService) Map() map[image.ID]*image.Image {
 	return i.imageStore.Map()
 }
 
-// Images returns a filtered list of images. filterArgs is a JSON-encoded set
-// of filter arguments which will be interpreted by api/types/filters.
-// filter is a shell glob string applied to repository names. The argument
-// named all controls whether all images in the graph are filtered, or just
-// the heads.
-func (i *ImageService) Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error) {
-	var (
-		allImages    map[image.ID]*image.Image
-		err          error
-		danglingOnly = false
-	)
-
-	if err := imageFilters.Validate(acceptedImageFilterTags); err != nil {
+// Images returns a filtered list of images.
+func (i *ImageService) Images(_ context.Context, opts types.ImageListOptions) ([]*types.ImageSummary, error) {
+	if err := opts.Filters.Validate(acceptedImageFilterTags); err != nil {
 		return nil, err
 	}
 
-	if imageFilters.Contains("dangling") {
-		if imageFilters.ExactMatch("dangling", "true") {
+	var danglingOnly bool
+	if opts.Filters.Contains("dangling") {
+		if opts.Filters.ExactMatch("dangling", "true") {
 			danglingOnly = true
-		} else if !imageFilters.ExactMatch("dangling", "false") {
-			return nil, invalidFilter{"dangling", imageFilters.Get("dangling")}
+		} else if !opts.Filters.ExactMatch("dangling", "false") {
+			return nil, invalidFilter{"dangling", opts.Filters.Get("dangling")}
 		}
 	}
-	if danglingOnly {
-		allImages = i.imageStore.Heads()
-	} else {
-		allImages = i.imageStore.Map()
-	}
 
-	var beforeFilter, sinceFilter *image.Image
-	err = imageFilters.WalkValues("before", func(value string) error {
-		beforeFilter, err = i.GetImage(value)
+	var (
+		beforeFilter, sinceFilter *image.Image
+		err                       error
+	)
+	err = opts.Filters.WalkValues("before", func(value string) error {
+		beforeFilter, err = i.GetImage(value, nil)
 		return err
 	})
 	if err != nil {
 		return nil, err
 	}
 
-	err = imageFilters.WalkValues("since", func(value string) error {
-		sinceFilter, err = i.GetImage(value)
+	err = opts.Filters.WalkValues("since", func(value string) error {
+		sinceFilter, err = i.GetImage(value, nil)
 		return err
 	})
 	if err != nil {
 		return nil, err
 	}
 
-	images := []*types.ImageSummary{}
-	var imagesMap map[*image.Image]*types.ImageSummary
-	var layerRefs map[layer.ChainID]int
-	var allLayers map[layer.ChainID]layer.Layer
-	var allContainers []*container.Container
+	var selectedImages map[image.ID]*image.Image
+	if danglingOnly {
+		selectedImages = i.imageStore.Heads()
+	} else {
+		selectedImages = i.imageStore.Map()
+	}
 
-	for id, img := range allImages {
+	var (
+		summaries     = make([]*types.ImageSummary, 0, len(selectedImages))
+		summaryMap    map[*image.Image]*types.ImageSummary
+		allContainers []*container.Container
+	)
+	for id, img := range selectedImages {
 		if beforeFilter != nil {
 			if img.Created.Equal(beforeFilter.Created) || img.Created.After(beforeFilter.Created) {
 				continue
@@ -103,13 +98,13 @@ func (i *ImageService) Images(imageFilters filters.Args, all bool, withExtraAttr
 			}
 		}
 
-		if imageFilters.Contains("label") {
+		if opts.Filters.Contains("label") {
 			// Very old image that do not have image.Config (or even labels)
 			if img.Config == nil {
 				continue
 			}
 			// We are now sure image.Config is not nil
-			if !imageFilters.MatchKVList("label", img.Config.Labels) {
+			if !opts.Filters.MatchKVList("label", img.Config.Labels) {
 				continue
 			}
 		}
@@ -121,10 +116,9 @@ func (i *ImageService) Images(imageFilters filters.Args, all bool, withExtraAttr
 			continue
 		}
 
-		layerID := img.RootFS.ChainID()
 		var size int64
-		if layerID != "" {
-			l, err := i.layerStores[img.OperatingSystem()].Get(layerID)
+		if layerID := img.RootFS.ChainID(); layerID != "" {
+			l, err := i.layerStore.Get(layerID)
 			if err != nil {
 				// The layer may have been deleted between the call to `Map()` or
 				// `Heads()` and the call to `Get()`, so we just ignore this error
@@ -135,122 +129,134 @@ func (i *ImageService) Images(imageFilters filters.Args, all bool, withExtraAttr
 			}
 
 			size, err = l.Size()
-			layer.ReleaseAndLog(i.layerStores[img.OperatingSystem()], l)
+			layer.ReleaseAndLog(i.layerStore, l)
 			if err != nil {
 				return nil, err
 			}
 		}
 
-		newImage := newImage(img, size)
+		summary := newImageSummary(img, size)
 
 		for _, ref := range i.referenceStore.References(id.Digest()) {
-			if imageFilters.Contains("reference") {
+			if opts.Filters.Contains("reference") {
 				var found bool
 				var matchErr error
-				for _, pattern := range imageFilters.Get("reference") {
+				for _, pattern := range opts.Filters.Get("reference") {
 					found, matchErr = reference.FamiliarMatch(pattern, ref)
 					if matchErr != nil {
 						return nil, matchErr
 					}
+					if found {
+						break
+					}
 				}
 				if !found {
 					continue
 				}
 			}
 			if _, ok := ref.(reference.Canonical); ok {
-				newImage.RepoDigests = append(newImage.RepoDigests, reference.FamiliarString(ref))
+				summary.RepoDigests = append(summary.RepoDigests, reference.FamiliarString(ref))
 			}
 			if _, ok := ref.(reference.NamedTagged); ok {
-				newImage.RepoTags = append(newImage.RepoTags, reference.FamiliarString(ref))
+				summary.RepoTags = append(summary.RepoTags, reference.FamiliarString(ref))
 			}
 		}
-		if newImage.RepoDigests == nil && newImage.RepoTags == nil {
-			if all || len(i.imageStore.Children(id)) == 0 {
+		if summary.RepoDigests == nil && summary.RepoTags == nil {
+			if opts.All || len(i.imageStore.Children(id)) == 0 {
 
-				if imageFilters.Contains("dangling") && !danglingOnly {
-					//dangling=false case, so dangling image is not needed
+				if opts.Filters.Contains("dangling") && !danglingOnly {
+					// dangling=false case, so dangling image is not needed
 					continue
 				}
-				if imageFilters.Contains("reference") { // skip images with no references if filtering by reference
+				if opts.Filters.Contains("reference") { // skip images with no references if filtering by reference
 					continue
 				}
-				newImage.RepoDigests = []string{"<none>@<none>"}
-				newImage.RepoTags = []string{"<none>:<none>"}
+				summary.RepoDigests = []string{"<none>@<none>"}
+				summary.RepoTags = []string{"<none>:<none>"}
 			} else {
 				continue
 			}
-		} else if danglingOnly && len(newImage.RepoTags) > 0 {
+		} else if danglingOnly && len(summary.RepoTags) > 0 {
 			continue
 		}
 
-		if withExtraAttrs {
-			// lazily init variables
-			if imagesMap == nil {
+		if opts.ContainerCount {
+			// Lazily init allContainers.
+			if allContainers == nil {
 				allContainers = i.containers.List()
-
-				// allLayers is built from all layerstores combined
-				allLayers = make(map[layer.ChainID]layer.Layer)
-				for _, ls := range i.layerStores {
-					layers := ls.Map()
-					for k, v := range layers {
-						allLayers[k] = v
-					}
-				}
-				imagesMap = make(map[*image.Image]*types.ImageSummary)
-				layerRefs = make(map[layer.ChainID]int)
 			}
 
 			// Get container count
-			newImage.Containers = 0
+			var containers int64
 			for _, c := range allContainers {
 				if c.ImageID == id {
-					newImage.Containers++
+					containers++
 				}
 			}
+			// NOTE: By default, Containers is -1, or "not set"
+			summary.Containers = containers
+		}
+
+		if opts.ContainerCount || opts.SharedSize {
+			// Lazily init summaryMap.
+			if summaryMap == nil {
+				summaryMap = make(map[*image.Image]*types.ImageSummary, len(selectedImages))
+			}
+			summaryMap[img] = summary
+		}
+		summaries = append(summaries, summary)
+	}
 
-			// count layer references
+	if opts.SharedSize {
+		allLayers := i.layerStore.Map()
+		layerRefs := make(map[layer.ChainID]int, len(allLayers))
+
+		allImages := selectedImages
+		if danglingOnly {
+			// If danglingOnly is true, then selectedImages include only dangling images,
+			// but we need to consider all existing images to correctly perform reference counting.
+			// If danglingOnly is false, selectedImages (and, hence, allImages) is already equal to i.imageStore.Map()
+			// and we can avoid performing an otherwise redundant method call.
+			allImages = i.imageStore.Map()
+		}
+		// Count layer references across all known images
+		for _, img := range allImages {
 			rootFS := *img.RootFS
 			rootFS.DiffIDs = nil
 			for _, id := range img.RootFS.DiffIDs {
 				rootFS.Append(id)
-				chid := rootFS.ChainID()
-				layerRefs[chid]++
-				if _, ok := allLayers[chid]; !ok {
-					return nil, fmt.Errorf("layer %v was not found (corruption?)", chid)
-				}
+				layerRefs[rootFS.ChainID()]++
 			}
-			imagesMap[img] = newImage
 		}
 
-		images = append(images, newImage)
-	}
-
-	if withExtraAttrs {
 		// Get Shared sizes
-		for img, newImage := range imagesMap {
+		for img, summary := range summaryMap {
 			rootFS := *img.RootFS
 			rootFS.DiffIDs = nil
 
-			newImage.SharedSize = 0
+			// Indicate that we collected shared size information (default is -1, or "not set")
+			summary.SharedSize = 0
 			for _, id := range img.RootFS.DiffIDs {
 				rootFS.Append(id)
 				chid := rootFS.ChainID()
 
-				diffSize, err := allLayers[chid].DiffSize()
-				if err != nil {
-					return nil, err
-				}
-
 				if layerRefs[chid] > 1 {
-					newImage.SharedSize += diffSize
+					if _, ok := allLayers[chid]; !ok {
+						return nil, fmt.Errorf("layer %v was not found (corruption?)", chid)
+					}
+					diffSize, err := allLayers[chid].DiffSize()
+					if err != nil {
+						return nil, err
+					}
+					summary.SharedSize += diffSize
 				}
 			}
 		}
 	}
 
-	sort.Sort(sort.Reverse(byCreated(images)))
+	sort.Sort(sort.Reverse(byCreated(summaries)))
 
-	return images, nil
+	return summaries, nil
 }
 
 // SquashImage creates a new image with the diff of the specified image and the specified parent.
@@ -282,11 +288,11 @@ func (i *ImageService) SquashImage(id, parent string) (string, error) {
 	if !system.IsOSSupported(img.OperatingSystem()) {
 		return "", errors.Wrap(err, system.ErrNotSupportedOperatingSystem.Error())
 	}
-	l, err := i.layerStores[img.OperatingSystem()].Get(img.RootFS.ChainID())
+	l, err := i.layerStore.Get(img.RootFS.ChainID())
 	if err != nil {
 		return "", errors.Wrap(err, "error getting image layer")
 	}
-	defer i.layerStores[img.OperatingSystem()].Release(l)
+	defer i.layerStore.Release(l)
 
 	ts, err := l.TarStreamFrom(parentChainID)
 	if err != nil {
@@ -294,11 +300,11 @@ func (i *ImageService) SquashImage(id, parent string) (string, error) {
 	}
 	defer ts.Close()
 
-	newL, err := i.layerStores[img.OperatingSystem()].Register(ts, parentChainID)
+	newL, err := i.layerStore.Register(ts, parentChainID)
 	if err != nil {
 		return "", errors.Wrap(err, "error registering layer")
 	}
-	defer i.layerStores[img.OperatingSystem()].Release(newL)
+	defer i.layerStore.Release(newL)
 
 	newImage := *img
 	newImage.RootFS = nil
@@ -340,17 +346,22 @@ func (i *ImageService) SquashImage(id, parent string) (string, error) {
 	return string(newImgID), nil
 }
 
-func newImage(image *image.Image, size int64) *types.ImageSummary {
-	newImage := new(types.ImageSummary)
-	newImage.ParentID = image.Parent.String()
-	newImage.ID = image.ID().String()
-	newImage.Created = image.Created.Unix()
-	newImage.Size = size
-	newImage.VirtualSize = size
-	newImage.SharedSize = -1
-	newImage.Containers = -1
+func newImageSummary(image *image.Image, size int64) *types.ImageSummary {
+	summary := &types.ImageSummary{
+		ParentID:    image.Parent.String(),
+		ID:          image.ID().String(),
+		Created:     image.Created.Unix(),
+		Size:        size,
+		VirtualSize: size,
+		// -1 indicates that the value has not been set (avoids ambiguity
+		// between 0 (default) and "not set". We cannot use a pointer (nil)
+		// for this, as the JSON representation uses "omitempty", which would
+		// consider both "0" and "nil" to be "empty".
+		SharedSize: -1,
+		Containers: -1,
+	}
 	if image.Config != nil {
-		newImage.Labels = image.Config.Labels
+		summary.Labels = image.Config.Labels
 	}
-	return newImage
+	return summary
 }
diff --git a/daemon/images/images_test.go b/daemon/images/images_test.go
new file mode 100644
index 0000000000000..2608c0b4ed819
--- /dev/null
+++ b/daemon/images/images_test.go
@@ -0,0 +1,33 @@
+package images
+
+import (
+	"testing"
+
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
+)
+
+func TestOnlyPlatformWithFallback(t *testing.T) {
+	p := specs.Platform{
+		OS:           "linux",
+		Architecture: "arm",
+		Variant:      "v8",
+	}
+
+	// Check no variant
+	assert.Assert(t, OnlyPlatformWithFallback(p).Match(specs.Platform{
+		OS:           p.OS,
+		Architecture: p.Architecture,
+	}))
+	// check with variant
+	assert.Assert(t, OnlyPlatformWithFallback(p).Match(specs.Platform{
+		OS:           p.OS,
+		Architecture: p.Architecture,
+		Variant:      p.Variant,
+	}))
+	// Make sure non-matches are false.
+	assert.Assert(t, !OnlyPlatformWithFallback(p).Match(specs.Platform{
+		OS:           p.OS,
+		Architecture: "amd64",
+	}))
+}
diff --git a/daemon/images/locals.go b/daemon/images/locals.go
index 5ffc460a09e9a..a57ea2da60957 100644
--- a/daemon/images/locals.go
+++ b/daemon/images/locals.go
@@ -3,7 +3,7 @@ package images // import "github.com/docker/docker/daemon/images"
 import (
 	"fmt"
 
-	"github.com/docker/go-metrics"
+	metrics "github.com/docker/go-metrics"
 )
 
 type invalidFilter struct {
diff --git a/daemon/images/service.go b/daemon/images/service.go
index e8df5cb649858..85c3bd5d407ea 100644
--- a/daemon/images/service.go
+++ b/daemon/images/service.go
@@ -2,9 +2,13 @@ package images // import "github.com/docker/docker/daemon/images"
 
 import (
 	"context"
+	"fmt"
 	"os"
-	"runtime"
 
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/leases"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/container"
 	daemonevents "github.com/docker/docker/daemon/events"
 	"github.com/docker/docker/distribution"
@@ -15,9 +19,10 @@ import (
 	dockerreference "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
 	"github.com/docker/libtrust"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/singleflight"
 )
 
 type containerStore interface {
@@ -35,29 +40,37 @@ type ImageServiceConfig struct {
 	DistributionMetadataStore metadata.Store
 	EventsService             *daemonevents.Events
 	ImageStore                image.Store
-	LayerStores               map[string]layer.Store
+	LayerStore                layer.Store
 	MaxConcurrentDownloads    int
 	MaxConcurrentUploads      int
+	MaxDownloadAttempts       int
 	ReferenceStore            dockerreference.Store
 	RegistryService           registry.Service
 	TrustKey                  libtrust.PrivateKey
+	ContentStore              content.Store
+	Leases                    leases.Manager
+	ContentNamespace          string
 }
 
 // NewImageService returns a new ImageService from a configuration
 func NewImageService(config ImageServiceConfig) *ImageService {
 	logrus.Debugf("Max Concurrent Downloads: %d", config.MaxConcurrentDownloads)
 	logrus.Debugf("Max Concurrent Uploads: %d", config.MaxConcurrentUploads)
+	logrus.Debugf("Max Download Attempts: %d", config.MaxDownloadAttempts)
 	return &ImageService{
 		containers:                config.ContainerStore,
 		distributionMetadataStore: config.DistributionMetadataStore,
-		downloadManager:           xfer.NewLayerDownloadManager(config.LayerStores, config.MaxConcurrentDownloads),
+		downloadManager:           xfer.NewLayerDownloadManager(config.LayerStore, config.MaxConcurrentDownloads, xfer.WithMaxDownloadAttempts(config.MaxDownloadAttempts)),
 		eventsService:             config.EventsService,
-		imageStore:                config.ImageStore,
-		layerStores:               config.LayerStores,
+		imageStore:                &imageStoreWithLease{Store: config.ImageStore, leases: config.Leases, ns: config.ContentNamespace},
+		layerStore:                config.LayerStore,
 		referenceStore:            config.ReferenceStore,
 		registryService:           config.RegistryService,
 		trustKey:                  config.TrustKey,
 		uploadManager:             xfer.NewLayerUploadManager(config.MaxConcurrentUploads),
+		leases:                    config.Leases,
+		content:                   config.ContentStore,
+		contentNamespace:          config.ContentNamespace,
 	}
 }
 
@@ -68,19 +81,23 @@ type ImageService struct {
 	downloadManager           *xfer.LayerDownloadManager
 	eventsService             *daemonevents.Events
 	imageStore                image.Store
-	layerStores               map[string]layer.Store // By operating system
+	layerStore                layer.Store
 	pruneRunning              int32
 	referenceStore            dockerreference.Store
 	registryService           registry.Service
 	trustKey                  libtrust.PrivateKey
 	uploadManager             *xfer.LayerUploadManager
+	leases                    leases.Manager
+	content                   content.Store
+	contentNamespace          string
+	usage                     singleflight.Group
 }
 
 // DistributionServices provides daemon image storage services
 type DistributionServices struct {
 	DownloadManager   distribution.RootFSDownloadManager
 	V2MetadataService metadata.V2MetadataService
-	LayerStore        layer.Store // TODO: lcow
+	LayerStore        layer.Store
 	ImageStore        image.Store
 	ReferenceStore    dockerreference.Store
 }
@@ -90,7 +107,7 @@ func (i *ImageService) DistributionServices() DistributionServices {
 	return DistributionServices{
 		DownloadManager:   i.downloadManager,
 		V2MetadataService: metadata.NewV2MetadataService(i.distributionMetadataStore),
-		LayerStore:        i.layerStores[runtime.GOOS],
+		LayerStore:        i.layerStore,
 		ImageStore:        i.imageStore,
 		ReferenceStore:    i.referenceStore,
 	}
@@ -130,61 +147,52 @@ func (i *ImageService) CreateLayer(container *container.Container, initFunc laye
 
 	// Indexing by OS is safe here as validation of OS has already been performed in create() (the only
 	// caller), and guaranteed non-nil
-	return i.layerStores[container.OS].CreateRWLayer(container.ID, layerID, rwLayerOpts)
+	return i.layerStore.CreateRWLayer(container.ID, layerID, rwLayerOpts)
 }
 
-// GetLayerByID returns a layer by ID and operating system
+// GetLayerByID returns a layer by ID
 // called from daemon.go Daemon.restore(), and Daemon.containerExport()
-func (i *ImageService) GetLayerByID(cid string, os string) (layer.RWLayer, error) {
-	return i.layerStores[os].GetRWLayer(cid)
+func (i *ImageService) GetLayerByID(cid string) (layer.RWLayer, error) {
+	return i.layerStore.GetRWLayer(cid)
 }
 
 // LayerStoreStatus returns the status for each layer store
 // called from info.go
-func (i *ImageService) LayerStoreStatus() map[string][][2]string {
-	result := make(map[string][][2]string)
-	for os, store := range i.layerStores {
-		result[os] = store.DriverStatus()
-	}
-	return result
+func (i *ImageService) LayerStoreStatus() [][2]string {
+	return i.layerStore.DriverStatus()
 }
 
 // GetLayerMountID returns the mount ID for a layer
 // called from daemon.go Daemon.Shutdown(), and Daemon.Cleanup() (cleanup is actually continerCleanup)
-// TODO: needs to be refactored to Unmount (see callers), or removed and replaced
-// with GetLayerByID
-func (i *ImageService) GetLayerMountID(cid string, os string) (string, error) {
-	return i.layerStores[os].GetMountID(cid)
+// TODO: needs to be refactored to Unmount (see callers), or removed and replaced with GetLayerByID
+func (i *ImageService) GetLayerMountID(cid string) (string, error) {
+	return i.layerStore.GetMountID(cid)
 }
 
 // Cleanup resources before the process is shutdown.
 // called from daemon.go Daemon.Shutdown()
 func (i *ImageService) Cleanup() {
-	for os, ls := range i.layerStores {
-		if ls != nil {
-			if err := ls.Cleanup(); err != nil {
-				logrus.Errorf("Error during layer Store.Cleanup(): %v %s", err, os)
-			}
-		}
+	if err := i.layerStore.Cleanup(); err != nil {
+		logrus.Errorf("Error during layer Store.Cleanup(): %v", err)
 	}
 }
 
-// GraphDriverForOS returns the name of the graph drvier
+// GraphDriverName returns the name of the graph drvier
 // moved from Daemon.GraphDriverName, used by:
 // - newContainer
 // - to report an error in Daemon.Mount(container)
-func (i *ImageService) GraphDriverForOS(os string) string {
-	return i.layerStores[os].DriverName()
+func (i *ImageService) GraphDriverName() string {
+	return i.layerStore.DriverName()
 }
 
 // ReleaseLayer releases a layer allowing it to be removed
 // called from delete.go Daemon.cleanupContainer(), and Daemon.containerExport()
 func (i *ImageService) ReleaseLayer(rwlayer layer.RWLayer, containerOS string) error {
-	metadata, err := i.layerStores[containerOS].ReleaseRWLayer(rwlayer)
+	metadata, err := i.layerStore.ReleaseRWLayer(rwlayer)
 	layer.LogReleaseMetadata(metadata)
-	if err != nil && err != layer.ErrMountDoesNotExist && !os.IsNotExist(errors.Cause(err)) {
+	if err != nil && !errors.Is(err, layer.ErrMountDoesNotExist) && !errors.Is(err, os.ErrNotExist) {
 		return errors.Wrapf(err, "driver %q failed to remove root filesystem",
-			i.layerStores[containerOS].DriverName())
+			i.layerStore.DriverName())
 	}
 	return nil
 }
@@ -192,10 +200,10 @@ func (i *ImageService) ReleaseLayer(rwlayer layer.RWLayer, containerOS string) e
 // LayerDiskUsage returns the number of bytes used by layer stores
 // called from disk_usage.go
 func (i *ImageService) LayerDiskUsage(ctx context.Context) (int64, error) {
-	var allLayersSize int64
-	layerRefs := i.getLayerRefs()
-	for _, ls := range i.layerStores {
-		allLayers := ls.Map()
+	ch := i.usage.DoChan("LayerDiskUsage", func() (interface{}, error) {
+		var allLayersSize int64
+		layerRefs := i.getLayerRefs()
+		allLayers := i.layerStore.Map()
 		for _, l := range allLayers {
 			select {
 			case <-ctx.Done():
@@ -211,8 +219,17 @@ func (i *ImageService) LayerDiskUsage(ctx context.Context) (int64, error) {
 				}
 			}
 		}
+		return allLayersSize, nil
+	})
+	select {
+	case <-ctx.Done():
+		return 0, ctx.Err()
+	case res := <-ch:
+		if res.Err != nil {
+			return 0, res.Err
+		}
+		return res.Val.(int64), nil
 	}
-	return allLayersSize, nil
 }
 
 func (i *ImageService) getLayerRefs() map[layer.ChainID]int {
@@ -236,6 +253,31 @@ func (i *ImageService) getLayerRefs() map[layer.ChainID]int {
 	return layerRefs
 }
 
+// ImageDiskUsage returns information about image data disk usage.
+func (i *ImageService) ImageDiskUsage(ctx context.Context) ([]*types.ImageSummary, error) {
+	ch := i.usage.DoChan("ImageDiskUsage", func() (interface{}, error) {
+		// Get all top images with extra attributes
+		images, err := i.Images(ctx, types.ImageListOptions{
+			Filters:        filters.NewArgs(),
+			SharedSize:     true,
+			ContainerCount: true,
+		})
+		if err != nil {
+			return nil, fmt.Errorf("failed to retrieve image list: %v", err)
+		}
+		return images, nil
+	})
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case res := <-ch:
+		if res.Err != nil {
+			return nil, res.Err
+		}
+		return res.Val.([]*types.ImageSummary), nil
+	}
+}
+
 // UpdateConfig values
 //
 // called from reload.go
diff --git a/daemon/images/store.go b/daemon/images/store.go
new file mode 100644
index 0000000000000..2c8d481c50a95
--- /dev/null
+++ b/daemon/images/store.go
@@ -0,0 +1,155 @@
+package images
+
+import (
+	"context"
+	"sync"
+
+	"github.com/containerd/containerd/content"
+	c8derrdefs "github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/docker/docker/distribution"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+func imageKey(dgst digest.Digest) string {
+	return "moby-image-" + dgst.String()
+}
+
+// imageStoreWithLease wraps the configured image store with one that deletes the lease
+// reigstered for a given image ID, if one exists
+//
+// This is used by the main image service to wrap delete calls to the real image store.
+type imageStoreWithLease struct {
+	image.Store
+	leases leases.Manager
+
+	// Normally we'd pass namespace down through a context.Context, however...
+	// The interface for image store doesn't allow this, so we store it here.
+	ns string
+}
+
+func (s *imageStoreWithLease) Delete(id image.ID) ([]layer.Metadata, error) {
+	ctx := namespaces.WithNamespace(context.TODO(), s.ns)
+	if err := s.leases.Delete(ctx, leases.Lease{ID: imageKey(digest.Digest(id))}); err != nil && !c8derrdefs.IsNotFound(err) {
+		return nil, errors.Wrap(err, "error deleting lease")
+	}
+	return s.Store.Delete(id)
+}
+
+// iamgeStoreForPull is created for each pull It wraps an underlying image store
+// to handle registering leases for content fetched in a single image pull.
+type imageStoreForPull struct {
+	distribution.ImageConfigStore
+	leases   leases.Manager
+	ingested *contentStoreForPull
+}
+
+func (s *imageStoreForPull) Put(ctx context.Context, config []byte) (digest.Digest, error) {
+	id, err := s.ImageConfigStore.Put(ctx, config)
+	if err != nil {
+		return "", err
+	}
+	return id, s.updateLease(ctx, id)
+}
+
+func (s *imageStoreForPull) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
+	id, err := s.ImageConfigStore.Get(ctx, dgst)
+	if err != nil {
+		return nil, err
+	}
+	return id, s.updateLease(ctx, dgst)
+}
+
+func (s *imageStoreForPull) updateLease(ctx context.Context, dgst digest.Digest) error {
+	leaseID := imageKey(dgst)
+	lease, err := s.leases.Create(ctx, leases.WithID(leaseID))
+	if err != nil {
+		if !c8derrdefs.IsAlreadyExists(err) {
+			return errors.Wrap(err, "error creating lease")
+		}
+		lease = leases.Lease{ID: leaseID}
+	}
+
+	digested := s.ingested.getDigested()
+	resource := leases.Resource{
+		Type: "content",
+	}
+	for _, dgst := range digested {
+		log.G(ctx).WithFields(logrus.Fields{
+			"digest": dgst,
+			"lease":  lease.ID,
+		}).Debug("Adding content digest to lease")
+
+		resource.ID = dgst.String()
+		if err := s.leases.AddResource(ctx, lease, resource); err != nil {
+			return errors.Wrapf(err, "error adding content digest to lease: %s", dgst)
+		}
+	}
+	return nil
+}
+
+// contentStoreForPull is used to wrap the configured content store to
+// add lease management for a single `pull`
+// It stores all committed digests so that `imageStoreForPull` can add
+// the digsted resources to the lease for an image.
+type contentStoreForPull struct {
+	distribution.ContentStore
+	leases leases.Manager
+
+	mu       sync.Mutex
+	digested []digest.Digest
+}
+
+func (c *contentStoreForPull) addDigested(dgst digest.Digest) {
+	c.mu.Lock()
+	c.digested = append(c.digested, dgst)
+	c.mu.Unlock()
+}
+
+func (c *contentStoreForPull) getDigested() []digest.Digest {
+	c.mu.Lock()
+	digested := make([]digest.Digest, len(c.digested))
+	copy(digested, c.digested)
+	c.mu.Unlock()
+	return digested
+}
+
+func (c *contentStoreForPull) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) {
+	w, err := c.ContentStore.Writer(ctx, opts...)
+	if err != nil {
+		if c8derrdefs.IsAlreadyExists(err) {
+			var cfg content.WriterOpts
+			for _, o := range opts {
+				if err := o(&cfg); err != nil {
+					return nil, err
+				}
+
+			}
+			c.addDigested(cfg.Desc.Digest)
+		}
+		return nil, err
+	}
+	return &contentWriter{
+		cs:     c,
+		Writer: w,
+	}, nil
+}
+
+type contentWriter struct {
+	cs *contentStoreForPull
+	content.Writer
+}
+
+func (w *contentWriter) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error {
+	err := w.Writer.Commit(ctx, size, expected, opts...)
+	if err == nil || c8derrdefs.IsAlreadyExists(err) {
+		w.cs.addDigested(expected)
+	}
+	return err
+}
diff --git a/daemon/images/store_test.go b/daemon/images/store_test.go
new file mode 100644
index 0000000000000..cbb723b4a23b8
--- /dev/null
+++ b/daemon/images/store_test.go
@@ -0,0 +1,123 @@
+package images
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/content/local"
+	c8derrdefs "github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/metadata"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/docker/docker/image"
+	digest "github.com/opencontainers/go-digest"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"go.etcd.io/bbolt"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
+)
+
+func setupTestStores(t *testing.T) (context.Context, content.Store, *imageStoreWithLease, func(t *testing.T)) {
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+
+	backend, err := image.NewFSStoreBackend(filepath.Join(dir, "images"))
+	assert.NilError(t, err)
+	is, err := image.NewImageStore(backend, nil)
+	assert.NilError(t, err)
+
+	db, err := bbolt.Open(filepath.Join(dir, "metadata.db"), 0600, nil)
+	assert.NilError(t, err)
+
+	cs, err := local.NewStore(filepath.Join(dir, "content"))
+	assert.NilError(t, err)
+	mdb := metadata.NewDB(db, cs, nil)
+
+	cleanup := func(t *testing.T) {
+		assert.Check(t, db.Close())
+		assert.Check(t, os.RemoveAll(dir))
+	}
+	ctx := namespaces.WithNamespace(context.Background(), t.Name())
+	images := &imageStoreWithLease{Store: is, ns: t.Name(), leases: metadata.NewLeaseManager(mdb)}
+
+	return ctx, cs, images, cleanup
+}
+
+func TestImageDelete(t *testing.T) {
+	ctx, _, images, cleanup := setupTestStores(t)
+	defer cleanup(t)
+
+	t.Run("no lease", func(t *testing.T) {
+		id, err := images.Create([]byte(`{"rootFS": {}}`))
+		assert.NilError(t, err)
+		defer images.Delete(id)
+
+		ls, err := images.leases.List(ctx)
+		assert.NilError(t, err)
+		assert.Equal(t, len(ls), 0, ls)
+
+		_, err = images.Delete(id)
+		assert.NilError(t, err, "should not error when there is no lease")
+	})
+
+	t.Run("lease exists", func(t *testing.T) {
+		id, err := images.Create([]byte(`{"rootFS": {}}`))
+		assert.NilError(t, err)
+		defer images.Delete(id)
+
+		leaseID := imageKey(digest.Digest(id))
+		_, err = images.leases.Create(ctx, leases.WithID(leaseID))
+		assert.NilError(t, err)
+		defer images.leases.Delete(ctx, leases.Lease{ID: leaseID})
+
+		ls, err := images.leases.List(ctx)
+		assert.NilError(t, err)
+		assert.Check(t, cmp.Equal(len(ls), 1), ls)
+
+		_, err = images.Delete(id)
+		assert.NilError(t, err)
+
+		ls, err = images.leases.List(ctx)
+		assert.NilError(t, err)
+		assert.Check(t, cmp.Equal(len(ls), 0), ls)
+	})
+}
+
+func TestContentStoreForPull(t *testing.T) {
+	ctx, cs, is, cleanup := setupTestStores(t)
+	defer cleanup(t)
+
+	csP := &contentStoreForPull{
+		ContentStore: cs,
+		leases:       is.leases,
+	}
+
+	data := []byte(`{}`)
+	desc := v1.Descriptor{
+		Digest: digest.Canonical.FromBytes(data),
+		Size:   int64(len(data)),
+	}
+
+	w, err := csP.Writer(ctx, content.WithRef(t.Name()), content.WithDescriptor(desc))
+	assert.NilError(t, err)
+
+	_, err = w.Write(data)
+	assert.NilError(t, err)
+	defer w.Close()
+
+	err = w.Commit(ctx, desc.Size, desc.Digest)
+	assert.NilError(t, err)
+
+	assert.Equal(t, len(csP.digested), 1)
+	assert.Check(t, cmp.Equal(csP.digested[0], desc.Digest))
+
+	// Test already exists
+	csP.digested = nil
+	_, err = csP.Writer(ctx, content.WithRef(t.Name()), content.WithDescriptor(desc))
+	assert.Check(t, c8derrdefs.IsAlreadyExists(err))
+	assert.Equal(t, len(csP.digested), 1)
+	assert.Check(t, cmp.Equal(csP.digested[0], desc.Digest))
+}
diff --git a/daemon/info.go b/daemon/info.go
index 603474ab970b2..f6e090063ef87 100644
--- a/daemon/info.go
+++ b/daemon/info.go
@@ -2,7 +2,6 @@ package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
-	"net/url"
 	"os"
 	"runtime"
 	"strings"
@@ -11,6 +10,7 @@ import (
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/cli/debug"
+	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/fileutils"
@@ -20,13 +20,16 @@ import (
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/registry"
-	"github.com/docker/go-connections/sockets"
+	metrics "github.com/docker/go-metrics"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/sirupsen/logrus"
 )
 
 // SystemInfo returns information about the host server the daemon is running on.
-func (daemon *Daemon) SystemInfo() (*types.Info, error) {
-	sysInfo := sysinfo.New(true)
+func (daemon *Daemon) SystemInfo() *types.Info {
+	defer metrics.StartTimer(hostInfoFunctions.WithValues("system_info"))()
+
+	sysInfo := daemon.RawSysInfo()
 	cRunning, cPaused, cStopped := stateCtr.get()
 
 	v := &types.Info{
@@ -45,10 +48,10 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 		NGoroutines:        runtime.NumGoroutine(),
 		SystemTime:         time.Now().Format(time.RFC3339Nano),
 		LoggingDriver:      daemon.defaultLogConfig.Type,
-		CgroupDriver:       daemon.getCgroupDriver(),
 		NEventsListener:    daemon.EventsService.SubscribersCount(),
 		KernelVersion:      kernelVersion(),
 		OperatingSystem:    operatingSystem(),
+		OSVersion:          osVersion(),
 		IndexServerAddress: registry.IndexServer,
 		OSType:             platform.OSType,
 		Architecture:       platform.Architecture,
@@ -60,15 +63,14 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 		Labels:             daemon.configStore.Labels,
 		ExperimentalBuild:  daemon.configStore.Experimental,
 		ServerVersion:      dockerversion.Version,
-		ClusterStore:       daemon.configStore.ClusterStore,
-		ClusterAdvertise:   daemon.configStore.ClusterAdvertise,
-		HTTPProxy:          maskCredentials(sockets.GetProxyEnv("http_proxy")),
-		HTTPSProxy:         maskCredentials(sockets.GetProxyEnv("https_proxy")),
-		NoProxy:            sockets.GetProxyEnv("no_proxy"),
+		HTTPProxy:          config.MaskCredentials(getConfigOrEnv(daemon.configStore.HTTPProxy, "HTTP_PROXY", "http_proxy")),
+		HTTPSProxy:         config.MaskCredentials(getConfigOrEnv(daemon.configStore.HTTPSProxy, "HTTPS_PROXY", "https_proxy")),
+		NoProxy:            getConfigOrEnv(daemon.configStore.NoProxy, "NO_PROXY", "no_proxy"),
 		LiveRestoreEnabled: daemon.configStore.LiveRestoreEnabled,
 		Isolation:          daemon.defaultIsolation,
 	}
 
+	daemon.fillClusterInfo(v)
 	daemon.fillAPIInfo(v)
 	// Retrieve platform specific info
 	daemon.fillPlatformInfo(v, sysInfo)
@@ -76,12 +78,19 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 	daemon.fillPluginsInfo(v)
 	daemon.fillSecurityOptions(v, sysInfo)
 	daemon.fillLicense(v)
+	daemon.fillDefaultAddressPools(v)
+
+	if v.DefaultRuntime == config.LinuxV1RuntimeName {
+		v.Warnings = append(v.Warnings, fmt.Sprintf("Configured default runtime %q is deprecated and will be removed in the next release.", config.LinuxV1RuntimeName))
+	}
 
-	return v, nil
+	return v
 }
 
 // SystemVersion returns version information about the daemon.
 func (daemon *Daemon) SystemVersion() types.Version {
+	defer metrics.StartTimer(hostInfoFunctions.WithValues("system_version"))()
+
 	kernelVersion := kernelVersion()
 
 	v := types.Version{
@@ -118,28 +127,28 @@ func (daemon *Daemon) SystemVersion() types.Version {
 
 	v.Platform.Name = dockerversion.PlatformName
 
+	daemon.fillPlatformVersion(&v)
 	return v
 }
 
+func (daemon *Daemon) fillClusterInfo(v *types.Info) {
+	v.ClusterAdvertise = daemon.configStore.ClusterAdvertise
+	v.ClusterStore = daemon.configStore.ClusterStore
+
+	if v.ClusterAdvertise != "" || v.ClusterStore != "" {
+		v.Warnings = append(v.Warnings, `WARNING: node discovery and overlay networks with an external k/v store (cluster-advertise,
+         cluster-store, cluster-store-opt) are deprecated and will be removed in a future release.`)
+	}
+}
+
 func (daemon *Daemon) fillDriverInfo(v *types.Info) {
-	var ds [][2]string
-	drivers := ""
-	statuses := daemon.imageService.LayerStoreStatus()
-	for os, gd := range daemon.graphDrivers {
-		ds = append(ds, statuses[os]...)
-		drivers += gd
-		if len(daemon.graphDrivers) > 1 {
-			drivers += fmt.Sprintf(" (%s) ", os)
-		}
-		switch gd {
-		case "devicemapper", "overlay":
-			v.Warnings = append(v.Warnings, fmt.Sprintf("WARNING: the %s storage-driver is deprecated, and will be removed in a future release.", gd))
-		}
+	switch daemon.graphDriver {
+	case "aufs", "devicemapper", "overlay":
+		v.Warnings = append(v.Warnings, fmt.Sprintf("WARNING: the %s storage-driver is deprecated, and will be removed in a future release.", daemon.graphDriver))
 	}
-	drivers = strings.TrimSpace(drivers)
 
-	v.Driver = drivers
-	v.DriverStatus = ds
+	v.Driver = daemon.graphDriver
+	v.DriverStatus = daemon.imageService.LayerStoreStatus()
 
 	fillDriverWarnings(v)
 }
@@ -162,18 +171,24 @@ func (daemon *Daemon) fillSecurityOptions(v *types.Info, sysInfo *sysinfo.SysInf
 		securityOptions = append(securityOptions, "name=apparmor")
 	}
 	if sysInfo.Seccomp && supportsSeccomp {
-		profile := daemon.seccompProfilePath
-		if profile == "" {
-			profile = "default"
+		if daemon.seccompProfilePath != config.SeccompProfileDefault {
+			v.Warnings = append(v.Warnings, "WARNING: daemon is not using the default seccomp profile")
 		}
-		securityOptions = append(securityOptions, fmt.Sprintf("name=seccomp,profile=%s", profile))
+		securityOptions = append(securityOptions, "name=seccomp,profile="+daemon.seccompProfilePath)
 	}
-	if selinuxEnabled() {
+	if selinux.GetEnabled() {
 		securityOptions = append(securityOptions, "name=selinux")
 	}
 	if rootIDs := daemon.idMapping.RootPair(); rootIDs.UID != 0 || rootIDs.GID != 0 {
 		securityOptions = append(securityOptions, "name=userns")
 	}
+	if daemon.Rootless() {
+		securityOptions = append(securityOptions, "name=rootless")
+	}
+	if daemon.cgroupNamespacesEnabled(sysInfo) {
+		securityOptions = append(securityOptions, "name=cgroupns")
+	}
+
 	v.SecurityOptions = securityOptions
 }
 
@@ -181,7 +196,7 @@ func (daemon *Daemon) fillAPIInfo(v *types.Info) {
 	const warn string = `
          Access to the remote API is equivalent to root access on the host. Refer
          to the 'Docker daemon attack surface' section in the documentation for
-         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface`
+         more information: https://docs.docker.com/go/attack-surface/`
 
 	cfg := daemon.configStore
 	for _, host := range cfg.Hosts {
@@ -192,17 +207,26 @@ func (daemon *Daemon) fillAPIInfo(v *types.Info) {
 		if proto != "tcp" {
 			continue
 		}
-		if !cfg.TLS {
+		if cfg.TLS == nil || !*cfg.TLS {
 			v.Warnings = append(v.Warnings, fmt.Sprintf("WARNING: API is accessible on http://%s without encryption.%s", addr, warn))
 			continue
 		}
-		if !cfg.TLSVerify {
+		if cfg.TLSVerify == nil || !*cfg.TLSVerify {
 			v.Warnings = append(v.Warnings, fmt.Sprintf("WARNING: API is accessible on https://%s without TLS client verification.%s", addr, warn))
 			continue
 		}
 	}
 }
 
+func (daemon *Daemon) fillDefaultAddressPools(v *types.Info) {
+	for _, pool := range daemon.configStore.DefaultAddressPools.Value() {
+		v.DefaultAddressPools = append(v.DefaultAddressPools, types.NetworkAddressPool{
+			Base: pool.Base,
+			Size: pool.Size,
+		})
+	}
+}
+
 func hostName() string {
 	hostname := ""
 	if hn, err := os.Hostname(); err != nil {
@@ -232,8 +256,9 @@ func memInfo() *system.MemInfo {
 	return memInfo
 }
 
-func operatingSystem() string {
-	var operatingSystem string
+func operatingSystem() (operatingSystem string) {
+	defer metrics.StartTimer(hostInfoFunctions.WithValues("operating_system"))()
+
 	if s, err := operatingsystem.GetOperatingSystem(); err != nil {
 		logrus.Warnf("Could not get operating system name: %v", err)
 	} else {
@@ -248,15 +273,33 @@ func operatingSystem() string {
 			operatingSystem += " (containerized)"
 		}
 	}
+
 	return operatingSystem
 }
 
-func maskCredentials(rawURL string) string {
-	parsedURL, err := url.Parse(rawURL)
-	if err != nil || parsedURL.User == nil {
-		return rawURL
+func osVersion() (version string) {
+	defer metrics.StartTimer(hostInfoFunctions.WithValues("os_version"))()
+
+	version, err := operatingsystem.GetOperatingSystemVersion()
+	if err != nil {
+		logrus.Warnf("Could not get operating system version: %v", err)
+	}
+
+	return version
+}
+
+func getEnvAny(names ...string) string {
+	for _, n := range names {
+		if val := os.Getenv(n); val != "" {
+			return val
+		}
+	}
+	return ""
+}
+
+func getConfigOrEnv(config string, env ...string) string {
+	if config != "" {
+		return config
 	}
-	parsedURL.User = url.UserPassword("xxxxx", "xxxxx")
-	maskedURL := parsedURL.String()
-	return maskedURL
+	return getEnvAny(env...)
 }
diff --git a/daemon/info_test.go b/daemon/info_test.go
deleted file mode 100644
index 076373cba234e..0000000000000
--- a/daemon/info_test.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package daemon
-
-import (
-	"testing"
-
-	"gotest.tools/assert"
-)
-
-func TestMaskURLCredentials(t *testing.T) {
-	tests := []struct {
-		rawURL    string
-		maskedURL string
-	}{
-		{
-			rawURL:    "",
-			maskedURL: "",
-		}, {
-			rawURL:    "invalidURL",
-			maskedURL: "invalidURL",
-		}, {
-			rawURL:    "http://proxy.example.com:80/",
-			maskedURL: "http://proxy.example.com:80/",
-		}, {
-			rawURL:    "http://USER:PASSWORD@proxy.example.com:80/",
-			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
-		}, {
-			rawURL:    "http://PASSWORD:PASSWORD@proxy.example.com:80/",
-			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
-		}, {
-			rawURL:    "http://USER:@proxy.example.com:80/",
-			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
-		}, {
-			rawURL:    "http://:PASSWORD@proxy.example.com:80/",
-			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
-		}, {
-			rawURL:    "http://USER@docker:password@proxy.example.com:80/",
-			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
-		}, {
-			rawURL:    "http://USER%40docker:password@proxy.example.com:80/",
-			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
-		}, {
-			rawURL:    "http://USER%40docker:pa%3Fsword@proxy.example.com:80/",
-			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
-		}, {
-			rawURL:    "http://USER%40docker:pa%3Fsword@proxy.example.com:80/hello%20world",
-			maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/hello%20world",
-		},
-	}
-	for _, test := range tests {
-		maskedURL := maskCredentials(test.rawURL)
-		assert.Equal(t, maskedURL, test.maskedURL)
-	}
-}
diff --git a/daemon/info_unix.go b/daemon/info_unix.go
index 60b2f99870b21..be554844d0999 100644
--- a/daemon/info_unix.go
+++ b/daemon/info_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -6,10 +7,11 @@ import (
 	"context"
 	"fmt"
 	"os/exec"
+	"path/filepath"
 	"strings"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/dockerversion"
+	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -17,88 +19,138 @@ import (
 
 // fillPlatformInfo fills the platform related info.
 func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo) {
-	v.MemoryLimit = sysInfo.MemoryLimit
-	v.SwapLimit = sysInfo.SwapLimit
-	v.KernelMemory = sysInfo.KernelMemory
-	v.OomKillDisable = sysInfo.OomKillDisable
-	v.CPUCfsPeriod = sysInfo.CPUCfsPeriod
-	v.CPUCfsQuota = sysInfo.CPUCfsQuota
-	v.CPUShares = sysInfo.CPUShares
-	v.CPUSet = sysInfo.Cpuset
+	v.CgroupDriver = daemon.getCgroupDriver()
+	v.CgroupVersion = "1"
+	if sysInfo.CgroupUnified {
+		v.CgroupVersion = "2"
+	}
+
+	if v.CgroupDriver != cgroupNoneDriver {
+		v.MemoryLimit = sysInfo.MemoryLimit
+		v.SwapLimit = sysInfo.SwapLimit
+		v.KernelMemory = sysInfo.KernelMemory
+		v.KernelMemoryTCP = sysInfo.KernelMemoryTCP
+		v.OomKillDisable = sysInfo.OomKillDisable
+		v.CPUCfsPeriod = sysInfo.CPUCfs
+		v.CPUCfsQuota = sysInfo.CPUCfs
+		v.CPUShares = sysInfo.CPUShares
+		v.CPUSet = sysInfo.Cpuset
+		v.PidsLimit = sysInfo.PidsLimit
+	}
 	v.Runtimes = daemon.configStore.GetAllRuntimes()
 	v.DefaultRuntime = daemon.configStore.GetDefaultRuntimeName()
 	v.InitBinary = daemon.configStore.GetInitPath()
+	v.RuncCommit.ID = "N/A"
+	v.ContainerdCommit.ID = "N/A"
+	v.InitCommit.ID = "N/A"
 
 	defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
 	if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
-		parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
-		if len(parts) == 3 {
-			parts = strings.Split(parts[1], ": ")
-			if len(parts) == 2 {
-				v.RuncCommit.ID = strings.TrimSpace(parts[1])
-			}
-		}
-
-		if v.RuncCommit.ID == "" {
-			logrus.Warnf("failed to retrieve %s version: unknown output format: %s", defaultRuntimeBinary, string(rv))
-			v.RuncCommit.ID = "N/A"
+		if _, _, commit, err := parseRuntimeVersion(string(rv)); err != nil {
+			logrus.Warnf("failed to parse %s version: %v", defaultRuntimeBinary, err)
+		} else {
+			v.RuncCommit.ID = commit
 		}
 	} else {
 		logrus.Warnf("failed to retrieve %s version: %v", defaultRuntimeBinary, err)
-		v.RuncCommit.ID = "N/A"
 	}
 
-	// runc is now shipped as a separate package. Set "expected" to same value
-	// as "ID" to prevent clients from reporting a version-mismatch
-	v.RuncCommit.Expected = v.RuncCommit.ID
-
 	if rv, err := daemon.containerd.Version(context.Background()); err == nil {
 		v.ContainerdCommit.ID = rv.Revision
 	} else {
 		logrus.Warnf("failed to retrieve containerd version: %v", err)
-		v.ContainerdCommit.ID = "N/A"
 	}
 
-	// containerd is now shipped as a separate package. Set "expected" to same
-	// value as "ID" to prevent clients from reporting a version-mismatch
-	v.ContainerdCommit.Expected = v.ContainerdCommit.ID
-
 	defaultInitBinary := daemon.configStore.GetInitPath()
 	if rv, err := exec.Command(defaultInitBinary, "--version").Output(); err == nil {
-		ver, err := parseInitVersion(string(rv))
-
-		if err != nil {
-			logrus.Warnf("failed to retrieve %s version: %s", defaultInitBinary, err)
+		if _, commit, err := parseInitVersion(string(rv)); err != nil {
+			logrus.Warnf("failed to parse %s version: %s", defaultInitBinary, err)
+		} else {
+			v.InitCommit.ID = commit
 		}
-		v.InitCommit = ver
 	} else {
 		logrus.Warnf("failed to retrieve %s version: %s", defaultInitBinary, err)
-		v.InitCommit.ID = "N/A"
 	}
 
-	if !v.MemoryLimit {
-		v.Warnings = append(v.Warnings, "WARNING: No memory limit support")
-	}
-	if !v.SwapLimit {
-		v.Warnings = append(v.Warnings, "WARNING: No swap limit support")
-	}
-	if !v.KernelMemory {
-		v.Warnings = append(v.Warnings, "WARNING: No kernel memory limit support")
-	}
-	if !v.OomKillDisable {
-		v.Warnings = append(v.Warnings, "WARNING: No oom kill disable support")
-	}
-	if !v.CPUCfsQuota {
-		v.Warnings = append(v.Warnings, "WARNING: No cpu cfs quota support")
-	}
-	if !v.CPUCfsPeriod {
-		v.Warnings = append(v.Warnings, "WARNING: No cpu cfs period support")
-	}
-	if !v.CPUShares {
-		v.Warnings = append(v.Warnings, "WARNING: No cpu shares support")
-	}
-	if !v.CPUSet {
-		v.Warnings = append(v.Warnings, "WARNING: No cpuset support")
+	// Set expected and actual commits to the same value to prevent the client
+	// showing that the version does not match the "expected" version/commit.
+	v.RuncCommit.Expected = v.RuncCommit.ID
+	v.ContainerdCommit.Expected = v.ContainerdCommit.ID
+	v.InitCommit.Expected = v.InitCommit.ID
+
+	if v.CgroupDriver == cgroupNoneDriver {
+		if v.CgroupVersion == "2" {
+			v.Warnings = append(v.Warnings, "WARNING: Running in rootless-mode without cgroups. Systemd is required to enable cgroups in rootless-mode.")
+		} else {
+			v.Warnings = append(v.Warnings, "WARNING: Running in rootless-mode without cgroups. To enable cgroups in rootless-mode, you need to boot the system in cgroup v2 mode.")
+		}
+	} else {
+		if !v.MemoryLimit {
+			v.Warnings = append(v.Warnings, "WARNING: No memory limit support")
+		}
+		if !v.SwapLimit {
+			v.Warnings = append(v.Warnings, "WARNING: No swap limit support")
+		}
+		if !v.KernelMemoryTCP && v.CgroupVersion == "1" {
+			// kernel memory is not available for cgroup v2.
+			// Warning is not printed on cgroup v2, because there is no action user can take.
+			v.Warnings = append(v.Warnings, "WARNING: No kernel memory TCP limit support")
+		}
+		if !v.OomKillDisable && v.CgroupVersion == "1" {
+			// oom kill disable is not available for cgroup v2.
+			// Warning is not printed on cgroup v2, because there is no action user can take.
+			v.Warnings = append(v.Warnings, "WARNING: No oom kill disable support")
+		}
+		if !v.CPUCfsQuota {
+			v.Warnings = append(v.Warnings, "WARNING: No cpu cfs quota support")
+		}
+		if !v.CPUCfsPeriod {
+			v.Warnings = append(v.Warnings, "WARNING: No cpu cfs period support")
+		}
+		if !v.CPUShares {
+			v.Warnings = append(v.Warnings, "WARNING: No cpu shares support")
+		}
+		if !v.CPUSet {
+			v.Warnings = append(v.Warnings, "WARNING: No cpuset support")
+		}
+		// TODO add fields for these options in types.Info
+		if !sysInfo.BlkioWeight && v.CgroupVersion == "2" {
+			// blkio weight is not available on cgroup v1 since kernel 5.0.
+			// Warning is not printed on cgroup v1, because there is no action user can take.
+			// On cgroup v2, blkio weight is implemented using io.weight
+			v.Warnings = append(v.Warnings, "WARNING: No io.weight support")
+		}
+		if !sysInfo.BlkioWeightDevice && v.CgroupVersion == "2" {
+			v.Warnings = append(v.Warnings, "WARNING: No io.weight (per device) support")
+		}
+		if !sysInfo.BlkioReadBpsDevice {
+			if v.CgroupVersion == "2" {
+				v.Warnings = append(v.Warnings, "WARNING: No io.max (rbps) support")
+			} else {
+				v.Warnings = append(v.Warnings, "WARNING: No blkio throttle.read_bps_device support")
+			}
+		}
+		if !sysInfo.BlkioWriteBpsDevice {
+			if v.CgroupVersion == "2" {
+				v.Warnings = append(v.Warnings, "WARNING: No io.max (wbps) support")
+			} else {
+				v.Warnings = append(v.Warnings, "WARNING: No blkio throttle.write_bps_device support")
+			}
+		}
+		if !sysInfo.BlkioReadIOpsDevice {
+			if v.CgroupVersion == "2" {
+				v.Warnings = append(v.Warnings, "WARNING: No io.max (riops) support")
+			} else {
+				v.Warnings = append(v.Warnings, "WARNING: No blkio throttle.read_iops_device support")
+			}
+		}
+		if !sysInfo.BlkioWriteIOpsDevice {
+			if v.CgroupVersion == "2" {
+				v.Warnings = append(v.Warnings, "WARNING: No io.max (wiops) support")
+			} else {
+				v.Warnings = append(v.Warnings, "WARNING: No blkio throttle.write_iops_device support")
+			}
+		}
 	}
 	if !v.IPv4Forwarding {
 		v.Warnings = append(v.Warnings, "WARNING: IPv4 forwarding is disabled")
@@ -111,6 +163,53 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
 	}
 }
 
+func (daemon *Daemon) fillPlatformVersion(v *types.Version) {
+	if rv, err := daemon.containerd.Version(context.Background()); err == nil {
+		v.Components = append(v.Components, types.ComponentVersion{
+			Name:    "containerd",
+			Version: rv.Version,
+			Details: map[string]string{
+				"GitCommit": rv.Revision,
+			},
+		})
+	}
+
+	defaultRuntime := daemon.configStore.GetDefaultRuntimeName()
+	defaultRuntimeBinary := daemon.configStore.GetRuntime(defaultRuntime).Path
+	if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
+		if _, ver, commit, err := parseRuntimeVersion(string(rv)); err != nil {
+			logrus.Warnf("failed to parse %s version: %v", defaultRuntimeBinary, err)
+		} else {
+			v.Components = append(v.Components, types.ComponentVersion{
+				Name:    defaultRuntime,
+				Version: ver,
+				Details: map[string]string{
+					"GitCommit": commit,
+				},
+			})
+		}
+	} else {
+		logrus.Warnf("failed to retrieve %s version: %v", defaultRuntimeBinary, err)
+	}
+
+	defaultInitBinary := daemon.configStore.GetInitPath()
+	if rv, err := exec.Command(defaultInitBinary, "--version").Output(); err == nil {
+		if ver, commit, err := parseInitVersion(string(rv)); err != nil {
+			logrus.Warnf("failed to parse %s version: %s", defaultInitBinary, err)
+		} else {
+			v.Components = append(v.Components, types.ComponentVersion{
+				Name:    filepath.Base(defaultInitBinary),
+				Version: ver,
+				Details: map[string]string{
+					"GitCommit": commit,
+				},
+			})
+		}
+	} else {
+		logrus.Warnf("failed to retrieve %s version: %s", defaultInitBinary, err)
+	}
+}
+
 func fillDriverWarnings(v *types.Info) {
 	for _, pair := range v.DriverStatus {
 		if pair[0] == "Data loop file" {
@@ -145,24 +244,64 @@ func getBackingFs(v *types.Info) string {
 	return ""
 }
 
-// parseInitVersion parses a Tini version string, and extracts the version.
-func parseInitVersion(v string) (types.Commit, error) {
-	version := types.Commit{ID: "", Expected: dockerversion.InitCommitID}
-	parts := strings.Split(strings.TrimSpace(v), " - ")
+// parseInitVersion parses a Tini version string, and extracts the "version"
+// and "git commit" from the output.
+//
+// Output example from `docker-init --version`:
+//
+//     tini version 0.18.0 - git.fec3683
+func parseInitVersion(v string) (version string, commit string, err error) {
+	parts := strings.Split(v, " - ")
 
 	if len(parts) >= 2 {
-		gitParts := strings.Split(parts[1], ".")
+		gitParts := strings.Split(strings.TrimSpace(parts[1]), ".")
 		if len(gitParts) == 2 && gitParts[0] == "git" {
-			version.ID = gitParts[1]
-			version.Expected = dockerversion.InitCommitID[0:len(version.ID)]
+			commit = gitParts[1]
 		}
 	}
-	if version.ID == "" && strings.HasPrefix(parts[0], "tini version ") {
-		version.ID = "v" + strings.TrimPrefix(parts[0], "tini version ")
+	parts[0] = strings.TrimSpace(parts[0])
+	if strings.HasPrefix(parts[0], "tini version ") {
+		version = strings.TrimPrefix(parts[0], "tini version ")
 	}
-	if version.ID == "" {
-		version.ID = "N/A"
-		return version, errors.Errorf("unknown output format: %s", v)
+	if version == "" && commit == "" {
+		err = errors.Errorf("unknown output format: %s", v)
 	}
-	return version, nil
+	return version, commit, err
+}
+
+// parseRuntimeVersion parses the output of `[runtime] --version` and extracts the
+// "name", "version" and "git commit" from the output.
+//
+// Output example from `runc --version`:
+//
+//   runc version 1.0.0-rc5+dev
+//   commit: 69663f0bd4b60df09991c08812a60108003fa340
+//   spec: 1.0.0
+func parseRuntimeVersion(v string) (runtime string, version string, commit string, err error) {
+	lines := strings.Split(strings.TrimSpace(v), "\n")
+	for _, line := range lines {
+		if strings.Contains(line, "version") {
+			s := strings.Split(line, "version")
+			runtime = strings.TrimSpace(s[0])
+			version = strings.TrimSpace(s[len(s)-1])
+			continue
+		}
+		if strings.HasPrefix(line, "commit:") {
+			commit = strings.TrimSpace(strings.TrimPrefix(line, "commit:"))
+			continue
+		}
+	}
+	if version == "" && commit == "" {
+		err = errors.Errorf("unknown output format: %s", v)
+	}
+	return runtime, version, commit, err
+}
+
+func (daemon *Daemon) cgroupNamespacesEnabled(sysInfo *sysinfo.SysInfo) bool {
+	return sysInfo.CgroupNamespaces && containertypes.CgroupnsMode(daemon.configStore.CgroupNamespaceMode).IsPrivate()
+}
+
+// Rootless returns true if daemon is running in rootless mode
+func (daemon *Daemon) Rootless() bool {
+	return daemon.configStore.Rootless
 }
diff --git a/daemon/info_unix_test.go b/daemon/info_unix_test.go
index a5a4e06f98451..4dfe6e4efafc6 100644
--- a/daemon/info_unix_test.go
+++ b/daemon/info_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -5,49 +6,127 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"testing"
 
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/dockerversion"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestParseInitVersion(t *testing.T) {
 	tests := []struct {
+		output  string
 		version string
-		result  types.Commit
+		commit  string
 		invalid bool
 	}{
 		{
-			version: "tini version 0.13.0 - git.949e6fa",
-			result:  types.Commit{ID: "949e6fa", Expected: dockerversion.InitCommitID[0:7]},
+			output:  "tini version 0.13.0 - git.949e6fa",
+			version: "0.13.0",
+			commit:  "949e6fa",
 		}, {
-			version: "tini version 0.13.0\n",
-			result:  types.Commit{ID: "v0.13.0", Expected: dockerversion.InitCommitID},
+			output:  "tini version 0.13.0\n",
+			version: "0.13.0",
 		}, {
-			version: "tini version 0.13.2",
-			result:  types.Commit{ID: "v0.13.2", Expected: dockerversion.InitCommitID},
+			output:  "tini version 0.13.2",
+			version: "0.13.2",
 		}, {
-			version: "tini version0.13.2",
-			result:  types.Commit{ID: "N/A", Expected: dockerversion.InitCommitID},
+			output:  "tini version 0.13.2 - ",
+			version: "0.13.2",
+		}, {
+			output: " - git.949e6fa",
+			commit: "949e6fa",
+		}, {
+			output:  "tini version0.13.2",
+			invalid: true,
+		}, {
+			output:  "version 0.13.0",
 			invalid: true,
 		}, {
-			version: "",
-			result:  types.Commit{ID: "N/A", Expected: dockerversion.InitCommitID},
+			output:  "",
 			invalid: true,
 		}, {
-			version: "hello world",
-			result:  types.Commit{ID: "N/A", Expected: dockerversion.InitCommitID},
+			output:  " - ",
+			invalid: true,
+		}, {
+			output:  "hello world",
+			invalid: true,
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		t.Run(test.output, func(t *testing.T) {
+			version, commit, err := parseInitVersion(test.output)
+			if test.invalid {
+				assert.Check(t, is.ErrorContains(err, ""))
+			} else {
+				assert.Check(t, err)
+			}
+			assert.Equal(t, test.version, version)
+			assert.Equal(t, test.commit, commit)
+		})
+	}
+}
+
+func TestParseRuntimeVersion(t *testing.T) {
+	tests := []struct {
+		output  string
+		runtime string
+		version string
+		commit  string
+		invalid bool
+	}{
+		{
+			output: `
+runc version 1.0.0-rc5+dev
+commit: 69663f0bd4b60df09991c08812a60108003fa340
+spec: 1.0.0
+`,
+			runtime: "runc",
+			version: "1.0.0-rc5+dev",
+			commit:  "69663f0bd4b60df09991c08812a60108003fa340",
+		},
+		{
+			output: `
+runc version 1.0.0-rc5+dev
+spec: 1.0.0
+`,
+			runtime: "runc",
+			version: "1.0.0-rc5+dev",
+		},
+		{
+			output: `
+commit: 69663f0bd4b60df09991c08812a60108003fa340
+spec: 1.0.0
+`,
+			commit: "69663f0bd4b60df09991c08812a60108003fa340",
+		},
+		{
+			output: `
+crun version 0.7
+spec: 1.0.0
++SYSTEMD +SELINUX +CAP +SECCOMP +EBPF +YAJL
+`,
+			runtime: "crun",
+			version: "0.7",
+		},
+		{
+			output:  "",
+			invalid: true,
+		},
+		{
+			output:  "hello world",
 			invalid: true,
 		},
 	}
 
 	for _, test := range tests {
-		ver, err := parseInitVersion(string(test.version))
+		runtime, version, commit, err := parseRuntimeVersion(test.output)
 		if test.invalid {
 			assert.Check(t, is.ErrorContains(err, ""))
 		} else {
 			assert.Check(t, err)
 		}
-		assert.Check(t, is.DeepEqual(test.result, ver))
+		assert.Equal(t, test.runtime, runtime)
+		assert.Equal(t, test.version, version)
+		assert.Equal(t, test.commit, commit)
 	}
 }
diff --git a/daemon/info_windows.go b/daemon/info_windows.go
index 2c1ff460c37f3..49fb32ce213a4 100644
--- a/daemon/info_windows.go
+++ b/daemon/info_windows.go
@@ -9,5 +9,16 @@ import (
 func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo) {
 }
 
+func (daemon *Daemon) fillPlatformVersion(v *types.Version) {}
+
 func fillDriverWarnings(v *types.Info) {
 }
+
+func (daemon *Daemon) cgroupNamespacesEnabled(sysInfo *sysinfo.SysInfo) bool {
+	return false
+}
+
+// Rootless returns true if daemon is running in rootless mode
+func (daemon *Daemon) Rootless() bool {
+	return false
+}
diff --git a/daemon/initlayer/setup_unix.go b/daemon/initlayer/setup_unix.go
index 4af7eafc679a8..1a971897b4a3b 100644
--- a/daemon/initlayer/setup_unix.go
+++ b/daemon/initlayer/setup_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package initlayer // import "github.com/docker/docker/daemon/initlayer"
diff --git a/daemon/inspect.go b/daemon/inspect.go
index 45a21542549d8..17331be232ca1 100644
--- a/daemon/inspect.go
+++ b/daemon/inspect.go
@@ -32,50 +32,50 @@ func (daemon *Daemon) ContainerInspect(name string, size bool, version string) (
 // ContainerInspectCurrent returns low-level information about a
 // container in a most recent api version.
 func (daemon *Daemon) ContainerInspectCurrent(name string, size bool) (*types.ContainerJSON, error) {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return nil, err
 	}
 
-	container.Lock()
+	ctr.Lock()
 
-	base, err := daemon.getInspectData(container)
+	base, err := daemon.getInspectData(ctr)
 	if err != nil {
-		container.Unlock()
+		ctr.Unlock()
 		return nil, err
 	}
 
 	apiNetworks := make(map[string]*networktypes.EndpointSettings)
-	for name, epConf := range container.NetworkSettings.Networks {
+	for name, epConf := range ctr.NetworkSettings.Networks {
 		if epConf.EndpointSettings != nil {
 			// We must make a copy of this pointer object otherwise it can race with other operations
 			apiNetworks[name] = epConf.EndpointSettings.Copy()
 		}
 	}
 
-	mountPoints := container.GetMountPoints()
+	mountPoints := ctr.GetMountPoints()
 	networkSettings := &types.NetworkSettings{
 		NetworkSettingsBase: types.NetworkSettingsBase{
-			Bridge:                 container.NetworkSettings.Bridge,
-			SandboxID:              container.NetworkSettings.SandboxID,
-			HairpinMode:            container.NetworkSettings.HairpinMode,
-			LinkLocalIPv6Address:   container.NetworkSettings.LinkLocalIPv6Address,
-			LinkLocalIPv6PrefixLen: container.NetworkSettings.LinkLocalIPv6PrefixLen,
-			SandboxKey:             container.NetworkSettings.SandboxKey,
-			SecondaryIPAddresses:   container.NetworkSettings.SecondaryIPAddresses,
-			SecondaryIPv6Addresses: container.NetworkSettings.SecondaryIPv6Addresses,
+			Bridge:                 ctr.NetworkSettings.Bridge,
+			SandboxID:              ctr.NetworkSettings.SandboxID,
+			HairpinMode:            ctr.NetworkSettings.HairpinMode,
+			LinkLocalIPv6Address:   ctr.NetworkSettings.LinkLocalIPv6Address,
+			LinkLocalIPv6PrefixLen: ctr.NetworkSettings.LinkLocalIPv6PrefixLen,
+			SandboxKey:             ctr.NetworkSettings.SandboxKey,
+			SecondaryIPAddresses:   ctr.NetworkSettings.SecondaryIPAddresses,
+			SecondaryIPv6Addresses: ctr.NetworkSettings.SecondaryIPv6Addresses,
 		},
-		DefaultNetworkSettings: daemon.getDefaultNetworkSettings(container.NetworkSettings.Networks),
+		DefaultNetworkSettings: daemon.getDefaultNetworkSettings(ctr.NetworkSettings.Networks),
 		Networks:               apiNetworks,
 	}
 
-	ports := make(nat.PortMap, len(container.NetworkSettings.Ports))
-	for k, pm := range container.NetworkSettings.Ports {
+	ports := make(nat.PortMap, len(ctr.NetworkSettings.Ports))
+	for k, pm := range ctr.NetworkSettings.Ports {
 		ports[k] = pm
 	}
 	networkSettings.NetworkSettingsBase.Ports = ports
 
-	container.Unlock()
+	ctr.Unlock()
 
 	if size {
 		sizeRw, sizeRootFs := daemon.imageService.GetContainerLayerSize(base.ID)
@@ -86,7 +86,7 @@ func (daemon *Daemon) ContainerInspectCurrent(name string, size bool) (*types.Co
 	return &types.ContainerJSON{
 		ContainerJSONBase: base,
 		Mounts:            mountPoints,
-		Config:            container.Config,
+		Config:            ctr.Config,
 		NetworkSettings:   networkSettings,
 	}, nil
 }
@@ -214,7 +214,7 @@ func (daemon *Daemon) ContainerExecInspect(id string) (*backend.ExecInspect, err
 		return nil, errExecNotFound(id)
 	}
 
-	if container := daemon.containers.Get(e.ContainerID); container == nil {
+	if ctr := daemon.containers.Get(e.ContainerID); ctr == nil {
 		return nil, errExecNotFound(id)
 	}
 
diff --git a/daemon/inspect_linux.go b/daemon/inspect_linux.go
index 77a4c44d794a6..049a7f743f21e 100644
--- a/daemon/inspect_linux.go
+++ b/daemon/inspect_linux.go
@@ -20,38 +20,38 @@ func setPlatformSpecificContainerFields(container *container.Container, contJSON
 
 // containerInspectPre120 gets containers for pre 1.20 APIs.
 func (daemon *Daemon) containerInspectPre120(name string) (*v1p19.ContainerJSON, error) {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return nil, err
 	}
 
-	container.Lock()
-	defer container.Unlock()
+	ctr.Lock()
+	defer ctr.Unlock()
 
-	base, err := daemon.getInspectData(container)
+	base, err := daemon.getInspectData(ctr)
 	if err != nil {
 		return nil, err
 	}
 
 	volumes := make(map[string]string)
 	volumesRW := make(map[string]bool)
-	for _, m := range container.MountPoints {
+	for _, m := range ctr.MountPoints {
 		volumes[m.Destination] = m.Path()
 		volumesRW[m.Destination] = m.RW
 	}
 
 	config := &v1p19.ContainerConfig{
-		Config:          container.Config,
-		MacAddress:      container.Config.MacAddress,
-		NetworkDisabled: container.Config.NetworkDisabled,
-		ExposedPorts:    container.Config.ExposedPorts,
-		VolumeDriver:    container.HostConfig.VolumeDriver,
-		Memory:          container.HostConfig.Memory,
-		MemorySwap:      container.HostConfig.MemorySwap,
-		CPUShares:       container.HostConfig.CPUShares,
-		CPUSet:          container.HostConfig.CpusetCpus,
+		Config:          ctr.Config,
+		MacAddress:      ctr.Config.MacAddress,
+		NetworkDisabled: ctr.Config.NetworkDisabled,
+		ExposedPorts:    ctr.Config.ExposedPorts,
+		VolumeDriver:    ctr.HostConfig.VolumeDriver,
+		Memory:          ctr.HostConfig.Memory,
+		MemorySwap:      ctr.HostConfig.MemorySwap,
+		CPUShares:       ctr.HostConfig.CPUShares,
+		CPUSet:          ctr.HostConfig.CpusetCpus,
 	}
-	networkSettings := daemon.getBackwardsCompatibleNetworkSettings(container.NetworkSettings)
+	networkSettings := daemon.getBackwardsCompatibleNetworkSettings(ctr.NetworkSettings)
 
 	return &v1p19.ContainerJSON{
 		ContainerJSONBase: base,
diff --git a/daemon/inspect_test.go b/daemon/inspect_test.go
index f402a7af99b6e..07c026b723290 100644
--- a/daemon/inspect_test.go
+++ b/daemon/inspect_test.go
@@ -7,8 +7,8 @@ import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/daemon/exec"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestGetInspectData(t *testing.T) {
diff --git a/daemon/keys.go b/daemon/keys.go
index 946eaaab1c08f..3a494fef226d8 100644
--- a/daemon/keys.go
+++ b/daemon/keys.go
@@ -1,10 +1,10 @@
+//go:build linux
 // +build linux
 
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"strconv"
 	"strings"
@@ -18,10 +18,10 @@ const (
 	rootKeyByteMultiplier = 25
 )
 
-// ModifyRootKeyLimit checks to see if the root key limit is set to
+// modifyRootKeyLimit checks to see if the root key limit is set to
 // at least 1000000 and changes it to that limit along with the maxbytes
 // allocated to the keys at a 25 to 1 multiplier.
-func ModifyRootKeyLimit() error {
+func modifyRootKeyLimit() error {
 	value, err := readRootKeyLimit(rootKeyFile)
 	if err != nil {
 		return err
@@ -51,7 +51,7 @@ func setRootKeyLimit(limit int) error {
 }
 
 func readRootKeyLimit(path string) (int, error) {
-	data, err := ioutil.ReadFile(path)
+	data, err := os.ReadFile(path)
 	if err != nil {
 		return -1, err
 	}
diff --git a/daemon/keys_unsupported.go b/daemon/keys_unsupported.go
index 2ccdb576d713a..917f94192cd14 100644
--- a/daemon/keys_unsupported.go
+++ b/daemon/keys_unsupported.go
@@ -1,8 +1,9 @@
+//go:build !linux
 // +build !linux
 
 package daemon // import "github.com/docker/docker/daemon"
 
-// ModifyRootKeyLimit is a noop on unsupported platforms.
-func ModifyRootKeyLimit() error {
+// modifyRootKeyLimit is a noop on unsupported platforms.
+func modifyRootKeyLimit() error {
 	return nil
 }
diff --git a/daemon/kill.go b/daemon/kill.go
index 3e6457e9522dd..98c44abb226ca 100644
--- a/daemon/kill.go
+++ b/daemon/kill.go
@@ -9,8 +9,8 @@ import (
 
 	containerpkg "github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/libcontainerd"
-	"github.com/docker/docker/pkg/signal"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	"github.com/moby/sys/signal"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -64,8 +64,6 @@ func (daemon *Daemon) killWithSignal(container *containerpkg.Container, sig int)
 	container.Lock()
 	defer container.Unlock()
 
-	daemon.stopHealthchecks(container)
-
 	if !container.Running {
 		return errNotRunning(container.ID)
 	}
@@ -87,6 +85,7 @@ func (daemon *Daemon) killWithSignal(container *containerpkg.Container, sig int)
 
 	if !daemon.IsShuttingDown() {
 		container.HasBeenManuallyStopped = true
+		container.CheckpointTo(daemon.containersReplica)
 	}
 
 	// if the container is currently restarting we do not need to send the signal
@@ -100,6 +99,19 @@ func (daemon *Daemon) killWithSignal(container *containerpkg.Container, sig int)
 		if errdefs.IsNotFound(err) {
 			unpause = false
 			logrus.WithError(err).WithField("container", container.ID).WithField("action", "kill").Debug("container kill failed because of 'container not found' or 'no such process'")
+			go func() {
+				// We need to clean up this container but it is possible there is a case where we hit here before the exit event is processed
+				// but after it was fired off.
+				// So let's wait the container's stop timeout amount of time to see if the event is eventually processed.
+				// Doing this has the side effect that if no event was ever going to come we are waiting a a longer period of time uneccessarily.
+				// But this prevents race conditions in processing the container.
+				ctx, cancel := context.WithTimeout(context.TODO(), time.Duration(container.StopTimeout())*time.Second)
+				defer cancel()
+				s := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning)
+				if s.Err() != nil {
+					daemon.handleContainerExit(container, nil)
+				}
+			}()
 		} else {
 			return errors.Wrapf(err, "Cannot kill container %s", container.ID)
 		}
@@ -127,29 +139,22 @@ func (daemon *Daemon) Kill(container *containerpkg.Container) error {
 
 	// 1. Send SIGKILL
 	if err := daemon.killPossiblyDeadProcess(container, int(syscall.SIGKILL)); err != nil {
-		// While normally we might "return err" here we're not going to
-		// because if we can't stop the container by this point then
-		// it's probably because it's already stopped. Meaning, between
-		// the time of the IsRunning() call above and now it stopped.
-		// Also, since the err return will be environment specific we can't
-		// look for any particular (common) error that would indicate
-		// that the process is already dead vs something else going wrong.
-		// So, instead we'll give it up to 2 more seconds to complete and if
-		// by that time the container is still running, then the error
-		// we got is probably valid and so we return it to the caller.
+		// kill failed, check if process is no longer running.
 		if isErrNoSuchProcess(err) {
 			return nil
 		}
+	}
 
-		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
-		defer cancel()
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
 
-		if status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning); status.Err() != nil {
-			return err
-		}
+	status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning)
+	if status.Err() == nil {
+		return nil
 	}
 
-	// 2. Wait for the process to die, in last resort, try to kill the process directly
+	logrus.WithError(status.Err()).WithField("container", container.ID).Error("Container failed to exit within 10 seconds of kill - trying direct SIGKILL")
+
 	if err := killProcessDirectly(container); err != nil {
 		if isErrNoSuchProcess(err) {
 			return nil
@@ -157,10 +162,13 @@ func (daemon *Daemon) Kill(container *containerpkg.Container) error {
 		return err
 	}
 
-	// Wait for exit with no timeout.
-	// Ignore returned status.
-	<-container.Wait(context.Background(), containerpkg.WaitConditionNotRunning)
+	// wait for container to exit one last time, if it doesn't then kill didnt work, so return error
+	ctx2, cancel2 := context.WithTimeout(context.Background(), 2*time.Second)
+	defer cancel2()
 
+	if status := <-container.Wait(ctx2, containerpkg.WaitConditionNotRunning); status.Err() != nil {
+		return errors.New("tried to kill container, but did not receive an exit event")
+	}
 	return nil
 }
 
@@ -176,5 +184,5 @@ func (daemon *Daemon) killPossiblyDeadProcess(container *containerpkg.Container,
 }
 
 func (daemon *Daemon) kill(c *containerpkg.Container, sig int) error {
-	return daemon.containerd.SignalProcess(context.Background(), c.ID, libcontainerd.InitProcessName, sig)
+	return daemon.containerd.SignalProcess(context.Background(), c.ID, libcontainerdtypes.InitProcessName, sig)
 }
diff --git a/daemon/licensing_test.go b/daemon/licensing_test.go
index 5a97ce8fa2914..902b3c166ebad 100644
--- a/daemon/licensing_test.go
+++ b/daemon/licensing_test.go
@@ -5,10 +5,10 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/dockerversion"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
-func TestfillLicense(t *testing.T) {
+func TestFillLicense(t *testing.T) {
 	v := &types.Info{}
 	d := &Daemon{
 		root: "/var/lib/docker/",
diff --git a/daemon/links/links.go b/daemon/links/links.go
index be153f6bb012a..911a5aca12f4d 100644
--- a/daemon/links/links.go
+++ b/daemon/links/links.go
@@ -56,7 +56,7 @@ func (l *Link) ToEnv() []string {
 		env = append(env, fmt.Sprintf("%s_PORT=%s://%s:%s", alias, p.Proto(), l.ChildIP, p.Port()))
 	}
 
-	//sort the ports so that we can bulk the continuous ports together
+	// sort the ports so that we can bulk the continuous ports together
 	nat.Sort(l.Ports, func(ip, jp nat.Port) bool {
 		// If the two ports have the same number, tcp takes priority
 		// Sort in desc order
diff --git a/daemon/list.go b/daemon/list.go
index 69fb69a90c65f..e3c4153582e52 100644
--- a/daemon/list.go
+++ b/daemon/list.go
@@ -317,7 +317,7 @@ func (daemon *Daemon) foldFilter(view container.View, config *types.ContainerLis
 	if psFilters.Contains("ancestor") {
 		ancestorFilter = true
 		psFilters.WalkValues("ancestor", func(ancestor string) error {
-			img, err := daemon.imageService.GetImage(ancestor)
+			img, err := daemon.imageService.GetImage(ancestor, nil)
 			if err != nil {
 				logrus.Warnf("Error while looking up for image %v", ancestor)
 				return nil
@@ -388,7 +388,7 @@ func portOp(key string, filter map[nat.Port]bool) func(value string) error {
 		if strings.Contains(value, ":") {
 			return fmt.Errorf("filter for '%s' should not contain ':': %s", key, value)
 		}
-		//support two formats, original format <portnum>/[<proto>] or <startport-endport>/[<proto>]
+		// support two formats, original format <portnum>/[<proto>] or <startport-endport>/[<proto>]
 		proto, port := nat.SplitProtoPort(value)
 		start, end, err := nat.ParsePortRange(port)
 		if err != nil {
@@ -551,23 +551,19 @@ func includeContainerInList(container *container.Snapshot, ctx *listContext) ite
 		}
 	}
 
-	if len(ctx.publish) > 0 {
-		shouldSkip := true
-		for port := range ctx.publish {
-			if _, ok := container.PortBindings[port]; ok {
+	if len(ctx.expose) > 0 || len(ctx.publish) > 0 {
+		var (
+			shouldSkip    = true
+			publishedPort nat.Port
+			exposedPort   nat.Port
+		)
+		for _, port := range container.Ports {
+			publishedPort = nat.Port(fmt.Sprintf("%d/%s", port.PublicPort, port.Type))
+			exposedPort = nat.Port(fmt.Sprintf("%d/%s", port.PrivatePort, port.Type))
+			if ok := ctx.publish[publishedPort]; ok {
 				shouldSkip = false
 				break
-			}
-		}
-		if shouldSkip {
-			return excludeContainer
-		}
-	}
-
-	if len(ctx.expose) > 0 {
-		shouldSkip := true
-		for port := range ctx.expose {
-			if _, ok := container.ExposedPorts[port]; ok {
+			} else if ok := ctx.expose[exposedPort]; ok {
 				shouldSkip = false
 				break
 			}
@@ -585,7 +581,7 @@ func (daemon *Daemon) refreshImage(s *container.Snapshot, ctx *listContext) (*ty
 	c := s.Container
 	image := s.Image // keep the original ref if still valid (hasn't changed)
 	if image != s.ImageID {
-		img, err := daemon.imageService.GetImage(image)
+		img, err := daemon.imageService.GetImage(image, nil)
 		if _, isDNE := err.(images.ErrImageDoesNotExist); err != nil && !isDNE {
 			return nil, err
 		}
diff --git a/daemon/list_test.go b/daemon/list_test.go
index 2fdb266c4ab65..e6a7382bff294 100644
--- a/daemon/list_test.go
+++ b/daemon/list_test.go
@@ -1,7 +1,6 @@
 package daemon
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -11,17 +10,17 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/image"
-	"github.com/opencontainers/go-digest"
-	"github.com/pborman/uuid"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/google/uuid"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 var root string
 
 func TestMain(m *testing.M) {
 	var err error
-	root, err = ioutil.TempDir("", "docker-container-test-")
+	root, err = os.MkdirTemp("", "docker-container-test-")
 	if err != nil {
 		panic(err)
 	}
@@ -36,7 +35,7 @@ func TestMain(m *testing.M) {
 func setupContainerWithName(t *testing.T, name string, daemon *Daemon) *container.Container {
 	t.Helper()
 	var (
-		id              = uuid.New()
+		id              = uuid.New().String()
 		computedImageID = digest.FromString(id)
 		cRoot           = filepath.Join(root, id)
 	)
@@ -69,8 +68,8 @@ func setupContainerWithName(t *testing.T, name string, daemon *Daemon) *containe
 }
 
 func containerListContainsName(containers []*types.Container, name string) bool {
-	for _, container := range containers {
-		for _, containerName := range container.Names {
+	for _, ctr := range containers {
+		for _, containerName := range ctr.Names {
 			if containerName == name {
 				return true
 			}
diff --git a/daemon/list_unix.go b/daemon/list_unix.go
index 4f9e453bc2198..af86834a10a0d 100644
--- a/daemon/list_unix.go
+++ b/daemon/list_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package daemon // import "github.com/docker/docker/daemon"
diff --git a/daemon/listeners/group_unix.go b/daemon/listeners/group_unix.go
index 9cc17eba7b8d9..546871ed87402 100644
--- a/daemon/listeners/group_unix.go
+++ b/daemon/listeners/group_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package listeners // import "github.com/docker/docker/daemon/listeners"
@@ -6,25 +7,15 @@ import (
 	"fmt"
 	"strconv"
 
-	"github.com/opencontainers/runc/libcontainer/user"
-	"github.com/pkg/errors"
+	"github.com/docker/docker/pkg/idtools"
 )
 
 const defaultSocketGroup = "docker"
 
 func lookupGID(name string) (int, error) {
-	groupFile, err := user.GetGroupPath()
-	if err != nil {
-		return -1, errors.Wrap(err, "error looking up groups")
-	}
-	groups, err := user.ParseGroupFileFilter(groupFile, func(g user.Group) bool {
-		return g.Name == name || strconv.Itoa(g.Gid) == name
-	})
-	if err != nil {
-		return -1, errors.Wrapf(err, "error parsing groups for %s", name)
-	}
-	if len(groups) > 0 {
-		return groups[0].Gid, nil
+	group, err := idtools.LookupGroup(name)
+	if err == nil {
+		return group.Gid, nil
 	}
 	gid, err := strconv.Atoi(name)
 	if err == nil {
diff --git a/daemon/listeners/listeners_linux.go b/daemon/listeners/listeners_linux.go
index c8956db258fdc..515fa548b9820 100644
--- a/daemon/listeners/listeners_linux.go
+++ b/daemon/listeners/listeners_linux.go
@@ -2,13 +2,14 @@ package listeners // import "github.com/docker/docker/daemon/listeners"
 
 import (
 	"crypto/tls"
-	"fmt"
 	"net"
 	"os"
 	"strconv"
 
-	"github.com/coreos/go-systemd/activation"
+	"github.com/coreos/go-systemd/v22/activation"
+	"github.com/docker/docker/pkg/homedir"
 	"github.com/docker/go-connections/sockets"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
@@ -43,11 +44,15 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listene
 		}
 		l, err := sockets.NewUnixSocket(addr, gid)
 		if err != nil {
-			return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
+			return nil, errors.Wrapf(err, "can't create unix socket %s", addr)
+		}
+		if _, err := homedir.StickRuntimeDirContents([]string{addr}); err != nil {
+			// StickRuntimeDirContents returns nil error if XDG_RUNTIME_DIR is just unset
+			logrus.WithError(err).Warnf("cannot set sticky bit on socket %s under XDG_RUNTIME_DIR", addr)
 		}
 		ls = append(ls, l)
 	default:
-		return nil, fmt.Errorf("invalid protocol format: %q", proto)
+		return nil, errors.Errorf("invalid protocol format: %q", proto)
 	}
 
 	return ls, nil
@@ -71,7 +76,7 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
 	}
 
 	if len(listeners) == 0 {
-		return nil, fmt.Errorf("no sockets found via socket activation: make sure the service was started by systemd")
+		return nil, errors.New("no sockets found via socket activation: make sure the service was started by systemd")
 	}
 
 	// default to all fds just like unix:// and tcp://
@@ -81,21 +86,21 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
 
 	fdNum, err := strconv.Atoi(addr)
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse systemd fd address: should be a number: %v", addr)
+		return nil, errors.Errorf("failed to parse systemd fd address: should be a number: %v", addr)
 	}
 	fdOffset := fdNum - 3
 	if len(listeners) < fdOffset+1 {
-		return nil, fmt.Errorf("too few socket activated files passed in by systemd")
+		return nil, errors.New("too few socket activated files passed in by systemd")
 	}
 	if listeners[fdOffset] == nil {
-		return nil, fmt.Errorf("failed to listen on systemd activated file: fd %d", fdOffset+3)
+		return nil, errors.Errorf("failed to listen on systemd activated file: fd %d", fdOffset+3)
 	}
 	for i, ls := range listeners {
 		if i == fdOffset || ls == nil {
 			continue
 		}
 		if err := ls.Close(); err != nil {
-			return nil, fmt.Errorf("failed to close systemd activated file: fd %d: %v", fdOffset+3, err)
+			return nil, errors.Wrapf(err, "failed to close systemd activated file: fd %d", fdOffset+3)
 		}
 	}
 	return []net.Listener{listeners[fdOffset]}, nil
diff --git a/daemon/listeners/listeners_windows.go b/daemon/listeners/listeners_windows.go
index 73f5f79e4b18c..b6d630445a714 100644
--- a/daemon/listeners/listeners_windows.go
+++ b/daemon/listeners/listeners_windows.go
@@ -6,7 +6,7 @@ import (
 	"net"
 	"strings"
 
-	"github.com/Microsoft/go-winio"
+	winio "github.com/Microsoft/go-winio"
 	"github.com/docker/go-connections/sockets"
 )
 
diff --git a/daemon/logdrivers_linux.go b/daemon/logdrivers_linux.go
index 67154a7a98b1c..425f412b200eb 100644
--- a/daemon/logdrivers_linux.go
+++ b/daemon/logdrivers_linux.go
@@ -11,6 +11,7 @@ import (
 	_ "github.com/docker/docker/daemon/logger/jsonfilelog"
 	_ "github.com/docker/docker/daemon/logger/local"
 	_ "github.com/docker/docker/daemon/logger/logentries"
+	_ "github.com/docker/docker/daemon/logger/loggerutils/cache"
 	_ "github.com/docker/docker/daemon/logger/splunk"
 	_ "github.com/docker/docker/daemon/logger/syslog"
 )
diff --git a/daemon/logdrivers_windows.go b/daemon/logdrivers_windows.go
index 425a4d89b6e09..6c9d97f785821 100644
--- a/daemon/logdrivers_windows.go
+++ b/daemon/logdrivers_windows.go
@@ -10,6 +10,7 @@ import (
 	_ "github.com/docker/docker/daemon/logger/gelf"
 	_ "github.com/docker/docker/daemon/logger/jsonfilelog"
 	_ "github.com/docker/docker/daemon/logger/logentries"
+	_ "github.com/docker/docker/daemon/logger/loggerutils/cache"
 	_ "github.com/docker/docker/daemon/logger/splunk"
 	_ "github.com/docker/docker/daemon/logger/syslog"
 )
diff --git a/daemon/logger/adapter.go b/daemon/logger/adapter.go
index d9370352c5735..97d59be5e0ebc 100644
--- a/daemon/logger/adapter.go
+++ b/daemon/logger/adapter.go
@@ -39,6 +39,13 @@ func (a *pluginAdapter) Log(msg *Message) error {
 	a.buf.TimeNano = msg.Timestamp.UnixNano()
 	a.buf.Partial = msg.PLogMetaData != nil
 	a.buf.Source = msg.Source
+	if msg.PLogMetaData != nil {
+		a.buf.PartialLogMetadata = &logdriver.PartialLogEntryMetadata{
+			Id:      msg.PLogMetaData.ID,
+			Last:    msg.PLogMetaData.Last,
+			Ordinal: int32(msg.PLogMetaData.Ordinal),
+		}
+	}
 
 	err := a.enc.Encode(&a.buf)
 	a.buf.Reset()
diff --git a/daemon/logger/adapter_test.go b/daemon/logger/adapter_test.go
index d14a48e477627..1ca28de6d9057 100644
--- a/daemon/logger/adapter_test.go
+++ b/daemon/logger/adapter_test.go
@@ -9,8 +9,8 @@ import (
 
 	"github.com/docker/docker/api/types/plugins/logdriver"
 	protoio "github.com/gogo/protobuf/io"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // mockLoggingPlugin implements the loggingPlugin interface for testing purposes
diff --git a/daemon/logger/awslogs/cloudwatchlogs.go b/daemon/logger/awslogs/cloudwatchlogs.go
index 0f989af379838..0ed42e66510fe 100644
--- a/daemon/logger/awslogs/cloudwatchlogs.go
+++ b/daemon/logger/awslogs/cloudwatchlogs.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"sync"
 	"time"
+	"unicode/utf8"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@@ -34,11 +35,17 @@ const (
 	logGroupKey            = "awslogs-group"
 	logStreamKey           = "awslogs-stream"
 	logCreateGroupKey      = "awslogs-create-group"
+	logCreateStreamKey     = "awslogs-create-stream"
 	tagKey                 = "tag"
 	datetimeFormatKey      = "awslogs-datetime-format"
 	multilinePatternKey    = "awslogs-multiline-pattern"
 	credentialsEndpointKey = "awslogs-credentials-endpoint"
-	batchPublishFrequency  = 5 * time.Second
+	forceFlushIntervalKey  = "awslogs-force-flush-interval-seconds"
+	maxBufferedEventsKey   = "awslogs-max-buffered-events"
+	logFormatKey           = "awslogs-format"
+
+	defaultForceFlushInterval = 5 * time.Second
+	defaultMaxBufferedEvents  = 4096
 
 	// See: http://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
 	perEventBytes          = 26
@@ -46,6 +53,10 @@ const (
 	maximumLogEventsPerPut = 10000
 
 	// See: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_limits.html
+	// Because the events are interpreted as UTF-8 encoded Unicode, invalid UTF-8 byte sequences are replaced with the
+	// Unicode replacement character (U+FFFD), which is a 3-byte sequence in UTF-8.  To compensate for that and to avoid
+	// splitting valid UTF-8 characters into invalid byte sequences, we calculate the length of each event assuming that
+	// this replacement happens.
 	maximumBytesPerEvent = 262144 - perEventBytes
 
 	resourceAlreadyExistsCode = "ResourceAlreadyExistsException"
@@ -56,19 +67,36 @@ const (
 	credentialsEndpoint = "http://169.254.170.2"
 
 	userAgentHeader = "User-Agent"
+
+	// See: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Embedded_Metric_Format_Specification.html
+	logsFormatHeader = "x-amzn-logs-format"
+	jsonEmfLogFormat = "json/emf"
 )
 
 type logStream struct {
-	logStreamName    string
-	logGroupName     string
-	logCreateGroup   bool
-	logNonBlocking   bool
-	multilinePattern *regexp.Regexp
-	client           api
-	messages         chan *logger.Message
-	lock             sync.RWMutex
-	closed           bool
-	sequenceToken    *string
+	logStreamName      string
+	logGroupName       string
+	logCreateGroup     bool
+	logCreateStream    bool
+	logNonBlocking     bool
+	forceFlushInterval time.Duration
+	multilinePattern   *regexp.Regexp
+	client             api
+	messages           chan *logger.Message
+	lock               sync.RWMutex
+	closed             bool
+	sequenceToken      *string
+}
+
+type logStreamConfig struct {
+	logStreamName      string
+	logGroupName       string
+	logCreateGroup     bool
+	logCreateStream    bool
+	logNonBlocking     bool
+	forceFlushInterval time.Duration
+	maxBufferedEvents  int
+	multilinePattern   *regexp.Regexp
 }
 
 var _ logger.SizedLogger = &logStream{}
@@ -118,47 +146,29 @@ type eventBatch struct {
 // AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, the shared credentials
 // file (~/.aws/credentials), and the EC2 Instance Metadata Service.
 func New(info logger.Info) (logger.Logger, error) {
-	logGroupName := info.Config[logGroupKey]
-	logStreamName, err := loggerutils.ParseLogTag(info, "{{.FullID}}")
+	containerStreamConfig, err := newStreamConfig(info)
 	if err != nil {
 		return nil, err
 	}
-	logCreateGroup := false
-	if info.Config[logCreateGroupKey] != "" {
-		logCreateGroup, err = strconv.ParseBool(info.Config[logCreateGroupKey])
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	logNonBlocking := info.Config["mode"] == "non-blocking"
-
-	if info.Config[logStreamKey] != "" {
-		logStreamName = info.Config[logStreamKey]
-	}
-
-	multilinePattern, err := parseMultilineOptions(info)
-	if err != nil {
-		return nil, err
-	}
-
 	client, err := newAWSLogsClient(info)
 	if err != nil {
 		return nil, err
 	}
 
 	containerStream := &logStream{
-		logStreamName:    logStreamName,
-		logGroupName:     logGroupName,
-		logCreateGroup:   logCreateGroup,
-		logNonBlocking:   logNonBlocking,
-		multilinePattern: multilinePattern,
-		client:           client,
-		messages:         make(chan *logger.Message, 4096),
+		logStreamName:      containerStreamConfig.logStreamName,
+		logGroupName:       containerStreamConfig.logGroupName,
+		logCreateGroup:     containerStreamConfig.logCreateGroup,
+		logCreateStream:    containerStreamConfig.logCreateStream,
+		logNonBlocking:     containerStreamConfig.logNonBlocking,
+		forceFlushInterval: containerStreamConfig.forceFlushInterval,
+		multilinePattern:   containerStreamConfig.multilinePattern,
+		client:             client,
+		messages:           make(chan *logger.Message, containerStreamConfig.maxBufferedEvents),
 	}
 
 	creationDone := make(chan bool)
-	if logNonBlocking {
+	if containerStream.logNonBlocking {
 		go func() {
 			backoff := 1
 			maxBackoff := 32
@@ -198,6 +208,71 @@ func New(info logger.Info) (logger.Logger, error) {
 	return containerStream, nil
 }
 
+// Parses most of the awslogs- options and prepares a config object to be used for newing the actual stream
+// It has been formed out to ease Utest of the New above
+func newStreamConfig(info logger.Info) (*logStreamConfig, error) {
+	logGroupName := info.Config[logGroupKey]
+	logStreamName, err := loggerutils.ParseLogTag(info, "{{.FullID}}")
+	if err != nil {
+		return nil, err
+	}
+	logCreateGroup := false
+	if info.Config[logCreateGroupKey] != "" {
+		logCreateGroup, err = strconv.ParseBool(info.Config[logCreateGroupKey])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	logNonBlocking := info.Config["mode"] == "non-blocking"
+
+	forceFlushInterval := defaultForceFlushInterval
+	if info.Config[forceFlushIntervalKey] != "" {
+		forceFlushIntervalAsInt, err := strconv.Atoi(info.Config[forceFlushIntervalKey])
+		if err != nil {
+			return nil, err
+		}
+		forceFlushInterval = time.Duration(forceFlushIntervalAsInt) * time.Second
+	}
+
+	maxBufferedEvents := int(defaultMaxBufferedEvents)
+	if info.Config[maxBufferedEventsKey] != "" {
+		maxBufferedEvents, err = strconv.Atoi(info.Config[maxBufferedEventsKey])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if info.Config[logStreamKey] != "" {
+		logStreamName = info.Config[logStreamKey]
+	}
+	logCreateStream := true
+	if info.Config[logCreateStreamKey] != "" {
+		logCreateStream, err = strconv.ParseBool(info.Config[logCreateStreamKey])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	multilinePattern, err := parseMultilineOptions(info)
+	if err != nil {
+		return nil, err
+	}
+
+	containerStreamConfig := &logStreamConfig{
+		logStreamName:      logStreamName,
+		logGroupName:       logGroupName,
+		logCreateGroup:     logCreateGroup,
+		logCreateStream:    logCreateStream,
+		logNonBlocking:     logNonBlocking,
+		forceFlushInterval: forceFlushInterval,
+		maxBufferedEvents:  maxBufferedEvents,
+		multilinePattern:   multilinePattern,
+	}
+
+	return containerStreamConfig, nil
+}
+
 // Parses awslogs-multiline-pattern and awslogs-datetime-format options
 // If awslogs-datetime-format is present, convert the format from strftime
 // to regexp and return.
@@ -250,8 +325,12 @@ var strftimeToRegex = map[string]string{
 
 // newRegionFinder is a variable such that the implementation
 // can be swapped out for unit tests.
-var newRegionFinder = func() regionFinder {
-	return ec2metadata.New(session.New())
+var newRegionFinder = func() (regionFinder, error) {
+	s, err := session.NewSession()
+	if err != nil {
+		return nil, err
+	}
+	return ec2metadata.New(s), nil
 }
 
 // newSDKEndpoint is a variable such that the implementation
@@ -275,12 +354,15 @@ func newAWSLogsClient(info logger.Info) (api, error) {
 	}
 	if region == nil || *region == "" {
 		logrus.Info("Trying to get region from EC2 Metadata")
-		ec2MetadataClient := newRegionFinder()
+		ec2MetadataClient, err := newRegionFinder()
+		if err != nil {
+			logrus.WithError(err).Error("could not create EC2 metadata client")
+			return nil, errors.Wrap(err, "could not create EC2 metadata client")
+		}
+
 		r, err := ec2MetadataClient.Region()
 		if err != nil {
-			logrus.WithFields(logrus.Fields{
-				"error": err,
-			}).Error("Could not get region from EC2 metadata, environment, or log option")
+			logrus.WithError(err).Error("Could not get region from EC2 metadata, environment, or log option")
 			return nil, errors.New("Cannot determine region for awslogs driver")
 		}
 		region = &r
@@ -288,7 +370,7 @@ func newAWSLogsClient(info logger.Info) (api, error) {
 
 	sess, err := session.NewSession()
 	if err != nil {
-		return nil, errors.New("Failed to create a service client session for for awslogs driver")
+		return nil, errors.New("Failed to create a service client session for awslogs driver")
 	}
 
 	// attach region to cloudwatchlogs config
@@ -327,6 +409,16 @@ func newAWSLogsClient(info logger.Info) (api, error) {
 					dockerversion.Version, runtime.GOOS, currentAgent))
 		},
 	})
+
+	if info.Config[logFormatKey] != "" {
+		client.Handlers.Build.PushBackNamed(request.NamedHandler{
+			Name: "LogFormatHeaderHandler",
+			Fn: func(req *request.Request) {
+				req.HTTPRequest.Header.Set(logsFormatHeader, info.Config[logFormatKey])
+			},
+		})
+	}
+
 	return client, nil
 }
 
@@ -335,6 +427,7 @@ func (l *logStream) Name() string {
 	return name
 }
 
+// BufSize returns the maximum bytes CloudWatch can handle.
 func (l *logStream) BufSize() int {
 	return maximumBytesPerEvent
 }
@@ -371,21 +464,20 @@ func (l *logStream) Close() error {
 
 // create creates log group and log stream for the instance of the awslogs logging driver
 func (l *logStream) create() error {
-	if err := l.createLogStream(); err != nil {
-		if l.logCreateGroup {
-			if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == resourceNotFoundCode {
-				if err := l.createLogGroup(); err != nil {
-					return err
-				}
-				return l.createLogStream()
-			}
+	err := l.createLogStream()
+	if err == nil {
+		return nil
+	}
+	if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == resourceNotFoundCode && l.logCreateGroup {
+		if err := l.createLogGroup(); err != nil {
+			return errors.Wrap(err, "failed to create Cloudwatch log group")
 		}
-		if err != nil {
-			return err
+		err = l.createLogStream()
+		if err == nil {
+			return nil
 		}
 	}
-
-	return nil
+	return errors.Wrap(err, "failed to create Cloudwatch log stream")
 }
 
 // createLogGroup creates a log group for the instance of the awslogs logging driver
@@ -415,6 +507,16 @@ func (l *logStream) createLogGroup() error {
 
 // createLogStream creates a log stream for the instance of the awslogs logging driver
 func (l *logStream) createLogStream() error {
+	// Directly return if we do not want to create log stream.
+	if !l.logCreateStream {
+		logrus.WithFields(logrus.Fields{
+			"logGroupName":    l.logGroupName,
+			"logStreamName":   l.logStreamName,
+			"logCreateStream": l.logCreateStream,
+		}).Info("Skipping creating log stream")
+		return nil
+	}
+
 	input := &cloudwatchlogs.CreateLogStreamInput{
 		LogGroupName:  aws.String(l.logGroupName),
 		LogStreamName: aws.String(l.logStreamName),
@@ -462,7 +564,11 @@ var newTicker = func(freq time.Duration) *time.Ticker {
 func (l *logStream) collectBatch(created chan bool) {
 	// Wait for the logstream/group to be created
 	<-created
-	ticker := newTicker(batchPublishFrequency)
+	flushInterval := l.forceFlushInterval
+	if flushInterval <= 0 {
+		flushInterval = defaultForceFlushInterval
+	}
+	ticker := newTicker(flushInterval)
 	var eventBuffer []byte
 	var eventBufferTimestamp int64
 	var batch = newEventBatch()
@@ -472,7 +578,7 @@ func (l *logStream) collectBatch(created chan bool) {
 			// If event buffer is older than batch publish frequency flush the event buffer
 			if eventBufferTimestamp > 0 && len(eventBuffer) > 0 {
 				eventBufferAge := t.UnixNano()/int64(time.Millisecond) - eventBufferTimestamp
-				eventBufferExpired := eventBufferAge >= int64(batchPublishFrequency)/int64(time.Millisecond)
+				eventBufferExpired := eventBufferAge >= int64(flushInterval)/int64(time.Millisecond)
 				eventBufferNegative := eventBufferAge < 0
 				if eventBufferExpired || eventBufferNegative {
 					l.processEvent(batch, eventBuffer, eventBufferTimestamp)
@@ -485,7 +591,6 @@ func (l *logStream) collectBatch(created chan bool) {
 			if !more {
 				// Flush event buffer and release resources
 				l.processEvent(batch, eventBuffer, eventBufferTimestamp)
-				eventBuffer = eventBuffer[:0]
 				l.publishBatch(batch)
 				batch.reset()
 				return
@@ -495,15 +600,16 @@ func (l *logStream) collectBatch(created chan bool) {
 			}
 			line := msg.Line
 			if l.multilinePattern != nil {
-				if l.multilinePattern.Match(line) || len(eventBuffer)+len(line) > maximumBytesPerEvent {
+				lineEffectiveLen := effectiveLen(string(line))
+				if l.multilinePattern.Match(line) || effectiveLen(string(eventBuffer))+lineEffectiveLen > maximumBytesPerEvent {
 					// This is a new log event or we will exceed max bytes per event
 					// so flush the current eventBuffer to events and reset timestamp
 					l.processEvent(batch, eventBuffer, eventBufferTimestamp)
 					eventBufferTimestamp = msg.Timestamp.UnixNano() / int64(time.Millisecond)
 					eventBuffer = eventBuffer[:0]
 				}
-				// Append new line if event is less than max event size
-				if len(line) < maximumBytesPerEvent {
+				// Append newline if event is less than max event size
+				if lineEffectiveLen < maximumBytesPerEvent {
 					line = append(line, "\n"...)
 				}
 				eventBuffer = append(eventBuffer, line...)
@@ -524,16 +630,17 @@ func (l *logStream) collectBatch(created chan bool) {
 // batch (defined in maximumBytesPerPut).  Log messages are split by the maximum
 // bytes per event (defined in maximumBytesPerEvent).  There is a fixed per-event
 // byte overhead (defined in perEventBytes) which is accounted for in split- and
-// batch-calculations.
-func (l *logStream) processEvent(batch *eventBatch, events []byte, timestamp int64) {
-	for len(events) > 0 {
+// batch-calculations.  Because the events are interpreted as UTF-8 encoded
+// Unicode, invalid UTF-8 byte sequences are replaced with the Unicode
+// replacement character (U+FFFD), which is a 3-byte sequence in UTF-8.  To
+// compensate for that and to avoid splitting valid UTF-8 characters into
+// invalid byte sequences, we calculate the length of each event assuming that
+// this replacement happens.
+func (l *logStream) processEvent(batch *eventBatch, bytes []byte, timestamp int64) {
+	for len(bytes) > 0 {
 		// Split line length so it does not exceed the maximum
-		lineBytes := len(events)
-		if lineBytes > maximumBytesPerEvent {
-			lineBytes = maximumBytesPerEvent
-		}
-		line := events[:lineBytes]
-
+		splitOffset, lineBytes := findValidSplit(string(bytes), maximumBytesPerEvent)
+		line := bytes[:splitOffset]
 		event := wrappedEvent{
 			inputLogEvent: &cloudwatchlogs.InputLogEvent{
 				Message:   aws.String(string(line)),
@@ -544,7 +651,7 @@ func (l *logStream) processEvent(batch *eventBatch, events []byte, timestamp int
 
 		added := batch.add(event, lineBytes)
 		if added {
-			events = events[lineBytes:]
+			bytes = bytes[splitOffset:]
 		} else {
 			l.publishBatch(batch)
 			batch.reset()
@@ -552,6 +659,37 @@ func (l *logStream) processEvent(batch *eventBatch, events []byte, timestamp int
 	}
 }
 
+// effectiveLen counts the effective number of bytes in the string, after
+// UTF-8 normalization.  UTF-8 normalization includes replacing bytes that do
+// not constitute valid UTF-8 encoded Unicode codepoints with the Unicode
+// replacement codepoint U+FFFD (a 3-byte UTF-8 sequence, represented in Go as
+// utf8.RuneError)
+func effectiveLen(line string) int {
+	effectiveBytes := 0
+	for _, rune := range line {
+		effectiveBytes += utf8.RuneLen(rune)
+	}
+	return effectiveBytes
+}
+
+// findValidSplit finds the byte offset to split a string without breaking valid
+// Unicode codepoints given a maximum number of total bytes.  findValidSplit
+// returns the byte offset for splitting a string or []byte, as well as the
+// effective number of bytes if the string were normalized to replace invalid
+// UTF-8 encoded bytes with the Unicode replacement character (a 3-byte UTF-8
+// sequence, represented in Go as utf8.RuneError)
+func findValidSplit(line string, maxBytes int) (splitOffset, effectiveBytes int) {
+	for offset, rune := range line {
+		splitOffset = offset
+		if effectiveBytes+utf8.RuneLen(rune) > maxBytes {
+			return splitOffset, effectiveBytes
+		}
+		effectiveBytes += utf8.RuneLen(rune)
+	}
+	splitOffset = len(line)
+	return
+}
+
 // publishBatch calls PutLogEvents for a given set of InputLogEvents,
 // accounting for sequencing requirements (each request must reference the
 // sequence token returned by the previous request).
@@ -630,6 +768,9 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case datetimeFormatKey:
 		case multilinePatternKey:
 		case credentialsEndpointKey:
+		case forceFlushIntervalKey:
+		case maxBufferedEventsKey:
+		case logFormatKey:
 		default:
 			return fmt.Errorf("unknown log opt '%s' for %s log driver", key, name)
 		}
@@ -642,11 +783,32 @@ func ValidateLogOpt(cfg map[string]string) error {
 			return fmt.Errorf("must specify valid value for log opt '%s': %v", logCreateGroupKey, err)
 		}
 	}
+	if cfg[forceFlushIntervalKey] != "" {
+		if value, err := strconv.Atoi(cfg[forceFlushIntervalKey]); err != nil || value <= 0 {
+			return fmt.Errorf("must specify a positive integer for log opt '%s': %v", forceFlushIntervalKey, cfg[forceFlushIntervalKey])
+		}
+	}
+	if cfg[maxBufferedEventsKey] != "" {
+		if value, err := strconv.Atoi(cfg[maxBufferedEventsKey]); err != nil || value <= 0 {
+			return fmt.Errorf("must specify a positive integer for log opt '%s': %v", maxBufferedEventsKey, cfg[maxBufferedEventsKey])
+		}
+	}
 	_, datetimeFormatKeyExists := cfg[datetimeFormatKey]
 	_, multilinePatternKeyExists := cfg[multilinePatternKey]
 	if datetimeFormatKeyExists && multilinePatternKeyExists {
 		return fmt.Errorf("you cannot configure log opt '%s' and '%s' at the same time", datetimeFormatKey, multilinePatternKey)
 	}
+
+	if cfg[logFormatKey] != "" {
+		// For now, only the "json/emf" log format is supported
+		if cfg[logFormatKey] != jsonEmfLogFormat {
+			return fmt.Errorf("unsupported log format '%s'", cfg[logFormatKey])
+		}
+		if datetimeFormatKeyExists || multilinePatternKeyExists {
+			return fmt.Errorf("you cannot configure log opt '%s' or '%s' when log opt '%s' is set to '%s'", datetimeFormatKey, multilinePatternKey, logFormatKey, jsonEmfLogFormat)
+		}
+	}
+
 	return nil
 }
 
diff --git a/daemon/logger/awslogs/cloudwatchlogs_test.go b/daemon/logger/awslogs/cloudwatchlogs_test.go
index 172be51a307f5..28b521d1fa511 100644
--- a/daemon/logger/awslogs/cloudwatchlogs_test.go
+++ b/daemon/logger/awslogs/cloudwatchlogs_test.go
@@ -3,13 +3,13 @@ package awslogs // import "github.com/docker/docker/daemon/logger/awslogs"
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"reflect"
 	"regexp"
 	"runtime"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -21,8 +21,8 @@ import (
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/dockerversion"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 const (
@@ -59,6 +59,65 @@ func testEventBatch(events []wrappedEvent) *eventBatch {
 	return batch
 }
 
+func TestNewStreamConfig(t *testing.T) {
+	tests := []struct {
+		logStreamName      string
+		logGroupName       string
+		logCreateGroup     string
+		logCreateStream    string
+		logNonBlocking     string
+		forceFlushInterval string
+		maxBufferedEvents  string
+		datetimeFormat     string
+		multilinePattern   string
+		shouldErr          bool
+		testName           string
+	}{
+		{"", groupName, "", "", "", "", "", "", "", false, "defaults"},
+		{"", groupName, "invalid create group", "", "", "", "", "", "", true, "invalid create group"},
+		{"", groupName, "", "", "", "invalid flush interval", "", "", "", true, "invalid flush interval"},
+		{"", groupName, "", "", "", "", "invalid max buffered events", "", "", true, "invalid max buffered events"},
+		{"", groupName, "", "", "", "", "", "", "n{1001}", true, "invalid multiline pattern"},
+		{"", groupName, "", "", "", "15", "", "", "", false, "flush interval at 15"},
+		{"", groupName, "", "", "", "", "1024", "", "", false, "max buffered events at 1024"},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.testName, func(t *testing.T) {
+			cfg := map[string]string{
+				logGroupKey:           tc.logGroupName,
+				logCreateGroupKey:     tc.logCreateGroup,
+				"mode":                tc.logNonBlocking,
+				forceFlushIntervalKey: tc.forceFlushInterval,
+				maxBufferedEventsKey:  tc.maxBufferedEvents,
+				logStreamKey:          tc.logStreamName,
+				logCreateStreamKey:    tc.logCreateStream,
+				datetimeFormatKey:     tc.datetimeFormat,
+				multilinePatternKey:   tc.multilinePattern,
+			}
+
+			info := logger.Info{
+				Config: cfg,
+			}
+			logStreamConfig, err := newStreamConfig(info)
+			if tc.shouldErr {
+				assert.Check(t, err != nil, "Expected an error")
+			} else {
+				assert.Check(t, err == nil, "Unexpected error")
+				assert.Check(t, logStreamConfig.logGroupName == tc.logGroupName, "Unexpected logGroupName")
+				if tc.forceFlushInterval != "" {
+					forceFlushIntervalAsInt, _ := strconv.Atoi(info.Config[forceFlushIntervalKey])
+					assert.Check(t, logStreamConfig.forceFlushInterval == time.Duration(forceFlushIntervalAsInt)*time.Second, "Unexpected forceFlushInterval")
+				}
+				if tc.maxBufferedEvents != "" {
+					maxBufferedEvents, _ := strconv.Atoi(info.Config[maxBufferedEventsKey])
+					assert.Check(t, logStreamConfig.maxBufferedEvents == maxBufferedEvents, "Unexpected maxBufferedEvents")
+				}
+			}
+		})
+	}
+}
+
 func TestNewAWSLogsClientUserAgentHandler(t *testing.T) {
 	info := logger.Info{
 		Config: map[string]string{
@@ -88,6 +147,48 @@ func TestNewAWSLogsClientUserAgentHandler(t *testing.T) {
 	}
 }
 
+func TestNewAWSLogsClientLogFormatHeaderHandler(t *testing.T) {
+	tests := []struct {
+		logFormat           string
+		expectedHeaderValue string
+	}{
+		{
+			logFormat:           jsonEmfLogFormat,
+			expectedHeaderValue: "json/emf",
+		},
+		{
+			logFormat:           "",
+			expectedHeaderValue: "",
+		},
+	}
+	for _, tc := range tests {
+		t.Run(tc.logFormat, func(t *testing.T) {
+			info := logger.Info{
+				Config: map[string]string{
+					regionKey:    "us-east-1",
+					logFormatKey: tc.logFormat,
+				},
+			}
+
+			client, err := newAWSLogsClient(info)
+			assert.NilError(t, err)
+
+			realClient, ok := client.(*cloudwatchlogs.CloudWatchLogs)
+			assert.Check(t, ok, "Could not cast client to cloudwatchlogs.CloudWatchLogs")
+
+			buildHandlerList := realClient.Handlers.Build
+			request := &request.Request{
+				HTTPRequest: &http.Request{
+					Header: http.Header{},
+				},
+			}
+			buildHandlerList.Run(request)
+			logFormatHeaderVal := request.HTTPRequest.Header.Get("x-amzn-logs-format")
+			assert.Equal(t, tc.expectedHeaderValue, logFormatHeaderVal)
+		})
+	}
+}
+
 func TestNewAWSLogsClientAWSLogsEndpoint(t *testing.T) {
 	endpoint := "mock-endpoint"
 	info := logger.Info{
@@ -114,8 +215,8 @@ func TestNewAWSLogsClientRegionDetect(t *testing.T) {
 	}
 
 	mockMetadata := newMockMetadataClient()
-	newRegionFinder = func() regionFinder {
-		return mockMetadata
+	newRegionFinder = func() (regionFinder, error) {
+		return mockMetadata, nil
 	}
 	mockMetadata.regionResult <- &regionResult{
 		successResult: "us-east-1",
@@ -128,9 +229,10 @@ func TestNewAWSLogsClientRegionDetect(t *testing.T) {
 func TestCreateSuccess(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
-		client:        mockClient,
-		logGroupName:  groupName,
-		logStreamName: streamName,
+		client:          mockClient,
+		logGroupName:    groupName,
+		logStreamName:   streamName,
+		logCreateStream: true,
 	}
 	mockClient.createLogStreamResult <- &createLogStreamResult{}
 
@@ -154,13 +256,28 @@ func TestCreateSuccess(t *testing.T) {
 	}
 }
 
+func TestCreateStreamSkipped(t *testing.T) {
+	stream := &logStream{
+		logGroupName:    groupName,
+		logStreamName:   streamName,
+		logCreateStream: false,
+	}
+
+	err := stream.create()
+
+	if err != nil {
+		t.Errorf("Received unexpected err: %v\n", err)
+	}
+}
+
 func TestCreateLogGroupSuccess(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
-		client:         mockClient,
-		logGroupName:   groupName,
-		logStreamName:  streamName,
-		logCreateGroup: true,
+		client:          mockClient,
+		logGroupName:    groupName,
+		logStreamName:   streamName,
+		logCreateGroup:  true,
+		logCreateStream: true,
 	}
 	mockClient.createLogGroupResult <- &createLogGroupResult{}
 	mockClient.createLogStreamResult <- &createLogStreamResult{}
@@ -188,7 +305,8 @@ func TestCreateLogGroupSuccess(t *testing.T) {
 func TestCreateError(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
-		client: mockClient,
+		client:          mockClient,
+		logCreateStream: true,
 	}
 	mockClient.createLogStreamResult <- &createLogStreamResult{
 		errorResult: errors.New("Error"),
@@ -204,7 +322,8 @@ func TestCreateError(t *testing.T) {
 func TestCreateAlreadyExists(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
-		client: mockClient,
+		client:          mockClient,
+		logCreateStream: true,
 	}
 	mockClient.createLogStreamResult <- &createLogStreamResult{
 		errorResult: awserr.New(resourceAlreadyExistsCode, "", nil),
@@ -227,6 +346,9 @@ func TestLogClosed(t *testing.T) {
 	}
 }
 
+// TestLogBlocking tests that the Log method blocks appropriately when
+// non-blocking behavior is not enabled.  Blocking is achieved through an
+// internal channel that must be drained for Log to return.
 func TestLogBlocking(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
@@ -241,18 +363,20 @@ func TestLogBlocking(t *testing.T) {
 		err := stream.Log(&logger.Message{})
 		errorCh <- err
 	}()
+	// block until the goroutine above has started
 	<-started
 	select {
 	case err := <-errorCh:
 		t.Fatal("Expected stream.Log to block: ", err)
 	default:
-		break
 	}
+	// assuming it is blocked, we can now try to drain the internal channel and
+	// unblock it
 	select {
-	case <-stream.messages:
-		break
-	default:
+	case <-time.After(10 * time.Millisecond):
+		// if we're unable to drain the channel within 10ms, something seems broken
 		t.Fatal("Expected to be able to read from stream.messages but was unable to")
+	case <-stream.messages:
 	}
 	select {
 	case err := <-errorCh:
@@ -282,7 +406,7 @@ func TestLogNonBlockingBufferFull(t *testing.T) {
 		logNonBlocking: true,
 	}
 	stream.messages <- &logger.Message{}
-	errorCh := make(chan error)
+	errorCh := make(chan error, 1)
 	started := make(chan bool)
 	go func() {
 		started <- true
@@ -762,10 +886,10 @@ func TestCollectBatchMultilinePatternMaxEventAge(t *testing.T) {
 		Timestamp: time.Now().Add(time.Second),
 	})
 
-	// Fire ticker batchPublishFrequency seconds later
-	ticks <- time.Now().Add(batchPublishFrequency + time.Second)
+	// Fire ticker defaultForceFlushInterval seconds later
+	ticks <- time.Now().Add(defaultForceFlushInterval + time.Second)
 
-	// Verify single multiline event is flushed after maximum event buffer age (batchPublishFrequency)
+	// Verify single multiline event is flushed after maximum event buffer age (defaultForceFlushInterval)
 	argument := <-mockClient.putLogEventsArgument
 	assert.Check(t, argument != nil, "Expected non-nil PutLogEventsInput")
 	assert.Check(t, is.Equal(1, len(argument.LogEvents)), "Expected single multiline event")
@@ -777,8 +901,8 @@ func TestCollectBatchMultilinePatternMaxEventAge(t *testing.T) {
 		Timestamp: time.Now().Add(time.Second),
 	})
 
-	// Fire ticker another batchPublishFrequency seconds later
-	ticks <- time.Now().Add(2*batchPublishFrequency + time.Second)
+	// Fire ticker another defaultForceFlushInterval seconds later
+	ticks <- time.Now().Add(2*defaultForceFlushInterval + time.Second)
 
 	// Verify the event buffer is truly flushed - we should only receive a single event
 	argument = <-mockClient.putLogEventsArgument
@@ -880,7 +1004,7 @@ func TestCollectBatchMultilinePatternMaxEventSize(t *testing.T) {
 	})
 
 	// Fire ticker
-	ticks <- time.Now().Add(batchPublishFrequency)
+	ticks <- time.Now().Add(defaultForceFlushInterval)
 
 	// Verify multiline events
 	// We expect a maximum sized event with no new line characters and a
@@ -938,6 +1062,62 @@ func TestCollectBatchClose(t *testing.T) {
 	}
 }
 
+func TestEffectiveLen(t *testing.T) {
+	tests := []struct {
+		str            string
+		effectiveBytes int
+	}{
+		{"Hello", 5},
+		{string([]byte{1, 2, 3, 4}), 4},
+		{"🙃", 4},
+		{string([]byte{0xFF, 0xFF, 0xFF, 0xFF}), 12},
+		{"He\xff\xffo", 9},
+		{"", 0},
+	}
+	for i, tc := range tests {
+		t.Run(fmt.Sprintf("%d/%s", i, tc.str), func(t *testing.T) {
+			assert.Equal(t, tc.effectiveBytes, effectiveLen(tc.str))
+		})
+	}
+}
+
+func TestFindValidSplit(t *testing.T) {
+	tests := []struct {
+		str               string
+		maxEffectiveBytes int
+		splitOffset       int
+		effectiveBytes    int
+	}{
+		{"", 10, 0, 0},
+		{"Hello", 6, 5, 5},
+		{"Hello", 2, 2, 2},
+		{"Hello", 0, 0, 0},
+		{"🙃", 3, 0, 0},
+		{"🙃", 4, 4, 4},
+		{string([]byte{'a', 0xFF}), 2, 1, 1},
+		{string([]byte{'a', 0xFF}), 4, 2, 4},
+	}
+	for i, tc := range tests {
+		t.Run(fmt.Sprintf("%d/%s", i, tc.str), func(t *testing.T) {
+			splitOffset, effectiveBytes := findValidSplit(tc.str, tc.maxEffectiveBytes)
+			assert.Equal(t, tc.splitOffset, splitOffset, "splitOffset")
+			assert.Equal(t, tc.effectiveBytes, effectiveBytes, "effectiveBytes")
+			t.Log(tc.str[:tc.splitOffset])
+			t.Log(tc.str[tc.splitOffset:])
+		})
+	}
+}
+
+func TestProcessEventEmoji(t *testing.T) {
+	stream := &logStream{}
+	batch := &eventBatch{}
+	bytes := []byte(strings.Repeat("🙃", maximumBytesPerEvent/4+1))
+	stream.processEvent(batch, bytes, 0)
+	assert.Equal(t, 2, len(batch.batch), "should be two events in the batch")
+	assert.Equal(t, strings.Repeat("🙃", maximumBytesPerEvent/4), aws.StringValue(batch.batch[0].inputLogEvent.Message))
+	assert.Equal(t, "🙃", aws.StringValue(batch.batch[1].inputLogEvent.Message))
+}
+
 func TestCollectBatchLineSplit(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
@@ -987,6 +1167,55 @@ func TestCollectBatchLineSplit(t *testing.T) {
 	}
 }
 
+func TestCollectBatchLineSplitWithBinary(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	var ticks = make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
+
+	longline := strings.Repeat("\xFF", maximumBytesPerEvent/3) // 0xFF is counted as the 3-byte utf8.RuneError
+	stream.Log(&logger.Message{
+		Line:      []byte(longline + "\xFD"),
+		Timestamp: time.Time{},
+	})
+
+	// no ticks
+	stream.Close()
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != 2 {
+		t.Errorf("Expected LogEvents to contain 2 elements, but contains %d", len(argument.LogEvents))
+	}
+	if *argument.LogEvents[0].Message != longline {
+		t.Errorf("Expected message to be %s but was %s", longline, *argument.LogEvents[0].Message)
+	}
+	if *argument.LogEvents[1].Message != "\xFD" {
+		t.Errorf("Expected message to be %s but was %s", "\xFD", *argument.LogEvents[1].Message)
+	}
+}
+
 func TestCollectBatchMaxEvents(t *testing.T) {
 	mockClient := newMockClientBuffered(1)
 	stream := &logStream{
@@ -1125,6 +1354,83 @@ func TestCollectBatchMaxTotalBytes(t *testing.T) {
 	}
 }
 
+func TestCollectBatchMaxTotalBytesWithBinary(t *testing.T) {
+	expectedPuts := 2
+	mockClient := newMockClientBuffered(expectedPuts)
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	for i := 0; i < expectedPuts; i++ {
+		mockClient.putLogEventsResult <- &putLogEventsResult{
+			successResult: &cloudwatchlogs.PutLogEventsOutput{
+				NextSequenceToken: aws.String(nextSequenceToken),
+			},
+		}
+	}
+
+	var ticks = make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
+
+	// maxline is the maximum line that could be submitted after
+	// accounting for its overhead.
+	maxline := strings.Repeat("\xFF", (maximumBytesPerPut-perEventBytes)/3) // 0xFF is counted as the 3-byte utf8.RuneError
+	// This will be split and batched up to the `maximumBytesPerPut'
+	// (+/- `maximumBytesPerEvent'). This /should/ be aligned, but
+	// should also tolerate an offset within that range.
+	stream.Log(&logger.Message{
+		Line:      []byte(maxline),
+		Timestamp: time.Time{},
+	})
+	stream.Log(&logger.Message{
+		Line:      []byte("B"),
+		Timestamp: time.Time{},
+	})
+
+	// no ticks, guarantee batch by size (and chan close)
+	stream.Close()
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+
+	// Should total to the maximum allowed bytes.
+	eventBytes := 0
+	for _, event := range argument.LogEvents {
+		eventBytes += effectiveLen(*event.Message)
+	}
+	eventsOverhead := len(argument.LogEvents) * perEventBytes
+	payloadTotal := eventBytes + eventsOverhead
+	// lowestMaxBatch allows the payload to be offset if the messages
+	// don't lend themselves to align with the maximum event size.
+	lowestMaxBatch := maximumBytesPerPut - maximumBytesPerEvent
+
+	if payloadTotal > maximumBytesPerPut {
+		t.Errorf("Expected <= %d bytes but was %d", maximumBytesPerPut, payloadTotal)
+	}
+	if payloadTotal < lowestMaxBatch {
+		t.Errorf("Batch to be no less than %d but was %d", lowestMaxBatch, payloadTotal)
+	}
+
+	argument = <-mockClient.putLogEventsArgument
+	message := *argument.LogEvents[len(argument.LogEvents)-1].Message
+	if message[len(message)-1:] != "B" {
+		t.Errorf("Expected message to be %s but was %s", "B", message[len(message)-1:])
+	}
+}
+
 func TestCollectBatchWithDuplicateTimestamps(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
@@ -1237,6 +1543,101 @@ func TestValidateLogOptionsDatetimeFormatAndMultilinePattern(t *testing.T) {
 	assert.Check(t, is.Equal(err.Error(), conflictingLogOptionsError), "Received invalid error")
 }
 
+func TestValidateLogOptionsForceFlushIntervalSeconds(t *testing.T) {
+	tests := []struct {
+		input     string
+		shouldErr bool
+	}{
+		{"0", true},
+		{"-1", true},
+		{"a", true},
+		{"10", false},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.input, func(t *testing.T) {
+			cfg := map[string]string{
+				forceFlushIntervalKey: tc.input,
+				logGroupKey:           groupName,
+			}
+
+			err := ValidateLogOpt(cfg)
+			if tc.shouldErr {
+				expectedErr := "must specify a positive integer for log opt 'awslogs-force-flush-interval-seconds': " + tc.input
+				assert.Error(t, err, expectedErr)
+			} else {
+				assert.NilError(t, err)
+			}
+		})
+	}
+}
+
+func TestValidateLogOptionsMaxBufferedEvents(t *testing.T) {
+	tests := []struct {
+		input     string
+		shouldErr bool
+	}{
+		{"0", true},
+		{"-1", true},
+		{"a", true},
+		{"10", false},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.input, func(t *testing.T) {
+			cfg := map[string]string{
+				maxBufferedEventsKey: tc.input,
+				logGroupKey:          groupName,
+			}
+
+			err := ValidateLogOpt(cfg)
+			if tc.shouldErr {
+				expectedErr := "must specify a positive integer for log opt 'awslogs-max-buffered-events': " + tc.input
+				assert.Error(t, err, expectedErr)
+			} else {
+				assert.NilError(t, err)
+			}
+		})
+	}
+}
+
+func TestValidateLogOptionsFormat(t *testing.T) {
+	tests := []struct {
+		format           string
+		multiLinePattern string
+		datetimeFormat   string
+		expErrMsg        string
+	}{
+		{"json/emf", "", "", ""},
+		{"random", "", "", "unsupported log format 'random'"},
+		{"", "", "", ""},
+		{"json/emf", "---", "", "you cannot configure log opt 'awslogs-datetime-format' or 'awslogs-multiline-pattern' when log opt 'awslogs-format' is set to 'json/emf'"},
+		{"json/emf", "", "yyyy-dd-mm", "you cannot configure log opt 'awslogs-datetime-format' or 'awslogs-multiline-pattern' when log opt 'awslogs-format' is set to 'json/emf'"},
+	}
+
+	for i, tc := range tests {
+		t.Run(fmt.Sprintf("%d/%s", i, tc.format), func(t *testing.T) {
+			cfg := map[string]string{
+				logGroupKey:  groupName,
+				logFormatKey: tc.format,
+			}
+			if tc.multiLinePattern != "" {
+				cfg[multilinePatternKey] = tc.multiLinePattern
+			}
+			if tc.datetimeFormat != "" {
+				cfg[datetimeFormatKey] = tc.datetimeFormat
+			}
+
+			err := ValidateLogOpt(cfg)
+			if tc.expErrMsg != "" {
+				assert.Error(t, err, tc.expErrMsg)
+			} else {
+				assert.NilError(t, err)
+			}
+		})
+	}
+}
+
 func TestCreateTagSuccess(t *testing.T) {
 	mockClient := newMockClient()
 	info := logger.Info{
@@ -1249,9 +1650,10 @@ func TestCreateTagSuccess(t *testing.T) {
 		t.Errorf("Error generating tag: %q", e)
 	}
 	stream := &logStream{
-		client:        mockClient,
-		logGroupName:  groupName,
-		logStreamName: logStreamName,
+		client:          mockClient,
+		logGroupName:    groupName,
+		logStreamName:   logStreamName,
+		logCreateStream: true,
 	}
 	mockClient.createLogStreamResult <- &createLogStreamResult{}
 
@@ -1366,7 +1768,7 @@ func TestNewAWSLogsClientCredentialSharedFile(t *testing.T) {
 	`
 	content := []byte(contentStr)
 
-	tmpfile, err := ioutil.TempFile("", "example")
+	tmpfile, err := os.CreateTemp("", "example")
 	defer os.Remove(tmpfile.Name()) // clean up
 	assert.Check(t, err)
 
diff --git a/daemon/logger/copier.go b/daemon/logger/copier.go
index e24272fa6dff5..30c68ea364d2b 100644
--- a/daemon/logger/copier.go
+++ b/daemon/logger/copier.go
@@ -54,7 +54,12 @@ func (c *Copier) copySrc(name string, src io.Reader) {
 
 	bufSize := defaultBufSize
 	if sizedLogger, ok := c.dst.(SizedLogger); ok {
-		bufSize = sizedLogger.BufSize()
+		size := sizedLogger.BufSize()
+		// Loggers that wrap another loggers would have BufSize(), but cannot return the size
+		// when the wrapped loggers doesn't have BufSize().
+		if size > 0 {
+			bufSize = size
+		}
 	}
 	buf := make([]byte, bufSize)
 
@@ -121,8 +126,7 @@ func (c *Copier) copySrc(name string, src io.Reader) {
 					}
 
 					if logErr := c.dst.Log(msg); logErr != nil {
-						logWritesFailedCount.Inc(1)
-						logrus.Errorf("Failed to log msg %q for logger %s: %s", msg.Line, c.dst.Name(), logErr)
+						logDriverError(c.dst.Name(), string(msg.Line), logErr)
 					}
 				}
 				p += q + 1
@@ -154,8 +158,7 @@ func (c *Copier) copySrc(name string, src io.Reader) {
 					hasMorePartial = true
 
 					if logErr := c.dst.Log(msg); logErr != nil {
-						logWritesFailedCount.Inc(1)
-						logrus.Errorf("Failed to log msg %q for logger %s: %s", msg.Line, c.dst.Name(), logErr)
+						logDriverError(c.dst.Name(), string(msg.Line), logErr)
 					}
 					p = 0
 					n = 0
diff --git a/daemon/logger/copier_test.go b/daemon/logger/copier_test.go
index d09450bd199b6..db674b32a3dd7 100644
--- a/daemon/logger/copier_test.go
+++ b/daemon/logger/copier_test.go
@@ -3,7 +3,6 @@ package logger // import "github.com/docker/docker/daemon/logger"
 import (
 	"bytes"
 	"encoding/json"
-	"fmt"
 	"io"
 	"os"
 	"strings"
@@ -204,7 +203,7 @@ func TestCopierSlow(t *testing.T) {
 	}
 
 	var jsonBuf bytes.Buffer
-	//encoder := &encodeCloser{Encoder: json.NewEncoder(&jsonBuf)}
+	// encoder := &encodeCloser{Encoder: json.NewEncoder(&jsonBuf)}
 	jsonLog := &TestLoggerJSON{Encoder: json.NewEncoder(&jsonBuf), delay: 100 * time.Millisecond}
 
 	c := NewCopier(map[string]io.Reader{"stdout": &stdout}, jsonLog)
@@ -224,10 +223,28 @@ func TestCopierSlow(t *testing.T) {
 }
 
 func TestCopierWithSized(t *testing.T) {
+	t.Run("as is", func(t *testing.T) {
+		testCopierWithSized(t, func(l SizedLogger) SizedLogger {
+			return l
+		})
+	})
+	t.Run("With RingLogger", func(t *testing.T) {
+		testCopierWithSized(t, func(l SizedLogger) SizedLogger {
+			return newRingLogger(l, Info{}, defaultRingMaxSize)
+		})
+	})
+}
+
+func testCopierWithSized(t *testing.T, loggerFactory func(SizedLogger) SizedLogger) {
 	var jsonBuf bytes.Buffer
 	expectedMsgs := 2
-	sizedLogger := &TestSizedLoggerJSON{Encoder: json.NewEncoder(&jsonBuf)}
-	logbuf := bytes.NewBufferString(strings.Repeat(".", sizedLogger.BufSize()*expectedMsgs))
+	sizedLogger := loggerFactory(&TestSizedLoggerJSON{Encoder: json.NewEncoder(&jsonBuf)})
+
+	size := sizedLogger.BufSize()
+	if size < 0 {
+		size = 100
+	}
+	logbuf := bytes.NewBufferString(strings.Repeat(".", size*expectedMsgs))
 	c := NewCopier(map[string]io.Reader{"stdout": logbuf}, sizedLogger)
 
 	c.Run()
@@ -235,6 +252,8 @@ func TestCopierWithSized(t *testing.T) {
 	c.Wait()
 	c.Close()
 
+	sizedLogger.Close()
+
 	recvdMsgs := 0
 	dec := json.NewDecoder(&jsonBuf)
 	for {
@@ -254,7 +273,7 @@ func TestCopierWithSized(t *testing.T) {
 		recvdMsgs++
 	}
 	if recvdMsgs != expectedMsgs {
-		t.Fatalf("expected to receive %d messages, actually received %d", expectedMsgs, recvdMsgs)
+		t.Fatalf("expected to receive %d messages, actually received %d %q", expectedMsgs, recvdMsgs, jsonBuf.String())
 	}
 }
 
@@ -453,9 +472,9 @@ func piped(b *testing.B, iterations int, delay time.Duration, buf []byte) io.Rea
 			time.Sleep(delay)
 			if n, err := w.Write(buf); err != nil || n != len(buf) {
 				if err != nil {
-					b.Fatal(err)
+					b.Error(err)
 				}
-				b.Fatal(fmt.Errorf("short write"))
+				b.Error("short write")
 			}
 		}
 		w.Close()
diff --git a/daemon/logger/factory.go b/daemon/logger/factory.go
index 84b54b2794cb6..933ea0884e6f7 100644
--- a/daemon/logger/factory.go
+++ b/daemon/logger/factory.go
@@ -7,7 +7,7 @@ import (
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 	"github.com/pkg/errors"
 )
 
@@ -41,7 +41,11 @@ func ListDrivers() []string {
 }
 
 func (lf *logdriverFactory) register(name string, c Creator) error {
-	if lf.driverRegistered(name) {
+	registered, err := lf.driverRegistered(name)
+	if err != nil {
+		return err
+	}
+	if registered {
 		return fmt.Errorf("logger: log driver named '%s' is already registered", name)
 	}
 
@@ -51,18 +55,22 @@ func (lf *logdriverFactory) register(name string, c Creator) error {
 	return nil
 }
 
-func (lf *logdriverFactory) driverRegistered(name string) bool {
+func (lf *logdriverFactory) driverRegistered(name string) (bool, error) {
 	lf.m.Lock()
 	_, ok := lf.registry[name]
 	lf.m.Unlock()
 	if !ok {
 		if pluginGetter != nil { // this can be nil when the init functions are running
-			if l, _ := getPlugin(name, plugingetter.Lookup); l != nil {
-				return true
+			l, err := getPlugin(name, plugingetter.Lookup)
+			if err != nil {
+				return false, err
+			}
+			if l != nil {
+				return true, nil
 			}
 		}
 	}
-	return ok
+	return ok, nil
 }
 
 func (lf *logdriverFactory) registerLogOptValidator(name string, l LogOptValidator) error {
@@ -143,7 +151,15 @@ func ValidateLogOpts(name string, cfg map[string]string) error {
 		}
 	}
 
-	if !factory.driverRegistered(name) {
+	if err := validateExternal(cfg); err != nil {
+		return err
+	}
+
+	registered, err := factory.driverRegistered(name)
+	if err != nil {
+		return err
+	}
+	if !registered {
 		return fmt.Errorf("logger: no log driver named '%s' is registered", name)
 	}
 
diff --git a/daemon/logger/fluentd/fluentd.go b/daemon/logger/fluentd/fluentd.go
index 907261f41f17d..997c01c65257e 100644
--- a/daemon/logger/fluentd/fluentd.go
+++ b/daemon/logger/fluentd/fluentd.go
@@ -3,7 +3,6 @@
 package fluentd // import "github.com/docker/docker/daemon/logger/fluentd"
 
 import (
-	"fmt"
 	"math"
 	"net"
 	"net/url"
@@ -13,8 +12,9 @@ import (
 
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/urlutil"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 	"github.com/fluent/fluent-logger-golang/fluent"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -38,21 +38,23 @@ type location struct {
 const (
 	name = "fluentd"
 
-	defaultProtocol    = "tcp"
+	defaultBufferLimit = 1024 * 1024
 	defaultHost        = "127.0.0.1"
 	defaultPort        = 24224
-	defaultBufferLimit = 1024 * 1024
+	defaultProtocol    = "tcp"
 
 	// logger tries to reconnect 2**32 - 1 times
 	// failed (and panic) after 204 years [ 1.5 ** (2**32 - 1) - 1 seconds]
-	defaultRetryWait  = 1000
 	defaultMaxRetries = math.MaxInt32
+	defaultRetryWait  = 1000
 
 	addressKey            = "fluentd-address"
+	asyncKey              = "fluentd-async"
+	asyncConnectKey       = "fluentd-async-connect" // deprecated option (use fluent-async instead)
 	bufferLimitKey        = "fluentd-buffer-limit"
-	retryWaitKey          = "fluentd-retry-wait"
 	maxRetriesKey         = "fluentd-max-retries"
-	asyncConnectKey       = "fluentd-async-connect"
+	requestAckKey         = "fluentd-request-ack"
+	retryWaitKey          = "fluentd-retry-wait"
 	subSecondPrecisionKey = "fluentd-sub-second-precision"
 )
 
@@ -69,72 +71,19 @@ func init() {
 // the context. The supported context configuration variable is
 // fluentd-address.
 func New(info logger.Info) (logger.Logger, error) {
-	loc, err := parseAddress(info.Config[addressKey])
+	fluentConfig, err := parseConfig(info.Config)
 	if err != nil {
-		return nil, err
+		return nil, errdefs.InvalidParameter(err)
 	}
 
 	tag, err := loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate)
 	if err != nil {
-		return nil, err
+		return nil, errdefs.InvalidParameter(err)
 	}
 
 	extra, err := info.ExtraAttributes(nil)
 	if err != nil {
-		return nil, err
-	}
-
-	bufferLimit := defaultBufferLimit
-	if info.Config[bufferLimitKey] != "" {
-		bl64, err := units.RAMInBytes(info.Config[bufferLimitKey])
-		if err != nil {
-			return nil, err
-		}
-		bufferLimit = int(bl64)
-	}
-
-	retryWait := defaultRetryWait
-	if info.Config[retryWaitKey] != "" {
-		rwd, err := time.ParseDuration(info.Config[retryWaitKey])
-		if err != nil {
-			return nil, err
-		}
-		retryWait = int(rwd.Seconds() * 1000)
-	}
-
-	maxRetries := defaultMaxRetries
-	if info.Config[maxRetriesKey] != "" {
-		mr64, err := strconv.ParseUint(info.Config[maxRetriesKey], 10, strconv.IntSize)
-		if err != nil {
-			return nil, err
-		}
-		maxRetries = int(mr64)
-	}
-
-	asyncConnect := false
-	if info.Config[asyncConnectKey] != "" {
-		if asyncConnect, err = strconv.ParseBool(info.Config[asyncConnectKey]); err != nil {
-			return nil, err
-		}
-	}
-
-	subSecondPrecision := false
-	if info.Config[subSecondPrecisionKey] != "" {
-		if subSecondPrecision, err = strconv.ParseBool(info.Config[subSecondPrecisionKey]); err != nil {
-			return nil, err
-		}
-	}
-
-	fluentConfig := fluent.Config{
-		FluentPort:         loc.port,
-		FluentHost:         loc.host,
-		FluentNetwork:      loc.protocol,
-		FluentSocketPath:   loc.path,
-		BufferLimit:        bufferLimit,
-		RetryWait:          retryWait,
-		MaxRetry:           maxRetries,
-		AsyncConnect:       asyncConnect,
-		SubSecondPrecision: subSecondPrecision,
+		return nil, errdefs.InvalidParameter(err)
 	}
 
 	logrus.WithField("container", info.ContainerID).WithField("config", fluentConfig).
@@ -165,6 +114,9 @@ func (f *fluentd) Log(msg *logger.Message) error {
 	}
 	if msg.PLogMetaData != nil {
 		data["partial_message"] = "true"
+		data["partial_id"] = msg.PLogMetaData.ID
+		data["partial_ordinal"] = strconv.Itoa(msg.PLogMetaData.Ordinal)
+		data["partial_last"] = strconv.FormatBool(msg.PLogMetaData.Last)
 	}
 
 	ts := msg.Timestamp
@@ -189,23 +141,113 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case "env":
 		case "env-regex":
 		case "labels":
+		case "labels-regex":
 		case "tag":
+
 		case addressKey:
+		case asyncKey:
+		case asyncConnectKey:
 		case bufferLimitKey:
-		case retryWaitKey:
 		case maxRetriesKey:
-		case asyncConnectKey:
+		case requestAckKey:
+		case retryWaitKey:
 		case subSecondPrecisionKey:
 			// Accepted
 		default:
-			return fmt.Errorf("unknown log opt '%s' for fluentd log driver", key)
+			return errors.Errorf("unknown log opt '%s' for fluentd log driver", key)
 		}
 	}
 
-	_, err := parseAddress(cfg[addressKey])
+	_, err := parseConfig(cfg)
 	return err
 }
 
+func parseConfig(cfg map[string]string) (fluent.Config, error) {
+	var config fluent.Config
+
+	loc, err := parseAddress(cfg[addressKey])
+	if err != nil {
+		return config, err
+	}
+
+	bufferLimit := defaultBufferLimit
+	if cfg[bufferLimitKey] != "" {
+		bl64, err := units.RAMInBytes(cfg[bufferLimitKey])
+		if err != nil {
+			return config, err
+		}
+		bufferLimit = int(bl64)
+	}
+
+	retryWait := defaultRetryWait
+	if cfg[retryWaitKey] != "" {
+		rwd, err := time.ParseDuration(cfg[retryWaitKey])
+		if err != nil {
+			return config, err
+		}
+		retryWait = int(rwd.Seconds() * 1000)
+	}
+
+	maxRetries := defaultMaxRetries
+	if cfg[maxRetriesKey] != "" {
+		mr64, err := strconv.ParseUint(cfg[maxRetriesKey], 10, strconv.IntSize)
+		if err != nil {
+			return config, err
+		}
+		maxRetries = int(mr64)
+	}
+
+	if cfg[asyncKey] != "" && cfg[asyncConnectKey] != "" {
+		return config, errors.Errorf("conflicting options: cannot specify both '%s' and '%s", asyncKey, asyncConnectKey)
+	}
+
+	async := false
+	if cfg[asyncKey] != "" {
+		if async, err = strconv.ParseBool(cfg[asyncKey]); err != nil {
+			return config, err
+		}
+	}
+
+	// TODO fluentd-async-connect is deprecated in driver v1.4.0. Remove after two stable releases
+	asyncConnect := false
+	if cfg[asyncConnectKey] != "" {
+		if asyncConnect, err = strconv.ParseBool(cfg[asyncConnectKey]); err != nil {
+			return config, err
+		}
+	}
+
+	subSecondPrecision := false
+	if cfg[subSecondPrecisionKey] != "" {
+		if subSecondPrecision, err = strconv.ParseBool(cfg[subSecondPrecisionKey]); err != nil {
+			return config, err
+		}
+	}
+
+	requestAck := false
+	if cfg[requestAckKey] != "" {
+		if requestAck, err = strconv.ParseBool(cfg[requestAckKey]); err != nil {
+			return config, err
+		}
+	}
+
+	config = fluent.Config{
+		FluentPort:         loc.port,
+		FluentHost:         loc.host,
+		FluentNetwork:      loc.protocol,
+		FluentSocketPath:   loc.path,
+		BufferLimit:        bufferLimit,
+		RetryWait:          retryWait,
+		MaxRetry:           maxRetries,
+		Async:              async,
+		AsyncConnect:       asyncConnect,
+		SubSecondPrecision: subSecondPrecision,
+		RequestAck:         requestAck,
+		ForceStopAsyncSend: async || asyncConnect,
+	}
+
+	return config, nil
+}
+
 func parseAddress(address string) (*location, error) {
 	if address == "" {
 		return &location{
diff --git a/daemon/logger/gcplogs/gcplogging.go b/daemon/logger/gcplogs/gcplogging.go
index 1699f67a2d5be..4d1e74152f91b 100644
--- a/daemon/logger/gcplogs/gcplogging.go
+++ b/daemon/logger/gcplogs/gcplogging.go
@@ -18,14 +18,15 @@ import (
 const (
 	name = "gcplogs"
 
-	projectOptKey  = "gcp-project"
-	logLabelsKey   = "labels"
-	logEnvKey      = "env"
-	logEnvRegexKey = "env-regex"
-	logCmdKey      = "gcp-log-cmd"
-	logZoneKey     = "gcp-meta-zone"
-	logNameKey     = "gcp-meta-name"
-	logIDKey       = "gcp-meta-id"
+	projectOptKey     = "gcp-project"
+	logLabelsKey      = "labels"
+	logLabelsRegexKey = "labels-regex"
+	logEnvKey         = "env"
+	logEnvRegexKey    = "env-regex"
+	logCmdKey         = "gcp-log-cmd"
+	logZoneKey        = "gcp-meta-zone"
+	logNameKey        = "gcp-meta-name"
+	logIDKey          = "gcp-meta-id"
 )
 
 var (
@@ -53,6 +54,7 @@ func init() {
 }
 
 type gcplogs struct {
+	client    *logging.Client
 	logger    *logging.Logger
 	instance  *instanceInfo
 	container *containerInfo
@@ -169,6 +171,7 @@ func New(info logger.Info) (logger.Logger, error) {
 	}
 
 	l := &gcplogs{
+		client: c,
 		logger: lg,
 		container: &containerInfo{
 			Name:      info.ContainerName,
@@ -210,7 +213,7 @@ func New(info logger.Info) (logger.Logger, error) {
 func ValidateLogOpts(cfg map[string]string) error {
 	for k := range cfg {
 		switch k {
-		case projectOptKey, logLabelsKey, logEnvKey, logEnvRegexKey, logCmdKey, logZoneKey, logNameKey, logIDKey:
+		case projectOptKey, logLabelsKey, logLabelsRegexKey, logEnvKey, logEnvRegexKey, logCmdKey, logZoneKey, logNameKey, logIDKey:
 		default:
 			return fmt.Errorf("%q is not a valid option for the gcplogs driver", k)
 		}
@@ -236,7 +239,7 @@ func (l *gcplogs) Log(m *logger.Message) error {
 
 func (l *gcplogs) Close() error {
 	l.logger.Flush()
-	return nil
+	return l.client.Close()
 }
 
 func (l *gcplogs) Name() string {
diff --git a/daemon/logger/gcplogs/gcplogging_linux.go b/daemon/logger/gcplogs/gcplogging_linux.go
index 27f8ef32f5cd8..1c2160c41c5f5 100644
--- a/daemon/logger/gcplogs/gcplogging_linux.go
+++ b/daemon/logger/gcplogs/gcplogging_linux.go
@@ -11,17 +11,15 @@ import (
 // ensureHomeIfIAmStatic ensure $HOME to be set if dockerversion.IAmStatic is "true".
 // See issue #29344: gcplogs segfaults (static binary)
 // If HOME is not set, logging.NewClient() will call os/user.Current() via oauth2/google.
-// However, in static binary, os/user.Current() leads to segfault due to a glibc issue that won't be fixed
-// in a short term. (golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341)
+// If compiling statically, make sure osusergo build tag is also used to prevent a segfault
+// due to a glibc issue that won't be fixed in a short term
+// (see golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341).
 // So we forcibly set HOME so as to avoid call to os/user/Current()
 func ensureHomeIfIAmStatic() error {
-	// Note: dockerversion.IAmStatic and homedir.GetStatic() is only available for linux.
+	// Note: dockerversion.IAmStatic is only available for linux.
 	// So we need to use them in this gcplogging_linux.go rather than in gcplogging.go
 	if dockerversion.IAmStatic == "true" && os.Getenv("HOME") == "" {
-		home, err := homedir.GetStatic()
-		if err != nil {
-			return err
-		}
+		home := homedir.Get()
 		logrus.Warnf("gcplogs requires HOME to be set for static daemon binary. Forcibly setting HOME to %s.", home)
 		os.Setenv("HOME", home)
 	}
diff --git a/daemon/logger/gcplogs/gcplogging_others.go b/daemon/logger/gcplogs/gcplogging_others.go
index 10a2cdc8cd7cb..55f43b0c0c712 100644
--- a/daemon/logger/gcplogs/gcplogging_others.go
+++ b/daemon/logger/gcplogs/gcplogging_others.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package gcplogs // import "github.com/docker/docker/daemon/logger/gcplogs"
diff --git a/daemon/logger/gelf/gelf.go b/daemon/logger/gelf/gelf.go
index e9c860406a641..5492e5a4cebe8 100644
--- a/daemon/logger/gelf/gelf.go
+++ b/daemon/logger/gelf/gelf.go
@@ -166,6 +166,10 @@ func newGELFUDPWriter(address string, info logger.Info) (gelf.Writer, error) {
 }
 
 func (s *gelfLogger) Log(msg *logger.Message) error {
+	if len(msg.Line) == 0 {
+		return nil
+	}
+
 	level := gelf.LOG_INFO
 	if msg.Source == "stderr" {
 		level = gelf.LOG_ERR
@@ -207,6 +211,7 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case "gelf-address":
 		case "tag":
 		case "labels":
+		case "labels-regex":
 		case "env":
 		case "env-regex":
 		case "gelf-compression-level":
diff --git a/daemon/logger/gelf/gelf_test.go b/daemon/logger/gelf/gelf_test.go
index 3610bc6d3ac60..2b6e5f0f82563 100644
--- a/daemon/logger/gelf/gelf_test.go
+++ b/daemon/logger/gelf/gelf_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package gelf // import "github.com/docker/docker/daemon/logger/gelf"
@@ -98,6 +99,7 @@ func TestUDPValidateLogOpt(t *testing.T) {
 		"gelf-address":           "udp://127.0.0.1:12201",
 		"tag":                    "testtag",
 		"labels":                 "testlabel",
+		"labels-regex":           "testlabel-regex",
 		"env":                    "testenv",
 		"env-regex":              "testenv-regex",
 		"gelf-compression-level": "9",
diff --git a/daemon/logger/journald/journald.go b/daemon/logger/journald/journald.go
index 113ed585c9964..e809ca722c121 100644
--- a/daemon/logger/journald/journald.go
+++ b/daemon/logger/journald/journald.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 // Package journald provides the log driver for forwarding server logs
@@ -6,10 +7,11 @@ package journald // import "github.com/docker/docker/daemon/logger/journald"
 
 import (
 	"fmt"
+	"strconv"
 	"sync"
 	"unicode"
 
-	"github.com/coreos/go-systemd/journal"
+	"github.com/coreos/go-systemd/v22/journal"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/sirupsen/logrus"
@@ -18,10 +20,9 @@ import (
 const name = "journald"
 
 type journald struct {
-	mu      sync.Mutex
+	mu      sync.Mutex        //nolint:structcheck,unused
 	vars    map[string]string // additional variables and values to send to the journal along with the log message
 	readers map[*logger.LogWatcher]struct{}
-	closed  bool
 }
 
 func init() {
@@ -71,6 +72,7 @@ func New(info logger.Info) (logger.Logger, error) {
 		"CONTAINER_ID_FULL": info.ContainerID,
 		"CONTAINER_NAME":    info.Name(),
 		"CONTAINER_TAG":     tag,
+		"IMAGE_NAME":        info.ImageName(),
 		"SYSLOG_IDENTIFIER": tag,
 	}
 	extraAttrs, err := info.ExtraAttributes(sanitizeKeyMod)
@@ -89,6 +91,7 @@ func validateLogOpt(cfg map[string]string) error {
 	for key := range cfg {
 		switch key {
 		case "labels":
+		case "labels-regex":
 		case "env":
 		case "env-regex":
 		case "tag":
@@ -105,7 +108,12 @@ func (s *journald) Log(msg *logger.Message) error {
 		vars[k] = v
 	}
 	if msg.PLogMetaData != nil {
-		vars["CONTAINER_PARTIAL_MESSAGE"] = "true"
+		vars["CONTAINER_PARTIAL_ID"] = msg.PLogMetaData.ID
+		vars["CONTAINER_PARTIAL_ORDINAL"] = strconv.Itoa(msg.PLogMetaData.Ordinal)
+		vars["CONTAINER_PARTIAL_LAST"] = strconv.FormatBool(msg.PLogMetaData.Last)
+		if !msg.PLogMetaData.Last {
+			vars["CONTAINER_PARTIAL_MESSAGE"] = "true"
+		}
 	}
 
 	line := string(msg.Line)
diff --git a/daemon/logger/journald/journald_test.go b/daemon/logger/journald/journald_test.go
index bd7bf7a3b382f..385e1db93df71 100644
--- a/daemon/logger/journald/journald_test.go
+++ b/daemon/logger/journald/journald_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package journald // import "github.com/docker/docker/daemon/logger/journald"
diff --git a/daemon/logger/journald/journald_unsupported.go b/daemon/logger/journald/journald_unsupported.go
index 7899fc1214792..2dddc9e05387b 100644
--- a/daemon/logger/journald/journald_unsupported.go
+++ b/daemon/logger/journald/journald_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package journald // import "github.com/docker/docker/daemon/logger/journald"
diff --git a/daemon/logger/journald/read.go b/daemon/logger/journald/read.go
index 4bddfd5781c7d..5a43ecf4ac393 100644
--- a/daemon/logger/journald/read.go
+++ b/daemon/logger/journald/read.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo && !static_build && journald
 // +build linux,cgo,!static_build,journald
 
 package journald // import "github.com/docker/docker/daemon/logger/journald"
@@ -101,61 +102,15 @@ package journald // import "github.com/docker/docker/daemon/logger/journald"
 //	}
 //	return rc;
 //}
-//static int wait_for_data_cancelable(sd_journal *j, int pipefd)
-//{
-//	struct pollfd fds[2];
-//	uint64_t when = 0;
-//	int timeout, jevents, i;
-//	struct timespec ts;
-//	uint64_t now;
-//
-//	memset(&fds, 0, sizeof(fds));
-//	fds[0].fd = pipefd;
-//	fds[0].events = POLLHUP;
-//	fds[1].fd = sd_journal_get_fd(j);
-//	if (fds[1].fd < 0) {
-//		return fds[1].fd;
-//	}
-//
-//	do {
-//		jevents = sd_journal_get_events(j);
-//		if (jevents < 0) {
-//			return jevents;
-//		}
-//		fds[1].events = jevents;
-//		sd_journal_get_timeout(j, &when);
-//		if (when == -1) {
-//			timeout = -1;
-//		} else {
-//			clock_gettime(CLOCK_MONOTONIC, &ts);
-//			now = (uint64_t) ts.tv_sec * 1000000 + ts.tv_nsec / 1000;
-//			timeout = when > now ? (int) ((when - now + 999) / 1000) : 0;
-//		}
-//		i = poll(fds, 2, timeout);
-//		if ((i == -1) && (errno != EINTR)) {
-//			/* An unexpected error. */
-//			return (errno != 0) ? -errno : -EINTR;
-//		}
-//		if (fds[0].revents & POLLHUP) {
-//			/* The close notification pipe was closed. */
-//			return 0;
-//		}
-//		if (sd_journal_process(j) == SD_JOURNAL_APPEND) {
-//			/* Data, which we might care about, was appended. */
-//			return 1;
-//		}
-//	} while ((fds[0].revents & POLLHUP) == 0);
-//	return 0;
-//}
 import "C"
 
 import (
-	"fmt"
+	"errors"
 	"strings"
 	"time"
 	"unsafe"
 
-	"github.com/coreos/go-systemd/journal"
+	"github.com/coreos/go-systemd/v22/journal"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/sirupsen/logrus"
@@ -163,22 +118,29 @@ import (
 
 func (s *journald) Close() error {
 	s.mu.Lock()
-	s.closed = true
 	for r := range s.readers {
 		r.ProducerGone()
 		delete(s.readers, r)
-
 	}
 	s.mu.Unlock()
 	return nil
 }
 
-func (s *journald) drainJournal(logWatcher *logger.LogWatcher, j *C.sd_journal, oldCursor *C.char, untilUnixMicro uint64) (*C.char, bool) {
-	var msg, data, cursor *C.char
-	var length C.size_t
-	var stamp C.uint64_t
-	var priority, partial C.int
-	var done bool
+// CErr converts error code returned from a sd_journal_* function
+// (which returns -errno) to a string
+func CErr(ret C.int) string {
+	return C.GoString(C.strerror(-ret))
+}
+
+func (s *journald) drainJournal(logWatcher *logger.LogWatcher, j *C.sd_journal, oldCursor *C.char, untilUnixMicro uint64) (*C.char, bool, int) {
+	var (
+		msg, data, cursor *C.char
+		length            C.size_t
+		stamp             C.uint64_t
+		priority, partial C.int
+		done              bool
+		shown             int
+	)
 
 	// Walk the journal from here forward until we run out of new entries
 	// or we reach the until value (if provided).
@@ -216,12 +178,12 @@ drain:
 			// the stream that we would have
 			// assigned that value.
 			source := ""
-			if C.get_priority(j, &priority) != 0 {
-				source = ""
-			} else if priority == C.int(journal.PriErr) {
-				source = "stderr"
-			} else if priority == C.int(journal.PriInfo) {
-				source = "stdout"
+			if C.get_priority(j, &priority) == 0 {
+				if priority == C.int(journal.PriErr) {
+					source = "stderr"
+				} else if priority == C.int(journal.PriInfo) {
+					source = "stdout"
+				}
 			}
 			// Retrieve the values of any variables we're adding to the journal.
 			var attrs []backend.LogAttr
@@ -230,12 +192,29 @@ drain:
 				kv := strings.SplitN(C.GoStringN(data, C.int(length)), "=", 2)
 				attrs = append(attrs, backend.LogAttr{Key: kv[0], Value: kv[1]})
 			}
-			// Send the log message.
-			logWatcher.Msg <- &logger.Message{
+
+			// Send the log message, unless the consumer is gone
+			select {
+			case <-logWatcher.WatchConsumerGone():
+				done = true // we won't be able to write anything anymore
+				break drain
+			case logWatcher.Msg <- &logger.Message{
 				Line:      line,
 				Source:    source,
 				Timestamp: timestamp.In(time.UTC),
 				Attrs:     attrs,
+			}:
+				shown++
+			}
+			// Call sd_journal_process() periodically during the processing loop
+			// to close any opened file descriptors for rotated (deleted) journal files.
+			if shown%1024 == 0 {
+				if ret := C.sd_journal_process(j); ret < 0 {
+					// log a warning but ignore it for now
+					logrus.WithField("container", s.vars["CONTAINER_ID_FULL"]).
+						WithField("error", CErr(ret)).
+						Warn("journald: error processing journal")
+				}
 			}
 		}
 		// If we're at the end of the journal, we're done (for now).
@@ -250,104 +229,93 @@ drain:
 		// ensure that we won't be freeing an address that's invalid
 		cursor = nil
 	}
-	return cursor, done
+	return cursor, done, shown
 }
 
-func (s *journald) followJournal(logWatcher *logger.LogWatcher, j *C.sd_journal, pfd [2]C.int, cursor *C.char, untilUnixMicro uint64) *C.char {
+func (s *journald) followJournal(logWatcher *logger.LogWatcher, j *C.sd_journal, cursor *C.char, untilUnixMicro uint64) *C.char {
 	s.mu.Lock()
 	s.readers[logWatcher] = struct{}{}
-	if s.closed {
-		// the journald Logger is closed, presumably because the container has been
-		// reset.  So we shouldn't follow, because we'll never be woken up.  But we
-		// should make one more drainJournal call to be sure we've got all the logs.
-		// Close pfd[1] so that one drainJournal happens, then cleanup, then return.
-		C.close(pfd[1])
-	}
 	s.mu.Unlock()
 
-	newCursor := make(chan *C.char)
-
-	go func() {
-		for {
-			// Keep copying journal data out until we're notified to stop
-			// or we hit an error.
-			status := C.wait_for_data_cancelable(j, pfd[0])
-			if status < 0 {
-				cerrstr := C.strerror(C.int(-status))
-				errstr := C.GoString(cerrstr)
-				fmtstr := "error %q while attempting to follow journal for container %q"
-				logrus.Errorf(fmtstr, errstr, s.vars["CONTAINER_ID_FULL"])
-				break
-			}
+	waitTimeout := C.uint64_t(250000) // 0.25s
 
-			var done bool
-			cursor, done = s.drainJournal(logWatcher, j, cursor, untilUnixMicro)
-
-			if status != 1 || done {
-				// We were notified to stop
-				break
+	for {
+		status := C.sd_journal_wait(j, waitTimeout)
+		if status < 0 {
+			logWatcher.Err <- errors.New("error waiting for journal: " + CErr(status))
+			goto cleanup
+		}
+		select {
+		case <-logWatcher.WatchConsumerGone():
+			goto cleanup // won't be able to write anything anymore
+		case <-logWatcher.WatchProducerGone():
+			// container is gone, drain journal
+		default:
+			// container is still alive
+			if status == C.SD_JOURNAL_NOP {
+				// no new data -- keep waiting
+				continue
 			}
 		}
-
-		// Clean up.
-		C.close(pfd[0])
-		s.mu.Lock()
-		delete(s.readers, logWatcher)
-		s.mu.Unlock()
-		close(logWatcher.Msg)
-		newCursor <- cursor
-	}()
-
-	// Wait until we're told to stop.
-	select {
-	case cursor = <-newCursor:
-	case <-logWatcher.WatchConsumerGone():
-		// Notify the other goroutine that its work is done.
-		C.close(pfd[1])
-		cursor = <-newCursor
+		newCursor, done, recv := s.drainJournal(logWatcher, j, cursor, untilUnixMicro)
+		cursor = newCursor
+		if done || (status == C.SD_JOURNAL_NOP && recv == 0) {
+			break
+		}
 	}
 
+cleanup:
+	s.mu.Lock()
+	delete(s.readers, logWatcher)
+	s.mu.Unlock()
+	close(logWatcher.Msg)
 	return cursor
 }
 
 func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadConfig) {
-	var j *C.sd_journal
-	var cmatch, cursor *C.char
-	var stamp C.uint64_t
-	var sinceUnixMicro uint64
-	var untilUnixMicro uint64
-	var pipes [2]C.int
+	var (
+		j              *C.sd_journal
+		cmatch, cursor *C.char
+		stamp          C.uint64_t
+		sinceUnixMicro uint64
+		untilUnixMicro uint64
+	)
 
 	// Get a handle to the journal.
-	rc := C.sd_journal_open(&j, C.int(0))
-	if rc != 0 {
-		logWatcher.Err <- fmt.Errorf("error opening journal")
+	if rc := C.sd_journal_open(&j, C.int(0)); rc != 0 {
+		logWatcher.Err <- errors.New("error opening journal: " + CErr(rc))
 		close(logWatcher.Msg)
 		return
 	}
+	if config.Follow {
+		// Initialize library inotify watches early
+		if rc := C.sd_journal_get_fd(j); rc < 0 {
+			logWatcher.Err <- errors.New("error getting journald fd: " + CErr(rc))
+			close(logWatcher.Msg)
+			return
+		}
+	}
 	// If we end up following the log, we can set the journal context
 	// pointer and the channel pointer to nil so that we won't close them
 	// here, potentially while the goroutine that uses them is still
 	// running.  Otherwise, close them when we return from this function.
 	following := false
-	defer func(pfollowing *bool) {
-		if !*pfollowing {
+	defer func() {
+		if !following {
 			close(logWatcher.Msg)
 		}
 		C.sd_journal_close(j)
-	}(&following)
+	}()
 	// Remove limits on the size of data items that we'll retrieve.
-	rc = C.sd_journal_set_data_threshold(j, C.size_t(0))
-	if rc != 0 {
-		logWatcher.Err <- fmt.Errorf("error setting journal data threshold")
+	if rc := C.sd_journal_set_data_threshold(j, C.size_t(0)); rc != 0 {
+		logWatcher.Err <- errors.New("error setting journal data threshold: " + CErr(rc))
 		return
 	}
 	// Add a match to have the library do the searching for us.
 	cmatch = C.CString("CONTAINER_ID_FULL=" + s.vars["CONTAINER_ID_FULL"])
 	defer C.free(unsafe.Pointer(cmatch))
-	rc = C.sd_journal_add_match(j, unsafe.Pointer(cmatch), C.strlen(cmatch))
-	if rc != 0 {
-		logWatcher.Err <- fmt.Errorf("error setting journal match")
+	if rc := C.sd_journal_add_match(j, unsafe.Pointer(cmatch), C.strlen(cmatch)); rc != 0 {
+		logWatcher.Err <- errors.New("error setting journal match: " + CErr(rc))
 		return
 	}
 	// If we have a cutoff time, convert it to Unix time once.
@@ -360,80 +328,56 @@ func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadCon
 		nano := config.Until.UnixNano()
 		untilUnixMicro = uint64(nano / 1000)
 	}
-	if config.Tail > 0 {
-		lines := config.Tail
+	if config.Tail >= 0 {
 		// If until time provided, start from there.
 		// Otherwise start at the end of the journal.
-		if untilUnixMicro != 0 && C.sd_journal_seek_realtime_usec(j, C.uint64_t(untilUnixMicro)) < 0 {
-			logWatcher.Err <- fmt.Errorf("error seeking provided until value")
-			return
-		} else if C.sd_journal_seek_tail(j) < 0 {
-			logWatcher.Err <- fmt.Errorf("error seeking to end of journal")
-			return
-		}
-		if C.sd_journal_previous(j) < 0 {
-			logWatcher.Err <- fmt.Errorf("error backtracking to previous journal entry")
+		if untilUnixMicro != 0 {
+			if rc := C.sd_journal_seek_realtime_usec(j, C.uint64_t(untilUnixMicro)); rc != 0 {
+				logWatcher.Err <- errors.New("error seeking provided until value: " + CErr(rc))
+				return
+			}
+		} else if rc := C.sd_journal_seek_tail(j); rc != 0 {
+			logWatcher.Err <- errors.New("error seeking to end of journal: " + CErr(rc))
 			return
 		}
-		// Walk backward.
-		for lines > 0 {
-			// Stop if the entry time is before our cutoff.
-			// We'll need the entry time if it isn't, so go
-			// ahead and parse it now.
-			if C.sd_journal_get_realtime_usec(j, &stamp) != 0 {
-				break
-			} else {
-				// Compare the timestamp on the entry to our threshold value.
-				if sinceUnixMicro != 0 && sinceUnixMicro > uint64(stamp) {
-					break
-				}
-			}
-			lines--
-			// If we're at the start of the journal, or
-			// don't need to back up past any more entries,
-			// stop.
-			if lines == 0 || C.sd_journal_previous(j) <= 0 {
-				break
+		// (Try to) skip backwards by the requested number of lines...
+		if C.sd_journal_previous_skip(j, C.uint64_t(config.Tail)) >= 0 {
+			// ...but not before "since"
+			if sinceUnixMicro != 0 &&
+				C.sd_journal_get_realtime_usec(j, &stamp) == 0 &&
+				uint64(stamp) < sinceUnixMicro {
+				C.sd_journal_seek_realtime_usec(j, C.uint64_t(sinceUnixMicro))
 			}
 		}
 	} else {
 		// Start at the beginning of the journal.
-		if C.sd_journal_seek_head(j) < 0 {
-			logWatcher.Err <- fmt.Errorf("error seeking to start of journal")
+		if rc := C.sd_journal_seek_head(j); rc != 0 {
+			logWatcher.Err <- errors.New("error seeking to start of journal: " + CErr(rc))
 			return
 		}
 		// If we have a cutoff date, fast-forward to it.
-		if sinceUnixMicro != 0 && C.sd_journal_seek_realtime_usec(j, C.uint64_t(sinceUnixMicro)) != 0 {
-			logWatcher.Err <- fmt.Errorf("error seeking to start time in journal")
-			return
+		if sinceUnixMicro != 0 {
+			if rc := C.sd_journal_seek_realtime_usec(j, C.uint64_t(sinceUnixMicro)); rc != 0 {
+				logWatcher.Err <- errors.New("error seeking to start time in journal: " + CErr(rc))
+				return
+			}
 		}
-		if C.sd_journal_next(j) < 0 {
-			logWatcher.Err <- fmt.Errorf("error skipping to next journal entry")
+		if rc := C.sd_journal_next(j); rc < 0 {
+			logWatcher.Err <- errors.New("error skipping to next journal entry: " + CErr(rc))
 			return
 		}
 	}
-	cursor, _ = s.drainJournal(logWatcher, j, nil, untilUnixMicro)
+	if config.Tail != 0 { // special case for --tail 0
+		cursor, _, _ = s.drainJournal(logWatcher, j, nil, untilUnixMicro)
+	}
 	if config.Follow {
-		// Allocate a descriptor for following the journal, if we'll
-		// need one.  Do it here so that we can report if it fails.
-		if fd := C.sd_journal_get_fd(j); fd < C.int(0) {
-			logWatcher.Err <- fmt.Errorf("error opening journald follow descriptor: %q", C.GoString(C.strerror(-fd)))
-		} else {
-			// Create a pipe that we can poll at the same time as
-			// the journald descriptor.
-			if C.pipe(&pipes[0]) == C.int(-1) {
-				logWatcher.Err <- fmt.Errorf("error opening journald close notification pipe")
-			} else {
-				cursor = s.followJournal(logWatcher, j, pipes, cursor, untilUnixMicro)
-				// Let followJournal handle freeing the journal context
-				// object and closing the channel.
-				following = true
-			}
-		}
+		cursor = s.followJournal(logWatcher, j, cursor, untilUnixMicro)
+		// Let followJournal handle freeing the journal context
+		// object and closing the channel.
+		following = true
 	}
 
 	C.free(unsafe.Pointer(cursor))
-	return
 }
 
 func (s *journald) ReadLogs(config logger.ReadConfig) *logger.LogWatcher {
diff --git a/daemon/logger/journald/read_native.go b/daemon/logger/journald/read_native.go
index ab68cf4ba7524..ce1de3fbde578 100644
--- a/daemon/logger/journald/read_native.go
+++ b/daemon/logger/journald/read_native.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo && !static_build && journald && !journald_compat
 // +build linux,cgo,!static_build,journald,!journald_compat
 
 package journald // import "github.com/docker/docker/daemon/logger/journald"
diff --git a/daemon/logger/journald/read_native_compat.go b/daemon/logger/journald/read_native_compat.go
index 4806e130ef962..98765911315b0 100644
--- a/daemon/logger/journald/read_native_compat.go
+++ b/daemon/logger/journald/read_native_compat.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo && !static_build && journald && journald_compat
 // +build linux,cgo,!static_build,journald,journald_compat
 
 package journald // import "github.com/docker/docker/daemon/logger/journald"
diff --git a/daemon/logger/journald/read_unsupported.go b/daemon/logger/journald/read_unsupported.go
index a66b666659068..199d7683a6b74 100644
--- a/daemon/logger/journald/read_unsupported.go
+++ b/daemon/logger/journald/read_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux || !cgo || static_build || !journald
 // +build !linux !cgo static_build !journald
 
 package journald // import "github.com/docker/docker/daemon/logger/journald"
diff --git a/daemon/logger/jsonfilelog/jsonfilelog.go b/daemon/logger/jsonfilelog/jsonfilelog.go
index bbb8eeb7ec3a9..e66a6b8266f43 100644
--- a/daemon/logger/jsonfilelog/jsonfilelog.go
+++ b/daemon/logger/jsonfilelog/jsonfilelog.go
@@ -13,7 +13,7 @@ import (
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
 	"github.com/docker/docker/daemon/logger/loggerutils"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -156,6 +156,7 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case "max-size":
 		case "compress":
 		case "labels":
+		case "labels-regex":
 		case "env":
 		case "env-regex":
 		case "tag":
diff --git a/daemon/logger/jsonfilelog/jsonfilelog_test.go b/daemon/logger/jsonfilelog/jsonfilelog_test.go
index 8e66e6455a4b5..3ccf1d1a96995 100644
--- a/daemon/logger/jsonfilelog/jsonfilelog_test.go
+++ b/daemon/logger/jsonfilelog/jsonfilelog_test.go
@@ -5,7 +5,7 @@ import (
 	"compress/gzip"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -15,14 +15,14 @@ import (
 
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
 )
 
 func TestJSONFileLogger(t *testing.T) {
 	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
-	tmp, err := ioutil.TempDir("", "docker-logger-")
+	tmp, err := os.MkdirTemp("", "docker-logger-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -46,7 +46,7 @@ func TestJSONFileLogger(t *testing.T) {
 	if err := l.Log(&logger.Message{Line: []byte("line3"), Source: "src3"}); err != nil {
 		t.Fatal(err)
 	}
-	res, err := ioutil.ReadFile(filename)
+	res, err := os.ReadFile(filename)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -63,7 +63,7 @@ func TestJSONFileLogger(t *testing.T) {
 func TestJSONFileLoggerWithTags(t *testing.T) {
 	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
 	cname := "test-container"
-	tmp, err := ioutil.TempDir("", "docker-logger-")
+	tmp, err := os.MkdirTemp("", "docker-logger-")
 
 	assert.NilError(t, err)
 
@@ -90,7 +90,7 @@ func TestJSONFileLoggerWithTags(t *testing.T) {
 	err = l.Log(&logger.Message{Line: []byte("line3"), Source: "src3"})
 	assert.NilError(t, err)
 
-	res, err := ioutil.ReadFile(filename)
+	res, err := os.ReadFile(filename)
 	assert.NilError(t, err)
 
 	expected := `{"log":"line1\n","stream":"src1","attrs":{"tag":"a7317399f3f8/test-container"},"time":"0001-01-01T00:00:00Z"}
@@ -154,7 +154,7 @@ func BenchmarkJSONFileLoggerLog(b *testing.B) {
 
 func TestJSONFileLoggerWithOpts(t *testing.T) {
 	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
-	tmp, err := ioutil.TempDir("", "docker-logger-")
+	tmp, err := os.MkdirTemp("", "docker-logger-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -176,44 +176,44 @@ func TestJSONFileLoggerWithOpts(t *testing.T) {
 		}
 	}
 
-	res, err := ioutil.ReadFile(filename)
+	res, err := os.ReadFile(filename)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	penUlt, err := ioutil.ReadFile(filename + ".1")
+	penUlt, err := os.ReadFile(filename + ".1")
 	if err != nil {
 		if !os.IsNotExist(err) {
 			t.Fatal(err)
 		}
 
 		file, err := os.Open(filename + ".1.gz")
-		defer file.Close()
 		if err != nil {
 			t.Fatal(err)
 		}
+		defer file.Close()
 		zipReader, err := gzip.NewReader(file)
-		defer zipReader.Close()
 		if err != nil {
 			t.Fatal(err)
 		}
-		penUlt, err = ioutil.ReadAll(zipReader)
+		defer zipReader.Close()
+		penUlt, err = io.ReadAll(zipReader)
 		if err != nil {
 			t.Fatal(err)
 		}
 	}
 
 	file, err := os.Open(filename + ".2.gz")
-	defer file.Close()
 	if err != nil {
 		t.Fatal(err)
 	}
+	defer file.Close()
 	zipReader, err := gzip.NewReader(file)
-	defer zipReader.Close()
 	if err != nil {
 		t.Fatal(err)
 	}
-	antepenult, err := ioutil.ReadAll(zipReader)
+	defer zipReader.Close()
+	antepenult, err := io.ReadAll(zipReader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -271,18 +271,18 @@ func TestJSONFileLoggerWithOpts(t *testing.T) {
 
 func TestJSONFileLoggerWithLabelsEnv(t *testing.T) {
 	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
-	tmp, err := ioutil.TempDir("", "docker-logger-")
+	tmp, err := os.MkdirTemp("", "docker-logger-")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmp)
 	filename := filepath.Join(tmp, "container.log")
-	config := map[string]string{"labels": "rack,dc", "env": "environ,debug,ssl", "env-regex": "^dc"}
+	config := map[string]string{"labels": "rack,dc", "labels-regex": "^loc", "env": "environ,debug,ssl", "env-regex": "^dc"}
 	l, err := New(logger.Info{
 		ContainerID:     cid,
 		LogPath:         filename,
 		Config:          config,
-		ContainerLabels: map[string]string{"rack": "101", "dc": "lhr"},
+		ContainerLabels: map[string]string{"rack": "101", "dc": "lhr", "location": "here"},
 		ContainerEnv:    []string{"environ=production", "debug=false", "port=10001", "ssl=true", "dc_region=west"},
 	})
 	if err != nil {
@@ -292,7 +292,7 @@ func TestJSONFileLoggerWithLabelsEnv(t *testing.T) {
 	if err := l.Log(&logger.Message{Line: []byte("line"), Source: "src1"}); err != nil {
 		t.Fatal(err)
 	}
-	res, err := ioutil.ReadFile(filename)
+	res, err := os.ReadFile(filename)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -308,6 +308,7 @@ func TestJSONFileLoggerWithLabelsEnv(t *testing.T) {
 	expected := map[string]string{
 		"rack":      "101",
 		"dc":        "lhr",
+		"location":  "here",
 		"environ":   "production",
 		"debug":     "false",
 		"ssl":       "true",
diff --git a/daemon/logger/jsonfilelog/jsonlog/jsonlog.go b/daemon/logger/jsonfilelog/jsonlog/jsonlog.go
index 74be8e7da0a19..050900197f04f 100644
--- a/daemon/logger/jsonfilelog/jsonlog/jsonlog.go
+++ b/daemon/logger/jsonfilelog/jsonlog/jsonlog.go
@@ -21,5 +21,7 @@ func (jl *JSONLog) Reset() {
 	jl.Log = ""
 	jl.Stream = ""
 	jl.Created = time.Time{}
-	jl.Attrs = make(map[string]string)
+	for k := range jl.Attrs {
+		delete(jl.Attrs, k)
+	}
 }
diff --git a/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes_test.go b/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes_test.go
index d268db4df0c97..125c2b057635b 100644
--- a/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes_test.go
+++ b/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"
 
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestJSONLogsMarshalJSONBuf(t *testing.T) {
diff --git a/daemon/logger/jsonfilelog/jsonlog/time_marshalling_test.go b/daemon/logger/jsonfilelog/jsonlog/time_marshalling_test.go
index b3959b0467a50..ee2a2709fd177 100644
--- a/daemon/logger/jsonfilelog/jsonlog/time_marshalling_test.go
+++ b/daemon/logger/jsonfilelog/jsonlog/time_marshalling_test.go
@@ -4,8 +4,8 @@ import (
 	"testing"
 	"time"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestFastTimeMarshalJSONWithInvalidYear(t *testing.T) {
diff --git a/daemon/logger/jsonfilelog/read.go b/daemon/logger/jsonfilelog/read.go
index 12f676bb1a31c..5099a0b947b8f 100644
--- a/daemon/logger/jsonfilelog/read.go
+++ b/daemon/logger/jsonfilelog/read.go
@@ -60,35 +60,110 @@ func decodeLogLine(dec *json.Decoder, l *jsonlog.JSONLog) (*logger.Message, erro
 	return msg, nil
 }
 
-// decodeFunc is used to create a decoder for the log file reader
-func decodeFunc(rdr io.Reader) func() (*logger.Message, error) {
-	l := &jsonlog.JSONLog{}
-	dec := json.NewDecoder(rdr)
-	return func() (msg *logger.Message, err error) {
-		for retries := 0; retries < maxJSONDecodeRetry; retries++ {
-			msg, err = decodeLogLine(dec, l)
-			if err == nil || err == io.EOF {
-				break
-			}
+type decoder struct {
+	rdr      io.Reader
+	dec      *json.Decoder
+	jl       *jsonlog.JSONLog
+	maxRetry int
+}
 
-			logrus.WithError(err).WithField("retries", retries).Warn("got error while decoding json")
-			// try again, could be due to a an incomplete json object as we read
-			if _, ok := err.(*json.SyntaxError); ok {
-				dec = json.NewDecoder(rdr)
-				continue
-			}
+func (d *decoder) Reset(rdr io.Reader) {
+	d.rdr = rdr
+	d.dec = nil
+	if d.jl != nil {
+		d.jl.Reset()
+	}
+}
+
+func (d *decoder) Close() {
+	d.dec = nil
+	d.rdr = nil
+	d.jl = nil
+}
+
+func (d *decoder) Decode() (msg *logger.Message, err error) {
+	if d.dec == nil {
+		d.dec = json.NewDecoder(d.rdr)
+	}
+	if d.jl == nil {
+		d.jl = &jsonlog.JSONLog{}
+	}
+	if d.maxRetry == 0 {
+		// We aren't using maxJSONDecodeRetry directly so we can give a custom value for testing.
+		d.maxRetry = maxJSONDecodeRetry
+	}
+	for retries := 0; retries < d.maxRetry; retries++ {
+		msg, err = decodeLogLine(d.dec, d.jl)
+		if err == nil || err == io.EOF {
+			break
+		}
+
+		logrus.WithError(err).WithField("retries", retries).Warn("got error while decoding json")
+		// try again, could be due to a an incomplete json object as we read
+		if _, ok := err.(*json.SyntaxError); ok {
+			d.dec = json.NewDecoder(d.rdr)
+			continue
+		}
+
+		// io.ErrUnexpectedEOF is returned from json.Decoder when there is
+		// remaining data in the parser's buffer while an io.EOF occurs.
+		// If the json logger writes a partial json log entry to the disk
+		// while at the same time the decoder tries to decode it, the race condition happens.
+		if err == io.ErrUnexpectedEOF {
+			d.rdr = combineReaders(d.dec.Buffered(), d.rdr)
+			d.dec = json.NewDecoder(d.rdr)
+			continue
+		}
+	}
+	return msg, err
+}
+
+func combineReaders(pre, rdr io.Reader) io.Reader {
+	return &combinedReader{pre: pre, rdr: rdr}
+}
+
+// combinedReader is a reader which is like `io.MultiReader` where except it does not cache a full EOF.
+// Once `io.MultiReader` returns EOF, it is always EOF.
+//
+// For this usecase we have an underlying reader which is a file which may reach EOF but have more data written to it later.
+// As such, io.MultiReader does not work for us.
+type combinedReader struct {
+	pre io.Reader
+	rdr io.Reader
+}
 
-			// io.ErrUnexpectedEOF is returned from json.Decoder when there is
-			// remaining data in the parser's buffer while an io.EOF occurs.
-			// If the json logger writes a partial json log entry to the disk
-			// while at the same time the decoder tries to decode it, the race condition happens.
-			if err == io.ErrUnexpectedEOF {
-				reader := io.MultiReader(dec.Buffered(), rdr)
-				dec = json.NewDecoder(reader)
-				continue
+func (r *combinedReader) Read(p []byte) (int, error) {
+	var read int
+	if r.pre != nil {
+		n, err := r.pre.Read(p)
+		if err != nil {
+			if err != io.EOF {
+				return n, err
 			}
+			r.pre = nil
+		}
+		read = n
+	}
+
+	if read < len(p) {
+		n, err := r.rdr.Read(p[read:])
+		if n > 0 {
+			read += n
 		}
-		return msg, err
+		if err != nil {
+			return read, err
+		}
+	}
+
+	return read, nil
+}
+
+// decodeFunc is used to create a decoder for the log file reader
+func decodeFunc(rdr io.Reader) loggerutils.Decoder {
+	return &decoder{
+		rdr: rdr,
+		dec: nil,
+		jl:  nil,
 	}
 }
 
diff --git a/daemon/logger/jsonfilelog/read_test.go b/daemon/logger/jsonfilelog/read_test.go
index cfa8694b19ef9..1f0a295f63bad 100644
--- a/daemon/logger/jsonfilelog/read_test.go
+++ b/daemon/logger/jsonfilelog/read_test.go
@@ -2,13 +2,14 @@ package jsonfilelog // import "github.com/docker/docker/daemon/logger/jsonfilelo
 
 import (
 	"bytes"
+	"encoding/json"
 	"io"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/daemon/logger"
-	"gotest.tools/assert"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/fs"
 )
 
 func BenchmarkJSONFileLoggerReadLogs(b *testing.B) {
@@ -75,19 +76,79 @@ func TestEncodeDecode(t *testing.T) {
 	assert.Assert(t, marshalMessage(m2, nil, buf))
 	assert.Assert(t, marshalMessage(m3, nil, buf))
 
-	decode := decodeFunc(buf)
-	msg, err := decode()
-	assert.Assert(t, err)
+	dec := decodeFunc(buf)
+	defer dec.Close()
+
+	msg, err := dec.Decode()
+	assert.NilError(t, err)
 	assert.Assert(t, string(msg.Line) == "hello 1\n", string(msg.Line))
 
-	msg, err = decode()
-	assert.Assert(t, err)
+	msg, err = dec.Decode()
+	assert.NilError(t, err)
 	assert.Assert(t, string(msg.Line) == "hello 2\n")
 
-	msg, err = decode()
-	assert.Assert(t, err)
+	msg, err = dec.Decode()
+	assert.NilError(t, err)
 	assert.Assert(t, string(msg.Line) == "hello 3\n")
 
-	_, err = decode()
+	_, err = dec.Decode()
 	assert.Assert(t, err == io.EOF)
 }
+
+func TestUnexpectedEOF(t *testing.T) {
+	buf := bytes.NewBuffer(nil)
+	msg1 := &logger.Message{Timestamp: time.Now(), Line: []byte("hello1")}
+	msg2 := &logger.Message{Timestamp: time.Now(), Line: []byte("hello2")}
+
+	err := marshalMessage(msg1, json.RawMessage{}, buf)
+	assert.NilError(t, err)
+	err = marshalMessage(msg2, json.RawMessage{}, buf)
+	assert.NilError(t, err)
+
+	r := &readerWithErr{
+		err:   io.EOF,
+		after: buf.Len() / 4,
+		r:     buf,
+	}
+	dec := &decoder{rdr: r, maxRetry: 1}
+
+	_, err = dec.Decode()
+	assert.Error(t, err, io.ErrUnexpectedEOF.Error())
+	// again just to check
+	_, err = dec.Decode()
+	assert.Error(t, err, io.ErrUnexpectedEOF.Error())
+
+	// reset the error
+	// from here all reads should succeed until we get EOF on the underlying reader
+	r.err = nil
+
+	msg, err := dec.Decode()
+	assert.NilError(t, err)
+	assert.Equal(t, string(msg1.Line)+"\n", string(msg.Line))
+
+	msg, err = dec.Decode()
+	assert.NilError(t, err)
+	assert.Equal(t, string(msg2.Line)+"\n", string(msg.Line))
+
+	_, err = dec.Decode()
+	assert.Error(t, err, io.EOF.Error())
+}
+
+type readerWithErr struct {
+	err   error
+	after int
+	r     io.Reader
+	read  int
+}
+
+func (r *readerWithErr) Read(p []byte) (int, error) {
+	if r.err != nil && r.read > r.after {
+		return 0, r.err
+	}
+
+	n, err := r.r.Read(p[:1])
+	if n > 0 {
+		r.read += n
+	}
+	return n, err
+}
diff --git a/daemon/logger/local/local.go b/daemon/logger/local/local.go
index ba4aa096f7104..f4411d087ab89 100644
--- a/daemon/logger/local/local.go
+++ b/daemon/logger/local/local.go
@@ -12,7 +12,7 @@ import (
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -109,7 +109,7 @@ func makeMarshaller() func(m *logger.Message) ([]byte, error) {
 
 		messageToProto(m, proto, md)
 		protoSize := proto.Size()
-		writeLen := protoSize + (2 * encodeBinaryLen) //+ len(messageDelimiter)
+		writeLen := protoSize + (2 * encodeBinaryLen) // + len(messageDelimiter)
 
 		if writeLen > len(buf) {
 			buf = make([]byte, writeLen)
diff --git a/daemon/logger/local/local_test.go b/daemon/logger/local/local_test.go
index 2da67bc6fb59d..ca313184991d7 100644
--- a/daemon/logger/local/local_test.go
+++ b/daemon/logger/local/local_test.go
@@ -1,40 +1,36 @@
 package local
 
 import (
+	"bytes"
 	"context"
 	"encoding/binary"
-	"io/ioutil"
+	"fmt"
+	"io"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 	"time"
 
-	"bytes"
-	"fmt"
-
-	"strings"
-
-	"io"
-
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/plugins/logdriver"
 	"github.com/docker/docker/daemon/logger"
 	protoio "github.com/gogo/protobuf/io"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestWriteLog(t *testing.T) {
 	t.Parallel()
 
-	dir, err := ioutil.TempDir("", t.Name())
-	assert.Assert(t, err)
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
 
 	logPath := filepath.Join(dir, "test.log")
 
 	l, err := New(logger.Info{LogPath: logPath})
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	defer l.Close()
 
 	m1 := logger.Message{Source: "stdout", Timestamp: time.Now().Add(-1 * 30 * time.Minute), Line: []byte("message 1")}
@@ -43,14 +39,14 @@ func TestWriteLog(t *testing.T) {
 
 	// copy the log message because the underying log writer resets the log message and returns it to a buffer pool
 	err = l.Log(copyLogMessage(&m1))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	err = l.Log(copyLogMessage(&m2))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	err = l.Log(copyLogMessage(&m3))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	f, err := os.Open(logPath)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	defer f.Close()
 	dec := protoio.NewUint32DelimitedReader(f, binary.BigEndian, 1e6)
 
@@ -66,19 +62,19 @@ func TestWriteLog(t *testing.T) {
 	}
 
 	err = dec.ReadMsg(&proto)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	messageToProto(&m1, &testProto, &partial)
 	assert.Check(t, is.DeepEqual(testProto, proto), "expected:\n%+v\ngot:\n%+v", testProto, proto)
 	seekMsgLen()
 
 	err = dec.ReadMsg(&proto)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	messageToProto(&m2, &testProto, &partial)
 	assert.Check(t, is.DeepEqual(testProto, proto))
 	seekMsgLen()
 
 	err = dec.ReadMsg(&proto)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	messageToProto(&m3, &testProto, &partial)
 	assert.Check(t, is.DeepEqual(testProto, proto), "expected:\n%+v\ngot:\n%+v", testProto, proto)
 }
@@ -86,13 +82,13 @@ func TestWriteLog(t *testing.T) {
 func TestReadLog(t *testing.T) {
 	t.Parallel()
 
-	dir, err := ioutil.TempDir("", t.Name())
-	assert.Assert(t, err)
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
 
 	logPath := filepath.Join(dir, "test.log")
 	l, err := New(logger.Info{LogPath: logPath})
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	defer l.Close()
 
 	m1 := logger.Message{Source: "stdout", Timestamp: time.Now().Add(-1 * 30 * time.Minute), Line: []byte("a message")}
@@ -103,13 +99,13 @@ func TestReadLog(t *testing.T) {
 
 	// copy the log message because the underlying log writer resets the log message and returns it to a buffer pool
 	err = l.Log(copyLogMessage(&m1))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	err = l.Log(copyLogMessage(&m2))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	err = l.Log(copyLogMessage(&m3))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	err = l.Log(copyLogMessage(&m4))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	lr := l.(logger.LogReader)
 
@@ -121,12 +117,12 @@ func TestReadLog(t *testing.T) {
 		case <-ctx.Done():
 			assert.Assert(t, ctx.Err())
 		case err := <-lw.Err:
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 		case msg, open := <-lw.Msg:
 			if !open {
 				select {
 				case err := <-lw.Err:
-					assert.Assert(t, err)
+					assert.NilError(t, err)
 				default:
 					assert.Assert(t, m == nil)
 					return
@@ -173,7 +169,7 @@ func TestReadLog(t *testing.T) {
 }
 
 func BenchmarkLogWrite(b *testing.B) {
-	f, err := ioutil.TempFile("", b.Name())
+	f, err := os.CreateTemp("", b.Name())
 	assert.Assert(b, err)
 	defer os.Remove(f.Name())
 	f.Close()
@@ -214,7 +210,8 @@ func copyLogMessage(src *logger.Message) *logger.Message {
 	dst.Err = src.Err
 	dst.Line = append(dst.Line, src.Line...)
 	if src.PLogMetaData != nil {
-		dst.PLogMetaData = &(*src.PLogMetaData)
+		lmd := *src.PLogMetaData
+		dst.PLogMetaData = &lmd
 	}
 	return dst
 }
diff --git a/daemon/logger/local/read.go b/daemon/logger/local/read.go
index a752de2a8d541..b28aa90651bc3 100644
--- a/daemon/logger/local/read.go
+++ b/daemon/logger/local/read.go
@@ -96,51 +96,81 @@ func getTailReader(ctx context.Context, r loggerutils.SizeReaderAt, req int) (io
 	return io.NewSectionReader(r, offset, size), found, nil
 }
 
-func decodeFunc(rdr io.Reader) func() (*logger.Message, error) {
-	proto := &logdriver.LogEntry{}
-	buf := make([]byte, initialBufSize)
-
-	return func() (*logger.Message, error) {
-		var (
-			read int
-			err  error
-		)
-
-		resetProto(proto)
-
-		for i := 0; i < maxDecodeRetry; i++ {
-			var n int
-			n, err = io.ReadFull(rdr, buf[read:encodeBinaryLen])
-			if err != nil {
-				if err != io.ErrUnexpectedEOF {
-					return nil, errors.Wrap(err, "error reading log message length")
-				}
-				read += n
-				continue
+type decoder struct {
+	rdr   io.Reader
+	proto *logdriver.LogEntry
+	buf   []byte
+}
+
+func (d *decoder) Decode() (*logger.Message, error) {
+	if d.proto == nil {
+		d.proto = &logdriver.LogEntry{}
+	} else {
+		resetProto(d.proto)
+	}
+	if d.buf == nil {
+		d.buf = make([]byte, initialBufSize)
+	}
+	var (
+		read int
+		err  error
+	)
+
+	for i := 0; i < maxDecodeRetry; i++ {
+		var n int
+		n, err = io.ReadFull(d.rdr, d.buf[read:encodeBinaryLen])
+		if err != nil {
+			if err != io.ErrUnexpectedEOF {
+				return nil, errors.Wrap(err, "error reading log message length")
 			}
 			read += n
-			break
-		}
-		if err != nil {
-			return nil, errors.Wrapf(err, "could not read log message length: read: %d, expected: %d", read, encodeBinaryLen)
+			continue
 		}
+		read += n
+		break
+	}
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not read log message length: read: %d, expected: %d", read, encodeBinaryLen)
+	}
 
-		msgLen := int(binary.BigEndian.Uint32(buf[:read]))
+	msgLen := int(binary.BigEndian.Uint32(d.buf[:read]))
 
-		if len(buf) < msgLen+encodeBinaryLen {
-			buf = make([]byte, msgLen+encodeBinaryLen)
+	if len(d.buf) < msgLen+encodeBinaryLen {
+		d.buf = make([]byte, msgLen+encodeBinaryLen)
+	} else {
+		if msgLen <= initialBufSize {
+			d.buf = d.buf[:initialBufSize]
 		} else {
-			if msgLen <= initialBufSize {
-				buf = buf[:initialBufSize]
-			} else {
-				buf = buf[:msgLen+encodeBinaryLen]
-			}
+			d.buf = d.buf[:msgLen+encodeBinaryLen]
 		}
+	}
 
-		return decodeLogEntry(rdr, proto, buf, msgLen)
+	return decodeLogEntry(d.rdr, d.proto, d.buf, msgLen)
+}
+
+func (d *decoder) Reset(rdr io.Reader) {
+	d.rdr = rdr
+	if d.proto != nil {
+		resetProto(d.proto)
+	}
+	if d.buf != nil {
+		d.buf = d.buf[:initialBufSize]
 	}
 }
 
+func (d *decoder) Close() {
+	d.buf = d.buf[:0]
+	d.buf = nil
+	if d.proto != nil {
+		resetProto(d.proto)
+	}
+	d.rdr = nil
+}
+
+func decodeFunc(rdr io.Reader) loggerutils.Decoder {
+	return &decoder{rdr: rdr}
+}
+
 func decodeLogEntry(rdr io.Reader, proto *logdriver.LogEntry, buf []byte, msgLen int) (*logger.Message, error) {
 	var (
 		read int
diff --git a/daemon/logger/log_cache_opts.go b/daemon/logger/log_cache_opts.go
new file mode 100644
index 0000000000000..8d09c489edfb0
--- /dev/null
+++ b/daemon/logger/log_cache_opts.go
@@ -0,0 +1,29 @@
+package logger
+
+var externalValidators []LogOptValidator
+
+// RegisterExternalValidator adds the validator to the list of external validators.
+// External validators are used by packages outside this package that need to add their own validation logic.
+// This should only be called on package initialization.
+func RegisterExternalValidator(v LogOptValidator) {
+	externalValidators = append(externalValidators, v)
+}
+
+// AddBuiltinLogOpts updates the list of built-in log opts. This allows other packages to supplement additional log options
+// without having to register an actual log driver. This is used by things that are more proxy log drivers and should
+// not be exposed as a usable log driver to the API.
+// This should only be called on package initialization.
+func AddBuiltinLogOpts(opts map[string]bool) {
+	for k, v := range opts {
+		builtInLogOpts[k] = v
+	}
+}
+
+func validateExternal(cfg map[string]string) error {
+	for _, v := range externalValidators {
+		if err := v(cfg); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/daemon/logger/logentries/logentries.go b/daemon/logger/logentries/logentries.go
index 70a8baf66ee70..013b182d825e6 100644
--- a/daemon/logger/logentries/logentries.go
+++ b/daemon/logger/logentries/logentries.go
@@ -100,6 +100,7 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case "env":
 		case "env-regex":
 		case "labels":
+		case "labels-regex":
 		case "tag":
 		case key:
 		default:
diff --git a/daemon/logger/logger_error.go b/daemon/logger/logger_error.go
new file mode 100644
index 0000000000000..70f4311979c49
--- /dev/null
+++ b/daemon/logger/logger_error.go
@@ -0,0 +1,24 @@
+package logger
+
+import (
+	"github.com/sirupsen/logrus"
+	"golang.org/x/time/rate"
+)
+
+// Rates based on journald defaults of 10,000 messages in 30s.
+// reference: https://www.freedesktop.org/software/systemd/man/journald.conf.html#RateLimitIntervalSec=
+var logErrorLimiter = rate.NewLimiter(333, 333)
+
+// logDriverError logs errors produced by log drivers to the daemon logs. It also increments the logWritesFailedCount
+// metric.
+// Logging to the daemon logs is limited to 333 operations per second at most. If this limit is exceeded, the
+// logWritesFailedCount is still counted, but logging to the daemon logs is omitted in order to prevent disk saturation.
+func logDriverError(loggerName, msgLine string, logErr error) {
+	logWritesFailedCount.Inc(1)
+	if logErrorLimiter.Allow() {
+		logrus.WithError(logErr).
+			WithField("driver", loggerName).
+			WithField("message", msgLine).
+			Errorf("Error writing log message")
+	}
+}
diff --git a/daemon/logger/loggerutils/cache/local_cache.go b/daemon/logger/loggerutils/cache/local_cache.go
new file mode 100644
index 0000000000000..c5e8fc2caced5
--- /dev/null
+++ b/daemon/logger/loggerutils/cache/local_cache.go
@@ -0,0 +1,121 @@
+package cache // import "github.com/docker/docker/daemon/logger/loggerutils/cache"
+
+import (
+	"strconv"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/local"
+	units "github.com/docker/go-units"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	// DriverName is the name of the driver used for local log caching
+	DriverName = local.Name
+
+	cachePrefix      = "cache-"
+	cacheDisabledKey = cachePrefix + "disabled"
+)
+
+var builtInCacheLogOpts = map[string]bool{
+	cacheDisabledKey: true,
+}
+
+// WithLocalCache wraps the passed in logger with a logger caches all writes locally
+// in addition to writing to the passed in logger.
+func WithLocalCache(l logger.Logger, info logger.Info) (logger.Logger, error) {
+	initLogger, err := logger.GetLogDriver(DriverName)
+	if err != nil {
+		return nil, err
+	}
+
+	cacher, err := initLogger(info)
+	if err != nil {
+		return nil, errors.Wrap(err, "error initializing local log cache driver")
+	}
+
+	if container.LogMode(info.Config["mode"]) == container.LogModeUnset || container.LogMode(info.Config["mode"]) == container.LogModeNonBlock {
+		var size int64 = -1
+		if s, exists := info.Config["max-buffer-size"]; exists {
+			size, err = units.RAMInBytes(s)
+			if err != nil {
+				return nil, err
+			}
+		}
+		cacher = logger.NewRingLogger(cacher, info, size)
+	}
+
+	return &loggerWithCache{
+		l:     l,
+		cache: cacher,
+	}, nil
+}
+
+type loggerWithCache struct {
+	l     logger.Logger
+	cache logger.Logger
+}
+
+var _ logger.SizedLogger = &loggerWithCache{}
+
+// BufSize returns the buffer size of the underlying logger.
+// Returns -1 if the logger doesn't match SizedLogger interface.
+func (l *loggerWithCache) BufSize() int {
+	if sl, ok := l.l.(logger.SizedLogger); ok {
+		return sl.BufSize()
+	}
+	return -1
+}
+
+func (l *loggerWithCache) Log(msg *logger.Message) error {
+	// copy the message as the original will be reset once the call to `Log` is complete
+	dup := logger.NewMessage()
+	dumbCopyMessage(dup, msg)
+
+	if err := l.l.Log(msg); err != nil {
+		return err
+	}
+	return l.cache.Log(dup)
+}
+
+func (l *loggerWithCache) Name() string {
+	return l.l.Name()
+}
+
+func (l *loggerWithCache) ReadLogs(config logger.ReadConfig) *logger.LogWatcher {
+	return l.cache.(logger.LogReader).ReadLogs(config)
+}
+
+func (l *loggerWithCache) Close() error {
+	err := l.l.Close()
+	if err := l.cache.Close(); err != nil {
+		logrus.WithError(err).Warn("error while shutting cache logger")
+	}
+	return err
+}
+
+// ShouldUseCache reads the log opts to determine if caching should be enabled
+func ShouldUseCache(cfg map[string]string) bool {
+	if cfg[cacheDisabledKey] == "" {
+		return true
+	}
+	b, err := strconv.ParseBool(cfg[cacheDisabledKey])
+	if err != nil {
+		// This shouldn't happen since the values are validated before hand.
+		return false
+	}
+	return !b
+}
+
+// dumbCopyMessage is a bit of a fake copy but avoids extra allocations which
+// are not necessary for this use case.
+func dumbCopyMessage(dst, src *logger.Message) {
+	dst.Source = src.Source
+	dst.Timestamp = src.Timestamp
+	dst.PLogMetaData = src.PLogMetaData
+	dst.Err = src.Err
+	dst.Attrs = src.Attrs
+	dst.Line = append(dst.Line[:0], src.Line...)
+}
diff --git a/daemon/logger/loggerutils/cache/log_cache_test.go b/daemon/logger/loggerutils/cache/log_cache_test.go
new file mode 100644
index 0000000000000..ef4be26f6f03f
--- /dev/null
+++ b/daemon/logger/loggerutils/cache/log_cache_test.go
@@ -0,0 +1,81 @@
+package cache
+
+import (
+	"context"
+	"testing"
+
+	"time"
+
+	"bytes"
+
+	"github.com/docker/docker/daemon/logger"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
+)
+
+type fakeLogger struct {
+	messages chan logger.Message
+	close    chan struct{}
+}
+
+func (l *fakeLogger) Log(msg *logger.Message) error {
+	select {
+	case l.messages <- *msg:
+	case <-l.close:
+	}
+	logger.PutMessage(msg)
+	return nil
+}
+
+func (l *fakeLogger) Name() string {
+	return "fake"
+}
+
+func (l *fakeLogger) Close() error {
+	close(l.close)
+	return nil
+}
+
+func TestLog(t *testing.T) {
+	cacher := &fakeLogger{make(chan logger.Message), make(chan struct{})}
+	l := &loggerWithCache{
+		l:     &fakeLogger{make(chan logger.Message, 100), make(chan struct{})},
+		cache: cacher,
+	}
+	defer l.Close()
+
+	var messages []logger.Message
+	for i := 0; i < 100; i++ {
+		messages = append(messages, logger.Message{
+			Timestamp: time.Now(),
+			Line:      append(bytes.Repeat([]byte("a"), 100), '\n'),
+		})
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+
+	go func() {
+		for _, msg := range messages {
+			select {
+			case <-ctx.Done():
+				return
+			default:
+			}
+
+			m := logger.NewMessage()
+			dumbCopyMessage(m, &msg)
+			l.Log(m)
+		}
+	}()
+
+	for _, m := range messages {
+		var msg logger.Message
+		select {
+		case <-ctx.Done():
+			t.Fatal("timed out waiting for messages... this is probably a test implementation error")
+		case msg = <-cacher.messages:
+			assert.Assert(t, cmp.DeepEqual(msg, m))
+		}
+	}
+}
diff --git a/daemon/logger/loggerutils/cache/validate.go b/daemon/logger/loggerutils/cache/validate.go
new file mode 100644
index 0000000000000..70bd8810d0443
--- /dev/null
+++ b/daemon/logger/loggerutils/cache/validate.go
@@ -0,0 +1,40 @@
+package cache
+
+import (
+	"strconv"
+
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/local"
+	"github.com/pkg/errors"
+)
+
+func init() {
+	for k, v := range local.LogOptKeys {
+		builtInCacheLogOpts[cachePrefix+k] = v
+	}
+	logger.AddBuiltinLogOpts(builtInCacheLogOpts)
+	logger.RegisterExternalValidator(validateLogCacheOpts)
+}
+
+func validateLogCacheOpts(cfg map[string]string) error {
+	if v := cfg[cacheDisabledKey]; v != "" {
+		_, err := strconv.ParseBool(v)
+		if err != nil {
+			return errors.Errorf("invalid value for option %s: %s", cacheDisabledKey, cfg[cacheDisabledKey])
+		}
+	}
+	return nil
+}
+
+// MergeDefaultLogConfig reads the default log opts and makes sure that any caching related keys that exist there are
+// added to dst.
+func MergeDefaultLogConfig(dst, defaults map[string]string) {
+	for k, v := range defaults {
+		if !builtInCacheLogOpts[k] {
+			continue
+		}
+		if _, exists := dst[k]; !exists {
+			dst[k] = v
+		}
+	}
+}
diff --git a/daemon/logger/loggerutils/file_unix.go b/daemon/logger/loggerutils/file_unix.go
new file mode 100644
index 0000000000000..1d2553c2800ed
--- /dev/null
+++ b/daemon/logger/loggerutils/file_unix.go
@@ -0,0 +1,14 @@
+//go:build !windows
+// +build !windows
+
+package loggerutils
+
+import "os"
+
+func openFile(name string, flag int, perm os.FileMode) (*os.File, error) {
+	return os.OpenFile(name, flag, perm)
+}
+
+func open(name string) (*os.File, error) {
+	return os.Open(name)
+}
diff --git a/daemon/logger/loggerutils/file_windows.go b/daemon/logger/loggerutils/file_windows.go
new file mode 100644
index 0000000000000..b16bf01d70b5d
--- /dev/null
+++ b/daemon/logger/loggerutils/file_windows.go
@@ -0,0 +1,226 @@
+package loggerutils
+
+import (
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+func open(name string) (*os.File, error) {
+	return openFile(name, os.O_RDONLY, 0)
+}
+
+func openFile(name string, flag int, perm os.FileMode) (*os.File, error) {
+	if name == "" {
+		return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT}
+	}
+	h, err := syscallOpen(fixLongPath(name), flag|syscall.O_CLOEXEC, syscallMode(perm))
+	if err != nil {
+		return nil, &os.PathError{Op: "open", Path: name, Err: err}
+	}
+	return os.NewFile(uintptr(h), name), nil
+}
+
+// syscallOpen is copied from syscall.Open but is modified to
+// always open a file with FILE_SHARE_DELETE
+func syscallOpen(path string, mode int, perm uint32) (fd syscall.Handle, err error) {
+	if len(path) == 0 {
+		return syscall.InvalidHandle, syscall.ERROR_FILE_NOT_FOUND
+	}
+
+	pathp, err := syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return syscall.InvalidHandle, err
+	}
+	var access uint32
+	switch mode & (syscall.O_RDONLY | syscall.O_WRONLY | syscall.O_RDWR) {
+	case syscall.O_RDONLY:
+		access = syscall.GENERIC_READ
+	case syscall.O_WRONLY:
+		access = syscall.GENERIC_WRITE
+	case syscall.O_RDWR:
+		access = syscall.GENERIC_READ | syscall.GENERIC_WRITE
+	}
+	if mode&syscall.O_CREAT != 0 {
+		access |= syscall.GENERIC_WRITE
+	}
+	if mode&syscall.O_APPEND != 0 {
+		access &^= syscall.GENERIC_WRITE
+		access |= syscall.FILE_APPEND_DATA
+	}
+	sharemode := uint32(syscall.FILE_SHARE_READ | syscall.FILE_SHARE_WRITE | syscall.FILE_SHARE_DELETE)
+	var sa *syscall.SecurityAttributes
+	if mode&syscall.O_CLOEXEC == 0 {
+		sa = makeInheritSa()
+	}
+	var createmode uint32
+	switch {
+	case mode&(syscall.O_CREAT|syscall.O_EXCL) == (syscall.O_CREAT | syscall.O_EXCL):
+		createmode = syscall.CREATE_NEW
+	case mode&(syscall.O_CREAT|syscall.O_TRUNC) == (syscall.O_CREAT | syscall.O_TRUNC):
+		createmode = syscall.CREATE_ALWAYS
+	case mode&syscall.O_CREAT == syscall.O_CREAT:
+		createmode = syscall.OPEN_ALWAYS
+	case mode&syscall.O_TRUNC == syscall.O_TRUNC:
+		createmode = syscall.TRUNCATE_EXISTING
+	default:
+		createmode = syscall.OPEN_EXISTING
+	}
+	h, e := syscall.CreateFile(pathp, access, sharemode, sa, createmode, syscall.FILE_ATTRIBUTE_NORMAL, 0)
+	return h, e
+}
+
+func makeInheritSa() *syscall.SecurityAttributes {
+	var sa syscall.SecurityAttributes
+	sa.Length = uint32(unsafe.Sizeof(sa))
+	sa.InheritHandle = 1
+	return &sa
+}
+
+// fixLongPath returns the extended-length (\\?\-prefixed) form of
+// path when needed, in order to avoid the default 260 character file
+// path limit imposed by Windows. If path is not easily converted to
+// the extended-length form (for example, if path is a relative path
+// or contains .. elements), or is short enough, fixLongPath returns
+// path unmodified.
+//
+// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath
+//
+// Copied from os.OpenFile
+func fixLongPath(path string) string {
+	// Do nothing (and don't allocate) if the path is "short".
+	// Empirically (at least on the Windows Server 2013 builder),
+	// the kernel is arbitrarily okay with < 248 bytes. That
+	// matches what the docs above say:
+	// "When using an API to create a directory, the specified
+	// path cannot be so long that you cannot append an 8.3 file
+	// name (that is, the directory name cannot exceed MAX_PATH
+	// minus 12)." Since MAX_PATH is 260, 260 - 12 = 248.
+	//
+	// The MSDN docs appear to say that a normal path that is 248 bytes long
+	// will work; empirically the path must be less then 248 bytes long.
+	if len(path) < 248 {
+		// Don't fix. (This is how Go 1.7 and earlier worked,
+		// not automatically generating the \\?\ form)
+		return path
+	}
+
+	// The extended form begins with \\?\, as in
+	// \\?\c:\windows\foo.txt or \\?\UNC\server\share\foo.txt.
+	// The extended form disables evaluation of . and .. path
+	// elements and disables the interpretation of / as equivalent
+	// to \. The conversion here rewrites / to \ and elides
+	// . elements as well as trailing or duplicate separators. For
+	// simplicity it avoids the conversion entirely for relative
+	// paths or paths containing .. elements. For now,
+	// \\server\share paths are not converted to
+	// \\?\UNC\server\share paths because the rules for doing so
+	// are less well-specified.
+	if len(path) >= 2 && path[:2] == `\\` {
+		// Don't canonicalize UNC paths.
+		return path
+	}
+	if !isAbs(path) {
+		// Relative path
+		return path
+	}
+
+	const prefix = `\\?`
+
+	pathbuf := make([]byte, len(prefix)+len(path)+len(`\`))
+	copy(pathbuf, prefix)
+	n := len(path)
+	r, w := 0, len(prefix)
+	for r < n {
+		switch {
+		case os.IsPathSeparator(path[r]):
+			// empty block
+			r++
+		case path[r] == '.' && (r+1 == n || os.IsPathSeparator(path[r+1])):
+			// /./
+			r++
+		case r+1 < n && path[r] == '.' && path[r+1] == '.' && (r+2 == n || os.IsPathSeparator(path[r+2])):
+			// /../ is currently unhandled
+			return path
+		default:
+			pathbuf[w] = '\\'
+			w++
+			for ; r < n && !os.IsPathSeparator(path[r]); r++ {
+				pathbuf[w] = path[r]
+				w++
+			}
+		}
+	}
+	// A drive's root directory needs a trailing \
+	if w == len(`\\?\c:`) {
+		pathbuf[w] = '\\'
+		w++
+	}
+	return string(pathbuf[:w])
+}
+
+// copied from os package for os.OpenFile
+func syscallMode(i os.FileMode) (o uint32) {
+	o |= uint32(i.Perm())
+	if i&os.ModeSetuid != 0 {
+		o |= syscall.S_ISUID
+	}
+	if i&os.ModeSetgid != 0 {
+		o |= syscall.S_ISGID
+	}
+	if i&os.ModeSticky != 0 {
+		o |= syscall.S_ISVTX
+	}
+	// No mapping for Go's ModeTemporary (plan9 only).
+	return
+}
+
+func isAbs(path string) (b bool) {
+	v := volumeName(path)
+	if v == "" {
+		return false
+	}
+	path = path[len(v):]
+	if path == "" {
+		return false
+	}
+	return os.IsPathSeparator(path[0])
+}
+
+func volumeName(path string) (v string) {
+	if len(path) < 2 {
+		return ""
+	}
+	// with drive letter
+	c := path[0]
+	if path[1] == ':' &&
+		('0' <= c && c <= '9' || 'a' <= c && c <= 'z' ||
+			'A' <= c && c <= 'Z') {
+		return path[:2]
+	}
+	// is it UNC
+	if l := len(path); l >= 5 && os.IsPathSeparator(path[0]) && os.IsPathSeparator(path[1]) &&
+		!os.IsPathSeparator(path[2]) && path[2] != '.' {
+		// first, leading `\\` and next shouldn't be `\`. its server name.
+		for n := 3; n < l-1; n++ {
+			// second, next '\' shouldn't be repeated.
+			if os.IsPathSeparator(path[n]) {
+				n++
+				// third, following something characters. its share name.
+				if !os.IsPathSeparator(path[n]) {
+					if path[n] == '.' {
+						break
+					}
+					for ; n < l; n++ {
+						if os.IsPathSeparator(path[n]) {
+							break
+						}
+					}
+					return path[:n]
+				}
+				break
+			}
+		}
+	}
+	return ""
+}
diff --git a/daemon/logger/loggerutils/file_windows_test.go b/daemon/logger/loggerutils/file_windows_test.go
new file mode 100644
index 0000000000000..9978c942194da
--- /dev/null
+++ b/daemon/logger/loggerutils/file_windows_test.go
@@ -0,0 +1,33 @@
+package loggerutils
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestOpenFileDelete(t *testing.T) {
+	tmpDir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmpDir)
+
+	f, err := openFile(filepath.Join(tmpDir, "test.txt"), os.O_CREATE|os.O_RDWR, 644)
+	assert.NilError(t, err)
+	defer f.Close()
+
+	assert.NilError(t, os.RemoveAll(f.Name()))
+}
+
+func TestOpenFileRename(t *testing.T) {
+	tmpDir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmpDir)
+
+	f, err := openFile(filepath.Join(tmpDir, "test.txt"), os.O_CREATE|os.O_RDWR, 0644)
+	assert.NilError(t, err)
+	defer f.Close()
+
+	assert.NilError(t, os.Rename(f.Name(), f.Name()+"renamed"))
+}
diff --git a/daemon/logger/loggerutils/logfile.go b/daemon/logger/loggerutils/logfile.go
index fa45154ec9765..6b42d9dd30d72 100644
--- a/daemon/logger/loggerutils/logfile.go
+++ b/daemon/logger/loggerutils/logfile.go
@@ -68,7 +68,7 @@ func (rc *refCounter) Dereference(fileName string) error {
 	if rc.counter[fileName] <= 0 {
 		delete(rc.counter, fileName)
 		err := os.Remove(fileName)
-		if err != nil {
+		if err != nil && !os.IsNotExist(err) {
 			return err
 		}
 	}
@@ -87,14 +87,27 @@ type LogFile struct {
 	compress        bool       // whether old versions of log files are compressed
 	lastTimestamp   time.Time  // timestamp of the last log
 	filesRefCounter refCounter // keep reference-counted of decompressed files
-	notifyRotate    *pubsub.Publisher
+	notifyReaders   *pubsub.Publisher
 	marshal         logger.MarshalFunc
-	createDecoder   makeDecoderFunc
+	createDecoder   MakeDecoderFn
 	getTailReader   GetTailReaderFunc
 	perms           os.FileMode
 }
 
-type makeDecoderFunc func(rdr io.Reader) func() (*logger.Message, error)
+// MakeDecoderFn creates a decoder
+type MakeDecoderFn func(rdr io.Reader) Decoder
+
+// Decoder is for reading logs
+// It is created by the log reader by calling the `MakeDecoderFunc`
+type Decoder interface {
+	// Reset resets the decoder
+	// Reset is called for certain events, such as log rotations
+	Reset(io.Reader)
+	// Decode decodes the next log messeage from the stream
+	Decode() (*logger.Message, error)
+	// Close signals to the decoder that it can release whatever resources it was using.
+	Close()
+}
 
 // SizeReaderAt defines a ReaderAt that also reports its size.
 // This is used for tailing log files.
@@ -110,13 +123,13 @@ type SizeReaderAt interface {
 type GetTailReaderFunc func(ctx context.Context, f SizeReaderAt, nLogLines int) (rdr io.Reader, nLines int, err error)
 
 // NewLogFile creates new LogFile
-func NewLogFile(logPath string, capacity int64, maxFiles int, compress bool, marshaller logger.MarshalFunc, decodeFunc makeDecoderFunc, perms os.FileMode, getTailReader GetTailReaderFunc) (*LogFile, error) {
-	log, err := os.OpenFile(logPath, os.O_WRONLY|os.O_APPEND|os.O_CREATE, perms)
+func NewLogFile(logPath string, capacity int64, maxFiles int, compress bool, marshaller logger.MarshalFunc, decodeFunc MakeDecoderFn, perms os.FileMode, getTailReader GetTailReaderFunc) (*LogFile, error) {
+	log, err := openFile(logPath, os.O_WRONLY|os.O_APPEND|os.O_CREATE, perms)
 	if err != nil {
 		return nil, err
 	}
 
-	size, err := log.Seek(0, os.SEEK_END)
+	size, err := log.Seek(0, io.SeekEnd)
 	if err != nil {
 		return nil, err
 	}
@@ -128,7 +141,7 @@ func NewLogFile(logPath string, capacity int64, maxFiles int, compress bool, mar
 		maxFiles:        maxFiles,
 		compress:        compress,
 		filesRefCounter: refCounter{counter: make(map[string]int)},
-		notifyRotate:    pubsub.NewPublisher(0, 1),
+		notifyReaders:   pubsub.NewPublisher(0, 1),
 		marshal:         marshaller,
 		createDecoder:   decodeFunc,
 		perms:           perms,
@@ -154,7 +167,7 @@ func (w *LogFile) WriteLogEntry(msg *logger.Message) error {
 
 	if err := w.checkCapacityAndRotate(); err != nil {
 		w.mu.Unlock()
-		return err
+		return errors.Wrap(err, "error rotating log file")
 	}
 
 	n, err := w.f.Write(b)
@@ -162,46 +175,77 @@ func (w *LogFile) WriteLogEntry(msg *logger.Message) error {
 		w.currentSize += int64(n)
 		w.lastTimestamp = msg.Timestamp
 	}
+
 	w.mu.Unlock()
-	return err
+	return errors.Wrap(err, "error writing log entry")
 }
 
-func (w *LogFile) checkCapacityAndRotate() error {
+func (w *LogFile) checkCapacityAndRotate() (retErr error) {
 	if w.capacity == -1 {
 		return nil
 	}
+	if w.currentSize < w.capacity {
+		return nil
+	}
 
-	if w.currentSize >= w.capacity {
-		w.rotateMu.Lock()
-		fname := w.f.Name()
-		if err := w.f.Close(); err != nil {
+	w.rotateMu.Lock()
+	noCompress := w.maxFiles <= 1 || !w.compress
+	defer func() {
+		// If we aren't going to run the goroutine to compress the log file, then we need to unlock in this function.
+		// Otherwise the lock will be released in the goroutine that handles compression.
+		if retErr != nil || noCompress {
 			w.rotateMu.Unlock()
+		}
+	}()
+
+	fname := w.f.Name()
+	if err := w.f.Close(); err != nil {
+		// if there was an error during a prior rotate, the file could already be closed
+		if !errors.Is(err, os.ErrClosed) {
 			return errors.Wrap(err, "error closing file")
 		}
-		if err := rotate(fname, w.maxFiles, w.compress); err != nil {
-			w.rotateMu.Unlock()
-			return err
+	}
+
+	if err := rotate(fname, w.maxFiles, w.compress); err != nil {
+		logrus.WithError(err).Warn("Error rotating log file, log data may have been lost")
+	} else {
+		var renameErr error
+		for i := 0; i < 10; i++ {
+			if renameErr = os.Rename(fname, fname+".1"); renameErr != nil && !os.IsNotExist(renameErr) {
+				logrus.WithError(renameErr).WithField("file", fname).Debug("Error rotating current container log file, evicting readers and retrying")
+				w.notifyReaders.Publish(renameErr)
+				time.Sleep(100 * time.Millisecond)
+				continue
+			}
+			break
 		}
-		file, err := os.OpenFile(fname, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, w.perms)
-		if err != nil {
-			w.rotateMu.Unlock()
-			return err
+		if renameErr != nil {
+			logrus.WithError(renameErr).Error("Error renaming current log file")
 		}
-		w.f = file
-		w.currentSize = 0
-		w.notifyRotate.Publish(struct{}{})
+	}
 
-		if w.maxFiles <= 1 || !w.compress {
-			w.rotateMu.Unlock()
-			return nil
-		}
+	file, err := openFile(fname, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, w.perms)
+	if err != nil {
+		return err
+	}
+	w.f = file
+	w.currentSize = 0
 
-		go func() {
-			compressFile(fname+".1", w.lastTimestamp)
-			w.rotateMu.Unlock()
-		}()
+	w.notifyReaders.Publish(struct{}{})
+
+	if noCompress {
+		return nil
 	}
 
+	ts := w.lastTimestamp
+
+	go func() {
+		if err := compressFile(fname+".1", ts); err != nil {
+			logrus.WithError(err).Error("Error compressing log file after rotation")
+		}
+		w.rotateMu.Unlock()
+	}()
+
 	return nil
 }
 
@@ -224,48 +268,51 @@ func rotate(name string, maxFiles int, compress bool) error {
 	for i := maxFiles - 1; i > 1; i-- {
 		toPath := name + "." + strconv.Itoa(i) + extension
 		fromPath := name + "." + strconv.Itoa(i-1) + extension
+		logrus.WithField("source", fromPath).WithField("target", toPath).Trace("Rotating log file")
 		if err := os.Rename(fromPath, toPath); err != nil && !os.IsNotExist(err) {
 			return err
 		}
 	}
 
-	if err := os.Rename(name, name+".1"); err != nil && !os.IsNotExist(err) {
-		return err
-	}
-
 	return nil
 }
 
-func compressFile(fileName string, lastTimestamp time.Time) {
-	file, err := os.Open(fileName)
+func compressFile(fileName string, lastTimestamp time.Time) (retErr error) {
+	file, err := open(fileName)
 	if err != nil {
-		logrus.Errorf("Failed to open log file: %v", err)
-		return
+		if os.IsNotExist(err) {
+			logrus.WithField("file", fileName).WithError(err).Debug("Could not open log file to compress")
+			return nil
+		}
+		return errors.Wrap(err, "failed to open log file")
 	}
 	defer func() {
 		file.Close()
-		err := os.Remove(fileName)
-		if err != nil {
-			logrus.Errorf("Failed to remove source log file: %v", err)
+		if retErr == nil {
+			err := os.Remove(fileName)
+			if err != nil && !os.IsNotExist(err) {
+				retErr = errors.Wrap(err, "failed to remove source log file")
+			}
 		}
 	}()
 
-	outFile, err := os.OpenFile(fileName+".gz", os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0640)
+	outFile, err := openFile(fileName+".gz", os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0640)
 	if err != nil {
-		logrus.Errorf("Failed to open or create gzip log file: %v", err)
-		return
+		return errors.Wrap(err, "failed to open or create gzip log file")
 	}
 	defer func() {
 		outFile.Close()
-		if err != nil {
-			os.Remove(fileName + ".gz")
+		if retErr != nil {
+			if err := os.Remove(fileName + ".gz"); err != nil && !os.IsExist(err) {
+				logrus.WithError(err).Error("Error cleaning up after failed log compression")
+			}
 		}
 	}()
 
 	compressWriter := gzip.NewWriter(outFile)
 	defer compressWriter.Close()
 
-	// Add the last log entry timestramp to the gzip header
+	// Add the last log entry timestamp to the gzip header
 	extra := rotateFileMetadata{}
 	extra.LastTime = lastTimestamp
 	compressWriter.Header.Extra, err = json.Marshal(&extra)
@@ -276,9 +323,10 @@ func compressFile(fileName string, lastTimestamp time.Time) {
 
 	_, err = pools.Copy(compressWriter, file)
 	if err != nil {
-		logrus.WithError(err).WithField("module", "container.logs").WithField("file", fileName).Error("Error compressing log file")
-		return
+		return errors.Wrapf(err, "error compressing log file %s", fileName)
 	}
+
+	return nil
 }
 
 // MaxFiles return maximum number of files
@@ -293,7 +341,7 @@ func (w *LogFile) Close() error {
 	if w.closed {
 		return nil
 	}
-	if err := w.f.Close(); err != nil {
+	if err := w.f.Close(); err != nil && !errors.Is(err, os.ErrClosed) {
 		return err
 	}
 	w.closed = true
@@ -306,7 +354,7 @@ func (w *LogFile) Close() error {
 // TODO: Consider a different implementation which can effectively follow logs under frequent rotations.
 func (w *LogFile) ReadLogs(config logger.ReadConfig, watcher *logger.LogWatcher) {
 	w.mu.RLock()
-	currentFile, err := os.Open(w.f.Name())
+	currentFile, err := open(w.f.Name())
 	if err != nil {
 		w.mu.RUnlock()
 		watcher.Err <- err
@@ -314,6 +362,9 @@ func (w *LogFile) ReadLogs(config logger.ReadConfig, watcher *logger.LogWatcher)
 	}
 	defer currentFile.Close()
 
+	dec := w.createDecoder(nil)
+	defer dec.Close()
+
 	currentChunk, err := newSectionReader(currentFile)
 	if err != nil {
 		w.mu.RUnlock()
@@ -321,6 +372,12 @@ func (w *LogFile) ReadLogs(config logger.ReadConfig, watcher *logger.LogWatcher)
 		return
 	}
 
+	notifyEvict := w.notifyReaders.SubscribeTopicWithBuffer(func(i interface{}) bool {
+		_, ok := i.(error)
+		return ok
+	}, 1)
+	defer w.notifyReaders.Evict(notifyEvict)
+
 	if config.Tail != 0 {
 		// TODO(@cpuguy83): Instead of opening every file, only get the files which
 		// are needed to tail.
@@ -339,7 +396,7 @@ func (w *LogFile) ReadLogs(config logger.ReadConfig, watcher *logger.LogWatcher)
 				if strings.HasSuffix(fileName, tmpLogfileSuffix) {
 					err := w.filesRefCounter.Dereference(fileName)
 					if err != nil {
-						logrus.Errorf("Failed to dereference the log file %q: %v", fileName, err)
+						logrus.WithError(err).WithField("file", fileName).Error("Failed to dereference the log file")
 					}
 				}
 			}
@@ -359,9 +416,11 @@ func (w *LogFile) ReadLogs(config logger.ReadConfig, watcher *logger.LogWatcher)
 			readers = append(readers, currentChunk)
 		}
 
-		tailFiles(readers, watcher, w.createDecoder, w.getTailReader, config)
+		ok := tailFiles(readers, watcher, dec, w.getTailReader, config, notifyEvict)
 		closeFiles()
-
+		if !ok {
+			return
+		}
 		w.mu.RLock()
 	}
 
@@ -371,9 +430,13 @@ func (w *LogFile) ReadLogs(config logger.ReadConfig, watcher *logger.LogWatcher)
 	}
 	w.mu.RUnlock()
 
-	notifyRotate := w.notifyRotate.Subscribe()
-	defer w.notifyRotate.Evict(notifyRotate)
-	followLogs(currentFile, watcher, notifyRotate, w.createDecoder, config.Since, config.Until)
+	notifyRotate := w.notifyReaders.SubscribeTopic(func(i interface{}) bool {
+		_, ok := i.(struct{})
+		return ok
+	})
+	defer w.notifyReaders.Evict(notifyRotate)
+
+	followLogs(currentFile, watcher, notifyRotate, notifyEvict, dec, config.Since, config.Until)
 }
 
 func (w *LogFile) openRotatedFiles(config logger.ReadConfig) (files []*os.File, err error) {
@@ -396,7 +459,7 @@ func (w *LogFile) openRotatedFiles(config logger.ReadConfig) (files []*os.File,
 	}()
 
 	for i := w.maxFiles; i > 1; i-- {
-		f, err := os.Open(fmt.Sprintf("%s.%d", w.f.Name(), i-1))
+		f, err := open(fmt.Sprintf("%s.%d", w.f.Name(), i-1))
 		if err != nil {
 			if !os.IsNotExist(err) {
 				return nil, errors.Wrap(err, "error opening rotated log file")
@@ -406,13 +469,13 @@ func (w *LogFile) openRotatedFiles(config logger.ReadConfig) (files []*os.File,
 			decompressedFileName := fileName + tmpLogfileSuffix
 			tmpFile, err := w.filesRefCounter.GetReference(decompressedFileName, func(refFileName string, exists bool) (*os.File, error) {
 				if exists {
-					return os.Open(refFileName)
+					return open(refFileName)
 				}
 				return decompressfile(fileName, refFileName, config.Since)
 			})
 
 			if err != nil {
-				if !os.IsNotExist(errors.Cause(err)) {
+				if !errors.Is(err, os.ErrNotExist) {
 					return nil, errors.Wrap(err, "error getting reference to decompressed log file")
 				}
 				continue
@@ -432,7 +495,7 @@ func (w *LogFile) openRotatedFiles(config logger.ReadConfig) (files []*os.File,
 }
 
 func decompressfile(fileName, destFileName string, since time.Time) (*os.File, error) {
-	cf, err := os.Open(fileName)
+	cf, err := open(fileName)
 	if err != nil {
 		return nil, errors.Wrap(err, "error opening file for decompression")
 	}
@@ -451,7 +514,7 @@ func decompressfile(fileName, destFileName string, since time.Time) (*os.File, e
 		return nil, nil
 	}
 
-	rs, err := os.OpenFile(destFileName, os.O_CREATE|os.O_RDWR, 0640)
+	rs, err := openFile(destFileName, os.O_CREATE|os.O_RDWR, 0640)
 	if err != nil {
 		return nil, errors.Wrap(err, "error creating file for copying decompressed log stream")
 	}
@@ -472,23 +535,32 @@ func decompressfile(fileName, destFileName string, since time.Time) (*os.File, e
 func newSectionReader(f *os.File) (*io.SectionReader, error) {
 	// seek to the end to get the size
 	// we'll leave this at the end of the file since section reader does not advance the reader
-	size, err := f.Seek(0, os.SEEK_END)
+	size, err := f.Seek(0, io.SeekEnd)
 	if err != nil {
 		return nil, errors.Wrap(err, "error getting current file size")
 	}
 	return io.NewSectionReader(f, 0, size), nil
 }
 
-func tailFiles(files []SizeReaderAt, watcher *logger.LogWatcher, createDecoder makeDecoderFunc, getTailReader GetTailReaderFunc, config logger.ReadConfig) {
+func tailFiles(files []SizeReaderAt, watcher *logger.LogWatcher, dec Decoder, getTailReader GetTailReaderFunc, config logger.ReadConfig, notifyEvict <-chan interface{}) (cont bool) {
 	nLines := config.Tail
 
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
+
+	cont = true
 	// TODO(@cpuguy83): we should plumb a context through instead of dealing with `WatchClose()` here.
 	go func() {
 		select {
+		case err := <-notifyEvict:
+			if err != nil {
+				watcher.Err <- err.(error)
+				cont = false
+				cancel()
+			}
 		case <-ctx.Done():
 		case <-watcher.WatchConsumerGone():
+			cont = false
 			cancel()
 		}
 	}()
@@ -512,11 +584,12 @@ func tailFiles(files []SizeReaderAt, watcher *logger.LogWatcher, createDecoder m
 	}
 
 	rdr := io.MultiReader(readers...)
-	decodeLogLine := createDecoder(rdr)
+	dec.Reset(rdr)
+
 	for {
-		msg, err := decodeLogLine()
+		msg, err := dec.Decode()
 		if err != nil {
-			if errors.Cause(err) != io.EOF {
+			if !errors.Is(err, io.EOF) {
 				watcher.Err <- err
 			}
 			return
@@ -535,8 +608,8 @@ func tailFiles(files []SizeReaderAt, watcher *logger.LogWatcher, createDecoder m
 	}
 }
 
-func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan interface{}, createDecoder makeDecoderFunc, since, until time.Time) {
-	decodeLogLine := createDecoder(f)
+func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate, notifyEvict chan interface{}, dec Decoder, since, until time.Time) {
+	dec.Reset(f)
 
 	name := f.Name()
 	fileWatcher, err := watchFile(name)
@@ -546,6 +619,7 @@ func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan int
 	}
 	defer func() {
 		f.Close()
+		dec.Close()
 		fileWatcher.Close()
 	}()
 
@@ -556,7 +630,7 @@ func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan int
 
 		// retry when the file doesn't exist
 		for retries := 0; retries <= 5; retries++ {
-			f, err = os.Open(name)
+			f, err = open(name)
 			if err == nil || !os.IsNotExist(err) {
 				break
 			}
@@ -567,18 +641,32 @@ func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan int
 		if err := fileWatcher.Add(name); err != nil {
 			return err
 		}
-		decodeLogLine = createDecoder(f)
+		dec.Reset(f)
 		return nil
 	}
 
 	errRetry := errors.New("retry")
 	errDone := errors.New("done")
+
+	handleMustClose := func(evictErr error) {
+		f.Close()
+		dec.Close()
+		logWatcher.Err <- errors.Wrap(err, "log reader evicted due to errors")
+		logrus.WithField("file", f.Name()).Error("Log reader notified that it must re-open log file, some log data may not be streamed to the client.")
+	}
+
 	waitRead := func() error {
 		select {
+		case e := <-notifyEvict:
+			if e != nil {
+				err := e.(error)
+				handleMustClose(err)
+			}
+			return errDone
 		case e := <-fileWatcher.Events():
 			switch e.Op {
 			case fsnotify.Write:
-				decodeLogLine = createDecoder(f)
+				dec.Reset(f)
 				return nil
 			case fsnotify.Rename, fsnotify.Remove:
 				select {
@@ -614,11 +702,25 @@ func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan int
 		}
 	}
 
+	oldSize := int64(-1)
 	handleDecodeErr := func(err error) error {
-		if errors.Cause(err) != io.EOF {
+		if !errors.Is(err, io.EOF) {
 			return err
 		}
 
+		// Handle special case (#39235): max-file=1 and file was truncated
+		st, stErr := f.Stat()
+		if stErr == nil {
+			size := st.Size()
+			defer func() { oldSize = size }()
+			if size < oldSize { // truncated
+				f.Seek(0, 0)
+				return nil
+			}
+		} else {
+			logrus.WithError(stErr).Warn("logger: stat error")
+		}
+
 		for {
 			err := waitRead()
 			if err == nil {
@@ -634,7 +736,15 @@ func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan int
 
 	// main loop
 	for {
-		msg, err := decodeLogLine()
+		select {
+		case err := <-notifyEvict:
+			if err != nil {
+				handleMustClose(err.(error))
+			}
+			return
+		default:
+		}
+		msg, err := dec.Decode()
 		if err != nil {
 			if err := handleDecodeErr(err); err != nil {
 				if err == errDone {
@@ -657,6 +767,13 @@ func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan int
 		}
 		// send the message, unless the consumer is gone
 		select {
+		case e := <-notifyEvict:
+			if e != nil {
+				err := e.(error)
+				logrus.WithError(err).Debug("Reader evicted while sending log message")
+				logWatcher.Err <- err
+			}
+			return
 		case logWatcher.Msg <- msg:
 		case <-logWatcher.WatchConsumerGone():
 			return
diff --git a/daemon/logger/loggerutils/logfile_test.go b/daemon/logger/loggerutils/logfile_test.go
index e3e63210fc0d9..01f13ac9f29ff 100644
--- a/daemon/logger/loggerutils/logfile_test.go
+++ b/daemon/logger/loggerutils/logfile_test.go
@@ -1,20 +1,52 @@
-package loggerutils
+package loggerutils // import "github.com/docker/docker/daemon/logger/loggerutils"
 
 import (
 	"bufio"
+	"bytes"
 	"context"
+	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
+	"path/filepath"
 	"strings"
+	"sync/atomic"
 	"testing"
+	"text/tabwriter"
 	"time"
 
 	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/pkg/pubsub"
 	"github.com/docker/docker/pkg/tailfile"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
 )
 
+type testDecoder struct {
+	rdr     io.Reader
+	scanner *bufio.Scanner
+}
+
+func (d *testDecoder) Decode() (*logger.Message, error) {
+	if d.scanner == nil {
+		d.scanner = bufio.NewScanner(d.rdr)
+	}
+	if !d.scanner.Scan() {
+		return nil, d.scanner.Err()
+	}
+	// some comment
+	return &logger.Message{Line: d.scanner.Bytes(), Timestamp: time.Now()}, nil
+}
+
+func (d *testDecoder) Reset(rdr io.Reader) {
+	d.rdr = rdr
+	d.scanner = bufio.NewScanner(rdr)
+}
+
+func (d *testDecoder) Close() {
+	d.rdr = nil
+	d.scanner = nil
+}
+
 func TestTailFiles(t *testing.T) {
 	s1 := strings.NewReader("Hello.\nMy name is Inigo Montoya.\n")
 	s2 := strings.NewReader("I'm serious.\nDon't call me Shirley!\n")
@@ -22,27 +54,19 @@ func TestTailFiles(t *testing.T) {
 
 	files := []SizeReaderAt{s1, s2, s3}
 	watcher := logger.NewLogWatcher()
-	createDecoder := func(r io.Reader) func() (*logger.Message, error) {
-		scanner := bufio.NewScanner(r)
-		return func() (*logger.Message, error) {
-			if !scanner.Scan() {
-				return nil, scanner.Err()
-			}
-			// some comment
-			return &logger.Message{Line: scanner.Bytes(), Timestamp: time.Now()}, nil
-		}
-	}
+	defer watcher.ConsumerGone()
 
 	tailReader := func(ctx context.Context, r SizeReaderAt, lines int) (io.Reader, int, error) {
 		return tailfile.NewTailReader(ctx, r, lines)
 	}
+	dec := &testDecoder{}
 
 	for desc, config := range map[string]logger.ReadConfig{} {
 		t.Run(desc, func(t *testing.T) {
 			started := make(chan struct{})
 			go func() {
 				close(started)
-				tailFiles(files, watcher, createDecoder, tailReader, config)
+				tailFiles(files, watcher, dec, tailReader, config, make(chan interface{}))
 			}()
 			<-started
 		})
@@ -52,7 +76,7 @@ func TestTailFiles(t *testing.T) {
 	started := make(chan struct{})
 	go func() {
 		close(started)
-		tailFiles(files, watcher, createDecoder, tailReader, config)
+		tailFiles(files, watcher, dec, tailReader, config, make(chan interface{}))
 	}()
 	<-started
 
@@ -60,7 +84,7 @@ func TestTailFiles(t *testing.T) {
 	case <-time.After(60 * time.Second):
 		t.Fatal("timeout waiting for tail line")
 	case err := <-watcher.Err:
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 	case msg := <-watcher.Msg:
 		assert.Assert(t, msg != nil)
 		assert.Assert(t, string(msg.Line) == "Roads?", string(msg.Line))
@@ -70,33 +94,38 @@ func TestTailFiles(t *testing.T) {
 	case <-time.After(60 * time.Second):
 		t.Fatal("timeout waiting for tail line")
 	case err := <-watcher.Err:
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 	case msg := <-watcher.Msg:
 		assert.Assert(t, msg != nil)
 		assert.Assert(t, string(msg.Line) == "Where we're going we don't need roads.", string(msg.Line))
 	}
 }
 
+type dummyDecoder struct{}
+
+func (dummyDecoder) Decode() (*logger.Message, error) {
+	return &logger.Message{}, nil
+}
+
+func (dummyDecoder) Close()          {}
+func (dummyDecoder) Reset(io.Reader) {}
+
 func TestFollowLogsConsumerGone(t *testing.T) {
 	lw := logger.NewLogWatcher()
 
-	f, err := ioutil.TempFile("", t.Name())
+	f, err := os.CreateTemp("", t.Name())
 	assert.NilError(t, err)
 	defer func() {
 		f.Close()
 		os.Remove(f.Name())
 	}()
 
-	makeDecoder := func(rdr io.Reader) func() (*logger.Message, error) {
-		return func() (*logger.Message, error) {
-			return &logger.Message{}, nil
-		}
-	}
+	dec := dummyDecoder{}
 
 	followLogsDone := make(chan struct{})
 	var since, until time.Time
 	go func() {
-		followLogs(f, lw, make(chan interface{}), makeDecoder, since, until)
+		followLogs(f, lw, make(chan interface{}), make(chan interface{}), dec, since, until)
 		close(followLogsDone)
 	}()
 
@@ -118,33 +147,46 @@ func TestFollowLogsConsumerGone(t *testing.T) {
 	}
 }
 
+type dummyWrapper struct {
+	dummyDecoder
+	fn func() error
+}
+
+func (d *dummyWrapper) Decode() (*logger.Message, error) {
+	if err := d.fn(); err != nil {
+		return nil, err
+	}
+	return d.dummyDecoder.Decode()
+}
+
 func TestFollowLogsProducerGone(t *testing.T) {
 	lw := logger.NewLogWatcher()
+	defer lw.ConsumerGone()
 
-	f, err := ioutil.TempFile("", t.Name())
+	f, err := os.CreateTemp("", t.Name())
 	assert.NilError(t, err)
 	defer os.Remove(f.Name())
 
-	var sent, received, closed int
-	makeDecoder := func(rdr io.Reader) func() (*logger.Message, error) {
-		return func() (*logger.Message, error) {
-			if closed == 1 {
-				closed++
-				t.Logf("logDecode() closed after sending %d messages\n", sent)
-				return nil, io.EOF
-			} else if closed > 1 {
-				t.Fatal("logDecode() called after closing!")
-				return nil, io.EOF
-			}
-			sent++
-			return &logger.Message{}, nil
+	var sent, received, closed int32
+	dec := &dummyWrapper{fn: func() error {
+		switch atomic.LoadInt32(&closed) {
+		case 0:
+			atomic.AddInt32(&sent, 1)
+			return nil
+		case 1:
+			atomic.AddInt32(&closed, 1)
+			t.Logf("logDecode() closed after sending %d messages\n", sent)
+			return io.EOF
+		default:
+			t.Fatal("logDecode() called after closing!")
+			return io.EOF
 		}
-	}
+	}}
 	var since, until time.Time
 
 	followLogsDone := make(chan struct{})
 	go func() {
-		followLogs(f, lw, make(chan interface{}), makeDecoder, since, until)
+		followLogs(f, lw, make(chan interface{}), make(chan interface{}), dec, since, until)
 		close(followLogsDone)
 	}()
 
@@ -161,7 +203,7 @@ func TestFollowLogsProducerGone(t *testing.T) {
 	}
 
 	// "stop" the "container"
-	closed = 1
+	atomic.StoreInt32(&closed, 1)
 	lw.ProducerGone()
 
 	// should receive all the messages sent
@@ -172,7 +214,7 @@ func TestFollowLogsProducerGone(t *testing.T) {
 			select {
 			case <-lw.Msg:
 				received++
-				if received == sent {
+				if received == atomic.LoadInt32(&sent) {
 					return
 				}
 			case err := <-lw.Err:
@@ -186,7 +228,7 @@ func TestFollowLogsProducerGone(t *testing.T) {
 		t.Fatalf("timeout waiting for log messages to be read (sent: %d, received: %d", sent, received)
 	}
 
-	t.Logf("messages sent: %d, received: %d", sent, received)
+	t.Logf("messages sent: %d, received: %d", atomic.LoadInt32(&sent), received)
 
 	// followLogs() should be done by now
 	select {
@@ -201,3 +243,131 @@ func TestFollowLogsProducerGone(t *testing.T) {
 	default:
 	}
 }
+
+func TestCheckCapacityAndRotate(t *testing.T) {
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+	defer os.RemoveAll(dir)
+
+	f, err := os.CreateTemp(dir, "log")
+	assert.NilError(t, err)
+
+	l := &LogFile{
+		f:               f,
+		capacity:        5,
+		maxFiles:        3,
+		compress:        true,
+		notifyReaders:   pubsub.NewPublisher(0, 1),
+		perms:           0600,
+		filesRefCounter: refCounter{counter: make(map[string]int)},
+		getTailReader: func(ctx context.Context, r SizeReaderAt, lines int) (io.Reader, int, error) {
+			return tailfile.NewTailReader(ctx, r, lines)
+		},
+		createDecoder: func(io.Reader) Decoder {
+			return dummyDecoder{}
+		},
+		marshal: func(msg *logger.Message) ([]byte, error) {
+			return msg.Line, nil
+		},
+	}
+	defer l.Close()
+
+	ls := dirStringer{dir}
+
+	assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world!")}))
+	_, err = os.Stat(f.Name() + ".1")
+	assert.Assert(t, os.IsNotExist(err), ls)
+
+	assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world!")}))
+	poll.WaitOn(t, checkFileExists(f.Name()+".1.gz"), poll.WithDelay(time.Millisecond), poll.WithTimeout(30*time.Second))
+
+	assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world!")}))
+	poll.WaitOn(t, checkFileExists(f.Name()+".1.gz"), poll.WithDelay(time.Millisecond), poll.WithTimeout(30*time.Second))
+	poll.WaitOn(t, checkFileExists(f.Name()+".2.gz"), poll.WithDelay(time.Millisecond), poll.WithTimeout(30*time.Second))
+
+	t.Run("closed log file", func(t *testing.T) {
+		// Now let's simulate a failed rotation where the file was able to be closed but something else happened elsewhere
+		// down the line.
+		// We want to make sure that we can recover in the case that `l.f` was closed while attempting a rotation.
+		l.f.Close()
+		assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world!")}))
+		assert.NilError(t, os.Remove(f.Name()+".2.gz"))
+	})
+
+	t.Run("with log reader", func(t *testing.T) {
+		// Make sure rotate works with an active reader
+		lw := logger.NewLogWatcher()
+		defer lw.ConsumerGone()
+		go l.ReadLogs(logger.ReadConfig{Follow: true, Tail: 1000}, lw)
+
+		assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world 0!")}), ls)
+		// make sure the log reader is primed
+		waitForMsg(t, lw, 30*time.Second)
+
+		assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world 1!")}), ls)
+		assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world 2!")}), ls)
+		assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world 3!")}), ls)
+		assert.NilError(t, l.WriteLogEntry(&logger.Message{Line: []byte("hello world 4!")}), ls)
+		poll.WaitOn(t, checkFileExists(f.Name()+".2.gz"), poll.WithDelay(time.Millisecond), poll.WithTimeout(30*time.Second))
+	})
+}
+
+func waitForMsg(t *testing.T, lw *logger.LogWatcher, timeout time.Duration) {
+	t.Helper()
+
+	timer := time.NewTimer(timeout)
+	defer timer.Stop()
+
+	select {
+	case <-lw.Msg:
+	case <-lw.WatchProducerGone():
+		t.Fatal("log producer gone before log message arrived")
+	case err := <-lw.Err:
+		assert.NilError(t, err)
+	case <-timer.C:
+		t.Fatal("timeout waiting for log message")
+	}
+}
+
+type dirStringer struct {
+	d string
+}
+
+func (d dirStringer) String() string {
+	ls, err := os.ReadDir(d.d)
+	if err != nil {
+		return ""
+	}
+	buf := bytes.NewBuffer(nil)
+	tw := tabwriter.NewWriter(buf, 1, 8, 1, '\t', 0)
+	buf.WriteString("\n")
+
+	btw := bufio.NewWriter(tw)
+
+	for _, entry := range ls {
+		fi, err := entry.Info()
+		if err != nil {
+			return ""
+		}
+
+		btw.WriteString(fmt.Sprintf("%s\t%s\t%dB\t%s\n", fi.Name(), fi.Mode(), fi.Size(), fi.ModTime()))
+	}
+	btw.Flush()
+	tw.Flush()
+	return buf.String()
+}
+
+func checkFileExists(name string) poll.Check {
+	return func(t poll.LogT) poll.Result {
+		_, err := os.Stat(name)
+		switch {
+		case err == nil:
+			return poll.Success()
+		case os.IsNotExist(err):
+			return poll.Continue("waiting for %s to exist", name)
+		default:
+			t.Logf("waiting for %s: %v: %s", name, err, dirStringer{filepath.Dir(name)})
+			return poll.Error(err)
+		}
+	}
+}
diff --git a/daemon/logger/loginfo.go b/daemon/logger/loginfo.go
index 4c48235f5c73b..12034421fc984 100644
--- a/daemon/logger/loginfo.go
+++ b/daemon/logger/loginfo.go
@@ -41,6 +41,22 @@ func (info *Info) ExtraAttributes(keyMod func(string) string) (map[string]string
 		}
 	}
 
+	labelsRegex, ok := info.Config["labels-regex"]
+	if ok && len(labelsRegex) > 0 {
+		re, err := regexp.Compile(labelsRegex)
+		if err != nil {
+			return nil, err
+		}
+		for k, v := range info.ContainerLabels {
+			if re.MatchString(k) {
+				if keyMod != nil {
+					k = keyMod(k)
+				}
+				extra[k] = v
+			}
+		}
+	}
+
 	envMapping := make(map[string]string)
 	for _, e := range info.ContainerEnv {
 		if kv := strings.SplitN(e, "=", 2); len(kv) == 2 {
diff --git a/daemon/logger/metrics.go b/daemon/logger/metrics.go
index b7dfd38ec2061..05b557f8625ed 100644
--- a/daemon/logger/metrics.go
+++ b/daemon/logger/metrics.go
@@ -1,7 +1,7 @@
 package logger // import "github.com/docker/docker/daemon/logger"
 
 import (
-	"github.com/docker/go-metrics"
+	metrics "github.com/docker/go-metrics"
 )
 
 var (
diff --git a/daemon/logger/plugin.go b/daemon/logger/plugin.go
index c66540ce52d1a..8c155b0ddb46c 100644
--- a/daemon/logger/plugin.go
+++ b/daemon/logger/plugin.go
@@ -81,7 +81,7 @@ func makePluginCreator(name string, l logPlugin, scopePath func(s string) string
 			return nil, err
 		}
 
-		id := stringid.GenerateNonCryptoID()
+		id := stringid.GenerateRandomID()
 		a := &pluginAdapter{
 			driverName: name,
 			id:         id,
diff --git a/daemon/logger/plugin_unix.go b/daemon/logger/plugin_unix.go
index e9a16af9b1f35..a59fda860a59e 100644
--- a/daemon/logger/plugin_unix.go
+++ b/daemon/logger/plugin_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package logger // import "github.com/docker/docker/daemon/logger"
diff --git a/daemon/logger/plugin_unsupported.go b/daemon/logger/plugin_unsupported.go
index 2ad47cc07798c..fbbeba0c21706 100644
--- a/daemon/logger/plugin_unsupported.go
+++ b/daemon/logger/plugin_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !freebsd
 // +build !linux,!freebsd
 
 package logger // import "github.com/docker/docker/daemon/logger"
diff --git a/daemon/logger/ring.go b/daemon/logger/ring.go
index c675c1e83c591..ff43baac2fbd2 100644
--- a/daemon/logger/ring.go
+++ b/daemon/logger/ring.go
@@ -4,8 +4,6 @@ import (
 	"errors"
 	"sync"
 	"sync/atomic"
-
-	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -19,8 +17,11 @@ type RingLogger struct {
 	l         Logger
 	logInfo   Info
 	closeFlag int32
+	wg        sync.WaitGroup
 }
 
+var _ SizedLogger = &RingLogger{}
+
 type ringWithReader struct {
 	*RingLogger
 }
@@ -40,6 +41,7 @@ func newRingLogger(driver Logger, logInfo Info, maxSize int64) *RingLogger {
 		l:       driver,
 		logInfo: logInfo,
 	}
+	l.wg.Add(1)
 	go l.run()
 	return l
 }
@@ -57,6 +59,15 @@ func NewRingLogger(driver Logger, logInfo Info, maxSize int64) Logger {
 	return l
 }
 
+// BufSize returns the buffer size of the underlying logger.
+// Returns -1 if the logger doesn't match SizedLogger interface.
+func (r *RingLogger) BufSize() int {
+	if sl, ok := r.l.(SizedLogger); ok {
+		return sl.BufSize()
+	}
+	return -1
+}
+
 // Log queues messages into the ring buffer
 func (r *RingLogger) Log(msg *Message) error {
 	if r.closed() {
@@ -82,6 +93,7 @@ func (r *RingLogger) setClosed() {
 func (r *RingLogger) Close() error {
 	r.setClosed()
 	r.buffer.Close()
+	r.wg.Wait()
 	// empty out the queue
 	var logErr bool
 	for _, msg := range r.buffer.Drain() {
@@ -93,10 +105,7 @@ func (r *RingLogger) Close() error {
 		}
 
 		if err := r.l.Log(msg); err != nil {
-			logrus.WithField("driver", r.l.Name()).
-				WithField("container", r.logInfo.ContainerID).
-				WithError(err).
-				Errorf("Error writing log message")
+			logDriverError(r.l.Name(), string(msg.Line), err)
 			logErr = true
 		}
 	}
@@ -107,6 +116,7 @@ func (r *RingLogger) Close() error {
 // logger.
 // This is run in a goroutine when the RingLogger is created
 func (r *RingLogger) run() {
+	defer r.wg.Done()
 	for {
 		if r.closed() {
 			return
@@ -117,10 +127,7 @@ func (r *RingLogger) run() {
 			return
 		}
 		if err := r.l.Log(msg); err != nil {
-			logrus.WithField("driver", r.l.Name()).
-				WithField("container", r.logInfo.ContainerID).
-				WithError(err).
-				Errorf("Error writing log message")
+			logDriverError(r.l.Name(), string(msg.Line), err)
 		}
 	}
 }
diff --git a/daemon/logger/splunk/splunk.go b/daemon/logger/splunk/splunk.go
index 8756ffa3b2928..5d76506dcbc8d 100644
--- a/daemon/logger/splunk/splunk.go
+++ b/daemon/logger/splunk/splunk.go
@@ -11,7 +11,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"os"
@@ -24,6 +23,7 @@ import (
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/urlutil"
+	"github.com/google/uuid"
 	"github.com/sirupsen/logrus"
 )
 
@@ -41,9 +41,11 @@ const (
 	splunkVerifyConnectionKey     = "splunk-verify-connection"
 	splunkGzipCompressionKey      = "splunk-gzip"
 	splunkGzipCompressionLevelKey = "splunk-gzip-level"
+	splunkIndexAcknowledgment     = "splunk-index-acknowledgment"
 	envKey                        = "env"
 	envRegexKey                   = "env-regex"
 	labelsKey                     = "labels"
+	labelsRegexKey                = "labels-regex"
 	tagKey                        = "tag"
 )
 
@@ -90,6 +92,7 @@ type splunkLogger struct {
 	postMessagesFrequency time.Duration
 	postMessagesBatchSize int
 	bufferMaximum         int
+	indexAck              bool
 
 	// For synchronization between background worker and logger.
 	// We use channel to send messages to worker go routine.
@@ -166,7 +169,8 @@ func New(info logger.Info) (logger.Logger, error) {
 		return nil, fmt.Errorf("%s: %s is expected", driverName, splunkTokenKey)
 	}
 
-	tlsConfig := &tls.Config{}
+	// FIXME set minimum TLS version for splunk (see https://github.com/moby/moby/issues/42443)
+	tlsConfig := &tls.Config{} //nolint: gosec // G402: TLS MinVersion too low.
 
 	// Splunk is using autogenerated certificates by default,
 	// allow users to trust them with skipping verification
@@ -180,7 +184,7 @@ func New(info logger.Info) (logger.Logger, error) {
 
 	// If path to the root certificate is provided - load it
 	if caPath, ok := info.Config[splunkCAPathKey]; ok {
-		caCert, err := ioutil.ReadFile(caPath)
+		caCert, err := os.ReadFile(caPath)
 		if err != nil {
 			return nil, err
 		}
@@ -216,6 +220,14 @@ func New(info logger.Info) (logger.Logger, error) {
 		}
 	}
 
+	indexAck := false
+	if indexAckStr, ok := info.Config[splunkIndexAcknowledgment]; ok {
+		indexAck, err = strconv.ParseBool(indexAckStr)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	transport := &http.Transport{
 		TLSClientConfig: tlsConfig,
 		Proxy:           http.ProxyFromEnvironment,
@@ -268,6 +280,7 @@ func New(info logger.Info) (logger.Logger, error) {
 		postMessagesFrequency: postMessagesFrequency,
 		postMessagesBatchSize: postMessagesBatchSize,
 		bufferMaximum:         bufferMaximum,
+		indexAck:              indexAck,
 	}
 
 	// By default we verify connection, but we allow use to skip that
@@ -494,7 +507,7 @@ func (l *splunkLogger) tryPostMessages(ctx context.Context, messages []*splunkMe
 			return err
 		}
 	}
-	req, err := http.NewRequest("POST", l.url, bytes.NewBuffer(buffer.Bytes()))
+	req, err := http.NewRequest(http.MethodPost, l.url, bytes.NewBuffer(buffer.Bytes()))
 	if err != nil {
 		return err
 	}
@@ -504,17 +517,25 @@ func (l *splunkLogger) tryPostMessages(ctx context.Context, messages []*splunkMe
 	if l.gzipCompression {
 		req.Header.Set("Content-Encoding", "gzip")
 	}
+	// Set the correct header if index acknowledgment is enabled
+	if l.indexAck {
+		requestChannel, err := uuid.NewRandom()
+		if err != nil {
+			return err
+		}
+		req.Header.Set("X-Splunk-Request-Channel", requestChannel.String())
+	}
 	resp, err := l.client.Do(req)
 	if err != nil {
 		return err
 	}
 	defer func() {
-		pools.Copy(ioutil.Discard, resp.Body)
+		pools.Copy(io.Discard, resp.Body)
 		resp.Body.Close()
 	}()
 	if resp.StatusCode != http.StatusOK {
 		rdr := io.LimitReader(resp.Body, maxResponseSize)
-		body, err := ioutil.ReadAll(rdr)
+		body, err := io.ReadAll(rdr)
 		if err != nil {
 			return err
 		}
@@ -562,9 +583,11 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case splunkVerifyConnectionKey:
 		case splunkGzipCompressionKey:
 		case splunkGzipCompressionLevelKey:
+		case splunkIndexAcknowledgment:
 		case envKey:
 		case envRegexKey:
 		case labelsKey:
+		case labelsRegexKey:
 		case tagKey:
 		default:
 			return fmt.Errorf("unknown log opt '%s' for %s log driver", key, driverName)
@@ -607,13 +630,13 @@ func verifySplunkConnection(l *splunkLogger) error {
 		return err
 	}
 	defer func() {
-		pools.Copy(ioutil.Discard, resp.Body)
+		pools.Copy(io.Discard, resp.Body)
 		resp.Body.Close()
 	}()
 
 	if resp.StatusCode != http.StatusOK {
 		rdr := io.LimitReader(resp.Body, maxResponseSize)
-		body, err := ioutil.ReadAll(rdr)
+		body, err := io.ReadAll(rdr)
 		if err != nil {
 			return err
 		}
diff --git a/daemon/logger/splunk/splunk_test.go b/daemon/logger/splunk/splunk_test.go
index 654e96a309648..c5f3164d75506 100644
--- a/daemon/logger/splunk/splunk_test.go
+++ b/daemon/logger/splunk/splunk_test.go
@@ -11,8 +11,8 @@ import (
 	"time"
 
 	"github.com/docker/docker/daemon/logger"
-	"gotest.tools/assert"
-	"gotest.tools/env"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/env"
 )
 
 // Validate options
@@ -105,7 +105,7 @@ func TestNewWithProxy(t *testing.T) {
 	proxyFunc := splunkLogger.transport.Proxy
 	assert.Assert(t, proxyFunc != nil)
 
-	req, err := http.NewRequest("GET", splunkURL, nil)
+	req, err := http.NewRequest(http.MethodGet, splunkURL, nil)
 	assert.NilError(t, err)
 
 	proxyURL, err := proxyFunc(req)
@@ -925,7 +925,12 @@ func TestFrequency(t *testing.T) {
 
 	// 1 to verify connection and 10 to verify that we have sent messages with required frequency,
 	// but because frequency is too small (to keep test quick), instead of 11, use 9 if context switches will be slow
-	if hec.numOfRequests < 9 {
+	expectedRequests := 9
+	if runtime.GOOS == "windows" {
+		// sometimes in Windows, this test fails with number of requests showing 8. So be more conservative.
+		expectedRequests = 7
+	}
+	if hec.numOfRequests < expectedRequests {
 		t.Fatalf("Unexpected number of requests %d", hec.numOfRequests)
 	}
 
diff --git a/daemon/logger/splunk/splunkhecmock_test.go b/daemon/logger/splunk/splunkhecmock_test.go
index a3a83ac103b7c..f592abe22865a 100644
--- a/daemon/logger/splunk/splunkhecmock_test.go
+++ b/daemon/logger/splunk/splunkhecmock_test.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"sync"
@@ -150,7 +149,7 @@ func (hec *HTTPEventCollectorMock) ServeHTTP(writer http.ResponseWriter, request
 
 		// Read body
 		var body []byte
-		body, err = ioutil.ReadAll(reader)
+		body, err = io.ReadAll(reader)
 		if err != nil {
 			hec.test.Fatal(err)
 		}
diff --git a/daemon/logger/syslog/syslog.go b/daemon/logger/syslog/syslog.go
index 94bdee364a6ae..fb20cf4def772 100644
--- a/daemon/logger/syslog/syslog.go
+++ b/daemon/logger/syslog/syslog.go
@@ -77,7 +77,7 @@ func rfc5424formatterWithAppNameAsTag(p syslog.Priority, hostname, tag, content
 // for multiple syntaxes, there are further restrictions in rfc5424, i.e., the maximum
 // resolution is limited to "TIME-SECFRAC" which is 6 (microsecond resolution)
 func rfc5424microformatterWithAppNameAsTag(p syslog.Priority, hostname, tag, content string) string {
-	timestamp := time.Now().Format("2006-01-02T15:04:05.999999Z07:00")
+	timestamp := time.Now().Format("2006-01-02T15:04:05.000000Z07:00")
 	pid := os.Getpid()
 	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s - %s",
 		p, 1, timestamp, hostname, tag, pid, tag, content)
@@ -132,6 +132,10 @@ func New(info logger.Info) (logger.Logger, error) {
 }
 
 func (s *syslogger) Log(msg *logger.Message) error {
+	if len(msg.Line) == 0 {
+		return nil
+	}
+
 	line := string(msg.Line)
 	source := msg.Source
 	logger.PutMessage(msg)
@@ -189,6 +193,7 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case "env":
 		case "env-regex":
 		case "labels":
+		case "labels-regex":
 		case "syslog-address":
 		case "syslog-facility":
 		case "syslog-tls-ca-cert":
diff --git a/daemon/logger/syslog/syslog_test.go b/daemon/logger/syslog/syslog_test.go
index 4631788fbbbc2..fbba836e1157c 100644
--- a/daemon/logger/syslog/syslog_test.go
+++ b/daemon/logger/syslog/syslog_test.go
@@ -1,6 +1,7 @@
 package syslog // import "github.com/docker/docker/daemon/logger/syslog"
 
 import (
+	"net"
 	"reflect"
 	"testing"
 
@@ -60,3 +61,100 @@ func TestValidateLogOptEmpty(t *testing.T) {
 		t.Fatal("Failed to parse empty config", err)
 	}
 }
+
+func TestValidateSyslogAddress(t *testing.T) {
+	err := ValidateLogOpt(map[string]string{
+		"syslog-address": "this is not an uri",
+	})
+	if err == nil {
+		t.Fatal("Expected error with invalid uri")
+	}
+
+	// File exists
+	err = ValidateLogOpt(map[string]string{
+		"syslog-address": "unix:///",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// File does not exist
+	err = ValidateLogOpt(map[string]string{
+		"syslog-address": "unix:///does_not_exist",
+	})
+	if err == nil {
+		t.Fatal("Expected error when address is non existing file")
+	}
+
+	// accepts udp and tcp URIs
+	err = ValidateLogOpt(map[string]string{
+		"syslog-address": "udp://1.2.3.4",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"syslog-address": "tcp://1.2.3.4",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestParseAddressDefaultPort(t *testing.T) {
+	_, address, err := parseAddress("tcp://1.2.3.4")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, port, _ := net.SplitHostPort(address)
+	if port != "514" {
+		t.Fatalf("Expected to default to port 514. It used port %s", port)
+	}
+}
+
+func TestValidateSyslogFacility(t *testing.T) {
+	err := ValidateLogOpt(map[string]string{
+		"syslog-facility": "Invalid facility",
+	})
+	if err == nil {
+		t.Fatal("Expected error if facility level is invalid")
+	}
+}
+
+func TestValidateLogOptSyslogFormat(t *testing.T) {
+	err := ValidateLogOpt(map[string]string{
+		"syslog-format": "Invalid format",
+	})
+	if err == nil {
+		t.Fatal("Expected error if format is invalid")
+	}
+}
+
+func TestValidateLogOpt(t *testing.T) {
+	err := ValidateLogOpt(map[string]string{
+		"env":                    "http://127.0.0.1",
+		"env-regex":              "abc",
+		"labels":                 "labelA",
+		"labels-regex":           "def",
+		"syslog-address":         "udp://1.2.3.4:1111",
+		"syslog-facility":        "daemon",
+		"syslog-tls-ca-cert":     "/etc/ca-certificates/custom/ca.pem",
+		"syslog-tls-cert":        "/etc/ca-certificates/custom/cert.pem",
+		"syslog-tls-key":         "/etc/ca-certificates/custom/key.pem",
+		"syslog-tls-skip-verify": "true",
+		"tag":                    "true",
+		"syslog-format":          "rfc3164",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"not-supported-option": "a",
+	})
+	if err == nil {
+		t.Fatal("Expecting error on unsupported options")
+	}
+}
diff --git a/daemon/logger/templates/templates_test.go b/daemon/logger/templates/templates_test.go
index 25e7c88750781..2f8fad10d0623 100644
--- a/daemon/logger/templates/templates_test.go
+++ b/daemon/logger/templates/templates_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestNewParse(t *testing.T) {
diff --git a/daemon/logs.go b/daemon/logs.go
index 668a75c778306..567e3c7155aed 100644
--- a/daemon/logs.go
+++ b/daemon/logs.go
@@ -11,6 +11,7 @@ import (
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/logger"
+	logcache "github.com/docker/docker/daemon/logger/loggerutils/cache"
 	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -32,20 +33,20 @@ func (daemon *Daemon) ContainerLogs(ctx context.Context, containerName string, c
 	if !(config.ShowStdout || config.ShowStderr) {
 		return nil, false, errdefs.InvalidParameter(errors.New("You must choose at least one stream"))
 	}
-	container, err := daemon.GetContainer(containerName)
+	ctr, err := daemon.GetContainer(containerName)
 	if err != nil {
 		return nil, false, err
 	}
 
-	if container.RemovalInProgress || container.Dead {
+	if ctr.RemovalInProgress || ctr.Dead {
 		return nil, false, errdefs.Conflict(errors.New("can not get logs from container which is dead or marked for removal"))
 	}
 
-	if container.HostConfig.LogConfig.Type == "none" {
+	if ctr.HostConfig.LogConfig.Type == "none" {
 		return nil, false, logger.ErrReadLogsNotSupported{}
 	}
 
-	cLog, cLogCreated, err := daemon.getLogger(container)
+	cLog, cLogCreated, err := daemon.getLogger(ctr)
 	if err != nil {
 		return nil, false, err
 	}
@@ -156,7 +157,7 @@ func (daemon *Daemon) ContainerLogs(ctx context.Context, containerName string, c
 			}
 		}
 	}()
-	return messageChan, container.Config.Tty, nil
+	return messageChan, ctr.Config.Tty, nil
 }
 
 func (daemon *Daemon) getLogger(container *container.Container) (l logger.Logger, created bool, err error) {
@@ -190,6 +191,8 @@ func (daemon *Daemon) mergeAndVerifyLogConfig(cfg *containertypes.LogConfig) err
 		}
 	}
 
+	logcache.MergeDefaultLogConfig(cfg.Config, daemon.defaultLogConfig.Config)
+
 	return logger.ValidateLogOpts(cfg.Type, cfg.Config)
 }
 
@@ -204,6 +207,7 @@ func (daemon *Daemon) setupDefaultLogConfig() error {
 		Type:   config.LogConfig.Type,
 		Config: config.LogConfig.Config,
 	}
+
 	logrus.Debugf("Using default logging driver %s", daemon.defaultLogConfig.Type)
 	return nil
 }
diff --git a/daemon/metrics.go b/daemon/metrics.go
index 20030c427056f..ebe5b75a6e9bc 100644
--- a/daemon/metrics.go
+++ b/daemon/metrics.go
@@ -6,7 +6,7 @@ import (
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
-	"github.com/docker/go-metrics"
+	metrics "github.com/docker/go-metrics"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/sirupsen/logrus"
@@ -17,6 +17,7 @@ const metricsPluginType = "MetricsCollector"
 var (
 	containerActions          metrics.LabeledTimer
 	networkActions            metrics.LabeledTimer
+	hostInfoFunctions         metrics.LabeledTimer
 	engineInfo                metrics.LabeledGauge
 	engineCpus                metrics.Gauge
 	engineMemory              metrics.Gauge
@@ -38,6 +39,7 @@ func init() {
 	} {
 		containerActions.WithValues(a).Update(0)
 	}
+	hostInfoFunctions = ns.NewLabeledTimer("host_info_functions", "The number of seconds it takes to call functions gathering info about the host", "function")
 
 	networkActions = ns.NewLabeledTimer("network_actions", "The number of seconds it takes to process each network action", "action")
 	engineInfo = ns.NewLabeledGauge("engine", "The information related to the engine and the OS it is running on", metrics.Unit("info"),
@@ -45,8 +47,10 @@ func init() {
 		"commit",
 		"architecture",
 		"graphdriver",
-		"kernel", "os",
+		"kernel",
+		"os",
 		"os_type",
+		"os_version",
 		"daemon_id", // ID is a randomly generated unique identifier (e.g. UUID4)
 	)
 	engineCpus = ns.NewGauge("engine_cpus", "The number of cpus that the host system of the engine has", metrics.Unit("cpus"))
@@ -111,8 +115,8 @@ func (ctr *stateCounter) Collect(ch chan<- prometheus.Metric) {
 	ch <- prometheus.MustNewConstMetric(ctr.desc, prometheus.GaugeValue, float64(stopped), "stopped")
 }
 
-func (d *Daemon) cleanupMetricsPlugins() {
-	ls := d.PluginStore.GetAllManagedPluginsByCap(metricsPluginType)
+func (daemon *Daemon) cleanupMetricsPlugins() {
+	ls := daemon.PluginStore.GetAllManagedPluginsByCap(metricsPluginType)
 	var wg sync.WaitGroup
 	wg.Add(len(ls))
 
@@ -133,8 +137,8 @@ func (d *Daemon) cleanupMetricsPlugins() {
 	}
 	wg.Wait()
 
-	if d.metricsPluginListener != nil {
-		d.metricsPluginListener.Close()
+	if daemon.metricsPluginListener != nil {
+		daemon.metricsPluginListener.Close()
 	}
 }
 
@@ -143,7 +147,7 @@ type metricsPlugin interface {
 	StopMetrics() error
 }
 
-func makePluginAdapter(p plugingetter.CompatPlugin) (metricsPlugin, error) { // nolint: interfacer
+func makePluginAdapter(p plugingetter.CompatPlugin) (metricsPlugin, error) {
 	if pc, ok := p.(plugingetter.PluginWithV1Client); ok {
 		return &metricsPluginAdapter{pc.Client(), p.Name()}, nil
 	}
diff --git a/daemon/metrics_unix.go b/daemon/metrics_unix.go
index a9b5f810b0638..7869712541380 100644
--- a/daemon/metrics_unix.go
+++ b/daemon/metrics_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -6,12 +7,13 @@ import (
 	"net"
 	"net/http"
 	"path/filepath"
+	"strings"
 
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/plugin"
-	"github.com/docker/go-metrics"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	metrics "github.com/docker/go-metrics"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
@@ -28,7 +30,10 @@ func (daemon *Daemon) listenMetricsSock() (string, error) {
 	mux := http.NewServeMux()
 	mux.Handle("/metrics", metrics.Handler())
 	go func() {
-		http.Serve(l, mux)
+		logrus.Debugf("metrics API listening on %s", l.Addr())
+		if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
+			logrus.WithError(err).Error("error serving metrics API")
+		}
 	}()
 	daemon.metricsPluginListener = l
 	return path, nil
diff --git a/daemon/metrics_unsupported.go b/daemon/metrics_unsupported.go
index 653c77fc32578..2a25b73d94959 100644
--- a/daemon/metrics_unsupported.go
+++ b/daemon/metrics_unsupported.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package daemon // import "github.com/docker/docker/daemon"
diff --git a/daemon/monitor.go b/daemon/monitor.go
index 9b4452d7efc0b..36b82f17a7d60 100644
--- a/daemon/monitor.go
+++ b/daemon/monitor.go
@@ -2,16 +2,14 @@ package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"context"
-	"errors"
-	"fmt"
-	"runtime"
 	"strconv"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/libcontainerd"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
 	"github.com/docker/docker/restartmanager"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
@@ -26,17 +24,98 @@ func (daemon *Daemon) setStateCounter(c *container.Container) {
 	}
 }
 
+func (daemon *Daemon) handleContainerExit(c *container.Container, e *libcontainerdtypes.EventInfo) error {
+	c.Lock()
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	ec, et, err := daemon.containerd.DeleteTask(ctx, c.ID)
+	cancel()
+	if err != nil {
+		logrus.WithError(err).WithField("container", c.ID).Warnf("failed to delete container from containerd")
+	}
+
+	ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
+	c.StreamConfig.Wait(ctx)
+	cancel()
+
+	c.Reset(false)
+
+	exitStatus := container.ExitStatus{
+		ExitCode: int(ec),
+		ExitedAt: et,
+	}
+	if e != nil {
+		exitStatus.ExitCode = int(e.ExitCode)
+		exitStatus.ExitedAt = e.ExitedAt
+		exitStatus.OOMKilled = e.OOMKilled
+		if e.Error != nil {
+			c.SetError(e.Error)
+		}
+	}
+
+	restart, wait, err := c.RestartManager().ShouldRestart(ec, daemon.IsShuttingDown() || c.HasBeenManuallyStopped, time.Since(c.StartedAt))
+
+	// cancel healthcheck here, they will be automatically
+	// restarted if/when the container is started again
+	daemon.stopHealthchecks(c)
+	attributes := map[string]string{
+		"exitCode": strconv.Itoa(int(ec)),
+	}
+	daemon.Cleanup(c)
+
+	if err == nil && restart {
+		c.RestartCount++
+		c.SetRestarting(&exitStatus)
+	} else {
+		c.SetStopped(&exitStatus)
+		defer daemon.autoRemove(c)
+	}
+	defer c.Unlock() // needs to be called before autoRemove
+
+	daemon.setStateCounter(c)
+	cpErr := c.CheckpointTo(daemon.containersReplica)
+
+	daemon.LogContainerEventWithAttributes(c, "die", attributes)
+
+	if err == nil && restart {
+		go func() {
+			err := <-wait
+			if err == nil {
+				// daemon.netController is initialized when daemon is restoring containers.
+				// But containerStart will use daemon.netController segment.
+				// So to avoid panic at startup process, here must wait util daemon restore done.
+				daemon.waitForStartupDone()
+				if err = daemon.containerStart(c, "", "", false); err != nil {
+					logrus.Debugf("failed to restart container: %+v", err)
+				}
+			}
+			if err != nil {
+				c.Lock()
+				c.SetStopped(&exitStatus)
+				daemon.setStateCounter(c)
+				c.CheckpointTo(daemon.containersReplica)
+				c.Unlock()
+				defer daemon.autoRemove(c)
+				if err != restartmanager.ErrRestartCanceled {
+					logrus.Errorf("restartmanger wait error: %+v", err)
+				}
+			}
+		}()
+	}
+
+	return cpErr
+}
+
 // ProcessEvent is called by libcontainerd whenever an event occurs
-func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libcontainerd.EventInfo) error {
+func (daemon *Daemon) ProcessEvent(id string, e libcontainerdtypes.EventType, ei libcontainerdtypes.EventInfo) error {
 	c, err := daemon.GetContainer(id)
-	if c == nil || err != nil {
-		return fmt.Errorf("no such container: %s", id)
+	if err != nil {
+		return errors.Wrapf(err, "could not find container %s", id)
 	}
 
 	switch e {
-	case libcontainerd.EventOOM:
+	case libcontainerdtypes.EventOOM:
 		// StateOOM is Linux specific and should never be hit on Windows
-		if runtime.GOOS == "windows" {
+		if isWindows {
 			return errors.New("received StateOOM from libcontainerd on Windows. This should never happen")
 		}
 
@@ -48,79 +127,23 @@ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libc
 		}
 
 		daemon.LogContainerEvent(c, "oom")
-	case libcontainerd.EventExit:
+	case libcontainerdtypes.EventExit:
 		if int(ei.Pid) == c.Pid {
-			c.Lock()
-			_, _, err := daemon.containerd.DeleteTask(context.Background(), c.ID)
-			if err != nil {
-				logrus.WithError(err).Warnf("failed to delete container %s from containerd", c.ID)
-			}
-
-			c.StreamConfig.Wait()
-			c.Reset(false)
-
-			exitStatus := container.ExitStatus{
-				ExitCode:  int(ei.ExitCode),
-				ExitedAt:  ei.ExitedAt,
-				OOMKilled: ei.OOMKilled,
-			}
-			restart, wait, err := c.RestartManager().ShouldRestart(ei.ExitCode, daemon.IsShuttingDown() || c.HasBeenManuallyStopped, time.Since(c.StartedAt))
-			if err == nil && restart {
-				c.RestartCount++
-				c.SetRestarting(&exitStatus)
-			} else {
-				if ei.Error != nil {
-					c.SetError(ei.Error)
-				}
-				c.SetStopped(&exitStatus)
-				defer daemon.autoRemove(c)
-			}
-			defer c.Unlock() // needs to be called before autoRemove
-
-			// cancel healthcheck here, they will be automatically
-			// restarted if/when the container is started again
-			daemon.stopHealthchecks(c)
-			attributes := map[string]string{
-				"exitCode": strconv.Itoa(int(ei.ExitCode)),
-			}
-			daemon.LogContainerEventWithAttributes(c, "die", attributes)
-			daemon.Cleanup(c)
-
-			if err == nil && restart {
-				go func() {
-					err := <-wait
-					if err == nil {
-						// daemon.netController is initialized when daemon is restoring containers.
-						// But containerStart will use daemon.netController segment.
-						// So to avoid panic at startup process, here must wait util daemon restore done.
-						daemon.waitForStartupDone()
-						if err = daemon.containerStart(c, "", "", false); err != nil {
-							logrus.Debugf("failed to restart container: %+v", err)
-						}
-					}
-					if err != nil {
-						c.Lock()
-						c.SetStopped(&exitStatus)
-						c.Unlock()
-						defer daemon.autoRemove(c)
-						if err != restartmanager.ErrRestartCanceled {
-							logrus.Errorf("restartmanger wait error: %+v", err)
-						}
-					}
-				}()
-			}
-
-			daemon.setStateCounter(c)
-			return c.CheckpointTo(daemon.containersReplica)
+			return daemon.handleContainerExit(c, &ei)
 		}
 
+		exitCode := 127
 		if execConfig := c.ExecCommands.Get(ei.ProcessID); execConfig != nil {
 			ec := int(ei.ExitCode)
 			execConfig.Lock()
 			defer execConfig.Unlock()
 			execConfig.ExitCode = &ec
 			execConfig.Running = false
-			execConfig.StreamConfig.Wait()
+
+			ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+			execConfig.StreamConfig.Wait(ctx)
+			cancel()
+
 			if err := execConfig.CloseStreams(); err != nil {
 				logrus.Errorf("failed to cleanup exec %s streams: %s", c.ID, err)
 			}
@@ -128,19 +151,15 @@ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libc
 			// remove the exec command from the container's store only and not the
 			// daemon's store so that the exec command can be inspected.
 			c.ExecCommands.Delete(execConfig.ID, execConfig.Pid)
-			attributes := map[string]string{
-				"execID":   execConfig.ID,
-				"exitCode": strconv.Itoa(ec),
-			}
-			daemon.LogContainerEventWithAttributes(c, "exec_die", attributes)
-		} else {
-			logrus.WithFields(logrus.Fields{
-				"container": c.ID,
-				"exec-id":   ei.ProcessID,
-				"exec-pid":  ei.Pid,
-			}).Warn("Ignoring Exit Event, no such exec command found")
+
+			exitCode = ec
+		}
+		attributes := map[string]string{
+			"execID":   ei.ProcessID,
+			"exitCode": strconv.Itoa(exitCode),
 		}
-	case libcontainerd.EventStart:
+		daemon.LogContainerEventWithAttributes(c, "exec_die", attributes)
+	case libcontainerdtypes.EventStart:
 		c.Lock()
 		defer c.Unlock()
 
@@ -159,7 +178,7 @@ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libc
 			daemon.LogContainerEvent(c, "start")
 		}
 
-	case libcontainerd.EventPaused:
+	case libcontainerdtypes.EventPaused:
 		c.Lock()
 		defer c.Unlock()
 
@@ -172,7 +191,7 @@ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libc
 			}
 			daemon.LogContainerEvent(c, "pause")
 		}
-	case libcontainerd.EventResumed:
+	case libcontainerdtypes.EventResumed:
 		c.Lock()
 		defer c.Unlock()
 
@@ -198,15 +217,13 @@ func (daemon *Daemon) autoRemove(c *container.Container) {
 		return
 	}
 
-	var err error
-	if err = daemon.ContainerRm(c.ID, &types.ContainerRmConfig{ForceRemove: true, RemoveVolume: true}); err == nil {
+	err := daemon.ContainerRm(c.ID, &types.ContainerRmConfig{ForceRemove: true, RemoveVolume: true})
+	if err == nil {
 		return
 	}
 	if c := daemon.containers.Get(c.ID); c == nil {
 		return
 	}
 
-	if err != nil {
-		logrus.WithError(err).WithField("container", c.ID).Error("error removing container")
-	}
+	logrus.WithError(err).WithField("container", c.ID).Error("error removing container")
 }
diff --git a/daemon/names.go b/daemon/names.go
index 6c319497772bb..4fa39af2eeb5e 100644
--- a/daemon/names.go
+++ b/daemon/names.go
@@ -38,7 +38,7 @@ func (daemon *Daemon) registerName(container *container.Container) error {
 func (daemon *Daemon) generateIDAndName(name string) (string, string, error) {
 	var (
 		err error
-		id  = stringid.GenerateNonCryptoID()
+		id  = stringid.GenerateRandomID()
 	)
 
 	if name == "" {
diff --git a/daemon/network.go b/daemon/network.go
index f7675a65680cb..fc84eaa164ce8 100644
--- a/daemon/network.go
+++ b/daemon/network.go
@@ -17,18 +17,18 @@ import (
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
 	internalnetwork "github.com/docker/docker/daemon/network"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libnetwork"
+	lncluster "github.com/docker/docker/libnetwork/cluster"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/networkdb"
+	"github.com/docker/docker/libnetwork/options"
+	networktypes "github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/go-connections/nat"
-	"github.com/docker/libnetwork"
-	lncluster "github.com/docker/libnetwork/cluster"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/networkdb"
-	"github.com/docker/libnetwork/options"
-	networktypes "github.com/docker/libnetwork/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -155,7 +155,7 @@ var (
 func (daemon *Daemon) startIngressWorker() {
 	ingressJobsChannel = make(chan *ingressJob, 100)
 	go func() {
-		// nolint: gosimple
+		//nolint: gosimple
 		for {
 			select {
 			case r := <-ingressJobsChannel:
@@ -365,7 +365,7 @@ func (daemon *Daemon) createNetwork(create types.NetworkCreateRequest, id string
 	n, err := c.NewNetwork(driver, create.Name, id, nwOptions...)
 	if err != nil {
 		if _, ok := err.(libnetwork.ErrDataStoreNotInitialized); ok {
-			// nolint: golint
+			//nolint: golint
 			return nil, errors.New("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again.")
 		}
 		return nil, err
@@ -430,12 +430,12 @@ func getIpamConfig(data []network.IPAMConfig) ([]*libnetwork.IpamConf, []*libnet
 
 // UpdateContainerServiceConfig updates a service configuration.
 func (daemon *Daemon) UpdateContainerServiceConfig(containerName string, serviceConfig *clustertypes.ServiceConfig) error {
-	container, err := daemon.GetContainer(containerName)
+	ctr, err := daemon.GetContainer(containerName)
 	if err != nil {
 		return err
 	}
 
-	container.NetworkSettings.Service = serviceConfig
+	ctr.NetworkSettings.Service = serviceConfig
 	return nil
 }
 
@@ -443,24 +443,24 @@ func (daemon *Daemon) UpdateContainerServiceConfig(containerName string, service
 // network. If either cannot be found, an err is returned. If the
 // network cannot be set up, an err is returned.
 func (daemon *Daemon) ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error {
-	container, err := daemon.GetContainer(containerName)
+	ctr, err := daemon.GetContainer(containerName)
 	if err != nil {
 		return err
 	}
-	return daemon.ConnectToNetwork(container, networkName, endpointConfig)
+	return daemon.ConnectToNetwork(ctr, networkName, endpointConfig)
 }
 
 // DisconnectContainerFromNetwork disconnects the given container from
 // the given network. If either cannot be found, an err is returned.
 func (daemon *Daemon) DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error {
-	container, err := daemon.GetContainer(containerName)
+	ctr, err := daemon.GetContainer(containerName)
 	if err != nil {
 		if force {
 			return daemon.ForceEndpointDelete(containerName, networkName)
 		}
 		return err
 	}
-	return daemon.DisconnectFromNetwork(container, networkName, force)
+	return daemon.DisconnectFromNetwork(ctr, networkName, force)
 }
 
 // GetNetworkDriverList returns the list of plugins drivers
@@ -485,10 +485,10 @@ func (daemon *Daemon) GetNetworkDriverList() []string {
 
 	networks := daemon.netController.Networks()
 
-	for _, network := range networks {
-		if !pluginMap[network.Type()] {
-			pluginList = append(pluginList, network.Type())
-			pluginMap[network.Type()] = true
+	for _, nw := range networks {
+		if !pluginMap[nw.Type()] {
+			pluginList = append(pluginList, nw.Type())
+			pluginMap[nw.Type()] = true
 		}
 	}
 
@@ -573,9 +573,9 @@ func (daemon *Daemon) GetNetworks(filter filters.Args, config types.NetworkListC
 	}
 
 	if config.Detailed {
-		for i, n := range list {
-			np := &n
-			buildDetailedNetworkResources(np, idx[n.ID], config.Verbose)
+		for i := range list {
+			np := &list[i]
+			buildDetailedNetworkResources(np, idx[np.ID], config.Verbose)
 			list[i] = *np
 		}
 	}
@@ -796,7 +796,7 @@ func buildCreateEndpointOptions(c *container.Container, n libnetwork.Network, ep
 
 	defaultNetName := runconfig.DefaultDaemonNetworkMode().NetworkName()
 
-	if (!c.EnableServiceDiscoveryOnDefaultNetwork() && n.Name() == defaultNetName) ||
+	if (!serviceDiscoveryOnDefaultNetwork() && n.Name() == defaultNetName) ||
 		c.NetworkSettings.IsAnonymousEndpoint {
 		createOptions = append(createOptions, libnetwork.CreateOptionAnonymous())
 	}
@@ -960,12 +960,6 @@ func buildCreateEndpointOptions(c *container.Container, n libnetwork.Network, ep
 	return createOptions, nil
 }
 
-// getEndpointInNetwork returns the container's endpoint to the provided network.
-func getEndpointInNetwork(name string, n libnetwork.Network) (libnetwork.Endpoint, error) {
-	endpointName := strings.TrimPrefix(name, "/")
-	return n.EndpointByName(endpointName)
-}
-
 // getSandboxPortMapInfo retrieves the current port-mapping programmed for the given sandbox
 func getSandboxPortMapInfo(sb libnetwork.Sandbox) nat.PortMap {
 	pm := nat.PortMap{}
diff --git a/daemon/network/filter.go b/daemon/network/filter.go
index 01a7d2dd81451..258a0f4446797 100644
--- a/daemon/network/filter.go
+++ b/daemon/network/filter.go
@@ -3,6 +3,7 @@ package network // import "github.com/docker/docker/daemon/network"
 import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/runconfig"
 	"github.com/pkg/errors"
 )
@@ -51,6 +52,24 @@ func FilterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.N
 		displayNet = append(displayNet, nw)
 	}
 
+	if values := filter.Get("dangling"); len(values) > 0 {
+		if len(values) > 1 {
+			return nil, errdefs.InvalidParameter(errors.New(`got more than one value for filter key "dangling"`))
+		}
+
+		var danglingOnly bool
+		switch values[0] {
+		case "0", "false":
+			// dangling is false already
+		case "1", "true":
+			danglingOnly = true
+		default:
+			return nil, errdefs.InvalidParameter(errors.New(`invalid value for filter 'dangling', must be "true" (or "1"), or "false" (or "0")`))
+		}
+
+		displayNet = filterNetworkByUse(displayNet, danglingOnly)
+	}
+
 	if filter.Contains("type") {
 		typeNet := []types.NetworkResource{}
 		errFilter := filter.WalkValues("type", func(fval string) error {
@@ -70,6 +89,25 @@ func FilterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.N
 	return displayNet, nil
 }
 
+func filterNetworkByUse(nws []types.NetworkResource, danglingOnly bool) []types.NetworkResource {
+	retNws := []types.NetworkResource{}
+
+	filterFunc := func(nw types.NetworkResource) bool {
+		if danglingOnly {
+			return !runconfig.IsPreDefinedNetwork(nw.Name) && len(nw.Containers) == 0 && len(nw.Services) == 0
+		}
+		return runconfig.IsPreDefinedNetwork(nw.Name) || len(nw.Containers) > 0 || len(nw.Services) > 0
+	}
+
+	for _, nw := range nws {
+		if filterFunc(nw) {
+			retNws = append(retNws, nw)
+		}
+	}
+
+	return retNws
+}
+
 func filterNetworkByType(nws []types.NetworkResource, netType string) ([]types.NetworkResource, error) {
 	retNws := []types.NetworkResource{}
 	switch netType {
diff --git a/daemon/network/filter_test.go b/daemon/network/filter_test.go
index d3180a05a93f8..40634f80e1040 100644
--- a/daemon/network/filter_test.go
+++ b/daemon/network/filter_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package network // import "github.com/docker/docker/daemon/network"
@@ -42,6 +43,16 @@ func TestFilterNetworks(t *testing.T) {
 			Driver: "mykvdriver",
 			Scope:  "global",
 		},
+		{
+			Name:   "networkwithcontainer",
+			Driver: "nwc",
+			Scope:  "local",
+			Containers: map[string]types.EndpointResource{
+				"customcontainer": {
+					Name: "customendpoint",
+				},
+			},
+		},
 	}
 
 	bridgeDriverFilters := filters.NewArgs()
@@ -71,11 +82,18 @@ func TestFilterNetworks(t *testing.T) {
 	globalScopeFilters := filters.NewArgs()
 	globalScopeFilters.Add("scope", "global")
 
+	trueDanglingFilters := filters.NewArgs()
+	trueDanglingFilters.Add("dangling", "true")
+
+	falseDanglingFilters := filters.NewArgs()
+	falseDanglingFilters.Add("dangling", "false")
+
 	testCases := []struct {
 		filter      filters.Args
 		resultCount int
 		err         string
 		name        string
+		results     []string
 	}{
 		{
 			filter:      bridgeDriverFilters,
@@ -97,7 +115,7 @@ func TestFilterNetworks(t *testing.T) {
 		},
 		{
 			filter:      customDriverFilters,
-			resultCount: 3,
+			resultCount: 4,
 			err:         "",
 			name:        "custom driver filters",
 		},
@@ -115,7 +133,7 @@ func TestFilterNetworks(t *testing.T) {
 		},
 		{
 			filter:      localScopeFilters,
-			resultCount: 4,
+			resultCount: 5,
 			err:         "",
 			name:        "local scope filters",
 		},
@@ -131,6 +149,20 @@ func TestFilterNetworks(t *testing.T) {
 			err:         "",
 			name:        "global scope filters",
 		},
+		{
+			filter:      trueDanglingFilters,
+			resultCount: 3,
+			err:         "",
+			name:        "dangling filter is 'True'",
+			results:     []string{"myoverlay", "mydrivernet", "mykvnet"},
+		},
+		{
+			filter:      falseDanglingFilters,
+			resultCount: 4,
+			err:         "",
+			name:        "dangling filter is 'False'",
+			results:     []string{"host", "bridge", "none", "networkwithcontainer"},
+		},
 	}
 
 	for _, testCase := range testCases {
@@ -157,6 +189,18 @@ func TestFilterNetworks(t *testing.T) {
 				if len(result) != testCase.resultCount {
 					t.Fatalf("expect '%d' networks, got '%d' networks", testCase.resultCount, len(result))
 				}
+
+				if len(testCase.results) > 0 {
+					resultMap := make(map[string]bool)
+					for _, r := range result {
+						resultMap[r.Name] = true
+					}
+					for _, r := range testCase.results {
+						if _, ok := resultMap[r]; !ok {
+							t.Fatalf("expected result: '%s' not found", r)
+						}
+					}
+				}
 			}
 		})
 	}
diff --git a/daemon/network/settings.go b/daemon/network/settings.go
index 7696d402018c8..39646c45ee36a 100644
--- a/daemon/network/settings.go
+++ b/daemon/network/settings.go
@@ -39,8 +39,8 @@ type EndpointSettings struct {
 // AttachmentStore stores the load balancer IP address for a network id.
 type AttachmentStore struct {
 	sync.Mutex
-	//key: networkd id
-	//value: load balancer ip address
+	// key: networkd id
+	// value: load balancer ip address
 	networkToNodeLBIP map[string]net.IP
 }
 
diff --git a/daemon/network_windows.go b/daemon/network_windows.go
new file mode 100644
index 0000000000000..75064cebd8cbe
--- /dev/null
+++ b/daemon/network_windows.go
@@ -0,0 +1,13 @@
+package daemon
+
+import (
+	"strings"
+
+	"github.com/docker/docker/libnetwork"
+)
+
+// getEndpointInNetwork returns the container's endpoint to the provided network.
+func getEndpointInNetwork(name string, n libnetwork.Network) (libnetwork.Endpoint, error) {
+	endpointName := strings.TrimPrefix(name, "/")
+	return n.EndpointByName(endpointName)
+}
diff --git a/daemon/nvidia_linux.go b/daemon/nvidia_linux.go
new file mode 100644
index 0000000000000..9f1c9141465f4
--- /dev/null
+++ b/daemon/nvidia_linux.go
@@ -0,0 +1,105 @@
+package daemon
+
+import (
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+
+	"github.com/containerd/containerd/contrib/nvidia"
+	"github.com/docker/docker/pkg/capabilities"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+// TODO: nvidia should not be hard-coded, and should be a device plugin instead on the daemon object.
+// TODO: add list of device capabilities in daemon/node info
+
+var errConflictCountDeviceIDs = errors.New("cannot set both Count and DeviceIDs on device request")
+
+const nvidiaHook = "nvidia-container-runtime-hook"
+
+// These are NVIDIA-specific capabilities stolen from github.com/containerd/containerd/contrib/nvidia.allCaps
+var allNvidiaCaps = map[nvidia.Capability]struct{}{
+	nvidia.Compute:  {},
+	nvidia.Compat32: {},
+	nvidia.Graphics: {},
+	nvidia.Utility:  {},
+	nvidia.Video:    {},
+	nvidia.Display:  {},
+}
+
+func init() {
+	if _, err := exec.LookPath(nvidiaHook); err != nil {
+		// do not register Nvidia driver if helper binary is not present.
+		return
+	}
+	capset := capabilities.Set{"gpu": struct{}{}, "nvidia": struct{}{}}
+	nvidiaDriver := &deviceDriver{
+		capset:     capset,
+		updateSpec: setNvidiaGPUs,
+	}
+	for c := range allNvidiaCaps {
+		nvidiaDriver.capset[string(c)] = struct{}{}
+	}
+	registerDeviceDriver("nvidia", nvidiaDriver)
+}
+
+func setNvidiaGPUs(s *specs.Spec, dev *deviceInstance) error {
+	req := dev.req
+	if req.Count != 0 && len(req.DeviceIDs) > 0 {
+		return errConflictCountDeviceIDs
+	}
+
+	if len(req.DeviceIDs) > 0 {
+		s.Process.Env = append(s.Process.Env, "NVIDIA_VISIBLE_DEVICES="+strings.Join(req.DeviceIDs, ","))
+	} else if req.Count > 0 {
+		s.Process.Env = append(s.Process.Env, "NVIDIA_VISIBLE_DEVICES="+countToDevices(req.Count))
+	} else if req.Count < 0 {
+		s.Process.Env = append(s.Process.Env, "NVIDIA_VISIBLE_DEVICES=all")
+	}
+
+	var nvidiaCaps []string
+	// req.Capabilities contains device capabilities, some but not all are NVIDIA driver capabilities.
+	for _, c := range dev.selectedCaps {
+		nvcap := nvidia.Capability(c)
+		if _, isNvidiaCap := allNvidiaCaps[nvcap]; isNvidiaCap {
+			nvidiaCaps = append(nvidiaCaps, c)
+			continue
+		}
+		// TODO: nvidia.WithRequiredCUDAVersion
+		// for now we let the prestart hook verify cuda versions but errors are not pretty.
+	}
+
+	if nvidiaCaps != nil {
+		s.Process.Env = append(s.Process.Env, "NVIDIA_DRIVER_CAPABILITIES="+strings.Join(nvidiaCaps, ","))
+	}
+
+	path, err := exec.LookPath(nvidiaHook)
+	if err != nil {
+		return err
+	}
+
+	if s.Hooks == nil {
+		s.Hooks = &specs.Hooks{}
+	}
+	s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{
+		Path: path,
+		Args: []string{
+			nvidiaHook,
+			"prestart",
+		},
+		Env: os.Environ(),
+	})
+
+	return nil
+}
+
+// countToDevices returns the list 0, 1, ... count-1 of deviceIDs.
+func countToDevices(count int) string {
+	devices := make([]string, count)
+	for i := range devices {
+		devices[i] = strconv.Itoa(i)
+	}
+	return strings.Join(devices, ",")
+}
diff --git a/daemon/oci.go b/daemon/oci.go
deleted file mode 100644
index 52050e24faee7..0000000000000
--- a/daemon/oci.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package daemon // import "github.com/docker/docker/daemon"
-
-import (
-	"fmt"
-	"regexp"
-	"strconv"
-
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/daemon/caps"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// nolint: gosimple
-var (
-	deviceCgroupRuleRegex = regexp.MustCompile("^([acb]) ([0-9]+|\\*):([0-9]+|\\*) ([rwm]{1,3})$")
-)
-
-func setCapabilities(s *specs.Spec, c *container.Container) error {
-	var caplist []string
-	var err error
-	if c.HostConfig.Privileged {
-		caplist = caps.GetAllCapabilities()
-	} else {
-		caplist, err = caps.TweakCapabilities(s.Process.Capabilities.Bounding, c.HostConfig.CapAdd, c.HostConfig.CapDrop)
-		if err != nil {
-			return err
-		}
-	}
-	s.Process.Capabilities.Effective = caplist
-	s.Process.Capabilities.Bounding = caplist
-	s.Process.Capabilities.Permitted = caplist
-	s.Process.Capabilities.Inheritable = caplist
-	// setUser has already been executed here
-	// if non root drop capabilities in the way execve does
-	if s.Process.User.UID != 0 {
-		s.Process.Capabilities.Effective = []string{}
-		s.Process.Capabilities.Permitted = []string{}
-	}
-	return nil
-}
-
-func appendDevicePermissionsFromCgroupRules(devPermissions []specs.LinuxDeviceCgroup, rules []string) ([]specs.LinuxDeviceCgroup, error) {
-	for _, deviceCgroupRule := range rules {
-		ss := deviceCgroupRuleRegex.FindAllStringSubmatch(deviceCgroupRule, -1)
-		if len(ss[0]) != 5 {
-			return nil, fmt.Errorf("invalid device cgroup rule format: '%s'", deviceCgroupRule)
-		}
-		matches := ss[0]
-
-		dPermissions := specs.LinuxDeviceCgroup{
-			Allow:  true,
-			Type:   matches[1],
-			Access: matches[4],
-		}
-		if matches[2] == "*" {
-			major := int64(-1)
-			dPermissions.Major = &major
-		} else {
-			major, err := strconv.ParseInt(matches[2], 10, 64)
-			if err != nil {
-				return nil, fmt.Errorf("invalid major value in device cgroup rule format: '%s'", deviceCgroupRule)
-			}
-			dPermissions.Major = &major
-		}
-		if matches[3] == "*" {
-			minor := int64(-1)
-			dPermissions.Minor = &minor
-		} else {
-			minor, err := strconv.ParseInt(matches[3], 10, 64)
-			if err != nil {
-				return nil, fmt.Errorf("invalid minor value in device cgroup rule format: '%s'", deviceCgroupRule)
-			}
-			dPermissions.Minor = &minor
-		}
-		devPermissions = append(devPermissions, dPermissions)
-	}
-	return devPermissions, nil
-}
diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
index dfe02796a5083..5136b4097cc84 100644
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
@@ -1,8 +1,8 @@
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
-	"io"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -10,201 +10,206 @@ import (
 	"strconv"
 	"strings"
 
+	cdcgroups "github.com/containerd/cgroups"
+	"github.com/containerd/containerd/containers"
+	coci "github.com/containerd/containerd/oci"
+	"github.com/containerd/containerd/pkg/apparmor"
+	"github.com/containerd/containerd/pkg/userns"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	daemonconfig "github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/oci"
+	"github.com/docker/docker/oci/caps"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/rootless/specconv"
 	volumemounts "github.com/docker/docker/volume/mounts"
-	"github.com/opencontainers/runc/libcontainer/apparmor"
+	"github.com/moby/sys/mount"
+	"github.com/moby/sys/mountinfo"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/user"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
-const (
-	inContainerInitPath = "/sbin/" + daemonconfig.DefaultInitBinary
-)
-
-func setResources(s *specs.Spec, r containertypes.Resources) error {
-	weightDevices, err := getBlkioWeightDevices(r)
-	if err != nil {
-		return err
-	}
-	readBpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceReadBps)
-	if err != nil {
-		return err
-	}
-	writeBpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceWriteBps)
-	if err != nil {
-		return err
-	}
-	readIOpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceReadIOps)
-	if err != nil {
-		return err
-	}
-	writeIOpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceWriteIOps)
-	if err != nil {
-		return err
-	}
-
-	memoryRes := getMemoryResources(r)
-	cpuRes, err := getCPUResources(r)
-	if err != nil {
-		return err
-	}
-	blkioWeight := r.BlkioWeight
-
-	specResources := &specs.LinuxResources{
-		Memory: memoryRes,
-		CPU:    cpuRes,
-		BlockIO: &specs.LinuxBlockIO{
-			Weight:                  &blkioWeight,
-			WeightDevice:            weightDevices,
-			ThrottleReadBpsDevice:   readBpsDevice,
-			ThrottleWriteBpsDevice:  writeBpsDevice,
-			ThrottleReadIOPSDevice:  readIOpsDevice,
-			ThrottleWriteIOPSDevice: writeIOpsDevice,
-		},
-		Pids: &specs.LinuxPids{
-			Limit: r.PidsLimit,
-		},
-	}
+const inContainerInitPath = "/sbin/" + daemonconfig.DefaultInitBinary
+
+// WithRlimits sets the container's rlimits along with merging the daemon's rlimits
+func WithRlimits(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		var rlimits []specs.POSIXRlimit
+
+		// We want to leave the original HostConfig alone so make a copy here
+		hostConfig := *c.HostConfig
+		// Merge with the daemon defaults
+		daemon.mergeUlimits(&hostConfig)
+		for _, ul := range hostConfig.Ulimits {
+			rlimits = append(rlimits, specs.POSIXRlimit{
+				Type: "RLIMIT_" + strings.ToUpper(ul.Name),
+				Soft: uint64(ul.Soft),
+				Hard: uint64(ul.Hard),
+			})
+		}
 
-	if s.Linux.Resources != nil && len(s.Linux.Resources.Devices) > 0 {
-		specResources.Devices = s.Linux.Resources.Devices
+		s.Process.Rlimits = rlimits
+		return nil
 	}
-
-	s.Linux.Resources = specResources
-	return nil
 }
 
-func setDevices(s *specs.Spec, c *container.Container) error {
-	// Build lists of devices allowed and created within the container.
-	var devs []specs.LinuxDevice
-	devPermissions := s.Linux.Resources.Devices
-	if c.HostConfig.Privileged {
-		hostDevices, err := devices.HostDevices()
-		if err != nil {
-			return err
+// WithLibnetwork sets the libnetwork hook
+func WithLibnetwork(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		if s.Hooks == nil {
+			s.Hooks = &specs.Hooks{}
 		}
-		for _, d := range hostDevices {
-			devs = append(devs, oci.Device(d))
-		}
-		devPermissions = []specs.LinuxDeviceCgroup{
-			{
-				Allow:  true,
-				Access: "rwm",
-			},
+		for _, ns := range s.Linux.Namespaces {
+			if ns.Type == "network" && ns.Path == "" && !c.Config.NetworkDisabled {
+				target := filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe")
+				shortNetCtlrID := stringid.TruncateID(daemon.netController.ID())
+				s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{
+					Path: target,
+					Args: []string{
+						"libnetwork-setkey",
+						"-exec-root=" + daemon.configStore.GetExecRoot(),
+						c.ID,
+						shortNetCtlrID,
+					},
+				})
+			}
 		}
-	} else {
-		for _, deviceMapping := range c.HostConfig.Devices {
-			d, dPermissions, err := oci.DevicesFromPath(deviceMapping.PathOnHost, deviceMapping.PathInContainer, deviceMapping.CgroupPermissions)
+		return nil
+	}
+}
+
+// WithRootless sets the spec to the rootless configuration
+func WithRootless(daemon *Daemon) coci.SpecOpts {
+	return func(_ context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		var v2Controllers []string
+		if daemon.getCgroupDriver() == cgroupSystemdDriver {
+			if cdcgroups.Mode() != cdcgroups.Unified {
+				return errors.New("rootless systemd driver doesn't support cgroup v1")
+			}
+			rootlesskitParentEUID := os.Getenv("ROOTLESSKIT_PARENT_EUID")
+			if rootlesskitParentEUID == "" {
+				return errors.New("$ROOTLESSKIT_PARENT_EUID is not set (requires RootlessKit v0.8.0)")
+			}
+			euid, err := strconv.Atoi(rootlesskitParentEUID)
+			if err != nil {
+				return errors.Wrap(err, "invalid $ROOTLESSKIT_PARENT_EUID: must be a numeric value")
+			}
+			controllersPath := fmt.Sprintf("/sys/fs/cgroup/user.slice/user-%d.slice/cgroup.controllers", euid)
+			controllersFile, err := os.ReadFile(controllersPath)
 			if err != nil {
 				return err
 			}
-			devs = append(devs, d...)
-			devPermissions = append(devPermissions, dPermissions...)
-		}
-
-		var err error
-		devPermissions, err = appendDevicePermissionsFromCgroupRules(devPermissions, c.HostConfig.DeviceCgroupRules)
-		if err != nil {
-			return err
+			v2Controllers = strings.Fields(string(controllersFile))
 		}
+		return specconv.ToRootless(s, v2Controllers)
 	}
+}
 
-	s.Linux.Devices = append(s.Linux.Devices, devs...)
-	s.Linux.Resources.Devices = devPermissions
-	return nil
+// WithOOMScore sets the oom score
+func WithOOMScore(score *int) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		s.Process.OOMScoreAdj = score
+		return nil
+	}
 }
 
-func (daemon *Daemon) setRlimits(s *specs.Spec, c *container.Container) error {
-	var rlimits []specs.POSIXRlimit
-
-	// We want to leave the original HostConfig alone so make a copy here
-	hostConfig := *c.HostConfig
-	// Merge with the daemon defaults
-	daemon.mergeUlimits(&hostConfig)
-	for _, ul := range hostConfig.Ulimits {
-		rlimits = append(rlimits, specs.POSIXRlimit{
-			Type: "RLIMIT_" + strings.ToUpper(ul.Name),
-			Soft: uint64(ul.Soft),
-			Hard: uint64(ul.Hard),
-		})
+// WithSelinux sets the selinux labels
+func WithSelinux(c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		s.Process.SelinuxLabel = c.GetProcessLabel()
+		s.Linux.MountLabel = c.MountLabel
+		return nil
 	}
+}
 
-	s.Process.Rlimits = rlimits
-	return nil
+// WithApparmor sets the apparmor profile
+func WithApparmor(c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		if apparmor.HostSupports() {
+			var appArmorProfile string
+			if c.AppArmorProfile != "" {
+				appArmorProfile = c.AppArmorProfile
+			} else if c.HostConfig.Privileged {
+				appArmorProfile = unconfinedAppArmorProfile
+			} else {
+				appArmorProfile = defaultAppArmorProfile
+			}
+
+			if appArmorProfile == defaultAppArmorProfile {
+				// Unattended upgrades and other fun services can unload AppArmor
+				// profiles inadvertently. Since we cannot store our profile in
+				// /etc/apparmor.d, nor can we practically add other ways of
+				// telling the system to keep our profile loaded, in order to make
+				// sure that we keep the default profile enabled we dynamically
+				// reload it if necessary.
+				if err := ensureDefaultAppArmorProfile(); err != nil {
+					return err
+				}
+			}
+			s.Process.ApparmorProfile = appArmorProfile
+		}
+		return nil
+	}
 }
 
-func setUser(s *specs.Spec, c *container.Container) error {
-	uid, gid, additionalGids, err := getUser(c, c.Config.User)
-	if err != nil {
-		return err
+// WithCapabilities sets the container's capabilties
+func WithCapabilities(c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		capabilities, err := caps.TweakCapabilities(
+			caps.DefaultCapabilities(),
+			c.HostConfig.CapAdd,
+			c.HostConfig.CapDrop,
+			c.HostConfig.Privileged,
+		)
+		if err != nil {
+			return err
+		}
+		return oci.SetCapabilities(s, capabilities)
 	}
-	s.Process.User.UID = uid
-	s.Process.User.GID = gid
-	s.Process.User.AdditionalGids = additionalGids
-	return nil
 }
 
-func readUserFile(c *container.Container, p string) (io.ReadCloser, error) {
-	fp, err := c.GetResourcePath(p)
+func resourcePath(c *container.Container, getPath func() (string, error)) (string, error) {
+	p, err := getPath()
 	if err != nil {
-		return nil, err
+		return "", err
 	}
-	return os.Open(fp)
+	return c.GetResourcePath(p)
 }
 
-func getUser(c *container.Container, username string) (uint32, uint32, []uint32, error) {
-	passwdPath, err := user.GetPasswdPath()
+func getUser(c *container.Container, username string) (specs.User, error) {
+	var usr specs.User
+	passwdPath, err := resourcePath(c, user.GetPasswdPath)
 	if err != nil {
-		return 0, 0, nil, err
+		return usr, err
 	}
-	groupPath, err := user.GetGroupPath()
+	groupPath, err := resourcePath(c, user.GetGroupPath)
 	if err != nil {
-		return 0, 0, nil, err
-	}
-	passwdFile, err := readUserFile(c, passwdPath)
-	if err == nil {
-		defer passwdFile.Close()
+		return usr, err
 	}
-	groupFile, err := readUserFile(c, groupPath)
-	if err == nil {
-		defer groupFile.Close()
-	}
-
-	execUser, err := user.GetExecUser(username, nil, passwdFile, groupFile)
+	execUser, err := user.GetExecUserPath(username, nil, passwdPath, groupPath)
 	if err != nil {
-		return 0, 0, nil, err
+		return usr, err
 	}
+	usr.UID = uint32(execUser.Uid)
+	usr.GID = uint32(execUser.Gid)
 
-	// todo: fix this double read by a change to libcontainer/user pkg
-	groupFile, err = readUserFile(c, groupPath)
-	if err == nil {
-		defer groupFile.Close()
-	}
 	var addGroups []int
 	if len(c.HostConfig.GroupAdd) > 0 {
-		addGroups, err = user.GetAdditionalGroups(c.HostConfig.GroupAdd, groupFile)
+		addGroups, err = user.GetAdditionalGroupsPath(c.HostConfig.GroupAdd, groupPath)
 		if err != nil {
-			return 0, 0, nil, err
+			return usr, err
 		}
 	}
-	uid := uint32(execUser.Uid)
-	gid := uint32(execUser.Gid)
-	sgids := append(execUser.Sgids, addGroups...)
-	var additionalGids []uint32
-	for _, g := range sgids {
-		additionalGids = append(additionalGids, uint32(g))
+	for _, g := range append(execUser.Sgids, addGroups...) {
+		usr.AdditionalGids = append(usr.AdditionalGids, uint32(g))
 	}
-	return uid, gid, additionalGids, nil
+	return usr, nil
 }
 
 func setNamespace(s *specs.Spec, ns specs.LinuxNamespace) {
@@ -217,99 +222,118 @@ func setNamespace(s *specs.Spec, ns specs.LinuxNamespace) {
 	s.Linux.Namespaces = append(s.Linux.Namespaces, ns)
 }
 
-func setNamespaces(daemon *Daemon, s *specs.Spec, c *container.Container) error {
-	userNS := false
-	// user
-	if c.HostConfig.UsernsMode.IsPrivate() {
-		uidMap := daemon.idMapping.UIDs()
-		if uidMap != nil {
-			userNS = true
-			ns := specs.LinuxNamespace{Type: "user"}
+// WithNamespaces sets the container's namespaces
+func WithNamespaces(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		userNS := false
+		// user
+		if c.HostConfig.UsernsMode.IsPrivate() {
+			uidMap := daemon.idMapping.UIDs()
+			if uidMap != nil {
+				userNS = true
+				ns := specs.LinuxNamespace{Type: "user"}
+				setNamespace(s, ns)
+				s.Linux.UIDMappings = specMapping(uidMap)
+				s.Linux.GIDMappings = specMapping(daemon.idMapping.GIDs())
+			}
+		}
+		// network
+		if !c.Config.NetworkDisabled {
+			ns := specs.LinuxNamespace{Type: "network"}
+			parts := strings.SplitN(string(c.HostConfig.NetworkMode), ":", 2)
+			if parts[0] == "container" {
+				nc, err := daemon.getNetworkedContainer(c.ID, c.HostConfig.NetworkMode.ConnectedContainer())
+				if err != nil {
+					return err
+				}
+				ns.Path = fmt.Sprintf("/proc/%d/ns/net", nc.State.GetPID())
+				if userNS {
+					// to share a net namespace, they must also share a user namespace
+					nsUser := specs.LinuxNamespace{Type: "user"}
+					nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", nc.State.GetPID())
+					setNamespace(s, nsUser)
+				}
+			} else if c.HostConfig.NetworkMode.IsHost() {
+				ns.Path = c.NetworkSettings.SandboxKey
+			}
 			setNamespace(s, ns)
-			s.Linux.UIDMappings = specMapping(uidMap)
-			s.Linux.GIDMappings = specMapping(daemon.idMapping.GIDs())
 		}
-	}
-	// network
-	if !c.Config.NetworkDisabled {
-		ns := specs.LinuxNamespace{Type: "network"}
-		parts := strings.SplitN(string(c.HostConfig.NetworkMode), ":", 2)
-		if parts[0] == "container" {
-			nc, err := daemon.getNetworkedContainer(c.ID, c.HostConfig.NetworkMode.ConnectedContainer())
+
+		// ipc
+		ipcMode := c.HostConfig.IpcMode
+		switch {
+		case ipcMode.IsContainer():
+			ns := specs.LinuxNamespace{Type: "ipc"}
+			ic, err := daemon.getIpcContainer(ipcMode.Container())
 			if err != nil {
 				return err
 			}
-			ns.Path = fmt.Sprintf("/proc/%d/ns/net", nc.State.GetPID())
+			ns.Path = fmt.Sprintf("/proc/%d/ns/ipc", ic.State.GetPID())
+			setNamespace(s, ns)
 			if userNS {
-				// to share a net namespace, they must also share a user namespace
+				// to share an IPC namespace, they must also share a user namespace
 				nsUser := specs.LinuxNamespace{Type: "user"}
-				nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", nc.State.GetPID())
+				nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", ic.State.GetPID())
 				setNamespace(s, nsUser)
 			}
-		} else if c.HostConfig.NetworkMode.IsHost() {
-			ns.Path = c.NetworkSettings.SandboxKey
+		case ipcMode.IsHost():
+			oci.RemoveNamespace(s, "ipc")
+		case ipcMode.IsEmpty():
+			// A container was created by an older version of the daemon.
+			// The default behavior used to be what is now called "shareable".
+			fallthrough
+		case ipcMode.IsPrivate(), ipcMode.IsShareable(), ipcMode.IsNone():
+			ns := specs.LinuxNamespace{Type: "ipc"}
+			setNamespace(s, ns)
+		default:
+			return fmt.Errorf("Invalid IPC mode: %v", ipcMode)
 		}
-		setNamespace(s, ns)
-	}
 
-	// ipc
-	ipcMode := c.HostConfig.IpcMode
-	switch {
-	case ipcMode.IsContainer():
-		ns := specs.LinuxNamespace{Type: "ipc"}
-		ic, err := daemon.getIpcContainer(ipcMode.Container())
-		if err != nil {
-			return err
+		// pid
+		if c.HostConfig.PidMode.IsContainer() {
+			pc, err := daemon.getPidContainer(c)
+			if err != nil {
+				return err
+			}
+			ns := specs.LinuxNamespace{
+				Type: "pid",
+				Path: fmt.Sprintf("/proc/%d/ns/pid", pc.State.GetPID()),
+			}
+			setNamespace(s, ns)
+			if userNS {
+				// to share a PID namespace, they must also share a user namespace
+				nsUser := specs.LinuxNamespace{
+					Type: "user",
+					Path: fmt.Sprintf("/proc/%d/ns/user", pc.State.GetPID()),
+				}
+				setNamespace(s, nsUser)
+			}
+		} else if c.HostConfig.PidMode.IsHost() {
+			oci.RemoveNamespace(s, "pid")
+		} else {
+			ns := specs.LinuxNamespace{Type: "pid"}
+			setNamespace(s, ns)
 		}
-		ns.Path = fmt.Sprintf("/proc/%d/ns/ipc", ic.State.GetPID())
-		setNamespace(s, ns)
-		if userNS {
-			// to share an IPC namespace, they must also share a user namespace
-			nsUser := specs.LinuxNamespace{Type: "user"}
-			nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", ic.State.GetPID())
-			setNamespace(s, nsUser)
-		}
-	case ipcMode.IsHost():
-		oci.RemoveNamespace(s, specs.LinuxNamespaceType("ipc"))
-	case ipcMode.IsEmpty():
-		// A container was created by an older version of the daemon.
-		// The default behavior used to be what is now called "shareable".
-		fallthrough
-	case ipcMode.IsPrivate(), ipcMode.IsShareable(), ipcMode.IsNone():
-		ns := specs.LinuxNamespace{Type: "ipc"}
-		setNamespace(s, ns)
-	default:
-		return fmt.Errorf("Invalid IPC mode: %v", ipcMode)
-	}
-
-	// pid
-	if c.HostConfig.PidMode.IsContainer() {
-		ns := specs.LinuxNamespace{Type: "pid"}
-		pc, err := daemon.getPidContainer(c)
-		if err != nil {
-			return err
+		// uts
+		if c.HostConfig.UTSMode.IsHost() {
+			oci.RemoveNamespace(s, "uts")
+			s.Hostname = ""
 		}
-		ns.Path = fmt.Sprintf("/proc/%d/ns/pid", pc.State.GetPID())
-		setNamespace(s, ns)
-		if userNS {
-			// to share a PID namespace, they must also share a user namespace
-			nsUser := specs.LinuxNamespace{Type: "user"}
-			nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", pc.State.GetPID())
-			setNamespace(s, nsUser)
+
+		// cgroup
+		if !c.HostConfig.CgroupnsMode.IsEmpty() {
+			cgroupNsMode := c.HostConfig.CgroupnsMode
+			if !cgroupNsMode.Valid() {
+				return fmt.Errorf("invalid cgroup namespace mode: %v", cgroupNsMode)
+			}
+			if cgroupNsMode.IsPrivate() {
+				nsCgroup := specs.LinuxNamespace{Type: "cgroup"}
+				setNamespace(s, nsCgroup)
+			}
 		}
-	} else if c.HostConfig.PidMode.IsHost() {
-		oci.RemoveNamespace(s, specs.LinuxNamespaceType("pid"))
-	} else {
-		ns := specs.LinuxNamespace{Type: "pid"}
-		setNamespace(s, ns)
-	}
-	// uts
-	if c.HostConfig.UTSMode.IsHost() {
-		oci.RemoveNamespace(s, specs.LinuxNamespaceType("uts"))
-		s.Hostname = ""
-	}
 
-	return nil
+		return nil
+	}
 }
 
 func specMapping(s []idtools.IDMap) []specs.LinuxIDMapping {
@@ -333,7 +357,7 @@ func getSourceMount(source string) (string, string, error) {
 		return "", "", err
 	}
 
-	mi, err := mount.GetMounts(mount.ParentsFilter(sourcePath))
+	mi, err := mountinfo.GetMounts(mountinfo.ParentsFilter(sourcePath))
 	if err != nil {
 		return "", "", err
 	}
@@ -357,9 +381,9 @@ const (
 	slavePropagationOption  = "master:"
 )
 
-// hasMountinfoOption checks if any of the passed any of the given option values
+// hasMountInfoOption checks if any of the passed any of the given option values
 // are set in the passed in option string.
-func hasMountinfoOption(opts string, vals ...string) bool {
+func hasMountInfoOption(opts string, vals ...string) bool {
 	for _, opt := range strings.Split(opts, " ") {
 		for _, val := range vals {
 			if strings.HasPrefix(opt, val) {
@@ -377,7 +401,7 @@ func ensureShared(path string) error {
 		return err
 	}
 	// Make sure source mount point is shared.
-	if !hasMountinfoOption(optionalOpts, sharedPropagationOption) {
+	if !hasMountInfoOption(optionalOpts, sharedPropagationOption) {
 		return errors.Errorf("path %s is mounted on %s but it is not a shared mount", path, sourceMount)
 	}
 	return nil
@@ -390,7 +414,7 @@ func ensureSharedOrSlave(path string) error {
 		return err
 	}
 
-	if !hasMountinfoOption(optionalOpts, sharedPropagationOption, slavePropagationOption) {
+	if !hasMountInfoOption(optionalOpts, sharedPropagationOption, slavePropagationOption) {
 		return errors.Errorf("path %s is mounted on %s but it is not a shared or slave mount", path, sourceMount)
 	}
 	return nil
@@ -459,394 +483,573 @@ func inSlice(slice []string, s string) bool {
 	return false
 }
 
-func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []container.Mount) error {
-	userMounts := make(map[string]struct{})
-	for _, m := range mounts {
-		userMounts[m.Destination] = struct{}{}
-	}
-
-	// Copy all mounts from spec to defaultMounts, except for
-	//  - mounts overridden by a user supplied mount;
-	//  - all mounts under /dev if a user supplied /dev is present;
-	//  - /dev/shm, in case IpcMode is none.
-	// While at it, also
-	//  - set size for /dev/shm from shmsize.
-	defaultMounts := s.Mounts[:0]
-	_, mountDev := userMounts["/dev"]
-	for _, m := range s.Mounts {
-		if _, ok := userMounts[m.Destination]; ok {
-			// filter out mount overridden by a user supplied mount
-			continue
-		}
-		if mountDev && strings.HasPrefix(m.Destination, "/dev/") {
-			// filter out everything under /dev if /dev is user-mounted
-			continue
-		}
-
-		if m.Destination == "/dev/shm" {
-			if c.HostConfig.IpcMode.IsNone() {
-				// filter out /dev/shm for "none" IpcMode
-				continue
+// WithMounts sets the container's mounts
+func WithMounts(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) (err error) {
+		if err := daemon.setupContainerMountsRoot(c); err != nil {
+			return err
+		}
+
+		if err := daemon.setupIpcDirs(c); err != nil {
+			return err
+		}
+
+		defer func() {
+			if err != nil {
+				daemon.cleanupSecretDir(c)
 			}
-			// set size for /dev/shm mount from spec
-			sizeOpt := "size=" + strconv.FormatInt(c.HostConfig.ShmSize, 10)
-			m.Options = append(m.Options, sizeOpt)
+		}()
+
+		if err := daemon.setupSecretDir(c); err != nil {
+			return err
 		}
 
-		defaultMounts = append(defaultMounts, m)
-	}
+		ms, err := daemon.setupMounts(c)
+		if err != nil {
+			return err
+		}
+
+		if !c.HostConfig.IpcMode.IsPrivate() && !c.HostConfig.IpcMode.IsEmpty() {
+			ms = append(ms, c.IpcMounts()...)
+		}
+
+		tmpfsMounts, err := c.TmpfsMounts()
+		if err != nil {
+			return err
+		}
+		ms = append(ms, tmpfsMounts...)
 
-	s.Mounts = defaultMounts
-	for _, m := range mounts {
-		if m.Source == "tmpfs" {
-			data := m.Data
-			parser := volumemounts.NewParser("linux")
-			options := []string{"noexec", "nosuid", "nodev", string(parser.DefaultPropagationMode())}
-			if data != "" {
-				options = append(options, strings.Split(data, ",")...)
+		secretMounts, err := c.SecretMounts()
+		if err != nil {
+			return err
+		}
+		ms = append(ms, secretMounts...)
+
+		sort.Sort(mounts(ms))
+
+		mounts := ms
+
+		userMounts := make(map[string]struct{})
+		for _, m := range mounts {
+			userMounts[m.Destination] = struct{}{}
+		}
+
+		// Copy all mounts from spec to defaultMounts, except for
+		//  - mounts overridden by a user supplied mount;
+		//  - all mounts under /dev if a user supplied /dev is present;
+		//  - /dev/shm, in case IpcMode is none.
+		// While at it, also
+		//  - set size for /dev/shm from shmsize.
+		defaultMounts := s.Mounts[:0]
+		_, mountDev := userMounts["/dev"]
+		for _, m := range s.Mounts {
+			if _, ok := userMounts[m.Destination]; ok {
+				// filter out mount overridden by a user supplied mount
+				continue
+			}
+			if mountDev && strings.HasPrefix(m.Destination, "/dev/") {
+				// filter out everything under /dev if /dev is user-mounted
+				continue
 			}
 
-			merged, err := mount.MergeTmpfsOptions(options)
-			if err != nil {
-				return err
+			if m.Destination == "/dev/shm" {
+				if c.HostConfig.IpcMode.IsNone() {
+					// filter out /dev/shm for "none" IpcMode
+					continue
+				}
+				// set size for /dev/shm mount from spec
+				sizeOpt := "size=" + strconv.FormatInt(c.HostConfig.ShmSize, 10)
+				m.Options = append(m.Options, sizeOpt)
 			}
 
-			s.Mounts = append(s.Mounts, specs.Mount{Destination: m.Destination, Source: m.Source, Type: "tmpfs", Options: merged})
-			continue
+			defaultMounts = append(defaultMounts, m)
 		}
 
-		mt := specs.Mount{Destination: m.Destination, Source: m.Source, Type: "bind"}
+		s.Mounts = defaultMounts
+		for _, m := range mounts {
+			if m.Source == "tmpfs" {
+				data := m.Data
+				parser := volumemounts.NewParser()
+				options := []string{"noexec", "nosuid", "nodev", string(parser.DefaultPropagationMode())}
+				if data != "" {
+					options = append(options, strings.Split(data, ",")...)
+				}
 
-		// Determine property of RootPropagation based on volume
-		// properties. If a volume is shared, then keep root propagation
-		// shared. This should work for slave and private volumes too.
-		//
-		// For slave volumes, it can be either [r]shared/[r]slave.
-		//
-		// For private volumes any root propagation value should work.
-		pFlag := mountPropagationMap[m.Propagation]
-		switch pFlag {
-		case mount.SHARED, mount.RSHARED:
-			if err := ensureShared(m.Source); err != nil {
-				return err
-			}
-			rootpg := mountPropagationMap[s.Linux.RootfsPropagation]
-			if rootpg != mount.SHARED && rootpg != mount.RSHARED {
-				s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.SHARED]
-			}
-		case mount.SLAVE, mount.RSLAVE:
-			var fallback bool
-			if err := ensureSharedOrSlave(m.Source); err != nil {
-				// For backwards compatibility purposes, treat mounts from the daemon root
-				// as special since we automatically add rslave propagation to these mounts
-				// when the user did not set anything, so we should fallback to the old
-				// behavior which is to use private propagation which is normally the
-				// default.
-				if !strings.HasPrefix(m.Source, daemon.root) && !strings.HasPrefix(daemon.root, m.Source) {
+				merged, err := mount.MergeTmpfsOptions(options)
+				if err != nil {
 					return err
 				}
 
-				cm, ok := c.MountPoints[m.Destination]
-				if !ok {
+				s.Mounts = append(s.Mounts, specs.Mount{Destination: m.Destination, Source: m.Source, Type: "tmpfs", Options: merged})
+				continue
+			}
+
+			mt := specs.Mount{Destination: m.Destination, Source: m.Source, Type: "bind"}
+
+			// Determine property of RootPropagation based on volume
+			// properties. If a volume is shared, then keep root propagation
+			// shared. This should work for slave and private volumes too.
+			//
+			// For slave volumes, it can be either [r]shared/[r]slave.
+			//
+			// For private volumes any root propagation value should work.
+			pFlag := mountPropagationMap[m.Propagation]
+			switch pFlag {
+			case mount.SHARED, mount.RSHARED:
+				if err := ensureShared(m.Source); err != nil {
 					return err
 				}
-				if cm.Spec.BindOptions != nil && cm.Spec.BindOptions.Propagation != "" {
-					// This means the user explicitly set a propagation, do not fallback in that case.
-					return err
+				rootpg := mountPropagationMap[s.Linux.RootfsPropagation]
+				if rootpg != mount.SHARED && rootpg != mount.RSHARED {
+					s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.SHARED]
+				}
+			case mount.SLAVE, mount.RSLAVE:
+				var fallback bool
+				if err := ensureSharedOrSlave(m.Source); err != nil {
+					// For backwards compatibility purposes, treat mounts from the daemon root
+					// as special since we automatically add rslave propagation to these mounts
+					// when the user did not set anything, so we should fallback to the old
+					// behavior which is to use private propagation which is normally the
+					// default.
+					if !strings.HasPrefix(m.Source, daemon.root) && !strings.HasPrefix(daemon.root, m.Source) {
+						return err
+					}
+
+					cm, ok := c.MountPoints[m.Destination]
+					if !ok {
+						return err
+					}
+					if cm.Spec.BindOptions != nil && cm.Spec.BindOptions.Propagation != "" {
+						// This means the user explicitly set a propagation, do not fallback in that case.
+						return err
+					}
+					fallback = true
+					logrus.WithField("container", c.ID).WithField("source", m.Source).Warn("Falling back to default propagation for bind source in daemon root")
+				}
+				if !fallback {
+					rootpg := mountPropagationMap[s.Linux.RootfsPropagation]
+					if rootpg != mount.SHARED && rootpg != mount.RSHARED && rootpg != mount.SLAVE && rootpg != mount.RSLAVE {
+						s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.RSLAVE]
+					}
 				}
-				fallback = true
-				logrus.WithField("container", c.ID).WithField("source", m.Source).Warn("Falling back to default propagation for bind source in daemon root")
 			}
-			if !fallback {
-				rootpg := mountPropagationMap[s.Linux.RootfsPropagation]
-				if rootpg != mount.SHARED && rootpg != mount.RSHARED && rootpg != mount.SLAVE && rootpg != mount.RSLAVE {
-					s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.RSLAVE]
+
+			bindMode := "rbind"
+			if m.NonRecursive {
+				bindMode = "bind"
+			}
+			opts := []string{bindMode}
+			if !m.Writable {
+				opts = append(opts, "ro")
+			}
+			if pFlag != 0 {
+				opts = append(opts, mountPropagationReverseMap[pFlag])
+			}
+
+			// If we are using user namespaces, then we must make sure that we
+			// don't drop any of the CL_UNPRIVILEGED "locked" flags of the source
+			// "mount" when we bind-mount. The reason for this is that at the point
+			// when runc sets up the root filesystem, it is already inside a user
+			// namespace, and thus cannot change any flags that are locked.
+			if daemon.configStore.RemappedRoot != "" || userns.RunningInUserNS() {
+				unprivOpts, err := getUnprivilegedMountFlags(m.Source)
+				if err != nil {
+					return err
 				}
+				opts = append(opts, unprivOpts...)
 			}
+
+			mt.Options = opts
+			s.Mounts = append(s.Mounts, mt)
 		}
 
-		opts := []string{"rbind"}
-		if !m.Writable {
-			opts = append(opts, "ro")
+		if s.Root.Readonly {
+			for i, m := range s.Mounts {
+				switch m.Destination {
+				case "/proc", "/dev/pts", "/dev/shm", "/dev/mqueue", "/dev":
+					continue
+				}
+				if _, ok := userMounts[m.Destination]; !ok {
+					if !inSlice(m.Options, "ro") {
+						s.Mounts[i].Options = append(s.Mounts[i].Options, "ro")
+					}
+				}
+			}
 		}
-		if pFlag != 0 {
-			opts = append(opts, mountPropagationReverseMap[pFlag])
+
+		if c.HostConfig.Privileged {
+			// clear readonly for /sys
+			for i := range s.Mounts {
+				if s.Mounts[i].Destination == "/sys" {
+					clearReadOnly(&s.Mounts[i])
+				}
+			}
+			s.Linux.ReadonlyPaths = nil
+			s.Linux.MaskedPaths = nil
 		}
 
-		// If we are using user namespaces, then we must make sure that we
-		// don't drop any of the CL_UNPRIVILEGED "locked" flags of the source
-		// "mount" when we bind-mount. The reason for this is that at the point
-		// when runc sets up the root filesystem, it is already inside a user
-		// namespace, and thus cannot change any flags that are locked.
-		if daemon.configStore.RemappedRoot != "" {
-			unprivOpts, err := getUnprivilegedMountFlags(m.Source)
-			if err != nil {
-				return err
+		// TODO: until a kernel/mount solution exists for handling remount in a user namespace,
+		// we must clear the readonly flag for the cgroups mount (@mrunalp concurs)
+		if uidMap := daemon.idMapping.UIDs(); uidMap != nil || c.HostConfig.Privileged {
+			for i, m := range s.Mounts {
+				if m.Type == "cgroup" {
+					clearReadOnly(&s.Mounts[i])
+				}
 			}
-			opts = append(opts, unprivOpts...)
 		}
 
-		mt.Options = opts
-		s.Mounts = append(s.Mounts, mt)
+		return nil
+
 	}
+}
 
-	if s.Root.Readonly {
-		for i, m := range s.Mounts {
-			switch m.Destination {
-			case "/proc", "/dev/pts", "/dev/shm", "/dev/mqueue", "/dev":
-				continue
-			}
-			if _, ok := userMounts[m.Destination]; !ok {
-				if !inSlice(m.Options, "ro") {
-					s.Mounts[i].Options = append(s.Mounts[i].Options, "ro")
+// sysctlExists checks if a sysctl exists; runc will error if we add any that do not actually
+// exist, so do not add the default ones if running on an old kernel.
+func sysctlExists(s string) bool {
+	f := filepath.Join("/proc", "sys", strings.Replace(s, ".", "/", -1))
+	_, err := os.Stat(f)
+	return err == nil
+}
+
+// WithCommonOptions sets common docker options
+func WithCommonOptions(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		if c.BaseFS == nil {
+			return errors.New("populateCommonSpec: BaseFS of container " + c.ID + " is unexpectedly nil")
+		}
+		linkedEnv, err := daemon.setupLinkedContainers(c)
+		if err != nil {
+			return err
+		}
+		s.Root = &specs.Root{
+			Path:     c.BaseFS.Path(),
+			Readonly: c.HostConfig.ReadonlyRootfs,
+		}
+		if err := c.SetupWorkingDirectory(daemon.idMapping.RootPair()); err != nil {
+			return err
+		}
+		cwd := c.Config.WorkingDir
+		if len(cwd) == 0 {
+			cwd = "/"
+		}
+		s.Process.Args = append([]string{c.Path}, c.Args...)
+
+		// only add the custom init if it is specified and the container is running in its
+		// own private pid namespace.  It does not make sense to add if it is running in the
+		// host namespace or another container's pid namespace where we already have an init
+		if c.HostConfig.PidMode.IsPrivate() {
+			if (c.HostConfig.Init != nil && *c.HostConfig.Init) ||
+				(c.HostConfig.Init == nil && daemon.configStore.Init) {
+				s.Process.Args = append([]string{inContainerInitPath, "--", c.Path}, c.Args...)
+				path := daemon.configStore.InitPath
+				if path == "" {
+					path, err = exec.LookPath(daemonconfig.DefaultInitBinary)
+					if err != nil {
+						return err
+					}
 				}
+				s.Mounts = append(s.Mounts, specs.Mount{
+					Destination: inContainerInitPath,
+					Type:        "bind",
+					Source:      path,
+					Options:     []string{"bind", "ro"},
+				})
 			}
 		}
-	}
-
-	if c.HostConfig.Privileged {
-		// clear readonly for /sys
-		for i := range s.Mounts {
-			if s.Mounts[i].Destination == "/sys" {
-				clearReadOnly(&s.Mounts[i])
+		s.Process.Cwd = cwd
+		s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
+		s.Process.Terminal = c.Config.Tty
+
+		s.Hostname = c.Config.Hostname
+		setLinuxDomainname(c, s)
+
+		// Add default sysctls that are generally safe and useful; currently we
+		// grant the capabilities to allow these anyway. You can override if
+		// you want to restore the original behaviour.
+		// We do not set network sysctls if network namespace is host, or if we are
+		// joining an existing namespace, only if we create a new net namespace.
+		if c.HostConfig.NetworkMode.IsPrivate() {
+			// We cannot set up ping socket support in a user namespace
+			userNS := daemon.configStore.RemappedRoot != "" && c.HostConfig.UsernsMode.IsPrivate()
+			if !userNS && !userns.RunningInUserNS() && sysctlExists("net.ipv4.ping_group_range") {
+				// allow unprivileged ICMP echo sockets without CAP_NET_RAW
+				s.Linux.Sysctl["net.ipv4.ping_group_range"] = "0 2147483647"
+			}
+			// allow opening any port less than 1024 without CAP_NET_BIND_SERVICE
+			if sysctlExists("net.ipv4.ip_unprivileged_port_start") {
+				s.Linux.Sysctl["net.ipv4.ip_unprivileged_port_start"] = "0"
 			}
 		}
-		s.Linux.ReadonlyPaths = nil
-		s.Linux.MaskedPaths = nil
+
+		return nil
 	}
+}
 
-	// TODO: until a kernel/mount solution exists for handling remount in a user namespace,
-	// we must clear the readonly flag for the cgroups mount (@mrunalp concurs)
-	if uidMap := daemon.idMapping.UIDs(); uidMap != nil || c.HostConfig.Privileged {
-		for i, m := range s.Mounts {
-			if m.Type == "cgroup" {
-				clearReadOnly(&s.Mounts[i])
+// WithCgroups sets the container's cgroups
+func WithCgroups(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		var cgroupsPath string
+		scopePrefix := "docker"
+		parent := "/docker"
+		useSystemd := UsingSystemd(daemon.configStore)
+		if useSystemd {
+			parent = "system.slice"
+			if daemon.configStore.Rootless {
+				parent = "user.slice"
 			}
 		}
-	}
 
-	return nil
-}
+		if c.HostConfig.CgroupParent != "" {
+			parent = c.HostConfig.CgroupParent
+		} else if daemon.configStore.CgroupParent != "" {
+			parent = daemon.configStore.CgroupParent
+		}
 
-func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) error {
-	if c.BaseFS == nil {
-		return errors.New("populateCommonSpec: BaseFS of container " + c.ID + " is unexpectedly nil")
-	}
-	linkedEnv, err := daemon.setupLinkedContainers(c)
-	if err != nil {
-		return err
-	}
-	s.Root = &specs.Root{
-		Path:     c.BaseFS.Path(),
-		Readonly: c.HostConfig.ReadonlyRootfs,
-	}
-	if err := c.SetupWorkingDirectory(daemon.idMapping.RootPair()); err != nil {
-		return err
-	}
-	cwd := c.Config.WorkingDir
-	if len(cwd) == 0 {
-		cwd = "/"
-	}
-	s.Process.Args = append([]string{c.Path}, c.Args...)
-
-	// only add the custom init if it is specified and the container is running in its
-	// own private pid namespace.  It does not make sense to add if it is running in the
-	// host namespace or another container's pid namespace where we already have an init
-	if c.HostConfig.PidMode.IsPrivate() {
-		if (c.HostConfig.Init != nil && *c.HostConfig.Init) ||
-			(c.HostConfig.Init == nil && daemon.configStore.Init) {
-			s.Process.Args = append([]string{inContainerInitPath, "--", c.Path}, c.Args...)
-			path := daemon.configStore.InitPath
-			if path == "" {
-				path, err = exec.LookPath(daemonconfig.DefaultInitBinary)
-				if err != nil {
-					return err
-				}
-			}
-			s.Mounts = append(s.Mounts, specs.Mount{
-				Destination: inContainerInitPath,
-				Type:        "bind",
-				Source:      path,
-				Options:     []string{"bind", "ro"},
-			})
+		if useSystemd {
+			cgroupsPath = parent + ":" + scopePrefix + ":" + c.ID
+			logrus.Debugf("createSpec: cgroupsPath: %s", cgroupsPath)
+		} else {
+			cgroupsPath = filepath.Join(parent, c.ID)
 		}
-	}
-	s.Process.Cwd = cwd
-	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
-	s.Process.Terminal = c.Config.Tty
-	s.Hostname = c.FullHostname()
+		s.Linux.CgroupsPath = cgroupsPath
 
-	return nil
-}
+		// the rest is only needed for CPU RT controller
 
-func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, err error) {
-	s := oci.DefaultSpec()
-	if err := daemon.populateCommonSpec(&s, c); err != nil {
-		return nil, err
-	}
+		if daemon.configStore.CPURealtimePeriod == 0 && daemon.configStore.CPURealtimeRuntime == 0 {
+			return nil
+		}
 
-	var cgroupsPath string
-	scopePrefix := "docker"
-	parent := "/docker"
-	useSystemd := UsingSystemd(daemon.configStore)
-	if useSystemd {
-		parent = "system.slice"
-	}
+		if cdcgroups.Mode() == cdcgroups.Unified {
+			return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not implemented for cgroup v2")
+		}
 
-	if c.HostConfig.CgroupParent != "" {
-		parent = c.HostConfig.CgroupParent
-	} else if daemon.configStore.CgroupParent != "" {
-		parent = daemon.configStore.CgroupParent
-	}
+		// FIXME this is very expensive way to check if cpu rt is supported
+		sysInfo := daemon.RawSysInfo()
+		if !sysInfo.CPURealtime {
+			return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not supported by the kernel")
+		}
 
-	if useSystemd {
-		cgroupsPath = parent + ":" + scopePrefix + ":" + c.ID
-		logrus.Debugf("createSpec: cgroupsPath: %s", cgroupsPath)
-	} else {
-		cgroupsPath = filepath.Join(parent, c.ID)
-	}
-	s.Linux.CgroupsPath = cgroupsPath
+		p := cgroupsPath
+		if useSystemd {
+			initPath, err := cgroups.GetInitCgroup("cpu")
+			if err != nil {
+				return errors.Wrap(err, "unable to init CPU RT controller")
+			}
+			_, err = cgroups.GetOwnCgroup("cpu")
+			if err != nil {
+				return errors.Wrap(err, "unable to init CPU RT controller")
+			}
+			p = filepath.Join(initPath, s.Linux.CgroupsPath)
+		}
 
-	if err := setResources(&s, c.HostConfig.Resources); err != nil {
-		return nil, fmt.Errorf("linux runtime spec resources: %v", err)
-	}
-	s.Linux.Sysctl = c.HostConfig.Sysctls
+		// Clean path to guard against things like ../../../BAD
+		parentPath := filepath.Dir(p)
+		if !filepath.IsAbs(parentPath) {
+			parentPath = filepath.Clean("/" + parentPath)
+		}
 
-	p := s.Linux.CgroupsPath
-	if useSystemd {
-		initPath, err := cgroups.GetInitCgroup("cpu")
+		mnt, root, err := cgroups.FindCgroupMountpointAndRoot("", "cpu")
 		if err != nil {
-			return nil, err
+			return errors.Wrap(err, "unable to init CPU RT controller")
 		}
-		_, err = cgroups.GetOwnCgroup("cpu")
-		if err != nil {
-			return nil, err
+		// When docker is run inside docker, the root is based of the host cgroup.
+		// Should this be handled in runc/libcontainer/cgroups ?
+		if strings.HasPrefix(root, "/docker/") {
+			root = "/"
 		}
-		p = filepath.Join(initPath, s.Linux.CgroupsPath)
-	}
+		mnt = filepath.Join(mnt, root)
 
-	// Clean path to guard against things like ../../../BAD
-	parentPath := filepath.Dir(p)
-	if !filepath.IsAbs(parentPath) {
-		parentPath = filepath.Clean("/" + parentPath)
+		if err := daemon.initCPURtController(mnt, parentPath); err != nil {
+			return errors.Wrap(err, "unable to init CPU RT controller")
+		}
+		return nil
 	}
+}
 
-	if err := daemon.initCgroupsPath(parentPath); err != nil {
-		return nil, fmt.Errorf("linux init cgroups path: %v", err)
-	}
-	if err := setDevices(&s, c); err != nil {
-		return nil, fmt.Errorf("linux runtime spec devices: %v", err)
-	}
-	if err := daemon.setRlimits(&s, c); err != nil {
-		return nil, fmt.Errorf("linux runtime spec rlimits: %v", err)
-	}
-	if err := setUser(&s, c); err != nil {
-		return nil, fmt.Errorf("linux spec user: %v", err)
-	}
-	if err := setNamespaces(daemon, &s, c); err != nil {
-		return nil, fmt.Errorf("linux spec namespaces: %v", err)
-	}
-	if err := setCapabilities(&s, c); err != nil {
-		return nil, fmt.Errorf("linux spec capabilities: %v", err)
-	}
-	if err := setSeccomp(daemon, &s, c); err != nil {
-		return nil, fmt.Errorf("linux seccomp: %v", err)
-	}
+// WithDevices sets the container's devices
+func WithDevices(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		// Build lists of devices allowed and created within the container.
+		var devs []specs.LinuxDevice
+		devPermissions := s.Linux.Resources.Devices
 
-	if err := daemon.setupContainerMountsRoot(c); err != nil {
-		return nil, err
-	}
+		if c.HostConfig.Privileged && !userns.RunningInUserNS() {
+			hostDevices, err := devices.HostDevices()
+			if err != nil {
+				return err
+			}
+			for _, d := range hostDevices {
+				devs = append(devs, oci.Device(d))
+			}
 
-	if err := daemon.setupIpcDirs(c); err != nil {
-		return nil, err
-	}
+			// adding device mappings in privileged containers
+			for _, deviceMapping := range c.HostConfig.Devices {
+				// issue a warning that custom cgroup permissions are ignored in privileged mode
+				if deviceMapping.CgroupPermissions != "rwm" {
+					logrus.WithField("container", c.ID).Warnf("custom %s permissions for device %s are ignored in privileged mode", deviceMapping.CgroupPermissions, deviceMapping.PathOnHost)
+				}
+				// issue a warning that the device path already exists via /dev mounting in privileged mode
+				if deviceMapping.PathOnHost == deviceMapping.PathInContainer {
+					logrus.WithField("container", c.ID).Warnf("path in container %s already exists in privileged mode", deviceMapping.PathInContainer)
+					continue
+				}
+				d, _, err := oci.DevicesFromPath(deviceMapping.PathOnHost, deviceMapping.PathInContainer, "rwm")
+				if err != nil {
+					return err
+				}
+				devs = append(devs, d...)
+			}
 
-	defer func() {
-		if err != nil {
-			daemon.cleanupSecretDir(c)
+			devPermissions = []specs.LinuxDeviceCgroup{
+				{
+					Allow:  true,
+					Access: "rwm",
+				},
+			}
+		} else {
+			for _, deviceMapping := range c.HostConfig.Devices {
+				d, dPermissions, err := oci.DevicesFromPath(deviceMapping.PathOnHost, deviceMapping.PathInContainer, deviceMapping.CgroupPermissions)
+				if err != nil {
+					return err
+				}
+				devs = append(devs, d...)
+				devPermissions = append(devPermissions, dPermissions...)
+			}
+
+			var err error
+			devPermissions, err = oci.AppendDevicePermissionsFromCgroupRules(devPermissions, c.HostConfig.DeviceCgroupRules)
+			if err != nil {
+				return err
+			}
 		}
-	}()
 
-	if err := daemon.setupSecretDir(c); err != nil {
-		return nil, err
-	}
+		s.Linux.Devices = append(s.Linux.Devices, devs...)
+		s.Linux.Resources.Devices = devPermissions
 
-	ms, err := daemon.setupMounts(c)
-	if err != nil {
-		return nil, err
+		for _, req := range c.HostConfig.DeviceRequests {
+			if err := daemon.handleDevice(req, s); err != nil {
+				return err
+			}
+		}
+		return nil
 	}
+}
 
-	if !c.HostConfig.IpcMode.IsPrivate() && !c.HostConfig.IpcMode.IsEmpty() {
-		ms = append(ms, c.IpcMounts()...)
-	}
+// WithResources applies the container resources
+func WithResources(c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		r := c.HostConfig.Resources
+		weightDevices, err := getBlkioWeightDevices(r)
+		if err != nil {
+			return err
+		}
+		readBpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceReadBps)
+		if err != nil {
+			return err
+		}
+		writeBpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceWriteBps)
+		if err != nil {
+			return err
+		}
+		readIOpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceReadIOps)
+		if err != nil {
+			return err
+		}
+		writeIOpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceWriteIOps)
+		if err != nil {
+			return err
+		}
 
-	tmpfsMounts, err := c.TmpfsMounts()
-	if err != nil {
-		return nil, err
-	}
-	ms = append(ms, tmpfsMounts...)
+		memoryRes := getMemoryResources(r)
+		cpuRes, err := getCPUResources(r)
+		if err != nil {
+			return err
+		}
+		blkioWeight := r.BlkioWeight
+
+		specResources := &specs.LinuxResources{
+			Memory: memoryRes,
+			CPU:    cpuRes,
+			BlockIO: &specs.LinuxBlockIO{
+				Weight:                  &blkioWeight,
+				WeightDevice:            weightDevices,
+				ThrottleReadBpsDevice:   readBpsDevice,
+				ThrottleWriteBpsDevice:  writeBpsDevice,
+				ThrottleReadIOPSDevice:  readIOpsDevice,
+				ThrottleWriteIOPSDevice: writeIOpsDevice,
+			},
+			Pids: getPidsLimit(r),
+		}
 
-	secretMounts, err := c.SecretMounts()
-	if err != nil {
-		return nil, err
-	}
-	ms = append(ms, secretMounts...)
+		if s.Linux.Resources != nil && len(s.Linux.Resources.Devices) > 0 {
+			specResources.Devices = s.Linux.Resources.Devices
+		}
 
-	sort.Sort(mounts(ms))
-	if err := setMounts(daemon, &s, c, ms); err != nil {
-		return nil, fmt.Errorf("linux mounts: %v", err)
+		s.Linux.Resources = specResources
+		return nil
 	}
+}
 
-	for _, ns := range s.Linux.Namespaces {
-		if ns.Type == "network" && ns.Path == "" && !c.Config.NetworkDisabled {
-			target := filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe")
-			s.Hooks = &specs.Hooks{
-				Prestart: []specs.Hook{{
-					Path: target,
-					Args: []string{"libnetwork-setkey", "-exec-root=" + daemon.configStore.GetExecRoot(), c.ID, daemon.netController.ID()},
-				}},
-			}
+// WithSysctls sets the container's sysctls
+func WithSysctls(c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		// We merge the sysctls injected above with the HostConfig (latter takes
+		// precedence for backwards-compatibility reasons).
+		for k, v := range c.HostConfig.Sysctls {
+			s.Linux.Sysctl[k] = v
 		}
+		return nil
 	}
+}
 
-	if apparmor.IsEnabled() {
-		var appArmorProfile string
-		if c.AppArmorProfile != "" {
-			appArmorProfile = c.AppArmorProfile
-		} else if c.HostConfig.Privileged {
-			appArmorProfile = "unconfined"
-		} else {
-			appArmorProfile = "docker-default"
-		}
-
-		if appArmorProfile == "docker-default" {
-			// Unattended upgrades and other fun services can unload AppArmor
-			// profiles inadvertently. Since we cannot store our profile in
-			// /etc/apparmor.d, nor can we practically add other ways of
-			// telling the system to keep our profile loaded, in order to make
-			// sure that we keep the default profile enabled we dynamically
-			// reload it if necessary.
-			if err := ensureDefaultAppArmorProfile(); err != nil {
-				return nil, err
-			}
-		}
+// WithUser sets the container's user
+func WithUser(c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		var err error
+		s.Process.User, err = getUser(c, c.Config.User)
+		return err
+	}
+}
 
-		s.Process.ApparmorProfile = appArmorProfile
+func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, err error) {
+	var (
+		opts []coci.SpecOpts
+		s    = oci.DefaultSpec()
+	)
+	opts = append(opts,
+		WithCommonOptions(daemon, c),
+		WithCgroups(daemon, c),
+		WithResources(c),
+		WithSysctls(c),
+		WithDevices(daemon, c),
+		WithUser(c),
+		WithRlimits(daemon, c),
+		WithNamespaces(daemon, c),
+		WithCapabilities(c),
+		WithSeccomp(daemon, c),
+		WithMounts(daemon, c),
+		WithLibnetwork(daemon, c),
+		WithApparmor(c),
+		WithSelinux(c),
+		WithOOMScore(&c.HostConfig.OomScoreAdj),
+	)
+	if c.NoNewPrivileges {
+		opts = append(opts, coci.WithNoNewPrivileges)
 	}
-	s.Process.SelinuxLabel = c.GetProcessLabel()
-	s.Process.NoNewPrivileges = c.NoNewPrivileges
-	s.Process.OOMScoreAdj = &c.HostConfig.OomScoreAdj
-	s.Linux.MountLabel = c.MountLabel
 
 	// Set the masked and readonly paths with regard to the host config options if they are set.
 	if c.HostConfig.MaskedPaths != nil {
-		s.Linux.MaskedPaths = c.HostConfig.MaskedPaths
+		opts = append(opts, coci.WithMaskedPaths(c.HostConfig.MaskedPaths))
 	}
 	if c.HostConfig.ReadonlyPaths != nil {
-		s.Linux.ReadonlyPaths = c.HostConfig.ReadonlyPaths
+		opts = append(opts, coci.WithReadonlyPaths(c.HostConfig.ReadonlyPaths))
 	}
-
-	return &s, nil
+	if daemon.configStore.Rootless {
+		opts = append(opts, WithRootless(daemon))
+	}
+	return &s, coci.ApplyOpts(context.Background(), nil, &containers.Container{
+		ID: c.ID,
+	}, &s, opts...)
 }
 
 func clearReadOnly(m *specs.Mount) {
diff --git a/daemon/oci_linux_test.go b/daemon/oci_linux_test.go
index 7b31970aae8e3..6e60d07f7cf0f 100644
--- a/daemon/oci_linux_test.go
+++ b/daemon/oci_linux_test.go
@@ -2,51 +2,81 @@ package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"os"
+	"path/filepath"
 	"testing"
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/config"
-	"github.com/docker/docker/oci"
+	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
+func setupFakeDaemon(t *testing.T, c *container.Container) *Daemon {
+	root, err := os.MkdirTemp("", "oci_linux_test-root")
+	assert.NilError(t, err)
+
+	rootfs := filepath.Join(root, "rootfs")
+	err = os.MkdirAll(rootfs, 0755)
+	assert.NilError(t, err)
+
+	netController, err := libnetwork.New()
+	assert.NilError(t, err)
+
+	d := &Daemon{
+		// some empty structs to avoid getting a panic
+		// caused by a null pointer dereference
+		idMapping:     &idtools.IdentityMapping{},
+		configStore:   &config.Config{},
+		linkIndex:     newLinkIndex(),
+		netController: netController,
+	}
+
+	c.Root = root
+	c.BaseFS = containerfs.NewLocalContainerFS(rootfs)
+
+	if c.Config == nil {
+		c.Config = new(containertypes.Config)
+	}
+	if c.HostConfig == nil {
+		c.HostConfig = new(containertypes.HostConfig)
+	}
+	if c.NetworkSettings == nil {
+		c.NetworkSettings = &network.Settings{Networks: make(map[string]*network.EndpointSettings)}
+	}
+
+	return d
+}
+
+func cleanupFakeContainer(c *container.Container) {
+	_ = os.RemoveAll(c.Root)
+}
+
 // TestTmpfsDevShmNoDupMount checks that a user-specified /dev/shm tmpfs
 // mount (as in "docker run --tmpfs /dev/shm:rw,size=NNN") does not result
 // in "Duplicate mount point" error from the engine.
 // https://github.com/moby/moby/issues/35455
 func TestTmpfsDevShmNoDupMount(t *testing.T) {
-	d := Daemon{
-		// some empty structs to avoid getting a panic
-		// caused by a null pointer dereference
-		idMapping:   &idtools.IdentityMapping{},
-		configStore: &config.Config{},
-	}
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	c := &container.Container{
 		ShmPath: "foobar", // non-empty, for c.IpcMounts() to work
 		HostConfig: &containertypes.HostConfig{
-			IpcMode: containertypes.IpcMode("shareable"), // default mode
+			IpcMode: containertypes.IPCModeShareable, // default mode
 			// --tmpfs /dev/shm:rw,exec,size=NNN
 			Tmpfs: map[string]string{
 				"/dev/shm": "rw,exec,size=1g",
 			},
 		},
 	}
+	d := setupFakeDaemon(t, c)
+	defer cleanupFakeContainer(c)
 
-	// Mimic the code flow of daemon.createSpec(), enough to reproduce the issue
-	ms, err := d.setupMounts(c)
-	assert.Check(t, err)
-
-	ms = append(ms, c.IpcMounts()...)
-
-	tmpfsMounts, err := c.TmpfsMounts()
-	assert.Check(t, err)
-	ms = append(ms, tmpfsMounts...)
-
-	s := oci.DefaultSpec()
-	err = setMounts(&d, &s, c, ms)
+	_, err := d.createSpec(c)
 	assert.Check(t, err)
 }
 
@@ -55,28 +85,17 @@ func TestTmpfsDevShmNoDupMount(t *testing.T) {
 // the resulting /dev/shm mount is NOT made read-only.
 // https://github.com/moby/moby/issues/36503
 func TestIpcPrivateVsReadonly(t *testing.T) {
-	d := Daemon{
-		// some empty structs to avoid getting a panic
-		// caused by a null pointer dereference
-		idMapping:   &idtools.IdentityMapping{},
-		configStore: &config.Config{},
-	}
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	c := &container.Container{
 		HostConfig: &containertypes.HostConfig{
-			IpcMode:        containertypes.IpcMode("private"),
+			IpcMode:        containertypes.IPCModePrivate,
 			ReadonlyRootfs: true,
 		},
 	}
+	d := setupFakeDaemon(t, c)
+	defer cleanupFakeContainer(c)
 
-	// We can't call createSpec() so mimick the minimal part
-	// of its code flow, just enough to reproduce the issue.
-	ms, err := d.setupMounts(c)
-	assert.Check(t, err)
-
-	s := oci.DefaultSpec()
-	s.Root.Readonly = c.HostConfig.ReadonlyRootfs
-
-	err = setMounts(&d, &s, c, ms)
+	s, err := d.createSpec(c)
 	assert.Check(t, err)
 
 	// Find the /dev/shm mount in ms, check it does not have ro
@@ -88,6 +107,89 @@ func TestIpcPrivateVsReadonly(t *testing.T) {
 	}
 }
 
+// TestSysctlOverride ensures that any implicit sysctls (such as
+// Config.Domainname) are overridden by an explicit sysctl in the HostConfig.
+func TestSysctlOverride(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	c := &container.Container{
+		Config: &containertypes.Config{
+			Hostname:   "foobar",
+			Domainname: "baz.cyphar.com",
+		},
+		HostConfig: &containertypes.HostConfig{
+			NetworkMode: "bridge",
+			Sysctls:     map[string]string{},
+		},
+	}
+	d := setupFakeDaemon(t, c)
+	defer cleanupFakeContainer(c)
+
+	// Ensure that the implicit sysctl is set correctly.
+	s, err := d.createSpec(c)
+	assert.NilError(t, err)
+	assert.Equal(t, s.Hostname, "foobar")
+	assert.Equal(t, s.Linux.Sysctl["kernel.domainname"], c.Config.Domainname)
+	if sysctlExists("net.ipv4.ip_unprivileged_port_start") {
+		assert.Equal(t, s.Linux.Sysctl["net.ipv4.ip_unprivileged_port_start"], "0")
+	}
+	if sysctlExists("net.ipv4.ping_group_range") {
+		assert.Equal(t, s.Linux.Sysctl["net.ipv4.ping_group_range"], "0 2147483647")
+	}
+
+	// Set an explicit sysctl.
+	c.HostConfig.Sysctls["kernel.domainname"] = "foobar.net"
+	assert.Assert(t, c.HostConfig.Sysctls["kernel.domainname"] != c.Config.Domainname)
+	c.HostConfig.Sysctls["net.ipv4.ip_unprivileged_port_start"] = "1024"
+
+	s, err = d.createSpec(c)
+	assert.NilError(t, err)
+	assert.Equal(t, s.Hostname, "foobar")
+	assert.Equal(t, s.Linux.Sysctl["kernel.domainname"], c.HostConfig.Sysctls["kernel.domainname"])
+	assert.Equal(t, s.Linux.Sysctl["net.ipv4.ip_unprivileged_port_start"], c.HostConfig.Sysctls["net.ipv4.ip_unprivileged_port_start"])
+
+	// Ensure the ping_group_range is not set on a daemon with user-namespaces enabled
+	d.configStore.RemappedRoot = "dummy:dummy"
+	s, err = d.createSpec(c)
+	assert.NilError(t, err)
+	_, ok := s.Linux.Sysctl["net.ipv4.ping_group_range"]
+	assert.Assert(t, !ok)
+
+	// Ensure the ping_group_range is set on a container in "host" userns mode
+	// on a daemon with user-namespaces enabled
+	c.HostConfig.UsernsMode = "host"
+	s, err = d.createSpec(c)
+	assert.NilError(t, err)
+	assert.Equal(t, s.Linux.Sysctl["net.ipv4.ping_group_range"], "0 2147483647")
+}
+
+// TestSysctlOverrideHost ensures that any implicit network sysctls are not set
+// with host networking
+func TestSysctlOverrideHost(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	c := &container.Container{
+		Config: &containertypes.Config{},
+		HostConfig: &containertypes.HostConfig{
+			NetworkMode: "host",
+			Sysctls:     map[string]string{},
+		},
+	}
+	d := setupFakeDaemon(t, c)
+	defer cleanupFakeContainer(c)
+
+	// Ensure that the implicit sysctl is not set
+	s, err := d.createSpec(c)
+	assert.NilError(t, err)
+	assert.Equal(t, s.Linux.Sysctl["net.ipv4.ip_unprivileged_port_start"], "")
+	assert.Equal(t, s.Linux.Sysctl["net.ipv4.ping_group_range"], "")
+
+	// Set an explicit sysctl.
+	c.HostConfig.Sysctls["net.ipv4.ip_unprivileged_port_start"] = "1024"
+
+	s, err = d.createSpec(c)
+	assert.NilError(t, err)
+	assert.Equal(t, s.Linux.Sysctl["net.ipv4.ip_unprivileged_port_start"], c.HostConfig.Sysctls["net.ipv4.ip_unprivileged_port_start"])
+}
+
 func TestGetSourceMount(t *testing.T) {
 	// must be able to find source mount for /
 	mnt, _, err := getSourceMount("/")
diff --git a/daemon/oci_utils.go b/daemon/oci_utils.go
new file mode 100644
index 0000000000000..2d833502bd3a9
--- /dev/null
+++ b/daemon/oci_utils.go
@@ -0,0 +1,16 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"github.com/docker/docker/container"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func setLinuxDomainname(c *container.Container, s *specs.Spec) {
+	// There isn't a field in the OCI for the NIS domainname, but luckily there
+	// is a sysctl which has an identical effect to setdomainname(2) so there's
+	// no explicit need for runtime support.
+	s.Linux.Sysctl = make(map[string]string)
+	if c.Config.Domainname != "" {
+		s.Linux.Sysctl["kernel.domainname"] = c.Config.Domainname
+	}
+}
diff --git a/daemon/oci_windows.go b/daemon/oci_windows.go
index 6279d7dd20ab0..bede371f69985 100644
--- a/daemon/oci_windows.go
+++ b/daemon/oci_windows.go
@@ -1,20 +1,22 @@
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"path/filepath"
-	"runtime"
 	"strings"
 
+	"github.com/Microsoft/hcsshim/osversion"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/oci"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/system"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
-	"golang.org/x/sys/windows"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows/registry"
 )
 
@@ -24,12 +26,16 @@ const (
 )
 
 func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
-	img, err := daemon.imageService.GetImage(string(c.ImageID))
+
+	img, err := daemon.imageService.GetImage(string(c.ImageID), nil)
 	if err != nil {
 		return nil, err
 	}
+	if !system.IsOSSupported(img.OperatingSystem()) {
+		return nil, system.ErrNotSupportedOperatingSystem
+	}
 
-	s := oci.DefaultOSSpec(img.OS)
+	s := oci.DefaultSpec()
 
 	linkedEnv, err := daemon.setupLinkedContainers(c)
 	if err != nil {
@@ -40,9 +46,6 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 	// this is done in VMCompute. Further, we couldn't do it for Hyper-V
 	// containers anyway.
 
-	// In base spec
-	s.Hostname = c.FullHostname()
-
 	if err := daemon.setupSecretDir(c); err != nil {
 		return nil, err
 	}
@@ -114,24 +117,15 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 		if !mount.Writable {
 			m.Options = append(m.Options, "ro")
 		}
-		if img.OS != runtime.GOOS {
-			m.Type = "bind"
-			m.Options = append(m.Options, "rbind")
-			m.Options = append(m.Options, fmt.Sprintf("uvmpath=/tmp/gcs/%s/binds", c.ID))
-		}
 		s.Mounts = append(s.Mounts, m)
 	}
 
 	// In s.Process
-	s.Process.Args = append([]string{c.Path}, c.Args...)
-	if !c.Config.ArgsEscaped && img.OS == "windows" {
-		s.Process.Args = escapeArgs(s.Process.Args)
-	}
-
 	s.Process.Cwd = c.Config.WorkingDir
 	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
+	s.Process.Terminal = c.Config.Tty
+
 	if c.Config.Tty {
-		s.Process.Terminal = c.Config.Tty
 		s.Process.ConsoleSize = &specs.Box{
 			Height: c.HostConfig.ConsoleSize[0],
 			Width:  c.HostConfig.ConsoleSize[1],
@@ -202,27 +196,24 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 		NetworkSharedContainerName: networkSharedContainerID,
 	}
 
-	switch img.OS {
-	case "windows":
-		if err := daemon.createSpecWindowsFields(c, &s, isHyperV); err != nil {
-			return nil, err
-		}
-	case "linux":
-		if !system.LCOWSupported() {
-			return nil, fmt.Errorf("Linux containers on Windows are not supported")
-		}
-		if err := daemon.createSpecLinuxFields(c, &s); err != nil {
-			return nil, err
+	if err := daemon.createSpecWindowsFields(c, &s, isHyperV); err != nil {
+		return nil, err
+	}
+
+	if logrus.IsLevelEnabled(logrus.DebugLevel) {
+		if b, err := json.Marshal(&s); err == nil {
+			logrus.Debugf("Generated spec: %s", string(b))
 		}
-	default:
-		return nil, fmt.Errorf("Unsupported platform %q", img.OS)
 	}
 
-	return (*specs.Spec)(&s), nil
+	return &s, nil
 }
 
 // Sets the Windows-specific fields of the OCI spec
 func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.Spec, isHyperV bool) error {
+
+	s.Hostname = c.FullHostname()
+
 	if len(s.Process.Cwd) == 0 {
 		// We default to C:\ to workaround the oddity of the case that the
 		// default directory for cmd running as LocalSystem (or
@@ -234,6 +225,14 @@ func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.S
 		s.Process.Cwd = `C:\`
 	}
 
+	if c.Config.ArgsEscaped {
+		s.Process.CommandLine = c.Path
+		if len(c.Args) > 0 {
+			s.Process.CommandLine += " " + system.EscapeArgs(c.Args)
+		}
+	} else {
+		s.Process.Args = append([]string{c.Path}, c.Args...)
+	}
 	s.Root.Readonly = false // Windows does not support a read-only root filesystem
 	if !isHyperV {
 		if c.BaseFS == nil {
@@ -249,6 +248,113 @@ func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.S
 	// First boot optimization
 	s.Windows.IgnoreFlushesDuringBoot = !c.HasBeenStartedBefore
 
+	setResourcesInSpec(c, s, isHyperV)
+
+	// Read and add credentials from the security options if a credential spec has been provided.
+	if err := daemon.setWindowsCredentialSpec(c, s); err != nil {
+		return err
+	}
+
+	// Do we have any assigned devices?
+	if len(c.HostConfig.Devices) > 0 {
+		if isHyperV {
+			return errors.New("device assignment is not supported for HyperV containers")
+		}
+		if osversion.Build() < osversion.RS5 {
+			return errors.New("device assignment requires Windows builds RS5 (17763+) or later")
+		}
+		for _, deviceMapping := range c.HostConfig.Devices {
+			srcParts := strings.SplitN(deviceMapping.PathOnHost, "/", 2)
+			if len(srcParts) != 2 {
+				return errors.New("invalid device assignment path")
+			}
+			if srcParts[0] != "class" {
+				return errors.Errorf("invalid device assignment type: '%s' should be 'class'", srcParts[0])
+			}
+			wd := specs.WindowsDevice{
+				ID:     srcParts[1],
+				IDType: srcParts[0],
+			}
+			s.Windows.Devices = append(s.Windows.Devices, wd)
+		}
+	}
+
+	return nil
+}
+
+var errInvalidCredentialSpecSecOpt = errdefs.InvalidParameter(fmt.Errorf("invalid credential spec security option - value must be prefixed by 'file://', 'registry://', or 'raw://' followed by a non-empty value"))
+
+// setWindowsCredentialSpec sets the spec's `Windows.CredentialSpec`
+// field if relevant
+func (daemon *Daemon) setWindowsCredentialSpec(c *container.Container, s *specs.Spec) error {
+	if c.HostConfig == nil || c.HostConfig.SecurityOpt == nil {
+		return nil
+	}
+
+	// TODO (jrouge/wk8): if provided with several security options, we silently ignore
+	// all but the last one (provided they're all valid, otherwise we do return an error);
+	// this doesn't seem like a great idea?
+	credentialSpec := ""
+
+	for _, secOpt := range c.HostConfig.SecurityOpt {
+		optSplits := strings.SplitN(secOpt, "=", 2)
+		if len(optSplits) != 2 {
+			return errdefs.InvalidParameter(fmt.Errorf("invalid security option: no equals sign in supplied value %s", secOpt))
+		}
+		if !strings.EqualFold(optSplits[0], "credentialspec") {
+			return errdefs.InvalidParameter(fmt.Errorf("security option not supported: %s", optSplits[0]))
+		}
+
+		credSpecSplits := strings.SplitN(optSplits[1], "://", 2)
+		if len(credSpecSplits) != 2 || credSpecSplits[1] == "" {
+			return errInvalidCredentialSpecSecOpt
+		}
+		value := credSpecSplits[1]
+
+		var err error
+		switch strings.ToLower(credSpecSplits[0]) {
+		case "file":
+			if credentialSpec, err = readCredentialSpecFile(c.ID, daemon.root, filepath.Clean(value)); err != nil {
+				return errdefs.InvalidParameter(err)
+			}
+		case "registry":
+			if credentialSpec, err = readCredentialSpecRegistry(c.ID, value); err != nil {
+				return errdefs.InvalidParameter(err)
+			}
+		case "config":
+			// if the container does not have a DependencyStore, then it
+			// isn't swarmkit managed. In order to avoid creating any
+			// impression that `config://` is a valid API, return the same
+			// error as if you'd passed any other random word.
+			if c.DependencyStore == nil {
+				return errInvalidCredentialSpecSecOpt
+			}
+
+			csConfig, err := c.DependencyStore.Configs().Get(value)
+			if err != nil {
+				return errdefs.System(errors.Wrap(err, "error getting value from config store"))
+			}
+			// stuff the resulting secret data into a string to use as the
+			// CredentialSpec
+			credentialSpec = string(csConfig.Spec.Data)
+		case "raw":
+			credentialSpec = value
+		default:
+			return errInvalidCredentialSpecSecOpt
+		}
+	}
+
+	if credentialSpec != "" {
+		if s.Windows == nil {
+			s.Windows = &specs.Windows{}
+		}
+		s.Windows.CredentialSpec = credentialSpec
+	}
+
+	return nil
+}
+
+func setResourcesInSpec(c *container.Container, s *specs.Spec, isHyperV bool) {
 	// In s.Windows.Resources
 	cpuShares := uint16(c.HostConfig.CPUShares)
 	cpuMaximum := uint16(c.HostConfig.CPUPercent) * 100
@@ -273,94 +379,37 @@ func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.S
 			}
 		}
 	}
-	memoryLimit := uint64(c.HostConfig.Memory)
-	s.Windows.Resources = &specs.WindowsResources{
-		CPU: &specs.WindowsCPUResources{
+
+	if cpuMaximum != 0 || cpuShares != 0 || cpuCount != 0 {
+		if s.Windows.Resources == nil {
+			s.Windows.Resources = &specs.WindowsResources{}
+		}
+		s.Windows.Resources.CPU = &specs.WindowsCPUResources{
 			Maximum: &cpuMaximum,
 			Shares:  &cpuShares,
 			Count:   &cpuCount,
-		},
-		Memory: &specs.WindowsMemoryResources{
-			Limit: &memoryLimit,
-		},
-		Storage: &specs.WindowsStorageResources{
-			Bps:  &c.HostConfig.IOMaximumBandwidth,
-			Iops: &c.HostConfig.IOMaximumIOps,
-		},
-	}
-
-	// Read and add credentials from the security options if a credential spec has been provided.
-	if c.HostConfig.SecurityOpt != nil {
-		cs := ""
-		for _, sOpt := range c.HostConfig.SecurityOpt {
-			sOpt = strings.ToLower(sOpt)
-			if !strings.Contains(sOpt, "=") {
-				return fmt.Errorf("invalid security option: no equals sign in supplied value %s", sOpt)
-			}
-			var splitsOpt []string
-			splitsOpt = strings.SplitN(sOpt, "=", 2)
-			if len(splitsOpt) != 2 {
-				return fmt.Errorf("invalid security option: %s", sOpt)
-			}
-			if splitsOpt[0] != "credentialspec" {
-				return fmt.Errorf("security option not supported: %s", splitsOpt[0])
-			}
-
-			var (
-				match   bool
-				csValue string
-				err     error
-			)
-			if match, csValue = getCredentialSpec("file://", splitsOpt[1]); match {
-				if csValue == "" {
-					return fmt.Errorf("no value supplied for file:// credential spec security option")
-				}
-				if cs, err = readCredentialSpecFile(c.ID, daemon.root, filepath.Clean(csValue)); err != nil {
-					return err
-				}
-			} else if match, csValue = getCredentialSpec("registry://", splitsOpt[1]); match {
-				if csValue == "" {
-					return fmt.Errorf("no value supplied for registry:// credential spec security option")
-				}
-				if cs, err = readCredentialSpecRegistry(c.ID, csValue); err != nil {
-					return err
-				}
-			} else {
-				return fmt.Errorf("invalid credential spec security option - value must be prefixed file:// or registry:// followed by a value")
-			}
 		}
-		s.Windows.CredentialSpec = cs
 	}
 
-	return nil
-}
-
-// Sets the Linux-specific fields of the OCI spec
-// TODO: @jhowardmsft LCOW Support. We need to do a lot more pulling in what can
-// be pulled in from oci_linux.go.
-func (daemon *Daemon) createSpecLinuxFields(c *container.Container, s *specs.Spec) error {
-	if len(s.Process.Cwd) == 0 {
-		s.Process.Cwd = `/`
-	}
-	s.Root.Path = "rootfs"
-	s.Root.Readonly = c.HostConfig.ReadonlyRootfs
-	if err := setCapabilities(s, c); err != nil {
-		return fmt.Errorf("linux spec capabilities: %v", err)
-	}
-	devPermissions, err := appendDevicePermissionsFromCgroupRules(nil, c.HostConfig.DeviceCgroupRules)
-	if err != nil {
-		return fmt.Errorf("linux runtime spec devices: %v", err)
+	memoryLimit := uint64(c.HostConfig.Memory)
+	if memoryLimit != 0 {
+		if s.Windows.Resources == nil {
+			s.Windows.Resources = &specs.WindowsResources{}
+		}
+		s.Windows.Resources.Memory = &specs.WindowsMemoryResources{
+			Limit: &memoryLimit,
+		}
 	}
-	s.Linux.Resources.Devices = devPermissions
-	return nil
-}
 
-func escapeArgs(args []string) []string {
-	escapedArgs := make([]string, len(args))
-	for i, a := range args {
-		escapedArgs[i] = windows.EscapeArg(a)
+	if c.HostConfig.IOMaximumBandwidth != 0 || c.HostConfig.IOMaximumIOps != 0 {
+		if s.Windows.Resources == nil {
+			s.Windows.Resources = &specs.WindowsResources{}
+		}
+		s.Windows.Resources.Storage = &specs.WindowsStorageResources{
+			Bps:  &c.HostConfig.IOMaximumBandwidth,
+			Iops: &c.HostConfig.IOMaximumIOps,
+		}
 	}
-	return escapedArgs
 }
 
 // mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig
@@ -369,34 +418,37 @@ func (daemon *Daemon) mergeUlimits(c *containertypes.HostConfig) {
 	return
 }
 
-// getCredentialSpec is a helper function to get the value of a credential spec supplied
-// on the CLI, stripping the prefix
-func getCredentialSpec(prefix, value string) (bool, string) {
-	if strings.HasPrefix(value, prefix) {
-		return true, strings.TrimPrefix(value, prefix)
-	}
-	return false, ""
+// registryKey is an interface wrapper around `registry.Key`,
+// listing only the methods we care about here.
+// It's mainly useful to easily allow mocking the registry in tests.
+type registryKey interface {
+	GetStringValue(name string) (val string, valtype uint32, err error)
+	Close() error
+}
+
+var registryOpenKeyFunc = func(baseKey registry.Key, path string, access uint32) (registryKey, error) {
+	return registry.OpenKey(baseKey, path, access)
 }
 
 // readCredentialSpecRegistry is a helper function to read a credential spec from
 // the registry. If not found, we return an empty string and warn in the log.
 // This allows for staging on machines which do not have the necessary components.
 func readCredentialSpecRegistry(id, name string) (string, error) {
-	var (
-		k   registry.Key
-		err error
-		val string
-	)
-	if k, err = registry.OpenKey(registry.LOCAL_MACHINE, credentialSpecRegistryLocation, registry.QUERY_VALUE); err != nil {
-		return "", fmt.Errorf("failed handling spec %q for container %s - %s could not be opened", name, id, credentialSpecRegistryLocation)
-	}
-	if val, _, err = k.GetStringValue(name); err != nil {
+	key, err := registryOpenKeyFunc(registry.LOCAL_MACHINE, credentialSpecRegistryLocation, registry.QUERY_VALUE)
+	if err != nil {
+		return "", errors.Wrapf(err, "failed handling spec %q for container %s - registry key %s could not be opened", name, id, credentialSpecRegistryLocation)
+	}
+	defer key.Close()
+
+	value, _, err := key.GetStringValue(name)
+	if err != nil {
 		if err == registry.ErrNotExist {
-			return "", fmt.Errorf("credential spec %q for container %s as it was not found", name, id)
+			return "", fmt.Errorf("registry credential spec %q for container %s was not found", name, id)
 		}
-		return "", fmt.Errorf("error %v reading credential spec %q from registry for container %s", err, name, id)
+		return "", errors.Wrapf(err, "error reading credential spec %q from registry for container %s", name, id)
 	}
-	return val, nil
+
+	return value, nil
 }
 
 // readCredentialSpecFile is a helper function to read a credential spec from
@@ -411,9 +463,9 @@ func readCredentialSpecFile(id, root, location string) (string, error) {
 	if !strings.HasPrefix(full, base) {
 		return "", fmt.Errorf("invalid credential spec - file:// path must be under %s", base)
 	}
-	bcontents, err := ioutil.ReadFile(full)
+	bcontents, err := os.ReadFile(full)
 	if err != nil {
-		return "", fmt.Errorf("credential spec '%s' for container %s as the file could not be read: %q", full, id, err)
+		return "", errors.Wrapf(err, "credential spec for container %s could not be read from file %q", id, full)
 	}
 	return string(bcontents[:]), nil
 }
diff --git a/daemon/oci_windows_test.go b/daemon/oci_windows_test.go
new file mode 100644
index 0000000000000..5503eff813113
--- /dev/null
+++ b/daemon/oci_windows_test.go
@@ -0,0 +1,313 @@
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"gotest.tools/v3/fs"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	swarmagent "github.com/docker/swarmkit/agent"
+	swarmapi "github.com/docker/swarmkit/api"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"golang.org/x/sys/windows/registry"
+	"gotest.tools/v3/assert"
+)
+
+func TestSetWindowsCredentialSpecInSpec(t *testing.T) {
+	// we need a temp directory to act as the daemon's root
+	tmpDaemonRoot := fs.NewDir(t, t.Name()).Path()
+	defer func() {
+		assert.NilError(t, os.RemoveAll(tmpDaemonRoot))
+	}()
+
+	daemon := &Daemon{
+		root: tmpDaemonRoot,
+	}
+
+	t.Run("it does nothing if there are no security options", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(&container.Container{}, spec)
+		assert.NilError(t, err)
+		assert.Check(t, spec.Windows == nil)
+
+		err = daemon.setWindowsCredentialSpec(&container.Container{HostConfig: &containertypes.HostConfig{}}, spec)
+		assert.NilError(t, err)
+		assert.Check(t, spec.Windows == nil)
+
+		err = daemon.setWindowsCredentialSpec(&container.Container{HostConfig: &containertypes.HostConfig{SecurityOpt: []string{}}}, spec)
+		assert.NilError(t, err)
+		assert.Check(t, spec.Windows == nil)
+	})
+
+	dummyContainerID := "dummy-container-ID"
+	containerFactory := func(secOpt string) *container.Container {
+		if !strings.Contains(secOpt, "=") {
+			secOpt = "credentialspec=" + secOpt
+		}
+		return &container.Container{
+			ID: dummyContainerID,
+			HostConfig: &containertypes.HostConfig{
+				SecurityOpt: []string{secOpt},
+			},
+		}
+	}
+
+	credSpecsDir := filepath.Join(tmpDaemonRoot, credentialSpecFileLocation)
+	dummyCredFileContents := `{"We don't need no": "education"}`
+
+	t.Run("happy path with a 'file://' option", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		// let's render a dummy cred file
+		err := os.Mkdir(credSpecsDir, os.ModePerm)
+		assert.NilError(t, err)
+		dummyCredFileName := "dummy-cred-spec.json"
+		dummyCredFilePath := filepath.Join(credSpecsDir, dummyCredFileName)
+		err = os.WriteFile(dummyCredFilePath, []byte(dummyCredFileContents), 0644)
+		defer func() {
+			assert.NilError(t, os.Remove(dummyCredFilePath))
+		}()
+		assert.NilError(t, err)
+
+		err = daemon.setWindowsCredentialSpec(containerFactory("file://"+dummyCredFileName), spec)
+		assert.NilError(t, err)
+
+		if assert.Check(t, spec.Windows != nil) {
+			assert.Equal(t, dummyCredFileContents, spec.Windows.CredentialSpec)
+		}
+	})
+
+	t.Run("it's not allowed to use a 'file://' option with an absolute path", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(containerFactory(`file://C:\path\to\my\credspec.json`), spec)
+		assert.ErrorContains(t, err, "invalid credential spec - file:// path cannot be absolute")
+
+		assert.Check(t, spec.Windows == nil)
+	})
+
+	t.Run("it's not allowed to use a 'file://' option breaking out of the cred specs' directory", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(containerFactory(`file://..\credspec.json`), spec)
+		assert.ErrorContains(t, err, fmt.Sprintf("invalid credential spec - file:// path must be under %s", credSpecsDir))
+
+		assert.Check(t, spec.Windows == nil)
+	})
+
+	t.Run("when using a 'file://' option pointing to a file that doesn't exist, it fails gracefully", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(containerFactory("file://i-dont-exist.json"), spec)
+		assert.ErrorContains(t, err, fmt.Sprintf("credential spec for container %s could not be read from file", dummyContainerID))
+		assert.ErrorContains(t, err, "The system cannot find")
+
+		assert.Check(t, spec.Windows == nil)
+	})
+
+	t.Run("happy path with a 'registry://' option", func(t *testing.T) {
+		valueName := "my-cred-spec"
+		key := &dummyRegistryKey{
+			getStringValueFunc: func(name string) (val string, valtype uint32, err error) {
+				assert.Equal(t, valueName, name)
+				return dummyCredFileContents, 0, nil
+			},
+		}
+		defer setRegistryOpenKeyFunc(t, key)()
+
+		spec := &specs.Spec{}
+		assert.NilError(t, daemon.setWindowsCredentialSpec(containerFactory("registry://"+valueName), spec))
+
+		if assert.Check(t, spec.Windows != nil) {
+			assert.Equal(t, dummyCredFileContents, spec.Windows.CredentialSpec)
+		}
+		assert.Check(t, key.closed)
+	})
+
+	t.Run("when using a 'registry://' option and opening the registry key fails, it fails gracefully", func(t *testing.T) {
+		dummyError := fmt.Errorf("dummy error")
+		defer setRegistryOpenKeyFunc(t, &dummyRegistryKey{}, dummyError)()
+
+		spec := &specs.Spec{}
+		err := daemon.setWindowsCredentialSpec(containerFactory("registry://my-cred-spec"), spec)
+		assert.ErrorContains(t, err, fmt.Sprintf("registry key %s could not be opened: %v", credentialSpecRegistryLocation, dummyError))
+
+		assert.Check(t, spec.Windows == nil)
+	})
+
+	t.Run("when using a 'registry://' option pointing to a value that doesn't exist, it fails gracefully", func(t *testing.T) {
+		valueName := "my-cred-spec"
+		key := &dummyRegistryKey{
+			getStringValueFunc: func(name string) (val string, valtype uint32, err error) {
+				assert.Equal(t, valueName, name)
+				return "", 0, registry.ErrNotExist
+			},
+		}
+		defer setRegistryOpenKeyFunc(t, key)()
+
+		spec := &specs.Spec{}
+		err := daemon.setWindowsCredentialSpec(containerFactory("registry://"+valueName), spec)
+		assert.ErrorContains(t, err, fmt.Sprintf("registry credential spec %q for container %s was not found", valueName, dummyContainerID))
+
+		assert.Check(t, key.closed)
+	})
+
+	t.Run("when using a 'registry://' option and reading the registry value fails, it fails gracefully", func(t *testing.T) {
+		dummyError := fmt.Errorf("dummy error")
+		valueName := "my-cred-spec"
+		key := &dummyRegistryKey{
+			getStringValueFunc: func(name string) (val string, valtype uint32, err error) {
+				assert.Equal(t, valueName, name)
+				return "", 0, dummyError
+			},
+		}
+		defer setRegistryOpenKeyFunc(t, key)()
+
+		spec := &specs.Spec{}
+		err := daemon.setWindowsCredentialSpec(containerFactory("registry://"+valueName), spec)
+		assert.ErrorContains(t, err, fmt.Sprintf("error reading credential spec %q from registry for container %s: %v", valueName, dummyContainerID, dummyError))
+
+		assert.Check(t, key.closed)
+	})
+
+	t.Run("happy path with a 'config://' option", func(t *testing.T) {
+		configID := "my-cred-spec"
+
+		dependencyManager := swarmagent.NewDependencyManager()
+		dependencyManager.Configs().Add(swarmapi.Config{
+			ID: configID,
+			Spec: swarmapi.ConfigSpec{
+				Data: []byte(dummyCredFileContents),
+			},
+		})
+
+		task := &swarmapi.Task{
+			Spec: swarmapi.TaskSpec{
+				Runtime: &swarmapi.TaskSpec_Container{
+					Container: &swarmapi.ContainerSpec{
+						Configs: []*swarmapi.ConfigReference{
+							{
+								ConfigID: configID,
+							},
+						},
+					},
+				},
+			},
+		}
+
+		cntr := containerFactory("config://" + configID)
+		cntr.DependencyStore = swarmagent.Restrict(dependencyManager, task)
+
+		spec := &specs.Spec{}
+		err := daemon.setWindowsCredentialSpec(cntr, spec)
+		assert.NilError(t, err)
+
+		if assert.Check(t, spec.Windows != nil) {
+			assert.Equal(t, dummyCredFileContents, spec.Windows.CredentialSpec)
+		}
+	})
+
+	t.Run("using a 'config://' option on a container not managed by swarmkit is not allowed, and results in a generic error message to hide that purely internal API", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(containerFactory("config://whatever"), spec)
+		assert.Equal(t, errInvalidCredentialSpecSecOpt, err)
+
+		assert.Check(t, spec.Windows == nil)
+	})
+
+	t.Run("happy path with a 'raw://' option", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(containerFactory("raw://"+dummyCredFileContents), spec)
+		assert.NilError(t, err)
+
+		if assert.Check(t, spec.Windows != nil) {
+			assert.Equal(t, dummyCredFileContents, spec.Windows.CredentialSpec)
+		}
+	})
+
+	t.Run("it's not case sensitive in the option names", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(containerFactory("CreDENtiaLSPeC=rAw://"+dummyCredFileContents), spec)
+		assert.NilError(t, err)
+
+		if assert.Check(t, spec.Windows != nil) {
+			assert.Equal(t, dummyCredFileContents, spec.Windows.CredentialSpec)
+		}
+	})
+
+	t.Run("it rejects unknown options", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(containerFactory("credentialspe=config://whatever"), spec)
+		assert.ErrorContains(t, err, "security option not supported: credentialspe")
+
+		assert.Check(t, spec.Windows == nil)
+	})
+
+	t.Run("it rejects unsupported credentialspec options", func(t *testing.T) {
+		spec := &specs.Spec{}
+
+		err := daemon.setWindowsCredentialSpec(containerFactory("idontexist://whatever"), spec)
+		assert.Equal(t, errInvalidCredentialSpecSecOpt, err)
+
+		assert.Check(t, spec.Windows == nil)
+	})
+
+	for _, option := range []string{"file", "registry", "config", "raw"} {
+		t.Run(fmt.Sprintf("it rejects empty values for %s", option), func(t *testing.T) {
+			spec := &specs.Spec{}
+
+			err := daemon.setWindowsCredentialSpec(containerFactory(option+"://"), spec)
+			assert.Equal(t, errInvalidCredentialSpecSecOpt, err)
+
+			assert.Check(t, spec.Windows == nil)
+		})
+	}
+}
+
+/* Helpers below */
+
+type dummyRegistryKey struct {
+	getStringValueFunc func(name string) (val string, valtype uint32, err error)
+	closed             bool
+}
+
+func (k *dummyRegistryKey) GetStringValue(name string) (val string, valtype uint32, err error) {
+	return k.getStringValueFunc(name)
+}
+
+func (k *dummyRegistryKey) Close() error {
+	k.closed = true
+	return nil
+}
+
+// setRegistryOpenKeyFunc replaces the registryOpenKeyFunc package variable, and returns a function
+// to be called to revert the change when done with testing.
+func setRegistryOpenKeyFunc(t *testing.T, key *dummyRegistryKey, err ...error) func() {
+	previousRegistryOpenKeyFunc := registryOpenKeyFunc
+
+	registryOpenKeyFunc = func(baseKey registry.Key, path string, access uint32) (registryKey, error) {
+		// this should always be called with exactly the same arguments
+		assert.Equal(t, registry.LOCAL_MACHINE, baseKey)
+		assert.Equal(t, credentialSpecRegistryLocation, path)
+		assert.Equal(t, uint32(registry.QUERY_VALUE), access)
+
+		if len(err) > 0 {
+			return nil, err[0]
+		}
+		return key, nil
+	}
+
+	return func() {
+		registryOpenKeyFunc = previousRegistryOpenKeyFunc
+	}
+}
diff --git a/daemon/pause.go b/daemon/pause.go
index be6ec1b92a7a0..51004e6c15094 100644
--- a/daemon/pause.go
+++ b/daemon/pause.go
@@ -10,11 +10,11 @@ import (
 
 // ContainerPause pauses a container
 func (daemon *Daemon) ContainerPause(name string) error {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
-	return daemon.containerPause(container)
+	return daemon.containerPause(ctr)
 }
 
 // containerPause pauses the container execution without stopping the process.
diff --git a/daemon/prune.go b/daemon/prune.go
index b1bcd5b79c048..e3ef4668bee75 100644
--- a/daemon/prune.go
+++ b/daemon/prune.go
@@ -4,15 +4,17 @@ import (
 	"context"
 	"fmt"
 	"regexp"
+	"strconv"
 	"sync/atomic"
 	"time"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libnetwork"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/libnetwork"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -84,7 +86,9 @@ func (daemon *Daemon) ContainersPrune(ctx context.Context, pruneFilters filters.
 			rep.ContainersDeleted = append(rep.ContainersDeleted, c.ID)
 		}
 	}
-
+	daemon.EventsService.Log("prune", events.ContainerEventType, events.Actor{
+		Attributes: map[string]string{"reclaimed": strconv.FormatUint(rep.SpaceReclaimed, 10)},
+	})
 	return rep, nil
 }
 
@@ -210,7 +214,9 @@ func (daemon *Daemon) NetworksPrune(ctx context.Context, pruneFilters filters.Ar
 		return rep, nil
 	default:
 	}
-
+	daemon.EventsService.Log("prune", events.NetworkEventType, events.Actor{
+		Attributes: map[string]string{"reclaimed": "0"},
+	})
 	return rep, nil
 }
 
diff --git a/daemon/reload.go b/daemon/reload.go
index be31f4ef6c3ae..661619626e929 100644
--- a/daemon/reload.go
+++ b/daemon/reload.go
@@ -16,6 +16,7 @@ import (
 // - Daemon debug log level
 // - Daemon max concurrent downloads
 // - Daemon max concurrent uploads
+// - Daemon max download attempts
 // - Daemon shutdown timeout (in seconds)
 // - Cluster discovery (reconfigure and restart)
 // - Daemon labels
@@ -27,14 +28,26 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) {
 	attributes := map[string]string{}
 
 	defer func() {
-		jsonString, _ := json.Marshal(daemon.configStore)
+		if err == nil {
+			jsonString, _ := json.Marshal(&struct {
+				*config.Config
+				config.ProxyConfig
+			}{
+				Config: daemon.configStore,
+				ProxyConfig: config.ProxyConfig{
+					HTTPProxy:  config.MaskCredentials(daemon.configStore.HTTPProxy),
+					HTTPSProxy: config.MaskCredentials(daemon.configStore.HTTPSProxy),
+					NoProxy:    config.MaskCredentials(daemon.configStore.NoProxy),
+				},
+			})
+			logrus.Infof("Reloaded configuration: %s", jsonString)
+		}
 
 		// we're unlocking here, because
 		// LogDaemonEventWithAttributes() -> SystemInfo() -> GetAllRuntimes()
 		// holds that lock too.
 		daemon.configStore.Unlock()
 		if err == nil {
-			logrus.Infof("Reloaded configuration: %s", jsonString)
 			daemon.LogDaemonEventWithAttributes("reload", attributes)
 		}
 	}()
@@ -44,6 +57,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) {
 	}
 	daemon.reloadDebug(conf, attributes)
 	daemon.reloadMaxConcurrentDownloadsAndUploads(conf, attributes)
+	if err := daemon.reloadMaxDownloadAttempts(conf, attributes); err != nil {
+		return err
+	}
 	daemon.reloadShutdownTimeout(conf, attributes)
 	daemon.reloadFeatures(conf, attributes)
 
@@ -84,31 +100,53 @@ func (daemon *Daemon) reloadDebug(conf *config.Config, attributes map[string]str
 func (daemon *Daemon) reloadMaxConcurrentDownloadsAndUploads(conf *config.Config, attributes map[string]string) {
 	// If no value is set for max-concurrent-downloads we assume it is the default value
 	// We always "reset" as the cost is lightweight and easy to maintain.
+	maxConcurrentDownloads := config.DefaultMaxConcurrentDownloads
 	if conf.IsValueSet("max-concurrent-downloads") && conf.MaxConcurrentDownloads != nil {
-		*daemon.configStore.MaxConcurrentDownloads = *conf.MaxConcurrentDownloads
-	} else {
-		maxConcurrentDownloads := config.DefaultMaxConcurrentDownloads
-		daemon.configStore.MaxConcurrentDownloads = &maxConcurrentDownloads
+		maxConcurrentDownloads = *conf.MaxConcurrentDownloads
 	}
+	daemon.configStore.MaxConcurrentDownloads = &maxConcurrentDownloads
 	logrus.Debugf("Reset Max Concurrent Downloads: %d", *daemon.configStore.MaxConcurrentDownloads)
 
 	// If no value is set for max-concurrent-upload we assume it is the default value
 	// We always "reset" as the cost is lightweight and easy to maintain.
+	maxConcurrentUploads := config.DefaultMaxConcurrentUploads
 	if conf.IsValueSet("max-concurrent-uploads") && conf.MaxConcurrentUploads != nil {
-		*daemon.configStore.MaxConcurrentUploads = *conf.MaxConcurrentUploads
-	} else {
-		maxConcurrentUploads := config.DefaultMaxConcurrentUploads
-		daemon.configStore.MaxConcurrentUploads = &maxConcurrentUploads
+		maxConcurrentUploads = *conf.MaxConcurrentUploads
 	}
+	daemon.configStore.MaxConcurrentUploads = &maxConcurrentUploads
 	logrus.Debugf("Reset Max Concurrent Uploads: %d", *daemon.configStore.MaxConcurrentUploads)
 
-	daemon.imageService.UpdateConfig(conf.MaxConcurrentDownloads, conf.MaxConcurrentUploads)
+	if daemon.imageService != nil {
+		daemon.imageService.UpdateConfig(&maxConcurrentDownloads, &maxConcurrentUploads)
+	}
+
 	// prepare reload event attributes with updatable configurations
 	attributes["max-concurrent-downloads"] = fmt.Sprintf("%d", *daemon.configStore.MaxConcurrentDownloads)
 	// prepare reload event attributes with updatable configurations
 	attributes["max-concurrent-uploads"] = fmt.Sprintf("%d", *daemon.configStore.MaxConcurrentUploads)
 }
 
+// reloadMaxDownloadAttempts updates configuration with max concurrent
+// download attempts when a connection is lost and updates the passed attributes
+func (daemon *Daemon) reloadMaxDownloadAttempts(conf *config.Config, attributes map[string]string) error {
+	if err := config.ValidateMaxDownloadAttempts(conf); err != nil {
+		return err
+	}
+
+	// If no value is set for max-download-attempts we assume it is the default value
+	// We always "reset" as the cost is lightweight and easy to maintain.
+	maxDownloadAttempts := config.DefaultDownloadAttempts
+	if conf.IsValueSet("max-download-attempts") && conf.MaxDownloadAttempts != nil {
+		maxDownloadAttempts = *conf.MaxDownloadAttempts
+	}
+	daemon.configStore.MaxDownloadAttempts = &maxDownloadAttempts
+	logrus.Debugf("Reset Max Download Attempts: %d", *daemon.configStore.MaxDownloadAttempts)
+
+	// prepare reload event attributes with updatable configurations
+	attributes["max-download-attempts"] = fmt.Sprintf("%d", *daemon.configStore.MaxDownloadAttempts)
+	return nil
+}
+
 // reloadShutdownTimeout updates configuration with daemon shutdown timeout option
 // and updates the passed attributes
 func (daemon *Daemon) reloadShutdownTimeout(conf *config.Config, attributes map[string]string) {
diff --git a/daemon/reload_test.go b/daemon/reload_test.go
index ffad297f71b74..6e8866ebb699f 100644
--- a/daemon/reload_test.go
+++ b/daemon/reload_test.go
@@ -9,14 +9,20 @@ import (
 
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/daemon/images"
+	"github.com/docker/docker/libnetwork"
 	"github.com/docker/docker/pkg/discovery"
 	_ "github.com/docker/docker/pkg/discovery/memory"
 	"github.com/docker/docker/registry"
-	"github.com/docker/libnetwork"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/sirupsen/logrus"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
+// muteLogs suppresses logs that are generated during the test
+func muteLogs() {
+	logrus.SetLevel(logrus.ErrorLevel)
+}
+
 func TestDaemonReloadLabels(t *testing.T) {
 	daemon := &Daemon{
 		configStore: &config.Config{
@@ -26,6 +32,7 @@ func TestDaemonReloadLabels(t *testing.T) {
 		},
 		imageService: images.NewImageService(images.ImageServiceConfig{}),
 	}
+	muteLogs()
 
 	valuesSets := make(map[string]interface{})
 	valuesSets["labels"] = "foo:baz"
@@ -51,6 +58,7 @@ func TestDaemonReloadAllowNondistributableArtifacts(t *testing.T) {
 		configStore:  &config.Config{},
 		imageService: images.NewImageService(images.ImageServiceConfig{}),
 	}
+	muteLogs()
 
 	var err error
 	// Initialize daemon with some registries.
@@ -106,13 +114,15 @@ func TestDaemonReloadMirrors(t *testing.T) {
 	daemon := &Daemon{
 		imageService: images.NewImageService(images.ImageServiceConfig{}),
 	}
+	muteLogs()
+
 	var err error
 	daemon.RegistryService, err = registry.NewService(registry.ServiceOptions{
 		InsecureRegistries: []string{},
 		Mirrors: []string{
-			"https://mirror.test1.com",
-			"https://mirror.test2.com", // this will be removed when reloading
-			"https://mirror.test3.com", // this will be removed when reloading
+			"https://mirror.test1.example.com",
+			"https://mirror.test2.example.com", // this will be removed when reloading
+			"https://mirror.test3.example.com", // this will be removed when reloading
 		},
 	})
 	if err != nil {
@@ -140,13 +150,13 @@ func TestDaemonReloadMirrors(t *testing.T) {
 		},
 		{
 			valid:   false,
-			mirrors: []string{"10.10.1.11:5000", "mirror.test1.com"}, // mirrors are invalid
+			mirrors: []string{"10.10.1.11:5000", "mirror.test1.example.com"}, // mirrors are invalid
 			after:   []string{},
 		},
 		{
 			valid:   true,
-			mirrors: []string{"https://mirror.test1.com", "https://mirror.test4.com"},
-			after:   []string{"https://mirror.test1.com/", "https://mirror.test4.com/"},
+			mirrors: []string{"https://mirror.test1.example.com", "https://mirror.test4.example.com"},
+			after:   []string{"https://mirror.test1.example.com/", "https://mirror.test4.example.com/"},
 		},
 	}
 
@@ -205,6 +215,8 @@ func TestDaemonReloadInsecureRegistries(t *testing.T) {
 	daemon := &Daemon{
 		imageService: images.NewImageService(images.ImageServiceConfig{}),
 	}
+	muteLogs()
+
 	var err error
 	// initialize daemon with existing insecure registries: "127.0.0.0/8", "10.10.1.11:5000", "10.10.1.22:5000"
 	daemon.RegistryService, err = registry.NewService(registry.ServiceOptions{
@@ -212,8 +224,8 @@ func TestDaemonReloadInsecureRegistries(t *testing.T) {
 			"127.0.0.0/8",
 			"10.10.1.11:5000",
 			"10.10.1.22:5000", // this will be removed when reloading
-			"docker1.com",
-			"docker2.com", // this will be removed when reloading
+			"docker1.example.com",
+			"docker2.example.com", // this will be removed when reloading
 		},
 	})
 	if err != nil {
@@ -223,11 +235,11 @@ func TestDaemonReloadInsecureRegistries(t *testing.T) {
 	daemon.configStore = &config.Config{}
 
 	insecureRegistries := []string{
-		"127.0.0.0/8",     // this will be kept
-		"10.10.1.11:5000", // this will be kept
-		"10.10.1.33:5000", // this will be newly added
-		"docker1.com",     // this will be kept
-		"docker3.com",     // this will be newly added
+		"127.0.0.0/8",         // this will be kept
+		"10.10.1.11:5000",     // this will be kept
+		"10.10.1.33:5000",     // this will be newly added
+		"docker1.example.com", // this will be kept
+		"docker3.example.com", // this will be newly added
 	}
 
 	valuesSets := make(map[string]interface{})
@@ -288,7 +300,7 @@ func TestDaemonReloadInsecureRegistries(t *testing.T) {
 	}
 
 	// assert if "docker2.com" is removed when reloading
-	if value, ok := dataMap["docker2.com"]; ok {
+	if value, ok := dataMap["docker2.example.com"]; ok {
 		t.Fatalf("Expected no insecure registry of docker2.com, got %d", value)
 	}
 }
@@ -297,6 +309,8 @@ func TestDaemonReloadNotAffectOthers(t *testing.T) {
 	daemon := &Daemon{
 		imageService: images.NewImageService(images.ImageServiceConfig{}),
 	}
+	muteLogs()
+
 	daemon.configStore = &config.Config{
 		CommonConfig: config.CommonConfig{
 			Labels: []string{"foo:bar"},
@@ -331,6 +345,7 @@ func TestDaemonDiscoveryReload(t *testing.T) {
 	daemon := &Daemon{
 		imageService: images.NewImageService(images.ImageServiceConfig{}),
 	}
+	muteLogs()
 	daemon.configStore = &config.Config{
 		CommonConfig: config.CommonConfig{
 			ClusterStore:     "memory://127.0.0.1",
@@ -411,6 +426,7 @@ func TestDaemonDiscoveryReloadFromEmptyDiscovery(t *testing.T) {
 		imageService: images.NewImageService(images.ImageServiceConfig{}),
 	}
 	daemon.configStore = &config.Config{}
+	muteLogs()
 
 	valuesSet := make(map[string]interface{})
 	valuesSet["cluster-store"] = "memory://127.0.0.1:2222"
diff --git a/daemon/reload_unix.go b/daemon/reload_unix.go
index 9c1bb992af0ff..590267c48449a 100644
--- a/daemon/reload_unix.go
+++ b/daemon/reload_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -19,7 +20,7 @@ func (daemon *Daemon) reloadPlatform(conf *config.Config, attributes map[string]
 
 	if conf.IsValueSet("runtimes") {
 		// Always set the default one
-		conf.Runtimes[config.StockRuntimeName] = types.Runtime{Path: DefaultRuntimeBinary}
+		conf.Runtimes[config.StockRuntimeName] = types.Runtime{Path: config.DefaultRuntimeBinary}
 		if err := daemon.initRuntimes(conf.Runtimes); err != nil {
 			return err
 		}
@@ -34,6 +35,10 @@ func (daemon *Daemon) reloadPlatform(conf *config.Config, attributes map[string]
 		daemon.configStore.ShmSize = conf.ShmSize
 	}
 
+	if conf.CgroupNamespaceMode != "" {
+		daemon.configStore.CgroupNamespaceMode = conf.CgroupNamespaceMode
+	}
+
 	if conf.IpcMode != "" {
 		daemon.configStore.IpcMode = conf.IpcMode
 	}
@@ -44,13 +49,14 @@ func (daemon *Daemon) reloadPlatform(conf *config.Config, attributes map[string]
 		if runtimeList.Len() > 0 {
 			runtimeList.WriteRune(' ')
 		}
-		runtimeList.WriteString(fmt.Sprintf("%s:%s", name, rt))
+		runtimeList.WriteString(fmt.Sprintf("%s:%s", name, rt.Path))
 	}
 
 	attributes["runtimes"] = runtimeList.String()
 	attributes["default-runtime"] = daemon.configStore.DefaultRuntime
 	attributes["default-shm-size"] = fmt.Sprintf("%d", daemon.configStore.ShmSize)
 	attributes["default-ipc-mode"] = daemon.configStore.IpcMode
+	attributes["default-cgroupns-mode"] = daemon.configStore.CgroupNamespaceMode
 
 	return nil
 }
diff --git a/daemon/rename.go b/daemon/rename.go
index 6b099018f5ae1..55a2488529948 100644
--- a/daemon/rename.go
+++ b/daemon/rename.go
@@ -5,7 +5,7 @@ import (
 
 	dockercontainer "github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/libnetwork"
+	"github.com/docker/docker/libnetwork"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
diff --git a/daemon/resize.go b/daemon/resize.go
index 21240650f85a8..ac9395379ba0c 100644
--- a/daemon/resize.go
+++ b/daemon/resize.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/docker/docker/libcontainerd"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
 )
 
 // ContainerResize changes the size of the TTY of the process running
@@ -20,7 +20,7 @@ func (daemon *Daemon) ContainerResize(name string, height, width int) error {
 		return errNotRunning(container.ID)
 	}
 
-	if err = daemon.containerd.ResizeTerminal(context.Background(), container.ID, libcontainerd.InitProcessName, width, height); err == nil {
+	if err = daemon.containerd.ResizeTerminal(context.Background(), container.ID, libcontainerdtypes.InitProcessName, width, height); err == nil {
 		attributes := map[string]string{
 			"height": fmt.Sprintf("%d", height),
 			"width":  fmt.Sprintf("%d", width),
@@ -38,13 +38,16 @@ func (daemon *Daemon) ContainerExecResize(name string, height, width int) error
 	if err != nil {
 		return err
 	}
+
 	// TODO: the timeout is hardcoded here, it would be more flexible to make it
 	// a parameter in resize request context, which would need API changes.
-	timeout := 10 * time.Second
+	timeout := time.NewTimer(10 * time.Second)
+	defer timeout.Stop()
+
 	select {
 	case <-ec.Started:
 		return daemon.containerd.ResizeTerminal(context.Background(), ec.ContainerID, ec.ID, width, height)
-	case <-time.After(timeout):
+	case <-timeout.C:
 		return fmt.Errorf("timeout waiting for exec session ready")
 	}
 }
diff --git a/daemon/resize_test.go b/daemon/resize_test.go
index edfe9d3ed1771..50a96778a7df1 100644
--- a/daemon/resize_test.go
+++ b/daemon/resize_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package daemon
@@ -8,7 +9,7 @@ import (
 
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/exec"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 // This test simply verify that when a wrong ID used, a specific error should be returned for exec resize.
diff --git a/daemon/restart.go b/daemon/restart.go
index 0f06dea26713e..da3deec4bfd73 100644
--- a/daemon/restart.go
+++ b/daemon/restart.go
@@ -3,6 +3,7 @@ package daemon // import "github.com/docker/docker/daemon"
 import (
 	"fmt"
 
+	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	"github.com/sirupsen/logrus"
 )
@@ -14,15 +15,15 @@ import (
 // stop. Returns an error if the container cannot be found, or if
 // there is an underlying error at any stage of the restart.
 func (daemon *Daemon) ContainerRestart(name string, seconds *int) error {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
 	if seconds == nil {
-		stopTimeout := container.StopTimeout()
+		stopTimeout := ctr.StopTimeout()
 		seconds = &stopTimeout
 	}
-	if err := daemon.containerRestart(container, *seconds); err != nil {
+	if err := daemon.containerRestart(ctr, *seconds); err != nil {
 		return fmt.Errorf("Cannot restart container %s: %v", name, err)
 	}
 	return nil
@@ -34,11 +35,23 @@ func (daemon *Daemon) ContainerRestart(name string, seconds *int) error {
 // gracefully stop, before forcefully terminating the container. If
 // given a negative duration, wait forever for a graceful stop.
 func (daemon *Daemon) containerRestart(container *container.Container, seconds int) error {
+
+	// Determine isolation. If not specified in the hostconfig, use daemon default.
+	actualIsolation := container.HostConfig.Isolation
+	if containertypes.Isolation.IsDefault(actualIsolation) {
+		actualIsolation = daemon.defaultIsolation
+	}
+
 	// Avoid unnecessarily unmounting and then directly mounting
 	// the container when the container stops and then starts
-	// again
-	if err := daemon.Mount(container); err == nil {
-		defer daemon.Unmount(container)
+	// again. We do not do this for Hyper-V isolated containers
+	// (implying also on Windows) as the HCS must have exclusive
+	// access to mount the containers filesystem inside the utility
+	// VM.
+	if !containertypes.Isolation.IsHyperV(actualIsolation) {
+		if err := daemon.Mount(container); err == nil {
+			defer daemon.Unmount(container)
+		}
 	}
 
 	if container.IsRunning() {
diff --git a/daemon/runtime_unix.go b/daemon/runtime_unix.go
new file mode 100644
index 0000000000000..1478735b838c9
--- /dev/null
+++ b/daemon/runtime_unix.go
@@ -0,0 +1,158 @@
+//go:build !windows
+// +build !windows
+
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/containerd/cgroups"
+	"github.com/containerd/containerd/runtime/linux/runctypes"
+	v2runcoptions "github.com/containerd/containerd/runtime/v2/runc/options"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	defaultRuntimeName = "runc"
+
+	linuxShimV1 = "io.containerd.runtime.v1.linux"
+	linuxShimV2 = "io.containerd.runc.v2"
+)
+
+func configureRuntimes(conf *config.Config) {
+	if conf.DefaultRuntime == "" {
+		conf.DefaultRuntime = config.StockRuntimeName
+	}
+	if conf.Runtimes == nil {
+		conf.Runtimes = make(map[string]types.Runtime)
+	}
+	conf.Runtimes[config.LinuxV1RuntimeName] = types.Runtime{Path: defaultRuntimeName, Shim: defaultV1ShimConfig(conf, defaultRuntimeName)}
+	conf.Runtimes[config.LinuxV2RuntimeName] = types.Runtime{Path: defaultRuntimeName, Shim: defaultV2ShimConfig(conf, defaultRuntimeName)}
+	conf.Runtimes[config.StockRuntimeName] = conf.Runtimes[config.LinuxV2RuntimeName]
+}
+
+func defaultV2ShimConfig(conf *config.Config, runtimePath string) *types.ShimConfig {
+	return &types.ShimConfig{
+		Binary: linuxShimV2,
+		Opts: &v2runcoptions.Options{
+			BinaryName:    runtimePath,
+			Root:          filepath.Join(conf.ExecRoot, "runtime-"+defaultRuntimeName),
+			SystemdCgroup: UsingSystemd(conf),
+			NoPivotRoot:   os.Getenv("DOCKER_RAMDISK") != "",
+		},
+	}
+}
+
+func defaultV1ShimConfig(conf *config.Config, runtimePath string) *types.ShimConfig {
+	return &types.ShimConfig{
+		Binary: linuxShimV1,
+		Opts: &runctypes.RuncOptions{
+			Runtime:       runtimePath,
+			RuntimeRoot:   filepath.Join(conf.ExecRoot, "runtime-"+defaultRuntimeName),
+			SystemdCgroup: UsingSystemd(conf),
+		},
+	}
+}
+
+func (daemon *Daemon) loadRuntimes() error {
+	return daemon.initRuntimes(daemon.configStore.Runtimes)
+}
+
+func (daemon *Daemon) initRuntimes(runtimes map[string]types.Runtime) (err error) {
+	runtimeDir := filepath.Join(daemon.configStore.Root, "runtimes")
+	// Remove old temp directory if any
+	os.RemoveAll(runtimeDir + "-old")
+	tmpDir, err := ioutils.TempDir(daemon.configStore.Root, "gen-runtimes")
+	if err != nil {
+		return errors.Wrap(err, "failed to get temp dir to generate runtime scripts")
+	}
+	defer func() {
+		if err != nil {
+			if err1 := os.RemoveAll(tmpDir); err1 != nil {
+				logrus.WithError(err1).WithField("dir", tmpDir).
+					Warn("failed to remove tmp dir")
+			}
+			return
+		}
+
+		if err = os.Rename(runtimeDir, runtimeDir+"-old"); err != nil {
+			return
+		}
+		if err = os.Rename(tmpDir, runtimeDir); err != nil {
+			err = errors.Wrap(err, "failed to setup runtimes dir, new containers may not start")
+			return
+		}
+		if err = os.RemoveAll(runtimeDir + "-old"); err != nil {
+			logrus.WithError(err).WithField("dir", tmpDir).
+				Warn("failed to remove old runtimes dir")
+		}
+	}()
+
+	for name, rt := range runtimes {
+		if len(rt.Args) > 0 {
+			script := filepath.Join(tmpDir, name)
+			content := fmt.Sprintf("#!/bin/sh\n%s %s $@\n", rt.Path, strings.Join(rt.Args, " "))
+			if err := os.WriteFile(script, []byte(content), 0700); err != nil {
+				return err
+			}
+		}
+		if rt.Shim == nil {
+			rt.Shim = defaultV2ShimConfig(daemon.configStore, rt.Path)
+		}
+	}
+	return nil
+}
+
+// rewriteRuntimePath is used for runtimes which have custom arguments supplied.
+// This is needed because the containerd API only calls the OCI runtime binary, there is no options for extra arguments.
+// To support this case, the daemon wraps the specified runtime in a script that passes through those arguments.
+func (daemon *Daemon) rewriteRuntimePath(name, p string, args []string) (string, error) {
+	if len(args) == 0 {
+		return p, nil
+	}
+
+	// Check that the runtime path actually exists here so that we can return a well known error.
+	if _, err := exec.LookPath(p); err != nil {
+		return "", errors.Wrap(err, "error while looking up the specified runtime path")
+	}
+
+	return filepath.Join(daemon.configStore.Root, "runtimes", name), nil
+}
+
+func (daemon *Daemon) getRuntime(name string) (*types.Runtime, error) {
+	rt := daemon.configStore.GetRuntime(name)
+	if rt == nil {
+		return nil, errdefs.InvalidParameter(errors.Errorf("runtime not found in config: %s", name))
+	}
+
+	if len(rt.Args) > 0 {
+		p, err := daemon.rewriteRuntimePath(name, rt.Path, rt.Args)
+		if err != nil {
+			return nil, err
+		}
+		rt.Path = p
+		rt.Args = nil
+	}
+
+	if rt.Shim == nil {
+		rt.Shim = defaultV2ShimConfig(daemon.configStore, rt.Path)
+	}
+
+	if rt.Shim.Binary == linuxShimV1 {
+		if cgroups.Mode() == cgroups.Unified {
+			return nil, errdefs.InvalidParameter(errors.Errorf("runtime %q is not supported while cgroups v2 (unified hierarchy) is being used", name))
+		}
+		logrus.Warnf("Configured runtime %q is deprecated and will be removed in the next release", name)
+	}
+
+	return rt, nil
+}
diff --git a/daemon/runtime_windows.go b/daemon/runtime_windows.go
new file mode 100644
index 0000000000000..0787cb115563e
--- /dev/null
+++ b/daemon/runtime_windows.go
@@ -0,0 +1,10 @@
+package daemon
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/pkg/errors"
+)
+
+func (daemon *Daemon) getRuntime(name string) (*types.Runtime, error) {
+	return nil, errors.New("not implemented")
+}
diff --git a/daemon/seccomp_disabled.go b/daemon/seccomp_disabled.go
index 3855c7830e69a..5cfe585e16c1d 100644
--- a/daemon/seccomp_disabled.go
+++ b/daemon/seccomp_disabled.go
@@ -1,19 +1,26 @@
+//go:build linux && !seccomp
 // +build linux,!seccomp
 
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 
+	"github.com/containerd/containerd/containers"
+	coci "github.com/containerd/containerd/oci"
 	"github.com/docker/docker/container"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	dconfig "github.com/docker/docker/daemon/config"
 )
 
-var supportsSeccomp = false
+const supportsSeccomp = false
 
-func setSeccomp(daemon *Daemon, rs *specs.Spec, c *container.Container) error {
-	if c.SeccompProfile != "" && c.SeccompProfile != "unconfined" {
-		return fmt.Errorf("seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile")
+// WithSeccomp sets the seccomp profile
+func WithSeccomp(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		if c.SeccompProfile != "" && c.SeccompProfile != dconfig.SeccompProfileUnconfined {
+			return fmt.Errorf("seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile")
+		}
+		return nil
 	}
-	return nil
 }
diff --git a/daemon/seccomp_linux.go b/daemon/seccomp_linux.go
index 66ab8c768cd81..1f4ecb576d615 100644
--- a/daemon/seccomp_linux.go
+++ b/daemon/seccomp_linux.go
@@ -1,55 +1,52 @@
+//go:build linux && seccomp
 // +build linux,seccomp
 
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 
+	"github.com/containerd/containerd/containers"
+	coci "github.com/containerd/containerd/oci"
 	"github.com/docker/docker/container"
+	dconfig "github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/profiles/seccomp"
-	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
 
-var supportsSeccomp = true
+const supportsSeccomp = true
 
-func setSeccomp(daemon *Daemon, rs *specs.Spec, c *container.Container) error {
-	var profile *specs.LinuxSeccomp
-	var err error
-
-	if c.HostConfig.Privileged {
-		return nil
-	}
-
-	if !daemon.seccompEnabled {
-		if c.SeccompProfile != "" && c.SeccompProfile != "unconfined" {
-			return fmt.Errorf("Seccomp is not enabled in your kernel, cannot run a custom seccomp profile.")
+// WithSeccomp sets the seccomp profile
+func WithSeccomp(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		if c.SeccompProfile == dconfig.SeccompProfileUnconfined {
+			return nil
 		}
-		logrus.Warn("Seccomp is not enabled in your kernel, running container without default profile.")
-		c.SeccompProfile = "unconfined"
-	}
-	if c.SeccompProfile == "unconfined" {
-		return nil
-	}
-	if c.SeccompProfile != "" {
-		profile, err = seccomp.LoadProfile(c.SeccompProfile, rs)
-		if err != nil {
-			return err
+		if c.HostConfig.Privileged {
+			return nil
 		}
-	} else {
-		if daemon.seccompProfile != nil {
-			profile, err = seccomp.LoadProfile(string(daemon.seccompProfile), rs)
-			if err != nil {
-				return err
-			}
-		} else {
-			profile, err = seccomp.GetDefaultProfile(rs)
-			if err != nil {
-				return err
+		if !daemon.seccompEnabled {
+			if c.SeccompProfile != "" && c.SeccompProfile != dconfig.SeccompProfileDefault {
+				return fmt.Errorf("seccomp is not enabled in your kernel, cannot run a custom seccomp profile")
 			}
+			logrus.Warn("seccomp is not enabled in your kernel, running container without default profile")
+			c.SeccompProfile = dconfig.SeccompProfileUnconfined
+			return nil
 		}
+		var err error
+		switch {
+		case c.SeccompProfile == dconfig.SeccompProfileDefault:
+			s.Linux.Seccomp, err = seccomp.GetDefaultProfile(s)
+		case c.SeccompProfile != "":
+			s.Linux.Seccomp, err = seccomp.LoadProfile(c.SeccompProfile, s)
+		case daemon.seccompProfile != nil:
+			s.Linux.Seccomp, err = seccomp.LoadProfile(string(daemon.seccompProfile), s)
+		case daemon.seccompProfilePath == dconfig.SeccompProfileUnconfined:
+			c.SeccompProfile = dconfig.SeccompProfileUnconfined
+		default:
+			s.Linux.Seccomp, err = seccomp.GetDefaultProfile(s)
+		}
+		return err
 	}
-
-	rs.Linux.Seccomp = profile
-	return nil
 }
diff --git a/daemon/seccomp_linux_test.go b/daemon/seccomp_linux_test.go
new file mode 100644
index 0000000000000..bb5331da37d1f
--- /dev/null
+++ b/daemon/seccomp_linux_test.go
@@ -0,0 +1,200 @@
+//go:build linux && seccomp
+// +build linux,seccomp
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"testing"
+
+	coci "github.com/containerd/containerd/oci"
+	config "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	dconfig "github.com/docker/docker/daemon/config"
+	doci "github.com/docker/docker/oci"
+	"github.com/docker/docker/profiles/seccomp"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"gotest.tools/v3/assert"
+)
+
+func TestWithSeccomp(t *testing.T) {
+
+	type expected struct {
+		daemon  *Daemon
+		c       *container.Container
+		inSpec  coci.Spec
+		outSpec coci.Spec
+		err     string
+		comment string
+	}
+
+	for _, x := range []expected{
+		{
+			comment: "unconfined seccompProfile runs unconfined",
+			daemon: &Daemon{
+				seccompEnabled: true,
+			},
+			c: &container.Container{
+				SeccompProfile: dconfig.SeccompProfileUnconfined,
+				HostConfig: &config.HostConfig{
+					Privileged: false,
+				},
+			},
+			inSpec:  doci.DefaultLinuxSpec(),
+			outSpec: doci.DefaultLinuxSpec(),
+		},
+		{
+			comment: "privileged container w/ custom profile runs unconfined",
+			daemon: &Daemon{
+				seccompEnabled: true,
+			},
+			c: &container.Container{
+				SeccompProfile: "{ \"defaultAction\": \"SCMP_ACT_LOG\" }",
+				HostConfig: &config.HostConfig{
+					Privileged: true,
+				},
+			},
+			inSpec:  doci.DefaultLinuxSpec(),
+			outSpec: doci.DefaultLinuxSpec(),
+		},
+		{
+			comment: "privileged container w/ default runs unconfined",
+			daemon: &Daemon{
+				seccompEnabled: true,
+			},
+			c: &container.Container{
+				SeccompProfile: "",
+				HostConfig: &config.HostConfig{
+					Privileged: true,
+				},
+			},
+			inSpec:  doci.DefaultLinuxSpec(),
+			outSpec: doci.DefaultLinuxSpec(),
+		},
+		{
+			comment: "privileged container w/ daemon profile runs unconfined",
+			daemon: &Daemon{
+				seccompEnabled: true,
+				seccompProfile: []byte("{ \"defaultAction\": \"SCMP_ACT_ERRNO\" }"),
+			},
+			c: &container.Container{
+				SeccompProfile: "",
+				HostConfig: &config.HostConfig{
+					Privileged: true,
+				},
+			},
+			inSpec:  doci.DefaultLinuxSpec(),
+			outSpec: doci.DefaultLinuxSpec(),
+		},
+		{
+			comment: "custom profile when seccomp is disabled returns error",
+			daemon: &Daemon{
+				seccompEnabled: false,
+			},
+			c: &container.Container{
+				SeccompProfile: "{ \"defaultAction\": \"SCMP_ACT_ERRNO\" }",
+				HostConfig: &config.HostConfig{
+					Privileged: false,
+				},
+			},
+			inSpec:  doci.DefaultLinuxSpec(),
+			outSpec: doci.DefaultLinuxSpec(),
+			err:     "seccomp is not enabled in your kernel, cannot run a custom seccomp profile",
+		},
+		{
+			comment: "empty profile name loads default profile",
+			daemon: &Daemon{
+				seccompEnabled: true,
+			},
+			c: &container.Container{
+				SeccompProfile: "",
+				HostConfig: &config.HostConfig{
+					Privileged: false,
+				},
+			},
+			inSpec: doci.DefaultLinuxSpec(),
+			outSpec: func() coci.Spec {
+				s := doci.DefaultLinuxSpec()
+				profile, _ := seccomp.GetDefaultProfile(&s)
+				s.Linux.Seccomp = profile
+				return s
+			}(),
+		},
+		{
+			comment: "load container's profile",
+			daemon: &Daemon{
+				seccompEnabled: true,
+			},
+			c: &container.Container{
+				SeccompProfile: "{ \"defaultAction\": \"SCMP_ACT_ERRNO\" }",
+				HostConfig: &config.HostConfig{
+					Privileged: false,
+				},
+			},
+			inSpec: doci.DefaultLinuxSpec(),
+			outSpec: func() coci.Spec {
+				s := doci.DefaultLinuxSpec()
+				profile := &specs.LinuxSeccomp{
+					DefaultAction: specs.LinuxSeccompAction("SCMP_ACT_ERRNO"),
+				}
+				s.Linux.Seccomp = profile
+				return s
+			}(),
+		},
+		{
+			comment: "load daemon's profile",
+			daemon: &Daemon{
+				seccompEnabled: true,
+				seccompProfile: []byte("{ \"defaultAction\": \"SCMP_ACT_ERRNO\" }"),
+			},
+			c: &container.Container{
+				SeccompProfile: "",
+				HostConfig: &config.HostConfig{
+					Privileged: false,
+				},
+			},
+			inSpec: doci.DefaultLinuxSpec(),
+			outSpec: func() coci.Spec {
+				s := doci.DefaultLinuxSpec()
+				profile := &specs.LinuxSeccomp{
+					DefaultAction: specs.LinuxSeccompAction("SCMP_ACT_ERRNO"),
+				}
+				s.Linux.Seccomp = profile
+				return s
+			}(),
+		},
+		{
+			comment: "load prioritise container profile over daemon's",
+			daemon: &Daemon{
+				seccompEnabled: true,
+				seccompProfile: []byte("{ \"defaultAction\": \"SCMP_ACT_ERRNO\" }"),
+			},
+			c: &container.Container{
+				SeccompProfile: "{ \"defaultAction\": \"SCMP_ACT_LOG\" }",
+				HostConfig: &config.HostConfig{
+					Privileged: false,
+				},
+			},
+			inSpec: doci.DefaultLinuxSpec(),
+			outSpec: func() coci.Spec {
+				s := doci.DefaultLinuxSpec()
+				profile := &specs.LinuxSeccomp{
+					DefaultAction: specs.LinuxSeccompAction("SCMP_ACT_LOG"),
+				}
+				s.Linux.Seccomp = profile
+				return s
+			}(),
+		},
+	} {
+		t.Run(x.comment, func(t *testing.T) {
+			opts := WithSeccomp(x.daemon, x.c)
+			err := opts(nil, nil, nil, &x.inSpec)
+
+			assert.DeepEqual(t, x.inSpec, x.outSpec)
+			if x.err != "" {
+				assert.Error(t, err, x.err)
+			} else {
+				assert.NilError(t, err)
+			}
+		})
+	}
+}
diff --git a/daemon/seccomp_unsupported.go b/daemon/seccomp_unsupported.go
index a323fe0be15db..97fe70b30a915 100644
--- a/daemon/seccomp_unsupported.go
+++ b/daemon/seccomp_unsupported.go
@@ -1,5 +1,21 @@
+//go:build !linux
 // +build !linux
 
 package daemon // import "github.com/docker/docker/daemon"
 
-var supportsSeccomp = false
+import (
+	"context"
+
+	"github.com/containerd/containerd/containers"
+	coci "github.com/containerd/containerd/oci"
+	"github.com/docker/docker/container"
+)
+
+const supportsSeccomp = false
+
+// WithSeccomp sets the seccomp profile
+func WithSeccomp(daemon *Daemon, c *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+		return nil
+	}
+}
diff --git a/daemon/secrets_unsupported.go b/daemon/secrets_unsupported.go
index edad69c56959f..678b7c34c0da1 100644
--- a/daemon/secrets_unsupported.go
+++ b/daemon/secrets_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package daemon // import "github.com/docker/docker/daemon"
diff --git a/daemon/selinux_linux.go b/daemon/selinux_linux.go
deleted file mode 100644
index f87b30b7387ce..0000000000000
--- a/daemon/selinux_linux.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package daemon // import "github.com/docker/docker/daemon"
-
-import "github.com/opencontainers/selinux/go-selinux"
-
-func selinuxSetDisabled() {
-	selinux.SetDisabled()
-}
-
-func selinuxFreeLxcContexts(label string) {
-	selinux.ReleaseLabel(label)
-}
-
-func selinuxEnabled() bool {
-	return selinux.GetEnabled()
-}
diff --git a/daemon/selinux_unsupported.go b/daemon/selinux_unsupported.go
deleted file mode 100644
index 49d0d13bce932..0000000000000
--- a/daemon/selinux_unsupported.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build !linux
-
-package daemon // import "github.com/docker/docker/daemon"
-
-func selinuxSetDisabled() {
-}
-
-func selinuxFreeLxcContexts(label string) {
-}
-
-func selinuxEnabled() bool {
-	return false
-}
diff --git a/daemon/start.go b/daemon/start.go
index c00bd9ceb22be..fc5aa5b55f5eb 100644
--- a/daemon/start.go
+++ b/daemon/start.go
@@ -9,7 +9,6 @@ import (
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -20,24 +19,24 @@ func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.Hos
 		return errdefs.InvalidParameter(errors.New("checkpoint is only supported in experimental mode"))
 	}
 
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
 
 	validateState := func() error {
-		container.Lock()
-		defer container.Unlock()
+		ctr.Lock()
+		defer ctr.Unlock()
 
-		if container.Paused {
+		if ctr.Paused {
 			return errdefs.Conflict(errors.New("cannot start a paused container, try unpause instead"))
 		}
 
-		if container.Running {
+		if ctr.Running {
 			return containerNotModifiedError{running: true}
 		}
 
-		if container.RemovalInProgress || container.Dead {
+		if ctr.RemovalInProgress || ctr.Dead {
 			return errdefs.Conflict(errors.New("container is marked for removal and cannot be started"))
 		}
 		return nil
@@ -53,26 +52,26 @@ func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.Hos
 		// creating a container, not during start.
 		if hostConfig != nil {
 			logrus.Warn("DEPRECATED: Setting host configuration options when the container starts is deprecated and has been removed in Docker 1.12")
-			oldNetworkMode := container.HostConfig.NetworkMode
-			if err := daemon.setSecurityOptions(container, hostConfig); err != nil {
+			oldNetworkMode := ctr.HostConfig.NetworkMode
+			if err := daemon.setSecurityOptions(ctr, hostConfig); err != nil {
 				return errdefs.InvalidParameter(err)
 			}
 			if err := daemon.mergeAndVerifyLogConfig(&hostConfig.LogConfig); err != nil {
 				return errdefs.InvalidParameter(err)
 			}
-			if err := daemon.setHostConfig(container, hostConfig); err != nil {
+			if err := daemon.setHostConfig(ctr, hostConfig); err != nil {
 				return errdefs.InvalidParameter(err)
 			}
-			newNetworkMode := container.HostConfig.NetworkMode
+			newNetworkMode := ctr.HostConfig.NetworkMode
 			if string(oldNetworkMode) != string(newNetworkMode) {
 				// if user has change the network mode on starting, clean up the
 				// old networks. It is a deprecated feature and has been removed in Docker 1.12
-				container.NetworkSettings.Networks = nil
-				if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+				ctr.NetworkSettings.Networks = nil
+				if err := ctr.CheckpointTo(daemon.containersReplica); err != nil {
 					return errdefs.System(err)
 				}
 			}
-			container.InitDNSHostConfig()
+			ctr.InitDNSHostConfig()
 		}
 	} else {
 		if hostConfig != nil {
@@ -82,17 +81,17 @@ func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.Hos
 
 	// check if hostConfig is in line with the current system settings.
 	// It may happen cgroups are umounted or the like.
-	if _, err = daemon.verifyContainerSettings(container.OS, container.HostConfig, nil, false); err != nil {
+	if _, err = daemon.verifyContainerSettings(ctr.HostConfig, nil, false); err != nil {
 		return errdefs.InvalidParameter(err)
 	}
 	// Adapt for old containers in case we have updates in this function and
 	// old containers never have chance to call the new function in create stage.
 	if hostConfig != nil {
-		if err := daemon.adaptContainerSettings(container.HostConfig, false); err != nil {
+		if err := daemon.adaptContainerSettings(ctr.HostConfig, false); err != nil {
 			return errdefs.InvalidParameter(err)
 		}
 	}
-	return daemon.containerStart(container, checkpoint, checkpointDir, true)
+	return daemon.containerStart(ctr, checkpoint, checkpointDir, true)
 }
 
 // containerStart prepares the container to run by setting up everything the
@@ -158,9 +157,10 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 
 	if resetRestartManager {
 		container.ResetRestartManager(true)
+		container.HasBeenManuallyStopped = false
 	}
 
-	if daemon.saveApparmorConfig(container); err != nil {
+	if err := daemon.saveAppArmorConfig(container); err != nil {
 		return err
 	}
 
@@ -171,14 +171,27 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 		}
 	}
 
-	createOptions, err := daemon.getLibcontainerdCreateOptions(container)
+	shim, createOptions, err := daemon.getLibcontainerdCreateOptions(container)
 	if err != nil {
 		return err
 	}
 
-	err = daemon.containerd.Create(context.Background(), container.ID, spec, createOptions)
+	ctx := context.TODO()
+
+	err = daemon.containerd.Create(ctx, container.ID, spec, shim, createOptions)
 	if err != nil {
-		return translateContainerdStartErr(container.Path, container.SetExitCode, err)
+		if errdefs.IsConflict(err) {
+			logrus.WithError(err).WithField("container", container.ID).Error("Container not cleaned up from containerd from previous run")
+			// best effort to clean up old container object
+			daemon.containerd.DeleteTask(ctx, container.ID)
+			if err := daemon.containerd.Delete(ctx, container.ID); err != nil && !errdefs.IsNotFound(err) {
+				logrus.WithError(err).WithField("container", container.ID).Error("Error cleaning up stale containerd container object")
+			}
+			err = daemon.containerd.Create(ctx, container.ID, spec, shim, createOptions)
+		}
+		if err != nil {
+			return translateContainerdStartErr(container.Path, container.SetExitCode, err)
+		}
 	}
 
 	// TODO(mlaventure): we need to specify checkpoint options here
@@ -194,7 +207,6 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 	}
 
 	container.SetRunning(pid, true)
-	container.HasBeenManuallyStopped = false
 	container.HasBeenStartedBefore = true
 	daemon.setStateCounter(container)
 
@@ -216,14 +228,14 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 func (daemon *Daemon) Cleanup(container *container.Container) {
 	daemon.releaseNetwork(container)
 
-	if err := container.UnmountIpcMount(detachMounted); err != nil {
+	if err := container.UnmountIpcMount(); err != nil {
 		logrus.Warnf("%s cleanup: failed to unmount IPC: %s", container.ID, err)
 	}
 
 	if err := daemon.conditionalUnmountOnCleanup(container); err != nil {
 		// FIXME: remove once reference counting for graphdrivers has been refactored
 		// Ensure that all the mounts are gone
-		if mountid, err := daemon.imageService.GetLayerMountID(container.ID, container.OS); err == nil {
+		if mountid, err := daemon.imageService.GetLayerMountID(container.ID); err == nil {
 			daemon.cleanupMountsByID(mountid)
 		}
 	}
@@ -232,7 +244,7 @@ func (daemon *Daemon) Cleanup(container *container.Container) {
 		logrus.Warnf("%s cleanup: failed to unmount secrets: %s", container.ID, err)
 	}
 
-	if err := mount.RecursiveUnmount(container.Root); err != nil {
+	if err := recursiveUnmount(container.Root); err != nil {
 		logrus.WithError(err).WithField("container", container.ID).Warn("Error while cleaning up container resource mounts.")
 	}
 
diff --git a/daemon/start_unix.go b/daemon/start_unix.go
index e680b95f42149..2f66c0010501c 100644
--- a/daemon/start_unix.go
+++ b/daemon/start_unix.go
@@ -1,57 +1,24 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"fmt"
-	"os/exec"
-	"path/filepath"
-
-	"github.com/containerd/containerd/runtime/linux/runctypes"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/errdefs"
-	"github.com/pkg/errors"
 )
 
-func (daemon *Daemon) getRuntimeScript(container *container.Container) (string, error) {
-	name := container.HostConfig.Runtime
-	rt := daemon.configStore.GetRuntime(name)
-	if rt == nil {
-		return "", errdefs.InvalidParameter(errors.Errorf("no such runtime '%s'", name))
-	}
-
-	if len(rt.Args) > 0 {
-		// First check that the target exist, as using it in a script won't
-		// give us the right error
-		if _, err := exec.LookPath(rt.Path); err != nil {
-			return "", translateContainerdStartErr(container.Path, container.SetExitCode, err)
-		}
-		return filepath.Join(daemon.configStore.Root, "runtimes", name), nil
-	}
-	return rt.Path, nil
-}
-
 // getLibcontainerdCreateOptions callers must hold a lock on the container
-func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) (interface{}, error) {
+func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) (string, interface{}, error) {
 	// Ensure a runtime has been assigned to this container
 	if container.HostConfig.Runtime == "" {
 		container.HostConfig.Runtime = daemon.configStore.GetDefaultRuntimeName()
 		container.CheckpointTo(daemon.containersReplica)
 	}
 
-	path, err := daemon.getRuntimeScript(container)
+	rt, err := daemon.getRuntime(container.HostConfig.Runtime)
 	if err != nil {
-		return nil, err
-	}
-	opts := &runctypes.RuncOptions{
-		Runtime: path,
-		RuntimeRoot: filepath.Join(daemon.configStore.ExecRoot,
-			fmt.Sprintf("runtime-%s", container.HostConfig.Runtime)),
-	}
-
-	if UsingSystemd(daemon.configStore) {
-		opts.SystemdCgroup = true
+		return "", nil, translateContainerdStartErr(container.Path, container.SetExitCode, err)
 	}
 
-	return opts, nil
+	return rt.Shim.Binary, rt.Shim.Opts, nil
 }
diff --git a/daemon/start_windows.go b/daemon/start_windows.go
index f4606f7a60b18..cbdffb3466652 100644
--- a/daemon/start_windows.go
+++ b/daemon/start_windows.go
@@ -1,38 +1,15 @@
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"github.com/Microsoft/opengcs/client"
+	"github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/system"
 )
 
-func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) (interface{}, error) {
-	// LCOW options.
-	if container.OS == "linux" {
-		config := &client.Config{}
-		if err := config.GenerateDefault(daemon.configStore.GraphOptions); err != nil {
-			return nil, err
-		}
-		// Override from user-supplied options.
-		for k, v := range container.HostConfig.StorageOpt {
-			switch k {
-			case "lcow.kirdpath":
-				config.KirdPath = v
-			case "lcow.kernel":
-				config.KernelFile = v
-			case "lcow.initrd":
-				config.InitrdFile = v
-			case "lcow.vhdx":
-				config.Vhdx = v
-			case "lcow.bootparameters":
-				config.BootParameters = v
-			}
-		}
-		if err := config.Validate(); err != nil {
-			return nil, err
-		}
-
-		return config, nil
+func (daemon *Daemon) getLibcontainerdCreateOptions(_ *container.Container) (string, interface{}, error) {
+	if system.ContainerdRuntimeSupported() {
+		opts := &options.Options{}
+		return "io.containerd.runhcs.v1", opts, nil
 	}
-
-	return nil, nil
+	return "", nil, nil
 }
diff --git a/daemon/stats.go b/daemon/stats.go
index eb23e272ae51c..c380f4e5292f0 100644
--- a/daemon/stats.go
+++ b/daemon/stats.go
@@ -12,6 +12,7 @@ import (
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/api/types/versions/v1p20"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 )
 
@@ -21,16 +22,25 @@ func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, c
 	// Engine API version (used for backwards compatibility)
 	apiVersion := config.Version
 
-	container, err := daemon.GetContainer(prefixOrName)
+	if isWindows && versions.LessThan(apiVersion, "1.21") {
+		return errors.New("API versions pre v1.21 do not support stats on Windows")
+	}
+
+	ctr, err := daemon.GetContainer(prefixOrName)
 	if err != nil {
 		return err
 	}
 
+	if config.Stream && config.OneShot {
+		return errdefs.InvalidParameter(errors.New("cannot have stream=true and one-shot=true"))
+	}
+
 	// If the container is either not running or restarting and requires no stream, return an empty stats.
-	if (!container.IsRunning() || container.IsRestarting()) && !config.Stream {
+	if (!ctr.IsRunning() || ctr.IsRestarting()) && !config.Stream {
 		return json.NewEncoder(config.OutStream).Encode(&types.StatsJSON{
-			Name: container.Name,
-			ID:   container.ID})
+			Name: ctr.Name,
+			ID:   ctr.ID,
+		})
 	}
 
 	outStream := config.OutStream
@@ -45,8 +55,8 @@ func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, c
 	var preRead time.Time
 	getStatJSON := func(v interface{}) *types.StatsJSON {
 		ss := v.(types.StatsJSON)
-		ss.Name = container.Name
-		ss.ID = container.ID
+		ss.Name = ctr.Name
+		ss.ID = ctr.ID
 		ss.PreCPUStats = preCPUStats
 		ss.PreRead = preRead
 		preCPUStats = ss.CPUStats
@@ -56,10 +66,10 @@ func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, c
 
 	enc := json.NewEncoder(outStream)
 
-	updates := daemon.subscribeToContainerStats(container)
-	defer daemon.unsubscribeToContainerStats(container, updates)
+	updates := daemon.subscribeToContainerStats(ctr)
+	defer daemon.unsubscribeToContainerStats(ctr, updates)
 
-	noStreamFirstFrame := true
+	noStreamFirstFrame := !config.OneShot
 	for {
 		select {
 		case v, ok := <-updates:
@@ -70,9 +80,6 @@ func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, c
 			var statsJSON interface{}
 			statsJSONPost120 := getStatJSON(v)
 			if versions.LessThan(apiVersion, "1.21") {
-				if runtime.GOOS == "windows" {
-					return errors.New("API versions pre v1.21 do not support stats on Windows")
-				}
 				var (
 					rxBytes   uint64
 					rxPackets uint64
diff --git a/daemon/stats/collector.go b/daemon/stats/collector.go
index 88e20984bc7a1..4356661c40237 100644
--- a/daemon/stats/collector.go
+++ b/daemon/stats/collector.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/pubsub"
 	"github.com/sirupsen/logrus"
 )
@@ -14,13 +15,11 @@ import (
 // Collector manages and provides container resource stats
 type Collector struct {
 	m          sync.Mutex
+	cond       *sync.Cond
 	supervisor supervisor
 	interval   time.Duration
 	publishers map[*container.Container]*pubsub.Publisher
 	bufReader  *bufio.Reader
-
-	// The following fields are not set on Windows currently.
-	clockTicksPerSecond uint64
 }
 
 // NewCollector creates a stats collector that will poll the supervisor with the specified interval
@@ -31,9 +30,7 @@ func NewCollector(supervisor supervisor, interval time.Duration) *Collector {
 		publishers: make(map[*container.Container]*pubsub.Publisher),
 		bufReader:  bufio.NewReaderSize(nil, 128),
 	}
-
-	platformNewStatsCollector(s)
-
+	s.cond = sync.NewCond(&s.m)
 	return s
 }
 
@@ -46,13 +43,16 @@ type supervisor interface {
 // the event loop for collection on the specified interval returning
 // a channel for the subscriber to receive on.
 func (s *Collector) Collect(c *container.Container) chan interface{} {
-	s.m.Lock()
-	defer s.m.Unlock()
+	s.cond.L.Lock()
+	defer s.cond.L.Unlock()
+
 	publisher, exists := s.publishers[c]
 	if !exists {
 		publisher = pubsub.NewPublisher(100*time.Millisecond, 1024)
 		s.publishers[c] = publisher
 	}
+
+	s.cond.Broadcast()
 	return publisher.Subscribe()
 }
 
@@ -91,23 +91,21 @@ func (s *Collector) Run() {
 	var pairs []publishersPair
 
 	for {
-		// Put sleep at the start so that it will always be hit,
-		// preventing a tight loop if no stats are collected.
-		time.Sleep(s.interval)
+		s.cond.L.Lock()
+		for len(s.publishers) == 0 {
+			s.cond.Wait()
+		}
 
 		// it does not make sense in the first iteration,
 		// but saves allocations in further iterations
 		pairs = pairs[:0]
 
-		s.m.Lock()
 		for container, publisher := range s.publishers {
 			// copy pointers here to release the lock ASAP
 			pairs = append(pairs, publishersPair{container, publisher})
 		}
-		s.m.Unlock()
-		if len(pairs) == 0 {
-			continue
-		}
+
+		s.cond.L.Unlock()
 
 		onlineCPUs, err := s.getNumberOnlineCPUs()
 		if err != nil {
@@ -134,7 +132,7 @@ func (s *Collector) Run() {
 
 				pair.publisher.Publish(*stats)
 
-			case notRunningErr, notFoundErr:
+			case errdefs.ErrConflict, errdefs.ErrNotFound:
 				// publish empty stats containing only name and ID if not running or not found
 				pair.publisher.Publish(types.StatsJSON{
 					Name: pair.container.Name,
@@ -143,17 +141,13 @@ func (s *Collector) Run() {
 
 			default:
 				logrus.Errorf("collecting stats for %s: %v", pair.container.ID, err)
+				pair.publisher.Publish(types.StatsJSON{
+					Name: pair.container.Name,
+					ID:   pair.container.ID,
+				})
 			}
 		}
-	}
-}
-
-type notRunningErr interface {
-	error
-	Conflict()
-}
 
-type notFoundErr interface {
-	error
-	NotFound()
+		time.Sleep(s.interval)
+	}
 }
diff --git a/daemon/stats/collector_unix.go b/daemon/stats/collector_unix.go
index 2480aceb51b7b..215fe26e46e23 100644
--- a/daemon/stats/collector_unix.go
+++ b/daemon/stats/collector_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package stats // import "github.com/docker/docker/daemon/stats"
@@ -8,21 +9,17 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/opencontainers/runc/libcontainer/system"
+	"golang.org/x/sys/unix"
 )
 
-/*
-#include <unistd.h>
-*/
-import "C"
-
-// platformNewStatsCollector performs platform specific initialisation of the
-// Collector structure.
-func platformNewStatsCollector(s *Collector) {
-	s.clockTicksPerSecond = uint64(system.GetClockTicks())
-}
-
-const nanoSecondsPerSecond = 1e9
+const (
+	// The value comes from `C.sysconf(C._SC_CLK_TCK)`, and
+	// on Linux it's a constant which is safe to be hard coded,
+	// so we can avoid using cgo here. For details, see:
+	// https://github.com/containerd/cgroups/pull/12
+	clockTicksPerSecond  = 100
+	nanoSecondsPerSecond = 1e9
+)
 
 // getSystemCPUUsage returns the host system's cpu usage in
 // nanoseconds. An error is returned if the format of the underlying
@@ -33,7 +30,6 @@ const nanoSecondsPerSecond = 1e9
 // provided. See `man 5 proc` for details on specific field
 // information.
 func (s *Collector) getSystemCPUUsage() (uint64, error) {
-	var line string
 	f, err := os.Open("/proc/stat")
 	if err != nil {
 		return 0, err
@@ -43,9 +39,9 @@ func (s *Collector) getSystemCPUUsage() (uint64, error) {
 		f.Close()
 	}()
 	s.bufReader.Reset(f)
-	err = nil
-	for err == nil {
-		line, err = s.bufReader.ReadString('\n')
+
+	for {
+		line, err := s.bufReader.ReadString('\n')
 		if err != nil {
 			break
 		}
@@ -64,20 +60,17 @@ func (s *Collector) getSystemCPUUsage() (uint64, error) {
 				totalClockTicks += v
 			}
 			return (totalClockTicks * nanoSecondsPerSecond) /
-				s.clockTicksPerSecond, nil
+				clockTicksPerSecond, nil
 		}
 	}
 	return 0, fmt.Errorf("invalid stat format. Error trying to parse the '/proc/stat' file")
 }
 
 func (s *Collector) getNumberOnlineCPUs() (uint32, error) {
-	i, err := C.sysconf(C._SC_NPROCESSORS_ONLN)
-	// According to POSIX - errno is undefined after successful
-	// sysconf, and can be non-zero in several cases, so look for
-	// error in returned value not in errno.
-	// (https://sourceware.org/bugzilla/show_bug.cgi?id=21536)
-	if i == -1 {
+	var cpuset unix.CPUSet
+	err := unix.SchedGetaffinity(0, &cpuset)
+	if err != nil {
 		return 0, err
 	}
-	return uint32(i), nil
+	return uint32(cpuset.Count()), nil
 }
diff --git a/daemon/stats/collector_windows.go b/daemon/stats/collector_windows.go
index 018e9065f1f49..d8e4b37507b48 100644
--- a/daemon/stats/collector_windows.go
+++ b/daemon/stats/collector_windows.go
@@ -1,10 +1,5 @@
 package stats // import "github.com/docker/docker/daemon/stats"
 
-// platformNewStatsCollector performs platform specific initialisation of the
-// Collector structure. This is a no-op on Windows.
-func platformNewStatsCollector(s *Collector) {
-}
-
 // getSystemCPUUsage returns the host system's cpu usage in
 // nanoseconds. An error is returned if the format of the underlying
 // file does not match. This is a no-op on Windows.
diff --git a/daemon/stats_unix.go b/daemon/stats_unix.go
index ee78ca688bbd6..0afc953266ffe 100644
--- a/daemon/stats_unix.go
+++ b/daemon/stats_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
diff --git a/daemon/stop.go b/daemon/stop.go
index c3ac09056a970..5d4c214004c66 100644
--- a/daemon/stop.go
+++ b/daemon/stop.go
@@ -38,52 +38,64 @@ func (daemon *Daemon) ContainerStop(name string, timeout *int) error {
 
 // containerStop sends a stop signal, waits, sends a kill signal.
 func (daemon *Daemon) containerStop(container *containerpkg.Container, seconds int) error {
+	// TODO propagate a context down to this function
+	ctx := context.TODO()
 	if !container.IsRunning() {
 		return nil
 	}
-
+	var wait time.Duration
+	if seconds >= 0 {
+		wait = time.Duration(seconds) * time.Second
+	}
+	success := func() error {
+		daemon.LogContainerEvent(container, "stop")
+		return nil
+	}
 	stopSignal := container.StopSignal()
-	// 1. Send a stop signal
-	if err := daemon.killPossiblyDeadProcess(container, stopSignal); err != nil {
-		// While normally we might "return err" here we're not going to
-		// because if we can't stop the container by this point then
-		// it's probably because it's already stopped. Meaning, between
-		// the time of the IsRunning() call above and now it stopped.
-		// Also, since the err return will be environment specific we can't
-		// look for any particular (common) error that would indicate
-		// that the process is already dead vs something else going wrong.
-		// So, instead we'll give it up to 2 more seconds to complete and if
-		// by that time the container is still running, then the error
-		// we got is probably valid and so we force kill it.
-		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
-		defer cancel()
 
-		if status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning); status.Err() != nil {
-			logrus.Infof("Container failed to stop after sending signal %d to the process, force killing", stopSignal)
-			if err := daemon.killPossiblyDeadProcess(container, 9); err != nil {
-				return err
-			}
-		}
+	// 1. Send a stop signal
+	err := daemon.killPossiblyDeadProcess(container, stopSignal)
+	if err != nil {
+		wait = 2 * time.Second
 	}
 
-	// 2. Wait for the process to exit on its own
-	ctx := context.Background()
+	var subCtx context.Context
+	var cancel context.CancelFunc
 	if seconds >= 0 {
-		var cancel context.CancelFunc
-		ctx, cancel = context.WithTimeout(ctx, time.Duration(seconds)*time.Second)
-		defer cancel()
+		subCtx, cancel = context.WithTimeout(ctx, wait)
+	} else {
+		subCtx, cancel = context.WithCancel(ctx)
 	}
+	defer cancel()
 
-	if status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning); status.Err() != nil {
-		logrus.Infof("Container %v failed to exit within %d seconds of signal %d - using the force", container.ID, seconds, stopSignal)
-		// 3. If it doesn't, then send SIGKILL
-		if err := daemon.Kill(container); err != nil {
-			// Wait without a timeout, ignore result.
-			<-container.Wait(context.Background(), containerpkg.WaitConditionNotRunning)
-			logrus.Warn(err) // Don't return error because we only care that container is stopped, not what function stopped it
+	if status := <-container.Wait(subCtx, containerpkg.WaitConditionNotRunning); status.Err() == nil {
+		// container did exit, so ignore any previous errors and return
+		return success()
+	}
+
+	if err != nil {
+		// the container has still not exited, and the kill function errored, so log the error here:
+		logrus.WithError(err).WithField("container", container.ID).Errorf("Error sending stop (signal %d) to container", stopSignal)
+	}
+	if seconds < 0 {
+		// if the client requested that we never kill / wait forever, but container.Wait was still
+		// interrupted (parent context cancelled, for example), we should propagate the signal failure
+		return err
+	}
+
+	logrus.WithField("container", container.ID).Infof("Container failed to exit within %s of signal %d - using the force", wait, stopSignal)
+	// Stop either failed or container didnt exit, so fallback to kill.
+	if err := daemon.Kill(container); err != nil {
+		// got a kill error, but give container 2 more seconds to exit just in case
+		subCtx, cancel := context.WithTimeout(ctx, 2*time.Second)
+		defer cancel()
+		if status := <-container.Wait(subCtx, containerpkg.WaitConditionNotRunning); status.Err() == nil {
+			// container did exit, so ignore error and return
+			return success()
 		}
+		logrus.WithError(err).WithField("container", container.ID).Error("Error killing the container")
+		return err
 	}
 
-	daemon.LogContainerEvent(container, "stop")
-	return nil
+	return success()
 }
diff --git a/daemon/top_unix.go b/daemon/top_unix.go
index 99ca56f0f452e..0287acaf7a7cd 100644
--- a/daemon/top_unix.go
+++ b/daemon/top_unix.go
@@ -1,4 +1,5 @@
-//+build !windows
+//go:build !windows
+// +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
 
@@ -20,7 +21,7 @@ func validatePSArgs(psArgs string) error {
 	// NOTE: \\s does not detect unicode whitespaces.
 	// So we use fieldsASCII instead of strings.Fields in parsePSOutput.
 	// See https://github.com/docker/docker/pull/24358
-	// nolint: gosimple
+	//nolint: gosimple
 	re := regexp.MustCompile("\\s+([^\\s]*)=\\s*(PID[^\\s]*)")
 	for _, group := range re.FindAllStringSubmatch(psArgs, -1) {
 		if len(group) >= 3 {
@@ -144,20 +145,20 @@ func (daemon *Daemon) ContainerTop(name string, psArgs string) (*container.Conta
 		return nil, err
 	}
 
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return nil, err
 	}
 
-	if !container.IsRunning() {
-		return nil, errNotRunning(container.ID)
+	if !ctr.IsRunning() {
+		return nil, errNotRunning(ctr.ID)
 	}
 
-	if container.IsRestarting() {
-		return nil, errContainerIsRestarting(container.ID)
+	if ctr.IsRestarting() {
+		return nil, errContainerIsRestarting(ctr.ID)
 	}
 
-	procs, err := daemon.containerd.ListPids(context.Background(), container.ID)
+	procs, err := daemon.containerd.ListPids(context.Background(), ctr.ID)
 	if err != nil {
 		return nil, err
 	}
@@ -184,6 +185,6 @@ func (daemon *Daemon) ContainerTop(name string, psArgs string) (*container.Conta
 	if err != nil {
 		return nil, err
 	}
-	daemon.LogContainerEvent(container, "top")
+	daemon.LogContainerEvent(ctr, "top")
 	return procList, nil
 }
diff --git a/daemon/top_unix_test.go b/daemon/top_unix_test.go
index 41cb3e1cd97a4..a663323b67549 100644
--- a/daemon/top_unix_test.go
+++ b/daemon/top_unix_test.go
@@ -1,9 +1,12 @@
-//+build !windows
+//go:build !windows
+// +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"testing"
+
+	"gotest.tools/v3/assert"
 )
 
 func TestContainerTopValidatePSArgs(t *testing.T) {
@@ -22,14 +25,14 @@ func TestContainerTopValidatePSArgs(t *testing.T) {
 		"":                          false,
 	}
 	for psArgs, errExpected := range tests {
-		err := validatePSArgs(psArgs)
-		t.Logf("tested %q, got err=%v", psArgs, err)
-		if errExpected && err == nil {
-			t.Fatalf("expected error, got %v (%q)", err, psArgs)
-		}
-		if !errExpected && err != nil {
-			t.Fatalf("expected nil, got %v (%q)", err, psArgs)
-		}
+		t.Run(psArgs, func(t *testing.T) {
+			err := validatePSArgs(psArgs)
+			if errExpected {
+				assert.ErrorContains(t, err, "", "psArgs: %q", psArgs)
+			} else {
+				assert.NilError(t, err, "psArgs: %q", psArgs)
+			}
+		})
 	}
 }
 
@@ -39,41 +42,59 @@ func TestContainerTopParsePSOutput(t *testing.T) {
 		pids        []uint32
 		errExpected bool
 	}{
-		{[]byte(`  PID COMMAND
+		{
+			output: []byte(`  PID COMMAND
    42 foo
    43 bar
 		- -
   100 baz
-`), []uint32{42, 43}, false},
-		{[]byte(`  UID COMMAND
+`),
+			pids:        []uint32{42, 43},
+			errExpected: false,
+		},
+		{
+			output: []byte(`  UID COMMAND
    42 foo
    43 bar
 		- -
   100 baz
-`), []uint32{42, 43}, true},
+`),
+			pids:        []uint32{42, 43},
+			errExpected: true,
+		},
 		// unicode space (U+2003, 0xe2 0x80 0x83)
-		{[]byte(` PID COMMAND
+		{
+			output: []byte(` PID COMMAND
    42 foo
    43 bar
 		- -
   100 baz
-`), []uint32{42, 43}, true},
+`),
+			pids:        []uint32{42, 43},
+			errExpected: true,
+		},
 		// the first space is U+2003, the second one is ascii.
-		{[]byte(` PID COMMAND
+		{
+			output: []byte(` PID COMMAND
    42 foo
    43 bar
   100 baz
-`), []uint32{42, 43}, true},
+`),
+			pids:        []uint32{42, 43},
+			errExpected: true,
+		},
 	}
 
-	for _, f := range tests {
-		_, err := parsePSOutput(f.output, f.pids)
-		t.Logf("tested %q, got err=%v", string(f.output), err)
-		if f.errExpected && err == nil {
-			t.Fatalf("expected error, got %v (%q)", err, string(f.output))
-		}
-		if !f.errExpected && err != nil {
-			t.Fatalf("expected nil, got %v (%q)", err, string(f.output))
-		}
+	for _, tc := range tests {
+		tc := tc
+		t.Run(string(tc.output), func(t *testing.T) {
+			_, err := parsePSOutput(tc.output, tc.pids)
+			if tc.errExpected && err == nil {
+				t.Fatalf("expected error, got %v (%q)", err, string(tc.output))
+			}
+			if !tc.errExpected && err != nil {
+				t.Fatalf("expected nil, got %v (%q)", err, string(tc.output))
+			}
+		})
 	}
 }
diff --git a/daemon/top_windows.go b/daemon/top_windows.go
index 1b3f84396282b..010b426d3f297 100644
--- a/daemon/top_windows.go
+++ b/daemon/top_windows.go
@@ -7,7 +7,7 @@ import (
 	"time"
 
 	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
 // ContainerTop handles `docker top` client requests.
@@ -51,10 +51,10 @@ func (daemon *Daemon) ContainerTop(name string, psArgs string) (*containertypes.
 	procList.Titles = []string{"Name", "PID", "CPU", "Private Working Set"}
 
 	for _, j := range s {
-		d := time.Duration((j.KernelTime100ns + j.UserTime100ns) * 100) // Combined time in nanoseconds
+		d := time.Duration((j.KernelTime_100Ns + j.UserTime_100Ns) * 100) // Combined time in nanoseconds
 		procList.Processes = append(procList.Processes, []string{
 			j.ImageName,
-			fmt.Sprint(j.ProcessId),
+			fmt.Sprint(j.ProcessID),
 			fmt.Sprintf("%02d:%02d:%02d.%03d", int(d.Hours()), int(d.Minutes())%60, int(d.Seconds())%60, int(d.Nanoseconds()/1000000)%1000),
 			units.HumanSize(float64(j.MemoryWorkingSetPrivateBytes))})
 	}
diff --git a/daemon/trustkey.go b/daemon/trustkey.go
index 4d72c932f1485..a6b662d7c9960 100644
--- a/daemon/trustkey.go
+++ b/daemon/trustkey.go
@@ -17,7 +17,7 @@ import (
 // TODO: this should use more of libtrust.LoadOrCreateTrustKey which may need
 // a refactor or this function to be moved into libtrust
 func loadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
-	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0755, "")
+	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0755)
 	if err != nil {
 		return nil, err
 	}
diff --git a/daemon/trustkey_test.go b/daemon/trustkey_test.go
index e49e76aa3eeec..b30c2ebeae688 100644
--- a/daemon/trustkey_test.go
+++ b/daemon/trustkey_test.go
@@ -1,23 +1,22 @@
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
 )
 
 // LoadOrCreateTrustKey
 func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
-	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
+	tmpKeyFolderPath, err := os.MkdirTemp("", "api-trustkey-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tmpKeyFolderPath)
 
-	tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
+	tmpKeyFile, err := os.CreateTemp(tmpKeyFolderPath, "keyfile")
 	assert.NilError(t, err)
 
 	_, err = loadOrCreateTrustKey(tmpKeyFile.Name())
diff --git a/daemon/unpause.go b/daemon/unpause.go
index 27648ae72e3c8..fbcf7a589ea96 100644
--- a/daemon/unpause.go
+++ b/daemon/unpause.go
@@ -10,33 +10,33 @@ import (
 
 // ContainerUnpause unpauses a container
 func (daemon *Daemon) ContainerUnpause(name string) error {
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
-	return daemon.containerUnpause(container)
+	return daemon.containerUnpause(ctr)
 }
 
 // containerUnpause resumes the container execution after the container is paused.
-func (daemon *Daemon) containerUnpause(container *container.Container) error {
-	container.Lock()
-	defer container.Unlock()
+func (daemon *Daemon) containerUnpause(ctr *container.Container) error {
+	ctr.Lock()
+	defer ctr.Unlock()
 
 	// We cannot unpause the container which is not paused
-	if !container.Paused {
-		return fmt.Errorf("Container %s is not paused", container.ID)
+	if !ctr.Paused {
+		return fmt.Errorf("Container %s is not paused", ctr.ID)
 	}
 
-	if err := daemon.containerd.Resume(context.Background(), container.ID); err != nil {
-		return fmt.Errorf("Cannot unpause container %s: %s", container.ID, err)
+	if err := daemon.containerd.Resume(context.Background(), ctr.ID); err != nil {
+		return fmt.Errorf("Cannot unpause container %s: %s", ctr.ID, err)
 	}
 
-	container.Paused = false
-	daemon.setStateCounter(container)
-	daemon.updateHealthMonitor(container)
-	daemon.LogContainerEvent(container, "unpause")
+	ctr.Paused = false
+	daemon.setStateCounter(ctr)
+	daemon.updateHealthMonitor(ctr)
+	daemon.LogContainerEvent(ctr, "unpause")
 
-	if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+	if err := ctr.CheckpointTo(daemon.containersReplica); err != nil {
 		logrus.WithError(err).Warn("could not save container to disk")
 	}
 
diff --git a/daemon/update.go b/daemon/update.go
index 0ebb139d3dafc..bd8479fc05a76 100644
--- a/daemon/update.go
+++ b/daemon/update.go
@@ -13,12 +13,7 @@ import (
 func (daemon *Daemon) ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error) {
 	var warnings []string
 
-	c, err := daemon.GetContainer(name)
-	if err != nil {
-		return container.ContainerUpdateOKBody{Warnings: warnings}, err
-	}
-
-	warnings, err = daemon.verifyContainerSettings(c.OS, hostConfig, nil, true)
+	warnings, err := daemon.verifyContainerSettings(hostConfig, nil, true)
 	if err != nil {
 		return container.ContainerUpdateOKBody{Warnings: warnings}, errdefs.InvalidParameter(err)
 	}
@@ -35,57 +30,63 @@ func (daemon *Daemon) update(name string, hostConfig *container.HostConfig) erro
 		return nil
 	}
 
-	container, err := daemon.GetContainer(name)
+	ctr, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
 
 	restoreConfig := false
-	backupHostConfig := *container.HostConfig
+	backupHostConfig := *ctr.HostConfig
+
 	defer func() {
 		if restoreConfig {
-			container.Lock()
-			container.HostConfig = &backupHostConfig
-			container.CheckpointTo(daemon.containersReplica)
-			container.Unlock()
+			ctr.Lock()
+			if !ctr.RemovalInProgress && !ctr.Dead {
+				ctr.HostConfig = &backupHostConfig
+				ctr.CheckpointTo(daemon.containersReplica)
+			}
+			ctr.Unlock()
 		}
 	}()
 
-	if container.RemovalInProgress || container.Dead {
-		return errCannotUpdate(container.ID, fmt.Errorf("container is marked for removal and cannot be \"update\""))
+	ctr.Lock()
+
+	if ctr.RemovalInProgress || ctr.Dead {
+		ctr.Unlock()
+		return errCannotUpdate(ctr.ID, fmt.Errorf("container is marked for removal and cannot be \"update\""))
 	}
 
-	container.Lock()
-	if err := container.UpdateContainer(hostConfig); err != nil {
+	if err := ctr.UpdateContainer(hostConfig); err != nil {
 		restoreConfig = true
-		container.Unlock()
-		return errCannotUpdate(container.ID, err)
+		ctr.Unlock()
+		return errCannotUpdate(ctr.ID, err)
 	}
-	if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+	if err := ctr.CheckpointTo(daemon.containersReplica); err != nil {
 		restoreConfig = true
-		container.Unlock()
-		return errCannotUpdate(container.ID, err)
+		ctr.Unlock()
+		return errCannotUpdate(ctr.ID, err)
 	}
-	container.Unlock()
+
+	ctr.Unlock()
 
 	// if Restart Policy changed, we need to update container monitor
 	if hostConfig.RestartPolicy.Name != "" {
-		container.UpdateMonitor(hostConfig.RestartPolicy)
+		ctr.UpdateMonitor(hostConfig.RestartPolicy)
 	}
 
 	// If container is not running, update hostConfig struct is enough,
 	// resources will be updated when the container is started again.
 	// If container is running (including paused), we need to update configs
 	// to the real world.
-	if container.IsRunning() && !container.IsRestarting() {
-		if err := daemon.containerd.UpdateResources(context.Background(), container.ID, toContainerdResources(hostConfig.Resources)); err != nil {
+	if ctr.IsRunning() && !ctr.IsRestarting() {
+		if err := daemon.containerd.UpdateResources(context.Background(), ctr.ID, toContainerdResources(hostConfig.Resources)); err != nil {
 			restoreConfig = true
 			// TODO: it would be nice if containerd responded with better errors here so we can classify this better.
-			return errCannotUpdate(container.ID, errdefs.System(err))
+			return errCannotUpdate(ctr.ID, errdefs.System(err))
 		}
 	}
 
-	daemon.LogContainerEvent(container, "update")
+	daemon.LogContainerEvent(ctr, "update")
 
 	return nil
 }
diff --git a/daemon/update_linux.go b/daemon/update_linux.go
index 6a307eabc5a93..c1d3684868db1 100644
--- a/daemon/update_linux.go
+++ b/daemon/update_linux.go
@@ -4,12 +4,12 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/libcontainerd"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func toContainerdResources(resources container.Resources) *libcontainerd.Resources {
-	var r libcontainerd.Resources
+func toContainerdResources(resources container.Resources) *libcontainerdtypes.Resources {
+	var r libcontainerdtypes.Resources
 
 	r.BlockIO = &specs.LinuxBlockIO{
 		Weight: &resources.BlkioWeight,
@@ -50,5 +50,6 @@ func toContainerdResources(resources container.Resources) *libcontainerd.Resourc
 		r.Memory.Swap = &resources.MemorySwap
 	}
 
+	r.Pids = getPidsLimit(resources)
 	return &r
 }
diff --git a/daemon/update_windows.go b/daemon/update_windows.go
index fada3c1c0b557..cefbe919a5407 100644
--- a/daemon/update_windows.go
+++ b/daemon/update_windows.go
@@ -2,10 +2,10 @@ package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/libcontainerd"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
 )
 
-func toContainerdResources(resources container.Resources) *libcontainerd.Resources {
+func toContainerdResources(resources container.Resources) *libcontainerdtypes.Resources {
 	// We don't support update, so do nothing
 	return nil
 }
diff --git a/daemon/util_test.go b/daemon/util_test.go
index b2c464f737fac..64a28be865c8b 100644
--- a/daemon/util_test.go
+++ b/daemon/util_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package daemon
@@ -7,10 +8,17 @@ import (
 	"time"
 
 	"github.com/containerd/containerd"
-	"github.com/docker/docker/libcontainerd"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
+type mockProcess struct {
+}
+
+func (m *mockProcess) Delete(_ context.Context) (uint32, time.Time, error) {
+	return 0, time.Time{}, nil
+}
+
 // Mock containerd client implementation, for unit tests.
 type MockContainerdClient struct {
 }
@@ -18,19 +26,19 @@ type MockContainerdClient struct {
 func (c *MockContainerdClient) Version(ctx context.Context) (containerd.Version, error) {
 	return containerd.Version{}, nil
 }
-func (c *MockContainerdClient) Restore(ctx context.Context, containerID string, attachStdio libcontainerd.StdioCallback) (alive bool, pid int, err error) {
-	return false, 0, nil
+func (c *MockContainerdClient) Restore(ctx context.Context, containerID string, attachStdio libcontainerdtypes.StdioCallback) (alive bool, pid int, p libcontainerdtypes.Process, err error) {
+	return false, 0, &mockProcess{}, nil
 }
-func (c *MockContainerdClient) Create(ctx context.Context, containerID string, spec *specs.Spec, runtimeOptions interface{}) error {
+func (c *MockContainerdClient) Create(ctx context.Context, containerID string, spec *specs.Spec, shim string, runtimeOptions interface{}, opts ...containerd.NewContainerOpts) error {
 	return nil
 }
-func (c *MockContainerdClient) Start(ctx context.Context, containerID, checkpointDir string, withStdin bool, attachStdio libcontainerd.StdioCallback) (pid int, err error) {
+func (c *MockContainerdClient) Start(ctx context.Context, containerID, checkpointDir string, withStdin bool, attachStdio libcontainerdtypes.StdioCallback) (pid int, err error) {
 	return 0, nil
 }
 func (c *MockContainerdClient) SignalProcess(ctx context.Context, containerID, processID string, signal int) error {
 	return nil
 }
-func (c *MockContainerdClient) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio libcontainerd.StdioCallback) (int, error) {
+func (c *MockContainerdClient) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio libcontainerdtypes.StdioCallback) (int, error) {
 	return 0, nil
 }
 func (c *MockContainerdClient) ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error {
@@ -41,23 +49,23 @@ func (c *MockContainerdClient) CloseStdin(ctx context.Context, containerID, proc
 }
 func (c *MockContainerdClient) Pause(ctx context.Context, containerID string) error  { return nil }
 func (c *MockContainerdClient) Resume(ctx context.Context, containerID string) error { return nil }
-func (c *MockContainerdClient) Stats(ctx context.Context, containerID string) (*libcontainerd.Stats, error) {
+func (c *MockContainerdClient) Stats(ctx context.Context, containerID string) (*libcontainerdtypes.Stats, error) {
 	return nil, nil
 }
 func (c *MockContainerdClient) ListPids(ctx context.Context, containerID string) ([]uint32, error) {
 	return nil, nil
 }
-func (c *MockContainerdClient) Summary(ctx context.Context, containerID string) ([]libcontainerd.Summary, error) {
+func (c *MockContainerdClient) Summary(ctx context.Context, containerID string) ([]libcontainerdtypes.Summary, error) {
 	return nil, nil
 }
 func (c *MockContainerdClient) DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error) {
 	return 0, time.Time{}, nil
 }
 func (c *MockContainerdClient) Delete(ctx context.Context, containerID string) error { return nil }
-func (c *MockContainerdClient) Status(ctx context.Context, containerID string) (libcontainerd.Status, error) {
+func (c *MockContainerdClient) Status(ctx context.Context, containerID string) (containerd.ProcessStatus, error) {
 	return "null", nil
 }
-func (c *MockContainerdClient) UpdateResources(ctx context.Context, containerID string, resources *libcontainerd.Resources) error {
+func (c *MockContainerdClient) UpdateResources(ctx context.Context, containerID string, resources *libcontainerdtypes.Resources) error {
 	return nil
 }
 func (c *MockContainerdClient) CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error {
diff --git a/daemon/volumes.go b/daemon/volumes.go
index ad3c96a945991..7327fe35f2985 100644
--- a/daemon/volumes.go
+++ b/daemon/volumes.go
@@ -62,7 +62,7 @@ func (m mounts) parts(i int) int {
 func (daemon *Daemon) registerMountPoints(container *container.Container, hostConfig *containertypes.HostConfig) (retErr error) {
 	binds := map[string]bool{}
 	mountPoints := map[string]*volumemounts.MountPoint{}
-	parser := volumemounts.NewParser(container.OS)
+	parser := volumemounts.NewParser()
 
 	ctx := context.TODO()
 	defer func() {
@@ -95,12 +95,12 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo
 	for _, v := range hostConfig.VolumesFrom {
 		containerID, mode, err := parser.ParseVolumesFrom(v)
 		if err != nil {
-			return err
+			return errdefs.InvalidParameter(err)
 		}
 
 		c, err := daemon.GetContainer(containerID)
 		if err != nil {
-			return err
+			return errdefs.InvalidParameter(err)
 		}
 
 		for _, m := range c.MountPoints {
@@ -265,8 +265,6 @@ func (daemon *Daemon) backportMountSpec(container *container.Container) {
 	container.Lock()
 	defer container.Unlock()
 
-	parser := volumemounts.NewParser(container.OS)
-
 	maybeUpdate := make(map[string]bool)
 	for _, mp := range container.MountPoints {
 		if mp.Spec.Source != "" && mp.Type != "" {
@@ -283,6 +281,7 @@ func (daemon *Daemon) backportMountSpec(container *container.Container) {
 		mountSpecs[m.Target] = true
 	}
 
+	parser := volumemounts.NewParser()
 	binds := make(map[string]*volumemounts.MountPoint, len(container.HostConfig.Binds))
 	for _, rawSpec := range container.HostConfig.Binds {
 		mp, err := parser.ParseMountRaw(rawSpec, container.HostConfig.VolumeDriver)
diff --git a/daemon/volumes_linux_test.go b/daemon/volumes_linux_test.go
index 72830c3e81b2f..3abff3e454332 100644
--- a/daemon/volumes_linux_test.go
+++ b/daemon/volumes_linux_test.go
@@ -34,12 +34,12 @@ func TestBindDaemonRoot(t *testing.T) {
 				"source is /":       "/",
 			} {
 				t.Run(desc, func(t *testing.T) {
-					mount := mount.Mount{
+					mnt := mount.Mount{
 						Type:        mount.TypeBind,
 						Source:      source,
 						BindOptions: test.opts,
 					}
-					needsProp, err := d.validateBindDaemonRoot(mount)
+					needsProp, err := d.validateBindDaemonRoot(mnt)
 					if (err != nil) != test.err {
 						t.Fatalf("expected err=%v, got: %v", test.err, err)
 					}
diff --git a/daemon/volumes_unit_test.go b/daemon/volumes_unit_test.go
index 6bdebe467cbb3..9a572215f2de7 100644
--- a/daemon/volumes_unit_test.go
+++ b/daemon/volumes_unit_test.go
@@ -1,7 +1,6 @@
 package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"runtime"
 	"testing"
 
 	volumemounts "github.com/docker/docker/volume/mounts"
@@ -21,7 +20,7 @@ func TestParseVolumesFrom(t *testing.T) {
 		{"foobar:baz", "", "", true},
 	}
 
-	parser := volumemounts.NewParser(runtime.GOOS)
+	parser := volumemounts.NewParser()
 
 	for _, c := range cases {
 		id, mode, err := parser.ParseVolumesFrom(c.spec)
diff --git a/daemon/volumes_unix.go b/daemon/volumes_unix.go
index 5ddb926de74a5..59a95c239a787 100644
--- a/daemon/volumes_unix.go
+++ b/daemon/volumes_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -9,10 +10,11 @@ import (
 	"strconv"
 	"strings"
 
+	mounttypes "github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/pkg/fileutils"
-	"github.com/docker/docker/pkg/mount"
 	volumemounts "github.com/docker/docker/volume/mounts"
+	"github.com/moby/sys/mount"
 )
 
 // setupMounts iterates through each of the mount points for a container and
@@ -58,6 +60,9 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er
 				Writable:    m.RW,
 				Propagation: string(m.Propagation),
 			}
+			if m.Spec.Type == mounttypes.TypeBind && m.Spec.BindOptions != nil {
+				mnt.NonRecursive = m.Spec.BindOptions.NonRecursive
+			}
 			if m.Volume != nil {
 				attributes := map[string]string{
 					"driver":      m.Volume.DriverName(),
@@ -78,12 +83,12 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er
 	// metadata, the ownership must be set properly for potential container
 	// remapped root (user namespaces)
 	rootIDs := daemon.idMapping.RootPair()
-	for _, mount := range netMounts {
+	for _, mnt := range netMounts {
 		// we should only modify ownership of network files within our own container
 		// metadata repository. If the user specifies a mount path external, it is
 		// up to the user to make sure the file has proper ownership for userns
-		if strings.Index(mount.Source, daemon.repository) == 0 {
-			if err := os.Chown(mount.Source, rootIDs.UID, rootIDs.GID); err != nil {
+		if strings.Index(mnt.Source, daemon.repository) == 0 {
+			if err := os.Chown(mnt.Source, rootIDs.UID, rootIDs.GID); err != nil {
 				return nil, err
 			}
 		}
@@ -129,13 +134,13 @@ func (daemon *Daemon) mountVolumes(container *container.Container) error {
 			return err
 		}
 
-		opts := "rbind,ro"
-		if m.Writable {
-			opts = "rbind,rw"
+		bindMode := "rbind"
+		if m.NonRecursive {
+			bindMode = "bind"
 		}
-
-		if err := mount.Mount(m.Source, dest, bindMountType, opts); err != nil {
-			return err
+		writeMode := "ro"
+		if m.Writable {
+			writeMode = "rw"
 		}
 
 		// mountVolumes() seems to be called for temporary mounts
@@ -146,8 +151,9 @@ func (daemon *Daemon) mountVolumes(container *container.Container) error {
 		// then these unmounts will propagate and unmount original
 		// mount as well. So make all these mounts rprivate.
 		// Do not use propagation property of volume as that should
-		// apply only when mounting happen inside the container.
-		if err := mount.MakeRPrivate(dest); err != nil {
+		// apply only when mounting happens inside the container.
+		opts := strings.Join([]string{bindMode, writeMode, "rprivate"}, ",")
+		if err := mount.Mount(m.Source, dest, "", opts); err != nil {
 			return err
 		}
 	}
diff --git a/daemon/volumes_unix_test.go b/daemon/volumes_unix_test.go
index 36e19110d1605..a566d19b4a604 100644
--- a/daemon/volumes_unix_test.go
+++ b/daemon/volumes_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package daemon // import "github.com/docker/docker/daemon"
@@ -96,6 +97,8 @@ func TestBackportMountSpec(t *testing.T) {
 		return string(b)
 	}
 
+	mpc := *c.MountPoints["/jambolan"]
+
 	for _, x := range []expected{
 		{
 			mp: &volumemounts.MountPoint{
@@ -225,7 +228,7 @@ func TestBackportMountSpec(t *testing.T) {
 			comment: "partially configured named volume caused by #32613",
 		},
 		{
-			mp:      &(*c.MountPoints["/jambolan"]), // copy the mountpoint, expect no changes
+			mp:      &mpc,
 			comment: "volume defined in mounts API",
 		},
 		{
diff --git a/distribution/config.go b/distribution/config.go
index 438051c296e27..48b0b46e26a43 100644
--- a/distribution/config.go
+++ b/distribution/config.go
@@ -3,7 +3,6 @@ package distribution // import "github.com/docker/docker/distribution"
 import (
 	"context"
 	"encoding/json"
-	"fmt"
 	"io"
 	"runtime"
 
@@ -19,8 +18,9 @@ import (
 	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
 	"github.com/docker/libtrust"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
 )
 
 // Config stores configuration for communicating
@@ -71,8 +71,8 @@ type ImagePushConfig struct {
 	// ConfigMediaType is the configuration media type for
 	// schema2 manifests.
 	ConfigMediaType string
-	// LayerStores (indexed by operating system) manages layers.
-	LayerStores map[string]PushLayerProvider
+	// LayerStores manages layers.
+	LayerStores PushLayerProvider
 	// TrustKey is the private key for legacy signatures. This is typically
 	// an ephemeral key, since these signatures are no longer verified.
 	TrustKey libtrust.PrivateKey
@@ -84,8 +84,8 @@ type ImagePushConfig struct {
 // by digest. Allows getting an image configurations rootfs from the
 // configuration.
 type ImageConfigStore interface {
-	Put([]byte) (digest.Digest, error)
-	Get(digest.Digest) ([]byte, error)
+	Put(context.Context, []byte) (digest.Digest, error)
+	Get(context.Context, digest.Digest) ([]byte, error)
 	RootFSFromConfig([]byte) (*image.RootFS, error)
 	PlatformFromConfig([]byte) (*specs.Platform, error)
 }
@@ -128,12 +128,12 @@ func NewImageConfigStoreFromStore(is image.Store) ImageConfigStore {
 	}
 }
 
-func (s *imageConfigStore) Put(c []byte) (digest.Digest, error) {
+func (s *imageConfigStore) Put(_ context.Context, c []byte) (digest.Digest, error) {
 	id, err := s.Store.Create(c)
 	return digest.Digest(id), err
 }
 
-func (s *imageConfigStore) Get(d digest.Digest) ([]byte, error) {
+func (s *imageConfigStore) Get(_ context.Context, d digest.Digest) ([]byte, error) {
 	img, err := s.Store.Get(image.IDFromDigest(d))
 	if err != nil {
 		return nil, err
@@ -155,37 +155,25 @@ func (s *imageConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error)
 		return nil, err
 	}
 
-	// fail immediately on Windows when downloading a non-Windows image
-	// and vice versa. Exception on Windows if Linux Containers are enabled.
-	if runtime.GOOS == "windows" && unmarshalledConfig.OS == "linux" && !system.LCOWSupported() {
-		return nil, fmt.Errorf("image operating system %q cannot be used on this platform", unmarshalledConfig.OS)
-	} else if runtime.GOOS != "windows" && unmarshalledConfig.OS == "windows" {
-		return nil, fmt.Errorf("image operating system %q cannot be used on this platform", unmarshalledConfig.OS)
-	}
-
 	os := unmarshalledConfig.OS
 	if os == "" {
 		os = runtime.GOOS
 	}
 	if !system.IsOSSupported(os) {
-		return nil, system.ErrNotSupportedOperatingSystem
+		return nil, errors.Wrapf(system.ErrNotSupportedOperatingSystem, "image operating system %q cannot be used on this platform", os)
 	}
-	return &specs.Platform{OS: os, Architecture: unmarshalledConfig.Architecture, OSVersion: unmarshalledConfig.OSVersion}, nil
+	return &specs.Platform{OS: os, Architecture: unmarshalledConfig.Architecture, Variant: unmarshalledConfig.Variant, OSVersion: unmarshalledConfig.OSVersion}, nil
 }
 
 type storeLayerProvider struct {
 	ls layer.Store
 }
 
-// NewLayerProvidersFromStores returns layer providers backed by
+// NewLayerProvidersFromStore returns layer providers backed by
 // an instance of LayerStore. Only getting layers as gzipped
 // tars is supported.
-func NewLayerProvidersFromStores(lss map[string]layer.Store) map[string]PushLayerProvider {
-	plps := make(map[string]PushLayerProvider)
-	for os, ls := range lss {
-		plps[os] = &storeLayerProvider{ls: ls}
-	}
-	return plps
+func NewLayerProvidersFromStore(ls layer.Store) PushLayerProvider {
+	return &storeLayerProvider{ls: ls}
 }
 
 func (p *storeLayerProvider) Get(lid layer.ChainID) (PushLayer, error) {
diff --git a/distribution/errors.go b/distribution/errors.go
index 9dc5955f26c7d..6b67d53ff4294 100644
--- a/distribution/errors.go
+++ b/distribution/errors.go
@@ -9,7 +9,7 @@ import (
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/api/errcode"
-	"github.com/docker/distribution/registry/api/v2"
+	v2 "github.com/docker/distribution/registry/api/v2"
 	"github.com/docker/distribution/registry/client"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/docker/distribution/xfer"
@@ -34,10 +34,6 @@ func (e ErrNoSupport) Error() string {
 type fallbackError struct {
 	// err is the error being wrapped.
 	err error
-	// confirmedV2 is set to true if it was confirmed that the registry
-	// supports the v2 protocol. This is used to limit fallbacks to the v1
-	// protocol.
-	confirmedV2 bool
 	// transportOK is set to true if we managed to speak HTTP with the
 	// registry. This confirms that we're using appropriate TLS settings
 	// (or lack of TLS).
@@ -53,15 +49,6 @@ func (f fallbackError) Cause() error {
 	return f.err
 }
 
-// shouldV2Fallback returns true if this error is a reason to fall back to v1.
-func shouldV2Fallback(err errcode.Error) bool {
-	switch err.Code {
-	case errcode.ErrorCodeUnauthorized, v2.ErrorCodeManifestUnknown, v2.ErrorCodeNameUnknown:
-		return true
-	}
-	return false
-}
-
 type notFoundError struct {
 	cause errcode.Error
 	ref   reference.Named
@@ -112,6 +99,23 @@ func TranslatePullError(err error, ref reference.Named) error {
 	return errdefs.Unknown(err)
 }
 
+func isNotFound(err error) bool {
+	switch v := err.(type) {
+	case errcode.Errors:
+		for _, e := range v {
+			if isNotFound(e) {
+				return true
+			}
+		}
+	case errcode.Error:
+		switch v.Code {
+		case errcode.ErrorCodeDenied, v2.ErrorCodeManifestUnknown, v2.ErrorCodeNameUnknown:
+			return true
+		}
+	}
+	return false
+}
+
 // continueOnError returns true if we should fallback to the next endpoint
 // as a result of this error.
 func continueOnError(err error, mirrorEndpoint bool) bool {
@@ -124,7 +128,7 @@ func continueOnError(err error, mirrorEndpoint bool) bool {
 	case ErrNoSupport:
 		return continueOnError(v.Err, mirrorEndpoint)
 	case errcode.Error:
-		return mirrorEndpoint || shouldV2Fallback(v)
+		return mirrorEndpoint
 	case *client.UnexpectedHTTPResponseError:
 		return true
 	case ImageConfigPullError:
diff --git a/distribution/errors_test.go b/distribution/errors_test.go
index 7105bdb4d6079..164c57a650fd7 100644
--- a/distribution/errors_test.go
+++ b/distribution/errors_test.go
@@ -7,26 +7,26 @@ import (
 	"testing"
 
 	"github.com/docker/distribution/registry/api/errcode"
-	"github.com/docker/distribution/registry/api/v2"
 	"github.com/docker/distribution/registry/client"
 )
 
+var errUnexpected = errors.New("some totally unexpected error")
+
 var alwaysContinue = []error{
 	&client.UnexpectedHTTPResponseError{},
-
-	// Some errcode.Errors that don't disprove the existence of a V1 image
-	errcode.Error{Code: errcode.ErrorCodeUnauthorized},
-	errcode.Error{Code: v2.ErrorCodeManifestUnknown},
-	errcode.Error{Code: v2.ErrorCodeNameUnknown},
-
-	errors.New("some totally unexpected error"),
+	errcode.Errors{},
+	errUnexpected,
+	// nested
+	errcode.Errors{errUnexpected},
+	ErrNoSupport{Err: errUnexpected},
 }
 
 var continueFromMirrorEndpoint = []error{
 	ImageConfigPullError{},
-
-	// Some other errcode.Error that doesn't indicate we should search for a V1 image.
-	errcode.Error{Code: errcode.ErrorCodeTooManyRequests},
+	errcode.Error{},
+	// nested
+	errcode.Errors{errcode.Error{}},
+	ErrNoSupport{Err: errcode.Error{}},
 }
 
 var neverContinue = []error{
@@ -67,19 +67,3 @@ func TestContinueOnError_NeverContinue(t *testing.T) {
 		}
 	}
 }
-
-func TestContinueOnError_UnnestsErrors(t *testing.T) {
-	// ContinueOnError should evaluate nested errcode.Errors.
-
-	// Assumes that v2.ErrorCodeNameUnknown is a continueable error code.
-	err := errcode.Errors{errcode.Error{Code: v2.ErrorCodeNameUnknown}}
-	if !continueOnError(err, false) {
-		t.Fatal("ContinueOnError should unnest, base return value on errcode.Errors")
-	}
-
-	// Assumes that errcode.ErrorCodeTooManyRequests is not a V1-fallback indication
-	err = errcode.Errors{errcode.Error{Code: errcode.ErrorCodeTooManyRequests}}
-	if continueOnError(err, false) {
-		t.Fatal("ContinueOnError should unnest, base return value on errcode.Errors")
-	}
-}
diff --git a/distribution/manifest.go b/distribution/manifest.go
new file mode 100644
index 0000000000000..ff6cf4bcf342b
--- /dev/null
+++ b/distribution/manifest.go
@@ -0,0 +1,221 @@
+package distribution
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/remotes"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+// This is used by manifestStore to pare down the requirements to implement a
+// full distribution.ManifestService, since `Get` is all we use here.
+type manifestGetter interface {
+	Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error)
+}
+
+type manifestStore struct {
+	local  ContentStore
+	remote manifestGetter
+}
+
+// ContentStore is the interface used to persist registry blobs
+//
+// Currently this is only used to persist manifests and manifest lists.
+// It is exported because `distribution.Pull` takes one as an argument.
+type ContentStore interface {
+	content.Ingester
+	content.Provider
+	Info(ctx context.Context, dgst digest.Digest) (content.Info, error)
+	Abort(ctx context.Context, ref string) error
+}
+
+func (m *manifestStore) getLocal(ctx context.Context, desc specs.Descriptor) (distribution.Manifest, error) {
+	ra, err := m.local.ReaderAt(ctx, desc)
+	if err != nil {
+		return nil, errors.Wrap(err, "error getting content store reader")
+	}
+	defer ra.Close()
+
+	r := io.NewSectionReader(ra, 0, ra.Size())
+	data, err := io.ReadAll(r)
+	if err != nil {
+		return nil, errors.Wrap(err, "error reading manifest from content store")
+	}
+
+	manifest, _, err := distribution.UnmarshalManifest(desc.MediaType, data)
+	if err != nil {
+		return nil, errors.Wrap(err, "error unmarshaling manifest from content store")
+	}
+	return manifest, nil
+}
+
+func (m *manifestStore) getMediaType(ctx context.Context, desc specs.Descriptor) (string, error) {
+	ra, err := m.local.ReaderAt(ctx, desc)
+	if err != nil {
+		return "", errors.Wrap(err, "error getting reader to detect media type")
+	}
+	defer ra.Close()
+
+	mt, err := detectManifestMediaType(ra)
+	if err != nil {
+		return "", errors.Wrap(err, "error detecting media type")
+	}
+	return mt, nil
+}
+
+func (m *manifestStore) Get(ctx context.Context, desc specs.Descriptor) (distribution.Manifest, error) {
+	l := log.G(ctx)
+
+	if desc.MediaType == "" {
+		// When pulling by digest we will not have the media type on the
+		// descriptor since we have not made a request to the registry yet
+		//
+		// We already have the digest, so we only lookup locally... by digest.
+		//
+		// Let's try to detect the media type so we can have a good ref key
+		// here. We may not even have the content locally, and this is fine, but
+		// if we do we should determine that.
+		mt, err := m.getMediaType(ctx, desc)
+		if err != nil && !errdefs.IsNotFound(err) {
+			l.WithError(err).Warn("Error looking up media type of content")
+		}
+		desc.MediaType = mt
+	}
+
+	key := remotes.MakeRefKey(ctx, desc)
+
+	// Here we open a writer to the requested content. This both gives us a
+	// reference to write to if indeed we need to persist it and increments the
+	// ref count on the content.
+	w, err := m.local.Writer(ctx, content.WithDescriptor(desc), content.WithRef(key))
+	if err != nil {
+		if errdefs.IsAlreadyExists(err) {
+			var manifest distribution.Manifest
+			if manifest, err = m.getLocal(ctx, desc); err == nil {
+				return manifest, nil
+			}
+		}
+		// always fallback to the remote if there is an error with the local store
+	}
+	if w != nil {
+		defer w.Close()
+	}
+
+	l.WithError(err).Debug("Fetching manifest from remote")
+
+	manifest, err := m.remote.Get(ctx, desc.Digest)
+	if err != nil {
+		if err := m.local.Abort(ctx, key); err != nil {
+			l.WithError(err).Warn("Error while attempting to abort content ingest")
+		}
+		return nil, err
+	}
+
+	if w != nil {
+		// if `w` is nil here, something happened with the content store, so don't bother trying to persist.
+		if err := m.Put(ctx, manifest, desc, w); err != nil {
+			if err := m.local.Abort(ctx, key); err != nil {
+				l.WithError(err).Warn("error aborting content ingest")
+			}
+			l.WithError(err).Warn("Error persisting manifest")
+		}
+	}
+	return manifest, nil
+}
+
+func (m *manifestStore) Put(ctx context.Context, manifest distribution.Manifest, desc specs.Descriptor, w content.Writer) error {
+	mt, payload, err := manifest.Payload()
+	if err != nil {
+		return err
+	}
+	desc.Size = int64(len(payload))
+	desc.MediaType = mt
+
+	if _, err = w.Write(payload); err != nil {
+		return errors.Wrap(err, "error writing manifest to content store")
+	}
+
+	if err := w.Commit(ctx, desc.Size, desc.Digest); err != nil {
+		return errors.Wrap(err, "error committing manifest to content store")
+	}
+	return nil
+}
+
+func detectManifestMediaType(ra content.ReaderAt) (string, error) {
+	dt := make([]byte, ra.Size())
+	if _, err := ra.ReadAt(dt, 0); err != nil {
+		return "", err
+	}
+
+	return detectManifestBlobMediaType(dt)
+}
+
+// This is used when the manifest store does not know the media type of a sha it
+// was told to get. This would currently only happen when pulling by digest.
+// The media type is needed so the blob can be unmarshalled properly.
+func detectManifestBlobMediaType(dt []byte) (string, error) {
+	var mfst struct {
+		MediaType string          `json:"mediaType"`
+		Manifests json.RawMessage `json:"manifests"` // oci index, manifest list
+		Config    json.RawMessage `json:"config"`    // schema2 Manifest
+		Layers    json.RawMessage `json:"layers"`    // schema2 Manifest
+		FSLayers  json.RawMessage `json:"fsLayers"`  // schema1 Manifest
+	}
+
+	if err := json.Unmarshal(dt, &mfst); err != nil {
+		return "", err
+	}
+
+	// We may have a media type specified in the json, in which case that should be used.
+	// Docker types should generally have a media type set.
+	// OCI (golang) types do not have a `mediaType` defined, and it is optional in the spec.
+	//
+	// `distribution.UnmarshalManifest`, which is used to unmarshal this for real, checks these media type values.
+	// If the specified media type does not match it will error, and in some cases (docker media types) it is required.
+	// So pretty much if we don't have a media type we can fall back to OCI.
+	// This does have a special fallback for schema1 manifests just because it is easy to detect.
+	switch mfst.MediaType {
+	case schema2.MediaTypeManifest, specs.MediaTypeImageManifest:
+		if mfst.Manifests != nil || mfst.FSLayers != nil {
+			return "", fmt.Errorf(`media-type: %q should not have "manifests" or "fsLayers"`, mfst.MediaType)
+		}
+		return mfst.MediaType, nil
+	case manifestlist.MediaTypeManifestList, specs.MediaTypeImageIndex:
+		if mfst.Config != nil || mfst.Layers != nil || mfst.FSLayers != nil {
+			return "", fmt.Errorf(`media-type: %q should not have "config", "layers", or "fsLayers"`, mfst.MediaType)
+		}
+		return mfst.MediaType, nil
+	case schema1.MediaTypeManifest:
+		if mfst.Manifests != nil || mfst.Layers != nil {
+			return "", fmt.Errorf(`media-type: %q should not have "manifests" or "layers"`, mfst.MediaType)
+		}
+		return mfst.MediaType, nil
+	default:
+		if mfst.MediaType != "" {
+			return mfst.MediaType, nil
+		}
+	}
+	switch {
+	case mfst.FSLayers != nil && mfst.Manifests == nil && mfst.Layers == nil && mfst.Config == nil:
+		return schema1.MediaTypeManifest, nil
+	case mfst.Config != nil && mfst.Manifests == nil && mfst.FSLayers == nil,
+		mfst.Layers != nil && mfst.Manifests == nil && mfst.FSLayers == nil:
+		return specs.MediaTypeImageManifest, nil
+	case mfst.Config == nil && mfst.Layers == nil && mfst.FSLayers == nil:
+		// fallback to index
+		return specs.MediaTypeImageIndex, nil
+	}
+	return "", errors.New("media-type: cannot determine")
+}
diff --git a/distribution/manifest_test.go b/distribution/manifest_test.go
new file mode 100644
index 0000000000000..3aac85c5fe44a
--- /dev/null
+++ b/distribution/manifest_test.go
@@ -0,0 +1,422 @@
+package distribution
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"strings"
+	"sync"
+	"testing"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/content/local"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/remotes"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/ocischema"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/google/go-cmp/cmp/cmpopts"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
+)
+
+type mockManifestGetter struct {
+	manifests map[digest.Digest]distribution.Manifest
+	gets      int
+}
+
+func (m *mockManifestGetter) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
+	m.gets++
+	manifest, ok := m.manifests[dgst]
+	if !ok {
+		return nil, distribution.ErrManifestUnknown{Tag: dgst.String()}
+	}
+	return manifest, nil
+}
+
+type memoryLabelStore struct {
+	mu     sync.Mutex
+	labels map[digest.Digest]map[string]string
+}
+
+// Get returns all the labels for the given digest
+func (s *memoryLabelStore) Get(dgst digest.Digest) (map[string]string, error) {
+	s.mu.Lock()
+	labels := s.labels[dgst]
+	s.mu.Unlock()
+	return labels, nil
+}
+
+// Set sets all the labels for a given digest
+func (s *memoryLabelStore) Set(dgst digest.Digest, labels map[string]string) error {
+	s.mu.Lock()
+	if s.labels == nil {
+		s.labels = make(map[digest.Digest]map[string]string)
+	}
+	s.labels[dgst] = labels
+	s.mu.Unlock()
+	return nil
+}
+
+// Update replaces the given labels for a digest,
+// a key with an empty value removes a label.
+func (s *memoryLabelStore) Update(dgst digest.Digest, update map[string]string) (map[string]string, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	labels, ok := s.labels[dgst]
+	if !ok {
+		labels = map[string]string{}
+	}
+	for k, v := range update {
+		labels[k] = v
+	}
+
+	s.labels[dgst] = labels
+
+	return labels, nil
+}
+
+type testingContentStoreWrapper struct {
+	ContentStore
+	errorOnWriter error
+	errorOnCommit error
+}
+
+func (s *testingContentStoreWrapper) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) {
+	if s.errorOnWriter != nil {
+		return nil, s.errorOnWriter
+	}
+
+	w, err := s.ContentStore.Writer(ctx, opts...)
+	if err != nil {
+		return nil, err
+	}
+
+	if s.errorOnCommit != nil {
+		w = &testingContentWriterWrapper{w, s.errorOnCommit}
+	}
+	return w, nil
+}
+
+type testingContentWriterWrapper struct {
+	content.Writer
+	err error
+}
+
+func (w *testingContentWriterWrapper) Commit(ctx context.Context, size int64, dgst digest.Digest, opts ...content.Opt) error {
+	if w.err != nil {
+		// The contract for `Commit` is to always close.
+		// Since this is returning early before hitting the real `Commit`, we should close it here.
+		w.Close()
+		return w.err
+	}
+	return w.Writer.Commit(ctx, size, dgst, opts...)
+}
+
+func TestManifestStore(t *testing.T) {
+	ociManifest := &specs.Manifest{}
+	serialized, err := json.Marshal(ociManifest)
+	assert.NilError(t, err)
+	dgst := digest.Canonical.FromBytes(serialized)
+
+	setupTest := func(t *testing.T) (specs.Descriptor, *mockManifestGetter, *manifestStore, content.Store, func(*testing.T)) {
+		root, err := os.MkdirTemp("", strings.Replace(t.Name(), "/", "_", -1))
+		assert.NilError(t, err)
+		defer func() {
+			if t.Failed() {
+				os.RemoveAll(root)
+			}
+		}()
+
+		cs, err := local.NewLabeledStore(root, &memoryLabelStore{})
+		assert.NilError(t, err)
+
+		mg := &mockManifestGetter{manifests: make(map[digest.Digest]distribution.Manifest)}
+		store := &manifestStore{local: cs, remote: mg}
+		desc := specs.Descriptor{Digest: dgst, MediaType: specs.MediaTypeImageManifest, Size: int64(len(serialized))}
+
+		return desc, mg, store, cs, func(t *testing.T) {
+			assert.Check(t, os.RemoveAll(root))
+		}
+	}
+
+	ctx := context.Background()
+
+	m, _, err := distribution.UnmarshalManifest(specs.MediaTypeImageManifest, serialized)
+	assert.NilError(t, err)
+
+	writeManifest := func(t *testing.T, cs ContentStore, desc specs.Descriptor, opts ...content.Opt) {
+		ingestKey := remotes.MakeRefKey(ctx, desc)
+		w, err := cs.Writer(ctx, content.WithDescriptor(desc), content.WithRef(ingestKey))
+		assert.NilError(t, err)
+		defer func() {
+			if err := w.Close(); err != nil {
+				t.Log(err)
+			}
+			if t.Failed() {
+				if err := cs.Abort(ctx, ingestKey); err != nil {
+					t.Log(err)
+				}
+			}
+		}()
+
+		_, err = w.Write(serialized)
+		assert.NilError(t, err)
+
+		err = w.Commit(ctx, desc.Size, desc.Digest, opts...)
+		assert.NilError(t, err)
+
+	}
+
+	// All tests should end up with no active ingest
+	checkIngest := func(t *testing.T, cs content.Store, desc specs.Descriptor) {
+		ingestKey := remotes.MakeRefKey(ctx, desc)
+		_, err := cs.Status(ctx, ingestKey)
+		assert.Check(t, errdefs.IsNotFound(err), err)
+	}
+
+	t.Run("no remote or local", func(t *testing.T) {
+		desc, _, store, cs, teardown := setupTest(t)
+		defer teardown(t)
+
+		_, err = store.Get(ctx, desc)
+		checkIngest(t, cs, desc)
+		// This error is what our digest getter returns when it doesn't know about the manifest
+		assert.Error(t, err, distribution.ErrManifestUnknown{Tag: dgst.String()}.Error())
+	})
+
+	t.Run("no local cache", func(t *testing.T) {
+		desc, mg, store, cs, teardown := setupTest(t)
+		defer teardown(t)
+
+		mg.manifests[desc.Digest] = m
+
+		m2, err := store.Get(ctx, desc)
+		checkIngest(t, cs, desc)
+		assert.NilError(t, err)
+		assert.Check(t, cmp.DeepEqual(m, m2, cmpopts.IgnoreUnexported(ocischema.DeserializedManifest{})))
+		assert.Check(t, cmp.Equal(mg.gets, 1))
+
+		i, err := cs.Info(ctx, desc.Digest)
+		assert.NilError(t, err)
+		assert.Check(t, cmp.Equal(i.Digest, desc.Digest))
+
+		// Now check again, this should not hit the remote
+		m2, err = store.Get(ctx, desc)
+		checkIngest(t, cs, desc)
+		assert.NilError(t, err)
+		assert.Check(t, cmp.DeepEqual(m, m2, cmpopts.IgnoreUnexported(ocischema.DeserializedManifest{})))
+		assert.Check(t, cmp.Equal(mg.gets, 1))
+	})
+
+	t.Run("with local cache", func(t *testing.T) {
+		desc, mg, store, cs, teardown := setupTest(t)
+		defer teardown(t)
+
+		// first add the manifest to the coontent store
+		writeManifest(t, cs, desc)
+
+		// now do the get
+		m2, err := store.Get(ctx, desc)
+		checkIngest(t, cs, desc)
+		assert.NilError(t, err)
+		assert.Check(t, cmp.DeepEqual(m, m2, cmpopts.IgnoreUnexported(ocischema.DeserializedManifest{})))
+		assert.Check(t, cmp.Equal(mg.gets, 0))
+
+		i, err := cs.Info(ctx, desc.Digest)
+		assert.NilError(t, err)
+		assert.Check(t, cmp.Equal(i.Digest, desc.Digest))
+	})
+
+	// This is for the case of pull by digest where we don't know the media type of the manifest until it's actually pulled.
+	t.Run("unknown media type", func(t *testing.T) {
+		t.Run("no cache", func(t *testing.T) {
+			desc, mg, store, cs, teardown := setupTest(t)
+			defer teardown(t)
+
+			mg.manifests[desc.Digest] = m
+			desc.MediaType = ""
+
+			m2, err := store.Get(ctx, desc)
+			checkIngest(t, cs, desc)
+			assert.NilError(t, err)
+			assert.Check(t, cmp.DeepEqual(m, m2, cmpopts.IgnoreUnexported(ocischema.DeserializedManifest{})))
+			assert.Check(t, cmp.Equal(mg.gets, 1))
+		})
+
+		t.Run("with cache", func(t *testing.T) {
+			t.Run("cached manifest has media type", func(t *testing.T) {
+				desc, mg, store, cs, teardown := setupTest(t)
+				defer teardown(t)
+
+				writeManifest(t, cs, desc)
+				desc.MediaType = ""
+
+				m2, err := store.Get(ctx, desc)
+				checkIngest(t, cs, desc)
+				assert.NilError(t, err)
+				assert.Check(t, cmp.DeepEqual(m, m2, cmpopts.IgnoreUnexported(ocischema.DeserializedManifest{})))
+				assert.Check(t, cmp.Equal(mg.gets, 0))
+			})
+
+			t.Run("cached manifest has no media type", func(t *testing.T) {
+				desc, mg, store, cs, teardown := setupTest(t)
+				defer teardown(t)
+
+				desc.MediaType = ""
+				writeManifest(t, cs, desc)
+
+				m2, err := store.Get(ctx, desc)
+				checkIngest(t, cs, desc)
+				assert.NilError(t, err)
+				assert.Check(t, cmp.DeepEqual(m, m2, cmpopts.IgnoreUnexported(ocischema.DeserializedManifest{})))
+				assert.Check(t, cmp.Equal(mg.gets, 0))
+			})
+		})
+	})
+
+	// Test that if there is an error with the content store, for whatever
+	// reason, that doesn't stop us from getting the manifest.
+	//
+	// Also makes sure the ingests are aborted.
+	t.Run("error persisting manifest", func(t *testing.T) {
+		t.Run("error on writer", func(t *testing.T) {
+			desc, mg, store, cs, teardown := setupTest(t)
+			defer teardown(t)
+			mg.manifests[desc.Digest] = m
+
+			csW := &testingContentStoreWrapper{ContentStore: store.local, errorOnWriter: errors.New("random error")}
+			store.local = csW
+
+			m2, err := store.Get(ctx, desc)
+			checkIngest(t, cs, desc)
+			assert.NilError(t, err)
+			assert.Check(t, cmp.DeepEqual(m, m2, cmpopts.IgnoreUnexported(ocischema.DeserializedManifest{})))
+			assert.Check(t, cmp.Equal(mg.gets, 1))
+
+			_, err = cs.Info(ctx, desc.Digest)
+			// Nothing here since we couldn't persist
+			assert.Check(t, errdefs.IsNotFound(err), err)
+		})
+
+		t.Run("error on commit", func(t *testing.T) {
+			desc, mg, store, cs, teardown := setupTest(t)
+			defer teardown(t)
+			mg.manifests[desc.Digest] = m
+
+			csW := &testingContentStoreWrapper{ContentStore: store.local, errorOnCommit: errors.New("random error")}
+			store.local = csW
+
+			m2, err := store.Get(ctx, desc)
+			checkIngest(t, cs, desc)
+			assert.NilError(t, err)
+			assert.Check(t, cmp.DeepEqual(m, m2, cmpopts.IgnoreUnexported(ocischema.DeserializedManifest{})))
+			assert.Check(t, cmp.Equal(mg.gets, 1))
+
+			_, err = cs.Info(ctx, desc.Digest)
+			// Nothing here since we couldn't persist
+			assert.Check(t, errdefs.IsNotFound(err), err)
+		})
+	})
+}
+
+func TestDetectManifestBlobMediaType(t *testing.T) {
+	type testCase struct {
+		json     []byte
+		expected string
+	}
+	cases := map[string]testCase{
+		"mediaType is set":   {[]byte(`{"mediaType": "bananas"}`), "bananas"},
+		"oci manifest":       {[]byte(`{"config": {}}`), specs.MediaTypeImageManifest},
+		"schema1":            {[]byte(`{"fsLayers": []}`), schema1.MediaTypeManifest},
+		"oci index fallback": {[]byte(`{}`), specs.MediaTypeImageIndex},
+		// Make sure we prefer mediaType
+		"mediaType and config set":   {[]byte(`{"mediaType": "bananas", "config": {}}`), "bananas"},
+		"mediaType and fsLayers set": {[]byte(`{"mediaType": "bananas", "fsLayers": []}`), "bananas"},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			mt, err := detectManifestBlobMediaType(tc.json)
+			assert.NilError(t, err)
+			assert.Equal(t, mt, tc.expected)
+		})
+	}
+
+}
+
+func TestDetectManifestBlobMediaTypeInvalid(t *testing.T) {
+	type testCase struct {
+		json     []byte
+		expected string
+	}
+	cases := map[string]testCase{
+		"schema 1 mediaType with manifests": {
+			[]byte(`{"mediaType": "` + schema1.MediaTypeManifest + `","manifests":[]}`),
+			`media-type: "application/vnd.docker.distribution.manifest.v1+json" should not have "manifests" or "layers"`,
+		},
+		"schema 1 mediaType with layers": {
+			[]byte(`{"mediaType": "` + schema1.MediaTypeManifest + `","layers":[]}`),
+			`media-type: "application/vnd.docker.distribution.manifest.v1+json" should not have "manifests" or "layers"`,
+		},
+		"schema 2 mediaType with manifests": {
+			[]byte(`{"mediaType": "` + schema2.MediaTypeManifest + `","manifests":[]}`),
+			`media-type: "application/vnd.docker.distribution.manifest.v2+json" should not have "manifests" or "fsLayers"`,
+		},
+		"schema 2 mediaType with fsLayers": {
+			[]byte(`{"mediaType": "` + schema2.MediaTypeManifest + `","fsLayers":[]}`),
+			`media-type: "application/vnd.docker.distribution.manifest.v2+json" should not have "manifests" or "fsLayers"`,
+		},
+		"oci manifest mediaType with manifests": {
+			[]byte(`{"mediaType": "` + specs.MediaTypeImageManifest + `","manifests":[]}`),
+			`media-type: "application/vnd.oci.image.manifest.v1+json" should not have "manifests" or "fsLayers"`,
+		},
+		"manifest list mediaType with fsLayers": {
+			[]byte(`{"mediaType": "` + manifestlist.MediaTypeManifestList + `","fsLayers":[]}`),
+			`media-type: "application/vnd.docker.distribution.manifest.list.v2+json" should not have "config", "layers", or "fsLayers"`,
+		},
+		"index mediaType with layers": {
+			[]byte(`{"mediaType": "` + specs.MediaTypeImageIndex + `","layers":[]}`),
+			`media-type: "application/vnd.oci.image.index.v1+json" should not have "config", "layers", or "fsLayers"`,
+		},
+		"index mediaType with config": {
+			[]byte(`{"mediaType": "` + specs.MediaTypeImageIndex + `","config":{}}`),
+			`media-type: "application/vnd.oci.image.index.v1+json" should not have "config", "layers", or "fsLayers"`,
+		},
+		"config and manifests": {
+			[]byte(`{"config":{}, "manifests":[]}`),
+			`media-type: cannot determine`,
+		},
+		"layers and manifests": {
+			[]byte(`{"layers":[], "manifests":[]}`),
+			`media-type: cannot determine`,
+		},
+		"layers and fsLayers": {
+			[]byte(`{"layers":[], "fsLayers":[]}`),
+			`media-type: cannot determine`,
+		},
+		"fsLayers and manifests": {
+			[]byte(`{"fsLayers":[], "manifests":[]}`),
+			`media-type: cannot determine`,
+		},
+		"config and fsLayers": {
+			[]byte(`{"config":{}, "fsLayers":[]}`),
+			`media-type: cannot determine`,
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			mt, err := detectManifestBlobMediaType(tc.json)
+			assert.Error(t, err, tc.expected)
+			assert.Equal(t, mt, "")
+		})
+	}
+
+}
diff --git a/distribution/metadata/metadata.go b/distribution/metadata/metadata.go
index 4ae8223bd0541..88c859572dfaa 100644
--- a/distribution/metadata/metadata.go
+++ b/distribution/metadata/metadata.go
@@ -1,7 +1,6 @@
 package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
@@ -48,7 +47,7 @@ func (store *FSMetadataStore) Get(namespace string, key string) ([]byte, error)
 	store.RLock()
 	defer store.RUnlock()
 
-	return ioutil.ReadFile(store.path(namespace, key))
+	return os.ReadFile(store.path(namespace, key))
 }
 
 // Set writes data indexed by namespace and key. The data is written to a file
diff --git a/distribution/metadata/v1_id_service.go b/distribution/metadata/v1_id_service.go
index 5575c59b0e9a7..86c83f62ebf11 100644
--- a/distribution/metadata/v1_id_service.go
+++ b/distribution/metadata/v1_id_service.go
@@ -1,7 +1,7 @@
 package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
-	"github.com/docker/docker/image/v1"
+	v1 "github.com/docker/docker/image/v1"
 	"github.com/docker/docker/layer"
 	"github.com/pkg/errors"
 )
diff --git a/distribution/metadata/v1_id_service_test.go b/distribution/metadata/v1_id_service_test.go
index 5003897cbb92d..a548733e153f7 100644
--- a/distribution/metadata/v1_id_service_test.go
+++ b/distribution/metadata/v1_id_service_test.go
@@ -1,16 +1,15 @@
 package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
-	"io/ioutil"
 	"os"
 	"testing"
 
 	"github.com/docker/docker/layer"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestV1IDService(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "v1-id-service-test")
+	tmpDir, err := os.MkdirTemp("", "v1-id-service-test")
 	if err != nil {
 		t.Fatalf("could not create temp dir: %v", err)
 	}
diff --git a/distribution/metadata/v2_metadata_service.go b/distribution/metadata/v2_metadata_service.go
index fe33498554148..482d2224ea54c 100644
--- a/distribution/metadata/v2_metadata_service.go
+++ b/distribution/metadata/v2_metadata_service.go
@@ -9,7 +9,7 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/layer"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 )
 
 // V2MetadataService maps layer IDs to a set of known metadata for
diff --git a/distribution/metadata/v2_metadata_service_test.go b/distribution/metadata/v2_metadata_service_test.go
index cf24e0d85b637..ca54eaed98574 100644
--- a/distribution/metadata/v2_metadata_service_test.go
+++ b/distribution/metadata/v2_metadata_service_test.go
@@ -2,18 +2,17 @@ package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
 	"encoding/hex"
-	"io/ioutil"
 	"math/rand"
 	"os"
 	"reflect"
 	"testing"
 
 	"github.com/docker/docker/layer"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 )
 
 func TestV2MetadataService(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "blobsum-storage-service-test")
+	tmpDir, err := os.MkdirTemp("", "blobsum-storage-service-test")
 	if err != nil {
 		t.Fatalf("could not create temp dir: %v", err)
 	}
diff --git a/distribution/oci.go b/distribution/oci.go
deleted file mode 100644
index 7366546d09611..0000000000000
--- a/distribution/oci.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package distribution
-
-import (
-	"fmt"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/manifest/manifestlist"
-	"github.com/docker/distribution/manifest/schema2"
-	digest "github.com/opencontainers/go-digest"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-func init() {
-	// TODO: Remove this registration if distribution is included with OCI support
-
-	ocischemaFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {
-		m := new(schema2.DeserializedManifest)
-		err := m.UnmarshalJSON(b)
-		if err != nil {
-			return nil, distribution.Descriptor{}, err
-		}
-
-		dgst := digest.FromBytes(b)
-		return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: ocispec.MediaTypeImageManifest}, err
-	}
-	err := distribution.RegisterManifestSchema(ocispec.MediaTypeImageManifest, ocischemaFunc)
-	if err != nil {
-		panic(fmt.Sprintf("Unable to register manifest: %s", err))
-	}
-
-	manifestListFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {
-		m := new(manifestlist.DeserializedManifestList)
-		err := m.UnmarshalJSON(b)
-		if err != nil {
-			return nil, distribution.Descriptor{}, err
-		}
-
-		dgst := digest.FromBytes(b)
-		return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: ocispec.MediaTypeImageIndex}, err
-	}
-	err = distribution.RegisterManifestSchema(ocispec.MediaTypeImageIndex, manifestListFunc)
-	if err != nil {
-		panic(fmt.Sprintf("Unable to register manifest: %s", err))
-	}
-}
diff --git a/distribution/pull.go b/distribution/pull.go
index 5de73ae99ac39..829c5fed6a3a2 100644
--- a/distribution/pull.go
+++ b/distribution/pull.go
@@ -10,8 +10,7 @@ import (
 	"github.com/docker/docker/pkg/progress"
 	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"github.com/opencontainers/go-digest"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -21,15 +20,11 @@ type Puller interface {
 	// Pull tries to pull the image referenced by `tag`
 	// Pull returns an error if any, as well as a boolean that determines whether to retry Pull on the next configured endpoint.
 	//
-	Pull(ctx context.Context, ref reference.Named, platform *specs.Platform) error
+	Pull(ctx context.Context, ref reference.Named) error
 }
 
-// newPuller returns a Puller interface that will pull from either a v1 or v2
-// registry. The endpoint argument contains a Version field that determines
-// whether a v1 or v2 puller will be created. The other parameters are passed
-// through to the underlying puller implementation for use during the actual
-// pull operation.
-func newPuller(endpoint registry.APIEndpoint, repoInfo *registry.RepositoryInfo, imagePullConfig *ImagePullConfig) (Puller, error) {
+// newPuller returns a Puller interface that will pull from a v2 registry.
+func newPuller(endpoint registry.APIEndpoint, repoInfo *registry.RepositoryInfo, imagePullConfig *ImagePullConfig, local ContentStore) (Puller, error) {
 	switch endpoint.Version {
 	case registry.APIVersion2:
 		return &v2Puller{
@@ -37,21 +32,19 @@ func newPuller(endpoint registry.APIEndpoint, repoInfo *registry.RepositoryInfo,
 			endpoint:          endpoint,
 			config:            imagePullConfig,
 			repoInfo:          repoInfo,
+			manifestStore: &manifestStore{
+				local: local,
+			},
 		}, nil
 	case registry.APIVersion1:
-		return &v1Puller{
-			v1IDService: metadata.NewV1IDService(imagePullConfig.MetadataStore),
-			endpoint:    endpoint,
-			config:      imagePullConfig,
-			repoInfo:    repoInfo,
-		}, nil
+		return nil, fmt.Errorf("protocol version %d no longer supported. Please contact admins of registry %s", endpoint.Version, endpoint.URL)
 	}
 	return nil, fmt.Errorf("unknown version %d for registry %s", endpoint.Version, endpoint.URL)
 }
 
 // Pull initiates a pull operation. image is the repository name to pull, and
 // tag may be either empty, or indicate a specific tag to pull.
-func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullConfig) error {
+func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullConfig, local ContentStore) error {
 	// Resolve the Repository name from fqn to RepositoryInfo
 	repoInfo, err := imagePullConfig.RegistryService.ResolveRepository(ref)
 	if err != nil {
@@ -80,26 +73,12 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
 		// error is the ones from v2 endpoints not v1.
 		discardNoSupportErrors bool
 
-		// confirmedV2 is set to true if a pull attempt managed to
-		// confirm that it was talking to a v2 registry. This will
-		// prevent fallback to the v1 protocol.
-		confirmedV2 bool
-
 		// confirmedTLSRegistries is a map indicating which registries
 		// are known to be using TLS. There should never be a plaintext
 		// retry for any of these.
 		confirmedTLSRegistries = make(map[string]struct{})
 	)
 	for _, endpoint := range endpoints {
-		if imagePullConfig.RequireSchema2 && endpoint.Version == registry.APIVersion1 {
-			continue
-		}
-
-		if confirmedV2 && endpoint.Version == registry.APIVersion1 {
-			logrus.Debugf("Skipping v1 endpoint %s because v2 registry was detected", endpoint.URL)
-			continue
-		}
-
 		if endpoint.URL.Scheme != "https" {
 			if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS {
 				logrus.Debugf("Skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL)
@@ -109,13 +88,13 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
 
 		logrus.Debugf("Trying to pull %s from %s %s", reference.FamiliarName(repoInfo.Name), endpoint.URL, endpoint.Version)
 
-		puller, err := newPuller(endpoint, repoInfo, imagePullConfig)
+		puller, err := newPuller(endpoint, repoInfo, imagePullConfig, local)
 		if err != nil {
 			lastErr = err
 			continue
 		}
 
-		if err := puller.Pull(ctx, ref, imagePullConfig.Platform); err != nil {
+		if err := puller.Pull(ctx, ref); err != nil {
 			// Was this pull cancelled? If so, don't try to fall
 			// back.
 			fallback := false
@@ -124,7 +103,6 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
 			default:
 				if fallbackErr, ok := err.(fallbackError); ok {
 					fallback = true
-					confirmedV2 = confirmedV2 || fallbackErr.confirmedV2
 					if fallbackErr.transportOK && endpoint.URL.Scheme == "https" {
 						confirmedTLSRegistries[endpoint.URL.Host] = struct{}{}
 					}
diff --git a/distribution/pull_v1.go b/distribution/pull_v1.go
deleted file mode 100644
index c2c897dc1c31c..0000000000000
--- a/distribution/pull_v1.go
+++ /dev/null
@@ -1,368 +0,0 @@
-package distribution // import "github.com/docker/docker/distribution"
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net"
-	"net/url"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/client/auth"
-	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/distribution/metadata"
-	"github.com/docker/docker/distribution/xfer"
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/image/v1"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/registry"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/sirupsen/logrus"
-)
-
-type v1Puller struct {
-	v1IDService *metadata.V1IDService
-	endpoint    registry.APIEndpoint
-	config      *ImagePullConfig
-	repoInfo    *registry.RepositoryInfo
-	session     *registry.Session
-}
-
-func (p *v1Puller) Pull(ctx context.Context, ref reference.Named, _ *specs.Platform) error {
-	if _, isCanonical := ref.(reference.Canonical); isCanonical {
-		// Allowing fallback, because HTTPS v1 is before HTTP v2
-		return fallbackError{err: ErrNoSupport{Err: errors.New("Cannot pull by digest with v1 registry")}}
-	}
-
-	tlsConfig, err := p.config.RegistryService.TLSConfig(p.repoInfo.Index.Name)
-	if err != nil {
-		return err
-	}
-	// Adds Docker-specific headers as well as user-specified headers (metaHeaders)
-	tr := transport.NewTransport(
-		// TODO(tiborvass): was ReceiveTimeout
-		registry.NewTransport(tlsConfig),
-		registry.Headers(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)...,
-	)
-	client := registry.HTTPClient(tr)
-	v1Endpoint := p.endpoint.ToV1Endpoint(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)
-	p.session, err = registry.NewSession(client, p.config.AuthConfig, v1Endpoint)
-	if err != nil {
-		// TODO(dmcgowan): Check if should fallback
-		logrus.Debugf("Fallback from error: %s", err)
-		return fallbackError{err: err}
-	}
-	if err := p.pullRepository(ctx, ref); err != nil {
-		// TODO(dmcgowan): Check if should fallback
-		return err
-	}
-	progress.Message(p.config.ProgressOutput, "", p.repoInfo.Name.Name()+": this image was pulled from a legacy registry.  Important: This registry version will not be supported in future versions of docker.")
-
-	return nil
-}
-
-// Note use auth.Scope rather than reference.Named due to this warning causing Jenkins CI to fail:
-// warning: ref can be github.com/docker/docker/vendor/github.com/docker/distribution/registry/client/auth.Scope (interfacer)
-func (p *v1Puller) pullRepository(ctx context.Context, ref auth.Scope) error {
-	progress.Message(p.config.ProgressOutput, "", "Pulling repository "+p.repoInfo.Name.Name())
-
-	tagged, isTagged := ref.(reference.NamedTagged)
-
-	repoData, err := p.session.GetRepositoryData(p.repoInfo.Name)
-	if err != nil {
-		if strings.Contains(err.Error(), "HTTP code: 404") {
-			if isTagged {
-				return fmt.Errorf("Error: image %s:%s not found", reference.Path(p.repoInfo.Name), tagged.Tag())
-			}
-			return fmt.Errorf("Error: image %s not found", reference.Path(p.repoInfo.Name))
-		}
-		// Unexpected HTTP error
-		return err
-	}
-
-	logrus.Debug("Retrieving the tag list")
-	var tagsList map[string]string
-	if !isTagged {
-		tagsList, err = p.session.GetRemoteTags(repoData.Endpoints, p.repoInfo.Name)
-	} else {
-		var tagID string
-		tagsList = make(map[string]string)
-		tagID, err = p.session.GetRemoteTag(repoData.Endpoints, p.repoInfo.Name, tagged.Tag())
-		if err == registry.ErrRepoNotFound {
-			return fmt.Errorf("Tag %s not found in repository %s", tagged.Tag(), p.repoInfo.Name.Name())
-		}
-		tagsList[tagged.Tag()] = tagID
-	}
-	if err != nil {
-		logrus.Errorf("unable to get remote tags: %s", err)
-		return err
-	}
-
-	for tag, id := range tagsList {
-		repoData.ImgList[id] = &registry.ImgData{
-			ID:       id,
-			Tag:      tag,
-			Checksum: "",
-		}
-	}
-
-	layersDownloaded := false
-	for _, imgData := range repoData.ImgList {
-		if isTagged && imgData.Tag != tagged.Tag() {
-			continue
-		}
-
-		err := p.downloadImage(ctx, repoData, imgData, &layersDownloaded)
-		if err != nil {
-			return err
-		}
-	}
-
-	writeStatus(reference.FamiliarString(ref), p.config.ProgressOutput, layersDownloaded)
-	return nil
-}
-
-func (p *v1Puller) downloadImage(ctx context.Context, repoData *registry.RepositoryData, img *registry.ImgData, layersDownloaded *bool) error {
-	if img.Tag == "" {
-		logrus.Debugf("Image (id: %s) present in this repository but untagged, skipping", img.ID)
-		return nil
-	}
-
-	localNameRef, err := reference.WithTag(p.repoInfo.Name, img.Tag)
-	if err != nil {
-		retErr := fmt.Errorf("Image (id: %s) has invalid tag: %s", img.ID, img.Tag)
-		logrus.Debug(retErr.Error())
-		return retErr
-	}
-
-	if err := v1.ValidateID(img.ID); err != nil {
-		return err
-	}
-
-	progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Pulling image (%s) from %s", img.Tag, p.repoInfo.Name.Name())
-	success := false
-	var lastErr error
-	for _, ep := range p.repoInfo.Index.Mirrors {
-		ep += "v1/"
-		progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, mirror: %s", img.Tag, p.repoInfo.Name.Name(), ep))
-		if err = p.pullImage(ctx, img.ID, ep, localNameRef, layersDownloaded); err != nil {
-			// Don't report errors when pulling from mirrors.
-			logrus.Debugf("Error pulling image (%s) from %s, mirror: %s, %s", img.Tag, p.repoInfo.Name.Name(), ep, err)
-			continue
-		}
-		success = true
-		break
-	}
-	if !success {
-		for _, ep := range repoData.Endpoints {
-			progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Pulling image (%s) from %s, endpoint: %s", img.Tag, p.repoInfo.Name.Name(), ep)
-			if err = p.pullImage(ctx, img.ID, ep, localNameRef, layersDownloaded); err != nil {
-				// It's not ideal that only the last error is returned, it would be better to concatenate the errors.
-				// As the error is also given to the output stream the user will see the error.
-				lastErr = err
-				progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, p.repoInfo.Name.Name(), ep, err)
-				continue
-			}
-			success = true
-			break
-		}
-	}
-	if !success {
-		err := fmt.Errorf("Error pulling image (%s) from %s, %v", img.Tag, p.repoInfo.Name.Name(), lastErr)
-		progress.Update(p.config.ProgressOutput, stringid.TruncateID(img.ID), err.Error())
-		return err
-	}
-	return nil
-}
-
-func (p *v1Puller) pullImage(ctx context.Context, v1ID, endpoint string, localNameRef reference.Named, layersDownloaded *bool) (err error) {
-	var history []string
-	history, err = p.session.GetRemoteHistory(v1ID, endpoint)
-	if err != nil {
-		return err
-	}
-	if len(history) < 1 {
-		return fmt.Errorf("empty history for image %s", v1ID)
-	}
-	progress.Update(p.config.ProgressOutput, stringid.TruncateID(v1ID), "Pulling dependent layers")
-
-	var (
-		descriptors []xfer.DownloadDescriptor
-		newHistory  []image.History
-		imgJSON     []byte
-		imgSize     int64
-	)
-
-	// Iterate over layers, in order from bottom-most to top-most. Download
-	// config for all layers and create descriptors.
-	for i := len(history) - 1; i >= 0; i-- {
-		v1LayerID := history[i]
-		imgJSON, imgSize, err = p.downloadLayerConfig(v1LayerID, endpoint)
-		if err != nil {
-			return err
-		}
-
-		// Create a new-style config from the legacy configs
-		h, err := v1.HistoryFromConfig(imgJSON, false)
-		if err != nil {
-			return err
-		}
-		newHistory = append(newHistory, h)
-
-		layerDescriptor := &v1LayerDescriptor{
-			v1LayerID:        v1LayerID,
-			indexName:        p.repoInfo.Index.Name,
-			endpoint:         endpoint,
-			v1IDService:      p.v1IDService,
-			layersDownloaded: layersDownloaded,
-			layerSize:        imgSize,
-			session:          p.session,
-		}
-
-		descriptors = append(descriptors, layerDescriptor)
-	}
-
-	rootFS := image.NewRootFS()
-	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, "", descriptors, p.config.ProgressOutput)
-	if err != nil {
-		return err
-	}
-	defer release()
-
-	config, err := v1.MakeConfigFromV1Config(imgJSON, &resultRootFS, newHistory)
-	if err != nil {
-		return err
-	}
-
-	imageID, err := p.config.ImageStore.Put(config)
-	if err != nil {
-		return err
-	}
-
-	if p.config.ReferenceStore != nil {
-		if err := p.config.ReferenceStore.AddTag(localNameRef, imageID, true); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (p *v1Puller) downloadLayerConfig(v1LayerID, endpoint string) (imgJSON []byte, imgSize int64, err error) {
-	progress.Update(p.config.ProgressOutput, stringid.TruncateID(v1LayerID), "Pulling metadata")
-
-	retries := 5
-	for j := 1; j <= retries; j++ {
-		imgJSON, imgSize, err := p.session.GetRemoteImageJSON(v1LayerID, endpoint)
-		if err != nil && j == retries {
-			progress.Update(p.config.ProgressOutput, stringid.TruncateID(v1LayerID), "Error pulling layer metadata")
-			return nil, 0, err
-		} else if err != nil {
-			time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-			continue
-		}
-
-		return imgJSON, imgSize, nil
-	}
-
-	// not reached
-	return nil, 0, nil
-}
-
-type v1LayerDescriptor struct {
-	v1LayerID        string
-	indexName        string
-	endpoint         string
-	v1IDService      *metadata.V1IDService
-	layersDownloaded *bool
-	layerSize        int64
-	session          *registry.Session
-	tmpFile          *os.File
-}
-
-func (ld *v1LayerDescriptor) Key() string {
-	return "v1:" + ld.v1LayerID
-}
-
-func (ld *v1LayerDescriptor) ID() string {
-	return stringid.TruncateID(ld.v1LayerID)
-}
-
-func (ld *v1LayerDescriptor) DiffID() (layer.DiffID, error) {
-	return ld.v1IDService.Get(ld.v1LayerID, ld.indexName)
-}
-
-func (ld *v1LayerDescriptor) Download(ctx context.Context, progressOutput progress.Output) (io.ReadCloser, int64, error) {
-	progress.Update(progressOutput, ld.ID(), "Pulling fs layer")
-	layerReader, err := ld.session.GetRemoteImageLayer(ld.v1LayerID, ld.endpoint, ld.layerSize)
-	if err != nil {
-		progress.Update(progressOutput, ld.ID(), "Error pulling dependent layers")
-		if uerr, ok := err.(*url.Error); ok {
-			err = uerr.Err
-		}
-		if terr, ok := err.(net.Error); ok && terr.Timeout() {
-			return nil, 0, err
-		}
-		return nil, 0, xfer.DoNotRetry{Err: err}
-	}
-	*ld.layersDownloaded = true
-
-	ld.tmpFile, err = ioutil.TempFile("", "GetImageBlob")
-	if err != nil {
-		layerReader.Close()
-		return nil, 0, err
-	}
-
-	reader := progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, layerReader), progressOutput, ld.layerSize, ld.ID(), "Downloading")
-	defer reader.Close()
-
-	_, err = io.Copy(ld.tmpFile, reader)
-	if err != nil {
-		ld.Close()
-		return nil, 0, err
-	}
-
-	progress.Update(progressOutput, ld.ID(), "Download complete")
-
-	logrus.Debugf("Downloaded %s to tempfile %s", ld.ID(), ld.tmpFile.Name())
-
-	ld.tmpFile.Seek(0, 0)
-
-	// hand off the temporary file to the download manager, so it will only
-	// be closed once
-	tmpFile := ld.tmpFile
-	ld.tmpFile = nil
-
-	return ioutils.NewReadCloserWrapper(tmpFile, func() error {
-		tmpFile.Close()
-		err := os.RemoveAll(tmpFile.Name())
-		if err != nil {
-			logrus.Errorf("Failed to remove temp file: %s", tmpFile.Name())
-		}
-		return err
-	}), ld.layerSize, nil
-}
-
-func (ld *v1LayerDescriptor) Close() {
-	if ld.tmpFile != nil {
-		ld.tmpFile.Close()
-		if err := os.RemoveAll(ld.tmpFile.Name()); err != nil {
-			logrus.Errorf("Failed to remove temp file: %s", ld.tmpFile.Name())
-		}
-		ld.tmpFile = nil
-	}
-}
-
-func (ld *v1LayerDescriptor) Registered(diffID layer.DiffID) {
-	// Cache mapping from this layer's DiffID to the blobsum
-	ld.v1IDService.Set(ld.v1LayerID, ld.indexName, diffID)
-}
diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go
index 8f05cfa0b289b..296f47372be07 100644
--- a/distribution/pull_v2.go
+++ b/distribution/pull_v2.go
@@ -5,25 +5,22 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
-	"net/url"
 	"os"
 	"runtime"
-	"strings"
 
+	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/platforms"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/ocischema"
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/api/errcode"
-	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/distribution/xfer"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/image/v1"
+	v1 "github.com/docker/docker/image/v1"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
@@ -31,7 +28,7 @@ import (
 	"github.com/docker/docker/pkg/system"
 	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -59,27 +56,29 @@ type v2Puller struct {
 	config            *ImagePullConfig
 	repoInfo          *registry.RepositoryInfo
 	repo              distribution.Repository
-	// confirmedV2 is set to true if we confirm we're talking to a v2
-	// registry. This is used to limit fallbacks to the v1 protocol.
-	confirmedV2 bool
+	manifestStore     *manifestStore
 }
 
-func (p *v2Puller) Pull(ctx context.Context, ref reference.Named, platform *specs.Platform) (err error) {
+func (p *v2Puller) Pull(ctx context.Context, ref reference.Named) (err error) {
 	// TODO(tiborvass): was ReceiveTimeout
-	p.repo, p.confirmedV2, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
+	p.repo, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
 	if err != nil {
 		logrus.Warnf("Error getting v2 registry: %v", err)
 		return err
 	}
 
-	if err = p.pullV2Repository(ctx, ref, platform); err != nil {
+	p.manifestStore.remote, err = p.repo.Manifests(ctx)
+	if err != nil {
+		return err
+	}
+
+	if err = p.pullV2Repository(ctx, ref); err != nil {
 		if _, ok := err.(fallbackError); ok {
 			return err
 		}
 		if continueOnError(err, p.endpoint.Mirror) {
 			return fallbackError{
 				err:         err,
-				confirmedV2: p.confirmedV2,
 				transportOK: true,
 			}
 		}
@@ -87,32 +86,25 @@ func (p *v2Puller) Pull(ctx context.Context, ref reference.Named, platform *spec
 	return err
 }
 
-func (p *v2Puller) pullV2Repository(ctx context.Context, ref reference.Named, platform *specs.Platform) (err error) {
+func (p *v2Puller) pullV2Repository(ctx context.Context, ref reference.Named) (err error) {
 	var layersDownloaded bool
 	if !reference.IsNameOnly(ref) {
-		layersDownloaded, err = p.pullV2Tag(ctx, ref, platform)
+		layersDownloaded, err = p.pullV2Tag(ctx, ref, p.config.Platform)
 		if err != nil {
 			return err
 		}
 	} else {
 		tags, err := p.repo.Tags(ctx).All(ctx)
 		if err != nil {
-			// If this repository doesn't exist on V2, we should
-			// permit a fallback to V1.
-			return allowV1Fallback(err)
+			return err
 		}
 
-		// The v2 registry knows about this repository, so we will not
-		// allow fallback to the v1 protocol even if we encounter an
-		// error later on.
-		p.confirmedV2 = true
-
 		for _, tag := range tags {
 			tagRef, err := reference.WithTag(ref, tag)
 			if err != nil {
 				return err
 			}
-			pulledNew, err := p.pullV2Tag(ctx, tagRef, platform)
+			pulledNew, err := p.pullV2Tag(ctx, tagRef, p.config.Platform)
 			if err != nil {
 				// Since this is the pull-all-tags case, don't
 				// allow an error pulling a particular tag to
@@ -173,7 +165,7 @@ func (ld *v2LayerDescriptor) Download(ctx context.Context, progressOutput progre
 			return nil, 0, xfer.DoNotRetry{Err: err}
 		}
 	} else {
-		offset, err = ld.tmpFile.Seek(0, os.SEEK_END)
+		offset, err = ld.tmpFile.Seek(0, io.SeekEnd)
 		if err != nil {
 			logrus.Debugf("error seeking to end of download file: %v", err)
 			offset = 0
@@ -200,7 +192,7 @@ func (ld *v2LayerDescriptor) Download(ctx context.Context, progressOutput progre
 	}
 
 	if offset != 0 {
-		_, err := layerDownload.Seek(offset, os.SEEK_SET)
+		_, err := layerDownload.Seek(offset, io.SeekStart)
 		if err != nil {
 			if err := ld.truncateDownloadFile(); err != nil {
 				return nil, 0, xfer.DoNotRetry{Err: err}
@@ -208,7 +200,7 @@ func (ld *v2LayerDescriptor) Download(ctx context.Context, progressOutput progre
 			return nil, 0, err
 		}
 	}
-	size, err := layerDownload.Seek(0, os.SEEK_END)
+	size, err := layerDownload.Seek(0, io.SeekEnd)
 	if err != nil {
 		// Seek failed, perhaps because there was no Content-Length
 		// header. This shouldn't fail the download, because we can
@@ -226,7 +218,7 @@ func (ld *v2LayerDescriptor) Download(ctx context.Context, progressOutput progre
 		// Restore the seek offset either at the beginning of the
 		// stream, or just after the last byte we have from previous
 		// attempts.
-		_, err = layerDownload.Seek(offset, os.SEEK_SET)
+		_, err = layerDownload.Seek(offset, io.SeekStart)
 		if err != nil {
 			return nil, 0, err
 		}
@@ -272,7 +264,7 @@ func (ld *v2LayerDescriptor) Download(ctx context.Context, progressOutput progre
 
 	logrus.Debugf("Downloaded %s to tempfile %s", ld.ID(), tmpFile.Name())
 
-	_, err = tmpFile.Seek(0, os.SEEK_SET)
+	_, err = tmpFile.Seek(0, io.SeekStart)
 	if err != nil {
 		tmpFile.Close()
 		if err := os.Remove(tmpFile.Name()); err != nil {
@@ -310,7 +302,7 @@ func (ld *v2LayerDescriptor) truncateDownloadFile() error {
 	// Need a new hash context since we will be redoing the download
 	ld.verifier = nil
 
-	if _, err := ld.tmpFile.Seek(0, os.SEEK_SET); err != nil {
+	if _, err := ld.tmpFile.Seek(0, io.SeekStart); err != nil {
 		logrus.Errorf("error seeking to beginning of download file: %v", err)
 		return err
 	}
@@ -329,31 +321,75 @@ func (ld *v2LayerDescriptor) Registered(diffID layer.DiffID) {
 }
 
 func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform *specs.Platform) (tagUpdated bool, err error) {
-	manSvc, err := p.repo.Manifests(ctx)
-	if err != nil {
-		return false, err
-	}
 
 	var (
-		manifest    distribution.Manifest
 		tagOrDigest string // Used for logging/progress only
+		dgst        digest.Digest
+		mt          string
+		size        int64
+		tagged      reference.NamedTagged
+		isTagged    bool
 	)
 	if digested, isDigested := ref.(reference.Canonical); isDigested {
-		manifest, err = manSvc.Get(ctx, digested.Digest())
+		dgst = digested.Digest()
+		tagOrDigest = digested.String()
+	} else if tagged, isTagged = ref.(reference.NamedTagged); isTagged {
+		tagService := p.repo.Tags(ctx)
+		desc, err := tagService.Get(ctx, tagged.Tag())
 		if err != nil {
 			return false, err
 		}
-		tagOrDigest = digested.Digest().String()
-	} else if tagged, isTagged := ref.(reference.NamedTagged); isTagged {
-		manifest, err = manSvc.Get(ctx, "", distribution.WithTag(tagged.Tag()))
-		if err != nil {
-			return false, allowV1Fallback(err)
-		}
+
+		dgst = desc.Digest
 		tagOrDigest = tagged.Tag()
+		mt = desc.MediaType
+		size = desc.Size
 	} else {
 		return false, fmt.Errorf("internal error: reference has neither a tag nor a digest: %s", reference.FamiliarString(ref))
 	}
 
+	ctx = log.WithLogger(ctx, logrus.WithFields(
+		logrus.Fields{
+			"digest": dgst,
+			"remote": ref,
+		}))
+
+	desc := specs.Descriptor{
+		MediaType: mt,
+		Digest:    dgst,
+		Size:      size,
+	}
+	manifest, err := p.manifestStore.Get(ctx, desc)
+	if err != nil {
+		if isTagged && isNotFound(errors.Cause(err)) {
+			logrus.WithField("ref", ref).WithError(err).Debug("Falling back to pull manifest by tag")
+
+			msg := `%s Failed to pull manifest by the resolved digest. This registry does not
+	appear to conform to the distribution registry specification; falling back to
+	pull by tag.  This fallback is DEPRECATED, and will be removed in a future
+	release.  Please contact admins of %s. %s
+`
+
+			warnEmoji := "\U000026A0\U0000FE0F"
+			progress.Messagef(p.config.ProgressOutput, "WARNING", msg, warnEmoji, p.endpoint.URL, warnEmoji)
+
+			// Fetch by tag worked, but fetch by digest didn't.
+			// This is a broken registry implementation.
+			// We'll fallback to the old behavior and get the manifest by tag.
+			var ms distribution.ManifestService
+			ms, err = p.repo.Manifests(ctx)
+			if err != nil {
+				return false, err
+			}
+
+			manifest, err = ms.Get(ctx, "", distribution.WithTag(tagged.Tag()))
+			err = errors.Wrap(err, "error after falling back to get manifest by tag")
+		}
+		if err != nil {
+			return false, err
+		}
+	}
+
 	if manifest == nil {
 		return false, fmt.Errorf("image manifest does not exist for tag or digest %q", tagOrDigest)
 	}
@@ -375,10 +411,6 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
 		}
 	}
 
-	// If manSvc.Get succeeded, we can be confident that the registry on
-	// the other side speaks the v2 protocol.
-	p.confirmedV2 = true
-
 	logrus.Debugf("Pulling ref from V2 registry: %s", reference.FamiliarString(ref))
 	progress.Message(p.config.ProgressOutput, tagOrDigest, "Pulling from "+reference.FamiliarName(p.repo.Named()))
 
@@ -392,6 +424,15 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
 		if p.config.RequireSchema2 {
 			return false, fmt.Errorf("invalid manifest: not schema2")
 		}
+
+		// give registries time to upgrade to schema2 and only warn if we know a registry has been upgraded long time ago
+		// TODO: condition to be removed
+		if reference.Domain(ref) == "docker.io" {
+			msg := fmt.Sprintf("Image %s uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/", ref)
+			logrus.Warn(msg)
+			progress.Message(p.config.ProgressOutput, "", msg)
+		}
+
 		id, manifestDigest, err = p.pullSchema1(ctx, ref, v, platform)
 		if err != nil {
 			return false, err
@@ -401,6 +442,11 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
 		if err != nil {
 			return false, err
 		}
+	case *ocischema.DeserializedManifest:
+		id, manifestDigest, err = p.pullOCI(ctx, ref, v, platform)
+		if err != nil {
+			return false, err
+		}
 	case *manifestlist.DeserializedManifestList:
 		id, manifestDigest, err = p.pullManifestList(ctx, ref, v, platform)
 		if err != nil {
@@ -439,6 +485,14 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
 }
 
 func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unverifiedManifest *schema1.SignedManifest, platform *specs.Platform) (id digest.Digest, manifestDigest digest.Digest, err error) {
+	if platform != nil {
+		// Early bath if the requested OS doesn't match that of the configuration.
+		// This avoids doing the download, only to potentially fail later.
+		if !system.IsOSSupported(platform.OS) {
+			return "", "", fmt.Errorf("cannot download image with operating system %q when requesting %q", runtime.GOOS, platform.OS)
+		}
+	}
+
 	var verifiedManifest *schema1.Manifest
 	verifiedManifest, err = verifySchema1Manifest(unverifiedManifest, ref)
 	if err != nil {
@@ -462,6 +516,9 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unv
 	// to top-most, so that the downloads slice gets ordered correctly.
 	for i := len(verifiedManifest.FSLayers) - 1; i >= 0; i-- {
 		blobSum := verifiedManifest.FSLayers[i].BlobSum
+		if err = blobSum.Validate(); err != nil {
+			return "", "", errors.Wrapf(err, "could not validate layer digest %q", blobSum)
+		}
 
 		var throwAway struct {
 			ThrowAway bool `json:"throwaway,omitempty"`
@@ -490,44 +547,7 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unv
 		descriptors = append(descriptors, layerDescriptor)
 	}
 
-	// The v1 manifest itself doesn't directly contain an OS. However,
-	// the history does, but unfortunately that's a string, so search through
-	// all the history until hopefully we find one which indicates the OS.
-	// supertest2014/nyan is an example of a registry image with schemav1.
-	configOS := runtime.GOOS
-	if system.LCOWSupported() {
-		type config struct {
-			Os string `json:"os,omitempty"`
-		}
-		for _, v := range verifiedManifest.History {
-			var c config
-			if err := json.Unmarshal([]byte(v.V1Compatibility), &c); err == nil {
-				if c.Os != "" {
-					configOS = c.Os
-					break
-				}
-			}
-		}
-	}
-
-	// In the situation that the API call didn't specify an OS explicitly, but
-	// we support the operating system, switch to that operating system.
-	// eg FROM supertest2014/nyan with no platform specifier, and docker build
-	// with no --platform= flag under LCOW.
-	requestedOS := ""
-	if platform != nil {
-		requestedOS = platform.OS
-	} else if system.IsOSSupported(configOS) {
-		requestedOS = configOS
-	}
-
-	// Early bath if the requested OS doesn't match that of the configuration.
-	// This avoids doing the download, only to potentially fail later.
-	if !strings.EqualFold(configOS, requestedOS) {
-		return "", "", fmt.Errorf("cannot download image with operating system %q when requesting %q", configOS, requestedOS)
-	}
-
-	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, configOS, descriptors, p.config.ProgressOutput)
+	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, runtime.GOOS, descriptors, p.config.ProgressOutput)
 	if err != nil {
 		return "", "", err
 	}
@@ -538,7 +558,7 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unv
 		return "", "", err
 	}
 
-	imageID, err := p.config.ImageStore.Put(config)
+	imageID, err := p.config.ImageStore.Put(ctx, config)
 	if err != nil {
 		return "", "", err
 	}
@@ -548,24 +568,21 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unv
 	return imageID, manifestDigest, nil
 }
 
-func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *schema2.DeserializedManifest, platform *specs.Platform) (id digest.Digest, manifestDigest digest.Digest, err error) {
-	manifestDigest, err = schema2ManifestDigest(ref, mfst)
-	if err != nil {
-		return "", "", err
-	}
-
-	target := mfst.Target()
-	if _, err := p.config.ImageStore.Get(target.Digest); err == nil {
+func (p *v2Puller) pullSchema2Layers(ctx context.Context, target distribution.Descriptor, layers []distribution.Descriptor, platform *specs.Platform) (id digest.Digest, err error) {
+	if _, err := p.config.ImageStore.Get(ctx, target.Digest); err == nil {
 		// If the image already exists locally, no need to pull
 		// anything.
-		return target.Digest, manifestDigest, nil
+		return target.Digest, nil
 	}
 
 	var descriptors []xfer.DownloadDescriptor
 
 	// Note that the order of this loop is in the direction of bottom-most
 	// to top-most, so that the downloads slice gets ordered correctly.
-	for _, d := range mfst.Layers {
+	for _, d := range layers {
+		if err := d.Digest.Validate(); err != nil {
+			return "", errors.Wrapf(err, "could not validate layer digest %q", d.Digest)
+		}
 		layerDescriptor := &v2LayerDescriptor{
 			digest:            d.Digest,
 			repo:              p.repo,
@@ -620,23 +637,23 @@ func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *s
 	if runtime.GOOS == "windows" {
 		configJSON, configRootFS, configPlatform, err = receiveConfig(p.config.ImageStore, configChan, configErrChan)
 		if err != nil {
-			return "", "", err
+			return "", err
 		}
 		if configRootFS == nil {
-			return "", "", errRootFSInvalid
+			return "", errRootFSInvalid
 		}
 		if err := checkImageCompatibility(configPlatform.OS, configPlatform.OSVersion); err != nil {
-			return "", "", err
+			return "", err
 		}
 
 		if len(descriptors) != len(configRootFS.DiffIDs) {
-			return "", "", errRootFSMismatch
+			return "", errRootFSMismatch
 		}
 		if platform == nil {
 			// Early bath if the requested OS doesn't match that of the configuration.
 			// This avoids doing the download, only to potentially fail later.
 			if !system.IsOSSupported(configPlatform.OS) {
-				return "", "", fmt.Errorf("cannot download image with operating system %q when requesting %q", configPlatform.OS, layerStoreOS)
+				return "", fmt.Errorf("cannot download image with operating system %q when requesting %q", configPlatform.OS, layerStoreOS)
 			}
 			layerStoreOS = configPlatform.OS
 		}
@@ -683,14 +700,14 @@ func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *s
 			case <-downloadsDone:
 			case <-layerErrChan:
 			}
-			return "", "", err
+			return "", err
 		}
 	}
 
 	select {
 	case <-downloadsDone:
 	case err = <-layerErrChan:
-		return "", "", err
+		return "", err
 	}
 
 	if release != nil {
@@ -702,22 +719,40 @@ func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *s
 		// Otherwise the image config could be referencing layers that aren't
 		// included in the manifest.
 		if len(downloadedRootFS.DiffIDs) != len(configRootFS.DiffIDs) {
-			return "", "", errRootFSMismatch
+			return "", errRootFSMismatch
 		}
 
 		for i := range downloadedRootFS.DiffIDs {
 			if downloadedRootFS.DiffIDs[i] != configRootFS.DiffIDs[i] {
-				return "", "", errRootFSMismatch
+				return "", errRootFSMismatch
 			}
 		}
 	}
 
-	imageID, err := p.config.ImageStore.Put(configJSON)
+	imageID, err := p.config.ImageStore.Put(ctx, configJSON)
+	if err != nil {
+		return "", err
+	}
+
+	return imageID, nil
+}
+
+func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *schema2.DeserializedManifest, platform *specs.Platform) (id digest.Digest, manifestDigest digest.Digest, err error) {
+	manifestDigest, err = schema2ManifestDigest(ref, mfst)
 	if err != nil {
 		return "", "", err
 	}
+	id, err = p.pullSchema2Layers(ctx, mfst.Target(), mfst.Layers, platform)
+	return id, manifestDigest, err
+}
 
-	return imageID, manifestDigest, nil
+func (p *v2Puller) pullOCI(ctx context.Context, ref reference.Named, mfst *ocischema.DeserializedManifest, platform *specs.Platform) (id digest.Digest, manifestDigest digest.Digest, err error) {
+	manifestDigest, err = schema2ManifestDigest(ref, mfst)
+	if err != nil {
+		return "", "", err
+	}
+	id, err = p.pullSchema2Layers(ctx, mfst.Target(), mfst.Layers, platform)
+	return id, manifestDigest, err
 }
 
 func receiveConfig(s ImageConfigStore, configChan <-chan []byte, errChan <-chan error) ([]byte, *image.RootFS, *specs.Platform, error) {
@@ -756,7 +791,7 @@ func (p *v2Puller) pullManifestList(ctx context.Context, ref reference.Named, mf
 	manifestMatches := filterManifests(mfstList.Manifests, platform)
 
 	if len(manifestMatches) == 0 {
-		errMsg := fmt.Sprintf("no matching manifest for %s in the manifest list entries", platforms.Format(platform))
+		errMsg := fmt.Sprintf("no matching manifest for %s in the manifest list entries", formatPlatform(platform))
 		logrus.Debugf(errMsg)
 		return "", "", errors.New(errMsg)
 	}
@@ -764,29 +799,33 @@ func (p *v2Puller) pullManifestList(ctx context.Context, ref reference.Named, mf
 	if len(manifestMatches) > 1 {
 		logrus.Debugf("found multiple matches in manifest list, choosing best match %s", manifestMatches[0].Digest.String())
 	}
-	manifestDigest := manifestMatches[0].Digest
+	match := manifestMatches[0]
 
-	if err := checkImageCompatibility(manifestMatches[0].Platform.OS, manifestMatches[0].Platform.OSVersion); err != nil {
+	if err := checkImageCompatibility(match.Platform.OS, match.Platform.OSVersion); err != nil {
 		return "", "", err
 	}
 
-	manSvc, err := p.repo.Manifests(ctx)
-	if err != nil {
-		return "", "", err
+	desc := specs.Descriptor{
+		Digest:    match.Digest,
+		Size:      match.Size,
+		MediaType: match.MediaType,
 	}
-
-	manifest, err := manSvc.Get(ctx, manifestDigest)
+	manifest, err := p.manifestStore.Get(ctx, desc)
 	if err != nil {
 		return "", "", err
 	}
 
-	manifestRef, err := reference.WithDigest(reference.TrimNamed(ref), manifestDigest)
+	manifestRef, err := reference.WithDigest(reference.TrimNamed(ref), match.Digest)
 	if err != nil {
 		return "", "", err
 	}
 
 	switch v := manifest.(type) {
 	case *schema1.SignedManifest:
+		msg := fmt.Sprintf("[DEPRECATION NOTICE] v2 schema1 manifests in manifest lists are not supported and will break in a future release. Suggest author of %s to upgrade to v2 schema2. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/", ref)
+		logrus.Warn(msg)
+		progress.Message(p.config.ProgressOutput, "", msg)
+
 		platform := toOCIPlatform(manifestMatches[0].Platform)
 		id, _, err = p.pullSchema1(ctx, manifestRef, v, &platform)
 		if err != nil {
@@ -798,6 +837,12 @@ func (p *v2Puller) pullManifestList(ctx context.Context, ref reference.Named, mf
 		if err != nil {
 			return "", "", err
 		}
+	case *ocischema.DeserializedManifest:
+		platform := toOCIPlatform(manifestMatches[0].Platform)
+		id, _, err = p.pullOCI(ctx, manifestRef, v, &platform)
+		if err != nil {
+			return "", "", err
+		}
 	default:
 		return "", "", errors.New("unsupported manifest format")
 	}
@@ -851,39 +896,6 @@ func schema2ManifestDigest(ref reference.Named, mfst distribution.Manifest) (dig
 	return digest.FromBytes(canonical), nil
 }
 
-// allowV1Fallback checks if the error is a possible reason to fallback to v1
-// (even if confirmedV2 has been set already), and if so, wraps the error in
-// a fallbackError with confirmedV2 set to false. Otherwise, it returns the
-// error unmodified.
-func allowV1Fallback(err error) error {
-	switch v := err.(type) {
-	case errcode.Errors:
-		if len(v) != 0 {
-			if v0, ok := v[0].(errcode.Error); ok && shouldV2Fallback(v0) {
-				return fallbackError{
-					err:         err,
-					confirmedV2: false,
-					transportOK: true,
-				}
-			}
-		}
-	case errcode.Error:
-		if shouldV2Fallback(v) {
-			return fallbackError{
-				err:         err,
-				confirmedV2: false,
-				transportOK: true,
-			}
-		}
-	case *url.Error:
-		if v.Err == auth.ErrNoBasicAuthCredentials {
-			return fallbackError{err: err, confirmedV2: false}
-		}
-	}
-
-	return err
-}
-
 func verifySchema1Manifest(signedManifest *schema1.SignedManifest, ref reference.Reference) (m *schema1.Manifest, err error) {
 	// If pull by digest, then verify the manifest digest. NOTE: It is
 	// important to do this first, before any other content validation. If the
@@ -962,7 +974,7 @@ func fixManifestLayers(m *schema1.Manifest) error {
 }
 
 func createDownloadFile() (*os.File, error) {
-	return ioutil.TempFile("", "GetImageBlob")
+	return os.CreateTemp("", "GetImageBlob")
 }
 
 func toOCIPlatform(p manifestlist.PlatformSpec) specs.Platform {
diff --git a/distribution/pull_v2_test.go b/distribution/pull_v2_test.go
index ca3470c8cfe8d..ac42858a7a349 100644
--- a/distribution/pull_v2_test.go
+++ b/distribution/pull_v2_test.go
@@ -2,17 +2,20 @@ package distribution // import "github.com/docker/docker/distribution"
 
 import (
 	"encoding/json"
-	"io/ioutil"
+	"fmt"
+	"os"
 	"reflect"
+	"regexp"
 	"runtime"
 	"strings"
 	"testing"
 
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/reference"
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // TestFixManifestLayers checks that fixManifestLayers removes a duplicate
@@ -122,7 +125,7 @@ func TestValidateManifest(t *testing.T) {
 
 	// Good manifest
 
-	goodManifestBytes, err := ioutil.ReadFile("fixtures/validate_manifest/good_manifest")
+	goodManifestBytes, err := os.ReadFile("fixtures/validate_manifest/good_manifest")
 	if err != nil {
 		t.Fatal("error reading fixture:", err)
 	}
@@ -144,7 +147,7 @@ func TestValidateManifest(t *testing.T) {
 
 	// "Extra data" manifest
 
-	extraDataManifestBytes, err := ioutil.ReadFile("fixtures/validate_manifest/extra_data_manifest")
+	extraDataManifestBytes, err := os.ReadFile("fixtures/validate_manifest/extra_data_manifest")
 	if err != nil {
 		t.Fatal("error reading fixture:", err)
 	}
@@ -166,7 +169,7 @@ func TestValidateManifest(t *testing.T) {
 
 	// Bad manifest
 
-	badManifestBytes, err := ioutil.ReadFile("fixtures/validate_manifest/bad_manifest")
+	badManifestBytes, err := os.ReadFile("fixtures/validate_manifest/bad_manifest")
 	if err != nil {
 		t.Fatal("error reading fixture:", err)
 	}
@@ -177,8 +180,28 @@ func TestValidateManifest(t *testing.T) {
 		t.Fatal("error unmarshaling manifest:", err)
 	}
 
-	verifiedManifest, err = verifySchema1Manifest(&badSignedManifest, expectedDigest)
+	_, err = verifySchema1Manifest(&badSignedManifest, expectedDigest)
 	if err == nil || !strings.HasPrefix(err.Error(), "image verification failed for digest") {
 		t.Fatal("expected validateManifest to fail with digest error")
 	}
 }
+
+func TestFormatPlatform(t *testing.T) {
+	var platform specs.Platform
+	var result = formatPlatform(platform)
+	if strings.HasPrefix(result, "unknown") {
+		t.Fatal("expected formatPlatform to show a known platform")
+	}
+	if !strings.HasPrefix(result, runtime.GOOS) {
+		t.Fatal("expected formatPlatform to show the current platform")
+	}
+	if runtime.GOOS == "windows" {
+		if !strings.HasPrefix(result, "windows") {
+			t.Fatal("expected formatPlatform to show windows platform")
+		}
+		matches, _ := regexp.MatchString("windows.* [0-9]", result)
+		if !matches {
+			t.Fatal(fmt.Sprintf("expected formatPlatform to show windows platform with a version, but got '%s'", result))
+		}
+	}
+}
diff --git a/distribution/pull_v2_unix.go b/distribution/pull_v2_unix.go
index adbaf41451280..e922292883e96 100644
--- a/distribution/pull_v2_unix.go
+++ b/distribution/pull_v2_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package distribution // import "github.com/docker/docker/distribution"
@@ -58,3 +59,10 @@ func withDefault(p specs.Platform) specs.Platform {
 	}
 	return p
 }
+
+func formatPlatform(platform specs.Platform) string {
+	if platform.OS == "" {
+		platform = platforms.DefaultSpec()
+	}
+	return platforms.Format(platform)
+}
diff --git a/distribution/pull_v2_windows.go b/distribution/pull_v2_windows.go
index 1ae167ef777d0..a6db4b9b9eac3 100644
--- a/distribution/pull_v2_windows.go
+++ b/distribution/pull_v2_windows.go
@@ -4,13 +4,15 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
-	"os"
 	"runtime"
 	"sort"
 	"strconv"
 	"strings"
 
+	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/containerd/containerd/platforms"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/schema2"
@@ -40,7 +42,7 @@ func (ld *v2LayerDescriptor) open(ctx context.Context) (distribution.ReadSeekClo
 	// We're done if the registry has this blob.
 	if err == nil {
 		// Seek does an HTTP GET.  If it succeeds, the blob really is accessible.
-		if _, err = rsc.Seek(0, os.SEEK_SET); err == nil {
+		if _, err = rsc.Seek(0, io.SeekStart); err == nil {
 			return rsc, nil
 		}
 		rsc.Close()
@@ -52,7 +54,7 @@ func (ld *v2LayerDescriptor) open(ctx context.Context) (distribution.ReadSeekClo
 		rsc = transport.NewHTTPReadSeeker(http.DefaultClient, url, nil)
 
 		// Seek does an HTTP GET.  If it succeeds, the blob really is accessible.
-		_, err = rsc.Seek(0, os.SEEK_SET)
+		_, err = rsc.Seek(0, io.SeekStart)
 		if err == nil {
 			break
 		}
@@ -64,7 +66,7 @@ func (ld *v2LayerDescriptor) open(ctx context.Context) (distribution.ReadSeekClo
 }
 
 func filterManifests(manifests []manifestlist.ManifestDescriptor, p specs.Platform) []manifestlist.ManifestDescriptor {
-	version := system.GetOSVersion()
+	version := osversion.Get()
 	osVersion := fmt.Sprintf("%d.%d.%d", version.MajorVersion, version.MinorVersion, version.Build)
 	logrus.Debugf("will prefer Windows entries with version %s", osVersion)
 
@@ -122,7 +124,7 @@ func (mbv manifestsByVersion) Swap(i, j int) {
 // Fixes https://github.com/moby/moby/issues/36184.
 func checkImageCompatibility(imageOS, imageOSVersion string) error {
 	if imageOS == "windows" {
-		hostOSV := system.GetOSVersion()
+		hostOSV := osversion.Get()
 		splitImageOSVersion := strings.Split(imageOSVersion, ".") // eg 10.0.16299.nnnn
 		if len(splitImageOSVersion) >= 3 {
 			if imageOSBuild, err := strconv.Atoi(splitImageOSVersion[2]); err == nil {
@@ -136,3 +138,10 @@ func checkImageCompatibility(imageOS, imageOSVersion string) error {
 	}
 	return nil
 }
+
+func formatPlatform(platform specs.Platform) string {
+	if platform.OS == "" {
+		platform = platforms.DefaultSpec()
+	}
+	return fmt.Sprintf("%s %s", platforms.Format(platform), osversion.Get().ToString())
+}
diff --git a/distribution/push.go b/distribution/push.go
index eb3bc5597462a..f64d0f822c080 100644
--- a/distribution/push.go
+++ b/distribution/push.go
@@ -41,13 +41,7 @@ func NewPusher(ref reference.Named, endpoint registry.APIEndpoint, repoInfo *reg
 			config:            imagePushConfig,
 		}, nil
 	case registry.APIVersion1:
-		return &v1Pusher{
-			v1IDService: metadata.NewV1IDService(imagePushConfig.MetadataStore),
-			ref:         ref,
-			endpoint:    endpoint,
-			repoInfo:    repoInfo,
-			config:      imagePushConfig,
-		}, nil
+		return nil, fmt.Errorf("protocol version %d no longer supported. Please contact admins of registry %s", endpoint.Version, endpoint.URL)
 	}
 	return nil, fmt.Errorf("unknown version %d for registry %s", endpoint.Version, endpoint.URL)
 }
@@ -79,11 +73,6 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
 	var (
 		lastErr error
 
-		// confirmedV2 is set to true if a push attempt managed to
-		// confirm that it was talking to a v2 registry. This will
-		// prevent fallback to the v1 protocol.
-		confirmedV2 bool
-
 		// confirmedTLSRegistries is a map indicating which registries
 		// are known to be using TLS. There should never be a plaintext
 		// retry for any of these.
@@ -91,14 +80,6 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
 	)
 
 	for _, endpoint := range endpoints {
-		if imagePushConfig.RequireSchema2 && endpoint.Version == registry.APIVersion1 {
-			continue
-		}
-		if confirmedV2 && endpoint.Version == registry.APIVersion1 {
-			logrus.Debugf("Skipping v1 endpoint %s because v2 registry was detected", endpoint.URL)
-			continue
-		}
-
 		if endpoint.URL.Scheme != "https" {
 			if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS {
 				logrus.Debugf("Skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL)
@@ -120,7 +101,6 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
 			case <-ctx.Done():
 			default:
 				if fallbackErr, ok := err.(fallbackError); ok {
-					confirmedV2 = confirmedV2 || fallbackErr.confirmedV2
 					if fallbackErr.transportOK && endpoint.URL.Scheme == "https" {
 						confirmedTLSRegistries[endpoint.URL.Host] = struct{}{}
 					}
diff --git a/distribution/push_v1.go b/distribution/push_v1.go
deleted file mode 100644
index 7bd75e9fe6c03..0000000000000
--- a/distribution/push_v1.go
+++ /dev/null
@@ -1,457 +0,0 @@
-package distribution // import "github.com/docker/docker/distribution"
-
-import (
-	"context"
-	"fmt"
-	"sync"
-
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/distribution/metadata"
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/image/v1"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/registry"
-	"github.com/opencontainers/go-digest"
-	"github.com/sirupsen/logrus"
-)
-
-type v1Pusher struct {
-	v1IDService *metadata.V1IDService
-	endpoint    registry.APIEndpoint
-	ref         reference.Named
-	repoInfo    *registry.RepositoryInfo
-	config      *ImagePushConfig
-	session     *registry.Session
-}
-
-func (p *v1Pusher) Push(ctx context.Context) error {
-	tlsConfig, err := p.config.RegistryService.TLSConfig(p.repoInfo.Index.Name)
-	if err != nil {
-		return err
-	}
-	// Adds Docker-specific headers as well as user-specified headers (metaHeaders)
-	tr := transport.NewTransport(
-		// TODO(tiborvass): was NoTimeout
-		registry.NewTransport(tlsConfig),
-		registry.Headers(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)...,
-	)
-	client := registry.HTTPClient(tr)
-	v1Endpoint := p.endpoint.ToV1Endpoint(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)
-	p.session, err = registry.NewSession(client, p.config.AuthConfig, v1Endpoint)
-	if err != nil {
-		// TODO(dmcgowan): Check if should fallback
-		return fallbackError{err: err}
-	}
-	if err := p.pushRepository(ctx); err != nil {
-		// TODO(dmcgowan): Check if should fallback
-		return err
-	}
-	return nil
-}
-
-// v1Image exposes the configuration, filesystem layer ID, and a v1 ID for an
-// image being pushed to a v1 registry.
-type v1Image interface {
-	Config() []byte
-	Layer() layer.Layer
-	V1ID() string
-}
-
-type v1ImageCommon struct {
-	layer  layer.Layer
-	config []byte
-	v1ID   string
-}
-
-func (common *v1ImageCommon) Config() []byte {
-	return common.config
-}
-
-func (common *v1ImageCommon) V1ID() string {
-	return common.v1ID
-}
-
-func (common *v1ImageCommon) Layer() layer.Layer {
-	return common.layer
-}
-
-// v1TopImage defines a runnable (top layer) image being pushed to a v1
-// registry.
-type v1TopImage struct {
-	v1ImageCommon
-	imageID image.ID
-}
-
-func newV1TopImage(imageID image.ID, img *image.Image, l layer.Layer, parent *v1DependencyImage) (*v1TopImage, error) {
-	v1ID := imageID.Digest().Hex()
-	parentV1ID := ""
-	if parent != nil {
-		parentV1ID = parent.V1ID()
-	}
-
-	config, err := v1.MakeV1ConfigFromConfig(img, v1ID, parentV1ID, false)
-	if err != nil {
-		return nil, err
-	}
-
-	return &v1TopImage{
-		v1ImageCommon: v1ImageCommon{
-			v1ID:   v1ID,
-			config: config,
-			layer:  l,
-		},
-		imageID: imageID,
-	}, nil
-}
-
-// v1DependencyImage defines a dependency layer being pushed to a v1 registry.
-type v1DependencyImage struct {
-	v1ImageCommon
-}
-
-func newV1DependencyImage(l layer.Layer, parent *v1DependencyImage) *v1DependencyImage {
-	v1ID := digest.Digest(l.ChainID()).Hex()
-
-	var config string
-	if parent != nil {
-		config = fmt.Sprintf(`{"id":"%s","parent":"%s"}`, v1ID, parent.V1ID())
-	} else {
-		config = fmt.Sprintf(`{"id":"%s"}`, v1ID)
-	}
-	return &v1DependencyImage{
-		v1ImageCommon: v1ImageCommon{
-			v1ID:   v1ID,
-			config: []byte(config),
-			layer:  l,
-		},
-	}
-}
-
-// Retrieve the all the images to be uploaded in the correct order
-func (p *v1Pusher) getImageList() (imageList []v1Image, tagsByImage map[image.ID][]string, referencedLayers []PushLayer, err error) {
-	tagsByImage = make(map[image.ID][]string)
-
-	// Ignore digest references
-	if _, isCanonical := p.ref.(reference.Canonical); isCanonical {
-		return
-	}
-
-	tagged, isTagged := p.ref.(reference.NamedTagged)
-	if isTagged {
-		// Push a specific tag
-		var imgID image.ID
-		var dgst digest.Digest
-		dgst, err = p.config.ReferenceStore.Get(p.ref)
-		if err != nil {
-			return
-		}
-		imgID = image.IDFromDigest(dgst)
-
-		imageList, err = p.imageListForTag(imgID, nil, &referencedLayers)
-		if err != nil {
-			return
-		}
-
-		tagsByImage[imgID] = []string{tagged.Tag()}
-
-		return
-	}
-
-	imagesSeen := make(map[digest.Digest]struct{})
-	dependenciesSeen := make(map[layer.ChainID]*v1DependencyImage)
-
-	associations := p.config.ReferenceStore.ReferencesByName(p.ref)
-	for _, association := range associations {
-		if tagged, isTagged = association.Ref.(reference.NamedTagged); !isTagged {
-			// Ignore digest references.
-			continue
-		}
-
-		imgID := image.IDFromDigest(association.ID)
-		tagsByImage[imgID] = append(tagsByImage[imgID], tagged.Tag())
-
-		if _, present := imagesSeen[association.ID]; present {
-			// Skip generating image list for already-seen image
-			continue
-		}
-		imagesSeen[association.ID] = struct{}{}
-
-		imageListForThisTag, err := p.imageListForTag(imgID, dependenciesSeen, &referencedLayers)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-
-		// append to main image list
-		imageList = append(imageList, imageListForThisTag...)
-	}
-	if len(imageList) == 0 {
-		return nil, nil, nil, fmt.Errorf("No images found for the requested repository / tag")
-	}
-	logrus.Debugf("Image list: %v", imageList)
-	logrus.Debugf("Tags by image: %v", tagsByImage)
-
-	return
-}
-
-func (p *v1Pusher) imageListForTag(imgID image.ID, dependenciesSeen map[layer.ChainID]*v1DependencyImage, referencedLayers *[]PushLayer) (imageListForThisTag []v1Image, err error) {
-	ics, ok := p.config.ImageStore.(*imageConfigStore)
-	if !ok {
-		return nil, fmt.Errorf("only image store images supported for v1 push")
-	}
-	img, err := ics.Store.Get(imgID)
-	if err != nil {
-		return nil, err
-	}
-
-	topLayerID := img.RootFS.ChainID()
-
-	if !system.IsOSSupported(img.OperatingSystem()) {
-		return nil, system.ErrNotSupportedOperatingSystem
-	}
-	pl, err := p.config.LayerStores[img.OperatingSystem()].Get(topLayerID)
-	*referencedLayers = append(*referencedLayers, pl)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get top layer from image: %v", err)
-	}
-
-	// V1 push is deprecated, only support existing layerstore layers
-	lsl, ok := pl.(*storeLayer)
-	if !ok {
-		return nil, fmt.Errorf("only layer store layers supported for v1 push")
-	}
-	l := lsl.Layer
-
-	dependencyImages, parent := generateDependencyImages(l.Parent(), dependenciesSeen)
-
-	topImage, err := newV1TopImage(imgID, img, l, parent)
-	if err != nil {
-		return nil, err
-	}
-
-	imageListForThisTag = append(dependencyImages, topImage)
-
-	return
-}
-
-func generateDependencyImages(l layer.Layer, dependenciesSeen map[layer.ChainID]*v1DependencyImage) (imageListForThisTag []v1Image, parent *v1DependencyImage) {
-	if l == nil {
-		return nil, nil
-	}
-
-	imageListForThisTag, parent = generateDependencyImages(l.Parent(), dependenciesSeen)
-
-	if dependenciesSeen != nil {
-		if dependencyImage, present := dependenciesSeen[l.ChainID()]; present {
-			// This layer is already on the list, we can ignore it
-			// and all its parents.
-			return imageListForThisTag, dependencyImage
-		}
-	}
-
-	dependencyImage := newV1DependencyImage(l, parent)
-	imageListForThisTag = append(imageListForThisTag, dependencyImage)
-
-	if dependenciesSeen != nil {
-		dependenciesSeen[l.ChainID()] = dependencyImage
-	}
-
-	return imageListForThisTag, dependencyImage
-}
-
-// createImageIndex returns an index of an image's layer IDs and tags.
-func createImageIndex(images []v1Image, tags map[image.ID][]string) []*registry.ImgData {
-	var imageIndex []*registry.ImgData
-	for _, img := range images {
-		v1ID := img.V1ID()
-
-		if topImage, isTopImage := img.(*v1TopImage); isTopImage {
-			if tags, hasTags := tags[topImage.imageID]; hasTags {
-				// If an image has tags you must add an entry in the image index
-				// for each tag
-				for _, tag := range tags {
-					imageIndex = append(imageIndex, &registry.ImgData{
-						ID:  v1ID,
-						Tag: tag,
-					})
-				}
-				continue
-			}
-		}
-
-		// If the image does not have a tag it still needs to be sent to the
-		// registry with an empty tag so that it is associated with the repository
-		imageIndex = append(imageIndex, &registry.ImgData{
-			ID:  v1ID,
-			Tag: "",
-		})
-	}
-	return imageIndex
-}
-
-// lookupImageOnEndpoint checks the specified endpoint to see if an image exists
-// and if it is absent then it sends the image id to the channel to be pushed.
-func (p *v1Pusher) lookupImageOnEndpoint(wg *sync.WaitGroup, endpoint string, images chan v1Image, imagesToPush chan string) {
-	defer wg.Done()
-	for image := range images {
-		v1ID := image.V1ID()
-		truncID := stringid.TruncateID(image.Layer().DiffID().String())
-		if err := p.session.LookupRemoteImage(v1ID, endpoint); err != nil {
-			logrus.Errorf("Error in LookupRemoteImage: %s", err)
-			imagesToPush <- v1ID
-			progress.Update(p.config.ProgressOutput, truncID, "Waiting")
-		} else {
-			progress.Update(p.config.ProgressOutput, truncID, "Already exists")
-		}
-	}
-}
-
-func (p *v1Pusher) pushImageToEndpoint(ctx context.Context, endpoint string, imageList []v1Image, tags map[image.ID][]string, repo *registry.RepositoryData) error {
-	workerCount := len(imageList)
-	// start a maximum of 5 workers to check if images exist on the specified endpoint.
-	if workerCount > 5 {
-		workerCount = 5
-	}
-	var (
-		wg           = &sync.WaitGroup{}
-		imageData    = make(chan v1Image, workerCount*2)
-		imagesToPush = make(chan string, workerCount*2)
-		pushes       = make(chan map[string]struct{}, 1)
-	)
-	for i := 0; i < workerCount; i++ {
-		wg.Add(1)
-		go p.lookupImageOnEndpoint(wg, endpoint, imageData, imagesToPush)
-	}
-	// start a go routine that consumes the images to push
-	go func() {
-		shouldPush := make(map[string]struct{})
-		for id := range imagesToPush {
-			shouldPush[id] = struct{}{}
-		}
-		pushes <- shouldPush
-	}()
-	for _, v1Image := range imageList {
-		imageData <- v1Image
-	}
-	// close the channel to notify the workers that there will be no more images to check.
-	close(imageData)
-	wg.Wait()
-	close(imagesToPush)
-	// wait for all the images that require pushes to be collected into a consumable map.
-	shouldPush := <-pushes
-	// finish by pushing any images and tags to the endpoint.  The order that the images are pushed
-	// is very important that is why we are still iterating over the ordered list of imageIDs.
-	for _, img := range imageList {
-		v1ID := img.V1ID()
-		if _, push := shouldPush[v1ID]; push {
-			if _, err := p.pushImage(ctx, img, endpoint); err != nil {
-				// FIXME: Continue on error?
-				return err
-			}
-		}
-		if topImage, isTopImage := img.(*v1TopImage); isTopImage {
-			for _, tag := range tags[topImage.imageID] {
-				progress.Messagef(p.config.ProgressOutput, "", "Pushing tag for rev [%s] on {%s}", stringid.TruncateID(v1ID), endpoint+"repositories/"+reference.Path(p.repoInfo.Name)+"/tags/"+tag)
-				if err := p.session.PushRegistryTag(p.repoInfo.Name, v1ID, tag, endpoint); err != nil {
-					return err
-				}
-			}
-		}
-	}
-	return nil
-}
-
-// pushRepository pushes layers that do not already exist on the registry.
-func (p *v1Pusher) pushRepository(ctx context.Context) error {
-	imgList, tags, referencedLayers, err := p.getImageList()
-	defer func() {
-		for _, l := range referencedLayers {
-			l.Release()
-		}
-	}()
-	if err != nil {
-		return err
-	}
-
-	imageIndex := createImageIndex(imgList, tags)
-	for _, data := range imageIndex {
-		logrus.Debugf("Pushing ID: %s with Tag: %s", data.ID, data.Tag)
-	}
-
-	// Register all the images in a repository with the registry
-	// If an image is not in this list it will not be associated with the repository
-	repoData, err := p.session.PushImageJSONIndex(p.repoInfo.Name, imageIndex, false, nil)
-	if err != nil {
-		return err
-	}
-	// push the repository to each of the endpoints only if it does not exist.
-	for _, endpoint := range repoData.Endpoints {
-		if err := p.pushImageToEndpoint(ctx, endpoint, imgList, tags, repoData); err != nil {
-			return err
-		}
-	}
-	_, err = p.session.PushImageJSONIndex(p.repoInfo.Name, imageIndex, true, repoData.Endpoints)
-	return err
-}
-
-func (p *v1Pusher) pushImage(ctx context.Context, v1Image v1Image, ep string) (checksum string, err error) {
-	l := v1Image.Layer()
-	v1ID := v1Image.V1ID()
-	truncID := stringid.TruncateID(l.DiffID().String())
-
-	jsonRaw := v1Image.Config()
-	progress.Update(p.config.ProgressOutput, truncID, "Pushing")
-
-	// General rule is to use ID for graph accesses and compatibilityID for
-	// calls to session.registry()
-	imgData := &registry.ImgData{
-		ID: v1ID,
-	}
-
-	// Send the json
-	if err := p.session.PushImageJSONRegistry(imgData, jsonRaw, ep); err != nil {
-		if err == registry.ErrAlreadyExists {
-			progress.Update(p.config.ProgressOutput, truncID, "Image already pushed, skipping")
-			return "", nil
-		}
-		return "", err
-	}
-
-	arch, err := l.TarStream()
-	if err != nil {
-		return "", err
-	}
-	defer arch.Close()
-
-	// don't care if this fails; best effort
-	size, _ := l.DiffSize()
-
-	// Send the layer
-	logrus.Debugf("rendered layer for %s of [%d] size", v1ID, size)
-
-	reader := progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, arch), p.config.ProgressOutput, size, truncID, "Pushing")
-	defer reader.Close()
-
-	checksum, checksumPayload, err := p.session.PushImageLayerRegistry(v1ID, reader, ep, jsonRaw)
-	if err != nil {
-		return "", err
-	}
-	imgData.Checksum = checksum
-	imgData.ChecksumPayload = checksumPayload
-	// Send the checksum
-	if err := p.session.PushImageChecksumRegistry(imgData, ep); err != nil {
-		return "", err
-	}
-
-	if err := p.v1IDService.Set(v1ID, p.repoInfo.Index.Name, l.DiffID()); err != nil {
-		logrus.Warnf("Could not set v1 ID mapping: %v", err)
-	}
-
-	progress.Update(p.config.ProgressOutput, truncID, "Image successfully pushed")
-	return imgData.Checksum, nil
-}
diff --git a/distribution/push_v2.go b/distribution/push_v2.go
index 9dc3e7a2a663f..60171de773b0b 100644
--- a/distribution/push_v2.go
+++ b/distribution/push_v2.go
@@ -2,9 +2,9 @@ package distribution // import "github.com/docker/docker/distribution"
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
+	"os"
 	"runtime"
 	"sort"
 	"strings"
@@ -24,7 +24,8 @@ import (
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/registry"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
@@ -52,16 +53,13 @@ type pushState struct {
 	// involve the same layers. It is also used to fill in digest and size
 	// information when building the manifest.
 	remoteLayers map[layer.DiffID]distribution.Descriptor
-	// confirmedV2 is set to true if we confirm we're talking to a v2
-	// registry. This is used to limit fallbacks to the v1 protocol.
-	confirmedV2 bool
-	hasAuthInfo bool
+	hasAuthInfo  bool
 }
 
 func (p *v2Pusher) Push(ctx context.Context) (err error) {
 	p.pushState.remoteLayers = make(map[layer.DiffID]distribution.Descriptor)
 
-	p.repo, p.pushState.confirmedV2, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "push", "pull")
+	p.repo, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "push", "pull")
 	p.pushState.hasAuthInfo = p.config.AuthConfig.RegistryToken != "" || (p.config.AuthConfig.Username != "" && p.config.AuthConfig.Password != "")
 	if err != nil {
 		logrus.Debugf("Error getting v2 registry: %v", err)
@@ -72,7 +70,6 @@ func (p *v2Pusher) Push(ctx context.Context) (err error) {
 		if continueOnError(err, p.endpoint.Mirror) {
 			return fallbackError{
 				err:         err,
-				confirmedV2: p.pushState.confirmedV2,
 				transportOK: true,
 			}
 		}
@@ -94,7 +91,7 @@ func (p *v2Pusher) pushV2Repository(ctx context.Context) (err error) {
 		return errors.New("cannot push a digest reference")
 	}
 
-	// Pull all tags
+	// Push all tags
 	pushed := 0
 	for _, association := range p.config.ReferenceStore.ReferencesByName(p.ref) {
 		if namedTagged, isNamedTagged := association.Ref.(reference.NamedTagged); isNamedTagged {
@@ -115,7 +112,7 @@ func (p *v2Pusher) pushV2Repository(ctx context.Context) (err error) {
 func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id digest.Digest) error {
 	logrus.Debugf("Pushing repository: %s", reference.FamiliarString(ref))
 
-	imgConfig, err := p.config.ImageStore.Get(id)
+	imgConfig, err := p.config.ImageStore.Get(ctx, id)
 	if err != nil {
 		return fmt.Errorf("could not find image from tag %s: %v", reference.FamiliarString(ref), err)
 	}
@@ -125,12 +122,7 @@ func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id
 		return fmt.Errorf("unable to get rootfs for image %s: %s", reference.FamiliarString(ref), err)
 	}
 
-	platform, err := p.config.ImageStore.PlatformFromConfig(imgConfig)
-	if err != nil {
-		return fmt.Errorf("unable to get platform for image %s: %s", reference.FamiliarString(ref), err)
-	}
-
-	l, err := p.config.LayerStores[platform.OS].Get(rootfs.ChainID())
+	l, err := p.config.LayerStores.Get(rootfs.ChainID())
 	if err != nil {
 		return fmt.Errorf("failed to get top layer from image: %v", err)
 	}
@@ -186,8 +178,21 @@ func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id
 			return err
 		}
 
+		// This is a temporary environment variables used in CI to allow pushing
+		// manifest v2 schema 1 images to test-registries used for testing *pulling*
+		// these images.
+		if os.Getenv("DOCKER_ALLOW_SCHEMA1_PUSH_DONOTUSE") == "" {
+			if err.Error() == "tag invalid" {
+				msg := "[DEPRECATED] support for pushing manifest v2 schema1 images has been removed. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/"
+				logrus.WithError(err).Error(msg)
+				return errors.Wrap(err, msg)
+			}
+			return err
+		}
+
 		logrus.Warnf("failed to upload schema2 manifest: %v - falling back to schema1", err)
 
+		// Note: this fallback is deprecated, see log messages below
 		manifestRef, err := reference.WithTag(p.repo.Named(), ref.Tag())
 		if err != nil {
 			return err
@@ -201,6 +206,11 @@ func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id
 		if _, err = manSvc.Put(ctx, manifest, putOptions...); err != nil {
 			return err
 		}
+
+		// schema2 failed but schema1 succeeded
+		msg := fmt.Sprintf("[DEPRECATION NOTICE] support for pushing manifest v2 schema1 images will be removed in an upcoming release. Please contact admins of the %s registry NOW to avoid future disruption. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/", reference.Domain(ref))
+		logrus.Warn(msg)
+		progress.Message(p.config.ProgressOutput, "", msg)
 	}
 
 	var canonicalManifest []byte
@@ -311,7 +321,8 @@ func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.
 	// Attempt to find another repository in the same registry to mount the layer from to avoid an unnecessary upload
 	candidates := getRepositoryMountCandidates(pd.repoInfo, pd.hmacKey, maxMountAttempts, v2Metadata)
 	isUnauthorizedError := false
-	for _, mountCandidate := range candidates {
+	for _, mc := range candidates {
+		mountCandidate := mc
 		logrus.Debugf("attempting to mount layer %s (%s) from %s", diffID, mountCandidate.Digest, mountCandidate.SourceRepository)
 		createOpts := []distribution.BlobCreateOption{}
 
@@ -351,7 +362,6 @@ func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.
 			err.Descriptor.MediaType = schema2.MediaTypeLayer
 
 			pd.pushState.Lock()
-			pd.pushState.confirmedV2 = true
 			pd.pushState.remoteLayers[diffID] = err.Descriptor
 			pd.pushState.Unlock()
 
@@ -456,7 +466,7 @@ func (pd *v2PushDescriptor) uploadUsingSession(
 	case schema2.MediaTypeLayer:
 	default:
 		reader.Close()
-		return distribution.Descriptor{}, fmt.Errorf("unsupported layer media type %s", m)
+		return distribution.Descriptor{}, xfer.DoNotRetry{Err: fmt.Errorf("unsupported layer media type %s", m)}
 	}
 
 	digester := digest.Canonical.Digester()
@@ -491,8 +501,6 @@ func (pd *v2PushDescriptor) uploadUsingSession(
 	}
 
 	pd.pushState.Lock()
-	// If Commit succeeded, that's an indication that the remote registry speaks the v2 protocol.
-	pd.pushState.confirmedV2 = true
 	pd.pushState.remoteLayers[diffID] = desc
 	pd.pushState.Unlock()
 
@@ -668,7 +676,6 @@ func (bla byLikeness) Swap(i, j int) {
 }
 func (bla byLikeness) Len() int { return len(bla.arr) }
 
-// nolint: interfacer
 func sortV2MetadataByLikenessAndAge(repoInfo reference.Named, hmacKey []byte, marr []metadata.V2Metadata) {
 	// reverse the metadata array to shift the newest entries to the beginning
 	for i := 0; i < len(marr)/2; i++ {
diff --git a/distribution/push_v2_test.go b/distribution/push_v2_test.go
index 436b4a1797fc0..99d29f0802669 100644
--- a/distribution/push_v2_test.go
+++ b/distribution/push_v2_test.go
@@ -17,7 +17,7 @@ import (
 	"github.com/docker/docker/pkg/progress"
 	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 )
 
 func TestGetRepositoryMountCandidates(t *testing.T) {
@@ -532,7 +532,7 @@ func TestWhenEmptyAuthConfig(t *testing.T) {
 					Scheme: "https",
 					Host:   "index.docker.io",
 				},
-				Version:      registry.APIVersion1,
+				Version:      registry.APIVersion2,
 				TrimHostname: true,
 			},
 		}
@@ -549,7 +549,7 @@ type mockBlobStoreWithCreate struct {
 }
 
 func (blob *mockBlobStoreWithCreate) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
-	return nil, errcode.Errors(append([]error{errcode.ErrorCodeUnauthorized.WithMessage("unauthorized")}))
+	return nil, errcode.Errors([]error{errcode.ErrorCodeUnauthorized.WithMessage("unauthorized")})
 }
 
 type mockRepoWithBlob struct {
diff --git a/distribution/registry.go b/distribution/registry.go
index d81530b75cbbf..651ae54249c34 100644
--- a/distribution/registry.go
+++ b/distribution/registry.go
@@ -16,7 +16,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/registry"
-	"github.com/docker/go-connections/sockets"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -56,7 +55,10 @@ func init() {
 // NewV2Repository returns a repository (v2 only). It creates an HTTP transport
 // providing timeout settings and authentication support, and also verifies the
 // remote API version.
-func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *types.AuthConfig, actions ...string) (repo distribution.Repository, foundVersion bool, err error) {
+func NewV2Repository(
+	ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint,
+	metaHeaders http.Header, authConfig *types.AuthConfig, actions ...string,
+) (repo distribution.Repository, err error) {
 	repoName := repoInfo.Name.Name()
 	// If endpoint does not support CanonicalName, use the RemoteName instead
 	if endpoint.TrimHostname {
@@ -72,31 +74,25 @@ func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, end
 	// TODO(dmcgowan): Call close idle connections when complete, use keep alive
 	base := &http.Transport{
 		Proxy:               http.ProxyFromEnvironment,
-		Dial:                direct.Dial,
+		DialContext:         direct.DialContext,
 		TLSHandshakeTimeout: 10 * time.Second,
 		TLSClientConfig:     endpoint.TLSConfig,
 		// TODO(dmcgowan): Call close idle connections when complete and use keep alive
 		DisableKeepAlives: true,
 	}
 
-	proxyDialer, err := sockets.DialerFromEnvironment(direct)
-	if err == nil {
-		base.Dial = proxyDialer.Dial
-	}
-
 	modifiers := registry.Headers(dockerversion.DockerUserAgent(ctx), metaHeaders)
 	authTransport := transport.NewTransport(base, modifiers...)
 
-	challengeManager, foundVersion, err := registry.PingV2Registry(endpoint.URL, authTransport)
+	challengeManager, err := registry.PingV2Registry(endpoint.URL, authTransport)
 	if err != nil {
 		transportOK := false
 		if responseErr, ok := err.(registry.PingResponseError); ok {
 			transportOK = true
 			err = responseErr.Err
 		}
-		return nil, foundVersion, fallbackError{
+		return nil, fallbackError{
 			err:         err,
-			confirmedV2: foundVersion,
 			transportOK: transportOK,
 		}
 	}
@@ -126,9 +122,8 @@ func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, end
 
 	repoNameRef, err := reference.WithName(repoName)
 	if err != nil {
-		return nil, foundVersion, fallbackError{
+		return nil, fallbackError{
 			err:         err,
-			confirmedV2: foundVersion,
 			transportOK: true,
 		}
 	}
@@ -137,7 +132,6 @@ func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, end
 	if err != nil {
 		err = fallbackError{
 			err:         err,
-			confirmedV2: foundVersion,
 			transportOK: true,
 		}
 	}
diff --git a/distribution/registry_unit_test.go b/distribution/registry_unit_test.go
index 3651c4688bde5..3cbd09f5621bb 100644
--- a/distribution/registry_unit_test.go
+++ b/distribution/registry_unit_test.go
@@ -69,13 +69,13 @@ func testTokenPassThru(t *testing.T, ts *httptest.Server) {
 		},
 		Schema2Types: ImageTypes,
 	}
-	puller, err := newPuller(endpoint, repoInfo, imagePullConfig)
+	puller, err := newPuller(endpoint, repoInfo, imagePullConfig, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
 	p := puller.(*v2Puller)
 	ctx := context.Background()
-	p.repo, _, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
+	p.repo, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -83,7 +83,7 @@ func testTokenPassThru(t *testing.T, ts *httptest.Server) {
 	logrus.Debug("About to pull")
 	// We expect it to fail, since we haven't mock'd the full registry exchange in our handler above
 	tag, _ := reference.WithTag(n, "tag_goes_here")
-	_ = p.pullV2Repository(ctx, tag, nil)
+	_ = p.pullV2Repository(ctx, tag)
 }
 
 func TestTokenPassThru(t *testing.T) {
diff --git a/distribution/xfer/download.go b/distribution/xfer/download.go
index e8cda93628b16..847152d081b8b 100644
--- a/distribution/xfer/download.go
+++ b/distribution/xfer/download.go
@@ -24,9 +24,10 @@ const maxDownloadAttempts = 5
 // registers and downloads those, taking into account dependencies between
 // layers.
 type LayerDownloadManager struct {
-	layerStores  map[string]layer.Store
-	tm           TransferManager
-	waitDuration time.Duration
+	layerStore          layer.Store
+	tm                  TransferManager
+	waitDuration        time.Duration
+	maxDownloadAttempts int
 }
 
 // SetConcurrency sets the max concurrent downloads for each pull
@@ -35,11 +36,12 @@ func (ldm *LayerDownloadManager) SetConcurrency(concurrency int) {
 }
 
 // NewLayerDownloadManager returns a new LayerDownloadManager.
-func NewLayerDownloadManager(layerStores map[string]layer.Store, concurrencyLimit int, options ...func(*LayerDownloadManager)) *LayerDownloadManager {
+func NewLayerDownloadManager(layerStore layer.Store, concurrencyLimit int, options ...func(*LayerDownloadManager)) *LayerDownloadManager {
 	manager := LayerDownloadManager{
-		layerStores:  layerStores,
-		tm:           NewTransferManager(concurrencyLimit),
-		waitDuration: time.Second,
+		layerStore:          layerStore,
+		tm:                  NewTransferManager(concurrencyLimit),
+		waitDuration:        time.Second,
+		maxDownloadAttempts: maxDownloadAttempts,
 	}
 	for _, option := range options {
 		option(&manager)
@@ -47,6 +49,14 @@ func NewLayerDownloadManager(layerStores map[string]layer.Store, concurrencyLimi
 	return &manager
 }
 
+// WithMaxDownloadAttempts configures the maximum number of download
+// attempts for a download manager.
+func WithMaxDownloadAttempts(max int) func(*LayerDownloadManager) {
+	return func(dlm *LayerDownloadManager) {
+		dlm.maxDownloadAttempts = max
+	}
+}
+
 type downloadTransfer struct {
 	Transfer
 
@@ -108,6 +118,7 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 
 	// Assume that the operating system is the host OS if blank, and validate it
 	// to ensure we don't cause a panic by an invalid index into the layerstores.
+	// TODO remove now that LCOW is no longer a thing
 	if os == "" {
 		os = runtime.GOOS
 	}
@@ -126,13 +137,13 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 			if err == nil {
 				getRootFS := rootFS
 				getRootFS.Append(diffID)
-				l, err := ldm.layerStores[os].Get(getRootFS.ChainID())
+				l, err := ldm.layerStore.Get(getRootFS.ChainID())
 				if err == nil {
 					// Layer already exists.
 					logrus.Debugf("Layer already exists: %s", descriptor.ID())
 					progress.Update(progressOutput, descriptor.ID(), "Already exists")
 					if topLayer != nil {
-						layer.ReleaseAndLog(ldm.layerStores[os], topLayer)
+						layer.ReleaseAndLog(ldm.layerStore, topLayer)
 					}
 					topLayer = l
 					missingLayer = false
@@ -151,7 +162,7 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 		// the stack? If so, avoid downloading it more than once.
 		var topDownloadUncasted Transfer
 		if existingDownload, ok := downloadsByKey[key]; ok {
-			xferFunc := ldm.makeDownloadFuncFromDownload(descriptor, existingDownload, topDownload, os)
+			xferFunc := ldm.makeDownloadFuncFromDownload(descriptor, existingDownload, topDownload)
 			defer topDownload.Transfer.Release(watcher)
 			topDownloadUncasted, watcher = ldm.tm.Transfer(transferKey, xferFunc, progressOutput)
 			topDownload = topDownloadUncasted.(*downloadTransfer)
@@ -163,10 +174,10 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 
 		var xferFunc DoFunc
 		if topDownload != nil {
-			xferFunc = ldm.makeDownloadFunc(descriptor, "", topDownload, os)
+			xferFunc = ldm.makeDownloadFunc(descriptor, "", topDownload)
 			defer topDownload.Transfer.Release(watcher)
 		} else {
-			xferFunc = ldm.makeDownloadFunc(descriptor, rootFS.ChainID(), nil, os)
+			xferFunc = ldm.makeDownloadFunc(descriptor, rootFS.ChainID(), nil)
 		}
 		topDownloadUncasted, watcher = ldm.tm.Transfer(transferKey, xferFunc, progressOutput)
 		topDownload = topDownloadUncasted.(*downloadTransfer)
@@ -176,7 +187,7 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 	if topDownload == nil {
 		return rootFS, func() {
 			if topLayer != nil {
-				layer.ReleaseAndLog(ldm.layerStores[os], topLayer)
+				layer.ReleaseAndLog(ldm.layerStore, topLayer)
 			}
 		}, nil
 	}
@@ -187,7 +198,7 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 
 	defer func() {
 		if topLayer != nil {
-			layer.ReleaseAndLog(ldm.layerStores[os], topLayer)
+			layer.ReleaseAndLog(ldm.layerStore, topLayer)
 		}
 	}()
 
@@ -223,11 +234,11 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 // complete before the registration step, and registers the downloaded data
 // on top of parentDownload's resulting layer. Otherwise, it registers the
 // layer on top of the ChainID given by parentLayer.
-func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor, parentLayer layer.ChainID, parentDownload *downloadTransfer, os string) DoFunc {
+func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor, parentLayer layer.ChainID, parentDownload *downloadTransfer) DoFunc {
 	return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
 		d := &downloadTransfer{
 			Transfer:   NewTransfer(),
-			layerStore: ldm.layerStores[os],
+			layerStore: ldm.layerStore,
 		}
 
 		go func() {
@@ -283,13 +294,13 @@ func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor,
 				}
 
 				retries++
-				if _, isDNR := err.(DoNotRetry); isDNR || retries == maxDownloadAttempts {
-					logrus.Errorf("Download failed: %v", err)
+				if _, isDNR := err.(DoNotRetry); isDNR || retries > ldm.maxDownloadAttempts {
+					logrus.Errorf("Download failed after %d attempts: %v", retries, err)
 					d.err = err
 					return
 				}
 
-				logrus.Errorf("Download failed, retrying: %v", err)
+				logrus.Infof("Download failed, retrying (%d/%d): %v", retries, ldm.maxDownloadAttempts, err)
 				delay := retries * 5
 				ticker := time.NewTicker(ldm.waitDuration)
 
@@ -387,11 +398,11 @@ func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor,
 // parentDownload. This function does not log progress output because it would
 // interfere with the progress reporting for sourceDownload, which has the same
 // Key.
-func (ldm *LayerDownloadManager) makeDownloadFuncFromDownload(descriptor DownloadDescriptor, sourceDownload *downloadTransfer, parentDownload *downloadTransfer, os string) DoFunc {
+func (ldm *LayerDownloadManager) makeDownloadFuncFromDownload(descriptor DownloadDescriptor, sourceDownload *downloadTransfer, parentDownload *downloadTransfer) DoFunc {
 	return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
 		d := &downloadTransfer{
 			Transfer:   NewTransfer(),
-			layerStore: ldm.layerStores[os],
+			layerStore: ldm.layerStore,
 		}
 
 		go func() {
diff --git a/distribution/xfer/download_test.go b/distribution/xfer/download_test.go
index 4ab3705af6a1f..fbf7f541afac6 100644
--- a/distribution/xfer/download_test.go
+++ b/distribution/xfer/download_test.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"runtime"
 	"sync/atomic"
 	"testing"
@@ -16,7 +15,8 @@ import (
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/progress"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
 )
 
 const maxDownloadConcurrency = 3
@@ -26,11 +26,10 @@ type mockLayer struct {
 	diffID    layer.DiffID
 	chainID   layer.ChainID
 	parent    layer.Layer
-	os        string
 }
 
 func (ml *mockLayer) TarStream() (io.ReadCloser, error) {
-	return ioutil.NopCloser(bytes.NewBuffer(ml.layerData.Bytes())), nil
+	return io.NopCloser(bytes.NewBuffer(ml.layerData.Bytes())), nil
 }
 
 func (ml *mockLayer) TarStreamFrom(layer.ChainID) (io.ReadCloser, error) {
@@ -161,6 +160,7 @@ type mockDownloadDescriptor struct {
 	registeredDiffID layer.DiffID
 	expectedDiffID   layer.DiffID
 	simulateRetries  int
+	retries          int
 }
 
 // Key returns the key used to deduplicate downloads.
@@ -191,7 +191,7 @@ func (d *mockDownloadDescriptor) mockTarStream() io.ReadCloser {
 	// The mock implementation returns the ID repeated 5 times as a tar
 	// stream instead of actual tar data. The data is ignored except for
 	// computing IDs.
-	return ioutil.NopCloser(bytes.NewBuffer([]byte(d.id + d.id + d.id + d.id + d.id)))
+	return io.NopCloser(bytes.NewBuffer([]byte(d.id + d.id + d.id + d.id + d.id)))
 }
 
 // Download is called to perform the download.
@@ -214,9 +214,9 @@ func (d *mockDownloadDescriptor) Download(ctx context.Context, progressOutput pr
 		}
 	}
 
-	if d.simulateRetries != 0 {
-		d.simulateRetries--
-		return nil, 0, errors.New("simulating retry")
+	if d.retries < d.simulateRetries {
+		d.retries++
+		return nil, 0, fmt.Errorf("simulating download attempt %d/%d", d.retries, d.simulateRetries)
 	}
 
 	return d.mockTarStream(), 0, nil
@@ -268,9 +268,7 @@ func TestSuccessfulDownload(t *testing.T) {
 	}
 
 	layerStore := &mockLayerStore{make(map[layer.ChainID]*mockLayer)}
-	lsMap := make(map[string]layer.Store)
-	lsMap[runtime.GOOS] = layerStore
-	ldm := NewLayerDownloadManager(lsMap, maxDownloadConcurrency, func(m *LayerDownloadManager) { m.waitDuration = time.Millisecond })
+	ldm := NewLayerDownloadManager(layerStore, maxDownloadConcurrency, func(m *LayerDownloadManager) { m.waitDuration = time.Millisecond })
 
 	progressChan := make(chan progress.Progress)
 	progressDone := make(chan struct{})
@@ -332,9 +330,7 @@ func TestSuccessfulDownload(t *testing.T) {
 
 func TestCancelledDownload(t *testing.T) {
 	layerStore := &mockLayerStore{make(map[layer.ChainID]*mockLayer)}
-	lsMap := make(map[string]layer.Store)
-	lsMap[runtime.GOOS] = layerStore
-	ldm := NewLayerDownloadManager(lsMap, maxDownloadConcurrency, func(m *LayerDownloadManager) { m.waitDuration = time.Millisecond })
+	ldm := NewLayerDownloadManager(layerStore, maxDownloadConcurrency, func(m *LayerDownloadManager) { m.waitDuration = time.Millisecond })
 	progressChan := make(chan progress.Progress)
 	progressDone := make(chan struct{})
 
@@ -360,3 +356,68 @@ func TestCancelledDownload(t *testing.T) {
 	close(progressChan)
 	<-progressDone
 }
+
+func TestMaxDownloadAttempts(t *testing.T) {
+	tests := []struct {
+		name                string
+		simulateRetries     int
+		maxDownloadAttempts int
+		expectedErr         string
+	}{
+		{
+			name:                "max-attempts=5, succeed at 2nd attempt",
+			simulateRetries:     2,
+			maxDownloadAttempts: 5,
+		},
+		{
+			name:                "max-attempts=5, succeed at 5th attempt",
+			simulateRetries:     5,
+			maxDownloadAttempts: 5,
+		},
+		{
+			name:                "max-attempts=5, fail at 6th attempt",
+			simulateRetries:     6,
+			maxDownloadAttempts: 5,
+			expectedErr:         "simulating download attempt 5/6",
+		},
+		{
+			name:                "max-attempts=0, fail after 1 attempt",
+			simulateRetries:     1,
+			maxDownloadAttempts: 0,
+			expectedErr:         "simulating download attempt 1/1",
+		},
+	}
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			layerStore := &mockLayerStore{make(map[layer.ChainID]*mockLayer)}
+			ldm := NewLayerDownloadManager(
+				layerStore,
+				maxDownloadConcurrency,
+				func(m *LayerDownloadManager) {
+					m.waitDuration = time.Millisecond
+					m.maxDownloadAttempts = tc.maxDownloadAttempts
+				})
+
+			progressChan := make(chan progress.Progress)
+			progressDone := make(chan struct{})
+
+			go func() {
+				for range progressChan {
+				}
+				close(progressDone)
+			}()
+
+			var currentDownloads int32
+			descriptors := downloadDescriptors(&currentDownloads)
+			descriptors[4].(*mockDownloadDescriptor).simulateRetries = tc.simulateRetries
+
+			_, _, err := ldm.Download(context.Background(), *image.NewRootFS(), runtime.GOOS, descriptors, progress.ChanOutput(progressChan))
+			if tc.expectedErr == "" {
+				assert.NilError(t, err)
+			} else {
+				assert.Error(t, err, tc.expectedErr)
+			}
+		})
+	}
+}
diff --git a/distribution/xfer/transfer.go b/distribution/xfer/transfer.go
index c356fde8d3b10..82df793ebe43f 100644
--- a/distribution/xfer/transfer.go
+++ b/distribution/xfer/transfer.go
@@ -42,7 +42,7 @@ type Transfer interface {
 	Close()
 	Done() <-chan struct{}
 	Released() <-chan struct{}
-	Broadcast(masterProgressChan <-chan progress.Progress)
+	Broadcast(mainProgressChan <-chan progress.Progress)
 }
 
 type transfer struct {
@@ -66,7 +66,7 @@ type transfer struct {
 	// the transfer is no longer tracked by the transfer manager.
 	released chan struct{}
 
-	// broadcastDone is true if the master progress channel has closed.
+	// broadcastDone is true if the main progress channel has closed.
 	broadcastDone bool
 	// closed is true if Close has been called
 	closed bool
@@ -95,14 +95,14 @@ func NewTransfer() Transfer {
 }
 
 // Broadcast copies the progress and error output to all viewers.
-func (t *transfer) Broadcast(masterProgressChan <-chan progress.Progress) {
+func (t *transfer) Broadcast(mainProgressChan <-chan progress.Progress) {
 	for {
 		var (
 			p  progress.Progress
 			ok bool
 		)
 		select {
-		case p, ok = <-masterProgressChan:
+		case p, ok = <-mainProgressChan:
 		default:
 			// We've depleted the channel, so now we can handle
 			// reads on broadcastSyncChan to let detaching watchers
@@ -110,7 +110,7 @@ func (t *transfer) Broadcast(masterProgressChan <-chan progress.Progress) {
 			select {
 			case <-t.broadcastSyncChan:
 				continue
-			case p, ok = <-masterProgressChan:
+			case p, ok = <-mainProgressChan:
 			}
 		}
 
@@ -353,10 +353,10 @@ func (tm *transferManager) Transfer(key string, xferFunc DoFunc, progressOutput
 		tm.waitingTransfers = append(tm.waitingTransfers, start)
 	}
 
-	masterProgressChan := make(chan progress.Progress)
-	xfer := xferFunc(masterProgressChan, start, inactive)
+	mainProgressChan := make(chan progress.Progress)
+	xfer := xferFunc(mainProgressChan, start, inactive)
 	watcher := xfer.Watch(progressOutput)
-	go xfer.Broadcast(masterProgressChan)
+	go xfer.Broadcast(mainProgressChan)
 	tm.transfers[key] = xfer
 
 	// When the transfer is finished, remove from the map.
diff --git a/distribution/xfer/transfer_test.go b/distribution/xfer/transfer_test.go
index a86e27959ea08..f8f8e96fe0fa3 100644
--- a/distribution/xfer/transfer_test.go
+++ b/distribution/xfer/transfer_test.go
@@ -10,11 +10,11 @@ import (
 
 func TestTransfer(t *testing.T) {
 	makeXferFunc := func(id string) DoFunc {
-		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, _ chan<- struct{}) Transfer {
 			select {
 			case <-start:
 			default:
-				t.Fatalf("transfer function not started even though concurrency limit not reached")
+				t.Errorf("%s: transfer function not started even though concurrency limit not reached", id)
 			}
 
 			xfer := NewTransfer()
@@ -38,7 +38,7 @@ func TestTransfer(t *testing.T) {
 		for p := range progressChan {
 			val, present := receivedProgress[p.ID]
 			if present && p.Current <= val {
-				t.Fatalf("got unexpected progress value: %d (expected %d)", p.Current, val+1)
+				t.Errorf("%s: got unexpected progress value: %d (expected <= %d)", p.ID, p.Current, val)
 			}
 			receivedProgress[p.ID] = p.Current
 		}
@@ -72,13 +72,13 @@ func TestConcurrencyLimit(t *testing.T) {
 	var runningJobs int32
 
 	makeXferFunc := func(id string) DoFunc {
-		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, _ chan<- struct{}) Transfer {
 			xfer := NewTransfer()
 			go func() {
 				<-start
 				totalJobs := atomic.AddInt32(&runningJobs, 1)
 				if int(totalJobs) > concurrencyLimit {
-					t.Fatalf("too many jobs running")
+					t.Errorf("%s: too many jobs running (%d > %d)", id, totalJobs, concurrencyLimit)
 				}
 				for i := 0; i <= 10; i++ {
 					progressChan <- progress.Progress{ID: id, Action: "testing", Current: int64(i), Total: 10}
@@ -137,7 +137,7 @@ func TestInactiveJobs(t *testing.T) {
 				<-start
 				totalJobs := atomic.AddInt32(&runningJobs, 1)
 				if int(totalJobs) > concurrencyLimit {
-					t.Fatalf("too many jobs running")
+					t.Errorf("%s: too many jobs running (%d > %d)", id, totalJobs, concurrencyLimit)
 				}
 				for i := 0; i <= 10; i++ {
 					progressChan <- progress.Progress{ID: id, Action: "testing", Current: int64(i), Total: 10}
@@ -191,7 +191,7 @@ func TestWatchRelease(t *testing.T) {
 	ready := make(chan struct{})
 
 	makeXferFunc := func(id string) DoFunc {
-		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, _ chan<- struct{}) Transfer {
 			xfer := NewTransfer()
 			go func() {
 				defer func() {
@@ -280,7 +280,7 @@ func TestWatchRelease(t *testing.T) {
 
 func TestWatchFinishedTransfer(t *testing.T) {
 	makeXferFunc := func(id string) DoFunc {
-		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+		return func(progressChan chan<- progress.Progress, _ <-chan struct{}, _ chan<- struct{}) Transfer {
 			xfer := NewTransfer()
 			go func() {
 				// Finish immediately
@@ -322,7 +322,7 @@ func TestDuplicateTransfer(t *testing.T) {
 	var xferFuncCalls int32
 
 	makeXferFunc := func(id string) DoFunc {
-		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+		return func(progressChan chan<- progress.Progress, _ <-chan struct{}, _ chan<- struct{}) Transfer {
 			atomic.AddInt32(&xferFuncCalls, 1)
 			xfer := NewTransfer()
 			go func() {
diff --git a/dockerversion/version_lib.go b/dockerversion/version_lib.go
index b7d46504445c7..96954560cd9b7 100644
--- a/dockerversion/version_lib.go
+++ b/dockerversion/version_lib.go
@@ -1,16 +1,16 @@
+//go:build !autogen
 // +build !autogen
 
 // Package dockerversion is auto-generated at build-time
 package dockerversion // import "github.com/docker/docker/dockerversion"
 
 // Default build-time variable for library-import.
-// This file is overridden on build with build-time information.
-const (
+// These variables are overridden on build with build-time information.
+var (
 	GitCommit             = "library-import"
 	Version               = "library-import"
 	BuildTime             = "library-import"
 	IAmStatic             = "library-import"
-	InitCommitID          = "library-import"
 	PlatformName          = ""
 	ProductName           = ""
 	DefaultProductLicense = ""
diff --git a/docs/api/v1.18.md b/docs/api/v1.18.md
index 327701427a1eb..dc5970125f808 100644
--- a/docs/api/v1.18.md
+++ b/docs/api/v1.18.md
@@ -19,7 +19,7 @@ redirect_from:
 ## 1. Brief introduction
 
  - The daemon listens on `unix:///var/run/docker.sock` but you can
-   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+   [Bind Docker to another host/port or a Unix socket](https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-host-port-or-a-unix-socket).
  - The API tends to be REST, but for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
@@ -317,7 +317,7 @@ Create a container
 
 -   **201** – no error
 -   **400** – bad parameter
--   **404** – no such container
+-   **404** – no such image
 -   **406** – impossible to attach (container not running)
 -   **409** – conflict
 -   **500** – server error
@@ -1234,7 +1234,7 @@ the path to the alternate build instructions file to use.
 
 The archive may include any number of other files,
 which are accessible in the build context (See the [*ADD build
-command*](../reference/builder.md#add)).
+command*](https://docs.docker.com/engine/reference/builder/#add)).
 
 The Docker daemon performs a preliminary validation of the `Dockerfile` before
 starting the build, and returns an error if the syntax is incorrect. After that,
diff --git a/docs/api/v1.19.md b/docs/api/v1.19.md
index f3d44555a527d..85207d52f4af6 100644
--- a/docs/api/v1.19.md
+++ b/docs/api/v1.19.md
@@ -19,7 +19,7 @@ redirect_from:
 ## 1. Brief introduction
 
  - The daemon listens on `unix:///var/run/docker.sock` but you can
-   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+   [Bind Docker to another host/port or a Unix socket](https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-host-port-or-a-unix-socket).
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
@@ -327,7 +327,7 @@ Create a container
 
 -   **201** – no error
 -   **400** – bad parameter
--   **404** – no such container
+-   **404** – no such image
 -   **406** – impossible to attach (container not running)
 -   **409** – conflict
 -   **500** – server error
@@ -1276,7 +1276,7 @@ the path to the alternate build instructions file to use.
 
 The archive may include any number of other files,
 which are accessible in the build context (See the [*ADD build
-command*](../reference/builder.md#add)).
+command*](https://docs.docker.com/engine/reference/builder/#add)).
 
 The Docker daemon performs a preliminary validation of the `Dockerfile` before
 starting the build, and returns an error if the syntax is incorrect. After that,
diff --git a/docs/api/v1.20.md b/docs/api/v1.20.md
index 199428121bc64..27d99995e6899 100644
--- a/docs/api/v1.20.md
+++ b/docs/api/v1.20.md
@@ -19,7 +19,7 @@ redirect_from:
 ## 1. Brief introduction
 
  - The daemon listens on `unix:///var/run/docker.sock` but you can
-   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+   [Bind Docker to another host/port or a Unix socket](https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-host-port-or-a-unix-socket).
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
@@ -331,7 +331,7 @@ Create a container
 
 -   **201** – no error
 -   **400** – bad parameter
--   **404** – no such container
+-   **404** – no such image
 -   **406** – impossible to attach (container not running)
 -   **409** – conflict
 -   **500** – server error
@@ -1407,7 +1407,7 @@ the path to the alternate build instructions file to use.
 
 The archive may include any number of other files,
 which are accessible in the build context (See the [*ADD build
-command*](../reference/builder.md#add)).
+command*](https://docs.docker.com/engine/reference/builder/#add)).
 
 The Docker daemon performs a preliminary validation of the `Dockerfile` before
 starting the build, and returns an error if the syntax is incorrect. After that,
diff --git a/docs/api/v1.21.md b/docs/api/v1.21.md
index 3ecfd3b9f9e33..3866da3bf6f66 100644
--- a/docs/api/v1.21.md
+++ b/docs/api/v1.21.md
@@ -19,7 +19,7 @@ redirect_from:
 ## 1. Brief introduction
 
  - The daemon listens on `unix:///var/run/docker.sock` but you can
-   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+   [Bind Docker to another host/port or a Unix socket](https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-host-port-or-a-unix-socket).
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
@@ -352,7 +352,7 @@ Create a container
 
 -   **201** – no error
 -   **400** – bad parameter
--   **404** – no such container
+-   **404** – no such image
 -   **406** – impossible to attach (container not running)
 -   **409** – conflict
 -   **500** – server error
@@ -1488,7 +1488,7 @@ the path to the alternate build instructions file to use.
 
 The archive may include any number of other files,
 which are accessible in the build context (See the [*ADD build
-command*](../reference/builder.md#add)).
+command*](https://docs.docker.com/engine/reference/builder/#add)).
 
 The Docker daemon performs a preliminary validation of the `Dockerfile` before
 starting the build, and returns an error if the syntax is incorrect. After that,
@@ -1526,7 +1526,7 @@ or being killed.
         these values at build-time. Docker uses the `buildargs` as the environment
         context for command(s) run via the Dockerfile's `RUN` instruction or for
         variable expansion in other Dockerfile instructions. This is not meant for
-        passing secret values. [Read more about the buildargs instruction](../reference/builder.md#arg)
+        passing secret values. [Read more about the buildargs instruction](https://docs.docker.com/engine/reference/builder/#arg)
 
 **Request Headers**:
 
diff --git a/docs/api/v1.22.md b/docs/api/v1.22.md
index fc19c9f0afc07..b0f0bc88bba2f 100644
--- a/docs/api/v1.22.md
+++ b/docs/api/v1.22.md
@@ -19,7 +19,7 @@ redirect_from:
 ## 1. Brief introduction
 
  - The daemon listens on `unix:///var/run/docker.sock` but you can
-   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+   [Bind Docker to another host/port or a Unix socket](https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-host-port-or-a-unix-socket).
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
@@ -467,7 +467,7 @@ Create a container
 
 -   **201** – no error
 -   **400** – bad parameter
--   **404** – no such container
+-   **404** – no such image
 -   **406** – impossible to attach (container not running)
 -   **409** – conflict
 -   **500** – server error
@@ -1669,7 +1669,7 @@ the path to the alternate build instructions file to use.
 
 The archive may include any number of other files,
 which are accessible in the build context (See the [*ADD build
-command*](../reference/builder.md#add)).
+command*](https://docs.docker.com/engine/reference/builder/#add)).
 
 The Docker daemon performs a preliminary validation of the `Dockerfile` before
 starting the build, and returns an error if the syntax is incorrect. After that,
@@ -1707,7 +1707,7 @@ or being killed.
         these values at build-time. Docker uses the `buildargs` as the environment
         context for command(s) run via the Dockerfile's `RUN` instruction or for
         variable expansion in other Dockerfile instructions. This is not meant for
-        passing secret values. [Read more about the buildargs instruction](../reference/builder.md#arg)
+        passing secret values. [Read more about the buildargs instruction](https://docs.docker.com/engine/reference/builder/#arg)
 -   **shmsize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
 
 **Request Headers**:
diff --git a/docs/api/v1.23.md b/docs/api/v1.23.md
index 218734aea60aa..f0859fcf814d6 100644
--- a/docs/api/v1.23.md
+++ b/docs/api/v1.23.md
@@ -19,7 +19,7 @@ redirect_from:
 ## 1. Brief introduction
 
  - The daemon listens on `unix:///var/run/docker.sock` but you can
-   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+   [Bind Docker to another host/port or a Unix socket](https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-host-port-or-a-unix-socket).
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
@@ -493,7 +493,7 @@ Create a container
 
 -   **201** – no error
 -   **400** – bad parameter
--   **404** – no such container
+-   **404** – no such image
 -   **406** – impossible to attach (container not running)
 -   **409** – conflict
 -   **500** – server error
@@ -1703,7 +1703,7 @@ the path to the alternate build instructions file to use.
 
 The archive may include any number of other files,
 which are accessible in the build context (See the [*ADD build
-command*](../reference/builder.md#add)).
+command*](https://docs.docker.com/engine/reference/builder/#add)).
 
 The Docker daemon performs a preliminary validation of the `Dockerfile` before
 starting the build, and returns an error if the syntax is incorrect. After that,
@@ -1741,7 +1741,7 @@ or being killed.
         these values at build-time. Docker uses the `buildargs` as the environment
         context for command(s) run via the Dockerfile's `RUN` instruction or for
         variable expansion in other Dockerfile instructions. This is not meant for
-        passing secret values. [Read more about the buildargs instruction](../reference/builder.md#arg)
+        passing secret values. [Read more about the buildargs instruction](https://docs.docker.com/engine/reference/builder/#arg)
 -   **shmsize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
 -   **labels** – JSON map of string pairs for labels to set on the image.
 
diff --git a/docs/api/v1.24.md b/docs/api/v1.24.md
index e320020ed6d68..5ee0600c04ea7 100644
--- a/docs/api/v1.24.md
+++ b/docs/api/v1.24.md
@@ -19,7 +19,7 @@ redirect_from:
 ## 1. Brief introduction
 
  - The daemon listens on `unix:///var/run/docker.sock` but you can
-   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+   [Bind Docker to another host/port or a Unix socket](https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-host-port-or-a-unix-socket).
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
@@ -535,7 +535,7 @@ Create a container
 
 -   **201** – no error
 -   **400** – bad parameter
--   **404** – no such container
+-   **404** – no such image
 -   **406** – impossible to attach (container not running)
 -   **409** – conflict
 -   **500** – server error
@@ -1718,7 +1718,7 @@ the path to the alternate build instructions file to use.
 
 The archive may include any number of other files,
 which are accessible in the build context (See the [*ADD build
-command*](../reference/builder.md#add)).
+command*](https://docs.docker.com/engine/reference/builder/#add)).
 
 The Docker daemon performs a preliminary validation of the `Dockerfile` before
 starting the build, and returns an error if the syntax is incorrect. After that,
@@ -1756,7 +1756,7 @@ or being killed.
         these values at build-time. Docker uses the `buildargs` as the environment
         context for command(s) run via the Dockerfile's `RUN` instruction or for
         variable expansion in other Dockerfile instructions. This is not meant for
-        passing secret values. [Read more about the buildargs instruction](../reference/builder.md#arg)
+        passing secret values. [Read more about the buildargs instruction](https://docs.docker.com/engine/reference/builder/#arg)
 -   **shmsize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
 -   **labels** – JSON map of string pairs for labels to set on the image.
 
diff --git a/docs/api/v1.25.yaml b/docs/api/v1.25.yaml
new file mode 100644
index 0000000000000..cbcf726ab87e8
--- /dev/null
+++ b/docs/api/v1.25.yaml
@@ -0,0 +1,7680 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.25"
+info:
+  title: "Docker Engine API"
+  version: "1.25"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine 1.13, the API version is 1.25. To lock to this version, you prefix the URL with `/v1.25`. For example, calling `/info` is the same as calling `/v1.25/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.25 of the API, which was introduced with Docker 1.13. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldly. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  - name: "Secret"
+    x-displayName: "Secrets"
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+    default: {}
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: "IPC namespace to use for the container."
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  Config:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        description: "A test to perform to check that the container is healthy."
+        type: "object"
+        properties:
+          Test:
+            description: |
+              The test to perform. Possible values are:
+
+              - `{}` inherit healthcheck from image or parent image
+              - `{"NONE"}` disable healthcheck
+              - `{"CMD", args...}` exec arguments directly
+              - `{"CMD-SHELL", command}` run command with system's default shell
+            type: "array"
+            items:
+              type: "string"
+          Interval:
+            description: "The time to wait between checks in nanoseconds. 0 means inherit."
+            type: "integer"
+          Timeout:
+            description: "The time to wait before considering the check to have hung. 0 means inherit."
+            type: "integer"
+          Retries:
+            description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+            type: "integer"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkConfig:
+    description: "TODO: check is correct"
+    type: "object"
+    properties:
+      Bridge:
+        type: "string"
+      Gateway:
+        type: "string"
+      Address:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      MacAddress:
+        type: "string"
+      PortMapping:
+        type: "string"
+      Ports:
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+
+  GraphDriver:
+    description: "Information about this container's graph driver."
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Data:
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    properties:
+      Id:
+        type: "string"
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+      Comment:
+        type: "string"
+      Created:
+        type: "string"
+      Container:
+        type: "string"
+      ContainerConfig:
+        $ref: "#/definitions/Config"
+      DockerVersion:
+        type: "string"
+      Author:
+        type: "string"
+      Config:
+        $ref: "#/definitions/Config"
+      Architecture:
+        type: "string"
+      Os:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+      GraphDriver:
+        $ref: "#/definitions/GraphDriver"
+      RootFS:
+        type: "object"
+        properties:
+          Type:
+            type: "string"
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        required: [Size, RefCount]
+        properties:
+          Size:
+            type: "integer"
+            description: "The disk space used by the volume (local driver only)"
+            default: -1
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: "The number of containers referencing this volume."
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+  NetworkContainer:
+    type: "object"
+    properties:
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      IPAMConfig:
+        description: "IPAM configurations for the endpoint"
+        type: "object"
+        properties:
+          IPv4Address:
+            type: "string"
+          IPv6Address:
+            type: "string"
+          LinkLocalIPs:
+            type: "array"
+            items:
+              type: "string"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+      NetworkID:
+        type: "string"
+      EndpointID:
+        type: "string"
+      Gateway:
+        type: "string"
+      IPAddress:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      IPv6Gateway:
+        type: "string"
+      GlobalIPv6Address:
+        type: "string"
+      GlobalIPv6PrefixLen:
+        type: "integer"
+        format: "int64"
+      MacAddress:
+        type: "string"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+        x-nullable: false
+      Type:
+        type: "string"
+        x-nullable: false
+      Options:
+        type: "array"
+        items:
+          type: "string"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+      Name:
+        type: "string"
+        x-nullable: false
+      Enabled:
+        description: "True when the plugin is running. False when the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PropagatedMount
+          - Mounts
+          - Env
+          - Args
+        properties:
+          Description:
+            type: "string"
+            x-nullable: false
+          Documentation:
+            type: "string"
+            x-nullable: false
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+              Socket:
+                type: "string"
+                x-nullable: false
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+              GID:
+                type: "integer"
+                format: "uint32"
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+              Description:
+                x-nullable: false
+                type: "string"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+    example:
+      Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name: "tiborvass/sample-volume-plugin"
+      Tag: "latest"
+      Active: true
+      Settings:
+        Env:
+          - "DEBUG=0"
+        Args: null
+        Devices: null
+      Config:
+        Description: "A sample volume plugin for Docker"
+        Documentation: "https://docs.docker.com/engine/extend/plugins/"
+        Interface:
+          Types:
+            - "docker.volumedriver/1.0"
+          Socket: "plugins.sock"
+        Entrypoint:
+          - "/usr/bin/sample-volume-plugin"
+          - "/data"
+        WorkDir: ""
+        User: {}
+        Network:
+          Type: ""
+        Linux:
+          Capabilities: null
+          AllowAllDevices: false
+          Devices: null
+        Mounts: null
+        PropagatedMount: "/data"
+        Env:
+          - Name: "DEBUG"
+            Description: "If set, prints debug messages"
+            Settable: null
+            Value: "0"
+        Args:
+          Name: "args"
+          Description: "command line arguments"
+          Settable: null
+          Value: []
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        type: "object"
+        properties:
+          Hostname:
+            type: "string"
+          Platform:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              OS:
+                type: "string"
+          Resources:
+            type: "object"
+            properties:
+              NanoCPUs:
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                type: "integer"
+                format: "int64"
+          Engine:
+            type: "object"
+            properties:
+              EngineVersion:
+                type: "string"
+              Labels:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Plugins:
+                type: "array"
+                items:
+                  type: "object"
+                  properties:
+                    Type:
+                      type: "string"
+                    Name:
+                      type: "string"
+    example:
+      ID: "24ifsmvkjbyhk"
+      Version:
+        Index: 8
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
+      Spec:
+        Name: "my-node"
+        Role: "manager"
+        Availability: "active"
+        Labels:
+          foo: "bar"
+      Description:
+        Hostname: "bf3067039e47"
+        Platform:
+          Architecture: "x86_64"
+          OS: "linux"
+        Resources:
+          NanoCPUs: 4000000000
+          MemoryBytes: 8272408576
+        Engine:
+          EngineVersion: "1.13.0"
+          Labels:
+            foo: "bar"
+          Plugins:
+            - Type: "Volume"
+              Name: "local"
+            - Type: "Network"
+              Name: "bridge"
+            - Type: "Network"
+              Name: "null"
+            - Type: "Network"
+              Name: "overlay"
+      Status:
+        State: "ready"
+        Addr: "172.17.0.2"
+      ManagerStatus:
+        Leader: true
+        Reachability: "reachable"
+        Addr: "172.17.0.2:2377"
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "int64"
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "int64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "int64"
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+
+              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                type: "string"
+              Options:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+    example:
+      Name: "default"
+      Orchestration:
+        TaskHistoryRetentionLimit: 10
+      Raft:
+        SnapshotInterval: 10000
+        LogEntriesForSlowFollowers: 500
+        HeartbeatTick: 1
+        ElectionTick: 3
+      Dispatcher:
+        HeartbeatPeriod: 5000000000
+      CAConfig:
+        NodeCertExpiry: 7776000000000000
+      JoinTokens:
+        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      EncryptionConfig:
+        AutoLockManagers: false
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      ContainerSpec:
+        type: "object"
+        properties:
+          Image:
+            description: "The image name to use for the container."
+            type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            type: "object"
+            properties:
+              NanoCPUs:
+                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory limit in Bytes."
+                type: "integer"
+                format: "int64"
+          Reservation:
+            description: "Define resources reservation."
+            properties:
+              NanoCPUs:
+                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory reservation in Bytes."
+                type: "integer"
+                format: "int64"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+  ImageDeleteResponse:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: "Base64-url-safe-encoded secret data"
+        type: "array"
+        items:
+          type: "string"
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers.
+
+            Available filters:
+            - `exited=<int>` containers with exit code of `<int>`
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `label=key` or `label="key=value"` of a container label
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `id=<ID>` a container's ID
+            - `name=<name>` a container's name
+            - `is-task=`(`true`|`false`)
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+            - `network`=(`<network id>` or `<network name>`)
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/Config"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        406:
+          description: "impossible to attach"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: "The status of the container. For example, `running` or `exited`."
+                    type: "string"
+                  Running:
+                    description: "Whether this container is running."
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriver"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/Config"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkConfig"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                SecondaryIPAddresses: null
+                SecondaryIPv6Addresses: null
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted, or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  enum:
+                    - 0
+                    - 1
+                    - 2
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used for calculating the CPU usage percentage. It is not the same as the `cpu_stats` field.
+      operationId: "ContainerStats"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveHead"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get an tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerGetArchive"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "ContainerPutArchive"
+      consumes:
+        - "application/x-tar"
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list.
+
+            Available filters:
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `reference`=(`<image-name>[:<tag>]`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/tar"
+          default: "application/tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Id:
+                  type: "string"
+                Created:
+                  type: "integer"
+                  format: "int64"
+                CreatedBy:
+                  type: "string"
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                Comment:
+                  type: "string"
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were referenced by that image.
+
+        Images can't be removed if they have descendant images, are being used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponse"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `stars=<number>`
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponse"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              Containers:
+                type: "integer"
+              ContainersRunning:
+                type: "integer"
+              ContainersStopped:
+                type: "integer"
+              ContainersPaused:
+                type: "integer"
+              CpuCfsPeriod:
+                type: "boolean"
+              CpuCfsQuota:
+                type: "boolean"
+              Debug:
+                type: "boolean"
+              DiscoveryBackend:
+                type: "string"
+              DockerRootDir:
+                type: "string"
+              Driver:
+                type: "string"
+              DriverStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              SystemStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              Plugins:
+                type: "object"
+                properties:
+                  Volume:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Network:
+                    type: "array"
+                    items:
+                      type: "string"
+              ExperimentalBuild:
+                type: "boolean"
+              HttpProxy:
+                type: "string"
+              HttpsProxy:
+                type: "string"
+              ID:
+                type: "string"
+              IPv4Forwarding:
+                type: "boolean"
+              Images:
+                type: "integer"
+              IndexServerAddress:
+                type: "string"
+              InitPath:
+                type: "string"
+              InitSha1:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Labels:
+                type: "array"
+                items:
+                  type: "string"
+              MemTotal:
+                type: "integer"
+              MemoryLimit:
+                type: "boolean"
+              NCPU:
+                type: "integer"
+              NEventsListener:
+                type: "integer"
+              NFd:
+                type: "integer"
+              NGoroutines:
+                type: "integer"
+              Name:
+                type: "string"
+              NoProxy:
+                type: "string"
+              OomKillDisable:
+                type: "boolean"
+              OSType:
+                type: "string"
+              OomScoreAdj:
+                type: "integer"
+              OperatingSystem:
+                type: "string"
+              RegistryConfig:
+                type: "object"
+                properties:
+                  IndexConfigs:
+                    type: "object"
+                    additionalProperties:
+                      type: "object"
+                      properties:
+                        Mirrors:
+                          type: "array"
+                          items:
+                            type: "string"
+                        Name:
+                          type: "string"
+                        Official:
+                          type: "boolean"
+                        Secure:
+                          type: "boolean"
+                  InsecureRegistryCIDRs:
+                    type: "array"
+                    items:
+                      type: "string"
+              SwapLimit:
+                type: "boolean"
+              SystemTime:
+                type: "string"
+              ServerVersion:
+                type: "string"
+          examples:
+            application/json:
+              Architecture: "x86_64"
+              ClusterStore: "etcd://localhost:2379"
+              CgroupDriver: "cgroupfs"
+              Containers: 11
+              ContainersRunning: 7
+              ContainersStopped: 3
+              ContainersPaused: 1
+              CpuCfsPeriod: true
+              CpuCfsQuota: true
+              Debug: false
+              DockerRootDir: "/var/lib/docker"
+              Driver: "btrfs"
+              DriverStatus:
+                -
+                  - ""
+              ExperimentalBuild: false
+              HttpProxy: "http://test:test@localhost:8080"
+              HttpsProxy: "https://test:test@localhost:8080"
+              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+              IPv4Forwarding: true
+              Images: 16
+              IndexServerAddress: "https://index.docker.io/v1/"
+              InitPath: "/usr/bin/docker"
+              InitSha1: ""
+              KernelMemory: true
+              KernelVersion: "3.12.0-1-amd64"
+              Labels:
+                - "storage=ssd"
+              MemTotal: 2099236864
+              MemoryLimit: true
+              NCPU: 1
+              NEventsListener: 0
+              NFd: 11
+              NGoroutines: 21
+              Name: "prod-server-42"
+              NoProxy: "9.81.1.160"
+              OomKillDisable: true
+              OSType: "linux"
+              OperatingSystem: "Boot2Docker"
+              Plugins:
+                Volume:
+                  - "local"
+                Network:
+                  - "null"
+                  - "host"
+                  - "bridge"
+              RegistryConfig:
+                IndexConfigs:
+                  docker.io:
+                    Name: "docker.io"
+                    Official: true
+                    Secure: true
+                InsecureRegistryCIDRs:
+                  - "127.0.0.0/8"
+              SecurityOptions:
+                - Key: "Name"
+                  Value: "seccomp"
+                - Key: "Profile"
+                  Value: "default"
+                - Key: "Name"
+                  Value: "apparmor"
+                - Key: "Name"
+                  Value: "selinux"
+                - Key: "Name"
+                  Value: "userns"
+              ServerVersion: "1.9.0"
+              SwapLimit: false
+              SystemStatus:
+                -
+                  - "State"
+                  - "Healthy"
+              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "1.13.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.6.3"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.25"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/Config"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update`
+
+        Images report these events: `delete, import, load, pull, push, save, tag, untag`
+
+        Volumes report these events: `create, mount, unmount, destroy`
+
+        Networks report these events: `create, connect, disconnect, destroy`
+
+        The Docker daemon reports these events: `reload`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, or `daemon`
+            - `volume=<string>` volume name or ID
+            - `network=<string>` network name or ID
+            - `daemon=<string>` daemon name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: ""
+                  Labels: null
+                  Scope: ""
+                  Options: null
+                  UsageData:
+                    Size: 0
+                    RefCount: 0
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `name=<volume-name>` Matches all or part of a volume name.
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches all or part of a volume
+              driver name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Containers:
+                  39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867:
+                    EndpointID: "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda"
+                    MacAddress: "02:42:ac:11:00:02"
+                    IPv4Address: "172.17.0.2/16"
+                    IPv6Address: ""
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+            example:
+              - Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+                Name: "tiborvass/sample-volume-plugin"
+                Tag: "latest"
+                Active: true
+                Settings:
+                  Env:
+                    - "DEBUG=0"
+                  Args: null
+                  Devices: null
+                Config:
+                  Description: "A sample volume plugin for Docker"
+                  Documentation: "https://docs.docker.com/engine/extend/plugins/"
+                  Interface:
+                    Types:
+                      - "docker.volumedriver/1.0"
+                    Socket: "plugins.sock"
+                  Entrypoint:
+                    - "/usr/bin/sample-volume-plugin"
+                    - "/data"
+                  WorkDir: ""
+                  User: {}
+                  Network:
+                    Type: ""
+                  Linux:
+                    Capabilities: null
+                    AllowAllDevices: false
+                    Devices: null
+                  Mounts: null
+                  PropagatedMount: "/data"
+                  Env:
+                    - Name: "DEBUG"
+                      Description: "If set, prints debug messages"
+                      Settable: null
+                      Value: "0"
+                  Args:
+                    Name: "args"
+                    Description: "command line arguments"
+                    Settable: null
+                    Value: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ClusterInfo"
+              - type: "object"
+                properties:
+                  JoinTokens:
+                    description: "The tokens workers and managers need to join the swarm."
+                    type: "object"
+                    properties:
+                      Worker:
+                        description: "The token workers can use to join the swarm."
+                        type: "string"
+                      Manager:
+                        description: "The token managers can use to join the swarm."
+                        type: "string"
+            example:
+              CreatedAt: "2016-08-15T16:00:20.349727406Z"
+              Spec:
+                Dispatcher:
+                  HeartbeatPeriod: 5000000000
+                Orchestration:
+                  TaskHistoryRetentionLimit: 10
+                CAConfig:
+                  NodeCertExpiry: 7776000000000000
+                Raft:
+                  LogEntriesForSlowFollowers: 500
+                  HeartbeatTick: 1
+                  SnapshotInterval: 10000
+                  ElectionTick: 3
+                TaskDefaults: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+                Name: "default"
+              JoinTokens:
+                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
+                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+              ID: "70ilmkj2f6sp2137c753w2nmt"
+              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
+              Version:
+                Index: 51
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        406:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `name=<service name>`
+            - `label=<service label>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "server error or node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Delay: 30000000000
+                    Parallelism: 2
+                    FailureAction: "pause"
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ImageDeleteResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 1
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `id=<task id>`
+            - `name=<task name>`
+            - `service=<service name>`
+            - `node=<node id or name>`
+            - `label=key` or `label="key=value"`
+            - `desired-state=(running | shutdown | accepted)`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        406:
+          description: "server error or node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        406:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
diff --git a/docs/api/v1.26.yaml b/docs/api/v1.26.yaml
new file mode 100644
index 0000000000000..22d4cc4e06530
--- /dev/null
+++ b/docs/api/v1.26.yaml
@@ -0,0 +1,7785 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.26"
+info:
+  title: "Docker Engine API"
+  version: "1.26"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine >= 1.13.1, the API version is 1.26. To lock to this version, you prefix the URL with `/v1.26`. For example, calling `/info` is the same as calling `/v1.26/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.26 of the API, which was introduced with Docker 1.13.1. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldly. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  - name: "Secret"
+    x-displayName: "Secrets"
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+    default: {}
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: "IPC namespace to use for the container."
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  Config:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        description: "A test to perform to check that the container is healthy."
+        type: "object"
+        properties:
+          Test:
+            description: |
+              The test to perform. Possible values are:
+
+              - `{}` inherit healthcheck from image or parent image
+              - `{"NONE"}` disable healthcheck
+              - `{"CMD", args...}` exec arguments directly
+              - `{"CMD-SHELL", command}` run command with system's default shell
+            type: "array"
+            items:
+              type: "string"
+          Interval:
+            description: "The time to wait between checks in nanoseconds. 0 means inherit."
+            type: "integer"
+          Timeout:
+            description: "The time to wait before considering the check to have hung. 0 means inherit."
+            type: "integer"
+          Retries:
+            description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+            type: "integer"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkConfig:
+    description: "TODO: check is correct"
+    type: "object"
+    properties:
+      Bridge:
+        type: "string"
+      Gateway:
+        type: "string"
+      Address:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      MacAddress:
+        type: "string"
+      PortMapping:
+        type: "string"
+      Ports:
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+
+  GraphDriver:
+    description: "Information about this container's graph driver."
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Data:
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    properties:
+      Id:
+        type: "string"
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+      Comment:
+        type: "string"
+      Created:
+        type: "string"
+      Container:
+        type: "string"
+      ContainerConfig:
+        $ref: "#/definitions/Config"
+      DockerVersion:
+        type: "string"
+      Author:
+        type: "string"
+      Config:
+        $ref: "#/definitions/Config"
+      Architecture:
+        type: "string"
+      Os:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+      GraphDriver:
+        $ref: "#/definitions/GraphDriver"
+      RootFS:
+        type: "object"
+        properties:
+          Type:
+            type: "string"
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        required: [Size, RefCount]
+        properties:
+          Size:
+            type: "integer"
+            description: "The disk space used by the volume (local driver only)"
+            default: -1
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: "The number of containers referencing this volume."
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+  NetworkContainer:
+    type: "object"
+    properties:
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      IPAMConfig:
+        description: "IPAM configurations for the endpoint"
+        type: "object"
+        properties:
+          IPv4Address:
+            type: "string"
+          IPv6Address:
+            type: "string"
+          LinkLocalIPs:
+            type: "array"
+            items:
+              type: "string"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+      NetworkID:
+        type: "string"
+      EndpointID:
+        type: "string"
+      Gateway:
+        type: "string"
+      IPAddress:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      IPv6Gateway:
+        type: "string"
+      GlobalIPv6Address:
+        type: "string"
+      GlobalIPv6PrefixLen:
+        type: "integer"
+        format: "int64"
+      MacAddress:
+        type: "string"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+        x-nullable: false
+      Type:
+        type: "string"
+        x-nullable: false
+      Options:
+        type: "array"
+        items:
+          type: "string"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+      Name:
+        type: "string"
+        x-nullable: false
+      Enabled:
+        description: "True when the plugin is running. False when the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PropagatedMount
+          - Mounts
+          - Env
+          - Args
+        properties:
+          Description:
+            type: "string"
+            x-nullable: false
+          Documentation:
+            type: "string"
+            x-nullable: false
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+              Socket:
+                type: "string"
+                x-nullable: false
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+              GID:
+                type: "integer"
+                format: "uint32"
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+              Description:
+                x-nullable: false
+                type: "string"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+    example:
+      Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name: "tiborvass/sample-volume-plugin"
+      Tag: "latest"
+      Active: true
+      Settings:
+        Env:
+          - "DEBUG=0"
+        Args: null
+        Devices: null
+      Config:
+        Description: "A sample volume plugin for Docker"
+        Documentation: "https://docs.docker.com/engine/extend/plugins/"
+        Interface:
+          Types:
+            - "docker.volumedriver/1.0"
+          Socket: "plugins.sock"
+        Entrypoint:
+          - "/usr/bin/sample-volume-plugin"
+          - "/data"
+        WorkDir: ""
+        User: {}
+        Network:
+          Type: ""
+        Linux:
+          Capabilities: null
+          AllowAllDevices: false
+          Devices: null
+        Mounts: null
+        PropagatedMount: "/data"
+        Env:
+          - Name: "DEBUG"
+            Description: "If set, prints debug messages"
+            Settable: null
+            Value: "0"
+        Args:
+          Name: "args"
+          Description: "command line arguments"
+          Settable: null
+          Value: []
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        type: "object"
+        properties:
+          Hostname:
+            type: "string"
+          Platform:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              OS:
+                type: "string"
+          Resources:
+            type: "object"
+            properties:
+              NanoCPUs:
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                type: "integer"
+                format: "int64"
+          Engine:
+            type: "object"
+            properties:
+              EngineVersion:
+                type: "string"
+              Labels:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Plugins:
+                type: "array"
+                items:
+                  type: "object"
+                  properties:
+                    Type:
+                      type: "string"
+                    Name:
+                      type: "string"
+    example:
+      ID: "24ifsmvkjbyhk"
+      Version:
+        Index: 8
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
+      Spec:
+        Name: "my-node"
+        Role: "manager"
+        Availability: "active"
+        Labels:
+          foo: "bar"
+      Description:
+        Hostname: "bf3067039e47"
+        Platform:
+          Architecture: "x86_64"
+          OS: "linux"
+        Resources:
+          NanoCPUs: 4000000000
+          MemoryBytes: 8272408576
+        Engine:
+          EngineVersion: "1.13.0"
+          Labels:
+            foo: "bar"
+          Plugins:
+            - Type: "Volume"
+              Name: "local"
+            - Type: "Network"
+              Name: "bridge"
+            - Type: "Network"
+              Name: "null"
+            - Type: "Network"
+              Name: "overlay"
+      Status:
+        State: "ready"
+        Addr: "172.17.0.2"
+      ManagerStatus:
+        Leader: true
+        Reachability: "reachable"
+        Addr: "172.17.0.2:2377"
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "int64"
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "int64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "int64"
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+
+              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                type: "string"
+              Options:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+    example:
+      Name: "default"
+      Orchestration:
+        TaskHistoryRetentionLimit: 10
+      Raft:
+        SnapshotInterval: 10000
+        LogEntriesForSlowFollowers: 500
+        HeartbeatTick: 1
+        ElectionTick: 3
+      Dispatcher:
+        HeartbeatPeriod: 5000000000
+      CAConfig:
+        NodeCertExpiry: 7776000000000000
+      JoinTokens:
+        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      EncryptionConfig:
+        AutoLockManagers: false
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      ContainerSpec:
+        type: "object"
+        properties:
+          Image:
+            description: "The image name to use for the container."
+            type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            type: "object"
+            properties:
+              NanoCPUs:
+                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory limit in Bytes."
+                type: "integer"
+                format: "int64"
+          Reservation:
+            description: "Define resources reservation."
+            properties:
+              NanoCPUs:
+                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory reservation in Bytes."
+                type: "integer"
+                format: "int64"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+  ImageDeleteResponse:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: "Base64-url-safe-encoded secret data"
+        type: "array"
+        items:
+          type: "string"
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers.
+
+            Available filters:
+            - `exited=<int>` containers with exit code of `<int>`
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `label=key` or `label="key=value"` of a container label
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `id=<ID>` a container's ID
+            - `name=<name>` a container's name
+            - `is-task=`(`true`|`false`)
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+            - `network`=(`<network id>` or `<network name>`)
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/Config"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        406:
+          description: "impossible to attach"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: "The status of the container. For example, `running` or `exited`."
+                    type: "string"
+                  Running:
+                    description: "Whether this container is running."
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriver"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/Config"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkConfig"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                SecondaryIPAddresses: null
+                SecondaryIPv6Addresses: null
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted, or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  enum:
+                    - 0
+                    - 1
+                    - 2
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used for calculating the CPU usage percentage. It is not the same as the `cpu_stats` field.
+      operationId: "ContainerStats"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveHead"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get an tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerGetArchive"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "ContainerPutArchive"
+      consumes:
+        - "application/x-tar"
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list.
+
+            Available filters:
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `reference`=(`<image-name>[:<tag>]`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/tar"
+          default: "application/tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Id:
+                  type: "string"
+                Created:
+                  type: "integer"
+                  format: "int64"
+                CreatedBy:
+                  type: "string"
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                Comment:
+                  type: "string"
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were referenced by that image.
+
+        Images can't be removed if they have descendant images, are being used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponse"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `stars=<number>`
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponse"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              Containers:
+                type: "integer"
+              ContainersRunning:
+                type: "integer"
+              ContainersStopped:
+                type: "integer"
+              ContainersPaused:
+                type: "integer"
+              CpuCfsPeriod:
+                type: "boolean"
+              CpuCfsQuota:
+                type: "boolean"
+              Debug:
+                type: "boolean"
+              DiscoveryBackend:
+                type: "string"
+              DockerRootDir:
+                type: "string"
+              Driver:
+                type: "string"
+              DriverStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              SystemStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              Plugins:
+                type: "object"
+                properties:
+                  Volume:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Network:
+                    type: "array"
+                    items:
+                      type: "string"
+              ExperimentalBuild:
+                type: "boolean"
+              HttpProxy:
+                type: "string"
+              HttpsProxy:
+                type: "string"
+              ID:
+                type: "string"
+              IPv4Forwarding:
+                type: "boolean"
+              Images:
+                type: "integer"
+              IndexServerAddress:
+                type: "string"
+              InitPath:
+                type: "string"
+              InitSha1:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Labels:
+                type: "array"
+                items:
+                  type: "string"
+              MemTotal:
+                type: "integer"
+              MemoryLimit:
+                type: "boolean"
+              NCPU:
+                type: "integer"
+              NEventsListener:
+                type: "integer"
+              NFd:
+                type: "integer"
+              NGoroutines:
+                type: "integer"
+              Name:
+                type: "string"
+              NoProxy:
+                type: "string"
+              OomKillDisable:
+                type: "boolean"
+              OSType:
+                type: "string"
+              OomScoreAdj:
+                type: "integer"
+              OperatingSystem:
+                type: "string"
+              RegistryConfig:
+                type: "object"
+                properties:
+                  IndexConfigs:
+                    type: "object"
+                    additionalProperties:
+                      type: "object"
+                      properties:
+                        Mirrors:
+                          type: "array"
+                          items:
+                            type: "string"
+                        Name:
+                          type: "string"
+                        Official:
+                          type: "boolean"
+                        Secure:
+                          type: "boolean"
+                  InsecureRegistryCIDRs:
+                    type: "array"
+                    items:
+                      type: "string"
+              SwapLimit:
+                type: "boolean"
+              SystemTime:
+                type: "string"
+              ServerVersion:
+                type: "string"
+          examples:
+            application/json:
+              Architecture: "x86_64"
+              ClusterStore: "etcd://localhost:2379"
+              CgroupDriver: "cgroupfs"
+              Containers: 11
+              ContainersRunning: 7
+              ContainersStopped: 3
+              ContainersPaused: 1
+              CpuCfsPeriod: true
+              CpuCfsQuota: true
+              Debug: false
+              DockerRootDir: "/var/lib/docker"
+              Driver: "btrfs"
+              DriverStatus:
+                -
+                  - ""
+              ExperimentalBuild: false
+              HttpProxy: "http://test:test@localhost:8080"
+              HttpsProxy: "https://test:test@localhost:8080"
+              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+              IPv4Forwarding: true
+              Images: 16
+              IndexServerAddress: "https://index.docker.io/v1/"
+              InitPath: "/usr/bin/docker"
+              InitSha1: ""
+              KernelMemory: true
+              KernelVersion: "3.12.0-1-amd64"
+              Labels:
+                - "storage=ssd"
+              MemTotal: 2099236864
+              MemoryLimit: true
+              NCPU: 1
+              NEventsListener: 0
+              NFd: 11
+              NGoroutines: 21
+              Name: "prod-server-42"
+              NoProxy: "9.81.1.160"
+              OomKillDisable: true
+              OSType: "linux"
+              OperatingSystem: "Boot2Docker"
+              Plugins:
+                Volume:
+                  - "local"
+                Network:
+                  - "null"
+                  - "host"
+                  - "bridge"
+              RegistryConfig:
+                IndexConfigs:
+                  docker.io:
+                    Name: "docker.io"
+                    Official: true
+                    Secure: true
+                InsecureRegistryCIDRs:
+                  - "127.0.0.0/8"
+              SecurityOptions:
+                - Key: "Name"
+                  Value: "seccomp"
+                - Key: "Profile"
+                  Value: "default"
+                - Key: "Name"
+                  Value: "apparmor"
+                - Key: "Name"
+                  Value: "selinux"
+                - Key: "Name"
+                  Value: "userns"
+              ServerVersion: "1.9.0"
+              SwapLimit: false
+              SystemStatus:
+                -
+                  - "State"
+                  - "Healthy"
+              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "1.13.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.6.3"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.25"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/Config"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update`
+
+        Images report these events: `delete, import, load, pull, push, save, tag, untag`
+
+        Volumes report these events: `create, mount, unmount, destroy`
+
+        Networks report these events: `create, connect, disconnect, destroy`
+
+        The Docker daemon reports these events: `reload`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, or `daemon`
+            - `volume=<string>` volume name or ID
+            - `network=<string>` network name or ID
+            - `daemon=<string>` daemon name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: ""
+                  Labels: null
+                  Scope: ""
+                  Options: null
+                  UsageData:
+                    Size: 0
+                    RefCount: 0
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `name=<volume-name>` Matches all or part of a volume name.
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches all or part of a volume
+              driver name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Containers:
+                  39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867:
+                    EndpointID: "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda"
+                    MacAddress: "02:42:ac:11:00:02"
+                    IPv4Address: "172.17.0.2/16"
+                    IPv6Address: ""
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+            example:
+              - Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+                Name: "tiborvass/sample-volume-plugin"
+                Tag: "latest"
+                Active: true
+                Settings:
+                  Env:
+                    - "DEBUG=0"
+                  Args: null
+                  Devices: null
+                Config:
+                  Description: "A sample volume plugin for Docker"
+                  Documentation: "https://docs.docker.com/engine/extend/plugins/"
+                  Interface:
+                    Types:
+                      - "docker.volumedriver/1.0"
+                    Socket: "plugins.sock"
+                  Entrypoint:
+                    - "/usr/bin/sample-volume-plugin"
+                    - "/data"
+                  WorkDir: ""
+                  User: {}
+                  Network:
+                    Type: ""
+                  Linux:
+                    Capabilities: null
+                    AllowAllDevices: false
+                    Devices: null
+                  Mounts: null
+                  PropagatedMount: "/data"
+                  Env:
+                    - Name: "DEBUG"
+                      Description: "If set, prints debug messages"
+                      Settable: null
+                      Value: "0"
+                  Args:
+                    Name: "args"
+                    Description: "command line arguments"
+                    Settable: null
+                    Value: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ClusterInfo"
+              - type: "object"
+                properties:
+                  JoinTokens:
+                    description: "The tokens workers and managers need to join the swarm."
+                    type: "object"
+                    properties:
+                      Worker:
+                        description: "The token workers can use to join the swarm."
+                        type: "string"
+                      Manager:
+                        description: "The token managers can use to join the swarm."
+                        type: "string"
+            example:
+              CreatedAt: "2016-08-15T16:00:20.349727406Z"
+              Spec:
+                Dispatcher:
+                  HeartbeatPeriod: 5000000000
+                Orchestration:
+                  TaskHistoryRetentionLimit: 10
+                CAConfig:
+                  NodeCertExpiry: 7776000000000000
+                Raft:
+                  LogEntriesForSlowFollowers: 500
+                  HeartbeatTick: 1
+                  SnapshotInterval: 10000
+                  ElectionTick: 3
+                TaskDefaults: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+                Name: "default"
+              JoinTokens:
+                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
+                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+              ID: "70ilmkj2f6sp2137c753w2nmt"
+              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
+              Version:
+                Index: 51
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        406:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `name=<service name>`
+            - `label=<service label>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "server error or node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Delay: 30000000000
+                    Parallelism: 2
+                    FailureAction: "pause"
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ImageDeleteResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 1
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `id=<task id>`
+            - `name=<task name>`
+            - `service=<service name>`
+            - `node=<node id or name>`
+            - `label=key` or `label="key=value"`
+            - `desired-state=(running | shutdown | accepted)`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        406:
+          description: "server error or node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        406:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
diff --git a/docs/api/v1.27.yaml b/docs/api/v1.27.yaml
new file mode 100644
index 0000000000000..542251110caf1
--- /dev/null
+++ b/docs/api/v1.27.yaml
@@ -0,0 +1,7939 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.27"
+info:
+  title: "Docker Engine API"
+  version: "1.27"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine >= 17.03.1, the API version is 1.27. To lock to this version, you prefix the URL with `/v1.27`. For example, calling `/info` is the same as calling `/v1.27/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.27 of the API, which was introduced with Docker 17.03.1. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    1.13.1 & 17.03.0 | [1.26](https://docs.docker.com/engine/api/v1.26/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-26-api-changes)
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldly. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+    default: {}
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCPUs:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: "IPC namespace to use for the container."
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  Config:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkConfig:
+    description: "TODO: check is correct"
+    type: "object"
+    properties:
+      Bridge:
+        type: "string"
+      Gateway:
+        type: "string"
+      Address:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      MacAddress:
+        type: "string"
+      PortMapping:
+        type: "string"
+      Ports:
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+
+  GraphDriver:
+    description: "Information about this container's graph driver."
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Data:
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    properties:
+      Id:
+        type: "string"
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+      Comment:
+        type: "string"
+      Created:
+        type: "string"
+      Container:
+        type: "string"
+      ContainerConfig:
+        $ref: "#/definitions/Config"
+      DockerVersion:
+        type: "string"
+      Author:
+        type: "string"
+      Config:
+        $ref: "#/definitions/Config"
+      Architecture:
+        type: "string"
+      Os:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+      GraphDriver:
+        $ref: "#/definitions/GraphDriver"
+      RootFS:
+        type: "object"
+        properties:
+          Type:
+            type: "string"
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        required: [Size, RefCount]
+        properties:
+          Size:
+            type: "integer"
+            description: "The disk space used by the volume (local driver only)"
+            default: -1
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: "The number of containers referencing this volume."
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+  NetworkContainer:
+    type: "object"
+    properties:
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      IPAMConfig:
+        description: "IPAM configurations for the endpoint"
+        type: "object"
+        properties:
+          IPv4Address:
+            type: "string"
+          IPv6Address:
+            type: "string"
+          LinkLocalIPs:
+            type: "array"
+            items:
+              type: "string"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+      NetworkID:
+        type: "string"
+      EndpointID:
+        type: "string"
+      Gateway:
+        type: "string"
+      IPAddress:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      IPv6Gateway:
+        type: "string"
+      GlobalIPv6Address:
+        type: "string"
+      GlobalIPv6PrefixLen:
+        type: "integer"
+        format: "int64"
+      MacAddress:
+        type: "string"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+        x-nullable: false
+      Type:
+        type: "string"
+        x-nullable: false
+      Options:
+        type: "array"
+        items:
+          type: "string"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+      Name:
+        type: "string"
+        x-nullable: false
+      Enabled:
+        description: "True when the plugin is running. False when the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PropagatedMount
+          - Mounts
+          - Env
+          - Args
+        properties:
+          Description:
+            type: "string"
+            x-nullable: false
+          Documentation:
+            type: "string"
+            x-nullable: false
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+              Socket:
+                type: "string"
+                x-nullable: false
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+              GID:
+                type: "integer"
+                format: "uint32"
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+              Description:
+                x-nullable: false
+                type: "string"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+    example:
+      Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name: "tiborvass/sample-volume-plugin"
+      Tag: "latest"
+      Active: true
+      Settings:
+        Env:
+          - "DEBUG=0"
+        Args: null
+        Devices: null
+      Config:
+        Description: "A sample volume plugin for Docker"
+        Documentation: "https://docs.docker.com/engine/extend/plugins/"
+        Interface:
+          Types:
+            - "docker.volumedriver/1.0"
+          Socket: "plugins.sock"
+        Entrypoint:
+          - "/usr/bin/sample-volume-plugin"
+          - "/data"
+        WorkDir: ""
+        User: {}
+        Network:
+          Type: ""
+        Linux:
+          Capabilities: null
+          AllowAllDevices: false
+          Devices: null
+        Mounts: null
+        PropagatedMount: "/data"
+        Env:
+          - Name: "DEBUG"
+            Description: "If set, prints debug messages"
+            Settable: null
+            Value: "0"
+        Args:
+          Name: "args"
+          Description: "command line arguments"
+          Settable: null
+          Value: []
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentially overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "int64"
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        type: "object"
+        properties:
+          Hostname:
+            type: "string"
+          Platform:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              OS:
+                type: "string"
+          Resources:
+            type: "object"
+            properties:
+              NanoCpus:
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                type: "integer"
+                format: "int64"
+          Engine:
+            type: "object"
+            properties:
+              EngineVersion:
+                type: "string"
+              Labels:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Plugins:
+                type: "array"
+                items:
+                  type: "object"
+                  properties:
+                    Type:
+                      type: "string"
+                    Name:
+                      type: "string"
+    example:
+      ID: "24ifsmvkjbyhk"
+      Version:
+        Index: 8
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
+      Spec:
+        Name: "my-node"
+        Role: "manager"
+        Availability: "active"
+        Labels:
+          foo: "bar"
+      Description:
+        Hostname: "bf3067039e47"
+        Platform:
+          Architecture: "x86_64"
+          OS: "linux"
+        Resources:
+          NanoCPUs: 4000000000
+          MemoryBytes: 8272408576
+        Engine:
+          EngineVersion: "1.13.0"
+          Labels:
+            foo: "bar"
+          Plugins:
+            - Type: "Volume"
+              Name: "local"
+            - Type: "Network"
+              Name: "bridge"
+            - Type: "Network"
+              Name: "null"
+            - Type: "Network"
+              Name: "overlay"
+      Status:
+        State: "ready"
+        Addr: "172.17.0.2"
+      ManagerStatus:
+        Leader: true
+        Reachability: "reachable"
+        Addr: "172.17.0.2:2377"
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "int64"
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "int64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "int64"
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+
+              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                type: "string"
+              Options:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+    example:
+      Name: "default"
+      Orchestration:
+        TaskHistoryRetentionLimit: 10
+      Raft:
+        SnapshotInterval: 10000
+        LogEntriesForSlowFollowers: 500
+        HeartbeatTick: 1
+        ElectionTick: 3
+      Dispatcher:
+        HeartbeatPeriod: 5000000000
+      CAConfig:
+        NodeCertExpiry: 7776000000000000
+      JoinTokens:
+        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      EncryptionConfig:
+        AutoLockManagers: false
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      ContainerSpec:
+        type: "object"
+        properties:
+          Image:
+            description: "The image name to use for the container."
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file.
+              The format of extra hosts on swarmkit is specified in:
+              http://man7.org/linux/man-pages/man5/hosts.5.html
+                IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            type: "object"
+            properties:
+              NanoCPUs:
+                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory limit in Bytes."
+                type: "integer"
+                format: "int64"
+          Reservation:
+            description: "Define resources reservation."
+            properties:
+              NanoCPUs:
+                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory reservation in Bytes."
+                type: "integer"
+                format: "int64"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+  ImageDeleteResponse:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: "Base64-url-safe-encoded secret data"
+        type: "array"
+        items:
+          type: "string"
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/Config"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        406:
+          description: "impossible to attach"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: "The status of the container. For example, `running` or `exited`."
+                    type: "string"
+                  Running:
+                    description: "Whether this container is running."
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriver"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/Config"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkConfig"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                SecondaryIPAddresses: null
+                SecondaryIPv6Addresses: null
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted, or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  enum:
+                    - 0
+                    - 1
+                    - 2
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or use -f"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveHead"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get an tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerGetArchive"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "ContainerPutArchive"
+      consumes:
+        - "application/x-tar"
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/tar"
+          default: "application/tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Id:
+                  type: "string"
+                Created:
+                  type: "integer"
+                  format: "int64"
+                CreatedBy:
+                  type: "string"
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                Comment:
+                  type: "string"
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were referenced by that image.
+
+        Images can't be removed if they have descendant images, are being used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponse"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponse"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              Containers:
+                type: "integer"
+              ContainersRunning:
+                type: "integer"
+              ContainersStopped:
+                type: "integer"
+              ContainersPaused:
+                type: "integer"
+              CpuCfsPeriod:
+                type: "boolean"
+              CpuCfsQuota:
+                type: "boolean"
+              Debug:
+                type: "boolean"
+              DiscoveryBackend:
+                type: "string"
+              DockerRootDir:
+                type: "string"
+              Driver:
+                type: "string"
+              DriverStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              SystemStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              Plugins:
+                type: "object"
+                properties:
+                  Volume:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Network:
+                    type: "array"
+                    items:
+                      type: "string"
+              ExperimentalBuild:
+                type: "boolean"
+              HttpProxy:
+                type: "string"
+              HttpsProxy:
+                type: "string"
+              ID:
+                type: "string"
+              IPv4Forwarding:
+                type: "boolean"
+              Images:
+                type: "integer"
+              IndexServerAddress:
+                type: "string"
+              InitPath:
+                type: "string"
+              InitSha1:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Labels:
+                type: "array"
+                items:
+                  type: "string"
+              MemTotal:
+                type: "integer"
+              MemoryLimit:
+                type: "boolean"
+              NCPU:
+                type: "integer"
+              NEventsListener:
+                type: "integer"
+              NFd:
+                type: "integer"
+              NGoroutines:
+                type: "integer"
+              Name:
+                type: "string"
+              NoProxy:
+                type: "string"
+              OomKillDisable:
+                type: "boolean"
+              OSType:
+                type: "string"
+              OomScoreAdj:
+                type: "integer"
+              OperatingSystem:
+                type: "string"
+              RegistryConfig:
+                type: "object"
+                properties:
+                  IndexConfigs:
+                    type: "object"
+                    additionalProperties:
+                      type: "object"
+                      properties:
+                        Mirrors:
+                          type: "array"
+                          items:
+                            type: "string"
+                        Name:
+                          type: "string"
+                        Official:
+                          type: "boolean"
+                        Secure:
+                          type: "boolean"
+                  InsecureRegistryCIDRs:
+                    type: "array"
+                    items:
+                      type: "string"
+              SwapLimit:
+                type: "boolean"
+              SystemTime:
+                type: "string"
+              ServerVersion:
+                type: "string"
+          examples:
+            application/json:
+              Architecture: "x86_64"
+              ClusterStore: "etcd://localhost:2379"
+              CgroupDriver: "cgroupfs"
+              Containers: 11
+              ContainersRunning: 7
+              ContainersStopped: 3
+              ContainersPaused: 1
+              CpuCfsPeriod: true
+              CpuCfsQuota: true
+              Debug: false
+              DockerRootDir: "/var/lib/docker"
+              Driver: "btrfs"
+              DriverStatus:
+                -
+                  - ""
+              ExperimentalBuild: false
+              HttpProxy: "http://test:test@localhost:8080"
+              HttpsProxy: "https://test:test@localhost:8080"
+              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+              IPv4Forwarding: true
+              Images: 16
+              IndexServerAddress: "https://index.docker.io/v1/"
+              InitPath: "/usr/bin/docker"
+              InitSha1: ""
+              KernelMemory: true
+              KernelVersion: "3.12.0-1-amd64"
+              Labels:
+                - "storage=ssd"
+              MemTotal: 2099236864
+              MemoryLimit: true
+              NCPU: 1
+              NEventsListener: 0
+              NFd: 11
+              NGoroutines: 21
+              Name: "prod-server-42"
+              NoProxy: "9.81.1.160"
+              OomKillDisable: true
+              OSType: "linux"
+              OperatingSystem: "Boot2Docker"
+              Plugins:
+                Volume:
+                  - "local"
+                Network:
+                  - "null"
+                  - "host"
+                  - "bridge"
+              RegistryConfig:
+                IndexConfigs:
+                  docker.io:
+                    Name: "docker.io"
+                    Official: true
+                    Secure: true
+                InsecureRegistryCIDRs:
+                  - "127.0.0.0/8"
+              SecurityOptions:
+                - Key: "Name"
+                  Value: "seccomp"
+                - Key: "Profile"
+                  Value: "default"
+                - Key: "Name"
+                  Value: "apparmor"
+                - Key: "Name"
+                  Value: "selinux"
+                - Key: "Name"
+                  Value: "userns"
+              ServerVersion: "1.9.0"
+              SwapLimit: false
+              SystemStatus:
+                -
+                  - "State"
+                  - "Healthy"
+              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "1.13.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.6.3"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.25"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/Config"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update`
+
+        Images report these events: `delete, import, load, pull, push, save, tag, untag`
+
+        Volumes report these events: `create, mount, unmount, destroy`
+
+        Networks report these events: `create, connect, disconnect, destroy`
+
+        The Docker daemon reports these events: `reload`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `plugin`=<string> plugin name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, or `daemon`
+            - `volume=<string>` volume name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: ""
+                  Labels: null
+                  Scope: ""
+                  Options: null
+                  UsageData:
+                    Size: 0
+                    RefCount: 0
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Containers:
+                  39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867:
+                    EndpointID: "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda"
+                    MacAddress: "02:42:ac:11:00:02"
+                    IPv4Address: "172.17.0.2/16"
+                    IPv6Address: ""
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+            example:
+              - Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+                Name: "tiborvass/sample-volume-plugin"
+                Tag: "latest"
+                Active: true
+                Settings:
+                  Env:
+                    - "DEBUG=0"
+                  Args: null
+                  Devices: null
+                Config:
+                  Description: "A sample volume plugin for Docker"
+                  Documentation: "https://docs.docker.com/engine/extend/plugins/"
+                  Interface:
+                    Types:
+                      - "docker.volumedriver/1.0"
+                    Socket: "plugins.sock"
+                  Entrypoint:
+                    - "/usr/bin/sample-volume-plugin"
+                    - "/data"
+                  WorkDir: ""
+                  User: {}
+                  Network:
+                    Type: ""
+                  Linux:
+                    Capabilities: null
+                    AllowAllDevices: false
+                    Devices: null
+                  Mounts: null
+                  PropagatedMount: "/data"
+                  Env:
+                    - Name: "DEBUG"
+                      Description: "If set, prints debug messages"
+                      Settable: null
+                      Value: "0"
+                  Args:
+                    Name: "args"
+                    Description: "command line arguments"
+                    Settable: null
+                    Value: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ClusterInfo"
+              - type: "object"
+                properties:
+                  JoinTokens:
+                    description: "The tokens workers and managers need to join the swarm."
+                    type: "object"
+                    properties:
+                      Worker:
+                        description: "The token workers can use to join the swarm."
+                        type: "string"
+                      Manager:
+                        description: "The token managers can use to join the swarm."
+                        type: "string"
+            example:
+              CreatedAt: "2016-08-15T16:00:20.349727406Z"
+              Spec:
+                Dispatcher:
+                  HeartbeatPeriod: 5000000000
+                Orchestration:
+                  TaskHistoryRetentionLimit: 10
+                CAConfig:
+                  NodeCertExpiry: 7776000000000000
+                Raft:
+                  LogEntriesForSlowFollowers: 500
+                  HeartbeatTick: 1
+                  SnapshotInterval: 10000
+                  ElectionTick: 3
+                TaskDefaults: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+                Name: "default"
+              JoinTokens:
+                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
+                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+              ID: "70ilmkj2f6sp2137c753w2nmt"
+              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
+              Version:
+                Index: 51
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Delay: 30000000000
+                    Parallelism: 2
+                    FailureAction: "pause"
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ImageDeleteResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 1
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
diff --git a/docs/api/v1.28.yaml b/docs/api/v1.28.yaml
new file mode 100644
index 0000000000000..ed96d079c914b
--- /dev/null
+++ b/docs/api/v1.28.yaml
@@ -0,0 +1,8106 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.28"
+info:
+  title: "Docker Engine API"
+  version: "1.28"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine 17.04, the API version is 1.28. To lock to this version, you prefix the URL with `/v1.28`. For example, calling `/info` is the same as calling `/v1.28/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.28 of the API, which was introduced with Docker 17.04. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    17.03.1 | [1.27](https://docs.docker.com/engine/api/v1.27/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-27-api-changes)
+    1.13.1 & 17.03.0 | [1.26](https://docs.docker.com/engine/api/v1.26/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-26-api-changes)
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+    default: {}
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or not less than 1000000000(1s). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or not less than 1000000000(1s). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: "IPC namespace to use for the container."
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  Config:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkConfig:
+    description: "TODO: check is correct"
+    type: "object"
+    properties:
+      Bridge:
+        type: "string"
+      Gateway:
+        type: "string"
+      Address:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      MacAddress:
+        type: "string"
+      PortMapping:
+        type: "string"
+      Ports:
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/Config"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/Config"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        required: [Size, RefCount]
+        properties:
+          Size:
+            type: "integer"
+            description: "The disk space used by the volume (local driver only)"
+            default: -1
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: "The number of containers referencing this volume."
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+  NetworkContainer:
+    type: "object"
+    properties:
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      IPAMConfig:
+        description: "IPAM configurations for the endpoint"
+        type: "object"
+        properties:
+          IPv4Address:
+            type: "string"
+          IPv6Address:
+            type: "string"
+          LinkLocalIPs:
+            type: "array"
+            items:
+              type: "string"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+      NetworkID:
+        type: "string"
+      EndpointID:
+        type: "string"
+      Gateway:
+        type: "string"
+      IPAddress:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      IPv6Gateway:
+        type: "string"
+      GlobalIPv6Address:
+        type: "string"
+      GlobalIPv6PrefixLen:
+        type: "integer"
+        format: "int64"
+      MacAddress:
+        type: "string"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+        x-nullable: false
+      Type:
+        type: "string"
+        x-nullable: false
+      Options:
+        type: "array"
+        items:
+          type: "string"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+      Name:
+        type: "string"
+        x-nullable: false
+      Enabled:
+        description: "True when the plugin is running. False when the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PropagatedMount
+          - Mounts
+          - Env
+          - Args
+        properties:
+          Description:
+            type: "string"
+            x-nullable: false
+          Documentation:
+            type: "string"
+            x-nullable: false
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+              Socket:
+                type: "string"
+                x-nullable: false
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+              GID:
+                type: "integer"
+                format: "uint32"
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+              Description:
+                x-nullable: false
+                type: "string"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+    example:
+      Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name: "tiborvass/sample-volume-plugin"
+      Tag: "latest"
+      Active: true
+      Settings:
+        Env:
+          - "DEBUG=0"
+        Args: null
+        Devices: null
+      Config:
+        Description: "A sample volume plugin for Docker"
+        Documentation: "https://docs.docker.com/engine/extend/plugins/"
+        Interface:
+          Types:
+            - "docker.volumedriver/1.0"
+          Socket: "plugins.sock"
+        Entrypoint:
+          - "/usr/bin/sample-volume-plugin"
+          - "/data"
+        WorkDir: ""
+        User: {}
+        Network:
+          Type: ""
+        Linux:
+          Capabilities: null
+          AllowAllDevices: false
+          Devices: null
+        Mounts: null
+        PropagatedMount: "/data"
+        Env:
+          - Name: "DEBUG"
+            Description: "If set, prints debug messages"
+            Settable: null
+            Value: "0"
+        Args:
+          Name: "args"
+          Description: "command line arguments"
+          Settable: null
+          Value: []
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentially overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "int64"
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        type: "object"
+        properties:
+          Hostname:
+            type: "string"
+          Platform:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              OS:
+                type: "string"
+          Resources:
+            type: "object"
+            properties:
+              NanoCPUs:
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                type: "integer"
+                format: "int64"
+          Engine:
+            type: "object"
+            properties:
+              EngineVersion:
+                type: "string"
+              Labels:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Plugins:
+                type: "array"
+                items:
+                  type: "object"
+                  properties:
+                    Type:
+                      type: "string"
+                    Name:
+                      type: "string"
+    example:
+      ID: "24ifsmvkjbyhk"
+      Version:
+        Index: 8
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
+      Spec:
+        Name: "my-node"
+        Role: "manager"
+        Availability: "active"
+        Labels:
+          foo: "bar"
+      Description:
+        Hostname: "bf3067039e47"
+        Platform:
+          Architecture: "x86_64"
+          OS: "linux"
+        Resources:
+          NanoCPUs: 4000000000
+          MemoryBytes: 8272408576
+        Engine:
+          EngineVersion: "17.04.0"
+          Labels:
+            foo: "bar"
+          Plugins:
+            - Type: "Volume"
+              Name: "local"
+            - Type: "Network"
+              Name: "bridge"
+            - Type: "Network"
+              Name: "null"
+            - Type: "Network"
+              Name: "overlay"
+      Status:
+        State: "ready"
+        Addr: "172.17.0.2"
+      ManagerStatus:
+        Leader: true
+        Reachability: "reachable"
+        Addr: "172.17.0.2:2377"
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "int64"
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "int64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "int64"
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+
+              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                type: "string"
+              Options:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+    example:
+      Name: "default"
+      Orchestration:
+        TaskHistoryRetentionLimit: 10
+      Raft:
+        SnapshotInterval: 10000
+        LogEntriesForSlowFollowers: 500
+        HeartbeatTick: 1
+        ElectionTick: 3
+      Dispatcher:
+        HeartbeatPeriod: 5000000000
+      CAConfig:
+        NodeCertExpiry: 7776000000000000
+      JoinTokens:
+        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      EncryptionConfig:
+        AutoLockManagers: false
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      ContainerSpec:
+        type: "object"
+        properties:
+          Image:
+            description: "The image name to use for the container."
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file.
+              The format of extra hosts on swarmkit is specified in:
+              http://man7.org/linux/man-pages/man5/hosts.5.html
+                IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            type: "object"
+            properties:
+              NanoCPUs:
+                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory limit in Bytes."
+                type: "integer"
+                format: "int64"
+          Reservation:
+            description: "Define resources reservation."
+            properties:
+              NanoCPUs:
+                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory reservation in Bytes."
+                type: "integer"
+                format: "int64"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: "Base64-url-safe-encoded secret data"
+        type: "array"
+        items:
+          type: "string"
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/Config"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        406:
+          description: "impossible to attach"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: "The status of the container. For example, `running` or `exited`."
+                    type: "string"
+                  Running:
+                    description: "Whether this container is running."
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/Config"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkConfig"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                SecondaryIPAddresses: null
+                SecondaryIPv6Addresses: null
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              Containers:
+                type: "integer"
+              ContainersRunning:
+                type: "integer"
+              ContainersStopped:
+                type: "integer"
+              ContainersPaused:
+                type: "integer"
+              CpuCfsPeriod:
+                type: "boolean"
+              CpuCfsQuota:
+                type: "boolean"
+              Debug:
+                type: "boolean"
+              DiscoveryBackend:
+                type: "string"
+              DockerRootDir:
+                type: "string"
+              Driver:
+                type: "string"
+              DriverStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              SystemStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              Plugins:
+                type: "object"
+                properties:
+                  Volume:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Network:
+                    type: "array"
+                    items:
+                      type: "string"
+              ExperimentalBuild:
+                type: "boolean"
+              HttpProxy:
+                type: "string"
+              HttpsProxy:
+                type: "string"
+              ID:
+                type: "string"
+              IPv4Forwarding:
+                type: "boolean"
+              Images:
+                type: "integer"
+              IndexServerAddress:
+                type: "string"
+              InitPath:
+                type: "string"
+              InitSha1:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Labels:
+                type: "array"
+                items:
+                  type: "string"
+              MemTotal:
+                type: "integer"
+              MemoryLimit:
+                type: "boolean"
+              NCPU:
+                type: "integer"
+              NEventsListener:
+                type: "integer"
+              NFd:
+                type: "integer"
+              NGoroutines:
+                type: "integer"
+              Name:
+                type: "string"
+              NoProxy:
+                type: "string"
+              OomKillDisable:
+                type: "boolean"
+              OSType:
+                type: "string"
+              OomScoreAdj:
+                type: "integer"
+              OperatingSystem:
+                type: "string"
+              RegistryConfig:
+                type: "object"
+                properties:
+                  IndexConfigs:
+                    type: "object"
+                    additionalProperties:
+                      type: "object"
+                      properties:
+                        Mirrors:
+                          type: "array"
+                          items:
+                            type: "string"
+                        Name:
+                          type: "string"
+                        Official:
+                          type: "boolean"
+                        Secure:
+                          type: "boolean"
+                  InsecureRegistryCIDRs:
+                    type: "array"
+                    items:
+                      type: "string"
+              SwapLimit:
+                type: "boolean"
+              SystemTime:
+                type: "string"
+              ServerVersion:
+                type: "string"
+          examples:
+            application/json:
+              Architecture: "x86_64"
+              ClusterStore: "etcd://localhost:2379"
+              CgroupDriver: "cgroupfs"
+              Containers: 11
+              ContainersRunning: 7
+              ContainersStopped: 3
+              ContainersPaused: 1
+              CpuCfsPeriod: true
+              CpuCfsQuota: true
+              Debug: false
+              DockerRootDir: "/var/lib/docker"
+              Driver: "btrfs"
+              DriverStatus:
+                -
+                  - ""
+              ExperimentalBuild: false
+              HttpProxy: "http://test:test@localhost:8080"
+              HttpsProxy: "https://test:test@localhost:8080"
+              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+              IPv4Forwarding: true
+              Images: 16
+              IndexServerAddress: "https://index.docker.io/v1/"
+              InitPath: "/usr/bin/docker"
+              InitSha1: ""
+              KernelMemory: true
+              KernelVersion: "3.12.0-1-amd64"
+              Labels:
+                - "storage=ssd"
+              MemTotal: 2099236864
+              MemoryLimit: true
+              NCPU: 1
+              NEventsListener: 0
+              NFd: 11
+              NGoroutines: 21
+              Name: "prod-server-42"
+              NoProxy: "9.81.1.160"
+              OomKillDisable: true
+              OSType: "linux"
+              OperatingSystem: "Boot2Docker"
+              Plugins:
+                Volume:
+                  - "local"
+                Network:
+                  - "null"
+                  - "host"
+                  - "bridge"
+              RegistryConfig:
+                IndexConfigs:
+                  docker.io:
+                    Name: "docker.io"
+                    Official: true
+                    Secure: true
+                InsecureRegistryCIDRs:
+                  - "127.0.0.0/8"
+              SecurityOptions:
+                - Key: "Name"
+                  Value: "seccomp"
+                - Key: "Profile"
+                  Value: "default"
+                - Key: "Name"
+                  Value: "apparmor"
+                - Key: "Name"
+                  Value: "selinux"
+                - Key: "Name"
+                  Value: "userns"
+              ServerVersion: "1.9.0"
+              SwapLimit: false
+              SystemStatus:
+                -
+                  - "State"
+                  - "Healthy"
+              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/Config"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update`
+
+        Images report these events: `delete, import, load, pull, push, save, tag, untag`
+
+        Volumes report these events: `create, mount, unmount, destroy`
+
+        Networks report these events: `create, connect, disconnect, destroy`
+
+        The Docker daemon reports these events: `reload`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `plugin`=<string> plugin name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, or `daemon`
+            - `volume=<string>` volume name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: ""
+                  Labels: null
+                  Scope: ""
+                  Options: null
+                  UsageData:
+                    Size: 0
+                    RefCount: 0
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Containers:
+                  39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867:
+                    EndpointID: "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda"
+                    MacAddress: "02:42:ac:11:00:02"
+                    IPv4Address: "172.17.0.2/16"
+                    IPv6Address: ""
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+            example:
+              - Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+                Name: "tiborvass/sample-volume-plugin"
+                Tag: "latest"
+                Active: true
+                Settings:
+                  Env:
+                    - "DEBUG=0"
+                  Args: null
+                  Devices: null
+                Config:
+                  Description: "A sample volume plugin for Docker"
+                  Documentation: "https://docs.docker.com/engine/extend/plugins/"
+                  Interface:
+                    Types:
+                      - "docker.volumedriver/1.0"
+                    Socket: "plugins.sock"
+                  Entrypoint:
+                    - "/usr/bin/sample-volume-plugin"
+                    - "/data"
+                  WorkDir: ""
+                  User: {}
+                  Network:
+                    Type: ""
+                  Linux:
+                    Capabilities: null
+                    AllowAllDevices: false
+                    Devices: null
+                  Mounts: null
+                  PropagatedMount: "/data"
+                  Env:
+                    - Name: "DEBUG"
+                      Description: "If set, prints debug messages"
+                      Settable: null
+                      Value: "0"
+                  Args:
+                    Name: "args"
+                    Description: "command line arguments"
+                    Settable: null
+                    Value: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ClusterInfo"
+              - type: "object"
+                properties:
+                  JoinTokens:
+                    description: "The tokens workers and managers need to join the swarm."
+                    type: "object"
+                    properties:
+                      Worker:
+                        description: "The token workers can use to join the swarm."
+                        type: "string"
+                      Manager:
+                        description: "The token managers can use to join the swarm."
+                        type: "string"
+            example:
+              CreatedAt: "2016-08-15T16:00:20.349727406Z"
+              Spec:
+                Dispatcher:
+                  HeartbeatPeriod: 5000000000
+                Orchestration:
+                  TaskHistoryRetentionLimit: 10
+                CAConfig:
+                  NodeCertExpiry: 7776000000000000
+                Raft:
+                  LogEntriesForSlowFollowers: 500
+                  HeartbeatTick: 1
+                  SnapshotInterval: 10000
+                  ElectionTick: 3
+                TaskDefaults: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+                Name: "default"
+              JoinTokens:
+                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
+                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+              ID: "70ilmkj2f6sp2137c753w2nmt"
+              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
+              Version:
+                Index: 51
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
diff --git a/docs/api/v1.29.yaml b/docs/api/v1.29.yaml
new file mode 100644
index 0000000000000..77f6cbea12576
--- /dev/null
+++ b/docs/api/v1.29.yaml
@@ -0,0 +1,8238 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.29"
+info:
+  title: "Docker Engine API"
+  version: "1.29"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine 17.05, the API version is 1.29. To lock to this version, you prefix the URL with `/v1.29`. For example, calling `/info` is the same as calling `/v1.29/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.29 of the API, which was introduced with Docker 17.05. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    17.04.x | [1.28](https://docs.docker.com/engine/api/v1.28/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-28-api-changes)
+    17.03.1 | [1.27](https://docs.docker.com/engine/api/v1.27/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-27-api-changes)
+    1.13.1 & 17.03.0 | [1.26](https://docs.docker.com/engine/api/v1.26/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-26-api-changes)
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+    default: {}
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or not less than 1000000000(1s). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or not less than 1000000000(1s). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: "IPC namespace to use for the container."
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  Config:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkConfig:
+    description: "TODO: check is correct"
+    type: "object"
+    properties:
+      Bridge:
+        type: "string"
+      Gateway:
+        type: "string"
+      Address:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      MacAddress:
+        type: "string"
+      PortMapping:
+        type: "string"
+      Ports:
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/Config"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/Config"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        required: [Size, RefCount]
+        properties:
+          Size:
+            type: "integer"
+            description: "The disk space used by the volume (local driver only)"
+            default: -1
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: "The number of containers referencing this volume."
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+  NetworkContainer:
+    type: "object"
+    properties:
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      IPAMConfig:
+        description: "IPAM configurations for the endpoint"
+        type: "object"
+        properties:
+          IPv4Address:
+            type: "string"
+          IPv6Address:
+            type: "string"
+          LinkLocalIPs:
+            type: "array"
+            items:
+              type: "string"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+      NetworkID:
+        type: "string"
+      EndpointID:
+        type: "string"
+      Gateway:
+        type: "string"
+      IPAddress:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      IPv6Gateway:
+        type: "string"
+      GlobalIPv6Address:
+        type: "string"
+      GlobalIPv6PrefixLen:
+        type: "integer"
+        format: "int64"
+      MacAddress:
+        type: "string"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+        x-nullable: false
+      Type:
+        type: "string"
+        x-nullable: false
+      Options:
+        type: "array"
+        items:
+          type: "string"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+      Name:
+        type: "string"
+        x-nullable: false
+      Enabled:
+        description: "True when the plugin is running. False when the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+          Description:
+            type: "string"
+            x-nullable: false
+          Documentation:
+            type: "string"
+            x-nullable: false
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+              Socket:
+                type: "string"
+                x-nullable: false
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+              GID:
+                type: "integer"
+                format: "uint32"
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+              Description:
+                x-nullable: false
+                type: "string"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+    example:
+      Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name: "tiborvass/sample-volume-plugin"
+      Tag: "latest"
+      Active: true
+      Settings:
+        Env:
+          - "DEBUG=0"
+        Args: null
+        Devices: null
+      Config:
+        Description: "A sample volume plugin for Docker"
+        Documentation: "https://docs.docker.com/engine/extend/plugins/"
+        Interface:
+          Types:
+            - "docker.volumedriver/1.0"
+          Socket: "plugins.sock"
+        Entrypoint:
+          - "/usr/bin/sample-volume-plugin"
+          - "/data"
+        WorkDir: ""
+        User: {}
+        Network:
+          Type: ""
+        Linux:
+          Capabilities: null
+          AllowAllDevices: false
+          Devices: null
+        Mounts: null
+        PropagatedMount: "/data"
+        Env:
+          - Name: "DEBUG"
+            Description: "If set, prints debug messages"
+            Settable: null
+            Value: "0"
+        Args:
+          Name: "args"
+          Description: "command line arguments"
+          Settable: null
+          Value: []
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentially overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "int64"
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        type: "object"
+        properties:
+          Hostname:
+            type: "string"
+          Platform:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              OS:
+                type: "string"
+          Resources:
+            type: "object"
+            properties:
+              NanoCPUs:
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                type: "integer"
+                format: "int64"
+          Engine:
+            type: "object"
+            properties:
+              EngineVersion:
+                type: "string"
+              Labels:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Plugins:
+                type: "array"
+                items:
+                  type: "object"
+                  properties:
+                    Type:
+                      type: "string"
+                    Name:
+                      type: "string"
+    example:
+      ID: "24ifsmvkjbyhk"
+      Version:
+        Index: 8
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
+      Spec:
+        Name: "my-node"
+        Role: "manager"
+        Availability: "active"
+        Labels:
+          foo: "bar"
+      Description:
+        Hostname: "bf3067039e47"
+        Platform:
+          Architecture: "x86_64"
+          OS: "linux"
+        Resources:
+          NanoCPUs: 4000000000
+          MemoryBytes: 8272408576
+        Engine:
+          EngineVersion: "17.04.0"
+          Labels:
+            foo: "bar"
+          Plugins:
+            - Type: "Volume"
+              Name: "local"
+            - Type: "Network"
+              Name: "bridge"
+            - Type: "Network"
+              Name: "null"
+            - Type: "Network"
+              Name: "overlay"
+      Status:
+        State: "ready"
+        Addr: "172.17.0.2"
+      ManagerStatus:
+        Leader: true
+        Reachability: "reachable"
+        Addr: "172.17.0.2:2377"
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "int64"
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "int64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "int64"
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+
+              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                type: "string"
+              Options:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+    example:
+      Name: "default"
+      Orchestration:
+        TaskHistoryRetentionLimit: 10
+      Raft:
+        SnapshotInterval: 10000
+        LogEntriesForSlowFollowers: 500
+        HeartbeatTick: 1
+        ElectionTick: 3
+      Dispatcher:
+        HeartbeatPeriod: 5000000000
+      CAConfig:
+        NodeCertExpiry: 7776000000000000
+      JoinTokens:
+        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      EncryptionConfig:
+        AutoLockManagers: false
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      ContainerSpec:
+        type: "object"
+        properties:
+          Image:
+            description: "The image name to use for the container."
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file.
+              The format of extra hosts on swarmkit is specified in:
+              http://man7.org/linux/man-pages/man5/hosts.5.html
+                IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            type: "object"
+            properties:
+              NanoCPUs:
+                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory limit in Bytes."
+                type: "integer"
+                format: "int64"
+          Reservation:
+            description: "Define resources reservation."
+            properties:
+              NanoCPUs:
+                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory reservation in Bytes."
+                type: "integer"
+                format: "int64"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: "Base64-url-safe-encoded secret data"
+        type: "array"
+        items:
+          type: "string"
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/Config"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        406:
+          description: "impossible to attach"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: "The status of the container. For example, `running` or `exited`."
+                    type: "string"
+                  Running:
+                    description: "Whether this container is running."
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/Config"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkConfig"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                SecondaryIPAddresses: null
+                SecondaryIPv6Addresses: null
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              Containers:
+                type: "integer"
+              ContainersRunning:
+                type: "integer"
+              ContainersStopped:
+                type: "integer"
+              ContainersPaused:
+                type: "integer"
+              CpuCfsPeriod:
+                type: "boolean"
+              CpuCfsQuota:
+                type: "boolean"
+              Debug:
+                type: "boolean"
+              DiscoveryBackend:
+                type: "string"
+              DockerRootDir:
+                type: "string"
+              Driver:
+                type: "string"
+              DriverStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              SystemStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              Plugins:
+                type: "object"
+                properties:
+                  Volume:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Network:
+                    type: "array"
+                    items:
+                      type: "string"
+              ExperimentalBuild:
+                type: "boolean"
+              HttpProxy:
+                type: "string"
+              HttpsProxy:
+                type: "string"
+              ID:
+                type: "string"
+              IPv4Forwarding:
+                type: "boolean"
+              Images:
+                type: "integer"
+              IndexServerAddress:
+                type: "string"
+              InitPath:
+                type: "string"
+              InitSha1:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Labels:
+                type: "array"
+                items:
+                  type: "string"
+              MemTotal:
+                type: "integer"
+              MemoryLimit:
+                type: "boolean"
+              NCPU:
+                type: "integer"
+              NEventsListener:
+                type: "integer"
+              NFd:
+                type: "integer"
+              NGoroutines:
+                type: "integer"
+              Name:
+                type: "string"
+              NoProxy:
+                type: "string"
+              OomKillDisable:
+                type: "boolean"
+              OSType:
+                type: "string"
+              OomScoreAdj:
+                type: "integer"
+              OperatingSystem:
+                type: "string"
+              RegistryConfig:
+                type: "object"
+                properties:
+                  IndexConfigs:
+                    type: "object"
+                    additionalProperties:
+                      type: "object"
+                      properties:
+                        Mirrors:
+                          type: "array"
+                          items:
+                            type: "string"
+                        Name:
+                          type: "string"
+                        Official:
+                          type: "boolean"
+                        Secure:
+                          type: "boolean"
+                  InsecureRegistryCIDRs:
+                    type: "array"
+                    items:
+                      type: "string"
+              SwapLimit:
+                type: "boolean"
+              SystemTime:
+                type: "string"
+              ServerVersion:
+                type: "string"
+          examples:
+            application/json:
+              Architecture: "x86_64"
+              ClusterStore: "etcd://localhost:2379"
+              CgroupDriver: "cgroupfs"
+              Containers: 11
+              ContainersRunning: 7
+              ContainersStopped: 3
+              ContainersPaused: 1
+              CpuCfsPeriod: true
+              CpuCfsQuota: true
+              Debug: false
+              DockerRootDir: "/var/lib/docker"
+              Driver: "btrfs"
+              DriverStatus:
+                -
+                  - ""
+              ExperimentalBuild: false
+              HttpProxy: "http://test:test@localhost:8080"
+              HttpsProxy: "https://test:test@localhost:8080"
+              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+              IPv4Forwarding: true
+              Images: 16
+              IndexServerAddress: "https://index.docker.io/v1/"
+              InitPath: "/usr/bin/docker"
+              InitSha1: ""
+              KernelMemory: true
+              KernelVersion: "3.12.0-1-amd64"
+              Labels:
+                - "storage=ssd"
+              MemTotal: 2099236864
+              MemoryLimit: true
+              NCPU: 1
+              NEventsListener: 0
+              NFd: 11
+              NGoroutines: 21
+              Name: "prod-server-42"
+              NoProxy: "9.81.1.160"
+              OomKillDisable: true
+              OSType: "linux"
+              OperatingSystem: "Boot2Docker"
+              Plugins:
+                Volume:
+                  - "local"
+                Network:
+                  - "null"
+                  - "host"
+                  - "bridge"
+              RegistryConfig:
+                IndexConfigs:
+                  docker.io:
+                    Name: "docker.io"
+                    Official: true
+                    Secure: true
+                InsecureRegistryCIDRs:
+                  - "127.0.0.0/8"
+              SecurityOptions:
+                - Key: "Name"
+                  Value: "seccomp"
+                - Key: "Profile"
+                  Value: "default"
+                - Key: "Name"
+                  Value: "apparmor"
+                - Key: "Name"
+                  Value: "selinux"
+                - Key: "Name"
+                  Value: "userns"
+              ServerVersion: "1.9.0"
+              SwapLimit: false
+              SystemStatus:
+                -
+                  - "State"
+                  - "Healthy"
+              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/Config"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update`
+
+        Images report these events: `delete, import, load, pull, push, save, tag, untag`
+
+        Volumes report these events: `create, mount, unmount, destroy`
+
+        Networks report these events: `create, connect, disconnect, destroy`
+
+        The Docker daemon reports these events: `reload`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `plugin`=<string> plugin name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, or `daemon`
+            - `volume=<string>` volume name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: ""
+                  Labels: null
+                  Scope: ""
+                  Options: null
+                  UsageData:
+                    Size: 0
+                    RefCount: 0
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Containers:
+                  39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867:
+                    EndpointID: "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda"
+                    MacAddress: "02:42:ac:11:00:02"
+                    IPv4Address: "172.17.0.2/16"
+                    IPv6Address: ""
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+            example:
+              - Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+                Name: "tiborvass/sample-volume-plugin"
+                Tag: "latest"
+                Active: true
+                Settings:
+                  Env:
+                    - "DEBUG=0"
+                  Args: null
+                  Devices: null
+                Config:
+                  Description: "A sample volume plugin for Docker"
+                  Documentation: "https://docs.docker.com/engine/extend/plugins/"
+                  Interface:
+                    Types:
+                      - "docker.volumedriver/1.0"
+                    Socket: "plugins.sock"
+                  Entrypoint:
+                    - "/usr/bin/sample-volume-plugin"
+                    - "/data"
+                  WorkDir: ""
+                  User: {}
+                  Network:
+                    Type: ""
+                  Linux:
+                    Capabilities: null
+                    AllowAllDevices: false
+                    Devices: null
+                  Mounts: null
+                  PropagatedMount: "/data"
+                  Env:
+                    - Name: "DEBUG"
+                      Description: "If set, prints debug messages"
+                      Settable: null
+                      Value: "0"
+                  Args:
+                    Name: "args"
+                    Description: "command line arguments"
+                    Settable: null
+                    Value: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ClusterInfo"
+              - type: "object"
+                properties:
+                  JoinTokens:
+                    description: "The tokens workers and managers need to join the swarm."
+                    type: "object"
+                    properties:
+                      Worker:
+                        description: "The token workers can use to join the swarm."
+                        type: "string"
+                      Manager:
+                        description: "The token managers can use to join the swarm."
+                        type: "string"
+            example:
+              CreatedAt: "2016-08-15T16:00:20.349727406Z"
+              Spec:
+                Dispatcher:
+                  HeartbeatPeriod: 5000000000
+                Orchestration:
+                  TaskHistoryRetentionLimit: 10
+                CAConfig:
+                  NodeCertExpiry: 7776000000000000
+                Raft:
+                  LogEntriesForSlowFollowers: 500
+                  HeartbeatTick: 1
+                  SnapshotInterval: 10000
+                  ElectionTick: 3
+                TaskDefaults: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+                Name: "default"
+              JoinTokens:
+                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
+                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+              ID: "70ilmkj2f6sp2137c753w2nmt"
+              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
+              Version:
+                Index: 51
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
diff --git a/docs/api/v1.30.yaml b/docs/api/v1.30.yaml
new file mode 100644
index 0000000000000..007564d3529a9
--- /dev/null
+++ b/docs/api/v1.30.yaml
@@ -0,0 +1,8776 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.30"
+info:
+  title: "Docker Engine API"
+  version: "1.30"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine 17.06, the API version is 1.30. To lock to this version, you prefix the URL with `/v1.30`. For example, calling `/info` is the same as calling `/v1.30/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.30 of the API, which was introduced with Docker 17.06. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    17.05.x | [1.29](https://docs.docker.com/engine/api/v1.29/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-29-api-changes)
+    17.04.x | [1.28](https://docs.docker.com/engine/api/v1.28/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-28-api-changes)
+    17.03.1 | [1.27](https://docs.docker.com/engine/api/v1.27/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-27-api-changes)
+    1.13.1 & 17.03.0 | [1.26](https://docs.docker.com/engine/api/v1.26/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-26-api-changes)
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: "IPC namespace to use for the container."
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkConfig:
+    description: "TODO: check is correct"
+    type: "object"
+    properties:
+      Bridge:
+        type: "string"
+      Gateway:
+        type: "string"
+      Address:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      MacAddress:
+        type: "string"
+      PortMapping:
+        type: "string"
+      Ports:
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      IPAMConfig:
+        description: "IPAM configurations for the endpoint"
+        type: "object"
+        properties:
+          IPv4Address:
+            type: "string"
+          IPv6Address:
+            type: "string"
+          LinkLocalIPs:
+            type: "array"
+            items:
+              type: "string"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+      NetworkID:
+        type: "string"
+      EndpointID:
+        type: "string"
+      Gateway:
+        type: "string"
+      IPAddress:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      IPv6Gateway:
+        type: "string"
+      GlobalIPv6Address:
+        type: "string"
+      GlobalIPv6PrefixLen:
+        type: "integer"
+        format: "int64"
+      MacAddress:
+        type: "string"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentially overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "int64"
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        type: "object"
+        properties:
+          Hostname:
+            type: "string"
+          Platform:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              OS:
+                type: "string"
+          Resources:
+            type: "object"
+            properties:
+              NanoCPUs:
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                type: "integer"
+                format: "int64"
+          Engine:
+            type: "object"
+            properties:
+              EngineVersion:
+                type: "string"
+              Labels:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Plugins:
+                type: "array"
+                items:
+                  type: "object"
+                  properties:
+                    Type:
+                      type: "string"
+                    Name:
+                      type: "string"
+          TLSInfo:
+            $ref: "#/definitions/SwarmSpec"
+    example:
+      ID: "24ifsmvkjbyhk"
+      Version:
+        Index: 8
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
+      Spec:
+        Name: "my-node"
+        Role: "manager"
+        Availability: "active"
+        Labels:
+          foo: "bar"
+      Description:
+        Hostname: "bf3067039e47"
+        Platform:
+          Architecture: "x86_64"
+          OS: "linux"
+        Resources:
+          NanoCPUs: 4000000000
+          MemoryBytes: 8272408576
+        Engine:
+          EngineVersion: "17.04.0"
+          Labels:
+            foo: "bar"
+          Plugins:
+            - Type: "Volume"
+              Name: "local"
+            - Type: "Network"
+              Name: "bridge"
+            - Type: "Network"
+              Name: "null"
+            - Type: "Network"
+              Name: "overlay"
+      Status:
+        State: "ready"
+        Addr: "172.17.0.2"
+      ManagerStatus:
+        Leader: true
+        Reachability: "reachable"
+        Addr: "172.17.0.2:2377"
+      TLSInfo:
+        TrustRoot: |
+          -----BEGIN CERTIFICATE-----
+          MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+          EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+          MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+          A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+          3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+          Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+          PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+          pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+          -----END CERTIFICATE-----
+        CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+        CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "int64"
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "int64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "int64"
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+
+              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                type: "string"
+              Options:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+    example:
+      Name: "default"
+      Orchestration:
+        TaskHistoryRetentionLimit: 10
+      Raft:
+        SnapshotInterval: 10000
+        LogEntriesForSlowFollowers: 500
+        HeartbeatTick: 1
+        ElectionTick: 3
+      Dispatcher:
+        HeartbeatPeriod: 5000000000
+      CAConfig:
+        NodeCertExpiry: 7776000000000000
+      JoinTokens:
+        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      EncryptionConfig:
+        AutoLockManagers: false
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      ContainerSpec:
+        type: "object"
+        properties:
+          Image:
+            description: "The image name to use for the container."
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file.
+              The format of extra hosts on swarmkit is specified in:
+              http://man7.org/linux/man-pages/man5/hosts.5.html
+                IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            type: "object"
+            properties:
+              NanoCPUs:
+                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory limit in Bytes."
+                type: "integer"
+                format: "int64"
+          Reservation:
+            description: "Define resources reservation."
+            properties:
+              NanoCPUs:
+                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory reservation in Bytes."
+                type: "integer"
+                format: "int64"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+          Platforms:
+            description: "An array of supported platforms."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Architecture:
+                  type: "string"
+                OS:
+                  type: "string"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: "Base64-url-safe-encoded secret data"
+        type: "array"
+        items:
+          type: "string"
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: "Base64-url-safe-encoded config data"
+        type: "array"
+        items:
+          type: "string"
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        406:
+          description: "impossible to attach"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkConfig"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                SecondaryIPAddresses: null
+                SecondaryIPv6Addresses: null
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              Containers:
+                type: "integer"
+              ContainersRunning:
+                type: "integer"
+              ContainersStopped:
+                type: "integer"
+              ContainersPaused:
+                type: "integer"
+              CpuCfsPeriod:
+                type: "boolean"
+              CpuCfsQuota:
+                type: "boolean"
+              Debug:
+                type: "boolean"
+              DiscoveryBackend:
+                type: "string"
+              DockerRootDir:
+                type: "string"
+              Driver:
+                type: "string"
+              DriverStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              SystemStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              Plugins:
+                type: "object"
+                properties:
+                  Volume:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Network:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Log:
+                    type: "array"
+                    items:
+                      type: "string"
+              ExperimentalBuild:
+                type: "boolean"
+              HttpProxy:
+                type: "string"
+              HttpsProxy:
+                type: "string"
+              ID:
+                type: "string"
+              IPv4Forwarding:
+                type: "boolean"
+              Images:
+                type: "integer"
+              IndexServerAddress:
+                type: "string"
+              InitPath:
+                type: "string"
+              InitSha1:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Labels:
+                type: "array"
+                items:
+                  type: "string"
+              MemTotal:
+                type: "integer"
+              MemoryLimit:
+                type: "boolean"
+              NCPU:
+                type: "integer"
+              NEventsListener:
+                type: "integer"
+              NFd:
+                type: "integer"
+              NGoroutines:
+                type: "integer"
+              Name:
+                type: "string"
+              NoProxy:
+                type: "string"
+              OomKillDisable:
+                type: "boolean"
+              OSType:
+                type: "string"
+              OomScoreAdj:
+                type: "integer"
+              OperatingSystem:
+                type: "string"
+              RegistryConfig:
+                type: "object"
+                properties:
+                  IndexConfigs:
+                    type: "object"
+                    additionalProperties:
+                      type: "object"
+                      properties:
+                        Mirrors:
+                          type: "array"
+                          items:
+                            type: "string"
+                        Name:
+                          type: "string"
+                        Official:
+                          type: "boolean"
+                        Secure:
+                          type: "boolean"
+                  InsecureRegistryCIDRs:
+                    type: "array"
+                    items:
+                      type: "string"
+              SwapLimit:
+                type: "boolean"
+              SystemTime:
+                type: "string"
+              ServerVersion:
+                type: "string"
+          examples:
+            application/json:
+              Architecture: "x86_64"
+              ClusterStore: "etcd://localhost:2379"
+              CgroupDriver: "cgroupfs"
+              Containers: 11
+              ContainersRunning: 7
+              ContainersStopped: 3
+              ContainersPaused: 1
+              CpuCfsPeriod: true
+              CpuCfsQuota: true
+              Debug: false
+              DockerRootDir: "/var/lib/docker"
+              Driver: "btrfs"
+              DriverStatus:
+                -
+                  - ""
+              ExperimentalBuild: false
+              HttpProxy: "http://test:test@localhost:8080"
+              HttpsProxy: "https://test:test@localhost:8080"
+              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+              IPv4Forwarding: true
+              Images: 16
+              IndexServerAddress: "https://index.docker.io/v1/"
+              InitPath: "/usr/bin/docker"
+              InitSha1: ""
+              KernelMemory: true
+              KernelVersion: "3.12.0-1-amd64"
+              Labels:
+                - "storage=ssd"
+              MemTotal: 2099236864
+              MemoryLimit: true
+              NCPU: 1
+              NEventsListener: 0
+              NFd: 11
+              NGoroutines: 21
+              Name: "prod-server-42"
+              NoProxy: "9.81.1.160"
+              OomKillDisable: true
+              OSType: "linux"
+              OperatingSystem: "Boot2Docker"
+              Plugins:
+                Volume:
+                  - "local"
+                Network:
+                  - "null"
+                  - "host"
+                  - "bridge"
+              RegistryConfig:
+                IndexConfigs:
+                  docker.io:
+                    Name: "docker.io"
+                    Official: true
+                    Secure: true
+                InsecureRegistryCIDRs:
+                  - "127.0.0.0/8"
+              SecurityOptions:
+                - Key: "Name"
+                  Value: "seccomp"
+                - Key: "Profile"
+                  Value: "default"
+                - Key: "Name"
+                  Value: "apparmor"
+                - Key: "Name"
+                  Value: "selinux"
+                - Key: "Name"
+                  Value: "userns"
+              ServerVersion: "1.9.0"
+              SwapLimit: false
+              SystemStatus:
+                -
+                  - "State"
+                  - "Healthy"
+              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`＝<string> local or swarm
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service` or `secret`
+            - `volume=<string>` volume name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ClusterInfo"
+              - type: "object"
+                properties:
+                  JoinTokens:
+                    description: "The tokens workers and managers need to join the swarm."
+                    type: "object"
+                    properties:
+                      Worker:
+                        description: "The token workers can use to join the swarm."
+                        type: "string"
+                      Manager:
+                        description: "The token managers can use to join the swarm."
+                        type: "string"
+            example:
+              CreatedAt: "2016-08-15T16:00:20.349727406Z"
+              Spec:
+                Dispatcher:
+                  HeartbeatPeriod: 5000000000
+                Orchestration:
+                  TaskHistoryRetentionLimit: 10
+                CAConfig:
+                  NodeCertExpiry: 7776000000000000
+                Raft:
+                  LogEntriesForSlowFollowers: 500
+                  HeartbeatTick: 1
+                  SnapshotInterval: 10000
+                  ElectionTick: 3
+                TaskDefaults: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+                Name: "default"
+              JoinTokens:
+                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
+                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+              ID: "70ilmkj2f6sp2137c753w2nmt"
+              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
+              Version:
+                Index: 51
+              RootRotationInProgress: false
+              TLSInfo:
+                TrustRoot: |
+                  -----BEGIN CERTIFICATE-----
+                  MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+                  EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+                  MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+                  A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+                  3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+                  Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+                  PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+                  pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+                  -----END CERTIFICATE-----
+                CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+                CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created config."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
diff --git a/docs/api/v1.31.yaml b/docs/api/v1.31.yaml
new file mode 100644
index 0000000000000..77518554fca6c
--- /dev/null
+++ b/docs/api/v1.31.yaml
@@ -0,0 +1,8946 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.31"
+info:
+  title: "Docker Engine API"
+  version: "1.31"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine 17.06, the API version is 1.30. To lock to this version, you prefix the URL with `/v1.30`. For example, calling `/info` is the same as calling `/v1.30/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.31 of the API. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    17.06.x | [1.30](https://docs.docker.com/engine/api/v1.30/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-30-api-changes)
+    17.05.x | [1.29](https://docs.docker.com/engine/api/v1.29/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-29-api-changes)
+    17.04.x | [1.28](https://docs.docker.com/engine/api/v1.28/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-28-api-changes)
+    17.03.1 | [1.27](https://docs.docker.com/engine/api/v1.27/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-27-api-changes)
+    1.13.1 & 17.03.0 | [1.26](https://docs.docker.com/engine/api/v1.26/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-26-api-changes)
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: "IPC namespace to use for the container."
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkConfig:
+    description: "TODO: check is correct"
+    type: "object"
+    properties:
+      Bridge:
+        type: "string"
+      Gateway:
+        type: "string"
+      Address:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      MacAddress:
+        type: "string"
+      PortMapping:
+        type: "string"
+      Ports:
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        required: [Size, RefCount]
+        properties:
+          Size:
+            type: "integer"
+            description: "The disk space used by the volume (local driver only)"
+            default: -1
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: "The number of containers referencing this volume."
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      IPAMConfig:
+        description: "IPAM configurations for the endpoint"
+        type: "object"
+        properties:
+          IPv4Address:
+            type: "string"
+          IPv6Address:
+            type: "string"
+          LinkLocalIPs:
+            type: "array"
+            items:
+              type: "string"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+      NetworkID:
+        type: "string"
+      EndpointID:
+        type: "string"
+      Gateway:
+        type: "string"
+      IPAddress:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      IPv6Gateway:
+        type: "string"
+      GlobalIPv6Address:
+        type: "string"
+      GlobalIPv6PrefixLen:
+        type: "integer"
+        format: "int64"
+      MacAddress:
+        type: "string"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "int64"
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        type: "object"
+        properties:
+          Hostname:
+            type: "string"
+          Platform:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              OS:
+                type: "string"
+          Resources:
+            type: "object"
+            properties:
+              NanoCPUs:
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                type: "integer"
+                format: "int64"
+          Engine:
+            type: "object"
+            properties:
+              EngineVersion:
+                type: "string"
+              Labels:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Plugins:
+                type: "array"
+                items:
+                  type: "object"
+                  properties:
+                    Type:
+                      type: "string"
+                    Name:
+                      type: "string"
+          TLSInfo:
+            $ref: "#/definitions/SwarmSpec"
+    example:
+      ID: "24ifsmvkjbyhk"
+      Version:
+        Index: 8
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
+      Spec:
+        Name: "my-node"
+        Role: "manager"
+        Availability: "active"
+        Labels:
+          foo: "bar"
+      Description:
+        Hostname: "bf3067039e47"
+        Platform:
+          Architecture: "x86_64"
+          OS: "linux"
+        Resources:
+          NanoCPUs: 4000000000
+          MemoryBytes: 8272408576
+        Engine:
+          EngineVersion: "17.04.0"
+          Labels:
+            foo: "bar"
+          Plugins:
+            - Type: "Volume"
+              Name: "local"
+            - Type: "Network"
+              Name: "bridge"
+            - Type: "Network"
+              Name: "null"
+            - Type: "Network"
+              Name: "overlay"
+      Status:
+        State: "ready"
+        Addr: "172.17.0.2"
+      ManagerStatus:
+        Leader: true
+        Reachability: "reachable"
+        Addr: "172.17.0.2:2377"
+      TLSInfo:
+        TrustRoot: |
+          -----BEGIN CERTIFICATE-----
+          MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+          EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+          MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+          A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+          3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+          Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+          PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+          pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+          -----END CERTIFICATE-----
+        CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+        CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "int64"
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "int64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "int64"
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+
+              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                type: "string"
+              Options:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+    example:
+      Name: "default"
+      Orchestration:
+        TaskHistoryRetentionLimit: 10
+      Raft:
+        SnapshotInterval: 10000
+        LogEntriesForSlowFollowers: 500
+        HeartbeatTick: 1
+        ElectionTick: 3
+      Dispatcher:
+        HeartbeatPeriod: 5000000000
+      CAConfig:
+        NodeCertExpiry: 7776000000000000
+      JoinTokens:
+        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      EncryptionConfig:
+        AutoLockManagers: false
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: "Invalid when specified with `ContainerSpec`. *(Experimental release only.)*"
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: "Invalid when specified with `PluginSpec`."
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file.
+              The format of extra hosts on swarmkit is specified in:
+              http://man7.org/linux/man-pages/man5/hosts.5.html
+                IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            type: "object"
+            properties:
+              NanoCPUs:
+                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory limit in Bytes."
+                type: "integer"
+                format: "int64"
+          Reservation:
+            description: "Define resources reservation."
+            properties:
+              NanoCPUs:
+                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory reservation in Bytes."
+                type: "integer"
+                format: "int64"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+          Platforms:
+            description: "An array of supported platforms."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Architecture:
+                  type: "string"
+                OS:
+                  type: "string"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        406:
+          description: "impossible to attach"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkConfig"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                SecondaryIPAddresses: null
+                SecondaryIPv6Addresses: null
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              Containers:
+                type: "integer"
+              ContainersRunning:
+                type: "integer"
+              ContainersStopped:
+                type: "integer"
+              ContainersPaused:
+                type: "integer"
+              CpuCfsPeriod:
+                type: "boolean"
+              CpuCfsQuota:
+                type: "boolean"
+              Debug:
+                type: "boolean"
+              DiscoveryBackend:
+                type: "string"
+              DockerRootDir:
+                type: "string"
+              Driver:
+                type: "string"
+              DriverStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              SystemStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              Plugins:
+                type: "object"
+                properties:
+                  Volume:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Network:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Log:
+                    type: "array"
+                    items:
+                      type: "string"
+              ExperimentalBuild:
+                type: "boolean"
+              HttpProxy:
+                type: "string"
+              HttpsProxy:
+                type: "string"
+              ID:
+                type: "string"
+              IPv4Forwarding:
+                type: "boolean"
+              Images:
+                type: "integer"
+              IndexServerAddress:
+                type: "string"
+              InitPath:
+                type: "string"
+              InitSha1:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Labels:
+                type: "array"
+                items:
+                  type: "string"
+              MemTotal:
+                type: "integer"
+              MemoryLimit:
+                type: "boolean"
+              NCPU:
+                type: "integer"
+              NEventsListener:
+                type: "integer"
+              NFd:
+                type: "integer"
+              NGoroutines:
+                type: "integer"
+              Name:
+                type: "string"
+              NoProxy:
+                type: "string"
+              OomKillDisable:
+                type: "boolean"
+              OSType:
+                type: "string"
+              OomScoreAdj:
+                type: "integer"
+              OperatingSystem:
+                type: "string"
+              RegistryConfig:
+                type: "object"
+                properties:
+                  IndexConfigs:
+                    type: "object"
+                    additionalProperties:
+                      type: "object"
+                      properties:
+                        Mirrors:
+                          type: "array"
+                          items:
+                            type: "string"
+                        Name:
+                          type: "string"
+                        Official:
+                          type: "boolean"
+                        Secure:
+                          type: "boolean"
+                  InsecureRegistryCIDRs:
+                    type: "array"
+                    items:
+                      type: "string"
+              SwapLimit:
+                type: "boolean"
+              SystemTime:
+                type: "string"
+              ServerVersion:
+                type: "string"
+          examples:
+            application/json:
+              Architecture: "x86_64"
+              ClusterStore: "etcd://localhost:2379"
+              CgroupDriver: "cgroupfs"
+              Containers: 11
+              ContainersRunning: 7
+              ContainersStopped: 3
+              ContainersPaused: 1
+              CpuCfsPeriod: true
+              CpuCfsQuota: true
+              Debug: false
+              DockerRootDir: "/var/lib/docker"
+              Driver: "btrfs"
+              DriverStatus:
+                -
+                  - ""
+              ExperimentalBuild: false
+              HttpProxy: "http://test:test@localhost:8080"
+              HttpsProxy: "https://test:test@localhost:8080"
+              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+              IPv4Forwarding: true
+              Images: 16
+              IndexServerAddress: "https://index.docker.io/v1/"
+              InitPath: "/usr/bin/docker"
+              InitSha1: ""
+              KernelMemory: true
+              KernelVersion: "3.12.0-1-amd64"
+              Labels:
+                - "storage=ssd"
+              MemTotal: 2099236864
+              MemoryLimit: true
+              NCPU: 1
+              NEventsListener: 0
+              NFd: 11
+              NGoroutines: 21
+              Name: "prod-server-42"
+              NoProxy: "9.81.1.160"
+              OomKillDisable: true
+              OSType: "linux"
+              OperatingSystem: "Boot2Docker"
+              Plugins:
+                Volume:
+                  - "local"
+                Network:
+                  - "null"
+                  - "host"
+                  - "bridge"
+              RegistryConfig:
+                IndexConfigs:
+                  docker.io:
+                    Name: "docker.io"
+                    Official: true
+                    Secure: true
+                InsecureRegistryCIDRs:
+                  - "127.0.0.0/8"
+              SecurityOptions:
+                - Key: "Name"
+                  Value: "seccomp"
+                - Key: "Profile"
+                  Value: "default"
+                - Key: "Name"
+                  Value: "apparmor"
+                - Key: "Name"
+                  Value: "selinux"
+                - Key: "Name"
+                  Value: "userns"
+              ServerVersion: "1.9.0"
+              SwapLimit: false
+              SystemStatus:
+                -
+                  - "State"
+                  - "Healthy"
+              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`＝<string> local or swarm
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service` or `secret`
+            - `volume=<string>` volume name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: ""
+                  Labels: null
+                  Scope: ""
+                  Options: null
+                  UsageData:
+                    Size: 0
+                    RefCount: 0
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ClusterInfo"
+              - type: "object"
+                properties:
+                  JoinTokens:
+                    description: "The tokens workers and managers need to join the swarm."
+                    type: "object"
+                    properties:
+                      Worker:
+                        description: "The token workers can use to join the swarm."
+                        type: "string"
+                      Manager:
+                        description: "The token managers can use to join the swarm."
+                        type: "string"
+            example:
+              CreatedAt: "2016-08-15T16:00:20.349727406Z"
+              Spec:
+                Dispatcher:
+                  HeartbeatPeriod: 5000000000
+                Orchestration:
+                  TaskHistoryRetentionLimit: 10
+                CAConfig:
+                  NodeCertExpiry: 7776000000000000
+                Raft:
+                  LogEntriesForSlowFollowers: 500
+                  HeartbeatTick: 1
+                  SnapshotInterval: 10000
+                  ElectionTick: 3
+                TaskDefaults: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+                Name: "default"
+              JoinTokens:
+                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
+                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+              ID: "70ilmkj2f6sp2137c753w2nmt"
+              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
+              Version:
+                Index: 51
+              RootRotationInProgress: false
+              TLSInfo:
+                TrustRoot: |
+                  -----BEGIN CERTIFICATE-----
+                  MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+                  EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+                  MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+                  A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+                  3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+                  Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+                  PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+                  pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+                  -----END CERTIFICATE-----
+                CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+                CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created config."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.32.yaml b/docs/api/v1.32.yaml
new file mode 100644
index 0000000000000..834b2eb0f553a
--- /dev/null
+++ b/docs/api/v1.32.yaml
@@ -0,0 +1,9930 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.32"
+info:
+  title: "Docker Engine API"
+  version: "1.32"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine 17.07, the API version is 1.31. To lock to this version, you prefix the URL with `/v1.31`. For example, calling `/info` is the same as calling `/v1.31/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.32 of the API. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    17.07.x | [1.31](https://docs.docker.com/engine/api/v1.31/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-31-api-changes)
+    17.06.x | [1.30](https://docs.docker.com/engine/api/v1.30/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-30-api-changes)
+    17.05.x | [1.29](https://docs.docker.com/engine/api/v1.29/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-29-api-changes)
+    17.04.x | [1.28](https://docs.docker.com/engine/api/v1.28/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-28-api-changes)
+    17.03.1 | [1.27](https://docs.docker.com/engine/api/v1.27/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-27-api-changes)
+    1.13.1 & 17.03.0 | [1.26](https://docs.docker.com/engine/api/v1.26/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-26-api-changes)
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+                    IPC sharing mode for the container. Possible values are:
+
+                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
+                    - `"private"`: own private IPC namespace
+                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+                    - `"host"`: use the host system's IPC namespace
+
+                    If not specified, daemon default is used, which can either be `"private"`
+                    or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for both `tcp` and `udp`, two separate
+      entries are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    x-nullable: true
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+        example: false
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: "Invalid when specified with `ContainerSpec`. *(Experimental release only.)*"
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: "Invalid when specified with `PluginSpec`."
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: "Indicates if CPU Shares limiting is supported by the host."
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://user:pass@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://user:pass@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "docker-runc"
+        example:
+          runc:
+            path: "docker-runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`＝<string> local or swarm
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service` or `secret`
+            - `volume=<string>` volume name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created config."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.33.yaml b/docs/api/v1.33.yaml
new file mode 100644
index 0000000000000..09f551d205ec5
--- /dev/null
+++ b/docs/api/v1.33.yaml
@@ -0,0 +1,9939 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.33"
+info:
+  title: "Docker Engine API"
+  version: "1.33"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine 17.09, the API version is 1.32. To lock to this version, you prefix the URL with `/v1.32`. For example, calling `/info` is the same as calling `/v1.32/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.33 of the API. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    17.09.x | [1.31](https://docs.docker.com/engine/api/v1.32/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-32-api-changes)
+    17.07.x | [1.31](https://docs.docker.com/engine/api/v1.31/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-31-api-changes)
+    17.06.x | [1.30](https://docs.docker.com/engine/api/v1.30/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-30-api-changes)
+    17.05.x | [1.29](https://docs.docker.com/engine/api/v1.29/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-29-api-changes)
+    17.04.x | [1.28](https://docs.docker.com/engine/api/v1.28/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-28-api-changes)
+    17.03.1 | [1.27](https://docs.docker.com/engine/api/v1.27/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-27-api-changes)
+    1.13.1 & 17.03.0 | [1.26](https://docs.docker.com/engine/api/v1.26/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-26-api-changes)
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+                    IPC sharing mode for the container. Possible values are:
+
+                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
+                    - `"private"`: own private IPC namespace
+                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+                    - `"host"`: use the host system's IPC namespace
+
+                    If not specified, daemon default is used, which can either be `"private"`
+                    or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for both `tcp` and `udp`, two separate
+      entries are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    x-nullable: true
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+        example: false
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: "Invalid when specified with `ContainerSpec`. *(Experimental release only.)*"
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: "Invalid when specified with `PluginSpec`."
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: "Indicates if CPU Shares limiting is supported by the host."
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://user:pass@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://user:pass@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "docker-runc"
+        example:
+          runc:
+            path: "docker-runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`＝<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created config."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.34.yaml b/docs/api/v1.34.yaml
new file mode 100644
index 0000000000000..1c6602d214d22
--- /dev/null
+++ b/docs/api/v1.34.yaml
@@ -0,0 +1,9985 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.34"
+info:
+  title: "Docker Engine API"
+  version: "1.34"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine 17.10, the API version is 1.33. To lock to this version, you prefix the URL with `/v1.33`. For example, calling `/info` is the same as calling `/v1.33/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    If the API version specified in the URL is not supported by the daemon, a HTTP `400 Bad Request` error message is returned.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.34 of the API. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    17.10.x | [1.33](https://docs.docker.com/engine/api/v1.33/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-33-api-changes)
+    17.09.x | [1.32](https://docs.docker.com/engine/api/v1.32/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-32-api-changes)
+    17.07.x | [1.31](https://docs.docker.com/engine/api/v1.31/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-31-api-changes)
+    17.06.x | [1.30](https://docs.docker.com/engine/api/v1.30/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-30-api-changes)
+    17.05.x | [1.29](https://docs.docker.com/engine/api/v1.29/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-29-api-changes)
+    17.04.x | [1.28](https://docs.docker.com/engine/api/v1.28/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-28-api-changes)
+    17.03.1 | [1.27](https://docs.docker.com/engine/api/v1.27/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-27-api-changes)
+    1.13.1 & 17.03.0 | [1.26](https://docs.docker.com/engine/api/v1.26/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-26-api-changes)
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+                    IPC sharing mode for the container. Possible values are:
+
+                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
+                    - `"private"`: own private IPC namespace
+                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+                    - `"host"`: use the host system's IPC namespace
+
+                    If not specified, daemon default is used, which can either be `"private"`
+                    or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when the container starts.
+              The allocated port might be changed when restarting the container.
+
+              The port is selected from the ephemeral port range that depends on the kernel.
+              For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for both `tcp` and `udp`, two separate
+      entries are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    x-nullable: true
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+        example: false
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: "Invalid when specified with `ContainerSpec`. *(Experimental release only.)*"
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: "Invalid when specified with `PluginSpec`."
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: "Indicates if CPU Shares limiting is supported by the host."
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://user:pass@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://user:pass@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "docker-runc"
+        example:
+          runc:
+            path: "docker-runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`＝<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created config."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.35.yaml b/docs/api/v1.35.yaml
new file mode 100644
index 0000000000000..e4de8e6162d65
--- /dev/null
+++ b/docs/api/v1.35.yaml
@@ -0,0 +1,9997 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.35"
+info:
+  title: "Docker Engine API"
+  version: "1.35"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release, so API calls are versioned to
+    ensure that clients don't break. To lock to a specific version of the API,
+    you prefix the URL with its version, for example, call `/v1.30/info` to use
+    the v1.30 version of the `/info` endpoint. If the API version specified in
+    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
+    is returned.
+
+    If you omit the version-prefix, the current version of the API (v1.35) is used.
+    For example, calling `/info` is the same as calling `/v1.35/info`. Using the
+    API without a version-prefix is deprecated and will be removed in a future release.
+
+    Engine releases in the near future should support this version of the API,
+    so your client will continue to work even if it is talking to a newer Engine.
+
+    The API uses an open schema model, which means server may add extra properties
+    to responses. Likewise, the server will ignore any extra query parameters and
+    request body properties. When you write clients, you need to ignore additional
+    properties in responses to ensure they do not break when talking to newer
+    daemons.
+
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            type: "string"
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            $ref: "#/definitions/PortMap"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+                    IPC sharing mode for the container. Possible values are:
+
+                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
+                    - `"private"`: own private IPC namespace
+                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+                    - `"host"`: use the host system's IPC namespace
+
+                    If not specified, daemon default is used, which can either be `"private"`
+                    or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when the container starts.
+              The allocated port might be changed when restarting the container.
+
+              The port is selected from the ephemeral port range that depends on the kernel.
+              For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type: "array"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type: "array"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for both `tcp` and `udp`, two separate
+      entries are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    x-nullable: true
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+        example: false
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: "Invalid when specified with `ContainerSpec`. *(Experimental release only.)*"
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: "Invalid when specified with `PluginSpec`."
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the containers running the service. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: "Indicates if CPU Shares limiting is supported by the host."
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://user:pass@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://user:pass@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "docker-runc"
+        example:
+          runc:
+            path: "docker-runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "until"
+          in: "query"
+          description: "Only return logs before this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Platform:
+                type: "object"
+                required: [Name]
+                properties:
+                  Name:
+                    type: "string"
+              Components:
+                type: "array"
+                items:
+                  type: "object"
+                  x-go-name: ComponentVersion
+                  required: [Name, Version]
+                  properties:
+                    Name:
+                      type: "string"
+                    Version:
+                      type: "string"
+                      x-nullable: false
+                    Details:
+                      type: "object"
+                      x-nullable: true
+
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`=<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+              WorkingDir:
+                type: "string"
+                description: "The working directory for the exec process inside the container."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created config."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.36.yaml b/docs/api/v1.36.yaml
new file mode 100644
index 0000000000000..2ca85965f4b6b
--- /dev/null
+++ b/docs/api/v1.36.yaml
@@ -0,0 +1,10032 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.36"
+info:
+  title: "Docker Engine API"
+  version: "1.36"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release, so API calls are versioned to
+    ensure that clients don't break. To lock to a specific version of the API,
+    you prefix the URL with its version, for example, call `/v1.30/info` to use
+    the v1.30 version of the `/info` endpoint. If the API version specified in
+    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
+    is returned.
+
+    If you omit the version-prefix, the current version of the API (v1.36) is used.
+    For example, calling `/info` is the same as calling `/v1.36/info`. Using the
+    API without a version-prefix is deprecated and will be removed in a future release.
+
+    Engine releases in the near future should support this version of the API,
+    so your client will continue to work even if it is talking to a newer Engine.
+
+    The API uses an open schema model, which means server may add extra properties
+    to responses. Likewise, the server will ignore any extra query parameters and
+    request body properties. When you write clients, you need to ignore additional
+    properties in responses to ensure they do not break when talking to newer
+    daemons.
+
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            type: "string"
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            $ref: "#/definitions/PortMap"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+                    IPC sharing mode for the container. Possible values are:
+
+                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
+                    - `"private"`: own private IPC namespace
+                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+                    - `"host"`: use the host system's IPC namespace
+
+                    If not specified, daemon default is used, which can either be `"private"`
+                    or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when the container starts.
+              The allocated port might be changed when restarting the container.
+
+              The port is selected from the ephemeral port range that depends on the kernel.
+              For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type: "array"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type: "array"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for both `tcp` and `udp`, two separate
+      entries are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    x-nullable: true
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+      aux:
+        $ref: "#/definitions/ImageID"
+
+  ImageID:
+    type: "object"
+    description: "Image ID or Digest"
+    properties:
+      ID:
+        type: "string"
+    example:
+      ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      current:
+        type: "integer"
+      total:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+        example: false
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: "Invalid when specified with `ContainerSpec`. *(Experimental release only.)*"
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: "Invalid when specified with `PluginSpec`."
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the containers running the service. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: "Indicates if CPU Shares limiting is supported by the host."
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://user:pass@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://user:pass@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "docker-runc"
+        example:
+          runc:
+            path: "docker-runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            title: "ContainerCreateResponse"
+            description: "OK response to ContainerCreate operation"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerInspectResponse"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerTopResponse"
+            description: "OK response to ContainerTop operation"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "until"
+          in: "query"
+          description: "Only return logs before this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              title: "ContainerChangeResponseItem"
+              description: "change item in response to ContainerChanges operation"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            title: "ContainerUpdateResponse"
+            description: "OK response to ContainerUpdate operation"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            title: "ContainerWaitResponse"
+            description: "OK response to ContainerWait operation"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ContainerPruneResponse"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "BuildPruneResponse"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              title: "HistoryResponseItem"
+              description: "individual image layer information in response to ImageHistory operation"
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              title: "ImageSearchResponseItem"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ImagePruneResponse"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            title: "SystemAuthResponse"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemVersionResponse"
+            properties:
+              Platform:
+                type: "object"
+                required: [Name]
+                properties:
+                  Name:
+                    type: "string"
+              Components:
+                type: "array"
+                items:
+                  type: "object"
+                  x-go-name: ComponentVersion
+                  required: [Name, Version]
+                  properties:
+                    Name:
+                      type: "string"
+                    Version:
+                      type: "string"
+                      x-nullable: false
+                    Details:
+                      type: "object"
+                      x-nullable: true
+
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemEventsResponse"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`=<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemDataUsageResponse"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+              WorkingDir:
+                type: "string"
+                description: "The working directory for the exec process inside the container."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ExecInspectResponse"
+            properties:
+              CanRemove:
+                type: "boolean"
+              DetachKeys:
+                type: "string"
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            title: "VolumeListResponse"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "VolumePruneResponse"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkCreateResponse"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkPruneResponse"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              title: "PluginPrivilegeItem"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "UnlockKeyResponse"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ServiceCreateResponse"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            title: "DistributionInspectResponse"
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.37.yaml b/docs/api/v1.37.yaml
new file mode 100644
index 0000000000000..7e1e5bd523a83
--- /dev/null
+++ b/docs/api/v1.37.yaml
@@ -0,0 +1,10075 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.37"
+info:
+  title: "Docker Engine API"
+  version: "1.37"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release, so API calls are versioned to
+    ensure that clients don't break. To lock to a specific version of the API,
+    you prefix the URL with its version, for example, call `/v1.30/info` to use
+    the v1.30 version of the `/info` endpoint. If the API version specified in
+    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
+    is returned.
+
+    If you omit the version-prefix, the current version of the API (v1.37) is used.
+    For example, calling `/info` is the same as calling `/v1.37/info`. Using the
+    API without a version-prefix is deprecated and will be removed in a future release.
+
+    Engine releases in the near future should support this version of the API,
+    so your client will continue to work even if it is talking to a newer Engine.
+
+    The API uses an open schema model, which means server may add extra properties
+    to responses. Likewise, the server will ignore any extra query parameters and
+    request body properties. When you write clients, you need to ignore additional
+    properties in responses to ensure they do not break when talking to newer
+    daemons.
+
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp", "sctp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            type: "string"
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      Init:
+        description: "Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used."
+        type: "boolean"
+        x-nullable: true
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            $ref: "#/definitions/PortMap"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+                    IPC sharing mode for the container. Possible values are:
+
+                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
+                    - `"private"`: own private IPC namespace
+                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+                    - `"host"`: use the host system's IPC namespace
+
+                    If not specified, daemon default is used, which can either be `"private"`
+                    or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when the container starts.
+              The allocated port might be changed when restarting the container.
+
+              The port is selected from the ephemeral port range that depends on the kernel.
+              For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp|sctp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type: "array"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type: "array"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for multiple protocols, separate entries
+      are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    x-nullable: true
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+      aux:
+        $ref: "#/definitions/ImageID"
+
+  ImageID:
+    type: "object"
+    description: "Image ID or Digest"
+    properties:
+      ID:
+        type: "string"
+    example:
+      ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      current:
+        type: "integer"
+      total:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+        example: false
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: "Invalid when specified with `ContainerSpec`. *(Experimental release only.)*"
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: "Invalid when specified with `PluginSpec`."
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the containers running the service. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+      - "remove"
+      - "orphaned"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+          - "sctp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: "Indicates if CPU Shares limiting is supported by the host."
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://user:pass@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://user:pass@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "docker-runc"
+        example:
+          runc:
+            path: "docker-runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            title: "ContainerCreateResponse"
+            description: "OK response to ContainerCreate operation"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerInspectResponse"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerTopResponse"
+            description: "OK response to ContainerTop operation"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "until"
+          in: "query"
+          description: "Only return logs before this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              title: "ContainerChangeResponseItem"
+              description: "change item in response to ContainerChanges operation"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used
+        for calculating the CPU usage percentage. It is not the same as the
+        `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is not running"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            title: "ContainerUpdateResponse"
+            description: "OK response to ContainerUpdate operation"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            title: "ContainerWaitResponse"
+            description: "OK response to ContainerWait operation"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ContainerPruneResponse"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: >
+            JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
+            uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
+            instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
+            passing secret values.
+
+
+            For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
+            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+
+
+            [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
+          type: "string"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+        - name: "target"
+          in: "query"
+          description: "Target build stage"
+          type: "string"
+          default: ""
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "BuildPruneResponse"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              title: "HistoryResponseItem"
+              description: "individual image layer information in response to ImageHistory operation"
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              title: "ImageSearchResponseItem"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ImagePruneResponse"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            title: "SystemAuthResponse"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemVersionResponse"
+            properties:
+              Platform:
+                type: "object"
+                required: [Name]
+                properties:
+                  Name:
+                    type: "string"
+              Components:
+                type: "array"
+                items:
+                  type: "object"
+                  x-go-name: ComponentVersion
+                  required: [Name, Version]
+                  properties:
+                    Name:
+                      type: "string"
+                    Version:
+                      type: "string"
+                      x-nullable: false
+                    Details:
+                      type: "object"
+                      x-nullable: true
+
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemEventsResponse"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`=<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemDataUsageResponse"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+              WorkingDir:
+                type: "string"
+                description: "The working directory for the exec process inside the container."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ExecInspectResponse"
+            properties:
+              CanRemove:
+                type: "boolean"
+              DetachKeys:
+                type: "string"
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            title: "VolumeListResponse"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "VolumePruneResponse"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkCreateResponse"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkPruneResponse"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              title: "PluginPrivilegeItem"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "UnlockKeyResponse"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ServiceCreateResponse"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            title: "DistributionInspectResponse"
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.38.yaml b/docs/api/v1.38.yaml
new file mode 100644
index 0000000000000..f593e09c2b8ff
--- /dev/null
+++ b/docs/api/v1.38.yaml
@@ -0,0 +1,10136 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.38"
+info:
+  title: "Docker Engine API"
+  version: "1.38"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release, so API calls are versioned to
+    ensure that clients don't break. To lock to a specific version of the API,
+    you prefix the URL with its version, for example, call `/v1.30/info` to use
+    the v1.30 version of the `/info` endpoint. If the API version specified in
+    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
+    is returned.
+
+    If you omit the version-prefix, the current version of the API (v1.38) is used.
+    For example, calling `/info` is the same as calling `/v1.38/info`. Using the
+    API without a version-prefix is deprecated and will be removed in a future release.
+
+    Engine releases in the near future should support this version of the API,
+    so your client will continue to work even if it is talking to a newer Engine.
+
+    The API uses an open schema model, which means server may add extra properties
+    to responses. Likewise, the server will ignore any extra query parameters and
+    request body properties. When you write clients, you need to ignore additional
+    properties in responses to ensure they do not break when talking to newer
+    daemons.
+
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/network/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+        description: "Host IP address that the container's port is mapped to"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp", "sctp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            type: "string"
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      Init:
+        description: "Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used."
+        type: "boolean"
+        x-nullable: true
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            $ref: "#/definitions/PortMap"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+                    IPC sharing mode for the container. Possible values are:
+
+                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
+                    - `"private"`: own private IPC namespace
+                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+                    - `"host"`: use the host system's IPC namespace
+
+                    If not specified, daemon default is used, which can either be `"private"`
+                    or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when the container starts.
+              The allocated port might be changed when restarting the container.
+
+              The port is selected from the ephemeral port range that depends on the kernel.
+              For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          MaskedPaths:
+            type: "array"
+            description: "The list of paths to be masked inside the container (this overrides the default set of paths)"
+            items:
+              type: "string"
+          ReadonlyPaths:
+            type: "array"
+            description: "The list of paths to be set as read-only inside the container (this overrides the default set of paths)"
+            items:
+              type: "string"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp|sctp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type: "array"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type: "array"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for multiple protocols, separate entries
+      are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    x-nullable: true
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+      aux:
+        $ref: "#/definitions/ImageID"
+
+  ImageID:
+    type: "object"
+    description: "Image ID or Digest"
+    properties:
+      ID:
+        type: "string"
+    example:
+      ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      current:
+        type: "integer"
+      total:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+              ProtocolScheme:
+                type: "string"
+                example: "some.protocol/v1.0"
+                description: "Protocol to use for clients connecting to the plugin."
+                enum:
+                  - ""
+                  - "moby.plugins.http/v1"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+        example: false
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: |
+          Plugin spec for the service.  *(Experimental release only.)*
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: |
+          Container spec for the service.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the containers running the service. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          Init:
+            description: "Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used."
+            type: "boolean"
+            x-nullable: true
+      NetworkAttachmentSpec:
+        description: |
+          Read-only spec type for non-swarm containers attached to swarm overlay
+          networks.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        type: "object"
+        properties:
+          ContainerID:
+            description: "ID of the container represented by this task"
+            type: "string"
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+      - "remove"
+      - "orphaned"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+          - "sctp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: "Indicates if CPU Shares limiting is supported by the host."
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://user:pass@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://user:pass@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "docker-runc"
+        example:
+          runc:
+            path: "docker-runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            title: "ContainerCreateResponse"
+            description: "OK response to ContainerCreate operation"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerInspectResponse"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
+                    type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+                  Running:
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                description: "IDs of exec instances that are running in the container."
+                type: "array"
+                items:
+                  type: "string"
+                x-nullable: true
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              ExecIDs:
+                - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
+                - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerTopResponse"
+            description: "OK response to ContainerTop operation"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "until"
+          in: "query"
+          description: "Only return logs before this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              title: "ContainerChangeResponseItem"
+              description: "change item in response to ContainerChanges operation"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of the *previous* read, and is
+        used to calculate the CPU usage percentage. It is not an exact copy
+        of the `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is not running"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            title: "ContainerUpdateResponse"
+            description: "OK response to ContainerUpdate operation"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            title: "ContainerWaitResponse"
+            description: "OK response to ContainerWait operation"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ContainerPruneResponse"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: >
+            JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
+            uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
+            instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
+            passing secret values.
+
+
+            For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
+            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+
+
+            [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
+          type: "string"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+        - name: "target"
+          in: "query"
+          description: "Target build stage"
+          type: "string"
+          default: ""
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "BuildPruneResponse"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              title: "HistoryResponseItem"
+              description: "individual image layer information in response to ImageHistory operation"
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              title: "ImageSearchResponseItem"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ImagePruneResponse"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            title: "SystemAuthResponse"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemVersionResponse"
+            properties:
+              Platform:
+                type: "object"
+                required: [Name]
+                properties:
+                  Name:
+                    type: "string"
+              Components:
+                type: "array"
+                items:
+                  type: "object"
+                  x-go-name: ComponentVersion
+                  required: [Name, Version]
+                  properties:
+                    Name:
+                      type: "string"
+                    Version:
+                      type: "string"
+                      x-nullable: false
+                    Details:
+                      type: "object"
+                      x-nullable: true
+
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "17.04.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.7.5"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.27"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemEventsResponse"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`=<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemDataUsageResponse"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+              WorkingDir:
+                type: "string"
+                description: "The working directory for the exec process inside the container."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ExecInspectResponse"
+            properties:
+              CanRemove:
+                type: "boolean"
+              DetachKeys:
+                type: "string"
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            title: "VolumeListResponse"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "VolumePruneResponse"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkCreateResponse"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkPruneResponse"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              title: "PluginPrivilegeItem"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "UnlockKeyResponse"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ServiceCreateResponse"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            title: "DistributionInspectResponse"
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.39.yaml b/docs/api/v1.39.yaml
new file mode 100644
index 0000000000000..1cf462a7e6f2b
--- /dev/null
+++ b/docs/api/v1.39.yaml
@@ -0,0 +1,11072 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.39"
+info:
+  title: "Docker Engine API"
+  version: "1.39"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the
+    Docker client uses to communicate with the Engine, so everything the Docker
+    client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps`
+    is `GET /containers/json`). The notable exception is running containers,
+    which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure
+    of the API call. The body of the response will be JSON in the following
+    format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release, so API calls are versioned to
+    ensure that clients don't break. To lock to a specific version of the API,
+    you prefix the URL with its version, for example, call `/v1.30/info` to use
+    the v1.30 version of the `/info` endpoint. If the API version specified in
+    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
+    is returned.
+
+    If you omit the version-prefix, the current version of the API (v1.39) is used.
+    For example, calling `/info` is the same as calling `/v1.39/info`. Using the
+    API without a version-prefix is deprecated and will be removed in a future release.
+
+    Engine releases in the near future should support this version of the API,
+    so your client will continue to work even if it is talking to a newer Engine.
+
+    The API uses an open schema model, which means server may add extra properties
+    to responses. Likewise, the server will ignore any extra query parameters and
+    request body properties. When you write clients, you need to ignore additional
+    properties in responses to ensure they do not break when talking to newer
+    daemons.
+
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send
+    authentication details to various endpoints that need to communicate with
+    registries, such as `POST /images/(name)/push`. These are sent as
+    `X-Registry-Auth` header as a [base64url encoded](https://tools.ietf.org/html/rfc4648#section-5)
+    (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this
+    structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth),
+    you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to.
+      See the [networking documentation](https://docs.docker.com/network/)
+      for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. Refer to the
+      [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/)
+      for more information.
+
+      To exec a command in a container, you first need to create an exec instance,
+      then start it. These two API endpoints are wrapped up in a single command-line
+      command, `docker exec`.
+
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. Refer to the
+      [swarm mode documentation](https://docs.docker.com/engine/swarm/)
+      for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode
+      must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must
+      be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit
+      of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must
+      be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm
+      mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+        description: "Host IP address that the container's port is mapped to"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp", "sctp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            type: "string"
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to
+      restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is
+      added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: |
+          If `on-failure` is used, the number of times to retry before giving up.
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: |
+          An integer value representing this container's relative CPU weight
+          versus other containers.
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: |
+          Path to `cgroups` under which the container's `cgroup` is created. If
+          the path is not absolute, the path is considered to be relative to the
+          `cgroups` path of the init process. Cgroups are created if they do not
+          already exist.
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form:
+
+          ```
+          [{"Path": "device_path", "Weight": weight}]
+          ```
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: |
+          Microseconds of CPU time that the container can get in a CPU period.
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: |
+          The length of a CPU real-time period in microseconds. Set to 0 to
+          allocate no time allocated to real-time tasks.
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: |
+          The length of a CPU real-time runtime in microseconds. Set to 0 to
+          allocate no time allocated to real-time tasks.
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: |
+          CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: |
+          Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
+          effective on NUMA systems.
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        example: 209715200
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: |
+          Total memory limit (memory + swap). Set as `-1` to enable unlimited
+          swap.
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: |
+          Tune a container's memory swappiness behavior. Accepts an integer
+          between 0 and 100.
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      Init:
+        description: |
+          Run an init inside the container that forwards signals and reaps
+          processes. This field is omitted if empty, and the default (as
+          configured on the daemon) is used.
+        type: "boolean"
+        x-nullable: true
+      PidsLimit:
+        description: |
+          Tune a container's PIDs limit. Set `0` or `-1` for unlimited, or `null`
+          to not change.
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example:
+
+          ```
+          {"Name": "nofile", "Soft": 1024, "Hard": 2048}
+          ```
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are
+          mutually exclusive. The order of precedence is `CPUCount` first, then
+          `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are
+          mutually exclusive. The order of precedence is `CPUCount` first, then
+          `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: |
+          Maximum IO in bytes per second for the container system drive
+          (Windows only).
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: |
+      An object describing the resources which can be advertised by a node and
+      requested by a task.
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: |
+      User-defined resources can be either Integer resources (e.g, `SSD=3`) or
+      String resources (e.g, `GPU=UUID1`).
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: |
+          The time to wait between checks in nanoseconds. It should be 0 or at
+          least 1000000 (1 ms). 0 means inherit.
+        type: "integer"
+      Timeout:
+        description: |
+          The time to wait before considering the check to have hung. It should
+          be 0 or at least 1000000 (1 ms). 0 means inherit.
+        type: "integer"
+      Retries:
+        description: |
+          The number of consecutive failures needed to consider a container as
+          unhealthy. 0 means inherit.
+        type: "integer"
+      StartPeriod:
+        description: |
+          Start period for the container to initialize before starting
+          health-retries countdown in nanoseconds. It should be 0 or at least
+          1000000 (1 ms). 0 means inherit.
+        type: "integer"
+
+  Health:
+    description: |
+      Health stores information about the container's healthcheck results.
+    type: "object"
+    properties:
+      Status:
+        description: |
+          Status is one of `none`, `starting`, `healthy` or `unhealthy`
+
+          - "none"      Indicates there is no healthcheck
+          - "starting"  Starting indicates that the container is not yet ready
+          - "healthy"   Healthy indicates that the container is running correctly
+          - "unhealthy" Unhealthy indicates that the container has a problem
+        type: "string"
+        enum:
+          - "none"
+          - "starting"
+          - "healthy"
+          - "unhealthy"
+        example: "healthy"
+      FailingStreak:
+        description: "FailingStreak is the number of consecutive failures"
+        type: "integer"
+        example: 0
+      Log:
+        type: "array"
+        description: |
+          Log contains the last few results (oldest first)
+        items:
+          x-nullable: true
+          $ref: "#/definitions/HealthcheckResult"
+
+  HealthcheckResult:
+    description: |
+      HealthcheckResult stores information about a single run of a healthcheck probe
+    type: "object"
+    properties:
+      Start:
+        description: |
+          Date and time at which this check started in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "date-time"
+        example: "2020-01-04T10:44:24.496525531Z"
+      End:
+        description: |
+          Date and time at which this check ended in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2020-01-04T10:45:21.364524523Z"
+      ExitCode:
+        description: |
+          ExitCode meanings:
+
+          - `0` healthy
+          - `1` unhealthy
+          - `2` reserved (considered unhealthy)
+          - other values: error running probe
+        type: "integer"
+        example: 0
+      Output:
+        description: "Output from last check"
+        type: "string"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding
+              is a string in one of these forms:
+
+              - `host-src:container-dest[:options]` to bind-mount a host path
+                into the container. Both `host-src`, and `container-dest` must
+                be an _absolute_ path.
+              - `volume-name:container-dest[:options]` to bind-mount a volume
+                managed by a volume driver into the container. `container-dest`
+                must be an _absolute_ path.
+
+              `options` is an optional, comma-delimited list of:
+
+              - `nocopy` disables automatic copying of data from the container
+                path to the volume. The `nocopy` flag only applies to named volumes.
+              - `[ro|rw]` mounts a volume read-only or read-write, respectively.
+                If omitted or set to `rw`, volumes are mounted read-write.
+              - `[z|Z]` applies SELinux labels to allow or deny multiple containers
+                to read and write to the same volume.
+                  - `z`: a _shared_ content label is applied to the content. This
+                    label indicates that multiple containers can share the volume
+                    content, for both reading and writing.
+                  - `Z`: a _private unshared_ label is applied to the content.
+                    This label indicates that only the current container can use
+                    a private volume. Labeling systems such as SELinux require
+                    proper labels to be placed on volume content that is mounted
+                    into a container. Without a label, the security system can
+                    prevent a container's processes from using the content. By
+                    default, the labels set by the host operating system are not
+                    modified.
+              - `[[r]shared|[r]slave|[r]private]` specifies mount
+                [propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
+                This only applies to bind-mounted volumes, not internal volumes
+                or named volumes. Mount propagation requires the source mount
+                point (the location where the source directory is mounted in the
+                host operating system) to have the correct propagation properties.
+                For shared volumes, the source mount point must be set to `shared`.
+                For slave volumes, the mount must be set to either `shared` or
+                `slave`.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: |
+              Network mode to use for this container. Supported standard values
+              are: `bridge`, `host`, `none`, and `container:<name|id>`. Any
+              other value is taken as a custom network's name to which this
+              container should connect to.
+          PortBindings:
+            $ref: "#/definitions/PortMap"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: |
+              Automatically remove the container when the container's process
+              exits. This has no effect if `RestartPolicy` is set.
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: |
+              A list of volumes to inherit from another container, specified in
+              the form `<container name>[:<ro|rw>]`.
+            items:
+              type: "string"
+          Mounts:
+            description: |
+              Specification for mounts to be added to the container.
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: |
+              A list of kernel capabilities to add to the container. Conflicts
+              with option 'Capabilities'.
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: |
+              A list of kernel capabilities to drop from the container. Conflicts
+              with option 'Capabilities'.
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts`
+              file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: |
+              A list of additional groups that the container process will run as.
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+              IPC sharing mode for the container. Possible values are:
+
+              - `"none"`: own private IPC namespace, with /dev/shm not mounted
+              - `"private"`: own private IPC namespace
+              - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+              - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+              - `"host"`: use the host system's IPC namespace
+
+              If not specified, daemon default is used, which can either be `"private"`
+              or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: |
+              A list of links for the container in the form `container_name:alias`.
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: |
+              An integer value containing the score given to the container in
+              order to tune OOM killer preferences.
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be
+              either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when
+              the container starts. The allocated port might be changed when
+              restarting the container.
+
+              The port is selected from the ephemeral port range that depends on
+              the kernel. For example, on Linux the range is defined by
+              `/proc/sys/net/ipv4/ip_local_port_range`.
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs
+              mounts, and their corresponding mount options. For example:
+
+              ```
+              { "/run": "rw,noexec,nosuid,size=65536k" }
+              ```
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: |
+              Sets the usernamespace mode for the container when usernamespace
+              remapping option is enabled.
+          ShmSize:
+            type: "integer"
+            description: |
+              Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container.
+              For example:
+
+              ```
+              {"net.ipv4.ip_forward": "1"}
+              ```
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: |
+              Initial console size, as an `[height, width]` array. (Windows only)
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: |
+              Isolation technology of the container. (Windows only)
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          MaskedPaths:
+            type: "array"
+            description: |
+              The list of paths to be masked inside the container (this overrides
+              the default set of paths).
+            items:
+              type: "string"
+          ReadonlyPaths:
+            type: "array"
+            description: |
+              The list of paths to be set as read-only inside the container
+              (this overrides the default set of paths).
+            items:
+              type: "string"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp|sctp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: |
+          Attach standard streams to a TTY, including `stdin` if it is not closed.
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the
+          form `["VAR=value", ...]`. A variable without `=` is removed from the
+          environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: |
+          Command to run specified as a string or an array of strings.
+        type: "array"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: |
+          The name of the image to use when creating the container/
+        type: "string"
+      Volumes:
+        description: |
+          An object mapping mount point paths inside the container to empty
+          objects.
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the
+          entry point is reset to system default (i.e., the entry point used by
+          docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type: "array"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: |
+          `ONBUILD` metadata that were defined in the image's `Dockerfile`.
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: |
+          Signal to stop a container as a string or unsigned integer.
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: |
+          Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkingConfig:
+    description: |
+      NetworkingConfig represents the container's networking configuration for
+      each of its interfaces.
+      It is used for the networking configs specified in the `docker create`
+      and `docker network connect` commands.
+    type: "object"
+    properties:
+      EndpointsConfig:
+        description: |
+          A mapping of network name to endpoint configuration for that network.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+    example:
+      # putting an example here, instead of using the example values from
+      # /definitions/EndpointSettings, because containers/create currently
+      # does not support attaching to multiple networks, so the example request
+      # would be confusing if it showed that multiple networks can be contained
+      # in the EndpointsConfig.
+      # TODO remove once we support multiple networks on container create (see https://github.com/moby/moby/blob/07e6b843594e061f82baa5fa23c2ff7d536c2a05/daemon/create.go#L323)
+      EndpointsConfig:
+        isolated_nw:
+          IPAMConfig:
+            IPv4Address: "172.20.30.33"
+            IPv6Address: "2001:db8:abcd::3033"
+            LinkLocalIPs:
+              - "169.254.34.68"
+              - "fe80::3468"
+          Links:
+            - "container_1"
+            - "container_2"
+          Aliases:
+            - "server_x"
+            - "server_y"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for multiple protocols, separate entries
+      are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      x-nullable: true
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: |
+          The level at which the volume exists. Either `global` for cluster-wide,
+          or `local` for machine level.
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: |
+          The driver specific options used when creating the volume.
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: |
+          List of IPAM configuration options, specified as a map:
+
+          ```
+          {"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}
+          ```
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+      aux:
+        $ref: "#/definitions/ImageID"
+
+  BuildCache:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Parent:
+        type: "string"
+      Type:
+        type: "string"
+      Description:
+        type: "string"
+      InUse:
+        type: "boolean"
+      Shared:
+        type: "boolean"
+      Size:
+        description: |
+          Amount of disk space used by the build cache (in bytes).
+        type: "integer"
+      CreatedAt:
+        description: |
+          Date and time at which the build cache was created in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      LastUsedAt:
+        description: |
+          Date and time at which the build cache was last used in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        x-nullable: true
+        example: "2017-08-09T07:09:37.632105588Z"
+      UsageCount:
+        type: "integer"
+
+  ImageID:
+    type: "object"
+    description: "Image ID or Digest"
+    properties:
+      ID:
+        type: "string"
+    example:
+      ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      current:
+        type: "integer"
+      total:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description:
+          True if the plugin is running. False if the plugin is not running,
+          only installed.
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+              ProtocolScheme:
+                type: "string"
+                example: "some.protocol/v1.0"
+                description: "Protocol to use for clients connecting to the plugin."
+                enum:
+                  - ""
+                  - "moby.plugins.http/v1"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed
+      to avoid conflicting writes. The client must send the version number along
+      with the modified specification when updating these objects.
+
+      This approach ensures safe concurrency and determinism in that the change
+      on the object may not be applied if the version number has changed from the
+      last read. In other words, if two update requests specify the same base
+      version, only one of the requests can succeed. As a result, two separate
+      update requests that happen at the same time will not unintentionally
+      overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: |
+      Information about the issuer of leaf TLS certificates and the trusted root
+      CA certificate.
+    type: "object"
+    properties:
+      TrustRoot:
+        description: |
+          The root CA certificate(s) that are used to validate leaf TLS
+          certificates.
+        type: "string"
+      CertIssuerSubject:
+        description:
+          The base64-url-safe-encoded raw subject bytes of the issuer.
+        type: "string"
+      CertIssuerPublicKey:
+        description: |
+          The base64-url-safe-encoded raw public key bytes of the issuer.
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: |
+              The number of historic tasks to keep per instance or node. If
+              negative, never remove completed or failed tasks.
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: |
+              The number of snapshots to keep beyond the current snapshot.
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: |
+              The number of log entries to keep around to sync up slow followers
+              after a snapshot is created.
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from
+              the leader before becoming a candidate and starting an election.
+              `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate
+              directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks,
+              the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate
+              directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: |
+              The delay for an agent to send a heartbeat to the dispatcher.
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: |
+              Configuration for forwarding signing requests to an external
+              certificate authority.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: |
+                    Protocol for communication with the external CA (currently
+                    only `cfssl` is supported).
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: |
+                    URL where certificate signing requests should be sent.
+                  type: "string"
+                Options:
+                  description: |
+                    An object with key/value pairs that are interpreted as
+                    protocol-specific options for the external CA driver.
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: |
+                    The root CA certificate (in PEM format) this external CA uses
+                    to issue TLS certificates (assumed to be to the current swarm
+                    root CA certificate if not provided).
+                  type: "string"
+          SigningCACert:
+            description: |
+              The desired signing CA certificate for all swarm node TLS leaf
+              certificates, in PEM format.
+            type: "string"
+          SigningCAKey:
+            description: |
+              The desired signing CA key for all swarm node TLS leaf certificates,
+              in PEM format.
+            type: "string"
+          ForceRotate:
+            description: |
+              An integer whose purpose is to force swarm to generate a new
+              signing CA certificate and key, if none have been specified in
+              `SigningCACert` and `SigningCAKey`
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: |
+              If set, generate a key and use it to lock data stored on the
+              managers.
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: |
+          Whether there is currently a root CA rotation in progress for the swarm
+        type: "boolean"
+        example: false
+      DefaultAddrPool:
+        description: |
+          Default Address Pool specifies default subnet pools for global scope
+          networks.
+        type: "array"
+        items:
+          type: "string"
+          format: "CIDR"
+          example: ["10.10.0.0/16", "20.20.0.0/16"]
+      SubnetSize:
+        description: |
+          SubnetSize specifies the subnet size of the networks created from the
+          default subnet pool.
+        type: "integer"
+        format: "uint32"
+        maximum: 29
+        default: 24
+        example: 24
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: |
+          Plugin spec for the service.  *(Experimental release only.)*
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: |
+          Container spec for the service.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: |
+              The hostname to use for the container, as a valid
+              [RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
+            type: "string"
+          Env:
+            description: |
+              A list of environment variables in the form `VAR=value`.
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: |
+              A list of additional groups that the container process will run as.
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    example: "spec.json"
+                    description: |
+                      Load credential spec from this file. The file is read by
+                      the daemon, and must be present in the `CredentialSpecs`
+                      subdirectory in the docker data directory, which defaults
+                      to `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads
+                      `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry`
+                      > are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows
+                      registry. The specified registry value must be located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry`
+                      > are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: |
+              Specification for mounts to be added to containers created as part
+              of the service.
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: |
+              Amount of time to wait for the container to terminate before
+              forcefully killing it.
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: |
+              Specification for DNS related configurations in resolver configuration
+              file (`resolv.conf`).
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: |
+                  A list of internal resolver variables to be modified (e.g.,
+                  `debug`, `ndots:3`, etc.).
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: |
+              Secrets contains references to zero or more secrets that will be
+              exposed to the service.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: |
+                    File represents a specific target that is backed by a file.
+                  type: "object"
+                  properties:
+                    Name:
+                      description: |
+                        Name represents the final filename in the filesystem.
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: |
+                    SecretID represents the ID of the specific secret that we're
+                    referencing.
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references,
+                    but this is just provided for lookup/display purposes. The
+                    secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: |
+              Configs contains references to zero or more configs that will be
+              exposed to the service.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: |
+                    File represents a specific target that is backed by a file.
+                  type: "object"
+                  properties:
+                    Name:
+                      description: |
+                        Name represents the final filename in the filesystem.
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: |
+                    ConfigID represents the ID of the specific config that we're
+                    referencing.
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references,
+                    but this is just provided for lookup/display purposes. The
+                    config in the reference will be identified by its ID.
+                  type: "string"
+          Isolation:
+            type: "string"
+            description: |
+              Isolation technology of the containers running the service.
+              (Windows only)
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          Init:
+            description: |
+              Run an init inside the container that forwards signals and reaps
+              processes. This field is omitted if empty, and the default (as
+              configured on the daemon) is used.
+            type: "boolean"
+            x-nullable: true
+      NetworkAttachmentSpec:
+        description: |
+          Read-only spec type for non-swarm containers attached to swarm overlay
+          networks.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        type: "object"
+        properties:
+          ContainerID:
+            description: "ID of the container represented by this task"
+            type: "string"
+      Resources:
+        description: |
+          Resource requirements which apply to each individual container created
+          as part of the service.
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: |
+          Specification for the restart policy which applies to containers
+          created as part of this service.
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: |
+              Maximum attempts to restart a given container before giving up
+              (default value is 0, which is ignored).
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: |
+              Windows is the time window used to evaluate the restart policy
+              (default value is 0, which is unbounded).
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: |
+              An array of constraint expressions to limit the set of nodes where
+              a task can be scheduled. Constraint expressions can either use a
+              _match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
+              nodes that satisfy every expression (AND match). Constraints can
+              match node or Docker Engine labels as follows:
+
+              node attribute       | matches                        | example
+              ---------------------|--------------------------------|-----------------------------------------------
+              `node.id`            | Node ID                        | `node.id==2ivku8v2gvtg4`
+              `node.hostname`      | Node hostname                  | `node.hostname!=node-2`
+              `node.role`          | Node role (`manager`/`worker`) | `node.role==manager`
+              `node.labels`        | User-defined node labels       | `node.labels.security==high`
+              `engine.labels`      | Docker Engine's labels         | `engine.labels.operatingsystem==ubuntu-14.04`
+
+              `engine.labels` apply to Docker Engine labels like operating system,
+              drivers, etc. Swarm administrators add `node.labels` for operational
+              purposes by using the [`node update endpoint`](#operation/NodeUpdate).
+
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: |
+              Preferences provide a way to make the scheduler aware of factors
+              such as topology. They are provided in order from highest to
+              lowest precedence.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: |
+                        label descriptor, such as `engine.labels.az`.
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: |
+          A counter that triggers an update even if no relevant parameters have
+          been changed.
+        type: "integer"
+      Runtime:
+        description: |
+          Runtime is the type of runtime specified for the task executor.
+        type: "string"
+      Networks:
+        description: "Specifies which networks the service should attach to."
+        type: "array"
+        items:
+          $ref: "#/definitions/NetworkAttachmentConfig"
+      LogDriver:
+        description: |
+          Specifies the log driver to use for tasks created from this spec. If
+          not present, the default one for the swarm will be used, finally
+          falling back to the engine default if not specified.
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+      - "remove"
+      - "orphaned"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: |
+              Maximum number of tasks to be updated in one iteration (0 means
+              unlimited parallelism).
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: |
+              Action to take if an updated task fails to run, or stops running
+              during the update.
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: |
+              Amount of time to monitor each updated task for failures, in
+              nanoseconds.
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: |
+              The fraction of tasks that may fail during an update before the
+              failure action is invoked, specified as a floating point number
+              between 0 and 1.
+            type: "number"
+            default: 0
+          Order:
+            description: |
+              The order of operations when rolling out an updated task. Either
+              the old task is shut down before the new task is started, or the
+              new task is started before the old task is shut down.
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: |
+              Maximum number of tasks to be rolled back in one iteration (0 means
+              unlimited parallelism).
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: |
+              Amount of time between rollback iterations, in nanoseconds.
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: |
+              Action to take if an rolled back task fails to run, or stops
+              running during the rollback.
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: |
+              Amount of time to monitor each rolled back task for failures, in
+              nanoseconds.
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: |
+              The fraction of tasks that may fail during a rollback before the
+              failure action is invoked, specified as a floating point number
+              between 0 and 1.
+            type: "number"
+            default: 0
+          Order:
+            description: |
+              The order of operations when rolling back a task. Either the old
+              task is shut down before the new task is started, or the new task
+              is started before the old task is shut down.
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Specifies which networks the service should attach to."
+        type: "array"
+        items:
+          $ref: "#/definitions/NetworkAttachmentConfig"
+
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+          - "sctp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: |
+          The mode of resolution to use for internal load balancing between tasks.
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: |
+          List of exposed ports that this service is accessible on from the
+          outside. Ports can only be provided if `vip` resolution mode is used.
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: |
+          Name of the secrets driver used to fetch the secret's value from an
+          external secret store.
+        $ref: "#/definitions/Driver"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
+          config data.
+        type: "string"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  ContainerState:
+    description: |
+      ContainerState stores container's running state. It's part of ContainerJSONBase
+      and will be returned by the "inspect" command.
+    type: "object"
+    properties:
+      Status:
+        description: |
+          String representation of the container state. Can be one of "created",
+          "running", "paused", "restarting", "removing", "exited", or "dead".
+        type: "string"
+        enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+        example: "running"
+      Running:
+        description: |
+          Whether this container is running.
+
+          Note that a running container can be _paused_. The `Running` and `Paused`
+          booleans are not mutually exclusive:
+
+          When pausing a container (on Linux), the freezer cgroup is used to suspend
+          all processes in the container. Freezing the process requires the process to
+          be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+          Use the `Status` field instead to determine if a container's state is "running".
+        type: "boolean"
+        example: true
+      Paused:
+        description: "Whether this container is paused."
+        type: "boolean"
+        example: false
+      Restarting:
+        description: "Whether this container is restarting."
+        type: "boolean"
+        example: false
+      OOMKilled:
+        description: |
+          Whether this container has been killed because it ran out of memory.
+        type: "boolean"
+        example: false
+      Dead:
+        type: "boolean"
+        example: false
+      Pid:
+        description: "The process ID of this container"
+        type: "integer"
+        example: 1234
+      ExitCode:
+        description: "The last exit code of this container"
+        type: "integer"
+        example: 0
+      Error:
+        type: "string"
+      StartedAt:
+        description: "The time when this container was last started."
+        type: "string"
+        example: "2020-01-06T09:06:59.461876391Z"
+      FinishedAt:
+        description: "The time when this container last exited."
+        type: "string"
+        example: "2020-01-06T09:07:59.461876391Z"
+      Health:
+        x-nullable: true
+        $ref: "#/definitions/Health"
+
+  SystemVersion:
+    type: "object"
+    description: |
+      Response of Engine API: GET "/version"
+    properties:
+      Platform:
+        type: "object"
+        required: [Name]
+        properties:
+          Name:
+            type: "string"
+      Components:
+        type: "array"
+        description: |
+          Information about system components
+        items:
+          type: "object"
+          x-go-name: ComponentVersion
+          required: [Name, Version]
+          properties:
+            Name:
+              description: |
+                Name of the component
+              type: "string"
+              example: "Engine"
+            Version:
+              description: |
+                Version of the component
+              type: "string"
+              x-nullable: false
+              example: "19.03.12"
+            Details:
+              description: |
+                Key/value pairs of strings with additional information about the
+                component. These values are intended for informational purposes
+                only, and their content is not defined, and not part of the API
+                specification.
+
+                These messages can be printed by the client as information to the user.
+              type: "object"
+              x-nullable: true
+      Version:
+        description: "The version of the daemon"
+        type: "string"
+        example: "19.03.12"
+      ApiVersion:
+        description: |
+          The default (and highest) API version that is supported by the daemon
+        type: "string"
+        example: "1.40"
+      MinAPIVersion:
+        description: |
+          The minimum API version that is supported by the daemon
+        type: "string"
+        example: "1.12"
+      GitCommit:
+        description: |
+          The Git commit of the source code that was used to build the daemon
+        type: "string"
+        example: "48a66213fe"
+      GoVersion:
+        description: |
+          The version Go used to compile the daemon, and the version of the Go
+          runtime in use.
+        type: "string"
+        example: "go1.13.14"
+      Os:
+        description: |
+          The operating system that the daemon is running on ("linux" or "windows")
+        type: "string"
+        example: "linux"
+      Arch:
+        description: |
+          The architecture that the daemon is running on
+        type: "string"
+        example: "amd64"
+      KernelVersion:
+        description: |
+          The kernel version (`uname -r`) that the daemon is running on.
+
+          This field is omitted when empty.
+        type: "string"
+        example: "4.19.76-linuxkit"
+      Experimental:
+        description: |
+          Indicates if the daemon is started with experimental features enabled.
+
+          This field is omitted when empty / false.
+        type: "boolean"
+        example: true
+      BuildTime:
+        description: |
+          The date and time that the daemon was compiled.
+        type: "string"
+        example: "2020-06-22T15:49:27.000000000+00:00"
+
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: |
+          Indicates if CPU CFS(Completely Fair Scheduler) period is supported by
+          the host.
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: |
+          Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by
+          the host.
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: |
+          Indicates if CPU Shares limiting is supported by the host.
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: |
+          Indicates if the daemon is running in debug-mode / with debug-level
+          logging enabled.
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+          Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+          are masked in the API response.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://xxxxx:xxxxx@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+          Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+          are masked in the API response.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://xxxxx:xxxxx@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "runc"
+        example:
+          runc:
+            path: "runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+      ProductLicense:
+        description: |
+          Reports a summary of the product license on the daemon.
+
+          If a commercial license has been applied to the daemon, information
+          such as number of nodes, and expiration are included.
+        type: "string"
+        example: "Community Engine"
+      Warnings:
+        description: |
+          List of warnings / informational messages about missing features, or
+          issues related to the daemon configuration.
+
+          These messages can be printed by the client as information to the user.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "WARNING: No memory limit support"
+          - "WARNING: bridge-nf-call-iptables is disabled"
+          - "WARNING: bridge-nf-call-ip6tables is disabled"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+  NetworkAttachmentConfig:
+    description: |
+      Specifies how a service should be attached to a particular network.
+    type: "object"
+    properties:
+      Target:
+        description: |
+          The target network for attachment. Must be a network name or ID.
+        type: "string"
+      Aliases:
+        description: |
+          Discoverable alternate names for the service on this network.
+        type: "array"
+        items:
+          type: "string"
+      DriverOpts:
+        description: |
+          Driver attachment options for the network target.
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see the
+        [inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container
+        than inspecting a single container. For example, the list of linked
+        containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: |
+            Return all containers. By default, only running containers are shown.
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: |
+            Return this number of most recently created containers, including
+            non-running ones.
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: |
+            Return the size of container as fields `SizeRw` and `SizeRootFs`.
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a
+            `map[string][]string`). For example, `{"status": ["paused"]}` will
+            only return paused containers.
+
+            Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: |
+            Assign the specified name to the container. Must match
+            `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
+          type: "string"
+          pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    $ref: "#/definitions/NetworkingConfig"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            title: "ContainerCreateResponse"
+            description: "OK response to ContainerCreate operation"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerInspectResponse"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                x-nullable: true
+                $ref: "#/definitions/ContainerState"
+              Image:
+                description: "The container's image ID"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                description: "IDs of exec instances that are running in the container."
+                type: "array"
+                items:
+                  type: "string"
+                x-nullable: true
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: |
+                  The size of files that have been created or changed by this
+                  container.
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Healthcheck:
+                  Test: ["CMD-SHELL", "exit 0"]
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              ExecIDs:
+                - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
+                - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                Health:
+                  Status: "healthy"
+                  FailingStreak: 0
+                  Log:
+                    - Start: "2019-12-22T10:59:05.6385933Z"
+                      End: "2019-12-22T10:59:05.8078452Z"
+                      ExitCode: 0
+                      Output: ""
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: |
+        On Unix systems, this is done by running the `ps` command. This endpoint
+        is not supported on Windows.
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerTopResponse"
+            description: "OK response to ContainerTop operation"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: |
+                  Each process running in the container, where each is process
+                  is an array of values corresponding to the titles.
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or
+        `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "until"
+          in: "query"
+          description: "Only return logs before this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              title: "ContainerChangeResponseItem"
+              description: "change item in response to ContainerChanges operation"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of the *previous* read, and is
+        used to calculate the CPU usage percentage. It is not an exact copy
+        of the `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+
+        To calculate the values shown by the `stats` command of the docker cli tool
+        the following formulas can be used:
+        * used_memory = `memory_stats.usage - memory_stats.stats.cache`
+        * available_memory = `memory_stats.limit`
+        * Memory usage % = `(used_memory / available_memory) * 100.0`
+        * cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
+        * system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
+        * number_cpus = `lenght(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
+        * CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: |
+            Stream the output. If false, the stats will be output once and then
+            it will disconnect.
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container. Format is a
+            single character `[a-Z]` or `ctrl-<value>` where `<value>` is one
+            of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: |
+        Send a POSIX signal to a container, defaulting to killing to the
+        container.
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is not running"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: |
+        Change various configuration options of a container without having to
+        recreate it.
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            title: "ContainerUpdateResponse"
+            description: "OK response to ContainerUpdate operation"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the freezer cgroup to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used,
+        which is observable by the process being suspended. With the freezer
+        cgroup the process is unaware, and unable to capture, that it is being
+        suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach
+        to the same container multiple times and you can reattach to containers
+        that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint
+        to do anything.
+
+        See the [documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/)
+        for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`,
+        and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used
+        for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client
+        can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will
+        similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate),
+        the stream over the hijacked connected is multiplexed to separate out
+        `stdout` and `stderr`. The stream consists of a series of frames, each
+        containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or
+        `stderr`). It also contains the size of the associated frame encoded in
+        the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size
+        encoded as big endian.
+
+        Following the header is the payload, which is the specified number of
+        bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate),
+        the stream is not multiplexed. The data exchanged over the hijacked
+        connection is simply the raw data from the process PTY and client's
+        `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container.Format is a single
+            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
+            `@`, `^`, `[`, `,` or `_`.
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you
+            want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been
+            returned, it will seamlessly transition into streaming current
+            output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: |
+            Stream attached streams from the time the request was made onwards.
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container.Format is a single
+            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
+            `@`, `^`, `[`, `,`, or `_`.
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            title: "ContainerWaitResponse"
+            description: "OK response to ContainerWait operation"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: |
+            Wait until a container state reaches the given condition, either
+            'not-running' (default), 'next-exit', or 'removed'.
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: |
+                You cannot remove a running container: c2ada9df5af8. Stop the
+                container before attempting removal or force remove
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: |
+        A response header `X-Docker-Container-Path-Stat` is returned, containing
+        a base64 - encoded JSON object with some filesystem header information
+        about the path.
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: |
+                A base64 - encoded JSON object with some filesystem header
+                information about the path
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: |
+                      The error message. Either "must specify path parameter"
+                      (path cannot be empty) or "not a directory" (path was
+                      asserted to be a directory but exists as a file).
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: |
+                      The error message. Either "must specify path parameter"
+                      (path cannot be empty) or "not a directory" (path was
+                      asserted to be a directory but exists as a file).
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: |
+            If `1`, `true`, or `True` then it will be an error if unpacking the
+            given content would cause an existing directory to be replaced with
+            a non-directory and vice versa.
+          type: "string"
+        - name: "copyUIDGID"
+          in: "query"
+          description: |
+            If `1`, `true`, then it will copy UID/GID maps to the dest file or
+            dir
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: |
+            The input stream must be a tar archive compressed with one of the
+            following algorithms: `identity` (no compression), `gzip`, `bzip2`,
+            or `xz`.
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ContainerPruneResponse"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the images list.
+
+            Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: >
+            JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
+            uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
+            instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
+            passing secret values.
+
+
+            For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
+            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+
+
+            [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
+          type: "string"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: |
+            Sets the networking mode for the run commands during build. Supported
+            standard values are: `bridge`, `host`, `none`, and `container:<name|id>`.
+            Any other value is taken as a custom network's name or ID to which this
+            container should connect to.
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+        - name: "target"
+          in: "query"
+          description: "Target build stage"
+          type: "string"
+          default: ""
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      parameters:
+        - name: "keep-storage"
+          in: "query"
+          description: "Amount of disk space in bytes to keep for cache"
+          type: "integer"
+          format: "int64"
+        - name: "all"
+          in: "query"
+          type: "boolean"
+          description: "Remove all types of build cache"
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the list of build cache objects.
+
+            Available filters:
+
+            - `until=<duration>`: duration relative to daemon's time, during which build cache was not used, in Go's duration format (e.g., '24h')
+            - `id=<id>`
+            - `parent=<id>`
+            - `type=<string>`
+            - `description=<string>`
+            - `inuse`
+            - `shared`
+            - `private`
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "BuildPruneResponse"
+            properties:
+              CachesDeleted:
+                type: "array"
+                items:
+                  description: "ID of build cache object"
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "message"
+          in: "query"
+          description: "Set commit message for imported image."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              title: "HistoryResponseItem"
+              description: "individual image layer information in response to ImageHistory operation"
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must
+        already have a tag which references the registry. For example,
+        `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              title: "ImageSearchResponseItem"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ImagePruneResponse"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: |
+        Validate credentials for a registry and, if available, get an identity
+        token for accessing the registry without password.
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            title: "SystemAuthResponse"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/SystemVersion"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Builder-Version:
+              type: "string"
+              description: "Default version of docker image builder"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemEventsResponse"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`=<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemDataUsageResponse"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+              BuildCache:
+                type: "array"
+                items:
+                  $ref: "#/definitions/BuildCache"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image
+        repositories.
+
+        For each value of the `names` parameter: if it is a specific name and
+        tag (e.g. `ubuntu:latest`), then only that image (and its parents) are
+        returned; if it is an image ID, similarly only that image (and its parents)
+        are returned and there would be no names referenced in the 'repositories'
+        file for this image ID.
+
+        For details on the format, see the [export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see the [export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: |
+                  Override the key sequence for detaching a container. Format is
+                  a single character `[a-Z]` or `ctrl-<value>` where `<value>`
+                  is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: |
+                  A list of environment variables in the form `["VAR=value", ...]`.
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: |
+                  The user, and optionally, group to run the exec process inside
+                  the container. Format is one of: `user`, `user:group`, `uid`,
+                  or `uid:gid`.
+              WorkingDir:
+                type: "string"
+                description: |
+                  The working directory for the exec process inside the container.
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: |
+        Starts a previously set up exec instance. If detach is true, this endpoint
+        returns immediately after starting the command. Otherwise, it sets up an
+        interactive session with the command.
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: |
+        Resize the TTY session used by an exec instance. This endpoint only works
+        if `tty` was specified as part of creating and starting the exec instance.
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ExecInspectResponse"
+            properties:
+              CanRemove:
+                type: "boolean"
+              DetachKeys:
+                type: "string"
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            title: "VolumeListResponse"
+            description: "Volume list response"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: |
+                  Warnings that occurred when fetching the list of volumes.
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            description: "Volume configuration"
+            title: "VolumeConfig"
+            properties:
+              Name:
+                description: |
+                  The new volume's name. If not specified, Docker generates a name.
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: |
+                  A mapping of driver options and values. These options are
+                  passed directly to the driver and are driver specific.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "VolumePruneResponse"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see the
+        [network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than
+        inspecting a single network. For example, the list of containers attached
+        to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process
+            on the networks list.
+
+            Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkCreateResponse"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: |
+                  Check for networks with duplicate names. Since Network is
+                  primarily keyed based on a random ID and not on the name, and
+                  network name is strictly a user-friendly alias to the network
+                  which is uniquely identified using ID, there is no guaranteed
+                  way to check for duplicates. CheckDuplicate is there to provide
+                  a best effort checking of any networks which has the same name
+                  but it is not guaranteed to catch all name collisions.
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: |
+                  Globally scoped network is manually attachable by regular
+                  containers from workers in swarm mode.
+                type: "boolean"
+              Ingress:
+                description: |
+                  Ingress network is the network which provides the routing-mesh
+                  in swarm mode.
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: |
+                  The ID or name of the container to disconnect from the network.
+              Force:
+                type: "boolean"
+                description: |
+                  Force the container to disconnect from the network.
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkPruneResponse"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the plugin list.
+
+            Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission the user has to accept upon installing
+                the plugin.
+              type: "object"
+              title: "PluginPrivilegeItem"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be
+        enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration to use when pulling a plugin
+            from a registry.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: |
+            Disable the plugin before removing. This may result in issues if the
+            plugin is in use by a container.
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration to use when pulling a plugin
+            from a registry.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the node object being updated. This is required
+            to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: |
+                  Listen address used for inter-manager communication, as well
+                  as determining the networking interface used for the VXLAN
+                  Tunnel Endpoint (VTEP). This can either be an address/port
+                  combination in the form `192.168.1.1:4567`, or an interface
+                  followed by a port number, like `eth0:4567`. If the port number
+                  is omitted, the default swarm listening port is used.
+                type: "string"
+              AdvertiseAddr:
+                description: |
+                  Externally reachable address advertised to other nodes. This
+                  can either be an address/port combination in the form
+                  `192.168.1.1:4567`, or an interface followed by a port number,
+                  like `eth0:4567`. If the port number is omitted, the port
+                  number from the listen address is used. If `AdvertiseAddr` is
+                  not specified, it will be automatically detected when possible.
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format:
+                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
+                  like `eth0`. If `DataPathAddr` is unspecified, the same address
+                  as `AdvertiseAddr` is used.
+
+                  The `DataPathAddr` specifies the address that global scope
+                  network drivers will publish towards other  nodes in order to
+                  reach the containers running on this node. Using this parameter
+                  it is possible to separate the container data traffic from the
+                  management traffic of the cluster.
+                type: "string"
+              DefaultAddrPool:
+                description: |
+                  Default Address Pool specifies default subnet pools for global
+                  scope networks.
+                type: "array"
+                items:
+                  type: "string"
+                  example: ["10.10.0.0/16", "20.20.0.0/16"]
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              SubnetSize:
+                description: |
+                  SubnetSize specifies the subnet size of the networks created
+                  from the default subnet pool.
+                type: "integer"
+                format: "uint32"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              DefaultAddrPool: ["10.10.0.0/8", "20.20.0.0/8"]
+              SubnetSize: 24
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: |
+                  Listen address used for inter-manager communication if the node
+                  gets promoted to manager, as well as determining the networking
+                  interface used for the VXLAN Tunnel Endpoint (VTEP).
+                type: "string"
+              AdvertiseAddr:
+                description: |
+                  Externally reachable address advertised to other nodes. This
+                  can either be an address/port combination in the form
+                  `192.168.1.1:4567`, or an interface followed by a port number,
+                  like `eth0:4567`. If the port number is omitted, the port
+                  number from the listen address is used. If `AdvertiseAddr` is
+                  not specified, it will be automatically detected when possible.
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format:
+                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
+                  like `eth0`. If `DataPathAddr` is unspecified, the same address
+                  as `AdvertiseAddr` is used.
+
+                  The `DataPathAddr` specifies the address that global scope
+                  network drivers will publish towards other nodes in order to
+                  reach the containers running on this node. Using this parameter
+                  it is possible to separate the container data traffic from the
+                  management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: |
+                  Addresses of manager nodes already participating in the swarm.
+                type: "array"
+                items:
+                  type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: |
+            Force leave swarm, even if this is the last manager or that it will
+            break the cluster.
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the swarm object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "UnlockKeyResponse"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the services list.
+
+            Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ServiceCreateResponse"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration for pulling from private
+            registries.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the service object being updated. This is
+            required to avoid conflicting writes.
+            This version number should be the value as currently set on the
+            service *before* the update. You can find the current version by
+            calling `GET /services/{id}`
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          description: |
+            If the `X-Registry-Auth` header is not specified, this parameter
+            indicates where to find registry authorization credentials.
+          type: "string"
+          enum: ["spec", "previous-spec"]
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          description: |
+            Set to this parameter to `previous` to cause a server-side rollback
+            to the previous service spec. The supplied spec will be ignored in
+            this case.
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration for pulling from private
+            registries.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service. See also
+        [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+        **Note**: This endpoint works only for services with the `json-file` or
+        `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the tasks list.
+
+            Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+        See also [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+        **Note**: This endpoint works only for services with the `json-file` or
+        `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Task"]
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the secrets list.
+
+            Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: |
+            The spec of the secret to update. Currently, only the Labels field
+            can be updated. All other fields must remain unchanged from the
+            [SecretInspect endpoint](#operation/SecretInspect) response values.
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the secret object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the configs list.
+
+            Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: |
+            The spec of the config to update. Currently, only the Labels field
+            can be updated. All other fields must remain unchanged from the
+            [ConfigInspect endpoint](#operation/ConfigInspect) response values.
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the config object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: |
+        Return image digest and platform information by contacting the registry.
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            title: "DistributionInspectResponse"
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: |
+                  A descriptor struct containing digest, media type, and size.
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: |
+                  An array containing all platforms supported by the image.
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to
+        call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows
+        the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon responds with a `101 UPGRADED` response follow with
+        the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/docs/api/v1.40.yaml b/docs/api/v1.40.yaml
new file mode 100644
index 0000000000000..c09f76387767c
--- /dev/null
+++ b/docs/api/v1.40.yaml
@@ -0,0 +1,11250 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.40"
+info:
+  title: "Docker Engine API"
+  version: "1.40"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the
+    Docker client uses to communicate with the Engine, so everything the Docker
+    client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps`
+    is `GET /containers/json`). The notable exception is running containers,
+    which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure
+    of the API call. The body of the response will be JSON in the following
+    format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release, so API calls are versioned to
+    ensure that clients don't break. To lock to a specific version of the API,
+    you prefix the URL with its version, for example, call `/v1.30/info` to use
+    the v1.30 version of the `/info` endpoint. If the API version specified in
+    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
+    is returned.
+
+    If you omit the version-prefix, the current version of the API (v1.40) is used.
+    For example, calling `/info` is the same as calling `/v1.40/info`. Using the
+    API without a version-prefix is deprecated and will be removed in a future release.
+
+    Engine releases in the near future should support this version of the API,
+    so your client will continue to work even if it is talking to a newer Engine.
+
+    The API uses an open schema model, which means server may add extra properties
+    to responses. Likewise, the server will ignore any extra query parameters and
+    request body properties. When you write clients, you need to ignore additional
+    properties in responses to ensure they do not break when talking to newer
+    daemons.
+
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send
+    authentication details to various endpoints that need to communicate with
+    registries, such as `POST /images/(name)/push`. These are sent as
+    `X-Registry-Auth` header as a [base64url encoded](https://tools.ietf.org/html/rfc4648#section-5)
+    (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this
+    structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth),
+    you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to.
+      See the [networking documentation](https://docs.docker.com/network/)
+      for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. Refer to the
+      [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/)
+      for more information.
+
+      To exec a command in a container, you first need to create an exec instance,
+      then start it. These two API endpoints are wrapped up in a single command-line
+      command, `docker exec`.
+
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. Refer to the
+      [swarm mode documentation](https://docs.docker.com/engine/swarm/)
+      for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode
+      must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must
+      be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit
+      of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must
+      be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm
+      mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+        description: "Host IP address that the container's port is mapped to"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp", "sctp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  DeviceRequest:
+    type: "object"
+    description: "A request for devices to be sent to device drivers"
+    properties:
+      Driver:
+        type: "string"
+        example: "nvidia"
+      Count:
+        type: "integer"
+        example: -1
+      DeviceIDs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "0"
+          - "1"
+          - "GPU-fef8089b-4820-abfc-e83e-94318197576e"
+      Capabilities:
+        description: |
+          A list of capabilities; an OR list of AND lists of capabilities.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          # gpu AND nvidia AND compute
+          - ["gpu", "nvidia", "compute"]
+      Options:
+        description: |
+          Driver-specific options, specified as a key/value pairs. These options
+          are passed directly to the driver.
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+          - `npipe` Mounts a named pipe from the host into the container. Must exist prior to creating the container.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+          - "npipe"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            type: "string"
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+          NonRecursive:
+            description: "Disable recursive bind mount."
+            type: "boolean"
+            default: false
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to
+      restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is
+      added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: |
+          If `on-failure` is used, the number of times to retry before giving up.
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: |
+          An integer value representing this container's relative CPU weight
+          versus other containers.
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: |
+          Path to `cgroups` under which the container's `cgroup` is created. If
+          the path is not absolute, the path is considered to be relative to the
+          `cgroups` path of the init process. Cgroups are created if they do not
+          already exist.
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form:
+
+          ```
+          [{"Path": "device_path", "Weight": weight}]
+          ```
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: |
+          Microseconds of CPU time that the container can get in a CPU period.
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: |
+          The length of a CPU real-time period in microseconds. Set to 0 to
+          allocate no time allocated to real-time tasks.
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: |
+          The length of a CPU real-time runtime in microseconds. Set to 0 to
+          allocate no time allocated to real-time tasks.
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: |
+          CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: |
+          Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
+          effective on NUMA systems.
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DeviceRequests:
+        description: |
+          A list of requests for devices to be sent to device drivers.
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceRequest"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        example: 209715200
+      KernelMemoryTCP:
+        description: "Hard limit for kernel TCP buffer memory (in bytes)."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: |
+          Total memory limit (memory + swap). Set as `-1` to enable unlimited
+          swap.
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: |
+          Tune a container's memory swappiness behavior. Accepts an integer
+          between 0 and 100.
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      Init:
+        description: |
+          Run an init inside the container that forwards signals and reaps
+          processes. This field is omitted if empty, and the default (as
+          configured on the daemon) is used.
+        type: "boolean"
+        x-nullable: true
+      PidsLimit:
+        description: |
+          Tune a container's PIDs limit. Set `0` or `-1` for unlimited, or `null`
+          to not change.
+        type: "integer"
+        format: "int64"
+        x-nullable: true
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example:
+
+          ```
+          {"Name": "nofile", "Soft": 1024, "Hard": 2048}
+          ```
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are
+          mutually exclusive. The order of precedence is `CPUCount` first, then
+          `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are
+          mutually exclusive. The order of precedence is `CPUCount` first, then
+          `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: |
+          Maximum IO in bytes per second for the container system drive
+          (Windows only).
+        type: "integer"
+        format: "int64"
+
+  ResourceObject:
+    description: |
+      An object describing the resources which can be advertised by a node and
+      requested by a task.
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: |
+      User-defined resources can be either Integer resources (e.g, `SSD=3`) or
+      String resources (e.g, `GPU=UUID1`).
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: |
+          The time to wait between checks in nanoseconds. It should be 0 or at
+          least 1000000 (1 ms). 0 means inherit.
+        type: "integer"
+      Timeout:
+        description: |
+          The time to wait before considering the check to have hung. It should
+          be 0 or at least 1000000 (1 ms). 0 means inherit.
+        type: "integer"
+      Retries:
+        description: |
+          The number of consecutive failures needed to consider a container as
+          unhealthy. 0 means inherit.
+        type: "integer"
+      StartPeriod:
+        description: |
+          Start period for the container to initialize before starting
+          health-retries countdown in nanoseconds. It should be 0 or at least
+          1000000 (1 ms). 0 means inherit.
+        type: "integer"
+
+  Health:
+    description: |
+      Health stores information about the container's healthcheck results.
+    type: "object"
+    properties:
+      Status:
+        description: |
+          Status is one of `none`, `starting`, `healthy` or `unhealthy`
+
+          - "none"      Indicates there is no healthcheck
+          - "starting"  Starting indicates that the container is not yet ready
+          - "healthy"   Healthy indicates that the container is running correctly
+          - "unhealthy" Unhealthy indicates that the container has a problem
+        type: "string"
+        enum:
+          - "none"
+          - "starting"
+          - "healthy"
+          - "unhealthy"
+        example: "healthy"
+      FailingStreak:
+        description: "FailingStreak is the number of consecutive failures"
+        type: "integer"
+        example: 0
+      Log:
+        type: "array"
+        description: |
+          Log contains the last few results (oldest first)
+        items:
+          x-nullable: true
+          $ref: "#/definitions/HealthcheckResult"
+
+  HealthcheckResult:
+    description: |
+      HealthcheckResult stores information about a single run of a healthcheck probe
+    type: "object"
+    properties:
+      Start:
+        description: |
+          Date and time at which this check started in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "date-time"
+        example: "2020-01-04T10:44:24.496525531Z"
+      End:
+        description: |
+          Date and time at which this check ended in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2020-01-04T10:45:21.364524523Z"
+      ExitCode:
+        description: |
+          ExitCode meanings:
+
+          - `0` healthy
+          - `1` unhealthy
+          - `2` reserved (considered unhealthy)
+          - other values: error running probe
+        type: "integer"
+        example: 0
+      Output:
+        description: "Output from last check"
+        type: "string"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding
+              is a string in one of these forms:
+
+              - `host-src:container-dest[:options]` to bind-mount a host path
+                into the container. Both `host-src`, and `container-dest` must
+                be an _absolute_ path.
+              - `volume-name:container-dest[:options]` to bind-mount a volume
+                managed by a volume driver into the container. `container-dest`
+                must be an _absolute_ path.
+
+              `options` is an optional, comma-delimited list of:
+
+              - `nocopy` disables automatic copying of data from the container
+                path to the volume. The `nocopy` flag only applies to named volumes.
+              - `[ro|rw]` mounts a volume read-only or read-write, respectively.
+                If omitted or set to `rw`, volumes are mounted read-write.
+              - `[z|Z]` applies SELinux labels to allow or deny multiple containers
+                to read and write to the same volume.
+                  - `z`: a _shared_ content label is applied to the content. This
+                    label indicates that multiple containers can share the volume
+                    content, for both reading and writing.
+                  - `Z`: a _private unshared_ label is applied to the content.
+                    This label indicates that only the current container can use
+                    a private volume. Labeling systems such as SELinux require
+                    proper labels to be placed on volume content that is mounted
+                    into a container. Without a label, the security system can
+                    prevent a container's processes from using the content. By
+                    default, the labels set by the host operating system are not
+                    modified.
+              - `[[r]shared|[r]slave|[r]private]` specifies mount
+                [propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
+                This only applies to bind-mounted volumes, not internal volumes
+                or named volumes. Mount propagation requires the source mount
+                point (the location where the source directory is mounted in the
+                host operating system) to have the correct propagation properties.
+                For shared volumes, the source mount point must be set to `shared`.
+                For slave volumes, the mount must be set to either `shared` or
+                `slave`.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: |
+              Network mode to use for this container. Supported standard values
+              are: `bridge`, `host`, `none`, and `container:<name|id>`. Any
+              other value is taken as a custom network's name to which this
+              container should connect to.
+          PortBindings:
+            $ref: "#/definitions/PortMap"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: |
+              Automatically remove the container when the container's process
+              exits. This has no effect if `RestartPolicy` is set.
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: |
+              A list of volumes to inherit from another container, specified in
+              the form `<container name>[:<ro|rw>]`.
+            items:
+              type: "string"
+          Mounts:
+            description: |
+              Specification for mounts to be added to the container.
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          Capabilities:
+            type: "array"
+            description: |
+              A list of kernel capabilities to be available for container (this
+              overrides the default set).
+
+              Conflicts with options 'CapAdd' and 'CapDrop'"
+            items:
+              type: "string"
+          CapAdd:
+            type: "array"
+            description: |
+              A list of kernel capabilities to add to the container. Conflicts
+              with option 'Capabilities'.
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: |
+              A list of kernel capabilities to drop from the container. Conflicts
+              with option 'Capabilities'.
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts`
+              file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: |
+              A list of additional groups that the container process will run as.
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+              IPC sharing mode for the container. Possible values are:
+
+              - `"none"`: own private IPC namespace, with /dev/shm not mounted
+              - `"private"`: own private IPC namespace
+              - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+              - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+              - `"host"`: use the host system's IPC namespace
+
+              If not specified, daemon default is used, which can either be `"private"`
+              or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: |
+              A list of links for the container in the form `container_name:alias`.
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: |
+              An integer value containing the score given to the container in
+              order to tune OOM killer preferences.
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be
+              either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when
+              the container starts. The allocated port might be changed when
+              restarting the container.
+
+              The port is selected from the ephemeral port range that depends on
+              the kernel. For example, on Linux the range is defined by
+              `/proc/sys/net/ipv4/ip_local_port_range`.
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs
+              mounts, and their corresponding mount options. For example:
+
+              ```
+              { "/run": "rw,noexec,nosuid,size=65536k" }
+              ```
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: |
+              Sets the usernamespace mode for the container when usernamespace
+              remapping option is enabled.
+          ShmSize:
+            type: "integer"
+            description: |
+              Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container.
+              For example:
+
+              ```
+              {"net.ipv4.ip_forward": "1"}
+              ```
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: |
+              Initial console size, as an `[height, width]` array. (Windows only)
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: |
+              Isolation technology of the container. (Windows only)
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          MaskedPaths:
+            type: "array"
+            description: |
+              The list of paths to be masked inside the container (this overrides
+              the default set of paths).
+            items:
+              type: "string"
+          ReadonlyPaths:
+            type: "array"
+            description: |
+              The list of paths to be set as read-only inside the container
+              (this overrides the default set of paths).
+            items:
+              type: "string"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp|sctp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: |
+          Attach standard streams to a TTY, including `stdin` if it is not closed.
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the
+          form `["VAR=value", ...]`. A variable without `=` is removed from the
+          environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: |
+          Command to run specified as a string or an array of strings.
+        type: "array"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: |
+          The name of the image to use when creating the container/
+        type: "string"
+      Volumes:
+        description: |
+          An object mapping mount point paths inside the container to empty
+          objects.
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the
+          entry point is reset to system default (i.e., the entry point used by
+          docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type: "array"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: |
+          `ONBUILD` metadata that were defined in the image's `Dockerfile`.
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: |
+          Signal to stop a container as a string or unsigned integer.
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: |
+          Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkingConfig:
+    description: |
+      NetworkingConfig represents the container's networking configuration for
+      each of its interfaces.
+      It is used for the networking configs specified in the `docker create`
+      and `docker network connect` commands.
+    type: "object"
+    properties:
+      EndpointsConfig:
+        description: |
+          A mapping of network name to endpoint configuration for that network.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+    example:
+      # putting an example here, instead of using the example values from
+      # /definitions/EndpointSettings, because containers/create currently
+      # does not support attaching to multiple networks, so the example request
+      # would be confusing if it showed that multiple networks can be contained
+      # in the EndpointsConfig.
+      # TODO remove once we support multiple networks on container create (see https://github.com/moby/moby/blob/07e6b843594e061f82baa5fa23c2ff7d536c2a05/daemon/create.go#L323)
+      EndpointsConfig:
+        isolated_nw:
+          IPAMConfig:
+            IPv4Address: "172.20.30.33"
+            IPv6Address: "2001:db8:abcd::3033"
+            LinkLocalIPs:
+              - "169.254.34.68"
+              - "fe80::3468"
+          Links:
+            - "container_1"
+            - "container_2"
+          Aliases:
+            - "server_x"
+            - "server_y"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for multiple protocols, separate entries
+      are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      x-nullable: true
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: |
+          The level at which the volume exists. Either `global` for cluster-wide,
+          or `local` for machine level.
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: |
+          The driver specific options used when creating the volume.
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: |
+          List of IPAM configuration options, specified as a map:
+
+          ```
+          {"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}
+          ```
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+      aux:
+        $ref: "#/definitions/ImageID"
+
+  BuildCache:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Parent:
+        type: "string"
+      Type:
+        type: "string"
+      Description:
+        type: "string"
+      InUse:
+        type: "boolean"
+      Shared:
+        type: "boolean"
+      Size:
+        description: |
+          Amount of disk space used by the build cache (in bytes).
+        type: "integer"
+      CreatedAt:
+        description: |
+          Date and time at which the build cache was created in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      LastUsedAt:
+        description: |
+          Date and time at which the build cache was last used in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        x-nullable: true
+        example: "2017-08-09T07:09:37.632105588Z"
+      UsageCount:
+        type: "integer"
+
+  ImageID:
+    type: "object"
+    description: "Image ID or Digest"
+    properties:
+      ID:
+        type: "string"
+    example:
+      ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      current:
+        type: "integer"
+      total:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description:
+          True if the plugin is running. False if the plugin is not running,
+          only installed.
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+              ProtocolScheme:
+                type: "string"
+                example: "some.protocol/v1.0"
+                description: "Protocol to use for clients connecting to the plugin."
+                enum:
+                  - ""
+                  - "moby.plugins.http/v1"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed
+      to avoid conflicting writes. The client must send the version number along
+      with the modified specification when updating these objects.
+
+      This approach ensures safe concurrency and determinism in that the change
+      on the object may not be applied if the version number has changed from the
+      last read. In other words, if two update requests specify the same base
+      version, only one of the requests can succeed. As a result, two separate
+      update requests that happen at the same time will not unintentionally
+      overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: |
+      Information about the issuer of leaf TLS certificates and the trusted root
+      CA certificate.
+    type: "object"
+    properties:
+      TrustRoot:
+        description: |
+          The root CA certificate(s) that are used to validate leaf TLS
+          certificates.
+        type: "string"
+      CertIssuerSubject:
+        description:
+          The base64-url-safe-encoded raw subject bytes of the issuer.
+        type: "string"
+      CertIssuerPublicKey:
+        description: |
+          The base64-url-safe-encoded raw public key bytes of the issuer.
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: |
+              The number of historic tasks to keep per instance or node. If
+              negative, never remove completed or failed tasks.
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: |
+              The number of snapshots to keep beyond the current snapshot.
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: |
+              The number of log entries to keep around to sync up slow followers
+              after a snapshot is created.
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from
+              the leader before becoming a candidate and starting an election.
+              `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate
+              directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks,
+              the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate
+              directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: |
+              The delay for an agent to send a heartbeat to the dispatcher.
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: |
+              Configuration for forwarding signing requests to an external
+              certificate authority.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: |
+                    Protocol for communication with the external CA (currently
+                    only `cfssl` is supported).
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: |
+                    URL where certificate signing requests should be sent.
+                  type: "string"
+                Options:
+                  description: |
+                    An object with key/value pairs that are interpreted as
+                    protocol-specific options for the external CA driver.
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: |
+                    The root CA certificate (in PEM format) this external CA uses
+                    to issue TLS certificates (assumed to be to the current swarm
+                    root CA certificate if not provided).
+                  type: "string"
+          SigningCACert:
+            description: |
+              The desired signing CA certificate for all swarm node TLS leaf
+              certificates, in PEM format.
+            type: "string"
+          SigningCAKey:
+            description: |
+              The desired signing CA key for all swarm node TLS leaf certificates,
+              in PEM format.
+            type: "string"
+          ForceRotate:
+            description: |
+              An integer whose purpose is to force swarm to generate a new
+              signing CA certificate and key, if none have been specified in
+              `SigningCACert` and `SigningCAKey`
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: |
+              If set, generate a key and use it to lock data stored on the
+              managers.
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: |
+          Whether there is currently a root CA rotation in progress for the swarm
+        type: "boolean"
+        example: false
+      DataPathPort:
+        description: |
+          DataPathPort specifies the data path port number for data traffic.
+          Acceptable port range is 1024 to 49151.
+          If no port is set or is set to 0, the default port (4789) is used.
+        type: "integer"
+        format: "uint32"
+        default: 4789
+        example: 4789
+      DefaultAddrPool:
+        description: |
+          Default Address Pool specifies default subnet pools for global scope
+          networks.
+        type: "array"
+        items:
+          type: "string"
+          format: "CIDR"
+          example: ["10.10.0.0/16", "20.20.0.0/16"]
+      SubnetSize:
+        description: |
+          SubnetSize specifies the subnet size of the networks created from the
+          default subnet pool.
+        type: "integer"
+        format: "uint32"
+        maximum: 29
+        default: 24
+        example: 24
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: |
+          Plugin spec for the service.  *(Experimental release only.)*
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: |
+          Container spec for the service.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: |
+              The hostname to use for the container, as a valid
+              [RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
+            type: "string"
+          Env:
+            description: |
+              A list of environment variables in the form `VAR=value`.
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: |
+              A list of additional groups that the container process will run as.
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  Config:
+                    type: "string"
+                    example: "0bt9dmxjvjiqermk6xrop3ekq"
+                    description: |
+                      Load credential spec from a Swarm Config with the given ID.
+                      The specified config must also be present in the Configs
+                      field with the Runtime property set.
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
+                  File:
+                    type: "string"
+                    example: "spec.json"
+                    description: |
+                      Load credential spec from this file. The file is read by
+                      the daemon, and must be present in the `CredentialSpecs`
+                      subdirectory in the docker data directory, which defaults
+                      to `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads
+                      `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows
+                      registry. The specified registry value must be located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: |
+              Specification for mounts to be added to containers created as part
+              of the service.
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: |
+              Amount of time to wait for the container to terminate before
+              forcefully killing it.
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: |
+              Specification for DNS related configurations in resolver configuration
+              file (`resolv.conf`).
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: |
+                  A list of internal resolver variables to be modified (e.g.,
+                  `debug`, `ndots:3`, etc.).
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: |
+              Secrets contains references to zero or more secrets that will be
+              exposed to the service.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: |
+                    File represents a specific target that is backed by a file.
+                  type: "object"
+                  properties:
+                    Name:
+                      description: |
+                        Name represents the final filename in the filesystem.
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: |
+                    SecretID represents the ID of the specific secret that we're
+                    referencing.
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references,
+                    but this is just provided for lookup/display purposes. The
+                    secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: |
+              Configs contains references to zero or more configs that will be
+              exposed to the service.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: |
+                    File represents a specific target that is backed by a file.
+
+                    <p><br /><p>
+
+                    > **Note**: `Configs.File` and `Configs.Runtime` are mutually exclusive
+                  type: "object"
+                  properties:
+                    Name:
+                      description: |
+                        Name represents the final filename in the filesystem.
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                Runtime:
+                  description: |
+                    Runtime represents a target that is not mounted into the
+                    container but is used by the task
+
+                    <p><br /><p>
+
+                    > **Note**: `Configs.File` and `Configs.Runtime` are mutually
+                    > exclusive
+                  type: "object"
+                ConfigID:
+                  description: |
+                    ConfigID represents the ID of the specific config that we're
+                    referencing.
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references,
+                    but this is just provided for lookup/display purposes. The
+                    config in the reference will be identified by its ID.
+                  type: "string"
+          Isolation:
+            type: "string"
+            description: |
+              Isolation technology of the containers running the service.
+              (Windows only)
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          Init:
+            description: |
+              Run an init inside the container that forwards signals and reaps
+              processes. This field is omitted if empty, and the default (as
+              configured on the daemon) is used.
+            type: "boolean"
+            x-nullable: true
+          Sysctls:
+            description: |
+              Set kernel namedspaced parameters (sysctls) in the container.
+              The Sysctls option on services accepts the same sysctls as the
+              are supported on containers. Note that while the same sysctls are
+              supported, no guarantees or checks are made about their
+              suitability for a clustered environment, and it's up to the user
+              to determine whether a given sysctl will work properly in a
+              Service.
+            type: "object"
+            additionalProperties:
+              type: "string"
+      NetworkAttachmentSpec:
+        description: |
+          Read-only spec type for non-swarm containers attached to swarm overlay
+          networks.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        type: "object"
+        properties:
+          ContainerID:
+            description: "ID of the container represented by this task"
+            type: "string"
+      Resources:
+        description: |
+          Resource requirements which apply to each individual container created
+          as part of the service.
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/ResourceObject"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: |
+          Specification for the restart policy which applies to containers
+          created as part of this service.
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: |
+              Maximum attempts to restart a given container before giving up
+              (default value is 0, which is ignored).
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: |
+              Windows is the time window used to evaluate the restart policy
+              (default value is 0, which is unbounded).
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: |
+              An array of constraint expressions to limit the set of nodes where
+              a task can be scheduled. Constraint expressions can either use a
+              _match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
+              nodes that satisfy every expression (AND match). Constraints can
+              match node or Docker Engine labels as follows:
+
+              node attribute       | matches                        | example
+              ---------------------|--------------------------------|-----------------------------------------------
+              `node.id`            | Node ID                        | `node.id==2ivku8v2gvtg4`
+              `node.hostname`      | Node hostname                  | `node.hostname!=node-2`
+              `node.role`          | Node role (`manager`/`worker`) | `node.role==manager`
+              `node.platform.os`   | Node operating system          | `node.platform.os==windows`
+              `node.platform.arch` | Node architecture              | `node.platform.arch==x86_64`
+              `node.labels`        | User-defined node labels       | `node.labels.security==high`
+              `engine.labels`      | Docker Engine's labels         | `engine.labels.operatingsystem==ubuntu-14.04`
+
+              `engine.labels` apply to Docker Engine labels like operating system,
+              drivers, etc. Swarm administrators add `node.labels` for operational
+              purposes by using the [`node update endpoint`](#operation/NodeUpdate).
+
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+              - "node.platform.os==linux"
+              - "node.platform.arch==x86_64"
+          Preferences:
+            description: |
+              Preferences provide a way to make the scheduler aware of factors
+              such as topology. They are provided in order from highest to
+              lowest precedence.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: |
+                        label descriptor, such as `engine.labels.az`.
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          MaxReplicas:
+            description: |
+              Maximum number of replicas for per node (default value is 0, which
+              is unlimited)
+            type: "integer"
+            format: "int64"
+            default: 0
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: |
+          A counter that triggers an update even if no relevant parameters have
+          been changed.
+        type: "integer"
+      Runtime:
+        description: |
+          Runtime is the type of runtime specified for the task executor.
+        type: "string"
+      Networks:
+        description: "Specifies which networks the service should attach to."
+        type: "array"
+        items:
+          $ref: "#/definitions/NetworkAttachmentConfig"
+      LogDriver:
+        description: |
+          Specifies the log driver to use for tasks created from this spec. If
+          not present, the default one for the swarm will be used, finally
+          falling back to the engine default if not specified.
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+      - "remove"
+      - "orphaned"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: |
+              Maximum number of tasks to be updated in one iteration (0 means
+              unlimited parallelism).
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: |
+              Action to take if an updated task fails to run, or stops running
+              during the update.
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: |
+              Amount of time to monitor each updated task for failures, in
+              nanoseconds.
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: |
+              The fraction of tasks that may fail during an update before the
+              failure action is invoked, specified as a floating point number
+              between 0 and 1.
+            type: "number"
+            default: 0
+          Order:
+            description: |
+              The order of operations when rolling out an updated task. Either
+              the old task is shut down before the new task is started, or the
+              new task is started before the old task is shut down.
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: |
+              Maximum number of tasks to be rolled back in one iteration (0 means
+              unlimited parallelism).
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: |
+              Amount of time between rollback iterations, in nanoseconds.
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: |
+              Action to take if an rolled back task fails to run, or stops
+              running during the rollback.
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: |
+              Amount of time to monitor each rolled back task for failures, in
+              nanoseconds.
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: |
+              The fraction of tasks that may fail during a rollback before the
+              failure action is invoked, specified as a floating point number
+              between 0 and 1.
+            type: "number"
+            default: 0
+          Order:
+            description: |
+              The order of operations when rolling back a task. Either the old
+              task is shut down before the new task is started, or the new task
+              is started before the old task is shut down.
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Specifies which networks the service should attach to."
+        type: "array"
+        items:
+          $ref: "#/definitions/NetworkAttachmentConfig"
+
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+          - "sctp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: |
+          The mode of resolution to use for internal load balancing between tasks.
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: |
+          List of exposed ports that this service is accessible on from the
+          outside. Ports can only be provided if `vip` resolution mode is used.
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: |
+          Name of the secrets driver used to fetch the secret's value from an
+          external secret store.
+        $ref: "#/definitions/Driver"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
+          config data.
+        type: "string"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  ContainerState:
+    description: |
+      ContainerState stores container's running state. It's part of ContainerJSONBase
+      and will be returned by the "inspect" command.
+    type: "object"
+    properties:
+      Status:
+        description: |
+          String representation of the container state. Can be one of "created",
+          "running", "paused", "restarting", "removing", "exited", or "dead".
+        type: "string"
+        enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+        example: "running"
+      Running:
+        description: |
+          Whether this container is running.
+
+          Note that a running container can be _paused_. The `Running` and `Paused`
+          booleans are not mutually exclusive:
+
+          When pausing a container (on Linux), the freezer cgroup is used to suspend
+          all processes in the container. Freezing the process requires the process to
+          be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+          Use the `Status` field instead to determine if a container's state is "running".
+        type: "boolean"
+        example: true
+      Paused:
+        description: "Whether this container is paused."
+        type: "boolean"
+        example: false
+      Restarting:
+        description: "Whether this container is restarting."
+        type: "boolean"
+        example: false
+      OOMKilled:
+        description: |
+          Whether this container has been killed because it ran out of memory.
+        type: "boolean"
+        example: false
+      Dead:
+        type: "boolean"
+        example: false
+      Pid:
+        description: "The process ID of this container"
+        type: "integer"
+        example: 1234
+      ExitCode:
+        description: "The last exit code of this container"
+        type: "integer"
+        example: 0
+      Error:
+        type: "string"
+      StartedAt:
+        description: "The time when this container was last started."
+        type: "string"
+        example: "2020-01-06T09:06:59.461876391Z"
+      FinishedAt:
+        description: "The time when this container last exited."
+        type: "string"
+        example: "2020-01-06T09:07:59.461876391Z"
+      Health:
+        x-nullable: true
+        $ref: "#/definitions/Health"
+
+  SystemVersion:
+    type: "object"
+    description: |
+      Response of Engine API: GET "/version"
+    properties:
+      Platform:
+        type: "object"
+        required: [Name]
+        properties:
+          Name:
+            type: "string"
+      Components:
+        type: "array"
+        description: |
+          Information about system components
+        items:
+          type: "object"
+          x-go-name: ComponentVersion
+          required: [Name, Version]
+          properties:
+            Name:
+              description: |
+                Name of the component
+              type: "string"
+              example: "Engine"
+            Version:
+              description: |
+                Version of the component
+              type: "string"
+              x-nullable: false
+              example: "19.03.12"
+            Details:
+              description: |
+                Key/value pairs of strings with additional information about the
+                component. These values are intended for informational purposes
+                only, and their content is not defined, and not part of the API
+                specification.
+
+                These messages can be printed by the client as information to the user.
+              type: "object"
+              x-nullable: true
+      Version:
+        description: "The version of the daemon"
+        type: "string"
+        example: "19.03.12"
+      ApiVersion:
+        description: |
+          The default (and highest) API version that is supported by the daemon
+        type: "string"
+        example: "1.40"
+      MinAPIVersion:
+        description: |
+          The minimum API version that is supported by the daemon
+        type: "string"
+        example: "1.12"
+      GitCommit:
+        description: |
+          The Git commit of the source code that was used to build the daemon
+        type: "string"
+        example: "48a66213fe"
+      GoVersion:
+        description: |
+          The version Go used to compile the daemon, and the version of the Go
+          runtime in use.
+        type: "string"
+        example: "go1.13.14"
+      Os:
+        description: |
+          The operating system that the daemon is running on ("linux" or "windows")
+        type: "string"
+        example: "linux"
+      Arch:
+        description: |
+          The architecture that the daemon is running on
+        type: "string"
+        example: "amd64"
+      KernelVersion:
+        description: |
+          The kernel version (`uname -r`) that the daemon is running on.
+
+          This field is omitted when empty.
+        type: "string"
+        example: "4.19.76-linuxkit"
+      Experimental:
+        description: |
+          Indicates if the daemon is started with experimental features enabled.
+
+          This field is omitted when empty / false.
+        type: "boolean"
+        example: true
+      BuildTime:
+        description: |
+          The date and time that the daemon was compiled.
+        type: "string"
+        example: "2020-06-22T15:49:27.000000000+00:00"
+
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: |
+          Indicates if CPU CFS(Completely Fair Scheduler) period is supported by
+          the host.
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: |
+          Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by
+          the host.
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: |
+          Indicates if CPU Shares limiting is supported by the host.
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      PidsLimit:
+        description: "Indicates if the host kernel has PID limit support enabled."
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: |
+          Indicates if the daemon is running in debug-mode / with debug-level
+          logging enabled.
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd", "none"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+          Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+          are masked in the API response.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://xxxxx:xxxxx@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+          Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+          are masked in the API response.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://xxxxx:xxxxx@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "runc"
+        example:
+          runc:
+            path: "runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, user-namespaces (userns), and rootless.
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+          - "name=rootless"
+      ProductLicense:
+        description: |
+          Reports a summary of the product license on the daemon.
+
+          If a commercial license has been applied to the daemon, information
+          such as number of nodes, and expiration are included.
+        type: "string"
+        example: "Community Engine"
+      Warnings:
+        description: |
+          List of warnings / informational messages about missing features, or
+          issues related to the daemon configuration.
+
+          These messages can be printed by the client as information to the user.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "WARNING: No memory limit support"
+          - "WARNING: bridge-nf-call-iptables is disabled"
+          - "WARNING: bridge-nf-call-ip6tables is disabled"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+  NetworkAttachmentConfig:
+    description: |
+      Specifies how a service should be attached to a particular network.
+    type: "object"
+    properties:
+      Target:
+        description: |
+          The target network for attachment. Must be a network name or ID.
+        type: "string"
+      Aliases:
+        description: |
+          Discoverable alternate names for the service on this network.
+        type: "array"
+        items:
+          type: "string"
+      DriverOpts:
+        description: |
+          Driver attachment options for the network target.
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see the
+        [inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container
+        than inspecting a single container. For example, the list of linked
+        containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: |
+            Return all containers. By default, only running containers are shown.
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: |
+            Return this number of most recently created containers, including
+            non-running ones.
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: |
+            Return the size of container as fields `SizeRw` and `SizeRootFs`.
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a
+            `map[string][]string`). For example, `{"status": ["paused"]}` will
+            only return paused containers.
+
+            Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: |
+            Assign the specified name to the container. Must match
+            `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
+          type: "string"
+          pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    $ref: "#/definitions/NetworkingConfig"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                DeviceRequests:
+                  - Driver: "nvidia"
+                    Count: -1
+                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+                    Capabilities: [["gpu", "nvidia", "compute"]]
+                    Options:
+                      property1: "string"
+                      property2: "string"
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: 0
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            title: "ContainerCreateResponse"
+            description: "OK response to ContainerCreate operation"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerInspectResponse"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                x-nullable: true
+                $ref: "#/definitions/ContainerState"
+              Image:
+                description: "The container's image ID"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              Platform:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                description: "IDs of exec instances that are running in the container."
+                type: "array"
+                items:
+                  type: "string"
+                x-nullable: true
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: |
+                  The size of files that have been created or changed by this
+                  container.
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Healthcheck:
+                  Test: ["CMD-SHELL", "exit 0"]
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              ExecIDs:
+                - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
+                - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                DeviceRequests:
+                  - Driver: "nvidia"
+                    Count: -1
+                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+                    Capabilities: [["gpu", "nvidia", "compute"]]
+                    Options:
+                      property1: "string"
+                      property2: "string"
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                Health:
+                  Status: "healthy"
+                  FailingStreak: 0
+                  Log:
+                    - Start: "2019-12-22T10:59:05.6385933Z"
+                      End: "2019-12-22T10:59:05.8078452Z"
+                      ExitCode: 0
+                      Output: ""
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: |
+        On Unix systems, this is done by running the `ps` command. This endpoint
+        is not supported on Windows.
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerTopResponse"
+            description: "OK response to ContainerTop operation"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: |
+                  Each process running in the container, where each is process
+                  is an array of values corresponding to the titles.
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or
+        `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        200:
+          description: |
+            logs returned as a stream in response body.
+            For the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+            Note that unlike the attach endpoint, the logs endpoint does not
+            upgrade the connection and does not set Content-Type.
+          schema:
+            type: "string"
+            format: "binary"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: "Keep connection after returning logs."
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "until"
+          in: "query"
+          description: "Only return logs before this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              title: "ContainerChangeResponseItem"
+              description: "change item in response to ContainerChanges operation"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of the *previous* read, and is
+        used to calculate the CPU usage percentage. It is not an exact copy
+        of the `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+
+        To calculate the values shown by the `stats` command of the docker cli tool
+        the following formulas can be used:
+        * used_memory = `memory_stats.usage - memory_stats.stats.cache`
+        * available_memory = `memory_stats.limit`
+        * Memory usage % = `(used_memory / available_memory) * 100.0`
+        * cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
+        * system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
+        * number_cpus = `lenght(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
+        * CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: |
+            Stream the output. If false, the stats will be output once and then
+            it will disconnect.
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container. Format is a
+            single character `[a-Z]` or `ctrl-<value>` where `<value>` is one
+            of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: |
+        Send a POSIX signal to a container, defaulting to killing to the
+        container.
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is not running"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: |
+        Change various configuration options of a container without having to
+        recreate it.
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            title: "ContainerUpdateResponse"
+            description: "OK response to ContainerUpdate operation"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the freezer cgroup to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used,
+        which is observable by the process being suspended. With the freezer
+        cgroup the process is unaware, and unable to capture, that it is being
+        suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach
+        to the same container multiple times and you can reattach to containers
+        that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint
+        to do anything.
+
+        See the [documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/)
+        for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`,
+        and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used
+        for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client
+        can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will
+        similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate),
+        the stream over the hijacked connected is multiplexed to separate out
+        `stdout` and `stderr`. The stream consists of a series of frames, each
+        containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or
+        `stderr`). It also contains the size of the associated frame encoded in
+        the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size
+        encoded as big endian.
+
+        Following the header is the payload, which is the specified number of
+        bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate),
+        the stream is not multiplexed. The data exchanged over the hijacked
+        connection is simply the raw data from the process PTY and client's
+        `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container.Format is a single
+            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
+            `@`, `^`, `[`, `,` or `_`.
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you
+            want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been
+            returned, it will seamlessly transition into streaming current
+            output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: |
+            Stream attached streams from the time the request was made onwards.
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container.Format is a single
+            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
+            `@`, `^`, `[`, `,`, or `_`.
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            title: "ContainerWaitResponse"
+            description: "OK response to ContainerWait operation"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: |
+            Wait until a container state reaches the given condition, either
+            'not-running' (default), 'next-exit', or 'removed'.
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: |
+                You cannot remove a running container: c2ada9df5af8. Stop the
+                container before attempting removal or force remove
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: |
+        A response header `X-Docker-Container-Path-Stat` is returned, containing
+        a base64 - encoded JSON object with some filesystem header information
+        about the path.
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: |
+                A base64 - encoded JSON object with some filesystem header
+                information about the path
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: |
+                      The error message. Either "must specify path parameter"
+                      (path cannot be empty) or "not a directory" (path was
+                      asserted to be a directory but exists as a file).
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: |
+                      The error message. Either "must specify path parameter"
+                      (path cannot be empty) or "not a directory" (path was
+                      asserted to be a directory but exists as a file).
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: |
+            If `1`, `true`, or `True` then it will be an error if unpacking the
+            given content would cause an existing directory to be replaced with
+            a non-directory and vice versa.
+          type: "string"
+        - name: "copyUIDGID"
+          in: "query"
+          description: |
+            If `1`, `true`, then it will copy UID/GID maps to the dest file or
+            dir
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: |
+            The input stream must be a tar archive compressed with one of the
+            following algorithms: `identity` (no compression), `gzip`, `bzip2`,
+            or `xz`.
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ContainerPruneResponse"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the images list.
+
+            Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: >
+            JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
+            uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
+            instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
+            passing secret values.
+
+
+            For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
+            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+
+
+            [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
+          type: "string"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: |
+            Sets the networking mode for the run commands during build. Supported
+            standard values are: `bridge`, `host`, `none`, and `container:<name|id>`.
+            Any other value is taken as a custom network's name or ID to which this
+            container should connect to.
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+        - name: "target"
+          in: "query"
+          description: "Target build stage"
+          type: "string"
+          default: ""
+        - name: "outputs"
+          in: "query"
+          description: "BuildKit output configuration"
+          type: "string"
+          default: ""
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      parameters:
+        - name: "keep-storage"
+          in: "query"
+          description: "Amount of disk space in bytes to keep for cache"
+          type: "integer"
+          format: "int64"
+        - name: "all"
+          in: "query"
+          type: "boolean"
+          description: "Remove all types of build cache"
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the list of build cache objects.
+
+            Available filters:
+
+            - `until=<duration>`: duration relative to daemon's time, during which build cache was not used, in Go's duration format (e.g., '24h')
+            - `id=<id>`
+            - `parent=<id>`
+            - `type=<string>`
+            - `description=<string>`
+            - `inuse`
+            - `shared`
+            - `private`
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "BuildPruneResponse"
+            properties:
+              CachesDeleted:
+                type: "array"
+                items:
+                  description: "ID of build cache object"
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "message"
+          in: "query"
+          description: "Set commit message for imported image."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              title: "HistoryResponseItem"
+              description: "individual image layer information in response to ImageHistory operation"
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must
+        already have a tag which references the registry. For example,
+        `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              title: "ImageSearchResponseItem"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ImagePruneResponse"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: |
+        Validate credentials for a registry and, if available, get an identity
+        token for accessing the registry without password.
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            title: "SystemAuthResponse"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/SystemVersion"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Builder-Version:
+              type: "string"
+              description: "Default version of docker image builder"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          headers:
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
+      tags: ["System"]
+    head:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPingHead"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "(empty)"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Builder-Version:
+              type: "string"
+              description: "Default version of docker image builder"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemEventsResponse"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`=<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemDataUsageResponse"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+              BuildCache:
+                type: "array"
+                items:
+                  $ref: "#/definitions/BuildCache"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image
+        repositories.
+
+        For each value of the `names` parameter: if it is a specific name and
+        tag (e.g. `ubuntu:latest`), then only that image (and its parents) are
+        returned; if it is an image ID, similarly only that image (and its parents)
+        are returned and there would be no names referenced in the 'repositories'
+        file for this image ID.
+
+        For details on the format, see the [export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see the [export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: |
+                  Override the key sequence for detaching a container. Format is
+                  a single character `[a-Z]` or `ctrl-<value>` where `<value>`
+                  is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: |
+                  A list of environment variables in the form `["VAR=value", ...]`.
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: |
+                  The user, and optionally, group to run the exec process inside
+                  the container. Format is one of: `user`, `user:group`, `uid`,
+                  or `uid:gid`.
+              WorkingDir:
+                type: "string"
+                description: |
+                  The working directory for the exec process inside the container.
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: |
+        Starts a previously set up exec instance. If detach is true, this endpoint
+        returns immediately after starting the command. Otherwise, it sets up an
+        interactive session with the command.
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: |
+        Resize the TTY session used by an exec instance. This endpoint only works
+        if `tty` was specified as part of creating and starting the exec instance.
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ExecInspectResponse"
+            properties:
+              CanRemove:
+                type: "boolean"
+              DetachKeys:
+                type: "string"
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            title: "VolumeListResponse"
+            description: "Volume list response"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: |
+                  Warnings that occurred when fetching the list of volumes.
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            description: "Volume configuration"
+            title: "VolumeConfig"
+            properties:
+              Name:
+                description: |
+                  The new volume's name. If not specified, Docker generates a name.
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: |
+                  A mapping of driver options and values. These options are
+                  passed directly to the driver and are driver specific.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "VolumePruneResponse"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see the
+        [network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than
+        inspecting a single network. For example, the list of containers attached
+        to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process
+            on the networks list.
+
+            Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               networks that are not in use by a container. When set to `false`
+               (or `0`), only networks that are in use by one or more
+               containers are returned.
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkCreateResponse"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: |
+                  Check for networks with duplicate names. Since Network is
+                  primarily keyed based on a random ID and not on the name, and
+                  network name is strictly a user-friendly alias to the network
+                  which is uniquely identified using ID, there is no guaranteed
+                  way to check for duplicates. CheckDuplicate is there to provide
+                  a best effort checking of any networks which has the same name
+                  but it is not guaranteed to catch all name collisions.
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: |
+                  Globally scoped network is manually attachable by regular
+                  containers from workers in swarm mode.
+                type: "boolean"
+              Ingress:
+                description: |
+                  Ingress network is the network which provides the routing-mesh
+                  in swarm mode.
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: |
+                  The ID or name of the container to disconnect from the network.
+              Force:
+                type: "boolean"
+                description: |
+                  Force the container to disconnect from the network.
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkPruneResponse"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the plugin list.
+
+            Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission the user has to accept upon installing
+                the plugin.
+              type: "object"
+              title: "PluginPrivilegeItem"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be
+        enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration to use when pulling a plugin
+            from a registry.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: |
+            Disable the plugin before removing. This may result in issues if the
+            plugin is in use by a container.
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration to use when pulling a plugin
+            from a registry.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `node.label=<node label>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the node object being updated. This is required
+            to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: |
+                  Listen address used for inter-manager communication, as well
+                  as determining the networking interface used for the VXLAN
+                  Tunnel Endpoint (VTEP). This can either be an address/port
+                  combination in the form `192.168.1.1:4567`, or an interface
+                  followed by a port number, like `eth0:4567`. If the port number
+                  is omitted, the default swarm listening port is used.
+                type: "string"
+              AdvertiseAddr:
+                description: |
+                  Externally reachable address advertised to other nodes. This
+                  can either be an address/port combination in the form
+                  `192.168.1.1:4567`, or an interface followed by a port number,
+                  like `eth0:4567`. If the port number is omitted, the port
+                  number from the listen address is used. If `AdvertiseAddr` is
+                  not specified, it will be automatically detected when possible.
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format:
+                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
+                  like `eth0`. If `DataPathAddr` is unspecified, the same address
+                  as `AdvertiseAddr` is used.
+
+                  The `DataPathAddr` specifies the address that global scope
+                  network drivers will publish towards other  nodes in order to
+                  reach the containers running on this node. Using this parameter
+                  it is possible to separate the container data traffic from the
+                  management traffic of the cluster.
+                type: "string"
+              DataPathPort:
+                description: |
+                  DataPathPort specifies the data path port number for data traffic.
+                  Acceptable port range is 1024 to 49151.
+                  if no port is set or is set to 0, default port 4789 will be used.
+                type: "integer"
+                format: "uint32"
+              DefaultAddrPool:
+                description: |
+                  Default Address Pool specifies default subnet pools for global
+                  scope networks.
+                type: "array"
+                items:
+                  type: "string"
+                  example: ["10.10.0.0/16", "20.20.0.0/16"]
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              SubnetSize:
+                description: |
+                  SubnetSize specifies the subnet size of the networks created
+                  from the default subnet pool.
+                type: "integer"
+                format: "uint32"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              DataPathPort: 4789
+              DefaultAddrPool: ["10.10.0.0/8", "20.20.0.0/8"]
+              SubnetSize: 24
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: |
+                  Listen address used for inter-manager communication if the node
+                  gets promoted to manager, as well as determining the networking
+                  interface used for the VXLAN Tunnel Endpoint (VTEP).
+                type: "string"
+              AdvertiseAddr:
+                description: |
+                  Externally reachable address advertised to other nodes. This
+                  can either be an address/port combination in the form
+                  `192.168.1.1:4567`, or an interface followed by a port number,
+                  like `eth0:4567`. If the port number is omitted, the port
+                  number from the listen address is used. If `AdvertiseAddr` is
+                  not specified, it will be automatically detected when possible.
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format:
+                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
+                  like `eth0`. If `DataPathAddr` is unspecified, the same address
+                  as `AdvertiseAddr` is used.
+
+                  The `DataPathAddr` specifies the address that global scope
+                  network drivers will publish towards other nodes in order to
+                  reach the containers running on this node. Using this parameter
+                  it is possible to separate the container data traffic from the
+                  management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: |
+                  Addresses of manager nodes already participating in the swarm.
+                type: "array"
+                items:
+                  type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: |
+            Force leave swarm, even if this is the last manager or that it will
+            break the cluster.
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the swarm object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "UnlockKeyResponse"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the services list.
+
+            Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ServiceCreateResponse"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration for pulling from private
+            registries.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the service object being updated. This is
+            required to avoid conflicting writes.
+            This version number should be the value as currently set on the
+            service *before* the update. You can find the current version by
+            calling `GET /services/{id}`
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          description: |
+            If the `X-Registry-Auth` header is not specified, this parameter
+            indicates where to find registry authorization credentials.
+          type: "string"
+          enum: ["spec", "previous-spec"]
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          description: |
+            Set to this parameter to `previous` to cause a server-side rollback
+            to the previous service spec. The supplied spec will be ignored in
+            this case.
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration for pulling from private
+            registries.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service. See also
+        [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+        **Note**: This endpoint works only for services with the `local`,
+        `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      responses:
+        200:
+          description: "logs returned as a stream in response body"
+          schema:
+            type: "string"
+            format: "binary"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: "Keep connection after returning logs."
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the tasks list.
+
+            Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+        See also [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+        **Note**: This endpoint works only for services with the `local`,
+        `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      responses:
+        200:
+          description: "logs returned as a stream in response body"
+          schema:
+            type: "string"
+            format: "binary"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: "Keep connection after returning logs."
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Task"]
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the secrets list.
+
+            Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: |
+            The spec of the secret to update. Currently, only the Labels field
+            can be updated. All other fields must remain unchanged from the
+            [SecretInspect endpoint](#operation/SecretInspect) response values.
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the secret object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the configs list.
+
+            Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: |
+            The spec of the config to update. Currently, only the Labels field
+            can be updated. All other fields must remain unchanged from the
+            [ConfigInspect endpoint](#operation/ConfigInspect) response values.
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the config object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: |
+        Return image digest and platform information by contacting the registry.
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            title: "DistributionInspectResponse"
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: |
+                  A descriptor struct containing digest, media type, and size.
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: |
+                  An array containing all platforms supported by the image.
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to
+        call back to the client for advanced capabilities.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows
+        the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon responds with a `101 UPGRADED` response follow with
+        the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session"]
diff --git a/docs/api/v1.41.yaml b/docs/api/v1.41.yaml
new file mode 100644
index 0000000000000..fba45b6b15a55
--- /dev/null
+++ b/docs/api/v1.41.yaml
@@ -0,0 +1,11425 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.41"
+info:
+  title: "Docker Engine API"
+  version: "1.41"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the
+    Docker client uses to communicate with the Engine, so everything the Docker
+    client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps`
+    is `GET /containers/json`). The notable exception is running containers,
+    which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure
+    of the API call. The body of the response will be JSON in the following
+    format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release, so API calls are versioned to
+    ensure that clients don't break. To lock to a specific version of the API,
+    you prefix the URL with its version, for example, call `/v1.30/info` to use
+    the v1.30 version of the `/info` endpoint. If the API version specified in
+    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
+    is returned.
+
+    If you omit the version-prefix, the current version of the API (v1.41) is used.
+    For example, calling `/info` is the same as calling `/v1.41/info`. Using the
+    API without a version-prefix is deprecated and will be removed in a future release.
+
+    Engine releases in the near future should support this version of the API,
+    so your client will continue to work even if it is talking to a newer Engine.
+
+    The API uses an open schema model, which means server may add extra properties
+    to responses. Likewise, the server will ignore any extra query parameters and
+    request body properties. When you write clients, you need to ignore additional
+    properties in responses to ensure they do not break when talking to newer
+    daemons.
+
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send
+    authentication details to various endpoints that need to communicate with
+    registries, such as `POST /images/(name)/push`. These are sent as
+    `X-Registry-Auth` header as a [base64url encoded](https://tools.ietf.org/html/rfc4648#section-5)
+    (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this
+    structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth),
+    you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldy. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to.
+      See the [networking documentation](https://docs.docker.com/network/)
+      for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. Refer to the
+      [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/)
+      for more information.
+
+      To exec a command in a container, you first need to create an exec instance,
+      then start it. These two API endpoints are wrapped up in a single command-line
+      command, `docker exec`.
+
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. Refer to the
+      [swarm mode documentation](https://docs.docker.com/engine/swarm/)
+      for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode
+      must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must
+      be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit
+      of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must
+      be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm
+      mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+        description: "Host IP address that the container's port is mapped to"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp", "sctp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  DeviceRequest:
+    type: "object"
+    description: "A request for devices to be sent to device drivers"
+    properties:
+      Driver:
+        type: "string"
+        example: "nvidia"
+      Count:
+        type: "integer"
+        example: -1
+      DeviceIDs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "0"
+          - "1"
+          - "GPU-fef8089b-4820-abfc-e83e-94318197576e"
+      Capabilities:
+        description: |
+          A list of capabilities; an OR list of AND lists of capabilities.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          # gpu AND nvidia AND compute
+          - ["gpu", "nvidia", "compute"]
+      Options:
+        description: |
+          Driver-specific options, specified as a key/value pairs. These options
+          are passed directly to the driver.
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+          - `npipe` Mounts a named pipe from the host into the container. Must exist prior to creating the container.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+          - "npipe"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            type: "string"
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+          NonRecursive:
+            description: "Disable recursive bind mount."
+            type: "boolean"
+            default: false
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to
+      restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is
+      added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - Empty string means not to restart
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - ""
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: |
+          If `on-failure` is used, the number of times to retry before giving up.
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: |
+          An integer value representing this container's relative CPU weight
+          versus other containers.
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        format: "int64"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: |
+          Path to `cgroups` under which the container's `cgroup` is created. If
+          the path is not absolute, the path is considered to be relative to the
+          `cgroups` path of the init process. Cgroups are created if they do not
+          already exist.
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form:
+
+          ```
+          [{"Path": "device_path", "Weight": weight}]
+          ```
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form:
+
+          ```
+          [{"Path": "device_path", "Rate": rate}]
+          ```
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: |
+          Microseconds of CPU time that the container can get in a CPU period.
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: |
+          The length of a CPU real-time period in microseconds. Set to 0 to
+          allocate no time allocated to real-time tasks.
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: |
+          The length of a CPU real-time runtime in microseconds. Set to 0 to
+          allocate no time allocated to real-time tasks.
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: |
+          CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+        type: "string"
+        example: "0-3"
+      CpusetMems:
+        description: |
+          Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
+          effective on NUMA systems.
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
+      DeviceRequests:
+        description: |
+          A list of requests for devices to be sent to device drivers.
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceRequest"
+      KernelMemory:
+        description: |
+          Kernel memory limit in bytes.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is deprecated as the kernel 5.4 deprecated
+          > `kmem.limit_in_bytes`.
+        type: "integer"
+        format: "int64"
+        example: 209715200
+      KernelMemoryTCP:
+        description: "Hard limit for kernel TCP buffer memory (in bytes)."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: |
+          Total memory limit (memory + swap). Set as `-1` to enable unlimited
+          swap.
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: |
+          Tune a container's memory swappiness behavior. Accepts an integer
+          between 0 and 100.
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCpus:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      Init:
+        description: |
+          Run an init inside the container that forwards signals and reaps
+          processes. This field is omitted if empty, and the default (as
+          configured on the daemon) is used.
+        type: "boolean"
+        x-nullable: true
+      PidsLimit:
+        description: |
+          Tune a container's PIDs limit. Set `0` or `-1` for unlimited, or `null`
+          to not change.
+        type: "integer"
+        format: "int64"
+        x-nullable: true
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example:
+
+          ```
+          {"Name": "nofile", "Soft": 1024, "Hard": 2048}
+          ```
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are
+          mutually exclusive. The order of precedence is `CPUCount` first, then
+          `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are
+          mutually exclusive. The order of precedence is `CPUCount` first, then
+          `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: |
+          Maximum IO in bytes per second for the container system drive
+          (Windows only).
+        type: "integer"
+        format: "int64"
+
+  Limit:
+    description: |
+      An object describing a limit on resources which can be requested by a task.
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      Pids:
+        description: |
+          Limits the maximum number of PIDs in the container. Set `0` for unlimited.
+        type: "integer"
+        format: "int64"
+        default: 0
+        example: 100
+
+  ResourceObject:
+    description: |
+      An object describing the resources which can be advertised by a node and
+      requested by a task.
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: |
+      User-defined resources can be either Integer resources (e.g, `SSD=3`) or
+      String resources (e.g, `GPU=UUID1`).
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: |
+          The time to wait between checks in nanoseconds. It should be 0 or at
+          least 1000000 (1 ms). 0 means inherit.
+        type: "integer"
+      Timeout:
+        description: |
+          The time to wait before considering the check to have hung. It should
+          be 0 or at least 1000000 (1 ms). 0 means inherit.
+        type: "integer"
+      Retries:
+        description: |
+          The number of consecutive failures needed to consider a container as
+          unhealthy. 0 means inherit.
+        type: "integer"
+      StartPeriod:
+        description: |
+          Start period for the container to initialize before starting
+          health-retries countdown in nanoseconds. It should be 0 or at least
+          1000000 (1 ms). 0 means inherit.
+        type: "integer"
+
+  Health:
+    description: |
+      Health stores information about the container's healthcheck results.
+    type: "object"
+    properties:
+      Status:
+        description: |
+          Status is one of `none`, `starting`, `healthy` or `unhealthy`
+
+          - "none"      Indicates there is no healthcheck
+          - "starting"  Starting indicates that the container is not yet ready
+          - "healthy"   Healthy indicates that the container is running correctly
+          - "unhealthy" Unhealthy indicates that the container has a problem
+        type: "string"
+        enum:
+          - "none"
+          - "starting"
+          - "healthy"
+          - "unhealthy"
+        example: "healthy"
+      FailingStreak:
+        description: "FailingStreak is the number of consecutive failures"
+        type: "integer"
+        example: 0
+      Log:
+        type: "array"
+        description: |
+          Log contains the last few results (oldest first)
+        items:
+          x-nullable: true
+          $ref: "#/definitions/HealthcheckResult"
+
+  HealthcheckResult:
+    description: |
+      HealthcheckResult stores information about a single run of a healthcheck probe
+    type: "object"
+    properties:
+      Start:
+        description: |
+          Date and time at which this check started in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "date-time"
+        example: "2020-01-04T10:44:24.496525531Z"
+      End:
+        description: |
+          Date and time at which this check ended in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2020-01-04T10:45:21.364524523Z"
+      ExitCode:
+        description: |
+          ExitCode meanings:
+
+          - `0` healthy
+          - `1` unhealthy
+          - `2` reserved (considered unhealthy)
+          - other values: error running probe
+        type: "integer"
+        example: 0
+      Output:
+        description: "Output from last check"
+        type: "string"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding
+              is a string in one of these forms:
+
+              - `host-src:container-dest[:options]` to bind-mount a host path
+                into the container. Both `host-src`, and `container-dest` must
+                be an _absolute_ path.
+              - `volume-name:container-dest[:options]` to bind-mount a volume
+                managed by a volume driver into the container. `container-dest`
+                must be an _absolute_ path.
+
+              `options` is an optional, comma-delimited list of:
+
+              - `nocopy` disables automatic copying of data from the container
+                path to the volume. The `nocopy` flag only applies to named volumes.
+              - `[ro|rw]` mounts a volume read-only or read-write, respectively.
+                If omitted or set to `rw`, volumes are mounted read-write.
+              - `[z|Z]` applies SELinux labels to allow or deny multiple containers
+                to read and write to the same volume.
+                  - `z`: a _shared_ content label is applied to the content. This
+                    label indicates that multiple containers can share the volume
+                    content, for both reading and writing.
+                  - `Z`: a _private unshared_ label is applied to the content.
+                    This label indicates that only the current container can use
+                    a private volume. Labeling systems such as SELinux require
+                    proper labels to be placed on volume content that is mounted
+                    into a container. Without a label, the security system can
+                    prevent a container's processes from using the content. By
+                    default, the labels set by the host operating system are not
+                    modified.
+              - `[[r]shared|[r]slave|[r]private]` specifies mount
+                [propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
+                This only applies to bind-mounted volumes, not internal volumes
+                or named volumes. Mount propagation requires the source mount
+                point (the location where the source directory is mounted in the
+                host operating system) to have the correct propagation properties.
+                For shared volumes, the source mount point must be set to `shared`.
+                For slave volumes, the mount must be set to either `shared` or
+                `slave`.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: |
+              Network mode to use for this container. Supported standard values
+              are: `bridge`, `host`, `none`, and `container:<name|id>`. Any
+              other value is taken as a custom network's name to which this
+              container should connect to.
+          PortBindings:
+            $ref: "#/definitions/PortMap"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: |
+              Automatically remove the container when the container's process
+              exits. This has no effect if `RestartPolicy` is set.
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: |
+              A list of volumes to inherit from another container, specified in
+              the form `<container name>[:<ro|rw>]`.
+            items:
+              type: "string"
+          Mounts:
+            description: |
+              Specification for mounts to be added to the container.
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: |
+              A list of kernel capabilities to add to the container. Conflicts
+              with option 'Capabilities'.
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: |
+              A list of kernel capabilities to drop from the container. Conflicts
+              with option 'Capabilities'.
+            items:
+              type: "string"
+          CgroupnsMode:
+            type: "string"
+            enum:
+              - "private"
+              - "host"
+            description: |
+              cgroup namespace mode for the container. Possible values are:
+
+              - `"private"`: the container runs in its own private cgroup namespace
+              - `"host"`: use the host system's cgroup namespace
+
+              If not specified, the daemon default is used, which can either be `"private"`
+              or `"host"`, depending on daemon version, kernel support and configuration.
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts`
+              file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: |
+              A list of additional groups that the container process will run as.
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: |
+              IPC sharing mode for the container. Possible values are:
+
+              - `"none"`: own private IPC namespace, with /dev/shm not mounted
+              - `"private"`: own private IPC namespace
+              - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+              - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+              - `"host"`: use the host system's IPC namespace
+
+              If not specified, daemon default is used, which can either be `"private"`
+              or `"shareable"`, depending on daemon version and configuration.
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: |
+              A list of links for the container in the form `container_name:alias`.
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: |
+              An integer value containing the score given to the container in
+              order to tune OOM killer preferences.
+            example: 500
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be
+              either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when
+              the container starts. The allocated port might be changed when
+              restarting the container.
+
+              The port is selected from the ephemeral port range that depends on
+              the kernel. For example, on Linux the range is defined by
+              `/proc/sys/net/ipv4/ip_local_port_range`.
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs
+              mounts, and their corresponding mount options. For example:
+
+              ```
+              { "/run": "rw,noexec,nosuid,size=65536k" }
+              ```
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: |
+              Sets the usernamespace mode for the container when usernamespace
+              remapping option is enabled.
+          ShmSize:
+            type: "integer"
+            description: |
+              Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container.
+              For example:
+
+              ```
+              {"net.ipv4.ip_forward": "1"}
+              ```
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: |
+              Initial console size, as an `[height, width]` array. (Windows only)
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: |
+              Isolation technology of the container. (Windows only)
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          MaskedPaths:
+            type: "array"
+            description: |
+              The list of paths to be masked inside the container (this overrides
+              the default set of paths).
+            items:
+              type: "string"
+          ReadonlyPaths:
+            type: "array"
+            description: |
+              The list of paths to be set as read-only inside the container
+              (this overrides the default set of paths).
+            items:
+              type: "string"
+
+  ContainerConfig:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp|sctp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: |
+          Attach standard streams to a TTY, including `stdin` if it is not closed.
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the
+          form `["VAR=value", ...]`. A variable without `=` is removed from the
+          environment, rather than to have an empty value.
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: |
+          Command to run specified as a string or an array of strings.
+        type: "array"
+        items:
+          type: "string"
+      Healthcheck:
+        $ref: "#/definitions/HealthConfig"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: |
+          The name of the image to use when creating the container/
+        type: "string"
+      Volumes:
+        description: |
+          An object mapping mount point paths inside the container to empty
+          objects.
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the
+          entry point is reset to system default (i.e., the entry point used by
+          docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type: "array"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: |
+          `ONBUILD` metadata that were defined in the image's `Dockerfile`.
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: |
+          Signal to stop a container as a string or unsigned integer.
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: |
+          Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkingConfig:
+    description: |
+      NetworkingConfig represents the container's networking configuration for
+      each of its interfaces.
+      It is used for the networking configs specified in the `docker create`
+      and `docker network connect` commands.
+    type: "object"
+    properties:
+      EndpointsConfig:
+        description: |
+          A mapping of network name to endpoint configuration for that network.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+    example:
+      # putting an example here, instead of using the example values from
+      # /definitions/EndpointSettings, because containers/create currently
+      # does not support attaching to multiple networks, so the example request
+      # would be confusing if it showed that multiple networks can be contained
+      # in the EndpointsConfig.
+      # TODO remove once we support multiple networks on container create (see https://github.com/moby/moby/blob/07e6b843594e061f82baa5fa23c2ff7d536c2a05/daemon/create.go#L323)
+      EndpointsConfig:
+        isolated_nw:
+          IPAMConfig:
+            IPv4Address: "172.20.30.33"
+            IPv6Address: "2001:db8:abcd::3033"
+            LinkLocalIPs:
+              - "169.254.34.68"
+              - "fe80::3468"
+          Links:
+            - "container_1"
+            - "container_2"
+          Aliases:
+            - "server_x"
+            - "server_y"
+
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
+    type: "object"
+    properties:
+      Bridge:
+        description: Name of the network's bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
+      MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for multiple protocols, separate entries
+      are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      x-nullable: true
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
+        type: "string"
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
+        type: "string"
+        example: "4443"
+
+  GraphDriverData:
+    description: "Information about a container's graph driver."
+    type: "object"
+    required: [Name, Data]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Data:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+        x-nullable: false
+      Comment:
+        type: "string"
+        x-nullable: false
+      Created:
+        type: "string"
+        x-nullable: false
+      Container:
+        type: "string"
+        x-nullable: false
+      ContainerConfig:
+        $ref: "#/definitions/ContainerConfig"
+      DockerVersion:
+        type: "string"
+        x-nullable: false
+      Author:
+        type: "string"
+        x-nullable: false
+      Config:
+        $ref: "#/definitions/ContainerConfig"
+      Architecture:
+        type: "string"
+        x-nullable: false
+      Os:
+        type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+        x-nullable: false
+      GraphDriver:
+        $ref: "#/definitions/GraphDriverData"
+      RootFS:
+        type: "object"
+        required: [Type]
+        properties:
+          Type:
+            type: "string"
+            x-nullable: false
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: |
+          The level at which the volume exists. Either `global` for cluster-wide,
+          or `local` for machine level.
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: |
+          The driver specific options used when creating the volume.
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        x-nullable: true
+        required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
+        properties:
+          Size:
+            type: "integer"
+            default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Attachable: false
+      Ingress: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: |
+          List of IPAM configuration options, specified as a map:
+
+          ```
+          {"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}
+          ```
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  NetworkContainer:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+      aux:
+        $ref: "#/definitions/ImageID"
+
+  BuildCache:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Parent:
+        type: "string"
+      Type:
+        type: "string"
+      Description:
+        type: "string"
+      InUse:
+        type: "boolean"
+      Shared:
+        type: "boolean"
+      Size:
+        description: |
+          Amount of disk space used by the build cache (in bytes).
+        type: "integer"
+      CreatedAt:
+        description: |
+          Date and time at which the build cache was created in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      LastUsedAt:
+        description: |
+          Date and time at which the build cache was last used in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        x-nullable: true
+        example: "2017-08-09T07:09:37.632105588Z"
+      UsageCount:
+        type: "integer"
+
+  ImageID:
+    type: "object"
+    description: "Image ID or Digest"
+    properties:
+      ID:
+        type: "string"
+    example:
+      ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+
+  ProgressDetail:
+    type: "object"
+    properties:
+      current:
+        type: "integer"
+      total:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      # Configurations
+      IPAMConfig:
+        $ref: "#/definitions/EndpointIPAMConfig"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "container_1"
+          - "container_2"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
+      NetworkID:
+        description: |
+          Unique ID of the network.
+        type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
+      EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
+        type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
+      Gateway:
+        description: |
+          Gateway address for this network.
+        type: "string"
+        example: "172.17.0.1"
+      IPAddress:
+        description: |
+          IPv4 address.
+        type: "string"
+        example: "172.17.0.4"
+      IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+        type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address.
+        type: "string"
+        example: "2001:db8:2::100"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+        type: "integer"
+        format: "int64"
+        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
+        type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "some-mount"
+      Description:
+        type: "string"
+        x-nullable: false
+        example: "This is a mount that's used by the plugin."
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+        example: "/var/lib/docker/plugins/"
+      Destination:
+        type: "string"
+        x-nullable: false
+        example: "/mnt/state"
+      Type:
+        type: "string"
+        x-nullable: false
+        example: "bind"
+      Options:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "rbind"
+          - "rw"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+        example: "/dev/fuse"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name:
+        type: "string"
+        x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
+      Enabled:
+        description:
+          True if the plugin is running. False if the plugin is not running,
+          only installed.
+        type: "boolean"
+        x-nullable: false
+        example: true
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "DEBUG=0"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PidHost
+          - PropagatedMount
+          - IpcHost
+          - Mounts
+          - Env
+          - Args
+        properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
+          Description:
+            type: "string"
+            x-nullable: false
+            example: "A sample volume plugin for Docker"
+          Documentation:
+            type: "string"
+            x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
+              Socket:
+                type: "string"
+                x-nullable: false
+                example: "plugins.sock"
+              ProtocolScheme:
+                type: "string"
+                example: "some.protocol/v1.0"
+                description: "Protocol to use for clients connecting to the plugin."
+                enum:
+                  - ""
+                  - "moby.plugins.http/v1"
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+            example: "/bin/"
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+              GID:
+                type: "integer"
+                format: "uint32"
+                example: 1000
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+                example: "host"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+                example: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+                example: "args"
+              Description:
+                x-nullable: false
+                type: "string"
+                example: "command line arguments"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+                example: "layers"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed
+      to avoid conflicting writes. The client must send the version number along
+      with the modified specification when updating these objects.
+
+      This approach ensures safe concurrency and determinism in that the change
+      on the object may not be applied if the version number has changed from the
+      last read. In other words, if two update requests specify the same base
+      version, only one of the requests can succeed. As a result, two separate
+      update requests that happen at the same time will not unintentionally
+      overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+        example: "my-node"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+        example: "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+        example: "active"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "24ifsmvkjbyhk"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        $ref: "#/definitions/NodeDescription"
+      Status:
+        $ref: "#/definitions/NodeStatus"
+      ManagerStatus:
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: |
+      Information about the issuer of leaf TLS certificates and the trusted root
+      CA certificate.
+    type: "object"
+    properties:
+      TrustRoot:
+        description: |
+          The root CA certificate(s) that are used to validate leaf TLS
+          certificates.
+        type: "string"
+      CertIssuerSubject:
+        description:
+          The base64-url-safe-encoded raw subject bytes of the issuer.
+        type: "string"
+      CertIssuerPublicKey:
+        description: |
+          The base64-url-safe-encoded raw public key bytes of the issuer.
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+        example: "default"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          TaskHistoryRetentionLimit:
+            description: |
+              The number of historic tasks to keep per instance or node. If
+              negative, never remove completed or failed tasks.
+            type: "integer"
+            format: "int64"
+            example: 10
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "uint64"
+            example: 10000
+          KeepOldSnapshots:
+            description: |
+              The number of snapshots to keep beyond the current snapshot.
+            type: "integer"
+            format: "uint64"
+          LogEntriesForSlowFollowers:
+            description: |
+              The number of log entries to keep around to sync up slow followers
+              after a snapshot is created.
+            type: "integer"
+            format: "uint64"
+            example: 500
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from
+              the leader before becoming a candidate and starting an election.
+              `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate
+              directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 3
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks,
+              the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate
+              directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+            example: 1
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          HeartbeatPeriod:
+            description: |
+              The delay for an agent to send a heartbeat to the dispatcher.
+            type: "integer"
+            format: "int64"
+            example: 5000000000
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        x-nullable: true
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+            example: 7776000000000000
+          ExternalCAs:
+            description: |
+              Configuration for forwarding signing requests to an external
+              certificate authority.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: |
+                    Protocol for communication with the external CA (currently
+                    only `cfssl` is supported).
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: |
+                    URL where certificate signing requests should be sent.
+                  type: "string"
+                Options:
+                  description: |
+                    An object with key/value pairs that are interpreted as
+                    protocol-specific options for the external CA driver.
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+                CACert:
+                  description: |
+                    The root CA certificate (in PEM format) this external CA uses
+                    to issue TLS certificates (assumed to be to the current swarm
+                    root CA certificate if not provided).
+                  type: "string"
+          SigningCACert:
+            description: |
+              The desired signing CA certificate for all swarm node TLS leaf
+              certificates, in PEM format.
+            type: "string"
+          SigningCAKey:
+            description: |
+              The desired signing CA key for all swarm node TLS leaf certificates,
+              in PEM format.
+            type: "string"
+          ForceRotate:
+            description: |
+              An integer whose purpose is to force swarm to generate a new
+              signing CA certificate and key, if none have been specified in
+              `SigningCACert` and `SigningCAKey`
+            format: "uint64"
+            type: "integer"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: |
+              If set, generate a key and use it to lock data stored on the
+              managers.
+            type: "boolean"
+            example: false
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
+
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                description: |
+                  The log driver to use as a default for new tasks.
+                type: "string"
+                example: "json-file"
+              Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
+      UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: |
+          Whether there is currently a root CA rotation in progress for the swarm
+        type: "boolean"
+        example: false
+      DataPathPort:
+        description: |
+          DataPathPort specifies the data path port number for data traffic.
+          Acceptable port range is 1024 to 49151.
+          If no port is set or is set to 0, the default port (4789) is used.
+        type: "integer"
+        format: "uint32"
+        default: 4789
+        example: 4789
+      DefaultAddrPool:
+        description: |
+          Default Address Pool specifies default subnet pools for global scope
+          networks.
+        type: "array"
+        items:
+          type: "string"
+          format: "CIDR"
+          example: ["10.10.0.0/16", "20.20.0.0/16"]
+      SubnetSize:
+        description: |
+          SubnetSize specifies the subnet size of the networks created from the
+          default subnet pool.
+        type: "integer"
+        format: "uint32"
+        maximum: 29
+        default: 24
+        example: 24
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      PluginSpec:
+        type: "object"
+        description: |
+          Plugin spec for the service.  *(Experimental release only.)*
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+      ContainerSpec:
+        type: "object"
+        description: |
+          Container spec for the service.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Image:
+            description: "The image name to use for the container"
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Hostname:
+            description: |
+              The hostname to use for the container, as a valid
+              [RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
+            type: "string"
+          Env:
+            description: |
+              A list of environment variables in the form `VAR=value`.
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Groups:
+            type: "array"
+            description: |
+              A list of additional groups that the container process will run as.
+            items:
+              type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  Config:
+                    type: "string"
+                    example: "0bt9dmxjvjiqermk6xrop3ekq"
+                    description: |
+                      Load credential spec from a Swarm Config with the given ID.
+                      The specified config must also be present in the Configs
+                      field with the Runtime property set.
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
+                  File:
+                    type: "string"
+                    example: "spec.json"
+                    description: |
+                      Load credential spec from this file. The file is read by
+                      the daemon, and must be present in the `CredentialSpecs`
+                      subdirectory in the docker data directory, which defaults
+                      to `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads
+                      `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows
+                      registry. The specified registry value must be located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+                      > and `CredentialSpec.Config` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
+          Mounts:
+            description: |
+              Specification for mounts to be added to containers created as part
+              of the service.
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
+          StopGracePeriod:
+            description: |
+              Amount of time to wait for the container to terminate before
+              forcefully killing it.
+            type: "integer"
+            format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
+          DNSConfig:
+            description: |
+              Specification for DNS related configurations in resolver configuration
+              file (`resolv.conf`).
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: |
+                  A list of internal resolver variables to be modified (e.g.,
+                  `debug`, `ndots:3`, etc.).
+                type: "array"
+                items:
+                  type: "string"
+          Secrets:
+            description: |
+              Secrets contains references to zero or more secrets that will be
+              exposed to the service.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: |
+                    File represents a specific target that is backed by a file.
+                  type: "object"
+                  properties:
+                    Name:
+                      description: |
+                        Name represents the final filename in the filesystem.
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: |
+                    SecretID represents the ID of the specific secret that we're
+                    referencing.
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references,
+                    but this is just provided for lookup/display purposes. The
+                    secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: |
+              Configs contains references to zero or more configs that will be
+              exposed to the service.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: |
+                    File represents a specific target that is backed by a file.
+
+                    <p><br /><p>
+
+                    > **Note**: `Configs.File` and `Configs.Runtime` are mutually exclusive
+                  type: "object"
+                  properties:
+                    Name:
+                      description: |
+                        Name represents the final filename in the filesystem.
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                Runtime:
+                  description: |
+                    Runtime represents a target that is not mounted into the
+                    container but is used by the task
+
+                    <p><br /><p>
+
+                    > **Note**: `Configs.File` and `Configs.Runtime` are mutually
+                    > exclusive
+                  type: "object"
+                ConfigID:
+                  description: |
+                    ConfigID represents the ID of the specific config that we're
+                    referencing.
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references,
+                    but this is just provided for lookup/display purposes. The
+                    config in the reference will be identified by its ID.
+                  type: "string"
+          Isolation:
+            type: "string"
+            description: |
+              Isolation technology of the containers running the service.
+              (Windows only)
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          Init:
+            description: |
+              Run an init inside the container that forwards signals and reaps
+              processes. This field is omitted if empty, and the default (as
+              configured on the daemon) is used.
+            type: "boolean"
+            x-nullable: true
+          Sysctls:
+            description: |
+              Set kernel namedspaced parameters (sysctls) in the container.
+              The Sysctls option on services accepts the same sysctls as the
+              are supported on containers. Note that while the same sysctls are
+              supported, no guarantees or checks are made about their
+              suitability for a clustered environment, and it's up to the user
+              to determine whether a given sysctl will work properly in a
+              Service.
+            type: "object"
+            additionalProperties:
+              type: "string"
+          # This option is not used by Windows containers
+          CapabilityAdd:
+            type: "array"
+            description: |
+              A list of kernel capabilities to add to the default set
+              for the container.
+            items:
+              type: "string"
+            example:
+              - "CAP_NET_RAW"
+              - "CAP_SYS_ADMIN"
+              - "CAP_SYS_CHROOT"
+              - "CAP_SYSLOG"
+          CapabilityDrop:
+            type: "array"
+            description: |
+              A list of kernel capabilities to drop from the default set
+              for the container.
+            items:
+              type: "string"
+            example:
+              - "CAP_NET_RAW"
+          Ulimits:
+            description: |
+              A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Name:
+                  description: "Name of ulimit"
+                  type: "string"
+                Soft:
+                  description: "Soft limit"
+                  type: "integer"
+                Hard:
+                  description: "Hard limit"
+                  type: "integer"
+      NetworkAttachmentSpec:
+        description: |
+          Read-only spec type for non-swarm containers attached to swarm overlay
+          networks.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        type: "object"
+        properties:
+          ContainerID:
+            description: "ID of the container represented by this task"
+            type: "string"
+      Resources:
+        description: |
+          Resource requirements which apply to each individual container created
+          as part of the service.
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            $ref: "#/definitions/Limit"
+          Reservation:
+            description: "Define resources reservation."
+            $ref: "#/definitions/ResourceObject"
+      RestartPolicy:
+        description: |
+          Specification for the restart policy which applies to containers
+          created as part of this service.
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: |
+              Maximum attempts to restart a given container before giving up
+              (default value is 0, which is ignored).
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: |
+              Windows is the time window used to evaluate the restart policy
+              (default value is 0, which is unbounded).
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: |
+              An array of constraint expressions to limit the set of nodes where
+              a task can be scheduled. Constraint expressions can either use a
+              _match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
+              nodes that satisfy every expression (AND match). Constraints can
+              match node or Docker Engine labels as follows:
+
+              node attribute       | matches                        | example
+              ---------------------|--------------------------------|-----------------------------------------------
+              `node.id`            | Node ID                        | `node.id==2ivku8v2gvtg4`
+              `node.hostname`      | Node hostname                  | `node.hostname!=node-2`
+              `node.role`          | Node role (`manager`/`worker`) | `node.role==manager`
+              `node.platform.os`   | Node operating system          | `node.platform.os==windows`
+              `node.platform.arch` | Node architecture              | `node.platform.arch==x86_64`
+              `node.labels`        | User-defined node labels       | `node.labels.security==high`
+              `engine.labels`      | Docker Engine's labels         | `engine.labels.operatingsystem==ubuntu-14.04`
+
+              `engine.labels` apply to Docker Engine labels like operating system,
+              drivers, etc. Swarm administrators add `node.labels` for operational
+              purposes by using the [`node update endpoint`](#operation/NodeUpdate).
+
+            type: "array"
+            items:
+              type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+              - "node.platform.os==linux"
+              - "node.platform.arch==x86_64"
+          Preferences:
+            description: |
+              Preferences provide a way to make the scheduler aware of factors
+              such as topology. They are provided in order from highest to
+              lowest precedence.
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: |
+                        label descriptor, such as `engine.labels.az`.
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          MaxReplicas:
+            description: |
+              Maximum number of replicas for per node (default value is 0, which
+              is unlimited)
+            type: "integer"
+            format: "int64"
+            default: 0
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
+      ForceUpdate:
+        description: |
+          A counter that triggers an update even if no relevant parameters have
+          been changed.
+        type: "integer"
+      Runtime:
+        description: |
+          Runtime is the type of runtime specified for the task executor.
+        type: "string"
+      Networks:
+        description: "Specifies which networks the service should attach to."
+        type: "array"
+        items:
+          $ref: "#/definitions/NetworkAttachmentConfig"
+      LogDriver:
+        description: |
+          Specifies the log driver to use for tasks created from this spec. If
+          not present, the default one for the swarm will be used, finally
+          falling back to the engine default if not specified.
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+      - "remove"
+      - "orphaned"
+
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+      JobIteration:
+        description: |
+          If the Service this Task belongs to is a job-mode service, contains
+          the JobIteration of the Service this Task was created for. Absent if
+          the Task was created for a Replicated or Global Service.
+        $ref: "#/definitions/ObjectVersion"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+          ReplicatedJob:
+            description: |
+              The mode used for services with a finite number of tasks that run
+              to a completed state.
+            type: "object"
+            properties:
+              MaxConcurrent:
+                description: |
+                  The maximum number of replicas to run simultaneously.
+                type: "integer"
+                format: "int64"
+                default: 1
+              TotalCompletions:
+                description: |
+                  The total number of replicas desired to reach the Completed
+                  state. If unset, will default to the value of `MaxConcurrent`
+                type: "integer"
+                format: "int64"
+          GlobalJob:
+            description: |
+              The mode used for services which run a task to the completed state
+              on each valid node.
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: |
+              Maximum number of tasks to be updated in one iteration (0 means
+              unlimited parallelism).
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: |
+              Action to take if an updated task fails to run, or stops running
+              during the update.
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+              - "rollback"
+          Monitor:
+            description: |
+              Amount of time to monitor each updated task for failures, in
+              nanoseconds.
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: |
+              The fraction of tasks that may fail during an update before the
+              failure action is invoked, specified as a floating point number
+              between 0 and 1.
+            type: "number"
+            default: 0
+          Order:
+            description: |
+              The order of operations when rolling out an updated task. Either
+              the old task is shut down before the new task is started, or the
+              new task is started before the old task is shut down.
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: |
+              Maximum number of tasks to be rolled back in one iteration (0 means
+              unlimited parallelism).
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: |
+              Amount of time between rollback iterations, in nanoseconds.
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: |
+              Action to take if an rolled back task fails to run, or stops
+              running during the rollback.
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: |
+              Amount of time to monitor each rolled back task for failures, in
+              nanoseconds.
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: |
+              The fraction of tasks that may fail during a rollback before the
+              failure action is invoked, specified as a floating point number
+              between 0 and 1.
+            type: "number"
+            default: 0
+          Order:
+            description: |
+              The order of operations when rolling back a task. Either the old
+              task is shut down before the new task is started, or the new task
+              is started before the old task is shut down.
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      Networks:
+        description: "Specifies which networks the service should attach to."
+        type: "array"
+        items:
+          $ref: "#/definitions/NetworkAttachmentConfig"
+
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+          - "sctp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: |
+          The mode of resolution to use for internal load balancing between tasks.
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: |
+          List of exposed ports that this service is accessible on from the
+          outside. Ports can only be provided if `vip` resolution mode is used.
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+      ServiceStatus:
+        description: |
+          The status of the service's tasks. Provided only when requested as
+          part of a ServiceList operation.
+        type: "object"
+        properties:
+          RunningTasks:
+            description: |
+              The number of tasks for the service currently in the Running state.
+            type: "integer"
+            format: "uint64"
+            example: 7
+          DesiredTasks:
+            description: |
+              The number of tasks for the service desired to be running.
+              For replicated services, this is the replica count from the
+              service spec. For global services, this is computed by taking
+              count of all tasks for the service with a Desired State other
+              than Shutdown.
+            type: "integer"
+            format: "uint64"
+            example: 10
+          CompletedTasks:
+            description: |
+              The number of tasks for a job that are in the Completed state.
+              This field must be cross-referenced with the service type, as the
+              value of 0 may mean the service is not in a job mode, or it may
+              mean the job-mode service has no tasks yet Completed.
+            type: "integer"
+            format: "uint64"
+      JobStatus:
+        description: |
+          The status of the service when it is in one of ReplicatedJob or
+          GlobalJob modes. Absent on Replicated and Global mode services. The
+          JobIteration is an ObjectVersion, but unlike the Service's version,
+          does not need to be sent with an update request.
+        type: "object"
+        properties:
+          JobIteration:
+            description: |
+              JobIteration is a value increased each time a Job is executed,
+              successfully or otherwise. "Executed", in this case, means the
+              job as a whole has been started, not that an individual Task has
+              been launched. A job is "Executed" when its ServiceSpec is
+              updated. JobIteration can be used to disambiguate Tasks belonging
+              to different executions of a job.  Though JobIteration will
+              increase with each subsequent execution, it may not necessarily
+              increase by 1, and so JobIteration should not be used to
+            $ref: "#/definitions/ObjectVersion"
+          LastExecution:
+            description: |
+              The last time, as observed by the server, that this job was
+              started.
+            type: "string"
+            format: "dateTime"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+
+  ImageDeleteResponseItem:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: |
+          Name of the secrets driver used to fetch the secret's value from an
+          external secret store.
+        $ref: "#/definitions/Driver"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
+      Spec:
+        $ref: "#/definitions/SecretSpec"
+
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
+          config data.
+        type: "string"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  ContainerState:
+    description: |
+      ContainerState stores container's running state. It's part of ContainerJSONBase
+      and will be returned by the "inspect" command.
+    type: "object"
+    properties:
+      Status:
+        description: |
+          String representation of the container state. Can be one of "created",
+          "running", "paused", "restarting", "removing", "exited", or "dead".
+        type: "string"
+        enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+        example: "running"
+      Running:
+        description: |
+          Whether this container is running.
+
+          Note that a running container can be _paused_. The `Running` and `Paused`
+          booleans are not mutually exclusive:
+
+          When pausing a container (on Linux), the freezer cgroup is used to suspend
+          all processes in the container. Freezing the process requires the process to
+          be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+          Use the `Status` field instead to determine if a container's state is "running".
+        type: "boolean"
+        example: true
+      Paused:
+        description: "Whether this container is paused."
+        type: "boolean"
+        example: false
+      Restarting:
+        description: "Whether this container is restarting."
+        type: "boolean"
+        example: false
+      OOMKilled:
+        description: |
+          Whether this container has been killed because it ran out of memory.
+        type: "boolean"
+        example: false
+      Dead:
+        type: "boolean"
+        example: false
+      Pid:
+        description: "The process ID of this container"
+        type: "integer"
+        example: 1234
+      ExitCode:
+        description: "The last exit code of this container"
+        type: "integer"
+        example: 0
+      Error:
+        type: "string"
+      StartedAt:
+        description: "The time when this container was last started."
+        type: "string"
+        example: "2020-01-06T09:06:59.461876391Z"
+      FinishedAt:
+        description: "The time when this container last exited."
+        type: "string"
+        example: "2020-01-06T09:07:59.461876391Z"
+      Health:
+        x-nullable: true
+        $ref: "#/definitions/Health"
+
+  SystemVersion:
+    type: "object"
+    description: |
+      Response of Engine API: GET "/version"
+    properties:
+      Platform:
+        type: "object"
+        required: [Name]
+        properties:
+          Name:
+            type: "string"
+      Components:
+        type: "array"
+        description: |
+          Information about system components
+        items:
+          type: "object"
+          x-go-name: ComponentVersion
+          required: [Name, Version]
+          properties:
+            Name:
+              description: |
+                Name of the component
+              type: "string"
+              example: "Engine"
+            Version:
+              description: |
+                Version of the component
+              type: "string"
+              x-nullable: false
+              example: "19.03.12"
+            Details:
+              description: |
+                Key/value pairs of strings with additional information about the
+                component. These values are intended for informational purposes
+                only, and their content is not defined, and not part of the API
+                specification.
+
+                These messages can be printed by the client as information to the user.
+              type: "object"
+              x-nullable: true
+      Version:
+        description: "The version of the daemon"
+        type: "string"
+        example: "19.03.12"
+      ApiVersion:
+        description: |
+          The default (and highest) API version that is supported by the daemon
+        type: "string"
+        example: "1.40"
+      MinAPIVersion:
+        description: |
+          The minimum API version that is supported by the daemon
+        type: "string"
+        example: "1.12"
+      GitCommit:
+        description: |
+          The Git commit of the source code that was used to build the daemon
+        type: "string"
+        example: "48a66213fe"
+      GoVersion:
+        description: |
+          The version Go used to compile the daemon, and the version of the Go
+          runtime in use.
+        type: "string"
+        example: "go1.13.14"
+      Os:
+        description: |
+          The operating system that the daemon is running on ("linux" or "windows")
+        type: "string"
+        example: "linux"
+      Arch:
+        description: |
+          The architecture that the daemon is running on
+        type: "string"
+        example: "amd64"
+      KernelVersion:
+        description: |
+          The kernel version (`uname -r`) that the daemon is running on.
+
+          This field is omitted when empty.
+        type: "string"
+        example: "4.19.76-linuxkit"
+      Experimental:
+        description: |
+          Indicates if the daemon is started with experimental features enabled.
+
+          This field is omitted when empty / false.
+        type: "boolean"
+        example: true
+      BuildTime:
+        description: |
+          The date and time that the daemon was compiled.
+        type: "string"
+        example: "2020-06-22T15:49:27.000000000+00:00"
+
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: |
+          Indicates if the host has kernel memory limit support enabled.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is deprecated as the kernel 5.4 deprecated
+          > `kmem.limit_in_bytes`.
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: |
+          Indicates if CPU CFS(Completely Fair Scheduler) period is supported by
+          the host.
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: |
+          Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by
+          the host.
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: |
+          Indicates if CPU Shares limiting is supported by the host.
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      PidsLimit:
+        description: "Indicates if the host kernel has PID limit support enabled."
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: |
+          Indicates if the daemon is running in debug-mode / with debug-level
+          logging enabled.
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd", "none"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      CgroupVersion:
+        description: |
+          The version of the cgroup.
+        type: "string"
+        enum: ["1", "2"]
+        default: "1"
+        example: "1"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSVersion:
+        description: |
+          Version of the host's operating system
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including its
+          > very existence, and the formatting of values, should not be considered
+          > stable, and may change without notice.
+        type: "string"
+        example: "16.04"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in bytes.
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+          Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+          are masked in the API response.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://xxxxx:xxxxx@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+          Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+          are masked in the API response.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://xxxxx:xxxxx@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "runc"
+        example:
+          runc:
+            path: "runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, user-namespaces (userns), and rootless.
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+          - "name=rootless"
+      ProductLicense:
+        description: |
+          Reports a summary of the product license on the daemon.
+
+          If a commercial license has been applied to the daemon, information
+          such as number of nodes, and expiration are included.
+        type: "string"
+        example: "Community Engine"
+      DefaultAddressPools:
+        description: |
+          List of custom default address pools for local networks, which can be
+          specified in the daemon.json file or dockerd option.
+
+          Example: a Base "10.10.0.0/16" with Size 24 will define the set of 256
+          10.10.[0-255].0/24 address pools.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Base:
+              description: "The network address in CIDR format"
+              type: "string"
+              example: "10.10.0.0/16"
+            Size:
+              description: "The network pool size"
+              type: "integer"
+              example: "24"
+      Warnings:
+        description: |
+          List of warnings / informational messages about missing features, or
+          issues related to the daemon configuration.
+
+          These messages can be printed by the client as information to the user.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "WARNING: No memory limit support"
+          - "WARNING: bridge-nf-call-iptables is disabled"
+          - "WARNING: bridge-nf-call-ip6tables is disabled"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+  NetworkAttachmentConfig:
+    description: |
+      Specifies how a service should be attached to a particular network.
+    type: "object"
+    properties:
+      Target:
+        description: |
+          The target network for attachment. Must be a network name or ID.
+        type: "string"
+      Aliases:
+        description: |
+          Discoverable alternate names for the service on this network.
+        type: "array"
+        items:
+          type: "string"
+      DriverOpts:
+        description: |
+          Driver attachment options for the network target.
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see the
+        [inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container
+        than inspecting a single container. For example, the list of linked
+        containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: |
+            Return all containers. By default, only running containers are shown.
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: |
+            Return this number of most recently created containers, including
+            non-running ones.
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: |
+            Return the size of container as fields `SizeRw` and `SizeRootFs`.
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a
+            `map[string][]string`). For example, `{"status": ["paused"]}` will
+            only return paused containers.
+
+            Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: |
+            Assign the specified name to the container. Must match
+            `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
+          type: "string"
+          pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ContainerConfig"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    $ref: "#/definitions/NetworkingConfig"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCpus: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                DeviceRequests:
+                  - Driver: "nvidia"
+                    Count: -1
+                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+                    Capabilities: [["gpu", "nvidia", "compute"]]
+                    Options:
+                      property1: "string"
+                      property2: "string"
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: 0
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            title: "ContainerCreateResponse"
+            description: "OK response to ContainerCreate operation"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerInspectResponse"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                x-nullable: true
+                $ref: "#/definitions/ContainerState"
+              Image:
+                description: "The container's image ID"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              Platform:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                description: "IDs of exec instances that are running in the container."
+                type: "array"
+                items:
+                  type: "string"
+                x-nullable: true
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriverData"
+              SizeRw:
+                description: |
+                  The size of files that have been created or changed by this
+                  container.
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/ContainerConfig"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkSettings"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Healthcheck:
+                  Test: ["CMD-SHELL", "exit 0"]
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              ExecIDs:
+                - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
+                - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                DeviceRequests:
+                  - Driver: "nvidia"
+                    Count: -1
+                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+                    Capabilities: [["gpu", "nvidia", "compute"]]
+                    Options:
+                      property1: "string"
+                      property2: "string"
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                Health:
+                  Status: "healthy"
+                  FailingStreak: 0
+                  Log:
+                    - Start: "2019-12-22T10:59:05.6385933Z"
+                      End: "2019-12-22T10:59:05.8078452Z"
+                      ExitCode: 0
+                      Output: ""
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: |
+        On Unix systems, this is done by running the `ps` command. This endpoint
+        is not supported on Windows.
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ContainerTopResponse"
+            description: "OK response to ContainerTop operation"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: |
+                  Each process running in the container, where each is process
+                  is an array of values corresponding to the titles.
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or
+        `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        200:
+          description: |
+            logs returned as a stream in response body.
+            For the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+            Note that unlike the attach endpoint, the logs endpoint does not
+            upgrade the connection and does not set Content-Type.
+          schema:
+            type: "string"
+            format: "binary"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: "Keep connection after returning logs."
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "until"
+          in: "query"
+          description: "Only return logs before this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The list of changes"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              title: "ContainerChangeResponseItem"
+              description: "change item in response to ContainerChanges operation"
+              required: [Path, Kind]
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                  x-nullable: false
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
+
+        The `precpu_stats` is the CPU statistic of the *previous* read, and is
+        used to calculate the CPU usage percentage. It is not an exact copy
+        of the `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
+
+        On a cgroup v2 host, the following fields are not set
+        * `blkio_stats`: all fields other than `io_service_bytes_recursive`
+        * `cpu_stats`: `cpu_usage.percpu_usage`
+        * `memory_stats`: `max_usage` and `failcnt`
+        Also, `memory_stats.stats` fields are incompatible with cgroup v1.
+
+        To calculate the values shown by the `stats` command of the docker cli tool
+        the following formulas can be used:
+        * used_memory = `memory_stats.usage - memory_stats.stats.cache`
+        * available_memory = `memory_stats.limit`
+        * Memory usage % = `(used_memory / available_memory) * 100.0`
+        * cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
+        * system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
+        * number_cpus = `lenght(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
+        * CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
+      operationId: "ContainerStats"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                online_cpus: 4
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: |
+            Stream the output. If false, the stats will be output once and then
+            it will disconnect.
+          type: "boolean"
+          default: true
+        - name: "one-shot"
+          in: "query"
+          description: |
+            Only get a single stat instead of waiting for 2 cycles. Must be used
+            with `stream=false`.
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container. Format is a
+            single character `[a-Z]` or `ctrl-<value>` where `<value>` is one
+            of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: |
+        Send a POSIX signal to a container, defaulting to killing to the
+        container.
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is not running"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: |
+        Change various configuration options of a container without having to
+        recreate it.
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            title: "ContainerUpdateResponse"
+            description: "OK response to ContainerUpdate operation"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the freezer cgroup to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used,
+        which is observable by the process being suspended. With the freezer
+        cgroup the process is unaware, and unable to capture, that it is being
+        suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach
+        to the same container multiple times and you can reattach to containers
+        that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint
+        to do anything.
+
+        See the [documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/)
+        for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`,
+        and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used
+        for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client
+        can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will
+        similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate),
+        the stream over the hijacked connected is multiplexed to separate out
+        `stdout` and `stderr`. The stream consists of a series of frames, each
+        containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or
+        `stderr`). It also contains the size of the associated frame encoded in
+        the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size
+        encoded as big endian.
+
+        Following the header is the payload, which is the specified number of
+        bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate),
+        the stream is not multiplexed. The data exchanged over the hijacked
+        connection is simply the raw data from the process PTY and client's
+        `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container.Format is a single
+            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
+            `@`, `^`, `[`, `,` or `_`.
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you
+            want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been
+            returned, it will seamlessly transition into streaming current
+            output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: |
+            Stream attached streams from the time the request was made onwards.
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: |
+            Override the key sequence for detaching a container.Format is a single
+            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
+            `@`, `^`, `[`, `,`, or `_`.
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            title: "ContainerWaitResponse"
+            description: "OK response to ContainerWait operation"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "condition"
+          in: "query"
+          description: |
+            Wait until a container state reaches the given condition, either
+            'not-running' (default), 'next-exit', or 'removed'.
+          type: "string"
+          default: "not-running"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: |
+                You cannot remove a running container: c2ada9df5af8. Stop the
+                container before attempting removal or force remove
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove anonymous volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: |
+        A response header `X-Docker-Container-Path-Stat` is returned, containing
+        a base64 - encoded JSON object with some filesystem header information
+        about the path.
+      operationId: "ContainerArchiveInfo"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: |
+                A base64 - encoded JSON object with some filesystem header
+                information about the path
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: |
+                      The error message. Either "must specify path parameter"
+                      (path cannot be empty) or "not a directory" (path was
+                      asserted to be a directory but exists as a file).
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: |
+                      The error message. Either "must specify path parameter"
+                      (path cannot be empty) or "not a directory" (path was
+                      asserted to be a directory but exists as a file).
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: |
+            If `1`, `true`, or `True` then it will be an error if unpacking the
+            given content would cause an existing directory to be replaced with
+            a non-directory and vice versa.
+          type: "string"
+        - name: "copyUIDGID"
+          in: "query"
+          description: |
+            If `1`, `true`, then it will copy UID/GID maps to the dest file or
+            dir
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: |
+            The input stream must be a tar archive compressed with one of the
+            following algorithms: `identity` (no compression), `gzip`, `bzip2`,
+            or `xz`.
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ContainerPruneResponse"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the images list.
+
+            Available filters:
+
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: >
+            JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
+            uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
+            instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
+            passing secret values.
+
+
+            For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
+            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+
+
+            [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
+          type: "string"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: |
+            Sets the networking mode for the run commands during build. Supported
+            standard values are: `bridge`, `host`, `none`, and `container:<name|id>`.
+            Any other value is taken as a custom network's name or ID to which this
+            container should connect to.
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/x-tar"
+          default: "application/x-tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+        - name: "target"
+          in: "query"
+          description: "Target build stage"
+          type: "string"
+          default: ""
+        - name: "outputs"
+          in: "query"
+          description: "BuildKit output configuration"
+          type: "string"
+          default: ""
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      parameters:
+        - name: "keep-storage"
+          in: "query"
+          description: "Amount of disk space in bytes to keep for cache"
+          type: "integer"
+          format: "int64"
+        - name: "all"
+          in: "query"
+          type: "boolean"
+          description: "Remove all types of build cache"
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the list of build cache objects.
+
+            Available filters:
+
+            - `until=<duration>`: duration relative to daemon's time, during which build cache was not used, in Go's duration format (e.g., '24h')
+            - `id=<id>`
+            - `parent=<id>`
+            - `type=<string>`
+            - `description=<string>`
+            - `inuse`
+            - `shared`
+            - `private`
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "BuildPruneResponse"
+            properties:
+              CachesDeleted:
+                type: "array"
+                items:
+                  description: "ID of build cache object"
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "message"
+          in: "query"
+          description: "Set commit message for imported image."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+                Data: {}
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "List of image layers"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              x-go-name: HistoryResponseItem
+              title: "HistoryResponseItem"
+              description: "individual image layer information in response to ImageHistory operation"
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
+              properties:
+                Id:
+                  type: "string"
+                  x-nullable: false
+                Created:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                CreatedBy:
+                  type: "string"
+                  x-nullable: false
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                  x-nullable: false
+                Comment:
+                  type: "string"
+                  x-nullable: false
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must
+        already have a tag which references the registry. For example,
+        `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
+
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The image was deleted successfully"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponseItem"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              title: "ImageSearchResponseItem"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ImagePruneResponse"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponseItem"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: |
+        Validate credentials for a registry and, if available, get an identity
+        token for accessing the registry without password.
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            title: "SystemAuthResponse"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/SystemInfo"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/SystemVersion"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Builder-Version:
+              type: "string"
+              description: "Default version of docker image builder"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          headers:
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
+      tags: ["System"]
+    head:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPingHead"
+      produces: ["text/plain"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "(empty)"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Builder-Version:
+              type: "string"
+              description: "Default version of docker image builder"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
+            Cache-Control:
+              type: "string"
+              default: "no-cache, no-store, must-revalidate"
+            Pragma:
+              type: "string"
+              default: "no-cache"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/ContainerConfig"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune`
+
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
+
+        Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune`
+
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, `remove`, and `prune`
+
+        The Docker daemon reports these events: `reload`
+
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
+        The Builder reports `prune` events
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemEventsResponse"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `config=<string>` config name or ID
+            - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `network=<string>` network name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`=<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "SystemDataUsageResponse"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+              BuildCache:
+                type: "array"
+                items:
+                  $ref: "#/definitions/BuildCache"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+                  Labels: null
+                  Scope: "local"
+                  Options: null
+                  UsageData:
+                    Size: 10920104
+                    RefCount: 2
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image
+        repositories.
+
+        For each value of the `names` parameter: if it is a specific name and
+        tag (e.g. `ubuntu:latest`), then only that image (and its parents) are
+        returned; if it is an image ID, similarly only that image (and its parents)
+        are returned and there would be no names referenced in the 'repositories'
+        file for this image ID.
+
+        For details on the format, see the [export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see the [export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: |
+                  Override the key sequence for detaching a container. Format is
+                  a single character `[a-Z]` or `ctrl-<value>` where `<value>`
+                  is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: |
+                  A list of environment variables in the form `["VAR=value", ...]`.
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: |
+                  The user, and optionally, group to run the exec process inside
+                  the container. Format is one of: `user`, `user:group`, `uid`,
+                  or `uid:gid`.
+              WorkingDir:
+                type: "string"
+                description: |
+                  The working directory for the exec process inside the container.
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: |
+        Starts a previously set up exec instance. If detach is true, this endpoint
+        returns immediately after starting the command. Otherwise, it sets up an
+        interactive session with the command.
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: |
+        Resize the TTY session used by an exec instance. This endpoint only works
+        if `tty` was specified as part of creating and starting the exec instance.
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "ExecInspectResponse"
+            properties:
+              CanRemove:
+                type: "boolean"
+              DetachKeys:
+                type: "string"
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            title: "VolumeListResponse"
+            description: "Volume list response"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: |
+                  Warnings that occurred when fetching the list of volumes.
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            description: "Volume configuration"
+            title: "VolumeConfig"
+            properties:
+              Name:
+                description: |
+                  The new volume's name. If not specified, Docker generates a name.
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: |
+                  A mapping of driver options and values. These options are
+                  passed directly to the driver and are driver specific.
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "VolumePruneResponse"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see the
+        [network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than
+        inspecting a single network. For example, the list of containers attached
+        to the network is not propagated in API versions 1.28 and up.
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                Attachable: false
+                Ingress: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process
+            on the networks list.
+
+            Available filters:
+
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               networks that are not in use by a container. When set to `false`
+               (or `0`), only networks that are in use by one or more
+               containers are returned.
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkCreateResponse"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: |
+                  Check for networks with duplicate names. Since Network is
+                  primarily keyed based on a random ID and not on the name, and
+                  network name is strictly a user-friendly alias to the network
+                  which is uniquely identified using ID, there is no guaranteed
+                  way to check for duplicates. CheckDuplicate is there to provide
+                  a best effort checking of any networks which has the same name
+                  but it is not guaranteed to catch all name collisions.
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              Attachable:
+                description: |
+                  Globally scoped network is manually attachable by regular
+                  containers from workers in swarm mode.
+                type: "boolean"
+              Ingress:
+                description: |
+                  Ingress network is the network which provides the routing-mesh
+                  in swarm mode.
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Attachable: false
+              Ingress: false
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: |
+                  The ID or name of the container to disconnect from the network.
+              Force:
+                type: "boolean"
+                description: |
+                  Force the container to disconnect from the network.
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "NetworkPruneResponse"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the plugin list.
+
+            Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission the user has to accept upon installing
+                the plugin.
+              type: "object"
+              title: "PluginPrivilegeItem"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be
+        enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration to use when pulling a plugin
+            from a registry.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: |
+            Disable the plugin before removing. This may result in issues if the
+            plugin is in use by a container.
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration to use when pulling a plugin
+            from a registry.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: |
+                Describes a permission accepted by the user upon installing the
+                plugin.
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: |
+            The name of the plugin. The `:latest` tag is optional, and is the
+            default if omitted.
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `node.label=<node label>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the node object being updated. This is required
+            to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: |
+                  Listen address used for inter-manager communication, as well
+                  as determining the networking interface used for the VXLAN
+                  Tunnel Endpoint (VTEP). This can either be an address/port
+                  combination in the form `192.168.1.1:4567`, or an interface
+                  followed by a port number, like `eth0:4567`. If the port number
+                  is omitted, the default swarm listening port is used.
+                type: "string"
+              AdvertiseAddr:
+                description: |
+                  Externally reachable address advertised to other nodes. This
+                  can either be an address/port combination in the form
+                  `192.168.1.1:4567`, or an interface followed by a port number,
+                  like `eth0:4567`. If the port number is omitted, the port
+                  number from the listen address is used. If `AdvertiseAddr` is
+                  not specified, it will be automatically detected when possible.
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format:
+                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
+                  like `eth0`. If `DataPathAddr` is unspecified, the same address
+                  as `AdvertiseAddr` is used.
+
+                  The `DataPathAddr` specifies the address that global scope
+                  network drivers will publish towards other  nodes in order to
+                  reach the containers running on this node. Using this parameter
+                  it is possible to separate the container data traffic from the
+                  management traffic of the cluster.
+                type: "string"
+              DataPathPort:
+                description: |
+                  DataPathPort specifies the data path port number for data traffic.
+                  Acceptable port range is 1024 to 49151.
+                  if no port is set or is set to 0, default port 4789 will be used.
+                type: "integer"
+                format: "uint32"
+              DefaultAddrPool:
+                description: |
+                  Default Address Pool specifies default subnet pools for global
+                  scope networks.
+                type: "array"
+                items:
+                  type: "string"
+                  example: ["10.10.0.0/16", "20.20.0.0/16"]
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              SubnetSize:
+                description: |
+                  SubnetSize specifies the subnet size of the networks created
+                  from the default subnet pool.
+                type: "integer"
+                format: "uint32"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              DataPathPort: 4789
+              DefaultAddrPool: ["10.10.0.0/8", "20.20.0.0/8"]
+              SubnetSize: 24
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: |
+                  Listen address used for inter-manager communication if the node
+                  gets promoted to manager, as well as determining the networking
+                  interface used for the VXLAN Tunnel Endpoint (VTEP).
+                type: "string"
+              AdvertiseAddr:
+                description: |
+                  Externally reachable address advertised to other nodes. This
+                  can either be an address/port combination in the form
+                  `192.168.1.1:4567`, or an interface followed by a port number,
+                  like `eth0:4567`. If the port number is omitted, the port
+                  number from the listen address is used. If `AdvertiseAddr` is
+                  not specified, it will be automatically detected when possible.
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format:
+                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
+                  like `eth0`. If `DataPathAddr` is unspecified, the same address
+                  as `AdvertiseAddr` is used.
+
+                  The `DataPathAddr` specifies the address that global scope
+                  network drivers will publish towards other nodes in order to
+                  reach the containers running on this node. Using this parameter
+                  it is possible to separate the container data traffic from the
+                  management traffic of the cluster.
+
+                type: "string"
+              RemoteAddrs:
+                description: |
+                  Addresses of manager nodes already participating in the swarm.
+                type: "array"
+                items:
+                  type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: |
+            Force leave swarm, even if this is the last manager or that it will
+            break the cluster.
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the swarm object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "UnlockKeyResponse"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the services list.
+
+            Available filters:
+
+            - `id=<service id>`
+            - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
+        - name: "status"
+          in: "query"
+          type: "boolean"
+          description: |
+            Include service status, with count of running and desired tasks.
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            title: "ServiceCreateResponse"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration for pulling from private
+            registries.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the service object being updated. This is
+            required to avoid conflicting writes.
+            This version number should be the value as currently set on the
+            service *before* the update. You can find the current version by
+            calling `GET /services/{id}`
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          description: |
+            If the `X-Registry-Auth` header is not specified, this parameter
+            indicates where to find registry authorization credentials.
+          type: "string"
+          enum: ["spec", "previous-spec"]
+          default: "spec"
+        - name: "rollback"
+          in: "query"
+          description: |
+            Set to this parameter to `previous` to cause a server-side rollback
+            to the previous service spec. The supplied spec will be ignored in
+            this case.
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: |
+            A base64url-encoded auth configuration for pulling from private
+            registries.
+
+            Refer to the [authentication section](#section/Authentication) for
+            details.
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service. See also
+        [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+        **Note**: This endpoint works only for services with the `local`,
+        `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      responses:
+        200:
+          description: "logs returned as a stream in response body"
+          schema:
+            type: "string"
+            format: "binary"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such service: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the service"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show service context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: "Keep connection after returning logs."
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the tasks list.
+
+            Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+        See also [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+        **Note**: This endpoint works only for services with the `local`,
+        `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      responses:
+        200:
+          description: "logs returned as a stream in response body"
+          schema:
+            type: "string"
+            format: "binary"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: "Keep connection after returning logs."
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: |
+            Only return this number of log lines from the end of the logs.
+            Specify as an integer or `all` to output all log lines.
+          type: "string"
+          default: "all"
+      tags: ["Task"]
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the secrets list.
+
+            Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
+
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: |
+            The spec of the secret to update. Currently, only the Labels field
+            can be updated. All other fields must remain unchanged from the
+            [SecretInspect endpoint](#operation/SecretInspect) response values.
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the secret object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
+    get:
+      summary: "List configs"
+      operationId: "ConfigList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Config"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "server.conf"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to
+            process on the configs list.
+
+            Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
+    post:
+      summary: "Create a config"
+      operationId: "ConfigCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ConfigSpec"
+              - type: "object"
+                example:
+                  Name: "server.conf"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Config"]
+  /configs/{id}:
+    get:
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+    delete:
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "config not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
+    post:
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such config"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the config"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/ConfigSpec"
+          description: |
+            The spec of the config to update. Currently, only the Labels field
+            can be updated. All other fields must remain unchanged from the
+            [ConfigInspect endpoint](#operation/ConfigInspect) response values.
+        - name: "version"
+          in: "query"
+          description: |
+            The version number of the config object being updated. This is
+            required to avoid conflicting writes.
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: |
+        Return image digest and platform information by contacting the registry.
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            title: "DistributionInspectResponse"
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: |
+                  A descriptor struct containing digest, media type, and size.
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: |
+                  An array containing all platforms supported by the image.
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to
+        call back to the client for advanced capabilities.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows
+        the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon responds with a `101 UPGRADED` response follow with
+        the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session"]
diff --git a/docs/api/version-history.md b/docs/api/version-history.md
index 9c9d2f954a11a..baf90efda2d73 100644
--- a/docs/api/version-history.md
+++ b/docs/api/version-history.md
@@ -13,6 +13,167 @@ keywords: "API, Docker, rcli, REST, documentation"
      will be rejected.
 -->
 
+## v1.42 API changes
+
+[Docker Engine API v1.42](https://docs.docker.com/engine/api/v1.42/) documentation
+
+* Removed the `BuilderSize` field on the `GET /system/df` endpoint. This field
+  was introduced in API 1.31 as part of an experimental feature, and no longer
+  used since API 1.40.
+  Use field `BuildCache` instead to track storage used by the builder component.
+* `GET /images/json` now accepts query parameter `shared-size`. When set `true`,
+  images returned will include `SharedSize`, which provides the size on disk shared
+  with other images present on the system.
+* `GET /system/df` now accepts query parameter `type`. When set,
+  computes and returns data only for the specified object type.
+  The parameter can be specified multiple times to select several object types.
+  Supported values are: `container`, `image`, `volume`, `build-cache`.
+* `GET /system/df` can now be used concurrently. If a request is made while a
+  previous request is still being processed, the request will receive the result
+  of the already running calculation, once completed. Previously, an error
+  (`a disk usage operation is already running`) would be returned in this
+  situation. This change is not versioned, and affects all API versions if the
+  daemon has this patch.
+
+## v1.41 API changes
+
+[Docker Engine API v1.41](https://docs.docker.com/engine/api/v1.41/) documentation
+
+* `GET /events` now returns `prune` events after pruning resources have completed.
+  Prune events are returned for `container`, `network`, `volume`, `image`, and
+  `builder`, and have a `reclaimed` attribute, indicating the amount of space
+  reclaimed (in bytes).
+* `GET /info` now returns a `CgroupVersion` field, containing the cgroup version.
+* `GET /info` now returns a `DefaultAddressPools` field, containing a list of
+  custom default address pools for local networks, which can be specified in the
+  `daemon.json` file or `--default-address-pool` dockerd option.
+* `POST /services/create` and `POST /services/{id}/update` now supports `BindOptions.NonRecursive`.
+* The `ClusterStore` and `ClusterAdvertise` fields in `GET /info` are deprecated
+  and are now omitted if they contain an empty value. This change is not versioned,
+  and affects all API versions if the daemon has this patch.
+* The `filter` (singular) query parameter, which was deprecated in favor of the
+  `filters` option in Docker 1.13, has now been removed from the `GET /images/json`
+  endpoint. The parameter remains available when using API version 1.40 or below.
+* `GET /services` now returns `CapAdd` and `CapDrop` as part of the `ContainerSpec`.
+* `GET /services/{id}` now returns `CapAdd` and `CapDrop` as part of the `ContainerSpec`.
+* `POST /services/create` now accepts `CapAdd` and `CapDrop` as part of the `ContainerSpec`.
+* `POST /services/{id}/update` now accepts `CapAdd` and `CapDrop` as part of the `ContainerSpec`.
+* `GET /tasks` now  returns `CapAdd` and `CapDrop` as part of the `ContainerSpec`.
+* `GET /tasks/{id}` now  returns `CapAdd` and `CapDrop` as part of the `ContainerSpec`.
+* `GET /services` now returns `Pids` in `TaskTemplate.Resources.Limits`.
+* `GET /services/{id}` now returns `Pids` in `TaskTemplate.Resources.Limits`.
+* `POST /services/create` now accepts `Pids` in `TaskTemplate.Resources.Limits`.
+* `POST /services/{id}/update` now accepts `Pids` in `TaskTemplate.Resources.Limits`
+  to limit the maximum number of PIDs.
+* `GET /tasks` now  returns `Pids` in `TaskTemplate.Resources.Limits`.
+* `GET /tasks/{id}` now  returns `Pids` in `TaskTemplate.Resources.Limits`.
+* `POST /containers/create` on Linux now accepts the `HostConfig.CgroupnsMode` property.
+  Set the property to `host` to create the container in the daemon's cgroup namespace, or
+  `private` to create the container in its own private cgroup namespace.  The per-daemon
+  default is `host`, and can be changed by using the`CgroupNamespaceMode` daemon configuration
+  parameter.
+* `GET /info` now  returns an `OSVersion` field, containing the operating system's
+  version. This change is not versioned, and affects all API versions if the daemon
+  has this patch.
+* `GET /info` no longer returns the `SystemStatus` field if it does not have a
+  value set. This change is not versioned, and affects all API versions if the
+  daemon has this patch.
+* `GET /services` now accepts query parameter `status`. When set `true`,
+  services returned will include `ServiceStatus`, which provides Desired,
+  Running, and Completed task counts for the service.
+* `GET /services` may now include `ReplicatedJob` or `GlobalJob` as the `Mode`
+  in a `ServiceSpec`.
+* `GET /services/{id}` may now include `ReplicatedJob` or `GlobalJob` as the
+  `Mode` in a `ServiceSpec`.
+* `POST /services/create` now accepts `ReplicatedJob or `GlobalJob` as the `Mode`
+  in the `ServiceSpec.
+* `POST /services/{id}/update` accepts updating the fields of the
+  `ReplicatedJob` object in the `ServiceSpec.Mode`. The service mode still
+  cannot be changed, however.
+* `GET /services` now includes `JobStatus` on Services with mode
+  `ReplicatedJob` or `GlobalJob`.
+* `GET /services/{id}` now includes `JobStatus` on Services with mode
+  `ReplicatedJob` or `GlobalJob`.
+* `GET /tasks` now includes `JobIteration` on Tasks spawned from a job-mode
+  service.
+* `GET /tasks/{id}` now includes `JobIteration` on the task if spawned from a
+  job-mode service.
+* `GET /containers/{id}/stats` now accepts a query param (`one-shot`) which, when used with `stream=false` fetches a
+  single set of stats instead of waiting for two collection cycles to have 2 CPU stats over a 1 second period.
+* The `KernelMemory` field in `HostConfig.Resources` is now deprecated.
+* The `KernelMemory` field in `Info` is now deprecated.
+* `GET /services` now returns `Ulimits` as part of `ContainerSpec`.
+* `GET /services/{id}` now returns `Ulimits` as part of `ContainerSpec`.
+* `POST /services/create` now accepts `Ulimits` as part of `ContainerSpec`.
+* `POST /services/{id}/update` now accepts `Ulimits` as part of `ContainerSpec`.
+
+## v1.40 API changes
+
+[Docker Engine API v1.40](https://docs.docker.com/engine/api/v1.40/) documentation
+
+* The `/_ping` endpoint can now be accessed both using `GET` or `HEAD` requests.
+  when accessed using a `HEAD` request, all headers are returned, but the body
+  is empty (`Content-Length: 0`). This change is not versioned, and affects all
+  API versions if the daemon has this patch. Clients are recommended to try
+  using `HEAD`, but fallback to `GET` if the `HEAD` requests fails.
+* `GET /_ping` and `HEAD /_ping` now set `Cache-Control` and `Pragma` headers to
+  prevent the result from being cached. This change is not versioned, and affects
+  all API versions if the daemon has this patch.
+* `GET /services` now returns `Sysctls` as part of the `ContainerSpec`.
+* `GET /services/{id}` now returns `Sysctls` as part of the `ContainerSpec`.
+* `POST /services/create` now accepts `Sysctls` as part of the `ContainerSpec`.
+* `POST /services/{id}/update` now accepts `Sysctls` as part of the `ContainerSpec`.
+* `POST /services/create` now accepts `Config` as part of `ContainerSpec.Privileges.CredentialSpec`.
+* `POST /services/{id}/update` now accepts `Config` as part of `ContainerSpec.Privileges.CredentialSpec`.
+* `POST /services/create` now includes `Runtime` as an option in `ContainerSpec.Configs`
+* `POST /services/{id}/update` now includes `Runtime` as an option in `ContainerSpec.Configs`
+* `GET /tasks` now  returns `Sysctls` as part of the `ContainerSpec`.
+* `GET /tasks/{id}` now  returns `Sysctls` as part of the `ContainerSpec`.
+* `GET /networks` now supports a `dangling` filter type. When set to `true` (or
+  `1`), the endpoint returns all networks that are not in use by a container. When
+  set to `false` (or `0`), only networks that are in use by one or more containers
+  are returned.
+* `GET /nodes` now supports a filter type `node.label` filter to filter nodes based
+  on the node.label. The format of the label filter is `node.label=<key>`/`node.label=<key>=<value>`
+  to return those with the specified labels, or `node.label!=<key>`/`node.label!=<key>=<value>`
+  to return those without the specified labels.
+* `POST /containers/create` now accepts a `fluentd-async` option in `HostConfig.LogConfig.Config`
+  when using the Fluentd logging driver. This option deprecates the `fluentd-async-connect`
+  option, which remains funtional, but will be removed in a future release. Users
+  are encouraged to use the `fluentd-async` option going forward. This change is
+  not versioned, and affects all API versions if the daemon has this patch.
+* `POST /containers/create` now accepts a `fluentd-request-ack` option in
+  `HostConfig.LogConfig.Config` when using the Fluentd logging driver. If enabled,
+  the Fluentd logging driver sends the chunk option with a unique ID. The server
+  will respond with an acknowledgement. This option improves the reliability of
+  the message transmission. This change is not versioned, and affects all API
+  versions if the daemon has this patch.
+* `POST /containers/create`, `GET /containers/{id}/json`, and `GET /containers/json` now supports
+  `BindOptions.NonRecursive`.
+* `POST /swarm/init` now accepts a `DataPathPort` property to set data path port number.
+* `GET /info` now returns information about `DataPathPort` that is currently used in swarm
+* `GET /info` now returns `PidsLimit` boolean to indicate if the host kernel has
+  PID limit support enabled.
+* `GET /info` now includes `name=rootless` in `SecurityOptions` when the daemon is running in
+  rootless mode.  This change is not versioned, and affects all API versions if the daemon has
+  this patch.
+* `GET /info` now returns `none` as `CgroupDriver` when the daemon is running in rootless mode.
+  This change is not versioned, and affects all API versions if the daemon has this patch.
+* `POST /containers/create` now accepts `DeviceRequests` as part of `HostConfig`.
+  Can be used to set Nvidia GPUs.
+* `GET /swarm` endpoint now returns DataPathPort info
+* `POST /containers/create` now takes `KernelMemoryTCP` field to set hard limit for kernel TCP buffer memory.
+* `GET /service` now  returns `MaxReplicas` as part of the `Placement`.
+* `GET /service/{id}` now  returns `MaxReplicas` as part of the `Placement`.
+* `POST /service/create` and `POST /services/(id or name)/update` now take the field `MaxReplicas`
+  as part of the service `Placement`, allowing to specify maximum replicas per node for the service.
+* `POST /containers/create` on Linux now creates a container with `HostConfig.IpcMode=private`
+  by default, if IpcMode is not explicitly specified. The per-daemon default can be changed
+  back to `shareable` by using `DefaultIpcMode` daemon configuration parameter.
+* `POST /containers/{id}/update` now accepts a `PidsLimit` field to tune a container's
+  PID limit. Set `0` or `-1` for unlimited. Leave `null` to not change the current value.
+* `POST /build` now accepts `outputs` key for configuring build outputs when using BuildKit mode.
+
 ## V1.39 API changes
 
 [Docker Engine API v1.39](https://docs.docker.com/engine/api/v1.39/) documentation
@@ -26,16 +187,9 @@ keywords: "API, Docker, rcli, REST, documentation"
 * `POST /swarm/init` now accepts a `DefaultAddrPool` property to set global scope default address pool
 * `POST /swarm/init` now accepts a `SubnetSize` property to set global scope networks by giving the
   length of the subnet masks for every such network
-* `GET /nodes` now supports a filter type `node.label` filter to filter nodes based
-  on the node.label. The format of the label filter is `node.label=<key>`/`node.label=<key>=<value>`
-  to return those with the specified labels, or `node.label!=<key>`/`node.label!=<key>=<value>`
-  to return those without the specified labels.
-* `GET /services` now returns `Sysctls` as part of the `ContainerSpec`.
-* `GET /services/{id}` now returns `Sysctls` as part of the `ContainerSpec`.
-* `POST /services/create` now accepts `Sysctls` as part of the `ContainerSpec`.
-* `POST /services/{id}/update` now accepts `Sysctls` as part of the `ContainerSpec`.
-* `GET /tasks` now  returns `Sysctls` as part of the `ContainerSpec`.
-* `GET /tasks/{id}` now  returns `Sysctls` as part of the `ContainerSpec`.
+* `POST /session` (added in [V1.31](#v131-api-changes) is no longer experimental.
+  This endpoint can be used to run interactive long-running protocols between the
+  client and the daemon.
 
 ## V1.38 API changes
 
@@ -169,6 +323,7 @@ keywords: "API, Docker, rcli, REST, documentation"
 * `GET /events` now supports service, node and secret events which are emitted when users create, update and remove service, node and secret
 * `GET /events` now supports network remove event which is emitted when users remove a swarm scoped network
 * `GET /events` now supports a filter type `scope` in which supported value could be swarm and local
+* `PUT /containers/(name)/archive` now accepts a `copyUIDGID` parameter to allow copy UID/GID maps to dest file or dir.
 
 ## v1.29 API changes
 
@@ -192,14 +347,14 @@ keywords: "API, Docker, rcli, REST, documentation"
 * `GET /containers/create` now takes a `DeviceCgroupRules` field in `HostConfig` allowing to set custom device cgroup rules for the created container.
 * Optional query parameter `verbose` for `GET /networks/(id or name)` will now list all services with all the tasks, including the non-local tasks on the given network.
 * `GET /containers/(id or name)/attach/ws` now returns WebSocket in binary frame format for API version >= v1.28, and returns WebSocket in text frame format for API version< v1.28, for the purpose of backward-compatibility.
-* `GET /networks` is optimised only to return list of all networks and network specific information. List of all containers attached to a specific network is removed from this API and is only available using the network specific `GET /networks/{network-id}.
+* `GET /networks` is optimised only to return list of all networks and network specific information. List of all containers attached to a specific network is removed from this API and is only available using the network specific `GET /networks/{network-id}`.
 * `GET /containers/json` now supports `publish` and `expose` filters to filter containers that expose or publish certain ports.
 * `POST /services/create` and `POST /services/(id or name)/update` now accept the `ReadOnly` parameter, which mounts the container's root filesystem as read only.
 * `POST /build` now accepts `extrahosts` parameter to specify a host to ip mapping to use during the build.
 * `POST /services/create` and `POST /services/(id or name)/update` now accept a `rollback` value for `FailureAction`.
 * `POST /services/create` and `POST /services/(id or name)/update` now accept an optional `RollbackConfig` object which specifies rollback options.
 * `GET /services` now supports a `mode` filter to filter services based on the service mode (either `global` or `replicated`).
-* `POST /containers/(name)/update` now supports updating `NanoCPUs` that represents CPU quota in units of 10<sup>-9</sup> CPUs.
+* `POST /containers/(name)/update` now supports updating `NanoCpus` that represents CPU quota in units of 10<sup>-9</sup> CPUs.
 
 ## v1.27 API changes
 
@@ -255,11 +410,14 @@ keywords: "API, Docker, rcli, REST, documentation"
 * The `hostConfig` option now accepts the fields `CpuRealtimePeriod` and `CpuRtRuntime` to allocate cpu runtime to rt tasks when `CONFIG_RT_GROUP_SCHED` is enabled in the kernel.
 * The `SecurityOptions` field within the `GET /info` response now includes `userns` if user namespaces are enabled in the daemon.
 * `GET /nodes` and `GET /node/(id or name)` now return `Addr` as part of a node's `Status`, which is the address that that node connects to the manager from.
-* The `HostConfig` field now includes `NanoCPUs` that represents CPU quota in units of 10<sup>-9</sup> CPUs.
+* The `HostConfig` field now includes `NanoCpus` that represents CPU quota in units of 10<sup>-9</sup> CPUs.
 * `GET /info` now returns more structured information about security options.
 * The `HostConfig` field now includes `CpuCount` that represents the number of CPUs available for execution by the container. Windows daemon only.
 * `POST /services/create` and `POST /services/(id or name)/update` now accept the `TTY` parameter, which allocate a pseudo-TTY in container.
 * `POST /services/create` and `POST /services/(id or name)/update` now accept the `DNSConfig` parameter, which specifies DNS related configurations in resolver configuration file (resolv.conf) through `Nameservers`, `Search`, and `Options`.
+* `POST /services/create` and `POST /services/(id or name)/update` now support
+  `node.platform.arch` and `node.platform.os` constraints in the services 
+  `TaskSpec.Placement.Constraints` field.
 * `GET /networks/(id or name)` now includes IP and name of all peers nodes for swarm mode overlay networks.
 * `GET /plugins` list plugins.
 * `POST /plugins/pull?name=<plugin name>` pulls a plugin.
diff --git a/docs/contributing/software-req-win.md b/docs/contributing/software-req-win.md
index 3070d34e8381e..55b370003f964 100644
--- a/docs/contributing/software-req-win.md
+++ b/docs/contributing/software-req-win.md
@@ -26,7 +26,7 @@ https://git-scm.com/download/win.
 ### 3. The machine must be configured to run containers
 
 For example, by following the quick start guidance at
-https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start or https://github.com/docker/labs/blob/master/windows/windows-containers/Setup.md
+https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start or https://github.com/docker/labs/blob/master/windows/windows-containers/README.md
 
 ### 4. If building in a Hyper-V VM
 
@@ -51,7 +51,7 @@ To test and run the Windows Moby engine, you need a system that supports Windows
 - Windows 10 Anniversary Edition
 - Windows Server 2016 running in a VM, on bare metal or in the cloud
 
-Check out the [getting started documentation](https://github.com/docker/labs/blob/master/windows/windows-containers/Setup.md) for details.
+Check out the [getting started documentation](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md) for details.
 
 ### 2. GitHub account
 
@@ -100,8 +100,8 @@ To build Moby, run:
 Copy out the resulting Windows Moby Engine binary to `dockerd.exe` in the
 current directory:
 
-    docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe docker.exe
-    docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe dockerd.exe
+    docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\docker.exe docker.exe
+    docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\dockerd.exe dockerd.exe
 
 To test it, stop the system Docker daemon and start the one you just built:
 
@@ -109,7 +109,7 @@ To test it, stop the system Docker daemon and start the one you just built:
     .\dockerd.exe -D
 
 The other make targets work too, to run unit tests try:
-`docker run --rm docker-builder sh -c 'cd /c/go/src/github.com/docker/docker; hack/make.sh test-unit'`.
+`docker run --rm docker-builder sh -c 'cd /c/gopath/src/github.com/docker/docker; hack/make.sh test-unit'`.
 
 ### 6. Remove the interim binaries container
 
@@ -169,7 +169,7 @@ quit due to the use of console hooks which are not available.
 The docker integration tests do not currently run in a container on Windows,
 predominantly due to Windows not supporting privileged mode, so anything using a volume would fail.
 They (along with the rest of the docker CI suite) can be run using
-https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
+https://github.com/kevpar/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
 
 ## Where to go next
 
diff --git a/docs/contributing/test.md b/docs/contributing/test.md
index 8a50b0678646a..5b66ba78a420e 100644
--- a/docs/contributing/test.md
+++ b/docs/contributing/test.md
@@ -83,7 +83,7 @@ hour. To run the test suite, do the following:
     * cross-compiles all the binaries for the various operating systems
     * runs all the tests in the system
 
-    It can take approximate one hour to run all the tests. The time depends
+    It can take approximately one hour to run all the tests. The time depends
     on your host performance. The default timeout is 60 minutes, which is
     defined in `hack/make.sh` (`${TIMEOUT:=60m}`). You can modify the timeout
     value on the basis of your host performance. When they complete
@@ -108,10 +108,10 @@ Try this now.
 2.  Start a Moby development image.
 
     If you are following along with this guide, you should have a
-    `dry-run-test` image.
+    `docker-dev:dry-run-test` image.
 
     ```bash
-    $ docker run --privileged --rm -ti -v `pwd`:/go/src/github.com/docker/docker dry-run-test /bin/bash
+    $ docker run --privileged --rm -ti -v `pwd`:/go/src/github.com/docker/docker docker-dev:dry-run-test /bin/bash
     ```
 
 3.  Run the unit tests using the `hack/test/unit` script.
@@ -148,7 +148,7 @@ You can use the `TESTDIRS` environment variable to run unit tests for
 a single package.
 
 ```bash
-$ TESTDIRS='opts' make test-unit
+$ TESTDIRS='github.com/docker/docker/opts' make test-unit
 ```
 
 You can also use the `TESTFLAGS` environment variable to run a single test. The
@@ -163,7 +163,7 @@ On unit tests, it's better to use `TESTFLAGS` in combination with
 `TESTDIRS` to make it quicker to run a specific test.
 
 ```bash
-$ TESTDIRS='opts' TESTFLAGS='-test.run ^TestValidateIPAddress$' make test-unit
+$ TESTDIRS='github.com/docker/docker/opts' TESTFLAGS='-test.run ^TestValidateIPAddress$' make test-unit
 ```
 
 ## Run integration tests
@@ -174,13 +174,13 @@ flag's value is passed as arguments to the `go test` command. For example, from
 your local host you can run the `TestBuild` test with this command:
 
 ```bash
-$ TESTFLAGS='-check.f DockerSuite.TestBuild*' make test-integration
+$ TESTFLAGS='-test.run TestDockerSuite/TestBuild*' make test-integration
 ```
 
 To run the same test inside your Docker development container, you do this:
 
 ```bash
-# TESTFLAGS='-check.f TestBuild*' hack/make.sh binary test-integration
+# TESTFLAGS='-test.run TestDockerSuite/TestBuild*' hack/make.sh binary test-integration
 ```
 
 ## Test the Windows binary against a Linux daemon
@@ -208,7 +208,7 @@ run a Bash terminal on Windows.
     ```
 
 4.  Set `DOCKER_TEST_HOST` to the `tcp://IP_ADDRESS:2376` value; substitute your
-    Linux machines actual IP address. For example:
+    Linux machine's actual IP address. For example:
 
     ```bash
     $ export DOCKER_TEST_HOST=tcp://213.124.23.200:2376
@@ -228,16 +228,24 @@ run a Bash terminal on Windows.
     ```
 
     Should you wish to run a single test such as one with the name
-    'TestExample', you can pass in `TESTFLAGS='-check.f TestExample'`. For
+    'TestExample', you can pass in `TESTFLAGS='-test.run /TestExample'`. For
     example
 
     ```bash
-    $ TESTFLAGS='-check.f TestExample' hack/make.sh binary test-integration
+    $ TESTFLAGS='-test.run /TestExample' hack/make.sh binary test-integration
     ```
 
 You can now choose to make changes to the Moby source or the tests. If you
 make any changes, just run these commands again.
 
+## [Public CI infrastructure](ci.docker.com/public)
+
+The current infrastructure is maintained here: [Moby ci job](https://ci.docker.com/public/job/moby).  The Jenkins infrastructure is for the Moby project is maintained and
+managed by Docker Inc.  All contributions against the Jenkinsfile are
+appreciated and welcomed!  However we might not be able to fully provide the
+infrastructure to test against various architectures in our CI pipelines.  All
+jobs can be triggered and re-ran by the Moby maintainers
+
 ## Where to go next
 
 Congratulations, you have successfully completed the basics you need to
diff --git a/docs/rootless.md b/docs/rootless.md
new file mode 100644
index 0000000000000..4eada9d03e2d4
--- /dev/null
+++ b/docs/rootless.md
@@ -0,0 +1,3 @@
+Moved to https://docs.docker.com/go/rootless/
+
+<!-- do not remove this file, as there is a lot of links to https://github.com/moby/moby/blob/master/docs/rootless.md -->
diff --git a/errdefs/defs.go b/errdefs/defs.go
index e6a2275b2d7a8..61e7456b4ebfe 100644
--- a/errdefs/defs.go
+++ b/errdefs/defs.go
@@ -43,11 +43,6 @@ type ErrNotModified interface {
 	NotModified()
 }
 
-// ErrAlreadyExists is a special case of ErrConflict which signals that the desired object already exists
-type ErrAlreadyExists interface {
-	AlreadyExists()
-}
-
 // ErrNotImplemented signals that the requested action/feature is not implemented on the system as configured.
 type ErrNotImplemented interface {
 	NotImplemented()
diff --git a/errdefs/helpers.go b/errdefs/helpers.go
index 6169c2bc62a59..fe06fb6f703b1 100644
--- a/errdefs/helpers.go
+++ b/errdefs/helpers.go
@@ -10,10 +10,14 @@ func (e errNotFound) Cause() error {
 	return e.error
 }
 
+func (e errNotFound) Unwrap() error {
+	return e.error
+}
+
 // NotFound is a helper to create an error of the class with the same name from any error type
 func NotFound(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsNotFound(err) {
+		return err
 	}
 	return errNotFound{err}
 }
@@ -26,10 +30,14 @@ func (e errInvalidParameter) Cause() error {
 	return e.error
 }
 
+func (e errInvalidParameter) Unwrap() error {
+	return e.error
+}
+
 // InvalidParameter is a helper to create an error of the class with the same name from any error type
 func InvalidParameter(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsInvalidParameter(err) {
+		return err
 	}
 	return errInvalidParameter{err}
 }
@@ -42,10 +50,14 @@ func (e errConflict) Cause() error {
 	return e.error
 }
 
+func (e errConflict) Unwrap() error {
+	return e.error
+}
+
 // Conflict is a helper to create an error of the class with the same name from any error type
 func Conflict(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsConflict(err) {
+		return err
 	}
 	return errConflict{err}
 }
@@ -58,10 +70,14 @@ func (e errUnauthorized) Cause() error {
 	return e.error
 }
 
+func (e errUnauthorized) Unwrap() error {
+	return e.error
+}
+
 // Unauthorized is a helper to create an error of the class with the same name from any error type
 func Unauthorized(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsUnauthorized(err) {
+		return err
 	}
 	return errUnauthorized{err}
 }
@@ -74,8 +90,15 @@ func (e errUnavailable) Cause() error {
 	return e.error
 }
 
+func (e errUnavailable) Unwrap() error {
+	return e.error
+}
+
 // Unavailable is a helper to create an error of the class with the same name from any error type
 func Unavailable(err error) error {
+	if err == nil || IsUnavailable(err) {
+		return err
+	}
 	return errUnavailable{err}
 }
 
@@ -87,10 +110,14 @@ func (e errForbidden) Cause() error {
 	return e.error
 }
 
+func (e errForbidden) Unwrap() error {
+	return e.error
+}
+
 // Forbidden is a helper to create an error of the class with the same name from any error type
 func Forbidden(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsForbidden(err) {
+		return err
 	}
 	return errForbidden{err}
 }
@@ -103,10 +130,14 @@ func (e errSystem) Cause() error {
 	return e.error
 }
 
+func (e errSystem) Unwrap() error {
+	return e.error
+}
+
 // System is a helper to create an error of the class with the same name from any error type
 func System(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsSystem(err) {
+		return err
 	}
 	return errSystem{err}
 }
@@ -119,28 +150,16 @@ func (e errNotModified) Cause() error {
 	return e.error
 }
 
-// NotModified is a helper to create an error of the class with the same name from any error type
-func NotModified(err error) error {
-	if err == nil {
-		return nil
-	}
-	return errNotModified{err}
-}
-
-type errAlreadyExists struct{ error }
-
-func (errAlreadyExists) AlreadyExists() {}
-
-func (e errAlreadyExists) Cause() error {
+func (e errNotModified) Unwrap() error {
 	return e.error
 }
 
-// AlreadyExists is a helper to create an error of the class with the same name from any error type
-func AlreadyExists(err error) error {
-	if err == nil {
-		return nil
+// NotModified is a helper to create an error of the class with the same name from any error type
+func NotModified(err error) error {
+	if err == nil || IsNotModified(err) {
+		return err
 	}
-	return errAlreadyExists{err}
+	return errNotModified{err}
 }
 
 type errNotImplemented struct{ error }
@@ -151,10 +170,14 @@ func (e errNotImplemented) Cause() error {
 	return e.error
 }
 
+func (e errNotImplemented) Unwrap() error {
+	return e.error
+}
+
 // NotImplemented is a helper to create an error of the class with the same name from any error type
 func NotImplemented(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsNotImplemented(err) {
+		return err
 	}
 	return errNotImplemented{err}
 }
@@ -167,10 +190,14 @@ func (e errUnknown) Cause() error {
 	return e.error
 }
 
+func (e errUnknown) Unwrap() error {
+	return e.error
+}
+
 // Unknown is a helper to create an error of the class with the same name from any error type
 func Unknown(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsUnknown(err) {
+		return err
 	}
 	return errUnknown{err}
 }
@@ -183,10 +210,14 @@ func (e errCancelled) Cause() error {
 	return e.error
 }
 
+func (e errCancelled) Unwrap() error {
+	return e.error
+}
+
 // Cancelled is a helper to create an error of the class with the same name from any error type
 func Cancelled(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsCancelled(err) {
+		return err
 	}
 	return errCancelled{err}
 }
@@ -199,10 +230,14 @@ func (e errDeadline) Cause() error {
 	return e.error
 }
 
+func (e errDeadline) Unwrap() error {
+	return e.error
+}
+
 // Deadline is a helper to create an error of the class with the same name from any error type
 func Deadline(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsDeadline(err) {
+		return err
 	}
 	return errDeadline{err}
 }
@@ -215,10 +250,14 @@ func (e errDataLoss) Cause() error {
 	return e.error
 }
 
+func (e errDataLoss) Unwrap() error {
+	return e.error
+}
+
 // DataLoss is a helper to create an error of the class with the same name from any error type
 func DataLoss(err error) error {
-	if err == nil {
-		return nil
+	if err == nil || IsDataLoss(err) {
+		return err
 	}
 	return errDataLoss{err}
 }
diff --git a/errdefs/helpers_test.go b/errdefs/helpers_test.go
index 8766ba80a88ef..4ae27c717fd9d 100644
--- a/errdefs/helpers_test.go
+++ b/errdefs/helpers_test.go
@@ -22,6 +22,9 @@ func TestNotFound(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected not found error to match errTest")
+	}
 }
 
 func TestConflict(t *testing.T) {
@@ -35,6 +38,9 @@ func TestConflict(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected conflict error to match errTest")
+	}
 }
 
 func TestForbidden(t *testing.T) {
@@ -48,6 +54,9 @@ func TestForbidden(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected forbidden error to match errTest")
+	}
 }
 
 func TestInvalidParameter(t *testing.T) {
@@ -61,6 +70,9 @@ func TestInvalidParameter(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected invalid argument error to match errTest")
+	}
 }
 
 func TestNotImplemented(t *testing.T) {
@@ -74,6 +86,9 @@ func TestNotImplemented(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected not implemented error to match errTest")
+	}
 }
 
 func TestNotModified(t *testing.T) {
@@ -87,18 +102,8 @@ func TestNotModified(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
-}
-
-func TestAlreadyExists(t *testing.T) {
-	if IsAlreadyExists(errTest) {
-		t.Fatalf("did not expect already exists error, got %T", errTest)
-	}
-	e := AlreadyExists(errTest)
-	if !IsAlreadyExists(e) {
-		t.Fatalf("expected already exists error, got %T", e)
-	}
-	if cause := e.(causal).Cause(); cause != errTest {
-		t.Fatalf("causual should be errTest, got: %v", cause)
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected not modified error to match errTest")
 	}
 }
 
@@ -113,6 +118,9 @@ func TestUnauthorized(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected unauthorized error to match errTest")
+	}
 }
 
 func TestUnknown(t *testing.T) {
@@ -126,6 +134,9 @@ func TestUnknown(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected unknown error to match errTest")
+	}
 }
 
 func TestCancelled(t *testing.T) {
@@ -139,6 +150,9 @@ func TestCancelled(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected cancelled error to match errTest")
+	}
 }
 
 func TestDeadline(t *testing.T) {
@@ -152,6 +166,9 @@ func TestDeadline(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected deadline error to match errTest")
+	}
 }
 
 func TestDataLoss(t *testing.T) {
@@ -165,6 +182,9 @@ func TestDataLoss(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected data loss error to match errTest")
+	}
 }
 
 func TestUnavailable(t *testing.T) {
@@ -178,6 +198,9 @@ func TestUnavailable(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected unavaillable error to match errTest")
+	}
 }
 
 func TestSystem(t *testing.T) {
@@ -191,4 +214,7 @@ func TestSystem(t *testing.T) {
 	if cause := e.(causal).Cause(); cause != errTest {
 		t.Fatalf("causual should be errTest, got: %v", cause)
 	}
+	if !errors.Is(e, errTest) {
+		t.Fatalf("expected system error to match errTest")
+	}
 }
diff --git a/errdefs/http_helpers.go b/errdefs/http_helpers.go
new file mode 100644
index 0000000000000..73576f1c6e449
--- /dev/null
+++ b/errdefs/http_helpers.go
@@ -0,0 +1,191 @@
+package errdefs // import "github.com/docker/docker/errdefs"
+
+import (
+	"fmt"
+	"net/http"
+
+	containerderrors "github.com/containerd/containerd/errdefs"
+	"github.com/docker/distribution/registry/api/errcode"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// GetHTTPErrorStatusCode retrieves status code from error message.
+func GetHTTPErrorStatusCode(err error) int {
+	if err == nil {
+		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
+		return http.StatusInternalServerError
+	}
+
+	var statusCode int
+
+	// Stop right there
+	// Are you sure you should be adding a new error class here? Do one of the existing ones work?
+
+	// Note that the below functions are already checking the error causal chain for matches.
+	switch {
+	case IsNotFound(err):
+		statusCode = http.StatusNotFound
+	case IsInvalidParameter(err):
+		statusCode = http.StatusBadRequest
+	case IsConflict(err):
+		statusCode = http.StatusConflict
+	case IsUnauthorized(err):
+		statusCode = http.StatusUnauthorized
+	case IsUnavailable(err):
+		statusCode = http.StatusServiceUnavailable
+	case IsForbidden(err):
+		statusCode = http.StatusForbidden
+	case IsNotModified(err):
+		statusCode = http.StatusNotModified
+	case IsNotImplemented(err):
+		statusCode = http.StatusNotImplemented
+	case IsSystem(err) || IsUnknown(err) || IsDataLoss(err) || IsDeadline(err) || IsCancelled(err):
+		statusCode = http.StatusInternalServerError
+	default:
+		statusCode = statusCodeFromGRPCError(err)
+		if statusCode != http.StatusInternalServerError {
+			return statusCode
+		}
+		statusCode = statusCodeFromContainerdError(err)
+		if statusCode != http.StatusInternalServerError {
+			return statusCode
+		}
+		statusCode = statusCodeFromDistributionError(err)
+		if statusCode != http.StatusInternalServerError {
+			return statusCode
+		}
+		if e, ok := err.(causer); ok {
+			return GetHTTPErrorStatusCode(e.Cause())
+		}
+
+		logrus.WithFields(logrus.Fields{
+			"module":     "api",
+			"error_type": fmt.Sprintf("%T", err),
+		}).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err)
+	}
+
+	if statusCode == 0 {
+		statusCode = http.StatusInternalServerError
+	}
+
+	return statusCode
+}
+
+// FromStatusCode creates an errdef error, based on the provided HTTP status-code
+func FromStatusCode(err error, statusCode int) error {
+	if err == nil {
+		return err
+	}
+	switch statusCode {
+	case http.StatusNotFound:
+		err = NotFound(err)
+	case http.StatusBadRequest:
+		err = InvalidParameter(err)
+	case http.StatusConflict:
+		err = Conflict(err)
+	case http.StatusUnauthorized:
+		err = Unauthorized(err)
+	case http.StatusServiceUnavailable:
+		err = Unavailable(err)
+	case http.StatusForbidden:
+		err = Forbidden(err)
+	case http.StatusNotModified:
+		err = NotModified(err)
+	case http.StatusNotImplemented:
+		err = NotImplemented(err)
+	case http.StatusInternalServerError:
+		if !IsSystem(err) && !IsUnknown(err) && !IsDataLoss(err) && !IsDeadline(err) && !IsCancelled(err) {
+			err = System(err)
+		}
+	default:
+		logrus.WithError(err).WithFields(logrus.Fields{
+			"module":      "api",
+			"status_code": statusCode,
+		}).Debug("FIXME: Got an status-code for which error does not match any expected type!!!")
+
+		switch {
+		case statusCode >= 200 && statusCode < 400:
+			// it's a client error
+		case statusCode >= 400 && statusCode < 500:
+			err = InvalidParameter(err)
+		case statusCode >= 500 && statusCode < 600:
+			err = System(err)
+		default:
+			err = Unknown(err)
+		}
+	}
+	return err
+}
+
+// statusCodeFromGRPCError returns status code according to gRPC error
+func statusCodeFromGRPCError(err error) int {
+	switch status.Code(err) {
+	case codes.InvalidArgument: // code 3
+		return http.StatusBadRequest
+	case codes.NotFound: // code 5
+		return http.StatusNotFound
+	case codes.AlreadyExists: // code 6
+		return http.StatusConflict
+	case codes.PermissionDenied: // code 7
+		return http.StatusForbidden
+	case codes.FailedPrecondition: // code 9
+		return http.StatusBadRequest
+	case codes.Unauthenticated: // code 16
+		return http.StatusUnauthorized
+	case codes.OutOfRange: // code 11
+		return http.StatusBadRequest
+	case codes.Unimplemented: // code 12
+		return http.StatusNotImplemented
+	case codes.Unavailable: // code 14
+		return http.StatusServiceUnavailable
+	default:
+		// codes.Canceled(1)
+		// codes.Unknown(2)
+		// codes.DeadlineExceeded(4)
+		// codes.ResourceExhausted(8)
+		// codes.Aborted(10)
+		// codes.Internal(13)
+		// codes.DataLoss(15)
+		return http.StatusInternalServerError
+	}
+}
+
+// statusCodeFromDistributionError returns status code according to registry errcode
+// code is loosely based on errcode.ServeJSON() in docker/distribution
+func statusCodeFromDistributionError(err error) int {
+	switch errs := err.(type) {
+	case errcode.Errors:
+		if len(errs) < 1 {
+			return http.StatusInternalServerError
+		}
+		if _, ok := errs[0].(errcode.ErrorCoder); ok {
+			return statusCodeFromDistributionError(errs[0])
+		}
+	case errcode.ErrorCoder:
+		return errs.ErrorCode().Descriptor().HTTPStatusCode
+	}
+	return http.StatusInternalServerError
+}
+
+// statusCodeFromContainerdError returns status code for containerd errors when
+// consumed directly (not through gRPC)
+func statusCodeFromContainerdError(err error) int {
+	switch {
+	case containerderrors.IsInvalidArgument(err):
+		return http.StatusBadRequest
+	case containerderrors.IsNotFound(err):
+		return http.StatusNotFound
+	case containerderrors.IsAlreadyExists(err):
+		return http.StatusConflict
+	case containerderrors.IsFailedPrecondition(err):
+		return http.StatusPreconditionFailed
+	case containerderrors.IsUnavailable(err):
+		return http.StatusServiceUnavailable
+	case containerderrors.IsNotImplemented(err):
+		return http.StatusNotImplemented
+	default:
+		return http.StatusInternalServerError
+	}
+}
diff --git a/errdefs/http_helpers_test.go b/errdefs/http_helpers_test.go
new file mode 100644
index 0000000000000..7806d283901ee
--- /dev/null
+++ b/errdefs/http_helpers_test.go
@@ -0,0 +1,92 @@
+package errdefs
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestFromStatusCode(t *testing.T) {
+	testErr := fmt.Errorf("some error occurred")
+
+	testCases := []struct {
+		err    error
+		status int
+		check  func(error) bool
+	}{
+		{
+			err:    testErr,
+			status: http.StatusNotFound,
+			check:  IsNotFound,
+		},
+		{
+			err:    testErr,
+			status: http.StatusBadRequest,
+			check:  IsInvalidParameter,
+		},
+		{
+			err:    testErr,
+			status: http.StatusConflict,
+			check:  IsConflict,
+		},
+		{
+			err:    testErr,
+			status: http.StatusUnauthorized,
+			check:  IsUnauthorized,
+		},
+		{
+			err:    testErr,
+			status: http.StatusServiceUnavailable,
+			check:  IsUnavailable,
+		},
+		{
+			err:    testErr,
+			status: http.StatusForbidden,
+			check:  IsForbidden,
+		},
+		{
+			err:    testErr,
+			status: http.StatusNotModified,
+			check:  IsNotModified,
+		},
+		{
+			err:    testErr,
+			status: http.StatusNotImplemented,
+			check:  IsNotImplemented,
+		},
+		{
+			err:    testErr,
+			status: http.StatusInternalServerError,
+			check:  IsSystem,
+		},
+		{
+			err:    Unknown(testErr),
+			status: http.StatusInternalServerError,
+			check:  IsUnknown,
+		},
+		{
+			err:    DataLoss(testErr),
+			status: http.StatusInternalServerError,
+			check:  IsDataLoss,
+		},
+		{
+			err:    Deadline(testErr),
+			status: http.StatusInternalServerError,
+			check:  IsDeadline,
+		},
+		{
+			err:    Cancelled(testErr),
+			status: http.StatusInternalServerError,
+			check:  IsCancelled,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(http.StatusText(tc.status), func(t *testing.T) {
+			err := FromStatusCode(tc.err, tc.status)
+			assert.Check(t, tc.check(err), "unexpected error-type %T", err)
+		})
+	}
+}
diff --git a/errdefs/is.go b/errdefs/is.go
index e0513331bbd68..3abf07d0c3570 100644
--- a/errdefs/is.go
+++ b/errdefs/is.go
@@ -15,7 +15,6 @@ func getImplementer(err error) error {
 		ErrForbidden,
 		ErrSystem,
 		ErrNotModified,
-		ErrAlreadyExists,
 		ErrNotImplemented,
 		ErrCancelled,
 		ErrDeadline,
@@ -77,12 +76,6 @@ func IsNotModified(err error) bool {
 	return ok
 }
 
-// IsAlreadyExists returns if the passed in error is a AlreadyExists error
-func IsAlreadyExists(err error) bool {
-	_, ok := getImplementer(err).(ErrAlreadyExists)
-	return ok
-}
-
 // IsNotImplemented returns if the passed in error is an ErrNotImplemented
 func IsNotImplemented(err error) bool {
 	_, ok := getImplementer(err).(ErrNotImplemented)
diff --git a/hack/ci/arm b/hack/ci/arm
index e60332a60827b..2c7109b8b6397 100755
--- a/hack/ci/arm
+++ b/hack/ci/arm
@@ -4,7 +4,7 @@ set -eu -o pipefail
 
 hack/test/unit
 
-hack/make.sh \
+TEST_SKIP_INTEGRATION_CLI=1 hack/make.sh \
 	binary-daemon \
 	dynbinary \
 	test-integration
diff --git a/hack/ci/experimental b/hack/ci/experimental
index 9ccbc8425f699..10297c7dc9209 100755
--- a/hack/ci/experimental
+++ b/hack/ci/experimental
@@ -2,7 +2,7 @@
 # Entrypoint for jenkins experimental CI
 set -eu -o pipefail
 
-export DOCKER_EXPERIMENTAL=y
+export DOCKER_EXPERIMENTAL=1
 
 hack/make.sh \
 	binary-daemon \
diff --git a/hack/ci/janky b/hack/ci/janky
index f2bdfbf326f00..ec48165896833 100755
--- a/hack/ci/janky
+++ b/hack/ci/janky
@@ -4,14 +4,11 @@ set -eu -o pipefail
 
 hack/validate/default
 hack/test/unit
-bash <(curl -s https://codecov.io/bash) \
-    -f coverage.txt \
-    -C "$GIT_SHA1" || \
-    echo 'Codecov failed to upload'
 
 hack/make.sh \
 	binary-daemon \
 	dynbinary \
 	test-docker-py \
+	test-integration-flaky \
 	test-integration \
 	cross
diff --git a/hack/ci/master b/hack/ci/master
new file mode 100755
index 0000000000000..83182c69ec435
--- /dev/null
+++ b/hack/ci/master
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+# Entrypoint for jenkins master CI build
+set -eu -o pipefail
+
+hack/validate/default
+hack/test/unit
+
+hack/make.sh \
+	binary-daemon \
+	dynbinary \
+	test-docker-py \
+	test-integration \
+	cross
diff --git a/hack/ci/windows.ps1 b/hack/ci/windows.ps1
index 393bcbdc2fc20..69b9e461920d7 100644
--- a/hack/ci/windows.ps1
+++ b/hack/ci/windows.ps1
@@ -1,7 +1,7 @@
-# WARNING WARNING WARNING - DO NOT EDIT THIS FILE IN JENKINS DIRECTLY.
-# SUBMIT A PR TO https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/executeCI.ps1,
-# AND MAKE SURE https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1
-# ISN'T BROKEN!!!!!!! VALIDATE USING A TEST CONTEXT IN JENKINS. THEN COPY/PASTE INTO JENKINS PRODUCTION.
+# WARNING: When editing this file, consider submitting a PR to
+# https://github.com/kevpar/docker-w2wCIScripts/blob/master/runCI/executeCI.ps1, and make sure that
+# https://github.com/kevpar/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1 isn't broken.
+# Validate using a test context in Jenkins, then copy/paste into Jenkins production.
 #
 # Jenkins CI scripts for Windows to Windows CI (Powershell Version)
 # By John Howard (@jhowardmsft) January 2016 - bash version; July 2016 Ported to PowerShell
@@ -9,11 +9,10 @@
 $ErrorActionPreference = 'Stop'
 $StartTime=Get-Date
 
-# Put up top to be blindingly obvious. The production jenkins.dockerproject.org Linux-container 
-# CI job is "Docker-PRs-LoW-RS3". Force into LCOW mode for this run, or not.
-if ($env:BUILD_TAG -match "-LoW") { $env:LCOW_MODE=1 }
-if ($env:BUILD_TAG -match "-WoW") { $env:LCOW_MODE="" }
-
+Write-Host -ForegroundColor Red "DEBUG: print all environment variables to check how Jenkins runs this script"
+$allArgs = [Environment]::GetCommandLineArgs()
+Write-Host -ForegroundColor Red $allArgs
+Write-Host -ForegroundColor Red "----------------------------------------------------------------------------"
 
 # -------------------------------------------------------------------------------------------
 # When executed, we rely on four variables being set in the environment:
@@ -46,10 +45,23 @@ if ($env:BUILD_TAG -match "-WoW") { $env:LCOW_MODE="" }
 #                        TESTRUN_DRIVE\TESTRUN_SUBDIR\CI-<CommitID> or
 #                        d:\CI\CI-<CommitID>
 #
+# Optional environment variables help in CI:
+#
+#    BUILD_NUMBER + BRANCH_NAME   are optional variables to be added to the directory below TESTRUN_SUBDIR
+#                        to have individual folder per CI build. If some files couldn't be
+#                        cleaned up and we want to re-run the build in CI.
+#                        Hence, the daemon under test is run under
+#                        TESTRUN_DRIVE\TESTRUN_SUBDIR\PR-<PR-Number>\<BuildNumber> or
+#                        d:\CI\PR-<PR-Number>\<BuildNumber>
+#
 # In addition, the following variables can control the run configuration:
 #
 #    DOCKER_DUT_DEBUG         if defined starts the daemon under test in debug mode.
 #
+#   DOCKER_STORAGE_OPTS       comma-separated list of optional storage driver options for the daemon under test
+#                             examples:
+#                             DOCKER_STORAGE_OPTS="size=40G"
+#
 #    SKIP_VALIDATION_TESTS    if defined skips the validation tests
 #
 #    SKIP_UNIT_TESTS          if defined skips the unit tests
@@ -78,17 +90,15 @@ if ($env:BUILD_TAG -match "-WoW") { $env:LCOW_MODE="" }
 #                             docker integration tests are also coded to use the same
 #                             environment variable, and if no set, defaults to microsoft/windowsservercore
 #
-#    LCOW_BASIC_MODE          if defined, does very basic LCOW verification. Ultimately we 
-#                             want to run the entire CI suite from docker, but that's a way off.
-#                            
-#    LCOW_MODE                if defined, runs the entire CI suite
-#                            
+#    WINDOWS_BASE_IMAGE_TAG   if defined, uses that as the tag name for the base image.
+#                             if no set, defaults to latest
+#
 # -------------------------------------------------------------------------------------------
 #
 # Jenkins Integration. Add a Windows Powershell build step as follows:
 #
 #    Write-Host -ForegroundColor green "INFO: Jenkins build step starting"
-#    $CISCRIPT_DEFAULT_LOCATION = "https://raw.githubusercontent.com/jhowardmsft/docker-w2wCIScripts/master/runCI/executeCI.ps1"
+#    $CISCRIPT_DEFAULT_LOCATION = "https://raw.githubusercontent.com/moby/moby/master/hack/ci/windows.ps1"
 #    $CISCRIPT_LOCAL_LOCATION = "$env:TEMP\executeCI.ps1"
 #    Write-Host -ForegroundColor green "INFO: Removing cached execution script"
 #    Remove-Item $CISCRIPT_LOCAL_LOCATION -Force -ErrorAction SilentlyContinue 2>&1 | Out-Null
@@ -105,7 +115,7 @@ if ($env:BUILD_TAG -match "-WoW") { $env:LCOW_MODE="" }
 # -------------------------------------------------------------------------------------------
 
 
-$SCRIPT_VER="28-Aug-2018 09:33 PDT" 
+$SCRIPT_VER="05-Feb-2019 09:03 PDT" 
 $FinallyColour="Cyan"
 
 #$env:DOCKER_DUT_DEBUG="yes" # Comment out to not be in debug mode
@@ -119,13 +129,14 @@ $FinallyColour="Cyan"
 #$env:INTEGRATION_IN_CONTAINER="yes"
 #$env:WINDOWS_BASE_IMAGE=""
 #$env:SKIP_COPY_GO="yes"
+#$env:INTEGRATION_TESTFLAGS="-test.v"
 
 Function Nuke-Everything {
     $ErrorActionPreference = 'SilentlyContinue'
 
     try {
 
-        if ($env:SKIP_ALL_CLEANUP -eq $null) {
+        if ($null -eq $env:SKIP_ALL_CLEANUP) {
             Write-Host -ForegroundColor green "INFO: Nuke-Everything..."
             $containerCount = ($(docker ps -aq | Measure-Object -line).Lines) 
             if (-not $LastExitCode -eq 0) {
@@ -136,18 +147,14 @@ Function Nuke-Everything {
             if ($(docker ps -aq | Measure-Object -line).Lines -gt 0) {
                 docker rm -f $(docker ps -aq)
             }
-            $imageCount=($(docker images --format "{{.Repository}}:{{.ID}}" | `
-                            select-string -NotMatch "windowsservercore" | `
-                            select-string -NotMatch "nanoserver" | `
-                            select-string -NotMatch "docker" | `
-                            Measure-Object -line).Lines)
+
+            $allImages  = $(docker images --format "{{.Repository}}#{{.ID}}")
+            $toRemove   = ($allImages | Select-String -NotMatch "servercore","nanoserver","docker","busybox")
+            $imageCount = ($toRemove | Measure-Object -line).Lines
+
             if ($imageCount -gt 0) {
                 Write-Host -Foregroundcolor green "INFO: Non-base image count on control daemon to delete is $imageCount"
-                docker rmi -f `
-                    $(docker images --format "{{.Repository}}:{{.ID}}" | `
-                            select-string -NotMatch "windowsservercore" | `
-                            select-string -NotMatch "nanoserver" | `
-                            select-string -NotMatch "docker").ToString().Split(":")[1]
+                docker rmi -f ($toRemove | Foreach-Object { $_.ToString().Split("#")[1] })
             }
         } else {
             Write-Host -ForegroundColor Magenta "WARN: Skipping cleanup of images and containers"
@@ -160,11 +167,11 @@ Function Nuke-Everything {
             Stop-Process -Id $p -Force -ErrorAction SilentlyContinue
         }
 
-        if ($pidFile -ne $Null) {
+        if ($null -ne $pidFile) {
             Write-Host "INFO: Tidying pidfile $pidfile"
              if (Test-Path $pidFile) {
                 $p=Get-Content $pidFile -raw
-                if ($p -ne $null){
+                if ($null -ne $p){
                     Write-Host -ForegroundColor green "INFO: Stopping possible daemon pid $p"
                     taskkill -f -t -pid $p
                 }
@@ -172,6 +179,13 @@ Function Nuke-Everything {
             }
         }
 
+        # Kill any spurious containerd.
+        $pids=$(get-process | where-object {$_.ProcessName -like 'containerd'}).id
+        foreach ($p in $pids) {
+            Write-Host "INFO: Killing containerd with PID $p"
+            Stop-Process -Id $p -Force -ErrorAction SilentlyContinue
+        }
+
         Stop-Process -name "cc1" -Force -ErrorAction SilentlyContinue 2>&1 | Out-Null
         Stop-Process -name "link" -Force -ErrorAction SilentlyContinue 2>&1 | Out-Null
         Stop-Process -name "compile" -Force -ErrorAction SilentlyContinue 2>&1 | Out-Null
@@ -183,14 +197,14 @@ Function Nuke-Everything {
         Stop-Process -name "tail" -Force -ErrorAction SilentlyContinue 2>&1 | Out-Null
 
         # Detach any VHDs
-        gwmi msvm_mountedstorageimage -namespace root/virtualization/v2 -ErrorAction SilentlyContinue | foreach-object {$_.DetachVirtualHardDisk() }
+        gwmi msvm_mountedstorageimage -namespace root/virtualization/v2 -ErrorAction SilentlyContinue | foreach-Object {$_.DetachVirtualHardDisk() }
 
         # Stop any compute processes
         Get-ComputeProcess | Stop-ComputeProcess -Force
 
         # Delete the directory using our dangerous utility unless told not to
         if (Test-Path "$env:TESTRUN_DRIVE`:\$env:TESTRUN_SUBDIR") {
-            if (($env:SKIP_ZAP_DUT -ne $null) -or ($env:SKIP_ALL_CLEANUP -eq $null)) {
+            if (($null -ne $env:SKIP_ZAP_DUT) -or ($null -eq $env:SKIP_ALL_CLEANUP)) {
                 Write-Host -ForegroundColor Green "INFO: Nuking $env:TESTRUN_DRIVE`:\$env:TESTRUN_SUBDIR"
                 docker-ci-zap "-folder=$env:TESTRUN_DRIVE`:\$env:TESTRUN_SUBDIR"
             } else {
@@ -203,12 +217,8 @@ Function Nuke-Everything {
         $count=(Get-ChildItem $reg | Measure-Object).Count
         if ($count -gt 0) {
             Write-Warning "There are $count NdisAdapters leaked under Psched\Parameters"
-            if ($env:COMPUTERNAME -match "jenkins-rs1-") {
-                Write-Warning "Cleaning Psched..."
-                Get-ChildItem $reg | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue | Out-Null
-            } else {
-                Write-Warning "Not cleaning as not a production RS1 server"
-            }
+            Write-Warning "Cleaning Psched..."
+            Get-ChildItem $reg | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue | Out-Null
         }
 
         # TODO: This should be able to be removed in August 2017 update. Only needed for RS1
@@ -216,12 +226,8 @@ Function Nuke-Everything {
         $count=(Get-ChildItem $reg | Measure-Object).Count
         if ($count -gt 0) {
             Write-Warning "There are $count NdisAdapters leaked under WFPLWFS\Parameters"
-            if ($env:COMPUTERNAME -match "jenkins-rs1-") {
-                Write-Warning "Cleaning WFPLWFS..."
-                Get-ChildItem $reg | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue | Out-Null
-            } else {
-                Write-Warning "Not cleaning as not a production RS1 server"
-            }
+            Write-Warning "Cleaning WFPLWFS..."
+            Get-ChildItem $reg | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue | Out-Null
         }
     } catch {
         # Don't throw any errors onwards Throw $_
@@ -256,25 +262,37 @@ Try {
     Get-ChildItem Env: | Out-String
 
     # PR
-    if (-not ($env:PR -eq $Null)) { echo "INFO: PR#$env:PR (https://github.com/docker/docker/pull/$env:PR)" }
+    if (-not ($null -eq $env:PR)) { Write-Output "INFO: PR#$env:PR (https://github.com/docker/docker/pull/$env:PR)" }
 
     # Make sure docker is installed
-    if ((Get-Command "docker" -ErrorAction SilentlyContinue) -eq $null) { Throw "ERROR: docker is not installed or not found on path" }
+    if ($null -eq (Get-Command "docker" -ErrorAction SilentlyContinue)) { Throw "ERROR: docker is not installed or not found on path" }
 
     # Make sure docker-ci-zap is installed
-    if ((Get-Command "docker-ci-zap" -ErrorAction SilentlyContinue) -eq $null) { Throw "ERROR: docker-ci-zap is not installed or not found on path" }
+    if ($null -eq (Get-Command "docker-ci-zap" -ErrorAction SilentlyContinue)) { Throw "ERROR: docker-ci-zap is not installed or not found on path" }
+
+    # Make sure Windows Defender is disabled
+    $defender = $false
+    Try {
+      $status = Get-MpComputerStatus
+      if ($status) {
+        if ($status.RealTimeProtectionEnabled) {
+          $defender = $true
+        }
+      }
+    } Catch {}
+    if ($defender) { Write-Host -ForegroundColor Magenta "WARN: Windows Defender real time protection is enabled, which may cause some integration tests to fail" }
 
     # Make sure SOURCES_DRIVE is set
-    if ($env:SOURCES_DRIVE -eq $Null) { Throw "ERROR: Environment variable SOURCES_DRIVE is not set" }
+    if ($null -eq $env:SOURCES_DRIVE) { Throw "ERROR: Environment variable SOURCES_DRIVE is not set" }
 
     # Make sure TESTRUN_DRIVE is set
-    if ($env:TESTRUN_DRIVE -eq $Null) { Throw "ERROR: Environment variable TESTRUN_DRIVE is not set" }
+    if ($null -eq $env:TESTRUN_DRIVE) { Throw "ERROR: Environment variable TESTRUN_DRIVE is not set" }
 
     # Make sure SOURCES_SUBDIR is set
-    if ($env:SOURCES_SUBDIR -eq $Null) { Throw "ERROR: Environment variable SOURCES_SUBDIR is not set" }
+    if ($null -eq $env:SOURCES_SUBDIR) { Throw "ERROR: Environment variable SOURCES_SUBDIR is not set" }
 
     # Make sure TESTRUN_SUBDIR is set
-    if ($env:TESTRUN_SUBDIR -eq $Null) { Throw "ERROR: Environment variable TESTRUN_SUBDIR is not set" }
+    if ($null -eq $env:TESTRUN_SUBDIR) { Throw "ERROR: Environment variable TESTRUN_SUBDIR is not set" }
 
     # SOURCES_DRIVE\SOURCES_SUBDIR must be a directory and exist
     if (-not (Test-Path -PathType Container "$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR")) { Throw "ERROR: $env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR must be an existing directory" }
@@ -291,12 +309,12 @@ Try {
     }
 
     # Make sure we start at the root of the sources
-    cd "$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR\src\github.com\docker\docker"
-    Write-Host  -ForegroundColor Green "INFO: Running in $(pwd)"
+    Set-Location "$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR\src\github.com\docker\docker"
+    Write-Host  -ForegroundColor Green "INFO: Running in $(Get-Location)"
 
     # Make sure we are in repo
     if (-not (Test-Path -PathType Leaf -Path ".\Dockerfile.windows")) {
-        Throw "$(pwd) does not contain Dockerfile.windows!"
+        Throw "$(Get-Location) does not contain Dockerfile.windows!"
     }
     Write-Host  -ForegroundColor Green "INFO: docker/docker repository was found"
 
@@ -318,28 +336,26 @@ Try {
         # Try the internal azure CI image version or Microsoft internal corpnet where the base image is already pre-prepared on the disk,
         # either through Invoke-DockerCI or, in the case of Azure CI servers, baked into the VHD at the same location.
         if (Test-Path $("$env:SOURCES_DRIVE`:\baseimages\"+$ControlDaemonBaseImage+".tar")) {
-		
-			# An optimization for CI servers to copy it to the D: drive which is an SSD.
-			if ($env:SOURCES_DRIVE -ne $env:TESTRUN_DRIVE) {
-				$readBaseFrom=$env:TESTRUN_DRIVE
-				if (!(Test-Path "$env:TESTRUN_DRIVE`:\baseimages")) {
-					New-Item "$env:TESTRUN_DRIVE`:\baseimages" -type directory | Out-Null
-				}
-				if (!(Test-Path "$env:TESTRUN_DRIVE`:\baseimages\windowsservercore.tar")) {
-					if (Test-Path "$env:SOURCES_DRIVE`:\baseimages\windowsservercore.tar") {
-						Write-Host -ForegroundColor Green "INFO: Optimisation - copying $env:SOURCES_DRIVE`:\baseimages\windowsservercore.tar to $env:TESTRUN_DRIVE`:\baseimages"
-						Copy-Item "$env:SOURCES_DRIVE`:\baseimages\windowsservercore.tar" "$env:TESTRUN_DRIVE`:\baseimages"
-					}
-				}
-				if (!(Test-Path "$env:TESTRUN_DRIVE`:\baseimages\nanoserver.tar")) {
-					if (Test-Path "$env:SOURCES_DRIVE`:\baseimages\nanoserver.tar") {
-						Write-Host -ForegroundColor Green "INFO: Optimisation - copying $env:SOURCES_DRIVE`:\baseimages\nanoserver.tar to $env:TESTRUN_DRIVE`:\baseimages"
-						Copy-Item "$env:SOURCES_DRIVE`:\baseimages\nanoserver.tar" "$env:TESTRUN_DRIVE`:\baseimages"
-					}
-				}
-				$readBaseFrom=$env:TESTRUN_DRIVE
-			}
-		
+            # An optimization for CI servers to copy it to the D: drive which is an SSD.
+            if ($env:SOURCES_DRIVE -ne $env:TESTRUN_DRIVE) {
+                $readBaseFrom=$env:TESTRUN_DRIVE
+                if (!(Test-Path "$env:TESTRUN_DRIVE`:\baseimages")) {
+                    New-Item "$env:TESTRUN_DRIVE`:\baseimages" -type directory | Out-Null
+                }
+                if (!(Test-Path "$env:TESTRUN_DRIVE`:\baseimages\windowsservercore.tar")) {
+                    if (Test-Path "$env:SOURCES_DRIVE`:\baseimages\windowsservercore.tar") {
+                        Write-Host -ForegroundColor Green "INFO: Optimisation - copying $env:SOURCES_DRIVE`:\baseimages\windowsservercore.tar to $env:TESTRUN_DRIVE`:\baseimages"
+                        Copy-Item "$env:SOURCES_DRIVE`:\baseimages\windowsservercore.tar" "$env:TESTRUN_DRIVE`:\baseimages"
+                    }
+                }
+                if (!(Test-Path "$env:TESTRUN_DRIVE`:\baseimages\nanoserver.tar")) {
+                    if (Test-Path "$env:SOURCES_DRIVE`:\baseimages\nanoserver.tar") {
+                        Write-Host -ForegroundColor Green "INFO: Optimisation - copying $env:SOURCES_DRIVE`:\baseimages\nanoserver.tar to $env:TESTRUN_DRIVE`:\baseimages"
+                        Copy-Item "$env:SOURCES_DRIVE`:\baseimages\nanoserver.tar" "$env:TESTRUN_DRIVE`:\baseimages"
+                    }
+                }
+                $readBaseFrom=$env:TESTRUN_DRIVE
+            }
             Write-Host  -ForegroundColor Green "INFO: Loading"$ControlDaemonBaseImage".tar from disk. This may take some time..."
             $ErrorActionPreference = "SilentlyContinue"
             docker load -i $("$readBaseFrom`:\baseimages\"+$ControlDaemonBaseImage+".tar")
@@ -350,14 +366,16 @@ Try {
             Write-Host -ForegroundColor Green "INFO: docker load of"$ControlDaemonBaseImage" completed successfully"
         } else {
             # We need to docker pull it instead. It will come in directly as microsoft/imagename:latest
-            Write-Host -ForegroundColor Green $("INFO: Pulling microsoft/"+$ControlDaemonBaseImage+":latest from docker hub. This may take some time...")
+            Write-Host -ForegroundColor Green $("INFO: Pulling $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG from docker hub. This may take some time...")
             $ErrorActionPreference = "SilentlyContinue"
-            docker pull $("microsoft/"+$ControlDaemonBaseImage)
+            docker pull "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG"
             $ErrorActionPreference = "Stop"
             if (-not $LastExitCode -eq 0) {
-                Throw $("ERROR: Failed to docker pull microsoft/"+$ControlDaemonBaseImage+":latest.")
+                Throw $("ERROR: Failed to docker pull $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG.")
             }
-            Write-Host -ForegroundColor Green $("INFO: docker pull of microsoft/"+$ControlDaemonBaseImage+":latest completed successfully")
+            Write-Host -ForegroundColor Green $("INFO: docker pull of $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG completed successfully")
+            Write-Host -ForegroundColor Green $("INFO: Tagging $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG as microsoft/$ControlDaemonBaseImage")
+            docker tag "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" microsoft/$ControlDaemonBaseImage
         }
     } else {
         Write-Host -ForegroundColor Green "INFO: Image"$("microsoft/"+$ControlDaemonBaseImage+":latest")"is already loaded in the control daemon"
@@ -380,7 +398,7 @@ Try {
         Write-Host  -ForegroundColor Green "---------------------------------------------------------------------------"
         Write-Host  -ForegroundColor Green " Failed to get a response from the control daemon. It may be down."
         Write-Host  -ForegroundColor Green " Try re-running this CI job, or ask on #docker-maintainers on docker slack"
-        Write-Host  -ForegroundColor Green " to see if the the daemon is running. Also check the service configuration."
+        Write-Host  -ForegroundColor Green " to see if the daemon is running. Also check the service configuration."
         Write-Host  -ForegroundColor Green " DOCKER_HOST is set to $DOCKER_HOST."
         Write-Host  -ForegroundColor Green "---------------------------------------------------------------------------"
         Write-Host 
@@ -414,15 +432,22 @@ Try {
 
     # Redirect to a temporary location. 
     $TEMPORIG=$env:TEMP
-    $env:TEMP="$env:TESTRUN_DRIVE`:\$env:TESTRUN_SUBDIR\CI-$COMMITHASH"
-    $env:LOCALAPPDATA="$TEMP\localappdata"
+    if ($null -eq $env:BUILD_NUMBER) {
+      $env:TEMP="$env:TESTRUN_DRIVE`:\$env:TESTRUN_SUBDIR\CI-$COMMITHASH"
+    } else {
+      # individual temporary location per CI build that better matches the BUILD_URL
+      $env:TEMP="$env:TESTRUN_DRIVE`:\$env:TESTRUN_SUBDIR\$env:BRANCH_NAME\$env:BUILD_NUMBER"
+    }
+    $env:LOCALAPPDATA="$env:TEMP\localappdata"
     $errorActionPreference='Stop'
     New-Item -ItemType Directory "$env:TEMP" -ErrorAction SilentlyContinue | Out-Null
     New-Item -ItemType Directory "$env:TEMP\userprofile" -ErrorAction SilentlyContinue  | Out-Null
+    New-Item -ItemType Directory "$env:TEMP\testresults" -ErrorAction SilentlyContinue  | Out-Null
+    New-Item -ItemType Directory "$env:TEMP\testresults\unittests" -ErrorAction SilentlyContinue  | Out-Null
     New-Item -ItemType Directory "$env:TEMP\localappdata" -ErrorAction SilentlyContinue | Out-Null
     New-Item -ItemType Directory "$env:TEMP\binary" -ErrorAction SilentlyContinue | Out-Null
     New-Item -ItemType Directory "$env:TEMP\installer" -ErrorAction SilentlyContinue | Out-Null
-    if ($env:SKIP_COPY_GO -eq $null) {
+    if ($null -eq $env:SKIP_COPY_GO) {
         # Wipe the previous version of GO - we're going to get it out of the image
         if (Test-Path "$env:TEMP\go") { Remove-Item "$env:TEMP\go" -Recurse -Force -ErrorAction SilentlyContinue | Out-Null }
         New-Item -ItemType Directory "$env:TEMP\go" -ErrorAction SilentlyContinue | Out-Null
@@ -431,21 +456,10 @@ Try {
     Write-Host -ForegroundColor Green "INFO: Location for testing is $env:TEMP"
 
     # CI Integrity check - ensure Dockerfile.windows and Dockerfile go versions match
-    $goVersionDockerfileWindows=$(Get-Content ".\Dockerfile.windows" | Select-String "^ENV GO_VERSION").ToString().Replace("ENV GO_VERSION=","").Replace("\","").Replace("``","").Trim()
-    $goVersionDockerfile=$(Get-Content ".\Dockerfile" | Select-String "^ENV GO_VERSION")
-    
-    # As of go 1.11, Dockerfile changed to be in the format like "FROM golang:1.11.0 AS base".
-    # If a version number ends with .0 (as in 1.11.0, a convention used in golang docker
-    # image versions), it needs to be removed (i.e. "1.11.0" becomes "1.11").
-    if ($goVersionDockerfile -eq $Null) {
-        $goVersionDockerfile=$(Get-Content ".\Dockerfile" | Select-String "^FROM golang:")
-        if ($goVersionDockerfile -ne $Null) {
-            $goVersionDockerfile = $goVersionDockerfile.ToString().Split(" ")[1].Split(":")[1] -replace '\.0$',''
-        }
-    } else {
-        $goVersionDockerfile = $goVersionDockerfile.ToString().Split(" ")[2]
-    }
-    if ($goVersionDockerfile -eq $Null) {
+    $goVersionDockerfileWindows=(Select-String -Path ".\Dockerfile.windows" -Pattern "^ARG[\s]+GO_VERSION=(.*)$").Matches.groups[1].Value
+    $goVersionDockerfile=(Select-String -Path ".\Dockerfile" -Pattern "^ARG[\s]+GO_VERSION=(.*)$").Matches.groups[1].Value
+
+    if ($null -eq $goVersionDockerfile) {
         Throw "ERROR: Failed to extract golang version from Dockerfile"
     }
     Write-Host  -ForegroundColor Green "INFO: Validating GOLang consistency in Dockerfile.windows..."
@@ -454,11 +468,11 @@ Try {
     }
 
     # Build the image
-    if ($env:SKIP_IMAGE_BUILD -eq $null) {
+    if ($null -eq $env:SKIP_IMAGE_BUILD) {
         Write-Host  -ForegroundColor Cyan "`n`nINFO: Building the image from Dockerfile.windows at $(Get-Date)..."
         Write-Host
         $ErrorActionPreference = "SilentlyContinue"
-        $Duration=$(Measure-Command { docker build -t docker -f Dockerfile.windows . | Out-Host })
+        $Duration=$(Measure-Command { docker build --build-arg=GO_VERSION -t docker -f Dockerfile.windows . | Out-Host })
         $ErrorActionPreference = "Stop"
         if (-not($LastExitCode -eq 0)) {
            Throw "ERROR: Failed to build image from Dockerfile.windows"
@@ -469,7 +483,7 @@ Try {
     }
 
     # Following at the moment must be docker\docker as it's dictated by dockerfile.Windows
-    $contPath="$COMMITHASH`:c`:\go\src\github.com\docker\docker\bundles"
+    $contPath="$COMMITHASH`:c`:\gopath\src\github.com\docker\docker\bundles"
 
     # After https://github.com/docker/docker/pull/30290, .git was added to .dockerignore. Therefore
     # we have to calculate unsupported outside of the container, and pass the commit ID in through
@@ -480,7 +494,7 @@ Try {
     }
 
     # Build the binary in a container unless asked to skip it.
-    if ($env:SKIP_BINARY_BUILD -eq $null) {
+    if ($null -eq $env:SKIP_BINARY_BUILD) {
         Write-Host  -ForegroundColor Cyan "`n`nINFO: Building the test binaries at $(Get-Date)..."
         $ErrorActionPreference = "SilentlyContinue"
         docker rm -f $COMMITHASH 2>&1 | Out-Null
@@ -508,6 +522,21 @@ Try {
         if (-not($LastExitCode -eq 0)) {
             Throw "ERROR: Failed to docker cp the daemon binary (dockerd.exe) to $env:TEMP\binary"
         }
+
+        docker cp "$COMMITHASH`:c`:\gopath\bin\gotestsum.exe" $env:TEMP\binary\
+        if (-not (Test-Path "$env:TEMP\binary\gotestsum.exe")) {
+            Throw "ERROR: gotestsum.exe not found...." `
+        }
+
+        docker cp "$COMMITHASH`:c`:\containerd\bin\containerd.exe" $env:TEMP\binary\
+        if (-not (Test-Path "$env:TEMP\binary\containerd.exe")) {
+            Throw "ERROR: containerd.exe not found...." `
+        }
+        docker cp "$COMMITHASH`:c`:\containerd\bin\containerd-shim-runhcs-v1.exe" $env:TEMP\binary\
+        if (-not (Test-Path "$env:TEMP\binary\containerd-shim-runhcs-v1.exe")) {
+            Throw "ERROR: containerd-shim-runhcs-v1.exe not found...." `
+        }
+
         $ErrorActionPreference = "Stop"
 
         # Copy the built dockerd.exe to dockerd-$COMMITHASH.exe so that easily spotted in task manager.
@@ -532,7 +561,7 @@ Try {
 
     # Grab the golang installer out of the built image. That way, we know we are consistent once extracted and paths set,
     # so there's no need to re-deploy on account of an upgrade to the version of GO being used in docker.
-    if ($env:SKIP_COPY_GO -eq $null) {
+    if ($null -eq $env:SKIP_COPY_GO) {
         Write-Host -ForegroundColor Green "INFO: Copying the golang package from the container to $env:TEMP\installer\go.zip..."
         docker cp "$COMMITHASH`:c`:\go.zip" $env:TEMP\installer\
         if (-not($LastExitCode -eq 0)) {
@@ -553,14 +582,16 @@ Try {
     $env:GOPATH="$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR"
     Write-Host -ForegroundColor Green "INFO: GOPATH=$env:GOPATH"
 
-    # Set the path to have the version of go from the image at the front
-    $env:PATH="$env:TEMP\go\bin;$env:PATH"
+    # Set the path to have:
+    # - the version of go from the image at the front
+    # - the test binaries, not the host ones.
+    $env:PATH="$env:TEMP\go\bin;$env:TEMP\binary;$env:PATH"
 
     # Set the GOROOT to be our copy of go from the image
     $env:GOROOT="$env:TEMP\go"
     Write-Host -ForegroundColor Green "INFO: $(go version)"
     
-    # Work out the the -H parameter for the daemon under test (DASHH_DUT) and client under test (DASHH_CUT)
+    # Work out the -H parameter for the daemon under test (DASHH_DUT) and client under test (DASHH_CUT)
     #$DASHH_DUT="npipe:////./pipe/$COMMITHASH" # Can't do remote named pipe
     #$ip = (resolve-dnsname $env:COMPUTERNAME -type A -NoHostsFile -LlmnrNetbiosOnly).IPAddress # Useful to tie down
     $DASHH_CUT="tcp://127.0.0.1`:2357"    # Not a typo for 2375!
@@ -581,12 +612,27 @@ Try {
         $dutArgs += "-D"
     }
 
+    # Arguments: Are we starting the daemon under test in containerd mode?
+    if (-not ("$env:DOCKER_WINDOWS_CONTAINERD_RUNTIME" -eq "")) {
+        Write-Host -ForegroundColor Green "INFO: Running the daemon under test in containerd mode"
+        $dutArgs += "--containerd \\.\pipe\containerd-containerd"
+    }
+
     # Arguments: Are we starting the daemon under test with Hyper-V containers as the default isolation?
     if (-not ("$env:DOCKER_DUT_HYPERV" -eq "")) {
         Write-Host -ForegroundColor Green "INFO: Running the daemon under test with Hyper-V containers as the default"
         $dutArgs += "--exec-opt isolation=hyperv"
     }
 
+    # Arguments: Allow setting optional storage-driver options
+    # example usage: DDOCKER_STORAGE_OPTS="size=40G"
+    if (-not ("$env:DOCKER_STORAGE_OPTS" -eq "")) {
+        Write-Host -ForegroundColor Green "INFO: Running the daemon under test with storage-driver options ${env:DOCKER_STORAGE_OPTS}"
+        $env:DOCKER_STORAGE_OPTS.Split(",") | ForEach-Object {
+            $dutArgs += "--storage-opt $_"
+        }
+    }
+
     # Start the daemon under test, ensuring everything is redirected to folders under $TEMP.
     # Important - we launch the -$COMMITHASH version so that we can kill it without
     # killing the control daemon. 
@@ -594,9 +640,13 @@ Try {
     Write-Host -ForegroundColor Green "INFO: Args: $dutArgs"
     New-Item -ItemType Directory $env:TEMP\daemon -ErrorAction SilentlyContinue  | Out-Null
 
-    # In LCOW mode, for now we need to set an environment variable before starting the daemon under test
-    if (($env:LCOW_MODE -ne $Null) -or ($env:LCOW_BASIC_MODE -ne $Null)) {
-        $env:LCOW_SUPPORTED=1
+    # Start containerd first
+    if (-not ("$env:DOCKER_WINDOWS_CONTAINERD_RUNTIME" -eq "")) {
+        Start-Process "$env:TEMP\binary\containerd.exe" `
+                    -ArgumentList "--log-level debug" `
+                    -RedirectStandardOutput "$env:TEMP\containerd.out" `
+                    -RedirectStandardError "$env:TEMP\containerd.err"
+        Write-Host -ForegroundColor Green "INFO: Containerd started successfully."
     }
 
     # Cannot fathom why, but always writes to stderr....
@@ -607,15 +657,10 @@ Try {
     Write-Host -ForegroundColor Green "INFO: Process started successfully."
     $daemonStarted=1
 
-    # In LCOW mode, turn off that variable
-    if (($env:LCOW_MODE -ne $Null) -or ($env:LCOW_BASIC_MODE -ne $Null)) {
-        $env:LCOW_SUPPORTED=""
-    }
-
-
     # Start tailing the daemon under test if the command is installed
-    if ((Get-Command "tail" -ErrorAction SilentlyContinue) -ne $null) { 
-        $tail = start-process "tail" -ArgumentList "-f $env:TEMP\dut.out" -ErrorAction SilentlyContinue
+    if ($null -ne (Get-Command "tail" -ErrorAction SilentlyContinue)) {
+        Write-Host -ForegroundColor green "INFO: Start tailing logs of the daemon under tests"
+        $tail = Start-Process "tail" -ArgumentList "-f $env:TEMP\dut.out" -PassThru -ErrorAction SilentlyContinue
     }
 
     # Verify we can get the daemon under test to respond 
@@ -631,7 +676,6 @@ Try {
 
         $tries--
         if ($tries -le 0) {
-            $DumpDaemonLog=1
             Throw "ERROR: Failed to get a response from the daemon under test"
         }
         Write-Host -NoNewline "."
@@ -647,7 +691,6 @@ Try {
     $ErrorActionPreference = "Stop"
     if ($LastExitCode -ne 0) {
         Throw "ERROR: The daemon under test does not appear to be running."
-        $DumpDaemonLog=1
     }
     Write-Host
 
@@ -659,7 +702,6 @@ Try {
     $ErrorActionPreference = "Stop"
     if ($LastExitCode -ne 0) {
         Throw "ERROR: The daemon under test does not appear to be running."
-        $DumpDaemonLog=1
     }
     Write-Host
 
@@ -671,65 +713,65 @@ Try {
     $ErrorActionPreference = "Stop"
     if ($LastExitCode -ne 0) {
         Throw "ERROR: The daemon under test does not appear to be running."
-        $DumpDaemonLog=1
     }
     Write-Host
 
-    # Don't need Windows images when in LCOW mode.
-    if (($env:LCOW_MODE -eq $Null) -and ($env:LCOW_BASIC_MODE -eq $Null)) {
-
-        # Default to windowsservercore for the base image used for the tests. The "docker" image
-        # and the control daemon use microsoft/windowsservercore regardless. This is *JUST* for the tests.
-        if ($env:WINDOWS_BASE_IMAGE -eq $Null) {
-            $env:WINDOWS_BASE_IMAGE="microsoft/windowsservercore"
-        }
+    # Default to windowsservercore for the base image used for the tests. The "docker" image
+    # and the control daemon use microsoft/windowsservercore regardless. This is *JUST* for the tests.
+    if ($null -eq $env:WINDOWS_BASE_IMAGE) {
+        $env:WINDOWS_BASE_IMAGE="microsoft/windowsservercore"
+    }
+    if ($null -eq $env:WINDOWS_BASE_IMAGE_TAG) {
+        $env:WINDOWS_BASE_IMAGE_TAG="latest"
+    }
 
-        # Lowercase and make sure it has a microsoft/ prefix
-        $env:WINDOWS_BASE_IMAGE = $env:WINDOWS_BASE_IMAGE.ToLower()
-        if ($($env:WINDOWS_BASE_IMAGE -Split "/")[0] -ne "microsoft") {
-            Throw "ERROR: WINDOWS_BASE_IMAGE should start microsoft/"
-        }
+    # Lowercase and make sure it has a microsoft/ prefix
+    $env:WINDOWS_BASE_IMAGE = $env:WINDOWS_BASE_IMAGE.ToLower()
+    if (! $($env:WINDOWS_BASE_IMAGE -Split "/")[0] -match "microsoft") {
+        Throw "ERROR: WINDOWS_BASE_IMAGE should start microsoft/ or mcr.microsoft.com/"
+    }
 
-        Write-Host -ForegroundColor Green "INFO: Base image for tests is $env:WINDOWS_BASE_IMAGE"
+    Write-Host -ForegroundColor Green "INFO: Base image for tests is $env:WINDOWS_BASE_IMAGE"
 
-        $ErrorActionPreference = "SilentlyContinue"
-        if ($((& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" images --format "{{.Repository}}:{{.Tag}}" | Select-String $($env:WINDOWS_BASE_IMAGE+":latest") | Measure-Object -Line).Lines) -eq 0) {
-            # Try the internal azure CI image version or Microsoft internal corpnet where the base image is already pre-prepared on the disk,
-            # either through Invoke-DockerCI or, in the case of Azure CI servers, baked into the VHD at the same location.
-            if (Test-Path $("c:\baseimages\"+$($env:WINDOWS_BASE_IMAGE -Split "/")[1]+".tar")) {
-                Write-Host  -ForegroundColor Green "INFO: Loading"$($env:WINDOWS_BASE_IMAGE -Split "/")[1]".tar from disk into the daemon under test. This may take some time..."
-                $ErrorActionPreference = "SilentlyContinue"
-                & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" load -i $("$readBaseFrom`:\baseimages\"+$($env:WINDOWS_BASE_IMAGE -Split "/")[1]+".tar")
-                $ErrorActionPreference = "Stop"
-                if (-not $LastExitCode -eq 0) {
-                    Throw $("ERROR: Failed to load $readBaseFrom`:\baseimages\"+$($env:WINDOWS_BASE_IMAGE -Split "/")[1]+".tar into daemon under test")
-                }
-                Write-Host -ForegroundColor Green "INFO: docker load of"$($env:WINDOWS_BASE_IMAGE -Split "/")[1]" into daemon under test completed successfully"
-            } else {
-                # We need to docker pull it instead. It will come in directly as microsoft/imagename:latest
-                Write-Host -ForegroundColor Green $("INFO: Pulling "+$env:WINDOWS_BASE_IMAGE+":latest from docker hub into daemon under test. This may take some time...")
-                $ErrorActionPreference = "SilentlyContinue"
-                & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" pull $($env:WINDOWS_BASE_IMAGE)
-                $ErrorActionPreference = "Stop"
-                if (-not $LastExitCode -eq 0) {
-                    Throw $("ERROR: Failed to docker pull "+$env:WINDOWS_BASE_IMAGE+":latest into daemon under test.")
-                }
-                Write-Host -ForegroundColor Green $("INFO: docker pull of "+$env:WINDOWS_BASE_IMAGE+":latest into daemon under test completed successfully")
+    $ErrorActionPreference = "SilentlyContinue"
+    if ($((& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" images --format "{{.Repository}}:{{.Tag}}" | Select-String "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" | Measure-Object -Line).Lines) -eq 0) {
+        # Try the internal azure CI image version or Microsoft internal corpnet where the base image is already pre-prepared on the disk,
+        # either through Invoke-DockerCI or, in the case of Azure CI servers, baked into the VHD at the same location.
+        if (Test-Path $("c:\baseimages\"+$($env:WINDOWS_BASE_IMAGE -Split "/")[1]+".tar")) {
+            Write-Host  -ForegroundColor Green "INFO: Loading"$($env:WINDOWS_BASE_IMAGE -Split "/")[1]".tar from disk into the daemon under test. This may take some time..."
+            $ErrorActionPreference = "SilentlyContinue"
+            & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" load -i $("$readBaseFrom`:\baseimages\"+$($env:WINDOWS_BASE_IMAGE -Split "/")[1]+".tar")
+            $ErrorActionPreference = "Stop"
+            if (-not $LastExitCode -eq 0) {
+                Throw $("ERROR: Failed to load $readBaseFrom`:\baseimages\"+$($env:WINDOWS_BASE_IMAGE -Split "/")[1]+".tar into daemon under test")
             }
+            Write-Host -ForegroundColor Green "INFO: docker load of"$($env:WINDOWS_BASE_IMAGE -Split "/")[1]" into daemon under test completed successfully"
         } else {
-            Write-Host -ForegroundColor Green "INFO: Image"$($env:WINDOWS_BASE_IMAGE+":latest")"is already loaded in the daemon under test"
+            # We need to docker pull it instead. It will come in directly as microsoft/imagename:tagname
+            Write-Host -ForegroundColor Green $("INFO: Pulling "+$env:WINDOWS_BASE_IMAGE+":"+$env:WINDOWS_BASE_IMAGE_TAG+" from docker hub into daemon under test. This may take some time...")
+            $ErrorActionPreference = "SilentlyContinue"
+            & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" pull "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG"
+            $ErrorActionPreference = "Stop"
+            if (-not $LastExitCode -eq 0) {
+                Throw $("ERROR: Failed to docker pull $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG into daemon under test.")
+            }
+            Write-Host -ForegroundColor Green $("INFO: docker pull of $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG into daemon under test completed successfully")
+            Write-Host -ForegroundColor Green $("INFO: Tagging $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG as microsoft/$ControlDaemonBaseImage in daemon under test")
+            & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" tag "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" microsoft/$ControlDaemonBaseImage
         }
-    
-    
-        # Inspect the pulled or loaded image to get the version directly
-        $ErrorActionPreference = "SilentlyContinue"
-        $dutimgVersion = $(&"$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" inspect  $($env:WINDOWS_BASE_IMAGE) --format "{{.OsVersion}}")
-        $ErrorActionPreference = "Stop"
-        Write-Host -ForegroundColor Green $("INFO: Version of "+$env:WINDOWS_BASE_IMAGE+":latest is '"+$dutimgVersion+"'")
+    } else {
+        Write-Host -ForegroundColor Green "INFO: Image $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG is already loaded in the daemon under test"
     }
 
+
+    # Inspect the pulled or loaded image to get the version directly
+    $ErrorActionPreference = "SilentlyContinue"
+    $dutimgVersion = $(&"$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" inspect "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" --format "{{.OsVersion}}")
+    $ErrorActionPreference = "Stop"
+    Write-Host -ForegroundColor Green $("INFO: Version of $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG is '"+$dutimgVersion+"'")
+
     # Run the validation tests unless SKIP_VALIDATION_TESTS is defined.
-    if ($env:SKIP_VALIDATION_TESTS -eq $null) {
+    if ($null -eq $env:SKIP_VALIDATION_TESTS) {
         Write-Host -ForegroundColor Cyan "INFO: Running validation tests at $(Get-Date)..."
         $ErrorActionPreference = "SilentlyContinue"
         $Duration=$(Measure-Command { hack\make.ps1 -DCO -GoFormat -PkgImports | Out-Host })
@@ -742,182 +784,121 @@ Try {
         Write-Host -ForegroundColor Magenta "WARN: Skipping validation tests"
     }
 
-    # Note the unit tests won't work in LCOW mode as I turned off loading the base images above.
     # Run the unit tests inside a container unless SKIP_UNIT_TESTS is defined
-    if (($env:LCOW_MODE -eq $Null) -and ($env:LCOW_BASIC_MODE -eq $Null)) {
-        if ($env:SKIP_UNIT_TESTS -eq $null) {
-            Write-Host -ForegroundColor Cyan "INFO: Running unit tests at $(Get-Date)..."
-            $ErrorActionPreference = "SilentlyContinue"
-            $Duration=$(Measure-Command {docker run -e DOCKER_GITCOMMIT=$COMMITHASH$CommitUnsupported docker hack\make.ps1 -TestUnit | Out-Host })
-            $ErrorActionPreference = "Stop"
-            if (-not($LastExitCode -eq 0)) {
-                Throw "ERROR: Unit tests failed"
-            }
-            Write-Host  -ForegroundColor Green "INFO: Unit tests ended at $(Get-Date). Duration`:$Duration"
+    if ($null -eq $env:SKIP_UNIT_TESTS) {
+        $ContainerNameForUnitTests = $COMMITHASH + "_UnitTests"
+        Write-Host -ForegroundColor Cyan "INFO: Running unit tests at $(Get-Date)..."
+        $ErrorActionPreference = "SilentlyContinue"
+        $Duration=$(Measure-Command {docker run --name $ContainerNameForUnitTests -e DOCKER_GITCOMMIT=$COMMITHASH$CommitUnsupported docker hack\make.ps1 -TestUnit | Out-Host })
+        $TestRunExitCode = $LastExitCode
+        $ErrorActionPreference = "Stop"
+
+        # Saving where jenkins will take a look at.....
+        New-Item -Force -ItemType Directory bundles | Out-Null
+        $unitTestsContPath="$ContainerNameForUnitTests`:c`:\gopath\src\github.com\docker\docker\bundles"
+        $JunitExpectedContFilePath = "$unitTestsContPath\junit-report-unit-tests.xml"
+        docker cp $JunitExpectedContFilePath "bundles"
+        if (-not($LastExitCode -eq 0)) {
+            Throw "ERROR: Failed to docker cp the unit tests report ($JunitExpectedContFilePath) to bundles"
+        }
+
+        if (Test-Path "bundles\junit-report-unit-tests.xml") {
+            Write-Host -ForegroundColor Magenta "INFO: Unit tests results(bundles\junit-report-unit-tests.xml) exist. pwd=$pwd"
         } else {
-            Write-Host -ForegroundColor Magenta "WARN: Skipping unit tests"
+            Write-Host -ForegroundColor Magenta "ERROR: Unit tests results(bundles\junit-report-unit-tests.xml) do not exist. pwd=$pwd"
+        }
+
+        if (-not($TestRunExitCode -eq 0)) {
+            Throw "ERROR: Unit tests failed"
         }
+        Write-Host  -ForegroundColor Green "INFO: Unit tests ended at $(Get-Date). Duration`:$Duration"
+    } else {
+        Write-Host -ForegroundColor Magenta "WARN: Skipping unit tests"
     }
 
     # Add the Windows busybox image. Needed for WCOW integration tests
-    if (($env:LCOW_MODE -eq $Null) -and ($env:LCOW_BASIC_MODE -eq $Null)) {
-        if ($env:SKIP_INTEGRATION_TESTS -eq $null) {
-            $ErrorActionPreference = "SilentlyContinue"
-            # Build it regardless while switching between nanoserver and windowsservercore
-            #$bbCount = $(& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" images | Select-String "busybox" | Measure-Object -line).Lines
-            #$ErrorActionPreference = "Stop"
-            #if (-not($LastExitCode -eq 0)) {
-            #    Throw "ERROR: Could not determine if busybox image is present"
-            #}
-            #if ($bbCount -eq 0) {
-                Write-Host -ForegroundColor Green "INFO: Building busybox"
-                $ErrorActionPreference = "SilentlyContinue"
-    
-                # This is a temporary hack for nanoserver
-                if ($env:WINDOWS_BASE_IMAGE -ne "microsoft/windowsservercore") {
-                    Write-Host -ForegroundColor Red "HACK HACK HACK - Building 64-bit nanoserver busybox image"
-                    $(& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" build -t busybox https://raw.githubusercontent.com/jhowardmsft/busybox64/master/Dockerfile | Out-Host)
-                } else {
-                    $(& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" build -t busybox https://raw.githubusercontent.com/jhowardmsft/busybox/master/Dockerfile | Out-Host)
-                }
-                $ErrorActionPreference = "Stop"
-                if (-not($LastExitCode -eq 0)) {
-                    Throw "ERROR: Failed to build busybox image"
-                }
-            #}
-
+    if ($null -eq $env:SKIP_INTEGRATION_TESTS) {
+        Write-Host -ForegroundColor Green "INFO: Building busybox"
+        $ErrorActionPreference = "SilentlyContinue"
+        $(& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" build  -t busybox --build-arg WINDOWS_BASE_IMAGE --build-arg WINDOWS_BASE_IMAGE_TAG "$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR\src\github.com\docker\docker\contrib\busybox\" | Out-Host)
+        $ErrorActionPreference = "Stop"
+        if (-not($LastExitCode -eq 0)) {
+            Throw "ERROR: Failed to build busybox image"
+        }
 
-            Write-Host -ForegroundColor Green "INFO: Docker images of the daemon under test"
-            Write-Host 
-            $ErrorActionPreference = "SilentlyContinue"
-            & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" images
-            $ErrorActionPreference = "Stop"
-            if ($LastExitCode -ne 0) {
-                Throw "ERROR: The daemon under test does not appear to be running."
-                $DumpDaemonLog=1
-            }
-            Write-Host
+        Write-Host -ForegroundColor Green "INFO: Docker images of the daemon under test"
+        Write-Host
+        $ErrorActionPreference = "SilentlyContinue"
+        & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" images
+        $ErrorActionPreference = "Stop"
+        if ($LastExitCode -ne 0) {
+            Throw "ERROR: The daemon under test does not appear to be running."
         }
+        Write-Host
     }
 
     # Run the WCOW integration tests unless SKIP_INTEGRATION_TESTS is defined
-    if (($env:LCOW_MODE -eq $Null) -and ($env:LCOW_BASIC_MODE -eq $Null)) {
-        if ($env:SKIP_INTEGRATION_TESTS -eq $null) {
-            Write-Host -ForegroundColor Cyan "INFO: Running integration tests at $(Get-Date)..."
-            $ErrorActionPreference = "SilentlyContinue"
-    
-            # Location of the daemon under test.
-            $env:OrigDOCKER_HOST="$env:DOCKER_HOST"
-    
-            #https://blogs.technet.microsoft.com/heyscriptingguy/2011/09/20/solve-problems-with-external-command-lines-in-powershell/ is useful to see tokenising
-            $c = "go test "
-            $c += "`"-check.v`" "
-            if ($env:INTEGRATION_TEST_NAME -ne $null) { # Makes is quicker for debugging to be able to run only a subset of the integration tests
-                $c += "`"-check.f`" "
-                $c += "`"$env:INTEGRATION_TEST_NAME`" "
-                Write-Host -ForegroundColor Magenta "WARN: Only running integration tests matching $env:INTEGRATION_TEST_NAME"
-            }
-            $c += "`"-tags`" " + "`"autogen`" "
-            $c += "`"-check.timeout`" " + "`"10m`" "
-            $c += "`"-test.timeout`" " + "`"200m`" "
-    
-            if ($env:INTEGRATION_IN_CONTAINER -ne $null) {
-                Write-Host -ForegroundColor Green "INFO: Integration tests being run inside a container"
-                # Note we talk back through the containers gateway address
-                # And the ridiculous lengths we have to go to to get the default gateway address... (GetNetIPConfiguration doesn't work in nanoserver)
-                # I just could not get the escaping to work in a single command, so output $c to a file and run that in the container instead...
-                # Not the prettiest, but it works.
-                $c | Out-File -Force "$env:TEMP\binary\runIntegrationCLI.ps1"
-                $Duration= $(Measure-Command { & docker run `
-                                                        --rm `
-                                                        -e c=$c `
-                                                        --workdir "c`:\go\src\github.com\docker\docker\integration-cli" `
-                                                        -v "$env:TEMP\binary`:c:\target" `
-                                                        docker `
-                                                        "`$env`:PATH`='c`:\target;'+`$env:PATH`;  `$env:DOCKER_HOST`='tcp`://'+(ipconfig | select -last 1).Substring(39)+'`:2357'; c:\target\runIntegrationCLI.ps1" | Out-Host } )
-            } else  {
-                Write-Host -ForegroundColor Green "INFO: Integration tests being run from the host:"
-                cd "$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR\src\github.com\docker\docker\integration-cli"
-                $env:DOCKER_HOST=$DASHH_CUT  
-                $env:PATH="$env:TEMP\binary;$env:PATH;"  # Force to use the test binaries, not the host ones.
-                Write-Host -ForegroundColor Green "INFO: $c"
-                Write-Host -ForegroundColor Green "INFO: DOCKER_HOST at $DASHH_CUT"
-                # Explicit to not use measure-command otherwise don't get output as it goes
-                $start=(Get-Date); Invoke-Expression $c; $Duration=New-Timespan -Start $start -End (Get-Date)
-            }
-            $ErrorActionPreference = "Stop"
-            if (-not($LastExitCode -eq 0)) {
-                Throw "ERROR: Integration tests failed at $(Get-Date). Duration`:$Duration"
-            }
-            Write-Host  -ForegroundColor Green "INFO: Integration tests ended at $(Get-Date). Duration`:$Duration"
-        } else {
-            Write-Host -ForegroundColor Magenta "WARN: Skipping integration tests"
-        }
-    } else {
-        # The LCOW version of the tests here
-        if ($env:SKIP_INTEGRATION_TESTS -eq $null) {
-            Write-Host -ForegroundColor Cyan "INFO: Running LCOW tests at $(Get-Date)..."
-
-            $ErrorActionPreference = "SilentlyContinue"
-    
-            # Location of the daemon under test.
-            $env:OrigDOCKER_HOST="$env:DOCKER_HOST"
+    if ($null -eq $env:SKIP_INTEGRATION_TESTS) {
+        Write-Host -ForegroundColor Cyan "INFO: Running integration tests at $(Get-Date)..."
+        $ErrorActionPreference = "SilentlyContinue"
 
-            # Make sure we are pointing at the DUT
-            $env:DOCKER_HOST=$DASHH_CUT  
+        # Location of the daemon under test.
+        $env:OrigDOCKER_HOST="$env:DOCKER_HOST"
+
+        #https://blogs.technet.microsoft.com/heyscriptingguy/2011/09/20/solve-problems-with-external-command-lines-in-powershell/ is useful to see tokenising
+        $jsonFilePath = "..\\bundles\\go-test-report-intcli-tests.json"
+        $xmlFilePath = "..\\bundles\\junit-report-intcli-tests.xml"
+        $c = "gotestsum --format=standard-verbose --jsonfile=$jsonFilePath --junitfile=$xmlFilePath -- "
+        if ($null -ne $env:INTEGRATION_TEST_NAME) { # Makes is quicker for debugging to be able to run only a subset of the integration tests
+            $c += "`"-test.run`" "
+            $c += "`"$env:INTEGRATION_TEST_NAME`" "
+            Write-Host -ForegroundColor Magenta "WARN: Only running integration tests matching $env:INTEGRATION_TEST_NAME"
+        }
+        $c += "`"-tags`" " + "`"autogen`" "
+        $c += "`"-test.timeout`" " + "`"200m`" "
+
+        if ($null -ne $env:INTEGRATION_IN_CONTAINER) {
+            Write-Host -ForegroundColor Green "INFO: Integration tests being run inside a container"
+            # Note we talk back through the containers gateway address
+            # And the ridiculous lengths we have to go to get the default gateway address... (GetNetIPConfiguration doesn't work in nanoserver)
+            # I just could not get the escaping to work in a single command, so output $c to a file and run that in the container instead...
+            # Not the prettiest, but it works.
+            $c | Out-File -Force "$env:TEMP\binary\runIntegrationCLI.ps1"
+            $Duration= $(Measure-Command { & docker run `
+                                                    --rm `
+                                                    -e c=$c `
+                                                    --workdir "c`:\gopath\src\github.com\docker\docker\integration-cli" `
+                                                    -v "$env:TEMP\binary`:c:\target" `
+                                                    docker `
+                                                    "`$env`:PATH`='c`:\target;'+`$env:PATH`;  `$env:DOCKER_HOST`='tcp`://'+(ipconfig | select -last 1).Substring(39)+'`:2357'; c:\target\runIntegrationCLI.ps1" | Out-Host } )
+        } else  {
+            $env:DOCKER_HOST=$DASHH_CUT
+                $env:GO111MODULE="off"
             Write-Host -ForegroundColor Green "INFO: DOCKER_HOST at $DASHH_CUT"
 
-            # Force to use the test binaries, not the host ones.
-            $env:PATH="$env:TEMP\binary;$env:PATH;"  
-
-            if ($env:LCOW_BASIC_MODE -ne $null) {
-                $wc = New-Object net.webclient
-                try {
-                    Write-Host -ForegroundColor green "INFO: Downloading latest execution script..."
-                    $wc.Downloadfile("https://raw.githubusercontent.com/jhowardmsft/docker-w2wCIScripts/master/runCI/lcowbasicvalidation.ps1", "$env:TEMP\binary\lcowbasicvalidation.ps1")
-                } 
-                catch [System.Net.WebException]
-                {
-                    Throw ("Failed to download: $_")
-                }
-
-                # Explicit to not use measure-command otherwise don't get output as it goes
-                $ErrorActionPreference = "Stop"
-                $start=(Get-Date); Invoke-Expression "powershell $env:TEMP\binary\lcowbasicvalidation.ps1"; $lec=$lastExitCode; $Duration=New-Timespan -Start $start -End (Get-Date)
-                $Duration=New-Timespan -Start $start -End (Get-Date)
-                Write-Host  -ForegroundColor Green "INFO: LCOW tests ended at $(Get-Date). Duration`:$Duration"
-                if ($lec -ne 0) {
-                    Throw "LCOW validation tests failed"
-                }
-            } else {
-                #https://blogs.technet.microsoft.com/heyscriptingguy/2011/09/20/solve-problems-with-external-command-lines-in-powershell/ is useful to see tokenising
-                $c = "go test "
-                $c += "`"-check.v`" "
-                if ($env:INTEGRATION_TEST_NAME -ne $null) { # Makes is quicker for debugging to be able to run only a subset of the integration tests
-                    $c += "`"-check.f`" "
-                    $c += "`"$env:INTEGRATION_TEST_NAME`" "
-                    Write-Host -ForegroundColor Magenta "WARN: Only running LCOW integration tests matching $env:INTEGRATION_TEST_NAME"
-                }
-                $c += "`"-tags`" " + "`"autogen`" "
-                $c += "`"-check.timeout`" " + "`"10m`" "
-                $c += "`"-test.timeout`" " + "`"200m`" "
-
-                Write-Host -ForegroundColor Green "INFO: LCOW Integration tests being run from the host:"
-                cd "$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR\src\github.com\docker\docker\integration-cli"
-                Write-Host -ForegroundColor Green "INFO: $c"
-                Write-Host -ForegroundColor Green "INFO: DOCKER_HOST at $DASHH_CUT"
-                # Explicit to not use measure-command otherwise don't get output as it goes
-                $start=(Get-Date); Invoke-Expression $c; $Duration=New-Timespan -Start $start -End (Get-Date)
-
-            }
+            $ErrorActionPreference = "SilentlyContinue"
+            Write-Host -ForegroundColor Cyan "INFO: Integration API tests being run from the host:"
+            $start=(Get-Date); Invoke-Expression ".\hack\make.ps1 -TestIntegration"; $Duration=New-Timespan -Start $start -End (Get-Date)
+            $IntTestsRunResult = $LastExitCode
             $ErrorActionPreference = "Stop"
-            if (-not($LastExitCode -eq 0)) {
-                Throw "ERROR: Integration tests failed at $(Get-Date). Duration`:$Duration"
+            if (-not($IntTestsRunResult -eq 0)) {
+                Throw "ERROR: Integration API tests failed at $(Get-Date). Duration`:$Duration"
             }
-            Write-Host  -ForegroundColor Green "INFO: Integration tests ended at $(Get-Date). Duration`:$Duration"
-        } else {
-            Write-Host -ForegroundColor Magenta "WARN: Skipping LCOW tests"
+
+            $ErrorActionPreference = "SilentlyContinue"
+            Write-Host -ForegroundColor Green "INFO: Integration CLI tests being run from the host:"
+            Write-Host -ForegroundColor Green "INFO: $c"
+            Set-Location "$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR\src\github.com\docker\docker\integration-cli"
+            # Explicit to not use measure-command otherwise don't get output as it goes
+            $start=(Get-Date); Invoke-Expression $c; $Duration=New-Timespan -Start $start -End (Get-Date)
         }
+        $ErrorActionPreference = "Stop"
+        if (-not($LastExitCode -eq 0)) {
+            Throw "ERROR: Integration CLI tests failed at $(Get-Date). Duration`:$Duration"
+        }
+        Write-Host  -ForegroundColor Green "INFO: Integration tests ended at $(Get-Date). Duration`:$Duration"
+    } else {
+        Write-Host -ForegroundColor Magenta "WARN: Skipping integration tests"
     }
 
     # Docker info now to get counts (after or if jjh/containercounts is merged)
@@ -929,7 +910,6 @@ Try {
         $ErrorActionPreference = "Stop"
         if ($LastExitCode -ne 0) {
             Throw "ERROR: The daemon under test does not appear to be running."
-            $DumpDaemonLog=1
         }
         Write-Host
     }
@@ -937,7 +917,7 @@ Try {
     # Stop the daemon under test
     if (Test-Path "$env:TEMP\docker.pid") {
         $p=Get-Content "$env:TEMP\docker.pid" -raw
-        if (($p -ne $null) -and ($daemonStarted -eq 1)) {
+        if (($null -ne $p) -and ($daemonStarted -eq 1)) {
             Write-Host -ForegroundColor green "INFO: Stopping daemon under test"
             taskkill -f -t -pid $p
             #sleep 5
@@ -945,6 +925,12 @@ Try {
         Remove-Item "$env:TEMP\docker.pid" -force -ErrorAction SilentlyContinue
     }
 
+    # Stop the tail process (if started)
+    if ($null -ne $tail) {
+        Write-Host -ForegroundColor green "INFO: Stop tailing logs of the daemon under tests"
+        Stop-Process -InputObject $tail -Force
+    }
+
     Write-Host -ForegroundColor Green "INFO: executeCI.ps1 Completed successfully at $(Get-Date)."
 }
 Catch [Exception] {
@@ -962,36 +948,50 @@ Catch [Exception] {
 }
 Finally {
     $ErrorActionPreference="SilentlyContinue"
-	$global:ProgressPreference=$origProgressPreference
+    $global:ProgressPreference=$origProgressPreference
     Write-Host  -ForegroundColor Green "INFO: Tidying up at end of run"
 
     # Restore the path
-    if ($origPath -ne $null) { $env:PATH=$origPath }
+    if ($null -ne $origPath) { $env:PATH=$origPath }
 
     # Restore the DOCKER_HOST
-    if ($origDOCKER_HOST -ne $null) { $env:DOCKER_HOST=$origDOCKER_HOST }
+    if ($null -ne $origDOCKER_HOST) { $env:DOCKER_HOST=$origDOCKER_HOST }
 
     # Restore the GOROOT and GOPATH variables
-    if ($origGOROOT -ne $null) { $env:GOROOT=$origGOROOT }
-    if ($origGOPATH -ne $null) { $env:GOPATH=$origGOPATH }
+    if ($null -ne $origGOROOT) { $env:GOROOT=$origGOROOT }
+    if ($null -ne $origGOPATH) { $env:GOPATH=$origGOPATH }
 
-    # Dump the daemon log if asked to 
-    if ($daemonStarted -eq 1) {
-        if ($dumpDaemonLog -eq 1) {
-            Write-Host -ForegroundColor Cyan "----------- DAEMON LOG ------------"
-            Get-Content "$env:TEMP\dut.err" -ErrorAction SilentlyContinue | Write-Host -ForegroundColor Cyan
-            Write-Host -ForegroundColor Cyan "----------- END DAEMON LOG --------"
-        }
+    # Dump the daemon log. This will include any possible panic stack in the .err.
+    if (($daemonStarted -eq 1) -and  ($(Get-Item "$env:TEMP\dut.err").Length -gt 0)) {
+        Write-Host -ForegroundColor Cyan "----------- DAEMON LOG ------------"
+        Get-Content "$env:TEMP\dut.err" -ErrorAction SilentlyContinue | Write-Host -ForegroundColor Cyan
+        Write-Host -ForegroundColor Cyan "----------- END DAEMON LOG --------"
     }
 
     # Save the daemon under test log
     if ($daemonStarted -eq 1) {
-        Write-Host -ForegroundColor Green "INFO: Saving daemon under test log ($env:TEMP\dut.err) to $TEMPORIG\CIDUT.log"
-        Copy-Item  "$env:TEMP\dut.err" "$TEMPORIG\CIDUT.log" -Force -ErrorAction SilentlyContinue
+        Set-Location "$env:SOURCES_DRIVE`:\$env:SOURCES_SUBDIR\src\github.com\docker\docker"
+        Write-Host -ForegroundColor Green "INFO: Saving daemon under test log ($env:TEMP\dut.out) to bundles\CIDUT.out"
+        Copy-Item  "$env:TEMP\dut.out" "bundles\CIDUT.out" -Force -ErrorAction SilentlyContinue
+        Write-Host -ForegroundColor Green "INFO: Saving daemon under test log ($env:TEMP\dut.err) to bundles\CIDUT.err"
+        Copy-Item  "$env:TEMP\dut.err" "bundles\CIDUT.err" -Force -ErrorAction SilentlyContinue
+
+        Write-Host -ForegroundColor Green "INFO: Saving containerd logs to bundles"
+        if (Test-Path -Path "$env:TEMP\containerd.out") {
+            Copy-Item "$env:TEMP\containerd.out" "bundles\containerd.out" -Force -ErrorAction SilentlyContinue
+            Copy-Item "$env:TEMP\containerd.err" "bundles\containerd.err" -Force -ErrorAction SilentlyContinue
+        } else {
+            "" | Out-File -FilePath "bundles\containerd.out"
+            "" | Out-File -FilePath "bundles\containerd.err"
+        }
     }
 
-    cd "$env:SOURCES_DRIVE\$env:SOURCES_SUBDIR" -ErrorAction SilentlyContinue
+    Set-Location "$env:SOURCES_DRIVE\$env:SOURCES_SUBDIR" -ErrorAction SilentlyContinue
     Nuke-Everything
+
+    # Restore the TEMP path
+    if ($null -ne $TEMPORIG) { $env:TEMP="$TEMPORIG" }
+
     $Dur=New-TimeSpan -Start $StartTime -End $(Get-Date)
     Write-Host -ForegroundColor $FinallyColour "`nINFO: executeCI.ps1 exiting at $(date). Duration $dur`n"
 }
diff --git a/hack/dind b/hack/dind
index 3254f9dbe7b44..087270a7a8367 100755
--- a/hack/dind
+++ b/hack/dind
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/sh
 set -e
 
 # DinD: a wrapper script which allows docker to be run inside a docker container.
@@ -25,6 +25,18 @@ if ! mountpoint -q /tmp; then
 	mount -t tmpfs none /tmp
 fi
 
+# cgroup v2: enable nesting
+if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+	# move the processes from the root group to the /init group,
+	# otherwise writing subtree_control fails with EBUSY.
+	# An error during moving non-existent process (i.e., "cat") is ignored.
+	mkdir -p /sys/fs/cgroup/init
+	xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
+	# enable controllers
+	sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
+		> /sys/fs/cgroup/cgroup.subtree_control
+fi
+
 if [ $# -gt 0 ]; then
 	exec "$@"
 fi
diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer
index 811348fce2e65..ca5cc7cce039c 100755
--- a/hack/dockerfile/install/containerd.installer
+++ b/hack/dockerfile/install/containerd.installer
@@ -1,36 +1,42 @@
 #!/bin/sh
-
-
-# containerd is also pinned in vendor.conf. When updating the binary
-# version you may also need to update the vendor version to pick up bug
-# fixes or new APIs.
-CONTAINERD_COMMIT=9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b # v1.1.4
-
-install_containerd() {
-	echo "Install containerd version $CONTAINERD_COMMIT"
+set -e
+
+# CONTAINERD_VERSION specifies the version of the containerd runtime binary
+# to install from the https://github.com/containerd/containerd repository.
+#
+# This version is used to build statically compiled containerd binaries, and
+# used for the integration tests. The distributed docker .deb and .rpm packages
+# depend on a separate (containerd.io) package, which may be a different version
+# as is specified here.
+#
+# Generally, the commit specified here should match a tagged release.
+#
+# The containerd golang package is also pinned in vendor.conf. When updating
+# the binary version you may also need to update the vendor version to pick up
+# bug fixes or new APIs, however, usually the Go packages are built from a
+# commit from the master branch.
+: "${CONTAINERD_VERSION:=v1.5.8}"
+
+install_containerd() (
+	echo "Install containerd version $CONTAINERD_VERSION"
 	git clone https://github.com/containerd/containerd.git "$GOPATH/src/github.com/containerd/containerd"
 	cd "$GOPATH/src/github.com/containerd/containerd"
-	git checkout -q "$CONTAINERD_COMMIT"
-
-	(
-
-		export BUILDTAGS='netgo osusergo static_build'
-		export EXTRA_FLAGS='-buildmode=pie'
-		export EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"'
-
-		# Reset build flags to nothing if we want a dynbinary
-		if [ "$1" == "dynamic" ]; then
-			export BUILDTAGS=''
-			export EXTRA_FLAGS=''
-			export EXTRA_LDFLAGS=''
-		fi
-
-		make
-	)
-
-	mkdir -p ${PREFIX}
-
-	cp bin/containerd ${PREFIX}/containerd
-	cp bin/containerd-shim ${PREFIX}/containerd-shim
-	cp bin/ctr ${PREFIX}/ctr
-}
+	git checkout -q "$CONTAINERD_VERSION"
+
+	export BUILDTAGS='netgo osusergo static_build'
+	export EXTRA_FLAGS=${GO_BUILDMODE}
+	export EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"'
+
+	# Reset build flags to nothing if we want a dynbinary
+	if [ "$1" = "dynamic" ]; then
+		export BUILDTAGS=''
+		export EXTRA_FLAGS=''
+		export EXTRA_LDFLAGS=''
+	fi
+	make
+
+	install -D bin/containerd "${PREFIX}/containerd"
+	install -D bin/containerd-shim "${PREFIX}/containerd-shim"
+	install -D bin/containerd-shim-runc-v2 "${PREFIX}/containerd-shim-runc-v2"
+	install -D bin/ctr "${PREFIX}/ctr"
+)
diff --git a/hack/dockerfile/install/dockercli.installer b/hack/dockerfile/install/dockercli.installer
index ae3aa0dd458b6..6e26bf3181d28 100755
--- a/hack/dockerfile/install/dockercli.installer
+++ b/hack/dockerfile/install/dockercli.installer
@@ -1,23 +1,22 @@
 #!/bin/sh
 
-DOCKERCLI_CHANNEL=${DOCKERCLI_CHANNEL:-edge}
-DOCKERCLI_VERSION=${DOCKERCLI_VERSION:-17.06.0-ce}
+: ${DOCKERCLI_CHANNEL:=stable}
+: ${DOCKERCLI_VERSION:=17.06.2-ce}
 
 install_dockercli() {
 	echo "Install docker/cli version $DOCKERCLI_VERSION from $DOCKERCLI_CHANNEL"
 
 	arch=$(uname -m)
 	# No official release of these platforms
-	if [[ "$arch" != "x86_64" ]] && [[ "$arch" != "s390x" ]]; then
+	if [ "$arch" != "x86_64" ] && [ "$arch" != "s390x" ] && [ "$arch" != "armhf" ]; then
 		build_dockercli
 		return
 	fi
 
 	url=https://download.docker.com/linux/static
-	curl -Ls $url/$DOCKERCLI_CHANNEL/$arch/docker-$DOCKERCLI_VERSION.tgz | \
-	tar -xz docker/docker
-	mkdir -p ${PREFIX}
-	mv docker/docker ${PREFIX}/
+	curl -Ls "${url}/${DOCKERCLI_CHANNEL}/${arch}/docker-${DOCKERCLI_VERSION}.tgz" | tar -xz docker/docker
+	mkdir -p "${PREFIX}"
+	mv docker/docker "${PREFIX}/"
 	rmdir docker
 }
 
@@ -27,5 +26,5 @@ build_dockercli() {
 	git checkout -q "v$DOCKERCLI_VERSION"
 	mkdir -p "$GOPATH/src/github.com/docker"
 	mv components/cli "$GOPATH/src/github.com/docker/cli"
-	go build -buildmode=pie -o ${PREFIX}/docker github.com/docker/cli/cmd/docker
+	go build ${GO_BUILDMODE} -o "${PREFIX}/docker" "github.com/docker/cli/cmd/docker"
 }
diff --git a/hack/dockerfile/install/gometalinter.installer b/hack/dockerfile/install/gometalinter.installer
deleted file mode 100755
index d921fd739add3..0000000000000
--- a/hack/dockerfile/install/gometalinter.installer
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-GOMETALINTER_COMMIT=v2.0.6
-
-install_gometalinter() {
-	echo "Installing gometalinter version $GOMETALINTER_COMMIT"
-	go get -d github.com/alecthomas/gometalinter
-	cd "$GOPATH/src/github.com/alecthomas/gometalinter"
-	git checkout -q "$GOMETALINTER_COMMIT"
-	go build -buildmode=pie -o ${PREFIX}/gometalinter github.com/alecthomas/gometalinter
-	GOBIN=${PREFIX} ${PREFIX}/gometalinter --install
-}
diff --git a/hack/dockerfile/install/install.sh b/hack/dockerfile/install/install.sh
index a0ff09da559da..7629acd8003b1 100755
--- a/hack/dockerfile/install/install.sh
+++ b/hack/dockerfile/install/install.sh
@@ -15,6 +15,15 @@ if [ -z "$TMP_GOPATH" ]; then
 else
 	export GOPATH="$TMP_GOPATH"
 fi
+case "$(go env GOARCH)" in
+	mips* | ppc64)
+		# pie build mode is not supported on mips architectures
+		export GO_BUILDMODE=""
+		;;
+	*)
+		export GO_BUILDMODE="-buildmode=pie"
+		;;
+esac
 
 dir="$(dirname $0)"
 
@@ -26,5 +35,5 @@ if [ ! -f "${dir}/${bin}.installer" ]; then
 	exit 1
 fi
 
-. $dir/$bin.installer
-install_$bin "$@"
+. ${dir}/${bin}.installer
+install_${bin} "$@"
diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer
deleted file mode 100755
index 859336ee54913..0000000000000
--- a/hack/dockerfile/install/proxy.installer
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/sh
-
-# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
-# updating the binary version, consider updating github.com/docker/libnetwork
-# in vendor.conf accordingly
-LIBNETWORK_COMMIT=d7b61745d16675c9f548b19f06fda80d422a74f0
-
-install_proxy() {
-	case "$1" in
-		"dynamic")
-			install_proxy_dynamic
-			return
-			;;
-		"")
-			export CGO_ENABLED=0
-			_install_proxy
-			;;
-		*)
-			echo 'Usage: $0 [dynamic]'
-			;;
-	esac
-}
-
-install_proxy_dynamic() {
-	export PROXY_LDFLAGS="-linkmode=external" install_proxy
-	export BUILD_MODE="-buildmode=pie"
-	_install_proxy
-}
-
-_install_proxy() {
-	echo "Install docker-proxy version $LIBNETWORK_COMMIT"
-	git clone https://github.com/docker/libnetwork.git "$GOPATH/src/github.com/docker/libnetwork"
-	cd "$GOPATH/src/github.com/docker/libnetwork"
-	git checkout -q "$LIBNETWORK_COMMIT"
-	go build $BUILD_MODE -ldflags="$PROXY_LDFLAGS" -o ${PREFIX}/docker-proxy github.com/docker/libnetwork/cmd/proxy
-}
-
-
diff --git a/hack/dockerfile/install/rootlesskit.installer b/hack/dockerfile/install/rootlesskit.installer
new file mode 100755
index 0000000000000..665e2dbc50c1e
--- /dev/null
+++ b/hack/dockerfile/install/rootlesskit.installer
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+: "${ROOTLESSKIT_VERSION:=v0.14.6}"
+
+install_rootlesskit() {
+	case "$1" in
+		"dynamic")
+			install_rootlesskit_dynamic
+			return
+			;;
+		"")
+			export CGO_ENABLED=0
+			_install_rootlesskit
+			;;
+		*)
+			echo 'Usage: $0 [dynamic]'
+			;;
+	esac
+}
+
+install_rootlesskit_dynamic() {
+	export ROOTLESSKIT_LDFLAGS="-linkmode=external" install_rootlesskit
+	export BUILD_MODE=${GO_BUILDMODE}
+	_install_rootlesskit
+}
+
+_install_rootlesskit() (
+	echo "Install rootlesskit version ${ROOTLESSKIT_VERSION}"
+	for f in rootlesskit rootlesskit-docker-proxy; do
+		GOBIN="${PREFIX}" GO111MODULE=on go install ${BUILD_MODE} -ldflags="$ROOTLESSKIT_LDFLAGS" "github.com/rootless-containers/rootlesskit/cmd/${f}@${ROOTLESSKIT_VERSION}"
+	done
+)
diff --git a/hack/dockerfile/install/runc.installer b/hack/dockerfile/install/runc.installer
index ed483e0f40c65..bd07d74e82dd8 100755
--- a/hack/dockerfile/install/runc.installer
+++ b/hack/dockerfile/install/runc.installer
@@ -1,22 +1,29 @@
 #!/bin/sh
+set -e
 
-# When updating RUNC_COMMIT, also update runc in vendor.conf accordingly
-RUNC_COMMIT=69663f0bd4b60df09991c08812a60108003fa340
+# RUNC_VERSION specifies the version of runc to install from the
+# https://github.com/opencontainers/runc repository.
+#
+# The version of runc should match the version that is used by the containerd
+# version that is used. If you need to update runc, open a pull request in
+# the containerd project first, and update both after that is merged.
+#
+# When updating RUNC_VERSION, consider updating runc in vendor.conf accordingly
+: "${RUNC_VERSION:=v1.0.3}"
 
 install_runc() {
-	# Do not build with ambient capabilities support
-	RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp apparmor selinux"}"
+	RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"
 
-	echo "Install runc version $RUNC_COMMIT"
+	echo "Install runc version $RUNC_VERSION (build tags: $RUNC_BUILDTAGS)"
 	git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc"
 	cd "$GOPATH/src/github.com/opencontainers/runc"
-	git checkout -q "$RUNC_COMMIT"
+	git checkout -q "$RUNC_VERSION"
 	if [ -z "$1" ]; then
 		target=static
 	else
 		target="$1"
 	fi
 	make BUILDTAGS="$RUNC_BUILDTAGS" "$target"
-	mkdir -p ${PREFIX}
-	cp runc ${PREFIX}/runc
+	mkdir -p "${PREFIX}"
+	cp runc "${PREFIX}/runc"
 }
diff --git a/hack/dockerfile/install/tini.installer b/hack/dockerfile/install/tini.installer
index 34f43f15f4a23..febceb15eb2a0 100755
--- a/hack/dockerfile/install/tini.installer
+++ b/hack/dockerfile/install/tini.installer
@@ -1,14 +1,17 @@
 #!/bin/sh
 
-TINI_COMMIT=fec3683b971d9c3ef73f284f176672c44b448662 # v0.18.0
+# TINI_VERSION specifies the version of tini (docker-init) to build, and install
+# from the https://github.com/krallin/tini repository. This binary is used
+# when starting containers with the `--init` option.
+: "${TINI_VERSION:=v0.19.0}"
 
 install_tini() {
-	echo "Install tini version $TINI_COMMIT"
+	echo "Install tini version $TINI_VERSION"
 	git clone https://github.com/krallin/tini.git "$GOPATH/tini"
 	cd "$GOPATH/tini"
-	git checkout -q "$TINI_COMMIT"
+	git checkout -q "$TINI_VERSION"
 	cmake .
 	make tini-static
-	mkdir -p ${PREFIX}
-	cp tini-static ${PREFIX}/docker-init
+	mkdir -p "${PREFIX}"
+	cp tini-static "${PREFIX}/docker-init"
 }
diff --git a/hack/dockerfile/install/tomlv.installer b/hack/dockerfile/install/tomlv.installer
deleted file mode 100755
index c926454f22ed4..0000000000000
--- a/hack/dockerfile/install/tomlv.installer
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-# When updating TOMLV_COMMIT, consider updating github.com/BurntSushi/toml
-# in vendor.conf accordingly
-TOMLV_COMMIT=a368813c5e648fee92e5f6c30e3944ff9d5e8895
-
-install_tomlv() {
-	echo "Install tomlv version $TOMLV_COMMIT"
-	git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml"
-	cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT"
-	go build -v -buildmode=pie -o ${PREFIX}/tomlv github.com/BurntSushi/toml/cmd/tomlv
-}
diff --git a/hack/dockerfile/install/vndr.installer b/hack/dockerfile/install/vndr.installer
deleted file mode 100755
index e6a94e7071dab..0000000000000
--- a/hack/dockerfile/install/vndr.installer
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-VNDR_COMMIT=81cb8916aad3c8d06193f008dba3e16f82851f52
-
-install_vndr() {
-	echo "Install vndr version $VNDR_COMMIT"
-	git clone https://github.com/LK4D4/vndr.git "$GOPATH/src/github.com/LK4D4/vndr"
-	cd "$GOPATH/src/github.com/LK4D4/vndr"
-	git checkout -q "$VNDR_COMMIT"
-	go build -buildmode=pie -v -o ${PREFIX}/vndr .
-}
diff --git a/hack/generate-authors.sh b/hack/generate-authors.sh
index 680bdb7b3f746..dc42294052dcd 100755
--- a/hack/generate-authors.sh
+++ b/hack/generate-authors.sh
@@ -6,9 +6,9 @@ cd "$(dirname "$(readlink -f "$BASH_SOURCE")")/.."
 # see also ".mailmap" for how email addresses and names are deduplicated
 
 {
-	cat <<-'EOH'
-	# This file lists all individuals having contributed content to the repository.
-	# For how it is generated, see `hack/generate-authors.sh`.
+	cat <<- 'EOH'
+		# This file lists all individuals having contributed content to the repository.
+		# For how it is generated, see `hack/generate-authors.sh`.
 	EOH
 	echo
 	git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf
diff --git a/hack/generate-swagger-api.sh b/hack/generate-swagger-api.sh
index a01a57387aad9..90a01df02757b 100755
--- a/hack/generate-swagger-api.sh
+++ b/hack/generate-swagger-api.sh
@@ -2,26 +2,26 @@
 set -eu
 
 swagger generate model -f api/swagger.yaml \
-    -t api -m types --skip-validator -C api/swagger-gen.yaml \
-    -n ErrorResponse \
-    -n GraphDriverData \
-    -n IdResponse \
-    -n ImageDeleteResponseItem \
-    -n ImageSummary \
-    -n Plugin -n PluginDevice -n PluginMount -n PluginEnv -n PluginInterfaceType \
-    -n Port \
-    -n ServiceUpdateResponse \
-    -n Volume
+	-t api -m types --skip-validator -C api/swagger-gen.yaml \
+	-n ErrorResponse \
+	-n GraphDriverData \
+	-n IdResponse \
+	-n ImageDeleteResponseItem \
+	-n ImageSummary \
+	-n Plugin -n PluginDevice -n PluginMount -n PluginEnv -n PluginInterfaceType \
+	-n Port \
+	-n ServiceUpdateResponse \
+	-n Volume
 
 swagger generate operation -f api/swagger.yaml \
-    -t api -a types -m types -C api/swagger-gen.yaml \
-    -T api/templates --skip-responses --skip-parameters --skip-validator \
-    -n Authenticate \
-    -n ContainerChanges \
-    -n ContainerCreate \
-    -n ContainerTop \
-    -n ContainerUpdate \
-    -n ContainerWait \
-    -n ImageHistory \
-    -n VolumeCreate \
-    -n VolumeList
+	-t api -a types -m types -C api/swagger-gen.yaml \
+	-T api/templates --skip-responses --skip-parameters --skip-validator \
+	-n Authenticate \
+	-n ContainerChanges \
+	-n ContainerCreate \
+	-n ContainerTop \
+	-n ContainerUpdate \
+	-n ContainerWait \
+	-n ImageHistory \
+	-n VolumeCreate \
+	-n VolumeList
diff --git a/hack/generate-test-certs.sh b/hack/generate-test-certs.sh
new file mode 100755
index 0000000000000..2a5347903940c
--- /dev/null
+++ b/hack/generate-test-certs.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+set -eu
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
+
+# integration/testdata/https (and integration-cli/fixtures/https, which has symlinks to these files)
+OUT_DIR="${SCRIPT_DIR}/../integration/testdata/https"
+
+# generate CA
+echo 01 > "${OUT_DIR}/ca.srl"
+openssl genrsa -out "${OUT_DIR}/ca-key.pem"
+
+openssl req \
+	-new \
+	-x509 \
+	-days 3652 \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=moby-ci/name=moby/emailAddress=moby@example.org" \
+	-nameopt compat \
+	-text \
+	-key "${OUT_DIR}/ca-key.pem" \
+	-out "${OUT_DIR}/ca.pem"
+
+# Now that we have a CA, create a server key and certificate signing request.
+# Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use
+# to connect or just use '*' for a certificate valid for any hostname:
+
+openssl genrsa -out server-key.pem
+openssl req -new \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=server/name=moby/emailAddress=moby@example.org" \
+	-text \
+	-key "${OUT_DIR}/server-key.pem" \
+	-out "${OUT_DIR}/server.csr"
+
+# Options for server certificate
+cat > "${OUT_DIR}/server-options.cfg" << 'EOF'
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+extendedKeyUsage=serverAuth
+subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
+EOF
+
+# Generate the certificate and sign with our CA
+openssl x509 \
+	-req \
+	-days 3652 \
+	-extfile "${OUT_DIR}/server-options.cfg" \
+	-CA "${OUT_DIR}/ca.pem" \
+	-CAkey "${OUT_DIR}/ca-key.pem" \
+	-nameopt compat \
+	-text \
+	-in "${OUT_DIR}/server.csr" \
+	-out "${OUT_DIR}/server-cert.pem"
+
+# For client authentication, create a client key and certificate signing request
+openssl genrsa -out "${OUT_DIR}/client-key.pem"
+openssl req -new \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=client/name=moby/emailAddress=moby@example.org" \
+	-text \
+	-key "${OUT_DIR}/client-key.pem" \
+	-out "${OUT_DIR}/client.csr"
+
+# Options for client certificate
+cat > "${OUT_DIR}/client-options.cfg" << 'EOF'
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+extendedKeyUsage=clientAuth
+subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
+EOF
+
+# Generate the certificate and sign with our CA:
+openssl x509 \
+	-req \
+	-days 3652 \
+	-extfile "${OUT_DIR}/client-options.cfg" \
+	-CA "${OUT_DIR}/ca.pem" \
+	-CAkey "${OUT_DIR}/ca-key.pem" \
+	-nameopt compat \
+	-text \
+	-in "${OUT_DIR}/client.csr" \
+	-out "${OUT_DIR}/client-cert.pem"
+
+rm "${OUT_DIR}/ca.srl"
+rm "${OUT_DIR}/ca-key.pem"
+rm "${OUT_DIR}"/*.cfg
+rm "${OUT_DIR}"/*.csr
diff --git a/hack/integration-cli-on-swarm/README.md b/hack/integration-cli-on-swarm/README.md
deleted file mode 100644
index 852b36cea16ab..0000000000000
--- a/hack/integration-cli-on-swarm/README.md
+++ /dev/null
@@ -1,68 +0,0 @@
-# Integration Testing on Swarm
-
-IT on Swarm allows you to execute integration test in parallel across a Docker Swarm cluster
-
-## Architecture
-
-### Master service
-
-  - Works as a funker caller
-  - Calls a worker funker (`-worker-service`) with a chunk of `-check.f` filter strings (passed as a file via `-input` flag, typically `/mnt/input`)
-
-### Worker service
-
-  - Works as a funker callee
-  - Executes an equivalent of `TESTFLAGS=-check.f TestFoo|TestBar|TestBaz ... make test-integration` using the bind-mounted API socket (`docker.sock`)
-
-### Client
-
-  - Controls master and workers via `docker stack`
-  - No need to have a local daemon
-
-Typically, the master and workers are supposed to be running on a cloud environment,
-while the client is supposed to be running on a laptop, e.g. Docker for Mac/Windows.
-
-## Requirement
-
-  - Docker daemon 1.13 or later
-  - Private registry for distributed execution with multiple nodes
-
-## Usage
-
-### Step 1: Prepare images
-
-    $ make build-integration-cli-on-swarm
-
-Following environment variables are known to work in this step:
-
- - `BUILDFLAGS`
-
-Note: during the transition into Moby Project, you might need to create a symbolic link `$GOPATH/src/github.com/docker/docker` to `$GOPATH/src/github.com/moby/moby`. 
-
-### Step 2: Execute tests
-
-    $ ./hack/integration-cli-on-swarm/integration-cli-on-swarm -replicas 40 -push-worker-image YOUR_REGISTRY.EXAMPLE.COM/integration-cli-worker:latest 
-
-Following environment variables are known to work in this step:
-
- - `DOCKER_GRAPHDRIVER`
- - `DOCKER_EXPERIMENTAL`
-
-#### Flags
-
-Basic flags:
-
- - `-replicas N`: the number of worker service replicas. i.e. degree of parallelism.
- - `-chunks N`: the number of chunks. By default, `chunks` == `replicas`.
- - `-push-worker-image REGISTRY/IMAGE:TAG`: push the worker image to the registry. Note that if you have only single node and hence you do not need a private registry, you do not need to specify `-push-worker-image`.
-
-Experimental flags for mitigating makespan nonuniformity:
-
- - `-shuffle`: Shuffle the test filter strings
-
-Flags for debugging IT on Swarm itself:
-
- - `-rand-seed N`: the random seed. This flag is useful for deterministic replaying. By default(0), the timestamp is used.
- - `-filters-file FILE`: the file contains `-check.f` strings. By default, the file is automatically generated.
- - `-dry-run`: skip the actual workload
- - `keep-executor`: do not auto-remove executor containers, which is used for running privileged programs on Swarm
diff --git a/hack/integration-cli-on-swarm/agent/Dockerfile b/hack/integration-cli-on-swarm/agent/Dockerfile
deleted file mode 100644
index 1ae228f6ef105..0000000000000
--- a/hack/integration-cli-on-swarm/agent/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-# this Dockerfile is solely used for the master image.
-# Please refer to the top-level Makefile for the worker image.
-FROM golang:1.7
-ADD . /go/src/github.com/docker/docker/hack/integration-cli-on-swarm/agent
-RUN go build -buildmode=pie -o /master github.com/docker/docker/hack/integration-cli-on-swarm/agent/master
-ENTRYPOINT ["/master"]
diff --git a/hack/integration-cli-on-swarm/agent/master/call.go b/hack/integration-cli-on-swarm/agent/master/call.go
deleted file mode 100644
index dab9c6707778d..0000000000000
--- a/hack/integration-cli-on-swarm/agent/master/call.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"log"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"github.com/bfirsh/funker-go"
-	"github.com/docker/docker/hack/integration-cli-on-swarm/agent/types"
-)
-
-const (
-	// funkerRetryTimeout is for the issue https://github.com/bfirsh/funker/issues/3
-	// When all the funker replicas are busy in their own job, we cannot connect to funker.
-	funkerRetryTimeout  = 1 * time.Hour
-	funkerRetryDuration = 1 * time.Second
-)
-
-// ticker is needed for some CI (e.g., on Travis, job is aborted when no output emitted for 10 minutes)
-func ticker(d time.Duration) chan struct{} {
-	t := time.NewTicker(d)
-	stop := make(chan struct{})
-	go func() {
-		for {
-			select {
-			case <-t.C:
-				log.Printf("tick (just for keeping CI job active) per %s", d.String())
-			case <-stop:
-				t.Stop()
-			}
-		}
-	}()
-	return stop
-}
-
-func executeTests(funkerName string, testChunks [][]string) error {
-	tickerStopper := ticker(9*time.Minute + 55*time.Second)
-	defer func() {
-		close(tickerStopper)
-	}()
-	begin := time.Now()
-	log.Printf("Executing %d chunks in parallel, against %q", len(testChunks), funkerName)
-	var wg sync.WaitGroup
-	var passed, failed uint32
-	for chunkID, tests := range testChunks {
-		log.Printf("Executing chunk %d (contains %d test filters)", chunkID, len(tests))
-		wg.Add(1)
-		go func(chunkID int, tests []string) {
-			defer wg.Done()
-			chunkBegin := time.Now()
-			result, err := executeTestChunkWithRetry(funkerName, types.Args{
-				ChunkID: chunkID,
-				Tests:   tests,
-			})
-			if result.RawLog != "" {
-				for _, s := range strings.Split(result.RawLog, "\n") {
-					log.Printf("Log (chunk %d): %s", chunkID, s)
-				}
-			}
-			if err != nil {
-				log.Printf("Error while executing chunk %d: %v",
-					chunkID, err)
-				atomic.AddUint32(&failed, 1)
-			} else {
-				if result.Code == 0 {
-					atomic.AddUint32(&passed, 1)
-				} else {
-					atomic.AddUint32(&failed, 1)
-				}
-				log.Printf("Finished chunk %d [%d/%d] with %d test filters in %s, code=%d.",
-					chunkID, passed+failed, len(testChunks), len(tests),
-					time.Since(chunkBegin), result.Code)
-			}
-		}(chunkID, tests)
-	}
-	wg.Wait()
-	// TODO: print actual tests rather than chunks
-	log.Printf("Executed %d chunks in %s. PASS: %d, FAIL: %d.",
-		len(testChunks), time.Since(begin), passed, failed)
-	if failed > 0 {
-		return fmt.Errorf("%d chunks failed", failed)
-	}
-	return nil
-}
-
-func executeTestChunk(funkerName string, args types.Args) (types.Result, error) {
-	ret, err := funker.Call(funkerName, args)
-	if err != nil {
-		return types.Result{}, err
-	}
-	tmp, err := json.Marshal(ret)
-	if err != nil {
-		return types.Result{}, err
-	}
-	var result types.Result
-	err = json.Unmarshal(tmp, &result)
-	return result, err
-}
-
-func executeTestChunkWithRetry(funkerName string, args types.Args) (types.Result, error) {
-	begin := time.Now()
-	for i := 0; time.Since(begin) < funkerRetryTimeout; i++ {
-		result, err := executeTestChunk(funkerName, args)
-		if err == nil {
-			log.Printf("executeTestChunk(%q, %d) returned code %d in trial %d", funkerName, args.ChunkID, result.Code, i)
-			return result, nil
-		}
-		if errorSeemsInteresting(err) {
-			log.Printf("Error while calling executeTestChunk(%q, %d), will retry (trial %d): %v",
-				funkerName, args.ChunkID, i, err)
-		}
-		// TODO: non-constant sleep
-		time.Sleep(funkerRetryDuration)
-	}
-	return types.Result{}, fmt.Errorf("could not call executeTestChunk(%q, %d) in %v", funkerName, args.ChunkID, funkerRetryTimeout)
-}
-
-//  errorSeemsInteresting returns true if err does not seem about https://github.com/bfirsh/funker/issues/3
-func errorSeemsInteresting(err error) bool {
-	boringSubstrs := []string{"connection refused", "connection reset by peer", "no such host", "transport endpoint is not connected", "no route to host"}
-	errS := err.Error()
-	for _, boringS := range boringSubstrs {
-		if strings.Contains(errS, boringS) {
-			return false
-		}
-	}
-	return true
-}
diff --git a/hack/integration-cli-on-swarm/agent/master/master.go b/hack/integration-cli-on-swarm/agent/master/master.go
deleted file mode 100644
index a0d9a0d38131b..0000000000000
--- a/hack/integration-cli-on-swarm/agent/master/master.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package main
-
-import (
-	"errors"
-	"flag"
-	"io/ioutil"
-	"log"
-	"strings"
-)
-
-func main() {
-	if err := xmain(); err != nil {
-		log.Fatalf("fatal error: %v", err)
-	}
-}
-
-func xmain() error {
-	workerService := flag.String("worker-service", "", "Name of worker service")
-	chunks := flag.Int("chunks", 0, "Number of chunks")
-	input := flag.String("input", "", "Path to input file")
-	randSeed := flag.Int64("rand-seed", int64(0), "Random seed")
-	shuffle := flag.Bool("shuffle", false, "Shuffle the input so as to mitigate makespan nonuniformity")
-	flag.Parse()
-	if *workerService == "" {
-		return errors.New("worker-service unset")
-	}
-	if *chunks == 0 {
-		return errors.New("chunks unset")
-	}
-	if *input == "" {
-		return errors.New("input unset")
-	}
-
-	tests, err := loadTests(*input)
-	if err != nil {
-		return err
-	}
-	testChunks := chunkTests(tests, *chunks, *shuffle, *randSeed)
-	log.Printf("Loaded %d tests (%d chunks)", len(tests), len(testChunks))
-	return executeTests(*workerService, testChunks)
-}
-
-func chunkTests(tests []string, numChunks int, shuffle bool, randSeed int64) [][]string {
-	// shuffling (experimental) mitigates makespan nonuniformity
-	// Not sure this can cause some locality problem..
-	if shuffle {
-		shuffleStrings(tests, randSeed)
-	}
-	return chunkStrings(tests, numChunks)
-}
-
-func loadTests(filename string) ([]string, error) {
-	b, err := ioutil.ReadFile(filename)
-	if err != nil {
-		return nil, err
-	}
-	var tests []string
-	for _, line := range strings.Split(string(b), "\n") {
-		s := strings.TrimSpace(line)
-		if s != "" {
-			tests = append(tests, s)
-		}
-	}
-	return tests, nil
-}
diff --git a/hack/integration-cli-on-swarm/agent/master/set.go b/hack/integration-cli-on-swarm/agent/master/set.go
deleted file mode 100644
index d28c41da7f107..0000000000000
--- a/hack/integration-cli-on-swarm/agent/master/set.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package main
-
-import (
-	"math/rand"
-)
-
-// chunkStrings chunks the string slice
-func chunkStrings(x []string, numChunks int) [][]string {
-	var result [][]string
-	chunkSize := (len(x) + numChunks - 1) / numChunks
-	for i := 0; i < len(x); i += chunkSize {
-		ub := i + chunkSize
-		if ub > len(x) {
-			ub = len(x)
-		}
-		result = append(result, x[i:ub])
-	}
-	return result
-}
-
-// shuffleStrings shuffles strings
-func shuffleStrings(x []string, seed int64) {
-	r := rand.New(rand.NewSource(seed))
-	for i := range x {
-		j := r.Intn(i + 1)
-		x[i], x[j] = x[j], x[i]
-	}
-}
diff --git a/hack/integration-cli-on-swarm/agent/master/set_test.go b/hack/integration-cli-on-swarm/agent/master/set_test.go
deleted file mode 100644
index c172562b1b0ab..0000000000000
--- a/hack/integration-cli-on-swarm/agent/master/set_test.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"reflect"
-	"testing"
-	"time"
-)
-
-func generateInput(inputLen int) []string {
-	var input []string
-	for i := 0; i < inputLen; i++ {
-		input = append(input, fmt.Sprintf("s%d", i))
-	}
-
-	return input
-}
-
-func testChunkStrings(t *testing.T, inputLen, numChunks int) {
-	t.Logf("inputLen=%d, numChunks=%d", inputLen, numChunks)
-	input := generateInput(inputLen)
-	result := chunkStrings(input, numChunks)
-	t.Logf("result has %d chunks", len(result))
-	var inputReconstructedFromResult []string
-	for i, chunk := range result {
-		t.Logf("chunk %d has %d elements", i, len(chunk))
-		inputReconstructedFromResult = append(inputReconstructedFromResult, chunk...)
-	}
-	if !reflect.DeepEqual(input, inputReconstructedFromResult) {
-		t.Fatal("input != inputReconstructedFromResult")
-	}
-}
-
-func TestChunkStrings_4_4(t *testing.T) {
-	testChunkStrings(t, 4, 4)
-}
-
-func TestChunkStrings_4_1(t *testing.T) {
-	testChunkStrings(t, 4, 1)
-}
-
-func TestChunkStrings_1_4(t *testing.T) {
-	testChunkStrings(t, 1, 4)
-}
-
-func TestChunkStrings_1000_8(t *testing.T) {
-	testChunkStrings(t, 1000, 8)
-}
-
-func TestChunkStrings_1000_9(t *testing.T) {
-	testChunkStrings(t, 1000, 9)
-}
-
-func testShuffleStrings(t *testing.T, inputLen int, seed int64) {
-	t.Logf("inputLen=%d, seed=%d", inputLen, seed)
-	x := generateInput(inputLen)
-	shuffleStrings(x, seed)
-	t.Logf("shuffled: %v", x)
-}
-
-func TestShuffleStrings_100(t *testing.T) {
-	testShuffleStrings(t, 100, time.Now().UnixNano())
-}
diff --git a/hack/integration-cli-on-swarm/agent/types/types.go b/hack/integration-cli-on-swarm/agent/types/types.go
deleted file mode 100644
index fc598f0330bcb..0000000000000
--- a/hack/integration-cli-on-swarm/agent/types/types.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package types
-
-// Args is the type for funker args
-type Args struct {
-	// ChunkID is an unique number of the chunk
-	ChunkID int `json:"chunk_id"`
-	// Tests is the set of the strings that are passed as `-check.f` filters
-	Tests []string `json:"tests"`
-}
-
-// Result is the type for funker result
-type Result struct {
-	// ChunkID corresponds to Args.ChunkID
-	ChunkID int `json:"chunk_id"`
-	// Code is the exit code
-	Code   int    `json:"code"`
-	RawLog string `json:"raw_log"`
-}
diff --git a/hack/integration-cli-on-swarm/agent/vendor.conf b/hack/integration-cli-on-swarm/agent/vendor.conf
deleted file mode 100644
index efd6d6d049d3f..0000000000000
--- a/hack/integration-cli-on-swarm/agent/vendor.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-# dependencies specific to worker (i.e. github.com/docker/docker/...) are not vendored here
-github.com/bfirsh/funker-go eaa0a2e06f30e72c9a0b7f858951e581e26ef773
diff --git a/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/LICENSE b/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/LICENSE
deleted file mode 100644
index 75191a4dc711f..0000000000000
--- a/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/LICENSE
+++ /dev/null
@@ -1,191 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   Copyright 2016 Docker, Inc.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/call.go b/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/call.go
deleted file mode 100644
index ac0338d2d7ae4..0000000000000
--- a/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/call.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package funker
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"net"
-	"time"
-)
-
-// Call a Funker function
-func Call(name string, args interface{}) (interface{}, error) {
-	argsJSON, err := json.Marshal(args)
-	if err != nil {
-		return nil, err
-	}
-
-	addr, err := net.ResolveTCPAddr("tcp", name+":9999")
-	if err != nil {
-		return nil, err
-	}
-
-	conn, err := net.DialTCP("tcp", nil, addr)
-	if err != nil {
-		return nil, err
-	}
-	// Keepalive is a workaround for docker/docker#29655 .
-	// The implementation of FIN_WAIT2 seems weird on Swarm-mode.
-	// It seems always refuseing any packet after 60 seconds.
-	//
-	// TODO: remove this workaround if the issue gets resolved on the Docker side
-	if err := conn.SetKeepAlive(true); err != nil {
-		return nil, err
-	}
-	if err := conn.SetKeepAlivePeriod(30 * time.Second); err != nil {
-		return nil, err
-	}
-	if _, err = conn.Write(argsJSON); err != nil {
-		return nil, err
-	}
-	if err = conn.CloseWrite(); err != nil {
-		return nil, err
-	}
-	retJSON, err := ioutil.ReadAll(conn)
-	if err != nil {
-		return nil, err
-	}
-	var ret interface{}
-	err = json.Unmarshal(retJSON, &ret)
-	return ret, err
-}
diff --git a/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/handle.go b/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/handle.go
deleted file mode 100644
index 89878994dc999..0000000000000
--- a/hack/integration-cli-on-swarm/agent/vendor/github.com/bfirsh/funker-go/handle.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package funker
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net"
-	"reflect"
-)
-
-// Handle a Funker function.
-func Handle(handler interface{}) error {
-	handlerValue := reflect.ValueOf(handler)
-	handlerType := handlerValue.Type()
-	if handlerType.Kind() != reflect.Func || handlerType.NumIn() != 1 || handlerType.NumOut() != 1 {
-		return fmt.Errorf("Handler must be a function with a single parameter and single return value.")
-	}
-	argsValue := reflect.New(handlerType.In(0))
-
-	listener, err := net.Listen("tcp", ":9999")
-	if err != nil {
-		return err
-	}
-	conn, err := listener.Accept()
-	if err != nil {
-		return err
-	}
-	// We close listener, because we only allow single request.
-	// Note that TCP "backlog" cannot be used for that purpose.
-	// http://www.perlmonks.org/?node_id=940662
-	if err = listener.Close(); err != nil {
-		return err
-	}
-	argsJSON, err := ioutil.ReadAll(conn)
-	if err != nil {
-		return err
-	}
-	err = json.Unmarshal(argsJSON, argsValue.Interface())
-	if err != nil {
-		return err
-	}
-
-	ret := handlerValue.Call([]reflect.Value{argsValue.Elem()})[0].Interface()
-	retJSON, err := json.Marshal(ret)
-	if err != nil {
-		return err
-	}
-
-	if _, err = conn.Write(retJSON); err != nil {
-		return err
-	}
-
-	return conn.Close()
-}
diff --git a/hack/integration-cli-on-swarm/agent/worker/executor.go b/hack/integration-cli-on-swarm/agent/worker/executor.go
deleted file mode 100644
index eef80d461edb8..0000000000000
--- a/hack/integration-cli-on-swarm/agent/worker/executor.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/stdcopy"
-)
-
-// testChunkExecutor executes integration-cli binary.
-// image needs to be the worker image itself. testFlags are OR-set of regexp for filtering tests.
-type testChunkExecutor func(image string, tests []string) (int64, string, error)
-
-func dryTestChunkExecutor() testChunkExecutor {
-	return func(image string, tests []string) (int64, string, error) {
-		return 0, fmt.Sprintf("DRY RUN (image=%q, tests=%v)", image, tests), nil
-	}
-}
-
-// privilegedTestChunkExecutor invokes a privileged container from the worker
-// service via bind-mounted API socket so as to execute the test chunk
-func privilegedTestChunkExecutor(autoRemove bool) testChunkExecutor {
-	return func(image string, tests []string) (int64, string, error) {
-		cli, err := client.NewEnvClient()
-		if err != nil {
-			return 0, "", err
-		}
-		// propagate variables from the host (needs to be defined in the compose file)
-		experimental := os.Getenv("DOCKER_EXPERIMENTAL")
-		graphdriver := os.Getenv("DOCKER_GRAPHDRIVER")
-		if graphdriver == "" {
-			info, err := cli.Info(context.Background())
-			if err != nil {
-				return 0, "", err
-			}
-			graphdriver = info.Driver
-		}
-		// `daemon_dest` is similar to `$DEST` (e.g. `bundles/VERSION/test-integration`)
-		// but it exists outside of `bundles` so as to make `$DOCKER_GRAPHDRIVER` work.
-		//
-		// Without this hack, `$DOCKER_GRAPHDRIVER` fails because of (e.g.) `overlay2 is not supported over overlayfs`
-		//
-		// see integration-cli/daemon/daemon.go
-		daemonDest := "/daemon_dest"
-		config := container.Config{
-			Image: image,
-			Env: []string{
-				"TESTFLAGS=-check.f " + strings.Join(tests, "|"),
-				"KEEPBUNDLE=1",
-				"DOCKER_INTEGRATION_TESTS_VERIFIED=1", // for avoiding rebuilding integration-cli
-				"DOCKER_EXPERIMENTAL=" + experimental,
-				"DOCKER_GRAPHDRIVER=" + graphdriver,
-				"DOCKER_INTEGRATION_DAEMON_DEST=" + daemonDest,
-			},
-			Labels: map[string]string{
-				"org.dockerproject.integration-cli-on-swarm":         "",
-				"org.dockerproject.integration-cli-on-swarm.comment": "this non-service container is created for running privileged programs on Swarm. you can remove this container manually if the corresponding service is already stopped.",
-			},
-			Entrypoint: []string{"hack/dind"},
-			Cmd:        []string{"hack/make.sh", "test-integration"},
-		}
-		hostConfig := container.HostConfig{
-			AutoRemove: autoRemove,
-			Privileged: true,
-			Mounts: []mount.Mount{
-				{
-					Type:   mount.TypeVolume,
-					Target: daemonDest,
-				},
-			},
-		}
-		id, stream, err := runContainer(context.Background(), cli, config, hostConfig)
-		if err != nil {
-			return 0, "", err
-		}
-		var b bytes.Buffer
-		teeContainerStream(&b, os.Stdout, os.Stderr, stream)
-		resultC, errC := cli.ContainerWait(context.Background(), id, "")
-		select {
-		case err := <-errC:
-			return 0, "", err
-		case result := <-resultC:
-			return result.StatusCode, b.String(), nil
-		}
-	}
-}
-
-func runContainer(ctx context.Context, cli *client.Client, config container.Config, hostConfig container.HostConfig) (string, io.ReadCloser, error) {
-	created, err := cli.ContainerCreate(context.Background(),
-		&config, &hostConfig, nil, "")
-	if err != nil {
-		return "", nil, err
-	}
-	if err = cli.ContainerStart(ctx, created.ID, types.ContainerStartOptions{}); err != nil {
-		return "", nil, err
-	}
-	stream, err := cli.ContainerLogs(ctx,
-		created.ID,
-		types.ContainerLogsOptions{
-			ShowStdout: true,
-			ShowStderr: true,
-			Follow:     true,
-		})
-	return created.ID, stream, err
-}
-
-func teeContainerStream(w, stdout, stderr io.Writer, stream io.ReadCloser) {
-	stdcopy.StdCopy(io.MultiWriter(w, stdout), io.MultiWriter(w, stderr), stream)
-	stream.Close()
-}
diff --git a/hack/integration-cli-on-swarm/agent/worker/worker.go b/hack/integration-cli-on-swarm/agent/worker/worker.go
deleted file mode 100644
index ea8bb3fe27f99..0000000000000
--- a/hack/integration-cli-on-swarm/agent/worker/worker.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package main
-
-import (
-	"flag"
-	"fmt"
-	"log"
-	"time"
-
-	"github.com/bfirsh/funker-go"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/hack/integration-cli-on-swarm/agent/types"
-)
-
-func main() {
-	if err := xmain(); err != nil {
-		log.Fatalf("fatal error: %v", err)
-	}
-}
-
-func validImageDigest(s string) bool {
-	return reference.DigestRegexp.FindString(s) != ""
-}
-
-func xmain() error {
-	workerImageDigest := flag.String("worker-image-digest", "", "Needs to be the digest of this worker image itself")
-	dryRun := flag.Bool("dry-run", false, "Dry run")
-	keepExecutor := flag.Bool("keep-executor", false, "Do not auto-remove executor containers, which is used for running privileged programs on Swarm")
-	flag.Parse()
-	if !validImageDigest(*workerImageDigest) {
-		// Because of issue #29582.
-		// `docker service create localregistry.example.com/blahblah:latest` pulls the image data to local, but not a tag.
-		// So, `docker run localregistry.example.com/blahblah:latest` fails: `Unable to find image 'localregistry.example.com/blahblah:latest' locally`
-		return fmt.Errorf("worker-image-digest must be a digest, got %q", *workerImageDigest)
-	}
-	executor := privilegedTestChunkExecutor(!*keepExecutor)
-	if *dryRun {
-		executor = dryTestChunkExecutor()
-	}
-	return handle(*workerImageDigest, executor)
-}
-
-func handle(workerImageDigest string, executor testChunkExecutor) error {
-	log.Printf("Waiting for a funker request")
-	return funker.Handle(func(args *types.Args) types.Result {
-		log.Printf("Executing chunk %d, contains %d test filters",
-			args.ChunkID, len(args.Tests))
-		begin := time.Now()
-		code, rawLog, err := executor(workerImageDigest, args.Tests)
-		if err != nil {
-			log.Printf("Error while executing chunk %d: %v", args.ChunkID, err)
-			if code == 0 {
-				// Make sure this is a failure
-				code = 1
-			}
-			return types.Result{
-				ChunkID: args.ChunkID,
-				Code:    int(code),
-				RawLog:  rawLog,
-			}
-		}
-		elapsed := time.Since(begin)
-		log.Printf("Finished chunk %d, code=%d, elapsed=%v", args.ChunkID, code, elapsed)
-		return types.Result{
-			ChunkID: args.ChunkID,
-			Code:    int(code),
-			RawLog:  rawLog,
-		}
-	})
-}
diff --git a/hack/integration-cli-on-swarm/host/compose.go b/hack/integration-cli-on-swarm/host/compose.go
deleted file mode 100644
index a92282a1a027e..0000000000000
--- a/hack/integration-cli-on-swarm/host/compose.go
+++ /dev/null
@@ -1,122 +0,0 @@
-package main
-
-import (
-	"context"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"text/template"
-
-	"github.com/docker/docker/client"
-)
-
-const composeTemplate = `# generated by integration-cli-on-swarm
-version: "3"
-
-services:
-  worker:
-    image: "{{.WorkerImage}}"
-    command: ["-worker-image-digest={{.WorkerImageDigest}}", "-dry-run={{.DryRun}}", "-keep-executor={{.KeepExecutor}}"]
-    networks:
-      - net
-    volumes:
-# Bind-mount the API socket so that we can invoke "docker run --privileged" within the service containers
-      - /var/run/docker.sock:/var/run/docker.sock
-    environment:
-      - DOCKER_GRAPHDRIVER={{.EnvDockerGraphDriver}}
-      - DOCKER_EXPERIMENTAL={{.EnvDockerExperimental}}
-    deploy:
-      mode: replicated
-      replicas: {{.Replicas}}
-      restart_policy:
-# The restart condition needs to be any for funker function
-        condition: any
-
-  master:
-    image: "{{.MasterImage}}"
-    command: ["-worker-service=worker", "-input=/mnt/input", "-chunks={{.Chunks}}", "-shuffle={{.Shuffle}}", "-rand-seed={{.RandSeed}}"]
-    networks:
-      - net
-    volumes:
-      - {{.Volume}}:/mnt
-    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: none
-      placement:
-# Make sure the master can access the volume
-        constraints: [node.id == {{.SelfNodeID}}]
-
-networks:
-  net:
-
-volumes:
-  {{.Volume}}:
-    external: true
-`
-
-type composeOptions struct {
-	Replicas     int
-	Chunks       int
-	MasterImage  string
-	WorkerImage  string
-	Volume       string
-	Shuffle      bool
-	RandSeed     int64
-	DryRun       bool
-	KeepExecutor bool
-}
-
-type composeTemplateOptions struct {
-	composeOptions
-	WorkerImageDigest     string
-	SelfNodeID            string
-	EnvDockerGraphDriver  string
-	EnvDockerExperimental string
-}
-
-// createCompose creates "dir/docker-compose.yml".
-// If dir is empty, TempDir() is used.
-func createCompose(dir string, cli *client.Client, opts composeOptions) (string, error) {
-	if dir == "" {
-		var err error
-		dir, err = ioutil.TempDir("", "integration-cli-on-swarm-")
-		if err != nil {
-			return "", err
-		}
-	}
-	resolved := composeTemplateOptions{}
-	resolved.composeOptions = opts
-	workerImageInspect, _, err := cli.ImageInspectWithRaw(context.Background(), defaultWorkerImageName)
-	if err != nil {
-		return "", err
-	}
-	if len(workerImageInspect.RepoDigests) > 0 {
-		resolved.WorkerImageDigest = workerImageInspect.RepoDigests[0]
-	} else {
-		// fall back for non-pushed image
-		resolved.WorkerImageDigest = workerImageInspect.ID
-	}
-	info, err := cli.Info(context.Background())
-	if err != nil {
-		return "", err
-	}
-	resolved.SelfNodeID = info.Swarm.NodeID
-	resolved.EnvDockerGraphDriver = os.Getenv("DOCKER_GRAPHDRIVER")
-	resolved.EnvDockerExperimental = os.Getenv("DOCKER_EXPERIMENTAL")
-	composeFilePath := filepath.Join(dir, "docker-compose.yml")
-	tmpl, err := template.New("").Parse(composeTemplate)
-	if err != nil {
-		return "", err
-	}
-	f, err := os.Create(composeFilePath)
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-	if err = tmpl.Execute(f, resolved); err != nil {
-		return "", err
-	}
-	return composeFilePath, nil
-}
diff --git a/hack/integration-cli-on-swarm/host/dockercmd.go b/hack/integration-cli-on-swarm/host/dockercmd.go
deleted file mode 100644
index c08b763a2ba80..0000000000000
--- a/hack/integration-cli-on-swarm/host/dockercmd.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"os"
-	"os/exec"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/client"
-)
-
-func system(commands [][]string) error {
-	for _, c := range commands {
-		cmd := exec.Command(c[0], c[1:]...)
-		cmd.Stdout = os.Stdout
-		cmd.Stderr = os.Stderr
-		cmd.Env = os.Environ()
-		if err := cmd.Run(); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func pushImage(unusedCli *client.Client, remote, local string) error {
-	// FIXME: eliminate os/exec (but it is hard to pass auth without os/exec ...)
-	return system([][]string{
-		{"docker", "image", "tag", local, remote},
-		{"docker", "image", "push", remote},
-	})
-}
-
-func deployStack(unusedCli *client.Client, stackName, composeFilePath string) error {
-	// FIXME: eliminate os/exec (but stack is implemented in CLI ...)
-	return system([][]string{
-		{"docker", "stack", "deploy",
-			"--compose-file", composeFilePath,
-			"--with-registry-auth",
-			stackName},
-	})
-}
-
-func hasStack(unusedCli *client.Client, stackName string) bool {
-	// FIXME: eliminate os/exec (but stack is implemented in CLI ...)
-	out, err := exec.Command("docker", "stack", "ls").CombinedOutput()
-	if err != nil {
-		panic(fmt.Errorf("`docker stack ls` failed with: %s", string(out)))
-	}
-	// FIXME: not accurate
-	return strings.Contains(string(out), stackName)
-}
-
-func removeStack(unusedCli *client.Client, stackName string) error {
-	// FIXME: eliminate os/exec (but stack is implemented in CLI ...)
-	if err := system([][]string{
-		{"docker", "stack", "rm", stackName},
-	}); err != nil {
-		return err
-	}
-	// FIXME
-	time.Sleep(10 * time.Second)
-	return nil
-}
diff --git a/hack/integration-cli-on-swarm/host/enumerate.go b/hack/integration-cli-on-swarm/host/enumerate.go
deleted file mode 100644
index 3354c23c07b54..0000000000000
--- a/hack/integration-cli-on-swarm/host/enumerate.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-	"path/filepath"
-	"regexp"
-)
-
-var testFuncRegexp *regexp.Regexp
-
-func init() {
-	testFuncRegexp = regexp.MustCompile(`(?m)^\s*func\s+\(\w*\s*\*(\w+Suite)\)\s+(Test\w+)`)
-}
-
-func enumerateTestsForBytes(b []byte) ([]string, error) {
-	var tests []string
-	submatches := testFuncRegexp.FindAllSubmatch(b, -1)
-	for _, submatch := range submatches {
-		if len(submatch) == 3 {
-			tests = append(tests, fmt.Sprintf("%s.%s$", submatch[1], submatch[2]))
-		}
-	}
-	return tests, nil
-}
-
-// enumerateTests enumerates valid `-check.f` strings for all the test functions.
-// Note that we use regexp rather than parsing Go files for performance reason.
-// (Try `TESTFLAGS=-check.list make test-integration` to see the slowness of parsing)
-// The files needs to be `gofmt`-ed
-//
-// The result will be as follows, but unsorted ('$' is appended because they are regexp for `-check.f`):
-//  "DockerAuthzSuite.TestAuthZPluginAPIDenyResponse$"
-//  "DockerAuthzSuite.TestAuthZPluginAllowEventStream$"
-//  ...
-//  "DockerTrustedSwarmSuite.TestTrustedServiceUpdate$"
-func enumerateTests(wd string) ([]string, error) {
-	testGoFiles, err := filepath.Glob(filepath.Join(wd, "integration-cli", "*_test.go"))
-	if err != nil {
-		return nil, err
-	}
-	var allTests []string
-	for _, testGoFile := range testGoFiles {
-		b, err := ioutil.ReadFile(testGoFile)
-		if err != nil {
-			return nil, err
-		}
-		tests, err := enumerateTestsForBytes(b)
-		if err != nil {
-			return nil, err
-		}
-		allTests = append(allTests, tests...)
-	}
-	return allTests, nil
-}
diff --git a/hack/integration-cli-on-swarm/host/enumerate_test.go b/hack/integration-cli-on-swarm/host/enumerate_test.go
deleted file mode 100644
index d6049ae52e9b9..0000000000000
--- a/hack/integration-cli-on-swarm/host/enumerate_test.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package main
-
-import (
-	"os"
-	"path/filepath"
-	"reflect"
-	"sort"
-	"strings"
-	"testing"
-)
-
-func getRepoTopDir(t *testing.T) string {
-	wd, err := os.Getwd()
-	if err != nil {
-		t.Fatal(err)
-	}
-	wd = filepath.Clean(wd)
-	suffix := "hack/integration-cli-on-swarm/host"
-	if !strings.HasSuffix(wd, suffix) {
-		t.Skipf("cwd seems strange (needs to have suffix %s): %v", suffix, wd)
-	}
-	return filepath.Clean(filepath.Join(wd, "../../.."))
-}
-
-func TestEnumerateTests(t *testing.T) {
-	if testing.Short() {
-		t.Skip("skipping in short mode")
-	}
-	tests, err := enumerateTests(getRepoTopDir(t))
-	if err != nil {
-		t.Fatal(err)
-	}
-	sort.Strings(tests)
-	t.Logf("enumerated %d test filter strings:", len(tests))
-	for _, s := range tests {
-		t.Logf("- %q", s)
-	}
-}
-
-func TestEnumerateTestsForBytes(t *testing.T) {
-	b := []byte(`package main
-import (
-	"github.com/go-check/check"
-)
-
-func (s *FooSuite) TestA(c *check.C) {
-}
-
-func (s *FooSuite) TestAAA(c *check.C) {
-}
-
-func (s *BarSuite) TestBar(c *check.C) {
-}
-
-func (x *FooSuite) TestC(c *check.C) {
-}
-
-func (*FooSuite) TestD(c *check.C) {
-}
-
-// should not be counted
-func (s *FooSuite) testE(c *check.C) {
-}
-
-// counted, although we don't support ungofmt file
-  func   (s *FooSuite)    TestF  (c   *check.C){}
-`)
-	expected := []string{
-		"FooSuite.TestA$",
-		"FooSuite.TestAAA$",
-		"BarSuite.TestBar$",
-		"FooSuite.TestC$",
-		"FooSuite.TestD$",
-		"FooSuite.TestF$",
-	}
-
-	actual, err := enumerateTestsForBytes(b)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !reflect.DeepEqual(expected, actual) {
-		t.Fatalf("expected %q, got %q", expected, actual)
-	}
-}
diff --git a/hack/integration-cli-on-swarm/host/host.go b/hack/integration-cli-on-swarm/host/host.go
deleted file mode 100644
index fdc2a83e7f009..0000000000000
--- a/hack/integration-cli-on-swarm/host/host.go
+++ /dev/null
@@ -1,198 +0,0 @@
-package main
-
-import (
-	"context"
-	"flag"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/sirupsen/logrus"
-)
-
-const (
-	defaultStackName       = "integration-cli-on-swarm"
-	defaultVolumeName      = "integration-cli-on-swarm"
-	defaultMasterImageName = "integration-cli-master"
-	defaultWorkerImageName = "integration-cli-worker"
-)
-
-func main() {
-	rc, err := xmain()
-	if err != nil {
-		logrus.Fatalf("fatal error: %v", err)
-	}
-	os.Exit(rc)
-}
-
-func xmain() (int, error) {
-	// Should we use cobra maybe?
-	replicas := flag.Int("replicas", 1, "Number of worker service replica")
-	chunks := flag.Int("chunks", 0, "Number of test chunks executed in batch (0 == replicas)")
-	pushWorkerImage := flag.String("push-worker-image", "", "Push the worker image to the registry. Required for distributed execution. (empty == not to push)")
-	shuffle := flag.Bool("shuffle", false, "Shuffle the input so as to mitigate makespan nonuniformity")
-	// flags below are rarely used
-	randSeed := flag.Int64("rand-seed", int64(0), "Random seed used for shuffling (0 == current time)")
-	filtersFile := flag.String("filters-file", "", "Path to optional file composed of `-check.f` filter strings")
-	dryRun := flag.Bool("dry-run", false, "Dry run")
-	keepExecutor := flag.Bool("keep-executor", false, "Do not auto-remove executor containers, which is used for running privileged programs on Swarm")
-	flag.Parse()
-	if *chunks == 0 {
-		*chunks = *replicas
-	}
-	if *randSeed == int64(0) {
-		*randSeed = time.Now().UnixNano()
-	}
-	cli, err := client.NewEnvClient()
-	if err != nil {
-		return 1, err
-	}
-	if hasStack(cli, defaultStackName) {
-		logrus.Infof("Removing stack %s", defaultStackName)
-		removeStack(cli, defaultStackName)
-	}
-	if hasVolume(cli, defaultVolumeName) {
-		logrus.Infof("Removing volume %s", defaultVolumeName)
-		removeVolume(cli, defaultVolumeName)
-	}
-	if err = ensureImages(cli, []string{defaultWorkerImageName, defaultMasterImageName}); err != nil {
-		return 1, err
-	}
-	workerImageForStack := defaultWorkerImageName
-	if *pushWorkerImage != "" {
-		logrus.Infof("Pushing %s to %s", defaultWorkerImageName, *pushWorkerImage)
-		if err = pushImage(cli, *pushWorkerImage, defaultWorkerImageName); err != nil {
-			return 1, err
-		}
-		workerImageForStack = *pushWorkerImage
-	}
-	compose, err := createCompose("", cli, composeOptions{
-		Replicas:     *replicas,
-		Chunks:       *chunks,
-		MasterImage:  defaultMasterImageName,
-		WorkerImage:  workerImageForStack,
-		Volume:       defaultVolumeName,
-		Shuffle:      *shuffle,
-		RandSeed:     *randSeed,
-		DryRun:       *dryRun,
-		KeepExecutor: *keepExecutor,
-	})
-	if err != nil {
-		return 1, err
-	}
-	filters, err := filtersBytes(*filtersFile)
-	if err != nil {
-		return 1, err
-	}
-	logrus.Infof("Creating volume %s with input data", defaultVolumeName)
-	if err = createVolumeWithData(cli,
-		defaultVolumeName,
-		map[string][]byte{"/input": filters},
-		defaultMasterImageName); err != nil {
-		return 1, err
-	}
-	logrus.Infof("Deploying stack %s from %s", defaultStackName, compose)
-	defer func() {
-		logrus.Infof("NOTE: You may want to inspect or clean up following resources:")
-		logrus.Infof(" - Stack: %s", defaultStackName)
-		logrus.Infof(" - Volume: %s", defaultVolumeName)
-		logrus.Infof(" - Compose file: %s", compose)
-		logrus.Infof(" - Master image: %s", defaultMasterImageName)
-		logrus.Infof(" - Worker image: %s", workerImageForStack)
-	}()
-	if err = deployStack(cli, defaultStackName, compose); err != nil {
-		return 1, err
-	}
-	logrus.Infof("The log will be displayed here after some duration."+
-		"You can watch the live status via `docker service logs %s_worker`",
-		defaultStackName)
-	masterContainerID, err := waitForMasterUp(cli, defaultStackName)
-	if err != nil {
-		return 1, err
-	}
-	rc, err := waitForContainerCompletion(cli, os.Stdout, os.Stderr, masterContainerID)
-	if err != nil {
-		return 1, err
-	}
-	logrus.Infof("Exit status: %d", rc)
-	return int(rc), nil
-}
-
-func ensureImages(cli *client.Client, images []string) error {
-	for _, image := range images {
-		_, _, err := cli.ImageInspectWithRaw(context.Background(), image)
-		if err != nil {
-			return fmt.Errorf("could not find image %s, please run `make build-integration-cli-on-swarm`: %v",
-				image, err)
-		}
-	}
-	return nil
-}
-
-func filtersBytes(optionalFiltersFile string) ([]byte, error) {
-	var b []byte
-	if optionalFiltersFile == "" {
-		tests, err := enumerateTests(".")
-		if err != nil {
-			return b, err
-		}
-		b = []byte(strings.Join(tests, "\n") + "\n")
-	} else {
-		var err error
-		b, err = ioutil.ReadFile(optionalFiltersFile)
-		if err != nil {
-			return b, err
-		}
-	}
-	return b, nil
-}
-
-func waitForMasterUp(cli *client.Client, stackName string) (string, error) {
-	// FIXME(AkihiroSuda): it should retry until master is up, rather than pre-sleeping
-	time.Sleep(10 * time.Second)
-
-	fil := filters.NewArgs()
-	fil.Add("label", "com.docker.stack.namespace="+stackName)
-	// FIXME(AkihiroSuda): we should not rely on internal service naming convention
-	fil.Add("label", "com.docker.swarm.service.name="+stackName+"_master")
-	masters, err := cli.ContainerList(context.Background(), types.ContainerListOptions{
-		All:     true,
-		Filters: fil,
-	})
-	if err != nil {
-		return "", err
-	}
-	if len(masters) == 0 {
-		return "", fmt.Errorf("master not running in stack %s?", stackName)
-	}
-	return masters[0].ID, nil
-}
-
-func waitForContainerCompletion(cli *client.Client, stdout, stderr io.Writer, containerID string) (int64, error) {
-	stream, err := cli.ContainerLogs(context.Background(),
-		containerID,
-		types.ContainerLogsOptions{
-			ShowStdout: true,
-			ShowStderr: true,
-			Follow:     true,
-		})
-	if err != nil {
-		return 1, err
-	}
-	stdcopy.StdCopy(stdout, stderr, stream)
-	stream.Close()
-	resultC, errC := cli.ContainerWait(context.Background(), containerID, "")
-	select {
-	case err := <-errC:
-		return 1, err
-	case result := <-resultC:
-		return result.StatusCode, nil
-	}
-}
diff --git a/hack/integration-cli-on-swarm/host/volume.go b/hack/integration-cli-on-swarm/host/volume.go
deleted file mode 100644
index a6ddc6fae75da..0000000000000
--- a/hack/integration-cli-on-swarm/host/volume.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package main
-
-import (
-	"archive/tar"
-	"bytes"
-	"context"
-	"io"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/client"
-)
-
-func createTar(data map[string][]byte) (io.Reader, error) {
-	var b bytes.Buffer
-	tw := tar.NewWriter(&b)
-	for path, datum := range data {
-		hdr := tar.Header{
-			Name: path,
-			Mode: 0644,
-			Size: int64(len(datum)),
-		}
-		if err := tw.WriteHeader(&hdr); err != nil {
-			return nil, err
-		}
-		_, err := tw.Write(datum)
-		if err != nil {
-			return nil, err
-		}
-	}
-	if err := tw.Close(); err != nil {
-		return nil, err
-	}
-	return &b, nil
-}
-
-// createVolumeWithData creates a volume with the given data (e.g. data["/foo"] = []byte("bar"))
-// Internally, a container is created from the image so as to provision the data to the volume,
-// which is attached to the container.
-func createVolumeWithData(cli *client.Client, volumeName string, data map[string][]byte, image string) error {
-	_, err := cli.VolumeCreate(context.Background(),
-		volume.VolumeCreateBody{
-			Driver: "local",
-			Name:   volumeName,
-		})
-	if err != nil {
-		return err
-	}
-	mnt := "/mnt"
-	miniContainer, err := cli.ContainerCreate(context.Background(),
-		&container.Config{
-			Image: image,
-		},
-		&container.HostConfig{
-			Mounts: []mount.Mount{
-				{
-					Type:   mount.TypeVolume,
-					Source: volumeName,
-					Target: mnt,
-				},
-			},
-		}, nil, "")
-	if err != nil {
-		return err
-	}
-	tr, err := createTar(data)
-	if err != nil {
-		return err
-	}
-	if cli.CopyToContainer(context.Background(),
-		miniContainer.ID, mnt, tr, types.CopyToContainerOptions{}); err != nil {
-		return err
-	}
-	return cli.ContainerRemove(context.Background(),
-		miniContainer.ID,
-		types.ContainerRemoveOptions{})
-}
-
-func hasVolume(cli *client.Client, volumeName string) bool {
-	_, err := cli.VolumeInspect(context.Background(), volumeName)
-	return err == nil
-}
-
-func removeVolume(cli *client.Client, volumeName string) error {
-	return cli.VolumeRemove(context.Background(), volumeName, true)
-}
diff --git a/hack/make.ps1 b/hack/make.ps1
index 4ee47ba847c2a..ea6d5269b3ee0 100644
--- a/hack/make.ps1
+++ b/hack/make.ps1
@@ -60,6 +60,9 @@
 .PARAMETER TestUnit
      Runs unit tests.
 
+.PARAMETER TestIntegration
+     Runs integration tests.
+
 .PARAMETER All
      Runs everything this script knows about that can run in a container.
 
@@ -84,12 +87,14 @@ param(
     [Parameter(Mandatory=$False)][switch]$PkgImports,
     [Parameter(Mandatory=$False)][switch]$GoFormat,
     [Parameter(Mandatory=$False)][switch]$TestUnit,
+    [Parameter(Mandatory=$False)][switch]$TestIntegration,
     [Parameter(Mandatory=$False)][switch]$All
 )
 
 $ErrorActionPreference = "Stop"
 $ProgressPreference = "SilentlyContinue"
 $pushed=$False  # To restore the directory if we have temporarily pushed to one.
+Set-Variable GOTESTSUM_LOCATION -option Constant -value "$env:GOPATH/bin/"
 
 # Utility function to get the commit ID of the repository
 Function Get-GitCommit() {
@@ -130,7 +135,7 @@ Function Check-InContainer() {
 # outside of a container where it may be out of date with master.
 Function Verify-GoVersion() {
     Try {
-        $goVersionDockerfile=(Select-String -Path ".\Dockerfile" -Pattern "^FROM golang:").ToString().Split(" ")[1].SubString(7) -replace '\.0$',''
+        $goVersionDockerfile=(Select-String -Path ".\Dockerfile" -Pattern "^ARG[\s]+GO_VERSION=(.*)$").Matches.groups[1].Value -replace '\.0$',''
         $goVersionInstalled=(go version).ToString().Split(" ")[2].SubString(2)
     }
     Catch [Exception] {
@@ -218,7 +223,7 @@ Function Validate-DCO($headCommit, $upstreamCommit) {
     if ($LASTEXITCODE -ne 0) { Throw "Failed git log --format" }
     $commits = $($commits -split '\s+' -match '\S')
     $badCommits=@()
-    $commits | %{
+    $commits | ForEach-Object{
         # Skip commits with no content such as merge commits etc
         if ($(git log -1 --format=format: --name-status $_).Length -gt 0) {
             # Ignore exit code on next call - always process regardless
@@ -244,7 +249,7 @@ Function Validate-PkgImports($headCommit, $upstreamCommit) {
 
     # Get a list of go source-code files which have changed under pkg\. Ignore exit code on next call - always process regardless
     $files=@(); $files = Invoke-Expression "git diff $upstreamCommit...$headCommit --diff-filter=ACMR --name-only -- `'pkg\*.go`'"
-    $badFiles=@(); $files | %{
+    $badFiles=@(); $files | ForEach-Object{
         $file=$_
         # For the current changed file, get its list of dependencies, sorted and uniqued.
         $imports = Invoke-Expression "go list -e -f `'{{ .Deps }}`' $file"
@@ -255,13 +260,13 @@ Function Validate-PkgImports($headCommit, $upstreamCommit) {
                                   -NotMatch "^github.com/docker/docker/vendor" `
                                   -Match "^github.com/docker/docker" `
                                   -Replace "`n", ""
-        $imports | % { $badFiles+="$file imports $_`n" }
+        $imports | ForEach-Object{ $badFiles+="$file imports $_`n" }
     }
     if ($badFiles.Length -eq 0) {
         Write-Host 'Congratulations!  ".\pkg\*.go" is safely isolated from internal code.'
     } else {
         $e = "`nThese files import internal code: (either directly or indirectly)`n"
-        $badFiles | %{ $e+=" - $_"}
+        $badFiles | ForEach-Object{ $e+=" - $_"}
         Throw $e
     }
 }
@@ -297,7 +302,7 @@ Function Validate-GoFormat($headCommit, $upstreamCommit) {
         Write-Host 'Congratulations!  All Go source files are properly formatted.'
     } else {
         $e = "`nThese files are not properly gofmt`'d:`n"
-        $badFiles | %{ $e+=" - $_`n"}
+        $badFiles | ForEach-Object{ $e+=" - $_`n"}
         $e+= "`nPlease reformat the above files using `"gofmt -s -w`" and commit the result."
         Throw $e
     }
@@ -315,9 +320,56 @@ Function Run-UnitTests() {
     $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/man"
     $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/integration"
     $pkgList = $pkgList -replace "`r`n", " "
-    $goTestCommand = "go test" + $raceParm + " -cover -ldflags -w -tags """ + "autogen daemon" + """ -a """ + "-test.timeout=10m" + """ $pkgList"
-    Invoke-Expression $goTestCommand
-    if ($LASTEXITCODE -ne 0) { Throw "Unit tests failed" }
+
+    $goTestArg = "--format=standard-verbose --jsonfile=bundles\go-test-report-unit-tests.json --junitfile=bundles\junit-report-unit-tests.xml -- " + $raceParm + " -cover -ldflags -w -a """ + "-test.timeout=10m" + """ $pkgList"
+    Write-Host "INFO: Invoking unit tests run with $GOTESTSUM_LOCATION\gotestsum.exe $goTestArg"
+    $pinfo = New-Object System.Diagnostics.ProcessStartInfo
+    $pinfo.FileName = "$GOTESTSUM_LOCATION\gotestsum.exe"
+    $pinfo.WorkingDirectory = "$($PWD.Path)"
+    $pinfo.UseShellExecute = $false
+    $pinfo.Arguments = $goTestArg
+    $p = New-Object System.Diagnostics.Process
+    $p.StartInfo = $pinfo
+    $p.Start() | Out-Null
+    $p.WaitForExit()
+    if ($p.ExitCode -ne 0) { Throw "Unit tests failed" }
+}
+
+# Run the integration tests
+Function Run-IntegrationTests() {
+    $escRoot = [Regex]::Escape($root)
+    $env:DOCKER_INTEGRATION_DAEMON_DEST = $bundlesDir + "\tmp"
+    $dirs = go list -test -f '{{- if ne .ForTest `"`" -}}{{- .Dir -}}{{- end -}}' .\integration\...
+    ForEach($dir in $dirs) {
+        # Normalize directory name for using in the test results files.
+        $normDir = $dir.Trim()
+        $normDir = $normDir -replace $escRoot, ""
+        $normDir = $normDir -replace "\\", "-"
+        $normDir = $normDir -replace "\/", "-"
+        $normDir = $normDir -replace "\.", "-"
+        if ($normDir.StartsWith("-"))
+        {
+            $normDir = $normDir.TrimStart("-")
+        }
+        if ($normDir.EndsWith("-"))
+        {
+            $normDir = $normDir.TrimEnd("-")
+        }
+        $jsonFilePath = $bundlesDir + "\go-test-report-int-tests-$normDir" + ".json"
+        $xmlFilePath = $bundlesDir + "\junit-report-int-tests-$normDir" + ".xml"
+        Set-Location $dir
+        Write-Host "Running $($PWD.Path)"
+        $pinfo = New-Object System.Diagnostics.ProcessStartInfo
+        $pinfo.FileName = "gotestsum.exe"
+        $pinfo.WorkingDirectory = "$($PWD.Path)"
+        $pinfo.UseShellExecute = $false
+        $pinfo.Arguments = "--format=standard-verbose --jsonfile=$jsonFilePath --junitfile=$xmlFilePath -- -test.timeout=60m $env:INTEGRATION_TESTFLAGS"
+        $p = New-Object System.Diagnostics.Process
+        $p.StartInfo = $pinfo
+        $p.Start() | Out-Null
+        $p.WaitForExit()
+        if ($p.ExitCode -ne 0) { Throw "Integration tests failed" }
+    }
 }
 
 # Start of main code.
@@ -328,16 +380,21 @@ Try {
     $root = $(Split-Path $MyInvocation.MyCommand.Definition -Parent | Split-Path -Parent)
     Push-Location $root
 
+    # Ensure the bundles directory exists
+    $bundlesDir = $root + "\bundles"
+    Set-Variable bundlesDir -option ReadOnly
+    New-Item -Force $bundlesDir -ItemType Directory | Out-Null
+
     # Handle the "-All" shortcut to turn on all things we can handle.
     # Note we expressly only include the items which can run in a container - the validations tests cannot
     # as they require the .git directory which is excluded from the image by .dockerignore
-    if ($All) { $Client=$True; $Daemon=$True; $TestUnit=$True }
+    if ($All) { $Client=$True; $Daemon=$True; $TestUnit=$True; }
 
     # Handle the "-Binary" shortcut to build both client and daemon.
     if ($Binary) { $Client = $True; $Daemon = $True }
 
     # Default to building the daemon if not asked for anything explicitly.
-    if (-not($Client) -and -not($Daemon) -and -not($DCO) -and -not($PkgImports) -and -not($GoFormat) -and -not($TestUnit)) { $Daemon=$True }
+    if (-not($Client) -and -not($Daemon) -and -not($DCO) -and -not($PkgImports) -and -not($GoFormat) -and -not($TestUnit) -and -not($TestIntegration)) { $Daemon=$True }
 
     # Verify git is installed
     if ($(Get-Command git -ErrorAction SilentlyContinue) -eq $nil) { Throw "Git does not appear to be installed" }
@@ -351,6 +408,8 @@ Try {
 
     # Get the version of docker (eg 17.04.0-dev)
     $dockerVersion="0.0.0-dev"
+    # Overwrite dockerVersion if VERSION Environment variable is available
+    if (Test-Path Env:\VERSION) { $dockerVersion=$env:VERSION }
 
     # Give a warning if we are not running in a container and are building binaries or running unit tests.
     # Not relevant for validation tests as these are fine to run outside of a container.
@@ -387,15 +446,13 @@ Try {
 
     # Build the binaries
     if ($Client -or $Daemon) {
-        # Create the bundles directory if it doesn't exist
-        if (-not (Test-Path ".\bundles")) { New-Item ".\bundles" -ItemType Directory | Out-Null }
 
         # Perform the actual build
         if ($Daemon) { Execute-Build "daemon" "daemon" "dockerd" }
         if ($Client) {
             # Get the Docker channel and version from the environment, or use the defaults.
-            if (-not ($channel = $env:DOCKERCLI_CHANNEL)) { $channel = "edge" }
-            if (-not ($version = $env:DOCKERCLI_VERSION)) { $version = "17.06.0-ce" }
+            if (-not ($channel = $env:DOCKERCLI_CHANNEL)) { $channel = "stable" }
+            if (-not ($version = $env:DOCKERCLI_VERSION)) { $version = "17.06.2-ce" }
 
             # Download the zip file and extract the client executable.
             Write-Host "INFO: Downloading docker/cli version $version from $channel..."
@@ -423,6 +480,9 @@ Try {
     # Run unit tests
     if ($TestUnit) { Run-UnitTests }
 
+    # Run integration tests
+    if ($TestIntegration) { Run-IntegrationTests }
+
     # Gratuitous ASCII art.
     if ($Daemon -or $Client) {
         Write-Host
@@ -449,7 +509,7 @@ Catch [Exception] {
     Write-Host -ForegroundColor Red  "     \/        \/             \/     \/ "
     Write-Host
 
-    Throw $_
+    exit 1
 }
 Finally {
     Pop-Location # As we pushed to the root of the repo as the very first thing
diff --git a/hack/make.sh b/hack/make.sh
index 62c72a09e2305..427def3aca3b6 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -24,44 +24,18 @@ set -e
 set -o pipefail
 
 export DOCKER_PKG='github.com/docker/docker'
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 export MAKEDIR="$SCRIPTDIR/make"
 export PKG_CONFIG=${PKG_CONFIG:-pkg-config}
 
-# We're a nice, sexy, little shell script, and people might try to run us;
-# but really, they shouldn't. We want to be in a container!
-inContainer="AssumeSoInitially"
-if [ "$(go env GOHOSTOS)" = 'windows' ]; then
-	if [ -z "$FROM_DOCKERFILE" ]; then
-		unset inContainer
-	fi
-else
-	if [ "$PWD" != "/go/src/$DOCKER_PKG" ]; then
-		unset inContainer
-	fi
-fi
-
-if [ -z "$inContainer" ]; then
-	{
-		echo "# WARNING! I don't seem to be running in a Docker container."
-		echo "# The result of this command might be an incorrect build, and will not be"
-		echo "# officially supported."
-		echo "#"
-		echo "# Try this instead: make all"
-		echo "#"
-	} >&2
-fi
-
 echo
 
 # List of bundles to create when no argument is passed
 DEFAULT_BUNDLES=(
 	binary-daemon
 	dynbinary
-
 	test-integration
 	test-docker-py
-
 	cross
 )
 
@@ -109,28 +83,21 @@ add_buildtag() {
 	[[ " $DOCKER_BUILDTAGS" == *" $1_"* ]] || DOCKER_BUILDTAGS+=" $1_$2"
 }
 
-if ${PKG_CONFIG} 'libsystemd >= 209' 2> /dev/null ; then
+if ${PKG_CONFIG} 'libsystemd >= 209' 2> /dev/null; then
 	DOCKER_BUILDTAGS+=" journald"
-elif ${PKG_CONFIG} 'libsystemd-journal' 2> /dev/null ; then
+elif ${PKG_CONFIG} 'libsystemd-journal' 2> /dev/null; then
 	DOCKER_BUILDTAGS+=" journald journald_compat"
 fi
 
-# test whether "btrfs/version.h" exists and apply btrfs_noversion appropriately
-if \
-	command -v gcc &> /dev/null \
-	&& ! gcc -E - -o /dev/null &> /dev/null <<<'#include <btrfs/version.h>' \
-; then
-	DOCKER_BUILDTAGS+=' btrfs_noversion'
-fi
-
 # test whether "libdevmapper.h" is new enough to support deferred remove
 # functionality. We favour libdm_dlsym_deferred_remove over
 # libdm_no_deferred_remove in dynamic cases because the binary could be shipped
 # with a newer libdevmapper than the one it was built with.
-if \
+if
 	command -v gcc &> /dev/null \
-	&& ! ( echo -e  '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null ) \
-; then
+		&& ! (echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }' | gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null) \
+		;
+then
 	add_buildtag libdm dlsym_deferred_remove
 fi
 
@@ -145,19 +112,10 @@ LDFLAGS_STATIC=''
 EXTLDFLAGS_STATIC='-static'
 # ORIG_BUILDFLAGS is necessary for the cross target which cannot always build
 # with options like -race.
-ORIG_BUILDFLAGS=( -tags "autogen netgo osusergo static_build $DOCKER_BUILDTAGS" -installsuffix netgo )
+ORIG_BUILDFLAGS=(-tags "netgo osusergo static_build $DOCKER_BUILDTAGS" -installsuffix netgo)
 # see https://github.com/golang/go/issues/9369#issuecomment-69864440 for why -installsuffix is necessary here
 
-BUILDFLAGS=( $BUILDFLAGS "${ORIG_BUILDFLAGS[@]}" )
-
-# Test timeout.
-if [ "${DOCKER_ENGINE_GOARCH}" == "arm64" ] || [ "${DOCKER_ENGINE_GOARCH}" == "arm" ]; then
-	: ${TIMEOUT:=10m}
-elif [ "${DOCKER_ENGINE_GOARCH}" == "windows" ]; then
-	: ${TIMEOUT:=8m}
-else
-	: ${TIMEOUT:=5m}
-fi
+BUILDFLAGS=(${BUILDFLAGS} "${ORIG_BUILDFLAGS[@]}")
 
 LDFLAGS_STATIC_DOCKER="
 	$LDFLAGS_STATIC
@@ -175,25 +133,24 @@ if [ "$(uname -s)" = 'FreeBSD' ]; then
 fi
 
 bundle() {
-	local bundle="$1"; shift
+	local bundle="$1"
+	shift
 	echo "---> Making bundle: $(basename "$bundle") (in $DEST)"
 	source "$SCRIPTDIR/make/$bundle" "$@"
 }
 
 main() {
-	if [ -z "${KEEPBUNDLE-}" ]; then
-		echo "Removing bundles/"
-		rm -rf "bundles/*"
-		echo
+	bundle_dir="bundles"
+	if [ -n "${PREFIX}" ]; then
+		bundle_dir="${PREFIX}/${bundle_dir}"
 	fi
-	mkdir -p bundles
 
-	# Windows and symlinks don't get along well
-	if [ "$(go env GOHOSTOS)" != 'windows' ]; then
-		rm -f bundles/latest
-		# preserve latest symlink for backward compatibility
-		ln -sf . bundles/latest
+	if [ -z "${KEEPBUNDLE-}" ]; then
+		echo "Removing ${bundle_dir}/"
+		rm -rf "${bundle_dir}"/*
+		echo
 	fi
+	mkdir -p "${bundle_dir}"
 
 	if [ $# -lt 1 ]; then
 		bundles=(${DEFAULT_BUNDLES[@]})
@@ -201,7 +158,7 @@ main() {
 		bundles=($@)
 	fi
 	for bundle in ${bundles[@]}; do
-		export DEST="bundles/$(basename "$bundle")"
+		export DEST="${bundle_dir}/$(basename "$bundle")"
 		# Cygdrive paths don't play well with go build -o.
 		if [[ "$(uname -s)" == CYGWIN* ]]; then
 			export DEST="$(cygpath -mw "$DEST")"
diff --git a/hack/make/.binary b/hack/make/.binary
index 010c2c11daf1d..371af7536bbbd 100644
--- a/hack/make/.binary
+++ b/hack/make/.binary
@@ -8,8 +8,6 @@ binary_extension() {
 	fi
 }
 
-GO_PACKAGE='github.com/docker/docker/cmd/dockerd'
-BINARY_SHORT_NAME='dockerd'
 BINARY_NAME="$BINARY_SHORT_NAME-$VERSION"
 BINARY_EXTENSION="$(binary_extension)"
 BINARY_FULLNAME="$BINARY_NAME$BINARY_EXTENSION"
@@ -38,37 +36,69 @@ hash_files() {
 }
 
 (
-export GOGC=${DOCKER_BUILD_GOGC:-1000}
+	export GOGC=${DOCKER_BUILD_GOGC:-1000}
 
-if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARCH)" ]; then
-	# must be cross-compiling!
+	if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARCH)" ]; then
+		# must be cross-compiling!
+		case "$(go env GOOS)/$(go env GOARCH)" in
+			windows/amd64)
+				export CC="${CC:-x86_64-w64-mingw32-gcc}"
+				export CGO_ENABLED=1
+				;;
+			linux/arm)
+				case "${GOARM}" in
+					5 | "")
+						export CC="${CC:-arm-linux-gnueabi-gcc}"
+						export CGO_ENABLED=1
+						;;
+					7)
+						export CC="${CC:-arm-linux-gnueabihf-gcc}"
+						export CGO_ENABLED=1
+						;;
+				esac
+				;;
+			linux/arm64)
+				export CC="${CC:-aarch64-linux-gnu-gcc}"
+				export CGO_ENABLED=1
+				;;
+			linux/amd64)
+				export CC="${CC:-x86_64-linux-gnu-gcc}"
+				export CGO_ENABLED=1
+				;;
+			linux/ppc64le)
+				export CC="${CC:-powerpc64le-linux-gnu-gcc}"
+				export CGO_ENABLED=1
+				;;
+			linux/s390x)
+				export CC="${CC:-s390x-linux-gnu-gcc}"
+				export CGO_ENABLED=1
+				;;
+		esac
+	fi
+
+	# -buildmode=pie is not supported on Windows and Linux on mips, riscv64 and ppc64be.
+	# https://github.com/golang/go/blob/77aa209b386a184e7f4b44938f2a05a1b5c5a3cf/src/cmd/internal/sys/supported.go#L89-L99
 	case "$(go env GOOS)/$(go env GOARCH)" in
-		windows/amd64)
-			export CC=x86_64-w64-mingw32-gcc
-			export CGO_ENABLED=1
+		windows/* | linux/mips* | linux/riscv* | linux/ppc64) ;;
+		# TODO remove windows in Go 1.15+: https://github.com/golang/go/commit/95f382139043059a2a0780ba577b53893408f7e4
+		# TODO remove riscv64 in Go 1.16+: https://github.com/golang/go/commit/8eb846fd37eb7bded8a1cf6932be2c59069863e5
+
+		*)
+			BUILDFLAGS+=("-buildmode=pie")
 			;;
 	esac
-fi
-
-# -buildmode=pie is not supported on Windows and Linux on mips.
-case "$(go env GOOS)/$(go env GOARCH)" in
-	windows/*|linux/mips*)
-		;;
-	*)
-		BUILDFLAGS+=( "-buildmode=pie" )
-		;;
-esac
 
-echo "Building: $DEST/$BINARY_FULLNAME"
-go build \
-	-o "$DEST/$BINARY_FULLNAME" \
-	"${BUILDFLAGS[@]}" \
-	-ldflags "
+	echo "Building: $DEST/$BINARY_FULLNAME"
+	echo "GOOS=\"${GOOS}\" GOARCH=\"${GOARCH}\" GOARM=\"${GOARM}\""
+	go build \
+		-o "$DEST/$BINARY_FULLNAME" \
+		"${BUILDFLAGS[@]}" \
+		-ldflags "
 		$LDFLAGS
 		$LDFLAGS_STATIC_DOCKER
 		$DOCKER_LDFLAGS
 	" \
-	$GO_PACKAGE
+		${GO_PACKAGE}
 )
 
 echo "Created binary: $DEST/$BINARY_FULLNAME"
diff --git a/hack/make/.binary-setup b/hack/make/.binary-setup
deleted file mode 100644
index 69bb39b364c6e..0000000000000
--- a/hack/make/.binary-setup
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-DOCKER_DAEMON_BINARY_NAME='dockerd'
-DOCKER_RUNC_BINARY_NAME='runc'
-DOCKER_CONTAINERD_BINARY_NAME='containerd'
-DOCKER_CONTAINERD_CTR_BINARY_NAME='ctr'
-DOCKER_CONTAINERD_SHIM_BINARY_NAME='containerd-shim'
-DOCKER_PROXY_BINARY_NAME='docker-proxy'
-DOCKER_INIT_BINARY_NAME='docker-init'
diff --git a/hack/make/.detect-daemon-osarch b/hack/make/.detect-daemon-osarch
index 91e2c53c7565a..9190cd0264bae 100644
--- a/hack/make/.detect-daemon-osarch
+++ b/hack/make/.detect-daemon-osarch
@@ -2,13 +2,13 @@
 set -e
 
 docker-version-osarch() {
-	if ! type docker &>/dev/null; then
+	if ! type docker &> /dev/null; then
 		# docker is not installed
 		return
 	fi
 	local target="$1" # "Client" or "Server"
 	local fmtStr="{{.${target}.Os}}/{{.${target}.Arch}}"
-	if docker version -f "$fmtStr" 2>/dev/null; then
+	if docker version -f "$fmtStr" 2> /dev/null; then
 		# if "docker version -f" works, let's just use that!
 		return
 	fi
diff --git a/hack/make/.go-autogen b/hack/make/.go-autogen
index 6397cdc2d3414..5fe33555a5346 100644
--- a/hack/make/.go-autogen
+++ b/hack/make/.go-autogen
@@ -1,51 +1,24 @@
 #!/usr/bin/env bash
 
-rm -rf autogen
+rm -rf autogen/*
 
 source hack/dockerfile/install/runc.installer
 source hack/dockerfile/install/tini.installer
 source hack/dockerfile/install/containerd.installer
 
-cat > dockerversion/version_autogen.go <<DVEOF
-// +build autogen
-
-// Package dockerversion is auto-generated at build-time
-package dockerversion
-
-// Default build-time variable for library-import.
-// This file is overridden on build with build-time information.
-const (
-	GitCommit             string = "$GITCOMMIT"
-	Version               string = "$VERSION"
-	BuildTime             string = "$BUILDTIME"
-	IAmStatic             string = "${IAMSTATIC:-true}"
-	PlatformName          string = "${PLATFORM}"
-	ProductName           string = "${PRODUCT}"
-	DefaultProductLicense string = "${DEFAULT_PRODUCT_LICENSE}"
-)
-
-// AUTOGENERATED FILE; see /go/src/github.com/docker/docker/hack/make/.go-autogen
-DVEOF
-
-cat > dockerversion/version_autogen_unix.go <<DVEOF
-// +build autogen,!windows
-
-// Package dockerversion is auto-generated at build-time
-package dockerversion
-
-// Default build-time variable for library-import.
-// This file is overridden on build with build-time information.
-const (
-	InitCommitID string = "${TINI_COMMIT}"
-)
-
-// AUTOGENERATED FILE; see /go/src/github.com/docker/docker/hack/make/.go-autogen
-DVEOF
+LDFLAGS="${LDFLAGS} \
+	-X \"github.com/docker/docker/dockerversion.Version=${VERSION}\" \
+	-X \"github.com/docker/docker/dockerversion.GitCommit=${GITCOMMIT}\" \
+	-X \"github.com/docker/docker/dockerversion.BuildTime=${BUILDTIME}\" \
+	-X \"github.com/docker/docker/dockerversion.IAmStatic=${IAMSTATIC:-true}\" \
+	-X \"github.com/docker/docker/dockerversion.PlatformName=${PLATFORM}\" \
+	-X \"github.com/docker/docker/dockerversion.ProductName=${PRODUCT}\" \
+	-X \"github.com/docker/docker/dockerversion.DefaultProductLicense=${DEFAULT_PRODUCT_LICENSE}\" \
+"
 
 # Compile the Windows resources into the sources
 if [ "$(go env GOOS)" = "windows" ]; then
-	mkdir -p autogen/winresources/tmp autogen/winresources/docker autogen/winresources/dockerd
-	cp hack/make/.resources-windows/resources.go autogen/winresources/docker/
+	mkdir -p autogen/winresources/tmp autogen/winresources/dockerd
 	cp hack/make/.resources-windows/resources.go autogen/winresources/dockerd/
 
 	if [ "$(go env GOHOSTOS)" == "windows" ]; then
@@ -58,7 +31,9 @@ if [ "$(go env GOOS)" = "windows" ]; then
 	fi
 
 	# Generate a Windows file version of the form major,minor,patch,build (with any part optional)
-	VERSION_QUAD=$(echo -n $VERSION | sed -re 's/^([0-9.]*).*$/\1/' | tr . ,)
+	if [ ! -v VERSION_QUAD ]; then
+		VERSION_QUAD=$(echo -n $VERSION | sed -re 's/^([0-9.]*).*$/\1/' | tr . ,)
+	fi
 
 	# Pass version and commit information into the resource compiler
 	defs=
@@ -67,7 +42,7 @@ if [ "$(go env GOOS)" = "windows" ]; then
 	[ ! -z $GITCOMMIT ]    && defs="$defs -D DOCKER_COMMIT=\"$GITCOMMIT\""
 
 	function makeres {
-		$WINDRES \
+		${WINDRES} \
 			-i hack/make/.resources-windows/$1 \
 			-o $3 \
 			-F $2 \
@@ -76,13 +51,11 @@ if [ "$(go env GOOS)" = "windows" ]; then
 			$defs
 	}
 
-	$WINDMC \
+	${WINDMC} \
 		hack/make/.resources-windows/event_messages.mc \
 		-h autogen/winresources/tmp \
 		-r autogen/winresources/tmp
 
-	makeres docker.rc pe-x86-64 autogen/winresources/docker/rsrc_amd64.syso
-	makeres docker.rc pe-i386 autogen/winresources/docker/rsrc_386.syso
 	makeres dockerd.rc pe-x86-64 autogen/winresources/dockerd/rsrc_amd64.syso
 
 	rm -r autogen/winresources/tmp
diff --git a/hack/make/.go-autogen.ps1 b/hack/make/.go-autogen.ps1
index 4256f152e8bcf..6cc658b510a52 100644
--- a/hack/make/.go-autogen.ps1
+++ b/hack/make/.go-autogen.ps1
@@ -43,26 +43,24 @@ package dockerversion
 // Default build-time variable for library-import.
 // This file is overridden on build with build-time information.
 const (
-    GitCommit             string = "'+$CommitString+'"
-    Version               string = "'+$DockerVersion+'"
-    BuildTime             string = "'+$buildDateTime+'"
-    PlatformName          string = "'+$Platform+'"
-    ProductName           string = "'+$Product+'"
-    DefaultProductLicense string = "'+$DefaultProductLicense+'"
+	GitCommit             string = "'+$CommitString+'"
+	Version               string = "'+$DockerVersion+'"
+	BuildTime             string = "'+$buildDateTime+'"
+	PlatformName          string = "'+$Platform+'"
+	ProductName           string = "'+$Product+'"
+	DefaultProductLicense string = "'+$DefaultProductLicense+'"
 )
 
 // AUTOGENERATED FILE; see hack\make\.go-autogen.ps1
 '
 
     # Write the file without BOM
-    $outputFile="$(pwd)\dockerversion\version_autogen.go"
+    $outputFile="$(Get-Location)\dockerversion\version_autogen.go"
     if (Test-Path $outputFile) { Remove-Item $outputFile }
     [System.IO.File]::WriteAllText($outputFile, $fileContents, (New-Object System.Text.UTF8Encoding($False)))
 
     New-Item -ItemType Directory -Path "autogen\winresources\tmp" | Out-Null
-    New-Item -ItemType Directory -Path "autogen\winresources\docker" | Out-Null
     New-Item -ItemType Directory -Path "autogen\winresources\dockerd" | Out-Null
-    Copy-Item "hack\make\.resources-windows\resources.go" "autogen\winresources\docker"
     Copy-Item "hack\make\.resources-windows\resources.go" "autogen\winresources\dockerd"
 
     # Generate a version in the form major,minor,patch,build
@@ -77,12 +75,6 @@ const (
     $env:_ag_dockerVersion=$DockerVersion
     $env:_ag_gitCommit=$CommitString
 
-    windres -i hack/make/.resources-windows/docker.rc  -o autogen/winresources/docker/rsrc_amd64.syso  -F pe-x86-64 --use-temp-file -I autogen/winresources/tmp -D DOCKER_VERSION_QUAD=$versionQuad --% -D DOCKER_VERSION=\"%_ag_dockerVersion%\" -D DOCKER_COMMIT=\"%_ag_gitCommit%\"
-    if ($LASTEXITCODE -ne 0) { Throw "Failed to compile client 64-bit resources" }
-
-    windres -i hack/make/.resources-windows/docker.rc  -o autogen/winresources/docker/rsrc_386.syso    -F pe-i386   --use-temp-file -I autogen/winresources/tmp -D DOCKER_VERSION_QUAD=$versionQuad --% -D DOCKER_VERSION=\"%_ag_dockerVersion%\" -D DOCKER_COMMIT=\"%_ag_gitCommit%\"
-    if ($LASTEXITCODE -ne 0) { Throw "Failed to compile client 32-bit resources" }
-
     windres -i hack/make/.resources-windows/dockerd.rc -o autogen/winresources/dockerd/rsrc_amd64.syso -F pe-x86-64 --use-temp-file -I autogen/winresources/tmp -D DOCKER_VERSION_QUAD=$versionQuad --% -D DOCKER_VERSION=\"%_ag_dockerVersion%\" -D DOCKER_COMMIT=\"%_ag_gitCommit%\"
     if ($LASTEXITCODE -ne 0) { Throw "Failed to compile daemon resources" }
 }
diff --git a/hack/make/.install b/hack/make/.install
new file mode 100644
index 0000000000000..0e80a8e196a25
--- /dev/null
+++ b/hack/make/.install
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+install_binary() {
+	local file="$1"
+	local target="${DOCKER_MAKE_INSTALL_PREFIX:=/usr/local}/bin/"
+	if [ "$(go env GOOS)" == "linux" ]; then
+		echo "Installing $(basename $file) to ${target}"
+		mkdir -p "$target"
+		cp -f -L "$file" "$target"
+	else
+		echo "Install is only supported on linux"
+		return 1
+	fi
+}
diff --git a/hack/make/.integration-daemon-start b/hack/make/.integration-daemon-start
index 20801fccee329..af1a68796aa7a 100644
--- a/hack/make/.integration-daemon-start
+++ b/hack/make/.integration-daemon-start
@@ -3,7 +3,7 @@
 # see test-integration for example usage of this script
 
 base="$ABS_DEST/.."
-export PATH="$base/binary-daemon:$base/dynbinary-daemon:$PATH"
+export PATH="$base/dynbinary-daemon:$base/binary-daemon:$PATH"
 
 export TEST_CLIENT_BINARY=docker
 
@@ -20,7 +20,7 @@ fi
 # This is a temporary hack for split-binary mode. It can be removed once
 # https://github.com/docker/docker/pull/22134 is merged into docker master
 if [ "$(go env GOOS)" = 'windows' ]; then
-       return
+	return
 fi
 
 if [ -z "$DOCKER_TEST_HOST" ]; then
@@ -38,6 +38,9 @@ fi
 # intentionally open a couple bogus file descriptors to help test that they get scrubbed in containers
 exec 41>&1 42>&2
 
+# Allow pushing manifest v2 schema 1 images, as they're used to push
+# images to our test-registries for testing _pulling_ schema 2v1 images.
+export DOCKER_ALLOW_SCHEMA1_PUSH_DONOTUSE=1
 export DOCKER_GRAPHDRIVER=${DOCKER_GRAPHDRIVER:-vfs}
 export DOCKER_USERLANDPROXY=${DOCKER_USERLANDPROXY:-true}
 
@@ -58,11 +61,34 @@ if [ "$DOCKER_REMAP_ROOT" ]; then
 fi
 
 # example usage: DOCKER_EXPERIMENTAL=1
-if [  "$DOCKER_EXPERIMENTAL" ]; then
+if [ "$DOCKER_EXPERIMENTAL" ]; then
 	echo >&2 '# DOCKER_EXPERIMENTAL is set: starting daemon with experimental features enabled! '
 	extra_params="$extra_params --experimental"
 fi
 
+dockerd="dockerd"
+if [ -f "/sys/fs/cgroup/cgroup.controllers" ]; then
+	if [ -z "$TEST_SKIP_INTEGRATION_CLI" ]; then
+		echo >&2 '# cgroup v2 requires TEST_SKIP_INTEGRATION_CLI to be set'
+		exit 1
+	fi
+fi
+
+if [ -n "$DOCKER_ROOTLESS" ]; then
+	if [ -z "$TEST_SKIP_INTEGRATION_CLI" ]; then
+		echo >&2 '# DOCKER_ROOTLESS requires TEST_SKIP_INTEGRATION_CLI to be set'
+		exit 1
+	fi
+	ln -sf "$(command -v vpnkit."$(uname -m)")" /usr/local/bin/vpnkit
+	user="unprivilegeduser"
+	uid=$(id -u $user)
+	# shellcheck disable=SC2174
+	mkdir -p -m 700 "/tmp/docker-${uid}"
+	chown "$user" "/tmp/docker-${uid}"
+	chmod -R o+w "$DEST"
+	dockerd="sudo -u $user -E -E XDG_RUNTIME_DIR=/tmp/docker-${uid} -E HOME=/home/${user} -E PATH=$PATH -- dockerd-rootless.sh"
+fi
+
 if [ -z "$DOCKER_TEST_HOST" ]; then
 	# Start apparmor if it is enabled
 	if [ -e "/sys/module/apparmor/parameters/enabled" ] && [ "$(cat /sys/module/apparmor/parameters/enabled)" == "Y" ]; then
@@ -81,14 +107,14 @@ if [ -z "$DOCKER_TEST_HOST" ]; then
 		echo "Starting dockerd"
 		[ -n "$TESTDEBUG" ] && set -x
 		exec \
-			dockerd --debug \
+			${dockerd} --debug \
 			--host "$DOCKER_HOST" \
 			--storage-driver "$DOCKER_GRAPHDRIVER" \
 			--pidfile "$DEST/docker.pid" \
 			--userland-proxy="$DOCKER_USERLANDPROXY" \
-			$storage_params \
-			$extra_params \
-				&> "$DEST/docker.log"
+			${storage_params} \
+			${extra_params} \
+			&> "$DEST/docker.log"
 	) &
 else
 	export DOCKER_HOST="$DOCKER_TEST_HOST"
@@ -97,8 +123,8 @@ fi
 # give it a little time to come up so it's "ready"
 tries=60
 echo "INFO: Waiting for daemon to start..."
-while ! $TEST_CLIENT_BINARY version &> /dev/null; do
-	(( tries-- ))
+while ! ${TEST_CLIENT_BINARY} version &> /dev/null; do
+	((tries--))
 	if [ $tries -le 0 ]; then
 		printf "\n"
 		if [ -z "$DOCKER_HOST" ]; then
@@ -106,7 +132,7 @@ while ! $TEST_CLIENT_BINARY version &> /dev/null; do
 			echo >&2 "  check $DEST/docker.log for details"
 		else
 			echo >&2 "error: daemon at $DOCKER_HOST fails to '$TEST_CLIENT_BINARY version':"
-			$TEST_CLIENT_BINARY version >&2 || true
+			${TEST_CLIENT_BINARY} version >&2 || true
 			# Additional Windows CI debugging as this is a common error as of
 			# January 2016
 			if [ "$(go env GOOS)" = 'windows' ]; then
diff --git a/hack/make/.integration-daemon-stop b/hack/make/.integration-daemon-stop
index c1d43e1a5e771..59f62aa593774 100644
--- a/hack/make/.integration-daemon-stop
+++ b/hack/make/.integration-daemon-stop
@@ -2,7 +2,10 @@
 
 if [ ! "$(go env GOOS)" = 'windows' ]; then
 	for pidFile in $(find "$DEST" -name docker.pid); do
-		pid=$([ -n "$TESTDEBUG" ] && set -x; cat "$pidFile")
+		pid=$(
+			[ -n "$TESTDEBUG" ] && set -x
+			cat "$pidFile"
+		)
 		(
 			[ -n "$TESTDEBUG" ] && set -x
 			kill "$pid"
@@ -10,6 +13,10 @@ if [ ! "$(go env GOOS)" = 'windows' ]; then
 		if ! wait "$pid"; then
 			echo >&2 "warning: PID $pid from $pidFile had a nonzero exit code"
 		fi
+		root=$(dirname "$pidFile")/root
+		if [ -d "$root" ]; then
+			umount "$root" || true
+		fi
 	done
 
 	if [ -z "$DOCKER_TEST_HOST" ]; then
@@ -17,12 +24,12 @@ if [ ! "$(go env GOOS)" = 'windows' ]; then
 		if [ -e "/sys/module/apparmor/parameters/enabled" ] && [ "$(cat /sys/module/apparmor/parameters/enabled)" == "Y" ]; then
 			(
 				[ -n "$TESTDEBUG" ] && set -x
-				/etc/init.d/apparmor stop
+				/etc/init.d/apparmor stop || true
 			)
 		fi
 	fi
 else
-	# Note this script is not actionable on Windows to Linux CI. Instead the 
+	# Note this script is not actionable on Windows to Linux CI. Instead the
 	# DIND daemon under test is torn down by the Jenkins tear-down script
 	echo "INFO: Not stopping daemon on Windows CI"
 fi
diff --git a/hack/make/.integration-test-helpers b/hack/make/.integration-test-helpers
index 149b6538004c2..adc9c0c0a7f34 100644
--- a/hack/make/.integration-test-helpers
+++ b/hack/make/.integration-test-helpers
@@ -3,56 +3,109 @@
 # For integration-cli test, we use [gocheck](https://labix.org/gocheck), if you want
 # to run certain tests on your local host, you should run with command:
 #
-#     TESTFLAGS='-check.f DockerSuite.TestBuild*' ./hack/make.sh binary test-integration
+#     TESTFLAGS='-test.run TestDockerSuite/TestBuild*' ./hack/make.sh binary test-integration
 #
-if [ -z $MAKEDIR ]; then
-	export MAKEDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+if [ -z "${MAKEDIR}" ]; then
+	MAKEDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+	export MAKEDIR
 fi
-source "$MAKEDIR/.go-autogen"
+source "${MAKEDIR}/.go-autogen"
 
 # Set defaults
-: ${TEST_REPEAT:=1}
-: ${TESTFLAGS:=}
-: ${TESTDEBUG:=}
+: "${TEST_REPEAT:=1}"
+: "${TESTFLAGS:=}"
+: "${TESTDEBUG:=}"
+: "${GOCACHE:=$(go env GOCACHE)}"
 
-integration_api_dirs=${TEST_INTEGRATION_DIR:-"$(
-	find ./integration -type d |
-	grep -vE '(^./integration($|/internal)|/testdata)')"}
+setup_integration_test_filter() {
+	if [ -z "${TEST_FILTER}" ]; then
+		return
+	fi
+
+	local dirs
+	dirs=$(grep -rIlE --include '*_test.go' "func .*${TEST_FILTER}.*\(. \*testing\.T\)" ./integration*/ | xargs -I file dirname file | uniq)
+	if [ -z "${TEST_SKIP_INTEGRATION}" ]; then
+		: "${TEST_INTEGRATION_DIR:=$(echo "$dirs" | grep -v '^\./integration-cli$')}"
+		if [ -z "${TEST_INTEGRATION_DIR}" ]; then
+			echo "Skipping integration tests since the supplied filter \"${TEST_FILTER}\" omits all integration tests"
+			TEST_SKIP_INTEGRATION=1
+		else
+			TESTFLAGS+=" -test.run ${TEST_FILTER}"
+		fi
+	fi
+
+	if [ -z "${TEST_SKIP_INTEGRATION_CLI}" ]; then
+		if echo "$dirs" | grep -vq '^./integration-cli$'; then
+			TEST_SKIP_INTEGRATION_CLI=1
+			echo "Skipping integration-cli tests since the supplied filter \"${TEST_FILTER}\" omits all integration-cli tests"
+		else
+			TESTFLAGS+=" -test.run /${TEST_FILTER}"
+		fi
+	fi
+}
+
+setup_integration_test_filter
+if [ -z "${TEST_SKIP_INTEGRATION}" ] && [ -z "${TEST_INTEGRATION_DIR}" ]; then
+	integration_api_dirs="$(go list -test -f '{{- if ne .ForTest "" -}}{{- .Dir -}}{{- end -}}' ./integration/...)"
+else
+	integration_api_dirs="${TEST_INTEGRATION_DIR}"
+fi
 
 run_test_integration() {
-	[[ "$TESTFLAGS" != *-check.f* ]] && run_test_integration_suites
-	run_test_integration_legacy_suites
+	set_platform_timeout
+	if [ -z "${TEST_SKIP_INTEGRATION}" ]; then
+		run_test_integration_suites "${integration_api_dirs}"
+	fi
+	if [ -z "${TEST_SKIP_INTEGRATION_CLI}" ]; then
+		TIMEOUT=360m run_test_integration_suites integration-cli
+	fi
 }
 
 run_test_integration_suites() {
 	local flags="-test.v -test.timeout=${TIMEOUT} $TESTFLAGS"
-	for dir in $integration_api_dirs; do
+	local dirs="$1"
+	for dir in ${dirs}; do
 		if ! (
-			cd $dir
-			echo "Running $PWD"
-			test_env ./test.main $flags
+			cd "$dir"
+			# Create a useful package name based on the tests's $dir. We need to take
+			# into account that  "$dir" can be either an absolute (/go/src/github.com/docker/docker/integration/foo)
+			# or relative (./integration/foo) path. To account for both, first we strip
+			# the absolute path, then remove any leading periods and slashes.
+			pkgname="${dir}"
+			pkgname="${pkgname#*${GOPATH}/src/${DOCKER_PKG}}"
+			pkgname="${pkgname#*.}"
+			pkgname="${pkgname#*\/}"
+
+			# Finally, we use periods as separator (instead of slashes) to be more
+			# in line with Java package names (which is what junit.xml was designed for)
+			pkgname="$(go env GOARCH).${pkgname//\//.}"
+			echo "Running $PWD (${pkgname}) flags=${flags}"
+			[ -n "$TESTDEBUG" ] && set -x
+			# shellcheck disable=SC2086
+			test_env gotestsum \
+				--format=standard-verbose \
+				--jsonfile="${ABS_DEST}/${pkgname//./-}-go-test-report.json" \
+				--junitfile="${ABS_DEST}/${pkgname//./-}-junit-report.xml" \
+				--raw-command \
+				-- go tool test2json -p "${pkgname}" -t ./test.main ${flags}
 		); then exit 1; fi
 	done
 }
 
-run_test_integration_legacy_suites() {
-	(
-		flags="-check.v -check.timeout=${TIMEOUT} -test.timeout=360m $TESTFLAGS"
-		cd integration-cli
-		echo "Running $PWD"
-		test_env ./test.main $flags
-	)
-}
-
 build_test_suite_binaries() {
-	if [ ${DOCKER_INTEGRATION_TESTS_VERIFIED-} ]; then
+	if [ -n "${DOCKER_INTEGRATION_TESTS_VERIFIED}" ]; then
 		echo "Skipping building test binaries; as DOCKER_INTEGRATION_TESTS_VERIFIED is set"
 		return
 	fi
-	build_test_suite_binary ./integration-cli "test.main"
-	for dir in $integration_api_dirs; do
-		build_test_suite_binary "$dir" "test.main"
-	done
+	if [ -z "${TEST_SKIP_INTEGRATION_CLI}" ]; then
+		build_test_suite_binary ./integration-cli "test.main"
+	fi
+	if [ -z "${TEST_SKIP_INTEGRATION}" ]; then
+		for dir in ${integration_api_dirs}; do
+			build_test_suite_binary "$dir" "test.main"
+		done
+	fi
 }
 
 # Build a binary for a test suite package
@@ -66,11 +119,12 @@ build_test_suite_binary() {
 cleanup_test_suite_binaries() {
 	[ -n "$TESTDEBUG" ] && return
 	echo "Removing test suite binaries"
+	# shellcheck disable=SC2038
 	find integration* -name test.main | xargs -r rm
 }
 
 repeat() {
-	for i in $(seq 1 $TEST_REPEAT); do
+	for i in $(seq 1 ${TEST_REPEAT}); do
 		echo "Running integration-test (iteration $i)"
 		$@
 	done
@@ -94,7 +148,9 @@ test_env() {
 			DOCKER_HOST="$DOCKER_HOST" \
 			DOCKER_REMAP_ROOT="$DOCKER_REMAP_ROOT" \
 			DOCKER_REMOTE_DAEMON="$DOCKER_REMOTE_DAEMON" \
+			DOCKER_ROOTLESS="$DOCKER_ROOTLESS" \
 			DOCKERFILE="$DOCKERFILE" \
+			GOCACHE="$GOCACHE" \
 			GOPATH="$GOPATH" \
 			GOTRACEBACK=all \
 			HOME="$ABS_DEST/fake-HOME" \
@@ -104,19 +160,39 @@ test_env() {
 			"$@"
 	)
 }
-   
 
 error_on_leaked_containerd_shims() {
-	if [ "$(go env GOOS)" == 'windows' ]; then
+	if [ "$(go env GOOS)" = 'windows' ]; then
 		return
 	fi
 
-	leftovers=$(ps -ax -o pid,cmd |
-	            awk '$2 == "containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
+	leftovers=$(ps -ax -o pid,cmd \
+		| awk '$2 == "containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
 	if [ -n "$leftovers" ]; then
 		ps aux
-		kill -9 $leftovers 2> /dev/null
+		# shellcheck disable=SC2086
+		kill -9 ${leftovers} 2> /dev/null
 		echo "!!!! WARNING you have left over shim(s), Cleanup your test !!!!"
 		exit 1
 	fi
 }
+
+set_platform_timeout() {
+	# Test timeout.
+	if [ "${DOCKER_ENGINE_GOARCH}" = "arm64" ] || [ "${DOCKER_ENGINE_GOARCH}" = "arm" ]; then
+		: "${TIMEOUT:=10m}"
+	elif [ "${DOCKER_ENGINE_GOARCH}" = "windows" ]; then
+		: "${TIMEOUT:=8m}"
+	else
+		: "${TIMEOUT:=5m}"
+	fi
+
+	if [ "${TEST_REPEAT}" -gt 1 ]; then
+		# TIMEOUT needs to take TEST_REPEAT into account, or a premature time out may happen.
+		# The following ugliness will:
+		# - remove last character (usually 'm' from '10m')
+		# - multiply by testcount
+		# - add last character back
+		TIMEOUT=$((${TIMEOUT::-1} * ${TEST_REPEAT}))${TIMEOUT:$((${#TIMEOUT} - 1)):1}
+	fi
+}
diff --git a/hack/make/.resources-windows/common.rc b/hack/make/.resources-windows/common.rc
index 000fb353670a2..3524d9bf483fb 100644
--- a/hack/make/.resources-windows/common.rc
+++ b/hack/make/.resources-windows/common.rc
@@ -1,8 +1,8 @@
 // Application icon
-1 ICON "docker.ico"
+1 ICON "dockerd.ico"
 
 // Windows executable manifest
-1 24 /* RT_MANIFEST */ "docker.exe.manifest"
+1 24 /* RT_MANIFEST */ "dockerd.exe.manifest"
 
 // Version information
 1 VERSIONINFO
diff --git a/hack/make/.resources-windows/docker.ico b/hack/make/.resources-windows/docker.ico
deleted file mode 100644
index c6506ec8dbd8e..0000000000000
Binary files a/hack/make/.resources-windows/docker.ico and /dev/null differ
diff --git a/hack/make/.resources-windows/docker.png b/hack/make/.resources-windows/docker.png
deleted file mode 100644
index 88df0b66dfcf0..0000000000000
Binary files a/hack/make/.resources-windows/docker.png and /dev/null differ
diff --git a/hack/make/.resources-windows/docker.rc b/hack/make/.resources-windows/docker.rc
deleted file mode 100644
index 40c645ad1da0a..0000000000000
--- a/hack/make/.resources-windows/docker.rc
+++ /dev/null
@@ -1,3 +0,0 @@
-#define DOCKER_NAME "Docker Client"
-
-#include "common.rc"
diff --git a/hack/make/.resources-windows/docker.exe.manifest b/hack/make/.resources-windows/dockerd.exe.manifest
similarity index 100%
rename from hack/make/.resources-windows/docker.exe.manifest
rename to hack/make/.resources-windows/dockerd.exe.manifest
diff --git a/hack/make/.resources-windows/dockerd.ico b/hack/make/.resources-windows/dockerd.ico
new file mode 100644
index 0000000000000..1d5ab4f0a9bd1
Binary files /dev/null and b/hack/make/.resources-windows/dockerd.ico differ
diff --git a/hack/make/.resources-windows/resources.go b/hack/make/.resources-windows/resources.go
index b171259f83358..3ade4eadd96c7 100644
--- a/hack/make/.resources-windows/resources.go
+++ b/hack/make/.resources-windows/resources.go
@@ -1,6 +1,6 @@
 /*
 
-Package winresources is used to embed Windows resources into docker.exe.
+Package winresources is used to embed Windows resources into dockerd.exe.
 These resources are used to provide
 
     * Version information
diff --git a/hack/make/binary b/hack/make/binary
index eab69bb0650bf..9e24410adb715 100644
--- a/hack/make/binary
+++ b/hack/make/binary
@@ -7,4 +7,5 @@ rm -rf "$DEST"
 	DEST="${DEST}-daemon"
 	ABS_DEST="${ABS_DEST}-daemon"
 	. hack/make/binary-daemon
+	. hack/make/binary-proxy
 )
diff --git a/hack/make/binary-daemon b/hack/make/binary-daemon
index c1a6e6f9ed5fd..fffceabc06386 100644
--- a/hack/make/binary-daemon
+++ b/hack/make/binary-daemon
@@ -14,14 +14,28 @@ copy_binaries() {
 		return
 	fi
 	echo "Copying nested executables into $dir"
-	for file in containerd containerd-shim ctr runc docker-init docker-proxy; do
-		cp -f `which "$file"` "$dir/"
-		if [ "$hash" == "hash" ]; then
+	for file in containerd containerd-shim containerd-shim-runc-v2 ctr runc docker-init rootlesskit rootlesskit-docker-proxy dockerd-rootless.sh dockerd-rootless-setuptool.sh; do
+		cp -f "$(command -v "$file")" "$dir/"
+		if [ "$hash" = "hash" ]; then
 			hash_files "$dir/$file"
 		fi
 	done
+
+	# vpnkit is available for x86_64 and aarch64
+	if command -v "vpnkit.$(uname -m)" 2>&1 > /dev/null; then
+		cp -f "$(command -v "vpnkit.$(uname -m)")" "$dir/vpnkit"
+		if [ "$hash" = "hash" ]; then
+			hash_files "$dir/vpnkit"
+		fi
+	fi
 }
 
 [ -z "$KEEPDEST" ] && rm -rf "$DEST"
-source "${MAKEDIR}/.binary"
-copy_binaries "$DEST" 'hash'
+
+(
+	GO_PACKAGE='github.com/docker/docker/cmd/dockerd'
+	BINARY_SHORT_NAME='dockerd'
+
+	source "${MAKEDIR}/.binary"
+	copy_binaries "$DEST" 'hash'
+)
diff --git a/hack/make/binary-proxy b/hack/make/binary-proxy
new file mode 100644
index 0000000000000..287a86e09de6b
--- /dev/null
+++ b/hack/make/binary-proxy
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+set -e
+
+(
+	GO_PACKAGE='github.com/docker/docker/cmd/docker-proxy'
+	BINARY_SHORT_NAME='docker-proxy'
+
+	source "${MAKEDIR}/.binary"
+)
diff --git a/hack/make/build-integration-test-binary b/hack/make/build-integration-test-binary
index bbd5a22bccc1c..698717f0f5640 100755
--- a/hack/make/build-integration-test-binary
+++ b/hack/make/build-integration-test-binary
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# required by `make build-integration-cli-on-swarm`
+# required by https://github.com/AkihiroSuda/kube-moby-integration
 set -e
 
 source hack/make/.integration-test-helpers
diff --git a/hack/make/containerutility b/hack/make/containerutility
index 8aefc00ff08d6..8525d971f6053 100644
--- a/hack/make/containerutility
+++ b/hack/make/containerutility
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e
 
-CONTAINER_UTILITY_COMMIT=e004a1415a433447369e315b9d7df357102be0d2 # v0.9.0
+: "${CONTAINER_UTILITY_COMMIT:=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9}"
 
 (
 	git clone https://github.com/docker/windows-container-utility.git "$GOPATH/src/github.com/docker/windows-container-utility"
diff --git a/hack/make/cross b/hack/make/cross
index 497f02ae4ba3c..a20148b1fbaec 100644
--- a/hack/make/cross
+++ b/hack/make/cross
@@ -2,29 +2,35 @@
 set -e
 
 # if we have our linux/amd64 version compiled, let's symlink it in
-if [ -x "$DEST/../binary-daemon/dockerd-$VERSION" ]; then
+if [ -x "${DEST}/../binary-daemon/dockerd-${VERSION}" ]; then
 	arch=$(go env GOHOSTARCH)
 	mkdir -p "$DEST/linux/${arch}"
 	(
-		cd "$DEST/linux/${arch}"
+		cd "${DEST}/linux/${arch}"
 		ln -sf ../../../binary-daemon/* ./
 	)
-	echo "Created symlinks:" "$DEST/linux/${arch}/"*
+	echo "Created symlinks:" "${DEST}/linux/${arch}/"*
 fi
 
-DOCKER_CROSSPLATFORMS=${DOCKER_CROSSPLATFORMS:-"linux/amd64 windows/amd64"}
+DOCKER_CROSSPLATFORMS=${DOCKER_CROSSPLATFORMS:-"linux/amd64 windows/amd64 linux/ppc64le linux/s390x"}
 
-for platform in $DOCKER_CROSSPLATFORMS; do
+for platform in ${DOCKER_CROSSPLATFORMS}; do
 	(
 		export KEEPDEST=1
-		export DEST="$DEST/$platform" # bundles/VERSION/cross/GOOS/GOARCH/docker-VERSION
-		export GOOS=${platform%/*}
-		export GOARCH=${platform##*/}
+		export DEST="${DEST}/${platform}" # bundles/VERSION/cross/GOOS/GOARCH/docker-VERSION
+		export GOOS=${platform%%/*}
+		export GOARCH=${platform#*/}
 
-		echo "Cross building: $DEST"
-		mkdir -p "$DEST"
-		ABS_DEST="$(cd "$DEST" && pwd -P)"
-		source "${MAKEDIR}/binary-daemon"
+		if [[ "${GOARCH}" = "arm/"* ]]; then
+			GOARM=${GOARCH##*/v}
+			GOARCH=${GOARCH%/v*}
+			export GOARM
+		fi
+
+		echo "Cross building: ${DEST}"
+		mkdir -p "${DEST}"
+		ABS_DEST="$(cd "${DEST}" && pwd -P)"
+		source "${MAKEDIR}/binary"
 
 		source "${MAKEDIR}/cross-platform-dependent"
 	)
diff --git a/hack/make/cross-platform-dependent b/hack/make/cross-platform-dependent
index 52632c30366bb..21824ed7c96e4 100644
--- a/hack/make/cross-platform-dependent
+++ b/hack/make/cross-platform-dependent
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 set -e
 
-if [ $platform == "windows/amd64" ]; then
+if [ ${platform} == "windows/amd64" ]; then
 	source "${MAKEDIR}/containerutility"
 fi
diff --git a/hack/make/dynbinary b/hack/make/dynbinary
index 981e505e9fef6..08ce8b5725e99 100644
--- a/hack/make/dynbinary
+++ b/hack/make/dynbinary
@@ -1,10 +1,11 @@
 #!/usr/bin/env bash
 set -e
+rm -rf "$DEST"
 
 # This script exists as backwards compatibility for CI
 (
-
-    DEST="${DEST}-daemon"
-    ABS_DEST="${ABS_DEST}-daemon"
-    . hack/make/dynbinary-daemon
+	DEST="${DEST}-daemon"
+	ABS_DEST="${ABS_DEST}-daemon"
+	. hack/make/dynbinary-daemon
+	. hack/make/dynbinary-proxy
 )
diff --git a/hack/make/dynbinary-daemon b/hack/make/dynbinary-daemon
index c712bfefc281b..fe2413d73417c 100644
--- a/hack/make/dynbinary-daemon
+++ b/hack/make/dynbinary-daemon
@@ -1,11 +1,16 @@
 #!/usr/bin/env bash
 set -e
 
+[ -z "$KEEPDEST" ] && rm -rf "$DEST"
+
 (
 	export IAMSTATIC='false'
 	export LDFLAGS_STATIC_DOCKER=''
-	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
-	export BUILDFLAGS=( "${BUILDFLAGS[@]/osusergo /}" ) # ditto for osusergo
-	export BUILDFLAGS=( "${BUILDFLAGS[@]/static_build /}" ) # we're not building a "static" binary here
+	export BUILDFLAGS=("${BUILDFLAGS[@]/netgo /}")        # disable netgo, since we don't need it for a dynamic binary
+	export BUILDFLAGS=("${BUILDFLAGS[@]/osusergo /}")     # ditto for osusergo
+	export BUILDFLAGS=("${BUILDFLAGS[@]/static_build /}") # we're not building a "static" binary here
+
+	GO_PACKAGE='github.com/docker/docker/cmd/dockerd'
+	BINARY_SHORT_NAME='dockerd'
 	source "${MAKEDIR}/.binary"
 )
diff --git a/hack/make/dynbinary-proxy b/hack/make/dynbinary-proxy
new file mode 100644
index 0000000000000..3e16676061ab9
--- /dev/null
+++ b/hack/make/dynbinary-proxy
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -e
+
+(
+	export IAMSTATIC='false'
+	export LDFLAGS_STATIC_DOCKER=''
+	export BUILDFLAGS=("${BUILDFLAGS[@]/netgo /}")        # disable netgo, since we don't need it for a dynamic binary
+	export BUILDFLAGS=("${BUILDFLAGS[@]/osusergo /}")     # ditto for osusergo
+	export BUILDFLAGS=("${BUILDFLAGS[@]/static_build /}") # we're not building a "static" binary here
+
+	GO_PACKAGE='github.com/docker/docker/cmd/docker-proxy'
+	BINARY_SHORT_NAME='docker-proxy'
+	source "${MAKEDIR}/.binary"
+)
diff --git a/hack/make/install-binary b/hack/make/install-binary
index f6a4361fdb0ea..d643c3251bb43 100644
--- a/hack/make/install-binary
+++ b/hack/make/install-binary
@@ -3,27 +3,23 @@
 set -e
 rm -rf "$DEST"
 
-install_binary() {
-	local file="$1"
-	local target="${DOCKER_MAKE_INSTALL_PREFIX:=/usr/local}/bin/"
-	if [ "$(go env GOOS)" == "linux" ]; then
-		echo "Installing $(basename $file) to ${target}"
-		mkdir -p "$target"
-		cp -f -L "$file" "$target"
-	else
-		echo "Install is only supported on linux"
-		return 1
-	fi
-}
+source "${MAKEDIR}/.install"
 
 (
 	DEST="$(dirname $DEST)/binary-daemon"
-	source "${MAKEDIR}/.binary-setup"
-	install_binary "${DEST}/${DOCKER_DAEMON_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_RUNC_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_CONTAINERD_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_CONTAINERD_CTR_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_CONTAINERD_SHIM_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_PROXY_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_INIT_BINARY_NAME}"
+	install_binary "${DEST}/dockerd"
+	install_binary "${DEST}/runc"
+	install_binary "${DEST}/containerd"
+	install_binary "${DEST}/ctr"
+	install_binary "${DEST}/containerd-shim"
+	install_binary "${DEST}/containerd-shim-runc-v2"
+	install_binary "${DEST}/docker-proxy"
+	install_binary "${DEST}/docker-init"
+	install_binary "${DEST}/rootlesskit"
+	install_binary "${DEST}/rootlesskit-docker-proxy"
+	install_binary "${DEST}/dockerd-rootless.sh"
+	install_binary "${DEST}/dockerd-rootless-setuptool.sh"
+	if [ -f "${DEST}/vpnkit" ]; then
+		install_binary "${DEST}/vpnkit"
+	fi
 )
diff --git a/hack/make/install-proxy b/hack/make/install-proxy
new file mode 100644
index 0000000000000..04ea1bf88efdc
--- /dev/null
+++ b/hack/make/install-proxy
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -e
+rm -rf "$DEST"
+
+source "${MAKEDIR}/.install"
+
+(
+	DEST="$(dirname $DEST)/binary-proxy"
+	install_binary "${DEST}/docker-proxy"
+)
diff --git a/hack/make/run b/hack/make/run
index 3254280260643..1c433dd6a0415 100644
--- a/hack/make/run
+++ b/hack/make/run
@@ -21,7 +21,6 @@ if [ -n "$DOCKER_STORAGE_OPTS" ]; then
 	unset IFS
 fi
 
-
 listen_port=2375
 if [ -n "$DOCKER_PORT" ]; then
 	IFS=':' read -r -a ports <<< "$DOCKER_PORT"
@@ -33,12 +32,29 @@ if [ "$DOCKER_REMAP_ROOT" ]; then
 	extra_params="$extra_params --userns-remap $DOCKER_REMAP_ROOT"
 fi
 
+if [ -n "$DOCKER_EXPERIMENTAL" ]; then
+	extra_params="$extra_params --experimental"
+fi
+
+dockerd="dockerd"
+socket=/var/run/docker.sock
+if [ -n "$DOCKER_ROOTLESS" ]; then
+	user="unprivilegeduser"
+	uid=$(id -u $user)
+	# shellcheck disable=SC2174
+	mkdir -p -m 700 "/tmp/docker-${uid}"
+	chown $user "/tmp/docker-${uid}"
+	dockerd="sudo -u $user -E XDG_RUNTIME_DIR=/tmp/docker-${uid} -E HOME=/home/${user} -- dockerd-rootless.sh"
+	socket=/tmp/docker-${uid}/docker.sock
+fi
+
 args="--debug \
-	--host tcp://0.0.0.0:${listen_port} --host unix:///var/run/docker.sock \
-	--storage-driver "$DOCKER_GRAPHDRIVER" \
-	--userland-proxy="$DOCKER_USERLANDPROXY" \
+	--host "tcp://0.0.0.0:${listen_port}" --host "unix://${socket}" \
+	--storage-driver "${DOCKER_GRAPHDRIVER}" \
+	--userland-proxy="${DOCKER_USERLANDPROXY}" \
 	$storage_params \
 	$extra_params"
 
-echo dockerd $args
-exec dockerd $args
+echo "${dockerd} ${args}"
+# shellcheck disable=SC2086
+exec "${dockerd}" ${args}
diff --git a/hack/make/test-docker-py b/hack/make/test-docker-py
index b30879e3a0e40..436262037ca5b 100644
--- a/hack/make/test-docker-py
+++ b/hack/make/test-docker-py
@@ -3,18 +3,60 @@ set -e
 
 source hack/make/.integration-test-helpers
 
-# subshell so that we can export PATH without breaking other things
+# The commit or tag to use for testing
+# TODO docker 17.06 cli client used in CI fails to build using a sha;
+# unable to prepare context: unable to 'git clone' to temporary context directory: error fetching: error: no such remote ref ead0bb9e08c13dd3d1712759491eee06bf5a5602
+#: exit status 128
+: "${DOCKER_PY_COMMIT:=5.0.3}"
+
+# custom options to pass py.test
+#
+# This option can be used to temporarily skip flaky tests (using the `--deselect`
+# flag) until they are fixed upstream. For example:
+# --deselect=tests/integration/api_container_test.py::AttachContainerTest::test_attach_no_stream
+# TODO re-enable test after https://github.com/docker/docker-py/issues/2513 has been resolved
+: "${PY_TEST_OPTIONS:=--junitxml=${DEST}/junit-report.xml --deselect=tests/integration/api_container_test.py::AttachContainerTest::test_attach_no_stream}"
 (
 	bundle .integration-daemon-start
 
-	dockerPy='/docker-py'
-	[ -d "$dockerPy" ] || {
-		dockerPy="$DEST/docker-py"
-		git clone https://github.com/docker/docker-py.git "$dockerPy"
-	}
+	docker_host_scheme=$(echo "${DOCKER_HOST}" | cut -d: -f1 -)
+
+	case "${docker_host_scheme}" in
+		unix)
+			# trim the tcp:// scheme, and bind-mount the docker socket into the container
+			run_opts="--mount type=bind,src=${DOCKER_HOST#unix://},dst=/var/run/docker.sock"
+			;;
+
+		tcp)
+			# run container in host-mode networking so that it can connect to the
+			# daemon from the current networking namespace (e.g., to connect to localhost)
+			run_opts="--network=host -e DOCKER_HOST=${DOCKER_HOST}"
+			;;
+
+		*)
+			echo "WARN: Skipping test-docker-py: connecting to docker daemon using ${docker_host_scheme} (${DOCKER_HOST}) not supported"
+			bundle .integration-daemon-stop
+			return 0
+			;;
+	esac
 
-	# exporting PYTHONPATH to import "docker" from our local docker-py
-	test_env PYTHONPATH="$dockerPy" py.test --junitxml="$DEST/results.xml" "$dockerPy/tests/integration"
+	docker_py_image="docker-sdk-python3:${DOCKER_PY_COMMIT}"
+	if ! docker image inspect "dockerPyImage" &> /dev/null; then
+		echo INFO: Building ${docker_py_image}...
+		(
+			[ -n "${TESTDEBUG}" ] && set -x
+			[ -z "${TESTDEBUG}" ] && build_opts="--quiet"
+			[ -f /.dockerenv ] || build_opts="${build_opts} --network=host"
+			# shellcheck disable=SC2086
+			exec docker build ${build_opts} -t "${docker_py_image}" -f tests/Dockerfile "https://github.com/docker/docker-py.git#${DOCKER_PY_COMMIT}"
+		)
+	fi
 
+	echo INFO: Starting docker-py tests...
+	(
+		[ -n "${TESTDEBUG}" ] && set -x
+		# shellcheck disable=SC2086,SC2140
+		exec docker run --rm ${run_opts} --mount type=bind,"src=${ABS_DEST}","dst=/src/${DEST}" "${docker_py_image}" pytest ${PY_TEST_OPTIONS} tests/integration
+	)
 	bundle .integration-daemon-stop
 ) 2>&1 | tee -a "$DEST/test.log"
diff --git a/hack/make/test-integration b/hack/make/test-integration
index c807cd4978d35..1545cc49eedd8 100755
--- a/hack/make/test-integration
+++ b/hack/make/test-integration
@@ -3,19 +3,27 @@ set -e -o pipefail
 
 source hack/make/.integration-test-helpers
 
+if [ ! -z "${TEST_SKIP_INTEGRATION}" ] && [ ! -z "${TEST_SKIP_INTEGRATION_CLI}" ]; then
+	echo integration and integration-cli skipped according to env vars
+	exit 0
+fi
+
 (
+	env
 	build_test_suite_binaries
 	bundle .integration-daemon-start
 	bundle .integration-daemon-setup
 
-	local testexit=0
-	( repeat run_test_integration ) || testexit=$?
+	testexit=0
+	(repeat run_test_integration) || testexit=$?
 
 	# Always run cleanup, even if the subshell fails
 	bundle .integration-daemon-stop
 	cleanup_test_suite_binaries
 	error_on_leaked_containerd_shims
 
-	exit $testexit
+	echo exiting test-integration
+	set -x
+	exit ${testexit}
 
 ) 2>&1 | tee -a "$DEST/test.log"
diff --git a/hack/make/test-integration-flaky b/hack/make/test-integration-flaky
new file mode 100644
index 0000000000000..eef203b96c62f
--- /dev/null
+++ b/hack/make/test-integration-flaky
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -e -o pipefail
+
+source hack/validate/.validate
+
+run_integration_flaky() {
+	new_tests=$(
+		validate_diff --diff-filter=ACMR --unified=0 -- 'integration/*_test.go' \
+			| grep -E '^(\+func Test)(.*)(\*testing\.T\))' || true
+	)
+
+	if [ -z "$new_tests" ]; then
+		echo 'No new tests added to integration.'
+		return
+	fi
+
+	echo
+	echo "Found new integrations tests:"
+	echo "$new_tests"
+	echo "Running stress test for them."
+
+	(
+		TESTARRAY=$(echo "$new_tests" | sed 's/+func //' | awk -F'\\(' '{print $1}' | tr '\n' '|')
+		# Note: TEST_REPEAT will make the test suite run 5 times, restarting the daemon
+		# and each test will run 5 times in a row under the same daemon.
+		# This will make a total of 25 runs for each test in TESTARRAY.
+		export TEST_REPEAT=5
+		export TESTFLAGS="-test.count ${TEST_REPEAT} -test.run ${TESTARRAY%?}"
+		echo "Using test flags: $TESTFLAGS"
+		source hack/make/test-integration
+	)
+}
+
+run_integration_flaky
diff --git a/hack/test/e2e-run.sh b/hack/test/e2e-run.sh
index 122d58f8ef9df..57127c0d18080 100755
--- a/hack/test/e2e-run.sh
+++ b/hack/test/e2e-run.sh
@@ -2,8 +2,8 @@
 set -e -u -o pipefail
 
 ARCH=$(uname -m)
-if [ "$ARCH" == "x86_64" ]; then
-  ARCH="amd64"
+if [ "$ARCH" = "x86_64" ]; then
+	ARCH="amd64"
 fi
 
 export DOCKER_ENGINE_GOARCH=${DOCKER_ENGINE_GOARCH:-${ARCH}}
@@ -13,11 +13,13 @@ export DOCKER_ENGINE_GOARCH=${DOCKER_ENGINE_GOARCH:-${ARCH}}
 : ${TESTDEBUG:=}
 
 integration_api_dirs=${TEST_INTEGRATION_DIR:-"$(
-	find /tests/integration -type d |
-	grep -vE '(^/tests/integration($|/internal)|/testdata)')"}
+	find /tests/integration -type d \
+		| grep -vE '(^/tests/integration($|/internal)|/testdata)'
+)"}
 
 run_test_integration() {
-	[[ "$TESTFLAGS" != *-check.f* ]] && run_test_integration_suites
+	set_platform_timeout
+	run_test_integration_suites
 	run_test_integration_legacy_suites
 }
 
@@ -34,7 +36,7 @@ run_test_integration_suites() {
 
 run_test_integration_legacy_suites() {
 	(
-		flags="-check.v -check.timeout=${TIMEOUT:-200m} -test.timeout=360m $TESTFLAGS"
+		flags="-test.v -test.timeout=360m $TESTFLAGS"
 		cd /tests/integration-cli
 		echo "Running $PWD"
 		test_env ./test.main $flags
@@ -68,5 +70,16 @@ test_env() {
 	)
 }
 
+set_platform_timeout() {
+	# Test timeout.
+	if [ "${DOCKER_ENGINE_GOARCH}" = "arm64" ] || [ "${DOCKER_ENGINE_GOARCH}" = "arm" ]; then
+		: ${TIMEOUT:=10m}
+	elif [ "${DOCKER_ENGINE_GOARCH}" = "windows" ]; then
+		: ${TIMEOUT:=8m}
+	else
+		: ${TIMEOUT:=5m}
+	fi
+}
+
 sh /scripts/ensure-emptyfs.sh
 run_test_integration
diff --git a/hack/test/unit b/hack/test/unit
index ac27f68c309da..7c8ff53adce80 100755
--- a/hack/test/unit
+++ b/hack/test/unit
@@ -1,34 +1,52 @@
 #!/usr/bin/env bash
 #
-# Run unit tests
+# Run unit tests and create report
 #
 # TESTFLAGS - add additional test flags. Ex:
 #
-#   TESTFLAGS="-v -run TestBuild" hack/test/unit
+#   TESTFLAGS='-v -run TestBuild' hack/test/unit
 #
 # TESTDIRS - run tests for specified packages. Ex:
 #
-#    TESTDIRS="./pkg/term" hack/test/unit
+#   TESTDIRS='./pkg/term' hack/test/unit
 #
-set -eu -o pipefail
+set -eux -o pipefail
 
+BUILDFLAGS=(-tags 'netgo seccomp libdm_no_deferred_remove')
 TESTFLAGS+=" -test.timeout=${TIMEOUT:-5m}"
-BUILDFLAGS=( -tags "netgo seccomp libdm_no_deferred_remove" )
-TESTDIRS="${TESTDIRS:-"./..."}"
-
-exclude_paths="/vendor/|/integration"
+TESTDIRS="${TESTDIRS:-./...}"
+exclude_paths='/vendor/|/integration'
 pkg_list=$(go list $TESTDIRS | grep -vE "($exclude_paths)")
 
-for pkg in $pkg_list; do
-    go test "${BUILDFLAGS[@]}" \
-        -cover \
-        -coverprofile=profile.out \
-        -covermode=atomic \
-        $TESTFLAGS \
-        "${pkg}"
+base_pkg_list=$(echo "${pkg_list}" | grep --fixed-strings -v "/libnetwork" || :)
+libnetwork_pkg_list=$(echo "${pkg_list}" | grep --fixed-strings "/libnetwork" || :)
+
+echo "${libnetwork_pkg_list}" | grep --fixed-strings "libnetwork/drivers/bridge" \
+	&& if ! type docker-proxy; then
+		hack/make.sh binary-proxy install-proxy
+	fi
+
+mkdir -p bundles
 
-    if test -f profile.out; then
-        cat profile.out >> coverage.txt
-        rm profile.out
-    fi
-done
+if [ -n "${base_pkg_list}" ]; then
+	gotestsum --format=standard-quiet --jsonfile=bundles/go-test-report.json --junitfile=bundles/junit-report.xml -- \
+		"${BUILDFLAGS[@]}" \
+		-cover \
+		-coverprofile=bundles/profile.out \
+		-covermode=atomic \
+		${TESTFLAGS} \
+		${base_pkg_list}
+fi
+if [ -n "${libnetwork_pkg_list}" ]; then
+	# libnetwork tests invoke iptables, and cannot be run in parallel. Execute
+	# tests within /libnetwork with '-p=1' to run them sequentially. See
+	# https://github.com/moby/moby/issues/42458#issuecomment-873216754 for details.
+	gotestsum --format=standard-quiet --jsonfile=bundles/go-test-report-libnetwork.json --junitfile=bundles/junit-report-libnetwork.xml -- \
+		"${BUILDFLAGS[@]}" \
+		-cover \
+		-coverprofile=bundles/profile-libnetwork.out \
+		-covermode=atomic \
+		-p=1 \
+		${TESTFLAGS} \
+		${libnetwork_pkg_list}
+fi
diff --git a/hack/validate/.validate b/hack/validate/.validate
index 32cb6b6d64fe4..6ed3a59a736d8 100644
--- a/hack/validate/.validate
+++ b/hack/validate/.validate
@@ -6,13 +6,16 @@ if [ -z "$VALIDATE_UPSTREAM" ]; then
 	# this is kind of an expensive check, so let's not do this twice if we
 	# are running more than one validate bundlescript
 
-	VALIDATE_REPO='https://github.com/docker/docker.git'
-	VALIDATE_BRANCH='master'
+	VALIDATE_REPO="${VALIDATE_REPO:-https://github.com/docker/docker.git}"
+	VALIDATE_BRANCH="${VALIDATE_BRANCH:-master}"
 
 	VALIDATE_HEAD="$(git rev-parse --verify HEAD)"
 
-	git fetch -q "$VALIDATE_REPO" "refs/heads/$VALIDATE_BRANCH"
-	VALIDATE_UPSTREAM="$(git rev-parse --verify FETCH_HEAD)"
+	if [ -z "$VALIDATE_ORIGIN_BRANCH" ]; then
+		git fetch -q "$VALIDATE_REPO" "refs/heads/$VALIDATE_BRANCH"
+		VALIDATE_ORIGIN_BRANCH=FETCH_HEAD
+	fi
+	VALIDATE_UPSTREAM="$(git rev-parse --verify $VALIDATE_ORIGIN_BRANCH)"
 
 	VALIDATE_COMMIT_LOG="$VALIDATE_UPSTREAM..$VALIDATE_HEAD"
 	VALIDATE_COMMIT_DIFF="$VALIDATE_UPSTREAM...$VALIDATE_HEAD"
diff --git a/hack/validate/all b/hack/validate/all
index 9d95c2d2fd25c..3224fe57c2dc0 100755
--- a/hack/validate/all
+++ b/hack/validate/all
@@ -2,7 +2,7 @@
 #
 # Run all validation
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
-. $SCRIPTDIR/default
-. $SCRIPTDIR/vendor
+. ${SCRIPTDIR}/default
+. ${SCRIPTDIR}/vendor
diff --git a/hack/validate/changelog-date-descending b/hack/validate/changelog-date-descending
index b9c3368ca66ad..301f9ba0b5a06 100755
--- a/hack/validate/changelog-date-descending
+++ b/hack/validate/changelog-date-descending
@@ -3,8 +3,8 @@
 changelogFile=${1:-CHANGELOG.md}
 
 if [ ! -r "$changelogFile" ]; then
-  echo "Unable to read file $changelogFile" >&2
-  exit 1
+	echo "Unable to read file $changelogFile" >&2
+	exit 1
 fi
 
 grep -e '^## ' "$changelogFile" | awk '{print$3}' | sort -c -r || exit 2
diff --git a/hack/validate/changelog-well-formed b/hack/validate/changelog-well-formed
index 6c7ce1a1c045f..ea7ef0ff5d9fa 100755
--- a/hack/validate/changelog-well-formed
+++ b/hack/validate/changelog-well-formed
@@ -3,8 +3,8 @@
 changelogFile=${1:-CHANGELOG.md}
 
 if [ ! -r "$changelogFile" ]; then
-  echo "Unable to read file $changelogFile" >&2
-  exit 1
+	echo "Unable to read file $changelogFile" >&2
+	exit 1
 fi
 
 changelogWellFormed=1
@@ -12,14 +12,14 @@ changelogWellFormed=1
 # e.g. "## 1.12.3 (2016-10-26)"
 VER_LINE_REGEX='^## [0-9]+\.[0-9]+\.[0-9]+(-ce)? \([0-9]+-[0-9]+-[0-9]+\)$'
 while read -r line; do
-  if ! [[ "$line" =~ $VER_LINE_REGEX ]]; then
-    echo "Malformed changelog $changelogFile line \"$line\"" >&2
-    changelogWellFormed=0
-  fi
+	if ! [[ "$line" =~ $VER_LINE_REGEX ]]; then
+		echo "Malformed changelog $changelogFile line \"$line\"" >&2
+		changelogWellFormed=0
+	fi
 done < <(grep '^## ' $changelogFile)
 
 if [[ "$changelogWellFormed" == "1" ]]; then
-  echo "Congratulations!  Changelog $changelogFile is well-formed."
+	echo "Congratulations!  Changelog $changelogFile is well-formed."
 else
-  exit 2
+	exit 2
 fi
diff --git a/hack/validate/dco b/hack/validate/dco
index f391001601f84..0e61ccca5d4cd 100755
--- a/hack/validate/dco
+++ b/hack/validate/dco
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPTDIR}/.validate"
 
 adds=$(validate_diff --numstat | awk '{ s += $1 } END { print s }')
@@ -21,10 +21,10 @@ check_dco() {
 	grep -qE "$dcoRegex"
 }
 
-if [ $adds -eq 0 -a $dels -eq 0 ]; then
+if [ ${adds} -eq 0 -a ${dels} -eq 0 ]; then
 	echo '0 adds, 0 deletions; nothing to validate! :)'
 else
-	commits=( $(validate_log --format='format:%H%n') )
+	commits=($(validate_log --format='format:%H%n'))
 	badCommits=()
 	for commit in "${commits[@]}"; do
 		if [ -z "$(git log -1 --format='format:' --name-status "$commit")" ]; then
@@ -32,7 +32,7 @@ else
 			continue
 		fi
 		if ! git log -1 --format='format:%B' "$commit" | check_dco; then
-			badCommits+=( "$commit" )
+			badCommits+=("$commit")
 		fi
 	done
 	if [ ${#badCommits[@]} -eq 0 ]; then
diff --git a/hack/validate/default b/hack/validate/default
index 8ec978876dd6d..cb85489190e08 100755
--- a/hack/validate/default
+++ b/hack/validate/default
@@ -2,16 +2,17 @@
 #
 # Run default validation, exclude vendor because it's slow
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
-. $SCRIPTDIR/dco
-. $SCRIPTDIR/default-seccomp
-. $SCRIPTDIR/gometalinter
-. $SCRIPTDIR/pkg-imports
-. $SCRIPTDIR/swagger
-. $SCRIPTDIR/swagger-gen
-. $SCRIPTDIR/test-imports
-. $SCRIPTDIR/toml
-. $SCRIPTDIR/changelog-well-formed
-. $SCRIPTDIR/changelog-date-descending
-. $SCRIPTDIR/deprecate-integration-cli
+# Skip DCO check here, as it's already checked in a separate stage in the Jenkinsfile
+#. "${SCRIPTDIR}"/dco
+. "${SCRIPTDIR}"/default-seccomp
+. "${SCRIPTDIR}"/pkg-imports
+. "${SCRIPTDIR}"/swagger
+. "${SCRIPTDIR}"/swagger-gen
+. "${SCRIPTDIR}"/toml
+. "${SCRIPTDIR}"/changelog-well-formed
+. "${SCRIPTDIR}"/changelog-date-descending
+. "${SCRIPTDIR}"/deprecate-integration-cli
+. "${SCRIPTDIR}"/golangci-lint
+. "${SCRIPTDIR}"/shfmt
diff --git a/hack/validate/default-seccomp b/hack/validate/default-seccomp
index 24cbf00d24b48..c5f8c7e3c8e1b 100755
--- a/hack/validate/default-seccomp
+++ b/hack/validate/default-seccomp
@@ -1,17 +1,17 @@
 #!/usr/bin/env bash
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPTDIR}/.validate"
 
 IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- 'profiles/seccomp' || true) )
+files=($(validate_diff --diff-filter=ACMR --name-only -- 'profiles/seccomp' || true))
 unset IFS
 
-if [ ${#files[@]} -gt 0 ]; then
+if [ -n "${TEST_FORCE_VALIDATE:-}" ] || [ ${#files[@]} -gt 0 ]; then
 	# We run 'go generate' and see if we have a diff afterwards
-	go generate ./profiles/seccomp/ >/dev/null
+	go generate ./profiles/seccomp/ > /dev/null
 	# Let see if the working directory is clean
-	diffs="$(git status --porcelain -- profiles/seccomp 2>/dev/null)"
+	diffs="$(git status --porcelain -- profiles/seccomp 2> /dev/null)"
 	if [ "$diffs" ]; then
 		{
 			echo 'The result of go generate ./profiles/seccomp/ differs'
@@ -23,6 +23,6 @@ if [ ${#files[@]} -gt 0 ]; then
 		} >&2
 		false
 	else
-		echo 'Congratulations! Seccomp profile generation is done correctly.'
+		echo 'Congratulations!  Seccomp profile generation is done correctly.'
 	fi
 fi
diff --git a/hack/validate/deprecate-integration-cli b/hack/validate/deprecate-integration-cli
index da6f8310f406b..f53b48eedc489 100755
--- a/hack/validate/deprecate-integration-cli
+++ b/hack/validate/deprecate-integration-cli
@@ -1,25 +1,25 @@
 #!/usr/bin/env bash
 # Check that no new tests are being added to integration-cli
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPTDIR}/.validate"
 
 new_tests=$(
-    validate_diff --diff-filter=ACMR --unified=0 -- 'integration-cli/*_cli_*.go' |
-    grep -E '^\+func (.*) Test' || true
+	validate_diff --diff-filter=ACMR --unified=0 -- 'integration-cli/*_api_*.go' 'integration-cli/*_cli_*.go' \
+		| grep -E '^\+func (.*) Test' || true
 )
 
-if [ -z "$new_tests" ]; then
-	echo 'Congratulations!  No new tests added to integration-cli.'
-    exit
+if [ -n "$new_tests" ]; then
+	{
+		echo "The following new tests were added to integration-cli:"
+		echo
+		echo "$new_tests"
+		echo
+		echo "integration-cli is deprecated. Please add an API integration test to"
+		echo "./integration/COMPONENT/. See ./TESTING.md for more details."
+		echo
+	} >&2
+	false
+else
+	echo 'Congratulations!  No new tests were added to integration-cli.'
 fi
-
-echo "The following new tests were added to integration-cli:"
-echo
-echo "$new_tests"
-echo
-echo "integration-cli is deprecated. Please add an API integration test to"
-echo "./integration/COMPONENT/. See ./TESTING.md for more details."
-echo
-
-exit 1
diff --git a/hack/validate/golangci-lint b/hack/validate/golangci-lint
new file mode 100755
index 0000000000000..fd14690ae1fd6
--- /dev/null
+++ b/hack/validate/golangci-lint
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -e -o pipefail
+
+SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# CI platforms differ, so per-platform GOLANGCI_LINT_OPTS can be set
+# from a platform-specific Dockerfile, otherwise let's just set
+# (somewhat pessimistic) default of 10 minutes.
+: "${GOLANGCI_LINT_OPTS=--timeout=10m}"
+
+[ -n "${TESTDEBUG}" ] && set -x
+
+# TODO find a way to share this code with hack/make.sh
+if ${PKG_CONFIG} 'libsystemd >= 209' 2> /dev/null; then
+	DOCKER_BUILDTAGS+=" journald"
+elif ${PKG_CONFIG} 'libsystemd-journal' 2> /dev/null; then
+	DOCKER_BUILDTAGS+=" journald journald_compat"
+fi
+
+echo -e "\n\033[0;36mINFO\033[0m Start validation with golang-ci-lint"
+
+# TODO use --out-format=junit-xml and store artifacts
+# shellcheck disable=SC2086
+GOGC=75 golangci-lint run \
+	${GOLANGCI_LINT_OPTS} \
+	--print-resources-usage \
+	--build-tags="${DOCKER_BUILDTAGS}" \
+	--verbose \
+	--config "${SCRIPTDIR}/golangci-lint.yml"
diff --git a/hack/validate/golangci-lint.yml b/hack/validate/golangci-lint.yml
new file mode 100644
index 0000000000000..c2081ed83fd71
--- /dev/null
+++ b/hack/validate/golangci-lint.yml
@@ -0,0 +1,123 @@
+linters:
+  enable:
+    - deadcode
+    - goimports
+    - golint
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - staticcheck
+    - structcheck
+    - typecheck
+    - unconvert
+    - unused
+    - varcheck
+
+  disable:
+    - errcheck
+
+  run:
+    concurrency: 2
+    modules-download-mode: vendor
+
+    skip-dirs:
+      - bundles
+      - docs
+      # TODO: This package should be completely removed
+      - libnetwork/client/mflag
+
+linters-settings:
+  govet:
+    check-shadowing: false
+
+issues:
+  # The default exclusion rules are a bit too permissive, so copying the relevant ones below
+  exclude-use-default: false
+
+  exclude-rules:
+    # These are copied from the default exclude rules, except for "ineffective break statement"
+    # and GoDoc checks.
+    # https://github.com/golangci/golangci-lint/blob/0cc87df732aaf1d5ad9ce9ca538d38d916918b36/pkg/config/config.go#L36
+    - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked"
+      linters:
+        - errcheck
+    - text: "func name will be used as test\\.Test.* by other packages, and that stutters; consider calling this"
+      linters:
+        - golint
+    - text: "G103: Use of unsafe calls should be audited"
+      linters:
+        - gosec
+    - text: "G104: Errors unhandled"
+      linters:
+        - gosec
+    - text: "G204: Subprocess launch(ed with (variable|function call)|ing should be audited)"
+      linters:
+        - gosec
+    - text: "(G301|G302): (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
+      linters:
+        - gosec
+    - text: "G304: Potential file inclusion via variable"
+      linters:
+        - gosec
+    - text: "G306: Expect WriteFile permissions to be 0600 or less"
+      linters:
+        - gosec
+    - text: 'G307: Deferring unsafe method "Close" on type "*os.File"'
+      linters: gosec
+
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - errcheck
+        - gosec
+
+    # Suppress golint complaining about generated types in api/types/
+    - text: "type name will be used as (container|volume)\\.(Container|Volume).* by other packages, and that stutters; consider calling this"
+      path: "api/types/(volume|container)/"
+      linters:
+        - golint
+    - text: "(G201|G202): SQL string (formatting|concatenation)"
+      linters:
+        - gosec
+    # FIXME: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
+    - text: "G307: Deferring unsafe method"
+      linters:
+        - gosec
+    # FIXME temporarily suppress these. See #39924
+    - text: "SA1019: .*\\.Xattrs is deprecated: Use PAXRecords instead"
+      linters:
+        - staticcheck
+    # FIXME temporarily suppress these. See #39926
+    - text: "SA1019: httputil.NewClientConn"
+      linters:
+        - staticcheck
+    # FIXME temporarily suppress these (related to the ones above)
+    - text: "SA1019: httputil.ErrPersistEOF"
+      linters:
+        - staticcheck
+    # FIXME temporarily suppress these for false positives in tests (see https://github.com/dominikh/go-tools/issues/1022)
+    - text: "SA5011"
+      path: _test\.go
+      linters:
+        - staticcheck
+    # This code is doing some fun stuff with reflect and it trips up the linter.
+    - text: "field `foo` is unused"
+      path: "libnetwork/options/options_test.go"
+      linters:
+        - structcheck
+        - unused
+    # This field is only used on windows but is defined in a platform agnostic file.
+    # The linter doesn't understand that the field is used.
+    - text: "`resolverOnce` is unused"
+      path: libnetwork/network.go
+      linters:
+        - structcheck
+        - unused
+
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-issues-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0
diff --git a/hack/validate/gometalinter b/hack/validate/gometalinter
deleted file mode 100755
index 8f42597fce772..0000000000000
--- a/hack/validate/gometalinter
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e -o pipefail
-
-SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-# CI platforms differ, so per-platform GOMETALINTER_OPTS can be set
-# from a platform-specific Dockerfile, otherwise let's just set
-# (somewhat pessimistic) default of 10 minutes.
-: ${GOMETALINTER_OPTS=--deadline=10m}
-
-gometalinter \
-	${GOMETALINTER_OPTS} \
-	--config $SCRIPTDIR/gometalinter.json ./...
diff --git a/hack/validate/gometalinter.json b/hack/validate/gometalinter.json
deleted file mode 100644
index 81eb1017cb2b0..0000000000000
--- a/hack/validate/gometalinter.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "Vendor": true,
-  "EnableGC": true,
-  "Sort": ["linter", "severity", "path"],
-  "Exclude": [
-    ".*\\.pb\\.go",
-    "dockerversion/version_autogen.go",
-    "api/types/container/container_.*",
-    "api/types/volume/volume_.*",
-    "integration-cli/"
-  ],
-  "Skip": ["integration-cli/"],
-
-  "Enable": [
-    "deadcode",
-    "gofmt",
-    "goimports",
-    "golint",
-    "gosimple",
-    "ineffassign",
-    "interfacer",
-    "unconvert",
-    "vet"
-  ],
-
-  "LineLength": 200
-}
diff --git a/hack/validate/pkg-imports b/hack/validate/pkg-imports
index a9aab6456f767..f82e315f83c01 100755
--- a/hack/validate/pkg-imports
+++ b/hack/validate/pkg-imports
@@ -1,26 +1,26 @@
 #!/usr/bin/env bash
 set -e
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPTDIR}/.validate"
 
 IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- 'pkg/*.go' || true) )
+files=($(validate_diff --diff-filter=ACMR --name-only -- 'pkg/*.go' || true))
 unset IFS
 
 badFiles=()
 for f in "${files[@]}"; do
 	IFS=$'\n'
-	badImports=( $(go list -e -f '{{ join .Deps "\n" }}' "$f" | sort -u | grep -vE '^github.com/docker/docker/pkg/' | grep -vE '^github.com/docker/docker/vendor' | grep -E '^github.com/docker/docker' || true) )
+	badImports=($(go list -e -f '{{ join .Deps "\n" }}' "$f" | sort -u | grep -vE '^github.com/docker/docker/pkg/' | grep -vE '^github.com/docker/docker/vendor' | grep -E '^github.com/docker/docker' || true))
 	unset IFS
 
 	for import in "${badImports[@]}"; do
-		badFiles+=( "$f imports $import" )
+		badFiles+=("$f imports $import")
 	done
 done
 
 if [ ${#badFiles[@]} -eq 0 ]; then
-	echo 'Congratulations!  "./pkg/..." is safely isolated from internal code.'
+	echo 'Congratulations!  Packages in "./pkg/..." are safely isolated from internal code.'
 else
 	{
 		echo 'These files import internal code: (either directly or indirectly)'
diff --git a/hack/validate/shfmt b/hack/validate/shfmt
new file mode 100755
index 0000000000000..748e774e16585
--- /dev/null
+++ b/hack/validate/shfmt
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -e -o pipefail
+
+shfmtflags="-bn -ci -sr"
+# NOTE: `git grep '^#!'` may also pick up non-shell script files.
+# Add exceptional files to `egrep -v` if any false-positive is detected.
+if git grep --name-only '^#!' | egrep -v '(vendor|\.go|Jenkinsfile|\.py|\.bats)' \
+	| xargs shfmt -d $shfmtflags; then
+	echo 'Congratulations! The shell scripts are properly formatted.'
+else
+	echo "Please reformat the shell scripts with \`shfmt -w ${shfmtflags}\`."
+	exit 1
+fi
diff --git a/hack/validate/swagger b/hack/validate/swagger
index 0b3c2719d8667..5bf9c1cbcc151 100755
--- a/hack/validate/swagger
+++ b/hack/validate/swagger
@@ -1,13 +1,18 @@
 #!/usr/bin/env bash
 set -e
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPTDIR}/.validate"
 
 IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- 'api/swagger.yaml' || true) )
+files=($(validate_diff --diff-filter=ACMR --name-only -- 'api/swagger.yaml' || true))
 unset IFS
 
-if [ ${#files[@]} -gt 0 ]; then
-  yamllint -c ${SCRIPTDIR}/.swagger-yamllint api/swagger.yaml
-  swagger validate api/swagger.yaml
+if [ -n "${TEST_FORCE_VALIDATE:-}" ] || [ ${#files[@]} -gt 0 ]; then
+	LANG=C.UTF-8 yamllint -c "${SCRIPTDIR}"/.swagger-yamllint api/swagger.yaml
+	if out=$(swagger validate api/swagger.yaml); then
+		echo "Congratulations!  ${out}"
+	else
+		echo "${out}" >&2
+		false
+	fi
 fi
diff --git a/hack/validate/swagger-gen b/hack/validate/swagger-gen
index 07c22b5a62d3a..0d000ea39b173 100755
--- a/hack/validate/swagger-gen
+++ b/hack/validate/swagger-gen
@@ -1,14 +1,14 @@
 #!/usr/bin/env bash
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPTDIR}/.validate"
 
 IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- 'api/types/' 'api/swagger.yaml' || true) )
+files=($(validate_diff --diff-filter=ACMR --name-only -- 'api/types/' 'api/swagger.yaml' || true))
 unset IFS
 
-if [ ${#files[@]} -gt 0 ]; then
-	${SCRIPTDIR}/../generate-swagger-api.sh 2> /dev/null
+if [ -n "${TEST_FORCE_VALIDATE:-}" ] || [ ${#files[@]} -gt 0 ]; then
+	"${SCRIPTDIR}"/../generate-swagger-api.sh 2> /dev/null
 	# Let see if the working directory is clean
 	diffs="$(git diff -- api/types/)"
 	if [ "$diffs" ]; then
@@ -17,13 +17,13 @@ if [ ${#files[@]} -gt 0 ]; then
 			echo
 			echo "$diffs"
 			echo
-			echo 'Please update api/swagger.yaml with any api changes, then '
-			echo 'run `hack/generate-swagger-api.sh`.'
+			echo 'Please update api/swagger.yaml with any API changes, then '
+			echo 'run hack/generate-swagger-api.sh.'
 		} >&2
 		false
 	else
-		echo 'Congratulations! All api changes are done the right way.'
+		echo 'Congratulations!  All API changes are done the right way.'
 	fi
 else
-    echo 'No api/types/ or api/swagger.yaml changes in diff.'
+	echo 'No api/types/ or api/swagger.yaml changes in diff.'
 fi
diff --git a/hack/validate/test-imports b/hack/validate/test-imports
deleted file mode 100755
index 0e836a31c0754..0000000000000
--- a/hack/validate/test-imports
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/usr/bin/env bash
-# Make sure we're not using gos' Testing package any more in integration-cli
-
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-source "${SCRIPTDIR}/.validate"
-
-IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- 'integration-cli/*.go' || true) )
-unset IFS
-
-badFiles=()
-for f in "${files[@]}"; do
-	# skip check_test.go since it *does* use the testing package
-	if [ "$f" = "integration-cli/check_test.go" ]; then
-		continue
-	fi
-
-	# we use "git show" here to validate that what's committed doesn't contain golang built-in testing
-	if git show "$VALIDATE_HEAD:$f" | grep -q testing.T; then
-		if [ "$(echo $f | grep '_test')" ]; then
-			# allow testing.T for non- _test files
-			badFiles+=( "$f" )
-		fi
-	fi
-done
-
-if [ ${#badFiles[@]} -eq 0 ]; then
-	echo 'Congratulations!  No testing.T found.'
-else
-	{
-		echo "These files use the wrong testing infrastructure:"
-		for f in "${badFiles[@]}"; do
-			echo " - $f"
-		done
-		echo
-	} >&2
-	false
-fi
diff --git a/hack/validate/toml b/hack/validate/toml
index d5b2ce1c293f2..7f1739ab84339 100755
--- a/hack/validate/toml
+++ b/hack/validate/toml
@@ -1,30 +1,30 @@
 #!/usr/bin/env bash
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPTDIR}/.validate"
 
 IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- 'MAINTAINERS' || true) )
+files=($(validate_diff --diff-filter=ACMR --name-only -- 'MAINTAINERS' || true))
 unset IFS
 
 badFiles=()
 for f in "${files[@]}"; do
-	# we use "git show" here to validate that what's committed has valid toml syntax
-	if ! git show "$VALIDATE_HEAD:$f" | tomlv /proc/self/fd/0 ; then
-		badFiles+=( "$f" )
+	# we use "git show" here to validate that what's committed has valid TOML syntax
+	if ! git show "$VALIDATE_HEAD:$f" | tomll /proc/self/fd/0; then
+		badFiles+=("$f")
 	fi
 done
 
 if [ ${#badFiles[@]} -eq 0 ]; then
-	echo 'Congratulations!  All toml source files changed here have valid syntax.'
+	echo 'Congratulations!  All TOML source files changed here have valid syntax.'
 else
 	{
-		echo "These files are not valid toml:"
+		echo "These files are not valid TOML:"
 		for f in "${badFiles[@]}"; do
 			echo " - $f"
 		done
 		echo
-		echo 'Please reformat the above files as valid toml'
+		echo 'Please reformat the above files as valid TOML'
 		echo
 	} >&2
 	false
diff --git a/hack/validate/vendor b/hack/validate/vendor
index 41676fed53558..5d3121b4c996b 100755
--- a/hack/validate/vendor
+++ b/hack/validate/vendor
@@ -1,26 +1,31 @@
 #!/usr/bin/env bash
 
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source "${SCRIPTDIR}/.validate"
 
 validate_vendor_diff(){
 	IFS=$'\n'
+	# shellcheck disable=SC2207
 	files=( $(validate_diff --diff-filter=ACMR --name-only -- 'vendor.conf' 'vendor/' || true) )
 	unset IFS
 
-	if [ ${#files[@]} -gt 0 ]; then
+	if [ -n "${TEST_FORCE_VALIDATE:-}" ] || [ ${#files[@]} -gt 0 ]; then
 		# recreate vendor/
-		vndr
+		./hack/vendor.sh
 		# check if any files have changed
 		diffs="$(git status --porcelain -- vendor 2>/dev/null)"
+		mfiles="$(echo "$diffs" | awk '/^ M / {print $2}')"
 		if [ "$diffs" ]; then
 			{
 				echo 'The result of vndr differs'
 				echo
 				echo "$diffs"
 				echo
-				echo 'Please vendor your package with github.com/LK4D4/vndr.'
+				echo 'Please vendor your package with hack/vendor.sh.'
 				echo
+				if [ -n "$mfiles" ] ; then
+					git diff -- "$mfiles"
+				fi
 			} >&2
 			false
 		else
@@ -34,11 +39,9 @@ validate_vendor_diff(){
 # 1. make sure all the vendored packages are used
 # 2. make sure all the packages contain license information (just warning, because it can cause false-positive)
 validate_vendor_used() {
-	pkgs=$(mawk '/^[a-zA-Z0-9]/ { print $1 }' < vendor.conf)
-	for f in $pkgs; do
-	if ls -d vendor/$f  > /dev/null 2>&1; then
-		found=$(find vendor/$f -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l)
-		if [ $found -eq 0 ]; then
+	for f in $(mawk '/^[a-zA-Z0-9]/ { print $1 }' vendor.conf); do
+	if [ -d "vendor/$f" ]; then
+		if ! echo "vendor/$f"/* | grep -qiEc '/(LICENSE|COPYING)'; then
 		echo "WARNING: could not find copyright information for $f"
 		fi
 	else
diff --git a/hack/vendor.sh b/hack/vendor.sh
index a7a571e7b7c5e..893b5b7cd0c46 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -12,4 +12,17 @@ if ! hash vndr; then
 	exit 1
 fi
 
-vndr "$@"
+if [ $# -eq 0 ] || [ "$1" = "archive/tar" ]; then
+	echo "update vendored copy of archive/tar"
+	: "${GO_VERSION:=$(awk -F '[ =]' '$1 == "ARG" && $2 == "GO_VERSION" { print $3; exit }' ./Dockerfile)}"
+	rm -rf vendor/archive
+	mkdir -p ./vendor/archive/tar
+	echo "downloading: https://golang.org/dl/go${GO_VERSION%.0}.src.tar.gz"
+	curl -fsSL "https://golang.org/dl/go${GO_VERSION%.0}.src.tar.gz" \
+		| tar --extract --gzip --directory=vendor/archive/tar --strip-components=4 go/src/archive/tar
+	patch --strip=4 --directory=vendor/archive/tar --input="$PWD/patches/0001-archive-tar-do-not-populate-user-group-names.patch"
+fi
+
+if [ $# -eq 0 ] || [ "$1" != "archive/tar" ]; then
+	vndr -whitelist='^archive[/\\]tar' "$@"
+fi
diff --git a/image/fs.go b/image/fs.go
index 7080c8c0155f6..d996501cc6db7 100644
--- a/image/fs.go
+++ b/image/fs.go
@@ -2,13 +2,12 @@ package image // import "github.com/docker/docker/image"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
 
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -68,7 +67,7 @@ func (s *fs) metadataDir(dgst digest.Digest) string {
 func (s *fs) Walk(f DigestWalkFunc) error {
 	// Only Canonical digest (sha256) is currently supported
 	s.RLock()
-	dir, err := ioutil.ReadDir(filepath.Join(s.root, contentDirName, string(digest.Canonical)))
+	dir, err := os.ReadDir(filepath.Join(s.root, contentDirName, string(digest.Canonical)))
 	s.RUnlock()
 	if err != nil {
 		return err
@@ -95,7 +94,7 @@ func (s *fs) Get(dgst digest.Digest) ([]byte, error) {
 }
 
 func (s *fs) get(dgst digest.Digest) ([]byte, error) {
-	content, err := ioutil.ReadFile(s.contentFile(dgst))
+	content, err := os.ReadFile(s.contentFile(dgst))
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to get digest %s", dgst)
 	}
@@ -159,7 +158,7 @@ func (s *fs) GetMetadata(dgst digest.Digest, key string) ([]byte, error) {
 	if _, err := s.get(dgst); err != nil {
 		return nil, err
 	}
-	bytes, err := ioutil.ReadFile(filepath.Join(s.metadataDir(dgst), key))
+	bytes, err := os.ReadFile(filepath.Join(s.metadataDir(dgst), key))
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to read metadata")
 	}
diff --git a/image/fs_test.go b/image/fs_test.go
index 6290c2b66e841..dc2f52cc3811d 100644
--- a/image/fs_test.go
+++ b/image/fs_test.go
@@ -5,18 +5,17 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"errors"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func defaultFSStoreBackend(t *testing.T) (StoreBackend, func()) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	tmpdir, err := os.MkdirTemp("", "images-fs-store")
 	assert.Check(t, err)
 
 	fsBackend, err := NewFSStoreBackend(tmpdir)
@@ -29,15 +28,13 @@ func TestFSGetInvalidData(t *testing.T) {
 	store, cleanup := defaultFSStoreBackend(t)
 	defer cleanup()
 
-	id, err := store.Set([]byte("foobar"))
+	dgst, err := store.Set([]byte("foobar"))
 	assert.Check(t, err)
 
-	dgst := digest.Digest(id)
-
-	err = ioutil.WriteFile(filepath.Join(store.(*fs).root, contentDirName, string(dgst.Algorithm()), dgst.Hex()), []byte("foobar2"), 0600)
+	err = os.WriteFile(filepath.Join(store.(*fs).root, contentDirName, string(dgst.Algorithm()), dgst.Hex()), []byte("foobar2"), 0600)
 	assert.Check(t, err)
 
-	_, err = store.Get(id)
+	_, err = store.Get(dgst)
 	assert.Check(t, is.ErrorContains(err, "failed to verify"))
 }
 
@@ -54,7 +51,7 @@ func TestFSInvalidSet(t *testing.T) {
 }
 
 func TestFSInvalidRoot(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	tmpdir, err := os.MkdirTemp("", "images-fs-store")
 	assert.Check(t, err)
 	defer os.RemoveAll(tmpdir)
 
@@ -132,7 +129,7 @@ func TestFSInvalidWalker(t *testing.T) {
 	fooID, err := store.Set([]byte("foo"))
 	assert.Check(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(store.(*fs).root, contentDirName, "sha256/foobar"), []byte("foobar"), 0600)
+	err = os.WriteFile(filepath.Join(store.(*fs).root, contentDirName, "sha256/foobar"), []byte("foobar"), 0600)
 	assert.Check(t, err)
 
 	n := 0
@@ -172,7 +169,7 @@ func TestFSGetSet(t *testing.T) {
 	})
 
 	for _, tc := range tcases {
-		id, err := store.Set([]byte(tc.input))
+		id, err := store.Set(tc.input)
 		assert.Check(t, err)
 		assert.Check(t, is.Equal(tc.expected, id))
 	}
diff --git a/image/image.go b/image/image.go
index 7e0646f0724ed..a9db58fd65be2 100644
--- a/image/image.go
+++ b/image/image.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"io"
+	"reflect"
 	"runtime"
 	"strings"
 	"time"
@@ -11,7 +12,7 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/layer"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 )
 
 // ID is the content-addressable ID of an image.
@@ -53,6 +54,8 @@ type V1Image struct {
 	Config *container.Config `json:"config,omitempty"`
 	// Architecture is the hardware that the image is built and runs on
 	Architecture string `json:"architecture,omitempty"`
+	// Variant is the CPU architecture variant (presently ARM-only)
+	Variant string `json:"variant,omitempty"`
 	// OS is the operating system used to build and run the image
 	OS string `json:"os,omitempty"`
 	// Size is the total size of the image including all layers it is composed of
@@ -62,7 +65,7 @@ type V1Image struct {
 // Image stores the image configuration
 type Image struct {
 	V1Image
-	Parent     ID        `json:"parent,omitempty"`
+	Parent     ID        `json:"parent,omitempty"` //nolint:govet
 	RootFS     *RootFS   `json:"rootfs,omitempty"`
 	History    []History `json:"history,omitempty"`
 	OSVersion  string    `json:"os.version,omitempty"`
@@ -105,6 +108,13 @@ func (img *Image) BaseImgArch() string {
 	return arch
 }
 
+// BaseImgVariant returns the image's variant, whether populated or not.
+// This avoids creating an inconsistency where the stored image variant
+// is "greater than" (i.e. v8 vs v6) the actual image variant.
+func (img *Image) BaseImgVariant() string {
+	return img.Variant
+}
+
 // OperatingSystem returns the image's operating system. If not populated, defaults to the host runtime OS.
 func (img *Image) OperatingSystem() string {
 	os := img.OS
@@ -144,7 +154,7 @@ type ChildConfig struct {
 }
 
 // NewChildImage creates a new Image as a child of this image.
-func NewChildImage(img *Image, child ChildConfig, platform string) *Image {
+func NewChildImage(img *Image, child ChildConfig, os string) *Image {
 	isEmptyLayer := layer.IsEmpty(child.DiffID)
 	var rootFS *RootFS
 	if img.RootFS != nil {
@@ -167,7 +177,8 @@ func NewChildImage(img *Image, child ChildConfig, platform string) *Image {
 			DockerVersion:   dockerversion.Version,
 			Config:          child.Config,
 			Architecture:    img.BaseImgArch(),
-			OS:              platform,
+			Variant:         img.BaseImgVariant(),
+			OS:              os,
 			Container:       child.ContainerID,
 			ContainerConfig: *child.ContainerConfig,
 			Author:          child.Author,
@@ -208,6 +219,16 @@ func NewHistory(author, comment, createdBy string, isEmptyLayer bool) History {
 	}
 }
 
+// Equal compares two history structs for equality
+func (h History) Equal(i History) bool {
+	if !h.Created.Equal(i.Created) {
+		return false
+	}
+	i.Created = h.Created
+
+	return reflect.DeepEqual(h, i)
+}
+
 // Exporter provides interface for loading and saving images
 type Exporter interface {
 	Load(io.ReadCloser, io.Writer, bool) error
diff --git a/image/image_test.go b/image/image_test.go
index 981be0b68c698..21f81c768d30e 100644
--- a/image/image_test.go
+++ b/image/image_test.go
@@ -10,8 +10,8 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/layer"
 	"github.com/google/go-cmp/cmp"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 const sampleImageJSON = `{
@@ -56,6 +56,29 @@ func TestMarshalKeyOrder(t *testing.T) {
 	}
 }
 
+const sampleHistoryJSON = `{
+	"created": "2021-01-13T09:35:56Z",
+	"created_by": "image_test.go"
+}`
+
+func TestHistoryEqual(t *testing.T) {
+	h := historyFromJSON(t, sampleHistoryJSON)
+	hCopy := h
+	assert.Check(t, h.Equal(hCopy))
+
+	hUTC := historyFromJSON(t, `{"created": "2021-01-13T14:00:00Z"}`)
+	hOffset0 := historyFromJSON(t, `{"created": "2021-01-13T14:00:00+00:00"}`)
+	assert.Check(t, hUTC.Created != hOffset0.Created)
+	assert.Check(t, hUTC.Equal(hOffset0))
+}
+
+func historyFromJSON(t *testing.T, historyJSON string) History {
+	var h History
+	err := json.Unmarshal([]byte(historyJSON), &h)
+	assert.Check(t, err)
+	return h
+}
+
 func TestImage(t *testing.T) {
 	cid := "50a16564e727"
 	config := &container.Config{
diff --git a/image/rootfs.go b/image/rootfs.go
index 84843e10c6d5d..f73a0660fa593 100644
--- a/image/rootfs.go
+++ b/image/rootfs.go
@@ -38,7 +38,8 @@ func (r *RootFS) Append(id layer.DiffID) {
 func (r *RootFS) Clone() *RootFS {
 	newRoot := NewRootFS()
 	newRoot.Type = r.Type
-	newRoot.DiffIDs = append(r.DiffIDs)
+	newRoot.DiffIDs = make([]layer.DiffID, len(r.DiffIDs))
+	copy(newRoot.DiffIDs, r.DiffIDs)
 	return newRoot
 }
 
diff --git a/image/spec/v1.1.md b/image/spec/v1.1.md
index de74d91a199fb..5d8c7e9d806f7 100644
--- a/image/spec/v1.1.md
+++ b/image/spec/v1.1.md
@@ -144,7 +144,7 @@ Here is an example image JSON file:
             "/var/job-result-data": {},
             "/var/log/my-app-logs": {},
         },
-        "WorkingDir": "/home/alice",
+        "WorkingDir": "/home/alice"
     },
     "rootfs": {
       "diff_ids": [
@@ -405,9 +405,7 @@ whitespace. It has been added to this example for clarity.
             filesystem).
           </li>
         </ul>
-
 Here is an example history section:
-
 <pre>"history": [
   {
     "created": "2015-10-31T22:22:54.690851953Z",
diff --git a/image/spec/v1.2.md b/image/spec/v1.2.md
index 2ea3feec92cc0..1400e183f092f 100644
--- a/image/spec/v1.2.md
+++ b/image/spec/v1.2.md
@@ -144,7 +144,7 @@ Here is an example image JSON file:
             "/var/job-result-data": {},
             "/var/log/my-app-logs": {},
         },
-        "WorkingDir": "/home/alice",
+        "WorkingDir": "/home/alice"
     },
     "rootfs": {
       "diff_ids": [
diff --git a/image/spec/v1.md b/image/spec/v1.md
index c1415947f1cbf..7bf85cedd240f 100644
--- a/image/spec/v1.md
+++ b/image/spec/v1.md
@@ -151,7 +151,7 @@ Here is an example image JSON file:
             "/var/job-result-data": {},
             "/var/log/my-app-logs": {},
         },
-        "WorkingDir": "/home/alice",
+        "WorkingDir": "/home/alice"
     }
 }
 ```
diff --git a/image/store.go b/image/store.go
index 1a8a8a24516c2..187644f51093b 100644
--- a/image/store.go
+++ b/image/store.go
@@ -1,7 +1,6 @@
 package image // import "github.com/docker/docker/image"
 
 import (
-	"encoding/json"
 	"fmt"
 	"sync"
 	"time"
@@ -9,7 +8,7 @@ import (
 	"github.com/docker/distribution/digestset"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/system"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -43,14 +42,14 @@ type imageMeta struct {
 
 type store struct {
 	sync.RWMutex
-	lss       map[string]LayerGetReleaser
+	lss       LayerGetReleaser
 	images    map[ID]*imageMeta
 	fs        StoreBackend
 	digestSet *digestset.Set
 }
 
 // NewImageStore returns new store object for given set of layer stores
-func NewImageStore(fs StoreBackend, lss map[string]LayerGetReleaser) (Store, error) {
+func NewImageStore(fs StoreBackend, lss LayerGetReleaser) (Store, error) {
 	is := &store{
 		lss:       lss,
 		images:    make(map[ID]*imageMeta),
@@ -79,7 +78,7 @@ func (is *store) restore() error {
 				logrus.Errorf("not restoring image with unsupported operating system %v, %v, %s", dgst, chainID, img.OperatingSystem())
 				return nil
 			}
-			l, err = is.lss[img.OperatingSystem()].Get(chainID)
+			l, err = is.lss.Get(chainID)
 			if err != nil {
 				if err == layer.ErrLayerDoesNotExist {
 					logrus.Errorf("layer does not exist, not restoring image %v, %v, %s", dgst, chainID, img.OperatingSystem())
@@ -118,8 +117,8 @@ func (is *store) restore() error {
 }
 
 func (is *store) Create(config []byte) (ID, error) {
-	var img Image
-	err := json.Unmarshal(config, &img)
+	var img *Image
+	img, err := NewFromJSON(config)
 	if err != nil {
 		return "", err
 	}
@@ -161,7 +160,7 @@ func (is *store) Create(config []byte) (ID, error) {
 		if !system.IsOSSupported(img.OperatingSystem()) {
 			return "", system.ErrNotSupportedOperatingSystem
 		}
-		l, err = is.lss[img.OperatingSystem()].Get(layerID)
+		l, err = is.lss.Get(layerID)
 		if err != nil {
 			return "", errors.Wrapf(err, "failed to get layer %s", layerID)
 		}
@@ -251,7 +250,7 @@ func (is *store) Delete(id ID) ([]layer.Metadata, error) {
 	is.fs.Delete(id.Digest())
 
 	if imageMeta.layer != nil {
-		return is.lss[img.OperatingSystem()].Release(imageMeta.layer)
+		return is.lss.Release(imageMeta.layer)
 	}
 	return nil, nil
 }
diff --git a/image/store_test.go b/image/store_test.go
index 0edf3282af471..4919faa306bae 100644
--- a/image/store_test.go
+++ b/image/store_test.go
@@ -2,15 +2,21 @@ package image // import "github.com/docker/docker/image"
 
 import (
 	"fmt"
-	"runtime"
 	"testing"
 
 	"github.com/docker/docker/layer"
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/assert"
-	"gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
 )
 
+func TestCreate(t *testing.T) {
+	is, cleanup := defaultImageStore(t)
+	defer cleanup()
+
+	_, err := is.Create([]byte(`{}`))
+	assert.Check(t, cmp.Error(err, "invalid image JSON, no RootFS key"))
+}
+
 func TestRestore(t *testing.T) {
 	fs, cleanup := defaultFSStoreBackend(t)
 	defer cleanup()
@@ -27,9 +33,7 @@ func TestRestore(t *testing.T) {
 	err = fs.SetMetadata(id2, "parent", []byte(id1))
 	assert.NilError(t, err)
 
-	mlgrMap := make(map[string]LayerGetReleaser)
-	mlgrMap[runtime.GOOS] = &mockLayerGetReleaser{}
-	is, err := NewImageStore(fs, mlgrMap)
+	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
 	assert.NilError(t, err)
 
 	assert.Check(t, cmp.Len(is.Map(), 2))
@@ -60,11 +64,11 @@ func TestRestore(t *testing.T) {
 	assert.NilError(t, err)
 	assert.Check(t, cmp.Equal(ID(id1), sid1))
 
-	sid1, err = is.Search(digest.Digest(id1).Hex()[:6])
+	sid1, err = is.Search(id1.Hex()[:6])
 	assert.NilError(t, err)
 	assert.Check(t, cmp.Equal(ID(id1), sid1))
 
-	invalidPattern := digest.Digest(id1).Hex()[1:6]
+	invalidPattern := id1.Hex()[1:6]
 	_, err = is.Search(invalidPattern)
 	assert.ErrorContains(t, err, "No such image")
 }
@@ -146,9 +150,7 @@ func TestParentReset(t *testing.T) {
 func defaultImageStore(t *testing.T) (Store, func()) {
 	fsBackend, cleanup := defaultFSStoreBackend(t)
 
-	mlgrMap := make(map[string]LayerGetReleaser)
-	mlgrMap[runtime.GOOS] = &mockLayerGetReleaser{}
-	store, err := NewImageStore(fsBackend, mlgrMap)
+	store, err := NewImageStore(fsBackend, &mockLayerGetReleaser{})
 	assert.NilError(t, err)
 
 	return store, cleanup
diff --git a/image/tarexport/load.go b/image/tarexport/load.go
index 786214383eaf3..fa7a745cc03be 100644
--- a/image/tarexport/load.go
+++ b/image/tarexport/load.go
@@ -5,26 +5,23 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
-	"reflect"
 	"runtime"
 
-	"github.com/containerd/containerd/platforms"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/image/v1"
+	v1 "github.com/docker/docker/image/v1"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/pkg/system"
-	"github.com/opencontainers/go-digest"
+	"github.com/moby/sys/symlink"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
 )
 
@@ -35,7 +32,7 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 	}
 	outStream = streamformatter.NewStdoutWriter(outStream)
 
-	tmpDir, err := ioutil.TempDir("", "docker-import-")
+	tmpDir, err := os.MkdirTemp("", "docker-import-")
 	if err != nil {
 		return err
 	}
@@ -63,6 +60,10 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 		return err
 	}
 
+	if err := validateManifest(manifest); err != nil {
+		return err
+	}
+
 	var parentLinks []parentLink
 	var imageIDsStr string
 	var imageRefCount int
@@ -72,7 +73,7 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 		if err != nil {
 			return err
 		}
-		config, err := ioutil.ReadFile(configPath)
+		config, err := os.ReadFile(configPath)
 		if err != nil {
 			return err
 		}
@@ -80,8 +81,8 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 		if err != nil {
 			return err
 		}
-		if err := checkCompatibleOS(img.OS); err != nil {
-			return err
+		if !system.IsOSSupported(img.OperatingSystem()) {
+			return fmt.Errorf("cannot load %s image on %s", img.OperatingSystem(), runtime.GOOS)
 		}
 		rootFS := *img.RootFS
 		rootFS.DiffIDs = nil
@@ -90,17 +91,6 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 			return fmt.Errorf("invalid manifest, layers length mismatch: expected %d, got %d", expected, actual)
 		}
 
-		// On Windows, validate the platform, defaulting to windows if not present.
-		os := img.OS
-		if os == "" {
-			os = runtime.GOOS
-		}
-		if runtime.GOOS == "windows" {
-			if (os != "windows") && (os != "linux") {
-				return fmt.Errorf("configuration for this image has an unsupported operating system: %s", os)
-			}
-		}
-
 		for i, diffID := range img.RootFS.DiffIDs {
 			layerPath, err := safePath(tmpDir, m.Layers[i])
 			if err != nil {
@@ -108,14 +98,14 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 			}
 			r := rootFS
 			r.Append(diffID)
-			newLayer, err := l.lss[os].Get(r.ChainID())
+			newLayer, err := l.lss.Get(r.ChainID())
 			if err != nil {
-				newLayer, err = l.loadLayer(layerPath, rootFS, diffID.String(), os, m.LayerSources[diffID], progressOutput)
+				newLayer, err = l.loadLayer(layerPath, rootFS, diffID.String(), m.LayerSources[diffID], progressOutput)
 				if err != nil {
 					return err
 				}
 			}
-			defer layer.ReleaseAndLog(l.lss[os], newLayer)
+			defer layer.ReleaseAndLog(l.lss, newLayer)
 			if expected, actual := diffID, newLayer.DiffID(); expected != actual {
 				return fmt.Errorf("invalid diffID for layer %d: expected %q, got %q", i, expected, actual)
 			}
@@ -177,7 +167,7 @@ func (l *tarexporter) setParentID(id, parentID image.ID) error {
 	return l.is.SetParent(id, parentID)
 }
 
-func (l *tarexporter) loadLayer(filename string, rootFS image.RootFS, id string, os string, foreignSrc distribution.Descriptor, progressOutput progress.Output) (layer.Layer, error) {
+func (l *tarexporter) loadLayer(filename string, rootFS image.RootFS, id string, foreignSrc distribution.Descriptor, progressOutput progress.Output) (layer.Layer, error) {
 	// We use system.OpenSequential to use sequential file access on Windows, avoiding
 	// depleting the standby list. On Linux, this equates to a regular os.Open.
 	rawTar, err := system.OpenSequential(filename)
@@ -206,10 +196,10 @@ func (l *tarexporter) loadLayer(filename string, rootFS image.RootFS, id string,
 	}
 	defer inflatedLayerData.Close()
 
-	if ds, ok := l.lss[os].(layer.DescribableStore); ok {
+	if ds, ok := l.lss.(layer.DescribableStore); ok {
 		return ds.RegisterWithDescriptor(inflatedLayerData, rootFS.ChainID(), foreignSrc)
 	}
-	return l.lss[os].Register(inflatedLayerData, rootFS.ChainID())
+	return l.lss.Register(inflatedLayerData, rootFS.ChainID())
 }
 
 func (l *tarexporter) setLoadedTag(ref reference.Named, imgID digest.Digest, outStream io.Writer) error {
@@ -227,7 +217,7 @@ func (l *tarexporter) legacyLoad(tmpDir string, outStream io.Writer, progressOut
 
 	legacyLoadedMap := make(map[string]image.ID)
 
-	dirs, err := ioutil.ReadDir(tmpDir)
+	dirs, err := os.ReadDir(tmpDir)
 	if err != nil {
 		return err
 	}
@@ -286,7 +276,7 @@ func (l *tarexporter) legacyLoadImage(oldID, sourceDir string, loadedMap map[str
 	if err != nil {
 		return err
 	}
-	imageJSON, err := ioutil.ReadFile(configPath)
+	imageJSON, err := os.ReadFile(configPath)
 	if err != nil {
 		logrus.Debugf("Error reading json: %v", err)
 		return err
@@ -300,12 +290,12 @@ func (l *tarexporter) legacyLoadImage(oldID, sourceDir string, loadedMap map[str
 		return err
 	}
 
-	if err := checkCompatibleOS(img.OS); err != nil {
-		return err
-	}
 	if img.OS == "" {
 		img.OS = runtime.GOOS
 	}
+	if !system.IsOSSupported(img.OS) {
+		return fmt.Errorf("cannot load %s image on %s", img.OS, runtime.GOOS)
+	}
 
 	var parentID image.ID
 	if img.Parent != "" {
@@ -339,7 +329,7 @@ func (l *tarexporter) legacyLoadImage(oldID, sourceDir string, loadedMap map[str
 	if err != nil {
 		return err
 	}
-	newLayer, err := l.loadLayer(layerPath, *rootFS, oldID, img.OS, distribution.Descriptor{}, progressOutput)
+	newLayer, err := l.loadLayer(layerPath, *rootFS, oldID, distribution.Descriptor{}, progressOutput)
 	if err != nil {
 		return err
 	}
@@ -360,7 +350,7 @@ func (l *tarexporter) legacyLoadImage(oldID, sourceDir string, loadedMap map[str
 		return err
 	}
 
-	metadata, err := l.lss[img.OS].Release(newLayer)
+	metadata, err := l.lss.Release(newLayer)
 	layer.LogReleaseMetadata(metadata)
 	if err != nil {
 		return err
@@ -406,27 +396,19 @@ func checkValidParent(img, parent *image.Image) bool {
 		return false
 	}
 	for i, h := range parent.History {
-		if !reflect.DeepEqual(h, img.History[i]) {
+		if !h.Equal(img.History[i]) {
 			return false
 		}
 	}
 	return true
 }
 
-func checkCompatibleOS(imageOS string) error {
-	// always compatible if the images OS matches the host OS; also match an empty image OS
-	if imageOS == runtime.GOOS || imageOS == "" {
-		return nil
-	}
-	// On non-Windows hosts, for compatibility, fail if the image is Windows.
-	if runtime.GOOS != "windows" && imageOS == "windows" {
-		return fmt.Errorf("cannot load %s image on %s", imageOS, runtime.GOOS)
+func validateManifest(manifest []manifestItem) error {
+	// a nil manifest usually indicates a bug, so don't just silently fail.
+	// if someone really needs to pass an empty manifest, they can pass [].
+	if manifest == nil {
+		return errors.New("invalid manifest, manifest cannot be null (but can be [])")
 	}
 
-	p, err := platforms.Parse(imageOS)
-	if err != nil {
-		return err
-	}
-
-	return system.ValidatePlatform(p)
+	return nil
 }
diff --git a/image/tarexport/load_test.go b/image/tarexport/load_test.go
new file mode 100644
index 0000000000000..3121e1f2c09ea
--- /dev/null
+++ b/image/tarexport/load_test.go
@@ -0,0 +1,37 @@
+package tarexport
+
+import (
+	"testing"
+
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+func TestValidateManifest(t *testing.T) {
+	cases := map[string]struct {
+		manifest    []manifestItem
+		valid       bool
+		errContains string
+	}{
+		"nil": {
+			manifest:    nil,
+			valid:       false,
+			errContains: "manifest cannot be null",
+		},
+		"non-nil": {
+			manifest: []manifestItem{},
+			valid:    true,
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			err := validateManifest(tc.manifest)
+			if tc.valid {
+				assert.Check(t, is.Nil(err))
+			} else {
+				assert.Check(t, is.ErrorContains(err, tc.errContains))
+			}
+		})
+	}
+}
diff --git a/image/tarexport/save.go b/image/tarexport/save.go
index 4e734b35038aa..926d44d68b312 100644
--- a/image/tarexport/save.go
+++ b/image/tarexport/save.go
@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -14,11 +13,11 @@ import (
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/image/v1"
+	v1 "github.com/docker/docker/image/v1"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/system"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
 
@@ -162,7 +161,7 @@ func (l *tarexporter) takeLayerReference(id image.ID, imgDescr *imageDescriptor)
 	if !system.IsOSSupported(os) {
 		return fmt.Errorf("os %q is not supported", os)
 	}
-	layer, err := l.lss[os].Get(topLayerID)
+	layer, err := l.lss.Get(topLayerID)
 	if err != nil {
 		return err
 	}
@@ -174,11 +173,7 @@ func (l *tarexporter) takeLayerReference(id image.ID, imgDescr *imageDescriptor)
 func (l *tarexporter) releaseLayerReferences(imgDescr map[image.ID]*imageDescriptor) error {
 	for _, descr := range imgDescr {
 		if descr.layerRef != nil {
-			os := descr.image.OS
-			if os == "" {
-				os = runtime.GOOS
-			}
-			l.lss[os].Release(descr.layerRef)
+			l.lss.Release(descr.layerRef)
 		}
 	}
 	return nil
@@ -189,7 +184,7 @@ func (s *saveSession) save(outStream io.Writer) error {
 	s.diffIDPaths = make(map[layer.DiffID]string)
 
 	// get image json
-	tempDir, err := ioutil.TempDir("", "docker-export-")
+	tempDir, err := os.MkdirTemp("", "docker-export-")
 	if err != nil {
 		return err
 	}
@@ -221,9 +216,7 @@ func (s *saveSession) save(outStream io.Writer) error {
 
 		for _, l := range imageDescr.layers {
 			// IMPORTANT: We use path, not filepath here to ensure the layers
-			// in the manifest use Unix-style forward-slashes. Otherwise, a
-			// Linux image saved from LCOW won't be able to be imported on
-			// LCOL.
+			// in the manifest use Unix-style forward-slashes.
 			layers = append(layers, path.Join(l, legacyLayerFileName))
 		}
 
@@ -337,7 +330,7 @@ func (s *saveSession) saveImage(id image.ID) (map[layer.DiffID]distribution.Desc
 	}
 
 	configFile := filepath.Join(s.outDir, id.Digest().Hex()+".json")
-	if err := ioutil.WriteFile(configFile, img.RawJSON(), 0644); err != nil {
+	if err := os.WriteFile(configFile, img.RawJSON(), 0644); err != nil {
 		return nil, err
 	}
 	if err := system.Chtimes(configFile, img.Created, img.Created); err != nil {
@@ -359,7 +352,7 @@ func (s *saveSession) saveLayer(id layer.ChainID, legacyImg image.V1Image, creat
 	}
 
 	// todo: why is this version file here?
-	if err := ioutil.WriteFile(filepath.Join(outDir, legacyVersionFileName), []byte("1.0"), 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(outDir, legacyVersionFileName), []byte("1.0"), 0644); err != nil {
 		return distribution.Descriptor{}, err
 	}
 
@@ -368,21 +361,17 @@ func (s *saveSession) saveLayer(id layer.ChainID, legacyImg image.V1Image, creat
 		return distribution.Descriptor{}, err
 	}
 
-	if err := ioutil.WriteFile(filepath.Join(outDir, legacyConfigFileName), imageConfig, 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(outDir, legacyConfigFileName), imageConfig, 0644); err != nil {
 		return distribution.Descriptor{}, err
 	}
 
 	// serialize filesystem
 	layerPath := filepath.Join(outDir, legacyLayerFileName)
-	operatingSystem := legacyImg.OS
-	if operatingSystem == "" {
-		operatingSystem = runtime.GOOS
-	}
-	l, err := s.lss[operatingSystem].Get(id)
+	l, err := s.lss.Get(id)
 	if err != nil {
 		return distribution.Descriptor{}, err
 	}
-	defer layer.ReleaseAndLog(s.lss[operatingSystem], l)
+	defer layer.ReleaseAndLog(s.lss, l)
 
 	if oldPath, exists := s.diffIDPaths[l.DiffID()]; exists {
 		relPath, err := filepath.Rel(outDir, oldPath)
diff --git a/image/tarexport/tarexport.go b/image/tarexport/tarexport.go
index beff668cd87d0..5bcad2265c878 100644
--- a/image/tarexport/tarexport.go
+++ b/image/tarexport/tarexport.go
@@ -25,19 +25,19 @@ type manifestItem struct {
 
 type tarexporter struct {
 	is             image.Store
-	lss            map[string]layer.Store
+	lss            layer.Store
 	rs             refstore.Store
 	loggerImgEvent LogImageEvent
 }
 
 // LogImageEvent defines interface for event generation related to image tar(load and save) operations
 type LogImageEvent interface {
-	//LogImageEvent generates an event related to an image operation
+	// LogImageEvent generates an event related to an image operation
 	LogImageEvent(imageID, refName, action string)
 }
 
 // NewTarExporter returns new Exporter for tar packages
-func NewTarExporter(is image.Store, lss map[string]layer.Store, rs refstore.Store, loggerImgEvent LogImageEvent) image.Exporter {
+func NewTarExporter(is image.Store, lss layer.Store, rs refstore.Store, loggerImgEvent LogImageEvent) image.Exporter {
 	return &tarexporter{
 		is:             is,
 		lss:            lss,
diff --git a/image/v1/imagev1.go b/image/v1/imagev1.go
index c341ceaa77038..1eec8dfc8c00a 100644
--- a/image/v1/imagev1.go
+++ b/image/v1/imagev1.go
@@ -9,7 +9,7 @@ import (
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
 )
 
diff --git a/integration-cli/benchmark_test.go b/integration-cli/benchmark_test.go
index ae0f67f6b04da..8ab87b22d9dbb 100644
--- a/integration-cli/benchmark_test.go
+++ b/integration-cli/benchmark_test.go
@@ -2,17 +2,16 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"runtime"
 	"strings"
 	"sync"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) BenchmarkConcurrentContainerActions(c *check.C) {
+func (s *DockerSuite) BenchmarkConcurrentContainerActions(c *testing.B) {
 	maxConcurrency := runtime.GOMAXPROCS(0)
 	numIterations := c.N
 	outerGroup := &sync.WaitGroup{}
@@ -28,7 +27,7 @@ func (s *DockerSuite) BenchmarkConcurrentContainerActions(c *check.C) {
 			go func() {
 				defer innerGroup.Done()
 				for i := 0; i < numIterations; i++ {
-					args := []string{"run", "-d", defaultSleepImage}
+					args := []string{"run", "-d", "busybox"}
 					args = append(args, sleepCommandForDaemonPlatform()...)
 					out, _, err := dockerCmdWithError(args...)
 					if err != nil {
@@ -37,7 +36,7 @@ func (s *DockerSuite) BenchmarkConcurrentContainerActions(c *check.C) {
 					}
 
 					id := strings.TrimSpace(out)
-					tmpDir, err := ioutil.TempDir("", "docker-concurrent-test-"+id)
+					tmpDir, err := os.MkdirTemp("", "docker-concurrent-test-"+id)
 					if err != nil {
 						chErr <- err
 						return
@@ -90,6 +89,6 @@ func (s *DockerSuite) BenchmarkConcurrentContainerActions(c *check.C) {
 	close(chErr)
 
 	for err := range chErr {
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	}
 }
diff --git a/integration-cli/check_test.go b/integration-cli/check_test.go
index 2282967ee5695..9a710b5210d59 100644
--- a/integration-cli/check_test.go
+++ b/integration-cli/check_test.go
@@ -2,8 +2,8 @@ package main
 
 import (
 	"context"
+	"flag"
 	"fmt"
-	"io/ioutil"
 	"net/http/httptest"
 	"os"
 	"path"
@@ -14,17 +14,17 @@ import (
 	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/daemon"
 	"github.com/docker/docker/integration-cli/environment"
-	testdaemon "github.com/docker/docker/internal/test/daemon"
-	ienv "github.com/docker/docker/internal/test/environment"
-	"github.com/docker/docker/internal/test/fakestorage"
-	"github.com/docker/docker/internal/test/fixtures/plugin"
-	"github.com/docker/docker/internal/test/registry"
+	"github.com/docker/docker/internal/test/suite"
 	"github.com/docker/docker/pkg/reexec"
-	"github.com/go-check/check"
+	testdaemon "github.com/docker/docker/testutil/daemon"
+	ienv "github.com/docker/docker/testutil/environment"
+	"github.com/docker/docker/testutil/fakestorage"
+	"github.com/docker/docker/testutil/fixtures/plugin"
+	"github.com/docker/docker/testutil/registry"
+	"gotest.tools/v3/assert"
 )
 
 const (
@@ -43,6 +43,8 @@ var (
 
 	// the docker client binary to use
 	dockerBinary = ""
+
+	testEnvOnce sync.Once
 )
 
 func init() {
@@ -58,6 +60,9 @@ func init() {
 }
 
 func TestMain(m *testing.M) {
+	flag.Parse()
+
+	// Global set up
 	dockerBinary = testEnv.DockerBinary()
 	err := ienv.EnsureFrozenImagesLinux(&testEnv.Execution)
 	if err != nil {
@@ -69,26 +74,83 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }
 
-func Test(t *testing.T) {
-	cli.SetTestEnvironment(testEnv)
-	fakestorage.SetTestEnvironment(&testEnv.Execution)
-	ienv.ProtectAll(t, &testEnv.Execution)
-	check.TestingT(t)
+func ensureTestEnvSetup(t *testing.T) {
+	testEnvOnce.Do(func() {
+		cli.SetTestEnvironment(testEnv)
+		fakestorage.SetTestEnvironment(&testEnv.Execution)
+		ienv.ProtectAll(t, &testEnv.Execution)
+	})
 }
 
-func init() {
-	check.Suite(&DockerSuite{})
+func TestDockerSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	suite.Run(t, &DockerSuite{})
+}
+
+func TestDockerRegistrySuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	suite.Run(t, &DockerRegistrySuite{ds: &DockerSuite{}})
+}
+
+func TestDockerSchema1RegistrySuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	suite.Run(t, &DockerSchema1RegistrySuite{ds: &DockerSuite{}})
+}
+
+func TestDockerRegistryAuthHtpasswdSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	suite.Run(t, &DockerRegistryAuthHtpasswdSuite{ds: &DockerSuite{}})
+}
+
+func TestDockerRegistryAuthTokenSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	suite.Run(t, &DockerRegistryAuthTokenSuite{ds: &DockerSuite{}})
+}
+
+func TestDockerDaemonSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	suite.Run(t, &DockerDaemonSuite{ds: &DockerSuite{}})
+}
+
+func TestDockerSwarmSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	suite.Run(t, &DockerSwarmSuite{ds: &DockerSuite{}})
+}
+
+func TestDockerPluginSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	suite.Run(t, &DockerPluginSuite{ds: &DockerSuite{}})
+}
+
+func TestDockerExternalVolumeSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	testRequires(t, DaemonIsLinux)
+	suite.Run(t, &DockerExternalVolumeSuite{ds: &DockerSuite{}})
+}
+
+func TestDockerNetworkSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	testRequires(t, DaemonIsLinux)
+	suite.Run(t, &DockerNetworkSuite{ds: &DockerSuite{}})
+}
+
+func TestDockerHubPullSuite(t *testing.T) {
+	ensureTestEnvSetup(t)
+	// FIXME. Temporarily turning this off for Windows as GH16039 was breaking
+	// Windows to Linux CI @icecrime
+	testRequires(t, DaemonIsLinux)
+	suite.Run(t, newDockerHubPullSuite())
 }
 
 type DockerSuite struct {
 }
 
-func (s *DockerSuite) OnTimeout(c *check.C) {
+func (s *DockerSuite) OnTimeout(c *testing.T) {
 	if testEnv.IsRemoteDaemon() {
 		return
 	}
 	path := filepath.Join(os.Getenv("DEST"), "docker.pid")
-	b, err := ioutil.ReadFile(path)
+	b, err := os.ReadFile(path)
 	if err != nil {
 		c.Fatalf("Failed to get daemon PID from %s\n", path)
 	}
@@ -104,34 +166,28 @@ func (s *DockerSuite) OnTimeout(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TearDownTest(c *check.C) {
+func (s *DockerSuite) TearDownTest(c *testing.T) {
 	testEnv.Clean(c)
 }
 
-func init() {
-	check.Suite(&DockerRegistrySuite{
-		ds: &DockerSuite{},
-	})
-}
-
 type DockerRegistrySuite struct {
 	ds  *DockerSuite
 	reg *registry.V2
 	d   *daemon.Daemon
 }
 
-func (s *DockerRegistrySuite) OnTimeout(c *check.C) {
+func (s *DockerRegistrySuite) OnTimeout(c *testing.T) {
 	s.d.DumpStackAndQuit()
 }
 
-func (s *DockerRegistrySuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, RegistryHosting, SameHostDaemon)
+func (s *DockerRegistrySuite) SetUpTest(c *testing.T) {
+	testRequires(c, DaemonIsLinux, RegistryHosting, testEnv.IsLocalDaemon)
 	s.reg = registry.NewV2(c)
 	s.reg.WaitReady(c)
 	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
-func (s *DockerRegistrySuite) TearDownTest(c *check.C) {
+func (s *DockerRegistrySuite) TearDownTest(c *testing.T) {
 	if s.reg != nil {
 		s.reg.Close()
 	}
@@ -141,30 +197,24 @@ func (s *DockerRegistrySuite) TearDownTest(c *check.C) {
 	s.ds.TearDownTest(c)
 }
 
-func init() {
-	check.Suite(&DockerSchema1RegistrySuite{
-		ds: &DockerSuite{},
-	})
-}
-
 type DockerSchema1RegistrySuite struct {
 	ds  *DockerSuite
 	reg *registry.V2
 	d   *daemon.Daemon
 }
 
-func (s *DockerSchema1RegistrySuite) OnTimeout(c *check.C) {
+func (s *DockerSchema1RegistrySuite) OnTimeout(c *testing.T) {
 	s.d.DumpStackAndQuit()
 }
 
-func (s *DockerSchema1RegistrySuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, RegistryHosting, NotArm64, SameHostDaemon)
+func (s *DockerSchema1RegistrySuite) SetUpTest(c *testing.T) {
+	testRequires(c, DaemonIsLinux, RegistryHosting, NotArm64, testEnv.IsLocalDaemon)
 	s.reg = registry.NewV2(c, registry.Schema1)
 	s.reg.WaitReady(c)
 	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
-func (s *DockerSchema1RegistrySuite) TearDownTest(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TearDownTest(c *testing.T) {
 	if s.reg != nil {
 		s.reg.Close()
 	}
@@ -174,33 +224,27 @@ func (s *DockerSchema1RegistrySuite) TearDownTest(c *check.C) {
 	s.ds.TearDownTest(c)
 }
 
-func init() {
-	check.Suite(&DockerRegistryAuthHtpasswdSuite{
-		ds: &DockerSuite{},
-	})
-}
-
 type DockerRegistryAuthHtpasswdSuite struct {
 	ds  *DockerSuite
 	reg *registry.V2
 	d   *daemon.Daemon
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) OnTimeout(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) OnTimeout(c *testing.T) {
 	s.d.DumpStackAndQuit()
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, RegistryHosting, SameHostDaemon)
+func (s *DockerRegistryAuthHtpasswdSuite) SetUpTest(c *testing.T) {
+	testRequires(c, DaemonIsLinux, RegistryHosting, testEnv.IsLocalDaemon)
 	s.reg = registry.NewV2(c, registry.Htpasswd)
 	s.reg.WaitReady(c)
 	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) TearDownTest(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TearDownTest(c *testing.T) {
 	if s.reg != nil {
 		out, err := s.d.Cmd("logout", privateRegistryURL)
-		c.Assert(err, check.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 		s.reg.Close()
 	}
 	if s.d != nil {
@@ -209,31 +253,25 @@ func (s *DockerRegistryAuthHtpasswdSuite) TearDownTest(c *check.C) {
 	s.ds.TearDownTest(c)
 }
 
-func init() {
-	check.Suite(&DockerRegistryAuthTokenSuite{
-		ds: &DockerSuite{},
-	})
-}
-
 type DockerRegistryAuthTokenSuite struct {
 	ds  *DockerSuite
 	reg *registry.V2
 	d   *daemon.Daemon
 }
 
-func (s *DockerRegistryAuthTokenSuite) OnTimeout(c *check.C) {
+func (s *DockerRegistryAuthTokenSuite) OnTimeout(c *testing.T) {
 	s.d.DumpStackAndQuit()
 }
 
-func (s *DockerRegistryAuthTokenSuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, RegistryHosting, SameHostDaemon)
+func (s *DockerRegistryAuthTokenSuite) SetUpTest(c *testing.T) {
+	testRequires(c, DaemonIsLinux, RegistryHosting, testEnv.IsLocalDaemon)
 	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
-func (s *DockerRegistryAuthTokenSuite) TearDownTest(c *check.C) {
+func (s *DockerRegistryAuthTokenSuite) TearDownTest(c *testing.T) {
 	if s.reg != nil {
 		out, err := s.d.Cmd("logout", privateRegistryURL)
-		c.Assert(err, check.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 		s.reg.Close()
 	}
 	if s.d != nil {
@@ -242,7 +280,7 @@ func (s *DockerRegistryAuthTokenSuite) TearDownTest(c *check.C) {
 	s.ds.TearDownTest(c)
 }
 
-func (s *DockerRegistryAuthTokenSuite) setupRegistryWithTokenService(c *check.C, tokenURL string) {
+func (s *DockerRegistryAuthTokenSuite) setupRegistryWithTokenService(c *testing.T, tokenURL string) {
 	if s == nil {
 		c.Fatal("registry suite isn't initialized")
 	}
@@ -250,35 +288,29 @@ func (s *DockerRegistryAuthTokenSuite) setupRegistryWithTokenService(c *check.C,
 	s.reg.WaitReady(c)
 }
 
-func init() {
-	check.Suite(&DockerDaemonSuite{
-		ds: &DockerSuite{},
-	})
-}
-
 type DockerDaemonSuite struct {
 	ds *DockerSuite
 	d  *daemon.Daemon
 }
 
-func (s *DockerDaemonSuite) OnTimeout(c *check.C) {
+func (s *DockerDaemonSuite) OnTimeout(c *testing.T) {
 	s.d.DumpStackAndQuit()
 }
 
-func (s *DockerDaemonSuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerDaemonSuite) SetUpTest(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
-func (s *DockerDaemonSuite) TearDownTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerDaemonSuite) TearDownTest(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	if s.d != nil {
 		s.d.Stop(c)
 	}
 	s.ds.TearDownTest(c)
 }
 
-func (s *DockerDaemonSuite) TearDownSuite(c *check.C) {
+func (s *DockerDaemonSuite) TearDownSuite(c *testing.T) {
 	filepath.Walk(testdaemon.SockRoot, func(path string, fi os.FileInfo, err error) error {
 		if err != nil {
 			// ignore errors here
@@ -295,21 +327,15 @@ func (s *DockerDaemonSuite) TearDownSuite(c *check.C) {
 
 const defaultSwarmPort = 2477
 
-func init() {
-	check.Suite(&DockerSwarmSuite{
-		ds: &DockerSuite{},
-	})
-}
-
 type DockerSwarmSuite struct {
 	server      *httptest.Server
 	ds          *DockerSuite
+	daemonsLock sync.Mutex // protect access to daemons and portIndex
 	daemons     []*daemon.Daemon
-	daemonsLock sync.Mutex // protect access to daemons
 	portIndex   int
 }
 
-func (s *DockerSwarmSuite) OnTimeout(c *check.C) {
+func (s *DockerSwarmSuite) OnTimeout(c *testing.T) {
 	s.daemonsLock.Lock()
 	defer s.daemonsLock.Unlock()
 	for _, d := range s.daemons {
@@ -317,11 +343,12 @@ func (s *DockerSwarmSuite) OnTimeout(c *check.C) {
 	}
 }
 
-func (s *DockerSwarmSuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSwarmSuite) SetUpTest(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 }
 
-func (s *DockerSwarmSuite) AddDaemon(c *check.C, joinSwarm, manager bool) *daemon.Daemon {
+func (s *DockerSwarmSuite) AddDaemon(c *testing.T, joinSwarm, manager bool) *daemon.Daemon {
+	c.Helper()
 	d := daemon.New(c, dockerBinary, dockerdBinary,
 		testdaemon.WithEnvironment(testEnv.Execution),
 		testdaemon.WithSwarmPort(defaultSwarmPort+s.portIndex),
@@ -333,18 +360,18 @@ func (s *DockerSwarmSuite) AddDaemon(c *check.C, joinSwarm, manager bool) *daemo
 			d.StartAndSwarmInit(c)
 		}
 	} else {
-		d.StartWithBusybox(c, "--iptables=false", "--swarm-default-advertise-addr=lo")
+		d.StartNodeWithBusybox(c)
 	}
 
-	s.portIndex++
 	s.daemonsLock.Lock()
+	s.portIndex++
 	s.daemons = append(s.daemons, d)
 	s.daemonsLock.Unlock()
 
 	return d
 }
 
-func (s *DockerSwarmSuite) TearDownTest(c *check.C) {
+func (s *DockerSwarmSuite) TearDownTest(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	s.daemonsLock.Lock()
 	for _, d := range s.daemons {
@@ -354,18 +381,11 @@ func (s *DockerSwarmSuite) TearDownTest(c *check.C) {
 		}
 	}
 	s.daemons = nil
-	s.daemonsLock.Unlock()
-
 	s.portIndex = 0
+	s.daemonsLock.Unlock()
 	s.ds.TearDownTest(c)
 }
 
-func init() {
-	check.Suite(&DockerPluginSuite{
-		ds: &DockerSuite{},
-	})
-}
-
 type DockerPluginSuite struct {
 	ds       *DockerSuite
 	registry *registry.V2
@@ -382,7 +402,7 @@ func (ps *DockerPluginSuite) getPluginRepoWithTag() string {
 	return ps.getPluginRepo() + ":" + "latest"
 }
 
-func (ps *DockerPluginSuite) SetUpSuite(c *check.C) {
+func (ps *DockerPluginSuite) SetUpSuite(c *testing.T) {
 	testRequires(c, DaemonIsLinux, RegistryHosting)
 	ps.registry = registry.NewV2(c)
 	ps.registry.WaitReady(c)
@@ -391,19 +411,19 @@ func (ps *DockerPluginSuite) SetUpSuite(c *check.C) {
 	defer cancel()
 
 	err := plugin.CreateInRegistry(ctx, ps.getPluginRepo(), nil)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create plugin"))
+	assert.NilError(c, err, "failed to create plugin")
 }
 
-func (ps *DockerPluginSuite) TearDownSuite(c *check.C) {
+func (ps *DockerPluginSuite) TearDownSuite(c *testing.T) {
 	if ps.registry != nil {
 		ps.registry.Close()
 	}
 }
 
-func (ps *DockerPluginSuite) TearDownTest(c *check.C) {
+func (ps *DockerPluginSuite) TearDownTest(c *testing.T) {
 	ps.ds.TearDownTest(c)
 }
 
-func (ps *DockerPluginSuite) OnTimeout(c *check.C) {
+func (ps *DockerPluginSuite) OnTimeout(c *testing.T) {
 	ps.ds.OnTimeout(c)
 }
diff --git a/integration-cli/checker/checker.go b/integration-cli/checker/checker.go
index d7fdc412ba908..a0b5343aa174e 100644
--- a/integration-cli/checker/checker.go
+++ b/integration-cli/checker/checker.go
@@ -1,46 +1,84 @@
-// Package checker provides Docker specific implementations of the go-check.Checker interface.
+// Package checker provides helpers for gotest.tools/assert.
+// Please remove this package whenever possible.
 package checker // import "github.com/docker/docker/integration-cli/checker"
 
 import (
-	"github.com/go-check/check"
-	"github.com/vdemeester/shakers"
-)
+	"fmt"
 
-// As a commodity, we bring all check.Checker variables into the current namespace to avoid having
-// to think about check.X versus checker.X.
-var (
-	DeepEquals   = check.DeepEquals
-	ErrorMatches = check.ErrorMatches
-	FitsTypeOf   = check.FitsTypeOf
-	HasLen       = check.HasLen
-	Implements   = check.Implements
-	IsNil        = check.IsNil
-	Matches      = check.Matches
-	Not          = check.Not
-	NotNil       = check.NotNil
-	PanicMatches = check.PanicMatches
-	Panics       = check.Panics
-
-	Contains           = shakers.Contains
-	ContainsAny        = shakers.ContainsAny
-	Count              = shakers.Count
-	Equals             = shakers.Equals
-	EqualFold          = shakers.EqualFold
-	False              = shakers.False
-	GreaterOrEqualThan = shakers.GreaterOrEqualThan
-	GreaterThan        = shakers.GreaterThan
-	HasPrefix          = shakers.HasPrefix
-	HasSuffix          = shakers.HasSuffix
-	Index              = shakers.Index
-	IndexAny           = shakers.IndexAny
-	IsAfter            = shakers.IsAfter
-	IsBefore           = shakers.IsBefore
-	IsBetween          = shakers.IsBetween
-	IsLower            = shakers.IsLower
-	IsUpper            = shakers.IsUpper
-	LessOrEqualThan    = shakers.LessOrEqualThan
-	LessThan           = shakers.LessThan
-	TimeEquals         = shakers.TimeEquals
-	True               = shakers.True
-	TimeIgnore         = shakers.TimeIgnore
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
 )
+
+// Compare defines the interface to compare values
+type Compare func(x interface{}) assert.BoolOrComparison
+
+// False checks if the value is false
+func False() Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		return !x.(bool)
+	}
+}
+
+// True checks if the value is true
+func True() Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		return x
+	}
+}
+
+// Equals checks if the value is equal to the given value
+func Equals(y interface{}) Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		return cmp.Equal(x, y)
+	}
+}
+
+// Contains checks if the value contains the given value
+func Contains(y interface{}) Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		return cmp.Contains(x, y)
+	}
+}
+
+// Not checks if two values are not
+func Not(c Compare) Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		r := c(x)
+		switch r := r.(type) {
+		case bool:
+			return !r
+		case cmp.Comparison:
+			return !r().Success()
+		default:
+			panic(fmt.Sprintf("unexpected type %T", r))
+		}
+	}
+}
+
+// DeepEquals checks if two values are equal
+func DeepEquals(y interface{}) Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		return cmp.DeepEqual(x, y)
+	}
+}
+
+// HasLen checks if the value has the expected number of elements
+func HasLen(y int) Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		return cmp.Len(x, y)
+	}
+}
+
+// IsNil checks if the value is nil
+func IsNil() Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		return cmp.Nil(x)
+	}
+}
+
+// GreaterThan checks if the value is greater than the given value
+func GreaterThan(y int) Compare {
+	return func(x interface{}) assert.BoolOrComparison {
+		return x.(int) > y
+	}
+}
diff --git a/integration-cli/cli/build/build.go b/integration-cli/cli/build/build.go
index 0b10ea79f81e5..7afede8a97157 100644
--- a/integration-cli/cli/build/build.go
+++ b/integration-cli/cli/build/build.go
@@ -3,16 +3,12 @@ package build // import "github.com/docker/docker/integration-cli/cli/build"
 import (
 	"io"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/internal/test/fakecontext"
-	"gotest.tools/icmd"
+	"github.com/docker/docker/testutil/fakecontext"
+	"gotest.tools/v3/icmd"
 )
 
-type testingT interface {
-	Fatal(args ...interface{})
-	Fatalf(string, ...interface{})
-}
-
 // WithStdinContext sets the build context from the standard input with the specified reader
 func WithStdinContext(closer io.ReadCloser) func(*icmd.Cmd) func() {
 	return func(cmd *icmd.Cmd) func() {
@@ -58,7 +54,7 @@ func WithExternalBuildContext(ctx *fakecontext.Fake) func(*icmd.Cmd) func() {
 }
 
 // WithBuildContext sets up the build context
-func WithBuildContext(t testingT, contextOperators ...func(*fakecontext.Fake) error) func(*icmd.Cmd) func() {
+func WithBuildContext(t testing.TB, contextOperators ...func(*fakecontext.Fake) error) func(*icmd.Cmd) func() {
 	// FIXME(vdemeester) de-duplicate that
 	ctx := fakecontext.New(t, "", contextOperators...)
 	return func(cmd *icmd.Cmd) func() {
@@ -73,7 +69,7 @@ func WithFile(name, content string) func(*fakecontext.Fake) error {
 	return fakecontext.WithFile(name, content)
 }
 
-func closeBuildContext(t testingT, ctx *fakecontext.Fake) func() {
+func closeBuildContext(t testing.TB, ctx *fakecontext.Fake) func() {
 	return func() {
 		if err := ctx.Close(); err != nil {
 			t.Fatal(err)
diff --git a/integration-cli/cli/cli.go b/integration-cli/cli/cli.go
index bc3f3c194e52e..7b4796db4dd3f 100644
--- a/integration-cli/cli/cli.go
+++ b/integration-cli/cli/cli.go
@@ -4,13 +4,13 @@ import (
 	"fmt"
 	"io"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/integration-cli/daemon"
 	"github.com/docker/docker/integration-cli/environment"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/icmd"
 )
 
 var testEnv *environment.Execution
@@ -24,45 +24,40 @@ func SetTestEnvironment(env *environment.Execution) {
 // CmdOperator defines functions that can modify a command
 type CmdOperator func(*icmd.Cmd) func()
 
-type testingT interface {
-	assert.TestingT
-	Fatal(args ...interface{})
-	Fatalf(string, ...interface{})
-}
-
 // DockerCmd executes the specified docker command and expect a success
-func DockerCmd(t testingT, args ...string) *icmd.Result {
+func DockerCmd(t testing.TB, args ...string) *icmd.Result {
+	t.Helper()
 	return Docker(Args(args...)).Assert(t, icmd.Success)
 }
 
 // BuildCmd executes the specified docker build command and expect a success
-func BuildCmd(t testingT, name string, cmdOperators ...CmdOperator) *icmd.Result {
+func BuildCmd(t testing.TB, name string, cmdOperators ...CmdOperator) *icmd.Result {
 	return Docker(Build(name), cmdOperators...).Assert(t, icmd.Success)
 }
 
 // InspectCmd executes the specified docker inspect command and expect a success
-func InspectCmd(t testingT, name string, cmdOperators ...CmdOperator) *icmd.Result {
+func InspectCmd(t testing.TB, name string, cmdOperators ...CmdOperator) *icmd.Result {
 	return Docker(Inspect(name), cmdOperators...).Assert(t, icmd.Success)
 }
 
 // WaitRun will wait for the specified container to be running, maximum 5 seconds.
-func WaitRun(t testingT, name string, cmdOperators ...CmdOperator) {
+func WaitRun(t testing.TB, name string, cmdOperators ...CmdOperator) {
 	WaitForInspectResult(t, name, "{{.State.Running}}", "true", 5*time.Second, cmdOperators...)
 }
 
 // WaitExited will wait for the specified container to state exit, subject
 // to a maximum time limit in seconds supplied by the caller
-func WaitExited(t testingT, name string, timeout time.Duration, cmdOperators ...CmdOperator) {
+func WaitExited(t testing.TB, name string, timeout time.Duration, cmdOperators ...CmdOperator) {
 	WaitForInspectResult(t, name, "{{.State.Status}}", "exited", timeout, cmdOperators...)
 }
 
 // WaitRestart will wait for the specified container to restart once
-func WaitRestart(t testingT, name string, timeout time.Duration, cmdOperators ...CmdOperator) {
+func WaitRestart(t testing.TB, name string, timeout time.Duration, cmdOperators ...CmdOperator) {
 	WaitForInspectResult(t, name, "{{.RestartCount}}", "1", timeout, cmdOperators...)
 }
 
 // WaitForInspectResult waits for the specified expression to be equals to the specified expected string in the given time.
-func WaitForInspectResult(t testingT, name, expr, expected string, timeout time.Duration, cmdOperators ...CmdOperator) {
+func WaitForInspectResult(t testing.TB, name, expr, expected string, timeout time.Duration, cmdOperators ...CmdOperator) {
 	after := time.After(timeout)
 
 	args := []string{"inspect", "-f", expr, name}
diff --git a/integration-cli/daemon/daemon.go b/integration-cli/daemon/daemon.go
index 3d1fa38d5dde3..8a49e85742410 100644
--- a/integration-cli/daemon/daemon.go
+++ b/integration-cli/daemon/daemon.go
@@ -3,26 +3,15 @@ package daemon // import "github.com/docker/docker/integration-cli/daemon"
 import (
 	"fmt"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/daemon"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-type testingT interface {
-	assert.TestingT
-	logT
-	Fatalf(string, ...interface{})
-}
-
-type logT interface {
-	Logf(string, ...interface{})
-}
-
 // Daemon represents a Docker daemon for the testing framework.
 type Daemon struct {
 	*daemon.Daemon
@@ -32,7 +21,8 @@ type Daemon struct {
 // New returns a Daemon instance to be used for testing.
 // This will create a directory such as d123456789 in the folder specified by $DOCKER_INTEGRATION_DAEMON_DEST or $DEST.
 // The daemon will not automatically start.
-func New(t testingT, dockerBinary string, dockerdBinary string, ops ...func(*daemon.Daemon)) *Daemon {
+func New(t testing.TB, dockerBinary string, dockerdBinary string, ops ...daemon.Option) *Daemon {
+	t.Helper()
 	ops = append(ops, daemon.WithDockerdBinary(dockerdBinary))
 	d := daemon.New(t, ops...)
 	return &Daemon{
@@ -89,13 +79,14 @@ func (d *Daemon) inspectFieldWithError(name, field string) (string, error) {
 
 // CheckActiveContainerCount returns the number of active containers
 // FIXME(vdemeester) should re-use ActivateContainers in some way
-func (d *Daemon) CheckActiveContainerCount(c *check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckActiveContainerCount(t *testing.T) (interface{}, string) {
+	t.Helper()
 	out, err := d.Cmd("ps", "-q")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(t, err)
 	if len(strings.TrimSpace(out)) == 0 {
-		return 0, nil
+		return 0, ""
 	}
-	return len(strings.Split(strings.TrimSpace(out), "\n")), check.Commentf("output: %q", string(out))
+	return len(strings.Split(strings.TrimSpace(out), "\n")), fmt.Sprintf("output: %q", out)
 }
 
 // WaitRun waits for a container to be running for 10s
diff --git a/integration-cli/daemon/daemon_swarm.go b/integration-cli/daemon/daemon_swarm.go
index 4a6ce8a5c5142..74b5877c8d4a1 100644
--- a/integration-cli/daemon/daemon_swarm.go
+++ b/integration-cli/daemon/daemon_swarm.go
@@ -4,20 +4,19 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 // CheckServiceTasksInState returns the number of tasks with a matching state,
 // and optional message substring.
-func (d *Daemon) CheckServiceTasksInState(service string, state swarm.TaskState, message string) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckServiceTasksInState(service string, state swarm.TaskState, message string) func(*testing.T) (interface{}, string) {
+	return func(c *testing.T) (interface{}, string) {
 		tasks := d.GetServiceTasks(c, service)
 		var count int
 		for _, task := range tasks {
@@ -27,14 +26,14 @@ func (d *Daemon) CheckServiceTasksInState(service string, state swarm.TaskState,
 				}
 			}
 		}
-		return count, nil
+		return count, ""
 	}
 }
 
 // CheckServiceTasksInStateWithError returns the number of tasks with a matching state,
 // and optional message substring.
-func (d *Daemon) CheckServiceTasksInStateWithError(service string, state swarm.TaskState, errorMessage string) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckServiceTasksInStateWithError(service string, state swarm.TaskState, errorMessage string) func(*testing.T) (interface{}, string) {
+	return func(c *testing.T) (interface{}, string) {
 		tasks := d.GetServiceTasks(c, service)
 		var count int
 		for _, task := range tasks {
@@ -44,66 +43,63 @@ func (d *Daemon) CheckServiceTasksInStateWithError(service string, state swarm.T
 				}
 			}
 		}
-		return count, nil
+		return count, ""
 	}
 }
 
 // CheckServiceRunningTasks returns the number of running tasks for the specified service
-func (d *Daemon) CheckServiceRunningTasks(service string) func(*check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckServiceRunningTasks(service string) func(*testing.T) (interface{}, string) {
 	return d.CheckServiceTasksInState(service, swarm.TaskStateRunning, "")
 }
 
 // CheckServiceUpdateState returns the current update state for the specified service
-func (d *Daemon) CheckServiceUpdateState(service string) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckServiceUpdateState(service string) func(*testing.T) (interface{}, string) {
+	return func(c *testing.T) (interface{}, string) {
 		service := d.GetService(c, service)
 		if service.UpdateStatus == nil {
-			return "", nil
+			return "", ""
 		}
-		return service.UpdateStatus.State, nil
+		return service.UpdateStatus.State, ""
 	}
 }
 
 // CheckPluginRunning returns the runtime state of the plugin
-func (d *Daemon) CheckPluginRunning(plugin string) func(c *check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
-		apiclient, err := d.NewClient()
-		assert.NilError(c, err)
+func (d *Daemon) CheckPluginRunning(plugin string) func(c *testing.T) (interface{}, string) {
+	return func(c *testing.T) (interface{}, string) {
+		apiclient := d.NewClientT(c)
 		resp, _, err := apiclient.PluginInspectWithRaw(context.Background(), plugin)
 		if client.IsErrNotFound(err) {
-			return false, check.Commentf("%v", err)
+			return false, fmt.Sprintf("%v", err)
 		}
 		assert.NilError(c, err)
-		return resp.Enabled, check.Commentf("%+v", resp)
+		return resp.Enabled, fmt.Sprintf("%+v", resp)
 	}
 }
 
 // CheckPluginImage returns the runtime state of the plugin
-func (d *Daemon) CheckPluginImage(plugin string) func(c *check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
-		apiclient, err := d.NewClient()
-		assert.NilError(c, err)
+func (d *Daemon) CheckPluginImage(plugin string) func(c *testing.T) (interface{}, string) {
+	return func(c *testing.T) (interface{}, string) {
+		apiclient := d.NewClientT(c)
 		resp, _, err := apiclient.PluginInspectWithRaw(context.Background(), plugin)
 		if client.IsErrNotFound(err) {
-			return false, check.Commentf("%v", err)
+			return false, fmt.Sprintf("%v", err)
 		}
 		assert.NilError(c, err)
-		return resp.PluginReference, check.Commentf("%+v", resp)
+		return resp.PluginReference, fmt.Sprintf("%+v", resp)
 	}
 }
 
 // CheckServiceTasks returns the number of tasks for the specified service
-func (d *Daemon) CheckServiceTasks(service string) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckServiceTasks(service string) func(*testing.T) (interface{}, string) {
+	return func(c *testing.T) (interface{}, string) {
 		tasks := d.GetServiceTasks(c, service)
-		return len(tasks), nil
+		return len(tasks), ""
 	}
 }
 
 // CheckRunningTaskNetworks returns the number of times each network is referenced from a task.
-func (d *Daemon) CheckRunningTaskNetworks(c *check.C) (interface{}, check.CommentInterface) {
-	cli, err := d.NewClient()
-	c.Assert(err, checker.IsNil)
+func (d *Daemon) CheckRunningTaskNetworks(c *testing.T) (interface{}, string) {
+	cli := d.NewClientT(c)
 	defer cli.Close()
 
 	filterArgs := filters.NewArgs()
@@ -114,7 +110,7 @@ func (d *Daemon) CheckRunningTaskNetworks(c *check.C) (interface{}, check.Commen
 	}
 
 	tasks, err := cli.TaskList(context.Background(), options)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	result := make(map[string]int)
 	for _, task := range tasks {
@@ -122,13 +118,12 @@ func (d *Daemon) CheckRunningTaskNetworks(c *check.C) (interface{}, check.Commen
 			result[network.Target]++
 		}
 	}
-	return result, nil
+	return result, ""
 }
 
 // CheckRunningTaskImages returns the times each image is running as a task.
-func (d *Daemon) CheckRunningTaskImages(c *check.C) (interface{}, check.CommentInterface) {
-	cli, err := d.NewClient()
-	c.Assert(err, checker.IsNil)
+func (d *Daemon) CheckRunningTaskImages(c *testing.T) (interface{}, string) {
+	cli := d.NewClientT(c)
 	defer cli.Close()
 
 	filterArgs := filters.NewArgs()
@@ -139,7 +134,7 @@ func (d *Daemon) CheckRunningTaskImages(c *check.C) (interface{}, check.CommentI
 	}
 
 	tasks, err := cli.TaskList(context.Background(), options)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	result := make(map[string]int)
 	for _, task := range tasks {
@@ -147,11 +142,11 @@ func (d *Daemon) CheckRunningTaskImages(c *check.C) (interface{}, check.CommentI
 			result[task.Spec.ContainerSpec.Image]++
 		}
 	}
-	return result, nil
+	return result, ""
 }
 
 // CheckNodeReadyCount returns the number of ready node on the swarm
-func (d *Daemon) CheckNodeReadyCount(c *check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckNodeReadyCount(c *testing.T) (interface{}, string) {
 	nodes := d.ListNodes(c)
 	var readyCount int
 	for _, node := range nodes {
@@ -159,29 +154,28 @@ func (d *Daemon) CheckNodeReadyCount(c *check.C) (interface{}, check.CommentInte
 			readyCount++
 		}
 	}
-	return readyCount, nil
+	return readyCount, ""
 }
 
 // CheckLocalNodeState returns the current swarm node state
-func (d *Daemon) CheckLocalNodeState(c *check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckLocalNodeState(c *testing.T) (interface{}, string) {
 	info := d.SwarmInfo(c)
-	return info.LocalNodeState, nil
+	return info.LocalNodeState, ""
 }
 
 // CheckControlAvailable returns the current swarm control available
-func (d *Daemon) CheckControlAvailable(c *check.C) (interface{}, check.CommentInterface) {
+func (d *Daemon) CheckControlAvailable(c *testing.T) (interface{}, string) {
 	info := d.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	return info.ControlAvailable, nil
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
+	return info.ControlAvailable, ""
 }
 
 // CheckLeader returns whether there is a leader on the swarm or not
-func (d *Daemon) CheckLeader(c *check.C) (interface{}, check.CommentInterface) {
-	cli, err := d.NewClient()
-	c.Assert(err, checker.IsNil)
+func (d *Daemon) CheckLeader(c *testing.T) (interface{}, string) {
+	cli := d.NewClientT(c)
 	defer cli.Close()
 
-	errList := check.Commentf("could not get node list")
+	errList := "could not get node list"
 
 	ls, err := cli.NodeList(context.Background(), types.NodeListOptions{})
 	if err != nil {
@@ -190,8 +184,30 @@ func (d *Daemon) CheckLeader(c *check.C) (interface{}, check.CommentInterface) {
 
 	for _, node := range ls {
 		if node.ManagerStatus != nil && node.ManagerStatus.Leader {
-			return nil, nil
+			return nil, ""
 		}
 	}
-	return fmt.Errorf("no leader"), check.Commentf("could not find leader")
+	return fmt.Errorf("no leader"), "could not find leader"
+}
+
+// CmdRetryOutOfSequence tries the specified command against the current daemon
+// up to 10 times, retrying if it encounters an "update out of sequence" error.
+func (d *Daemon) CmdRetryOutOfSequence(args ...string) (string, error) {
+	var (
+		output string
+		err    error
+	)
+
+	for i := 0; i < 10; i++ {
+		output, err = d.Cmd(args...)
+		// error, no error, whatever. if we don't have "update out of
+		// sequence", we don't retry, we just return.
+		if !strings.Contains(output, "update out of sequence") {
+			return output, err
+		}
+	}
+
+	// otherwise, once all of our attempts have been exhausted, just return
+	// whatever the last values were.
+	return output, err
 }
diff --git a/integration-cli/daemon_swarm_hack_test.go b/integration-cli/daemon_swarm_hack_test.go
index 7a23e84bfcf58..4152f735f7305 100644
--- a/integration-cli/daemon_swarm_hack_test.go
+++ b/integration-cli/daemon_swarm_hack_test.go
@@ -1,11 +1,12 @@
 package main
 
 import (
+	"testing"
+
 	"github.com/docker/docker/integration-cli/daemon"
-	"github.com/go-check/check"
 )
 
-func (s *DockerSwarmSuite) getDaemon(c *check.C, nodeID string) *daemon.Daemon {
+func (s *DockerSwarmSuite) getDaemon(c *testing.T, nodeID string) *daemon.Daemon {
 	s.daemonsLock.Lock()
 	defer s.daemonsLock.Unlock()
 	for _, d := range s.daemons {
@@ -18,6 +19,6 @@ func (s *DockerSwarmSuite) getDaemon(c *check.C, nodeID string) *daemon.Daemon {
 }
 
 // nodeCmd executes a command on a given node via the normal docker socket
-func (s *DockerSwarmSuite) nodeCmd(c *check.C, id string, args ...string) (string, error) {
+func (s *DockerSwarmSuite) nodeCmd(c *testing.T, id string, args ...string) (string, error) {
 	return s.getDaemon(c, id).Cmd(args...)
 }
diff --git a/integration-cli/docker_api_attach_test.go b/integration-cli/docker_api_attach_test.go
index 26633841dbfae..48bf47e528dce 100644
--- a/integration-cli/docker_api_attach_test.go
+++ b/integration-cli/docker_api_attach_test.go
@@ -4,53 +4,53 @@ import (
 	"bufio"
 	"bytes"
 	"context"
-	"fmt"
 	"io"
 	"net"
 	"net/http"
-	"net/http/httputil"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"github.com/docker/go-connections/sockets"
 	"github.com/pkg/errors"
 	"golang.org/x/net/websocket"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func (s *DockerSuite) TestGetContainersAttachWebsocket(c *check.C) {
+func (s *DockerSuite) TestGetContainersAttachWebsocket(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-dit", "busybox", "cat")
 
-	rwc, err := request.SockConn(time.Duration(10*time.Second), daemonHost())
-	c.Assert(err, checker.IsNil)
+	rwc, err := request.SockConn(10*time.Second, request.DaemonHost())
+	assert.NilError(c, err)
 
 	cleanedContainerID := strings.TrimSpace(out)
 	config, err := websocket.NewConfig(
 		"/containers/"+cleanedContainerID+"/attach/ws?stream=1&stdin=1&stdout=1&stderr=1",
 		"http://localhost",
 	)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	ws, err := websocket.NewClient(config, rwc)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer ws.Close()
 
 	expected := []byte("hello")
 	actual := make([]byte, len(expected))
 
-	outChan := make(chan error)
+	outChan := make(chan error, 1)
 	go func() {
 		_, err := io.ReadFull(ws, actual)
 		outChan <- err
 		close(outChan)
 	}()
 
-	inChan := make(chan error)
+	inChan := make(chan error, 1)
 	go func() {
 		_, err := ws.Write(expected)
 		inChan <- err
@@ -59,126 +59,124 @@ func (s *DockerSuite) TestGetContainersAttachWebsocket(c *check.C) {
 
 	select {
 	case err := <-inChan:
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(5 * time.Second):
 		c.Fatal("Timeout writing to ws")
 	}
 
 	select {
 	case err := <-outChan:
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(5 * time.Second):
 		c.Fatal("Timeout reading from ws")
 	}
 
-	c.Assert(actual, checker.DeepEquals, expected, check.Commentf("Websocket didn't return the expected data"))
+	assert.Assert(c, is.DeepEqual(actual, expected), "Websocket didn't return the expected data")
 }
 
 // regression gh14320
-func (s *DockerSuite) TestPostContainersAttachContainerNotFound(c *check.C) {
+func (s *DockerSuite) TestPostContainersAttachContainerNotFound(c *testing.T) {
 	resp, _, err := request.Post("/containers/doesnotexist/attach")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	// connection will shutdown, err should be "persistent connection closed"
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusNotFound)
+	assert.Equal(c, resp.StatusCode, http.StatusNotFound)
 	content, err := request.ReadBody(resp.Body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	expected := "No such container: doesnotexist\r\n"
-	c.Assert(string(content), checker.Equals, expected)
+	assert.Equal(c, string(content), expected)
 }
 
-func (s *DockerSuite) TestGetContainersWsAttachContainerNotFound(c *check.C) {
+func (s *DockerSuite) TestGetContainersWsAttachContainerNotFound(c *testing.T) {
 	res, body, err := request.Get("/containers/doesnotexist/attach/ws")
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNotFound)
-	c.Assert(err, checker.IsNil)
+	assert.Equal(c, res.StatusCode, http.StatusNotFound)
+	assert.NilError(c, err)
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	expected := "No such container: doesnotexist"
-	c.Assert(getErrorMessage(c, b), checker.Contains, expected)
+	assert.Assert(c, strings.Contains(getErrorMessage(c, b), expected))
 }
 
-func (s *DockerSuite) TestPostContainersAttach(c *check.C) {
+func (s *DockerSuite) TestPostContainersAttach(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
-	expectSuccess := func(conn net.Conn, br *bufio.Reader, stream string, tty bool) {
-		defer conn.Close()
+	expectSuccess := func(wc io.WriteCloser, br *bufio.Reader, stream string, tty bool) {
+		defer wc.Close()
 		expected := []byte("success")
-		_, err := conn.Write(expected)
-		c.Assert(err, checker.IsNil)
+		_, err := wc.Write(expected)
+		assert.NilError(c, err)
 
-		conn.SetReadDeadline(time.Now().Add(time.Second))
 		lenHeader := 0
 		if !tty {
 			lenHeader = 8
 		}
 		actual := make([]byte, len(expected)+lenHeader)
-		_, err = io.ReadFull(br, actual)
-		c.Assert(err, checker.IsNil)
+		_, err = readTimeout(br, actual, time.Second)
+		assert.NilError(c, err)
 		if !tty {
 			fdMap := map[string]byte{
 				"stdin":  0,
 				"stdout": 1,
 				"stderr": 2,
 			}
-			c.Assert(actual[0], checker.Equals, fdMap[stream])
+			assert.Equal(c, actual[0], fdMap[stream])
 		}
-		c.Assert(actual[lenHeader:], checker.DeepEquals, expected, check.Commentf("Attach didn't return the expected data from %s", stream))
+		assert.Assert(c, is.DeepEqual(actual[lenHeader:], expected), "Attach didn't return the expected data from %s", stream)
 	}
 
-	expectTimeout := func(conn net.Conn, br *bufio.Reader, stream string) {
-		defer conn.Close()
-		_, err := conn.Write([]byte{'t'})
-		c.Assert(err, checker.IsNil)
+	expectTimeout := func(wc io.WriteCloser, br *bufio.Reader, stream string) {
+		defer wc.Close()
+		_, err := wc.Write([]byte{'t'})
+		assert.NilError(c, err)
 
-		conn.SetReadDeadline(time.Now().Add(time.Second))
 		actual := make([]byte, 1)
-		_, err = io.ReadFull(br, actual)
-		opErr, ok := err.(*net.OpError)
-		c.Assert(ok, checker.Equals, true, check.Commentf("Error is expected to be *net.OpError, got %v", err))
-		c.Assert(opErr.Timeout(), checker.Equals, true, check.Commentf("Read from %s is expected to timeout", stream))
+		_, err = readTimeout(br, actual, time.Second)
+		assert.Assert(c, err.Error() == "Timeout", "Read from %s is expected to timeout", stream)
 	}
 
 	// Create a container that only emits stdout.
 	cid, _ := dockerCmd(c, "run", "-di", "busybox", "cat")
 	cid = strings.TrimSpace(cid)
+
 	// Attach to the container's stdout stream.
-	conn, br, err := sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", daemonHost())
-	c.Assert(err, checker.IsNil)
+	wc, br, err := requestHijack(http.MethodPost, "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", request.DaemonHost())
+	assert.NilError(c, err)
 	// Check if the data from stdout can be received.
-	expectSuccess(conn, br, "stdout", false)
+	expectSuccess(wc, br, "stdout", false)
+
 	// Attach to the container's stderr stream.
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", daemonHost())
-	c.Assert(err, checker.IsNil)
+	wc, br, err = requestHijack(http.MethodPost, "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", request.DaemonHost())
+	assert.NilError(c, err)
 	// Since the container only emits stdout, attaching to stderr should return nothing.
-	expectTimeout(conn, br, "stdout")
+	expectTimeout(wc, br, "stdout")
 
 	// Test the similar functions of the stderr stream.
 	cid, _ = dockerCmd(c, "run", "-di", "busybox", "/bin/sh", "-c", "cat >&2")
 	cid = strings.TrimSpace(cid)
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", daemonHost())
-	c.Assert(err, checker.IsNil)
-	expectSuccess(conn, br, "stderr", false)
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", daemonHost())
-	c.Assert(err, checker.IsNil)
-	expectTimeout(conn, br, "stderr")
+	wc, br, err = requestHijack(http.MethodPost, "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", request.DaemonHost())
+	assert.NilError(c, err)
+	expectSuccess(wc, br, "stderr", false)
+	wc, br, err = requestHijack(http.MethodPost, "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", request.DaemonHost())
+	assert.NilError(c, err)
+	expectTimeout(wc, br, "stderr")
 
 	// Test with tty.
 	cid, _ = dockerCmd(c, "run", "-dit", "busybox", "/bin/sh", "-c", "cat >&2")
 	cid = strings.TrimSpace(cid)
 	// Attach to stdout only.
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", daemonHost())
-	c.Assert(err, checker.IsNil)
-	expectSuccess(conn, br, "stdout", true)
+	wc, br, err = requestHijack(http.MethodPost, "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", request.DaemonHost())
+	assert.NilError(c, err)
+	expectSuccess(wc, br, "stdout", true)
 
 	// Attach without stdout stream.
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", daemonHost())
-	c.Assert(err, checker.IsNil)
+	wc, br, err = requestHijack(http.MethodPost, "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", request.DaemonHost())
+	assert.NilError(c, err)
 	// Nothing should be received because both the stdout and stderr of the container will be
 	// sent to the client as stdout when tty is enabled.
-	expectTimeout(conn, br, "stdout")
+	expectTimeout(wc, br, "stdout")
 
 	// Test the client API
-	client, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	client, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer client.Close()
 
 	cid, _ = dockerCmd(c, "run", "-di", "busybox", "/bin/sh", "-c", "echo hello; cat")
@@ -194,60 +192,48 @@ func (s *DockerSuite) TestPostContainersAttach(c *check.C) {
 	}
 
 	resp, err := client.ContainerAttach(context.Background(), cid, attachOpts)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	expectSuccess(resp.Conn, resp.Reader, "stdout", false)
 
 	// Make sure we do see "hello" if Logs is true
 	attachOpts.Logs = true
 	resp, err = client.ContainerAttach(context.Background(), cid, attachOpts)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	defer resp.Conn.Close()
 	resp.Conn.SetReadDeadline(time.Now().Add(time.Second))
 
 	_, err = resp.Conn.Write([]byte("success"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var outBuf, errBuf bytes.Buffer
+	var nErr net.Error
 	_, err = stdcopy.StdCopy(&outBuf, &errBuf, resp.Reader)
-	if err != nil && errors.Cause(err).(net.Error).Timeout() {
+	if errors.As(err, &nErr) && nErr.Timeout() {
 		// ignore the timeout error as it is expected
 		err = nil
 	}
-	c.Assert(err, checker.IsNil)
-	c.Assert(errBuf.String(), checker.Equals, "")
-	c.Assert(outBuf.String(), checker.Equals, "hello\nsuccess")
+	assert.NilError(c, err)
+	assert.Equal(c, errBuf.String(), "")
+	assert.Equal(c, outBuf.String(), "hello\nsuccess")
 }
 
-// SockRequestHijack creates a connection to specified host (with method, contenttype, …) and returns a hijacked connection
-// and the output as a `bufio.Reader`
-func sockRequestHijack(method, endpoint string, data io.Reader, ct string, daemon string, modifiers ...func(*http.Request)) (net.Conn, *bufio.Reader, error) {
-	req, client, err := newRequestClient(method, endpoint, data, ct, daemon, modifiers...)
-	if err != nil {
-		return nil, nil, err
-	}
+// requestHijack create a http requst to specified host with `Upgrade` header (with method
+// , contenttype, …), if receive a successful "101 Switching Protocols" response return
+// a `io.WriteCloser` and `bufio.Reader`
+func requestHijack(method, endpoint string, data io.Reader, ct, daemon string, modifiers ...func(*http.Request)) (io.WriteCloser, *bufio.Reader, error) {
 
-	client.Do(req)
-	conn, br := client.Hijack()
-	return conn, br, nil
-}
-
-// FIXME(vdemeester) httputil.ClientConn is deprecated, use http.Client instead (closer to actual client)
-// Deprecated: Use New instead of NewRequestClient
-// Deprecated: use request.Do (or Get, Delete, Post) instead
-func newRequestClient(method, endpoint string, data io.Reader, ct, daemon string, modifiers ...func(*http.Request)) (*http.Request, *httputil.ClientConn, error) {
-	c, err := request.SockConn(time.Duration(10*time.Second), daemon)
+	hostURL, err := client.ParseHostURL(daemon)
 	if err != nil {
-		return nil, nil, fmt.Errorf("could not dial docker daemon: %v", err)
+		return nil, nil, errors.Wrap(err, "parse daemon host error")
 	}
 
-	client := httputil.NewClientConn(c, nil)
-
 	req, err := http.NewRequest(method, endpoint, data)
 	if err != nil {
-		client.Close()
-		return nil, nil, fmt.Errorf("could not create new request: %v", err)
+		return nil, nil, errors.Wrap(err, "could not create new request")
 	}
+	req.URL.Scheme = "http"
+	req.URL.Host = hostURL.Host
 
 	for _, opt := range modifiers {
 		opt(req)
@@ -256,5 +242,52 @@ func newRequestClient(method, endpoint string, data io.Reader, ct, daemon string
 	if ct != "" {
 		req.Header.Set("Content-Type", ct)
 	}
-	return req, client, nil
+
+	// must have Upgrade header
+	// server api return 101 Switching Protocols
+	req.Header.Set("Upgrade", "tcp")
+
+	// new client
+	// FIXME use testutil/request newHTTPClient
+	transport := &http.Transport{}
+	err = sockets.ConfigureTransport(transport, hostURL.Scheme, hostURL.Host)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "configure Transport error")
+	}
+
+	client := http.Client{
+		Transport: transport,
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "client.Do")
+	}
+
+	if !bodyIsWritable(resp) {
+		return nil, nil, errors.New("response.Body not writable")
+	}
+
+	return resp.Body.(io.WriteCloser), bufio.NewReader(resp.Body), nil
+}
+
+// bodyIsWritable check Response.Body is writable
+func bodyIsWritable(r *http.Response) bool {
+	_, ok := r.Body.(io.Writer)
+	return ok
+}
+
+// readTimeout read from io.Reader with timeout
+func readTimeout(r io.Reader, buf []byte, timeout time.Duration) (n int, err error) {
+	ch := make(chan bool, 1)
+	go func() {
+		n, err = io.ReadFull(r, buf)
+		ch <- true
+	}()
+	select {
+	case <-ch:
+		return
+	case <-time.After(timeout):
+		return 0, errors.New("Timeout")
+	}
 }
diff --git a/integration-cli/docker_api_build_test.go b/integration-cli/docker_api_build_test.go
index 144acbd046e4e..507ebe624cacc 100644
--- a/integration-cli/docker_api_build_test.go
+++ b/integration-cli/docker_api_build_test.go
@@ -7,23 +7,21 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"regexp"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/docker/internal/test/fakegit"
-	"github.com/docker/docker/internal/test/fakestorage"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/testutil/fakecontext"
+	"github.com/docker/docker/testutil/fakegit"
+	"github.com/docker/docker/testutil/fakestorage"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func (s *DockerSuite) TestBuildAPIDockerFileRemote(c *check.C) {
+func (s *DockerSuite) TestBuildAPIDockerFileRemote(c *testing.T) {
 	testRequires(c, NotUserNamespace)
 
 	var testD string
@@ -41,20 +39,20 @@ RUN find /tmp/`
 	defer server.Close()
 
 	res, body, err := request.Post("/build?dockerfile=baz&remote="+server.URL()+"/testD", request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	buf, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Make sure Dockerfile exists.
 	// Make sure 'baz' doesn't exist ANYWHERE despite being mentioned in the URL
 	out := string(buf)
-	c.Assert(out, checker.Contains, "RUN find /tmp")
-	c.Assert(out, checker.Not(checker.Contains), "baz")
+	assert.Assert(c, is.Contains(out, "RUN find /tmp"))
+	assert.Assert(c, !strings.Contains(out, "baz"))
 }
 
-func (s *DockerSuite) TestBuildAPIRemoteTarballContext(c *check.C) {
+func (s *DockerSuite) TestBuildAPIRemoteTarballContext(c *testing.T) {
 	buffer := new(bytes.Buffer)
 	tw := tar.NewWriter(buffer)
 	defer tw.Close()
@@ -64,15 +62,11 @@ func (s *DockerSuite) TestBuildAPIRemoteTarballContext(c *check.C) {
 		Name: "Dockerfile",
 		Size: int64(len(dockerfile)),
 	})
-	// failed to write tar file header
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err, "failed to write tar file header")
 
 	_, err = tw.Write(dockerfile)
-	// failed to write tar file content
-	c.Assert(err, checker.IsNil)
-
-	// failed to close tar archive
-	c.Assert(tw.Close(), checker.IsNil)
+	assert.NilError(c, err, "failed to write tar file content")
+	assert.NilError(c, tw.Close(), "failed to close tar archive")
 
 	server := fakestorage.New(c, "", fakecontext.WithBinaryFiles(map[string]*bytes.Buffer{
 		"testT.tar": buffer,
@@ -80,12 +74,12 @@ func (s *DockerSuite) TestBuildAPIRemoteTarballContext(c *check.C) {
 	defer server.Close()
 
 	res, b, err := request.Post("/build?remote="+server.URL()+"/testT.tar", request.ContentType("application/tar"))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 	b.Close()
 }
 
-func (s *DockerSuite) TestBuildAPIRemoteTarballContextWithCustomDockerfile(c *check.C) {
+func (s *DockerSuite) TestBuildAPIRemoteTarballContextWithCustomDockerfile(c *testing.T) {
 	buffer := new(bytes.Buffer)
 	tw := tar.NewWriter(buffer)
 	defer tw.Close()
@@ -97,11 +91,11 @@ RUN echo 'wrong'`)
 		Size: int64(len(dockerfile)),
 	})
 	// failed to write tar file header
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, err = tw.Write(dockerfile)
 	// failed to write tar file content
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	custom := []byte(`FROM busybox
 RUN echo 'right'
@@ -112,14 +106,14 @@ RUN echo 'right'
 	})
 
 	// failed to write tar file header
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, err = tw.Write(custom)
 	// failed to write tar file content
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// failed to close tar archive
-	c.Assert(tw.Close(), checker.IsNil)
+	assert.NilError(c, tw.Close())
 
 	server := fakestorage.New(c, "", fakecontext.WithBinaryFiles(map[string]*bytes.Buffer{
 		"testT.tar": buffer,
@@ -128,18 +122,18 @@ RUN echo 'right'
 
 	url := "/build?dockerfile=custom&remote=" + server.URL() + "/testT.tar"
 	res, body, err := request.Post(url, request.ContentType("application/tar"))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	defer body.Close()
 	content, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Build used the wrong dockerfile.
-	c.Assert(string(content), checker.Not(checker.Contains), "wrong")
+	assert.Assert(c, !strings.Contains(string(content), "wrong"))
 }
 
-func (s *DockerSuite) TestBuildAPILowerDockerfile(c *check.C) {
+func (s *DockerSuite) TestBuildAPILowerDockerfile(c *testing.T) {
 	git := fakegit.New(c, "repo", map[string]string{
 		"dockerfile": `FROM busybox
 RUN echo from dockerfile`,
@@ -147,17 +141,17 @@ RUN echo from dockerfile`,
 	defer git.Close()
 
 	res, body, err := request.Post("/build?remote="+git.RepoURL, request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	buf, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out := string(buf)
-	c.Assert(out, checker.Contains, "from dockerfile")
+	assert.Assert(c, is.Contains(out, "from dockerfile"))
 }
 
-func (s *DockerSuite) TestBuildAPIBuildGitWithF(c *check.C) {
+func (s *DockerSuite) TestBuildAPIBuildGitWithF(c *testing.T) {
 	git := fakegit.New(c, "repo", map[string]string{
 		"baz": `FROM busybox
 RUN echo from baz`,
@@ -168,17 +162,17 @@ RUN echo from Dockerfile`,
 
 	// Make sure it tries to 'dockerfile' query param value
 	res, body, err := request.Post("/build?dockerfile=baz&remote="+git.RepoURL, request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	buf, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out := string(buf)
-	c.Assert(out, checker.Contains, "from baz")
+	assert.Assert(c, is.Contains(out, "from baz"))
 }
 
-func (s *DockerSuite) TestBuildAPIDoubleDockerfile(c *check.C) {
+func (s *DockerSuite) TestBuildAPIDoubleDockerfile(c *testing.T) {
 	testRequires(c, UnixCli) // dockerfile overwrites Dockerfile on Windows
 	git := fakegit.New(c, "repo", map[string]string{
 		"Dockerfile": `FROM busybox
@@ -190,17 +184,17 @@ RUN echo from dockerfile`,
 
 	// Make sure it tries to 'dockerfile' query param value
 	res, body, err := request.Post("/build?remote="+git.RepoURL, request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	buf, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out := string(buf)
-	c.Assert(out, checker.Contains, "from Dockerfile")
+	assert.Assert(c, is.Contains(out, "from Dockerfile"))
 }
 
-func (s *DockerSuite) TestBuildAPIUnnormalizedTarPaths(c *check.C) {
+func (s *DockerSuite) TestBuildAPIUnnormalizedTarPaths(c *testing.T) {
 	// Make sure that build context tars with entries of the form
 	// x/./y don't cause caching false positives.
 
@@ -215,36 +209,33 @@ func (s *DockerSuite) TestBuildAPIUnnormalizedTarPaths(c *check.C) {
 			Name: "Dockerfile",
 			Size: int64(len(dockerfile)),
 		})
-		//failed to write tar file header
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err, "failed to write tar file header")
 
 		_, err = tw.Write(dockerfile)
-		// failed to write Dockerfile in tar file content
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err, "failed to write Dockerfile in tar file content")
 
 		err = tw.WriteHeader(&tar.Header{
 			Name: "dir/./file",
 			Size: int64(len(fileContents)),
 		})
-		//failed to write tar file header
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err, "failed to write tar file header")
 
 		_, err = tw.Write(fileContents)
-		// failed to write file contents in tar file content
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err, "failed to write file contents in tar file content")
 
-		// failed to close tar archive
-		c.Assert(tw.Close(), checker.IsNil)
+		assert.NilError(c, tw.Close(), "failed to close tar archive")
 
-		res, body, err := request.Post("/build", request.RawContent(ioutil.NopCloser(buffer)), request.ContentType("application/x-tar"))
-		c.Assert(err, checker.IsNil)
-		c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+		res, body, err := request.Post("/build", request.RawContent(io.NopCloser(buffer)), request.ContentType("application/x-tar"))
+		assert.NilError(c, err)
+		assert.Equal(c, res.StatusCode, http.StatusOK)
 
 		out, err := request.ReadBody(body)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		lines := strings.Split(string(out), "\n")
-		c.Assert(len(lines), checker.GreaterThan, 1)
-		c.Assert(lines[len(lines)-2], checker.Matches, ".*Successfully built [0-9a-f]{12}.*")
+		assert.Assert(c, len(lines) > 1)
+		matched, err := regexp.MatchString(".*Successfully built [0-9a-f]{12}.*", lines[len(lines)-2])
+		assert.NilError(c, err)
+		assert.Assert(c, matched)
 
 		re := regexp.MustCompile("Successfully built ([0-9a-f]{12})")
 		matches := re.FindStringSubmatch(lines[len(lines)-2])
@@ -254,10 +245,10 @@ func (s *DockerSuite) TestBuildAPIUnnormalizedTarPaths(c *check.C) {
 	imageA := buildFromTarContext([]byte("abc"))
 	imageB := buildFromTarContext([]byte("def"))
 
-	c.Assert(imageA, checker.Not(checker.Equals), imageB)
+	assert.Assert(c, imageA != imageB)
 }
 
-func (s *DockerSuite) TestBuildOnBuildWithCopy(c *check.C) {
+func (s *DockerSuite) TestBuildOnBuildWithCopy(c *testing.T) {
 	dockerfile := `
 		FROM ` + minimalBaseImage() + ` as onbuildbase
 		ONBUILD COPY file /file
@@ -274,15 +265,15 @@ func (s *DockerSuite) TestBuildOnBuildWithCopy(c *check.C) {
 		"/build",
 		request.RawContent(ctx.AsTarReader(c)),
 		request.ContentType("application/x-tar"))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	out, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(out), checker.Contains, "Successfully built")
+	assert.NilError(c, err)
+	assert.Assert(c, is.Contains(string(out), "Successfully built"))
 }
 
-func (s *DockerSuite) TestBuildOnBuildCache(c *check.C) {
+func (s *DockerSuite) TestBuildOnBuildCache(c *testing.T) {
 	build := func(dockerfile string) []byte {
 		ctx := fakecontext.New(c, "",
 			fakecontext.WithDockerfile(dockerfile),
@@ -298,7 +289,7 @@ func (s *DockerSuite) TestBuildOnBuildCache(c *check.C) {
 
 		out, err := request.ReadBody(body)
 		assert.NilError(c, err)
-		assert.Check(c, is.Contains(string(out), "Successfully built"))
+		assert.Assert(c, is.Contains(string(out), "Successfully built"))
 		return out
 	}
 
@@ -313,7 +304,7 @@ func (s *DockerSuite) TestBuildOnBuildCache(c *check.C) {
 	out := build(dockerfile)
 
 	imageIDs := getImageIDsFromBuild(c, out)
-	assert.Check(c, is.Len(imageIDs, 2))
+	assert.Assert(c, is.Len(imageIDs, 2))
 	parentID, childID := imageIDs[0], imageIDs[1]
 
 	client := testEnv.APIClient()
@@ -324,7 +315,7 @@ func (s *DockerSuite) TestBuildOnBuildCache(c *check.C) {
 	assert.Check(c, is.Equal(parentID, image.Parent))
 }
 
-func (s *DockerRegistrySuite) TestBuildCopyFromForcePull(c *check.C) {
+func (s *DockerRegistrySuite) TestBuildCopyFromForcePull(c *testing.T) {
 	client := testEnv.APIClient()
 
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
@@ -334,7 +325,7 @@ func (s *DockerRegistrySuite) TestBuildCopyFromForcePull(c *check.C) {
 	// push the image to the registry
 	rc, err := client.ImagePush(context.TODO(), repoName, types.ImagePushOptions{RegistryAuth: "{}"})
 	assert.Check(c, err)
-	_, err = io.Copy(ioutil.Discard, rc)
+	_, err = io.Copy(io.Discard, rc)
 	assert.Check(c, err)
 
 	dockerfile := fmt.Sprintf(`
@@ -361,7 +352,7 @@ func (s *DockerRegistrySuite) TestBuildCopyFromForcePull(c *check.C) {
 	assert.Check(c, is.Contains(string(out), "Successfully built"))
 }
 
-func (s *DockerSuite) TestBuildAddRemoteNoDecompress(c *check.C) {
+func (s *DockerSuite) TestBuildAddRemoteNoDecompress(c *testing.T) {
 	buffer := new(bytes.Buffer)
 	tw := tar.NewWriter(buffer)
 	dt := []byte("contents")
@@ -405,7 +396,7 @@ func (s *DockerSuite) TestBuildAddRemoteNoDecompress(c *check.C) {
 	assert.Check(c, is.Contains(string(out), "Successfully built"))
 }
 
-func (s *DockerSuite) TestBuildChownOnCopy(c *check.C) {
+func (s *DockerSuite) TestBuildChownOnCopy(c *testing.T) {
 	// new feature added in 1.31 - https://github.com/moby/moby/pull/34263
 	testRequires(c, DaemonIsLinux, MinimumAPIVersion("1.31"))
 	dockerfile := `FROM busybox
@@ -427,15 +418,15 @@ func (s *DockerSuite) TestBuildChownOnCopy(c *check.C) {
 		"/build",
 		request.RawContent(ctx.AsTarReader(c)),
 		request.ContentType("application/x-tar"))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	out, err := request.ReadBody(body)
 	assert.NilError(c, err)
 	assert.Check(c, is.Contains(string(out), "Successfully built"))
 }
 
-func (s *DockerSuite) TestBuildCopyCacheOnFileChange(c *check.C) {
+func (s *DockerSuite) TestBuildCopyCacheOnFileChange(c *testing.T) {
 
 	dockerfile := `FROM busybox
 COPY file /file`
@@ -457,8 +448,10 @@ COPY file /file`
 
 		out, err := request.ReadBody(body)
 		assert.NilError(c, err)
+		assert.Assert(c, is.Contains(string(out), "Successfully built"))
 
 		ids := getImageIDsFromBuild(c, out)
+		assert.Assert(c, is.Len(ids, 1))
 		return ids[len(ids)-1]
 	}
 
@@ -474,7 +467,7 @@ COPY file /file`
 	}
 }
 
-func (s *DockerSuite) TestBuildAddCacheOnFileChange(c *check.C) {
+func (s *DockerSuite) TestBuildAddCacheOnFileChange(c *testing.T) {
 
 	dockerfile := `FROM busybox
 ADD file /file`
@@ -496,8 +489,10 @@ ADD file /file`
 
 		out, err := request.ReadBody(body)
 		assert.NilError(c, err)
+		assert.Assert(c, is.Contains(string(out), "Successfully built"))
 
 		ids := getImageIDsFromBuild(c, out)
+		assert.Assert(c, is.Len(ids, 1))
 		return ids[len(ids)-1]
 	}
 
@@ -513,7 +508,7 @@ ADD file /file`
 	}
 }
 
-func (s *DockerSuite) TestBuildScratchCopy(c *check.C) {
+func (s *DockerSuite) TestBuildScratchCopy(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerfile := `FROM scratch
 ADD Dockerfile /
@@ -527,8 +522,8 @@ ENV foo bar`
 		"/build",
 		request.RawContent(ctx.AsTarReader(c)),
 		request.ContentType("application/x-tar"))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	out, err := request.ReadBody(body)
 	assert.NilError(c, err)
@@ -542,7 +537,7 @@ type buildLine struct {
 	}
 }
 
-func getImageIDsFromBuild(c *check.C, output []byte) []string {
+func getImageIDsFromBuild(c *testing.T, output []byte) []string {
 	var ids []string
 	for _, line := range bytes.Split(output, []byte("\n")) {
 		if len(line) == 0 {
diff --git a/integration-cli/docker_api_build_windows_test.go b/integration-cli/docker_api_build_windows_test.go
index a605c5be39225..68e19ca036693 100644
--- a/integration-cli/docker_api_build_windows_test.go
+++ b/integration-cli/docker_api_build_windows_test.go
@@ -1,19 +1,19 @@
+//go:build windows
 // +build windows
 
 package main
 
 import (
 	"net/http"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/testutil/fakecontext"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func (s *DockerSuite) TestBuildWithRecycleBin(c *check.C) {
+func (s *DockerSuite) TestBuildWithRecycleBin(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 
 	dockerfile := "" +
@@ -30,8 +30,8 @@ func (s *DockerSuite) TestBuildWithRecycleBin(c *check.C) {
 		request.RawContent(ctx.AsTarReader(c)),
 		request.ContentType("application/x-tar"))
 
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	out, err := request.ReadBody(body)
 	assert.NilError(c, err)
diff --git a/integration-cli/docker_api_containers_test.go b/integration-cli/docker_api_containers_test.go
index ef67894106f82..75af8fe2d2257 100644
--- a/integration-cli/docker_api_containers_test.go
+++ b/integration-cli/docker_api_containers_test.go
@@ -7,14 +7,13 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
 	"regexp"
 	"runtime"
-	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
@@ -23,55 +22,52 @@ import (
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/testutil/request"
 	"github.com/docker/docker/volume"
 	"github.com/docker/go-connections/nat"
-	"github.com/go-check/check"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
 )
 
-func (s *DockerSuite) TestContainerAPIGetAll(c *check.C) {
+func (s *DockerSuite) TestContainerAPIGetAll(c *testing.T) {
 	startCount := getContainerCount(c)
 	name := "getall"
 	dockerCmd(c, "run", "--name", name, "busybox", "true")
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	options := types.ContainerListOptions{
 		All: true,
 	}
 	containers, err := cli.ContainerList(context.Background(), options)
-	c.Assert(err, checker.IsNil)
-	c.Assert(containers, checker.HasLen, startCount+1)
+	assert.NilError(c, err)
+	assert.Equal(c, len(containers), startCount+1)
 	actual := containers[0].Names[0]
-	c.Assert(actual, checker.Equals, "/"+name)
+	assert.Equal(c, actual, "/"+name)
 }
 
 // regression test for empty json field being omitted #13691
-func (s *DockerSuite) TestContainerAPIGetJSONNoFieldsOmitted(c *check.C) {
+func (s *DockerSuite) TestContainerAPIGetJSONNoFieldsOmitted(c *testing.T) {
 	startCount := getContainerCount(c)
 	dockerCmd(c, "run", "busybox", "true")
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	options := types.ContainerListOptions{
 		All: true,
 	}
 	containers, err := cli.ContainerList(context.Background(), options)
-	c.Assert(err, checker.IsNil)
-	c.Assert(containers, checker.HasLen, startCount+1)
+	assert.NilError(c, err)
+	assert.Equal(c, len(containers), startCount+1)
 	actual := fmt.Sprintf("%+v", containers[0])
 
 	// empty Labels field triggered this bug, make sense to check for everything
@@ -98,57 +94,18 @@ func (s *DockerSuite) TestContainerAPIGetJSONNoFieldsOmitted(c *check.C) {
 	}
 }
 
-type containerPs struct {
-	Names []string
-	Ports []types.Port
-}
-
-// regression test for non-empty fields from #13901
-func (s *DockerSuite) TestContainerAPIPsOmitFields(c *check.C) {
-	// Problematic for Windows porting due to networking not yet being passed back
-	testRequires(c, DaemonIsLinux)
-	name := "pstest"
-	port := 80
-	runSleepingContainer(c, "--name", name, "--expose", strconv.Itoa(port))
-
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
-	defer cli.Close()
-
-	options := types.ContainerListOptions{
-		All: true,
-	}
-	containers, err := cli.ContainerList(context.Background(), options)
-	c.Assert(err, checker.IsNil)
-	var foundContainer containerPs
-	for _, c := range containers {
-		for _, testName := range c.Names {
-			if "/"+name == testName {
-				foundContainer.Names = c.Names
-				foundContainer.Ports = c.Ports
-				break
-			}
-		}
-	}
-
-	c.Assert(foundContainer.Ports, checker.HasLen, 1)
-	c.Assert(foundContainer.Ports[0].PrivatePort, checker.Equals, uint16(port))
-	c.Assert(foundContainer.Ports[0].PublicPort, checker.NotNil)
-	c.Assert(foundContainer.Ports[0].IP, checker.NotNil)
-}
-
-func (s *DockerSuite) TestContainerAPIGetExport(c *check.C) {
+func (s *DockerSuite) TestContainerAPIGetExport(c *testing.T) {
 	// Not supported on Windows as Windows does not support docker export
 	testRequires(c, DaemonIsLinux)
 	name := "exportcontainer"
 	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test")
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	body, err := cli.ContainerExport(context.Background(), name)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer body.Close()
 	found := false
 	for tarReader := tar.NewReader(body); ; {
@@ -161,21 +118,21 @@ func (s *DockerSuite) TestContainerAPIGetExport(c *check.C) {
 			break
 		}
 	}
-	c.Assert(found, checker.True, check.Commentf("The created test file has not been found in the exported image"))
+	assert.Assert(c, found, "The created test file has not been found in the exported image")
 }
 
-func (s *DockerSuite) TestContainerAPIGetChanges(c *check.C) {
+func (s *DockerSuite) TestContainerAPIGetChanges(c *testing.T) {
 	// Not supported on Windows as Windows does not support docker diff (/containers/name/changes)
 	testRequires(c, DaemonIsLinux)
 	name := "changescontainer"
 	dockerCmd(c, "run", "--name", name, "busybox", "rm", "/etc/passwd")
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	changes, err := cli.ContainerDiff(context.Background(), name)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Check the changelog for removal of /etc/passwd
 	success := false
@@ -184,10 +141,10 @@ func (s *DockerSuite) TestContainerAPIGetChanges(c *check.C) {
 			success = true
 		}
 	}
-	c.Assert(success, checker.True, check.Commentf("/etc/passwd has been removed but is not present in the diff"))
+	assert.Assert(c, success, "/etc/passwd has been removed but is not present in the diff")
 }
 
-func (s *DockerSuite) TestGetContainerStats(c *check.C) {
+func (s *DockerSuite) TestGetContainerStats(c *testing.T) {
 	var (
 		name = "statscontainer"
 	)
@@ -200,12 +157,12 @@ func (s *DockerSuite) TestGetContainerStats(c *check.C) {
 
 	bc := make(chan b, 1)
 	go func() {
-		cli, err := client.NewEnvClient()
-		c.Assert(err, checker.IsNil)
+		cli, err := client.NewClientWithOpts(client.FromEnv)
+		assert.NilError(c, err)
 		defer cli.Close()
 
 		stats, err := cli.ContainerStats(context.Background(), name, true)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		bc <- b{stats, err}
 	}()
 
@@ -223,23 +180,23 @@ func (s *DockerSuite) TestGetContainerStats(c *check.C) {
 		defer sr.stats.Body.Close()
 		var s *types.Stats
 		// decode only one object from the stream
-		c.Assert(dec.Decode(&s), checker.IsNil)
+		assert.NilError(c, dec.Decode(&s))
 	}
 }
 
-func (s *DockerSuite) TestGetContainerStatsRmRunning(c *check.C) {
+func (s *DockerSuite) TestGetContainerStatsRmRunning(c *testing.T) {
 	out := runSleepingContainer(c)
 	id := strings.TrimSpace(out)
 
 	buf := &ChannelBuffer{C: make(chan []byte, 1)}
 	defer buf.Close()
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	stats, err := cli.ContainerStats(context.Background(), id, true)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer stats.Body.Close()
 
 	chErr := make(chan error, 1)
@@ -251,16 +208,16 @@ func (s *DockerSuite) TestGetContainerStatsRmRunning(c *check.C) {
 	b := make([]byte, 32)
 	// make sure we've got some stats
 	_, err = buf.ReadTimeout(b, 2*time.Second)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Now remove without `-f` and make sure we are still pulling stats
 	_, _, err = dockerCmdWithError("rm", id)
-	c.Assert(err, checker.Not(checker.IsNil), check.Commentf("rm should have failed but didn't"))
+	assert.Assert(c, err != nil, "rm should have failed but didn't")
 	_, err = buf.ReadTimeout(b, 2*time.Second)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "rm", "-f", id)
-	c.Assert(<-chErr, checker.IsNil)
+	assert.Assert(c, <-chErr == nil)
 }
 
 // ChannelBuffer holds a chan of byte array that can be populate in a goroutine.
@@ -294,7 +251,7 @@ func (c *ChannelBuffer) ReadTimeout(p []byte, n time.Duration) (int, error) {
 // regression test for gh13421
 // previous test was just checking one stat entry so it didn't fail (stats with
 // stream false always return one stat)
-func (s *DockerSuite) TestGetContainerStatsStream(c *check.C) {
+func (s *DockerSuite) TestGetContainerStatsStream(c *testing.T) {
 	name := "statscontainer"
 	runSleepingContainer(c, "--name", name)
 
@@ -305,12 +262,12 @@ func (s *DockerSuite) TestGetContainerStatsStream(c *check.C) {
 
 	bc := make(chan b, 1)
 	go func() {
-		cli, err := client.NewEnvClient()
-		c.Assert(err, checker.IsNil)
+		cli, err := client.NewClientWithOpts(client.FromEnv)
+		assert.NilError(c, err)
 		defer cli.Close()
 
 		stats, err := cli.ContainerStats(context.Background(), name, true)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		bc <- b{stats, err}
 	}()
 
@@ -324,9 +281,9 @@ func (s *DockerSuite) TestGetContainerStatsStream(c *check.C) {
 	case <-time.After(2 * time.Second):
 		c.Fatal("stream was not closed after container was removed")
 	case sr := <-bc:
-		b, err := ioutil.ReadAll(sr.stats.Body)
+		b, err := io.ReadAll(sr.stats.Body)
 		defer sr.stats.Body.Close()
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		s := string(b)
 		// count occurrences of "read" of types.Stats
 		if l := strings.Count(s, "read"); l < 2 {
@@ -335,7 +292,7 @@ func (s *DockerSuite) TestGetContainerStatsStream(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestGetContainerStatsNoStream(c *check.C) {
+func (s *DockerSuite) TestGetContainerStatsNoStream(c *testing.T) {
 	name := "statscontainer"
 	runSleepingContainer(c, "--name", name)
 
@@ -347,12 +304,12 @@ func (s *DockerSuite) TestGetContainerStatsNoStream(c *check.C) {
 	bc := make(chan b, 1)
 
 	go func() {
-		cli, err := client.NewEnvClient()
-		c.Assert(err, checker.IsNil)
+		cli, err := client.NewClientWithOpts(client.FromEnv)
+		assert.NilError(c, err)
 		defer cli.Close()
 
 		stats, err := cli.ContainerStats(context.Background(), name, false)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		bc <- b{stats, err}
 	}()
 
@@ -366,58 +323,59 @@ func (s *DockerSuite) TestGetContainerStatsNoStream(c *check.C) {
 	case <-time.After(2 * time.Second):
 		c.Fatal("stream was not closed after container was removed")
 	case sr := <-bc:
-		b, err := ioutil.ReadAll(sr.stats.Body)
+		b, err := io.ReadAll(sr.stats.Body)
 		defer sr.stats.Body.Close()
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		s := string(b)
 		// count occurrences of `"read"` of types.Stats
-		c.Assert(strings.Count(s, `"read"`), checker.Equals, 1, check.Commentf("Expected only one stat streamed, got %d", strings.Count(s, `"read"`)))
+		assert.Assert(c, strings.Count(s, `"read"`) == 1, "Expected only one stat streamed, got %d", strings.Count(s, `"read"`))
 	}
 }
 
-func (s *DockerSuite) TestGetStoppedContainerStats(c *check.C) {
+func (s *DockerSuite) TestGetStoppedContainerStats(c *testing.T) {
 	name := "statscontainer"
 	dockerCmd(c, "create", "--name", name, "busybox", "ps")
 
-	chResp := make(chan error)
+	chResp := make(chan error, 1)
 
 	// We expect an immediate response, but if it's not immediate, the test would hang, so put it in a goroutine
 	// below we'll check this on a timeout.
 	go func() {
-		cli, err := client.NewEnvClient()
-		c.Assert(err, checker.IsNil)
+		cli, err := client.NewClientWithOpts(client.FromEnv)
+		assert.NilError(c, err)
 		defer cli.Close()
 
 		resp, err := cli.ContainerStats(context.Background(), name, false)
+		assert.NilError(c, err)
 		defer resp.Body.Close()
 		chResp <- err
 	}()
 
 	select {
 	case err := <-chResp:
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(10 * time.Second):
 		c.Fatal("timeout waiting for stats response for stopped container")
 	}
 }
 
-func (s *DockerSuite) TestContainerAPIPause(c *check.C) {
+func (s *DockerSuite) TestContainerAPIPause(c *testing.T) {
 	// Problematic on Windows as Windows does not support pause
 	testRequires(c, DaemonIsLinux)
 
-	getPaused := func(c *check.C) []string {
+	getPaused := func(c *testing.T) []string {
 		return strings.Fields(cli.DockerCmd(c, "ps", "-f", "status=paused", "-q", "-a").Combined())
 	}
 
 	out := cli.DockerCmd(c, "run", "-d", "busybox", "sleep", "30").Combined()
 	ContainerID := strings.TrimSpace(out)
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerPause(context.Background(), ContainerID)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	pausedContainers := getPaused(c)
 
@@ -426,53 +384,53 @@ func (s *DockerSuite) TestContainerAPIPause(c *check.C) {
 	}
 
 	err = cli.ContainerUnpause(context.Background(), ContainerID)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	pausedContainers = getPaused(c)
-	c.Assert(pausedContainers, checker.HasLen, 0, check.Commentf("There should be no paused container."))
+	assert.Equal(c, len(pausedContainers), 0, "There should be no paused container.")
 }
 
-func (s *DockerSuite) TestContainerAPITop(c *check.C) {
+func (s *DockerSuite) TestContainerAPITop(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "top")
-	id := strings.TrimSpace(string(out))
-	c.Assert(waitRun(id), checker.IsNil)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "top && true")
+	id := strings.TrimSpace(out)
+	assert.NilError(c, waitRun(id))
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	// sort by comm[andline] to make sure order stays the same in case of PID rollover
 	top, err := cli.ContainerTop(context.Background(), id, []string{"aux", "--sort=comm"})
-	c.Assert(err, checker.IsNil)
-	c.Assert(top.Titles, checker.HasLen, 11, check.Commentf("expected 11 titles, found %d: %v", len(top.Titles), top.Titles))
+	assert.NilError(c, err)
+	assert.Equal(c, len(top.Titles), 11, fmt.Sprintf("expected 11 titles, found %d: %v", len(top.Titles), top.Titles))
 
 	if top.Titles[0] != "USER" || top.Titles[10] != "COMMAND" {
 		c.Fatalf("expected `USER` at `Titles[0]` and `COMMAND` at Titles[10]: %v", top.Titles)
 	}
-	c.Assert(top.Processes, checker.HasLen, 2, check.Commentf("expected 2 processes, found %d: %v", len(top.Processes), top.Processes))
-	c.Assert(top.Processes[0][10], checker.Equals, "/bin/sh -c top")
-	c.Assert(top.Processes[1][10], checker.Equals, "top")
+	assert.Equal(c, len(top.Processes), 2, fmt.Sprintf("expected 2 processes, found %d: %v", len(top.Processes), top.Processes))
+	assert.Equal(c, top.Processes[0][10], "/bin/sh -c top && true")
+	assert.Equal(c, top.Processes[1][10], "top")
 }
 
-func (s *DockerSuite) TestContainerAPITopWindows(c *check.C) {
+func (s *DockerSuite) TestContainerAPITopWindows(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	out := runSleepingContainer(c, "-d")
-	id := strings.TrimSpace(string(out))
-	c.Assert(waitRun(id), checker.IsNil)
+	id := strings.TrimSpace(out)
+	assert.NilError(c, waitRun(id))
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	top, err := cli.ContainerTop(context.Background(), id, nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(top.Titles, checker.HasLen, 4, check.Commentf("expected 4 titles, found %d: %v", len(top.Titles), top.Titles))
+	assert.NilError(c, err)
+	assert.Equal(c, len(top.Titles), 4, "expected 4 titles, found %d: %v", len(top.Titles), top.Titles)
 
 	if top.Titles[0] != "Name" || top.Titles[3] != "Private Working Set" {
 		c.Fatalf("expected `Name` at `Titles[0]` and `Private Working Set` at Titles[3]: %v", top.Titles)
 	}
-	c.Assert(len(top.Processes), checker.GreaterOrEqualThan, 2, check.Commentf("expected at least 2 processes, found %d: %v", len(top.Processes), top.Processes))
+	assert.Assert(c, len(top.Processes) >= 2, "expected at least 2 processes, found %d: %v", len(top.Processes), top.Processes)
 
 	foundProcess := false
 	expectedProcess := "busybox.exe"
@@ -483,15 +441,15 @@ func (s *DockerSuite) TestContainerAPITopWindows(c *check.C) {
 		}
 	}
 
-	c.Assert(foundProcess, checker.Equals, true, check.Commentf("expected to find %s: %v", expectedProcess, top.Processes))
+	assert.Assert(c, foundProcess, "expected to find %s: %v", expectedProcess, top.Processes)
 }
 
-func (s *DockerSuite) TestContainerAPICommit(c *check.C) {
+func (s *DockerSuite) TestContainerAPICommit(c *testing.T) {
 	cName := "testapicommit"
 	dockerCmd(c, "run", "--name="+cName, "busybox", "/bin/sh", "-c", "touch /test")
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	options := types.ContainerCommitOptions{
@@ -499,21 +457,21 @@ func (s *DockerSuite) TestContainerAPICommit(c *check.C) {
 	}
 
 	img, err := cli.ContainerCommit(context.Background(), cName, options)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	cmd := inspectField(c, img.ID, "Config.Cmd")
-	c.Assert(cmd, checker.Equals, "[/bin/sh -c touch /test]", check.Commentf("got wrong Cmd from commit: %q", cmd))
+	assert.Equal(c, cmd, "[/bin/sh -c touch /test]", fmt.Sprintf("got wrong Cmd from commit: %q", cmd))
 
 	// sanity check, make sure the image is what we think it is
 	dockerCmd(c, "run", img.ID, "ls", "/test")
 }
 
-func (s *DockerSuite) TestContainerAPICommitWithLabelInConfig(c *check.C) {
+func (s *DockerSuite) TestContainerAPICommitWithLabelInConfig(c *testing.T) {
 	cName := "testapicommitwithconfig"
 	dockerCmd(c, "run", "--name="+cName, "busybox", "/bin/sh", "-c", "touch /test")
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	config := containertypes.Config{
@@ -525,22 +483,22 @@ func (s *DockerSuite) TestContainerAPICommitWithLabelInConfig(c *check.C) {
 	}
 
 	img, err := cli.ContainerCommit(context.Background(), cName, options)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	label1 := inspectFieldMap(c, img.ID, "Config.Labels", "key1")
-	c.Assert(label1, checker.Equals, "value1")
+	assert.Equal(c, label1, "value1")
 
 	label2 := inspectFieldMap(c, img.ID, "Config.Labels", "key2")
-	c.Assert(label2, checker.Equals, "value2")
+	assert.Equal(c, label2, "value2")
 
 	cmd := inspectField(c, img.ID, "Config.Cmd")
-	c.Assert(cmd, checker.Equals, "[/bin/sh -c touch /test]", check.Commentf("got wrong Cmd from commit: %q", cmd))
+	assert.Equal(c, cmd, "[/bin/sh -c touch /test]", fmt.Sprintf("got wrong Cmd from commit: %q", cmd))
 
 	// sanity check, make sure the image is what we think it is
 	dockerCmd(c, "run", img.ID, "ls", "/test")
 }
 
-func (s *DockerSuite) TestContainerAPIBadPort(c *check.C) {
+func (s *DockerSuite) TestContainerAPIBadPort(c *testing.T) {
 	// TODO Windows to Windows CI - Port this test
 	testRequires(c, DaemonIsLinux)
 
@@ -559,44 +517,44 @@ func (s *DockerSuite) TestContainerAPIBadPort(c *check.C) {
 		},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err.Error(), checker.Contains, `invalid port specification: "aa80"`)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, "")
+	assert.ErrorContains(c, err, `invalid port specification: "aa80"`)
 }
 
-func (s *DockerSuite) TestContainerAPICreate(c *check.C) {
+func (s *DockerSuite) TestContainerAPICreate(c *testing.T) {
 	config := containertypes.Config{
 		Image: "busybox",
 		Cmd:   []string{"/bin/sh", "-c", "touch /test && ls /test"},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, checker.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, "")
+	assert.NilError(c, err)
 
 	out, _ := dockerCmd(c, "start", "-a", container.ID)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "/test")
+	assert.Equal(c, strings.TrimSpace(out), "/test")
 }
 
-func (s *DockerSuite) TestContainerAPICreateEmptyConfig(c *check.C) {
+func (s *DockerSuite) TestContainerAPICreateEmptyConfig(c *testing.T) {
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &containertypes.Config{}, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
+	_, err = cli.ContainerCreate(context.Background(), &containertypes.Config{}, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, "")
 
 	expected := "No command specified"
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, expected)
 }
 
-func (s *DockerSuite) TestContainerAPICreateMultipleNetworksConfig(c *check.C) {
+func (s *DockerSuite) TestContainerAPICreateMultipleNetworksConfig(c *testing.T) {
 	// Container creation must fail if client specified configurations for more than one network
 	config := containertypes.Config{
 		Image: "busybox",
@@ -610,56 +568,33 @@ func (s *DockerSuite) TestContainerAPICreateMultipleNetworksConfig(c *check.C) {
 		},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networkingConfig, "")
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networkingConfig, nil, "")
 	msg := err.Error()
 	// network name order in error message is not deterministic
-	c.Assert(msg, checker.Contains, "Container cannot be connected to network endpoints")
-	c.Assert(msg, checker.Contains, "net1")
-	c.Assert(msg, checker.Contains, "net2")
-	c.Assert(msg, checker.Contains, "net3")
-}
-
-func (s *DockerSuite) TestContainerAPICreateWithHostName(c *check.C) {
-	domainName := "test-domain"
-	hostName := "test-hostname"
-	config := containertypes.Config{
-		Image:      "busybox",
-		Hostname:   hostName,
-		Domainname: domainName,
-	}
-
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
-	defer cli.Close()
-
-	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, checker.IsNil)
-
-	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(containerJSON.Config.Hostname, checker.Equals, hostName, check.Commentf("Mismatched Hostname"))
-	c.Assert(containerJSON.Config.Domainname, checker.Equals, domainName, check.Commentf("Mismatched Domainname"))
+	assert.Assert(c, strings.Contains(msg, "Container cannot be connected to network endpoints"))
+	assert.Assert(c, strings.Contains(msg, "net1"))
+	assert.Assert(c, strings.Contains(msg, "net2"))
+	assert.Assert(c, strings.Contains(msg, "net3"))
 }
 
-func (s *DockerSuite) TestContainerAPICreateBridgeNetworkMode(c *check.C) {
+func (s *DockerSuite) TestContainerAPICreateBridgeNetworkMode(c *testing.T) {
 	// Windows does not support bridge
 	testRequires(c, DaemonIsLinux)
 	UtilCreateNetworkMode(c, "bridge")
 }
 
-func (s *DockerSuite) TestContainerAPICreateOtherNetworkModes(c *check.C) {
+func (s *DockerSuite) TestContainerAPICreateOtherNetworkModes(c *testing.T) {
 	// Windows does not support these network modes
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	UtilCreateNetworkMode(c, "host")
 	UtilCreateNetworkMode(c, "container:web1")
 }
 
-func UtilCreateNetworkMode(c *check.C, networkMode containertypes.NetworkMode) {
+func UtilCreateNetworkMode(c *testing.T, networkMode containertypes.NetworkMode) {
 	config := containertypes.Config{
 		Image: "busybox",
 	}
@@ -668,20 +603,20 @@ func UtilCreateNetworkMode(c *check.C, networkMode containertypes.NetworkMode) {
 		NetworkMode: networkMode,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, checker.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, "")
+	assert.NilError(c, err)
 
 	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(containerJSON.HostConfig.NetworkMode, checker.Equals, containertypes.NetworkMode(networkMode), check.Commentf("Mismatched NetworkMode"))
+	assert.Equal(c, containerJSON.HostConfig.NetworkMode, networkMode, "Mismatched NetworkMode")
 }
 
-func (s *DockerSuite) TestContainerAPICreateWithCpuSharesCpuset(c *check.C) {
+func (s *DockerSuite) TestContainerAPICreateWithCpuSharesCpuset(c *testing.T) {
 	// TODO Windows to Windows CI. The CpuShares part could be ported.
 	testRequires(c, DaemonIsLinux)
 	config := containertypes.Config{
@@ -695,65 +630,65 @@ func (s *DockerSuite) TestContainerAPICreateWithCpuSharesCpuset(c *check.C) {
 		},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, checker.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, "")
+	assert.NilError(c, err)
 
 	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out := inspectField(c, containerJSON.ID, "HostConfig.CpuShares")
-	c.Assert(out, checker.Equals, "512")
+	assert.Equal(c, out, "512")
 
 	outCpuset := inspectField(c, containerJSON.ID, "HostConfig.CpusetCpus")
-	c.Assert(outCpuset, checker.Equals, "0")
+	assert.Equal(c, outCpuset, "0")
 }
 
-func (s *DockerSuite) TestContainerAPIVerifyHeader(c *check.C) {
+func (s *DockerSuite) TestContainerAPIVerifyHeader(c *testing.T) {
 	config := map[string]interface{}{
 		"Image": "busybox",
 	}
 
 	create := func(ct string) (*http.Response, io.ReadCloser, error) {
 		jsonData := bytes.NewBuffer(nil)
-		c.Assert(json.NewEncoder(jsonData).Encode(config), checker.IsNil)
-		return request.Post("/containers/create", request.RawContent(ioutil.NopCloser(jsonData)), request.ContentType(ct))
+		assert.Assert(c, json.NewEncoder(jsonData).Encode(config) == nil)
+		return request.Post("/containers/create", request.RawContent(io.NopCloser(jsonData)), request.ContentType(ct))
 	}
 
 	// Try with no content-type
 	res, body, err := create("")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	// todo: we need to figure out a better way to compare between dockerd versions
 	// comparing between daemon API version is not precise.
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	} else {
-		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, res.StatusCode != http.StatusOK)
 	}
 	body.Close()
 
 	// Try with wrong content-type
 	res, body, err = create("application/xml")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	} else {
-		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, res.StatusCode != http.StatusOK)
 	}
 	body.Close()
 
 	// now application/json
 	res, body, err = create("application/json")
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusCreated)
 	body.Close()
 }
 
-//Issue 14230. daemon should return 500 for invalid port syntax
-func (s *DockerSuite) TestContainerAPIInvalidPortSyntax(c *check.C) {
+// Issue 14230. daemon should return 500 for invalid port syntax
+func (s *DockerSuite) TestContainerAPIInvalidPortSyntax(c *testing.T) {
 	config := `{
 				  "Image": "busybox",
 				  "HostConfig": {
@@ -767,19 +702,19 @@ func (s *DockerSuite) TestContainerAPIInvalidPortSyntax(c *check.C) {
 				}`
 
 	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	} else {
-		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, res.StatusCode != http.StatusOK)
 	}
 
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b[:]), checker.Contains, "invalid port")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(b[:]), "invalid port"))
 }
 
-func (s *DockerSuite) TestContainerAPIRestartPolicyInvalidPolicyName(c *check.C) {
+func (s *DockerSuite) TestContainerAPIRestartPolicyInvalidPolicyName(c *testing.T) {
 	config := `{
 		"Image": "busybox",
 		"HostConfig": {
@@ -791,19 +726,19 @@ func (s *DockerSuite) TestContainerAPIRestartPolicyInvalidPolicyName(c *check.C)
 	}`
 
 	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	} else {
-		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, res.StatusCode != http.StatusOK)
 	}
 
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b[:]), checker.Contains, "invalid restart policy")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(b[:]), "invalid restart policy"))
 }
 
-func (s *DockerSuite) TestContainerAPIRestartPolicyRetryMismatch(c *check.C) {
+func (s *DockerSuite) TestContainerAPIRestartPolicyRetryMismatch(c *testing.T) {
 	config := `{
 		"Image": "busybox",
 		"HostConfig": {
@@ -815,19 +750,19 @@ func (s *DockerSuite) TestContainerAPIRestartPolicyRetryMismatch(c *check.C) {
 	}`
 
 	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	} else {
-		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, res.StatusCode != http.StatusOK)
 	}
 
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b[:]), checker.Contains, "maximum retry count cannot be used with restart policy")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(b[:]), "maximum retry count cannot be used with restart policy"))
 }
 
-func (s *DockerSuite) TestContainerAPIRestartPolicyNegativeRetryCount(c *check.C) {
+func (s *DockerSuite) TestContainerAPIRestartPolicyNegativeRetryCount(c *testing.T) {
 	config := `{
 		"Image": "busybox",
 		"HostConfig": {
@@ -839,19 +774,19 @@ func (s *DockerSuite) TestContainerAPIRestartPolicyNegativeRetryCount(c *check.C
 	}`
 
 	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	} else {
-		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, res.StatusCode != http.StatusOK)
 	}
 
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b[:]), checker.Contains, "maximum retry count cannot be negative")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(b[:]), "maximum retry count cannot be negative"))
 }
 
-func (s *DockerSuite) TestContainerAPIRestartPolicyDefaultRetryCount(c *check.C) {
+func (s *DockerSuite) TestContainerAPIRestartPolicyDefaultRetryCount(c *testing.T) {
 	config := `{
 		"Image": "busybox",
 		"HostConfig": {
@@ -863,13 +798,13 @@ func (s *DockerSuite) TestContainerAPIRestartPolicyDefaultRetryCount(c *check.C)
 	}`
 
 	res, _, err := request.Post("/containers/create", request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusCreated)
 }
 
 // Issue 7941 - test to make sure a "null" in JSON is just ignored.
 // W/o this fix a null in JSON would be parsed into a string var as "null"
-func (s *DockerSuite) TestContainerAPIPostCreateNull(c *check.C) {
+func (s *DockerSuite) TestContainerAPIPostCreateNull(c *testing.T) {
 	config := `{
 		"Hostname":"",
 		"Domainname":"",
@@ -894,26 +829,26 @@ func (s *DockerSuite) TestContainerAPIPostCreateNull(c *check.C) {
 		"OnBuild":null}`
 
 	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusCreated)
 
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	type createResp struct {
 		ID string
 	}
 	var container createResp
-	c.Assert(json.Unmarshal(b, &container), checker.IsNil)
+	assert.Assert(c, json.Unmarshal(b, &container) == nil)
 	out := inspectField(c, container.ID, "HostConfig.CpusetCpus")
-	c.Assert(out, checker.Equals, "")
+	assert.Equal(c, out, "")
 
 	outMemory := inspectField(c, container.ID, "HostConfig.Memory")
-	c.Assert(outMemory, checker.Equals, "0")
+	assert.Equal(c, outMemory, "0")
 	outMemorySwap := inspectField(c, container.ID, "HostConfig.MemorySwap")
-	c.Assert(outMemorySwap, checker.Equals, "0")
+	assert.Equal(c, outMemorySwap, "0")
 }
 
-func (s *DockerSuite) TestCreateWithTooLowMemoryLimit(c *check.C) {
+func (s *DockerSuite) TestCreateWithTooLowMemoryLimit(c *testing.T) {
 	// TODO Windows: Port once memory is supported
 	testRequires(c, DaemonIsLinux)
 	config := `{
@@ -925,81 +860,81 @@ func (s *DockerSuite) TestCreateWithTooLowMemoryLimit(c *check.C) {
 	}`
 
 	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	b, err2 := request.ReadBody(body)
-	c.Assert(err2, checker.IsNil)
+	assert.Assert(c, err2 == nil)
 
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	} else {
-		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, res.StatusCode != http.StatusOK)
 	}
-	c.Assert(string(b), checker.Contains, "Minimum memory limit allowed is 4MB")
+	assert.Assert(c, strings.Contains(string(b), "Minimum memory limit allowed is 6MB"))
 }
 
-func (s *DockerSuite) TestContainerAPIRename(c *check.C) {
+func (s *DockerSuite) TestContainerAPIRename(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "--name", "TestContainerAPIRename", "-d", "busybox", "sh")
 
 	containerID := strings.TrimSpace(out)
 	newName := "TestContainerAPIRenameNew"
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRename(context.Background(), containerID, newName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	name := inspectField(c, containerID, "Name")
-	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container"))
+	assert.Equal(c, name, "/"+newName, "Failed to rename container")
 }
 
-func (s *DockerSuite) TestContainerAPIKill(c *check.C) {
+func (s *DockerSuite) TestContainerAPIKill(c *testing.T) {
 	name := "test-api-kill"
 	runSleepingContainer(c, "-i", "--name", name)
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerKill(context.Background(), name, "SIGKILL")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	state := inspectField(c, name, "State.Running")
-	c.Assert(state, checker.Equals, "false", check.Commentf("got wrong State from container %s: %q", name, state))
+	assert.Equal(c, state, "false", fmt.Sprintf("got wrong State from container %s: %q", name, state))
 }
 
-func (s *DockerSuite) TestContainerAPIRestart(c *check.C) {
+func (s *DockerSuite) TestContainerAPIRestart(c *testing.T) {
 	name := "test-api-restart"
 	runSleepingContainer(c, "-di", "--name", name)
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	timeout := 1 * time.Second
 	err = cli.ContainerRestart(context.Background(), name, &timeout)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(waitInspect(name, "{{ .State.Restarting  }} {{ .State.Running  }}", "false true", 15*time.Second), checker.IsNil)
+	assert.Assert(c, waitInspect(name, "{{ .State.Restarting  }} {{ .State.Running  }}", "false true", 15*time.Second) == nil)
 }
 
-func (s *DockerSuite) TestContainerAPIRestartNotimeoutParam(c *check.C) {
+func (s *DockerSuite) TestContainerAPIRestartNotimeoutParam(c *testing.T) {
 	name := "test-api-restart-no-timeout-param"
 	out := runSleepingContainer(c, "-di", "--name", name)
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRestart(context.Background(), name, nil)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(waitInspect(name, "{{ .State.Restarting  }} {{ .State.Running  }}", "false true", 15*time.Second), checker.IsNil)
+	assert.Assert(c, waitInspect(name, "{{ .State.Restarting  }} {{ .State.Running  }}", "false true", 15*time.Second) == nil)
 }
 
-func (s *DockerSuite) TestContainerAPIStart(c *check.C) {
+func (s *DockerSuite) TestContainerAPIStart(c *testing.T) {
 	name := "testing-start"
 	config := containertypes.Config{
 		Image:     "busybox",
@@ -1007,44 +942,44 @@ func (s *DockerSuite) TestContainerAPIStart(c *check.C) {
 		OpenStdin: true,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, name)
-	c.Assert(err, checker.IsNil)
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, name)
+	assert.NilError(c, err)
 
 	err = cli.ContainerStart(context.Background(), name, types.ContainerStartOptions{})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// second call to start should give 304
 	// maybe add ContainerStartWithRaw to test it
 	err = cli.ContainerStart(context.Background(), name, types.ContainerStartOptions{})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// TODO(tibor): figure out why this doesn't work on windows
 }
 
-func (s *DockerSuite) TestContainerAPIStop(c *check.C) {
+func (s *DockerSuite) TestContainerAPIStop(c *testing.T) {
 	name := "test-api-stop"
 	runSleepingContainer(c, "-i", "--name", name)
 	timeout := 30 * time.Second
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerStop(context.Background(), name, &timeout)
-	c.Assert(err, checker.IsNil)
-	c.Assert(waitInspect(name, "{{ .State.Running  }}", "false", 60*time.Second), checker.IsNil)
+	assert.NilError(c, err)
+	assert.Assert(c, waitInspect(name, "{{ .State.Running  }}", "false", 60*time.Second) == nil)
 
 	// second call to start should give 304
 	// maybe add ContainerStartWithRaw to test it
 	err = cli.ContainerStop(context.Background(), name, &timeout)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestContainerAPIWait(c *check.C) {
+func (s *DockerSuite) TestContainerAPIWait(c *testing.T) {
 	name := "test-api-wait"
 
 	sleepCmd := "/bin/sleep"
@@ -1053,21 +988,21 @@ func (s *DockerSuite) TestContainerAPIWait(c *check.C) {
 	}
 	dockerCmd(c, "run", "--name", name, "busybox", sleepCmd, "2")
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	waitresC, errC := cli.ContainerWait(context.Background(), name, "")
+	waitResC, errC := cli.ContainerWait(context.Background(), name, "")
 
 	select {
 	case err = <-errC:
-		c.Assert(err, checker.IsNil)
-	case waitres := <-waitresC:
-		c.Assert(waitres.StatusCode, checker.Equals, int64(0))
+		assert.NilError(c, err)
+	case waitRes := <-waitResC:
+		assert.Equal(c, waitRes.StatusCode, int64(0))
 	}
 }
 
-func (s *DockerSuite) TestContainerAPICopyNotExistsAnyMore(c *check.C) {
+func (s *DockerSuite) TestContainerAPICopyNotExistsAnyMore(c *testing.T) {
 	name := "test-container-api-copy"
 	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test.txt")
 
@@ -1076,11 +1011,11 @@ func (s *DockerSuite) TestContainerAPICopyNotExistsAnyMore(c *check.C) {
 	}
 	// no copy in client/
 	res, _, err := request.Post("/containers/"+name+"/copy", request.JSONBody(postData))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNotFound)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNotFound)
 }
 
-func (s *DockerSuite) TestContainerAPICopyPre124(c *check.C) {
+func (s *DockerSuite) TestContainerAPICopyPre124(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
 	name := "test-container-api-copy"
 	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test.txt")
@@ -1090,8 +1025,8 @@ func (s *DockerSuite) TestContainerAPICopyPre124(c *check.C) {
 	}
 
 	res, body, err := request.Post("/v1.23/containers/"+name+"/copy", request.JSONBody(postData))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	found := false
 	for tarReader := tar.NewReader(body); ; {
@@ -1107,10 +1042,10 @@ func (s *DockerSuite) TestContainerAPICopyPre124(c *check.C) {
 			break
 		}
 	}
-	c.Assert(found, checker.True)
+	assert.Assert(c, found)
 }
 
-func (s *DockerSuite) TestContainerAPICopyResourcePathEmptyPre124(c *check.C) {
+func (s *DockerSuite) TestContainerAPICopyResourcePathEmptyPre124(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
 	name := "test-container-api-copy-resource-empty"
 	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test.txt")
@@ -1120,18 +1055,19 @@ func (s *DockerSuite) TestContainerAPICopyResourcePathEmptyPre124(c *check.C) {
 	}
 
 	res, body, err := request.Post("/v1.23/containers/"+name+"/copy", request.JSONBody(postData))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	} else {
-		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, res.StatusCode != http.StatusOK)
 	}
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Matches, "Path cannot be empty\n")
+	assert.NilError(c, err)
+	assert.Assert(c, is.Regexp("^Path cannot be empty\n$", string(b)))
+
 }
 
-func (s *DockerSuite) TestContainerAPICopyResourcePathNotFoundPre124(c *check.C) {
+func (s *DockerSuite) TestContainerAPICopyResourcePathNotFoundPre124(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
 	name := "test-container-api-copy-resource-not-found"
 	dockerCmd(c, "run", "--name", name, "busybox")
@@ -1141,118 +1077,119 @@ func (s *DockerSuite) TestContainerAPICopyResourcePathNotFoundPre124(c *check.C)
 	}
 
 	res, body, err := request.Post("/v1.23/containers/"+name+"/copy", request.JSONBody(postData))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+		assert.Equal(c, res.StatusCode, http.StatusInternalServerError)
 	} else {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusNotFound)
+		assert.Equal(c, res.StatusCode, http.StatusNotFound)
 	}
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Matches, "Could not find the file /notexist in container "+name+"\n")
+	assert.NilError(c, err)
+	assert.Assert(c, is.Regexp("^Could not find the file /notexist in container "+name+"\n$", string(b)))
+
 }
 
-func (s *DockerSuite) TestContainerAPICopyContainerNotFoundPr124(c *check.C) {
+func (s *DockerSuite) TestContainerAPICopyContainerNotFoundPr124(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
 	postData := types.CopyConfig{
 		Resource: "/something",
 	}
 
 	res, _, err := request.Post("/v1.23/containers/notexists/copy", request.JSONBody(postData))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNotFound)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNotFound)
 }
 
-func (s *DockerSuite) TestContainerAPIDelete(c *check.C) {
+func (s *DockerSuite) TestContainerAPIDelete(c *testing.T) {
 	out := runSleepingContainer(c)
 
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	dockerCmd(c, "stop", id)
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRemove(context.Background(), id, types.ContainerRemoveOptions{})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestContainerAPIDeleteNotExist(c *check.C) {
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+func (s *DockerSuite) TestContainerAPIDeleteNotExist(c *testing.T) {
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRemove(context.Background(), "doesnotexist", types.ContainerRemoveOptions{})
-	c.Assert(err.Error(), checker.Contains, "No such container: doesnotexist")
+	assert.ErrorContains(c, err, "No such container: doesnotexist")
 }
 
-func (s *DockerSuite) TestContainerAPIDeleteForce(c *check.C) {
+func (s *DockerSuite) TestContainerAPIDeleteForce(c *testing.T) {
 	out := runSleepingContainer(c)
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	removeOptions := types.ContainerRemoveOptions{
 		Force: true,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRemove(context.Background(), id, removeOptions)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestContainerAPIDeleteRemoveLinks(c *check.C) {
+func (s *DockerSuite) TestContainerAPIDeleteRemoveLinks(c *testing.T) {
 	// Windows does not support links
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "--name", "tlink1", "busybox", "top")
 
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	out, _ = dockerCmd(c, "run", "--link", "tlink1:tlink1", "--name", "tlink2", "-d", "busybox", "top")
 
 	id2 := strings.TrimSpace(out)
-	c.Assert(waitRun(id2), checker.IsNil)
+	assert.Assert(c, waitRun(id2) == nil)
 
 	links := inspectFieldJSON(c, id2, "HostConfig.Links")
-	c.Assert(links, checker.Equals, "[\"/tlink1:/tlink2/tlink1\"]", check.Commentf("expected to have links between containers"))
+	assert.Equal(c, links, "[\"/tlink1:/tlink2/tlink1\"]", "expected to have links between containers")
 
 	removeOptions := types.ContainerRemoveOptions{
 		RemoveLinks: true,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRemove(context.Background(), "tlink2/tlink1", removeOptions)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	linksPostRm := inspectFieldJSON(c, id2, "HostConfig.Links")
-	c.Assert(linksPostRm, checker.Equals, "null", check.Commentf("call to api deleteContainer links should have removed the specified links"))
+	assert.Equal(c, linksPostRm, "null", "call to api deleteContainer links should have removed the specified links")
 }
 
-func (s *DockerSuite) TestContainerAPIDeleteConflict(c *check.C) {
+func (s *DockerSuite) TestContainerAPIDeleteConflict(c *testing.T) {
 	out := runSleepingContainer(c)
 
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRemove(context.Background(), id, types.ContainerRemoveOptions{})
 	expected := "cannot remove a running container"
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, expected)
 }
 
-func (s *DockerSuite) TestContainerAPIDeleteRemoveVolume(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestContainerAPIDeleteRemoveVolume(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 
 	vol := "/testvolume"
 	if testEnv.OSType == "windows" {
@@ -1262,31 +1199,31 @@ func (s *DockerSuite) TestContainerAPIDeleteRemoveVolume(c *check.C) {
 	out := runSleepingContainer(c, "-v", vol)
 
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	source, err := inspectMountSourceField(id, vol)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = os.Stat(source)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	removeOptions := types.ContainerRemoveOptions{
 		Force:         true,
 		RemoveVolumes: true,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRemove(context.Background(), id, removeOptions)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	_, err = os.Stat(source)
-	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("expected to get ErrNotExist error, got %v", err))
+	assert.Assert(c, os.IsNotExist(err), "expected to get ErrNotExist error, got %v", err)
 }
 
 // Regression test for https://github.com/docker/docker/issues/6231
-func (s *DockerSuite) TestContainerAPIChunkedEncoding(c *check.C) {
+func (s *DockerSuite) TestContainerAPIChunkedEncoding(c *testing.T) {
 
 	config := map[string]interface{}{
 		"Image":     "busybox",
@@ -1301,42 +1238,42 @@ func (s *DockerSuite) TestContainerAPIChunkedEncoding(c *check.C) {
 		req.ContentLength = -1
 		return nil
 	}))
-	c.Assert(err, checker.IsNil, check.Commentf("error creating container with chunked encoding"))
+	assert.Assert(c, err == nil, "error creating container with chunked encoding")
 	defer resp.Body.Close()
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusCreated)
+	assert.Equal(c, resp.StatusCode, http.StatusCreated)
 }
 
-func (s *DockerSuite) TestContainerAPIPostContainerStop(c *check.C) {
+func (s *DockerSuite) TestContainerAPIPostContainerStop(c *testing.T) {
 	out := runSleepingContainer(c)
 
 	containerID := strings.TrimSpace(out)
-	c.Assert(waitRun(containerID), checker.IsNil)
+	assert.Assert(c, waitRun(containerID) == nil)
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerStop(context.Background(), containerID, nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(waitInspect(containerID, "{{ .State.Running  }}", "false", 60*time.Second), checker.IsNil)
+	assert.NilError(c, err)
+	assert.Assert(c, waitInspect(containerID, "{{ .State.Running  }}", "false", 60*time.Second) == nil)
 }
 
 // #14170
-func (s *DockerSuite) TestPostContainerAPICreateWithStringOrSliceEntrypoint(c *check.C) {
+func (s *DockerSuite) TestPostContainerAPICreateWithStringOrSliceEntrypoint(c *testing.T) {
 	config := containertypes.Config{
 		Image:      "busybox",
 		Entrypoint: []string{"echo"},
 		Cmd:        []string{"hello", "world"},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "echotest")
-	c.Assert(err, checker.IsNil)
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, "echotest")
+	assert.NilError(c, err)
 	out, _ := dockerCmd(c, "start", "-a", "echotest")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
+	assert.Equal(c, strings.TrimSpace(out), "hello world")
 
 	config2 := struct {
 		Image      string
@@ -1344,26 +1281,26 @@ func (s *DockerSuite) TestPostContainerAPICreateWithStringOrSliceEntrypoint(c *c
 		Cmd        []string
 	}{"busybox", "echo", []string{"hello", "world"}}
 	_, _, err = request.Post("/containers/create?name=echotest2", request.JSONBody(config2))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	out, _ = dockerCmd(c, "start", "-a", "echotest2")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
+	assert.Equal(c, strings.TrimSpace(out), "hello world")
 }
 
 // #14170
-func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCmd(c *check.C) {
+func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCmd(c *testing.T) {
 	config := containertypes.Config{
 		Image: "busybox",
 		Cmd:   []string{"echo", "hello", "world"},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "echotest")
-	c.Assert(err, checker.IsNil)
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, "echotest")
+	assert.NilError(c, err)
 	out, _ := dockerCmd(c, "start", "-a", "echotest")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
+	assert.Equal(c, strings.TrimSpace(out), "hello world")
 
 	config2 := struct {
 		Image      string
@@ -1371,62 +1308,64 @@ func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCmd(c *check.C) {
 		Cmd        string
 	}{"busybox", "echo", "hello world"}
 	_, _, err = request.Post("/containers/create?name=echotest2", request.JSONBody(config2))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	out, _ = dockerCmd(c, "start", "-a", "echotest2")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
+	assert.Equal(c, strings.TrimSpace(out), "hello world")
 }
 
 // regression #14318
-func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCapAddDrop(c *check.C) {
+// for backward compatibility testing with and without CAP_ prefix
+// and with upper and lowercase
+func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCapAddDrop(c *testing.T) {
 	// Windows doesn't support CapAdd/CapDrop
 	testRequires(c, DaemonIsLinux)
 	config := struct {
 		Image   string
 		CapAdd  string
 		CapDrop string
-	}{"busybox", "NET_ADMIN", "SYS_ADMIN"}
+	}{"busybox", "NET_ADMIN", "cap_sys_admin"}
 	res, _, err := request.Post("/containers/create?name=capaddtest0", request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusCreated)
 
 	config2 := containertypes.Config{
 		Image: "busybox",
 	}
 	hostConfig := containertypes.HostConfig{
-		CapAdd:  []string{"NET_ADMIN", "SYS_ADMIN"},
-		CapDrop: []string{"SETGID"},
+		CapAdd:  []string{"net_admin", "SYS_ADMIN"},
+		CapDrop: []string{"SETGID", "CAP_SETPCAP"},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config2, &hostConfig, &networktypes.NetworkingConfig{}, "capaddtest1")
-	c.Assert(err, checker.IsNil)
+	_, err = cli.ContainerCreate(context.Background(), &config2, &hostConfig, &networktypes.NetworkingConfig{}, nil, "capaddtest1")
+	assert.NilError(c, err)
 }
 
 // #14915
-func (s *DockerSuite) TestContainerAPICreateNoHostConfig118(c *check.C) {
+func (s *DockerSuite) TestContainerAPICreateNoHostConfig118(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows only support 1.25 or later
 	config := containertypes.Config{
 		Image: "busybox",
 	}
 
 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithVersion("v1.18"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, checker.IsNil)
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, "")
+	assert.NilError(c, err)
 }
 
 // Ensure an error occurs when you have a container read-only rootfs but you
 // extract an archive to a symlink in a writable volume which points to a
 // directory outside of the volume.
-func (s *DockerSuite) TestPutContainerArchiveErrSymlinkInVolumeToReadOnlyRootfs(c *check.C) {
+func (s *DockerSuite) TestPutContainerArchiveErrSymlinkInVolumeToReadOnlyRootfs(c *testing.T) {
 	// Windows does not support read-only rootfs
 	// Requires local volume mount bind.
 	// --read-only + userns has remount issues
-	testRequires(c, SameHostDaemon, NotUserNamespace, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, NotUserNamespace, DaemonIsLinux)
 
 	testVol := getTestDir(c, "test-put-container-archive-err-symlink-in-volume-to-read-only-rootfs-")
 	defer os.RemoveAll(testVol)
@@ -1441,20 +1380,19 @@ func (s *DockerSuite) TestPutContainerArchiveErrSymlinkInVolumeToReadOnlyRootfs(
 	// Attempt to extract to a symlink in the volume which points to a
 	// directory outside the volume. This should cause an error because the
 	// rootfs is read-only.
-	var httpClient *http.Client
-	cli, err := client.NewClient(daemonHost(), "v1.20", httpClient, map[string]string{})
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithVersion("v1.20"))
+	assert.NilError(c, err)
 
 	err = cli.CopyToContainer(context.Background(), cID, "/vol2/symlinkToAbsDir", nil, types.CopyToContainerOptions{})
-	c.Assert(err.Error(), checker.Contains, "container rootfs is marked read-only")
+	assert.ErrorContains(c, err, "container rootfs is marked read-only")
 }
 
-func (s *DockerSuite) TestPostContainersCreateWithWrongCpusetValues(c *check.C) {
+func (s *DockerSuite) TestPostContainersCreateWithWrongCpusetValues(c *testing.T) {
 	// Not supported on Windows
 	testRequires(c, DaemonIsLinux)
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	config := containertypes.Config{
@@ -1467,9 +1405,9 @@ func (s *DockerSuite) TestPostContainersCreateWithWrongCpusetValues(c *check.C)
 	}
 	name := "wrong-cpuset-cpus"
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig1, &networktypes.NetworkingConfig{}, name)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig1, &networktypes.NetworkingConfig{}, nil, name)
 	expected := "Invalid value 1-42,, for cpuset cpus"
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, expected)
 
 	hostConfig2 := containertypes.HostConfig{
 		Resources: containertypes.Resources{
@@ -1477,12 +1415,12 @@ func (s *DockerSuite) TestPostContainersCreateWithWrongCpusetValues(c *check.C)
 		},
 	}
 	name = "wrong-cpuset-mems"
-	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig2, &networktypes.NetworkingConfig{}, name)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig2, &networktypes.NetworkingConfig{}, nil, name)
 	expected = "Invalid value 42-3,1-- for cpuset mems"
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, expected)
 }
 
-func (s *DockerSuite) TestPostContainersCreateShmSizeNegative(c *check.C) {
+func (s *DockerSuite) TestPostContainersCreateShmSizeNegative(c *testing.T) {
 	// ShmSize is not supported on Windows
 	testRequires(c, DaemonIsLinux)
 	config := containertypes.Config{
@@ -1492,15 +1430,15 @@ func (s *DockerSuite) TestPostContainersCreateShmSizeNegative(c *check.C) {
 		ShmSize: -1,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err.Error(), checker.Contains, "SHM size can not be less than 0")
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, "")
+	assert.ErrorContains(c, err, "SHM size can not be less than 0")
 }
 
-func (s *DockerSuite) TestPostContainersCreateShmSizeHostConfigOmitted(c *check.C) {
+func (s *DockerSuite) TestPostContainersCreateShmSizeHostConfigOmitted(c *testing.T) {
 	// ShmSize is not supported on Windows
 	testRequires(c, DaemonIsLinux)
 	var defaultSHMSize int64 = 67108864
@@ -1509,17 +1447,17 @@ func (s *DockerSuite) TestPostContainersCreateShmSizeHostConfigOmitted(c *check.
 		Cmd:   []string{"mount"},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, check.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, "")
+	assert.NilError(c, err)
 
 	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, defaultSHMSize)
+	assert.Equal(c, containerJSON.HostConfig.ShmSize, defaultSHMSize)
 
 	out, _ := dockerCmd(c, "start", "-i", containerJSON.ID)
 	shmRegexp := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=65536k`)
@@ -1528,7 +1466,7 @@ func (s *DockerSuite) TestPostContainersCreateShmSizeHostConfigOmitted(c *check.
 	}
 }
 
-func (s *DockerSuite) TestPostContainersCreateShmSizeOmitted(c *check.C) {
+func (s *DockerSuite) TestPostContainersCreateShmSizeOmitted(c *testing.T) {
 	// ShmSize is not supported on Windows
 	testRequires(c, DaemonIsLinux)
 	config := containertypes.Config{
@@ -1536,17 +1474,17 @@ func (s *DockerSuite) TestPostContainersCreateShmSizeOmitted(c *check.C) {
 		Cmd:   []string{"mount"},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, check.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, "")
+	assert.NilError(c, err)
 
 	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, int64(67108864))
+	assert.Equal(c, containerJSON.HostConfig.ShmSize, int64(67108864))
 
 	out, _ := dockerCmd(c, "start", "-i", containerJSON.ID)
 	shmRegexp := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=65536k`)
@@ -1555,7 +1493,7 @@ func (s *DockerSuite) TestPostContainersCreateShmSizeOmitted(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestPostContainersCreateWithShmSize(c *check.C) {
+func (s *DockerSuite) TestPostContainersCreateWithShmSize(c *testing.T) {
 	// ShmSize is not supported on Windows
 	testRequires(c, DaemonIsLinux)
 	config := containertypes.Config{
@@ -1567,17 +1505,17 @@ func (s *DockerSuite) TestPostContainersCreateWithShmSize(c *check.C) {
 		ShmSize: 1073741824,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, check.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, "")
+	assert.NilError(c, err)
 
 	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, int64(1073741824))
+	assert.Equal(c, containerJSON.HostConfig.ShmSize, int64(1073741824))
 
 	out, _ := dockerCmd(c, "start", "-i", containerJSON.ID)
 	shmRegex := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=1048576k`)
@@ -1586,32 +1524,32 @@ func (s *DockerSuite) TestPostContainersCreateWithShmSize(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestPostContainersCreateMemorySwappinessHostConfigOmitted(c *check.C) {
+func (s *DockerSuite) TestPostContainersCreateMemorySwappinessHostConfigOmitted(c *testing.T) {
 	// Swappiness is not supported on Windows
 	testRequires(c, DaemonIsLinux)
 	config := containertypes.Config{
 		Image: "busybox",
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, check.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, "")
+	assert.NilError(c, err)
 
 	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.31") {
-		c.Assert(*containerJSON.HostConfig.MemorySwappiness, check.Equals, int64(-1))
+		assert.Equal(c, *containerJSON.HostConfig.MemorySwappiness, int64(-1))
 	} else {
-		c.Assert(containerJSON.HostConfig.MemorySwappiness, check.IsNil)
+		assert.Assert(c, containerJSON.HostConfig.MemorySwappiness == nil)
 	}
 }
 
 // check validation is done daemon side and not only in cli
-func (s *DockerSuite) TestPostContainersCreateWithOomScoreAdjInvalidRange(c *check.C) {
+func (s *DockerSuite) TestPostContainersCreateWithOomScoreAdjInvalidRange(c *testing.T) {
 	// OomScoreAdj is not supported on Windows
 	testRequires(c, DaemonIsLinux)
 
@@ -1623,38 +1561,38 @@ func (s *DockerSuite) TestPostContainersCreateWithOomScoreAdjInvalidRange(c *che
 		OomScoreAdj: 1001,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	name := "oomscoreadj-over"
-	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, name)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, name)
 
 	expected := "Invalid value 1001, range for oom score adj is [-1000, 1000]"
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, expected)
 
 	hostConfig = containertypes.HostConfig{
 		OomScoreAdj: -1001,
 	}
 
 	name = "oomscoreadj-low"
-	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, name)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, name)
 
 	expected = "Invalid value -1001, range for oom score adj is [-1000, 1000]"
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, expected)
 }
 
 // test case for #22210 where an empty container name caused panic.
-func (s *DockerSuite) TestContainerAPIDeleteWithEmptyName(c *check.C) {
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+func (s *DockerSuite) TestContainerAPIDeleteWithEmptyName(c *testing.T) {
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	err = cli.ContainerRemove(context.Background(), "", types.ContainerRemoveOptions{})
-	c.Assert(err.Error(), checker.Contains, "No such container")
+	assert.ErrorContains(c, err, "No such container")
 }
 
-func (s *DockerSuite) TestContainerAPIStatsWithNetworkDisabled(c *check.C) {
+func (s *DockerSuite) TestContainerAPIStatsWithNetworkDisabled(c *testing.T) {
 	// Problematic on Windows as Windows does not support stats
 	testRequires(c, DaemonIsLinux)
 
@@ -1666,17 +1604,17 @@ func (s *DockerSuite) TestContainerAPIStatsWithNetworkDisabled(c *check.C) {
 		NetworkDisabled: true,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, name)
-	c.Assert(err, checker.IsNil)
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, nil, name)
+	assert.NilError(c, err)
 
 	err = cli.ContainerStart(context.Background(), name, types.ContainerStartOptions{})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(waitRun(name), check.IsNil)
+	assert.Assert(c, waitRun(name) == nil)
 
 	type b struct {
 		stats types.ContainerStats
@@ -1698,12 +1636,12 @@ func (s *DockerSuite) TestContainerAPIStatsWithNetworkDisabled(c *check.C) {
 	case <-time.After(2 * time.Second):
 		c.Fatal("stream was not closed after container was removed")
 	case sr := <-bc:
-		c.Assert(sr.err, checker.IsNil)
+		assert.Assert(c, sr.err == nil)
 		sr.stats.Body.Close()
 	}
 }
 
-func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
+func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *testing.T) {
 	type testCase struct {
 		config     containertypes.Config
 		hostConfig containertypes.HostConfig
@@ -1797,9 +1735,9 @@ func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
 		},
 	}
 
-	if SameHostDaemon() {
+	if testEnv.IsLocalDaemon() {
 		tmpDir, err := ioutils.TempDir("", "test-mounts-api")
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		defer os.RemoveAll(tmpDir)
 		cases = append(cases, []testCase{
 			{
@@ -1828,6 +1766,32 @@ func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
 		}...)
 	}
 
+	if DaemonIsWindows() {
+		cases = append(cases, []testCase{
+			{
+				config: containertypes.Config{
+					Image: "busybox",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{
+						{
+							Type:   "volume",
+							Source: "not-supported-on-windows",
+							Target: destPath,
+							VolumeOptions: &mounttypes.VolumeOptions{
+								DriverConfig: &mounttypes.Driver{
+									Name:    "local",
+									Options: map[string]string{"type": "tmpfs"},
+								},
+							},
+						},
+					},
+				},
+				msg: `options are not supported on this platform`,
+			},
+		}...)
+	}
+
 	if DaemonIsLinux() {
 		cases = append(cases, []testCase{
 			{
@@ -1835,14 +1799,83 @@ func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
 					Image: "busybox",
 				},
 				hostConfig: containertypes.HostConfig{
-					Mounts: []mounttypes.Mount{{
-						Type:   "volume",
-						Source: "hello3",
-						Target: destPath,
-						VolumeOptions: &mounttypes.VolumeOptions{
-							DriverConfig: &mounttypes.Driver{
-								Name:    "local",
-								Options: map[string]string{"o": "size=1"}}}}}},
+					Mounts: []mounttypes.Mount{
+						{
+							Type:   "volume",
+							Source: "missing-device-opt",
+							Target: destPath,
+							VolumeOptions: &mounttypes.VolumeOptions{
+								DriverConfig: &mounttypes.Driver{
+									Name:    "local",
+									Options: map[string]string{"foobar": "foobaz"},
+								},
+							},
+						},
+					},
+				},
+				msg: `invalid option: "foobar"`,
+			},
+			{
+				config: containertypes.Config{
+					Image: "busybox",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{
+						{
+							Type:   "volume",
+							Source: "missing-device-opt",
+							Target: destPath,
+							VolumeOptions: &mounttypes.VolumeOptions{
+								DriverConfig: &mounttypes.Driver{
+									Name:    "local",
+									Options: map[string]string{"type": "tmpfs"},
+								},
+							},
+						},
+					},
+				},
+				msg: `missing required option: "device"`,
+			},
+			{
+				config: containertypes.Config{
+					Image: "busybox",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{
+						{
+							Type:   "volume",
+							Source: "missing-type-opt",
+							Target: destPath,
+							VolumeOptions: &mounttypes.VolumeOptions{
+								DriverConfig: &mounttypes.Driver{
+									Name:    "local",
+									Options: map[string]string{"device": "tmpfs"},
+								},
+							},
+						},
+					},
+				},
+				msg: `missing required option: "type"`,
+			},
+			{
+				config: containertypes.Config{
+					Image: "busybox",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{
+						{
+							Type:   "volume",
+							Source: "hello4",
+							Target: destPath,
+							VolumeOptions: &mounttypes.VolumeOptions{
+								DriverConfig: &mounttypes.Driver{
+									Name:    "local",
+									Options: map[string]string{"o": "size=1", "type": "tmpfs", "device": "tmpfs"},
+								},
+							},
+						},
+					},
+				},
 				msg: "",
 			},
 			{
@@ -1869,7 +1902,6 @@ func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
 						}}}},
 				msg: "",
 			},
-
 			{
 				config: containertypes.Config{
 					Image: "busybox",
@@ -1884,31 +1916,34 @@ func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
 		}...)
 
 	}
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
-	defer cli.Close()
+	apiClient, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
+	defer apiClient.Close()
 
+	// TODO add checks for statuscode returned by API
 	for i, x := range cases {
-		c.Logf("case %d", i)
-		_, err = cli.ContainerCreate(context.Background(), &x.config, &x.hostConfig, &networktypes.NetworkingConfig{}, "")
-		if len(x.msg) > 0 {
-			c.Assert(err.Error(), checker.Contains, x.msg, check.Commentf("%v", cases[i].config))
-		} else {
-			c.Assert(err, checker.IsNil)
-		}
+		x := x
+		c.Run(fmt.Sprintf("case %d", i), func(c *testing.T) {
+			_, err = apiClient.ContainerCreate(context.Background(), &x.config, &x.hostConfig, &networktypes.NetworkingConfig{}, nil, "")
+			if len(x.msg) > 0 {
+				assert.ErrorContains(c, err, x.msg, "%v", cases[i].config)
+			} else {
+				assert.NilError(c, err)
+			}
+		})
 	}
 }
 
-func (s *DockerSuite) TestContainerAPICreateMountsBindRead(c *check.C) {
-	testRequires(c, NotUserNamespace, SameHostDaemon)
+func (s *DockerSuite) TestContainerAPICreateMountsBindRead(c *testing.T) {
+	testRequires(c, NotUserNamespace, testEnv.IsLocalDaemon)
 	// also with data in the host side
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 	destPath := prefix + slash + "foo"
-	tmpDir, err := ioutil.TempDir("", "test-mounts-api-bind")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "test-mounts-api-bind")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpDir)
-	err = ioutil.WriteFile(filepath.Join(tmpDir, "bar"), []byte("hello"), 666)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(tmpDir, "bar"), []byte("hello"), 0666)
+	assert.NilError(c, err)
 	config := containertypes.Config{
 		Image: "busybox",
 		Cmd:   []string{"/bin/sh", "-c", "cat /foo/bar"},
@@ -1918,19 +1953,19 @@ func (s *DockerSuite) TestContainerAPICreateMountsBindRead(c *check.C) {
 			{Type: "bind", Source: tmpDir, Target: destPath},
 		},
 	}
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
-	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "test")
-	c.Assert(err, checker.IsNil)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, "test")
+	assert.NilError(c, err)
 
 	out, _ := dockerCmd(c, "start", "-a", "test")
-	c.Assert(out, checker.Equals, "hello")
+	assert.Equal(c, out, "hello")
 }
 
 // Test Mounts comes out as expected for the MountPoint
-func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *check.C) {
+func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *testing.T) {
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 	destPath := prefix + slash + "foo"
 
@@ -1988,10 +2023,10 @@ func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *check.C) {
 		},
 	}
 
-	if SameHostDaemon() {
+	if testEnv.IsLocalDaemon() {
 		// setup temp dir for testing binds
-		tmpDir1, err := ioutil.TempDir("", "test-mounts-api-1")
-		c.Assert(err, checker.IsNil)
+		tmpDir1, err := os.MkdirTemp("", "test-mounts-api-1")
+		assert.NilError(c, err)
 		defer os.RemoveAll(tmpDir1)
 		cases = append(cases, []testCase{
 			{
@@ -2016,11 +2051,10 @@ func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *check.C) {
 		// for modes only supported on Linux
 		if DaemonIsLinux() {
 			tmpDir3, err := ioutils.TempDir("", "test-mounts-api-3")
-			c.Assert(err, checker.IsNil)
+			assert.NilError(c, err)
 			defer os.RemoveAll(tmpDir3)
 
-			c.Assert(mount.Mount(tmpDir3, tmpDir3, "none", "bind,rw"), checker.IsNil)
-			c.Assert(mount.ForceMount("", tmpDir3, "none", "shared"), checker.IsNil)
+			assert.Assert(c, mountWrapper(tmpDir3, tmpDir3, "none", "bind,shared") == nil)
 
 			cases = append(cases, []testCase{
 				{
@@ -2060,74 +2094,69 @@ func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *check.C) {
 		}...)
 	}
 
-	type wrapper struct {
-		containertypes.Config
-		HostConfig containertypes.HostConfig
-	}
-	type createResp struct {
-		ID string `json:"Id"`
-	}
-
 	ctx := context.Background()
 	apiclient := testEnv.APIClient()
 	for i, x := range cases {
-		c.Logf("case %d - config: %v", i, x.spec)
-		container, err := apiclient.ContainerCreate(
-			ctx,
-			&containertypes.Config{Image: testImg},
-			&containertypes.HostConfig{Mounts: []mounttypes.Mount{x.spec}},
-			&networktypes.NetworkingConfig{},
-			"")
-		assert.NilError(c, err)
+		x := x
+		c.Run(fmt.Sprintf("%d config: %v", i, x.spec), func(c *testing.T) {
+			container, err := apiclient.ContainerCreate(
+				ctx,
+				&containertypes.Config{Image: testImg},
+				&containertypes.HostConfig{Mounts: []mounttypes.Mount{x.spec}},
+				&networktypes.NetworkingConfig{},
+				nil,
+				"")
+			assert.NilError(c, err)
 
-		containerInspect, err := apiclient.ContainerInspect(ctx, container.ID)
-		assert.NilError(c, err)
-		mps := containerInspect.Mounts
-		assert.Assert(c, is.Len(mps, 1))
-		mountPoint := mps[0]
+			containerInspect, err := apiclient.ContainerInspect(ctx, container.ID)
+			assert.NilError(c, err)
+			mps := containerInspect.Mounts
+			assert.Assert(c, is.Len(mps, 1))
+			mountPoint := mps[0]
 
-		if x.expected.Source != "" {
-			assert.Check(c, is.Equal(x.expected.Source, mountPoint.Source))
-		}
-		if x.expected.Name != "" {
-			assert.Check(c, is.Equal(x.expected.Name, mountPoint.Name))
-		}
-		if x.expected.Driver != "" {
-			assert.Check(c, is.Equal(x.expected.Driver, mountPoint.Driver))
-		}
-		if x.expected.Propagation != "" {
-			assert.Check(c, is.Equal(x.expected.Propagation, mountPoint.Propagation))
-		}
-		assert.Check(c, is.Equal(x.expected.RW, mountPoint.RW))
-		assert.Check(c, is.Equal(x.expected.Type, mountPoint.Type))
-		assert.Check(c, is.Equal(x.expected.Mode, mountPoint.Mode))
-		assert.Check(c, is.Equal(x.expected.Destination, mountPoint.Destination))
+			if x.expected.Source != "" {
+				assert.Check(c, is.Equal(x.expected.Source, mountPoint.Source))
+			}
+			if x.expected.Name != "" {
+				assert.Check(c, is.Equal(x.expected.Name, mountPoint.Name))
+			}
+			if x.expected.Driver != "" {
+				assert.Check(c, is.Equal(x.expected.Driver, mountPoint.Driver))
+			}
+			if x.expected.Propagation != "" {
+				assert.Check(c, is.Equal(x.expected.Propagation, mountPoint.Propagation))
+			}
+			assert.Check(c, is.Equal(x.expected.RW, mountPoint.RW))
+			assert.Check(c, is.Equal(x.expected.Type, mountPoint.Type))
+			assert.Check(c, is.Equal(x.expected.Mode, mountPoint.Mode))
+			assert.Check(c, is.Equal(x.expected.Destination, mountPoint.Destination))
 
-		err = apiclient.ContainerStart(ctx, container.ID, types.ContainerStartOptions{})
-		assert.NilError(c, err)
-		poll.WaitOn(c, containerExit(apiclient, container.ID), poll.WithDelay(time.Second))
+			err = apiclient.ContainerStart(ctx, container.ID, types.ContainerStartOptions{})
+			assert.NilError(c, err)
+			poll.WaitOn(c, containerExit(apiclient, container.ID), poll.WithDelay(time.Second))
 
-		err = apiclient.ContainerRemove(ctx, container.ID, types.ContainerRemoveOptions{
-			RemoveVolumes: true,
-			Force:         true,
-		})
-		assert.NilError(c, err)
+			err = apiclient.ContainerRemove(ctx, container.ID, types.ContainerRemoveOptions{
+				RemoveVolumes: true,
+				Force:         true,
+			})
+			assert.NilError(c, err)
 
-		switch {
+			switch {
 
-		// Named volumes still exist after the container is removed
-		case x.spec.Type == "volume" && len(x.spec.Source) > 0:
-			_, err := apiclient.VolumeInspect(ctx, mountPoint.Name)
-			assert.NilError(c, err)
+			// Named volumes still exist after the container is removed
+			case x.spec.Type == "volume" && len(x.spec.Source) > 0:
+				_, err := apiclient.VolumeInspect(ctx, mountPoint.Name)
+				assert.NilError(c, err)
 
-		// Bind mounts are never removed with the container
-		case x.spec.Type == "bind":
+			// Bind mounts are never removed with the container
+			case x.spec.Type == "bind":
 
-		// anonymous volumes are removed
-		default:
-			_, err := apiclient.VolumeInspect(ctx, mountPoint.Name)
-			assert.Check(c, client.IsErrNotFound(err))
-		}
+			// anonymous volumes are removed
+			default:
+				_, err := apiclient.VolumeInspect(ctx, mountPoint.Name)
+				assert.Check(c, client.IsErrNotFound(err))
+			}
+		})
 	}
 }
 
@@ -2145,7 +2174,7 @@ func containerExit(apiclient client.APIClient, name string) func(poll.LogT) poll
 	}
 }
 
-func (s *DockerSuite) TestContainersAPICreateMountsTmpfs(c *check.C) {
+func (s *DockerSuite) TestContainersAPICreateMountsTmpfs(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	type testCase struct {
 		cfg             mounttypes.Mount
@@ -2169,8 +2198,8 @@ func (s *DockerSuite) TestContainersAPICreateMountsTmpfs(c *check.C) {
 		},
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	config := containertypes.Config{
@@ -2183,11 +2212,11 @@ func (s *DockerSuite) TestContainersAPICreateMountsTmpfs(c *check.C) {
 			Mounts: []mounttypes.Mount{x.cfg},
 		}
 
-		_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, cName)
-		c.Assert(err, checker.IsNil)
+		_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, nil, cName)
+		assert.NilError(c, err)
 		out, _ := dockerCmd(c, "start", "-a", cName)
 		for _, option := range x.expectedOptions {
-			c.Assert(out, checker.Contains, option)
+			assert.Assert(c, strings.Contains(out, option))
 		}
 	}
 }
@@ -2195,15 +2224,15 @@ func (s *DockerSuite) TestContainersAPICreateMountsTmpfs(c *check.C) {
 // Regression test for #33334
 // Makes sure that when a container which has a custom stop signal + restart=always
 // gets killed (with SIGKILL) by the kill API, that the restart policy is cancelled.
-func (s *DockerSuite) TestContainerKillCustomStopSignal(c *check.C) {
+func (s *DockerSuite) TestContainerKillCustomStopSignal(c *testing.T) {
 	id := strings.TrimSpace(runSleepingContainer(c, "--stop-signal=SIGTERM", "--restart=always"))
 	res, _, err := request.Post("/containers/" + id + "/kill")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer res.Body.Close()
 
-	b, err := ioutil.ReadAll(res.Body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent, check.Commentf(string(b)))
+	b, err := io.ReadAll(res.Body)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNoContent, string(b))
 	err = waitInspect(id, "{{.State.Running}} {{.State.Restarting}}", "false false", 30*time.Second)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
diff --git a/integration-cli/docker_api_containers_unix_test.go b/integration-cli/docker_api_containers_unix_test.go
new file mode 100644
index 0000000000000..be0eb1eb4bf5c
--- /dev/null
+++ b/integration-cli/docker_api_containers_unix_test.go
@@ -0,0 +1,10 @@
+//go:build !windows
+// +build !windows
+
+package main
+
+import "github.com/moby/sys/mount"
+
+func mountWrapper(device, target, mType, options string) error {
+	return mount.Mount(device, target, mType, options)
+}
diff --git a/integration-cli/docker_api_containers_windows_test.go b/integration-cli/docker_api_containers_windows_test.go
index c569574de5350..cfb1596c130c9 100644
--- a/integration-cli/docker_api_containers_windows_test.go
+++ b/integration-cli/docker_api_containers_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package main
@@ -5,21 +6,23 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"math/rand"
 	"strings"
+	"testing"
 
 	winio "github.com/Microsoft/go-winio"
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
-	"github.com/go-check/check"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func (s *DockerSuite) TestContainersAPICreateMountsBindNamedPipe(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsWindowsAtLeastBuild(16299)) // Named pipe support was added in RS3
+func (s *DockerSuite) TestContainersAPICreateMountsBindNamedPipe(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsWindowsAtLeastBuild(osversion.RS3)) // Named pipe support was added in RS3
 
 	// Create a host pipe to map into the container
 	hostPipeName := fmt.Sprintf(`\\.\pipe\docker-cli-test-pipe-%x`, rand.Uint64())
@@ -38,7 +41,7 @@ func (s *DockerSuite) TestContainersAPICreateMountsBindNamedPipe(c *check.C) {
 	go func() {
 		conn, err := l.Accept()
 		if err == nil {
-			b, err = ioutil.ReadAll(conn)
+			b, err = io.ReadAll(conn)
 			conn.Close()
 		}
 		ch <- err
@@ -64,7 +67,7 @@ func (s *DockerSuite) TestContainersAPICreateMountsBindNamedPipe(c *check.C) {
 				},
 			},
 		},
-		nil, name)
+		nil, nil, name)
 	assert.NilError(c, err)
 
 	err = client.ContainerStart(ctx, name, types.ContainerStartOptions{})
@@ -74,3 +77,8 @@ func (s *DockerSuite) TestContainersAPICreateMountsBindNamedPipe(c *check.C) {
 	assert.NilError(c, err)
 	assert.Check(c, is.Equal(text, strings.TrimSpace(string(b))))
 }
+
+func mountWrapper(device, target, mType, options string) error {
+	// This should never be called.
+	return errors.Errorf("there is no implementation of Mount on this platform")
+}
diff --git a/integration-cli/docker_api_exec_resize_test.go b/integration-cli/docker_api_exec_resize_test.go
index 2db3d3e3170f1..beff0adff9191 100644
--- a/integration-cli/docker_api_exec_resize_test.go
+++ b/integration-cli/docker_api_exec_resize_test.go
@@ -8,30 +8,31 @@ import (
 	"net/http"
 	"strings"
 	"sync"
+	"testing"
 
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestExecResizeAPIHeightWidthNoInt(c *check.C) {
+func (s *DockerSuite) TestExecResizeAPIHeightWidthNoInt(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	cleanedContainerID := strings.TrimSpace(out)
 
 	endpoint := "/exec/" + cleanedContainerID + "/resize?h=foo&w=bar"
 	res, _, err := request.Post(endpoint)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+		assert.Equal(c, res.StatusCode, http.StatusInternalServerError)
 	} else {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	}
 }
 
 // Part of #14845
-func (s *DockerSuite) TestExecResizeImmediatelyAfterExecStart(c *check.C) {
+func (s *DockerSuite) TestExecResizeImmediatelyAfterExecStart(c *testing.T) {
 	name := "exec_resize_test"
 	dockerCmd(c, "run", "-d", "-i", "-t", "--name", name, "--restart", "always", "busybox", "/bin/sh")
 
@@ -46,38 +47,38 @@ func (s *DockerSuite) TestExecResizeImmediatelyAfterExecStart(c *check.C) {
 			return err
 		}
 		if res.StatusCode != http.StatusCreated {
-			return fmt.Errorf("POST %s is expected to return %d, got %d", uri, http.StatusCreated, res.StatusCode)
+			return errors.Errorf("POST %s is expected to return %d, got %d", uri, http.StatusCreated, res.StatusCode)
 		}
 
 		buf, err := request.ReadBody(body)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		out := map[string]string{}
 		err = json.Unmarshal(buf, &out)
 		if err != nil {
-			return fmt.Errorf("ExecCreate returned invalid json. Error: %q", err.Error())
+			return errors.Wrap(err, "ExecCreate returned invalid json")
 		}
 
 		execID := out["Id"]
 		if len(execID) < 1 {
-			return fmt.Errorf("ExecCreate got invalid execID")
+			return errors.New("ExecCreate got invalid execID")
 		}
 
 		payload := bytes.NewBufferString(`{"Tty":true}`)
-		conn, _, err := sockRequestHijack("POST", fmt.Sprintf("/exec/%s/start", execID), payload, "application/json", daemonHost())
+		wc, _, err := requestHijack(http.MethodPost, fmt.Sprintf("/exec/%s/start", execID), payload, "application/json", request.DaemonHost())
 		if err != nil {
-			return fmt.Errorf("Failed to start the exec: %q", err.Error())
+			return errors.Wrap(err, "failed to start the exec")
 		}
-		defer conn.Close()
+		defer wc.Close()
 
 		_, rc, err := request.Post(fmt.Sprintf("/exec/%s/resize?h=24&w=80", execID), request.ContentType("text/plain"))
 		if err != nil {
 			// It's probably a panic of the daemon if io.ErrUnexpectedEOF is returned.
 			if err == io.ErrUnexpectedEOF {
-				return fmt.Errorf("The daemon might have crashed.")
+				return errors.New("the daemon might have crashed")
 			}
 			// Other error happened, should be reported.
-			return fmt.Errorf("Fail to exec resize immediately after start. Error: %q", err.Error())
+			return errors.Wrap(err, "failed to exec resize immediately after start")
 		}
 
 		rc.Close()
diff --git a/integration-cli/docker_api_exec_test.go b/integration-cli/docker_api_exec_test.go
index 118f9971a7026..3bf5d003f8d17 100644
--- a/integration-cli/docker_api_exec_test.go
+++ b/integration-cli/docker_api_exec_test.go
@@ -1,5 +1,3 @@
-// +build !test_no_exec
-
 package main
 
 import (
@@ -7,40 +5,40 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
 )
 
 // Regression test for #9414
-func (s *DockerSuite) TestExecAPICreateNoCmd(c *check.C) {
+func (s *DockerSuite) TestExecAPICreateNoCmd(c *testing.T) {
 	name := "exec_test"
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
 
 	res, body, err := request.Post(fmt.Sprintf("/containers/%s/exec", name), request.JSONBody(map[string]interface{}{"Cmd": nil}))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+		assert.Equal(c, res.StatusCode, http.StatusInternalServerError)
 	} else {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	}
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-
-	comment := check.Commentf("Expected message when creating exec command with no Cmd specified")
-	c.Assert(getErrorMessage(c, b), checker.Contains, "No exec command specified", comment)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(getErrorMessage(c, b), "No exec command specified"), "Expected message when creating exec command with no Cmd specified")
 }
 
-func (s *DockerSuite) TestExecAPICreateNoValidContentType(c *check.C) {
+func (s *DockerSuite) TestExecAPICreateNoValidContentType(c *testing.T) {
 	name := "exec_test"
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
 
@@ -49,21 +47,19 @@ func (s *DockerSuite) TestExecAPICreateNoValidContentType(c *check.C) {
 		c.Fatalf("Can not encode data to json %s", err)
 	}
 
-	res, body, err := request.Post(fmt.Sprintf("/containers/%s/exec", name), request.RawContent(ioutil.NopCloser(jsonData)), request.ContentType("test/plain"))
-	c.Assert(err, checker.IsNil)
+	res, body, err := request.Post(fmt.Sprintf("/containers/%s/exec", name), request.RawContent(io.NopCloser(jsonData)), request.ContentType("test/plain"))
+	assert.NilError(c, err)
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+		assert.Equal(c, res.StatusCode, http.StatusInternalServerError)
 	} else {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	}
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-
-	comment := check.Commentf("Expected message when creating exec command with invalid Content-Type specified")
-	c.Assert(getErrorMessage(c, b), checker.Contains, "Content-Type specified", comment)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(getErrorMessage(c, b), "Content-Type specified"), "Expected message when creating exec command with invalid Content-Type specified")
 }
 
-func (s *DockerSuite) TestExecAPICreateContainerPaused(c *check.C) {
+func (s *DockerSuite) TestExecAPICreateContainerPaused(c *testing.T) {
 	// Not relevant on Windows as Windows containers cannot be paused
 	testRequires(c, DaemonIsLinux)
 	name := "exec_create_test"
@@ -71,20 +67,18 @@ func (s *DockerSuite) TestExecAPICreateContainerPaused(c *check.C) {
 
 	dockerCmd(c, "pause", name)
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	config := types.ExecConfig{
 		Cmd: []string{"true"},
 	}
 	_, err = cli.ContainerExecCreate(context.Background(), name, config)
-
-	comment := check.Commentf("Expected message when creating exec command with Container %s is paused", name)
-	c.Assert(err.Error(), checker.Contains, "Container "+name+" is paused, unpause the container before exec", comment)
+	assert.ErrorContains(c, err, "Container "+name+" is paused, unpause the container before exec", "Expected message when creating exec command with Container %s is paused", name)
 }
 
-func (s *DockerSuite) TestExecAPIStart(c *check.C) {
+func (s *DockerSuite) TestExecAPIStart(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Uses pause/unpause but bits may be salvageable to Windows to Windows CI
 	dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
 
@@ -93,7 +87,7 @@ func (s *DockerSuite) TestExecAPIStart(c *check.C) {
 
 	var execJSON struct{ PID int }
 	inspectExec(c, id, &execJSON)
-	c.Assert(execJSON.PID, checker.GreaterThan, 1)
+	assert.Assert(c, execJSON.PID > 1)
 
 	id = createExec(c, "test")
 	dockerCmd(c, "stop", "test")
@@ -111,32 +105,32 @@ func (s *DockerSuite) TestExecAPIStart(c *check.C) {
 	startExec(c, id, http.StatusOK)
 }
 
-func (s *DockerSuite) TestExecAPIStartEnsureHeaders(c *check.C) {
+func (s *DockerSuite) TestExecAPIStartEnsureHeaders(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
 
 	id := createExec(c, "test")
 	resp, _, err := request.Post(fmt.Sprintf("/exec/%s/start", id), request.RawString(`{"Detach": true}`), request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(resp.Header.Get("Server"), checker.Not(checker.Equals), "")
+	assert.NilError(c, err)
+	assert.Assert(c, resp.Header.Get("Server") != "")
 }
 
-func (s *DockerSuite) TestExecAPIStartBackwardsCompatible(c *check.C) {
+func (s *DockerSuite) TestExecAPIStartBackwardsCompatible(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
 	runSleepingContainer(c, "-d", "--name", "test")
 	id := createExec(c, "test")
 
 	resp, body, err := request.Post(fmt.Sprintf("/v1.20/exec/%s/start", id), request.RawString(`{"Detach": true}`), request.ContentType("text/plain"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	b, err := request.ReadBody(body)
-	comment := check.Commentf("response body: %s", b)
-	c.Assert(err, checker.IsNil, comment)
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK, comment)
+	comment := fmt.Sprintf("response body: %s", b)
+	assert.NilError(c, err, comment)
+	assert.Equal(c, resp.StatusCode, http.StatusOK, comment)
 }
 
 // #19362
-func (s *DockerSuite) TestExecAPIStartMultipleTimesError(c *check.C) {
+func (s *DockerSuite) TestExecAPIStartMultipleTimesError(c *testing.T) {
 	runSleepingContainer(c, "-d", "--name", "test")
 	execID := createExec(c, "test")
 	startExec(c, execID, http.StatusOK)
@@ -146,7 +140,7 @@ func (s *DockerSuite) TestExecAPIStartMultipleTimesError(c *check.C) {
 }
 
 // #20638
-func (s *DockerSuite) TestExecAPIStartWithDetach(c *check.C) {
+func (s *DockerSuite) TestExecAPIStartWithDetach(c *testing.T) {
 	name := "foo"
 	runSleepingContainer(c, "-d", "-t", "--name", name)
 
@@ -155,29 +149,29 @@ func (s *DockerSuite) TestExecAPIStartWithDetach(c *check.C) {
 		AttachStderr: true,
 	}
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	createResp, err := cli.ContainerExecCreate(context.Background(), name, config)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, body, err := request.Post(fmt.Sprintf("/exec/%s/start", createResp.ID), request.RawString(`{"Detach": true}`), request.JSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	b, err := request.ReadBody(body)
-	comment := check.Commentf("response body: %s", b)
-	c.Assert(err, checker.IsNil, comment)
+	comment := fmt.Sprintf("response body: %s", b)
+	assert.NilError(c, err, comment)
 
 	resp, _, err := request.Get("/_ping")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if resp.StatusCode != http.StatusOK {
 		c.Fatal("daemon is down, it should alive")
 	}
 }
 
 // #30311
-func (s *DockerSuite) TestExecAPIStartValidCommand(c *check.C) {
+func (s *DockerSuite) TestExecAPIStartValidCommand(c *testing.T) {
 	name := "exec_test"
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
 
@@ -189,11 +183,11 @@ func (s *DockerSuite) TestExecAPIStartValidCommand(c *check.C) {
 	var inspectJSON struct{ ExecIDs []string }
 	inspectContainer(c, name, &inspectJSON)
 
-	c.Assert(inspectJSON.ExecIDs, checker.IsNil)
+	assert.Assert(c, inspectJSON.ExecIDs == nil)
 }
 
 // #30311
-func (s *DockerSuite) TestExecAPIStartInvalidCommand(c *check.C) {
+func (s *DockerSuite) TestExecAPIStartInvalidCommand(c *testing.T) {
 	name := "exec_test"
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
 
@@ -208,11 +202,11 @@ func (s *DockerSuite) TestExecAPIStartInvalidCommand(c *check.C) {
 	var inspectJSON struct{ ExecIDs []string }
 	inspectContainer(c, name, &inspectJSON)
 
-	c.Assert(inspectJSON.ExecIDs, checker.IsNil)
+	assert.Assert(c, inspectJSON.ExecIDs == nil)
 }
 
-func (s *DockerSuite) TestExecStateCleanup(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestExecStateCleanup(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 
 	// This test checks accidental regressions. Not part of stable API.
 
@@ -222,71 +216,70 @@ func (s *DockerSuite) TestExecStateCleanup(c *check.C) {
 
 	stateDir := "/var/run/docker/containerd/" + cid
 
-	checkReadDir := func(c *check.C) (interface{}, check.CommentInterface) {
-		fi, err := ioutil.ReadDir(stateDir)
-		c.Assert(err, checker.IsNil)
-		return len(fi), nil
+	checkReadDir := func(c *testing.T) (interface{}, string) {
+		fi, err := os.ReadDir(stateDir)
+		assert.NilError(c, err)
+		return len(fi), ""
 	}
 
-	fi, err := ioutil.ReadDir(stateDir)
-	c.Assert(err, checker.IsNil)
-	c.Assert(len(fi), checker.GreaterThan, 1)
+	fi, err := os.ReadDir(stateDir)
+	assert.NilError(c, err)
+	assert.Assert(c, len(fi) > 1)
 
 	id := createExecCmd(c, name, "ls")
 	startExec(c, id, http.StatusOK)
 	waitForExec(c, id)
 
-	waitAndAssert(c, 5*time.Second, checkReadDir, checker.Equals, len(fi))
+	poll.WaitOn(c, pollCheck(c, checkReadDir, checker.Equals(len(fi))), poll.WithTimeout(5*time.Second))
 
 	id = createExecCmd(c, name, "invalid")
 	startExec(c, id, http.StatusBadRequest)
 	waitForExec(c, id)
 
-	waitAndAssert(c, 5*time.Second, checkReadDir, checker.Equals, len(fi))
+	poll.WaitOn(c, pollCheck(c, checkReadDir, checker.Equals(len(fi))), poll.WithTimeout(5*time.Second))
 
 	dockerCmd(c, "stop", name)
 	_, err = os.Stat(stateDir)
-	c.Assert(err, checker.NotNil)
-	c.Assert(os.IsNotExist(err), checker.True)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, os.IsNotExist(err))
 }
 
-func createExec(c *check.C, name string) string {
+func createExec(c *testing.T, name string) string {
 	return createExecCmd(c, name, "true")
 }
 
-func createExecCmd(c *check.C, name string, cmd string) string {
+func createExecCmd(c *testing.T, name string, cmd string) string {
 	_, reader, err := request.Post(fmt.Sprintf("/containers/%s/exec", name), request.JSONBody(map[string]interface{}{"Cmd": []string{cmd}}))
-	c.Assert(err, checker.IsNil)
-	b, err := ioutil.ReadAll(reader)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
+	b, err := io.ReadAll(reader)
+	assert.NilError(c, err)
 	defer reader.Close()
 	createResp := struct {
 		ID string `json:"Id"`
 	}{}
-	c.Assert(json.Unmarshal(b, &createResp), checker.IsNil, check.Commentf(string(b)))
+	assert.NilError(c, json.Unmarshal(b, &createResp), string(b))
 	return createResp.ID
 }
 
-func startExec(c *check.C, id string, code int) {
+func startExec(c *testing.T, id string, code int) {
 	resp, body, err := request.Post(fmt.Sprintf("/exec/%s/start", id), request.RawString(`{"Detach": true}`), request.JSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	b, err := request.ReadBody(body)
-	comment := check.Commentf("response body: %s", b)
-	c.Assert(err, checker.IsNil, comment)
-	c.Assert(resp.StatusCode, checker.Equals, code, comment)
+	assert.NilError(c, err, "response body: %s", b)
+	assert.Equal(c, resp.StatusCode, code, "response body: %s", b)
 }
 
-func inspectExec(c *check.C, id string, out interface{}) {
+func inspectExec(c *testing.T, id string, out interface{}) {
 	resp, body, err := request.Get(fmt.Sprintf("/exec/%s/json", id))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer body.Close()
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	assert.Equal(c, resp.StatusCode, http.StatusOK)
 	err = json.NewDecoder(body).Decode(out)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
-func waitForExec(c *check.C, id string) {
+func waitForExec(c *testing.T, id string) {
 	timeout := time.After(60 * time.Second)
 	var execJSON struct{ Running bool }
 	for {
@@ -303,11 +296,11 @@ func waitForExec(c *check.C, id string) {
 	}
 }
 
-func inspectContainer(c *check.C, id string, out interface{}) {
-	resp, body, err := request.Get(fmt.Sprintf("/containers/%s/json", id))
-	c.Assert(err, checker.IsNil)
+func inspectContainer(c *testing.T, id string, out interface{}) {
+	resp, body, err := request.Get("/containers/" + id + "/json")
+	assert.NilError(c, err)
 	defer body.Close()
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	assert.Equal(c, resp.StatusCode, http.StatusOK)
 	err = json.NewDecoder(body).Decode(out)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
diff --git a/integration-cli/docker_api_images_test.go b/integration-cli/docker_api_images_test.go
index f306cca6173dd..fd1732f756987 100644
--- a/integration-cli/docker_api_images_test.go
+++ b/integration-cli/docker_api_images_test.go
@@ -7,21 +7,22 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
+	"testing"
 
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestAPIImagesFilter(c *check.C) {
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+func (s *DockerSuite) TestAPIImagesFilter(c *testing.T) {
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	name := "utest:tag1"
@@ -38,32 +39,34 @@ func (s *DockerSuite) TestAPIImagesFilter(c *check.C) {
 			Filters: filters,
 		}
 		images, err := cli.ImageList(context.Background(), options)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		return images
 	}
 
-	//incorrect number of matches returned
+	// incorrect number of matches returned
 	images := getImages("utest*/*")
-	c.Assert(images[0].RepoTags, checker.HasLen, 2)
+	assert.Equal(c, len(images[0].RepoTags), 2)
 
 	images = getImages("utest")
-	c.Assert(images[0].RepoTags, checker.HasLen, 1)
+	assert.Equal(c, len(images[0].RepoTags), 1)
 
 	images = getImages("utest*")
-	c.Assert(images[0].RepoTags, checker.HasLen, 1)
+	assert.Equal(c, len(images[0].RepoTags), 1)
 
 	images = getImages("*5000*/*")
-	c.Assert(images[0].RepoTags, checker.HasLen, 1)
+	assert.Equal(c, len(images[0].RepoTags), 1)
 }
 
-func (s *DockerSuite) TestAPIImagesSaveAndLoad(c *check.C) {
+func (s *DockerSuite) TestAPIImagesSaveAndLoad(c *testing.T) {
 	if runtime.GOOS == "windows" {
+		// Note we parse kernel.GetKernelVersion rather than osversion.Build()
+		// as test binaries aren't manifested, so would otherwise report build 9200.
 		v, err := kernel.GetKernelVersion()
-		c.Assert(err, checker.IsNil)
-		build, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
-		if build == 16299 {
-			c.Skip("Temporarily disabled on RS3 builds")
+		assert.NilError(c, err)
+		buildNumber, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
+		if buildNumber <= osversion.RS3 {
+			c.Skip("Temporarily disabled on RS3 and older because they are too slow. See #39909")
 		}
 	}
 
@@ -72,24 +75,24 @@ func (s *DockerSuite) TestAPIImagesSaveAndLoad(c *check.C) {
 	id := getIDByName(c, "saveandload")
 
 	res, body, err := request.Get("/images/" + id + "/get")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer body.Close()
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	dockerCmd(c, "rmi", id)
 
 	res, loadBody, err := request.Post("/images/load", request.RawContent(body), request.ContentType("application/x-tar"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer loadBody.Close()
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	inspectOut := cli.InspectCmd(c, id, cli.Format(".Id")).Combined()
-	c.Assert(strings.TrimSpace(string(inspectOut)), checker.Equals, id, check.Commentf("load did not work properly"))
+	assert.Equal(c, strings.TrimSpace(inspectOut), id, "load did not work properly")
 }
 
-func (s *DockerSuite) TestAPIImagesDelete(c *check.C) {
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+func (s *DockerSuite) TestAPIImagesDelete(c *testing.T) {
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	if testEnv.OSType != "windows" {
@@ -102,18 +105,18 @@ func (s *DockerSuite) TestAPIImagesDelete(c *check.C) {
 	dockerCmd(c, "tag", name, "test:tag1")
 
 	_, err = cli.ImageRemove(context.Background(), id, types.ImageRemoveOptions{})
-	c.Assert(err.Error(), checker.Contains, "unable to delete")
+	assert.ErrorContains(c, err, "unable to delete")
 
 	_, err = cli.ImageRemove(context.Background(), "test:noexist", types.ImageRemoveOptions{})
-	c.Assert(err.Error(), checker.Contains, "No such image")
+	assert.ErrorContains(c, err, "No such image")
 
 	_, err = cli.ImageRemove(context.Background(), "test:tag1", types.ImageRemoveOptions{})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestAPIImagesHistory(c *check.C) {
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+func (s *DockerSuite) TestAPIImagesHistory(c *testing.T) {
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	if testEnv.OSType != "windows" {
@@ -124,9 +127,9 @@ func (s *DockerSuite) TestAPIImagesHistory(c *check.C) {
 	id := getIDByName(c, name)
 
 	historydata, err := cli.ImageHistory(context.Background(), id)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(historydata, checker.Not(checker.HasLen), 0)
+	assert.Assert(c, len(historydata) != 0)
 	var found bool
 	for _, tag := range historydata[0].Tags {
 		if tag == "test-api-images-history:latest" {
@@ -134,20 +137,22 @@ func (s *DockerSuite) TestAPIImagesHistory(c *check.C) {
 			break
 		}
 	}
-	c.Assert(found, checker.True)
+	assert.Assert(c, found)
 }
 
-func (s *DockerSuite) TestAPIImagesImportBadSrc(c *check.C) {
+func (s *DockerSuite) TestAPIImagesImportBadSrc(c *testing.T) {
 	if runtime.GOOS == "windows" {
+		// Note we parse kernel.GetKernelVersion rather than osversion.Build()
+		// as test binaries aren't manifested, so would otherwise report build 9200.
 		v, err := kernel.GetKernelVersion()
-		c.Assert(err, checker.IsNil)
-		build, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
-		if build == 16299 {
+		assert.NilError(c, err)
+		buildNumber, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
+		if buildNumber == osversion.RS3 {
 			c.Skip("Temporarily disabled on RS3 builds")
 		}
 	}
 
-	testRequires(c, Network, SameHostDaemon)
+	testRequires(c, Network, testEnv.IsLocalDaemon)
 
 	server := httptest.NewServer(http.NewServeMux())
 	defer server.Close()
@@ -164,45 +169,45 @@ func (s *DockerSuite) TestAPIImagesImportBadSrc(c *check.C) {
 
 	for _, te := range tt {
 		res, _, err := request.Post(strings.Join([]string{"/images/create?fromSrc=", te.fromSrc}, ""), request.JSON)
-		c.Assert(err, check.IsNil)
-		c.Assert(res.StatusCode, checker.Equals, te.statusExp)
-		c.Assert(res.Header.Get("Content-Type"), checker.Equals, "application/json")
+		assert.NilError(c, err)
+		assert.Equal(c, res.StatusCode, te.statusExp)
+		assert.Equal(c, res.Header.Get("Content-Type"), "application/json")
 	}
 
 }
 
 // #14846
-func (s *DockerSuite) TestAPIImagesSearchJSONContentType(c *check.C) {
+func (s *DockerSuite) TestAPIImagesSearchJSONContentType(c *testing.T) {
 	testRequires(c, Network)
 
 	res, b, err := request.Get("/images/search?term=test", request.JSON)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	b.Close()
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
-	c.Assert(res.Header.Get("Content-Type"), checker.Equals, "application/json")
+	assert.Equal(c, res.StatusCode, http.StatusOK)
+	assert.Equal(c, res.Header.Get("Content-Type"), "application/json")
 }
 
 // Test case for 30027: image size reported as -1 in v1.12 client against v1.13 daemon.
 // This test checks to make sure both v1.12 and v1.13 client against v1.13 daemon get correct `Size` after the fix.
-func (s *DockerSuite) TestAPIImagesSizeCompatibility(c *check.C) {
+func (s *DockerSuite) TestAPIImagesSizeCompatibility(c *testing.T) {
 	apiclient := testEnv.APIClient()
 	defer apiclient.Close()
 
 	images, err := apiclient.ImageList(context.Background(), types.ImageListOptions{})
-	c.Assert(err, checker.IsNil)
-	c.Assert(len(images), checker.Not(checker.Equals), 0)
+	assert.NilError(c, err)
+	assert.Assert(c, len(images) != 0)
 	for _, image := range images {
-		c.Assert(image.Size, checker.Not(checker.Equals), int64(-1))
+		assert.Assert(c, image.Size != int64(-1))
 	}
 
 	apiclient, err = client.NewClientWithOpts(client.FromEnv, client.WithVersion("v1.24"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer apiclient.Close()
 
 	v124Images, err := apiclient.ImageList(context.Background(), types.ImageListOptions{})
-	c.Assert(err, checker.IsNil)
-	c.Assert(len(v124Images), checker.Not(checker.Equals), 0)
+	assert.NilError(c, err)
+	assert.Assert(c, len(v124Images) != 0)
 	for _, image := range v124Images {
-		c.Assert(image.Size, checker.Not(checker.Equals), int64(-1))
+		assert.Assert(c, image.Size != int64(-1))
 	}
 }
diff --git a/integration-cli/docker_api_inspect_test.go b/integration-cli/docker_api_inspect_test.go
index 68055b6c145fa..2334bcf60ecf4 100644
--- a/integration-cli/docker_api_inspect_test.go
+++ b/integration-cli/docker_api_inspect_test.go
@@ -4,17 +4,16 @@ import (
 	"context"
 	"encoding/json"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions/v1p20"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func (s *DockerSuite) TestInspectAPIContainerResponse(c *check.C) {
+func (s *DockerSuite) TestInspectAPIContainerResponse(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
 
 	cleanedContainerID := strings.TrimSpace(out)
@@ -45,20 +44,20 @@ func (s *DockerSuite) TestInspectAPIContainerResponse(c *check.C) {
 
 		var inspectJSON map[string]interface{}
 		err := json.Unmarshal(body, &inspectJSON)
-		c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for version %s", cs.version))
+		assert.NilError(c, err, "Unable to unmarshal body for version %s", cs.version)
 
 		for _, key := range cs.keys {
 			_, ok := inspectJSON[key]
-			c.Check(ok, checker.True, check.Commentf("%s does not exist in response for version %s", key, cs.version))
+			assert.Check(c, ok, "%s does not exist in response for version %s", key, cs.version)
 		}
 
 		//Issue #6830: type not properly converted to JSON/back
 		_, ok := inspectJSON["Path"].(bool)
-		c.Assert(ok, checker.False, check.Commentf("Path of `true` should not be converted to boolean `true` via JSON marshalling"))
+		assert.Assert(c, !ok, "Path of `true` should not be converted to boolean `true` via JSON marshalling")
 	}
 }
 
-func (s *DockerSuite) TestInspectAPIContainerVolumeDriverLegacy(c *check.C) {
+func (s *DockerSuite) TestInspectAPIContainerVolumeDriverLegacy(c *testing.T) {
 	// No legacy implications for Windows
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
@@ -71,17 +70,17 @@ func (s *DockerSuite) TestInspectAPIContainerVolumeDriverLegacy(c *check.C) {
 
 		var inspectJSON map[string]interface{}
 		err := json.Unmarshal(body, &inspectJSON)
-		c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for version %s", version))
+		assert.NilError(c, err, "Unable to unmarshal body for version %s", version)
 
 		config, ok := inspectJSON["Config"]
-		c.Assert(ok, checker.True, check.Commentf("Unable to find 'Config'"))
+		assert.Assert(c, ok, "Unable to find 'Config'")
 		cfg := config.(map[string]interface{})
 		_, ok = cfg["VolumeDriver"]
-		c.Assert(ok, checker.True, check.Commentf("API version %s expected to include VolumeDriver in 'Config'", version))
+		assert.Assert(c, ok, "API version %s expected to include VolumeDriver in 'Config'", version)
 	}
 }
 
-func (s *DockerSuite) TestInspectAPIContainerVolumeDriver(c *check.C) {
+func (s *DockerSuite) TestInspectAPIContainerVolumeDriver(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "--volume-driver", "local", "busybox", "true")
 
 	cleanedContainerID := strings.TrimSpace(out)
@@ -90,37 +89,37 @@ func (s *DockerSuite) TestInspectAPIContainerVolumeDriver(c *check.C) {
 
 	var inspectJSON map[string]interface{}
 	err := json.Unmarshal(body, &inspectJSON)
-	c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for version 1.25"))
+	assert.NilError(c, err, "Unable to unmarshal body for version 1.25")
 
 	config, ok := inspectJSON["Config"]
-	c.Assert(ok, checker.True, check.Commentf("Unable to find 'Config'"))
+	assert.Assert(c, ok, "Unable to find 'Config'")
 	cfg := config.(map[string]interface{})
 	_, ok = cfg["VolumeDriver"]
-	c.Assert(ok, checker.False, check.Commentf("API version 1.25 expected to not include VolumeDriver in 'Config'"))
+	assert.Assert(c, !ok, "API version 1.25 expected to not include VolumeDriver in 'Config'")
 
 	config, ok = inspectJSON["HostConfig"]
-	c.Assert(ok, checker.True, check.Commentf("Unable to find 'HostConfig'"))
+	assert.Assert(c, ok, "Unable to find 'HostConfig'")
 	cfg = config.(map[string]interface{})
 	_, ok = cfg["VolumeDriver"]
-	c.Assert(ok, checker.True, check.Commentf("API version 1.25 expected to include VolumeDriver in 'HostConfig'"))
+	assert.Assert(c, ok, "API version 1.25 expected to include VolumeDriver in 'HostConfig'")
 }
 
-func (s *DockerSuite) TestInspectAPIImageResponse(c *check.C) {
+func (s *DockerSuite) TestInspectAPIImageResponse(c *testing.T) {
 	dockerCmd(c, "tag", "busybox:latest", "busybox:mytag")
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	imageJSON, _, err := cli.ImageInspectWithRaw(context.Background(), "busybox")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(imageJSON.RepoTags, checker.HasLen, 2)
+	assert.Check(c, len(imageJSON.RepoTags) == 2)
 	assert.Check(c, is.Contains(imageJSON.RepoTags, "busybox:latest"))
 	assert.Check(c, is.Contains(imageJSON.RepoTags, "busybox:mytag"))
 }
 
 // #17131, #17139, #17173
-func (s *DockerSuite) TestInspectAPIEmptyFieldsInConfigPre121(c *check.C) {
+func (s *DockerSuite) TestInspectAPIEmptyFieldsInConfigPre121(c *testing.T) {
 	// Not relevant on Windows
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
@@ -133,18 +132,18 @@ func (s *DockerSuite) TestInspectAPIEmptyFieldsInConfigPre121(c *check.C) {
 
 		var inspectJSON map[string]interface{}
 		err := json.Unmarshal(body, &inspectJSON)
-		c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for version %s", version))
+		assert.NilError(c, err, "Unable to unmarshal body for version %s", version)
 		config, ok := inspectJSON["Config"]
-		c.Assert(ok, checker.True, check.Commentf("Unable to find 'Config'"))
+		assert.Assert(c, ok, "Unable to find 'Config'")
 		cfg := config.(map[string]interface{})
 		for _, f := range []string{"MacAddress", "NetworkDisabled", "ExposedPorts"} {
 			_, ok := cfg[f]
-			c.Check(ok, checker.True, check.Commentf("API version %s expected to include %s in 'Config'", version, f))
+			assert.Check(c, ok, "API version %s expected to include %s in 'Config'", version, f)
 		}
 	}
 }
 
-func (s *DockerSuite) TestInspectAPIBridgeNetworkSettings120(c *check.C) {
+func (s *DockerSuite) TestInspectAPIBridgeNetworkSettings120(c *testing.T) {
 	// Not relevant on Windows, and besides it doesn't have any bridge network settings
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
@@ -155,13 +154,13 @@ func (s *DockerSuite) TestInspectAPIBridgeNetworkSettings120(c *check.C) {
 
 	var inspectJSON v1p20.ContainerJSON
 	err := json.Unmarshal(body, &inspectJSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	settings := inspectJSON.NetworkSettings
-	c.Assert(settings.IPAddress, checker.Not(checker.HasLen), 0)
+	assert.Assert(c, len(settings.IPAddress) != 0)
 }
 
-func (s *DockerSuite) TestInspectAPIBridgeNetworkSettings121(c *check.C) {
+func (s *DockerSuite) TestInspectAPIBridgeNetworkSettings121(c *testing.T) {
 	// Windows doesn't have any bridge network settings
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
@@ -172,10 +171,10 @@ func (s *DockerSuite) TestInspectAPIBridgeNetworkSettings121(c *check.C) {
 
 	var inspectJSON types.ContainerJSON
 	err := json.Unmarshal(body, &inspectJSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	settings := inspectJSON.NetworkSettings
-	c.Assert(settings.IPAddress, checker.Not(checker.HasLen), 0)
-	c.Assert(settings.Networks["bridge"], checker.Not(checker.IsNil))
-	c.Assert(settings.IPAddress, checker.Equals, settings.Networks["bridge"].IPAddress)
+	assert.Assert(c, len(settings.IPAddress) != 0)
+	assert.Assert(c, settings.Networks["bridge"] != nil)
+	assert.Equal(c, settings.IPAddress, settings.Networks["bridge"].IPAddress)
 }
diff --git a/integration-cli/docker_api_logs_test.go b/integration-cli/docker_api_logs_test.go
index e809b46c2f983..e4a845e70fffc 100644
--- a/integration-cli/docker_api_logs_test.go
+++ b/integration-cli/docker_api_logs_test.go
@@ -6,34 +6,33 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestLogsAPIWithStdout(c *check.C) {
+func (s *DockerSuite) TestLogsAPIWithStdout(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "-t", "busybox", "/bin/sh", "-c", "while true; do echo hello; sleep 1; done")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	type logOut struct {
 		out string
 		err error
 	}
 
-	chLog := make(chan logOut)
+	chLog := make(chan logOut, 1)
 	res, body, err := request.Get(fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&timestamps=1", id))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 
 	go func() {
 		defer body.Close()
@@ -47,7 +46,7 @@ func (s *DockerSuite) TestLogsAPIWithStdout(c *check.C) {
 
 	select {
 	case l := <-chLog:
-		c.Assert(l.err, checker.IsNil)
+		assert.NilError(c, l.err)
 		if !strings.HasSuffix(l.out, "hello") {
 			c.Fatalf("expected log output to container 'hello', but it does not")
 		}
@@ -56,27 +55,26 @@ func (s *DockerSuite) TestLogsAPIWithStdout(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestLogsAPINoStdoutNorStderr(c *check.C) {
+func (s *DockerSuite) TestLogsAPINoStdoutNorStderr(c *testing.T) {
 	name := "logs_test"
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	_, err = cli.ContainerLogs(context.Background(), name, types.ContainerLogsOptions{})
-	expected := "Bad parameters: you must choose at least one stream"
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, "Bad parameters: you must choose at least one stream")
 }
 
 // Regression test for #12704
-func (s *DockerSuite) TestLogsAPIFollowEmptyOutput(c *check.C) {
+func (s *DockerSuite) TestLogsAPIFollowEmptyOutput(c *testing.T) {
 	name := "logs_test"
 	t0 := time.Now()
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "sleep", "10")
 
 	_, body, err := request.Get(fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&stderr=1&tail=all", name))
 	t1 := time.Now()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	body.Close()
 	elapsed := t1.Sub(t0).Seconds()
 	if elapsed > 20.0 {
@@ -84,32 +82,32 @@ func (s *DockerSuite) TestLogsAPIFollowEmptyOutput(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestLogsAPIContainerNotFound(c *check.C) {
+func (s *DockerSuite) TestLogsAPIContainerNotFound(c *testing.T) {
 	name := "nonExistentContainer"
 	resp, _, err := request.Get(fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&stderr=1&tail=all", name))
-	c.Assert(err, checker.IsNil)
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusNotFound)
+	assert.NilError(c, err)
+	assert.Equal(c, resp.StatusCode, http.StatusNotFound)
 }
 
-func (s *DockerSuite) TestLogsAPIUntilFutureFollow(c *check.C) {
+func (s *DockerSuite) TestLogsAPIUntilFutureFollow(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "logsuntilfuturefollow"
 	dockerCmd(c, "run", "-d", "--name", name, "busybox", "/bin/sh", "-c", "while true; do date +%s; sleep 1; done")
-	c.Assert(waitRun(name), checker.IsNil)
+	assert.NilError(c, waitRun(name))
 
 	untilSecs := 5
 	untilDur, err := time.ParseDuration(fmt.Sprintf("%ds", untilSecs))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	until := daemonTime(c).Add(untilDur)
 
-	client, err := client.NewEnvClient()
+	client, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {
 		c.Fatal(err)
 	}
 
 	cfg := types.ContainerLogsOptions{Until: until.Format(time.RFC3339Nano), Follow: true, ShowStdout: true, Timestamps: true}
 	reader, err := client.ContainerLogs(context.Background(), name, cfg)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	type logOut struct {
 		out string
@@ -117,6 +115,8 @@ func (s *DockerSuite) TestLogsAPIUntilFutureFollow(c *check.C) {
 	}
 
 	chLog := make(chan logOut)
+	stop := make(chan struct{})
+	defer close(stop)
 
 	go func() {
 		bufReader := bufio.NewReader(reader)
@@ -127,55 +127,64 @@ func (s *DockerSuite) TestLogsAPIUntilFutureFollow(c *check.C) {
 				if err == io.EOF {
 					return
 				}
-				chLog <- logOut{"", err}
+				select {
+				case <-stop:
+					return
+				case chLog <- logOut{"", err}:
+				}
+
 				return
 			}
 
-			chLog <- logOut{strings.TrimSpace(string(out)), err}
+			select {
+			case <-stop:
+				return
+			case chLog <- logOut{strings.TrimSpace(string(out)), err}:
+			}
 		}
 	}()
 
 	for i := 0; i < untilSecs; i++ {
 		select {
 		case l := <-chLog:
-			c.Assert(l.err, checker.IsNil)
+			assert.NilError(c, l.err)
 			i, err := strconv.ParseInt(strings.Split(l.out, " ")[1], 10, 64)
-			c.Assert(err, checker.IsNil)
-			c.Assert(time.Unix(i, 0).UnixNano(), checker.LessOrEqualThan, until.UnixNano())
+			assert.NilError(c, err)
+			assert.Assert(c, time.Unix(i, 0).UnixNano() <= until.UnixNano())
 		case <-time.After(20 * time.Second):
 			c.Fatal("timeout waiting for logs to exit")
 		}
 	}
 }
 
-func (s *DockerSuite) TestLogsAPIUntil(c *check.C) {
+func (s *DockerSuite) TestLogsAPIUntil(c *testing.T) {
 	testRequires(c, MinimumAPIVersion("1.34"))
 	name := "logsuntil"
 	dockerCmd(c, "run", "--name", name, "busybox", "/bin/sh", "-c", "for i in $(seq 1 3); do echo log$i; sleep 1; done")
 
-	client, err := client.NewEnvClient()
+	client, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {
 		c.Fatal(err)
 	}
 
-	extractBody := func(c *check.C, cfg types.ContainerLogsOptions) []string {
+	extractBody := func(c *testing.T, cfg types.ContainerLogsOptions) []string {
 		reader, err := client.ContainerLogs(context.Background(), name, cfg)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		actualStdout := new(bytes.Buffer)
-		actualStderr := ioutil.Discard
+		actualStderr := io.Discard
 		_, err = stdcopy.StdCopy(actualStdout, actualStderr, reader)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		return strings.Split(actualStdout.String(), "\n")
 	}
 
 	// Get timestamp of second log line
 	allLogs := extractBody(c, types.ContainerLogsOptions{Timestamps: true, ShowStdout: true})
-	c.Assert(len(allLogs), checker.GreaterOrEqualThan, 3)
+	assert.Assert(c, len(allLogs) >= 3)
 
 	t, err := time.Parse(time.RFC3339Nano, strings.Split(allLogs[1], " ")[0])
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	until := t.Format(time.RFC3339Nano)
 
 	// Get logs until the timestamp of second line, i.e. first two lines
@@ -183,26 +192,26 @@ func (s *DockerSuite) TestLogsAPIUntil(c *check.C) {
 
 	// Ensure log lines after cut-off are excluded
 	logsString := strings.Join(logs, "\n")
-	c.Assert(logsString, checker.Not(checker.Contains), "log3", check.Commentf("unexpected log message returned, until=%v", until))
+	assert.Assert(c, !strings.Contains(logsString, "log3"), "unexpected log message returned, until=%v", until)
 }
 
-func (s *DockerSuite) TestLogsAPIUntilDefaultValue(c *check.C) {
+func (s *DockerSuite) TestLogsAPIUntilDefaultValue(c *testing.T) {
 	name := "logsuntildefaultval"
 	dockerCmd(c, "run", "--name", name, "busybox", "/bin/sh", "-c", "for i in $(seq 1 3); do echo log$i; done")
 
-	client, err := client.NewEnvClient()
+	client, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {
 		c.Fatal(err)
 	}
 
-	extractBody := func(c *check.C, cfg types.ContainerLogsOptions) []string {
+	extractBody := func(c *testing.T, cfg types.ContainerLogsOptions) []string {
 		reader, err := client.ContainerLogs(context.Background(), name, cfg)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		actualStdout := new(bytes.Buffer)
-		actualStderr := ioutil.Discard
+		actualStderr := io.Discard
 		_, err = stdcopy.StdCopy(actualStdout, actualStderr, reader)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		return strings.Split(actualStdout.String(), "\n")
 	}
@@ -212,5 +221,5 @@ func (s *DockerSuite) TestLogsAPIUntilDefaultValue(c *check.C) {
 
 	// Test with default value specified and parameter omitted
 	defaultLogs := extractBody(c, types.ContainerLogsOptions{Timestamps: true, ShowStdout: true, Until: "0"})
-	c.Assert(defaultLogs, checker.DeepEquals, allLogs)
+	assert.DeepEqual(c, defaultLogs, allLogs)
 }
diff --git a/integration-cli/docker_api_network_test.go b/integration-cli/docker_api_network_test.go
index 9ec2ba90e870f..716901b8ade94 100644
--- a/integration-cli/docker_api_network_test.go
+++ b/integration-cli/docker_api_network_test.go
@@ -7,26 +7,26 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestAPINetworkGetDefaults(c *check.C) {
+func (s *DockerSuite) TestAPINetworkGetDefaults(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// By default docker daemon creates 3 networks. check if they are present
 	defaults := []string{"bridge", "host", "none"}
 	for _, nn := range defaults {
-		c.Assert(isNetworkAvailable(c, nn), checker.Equals, true)
+		assert.Assert(c, isNetworkAvailable(c, nn))
 	}
 }
 
-func (s *DockerSuite) TestAPINetworkCreateCheckDuplicate(c *check.C) {
+func (s *DockerSuite) TestAPINetworkCreateCheckDuplicate(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testcheckduplicate"
 	configOnCheck := types.NetworkCreateRequest{
@@ -44,7 +44,7 @@ func (s *DockerSuite) TestAPINetworkCreateCheckDuplicate(c *check.C) {
 
 	// Creating a new network first
 	createNetwork(c, configOnCheck, http.StatusCreated)
-	c.Assert(isNetworkAvailable(c, name), checker.Equals, true)
+	assert.Assert(c, isNetworkAvailable(c, name))
 
 	// Creating another network with same name and CheckDuplicate must fail
 	isOlderAPI := versions.LessThan(testEnv.DaemonAPIVersion(), "1.34")
@@ -64,17 +64,17 @@ func (s *DockerSuite) TestAPINetworkCreateCheckDuplicate(c *check.C) {
 	createNetwork(c, configNotCheck, http.StatusCreated)
 }
 
-func (s *DockerSuite) TestAPINetworkFilter(c *check.C) {
+func (s *DockerSuite) TestAPINetworkFilter(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	nr := getNetworkResource(c, getNetworkIDByName(c, "bridge"))
-	c.Assert(nr.Name, checker.Equals, "bridge")
+	assert.Equal(c, nr.Name, "bridge")
 }
 
-func (s *DockerSuite) TestAPINetworkInspectBridge(c *check.C) {
+func (s *DockerSuite) TestAPINetworkInspectBridge(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// Inspect default bridge network
 	nr := getNetworkResource(c, "bridge")
-	c.Assert(nr.Name, checker.Equals, "bridge")
+	assert.Equal(c, nr.Name, "bridge")
 
 	// run a container and attach it to the default bridge network
 	out, _ := dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
@@ -83,19 +83,20 @@ func (s *DockerSuite) TestAPINetworkInspectBridge(c *check.C) {
 
 	// inspect default bridge network again and make sure the container is connected
 	nr = getNetworkResource(c, nr.ID)
-	c.Assert(nr.Driver, checker.Equals, "bridge")
-	c.Assert(nr.Scope, checker.Equals, "local")
-	c.Assert(nr.Internal, checker.Equals, false)
-	c.Assert(nr.EnableIPv6, checker.Equals, false)
-	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
-	c.Assert(nr.Containers[containerID], checker.NotNil)
+	assert.Equal(c, nr.Driver, "bridge")
+	assert.Equal(c, nr.Scope, "local")
+	assert.Equal(c, nr.Internal, false)
+	assert.Equal(c, nr.EnableIPv6, false)
+	assert.Equal(c, nr.IPAM.Driver, "default")
+	_, ok := nr.Containers[containerID]
+	assert.Assert(c, ok)
 
 	ip, _, err := net.ParseCIDR(nr.Containers[containerID].IPv4Address)
-	c.Assert(err, checker.IsNil)
-	c.Assert(ip.String(), checker.Equals, containerIP)
+	assert.NilError(c, err)
+	assert.Equal(c, ip.String(), containerIP)
 }
 
-func (s *DockerSuite) TestAPINetworkInspectUserDefinedNetwork(c *check.C) {
+func (s *DockerSuite) TestAPINetworkInspectUserDefinedNetwork(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// IPAM configuration inspect
 	ipam := &network.IPAM{
@@ -111,22 +112,22 @@ func (s *DockerSuite) TestAPINetworkInspectUserDefinedNetwork(c *check.C) {
 		},
 	}
 	id0 := createNetwork(c, config, http.StatusCreated)
-	c.Assert(isNetworkAvailable(c, "br0"), checker.Equals, true)
+	assert.Assert(c, isNetworkAvailable(c, "br0"))
 
 	nr := getNetworkResource(c, id0)
-	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
-	c.Assert(nr.IPAM.Config[0].Subnet, checker.Equals, "172.28.0.0/16")
-	c.Assert(nr.IPAM.Config[0].IPRange, checker.Equals, "172.28.5.0/24")
-	c.Assert(nr.IPAM.Config[0].Gateway, checker.Equals, "172.28.5.254")
-	c.Assert(nr.Options["foo"], checker.Equals, "bar")
-	c.Assert(nr.Options["opts"], checker.Equals, "dopts")
+	assert.Equal(c, len(nr.IPAM.Config), 1)
+	assert.Equal(c, nr.IPAM.Config[0].Subnet, "172.28.0.0/16")
+	assert.Equal(c, nr.IPAM.Config[0].IPRange, "172.28.5.0/24")
+	assert.Equal(c, nr.IPAM.Config[0].Gateway, "172.28.5.254")
+	assert.Equal(c, nr.Options["foo"], "bar")
+	assert.Equal(c, nr.Options["opts"], "dopts")
 
 	// delete the network and make sure it is deleted
 	deleteNetwork(c, id0, true)
-	c.Assert(isNetworkAvailable(c, "br0"), checker.Equals, false)
+	assert.Assert(c, !isNetworkAvailable(c, "br0"))
 }
 
-func (s *DockerSuite) TestAPINetworkConnectDisconnect(c *check.C) {
+func (s *DockerSuite) TestAPINetworkConnectDisconnect(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// Create test network
 	name := "testnetwork"
@@ -135,9 +136,9 @@ func (s *DockerSuite) TestAPINetworkConnectDisconnect(c *check.C) {
 	}
 	id := createNetwork(c, config, http.StatusCreated)
 	nr := getNetworkResource(c, id)
-	c.Assert(nr.Name, checker.Equals, name)
-	c.Assert(nr.ID, checker.Equals, id)
-	c.Assert(len(nr.Containers), checker.Equals, 0)
+	assert.Equal(c, nr.Name, name)
+	assert.Equal(c, nr.ID, id)
+	assert.Equal(c, len(nr.Containers), 0)
 
 	// run a container
 	out, _ := dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
@@ -148,26 +149,27 @@ func (s *DockerSuite) TestAPINetworkConnectDisconnect(c *check.C) {
 
 	// inspect the network to make sure container is connected
 	nr = getNetworkResource(c, nr.ID)
-	c.Assert(len(nr.Containers), checker.Equals, 1)
-	c.Assert(nr.Containers[containerID], checker.NotNil)
+	assert.Equal(c, len(nr.Containers), 1)
+	_, ok := nr.Containers[containerID]
+	assert.Assert(c, ok)
 
 	// check if container IP matches network inspect
 	ip, _, err := net.ParseCIDR(nr.Containers[containerID].IPv4Address)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	containerIP := findContainerIP(c, "test", "testnetwork")
-	c.Assert(ip.String(), checker.Equals, containerIP)
+	assert.Equal(c, ip.String(), containerIP)
 
 	// disconnect container from the network
 	disconnectNetwork(c, nr.ID, containerID)
 	nr = getNetworkResource(c, nr.ID)
-	c.Assert(nr.Name, checker.Equals, name)
-	c.Assert(len(nr.Containers), checker.Equals, 0)
+	assert.Equal(c, nr.Name, name)
+	assert.Equal(c, len(nr.Containers), 0)
 
 	// delete the network
 	deleteNetwork(c, nr.ID, true)
 }
 
-func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
+func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// test0 bridge network
 	ipam0 := &network.IPAM{
@@ -182,7 +184,7 @@ func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
 		},
 	}
 	id0 := createNetwork(c, config0, http.StatusCreated)
-	c.Assert(isNetworkAvailable(c, "test0"), checker.Equals, true)
+	assert.Assert(c, isNetworkAvailable(c, "test0"))
 
 	ipam1 := &network.IPAM{
 		Driver: "default",
@@ -201,7 +203,7 @@ func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
 	} else {
 		createNetwork(c, config1, http.StatusForbidden)
 	}
-	c.Assert(isNetworkAvailable(c, "test1"), checker.Equals, false)
+	assert.Assert(c, !isNetworkAvailable(c, "test1"))
 
 	ipam2 := &network.IPAM{
 		Driver: "default",
@@ -216,34 +218,34 @@ func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
 		},
 	}
 	createNetwork(c, config2, http.StatusCreated)
-	c.Assert(isNetworkAvailable(c, "test2"), checker.Equals, true)
+	assert.Assert(c, isNetworkAvailable(c, "test2"))
 
 	// remove test0 and retry to create test1
 	deleteNetwork(c, id0, true)
 	createNetwork(c, config1, http.StatusCreated)
-	c.Assert(isNetworkAvailable(c, "test1"), checker.Equals, true)
+	assert.Assert(c, isNetworkAvailable(c, "test1"))
 
 	// for networks w/o ipam specified, docker will choose proper non-overlapping subnets
 	createNetwork(c, types.NetworkCreateRequest{Name: "test3"}, http.StatusCreated)
-	c.Assert(isNetworkAvailable(c, "test3"), checker.Equals, true)
+	assert.Assert(c, isNetworkAvailable(c, "test3"))
 	createNetwork(c, types.NetworkCreateRequest{Name: "test4"}, http.StatusCreated)
-	c.Assert(isNetworkAvailable(c, "test4"), checker.Equals, true)
+	assert.Assert(c, isNetworkAvailable(c, "test4"))
 	createNetwork(c, types.NetworkCreateRequest{Name: "test5"}, http.StatusCreated)
-	c.Assert(isNetworkAvailable(c, "test5"), checker.Equals, true)
+	assert.Assert(c, isNetworkAvailable(c, "test5"))
 
 	for i := 1; i < 6; i++ {
 		deleteNetwork(c, fmt.Sprintf("test%d", i), true)
 	}
 }
 
-func (s *DockerSuite) TestAPICreateDeletePredefinedNetworks(c *check.C) {
+func (s *DockerSuite) TestAPICreateDeletePredefinedNetworks(c *testing.T) {
 	testRequires(c, DaemonIsLinux, SwarmInactive)
 	createDeletePredefinedNetwork(c, "bridge")
 	createDeletePredefinedNetwork(c, "none")
 	createDeletePredefinedNetwork(c, "host")
 }
 
-func createDeletePredefinedNetwork(c *check.C, name string) {
+func createDeletePredefinedNetwork(c *testing.T, name string) {
 	// Create pre-defined network
 	config := types.NetworkCreateRequest{
 		Name: name,
@@ -265,15 +267,15 @@ func createDeletePredefinedNetwork(c *check.C, name string) {
 	deleteNetwork(c, name, false)
 }
 
-func isNetworkAvailable(c *check.C, name string) bool {
+func isNetworkAvailable(c *testing.T, name string) bool {
 	resp, body, err := request.Get("/networks")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer resp.Body.Close()
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	assert.Equal(c, resp.StatusCode, http.StatusOK)
 
 	var nJSON []types.NetworkResource
 	err = json.NewDecoder(body).Decode(&nJSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	for _, n := range nJSON {
 		if n.Name == name {
@@ -283,23 +285,23 @@ func isNetworkAvailable(c *check.C, name string) bool {
 	return false
 }
 
-func getNetworkIDByName(c *check.C, name string) string {
+func getNetworkIDByName(c *testing.T, name string) string {
 	var (
 		v          = url.Values{}
 		filterArgs = filters.NewArgs()
 	)
 	filterArgs.Add("name", name)
 	filterJSON, err := filters.ToJSON(filterArgs)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	v.Set("filters", filterJSON)
 
 	resp, body, err := request.Get("/networks?" + v.Encode())
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
-	c.Assert(err, checker.IsNil)
+	assert.Equal(c, resp.StatusCode, http.StatusOK)
+	assert.NilError(c, err)
 
 	var nJSON []types.NetworkResource
 	err = json.NewDecoder(body).Decode(&nJSON)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	var res string
 	for _, n := range nJSON {
 		// Find exact match
@@ -307,70 +309,70 @@ func getNetworkIDByName(c *check.C, name string) string {
 			res = n.ID
 		}
 	}
-	c.Assert(res, checker.Not(checker.Equals), "")
+	assert.Assert(c, res != "")
 
 	return res
 }
 
-func getNetworkResource(c *check.C, id string) *types.NetworkResource {
+func getNetworkResource(c *testing.T, id string) *types.NetworkResource {
 	_, obj, err := request.Get("/networks/" + id)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	nr := types.NetworkResource{}
 	err = json.NewDecoder(obj).Decode(&nr)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	return &nr
 }
 
-func createNetwork(c *check.C, config types.NetworkCreateRequest, expectedStatusCode int) string {
+func createNetwork(c *testing.T, config types.NetworkCreateRequest, expectedStatusCode int) string {
 	resp, body, err := request.Post("/networks/create", request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer resp.Body.Close()
 
 	if expectedStatusCode >= 0 {
-		c.Assert(resp.StatusCode, checker.Equals, expectedStatusCode)
+		assert.Equal(c, resp.StatusCode, expectedStatusCode)
 	} else {
-		c.Assert(resp.StatusCode, checker.Not(checker.Equals), -expectedStatusCode)
+		assert.Assert(c, resp.StatusCode != -expectedStatusCode)
 	}
 
 	if expectedStatusCode == http.StatusCreated || expectedStatusCode < 0 {
 		var nr types.NetworkCreateResponse
 		err = json.NewDecoder(body).Decode(&nr)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		return nr.ID
 	}
 	return ""
 }
 
-func connectNetwork(c *check.C, nid, cid string) {
+func connectNetwork(c *testing.T, nid, cid string) {
 	config := types.NetworkConnect{
 		Container: cid,
 	}
 
 	resp, _, err := request.Post("/networks/"+nid+"/connect", request.JSONBody(config))
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
-	c.Assert(err, checker.IsNil)
+	assert.Equal(c, resp.StatusCode, http.StatusOK)
+	assert.NilError(c, err)
 }
 
-func disconnectNetwork(c *check.C, nid, cid string) {
+func disconnectNetwork(c *testing.T, nid, cid string) {
 	config := types.NetworkConnect{
 		Container: cid,
 	}
 
 	resp, _, err := request.Post("/networks/"+nid+"/disconnect", request.JSONBody(config))
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
-	c.Assert(err, checker.IsNil)
+	assert.Equal(c, resp.StatusCode, http.StatusOK)
+	assert.NilError(c, err)
 }
 
-func deleteNetwork(c *check.C, id string, shouldSucceed bool) {
+func deleteNetwork(c *testing.T, id string, shouldSucceed bool) {
 	resp, _, err := request.Delete("/networks/" + id)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer resp.Body.Close()
 	if !shouldSucceed {
-		c.Assert(resp.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+		assert.Assert(c, resp.StatusCode != http.StatusOK)
 		return
 	}
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusNoContent)
+	assert.Equal(c, resp.StatusCode, http.StatusNoContent)
 }
diff --git a/integration-cli/docker_api_stats_test.go b/integration-cli/docker_api_stats_test.go
index 3954e4b2e005f..bbb37bbd977b6 100644
--- a/integration-cli/docker_api_stats_test.go
+++ b/integration-cli/docker_api_stats_test.go
@@ -10,31 +10,34 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 var expectedNetworkInterfaceStats = strings.Split("rx_bytes rx_dropped rx_errors rx_packets tx_bytes tx_dropped tx_errors tx_packets", " ")
 
-func (s *DockerSuite) TestAPIStatsNoStreamGetCpu(c *check.C) {
+func (s *DockerSuite) TestAPIStatsNoStreamGetCpu(c *testing.T) {
+	skip.If(c, RuntimeIsWindowsContainerd(), "FIXME: Broken on Windows + containerd combination")
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true;usleep 100; do echo 'Hello'; done")
 
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 	resp, body, err := request.Get(fmt.Sprintf("/containers/%s/stats?stream=false", id))
-	c.Assert(err, checker.IsNil)
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
-	c.Assert(resp.Header.Get("Content-Type"), checker.Equals, "application/json")
+	assert.NilError(c, err)
+	assert.Equal(c, resp.StatusCode, http.StatusOK)
+	assert.Equal(c, resp.Header.Get("Content-Type"), "application/json")
+	assert.Equal(c, resp.Header.Get("Content-Type"), "application/json")
 
 	var v *types.Stats
 	err = json.NewDecoder(body).Decode(&v)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	body.Close()
 
 	var cpuPercent = 0.0
@@ -58,34 +61,34 @@ func (s *DockerSuite) TestAPIStatsNoStreamGetCpu(c *check.C) {
 		}
 	}
 
-	c.Assert(cpuPercent, check.Not(checker.Equals), 0.0, check.Commentf("docker stats with no-stream get cpu usage failed: was %v", cpuPercent))
+	assert.Assert(c, cpuPercent != 0.0, "docker stats with no-stream get cpu usage failed: was %v", cpuPercent)
 }
 
-func (s *DockerSuite) TestAPIStatsStoppedContainerInGoroutines(c *check.C) {
+func (s *DockerSuite) TestAPIStatsStoppedContainerInGoroutines(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "echo 1")
 	id := strings.TrimSpace(out)
 
 	getGoRoutines := func() int {
-		_, body, err := request.Get(fmt.Sprintf("/info"))
-		c.Assert(err, checker.IsNil)
+		_, body, err := request.Get("/info")
+		assert.NilError(c, err)
 		info := types.Info{}
 		err = json.NewDecoder(body).Decode(&info)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		body.Close()
 		return info.NGoroutines
 	}
 
 	// When the HTTP connection is closed, the number of goroutines should not increase.
 	routines := getGoRoutines()
-	_, body, err := request.Get(fmt.Sprintf("/containers/%s/stats", id))
-	c.Assert(err, checker.IsNil)
+	_, body, err := request.Get("/containers/" + id + "/stats")
+	assert.NilError(c, err)
 	body.Close()
 
 	t := time.After(30 * time.Second)
 	for {
 		select {
 		case <-t:
-			c.Assert(getGoRoutines(), checker.LessOrEqualThan, routines)
+			assert.Assert(c, getGoRoutines() <= routines)
 			return
 		default:
 			if n := getGoRoutines(); n <= routines {
@@ -96,12 +99,13 @@ func (s *DockerSuite) TestAPIStatsStoppedContainerInGoroutines(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestAPIStatsNetworkStats(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestAPIStatsNetworkStats(c *testing.T) {
+	skip.If(c, RuntimeIsWindowsContainerd(), "FIXME: Broken on Windows + containerd combination")
+	testRequires(c, testEnv.IsLocalDaemon)
 
 	out := runSleepingContainer(c)
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	// Retrieve the container address
 	net := "bridge"
@@ -141,7 +145,7 @@ func (s *DockerSuite) TestAPIStatsNetworkStats(c *check.C) {
 			err = err2
 		}
 	}
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	pingouts := string(pingout[:])
 	nwStatsPost := getNetworkStats(c, id)
 	for _, v := range nwStatsPost {
@@ -157,19 +161,17 @@ func (s *DockerSuite) TestAPIStatsNetworkStats(c *check.C) {
 		expRxPkts++
 		expTxPkts++
 	}
-	c.Assert(postTxPackets, checker.GreaterOrEqualThan, expTxPkts,
-		check.Commentf("Reported less TxPackets than expected. Expected >= %d. Found %d. %s", expTxPkts, postTxPackets, pingouts))
-	c.Assert(postRxPackets, checker.GreaterOrEqualThan, expRxPkts,
-		check.Commentf("Reported less RxPackets than expected. Expected >= %d. Found %d. %s", expRxPkts, postRxPackets, pingouts))
+	assert.Assert(c, postTxPackets >= expTxPkts, "Reported less TxPackets than expected. Expected >= %d. Found %d. %s", expTxPkts, postTxPackets, pingouts)
+	assert.Assert(c, postRxPackets >= expRxPkts, "Reported less RxPackets than expected. Expected >= %d. Found %d. %s", expRxPkts, postRxPackets, pingouts)
 }
 
-func (s *DockerSuite) TestAPIStatsNetworkStatsVersioning(c *check.C) {
+func (s *DockerSuite) TestAPIStatsNetworkStatsVersioning(c *testing.T) {
 	// Windows doesn't support API versions less than 1.25, so no point testing 1.17 .. 1.21
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	out := runSleepingContainer(c)
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 	wg := sync.WaitGroup{}
 
 	for i := 17; i <= 21; i++ {
@@ -179,25 +181,23 @@ func (s *DockerSuite) TestAPIStatsNetworkStatsVersioning(c *check.C) {
 			apiVersion := fmt.Sprintf("v1.%d", i)
 			statsJSONBlob := getVersionedStats(c, id, apiVersion)
 			if versions.LessThan(apiVersion, "v1.21") {
-				c.Assert(jsonBlobHasLTv121NetworkStats(statsJSONBlob), checker.Equals, true,
-					check.Commentf("Stats JSON blob from API %s %#v does not look like a <v1.21 API stats structure", apiVersion, statsJSONBlob))
+				assert.Assert(c, jsonBlobHasLTv121NetworkStats(statsJSONBlob), "Stats JSON blob from API %s %#v does not look like a <v1.21 API stats structure", apiVersion, statsJSONBlob)
 			} else {
-				c.Assert(jsonBlobHasGTE121NetworkStats(statsJSONBlob), checker.Equals, true,
-					check.Commentf("Stats JSON blob from API %s %#v does not look like a >=v1.21 API stats structure", apiVersion, statsJSONBlob))
+				assert.Assert(c, jsonBlobHasGTE121NetworkStats(statsJSONBlob), "Stats JSON blob from API %s %#v does not look like a >=v1.21 API stats structure", apiVersion, statsJSONBlob)
 			}
 		}(i)
 	}
 	wg.Wait()
 }
 
-func getNetworkStats(c *check.C, id string) map[string]types.NetworkStats {
+func getNetworkStats(c *testing.T, id string) map[string]types.NetworkStats {
 	var st *types.StatsJSON
 
-	_, body, err := request.Get(fmt.Sprintf("/containers/%s/stats?stream=false", id))
-	c.Assert(err, checker.IsNil)
+	_, body, err := request.Get("/containers/" + id + "/stats?stream=false")
+	assert.NilError(c, err)
 
 	err = json.NewDecoder(body).Decode(&st)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	body.Close()
 
 	return st.Networks
@@ -207,15 +207,15 @@ func getNetworkStats(c *check.C, id string) map[string]types.NetworkStats {
 // container with id using an API call with version apiVersion. Since the
 // stats result type differs between API versions, we simply return
 // map[string]interface{}.
-func getVersionedStats(c *check.C, id string, apiVersion string) map[string]interface{} {
+func getVersionedStats(c *testing.T, id string, apiVersion string) map[string]interface{} {
 	stats := make(map[string]interface{})
 
-	_, body, err := request.Get(fmt.Sprintf("/%s/containers/%s/stats?stream=false", apiVersion, id))
-	c.Assert(err, checker.IsNil)
+	_, body, err := request.Get("/" + apiVersion + "/containers/" + id + "/stats?stream=false")
+	assert.NilError(c, err)
 	defer body.Close()
 
 	err = json.NewDecoder(body).Decode(&stats)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to decode stat: %s", err))
+	assert.NilError(c, err, "failed to decode stat: %s", err)
 
 	return stats
 }
@@ -260,34 +260,34 @@ func jsonBlobHasGTE121NetworkStats(blob map[string]interface{}) bool {
 	return true
 }
 
-func (s *DockerSuite) TestAPIStatsContainerNotFound(c *check.C) {
+func (s *DockerSuite) TestAPIStatsContainerNotFound(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	expected := "No such container: nonexistent"
 
 	_, err = cli.ContainerStats(context.Background(), "nonexistent", true)
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, expected)
 	_, err = cli.ContainerStats(context.Background(), "nonexistent", false)
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, expected)
 }
 
-func (s *DockerSuite) TestAPIStatsNoStreamConnectedContainers(c *check.C) {
+func (s *DockerSuite) TestAPIStatsNoStreamConnectedContainers(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	out1 := runSleepingContainer(c)
 	id1 := strings.TrimSpace(out1)
-	c.Assert(waitRun(id1), checker.IsNil)
+	assert.NilError(c, waitRun(id1))
 
 	out2 := runSleepingContainer(c, "--net", "container:"+id1)
 	id2 := strings.TrimSpace(out2)
-	c.Assert(waitRun(id2), checker.IsNil)
+	assert.NilError(c, waitRun(id2))
 
 	ch := make(chan error, 1)
 	go func() {
-		resp, body, err := request.Get(fmt.Sprintf("/containers/%s/stats?stream=false", id2))
+		resp, body, err := request.Get("/containers/" + id2 + "/stats?stream=false")
 		defer body.Close()
 		if err != nil {
 			ch <- err
@@ -307,7 +307,7 @@ func (s *DockerSuite) TestAPIStatsNoStreamConnectedContainers(c *check.C) {
 
 	select {
 	case err := <-ch:
-		c.Assert(err, checker.IsNil, check.Commentf("Error in stats Engine API: %v", err))
+		assert.NilError(c, err, "Error in stats Engine API: %v", err)
 	case <-time.After(15 * time.Second):
 		c.Fatalf("Stats did not return after timeout")
 	}
diff --git a/integration-cli/docker_api_swarm_node_test.go b/integration-cli/docker_api_swarm_node_test.go
index 191391620d7f0..e883a44d07b98 100644
--- a/integration-cli/docker_api_swarm_node_test.go
+++ b/integration-cli/docker_api_swarm_node_test.go
@@ -1,23 +1,27 @@
+//go:build !windows
 // +build !windows
 
 package main
 
 import (
+	"fmt"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/daemon"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
 )
 
-func (s *DockerSwarmSuite) TestAPISwarmListNodes(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmListNodes(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, false)
 	d3 := s.AddDaemon(c, true, false)
 
 	nodes := d1.ListNodes(c)
-	c.Assert(len(nodes), checker.Equals, 3, check.Commentf("nodes: %#v", nodes))
+	assert.Equal(c, len(nodes), 3, fmt.Sprintf("nodes: %#v", nodes))
 
 loop0:
 	for _, n := range nodes {
@@ -30,7 +34,7 @@ loop0:
 	}
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmNodeUpdate(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmNodeUpdate(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	nodes := d.ListNodes(c)
@@ -40,17 +44,17 @@ func (s *DockerSwarmSuite) TestAPISwarmNodeUpdate(c *check.C) {
 	})
 
 	n := d.GetNode(c, nodes[0].ID)
-	c.Assert(n.Spec.Availability, checker.Equals, swarm.NodeAvailabilityPause)
+	assert.Equal(c, n.Spec.Availability, swarm.NodeAvailabilityPause)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmNodeRemove(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmNodeRemove(c *testing.T) {
 	testRequires(c, Network)
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, false)
 	_ = s.AddDaemon(c, true, false)
 
 	nodes := d1.ListNodes(c)
-	c.Assert(len(nodes), checker.Equals, 3, check.Commentf("nodes: %#v", nodes))
+	assert.Equal(c, len(nodes), 3, fmt.Sprintf("nodes: %#v", nodes))
 
 	// Getting the info so we can take the NodeID
 	d2Info := d2.SwarmInfo(c)
@@ -59,39 +63,39 @@ func (s *DockerSwarmSuite) TestAPISwarmNodeRemove(c *check.C) {
 	d1.RemoveNode(c, d2Info.NodeID, true)
 
 	nodes = d1.ListNodes(c)
-	c.Assert(len(nodes), checker.Equals, 2, check.Commentf("nodes: %#v", nodes))
+	assert.Equal(c, len(nodes), 2, fmt.Sprintf("nodes: %#v", nodes))
 
 	// Restart the node that was removed
-	d2.Restart(c)
+	d2.RestartNode(c)
 
 	// Give some time for the node to rejoin
 	time.Sleep(1 * time.Second)
 
 	// Make sure the node didn't rejoin
 	nodes = d1.ListNodes(c)
-	c.Assert(len(nodes), checker.Equals, 2, check.Commentf("nodes: %#v", nodes))
+	assert.Equal(c, len(nodes), 2, fmt.Sprintf("nodes: %#v", nodes))
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmNodeDrainPause(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmNodeDrainPause(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, false)
 
 	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept tasks
 
 	// start a service, expect balanced distribution
-	instances := 8
+	instances := 2
 	id := d1.CreateService(c, simpleTestService, setInstances(instances))
 
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d1.CheckActiveContainerCount, checker.GreaterThan(0)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d2.CheckActiveContainerCount, checker.GreaterThan(0)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// drain d2, all containers should move to d1
 	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Availability = swarm.NodeAvailabilityDrain
 	})
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, instances)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, 0)
+	poll.WaitOn(c, pollCheck(c, d1.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d2.CheckActiveContainerCount, checker.Equals(0)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// set d2 back to active
 	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
@@ -100,16 +104,15 @@ func (s *DockerSwarmSuite) TestAPISwarmNodeDrainPause(c *check.C) {
 
 	instances = 1
 	d1.UpdateService(c, d1.GetService(c, id), setInstances(instances))
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout*2))
 
-	waitAndAssert(c, defaultReconciliationTimeout*2, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, instances)
-
-	instances = 8
+	instances = 2
 	d1.UpdateService(c, d1.GetService(c, id), setInstances(instances))
 
 	// drained node first so we don't get any old containers
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout*2, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d2.CheckActiveContainerCount, checker.GreaterThan(0)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d1.CheckActiveContainerCount, checker.GreaterThan(0)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout*2))
 
 	d2ContainerCount := len(d2.ActiveContainers(c))
 
@@ -118,10 +121,9 @@ func (s *DockerSwarmSuite) TestAPISwarmNodeDrainPause(c *check.C) {
 		n.Spec.Availability = swarm.NodeAvailabilityPause
 	})
 
-	instances = 14
+	instances = 4
 	d1.UpdateService(c, d1.GetService(c, id), setInstances(instances))
-
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, instances-d2ContainerCount)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, d2ContainerCount)
+	poll.WaitOn(c, pollCheck(c, d1.CheckActiveContainerCount, checker.Equals(instances-d2ContainerCount)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d2.CheckActiveContainerCount, checker.Equals(d2ContainerCount)), poll.WithTimeout(defaultReconciliationTimeout))
 
 }
diff --git a/integration-cli/docker_api_swarm_service_test.go b/integration-cli/docker_api_swarm_service_test.go
index 4d39a34b09a5d..1bba494e69275 100644
--- a/integration-cli/docker_api_swarm_service_test.go
+++ b/integration-cli/docker_api_swarm_service_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -7,6 +8,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
@@ -15,10 +17,11 @@ import (
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/integration-cli/daemon"
-	testdaemon "github.com/docker/docker/internal/test/daemon"
-	"github.com/go-check/check"
+	testdaemon "github.com/docker/docker/testutil/daemon"
 	"golang.org/x/sys/unix"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
 func setPortConfig(portConfig []swarm.PortConfig) testdaemon.ServiceConstructor {
@@ -30,13 +33,13 @@ func setPortConfig(portConfig []swarm.PortConfig) testdaemon.ServiceConstructor
 	}
 }
 
-func (s *DockerSwarmSuite) TestAPIServiceUpdatePort(c *check.C) {
+func (s *DockerSwarmSuite) TestAPIServiceUpdatePort(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create a service with a port mapping of 8080:8081.
 	portConfig := []swarm.PortConfig{{TargetPort: 8081, PublishedPort: 8080}}
 	serviceID := d.CreateService(c, simpleTestService, setInstances(1), setPortConfig(portConfig))
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Update the service: changed the port mapping from 8080:8081 to 8082:8083.
 	updatedPortConfig := []swarm.PortConfig{{TargetPort: 8083, PublishedPort: 8082}}
@@ -45,55 +48,54 @@ func (s *DockerSwarmSuite) TestAPIServiceUpdatePort(c *check.C) {
 
 	// Inspect the service and verify port mapping.
 	updatedService := d.GetService(c, serviceID)
-	c.Assert(updatedService.Spec.EndpointSpec, check.NotNil)
-	c.Assert(len(updatedService.Spec.EndpointSpec.Ports), check.Equals, 1)
-	c.Assert(updatedService.Spec.EndpointSpec.Ports[0].TargetPort, check.Equals, uint32(8083))
-	c.Assert(updatedService.Spec.EndpointSpec.Ports[0].PublishedPort, check.Equals, uint32(8082))
+	assert.Assert(c, updatedService.Spec.EndpointSpec != nil)
+	assert.Equal(c, len(updatedService.Spec.EndpointSpec.Ports), 1)
+	assert.Equal(c, updatedService.Spec.EndpointSpec.Ports[0].TargetPort, uint32(8083))
+	assert.Equal(c, updatedService.Spec.EndpointSpec.Ports[0].PublishedPort, uint32(8082))
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesEmptyList(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicesEmptyList(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	services := d.ListServices(c)
-	c.Assert(services, checker.NotNil)
-	c.Assert(len(services), checker.Equals, 0, check.Commentf("services: %#v", services))
+	assert.Assert(c, services != nil)
+	assert.Assert(c, len(services) == 0, "services: %#v", services)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesCreate(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicesCreate(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	instances := 2
 	id := d.CreateService(c, simpleTestService, setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
-	cli, err := d.NewClient()
-	c.Assert(err, checker.IsNil)
-	defer cli.Close()
+	client := d.NewClientT(c)
+	defer client.Close()
 
 	options := types.ServiceInspectOptions{InsertDefaults: true}
 
 	// insertDefaults inserts UpdateConfig when service is fetched by ID
-	resp, _, err := cli.ServiceInspectWithRaw(context.Background(), id, options)
+	resp, _, err := client.ServiceInspectWithRaw(context.Background(), id, options)
 	out := fmt.Sprintf("%+v", resp)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "UpdateConfig")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "UpdateConfig"))
 
 	// insertDefaults inserts UpdateConfig when service is fetched by ID
-	resp, _, err = cli.ServiceInspectWithRaw(context.Background(), "top", options)
+	resp, _, err = client.ServiceInspectWithRaw(context.Background(), "top", options)
 	out = fmt.Sprintf("%+v", resp)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(out), checker.Contains, "UpdateConfig")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "UpdateConfig"))
 
 	service := d.GetService(c, id)
 	instances = 5
 	d.UpdateService(c, service, setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	d.RemoveService(c, service.ID)
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 0)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(0)), poll.WithTimeout(defaultReconciliationTimeout))
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesMultipleAgents(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicesMultipleAgents(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, false)
 	d3 := s.AddDaemon(c, true, false)
@@ -103,50 +105,50 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesMultipleAgents(c *check.C) {
 	instances := 9
 	id := d1.CreateService(c, simpleTestService, setInstances(instances))
 
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, d3.CheckActiveContainerCount, checker.GreaterThan, 0)
+	poll.WaitOn(c, pollCheck(c, d1.CheckActiveContainerCount, checker.GreaterThan(0)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d2.CheckActiveContainerCount, checker.GreaterThan(0)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d3.CheckActiveContainerCount, checker.GreaterThan(0)), poll.WithTimeout(defaultReconciliationTimeout))
 
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// reconciliation on d2 node down
 	d2.Stop(c)
 
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// test downscaling
 	instances = 5
 	d1.UpdateService(c, d1.GetService(c, id), setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesCreateGlobal(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicesCreateGlobal(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, false)
 	d3 := s.AddDaemon(c, true, false)
 
 	d1.CreateService(c, simpleTestService, setGlobalMode)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, 1)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, 1)
-	waitAndAssert(c, defaultReconciliationTimeout, d3.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d1.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d2.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d3.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	d4 := s.AddDaemon(c, true, false)
 	d5 := s.AddDaemon(c, true, false)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d4.CheckActiveContainerCount, checker.Equals, 1)
-	waitAndAssert(c, defaultReconciliationTimeout, d5.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d4.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d5.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesUpdate(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicesUpdate(c *testing.T) {
 	const nodeCount = 3
 	var daemons [nodeCount]*daemon.Daemon
 	for i := 0; i < nodeCount; i++ {
 		daemons[i] = s.AddDaemon(c, true, i == 0)
 	}
 	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckNodeReadyCount, checker.Equals(nodeCount)), poll.WithTimeout(5*time.Second))
 
 	// service image at start
 	image1 := "busybox:latest"
@@ -156,7 +158,7 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesUpdate(c *check.C) {
 	// create a different tag
 	for _, d := range daemons {
 		out, err := d.Cmd("tag", image1, image2)
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 	}
 
 	// create service
@@ -166,40 +168,35 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesUpdate(c *check.C) {
 	id := daemons[0].CreateService(c, serviceForUpdate, setInstances(instances))
 
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// issue service update
 	service := daemons[0].GetService(c, id)
 	daemons[0].UpdateService(c, service, setImage(image2))
 
 	// first batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances - parallelism, image2: parallelism})
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances - parallelism, image2: parallelism})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// 2nd batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// 3nd batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image2: instances})
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckRunningTaskImages, checker.DeepEquals(map[string]int{image2: instances})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Roll back to the previous version. This uses the CLI because
 	// rollback used to be a client-side operation.
 	out, err := daemons[0].Cmd("service", "update", "--detach", "--rollback", id)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// first batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image2: instances - rollbackParallelism, image1: rollbackParallelism})
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckRunningTaskImages, checker.DeepEquals(map[string]int{image2: instances - rollbackParallelism, image1: rollbackParallelism})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// 2nd batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances})), poll.WithTimeout(defaultReconciliationTimeout))
+
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateStartFirst(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateStartFirst(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// service image at start
@@ -223,7 +220,7 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateStartFirst(c *check.C) {
 
 	checkStartingTasks := func(expected int) []swarm.Task {
 		var startingTasks []swarm.Task
-		waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 			tasks := d.GetServiceTasks(c, id)
 			startingTasks = nil
 			for _, t := range tasks {
@@ -231,8 +228,8 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateStartFirst(c *check.C) {
 					startingTasks = append(startingTasks, t)
 				}
 			}
-			return startingTasks, nil
-		}, checker.HasLen, expected)
+			return startingTasks, ""
+		}, checker.HasLen(expected)), poll.WithTimeout(defaultReconciliationTimeout))
 
 		return startingTasks
 	}
@@ -245,8 +242,7 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateStartFirst(c *check.C) {
 	}
 
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// issue service update
 	service := d.GetService(c, id)
@@ -257,65 +253,58 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateStartFirst(c *check.C) {
 	// The old tasks should be running, and the new ones should be starting.
 	startingTasks := checkStartingTasks(parallelism)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// make it healthy
 	makeTasksHealthy(startingTasks)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances - parallelism, image2: parallelism})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances - parallelism, image2: parallelism})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// 2nd batch
 
 	// The old tasks should be running, and the new ones should be starting.
 	startingTasks = checkStartingTasks(parallelism)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances - parallelism, image2: parallelism})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances - parallelism, image2: parallelism})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// make it healthy
 	makeTasksHealthy(startingTasks)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// 3nd batch
 
 	// The old tasks should be running, and the new ones should be starting.
 	startingTasks = checkStartingTasks(1)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// make it healthy
 	makeTasksHealthy(startingTasks)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image2: instances})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image2: instances})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Roll back to the previous version. This uses the CLI because
 	// rollback is a client-side operation.
 	out, err := d.Cmd("service", "update", "--detach", "--rollback", id)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// first batch
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image2: instances - rollbackParallelism, image1: rollbackParallelism})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image2: instances - rollbackParallelism, image1: rollbackParallelism})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// 2nd batch
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances})), poll.WithTimeout(defaultReconciliationTimeout))
+
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesFailedUpdate(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicesFailedUpdate(c *testing.T) {
 	const nodeCount = 3
 	var daemons [nodeCount]*daemon.Daemon
 	for i := 0; i < nodeCount; i++ {
 		daemons[i] = s.AddDaemon(c, true, i == 0)
 	}
 	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckNodeReadyCount, checker.Equals(nodeCount)), poll.WithTimeout(5*time.Second))
 
 	// service image at start
 	image1 := "busybox:latest"
@@ -327,89 +316,88 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesFailedUpdate(c *check.C) {
 	id := daemons[0].CreateService(c, serviceForUpdate, setInstances(instances))
 
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// issue service update
 	service := daemons[0].GetService(c, id)
 	daemons[0].UpdateService(c, service, setImage(image2), setFailureAction(swarm.UpdateFailureActionPause), setMaxFailureRatio(0.25), setParallelism(1))
 
 	// should update 2 tasks and then pause
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceUpdateState(id), checker.Equals, swarm.UpdateStatePaused)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceUpdateState(id), checker.Equals(swarm.UpdateStatePaused)), poll.WithTimeout(defaultReconciliationTimeout))
 	v, _ := daemons[0].CheckServiceRunningTasks(id)(c)
-	c.Assert(v, checker.Equals, instances-2)
+	assert.Assert(c, v == instances-2)
 
 	// Roll back to the previous version. This uses the CLI because
 	// rollback used to be a client-side operation.
 	out, err := daemons[0].Cmd("service", "update", "--detach", "--rollback", id)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
+
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckRunningTaskImages, checker.DeepEquals(map[string]int{image1: instances})), poll.WithTimeout(defaultReconciliationTimeout))
 
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintRole(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintRole(c *testing.T) {
 	const nodeCount = 3
 	var daemons [nodeCount]*daemon.Daemon
 	for i := 0; i < nodeCount; i++ {
 		daemons[i] = s.AddDaemon(c, true, i == 0)
 	}
 	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckNodeReadyCount, checker.Equals(nodeCount)), poll.WithTimeout(5*time.Second))
 
 	// create service
 	constraints := []string{"node.role==worker"}
 	instances := 3
 	id := daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceRunningTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	// validate tasks are running on worker nodes
 	tasks := daemons[0].GetServiceTasks(c, id)
 	for _, task := range tasks {
 		node := daemons[0].GetNode(c, task.NodeID)
-		c.Assert(node.Spec.Role, checker.Equals, swarm.NodeRoleWorker)
+		assert.Equal(c, node.Spec.Role, swarm.NodeRoleWorker)
 	}
-	//remove service
+	// remove service
 	daemons[0].RemoveService(c, id)
 
 	// create service
 	constraints = []string{"node.role!=worker"}
 	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceRunningTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	tasks = daemons[0].GetServiceTasks(c, id)
 	// validate tasks are running on manager nodes
 	for _, task := range tasks {
 		node := daemons[0].GetNode(c, task.NodeID)
-		c.Assert(node.Spec.Role, checker.Equals, swarm.NodeRoleManager)
+		assert.Equal(c, node.Spec.Role, swarm.NodeRoleManager)
 	}
-	//remove service
+	// remove service
 	daemons[0].RemoveService(c, id)
 
 	// create service
 	constraints = []string{"node.role==nosuchrole"}
 	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
 	// wait for tasks created
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	// let scheduler try
 	time.Sleep(250 * time.Millisecond)
 	// validate tasks are not assigned to any node
 	tasks = daemons[0].GetServiceTasks(c, id)
 	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, "")
+		assert.Equal(c, task.NodeID, "")
 	}
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintLabel(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintLabel(c *testing.T) {
 	const nodeCount = 3
 	var daemons [nodeCount]*daemon.Daemon
 	for i := 0; i < nodeCount; i++ {
 		daemons[i] = s.AddDaemon(c, true, i == 0)
 	}
 	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckNodeReadyCount, checker.Equals(nodeCount)), poll.WithTimeout(5*time.Second))
 	nodes := daemons[0].ListNodes(c)
-	c.Assert(len(nodes), checker.Equals, nodeCount)
+	assert.Equal(c, len(nodes), nodeCount)
 
 	// add labels to nodes
 	daemons[0].UpdateNode(c, nodes[0].ID, func(n *swarm.Node) {
@@ -430,40 +418,40 @@ func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintLabel(c *check.C) {
 	constraints := []string{"node.labels.security==high"}
 	id := daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceRunningTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	tasks := daemons[0].GetServiceTasks(c, id)
 	// validate all tasks are running on nodes[0]
 	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, nodes[0].ID)
+		assert.Assert(c, task.NodeID == nodes[0].ID)
 	}
-	//remove service
+	// remove service
 	daemons[0].RemoveService(c, id)
 
 	// create service
 	constraints = []string{"node.labels.security!=high"}
 	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceRunningTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	tasks = daemons[0].GetServiceTasks(c, id)
 	// validate all tasks are NOT running on nodes[0]
 	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Not(checker.Equals), nodes[0].ID)
+		assert.Assert(c, task.NodeID != nodes[0].ID)
 	}
-	//remove service
+	// remove service
 	daemons[0].RemoveService(c, id)
 
 	constraints = []string{"node.labels.security==medium"}
 	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
 	// wait for tasks created
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	// let scheduler try
 	time.Sleep(250 * time.Millisecond)
 	tasks = daemons[0].GetServiceTasks(c, id)
 	// validate tasks are not assigned
 	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, "")
+		assert.Assert(c, task.NodeID == "")
 	}
-	//remove service
+	// remove service
 	daemons[0].RemoveService(c, id)
 
 	// multiple constraints
@@ -473,13 +461,13 @@ func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintLabel(c *check.C) {
 	}
 	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
 	// wait for tasks created
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	// let scheduler try
 	time.Sleep(250 * time.Millisecond)
 	tasks = daemons[0].GetServiceTasks(c, id)
 	// validate tasks are not assigned
 	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, "")
+		assert.Assert(c, task.NodeID == "")
 	}
 	// make nodes[1] fulfills the constraints
 	daemons[0].UpdateNode(c, nodes[1].ID, func(n *swarm.Node) {
@@ -488,23 +476,23 @@ func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintLabel(c *check.C) {
 		}
 	})
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceRunningTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	tasks = daemons[0].GetServiceTasks(c, id)
 	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, nodes[1].ID)
+		assert.Assert(c, task.NodeID == nodes[1].ID)
 	}
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicePlacementPrefs(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicePlacementPrefs(c *testing.T) {
 	const nodeCount = 3
 	var daemons [nodeCount]*daemon.Daemon
 	for i := 0; i < nodeCount; i++ {
 		daemons[i] = s.AddDaemon(c, true, i == 0)
 	}
 	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckNodeReadyCount, checker.Equals(nodeCount)), poll.WithTimeout(5*time.Second))
 	nodes := daemons[0].ListNodes(c)
-	c.Assert(len(nodes), checker.Equals, nodeCount)
+	assert.Equal(c, len(nodes), nodeCount)
 
 	// add labels to nodes
 	daemons[0].UpdateNode(c, nodes[0].ID, func(n *swarm.Node) {
@@ -525,20 +513,20 @@ func (s *DockerSwarmSuite) TestAPISwarmServicePlacementPrefs(c *check.C) {
 	prefs := []swarm.PlacementPreference{{Spread: &swarm.SpreadOver{SpreadDescriptor: "node.labels.rack"}}}
 	id := daemons[0].CreateService(c, simpleTestService, setPlacementPrefs(prefs), setInstances(instances))
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, daemons[0].CheckServiceRunningTasks(id), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	tasks := daemons[0].GetServiceTasks(c, id)
 	// validate all tasks are running on nodes[0]
 	tasksOnNode := make(map[string]int)
 	for _, task := range tasks {
 		tasksOnNode[task.NodeID]++
 	}
-	c.Assert(tasksOnNode[nodes[0].ID], checker.Equals, 2)
-	c.Assert(tasksOnNode[nodes[1].ID], checker.Equals, 1)
-	c.Assert(tasksOnNode[nodes[2].ID], checker.Equals, 1)
+	assert.Assert(c, tasksOnNode[nodes[0].ID] == 2)
+	assert.Assert(c, tasksOnNode[nodes[1].ID] == 1)
+	assert.Assert(c, tasksOnNode[nodes[2].ID] == 1)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesStateReporting(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSwarmSuite) TestAPISwarmServicesStateReporting(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	testRequires(c, DaemonIsLinux)
 
 	d1 := s.AddDaemon(c, true, true)
@@ -550,7 +538,7 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesStateReporting(c *check.C) {
 	instances := 9
 	d1.CreateService(c, simpleTestService, setInstances(instances))
 
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	getContainers := func() map[string]*daemon.Daemon {
 		m := make(map[string]*daemon.Daemon)
@@ -563,24 +551,24 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesStateReporting(c *check.C) {
 	}
 
 	containers := getContainers()
-	c.Assert(containers, checker.HasLen, instances)
+	assert.Assert(c, len(containers) == instances)
 	var toRemove string
 	for i := range containers {
 		toRemove = i
 	}
 
 	_, err := containers[toRemove].Cmd("stop", toRemove)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	containers2 := getContainers()
-	c.Assert(containers2, checker.HasLen, instances)
+	assert.Assert(c, len(containers2) == instances)
 	for i := range containers {
 		if i == toRemove {
-			c.Assert(containers2[i], checker.IsNil)
+			assert.Assert(c, containers2[i] == nil)
 		} else {
-			c.Assert(containers2[i], checker.NotNil)
+			assert.Assert(c, containers2[i] != nil)
 		}
 	}
 
@@ -591,22 +579,22 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesStateReporting(c *check.C) {
 
 	// try with killing process outside of docker
 	pidStr, err := containers[toRemove].Cmd("inspect", "-f", "{{.State.Pid}}", toRemove)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	pid, err := strconv.Atoi(strings.TrimSpace(pidStr))
-	c.Assert(err, checker.IsNil)
-	c.Assert(unix.Kill(pid, unix.SIGKILL), checker.IsNil)
+	assert.NilError(c, err)
+	assert.NilError(c, unix.Kill(pid, unix.SIGKILL))
 
 	time.Sleep(time.Second) // give some time to handle the signal
 
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	containers2 = getContainers()
-	c.Assert(containers2, checker.HasLen, instances)
+	assert.Assert(c, len(containers2) == instances)
 	for i := range containers {
 		if i == toRemove {
-			c.Assert(containers2[i], checker.IsNil)
+			assert.Assert(c, containers2[i] == nil)
 		} else {
-			c.Assert(containers2[i], checker.NotNil)
+			assert.Assert(c, containers2[i] != nil)
 		}
 	}
 }
diff --git a/integration-cli/docker_api_swarm_test.go b/integration-cli/docker_api_swarm_test.go
index 10b9938486c92..441f7a1652a45 100644
--- a/integration-cli/docker_api_swarm_test.go
+++ b/integration-cli/docker_api_swarm_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -5,12 +6,14 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
+	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"sync"
+	"testing"
 	"time"
 
 	"github.com/cloudflare/cfssl/csr"
@@ -22,35 +25,35 @@ import (
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/daemon"
-	testdaemon "github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/request"
+	testdaemon "github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/request"
 	"github.com/docker/swarmkit/ca"
-	"github.com/go-check/check"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
 )
 
 var defaultReconciliationTimeout = 30 * time.Second
 
-func (s *DockerSwarmSuite) TestAPISwarmInit(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmInit(c *testing.T) {
 	// todo: should find a better way to verify that components are running than /info
 	d1 := s.AddDaemon(c, true, true)
 	info := d1.SwarmInfo(c)
-	c.Assert(info.ControlAvailable, checker.True)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(info.Cluster.RootRotationInProgress, checker.False)
+	assert.Equal(c, info.ControlAvailable, true)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.Cluster.RootRotationInProgress, false)
 
 	d2 := s.AddDaemon(c, true, false)
 	info = d2.SwarmInfo(c)
-	c.Assert(info.ControlAvailable, checker.False)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.ControlAvailable, false)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 
 	// Leaving cluster
-	c.Assert(d2.SwarmLeave(false), checker.IsNil)
+	assert.NilError(c, d2.SwarmLeave(c, false))
 
 	info = d2.SwarmInfo(c)
-	c.Assert(info.ControlAvailable, checker.False)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.ControlAvailable, false)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 
 	d2.SwarmJoin(c, swarm.JoinRequest{
 		ListenAddr:  d1.SwarmListenAddr(),
@@ -59,26 +62,26 @@ func (s *DockerSwarmSuite) TestAPISwarmInit(c *check.C) {
 	})
 
 	info = d2.SwarmInfo(c)
-	c.Assert(info.ControlAvailable, checker.False)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.ControlAvailable, false)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 
 	// Current state restoring after restarts
 	d1.Stop(c)
 	d2.Stop(c)
 
-	d1.Start(c)
-	d2.Start(c)
+	d1.StartNode(c)
+	d2.StartNode(c)
 
 	info = d1.SwarmInfo(c)
-	c.Assert(info.ControlAvailable, checker.True)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.ControlAvailable, true)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 
 	info = d2.SwarmInfo(c)
-	c.Assert(info.ControlAvailable, checker.False)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.ControlAvailable, false)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *testing.T) {
 	d1 := s.AddDaemon(c, false, false)
 	d1.SwarmInit(c, swarm.InitRequest{})
 
@@ -90,20 +93,18 @@ func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) {
 		ListenAddr:  d2.SwarmListenAddr(),
 		RemoteAddrs: []string{d1.SwarmListenAddr()},
 	})
-	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "join token is necessary")
+	assert.ErrorContains(c, err, "join token is necessary")
 	info := d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 
 	err = c2.SwarmJoin(context.Background(), swarm.JoinRequest{
 		ListenAddr:  d2.SwarmListenAddr(),
 		JoinToken:   "foobaz",
 		RemoteAddrs: []string{d1.SwarmListenAddr()},
 	})
-	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "invalid join token")
+	assert.ErrorContains(c, err, "invalid join token")
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 
 	workerToken := d1.JoinTokens(c).Worker
 
@@ -113,10 +114,10 @@ func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) {
 		RemoteAddrs: []string{d1.SwarmListenAddr()},
 	})
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(d2.SwarmLeave(false), checker.IsNil)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
+	assert.NilError(c, d2.SwarmLeave(c, false))
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 
 	// change tokens
 	d1.RotateTokens(c)
@@ -126,19 +127,18 @@ func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) {
 		JoinToken:   workerToken,
 		RemoteAddrs: []string{d1.SwarmListenAddr()},
 	})
-	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "join token is necessary")
+	assert.ErrorContains(c, err, "join token is necessary")
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 
 	workerToken = d1.JoinTokens(c).Worker
 
 	d2.SwarmJoin(c, swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.SwarmListenAddr()}})
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(d2.SwarmLeave(false), checker.IsNil)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
+	assert.NilError(c, d2.SwarmLeave(c, false))
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 
 	// change spec, don't change tokens
 	d1.UpdateSwarm(c, func(s *swarm.Spec) {})
@@ -147,20 +147,19 @@ func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) {
 		ListenAddr:  d2.SwarmListenAddr(),
 		RemoteAddrs: []string{d1.SwarmListenAddr()},
 	})
-	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "join token is necessary")
+	assert.ErrorContains(c, err, "join token is necessary")
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 
 	d2.SwarmJoin(c, swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.SwarmListenAddr()}})
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(d2.SwarmLeave(false), checker.IsNil)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
+	assert.NilError(c, d2.SwarmLeave(c, false))
 	info = d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 }
 
-func (s *DockerSwarmSuite) TestUpdateSwarmAddExternalCA(c *check.C) {
+func (s *DockerSwarmSuite) TestUpdateSwarmAddExternalCA(c *testing.T) {
 	d1 := s.AddDaemon(c, false, false)
 	d1.SwarmInit(c, swarm.InitRequest{})
 	d1.UpdateSwarm(c, func(s *swarm.Spec) {
@@ -177,12 +176,12 @@ func (s *DockerSwarmSuite) TestUpdateSwarmAddExternalCA(c *check.C) {
 		}
 	})
 	info := d1.SwarmInfo(c)
-	c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs, checker.HasLen, 2)
-	c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs[0].CACert, checker.Equals, "")
-	c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs[1].CACert, checker.Equals, "cacert")
+	assert.Equal(c, len(info.Cluster.Spec.CAConfig.ExternalCAs), 2)
+	assert.Equal(c, info.Cluster.Spec.CAConfig.ExternalCAs[0].CACert, "")
+	assert.Equal(c, info.Cluster.Spec.CAConfig.ExternalCAs[1].CACert, "cacert")
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmCAHash(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmCAHash(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, false, false)
 	splitToken := strings.Split(d1.JoinTokens(c).Worker, "-")
@@ -194,30 +193,29 @@ func (s *DockerSwarmSuite) TestAPISwarmCAHash(c *check.C) {
 		JoinToken:   replacementToken,
 		RemoteAddrs: []string{d1.SwarmListenAddr()},
 	})
-	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "remote CA does not match fingerprint")
+	assert.ErrorContains(c, err, "remote CA does not match fingerprint")
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmPromoteDemote(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmPromoteDemote(c *testing.T) {
 	d1 := s.AddDaemon(c, false, false)
 	d1.SwarmInit(c, swarm.InitRequest{})
 	d2 := s.AddDaemon(c, true, false)
 
 	info := d2.SwarmInfo(c)
-	c.Assert(info.ControlAvailable, checker.False)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.ControlAvailable, false)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 
 	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Role = swarm.NodeRoleManager
 	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckControlAvailable, checker.True)
+	poll.WaitOn(c, pollCheck(c, d2.CheckControlAvailable, checker.True()), poll.WithTimeout(defaultReconciliationTimeout))
 
 	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Role = swarm.NodeRoleWorker
 	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckControlAvailable, checker.False)
+	poll.WaitOn(c, pollCheck(c, d2.CheckControlAvailable, checker.False()), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Wait for the role to change to worker in the cert. This is partially
 	// done because it's something worth testing in its own right, and
@@ -225,27 +223,27 @@ func (s *DockerSwarmSuite) TestAPISwarmPromoteDemote(c *check.C) {
 	// back to manager quickly might cause the node to pause for awhile
 	// while waiting for the role to change to worker, and the test can
 	// time out during this interval.
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		certBytes, err := ioutil.ReadFile(filepath.Join(d2.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
+		certBytes, err := os.ReadFile(filepath.Join(d2.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
 		if err != nil {
-			return "", check.Commentf("error: %v", err)
+			return "", fmt.Sprintf("error: %v", err)
 		}
 		certs, err := helpers.ParseCertificatesPEM(certBytes)
 		if err == nil && len(certs) > 0 && len(certs[0].Subject.OrganizationalUnit) > 0 {
-			return certs[0].Subject.OrganizationalUnit[0], nil
+			return certs[0].Subject.OrganizationalUnit[0], ""
 		}
-		return "", check.Commentf("could not get organizational unit from certificate")
-	}, checker.Equals, "swarm-worker")
+		return "", "could not get organizational unit from certificate"
+	}, checker.Equals("swarm-worker")), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Demoting last node should fail
 	node := d1.GetNode(c, d1.NodeID())
 	node.Spec.Role = swarm.NodeRoleWorker
 	url := fmt.Sprintf("/nodes/%s/update?version=%d", node.ID, node.Version.Index)
 	res, body, err := request.Post(url, request.Host(d1.Sock()), request.JSONBody(node.Spec))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest, check.Commentf("output: %q", string(b)))
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusBadRequest, "output: %q", string(b))
 
 	// The warning specific to demoting the last manager is best-effort and
 	// won't appear until the Role field of the demoted manager has been
@@ -254,21 +252,21 @@ func (s *DockerSwarmSuite) TestAPISwarmPromoteDemote(c *check.C) {
 	// it anchors the regexp contrary to the documentation, and this makes
 	// it impossible to match something that includes a line break.
 	if !strings.Contains(string(b), "last manager of the swarm") {
-		c.Assert(string(b), checker.Contains, "this would result in a loss of quorum")
+		assert.Assert(c, strings.Contains(string(b), "this would result in a loss of quorum"))
 	}
 	info = d1.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(info.ControlAvailable, checker.True)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.ControlAvailable, true)
 
 	// Promote already demoted node
 	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Role = swarm.NodeRoleManager
 	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckControlAvailable, checker.True)
+	poll.WaitOn(c, pollCheck(c, d2.CheckControlAvailable, checker.True()), poll.WithTimeout(defaultReconciliationTimeout))
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmLeaderProxy(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmLeaderProxy(c *testing.T) {
 	// add three managers, one of these is leader
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, true)
@@ -289,20 +287,27 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaderProxy(c *check.C) {
 	// query each node and make sure it returns 3 services
 	for _, d := range []*daemon.Daemon{d1, d2, d3} {
 		services := d.ListServices(c)
-		c.Assert(services, checker.HasLen, 3)
+		assert.Equal(c, len(services), 3)
 	}
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *testing.T) {
+	if runtime.GOARCH == "s390x" {
+		c.Skip("Disabled on s390x")
+	}
+	if runtime.GOARCH == "ppc64le" {
+		c.Skip("Disabled on  ppc64le")
+	}
+
 	// Create 3 nodes
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, true)
 	d3 := s.AddDaemon(c, true, true)
 
 	// assert that the first node we made is the leader, and the other two are followers
-	c.Assert(d1.GetNode(c, d1.NodeID()).ManagerStatus.Leader, checker.True)
-	c.Assert(d1.GetNode(c, d2.NodeID()).ManagerStatus.Leader, checker.False)
-	c.Assert(d1.GetNode(c, d3.NodeID()).ManagerStatus.Leader, checker.False)
+	assert.Equal(c, d1.GetNode(c, d1.NodeID()).ManagerStatus.Leader, true)
+	assert.Equal(c, d1.GetNode(c, d2.NodeID()).ManagerStatus.Leader, false)
+	assert.Equal(c, d1.GetNode(c, d3.NodeID()).ManagerStatus.Leader, false)
 
 	d1.Stop(c)
 
@@ -310,13 +315,24 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *check.C) {
 		leader    *daemon.Daemon   // keep track of leader
 		followers []*daemon.Daemon // keep track of followers
 	)
+	var lastErr error
 	checkLeader := func(nodes ...*daemon.Daemon) checkF {
-		return func(c *check.C) (interface{}, check.CommentInterface) {
+		return func(c *testing.T) (interface{}, string) {
 			// clear these out before each run
 			leader = nil
 			followers = nil
 			for _, d := range nodes {
-				if d.GetNode(c, d.NodeID()).ManagerStatus.Leader {
+				n := d.GetNode(c, d.NodeID(), func(err error) bool {
+					if strings.Contains(err.Error(), context.DeadlineExceeded.Error()) || strings.Contains(err.Error(), "swarm does not have a leader") {
+						lastErr = err
+						return true
+					}
+					return false
+				})
+				if n == nil {
+					return false, fmt.Sprintf("failed to get node: %v", lastErr)
+				}
+				if n.ManagerStatus.Leader {
 					leader = d
 				} else {
 					followers = append(followers, d)
@@ -324,39 +340,46 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *check.C) {
 			}
 
 			if leader == nil {
-				return false, check.Commentf("no leader elected")
+				return false, "no leader elected"
 			}
 
-			return true, check.Commentf("elected %v", leader.ID())
+			return true, fmt.Sprintf("elected %v", leader.ID())
 		}
 	}
 
 	// wait for an election to occur
-	waitAndAssert(c, defaultReconciliationTimeout, checkLeader(d2, d3), checker.True)
+	c.Logf("Waiting for election to occur...")
+	poll.WaitOn(c, pollCheck(c, checkLeader(d2, d3), checker.True()), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// assert that we have a new leader
-	c.Assert(leader, checker.NotNil)
+	assert.Assert(c, leader != nil)
 
 	// Keep track of the current leader, since we want that to be chosen.
 	stableleader := leader
 
 	// add the d1, the initial leader, back
-	d1.Start(c)
-
-	// TODO(stevvooe): may need to wait for rejoin here
+	d1.StartNode(c)
 
 	// wait for possible election
-	waitAndAssert(c, defaultReconciliationTimeout, checkLeader(d1, d2, d3), checker.True)
+	c.Logf("Waiting for possible election...")
+	poll.WaitOn(c, pollCheck(c, checkLeader(d1, d2, d3), checker.True()), poll.WithTimeout(defaultReconciliationTimeout))
 	// pick out the leader and the followers again
 
 	// verify that we still only have 1 leader and 2 followers
-	c.Assert(leader, checker.NotNil)
-	c.Assert(followers, checker.HasLen, 2)
+	assert.Assert(c, leader != nil)
+	assert.Equal(c, len(followers), 2)
 	// and that after we added d1 back, the leader hasn't changed
-	c.Assert(leader.NodeID(), checker.Equals, stableleader.NodeID())
+	assert.Equal(c, leader.NodeID(), stableleader.NodeID())
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmRaftQuorum(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmRaftQuorum(c *testing.T) {
+	if runtime.GOARCH == "s390x" {
+		c.Skip("Disabled on s390x")
+	}
+	if runtime.GOARCH == "ppc64le" {
+		c.Skip("Disabled on  ppc64le")
+	}
+
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, true)
 	d3 := s.AddDaemon(c, true, true)
@@ -366,7 +389,7 @@ func (s *DockerSwarmSuite) TestAPISwarmRaftQuorum(c *check.C) {
 	d2.Stop(c)
 
 	// make sure there is a leader
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckLeader, checker.IsNil)
+	poll.WaitOn(c, pollCheck(c, d1.CheckLeader, checker.IsNil()), poll.WithTimeout(defaultReconciliationTimeout))
 
 	d1.CreateService(c, simpleTestService, func(s *swarm.Service) {
 		s.Spec.Name = "top1"
@@ -377,56 +400,55 @@ func (s *DockerSwarmSuite) TestAPISwarmRaftQuorum(c *check.C) {
 	var service swarm.Service
 	simpleTestService(&service)
 	service.Spec.Name = "top2"
-	cli, err := d1.NewClient()
-	c.Assert(err, checker.IsNil)
+	cli := d1.NewClientT(c)
 	defer cli.Close()
 
 	// d1 will eventually step down from leader because there is no longer an active quorum, wait for that to happen
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		_, err = cli.ServiceCreate(context.Background(), service.Spec, types.ServiceCreateOptions{})
-		return err.Error(), nil
-	}, checker.Contains, "Make sure more than half of the managers are online.")
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
+		_, err := cli.ServiceCreate(context.Background(), service.Spec, types.ServiceCreateOptions{})
+		return err.Error(), ""
+	}, checker.Contains("Make sure more than half of the managers are online.")), poll.WithTimeout(defaultReconciliationTimeout*2))
 
-	d2.Start(c)
+	d2.StartNode(c)
 
 	// make sure there is a leader
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckLeader, checker.IsNil)
+	poll.WaitOn(c, pollCheck(c, d1.CheckLeader, checker.IsNil()), poll.WithTimeout(defaultReconciliationTimeout))
 
 	d1.CreateService(c, simpleTestService, func(s *swarm.Service) {
 		s.Spec.Name = "top3"
 	})
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmLeaveRemovesContainer(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmLeaveRemovesContainer(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	instances := 2
 	d.CreateService(c, simpleTestService, setInstances(instances))
 
 	id, err := d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", id))
+	assert.NilError(c, err, id)
 	id = strings.TrimSpace(id)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances+1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(instances+1)), poll.WithTimeout(defaultReconciliationTimeout))
 
-	c.Assert(d.SwarmLeave(false), checker.NotNil)
-	c.Assert(d.SwarmLeave(true), checker.IsNil)
+	assert.ErrorContains(c, d.SwarmLeave(c, false), "")
+	assert.NilError(c, d.SwarmLeave(c, true))
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	id2, err := d.Cmd("ps", "-q")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", id2))
-	c.Assert(id, checker.HasPrefix, strings.TrimSpace(id2))
+	assert.NilError(c, err, id2)
+	assert.Assert(c, strings.HasPrefix(id, strings.TrimSpace(id2)))
 }
 
 // #23629
-func (s *DockerSwarmSuite) TestAPISwarmLeaveOnPendingJoin(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmLeaveOnPendingJoin(c *testing.T) {
 	testRequires(c, Network)
 	s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, false, false)
 
 	id, err := d2.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", id))
+	assert.NilError(c, err, id)
 	id = strings.TrimSpace(id)
 
 	c2 := d2.NewClientT(c)
@@ -434,23 +456,22 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaveOnPendingJoin(c *check.C) {
 		ListenAddr:  d2.SwarmListenAddr(),
 		RemoteAddrs: []string{"123.123.123.123:1234"},
 	})
-	c.Assert(err, check.NotNil)
-	c.Assert(err.Error(), checker.Contains, "Timeout was reached")
+	assert.ErrorContains(c, err, "Timeout was reached")
 
 	info := d2.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStatePending)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStatePending)
 
-	c.Assert(d2.SwarmLeave(true), checker.IsNil)
+	assert.NilError(c, d2.SwarmLeave(c, true))
 
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d2.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	id2, err := d2.Cmd("ps", "-q")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", id2))
-	c.Assert(id, checker.HasPrefix, strings.TrimSpace(id2))
+	assert.NilError(c, err, id2)
+	assert.Assert(c, strings.HasPrefix(id, strings.TrimSpace(id2)))
 }
 
 // #23705
-func (s *DockerSwarmSuite) TestAPISwarmRestoreOnPendingJoin(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmRestoreOnPendingJoin(c *testing.T) {
 	testRequires(c, Network)
 	d := s.AddDaemon(c, false, false)
 	client := d.NewClientT(c)
@@ -458,58 +479,54 @@ func (s *DockerSwarmSuite) TestAPISwarmRestoreOnPendingJoin(c *check.C) {
 		ListenAddr:  d.SwarmListenAddr(),
 		RemoteAddrs: []string{"123.123.123.123:1234"},
 	})
-	c.Assert(err, check.NotNil)
-	c.Assert(err.Error(), checker.Contains, "Timeout was reached")
+	assert.ErrorContains(c, err, "Timeout was reached")
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckLocalNodeState, checker.Equals, swarm.LocalNodeStatePending)
+	poll.WaitOn(c, pollCheck(c, d.CheckLocalNodeState, checker.Equals(swarm.LocalNodeStatePending)), poll.WithTimeout(defaultReconciliationTimeout))
 
-	d.Stop(c)
-	d.Start(c)
+	d.RestartNode(c)
 
 	info := d.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmManagerRestore(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmManagerRestore(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 
 	instances := 2
 	id := d1.CreateService(c, simpleTestService, setInstances(instances))
 
 	d1.GetService(c, id)
-	d1.Stop(c)
-	d1.Start(c)
+	d1.RestartNode(c)
 	d1.GetService(c, id)
 
 	d2 := s.AddDaemon(c, true, true)
 	d2.GetService(c, id)
-	d2.Stop(c)
-	d2.Start(c)
+	d2.RestartNode(c)
 	d2.GetService(c, id)
 
 	d3 := s.AddDaemon(c, true, true)
 	d3.GetService(c, id)
-	d3.Stop(c)
-	d3.Start(c)
+	d3.RestartNode(c)
 	d3.GetService(c, id)
 
-	d3.Kill()
+	err := d3.Kill()
+	assert.NilError(c, err)
 	time.Sleep(1 * time.Second) // time to handle signal
-	d3.Start(c)
+	d3.StartNode(c)
 	d3.GetService(c, id)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmScaleNoRollingUpdate(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmScaleNoRollingUpdate(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	instances := 2
 	id := d.CreateService(c, simpleTestService, setInstances(instances))
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	containers := d.ActiveContainers(c)
 	instances = 4
 	d.UpdateService(c, d.GetService(c, id), setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 	containers2 := d.ActiveContainers(c)
 
 loop0:
@@ -523,38 +540,38 @@ loop0:
 	}
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmInvalidAddress(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmInvalidAddress(c *testing.T) {
 	d := s.AddDaemon(c, false, false)
 	req := swarm.InitRequest{
 		ListenAddr: "",
 	}
 	res, _, err := request.Post("/swarm/init", request.Host(d.Sock()), request.JSONBody(req))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 
 	req2 := swarm.JoinRequest{
 		ListenAddr:  "0.0.0.0:2377",
 		RemoteAddrs: []string{""},
 	}
 	res, _, err = request.Post("/swarm/join", request.Host(d.Sock()), request.JSONBody(req2))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmForceNewCluster(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmForceNewCluster(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, true)
 
 	instances := 2
 	id := d1.CreateService(c, simpleTestService, setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// drain d2, all containers should move to d1
 	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Availability = swarm.NodeAvailabilityDrain
 	})
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, instances)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, 0)
+	poll.WaitOn(c, pollCheck(c, d1.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, d2.CheckActiveContainerCount, checker.Equals(0)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	d2.Stop(c)
 
@@ -563,22 +580,22 @@ func (s *DockerSwarmSuite) TestAPISwarmForceNewCluster(c *check.C) {
 		Spec:            swarm.Spec{},
 	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d1.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	d3 := s.AddDaemon(c, true, true)
 	info := d3.SwarmInfo(c)
-	c.Assert(info.ControlAvailable, checker.True)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.ControlAvailable, true)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 
 	instances = 4
 	d3.UpdateService(c, d3.GetService(c, id), setInstances(instances))
 
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 }
 
 func simpleTestService(s *swarm.Service) {
 	ureplicas := uint64(1)
-	restartDelay := time.Duration(100 * time.Millisecond)
+	restartDelay := 100 * time.Millisecond
 
 	s.Spec = swarm.ServiceSpec{
 		TaskTemplate: swarm.TaskSpec{
@@ -601,7 +618,7 @@ func simpleTestService(s *swarm.Service) {
 
 func serviceForUpdate(s *swarm.Service) {
 	ureplicas := uint64(1)
-	restartDelay := time.Duration(100 * time.Millisecond)
+	restartDelay := 100 * time.Millisecond
 
 	s.Spec = swarm.ServiceSpec{
 		TaskTemplate: swarm.TaskSpec{
@@ -712,7 +729,7 @@ func setGlobalMode(s *swarm.Service) {
 	}
 }
 
-func checkClusterHealth(c *check.C, cl []*daemon.Daemon, managerCount, workerCount int) {
+func checkClusterHealth(c *testing.T, cl []*daemon.Daemon, managerCount, workerCount int) {
 	var totalMCount, totalWCount int
 
 	for _, d := range cl {
@@ -720,14 +737,14 @@ func checkClusterHealth(c *check.C, cl []*daemon.Daemon, managerCount, workerCou
 			info swarm.Info
 		)
 
-		// check info in a waitAndAssert, because if the cluster doesn't have a leader, `info` will return an error
-		checkInfo := func(c *check.C) (interface{}, check.CommentInterface) {
+		// check info in a poll.WaitOn(), because if the cluster doesn't have a leader, `info` will return an error
+		checkInfo := func(c *testing.T) (interface{}, string) {
 			client := d.NewClientT(c)
 			daemonInfo, err := client.Info(context.Background())
 			info = daemonInfo.Swarm
-			return err, check.Commentf("cluster not ready in time")
+			return err, "cluster not ready in time"
 		}
-		waitAndAssert(c, defaultReconciliationTimeout, checkInfo, checker.IsNil)
+		poll.WaitOn(c, pollCheck(c, checkInfo, checker.IsNil()), poll.WithTimeout(defaultReconciliationTimeout))
 		if !info.ControlAvailable {
 			totalWCount++
 			continue
@@ -738,62 +755,62 @@ func checkClusterHealth(c *check.C, cl []*daemon.Daemon, managerCount, workerCou
 		var mCount, wCount int
 
 		for _, n := range d.ListNodes(c) {
-			waitReady := func(c *check.C) (interface{}, check.CommentInterface) {
+			waitReady := func(c *testing.T) (interface{}, string) {
 				if n.Status.State == swarm.NodeStateReady {
-					return true, nil
+					return true, ""
 				}
 				nn := d.GetNode(c, n.ID)
 				n = *nn
-				return n.Status.State == swarm.NodeStateReady, check.Commentf("state of node %s, reported by %s", n.ID, d.NodeID())
+				return n.Status.State == swarm.NodeStateReady, fmt.Sprintf("state of node %s, reported by %s", n.ID, d.NodeID())
 			}
-			waitAndAssert(c, defaultReconciliationTimeout, waitReady, checker.True)
+			poll.WaitOn(c, pollCheck(c, waitReady, checker.True()), poll.WithTimeout(defaultReconciliationTimeout))
 
-			waitActive := func(c *check.C) (interface{}, check.CommentInterface) {
+			waitActive := func(c *testing.T) (interface{}, string) {
 				if n.Spec.Availability == swarm.NodeAvailabilityActive {
-					return true, nil
+					return true, ""
 				}
 				nn := d.GetNode(c, n.ID)
 				n = *nn
-				return n.Spec.Availability == swarm.NodeAvailabilityActive, check.Commentf("availability of node %s, reported by %s", n.ID, d.NodeID())
+				return n.Spec.Availability == swarm.NodeAvailabilityActive, fmt.Sprintf("availability of node %s, reported by %s", n.ID, d.NodeID())
 			}
-			waitAndAssert(c, defaultReconciliationTimeout, waitActive, checker.True)
+			poll.WaitOn(c, pollCheck(c, waitActive, checker.True()), poll.WithTimeout(defaultReconciliationTimeout))
 
 			if n.Spec.Role == swarm.NodeRoleManager {
-				c.Assert(n.ManagerStatus, checker.NotNil, check.Commentf("manager status of node %s (manager), reported by %s", n.ID, d.NodeID()))
+				assert.Assert(c, n.ManagerStatus != nil, "manager status of node %s (manager), reported by %s", n.ID, d.NodeID())
 				if n.ManagerStatus.Leader {
 					leaderFound = true
 				}
 				mCount++
 			} else {
-				c.Assert(n.ManagerStatus, checker.IsNil, check.Commentf("manager status of node %s (worker), reported by %s", n.ID, d.NodeID()))
+				assert.Assert(c, n.ManagerStatus == nil, "manager status of node %s (worker), reported by %s", n.ID, d.NodeID())
 				wCount++
 			}
 		}
-		c.Assert(leaderFound, checker.True, check.Commentf("lack of leader reported by node %s", info.NodeID))
-		c.Assert(mCount, checker.Equals, managerCount, check.Commentf("managers count reported by node %s", info.NodeID))
-		c.Assert(wCount, checker.Equals, workerCount, check.Commentf("workers count reported by node %s", info.NodeID))
+		assert.Equal(c, leaderFound, true, "lack of leader reported by node %s", info.NodeID)
+		assert.Equal(c, mCount, managerCount, "managers count reported by node %s", info.NodeID)
+		assert.Equal(c, wCount, workerCount, "workers count reported by node %s", info.NodeID)
 	}
-	c.Assert(totalMCount, checker.Equals, managerCount)
-	c.Assert(totalWCount, checker.Equals, workerCount)
+	assert.Equal(c, totalMCount, managerCount)
+	assert.Equal(c, totalWCount, workerCount)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *testing.T) {
 	mCount, wCount := 5, 1
 
 	var nodes []*daemon.Daemon
 	for i := 0; i < mCount; i++ {
 		manager := s.AddDaemon(c, true, true)
 		info := manager.SwarmInfo(c)
-		c.Assert(info.ControlAvailable, checker.True)
-		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+		assert.Equal(c, info.ControlAvailable, true)
+		assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 		nodes = append(nodes, manager)
 	}
 
 	for i := 0; i < wCount; i++ {
 		worker := s.AddDaemon(c, true, false)
 		info := worker.SwarmInfo(c)
-		c.Assert(info.ControlAvailable, checker.False)
-		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+		assert.Equal(c, info.ControlAvailable, false)
+		assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 		nodes = append(nodes, worker)
 	}
 
@@ -814,7 +831,7 @@ func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *check.C) {
 		wg.Wait()
 		close(errs)
 		for err := range errs {
-			c.Assert(err, check.IsNil)
+			assert.NilError(c, err)
 		}
 	}
 
@@ -835,61 +852,57 @@ func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *check.C) {
 		wg.Wait()
 		close(errs)
 		for err := range errs {
-			c.Assert(err, check.IsNil)
+			assert.NilError(c, err)
 		}
 	}
 
 	checkClusterHealth(c, nodes, mCount, wCount)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateWithName(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateWithName(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	instances := 2
 	id := d.CreateService(c, simpleTestService, setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	service := d.GetService(c, id)
 	instances = 5
 
 	setInstances(instances)(service)
-	cli, err := d.NewClient()
-	c.Assert(err, checker.IsNil)
+	cli := d.NewClientT(c)
 	defer cli.Close()
-	_, err = cli.ServiceUpdate(context.Background(), service.Spec.Name, service.Version, service.Spec, types.ServiceUpdateOptions{})
-	c.Assert(err, checker.IsNil)
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	_, err := cli.ServiceUpdate(context.Background(), service.Spec.Name, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(c, err)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 }
 
 // Unlocking an unlocked swarm results in an error
-func (s *DockerSwarmSuite) TestAPISwarmUnlockNotLocked(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmUnlockNotLocked(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
-	err := d.SwarmUnlock(swarm.UnlockRequest{UnlockKey: "wrong-key"})
-	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "swarm is not locked")
+	err := d.SwarmUnlock(c, swarm.UnlockRequest{UnlockKey: "wrong-key"})
+	assert.ErrorContains(c, err, "swarm is not locked")
 }
 
 // #29885
-func (s *DockerSwarmSuite) TestAPISwarmErrorHandling(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmErrorHandling(c *testing.T) {
 	ln, err := net.Listen("tcp", fmt.Sprintf(":%d", defaultSwarmPort))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer ln.Close()
 	d := s.AddDaemon(c, false, false)
 	client := d.NewClientT(c)
 	_, err = client.SwarmInit(context.Background(), swarm.InitRequest{
 		ListenAddr: d.SwarmListenAddr(),
 	})
-	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "address already in use")
+	assert.ErrorContains(c, err, "address already in use")
 }
 
 // Test case for 30242, where duplicate networks, with different drivers `bridge` and `overlay`,
 // caused both scopes to be `swarm` for `docker network inspect` and `docker network ls`.
 // This test makes sure the fixes correctly output scopes instead.
-func (s *DockerSwarmSuite) TestAPIDuplicateNetworks(c *check.C) {
+func (s *DockerSwarmSuite) TestAPIDuplicateNetworks(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
-	cli, err := d.NewClient()
-	c.Assert(err, checker.IsNil)
+	cli := d.NewClientT(c)
 	defer cli.Close()
 
 	name := "foo"
@@ -900,30 +913,30 @@ func (s *DockerSwarmSuite) TestAPIDuplicateNetworks(c *check.C) {
 	networkCreate.Driver = "bridge"
 
 	n1, err := cli.NetworkCreate(context.Background(), name, networkCreate)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	networkCreate.Driver = "overlay"
 
 	n2, err := cli.NetworkCreate(context.Background(), name, networkCreate)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	r1, err := cli.NetworkInspect(context.Background(), n1.ID, types.NetworkInspectOptions{})
-	c.Assert(err, checker.IsNil)
-	c.Assert(r1.Scope, checker.Equals, "local")
+	assert.NilError(c, err)
+	assert.Equal(c, r1.Scope, "local")
 
 	r2, err := cli.NetworkInspect(context.Background(), n2.ID, types.NetworkInspectOptions{})
-	c.Assert(err, checker.IsNil)
-	c.Assert(r2.Scope, checker.Equals, "swarm")
+	assert.NilError(c, err)
+	assert.Equal(c, r2.Scope, "swarm")
 }
 
 // Test case for 30178
-func (s *DockerSwarmSuite) TestAPISwarmHealthcheckNone(c *check.C) {
+func (s *DockerSwarmSuite) TestAPISwarmHealthcheckNone(c *testing.T) {
 	// Issue #36386 can be a independent one, which is worth further investigation.
 	c.Skip("Root cause of Issue #36386 is needed")
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("network", "create", "-d", "overlay", "lb")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	instances := 1
 	d.CreateService(c, simpleTestService, setInstances(instances), func(s *swarm.Service) {
@@ -936,15 +949,15 @@ func (s *DockerSwarmSuite) TestAPISwarmHealthcheckNone(c *check.C) {
 		}
 	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(instances)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	containers := d.ActiveContainers(c)
 
 	out, err = d.Cmd("exec", containers[0], "ping", "-c1", "-W3", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmRepeatedRootRotation(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmRepeatedRootRotation(c *testing.T) {
 	m := s.AddDaemon(c, true, true)
 	w := s.AddDaemon(c, true, false)
 
@@ -962,7 +975,7 @@ func (s *DockerSwarmSuite) TestSwarmRepeatedRootRotation(c *check.C) {
 				KeyRequest: csr.NewBasicKeyRequest(),
 				CA:         &csr.CAConfig{Expiry: ca.RootCAExpiration},
 			})
-			c.Assert(err, checker.IsNil)
+			assert.NilError(c, err)
 		}
 		expectedCert := string(cert)
 		m.UpdateSwarm(c, func(s *swarm.Spec) {
@@ -977,8 +990,8 @@ func (s *DockerSwarmSuite) TestSwarmRepeatedRootRotation(c *check.C) {
 			info := m.SwarmInfo(c)
 
 			// the desired CA cert and key is always redacted
-			c.Assert(info.Cluster.Spec.CAConfig.SigningCAKey, checker.Equals, "")
-			c.Assert(info.Cluster.Spec.CAConfig.SigningCACert, checker.Equals, "")
+			assert.Equal(c, info.Cluster.Spec.CAConfig.SigningCAKey, "")
+			assert.Equal(c, info.Cluster.Spec.CAConfig.SigningCACert, "")
 
 			clusterTLSInfo = info.Cluster.TLSInfo
 
@@ -991,7 +1004,7 @@ func (s *DockerSwarmSuite) TestSwarmRepeatedRootRotation(c *check.C) {
 			time.Sleep(250 * time.Millisecond)
 		}
 		if cert != nil {
-			c.Assert(clusterTLSInfo.TrustRoot, checker.Equals, expectedCert)
+			assert.Equal(c, clusterTLSInfo.TrustRoot, expectedCert)
 		}
 		// could take another second or two for the nodes to trust the new roots after they've all gotten
 		// new TLS certificates
@@ -1007,19 +1020,18 @@ func (s *DockerSwarmSuite) TestSwarmRepeatedRootRotation(c *check.C) {
 			time.Sleep(250 * time.Millisecond)
 		}
 
-		c.Assert(m.GetNode(c, m.NodeID()).Description.TLSInfo, checker.DeepEquals, clusterTLSInfo)
-		c.Assert(m.GetNode(c, w.NodeID()).Description.TLSInfo, checker.DeepEquals, clusterTLSInfo)
+		assert.DeepEqual(c, m.GetNode(c, m.NodeID()).Description.TLSInfo, clusterTLSInfo)
+		assert.DeepEqual(c, m.GetNode(c, w.NodeID()).Description.TLSInfo, clusterTLSInfo)
 		currentTrustRoot = clusterTLSInfo.TrustRoot
 	}
 }
 
-func (s *DockerSwarmSuite) TestAPINetworkInspectWithScope(c *check.C) {
+func (s *DockerSwarmSuite) TestAPINetworkInspectWithScope(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "test-scoped-network"
 	ctx := context.Background()
-	apiclient, err := d.NewClient()
-	assert.NilError(c, err)
+	apiclient := d.NewClientT(c)
 
 	resp, err := apiclient.NetworkCreate(ctx, name, types.NetworkCreate{Driver: "overlay"})
 	assert.NilError(c, err)
diff --git a/integration-cli/docker_api_test.go b/integration-cli/docker_api_test.go
index 5b7e3e97f9d80..6a091bc8a4fac 100644
--- a/integration-cli/docker_api_test.go
+++ b/integration-cli/docker_api_test.go
@@ -2,38 +2,38 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"runtime"
 	"strconv"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestAPIOptionsRoute(c *check.C) {
+func (s *DockerSuite) TestAPIOptionsRoute(c *testing.T) {
 	resp, _, err := request.Do("/", request.Method(http.MethodOptions))
-	c.Assert(err, checker.IsNil)
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, resp.StatusCode, http.StatusOK)
 }
 
-func (s *DockerSuite) TestAPIGetEnabledCORS(c *check.C) {
+func (s *DockerSuite) TestAPIGetEnabledCORS(c *testing.T) {
 	res, body, err := request.Get("/version")
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusOK)
 	body.Close()
 	// TODO: @runcom incomplete tests, why old integration tests had this headers
 	// and here none of the headers below are in the response?
 	//c.Log(res.Header)
-	//c.Assert(res.Header.Get("Access-Control-Allow-Origin"), check.Equals, "*")
-	//c.Assert(res.Header.Get("Access-Control-Allow-Headers"), check.Equals, "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
+	//assert.Equal(c, res.Header.Get("Access-Control-Allow-Origin"), "*")
+	//assert.Equal(c, res.Header.Get("Access-Control-Allow-Headers"), "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
 }
 
-func (s *DockerSuite) TestAPIClientVersionOldNotSupported(c *check.C) {
+func (s *DockerSuite) TestAPIClientVersionOldNotSupported(c *testing.T) {
 	if testEnv.OSType != runtime.GOOS {
 		c.Skip("Daemon platform doesn't match test platform")
 	}
@@ -42,69 +42,69 @@ func (s *DockerSuite) TestAPIClientVersionOldNotSupported(c *check.C) {
 	}
 	v := strings.Split(api.MinVersion, ".")
 	vMinInt, err := strconv.Atoi(v[1])
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	vMinInt--
 	v[1] = strconv.Itoa(vMinInt)
 	version := strings.Join(v, ".")
 
 	resp, body, err := request.Get("/v" + version + "/version")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer body.Close()
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusBadRequest)
+	assert.Equal(c, resp.StatusCode, http.StatusBadRequest)
 	expected := fmt.Sprintf("client version %s is too old. Minimum supported API version is %s, please upgrade your client to a newer version", version, api.MinVersion)
-	content, err := ioutil.ReadAll(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(string(content)), checker.Contains, expected)
+	content, err := io.ReadAll(body)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(string(content)), expected)
 }
 
-func (s *DockerSuite) TestAPIErrorJSON(c *check.C) {
+func (s *DockerSuite) TestAPIErrorJSON(c *testing.T) {
 	httpResp, body, err := request.Post("/containers/create", request.JSONBody(struct{}{}))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(httpResp.StatusCode, checker.Equals, http.StatusInternalServerError)
+		assert.Equal(c, httpResp.StatusCode, http.StatusInternalServerError)
 	} else {
-		c.Assert(httpResp.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, httpResp.StatusCode, http.StatusBadRequest)
 	}
-	c.Assert(httpResp.Header.Get("Content-Type"), checker.Equals, "application/json")
+	assert.Assert(c, strings.Contains(httpResp.Header.Get("Content-Type"), "application/json"))
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(getErrorMessage(c, b), checker.Equals, "Config cannot be empty in order to create a container")
+	assert.NilError(c, err)
+	assert.Equal(c, getErrorMessage(c, b), "Config cannot be empty in order to create a container")
 }
 
-func (s *DockerSuite) TestAPIErrorPlainText(c *check.C) {
+func (s *DockerSuite) TestAPIErrorPlainText(c *testing.T) {
 	// Windows requires API 1.25 or later. This test is validating a behaviour which was present
 	// in v1.23, but changed in 1.24, hence not applicable on Windows. See apiVersionSupportsJSONErrors
 	testRequires(c, DaemonIsLinux)
 	httpResp, body, err := request.Post("/v1.23/containers/create", request.JSONBody(struct{}{}))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(httpResp.StatusCode, checker.Equals, http.StatusInternalServerError)
+		assert.Equal(c, httpResp.StatusCode, http.StatusInternalServerError)
 	} else {
-		c.Assert(httpResp.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, httpResp.StatusCode, http.StatusBadRequest)
 	}
-	c.Assert(httpResp.Header.Get("Content-Type"), checker.Contains, "text/plain")
+	assert.Assert(c, strings.Contains(httpResp.Header.Get("Content-Type"), "text/plain"))
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(string(b)), checker.Equals, "Config cannot be empty in order to create a container")
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(string(b)), "Config cannot be empty in order to create a container")
 }
 
-func (s *DockerSuite) TestAPIErrorNotFoundJSON(c *check.C) {
+func (s *DockerSuite) TestAPIErrorNotFoundJSON(c *testing.T) {
 	// 404 is a different code path to normal errors, so test separately
 	httpResp, body, err := request.Get("/notfound", request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusNotFound)
-	c.Assert(httpResp.Header.Get("Content-Type"), checker.Equals, "application/json")
+	assert.NilError(c, err)
+	assert.Equal(c, httpResp.StatusCode, http.StatusNotFound)
+	assert.Assert(c, strings.Contains(httpResp.Header.Get("Content-Type"), "application/json"))
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(getErrorMessage(c, b), checker.Equals, "page not found")
+	assert.NilError(c, err)
+	assert.Equal(c, getErrorMessage(c, b), "page not found")
 }
 
-func (s *DockerSuite) TestAPIErrorNotFoundPlainText(c *check.C) {
+func (s *DockerSuite) TestAPIErrorNotFoundPlainText(c *testing.T) {
 	httpResp, body, err := request.Get("/v1.23/notfound", request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusNotFound)
-	c.Assert(httpResp.Header.Get("Content-Type"), checker.Contains, "text/plain")
+	assert.NilError(c, err)
+	assert.Equal(c, httpResp.StatusCode, http.StatusNotFound)
+	assert.Assert(c, strings.Contains(httpResp.Header.Get("Content-Type"), "text/plain"))
 	b, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(string(b)), checker.Equals, "page not found")
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(string(b)), "page not found")
 }
diff --git a/integration-cli/docker_cli_attach_test.go b/integration-cli/docker_cli_attach_test.go
index ef2c708bbe63a..d82565c68e17e 100644
--- a/integration-cli/docker_cli_attach_test.go
+++ b/integration-cli/docker_cli_attach_test.go
@@ -8,16 +8,17 @@ import (
 	"runtime"
 	"strings"
 	"sync"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/integration-cli/cli"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
 const attachWait = 5 * time.Second
 
-func (s *DockerSuite) TestAttachMultipleAndRestart(c *check.C) {
+func (s *DockerSuite) TestAttachMultipleAndRestart(c *testing.T) {
 	endGroup := &sync.WaitGroup{}
 	startGroup := &sync.WaitGroup{}
 	endGroup.Add(3)
@@ -50,24 +51,24 @@ func (s *DockerSuite) TestAttachMultipleAndRestart(c *check.C) {
 
 			out, err := cmd.StdoutPipe()
 			if err != nil {
-				c.Fatal(err)
+				c.Error(err)
 			}
 			defer out.Close()
 
 			if err := cmd.Start(); err != nil {
-				c.Fatal(err)
+				c.Error(err)
 			}
 
 			buf := make([]byte, 1024)
 
 			if _, err := out.Read(buf); err != nil && err != io.EOF {
-				c.Fatal(err)
+				c.Error(err)
 			}
 
 			startGroup.Done()
 
 			if !strings.Contains(string(buf), "hello") {
-				c.Fatalf("unexpected output %s expected hello\n", string(buf))
+				c.Errorf("unexpected output %s expected hello\n", string(buf))
 			}
 		}()
 	}
@@ -87,8 +88,8 @@ func (s *DockerSuite) TestAttachMultipleAndRestart(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestAttachTTYWithoutStdin(c *check.C) {
-	// TODO @jhowardmsft. Figure out how to get this running again reliable on Windows.
+func (s *DockerSuite) TestAttachTTYWithoutStdin(c *testing.T) {
+	// TODO: Figure out how to get this running again reliable on Windows.
 	// It works by accident at the moment. Sometimes. I've gone back to v1.13.0 and see the same.
 	// On Windows, docker run -d -ti busybox causes the container to exit immediately.
 	// Obviously a year back when I updated the test, that was not the case. However,
@@ -99,9 +100,9 @@ func (s *DockerSuite) TestAttachTTYWithoutStdin(c *check.C) {
 	out, _ := dockerCmd(c, "run", "-d", "-ti", "busybox")
 
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 
-	done := make(chan error)
+	done := make(chan error, 1)
 	go func() {
 		defer close(done)
 
@@ -126,13 +127,13 @@ func (s *DockerSuite) TestAttachTTYWithoutStdin(c *check.C) {
 
 	select {
 	case err := <-done:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(attachWait):
 		c.Fatal("attach is running but should have failed")
 	}
 }
 
-func (s *DockerSuite) TestAttachDisconnect(c *check.C) {
+func (s *DockerSuite) TestAttachDisconnect(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-di", "busybox", "/bin/cat")
 	id := strings.TrimSpace(out)
@@ -144,28 +145,28 @@ func (s *DockerSuite) TestAttachDisconnect(c *check.C) {
 	}
 	defer stdin.Close()
 	stdout, err := cmd.StdoutPipe()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	defer stdout.Close()
-	c.Assert(cmd.Start(), check.IsNil)
+	assert.Assert(c, cmd.Start() == nil)
 	defer func() {
 		cmd.Process.Kill()
 		cmd.Wait()
 	}()
 
 	_, err = stdin.Write([]byte("hello\n"))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	out, err = bufio.NewReader(stdout).ReadString('\n')
-	c.Assert(err, check.IsNil)
-	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 
-	c.Assert(stdin.Close(), check.IsNil)
+	assert.Assert(c, stdin.Close() == nil)
 
 	// Expect container to still be running after stdin is closed
 	running := inspectField(c, id, "State.Running")
-	c.Assert(running, check.Equals, "true")
+	assert.Equal(c, running, "true")
 }
 
-func (s *DockerSuite) TestAttachPausedContainer(c *check.C) {
+func (s *DockerSuite) TestAttachPausedContainer(c *testing.T) {
 	testRequires(c, IsPausable)
 	runSleepingContainer(c, "-d", "--name=test")
 	dockerCmd(c, "pause", "test")
diff --git a/integration-cli/docker_cli_attach_unix_test.go b/integration-cli/docker_cli_attach_unix_test.go
index e270fda9cbef6..8dbb55e761829 100644
--- a/integration-cli/docker_cli_attach_unix_test.go
+++ b/integration-cli/docker_cli_attach_unix_test.go
@@ -1,39 +1,40 @@
+//go:build !windows
 // +build !windows
 
 package main
 
 import (
 	"bufio"
-	"io/ioutil"
+	"io"
 	"os/exec"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"github.com/kr/pty"
+	"github.com/creack/pty"
+	"gotest.tools/v3/assert"
 )
 
 // #9860 Make sure attach ends when container ends (with no errors)
-func (s *DockerSuite) TestAttachClosedOnContainerStop(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestAttachClosedOnContainerStop(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 
 	out, _ := dockerCmd(c, "run", "-dti", "busybox", "/bin/sh", "-c", `trap 'exit 0' SIGTERM; while true; do sleep 1; done`)
 
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	pty, tty, err := pty.Open()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	attachCmd := exec.Command(dockerBinary, "attach", id)
 	attachCmd.Stdin = tty
 	attachCmd.Stdout = tty
 	attachCmd.Stderr = tty
 	err = attachCmd.Start()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
-	errChan := make(chan error)
+	errChan := make(chan error, 1)
 	go func() {
 		time.Sleep(300 * time.Millisecond)
 		defer close(errChan)
@@ -50,31 +51,31 @@ func (s *DockerSuite) TestAttachClosedOnContainerStop(c *check.C) {
 	select {
 	case err := <-errChan:
 		tty.Close()
-		out, _ := ioutil.ReadAll(pty)
-		c.Assert(err, check.IsNil, check.Commentf("out: %v", string(out)))
+		out, _ := io.ReadAll(pty)
+		assert.Assert(c, err == nil, "out: %v", string(out))
 	case <-time.After(attachWait):
 		c.Fatal("timed out without attach returning")
 	}
 
 }
 
-func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
+func (s *DockerSuite) TestAttachAfterDetach(c *testing.T) {
 	name := "detachtest"
 
 	cpty, tty, err := pty.Open()
-	c.Assert(err, checker.IsNil, check.Commentf("Could not open pty: %v", err))
+	assert.NilError(c, err, "Could not open pty: %v", err)
 	cmd := exec.Command(dockerBinary, "run", "-ti", "--name", name, "busybox")
 	cmd.Stdin = tty
 	cmd.Stdout = tty
 	cmd.Stderr = tty
 
-	cmdExit := make(chan error)
+	cmdExit := make(chan error, 1)
 	go func() {
 		cmdExit <- cmd.Run()
 		close(cmdExit)
 	}()
 
-	c.Assert(waitRun(name), check.IsNil)
+	assert.Assert(c, waitRun(name) == nil)
 
 	cpty.Write([]byte{16})
 	time.Sleep(100 * time.Millisecond)
@@ -87,7 +88,7 @@ func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
 	}
 
 	cpty, tty, err = pty.Open()
-	c.Assert(err, checker.IsNil, check.Commentf("Could not open pty: %v", err))
+	assert.NilError(c, err, "Could not open pty: %v", err)
 
 	cmd = exec.Command(dockerBinary, "attach", name)
 	cmd.Stdin = tty
@@ -95,7 +96,7 @@ func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
 	cmd.Stderr = tty
 
 	err = cmd.Start()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer cmd.Process.Kill()
 
 	bytes := make([]byte, 10)
@@ -114,45 +115,45 @@ func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
 
 	select {
 	case err := <-readErr:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(2 * time.Second):
 		c.Fatal("timeout waiting for attach read")
 	}
 
-	c.Assert(string(bytes[:nBytes]), checker.Contains, "/ #")
+	assert.Assert(c, strings.Contains(string(bytes[:nBytes]), "/ #"))
 }
 
 // TestAttachDetach checks that attach in tty mode can be detached using the long container ID
-func (s *DockerSuite) TestAttachDetach(c *check.C) {
+func (s *DockerSuite) TestAttachDetach(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-itd", "busybox", "cat")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	cpty, tty, err := pty.Open()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	defer cpty.Close()
 
 	cmd := exec.Command(dockerBinary, "attach", id)
 	cmd.Stdin = tty
 	stdout, err := cmd.StdoutPipe()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	defer stdout.Close()
 	err = cmd.Start()
-	c.Assert(err, check.IsNil)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, err)
+	assert.NilError(c, waitRun(id))
 
 	_, err = cpty.Write([]byte("hello\n"))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	out, err = bufio.NewReader(stdout).ReadString('\n')
-	c.Assert(err, check.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 
 	// escape sequence
 	_, err = cpty.Write([]byte{16})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	time.Sleep(100 * time.Millisecond)
 	_, err = cpty.Write([]byte{17})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	ch := make(chan struct{})
 	go func() {
@@ -167,5 +168,5 @@ func (s *DockerSuite) TestAttachDetach(c *check.C) {
 	}
 
 	running := inspectField(c, id, "State.Running")
-	c.Assert(running, checker.Equals, "true") // container should be running
+	assert.Equal(c, running, "true") // container should be running
 }
diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go
index 091f13709934e..34f61b450f145 100644
--- a/integration-cli/docker_cli_build_test.go
+++ b/integration-cli/docker_cli_build_test.go
@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -13,32 +12,33 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
+	"testing"
 	"text/template"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/docker/internal/test/fakegit"
-	"github.com/docker/docker/internal/test/fakestorage"
-	"github.com/docker/docker/internal/testutil"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/system"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil"
+	"github.com/docker/docker/testutil/fakecontext"
+	"github.com/docker/docker/testutil/fakegit"
+	"github.com/docker/docker/testutil/fakestorage"
 	"github.com/moby/buildkit/frontend/dockerfile/command"
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/icmd"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestBuildJSONEmptyRun(c *check.C) {
+func (s *DockerSuite) TestBuildJSONEmptyRun(c *testing.T) {
 	cli.BuildCmd(c, "testbuildjsonemptyrun", build.WithDockerfile(`
     FROM busybox
     RUN []
     `))
 }
 
-func (s *DockerSuite) TestBuildShCmdJSONEntrypoint(c *check.C) {
+func (s *DockerSuite) TestBuildShCmdJSONEntrypoint(c *testing.T) {
 	name := "testbuildshcmdjsonentrypoint"
 	expected := "/bin/sh -c echo test"
 	if testEnv.OSType == "windows" {
@@ -57,7 +57,7 @@ func (s *DockerSuite) TestBuildShCmdJSONEntrypoint(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildEnvironmentReplacementUser(c *check.C) {
+func (s *DockerSuite) TestBuildEnvironmentReplacementUser(c *testing.T) {
 	// Windows does not support FROM scratch or the USER command
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvironmentreplacement"
@@ -74,7 +74,7 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementUser(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildEnvironmentReplacementVolume(c *check.C) {
+func (s *DockerSuite) TestBuildEnvironmentReplacementVolume(c *testing.T) {
 	name := "testbuildenvironmentreplacement"
 
 	var volumePath string
@@ -99,7 +99,7 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementVolume(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildEnvironmentReplacementExpose(c *check.C) {
+func (s *DockerSuite) TestBuildEnvironmentReplacementExpose(c *testing.T) {
 	// Windows does not support FROM scratch or the EXPOSE command
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvironmentreplacement"
@@ -124,7 +124,7 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementExpose(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildEnvironmentReplacementWorkdir(c *check.C) {
+func (s *DockerSuite) TestBuildEnvironmentReplacementWorkdir(c *testing.T) {
 	name := "testbuildenvironmentreplacement"
 
 	buildImageSuccessfully(c, name, build.WithDockerfile(`
@@ -144,7 +144,7 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementWorkdir(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildEnvironmentReplacementAddCopy(c *check.C) {
+func (s *DockerSuite) TestBuildEnvironmentReplacementAddCopy(c *testing.T) {
 	name := "testbuildenvironmentreplacement"
 
 	buildImageSuccessfully(c, name, build.WithBuildContext(c,
@@ -168,7 +168,7 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementAddCopy(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *check.C) {
+func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *testing.T) {
 	// ENV expansions work differently in Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvironmentreplacement"
@@ -231,7 +231,7 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildHandleEscapesInVolume(c *check.C) {
+func (s *DockerSuite) TestBuildHandleEscapesInVolume(c *testing.T) {
 	// The volume paths used in this test are invalid on Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildhandleescapes"
@@ -275,7 +275,7 @@ func (s *DockerSuite) TestBuildHandleEscapesInVolume(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildOnBuildLowercase(c *check.C) {
+func (s *DockerSuite) TestBuildOnBuildLowercase(c *testing.T) {
 	name := "testbuildonbuildlowercase"
 	name2 := "testbuildonbuildlowercase2"
 
@@ -299,7 +299,7 @@ func (s *DockerSuite) TestBuildOnBuildLowercase(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildEnvEscapes(c *check.C) {
+func (s *DockerSuite) TestBuildEnvEscapes(c *testing.T) {
 	// ENV expansions work differently in Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvescapes"
@@ -316,7 +316,7 @@ func (s *DockerSuite) TestBuildEnvEscapes(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildEnvOverwrite(c *check.C) {
+func (s *DockerSuite) TestBuildEnvOverwrite(c *testing.T) {
 	// ENV expansions work differently in Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvoverwrite"
@@ -334,7 +334,7 @@ func (s *DockerSuite) TestBuildEnvOverwrite(c *check.C) {
 }
 
 // FIXME(vdemeester) why we disabled cache here ?
-func (s *DockerSuite) TestBuildOnBuildCmdEntrypointJSON(c *check.C) {
+func (s *DockerSuite) TestBuildOnBuildCmdEntrypointJSON(c *testing.T) {
 	name1 := "onbuildcmd"
 	name2 := "onbuildgenerated"
 
@@ -351,7 +351,7 @@ ONBUILD RUN ["true"]`))
 }
 
 // FIXME(vdemeester) why we disabled cache here ?
-func (s *DockerSuite) TestBuildOnBuildEntrypointJSON(c *check.C) {
+func (s *DockerSuite) TestBuildOnBuildEntrypointJSON(c *testing.T) {
 	name1 := "onbuildcmd"
 	name2 := "onbuildgenerated"
 
@@ -368,7 +368,7 @@ ONBUILD ENTRYPOINT ["echo"]`))
 
 }
 
-func (s *DockerSuite) TestBuildCacheAdd(c *check.C) {
+func (s *DockerSuite) TestBuildCacheAdd(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows doesn't have httpserver image yet
 	name := "testbuildtwoimageswithadd"
 	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
@@ -388,8 +388,8 @@ func (s *DockerSuite) TestBuildCacheAdd(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildLastModified(c *check.C) {
-	// Temporary fix for #30890. TODO @jhowardmsft figure out what
+func (s *DockerSuite) TestBuildLastModified(c *testing.T) {
+	// Temporary fix for #30890. TODO: figure out what
 	// has changed in the master busybox image.
 	testRequires(c, DaemonIsLinux)
 
@@ -441,7 +441,7 @@ ADD %s/file /`
 // Regression for https://github.com/docker/docker/pull/27805
 // Makes sure that we don't use the cache if the contents of
 // a file in a subfolder of the context is modified and we re-build.
-func (s *DockerSuite) TestBuildModifyFileInFolder(c *check.C) {
+func (s *DockerSuite) TestBuildModifyFileInFolder(c *testing.T) {
 	name := "testbuildmodifyfileinfolder"
 
 	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
@@ -463,7 +463,7 @@ ADD folder/file /test/changetarget`))
 	}
 }
 
-func (s *DockerSuite) TestBuildAddSingleFileToRoot(c *check.C) {
+func (s *DockerSuite) TestBuildAddSingleFileToRoot(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testaddimg", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
@@ -479,7 +479,7 @@ RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expecte
 }
 
 // Issue #3960: "ADD src ." hangs
-func (s *DockerSuite) TestBuildAddSingleFileToWorkdir(c *check.C) {
+func (s *DockerSuite) TestBuildAddSingleFileToWorkdir(c *testing.T) {
 	name := "testaddsinglefiletoworkdir"
 	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(
 		`FROM busybox
@@ -489,7 +489,7 @@ func (s *DockerSuite) TestBuildAddSingleFileToWorkdir(c *check.C) {
 		}))
 	defer ctx.Close()
 
-	errChan := make(chan error)
+	errChan := make(chan error, 1)
 	go func() {
 		errChan <- buildImage(name, build.WithExternalBuildContext(ctx)).Error
 		close(errChan)
@@ -498,11 +498,11 @@ func (s *DockerSuite) TestBuildAddSingleFileToWorkdir(c *check.C) {
 	case <-time.After(15 * time.Second):
 		c.Fatal("Build with adding to workdir timed out")
 	case err := <-errChan:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	}
 }
 
-func (s *DockerSuite) TestBuildAddSingleFileToExistDir(c *check.C) {
+func (s *DockerSuite) TestBuildAddSingleFileToExistDir(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	cli.BuildCmd(c, "testaddsinglefiletoexistdir", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -518,7 +518,7 @@ RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio'
 		build.WithFile("test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildCopyAddMultipleFiles(c *check.C) {
+func (s *DockerSuite) TestBuildCopyAddMultipleFiles(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"robots.txt": "hello",
@@ -551,7 +551,7 @@ RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio'
 
 // These tests are mainly for user namespaces to verify that new directories
 // are created as the remapped root uid/gid pair
-func (s *DockerSuite) TestBuildUsernamespaceValidateRemappedRoot(c *check.C) {
+func (s *DockerSuite) TestBuildUsernamespaceValidateRemappedRoot(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testCases := []string{
 		"ADD . /new_dir",
@@ -570,7 +570,7 @@ RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`, tc)),
 	}
 }
 
-func (s *DockerSuite) TestBuildAddAndCopyFileWithWhitespace(c *check.C) {
+func (s *DockerSuite) TestBuildAddAndCopyFileWithWhitespace(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Not currently passing on Windows
 	name := "testaddfilewithwhitespace"
 
@@ -603,7 +603,7 @@ RUN [ $(cat "/test dir/test_file6") = 'test6' ]`, command, command, command, com
 	}
 }
 
-func (s *DockerSuite) TestBuildCopyFileWithWhitespaceOnWindows(c *check.C) {
+func (s *DockerSuite) TestBuildCopyFileWithWhitespaceOnWindows(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	dockerfile := `FROM ` + testEnv.PlatformDefaults.BaseImage + `
 RUN mkdir "C:/test dir"
@@ -633,7 +633,7 @@ RUN find "test6" "C:/test dir/test_file6"`
 	))
 }
 
-func (s *DockerSuite) TestBuildCopyWildcard(c *check.C) {
+func (s *DockerSuite) TestBuildCopyWildcard(c *testing.T) {
 	name := "testcopywildcard"
 	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"robots.txt": "hello",
@@ -673,7 +673,7 @@ func (s *DockerSuite) TestBuildCopyWildcard(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildCopyWildcardInName(c *check.C) {
+func (s *DockerSuite) TestBuildCopyWildcardInName(c *testing.T) {
 	// Run this only on Linux
 	// Below is the original comment (that I don't agree with — vdemeester)
 	// Normally we would do c.Fatal(err) here but given that
@@ -693,7 +693,7 @@ func (s *DockerSuite) TestBuildCopyWildcardInName(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildCopyWildcardCache(c *check.C) {
+func (s *DockerSuite) TestBuildCopyWildcardCache(c *testing.T) {
 	name := "testcopywildcardcache"
 	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
 	COPY file1.txt /tmp/`),
@@ -719,7 +719,7 @@ func (s *DockerSuite) TestBuildCopyWildcardCache(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildAddSingleFileToNonExistingDir(c *check.C) {
+func (s *DockerSuite) TestBuildAddSingleFileToNonExistingDir(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testaddsinglefiletononexistingdir", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -734,7 +734,7 @@ RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
 		build.WithFile("test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildAddDirContentToRoot(c *check.C) {
+func (s *DockerSuite) TestBuildAddDirContentToRoot(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testadddircontenttoroot", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -748,7 +748,7 @@ RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
 		build.WithFile("test_dir/test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildAddDirContentToExistingDir(c *check.C) {
+func (s *DockerSuite) TestBuildAddDirContentToExistingDir(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testadddircontenttoexistingdir", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -764,7 +764,7 @@ RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]`),
 		build.WithFile("test_dir/test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildAddWholeDirToRoot(c *check.C) {
+func (s *DockerSuite) TestBuildAddWholeDirToRoot(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testaddwholedirtoroot", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
@@ -782,7 +782,7 @@ RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expecte
 }
 
 // Testing #5941 : Having an etc directory in context conflicts with the /etc/mtab
-func (s *DockerSuite) TestBuildAddOrCopyEtcToRootShouldNotConflict(c *check.C) {
+func (s *DockerSuite) TestBuildAddOrCopyEtcToRootShouldNotConflict(c *testing.T) {
 	buildImageSuccessfully(c, "testaddetctoroot", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM `+minimalBaseImage()+`
 ADD . /`),
@@ -794,7 +794,7 @@ COPY . /`),
 }
 
 // Testing #9401 : Losing setuid flag after a ADD
-func (s *DockerSuite) TestBuildAddPreservesFilesSpecialBits(c *check.C) {
+func (s *DockerSuite) TestBuildAddPreservesFilesSpecialBits(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testaddetctoroot", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -807,7 +807,7 @@ RUN [ $(ls -l /usr/bin/suidbin | awk '{print $1}') = '-rwsr-xr-x' ]`),
 		build.WithFile("/data/usr/test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildCopySingleFileToRoot(c *check.C) {
+func (s *DockerSuite) TestBuildCopySingleFileToRoot(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testcopysinglefiletoroot", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
@@ -823,7 +823,7 @@ RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expecte
 }
 
 // Issue #3960: "ADD src ." hangs - adapted for COPY
-func (s *DockerSuite) TestBuildCopySingleFileToWorkdir(c *check.C) {
+func (s *DockerSuite) TestBuildCopySingleFileToWorkdir(c *testing.T) {
 	name := "testcopysinglefiletoworkdir"
 	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
 COPY test_file .`),
@@ -832,7 +832,7 @@ COPY test_file .`),
 		}))
 	defer ctx.Close()
 
-	errChan := make(chan error)
+	errChan := make(chan error, 1)
 	go func() {
 		errChan <- buildImage(name, build.WithExternalBuildContext(ctx)).Error
 		close(errChan)
@@ -841,11 +841,11 @@ COPY test_file .`),
 	case <-time.After(15 * time.Second):
 		c.Fatal("Build with adding to workdir timed out")
 	case err := <-errChan:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	}
 }
 
-func (s *DockerSuite) TestBuildCopySingleFileToExistDir(c *check.C) {
+func (s *DockerSuite) TestBuildCopySingleFileToExistDir(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testcopysinglefiletoexistdir", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -861,7 +861,7 @@ RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio'
 		build.WithFile("test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildCopySingleFileToNonExistDir(c *check.C) {
+func (s *DockerSuite) TestBuildCopySingleFileToNonExistDir(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific
 	buildImageSuccessfully(c, "testcopysinglefiletononexistdir", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -876,7 +876,7 @@ RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
 		build.WithFile("test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildCopyDirContentToRoot(c *check.C) {
+func (s *DockerSuite) TestBuildCopyDirContentToRoot(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testcopydircontenttoroot", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -890,7 +890,7 @@ RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
 		build.WithFile("test_dir/test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildCopyDirContentToExistDir(c *check.C) {
+func (s *DockerSuite) TestBuildCopyDirContentToExistDir(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testcopydircontenttoexistdir", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -906,7 +906,7 @@ RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]`),
 		build.WithFile("test_dir/test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildCopyWholeDirToRoot(c *check.C) {
+func (s *DockerSuite) TestBuildCopyWholeDirToRoot(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
 	buildImageSuccessfully(c, "testcopywholedirtoroot", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
@@ -923,7 +923,7 @@ RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expecte
 		build.WithFile("test_dir/test_file", "test1")))
 }
 
-func (s *DockerSuite) TestBuildAddBadLinks(c *check.C) {
+func (s *DockerSuite) TestBuildAddBadLinks(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Not currently working on Windows
 
 	dockerfile := `
@@ -938,7 +938,7 @@ func (s *DockerSuite) TestBuildAddBadLinks(c *check.C) {
 	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile))
 	defer ctx.Close()
 
-	tempDir, err := ioutil.TempDir("", "test-link-absolute-temp-")
+	tempDir, err := os.MkdirTemp("", "test-link-absolute-temp-")
 	if err != nil {
 		c.Fatalf("failed to create temporary directory: %s", tempDir)
 	}
@@ -997,13 +997,13 @@ func (s *DockerSuite) TestBuildAddBadLinks(c *check.C) {
 	}
 
 	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
-	if _, err := os.Stat(nonExistingFile); err == nil || err != nil && !os.IsNotExist(err) {
+	if _, err := os.Stat(nonExistingFile); err == nil || !os.IsNotExist(err) {
 		c.Fatalf("%s shouldn't have been written and it shouldn't exist", nonExistingFile)
 	}
 
 }
 
-func (s *DockerSuite) TestBuildAddBadLinksVolume(c *check.C) {
+func (s *DockerSuite) TestBuildAddBadLinksVolume(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // ln not implemented on Windows busybox
 	const (
 		dockerfileTemplate = `
@@ -1014,7 +1014,7 @@ func (s *DockerSuite) TestBuildAddBadLinksVolume(c *check.C) {
 		targetFile = "foo.txt"
 	)
 
-	tempDir, err := ioutil.TempDir("", "test-link-absolute-volume-temp-")
+	tempDir, err := os.MkdirTemp("", "test-link-absolute-volume-temp-")
 	if err != nil {
 		c.Fatalf("failed to create temporary directory: %s", tempDir)
 	}
@@ -1038,7 +1038,7 @@ func (s *DockerSuite) TestBuildAddBadLinksVolume(c *check.C) {
 	}
 
 	buildImageSuccessfully(c, "test-link-absolute-volume", build.WithExternalBuildContext(ctx))
-	if _, err := os.Stat(nonExistingFile); err == nil || err != nil && !os.IsNotExist(err) {
+	if _, err := os.Stat(nonExistingFile); err == nil || !os.IsNotExist(err) {
 		c.Fatalf("%s shouldn't have been written and it shouldn't exist", nonExistingFile)
 	}
 
@@ -1046,8 +1046,8 @@ func (s *DockerSuite) TestBuildAddBadLinksVolume(c *check.C) {
 
 // Issue #5270 - ensure we throw a better error than "unexpected EOF"
 // when we can't access files in the context.
-func (s *DockerSuite) TestBuildWithInaccessibleFilesInContext(c *check.C) {
-	testRequires(c, DaemonIsLinux, UnixCli, SameHostDaemon) // test uses chown/chmod: not available on windows
+func (s *DockerSuite) TestBuildWithInaccessibleFilesInContext(c *testing.T) {
+	testRequires(c, DaemonIsLinux, UnixCli, testEnv.IsLocalDaemon) // test uses chown/chmod: not available on windows
 
 	{
 		name := "testbuildinaccessiblefiles"
@@ -1167,7 +1167,7 @@ func (s *DockerSuite) TestBuildWithInaccessibleFilesInContext(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildForceRm(c *check.C) {
+func (s *DockerSuite) TestBuildForceRm(c *testing.T) {
 	containerCountBefore := getContainerCount(c)
 	name := "testbuildforcerm"
 
@@ -1186,7 +1186,7 @@ func (s *DockerSuite) TestBuildForceRm(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildRm(c *check.C) {
+func (s *DockerSuite) TestBuildRm(c *testing.T) {
 	name := "testbuildrm"
 
 	testCases := []struct {
@@ -1229,7 +1229,7 @@ func (s *DockerSuite) TestBuildRm(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildWithVolumes(c *check.C) {
+func (s *DockerSuite) TestBuildWithVolumes(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Invalid volume paths on Windows
 	var (
 		result   map[string]map[string]struct{}
@@ -1264,7 +1264,7 @@ func (s *DockerSuite) TestBuildWithVolumes(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildMaintainer(c *check.C) {
+func (s *DockerSuite) TestBuildMaintainer(c *testing.T) {
 	name := "testbuildmaintainer"
 
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
@@ -1277,7 +1277,7 @@ func (s *DockerSuite) TestBuildMaintainer(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildUser(c *check.C) {
+func (s *DockerSuite) TestBuildUser(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuilduser"
 	expected := "dockerio"
@@ -1291,7 +1291,7 @@ func (s *DockerSuite) TestBuildUser(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildRelativeWorkdir(c *check.C) {
+func (s *DockerSuite) TestBuildRelativeWorkdir(c *testing.T) {
 	name := "testbuildrelativeworkdir"
 
 	var (
@@ -1333,7 +1333,7 @@ func (s *DockerSuite) TestBuildRelativeWorkdir(c *check.C) {
 
 // #22181 Regression test. Single end-to-end test of using
 // Windows semantics. Most path handling verifications are in unit tests
-func (s *DockerSuite) TestBuildWindowsWorkdirProcessing(c *check.C) {
+func (s *DockerSuite) TestBuildWindowsWorkdirProcessing(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	buildImageSuccessfully(c, "testbuildwindowsworkdirprocessing", build.WithDockerfile(`FROM busybox
 		WORKDIR C:\\foo
@@ -1344,9 +1344,9 @@ func (s *DockerSuite) TestBuildWindowsWorkdirProcessing(c *check.C) {
 
 // #22181 Regression test. Most paths handling verifications are in unit test.
 // One functional test for end-to-end
-func (s *DockerSuite) TestBuildWindowsAddCopyPathProcessing(c *check.C) {
+func (s *DockerSuite) TestBuildWindowsAddCopyPathProcessing(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
-	// TODO Windows (@jhowardmsft). Needs a follow-up PR to 22181 to
+	// TODO Windows. Needs a follow-up PR to 22181 to
 	// support backslash such as .\\ being equivalent to ./ and c:\\ being
 	// equivalent to c:/. This is not currently (nor ever has been) supported
 	// by docker on the Windows platform.
@@ -1377,7 +1377,7 @@ func (s *DockerSuite) TestBuildWindowsAddCopyPathProcessing(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildWorkdirWithEnvVariables(c *check.C) {
+func (s *DockerSuite) TestBuildWorkdirWithEnvVariables(c *testing.T) {
 	name := "testbuildworkdirwithenvvariables"
 
 	var expected string
@@ -1398,7 +1398,7 @@ func (s *DockerSuite) TestBuildWorkdirWithEnvVariables(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildRelativeCopy(c *check.C) {
+func (s *DockerSuite) TestBuildRelativeCopy(c *testing.T) {
 	// cat /test1/test2/foo gets permission denied for the user
 	testRequires(c, NotUserNamespace)
 
@@ -1437,7 +1437,7 @@ func (s *DockerSuite) TestBuildRelativeCopy(c *check.C) {
 }
 
 // FIXME(vdemeester) should be unit test
-func (s *DockerSuite) TestBuildBlankName(c *check.C) {
+func (s *DockerSuite) TestBuildBlankName(c *testing.T) {
 	name := "testbuildblankname"
 	testCases := []struct {
 		expression     string
@@ -1466,7 +1466,7 @@ func (s *DockerSuite) TestBuildBlankName(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildEnv(c *check.C) {
+func (s *DockerSuite) TestBuildEnv(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // ENV expansion is different in Windows
 	name := "testbuildenv"
 	expected := "[PATH=/test:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PORT=2375]"
@@ -1480,7 +1480,7 @@ func (s *DockerSuite) TestBuildEnv(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildPATH(c *check.C) {
+func (s *DockerSuite) TestBuildPATH(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // ENV expansion is different in Windows
 
 	defPath := "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -1509,11 +1509,11 @@ func (s *DockerSuite) TestBuildPATH(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildContextCleanup(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestBuildContextCleanup(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 
 	name := "testbuildcontextcleanup"
-	entries, err := ioutil.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
+	entries, err := os.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
 	if err != nil {
 		c.Fatalf("failed to list contents of tmp dir: %s", err)
 	}
@@ -1521,7 +1521,7 @@ func (s *DockerSuite) TestBuildContextCleanup(c *check.C) {
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
         ENTRYPOINT ["/bin/echo"]`))
 
-	entriesFinal, err := ioutil.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
+	entriesFinal, err := os.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
 	if err != nil {
 		c.Fatalf("failed to list contents of tmp dir: %s", err)
 	}
@@ -1531,11 +1531,11 @@ func (s *DockerSuite) TestBuildContextCleanup(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildContextCleanupFailedBuild(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestBuildContextCleanupFailedBuild(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 
 	name := "testbuildcontextcleanup"
-	entries, err := ioutil.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
+	entries, err := os.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
 	if err != nil {
 		c.Fatalf("failed to list contents of tmp dir: %s", err)
 	}
@@ -1545,7 +1545,7 @@ func (s *DockerSuite) TestBuildContextCleanupFailedBuild(c *check.C) {
 		ExitCode: 1,
 	})
 
-	entriesFinal, err := ioutil.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
+	entriesFinal, err := os.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
 	if err != nil {
 		c.Fatalf("failed to list contents of tmp dir: %s", err)
 	}
@@ -1555,9 +1555,9 @@ func (s *DockerSuite) TestBuildContextCleanupFailedBuild(c *check.C) {
 
 }
 
-// compareDirectoryEntries compares two sets of FileInfo (usually taken from a directory)
+// compareDirectoryEntries compares two sets of DirEntry (usually taken from a directory)
 // and returns an error if different.
-func compareDirectoryEntries(e1 []os.FileInfo, e2 []os.FileInfo) error {
+func compareDirectoryEntries(e1 []os.DirEntry, e2 []os.DirEntry) error {
 	var (
 		e1Entries = make(map[string]struct{})
 		e2Entries = make(map[string]struct{})
@@ -1574,7 +1574,7 @@ func compareDirectoryEntries(e1 []os.FileInfo, e2 []os.FileInfo) error {
 	return nil
 }
 
-func (s *DockerSuite) TestBuildCmd(c *check.C) {
+func (s *DockerSuite) TestBuildCmd(c *testing.T) {
 	name := "testbuildcmd"
 	expected := "[/bin/echo Hello World]"
 
@@ -1587,7 +1587,7 @@ func (s *DockerSuite) TestBuildCmd(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildExpose(c *check.C) {
+func (s *DockerSuite) TestBuildExpose(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	name := "testbuildexpose"
 	expected := "map[2375/tcp:{}]"
@@ -1601,7 +1601,7 @@ func (s *DockerSuite) TestBuildExpose(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildExposeMorePorts(c *check.C) {
+func (s *DockerSuite) TestBuildExposeMorePorts(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	// start building docker file with a large number of ports
 	portList := make([]string, 50)
@@ -1650,7 +1650,7 @@ func (s *DockerSuite) TestBuildExposeMorePorts(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildExposeOrder(c *check.C) {
+func (s *DockerSuite) TestBuildExposeOrder(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	buildID := func(name, exposed string) string {
 		buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(`FROM scratch
@@ -1666,7 +1666,7 @@ func (s *DockerSuite) TestBuildExposeOrder(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildExposeUpperCaseProto(c *check.C) {
+func (s *DockerSuite) TestBuildExposeUpperCaseProto(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	name := "testbuildexposeuppercaseproto"
 	expected := "map[5678/udp:{}]"
@@ -1678,7 +1678,7 @@ func (s *DockerSuite) TestBuildExposeUpperCaseProto(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildEmptyEntrypointInheritance(c *check.C) {
+func (s *DockerSuite) TestBuildEmptyEntrypointInheritance(c *testing.T) {
 	name := "testbuildentrypointinheritance"
 	name2 := "testbuildentrypointinheritance2"
 
@@ -1701,7 +1701,7 @@ func (s *DockerSuite) TestBuildEmptyEntrypointInheritance(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildEmptyEntrypoint(c *check.C) {
+func (s *DockerSuite) TestBuildEmptyEntrypoint(c *testing.T) {
 	name := "testbuildentrypoint"
 	expected := "[]"
 
@@ -1715,7 +1715,7 @@ func (s *DockerSuite) TestBuildEmptyEntrypoint(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildEntrypoint(c *check.C) {
+func (s *DockerSuite) TestBuildEntrypoint(c *testing.T) {
 	name := "testbuildentrypoint"
 
 	expected := "[/bin/echo]"
@@ -1730,7 +1730,7 @@ func (s *DockerSuite) TestBuildEntrypoint(c *check.C) {
 }
 
 // #6445 ensure ONBUILD triggers aren't committed to grandchildren
-func (s *DockerSuite) TestBuildOnBuildLimitedInheritance(c *check.C) {
+func (s *DockerSuite) TestBuildOnBuildLimitedInheritance(c *testing.T) {
 	buildImageSuccessfully(c, "testonbuildtrigger1", build.WithDockerfile(`
 		FROM busybox
 		RUN echo "GRANDPARENT"
@@ -1748,7 +1748,7 @@ func (s *DockerSuite) TestBuildOnBuildLimitedInheritance(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildSameDockerfileWithAndWithoutCache(c *check.C) {
+func (s *DockerSuite) TestBuildSameDockerfileWithAndWithoutCache(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	name := "testbuildwithcache"
 	dockerfile := `FROM scratch
@@ -1770,7 +1770,7 @@ func (s *DockerSuite) TestBuildSameDockerfileWithAndWithoutCache(c *check.C) {
 }
 
 // Make sure that ADD/COPY still populate the cache even if they don't use it
-func (s *DockerSuite) TestBuildConditionalCache(c *check.C) {
+func (s *DockerSuite) TestBuildConditionalCache(c *testing.T) {
 	name := "testbuildconditionalcache"
 
 	dockerfile := `
@@ -1804,7 +1804,7 @@ func (s *DockerSuite) TestBuildConditionalCache(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildAddMultipleLocalFileWithAndWithoutCache(c *check.C) {
+func (s *DockerSuite) TestBuildAddMultipleLocalFileWithAndWithoutCache(c *testing.T) {
 	name := "testbuildaddmultiplelocalfilewithcache"
 	baseName := name + "-base"
 
@@ -1836,7 +1836,7 @@ func (s *DockerSuite) TestBuildAddMultipleLocalFileWithAndWithoutCache(c *check.
 	}
 }
 
-func (s *DockerSuite) TestBuildCopyDirButNotFile(c *check.C) {
+func (s *DockerSuite) TestBuildCopyDirButNotFile(c *testing.T) {
 	name := "testbuildcopydirbutnotfile"
 	name2 := "testbuildcopydirbutnotfile2"
 
@@ -1860,7 +1860,7 @@ func (s *DockerSuite) TestBuildCopyDirButNotFile(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildAddCurrentDirWithCache(c *check.C) {
+func (s *DockerSuite) TestBuildAddCurrentDirWithCache(c *testing.T) {
 	name := "testbuildaddcurrentdirwithcache"
 	name2 := name + "2"
 	name3 := name + "3"
@@ -1907,7 +1907,7 @@ func (s *DockerSuite) TestBuildAddCurrentDirWithCache(c *check.C) {
 }
 
 // FIXME(vdemeester) this really seems to test the same thing as before (TestBuildAddMultipleLocalFileWithAndWithoutCache)
-func (s *DockerSuite) TestBuildAddCurrentDirWithoutCache(c *check.C) {
+func (s *DockerSuite) TestBuildAddCurrentDirWithoutCache(c *testing.T) {
 	name := "testbuildaddcurrentdirwithoutcache"
 	dockerfile := `
         FROM ` + minimalBaseImage() + `
@@ -1926,7 +1926,7 @@ func (s *DockerSuite) TestBuildAddCurrentDirWithoutCache(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildAddRemoteFileWithAndWithoutCache(c *check.C) {
+func (s *DockerSuite) TestBuildAddRemoteFileWithAndWithoutCache(c *testing.T) {
 	name := "testbuildaddremotefilewithcache"
 	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"baz": "hello",
@@ -1951,7 +1951,7 @@ func (s *DockerSuite) TestBuildAddRemoteFileWithAndWithoutCache(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildAddRemoteFileMTime(c *check.C) {
+func (s *DockerSuite) TestBuildAddRemoteFileMTime(c *testing.T) {
 	name := "testbuildaddremotefilemtime"
 	name2 := name + "2"
 	name3 := name + "3"
@@ -1994,7 +1994,7 @@ func (s *DockerSuite) TestBuildAddRemoteFileMTime(c *check.C) {
 }
 
 // FIXME(vdemeester) this really seems to test the same thing as before (combined)
-func (s *DockerSuite) TestBuildAddLocalAndRemoteFilesWithAndWithoutCache(c *check.C) {
+func (s *DockerSuite) TestBuildAddLocalAndRemoteFilesWithAndWithoutCache(c *testing.T) {
 	name := "testbuildaddlocalandremotefilewithcache"
 	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"baz": "hello",
@@ -2023,7 +2023,7 @@ func (s *DockerSuite) TestBuildAddLocalAndRemoteFilesWithAndWithoutCache(c *chec
 	}
 }
 
-func testContextTar(c *check.C, compression archive.Compression) {
+func testContextTar(c *testing.T, compression archive.Compression) {
 	ctx := fakecontext.New(c, "",
 		fakecontext.WithDockerfile(`FROM busybox
 ADD foo /foo
@@ -2042,15 +2042,15 @@ CMD ["cat", "/foo"]`),
 	cli.BuildCmd(c, name, build.WithStdinContext(context))
 }
 
-func (s *DockerSuite) TestBuildContextTarGzip(c *check.C) {
+func (s *DockerSuite) TestBuildContextTarGzip(c *testing.T) {
 	testContextTar(c, archive.Gzip)
 }
 
-func (s *DockerSuite) TestBuildContextTarNoCompression(c *check.C) {
+func (s *DockerSuite) TestBuildContextTarNoCompression(c *testing.T) {
 	testContextTar(c, archive.Uncompressed)
 }
 
-func (s *DockerSuite) TestBuildNoContext(c *check.C) {
+func (s *DockerSuite) TestBuildNoContext(c *testing.T) {
 	name := "nocontext"
 	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "build", "-t", name, "-"},
@@ -2065,12 +2065,12 @@ func (s *DockerSuite) TestBuildNoContext(c *check.C) {
 }
 
 // FIXME(vdemeester) migrate to docker/cli e2e
-func (s *DockerSuite) TestBuildDockerfileStdin(c *check.C) {
+func (s *DockerSuite) TestBuildDockerfileStdin(c *testing.T) {
 	name := "stdindockerfile"
-	tmpDir, err := ioutil.TempDir("", "fake-context")
-	c.Assert(err, check.IsNil)
-	err = ioutil.WriteFile(filepath.Join(tmpDir, "foo"), []byte("bar"), 0600)
-	c.Assert(err, check.IsNil)
+	tmpDir, err := os.MkdirTemp("", "fake-context")
+	assert.NilError(c, err)
+	err = os.WriteFile(filepath.Join(tmpDir, "foo"), []byte("bar"), 0600)
+	assert.NilError(c, err)
 
 	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "build", "-t", name, "-f", "-", tmpDir},
@@ -2081,11 +2081,11 @@ CMD ["cat", "/foo"]`),
 	}).Assert(c, icmd.Success)
 
 	res := inspectField(c, name, "Config.Cmd")
-	c.Assert(strings.TrimSpace(string(res)), checker.Equals, `[cat /foo]`)
+	assert.Equal(c, strings.TrimSpace(res), `[cat /foo]`)
 }
 
 // FIXME(vdemeester) migrate to docker/cli tests (unit or e2e)
-func (s *DockerSuite) TestBuildDockerfileStdinConflict(c *check.C) {
+func (s *DockerSuite) TestBuildDockerfileStdinConflict(c *testing.T) {
 	name := "stdindockerfiletarcontext"
 	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "build", "-t", name, "-f", "-", "-"},
@@ -2095,27 +2095,27 @@ func (s *DockerSuite) TestBuildDockerfileStdinConflict(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildDockerfileStdinNoExtraFiles(c *check.C) {
+func (s *DockerSuite) TestBuildDockerfileStdinNoExtraFiles(c *testing.T) {
 	s.testBuildDockerfileStdinNoExtraFiles(c, false, false)
 }
 
-func (s *DockerSuite) TestBuildDockerfileStdinDockerignore(c *check.C) {
+func (s *DockerSuite) TestBuildDockerfileStdinDockerignore(c *testing.T) {
 	s.testBuildDockerfileStdinNoExtraFiles(c, true, false)
 }
 
-func (s *DockerSuite) TestBuildDockerfileStdinDockerignoreIgnored(c *check.C) {
+func (s *DockerSuite) TestBuildDockerfileStdinDockerignoreIgnored(c *testing.T) {
 	s.testBuildDockerfileStdinNoExtraFiles(c, true, true)
 }
 
-func (s *DockerSuite) testBuildDockerfileStdinNoExtraFiles(c *check.C, hasDockerignore, ignoreDockerignore bool) {
+func (s *DockerSuite) testBuildDockerfileStdinNoExtraFiles(c *testing.T, hasDockerignore, ignoreDockerignore bool) {
 	name := "stdindockerfilenoextra"
-	tmpDir, err := ioutil.TempDir("", "fake-context")
-	c.Assert(err, check.IsNil)
+	tmpDir, err := os.MkdirTemp("", "fake-context")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpDir)
 
 	writeFile := func(filename, content string) {
-		err = ioutil.WriteFile(filepath.Join(tmpDir, filename), []byte(content), 0600)
-		c.Assert(err, check.IsNil)
+		err = os.WriteFile(filepath.Join(tmpDir, filename), []byte(content), 0600)
+		assert.NilError(c, err)
 	}
 
 	writeFile("foo", "bar")
@@ -2141,13 +2141,13 @@ COPY . /baz`),
 
 	result = cli.DockerCmd(c, "run", "--rm", name, "ls", "-A", "/baz")
 	if hasDockerignore && !ignoreDockerignore {
-		c.Assert(result.Stdout(), checker.Equals, ".dockerignore\nfoo\n")
+		assert.Equal(c, result.Stdout(), ".dockerignore\nfoo\n")
 	} else {
-		c.Assert(result.Stdout(), checker.Equals, "foo\n")
+		assert.Equal(c, result.Stdout(), "foo\n")
 	}
 }
 
-func (s *DockerSuite) TestBuildWithVolumeOwnership(c *check.C) {
+func (s *DockerSuite) TestBuildWithVolumeOwnership(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildimg"
 
@@ -2167,7 +2167,7 @@ func (s *DockerSuite) TestBuildWithVolumeOwnership(c *check.C) {
 
 // testing #1405 - config.Cmd does not get cleaned up if
 // utilizing cache
-func (s *DockerSuite) TestBuildEntrypointRunCleanup(c *check.C) {
+func (s *DockerSuite) TestBuildEntrypointRunCleanup(c *testing.T) {
 	name := "testbuildcmdcleanup"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
         RUN echo "hello"`))
@@ -2186,24 +2186,19 @@ func (s *DockerSuite) TestBuildEntrypointRunCleanup(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildAddFileNotFound(c *check.C) {
+func (s *DockerSuite) TestBuildAddFileNotFound(c *testing.T) {
 	name := "testbuildaddnotfound"
-	expected := "foo: no such file or directory"
-
-	if testEnv.OSType == "windows" {
-		expected = "foo: The system cannot find the file specified"
-	}
 
 	buildImage(name, build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM `+minimalBaseImage()+`
         ADD foo /usr/local/bar`),
 		build.WithFile("bar", "hello"))).Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err:      expected,
+		Err:      "stat foo: file does not exist",
 	})
 }
 
-func (s *DockerSuite) TestBuildInheritance(c *check.C) {
+func (s *DockerSuite) TestBuildInheritance(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildinheritance"
 
@@ -2224,7 +2219,7 @@ func (s *DockerSuite) TestBuildInheritance(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildFails(c *check.C) {
+func (s *DockerSuite) TestBuildFails(c *testing.T) {
 	name := "testbuildfails"
 	buildImage(name, build.WithDockerfile(`FROM busybox
 		RUN sh -c "exit 23"`)).Assert(c, icmd.Expected{
@@ -2233,7 +2228,7 @@ func (s *DockerSuite) TestBuildFails(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildOnBuild(c *check.C) {
+func (s *DockerSuite) TestBuildOnBuild(c *testing.T) {
 	name := "testbuildonbuild"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		ONBUILD RUN touch foobar`))
@@ -2242,7 +2237,7 @@ func (s *DockerSuite) TestBuildOnBuild(c *check.C) {
 }
 
 // gh #2446
-func (s *DockerSuite) TestBuildAddToSymlinkDest(c *check.C) {
+func (s *DockerSuite) TestBuildAddToSymlinkDest(c *testing.T) {
 	makeLink := `ln -s /foo /bar`
 	if testEnv.OSType == "windows" {
 		makeLink = `mklink /D C:\bar C:\foo`
@@ -2260,7 +2255,7 @@ func (s *DockerSuite) TestBuildAddToSymlinkDest(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildEscapeWhitespace(c *check.C) {
+func (s *DockerSuite) TestBuildEscapeWhitespace(c *testing.T) {
 	name := "testbuildescapewhitespace"
 
 	buildImageSuccessfully(c, name, build.WithDockerfile(`
@@ -2278,7 +2273,7 @@ docker.com>"
 
 }
 
-func (s *DockerSuite) TestBuildVerifyIntString(c *check.C) {
+func (s *DockerSuite) TestBuildVerifyIntString(c *testing.T) {
 	// Verify that strings that look like ints are still passed as strings
 	name := "testbuildstringing"
 
@@ -2293,7 +2288,7 @@ func (s *DockerSuite) TestBuildVerifyIntString(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildDockerignore(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignore(c *testing.T) {
 	name := "testbuilddockerignore"
 	buildImageSuccessfully(c, name, build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `
@@ -2331,7 +2326,7 @@ dir`),
 	))
 }
 
-func (s *DockerSuite) TestBuildDockerignoreCleanPaths(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoreCleanPaths(c *testing.T) {
 	name := "testbuilddockerignorecleanpaths"
 	buildImageSuccessfully(c, name, build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `
@@ -2345,7 +2340,7 @@ func (s *DockerSuite) TestBuildDockerignoreCleanPaths(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildDockerignoreExceptions(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoreExceptions(c *testing.T) {
 	name := "testbuilddockerignoreexceptions"
 	buildImageSuccessfully(c, name, build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `
@@ -2390,7 +2385,7 @@ dir
 	))
 }
 
-func (s *DockerSuite) TestBuildDockerignoringDockerfile(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoringDockerfile(c *testing.T) {
 	name := "testbuilddockerignoredockerfile"
 	dockerfile := `
 		FROM busybox
@@ -2408,7 +2403,7 @@ func (s *DockerSuite) TestBuildDockerignoringDockerfile(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildDockerignoringRenamedDockerfile(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoringRenamedDockerfile(c *testing.T) {
 	name := "testbuilddockerignoredockerfile"
 	dockerfile := `
 		FROM busybox
@@ -2429,7 +2424,7 @@ func (s *DockerSuite) TestBuildDockerignoringRenamedDockerfile(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildDockerignoringDockerignore(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoringDockerignore(c *testing.T) {
 	name := "testbuilddockerignoredockerignore"
 	dockerfile := `
 		FROM busybox
@@ -2442,7 +2437,7 @@ func (s *DockerSuite) TestBuildDockerignoringDockerignore(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildDockerignoreTouchDockerfile(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoreTouchDockerfile(c *testing.T) {
 	name := "testbuilddockerignoretouchdockerfile"
 	dockerfile := `
         FROM busybox
@@ -2484,7 +2479,7 @@ func (s *DockerSuite) TestBuildDockerignoreTouchDockerfile(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildDockerignoringWholeDir(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoringWholeDir(c *testing.T) {
 	name := "testbuilddockerignorewholedir"
 
 	dockerfile := `
@@ -2501,7 +2496,7 @@ func (s *DockerSuite) TestBuildDockerignoringWholeDir(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildDockerignoringOnlyDotfiles(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoringOnlyDotfiles(c *testing.T) {
 	name := "testbuilddockerignorewholedir"
 
 	dockerfile := `
@@ -2518,7 +2513,7 @@ func (s *DockerSuite) TestBuildDockerignoringOnlyDotfiles(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildDockerignoringBadExclusion(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoringBadExclusion(c *testing.T) {
 	name := "testbuilddockerignorebadexclusion"
 	buildImage(name, build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `
@@ -2535,7 +2530,7 @@ func (s *DockerSuite) TestBuildDockerignoringBadExclusion(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildDockerignoringWildTopDir(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoringWildTopDir(c *testing.T) {
 	dockerfile := `
 		FROM busybox
 		COPY . /
@@ -2557,7 +2552,7 @@ func (s *DockerSuite) TestBuildDockerignoringWildTopDir(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildDockerignoringWildDirs(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoringWildDirs(c *testing.T) {
 	dockerfile := `
         FROM busybox
 		COPY . /
@@ -2620,7 +2615,7 @@ dir1/dir3/**
 	))
 }
 
-func (s *DockerSuite) TestBuildLineBreak(c *check.C) {
+func (s *DockerSuite) TestBuildLineBreak(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildlinebreak"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM  busybox
@@ -2631,7 +2626,7 @@ RUN    sh -c "[ "$(cat /tmp/passwd)" = "root:testpass" ]"
 RUN    sh -c "[ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]"`))
 }
 
-func (s *DockerSuite) TestBuildEOLInLine(c *check.C) {
+func (s *DockerSuite) TestBuildEOLInLine(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildeolinline"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM   busybox
@@ -2642,7 +2637,7 @@ RUN    sh -c "[ "$(cat /tmp/passwd)" = "root:testpass" ]"
 RUN    sh -c "[ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]"`))
 }
 
-func (s *DockerSuite) TestBuildCommentsShebangs(c *check.C) {
+func (s *DockerSuite) TestBuildCommentsShebangs(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildcomments"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
@@ -2656,7 +2651,7 @@ RUN [ "$(cat /hello.sh)" = $'#!/bin/sh\necho hello world' ]
 RUN [ "$(/hello.sh)" = "hello world" ]`))
 }
 
-func (s *DockerSuite) TestBuildUsersAndGroups(c *check.C) {
+func (s *DockerSuite) TestBuildUsersAndGroups(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildusers"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
@@ -2712,7 +2707,7 @@ RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1042:1043/10
 }
 
 // FIXME(vdemeester) rename this test (and probably "merge" it with the one below TestBuildEnvUsage2)
-func (s *DockerSuite) TestBuildEnvUsage(c *check.C) {
+func (s *DockerSuite) TestBuildEnvUsage(c *testing.T) {
 	// /docker/world/hello is not owned by the correct user
 	testRequires(c, NotUserNamespace)
 	testRequires(c, DaemonIsLinux)
@@ -2743,7 +2738,7 @@ RUN    [ "$ghi" = "def" ]
 }
 
 // FIXME(vdemeester) rename this test (and probably "merge" it with the one above TestBuildEnvUsage)
-func (s *DockerSuite) TestBuildEnvUsage2(c *check.C) {
+func (s *DockerSuite) TestBuildEnvUsage2(c *testing.T) {
 	// /docker/world/hello is not owned by the correct user
 	testRequires(c, NotUserNamespace)
 	testRequires(c, DaemonIsLinux)
@@ -2812,7 +2807,7 @@ RUN    [ "$eee1,$eee2,$eee3,$eee4" = 'foo,foo,foo,foo' ]
 	))
 }
 
-func (s *DockerSuite) TestBuildAddScript(c *check.C) {
+func (s *DockerSuite) TestBuildAddScript(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildaddscript"
 	dockerfile := `
@@ -2828,7 +2823,7 @@ RUN [ "$(cat /testfile)" = 'test!' ]`
 	))
 }
 
-func (s *DockerSuite) TestBuildAddTar(c *check.C) {
+func (s *DockerSuite) TestBuildAddTar(c *testing.T) {
 	// /test/foo is not owned by the correct user
 	testRequires(c, NotUserNamespace)
 	name := "testbuildaddtar"
@@ -2849,8 +2844,8 @@ ADD test.tar /existing-directory
 RUN cat /existing-directory/test/foo | grep Hi
 ADD test.tar /existing-directory-trailing-slash/
 RUN cat /existing-directory-trailing-slash/test/foo | grep Hi`
-		tmpDir, err := ioutil.TempDir("", "fake-context")
-		c.Assert(err, check.IsNil)
+		tmpDir, err := os.MkdirTemp("", "fake-context")
+		assert.NilError(c, err)
 		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
 		if err != nil {
 			c.Fatalf("failed to create test.tar archive: %v", err)
@@ -2872,7 +2867,7 @@ RUN cat /existing-directory-trailing-slash/test/foo | grep Hi`
 			c.Fatalf("failed to close tar archive: %v", err)
 		}
 
-		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+		if err := os.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
 		return fakecontext.New(c, tmpDir)
@@ -2882,15 +2877,15 @@ RUN cat /existing-directory-trailing-slash/test/foo | grep Hi`
 	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 }
 
-func (s *DockerSuite) TestBuildAddBrokenTar(c *check.C) {
+func (s *DockerSuite) TestBuildAddBrokenTar(c *testing.T) {
 	name := "testbuildaddbrokentar"
 
 	ctx := func() *fakecontext.Fake {
 		dockerfile := `
 FROM busybox
 ADD test.tar /`
-		tmpDir, err := ioutil.TempDir("", "fake-context")
-		c.Assert(err, check.IsNil)
+		tmpDir, err := os.MkdirTemp("", "fake-context")
+		assert.NilError(c, err)
 		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
 		if err != nil {
 			c.Fatalf("failed to create test.tar archive: %v", err)
@@ -2921,7 +2916,7 @@ ADD test.tar /`
 			c.Fatalf("failed to truncate tar archive: %v", err)
 		}
 
-		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+		if err := os.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
 		return fakecontext.New(c, tmpDir)
@@ -2933,7 +2928,7 @@ ADD test.tar /`
 	})
 }
 
-func (s *DockerSuite) TestBuildAddNonTar(c *check.C) {
+func (s *DockerSuite) TestBuildAddNonTar(c *testing.T) {
 	name := "testbuildaddnontar"
 
 	// Should not try to extract test.tar
@@ -2946,7 +2941,7 @@ func (s *DockerSuite) TestBuildAddNonTar(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildAddTarXz(c *check.C) {
+func (s *DockerSuite) TestBuildAddTarXz(c *testing.T) {
 	// /test/foo is not owned by the correct user
 	testRequires(c, NotUserNamespace)
 	testRequires(c, DaemonIsLinux)
@@ -2957,8 +2952,8 @@ func (s *DockerSuite) TestBuildAddTarXz(c *check.C) {
 			FROM busybox
 			ADD test.tar.xz /
 			RUN cat /test/foo | grep Hi`
-		tmpDir, err := ioutil.TempDir("", "fake-context")
-		c.Assert(err, check.IsNil)
+		tmpDir, err := os.MkdirTemp("", "fake-context")
+		assert.NilError(c, err)
 		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
 		if err != nil {
 			c.Fatalf("failed to create test.tar archive: %v", err)
@@ -2984,7 +2979,7 @@ func (s *DockerSuite) TestBuildAddTarXz(c *check.C) {
 			Command: []string{"xz", "-k", "test.tar"},
 			Dir:     tmpDir,
 		}).Assert(c, icmd.Success)
-		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+		if err := os.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
 		return fakecontext.New(c, tmpDir)
@@ -2995,7 +2990,7 @@ func (s *DockerSuite) TestBuildAddTarXz(c *check.C) {
 	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 }
 
-func (s *DockerSuite) TestBuildAddTarXzGz(c *check.C) {
+func (s *DockerSuite) TestBuildAddTarXzGz(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildaddtarxzgz"
 
@@ -3004,8 +2999,8 @@ func (s *DockerSuite) TestBuildAddTarXzGz(c *check.C) {
 			FROM busybox
 			ADD test.tar.xz.gz /
 			RUN ls /test.tar.xz.gz`
-		tmpDir, err := ioutil.TempDir("", "fake-context")
-		c.Assert(err, check.IsNil)
+		tmpDir, err := os.MkdirTemp("", "fake-context")
+		assert.NilError(c, err)
 		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
 		if err != nil {
 			c.Fatalf("failed to create test.tar archive: %v", err)
@@ -3036,7 +3031,7 @@ func (s *DockerSuite) TestBuildAddTarXzGz(c *check.C) {
 			Command: []string{"gzip", "test.tar.xz"},
 			Dir:     tmpDir,
 		})
-		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+		if err := os.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
 		return fakecontext.New(c, tmpDir)
@@ -3048,7 +3043,7 @@ func (s *DockerSuite) TestBuildAddTarXzGz(c *check.C) {
 }
 
 // FIXME(vdemeester) most of the from git tests could be moved to `docker/cli` e2e tests
-func (s *DockerSuite) TestBuildFromGit(c *check.C) {
+func (s *DockerSuite) TestBuildFromGit(c *testing.T) {
 	name := "testbuildfromgit"
 	git := fakegit.New(c, "repo", map[string]string{
 		"Dockerfile": `FROM busybox
@@ -3067,7 +3062,7 @@ func (s *DockerSuite) TestBuildFromGit(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildFromGitWithContext(c *check.C) {
+func (s *DockerSuite) TestBuildFromGitWithContext(c *testing.T) {
 	name := "testbuildfromgit"
 	git := fakegit.New(c, "repo", map[string]string{
 		"docker/Dockerfile": `FROM busybox
@@ -3086,7 +3081,7 @@ func (s *DockerSuite) TestBuildFromGitWithContext(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildFromGitWithF(c *check.C) {
+func (s *DockerSuite) TestBuildFromGitWithF(c *testing.T) {
 	name := "testbuildfromgitwithf"
 	git := fakegit.New(c, "repo", map[string]string{
 		"myApp/myDockerfile": `FROM busybox
@@ -3099,7 +3094,7 @@ func (s *DockerSuite) TestBuildFromGitWithF(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildFromRemoteTarball(c *check.C) {
+func (s *DockerSuite) TestBuildFromRemoteTarball(c *testing.T) {
 	name := "testbuildfromremotetarball"
 
 	buffer := new(bytes.Buffer)
@@ -3134,7 +3129,7 @@ func (s *DockerSuite) TestBuildFromRemoteTarball(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildCleanupCmdOnEntrypoint(c *check.C) {
+func (s *DockerSuite) TestBuildCleanupCmdOnEntrypoint(c *testing.T) {
 	name := "testbuildcmdcleanuponentrypoint"
 
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
@@ -3153,7 +3148,7 @@ func (s *DockerSuite) TestBuildCleanupCmdOnEntrypoint(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildClearCmd(c *check.C) {
+func (s *DockerSuite) TestBuildClearCmd(c *testing.T) {
 	name := "testbuildclearcmd"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
    ENTRYPOINT ["/bin/bash"]
@@ -3165,7 +3160,7 @@ func (s *DockerSuite) TestBuildClearCmd(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildEmptyCmd(c *check.C) {
+func (s *DockerSuite) TestBuildEmptyCmd(c *testing.T) {
 	// Skip on Windows. Base image on Windows has a CMD set in the image.
 	testRequires(c, DaemonIsLinux)
 
@@ -3178,7 +3173,7 @@ func (s *DockerSuite) TestBuildEmptyCmd(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildOnBuildOutput(c *check.C) {
+func (s *DockerSuite) TestBuildOnBuildOutput(c *testing.T) {
 	name := "testbuildonbuildparent"
 	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nONBUILD RUN echo foo\n"))
 
@@ -3188,7 +3183,7 @@ func (s *DockerSuite) TestBuildOnBuildOutput(c *check.C) {
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestBuildInvalidTag(c *check.C) {
+func (s *DockerSuite) TestBuildInvalidTag(c *testing.T) {
 	name := "abcd:" + testutil.GenerateRandomAlphaOnlyString(200)
 	buildImage(name, build.WithDockerfile("FROM "+minimalBaseImage()+"\nMAINTAINER quux\n")).Assert(c, icmd.Expected{
 		ExitCode: 125,
@@ -3196,14 +3191,14 @@ func (s *DockerSuite) TestBuildInvalidTag(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildCmdShDashC(c *check.C) {
+func (s *DockerSuite) TestBuildCmdShDashC(c *testing.T) {
 	name := "testbuildcmdshc"
 	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nCMD echo cmd\n"))
 
 	res := inspectFieldJSON(c, name, "Config.Cmd")
 	expected := `["/bin/sh","-c","echo cmd"]`
 	if testEnv.OSType == "windows" {
-		expected = `["cmd","/S","/C","echo cmd"]`
+		expected = `["cmd /S /C echo cmd"]`
 	}
 	if res != expected {
 		c.Fatalf("Expected value %s not in Config.Cmd: %s", expected, res)
@@ -3211,7 +3206,7 @@ func (s *DockerSuite) TestBuildCmdShDashC(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildCmdSpaces(c *check.C) {
+func (s *DockerSuite) TestBuildCmdSpaces(c *testing.T) {
 	// Test to make sure that when we strcat arrays we take into account
 	// the arg separator to make sure ["echo","hi"] and ["echo hi"] don't
 	// look the same
@@ -3237,7 +3232,7 @@ func (s *DockerSuite) TestBuildCmdSpaces(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildCmdJSONNoShDashC(c *check.C) {
+func (s *DockerSuite) TestBuildCmdJSONNoShDashC(c *testing.T) {
 	name := "testbuildcmdjson"
 	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nCMD [\"echo\", \"cmd\"]"))
 
@@ -3248,7 +3243,7 @@ func (s *DockerSuite) TestBuildCmdJSONNoShDashC(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChild(c *check.C) {
+func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChild(c *testing.T) {
 	buildImageSuccessfully(c, "parent", build.WithDockerfile(`
     FROM busybox
     ENTRYPOINT exit 130
@@ -3268,7 +3263,7 @@ func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChild(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChildInspect(c *check.C) {
+func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChildInspect(c *testing.T) {
 	var (
 		name     = "testbuildepinherit"
 		name2    = "testbuildepinherit2"
@@ -3276,7 +3271,7 @@ func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChildInspect(c *check.
 	)
 
 	if testEnv.OSType == "windows" {
-		expected = `["cmd","/S","/C","echo quux"]`
+		expected = `["cmd /S /C echo quux"]`
 	}
 
 	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nENTRYPOINT /foo/bar"))
@@ -3292,14 +3287,14 @@ func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChildInspect(c *check.
 	})
 }
 
-func (s *DockerSuite) TestBuildRunShEntrypoint(c *check.C) {
+func (s *DockerSuite) TestBuildRunShEntrypoint(c *testing.T) {
 	name := "testbuildentrypoint"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
                                 ENTRYPOINT echo`))
 	dockerCmd(c, "run", "--rm", name)
 }
 
-func (s *DockerSuite) TestBuildExoticShellInterpolation(c *check.C) {
+func (s *DockerSuite) TestBuildExoticShellInterpolation(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildexoticshellinterpolation"
 
@@ -3324,7 +3319,7 @@ func (s *DockerSuite) TestBuildExoticShellInterpolation(c *check.C) {
 	`))
 }
 
-func (s *DockerSuite) TestBuildVerifySingleQuoteFails(c *check.C) {
+func (s *DockerSuite) TestBuildVerifySingleQuoteFails(c *testing.T) {
 	// This testcase is supposed to generate an error because the
 	// JSON array we're passing in on the CMD uses single quotes instead
 	// of double quotes (per the JSON spec). This means we interpret it
@@ -3332,9 +3327,6 @@ func (s *DockerSuite) TestBuildVerifySingleQuoteFails(c *check.C) {
 	// it should barf on it.
 	name := "testbuildsinglequotefails"
 	expectedExitCode := 2
-	if testEnv.OSType == "windows" {
-		expectedExitCode = 127
-	}
 
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		CMD [ '/bin/sh', '-c', 'echo hi' ]`))
@@ -3344,7 +3336,7 @@ func (s *DockerSuite) TestBuildVerifySingleQuoteFails(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildVerboseOut(c *check.C) {
+func (s *DockerSuite) TestBuildVerboseOut(c *testing.T) {
 	name := "testbuildverboseout"
 	expected := "\n123\n"
 
@@ -3358,22 +3350,22 @@ RUN echo 123`)).Assert(c, icmd.Expected{
 	})
 }
 
-func (s *DockerSuite) TestBuildWithTabs(c *check.C) {
+func (s *DockerSuite) TestBuildWithTabs(c *testing.T) {
 	name := "testbuildwithtabs"
 	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nRUN echo\tone\t\ttwo"))
 	res := inspectFieldJSON(c, name, "ContainerConfig.Cmd")
 	expected1 := `["/bin/sh","-c","echo\tone\t\ttwo"]`
 	expected2 := `["/bin/sh","-c","echo\u0009one\u0009\u0009two"]` // syntactically equivalent, and what Go 1.3 generates
 	if testEnv.OSType == "windows" {
-		expected1 = `["cmd","/S","/C","echo\tone\t\ttwo"]`
-		expected2 = `["cmd","/S","/C","echo\u0009one\u0009\u0009two"]` // syntactically equivalent, and what Go 1.3 generates
+		expected1 = `["cmd /S /C echo\tone\t\ttwo"]`
+		expected2 = `["cmd /S /C echo\u0009one\u0009\u0009two"]` // syntactically equivalent, and what Go 1.3 generates
 	}
 	if res != expected1 && res != expected2 {
 		c.Fatalf("Missing tabs.\nGot: %s\nExp: %s or %s", res, expected1, expected2)
 	}
 }
 
-func (s *DockerSuite) TestBuildLabels(c *check.C) {
+func (s *DockerSuite) TestBuildLabels(c *testing.T) {
 	name := "testbuildlabel"
 	expected := `{"License":"GPL","Vendor":"Acme"}`
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
@@ -3385,7 +3377,7 @@ func (s *DockerSuite) TestBuildLabels(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildLabelsCache(c *check.C) {
+func (s *DockerSuite) TestBuildLabelsCache(c *testing.T) {
 	name := "testbuildlabelcache"
 
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
@@ -3426,10 +3418,10 @@ func (s *DockerSuite) TestBuildLabelsCache(c *check.C) {
 }
 
 // FIXME(vdemeester) port to docker/cli e2e tests (api tests should test suppressOutput option though)
-func (s *DockerSuite) TestBuildNotVerboseSuccess(c *check.C) {
+func (s *DockerSuite) TestBuildNotVerboseSuccess(c *testing.T) {
 	// This test makes sure that -q works correctly when build is successful:
 	// stdout has only the image ID (long image ID) and stderr is empty.
-	outRegexp := regexp.MustCompile("^(sha256:|)[a-z0-9]{64}\\n$")
+	outRegexp := regexp.MustCompile(`^(sha256:|)[a-z0-9]{64}\n$`)
 	buildFlags := cli.WithFlags("-q")
 
 	tt := []struct {
@@ -3477,7 +3469,7 @@ func (s *DockerSuite) TestBuildNotVerboseSuccess(c *check.C) {
 }
 
 // FIXME(vdemeester) migrate to docker/cli tests
-func (s *DockerSuite) TestBuildNotVerboseFailureWithNonExistImage(c *check.C) {
+func (s *DockerSuite) TestBuildNotVerboseFailureWithNonExistImage(c *testing.T) {
 	// This test makes sure that -q works correctly when build fails by
 	// comparing between the stderr output in quiet mode and in stdout
 	// and stderr output in verbose mode
@@ -3498,7 +3490,7 @@ func (s *DockerSuite) TestBuildNotVerboseFailureWithNonExistImage(c *check.C) {
 }
 
 // FIXME(vdemeester) migrate to docker/cli tests
-func (s *DockerSuite) TestBuildNotVerboseFailure(c *check.C) {
+func (s *DockerSuite) TestBuildNotVerboseFailure(c *testing.T) {
 	// This test makes sure that -q works correctly when build fails by
 	// comparing between the stderr output in quiet mode and in stdout
 	// and stderr output in verbose mode
@@ -3526,7 +3518,7 @@ func (s *DockerSuite) TestBuildNotVerboseFailure(c *check.C) {
 }
 
 // FIXME(vdemeester) migrate to docker/cli tests
-func (s *DockerSuite) TestBuildNotVerboseFailureRemote(c *check.C) {
+func (s *DockerSuite) TestBuildNotVerboseFailureRemote(c *testing.T) {
 	// This test ensures that when given a wrong URL, stderr in quiet mode and
 	// stderr in verbose mode are identical.
 	// TODO(vdemeester) with cobra, stdout has a carriage return too much so this test should not check stdout
@@ -3556,7 +3548,7 @@ func (s *DockerSuite) TestBuildNotVerboseFailureRemote(c *check.C) {
 }
 
 // FIXME(vdemeester) migrate to docker/cli tests
-func (s *DockerSuite) TestBuildStderr(c *check.C) {
+func (s *DockerSuite) TestBuildStderr(c *testing.T) {
 	// This test just makes sure that no non-error output goes
 	// to stderr
 	name := "testbuildstderr"
@@ -3574,7 +3566,7 @@ func (s *DockerSuite) TestBuildStderr(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildChownSingleFile(c *check.C) {
+func (s *DockerSuite) TestBuildChownSingleFile(c *testing.T) {
 	testRequires(c, UnixCli, DaemonIsLinux) // test uses chown: not available on windows
 
 	name := "testbuildchownsinglefile"
@@ -3598,21 +3590,21 @@ RUN [ $(ls -l /test | awk '{print $3":"$4}') = 'root:root' ]
 	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 }
 
-func (s *DockerSuite) TestBuildSymlinkBreakout(c *check.C) {
+func (s *DockerSuite) TestBuildSymlinkBreakout(c *testing.T) {
 	name := "testbuildsymlinkbreakout"
-	tmpdir, err := ioutil.TempDir("", name)
-	c.Assert(err, check.IsNil)
+	tmpdir, err := os.MkdirTemp("", name)
+	assert.NilError(c, err)
 
 	// See https://github.com/moby/moby/pull/37770 for reason for next line.
 	tmpdir, err = system.GetLongPathName(tmpdir)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	defer os.RemoveAll(tmpdir)
 	ctx := filepath.Join(tmpdir, "context")
 	if err := os.MkdirAll(ctx, 0755); err != nil {
 		c.Fatal(err)
 	}
-	if err := ioutil.WriteFile(filepath.Join(ctx, "Dockerfile"), []byte(`
+	if err := os.WriteFile(filepath.Join(ctx, "Dockerfile"), []byte(`
 	from busybox
 	add symlink.tar /
 	add inject /symlink/
@@ -3620,7 +3612,7 @@ func (s *DockerSuite) TestBuildSymlinkBreakout(c *check.C) {
 		c.Fatal(err)
 	}
 	inject := filepath.Join(ctx, "inject")
-	if err := ioutil.WriteFile(inject, nil, 0644); err != nil {
+	if err := os.WriteFile(inject, nil, 0644); err != nil {
 		c.Fatal(err)
 	}
 	f, err := os.Create(filepath.Join(ctx, "symlink.tar"))
@@ -3653,7 +3645,7 @@ func (s *DockerSuite) TestBuildSymlinkBreakout(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildXZHost(c *check.C) {
+func (s *DockerSuite) TestBuildXZHost(c *testing.T) {
 	// /usr/local/sbin/xz gets permission denied for the user
 	testRequires(c, NotUserNamespace)
 	testRequires(c, DaemonIsLinux)
@@ -3671,7 +3663,7 @@ RUN [ ! -e /injected ]`),
 	))
 }
 
-func (s *DockerSuite) TestBuildVolumesRetainContents(c *check.C) {
+func (s *DockerSuite) TestBuildVolumesRetainContents(c *testing.T) {
 	// /foo/file gets permission denied for the user
 	testRequires(c, NotUserNamespace)
 	testRequires(c, DaemonIsLinux) // TODO Windows: Issue #20127
@@ -3701,7 +3693,7 @@ CMD cat /foo/file`),
 
 }
 
-func (s *DockerSuite) TestBuildFromMixedcaseDockerfile(c *check.C) {
+func (s *DockerSuite) TestBuildFromMixedcaseDockerfile(c *testing.T) {
 	testRequires(c, UnixCli) // Dockerfile overwrites dockerfile on windows
 	testRequires(c, DaemonIsLinux)
 
@@ -3725,7 +3717,7 @@ func (s *DockerSuite) TestBuildFromMixedcaseDockerfile(c *check.C) {
 }
 
 // FIXME(vdemeester) should migrate to docker/cli tests
-func (s *DockerSuite) TestBuildFromURLWithF(c *check.C) {
+func (s *DockerSuite) TestBuildFromURLWithF(c *testing.T) {
 	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{"baz": `FROM busybox
 RUN echo from baz
 COPY * /tmp/
@@ -3752,7 +3744,7 @@ RUN find /tmp/`}))
 }
 
 // FIXME(vdemeester) should migrate to docker/cli tests
-func (s *DockerSuite) TestBuildFromStdinWithF(c *check.C) {
+func (s *DockerSuite) TestBuildFromStdinWithF(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // TODO Windows: This test is flaky; no idea why
 	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
 RUN echo "from Dockerfile"`))
@@ -3777,7 +3769,7 @@ RUN sh -c "find /tmp/" # sh -c is needed on Windows to use the correct find`)
 
 }
 
-func (s *DockerSuite) TestBuildFromOfficialNames(c *check.C) {
+func (s *DockerSuite) TestBuildFromOfficialNames(c *testing.T) {
 	name := "testbuildfromofficial"
 	fromNames := []string{
 		"busybox",
@@ -3795,7 +3787,7 @@ func (s *DockerSuite) TestBuildFromOfficialNames(c *check.C) {
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestBuildSpaces(c *check.C) {
+func (s *DockerSuite) TestBuildSpaces(c *testing.T) {
 	// Test to make sure that leading/trailing spaces on a command
 	// doesn't change the error msg we get
 	name := "testspaces"
@@ -3858,7 +3850,7 @@ func (s *DockerSuite) TestBuildSpaces(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildSpacesWithQuotes(c *check.C) {
+func (s *DockerSuite) TestBuildSpacesWithQuotes(c *testing.T) {
 	// Test to make sure that spaces in quotes aren't lost
 	name := "testspacesquotes"
 
@@ -3878,7 +3870,7 @@ RUN echo "  \
 }
 
 // #4393
-func (s *DockerSuite) TestBuildVolumeFileExistsinContainer(c *check.C) {
+func (s *DockerSuite) TestBuildVolumeFileExistsinContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // TODO Windows: This should error out
 	buildImage("docker-test-errcreatevolumewithfile", build.WithDockerfile(`
 	FROM busybox
@@ -3891,7 +3883,7 @@ func (s *DockerSuite) TestBuildVolumeFileExistsinContainer(c *check.C) {
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestBuildMissingArgs(c *check.C) {
+func (s *DockerSuite) TestBuildMissingArgs(c *testing.T) {
 	// Test to make sure that all Dockerfile commands (except the ones listed
 	// in skipCmds) will generate an error if no args are provided.
 	// Note: INSERT is deprecated so we exclude it because of that.
@@ -3936,7 +3928,7 @@ func (s *DockerSuite) TestBuildMissingArgs(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildEmptyScratch(c *check.C) {
+func (s *DockerSuite) TestBuildEmptyScratch(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	buildImage("sc", build.WithDockerfile("FROM scratch")).Assert(c, icmd.Expected{
 		ExitCode: 1,
@@ -3944,14 +3936,14 @@ func (s *DockerSuite) TestBuildEmptyScratch(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildDotDotFile(c *check.C) {
+func (s *DockerSuite) TestBuildDotDotFile(c *testing.T) {
 	buildImageSuccessfully(c, "sc", build.WithBuildContext(c,
 		build.WithFile("Dockerfile", "FROM busybox\n"),
 		build.WithFile("..gitme", ""),
 	))
 }
 
-func (s *DockerSuite) TestBuildRUNoneJSON(c *check.C) {
+func (s *DockerSuite) TestBuildRUNoneJSON(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // No hello-world Windows image
 	name := "testbuildrunonejson"
 
@@ -3961,7 +3953,7 @@ RUN [ "/hello" ]`)).Assert(c, icmd.Expected{
 	})
 }
 
-func (s *DockerSuite) TestBuildEmptyStringVolume(c *check.C) {
+func (s *DockerSuite) TestBuildEmptyStringVolume(c *testing.T) {
 	name := "testbuildemptystringvolume"
 
 	buildImage(name, build.WithDockerfile(`
@@ -3973,11 +3965,11 @@ func (s *DockerSuite) TestBuildEmptyStringVolume(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildContainerWithCgroupParent(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerSuite) TestBuildContainerWithCgroupParent(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	cgroupParent := "test"
-	data, err := ioutil.ReadFile("/proc/self/cgroup")
+	data, err := os.ReadFile("/proc/self/cgroup")
 	if err != nil {
 		c.Fatalf("failed to read '/proc/self/cgroup - %v", err)
 	}
@@ -3994,14 +3986,14 @@ RUN cat /proc/self/cgroup
 `))
 	result.Assert(c, icmd.Success)
 	m, err := regexp.MatchString(fmt.Sprintf("memory:.*/%s/.*", cgroupParent), result.Combined())
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	if !m {
 		c.Fatalf("There is no expected memory cgroup with parent /%s/: %s", cgroupParent, result.Combined())
 	}
 }
 
 // FIXME(vdemeester) could be a unit test
-func (s *DockerSuite) TestBuildNoDupOutput(c *check.C) {
+func (s *DockerSuite) TestBuildNoDupOutput(c *testing.T) {
 	// Check to make sure our build output prints the Dockerfile cmd
 	// property - there was a bug that caused it to be duplicated on the
 	// Step X  line
@@ -4018,7 +4010,7 @@ func (s *DockerSuite) TestBuildNoDupOutput(c *check.C) {
 
 // GH15826
 // FIXME(vdemeester) could be a unit test
-func (s *DockerSuite) TestBuildStartsFromOne(c *check.C) {
+func (s *DockerSuite) TestBuildStartsFromOne(c *testing.T) {
 	// Explicit check to ensure that build starts from step 1 rather than 0
 	name := "testbuildstartsfromone"
 	result := buildImage(name, build.WithDockerfile(`FROM busybox`))
@@ -4029,7 +4021,7 @@ func (s *DockerSuite) TestBuildStartsFromOne(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildRUNErrMsg(c *check.C) {
+func (s *DockerSuite) TestBuildRUNErrMsg(c *testing.T) {
 	// Test to make sure the bad command is quoted with just "s and
 	// not as a Go []string
 	name := "testbuildbadrunerrmsg"
@@ -4051,7 +4043,7 @@ func (s *DockerSuite) TestBuildRUNErrMsg(c *check.C) {
 }
 
 // Issue #15634: COPY fails when path starts with "null"
-func (s *DockerSuite) TestBuildNullStringInAddCopyVolume(c *check.C) {
+func (s *DockerSuite) TestBuildNullStringInAddCopyVolume(c *testing.T) {
 	name := "testbuildnullstringinaddcopyvolume"
 	volName := "nullvolume"
 	if testEnv.OSType == "windows" {
@@ -4071,7 +4063,7 @@ func (s *DockerSuite) TestBuildNullStringInAddCopyVolume(c *check.C) {
 	))
 }
 
-func (s *DockerSuite) TestBuildStopSignal(c *check.C) {
+func (s *DockerSuite) TestBuildStopSignal(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support STOPSIGNAL yet
 	imgName := "test_build_stop_signal"
 	buildImageSuccessfully(c, imgName, build.WithDockerfile(`FROM busybox
@@ -4089,7 +4081,7 @@ func (s *DockerSuite) TestBuildStopSignal(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArg(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArg(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
@@ -4122,7 +4114,7 @@ func (s *DockerSuite) TestBuildBuildTimeArg(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgHistory(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgHistory(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
@@ -4143,7 +4135,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgHistory(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildTimeArgHistoryExclusions(c *check.C) {
+func (s *DockerSuite) TestBuildTimeArgHistoryExclusions(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
@@ -4180,10 +4172,10 @@ func (s *DockerSuite) TestBuildTimeArgHistoryExclusions(c *check.C) {
 	result.Assert(c, icmd.Expected{Out: fmt.Sprintf("%s=%s", explicitProxyKey, explicitProxyVal)})
 
 	cacheID := buildImage(imgName + "-two")
-	c.Assert(origID, checker.Equals, cacheID)
+	assert.Equal(c, origID, cacheID)
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgCacheHit(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgCacheHit(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
@@ -4207,7 +4199,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgCacheHit(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgCacheMissExtraArg(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgCacheMissExtraArg(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
@@ -4238,7 +4230,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgCacheMissExtraArg(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgCacheMissSameArgDiffVal(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgCacheMissSameArgDiffVal(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
@@ -4263,7 +4255,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgCacheMissSameArgDiffVal(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgOverrideArgDefinedBeforeEnv(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgOverrideArgDefinedBeforeEnv(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	imgName := "bldargtest"
 	envKey := "foo"
@@ -4292,7 +4284,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgOverrideArgDefinedBeforeEnv(c *check.
 }
 
 // FIXME(vdemeester) might be useful to merge with the one above ?
-func (s *DockerSuite) TestBuildBuildTimeArgOverrideEnvDefinedBeforeArg(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgOverrideEnvDefinedBeforeArg(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	imgName := "bldargtest"
 	envKey := "foo"
@@ -4319,7 +4311,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgOverrideEnvDefinedBeforeArg(c *check.
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *testing.T) {
 	imgName := "bldvarstest"
 
 	wdVar := "WDIR"
@@ -4375,7 +4367,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
 	)
 
 	res := inspectField(c, imgName, "Config.WorkingDir")
-	c.Check(filepath.ToSlash(res), check.Equals, filepath.ToSlash(wdVal))
+	assert.Equal(c, filepath.ToSlash(res), filepath.ToSlash(wdVal))
 
 	var resArr []string
 	inspectFieldAndUnmarshall(c, imgName, "Config.Env", &resArr)
@@ -4409,7 +4401,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgExpansionOverride(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgExpansionOverride(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	imgName := "bldvarstest"
 	envKey := "foo"
@@ -4437,7 +4429,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgExpansionOverride(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgUntrustedDefinedAfterUse(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgUntrustedDefinedAfterUse(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	imgName := "bldargtest"
 	envKey := "foo"
@@ -4461,7 +4453,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgUntrustedDefinedAfterUse(c *check.C)
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgBuiltinArg(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgBuiltinArg(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support --build-arg
 	imgName := "bldargtest"
 	envKey := "HTTP_PROXY"
@@ -4484,7 +4476,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgBuiltinArg(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgDefaultOverride(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgDefaultOverride(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	imgName := "bldargtest"
 	envKey := "foo"
@@ -4510,7 +4502,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgDefaultOverride(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgUnconsumedArg(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgUnconsumedArg(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
@@ -4526,7 +4518,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgUnconsumedArg(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgEnv(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgEnv(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	dockerfile := `FROM busybox
 		ARG FOO1=fromfile
@@ -4537,30 +4529,30 @@ func (s *DockerSuite) TestBuildBuildTimeArgEnv(c *check.C) {
 		ARG FOO6
 		ARG FO10
 		RUN env
-		RUN [ "$FOO1" == "fromcmd" ]
-		RUN [ "$FOO2" == "" ]
-		RUN [ "$FOO3" == "fromenv" ]
-		RUN [ "$FOO4" == "fromfile" ]
-		RUN [ "$FOO5" == "fromcmd" ]
+		RUN [ "$FOO1" = "fromcmd" ]
+		RUN [ "$FOO2" = "" ]
+		RUN [ "$FOO3" = "fromenv" ]
+		RUN [ "$FOO4" = "fromfile" ]
+		RUN [ "$FOO5" = "fromcmd" ]
 		# The following should not exist at all in the env
-		RUN [ "$(env | grep FOO6)" == "" ]
-		RUN [ "$(env | grep FOO7)" == "" ]
-		RUN [ "$(env | grep FOO8)" == "" ]
-		RUN [ "$(env | grep FOO9)" == "" ]
-		RUN [ "$FO10" == "" ]
+		RUN [ "$(env | grep FOO6)" = "" ]
+		RUN [ "$(env | grep FOO7)" = "" ]
+		RUN [ "$(env | grep FOO8)" = "" ]
+		RUN [ "$(env | grep FOO9)" = "" ]
+		RUN [ "$FO10" = "" ]
 	    `
 	result := buildImage("testbuildtimeargenv",
 		cli.WithFlags(
-			"--build-arg", fmt.Sprintf("FOO1=fromcmd"),
-			"--build-arg", fmt.Sprintf("FOO2="),
-			"--build-arg", fmt.Sprintf("FOO3"), // set in env
-			"--build-arg", fmt.Sprintf("FOO4"), // not set in env
-			"--build-arg", fmt.Sprintf("FOO5=fromcmd"),
+			"--build-arg", "FOO1=fromcmd",
+			"--build-arg", "FOO2=",
+			"--build-arg", "FOO3", // set in env
+			"--build-arg", "FOO4", // not set in env
+			"--build-arg", "FOO5=fromcmd",
 			// FOO6 is not set at all
-			"--build-arg", fmt.Sprintf("FOO7=fromcmd"), // should produce a warning
-			"--build-arg", fmt.Sprintf("FOO8="), // should produce a warning
-			"--build-arg", fmt.Sprintf("FOO9"), // should produce a warning
-			"--build-arg", fmt.Sprintf("FO10"), // not set in env, empty value
+			"--build-arg", "FOO7=fromcmd", // should produce a warning
+			"--build-arg", "FOO8=", // should produce a warning
+			"--build-arg", "FOO9", // should produce a warning
+			"--build-arg", "FO10", // not set in env, empty value
 		),
 		cli.WithEnvironmentVariables(append(os.Environ(),
 			"FOO1=fromenv",
@@ -4581,12 +4573,12 @@ func (s *DockerSuite) TestBuildBuildTimeArgEnv(c *check.C) {
 	out := result.Combined()[i:] // "out" should contain just the warning message now
 
 	// These were specified on a --build-arg but no ARG was in the Dockerfile
-	c.Assert(out, checker.Contains, "FOO7")
-	c.Assert(out, checker.Contains, "FOO8")
-	c.Assert(out, checker.Contains, "FOO9")
+	assert.Assert(c, strings.Contains(out, "FOO7"))
+	assert.Assert(c, strings.Contains(out, "FOO8"))
+	assert.Assert(c, strings.Contains(out, "FOO9"))
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgQuotedValVariants(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgQuotedValVariants(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envKey1 := "foo1"
@@ -4607,7 +4599,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgQuotedValVariants(c *check.C) {
 	buildImageSuccessfully(c, imgName, build.WithDockerfile(dockerfile))
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgEmptyValVariants(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgEmptyValVariants(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	imgName := "bldargtest"
 	envKey := "foo"
@@ -4617,13 +4609,13 @@ func (s *DockerSuite) TestBuildBuildTimeArgEmptyValVariants(c *check.C) {
 		ARG %s=
 		ARG %s=""
 		ARG %s=''
-		RUN [ "$%s" == "$%s" ]
-		RUN [ "$%s" == "$%s" ]
-		RUN [ "$%s" == "$%s" ]`, envKey, envKey1, envKey2, envKey, envKey1, envKey1, envKey2, envKey, envKey2)
+		RUN [ "$%s" = "$%s" ]
+		RUN [ "$%s" = "$%s" ]
+		RUN [ "$%s" = "$%s" ]`, envKey, envKey1, envKey2, envKey, envKey1, envKey1, envKey2, envKey, envKey2)
 	buildImageSuccessfully(c, imgName, build.WithDockerfile(dockerfile))
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgDefinitionWithNoEnvInjection(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgDefinitionWithNoEnvInjection(c *testing.T) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	dockerfile := fmt.Sprintf(`FROM busybox
@@ -4637,7 +4629,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgDefinitionWithNoEnvInjection(c *check
 	}
 }
 
-func (s *DockerSuite) TestBuildMultiStageArg(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageArg(c *testing.T) {
 	imgName := "multifrombldargtest"
 	dockerfile := `FROM busybox
     ARG foo=abc
@@ -4654,14 +4646,13 @@ func (s *DockerSuite) TestBuildMultiStageArg(c *check.C) {
 	parentID := strings.TrimSpace(result.Stdout())
 
 	result = cli.DockerCmd(c, "run", "--rm", parentID, "cat", "/out")
-	c.Assert(result.Stdout(), checker.Contains, "foo=abc")
-
+	assert.Assert(c, strings.Contains(result.Stdout(), "foo=abc"))
 	result = cli.DockerCmd(c, "run", "--rm", imgName, "cat", "/out")
-	c.Assert(result.Stdout(), checker.Not(checker.Contains), "foo")
-	c.Assert(result.Stdout(), checker.Contains, "bar=def")
+	assert.Assert(c, !strings.Contains(result.Stdout(), "foo"))
+	assert.Assert(c, strings.Contains(result.Stdout(), "bar=def"))
 }
 
-func (s *DockerSuite) TestBuildMultiStageGlobalArg(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageGlobalArg(c *testing.T) {
 	imgName := "multifrombldargtest"
 	dockerfile := `ARG tag=nosuchtag
      FROM busybox:${tag}
@@ -4673,20 +4664,19 @@ func (s *DockerSuite) TestBuildMultiStageGlobalArg(c *check.C) {
 
 	result := cli.BuildCmd(c, imgName,
 		build.WithDockerfile(dockerfile),
-		cli.WithFlags("--build-arg", fmt.Sprintf("tag=latest")))
+		cli.WithFlags("--build-arg", "tag=latest"))
 	result.Assert(c, icmd.Success)
 
 	result = cli.DockerCmd(c, "images", "-q", "-f", "label=multifromtest=1")
 	parentID := strings.TrimSpace(result.Stdout())
 
 	result = cli.DockerCmd(c, "run", "--rm", parentID, "cat", "/out")
-	c.Assert(result.Stdout(), checker.Not(checker.Contains), "tag")
-
+	assert.Assert(c, !strings.Contains(result.Stdout(), "tag"))
 	result = cli.DockerCmd(c, "run", "--rm", imgName, "cat", "/out")
-	c.Assert(result.Stdout(), checker.Contains, "tag=latest")
+	assert.Assert(c, strings.Contains(result.Stdout(), "tag=latest"))
 }
 
-func (s *DockerSuite) TestBuildMultiStageUnusedArg(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageUnusedArg(c *testing.T) {
 	imgName := "multifromunusedarg"
 	dockerfile := `FROM busybox
     ARG foo
@@ -4696,17 +4686,16 @@ func (s *DockerSuite) TestBuildMultiStageUnusedArg(c *check.C) {
 
 	result := cli.BuildCmd(c, imgName,
 		build.WithDockerfile(dockerfile),
-		cli.WithFlags("--build-arg", fmt.Sprintf("baz=abc")))
+		cli.WithFlags("--build-arg", "baz=abc"))
 	result.Assert(c, icmd.Success)
-	c.Assert(result.Combined(), checker.Contains, "[Warning]")
-	c.Assert(result.Combined(), checker.Contains, "[baz] were not consumed")
-
+	assert.Assert(c, strings.Contains(result.Combined(), "[Warning]"))
+	assert.Assert(c, strings.Contains(result.Combined(), "[baz] were not consumed"))
 	result = cli.DockerCmd(c, "run", "--rm", imgName, "cat", "/out")
-	c.Assert(result.Stdout(), checker.Not(checker.Contains), "bar")
-	c.Assert(result.Stdout(), checker.Not(checker.Contains), "baz")
+	assert.Assert(c, !strings.Contains(result.Stdout(), "bar"))
+	assert.Assert(c, !strings.Contains(result.Stdout(), "baz"))
 }
 
-func (s *DockerSuite) TestBuildNoNamedVolume(c *check.C) {
+func (s *DockerSuite) TestBuildNoNamedVolume(c *testing.T) {
 	volName := "testname:/foo"
 
 	if testEnv.OSType == "windows" {
@@ -4723,7 +4712,7 @@ func (s *DockerSuite) TestBuildNoNamedVolume(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildTagEvent(c *check.C) {
+func (s *DockerSuite) TestBuildTagEvent(c *testing.T) {
 	since := daemonUnixTime(c)
 
 	dockerFile := `FROM busybox
@@ -4743,11 +4732,11 @@ func (s *DockerSuite) TestBuildTagEvent(c *check.C) {
 		}
 	}
 
-	c.Assert(foundTag, checker.True, check.Commentf("No tag event found:\n%s", out))
+	assert.Assert(c, foundTag, "No tag event found:\n%s", out)
 }
 
 // #15780
-func (s *DockerSuite) TestBuildMultipleTags(c *check.C) {
+func (s *DockerSuite) TestBuildMultipleTags(c *testing.T) {
 	dockerfile := `
 	FROM busybox
 	MAINTAINER test-15780
@@ -4756,11 +4745,11 @@ func (s *DockerSuite) TestBuildMultipleTags(c *check.C) {
 
 	id1 := getIDByName(c, "tag1")
 	id2 := getIDByName(c, "tag2:v2")
-	c.Assert(id1, check.Equals, id2)
+	assert.Equal(c, id1, id2)
 }
 
 // #17290
-func (s *DockerSuite) TestBuildCacheBrokenSymlink(c *check.C) {
+func (s *DockerSuite) TestBuildCacheBrokenSymlink(c *testing.T) {
 	name := "testbuildbrokensymlink"
 	ctx := fakecontext.New(c, "",
 		fakecontext.WithDockerfile(`
@@ -4772,14 +4761,14 @@ func (s *DockerSuite) TestBuildCacheBrokenSymlink(c *check.C) {
 	defer ctx.Close()
 
 	err := os.Symlink(filepath.Join(ctx.Dir, "nosuchfile"), filepath.Join(ctx.Dir, "asymlink"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// warm up cache
 	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
 	// add new file to context, should invalidate cache
-	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "newfile"), []byte("foo"), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(ctx.Dir, "newfile"), []byte("foo"), 0644)
+	assert.NilError(c, err)
 
 	result := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 	if strings.Contains(result.Combined(), "Using cache") {
@@ -4787,7 +4776,7 @@ func (s *DockerSuite) TestBuildCacheBrokenSymlink(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildFollowSymlinkToFile(c *check.C) {
+func (s *DockerSuite) TestBuildFollowSymlinkToFile(c *testing.T) {
 	name := "testbuildbrokensymlink"
 	ctx := fakecontext.New(c, "",
 		fakecontext.WithDockerfile(`
@@ -4799,25 +4788,25 @@ func (s *DockerSuite) TestBuildFollowSymlinkToFile(c *check.C) {
 	defer ctx.Close()
 
 	err := os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
 	out := cli.DockerCmd(c, "run", "--rm", name, "cat", "target").Combined()
-	c.Assert(out, checker.Matches, "bar")
+	assert.Assert(c, cmp.Regexp("^bar$", out))
 
 	// change target file should invalidate cache
-	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
+	assert.NilError(c, err)
 
 	result := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
-	c.Assert(result.Combined(), checker.Not(checker.Contains), "Using cache")
-
+	assert.Assert(c, !strings.Contains(result.Combined(), "Using cache"))
 	out = cli.DockerCmd(c, "run", "--rm", name, "cat", "target").Combined()
-	c.Assert(out, checker.Matches, "baz")
+	assert.Assert(c, cmp.Regexp("^baz$", out))
+
 }
 
-func (s *DockerSuite) TestBuildFollowSymlinkToDir(c *check.C) {
+func (s *DockerSuite) TestBuildFollowSymlinkToDir(c *testing.T) {
 	name := "testbuildbrokensymlink"
 	ctx := fakecontext.New(c, "",
 		fakecontext.WithDockerfile(`
@@ -4830,28 +4819,27 @@ func (s *DockerSuite) TestBuildFollowSymlinkToDir(c *check.C) {
 	defer ctx.Close()
 
 	err := os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
 	out := cli.DockerCmd(c, "run", "--rm", name, "cat", "abc", "def").Combined()
-	c.Assert(out, checker.Matches, "barbaz")
+	assert.Assert(c, cmp.Regexp("^barbaz$", out))
 
 	// change target file should invalidate cache
-	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo/def"), []byte("bax"), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(ctx.Dir, "foo/def"), []byte("bax"), 0644)
+	assert.NilError(c, err)
 
 	result := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
-	c.Assert(result.Combined(), checker.Not(checker.Contains), "Using cache")
-
+	assert.Assert(c, !strings.Contains(result.Combined(), "Using cache"))
 	out = cli.DockerCmd(c, "run", "--rm", name, "cat", "abc", "def").Combined()
-	c.Assert(out, checker.Matches, "barbax")
+	assert.Assert(c, cmp.Regexp("^barbax$", out))
 
 }
 
 // TestBuildSymlinkBasename tests that target file gets basename from symlink,
 // not from the target file.
-func (s *DockerSuite) TestBuildSymlinkBasename(c *check.C) {
+func (s *DockerSuite) TestBuildSymlinkBasename(c *testing.T) {
 	name := "testbuildbrokensymlink"
 	ctx := fakecontext.New(c, "",
 		fakecontext.WithDockerfile(`
@@ -4863,16 +4851,17 @@ func (s *DockerSuite) TestBuildSymlinkBasename(c *check.C) {
 	defer ctx.Close()
 
 	err := os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
 	out := cli.DockerCmd(c, "run", "--rm", name, "cat", "asymlink").Combined()
-	c.Assert(out, checker.Matches, "bar")
+	assert.Assert(c, cmp.Regexp("^bar$", out))
+
 }
 
 // #17827
-func (s *DockerSuite) TestBuildCacheRootSource(c *check.C) {
+func (s *DockerSuite) TestBuildCacheRootSource(c *testing.T) {
 	name := "testbuildrootsource"
 	ctx := fakecontext.New(c, "",
 		fakecontext.WithDockerfile(`
@@ -4887,17 +4876,17 @@ func (s *DockerSuite) TestBuildCacheRootSource(c *check.C) {
 	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
 	// change file, should invalidate cache
-	err := ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
-	c.Assert(err, checker.IsNil)
+	err := os.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
+	assert.NilError(c, err)
 
 	result := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
-	c.Assert(result.Combined(), checker.Not(checker.Contains), "Using cache")
+	assert.Assert(c, !strings.Contains(result.Combined(), "Using cache"))
 }
 
 // #19375
 // FIXME(vdemeester) should migrate to docker/cli tests
-func (s *DockerSuite) TestBuildFailsGitNotCallable(c *check.C) {
+func (s *DockerSuite) TestBuildFailsGitNotCallable(c *testing.T) {
 	buildImage("gitnotcallable", cli.WithEnvironmentVariables("PATH="),
 		build.WithContextPath("github.com/docker/v1.10-migrator.git")).Assert(c, icmd.Expected{
 		ExitCode: 1,
@@ -4912,7 +4901,7 @@ func (s *DockerSuite) TestBuildFailsGitNotCallable(c *check.C) {
 }
 
 // TestBuildWorkdirWindowsPath tests that a Windows style path works as a workdir
-func (s *DockerSuite) TestBuildWorkdirWindowsPath(c *check.C) {
+func (s *DockerSuite) TestBuildWorkdirWindowsPath(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildworkdirwindowspath"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`
@@ -4923,7 +4912,7 @@ func (s *DockerSuite) TestBuildWorkdirWindowsPath(c *check.C) {
 	`))
 }
 
-func (s *DockerSuite) TestBuildLabel(c *check.C) {
+func (s *DockerSuite) TestBuildLabel(c *testing.T) {
 	name := "testbuildlabel"
 	testLabel := "foo"
 
@@ -4940,7 +4929,7 @@ func (s *DockerSuite) TestBuildLabel(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildLabelOneNode(c *check.C) {
+func (s *DockerSuite) TestBuildLabelOneNode(c *testing.T) {
 	name := "testbuildlabel"
 	buildImageSuccessfully(c, name, cli.WithFlags("--label", "foo=bar"),
 		build.WithDockerfile("FROM busybox"))
@@ -4951,10 +4940,10 @@ func (s *DockerSuite) TestBuildLabelOneNode(c *check.C) {
 	if !ok {
 		c.Fatal("label `foo` not found in image")
 	}
-	c.Assert(v, checker.Equals, "bar")
+	assert.Equal(c, v, "bar")
 }
 
-func (s *DockerSuite) TestBuildLabelCacheCommit(c *check.C) {
+func (s *DockerSuite) TestBuildLabelCacheCommit(c *testing.T) {
 	name := "testbuildlabelcachecommit"
 	testLabel := "foo"
 
@@ -4975,7 +4964,7 @@ func (s *DockerSuite) TestBuildLabelCacheCommit(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildLabelMultiple(c *check.C) {
+func (s *DockerSuite) TestBuildLabelMultiple(c *testing.T) {
 	name := "testbuildlabelmultiple"
 	testLabels := map[string]string{
 		"foo": "bar",
@@ -5001,7 +4990,7 @@ func (s *DockerSuite) TestBuildLabelMultiple(c *check.C) {
 	}
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) TestBuildFromAuthenticatedRegistry(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TestBuildFromAuthenticatedRegistry(c *testing.T) {
 	dockerCmd(c, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 	baseImage := privateRegistryURL + "/baseimage"
 
@@ -5019,35 +5008,34 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestBuildFromAuthenticatedRegistry(c *
 	`, baseImage)))
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) TestBuildWithExternalAuth(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TestBuildWithExternalAuth(c *testing.T) {
 	osPath := os.Getenv("PATH")
 	defer os.Setenv("PATH", osPath)
 
 	workingDir, err := os.Getwd()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
 
 	os.Setenv("PATH", testPath)
 
 	repoName := fmt.Sprintf("%v/dockercli/busybox:authtest", privateRegistryURL)
 
-	tmp, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	tmp, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 
 	externalAuthConfig := `{ "credsStore": "shell-test" }`
 
 	configPath := filepath.Join(tmp, "config.json")
-	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 
-	b, err := ioutil.ReadFile(configPath)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
-
+	b, err := os.ReadFile(configPath)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(string(b), "\"auth\":"))
 	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
 	dockerCmd(c, "--config", tmp, "push", repoName)
 
@@ -5061,7 +5049,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestBuildWithExternalAuth(c *check.C)
 }
 
 // Test cases in #22036
-func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
+func (s *DockerSuite) TestBuildLabelsOverride(c *testing.T) {
 	// Command line option labels will always override
 	name := "scratchy"
 	expected := `{"bar":"from-flag","foo":"from-flag"}`
@@ -5140,7 +5128,7 @@ func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
 }
 
 // Test case for #22855
-func (s *DockerSuite) TestBuildDeleteCommittedFile(c *check.C) {
+func (s *DockerSuite) TestBuildDeleteCommittedFile(c *testing.T) {
 	name := "test-delete-committed-file"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		RUN echo test > file
@@ -5150,7 +5138,7 @@ func (s *DockerSuite) TestBuildDeleteCommittedFile(c *check.C) {
 }
 
 // #20083
-func (s *DockerSuite) TestBuildDockerignoreComment(c *check.C) {
+func (s *DockerSuite) TestBuildDockerignoreComment(c *testing.T) {
 	// TODO Windows: Figure out why this test is flakey on TP5. If you add
 	// something like RUN sleep 5, or even RUN ls /tmp after the ADD line,
 	// it is more reliable, but that's not a good fix.
@@ -5184,7 +5172,7 @@ foo2
 }
 
 // Test case for #23221
-func (s *DockerSuite) TestBuildWithUTF8BOM(c *check.C) {
+func (s *DockerSuite) TestBuildWithUTF8BOM(c *testing.T) {
 	name := "test-with-utf8-bom"
 	dockerfile := []byte(`FROM busybox`)
 	bomDockerfile := append([]byte{0xEF, 0xBB, 0xBF}, dockerfile...)
@@ -5194,7 +5182,7 @@ func (s *DockerSuite) TestBuildWithUTF8BOM(c *check.C) {
 }
 
 // Test case for UTF-8 BOM in .dockerignore, related to #23221
-func (s *DockerSuite) TestBuildWithUTF8BOMDockerignore(c *check.C) {
+func (s *DockerSuite) TestBuildWithUTF8BOMDockerignore(c *testing.T) {
 	name := "test-with-utf8-bom-dockerignore"
 	dockerfile := `
         FROM busybox
@@ -5211,7 +5199,7 @@ func (s *DockerSuite) TestBuildWithUTF8BOMDockerignore(c *check.C) {
 }
 
 // #22489 Shell test to confirm config gets updated correctly
-func (s *DockerSuite) TestBuildShellUpdatesConfig(c *check.C) {
+func (s *DockerSuite) TestBuildShellUpdatesConfig(c *testing.T) {
 	name := "testbuildshellupdatesconfig"
 
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
@@ -5228,7 +5216,7 @@ func (s *DockerSuite) TestBuildShellUpdatesConfig(c *check.C) {
 }
 
 // #22489 Changing the shell multiple times and CMD after.
-func (s *DockerSuite) TestBuildShellMultiple(c *check.C) {
+func (s *DockerSuite) TestBuildShellMultiple(c *testing.T) {
 	name := "testbuildshellmultiple"
 
 	result := buildImage(name, build.WithDockerfile(`FROM busybox
@@ -5264,7 +5252,7 @@ func (s *DockerSuite) TestBuildShellMultiple(c *check.C) {
 }
 
 // #22489. Changed SHELL with ENTRYPOINT
-func (s *DockerSuite) TestBuildShellEntrypoint(c *check.C) {
+func (s *DockerSuite) TestBuildShellEntrypoint(c *testing.T) {
 	name := "testbuildshellentrypoint"
 
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
@@ -5279,7 +5267,7 @@ func (s *DockerSuite) TestBuildShellEntrypoint(c *check.C) {
 }
 
 // #22489 Shell test to confirm shell is inherited in a subsequent build
-func (s *DockerSuite) TestBuildShellInherited(c *check.C) {
+func (s *DockerSuite) TestBuildShellInherited(c *testing.T) {
 	name1 := "testbuildshellinherited1"
 	buildImageSuccessfully(c, name1, build.WithDockerfile(`FROM busybox
         SHELL ["ls"]`))
@@ -5292,7 +5280,7 @@ func (s *DockerSuite) TestBuildShellInherited(c *check.C) {
 }
 
 // #22489 Shell test to confirm non-JSON doesn't work
-func (s *DockerSuite) TestBuildShellNotJSON(c *check.C) {
+func (s *DockerSuite) TestBuildShellNotJSON(c *testing.T) {
 	name := "testbuildshellnotjson"
 
 	buildImage(name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
@@ -5305,7 +5293,7 @@ func (s *DockerSuite) TestBuildShellNotJSON(c *check.C) {
 
 // #22489 Windows shell test to confirm native is powershell if executing a PS command
 // This would error if the default shell were still cmd.
-func (s *DockerSuite) TestBuildShellWindowsPowershell(c *check.C) {
+func (s *DockerSuite) TestBuildShellWindowsPowershell(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildshellpowershell"
 	buildImage(name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
@@ -5317,7 +5305,7 @@ func (s *DockerSuite) TestBuildShellWindowsPowershell(c *check.C) {
 
 // Verify that escape is being correctly applied to words when escape directive is not \.
 // Tests WORKDIR, ADD
-func (s *DockerSuite) TestBuildEscapeNotBackslashWordTest(c *check.C) {
+func (s *DockerSuite) TestBuildEscapeNotBackslashWordTest(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildescapenotbackslashwordtesta"
 	buildImage(name, build.WithDockerfile(`# escape= `+"`"+`
@@ -5338,58 +5326,77 @@ func (s *DockerSuite) TestBuildEscapeNotBackslashWordTest(c *check.C) {
 	})
 }
 
-// #22868. Make sure shell-form CMD is marked as escaped in the config of the image
-func (s *DockerSuite) TestBuildCmdShellArgsEscaped(c *check.C) {
+// #22868. Make sure shell-form CMD is not marked as escaped in the config of the image,
+// but an exec-form CMD is marked.
+func (s *DockerSuite) TestBuildCmdShellArgsEscaped(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
-	name := "testbuildcmdshellescaped"
-	buildImageSuccessfully(c, name, build.WithDockerfile(`
+	name1 := "testbuildcmdshellescapedshellform"
+	buildImageSuccessfully(c, name1, build.WithDockerfile(`
   FROM `+minimalBaseImage()+`
   CMD "ipconfig"
   `))
-	res := inspectFieldJSON(c, name, "Config.ArgsEscaped")
+	res := inspectFieldJSON(c, name1, "Config.ArgsEscaped")
 	if res != "true" {
 		c.Fatalf("CMD did not update Config.ArgsEscaped on image: %v", res)
 	}
-	dockerCmd(c, "run", "--name", "inspectme", name)
-	dockerCmd(c, "wait", "inspectme")
-	res = inspectFieldJSON(c, name, "Config.Cmd")
+	dockerCmd(c, "run", "--name", "inspectme1", name1)
+	dockerCmd(c, "wait", "inspectme1")
+	res = inspectFieldJSON(c, name1, "Config.Cmd")
 
-	if res != `["cmd","/S","/C","\"ipconfig\""]` {
-		c.Fatalf("CMD was not escaped Config.Cmd: got %v", res)
+	if res != `["cmd /S /C \"ipconfig\""]` {
+		c.Fatalf("CMD incorrect in Config.Cmd: got %v", res)
 	}
+
+	// Now in JSON/exec-form
+	name2 := "testbuildcmdshellescapedexecform"
+	buildImageSuccessfully(c, name2, build.WithDockerfile(`
+  FROM `+minimalBaseImage()+`
+  CMD ["ipconfig"]
+  `))
+	res = inspectFieldJSON(c, name2, "Config.ArgsEscaped")
+	if res != "false" {
+		c.Fatalf("CMD set Config.ArgsEscaped on image: %v", res)
+	}
+	dockerCmd(c, "run", "--name", "inspectme2", name2)
+	dockerCmd(c, "wait", "inspectme2")
+	res = inspectFieldJSON(c, name2, "Config.Cmd")
+
+	if res != `["ipconfig"]` {
+		c.Fatalf("CMD incorrect in Config.Cmd: got %v", res)
+	}
+
 }
 
 // Test case for #24912.
-func (s *DockerSuite) TestBuildStepsWithProgress(c *check.C) {
+func (s *DockerSuite) TestBuildStepsWithProgress(c *testing.T) {
 	name := "testbuildstepswithprogress"
 	totalRun := 5
 	result := buildImage(name, build.WithDockerfile("FROM busybox\n"+strings.Repeat("RUN echo foo\n", totalRun)))
 	result.Assert(c, icmd.Success)
-	c.Assert(result.Combined(), checker.Contains, fmt.Sprintf("Step 1/%d : FROM busybox", 1+totalRun))
+	assert.Assert(c, strings.Contains(result.Combined(), fmt.Sprintf("Step 1/%d : FROM busybox", 1+totalRun)))
 	for i := 2; i <= 1+totalRun; i++ {
-		c.Assert(result.Combined(), checker.Contains, fmt.Sprintf("Step %d/%d : RUN echo foo", i, 1+totalRun))
+		assert.Assert(c, strings.Contains(result.Combined(), fmt.Sprintf("Step %d/%d : RUN echo foo", i, 1+totalRun)))
 	}
 }
 
-func (s *DockerSuite) TestBuildWithFailure(c *check.C) {
+func (s *DockerSuite) TestBuildWithFailure(c *testing.T) {
 	name := "testbuildwithfailure"
 
 	// First test case can only detect `nobody` in runtime so all steps will show up
 	dockerfile := "FROM busybox\nRUN nobody"
 	result := buildImage(name, build.WithDockerfile(dockerfile))
-	c.Assert(result.Error, checker.NotNil)
-	c.Assert(result.Stdout(), checker.Contains, "Step 1/2 : FROM busybox")
-	c.Assert(result.Stdout(), checker.Contains, "Step 2/2 : RUN nobody")
-
+	assert.Assert(c, result.Error != nil)
+	assert.Assert(c, strings.Contains(result.Stdout(), "Step 1/2 : FROM busybox"))
+	assert.Assert(c, strings.Contains(result.Stdout(), "Step 2/2 : RUN nobody"))
 	// Second test case `FFOM` should have been detected before build runs so no steps
 	dockerfile = "FFOM nobody\nRUN nobody"
 	result = buildImage(name, build.WithDockerfile(dockerfile))
-	c.Assert(result.Error, checker.NotNil)
-	c.Assert(result.Stdout(), checker.Not(checker.Contains), "Step 1/2 : FROM busybox")
-	c.Assert(result.Stdout(), checker.Not(checker.Contains), "Step 2/2 : RUN nobody")
+	assert.Assert(c, result.Error != nil)
+	assert.Assert(c, !strings.Contains(result.Stdout(), "Step 1/2 : FROM busybox"))
+	assert.Assert(c, !strings.Contains(result.Stdout(), "Step 2/2 : RUN nobody"))
 }
 
-func (s *DockerSuite) TestBuildCacheFromEqualDiffIDsLength(c *check.C) {
+func (s *DockerSuite) TestBuildCacheFromEqualDiffIDsLength(c *testing.T) {
 	dockerfile := `
 		FROM busybox
 		RUN echo "test"
@@ -5407,11 +5414,11 @@ func (s *DockerSuite) TestBuildCacheFromEqualDiffIDsLength(c *check.C) {
 	// rebuild with cache-from
 	result := cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
 	id2 := getIDByName(c, "build2")
-	c.Assert(id1, checker.Equals, id2)
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 2)
+	assert.Equal(c, id1, id2)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 2)
 }
 
-func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
+func (s *DockerSuite) TestBuildCacheFrom(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // All tests that do save are skipped in windows
 	dockerfile := `
 		FROM busybox
@@ -5432,19 +5439,19 @@ func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
 	// rebuild with cache-from
 	result := cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
 	id2 := getIDByName(c, "build2")
-	c.Assert(id1, checker.Equals, id2)
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 3)
+	assert.Equal(c, id1, id2)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 3)
 	cli.DockerCmd(c, "rmi", "build2")
 
 	// no cache match with unknown source
 	result = cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=nosuchtag"), build.WithExternalBuildContext(ctx))
 	id2 = getIDByName(c, "build2")
-	c.Assert(id1, checker.Not(checker.Equals), id2)
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 0)
+	assert.Assert(c, id1 != id2)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 0)
 	cli.DockerCmd(c, "rmi", "build2")
 
 	// clear parent images
-	tempDir, err := ioutil.TempDir("", "test-build-cache-from-")
+	tempDir, err := os.MkdirTemp("", "test-build-cache-from-")
 	if err != nil {
 		c.Fatalf("failed to create temporary directory: %s", tempDir)
 	}
@@ -5454,23 +5461,23 @@ func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
 	cli.DockerCmd(c, "rmi", "build1")
 	cli.DockerCmd(c, "load", "-i", tempFile)
 	parentID := cli.DockerCmd(c, "inspect", "-f", "{{.Parent}}", "build1").Combined()
-	c.Assert(strings.TrimSpace(parentID), checker.Equals, "")
+	assert.Equal(c, strings.TrimSpace(parentID), "")
 
 	// cache still applies without parents
 	result = cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
 	id2 = getIDByName(c, "build2")
-	c.Assert(id1, checker.Equals, id2)
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 3)
+	assert.Equal(c, id1, id2)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 3)
 	history1 := cli.DockerCmd(c, "history", "-q", "build2").Combined()
 
 	// Retry, no new intermediate images
 	result = cli.BuildCmd(c, "build3", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
 	id3 := getIDByName(c, "build3")
-	c.Assert(id1, checker.Equals, id3)
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 3)
+	assert.Equal(c, id1, id3)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 3)
 	history2 := cli.DockerCmd(c, "history", "-q", "build3").Combined()
 
-	c.Assert(history1, checker.Equals, history2)
+	assert.Equal(c, history1, history2)
 	cli.DockerCmd(c, "rmi", "build2")
 	cli.DockerCmd(c, "rmi", "build3")
 	cli.DockerCmd(c, "rmi", "build1")
@@ -5482,30 +5489,30 @@ func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
 		ENV FOO=bar
 		ADD baz /
 		RUN touch newfile`
-	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "Dockerfile"), []byte(dockerfile), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(ctx.Dir, "Dockerfile"), []byte(dockerfile), 0644)
+	assert.NilError(c, err)
 
 	result = cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
 	id2 = getIDByName(c, "build2")
-	c.Assert(id1, checker.Not(checker.Equals), id2)
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 2)
+	assert.Assert(c, id1 != id2)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 2)
 
 	layers1Str := cli.DockerCmd(c, "inspect", "-f", "{{json .RootFS.Layers}}", "build1").Combined()
 	layers2Str := cli.DockerCmd(c, "inspect", "-f", "{{json .RootFS.Layers}}", "build2").Combined()
 
 	var layers1 []string
 	var layers2 []string
-	c.Assert(json.Unmarshal([]byte(layers1Str), &layers1), checker.IsNil)
-	c.Assert(json.Unmarshal([]byte(layers2Str), &layers2), checker.IsNil)
+	assert.Assert(c, json.Unmarshal([]byte(layers1Str), &layers1) == nil)
+	assert.Assert(c, json.Unmarshal([]byte(layers2Str), &layers2) == nil)
 
-	c.Assert(len(layers1), checker.Equals, len(layers2))
+	assert.Equal(c, len(layers1), len(layers2))
 	for i := 0; i < len(layers1)-1; i++ {
-		c.Assert(layers1[i], checker.Equals, layers2[i])
+		assert.Equal(c, layers1[i], layers2[i])
 	}
-	c.Assert(layers1[len(layers1)-1], checker.Not(checker.Equals), layers2[len(layers1)-1])
+	assert.Assert(c, layers1[len(layers1)-1] != layers2[len(layers1)-1])
 }
 
-func (s *DockerSuite) TestBuildMultiStageCache(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageCache(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // All tests that do save are skipped in windows
 	dockerfile := `
 		FROM busybox
@@ -5522,14 +5529,14 @@ func (s *DockerSuite) TestBuildMultiStageCache(c *check.C) {
 
 	result := cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
 	// second part of dockerfile was a repeat of first so should be cached
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 1)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 1)
 
 	result = cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
 	// now both parts of dockerfile should be cached
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 2)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 2)
 }
 
-func (s *DockerSuite) TestBuildNetNone(c *check.C) {
+func (s *DockerSuite) TestBuildNetNone(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildnetnone"
 	buildImage(name, cli.WithFlags("--network=none"), build.WithDockerfile(`
@@ -5541,7 +5548,7 @@ func (s *DockerSuite) TestBuildNetNone(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestBuildNetContainer(c *check.C) {
+func (s *DockerSuite) TestBuildNetContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	id, _ := dockerCmd(c, "run", "--hostname", "foobar", "-d", "busybox", "nc", "-ll", "-p", "1234", "-e", "hostname")
@@ -5554,10 +5561,10 @@ func (s *DockerSuite) TestBuildNetContainer(c *check.C) {
   `))
 
 	host, _ := dockerCmd(c, "run", "testbuildnetcontainer", "cat", "/otherhost")
-	c.Assert(strings.TrimSpace(host), check.Equals, "foobar")
+	assert.Equal(c, strings.TrimSpace(host), "foobar")
 }
 
-func (s *DockerSuite) TestBuildWithExtraHost(c *check.C) {
+func (s *DockerSuite) TestBuildWithExtraHost(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	name := "testbuildwithextrahost"
@@ -5573,7 +5580,7 @@ func (s *DockerSuite) TestBuildWithExtraHost(c *check.C) {
   `))
 }
 
-func (s *DockerSuite) TestBuildWithExtraHostInvalidFormat(c *check.C) {
+func (s *DockerSuite) TestBuildWithExtraHostInvalidFormat(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerfile := `
 		FROM busybox
@@ -5600,33 +5607,7 @@ func (s *DockerSuite) TestBuildWithExtraHostInvalidFormat(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildContChar(c *check.C) {
-	name := "testbuildcontchar"
-
-	buildImage(name, build.WithDockerfile(`FROM busybox\`)).Assert(c, icmd.Expected{
-		Out: "Step 1/1 : FROM busybox",
-	})
-
-	result := buildImage(name, build.WithDockerfile(`FROM busybox
-		 RUN echo hi \`))
-	result.Assert(c, icmd.Success)
-	c.Assert(result.Combined(), checker.Contains, "Step 1/2 : FROM busybox")
-	c.Assert(result.Combined(), checker.Contains, "Step 2/2 : RUN echo hi\n")
-
-	result = buildImage(name, build.WithDockerfile(`FROM busybox
-		 RUN echo hi \\`))
-	result.Assert(c, icmd.Success)
-	c.Assert(result.Combined(), checker.Contains, "Step 1/2 : FROM busybox")
-	c.Assert(result.Combined(), checker.Contains, "Step 2/2 : RUN echo hi \\\n")
-
-	result = buildImage(name, build.WithDockerfile(`FROM busybox
-		 RUN echo hi \\\`))
-	result.Assert(c, icmd.Success)
-	c.Assert(result.Combined(), checker.Contains, "Step 1/2 : FROM busybox")
-	c.Assert(result.Combined(), checker.Contains, "Step 2/2 : RUN echo hi \\\\\n")
-}
-
-func (s *DockerSuite) TestBuildMultiStageCopyFromSyntax(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageCopyFromSyntax(c *testing.T) {
 	dockerfile := `
 		FROM busybox AS first
 		COPY foo bar
@@ -5663,28 +5644,28 @@ func (s *DockerSuite) TestBuildMultiStageCopyFromSyntax(c *check.C) {
 	result := cli.BuildCmd(c, "build2", build.WithExternalBuildContext(ctx))
 
 	// all commands should be cached
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 7)
-	c.Assert(getIDByName(c, "build1"), checker.Equals, getIDByName(c, "build2"))
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 7)
+	assert.Equal(c, getIDByName(c, "build1"), getIDByName(c, "build2"))
 
-	err := ioutil.WriteFile(filepath.Join(ctx.Dir, "Dockerfile"), []byte(fmt.Sprintf(dockerfile, "COPY baz/aa foo")), 0644)
-	c.Assert(err, checker.IsNil)
+	err := os.WriteFile(filepath.Join(ctx.Dir, "Dockerfile"), []byte(fmt.Sprintf(dockerfile, "COPY baz/aa foo")), 0644)
+	assert.NilError(c, err)
 
 	// changing file in parent block should not affect last block
 	result = cli.BuildCmd(c, "build3", build.WithExternalBuildContext(ctx))
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 5)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 5)
 
-	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("pqr"), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("pqr"), 0644)
+	assert.NilError(c, err)
 
 	// changing file in parent block should affect both first and last block
 	result = cli.BuildCmd(c, "build4", build.WithExternalBuildContext(ctx))
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 5)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 5)
 
 	cli.DockerCmd(c, "run", "build4", "cat", "bay").Assert(c, icmd.Expected{Out: "pqr"})
 	cli.DockerCmd(c, "run", "build4", "cat", "baz").Assert(c, icmd.Expected{Out: "pqr"})
 }
 
-func (s *DockerSuite) TestBuildMultiStageCopyFromErrors(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageCopyFromErrors(c *testing.T) {
 	testCases := []struct {
 		dockerfile    string
 		expectedError string
@@ -5731,7 +5712,7 @@ func (s *DockerSuite) TestBuildMultiStageCopyFromErrors(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildMultiStageMultipleBuilds(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageMultipleBuilds(c *testing.T) {
 	dockerfile := `
 		FROM busybox
 		COPY foo bar`
@@ -5759,12 +5740,12 @@ func (s *DockerSuite) TestBuildMultiStageMultipleBuilds(c *check.C) {
 	cli.BuildCmd(c, "build2", build.WithExternalBuildContext(ctx))
 
 	out := cli.DockerCmd(c, "run", "build2", "cat", "bar").Combined()
-	c.Assert(strings.TrimSpace(out), check.Equals, "abc")
+	assert.Equal(c, strings.TrimSpace(out), "abc")
 	out = cli.DockerCmd(c, "run", "build2", "cat", "foo").Combined()
-	c.Assert(strings.TrimSpace(out), check.Equals, "def")
+	assert.Equal(c, strings.TrimSpace(out), "def")
 }
 
-func (s *DockerSuite) TestBuildMultiStageImplicitFrom(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageImplicitFrom(c *testing.T) {
 	dockerfile := `
 		FROM busybox
 		COPY --from=busybox /etc/passwd /mypasswd
@@ -5785,13 +5766,13 @@ func (s *DockerSuite) TestBuildMultiStageImplicitFrom(c *check.C) {
 
 	if DaemonIsWindows() {
 		out := cli.DockerCmd(c, "run", "build1", "cat", "License.txt").Combined()
-		c.Assert(len(out), checker.GreaterThan, 10)
+		assert.Assert(c, len(out) > 10)
 		out2 := cli.DockerCmd(c, "run", "build1", "cat", "foo").Combined()
-		c.Assert(out, check.Equals, out2)
+		assert.Equal(c, out, out2)
 	}
 }
 
-func (s *DockerRegistrySuite) TestBuildMultiStageImplicitPull(c *check.C) {
+func (s *DockerRegistrySuite) TestBuildMultiStageImplicitPull(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/testf", privateRegistryURL)
 
 	dockerfile := `
@@ -5821,7 +5802,7 @@ func (s *DockerRegistrySuite) TestBuildMultiStageImplicitPull(c *check.C) {
 	cli.Docker(cli.Args("run", "build1", "cat", "baz")).Assert(c, icmd.Expected{Out: "abc"})
 }
 
-func (s *DockerSuite) TestBuildMultiStageNameVariants(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageNameVariants(c *testing.T) {
 	dockerfile := `
 		FROM busybox as foo
 		COPY foo /
@@ -5846,7 +5827,7 @@ func (s *DockerSuite) TestBuildMultiStageNameVariants(c *check.C) {
 	cli.Docker(cli.Args("run", "build1", "cat", "f2")).Assert(c, icmd.Expected{Out: "bar2"})
 }
 
-func (s *DockerSuite) TestBuildMultiStageMultipleBuildsWindows(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageMultipleBuildsWindows(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	dockerfile := `
 		FROM ` + testEnv.PlatformDefaults.BaseImage + `
@@ -5875,12 +5856,12 @@ func (s *DockerSuite) TestBuildMultiStageMultipleBuildsWindows(c *check.C) {
 	cli.BuildCmd(c, "build2", build.WithExternalBuildContext(ctx))
 
 	out := cli.DockerCmd(c, "run", "build2", "cmd.exe", "/s", "/c", "type", "c:\\bar").Combined()
-	c.Assert(strings.TrimSpace(out), check.Equals, "abc")
+	assert.Equal(c, strings.TrimSpace(out), "abc")
 	out = cli.DockerCmd(c, "run", "build2", "cmd.exe", "/s", "/c", "type", "c:\\foo").Combined()
-	c.Assert(strings.TrimSpace(out), check.Equals, "def")
+	assert.Equal(c, strings.TrimSpace(out), "def")
 }
 
-func (s *DockerSuite) TestBuildCopyFromForbidWindowsSystemPaths(c *check.C) {
+func (s *DockerSuite) TestBuildCopyFromForbidWindowsSystemPaths(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	dockerfile := `
 		FROM ` + testEnv.PlatformDefaults.BaseImage + `
@@ -5897,7 +5878,7 @@ func (s *DockerSuite) TestBuildCopyFromForbidWindowsSystemPaths(c *check.C) {
 	buildImage("testforbidsystempaths4", build.WithDockerfile(fmt.Sprintf(dockerfile, "c:\\\\wInDows"))).Assert(c, exp)
 }
 
-func (s *DockerSuite) TestBuildCopyFromForbidWindowsRelativePaths(c *check.C) {
+func (s *DockerSuite) TestBuildCopyFromForbidWindowsRelativePaths(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	dockerfile := `
 		FROM ` + testEnv.PlatformDefaults.BaseImage + `
@@ -5915,7 +5896,7 @@ func (s *DockerSuite) TestBuildCopyFromForbidWindowsRelativePaths(c *check.C) {
 	buildImage("testforbidsystempaths5", build.WithDockerfile(fmt.Sprintf(dockerfile, "\\\\windows"))).Assert(c, exp)
 }
 
-func (s *DockerSuite) TestBuildCopyFromWindowsIsCaseInsensitive(c *check.C) {
+func (s *DockerSuite) TestBuildCopyFromWindowsIsCaseInsensitive(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	dockerfile := `
 		FROM ` + testEnv.PlatformDefaults.BaseImage + `
@@ -5934,7 +5915,7 @@ func (s *DockerSuite) TestBuildCopyFromWindowsIsCaseInsensitive(c *check.C) {
 }
 
 // #33176
-func (s *DockerSuite) TestBuildMulitStageResetScratch(c *check.C) {
+func (s *DockerSuite) TestBuildMultiStageResetScratch(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	dockerfile := `
@@ -5951,10 +5932,10 @@ func (s *DockerSuite) TestBuildMulitStageResetScratch(c *check.C) {
 	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
 
 	res := cli.InspectCmd(c, "build1", cli.Format(".Config.WorkingDir")).Combined()
-	c.Assert(strings.TrimSpace(res), checker.Equals, "")
+	assert.Equal(c, strings.TrimSpace(res), "")
 }
 
-func (s *DockerSuite) TestBuildIntermediateTarget(c *check.C) {
+func (s *DockerSuite) TestBuildIntermediateTarget(c *testing.T) {
 	//todo: need to be removed after 18.06 release
 	if strings.Contains(testEnv.DaemonInfo.ServerVersion, "18.05.0") {
 		c.Skip(fmt.Sprintf("Bug fixed in 18.06 or higher.Skipping it for %s", testEnv.DaemonInfo.ServerVersion))
@@ -5972,14 +5953,14 @@ func (s *DockerSuite) TestBuildIntermediateTarget(c *check.C) {
 		cli.WithFlags("--target", "build-env"))
 
 	res := cli.InspectCmd(c, "build1", cli.Format("json .Config.Cmd")).Combined()
-	c.Assert(strings.TrimSpace(res), checker.Equals, `["/dev"]`)
+	assert.Equal(c, strings.TrimSpace(res), `["/dev"]`)
 
 	// Stage name is case-insensitive by design
 	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx),
 		cli.WithFlags("--target", "BUIld-EnV"))
 
 	res = cli.InspectCmd(c, "build1", cli.Format("json .Config.Cmd")).Combined()
-	c.Assert(strings.TrimSpace(res), checker.Equals, `["/dev"]`)
+	assert.Equal(c, strings.TrimSpace(res), `["/dev"]`)
 
 	result := cli.Docker(cli.Build("build1"), build.WithExternalBuildContext(ctx),
 		cli.WithFlags("--target", "nosuchtarget"))
@@ -5992,7 +5973,7 @@ func (s *DockerSuite) TestBuildIntermediateTarget(c *check.C) {
 // TestBuildOpaqueDirectory tests that a build succeeds which
 // creates opaque directories.
 // See https://github.com/docker/docker/issues/25244
-func (s *DockerSuite) TestBuildOpaqueDirectory(c *check.C) {
+func (s *DockerSuite) TestBuildOpaqueDirectory(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerFile := `
 		FROM busybox
@@ -6007,7 +5988,7 @@ func (s *DockerSuite) TestBuildOpaqueDirectory(c *check.C) {
 }
 
 // Windows test for USER in dockerfile
-func (s *DockerSuite) TestBuildWindowsUser(c *check.C) {
+func (s *DockerSuite) TestBuildWindowsUser(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildwindowsuser"
 	buildImage(name, build.WithDockerfile(`FROM `+testEnv.PlatformDefaults.BaseImage+`
@@ -6024,7 +6005,7 @@ func (s *DockerSuite) TestBuildWindowsUser(c *check.C) {
 // as opposed to the file being copied as a file with the name of the
 // directory. Fix for 27545 (found on Windows, but regression good for Linux too).
 // Note 27545 was reverted in 28505, but a new fix was added subsequently in 28514.
-func (s *DockerSuite) TestBuildCopyFileDotWithWorkdir(c *check.C) {
+func (s *DockerSuite) TestBuildCopyFileDotWithWorkdir(c *testing.T) {
 	name := "testbuildcopyfiledotwithworkdir"
 	buildImageSuccessfully(c, name, build.WithBuildContext(c,
 		build.WithFile("Dockerfile", `FROM busybox
@@ -6037,7 +6018,7 @@ RUN ["cat", "/foo/file"]
 }
 
 // Case-insensitive environment variables on Windows
-func (s *DockerSuite) TestBuildWindowsEnvCaseInsensitive(c *check.C) {
+func (s *DockerSuite) TestBuildWindowsEnvCaseInsensitive(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildwindowsenvcaseinsensitive"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`
@@ -6051,20 +6032,14 @@ func (s *DockerSuite) TestBuildWindowsEnvCaseInsensitive(c *check.C) {
 }
 
 // Test case for 29667
-func (s *DockerSuite) TestBuildWorkdirImageCmd(c *check.C) {
+func (s *DockerSuite) TestBuildWorkdirImageCmd(c *testing.T) {
 	image := "testworkdirimagecmd"
 	buildImageSuccessfully(c, image, build.WithDockerfile(`
 FROM busybox
 WORKDIR /foo/bar
 `))
 	out, _ := dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", image)
-
-	// The Windows busybox image has a blank `cmd`
-	lookingFor := `["sh"]`
-	if testEnv.OSType == "windows" {
-		lookingFor = "null"
-	}
-	c.Assert(strings.TrimSpace(out), checker.Equals, lookingFor)
+	assert.Equal(c, strings.TrimSpace(out), `["sh"]`)
 
 	image = "testworkdirlabelimagecmd"
 	buildImageSuccessfully(c, image, build.WithDockerfile(`
@@ -6074,11 +6049,11 @@ LABEL a=b
 `))
 
 	out, _ = dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", image)
-	c.Assert(strings.TrimSpace(out), checker.Equals, lookingFor)
+	assert.Equal(c, strings.TrimSpace(out), `["sh"]`)
 }
 
 // Test case for 28902/28909
-func (s *DockerSuite) TestBuildWorkdirCmd(c *check.C) {
+func (s *DockerSuite) TestBuildWorkdirCmd(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildworkdircmd"
 	dockerFile := `
@@ -6088,22 +6063,22 @@ func (s *DockerSuite) TestBuildWorkdirCmd(c *check.C) {
 	buildImageSuccessfully(c, name, build.WithDockerfile(dockerFile))
 	result := buildImage(name, build.WithDockerfile(dockerFile))
 	result.Assert(c, icmd.Success)
-	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 1)
+	assert.Equal(c, strings.Count(result.Combined(), "Using cache"), 1)
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestBuildLineErrorOnBuild(c *check.C) {
+func (s *DockerSuite) TestBuildLineErrorOnBuild(c *testing.T) {
 	name := "test_build_line_error_onbuild"
 	buildImage(name, build.WithDockerfile(`FROM busybox
   ONBUILD
   `)).Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err:      "Dockerfile parse error line 2: ONBUILD requires at least one argument",
+		Err:      "parse error line 2: ONBUILD requires at least one argument",
 	})
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestBuildLineErrorUnknownInstruction(c *check.C) {
+func (s *DockerSuite) TestBuildLineErrorUnknownInstruction(c *testing.T) {
 	name := "test_build_line_error_unknown_instruction"
 	cli.Docker(cli.Build(name), build.WithDockerfile(`FROM busybox
   RUN echo hello world
@@ -6112,12 +6087,12 @@ func (s *DockerSuite) TestBuildLineErrorUnknownInstruction(c *check.C) {
   ERROR
   `)).Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err:      "Dockerfile parse error line 3: unknown instruction: NOINSTRUCTION",
+		Err:      "parse error line 3: unknown instruction: NOINSTRUCTION",
 	})
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestBuildLineErrorWithEmptyLines(c *check.C) {
+func (s *DockerSuite) TestBuildLineErrorWithEmptyLines(c *testing.T) {
 	name := "test_build_line_error_with_empty_lines"
 	cli.Docker(cli.Build(name), build.WithDockerfile(`
   FROM busybox
@@ -6129,12 +6104,12 @@ func (s *DockerSuite) TestBuildLineErrorWithEmptyLines(c *check.C) {
   CMD ["/bin/init"]
   `)).Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err:      "Dockerfile parse error line 6: unknown instruction: NOINSTRUCTION",
+		Err:      "parse error line 6: unknown instruction: NOINSTRUCTION",
 	})
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestBuildLineErrorWithComments(c *check.C) {
+func (s *DockerSuite) TestBuildLineErrorWithComments(c *testing.T) {
 	name := "test_build_line_error_with_comments"
 	cli.Docker(cli.Build(name), build.WithDockerfile(`FROM busybox
   # This will print hello world
@@ -6143,12 +6118,12 @@ func (s *DockerSuite) TestBuildLineErrorWithComments(c *check.C) {
   NOINSTRUCTION echo ba
   `)).Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err:      "Dockerfile parse error line 5: unknown instruction: NOINSTRUCTION",
+		Err:      "parse error line 5: unknown instruction: NOINSTRUCTION",
 	})
 }
 
 // #31957
-func (s *DockerSuite) TestBuildSetCommandWithDefinedShell(c *check.C) {
+func (s *DockerSuite) TestBuildSetCommandWithDefinedShell(c *testing.T) {
 	buildImageSuccessfully(c, "build1", build.WithDockerfile(`
 FROM busybox
 SHELL ["/bin/sh", "-c"]
@@ -6159,12 +6134,16 @@ CMD echo foo
 `))
 
 	out, _ := dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", "build2")
-	c.Assert(strings.TrimSpace(out), checker.Equals, `["/bin/sh","-c","echo foo"]`)
+	expected := `["/bin/sh","-c","echo foo"]`
+	if testEnv.OSType == "windows" {
+		expected = `["/bin/sh -c echo foo"]`
+	}
+	assert.Equal(c, strings.TrimSpace(out), expected)
 }
 
 // FIXME(vdemeester) should migrate to docker/cli tests
-func (s *DockerSuite) TestBuildIidFile(c *check.C) {
-	tmpDir, err := ioutil.TempDir("", "TestBuildIidFile")
+func (s *DockerSuite) TestBuildIidFile(c *testing.T) {
+	tmpDir, err := os.MkdirTemp("", "TestBuildIidFile")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -6180,24 +6159,24 @@ FROM `+minimalBaseImage()+`
 ENV BAR BAZ`),
 		cli.WithFlags("--iidfile", tmpIidFile))
 
-	id, err := ioutil.ReadFile(tmpIidFile)
-	c.Assert(err, check.IsNil)
+	id, err := os.ReadFile(tmpIidFile)
+	assert.NilError(c, err)
 	d, err := digest.Parse(string(id))
-	c.Assert(err, check.IsNil)
-	c.Assert(d.String(), checker.Equals, getIDByName(c, name))
+	assert.NilError(c, err)
+	assert.Equal(c, d.String(), getIDByName(c, name))
 }
 
 // FIXME(vdemeester) should migrate to docker/cli tests
-func (s *DockerSuite) TestBuildIidFileCleanupOnFail(c *check.C) {
-	tmpDir, err := ioutil.TempDir("", "TestBuildIidFileCleanupOnFail")
+func (s *DockerSuite) TestBuildIidFileCleanupOnFail(c *testing.T) {
+	tmpDir, err := os.MkdirTemp("", "TestBuildIidFileCleanupOnFail")
 	if err != nil {
 		c.Fatal(err)
 	}
 	defer os.RemoveAll(tmpDir)
 	tmpIidFile := filepath.Join(tmpDir, "iid")
 
-	err = ioutil.WriteFile(tmpIidFile, []byte("Dummy"), 0666)
-	c.Assert(err, check.IsNil)
+	err = os.WriteFile(tmpIidFile, []byte("Dummy"), 0666)
+	assert.NilError(c, err)
 
 	cli.Docker(cli.Build("testbuildiidfilecleanuponfail"),
 		build.WithDockerfile(`FROM `+minimalBaseImage()+`
@@ -6206,6 +6185,6 @@ func (s *DockerSuite) TestBuildIidFileCleanupOnFail(c *check.C) {
 		ExitCode: 1,
 	})
 	_, err = os.Stat(tmpIidFile)
-	c.Assert(err, check.NotNil)
-	c.Assert(os.IsNotExist(err), check.Equals, true)
+	assert.ErrorContains(c, err, "")
+	assert.Equal(c, os.IsNotExist(err), true)
 }
diff --git a/integration-cli/docker_cli_build_unix_test.go b/integration-cli/docker_cli_build_unix_test.go
index 8cad28f457371..92e51b611a6c7 100644
--- a/integration-cli/docker_cli_build_unix_test.go
+++ b/integration-cli/docker_cli_build_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -6,25 +7,24 @@ import (
 	"bufio"
 	"bytes"
 	"encoding/json"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strings"
 	"syscall"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/go-units"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"github.com/docker/docker/testutil/fakecontext"
+	units "github.com/docker/go-units"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *check.C) {
+func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *testing.T) {
 	testRequires(c, cpuCfsQuota)
 	name := "testbuildresourceconstraints"
 	buildLabel := "DockerSuite.TestBuildResourceConstraintsAreUsed"
@@ -55,16 +55,16 @@ func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *check.C) {
 
 	var c1 hostConfig
 	err := json.Unmarshal([]byte(cfg), &c1)
-	c.Assert(err, checker.IsNil, check.Commentf(cfg))
+	assert.Assert(c, err == nil, cfg)
 
-	c.Assert(c1.Memory, checker.Equals, int64(64*1024*1024), check.Commentf("resource constraints not set properly for Memory"))
-	c.Assert(c1.MemorySwap, checker.Equals, int64(-1), check.Commentf("resource constraints not set properly for MemorySwap"))
-	c.Assert(c1.CpusetCpus, checker.Equals, "0", check.Commentf("resource constraints not set properly for CpusetCpus"))
-	c.Assert(c1.CpusetMems, checker.Equals, "0", check.Commentf("resource constraints not set properly for CpusetMems"))
-	c.Assert(c1.CPUShares, checker.Equals, int64(100), check.Commentf("resource constraints not set properly for CPUShares"))
-	c.Assert(c1.CPUQuota, checker.Equals, int64(8000), check.Commentf("resource constraints not set properly for CPUQuota"))
-	c.Assert(c1.Ulimits[0].Name, checker.Equals, "nofile", check.Commentf("resource constraints not set properly for Ulimits"))
-	c.Assert(c1.Ulimits[0].Hard, checker.Equals, int64(42), check.Commentf("resource constraints not set properly for Ulimits"))
+	assert.Equal(c, c1.Memory, int64(64*1024*1024), "resource constraints not set properly for Memory")
+	assert.Equal(c, c1.MemorySwap, int64(-1), "resource constraints not set properly for MemorySwap")
+	assert.Equal(c, c1.CpusetCpus, "0", "resource constraints not set properly for CpusetCpus")
+	assert.Equal(c, c1.CpusetMems, "0", "resource constraints not set properly for CpusetMems")
+	assert.Equal(c, c1.CPUShares, int64(100), "resource constraints not set properly for CPUShares")
+	assert.Equal(c, c1.CPUQuota, int64(8000), "resource constraints not set properly for CPUQuota")
+	assert.Equal(c, c1.Ulimits[0].Name, "nofile", "resource constraints not set properly for Ulimits")
+	assert.Equal(c, c1.Ulimits[0].Hard, int64(42), "resource constraints not set properly for Ulimits")
 
 	// Make sure constraints aren't saved to image
 	cli.DockerCmd(c, "run", "--name=test", name)
@@ -73,18 +73,18 @@ func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *check.C) {
 
 	var c2 hostConfig
 	err = json.Unmarshal([]byte(cfg), &c2)
-	c.Assert(err, checker.IsNil, check.Commentf(cfg))
-
-	c.Assert(c2.Memory, check.Not(checker.Equals), int64(64*1024*1024), check.Commentf("resource leaked from build for Memory"))
-	c.Assert(c2.MemorySwap, check.Not(checker.Equals), int64(-1), check.Commentf("resource leaked from build for MemorySwap"))
-	c.Assert(c2.CpusetCpus, check.Not(checker.Equals), "0", check.Commentf("resource leaked from build for CpusetCpus"))
-	c.Assert(c2.CpusetMems, check.Not(checker.Equals), "0", check.Commentf("resource leaked from build for CpusetMems"))
-	c.Assert(c2.CPUShares, check.Not(checker.Equals), int64(100), check.Commentf("resource leaked from build for CPUShares"))
-	c.Assert(c2.CPUQuota, check.Not(checker.Equals), int64(8000), check.Commentf("resource leaked from build for CPUQuota"))
-	c.Assert(c2.Ulimits, checker.IsNil, check.Commentf("resource leaked from build for Ulimits"))
+	assert.Assert(c, err == nil, cfg)
+
+	assert.Assert(c, c2.Memory != int64(64*1024*1024), "resource leaked from build for Memory")
+	assert.Assert(c, c2.MemorySwap != int64(-1), "resource leaked from build for MemorySwap")
+	assert.Assert(c, c2.CpusetCpus != "0", "resource leaked from build for CpusetCpus")
+	assert.Assert(c, c2.CpusetMems != "0", "resource leaked from build for CpusetMems")
+	assert.Assert(c, c2.CPUShares != int64(100), "resource leaked from build for CPUShares")
+	assert.Assert(c, c2.CPUQuota != int64(8000), "resource leaked from build for CPUQuota")
+	assert.Assert(c, c2.Ulimits == nil, "resource leaked from build for Ulimits")
 }
 
-func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
+func (s *DockerSuite) TestBuildAddChangeOwnership(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildaddown"
 
@@ -95,8 +95,8 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
 			RUN [ $(stat -c %U:%G "/bar") = 'root:root' ]
 			RUN [ $(stat -c %U:%G "/bar/foo") = 'root:root' ]
 			`
-		tmpDir, err := ioutil.TempDir("", "fake-context")
-		c.Assert(err, check.IsNil)
+		tmpDir, err := os.MkdirTemp("", "fake-context")
+		assert.NilError(c, err)
 		testFile, err := os.Create(filepath.Join(tmpDir, "foo"))
 		if err != nil {
 			c.Fatalf("failed to create foo file: %v", err)
@@ -108,7 +108,7 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
 			Dir:     tmpDir,
 		}).Assert(c, icmd.Success)
 
-		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+		if err := os.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
 		return fakecontext.New(c, tmpDir)
@@ -130,14 +130,14 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
 // TODO(buildkit): this test needs to be rewritten for buildkit.
 // It has been manually tested positive. Confirmed issue: docker build output parsing.
 // Potential issue: newEventObserver uses docker events, which is not hooked up to buildkit.
-func (s *DockerSuite) TestBuildCancellationKillsSleep(c *check.C) {
+func (s *DockerSuite) TestBuildCancellationKillsSleep(c *testing.T) {
 	testRequires(c, DaemonIsLinux, TODOBuildkit)
 	name := "testbuildcancellation"
 
 	observer, err := newEventObserver(c)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	err = observer.Start()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer observer.Stop()
 
 	// (Note: one year, will never finish)
@@ -148,7 +148,7 @@ func (s *DockerSuite) TestBuildCancellationKillsSleep(c *check.C) {
 	buildCmd.Dir = ctx.Dir
 
 	stdoutBuild, err := buildCmd.StdoutPipe()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	if err := buildCmd.Start(); err != nil {
 		c.Fatalf("failed to run build: %s", err)
diff --git a/integration-cli/docker_cli_by_digest_test.go b/integration-cli/docker_cli_by_digest_test.go
index 006cf11e1a634..34552253c91d9 100644
--- a/integration-cli/docker_cli_by_digest_test.go
+++ b/integration-cli/docker_cli_by_digest_test.go
@@ -7,31 +7,30 @@ import (
 	"path/filepath"
 	"regexp"
 	"strings"
+	"testing"
 
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 var (
 	remoteRepoName  = "dockercli/busybox-by-dgst"
 	repoName        = fmt.Sprintf("%s/%s", privateRegistryURL, remoteRepoName)
-	pushDigestRegex = regexp.MustCompile("[\\S]+: digest: ([\\S]+) size: [0-9]+")
-	digestRegex     = regexp.MustCompile("Digest: ([\\S]+)")
+	pushDigestRegex = regexp.MustCompile(`[\S]+: digest: ([\S]+) size: [0-9]+`)
+	digestRegex     = regexp.MustCompile(`Digest: ([\S]+)`)
 )
 
-func setupImage(c *check.C) (digest.Digest, error) {
+func setupImage(c *testing.T) (digest.Digest, error) {
 	return setupImageWithTag(c, "latest")
 }
 
-func setupImageWithTag(c *check.C, tag string) (digest.Digest, error) {
+func setupImageWithTag(c *testing.T, tag string) (digest.Digest, error) {
 	containerName := "busyboxbydigest"
 
 	// new file is committed because this layer is used for detecting malicious
@@ -53,41 +52,41 @@ func setupImageWithTag(c *check.C, tag string) (digest.Digest, error) {
 	cli.DockerCmd(c, "rmi", repoAndTag)
 
 	matches := pushDigestRegex.FindStringSubmatch(out)
-	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from push output: %s", out))
+	assert.Equal(c, len(matches), 2, "unable to parse digest from push output: %s", out)
 	pushDigest := matches[1]
 
 	return digest.Digest(pushDigest), nil
 }
 
-func testPullByTagDisplaysDigest(c *check.C) {
+func testPullByTagDisplaysDigest(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	pushDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	// pull from the registry using the tag
 	out, _ := dockerCmd(c, "pull", repoName)
 
 	// the pull output includes "Digest: <digest>", so find that
 	matches := digestRegex.FindStringSubmatch(out)
-	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	assert.Equal(c, len(matches), 2, "unable to parse digest from push output: %s", out)
 	pullDigest := matches[1]
 
 	// make sure the pushed and pull digests match
-	c.Assert(pushDigest.String(), checker.Equals, pullDigest)
+	assert.Equal(c, pushDigest.String(), pullDigest)
 }
 
-func (s *DockerRegistrySuite) TestPullByTagDisplaysDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestPullByTagDisplaysDigest(c *testing.T) {
 	testPullByTagDisplaysDigest(c)
 }
 
-func (s *DockerSchema1RegistrySuite) TestPullByTagDisplaysDigest(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestPullByTagDisplaysDigest(c *testing.T) {
 	testPullByTagDisplaysDigest(c)
 }
 
-func testPullByDigest(c *check.C) {
+func testPullByDigest(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	pushDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	// pull from the registry using the <name>@<digest> reference
 	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
@@ -95,41 +94,41 @@ func testPullByDigest(c *check.C) {
 
 	// the pull output includes "Digest: <digest>", so find that
 	matches := digestRegex.FindStringSubmatch(out)
-	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	assert.Equal(c, len(matches), 2, "unable to parse digest from push output: %s", out)
 	pullDigest := matches[1]
 
 	// make sure the pushed and pull digests match
-	c.Assert(pushDigest.String(), checker.Equals, pullDigest)
+	assert.Equal(c, pushDigest.String(), pullDigest)
 }
 
-func (s *DockerRegistrySuite) TestPullByDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestPullByDigest(c *testing.T) {
 	testPullByDigest(c)
 }
 
-func (s *DockerSchema1RegistrySuite) TestPullByDigest(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestPullByDigest(c *testing.T) {
 	testPullByDigest(c)
 }
 
-func testPullByDigestNoFallback(c *check.C) {
+func testPullByDigestNoFallback(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// pull from the registry using the <name>@<digest> reference
 	imageReference := fmt.Sprintf("%s@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", repoName)
 	out, _, err := dockerCmdWithError("pull", imageReference)
-	c.Assert(err, checker.NotNil, check.Commentf("expected non-zero exit status and correct error message when pulling non-existing image"))
-	c.Assert(out, checker.Contains, fmt.Sprintf("manifest for %s not found", imageReference), check.Commentf("expected non-zero exit status and correct error message when pulling non-existing image"))
+	assert.Assert(c, err != nil, "expected non-zero exit status and correct error message when pulling non-existing image")
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("manifest for %s not found", imageReference)), "expected non-zero exit status and correct error message when pulling non-existing image")
 }
 
-func (s *DockerRegistrySuite) TestPullByDigestNoFallback(c *check.C) {
+func (s *DockerRegistrySuite) TestPullByDigestNoFallback(c *testing.T) {
 	testPullByDigestNoFallback(c)
 }
 
-func (s *DockerSchema1RegistrySuite) TestPullByDigestNoFallback(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestPullByDigestNoFallback(c *testing.T) {
 	testPullByDigestNoFallback(c)
 }
 
-func (s *DockerRegistrySuite) TestCreateByDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestCreateByDigest(c *testing.T) {
 	pushDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
 
@@ -137,12 +136,12 @@ func (s *DockerRegistrySuite) TestCreateByDigest(c *check.C) {
 	dockerCmd(c, "create", "--name", containerName, imageReference)
 
 	res := inspectField(c, containerName, "Config.Image")
-	c.Assert(res, checker.Equals, imageReference)
+	assert.Equal(c, res, imageReference)
 }
 
-func (s *DockerRegistrySuite) TestRunByDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestRunByDigest(c *testing.T) {
 	pushDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
 
@@ -151,16 +150,16 @@ func (s *DockerRegistrySuite) TestRunByDigest(c *check.C) {
 
 	foundRegex := regexp.MustCompile("found=([^\n]+)")
 	matches := foundRegex.FindStringSubmatch(out)
-	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
-	c.Assert(matches[1], checker.Equals, "1", check.Commentf("Expected %q, got %q", "1", matches[1]))
+	assert.Equal(c, len(matches), 2, fmt.Sprintf("unable to parse digest from pull output: %s", out))
+	assert.Equal(c, matches[1], "1", fmt.Sprintf("Expected %q, got %q", "1", matches[1]))
 
 	res := inspectField(c, containerName, "Config.Image")
-	c.Assert(res, checker.Equals, imageReference)
+	assert.Equal(c, res, imageReference)
 }
 
-func (s *DockerRegistrySuite) TestRemoveImageByDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestRemoveImageByDigest(c *testing.T) {
 	digest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
 
@@ -172,18 +171,17 @@ func (s *DockerRegistrySuite) TestRemoveImageByDigest(c *check.C) {
 
 	// do the delete
 	err = deleteImages(imageReference)
-	c.Assert(err, checker.IsNil, check.Commentf("unexpected error deleting image"))
+	assert.NilError(c, err, "unexpected error deleting image")
 
 	// try to inspect again - it should error this time
 	_, err = inspectFieldWithError(imageReference, "Id")
-	//unexpected nil err trying to inspect what should be a non-existent image
-	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "No such object")
+	// unexpected nil err trying to inspect what should be a non-existent image
+	assert.ErrorContains(c, err, "No such object")
 }
 
-func (s *DockerRegistrySuite) TestBuildByDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestBuildByDigest(c *testing.T) {
 	digest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
 
@@ -198,17 +196,17 @@ func (s *DockerRegistrySuite) TestBuildByDigest(c *check.C) {
 	buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(
 		`FROM %s
      CMD ["/bin/echo", "Hello World"]`, imageReference)))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// get the build's image id
 	res := inspectField(c, name, "Config.Image")
 	// make sure they match
-	c.Assert(res, checker.Equals, imageID)
+	assert.Equal(c, res, imageID)
 }
 
-func (s *DockerRegistrySuite) TestTagByDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestTagByDigest(c *testing.T) {
 	digest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
 
@@ -222,12 +220,12 @@ func (s *DockerRegistrySuite) TestTagByDigest(c *check.C) {
 	expectedID := inspectField(c, imageReference, "Id")
 
 	tagID := inspectField(c, tag, "Id")
-	c.Assert(tagID, checker.Equals, expectedID)
+	assert.Equal(c, tagID, expectedID)
 }
 
-func (s *DockerRegistrySuite) TestListImagesWithoutDigests(c *check.C) {
+func (s *DockerRegistrySuite) TestListImagesWithoutDigests(c *testing.T) {
 	digest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
 
@@ -235,14 +233,14 @@ func (s *DockerRegistrySuite) TestListImagesWithoutDigests(c *check.C) {
 	dockerCmd(c, "pull", imageReference)
 
 	out, _ := dockerCmd(c, "images")
-	c.Assert(out, checker.Not(checker.Contains), "DIGEST", check.Commentf("list output should not have contained DIGEST header"))
+	assert.Assert(c, !strings.Contains(out, "DIGEST"), "list output should not have contained DIGEST header")
 }
 
-func (s *DockerRegistrySuite) TestListImagesWithDigests(c *check.C) {
+func (s *DockerRegistrySuite) TestListImagesWithDigests(c *testing.T) {
 
 	// setup image1
 	digest1, err := setupImageWithTag(c, "tag1")
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 	imageReference1 := fmt.Sprintf("%s@%s", repoName, digest1)
 	c.Logf("imageReference1 = %s", imageReference1)
 
@@ -254,11 +252,10 @@ func (s *DockerRegistrySuite) TestListImagesWithDigests(c *check.C) {
 
 	// make sure repo shown, tag=<none>, digest = $digest1
 	re1 := regexp.MustCompile(`\s*` + repoName + `\s*<none>\s*` + digest1.String() + `\s`)
-	c.Assert(re1.MatchString(out), checker.True, check.Commentf("expected %q: %s", re1.String(), out))
+	assert.Assert(c, re1.MatchString(out), "expected %q: %s", re1.String(), out)
 	// setup image2
 	digest2, err := setupImageWithTag(c, "tag2")
-	//error setting up image
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err, "error setting up image")
 	imageReference2 := fmt.Sprintf("%s@%s", repoName, digest2)
 	c.Logf("imageReference2 = %s", imageReference2)
 
@@ -272,11 +269,11 @@ func (s *DockerRegistrySuite) TestListImagesWithDigests(c *check.C) {
 	out, _ = dockerCmd(c, "images", "--digests")
 
 	// make sure repo shown, tag=<none>, digest = $digest1
-	c.Assert(re1.MatchString(out), checker.True, check.Commentf("expected %q: %s", re1.String(), out))
+	assert.Assert(c, re1.MatchString(out), "expected %q: %s", re1.String(), out)
 
 	// make sure repo shown, tag=<none>, digest = $digest2
 	re2 := regexp.MustCompile(`\s*` + repoName + `\s*<none>\s*` + digest2.String() + `\s`)
-	c.Assert(re2.MatchString(out), checker.True, check.Commentf("expected %q: %s", re2.String(), out))
+	assert.Assert(c, re2.MatchString(out), "expected %q: %s", re2.String(), out)
 
 	// pull tag1
 	dockerCmd(c, "pull", repoName+":tag1")
@@ -286,9 +283,9 @@ func (s *DockerRegistrySuite) TestListImagesWithDigests(c *check.C) {
 
 	// make sure image 1 has repo, tag, <none> AND repo, <none>, digest
 	reWithDigest1 := regexp.MustCompile(`\s*` + repoName + `\s*tag1\s*` + digest1.String() + `\s`)
-	c.Assert(reWithDigest1.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest1.String(), out))
+	assert.Assert(c, reWithDigest1.MatchString(out), "expected %q: %s", reWithDigest1.String(), out)
 	// make sure image 2 has repo, <none>, digest
-	c.Assert(re2.MatchString(out), checker.True, check.Commentf("expected %q: %s", re2.String(), out))
+	assert.Assert(c, re2.MatchString(out), "expected %q: %s", re2.String(), out)
 
 	// pull tag 2
 	dockerCmd(c, "pull", repoName+":tag2")
@@ -297,28 +294,28 @@ func (s *DockerRegistrySuite) TestListImagesWithDigests(c *check.C) {
 	out, _ = dockerCmd(c, "images", "--digests")
 
 	// make sure image 1 has repo, tag, digest
-	c.Assert(reWithDigest1.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest1.String(), out))
+	assert.Assert(c, reWithDigest1.MatchString(out), "expected %q: %s", reWithDigest1.String(), out)
 
 	// make sure image 2 has repo, tag, digest
 	reWithDigest2 := regexp.MustCompile(`\s*` + repoName + `\s*tag2\s*` + digest2.String() + `\s`)
-	c.Assert(reWithDigest2.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest2.String(), out))
+	assert.Assert(c, reWithDigest2.MatchString(out), "expected %q: %s", reWithDigest2.String(), out)
 
 	// list images
 	out, _ = dockerCmd(c, "images", "--digests")
 
 	// make sure image 1 has repo, tag, digest
-	c.Assert(reWithDigest1.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest1.String(), out))
+	assert.Assert(c, reWithDigest1.MatchString(out), "expected %q: %s", reWithDigest1.String(), out)
 	// make sure image 2 has repo, tag, digest
-	c.Assert(reWithDigest2.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest2.String(), out))
+	assert.Assert(c, reWithDigest2.MatchString(out), "expected %q: %s", reWithDigest2.String(), out)
 	// make sure busybox has tag, but not digest
 	busyboxRe := regexp.MustCompile(`\s*busybox\s*latest\s*<none>\s`)
-	c.Assert(busyboxRe.MatchString(out), checker.True, check.Commentf("expected %q: %s", busyboxRe.String(), out))
+	assert.Assert(c, busyboxRe.MatchString(out), "expected %q: %s", busyboxRe.String(), out)
 }
 
-func (s *DockerRegistrySuite) TestListDanglingImagesWithDigests(c *check.C) {
+func (s *DockerRegistrySuite) TestListDanglingImagesWithDigests(c *testing.T) {
 	// setup image1
 	digest1, err := setupImageWithTag(c, "dangle1")
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 	imageReference1 := fmt.Sprintf("%s@%s", repoName, digest1)
 	c.Logf("imageReference1 = %s", imageReference1)
 
@@ -330,11 +327,11 @@ func (s *DockerRegistrySuite) TestListDanglingImagesWithDigests(c *check.C) {
 
 	// make sure repo shown, tag=<none>, digest = $digest1
 	re1 := regexp.MustCompile(`\s*` + repoName + `\s*<none>\s*` + digest1.String() + `\s`)
-	c.Assert(re1.MatchString(out), checker.True, check.Commentf("expected %q: %s", re1.String(), out))
+	assert.Assert(c, re1.MatchString(out), "expected %q: %s", re1.String(), out)
 	// setup image2
 	digest2, err := setupImageWithTag(c, "dangle2")
 	//error setting up image
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	imageReference2 := fmt.Sprintf("%s@%s", repoName, digest2)
 	c.Logf("imageReference2 = %s", imageReference2)
 
@@ -348,11 +345,11 @@ func (s *DockerRegistrySuite) TestListDanglingImagesWithDigests(c *check.C) {
 	out, _ = dockerCmd(c, "images", "--digests", "--filter=dangling=true")
 
 	// make sure repo shown, tag=<none>, digest = $digest1
-	c.Assert(re1.MatchString(out), checker.True, check.Commentf("expected %q: %s", re1.String(), out))
+	assert.Assert(c, re1.MatchString(out), "expected %q: %s", re1.String(), out)
 
 	// make sure repo shown, tag=<none>, digest = $digest2
 	re2 := regexp.MustCompile(`\s*` + repoName + `\s*<none>\s*` + digest2.String() + `\s`)
-	c.Assert(re2.MatchString(out), checker.True, check.Commentf("expected %q: %s", re2.String(), out))
+	assert.Assert(c, re2.MatchString(out), "expected %q: %s", re2.String(), out)
 
 	// pull dangle1 tag
 	dockerCmd(c, "pull", repoName+":dangle1")
@@ -362,9 +359,9 @@ func (s *DockerRegistrySuite) TestListDanglingImagesWithDigests(c *check.C) {
 
 	// make sure image 1 has repo, tag, <none> AND repo, <none>, digest
 	reWithDigest1 := regexp.MustCompile(`\s*` + repoName + `\s*dangle1\s*` + digest1.String() + `\s`)
-	c.Assert(reWithDigest1.MatchString(out), checker.False, check.Commentf("unexpected %q: %s", reWithDigest1.String(), out))
+	assert.Assert(c, !reWithDigest1.MatchString(out), "unexpected %q: %s", reWithDigest1.String(), out)
 	// make sure image 2 has repo, <none>, digest
-	c.Assert(re2.MatchString(out), checker.True, check.Commentf("expected %q: %s", re2.String(), out))
+	assert.Assert(c, re2.MatchString(out), "expected %q: %s", re2.String(), out)
 
 	// pull dangle2 tag
 	dockerCmd(c, "pull", repoName+":dangle2")
@@ -373,24 +370,24 @@ func (s *DockerRegistrySuite) TestListDanglingImagesWithDigests(c *check.C) {
 	out, _ = dockerCmd(c, "images", "--digests")
 
 	// make sure image 1 has repo, tag, digest
-	c.Assert(reWithDigest1.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest1.String(), out))
+	assert.Assert(c, reWithDigest1.MatchString(out), "expected %q: %s", reWithDigest1.String(), out)
 
 	// make sure image 2 has repo, tag, digest
 	reWithDigest2 := regexp.MustCompile(`\s*` + repoName + `\s*dangle2\s*` + digest2.String() + `\s`)
-	c.Assert(reWithDigest2.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest2.String(), out))
+	assert.Assert(c, reWithDigest2.MatchString(out), "expected %q: %s", reWithDigest2.String(), out)
 
 	// list images, no longer dangling, should not match
 	out, _ = dockerCmd(c, "images", "--digests", "--filter=dangling=true")
 
 	// make sure image 1 has repo, tag, digest
-	c.Assert(reWithDigest1.MatchString(out), checker.False, check.Commentf("unexpected %q: %s", reWithDigest1.String(), out))
+	assert.Assert(c, !reWithDigest1.MatchString(out), "unexpected %q: %s", reWithDigest1.String(), out)
 	// make sure image 2 has repo, tag, digest
-	c.Assert(reWithDigest2.MatchString(out), checker.False, check.Commentf("unexpected %q: %s", reWithDigest2.String(), out))
+	assert.Assert(c, !reWithDigest2.MatchString(out), "unexpected %q: %s", reWithDigest2.String(), out)
 }
 
-func (s *DockerRegistrySuite) TestInspectImageWithDigests(c *check.C) {
+func (s *DockerRegistrySuite) TestInspectImageWithDigests(c *testing.T) {
 	digest, err := setupImage(c)
-	c.Assert(err, check.IsNil, check.Commentf("error setting up image"))
+	assert.Assert(c, err == nil, "error setting up image")
 
 	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
 
@@ -401,17 +398,17 @@ func (s *DockerRegistrySuite) TestInspectImageWithDigests(c *check.C) {
 
 	var imageJSON []types.ImageInspect
 	err = json.Unmarshal([]byte(out), &imageJSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(imageJSON, checker.HasLen, 1)
-	c.Assert(imageJSON[0].RepoDigests, checker.HasLen, 1)
+	assert.NilError(c, err)
+	assert.Equal(c, len(imageJSON), 1)
+	assert.Equal(c, len(imageJSON[0].RepoDigests), 1)
 	assert.Check(c, is.Contains(imageJSON[0].RepoDigests, imageReference))
 }
 
-func (s *DockerRegistrySuite) TestPsListContainersFilterAncestorImageByDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestPsListContainersFilterAncestorImageByDigest(c *testing.T) {
 	existingContainers := ExistingContainerIDs(c)
 
 	digest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
 
@@ -436,17 +433,16 @@ func (s *DockerRegistrySuite) TestPsListContainersFilterAncestorImageByDigest(c
 
 	// Invalid imageReference
 	out, _ := dockerCmd(c, "ps", "-a", "-q", "--no-trunc", fmt.Sprintf("--filter=ancestor=busybox@%s", digest))
-	// Filter container for ancestor filter should be empty
-	c.Assert(strings.TrimSpace(out), checker.Equals, "")
+	assert.Equal(c, strings.TrimSpace(out), "", "Filter container for ancestor filter should be empty")
 
 	// Valid imageReference
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=ancestor="+imageReference)
 	checkPsAncestorFilterOutput(c, RemoveOutputForExistingElements(out, existingContainers), imageReference, expectedIDs)
 }
 
-func (s *DockerRegistrySuite) TestDeleteImageByIDOnlyPulledByDigest(c *check.C) {
+func (s *DockerRegistrySuite) TestDeleteImageByIDOnlyPulledByDigest(c *testing.T) {
 	pushDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	// pull from the registry using the <name>@<digest> reference
 	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
@@ -460,12 +456,12 @@ func (s *DockerRegistrySuite) TestDeleteImageByIDOnlyPulledByDigest(c *check.C)
 	dockerCmd(c, "rmi", imageID)
 
 	_, err = inspectFieldWithError(imageID, "Id")
-	c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
+	assert.ErrorContains(c, err, "", "image should have been deleted")
 }
 
-func (s *DockerRegistrySuite) TestDeleteImageWithDigestAndTag(c *check.C) {
+func (s *DockerRegistrySuite) TestDeleteImageWithDigestAndTag(c *testing.T) {
 	pushDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	// pull from the registry using the <name>@<digest> reference
 	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
@@ -487,12 +483,12 @@ func (s *DockerRegistrySuite) TestDeleteImageWithDigestAndTag(c *check.C) {
 
 	// rmi should have deleted the tag, the digest reference, and the image itself
 	_, err = inspectFieldWithError(imageID, "Id")
-	c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
+	assert.ErrorContains(c, err, "", "image should have been deleted")
 }
 
-func (s *DockerRegistrySuite) TestDeleteImageWithDigestAndMultiRepoTag(c *check.C) {
+func (s *DockerRegistrySuite) TestDeleteImageWithDigestAndMultiRepoTag(c *testing.T) {
 	pushDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	repo2 := fmt.Sprintf("%s/%s", repoName, "repo2")
 
@@ -512,32 +508,32 @@ func (s *DockerRegistrySuite) TestDeleteImageWithDigestAndMultiRepoTag(c *check.
 	// rmi should have deleted repoTag and image reference, but left repoTag2
 	inspectField(c, repoTag2, "Id")
 	_, err = inspectFieldWithError(imageReference, "Id")
-	c.Assert(err, checker.NotNil, check.Commentf("image digest reference should have been removed"))
+	assert.ErrorContains(c, err, "", "image digest reference should have been removed")
 
 	_, err = inspectFieldWithError(repoTag, "Id")
-	c.Assert(err, checker.NotNil, check.Commentf("image tag reference should have been removed"))
+	assert.ErrorContains(c, err, "", "image tag reference should have been removed")
 
 	dockerCmd(c, "rmi", repoTag2)
 
 	// rmi should have deleted the tag, the digest reference, and the image itself
 	_, err = inspectFieldWithError(imageID, "Id")
-	c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
+	assert.ErrorContains(c, err, "", "image should have been deleted")
 }
 
 // TestPullFailsWithAlteredManifest tests that a `docker pull` fails when
 // we have modified a manifest blob and its digest cannot be verified.
 // This is the schema2 version of the test.
-func (s *DockerRegistrySuite) TestPullFailsWithAlteredManifest(c *check.C) {
+func (s *DockerRegistrySuite) TestPullFailsWithAlteredManifest(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	manifestDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	// Load the target manifest blob.
 	manifestBlob := s.reg.ReadBlobContents(c, manifestDigest)
 
 	var imgManifest schema2.Manifest
 	err = json.Unmarshal(manifestBlob, &imgManifest)
-	c.Assert(err, checker.IsNil, check.Commentf("unable to decode image manifest from blob"))
+	assert.NilError(c, err, "unable to decode image manifest from blob")
 
 	// Change a layer in the manifest.
 	imgManifest.Layers[0].Digest = digest.Digest("sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
@@ -548,7 +544,7 @@ func (s *DockerRegistrySuite) TestPullFailsWithAlteredManifest(c *check.C) {
 	defer undo()
 
 	alteredManifestBlob, err := json.MarshalIndent(imgManifest, "", "   ")
-	c.Assert(err, checker.IsNil, check.Commentf("unable to encode altered image manifest to JSON"))
+	assert.NilError(c, err, "unable to encode altered image manifest to JSON")
 
 	s.reg.WriteBlobContents(c, manifestDigest, alteredManifestBlob)
 
@@ -558,26 +554,26 @@ func (s *DockerRegistrySuite) TestPullFailsWithAlteredManifest(c *check.C) {
 	// Pull from the registry using the <name>@<digest> reference.
 	imageReference := fmt.Sprintf("%s@%s", repoName, manifestDigest)
 	out, exitStatus, _ := dockerCmdWithError("pull", imageReference)
-	c.Assert(exitStatus, checker.Not(check.Equals), 0)
+	assert.Assert(c, exitStatus != 0)
 
 	expectedErrorMsg := fmt.Sprintf("manifest verification failed for digest %s", manifestDigest)
-	c.Assert(out, checker.Contains, expectedErrorMsg)
+	assert.Assert(c, is.Contains(out, expectedErrorMsg))
 }
 
 // TestPullFailsWithAlteredManifest tests that a `docker pull` fails when
 // we have modified a manifest blob and its digest cannot be verified.
 // This is the schema1 version of the test.
-func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredManifest(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredManifest(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	manifestDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.Assert(c, err == nil, "error setting up image")
 
 	// Load the target manifest blob.
 	manifestBlob := s.reg.ReadBlobContents(c, manifestDigest)
 
 	var imgManifest schema1.Manifest
 	err = json.Unmarshal(manifestBlob, &imgManifest)
-	c.Assert(err, checker.IsNil, check.Commentf("unable to decode image manifest from blob"))
+	assert.Assert(c, err == nil, "unable to decode image manifest from blob")
 
 	// Change a layer in the manifest.
 	imgManifest.FSLayers[0] = schema1.FSLayer{
@@ -590,7 +586,7 @@ func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredManifest(c *check.C
 	defer undo()
 
 	alteredManifestBlob, err := json.MarshalIndent(imgManifest, "", "   ")
-	c.Assert(err, checker.IsNil, check.Commentf("unable to encode altered image manifest to JSON"))
+	assert.Assert(c, err == nil, "unable to encode altered image manifest to JSON")
 
 	s.reg.WriteBlobContents(c, manifestDigest, alteredManifestBlob)
 
@@ -600,26 +596,26 @@ func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredManifest(c *check.C
 	// Pull from the registry using the <name>@<digest> reference.
 	imageReference := fmt.Sprintf("%s@%s", repoName, manifestDigest)
 	out, exitStatus, _ := dockerCmdWithError("pull", imageReference)
-	c.Assert(exitStatus, checker.Not(check.Equals), 0)
+	assert.Assert(c, exitStatus != 0)
 
 	expectedErrorMsg := fmt.Sprintf("image verification failed for digest %s", manifestDigest)
-	c.Assert(out, checker.Contains, expectedErrorMsg)
+	assert.Assert(c, strings.Contains(out, expectedErrorMsg))
 }
 
 // TestPullFailsWithAlteredLayer tests that a `docker pull` fails when
 // we have modified a layer blob and its digest cannot be verified.
 // This is the schema2 version of the test.
-func (s *DockerRegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
+func (s *DockerRegistrySuite) TestPullFailsWithAlteredLayer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	manifestDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil)
+	assert.Assert(c, err == nil)
 
 	// Load the target manifest blob.
 	manifestBlob := s.reg.ReadBlobContents(c, manifestDigest)
 
 	var imgManifest schema2.Manifest
 	err = json.Unmarshal(manifestBlob, &imgManifest)
-	c.Assert(err, checker.IsNil)
+	assert.Assert(c, err == nil)
 
 	// Next, get the digest of one of the layers from the manifest.
 	targetLayerDigest := imgManifest.Layers[0].Digest
@@ -643,26 +639,26 @@ func (s *DockerRegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
 	// Pull from the registry using the <name>@<digest> reference.
 	imageReference := fmt.Sprintf("%s@%s", repoName, manifestDigest)
 	out, exitStatus, _ := dockerCmdWithError("pull", imageReference)
-	c.Assert(exitStatus, checker.Not(check.Equals), 0, check.Commentf("expected a non-zero exit status"))
+	assert.Assert(c, exitStatus != 0, "expected a non-zero exit status")
 
 	expectedErrorMsg := fmt.Sprintf("filesystem layer verification failed for digest %s", targetLayerDigest)
-	c.Assert(out, checker.Contains, expectedErrorMsg, check.Commentf("expected error message in output: %s", out))
+	assert.Assert(c, strings.Contains(out, expectedErrorMsg), "expected error message in output: %s", out)
 }
 
 // TestPullFailsWithAlteredLayer tests that a `docker pull` fails when
 // we have modified a layer blob and its digest cannot be verified.
 // This is the schema1 version of the test.
-func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredLayer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	manifestDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil)
+	assert.Assert(c, err == nil)
 
 	// Load the target manifest blob.
 	manifestBlob := s.reg.ReadBlobContents(c, manifestDigest)
 
 	var imgManifest schema1.Manifest
 	err = json.Unmarshal(manifestBlob, &imgManifest)
-	c.Assert(err, checker.IsNil)
+	assert.Assert(c, err == nil)
 
 	// Next, get the digest of one of the layers from the manifest.
 	targetLayerDigest := imgManifest.FSLayers[0].BlobSum
@@ -686,8 +682,8 @@ func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
 	// Pull from the registry using the <name>@<digest> reference.
 	imageReference := fmt.Sprintf("%s@%s", repoName, manifestDigest)
 	out, exitStatus, _ := dockerCmdWithError("pull", imageReference)
-	c.Assert(exitStatus, checker.Not(check.Equals), 0, check.Commentf("expected a non-zero exit status"))
+	assert.Assert(c, exitStatus != 0, "expected a non-zero exit status")
 
 	expectedErrorMsg := fmt.Sprintf("filesystem layer verification failed for digest %s", targetLayerDigest)
-	c.Assert(out, checker.Contains, expectedErrorMsg, check.Commentf("expected error message in output: %s", out))
+	assert.Assert(c, strings.Contains(out, expectedErrorMsg), "expected error message in output: %s", out)
 }
diff --git a/integration-cli/docker_cli_commit_test.go b/integration-cli/docker_cli_commit_test.go
index d9f6e6875cee0..d5c4b8ca59f53 100644
--- a/integration-cli/docker_cli_commit_test.go
+++ b/integration-cli/docker_cli_commit_test.go
@@ -2,14 +2,16 @@ package main
 
 import (
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
-func (s *DockerSuite) TestCommitAfterContainerIsDone(c *check.C) {
+func (s *DockerSuite) TestCommitAfterContainerIsDone(c *testing.T) {
+	skip.If(c, RuntimeIsWindowsContainerd(), "FIXME: Broken on Windows + containerd combination")
 	out := cli.DockerCmd(c, "run", "-i", "-a", "stdin", "busybox", "echo", "foo").Combined()
 
 	cleanedContainerID := strings.TrimSpace(out)
@@ -23,7 +25,7 @@ func (s *DockerSuite) TestCommitAfterContainerIsDone(c *check.C) {
 	cli.DockerCmd(c, "inspect", cleanedImageID)
 }
 
-func (s *DockerSuite) TestCommitWithoutPause(c *check.C) {
+func (s *DockerSuite) TestCommitWithoutPause(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-i", "-a", "stdin", "busybox", "echo", "foo")
 
@@ -38,8 +40,8 @@ func (s *DockerSuite) TestCommitWithoutPause(c *check.C) {
 	dockerCmd(c, "inspect", cleanedImageID)
 }
 
-//test commit a paused container should not unpause it after commit
-func (s *DockerSuite) TestCommitPausedContainer(c *check.C) {
+// TestCommitPausedContainer tests that a paused container is not unpaused after being committed
+func (s *DockerSuite) TestCommitPausedContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-i", "-d", "busybox")
 
@@ -50,10 +52,10 @@ func (s *DockerSuite) TestCommitPausedContainer(c *check.C) {
 
 	out = inspectField(c, cleanedContainerID, "State.Paused")
 	// commit should not unpause a paused container
-	c.Assert(out, checker.Contains, "true")
+	assert.Assert(c, strings.Contains(out, "true"))
 }
 
-func (s *DockerSuite) TestCommitNewFile(c *check.C) {
+func (s *DockerSuite) TestCommitNewFile(c *testing.T) {
 	dockerCmd(c, "run", "--name", "committer", "busybox", "/bin/sh", "-c", "echo koye > /foo")
 
 	imageID, _ := dockerCmd(c, "commit", "committer")
@@ -61,18 +63,17 @@ func (s *DockerSuite) TestCommitNewFile(c *check.C) {
 
 	out, _ := dockerCmd(c, "run", imageID, "cat", "/foo")
 	actual := strings.TrimSpace(out)
-	c.Assert(actual, checker.Equals, "koye")
+	assert.Equal(c, actual, "koye")
 }
 
-func (s *DockerSuite) TestCommitHardlink(c *check.C) {
+func (s *DockerSuite) TestCommitHardlink(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	firstOutput, _ := dockerCmd(c, "run", "-t", "--name", "hardlinks", "busybox", "sh", "-c", "touch file1 && ln file1 file2 && ls -di file1 file2")
 
 	chunks := strings.Split(strings.TrimSpace(firstOutput), " ")
 	inode := chunks[0]
 	chunks = strings.SplitAfterN(strings.TrimSpace(firstOutput), " ", 2)
-	c.Assert(chunks[1], checker.Contains, chunks[0], check.Commentf("Failed to create hardlink in a container. Expected to find %q in %q", inode, chunks[1:]))
-
+	assert.Assert(c, strings.Contains(chunks[1], chunks[0]), "Failed to create hardlink in a container. Expected to find %q in %q", inode, chunks[1:])
 	imageID, _ := dockerCmd(c, "commit", "hardlinks", "hardlinks")
 	imageID = strings.TrimSpace(imageID)
 
@@ -81,10 +82,10 @@ func (s *DockerSuite) TestCommitHardlink(c *check.C) {
 	chunks = strings.Split(strings.TrimSpace(secondOutput), " ")
 	inode = chunks[0]
 	chunks = strings.SplitAfterN(strings.TrimSpace(secondOutput), " ", 2)
-	c.Assert(chunks[1], checker.Contains, chunks[0], check.Commentf("Failed to create hardlink in a container. Expected to find %q in %q", inode, chunks[1:]))
+	assert.Assert(c, strings.Contains(chunks[1], chunks[0]), "Failed to create hardlink in a container. Expected to find %q in %q", inode, chunks[1:])
 }
 
-func (s *DockerSuite) TestCommitTTY(c *check.C) {
+func (s *DockerSuite) TestCommitTTY(c *testing.T) {
 	dockerCmd(c, "run", "-t", "--name", "tty", "busybox", "/bin/ls")
 
 	imageID, _ := dockerCmd(c, "commit", "tty", "ttytest")
@@ -93,7 +94,7 @@ func (s *DockerSuite) TestCommitTTY(c *check.C) {
 	dockerCmd(c, "run", imageID, "/bin/ls")
 }
 
-func (s *DockerSuite) TestCommitWithHostBindMount(c *check.C) {
+func (s *DockerSuite) TestCommitWithHostBindMount(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "--name", "bind-commit", "-v", "/dev/null:/winning", "busybox", "true")
 
@@ -103,7 +104,7 @@ func (s *DockerSuite) TestCommitWithHostBindMount(c *check.C) {
 	dockerCmd(c, "run", imageID, "true")
 }
 
-func (s *DockerSuite) TestCommitChange(c *check.C) {
+func (s *DockerSuite) TestCommitChange(c *testing.T) {
 	dockerCmd(c, "run", "--name", "test", "busybox", "true")
 
 	imageID, _ := dockerCmd(c, "commit",
@@ -153,7 +154,7 @@ func (s *DockerSuite) TestCommitChange(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestCommitChangeLabels(c *check.C) {
+func (s *DockerSuite) TestCommitChangeLabels(c *testing.T) {
 	dockerCmd(c, "run", "--name", "test", "--label", "some=label", "busybox", "true")
 
 	imageID, _ := dockerCmd(c, "commit",
@@ -161,7 +162,7 @@ func (s *DockerSuite) TestCommitChangeLabels(c *check.C) {
 		"test", "test-commit")
 	imageID = strings.TrimSpace(imageID)
 
-	c.Assert(inspectField(c, imageID, "Config.Labels"), checker.Equals, "map[some:label2]")
+	assert.Equal(c, inspectField(c, imageID, "Config.Labels"), "map[some:label2]")
 	// check that container labels didn't change
-	c.Assert(inspectField(c, "test", "Config.Labels"), checker.Equals, "map[some:label]")
+	assert.Equal(c, inspectField(c, "test", "Config.Labels"), "map[some:label]")
 }
diff --git a/integration-cli/docker_cli_cp_from_container_test.go b/integration-cli/docker_cli_cp_from_container_test.go
index 499be54522d84..a35748928059d 100644
--- a/integration-cli/docker_cli_cp_from_container_test.go
+++ b/integration-cli/docker_cli_cp_from_container_test.go
@@ -3,9 +3,9 @@ package main
 import (
 	"os"
 	"path/filepath"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // Try all of the test cases from the archive package which implements the
@@ -21,7 +21,7 @@ import (
 // Check that copying from a container to a local symlink copies to the symlink
 // target and does not overwrite the local symlink itself.
 // TODO: move to docker/cli and/or integration/container/copy_test.go
-func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
+func (s *DockerSuite) TestCpFromSymlinkDestination(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
 
@@ -35,38 +35,26 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	srcPath := containerCpPath(containerID, "/file2")
 	dstPath := cpPath(tmpDir, "symlinkToFile1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, dstPath, "file1"), checker.IsNil)
-
-	// The file should have the contents of "file2" now.
-	c.Assert(fileContentEquals(c, cpPath(tmpDir, "file1"), "file2\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, dstPath, "file1"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(tmpDir, "file1"), "file2\n"), `The file should have the contents of "file2" now`)
 
 	// Next, copy a file from the container to a symlink to a directory. This
 	// should copy the file into the symlink target directory.
 	dstPath = cpPath(tmpDir, "symlinkToDir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, dstPath, "dir1"), checker.IsNil)
-
-	// The file should have the contents of "file2" now.
-	c.Assert(fileContentEquals(c, cpPath(tmpDir, "file2"), "file2\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, dstPath, "dir1"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(tmpDir, "file2"), "file2\n"), `The file should have the contents of "file2" now`)
 
 	// Next, copy a file from the container to a symlink to a file that does
 	// not exist (a broken symlink). This should create the target file with
 	// the contents of the source file.
 	dstPath = cpPath(tmpDir, "brokenSymlinkToFileX")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, dstPath, "fileX"), checker.IsNil)
-
-	// The file should have the contents of "file2" now.
-	c.Assert(fileContentEquals(c, cpPath(tmpDir, "fileX"), "file2\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, dstPath, "fileX"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(tmpDir, "fileX"), "file2\n"), `The file should have the contents of "file2" now`)
 
 	// Next, copy a directory from the container to a symlink to a local
 	// directory. This should copy the directory into the symlink target
@@ -74,13 +62,9 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	srcPath = containerCpPath(containerID, "/dir2")
 	dstPath = cpPath(tmpDir, "symlinkToDir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, dstPath, "dir1"), checker.IsNil)
-
-	// The directory should now contain a copy of "dir2".
-	c.Assert(fileContentEquals(c, cpPath(tmpDir, "dir1/dir2/file2-1"), "file2-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, dstPath, "dir1"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(tmpDir, "dir1/dir2/file2-1"), "file2-1\n"), `The directory should now contain a copy of "dir2"`)
 
 	// Next, copy a directory from the container to a symlink to a local
 	// directory that does not exist (a broken symlink). This should create
@@ -88,13 +72,9 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	// should not modify the symlink.
 	dstPath = cpPath(tmpDir, "brokenSymlinkToDirX")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, dstPath, "dirX"), checker.IsNil)
-
-	// The "dirX" directory should now be a copy of "dir2".
-	c.Assert(fileContentEquals(c, cpPath(tmpDir, "dirX/file2-1"), "file2-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, dstPath, "dirX"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(tmpDir, "dirX/file2-1"), "file2-1\n"), `The "dirX" directory should now be a copy of "dir2"`)
 }
 
 // Possibilities are reduced to the remaining 10 cases:
@@ -116,7 +96,7 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 // A. SRC specifies a file and DST (no trailing path separator) doesn't
 //    exist. This should create a file with the name DST and copy the
 //    contents of the source file into it.
-func (s *DockerSuite) TestCpFromCaseA(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseA(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -128,15 +108,14 @@ func (s *DockerSuite) TestCpFromCaseA(c *check.C) {
 	srcPath := containerCpPath(containerID, "/root/file1")
 	dstPath := cpPath(tmpDir, "itWorks.txt")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1\n"))
 }
 
 // B. SRC specifies a file and DST (with trailing path separator) doesn't
 //    exist. This should cause an error because the copy operation cannot
 //    create a directory when copying a single file.
-func (s *DockerSuite) TestCpFromCaseB(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseB(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
 
@@ -146,15 +125,14 @@ func (s *DockerSuite) TestCpFromCaseB(c *check.C) {
 	srcPath := containerCpPath(containerID, "/file1")
 	dstDir := cpPathTrailingSep(tmpDir, "testDir")
 
-	err := runDockerCp(c, srcPath, dstDir, nil)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpDirNotExist(err), checker.True, check.Commentf("expected DirNotExists error, but got %T: %s", err, err))
+	err := runDockerCp(c, srcPath, dstDir)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, isCpDirNotExist(err), "expected DirNotExists error, but got %T: %s", err, err)
 }
 
 // C. SRC specifies a file and DST exists as a file. This should overwrite
 //    the file at DST with the contents of the source file.
-func (s *DockerSuite) TestCpFromCaseC(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseC(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -169,17 +147,15 @@ func (s *DockerSuite) TestCpFromCaseC(c *check.C) {
 	dstPath := cpPath(tmpDir, "file2")
 
 	// Ensure the local file starts with different content.
-	c.Assert(fileContentEquals(c, dstPath, "file2\n"), checker.IsNil)
-
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
+	assert.NilError(c, fileContentEquals(c, dstPath, "file2\n"))
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1\n"))
 }
 
 // D. SRC specifies a file and DST exists as a directory. This should place
 //    a copy of the source file inside it using the basename from SRC. Ensure
 //    this works whether DST has a trailing path separator or not.
-func (s *DockerSuite) TestCpFromCaseD(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseD(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
 
@@ -194,32 +170,27 @@ func (s *DockerSuite) TestCpFromCaseD(c *check.C) {
 
 	// Ensure that dstPath doesn't exist.
 	_, err := os.Stat(dstPath)
-	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("did not expect dstPath %q to exist", dstPath))
-
-	c.Assert(runDockerCp(c, srcPath, dstDir, nil), checker.IsNil)
+	assert.Assert(c, os.IsNotExist(err), "did not expect dstPath %q to exist", dstPath)
 
-	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1\n"))
 
 	// Now try again but using a trailing path separator for dstDir.
 
-	// unable to remove dstDir
-	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
-
-	// unable to make dstDir
-	c.Assert(os.MkdirAll(dstDir, os.FileMode(0755)), checker.IsNil)
+	assert.NilError(c, os.RemoveAll(dstDir), "unable to remove dstDir")
+	assert.NilError(c, os.MkdirAll(dstDir, os.FileMode(0755)), "unable to make dstDir")
 
 	dstDir = cpPathTrailingSep(tmpDir, "dir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1\n"))
 }
 
 // E. SRC specifies a directory and DST does not exist. This should create a
 //    directory at DST and copy the contents of the SRC directory into the DST
 //    directory. Ensure this works whether DST has a trailing path separator or
 //    not.
-func (s *DockerSuite) TestCpFromCaseE(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseE(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
 
@@ -230,25 +201,22 @@ func (s *DockerSuite) TestCpFromCaseE(c *check.C) {
 	dstDir := cpPath(tmpDir, "testDir")
 	dstPath := filepath.Join(dstDir, "file1-1")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1-1\n"))
 
 	// Now try again but using a trailing path separator for dstDir.
 
-	// unable to remove dstDir
-	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
+	assert.NilError(c, os.RemoveAll(dstDir), "unable to remove dstDir")
 
 	dstDir = cpPathTrailingSep(tmpDir, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1-1\n"))
 }
 
 // F. SRC specifies a directory and DST exists as a file. This should cause an
 //    error as it is not possible to overwrite a file with a directory.
-func (s *DockerSuite) TestCpFromCaseF(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseF(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -262,16 +230,15 @@ func (s *DockerSuite) TestCpFromCaseF(c *check.C) {
 	srcDir := containerCpPath(containerID, "/root/dir1")
 	dstFile := cpPath(tmpDir, "file1")
 
-	err := runDockerCp(c, srcDir, dstFile, nil)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
+	err := runDockerCp(c, srcDir, dstFile)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, isCpCannotCopyDir(err), "expected ErrCannotCopyDir error, but got %T: %s", err, err)
 }
 
 // G. SRC specifies a directory and DST exists as a directory. This should copy
 //    the SRC directory and all its contents to the DST directory. Ensure this
 //    works whether DST has a trailing path separator or not.
-func (s *DockerSuite) TestCpFromCaseG(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseG(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -287,30 +254,25 @@ func (s *DockerSuite) TestCpFromCaseG(c *check.C) {
 	resultDir := filepath.Join(dstDir, "dir1")
 	dstPath := filepath.Join(resultDir, "file1-1")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1-1\n"))
 
 	// Now try again but using a trailing path separator for dstDir.
 
-	// unable to remove dstDir
-	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
-
-	// unable to make dstDir
-	c.Assert(os.MkdirAll(dstDir, os.FileMode(0755)), checker.IsNil)
+	assert.NilError(c, os.RemoveAll(dstDir), "unable to remove dstDir")
+	assert.NilError(c, os.MkdirAll(dstDir, os.FileMode(0755)), "unable to make dstDir")
 
 	dstDir = cpPathTrailingSep(tmpDir, "dir2")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1-1\n"))
 }
 
 // H. SRC specifies a directory's contents only and DST does not exist. This
 //    should create a directory at DST and copy the contents of the SRC
 //    directory (but not the directory itself) into the DST directory. Ensure
 //    this works whether DST has a trailing path separator or not.
-func (s *DockerSuite) TestCpFromCaseH(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseH(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
 
@@ -321,26 +283,23 @@ func (s *DockerSuite) TestCpFromCaseH(c *check.C) {
 	dstDir := cpPath(tmpDir, "testDir")
 	dstPath := filepath.Join(dstDir, "file1-1")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1-1\n"))
 
 	// Now try again but using a trailing path separator for dstDir.
 
-	// unable to remove resultDir
-	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
+	assert.NilError(c, os.RemoveAll(dstDir), "unable to remove resultDir")
 
 	dstDir = cpPathTrailingSep(tmpDir, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1-1\n"))
 }
 
 // I. SRC specifies a directory's contents only and DST exists as a file. This
 //    should cause an error as it is not possible to overwrite a file with a
 //    directory.
-func (s *DockerSuite) TestCpFromCaseI(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseI(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -354,17 +313,16 @@ func (s *DockerSuite) TestCpFromCaseI(c *check.C) {
 	srcDir := containerCpPathTrailingSep(containerID, "/root/dir1") + "."
 	dstFile := cpPath(tmpDir, "file1")
 
-	err := runDockerCp(c, srcDir, dstFile, nil)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
+	err := runDockerCp(c, srcDir, dstFile)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, isCpCannotCopyDir(err), "expected ErrCannotCopyDir error, but got %T: %s", err, err)
 }
 
 // J. SRC specifies a directory's contents only and DST exists as a directory.
 //    This should copy the contents of the SRC directory (but not the directory
 //    itself) into the DST directory. Ensure this works whether DST has a
 //    trailing path separator or not.
-func (s *DockerSuite) TestCpFromCaseJ(c *check.C) {
+func (s *DockerSuite) TestCpFromCaseJ(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -379,21 +337,16 @@ func (s *DockerSuite) TestCpFromCaseJ(c *check.C) {
 	dstDir := cpPath(tmpDir, "dir2")
 	dstPath := filepath.Join(dstDir, "file1-1")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1-1\n"))
 
 	// Now try again but using a trailing path separator for dstDir.
 
-	// unable to remove dstDir
-	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
-
-	// unable to make dstDir
-	c.Assert(os.MkdirAll(dstDir, os.FileMode(0755)), checker.IsNil)
+	assert.NilError(c, os.RemoveAll(dstDir), "unable to remove dstDir")
+	assert.NilError(c, os.MkdirAll(dstDir, os.FileMode(0755)), "unable to make dstDir")
 
 	dstDir = cpPathTrailingSep(tmpDir, "dir2")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, fileContentEquals(c, dstPath, "file1-1\n"))
 }
diff --git a/integration-cli/docker_cli_cp_test.go b/integration-cli/docker_cli_cp_test.go
index b2826ab922729..173cf4eee5c0f 100644
--- a/integration-cli/docker_cli_cp_test.go
+++ b/integration-cli/docker_cli_cp_test.go
@@ -3,16 +3,17 @@ package main
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
 )
 
 const (
@@ -26,35 +27,31 @@ const (
 )
 
 // Ensure that an all-local path case returns an error.
-func (s *DockerSuite) TestCpLocalOnly(c *check.C) {
-	err := runDockerCp(c, "foo", "bar", nil)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(err.Error(), checker.Contains, "must specify at least one container source")
+func (s *DockerSuite) TestCpLocalOnly(c *testing.T) {
+	err := runDockerCp(c, "foo", "bar")
+	assert.ErrorContains(c, err, "must specify at least one container source")
 }
 
 // Test for #5656
 // Check that garbage paths don't escape the container's rootfs
-func (s *DockerSuite) TestCpGarbagePath(c *check.C) {
+func (s *DockerSuite) TestCpGarbagePath(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath)
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
-
-	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
+	assert.NilError(c, os.MkdirAll(cpTestPath, os.ModeDir))
 
 	hostFile, err := os.Create(cpFullPath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer hostFile.Close()
 	defer os.RemoveAll(cpTestPathParent)
 
 	fmt.Fprintf(hostFile, "%s", cpHostContents)
 
-	tmpdir, err := ioutil.TempDir("", "docker-integration")
-	c.Assert(err, checker.IsNil)
+	tmpdir, err := os.MkdirTemp("", "docker-integration")
+	assert.NilError(c, err)
 
 	tmpname := filepath.Join(tmpdir, cpTestName)
 	defer os.RemoveAll(tmpdir)
@@ -66,37 +63,31 @@ func (s *DockerSuite) TestCpGarbagePath(c *check.C) {
 	file, _ := os.Open(tmpname)
 	defer file.Close()
 
-	test, err := ioutil.ReadAll(file)
-	c.Assert(err, checker.IsNil)
-
-	// output matched host file -- garbage path can escape container rootfs
-	c.Assert(string(test), checker.Not(checker.Equals), cpHostContents)
-
-	// output doesn't match the input for garbage path
-	c.Assert(string(test), checker.Equals, cpContainerContents)
+	test, err := io.ReadAll(file)
+	assert.NilError(c, err)
+	assert.Assert(c, string(test) != cpHostContents, "output matched host file -- garbage path can escape container rootfs")
+	assert.Assert(c, string(test) == cpContainerContents, "output doesn't match the input for garbage path")
 }
 
 // Check that relative paths are relative to the container's rootfs
-func (s *DockerSuite) TestCpRelativePath(c *check.C) {
+func (s *DockerSuite) TestCpRelativePath(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath)
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
-
-	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
+	assert.NilError(c, os.MkdirAll(cpTestPath, os.ModeDir))
 
 	hostFile, err := os.Create(cpFullPath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer hostFile.Close()
 	defer os.RemoveAll(cpTestPathParent)
 
 	fmt.Fprintf(hostFile, "%s", cpHostContents)
 
-	tmpdir, err := ioutil.TempDir("", "docker-integration")
-	c.Assert(err, checker.IsNil)
+	tmpdir, err := os.MkdirTemp("", "docker-integration")
+	assert.NilError(c, err)
 
 	tmpname := filepath.Join(tmpdir, cpTestName)
 	defer os.RemoveAll(tmpdir)
@@ -107,44 +98,38 @@ func (s *DockerSuite) TestCpRelativePath(c *check.C) {
 		// get this unix-path manipulation on windows with filepath.
 		relPath = cpFullPath[1:]
 	}
-	c.Assert(path.IsAbs(cpFullPath), checker.True, check.Commentf("path %s was assumed to be an absolute path", cpFullPath))
+	assert.Assert(c, path.IsAbs(cpFullPath), "path %s was assumed to be an absolute path", cpFullPath)
 
 	dockerCmd(c, "cp", containerID+":"+relPath, tmpdir)
 
 	file, _ := os.Open(tmpname)
 	defer file.Close()
 
-	test, err := ioutil.ReadAll(file)
-	c.Assert(err, checker.IsNil)
-
-	// output matched host file -- relative path can escape container rootfs
-	c.Assert(string(test), checker.Not(checker.Equals), cpHostContents)
-
-	// output doesn't match the input for relative path
-	c.Assert(string(test), checker.Equals, cpContainerContents)
+	test, err := io.ReadAll(file)
+	assert.NilError(c, err)
+	assert.Assert(c, string(test) != cpHostContents, "output matched host file -- relative path can escape container rootfs")
+	assert.Assert(c, string(test) == cpContainerContents, "output doesn't match the input for relative path")
 }
 
 // Check that absolute paths are relative to the container's rootfs
-func (s *DockerSuite) TestCpAbsolutePath(c *check.C) {
+func (s *DockerSuite) TestCpAbsolutePath(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath)
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
-
-	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
+	assert.NilError(c, os.MkdirAll(cpTestPath, os.ModeDir))
 
 	hostFile, err := os.Create(cpFullPath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer hostFile.Close()
 	defer os.RemoveAll(cpTestPathParent)
 
 	fmt.Fprintf(hostFile, "%s", cpHostContents)
 
-	tmpdir, err := ioutil.TempDir("", "docker-integration")
-	c.Assert(err, checker.IsNil)
+	tmpdir, err := os.MkdirTemp("", "docker-integration")
+	assert.NilError(c, err)
 
 	tmpname := filepath.Join(tmpdir, cpTestName)
 	defer os.RemoveAll(tmpdir)
@@ -156,39 +141,34 @@ func (s *DockerSuite) TestCpAbsolutePath(c *check.C) {
 	file, _ := os.Open(tmpname)
 	defer file.Close()
 
-	test, err := ioutil.ReadAll(file)
-	c.Assert(err, checker.IsNil)
-
-	// output matched host file -- absolute path can escape container rootfs
-	c.Assert(string(test), checker.Not(checker.Equals), cpHostContents)
-
-	// output doesn't match the input for absolute path
-	c.Assert(string(test), checker.Equals, cpContainerContents)
+	test, err := io.ReadAll(file)
+	assert.NilError(c, err)
+	assert.Assert(c, string(test) != cpHostContents, "output matched host file -- absolute path can escape container rootfs")
+	assert.Assert(c, string(test) == cpContainerContents, "output doesn't match the input for absolute path")
 }
 
 // Test for #5619
 // Check that absolute symlinks are still relative to the container's rootfs
-func (s *DockerSuite) TestCpAbsoluteSymlink(c *check.C) {
+func (s *DockerSuite) TestCpAbsoluteSymlink(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpFullPath+" container_path")
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
-	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+	assert.NilError(c, os.MkdirAll(cpTestPath, os.ModeDir))
 
 	hostFile, err := os.Create(cpFullPath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer hostFile.Close()
 	defer os.RemoveAll(cpTestPathParent)
 
 	fmt.Fprintf(hostFile, "%s", cpHostContents)
 
-	tmpdir, err := ioutil.TempDir("", "docker-integration")
-	c.Assert(err, checker.IsNil)
+	tmpdir, err := os.MkdirTemp("", "docker-integration")
+	assert.NilError(c, err)
 
 	tmpname := filepath.Join(tmpdir, "container_path")
 	defer os.RemoveAll(tmpdir)
@@ -199,25 +179,23 @@ func (s *DockerSuite) TestCpAbsoluteSymlink(c *check.C) {
 
 	// We should have copied a symlink *NOT* the file itself!
 	linkTarget, err := os.Readlink(tmpname)
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(linkTarget, checker.Equals, filepath.FromSlash(cpFullPath))
+	assert.NilError(c, err)
+	assert.Equal(c, linkTarget, filepath.FromSlash(cpFullPath))
 }
 
 // Check that symlinks to a directory behave as expected when copying one from
 // a container.
-func (s *DockerSuite) TestCpFromSymlinkToDirectory(c *check.C) {
+func (s *DockerSuite) TestCpFromSymlinkToDirectory(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpTestPathParent+" /dir_link")
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
-	testDir, err := ioutil.TempDir("", "test-cp-from-symlink-to-dir-")
-	c.Assert(err, checker.IsNil)
+	testDir, err := os.MkdirTemp("", "test-cp-from-symlink-to-dir-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(testDir)
 
 	// This copy command should copy the symlink, not the target, into the
@@ -226,9 +204,9 @@ func (s *DockerSuite) TestCpFromSymlinkToDirectory(c *check.C) {
 
 	expectedPath := filepath.Join(testDir, "dir_link")
 	linkTarget, err := os.Readlink(expectedPath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(linkTarget, checker.Equals, filepath.FromSlash(cpTestPathParent))
+	assert.Equal(c, linkTarget, filepath.FromSlash(cpTestPathParent))
 
 	os.Remove(expectedPath)
 
@@ -243,23 +221,22 @@ func (s *DockerSuite) TestCpFromSymlinkToDirectory(c *check.C) {
 	if err == nil {
 		out = fmt.Sprintf("target name was copied: %q - %q", stat.Mode(), stat.Name())
 	}
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 
 	// It *should* have copied the directory using the asked name "dir_link".
 	stat, err = os.Lstat(expectedPath)
-	c.Assert(err, checker.IsNil, check.Commentf("unable to stat resource at %q", expectedPath))
-
-	c.Assert(stat.IsDir(), checker.True, check.Commentf("should have copied a directory but got %q instead", stat.Mode()))
+	assert.NilError(c, err, "unable to stat resource at %q", expectedPath)
+	assert.Assert(c, stat.IsDir(), "should have copied a directory but got %q instead", stat.Mode())
 }
 
 // Check that symlinks to a directory behave as expected when copying one to a
 // container.
-func (s *DockerSuite) TestCpToSymlinkToDirectory(c *check.C) {
+func (s *DockerSuite) TestCpToSymlinkToDirectory(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
-	testRequires(c, SameHostDaemon) // Requires local volume mount bind.
+	testRequires(c, testEnv.IsLocalDaemon) // Requires local volume mount bind.
 
-	testVol, err := ioutil.TempDir("", "test-cp-to-symlink-to-dir-")
-	c.Assert(err, checker.IsNil)
+	testVol, err := os.MkdirTemp("", "test-cp-to-symlink-to-dir-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(testVol)
 
 	// Create a test container with a local volume. We will test by copying
@@ -269,26 +246,26 @@ func (s *DockerSuite) TestCpToSymlinkToDirectory(c *check.C) {
 	containerID := strings.TrimSpace(out)
 
 	// Create a temp directory to hold a test file nested in a directory.
-	testDir, err := ioutil.TempDir("", "test-cp-to-symlink-to-dir-")
-	c.Assert(err, checker.IsNil)
+	testDir, err := os.MkdirTemp("", "test-cp-to-symlink-to-dir-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(testDir)
 
 	// This file will be at "/testDir/some/path/test" and will be copied into
 	// the test volume later.
 	hostTestFilename := filepath.Join(testDir, cpFullPath)
-	c.Assert(os.MkdirAll(filepath.Dir(hostTestFilename), os.FileMode(0700)), checker.IsNil)
-	c.Assert(ioutil.WriteFile(hostTestFilename, []byte(cpHostContents), os.FileMode(0600)), checker.IsNil)
+	assert.NilError(c, os.MkdirAll(filepath.Dir(hostTestFilename), os.FileMode(0700)))
+	assert.NilError(c, os.WriteFile(hostTestFilename, []byte(cpHostContents), os.FileMode(0600)))
 
 	// Now create another temp directory to hold a symlink to the
 	// "/testDir/some" directory.
-	linkDir, err := ioutil.TempDir("", "test-cp-to-symlink-to-dir-")
-	c.Assert(err, checker.IsNil)
+	linkDir, err := os.MkdirTemp("", "test-cp-to-symlink-to-dir-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(linkDir)
 
 	// Then symlink "/linkDir/dir_link" to "/testdir/some".
 	linkTarget := filepath.Join(testDir, cpTestPathParent)
 	localLink := filepath.Join(linkDir, "dir_link")
-	c.Assert(os.Symlink(linkTarget, localLink), checker.IsNil)
+	assert.NilError(c, os.Symlink(linkTarget, localLink))
 
 	// Now copy that symlink into the test volume in the container.
 	dockerCmd(c, "cp", localLink, containerID+":/testVol")
@@ -296,9 +273,8 @@ func (s *DockerSuite) TestCpToSymlinkToDirectory(c *check.C) {
 	// This copy command should have copied the symlink *not* the target.
 	expectedPath := filepath.Join(testVol, "dir_link")
 	actualLinkTarget, err := os.Readlink(expectedPath)
-	c.Assert(err, checker.IsNil, check.Commentf("unable to read symlink at %q", expectedPath))
-
-	c.Assert(actualLinkTarget, checker.Equals, linkTarget)
+	assert.NilError(c, err, "unable to read symlink at %q", expectedPath)
+	assert.Equal(c, actualLinkTarget, linkTarget)
 
 	// Good, now remove that copied link for the next test.
 	os.Remove(expectedPath)
@@ -315,47 +291,44 @@ func (s *DockerSuite) TestCpToSymlinkToDirectory(c *check.C) {
 	if err == nil {
 		out = fmt.Sprintf("target name was copied: %q - %q", stat.Mode(), stat.Name())
 	}
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 
 	// It *should* have copied the directory using the asked name "dir_link".
 	stat, err = os.Lstat(expectedPath)
-	c.Assert(err, checker.IsNil, check.Commentf("unable to stat resource at %q", expectedPath))
-
-	c.Assert(stat.IsDir(), checker.True, check.Commentf("should have copied a directory but got %q instead", stat.Mode()))
+	assert.NilError(c, err, "unable to stat resource at %q", expectedPath)
+	assert.Assert(c, stat.IsDir(), "should have copied a directory but got %q instead", stat.Mode())
 
 	// And this directory should contain the file copied from the host at the
 	// expected location: "/testVol/dir_link/path/test"
 	expectedFilepath := filepath.Join(testVol, "dir_link/path/test")
-	fileContents, err := ioutil.ReadFile(expectedFilepath)
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(string(fileContents), checker.Equals, cpHostContents)
+	fileContents, err := os.ReadFile(expectedFilepath)
+	assert.NilError(c, err)
+	assert.Equal(c, string(fileContents), cpHostContents)
 }
 
 // Test for #5619
 // Check that symlinks which are part of the resource path are still relative to the container's rootfs
-func (s *DockerSuite) TestCpSymlinkComponent(c *check.C) {
+func (s *DockerSuite) TestCpSymlinkComponent(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpTestPath+" container_path")
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
-	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+	assert.NilError(c, os.MkdirAll(cpTestPath, os.ModeDir))
 
 	hostFile, err := os.Create(cpFullPath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer hostFile.Close()
 	defer os.RemoveAll(cpTestPathParent)
 
 	fmt.Fprintf(hostFile, "%s", cpHostContents)
 
-	tmpdir, err := ioutil.TempDir("", "docker-integration")
+	tmpdir, err := os.MkdirTemp("", "docker-integration")
 
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	tmpname := filepath.Join(tmpdir, cpTestName)
 	defer os.RemoveAll(tmpdir)
@@ -367,19 +340,15 @@ func (s *DockerSuite) TestCpSymlinkComponent(c *check.C) {
 	file, _ := os.Open(tmpname)
 	defer file.Close()
 
-	test, err := ioutil.ReadAll(file)
-	c.Assert(err, checker.IsNil)
-
-	// output matched host file -- symlink path component can escape container rootfs
-	c.Assert(string(test), checker.Not(checker.Equals), cpHostContents)
-
-	// output doesn't match the input for symlink path component
-	c.Assert(string(test), checker.Equals, cpContainerContents)
+	test, err := io.ReadAll(file)
+	assert.NilError(c, err)
+	assert.Assert(c, string(test) != cpHostContents, "output matched host file -- symlink path component can escape container rootfs")
+	assert.Equal(c, string(test), cpContainerContents, "output doesn't match the input for symlink path component")
 }
 
 // Check that cp with unprivileged user doesn't return any error
-func (s *DockerSuite) TestCpUnprivilegedUser(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestCpUnprivilegedUser(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	testRequires(c, UnixCli) // uses chmod/su: not available on windows
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "touch "+cpTestName)
@@ -387,27 +356,27 @@ func (s *DockerSuite) TestCpUnprivilegedUser(c *check.C) {
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
-	tmpdir, err := ioutil.TempDir("", "docker-integration")
-	c.Assert(err, checker.IsNil)
+	tmpdir, err := os.MkdirTemp("", "docker-integration")
+	assert.NilError(c, err)
 
 	defer os.RemoveAll(tmpdir)
 
-	c.Assert(os.Chmod(tmpdir, 0777), checker.IsNil)
+	err = os.Chmod(tmpdir, 0777)
+	assert.NilError(c, err)
 
 	result := icmd.RunCommand("su", "unprivilegeduser", "-c",
 		fmt.Sprintf("%s cp %s:%s %s", dockerBinary, containerID, cpTestName, tmpdir))
 	result.Assert(c, icmd.Expected{})
 }
 
-func (s *DockerSuite) TestCpSpecialFiles(c *check.C) {
+func (s *DockerSuite) TestCpSpecialFiles(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
-	testRequires(c, SameHostDaemon)
+	testRequires(c, testEnv.IsLocalDaemon)
 
-	outDir, err := ioutil.TempDir("", "cp-test-special-files")
-	c.Assert(err, checker.IsNil)
+	outDir, err := os.MkdirTemp("", "cp-test-special-files")
+	assert.NilError(c, err)
 	defer os.RemoveAll(outDir)
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "touch /foo")
@@ -415,197 +384,180 @@ func (s *DockerSuite) TestCpSpecialFiles(c *check.C) {
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
 	// Copy actual /etc/resolv.conf
 	dockerCmd(c, "cp", containerID+":/etc/resolv.conf", outDir)
 
 	expected := readContainerFile(c, containerID, "resolv.conf")
-	actual, err := ioutil.ReadFile(outDir + "/resolv.conf")
-	c.Assert(err, checker.IsNil)
-
-	// Expected copied file to be duplicate of the container resolvconf
-	c.Assert(bytes.Equal(actual, expected), checker.True)
+	actual, err := os.ReadFile(outDir + "/resolv.conf")
+	assert.NilError(c, err)
+	assert.Assert(c, bytes.Equal(actual, expected), "Expected copied file to be duplicate of the container resolvconf")
 
 	// Copy actual /etc/hosts
 	dockerCmd(c, "cp", containerID+":/etc/hosts", outDir)
 
 	expected = readContainerFile(c, containerID, "hosts")
-	actual, err = ioutil.ReadFile(outDir + "/hosts")
-	c.Assert(err, checker.IsNil)
-
-	// Expected copied file to be duplicate of the container hosts
-	c.Assert(bytes.Equal(actual, expected), checker.True)
+	actual, err = os.ReadFile(outDir + "/hosts")
+	assert.NilError(c, err)
+	assert.Assert(c, bytes.Equal(actual, expected), "Expected copied file to be duplicate of the container hosts")
 
 	// Copy actual /etc/resolv.conf
 	dockerCmd(c, "cp", containerID+":/etc/hostname", outDir)
 
 	expected = readContainerFile(c, containerID, "hostname")
-	actual, err = ioutil.ReadFile(outDir + "/hostname")
-	c.Assert(err, checker.IsNil)
-
-	// Expected copied file to be duplicate of the container resolvconf
-	c.Assert(bytes.Equal(actual, expected), checker.True)
+	actual, err = os.ReadFile(outDir + "/hostname")
+	assert.NilError(c, err)
+	assert.Assert(c, bytes.Equal(actual, expected), "Expected copied file to be duplicate of the container hostname")
 }
 
-func (s *DockerSuite) TestCpVolumePath(c *check.C) {
+func (s *DockerSuite) TestCpVolumePath(c *testing.T) {
 	//  stat /tmp/cp-test-volumepath851508420/test gets permission denied for the user
 	testRequires(c, NotUserNamespace)
 	testRequires(c, DaemonIsLinux)
-	testRequires(c, SameHostDaemon)
+	testRequires(c, testEnv.IsLocalDaemon)
 
-	tmpDir, err := ioutil.TempDir("", "cp-test-volumepath")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "cp-test-volumepath")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpDir)
-	outDir, err := ioutil.TempDir("", "cp-test-volumepath-out")
-	c.Assert(err, checker.IsNil)
+	outDir, err := os.MkdirTemp("", "cp-test-volumepath-out")
+	assert.NilError(c, err)
 	defer os.RemoveAll(outDir)
 	_, err = os.Create(tmpDir + "/test")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _ := dockerCmd(c, "run", "-d", "-v", "/foo", "-v", tmpDir+"/test:/test", "-v", tmpDir+":/baz", "busybox", "/bin/sh", "-c", "touch /foo/bar")
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
 	// Copy actual volume path
 	dockerCmd(c, "cp", containerID+":/foo", outDir)
 
 	stat, err := os.Stat(outDir + "/foo")
-	c.Assert(err, checker.IsNil)
-	// expected copied content to be dir
-	c.Assert(stat.IsDir(), checker.True)
+	assert.NilError(c, err)
+	assert.Assert(c, stat.IsDir(), "Expected copied content to be dir")
+
 	stat, err = os.Stat(outDir + "/foo/bar")
-	c.Assert(err, checker.IsNil)
-	// Expected file `bar` to be a file
-	c.Assert(stat.IsDir(), checker.False)
+	assert.NilError(c, err)
+	assert.Assert(c, !stat.IsDir(), "Expected file `bar` to be a file")
 
 	// Copy file nested in volume
 	dockerCmd(c, "cp", containerID+":/foo/bar", outDir)
 
 	stat, err = os.Stat(outDir + "/bar")
-	c.Assert(err, checker.IsNil)
-	// Expected file `bar` to be a file
-	c.Assert(stat.IsDir(), checker.False)
+	assert.NilError(c, err)
+	assert.Assert(c, !stat.IsDir(), "Expected file `bar` to be a file")
 
 	// Copy Bind-mounted dir
 	dockerCmd(c, "cp", containerID+":/baz", outDir)
 	stat, err = os.Stat(outDir + "/baz")
-	c.Assert(err, checker.IsNil)
-	// Expected `baz` to be a dir
-	c.Assert(stat.IsDir(), checker.True)
+	assert.NilError(c, err)
+	assert.Assert(c, stat.IsDir(), "Expected `baz` to be a dir")
 
 	// Copy file nested in bind-mounted dir
 	dockerCmd(c, "cp", containerID+":/baz/test", outDir)
-	fb, err := ioutil.ReadFile(outDir + "/baz/test")
-	c.Assert(err, checker.IsNil)
-	fb2, err := ioutil.ReadFile(tmpDir + "/test")
-	c.Assert(err, checker.IsNil)
-	// Expected copied file to be duplicate of bind-mounted file
-	c.Assert(bytes.Equal(fb, fb2), checker.True)
+	fb, err := os.ReadFile(outDir + "/baz/test")
+	assert.NilError(c, err)
+	fb2, err := os.ReadFile(tmpDir + "/test")
+	assert.NilError(c, err)
+	assert.Assert(c, bytes.Equal(fb, fb2), "Expected copied file to be duplicate of bind-mounted file")
 
 	// Copy bind-mounted file
 	dockerCmd(c, "cp", containerID+":/test", outDir)
-	fb, err = ioutil.ReadFile(outDir + "/test")
-	c.Assert(err, checker.IsNil)
-	fb2, err = ioutil.ReadFile(tmpDir + "/test")
-	c.Assert(err, checker.IsNil)
-	// Expected copied file to be duplicate of bind-mounted file
-	c.Assert(bytes.Equal(fb, fb2), checker.True)
+	fb, err = os.ReadFile(outDir + "/test")
+	assert.NilError(c, err)
+	fb2, err = os.ReadFile(tmpDir + "/test")
+	assert.NilError(c, err)
+	assert.Assert(c, bytes.Equal(fb, fb2), "Expected copied file to be duplicate of bind-mounted file")
 }
 
-func (s *DockerSuite) TestCpToDot(c *check.C) {
+func (s *DockerSuite) TestCpToDot(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "echo lololol > /test")
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
-	tmpdir, err := ioutil.TempDir("", "docker-integration")
-	c.Assert(err, checker.IsNil)
+	tmpdir, err := os.MkdirTemp("", "docker-integration")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpdir)
 	cwd, err := os.Getwd()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer os.Chdir(cwd)
-	c.Assert(os.Chdir(tmpdir), checker.IsNil)
+	err = os.Chdir(tmpdir)
+	assert.NilError(c, err)
+
 	dockerCmd(c, "cp", containerID+":/test", ".")
-	content, err := ioutil.ReadFile("./test")
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Equals, "lololol\n")
+	content, err := os.ReadFile("./test")
+	assert.NilError(c, err)
+	assert.Equal(c, string(content), "lololol\n")
 }
 
-func (s *DockerSuite) TestCpToStdout(c *check.C) {
+func (s *DockerSuite) TestCpToStdout(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "echo lololol > /test")
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
 	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "cp", containerID+":/test", "-"),
 		exec.Command("tar", "-vtf", "-"))
 
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(out, checker.Contains, "test")
-	c.Assert(out, checker.Contains, "-rw")
+	assert.NilError(c, err)
+	assert.Check(c, is.Contains(out, "test"))
+	assert.Check(c, is.Contains(out, "-rw"))
 }
 
-func (s *DockerSuite) TestCpNameHasColon(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerSuite) TestCpNameHasColon(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "echo lololol > /te:s:t")
 
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
-	tmpdir, err := ioutil.TempDir("", "docker-integration")
-	c.Assert(err, checker.IsNil)
+	tmpdir, err := os.MkdirTemp("", "docker-integration")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpdir)
 	dockerCmd(c, "cp", containerID+":/te:s:t", tmpdir)
-	content, err := ioutil.ReadFile(tmpdir + "/te:s:t")
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Equals, "lololol\n")
+	content, err := os.ReadFile(tmpdir + "/te:s:t")
+	assert.NilError(c, err)
+	assert.Equal(c, string(content), "lololol\n")
 }
 
-func (s *DockerSuite) TestCopyAndRestart(c *check.C) {
+func (s *DockerSuite) TestCopyAndRestart(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	expectedMsg := "hello"
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "echo", expectedMsg)
 	containerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", containerID)
-	// failed to set up container
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
-	tmpDir, err := ioutil.TempDir("", "test-docker-restart-after-copy-")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "test-docker-restart-after-copy-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpDir)
 
 	dockerCmd(c, "cp", fmt.Sprintf("%s:/etc/group", containerID), tmpDir)
 
 	out, _ = dockerCmd(c, "start", "-a", containerID)
-
-	c.Assert(strings.TrimSpace(out), checker.Equals, expectedMsg)
+	assert.Equal(c, strings.TrimSpace(out), expectedMsg)
 }
 
-func (s *DockerSuite) TestCopyCreatedContainer(c *check.C) {
+func (s *DockerSuite) TestCopyCreatedContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "create", "--name", "test_cp", "-v", "/test", "busybox")
 
-	tmpDir, err := ioutil.TempDir("", "test")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "test")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpDir)
 	dockerCmd(c, "cp", "test_cp:/bin/sh", tmpDir)
 }
@@ -613,24 +565,18 @@ func (s *DockerSuite) TestCopyCreatedContainer(c *check.C) {
 // test copy with option `-L`: following symbol link
 // Check that symlinks to a file behave as expected when copying one from
 // a container to host following symbol link
-func (s *DockerSuite) TestCpSymlinkFromConToHostFollowSymlink(c *check.C) {
+func (s *DockerSuite) TestCpSymlinkFromConToHostFollowSymlink(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, exitCode := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpFullPath+" /dir_link")
-	if exitCode != 0 {
-		c.Fatal("failed to create a container", out)
-	}
+	assert.Equal(c, exitCode, 0, "failed to set up container: %s", out)
 
 	cleanedContainerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "wait", cleanedContainerID)
-	if strings.TrimSpace(out) != "0" {
-		c.Fatal("failed to set up container", out)
-	}
+	assert.Equal(c, strings.TrimSpace(out), "0", "failed to set up container")
 
-	testDir, err := ioutil.TempDir("", "test-cp-symlink-container-to-host-follow-symlink")
-	if err != nil {
-		c.Fatal(err)
-	}
+	testDir, err := os.MkdirTemp("", "test-cp-symlink-container-to-host-follow-symlink")
+	assert.NilError(c, err)
 	defer os.RemoveAll(testDir)
 
 	// This copy command should copy the symlink, not the target, into the
@@ -640,13 +586,10 @@ func (s *DockerSuite) TestCpSymlinkFromConToHostFollowSymlink(c *check.C) {
 	expectedPath := filepath.Join(testDir, "dir_link")
 
 	expected := []byte(cpContainerContents)
-	actual, err := ioutil.ReadFile(expectedPath)
-	c.Assert(err, checker.IsNil)
-
-	if !bytes.Equal(actual, expected) {
-		c.Fatalf("Expected copied file to be duplicate of the container symbol link target")
-	}
+	actual, err := os.ReadFile(expectedPath)
+	assert.NilError(c, err)
 	os.Remove(expectedPath)
+	assert.Assert(c, bytes.Equal(actual, expected), "Expected copied file to be duplicate of the container symbol link target")
 
 	// now test copy symbol link to a non-existing file in host
 	expectedPath = filepath.Join(testDir, "somefile_host")
@@ -657,11 +600,8 @@ func (s *DockerSuite) TestCpSymlinkFromConToHostFollowSymlink(c *check.C) {
 
 	dockerCmd(c, "cp", "-L", cleanedContainerID+":"+"/dir_link", expectedPath)
 
-	actual, err = ioutil.ReadFile(expectedPath)
-	c.Assert(err, checker.IsNil)
-
-	if !bytes.Equal(actual, expected) {
-		c.Fatalf("Expected copied file to be duplicate of the container symbol link target")
-	}
+	actual, err = os.ReadFile(expectedPath)
+	assert.NilError(c, err)
 	defer os.Remove(expectedPath)
+	assert.Assert(c, bytes.Equal(actual, expected), "Expected copied file to be duplicate of the container symbol link target")
 }
diff --git a/integration-cli/docker_cli_cp_to_container_test.go b/integration-cli/docker_cli_cp_to_container_test.go
index 77567a3b955e9..6f28077f92f3f 100644
--- a/integration-cli/docker_cli_cp_to_container_test.go
+++ b/integration-cli/docker_cli_cp_to_container_test.go
@@ -2,9 +2,9 @@ package main
 
 import (
 	"os"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // Try all of the test cases from the archive package which implements the
@@ -19,11 +19,11 @@ import (
 
 // Check that copying from a local path to a symlink in a container copies to
 // the symlink target and does not overwrite the container symlink itself.
-func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
+func (s *DockerSuite) TestCpToSymlinkDestination(c *testing.T) {
 	//  stat /tmp/test-cp-to-symlink-destination-262430901/vol3 gets permission denied for the user
 	testRequires(c, NotUserNamespace)
 	testRequires(c, DaemonIsLinux)
-	testRequires(c, SameHostDaemon) // Requires local volume mount bind.
+	testRequires(c, testEnv.IsLocalDaemon) // Requires local volume mount bind.
 
 	testVol := getTestDir(c, "test-cp-to-symlink-destination-")
 	defer os.RemoveAll(testVol)
@@ -39,38 +39,26 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 	srcPath := cpPath(testVol, "file2")
 	dstPath := containerCpPath(containerID, "/vol2/symlinkToFile1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToFile1"), "file1"), checker.IsNil)
-
-	// The file should have the contents of "file2" now.
-	c.Assert(fileContentEquals(c, cpPath(testVol, "file1"), "file2\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "symlinkToFile1"), "file1"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(testVol, "file1"), "file2\n"), `The file should have the contents of "file2" now`)
 
 	// Next, copy a local file to a symlink to a directory in the container.
 	// This should copy the file into the symlink target directory.
 	dstPath = containerCpPath(containerID, "/vol2/symlinkToDir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), checker.IsNil)
-
-	// The file should have the contents of "file2" now.
-	c.Assert(fileContentEquals(c, cpPath(testVol, "file2"), "file2\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(testVol, "file2"), "file2\n"), `The file should have the contents of "file2"" now`)
 
 	// Next, copy a file to a symlink to a file that does not exist (a broken
 	// symlink) in the container. This should create the target file with the
 	// contents of the source file.
 	dstPath = containerCpPath(containerID, "/vol2/brokenSymlinkToFileX")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToFileX"), "fileX"), checker.IsNil)
-
-	// The file should have the contents of "file2" now.
-	c.Assert(fileContentEquals(c, cpPath(testVol, "fileX"), "file2\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToFileX"), "fileX"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(testVol, "fileX"), "file2\n"), `The file should have the contents of "file2"" now`)
 
 	// Next, copy a local directory to a symlink to a directory in the
 	// container. This should copy the directory into the symlink target
@@ -78,13 +66,9 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 	srcPath = cpPath(testVol, "/dir2")
 	dstPath = containerCpPath(containerID, "/vol2/symlinkToDir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), checker.IsNil)
-
-	// The directory should now contain a copy of "dir2".
-	c.Assert(fileContentEquals(c, cpPath(testVol, "dir1/dir2/file2-1"), "file2-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(testVol, "dir1/dir2/file2-1"), "file2-1\n"), `The directory should now contain a copy of "dir2"`)
 
 	// Next, copy a local directory to a symlink to a local directory that does
 	// not exist (a broken symlink) in the container. This should create the
@@ -92,13 +76,9 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 	// should not modify the symlink.
 	dstPath = containerCpPath(containerID, "/vol2/brokenSymlinkToDirX")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// The symlink should not have been modified.
-	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToDirX"), "dirX"), checker.IsNil)
-
-	// The "dirX" directory should now be a copy of "dir2".
-	c.Assert(fileContentEquals(c, cpPath(testVol, "dirX/file2-1"), "file2-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToDirX"), "dirX"), "The symlink should not have been modified")
+	assert.NilError(c, fileContentEquals(c, cpPath(testVol, "dirX/file2-1"), "file2-1\n"), `The "dirX" directory should now be a copy of "dir2"`)
 }
 
 // Possibilities are reduced to the remaining 10 cases:
@@ -120,7 +100,7 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 // A. SRC specifies a file and DST (no trailing path separator) doesn't
 //    exist. This should create a file with the name DST and copy the
 //    contents of the source file into it.
-func (s *DockerSuite) TestCpToCaseA(c *check.C) {
+func (s *DockerSuite) TestCpToCaseA(c *testing.T) {
 	containerID := makeTestContainer(c, testContainerOptions{
 		workDir: "/root", command: makeCatFileCommand("itWorks.txt"),
 	})
@@ -133,15 +113,14 @@ func (s *DockerSuite) TestCpToCaseA(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstPath := containerCpPath(containerID, "/root/itWorks.txt")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1\n"))
 }
 
 // B. SRC specifies a file and DST (with trailing path separator) doesn't
 //    exist. This should cause an error because the copy operation cannot
 //    create a directory when copying a single file.
-func (s *DockerSuite) TestCpToCaseB(c *check.C) {
+func (s *DockerSuite) TestCpToCaseB(c *testing.T) {
 	containerID := makeTestContainer(c, testContainerOptions{
 		command: makeCatFileCommand("testDir/file1"),
 	})
@@ -154,15 +133,14 @@ func (s *DockerSuite) TestCpToCaseB(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstDir := containerCpPathTrailingSep(containerID, "testDir")
 
-	err := runDockerCp(c, srcPath, dstDir, nil)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpDirNotExist(err), checker.True, check.Commentf("expected DirNotExists error, but got %T: %s", err, err))
+	err := runDockerCp(c, srcPath, dstDir)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, isCpDirNotExist(err), "expected DirNotExists error, but got %T: %s", err, err)
 }
 
 // C. SRC specifies a file and DST exists as a file. This should overwrite
 //    the file at DST with the contents of the source file.
-func (s *DockerSuite) TestCpToCaseC(c *check.C) {
+func (s *DockerSuite) TestCpToCaseC(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -178,18 +156,15 @@ func (s *DockerSuite) TestCpToCaseC(c *check.C) {
 	dstPath := containerCpPath(containerID, "/root/file2")
 
 	// Ensure the container's file starts with the original content.
-	c.Assert(containerStartOutputEquals(c, containerID, "file2\n"), checker.IsNil)
-
-	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
-
-	// Should now contain file1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file2\n"))
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1\n"), "Should now contain file1's contents")
 }
 
 // D. SRC specifies a file and DST exists as a directory. This should place
 //    a copy of the source file inside it using the basename from SRC. Ensure
 //    this works whether DST has a trailing path separator or not.
-func (s *DockerSuite) TestCpToCaseD(c *check.C) {
+func (s *DockerSuite) TestCpToCaseD(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true,
@@ -204,13 +179,9 @@ func (s *DockerSuite) TestCpToCaseD(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstDir := containerCpPath(containerID, "dir1")
 
-	// Ensure that dstPath doesn't exist.
-	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
-
-	c.Assert(runDockerCp(c, srcPath, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
+	assert.NilError(c, runDockerCp(c, srcPath, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1\n"), "Should now contain file1's contents")
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -222,20 +193,16 @@ func (s *DockerSuite) TestCpToCaseD(c *check.C) {
 
 	dstDir = containerCpPathTrailingSep(containerID, "dir1")
 
-	// Ensure that dstPath doesn't exist.
-	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
-
-	c.Assert(runDockerCp(c, srcPath, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
+	assert.NilError(c, runDockerCp(c, srcPath, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1\n"), "Should now contain file1's contents")
 }
 
 // E. SRC specifies a directory and DST does not exist. This should create a
 //    directory at DST and copy the contents of the SRC directory into the DST
 //    directory. Ensure this works whether DST has a trailing path separator or
 //    not.
-func (s *DockerSuite) TestCpToCaseE(c *check.C) {
+func (s *DockerSuite) TestCpToCaseE(c *testing.T) {
 	containerID := makeTestContainer(c, testContainerOptions{
 		command: makeCatFileCommand("/testDir/file1-1"),
 	})
@@ -248,10 +215,8 @@ func (s *DockerSuite) TestCpToCaseE(c *check.C) {
 	srcDir := cpPath(tmpDir, "dir1")
 	dstDir := containerCpPath(containerID, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1-1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -262,15 +227,13 @@ func (s *DockerSuite) TestCpToCaseE(c *check.C) {
 
 	dstDir = containerCpPathTrailingSep(containerID, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1-1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
 }
 
 // F. SRC specifies a directory and DST exists as a file. This should cause an
 //    error as it is not possible to overwrite a file with a directory.
-func (s *DockerSuite) TestCpToCaseF(c *check.C) {
+func (s *DockerSuite) TestCpToCaseF(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -284,16 +247,15 @@ func (s *DockerSuite) TestCpToCaseF(c *check.C) {
 	srcDir := cpPath(tmpDir, "dir1")
 	dstFile := containerCpPath(containerID, "/root/file1")
 
-	err := runDockerCp(c, srcDir, dstFile, nil)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
+	err := runDockerCp(c, srcDir, dstFile)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, isCpCannotCopyDir(err), "expected ErrCannotCopyDir error, but got %T: %s", err, err)
 }
 
 // G. SRC specifies a directory and DST exists as a directory. This should copy
 //    the SRC directory and all its contents to the DST directory. Ensure this
 //    works whether DST has a trailing path separator or not.
-func (s *DockerSuite) TestCpToCaseG(c *check.C) {
+func (s *DockerSuite) TestCpToCaseG(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -308,13 +270,9 @@ func (s *DockerSuite) TestCpToCaseG(c *check.C) {
 	srcDir := cpPath(tmpDir, "dir1")
 	dstDir := containerCpPath(containerID, "/root/dir2")
 
-	// Ensure that dstPath doesn't exist.
-	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
-
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1-1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -326,20 +284,16 @@ func (s *DockerSuite) TestCpToCaseG(c *check.C) {
 
 	dstDir = containerCpPathTrailingSep(containerID, "/dir2")
 
-	// Ensure that dstPath doesn't exist.
-	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
-
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1-1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
 }
 
 // H. SRC specifies a directory's contents only and DST does not exist. This
 //    should create a directory at DST and copy the contents of the SRC
 //    directory (but not the directory itself) into the DST directory. Ensure
 //    this works whether DST has a trailing path separator or not.
-func (s *DockerSuite) TestCpToCaseH(c *check.C) {
+func (s *DockerSuite) TestCpToCaseH(c *testing.T) {
 	containerID := makeTestContainer(c, testContainerOptions{
 		command: makeCatFileCommand("/testDir/file1-1"),
 	})
@@ -352,10 +306,8 @@ func (s *DockerSuite) TestCpToCaseH(c *check.C) {
 	srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
 	dstDir := containerCpPath(containerID, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1-1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -366,16 +318,14 @@ func (s *DockerSuite) TestCpToCaseH(c *check.C) {
 
 	dstDir = containerCpPathTrailingSep(containerID, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1-1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
 }
 
 // I. SRC specifies a directory's contents only and DST exists as a file. This
 //    should cause an error as it is not possible to overwrite a file with a
 //    directory.
-func (s *DockerSuite) TestCpToCaseI(c *check.C) {
+func (s *DockerSuite) TestCpToCaseI(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -389,17 +339,16 @@ func (s *DockerSuite) TestCpToCaseI(c *check.C) {
 	srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
 	dstFile := containerCpPath(containerID, "/root/file1")
 
-	err := runDockerCp(c, srcDir, dstFile, nil)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
+	err := runDockerCp(c, srcDir, dstFile)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, isCpCannotCopyDir(err), "expected ErrCannotCopyDir error, but got %T: %s", err, err)
 }
 
 // J. SRC specifies a directory's contents only and DST exists as a directory.
 //    This should copy the contents of the SRC directory (but not the directory
 //    itself) into the DST directory. Ensure this works whether DST has a
 //    trailing path separator or not.
-func (s *DockerSuite) TestCpToCaseJ(c *check.C) {
+func (s *DockerSuite) TestCpToCaseJ(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{
 		addContent: true, workDir: "/root",
@@ -414,13 +363,9 @@ func (s *DockerSuite) TestCpToCaseJ(c *check.C) {
 	srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
 	dstDir := containerCpPath(containerID, "/dir2")
 
-	// Ensure that dstPath doesn't exist.
-	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
-
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1-1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should've contained file1-1's contents")
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -431,18 +376,14 @@ func (s *DockerSuite) TestCpToCaseJ(c *check.C) {
 
 	dstDir = containerCpPathTrailingSep(containerID, "/dir2")
 
-	// Ensure that dstPath doesn't exist.
-	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
-
-	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
-
-	// Should now contain file1-1's contents.
-	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
+	assert.NilError(c, runDockerCp(c, srcDir, dstDir))
+	assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should've contained file1-1's contents")
 }
 
 // The `docker cp` command should also ensure that you cannot
 // write to a container rootfs that is marked as read-only.
-func (s *DockerSuite) TestCpToErrReadOnlyRootfs(c *check.C) {
+func (s *DockerSuite) TestCpToErrReadOnlyRootfs(c *testing.T) {
 	// --read-only + userns has remount issues
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	tmpDir := getTestDir(c, "test-cp-to-err-read-only-rootfs")
@@ -458,18 +399,16 @@ func (s *DockerSuite) TestCpToErrReadOnlyRootfs(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstPath := containerCpPath(containerID, "/root/shouldNotExist")
 
-	err := runDockerCp(c, srcPath, dstPath, nil)
-	c.Assert(err, checker.NotNil)
+	err := runDockerCp(c, srcPath, dstPath)
+	assert.ErrorContains(c, err, "")
 
-	c.Assert(isCpCannotCopyReadOnly(err), checker.True, check.Commentf("expected ErrContainerRootfsReadonly error, but got %T: %s", err, err))
-
-	// Ensure that dstPath doesn't exist.
-	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+	assert.Assert(c, isCpCannotCopyReadOnly(err), "expected ErrContainerRootfsReadonly error, but got %T: %s", err, err)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
 }
 
 // The `docker cp` command should also ensure that you
 // cannot write to a volume that is mounted as read-only.
-func (s *DockerSuite) TestCpToErrReadOnlyVolume(c *check.C) {
+func (s *DockerSuite) TestCpToErrReadOnlyVolume(c *testing.T) {
 	// --read-only + userns has remount issues
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	tmpDir := getTestDir(c, "test-cp-to-err-read-only-volume")
@@ -485,11 +424,9 @@ func (s *DockerSuite) TestCpToErrReadOnlyVolume(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstPath := containerCpPath(containerID, "/vol_ro/shouldNotExist")
 
-	err := runDockerCp(c, srcPath, dstPath, nil)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpCannotCopyReadOnly(err), checker.True, check.Commentf("expected ErrVolumeReadonly error, but got %T: %s", err, err))
+	err := runDockerCp(c, srcPath, dstPath)
+	assert.ErrorContains(c, err, "")
 
-	// Ensure that dstPath doesn't exist.
-	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+	assert.Assert(c, isCpCannotCopyReadOnly(err), "expected ErrVolumeReadonly error, but got %T: %s", err, err)
+	assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
 }
diff --git a/integration-cli/docker_cli_cp_to_container_unix_test.go b/integration-cli/docker_cli_cp_to_container_unix_test.go
index 8f830dcf9d002..80e668c2ec45b 100644
--- a/integration-cli/docker_cli_cp_to_container_unix_test.go
+++ b/integration-cli/docker_cli_cp_to_container_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -5,17 +6,18 @@ package main
 import (
 	"fmt"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strconv"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/system"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestCpToContainerWithPermissions(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerSuite) TestCpToContainerWithPermissions(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	tmpDir := getTestDir(c, "test-cp-to-host-with-permissions")
 	defer os.RemoveAll(tmpDir)
@@ -24,22 +26,25 @@ func (s *DockerSuite) TestCpToContainerWithPermissions(c *check.C) {
 
 	containerName := "permtest"
 
-	_, exc := dockerCmd(c, "create", "--name", containerName, "debian:jessie", "/bin/bash", "-c", "stat -c '%u %g %a' /permdirtest /permdirtest/permtest")
-	c.Assert(exc, checker.Equals, 0)
+	_, exc := dockerCmd(c, "create", "--name", containerName, "busybox", "/bin/sh", "-c", "stat -c '%u %g %a' /permdirtest /permdirtest/permtest")
+	assert.Equal(c, exc, 0)
 	defer dockerCmd(c, "rm", "-f", containerName)
 
 	srcPath := cpPath(tmpDir, "permdirtest")
 	dstPath := containerCpPath(containerName, "/")
-	c.Assert(runDockerCp(c, srcPath, dstPath, []string{"-a"}), checker.IsNil)
 
-	out, err := startContainerGetOutput(c, containerName)
-	c.Assert(err, checker.IsNil, check.Commentf("output: %v", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "2 2 700\n65534 65534 400", check.Commentf("output: %v", out))
+	args := []string{"cp", "-a", srcPath, dstPath}
+	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, args...))
+	assert.NilError(c, err, "output: %v", out)
+
+	out, err = startContainerGetOutput(c, containerName)
+	assert.NilError(c, err, "output: %v", out)
+	assert.Equal(c, strings.TrimSpace(out), "2 2 700\n65534 65534 400", "output: %v", out)
 }
 
 // Check ownership is root, both in non-userns and userns enabled modes
-func (s *DockerSuite) TestCpCheckDestOwnership(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestCpCheckDestOwnership(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	tmpVolDir := getTestDir(c, "test-cp-tmpvol")
 	containerID := makeTestContainer(c,
 		testContainerOptions{volumes: []string{fmt.Sprintf("%s:/tmpvol", tmpVolDir)}})
@@ -52,21 +57,20 @@ func (s *DockerSuite) TestCpCheckDestOwnership(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstPath := containerCpPath(containerID, "/tmpvol", "file1")
 
-	err := runDockerCp(c, srcPath, dstPath, nil)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
 
 	stat, err := system.Stat(filepath.Join(tmpVolDir, "file1"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	uid, gid, err := getRootUIDGID()
-	c.Assert(err, checker.IsNil)
-	c.Assert(stat.UID(), checker.Equals, uint32(uid), check.Commentf("Copied file not owned by container root UID"))
-	c.Assert(stat.GID(), checker.Equals, uint32(gid), check.Commentf("Copied file not owned by container root GID"))
+	assert.NilError(c, err)
+	assert.Equal(c, stat.UID(), uint32(uid), "Copied file not owned by container root UID")
+	assert.Equal(c, stat.GID(), uint32(gid), "Copied file not owned by container root GID")
 }
 
 func getRootUIDGID() (int, int, error) {
 	uidgid := strings.Split(filepath.Base(testEnv.DaemonInfo.DockerRootDir), ".")
 	if len(uidgid) == 1 {
-		//user namespace remapping is not turned on; return 0
+		// user namespace remapping is not turned on; return 0
 		return 0, 0, nil
 	}
 	uid, err := strconv.Atoi(uidgid[0])
diff --git a/integration-cli/docker_cli_cp_utils_test.go b/integration-cli/docker_cli_cp_utils_test.go
index 79a016f0c613a..4ac95f50599f0 100644
--- a/integration-cli/docker_cli_cp_utils_test.go
+++ b/integration-cli/docker_cli_cp_utils_test.go
@@ -3,16 +3,16 @@ package main
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/archive"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 type fileType uint32
@@ -92,20 +92,21 @@ func defaultMkContentCommand() string {
 	return mkFilesCommand(defaultFileData)
 }
 
-func makeTestContentInDir(c *check.C, dir string) {
+func makeTestContentInDir(c *testing.T, dir string) {
+	c.Helper()
 	for _, fd := range defaultFileData {
 		path := filepath.Join(dir, filepath.FromSlash(fd.path))
 		switch fd.filetype {
 		case ftRegular:
-			c.Assert(ioutil.WriteFile(path, []byte(fd.contents+"\n"), os.FileMode(fd.mode)), checker.IsNil)
+			assert.NilError(c, os.WriteFile(path, []byte(fd.contents+"\n"), os.FileMode(fd.mode)))
 		case ftDir:
-			c.Assert(os.Mkdir(path, os.FileMode(fd.mode)), checker.IsNil)
+			assert.NilError(c, os.Mkdir(path, os.FileMode(fd.mode)))
 		case ftSymlink:
-			c.Assert(os.Symlink(fd.contents, path), checker.IsNil)
+			assert.NilError(c, os.Symlink(fd.contents, path))
 		}
 
 		if fd.filetype != ftSymlink && runtime.GOOS != "windows" {
-			c.Assert(os.Chown(path, fd.uid, fd.gid), checker.IsNil)
+			assert.NilError(c, os.Chown(path, fd.uid, fd.gid))
 		}
 	}
 }
@@ -118,7 +119,8 @@ type testContainerOptions struct {
 	command    string
 }
 
-func makeTestContainer(c *check.C, options testContainerOptions) (containerID string) {
+func makeTestContainer(c *testing.T, options testContainerOptions) (containerID string) {
+	c.Helper()
 	if options.addContent {
 		mkContentCmd := defaultMkContentCommand()
 		if options.command == "" {
@@ -158,7 +160,7 @@ func makeTestContainer(c *check.C, options testContainerOptions) (containerID st
 	if exitCode != "0" {
 		out, _ = dockerCmd(c, "logs", containerID)
 	}
-	c.Assert(exitCode, checker.Equals, "0", check.Commentf("failed to make test container: %s", out))
+	assert.Equal(c, exitCode, "0", "failed to make test container: %s", out)
 
 	return
 }
@@ -188,25 +190,18 @@ func containerCpPathTrailingSep(containerID string, pathElements ...string) stri
 	return fmt.Sprintf("%s/", containerCpPath(containerID, pathElements...))
 }
 
-func runDockerCp(c *check.C, src, dst string, params []string) (err error) {
-	c.Logf("running `docker cp %s %s %s`", strings.Join(params, " "), src, dst)
+func runDockerCp(c *testing.T, src, dst string) error {
+	c.Helper()
 
-	args := []string{"cp"}
-
-	args = append(args, params...)
-
-	args = append(args, src, dst)
-
-	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, args...))
-	if err != nil {
-		err = fmt.Errorf("error executing `docker cp` command: %s: %s", err, out)
+	args := []string{"cp", src, dst}
+	if out, _, err := runCommandWithOutput(exec.Command(dockerBinary, args...)); err != nil {
+		return fmt.Errorf("error executing `docker cp` command: %s: %s", err, out)
 	}
-
-	return
+	return nil
 }
 
-func startContainerGetOutput(c *check.C, containerID string) (out string, err error) {
-	c.Logf("running `docker start -a %s`", containerID)
+func startContainerGetOutput(c *testing.T, containerID string) (out string, err error) {
+	c.Helper()
 
 	args := []string{"start", "-a", containerID}
 
@@ -218,12 +213,13 @@ func startContainerGetOutput(c *check.C, containerID string) (out string, err er
 	return
 }
 
-func getTestDir(c *check.C, label string) (tmpDir string) {
+func getTestDir(c *testing.T, label string) (tmpDir string) {
+	c.Helper()
 	var err error
 
-	tmpDir, err = ioutil.TempDir("", label)
+	tmpDir, err = os.MkdirTemp("", label)
 	// unable to make temporary directory
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	return
 }
@@ -240,58 +236,58 @@ func isCpCannotCopyReadOnly(err error) bool {
 	return strings.Contains(err.Error(), "marked read-only")
 }
 
-func fileContentEquals(c *check.C, filename, contents string) (err error) {
-	c.Logf("checking that file %q contains %q\n", filename, contents)
+func fileContentEquals(c *testing.T, filename, contents string) error {
+	c.Helper()
 
-	fileBytes, err := ioutil.ReadFile(filename)
+	fileBytes, err := os.ReadFile(filename)
 	if err != nil {
-		return
+		return err
 	}
 
-	expectedBytes, err := ioutil.ReadAll(strings.NewReader(contents))
+	expectedBytes, err := io.ReadAll(strings.NewReader(contents))
 	if err != nil {
-		return
+		return err
 	}
 
 	if !bytes.Equal(fileBytes, expectedBytes) {
-		err = fmt.Errorf("file content not equal - expected %q, got %q", string(expectedBytes), string(fileBytes))
+		return fmt.Errorf("file content not equal - expected %q, got %q", string(expectedBytes), string(fileBytes))
 	}
 
-	return
+	return nil
 }
 
-func symlinkTargetEquals(c *check.C, symlink, expectedTarget string) (err error) {
-	c.Logf("checking that the symlink %q points to %q\n", symlink, expectedTarget)
+func symlinkTargetEquals(c *testing.T, symlink, expectedTarget string) error {
+	c.Helper()
 
 	actualTarget, err := os.Readlink(symlink)
 	if err != nil {
-		return
+		return err
 	}
 
 	if actualTarget != expectedTarget {
-		err = fmt.Errorf("symlink target points to %q not %q", actualTarget, expectedTarget)
+		return fmt.Errorf("symlink target points to %q not %q", actualTarget, expectedTarget)
 	}
 
-	return
+	return nil
 }
 
-func containerStartOutputEquals(c *check.C, containerID, contents string) (err error) {
-	c.Logf("checking that container %q start output contains %q\n", containerID, contents)
+func containerStartOutputEquals(c *testing.T, containerID, contents string) error {
+	c.Helper()
 
 	out, err := startContainerGetOutput(c, containerID)
 	if err != nil {
-		return
+		return err
 	}
 
 	if out != contents {
-		err = fmt.Errorf("output contents not equal - expected %q, got %q", contents, out)
+		return fmt.Errorf("output contents not equal - expected %q, got %q", contents, out)
 	}
 
-	return
+	return nil
 }
 
 func defaultVolumes(tmpDir string) []string {
-	if SameHostDaemon() {
+	if testEnv.IsLocalDaemon() {
 		return []string{
 			"/vol1",
 			fmt.Sprintf("%s:/vol2", tmpDir),
diff --git a/integration-cli/docker_cli_create_test.go b/integration-cli/docker_cli_create_test.go
index cb4de73c5e94f..3b2828ada3e26 100644
--- a/integration-cli/docker_cli_create_test.go
+++ b/integration-cli/docker_cli_create_test.go
@@ -6,19 +6,19 @@ import (
 	"os"
 	"reflect"
 	"strings"
-	"time"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/docker/docker/internal/test/fakecontext"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/testutil/fakecontext"
 	"github.com/docker/go-connections/nat"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // Make sure we can create a simple container with some args
-func (s *DockerSuite) TestCreateArgs(c *check.C) {
+func (s *DockerSuite) TestCreateArgs(c *testing.T) {
 	// Intentionally clear entrypoint, as the Windows busybox image needs an entrypoint, which breaks this test
 	out, _ := dockerCmd(c, "create", "--entrypoint=", "busybox", "command", "arg1", "arg2", "arg with space", "-c", "flags")
 
@@ -27,19 +27,16 @@ func (s *DockerSuite) TestCreateArgs(c *check.C) {
 	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
 
 	var containers []struct {
-		ID      string
-		Created time.Time
-		Path    string
-		Args    []string
-		Image   string
+		Path string
+		Args []string
 	}
 
 	err := json.Unmarshal([]byte(out), &containers)
-	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
-	c.Assert(containers, checker.HasLen, 1)
+	assert.Assert(c, err == nil, "Error inspecting the container: %s", err)
+	assert.Equal(c, len(containers), 1)
 
 	cont := containers[0]
-	c.Assert(string(cont.Path), checker.Equals, "command", check.Commentf("Unexpected container path. Expected command, received: %s", cont.Path))
+	assert.Equal(c, cont.Path, "command", fmt.Sprintf("Unexpected container path. Expected command, received: %s", cont.Path))
 
 	b := false
 	expected := []string{"arg1", "arg2", "arg with space", "-c", "flags"}
@@ -56,7 +53,7 @@ func (s *DockerSuite) TestCreateArgs(c *check.C) {
 }
 
 // Make sure we can grow the container's rootfs at creation time.
-func (s *DockerSuite) TestCreateGrowRootfs(c *check.C) {
+func (s *DockerSuite) TestCreateGrowRootfs(c *testing.T) {
 	// Windows and Devicemapper support growing the rootfs
 	if testEnv.OSType != "windows" {
 		testRequires(c, Devicemapper)
@@ -66,21 +63,21 @@ func (s *DockerSuite) TestCreateGrowRootfs(c *check.C) {
 	cleanedContainerID := strings.TrimSpace(out)
 
 	inspectOut := inspectField(c, cleanedContainerID, "HostConfig.StorageOpt")
-	c.Assert(inspectOut, checker.Equals, "map[size:120G]")
+	assert.Equal(c, inspectOut, "map[size:120G]")
 }
 
 // Make sure we cannot shrink the container's rootfs at creation time.
-func (s *DockerSuite) TestCreateShrinkRootfs(c *check.C) {
+func (s *DockerSuite) TestCreateShrinkRootfs(c *testing.T) {
 	testRequires(c, Devicemapper)
 
 	// Ensure this fails because of the defaultBaseFsSize is 10G
 	out, _, err := dockerCmdWithError("create", "--storage-opt", "size=5G", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Container size cannot be smaller than")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Container size cannot be smaller than"))
 }
 
 // Make sure we can set hostconfig options too
-func (s *DockerSuite) TestCreateHostConfig(c *check.C) {
+func (s *DockerSuite) TestCreateHostConfig(c *testing.T) {
 	out, _ := dockerCmd(c, "create", "-P", "busybox", "echo")
 
 	cleanedContainerID := strings.TrimSpace(out)
@@ -94,15 +91,15 @@ func (s *DockerSuite) TestCreateHostConfig(c *check.C) {
 	}
 
 	err := json.Unmarshal([]byte(out), &containers)
-	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
-	c.Assert(containers, checker.HasLen, 1)
+	assert.Assert(c, err == nil, "Error inspecting the container: %s", err)
+	assert.Equal(c, len(containers), 1)
 
 	cont := containers[0]
-	c.Assert(cont.HostConfig, check.NotNil, check.Commentf("Expected HostConfig, got none"))
-	c.Assert(cont.HostConfig.PublishAllPorts, check.NotNil, check.Commentf("Expected PublishAllPorts, got false"))
+	assert.Assert(c, cont.HostConfig != nil, "Expected HostConfig, got none")
+	assert.Assert(c, cont.HostConfig.PublishAllPorts, "Expected PublishAllPorts, got false")
 }
 
-func (s *DockerSuite) TestCreateWithPortRange(c *check.C) {
+func (s *DockerSuite) TestCreateWithPortRange(c *testing.T) {
 	out, _ := dockerCmd(c, "create", "-p", "3300-3303:3300-3303/tcp", "busybox", "echo")
 
 	cleanedContainerID := strings.TrimSpace(out)
@@ -115,23 +112,23 @@ func (s *DockerSuite) TestCreateWithPortRange(c *check.C) {
 		}
 	}
 	err := json.Unmarshal([]byte(out), &containers)
-	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
-	c.Assert(containers, checker.HasLen, 1)
+	assert.Assert(c, err == nil, "Error inspecting the container: %s", err)
+	assert.Equal(c, len(containers), 1)
 
 	cont := containers[0]
 
-	c.Assert(cont.HostConfig, check.NotNil, check.Commentf("Expected HostConfig, got none"))
-	c.Assert(cont.HostConfig.PortBindings, checker.HasLen, 4, check.Commentf("Expected 4 ports bindings, got %d", len(cont.HostConfig.PortBindings)))
+	assert.Assert(c, cont.HostConfig != nil, "Expected HostConfig, got none")
+	assert.Equal(c, len(cont.HostConfig.PortBindings), 4, fmt.Sprintf("Expected 4 ports bindings, got %d", len(cont.HostConfig.PortBindings)))
 
 	for k, v := range cont.HostConfig.PortBindings {
-		c.Assert(v, checker.HasLen, 1, check.Commentf("Expected 1 ports binding, for the port  %s but found %s", k, v))
-		c.Assert(k.Port(), checker.Equals, v[0].HostPort, check.Commentf("Expected host port %s to match published port %s", k.Port(), v[0].HostPort))
+		assert.Equal(c, len(v), 1, fmt.Sprintf("Expected 1 ports binding, for the port  %s but found %s", k, v))
+		assert.Equal(c, k.Port(), v[0].HostPort, fmt.Sprintf("Expected host port %s to match published port %s", k.Port(), v[0].HostPort))
 
 	}
 
 }
 
-func (s *DockerSuite) TestCreateWithLargePortRange(c *check.C) {
+func (s *DockerSuite) TestCreateWithLargePortRange(c *testing.T) {
 	out, _ := dockerCmd(c, "create", "-p", "1-65535:1-65535/tcp", "busybox", "echo")
 
 	cleanedContainerID := strings.TrimSpace(out)
@@ -145,40 +142,39 @@ func (s *DockerSuite) TestCreateWithLargePortRange(c *check.C) {
 	}
 
 	err := json.Unmarshal([]byte(out), &containers)
-	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
-	c.Assert(containers, checker.HasLen, 1)
+	assert.Assert(c, err == nil, "Error inspecting the container: %s", err)
+	assert.Equal(c, len(containers), 1)
 
 	cont := containers[0]
-	c.Assert(cont.HostConfig, check.NotNil, check.Commentf("Expected HostConfig, got none"))
-	c.Assert(cont.HostConfig.PortBindings, checker.HasLen, 65535)
+	assert.Assert(c, cont.HostConfig != nil, "Expected HostConfig, got none")
+	assert.Equal(c, len(cont.HostConfig.PortBindings), 65535)
 
 	for k, v := range cont.HostConfig.PortBindings {
-		c.Assert(v, checker.HasLen, 1)
-		c.Assert(k.Port(), checker.Equals, v[0].HostPort, check.Commentf("Expected host port %s to match published port %s", k.Port(), v[0].HostPort))
+		assert.Equal(c, len(v), 1)
+		assert.Equal(c, k.Port(), v[0].HostPort, fmt.Sprintf("Expected host port %s to match published port %s", k.Port(), v[0].HostPort))
 	}
 
 }
 
 // "test123" should be printed by docker create + start
-func (s *DockerSuite) TestCreateEchoStdout(c *check.C) {
+func (s *DockerSuite) TestCreateEchoStdout(c *testing.T) {
 	out, _ := dockerCmd(c, "create", "busybox", "echo", "test123")
 
 	cleanedContainerID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "start", "-ai", cleanedContainerID)
-	c.Assert(out, checker.Equals, "test123\n", check.Commentf("container should've printed 'test123', got %q", out))
-
+	assert.Equal(c, out, "test123\n", "container should've printed 'test123', got %q", out)
 }
 
-func (s *DockerSuite) TestCreateVolumesCreated(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestCreateVolumesCreated(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 
 	name := "test_create_volume"
 	dockerCmd(c, "create", "--name", name, "-v", prefix+slash+"foo", "busybox")
 
 	dir, err := inspectMountSourceField(name, prefix+slash+"foo")
-	c.Assert(err, check.IsNil, check.Commentf("Error getting volume host path: %q", err))
+	assert.Assert(c, err == nil, "Error getting volume host path: %q", err)
 
 	if _, err := os.Stat(dir); err != nil && os.IsNotExist(err) {
 		c.Fatalf("Volume was not created")
@@ -189,7 +185,7 @@ func (s *DockerSuite) TestCreateVolumesCreated(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestCreateLabels(c *check.C) {
+func (s *DockerSuite) TestCreateLabels(c *testing.T) {
 	name := "test_create_labels"
 	expected := map[string]string{"k1": "v1", "k2": "v2"}
 	dockerCmd(c, "create", "--name", name, "-l", "k1=v1", "--label", "k2=v2", "busybox")
@@ -202,7 +198,7 @@ func (s *DockerSuite) TestCreateLabels(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestCreateLabelFromImage(c *check.C) {
+func (s *DockerSuite) TestCreateLabelFromImage(c *testing.T) {
 	imageName := "testcreatebuildlabel"
 	buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox
 		LABEL k1=v1 k2=v2`))
@@ -219,18 +215,17 @@ func (s *DockerSuite) TestCreateLabelFromImage(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestCreateHostnameWithNumber(c *check.C) {
+func (s *DockerSuite) TestCreateHostnameWithNumber(c *testing.T) {
 	image := "busybox"
 	// Busybox on Windows does not implement hostname command
 	if testEnv.OSType == "windows" {
 		image = testEnv.PlatformDefaults.BaseImage
 	}
 	out, _ := dockerCmd(c, "run", "-h", "web.0", image, "hostname")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "web.0", check.Commentf("hostname not set, expected `web.0`, got: %s", out))
-
+	assert.Equal(c, strings.TrimSpace(out), "web.0", "hostname not set, expected `web.0`, got: %s", out)
 }
 
-func (s *DockerSuite) TestCreateRM(c *check.C) {
+func (s *DockerSuite) TestCreateRM(c *testing.T) {
 	// Test to make sure we can 'rm' a new container that is in
 	// "Created" state, and has ever been run. Test "rm -f" too.
 
@@ -247,9 +242,9 @@ func (s *DockerSuite) TestCreateRM(c *check.C) {
 	dockerCmd(c, "rm", "-f", cID)
 }
 
-func (s *DockerSuite) TestCreateModeIpcContainer(c *check.C) {
+func (s *DockerSuite) TestCreateModeIpcContainer(c *testing.T) {
 	// Uses Linux specific functionality (--ipc)
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 
 	out, _ := dockerCmd(c, "create", "busybox")
 	id := strings.TrimSpace(out)
@@ -257,7 +252,7 @@ func (s *DockerSuite) TestCreateModeIpcContainer(c *check.C) {
 	dockerCmd(c, "create", fmt.Sprintf("--ipc=container:%s", id), "busybox")
 }
 
-func (s *DockerSuite) TestCreateByImageID(c *check.C) {
+func (s *DockerSuite) TestCreateByImageID(c *testing.T) {
 	imageName := "testcreatebyimageid"
 	buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox
 		MAINTAINER dockerio`))
@@ -290,16 +285,15 @@ func (s *DockerSuite) TestCreateByImageID(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestCreateStopSignal(c *check.C) {
+func (s *DockerSuite) TestCreateStopSignal(c *testing.T) {
 	name := "test_create_stop_signal"
 	dockerCmd(c, "create", "--name", name, "--stop-signal", "9", "busybox")
 
 	res := inspectFieldJSON(c, name, "Config.StopSignal")
-	c.Assert(res, checker.Contains, "9")
-
+	assert.Assert(c, strings.Contains(res, "9"))
 }
 
-func (s *DockerSuite) TestCreateWithWorkdir(c *check.C) {
+func (s *DockerSuite) TestCreateWithWorkdir(c *testing.T) {
 	name := "foo"
 
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
@@ -309,30 +303,39 @@ func (s *DockerSuite) TestCreateWithWorkdir(c *check.C) {
 	// Windows does not create the workdir until the container is started
 	if testEnv.OSType == "windows" {
 		dockerCmd(c, "start", name)
+		if IsolationIsHyperv() {
+			// Hyper-V isolated containers do not allow file-operations on a
+			// running container. This test currently uses `docker cp` to verify
+			// that the WORKDIR was automatically created, which cannot be done
+			// while the container is running.
+			dockerCmd(c, "stop", name)
+		}
 	}
+	// TODO: rewrite this test to not use `docker cp` for verifying that the WORKDIR was created
 	dockerCmd(c, "cp", fmt.Sprintf("%s:%s", name, dir), prefix+slash+"tmp")
 }
 
-func (s *DockerSuite) TestCreateWithInvalidLogOpts(c *check.C) {
+func (s *DockerSuite) TestCreateWithInvalidLogOpts(c *testing.T) {
 	name := "test-invalidate-log-opts"
 	out, _, err := dockerCmdWithError("create", "--name", name, "--log-opt", "invalid=true", "busybox")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "unknown log opt")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "unknown log opt"))
+	assert.Assert(c, is.Contains(out, "unknown log opt"))
 
 	out, _ = dockerCmd(c, "ps", "-a")
-	c.Assert(out, checker.Not(checker.Contains), name)
+	assert.Assert(c, !strings.Contains(out, name))
 }
 
 // #20972
-func (s *DockerSuite) TestCreate64ByteHexID(c *check.C) {
+func (s *DockerSuite) TestCreate64ByteHexID(c *testing.T) {
 	out := inspectField(c, "busybox", "Id")
-	imageID := strings.TrimPrefix(strings.TrimSpace(string(out)), "sha256:")
+	imageID := strings.TrimPrefix(strings.TrimSpace(out), "sha256:")
 
 	dockerCmd(c, "create", imageID)
 }
 
 // Test case for #23498
-func (s *DockerSuite) TestCreateUnsetEntrypoint(c *check.C) {
+func (s *DockerSuite) TestCreateUnsetEntrypoint(c *testing.T) {
 	name := "test-entrypoint"
 	dockerfile := `FROM busybox
 ADD entrypoint.sh /entrypoint.sh
@@ -353,22 +356,21 @@ exec "$@"`,
 
 	out := cli.DockerCmd(c, "create", "--entrypoint=", name, "echo", "foo").Combined()
 	id := strings.TrimSpace(out)
-	c.Assert(id, check.Not(check.Equals), "")
+	assert.Assert(c, id != "")
 	out = cli.DockerCmd(c, "start", "-a", id).Combined()
-	c.Assert(strings.TrimSpace(out), check.Equals, "foo")
+	assert.Equal(c, strings.TrimSpace(out), "foo")
 }
 
 // #22471
-func (s *DockerSuite) TestCreateStopTimeout(c *check.C) {
+func (s *DockerSuite) TestCreateStopTimeout(c *testing.T) {
 	name1 := "test_create_stop_timeout_1"
 	dockerCmd(c, "create", "--name", name1, "--stop-timeout", "15", "busybox")
 
 	res := inspectFieldJSON(c, name1, "Config.StopTimeout")
-	c.Assert(res, checker.Contains, "15")
-
+	assert.Assert(c, strings.Contains(res, "15"))
 	name2 := "test_create_stop_timeout_2"
 	dockerCmd(c, "create", "--name", name2, "busybox")
 
 	res = inspectFieldJSON(c, name2, "Config.StopTimeout")
-	c.Assert(res, checker.Contains, "null")
+	assert.Assert(c, strings.Contains(res, "null"))
 }
diff --git a/integration-cli/docker_cli_daemon_plugins_test.go b/integration-cli/docker_cli_daemon_plugins_test.go
index 9a11c68089302..55695b455a063 100644
--- a/integration-cli/docker_cli_daemon_plugins_test.go
+++ b/integration-cli/docker_cli_daemon_plugins_test.go
@@ -1,19 +1,19 @@
+//go:build linux
 // +build linux
 
 package main
 
 import (
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/pkg/mount"
-	"github.com/go-check/check"
 	"golang.org/x/sys/unix"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
 // TestDaemonRestartWithPluginEnabled tests state restore for an enabled plugin
-func (s *DockerDaemonSuite) TestDaemonRestartWithPluginEnabled(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithPluginEnabled(c *testing.T) {
 	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c)
@@ -37,12 +37,12 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPluginEnabled(c *check.C) {
 	if err != nil {
 		c.Fatalf("Could not list plugins: %v %s", err, out)
 	}
-	c.Assert(out, checker.Contains, pName)
-	c.Assert(out, checker.Contains, "true")
+	assert.Assert(c, strings.Contains(out, pName))
+	assert.Assert(c, strings.Contains(out, "true"))
 }
 
 // TestDaemonRestartWithPluginDisabled tests state restore for a disabled plugin
-func (s *DockerDaemonSuite) TestDaemonRestartWithPluginDisabled(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithPluginDisabled(c *testing.T) {
 	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c)
@@ -63,13 +63,13 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPluginDisabled(c *check.C) {
 	if err != nil {
 		c.Fatalf("Could not list plugins: %v %s", err, out)
 	}
-	c.Assert(out, checker.Contains, pName)
-	c.Assert(out, checker.Contains, "false")
+	assert.Assert(c, strings.Contains(out, pName))
+	assert.Assert(c, strings.Contains(out, "false"))
 }
 
 // TestDaemonKillLiveRestoreWithPlugins SIGKILLs daemon started with --live-restore.
 // Plugins should continue to run.
-func (s *DockerDaemonSuite) TestDaemonKillLiveRestoreWithPlugins(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonKillLiveRestoreWithPlugins(c *testing.T) {
 	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c, "--live-restore")
@@ -95,7 +95,7 @@ func (s *DockerDaemonSuite) TestDaemonKillLiveRestoreWithPlugins(c *check.C) {
 
 // TestDaemonShutdownLiveRestoreWithPlugins SIGTERMs daemon started with --live-restore.
 // Plugins should continue to run.
-func (s *DockerDaemonSuite) TestDaemonShutdownLiveRestoreWithPlugins(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonShutdownLiveRestoreWithPlugins(c *testing.T) {
 	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c, "--live-restore")
@@ -120,8 +120,8 @@ func (s *DockerDaemonSuite) TestDaemonShutdownLiveRestoreWithPlugins(c *check.C)
 }
 
 // TestDaemonShutdownWithPlugins shuts down running plugins.
-func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *check.C) {
-	testRequires(c, IsAmd64, Network, SameHostDaemon)
+func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *testing.T) {
+	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c)
 	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
@@ -158,8 +158,8 @@ func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *check.C) {
 }
 
 // TestDaemonKillWithPlugins leaves plugins running.
-func (s *DockerDaemonSuite) TestDaemonKillWithPlugins(c *check.C) {
-	testRequires(c, IsAmd64, Network, SameHostDaemon)
+func (s *DockerDaemonSuite) TestDaemonKillWithPlugins(c *testing.T) {
+	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c)
 	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
@@ -185,7 +185,7 @@ func (s *DockerDaemonSuite) TestDaemonKillWithPlugins(c *check.C) {
 }
 
 // TestVolumePlugin tests volume creation using a plugin.
-func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
+func (s *DockerDaemonSuite) TestVolumePlugin(c *testing.T) {
 	testRequires(c, IsAmd64, Network)
 
 	volName := "plugin-volume"
@@ -221,64 +221,51 @@ func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
 	if err != nil {
 		c.Fatalf("Could not list volume: %v %s", err, out)
 	}
-	c.Assert(out, checker.Contains, volName)
-	c.Assert(out, checker.Contains, pName)
+	assert.Assert(c, strings.Contains(out, volName))
+	assert.Assert(c, strings.Contains(out, pName))
 
 	out, err = s.d.Cmd("run", "--rm", "-v", volName+":"+destDir, "busybox", "touch", destDir+destFile)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("run", "--rm", "-v", volName+":"+destDir, "busybox", "ls", destDir+destFile)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerDaemonSuite) TestPluginVolumeRemoveOnRestart(c *check.C) {
-	testRequires(c, DaemonIsLinux, Network, IsAmd64)
+func (s *DockerDaemonSuite) TestPluginVolumeRemoveOnRestart(c *testing.T) {
+	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c, "--live-restore=true")
 
 	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, pName))
 
 	out, err = s.d.Cmd("volume", "create", "--driver", pName, "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	s.d.Restart(c, "--live-restore=true")
 
 	out, err = s.d.Cmd("plugin", "disable", pName)
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "in use")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "in use"))
 
 	out, err = s.d.Cmd("volume", "rm", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("plugin", "disable", pName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("plugin", "rm", pName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-}
-
-func existsMountpointWithPrefix(mountpointPrefix string) (bool, error) {
-	mounts, err := mount.GetMounts(nil)
-	if err != nil {
-		return false, err
-	}
-	for _, mnt := range mounts {
-		if strings.HasPrefix(mnt.Mountpoint, mountpointPrefix) {
-			return true, nil
-		}
-	}
-	return false, nil
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerDaemonSuite) TestPluginListFilterEnabled(c *check.C) {
+func (s *DockerDaemonSuite) TestPluginListFilterEnabled(c *testing.T) {
 	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c)
 
 	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pNameWithTag, "--disable")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	defer func() {
 		if out, err := s.d.Cmd("plugin", "remove", pNameWithTag); err != nil {
@@ -287,26 +274,26 @@ func (s *DockerDaemonSuite) TestPluginListFilterEnabled(c *check.C) {
 	}()
 
 	out, err = s.d.Cmd("plugin", "ls", "--filter", "enabled=true")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), pName)
+	assert.NilError(c, err, out)
+	assert.Assert(c, !strings.Contains(out, pName))
 
 	out, err = s.d.Cmd("plugin", "ls", "--filter", "enabled=false")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, pName)
-	c.Assert(out, checker.Contains, "false")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, pName))
+	assert.Assert(c, strings.Contains(out, "false"))
 
 	out, err = s.d.Cmd("plugin", "ls")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, pName)
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, pName))
 }
 
-func (s *DockerDaemonSuite) TestPluginListFilterCapability(c *check.C) {
+func (s *DockerDaemonSuite) TestPluginListFilterCapability(c *testing.T) {
 	testRequires(c, IsAmd64, Network)
 
 	s.d.Start(c)
 
 	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pNameWithTag, "--disable")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	defer func() {
 		if out, err := s.d.Cmd("plugin", "remove", pNameWithTag); err != nil {
@@ -315,14 +302,14 @@ func (s *DockerDaemonSuite) TestPluginListFilterCapability(c *check.C) {
 	}()
 
 	out, err = s.d.Cmd("plugin", "ls", "--filter", "capability=volumedriver")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, pName)
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, pName))
 
 	out, err = s.d.Cmd("plugin", "ls", "--filter", "capability=authz")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), pName)
+	assert.NilError(c, err, out)
+	assert.Assert(c, !strings.Contains(out, pName))
 
 	out, err = s.d.Cmd("plugin", "ls")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, pName)
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, pName))
 }
diff --git a/integration-cli/docker_cli_daemon_test.go b/integration-cli/docker_cli_daemon_test.go
index 986cc2753031d..cf1cdac245ef8 100644
--- a/integration-cli/docker_cli_daemon_test.go
+++ b/integration-cli/docker_cli_daemon_test.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package main
@@ -11,7 +12,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@@ -21,43 +21,41 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"testing"
 	"time"
 
 	"github.com/cloudflare/cfssl/helpers"
-	"github.com/docker/docker/api"
+	"github.com/creack/pty"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/client"
-	moby_daemon "github.com/docker/docker/daemon"
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/integration-cli/daemon"
-	testdaemon "github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/libnetwork/iptables"
 	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/mount"
-	"github.com/docker/go-units"
-	"github.com/docker/libnetwork/iptables"
+	testdaemon "github.com/docker/docker/testutil/daemon"
+	units "github.com/docker/go-units"
 	"github.com/docker/libtrust"
-	"github.com/go-check/check"
-	"github.com/kr/pty"
+	"github.com/moby/sys/mount"
 	"golang.org/x/sys/unix"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
 const containerdSocket = "/var/run/docker/containerd/containerd.sock"
 
 // TestLegacyDaemonCommand test starting docker daemon using "deprecated" docker daemon
 // command. Remove this test when we remove this.
-func (s *DockerDaemonSuite) TestLegacyDaemonCommand(c *check.C) {
+func (s *DockerDaemonSuite) TestLegacyDaemonCommand(c *testing.T) {
 	cmd := exec.Command(dockerBinary, "daemon", "--storage-driver=vfs", "--debug")
 	err := cmd.Start()
 	go cmd.Wait()
-	c.Assert(err, checker.IsNil, check.Commentf("could not start daemon using 'docker daemon'"))
-
-	c.Assert(cmd.Process.Kill(), checker.IsNil)
+	assert.NilError(c, err, "could not start daemon using 'docker daemon'")
+	assert.NilError(c, cmd.Process.Kill())
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithRunningContainersPorts(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithRunningContainersPorts(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	cli.Docker(
@@ -91,7 +89,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithRunningContainersPorts(c *check
 	testRun(map[string]bool{"top1": true, "top2": false}, "After daemon restart: ")
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithVolumesRefs(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithVolumesRefs(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	if out, err := s.d.Cmd("run", "--name", "volrestarttest1", "-v", "/foo", "busybox"); err != nil {
@@ -109,7 +107,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithVolumesRefs(c *check.C) {
 	}
 
 	out, err := s.d.Cmd("inspect", "-f", "{{json .Mounts}}", "volrestarttest1")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	if _, err := inspectMountPointJSON(out, "/foo"); err != nil {
 		c.Fatalf("Expected volume to exist: /foo, error: %v\n", err)
@@ -117,100 +115,109 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithVolumesRefs(c *check.C) {
 }
 
 // #11008
-func (s *DockerDaemonSuite) TestDaemonRestartUnlessStopped(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartUnlessStopped(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name", "top1", "--restart", "always", "busybox:latest", "top")
-	c.Assert(err, check.IsNil, check.Commentf("run top1: %v", out))
+	assert.NilError(c, err, "run top1: %v", out)
 
 	out, err = s.d.Cmd("run", "-d", "--name", "top2", "--restart", "unless-stopped", "busybox:latest", "top")
-	c.Assert(err, check.IsNil, check.Commentf("run top2: %v", out))
+	assert.NilError(c, err, "run top2: %v", out)
+
+	out, err = s.d.Cmd("run", "-d", "--name", "exit", "--restart", "unless-stopped", "busybox:latest", "false")
+	assert.NilError(c, err, "run exit: %v", out)
 
 	testRun := func(m map[string]bool, prefix string) {
 		var format string
 		for name, shouldRun := range m {
 			out, err := s.d.Cmd("ps")
-			c.Assert(err, check.IsNil, check.Commentf("run ps: %v", out))
+			assert.Assert(c, err == nil, "run ps: %v", out)
 			if shouldRun {
 				format = "%scontainer %q is not running"
 			} else {
 				format = "%scontainer %q is running"
 			}
-			c.Assert(strings.Contains(out, name), check.Equals, shouldRun, check.Commentf(format, prefix, name))
+			assert.Equal(c, strings.Contains(out, name), shouldRun, fmt.Sprintf(format, prefix, name))
 		}
 	}
 
 	// both running
-	testRun(map[string]bool{"top1": true, "top2": true}, "")
+	testRun(map[string]bool{"top1": true, "top2": true, "exit": true}, "")
+
+	out, err = s.d.Cmd("stop", "exit")
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("stop", "top1")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("stop", "top2")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// both stopped
-	testRun(map[string]bool{"top1": false, "top2": false}, "")
+	testRun(map[string]bool{"top1": false, "top2": false, "exit": false}, "")
 
 	s.d.Restart(c)
 
 	// restart=always running
-	testRun(map[string]bool{"top1": true, "top2": false}, "After daemon restart: ")
+	testRun(map[string]bool{"top1": true, "top2": false, "exit": false}, "After daemon restart: ")
 
 	out, err = s.d.Cmd("start", "top2")
-	c.Assert(err, check.IsNil, check.Commentf("start top2: %v", out))
+	assert.NilError(c, err, "start top2: %v", out)
+
+	out, err = s.d.Cmd("start", "exit")
+	assert.NilError(c, err, "start exit: %v", out)
 
 	s.d.Restart(c)
 
 	// both running
-	testRun(map[string]bool{"top1": true, "top2": true}, "After second daemon restart: ")
+	testRun(map[string]bool{"top1": true, "top2": true, "exit": true}, "After second daemon restart: ")
 
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartOnFailure(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartOnFailure(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name", "test1", "--restart", "on-failure:3", "busybox:latest", "false")
-	c.Assert(err, check.IsNil, check.Commentf("run top1: %v", out))
+	assert.NilError(c, err, "run top1: %v", out)
 
 	// wait test1 to stop
 	hostArgs := []string{"--host", s.d.Sock()}
 	err = waitInspectWithArgs("test1", "{{.State.Running}} {{.State.Restarting}}", "false false", 10*time.Second, hostArgs...)
-	c.Assert(err, checker.IsNil, check.Commentf("test1 should exit but not"))
+	assert.NilError(c, err, "test1 should exit but not")
 
 	// record last start time
 	out, err = s.d.Cmd("inspect", "-f={{.State.StartedAt}}", "test1")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	assert.NilError(c, err, "out: %v", out)
 	lastStartTime := out
 
 	s.d.Restart(c)
 
 	// test1 shouldn't restart at all
 	err = waitInspectWithArgs("test1", "{{.State.Running}} {{.State.Restarting}}", "false false", 0, hostArgs...)
-	c.Assert(err, checker.IsNil, check.Commentf("test1 should exit but not"))
+	assert.NilError(c, err, "test1 should exit but not")
 
 	// make sure test1 isn't restarted when daemon restart
 	// if "StartAt" time updates, means test1 was once restarted.
 	out, err = s.d.Cmd("inspect", "-f={{.State.StartedAt}}", "test1")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
-	c.Assert(out, checker.Equals, lastStartTime, check.Commentf("test1 shouldn't start after daemon restarts"))
+	assert.NilError(c, err, "out: %v", out)
+	assert.Equal(c, out, lastStartTime, "test1 shouldn't start after daemon restarts")
 }
 
-func (s *DockerDaemonSuite) TestDaemonStartIptablesFalse(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonStartIptablesFalse(c *testing.T) {
 	s.d.Start(c, "--iptables=false")
 }
 
 // Make sure we cannot shrink base device at daemon restart.
-func (s *DockerDaemonSuite) TestDaemonRestartWithInvalidBasesize(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithInvalidBasesize(c *testing.T) {
 	testRequires(c, Devicemapper)
 	s.d.Start(c)
 
 	oldBasesizeBytes := getBaseDeviceSize(c, s.d)
-	var newBasesizeBytes int64 = 1073741824 //1GB in bytes
+	var newBasesizeBytes int64 = 1073741824 // 1GB in bytes
 
 	if newBasesizeBytes < oldBasesizeBytes {
 		err := s.d.RestartWithError("--storage-opt", fmt.Sprintf("dm.basesize=%d", newBasesizeBytes))
-		c.Assert(err, check.NotNil, check.Commentf("daemon should not have started as new base device size is less than existing base device size: %v", err))
+		assert.Assert(c, err != nil, "daemon should not have started as new base device size is less than existing base device size: %v", err)
 		// 'err != nil' is expected behaviour, no new daemon started,
 		// so no need to stop daemon.
 		if err != nil {
@@ -221,29 +228,29 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithInvalidBasesize(c *check.C) {
 }
 
 // Make sure we can grow base device at daemon restart.
-func (s *DockerDaemonSuite) TestDaemonRestartWithIncreasedBasesize(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithIncreasedBasesize(c *testing.T) {
 	testRequires(c, Devicemapper)
 	s.d.Start(c)
 
 	oldBasesizeBytes := getBaseDeviceSize(c, s.d)
 
-	var newBasesizeBytes int64 = 53687091200 //50GB in bytes
+	var newBasesizeBytes int64 = 53687091200 // 50GB in bytes
 
 	if newBasesizeBytes < oldBasesizeBytes {
 		c.Skip(fmt.Sprintf("New base device size (%v) must be greater than (%s)", units.HumanSize(float64(newBasesizeBytes)), units.HumanSize(float64(oldBasesizeBytes))))
 	}
 
 	err := s.d.RestartWithError("--storage-opt", fmt.Sprintf("dm.basesize=%d", newBasesizeBytes))
-	c.Assert(err, check.IsNil, check.Commentf("we should have been able to start the daemon with increased base device size: %v", err))
+	assert.Assert(c, err == nil, "we should have been able to start the daemon with increased base device size: %v", err)
 
 	basesizeAfterRestart := getBaseDeviceSize(c, s.d)
 	newBasesize, err := convertBasesize(newBasesizeBytes)
-	c.Assert(err, check.IsNil, check.Commentf("Error in converting base device size: %v", err))
-	c.Assert(newBasesize, check.Equals, basesizeAfterRestart, check.Commentf("Basesize passed is not equal to Basesize set"))
+	assert.Assert(c, err == nil, "Error in converting base device size: %v", err)
+	assert.Equal(c, newBasesize, basesizeAfterRestart, "Basesize passed is not equal to Basesize set")
 	s.d.Stop(c)
 }
 
-func getBaseDeviceSize(c *check.C, d *daemon.Daemon) int64 {
+func getBaseDeviceSize(c *testing.T, d *daemon.Daemon) int64 {
 	info := d.Info(c)
 	for _, statusLine := range info.DriverStatus {
 		key, value := statusLine[0], statusLine[1]
@@ -255,9 +262,9 @@ func getBaseDeviceSize(c *check.C, d *daemon.Daemon) int64 {
 	return int64(0)
 }
 
-func parseDeviceSize(c *check.C, raw string) int64 {
+func parseDeviceSize(c *testing.T, raw string) int64 {
 	size, err := units.RAMInBytes(strings.TrimSpace(raw))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	return size
 }
 
@@ -274,7 +281,7 @@ func convertBasesize(basesizeBytes int64) (int64, error) {
 // Issue #8444: If docker0 bridge is modified (intentionally or unintentionally) and
 // no longer has an IP associated, we should gracefully handle that case and associate
 // an IP with it rather than fail daemon start
-func (s *DockerDaemonSuite) TestDaemonStartBridgeWithoutIPAssociation(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonStartBridgeWithoutIPAssociation(c *testing.T) {
 	// rather than depending on brctl commands to verify docker0 is created and up
 	// let's start the daemon and stop it, and then make a modification to run the
 	// actual test
@@ -290,7 +297,7 @@ func (s *DockerDaemonSuite) TestDaemonStartBridgeWithoutIPAssociation(c *check.C
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonIptablesClean(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonIptablesClean(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	if out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top"); err != nil {
@@ -308,7 +315,7 @@ func (s *DockerDaemonSuite) TestDaemonIptablesClean(c *check.C) {
 	verifyIPTablesDoesNotContains(c, ipTablesSearchString)
 }
 
-func (s *DockerDaemonSuite) TestDaemonIptablesCreate(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonIptablesCreate(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	if out, err := s.d.Cmd("run", "-d", "--name", "top", "--restart=always", "-p", "80", "busybox:latest", "top"); err != nil {
@@ -334,7 +341,7 @@ func (s *DockerDaemonSuite) TestDaemonIptablesCreate(c *check.C) {
 	verifyIPTablesContains(c, ipTablesSearchString)
 }
 
-func verifyIPTablesContains(c *check.C, ipTablesSearchString string) {
+func verifyIPTablesContains(c *testing.T, ipTablesSearchString string) {
 	result := icmd.RunCommand("iptables", "-nvL")
 	result.Assert(c, icmd.Success)
 	if !strings.Contains(result.Combined(), ipTablesSearchString) {
@@ -342,7 +349,7 @@ func verifyIPTablesContains(c *check.C, ipTablesSearchString string) {
 	}
 }
 
-func verifyIPTablesDoesNotContains(c *check.C, ipTablesSearchString string) {
+func verifyIPTablesDoesNotContains(c *testing.T, ipTablesSearchString string) {
 	result := icmd.RunCommand("iptables", "-nvL")
 	result.Assert(c, icmd.Success)
 	if strings.Contains(result.Combined(), ipTablesSearchString) {
@@ -352,7 +359,7 @@ func verifyIPTablesDoesNotContains(c *check.C, ipTablesSearchString string) {
 
 // TestDaemonIPv6Enabled checks that when the daemon is started with --ipv6=true that the docker0 bridge
 // has the fe80::1 address and that a container is assigned a link-local address
-func (s *DockerDaemonSuite) TestDaemonIPv6Enabled(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonIPv6Enabled(c *testing.T) {
 	testRequires(c, IPv6)
 
 	setupV6(c)
@@ -411,131 +418,136 @@ func (s *DockerDaemonSuite) TestDaemonIPv6Enabled(c *check.C) {
 
 // TestDaemonIPv6FixedCIDR checks that when the daemon is started with --ipv6=true and a fixed CIDR
 // that running containers are given a link-local and global IPv6 address
-func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDR(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDR(c *testing.T) {
 	// IPv6 setup is messing with local bridge address.
-	testRequires(c, SameHostDaemon)
+	testRequires(c, testEnv.IsLocalDaemon)
 	// Delete the docker0 bridge if its left around from previous daemon. It has to be recreated with
 	// ipv6 enabled
 	deleteInterface(c, "docker0")
 
 	s.d.StartWithBusybox(c, "--ipv6", "--fixed-cidr-v6=2001:db8:2::/64", "--default-gateway-v6=2001:db8:2::100")
 
-	out, err := s.d.Cmd("run", "-itd", "--name=ipv6test", "busybox:latest")
-	c.Assert(err, checker.IsNil, check.Commentf("Could not run container: %s, %v", out, err))
+	out, err := s.d.Cmd("run", "-d", "--name=ipv6test", "busybox:latest", "top")
+	assert.NilError(c, err, "Could not run container: %s, %v", out, err)
 
 	out, err = s.d.Cmd("inspect", "--format", "{{.NetworkSettings.Networks.bridge.GlobalIPv6Address}}", "ipv6test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	out = strings.Trim(out, " \r\n'")
 
 	ip := net.ParseIP(out)
-	c.Assert(ip, checker.NotNil, check.Commentf("Container should have a global IPv6 address"))
+	assert.Assert(c, ip != nil, "Container should have a global IPv6 address")
 
 	out, err = s.d.Cmd("inspect", "--format", "{{.NetworkSettings.Networks.bridge.IPv6Gateway}}", "ipv6test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
-	c.Assert(strings.Trim(out, " \r\n'"), checker.Equals, "2001:db8:2::100", check.Commentf("Container should have a global IPv6 gateway"))
+	assert.Equal(c, strings.Trim(out, " \r\n'"), "2001:db8:2::100", "Container should have a global IPv6 gateway")
 }
 
 // TestDaemonIPv6FixedCIDRAndMac checks that when the daemon is started with ipv6 fixed CIDR
 // the running containers are given an IPv6 address derived from the MAC address and the ipv6 fixed CIDR
-func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDRAndMac(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDRAndMac(c *testing.T) {
 	// IPv6 setup is messing with local bridge address.
-	testRequires(c, SameHostDaemon)
+	testRequires(c, testEnv.IsLocalDaemon)
 	// Delete the docker0 bridge if its left around from previous daemon. It has to be recreated with
 	// ipv6 enabled
 	deleteInterface(c, "docker0")
 
 	s.d.StartWithBusybox(c, "--ipv6", "--fixed-cidr-v6=2001:db8:1::/64")
 
-	out, err := s.d.Cmd("run", "-itd", "--name=ipv6test", "--mac-address", "AA:BB:CC:DD:EE:FF", "busybox")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	out, err := s.d.Cmd("run", "-d", "--name=ipv6test", "--mac-address", "AA:BB:CC:DD:EE:FF", "busybox", "top")
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("inspect", "--format", "{{.NetworkSettings.Networks.bridge.GlobalIPv6Address}}", "ipv6test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.Trim(out, " \r\n'"), checker.Equals, "2001:db8:1::aabb:ccdd:eeff")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.Trim(out, " \r\n'"), "2001:db8:1::aabb:ccdd:eeff")
 }
 
 // TestDaemonIPv6HostMode checks that when the running a container with
 // network=host the host ipv6 addresses are not removed
-func (s *DockerDaemonSuite) TestDaemonIPv6HostMode(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerDaemonSuite) TestDaemonIPv6HostMode(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	deleteInterface(c, "docker0")
 
 	s.d.StartWithBusybox(c, "--ipv6", "--fixed-cidr-v6=2001:db8:2::/64")
-	out, err := s.d.Cmd("run", "-itd", "--name=hostcnt", "--network=host", "busybox:latest")
-	c.Assert(err, checker.IsNil, check.Commentf("Could not run container: %s, %v", out, err))
+	out, err := s.d.Cmd("run", "-d", "--name=hostcnt", "--network=host", "busybox:latest", "top")
+	assert.NilError(c, err, "Could not run container: %s, %v", out, err)
 
 	out, err = s.d.Cmd("exec", "hostcnt", "ip", "-6", "addr", "show", "docker0")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.Trim(out, " \r\n'"), checker.Contains, "2001:db8:2::1")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(strings.Trim(out, " \r\n'"), "2001:db8:2::1"))
 }
 
-func (s *DockerDaemonSuite) TestDaemonLogLevelWrong(c *check.C) {
-	c.Assert(s.d.StartWithError("--log-level=bogus"), check.NotNil, check.Commentf("Daemon shouldn't start with wrong log level"))
+func (s *DockerDaemonSuite) TestDaemonLogLevelWrong(c *testing.T) {
+	assert.Assert(c, s.d.StartWithError("--log-level=bogus") != nil, "Daemon shouldn't start with wrong log level")
 }
 
-func (s *DockerDaemonSuite) TestDaemonLogLevelDebug(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLogLevelDebug(c *testing.T) {
 	s.d.Start(c, "--log-level=debug")
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if !strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Missing level="debug" in log file:\n%s`, string(content))
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonLogLevelFatal(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLogLevelFatal(c *testing.T) {
 	// we creating new daemons to create new logFile
 	s.d.Start(c, "--log-level=fatal")
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Should not have level="debug" in log file:\n%s`, string(content))
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonFlagD(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonFlagD(c *testing.T) {
 	s.d.Start(c, "-D")
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if !strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Should have level="debug" in log file using -D:\n%s`, string(content))
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonFlagDebug(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonFlagDebug(c *testing.T) {
 	s.d.Start(c, "--debug")
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if !strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Should have level="debug" in log file using --debug:\n%s`, string(content))
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonFlagDebugLogLevelFatal(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonFlagDebugLogLevelFatal(c *testing.T) {
 	s.d.Start(c, "--debug", "--log-level=fatal")
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if !strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Should have level="debug" in log file when using both --debug and --log-level=fatal:\n%s`, string(content))
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonAllocatesListeningPort(c *check.C) {
-	listeningPorts := [][]string{
+func (s *DockerDaemonSuite) TestDaemonAllocatesListeningPort(c *testing.T) {
+	type listener struct {
+		daemon string
+		client string
+		port   string
+	}
+	listeningPorts := []listener{
 		{"0.0.0.0", "0.0.0.0", "5678"},
 		{"127.0.0.1", "127.0.0.1", "1234"},
 		{"localhost", "127.0.0.1", "1235"},
 	}
 
 	cmdArgs := make([]string, 0, len(listeningPorts)*2)
-	for _, hostDirective := range listeningPorts {
-		cmdArgs = append(cmdArgs, "--host", fmt.Sprintf("tcp://%s:%s", hostDirective[0], hostDirective[2]))
+	for _, l := range listeningPorts {
+		cmdArgs = append(cmdArgs, "--tls=false", "--host", fmt.Sprintf("tcp://%s:%s", l.daemon, l.port))
 	}
 
 	s.d.StartWithBusybox(c, cmdArgs...)
 
-	for _, hostDirective := range listeningPorts {
-		output, err := s.d.Cmd("run", "-p", fmt.Sprintf("%s:%s:80", hostDirective[1], hostDirective[2]), "busybox", "true")
+	for _, l := range listeningPorts {
+		output, err := s.d.Cmd("run", "-p", fmt.Sprintf("%s:%s:80", l.client, l.port), "busybox", "true")
 		if err == nil {
 			c.Fatalf("Container should not start, expected port already allocated error: %q", output)
 		} else if !strings.Contains(output, "port is already allocated") {
@@ -544,7 +556,7 @@ func (s *DockerDaemonSuite) TestDaemonAllocatesListeningPort(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonKeyGeneration(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonKeyGeneration(c *testing.T) {
 	// TODO: skip or update for Windows daemon
 	os.Remove("/etc/docker/key.json")
 	s.d.Start(c)
@@ -564,25 +576,25 @@ func (s *DockerDaemonSuite) TestDaemonKeyGeneration(c *check.C) {
 // GH#11320 - verify that the daemon exits on failure properly
 // Note that this explicitly tests the conflict of {-b,--bridge} and {--bip} options as the means
 // to get a daemon init failure; no other tests for -b/--bip conflict are therefore required
-func (s *DockerDaemonSuite) TestDaemonExitOnFailure(c *check.C) {
-	//attempt to start daemon with incorrect flags (we know -b and --bip conflict)
+func (s *DockerDaemonSuite) TestDaemonExitOnFailure(c *testing.T) {
+	// attempt to start daemon with incorrect flags (we know -b and --bip conflict)
 	if err := s.d.StartWithError("--bridge", "nosuchbridge", "--bip", "1.1.1.1"); err != nil {
-		//verify we got the right error
-		if !strings.Contains(err.Error(), "Daemon exited") {
+		// verify we got the right error
+		if !strings.Contains(err.Error(), "daemon exited") {
 			c.Fatalf("Expected daemon not to start, got %v", err)
 		}
 		// look in the log and make sure we got the message that daemon is shutting down
 		icmd.RunCommand("grep", "failed to start daemon", s.d.LogFileName()).Assert(c, icmd.Success)
 	} else {
-		//if we didn't get an error and the daemon is running, this is a failure
+		// if we didn't get an error and the daemon is running, this is a failure
 		c.Fatal("Conflicting options should cause the daemon to error out with a failure")
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonBridgeExternal(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonBridgeExternal(c *testing.T) {
 	d := s.d
 	err := d.StartWithError("--bridge", "nosuchbridge")
-	c.Assert(err, check.NotNil, check.Commentf("--bridge option with an invalid bridge should cause the daemon to fail"))
+	assert.ErrorContains(c, err, "", `--bridge option with an invalid bridge should cause the daemon to fail`)
 	defer d.Restart(c)
 
 	bridgeName := "external-bridge"
@@ -600,16 +612,14 @@ func (s *DockerDaemonSuite) TestDaemonBridgeExternal(c *check.C) {
 	})
 
 	out, err := d.Cmd("run", "-d", "--name", "ExtContainer", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	containerIP := d.FindContainerIP(c, "ExtContainer")
 	ip := net.ParseIP(containerIP)
-	c.Assert(bridgeIPNet.Contains(ip), check.Equals, true,
-		check.Commentf("Container IP-Address must be in the same subnet range : %s",
-			containerIP))
+	assert.Assert(c, bridgeIPNet.Contains(ip), "Container IP-Address must be in the same subnet range : %s", containerIP)
 }
 
-func (s *DockerDaemonSuite) TestDaemonBridgeNone(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonBridgeNone(c *testing.T) {
 	// start with bridge none
 	d := s.d
 	d.StartWithBusybox(c, "--bridge", "none")
@@ -624,22 +634,22 @@ func (s *DockerDaemonSuite) TestDaemonBridgeNone(c *check.C) {
 
 	// verify default "bridge" network is not there
 	out, err := d.Cmd("network", "inspect", "bridge")
-	c.Assert(err, check.NotNil, check.Commentf("\"bridge\" network should not be present if daemon started with --bridge=none"))
-	c.Assert(strings.Contains(out, "No such network"), check.Equals, true)
+	assert.ErrorContains(c, err, "", `"bridge" network should not be present if daemon started with --bridge=none`)
+	assert.Assert(c, strings.Contains(out, "No such network"))
 }
 
-func createInterface(c *check.C, ifType string, ifName string, ipNet string) {
+func createInterface(c *testing.T, ifType string, ifName string, ipNet string) {
 	icmd.RunCommand("ip", "link", "add", "name", ifName, "type", ifType).Assert(c, icmd.Success)
 	icmd.RunCommand("ifconfig", ifName, ipNet, "up").Assert(c, icmd.Success)
 }
 
-func deleteInterface(c *check.C, ifName string) {
+func deleteInterface(c *testing.T, ifName string) {
 	icmd.RunCommand("ip", "link", "delete", ifName).Assert(c, icmd.Success)
 	icmd.RunCommand("iptables", "-t", "nat", "--flush").Assert(c, icmd.Success)
 	icmd.RunCommand("iptables", "--flush").Assert(c, icmd.Success)
 }
 
-func (s *DockerDaemonSuite) TestDaemonBridgeIP(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonBridgeIP(c *testing.T) {
 	// TestDaemonBridgeIP Steps
 	// 1. Delete the existing docker0 Bridge
 	// 2. Set --bip daemon configuration and start the new Docker Daemon
@@ -671,17 +681,15 @@ func (s *DockerDaemonSuite) TestDaemonBridgeIP(c *check.C) {
 	})
 
 	out, err := d.Cmd("run", "-d", "--name", "test", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	containerIP := d.FindContainerIP(c, "test")
 	ip = net.ParseIP(containerIP)
-	c.Assert(bridgeIPNet.Contains(ip), check.Equals, true,
-		check.Commentf("Container IP-Address must be in the same subnet range : %s",
-			containerIP))
+	assert.Equal(c, bridgeIPNet.Contains(ip), true, fmt.Sprintf("Container IP-Address must be in the same subnet range : %s", containerIP))
 	deleteInterface(c, defaultNetworkBridge)
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithBridgeIPChange(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithBridgeIPChange(c *testing.T) {
 	s.d.Start(c)
 	defer s.d.Restart(c)
 	s.d.Stop(c)
@@ -694,14 +702,14 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithBridgeIPChange(c *check.C) {
 
 	s.d.Start(c, "--bip", bridgeIP)
 
-	//check if the iptables contains new bridgeIP MASQUERADE rule
+	// check if the iptables contains new bridgeIP MASQUERADE rule
 	ipTablesSearchString := bridgeIPNet.String()
 	icmd.RunCommand("iptables", "-t", "nat", "-nvL").Assert(c, icmd.Expected{
 		Out: ipTablesSearchString,
 	})
 }
 
-func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr(c *testing.T) {
 	d := s.d
 
 	bridgeName := "external-bridge"
@@ -718,13 +726,12 @@ func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr(c *check.C) {
 		cName := "Container" + strconv.Itoa(i)
 		out, err := d.Cmd("run", "-d", "--name", cName, "busybox", "top")
 		if err != nil {
-			c.Assert(strings.Contains(out, "no available IPv4 addresses"), check.Equals, true,
-				check.Commentf("Could not run a Container : %s %s", err.Error(), out))
+			assert.Assert(c, strings.Contains(out, "no available IPv4 addresses"), "Could not run a Container : %s %s", err.Error(), out)
 		}
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr2(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr2(c *testing.T) {
 	d := s.d
 
 	bridgeName := "external-bridge"
@@ -737,19 +744,19 @@ func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr2(c *check.C) {
 	defer s.d.Restart(c)
 
 	out, err := d.Cmd("run", "-d", "--name", "bb", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	defer d.Cmd("stop", "bb")
 
 	out, err = d.Cmd("exec", "bb", "/bin/sh", "-c", "ifconfig eth0 | awk '/inet addr/{print substr($2,6)}'")
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Equals, "10.2.2.0\n")
+	assert.NilError(c, err)
+	assert.Equal(c, out, "10.2.2.0\n")
 
 	out, err = d.Cmd("run", "--rm", "busybox", "/bin/sh", "-c", "ifconfig eth0 | awk '/inet addr/{print substr($2,6)}'")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Equals, "10.2.2.2\n")
+	assert.NilError(c, err, out)
+	assert.Equal(c, out, "10.2.2.2\n")
 }
 
-func (s *DockerDaemonSuite) TestDaemonBridgeFixedCIDREqualBridgeNetwork(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonBridgeFixedCIDREqualBridgeNetwork(c *testing.T) {
 	d := s.d
 
 	bridgeName := "external-bridge"
@@ -762,12 +769,12 @@ func (s *DockerDaemonSuite) TestDaemonBridgeFixedCIDREqualBridgeNetwork(c *check
 	defer s.d.Restart(c)
 
 	out, err := d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	cid1 := strings.TrimSpace(out)
 	defer d.Cmd("stop", cid1)
 }
 
-func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Implicit(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Implicit(c *testing.T) {
 	defaultNetworkBridge := "docker0"
 	deleteInterface(c, defaultNetworkBridge)
 
@@ -781,14 +788,12 @@ func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Implicit(c *check.C) {
 
 	expectedMessage := fmt.Sprintf("default via %s dev", bridgeIP)
 	out, err := d.Cmd("run", "busybox", "ip", "-4", "route", "list", "0/0")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.Contains(out, expectedMessage), check.Equals, true,
-		check.Commentf("Implicit default gateway should be bridge IP %s, but default route was '%s'",
-			bridgeIP, strings.TrimSpace(out)))
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.Contains(out, expectedMessage), true, fmt.Sprintf("Implicit default gateway should be bridge IP %s, but default route was '%s'", bridgeIP, strings.TrimSpace(out)))
 	deleteInterface(c, defaultNetworkBridge)
 }
 
-func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Explicit(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Explicit(c *testing.T) {
 	defaultNetworkBridge := "docker0"
 	deleteInterface(c, defaultNetworkBridge)
 
@@ -803,14 +808,12 @@ func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Explicit(c *check.C) {
 
 	expectedMessage := fmt.Sprintf("default via %s dev", gatewayIP)
 	out, err := d.Cmd("run", "busybox", "ip", "-4", "route", "list", "0/0")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.Contains(out, expectedMessage), check.Equals, true,
-		check.Commentf("Explicit default gateway should be %s, but default route was '%s'",
-			gatewayIP, strings.TrimSpace(out)))
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.Contains(out, expectedMessage), true, fmt.Sprintf("Explicit default gateway should be %s, but default route was '%s'", gatewayIP, strings.TrimSpace(out)))
 	deleteInterface(c, defaultNetworkBridge)
 }
 
-func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4ExplicitOutsideContainerSubnet(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4ExplicitOutsideContainerSubnet(c *testing.T) {
 	defaultNetworkBridge := "docker0"
 	deleteInterface(c, defaultNetworkBridge)
 
@@ -821,8 +824,7 @@ func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4ExplicitOutsideContainer
 	s.d.Restart(c)
 }
 
-func (s *DockerDaemonSuite) TestDaemonDefaultNetworkInvalidClusterConfig(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerDaemonSuite) TestDaemonDefaultNetworkInvalidClusterConfig(c *testing.T) {
 
 	// Start daemon without docker0 bridge
 	defaultNetworkBridge := "docker0"
@@ -838,7 +840,7 @@ func (s *DockerDaemonSuite) TestDaemonDefaultNetworkInvalidClusterConfig(c *chec
 	s.d.Restart(c, fmt.Sprintf("--cluster-store=%s", discoveryBackend))
 }
 
-func (s *DockerDaemonSuite) TestDaemonIP(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonIP(c *testing.T) {
 	d := s.d
 
 	ipStr := "192.170.1.1/24"
@@ -848,26 +850,24 @@ func (s *DockerDaemonSuite) TestDaemonIP(c *check.C) {
 	defer d.Restart(c)
 
 	out, err := d.Cmd("run", "-d", "-p", "8000:8000", "busybox", "top")
-	c.Assert(err, check.NotNil,
-		check.Commentf("Running a container must fail with an invalid --ip option"))
-	c.Assert(strings.Contains(out, "Error starting userland proxy"), check.Equals, true)
+	assert.Assert(c, err != nil, "Running a container must fail with an invalid --ip option")
+	assert.Equal(c, strings.Contains(out, "Error starting userland proxy"), true)
 
 	ifName := "dummy"
 	createInterface(c, "dummy", ifName, ipStr)
 	defer deleteInterface(c, ifName)
 
 	_, err = d.Cmd("run", "-d", "-p", "8000:8000", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	result := icmd.RunCommand("iptables", "-t", "nat", "-nvL")
 	result.Assert(c, icmd.Success)
 	regex := fmt.Sprintf("DNAT.*%s.*dpt:8000", ip.String())
 	matched, _ := regexp.MatchString(regex, result.Combined())
-	c.Assert(matched, check.Equals, true,
-		check.Commentf("iptables output should have contained %q, but was %q", regex, result.Combined()))
+	assert.Equal(c, matched, true, fmt.Sprintf("iptables output should have contained %q, but was %q", regex, result.Combined()))
 }
 
-func (s *DockerDaemonSuite) TestDaemonICCPing(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonICCPing(c *testing.T) {
 	testRequires(c, bridgeNfIptables)
 	d := s.d
 
@@ -884,9 +884,7 @@ func (s *DockerDaemonSuite) TestDaemonICCPing(c *check.C) {
 	result.Assert(c, icmd.Success)
 	regex := fmt.Sprintf("DROP.*all.*%s.*%s", bridgeName, bridgeName)
 	matched, _ := regexp.MatchString(regex, result.Combined())
-	c.Assert(matched, check.Equals, true,
-		check.Commentf("iptables output should have contained %q, but was %q", regex, result.Combined()))
-
+	assert.Equal(c, matched, true, fmt.Sprintf("iptables output should have contained %q, but was %q", regex, result.Combined()))
 	// Pinging another container must fail with --icc=false
 	pingContainers(c, d, true)
 
@@ -900,10 +898,10 @@ func (s *DockerDaemonSuite) TestDaemonICCPing(c *check.C) {
 	pingCmd := fmt.Sprintf("ping -c 1 %s -W 1", ip.String())
 	runArgs := []string{"run", "--rm", "busybox", "sh", "-c", pingCmd}
 	out, err := d.Cmd(runArgs...)
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerDaemonSuite) TestDaemonICCLinkExpose(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonICCLinkExpose(c *testing.T) {
 	d := s.d
 
 	bridgeName := "external-bridge"
@@ -919,17 +917,15 @@ func (s *DockerDaemonSuite) TestDaemonICCLinkExpose(c *check.C) {
 	result.Assert(c, icmd.Success)
 	regex := fmt.Sprintf("DROP.*all.*%s.*%s", bridgeName, bridgeName)
 	matched, _ := regexp.MatchString(regex, result.Combined())
-	c.Assert(matched, check.Equals, true,
-		check.Commentf("iptables output should have contained %q, but was %q", regex, result.Combined()))
-
+	assert.Equal(c, matched, true, fmt.Sprintf("iptables output should have contained %q, but was %q", regex, result.Combined()))
 	out, err := d.Cmd("run", "-d", "--expose", "4567", "--name", "icc1", "busybox", "nc", "-l", "-p", "4567")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("run", "--link", "icc1:icc1", "busybox", "nc", "icc1", "4567")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerDaemonSuite) TestDaemonLinksIpTablesRulesWhenLinkAndUnlink(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLinksIpTablesRulesWhenLinkAndUnlink(c *testing.T) {
 	bridgeName := "external-bridge"
 	bridgeIP := "192.169.1.1/24"
 
@@ -940,21 +936,22 @@ func (s *DockerDaemonSuite) TestDaemonLinksIpTablesRulesWhenLinkAndUnlink(c *che
 	defer s.d.Restart(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name", "child", "--publish", "8080:80", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	out, err = s.d.Cmd("run", "-d", "--name", "parent", "--link", "child:http", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	childIP := s.d.FindContainerIP(c, "child")
 	parentIP := s.d.FindContainerIP(c, "parent")
 
 	sourceRule := []string{"-i", bridgeName, "-o", bridgeName, "-p", "tcp", "-s", childIP, "--sport", "80", "-d", parentIP, "-j", "ACCEPT"}
 	destinationRule := []string{"-i", bridgeName, "-o", bridgeName, "-p", "tcp", "-s", parentIP, "--dport", "80", "-d", childIP, "-j", "ACCEPT"}
-	if !iptables.Exists("filter", "DOCKER", sourceRule...) || !iptables.Exists("filter", "DOCKER", destinationRule...) {
+	iptable := iptables.GetIptable(iptables.IPv4)
+	if !iptable.Exists("filter", "DOCKER", sourceRule...) || !iptable.Exists("filter", "DOCKER", destinationRule...) {
 		c.Fatal("Iptables rules not found")
 	}
 
 	s.d.Cmd("rm", "--link", "parent/http")
-	if iptables.Exists("filter", "DOCKER", sourceRule...) || iptables.Exists("filter", "DOCKER", destinationRule...) {
+	if iptable.Exists("filter", "DOCKER", sourceRule...) || iptable.Exists("filter", "DOCKER", destinationRule...) {
 		c.Fatal("Iptables rules should be removed when unlink")
 	}
 
@@ -962,12 +959,11 @@ func (s *DockerDaemonSuite) TestDaemonLinksIpTablesRulesWhenLinkAndUnlink(c *che
 	s.d.Cmd("kill", "parent")
 }
 
-func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *testing.T) {
 
 	s.d.StartWithBusybox(c, "--default-ulimit", "nofile=42:42", "--default-ulimit", "nproc=1024:1024")
 
-	out, err := s.d.Cmd("run", "--ulimit", "nproc=2048", "--name=test", "busybox", "/bin/sh", "-c", "echo $(ulimit -n); echo $(ulimit -p)")
+	out, err := s.d.Cmd("run", "--ulimit", "nproc=2048", "--name=test", "busybox", "/bin/sh", "-c", "echo $(ulimit -n); echo $(ulimit -u)")
 	if err != nil {
 		c.Fatal(err, out)
 	}
@@ -983,7 +979,7 @@ func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *check.C) {
 		c.Fatalf("expected `ulimit -n` to be `42`, got: %s", nofile)
 	}
 	if nproc != "2048" {
-		c.Fatalf("expected `ulimit -p` to be 2048, got: %s", nproc)
+		c.Fatalf("expected `ulimit -u` to be 2048, got: %s", nproc)
 	}
 
 	// Now restart daemon with a new default
@@ -1005,12 +1001,12 @@ func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *check.C) {
 		c.Fatalf("expected `ulimit -n` to be `43`, got: %s", nofile)
 	}
 	if nproc != "2048" {
-		c.Fatalf("expected `ulimit -p` to be 2048, got: %s", nproc)
+		c.Fatalf("expected `ulimit -u` to be 2048, got: %s", nproc)
 	}
 }
 
 // #11315
-func (s *DockerDaemonSuite) TestDaemonRestartRenameContainer(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartRenameContainer(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	if out, err := s.d.Cmd("run", "--name=test", "busybox"); err != nil {
@@ -1028,13 +1024,13 @@ func (s *DockerDaemonSuite) TestDaemonRestartRenameContainer(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefault(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefault(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id, err := s.d.GetIDByName("test")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	logPath := filepath.Join(s.d.Root, "containers", id, id+"-json.log")
 
@@ -1066,7 +1062,7 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefault(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefaultOverride(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefaultOverride(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--name=test", "--log-driver=none", "busybox", "echo", "testline")
@@ -1074,7 +1070,7 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefaultOverride(c *check.C) {
 		c.Fatal(out, err)
 	}
 	id, err := s.d.GetIDByName("test")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	logPath := filepath.Join(s.d.Root, "containers", id, id+"-json.log")
 
@@ -1083,7 +1079,7 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefaultOverride(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonLoggingDriverNone(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverNone(c *testing.T) {
 	s.d.StartWithBusybox(c, "--log-driver=none")
 
 	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
@@ -1091,7 +1087,7 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverNone(c *check.C) {
 		c.Fatal(out, err)
 	}
 	id, err := s.d.GetIDByName("test")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	logPath := filepath.Join(s.d.Root, "containers", id, id+"-json.log")
 
@@ -1100,7 +1096,7 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverNone(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneOverride(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneOverride(c *testing.T) {
 	s.d.StartWithBusybox(c, "--log-driver=none")
 
 	out, err := s.d.Cmd("run", "--name=test", "--log-driver=json-file", "busybox", "echo", "testline")
@@ -1108,7 +1104,7 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneOverride(c *check.C) {
 		c.Fatal(out, err)
 	}
 	id, err := s.d.GetIDByName("test")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	logPath := filepath.Join(s.d.Root, "containers", id, id+"-json.log")
 
@@ -1140,19 +1136,19 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneOverride(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneLogsError(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneLogsError(c *testing.T) {
 	s.d.StartWithBusybox(c, "--log-driver=none")
 
 	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("logs", "test")
-	c.Assert(err, check.NotNil, check.Commentf("Logs should fail with 'none' driver"))
+	assert.Assert(c, err != nil, "Logs should fail with 'none' driver")
 	expected := `configured logging driver does not support reading`
-	c.Assert(out, checker.Contains, expected)
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
-func (s *DockerDaemonSuite) TestDaemonLoggingDriverShouldBeIgnoredForBuild(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverShouldBeIgnoredForBuild(c *testing.T) {
 	s.d.StartWithBusybox(c, "--log-driver=splunk")
 
 	result := cli.BuildCmd(c, "busyboxs", cli.Daemon(s.d),
@@ -1161,14 +1157,14 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverShouldBeIgnoredForBuild(c *ch
         RUN echo foo`),
 		build.WithoutCache,
 	)
-	comment := check.Commentf("Failed to build image. output %s, exitCode %d, err %v", result.Combined(), result.ExitCode, result.Error)
-	c.Assert(result.Error, check.IsNil, comment)
-	c.Assert(result.ExitCode, check.Equals, 0, comment)
-	c.Assert(result.Combined(), checker.Contains, "foo", comment)
+	comment := fmt.Sprintf("Failed to build image. output %s, exitCode %d, err %v", result.Combined(), result.ExitCode, result.Error)
+	assert.Assert(c, result.Error == nil, comment)
+	assert.Equal(c, result.ExitCode, 0, comment)
+	assert.Assert(c, strings.Contains(result.Combined(), "foo"), comment)
 }
 
-func (s *DockerDaemonSuite) TestDaemonUnixSockCleanedUp(c *check.C) {
-	dir, err := ioutil.TempDir("", "socket-cleanup-test")
+func (s *DockerDaemonSuite) TestDaemonUnixSockCleanedUp(c *testing.T) {
+	dir, err := os.MkdirTemp("", "socket-cleanup-test")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -1188,7 +1184,7 @@ func (s *DockerDaemonSuite) TestDaemonUnixSockCleanedUp(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *testing.T) {
 	type Config struct {
 		Crv string `json:"crv"`
 		D   string `json:"d"`
@@ -1203,7 +1199,7 @@ func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
 	s.d.Stop(c)
 
 	config := &Config{}
-	bytes, err := ioutil.ReadFile("/etc/docker/key.json")
+	bytes, err := os.ReadFile("/etc/docker/key.json")
 	if err != nil {
 		c.Fatalf("Error reading key.json file: %s", err)
 	}
@@ -1213,7 +1209,7 @@ func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
 		c.Fatalf("Error Unmarshal: %s", err)
 	}
 
-	//replace config.Kid with the fake value
+	// replace config.Kid with the fake value
 	config.Kid = "VSAJ:FUYR:X3H2:B2VZ:KZ6U:CJD5:K7BX:ZXHY:UZXT:P4FT:MJWG:HRJ4"
 
 	// NEW Data-Struct to byte[]
@@ -1223,8 +1219,8 @@ func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
 	}
 
 	// write back
-	if err := ioutil.WriteFile("/etc/docker/key.json", newBytes, 0400); err != nil {
-		c.Fatalf("Error ioutil.WriteFile: %s", err)
+	if err := os.WriteFile("/etc/docker/key.json", newBytes, 0400); err != nil {
+		c.Fatalf("Error os.WriteFile: %s", err)
 	}
 
 	defer os.Remove("/etc/docker/key.json")
@@ -1234,14 +1230,14 @@ func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
 	}
 
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
+	assert.Assert(c, err == nil)
 
 	if !strings.Contains(string(content), "Public Key ID does not match") {
 		c.Fatalf("Missing KeyID message from daemon logs: %s", string(content))
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartKillWait(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartKillWait(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-id", "busybox", "/bin/cat")
@@ -1256,7 +1252,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartKillWait(c *check.C) {
 
 	s.d.Restart(c)
 
-	errchan := make(chan error)
+	errchan := make(chan error, 1)
 	go func() {
 		if out, err := s.d.Cmd("wait", containerID); err != nil {
 			errchan <- fmt.Errorf("%v:\n%s", err, out)
@@ -1275,7 +1271,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartKillWait(c *check.C) {
 }
 
 // TestHTTPSInfo connects via two-way authenticated HTTPS to the info endpoint
-func (s *DockerDaemonSuite) TestHTTPSInfo(c *check.C) {
+func (s *DockerDaemonSuite) TestHTTPSInfo(c *testing.T) {
 	const (
 		testDaemonHTTPSAddr = "tcp://localhost:4271"
 	)
@@ -1303,7 +1299,7 @@ func (s *DockerDaemonSuite) TestHTTPSInfo(c *check.C) {
 
 // TestHTTPSRun connects via two-way authenticated HTTPS to the create, attach, start, and wait endpoints.
 // https://github.com/docker/docker/issues/19280
-func (s *DockerDaemonSuite) TestHTTPSRun(c *check.C) {
+func (s *DockerDaemonSuite) TestHTTPSRun(c *testing.T) {
 	const (
 		testDaemonHTTPSAddr = "tcp://localhost:4271"
 	)
@@ -1329,7 +1325,7 @@ func (s *DockerDaemonSuite) TestHTTPSRun(c *check.C) {
 }
 
 // TestTLSVerify verifies that --tlsverify=false turns on tls
-func (s *DockerDaemonSuite) TestTLSVerify(c *check.C) {
+func (s *DockerDaemonSuite) TestTLSVerify(c *testing.T) {
 	out, err := exec.Command(dockerdBinary, "--tlsverify=false").CombinedOutput()
 	if err == nil || !strings.Contains(string(out), "Could not load X509 key pair") {
 		c.Fatalf("Daemon should not have started due to missing certs: %v\n%s", err, string(out))
@@ -1338,7 +1334,7 @@ func (s *DockerDaemonSuite) TestTLSVerify(c *check.C) {
 
 // TestHTTPSInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
 // by using a rogue client certificate and checks that it fails with the expected error.
-func (s *DockerDaemonSuite) TestHTTPSInfoRogueCert(c *check.C) {
+func (s *DockerDaemonSuite) TestHTTPSInfoRogueCert(c *testing.T) {
 	const (
 		errBadCertificate   = "bad certificate"
 		testDaemonHTTPSAddr = "tcp://localhost:4271"
@@ -1367,7 +1363,7 @@ func (s *DockerDaemonSuite) TestHTTPSInfoRogueCert(c *check.C) {
 
 // TestHTTPSInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
 // which provides a rogue server certificate and checks that it fails with the expected error
-func (s *DockerDaemonSuite) TestHTTPSInfoRogueServerCert(c *check.C) {
+func (s *DockerDaemonSuite) TestHTTPSInfoRogueServerCert(c *testing.T) {
 	const (
 		errCaUnknown             = "x509: certificate signed by unknown authority"
 		testDaemonRogueHTTPSAddr = "tcp://localhost:4272"
@@ -1393,7 +1389,7 @@ func (s *DockerDaemonSuite) TestHTTPSInfoRogueServerCert(c *check.C) {
 	}
 }
 
-func pingContainers(c *check.C, d *daemon.Daemon, expectFailure bool) {
+func pingContainers(c *testing.T, d *daemon.Daemon, expectFailure bool) {
 	var dargs []string
 	if d != nil {
 		dargs = []string{"--host", d.Sock()}
@@ -1408,86 +1404,85 @@ func pingContainers(c *check.C, d *daemon.Daemon, expectFailure bool) {
 	_, _, err := dockerCmdWithError(args...)
 
 	if expectFailure {
-		c.Assert(err, check.NotNil)
+		assert.ErrorContains(c, err, "")
 	} else {
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	}
 
 	args = append(dargs, "rm", "-f", "container1")
 	dockerCmd(c, args...)
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithSocketAsVolume(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithSocketAsVolume(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	socket := filepath.Join(s.d.Folder, "docker.sock")
 
 	out, err := s.d.Cmd("run", "--restart=always", "-v", socket+":/sock", "busybox")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 	s.d.Restart(c)
 }
 
 // os.Kill should kill daemon ungracefully, leaving behind container mounts.
 // A subsequent daemon restart should clean up said mounts.
-func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonAndContainerKill(c *check.C) {
+func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonAndContainerKill(c *testing.T) {
 	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 	d.StartWithBusybox(c)
 
 	out, err := d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
+
 	id := strings.TrimSpace(out)
 
 	// If there are no mounts with container id visible from the host
 	// (as those are in container's own mount ns), there is nothing
 	// to check here and the test should be skipped.
-	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+	mountOut, err := os.ReadFile("/proc/self/mountinfo")
+	assert.NilError(c, err, "Output: %s", mountOut)
 	if !strings.Contains(string(mountOut), id) {
 		d.Stop(c)
 		c.Skip("no container mounts visible in host ns")
 	}
 
 	// kill the daemon
-	c.Assert(d.Kill(), check.IsNil)
+	assert.NilError(c, d.Kill())
 
 	// kill the container
 	icmd.RunCommand(ctrBinary, "--address", containerdSocket,
-		"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", id).Assert(c, icmd.Success)
+		"--namespace", d.ContainersNamespace(), "tasks", "kill", id).Assert(c, icmd.Success)
 
 	// restart daemon.
 	d.Restart(c)
 
 	// Now, container mounts should be gone.
-	mountOut, err = ioutil.ReadFile("/proc/self/mountinfo")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
-	comment := check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, d.Root, mountOut)
-	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
+	mountOut, err = os.ReadFile("/proc/self/mountinfo")
+	assert.NilError(c, err, "Output: %s", mountOut)
+	assert.Assert(c, !strings.Contains(string(mountOut), id), "%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, d.Root, mountOut)
 
 	d.Stop(c)
 }
 
 // os.Interrupt should perform a graceful daemon shutdown and hence cleanup mounts.
-func (s *DockerDaemonSuite) TestCleanupMountsAfterGracefulShutdown(c *check.C) {
+func (s *DockerDaemonSuite) TestCleanupMountsAfterGracefulShutdown(c *testing.T) {
 	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 	d.StartWithBusybox(c)
 
 	out, err := d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 	id := strings.TrimSpace(out)
 
 	// Send SIGINT and daemon should clean up
-	c.Assert(d.Signal(os.Interrupt), check.IsNil)
+	assert.NilError(c, d.Signal(os.Interrupt))
 	// Wait for the daemon to stop.
-	c.Assert(<-d.Wait, checker.IsNil)
+	assert.NilError(c, <-d.Wait)
 
-	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+	mountOut, err := os.ReadFile("/proc/self/mountinfo")
+	assert.NilError(c, err, "Output: %s", mountOut)
 
-	comment := check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, d.Root, mountOut)
-	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
+	assert.Assert(c, !strings.Contains(string(mountOut), id), "%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, d.Root, mountOut)
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *testing.T) {
 	s.d.StartWithBusybox(t)
 	if out, err := s.d.Cmd("run", "-d", "--name", "test", "busybox", "top"); err != nil {
 		t.Fatal(out, err)
@@ -1500,7 +1495,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartCleanupNetns(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartCleanupNetns(c *testing.T) {
 	s.d.StartWithBusybox(c)
 	out, err := s.d.Cmd("run", "--name", "netns", "-d", "busybox", "top")
 	if err != nil {
@@ -1538,7 +1533,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartCleanupNetns(c *check.C) {
 }
 
 // tests regression detailed in #13964 where DOCKER_TLS_VERIFY env is ignored
-func (s *DockerDaemonSuite) TestDaemonTLSVerifyIssue13964(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonTLSVerifyIssue13964(c *testing.T) {
 	host := "tcp://localhost:4271"
 	s.d.Start(c, "-H", host)
 	icmd.RunCmd(icmd.Cmd{
@@ -1550,57 +1545,57 @@ func (s *DockerDaemonSuite) TestDaemonTLSVerifyIssue13964(c *check.C) {
 	})
 }
 
-func setupV6(c *check.C) {
+func setupV6(c *testing.T) {
 	// Hack to get the right IPv6 address on docker0, which has already been created
 	result := icmd.RunCommand("ip", "addr", "add", "fe80::1/64", "dev", "docker0")
 	result.Assert(c, icmd.Success)
 }
 
-func teardownV6(c *check.C) {
+func teardownV6(c *testing.T) {
 	result := icmd.RunCommand("ip", "addr", "del", "fe80::1/64", "dev", "docker0")
 	result.Assert(c, icmd.Success)
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithContainerWithRestartPolicyAlways(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithContainerWithRestartPolicyAlways(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--restart", "always", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	out, err = s.d.Cmd("stop", id)
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	out, err = s.d.Cmd("wait", id)
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("ps", "-q")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
-	c.Assert(out, check.Equals, "")
+	assert.NilError(c, err, out)
+	assert.Equal(c, out, "")
 
 	s.d.Restart(c)
 
 	out, err = s.d.Cmd("ps", "-q")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), check.Equals, id[:12])
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), id[:12])
 }
 
-func (s *DockerDaemonSuite) TestDaemonWideLogConfig(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonWideLogConfig(c *testing.T) {
 	s.d.StartWithBusybox(c, "--log-opt=max-size=1k")
 	name := "logtest"
 	out, err := s.d.Cmd("run", "-d", "--log-opt=max-file=5", "--name", name, "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s, err: %v", out, err))
+	assert.NilError(c, err, "Output: %s, err: %v", out, err)
 
 	out, err = s.d.Cmd("inspect", "-f", "{{ .HostConfig.LogConfig.Config }}", name)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(out, checker.Contains, "max-size:1k")
-	c.Assert(out, checker.Contains, "max-file:5")
+	assert.NilError(c, err, "Output: %s", out)
+	assert.Assert(c, strings.Contains(out, "max-size:1k"))
+	assert.Assert(c, strings.Contains(out, "max-file:5"))
 
 	out, err = s.d.Cmd("inspect", "-f", "{{ .HostConfig.LogConfig.Type }}", name)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "json-file")
+	assert.NilError(c, err, "Output: %s", out)
+	assert.Equal(c, strings.TrimSpace(out), "json-file")
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithPausedContainer(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithPausedContainer(c *testing.T) {
 	s.d.StartWithBusybox(c)
 	if out, err := s.d.Cmd("run", "-i", "-d", "--name", "test", "busybox", "top"); err != nil {
 		c.Fatal(err, out)
@@ -1610,15 +1605,17 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPausedContainer(c *check.C) {
 	}
 	s.d.Restart(c)
 
-	errchan := make(chan error)
+	errchan := make(chan error, 1)
 	go func() {
 		out, err := s.d.Cmd("start", "test")
 		if err != nil {
 			errchan <- fmt.Errorf("%v:\n%s", err, out)
+			return
 		}
 		name := strings.TrimSpace(out)
 		if name != "test" {
 			errchan <- fmt.Errorf("Paused container start error on docker daemon restart, expected 'test' but got '%s'", name)
+			return
 		}
 		close(errchan)
 	}()
@@ -1633,48 +1630,48 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPausedContainer(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartRmVolumeInUse(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartRmVolumeInUse(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("create", "-v", "test:/foo", "busybox")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	s.d.Restart(c)
 
 	out, err = s.d.Cmd("volume", "rm", "test")
-	c.Assert(err, check.NotNil, check.Commentf("should not be able to remove in use volume after daemon restart"))
-	c.Assert(out, checker.Contains, "in use")
+	assert.Assert(c, err != nil, "should not be able to remove in use volume after daemon restart")
+	assert.Assert(c, strings.Contains(out, "in use"))
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartLocalVolumes(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartLocalVolumes(c *testing.T) {
 	s.d.Start(c)
 
 	out, err := s.d.Cmd("volume", "create", "test")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	s.d.Restart(c)
 
 	out, err = s.d.Cmd("volume", "inspect", "test")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerDaemonSuite) TestDaemonCorruptedLogDriverAddress(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonCorruptedLogDriverAddress(c *testing.T) {
 	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
-	c.Assert(d.StartWithError("--log-driver=syslog", "--log-opt", "syslog-address=corrupted:42"), check.NotNil)
+	assert.Assert(c, d.StartWithError("--log-driver=syslog", "--log-opt", "syslog-address=corrupted:42") != nil)
 	expected := "syslog-address should be in form proto://address"
 	icmd.RunCommand("grep", expected, d.LogFileName()).Assert(c, icmd.Success)
 }
 
 // FIXME(vdemeester) should be a unit test
-func (s *DockerDaemonSuite) TestDaemonCorruptedFluentdAddress(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonCorruptedFluentdAddress(c *testing.T) {
 	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
-	c.Assert(d.StartWithError("--log-driver=fluentd", "--log-opt", "fluentd-address=corrupted:c"), check.NotNil)
+	assert.Assert(c, d.StartWithError("--log-driver=fluentd", "--log-opt", "fluentd-address=corrupted:c") != nil)
 	expected := "invalid fluentd-address corrupted:c: "
 	icmd.RunCommand("grep", expected, d.LogFileName()).Assert(c, icmd.Success)
 }
 
 // FIXME(vdemeester) Use a new daemon instance instead of the Suite one
-func (s *DockerDaemonSuite) TestDaemonStartWithoutHost(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonStartWithoutHost(c *testing.T) {
 	s.d.UseDefaultHost = true
 	defer func() {
 		s.d.UseDefaultHost = false
@@ -1683,7 +1680,7 @@ func (s *DockerDaemonSuite) TestDaemonStartWithoutHost(c *check.C) {
 }
 
 // FIXME(vdemeester) Use a new daemon instance instead of the Suite one
-func (s *DockerDaemonSuite) TestDaemonStartWithDefaultTLSHost(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonStartWithDefaultTLSHost(c *testing.T) {
 	s.d.UseDefaultTLSHost = true
 	defer func() {
 		s.d.UseDefaultTLSHost = false
@@ -1715,10 +1712,10 @@ func (s *DockerDaemonSuite) TestDaemonStartWithDefaultTLSHost(c *check.C) {
 	}
 
 	// ensure when connecting to the server that only a single acceptable CA is requested
-	contents, err := ioutil.ReadFile("fixtures/https/ca.pem")
-	c.Assert(err, checker.IsNil)
+	contents, err := os.ReadFile("fixtures/https/ca.pem")
+	assert.NilError(c, err)
 	rootCert, err := helpers.ParseCertificatePEM(contents)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	rootPool := x509.NewCertPool()
 	rootPool.AddCert(rootCert)
 
@@ -1734,15 +1731,15 @@ func (s *DockerDaemonSuite) TestDaemonStartWithDefaultTLSHost(c *check.C) {
 			return &cert, nil
 		},
 	})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	conn.Close()
 
-	c.Assert(certRequestInfo, checker.NotNil)
-	c.Assert(certRequestInfo.AcceptableCAs, checker.HasLen, 1)
-	c.Assert(certRequestInfo.AcceptableCAs[0], checker.DeepEquals, rootCert.RawSubject)
+	assert.Assert(c, certRequestInfo != nil)
+	assert.Equal(c, len(certRequestInfo.AcceptableCAs), 1)
+	assert.DeepEqual(c, certRequestInfo.AcceptableCAs[0], rootCert.RawSubject)
 }
 
-func (s *DockerDaemonSuite) TestBridgeIPIsExcludedFromAllocatorPool(c *check.C) {
+func (s *DockerDaemonSuite) TestBridgeIPIsExcludedFromAllocatorPool(c *testing.T) {
 	defaultNetworkBridge := "docker0"
 	deleteInterface(c, defaultNetworkBridge)
 
@@ -1761,42 +1758,42 @@ func (s *DockerDaemonSuite) TestBridgeIPIsExcludedFromAllocatorPool(c *check.C)
 			break
 		}
 		ip, err := s.d.Cmd("inspect", "--format", "'{{.NetworkSettings.IPAddress}}'", contName)
-		c.Assert(err, check.IsNil, check.Commentf("%s", ip))
+		assert.Assert(c, err == nil, ip)
 
-		c.Assert(ip, check.Not(check.Equals), bridgeIP)
+		assert.Assert(c, ip != bridgeIP)
 		cont++
 	}
 }
 
 // Test daemon for no space left on device error
-func (s *DockerDaemonSuite) TestDaemonNoSpaceLeftOnDeviceError(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux, Network)
+func (s *DockerDaemonSuite) TestDaemonNoSpaceLeftOnDeviceError(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, Network)
 
-	testDir, err := ioutil.TempDir("", "no-space-left-on-device-test")
-	c.Assert(err, checker.IsNil)
+	testDir, err := os.MkdirTemp("", "no-space-left-on-device-test")
+	assert.NilError(c, err)
 	defer os.RemoveAll(testDir)
-	c.Assert(mount.MakeRShared(testDir), checker.IsNil)
+	assert.Assert(c, mount.MakeRShared(testDir) == nil)
 	defer mount.Unmount(testDir)
 
 	// create a 3MiB image (with a 2MiB ext4 fs) and mount it as graph root
-	// Why in a container? Because `mount` sometimes behaves weirdly and often fails outright on this test in debian:jessie (which is what the test suite runs under if run from the Makefile)
+	// Why in a container? Because `mount` sometimes behaves weirdly and often fails outright on this test in debian:bullseye (which is what the test suite runs under if run from the Makefile)
 	dockerCmd(c, "run", "--rm", "-v", testDir+":/test", "busybox", "sh", "-c", "dd of=/test/testfs.img bs=1M seek=3 count=0")
 	icmd.RunCommand("mkfs.ext4", "-F", filepath.Join(testDir, "testfs.img")).Assert(c, icmd.Success)
 
-	dockerCmd(c, "run", "--privileged", "--rm", "-v", testDir+":/test:shared", "busybox", "sh", "-c", "mkdir -p /test/test-mount/vfs && mount -n /test/testfs.img /test/test-mount/vfs")
+	dockerCmd(c, "run", "--privileged", "--rm", "-v", testDir+":/test:shared", "busybox", "sh", "-c", "mkdir -p /test/test-mount/vfs && mount -n -t ext4 /test/testfs.img /test/test-mount/vfs")
 	defer mount.Unmount(filepath.Join(testDir, "test-mount"))
 
 	s.d.Start(c, "--storage-driver", "vfs", "--data-root", filepath.Join(testDir, "test-mount"))
 	defer s.d.Stop(c)
 
 	// pull a repository large enough to overfill the mounted filesystem
-	pullOut, err := s.d.Cmd("pull", "debian:stretch")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", pullOut))
-	c.Assert(pullOut, checker.Contains, "no space left on device")
+	pullOut, err := s.d.Cmd("pull", "debian:bullseye-slim")
+	assert.Assert(c, err != nil, pullOut)
+	assert.Assert(c, strings.Contains(pullOut, "no space left on device"))
 }
 
 // Test daemon restart with container links + auto restart
-func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	var parent1Args []string
@@ -1825,7 +1822,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *check.C) {
 	wg.Wait()
 	close(chErr)
 	for err := range chErr {
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	}
 
 	parent1Args = append([]string{"run", "-d"}, parent1Args...)
@@ -1834,9 +1831,9 @@ func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *check.C) {
 	parent2Args = append(parent2Args, []string{"--name=parent2", "--restart=always", "busybox", "top"}...)
 
 	_, err := s.d.Cmd(parent1Args...)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, err = s.d.Cmd(parent2Args...)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	s.d.Stop(c)
 	// clear the log file -- we don't need any of it but may for the next part
@@ -1846,15 +1843,15 @@ func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *check.C) {
 
 	for _, num := range []string{"1", "2"} {
 		out, err := s.d.Cmd("inspect", "-f", "{{ .State.Running }}", "parent"+num)
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 		if strings.TrimSpace(out) != "true" {
-			log, _ := ioutil.ReadFile(s.d.LogFileName())
+			log, _ := os.ReadFile(s.d.LogFileName())
 			c.Fatalf("parent container is not running\n%s", string(log))
 		}
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonCgroupParent(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonCgroupParent(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	cgroupParent := "test"
@@ -1864,12 +1861,12 @@ func (s *DockerDaemonSuite) TestDaemonCgroupParent(c *check.C) {
 	defer s.d.Restart(c)
 
 	out, err := s.d.Cmd("run", "--name", name, "busybox", "cat", "/proc/self/cgroup")
-	c.Assert(err, checker.IsNil)
-	cgroupPaths := ParseCgroupPaths(string(out))
-	c.Assert(len(cgroupPaths), checker.Not(checker.Equals), 0, check.Commentf("unexpected output - %q", string(out)))
+	assert.NilError(c, err)
+	cgroupPaths := ParseCgroupPaths(out)
+	assert.Assert(c, len(cgroupPaths) != 0, "unexpected output - %q", out)
 	out, err = s.d.Cmd("inspect", "-f", "{{.Id}}", name)
-	c.Assert(err, checker.IsNil)
-	id := strings.TrimSpace(string(out))
+	assert.NilError(c, err)
+	id := strings.TrimSpace(out)
 	expectedCgroup := path.Join(cgroupParent, id)
 	found := false
 	for _, path := range cgroupPaths {
@@ -1878,57 +1875,57 @@ func (s *DockerDaemonSuite) TestDaemonCgroupParent(c *check.C) {
 			break
 		}
 	}
-	c.Assert(found, checker.True, check.Commentf("Cgroup path for container (%s) doesn't found in cgroups file: %s", expectedCgroup, cgroupPaths))
+	assert.Assert(c, found, "Cgroup path for container (%s) doesn't found in cgroups file: %s", expectedCgroup, cgroupPaths)
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithLinks(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithLinks(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support links
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name=test", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("run", "--name=test2", "--link", "test:abc", "busybox", "sh", "-c", "ping -c 1 -w 1 abc")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	s.d.Restart(c)
 
 	// should fail since test is not running yet
 	out, err = s.d.Cmd("start", "test2")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 
 	out, err = s.d.Cmd("start", "test")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	out, err = s.d.Cmd("start", "-a", "test2")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.Contains(out, "1 packets transmitted, 1 packets received"), check.Equals, true, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.Contains(out, "1 packets transmitted, 1 packets received"), true, out)
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithNames(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithNames(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support links
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("create", "--name=test", "busybox")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("run", "-d", "--name=test2", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	test2ID := strings.TrimSpace(out)
 
 	out, err = s.d.Cmd("run", "-d", "--name=test3", "--link", "test2:abc", "busybox", "top")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	test3ID := strings.TrimSpace(out)
 
 	s.d.Restart(c)
 
 	_, err = s.d.Cmd("create", "--name=test", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("expected error trying to create container with duplicate name"))
+	assert.ErrorContains(c, err, "", "expected error trying to create container with duplicate name")
 	// this one is no longer needed, removing simplifies the remainder of the test
 	out, err = s.d.Cmd("rm", "-f", "test")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("ps", "-a", "--no-trunc")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	lines := strings.Split(strings.TrimSpace(out), "\n")[1:]
 
@@ -1939,20 +1936,20 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithNames(c *check.C) {
 		names := fields[len(fields)-1]
 		switch fields[0] {
 		case test2ID:
-			c.Assert(names, check.Equals, "test2,test3/abc")
+			assert.Equal(c, names, "test2,test3/abc")
 			test2validated = true
 		case test3ID:
-			c.Assert(names, check.Equals, "test3")
+			assert.Equal(c, names, "test3")
 			test3validated = true
 		}
 	}
 
-	c.Assert(test2validated, check.Equals, true)
-	c.Assert(test3validated, check.Equals, true)
+	assert.Assert(c, test2validated)
+	assert.Assert(c, test3validated)
 }
 
 // TestDaemonRestartWithKilledRunningContainer requires live restore of running containers
-func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *testing.T) {
 	testRequires(t, DaemonIsLinux)
 	s.d.StartWithBusybox(t)
 
@@ -1964,7 +1961,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
 	cid = strings.TrimSpace(cid)
 
 	pid, err := s.d.Cmd("inspect", "-f", "{{.State.Pid}}", cid)
-	t.Assert(err, check.IsNil)
+	assert.NilError(t, err)
 	pid = strings.TrimSpace(pid)
 
 	// Kill the daemon
@@ -1974,7 +1971,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
 
 	// kill the container
 	icmd.RunCommand(ctrBinary, "--address", containerdSocket,
-		"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", cid).Assert(t, icmd.Success)
+		"--namespace", s.d.ContainersNamespace(), "tasks", "kill", cid).Assert(t, icmd.Success)
 
 	// Give time to containerd to process the command if we don't
 	// the exit event might be received after we do the inspect
@@ -1990,7 +1987,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
 
 	// Check that we've got the correct exit code
 	out, err := s.d.Cmd("inspect", "-f", "{{.State.ExitCode}}", cid)
-	t.Assert(err, check.IsNil)
+	assert.NilError(t, err)
 
 	out = strings.TrimSpace(out)
 	if out != "143" {
@@ -2002,23 +1999,23 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
 // os.Kill should kill daemon ungracefully, leaving behind live containers.
 // The live containers should be known to the restarted daemon. Stopping
 // them now, should remove the mounts.
-func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonCrash(c *check.C) {
+func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonCrash(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	s.d.StartWithBusybox(c, "--live-restore")
 
 	out, err := s.d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 	id := strings.TrimSpace(out)
 
 	// kill the daemon
-	c.Assert(s.d.Kill(), check.IsNil)
+	assert.Assert(c, s.d.Kill() == nil)
 
 	// Check if there are mounts with container id visible from the host.
 	// If not, those mounts exist in container's own mount ns, and so
 	// the following check for mounts being cleared is pointless.
 	skipMountCheck := false
-	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+	mountOut, err := os.ReadFile("/proc/self/mountinfo")
+	assert.Assert(c, err == nil, "Output: %s", mountOut)
 	if !strings.Contains(string(mountOut), id) {
 		skipMountCheck = true
 	}
@@ -2028,7 +2025,7 @@ func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonCrash(c *check.C) {
 
 	// container should be running.
 	out, err = s.d.Cmd("inspect", "--format={{.State.Running}}", id)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 	out = strings.TrimSpace(out)
 	if out != "true" {
 		c.Fatalf("Container %s expected to stay alive after daemon restart", id)
@@ -2036,20 +2033,20 @@ func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonCrash(c *check.C) {
 
 	// 'docker stop' should work.
 	out, err = s.d.Cmd("stop", id)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 
 	if skipMountCheck {
 		return
 	}
 	// Now, container mounts should be gone.
-	mountOut, err = ioutil.ReadFile("/proc/self/mountinfo")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
-	comment := check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.Root, mountOut)
-	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
+	mountOut, err = os.ReadFile("/proc/self/mountinfo")
+	assert.Assert(c, err == nil, "Output: %s", mountOut)
+	comment := fmt.Sprintf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.Root, mountOut)
+	assert.Equal(c, strings.Contains(string(mountOut), id), false, comment)
 }
 
 // TestDaemonRestartWithUnpausedRunningContainer requires live restore of running containers.
-func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *testing.T) {
 	testRequires(t, DaemonIsLinux)
 	s.d.StartWithBusybox(t, "--live-restore")
 
@@ -2061,7 +2058,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
 	cid = strings.TrimSpace(cid)
 
 	pid, err := s.d.Cmd("inspect", "-f", "{{.State.Pid}}", cid)
-	t.Assert(err, check.IsNil)
+	assert.NilError(t, err)
 
 	// pause the container
 	if _, err := s.d.Cmd("pause", cid); err != nil {
@@ -2077,23 +2074,23 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
 	result := icmd.RunCommand(
 		ctrBinary,
 		"--address", containerdSocket,
-		"--namespace", moby_daemon.ContainersNamespace,
+		"--namespace", s.d.ContainersNamespace(),
 		"tasks", "resume", cid)
 	result.Assert(t, icmd.Success)
 
 	// Give time to containerd to process the command if we don't
 	// the resume event might be received after we do the inspect
-	waitAndAssert(t, defaultReconciliationTimeout, func(*check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(t, pollCheck(t, func(*testing.T) (interface{}, string) {
 		result := icmd.RunCommand("kill", "-0", strings.TrimSpace(pid))
-		return result.ExitCode, nil
-	}, checker.Equals, 0)
+		return result.ExitCode, ""
+	}, checker.Equals(0)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// restart the daemon
 	s.d.Start(t, "--live-restore")
 
 	// Check that we've got the correct status
 	out, err := s.d.Cmd("inspect", "-f", "{{.State.Status}}", cid)
-	t.Assert(err, check.IsNil)
+	assert.NilError(t, err)
 
 	out = strings.TrimSpace(out)
 	if out != "running" {
@@ -2106,33 +2103,31 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
 
 // TestRunLinksChanged checks that creating a new container with the same name does not update links
 // this ensures that the old, pre gh#16032 functionality continues on
-func (s *DockerDaemonSuite) TestRunLinksChanged(c *check.C) {
+func (s *DockerDaemonSuite) TestRunLinksChanged(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support links
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name=test", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("run", "--name=test2", "--link=test:abc", "busybox", "sh", "-c", "ping -c 1 abc")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "1 packets transmitted, 1 packets received")
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, "1 packets transmitted, 1 packets received"))
 	out, err = s.d.Cmd("rm", "-f", "test")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = s.d.Cmd("run", "-d", "--name=test", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	out, err = s.d.Cmd("start", "-a", "test2")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, check.Not(checker.Contains), "1 packets transmitted, 1 packets received")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, !strings.Contains(out, "1 packets transmitted, 1 packets received"))
 	s.d.Restart(c)
 	out, err = s.d.Cmd("start", "-a", "test2")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, check.Not(checker.Contains), "1 packets transmitted, 1 packets received")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, !strings.Contains(out, "1 packets transmitted, 1 packets received"))
 }
 
-func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	infoLog := "\x1b[36mINFO\x1b"
@@ -2141,7 +2136,7 @@ func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *check.C) {
 	done := make(chan bool)
 
 	p, tty, err := pty.Open()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer func() {
 		tty.Close()
 		p.Close()
@@ -2157,8 +2152,7 @@ func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *check.C) {
 	s.d.Stop(c)
 	// Wait for io.Copy() before checking output
 	<-done
-	c.Assert(b.String(), checker.Contains, infoLog)
-
+	assert.Assert(c, strings.Contains(b.String(), infoLog))
 	b.Reset()
 
 	// "tty" is already closed in prev s.d.Stop(),
@@ -2166,7 +2160,7 @@ func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *check.C) {
 	// pty for the next test.
 	p.Close()
 	p, tty, err = pty.Open()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	go func() {
 		io.Copy(b, p)
@@ -2178,17 +2172,17 @@ func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *check.C) {
 	s.d.Stop(c)
 	// Wait for io.Copy() before checking output
 	<-done
-	c.Assert(b.String(), check.Not(check.Equals), "")
-	c.Assert(b.String(), check.Not(checker.Contains), infoLog)
+	assert.Assert(c, b.String() != "")
+	assert.Assert(c, !strings.Contains(b.String(), infoLog))
 }
 
-func (s *DockerDaemonSuite) TestDaemonDebugLog(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonDebugLog(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	debugLog := "\x1b[37mDEBU\x1b"
 
 	p, tty, err := pty.Open()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer func() {
 		tty.Close()
 		p.Close()
@@ -2199,16 +2193,16 @@ func (s *DockerDaemonSuite) TestDaemonDebugLog(c *check.C) {
 
 	s.d.StartWithLogFile(tty, "--debug")
 	s.d.Stop(c)
-	c.Assert(b.String(), checker.Contains, debugLog)
+	assert.Assert(c, strings.Contains(b.String(), debugLog))
 }
 
-func (s *DockerDaemonSuite) TestDaemonDiscoveryBackendConfigReload(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonDiscoveryBackendConfigReload(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	// daemon config file
 	daemonConfig := `{ "debug" : false }`
-	configFile, err := ioutil.TempFile("", "test-daemon-discovery-backend-config-reload-config")
-	c.Assert(err, checker.IsNil, check.Commentf("could not create temp file for config reload"))
+	configFile, err := os.CreateTemp("", "test-daemon-discovery-backend-config-reload-config")
+	assert.Assert(c, err == nil, "could not create temp file for config reload")
 	configFilePath := configFile.Name()
 	defer func() {
 		configFile.Close()
@@ -2216,7 +2210,7 @@ func (s *DockerDaemonSuite) TestDaemonDiscoveryBackendConfigReload(c *check.C) {
 	}()
 
 	_, err = configFile.Write([]byte(daemonConfig))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// --log-level needs to be set so that d.Start() doesn't add --debug causing
 	// a conflict with the config
@@ -2230,56 +2224,56 @@ func (s *DockerDaemonSuite) TestDaemonDiscoveryBackendConfigReload(c *check.C) {
 	}`
 
 	err = configFile.Truncate(0)
-	c.Assert(err, checker.IsNil)
-	_, err = configFile.Seek(0, os.SEEK_SET)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
+	_, err = configFile.Seek(0, io.SeekStart)
+	assert.NilError(c, err)
 
 	_, err = configFile.Write([]byte(daemonConfig))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	err = s.d.ReloadConfig()
-	c.Assert(err, checker.IsNil, check.Commentf("error reloading daemon config"))
+	assert.Assert(c, err == nil, "error reloading daemon config")
 
 	out, err := s.d.Cmd("info")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Store: consul://consuladdr:consulport/some/path"))
-	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Advertise: 192.168.56.100:0"))
+	assert.Assert(c, strings.Contains(out, "Cluster Store: consul://consuladdr:consulport/some/path"))
+	assert.Assert(c, strings.Contains(out, "Cluster Advertise: 192.168.56.100:0"))
 }
 
 // Test for #21956
-func (s *DockerDaemonSuite) TestDaemonLogOptions(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonLogOptions(c *testing.T) {
 	s.d.StartWithBusybox(c, "--log-driver=syslog", "--log-opt=syslog-address=udp://127.0.0.1:514")
 
 	out, err := s.d.Cmd("run", "-d", "--log-driver=json-file", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	out, err = s.d.Cmd("inspect", "--format='{{.HostConfig.LogConfig}}'", id)
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "{json-file map[]}")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, "{json-file map[]}"))
 }
 
 // Test case for #20936, #22443
-func (s *DockerDaemonSuite) TestDaemonMaxConcurrency(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonMaxConcurrency(c *testing.T) {
 	s.d.Start(c, "--max-concurrent-uploads=6", "--max-concurrent-downloads=8")
 
 	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 6"`
 	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 8"`
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentUploads))
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentDownloads))
 }
 
 // Test case for #20936, #22443
-func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFile(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFile(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	// daemon config file
 	configFilePath := "test.json"
 	configFile, err := os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer os.Remove(configFilePath)
 
 	daemonConfig := `{ "max-concurrent-downloads" : 8 }`
@@ -2290,17 +2284,16 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFile(c *check.C) {
 	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 5"`
 	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 8"`
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentUploads))
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentDownloads))
 	configFile, err = os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	daemonConfig = `{ "max-concurrent-uploads" : 7, "max-concurrent-downloads" : 9 }`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	assert.Assert(c, s.d.Signal(unix.SIGHUP) == nil)
 	// unix.Kill(s.d.cmd.Process.Pid, unix.SIGHUP)
 
 	time.Sleep(3 * time.Second)
@@ -2308,19 +2301,19 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFile(c *check.C) {
 	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 7"`
 	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 9"`
 	content, err = s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentUploads))
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentDownloads))
 }
 
 // Test case for #20936, #22443
-func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFileReload(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFileReload(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	// daemon config file
 	configFilePath := "test.json"
 	configFile, err := os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer os.Remove(configFilePath)
 
 	daemonConfig := `{ "max-concurrent-uploads" : null }`
@@ -2331,17 +2324,16 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFileReload(c *chec
 	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 5"`
 	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 3"`
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentUploads))
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentDownloads))
 	configFile, err = os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	daemonConfig = `{ "max-concurrent-uploads" : 1, "max-concurrent-downloads" : null }`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	assert.Assert(c, s.d.Signal(unix.SIGHUP) == nil)
 	// unix.Kill(s.d.cmd.Process.Pid, unix.SIGHUP)
 
 	time.Sleep(3 * time.Second)
@@ -2349,29 +2341,28 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFileReload(c *chec
 	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 1"`
 	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 3"`
 	content, err = s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentUploads))
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentDownloads))
 	configFile, err = os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	daemonConfig = `{ "labels":["foo=bar"] }`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	assert.Assert(c, s.d.Signal(unix.SIGHUP) == nil)
 
 	time.Sleep(3 * time.Second)
 
 	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 5"`
 	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 3"`
 	content, err = s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
-	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentUploads))
+	assert.Assert(c, strings.Contains(string(content), expectedMaxConcurrentDownloads))
 }
 
-func (s *DockerDaemonSuite) TestBuildOnDisabledBridgeNetworkDaemon(c *check.C) {
+func (s *DockerDaemonSuite) TestBuildOnDisabledBridgeNetworkDaemon(c *testing.T) {
 	s.d.StartWithBusybox(c, "-b=none", "--iptables=false")
 
 	result := cli.BuildCmd(c, "busyboxs", cli.Daemon(s.d),
@@ -2380,29 +2371,29 @@ func (s *DockerDaemonSuite) TestBuildOnDisabledBridgeNetworkDaemon(c *check.C) {
         RUN cat /etc/hosts`),
 		build.WithoutCache,
 	)
-	comment := check.Commentf("Failed to build image. output %s, exitCode %d, err %v", result.Combined(), result.ExitCode, result.Error)
-	c.Assert(result.Error, check.IsNil, comment)
-	c.Assert(result.ExitCode, check.Equals, 0, comment)
+	comment := fmt.Sprintf("Failed to build image. output %s, exitCode %d, err %v", result.Combined(), result.ExitCode, result.Error)
+	assert.Assert(c, result.Error == nil, comment)
+	assert.Equal(c, result.ExitCode, 0, comment)
 }
 
 // Test case for #21976
-func (s *DockerDaemonSuite) TestDaemonDNSFlagsInHostMode(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonDNSFlagsInHostMode(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	s.d.StartWithBusybox(c, "--dns", "1.2.3.4", "--dns-search", "example.com", "--dns-opt", "timeout:3")
 
 	expectedOutput := "nameserver 1.2.3.4"
 	out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	assert.Assert(c, strings.Contains(out, expectedOutput), "Expected '%s', but got %q", expectedOutput, out)
 	expectedOutput = "search example.com"
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	assert.Assert(c, strings.Contains(out, expectedOutput), "Expected '%s', but got %q", expectedOutput, out)
 	expectedOutput = "options timeout:3"
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	assert.Assert(c, strings.Contains(out, expectedOutput), "Expected '%s', but got %q", expectedOutput, out)
 }
 
-func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
-	conf, err := ioutil.TempFile("", "config-file-")
-	c.Assert(err, check.IsNil)
+func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *testing.T) {
+	conf, err := os.CreateTemp("", "config-file-")
+	assert.NilError(c, err)
 	configName := conf.Name()
 	conf.Close()
 	defer os.Remove(configName)
@@ -2422,26 +2413,25 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
     }
 }
 `
-	ioutil.WriteFile(configName, []byte(config), 0644)
+	os.WriteFile(configName, []byte(config), 0644)
 	s.d.StartWithBusybox(c, "--config-file", configName)
 
 	// Run with default runtime
 	out, err := s.d.Cmd("run", "--rm", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Run with default runtime explicitly
 	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Run with oci (same path as default) but keep it around
 	out, err = s.d.Cmd("run", "--name", "oci-runtime-ls", "--runtime=oci", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Run with "vm"
 	out, err = s.d.Cmd("run", "--rm", "--runtime=vm", "busybox", "ls")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "/usr/local/bin/vm-manager: no such file or directory"))
 	// Reset config to only have the default
 	config = `
 {
@@ -2449,25 +2439,23 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
     }
 }
 `
-	ioutil.WriteFile(configName, []byte(config), 0644)
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	os.WriteFile(configName, []byte(config), 0644)
+	assert.Assert(c, s.d.Signal(unix.SIGHUP) == nil)
 	// Give daemon time to reload config
 	<-time.After(1 * time.Second)
 
 	// Run with default runtime
 	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Run with "oci"
 	out, err = s.d.Cmd("run", "--rm", "--runtime=oci", "busybox", "ls")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Unknown runtime specified oci"))
 	// Start previously created container with oci
 	out, err = s.d.Cmd("start", "oci-runtime-ls")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Unknown runtime specified oci"))
 	// Check that we can't override the default runtime
 	config = `
 {
@@ -2478,15 +2466,14 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
     }
 }
 `
-	ioutil.WriteFile(configName, []byte(config), 0644)
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	os.WriteFile(configName, []byte(config), 0644)
+	assert.Assert(c, s.d.Signal(unix.SIGHUP) == nil)
 	// Give daemon time to reload config
 	<-time.After(1 * time.Second)
 
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, `file configuration validation failed (runtime name 'runc' is reserved)`)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), `file configuration validation failed: runtime name 'runc' is reserved`))
 	// Check that we can select a default runtime
 	config = `
 {
@@ -2504,104 +2491,97 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
     }
 }
 `
-	ioutil.WriteFile(configName, []byte(config), 0644)
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	os.WriteFile(configName, []byte(config), 0644)
+	assert.Assert(c, s.d.Signal(unix.SIGHUP) == nil)
 	// Give daemon time to reload config
 	<-time.After(1 * time.Second)
 
 	out, err = s.d.Cmd("run", "--rm", "busybox", "ls")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "/usr/local/bin/vm-manager: no such file or directory"))
 	// Run with default runtime explicitly
 	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerDaemonSuite) TestRunWithRuntimeFromCommandLine(c *check.C) {
+func (s *DockerDaemonSuite) TestRunWithRuntimeFromCommandLine(c *testing.T) {
 	s.d.StartWithBusybox(c, "--add-runtime", "oci=runc", "--add-runtime", "vm=/usr/local/bin/vm-manager")
 
 	// Run with default runtime
 	out, err := s.d.Cmd("run", "--rm", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Run with default runtime explicitly
 	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Run with oci (same path as default) but keep it around
 	out, err = s.d.Cmd("run", "--name", "oci-runtime-ls", "--runtime=oci", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Run with "vm"
 	out, err = s.d.Cmd("run", "--rm", "--runtime=vm", "busybox", "ls")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "/usr/local/bin/vm-manager: no such file or directory"))
 	// Start a daemon without any extra runtimes
 	s.d.Stop(c)
 	s.d.StartWithBusybox(c)
 
 	// Run with default runtime
 	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Run with "oci"
 	out, err = s.d.Cmd("run", "--rm", "--runtime=oci", "busybox", "ls")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Unknown runtime specified oci"))
 	// Start previously created container with oci
 	out, err = s.d.Cmd("start", "oci-runtime-ls")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Unknown runtime specified oci"))
 	// Check that we can't override the default runtime
 	s.d.Stop(c)
-	c.Assert(s.d.StartWithError("--add-runtime", "runc=my-runc"), checker.NotNil)
+	assert.Assert(c, s.d.StartWithError("--add-runtime", "runc=my-runc") != nil)
 
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, `runtime name 'runc' is reserved`)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), `runtime name 'runc' is reserved`))
 	// Check that we can select a default runtime
 	s.d.Stop(c)
 	s.d.StartWithBusybox(c, "--default-runtime=vm", "--add-runtime", "oci=runc", "--add-runtime", "vm=/usr/local/bin/vm-manager")
 
 	out, err = s.d.Cmd("run", "--rm", "busybox", "ls")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "/usr/local/bin/vm-manager: no such file or directory"))
 	// Run with default runtime explicitly
 	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartWithAutoRemoveContainer(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartWithAutoRemoveContainer(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	// top1 will exist after daemon restarts
 	out, err := s.d.Cmd("run", "-d", "--name", "top1", "busybox:latest", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("run top1: %v", out))
+	assert.Assert(c, err == nil, "run top1: %v", out)
 	// top2 will be removed after daemon restarts
 	out, err = s.d.Cmd("run", "-d", "--rm", "--name", "top2", "busybox:latest", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("run top2: %v", out))
+	assert.Assert(c, err == nil, "run top2: %v", out)
 
 	out, err = s.d.Cmd("ps")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "top1", check.Commentf("top1 should be running"))
-	c.Assert(out, checker.Contains, "top2", check.Commentf("top2 should be running"))
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "top1"), "top1 should be running")
+	assert.Assert(c, strings.Contains(out, "top2"), "top2 should be running")
 	// now restart daemon gracefully
 	s.d.Restart(c)
 
 	out, err = s.d.Cmd("ps", "-a")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
-	c.Assert(out, checker.Contains, "top1", check.Commentf("top1 should exist after daemon restarts"))
-	c.Assert(out, checker.Not(checker.Contains), "top2", check.Commentf("top2 should be removed after daemon restarts"))
+	assert.NilError(c, err, "out: %v", out)
+	assert.Assert(c, strings.Contains(out, "top1"), "top1 should exist after daemon restarts")
+	assert.Assert(c, !strings.Contains(out, "top2"), "top2 should be removed after daemon restarts")
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartSaveContainerExitCode(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonRestartSaveContainerExitCode(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	containerName := "error-values"
@@ -2614,73 +2594,72 @@ func (s *DockerDaemonSuite) TestDaemonRestartSaveContainerExitCode(c *check.C) {
 	// See the discussion on https://github.com/docker/docker/pull/30227#issuecomment-274161426,
 	// and https://github.com/docker/docker/pull/26061#r78054578 for more information.
 	_, err := s.d.Cmd("run", "--name", containerName, "--init=false", "busybox", "toto")
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// Check that those values were saved on disk
 	out, err := s.d.Cmd("inspect", "-f", "{{.State.ExitCode}}", containerName)
 	out = strings.TrimSpace(out)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Equals, "127")
+	assert.NilError(c, err)
+	assert.Equal(c, out, "127")
 
 	errMsg1, err := s.d.Cmd("inspect", "-f", "{{.State.Error}}", containerName)
 	errMsg1 = strings.TrimSpace(errMsg1)
-	c.Assert(err, checker.IsNil)
-	c.Assert(errMsg1, checker.Contains, "executable file not found")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(errMsg1, "executable file not found"))
 	// now restart daemon
 	s.d.Restart(c)
 
 	// Check that those values are still around
 	out, err = s.d.Cmd("inspect", "-f", "{{.State.ExitCode}}", containerName)
 	out = strings.TrimSpace(out)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Equals, "127")
+	assert.NilError(c, err)
+	assert.Equal(c, out, "127")
 
 	out, err = s.d.Cmd("inspect", "-f", "{{.State.Error}}", containerName)
 	out = strings.TrimSpace(out)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Equals, errMsg1)
+	assert.NilError(c, err)
+	assert.Equal(c, out, errMsg1)
 }
 
-func (s *DockerDaemonSuite) TestDaemonWithUserlandProxyPath(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonWithUserlandProxyPath(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	dockerProxyPath, err := exec.LookPath("docker-proxy")
-	c.Assert(err, checker.IsNil)
-	tmpDir, err := ioutil.TempDir("", "test-docker-proxy")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
+	tmpDir, err := os.MkdirTemp("", "test-docker-proxy")
+	assert.NilError(c, err)
 
 	newProxyPath := filepath.Join(tmpDir, "docker-proxy")
 	cmd := exec.Command("cp", dockerProxyPath, newProxyPath)
-	c.Assert(cmd.Run(), checker.IsNil)
+	assert.NilError(c, cmd.Run())
 
 	// custom one
 	s.d.StartWithBusybox(c, "--userland-proxy-path", newProxyPath)
 	out, err := s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// try with the original one
 	s.d.Restart(c, "--userland-proxy-path", dockerProxyPath)
 	out, err = s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// not exist
 	s.d.Restart(c, "--userland-proxy-path", "/does/not/exist")
 	out, err = s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "driver failed programming external connectivity on endpoint")
-	c.Assert(out, checker.Contains, "/does/not/exist: no such file or directory")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "driver failed programming external connectivity on endpoint"))
+	assert.Assert(c, strings.Contains(out, "/does/not/exist: no such file or directory"))
 }
 
 // Test case for #22471
-func (s *DockerDaemonSuite) TestDaemonShutdownTimeout(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerDaemonSuite) TestDaemonShutdownTimeout(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	s.d.StartWithBusybox(c, "--shutdown-timeout=3")
 
 	_, err := s.d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(s.d.Signal(unix.SIGINT), checker.IsNil)
+	assert.Assert(c, s.d.Signal(unix.SIGINT) == nil)
 
 	select {
 	case <-s.d.Wait:
@@ -2689,18 +2668,18 @@ func (s *DockerDaemonSuite) TestDaemonShutdownTimeout(c *check.C) {
 
 	expectedMessage := `level=debug msg="daemon configured with a 3 seconds minimum shutdown timeout"`
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, expectedMessage)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), expectedMessage))
 }
 
 // Test case for #22471
-func (s *DockerDaemonSuite) TestDaemonShutdownTimeoutWithConfigFile(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerDaemonSuite) TestDaemonShutdownTimeoutWithConfigFile(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 
 	// daemon config file
 	configFilePath := "test.json"
 	configFile, err := os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer os.Remove(configFilePath)
 
 	daemonConfig := `{ "shutdown-timeout" : 8 }`
@@ -2709,12 +2688,12 @@ func (s *DockerDaemonSuite) TestDaemonShutdownTimeoutWithConfigFile(c *check.C)
 	s.d.Start(c, fmt.Sprintf("--config-file=%s", configFilePath))
 
 	configFile, err = os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	daemonConfig = `{ "shutdown-timeout" : 5 }`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	assert.Assert(c, s.d.Signal(unix.SIGHUP) == nil)
 
 	select {
 	case <-s.d.Wait:
@@ -2723,44 +2702,44 @@ func (s *DockerDaemonSuite) TestDaemonShutdownTimeoutWithConfigFile(c *check.C)
 
 	expectedMessage := `level=debug msg="Reset Shutdown Timeout: 5"`
 	content, err := s.d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, expectedMessage)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), expectedMessage))
 }
 
 // Test case for 29342
-func (s *DockerDaemonSuite) TestExecWithUserAfterLiveRestore(c *check.C) {
+func (s *DockerDaemonSuite) TestExecWithUserAfterLiveRestore(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	s.d.StartWithBusybox(c, "--live-restore")
 
-	out, err := s.d.Cmd("run", "-d", "--name=top", "busybox", "sh", "-c", "addgroup -S test && adduser -S -G test test -D -s /bin/sh && touch /adduser_end && top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	out, err := s.d.Cmd("run", "--init", "-d", "--name=top", "busybox", "sh", "-c", "addgroup -S test && adduser -S -G test test -D -s /bin/sh && touch /adduser_end && exec top")
+	assert.NilError(c, err, "Output: %s", out)
 
 	s.d.WaitRun("top")
 
 	// Wait for shell command to be completed
 	_, err = s.d.Cmd("exec", "top", "sh", "-c", `for i in $(seq 1 5); do if [ -e /adduser_end ]; then rm -f /adduser_end && break; else sleep 1 && false; fi; done`)
-	c.Assert(err, check.IsNil, check.Commentf("Timeout waiting for shell command to be completed"))
+	assert.Assert(c, err == nil, "Timeout waiting for shell command to be completed")
 
 	out1, err := s.d.Cmd("exec", "-u", "test", "top", "id")
 	// uid=100(test) gid=101(test) groups=101(test)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out1))
+	assert.Assert(c, err == nil, "Output: %s", out1)
 
 	// restart daemon.
 	s.d.Restart(c, "--live-restore")
 
 	out2, err := s.d.Cmd("exec", "-u", "test", "top", "id")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out2))
-	c.Assert(out2, check.Equals, out1, check.Commentf("Output: before restart '%s', after restart '%s'", out1, out2))
+	assert.Assert(c, err == nil, "Output: %s", out2)
+	assert.Equal(c, out2, out1, fmt.Sprintf("Output: before restart '%s', after restart '%s'", out1, out2))
 
 	out, err = s.d.Cmd("stop", "top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 }
 
-func (s *DockerDaemonSuite) TestRemoveContainerAfterLiveRestore(c *check.C) {
-	testRequires(c, DaemonIsLinux, overlayFSSupported, SameHostDaemon)
+func (s *DockerDaemonSuite) TestRemoveContainerAfterLiveRestore(c *testing.T) {
+	testRequires(c, DaemonIsLinux, overlayFSSupported, testEnv.IsLocalDaemon)
 	s.d.StartWithBusybox(c, "--live-restore", "--storage-driver", "overlay")
 	out, err := s.d.Cmd("run", "-d", "--name=top", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 
 	s.d.WaitRun("top")
 
@@ -2768,13 +2747,13 @@ func (s *DockerDaemonSuite) TestRemoveContainerAfterLiveRestore(c *check.C) {
 	s.d.Restart(c, "--live-restore", "--storage-driver", "overlay")
 
 	out, err = s.d.Cmd("stop", "top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 
 	// test if the rootfs mountpoint still exist
 	mountpoint, err := s.d.InspectField("top", ".GraphDriver.Data.MergedDir")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	f, err := os.Open("/proc/self/mountinfo")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	defer f.Close()
 	sc := bufio.NewScanner(f)
 	for sc.Scan() {
@@ -2785,16 +2764,16 @@ func (s *DockerDaemonSuite) TestRemoveContainerAfterLiveRestore(c *check.C) {
 	}
 
 	out, err = s.d.Cmd("rm", "top")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 }
 
 // #29598
-func (s *DockerDaemonSuite) TestRestartPolicyWithLiveRestore(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerDaemonSuite) TestRestartPolicyWithLiveRestore(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	s.d.StartWithBusybox(c, "--live-restore")
 
 	out, err := s.d.Cmd("run", "-d", "--restart", "always", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 	id := strings.TrimSpace(out)
 
 	type state struct {
@@ -2802,20 +2781,20 @@ func (s *DockerDaemonSuite) TestRestartPolicyWithLiveRestore(c *check.C) {
 		StartedAt time.Time
 	}
 	out, err = s.d.Cmd("inspect", "-f", "{{json .State}}", id)
-	c.Assert(err, checker.IsNil, check.Commentf("output: %s", out))
+	assert.Assert(c, err == nil, "output: %s", out)
 
 	var origState state
 	err = json.Unmarshal([]byte(strings.TrimSpace(out)), &origState)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	s.d.Restart(c, "--live-restore")
 
 	pid, err := s.d.Cmd("inspect", "-f", "{{.State.Pid}}", id)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	pidint, err := strconv.Atoi(strings.TrimSpace(pid))
-	c.Assert(err, check.IsNil)
-	c.Assert(pidint, checker.GreaterThan, 0)
-	c.Assert(unix.Kill(pidint, unix.SIGKILL), check.IsNil)
+	assert.NilError(c, err)
+	assert.Assert(c, pidint > 0)
+	assert.NilError(c, unix.Kill(pidint, unix.SIGKILL))
 
 	ticker := time.NewTicker(50 * time.Millisecond)
 	timeout := time.After(10 * time.Second)
@@ -2828,11 +2807,11 @@ func (s *DockerDaemonSuite) TestRestartPolicyWithLiveRestore(c *check.C) {
 		}
 
 		out, err := s.d.Cmd("inspect", "-f", "{{json .State}}", id)
-		c.Assert(err, checker.IsNil, check.Commentf("output: %s", out))
+		assert.Assert(c, err == nil, "output: %s", out)
 
 		var newState state
 		err = json.Unmarshal([]byte(strings.TrimSpace(out)), &newState)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		if !newState.Running {
 			continue
@@ -2843,10 +2822,10 @@ func (s *DockerDaemonSuite) TestRestartPolicyWithLiveRestore(c *check.C) {
 	}
 
 	out, err = s.d.Cmd("stop", id)
-	c.Assert(err, check.IsNil, check.Commentf("output: %s", out))
+	assert.NilError(c, err, "Output: %s", out)
 }
 
-func (s *DockerDaemonSuite) TestShmSize(c *check.C) {
+func (s *DockerDaemonSuite) TestShmSize(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	size := 67108864 * 2
@@ -2856,66 +2835,66 @@ func (s *DockerDaemonSuite) TestShmSize(c *check.C) {
 
 	name := "shm1"
 	out, err := s.d.Cmd("run", "--name", name, "busybox", "mount")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(pattern.MatchString(out), checker.True)
+	assert.NilError(c, err, "Output: %s", out)
+	assert.Assert(c, pattern.MatchString(out))
 	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.ShmSize}}", name)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(strings.TrimSpace(out), check.Equals, fmt.Sprintf("%v", size))
+	assert.NilError(c, err, "Output: %s", out)
+	assert.Equal(c, strings.TrimSpace(out), fmt.Sprintf("%v", size))
 }
 
-func (s *DockerDaemonSuite) TestShmSizeReload(c *check.C) {
+func (s *DockerDaemonSuite) TestShmSizeReload(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
-	configPath, err := ioutil.TempDir("", "test-daemon-shm-size-reload-config")
-	c.Assert(err, checker.IsNil, check.Commentf("could not create temp file for config reload"))
+	configPath, err := os.MkdirTemp("", "test-daemon-shm-size-reload-config")
+	assert.Assert(c, err == nil, "could not create temp file for config reload")
 	defer os.RemoveAll(configPath) // clean up
 	configFile := filepath.Join(configPath, "config.json")
 
 	size := 67108864 * 2
 	configData := []byte(fmt.Sprintf(`{"default-shm-size": "%dM"}`, size/1024/1024))
-	c.Assert(ioutil.WriteFile(configFile, configData, 0666), checker.IsNil, check.Commentf("could not write temp file for config reload"))
+	assert.Assert(c, os.WriteFile(configFile, configData, 0666) == nil, "could not write temp file for config reload")
 	pattern := regexp.MustCompile(fmt.Sprintf("shm on /dev/shm type tmpfs(.*)size=%dk", size/1024))
 
 	s.d.StartWithBusybox(c, "--config-file", configFile)
 
 	name := "shm1"
 	out, err := s.d.Cmd("run", "--name", name, "busybox", "mount")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(pattern.MatchString(out), checker.True)
+	assert.NilError(c, err, "Output: %s", out)
+	assert.Assert(c, pattern.MatchString(out))
 	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.ShmSize}}", name)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(strings.TrimSpace(out), check.Equals, fmt.Sprintf("%v", size))
+	assert.NilError(c, err, "Output: %s", out)
+	assert.Equal(c, strings.TrimSpace(out), fmt.Sprintf("%v", size))
 
 	size = 67108864 * 3
 	configData = []byte(fmt.Sprintf(`{"default-shm-size": "%dM"}`, size/1024/1024))
-	c.Assert(ioutil.WriteFile(configFile, configData, 0666), checker.IsNil, check.Commentf("could not write temp file for config reload"))
+	assert.Assert(c, os.WriteFile(configFile, configData, 0666) == nil, "could not write temp file for config reload")
 	pattern = regexp.MustCompile(fmt.Sprintf("shm on /dev/shm type tmpfs(.*)size=%dk", size/1024))
 
 	err = s.d.ReloadConfig()
-	c.Assert(err, checker.IsNil, check.Commentf("error reloading daemon config"))
+	assert.Assert(c, err == nil, "error reloading daemon config")
 
 	name = "shm2"
 	out, err = s.d.Cmd("run", "--name", name, "busybox", "mount")
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(pattern.MatchString(out), checker.True)
+	assert.NilError(c, err, "Output: %s", out)
+	assert.Assert(c, pattern.MatchString(out))
 	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.ShmSize}}", name)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(strings.TrimSpace(out), check.Equals, fmt.Sprintf("%v", size))
+	assert.NilError(c, err, "Output: %s", out)
+	assert.Equal(c, strings.TrimSpace(out), fmt.Sprintf("%v", size))
 }
 
-func testDaemonStartIpcMode(c *check.C, from, mode string, valid bool) {
+func testDaemonStartIpcMode(c *testing.T, from, mode string, valid bool) {
 	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 	c.Logf("Checking IpcMode %s set from %s\n", mode, from)
 	var serr error
 	switch from {
 	case "config":
-		f, err := ioutil.TempFile("", "test-daemon-ipc-config")
-		c.Assert(err, checker.IsNil)
+		f, err := os.CreateTemp("", "test-daemon-ipc-config")
+		assert.NilError(c, err)
 		defer os.Remove(f.Name())
 		config := `{"default-ipc-mode": "` + mode + `"}`
 		_, err = f.WriteString(config)
-		c.Assert(f.Close(), checker.IsNil)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, f.Close())
+		assert.NilError(c, err)
 
 		serr = d.StartWithError("--config-file", f.Name())
 	case "cli":
@@ -2928,9 +2907,9 @@ func testDaemonStartIpcMode(c *check.C, from, mode string, valid bool) {
 	}
 
 	if valid {
-		c.Assert(serr, check.IsNil)
+		assert.NilError(c, serr)
 	} else {
-		c.Assert(serr, check.NotNil)
+		assert.ErrorContains(c, serr, "")
 		icmd.RunCommand("grep", "-E", "IPC .* is (invalid|not supported)", d.LogFileName()).Assert(c, icmd.Success)
 	}
 }
@@ -2938,8 +2917,8 @@ func testDaemonStartIpcMode(c *check.C, from, mode string, valid bool) {
 // TestDaemonStartWithIpcModes checks that daemon starts fine given correct
 // arguments for default IPC mode, and bails out with incorrect ones.
 // Both CLI option (--default-ipc-mode) and config parameter are tested.
-func (s *DockerDaemonSuite) TestDaemonStartWithIpcModes(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerDaemonSuite) TestDaemonStartWithIpcModes(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 
 	ipcModes := []struct {
 		mode  string
@@ -2960,55 +2939,13 @@ func (s *DockerDaemonSuite) TestDaemonStartWithIpcModes(c *check.C) {
 	}
 }
 
-// TestDaemonRestartIpcMode makes sure a container keeps its ipc mode
-// (derived from daemon default) even after the daemon is restarted
-// with a different default ipc mode.
-func (s *DockerDaemonSuite) TestDaemonRestartIpcMode(c *check.C) {
-	f, err := ioutil.TempFile("", "test-daemon-ipc-config-restart")
-	c.Assert(err, checker.IsNil)
-	file := f.Name()
-	defer os.Remove(file)
-	c.Assert(f.Close(), checker.IsNil)
-
-	config := []byte(`{"default-ipc-mode": "private"}`)
-	c.Assert(ioutil.WriteFile(file, config, 0644), checker.IsNil)
-	s.d.StartWithBusybox(c, "--config-file", file)
-
-	// check the container is created with private ipc mode as per daemon default
-	name := "ipc1"
-	_, err = s.d.Cmd("run", "-d", "--name", name, "--restart=always", "busybox", "top")
-	c.Assert(err, checker.IsNil)
-	m, err := s.d.InspectField(name, ".HostConfig.IpcMode")
-	c.Assert(err, check.IsNil)
-	c.Assert(m, checker.Equals, "private")
-
-	// restart the daemon with shareable default ipc mode
-	config = []byte(`{"default-ipc-mode": "shareable"}`)
-	c.Assert(ioutil.WriteFile(file, config, 0644), checker.IsNil)
-	s.d.Restart(c, "--config-file", file)
-
-	// check the container is still having private ipc mode
-	m, err = s.d.InspectField(name, ".HostConfig.IpcMode")
-	c.Assert(err, check.IsNil)
-	c.Assert(m, checker.Equals, "private")
-
-	// check a new container is created with shareable ipc mode as per new daemon default
-	name = "ipc2"
-	_, err = s.d.Cmd("run", "-d", "--name", name, "busybox", "top")
-	c.Assert(err, checker.IsNil)
-	m, err = s.d.InspectField(name, ".HostConfig.IpcMode")
-	c.Assert(err, check.IsNil)
-	c.Assert(m, checker.Equals, "shareable")
-}
-
 // TestFailedPluginRemove makes sure that a failed plugin remove does not block
 // the daemon from starting
-func (s *DockerDaemonSuite) TestFailedPluginRemove(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, SameHostDaemon)
+func (s *DockerDaemonSuite) TestFailedPluginRemove(c *testing.T) {
+	testRequires(c, DaemonIsLinux, IsAmd64, testEnv.IsLocalDaemon)
 	d := daemon.New(c, dockerBinary, dockerdBinary)
 	d.Start(c)
-	cli, err := client.NewClient(d.Sock(), api.DefaultVersion, nil, nil)
-	c.Assert(err, checker.IsNil)
+	cli := d.NewClientT(c)
 
 	ctx, cancel := context.WithTimeout(context.Background(), 300*time.Second)
 	defer cancel()
@@ -3019,26 +2956,26 @@ func (s *DockerDaemonSuite) TestFailedPluginRemove(c *check.C) {
 		AcceptAllPermissions: true,
 		RemoteRef:            "cpuguy83/docker-logdriver-test",
 	})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer out.Close()
-	io.Copy(ioutil.Discard, out)
+	io.Copy(io.Discard, out)
 
 	ctx, cancel = context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	p, _, err := cli.PluginInspectWithRaw(ctx, name)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// simulate a bad/partial removal by removing the plugin config.
 	configPath := filepath.Join(d.Root, "plugins", p.ID, "config.json")
-	c.Assert(os.Remove(configPath), checker.IsNil)
+	assert.NilError(c, os.Remove(configPath))
 
 	d.Restart(c)
 	ctx, cancel = context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	_, err = cli.Ping(ctx)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, _, err = cli.PluginInspectWithRaw(ctx, name)
 	// plugin should be gone since the config.json is gone
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 }
diff --git a/integration-cli/docker_cli_events_test.go b/integration-cli/docker_cli_events_test.go
index 8db120d03ded1..642960b77027a 100644
--- a/integration-cli/docker_cli_events_test.go
+++ b/integration-cli/docker_cli_events_test.go
@@ -6,24 +6,25 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
+	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	eventtypes "github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/client"
 	eventstestutils "github.com/docker/docker/daemon/events/testutils"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestEventsTimestampFormats(c *check.C) {
+func (s *DockerSuite) TestEventsTimestampFormats(c *testing.T) {
 	name := "events-time-format-test"
 
 	// Start stopwatch, generate an event
@@ -46,19 +47,13 @@ func (s *DockerSuite) TestEventsTimestampFormats(c *check.C) {
 		events = events[:len(events)-1]
 
 		nEvents := len(events)
-		c.Assert(nEvents, checker.GreaterOrEqualThan, 5) //Missing expected event
+		assert.Assert(c, nEvents >= 5)
 		containerEvents := eventActionsByIDAndType(c, events, name, "container")
-		c.Assert(containerEvents, checker.HasLen, 5, check.Commentf("events: %v", events))
-
-		c.Assert(containerEvents[0], checker.Equals, "create", check.Commentf("%s", out))
-		c.Assert(containerEvents[1], checker.Equals, "attach", check.Commentf("%s", out))
-		c.Assert(containerEvents[2], checker.Equals, "start", check.Commentf("%s", out))
-		c.Assert(containerEvents[3], checker.Equals, "die", check.Commentf("%s", out))
-		c.Assert(containerEvents[4], checker.Equals, "destroy", check.Commentf("%s", out))
+		assert.Assert(c, is.DeepEqual(containerEvents, []string{"create", "attach", "start", "die", "destroy"}), out)
 	}
 }
 
-func (s *DockerSuite) TestEventsUntag(c *check.C) {
+func (s *DockerSuite) TestEventsUntag(c *testing.T) {
 	image := "busybox"
 	dockerCmd(c, "tag", image, "utest:tag1")
 	dockerCmd(c, "tag", image, "utest:tag2")
@@ -77,30 +72,25 @@ func (s *DockerSuite) TestEventsUntag(c *check.C) {
 	// get the two elements before the last, which are the untags we're
 	// looking for.
 	for _, v := range events[nEvents-3 : nEvents-1] {
-		c.Assert(v, checker.Contains, "untag", check.Commentf("event should be untag"))
+		assert.Check(c, strings.Contains(v, "untag"), "event should be untag")
 	}
 }
 
-func (s *DockerSuite) TestEventsContainerEvents(c *check.C) {
+func (s *DockerSuite) TestEventsContainerEvents(c *testing.T) {
 	dockerCmd(c, "run", "--rm", "--name", "container-events-test", "busybox", "true")
 
 	out, _ := dockerCmd(c, "events", "--until", daemonUnixTime(c))
 	events := strings.Split(out, "\n")
 	events = events[:len(events)-1]
 
-	nEvents := len(events)
-	c.Assert(nEvents, checker.GreaterOrEqualThan, 5) //Missing expected event
 	containerEvents := eventActionsByIDAndType(c, events, "container-events-test", "container")
-	c.Assert(containerEvents, checker.HasLen, 5, check.Commentf("events: %v", events))
-
-	c.Assert(containerEvents[0], checker.Equals, "create", check.Commentf("%s", out))
-	c.Assert(containerEvents[1], checker.Equals, "attach", check.Commentf("%s", out))
-	c.Assert(containerEvents[2], checker.Equals, "start", check.Commentf("%s", out))
-	c.Assert(containerEvents[3], checker.Equals, "die", check.Commentf("%s", out))
-	c.Assert(containerEvents[4], checker.Equals, "destroy", check.Commentf("%s", out))
+	if len(containerEvents) > 5 {
+		containerEvents = containerEvents[:5]
+	}
+	assert.Assert(c, is.DeepEqual(containerEvents, []string{"create", "attach", "start", "die", "destroy"}), out)
 }
 
-func (s *DockerSuite) TestEventsContainerEventsAttrSort(c *check.C) {
+func (s *DockerSuite) TestEventsContainerEventsAttrSort(c *testing.T) {
 	since := daemonUnixTime(c)
 	dockerCmd(c, "run", "--rm", "--name", "container-events-test", "busybox", "true")
 
@@ -108,22 +98,23 @@ func (s *DockerSuite) TestEventsContainerEventsAttrSort(c *check.C) {
 	events := strings.Split(out, "\n")
 
 	nEvents := len(events)
-	c.Assert(nEvents, checker.GreaterOrEqualThan, 3) //Missing expected event
+	assert.Assert(c, nEvents >= 3)
 	matchedEvents := 0
 	for _, event := range events {
 		matches := eventstestutils.ScanMap(event)
 		if matches["eventType"] == "container" && matches["action"] == "create" {
 			matchedEvents++
-			c.Assert(out, checker.Contains, "(image=busybox, name=container-events-test)", check.Commentf("Event attributes not sorted"))
+			assert.Check(c, strings.Contains(out, "(image=busybox, name=container-events-test)"), "Event attributes not sorted")
+
 		} else if matches["eventType"] == "container" && matches["action"] == "start" {
 			matchedEvents++
-			c.Assert(out, checker.Contains, "(image=busybox, name=container-events-test)", check.Commentf("Event attributes not sorted"))
+			assert.Check(c, strings.Contains(out, "(image=busybox, name=container-events-test)"), "Event attributes not sorted")
 		}
 	}
-	c.Assert(matchedEvents, checker.Equals, 2, check.Commentf("missing events for container container-events-test:\n%s", out))
+	assert.Equal(c, matchedEvents, 2, "missing events for container container-events-test:\n%s", out)
 }
 
-func (s *DockerSuite) TestEventsContainerEventsSinceUnixEpoch(c *check.C) {
+func (s *DockerSuite) TestEventsContainerEventsSinceUnixEpoch(c *testing.T) {
 	dockerCmd(c, "run", "--rm", "--name", "since-epoch-test", "busybox", "true")
 	timeBeginning := time.Unix(0, 0).Format(time.RFC3339Nano)
 	timeBeginning = strings.Replace(timeBeginning, "Z", ".000000000Z", -1)
@@ -132,18 +123,12 @@ func (s *DockerSuite) TestEventsContainerEventsSinceUnixEpoch(c *check.C) {
 	events = events[:len(events)-1]
 
 	nEvents := len(events)
-	c.Assert(nEvents, checker.GreaterOrEqualThan, 5) //Missing expected event
+	assert.Assert(c, nEvents >= 5)
 	containerEvents := eventActionsByIDAndType(c, events, "since-epoch-test", "container")
-	c.Assert(containerEvents, checker.HasLen, 5, check.Commentf("events: %v", events))
-
-	c.Assert(containerEvents[0], checker.Equals, "create", check.Commentf("%s", out))
-	c.Assert(containerEvents[1], checker.Equals, "attach", check.Commentf("%s", out))
-	c.Assert(containerEvents[2], checker.Equals, "start", check.Commentf("%s", out))
-	c.Assert(containerEvents[3], checker.Equals, "die", check.Commentf("%s", out))
-	c.Assert(containerEvents[4], checker.Equals, "destroy", check.Commentf("%s", out))
+	assert.Assert(c, is.DeepEqual(containerEvents, []string{"create", "attach", "start", "die", "destroy"}), out)
 }
 
-func (s *DockerSuite) TestEventsImageTag(c *check.C) {
+func (s *DockerSuite) TestEventsImageTag(c *testing.T) {
 	time.Sleep(1 * time.Second) // because API has seconds granularity
 	since := daemonUnixTime(c)
 	image := "testimageevents:tag"
@@ -153,15 +138,15 @@ func (s *DockerSuite) TestEventsImageTag(c *check.C) {
 		"--since", since, "--until", daemonUnixTime(c))
 
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(events, checker.HasLen, 1, check.Commentf("was expecting 1 event. out=%s", out))
+	assert.Equal(c, len(events), 1, "was expecting 1 event. out=%s", out)
 	event := strings.TrimSpace(events[0])
 
 	matches := eventstestutils.ScanMap(event)
-	c.Assert(matchEventID(matches, image), checker.True, check.Commentf("matches: %v\nout:\n%s", matches, out))
-	c.Assert(matches["action"], checker.Equals, "tag")
+	assert.Assert(c, matchEventID(matches, image), "matches: %v\nout:\n%s", matches, out)
+	assert.Equal(c, matches["action"], "tag")
 }
 
-func (s *DockerSuite) TestEventsImagePull(c *check.C) {
+func (s *DockerSuite) TestEventsImagePull(c *testing.T) {
 	// TODO Windows: Enable this test once pull and reliable image names are available
 	testRequires(c, DaemonIsLinux)
 	since := daemonUnixTime(c)
@@ -175,12 +160,11 @@ func (s *DockerSuite) TestEventsImagePull(c *check.C) {
 	events := strings.Split(strings.TrimSpace(out), "\n")
 	event := strings.TrimSpace(events[len(events)-1])
 	matches := eventstestutils.ScanMap(event)
-	c.Assert(matches["id"], checker.Equals, "hello-world:latest")
-	c.Assert(matches["action"], checker.Equals, "pull")
-
+	assert.Equal(c, matches["id"], "hello-world:latest")
+	assert.Equal(c, matches["action"], "pull")
 }
 
-func (s *DockerSuite) TestEventsImageImport(c *check.C) {
+func (s *DockerSuite) TestEventsImageImport(c *testing.T) {
 	// TODO Windows CI. This should be portable once export/import are
 	// more reliable (@swernli)
 	testRequires(c, DaemonIsLinux)
@@ -193,18 +177,18 @@ func (s *DockerSuite) TestEventsImageImport(c *check.C) {
 		exec.Command(dockerBinary, "export", cleanedContainerID),
 		exec.Command(dockerBinary, "import", "-"),
 	)
-	c.Assert(err, checker.IsNil, check.Commentf("import failed with output: %q", out))
+	assert.NilError(c, err, "import failed with output: %q", out)
 	imageRef := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", "event=import")
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(events, checker.HasLen, 1)
+	assert.Equal(c, len(events), 1)
 	matches := eventstestutils.ScanMap(events[0])
-	c.Assert(matches["id"], checker.Equals, imageRef, check.Commentf("matches: %v\nout:\n%s\n", matches, out))
-	c.Assert(matches["action"], checker.Equals, "import", check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+	assert.Equal(c, matches["id"], imageRef, "matches: %v\nout:\n%s\n", matches, out)
+	assert.Equal(c, matches["action"], "import", "matches: %v\nout:\n%s\n", matches, out)
 }
 
-func (s *DockerSuite) TestEventsImageLoad(c *check.C) {
+func (s *DockerSuite) TestEventsImageLoad(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	myImageName := "footest:v1"
 	dockerCmd(c, "tag", "busybox", myImageName)
@@ -212,13 +196,13 @@ func (s *DockerSuite) TestEventsImageLoad(c *check.C) {
 
 	out, _ := dockerCmd(c, "images", "-q", "--no-trunc", myImageName)
 	longImageID := strings.TrimSpace(out)
-	c.Assert(longImageID, checker.Not(check.Equals), "", check.Commentf("Id should not be empty"))
+	assert.Assert(c, longImageID != "", "Id should not be empty")
 
 	dockerCmd(c, "save", "-o", "saveimg.tar", myImageName)
 	dockerCmd(c, "rmi", myImageName)
 	out, _ = dockerCmd(c, "images", "-q", myImageName)
 	noImageID := strings.TrimSpace(out)
-	c.Assert(noImageID, checker.Equals, "", check.Commentf("Should not have any image"))
+	assert.Equal(c, noImageID, "", "Should not have any image")
 	dockerCmd(c, "load", "-i", "saveimg.tar")
 
 	result := icmd.RunCommand("rm", "-rf", "saveimg.tar")
@@ -226,24 +210,24 @@ func (s *DockerSuite) TestEventsImageLoad(c *check.C) {
 
 	out, _ = dockerCmd(c, "images", "-q", "--no-trunc", myImageName)
 	imageID := strings.TrimSpace(out)
-	c.Assert(imageID, checker.Equals, longImageID, check.Commentf("Should have same image id as before"))
+	assert.Equal(c, imageID, longImageID, "Should have same image id as before")
 
 	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", "event=load")
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(events, checker.HasLen, 1)
+	assert.Equal(c, len(events), 1)
 	matches := eventstestutils.ScanMap(events[0])
-	c.Assert(matches["id"], checker.Equals, imageID, check.Commentf("matches: %v\nout:\n%s\n", matches, out))
-	c.Assert(matches["action"], checker.Equals, "load", check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+	assert.Equal(c, matches["id"], imageID, "matches: %v\nout:\n%s\n", matches, out)
+	assert.Equal(c, matches["action"], "load", "matches: %v\nout:\n%s\n", matches, out)
 
 	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", "event=save")
 	events = strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(events, checker.HasLen, 1)
+	assert.Equal(c, len(events), 1)
 	matches = eventstestutils.ScanMap(events[0])
-	c.Assert(matches["id"], checker.Equals, imageID, check.Commentf("matches: %v\nout:\n%s\n", matches, out))
-	c.Assert(matches["action"], checker.Equals, "save", check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+	assert.Equal(c, matches["id"], imageID, "matches: %v\nout:\n%s\n", matches, out)
+	assert.Equal(c, matches["action"], "save", "matches: %v\nout:\n%s\n", matches, out)
 }
 
-func (s *DockerSuite) TestEventsPluginOps(c *check.C) {
+func (s *DockerSuite) TestEventsPluginOps(c *testing.T) {
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
 
 	since := daemonUnixTime(c)
@@ -256,19 +240,13 @@ func (s *DockerSuite) TestEventsPluginOps(c *check.C) {
 	events := strings.Split(out, "\n")
 	events = events[:len(events)-1]
 
-	nEvents := len(events)
-	c.Assert(nEvents, checker.GreaterOrEqualThan, 4)
+	assert.Assert(c, len(events) >= 4)
 
 	pluginEvents := eventActionsByIDAndType(c, events, pNameWithTag, "plugin")
-	c.Assert(pluginEvents, checker.HasLen, 4, check.Commentf("events: %v", events))
-
-	c.Assert(pluginEvents[0], checker.Equals, "pull", check.Commentf("%s", out))
-	c.Assert(pluginEvents[1], checker.Equals, "enable", check.Commentf("%s", out))
-	c.Assert(pluginEvents[2], checker.Equals, "disable", check.Commentf("%s", out))
-	c.Assert(pluginEvents[3], checker.Equals, "remove", check.Commentf("%s", out))
+	assert.Assert(c, is.DeepEqual(pluginEvents, []string{"pull", "enable", "disable", "remove"}), out)
 }
 
-func (s *DockerSuite) TestEventsFilters(c *check.C) {
+func (s *DockerSuite) TestEventsFilters(c *testing.T) {
 	since := daemonUnixTime(c)
 	dockerCmd(c, "run", "--rm", "busybox", "true")
 	dockerCmd(c, "run", "--rm", "busybox", "true")
@@ -280,11 +258,10 @@ func (s *DockerSuite) TestEventsFilters(c *check.C) {
 
 	// make sure we at least got 2 start events
 	count := strings.Count(out, "start")
-	c.Assert(strings.Count(out, "start"), checker.GreaterOrEqualThan, 2, check.Commentf("should have had 2 start events but had %d, out: %s", count, out))
-
+	assert.Assert(c, count >= 2, "should have had 2 start events but had %d, out: %s", count, out)
 }
 
-func (s *DockerSuite) TestEventsFilterImageName(c *check.C) {
+func (s *DockerSuite) TestEventsFilterImageName(c *testing.T) {
 	since := daemonUnixTime(c)
 
 	out, _ := dockerCmd(c, "run", "--name", "container_1", "-d", "busybox:latest", "true")
@@ -297,7 +274,7 @@ func (s *DockerSuite) TestEventsFilterImageName(c *check.C) {
 	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", fmt.Sprintf("image=%s", name))
 	events := strings.Split(out, "\n")
 	events = events[:len(events)-1]
-	c.Assert(events, checker.Not(checker.HasLen), 0) //Expected events but found none for the image busybox:latest
+	assert.Assert(c, len(events) != 0, "Expected events but found none for the image busybox:latest")
 	count1 := 0
 	count2 := 0
 
@@ -308,38 +285,46 @@ func (s *DockerSuite) TestEventsFilterImageName(c *check.C) {
 			count2++
 		}
 	}
-	c.Assert(count1, checker.Not(checker.Equals), 0, check.Commentf("Expected event from container but got %d from %s", count1, container1))
-	c.Assert(count2, checker.Not(checker.Equals), 0, check.Commentf("Expected event from container but got %d from %s", count2, container2))
-
+	assert.Assert(c, count1 != 0, "Expected event from container but got %d from %s", count1, container1)
+	assert.Assert(c, count2 != 0, "Expected event from container but got %d from %s", count2, container2)
 }
 
-func (s *DockerSuite) TestEventsFilterLabels(c *check.C) {
-	since := daemonUnixTime(c)
+func (s *DockerSuite) TestEventsFilterLabels(c *testing.T) {
+	since := strconv.FormatUint(uint64(daemonTime(c).Unix()), 10)
 	label := "io.docker.testing=foo"
 
-	out, _ := dockerCmd(c, "run", "-d", "-l", label, "busybox:latest", "true")
+	out, exit := dockerCmd(c, "create", "-l", label, "busybox")
+	assert.Equal(c, exit, 0)
 	container1 := strings.TrimSpace(out)
 
-	out, _ = dockerCmd(c, "run", "-d", "busybox", "true")
+	out, exit = dockerCmd(c, "create", "busybox")
+	assert.Equal(c, exit, 0)
 	container2 := strings.TrimSpace(out)
 
+	// fetch events with `--until`, so that the client detaches after a second
+	// instead of staying attached, waiting for more events to arrive.
 	out, _ = dockerCmd(
 		c,
 		"events",
 		"--since", since,
-		"--until", daemonUnixTime(c),
-		"--filter", fmt.Sprintf("label=%s", label))
+		"--until", strconv.FormatUint(uint64(daemonTime(c).Add(time.Second).Unix()), 10),
+		"--filter", "label="+label,
+	)
 
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(events), checker.Equals, 3)
+	assert.Assert(c, len(events) > 0)
 
+	var found bool
 	for _, e := range events {
-		c.Assert(e, checker.Contains, container1)
-		c.Assert(e, checker.Not(checker.Contains), container2)
+		if strings.Contains(e, container1) {
+			found = true
+		}
+		assert.Assert(c, !strings.Contains(e, container2))
 	}
+	assert.Assert(c, found)
 }
 
-func (s *DockerSuite) TestEventsFilterImageLabels(c *check.C) {
+func (s *DockerSuite) TestEventsFilterImageLabels(c *testing.T) {
 	since := daemonUnixTime(c)
 	name := "labelfiltertest"
 	label := "io.docker.testing=image"
@@ -363,13 +348,13 @@ func (s *DockerSuite) TestEventsFilterImageLabels(c *check.C) {
 	events := strings.Split(strings.TrimSpace(out), "\n")
 
 	// 2 events from the "docker tag" command, another one is from "docker build"
-	c.Assert(events, checker.HasLen, 3, check.Commentf("Events == %s", events))
+	assert.Equal(c, len(events), 3, "Events == %s", events)
 	for _, e := range events {
-		c.Assert(e, checker.Contains, "labelfiltertest")
+		assert.Check(c, strings.Contains(e, "labelfiltertest"))
 	}
 }
 
-func (s *DockerSuite) TestEventsFilterContainer(c *check.C) {
+func (s *DockerSuite) TestEventsFilterContainer(c *testing.T) {
 	since := daemonUnixTime(c)
 	nameID := make(map[string]string)
 
@@ -398,16 +383,16 @@ func (s *DockerSuite) TestEventsFilterContainer(c *check.C) {
 		// filter by names
 		out, _ := dockerCmd(c, "events", "--since", since, "--until", until, "--filter", "container="+name)
 		events := strings.Split(strings.TrimSuffix(out, "\n"), "\n")
-		c.Assert(checkEvents(ID, events), checker.IsNil)
+		assert.NilError(c, checkEvents(ID, events))
 
 		// filter by ID's
 		out, _ = dockerCmd(c, "events", "--since", since, "--until", until, "--filter", "container="+ID)
 		events = strings.Split(strings.TrimSuffix(out, "\n"), "\n")
-		c.Assert(checkEvents(ID, events), checker.IsNil)
+		assert.NilError(c, checkEvents(ID, events))
 	}
 }
 
-func (s *DockerSuite) TestEventsCommit(c *check.C) {
+func (s *DockerSuite) TestEventsCommit(c *testing.T) {
 	// Problematic on Windows as cannot commit a running container
 	testRequires(c, DaemonIsLinux)
 
@@ -421,10 +406,10 @@ func (s *DockerSuite) TestEventsCommit(c *check.C) {
 
 	until := daemonUnixTime(c)
 	out = cli.DockerCmd(c, "events", "-f", "container="+cID, "--until="+until).Combined()
-	c.Assert(out, checker.Contains, "commit", check.Commentf("Missing 'commit' log event"))
+	assert.Assert(c, strings.Contains(out, "commit"), "Missing 'commit' log event")
 }
 
-func (s *DockerSuite) TestEventsCopy(c *check.C) {
+func (s *DockerSuite) TestEventsCopy(c *testing.T) {
 	// Build a test image.
 	buildImageSuccessfully(c, "cpimg", build.WithDockerfile(`
 		  FROM busybox
@@ -432,11 +417,11 @@ func (s *DockerSuite) TestEventsCopy(c *check.C) {
 	id := getIDByName(c, "cpimg")
 
 	// Create an empty test file.
-	tempFile, err := ioutil.TempFile("", "test-events-copy-")
-	c.Assert(err, checker.IsNil)
+	tempFile, err := os.CreateTemp("", "test-events-copy-")
+	assert.NilError(c, err)
 	defer os.Remove(tempFile.Name())
 
-	c.Assert(tempFile.Close(), checker.IsNil)
+	assert.NilError(c, tempFile.Close())
 
 	dockerCmd(c, "create", "--name=cptest", id)
 
@@ -444,22 +429,22 @@ func (s *DockerSuite) TestEventsCopy(c *check.C) {
 
 	until := daemonUnixTime(c)
 	out, _ := dockerCmd(c, "events", "--since=0", "-f", "container=cptest", "--until="+until)
-	c.Assert(out, checker.Contains, "archive-path", check.Commentf("Missing 'archive-path' log event\n"))
+	assert.Assert(c, strings.Contains(out, "archive-path"), "Missing 'archive-path' log event")
 
 	dockerCmd(c, "cp", tempFile.Name(), "cptest:/filecopy")
 
 	until = daemonUnixTime(c)
 	out, _ = dockerCmd(c, "events", "-f", "container=cptest", "--until="+until)
-	c.Assert(out, checker.Contains, "extract-to-dir", check.Commentf("Missing 'extract-to-dir' log event"))
+	assert.Assert(c, strings.Contains(out, "extract-to-dir"), "Missing 'extract-to-dir' log event")
 }
 
-func (s *DockerSuite) TestEventsResize(c *check.C) {
-	out := runSleepingContainer(c, "-d")
+func (s *DockerSuite) TestEventsResize(c *testing.T) {
+	out := runSleepingContainer(c, "-d", "-t")
 	cID := strings.TrimSpace(out)
-	c.Assert(waitRun(cID), checker.IsNil)
+	assert.NilError(c, waitRun(cID))
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	options := types.ResizeOptions{
@@ -467,16 +452,16 @@ func (s *DockerSuite) TestEventsResize(c *check.C) {
 		Width:  24,
 	}
 	err = cli.ContainerResize(context.Background(), cID, options)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "stop", cID)
 
 	until := daemonUnixTime(c)
 	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until="+until)
-	c.Assert(out, checker.Contains, "resize", check.Commentf("Missing 'resize' log event"))
+	assert.Assert(c, strings.Contains(out, "resize"), "Missing 'resize' log event")
 }
 
-func (s *DockerSuite) TestEventsAttach(c *check.C) {
+func (s *DockerSuite) TestEventsAttach(c *testing.T) {
 	// TODO Windows CI: Figure out why this test fails intermittently (TP5).
 	testRequires(c, DaemonIsLinux)
 
@@ -486,12 +471,12 @@ func (s *DockerSuite) TestEventsAttach(c *check.C) {
 
 	cmd := exec.Command(dockerBinary, "attach", cID)
 	stdin, err := cmd.StdinPipe()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer stdin.Close()
 	stdout, err := cmd.StdoutPipe()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer stdout.Close()
-	c.Assert(cmd.Start(), checker.IsNil)
+	assert.NilError(c, cmd.Start())
 	defer func() {
 		cmd.Process.Kill()
 		cmd.Wait()
@@ -499,22 +484,22 @@ func (s *DockerSuite) TestEventsAttach(c *check.C) {
 
 	// Make sure we're done attaching by writing/reading some stuff
 	_, err = stdin.Write([]byte("hello\n"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	out, err = bufio.NewReader(stdout).ReadString('\n')
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello", check.Commentf("expected 'hello'"))
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 
-	c.Assert(stdin.Close(), checker.IsNil)
+	assert.NilError(c, stdin.Close())
 
 	cli.DockerCmd(c, "kill", cID)
 	cli.WaitExited(c, cID, 5*time.Second)
 
 	until := daemonUnixTime(c)
 	out = cli.DockerCmd(c, "events", "-f", "container="+cID, "--until="+until).Combined()
-	c.Assert(out, checker.Contains, "attach", check.Commentf("Missing 'attach' log event"))
+	assert.Assert(c, strings.Contains(out, "attach"), "Missing 'attach' log event")
 }
 
-func (s *DockerSuite) TestEventsRename(c *check.C) {
+func (s *DockerSuite) TestEventsRename(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "--name", "oldName", "busybox", "true")
 	cID := strings.TrimSpace(out)
 	dockerCmd(c, "rename", "oldName", "newName")
@@ -522,27 +507,27 @@ func (s *DockerSuite) TestEventsRename(c *check.C) {
 	until := daemonUnixTime(c)
 	// filter by the container id because the name in the event will be the new name.
 	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until", until)
-	c.Assert(out, checker.Contains, "rename", check.Commentf("Missing 'rename' log event\n"))
+	assert.Assert(c, strings.Contains(out, "rename"), "Missing 'rename' log event")
 }
 
-func (s *DockerSuite) TestEventsTop(c *check.C) {
+func (s *DockerSuite) TestEventsTop(c *testing.T) {
 	// Problematic on Windows as Windows does not support top
 	testRequires(c, DaemonIsLinux)
 
 	out := runSleepingContainer(c, "-d")
 	cID := strings.TrimSpace(out)
-	c.Assert(waitRun(cID), checker.IsNil)
+	assert.NilError(c, waitRun(cID))
 
 	dockerCmd(c, "top", cID)
 	dockerCmd(c, "stop", cID)
 
 	until := daemonUnixTime(c)
 	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until="+until)
-	c.Assert(out, checker.Contains, " top", check.Commentf("Missing 'top' log event"))
+	assert.Assert(c, strings.Contains(out, "top"), "Missing 'top' log event")
 }
 
 // #14316
-func (s *DockerRegistrySuite) TestEventsImageFilterPush(c *check.C) {
+func (s *DockerRegistrySuite) TestEventsImageFilterPush(c *testing.T) {
 	// Problematic to port for Windows CI during TP5 timeframe until
 	// supporting push
 	testRequires(c, DaemonIsLinux)
@@ -551,7 +536,7 @@ func (s *DockerRegistrySuite) TestEventsImageFilterPush(c *check.C) {
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	cID := strings.TrimSpace(out)
-	c.Assert(waitRun(cID), checker.IsNil)
+	assert.NilError(c, waitRun(cID))
 
 	dockerCmd(c, "commit", cID, repoName)
 	dockerCmd(c, "stop", cID)
@@ -559,12 +544,12 @@ func (s *DockerRegistrySuite) TestEventsImageFilterPush(c *check.C) {
 
 	until := daemonUnixTime(c)
 	out, _ = dockerCmd(c, "events", "-f", "image="+repoName, "-f", "event=push", "--until", until)
-	c.Assert(out, checker.Contains, repoName, check.Commentf("Missing 'push' log event for %s", repoName))
+	assert.Assert(c, strings.Contains(out, repoName), "Missing 'push' log event for %s", repoName)
 }
 
-func (s *DockerSuite) TestEventsFilterType(c *check.C) {
+func (s *DockerSuite) TestEventsFilterType(c *testing.T) {
 	// FIXME(vdemeester) fails on e2e run
-	testRequires(c, SameHostDaemon)
+	testRequires(c, testEnv.IsLocalDaemon)
 	since := daemonUnixTime(c)
 	name := "labelfiltertest"
 	label := "io.docker.testing=image"
@@ -588,9 +573,9 @@ func (s *DockerSuite) TestEventsFilterType(c *check.C) {
 	events := strings.Split(strings.TrimSpace(out), "\n")
 
 	// 2 events from the "docker tag" command, another one is from "docker build"
-	c.Assert(events, checker.HasLen, 3, check.Commentf("Events == %s", events))
+	assert.Equal(c, len(events), 3, "Events == %s", events)
 	for _, e := range events {
-		c.Assert(e, checker.Contains, "labelfiltertest")
+		assert.Check(c, strings.Contains(e, "labelfiltertest"))
 	}
 
 	out, _ = dockerCmd(
@@ -603,7 +588,7 @@ func (s *DockerSuite) TestEventsFilterType(c *check.C) {
 	events = strings.Split(strings.TrimSpace(out), "\n")
 
 	// Events generated by the container that builds the image
-	c.Assert(events, checker.HasLen, 2, check.Commentf("Events == %s", events))
+	assert.Equal(c, len(events), 2, "Events == %s", events)
 
 	out, _ = dockerCmd(
 		c,
@@ -612,11 +597,11 @@ func (s *DockerSuite) TestEventsFilterType(c *check.C) {
 		"--until", daemonUnixTime(c),
 		"--filter", "type=network")
 	events = strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(events), checker.GreaterOrEqualThan, 1, check.Commentf("Events == %s", events))
+	assert.Assert(c, len(events) >= 1, "Events == %s", events)
 }
 
 // #25798
-func (s *DockerSuite) TestEventsSpecialFiltersWithExecCreate(c *check.C) {
+func (s *DockerSuite) TestEventsSpecialFiltersWithExecCreate(c *testing.T) {
 	since := daemonUnixTime(c)
 	runSleepingContainer(c, "--name", "test-container", "-d")
 	waitRun("test-container")
@@ -633,7 +618,7 @@ func (s *DockerSuite) TestEventsSpecialFiltersWithExecCreate(c *check.C) {
 	)
 
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(events), checker.Equals, 1, check.Commentf("%s", out))
+	assert.Equal(c, len(events), 1, out)
 
 	out, _ = dockerCmd(
 		c,
@@ -643,20 +628,20 @@ func (s *DockerSuite) TestEventsSpecialFiltersWithExecCreate(c *check.C) {
 		"--filter",
 		"event=exec_create",
 	)
-	c.Assert(len(events), checker.Equals, 1, check.Commentf("%s", out))
+	assert.Equal(c, len(events), 1, out)
 }
 
-func (s *DockerSuite) TestEventsFilterImageInContainerAction(c *check.C) {
+func (s *DockerSuite) TestEventsFilterImageInContainerAction(c *testing.T) {
 	since := daemonUnixTime(c)
 	dockerCmd(c, "run", "--name", "test-container", "-d", "busybox", "true")
 	waitRun("test-container")
 
 	out, _ := dockerCmd(c, "events", "--filter", "image=busybox", "--since", since, "--until", daemonUnixTime(c))
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(events), checker.GreaterThan, 1, check.Commentf("%s", out))
+	assert.Assert(c, len(events) > 1, out)
 }
 
-func (s *DockerSuite) TestEventsContainerRestart(c *check.C) {
+func (s *DockerSuite) TestEventsContainerRestart(c *testing.T) {
 	dockerCmd(c, "run", "-d", "--name=testEvent", "--restart=on-failure:3", "busybox", "false")
 
 	// wait until test2 is auto removed.
@@ -667,7 +652,7 @@ func (s *DockerSuite) TestEventsContainerRestart(c *check.C) {
 	}
 
 	err := waitInspect("testEvent", "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTime)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var (
 		createCount int
@@ -678,7 +663,7 @@ func (s *DockerSuite) TestEventsContainerRestart(c *check.C) {
 	events := strings.Split(strings.TrimSpace(out), "\n")
 
 	nEvents := len(events)
-	c.Assert(nEvents, checker.GreaterOrEqualThan, 1) //Missing expected event
+	assert.Assert(c, nEvents >= 1)
 	actions := eventActionsByIDAndType(c, events, "testEvent", "container")
 
 	for _, a := range actions {
@@ -691,12 +676,12 @@ func (s *DockerSuite) TestEventsContainerRestart(c *check.C) {
 			dieCount++
 		}
 	}
-	c.Assert(createCount, checker.Equals, 1, check.Commentf("testEvent should be created 1 times: %v", actions))
-	c.Assert(startCount, checker.Equals, 4, check.Commentf("testEvent should start 4 times: %v", actions))
-	c.Assert(dieCount, checker.Equals, 4, check.Commentf("testEvent should die 4 times: %v", actions))
+	assert.Equal(c, createCount, 1, "testEvent should be created 1 times: %v", actions)
+	assert.Equal(c, startCount, 4, "testEvent should start 4 times: %v", actions)
+	assert.Equal(c, dieCount, 4, "testEvent should die 4 times: %v", actions)
 }
 
-func (s *DockerSuite) TestEventsSinceInTheFuture(c *check.C) {
+func (s *DockerSuite) TestEventsSinceInTheFuture(c *testing.T) {
 	dockerCmd(c, "run", "--name", "test-container", "-d", "busybox", "true")
 	waitRun("test-container")
 
@@ -704,11 +689,11 @@ func (s *DockerSuite) TestEventsSinceInTheFuture(c *check.C) {
 	until := since.Add(time.Duration(-24) * time.Hour)
 	out, _, err := dockerCmdWithError("events", "--filter", "image=busybox", "--since", parseEventTime(since), "--until", parseEventTime(until))
 
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "cannot be after `until`")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "cannot be after `until`"))
 }
 
-func (s *DockerSuite) TestEventsUntilInThePast(c *check.C) {
+func (s *DockerSuite) TestEventsUntilInThePast(c *testing.T) {
 	since := daemonUnixTime(c)
 
 	dockerCmd(c, "run", "--name", "test-container", "-d", "busybox", "true")
@@ -721,11 +706,11 @@ func (s *DockerSuite) TestEventsUntilInThePast(c *check.C) {
 
 	out, _ := dockerCmd(c, "events", "--filter", "image=busybox", "--since", since, "--until", until)
 
-	c.Assert(out, checker.Not(checker.Contains), "test-container2")
-	c.Assert(out, checker.Contains, "test-container")
+	assert.Assert(c, !strings.Contains(out, "test-container2"))
+	assert.Assert(c, strings.Contains(out, "test-container"))
 }
 
-func (s *DockerSuite) TestEventsFormat(c *check.C) {
+func (s *DockerSuite) TestEventsFormat(c *testing.T) {
 	since := daemonUnixTime(c)
 	dockerCmd(c, "run", "--rm", "busybox", "true")
 	dockerCmd(c, "run", "--rm", "busybox", "true")
@@ -739,16 +724,16 @@ func (s *DockerSuite) TestEventsFormat(c *check.C) {
 		if err = dec.Decode(&ev); err == io.EOF {
 			break
 		}
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		if ev.Status == "start" {
 			startCount++
 		}
 	}
 
-	c.Assert(startCount, checker.Equals, 2, check.Commentf("should have had 2 start events but had %d, out: %s", startCount, out))
+	assert.Equal(c, startCount, 2, "should have had 2 start events but had %d, out: %s", startCount, out)
 }
 
-func (s *DockerSuite) TestEventsFormatBadFunc(c *check.C) {
+func (s *DockerSuite) TestEventsFormatBadFunc(c *testing.T) {
 	// make sure it fails immediately, without receiving any event
 	result := dockerCmdWithResult("events", "--format", "{{badFuncString .}}")
 	result.Assert(c, icmd.Expected{
@@ -758,7 +743,7 @@ func (s *DockerSuite) TestEventsFormatBadFunc(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestEventsFormatBadField(c *check.C) {
+func (s *DockerSuite) TestEventsFormatBadField(c *testing.T) {
 	// make sure it fails immediately, without receiving any event
 	result := dockerCmdWithResult("events", "--format", "{{.badFieldString}}")
 	result.Assert(c, icmd.Expected{
diff --git a/integration-cli/docker_cli_events_unix_test.go b/integration-cli/docker_cli_events_unix_test.go
index 92403e006e9c5..dcadf56a2411a 100644
--- a/integration-cli/docker_cli_events_unix_test.go
+++ b/integration-cli/docker_cli_events_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -6,52 +7,51 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"strings"
+	"testing"
 	"time"
 	"unicode"
 
-	"github.com/docker/docker/integration-cli/checker"
+	"github.com/creack/pty"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"github.com/kr/pty"
 	"golang.org/x/sys/unix"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // #5979
-func (s *DockerSuite) TestEventsRedirectStdout(c *check.C) {
+func (s *DockerSuite) TestEventsRedirectStdout(c *testing.T) {
 	since := daemonUnixTime(c)
 	dockerCmd(c, "run", "busybox", "true")
 
-	file, err := ioutil.TempFile("", "")
-	c.Assert(err, checker.IsNil, check.Commentf("could not create temp file"))
+	file, err := os.CreateTemp("", "")
+	assert.NilError(c, err, "could not create temp file")
 	defer os.Remove(file.Name())
 
 	command := fmt.Sprintf("%s events --since=%s --until=%s > %s", dockerBinary, since, daemonUnixTime(c), file.Name())
 	_, tty, err := pty.Open()
-	c.Assert(err, checker.IsNil, check.Commentf("Could not open pty"))
+	assert.NilError(c, err, "Could not open pty")
 	cmd := exec.Command("sh", "-c", command)
 	cmd.Stdin = tty
 	cmd.Stdout = tty
 	cmd.Stderr = tty
-	c.Assert(cmd.Run(), checker.IsNil, check.Commentf("run err for command %q", command))
+	assert.NilError(c, cmd.Run(), "run err for command %q", command)
 
 	scanner := bufio.NewScanner(file)
 	for scanner.Scan() {
 		for _, ch := range scanner.Text() {
-			c.Assert(unicode.IsControl(ch), checker.False, check.Commentf("found control character %v", []byte(string(ch))))
+			assert.Check(c, unicode.IsControl(ch) == false, "found control character %v", []byte(string(ch)))
 		}
 	}
-	c.Assert(scanner.Err(), checker.IsNil, check.Commentf("Scan err for command %q", command))
-
+	assert.NilError(c, scanner.Err(), "Scan err for command %q", command)
 }
 
-func (s *DockerSuite) TestEventsOOMDisableFalse(c *check.C) {
+func (s *DockerSuite) TestEventsOOMDisableFalse(c *testing.T) {
 	testRequires(c, DaemonIsLinux, oomControl, memoryLimitSupport, swapMemorySupport, NotPpc64le)
 
-	errChan := make(chan error)
+	errChan := make(chan error, 1)
 	go func() {
 		defer close(errChan)
 		out, exitCode, _ := dockerCmdWithError("run", "--name", "oomFalse", "-m", "10MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done")
@@ -61,7 +61,7 @@ func (s *DockerSuite) TestEventsOOMDisableFalse(c *check.C) {
 	}()
 	select {
 	case err := <-errChan:
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(30 * time.Second):
 		c.Fatal("Timeout waiting for container to die on OOM")
 	}
@@ -70,22 +70,22 @@ func (s *DockerSuite) TestEventsOOMDisableFalse(c *check.C) {
 	events := strings.Split(strings.TrimSuffix(out, "\n"), "\n")
 	nEvents := len(events)
 
-	c.Assert(nEvents, checker.GreaterOrEqualThan, 5) //Missing expected event
-	c.Assert(parseEventAction(c, events[nEvents-5]), checker.Equals, "create")
-	c.Assert(parseEventAction(c, events[nEvents-4]), checker.Equals, "attach")
-	c.Assert(parseEventAction(c, events[nEvents-3]), checker.Equals, "start")
-	c.Assert(parseEventAction(c, events[nEvents-2]), checker.Equals, "oom")
-	c.Assert(parseEventAction(c, events[nEvents-1]), checker.Equals, "die")
+	assert.Assert(c, nEvents >= 5)
+	assert.Equal(c, parseEventAction(c, events[nEvents-5]), "create")
+	assert.Equal(c, parseEventAction(c, events[nEvents-4]), "attach")
+	assert.Equal(c, parseEventAction(c, events[nEvents-3]), "start")
+	assert.Equal(c, parseEventAction(c, events[nEvents-2]), "oom")
+	assert.Equal(c, parseEventAction(c, events[nEvents-1]), "die")
 }
 
-func (s *DockerSuite) TestEventsOOMDisableTrue(c *check.C) {
+func (s *DockerSuite) TestEventsOOMDisableTrue(c *testing.T) {
 	testRequires(c, DaemonIsLinux, oomControl, memoryLimitSupport, NotArm, swapMemorySupport, NotPpc64le)
 
-	errChan := make(chan error)
+	errChan := make(chan error, 1)
 	observer, err := newEventObserver(c)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	err = observer.Start()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer observer.Stop()
 
 	go func() {
@@ -96,7 +96,7 @@ func (s *DockerSuite) TestEventsOOMDisableTrue(c *check.C) {
 		}
 	}()
 
-	c.Assert(waitRun("oomTrue"), checker.IsNil)
+	assert.NilError(c, waitRun("oomTrue"))
 	defer dockerCmdWithResult("kill", "oomTrue")
 	containerID := inspectField(c, "oomTrue", "Id")
 
@@ -122,11 +122,11 @@ func (s *DockerSuite) TestEventsOOMDisableTrue(c *check.C) {
 	}
 
 	status := inspectField(c, "oomTrue", "State.Status")
-	c.Assert(strings.TrimSpace(status), checker.Equals, "running", check.Commentf("container should be still running"))
+	assert.Equal(c, strings.TrimSpace(status), "running", "container should be still running")
 }
 
 // #18453
-func (s *DockerSuite) TestEventsContainerFilterByName(c *check.C) {
+func (s *DockerSuite) TestEventsContainerFilterByName(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	cOut, _ := dockerCmd(c, "run", "--name=foo", "-d", "busybox", "top")
 	c1 := strings.TrimSpace(cOut)
@@ -135,17 +135,17 @@ func (s *DockerSuite) TestEventsContainerFilterByName(c *check.C) {
 	c2 := strings.TrimSpace(cOut)
 	waitRun("bar")
 	out, _ := dockerCmd(c, "events", "-f", "container=foo", "--since=0", "--until", daemonUnixTime(c))
-	c.Assert(out, checker.Contains, c1, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), c2, check.Commentf("%s", out))
+	assert.Assert(c, strings.Contains(out, c1), out)
+	assert.Assert(c, !strings.Contains(out, c2), out)
 }
 
 // #18453
-func (s *DockerSuite) TestEventsContainerFilterBeforeCreate(c *check.C) {
+func (s *DockerSuite) TestEventsContainerFilterBeforeCreate(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	buf := &bytes.Buffer{}
 	cmd := exec.Command(dockerBinary, "events", "-f", "container=foo", "--since=0")
 	cmd.Stdout = buf
-	c.Assert(cmd.Start(), check.IsNil)
+	assert.NilError(c, cmd.Start())
 	defer cmd.Wait()
 	defer cmd.Process.Kill()
 
@@ -165,7 +165,7 @@ func (s *DockerSuite) TestEventsContainerFilterBeforeCreate(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestVolumeEvents(c *check.C) {
+func (s *DockerSuite) TestVolumeEvents(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	since := daemonUnixTime(c)
@@ -182,18 +182,17 @@ func (s *DockerSuite) TestVolumeEvents(c *check.C) {
 	until := daemonUnixTime(c)
 	out, _ := dockerCmd(c, "events", "--since", since, "--until", until)
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(events), checker.GreaterThan, 4)
+	assert.Assert(c, len(events) > 3)
 
 	volumeEvents := eventActionsByIDAndType(c, events, "test-event-volume-local", "volume")
-	c.Assert(volumeEvents, checker.HasLen, 5)
-	c.Assert(volumeEvents[0], checker.Equals, "create")
-	c.Assert(volumeEvents[1], checker.Equals, "create")
-	c.Assert(volumeEvents[2], checker.Equals, "mount")
-	c.Assert(volumeEvents[3], checker.Equals, "unmount")
-	c.Assert(volumeEvents[4], checker.Equals, "destroy")
+	assert.Equal(c, len(volumeEvents), 4)
+	assert.Equal(c, volumeEvents[0], "create")
+	assert.Equal(c, volumeEvents[1], "mount")
+	assert.Equal(c, volumeEvents[2], "unmount")
+	assert.Equal(c, volumeEvents[3], "destroy")
 }
 
-func (s *DockerSuite) TestNetworkEvents(c *check.C) {
+func (s *DockerSuite) TestNetworkEvents(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	since := daemonUnixTime(c)
@@ -210,17 +209,17 @@ func (s *DockerSuite) TestNetworkEvents(c *check.C) {
 	until := daemonUnixTime(c)
 	out, _ := dockerCmd(c, "events", "--since", since, "--until", until)
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(events), checker.GreaterThan, 4)
+	assert.Assert(c, len(events) > 4)
 
 	netEvents := eventActionsByIDAndType(c, events, "test-event-network-local", "network")
-	c.Assert(netEvents, checker.HasLen, 4)
-	c.Assert(netEvents[0], checker.Equals, "create")
-	c.Assert(netEvents[1], checker.Equals, "connect")
-	c.Assert(netEvents[2], checker.Equals, "disconnect")
-	c.Assert(netEvents[3], checker.Equals, "destroy")
+	assert.Equal(c, len(netEvents), 4)
+	assert.Equal(c, netEvents[0], "create")
+	assert.Equal(c, netEvents[1], "connect")
+	assert.Equal(c, netEvents[2], "disconnect")
+	assert.Equal(c, netEvents[3], "destroy")
 }
 
-func (s *DockerSuite) TestEventsContainerWithMultiNetwork(c *check.C) {
+func (s *DockerSuite) TestEventsContainerWithMultiNetwork(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	// Observe create/connect network actions
@@ -239,22 +238,22 @@ func (s *DockerSuite) TestEventsContainerWithMultiNetwork(c *check.C) {
 	netEvents := strings.Split(strings.TrimSpace(out), "\n")
 
 	// received two network disconnect events
-	c.Assert(len(netEvents), checker.Equals, 2)
-	c.Assert(netEvents[0], checker.Contains, "disconnect")
-	c.Assert(netEvents[1], checker.Contains, "disconnect")
+	assert.Equal(c, len(netEvents), 2)
+	assert.Assert(c, strings.Contains(netEvents[0], "disconnect"))
+	assert.Assert(c, strings.Contains(netEvents[1], "disconnect"))
 
-	//both networks appeared in the network event output
-	c.Assert(out, checker.Contains, "test-event-network-local-1")
-	c.Assert(out, checker.Contains, "test-event-network-local-2")
+	// both networks appeared in the network event output
+	assert.Assert(c, strings.Contains(out, "test-event-network-local-1"))
+	assert.Assert(c, strings.Contains(out, "test-event-network-local-2"))
 }
 
-func (s *DockerSuite) TestEventsStreaming(c *check.C) {
+func (s *DockerSuite) TestEventsStreaming(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	observer, err := newEventObserver(c)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	err = observer.Start()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer observer.Stop()
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox:latest", "true")
@@ -302,20 +301,20 @@ func (s *DockerSuite) TestEventsStreaming(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestEventsImageUntagDelete(c *check.C) {
+func (s *DockerSuite) TestEventsImageUntagDelete(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	observer, err := newEventObserver(c)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	err = observer.Start()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer observer.Stop()
 
 	name := "testimageevents"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM scratch
 		MAINTAINER "docker"`))
 	imageID := getIDByName(c, name)
-	c.Assert(deleteImages(name), checker.IsNil)
+	assert.NilError(c, deleteImages(name))
 
 	testActions := map[string]chan bool{
 		"untag":  make(chan bool, 1),
@@ -341,7 +340,7 @@ func (s *DockerSuite) TestEventsImageUntagDelete(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestEventsFilterVolumeAndNetworkType(c *check.C) {
+func (s *DockerSuite) TestEventsFilterVolumeAndNetworkType(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	since := daemonUnixTime(c)
@@ -351,16 +350,16 @@ func (s *DockerSuite) TestEventsFilterVolumeAndNetworkType(c *check.C) {
 
 	out, _ := dockerCmd(c, "events", "--filter", "type=volume", "--filter", "type=network", "--since", since, "--until", daemonUnixTime(c))
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(events), checker.GreaterOrEqualThan, 2, check.Commentf("%s", out))
+	assert.Assert(c, len(events) >= 2, out)
 
 	networkActions := eventActionsByIDAndType(c, events, "test-event-network-type", "network")
 	volumeActions := eventActionsByIDAndType(c, events, "test-event-volume-type", "volume")
 
-	c.Assert(volumeActions[0], checker.Equals, "create")
-	c.Assert(networkActions[0], checker.Equals, "create")
+	assert.Equal(c, volumeActions[0], "create")
+	assert.Equal(c, networkActions[0], "create")
 }
 
-func (s *DockerSuite) TestEventsFilterVolumeID(c *check.C) {
+func (s *DockerSuite) TestEventsFilterVolumeID(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	since := daemonUnixTime(c)
@@ -368,13 +367,14 @@ func (s *DockerSuite) TestEventsFilterVolumeID(c *check.C) {
 	dockerCmd(c, "volume", "create", "test-event-volume-id")
 	out, _ := dockerCmd(c, "events", "--filter", "volume=test-event-volume-id", "--since", since, "--until", daemonUnixTime(c))
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(events, checker.HasLen, 1)
+	assert.Equal(c, len(events), 1)
 
-	c.Assert(events[0], checker.Contains, "test-event-volume-id")
-	c.Assert(events[0], checker.Contains, "driver=local")
+	assert.Equal(c, len(events), 1)
+	assert.Assert(c, strings.Contains(events[0], "test-event-volume-id"))
+	assert.Assert(c, strings.Contains(events[0], "driver=local"))
 }
 
-func (s *DockerSuite) TestEventsFilterNetworkID(c *check.C) {
+func (s *DockerSuite) TestEventsFilterNetworkID(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	since := daemonUnixTime(c)
@@ -382,57 +382,38 @@ func (s *DockerSuite) TestEventsFilterNetworkID(c *check.C) {
 	dockerCmd(c, "network", "create", "test-event-network-local")
 	out, _ := dockerCmd(c, "events", "--filter", "network=test-event-network-local", "--since", since, "--until", daemonUnixTime(c))
 	events := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(events, checker.HasLen, 1)
-
-	c.Assert(events[0], checker.Contains, "test-event-network-local")
-	c.Assert(events[0], checker.Contains, "type=bridge")
+	assert.Equal(c, len(events), 1)
+	assert.Assert(c, strings.Contains(events[0], "test-event-network-local"))
+	assert.Assert(c, strings.Contains(events[0], "type=bridge"))
 }
 
-func (s *DockerDaemonSuite) TestDaemonEvents(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonEvents(c *testing.T) {
 
 	// daemon config file
 	configFilePath := "test.json"
-	configFile, err := os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
 	defer os.Remove(configFilePath)
 
 	daemonConfig := `{"labels":["foo=bar"]}`
-	fmt.Fprintf(configFile, "%s", daemonConfig)
-	configFile.Close()
-	s.d.Start(c, fmt.Sprintf("--config-file=%s", configFilePath))
-
-	// Get daemon ID
-	out, err := s.d.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	daemonID := ""
-	daemonName := ""
-	for _, line := range strings.Split(out, "\n") {
-		if strings.HasPrefix(line, "ID: ") {
-			daemonID = strings.TrimPrefix(line, "ID: ")
-		} else if strings.HasPrefix(line, "Name: ") {
-			daemonName = strings.TrimPrefix(line, "Name: ")
-		}
-	}
-	c.Assert(daemonID, checker.Not(checker.Equals), "")
+	err := os.WriteFile(configFilePath, []byte(daemonConfig), 0644)
+	assert.NilError(c, err)
+	s.d.Start(c, "--config-file="+configFilePath)
 
-	configFile, err = os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
-	daemonConfig = `{"max-concurrent-downloads":1,"labels":["bar=foo"], "shutdown-timeout": 10}`
-	fmt.Fprintf(configFile, "%s", daemonConfig)
-	configFile.Close()
+	info := s.d.Info(c)
 
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	daemonConfig = `{"max-concurrent-downloads":1,"labels":["bar=foo"], "shutdown-timeout": 10}`
+	err = os.WriteFile(configFilePath, []byte(daemonConfig), 0644)
+	assert.NilError(c, err)
 
+	assert.NilError(c, s.d.Signal(unix.SIGHUP))
 	time.Sleep(3 * time.Second)
 
-	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c))
-	c.Assert(err, checker.IsNil)
+	out, err := s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c))
+	assert.NilError(c, err)
 
 	// only check for values known (daemon ID/name) or explicitly set above,
 	// otherwise just check for names being present.
 	expectedSubstrings := []string{
-		" daemon reload " + daemonID + " ",
+		" daemon reload " + info.ID + " ",
 		"(allow-nondistributable-artifacts=[",
 		" cluster-advertise=, ",
 		" cluster-store=, ",
@@ -446,66 +427,50 @@ func (s *DockerDaemonSuite) TestDaemonEvents(c *check.C) {
 		" live-restore=",
 		" max-concurrent-downloads=1, ",
 		" max-concurrent-uploads=5, ",
-		" name=" + daemonName,
+		" name=" + info.Name,
 		" registry-mirrors=[",
 		" runtimes=",
 		" shutdown-timeout=10)",
 	}
 
 	for _, s := range expectedSubstrings {
-		c.Assert(out, checker.Contains, s)
+		assert.Check(c, is.Contains(out, s))
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonEventsWithFilters(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonEventsWithFilters(c *testing.T) {
 
 	// daemon config file
 	configFilePath := "test.json"
-	configFile, err := os.Create(configFilePath)
-	c.Assert(err, checker.IsNil)
 	defer os.Remove(configFilePath)
 
 	daemonConfig := `{"labels":["foo=bar"]}`
-	fmt.Fprintf(configFile, "%s", daemonConfig)
-	configFile.Close()
-	s.d.Start(c, fmt.Sprintf("--config-file=%s", configFilePath))
-
-	// Get daemon ID
-	out, err := s.d.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	daemonID := ""
-	daemonName := ""
-	for _, line := range strings.Split(out, "\n") {
-		if strings.HasPrefix(line, "ID: ") {
-			daemonID = strings.TrimPrefix(line, "ID: ")
-		} else if strings.HasPrefix(line, "Name: ") {
-			daemonName = strings.TrimPrefix(line, "Name: ")
-		}
-	}
-	c.Assert(daemonID, checker.Not(checker.Equals), "")
+	err := os.WriteFile(configFilePath, []byte(daemonConfig), 0644)
+	assert.NilError(c, err)
+	s.d.Start(c, "--config-file="+configFilePath)
 
-	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	info := s.d.Info(c)
 
+	assert.NilError(c, s.d.Signal(unix.SIGHUP))
 	time.Sleep(3 * time.Second)
 
-	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", fmt.Sprintf("daemon=%s", daemonID))
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("daemon reload %s", daemonID))
+	out, err := s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", fmt.Sprintf("daemon=%s", info.ID))
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("daemon reload %s", info.ID)))
 
-	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", fmt.Sprintf("daemon=%s", daemonName))
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("daemon reload %s", daemonID))
+	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", fmt.Sprintf("daemon=%s", info.ID))
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("daemon reload %s", info.ID)))
 
 	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", "daemon=foo")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Not(checker.Contains), fmt.Sprintf("daemon reload %s", daemonID))
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(out, fmt.Sprintf("daemon reload %s", info.ID)))
 
 	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", "type=daemon")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("daemon reload %s", daemonID))
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("daemon reload %s", info.ID)))
 
 	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", "type=container")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Not(checker.Contains), fmt.Sprintf("daemon reload %s", daemonID))
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(out, fmt.Sprintf("daemon reload %s", info.ID)))
 }
diff --git a/integration-cli/docker_cli_exec_test.go b/integration-cli/docker_cli_exec_test.go
index 72059c79e6305..1ef31cfc373a4 100644
--- a/integration-cli/docker_cli_exec_test.go
+++ b/integration-cli/docker_cli_exec_test.go
@@ -1,5 +1,3 @@
-// +build !test_no_exec
-
 package main
 
 import (
@@ -11,134 +9,127 @@ import (
 	"reflect"
 	"runtime"
 	"sort"
-	"strconv"
 	"strings"
 	"sync"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestExec(c *check.C) {
+func (s *DockerSuite) TestExec(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "sh", "-c", "echo test > /tmp/file && top")
-	c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil)
+	assert.NilError(c, waitRun(strings.TrimSpace(out)))
 
 	out, _ = dockerCmd(c, "exec", "testing", "cat", "/tmp/file")
-	out = strings.Trim(out, "\r\n")
-	c.Assert(out, checker.Equals, "test")
-
+	assert.Equal(c, strings.Trim(out, "\r\n"), "test")
 }
 
-func (s *DockerSuite) TestExecInteractive(c *check.C) {
+func (s *DockerSuite) TestExecInteractive(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "sh", "-c", "echo test > /tmp/file && top")
 
 	execCmd := exec.Command(dockerBinary, "exec", "-i", "testing", "sh")
 	stdin, err := execCmd.StdinPipe()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	stdout, err := execCmd.StdoutPipe()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	err = execCmd.Start()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = stdin.Write([]byte("cat /tmp/file\n"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	r := bufio.NewReader(stdout)
 	line, err := r.ReadString('\n')
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	line = strings.TrimSpace(line)
-	c.Assert(line, checker.Equals, "test")
+	assert.Equal(c, line, "test")
 	err = stdin.Close()
-	c.Assert(err, checker.IsNil)
-	errChan := make(chan error)
+	assert.NilError(c, err)
+	errChan := make(chan error, 1)
 	go func() {
 		errChan <- execCmd.Wait()
 		close(errChan)
 	}()
 	select {
 	case err := <-errChan:
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(1 * time.Second):
 		c.Fatal("docker exec failed to exit on stdin close")
 	}
 
 }
 
-func (s *DockerSuite) TestExecAfterContainerRestart(c *check.C) {
+func (s *DockerSuite) TestExecAfterContainerRestart(c *testing.T) {
 	out := runSleepingContainer(c)
 	cleanedContainerID := strings.TrimSpace(out)
-	c.Assert(waitRun(cleanedContainerID), check.IsNil)
+	assert.NilError(c, waitRun(cleanedContainerID))
 	dockerCmd(c, "restart", cleanedContainerID)
-	c.Assert(waitRun(cleanedContainerID), check.IsNil)
+	assert.NilError(c, waitRun(cleanedContainerID))
 
 	out, _ = dockerCmd(c, "exec", cleanedContainerID, "echo", "hello")
-	outStr := strings.TrimSpace(out)
-	c.Assert(outStr, checker.Equals, "hello")
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 }
 
-func (s *DockerDaemonSuite) TestExecAfterDaemonRestart(c *check.C) {
-	// TODO Windows CI: Requires a little work to get this ported.
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerDaemonSuite) TestExecAfterDaemonRestart(c *testing.T) {
+	// TODO Windows CI: DockerDaemonSuite doesn't run on Windows, and requires a little work to get this ported.
 	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("Could not run top: %s", out))
+	assert.NilError(c, err, "Could not run top: %s", out)
 
 	s.d.Restart(c)
 
 	out, err = s.d.Cmd("start", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("Could not start top after daemon restart: %s", out))
+	assert.NilError(c, err, "Could not start top after daemon restart: %s", out)
 
 	out, err = s.d.Cmd("exec", "top", "echo", "hello")
-	c.Assert(err, checker.IsNil, check.Commentf("Could not exec on container top: %s", out))
-
-	outStr := strings.TrimSpace(string(out))
-	c.Assert(outStr, checker.Equals, "hello")
+	assert.NilError(c, err, "Could not exec on container top: %s", out)
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 }
 
 // Regression test for #9155, #9044
-func (s *DockerSuite) TestExecEnv(c *check.C) {
+func (s *DockerSuite) TestExecEnv(c *testing.T) {
 	// TODO Windows CI: This one is interesting and may just end up being a feature
 	// difference between Windows and Linux. On Windows, the environment is passed
 	// into the process that is launched, not into the machine environment. Hence
 	// a subsequent exec will not have LALA set/
 	testRequires(c, DaemonIsLinux)
 	runSleepingContainer(c, "-e", "LALA=value1", "-e", "LALA=value2", "-d", "--name", "testing")
-	c.Assert(waitRun("testing"), check.IsNil)
+	assert.NilError(c, waitRun("testing"))
 
 	out, _ := dockerCmd(c, "exec", "testing", "env")
-	c.Assert(out, checker.Not(checker.Contains), "LALA=value1")
-	c.Assert(out, checker.Contains, "LALA=value2")
-	c.Assert(out, checker.Contains, "HOME=/root")
+	assert.Check(c, !strings.Contains(out, "LALA=value1"))
+	assert.Check(c, strings.Contains(out, "LALA=value2"))
+	assert.Check(c, strings.Contains(out, "HOME=/root"))
 }
 
-func (s *DockerSuite) TestExecSetEnv(c *check.C) {
+func (s *DockerSuite) TestExecSetEnv(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	runSleepingContainer(c, "-e", "HOME=/root", "-d", "--name", "testing")
-	c.Assert(waitRun("testing"), check.IsNil)
+	assert.NilError(c, waitRun("testing"))
 
 	out, _ := dockerCmd(c, "exec", "-e", "HOME=/another", "-e", "ABC=xyz", "testing", "env")
-	c.Assert(out, checker.Not(checker.Contains), "HOME=/root")
-	c.Assert(out, checker.Contains, "HOME=/another")
-	c.Assert(out, checker.Contains, "ABC=xyz")
+	assert.Check(c, !strings.Contains(out, "HOME=/root"))
+	assert.Check(c, strings.Contains(out, "HOME=/another"))
+	assert.Check(c, strings.Contains(out, "ABC=xyz"))
 }
 
-func (s *DockerSuite) TestExecExitStatus(c *check.C) {
+func (s *DockerSuite) TestExecExitStatus(c *testing.T) {
 	runSleepingContainer(c, "-d", "--name", "top")
 
 	result := icmd.RunCommand(dockerBinary, "exec", "top", "sh", "-c", "exit 23")
 	result.Assert(c, icmd.Expected{ExitCode: 23, Error: "exit status 23"})
 }
 
-func (s *DockerSuite) TestExecPausedContainer(c *check.C) {
+func (s *DockerSuite) TestExecPausedContainer(c *testing.T) {
 	testRequires(c, IsPausable)
 
 	out := runSleepingContainer(c, "-d", "--name", "testing")
@@ -146,40 +137,40 @@ func (s *DockerSuite) TestExecPausedContainer(c *check.C) {
 
 	dockerCmd(c, "pause", "testing")
 	out, _, err := dockerCmdWithError("exec", ContainerID, "echo", "hello")
-	c.Assert(err, checker.NotNil, check.Commentf("container should fail to exec new command if it is paused"))
+	assert.ErrorContains(c, err, "", "container should fail to exec new command if it is paused")
 
 	expected := ContainerID + " is paused, unpause the container before exec"
-	c.Assert(out, checker.Contains, expected, check.Commentf("container should not exec new command if it is paused"))
+	assert.Assert(c, is.Contains(out, expected), "container should not exec new command if it is paused")
 }
 
 // regression test for #9476
-func (s *DockerSuite) TestExecTTYCloseStdin(c *check.C) {
+func (s *DockerSuite) TestExecTTYCloseStdin(c *testing.T) {
 	// TODO Windows CI: This requires some work to port to Windows.
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "-it", "--name", "exec_tty_stdin", "busybox")
 
 	cmd := exec.Command(dockerBinary, "exec", "-i", "exec_tty_stdin", "cat")
 	stdinRw, err := cmd.StdinPipe()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	stdinRw.Write([]byte("test"))
 	stdinRw.Close()
 
 	out, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, _ = dockerCmd(c, "top", "exec_tty_stdin")
 	outArr := strings.Split(out, "\n")
-	c.Assert(len(outArr), checker.LessOrEqualThan, 3, check.Commentf("exec process left running"))
-	c.Assert(out, checker.Not(checker.Contains), "nsenter-exec")
+	assert.Assert(c, len(outArr) <= 3, "exec process left running")
+	assert.Assert(c, !strings.Contains(out, "nsenter-exec"))
 }
 
-func (s *DockerSuite) TestExecTTYWithoutStdin(c *check.C) {
+func (s *DockerSuite) TestExecTTYWithoutStdin(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "-ti", "busybox")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
-	errChan := make(chan error)
+	errChan := make(chan error, 1)
 	go func() {
 		defer close(errChan)
 
@@ -204,14 +195,14 @@ func (s *DockerSuite) TestExecTTYWithoutStdin(c *check.C) {
 
 	select {
 	case err := <-errChan:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(3 * time.Second):
 		c.Fatal("exec is running but should have failed")
 	}
 }
 
 // FIXME(vdemeester) this should be a unit tests on cli/command/container package
-func (s *DockerSuite) TestExecParseError(c *check.C) {
+func (s *DockerSuite) TestExecParseError(c *testing.T) {
 	// TODO Windows CI: Requires some extra work. Consider copying the
 	// runSleepingContainer helper to have an exec version.
 	testRequires(c, DaemonIsLinux)
@@ -225,7 +216,7 @@ func (s *DockerSuite) TestExecParseError(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestExecStopNotHanging(c *check.C) {
+func (s *DockerSuite) TestExecStopNotHanging(c *testing.T) {
 	// TODO Windows CI: Requires some extra work. Consider copying the
 	// runSleepingContainer helper to have an exec version.
 	testRequires(c, DaemonIsLinux)
@@ -239,7 +230,7 @@ func (s *DockerSuite) TestExecStopNotHanging(c *check.C) {
 		out string
 		err error
 	}
-	ch := make(chan dstop)
+	ch := make(chan dstop, 1)
 	go func() {
 		result := icmd.RunCommand(dockerBinary, "stop", "testing")
 		ch <- dstop{result.Combined(), result.Error}
@@ -249,11 +240,11 @@ func (s *DockerSuite) TestExecStopNotHanging(c *check.C) {
 	case <-time.After(3 * time.Second):
 		c.Fatal("Container stop timed out")
 	case s := <-ch:
-		c.Assert(s.err, check.IsNil)
+		assert.NilError(c, s.err)
 	}
 }
 
-func (s *DockerSuite) TestExecCgroup(c *check.C) {
+func (s *DockerSuite) TestExecCgroup(c *testing.T) {
 	// Not applicable on Windows - using Linux specific functionality
 	testRequires(c, NotUserNamespace)
 	testRequires(c, DaemonIsLinux)
@@ -265,11 +256,12 @@ func (s *DockerSuite) TestExecCgroup(c *check.C) {
 	var wg sync.WaitGroup
 	var mu sync.Mutex
 	var execCgroups []sort.StringSlice
-	errChan := make(chan error)
+	errChan := make(chan error, 5)
 	// exec a few times concurrently to get consistent failure
 	for i := 0; i < 5; i++ {
 		wg.Add(1)
 		go func() {
+			defer wg.Done()
 			out, _, err := dockerCmdWithError("exec", "testing", "cat", "/proc/self/cgroup")
 			if err != nil {
 				errChan <- err
@@ -280,14 +272,13 @@ func (s *DockerSuite) TestExecCgroup(c *check.C) {
 			mu.Lock()
 			execCgroups = append(execCgroups, cg)
 			mu.Unlock()
-			wg.Done()
 		}()
 	}
 	wg.Wait()
 	close(errChan)
 
 	for err := range errChan {
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	}
 
 	for _, cg := range execCgroups {
@@ -306,19 +297,19 @@ func (s *DockerSuite) TestExecCgroup(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestExecInspectID(c *check.C) {
+func (s *DockerSuite) TestExecInspectID(c *testing.T) {
 	out := runSleepingContainer(c, "-d")
 	id := strings.TrimSuffix(out, "\n")
 
 	out = inspectField(c, id, "ExecIDs")
-	c.Assert(out, checker.Equals, "[]", check.Commentf("ExecIDs should be empty, got: %s", out))
+	assert.Equal(c, out, "[]", "ExecIDs should be empty, got: %s", out)
 
 	// Start an exec, have it block waiting so we can do some checking
 	cmd := exec.Command(dockerBinary, "exec", id, "sh", "-c",
 		"while ! test -e /execid1; do sleep 1; done")
 
 	err := cmd.Start()
-	c.Assert(err, checker.IsNil, check.Commentf("failed to start the exec cmd"))
+	assert.NilError(c, err, "failed to start the exec cmd")
 
 	// Give the exec 10 chances/seconds to start then give up and stop the test
 	tries := 10
@@ -329,19 +320,17 @@ func (s *DockerSuite) TestExecInspectID(c *check.C) {
 		if out != "[]" && out != "<no value>" {
 			break
 		}
-		c.Assert(i+1, checker.Not(checker.Equals), tries, check.Commentf("ExecIDs still empty after 10 second"))
+		assert.Check(c, i+1 != tries, "ExecIDs still empty after 10 second")
 		time.Sleep(1 * time.Second)
 	}
 
 	// Save execID for later
 	execID, err := inspectFilter(id, "index .ExecIDs 0")
-	c.Assert(err, checker.IsNil, check.Commentf("failed to get the exec id"))
+	assert.NilError(c, err, "failed to get the exec id")
 
 	// End the exec by creating the missing file
-	err = exec.Command(dockerBinary, "exec", id,
-		"sh", "-c", "touch /execid1").Run()
-
-	c.Assert(err, checker.IsNil, check.Commentf("failed to run the 2nd exec cmd"))
+	err = exec.Command(dockerBinary, "exec", id, "sh", "-c", "touch /execid1").Run()
+	assert.NilError(c, err, "failed to run the 2nd exec cmd")
 
 	// Wait for 1st exec to complete
 	cmd.Wait()
@@ -354,47 +343,46 @@ func (s *DockerSuite) TestExecInspectID(c *check.C) {
 		if out == "[]" {
 			break
 		}
-		c.Assert(i+1, checker.Not(checker.Equals), tries, check.Commentf("ExecIDs still not empty after 10 second"))
+		assert.Check(c, i+1 != tries, "ExecIDs still empty after 10 second")
 		time.Sleep(1 * time.Second)
 	}
 
 	// But we should still be able to query the execID
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	_, err = cli.ContainerExecInspect(context.Background(), execID)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Now delete the container and then an 'inspect' on the exec should
 	// result in a 404 (not 'container not running')
 	out, ec := dockerCmd(c, "rm", "-f", id)
-	c.Assert(ec, checker.Equals, 0, check.Commentf("error removing container: %s", out))
+	assert.Equal(c, ec, 0, "error removing container: %s", out)
 
 	_, err = cli.ContainerExecInspect(context.Background(), execID)
-	expected := "No such exec instance"
-	c.Assert(err.Error(), checker.Contains, expected)
+	assert.ErrorContains(c, err, "No such exec instance")
 }
 
-func (s *DockerSuite) TestLinksPingLinkedContainersOnRename(c *check.C) {
+func (s *DockerSuite) TestLinksPingLinkedContainersOnRename(c *testing.T) {
 	// Problematic on Windows as Windows does not support links
 	testRequires(c, DaemonIsLinux)
 	var out string
 	out, _ = dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
 	idA := strings.TrimSpace(out)
-	c.Assert(idA, checker.Not(checker.Equals), "", check.Commentf("%s, id should not be nil", out))
+	assert.Assert(c, idA != "", "%s, id should not be nil", out)
 	out, _ = dockerCmd(c, "run", "-d", "--link", "container1:alias1", "--name", "container2", "busybox", "top")
 	idB := strings.TrimSpace(out)
-	c.Assert(idB, checker.Not(checker.Equals), "", check.Commentf("%s, id should not be nil", out))
+	assert.Assert(c, idB != "", "%s, id should not be nil", out)
 
 	dockerCmd(c, "exec", "container2", "ping", "-c", "1", "alias1", "-W", "1")
 	dockerCmd(c, "rename", "container1", "container_new")
 	dockerCmd(c, "exec", "container2", "ping", "-c", "1", "alias1", "-W", "1")
 }
 
-func (s *DockerSuite) TestRunMutableNetworkFiles(c *check.C) {
+func (s *DockerSuite) TestRunMutableNetworkFiles(c *testing.T) {
 	// Not applicable on Windows to Windows CI.
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 	for _, fn := range []string{"resolv.conf", "hosts"} {
 		containers := cli.DockerCmd(c, "ps", "-q", "-a").Combined()
 		if containers != "" {
@@ -403,14 +391,14 @@ func (s *DockerSuite) TestRunMutableNetworkFiles(c *check.C) {
 
 		content := runCommandAndReadContainerFile(c, fn, dockerBinary, "run", "-d", "--name", "c1", "busybox", "sh", "-c", fmt.Sprintf("echo success >/etc/%s && top", fn))
 
-		c.Assert(strings.TrimSpace(string(content)), checker.Equals, "success", check.Commentf("Content was not what was modified in the container", string(content)))
+		assert.Equal(c, strings.TrimSpace(string(content)), "success", "Content was not what was modified in the container", string(content))
 
 		out, _ := dockerCmd(c, "run", "-d", "--name", "c2", "busybox", "top")
 		contID := strings.TrimSpace(out)
 		netFilePath := containerStorageFile(contID, fn)
 
 		f, err := os.OpenFile(netFilePath, os.O_WRONLY|os.O_SYNC|os.O_APPEND, 0644)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
 		if _, err := f.Seek(0, 0); err != nil {
 			f.Close()
@@ -429,24 +417,24 @@ func (s *DockerSuite) TestRunMutableNetworkFiles(c *check.C) {
 		f.Close()
 
 		res, _ := dockerCmd(c, "exec", contID, "cat", "/etc/"+fn)
-		c.Assert(res, checker.Equals, "success2\n")
+		assert.Equal(c, res, "success2\n")
 	}
 }
 
-func (s *DockerSuite) TestExecWithUser(c *check.C) {
+func (s *DockerSuite) TestExecWithUser(c *testing.T) {
 	// TODO Windows CI: This may be fixable in the future once Windows
 	// supports users
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name", "parent", "busybox", "top")
 
 	out, _ := dockerCmd(c, "exec", "-u", "1", "parent", "id")
-	c.Assert(out, checker.Contains, "uid=1(daemon) gid=1(daemon)")
+	assert.Assert(c, strings.Contains(out, "uid=1(daemon) gid=1(daemon)"))
 
 	out, _ = dockerCmd(c, "exec", "-u", "root", "parent", "id")
-	c.Assert(out, checker.Contains, "uid=0(root) gid=0(root)", check.Commentf("exec with user by id expected daemon user got %s", out))
+	assert.Assert(c, strings.Contains(out, "uid=0(root) gid=0(root)"), "exec with user by id expected daemon user got %s", out)
 }
 
-func (s *DockerSuite) TestExecWithPrivileged(c *check.C) {
+func (s *DockerSuite) TestExecWithPrivileged(c *testing.T) {
 	// Not applicable on Windows
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	// Start main loop which attempts mknod repeatedly
@@ -463,7 +451,7 @@ func (s *DockerSuite) TestExecWithPrivileged(c *check.C) {
 	result.Assert(c, icmd.Success)
 
 	actual := strings.TrimSpace(result.Combined())
-	c.Assert(actual, checker.Equals, "ok", check.Commentf("exec mknod in --cap-drop=ALL container with --privileged failed, output: %q", result.Combined()))
+	assert.Equal(c, actual, "ok", "exec mknod in --cap-drop=ALL container with --privileged failed, output: %q", result.Combined())
 
 	// Check subsequent unprivileged exec cannot mknod
 	icmd.RunCommand(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdc b 8 32").Assert(c, icmd.Expected{
@@ -473,11 +461,10 @@ func (s *DockerSuite) TestExecWithPrivileged(c *check.C) {
 	// Confirm at no point was mknod allowed
 	result = icmd.RunCommand(dockerBinary, "logs", "parent")
 	result.Assert(c, icmd.Success)
-	c.Assert(result.Combined(), checker.Not(checker.Contains), "Success")
-
+	assert.Assert(c, !strings.Contains(result.Combined(), "Success"))
 }
 
-func (s *DockerSuite) TestExecWithImageUser(c *check.C) {
+func (s *DockerSuite) TestExecWithImageUser(c *testing.T) {
 	// Not applicable on Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuilduser"
@@ -487,10 +474,10 @@ func (s *DockerSuite) TestExecWithImageUser(c *check.C) {
 	dockerCmd(c, "run", "-d", "--name", "dockerioexec", name, "top")
 
 	out, _ := dockerCmd(c, "exec", "dockerioexec", "whoami")
-	c.Assert(out, checker.Contains, "dockerio", check.Commentf("exec with user by id expected dockerio user got %s", out))
+	assert.Assert(c, strings.Contains(out, "dockerio"), "exec with user by id expected dockerio user got %s", out)
 }
 
-func (s *DockerSuite) TestExecOnReadonlyContainer(c *check.C) {
+func (s *DockerSuite) TestExecOnReadonlyContainer(c *testing.T) {
 	// Windows does not support read-only
 	// --read-only + userns has remount issues
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
@@ -498,144 +485,47 @@ func (s *DockerSuite) TestExecOnReadonlyContainer(c *check.C) {
 	dockerCmd(c, "exec", "parent", "true")
 }
 
-func (s *DockerSuite) TestExecUlimits(c *check.C) {
+func (s *DockerSuite) TestExecUlimits(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "testexeculimits"
 	runSleepingContainer(c, "-d", "--ulimit", "nofile=511:511", "--name", name)
-	c.Assert(waitRun(name), checker.IsNil)
+	assert.NilError(c, waitRun(name))
 
 	out, _, err := dockerCmdWithError("exec", name, "sh", "-c", "ulimit -n")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "511")
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), "511")
 }
 
 // #15750
-func (s *DockerSuite) TestExecStartFails(c *check.C) {
+func (s *DockerSuite) TestExecStartFails(c *testing.T) {
 	// TODO Windows CI. This test should be portable. Figure out why it fails
 	// currently.
 	testRequires(c, DaemonIsLinux)
 	name := "exec-15750"
 	runSleepingContainer(c, "-d", "--name", name)
-	c.Assert(waitRun(name), checker.IsNil)
+	assert.NilError(c, waitRun(name))
 
 	out, _, err := dockerCmdWithError("exec", name, "no-such-cmd")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "executable file not found")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "executable file not found"))
 }
 
 // Fix regression in https://github.com/docker/docker/pull/26461#issuecomment-250287297
-func (s *DockerSuite) TestExecWindowsPathNotWiped(c *check.C) {
+func (s *DockerSuite) TestExecWindowsPathNotWiped(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	out, _ := dockerCmd(c, "run", "-d", "--name", "testing", minimalBaseImage(), "powershell", "start-sleep", "60")
-	c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil)
+	assert.NilError(c, waitRun(strings.TrimSpace(out)))
 
 	out, _ = dockerCmd(c, "exec", "testing", "powershell", "write-host", "$env:PATH")
 	out = strings.ToLower(strings.Trim(out, "\r\n"))
-	c.Assert(out, checker.Contains, `windowspowershell\v1.0`)
+	assert.Assert(c, strings.Contains(out, `windowspowershell\v1.0`))
 }
 
-func (s *DockerSuite) TestExecEnvLinksHost(c *check.C) {
+func (s *DockerSuite) TestExecEnvLinksHost(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	runSleepingContainer(c, "-d", "--name", "foo")
 	runSleepingContainer(c, "-d", "--link", "foo:db", "--hostname", "myhost", "--name", "bar")
 	out, _ := dockerCmd(c, "exec", "bar", "env")
-	c.Assert(out, checker.Contains, "HOSTNAME=myhost")
-	c.Assert(out, checker.Contains, "DB_NAME=/bar/db")
-}
-
-func (s *DockerSuite) TestExecWindowsOpenHandles(c *check.C) {
-	testRequires(c, DaemonIsWindows)
-
-	if runtime.GOOS == "windows" {
-		v, err := kernel.GetKernelVersion()
-		c.Assert(err, checker.IsNil)
-		build, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
-		if build >= 17743 {
-			c.Skip("Temporarily disabled on RS5 17743+ builds due to platform bug")
-
-			// This is being tracked internally. @jhowardmsft. Summary of failure
-			// from an email in early July 2018 below:
-			//
-			// Platform regression. In cmd.exe by the look of it. I can repro
-			// it outside of CI.  It fails the same on 17681, 17676 and even as
-			// far back as 17663, over a month old. From investigating, I can see
-			// what's happening in the container, but not the reason. The test
-			// starts a long-running container based on the Windows busybox image.
-			// It then adds another process (docker exec) to that container to
-			// sleep. It loops waiting for two instances of busybox.exe running,
-			// and cmd.exe to quit. What's actually happening is that the second
-			// exec hangs indefinitely, and from docker top, I can see
-			// "OpenWith.exe" running.
-
-			//Manual repro would be
-			//# Start the first long-running container
-			//docker run --rm -d --name test busybox sleep 300
-
-			//# In another window, docker top test. There should be a single instance of busybox.exe running
-			//# In a third window, docker exec test cmd /c start sleep 10  NOTE THIS HANGS UNTIL 5 MIN TIMEOUT
-			//# In the second window, run docker top test. Note that OpenWith.exe is running, one cmd.exe and only one busybox. I would expect no "OpenWith" and two busybox.exe's.
-		}
-	}
-
-	runSleepingContainer(c, "-d", "--name", "test")
-	exec := make(chan bool)
-	go func() {
-		dockerCmd(c, "exec", "test", "cmd", "/c", "start sleep 10")
-		exec <- true
-	}()
-
-	count := 0
-	for {
-		top := make(chan string)
-		var out string
-		go func() {
-			out, _ := dockerCmd(c, "top", "test")
-			top <- out
-		}()
-
-		select {
-		case <-time.After(time.Second * 5):
-			c.Fatal("timed out waiting for top while exec is exiting")
-		case out = <-top:
-			break
-		}
-
-		if strings.Count(out, "busybox.exe") == 2 && !strings.Contains(out, "cmd.exe") {
-			// The initial exec process (cmd.exe) has exited, and both sleeps are currently running
-			break
-		}
-		count++
-		if count >= 30 {
-			c.Fatal("too many retries")
-		}
-		time.Sleep(1 * time.Second)
-	}
-
-	inspect := make(chan bool)
-	go func() {
-		dockerCmd(c, "inspect", "test")
-		inspect <- true
-	}()
-
-	select {
-	case <-time.After(time.Second * 5):
-		c.Fatal("timed out waiting for inspect while exec is exiting")
-	case <-inspect:
-		break
-	}
-
-	// Ensure the background sleep is still running
-	out, _ := dockerCmd(c, "top", "test")
-	c.Assert(strings.Count(out, "busybox.exe"), checker.Equals, 2)
-
-	// The exec should exit when the background sleep exits
-	select {
-	case <-time.After(time.Second * 15):
-		c.Fatal("timed out waiting for async exec to exit")
-	case <-exec:
-		// Ensure the background sleep has actually exited
-		out, _ := dockerCmd(c, "top", "test")
-		c.Assert(strings.Count(out, "busybox.exe"), checker.Equals, 1)
-		break
-	}
+	assert.Check(c, is.Contains(out, "HOSTNAME=myhost"))
+	assert.Check(c, is.Contains(out, "DB_NAME=/bar/db"))
 }
diff --git a/integration-cli/docker_cli_exec_unix_test.go b/integration-cli/docker_cli_exec_unix_test.go
index 4c77df4f110c7..f83b2aad1cd74 100644
--- a/integration-cli/docker_cli_exec_unix_test.go
+++ b/integration-cli/docker_cli_exec_unix_test.go
@@ -1,4 +1,5 @@
-// +build !windows,!test_no_exec
+//go:build !windows
+// +build !windows
 
 package main
 
@@ -7,91 +8,91 @@ import (
 	"io"
 	"os/exec"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"github.com/kr/pty"
+	"github.com/creack/pty"
+	"gotest.tools/v3/assert"
 )
 
 // regression test for #12546
-func (s *DockerSuite) TestExecInteractiveStdinClose(c *check.C) {
+func (s *DockerSuite) TestExecInteractiveStdinClose(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-itd", "busybox", "/bin/cat")
 	contID := strings.TrimSpace(out)
 
 	cmd := exec.Command(dockerBinary, "exec", "-i", contID, "echo", "-n", "hello")
 	p, err := pty.Start(cmd)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	b := bytes.NewBuffer(nil)
 
-	ch := make(chan error)
+	ch := make(chan error, 1)
 	go func() { ch <- cmd.Wait() }()
 
 	select {
 	case err := <-ch:
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		io.Copy(b, p)
 		p.Close()
 		bs := b.Bytes()
 		bs = bytes.Trim(bs, "\x00")
 		output := string(bs[:])
-		c.Assert(strings.TrimSpace(output), checker.Equals, "hello")
+		assert.Equal(c, strings.TrimSpace(output), "hello")
 	case <-time.After(5 * time.Second):
 		p.Close()
 		c.Fatal("timed out running docker exec")
 	}
 }
 
-func (s *DockerSuite) TestExecTTY(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestExecTTY(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	dockerCmd(c, "run", "-d", "--name=test", "busybox", "sh", "-c", "echo hello > /foo && top")
 
 	cmd := exec.Command(dockerBinary, "exec", "-it", "test", "sh")
 	p, err := pty.Start(cmd)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer p.Close()
 
 	_, err = p.Write([]byte("cat /foo && exit\n"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	chErr := make(chan error)
+	chErr := make(chan error, 1)
 	go func() {
 		chErr <- cmd.Wait()
 	}()
 	select {
 	case err := <-chErr:
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(3 * time.Second):
 		c.Fatal("timeout waiting for exec to exit")
 	}
 
 	buf := make([]byte, 256)
 	read, err := p.Read(buf)
-	c.Assert(err, checker.IsNil)
-	c.Assert(bytes.Contains(buf, []byte("hello")), checker.Equals, true, check.Commentf(string(buf[:read])))
+	assert.NilError(c, err)
+	assert.Assert(c, bytes.Contains(buf, []byte("hello")), string(buf[:read]))
 }
 
 // Test the TERM env var is set when -t is provided on exec
-func (s *DockerSuite) TestExecWithTERM(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestExecWithTERM(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	out, _ := dockerCmd(c, "run", "-id", "busybox", "/bin/cat")
 	contID := strings.TrimSpace(out)
 	cmd := exec.Command(dockerBinary, "exec", "-t", contID, "sh", "-c", "if [ -z $TERM ]; then exit 1; else exit 0; fi")
 	if err := cmd.Run(); err != nil {
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	}
 }
 
 // Test that the TERM env var is not set on exec when -t is not provided, even if it was set
 // on run
-func (s *DockerSuite) TestExecWithNoTERM(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestExecWithNoTERM(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	out, _ := dockerCmd(c, "run", "-itd", "busybox", "/bin/cat")
 	contID := strings.TrimSpace(out)
 	cmd := exec.Command(dockerBinary, "exec", contID, "sh", "-c", "if [ -z $TERM ]; then exit 0; else exit 1; fi")
 	if err := cmd.Run(); err != nil {
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	}
 }
diff --git a/integration-cli/docker_cli_external_volume_driver_test.go b/integration-cli/docker_cli_external_volume_driver_test.go
new file mode 100644
index 0000000000000..0428b7cc2054b
--- /dev/null
+++ b/integration-cli/docker_cli_external_volume_driver_test.go
@@ -0,0 +1,617 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration-cli/daemon"
+	"github.com/docker/docker/pkg/stringid"
+	testdaemon "github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/volume"
+	"gotest.tools/v3/assert"
+)
+
+const volumePluginName = "test-external-volume-driver"
+
+type eventCounter struct {
+	activations int
+	creations   int
+	removals    int
+	mounts      int
+	unmounts    int
+	paths       int
+	lists       int
+	gets        int
+	caps        int
+}
+
+type DockerExternalVolumeSuite struct {
+	ds *DockerSuite
+	d  *daemon.Daemon
+	*volumePlugin
+}
+
+func (s *DockerExternalVolumeSuite) SetUpTest(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	s.ec = &eventCounter{}
+}
+
+func (s *DockerExternalVolumeSuite) TearDownTest(c *testing.T) {
+	if s.d != nil {
+		s.d.Stop(c)
+		s.ds.TearDownTest(c)
+	}
+}
+
+func (s *DockerExternalVolumeSuite) SetUpSuite(c *testing.T) {
+	s.volumePlugin = newVolumePlugin(c, volumePluginName)
+}
+
+type volumePlugin struct {
+	ec *eventCounter
+	*httptest.Server
+	vols map[string]vol
+}
+
+type vol struct {
+	Name       string
+	Mountpoint string
+	Ninja      bool // hack used to trigger a null volume return on `Get`
+	Status     map[string]interface{}
+	Options    map[string]string
+}
+
+func (p *volumePlugin) Close() {
+	p.Server.Close()
+}
+
+func newVolumePlugin(c *testing.T, name string) *volumePlugin {
+	mux := http.NewServeMux()
+	s := &volumePlugin{Server: httptest.NewServer(mux), ec: &eventCounter{}, vols: make(map[string]vol)}
+
+	type pluginRequest struct {
+		Name string
+		Opts map[string]string
+		ID   string
+	}
+
+	type pluginResp struct {
+		Mountpoint string `json:",omitempty"`
+		Err        string `json:",omitempty"`
+	}
+
+	read := func(b io.ReadCloser) (pluginRequest, error) {
+		defer b.Close()
+		var pr pluginRequest
+		err := json.NewDecoder(b).Decode(&pr)
+		return pr, err
+	}
+
+	send := func(w http.ResponseWriter, data interface{}) {
+		switch t := data.(type) {
+		case error:
+			http.Error(w, t.Error(), 500)
+		case string:
+			w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+			fmt.Fprintln(w, t)
+		default:
+			w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+			json.NewEncoder(w).Encode(&data)
+		}
+	}
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.activations++
+		send(w, `{"Implements": ["VolumeDriver"]}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Create", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.creations++
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+		_, isNinja := pr.Opts["ninja"]
+		status := map[string]interface{}{"Hello": "world"}
+		s.vols[pr.Name] = vol{Name: pr.Name, Ninja: isNinja, Status: status, Options: pr.Opts}
+		send(w, nil)
+	})
+
+	mux.HandleFunc("/VolumeDriver.List", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.lists++
+		vols := make([]vol, 0, len(s.vols))
+		for _, v := range s.vols {
+			if v.Ninja {
+				continue
+			}
+			vols = append(vols, v)
+		}
+		send(w, map[string][]vol{"Volumes": vols})
+	})
+
+	mux.HandleFunc("/VolumeDriver.Get", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.gets++
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		v, exists := s.vols[pr.Name]
+		if !exists {
+			send(w, `{"Err": "no such volume"}`)
+		}
+
+		if v.Ninja {
+			send(w, map[string]vol{})
+			return
+		}
+
+		v.Mountpoint = hostVolumePath(pr.Name)
+		send(w, map[string]vol{"Volume": v})
+	})
+
+	mux.HandleFunc("/VolumeDriver.Remove", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.removals++
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		v, ok := s.vols[pr.Name]
+		if !ok {
+			send(w, nil)
+			return
+		}
+
+		if err := os.RemoveAll(hostVolumePath(v.Name)); err != nil {
+			send(w, &pluginResp{Err: err.Error()})
+			return
+		}
+		delete(s.vols, v.Name)
+		send(w, nil)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Path", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.paths++
+
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+		p := hostVolumePath(pr.Name)
+		send(w, &pluginResp{Mountpoint: p})
+	})
+
+	mux.HandleFunc("/VolumeDriver.Mount", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.mounts++
+
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		if v, exists := s.vols[pr.Name]; exists {
+			// Use this to simulate a mount failure
+			if _, exists := v.Options["invalidOption"]; exists {
+				send(w, fmt.Errorf("invalid argument"))
+				return
+			}
+		}
+
+		p := hostVolumePath(pr.Name)
+		if err := os.MkdirAll(p, 0755); err != nil {
+			send(w, &pluginResp{Err: err.Error()})
+			return
+		}
+
+		if err := os.WriteFile(filepath.Join(p, "test"), []byte(s.Server.URL), 0644); err != nil {
+			send(w, err)
+			return
+		}
+
+		if err := os.WriteFile(filepath.Join(p, "mountID"), []byte(pr.ID), 0644); err != nil {
+			send(w, err)
+			return
+		}
+
+		send(w, &pluginResp{Mountpoint: p})
+	})
+
+	mux.HandleFunc("/VolumeDriver.Unmount", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.unmounts++
+
+		_, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		send(w, nil)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Capabilities", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.caps++
+
+		_, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		send(w, `{"Capabilities": { "Scope": "global" }}`)
+	})
+
+	err := os.MkdirAll("/etc/docker/plugins", 0755)
+	assert.NilError(c, err)
+
+	err = os.WriteFile("/etc/docker/plugins/"+name+".spec", []byte(s.Server.URL), 0644)
+	assert.NilError(c, err)
+	return s
+}
+
+func (s *DockerExternalVolumeSuite) TearDownSuite(c *testing.T) {
+	s.volumePlugin.Close()
+
+	err := os.RemoveAll("/etc/docker/plugins")
+	assert.NilError(c, err)
+}
+
+func (s *DockerExternalVolumeSuite) TestVolumeCLICreateOptionConflict(c *testing.T) {
+	dockerCmd(c, "volume", "create", "test")
+
+	out, _, err := dockerCmdWithError("volume", "create", "test", "--driver", volumePluginName)
+	assert.Assert(c, err != nil, "volume create exception name already in use with another driver")
+	assert.Assert(c, strings.Contains(out, "must be unique"))
+	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Driver }}", "test")
+	_, _, err = dockerCmdWithError("volume", "create", "test", "--driver", strings.TrimSpace(out))
+	assert.NilError(c, err)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverNamed(c *testing.T) {
+	s.d.StartWithBusybox(c)
+
+	out, err := s.d.Cmd("run", "--rm", "--name", "test-data", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, s.Server.URL))
+	_, err = s.d.Cmd("volume", "rm", "external-volume-test")
+	assert.NilError(c, err)
+
+	p := hostVolumePath("external-volume-test")
+	_, err = os.Lstat(p)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, os.IsNotExist(err), "Expected volume path in host to not exist: %s, %v\n", p, err)
+
+	assert.Equal(c, s.ec.activations, 1)
+	assert.Equal(c, s.ec.creations, 1)
+	assert.Equal(c, s.ec.removals, 1)
+	assert.Equal(c, s.ec.mounts, 1)
+	assert.Equal(c, s.ec.unmounts, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnnamed(c *testing.T) {
+	s.d.StartWithBusybox(c)
+
+	out, err := s.d.Cmd("run", "--rm", "--name", "test-data", "-v", "/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, s.Server.URL))
+	assert.Equal(c, s.ec.activations, 1)
+	assert.Equal(c, s.ec.creations, 1)
+	assert.Equal(c, s.ec.removals, 1)
+	assert.Equal(c, s.ec.mounts, 1)
+	assert.Equal(c, s.ec.unmounts, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverVolumesFrom(c *testing.T) {
+	s.d.StartWithBusybox(c)
+
+	out, err := s.d.Cmd("run", "--name", "vol-test1", "-v", "/foo", "--volume-driver", volumePluginName, "busybox:latest")
+	assert.NilError(c, err, out)
+
+	out, err = s.d.Cmd("run", "--rm", "--volumes-from", "vol-test1", "--name", "vol-test2", "busybox", "ls", "/tmp")
+	assert.NilError(c, err, out)
+
+	out, err = s.d.Cmd("rm", "-fv", "vol-test1")
+	assert.NilError(c, err, out)
+
+	assert.Equal(c, s.ec.activations, 1)
+	assert.Equal(c, s.ec.creations, 1)
+	assert.Equal(c, s.ec.removals, 1)
+	assert.Equal(c, s.ec.mounts, 2)
+	assert.Equal(c, s.ec.unmounts, 2)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverDeleteContainer(c *testing.T) {
+	s.d.StartWithBusybox(c)
+
+	out, err := s.d.Cmd("run", "--name", "vol-test1", "-v", "/foo", "--volume-driver", volumePluginName, "busybox:latest")
+	assert.NilError(c, err, out)
+
+	out, err = s.d.Cmd("rm", "-fv", "vol-test1")
+	assert.NilError(c, err, out)
+
+	assert.Equal(c, s.ec.activations, 1)
+	assert.Equal(c, s.ec.creations, 1)
+	assert.Equal(c, s.ec.removals, 1)
+	assert.Equal(c, s.ec.mounts, 1)
+	assert.Equal(c, s.ec.unmounts, 1)
+}
+
+func hostVolumePath(name string) string {
+	return fmt.Sprintf("/var/lib/docker/volumes/%s", name)
+}
+
+// Make sure a request to use a down driver doesn't block other requests
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverLookupNotBlocked(c *testing.T) {
+	specPath := "/etc/docker/plugins/down-driver.spec"
+	err := os.WriteFile(specPath, []byte("tcp://127.0.0.7:9999"), 0644)
+	assert.NilError(c, err)
+	defer os.RemoveAll(specPath)
+
+	chCmd1 := make(chan struct{})
+	chCmd2 := make(chan error, 1)
+	cmd1 := exec.Command(dockerBinary, "volume", "create", "-d", "down-driver")
+	cmd2 := exec.Command(dockerBinary, "volume", "create")
+
+	assert.Assert(c, cmd1.Start() == nil)
+	defer cmd1.Process.Kill()
+	time.Sleep(100 * time.Millisecond) // ensure API has been called
+	assert.Assert(c, cmd2.Start() == nil)
+
+	go func() {
+		cmd1.Wait()
+		close(chCmd1)
+	}()
+	go func() {
+		chCmd2 <- cmd2.Wait()
+	}()
+
+	select {
+	case <-chCmd1:
+		cmd2.Process.Kill()
+		c.Fatalf("volume create with down driver finished unexpectedly")
+	case err := <-chCmd2:
+		assert.NilError(c, err)
+	case <-time.After(5 * time.Second):
+		cmd2.Process.Kill()
+		c.Fatal("volume creates are blocked by previous create requests when previous driver is down")
+	}
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverRetryNotImmediatelyExists(c *testing.T) {
+	s.d.StartWithBusybox(c)
+	driverName := "test-external-volume-driver-retry"
+
+	errchan := make(chan error, 1)
+	started := make(chan struct{})
+	go func() {
+		close(started)
+		if out, err := s.d.Cmd("run", "--rm", "--name", "test-data-retry", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", driverName, "busybox:latest"); err != nil {
+			errchan <- fmt.Errorf("%v:\n%s", err, out)
+		}
+		close(errchan)
+	}()
+
+	<-started
+	// wait for a retry to occur, then create spec to allow plugin to register
+	time.Sleep(2 * time.Second)
+	p := newVolumePlugin(c, driverName)
+	defer p.Close()
+
+	select {
+	case err := <-errchan:
+		assert.NilError(c, err)
+	case <-time.After(8 * time.Second):
+		c.Fatal("volume creates fail when plugin not immediately available")
+	}
+
+	_, err := s.d.Cmd("volume", "rm", "external-volume-test")
+	assert.NilError(c, err)
+
+	assert.Equal(c, p.ec.activations, 1)
+	assert.Equal(c, p.ec.creations, 1)
+	assert.Equal(c, p.ec.removals, 1)
+	assert.Equal(c, p.ec.mounts, 1)
+	assert.Equal(c, p.ec.unmounts, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverBindExternalVolume(c *testing.T) {
+	dockerCmd(c, "volume", "create", "-d", volumePluginName, "foo")
+	dockerCmd(c, "run", "-d", "--name", "testing", "-v", "foo:/bar", "busybox", "top")
+
+	var mounts []struct {
+		Name   string
+		Driver string
+	}
+	out := inspectFieldJSON(c, "testing", "Mounts")
+	assert.Assert(c, json.NewDecoder(strings.NewReader(out)).Decode(&mounts) == nil)
+	assert.Equal(c, len(mounts), 1, out)
+	assert.Equal(c, mounts[0].Name, "foo")
+	assert.Equal(c, mounts[0].Driver, volumePluginName)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverList(c *testing.T) {
+	dockerCmd(c, "volume", "create", "-d", volumePluginName, "abc3")
+	out, _ := dockerCmd(c, "volume", "ls")
+	ls := strings.Split(strings.TrimSpace(out), "\n")
+	assert.Equal(c, len(ls), 2, fmt.Sprintf("\n%s", out))
+
+	vol := strings.Fields(ls[len(ls)-1])
+	assert.Equal(c, len(vol), 2, fmt.Sprintf("%v", vol))
+	assert.Equal(c, vol[0], volumePluginName)
+	assert.Equal(c, vol[1], "abc3")
+
+	assert.Equal(c, s.ec.lists, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGet(c *testing.T) {
+	out, _, err := dockerCmdWithError("volume", "inspect", "dummy")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "No such volume"))
+	assert.Equal(c, s.ec.gets, 1)
+
+	dockerCmd(c, "volume", "create", "test", "-d", volumePluginName)
+	out, _ = dockerCmd(c, "volume", "inspect", "test")
+
+	type vol struct {
+		Status map[string]string
+	}
+	var st []vol
+
+	assert.Assert(c, json.Unmarshal([]byte(out), &st) == nil)
+	assert.Equal(c, len(st), 1)
+	assert.Equal(c, len(st[0].Status), 1, fmt.Sprintf("%v", st[0]))
+	assert.Equal(c, st[0].Status["Hello"], "world", fmt.Sprintf("%v", st[0].Status))
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverWithDaemonRestart(c *testing.T) {
+	dockerCmd(c, "volume", "create", "-d", volumePluginName, "abc1")
+	s.d.Restart(c)
+
+	dockerCmd(c, "run", "--name=test", "-v", "abc1:/foo", "busybox", "true")
+	var mounts []types.MountPoint
+	inspectFieldAndUnmarshall(c, "test", "Mounts", &mounts)
+	assert.Equal(c, len(mounts), 1)
+	assert.Equal(c, mounts[0].Driver, volumePluginName)
+}
+
+// Ensures that the daemon handles when the plugin responds to a `Get` request with a null volume and a null error.
+// Prior the daemon would panic in this scenario.
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGetEmptyResponse(c *testing.T) {
+	s.d.Start(c)
+
+	out, err := s.d.Cmd("volume", "create", "-d", volumePluginName, "abc2", "--opt", "ninja=1")
+	assert.NilError(c, err, out)
+
+	out, err = s.d.Cmd("volume", "inspect", "abc2")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "No such volume"))
+}
+
+// Ensure only cached paths are used in volume list to prevent N+1 calls to `VolumeDriver.Path`
+//
+// TODO(@cpuguy83): This test is testing internal implementation. In all the cases here, there may not even be a path
+// 	available because the volume is not even mounted. Consider removing this test.
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverPathCalls(c *testing.T) {
+	s.d.Start(c)
+	assert.Equal(c, s.ec.paths, 0)
+
+	out, err := s.d.Cmd("volume", "create", "test", "--driver=test-external-volume-driver")
+	assert.NilError(c, err, out)
+	assert.Equal(c, s.ec.paths, 0)
+
+	out, err = s.d.Cmd("volume", "ls")
+	assert.NilError(c, err, out)
+	assert.Equal(c, s.ec.paths, 0)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverMountID(c *testing.T) {
+	s.d.StartWithBusybox(c)
+
+	out, err := s.d.Cmd("run", "--rm", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
+}
+
+// Check that VolumeDriver.Capabilities gets called, and only called once
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverCapabilities(c *testing.T) {
+	s.d.Start(c)
+	assert.Equal(c, s.ec.caps, 0)
+
+	for i := 0; i < 3; i++ {
+		out, err := s.d.Cmd("volume", "create", "-d", volumePluginName, fmt.Sprintf("test%d", i))
+		assert.NilError(c, err, out)
+		assert.Equal(c, s.ec.caps, 1)
+		out, err = s.d.Cmd("volume", "inspect", "--format={{.Scope}}", fmt.Sprintf("test%d", i))
+		assert.NilError(c, err)
+		assert.Equal(c, strings.TrimSpace(out), volume.GlobalScope)
+	}
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverOutOfBandDelete(c *testing.T) {
+	driverName := stringid.GenerateRandomID()
+	p := newVolumePlugin(c, driverName)
+	defer p.Close()
+
+	s.d.StartWithBusybox(c)
+
+	out, err := s.d.Cmd("volume", "create", "-d", driverName, "--name", "test")
+	assert.NilError(c, err, out)
+
+	out, err = s.d.Cmd("volume", "create", "-d", "local", "--name", "test")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "must be unique"))
+	// simulate out of band volume deletion on plugin level
+	delete(p.vols, "test")
+
+	// test re-create with same driver
+	out, err = s.d.Cmd("volume", "create", "-d", driverName, "--opt", "foo=bar", "--name", "test")
+	assert.NilError(c, err, out)
+	out, err = s.d.Cmd("volume", "inspect", "test")
+	assert.NilError(c, err, out)
+
+	var vs []types.Volume
+	err = json.Unmarshal([]byte(out), &vs)
+	assert.NilError(c, err)
+	assert.Equal(c, len(vs), 1)
+	assert.Equal(c, vs[0].Driver, driverName)
+	assert.Assert(c, vs[0].Options != nil)
+	assert.Equal(c, vs[0].Options["foo"], "bar")
+	assert.Equal(c, vs[0].Driver, driverName)
+
+	// simulate out of band volume deletion on plugin level
+	delete(p.vols, "test")
+
+	// test create with different driver
+	out, err = s.d.Cmd("volume", "create", "-d", "local", "--name", "test")
+	assert.NilError(c, err, out)
+
+	out, err = s.d.Cmd("volume", "inspect", "test")
+	assert.NilError(c, err, out)
+	vs = nil
+	err = json.Unmarshal([]byte(out), &vs)
+	assert.NilError(c, err)
+	assert.Equal(c, len(vs), 1)
+	assert.Equal(c, len(vs[0].Options), 0)
+	assert.Equal(c, vs[0].Driver, "local")
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnmountOnMountFail(c *testing.T) {
+	s.d.StartWithBusybox(c)
+	s.d.Cmd("volume", "create", "-d", "test-external-volume-driver", "--opt=invalidOption=1", "--name=testumount")
+
+	out, _ := s.d.Cmd("run", "-v", "testumount:/foo", "busybox", "true")
+	assert.Equal(c, s.ec.unmounts, 0, out)
+	out, _ = s.d.Cmd("run", "-w", "/foo", "-v", "testumount:/foo", "busybox", "true")
+	assert.Equal(c, s.ec.unmounts, 0, out)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnmountOnCp(c *testing.T) {
+	s.d.StartWithBusybox(c)
+	s.d.Cmd("volume", "create", "-d", "test-external-volume-driver", "--name=test")
+
+	out, _ := s.d.Cmd("run", "-d", "--name=test", "-v", "test:/foo", "busybox", "/bin/sh", "-c", "touch /test && top")
+	assert.Equal(c, s.ec.mounts, 1, out)
+
+	out, _ = s.d.Cmd("cp", "test:/test", "/tmp/test")
+	assert.Equal(c, s.ec.mounts, 2, out)
+	assert.Equal(c, s.ec.unmounts, 1, out)
+
+	out, _ = s.d.Cmd("kill", "test")
+	assert.Equal(c, s.ec.unmounts, 2, out)
+}
diff --git a/integration-cli/docker_cli_external_volume_driver_unix_test.go b/integration-cli/docker_cli_external_volume_driver_unix_test.go
deleted file mode 100644
index da8bb7e0115f0..0000000000000
--- a/integration-cli/docker_cli_external_volume_driver_unix_test.go
+++ /dev/null
@@ -1,631 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/integration-cli/daemon"
-	testdaemon "github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/volume"
-	"github.com/go-check/check"
-)
-
-const volumePluginName = "test-external-volume-driver"
-
-func init() {
-	check.Suite(&DockerExternalVolumeSuite{
-		ds: &DockerSuite{},
-	})
-}
-
-type eventCounter struct {
-	activations int
-	creations   int
-	removals    int
-	mounts      int
-	unmounts    int
-	paths       int
-	lists       int
-	gets        int
-	caps        int
-}
-
-type DockerExternalVolumeSuite struct {
-	ds *DockerSuite
-	d  *daemon.Daemon
-	*volumePlugin
-}
-
-func (s *DockerExternalVolumeSuite) SetUpTest(c *check.C) {
-	testRequires(c, SameHostDaemon)
-	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
-	s.ec = &eventCounter{}
-}
-
-func (s *DockerExternalVolumeSuite) TearDownTest(c *check.C) {
-	if s.d != nil {
-		s.d.Stop(c)
-		s.ds.TearDownTest(c)
-	}
-}
-
-func (s *DockerExternalVolumeSuite) SetUpSuite(c *check.C) {
-	s.volumePlugin = newVolumePlugin(c, volumePluginName)
-}
-
-type volumePlugin struct {
-	ec *eventCounter
-	*httptest.Server
-	vols map[string]vol
-}
-
-type vol struct {
-	Name       string
-	Mountpoint string
-	Ninja      bool // hack used to trigger a null volume return on `Get`
-	Status     map[string]interface{}
-	Options    map[string]string
-}
-
-func (p *volumePlugin) Close() {
-	p.Server.Close()
-}
-
-func newVolumePlugin(c *check.C, name string) *volumePlugin {
-	mux := http.NewServeMux()
-	s := &volumePlugin{Server: httptest.NewServer(mux), ec: &eventCounter{}, vols: make(map[string]vol)}
-
-	type pluginRequest struct {
-		Name string
-		Opts map[string]string
-		ID   string
-	}
-
-	type pluginResp struct {
-		Mountpoint string `json:",omitempty"`
-		Err        string `json:",omitempty"`
-	}
-
-	read := func(b io.ReadCloser) (pluginRequest, error) {
-		defer b.Close()
-		var pr pluginRequest
-		err := json.NewDecoder(b).Decode(&pr)
-		return pr, err
-	}
-
-	send := func(w http.ResponseWriter, data interface{}) {
-		switch t := data.(type) {
-		case error:
-			http.Error(w, t.Error(), 500)
-		case string:
-			w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
-			fmt.Fprintln(w, t)
-		default:
-			w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
-			json.NewEncoder(w).Encode(&data)
-		}
-	}
-
-	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.activations++
-		send(w, `{"Implements": ["VolumeDriver"]}`)
-	})
-
-	mux.HandleFunc("/VolumeDriver.Create", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.creations++
-		pr, err := read(r.Body)
-		if err != nil {
-			send(w, err)
-			return
-		}
-		_, isNinja := pr.Opts["ninja"]
-		status := map[string]interface{}{"Hello": "world"}
-		s.vols[pr.Name] = vol{Name: pr.Name, Ninja: isNinja, Status: status, Options: pr.Opts}
-		send(w, nil)
-	})
-
-	mux.HandleFunc("/VolumeDriver.List", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.lists++
-		vols := make([]vol, 0, len(s.vols))
-		for _, v := range s.vols {
-			if v.Ninja {
-				continue
-			}
-			vols = append(vols, v)
-		}
-		send(w, map[string][]vol{"Volumes": vols})
-	})
-
-	mux.HandleFunc("/VolumeDriver.Get", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.gets++
-		pr, err := read(r.Body)
-		if err != nil {
-			send(w, err)
-			return
-		}
-
-		v, exists := s.vols[pr.Name]
-		if !exists {
-			send(w, `{"Err": "no such volume"}`)
-		}
-
-		if v.Ninja {
-			send(w, map[string]vol{})
-			return
-		}
-
-		v.Mountpoint = hostVolumePath(pr.Name)
-		send(w, map[string]vol{"Volume": v})
-		return
-	})
-
-	mux.HandleFunc("/VolumeDriver.Remove", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.removals++
-		pr, err := read(r.Body)
-		if err != nil {
-			send(w, err)
-			return
-		}
-
-		v, ok := s.vols[pr.Name]
-		if !ok {
-			send(w, nil)
-			return
-		}
-
-		if err := os.RemoveAll(hostVolumePath(v.Name)); err != nil {
-			send(w, &pluginResp{Err: err.Error()})
-			return
-		}
-		delete(s.vols, v.Name)
-		send(w, nil)
-	})
-
-	mux.HandleFunc("/VolumeDriver.Path", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.paths++
-
-		pr, err := read(r.Body)
-		if err != nil {
-			send(w, err)
-			return
-		}
-		p := hostVolumePath(pr.Name)
-		send(w, &pluginResp{Mountpoint: p})
-	})
-
-	mux.HandleFunc("/VolumeDriver.Mount", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.mounts++
-
-		pr, err := read(r.Body)
-		if err != nil {
-			send(w, err)
-			return
-		}
-
-		if v, exists := s.vols[pr.Name]; exists {
-			// Use this to simulate a mount failure
-			if _, exists := v.Options["invalidOption"]; exists {
-				send(w, fmt.Errorf("invalid argument"))
-				return
-			}
-		}
-
-		p := hostVolumePath(pr.Name)
-		if err := os.MkdirAll(p, 0755); err != nil {
-			send(w, &pluginResp{Err: err.Error()})
-			return
-		}
-
-		if err := ioutil.WriteFile(filepath.Join(p, "test"), []byte(s.Server.URL), 0644); err != nil {
-			send(w, err)
-			return
-		}
-
-		if err := ioutil.WriteFile(filepath.Join(p, "mountID"), []byte(pr.ID), 0644); err != nil {
-			send(w, err)
-			return
-		}
-
-		send(w, &pluginResp{Mountpoint: p})
-	})
-
-	mux.HandleFunc("/VolumeDriver.Unmount", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.unmounts++
-
-		_, err := read(r.Body)
-		if err != nil {
-			send(w, err)
-			return
-		}
-
-		send(w, nil)
-	})
-
-	mux.HandleFunc("/VolumeDriver.Capabilities", func(w http.ResponseWriter, r *http.Request) {
-		s.ec.caps++
-
-		_, err := read(r.Body)
-		if err != nil {
-			send(w, err)
-			return
-		}
-
-		send(w, `{"Capabilities": { "Scope": "global" }}`)
-	})
-
-	err := os.MkdirAll("/etc/docker/plugins", 0755)
-	c.Assert(err, checker.IsNil)
-
-	err = ioutil.WriteFile("/etc/docker/plugins/"+name+".spec", []byte(s.Server.URL), 0644)
-	c.Assert(err, checker.IsNil)
-	return s
-}
-
-func (s *DockerExternalVolumeSuite) TearDownSuite(c *check.C) {
-	s.volumePlugin.Close()
-
-	err := os.RemoveAll("/etc/docker/plugins")
-	c.Assert(err, checker.IsNil)
-}
-
-func (s *DockerExternalVolumeSuite) TestVolumeCLICreateOptionConflict(c *check.C) {
-	dockerCmd(c, "volume", "create", "test")
-
-	out, _, err := dockerCmdWithError("volume", "create", "test", "--driver", volumePluginName)
-	c.Assert(err, check.NotNil, check.Commentf("volume create exception name already in use with another driver"))
-	c.Assert(out, checker.Contains, "must be unique")
-
-	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Driver }}", "test")
-	_, _, err = dockerCmdWithError("volume", "create", "test", "--driver", strings.TrimSpace(out))
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverNamed(c *check.C) {
-	s.d.StartWithBusybox(c)
-
-	out, err := s.d.Cmd("run", "--rm", "--name", "test-data", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, s.Server.URL)
-
-	_, err = s.d.Cmd("volume", "rm", "external-volume-test")
-	c.Assert(err, checker.IsNil)
-
-	p := hostVolumePath("external-volume-test")
-	_, err = os.Lstat(p)
-	c.Assert(err, checker.NotNil)
-	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("Expected volume path in host to not exist: %s, %v\n", p, err))
-
-	c.Assert(s.ec.activations, checker.Equals, 1)
-	c.Assert(s.ec.creations, checker.Equals, 1)
-	c.Assert(s.ec.removals, checker.Equals, 1)
-	c.Assert(s.ec.mounts, checker.Equals, 1)
-	c.Assert(s.ec.unmounts, checker.Equals, 1)
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnnamed(c *check.C) {
-	s.d.StartWithBusybox(c)
-
-	out, err := s.d.Cmd("run", "--rm", "--name", "test-data", "-v", "/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, s.Server.URL)
-
-	c.Assert(s.ec.activations, checker.Equals, 1)
-	c.Assert(s.ec.creations, checker.Equals, 1)
-	c.Assert(s.ec.removals, checker.Equals, 1)
-	c.Assert(s.ec.mounts, checker.Equals, 1)
-	c.Assert(s.ec.unmounts, checker.Equals, 1)
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverVolumesFrom(c *check.C) {
-	s.d.StartWithBusybox(c)
-
-	out, err := s.d.Cmd("run", "--name", "vol-test1", "-v", "/foo", "--volume-driver", volumePluginName, "busybox:latest")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = s.d.Cmd("run", "--rm", "--volumes-from", "vol-test1", "--name", "vol-test2", "busybox", "ls", "/tmp")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = s.d.Cmd("rm", "-fv", "vol-test1")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	c.Assert(s.ec.activations, checker.Equals, 1)
-	c.Assert(s.ec.creations, checker.Equals, 1)
-	c.Assert(s.ec.removals, checker.Equals, 1)
-	c.Assert(s.ec.mounts, checker.Equals, 2)
-	c.Assert(s.ec.unmounts, checker.Equals, 2)
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverDeleteContainer(c *check.C) {
-	s.d.StartWithBusybox(c)
-
-	out, err := s.d.Cmd("run", "--name", "vol-test1", "-v", "/foo", "--volume-driver", volumePluginName, "busybox:latest")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = s.d.Cmd("rm", "-fv", "vol-test1")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	c.Assert(s.ec.activations, checker.Equals, 1)
-	c.Assert(s.ec.creations, checker.Equals, 1)
-	c.Assert(s.ec.removals, checker.Equals, 1)
-	c.Assert(s.ec.mounts, checker.Equals, 1)
-	c.Assert(s.ec.unmounts, checker.Equals, 1)
-}
-
-func hostVolumePath(name string) string {
-	return fmt.Sprintf("/var/lib/docker/volumes/%s", name)
-}
-
-// Make sure a request to use a down driver doesn't block other requests
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverLookupNotBlocked(c *check.C) {
-	specPath := "/etc/docker/plugins/down-driver.spec"
-	err := ioutil.WriteFile(specPath, []byte("tcp://127.0.0.7:9999"), 0644)
-	c.Assert(err, check.IsNil)
-	defer os.RemoveAll(specPath)
-
-	chCmd1 := make(chan struct{})
-	chCmd2 := make(chan error)
-	cmd1 := exec.Command(dockerBinary, "volume", "create", "-d", "down-driver")
-	cmd2 := exec.Command(dockerBinary, "volume", "create")
-
-	c.Assert(cmd1.Start(), checker.IsNil)
-	defer cmd1.Process.Kill()
-	time.Sleep(100 * time.Millisecond) // ensure API has been called
-	c.Assert(cmd2.Start(), checker.IsNil)
-
-	go func() {
-		cmd1.Wait()
-		close(chCmd1)
-	}()
-	go func() {
-		chCmd2 <- cmd2.Wait()
-	}()
-
-	select {
-	case <-chCmd1:
-		cmd2.Process.Kill()
-		c.Fatalf("volume create with down driver finished unexpectedly")
-	case err := <-chCmd2:
-		c.Assert(err, checker.IsNil)
-	case <-time.After(5 * time.Second):
-		cmd2.Process.Kill()
-		c.Fatal("volume creates are blocked by previous create requests when previous driver is down")
-	}
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverRetryNotImmediatelyExists(c *check.C) {
-	s.d.StartWithBusybox(c)
-	driverName := "test-external-volume-driver-retry"
-
-	errchan := make(chan error)
-	started := make(chan struct{})
-	go func() {
-		close(started)
-		if out, err := s.d.Cmd("run", "--rm", "--name", "test-data-retry", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", driverName, "busybox:latest"); err != nil {
-			errchan <- fmt.Errorf("%v:\n%s", err, out)
-		}
-		close(errchan)
-	}()
-
-	<-started
-	// wait for a retry to occur, then create spec to allow plugin to register
-	time.Sleep(2 * time.Second)
-	p := newVolumePlugin(c, driverName)
-	defer p.Close()
-
-	select {
-	case err := <-errchan:
-		c.Assert(err, checker.IsNil)
-	case <-time.After(8 * time.Second):
-		c.Fatal("volume creates fail when plugin not immediately available")
-	}
-
-	_, err := s.d.Cmd("volume", "rm", "external-volume-test")
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(p.ec.activations, checker.Equals, 1)
-	c.Assert(p.ec.creations, checker.Equals, 1)
-	c.Assert(p.ec.removals, checker.Equals, 1)
-	c.Assert(p.ec.mounts, checker.Equals, 1)
-	c.Assert(p.ec.unmounts, checker.Equals, 1)
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverBindExternalVolume(c *check.C) {
-	dockerCmd(c, "volume", "create", "-d", volumePluginName, "foo")
-	dockerCmd(c, "run", "-d", "--name", "testing", "-v", "foo:/bar", "busybox", "top")
-
-	var mounts []struct {
-		Name   string
-		Driver string
-	}
-	out := inspectFieldJSON(c, "testing", "Mounts")
-	c.Assert(json.NewDecoder(strings.NewReader(out)).Decode(&mounts), checker.IsNil)
-	c.Assert(len(mounts), checker.Equals, 1, check.Commentf("%s", out))
-	c.Assert(mounts[0].Name, checker.Equals, "foo")
-	c.Assert(mounts[0].Driver, checker.Equals, volumePluginName)
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverList(c *check.C) {
-	dockerCmd(c, "volume", "create", "-d", volumePluginName, "abc3")
-	out, _ := dockerCmd(c, "volume", "ls")
-	ls := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(ls), check.Equals, 2, check.Commentf("\n%s", out))
-
-	vol := strings.Fields(ls[len(ls)-1])
-	c.Assert(len(vol), check.Equals, 2, check.Commentf("%v", vol))
-	c.Assert(vol[0], check.Equals, volumePluginName)
-	c.Assert(vol[1], check.Equals, "abc3")
-
-	c.Assert(s.ec.lists, check.Equals, 1)
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGet(c *check.C) {
-	out, _, err := dockerCmdWithError("volume", "inspect", "dummy")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "No such volume")
-	c.Assert(s.ec.gets, check.Equals, 1)
-
-	dockerCmd(c, "volume", "create", "test", "-d", volumePluginName)
-	out, _ = dockerCmd(c, "volume", "inspect", "test")
-
-	type vol struct {
-		Status map[string]string
-	}
-	var st []vol
-
-	c.Assert(json.Unmarshal([]byte(out), &st), checker.IsNil)
-	c.Assert(st, checker.HasLen, 1)
-	c.Assert(st[0].Status, checker.HasLen, 1, check.Commentf("%v", st[0]))
-	c.Assert(st[0].Status["Hello"], checker.Equals, "world", check.Commentf("%v", st[0].Status))
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverWithDaemonRestart(c *check.C) {
-	dockerCmd(c, "volume", "create", "-d", volumePluginName, "abc1")
-	s.d.Restart(c)
-
-	dockerCmd(c, "run", "--name=test", "-v", "abc1:/foo", "busybox", "true")
-	var mounts []types.MountPoint
-	inspectFieldAndUnmarshall(c, "test", "Mounts", &mounts)
-	c.Assert(mounts, checker.HasLen, 1)
-	c.Assert(mounts[0].Driver, checker.Equals, volumePluginName)
-}
-
-// Ensures that the daemon handles when the plugin responds to a `Get` request with a null volume and a null error.
-// Prior the daemon would panic in this scenario.
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGetEmptyResponse(c *check.C) {
-	s.d.Start(c)
-
-	out, err := s.d.Cmd("volume", "create", "-d", volumePluginName, "abc2", "--opt", "ninja=1")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = s.d.Cmd("volume", "inspect", "abc2")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "No such volume")
-}
-
-// Ensure only cached paths are used in volume list to prevent N+1 calls to `VolumeDriver.Path`
-//
-// TODO(@cpuguy83): This test is testing internal implementation. In all the cases here, there may not even be a path
-// 	available because the volume is not even mounted. Consider removing this test.
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverPathCalls(c *check.C) {
-	s.d.Start(c)
-	c.Assert(s.ec.paths, checker.Equals, 0)
-
-	out, err := s.d.Cmd("volume", "create", "test", "--driver=test-external-volume-driver")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(s.ec.paths, checker.Equals, 0)
-
-	out, err = s.d.Cmd("volume", "ls")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(s.ec.paths, checker.Equals, 0)
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverMountID(c *check.C) {
-	s.d.StartWithBusybox(c)
-
-	out, err := s.d.Cmd("run", "--rm", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
-}
-
-// Check that VolumeDriver.Capabilities gets called, and only called once
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverCapabilities(c *check.C) {
-	s.d.Start(c)
-	c.Assert(s.ec.caps, checker.Equals, 0)
-
-	for i := 0; i < 3; i++ {
-		out, err := s.d.Cmd("volume", "create", "-d", volumePluginName, fmt.Sprintf("test%d", i))
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-		c.Assert(s.ec.caps, checker.Equals, 1)
-		out, err = s.d.Cmd("volume", "inspect", "--format={{.Scope}}", fmt.Sprintf("test%d", i))
-		c.Assert(err, checker.IsNil)
-		c.Assert(strings.TrimSpace(out), checker.Equals, volume.GlobalScope)
-	}
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverOutOfBandDelete(c *check.C) {
-	driverName := stringid.GenerateNonCryptoID()
-	p := newVolumePlugin(c, driverName)
-	defer p.Close()
-
-	s.d.StartWithBusybox(c)
-
-	out, err := s.d.Cmd("volume", "create", "-d", driverName, "--name", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = s.d.Cmd("volume", "create", "-d", "local", "--name", "test")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "must be unique")
-
-	// simulate out of band volume deletion on plugin level
-	delete(p.vols, "test")
-
-	// test re-create with same driver
-	out, err = s.d.Cmd("volume", "create", "-d", driverName, "--opt", "foo=bar", "--name", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	out, err = s.d.Cmd("volume", "inspect", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	var vs []types.Volume
-	err = json.Unmarshal([]byte(out), &vs)
-	c.Assert(err, checker.IsNil)
-	c.Assert(vs, checker.HasLen, 1)
-	c.Assert(vs[0].Driver, checker.Equals, driverName)
-	c.Assert(vs[0].Options, checker.NotNil)
-	c.Assert(vs[0].Options["foo"], checker.Equals, "bar")
-	c.Assert(vs[0].Driver, checker.Equals, driverName)
-
-	// simulate out of band volume deletion on plugin level
-	delete(p.vols, "test")
-
-	// test create with different driver
-	out, err = s.d.Cmd("volume", "create", "-d", "local", "--name", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = s.d.Cmd("volume", "inspect", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	vs = nil
-	err = json.Unmarshal([]byte(out), &vs)
-	c.Assert(err, checker.IsNil)
-	c.Assert(vs, checker.HasLen, 1)
-	c.Assert(vs[0].Options, checker.HasLen, 0)
-	c.Assert(vs[0].Driver, checker.Equals, "local")
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnmountOnMountFail(c *check.C) {
-	s.d.StartWithBusybox(c)
-	s.d.Cmd("volume", "create", "-d", "test-external-volume-driver", "--opt=invalidOption=1", "--name=testumount")
-
-	out, _ := s.d.Cmd("run", "-v", "testumount:/foo", "busybox", "true")
-	c.Assert(s.ec.unmounts, checker.Equals, 0, check.Commentf("%s", out))
-	out, _ = s.d.Cmd("run", "-w", "/foo", "-v", "testumount:/foo", "busybox", "true")
-	c.Assert(s.ec.unmounts, checker.Equals, 0, check.Commentf("%s", out))
-}
-
-func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnmountOnCp(c *check.C) {
-	s.d.StartWithBusybox(c)
-	s.d.Cmd("volume", "create", "-d", "test-external-volume-driver", "--name=test")
-
-	out, _ := s.d.Cmd("run", "-d", "--name=test", "-v", "test:/foo", "busybox", "/bin/sh", "-c", "touch /test && top")
-	c.Assert(s.ec.mounts, checker.Equals, 1, check.Commentf("%s", out))
-
-	out, _ = s.d.Cmd("cp", "test:/test", "/tmp/test")
-	c.Assert(s.ec.mounts, checker.Equals, 2, check.Commentf("%s", out))
-	c.Assert(s.ec.unmounts, checker.Equals, 1, check.Commentf("%s", out))
-
-	out, _ = s.d.Cmd("kill", "test")
-	c.Assert(s.ec.unmounts, checker.Equals, 2, check.Commentf("%s", out))
-}
diff --git a/integration-cli/docker_cli_health_test.go b/integration-cli/docker_cli_health_test.go
index 4fb63994bb699..5278e18d05f2c 100644
--- a/integration-cli/docker_cli_health_test.go
+++ b/integration-cli/docker_cli_health_test.go
@@ -4,15 +4,15 @@ import (
 	"encoding/json"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func waitForHealthStatus(c *check.C, name string, prev string, expected string) {
+func waitForHealthStatus(c *testing.T, name string, prev string, expected string) {
 	prev = prev + "\n"
 	expected = expected + "\n"
 	for {
@@ -20,7 +20,7 @@ func waitForHealthStatus(c *check.C, name string, prev string, expected string)
 		if out == expected {
 			return
 		}
-		c.Check(out, checker.Equals, prev)
+		assert.Equal(c, out, prev)
 		if out != prev {
 			return
 		}
@@ -28,15 +28,15 @@ func waitForHealthStatus(c *check.C, name string, prev string, expected string)
 	}
 }
 
-func getHealth(c *check.C, name string) *types.Health {
+func getHealth(c *testing.T, name string) *types.Health {
 	out, _ := dockerCmd(c, "inspect", "--format={{json .State.Health}}", name)
 	var health types.Health
 	err := json.Unmarshal([]byte(out), &health)
-	c.Check(err, checker.Equals, nil)
+	assert.Equal(c, err, nil)
 	return &health
 }
 
-func (s *DockerSuite) TestHealth(c *check.C) {
+func (s *DockerSuite) TestHealth(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
 
 	existingContainers := ExistingContainerIDs(c)
@@ -54,12 +54,12 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 	cid, _ := dockerCmd(c, "create", "--name", name, imageName)
 	out, _ := dockerCmd(c, "ps", "-a", "--format={{.ID}} {{.Status}}")
 	out = RemoveOutputForExistingElements(out, existingContainers)
-	c.Check(out, checker.Equals, cid[:12]+" Created\n")
+	assert.Equal(c, out, cid[:12]+" Created\n")
 
 	// Inspect the options
 	out, _ = dockerCmd(c, "inspect",
 		"--format=timeout={{.Config.Healthcheck.Timeout}} interval={{.Config.Healthcheck.Interval}} retries={{.Config.Healthcheck.Retries}} test={{.Config.Healthcheck.Test}}", name)
-	c.Check(out, checker.Equals, "timeout=30s interval=1s retries=0 test=[CMD-SHELL cat /status]\n")
+	assert.Equal(c, out, "timeout=30s interval=1s retries=0 test=[CMD-SHELL cat /status]\n")
 
 	// Start
 	dockerCmd(c, "start", name)
@@ -71,7 +71,7 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 
 	// Inspect the status
 	out, _ = dockerCmd(c, "inspect", "--format={{.State.Health.Status}}", name)
-	c.Check(out, checker.Equals, "unhealthy\n")
+	assert.Equal(c, out, "unhealthy\n")
 
 	// Make it healthy again
 	dockerCmd(c, "exec", name, "touch", "/status")
@@ -83,7 +83,7 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 	// Disable the check from the CLI
 	dockerCmd(c, "create", "--name=noh", "--no-healthcheck", imageName)
 	out, _ = dockerCmd(c, "inspect", "--format={{.Config.Healthcheck.Test}}", "noh")
-	c.Check(out, checker.Equals, "[NONE]\n")
+	assert.Equal(c, out, "[NONE]\n")
 	dockerCmd(c, "rm", "noh")
 
 	// Disable the check with a new build
@@ -91,7 +91,7 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 		HEALTHCHECK NONE`))
 
 	out, _ = dockerCmd(c, "inspect", "--format={{.Config.Healthcheck.Test}}", "no_healthcheck")
-	c.Check(out, checker.Equals, "[NONE]\n")
+	assert.Equal(c, out, "[NONE]\n")
 
 	// Enable the checks from the CLI
 	_, _ = dockerCmd(c, "run", "-d", "--name=fatal_healthcheck",
@@ -101,11 +101,11 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 		"no_healthcheck")
 	waitForHealthStatus(c, "fatal_healthcheck", "starting", "healthy")
 	health := getHealth(c, "fatal_healthcheck")
-	c.Check(health.Status, checker.Equals, "healthy")
-	c.Check(health.FailingStreak, checker.Equals, 0)
+	assert.Equal(c, health.Status, "healthy")
+	assert.Equal(c, health.FailingStreak, 0)
 	last := health.Log[len(health.Log)-1]
-	c.Check(last.ExitCode, checker.Equals, 0)
-	c.Check(last.Output, checker.Equals, "OK\n")
+	assert.Equal(c, last.ExitCode, 0)
+	assert.Equal(c, last.Output, "OK\n")
 
 	// Fail the check
 	dockerCmd(c, "exec", "fatal_healthcheck", "rm", "/status")
@@ -113,8 +113,8 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 
 	failsStr, _ := dockerCmd(c, "inspect", "--format={{.State.Health.FailingStreak}}", "fatal_healthcheck")
 	fails, err := strconv.Atoi(strings.TrimSpace(failsStr))
-	c.Check(err, check.IsNil)
-	c.Check(fails >= 3, checker.Equals, true)
+	assert.Assert(c, err == nil)
+	assert.Equal(c, fails >= 3, true)
 	dockerCmd(c, "rm", "-f", "fatal_healthcheck")
 
 	// Check timeout
@@ -125,9 +125,9 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 	waitForHealthStatus(c, "test", "starting", "unhealthy")
 	health = getHealth(c, "test")
 	last = health.Log[len(health.Log)-1]
-	c.Check(health.Status, checker.Equals, "unhealthy")
-	c.Check(last.ExitCode, checker.Equals, -1)
-	c.Check(last.Output, checker.Equals, "Health check exceeded timeout (1s)")
+	assert.Equal(c, health.Status, "unhealthy")
+	assert.Equal(c, last.ExitCode, -1)
+	assert.Equal(c, last.Output, "Health check exceeded timeout (1s)")
 	dockerCmd(c, "rm", "-f", "test")
 
 	// Check JSON-format
@@ -139,12 +139,12 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 		  CMD ["cat", "/my status"]`))
 	out, _ = dockerCmd(c, "inspect",
 		"--format={{.Config.Healthcheck.Test}}", imageName)
-	c.Check(out, checker.Equals, "[CMD cat /my status]\n")
+	assert.Equal(c, out, "[CMD cat /my status]\n")
 
 }
 
 // GitHub #33021
-func (s *DockerSuite) TestUnsetEnvVarHealthCheck(c *check.C) {
+func (s *DockerSuite) TestUnsetEnvVarHealthCheck(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
 
 	imageName := "testhealth"
diff --git a/integration-cli/docker_cli_history_test.go b/integration-cli/docker_cli_history_test.go
index 43c4b94334670..8ae1d275ab24f 100644
--- a/integration-cli/docker_cli_history_test.go
+++ b/integration-cli/docker_cli_history_test.go
@@ -5,15 +5,16 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
 )
 
 // This is a heisen-test.  Because the created timestamp of images and the behavior of
 // sort is not predictable it doesn't always fail.
-func (s *DockerSuite) TestBuildHistory(c *check.C) {
+func (s *DockerSuite) TestBuildHistory(c *testing.T) {
 	name := "testbuildhistory"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
 LABEL label.A="A"
@@ -50,21 +51,21 @@ LABEL label.Z="Z"`))
 	for i := 0; i < 26; i++ {
 		echoValue := fmt.Sprintf("LABEL label.%s=%s", expectedValues[i], expectedValues[i])
 		actualValue := actualValues[i]
-		c.Assert(actualValue, checker.Contains, echoValue)
+		assert.Assert(c, strings.Contains(actualValue, echoValue))
 	}
 
 }
 
-func (s *DockerSuite) TestHistoryExistentImage(c *check.C) {
+func (s *DockerSuite) TestHistoryExistentImage(c *testing.T) {
 	dockerCmd(c, "history", "busybox")
 }
 
-func (s *DockerSuite) TestHistoryNonExistentImage(c *check.C) {
+func (s *DockerSuite) TestHistoryNonExistentImage(c *testing.T) {
 	_, _, err := dockerCmdWithError("history", "testHistoryNonExistentImage")
-	c.Assert(err, checker.NotNil, check.Commentf("history on a non-existent image should fail."))
+	assert.Assert(c, err != nil, "history on a non-existent image should fail.")
 }
 
-func (s *DockerSuite) TestHistoryImageWithComment(c *check.C) {
+func (s *DockerSuite) TestHistoryImageWithComment(c *testing.T) {
 	name := "testhistoryimagewithcomment"
 
 	// make an image through docker commit <container id> [ -m messages ]
@@ -80,10 +81,10 @@ func (s *DockerSuite) TestHistoryImageWithComment(c *check.C) {
 	out, _ := dockerCmd(c, "history", name)
 	outputTabs := strings.Fields(strings.Split(out, "\n")[1])
 	actualValue := outputTabs[len(outputTabs)-1]
-	c.Assert(actualValue, checker.Contains, comment)
+	assert.Assert(c, strings.Contains(actualValue, comment))
 }
 
-func (s *DockerSuite) TestHistoryHumanOptionFalse(c *check.C) {
+func (s *DockerSuite) TestHistoryHumanOptionFalse(c *testing.T) {
 	out, _ := dockerCmd(c, "history", "--human=false", "busybox")
 	lines := strings.Split(out, "\n")
 	sizeColumnRegex, _ := regexp.Compile("SIZE +")
@@ -97,11 +98,11 @@ func (s *DockerSuite) TestHistoryHumanOptionFalse(c *check.C) {
 		sizeString := lines[i][startIndex:endIndex]
 
 		_, err := strconv.Atoi(strings.TrimSpace(sizeString))
-		c.Assert(err, checker.IsNil, check.Commentf("The size '%s' was not an Integer", sizeString))
+		assert.Assert(c, err == nil, "The size '%s' was not an Integer", sizeString)
 	}
 }
 
-func (s *DockerSuite) TestHistoryHumanOptionTrue(c *check.C) {
+func (s *DockerSuite) TestHistoryHumanOptionTrue(c *testing.T) {
 	out, _ := dockerCmd(c, "history", "--human=true", "busybox")
 	lines := strings.Split(out, "\n")
 	sizeColumnRegex, _ := regexp.Compile("SIZE +")
@@ -114,6 +115,7 @@ func (s *DockerSuite) TestHistoryHumanOptionTrue(c *check.C) {
 			endIndex = len(lines[i])
 		}
 		sizeString := lines[i][startIndex:endIndex]
-		c.Assert(strings.TrimSpace(sizeString), checker.Matches, humanSizeRegexRaw, check.Commentf("The size '%s' was not in human format", sizeString))
+		assert.Assert(c, cmp.Regexp("^"+humanSizeRegexRaw+"$",
+			strings.TrimSpace(sizeString)), fmt.Sprintf("The size '%s' was not in human format", sizeString))
 	}
 }
diff --git a/integration-cli/docker_cli_images_test.go b/integration-cli/docker_cli_images_test.go
index 0dd319fbc9ac5..193cb20ab0588 100644
--- a/integration-cli/docker_cli_images_test.go
+++ b/integration-cli/docker_cli_images_test.go
@@ -2,51 +2,50 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
 	"sort"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestImagesEnsureImageIsListed(c *check.C) {
+func (s *DockerSuite) TestImagesEnsureImageIsListed(c *testing.T) {
 	imagesOut, _ := dockerCmd(c, "images")
-	c.Assert(imagesOut, checker.Contains, "busybox")
+	assert.Assert(c, strings.Contains(imagesOut, "busybox"))
 }
 
-func (s *DockerSuite) TestImagesEnsureImageWithTagIsListed(c *check.C) {
+func (s *DockerSuite) TestImagesEnsureImageWithTagIsListed(c *testing.T) {
 	name := "imagewithtag"
 	dockerCmd(c, "tag", "busybox", name+":v1")
 	dockerCmd(c, "tag", "busybox", name+":v1v1")
 	dockerCmd(c, "tag", "busybox", name+":v2")
 
 	imagesOut, _ := dockerCmd(c, "images", name+":v1")
-	c.Assert(imagesOut, checker.Contains, name)
-	c.Assert(imagesOut, checker.Contains, "v1")
-	c.Assert(imagesOut, checker.Not(checker.Contains), "v2")
-	c.Assert(imagesOut, checker.Not(checker.Contains), "v1v1")
-
+	assert.Assert(c, strings.Contains(imagesOut, name))
+	assert.Assert(c, strings.Contains(imagesOut, "v1"))
+	assert.Assert(c, !strings.Contains(imagesOut, "v2"))
+	assert.Assert(c, !strings.Contains(imagesOut, "v1v1"))
 	imagesOut, _ = dockerCmd(c, "images", name)
-	c.Assert(imagesOut, checker.Contains, name)
-	c.Assert(imagesOut, checker.Contains, "v1")
-	c.Assert(imagesOut, checker.Contains, "v1v1")
-	c.Assert(imagesOut, checker.Contains, "v2")
+	assert.Assert(c, strings.Contains(imagesOut, name))
+	assert.Assert(c, strings.Contains(imagesOut, "v1"))
+	assert.Assert(c, strings.Contains(imagesOut, "v1v1"))
+	assert.Assert(c, strings.Contains(imagesOut, "v2"))
 }
 
-func (s *DockerSuite) TestImagesEnsureImageWithBadTagIsNotListed(c *check.C) {
+func (s *DockerSuite) TestImagesEnsureImageWithBadTagIsNotListed(c *testing.T) {
 	imagesOut, _ := dockerCmd(c, "images", "busybox:nonexistent")
-	c.Assert(imagesOut, checker.Not(checker.Contains), "busybox")
+	assert.Assert(c, !strings.Contains(imagesOut, "busybox"))
 }
 
-func (s *DockerSuite) TestImagesOrderedByCreationDate(c *check.C) {
+func (s *DockerSuite) TestImagesOrderedByCreationDate(c *testing.T) {
 	buildImageSuccessfully(c, "order:test_a", build.WithDockerfile(`FROM busybox
                 MAINTAINER dockerio1`))
 	id1 := getIDByName(c, "order:test_a")
@@ -61,18 +60,18 @@ func (s *DockerSuite) TestImagesOrderedByCreationDate(c *check.C) {
 
 	out, _ := dockerCmd(c, "images", "-q", "--no-trunc")
 	imgs := strings.Split(out, "\n")
-	c.Assert(imgs[0], checker.Equals, id3, check.Commentf("First image must be %s, got %s", id3, imgs[0]))
-	c.Assert(imgs[1], checker.Equals, id2, check.Commentf("First image must be %s, got %s", id2, imgs[1]))
-	c.Assert(imgs[2], checker.Equals, id1, check.Commentf("First image must be %s, got %s", id1, imgs[2]))
+	assert.Equal(c, imgs[0], id3, fmt.Sprintf("First image must be %s, got %s", id3, imgs[0]))
+	assert.Equal(c, imgs[1], id2, fmt.Sprintf("First image must be %s, got %s", id2, imgs[1]))
+	assert.Equal(c, imgs[2], id1, fmt.Sprintf("First image must be %s, got %s", id1, imgs[2]))
 }
 
-func (s *DockerSuite) TestImagesErrorWithInvalidFilterNameTest(c *check.C) {
+func (s *DockerSuite) TestImagesErrorWithInvalidFilterNameTest(c *testing.T) {
 	out, _, err := dockerCmdWithError("images", "-f", "FOO=123")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Invalid filter")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Invalid filter"))
 }
 
-func (s *DockerSuite) TestImagesFilterLabelMatch(c *check.C) {
+func (s *DockerSuite) TestImagesFilterLabelMatch(c *testing.T) {
 	imageName1 := "images_filter_test1"
 	imageName2 := "images_filter_test2"
 	imageName3 := "images_filter_test3"
@@ -90,17 +89,19 @@ func (s *DockerSuite) TestImagesFilterLabelMatch(c *check.C) {
 
 	out, _ := dockerCmd(c, "images", "--no-trunc", "-q", "-f", "label=match")
 	out = strings.TrimSpace(out)
-	c.Assert(out, check.Matches, fmt.Sprintf("[\\s\\w:]*%s[\\s\\w:]*", image1ID))
-	c.Assert(out, check.Matches, fmt.Sprintf("[\\s\\w:]*%s[\\s\\w:]*", image2ID))
-	c.Assert(out, check.Not(check.Matches), fmt.Sprintf("[\\s\\w:]*%s[\\s\\w:]*", image3ID))
+	assert.Assert(c, is.Regexp(fmt.Sprintf("^[\\s\\w:]*%s[\\s\\w:]*$", image1ID), out))
+
+	assert.Assert(c, is.Regexp(fmt.Sprintf("^[\\s\\w:]*%s[\\s\\w:]*$", image2ID), out))
+
+	assert.Assert(c, !is.Regexp(fmt.Sprintf("^[\\s\\w:]*%s[\\s\\w:]*$", image3ID), out)().Success())
 
 	out, _ = dockerCmd(c, "images", "--no-trunc", "-q", "-f", "label=match=me too")
 	out = strings.TrimSpace(out)
-	c.Assert(out, check.Equals, image2ID)
+	assert.Equal(c, out, image2ID)
 }
 
 // Regression : #15659
-func (s *DockerSuite) TestCommitWithFilterLabel(c *check.C) {
+func (s *DockerSuite) TestCommitWithFilterLabel(c *testing.T) {
 	// Create a container
 	dockerCmd(c, "run", "--name", "bar", "busybox", "/bin/sh")
 	// Commit with labels "using changes"
@@ -109,10 +110,10 @@ func (s *DockerSuite) TestCommitWithFilterLabel(c *check.C) {
 
 	out, _ = dockerCmd(c, "images", "--no-trunc", "-q", "-f", "label=foo.version=1.0.0-1")
 	out = strings.TrimSpace(out)
-	c.Assert(out, check.Equals, imageID)
+	assert.Equal(c, out, imageID)
 }
 
-func (s *DockerSuite) TestImagesFilterSinceAndBefore(c *check.C) {
+func (s *DockerSuite) TestImagesFilterSinceAndBefore(c *testing.T) {
 	buildImageSuccessfully(c, "image:1", build.WithDockerfile(`FROM `+minimalBaseImage()+`
 LABEL number=1`))
 	imageID1 := getIDByName(c, "image:1")
@@ -126,34 +127,34 @@ LABEL number=3`))
 	expected := []string{imageID3, imageID2}
 
 	out, _ := dockerCmd(c, "images", "-f", "since=image:1", "image")
-	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
+	assert.Equal(c, assertImageList(out, expected), true, fmt.Sprintf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
 
 	out, _ = dockerCmd(c, "images", "-f", "since="+imageID1, "image")
-	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
+	assert.Equal(c, assertImageList(out, expected), true, fmt.Sprintf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
 
 	expected = []string{imageID3}
 
 	out, _ = dockerCmd(c, "images", "-f", "since=image:2", "image")
-	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
+	assert.Equal(c, assertImageList(out, expected), true, fmt.Sprintf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
 
 	out, _ = dockerCmd(c, "images", "-f", "since="+imageID2, "image")
-	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
+	assert.Equal(c, assertImageList(out, expected), true, fmt.Sprintf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
 
 	expected = []string{imageID2, imageID1}
 
 	out, _ = dockerCmd(c, "images", "-f", "before=image:3", "image")
-	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
+	assert.Equal(c, assertImageList(out, expected), true, fmt.Sprintf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
 
 	out, _ = dockerCmd(c, "images", "-f", "before="+imageID3, "image")
-	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
+	assert.Equal(c, assertImageList(out, expected), true, fmt.Sprintf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
 
 	expected = []string{imageID1}
 
 	out, _ = dockerCmd(c, "images", "-f", "before=image:2", "image")
-	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
+	assert.Equal(c, assertImageList(out, expected), true, fmt.Sprintf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
 
 	out, _ = dockerCmd(c, "images", "-f", "before="+imageID2, "image")
-	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
+	assert.Equal(c, assertImageList(out, expected), true, fmt.Sprintf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
 }
 
 func assertImageList(out string, expected []string) bool {
@@ -182,7 +183,7 @@ func assertImageList(out string, expected []string) bool {
 }
 
 // FIXME(vdemeester) should be a unit test on `docker image ls`
-func (s *DockerSuite) TestImagesFilterSpaceTrimCase(c *check.C) {
+func (s *DockerSuite) TestImagesFilterSpaceTrimCase(c *testing.T) {
 	imageName := "images_filter_test"
 	// Build a image and fail to build so that we have dangling images ?
 	buildImage(imageName, build.WithDockerfile(`FROM busybox
@@ -200,7 +201,7 @@ func (s *DockerSuite) TestImagesFilterSpaceTrimCase(c *check.C) {
 		"dangling = true",
 	}
 
-	imageListings := make([][]string, 5, 5)
+	imageListings := make([][]string, 5)
 	for idx, filter := range filters {
 		out, _ := dockerCmd(c, "images", "-q", "-f", filter)
 		listing := strings.Split(out, "\n")
@@ -222,7 +223,7 @@ func (s *DockerSuite) TestImagesFilterSpaceTrimCase(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestImagesEnsureDanglingImageOnlyListedOnce(c *check.C) {
+func (s *DockerSuite) TestImagesEnsureDanglingImageOnlyListedOnce(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// create container 1
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
@@ -237,26 +238,24 @@ func (s *DockerSuite) TestImagesEnsureDanglingImageOnlyListedOnce(c *check.C) {
 
 	out, _ = dockerCmd(c, "images", "-q", "-f", "dangling=true")
 	// Expect one dangling image
-	c.Assert(strings.Count(out, imageID), checker.Equals, 1)
+	assert.Equal(c, strings.Count(out, imageID), 1)
 
 	out, _ = dockerCmd(c, "images", "-q", "-f", "dangling=false")
-	//dangling=false would not include dangling images
-	c.Assert(out, checker.Not(checker.Contains), imageID)
-
+	// dangling=false would not include dangling images
+	assert.Assert(c, !strings.Contains(out, imageID))
 	out, _ = dockerCmd(c, "images")
-	//docker images still include dangling images
-	c.Assert(out, checker.Contains, imageID)
-
+	// docker images still include dangling images
+	assert.Assert(c, strings.Contains(out, imageID))
 }
 
 // FIXME(vdemeester) should be a unit test for `docker image ls`
-func (s *DockerSuite) TestImagesWithIncorrectFilter(c *check.C) {
+func (s *DockerSuite) TestImagesWithIncorrectFilter(c *testing.T) {
 	out, _, err := dockerCmdWithError("images", "-f", "dangling=invalid")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "Invalid filter")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Invalid filter"))
 }
 
-func (s *DockerSuite) TestImagesEnsureOnlyHeadsImagesShown(c *check.C) {
+func (s *DockerSuite) TestImagesEnsureOnlyHeadsImagesShown(c *testing.T) {
 	dockerfile := `
         FROM busybox
         MAINTAINER docker
@@ -274,12 +273,12 @@ func (s *DockerSuite) TestImagesEnsureOnlyHeadsImagesShown(c *check.C) {
 
 	out, _ := dockerCmd(c, "images")
 	// images shouldn't show non-heads images
-	c.Assert(out, checker.Not(checker.Contains), intermediate)
+	assert.Assert(c, !strings.Contains(out, intermediate))
 	// images should contain final built images
-	c.Assert(out, checker.Contains, stringid.TruncateID(id))
+	assert.Assert(c, strings.Contains(out, stringid.TruncateID(id)))
 }
 
-func (s *DockerSuite) TestImagesEnsureImagesFromScratchShown(c *check.C) {
+func (s *DockerSuite) TestImagesEnsureImagesFromScratchShown(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support FROM scratch
 	dockerfile := `
         FROM scratch
@@ -291,12 +290,12 @@ func (s *DockerSuite) TestImagesEnsureImagesFromScratchShown(c *check.C) {
 
 	out, _ := dockerCmd(c, "images")
 	// images should contain images built from scratch
-	c.Assert(out, checker.Contains, stringid.TruncateID(id))
+	assert.Assert(c, strings.Contains(out, stringid.TruncateID(id)))
 }
 
 // For W2W - equivalent to TestImagesEnsureImagesFromScratchShown but Windows
 // doesn't support from scratch
-func (s *DockerSuite) TestImagesEnsureImagesFromBusyboxShown(c *check.C) {
+func (s *DockerSuite) TestImagesEnsureImagesFromBusyboxShown(c *testing.T) {
 	dockerfile := `
         FROM busybox
         MAINTAINER docker`
@@ -307,40 +306,38 @@ func (s *DockerSuite) TestImagesEnsureImagesFromBusyboxShown(c *check.C) {
 
 	out, _ := dockerCmd(c, "images")
 	// images should contain images built from busybox
-	c.Assert(out, checker.Contains, stringid.TruncateID(id))
+	assert.Assert(c, strings.Contains(out, stringid.TruncateID(id)))
 }
 
 // #18181
-func (s *DockerSuite) TestImagesFilterNameWithPort(c *check.C) {
+func (s *DockerSuite) TestImagesFilterNameWithPort(c *testing.T) {
 	tag := "a.b.c.d:5000/hello"
 	dockerCmd(c, "tag", "busybox", tag)
 	out, _ := dockerCmd(c, "images", tag)
-	c.Assert(out, checker.Contains, tag)
-
+	assert.Assert(c, strings.Contains(out, tag))
 	out, _ = dockerCmd(c, "images", tag+":latest")
-	c.Assert(out, checker.Contains, tag)
-
+	assert.Assert(c, strings.Contains(out, tag))
 	out, _ = dockerCmd(c, "images", tag+":no-such-tag")
-	c.Assert(out, checker.Not(checker.Contains), tag)
+	assert.Assert(c, !strings.Contains(out, tag))
 }
 
-func (s *DockerSuite) TestImagesFormat(c *check.C) {
+func (s *DockerSuite) TestImagesFormat(c *testing.T) {
 	// testRequires(c, DaemonIsLinux)
 	tag := "myimage"
 	dockerCmd(c, "tag", "busybox", tag+":v1")
 	dockerCmd(c, "tag", "busybox", tag+":v2")
 
 	out, _ := dockerCmd(c, "images", "--format", "{{.Repository}}", tag)
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines := strings.Split(strings.TrimSpace(out), "\n")
 
 	expected := []string{"myimage", "myimage"}
 	var names []string
 	names = append(names, lines...)
-	c.Assert(names, checker.DeepEquals, expected, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+	assert.Assert(c, is.DeepEqual(names, expected), "Expected array with truncated names: %v, got: %v", expected, names)
 }
 
 // ImagesDefaultFormatAndQuiet
-func (s *DockerSuite) TestImagesFormatDefaultFormat(c *check.C) {
+func (s *DockerSuite) TestImagesFormatDefaultFormat(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	// create container 1
@@ -354,13 +351,13 @@ func (s *DockerSuite) TestImagesFormatDefaultFormat(c *check.C) {
 	config := `{
 		"imagesFormat": "{{ .ID }} default"
 }`
-	d, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	d, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(d)
 
-	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	assert.NilError(c, err)
 
 	out, _ = dockerCmd(c, "--config", d, "images", "-q", "myimage")
-	c.Assert(out, checker.Equals, imageID+"\n", check.Commentf("Expected to print only the image id, got %v\n", out))
+	assert.Equal(c, out, imageID+"\n", "Expected to print only the image id, got %v\n", out)
 }
diff --git a/integration-cli/docker_cli_import_test.go b/integration-cli/docker_cli_import_test.go
index 9f8e9158036c9..03ce0b9facfb1 100644
--- a/integration-cli/docker_cli_import_test.go
+++ b/integration-cli/docker_cli_import_test.go
@@ -3,19 +3,18 @@ package main
 import (
 	"bufio"
 	"compress/gzip"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"regexp"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestImportDisplay(c *check.C) {
+func (s *DockerSuite) TestImportDisplay(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
 	cleanedContainerID := strings.TrimSpace(out)
@@ -24,18 +23,18 @@ func (s *DockerSuite) TestImportDisplay(c *check.C) {
 		exec.Command(dockerBinary, "export", cleanedContainerID),
 		exec.Command(dockerBinary, "import", "-"),
 	)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
+	assert.Assert(c, strings.Count(out, "\n") == 1, "display is expected 1 '\\n' but didn't")
 
 	image := strings.TrimSpace(out)
 	out, _ = dockerCmd(c, "run", "--rm", image, "true")
-	c.Assert(out, checker.Equals, "", check.Commentf("command output should've been nothing."))
+	assert.Equal(c, out, "", "command output should've been nothing.")
 }
 
-func (s *DockerSuite) TestImportBadURL(c *check.C) {
+func (s *DockerSuite) TestImportBadURL(c *testing.T) {
 	out, _, err := dockerCmdWithError("import", "http://nourl/bad")
-	c.Assert(err, checker.NotNil, check.Commentf("import was supposed to fail but didn't"))
+	assert.Assert(c, err != nil, "import was supposed to fail but didn't")
 	// Depending on your system you can get either of these errors
 	if !strings.Contains(out, "dial tcp") &&
 		!strings.Contains(out, "ApplyLayer exit status 1 stdout:  stderr: archive/tar: invalid tar header") &&
@@ -44,12 +43,12 @@ func (s *DockerSuite) TestImportBadURL(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestImportFile(c *check.C) {
+func (s *DockerSuite) TestImportFile(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "--name", "test-import", "busybox", "true")
 
-	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	temporaryFile, err := os.CreateTemp("", "exportImportTest")
+	assert.Assert(c, err == nil, "failed to create temporary file")
 	defer os.Remove(temporaryFile.Name())
 
 	icmd.RunCmd(icmd.Cmd{
@@ -58,19 +57,19 @@ func (s *DockerSuite) TestImportFile(c *check.C) {
 	}).Assert(c, icmd.Success)
 
 	out, _ := dockerCmd(c, "import", temporaryFile.Name())
-	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
+	assert.Assert(c, strings.Count(out, "\n") == 1, "display is expected 1 '\\n' but didn't")
 	image := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "run", "--rm", image, "true")
-	c.Assert(out, checker.Equals, "", check.Commentf("command output should've been nothing."))
+	assert.Equal(c, out, "", "command output should've been nothing.")
 }
 
-func (s *DockerSuite) TestImportGzipped(c *check.C) {
+func (s *DockerSuite) TestImportGzipped(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "--name", "test-import", "busybox", "true")
 
-	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	temporaryFile, err := os.CreateTemp("", "exportImportTest")
+	assert.Assert(c, err == nil, "failed to create temporary file")
 	defer os.Remove(temporaryFile.Name())
 
 	w := gzip.NewWriter(temporaryFile)
@@ -78,22 +77,22 @@ func (s *DockerSuite) TestImportGzipped(c *check.C) {
 		Command: []string{dockerBinary, "export", "test-import"},
 		Stdout:  w,
 	}).Assert(c, icmd.Success)
-	c.Assert(w.Close(), checker.IsNil, check.Commentf("failed to close gzip writer"))
+	assert.Assert(c, w.Close() == nil, "failed to close gzip writer")
 	temporaryFile.Close()
 	out, _ := dockerCmd(c, "import", temporaryFile.Name())
-	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
+	assert.Assert(c, strings.Count(out, "\n") == 1, "display is expected 1 '\\n' but didn't")
 	image := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "run", "--rm", image, "true")
-	c.Assert(out, checker.Equals, "", check.Commentf("command output should've been nothing."))
+	assert.Equal(c, out, "", "command output should've been nothing.")
 }
 
-func (s *DockerSuite) TestImportFileWithMessage(c *check.C) {
+func (s *DockerSuite) TestImportFileWithMessage(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "--name", "test-import", "busybox", "true")
 
-	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	temporaryFile, err := os.CreateTemp("", "exportImportTest")
+	assert.Assert(c, err == nil, "failed to create temporary file")
 	defer os.Remove(temporaryFile.Name())
 
 	icmd.RunCmd(icmd.Cmd{
@@ -103,33 +102,33 @@ func (s *DockerSuite) TestImportFileWithMessage(c *check.C) {
 
 	message := "Testing commit message"
 	out, _ := dockerCmd(c, "import", "-m", message, temporaryFile.Name())
-	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
+	assert.Assert(c, strings.Count(out, "\n") == 1, "display is expected 1 '\\n' but didn't")
 	image := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "history", image)
 	split := strings.Split(out, "\n")
 
-	c.Assert(split, checker.HasLen, 3, check.Commentf("expected 3 lines from image history"))
-	r := regexp.MustCompile("[\\s]{2,}")
+	assert.Equal(c, len(split), 3, "expected 3 lines from image history")
+	r := regexp.MustCompile(`[\s]{2,}`)
 	split = r.Split(split[1], -1)
 
-	c.Assert(message, checker.Equals, split[3], check.Commentf("didn't get expected value in commit message"))
+	assert.Equal(c, message, split[3], "didn't get expected value in commit message")
 
 	out, _ = dockerCmd(c, "run", "--rm", image, "true")
-	c.Assert(out, checker.Equals, "", check.Commentf("command output should've been nothing"))
+	assert.Equal(c, out, "", "command output should've been nothing")
 }
 
-func (s *DockerSuite) TestImportFileNonExistentFile(c *check.C) {
+func (s *DockerSuite) TestImportFileNonExistentFile(c *testing.T) {
 	_, _, err := dockerCmdWithError("import", "example.com/myImage.tar")
-	c.Assert(err, checker.NotNil, check.Commentf("import non-existing file must failed"))
+	assert.Assert(c, err != nil, "import non-existing file must failed")
 }
 
-func (s *DockerSuite) TestImportWithQuotedChanges(c *check.C) {
+func (s *DockerSuite) TestImportWithQuotedChanges(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	cli.DockerCmd(c, "run", "--name", "test-import", "busybox", "true")
 
-	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	temporaryFile, err := os.CreateTemp("", "exportImportTest")
+	assert.Assert(c, err == nil, "failed to create temporary file")
 	defer os.Remove(temporaryFile.Name())
 
 	cli.Docker(cli.Args("export", "test-import"), cli.WithStdout(bufio.NewWriter(temporaryFile))).Assert(c, icmd.Success)
diff --git a/integration-cli/docker_cli_info_test.go b/integration-cli/docker_cli_info_test.go
index 65091029eec23..f56c517a1cce0 100644
--- a/integration-cli/docker_cli_info_test.go
+++ b/integration-cli/docker_cli_info_test.go
@@ -3,17 +3,14 @@ package main
 import (
 	"encoding/json"
 	"fmt"
-	"net"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/integration-cli/daemon"
-	testdaemon "github.com/docker/docker/internal/test/daemon"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // ensure docker info succeeds
-func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
+func (s *DockerSuite) TestInfoEnsureSucceeds(c *testing.T) {
 	out, _ := dockerCmd(c, "info")
 
 	// always shown fields
@@ -52,95 +49,24 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
 	}
 
 	for _, linePrefix := range stringsToCheck {
-		c.Assert(out, checker.Contains, linePrefix, check.Commentf("couldn't find string %v in output", linePrefix))
+		assert.Assert(c, strings.Contains(out, linePrefix), "couldn't find string %v in output", linePrefix)
 	}
 }
 
-// TestInfoFormat tests `docker info --format`
-func (s *DockerSuite) TestInfoFormat(c *check.C) {
-	out, status := dockerCmd(c, "info", "--format", "{{json .}}")
-	c.Assert(status, checker.Equals, 0)
-	var m map[string]interface{}
-	err := json.Unmarshal([]byte(out), &m)
-	c.Assert(err, checker.IsNil)
-	_, _, err = dockerCmdWithError("info", "--format", "{{.badString}}")
-	c.Assert(err, checker.NotNil)
-}
-
-// TestInfoDiscoveryBackend verifies that a daemon run with `--cluster-advertise` and
-// `--cluster-store` properly show the backend's endpoint in info output.
-func (s *DockerSuite) TestInfoDiscoveryBackend(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
-	discoveryBackend := "consul://consuladdr:consulport/some/path"
-	discoveryAdvertise := "1.1.1.1:2375"
-	d.Start(c, fmt.Sprintf("--cluster-store=%s", discoveryBackend), fmt.Sprintf("--cluster-advertise=%s", discoveryAdvertise))
-	defer d.Stop(c)
-
-	out, err := d.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Store: %s\n", discoveryBackend))
-	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Advertise: %s\n", discoveryAdvertise))
-}
-
-// TestInfoDiscoveryInvalidAdvertise verifies that a daemon run with
-// an invalid `--cluster-advertise` configuration
-func (s *DockerSuite) TestInfoDiscoveryInvalidAdvertise(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
-	discoveryBackend := "consul://consuladdr:consulport/some/path"
-
-	// --cluster-advertise with an invalid string is an error
-	err := d.StartWithError(fmt.Sprintf("--cluster-store=%s", discoveryBackend), "--cluster-advertise=invalid")
-	c.Assert(err, checker.NotNil)
-
-	// --cluster-advertise without --cluster-store is also an error
-	err = d.StartWithError("--cluster-advertise=1.1.1.1:2375")
-	c.Assert(err, checker.NotNil)
-}
-
-// TestInfoDiscoveryAdvertiseInterfaceName verifies that a daemon run with `--cluster-advertise`
-// configured with interface name properly show the advertise ip-address in info output.
-func (s *DockerSuite) TestInfoDiscoveryAdvertiseInterfaceName(c *check.C) {
-	testRequires(c, SameHostDaemon, Network, DaemonIsLinux)
-
-	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
-	discoveryBackend := "consul://consuladdr:consulport/some/path"
-	discoveryAdvertise := "eth0"
-
-	d.Start(c, fmt.Sprintf("--cluster-store=%s", discoveryBackend), fmt.Sprintf("--cluster-advertise=%s:2375", discoveryAdvertise))
-	defer d.Stop(c)
-
-	iface, err := net.InterfaceByName(discoveryAdvertise)
-	c.Assert(err, checker.IsNil)
-	addrs, err := iface.Addrs()
-	c.Assert(err, checker.IsNil)
-	c.Assert(len(addrs), checker.GreaterThan, 0)
-	ip, _, err := net.ParseCIDR(addrs[0].String())
-	c.Assert(err, checker.IsNil)
-
-	out, err := d.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Store: %s\n", discoveryBackend))
-	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Advertise: %s:2375\n", ip.String()))
-}
-
-func (s *DockerSuite) TestInfoDisplaysRunningContainers(c *check.C) {
+func (s *DockerSuite) TestInfoDisplaysRunningContainers(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	existing := existingContainerStates(c)
 
 	dockerCmd(c, "run", "-d", "busybox", "top")
 	out, _ := dockerCmd(c, "info")
-	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"]+1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"]))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"]))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1)))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"]+1)))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"])))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"])))
 }
 
-func (s *DockerSuite) TestInfoDisplaysPausedContainers(c *check.C) {
+func (s *DockerSuite) TestInfoDisplaysPausedContainers(c *testing.T) {
 	testRequires(c, IsPausable)
 
 	existing := existingContainerStates(c)
@@ -151,13 +77,13 @@ func (s *DockerSuite) TestInfoDisplaysPausedContainers(c *check.C) {
 	dockerCmd(c, "pause", cleanedContainerID)
 
 	out, _ = dockerCmd(c, "info")
-	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"]))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"]+1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"]))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1)))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"])))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"]+1)))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"])))
 }
 
-func (s *DockerSuite) TestInfoDisplaysStoppedContainers(c *check.C) {
+func (s *DockerSuite) TestInfoDisplaysStoppedContainers(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	existing := existingContainerStates(c)
@@ -168,67 +94,17 @@ func (s *DockerSuite) TestInfoDisplaysStoppedContainers(c *check.C) {
 	dockerCmd(c, "stop", cleanedContainerID)
 
 	out, _ = dockerCmd(c, "info")
-	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"]))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"]))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"]+1))
-}
-
-func (s *DockerSuite) TestInfoDebug(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
-	d.Start(c, "--debug")
-	defer d.Stop(c)
-
-	out, err := d.Cmd("--debug", "info")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Debug Mode (client): true\n")
-	c.Assert(out, checker.Contains, "Debug Mode (server): true\n")
-	c.Assert(out, checker.Contains, "File Descriptors")
-	c.Assert(out, checker.Contains, "Goroutines")
-	c.Assert(out, checker.Contains, "System Time")
-	c.Assert(out, checker.Contains, "EventsListeners")
-	c.Assert(out, checker.Contains, "Docker Root Dir")
-}
-
-func (s *DockerSuite) TestInsecureRegistries(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	registryCIDR := "192.168.1.0/24"
-	registryHost := "insecurehost.com:5000"
-
-	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
-	d.Start(c, "--insecure-registry="+registryCIDR, "--insecure-registry="+registryHost)
-	defer d.Stop(c)
-
-	out, err := d.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Insecure Registries:\n")
-	c.Assert(out, checker.Contains, fmt.Sprintf(" %s\n", registryHost))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" %s\n", registryCIDR))
-}
-
-func (s *DockerDaemonSuite) TestRegistryMirrors(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	registryMirror1 := "https://192.168.1.2"
-	registryMirror2 := "http://registry.mirror.com:5000"
-
-	s.d.Start(c, "--registry-mirror="+registryMirror1, "--registry-mirror="+registryMirror2)
-
-	out, err := s.d.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Registry Mirrors:\n")
-	c.Assert(out, checker.Contains, fmt.Sprintf(" %s", registryMirror1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" %s", registryMirror2))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1)))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"])))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"])))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"]+1)))
 }
 
-func existingContainerStates(c *check.C) map[string]int {
+func existingContainerStates(c *testing.T) map[string]int {
 	out, _ := dockerCmd(c, "info", "--format", "{{json .}}")
 	var m map[string]interface{}
 	err := json.Unmarshal([]byte(out), &m)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	res := map[string]int{}
 	res["Containers"] = int(m["Containers"].(float64))
 	res["ContainersRunning"] = int(m["ContainersRunning"].(float64))
diff --git a/integration-cli/docker_cli_info_unix_test.go b/integration-cli/docker_cli_info_unix_test.go
index d55c05c4a51b3..f684a6c67575a 100644
--- a/integration-cli/docker_cli_info_unix_test.go
+++ b/integration-cli/docker_cli_info_unix_test.go
@@ -1,15 +1,34 @@
+//go:build !windows
 // +build !windows
 
 package main
 
 import (
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"context"
+	"testing"
+
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/daemon/config"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func (s *DockerSuite) TestInfoSecurityOptions(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled, Apparmor, DaemonIsLinux)
+func (s *DockerSuite) TestInfoSecurityOptions(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
+	if !seccompEnabled() && !Apparmor() {
+		c.Skip("test requires Seccomp and/or AppArmor")
+	}
+
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
+	defer cli.Close()
+	info, err := cli.Info(context.Background())
+	assert.NilError(c, err)
 
-	out, _ := dockerCmd(c, "info")
-	c.Assert(out, checker.Contains, "Security Options:\n apparmor\n seccomp\n  Profile: default\n")
+	if Apparmor() {
+		assert.Check(c, is.Contains(info.SecurityOptions, "name=apparmor"))
+	}
+	if seccompEnabled() {
+		assert.Check(c, is.Contains(info.SecurityOptions, "name=seccomp,profile="+config.SeccompProfileDefault))
+	}
 }
diff --git a/integration-cli/docker_cli_inspect_test.go b/integration-cli/docker_cli_inspect_test.go
index d027c447750d1..e380e0c8c8c7b 100644
--- a/integration-cli/docker_cli_inspect_test.go
+++ b/integration-cli/docker_cli_inspect_test.go
@@ -6,22 +6,22 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-func checkValidGraphDriver(c *check.C, name string) {
+func checkValidGraphDriver(c *testing.T, name string) {
 	if name != "devicemapper" && name != "overlay" && name != "vfs" && name != "zfs" && name != "btrfs" && name != "aufs" {
 		c.Fatalf("%v is not a valid graph driver name", name)
 	}
 }
 
-func (s *DockerSuite) TestInspectImage(c *check.C) {
+func (s *DockerSuite) TestInspectImage(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	imageTest := "emptyfs"
 	// It is important that this ID remain stable. If a code change causes
@@ -32,113 +32,114 @@ func (s *DockerSuite) TestInspectImage(c *check.C) {
 	imageTestID := "sha256:11f64303f0f7ffdc71f001788132bca5346831939a956e3e975c93267d89a16d"
 	id := inspectField(c, imageTest, "Id")
 
-	c.Assert(id, checker.Equals, imageTestID)
+	assert.Equal(c, id, imageTestID)
 }
 
-func (s *DockerSuite) TestInspectInt64(c *check.C) {
+func (s *DockerSuite) TestInspectInt64(c *testing.T) {
 	dockerCmd(c, "run", "-d", "-m=300M", "--name", "inspectTest", "busybox", "true")
 	inspectOut := inspectField(c, "inspectTest", "HostConfig.Memory")
-	c.Assert(inspectOut, checker.Equals, "314572800")
+	assert.Equal(c, inspectOut, "314572800")
 }
 
-func (s *DockerSuite) TestInspectDefault(c *check.C) {
-	//Both the container and image are named busybox. docker inspect will fetch the container JSON.
-	//If the container JSON is not available, it will go for the image JSON.
+func (s *DockerSuite) TestInspectDefault(c *testing.T) {
+	// Both the container and image are named busybox. docker inspect will fetch the container JSON.
+	// If the container JSON is not available, it will go for the image JSON.
 
 	out, _ := dockerCmd(c, "run", "--name=busybox", "-d", "busybox", "true")
 	containerID := strings.TrimSpace(out)
 
 	inspectOut := inspectField(c, "busybox", "Id")
-	c.Assert(strings.TrimSpace(inspectOut), checker.Equals, containerID)
+	assert.Equal(c, strings.TrimSpace(inspectOut), containerID)
 }
 
-func (s *DockerSuite) TestInspectStatus(c *check.C) {
+func (s *DockerSuite) TestInspectStatus(c *testing.T) {
 	out := runSleepingContainer(c, "-d")
 	out = strings.TrimSpace(out)
 
 	inspectOut := inspectField(c, out, "State.Status")
-	c.Assert(inspectOut, checker.Equals, "running")
+	assert.Equal(c, inspectOut, "running")
 
 	// Windows does not support pause/unpause on Windows Server Containers.
 	// (RS1 does for Hyper-V Containers, but production CI is not setup for that)
 	if testEnv.OSType != "windows" {
 		dockerCmd(c, "pause", out)
 		inspectOut = inspectField(c, out, "State.Status")
-		c.Assert(inspectOut, checker.Equals, "paused")
+		assert.Equal(c, inspectOut, "paused")
 
 		dockerCmd(c, "unpause", out)
 		inspectOut = inspectField(c, out, "State.Status")
-		c.Assert(inspectOut, checker.Equals, "running")
+		assert.Equal(c, inspectOut, "running")
 	}
 
 	dockerCmd(c, "stop", out)
 	inspectOut = inspectField(c, out, "State.Status")
-	c.Assert(inspectOut, checker.Equals, "exited")
+	assert.Equal(c, inspectOut, "exited")
 
 }
 
-func (s *DockerSuite) TestInspectTypeFlagContainer(c *check.C) {
-	//Both the container and image are named busybox. docker inspect will fetch container
-	//JSON State.Running field. If the field is true, it's a container.
+func (s *DockerSuite) TestInspectTypeFlagContainer(c *testing.T) {
+	// Both the container and image are named busybox. docker inspect will fetch container
+	// JSON State.Running field. If the field is true, it's a container.
 	runSleepingContainer(c, "--name=busybox", "-d")
 
 	formatStr := "--format={{.State.Running}}"
 	out, _ := dockerCmd(c, "inspect", "--type=container", formatStr, "busybox")
-	c.Assert(out, checker.Equals, "true\n") // not a container JSON
+	assert.Equal(c, out, "true\n") // not a container JSON
 }
 
-func (s *DockerSuite) TestInspectTypeFlagWithNoContainer(c *check.C) {
-	//Run this test on an image named busybox. docker inspect will try to fetch container
-	//JSON. Since there is no container named busybox and --type=container, docker inspect will
-	//not try to get the image JSON. It will throw an error.
+func (s *DockerSuite) TestInspectTypeFlagWithNoContainer(c *testing.T) {
+	// Run this test on an image named busybox. docker inspect will try to fetch container
+	// JSON. Since there is no container named busybox and --type=container, docker inspect will
+	// not try to get the image JSON. It will throw an error.
 
 	dockerCmd(c, "run", "-d", "busybox", "true")
 
 	_, _, err := dockerCmdWithError("inspect", "--type=container", "busybox")
 	// docker inspect should fail, as there is no container named busybox
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
-func (s *DockerSuite) TestInspectTypeFlagWithImage(c *check.C) {
-	//Both the container and image are named busybox. docker inspect will fetch image
-	//JSON as --type=image. if there is no image with name busybox, docker inspect
-	//will throw an error.
+func (s *DockerSuite) TestInspectTypeFlagWithImage(c *testing.T) {
+	// Both the container and image are named busybox. docker inspect will fetch image
+	// JSON as --type=image. if there is no image with name busybox, docker inspect
+	// will throw an error.
 
 	dockerCmd(c, "run", "--name=busybox", "-d", "busybox", "true")
 
 	out, _ := dockerCmd(c, "inspect", "--type=image", "busybox")
-	c.Assert(out, checker.Not(checker.Contains), "State") // not an image JSON
+	// not an image JSON
+	assert.Assert(c, !strings.Contains(out, "State"))
 }
 
-func (s *DockerSuite) TestInspectTypeFlagWithInvalidValue(c *check.C) {
-	//Both the container and image are named busybox. docker inspect will fail
-	//as --type=foobar is not a valid value for the flag.
+func (s *DockerSuite) TestInspectTypeFlagWithInvalidValue(c *testing.T) {
+	// Both the container and image are named busybox. docker inspect will fail
+	// as --type=foobar is not a valid value for the flag.
 
 	dockerCmd(c, "run", "--name=busybox", "-d", "busybox", "true")
 
 	out, exitCode, err := dockerCmdWithError("inspect", "--type=foobar", "busybox")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", exitCode))
-	c.Assert(exitCode, checker.Equals, 1, check.Commentf("%s", err))
-	c.Assert(out, checker.Contains, "not a valid value for --type")
+	assert.Assert(c, err != nil, "%d", exitCode)
+	assert.Equal(c, exitCode, 1, fmt.Sprintf("%s", err))
+	assert.Assert(c, strings.Contains(out, "not a valid value for --type"))
 }
 
-func (s *DockerSuite) TestInspectImageFilterInt(c *check.C) {
+func (s *DockerSuite) TestInspectImageFilterInt(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	imageTest := "emptyfs"
 	out := inspectField(c, imageTest, "Size")
 
 	size, err := strconv.Atoi(out)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect size of the image: %s, %v", out, err))
+	assert.Assert(c, err == nil, "failed to inspect size of the image: %s, %v", out, err)
 
 	//now see if the size turns out to be the same
 	formatStr := fmt.Sprintf("--format={{eq .Size %d}}", size)
 	out, _ = dockerCmd(c, "inspect", formatStr, imageTest)
 	result, err := strconv.ParseBool(strings.TrimSuffix(out, "\n"))
-	c.Assert(err, checker.IsNil)
-	c.Assert(result, checker.Equals, true)
+	assert.NilError(c, err)
+	assert.Equal(c, result, true)
 }
 
-func (s *DockerSuite) TestInspectContainerFilterInt(c *check.C) {
+func (s *DockerSuite) TestInspectContainerFilterInt(c *testing.T) {
 	result := icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "run", "-i", "-a", "stdin", "busybox", "cat"},
 		Stdin:   strings.NewReader("blahblah"),
@@ -150,17 +151,17 @@ func (s *DockerSuite) TestInspectContainerFilterInt(c *check.C) {
 	out = inspectField(c, id, "State.ExitCode")
 
 	exitCode, err := strconv.Atoi(out)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect exitcode of the container: %s, %v", out, err))
+	assert.Assert(c, err == nil, "failed to inspect exitcode of the container: %s, %v", out, err)
 
 	//now get the exit code to verify
 	formatStr := fmt.Sprintf("--format={{eq .State.ExitCode %d}}", exitCode)
 	out, _ = dockerCmd(c, "inspect", formatStr, id)
 	inspectResult, err := strconv.ParseBool(strings.TrimSuffix(out, "\n"))
-	c.Assert(err, checker.IsNil)
-	c.Assert(inspectResult, checker.Equals, true)
+	assert.NilError(c, err)
+	assert.Equal(c, inspectResult, true)
 }
 
-func (s *DockerSuite) TestInspectImageGraphDriver(c *check.C) {
+func (s *DockerSuite) TestInspectImageGraphDriver(c *testing.T) {
 	testRequires(c, DaemonIsLinux, Devicemapper)
 	imageTest := "emptyfs"
 	name := inspectField(c, imageTest, "GraphDriver.Name")
@@ -170,15 +171,15 @@ func (s *DockerSuite) TestInspectImageGraphDriver(c *check.C) {
 	deviceID := inspectField(c, imageTest, "GraphDriver.Data.DeviceId")
 
 	_, err := strconv.Atoi(deviceID)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect DeviceId of the image: %s, %v", deviceID, err))
+	assert.Assert(c, err == nil, "failed to inspect DeviceId of the image: %s, %v", deviceID, err)
 
 	deviceSize := inspectField(c, imageTest, "GraphDriver.Data.DeviceSize")
 
 	_, err = strconv.ParseUint(deviceSize, 10, 64)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect DeviceSize of the image: %s, %v", deviceSize, err))
+	assert.Assert(c, err == nil, "failed to inspect DeviceSize of the image: %s, %v", deviceSize, err)
 }
 
-func (s *DockerSuite) TestInspectContainerGraphDriver(c *check.C) {
+func (s *DockerSuite) TestInspectContainerGraphDriver(c *testing.T) {
 	testRequires(c, DaemonIsLinux, Devicemapper)
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
@@ -192,18 +193,18 @@ func (s *DockerSuite) TestInspectContainerGraphDriver(c *check.C) {
 
 	deviceID := inspectField(c, out, "GraphDriver.Data.DeviceId")
 
-	c.Assert(imageDeviceID, checker.Not(checker.Equals), deviceID)
+	assert.Assert(c, imageDeviceID != deviceID)
 
 	_, err := strconv.Atoi(deviceID)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect DeviceId of the image: %s, %v", deviceID, err))
+	assert.Assert(c, err == nil, "failed to inspect DeviceId of the image: %s, %v", deviceID, err)
 
 	deviceSize := inspectField(c, out, "GraphDriver.Data.DeviceSize")
 
 	_, err = strconv.ParseUint(deviceSize, 10, 64)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect DeviceSize of the image: %s, %v", deviceSize, err))
+	assert.Assert(c, err == nil, "failed to inspect DeviceSize of the image: %s, %v", deviceSize, err)
 }
 
-func (s *DockerSuite) TestInspectBindMountPoint(c *check.C) {
+func (s *DockerSuite) TestInspectBindMountPoint(c *testing.T) {
 	modifier := ",z"
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 	if testEnv.OSType == "windows" {
@@ -218,24 +219,24 @@ func (s *DockerSuite) TestInspectBindMountPoint(c *check.C) {
 
 	var mp []types.MountPoint
 	err := json.Unmarshal([]byte(vol), &mp)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// check that there is only one mountpoint
-	c.Assert(mp, check.HasLen, 1)
+	assert.Equal(c, len(mp), 1)
 
 	m := mp[0]
 
-	c.Assert(m.Name, checker.Equals, "")
-	c.Assert(m.Driver, checker.Equals, "")
-	c.Assert(m.Source, checker.Equals, prefix+slash+"data")
-	c.Assert(m.Destination, checker.Equals, prefix+slash+"data")
+	assert.Equal(c, m.Name, "")
+	assert.Equal(c, m.Driver, "")
+	assert.Equal(c, m.Source, prefix+slash+"data")
+	assert.Equal(c, m.Destination, prefix+slash+"data")
 	if testEnv.OSType != "windows" { // Windows does not set mode
-		c.Assert(m.Mode, checker.Equals, "ro"+modifier)
+		assert.Equal(c, m.Mode, "ro"+modifier)
 	}
-	c.Assert(m.RW, checker.Equals, false)
+	assert.Equal(c, m.RW, false)
 }
 
-func (s *DockerSuite) TestInspectNamedMountPoint(c *check.C) {
+func (s *DockerSuite) TestInspectNamedMountPoint(c *testing.T) {
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 
 	dockerCmd(c, "run", "-d", "--name", "test", "-v", "data:"+prefix+slash+"data", "busybox", "cat")
@@ -244,22 +245,22 @@ func (s *DockerSuite) TestInspectNamedMountPoint(c *check.C) {
 
 	var mp []types.MountPoint
 	err := json.Unmarshal([]byte(vol), &mp)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// check that there is only one mountpoint
-	c.Assert(mp, checker.HasLen, 1)
+	assert.Equal(c, len(mp), 1)
 
 	m := mp[0]
 
-	c.Assert(m.Name, checker.Equals, "data")
-	c.Assert(m.Driver, checker.Equals, "local")
-	c.Assert(m.Source, checker.Not(checker.Equals), "")
-	c.Assert(m.Destination, checker.Equals, prefix+slash+"data")
-	c.Assert(m.RW, checker.Equals, true)
+	assert.Equal(c, m.Name, "data")
+	assert.Equal(c, m.Driver, "local")
+	assert.Assert(c, m.Source != "")
+	assert.Equal(c, m.Destination, prefix+slash+"data")
+	assert.Equal(c, m.RW, true)
 }
 
 // #14947
-func (s *DockerSuite) TestInspectTimesAsRFC3339Nano(c *check.C) {
+func (s *DockerSuite) TestInspectTimesAsRFC3339Nano(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
 	id := strings.TrimSpace(out)
 	startedAt := inspectField(c, id, "State.StartedAt")
@@ -267,194 +268,190 @@ func (s *DockerSuite) TestInspectTimesAsRFC3339Nano(c *check.C) {
 	created := inspectField(c, id, "Created")
 
 	_, err := time.Parse(time.RFC3339Nano, startedAt)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = time.Parse(time.RFC3339Nano, finishedAt)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = time.Parse(time.RFC3339Nano, created)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	created = inspectField(c, "busybox", "Created")
 
 	_, err = time.Parse(time.RFC3339Nano, created)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
 // #15633
-func (s *DockerSuite) TestInspectLogConfigNoType(c *check.C) {
+func (s *DockerSuite) TestInspectLogConfigNoType(c *testing.T) {
 	dockerCmd(c, "create", "--name=test", "--log-opt", "max-file=42", "busybox")
 	var logConfig container.LogConfig
 
 	out := inspectFieldJSON(c, "test", "HostConfig.LogConfig")
 
 	err := json.NewDecoder(strings.NewReader(out)).Decode(&logConfig)
-	c.Assert(err, checker.IsNil, check.Commentf("%v", out))
+	assert.Assert(c, err == nil, "%v", out)
 
-	c.Assert(logConfig.Type, checker.Equals, "json-file")
-	c.Assert(logConfig.Config["max-file"], checker.Equals, "42", check.Commentf("%v", logConfig))
+	assert.Equal(c, logConfig.Type, "json-file")
+	assert.Equal(c, logConfig.Config["max-file"], "42", fmt.Sprintf("%v", logConfig))
 }
 
-func (s *DockerSuite) TestInspectNoSizeFlagContainer(c *check.C) {
-
-	//Both the container and image are named busybox. docker inspect will fetch container
-	//JSON SizeRw and SizeRootFs field. If there is no flag --size/-s, there are no size fields.
+func (s *DockerSuite) TestInspectNoSizeFlagContainer(c *testing.T) {
+	// Both the container and image are named busybox. docker inspect will fetch container
+	// JSON SizeRw and SizeRootFs field. If there is no flag --size/-s, there are no size fields.
 
 	runSleepingContainer(c, "--name=busybox", "-d")
 
 	formatStr := "--format={{.SizeRw}},{{.SizeRootFs}}"
 	out, _ := dockerCmd(c, "inspect", "--type=container", formatStr, "busybox")
-	c.Assert(strings.TrimSpace(out), check.Equals, "<nil>,<nil>", check.Commentf("Expected not to display size info: %s", out))
+	assert.Equal(c, strings.TrimSpace(out), "<nil>,<nil>", fmt.Sprintf("Expected not to display size info: %s", out))
 }
 
-func (s *DockerSuite) TestInspectSizeFlagContainer(c *check.C) {
+func (s *DockerSuite) TestInspectSizeFlagContainer(c *testing.T) {
 	runSleepingContainer(c, "--name=busybox", "-d")
 
 	formatStr := "--format='{{.SizeRw}},{{.SizeRootFs}}'"
 	out, _ := dockerCmd(c, "inspect", "-s", "--type=container", formatStr, "busybox")
 	sz := strings.Split(out, ",")
 
-	c.Assert(strings.TrimSpace(sz[0]), check.Not(check.Equals), "<nil>")
-	c.Assert(strings.TrimSpace(sz[1]), check.Not(check.Equals), "<nil>")
+	assert.Assert(c, strings.TrimSpace(sz[0]) != "<nil>")
+	assert.Assert(c, strings.TrimSpace(sz[1]) != "<nil>")
 }
 
-func (s *DockerSuite) TestInspectTemplateError(c *check.C) {
+func (s *DockerSuite) TestInspectTemplateError(c *testing.T) {
 	// Template parsing error for both the container and image.
 
 	runSleepingContainer(c, "--name=container1", "-d")
 
 	out, _, err := dockerCmdWithError("inspect", "--type=container", "--format='Format container: {{.ThisDoesNotExist}}'", "container1")
-	c.Assert(err, check.Not(check.IsNil))
-	c.Assert(out, checker.Contains, "Template parsing error")
-
+	assert.Assert(c, err != nil)
+	assert.Assert(c, strings.Contains(out, "Template parsing error"))
 	out, _, err = dockerCmdWithError("inspect", "--type=image", "--format='Format container: {{.ThisDoesNotExist}}'", "busybox")
-	c.Assert(err, check.Not(check.IsNil))
-	c.Assert(out, checker.Contains, "Template parsing error")
+	assert.Assert(c, err != nil)
+	assert.Assert(c, strings.Contains(out, "Template parsing error"))
 }
 
-func (s *DockerSuite) TestInspectJSONFields(c *check.C) {
+func (s *DockerSuite) TestInspectJSONFields(c *testing.T) {
 	runSleepingContainer(c, "--name=busybox", "-d")
 	out, _, err := dockerCmdWithError("inspect", "--type=container", "--format={{.HostConfig.Dns}}", "busybox")
 
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Equals, "[]\n")
+	assert.NilError(c, err)
+	assert.Equal(c, out, "[]\n")
 }
 
-func (s *DockerSuite) TestInspectByPrefix(c *check.C) {
+func (s *DockerSuite) TestInspectByPrefix(c *testing.T) {
 	id := inspectField(c, "busybox", "Id")
-	c.Assert(id, checker.HasPrefix, "sha256:")
+	assert.Assert(c, strings.HasPrefix(id, "sha256:"))
 
 	id2 := inspectField(c, id[:12], "Id")
-	c.Assert(id, checker.Equals, id2)
+	assert.Equal(c, id, id2)
 
 	id3 := inspectField(c, strings.TrimPrefix(id, "sha256:")[:12], "Id")
-	c.Assert(id, checker.Equals, id3)
+	assert.Equal(c, id, id3)
 }
 
-func (s *DockerSuite) TestInspectStopWhenNotFound(c *check.C) {
+func (s *DockerSuite) TestInspectStopWhenNotFound(c *testing.T) {
 	runSleepingContainer(c, "--name=busybox1", "-d")
 	runSleepingContainer(c, "--name=busybox2", "-d")
 	result := dockerCmdWithResult("inspect", "--type=container", "--format='{{.Name}}'", "busybox1", "busybox2", "missing")
 
-	c.Assert(result.Error, checker.Not(check.IsNil))
-	c.Assert(result.Stdout(), checker.Contains, "busybox1")
-	c.Assert(result.Stdout(), checker.Contains, "busybox2")
-	c.Assert(result.Stderr(), checker.Contains, "Error: No such container: missing")
-
+	assert.Assert(c, result.Error != nil)
+	assert.Assert(c, strings.Contains(result.Stdout(), "busybox1"))
+	assert.Assert(c, strings.Contains(result.Stdout(), "busybox2"))
+	assert.Assert(c, strings.Contains(result.Stderr(), "Error: No such container: missing"))
 	// test inspect would not fast fail
 	result = dockerCmdWithResult("inspect", "--type=container", "--format='{{.Name}}'", "missing", "busybox1", "busybox2")
 
-	c.Assert(result.Error, checker.Not(check.IsNil))
-	c.Assert(result.Stdout(), checker.Contains, "busybox1")
-	c.Assert(result.Stdout(), checker.Contains, "busybox2")
-	c.Assert(result.Stderr(), checker.Contains, "Error: No such container: missing")
+	assert.Assert(c, result.Error != nil)
+	assert.Assert(c, strings.Contains(result.Stdout(), "busybox1"))
+	assert.Assert(c, strings.Contains(result.Stdout(), "busybox2"))
+	assert.Assert(c, strings.Contains(result.Stderr(), "Error: No such container: missing"))
 }
 
-func (s *DockerSuite) TestInspectHistory(c *check.C) {
+func (s *DockerSuite) TestInspectHistory(c *testing.T) {
 	dockerCmd(c, "run", "--name=testcont", "busybox", "echo", "hello")
 	dockerCmd(c, "commit", "-m", "test comment", "testcont", "testimg")
 	out, _, err := dockerCmdWithError("inspect", "--format='{{.Comment}}'", "testimg")
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Contains, "test comment")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "test comment"))
 }
 
-func (s *DockerSuite) TestInspectContainerNetworkDefault(c *check.C) {
+func (s *DockerSuite) TestInspectContainerNetworkDefault(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	contName := "test1"
 	dockerCmd(c, "run", "--name", contName, "-d", "busybox", "top")
 	netOut, _ := dockerCmd(c, "network", "inspect", "--format={{.ID}}", "bridge")
 	out := inspectField(c, contName, "NetworkSettings.Networks")
-	c.Assert(out, checker.Contains, "bridge")
+	assert.Assert(c, strings.Contains(out, "bridge"))
 	out = inspectField(c, contName, "NetworkSettings.Networks.bridge.NetworkID")
-	c.Assert(strings.TrimSpace(out), checker.Equals, strings.TrimSpace(netOut))
+	assert.Equal(c, strings.TrimSpace(out), strings.TrimSpace(netOut))
 }
 
-func (s *DockerSuite) TestInspectContainerNetworkCustom(c *check.C) {
+func (s *DockerSuite) TestInspectContainerNetworkCustom(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	netOut, _ := dockerCmd(c, "network", "create", "net1")
 	dockerCmd(c, "run", "--name=container1", "--net=net1", "-d", "busybox", "top")
 	out := inspectField(c, "container1", "NetworkSettings.Networks")
-	c.Assert(out, checker.Contains, "net1")
+	assert.Assert(c, strings.Contains(out, "net1"))
 	out = inspectField(c, "container1", "NetworkSettings.Networks.net1.NetworkID")
-	c.Assert(strings.TrimSpace(out), checker.Equals, strings.TrimSpace(netOut))
+	assert.Equal(c, strings.TrimSpace(out), strings.TrimSpace(netOut))
 }
 
-func (s *DockerSuite) TestInspectRootFS(c *check.C) {
+func (s *DockerSuite) TestInspectRootFS(c *testing.T) {
 	out, _, err := dockerCmdWithError("inspect", "busybox")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	var imageJSON []types.ImageInspect
 	err = json.Unmarshal([]byte(out), &imageJSON)
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(len(imageJSON[0].RootFS.Layers), checker.GreaterOrEqualThan, 1)
+	assert.NilError(c, err)
+	assert.Assert(c, len(imageJSON[0].RootFS.Layers) >= 1)
 }
 
-func (s *DockerSuite) TestInspectAmpersand(c *check.C) {
+func (s *DockerSuite) TestInspectAmpersand(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	name := "test"
 	out, _ := dockerCmd(c, "run", "--name", name, "--env", `TEST_ENV="soanni&rtr"`, "busybox", "env")
-	c.Assert(out, checker.Contains, `soanni&rtr`)
+	assert.Assert(c, strings.Contains(out, `soanni&rtr`))
 	out, _ = dockerCmd(c, "inspect", name)
-	c.Assert(out, checker.Contains, `soanni&rtr`)
+	assert.Assert(c, strings.Contains(out, `soanni&rtr`))
 }
 
-func (s *DockerSuite) TestInspectPlugin(c *check.C) {
+func (s *DockerSuite) TestInspectPlugin(c *testing.T) {
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err := dockerCmdWithError("inspect", "--type", "plugin", "--format", "{{.Name}}", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, pNameWithTag)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), pNameWithTag)
 
 	out, _, err = dockerCmdWithError("inspect", "--format", "{{.Name}}", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, pNameWithTag)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), pNameWithTag)
 
 	// Even without tag the inspect still work
 	out, _, err = dockerCmdWithError("inspect", "--type", "plugin", "--format", "{{.Name}}", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, pNameWithTag)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), pNameWithTag)
 
 	out, _, err = dockerCmdWithError("inspect", "--format", "{{.Name}}", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, pNameWithTag)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), pNameWithTag)
 
 	_, _, err = dockerCmdWithError("plugin", "disable", pNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, pNameWithTag)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, pNameWithTag))
 }
 
 // Test case for 29185
-func (s *DockerSuite) TestInspectUnknownObject(c *check.C) {
+func (s *DockerSuite) TestInspectUnknownObject(c *testing.T) {
 	// This test should work on both Windows and Linux
 	out, _, err := dockerCmdWithError("inspect", "foobar")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Error: No such object: foobar")
-	c.Assert(err.Error(), checker.Contains, "Error: No such object: foobar")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Error: No such object: foobar"))
+	assert.ErrorContains(c, err, "Error: No such object: foobar")
 }
diff --git a/integration-cli/docker_cli_links_test.go b/integration-cli/docker_cli_links_test.go
index 17b25d7994ce1..0131233e6a6ea 100644
--- a/integration-cli/docker_cli_links_test.go
+++ b/integration-cli/docker_cli_links_test.go
@@ -6,34 +6,35 @@ import (
 	"regexp"
 	"sort"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/runconfig"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
 )
 
-func (s *DockerSuite) TestLinksPingUnlinkedContainers(c *check.C) {
+func (s *DockerSuite) TestLinksPingUnlinkedContainers(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	_, exitCode, err := dockerCmdWithError("run", "--rm", "busybox", "sh", "-c", "ping -c 1 alias1 -W 1 && ping -c 1 alias2 -W 1")
 
 	// run ping failed with error
-	c.Assert(exitCode, checker.Equals, 1, check.Commentf("error: %v", err))
+	assert.Equal(c, exitCode, 1, fmt.Sprintf("error: %v", err))
 }
 
 // Test for appropriate error when calling --link with an invalid target container
-func (s *DockerSuite) TestLinksInvalidContainerTarget(c *check.C) {
+func (s *DockerSuite) TestLinksInvalidContainerTarget(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--link", "bogus:alias", "busybox", "true")
 
 	// an invalid container target should produce an error
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 	// an invalid container target should produce an error
 	// note: convert the output to lowercase first as the error string
 	// capitalization was changed after API version 1.32
-	c.Assert(strings.ToLower(out), checker.Contains, "could not get container")
+	assert.Assert(c, strings.Contains(strings.ToLower(out), "could not get container"))
 }
 
-func (s *DockerSuite) TestLinksPingLinkedContainers(c *check.C) {
+func (s *DockerSuite) TestLinksPingLinkedContainers(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// Test with the three different ways of specifying the default network on Linux
 	testLinkPingOnNetwork(c, "")
@@ -41,7 +42,7 @@ func (s *DockerSuite) TestLinksPingLinkedContainers(c *check.C) {
 	testLinkPingOnNetwork(c, "bridge")
 }
 
-func testLinkPingOnNetwork(c *check.C, network string) {
+func testLinkPingOnNetwork(c *testing.T, network string) {
 	var postArgs []string
 	if network != "" {
 		postArgs = append(postArgs, []string{"--net", network}...)
@@ -77,7 +78,7 @@ func testLinkPingOnNetwork(c *check.C, network string) {
 	dockerCmd(c, "rm", "-f", "container2")
 }
 
-func (s *DockerSuite) TestLinksPingLinkedContainersAfterRename(c *check.C) {
+func (s *DockerSuite) TestLinksPingLinkedContainersAfterRename(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
 	idA := strings.TrimSpace(out)
@@ -90,7 +91,7 @@ func (s *DockerSuite) TestLinksPingLinkedContainersAfterRename(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestLinksInspectLinksStarted(c *check.C) {
+func (s *DockerSuite) TestLinksInspectLinksStarted(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
 	dockerCmd(c, "run", "-d", "--name", "container2", "busybox", "top")
@@ -99,17 +100,17 @@ func (s *DockerSuite) TestLinksInspectLinksStarted(c *check.C) {
 
 	var result []string
 	err := json.Unmarshal([]byte(links), &result)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var expected = []string{
 		"/container1:/testinspectlink/alias1",
 		"/container2:/testinspectlink/alias2",
 	}
 	sort.Strings(result)
-	c.Assert(result, checker.DeepEquals, expected)
+	assert.DeepEqual(c, result, expected)
 }
 
-func (s *DockerSuite) TestLinksInspectLinksStopped(c *check.C) {
+func (s *DockerSuite) TestLinksInspectLinksStopped(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
@@ -119,17 +120,17 @@ func (s *DockerSuite) TestLinksInspectLinksStopped(c *check.C) {
 
 	var result []string
 	err := json.Unmarshal([]byte(links), &result)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var expected = []string{
 		"/container1:/testinspectlink/alias1",
 		"/container2:/testinspectlink/alias2",
 	}
 	sort.Strings(result)
-	c.Assert(result, checker.DeepEquals, expected)
+	assert.DeepEqual(c, result, expected)
 }
 
-func (s *DockerSuite) TestLinksNotStartedParentNotFail(c *check.C) {
+func (s *DockerSuite) TestLinksNotStartedParentNotFail(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "create", "--name=first", "busybox", "top")
 	dockerCmd(c, "create", "--name=second", "--link=first:first", "busybox", "top")
@@ -137,9 +138,9 @@ func (s *DockerSuite) TestLinksNotStartedParentNotFail(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestLinksHostsFilesInject(c *check.C) {
+func (s *DockerSuite) TestLinksHostsFilesInject(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
-	testRequires(c, SameHostDaemon, ExecSupport)
+	testRequires(c, testEnv.IsLocalDaemon)
 
 	out, _ := dockerCmd(c, "run", "-itd", "--name", "one", "busybox", "top")
 	idOne := strings.TrimSpace(out)
@@ -147,20 +148,20 @@ func (s *DockerSuite) TestLinksHostsFilesInject(c *check.C) {
 	out, _ = dockerCmd(c, "run", "-itd", "--name", "two", "--link", "one:onetwo", "busybox", "top")
 	idTwo := strings.TrimSpace(out)
 
-	c.Assert(waitRun(idTwo), checker.IsNil)
+	assert.Assert(c, waitRun(idTwo) == nil)
 
 	readContainerFileWithExec(c, idOne, "/etc/hosts")
 	contentTwo := readContainerFileWithExec(c, idTwo, "/etc/hosts")
 	// Host is not present in updated hosts file
-	c.Assert(string(contentTwo), checker.Contains, "onetwo")
+	assert.Assert(c, strings.Contains(string(contentTwo), "onetwo"))
 }
 
-func (s *DockerSuite) TestLinksUpdateOnRestart(c *check.C) {
+func (s *DockerSuite) TestLinksUpdateOnRestart(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
-	testRequires(c, SameHostDaemon, ExecSupport)
+	testRequires(c, testEnv.IsLocalDaemon)
 	dockerCmd(c, "run", "-d", "--name", "one", "busybox", "top")
 	out, _ := dockerCmd(c, "run", "-d", "--name", "two", "--link", "one:onetwo", "--link", "one:one", "busybox", "top")
-	id := strings.TrimSpace(string(out))
+	id := strings.TrimSpace(out)
 
 	realIP := inspectField(c, "one", "NetworkSettings.Networks.bridge.IPAddress")
 	content := readContainerFileWithExec(c, id, "/etc/hosts")
@@ -168,70 +169,70 @@ func (s *DockerSuite) TestLinksUpdateOnRestart(c *check.C) {
 	getIP := func(hosts []byte, hostname string) string {
 		re := regexp.MustCompile(fmt.Sprintf(`(\S*)\t%s`, regexp.QuoteMeta(hostname)))
 		matches := re.FindSubmatch(hosts)
-		c.Assert(matches, checker.NotNil, check.Commentf("Hostname %s have no matches in hosts", hostname))
+		assert.Assert(c, matches != nil, "Hostname %s have no matches in hosts", hostname)
 		return string(matches[1])
 	}
 	ip := getIP(content, "one")
-	c.Assert(ip, checker.Equals, realIP)
+	assert.Equal(c, ip, realIP)
 
 	ip = getIP(content, "onetwo")
-	c.Assert(ip, checker.Equals, realIP)
+	assert.Equal(c, ip, realIP)
 
 	dockerCmd(c, "restart", "one")
 	realIP = inspectField(c, "one", "NetworkSettings.Networks.bridge.IPAddress")
 
 	content = readContainerFileWithExec(c, id, "/etc/hosts")
 	ip = getIP(content, "one")
-	c.Assert(ip, checker.Equals, realIP)
+	assert.Equal(c, ip, realIP)
 
 	ip = getIP(content, "onetwo")
-	c.Assert(ip, checker.Equals, realIP)
+	assert.Equal(c, ip, realIP)
 }
 
-func (s *DockerSuite) TestLinksEnvs(c *check.C) {
+func (s *DockerSuite) TestLinksEnvs(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "-e", "e1=", "-e", "e2=v2", "-e", "e3=v3=v3", "--name=first", "busybox", "top")
 	out, _ := dockerCmd(c, "run", "--name=second", "--link=first:first", "busybox", "env")
-	c.Assert(out, checker.Contains, "FIRST_ENV_e1=\n")
-	c.Assert(out, checker.Contains, "FIRST_ENV_e2=v2")
-	c.Assert(out, checker.Contains, "FIRST_ENV_e3=v3=v3")
+	assert.Assert(c, strings.Contains(out, "FIRST_ENV_e1=\n"))
+	assert.Assert(c, strings.Contains(out, "FIRST_ENV_e2=v2"))
+	assert.Assert(c, strings.Contains(out, "FIRST_ENV_e3=v3=v3"))
 }
 
-func (s *DockerSuite) TestLinkShortDefinition(c *check.C) {
+func (s *DockerSuite) TestLinkShortDefinition(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "--name", "shortlinkdef", "busybox", "top")
 
 	cid := strings.TrimSpace(out)
-	c.Assert(waitRun(cid), checker.IsNil)
+	assert.Assert(c, waitRun(cid) == nil)
 
 	out, _ = dockerCmd(c, "run", "-d", "--name", "link2", "--link", "shortlinkdef", "busybox", "top")
 
 	cid2 := strings.TrimSpace(out)
-	c.Assert(waitRun(cid2), checker.IsNil)
+	assert.Assert(c, waitRun(cid2) == nil)
 
 	links := inspectFieldJSON(c, cid2, "HostConfig.Links")
-	c.Assert(links, checker.Equals, "[\"/shortlinkdef:/link2/shortlinkdef\"]")
+	assert.Equal(c, links, "[\"/shortlinkdef:/link2/shortlinkdef\"]")
 }
 
-func (s *DockerSuite) TestLinksNetworkHostContainer(c *check.C) {
+func (s *DockerSuite) TestLinksNetworkHostContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	dockerCmd(c, "run", "-d", "--net", "host", "--name", "host_container", "busybox", "top")
 	out, _, err := dockerCmdWithError("run", "--name", "should_fail", "--link", "host_container:tester", "busybox", "true")
 
 	// Running container linking to a container with --net host should have failed
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 	// Running container linking to a container with --net host should have failed
-	c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetworkAndLinks.Error())
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictHostNetworkAndLinks.Error()))
 }
 
-func (s *DockerSuite) TestLinksEtcHostsRegularFile(c *check.C) {
+func (s *DockerSuite) TestLinksEtcHostsRegularFile(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	out, _ := dockerCmd(c, "run", "--net=host", "busybox", "ls", "-la", "/etc/hosts")
 	// /etc/hosts should be a regular file
-	c.Assert(out, checker.Matches, "^-.+\n")
+	assert.Assert(c, cmp.Regexp("^-.+\n$", out))
 }
 
-func (s *DockerSuite) TestLinksMultipleWithSameName(c *check.C) {
+func (s *DockerSuite) TestLinksMultipleWithSameName(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name=upstream-a", "busybox", "top")
 	dockerCmd(c, "run", "-d", "--name=upstream-b", "busybox", "top")
diff --git a/integration-cli/docker_cli_login_test.go b/integration-cli/docker_cli_login_test.go
index 546f55c0b91c6..04fb9eaa30bd7 100644
--- a/integration-cli/docker_cli_login_test.go
+++ b/integration-cli/docker_cli_login_test.go
@@ -3,12 +3,13 @@ package main
 import (
 	"bytes"
 	"os/exec"
+	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestLoginWithoutTTY(c *check.C) {
+func (s *DockerSuite) TestLoginWithoutTTY(c *testing.T) {
 	cmd := exec.Command(dockerBinary, "login")
 
 	// Send to stdin so the process does not get the TTY
@@ -16,14 +17,14 @@ func (s *DockerSuite) TestLoginWithoutTTY(c *check.C) {
 
 	// run the command and block until it's done
 	err := cmd.Run()
-	c.Assert(err, checker.NotNil) //"Expected non nil err when logging in & TTY not available"
+	assert.ErrorContains(c, err, "") //"Expected non nil err when logging in & TTY not available"
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) TestLoginToPrivateRegistry(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TestLoginToPrivateRegistry(c *testing.T) {
 	// wrong credentials
 	out, _, err := dockerCmdWithError("login", "-u", s.reg.Username(), "-p", "WRONGPASSWORD", privateRegistryURL)
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "401 Unauthorized")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "401 Unauthorized"))
 
 	// now it's fine
 	dockerCmd(c, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
diff --git a/integration-cli/docker_cli_logout_test.go b/integration-cli/docker_cli_logout_test.go
index ee4b032b76c54..37d5a2742ee34 100644
--- a/integration-cli/docker_cli_logout_test.go
+++ b/integration-cli/docker_cli_logout_test.go
@@ -3,75 +3,75 @@ package main
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	osPath := os.Getenv("PATH")
 	defer os.Setenv("PATH", osPath)
 
 	workingDir, err := os.Getwd()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
 
 	os.Setenv("PATH", testPath)
 
 	repoName := fmt.Sprintf("%v/dockercli/busybox:authtest", privateRegistryURL)
 
-	tmp, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	tmp, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmp)
 
 	externalAuthConfig := `{ "credsStore": "shell-test" }`
 
 	configPath := filepath.Join(tmp, "config.json")
-	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	assert.NilError(c, err)
 
 	_, err = s.d.Cmd("--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	b, err := ioutil.ReadFile(configPath)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
-	c.Assert(string(b), checker.Contains, privateRegistryURL)
+	b, err := os.ReadFile(configPath)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(string(b), `"auth":`))
+	assert.Assert(c, strings.Contains(string(b), privateRegistryURL))
 
 	_, err = s.d.Cmd("--config", tmp, "tag", "busybox", repoName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = s.d.Cmd("--config", tmp, "push", repoName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = s.d.Cmd("--config", tmp, "logout", privateRegistryURL)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	b, err = ioutil.ReadFile(configPath)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Not(checker.Contains), privateRegistryURL)
+	b, err = os.ReadFile(configPath)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(string(b), privateRegistryURL))
 
 	// check I cannot pull anymore
 	out, err := s.d.Cmd("--config", tmp, "pull", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "no basic auth credentials")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "no basic auth credentials"))
 }
 
 // #23100
-func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithWrongHostnamesStored(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithWrongHostnamesStored(c *testing.T) {
 	osPath := os.Getenv("PATH")
 	defer os.Setenv("PATH", osPath)
 
 	workingDir, err := os.Getwd()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
 
 	os.Setenv("PATH", testPath)
@@ -79,28 +79,28 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithWrongHostnamesStored(c *
 	cmd := exec.Command("docker-credential-shell-test", "store")
 	stdin := bytes.NewReader([]byte(fmt.Sprintf(`{"ServerURL": "https://%s", "Username": "%s", "Secret": "%s"}`, privateRegistryURL, s.reg.Username(), s.reg.Password())))
 	cmd.Stdin = stdin
-	c.Assert(cmd.Run(), checker.IsNil)
+	assert.NilError(c, cmd.Run())
 
-	tmp, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	tmp, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 
 	externalAuthConfig := fmt.Sprintf(`{ "auths": {"https://%s": {}}, "credsStore": "shell-test" }`, privateRegistryURL)
 
 	configPath := filepath.Join(tmp, "config.json")
-	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 
-	b, err := ioutil.ReadFile(configPath)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Contains, fmt.Sprintf("\"https://%s\": {}", privateRegistryURL))
-	c.Assert(string(b), checker.Contains, fmt.Sprintf("\"%s\": {}", privateRegistryURL))
+	b, err := os.ReadFile(configPath)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(b), fmt.Sprintf(`"https://%s": {}`, privateRegistryURL)))
+	assert.Assert(c, strings.Contains(string(b), fmt.Sprintf(`"%s": {}`, privateRegistryURL)))
 
 	dockerCmd(c, "--config", tmp, "logout", privateRegistryURL)
 
-	b, err = ioutil.ReadFile(configPath)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Not(checker.Contains), fmt.Sprintf("\"https://%s\": {}", privateRegistryURL))
-	c.Assert(string(b), checker.Not(checker.Contains), fmt.Sprintf("\"%s\": {}", privateRegistryURL))
+	b, err = os.ReadFile(configPath)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(string(b), fmt.Sprintf(`"https://%s": {}`, privateRegistryURL)))
+	assert.Assert(c, !strings.Contains(string(b), fmt.Sprintf(`"%s": {}`, privateRegistryURL)))
 }
diff --git a/integration-cli/docker_cli_logs_bench_test.go b/integration-cli/docker_cli_logs_bench_test.go
index eeb008de70198..4702b2a4b913c 100644
--- a/integration-cli/docker_cli_logs_bench_test.go
+++ b/integration-cli/docker_cli_logs_bench_test.go
@@ -3,12 +3,11 @@ package main
 import (
 	"fmt"
 	"strings"
+	"testing"
 	"time"
-
-	"github.com/go-check/check"
 )
 
-func (s *DockerSuite) BenchmarkLogsCLIRotateFollow(c *check.C) {
+func (s *DockerSuite) BenchmarkLogsCLIRotateFollow(c *testing.B) {
 	out, _ := dockerCmd(c, "run", "-d", "--log-opt", "max-size=1b", "--log-opt", "max-file=10", "busybox", "sh", "-c", "while true; do usleep 50000; echo hello; done")
 	id := strings.TrimSpace(out)
 	ch := make(chan error, 1)
diff --git a/integration-cli/docker_cli_logs_test.go b/integration-cli/docker_cli_logs_test.go
index 2740de6f0665c..fe41f0351b2e9 100644
--- a/integration-cli/docker_cli_logs_test.go
+++ b/integration-cli/docker_cli_logs_test.go
@@ -6,39 +6,39 @@ import (
 	"os/exec"
 	"regexp"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
 // This used to work, it test a log of PageSize-1 (gh#4851)
-func (s *DockerSuite) TestLogsContainerSmallerThanPage(c *check.C) {
+func (s *DockerSuite) TestLogsContainerSmallerThanPage(c *testing.T) {
 	testLogsContainerPagination(c, 32767)
 }
 
 // Regression test: When going over the PageSize, it used to panic (gh#4851)
-func (s *DockerSuite) TestLogsContainerBiggerThanPage(c *check.C) {
+func (s *DockerSuite) TestLogsContainerBiggerThanPage(c *testing.T) {
 	testLogsContainerPagination(c, 32768)
 }
 
 // Regression test: When going much over the PageSize, it used to block (gh#4851)
-func (s *DockerSuite) TestLogsContainerMuchBiggerThanPage(c *check.C) {
+func (s *DockerSuite) TestLogsContainerMuchBiggerThanPage(c *testing.T) {
 	testLogsContainerPagination(c, 33000)
 }
 
-func testLogsContainerPagination(c *check.C, testLen int) {
+func testLogsContainerPagination(c *testing.T, testLen int) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen))
 	id := strings.TrimSpace(out)
 	dockerCmd(c, "wait", id)
 	out, _ = dockerCmd(c, "logs", id)
-	c.Assert(out, checker.HasLen, testLen+1)
+	assert.Equal(c, len(out), testLen+1)
 }
 
-func (s *DockerSuite) TestLogsTimestamps(c *check.C) {
+func (s *DockerSuite) TestLogsTimestamps(c *testing.T) {
 	testLen := 100
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo = >> a.a; done; cat a.a", testLen))
 
@@ -49,21 +49,21 @@ func (s *DockerSuite) TestLogsTimestamps(c *check.C) {
 
 	lines := strings.Split(out, "\n")
 
-	c.Assert(lines, checker.HasLen, testLen+1)
+	assert.Equal(c, len(lines), testLen+1)
 
 	ts := regexp.MustCompile(`^.* `)
 
 	for _, l := range lines {
 		if l != "" {
 			_, err := time.Parse(jsonmessage.RFC3339NanoFixed+" ", ts.FindString(l))
-			c.Assert(err, checker.IsNil, check.Commentf("Failed to parse timestamp from %v", l))
+			assert.NilError(c, err, "Failed to parse timestamp from %v", l)
 			// ensure we have padded 0's
-			c.Assert(l[29], checker.Equals, uint8('Z'))
+			assert.Equal(c, l[29], uint8('Z'))
 		}
 	}
 }
 
-func (s *DockerSuite) TestLogsSeparateStderr(c *check.C) {
+func (s *DockerSuite) TestLogsSeparateStderr(c *testing.T) {
 	msg := "stderr_log"
 	out := cli.DockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg)).Combined()
 	id := strings.TrimSpace(out)
@@ -74,7 +74,7 @@ func (s *DockerSuite) TestLogsSeparateStderr(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestLogsStderrInStdout(c *check.C) {
+func (s *DockerSuite) TestLogsStderrInStdout(c *testing.T) {
 	// TODO Windows: Needs investigation why this fails. Obtained string includes
 	// a bunch of ANSI escape sequences before the "stderr_log" message.
 	testRequires(c, DaemonIsLinux)
@@ -89,7 +89,7 @@ func (s *DockerSuite) TestLogsStderrInStdout(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestLogsTail(c *check.C) {
+func (s *DockerSuite) TestLogsTail(c *testing.T) {
 	testLen := 100
 	out := cli.DockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo =; done;", testLen)).Combined()
 
@@ -98,37 +98,37 @@ func (s *DockerSuite) TestLogsTail(c *check.C) {
 
 	out = cli.DockerCmd(c, "logs", "--tail", "0", id).Combined()
 	lines := strings.Split(out, "\n")
-	c.Assert(lines, checker.HasLen, 1)
+	assert.Equal(c, len(lines), 1)
 
 	out = cli.DockerCmd(c, "logs", "--tail", "5", id).Combined()
 	lines = strings.Split(out, "\n")
-	c.Assert(lines, checker.HasLen, 6)
+	assert.Equal(c, len(lines), 6)
 
 	out = cli.DockerCmd(c, "logs", "--tail", "99", id).Combined()
 	lines = strings.Split(out, "\n")
-	c.Assert(lines, checker.HasLen, 100)
+	assert.Equal(c, len(lines), 100)
 
 	out = cli.DockerCmd(c, "logs", "--tail", "all", id).Combined()
 	lines = strings.Split(out, "\n")
-	c.Assert(lines, checker.HasLen, testLen+1)
+	assert.Equal(c, len(lines), testLen+1)
 
 	out = cli.DockerCmd(c, "logs", "--tail", "-1", id).Combined()
 	lines = strings.Split(out, "\n")
-	c.Assert(lines, checker.HasLen, testLen+1)
+	assert.Equal(c, len(lines), testLen+1)
 
 	out = cli.DockerCmd(c, "logs", "--tail", "random", id).Combined()
 	lines = strings.Split(out, "\n")
-	c.Assert(lines, checker.HasLen, testLen+1)
+	assert.Equal(c, len(lines), testLen+1)
 }
 
-func (s *DockerSuite) TestLogsFollowStopped(c *check.C) {
+func (s *DockerSuite) TestLogsFollowStopped(c *testing.T) {
 	dockerCmd(c, "run", "--name=test", "busybox", "echo", "hello")
 	id := getIDByName(c, "test")
 
 	logsCmd := exec.Command(dockerBinary, "logs", "-f", id)
-	c.Assert(logsCmd.Start(), checker.IsNil)
+	assert.NilError(c, logsCmd.Start())
 
-	errChan := make(chan error)
+	errChan := make(chan error, 1)
 	go func() {
 		errChan <- logsCmd.Wait()
 		close(errChan)
@@ -136,32 +136,32 @@ func (s *DockerSuite) TestLogsFollowStopped(c *check.C) {
 
 	select {
 	case err := <-errChan:
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(30 * time.Second):
 		c.Fatal("Following logs is hanged")
 	}
 }
 
-func (s *DockerSuite) TestLogsSince(c *check.C) {
+func (s *DockerSuite) TestLogsSince(c *testing.T) {
 	name := "testlogssince"
 	dockerCmd(c, "run", "--name="+name, "busybox", "/bin/sh", "-c", "for i in $(seq 1 3); do sleep 2; echo log$i; done")
 	out, _ := dockerCmd(c, "logs", "-t", name)
 
 	log2Line := strings.Split(strings.Split(out, "\n")[1], " ")
 	t, err := time.Parse(time.RFC3339Nano, log2Line[0]) // the timestamp log2 is written
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	since := t.Unix() + 1 // add 1s so log1 & log2 doesn't show up
 	out, _ = dockerCmd(c, "logs", "-t", fmt.Sprintf("--since=%v", since), name)
 
 	// Skip 2 seconds
 	unexpected := []string{"log1", "log2"}
 	for _, v := range unexpected {
-		c.Assert(out, checker.Not(checker.Contains), v, check.Commentf("unexpected log message returned, since=%v", since))
+		assert.Check(c, !strings.Contains(out, v), "unexpected log message returned, since=%v", since)
 	}
 
 	// Test to make sure a bad since format is caught by the client
 	out, _, _ = dockerCmdWithError("logs", "-t", "--since=2006-01-02T15:04:0Z", name)
-	c.Assert(out, checker.Contains, "cannot parse \"0Z\" as \"05\"", check.Commentf("bad since format passed to server"))
+	assert.Assert(c, strings.Contains(out, `cannot parse "0Z" as "05"`), "bad since format passed to server")
 
 	// Test with default value specified and parameter omitted
 	expected := []string{"log1", "log2", "log3"}
@@ -172,12 +172,12 @@ func (s *DockerSuite) TestLogsSince(c *check.C) {
 		result := icmd.RunCommand(dockerBinary, cmd...)
 		result.Assert(c, icmd.Success)
 		for _, v := range expected {
-			c.Assert(result.Combined(), checker.Contains, v)
+			assert.Check(c, strings.Contains(result.Combined(), v))
 		}
 	}
 }
 
-func (s *DockerSuite) TestLogsSinceFutureFollow(c *check.C) {
+func (s *DockerSuite) TestLogsSinceFutureFollow(c *testing.T) {
 	// TODO Windows TP5 - Figure out why this test is so flakey. Disabled for now.
 	testRequires(c, DaemonIsLinux)
 	name := "testlogssincefuturefollow"
@@ -195,23 +195,23 @@ func (s *DockerSuite) TestLogsSinceFutureFollow(c *check.C) {
 		}
 	}
 
-	c.Assert(timestamp, checker.Not(checker.Equals), "")
+	assert.Assert(c, timestamp != "")
 	t, err := time.Parse(time.RFC3339Nano, timestamp)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	since := t.Unix() + 2
 	out, _ := dockerCmd(c, "logs", "-t", "-f", fmt.Sprintf("--since=%v", since), name)
-	c.Assert(out, checker.Not(checker.HasLen), 0, check.Commentf("cannot read from empty log"))
+	assert.Assert(c, len(out) != 0, "cannot read from empty log")
 	lines := strings.Split(strings.TrimSpace(out), "\n")
 	for _, v := range lines {
 		ts, err := time.Parse(time.RFC3339Nano, strings.Split(v, " ")[0])
-		c.Assert(err, checker.IsNil, check.Commentf("cannot parse timestamp output from log: '%v'", v))
-		c.Assert(ts.Unix() >= since, checker.Equals, true, check.Commentf("earlier log found. since=%v logdate=%v", since, ts))
+		assert.NilError(c, err, "cannot parse timestamp output from log: '%v'", v)
+		assert.Assert(c, ts.Unix() >= since, "earlier log found. since=%v logdate=%v", since, ts)
 	}
 }
 
 // Regression test for #8832
-func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *check.C) {
+func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *testing.T) {
 	// TODO Windows: Fix this test for TP5.
 	testRequires(c, DaemonIsLinux)
 	expected := 150000
@@ -228,22 +228,22 @@ func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *check.C) {
 
 	logCmd := exec.Command(dockerBinary, "logs", "-f", id)
 	stdout, err := logCmd.StdoutPipe()
-	c.Assert(err, checker.IsNil)
-	c.Assert(logCmd.Start(), checker.IsNil)
+	assert.NilError(c, err)
+	assert.NilError(c, logCmd.Start())
 	defer func() { go logCmd.Wait() }()
 
 	// First read slowly
 	bytes1, err := ConsumeWithSpeed(stdout, 10, 50*time.Millisecond, stopSlowRead)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// After the container has finished we can continue reading fast
 	bytes2, err := ConsumeWithSpeed(stdout, 32*1024, 0, nil)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(logCmd.Wait(), checker.IsNil)
+	assert.NilError(c, logCmd.Wait())
 
 	actual := bytes1 + bytes2
-	c.Assert(actual, checker.Equals, expected)
+	assert.Equal(c, actual, expected)
 }
 
 // ConsumeWithSpeed reads chunkSize bytes from reader before sleeping
@@ -269,17 +269,17 @@ func ConsumeWithSpeed(reader io.Reader, chunkSize int, interval time.Duration, s
 	}
 }
 
-func (s *DockerSuite) TestLogsFollowGoroutinesWithStdout(c *check.C) {
+func (s *DockerSuite) TestLogsFollowGoroutinesWithStdout(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true; do echo hello; sleep 2; done")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	nroutines, err := getGoroutineNumber()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	cmd := exec.Command(dockerBinary, "logs", "-f", id)
 	r, w := io.Pipe()
 	cmd.Stdout = w
-	c.Assert(cmd.Start(), checker.IsNil)
+	assert.NilError(c, cmd.Start())
 	go cmd.Wait()
 
 	// Make sure pipe is written to
@@ -289,48 +289,48 @@ func (s *DockerSuite) TestLogsFollowGoroutinesWithStdout(c *check.C) {
 		_, err := r.Read(b)
 		chErr <- err
 	}()
-	c.Assert(<-chErr, checker.IsNil)
-	c.Assert(cmd.Process.Kill(), checker.IsNil)
+	assert.NilError(c, <-chErr)
+	assert.NilError(c, cmd.Process.Kill())
 	r.Close()
 	cmd.Wait()
 	// NGoroutines is not updated right away, so we need to wait before failing
-	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
+	assert.NilError(c, waitForGoroutines(nroutines))
 }
 
-func (s *DockerSuite) TestLogsFollowGoroutinesNoOutput(c *check.C) {
+func (s *DockerSuite) TestLogsFollowGoroutinesNoOutput(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true; do sleep 2; done")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	nroutines, err := getGoroutineNumber()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	cmd := exec.Command(dockerBinary, "logs", "-f", id)
-	c.Assert(cmd.Start(), checker.IsNil)
+	assert.NilError(c, cmd.Start())
 	go cmd.Wait()
 	time.Sleep(200 * time.Millisecond)
-	c.Assert(cmd.Process.Kill(), checker.IsNil)
+	assert.NilError(c, cmd.Process.Kill())
 	cmd.Wait()
 
 	// NGoroutines is not updated right away, so we need to wait before failing
-	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
+	assert.NilError(c, waitForGoroutines(nroutines))
 }
 
-func (s *DockerSuite) TestLogsCLIContainerNotFound(c *check.C) {
+func (s *DockerSuite) TestLogsCLIContainerNotFound(c *testing.T) {
 	name := "testlogsnocontainer"
 	out, _, _ := dockerCmdWithError("logs", name)
 	message := fmt.Sprintf("No such container: %s\n", name)
-	c.Assert(out, checker.Contains, message)
+	assert.Assert(c, strings.Contains(out, message))
 }
 
-func (s *DockerSuite) TestLogsWithDetails(c *check.C) {
+func (s *DockerSuite) TestLogsWithDetails(c *testing.T) {
 	dockerCmd(c, "run", "--name=test", "--label", "foo=bar", "-e", "baz=qux", "--log-opt", "labels=foo", "--log-opt", "env=baz", "busybox", "echo", "hello")
 	out, _ := dockerCmd(c, "logs", "--details", "--timestamps", "test")
 
 	logFields := strings.Fields(strings.TrimSpace(out))
-	c.Assert(len(logFields), checker.Equals, 3, check.Commentf("%s", out))
+	assert.Equal(c, len(logFields), 3, out)
 
 	details := strings.Split(logFields[1], ",")
-	c.Assert(details, checker.HasLen, 2)
-	c.Assert(details[0], checker.Equals, "baz=qux")
-	c.Assert(details[1], checker.Equals, "foo=bar")
+	assert.Equal(c, len(details), 2)
+	assert.Equal(c, details[0], "baz=qux")
+	assert.Equal(c, details[1], "foo=bar")
 }
diff --git a/integration-cli/docker_cli_netmode_test.go b/integration-cli/docker_cli_netmode_test.go
index 76f9898d887c6..fe6d9487ac17e 100644
--- a/integration-cli/docker_cli_netmode_test.go
+++ b/integration-cli/docker_cli_netmode_test.go
@@ -2,10 +2,10 @@ package main
 
 import (
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/runconfig"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // GH14530. Validates combinations of --net= with other options
@@ -17,80 +17,70 @@ const stringCheckPS = "PID   USER"
 // DockerCmdWithFail executes a docker command that is supposed to fail and returns
 // the output, the exit code. If the command returns a Nil error, it will fail and
 // stop the tests.
-func dockerCmdWithFail(c *check.C, args ...string) (string, int) {
+func dockerCmdWithFail(c *testing.T, args ...string) (string, int) {
 	out, status, err := dockerCmdWithError(args...)
-	c.Assert(err, check.NotNil, check.Commentf("%v", out))
+	assert.Assert(c, err != nil, "%v", out)
 	return out, status
 }
 
-func (s *DockerSuite) TestNetHostnameWithNetHost(c *check.C) {
+func (s *DockerSuite) TestNetHostnameWithNetHost(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 
 	out, _ := dockerCmd(c, "run", "--net=host", "busybox", "ps")
-	c.Assert(out, checker.Contains, stringCheckPS)
+	assert.Assert(c, strings.Contains(out, stringCheckPS))
 }
 
-func (s *DockerSuite) TestNetHostname(c *check.C) {
+func (s *DockerSuite) TestNetHostname(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "run", "-h=name", "busybox", "ps")
-	c.Assert(out, checker.Contains, stringCheckPS)
-
+	assert.Assert(c, strings.Contains(out, stringCheckPS))
 	out, _ = dockerCmd(c, "run", "-h=name", "--net=bridge", "busybox", "ps")
-	c.Assert(out, checker.Contains, stringCheckPS)
-
+	assert.Assert(c, strings.Contains(out, stringCheckPS))
 	out, _ = dockerCmd(c, "run", "-h=name", "--net=none", "busybox", "ps")
-	c.Assert(out, checker.Contains, stringCheckPS)
-
+	assert.Assert(c, strings.Contains(out, stringCheckPS))
 	out, _ = dockerCmdWithFail(c, "run", "-h=name", "--net=container:other", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkHostname.Error())
-
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictNetworkHostname.Error()))
 	out, _ = dockerCmdWithFail(c, "run", "--net=container", "busybox", "ps")
-	c.Assert(out, checker.Contains, "invalid container format container:<name|id>")
-
+	assert.Assert(c, strings.Contains(out, "invalid container format container:<name|id>"))
 	out, _ = dockerCmdWithFail(c, "run", "--net=weird", "busybox", "ps")
-	c.Assert(strings.ToLower(out), checker.Contains, "not found")
+	assert.Assert(c, strings.Contains(strings.ToLower(out), "not found"))
 }
 
-func (s *DockerSuite) TestConflictContainerNetworkAndLinks(c *check.C) {
+func (s *DockerSuite) TestConflictContainerNetworkAndLinks(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	out, _ := dockerCmdWithFail(c, "run", "--net=container:other", "--link=zip:zap", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictContainerNetworkAndLinks.Error())
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictContainerNetworkAndLinks.Error()))
 }
 
-func (s *DockerSuite) TestConflictContainerNetworkHostAndLinks(c *check.C) {
+func (s *DockerSuite) TestConflictContainerNetworkHostAndLinks(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 
 	out, _ := dockerCmdWithFail(c, "run", "--net=host", "--link=zip:zap", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetworkAndLinks.Error())
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictHostNetworkAndLinks.Error()))
 }
 
-func (s *DockerSuite) TestConflictNetworkModeNetHostAndOptions(c *check.C) {
+func (s *DockerSuite) TestConflictNetworkModeNetHostAndOptions(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 
 	out, _ := dockerCmdWithFail(c, "run", "--net=host", "--mac-address=92:d0:c6:0a:29:33", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictContainerNetworkAndMac.Error())
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictContainerNetworkAndMac.Error()))
 }
 
-func (s *DockerSuite) TestConflictNetworkModeAndOptions(c *check.C) {
+func (s *DockerSuite) TestConflictNetworkModeAndOptions(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	out, _ := dockerCmdWithFail(c, "run", "--net=container:other", "--dns=8.8.8.8", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkAndDNS.Error())
-
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictNetworkAndDNS.Error()))
 	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "--add-host=name:8.8.8.8", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkHosts.Error())
-
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictNetworkHosts.Error()))
 	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "--mac-address=92:d0:c6:0a:29:33", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictContainerNetworkAndMac.Error())
-
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictContainerNetworkAndMac.Error()))
 	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "-P", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkPublishPorts.Error())
-
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictNetworkPublishPorts.Error()))
 	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "-p", "8080", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkPublishPorts.Error())
-
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictNetworkPublishPorts.Error()))
 	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "--expose", "8000-9000", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkExposePorts.Error())
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictNetworkExposePorts.Error()))
 }
diff --git a/integration-cli/docker_cli_network_test.go b/integration-cli/docker_cli_network_test.go
new file mode 100644
index 0000000000000..ad1c95876fd8d
--- /dev/null
+++ b/integration-cli/docker_cli_network_test.go
@@ -0,0 +1,13 @@
+package main
+
+import (
+	"net/http/httptest"
+
+	"github.com/docker/docker/integration-cli/daemon"
+)
+
+type DockerNetworkSuite struct {
+	server *httptest.Server
+	ds     *DockerSuite
+	d      *daemon.Daemon
+}
diff --git a/integration-cli/docker_cli_network_unix_test.go b/integration-cli/docker_cli_network_unix_test.go
index d3d6256a752c0..ea5da4b40167d 100644
--- a/integration-cli/docker_cli_network_unix_test.go
+++ b/integration-cli/docker_cli_network_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -5,31 +6,30 @@ package main
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions/v1p20"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/daemon"
-	testdaemon "github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/libnetwork/driverapi"
+	remoteapi "github.com/docker/docker/libnetwork/drivers/remote/api"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	remoteipam "github.com/docker/docker/libnetwork/ipams/remote/api"
+	"github.com/docker/docker/libnetwork/netlabel"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/libnetwork/driverapi"
-	remoteapi "github.com/docker/libnetwork/drivers/remote/api"
-	"github.com/docker/libnetwork/ipamapi"
-	remoteipam "github.com/docker/libnetwork/ipams/remote/api"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/go-check/check"
+	testdaemon "github.com/docker/docker/testutil/daemon"
 	"github.com/vishvananda/netlink"
 	"golang.org/x/sys/unix"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
 const dummyNetworkDriver = "dummy-network-driver"
@@ -37,37 +37,25 @@ const dummyIPAMDriver = "dummy-ipam-driver"
 
 var remoteDriverNetworkRequest remoteapi.CreateNetworkRequest
 
-func init() {
-	check.Suite(&DockerNetworkSuite{
-		ds: &DockerSuite{},
-	})
-}
-
-type DockerNetworkSuite struct {
-	server *httptest.Server
-	ds     *DockerSuite
-	d      *daemon.Daemon
-}
-
-func (s *DockerNetworkSuite) SetUpTest(c *check.C) {
+func (s *DockerNetworkSuite) SetUpTest(c *testing.T) {
 	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
-func (s *DockerNetworkSuite) TearDownTest(c *check.C) {
+func (s *DockerNetworkSuite) TearDownTest(c *testing.T) {
 	if s.d != nil {
 		s.d.Stop(c)
 		s.ds.TearDownTest(c)
 	}
 }
 
-func (s *DockerNetworkSuite) SetUpSuite(c *check.C) {
+func (s *DockerNetworkSuite) SetUpSuite(c *testing.T) {
 	mux := http.NewServeMux()
 	s.server = httptest.NewServer(mux)
-	c.Assert(s.server, check.NotNil, check.Commentf("Failed to start an HTTP Server"))
+	assert.Assert(c, s.server != nil, "Failed to start an HTTP Server")
 	setupRemoteNetworkDrivers(c, mux, s.server.URL, dummyNetworkDriver, dummyIPAMDriver)
 }
 
-func setupRemoteNetworkDrivers(c *check.C, mux *http.ServeMux, url, netDrv, ipamDrv string) {
+func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ipamDrv string) {
 
 	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
@@ -209,18 +197,18 @@ func setupRemoteNetworkDrivers(c *check.C, mux *http.ServeMux, url, netDrv, ipam
 	})
 
 	err := os.MkdirAll("/etc/docker/plugins", 0755)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", netDrv)
-	err = ioutil.WriteFile(fileName, []byte(url), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(fileName, []byte(url), 0644)
+	assert.NilError(c, err)
 
 	ipamFileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", ipamDrv)
-	err = ioutil.WriteFile(ipamFileName, []byte(url), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(ipamFileName, []byte(url), 0644)
+	assert.NilError(c, err)
 }
 
-func (s *DockerNetworkSuite) TearDownSuite(c *check.C) {
+func (s *DockerNetworkSuite) TearDownSuite(c *testing.T) {
 	if s.server == nil {
 		return
 	}
@@ -228,22 +216,22 @@ func (s *DockerNetworkSuite) TearDownSuite(c *check.C) {
 	s.server.Close()
 
 	err := os.RemoveAll("/etc/docker/plugins")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
-func assertNwIsAvailable(c *check.C, name string) {
+func assertNwIsAvailable(c *testing.T, name string) {
 	if !isNwPresent(c, name) {
 		c.Fatalf("Network %s not found in network ls o/p", name)
 	}
 }
 
-func assertNwNotAvailable(c *check.C, name string) {
+func assertNwNotAvailable(c *testing.T, name string) {
 	if isNwPresent(c, name) {
 		c.Fatalf("Found network %s in network ls o/p", name)
 	}
 }
 
-func isNwPresent(c *check.C, name string) bool {
+func isNwPresent(c *testing.T, name string) bool {
 	out, _ := dockerCmd(c, "network", "ls")
 	lines := strings.Split(out, "\n")
 	for i := 1; i < len(lines)-1; i++ {
@@ -258,7 +246,7 @@ func isNwPresent(c *check.C, name string) bool {
 // assertNwList checks network list retrieved with ls command
 // equals to expected network list
 // note: out should be `network ls [option]` result
-func assertNwList(c *check.C, out string, expectNws []string) {
+func assertNwList(c *testing.T, out string, expectNws []string) {
 	lines := strings.Split(out, "\n")
 	var nwList []string
 	for _, line := range lines[1 : len(lines)-1] {
@@ -268,54 +256,54 @@ func assertNwList(c *check.C, out string, expectNws []string) {
 	}
 
 	// network ls should contains all expected networks
-	c.Assert(nwList, checker.DeepEquals, expectNws)
+	assert.DeepEqual(c, nwList, expectNws)
 }
 
-func getNwResource(c *check.C, name string) *types.NetworkResource {
+func getNwResource(c *testing.T, name string) *types.NetworkResource {
 	out, _ := dockerCmd(c, "network", "inspect", name)
 	var nr []types.NetworkResource
 	err := json.Unmarshal([]byte(out), &nr)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	return &nr[0]
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkLsDefault(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkLsDefault(c *testing.T) {
 	defaults := []string{"bridge", "host", "none"}
 	for _, nn := range defaults {
 		assertNwIsAvailable(c, nn)
 	}
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkCreatePredefined(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkCreatePredefined(c *testing.T) {
 	predefined := []string{"bridge", "host", "none", "default"}
 	for _, net := range predefined {
 		// predefined networks can't be created again
 		out, _, err := dockerCmdWithError("network", "create", net)
-		c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+		assert.ErrorContains(c, err, "", out)
 	}
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkCreateHostBind(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkCreateHostBind(c *testing.T) {
 	dockerCmd(c, "network", "create", "--subnet=192.168.10.0/24", "--gateway=192.168.10.1", "-o", "com.docker.network.bridge.host_binding_ipv4=192.168.10.1", "testbind")
 	assertNwIsAvailable(c, "testbind")
 
 	out := runSleepingContainer(c, "--net=testbind", "-p", "5000:5000")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 	out, _ = dockerCmd(c, "ps")
-	c.Assert(out, checker.Contains, "192.168.10.1:5000->5000/tcp")
+	assert.Assert(c, strings.Contains(out, "192.168.10.1:5000->5000/tcp"))
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkRmPredefined(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkRmPredefined(c *testing.T) {
 	predefined := []string{"bridge", "host", "none", "default"}
 	for _, net := range predefined {
 		// predefined networks can't be removed
 		out, _, err := dockerCmdWithError("network", "rm", net)
-		c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+		assert.ErrorContains(c, err, "", out)
 	}
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkLsFilter(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkLsFilter(c *testing.T) {
 	testRequires(c, OnlyDefaultNetworks)
 	testNet := "testnet1"
 	testLabel := "foo"
@@ -359,7 +347,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkLsFilter(c *check.C) {
 
 	out, _ = dockerCmd(c, "network", "ls", "-f", "label=nonexistent")
 	outArr := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("%s\n", out))
+	assert.Equal(c, len(outArr), 1, fmt.Sprintf("%s\n", out))
 
 	out, _ = dockerCmd(c, "network", "ls", "-f", "driver=null")
 	assertNwList(c, out, []string{"none"})
@@ -371,7 +359,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkLsFilter(c *check.C) {
 	assertNwList(c, out, []string{"bridge", "dev", testNet})
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkCreateDelete(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkCreateDelete(c *testing.T) {
 	dockerCmd(c, "network", "create", "test")
 	assertNwIsAvailable(c, "test")
 
@@ -379,7 +367,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkCreateDelete(c *check.C) {
 	assertNwNotAvailable(c, "test")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkCreateLabel(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkCreateLabel(c *testing.T) {
 	testNet := "testnetcreatelabel"
 	testLabel := "foo"
 	testValue := "bar"
@@ -388,19 +376,19 @@ func (s *DockerNetworkSuite) TestDockerNetworkCreateLabel(c *check.C) {
 	assertNwIsAvailable(c, testNet)
 
 	out, _, err := dockerCmdWithError("network", "inspect", "--format={{ .Labels."+testLabel+" }}", testNet)
-	c.Assert(err, check.IsNil)
-	c.Assert(strings.TrimSpace(out), check.Equals, testValue)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), testValue)
 
 	dockerCmd(c, "network", "rm", testNet)
 	assertNwNotAvailable(c, testNet)
 }
 
-func (s *DockerSuite) TestDockerNetworkDeleteNotExists(c *check.C) {
+func (s *DockerSuite) TestDockerNetworkDeleteNotExists(c *testing.T) {
 	out, _, err := dockerCmdWithError("network", "rm", "test")
-	c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+	assert.ErrorContains(c, err, "", out)
 }
 
-func (s *DockerSuite) TestDockerNetworkDeleteMultiple(c *check.C) {
+func (s *DockerSuite) TestDockerNetworkDeleteMultiple(c *testing.T) {
 	dockerCmd(c, "network", "create", "testDelMulti0")
 	assertNwIsAvailable(c, "testDelMulti0")
 	dockerCmd(c, "network", "create", "testDelMulti1")
@@ -415,48 +403,48 @@ func (s *DockerSuite) TestDockerNetworkDeleteMultiple(c *check.C) {
 	// contains active container, its deletion should fail.
 	out, _, err := dockerCmdWithError("network", "rm", "testDelMulti0", "testDelMulti1", "testDelMulti2")
 	// err should not be nil due to deleting testDelMulti2 failed.
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 	// testDelMulti2 should fail due to network has active endpoints
-	c.Assert(out, checker.Contains, "has active endpoints")
+	assert.Assert(c, strings.Contains(out, "has active endpoints"))
 	assertNwNotAvailable(c, "testDelMulti0")
 	assertNwNotAvailable(c, "testDelMulti1")
 	// testDelMulti2 can't be deleted, so it should exist
 	assertNwIsAvailable(c, "testDelMulti2")
 }
 
-func (s *DockerSuite) TestDockerNetworkInspect(c *check.C) {
+func (s *DockerSuite) TestDockerNetworkInspect(c *testing.T) {
 	out, _ := dockerCmd(c, "network", "inspect", "host")
 	var networkResources []types.NetworkResource
 	err := json.Unmarshal([]byte(out), &networkResources)
-	c.Assert(err, check.IsNil)
-	c.Assert(networkResources, checker.HasLen, 1)
+	assert.NilError(c, err)
+	assert.Equal(c, len(networkResources), 1)
 
 	out, _ = dockerCmd(c, "network", "inspect", "--format={{ .Name }}", "host")
-	c.Assert(strings.TrimSpace(out), check.Equals, "host")
+	assert.Equal(c, strings.TrimSpace(out), "host")
 }
 
-func (s *DockerSuite) TestDockerNetworkInspectWithID(c *check.C) {
+func (s *DockerSuite) TestDockerNetworkInspectWithID(c *testing.T) {
 	out, _ := dockerCmd(c, "network", "create", "test2")
 	networkID := strings.TrimSpace(out)
 	assertNwIsAvailable(c, "test2")
 	out, _ = dockerCmd(c, "network", "inspect", "--format={{ .Id }}", "test2")
-	c.Assert(strings.TrimSpace(out), check.Equals, networkID)
+	assert.Equal(c, strings.TrimSpace(out), networkID)
 
 	out, _ = dockerCmd(c, "network", "inspect", "--format={{ .ID }}", "test2")
-	c.Assert(strings.TrimSpace(out), check.Equals, networkID)
+	assert.Equal(c, strings.TrimSpace(out), networkID)
 }
 
-func (s *DockerSuite) TestDockerInspectMultipleNetwork(c *check.C) {
+func (s *DockerSuite) TestDockerInspectMultipleNetwork(c *testing.T) {
 	result := dockerCmdWithResult("network", "inspect", "host", "none")
 	result.Assert(c, icmd.Success)
 
 	var networkResources []types.NetworkResource
 	err := json.Unmarshal([]byte(result.Stdout()), &networkResources)
-	c.Assert(err, check.IsNil)
-	c.Assert(networkResources, checker.HasLen, 2)
+	assert.NilError(c, err)
+	assert.Equal(c, len(networkResources), 2)
 }
 
-func (s *DockerSuite) TestDockerInspectMultipleNetworksIncludingNonexistent(c *check.C) {
+func (s *DockerSuite) TestDockerInspectMultipleNetworksIncludingNonexistent(c *testing.T) {
 	// non-existent network was not at the beginning of the inspect list
 	// This should print an error, return an exitCode 1 and print the host network
 	result := dockerCmdWithResult("network", "inspect", "host", "nonexistent")
@@ -468,8 +456,8 @@ func (s *DockerSuite) TestDockerInspectMultipleNetworksIncludingNonexistent(c *c
 
 	var networkResources []types.NetworkResource
 	err := json.Unmarshal([]byte(result.Stdout()), &networkResources)
-	c.Assert(err, check.IsNil)
-	c.Assert(networkResources, checker.HasLen, 1)
+	assert.NilError(c, err)
+	assert.Equal(c, len(networkResources), 1)
 
 	// Only one non-existent network to inspect
 	// Should print an error and return an exitCode, nothing else
@@ -491,11 +479,11 @@ func (s *DockerSuite) TestDockerInspectMultipleNetworksIncludingNonexistent(c *c
 
 	networkResources = []types.NetworkResource{}
 	err = json.Unmarshal([]byte(result.Stdout()), &networkResources)
-	c.Assert(err, check.IsNil)
-	c.Assert(networkResources, checker.HasLen, 1)
+	assert.NilError(c, err)
+	assert.Equal(c, len(networkResources), 1)
 }
 
-func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *check.C) {
+func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *testing.T) {
 	dockerCmd(c, "network", "create", "brNetForInspect")
 	assertNwIsAvailable(c, "brNetForInspect")
 	defer func() {
@@ -504,7 +492,7 @@ func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *check.C) {
 	}()
 
 	out, _ := dockerCmd(c, "run", "-d", "--name", "testNetInspect1", "--net", "brNetForInspect", "busybox", "top")
-	c.Assert(waitRun("testNetInspect1"), check.IsNil)
+	assert.Assert(c, waitRun("testNetInspect1") == nil)
 	containerID := strings.TrimSpace(out)
 	defer func() {
 		// we don't stop container by name, because we'll rename it later
@@ -514,11 +502,11 @@ func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *check.C) {
 	out, _ = dockerCmd(c, "network", "inspect", "brNetForInspect")
 	var networkResources []types.NetworkResource
 	err := json.Unmarshal([]byte(out), &networkResources)
-	c.Assert(err, check.IsNil)
-	c.Assert(networkResources, checker.HasLen, 1)
+	assert.NilError(c, err)
+	assert.Equal(c, len(networkResources), 1)
 	container, ok := networkResources[0].Containers[containerID]
-	c.Assert(ok, checker.True)
-	c.Assert(container.Name, checker.Equals, "testNetInspect1")
+	assert.Assert(c, ok)
+	assert.Equal(c, container.Name, "testNetInspect1")
 
 	// rename container and check docker inspect output update
 	newName := "HappyNewName"
@@ -528,25 +516,24 @@ func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *check.C) {
 	out, _ = dockerCmd(c, "network", "inspect", "brNetForInspect")
 	var newNetRes []types.NetworkResource
 	err = json.Unmarshal([]byte(out), &newNetRes)
-	c.Assert(err, check.IsNil)
-	c.Assert(newNetRes, checker.HasLen, 1)
+	assert.NilError(c, err)
+	assert.Equal(c, len(newNetRes), 1)
 	container1, ok := newNetRes[0].Containers[containerID]
-	c.Assert(ok, checker.True)
-	c.Assert(container1.Name, checker.Equals, newName)
-
+	assert.Assert(c, ok)
+	assert.Equal(c, container1.Name, newName)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnect(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnect(c *testing.T) {
 	dockerCmd(c, "network", "create", "test")
 	assertNwIsAvailable(c, "test")
 	nr := getNwResource(c, "test")
 
-	c.Assert(nr.Name, checker.Equals, "test")
-	c.Assert(len(nr.Containers), checker.Equals, 0)
+	assert.Equal(c, nr.Name, "test")
+	assert.Equal(c, len(nr.Containers), 0)
 
 	// run a container
 	out, _ := dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
-	c.Assert(waitRun("test"), check.IsNil)
+	assert.Assert(c, waitRun("test") == nil)
 	containerID := strings.TrimSpace(out)
 
 	// connect the container to the test network
@@ -554,43 +541,42 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnect(c *check.C) {
 
 	// inspect the network to make sure container is connected
 	nr = getNetworkResource(c, nr.ID)
-	c.Assert(len(nr.Containers), checker.Equals, 1)
-	c.Assert(nr.Containers[containerID], check.NotNil)
+	assert.Equal(c, len(nr.Containers), 1)
 
 	// check if container IP matches network inspect
 	ip, _, err := net.ParseCIDR(nr.Containers[containerID].IPv4Address)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	containerIP := findContainerIP(c, "test", "test")
-	c.Assert(ip.String(), checker.Equals, containerIP)
+	assert.Equal(c, ip.String(), containerIP)
 
 	// disconnect container from the network
 	dockerCmd(c, "network", "disconnect", "test", containerID)
 	nr = getNwResource(c, "test")
-	c.Assert(nr.Name, checker.Equals, "test")
-	c.Assert(len(nr.Containers), checker.Equals, 0)
+	assert.Equal(c, nr.Name, "test")
+	assert.Equal(c, len(nr.Containers), 0)
 
 	// run another container
 	out, _ = dockerCmd(c, "run", "-d", "--net", "test", "--name", "test2", "busybox", "top")
-	c.Assert(waitRun("test2"), check.IsNil)
+	assert.Assert(c, waitRun("test2") == nil)
 	containerID = strings.TrimSpace(out)
 
 	nr = getNwResource(c, "test")
-	c.Assert(nr.Name, checker.Equals, "test")
-	c.Assert(len(nr.Containers), checker.Equals, 1)
+	assert.Equal(c, nr.Name, "test")
+	assert.Equal(c, len(nr.Containers), 1)
 
 	// force disconnect the container to the test network
 	dockerCmd(c, "network", "disconnect", "-f", "test", containerID)
 
 	nr = getNwResource(c, "test")
-	c.Assert(nr.Name, checker.Equals, "test")
-	c.Assert(len(nr.Containers), checker.Equals, 0)
+	assert.Equal(c, nr.Name, "test")
+	assert.Equal(c, len(nr.Containers), 0)
 
 	dockerCmd(c, "network", "rm", "test")
 	assertNwNotAvailable(c, "test")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkIPAMMultipleNetworks(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkIPAMMultipleNetworks(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	// test0 bridge network
 	dockerCmd(c, "network", "create", "--subnet=192.168.0.0/16", "test1")
 	assertNwIsAvailable(c, "test1")
@@ -630,24 +616,24 @@ func (s *DockerNetworkSuite) TestDockerNetworkIPAMMultipleNetworks(c *check.C) {
 	}
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkCustomIPAM(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkCustomIPAM(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	// Create a bridge network using custom ipam driver
 	dockerCmd(c, "network", "create", "--ipam-driver", dummyIPAMDriver, "br0")
 	assertNwIsAvailable(c, "br0")
 
 	// Verify expected network ipam fields are there
 	nr := getNetworkResource(c, "br0")
-	c.Assert(nr.Driver, checker.Equals, "bridge")
-	c.Assert(nr.IPAM.Driver, checker.Equals, dummyIPAMDriver)
+	assert.Equal(c, nr.Driver, "bridge")
+	assert.Equal(c, nr.IPAM.Driver, dummyIPAMDriver)
 
 	// remove network and exercise remote ipam driver
 	dockerCmd(c, "network", "rm", "br0")
 	assertNwNotAvailable(c, "br0")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkIPAMOptions(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkIPAMOptions(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	// Create a bridge network using custom ipam driver and options
 	dockerCmd(c, "network", "create", "--ipam-driver", dummyIPAMDriver, "--ipam-opt", "opt1=drv1", "--ipam-opt", "opt2=drv2", "br0")
 	assertNwIsAvailable(c, "br0")
@@ -655,104 +641,100 @@ func (s *DockerNetworkSuite) TestDockerNetworkIPAMOptions(c *check.C) {
 	// Verify expected network ipam options
 	nr := getNetworkResource(c, "br0")
 	opts := nr.IPAM.Options
-	c.Assert(opts["opt1"], checker.Equals, "drv1")
-	c.Assert(opts["opt2"], checker.Equals, "drv2")
+	assert.Equal(c, opts["opt1"], "drv1")
+	assert.Equal(c, opts["opt2"], "drv2")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkNullIPAMDriver(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkNullIPAMDriver(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	// Create a network with null ipam driver
 	_, _, err := dockerCmdWithError("network", "create", "-d", dummyNetworkDriver, "--ipam-driver", "null", "test000")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	assertNwIsAvailable(c, "test000")
 
 	// Verify the inspect data contains the default subnet provided by the null
 	// ipam driver and no gateway, as the null ipam driver does not provide one
 	nr := getNetworkResource(c, "test000")
-	c.Assert(nr.IPAM.Driver, checker.Equals, "null")
-	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
-	c.Assert(nr.IPAM.Config[0].Subnet, checker.Equals, "0.0.0.0/0")
-	c.Assert(nr.IPAM.Config[0].Gateway, checker.Equals, "")
+	assert.Equal(c, nr.IPAM.Driver, "null")
+	assert.Equal(c, len(nr.IPAM.Config), 1)
+	assert.Equal(c, nr.IPAM.Config[0].Subnet, "0.0.0.0/0")
+	assert.Equal(c, nr.IPAM.Config[0].Gateway, "")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkInspectDefault(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkInspectDefault(c *testing.T) {
 	nr := getNetworkResource(c, "none")
-	c.Assert(nr.Driver, checker.Equals, "null")
-	c.Assert(nr.Scope, checker.Equals, "local")
-	c.Assert(nr.Internal, checker.Equals, false)
-	c.Assert(nr.EnableIPv6, checker.Equals, false)
-	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
-	c.Assert(len(nr.IPAM.Config), checker.Equals, 0)
+	assert.Equal(c, nr.Driver, "null")
+	assert.Equal(c, nr.Scope, "local")
+	assert.Equal(c, nr.Internal, false)
+	assert.Equal(c, nr.EnableIPv6, false)
+	assert.Equal(c, nr.IPAM.Driver, "default")
+	assert.Equal(c, len(nr.IPAM.Config), 0)
 
 	nr = getNetworkResource(c, "host")
-	c.Assert(nr.Driver, checker.Equals, "host")
-	c.Assert(nr.Scope, checker.Equals, "local")
-	c.Assert(nr.Internal, checker.Equals, false)
-	c.Assert(nr.EnableIPv6, checker.Equals, false)
-	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
-	c.Assert(len(nr.IPAM.Config), checker.Equals, 0)
+	assert.Equal(c, nr.Driver, "host")
+	assert.Equal(c, nr.Scope, "local")
+	assert.Equal(c, nr.Internal, false)
+	assert.Equal(c, nr.EnableIPv6, false)
+	assert.Equal(c, nr.IPAM.Driver, "default")
+	assert.Equal(c, len(nr.IPAM.Config), 0)
 
 	nr = getNetworkResource(c, "bridge")
-	c.Assert(nr.Driver, checker.Equals, "bridge")
-	c.Assert(nr.Scope, checker.Equals, "local")
-	c.Assert(nr.Internal, checker.Equals, false)
-	c.Assert(nr.EnableIPv6, checker.Equals, false)
-	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
-	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
-	c.Assert(nr.IPAM.Config[0].Subnet, checker.NotNil)
-	c.Assert(nr.IPAM.Config[0].Gateway, checker.NotNil)
+	assert.Equal(c, nr.Driver, "bridge")
+	assert.Equal(c, nr.Scope, "local")
+	assert.Equal(c, nr.Internal, false)
+	assert.Equal(c, nr.EnableIPv6, false)
+	assert.Equal(c, nr.IPAM.Driver, "default")
+	assert.Equal(c, len(nr.IPAM.Config), 1)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkInspectCustomUnspecified(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkInspectCustomUnspecified(c *testing.T) {
 	// if unspecified, network subnet will be selected from inside preferred pool
 	dockerCmd(c, "network", "create", "test01")
 	assertNwIsAvailable(c, "test01")
 
 	nr := getNetworkResource(c, "test01")
-	c.Assert(nr.Driver, checker.Equals, "bridge")
-	c.Assert(nr.Scope, checker.Equals, "local")
-	c.Assert(nr.Internal, checker.Equals, false)
-	c.Assert(nr.EnableIPv6, checker.Equals, false)
-	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
-	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
-	c.Assert(nr.IPAM.Config[0].Subnet, checker.NotNil)
-	c.Assert(nr.IPAM.Config[0].Gateway, checker.NotNil)
+	assert.Equal(c, nr.Driver, "bridge")
+	assert.Equal(c, nr.Scope, "local")
+	assert.Equal(c, nr.Internal, false)
+	assert.Equal(c, nr.EnableIPv6, false)
+	assert.Equal(c, nr.IPAM.Driver, "default")
+	assert.Equal(c, len(nr.IPAM.Config), 1)
 
 	dockerCmd(c, "network", "rm", "test01")
 	assertNwNotAvailable(c, "test01")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkInspectCustomSpecified(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkInspectCustomSpecified(c *testing.T) {
 	dockerCmd(c, "network", "create", "--driver=bridge", "--ipv6", "--subnet=fd80:24e2:f998:72d6::/64", "--subnet=172.28.0.0/16", "--ip-range=172.28.5.0/24", "--gateway=172.28.5.254", "br0")
 	assertNwIsAvailable(c, "br0")
 
 	nr := getNetworkResource(c, "br0")
-	c.Assert(nr.Driver, checker.Equals, "bridge")
-	c.Assert(nr.Scope, checker.Equals, "local")
-	c.Assert(nr.Internal, checker.Equals, false)
-	c.Assert(nr.EnableIPv6, checker.Equals, true)
-	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
-	c.Assert(len(nr.IPAM.Config), checker.Equals, 2)
-	c.Assert(nr.IPAM.Config[0].Subnet, checker.Equals, "172.28.0.0/16")
-	c.Assert(nr.IPAM.Config[0].IPRange, checker.Equals, "172.28.5.0/24")
-	c.Assert(nr.IPAM.Config[0].Gateway, checker.Equals, "172.28.5.254")
-	c.Assert(nr.Internal, checker.False)
+	assert.Equal(c, nr.Driver, "bridge")
+	assert.Equal(c, nr.Scope, "local")
+	assert.Equal(c, nr.Internal, false)
+	assert.Equal(c, nr.EnableIPv6, true)
+	assert.Equal(c, nr.IPAM.Driver, "default")
+	assert.Equal(c, len(nr.IPAM.Config), 2)
+	assert.Equal(c, nr.IPAM.Config[0].Subnet, "172.28.0.0/16")
+	assert.Equal(c, nr.IPAM.Config[0].IPRange, "172.28.5.0/24")
+	assert.Equal(c, nr.IPAM.Config[0].Gateway, "172.28.5.254")
+	assert.Equal(c, nr.Internal, false)
 	dockerCmd(c, "network", "rm", "br0")
 	assertNwNotAvailable(c, "br0")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkIPAMInvalidCombinations(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkIPAMInvalidCombinations(c *testing.T) {
 	// network with ip-range out of subnet range
 	_, _, err := dockerCmdWithError("network", "create", "--subnet=192.168.0.0/16", "--ip-range=192.170.0.0/16", "test")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// network with multiple gateways for a single subnet
 	_, _, err = dockerCmdWithError("network", "create", "--subnet=192.168.0.0/16", "--gateway=192.168.0.1", "--gateway=192.168.0.2", "test")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// Multiple overlapping subnets in the same network must fail
 	_, _, err = dockerCmdWithError("network", "create", "--subnet=192.168.0.0/16", "--subnet=192.168.1.0/16", "test")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// overlapping subnets across networks must fail
 	// create a valid test0 network
@@ -760,27 +742,27 @@ func (s *DockerNetworkSuite) TestDockerNetworkIPAMInvalidCombinations(c *check.C
 	assertNwIsAvailable(c, "test0")
 	// create an overlapping test1 network
 	_, _, err = dockerCmdWithError("network", "create", "--subnet=192.168.128.0/17", "test1")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	dockerCmd(c, "network", "rm", "test0")
 	assertNwNotAvailable(c, "test0")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkDriverOptions(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkDriverOptions(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	dockerCmd(c, "network", "create", "-d", dummyNetworkDriver, "-o", "opt1=drv1", "-o", "opt2=drv2", "testopt")
 	assertNwIsAvailable(c, "testopt")
 	gopts := remoteDriverNetworkRequest.Options[netlabel.GenericData]
-	c.Assert(gopts, checker.NotNil)
+	assert.Assert(c, gopts != nil)
 	opts, ok := gopts.(map[string]interface{})
-	c.Assert(ok, checker.Equals, true)
-	c.Assert(opts["opt1"], checker.Equals, "drv1")
-	c.Assert(opts["opt2"], checker.Equals, "drv2")
+	assert.Equal(c, ok, true)
+	assert.Equal(c, opts["opt1"], "drv1")
+	assert.Equal(c, opts["opt2"], "drv2")
 	dockerCmd(c, "network", "rm", "testopt")
 	assertNwNotAvailable(c, "testopt")
 
 }
 
-func (s *DockerNetworkSuite) TestDockerPluginV2NetworkDriver(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerPluginV2NetworkDriver(c *testing.T) {
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
 
 	var (
@@ -789,14 +771,13 @@ func (s *DockerNetworkSuite) TestDockerPluginV2NetworkDriver(c *check.C) {
 		npNameWithTag = npName + ":" + npTag
 	)
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", npNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err := dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, npName)
-	c.Assert(out, checker.Contains, npTag)
-	c.Assert(out, checker.Contains, "true")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, npName))
+	assert.Assert(c, strings.Contains(out, npTag))
+	assert.Assert(c, strings.Contains(out, "true"))
 	dockerCmd(c, "network", "create", "-d", npNameWithTag, "v2net")
 	assertNwIsAvailable(c, "v2net")
 	dockerCmd(c, "network", "rm", "v2net")
@@ -804,8 +785,7 @@ func (s *DockerNetworkSuite) TestDockerPluginV2NetworkDriver(c *check.C) {
 
 }
 
-func (s *DockerDaemonSuite) TestDockerNetworkNoDiscoveryDefaultBridgeNetwork(c *check.C) {
-	testRequires(c, ExecSupport)
+func (s *DockerDaemonSuite) TestDockerNetworkNoDiscoveryDefaultBridgeNetwork(c *testing.T) {
 	// On default bridge network built-in service discovery should not happen
 	hostsFile := "/etc/hosts"
 	bridgeName := "external-bridge"
@@ -818,52 +798,47 @@ func (s *DockerDaemonSuite) TestDockerNetworkNoDiscoveryDefaultBridgeNetwork(c *
 
 	// run two containers and store first container's etc/hosts content
 	out, err := s.d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	cid1 := strings.TrimSpace(out)
 	defer s.d.Cmd("stop", cid1)
 
 	hosts, err := s.d.Cmd("exec", cid1, "cat", hostsFile)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, err = s.d.Cmd("run", "-d", "--name", "container2", "busybox", "top")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	cid2 := strings.TrimSpace(out)
 
 	// verify first container's etc/hosts file has not changed after spawning the second named container
 	hostsPost, err := s.d.Cmd("exec", cid1, "cat", hostsFile)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(hosts), checker.Equals, string(hostsPost),
-		check.Commentf("Unexpected %s change on second container creation", hostsFile))
-
+	assert.NilError(c, err)
+	assert.Equal(c, hosts, hostsPost, fmt.Sprintf("Unexpected %s change on second container creation", hostsFile))
 	// stop container 2 and verify first container's etc/hosts has not changed
 	_, err = s.d.Cmd("stop", cid2)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(hosts), checker.Equals, string(hostsPost),
-		check.Commentf("Unexpected %s change on second container creation", hostsFile))
-
+	assert.NilError(c, err)
+	assert.Equal(c, hosts, hostsPost, fmt.Sprintf("Unexpected %s change on second container creation", hostsFile))
 	// but discovery is on when connecting to non default bridge network
 	network := "anotherbridge"
 	out, err = s.d.Cmd("network", "create", network)
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	defer s.d.Cmd("network", "rm", network)
 
 	out, err = s.d.Cmd("network", "connect", network, cid1)
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	hosts, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(hosts), checker.Equals, string(hostsPost),
-		check.Commentf("Unexpected %s change on second network connection", hostsFile))
+	assert.NilError(c, err)
+	assert.Equal(c, hosts, hostsPost, fmt.Sprintf("Unexpected %s change on second network connection", hostsFile))
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *check.C) {
-	testRequires(c, ExecSupport, NotArm)
+func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *testing.T) {
+	testRequires(c, NotArm)
 	hostsFile := "/etc/hosts"
 	cstmBridgeNw := "custom-bridge-nw"
 	cstmBridgeNw1 := "custom-bridge-nw1"
@@ -882,9 +857,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *check.C) {
 
 	// verify first container etc/hosts file has not changed
 	hosts1post := readContainerFileWithExec(c, cid1, hostsFile)
-	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
-		check.Commentf("Unexpected %s change on anonymous container creation", hostsFile))
-
+	assert.Equal(c, string(hosts1), string(hosts1post), fmt.Sprintf("Unexpected %s change on anonymous container creation", hostsFile))
 	// Connect the 2nd container to a new network and verify the
 	// first container /etc/hosts file still hasn't changed.
 	dockerCmd(c, "network", "create", "-d", "bridge", cstmBridgeNw1)
@@ -894,9 +867,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *check.C) {
 
 	hosts2 := readContainerFileWithExec(c, cid2, hostsFile)
 	hosts1post = readContainerFileWithExec(c, cid1, hostsFile)
-	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
-		check.Commentf("Unexpected %s change on container connect", hostsFile))
-
+	assert.Equal(c, string(hosts1), string(hosts1post), fmt.Sprintf("Unexpected %s change on container connect", hostsFile))
 	// start a named container
 	cName := "AnyName"
 	out, _ = dockerCmd(c, "run", "-d", "--net", cstmBridgeNw, "--name", cName, "busybox", "top")
@@ -909,21 +880,17 @@ func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *check.C) {
 	// Stop named container and verify first two containers' etc/hosts file hasn't changed
 	dockerCmd(c, "stop", cid3)
 	hosts1post = readContainerFileWithExec(c, cid1, hostsFile)
-	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
-		check.Commentf("Unexpected %s change on name container creation", hostsFile))
-
+	assert.Equal(c, string(hosts1), string(hosts1post), fmt.Sprintf("Unexpected %s change on name container creation", hostsFile))
 	hosts2post := readContainerFileWithExec(c, cid2, hostsFile)
-	c.Assert(string(hosts2), checker.Equals, string(hosts2post),
-		check.Commentf("Unexpected %s change on name container creation", hostsFile))
-
+	assert.Equal(c, string(hosts2), string(hosts2post), fmt.Sprintf("Unexpected %s change on name container creation", hostsFile))
 	// verify that container 1 and 2 can't ping the named container now
 	_, _, err := dockerCmdWithError("exec", cid1, "ping", "-c", "1", cName)
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	_, _, err = dockerCmdWithError("exec", cid2, "ping", "-c", "1", cName)
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkLinkOnDefaultNetworkOnly(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkLinkOnDefaultNetworkOnly(c *testing.T) {
 	// Legacy Link feature must work only on default network, and not across networks
 	cnt1 := "container1"
 	cnt2 := "container2"
@@ -942,15 +909,15 @@ func (s *DockerNetworkSuite) TestDockerNetworkLinkOnDefaultNetworkOnly(c *check.
 
 	// Try launching a container on default network, linking to the second container. Must fail
 	_, _, err := dockerCmdWithError("run", "-d", "--link", fmt.Sprintf("%s:%s", cnt2, cnt2), "busybox", "top")
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// Connect second container to default network. Now a container on default network can link to it
 	dockerCmd(c, "network", "connect", "bridge", cnt2)
 	dockerCmd(c, "run", "-d", "--link", fmt.Sprintf("%s:%s", cnt2, cnt2), "busybox", "top")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkOverlayPortMapping(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkOverlayPortMapping(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	// Verify exposed ports are present in ps output when running a container on
 	// a network managed by a driver which does not provide the default gateway
 	// for the container
@@ -971,13 +938,13 @@ func (s *DockerNetworkSuite) TestDockerNetworkOverlayPortMapping(c *check.C) {
 	unpPort2 := fmt.Sprintf("%d/tcp", port2)
 	out, _ := dockerCmd(c, "ps", "-n=1")
 	// Missing unpublished ports in docker ps output
-	c.Assert(out, checker.Contains, unpPort1)
+	assert.Assert(c, strings.Contains(out, unpPort1))
 	// Missing unpublished ports in docker ps output
-	c.Assert(out, checker.Contains, unpPort2)
+	assert.Assert(c, strings.Contains(out, unpPort2))
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *testing.T) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, testEnv.IsLocalDaemon)
 	dnd := "dnd"
 	did := "did"
 
@@ -987,13 +954,13 @@ func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *check.C
 
 	s.d.StartWithBusybox(c)
 	_, err := s.d.Cmd("network", "create", "-d", dnd, "--subnet", "1.1.1.0/24", "net1")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	_, err = s.d.Cmd("run", "-itd", "--net", "net1", "--name", "foo", "--ip", "1.1.1.10", "busybox", "sh")
-	c.Assert(err, checker.IsNil)
+	_, err = s.d.Cmd("run", "-d", "--net", "net1", "--name", "foo", "--ip", "1.1.1.10", "busybox", "top")
+	assert.NilError(c, err)
 
 	// Kill daemon and restart
-	c.Assert(s.d.Kill(), checker.IsNil)
+	assert.Assert(c, s.d.Kill() == nil)
 
 	server.Close()
 
@@ -1013,12 +980,12 @@ func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *check.C
 	setupRemoteNetworkDrivers(c, mux, server.URL, dnd, did)
 
 	// trying to reuse the same ip must succeed
-	_, err = s.d.Cmd("run", "-itd", "--net", "net1", "--name", "bar", "--ip", "1.1.1.10", "busybox", "sh")
-	c.Assert(err, checker.IsNil)
+	_, err = s.d.Cmd("run", "-d", "--net", "net1", "--name", "bar", "--ip", "1.1.1.10", "busybox", "top")
+	assert.NilError(c, err)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkMacInspect(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkMacInspect(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	// Verify endpoint MAC address is correctly populated in container's network settings
 	nwn := "ov"
 	ctn := "bb"
@@ -1029,15 +996,15 @@ func (s *DockerNetworkSuite) TestDockerNetworkMacInspect(c *check.C) {
 	dockerCmd(c, "run", "-d", "--net", nwn, "--name", ctn, "busybox", "top")
 
 	mac := inspectField(c, ctn, "NetworkSettings.Networks."+nwn+".MacAddress")
-	c.Assert(mac, checker.Equals, "a0:b1:c2:d3:e4:f5")
+	assert.Equal(c, mac, "a0:b1:c2:d3:e4:f5")
 }
 
-func (s *DockerSuite) TestInspectAPIMultipleNetworks(c *check.C) {
+func (s *DockerSuite) TestInspectAPIMultipleNetworks(c *testing.T) {
 	dockerCmd(c, "network", "create", "mybridge1")
 	dockerCmd(c, "network", "create", "mybridge2")
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	dockerCmd(c, "network", "connect", "mybridge1", id)
 	dockerCmd(c, "network", "connect", "mybridge2", id)
@@ -1045,46 +1012,46 @@ func (s *DockerSuite) TestInspectAPIMultipleNetworks(c *check.C) {
 	body := getInspectBody(c, "v1.20", id)
 	var inspect120 v1p20.ContainerJSON
 	err := json.Unmarshal(body, &inspect120)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	versionedIP := inspect120.NetworkSettings.IPAddress
 
 	body = getInspectBody(c, "v1.21", id)
 	var inspect121 types.ContainerJSON
 	err = json.Unmarshal(body, &inspect121)
-	c.Assert(err, checker.IsNil)
-	c.Assert(inspect121.NetworkSettings.Networks, checker.HasLen, 3)
+	assert.NilError(c, err)
+	assert.Equal(c, len(inspect121.NetworkSettings.Networks), 3)
 
 	bridge := inspect121.NetworkSettings.Networks["bridge"]
-	c.Assert(bridge.IPAddress, checker.Equals, versionedIP)
-	c.Assert(bridge.IPAddress, checker.Equals, inspect121.NetworkSettings.IPAddress)
+	assert.Equal(c, bridge.IPAddress, versionedIP)
+	assert.Equal(c, bridge.IPAddress, inspect121.NetworkSettings.IPAddress)
 }
 
-func connectContainerToNetworks(c *check.C, d *daemon.Daemon, cName string, nws []string) {
+func connectContainerToNetworks(c *testing.T, d *daemon.Daemon, cName string, nws []string) {
 	// Run a container on the default network
 	out, err := d.Cmd("run", "-d", "--name", cName, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Attach the container to other networks
 	for _, nw := range nws {
 		out, err = d.Cmd("network", "create", nw)
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 		out, err = d.Cmd("network", "connect", nw, cName)
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 	}
 }
 
-func verifyContainerIsConnectedToNetworks(c *check.C, d *daemon.Daemon, cName string, nws []string) {
+func verifyContainerIsConnectedToNetworks(c *testing.T, d *daemon.Daemon, cName string, nws []string) {
 	// Verify container is connected to all the networks
 	for _, nw := range nws {
 		out, err := d.Cmd("inspect", "-f", fmt.Sprintf("{{.NetworkSettings.Networks.%s}}", nw), cName)
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-		c.Assert(out, checker.Not(checker.Equals), "<no value>\n")
+		assert.NilError(c, err, out)
+		assert.Assert(c, out != "<no value>\n")
 	}
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksGracefulDaemonRestart(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksGracefulDaemonRestart(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	cName := "bb"
 	nwList := []string{"nw1", "nw2", "nw3"}
 
@@ -1097,13 +1064,13 @@ func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksGracefulDaemonRest
 	s.d.Restart(c)
 
 	_, err := s.d.Cmd("start", cName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksUngracefulDaemonRestart(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksUngracefulDaemonRestart(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	cName := "cc"
 	nwList := []string{"nw1", "nw2", "nw3"}
 
@@ -1113,83 +1080,83 @@ func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksUngracefulDaemonRe
 	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
 
 	// Kill daemon and restart
-	c.Assert(s.d.Kill(), checker.IsNil)
+	assert.Assert(c, s.d.Kill() == nil)
 	s.d.Restart(c)
 
 	// Restart container
 	_, err := s.d.Cmd("start", cName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkRunNetByID(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkRunNetByID(c *testing.T) {
 	out, _ := dockerCmd(c, "network", "create", "one")
 	containerOut, _, err := dockerCmdWithError("run", "-d", "--net", strings.TrimSpace(out), "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf(containerOut))
+	assert.Assert(c, err == nil, containerOut)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkHostModeUngracefulDaemonRestart(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkHostModeUngracefulDaemonRestart(c *testing.T) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, testEnv.IsLocalDaemon)
 	s.d.StartWithBusybox(c)
 
 	// Run a few containers on host network
 	for i := 0; i < 10; i++ {
 		cName := fmt.Sprintf("hostc-%d", i)
 		out, err := s.d.Cmd("run", "-d", "--name", cName, "--net=host", "--restart=always", "busybox", "top")
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 
 		// verify container has finished starting before killing daemon
 		err = s.d.WaitRun(cName)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	}
 
 	// Kill daemon ungracefully and restart
-	c.Assert(s.d.Kill(), checker.IsNil)
+	assert.Assert(c, s.d.Kill() == nil)
 	s.d.Restart(c)
 
 	// make sure all the containers are up and running
 	for i := 0; i < 10; i++ {
 		err := s.d.WaitRun(fmt.Sprintf("hostc-%d", i))
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	}
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectToHostFromOtherNetwork(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectToHostFromOtherNetwork(c *testing.T) {
 	dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
-	c.Assert(waitRun("container1"), check.IsNil)
+	assert.Assert(c, waitRun("container1") == nil)
 	dockerCmd(c, "network", "disconnect", "bridge", "container1")
 	out, _, err := dockerCmdWithError("network", "connect", "host", "container1")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetwork.Error())
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictHostNetwork.Error()))
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromHost(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromHost(c *testing.T) {
 	dockerCmd(c, "run", "-d", "--name", "container1", "--net=host", "busybox", "top")
-	c.Assert(waitRun("container1"), check.IsNil)
+	assert.Assert(c, waitRun("container1") == nil)
 	out, _, err := dockerCmdWithError("network", "disconnect", "host", "container1")
-	c.Assert(err, checker.NotNil, check.Commentf("Should err out disconnect from host"))
-	c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetwork.Error())
+	assert.Assert(c, err != nil, "Should err out disconnect from host")
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictHostNetwork.Error()))
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectWithPortMapping(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectWithPortMapping(c *testing.T) {
 	testRequires(c, NotArm)
 	dockerCmd(c, "network", "create", "test1")
 	dockerCmd(c, "run", "-d", "--name", "c1", "-p", "5000:5000", "busybox", "top")
-	c.Assert(waitRun("c1"), check.IsNil)
+	assert.Assert(c, waitRun("c1") == nil)
 	dockerCmd(c, "network", "connect", "test1", "c1")
 }
 
-func verifyPortMap(c *check.C, container, port, originalMapping string, mustBeEqual bool) {
-	chk := checker.Equals
-	if !mustBeEqual {
-		chk = checker.Not(checker.Equals)
-	}
+func verifyPortMap(c *testing.T, container, port, originalMapping string, mustBeEqual bool) {
 	currentMapping, _ := dockerCmd(c, "port", container, port)
-	c.Assert(currentMapping, chk, originalMapping)
+	if mustBeEqual {
+		assert.Equal(c, currentMapping, originalMapping)
+	} else {
+		assert.Assert(c, currentMapping != originalMapping)
+	}
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectWithPortMapping(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectWithPortMapping(c *testing.T) {
 	// Connect and disconnect a container with explicit and non-explicit
 	// host port mapping to/from networks which do cause and do not cause
 	// the container default gateway to change, and verify docker port cmd
@@ -1200,7 +1167,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectWithPortMapping(c
 	dockerCmd(c, "network", "create", "ccc")
 
 	dockerCmd(c, "run", "-d", "--name", cnt, "-p", "9000:90", "-p", "70", "busybox", "top")
-	c.Assert(waitRun(cnt), check.IsNil)
+	assert.Assert(c, waitRun(cnt) == nil)
 	curPortMap, _ := dockerCmd(c, "port", cnt, "70")
 	curExplPortMap, _ := dockerCmd(c, "port", cnt, "90")
 
@@ -1226,51 +1193,49 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectWithPortMapping(c
 	verifyPortMap(c, cnt, "90", curExplPortMap, true)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectWithMac(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectWithMac(c *testing.T) {
 	macAddress := "02:42:ac:11:00:02"
 	dockerCmd(c, "network", "create", "mynetwork")
 	dockerCmd(c, "run", "--name=test", "-d", "--mac-address", macAddress, "busybox", "top")
-	c.Assert(waitRun("test"), check.IsNil)
+	assert.Assert(c, waitRun("test") == nil)
 	mac1 := inspectField(c, "test", "NetworkSettings.Networks.bridge.MacAddress")
-	c.Assert(strings.TrimSpace(mac1), checker.Equals, macAddress)
+	assert.Equal(c, strings.TrimSpace(mac1), macAddress)
 	dockerCmd(c, "network", "connect", "mynetwork", "test")
 	mac2 := inspectField(c, "test", "NetworkSettings.Networks.mynetwork.MacAddress")
-	c.Assert(strings.TrimSpace(mac2), checker.Not(checker.Equals), strings.TrimSpace(mac1))
+	assert.Assert(c, strings.TrimSpace(mac2) != strings.TrimSpace(mac1))
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkInspectCreatedContainer(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkInspectCreatedContainer(c *testing.T) {
 	dockerCmd(c, "create", "--name", "test", "busybox")
 	networks := inspectField(c, "test", "NetworkSettings.Networks")
-	c.Assert(networks, checker.Contains, "bridge", check.Commentf("Should return 'bridge' network"))
+	assert.Assert(c, strings.Contains(networks, "bridge"), "Should return 'bridge' network")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkRestartWithMultipleNetworks(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkRestartWithMultipleNetworks(c *testing.T) {
 	dockerCmd(c, "network", "create", "test")
 	dockerCmd(c, "run", "--name=foo", "-d", "busybox", "top")
-	c.Assert(waitRun("foo"), checker.IsNil)
+	assert.Assert(c, waitRun("foo") == nil)
 	dockerCmd(c, "network", "connect", "test", "foo")
 	dockerCmd(c, "restart", "foo")
 	networks := inspectField(c, "foo", "NetworkSettings.Networks")
-	c.Assert(networks, checker.Contains, "bridge", check.Commentf("Should contain 'bridge' network"))
-	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
+	assert.Assert(c, strings.Contains(networks, "bridge"), "Should contain 'bridge' network")
+	assert.Assert(c, strings.Contains(networks, "test"), "Should contain 'test' network")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectToStoppedContainer(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectToStoppedContainer(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	dockerCmd(c, "network", "create", "test")
 	dockerCmd(c, "create", "--name=foo", "busybox", "top")
 	dockerCmd(c, "network", "connect", "test", "foo")
 	networks := inspectField(c, "foo", "NetworkSettings.Networks")
-	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
-
+	assert.Assert(c, strings.Contains(networks, "test"), "Should contain 'test' network")
 	// Restart docker daemon to test the config has persisted to disk
 	s.d.Restart(c)
 	networks = inspectField(c, "foo", "NetworkSettings.Networks")
-	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
-
+	assert.Assert(c, strings.Contains(networks, "test"), "Should contain 'test' network")
 	// start the container and test if we can ping it from another container in the same network
 	dockerCmd(c, "start", "foo")
-	c.Assert(waitRun("foo"), checker.IsNil)
+	assert.Assert(c, waitRun("foo") == nil)
 	ip := inspectField(c, "foo", "NetworkSettings.Networks.test.IPAddress")
 	ip = strings.TrimSpace(ip)
 	dockerCmd(c, "run", "--net=test", "busybox", "sh", "-c", fmt.Sprintf("ping -c 1 %s", ip))
@@ -1280,21 +1245,18 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectToStoppedContaine
 	// Test disconnect
 	dockerCmd(c, "network", "disconnect", "test", "foo")
 	networks = inspectField(c, "foo", "NetworkSettings.Networks")
-	c.Assert(networks, checker.Not(checker.Contains), "test", check.Commentf("Should not contain 'test' network"))
-
+	assert.Assert(c, !strings.Contains(networks, "test"), "Should not contain 'test' network")
 	// Restart docker daemon to test the config has persisted to disk
 	s.d.Restart(c)
 	networks = inspectField(c, "foo", "NetworkSettings.Networks")
-	c.Assert(networks, checker.Not(checker.Contains), "test", check.Commentf("Should not contain 'test' network"))
-
+	assert.Assert(c, !strings.Contains(networks, "test"), "Should not contain 'test' network")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkDisconnectContainerNonexistingNetwork(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkDisconnectContainerNonexistingNetwork(c *testing.T) {
 	dockerCmd(c, "network", "create", "test")
 	dockerCmd(c, "run", "--net=test", "-d", "--name=foo", "busybox", "top")
 	networks := inspectField(c, "foo", "NetworkSettings.Networks")
-	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
-
+	assert.Assert(c, strings.Contains(networks, "test"), "Should contain 'test' network")
 	// Stop container and remove network
 	dockerCmd(c, "stop", "foo")
 	dockerCmd(c, "network", "rm", "test")
@@ -1302,10 +1264,10 @@ func (s *DockerNetworkSuite) TestDockerNetworkDisconnectContainerNonexistingNetw
 	// Test disconnecting stopped container from nonexisting network
 	dockerCmd(c, "network", "disconnect", "-f", "test", "foo")
 	networks = inspectField(c, "foo", "NetworkSettings.Networks")
-	c.Assert(networks, checker.Not(checker.Contains), "test", check.Commentf("Should not contain 'test' network"))
+	assert.Assert(c, !strings.Contains(networks, "test"), "Should not contain 'test' network")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIP(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIP(c *testing.T) {
 	// create two networks
 	dockerCmd(c, "network", "create", "--ipv6", "--subnet=172.28.0.0/16", "--subnet=2001:db8:1234::/64", "n0")
 	assertNwIsAvailable(c, "n0")
@@ -1315,7 +1277,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIP(c *check.C) {
 
 	// run a container on first network specifying the ip addresses
 	dockerCmd(c, "run", "-d", "--name", "c0", "--net=n0", "--ip", "172.28.99.88", "--ip6", "2001:db8:1234::9988", "busybox", "top")
-	c.Assert(waitRun("c0"), check.IsNil)
+	assert.Assert(c, waitRun("c0") == nil)
 	verifyIPAddressConfig(c, "c0", "n0", "172.28.99.88", "2001:db8:1234::9988")
 	verifyIPAddresses(c, "c0", "n0", "172.28.99.88", "2001:db8:1234::9988")
 
@@ -1336,12 +1298,11 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIP(c *check.C) {
 
 	// Still it should fail to connect to the default network with a specified IP (whatever ip)
 	out, _, err := dockerCmdWithError("network", "connect", "--ip", "172.21.55.44", "bridge", "c0")
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
-	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndIP.Error())
-
+	assert.Assert(c, err != nil, "out: %s", out)
+	assert.Assert(c, strings.Contains(out, runconfig.ErrUnsupportedNetworkAndIP.Error()))
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIPStoppedContainer(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIPStoppedContainer(c *testing.T) {
 	// create a container
 	dockerCmd(c, "create", "--name", "c0", "busybox", "top")
 
@@ -1355,7 +1316,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIPStoppedContainer
 
 	// start the container, verify config has not changed and ip addresses are assigned
 	dockerCmd(c, "start", "c0")
-	c.Assert(waitRun("c0"), check.IsNil)
+	assert.Assert(c, waitRun("c0") == nil)
 	verifyIPAddressConfig(c, "c0", "n0", "172.30.55.44", "2001:db8:abcd::5544")
 	verifyIPAddresses(c, "c0", "n0", "172.30.55.44", "2001:db8:abcd::5544")
 
@@ -1364,7 +1325,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIPStoppedContainer
 	verifyIPAddressConfig(c, "c0", "n0", "172.30.55.44", "2001:db8:abcd::5544")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkUnsupportedRequiredIP(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkUnsupportedRequiredIP(c *testing.T) {
 	// requested IP is not supported on predefined networks
 	for _, mode := range []string{"none", "host", "bridge", "default"} {
 		checkUnsupportedNetworkAndIP(c, mode)
@@ -1375,72 +1336,70 @@ func (s *DockerNetworkSuite) TestDockerNetworkUnsupportedRequiredIP(c *check.C)
 	assertNwIsAvailable(c, "n0")
 
 	out, _, err := dockerCmdWithError("run", "-d", "--ip", "172.28.99.88", "--net", "n0", "busybox", "top")
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
-	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkNoSubnetAndIP.Error())
-
+	assert.Assert(c, err != nil, "out: %s", out)
+	assert.Assert(c, strings.Contains(out, runconfig.ErrUnsupportedNetworkNoSubnetAndIP.Error()))
 	out, _, err = dockerCmdWithError("run", "-d", "--ip6", "2001:db8:1234::9988", "--net", "n0", "busybox", "top")
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
-	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkNoSubnetAndIP.Error())
-
+	assert.Assert(c, err != nil, "out: %s", out)
+	assert.Assert(c, strings.Contains(out, runconfig.ErrUnsupportedNetworkNoSubnetAndIP.Error()))
 	dockerCmd(c, "network", "rm", "n0")
 	assertNwNotAvailable(c, "n0")
 }
 
-func checkUnsupportedNetworkAndIP(c *check.C, nwMode string) {
+func checkUnsupportedNetworkAndIP(c *testing.T, nwMode string) {
 	out, _, err := dockerCmdWithError("run", "-d", "--net", nwMode, "--ip", "172.28.99.88", "--ip6", "2001:db8:1234::9988", "busybox", "top")
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
-	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndIP.Error())
+	assert.Assert(c, err != nil, "out: %s", out)
+	assert.Assert(c, strings.Contains(out, runconfig.ErrUnsupportedNetworkAndIP.Error()))
 }
 
-func verifyIPAddressConfig(c *check.C, cName, nwname, ipv4, ipv6 string) {
+func verifyIPAddressConfig(c *testing.T, cName, nwname, ipv4, ipv6 string) {
 	if ipv4 != "" {
 		out := inspectField(c, cName, fmt.Sprintf("NetworkSettings.Networks.%s.IPAMConfig.IPv4Address", nwname))
-		c.Assert(strings.TrimSpace(out), check.Equals, ipv4)
+		assert.Equal(c, strings.TrimSpace(out), ipv4)
 	}
 
 	if ipv6 != "" {
 		out := inspectField(c, cName, fmt.Sprintf("NetworkSettings.Networks.%s.IPAMConfig.IPv6Address", nwname))
-		c.Assert(strings.TrimSpace(out), check.Equals, ipv6)
+		assert.Equal(c, strings.TrimSpace(out), ipv6)
 	}
 }
 
-func verifyIPAddresses(c *check.C, cName, nwname, ipv4, ipv6 string) {
+func verifyIPAddresses(c *testing.T, cName, nwname, ipv4, ipv6 string) {
 	out := inspectField(c, cName, fmt.Sprintf("NetworkSettings.Networks.%s.IPAddress", nwname))
-	c.Assert(strings.TrimSpace(out), check.Equals, ipv4)
+	assert.Equal(c, strings.TrimSpace(out), ipv4)
 
 	out = inspectField(c, cName, fmt.Sprintf("NetworkSettings.Networks.%s.GlobalIPv6Address", nwname))
-	c.Assert(strings.TrimSpace(out), check.Equals, ipv6)
+	assert.Equal(c, strings.TrimSpace(out), ipv6)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectLinkLocalIP(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectLinkLocalIP(c *testing.T) {
 	// create one test network
 	dockerCmd(c, "network", "create", "--ipv6", "--subnet=2001:db8:1234::/64", "n0")
 	assertNwIsAvailable(c, "n0")
 
 	// run a container with incorrect link-local address
-	_, _, err := dockerCmdWithError("run", "--link-local-ip", "169.253.5.5", "busybox", "top")
-	c.Assert(err, check.NotNil)
-	_, _, err = dockerCmdWithError("run", "--link-local-ip", "2001:db8::89", "busybox", "top")
-	c.Assert(err, check.NotNil)
+	_, _, err := dockerCmdWithError("run", "--link-local-ip", "169.253.5.5", "busybox", "true")
+	assert.ErrorContains(c, err, "")
+	_, _, err = dockerCmdWithError("run", "--link-local-ip", "2001:db8::89", "busybox", "true")
+	assert.ErrorContains(c, err, "")
 
 	// run two containers with link-local ip on the test network
 	dockerCmd(c, "run", "-d", "--name", "c0", "--net=n0", "--link-local-ip", "169.254.7.7", "--link-local-ip", "fe80::254:77", "busybox", "top")
-	c.Assert(waitRun("c0"), check.IsNil)
+	assert.Assert(c, waitRun("c0") == nil)
 	dockerCmd(c, "run", "-d", "--name", "c1", "--net=n0", "--link-local-ip", "169.254.8.8", "--link-local-ip", "fe80::254:88", "busybox", "top")
-	c.Assert(waitRun("c1"), check.IsNil)
+	assert.Assert(c, waitRun("c1") == nil)
 
 	// run a container on the default network and connect it to the test network specifying a link-local address
 	dockerCmd(c, "run", "-d", "--name", "c2", "busybox", "top")
-	c.Assert(waitRun("c2"), check.IsNil)
+	assert.Assert(c, waitRun("c2") == nil)
 	dockerCmd(c, "network", "connect", "--link-local-ip", "169.254.9.9", "n0", "c2")
 
 	// verify the three containers can ping each other via the link-local addresses
 	_, _, err = dockerCmdWithError("exec", "c0", "ping", "-c", "1", "169.254.8.8")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "c1", "ping", "-c", "1", "169.254.9.9")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "c2", "ping", "-c", "1", "169.254.7.7")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// Stop and restart the three containers
 	dockerCmd(c, "stop", "c0")
@@ -1452,32 +1411,32 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectLinkLocalIP(c *check.C) {
 
 	// verify the ping again
 	_, _, err = dockerCmdWithError("exec", "c0", "ping", "-c", "1", "169.254.8.8")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "c1", "ping", "-c", "1", "169.254.9.9")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "c2", "ping", "-c", "1", "169.254.7.7")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectLink(c *check.C) {
+func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectLink(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	dockerCmd(c, "network", "create", "-d", "bridge", "foo1")
 	dockerCmd(c, "network", "create", "-d", "bridge", "foo2")
 
 	dockerCmd(c, "run", "-d", "--net=foo1", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	// run a container in a user-defined network with a link for an existing container
 	// and a link for a container that doesn't exist
 	dockerCmd(c, "run", "-d", "--net=foo1", "--name=second", "--link=first:FirstInFoo1",
 		"--link=third:bar", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// ping to first and its alias FirstInFoo1 must succeed
 	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "FirstInFoo1")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// connect first container to foo2 network
 	dockerCmd(c, "network", "connect", "foo2", "first")
@@ -1486,21 +1445,21 @@ func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectLink(c *check.C) {
 
 	// ping the new alias in network foo2
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "FirstInFoo2")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// disconnect first container from foo1 network
 	dockerCmd(c, "network", "disconnect", "foo1", "first")
 
 	// link in foo1 network must fail
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "FirstInFoo1")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// link in foo2 network must succeed
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "FirstInFoo2")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkDisconnectDefault(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkDisconnectDefault(c *testing.T) {
 	netWorkName1 := "test1"
 	netWorkName2 := "test2"
 	containerName := "foo"
@@ -1513,14 +1472,14 @@ func (s *DockerNetworkSuite) TestDockerNetworkDisconnectDefault(c *check.C) {
 	dockerCmd(c, "network", "disconnect", "bridge", containerName)
 
 	dockerCmd(c, "start", containerName)
-	c.Assert(waitRun(containerName), checker.IsNil)
+	assert.Assert(c, waitRun(containerName) == nil)
 	networks := inspectField(c, containerName, "NetworkSettings.Networks")
-	c.Assert(networks, checker.Contains, netWorkName1, check.Commentf(fmt.Sprintf("Should contain '%s' network", netWorkName1)))
-	c.Assert(networks, checker.Contains, netWorkName2, check.Commentf(fmt.Sprintf("Should contain '%s' network", netWorkName2)))
-	c.Assert(networks, checker.Not(checker.Contains), "bridge", check.Commentf("Should not contain 'bridge' network"))
+	assert.Assert(c, strings.Contains(networks, netWorkName1), fmt.Sprintf("Should contain '%s' network", netWorkName1))
+	assert.Assert(c, strings.Contains(networks, netWorkName2), fmt.Sprintf("Should contain '%s' network", netWorkName2))
+	assert.Assert(c, !strings.Contains(networks, "bridge"), "Should not contain 'bridge' network")
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkConnectWithAliasOnDefaultNetworks(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkConnectWithAliasOnDefaultNetworks(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 
 	defaults := []string{"bridge", "host", "none"}
@@ -1528,31 +1487,31 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectWithAliasOnDefaultNetworks(
 	containerID := strings.TrimSpace(out)
 	for _, net := range defaults {
 		res, _, err := dockerCmdWithError("network", "connect", "--alias", "alias"+net, net, containerID)
-		c.Assert(err, checker.NotNil)
-		c.Assert(res, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
+		assert.ErrorContains(c, err, "")
+		assert.Assert(c, strings.Contains(res, runconfig.ErrUnsupportedNetworkAndAlias.Error()))
 	}
 }
 
-func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectAlias(c *check.C) {
+func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectAlias(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	dockerCmd(c, "network", "create", "-d", "bridge", "net1")
 	dockerCmd(c, "network", "create", "-d", "bridge", "net2")
 
 	cid, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=first", "--net-alias=foo", "busybox:glibc", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	dockerCmd(c, "run", "-d", "--net=net1", "--name=second", "busybox:glibc", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// ping first container and its alias
 	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// ping first container's short-id alias
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", stringid.TruncateID(cid))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// connect first container to net2 network
 	dockerCmd(c, "network", "connect", "--alias=bar", "net2", "first")
@@ -1561,98 +1520,97 @@ func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectAlias(c *check.C) {
 
 	// ping the new alias in network foo2
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "bar")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// disconnect first container from net1 network
 	dockerCmd(c, "network", "disconnect", "net1", "first")
 
 	// ping to net1 scoped alias "foo" must fail
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// ping to net2 scoped alias "bar" must still succeed
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "bar")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	// ping to net2 scoped alias short-id must still succeed
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", stringid.TruncateID(cid))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// verify the alias option is rejected when running on predefined network
-	out, _, err := dockerCmdWithError("run", "--rm", "--name=any", "--net-alias=any", "busybox:glibc", "top")
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
-	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
-
+	out, _, err := dockerCmdWithError("run", "--rm", "--name=any", "--net-alias=any", "busybox:glibc", "true")
+	assert.Assert(c, err != nil, "out: %s", out)
+	assert.Assert(c, strings.Contains(out, runconfig.ErrUnsupportedNetworkAndAlias.Error()))
 	// verify the alias option is rejected when connecting to predefined network
 	out, _, err = dockerCmdWithError("network", "connect", "--alias=any", "bridge", "first")
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
-	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
+	assert.Assert(c, err != nil, "out: %s", out)
+	assert.Assert(c, strings.Contains(out, runconfig.ErrUnsupportedNetworkAndAlias.Error()))
 }
 
-func (s *DockerSuite) TestUserDefinedNetworkConnectivity(c *check.C) {
+func (s *DockerSuite) TestUserDefinedNetworkConnectivity(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	dockerCmd(c, "network", "create", "-d", "bridge", "br.net1")
 
 	dockerCmd(c, "run", "-d", "--net=br.net1", "--name=c1.net1", "busybox:glibc", "top")
-	c.Assert(waitRun("c1.net1"), check.IsNil)
+	assert.Assert(c, waitRun("c1.net1") == nil)
 
 	dockerCmd(c, "run", "-d", "--net=br.net1", "--name=c2.net1", "busybox:glibc", "top")
-	c.Assert(waitRun("c2.net1"), check.IsNil)
+	assert.Assert(c, waitRun("c2.net1") == nil)
 
 	// ping first container by its unqualified name
 	_, _, err := dockerCmdWithError("exec", "c2.net1", "ping", "-c", "1", "c1.net1")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// ping first container by its qualified name
 	_, _, err = dockerCmdWithError("exec", "c2.net1", "ping", "-c", "1", "c1.net1.br.net1")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// ping with first qualified name masked by an additional domain. should fail
 	_, _, err = dockerCmdWithError("exec", "c2.net1", "ping", "-c", "1", "c1.net1.br.net1.google.com")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
-func (s *DockerSuite) TestEmbeddedDNSInvalidInput(c *check.C) {
+func (s *DockerSuite) TestEmbeddedDNSInvalidInput(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	dockerCmd(c, "network", "create", "-d", "bridge", "nw1")
 
 	// Sending garbage to embedded DNS shouldn't crash the daemon
-	dockerCmd(c, "run", "-i", "--net=nw1", "--name=c1", "debian:jessie", "bash", "-c", "echo InvalidQuery > /dev/udp/127.0.0.11/53")
+	dockerCmd(c, "run", "-i", "--net=nw1", "--name=c1", "debian:bullseye-slim", "bash", "-c", "echo InvalidQuery > /dev/udp/127.0.0.11/53")
 }
 
-func (s *DockerSuite) TestDockerNetworkConnectFailsNoInspectChange(c *check.C) {
+func (s *DockerSuite) TestDockerNetworkConnectFailsNoInspectChange(c *testing.T) {
 	dockerCmd(c, "run", "-d", "--name=bb", "busybox", "top")
-	c.Assert(waitRun("bb"), check.IsNil)
+	assert.Assert(c, waitRun("bb") == nil)
 	defer dockerCmd(c, "stop", "bb")
 
 	ns0 := inspectField(c, "bb", "NetworkSettings.Networks.bridge")
 
 	// A failing redundant network connect should not alter current container's endpoint settings
 	_, _, err := dockerCmdWithError("network", "connect", "bridge", "bb")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	ns1 := inspectField(c, "bb", "NetworkSettings.Networks.bridge")
-	c.Assert(ns1, check.Equals, ns0)
+	assert.Equal(c, ns1, ns0)
 }
 
-func (s *DockerSuite) TestDockerNetworkInternalMode(c *check.C) {
+func (s *DockerSuite) TestDockerNetworkInternalMode(c *testing.T) {
 	dockerCmd(c, "network", "create", "--driver=bridge", "--internal", "internal")
 	assertNwIsAvailable(c, "internal")
 	nr := getNetworkResource(c, "internal")
-	c.Assert(nr.Internal, checker.True)
+	assert.Assert(c, nr.Internal)
 
 	dockerCmd(c, "run", "-d", "--net=internal", "--name=first", "busybox:glibc", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 	dockerCmd(c, "run", "-d", "--net=internal", "--name=second", "busybox:glibc", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 	out, _, err := dockerCmdWithError("exec", "first", "ping", "-W", "4", "-c", "1", "8.8.8.8")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "100% packet loss")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "100% packet loss"))
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
 // Test for #21401
-func (s *DockerNetworkSuite) TestDockerNetworkCreateDeleteSpecialCharacters(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkCreateDeleteSpecialCharacters(c *testing.T) {
 	dockerCmd(c, "network", "create", "test@#$")
 	assertNwIsAvailable(c, "test@#$")
 	dockerCmd(c, "network", "rm", "test@#$")
@@ -1664,8 +1622,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkCreateDeleteSpecialCharacters(c *c
 	assertNwNotAvailable(c, "kiwl$%^")
 }
 
-func (s *DockerDaemonSuite) TestDaemonRestartRestoreBridgeNetwork(t *check.C) {
-	testRequires(t, DaemonIsLinux)
+func (s *DockerDaemonSuite) TestDaemonRestartRestoreBridgeNetwork(t *testing.T) {
 	s.d.StartWithBusybox(t, "--live-restore")
 	defer s.d.Stop(t)
 	oldCon := "old"
@@ -1726,7 +1683,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartRestoreBridgeNetwork(t *check.C) {
 	// Cleanup because these containers will not be shut down by daemon
 	out, err = s.d.Cmd("stop", newCon)
 	if err != nil {
-		t.Fatalf("err: %v %v", err, string(out))
+		t.Fatalf("err: %v %v", err, out)
 	}
 	_, err = s.d.Cmd("stop", strings.TrimSpace(id))
 	if err != nil {
@@ -1734,43 +1691,41 @@ func (s *DockerDaemonSuite) TestDaemonRestartRestoreBridgeNetwork(t *check.C) {
 	}
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkFlagAlias(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkFlagAlias(c *testing.T) {
 	dockerCmd(c, "network", "create", "user")
 	output, status := dockerCmd(c, "run", "--rm", "--network=user", "--network-alias=foo", "busybox", "true")
-	c.Assert(status, checker.Equals, 0, check.Commentf("unexpected status code %d (%s)", status, output))
-
-	output, status, _ = dockerCmdWithError("run", "--rm", "--net=user", "--network=user", "busybox", "true")
-	c.Assert(status, checker.Equals, 0, check.Commentf("unexpected status code %d (%s)", status, output))
+	assert.Equal(c, status, 0, fmt.Sprintf("unexpected status code %d (%s)", status, output))
 
 	output, status, _ = dockerCmdWithError("run", "--rm", "--network=user", "--net-alias=foo", "--network-alias=bar", "busybox", "true")
-	c.Assert(status, checker.Equals, 0, check.Commentf("unexpected status code %d (%s)", status, output))
+	assert.Equal(c, status, 0, fmt.Sprintf("unexpected status code %d (%s)", status, output))
 }
 
-func (s *DockerNetworkSuite) TestDockerNetworkValidateIP(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkValidateIP(c *testing.T) {
 	_, _, err := dockerCmdWithError("network", "create", "--ipv6", "--subnet=172.28.0.0/16", "--subnet=2001:db8:1234::/64", "mynet")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	assertNwIsAvailable(c, "mynet")
 
 	_, _, err = dockerCmdWithError("run", "-d", "--name", "mynet0", "--net=mynet", "--ip", "172.28.99.88", "--ip6", "2001:db8:1234::9988", "busybox", "top")
-	c.Assert(err, check.IsNil)
-	c.Assert(waitRun("mynet0"), check.IsNil)
+	assert.NilError(c, err)
+	assert.Assert(c, waitRun("mynet0") == nil)
 	verifyIPAddressConfig(c, "mynet0", "mynet", "172.28.99.88", "2001:db8:1234::9988")
 	verifyIPAddresses(c, "mynet0", "mynet", "172.28.99.88", "2001:db8:1234::9988")
 
 	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "mynet_ip", "--ip6", "2001:db8:1234::9999", "busybox", "top")
-	c.Assert(err.Error(), checker.Contains, "invalid IPv4 address")
+	assert.ErrorContains(c, err, "invalid IPv4 address")
 	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "172.28.99.99", "--ip6", "mynet_ip6", "busybox", "top")
-	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
+	assert.ErrorContains(c, err, "invalid IPv6 address")
+
 	// This is a case of IPv4 address to `--ip6`
 	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "172.28.99.99", "busybox", "top")
-	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
+	assert.ErrorContains(c, err, "invalid IPv6 address")
 	// This is a special case of an IPv4-mapped IPv6 address
 	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "::ffff:172.28.99.99", "busybox", "top")
-	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
+	assert.ErrorContains(c, err, "invalid IPv6 address")
 }
 
 // Test case for 26220
-func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromBridge(c *check.C) {
+func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromBridge(c *testing.T) {
 	out, _ := dockerCmd(c, "network", "inspect", "--format", "{{.Id}}", "bridge")
 
 	network := strings.TrimSpace(out)
@@ -1779,29 +1734,29 @@ func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromBridge(c *check.C) {
 	dockerCmd(c, "create", "--name", name, "busybox", "top")
 
 	_, _, err := dockerCmdWithError("network", "disconnect", network, name)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
 // TestConntrackFlowsLeak covers the failure scenario of ticket: https://github.com/docker/docker/issues/8795
 // Validates that conntrack is correctly cleaned once a container is destroyed
-func (s *DockerNetworkSuite) TestConntrackFlowsLeak(c *check.C) {
-	testRequires(c, IsAmd64, DaemonIsLinux, Network, SameHostDaemon)
+func (s *DockerNetworkSuite) TestConntrackFlowsLeak(c *testing.T) {
+	testRequires(c, IsAmd64, DaemonIsLinux, Network, testEnv.IsLocalDaemon)
 
 	// Create a new network
 	cli.DockerCmd(c, "network", "create", "--subnet=192.168.10.0/24", "--gateway=192.168.10.1", "-o", "com.docker.network.bridge.host_binding_ipv4=192.168.10.1", "testbind")
 	assertNwIsAvailable(c, "testbind")
 
 	// Launch the server, this will remain listening on an exposed port and reply to any request in a ping/pong fashion
-	cmd := "while true; do echo hello | nc -w 1 -lu 8080; done"
-	cli.DockerCmd(c, "run", "-d", "--name", "server", "--net", "testbind", "-p", "8080:8080/udp", "appropriate/nc", "sh", "-c", cmd)
+	cmd := "while true; do echo hello | nc -w 1 -l -u -p 8080; done"
+	cli.DockerCmd(c, "run", "-d", "--name", "server", "--net", "testbind", "-p", "8080:8080/udp", "busybox", "sh", "-c", cmd)
 
 	// Launch a container client, here the objective is to create a flow that is natted in order to expose the bug
-	cmd = "echo world | nc -q 1 -u 192.168.10.1 8080"
-	cli.DockerCmd(c, "run", "-d", "--name", "client", "--net=host", "appropriate/nc", "sh", "-c", cmd)
+	cmd = "echo world | nc -w 1 -u 192.168.10.1 8080"
+	cli.DockerCmd(c, "run", "-d", "--name", "client", "--net=host", "busybox", "sh", "-c", cmd)
 
 	// Get all the flows using netlink
 	flows, err := netlink.ConntrackTableList(netlink.ConntrackTable, unix.AF_INET)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	var flowMatch int
 	for _, flow := range flows {
 		// count only the flows that we are interested in, skipping others that can be laying around the host
@@ -1812,14 +1767,14 @@ func (s *DockerNetworkSuite) TestConntrackFlowsLeak(c *check.C) {
 		}
 	}
 	// The client should have created only 1 flow
-	c.Assert(flowMatch, checker.Equals, 1)
+	assert.Equal(c, flowMatch, 1)
 
 	// Now delete the server, this will trigger the conntrack cleanup
 	cli.DockerCmd(c, "rm", "-fv", "server")
 
 	// Fetch again all the flows and validate that there is no server flow in the conntrack laying around
 	flows, err = netlink.ConntrackTableList(netlink.ConntrackTable, unix.AF_INET)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	flowMatch = 0
 	for _, flow := range flows {
 		if flow.Forward.Protocol == unix.IPPROTO_UDP &&
@@ -1829,5 +1784,5 @@ func (s *DockerNetworkSuite) TestConntrackFlowsLeak(c *check.C) {
 		}
 	}
 	// All the flows have to be gone
-	c.Assert(flowMatch, checker.Equals, 0)
+	assert.Equal(c, flowMatch, 0)
 }
diff --git a/integration-cli/docker_cli_plugins_logdriver_test.go b/integration-cli/docker_cli_plugins_logdriver_test.go
index 7d1ffcb632a5f..0c521ade7cf06 100644
--- a/integration-cli/docker_cli_plugins_logdriver_test.go
+++ b/integration-cli/docker_cli_plugins_logdriver_test.go
@@ -3,13 +3,13 @@ package main
 import (
 	"context"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestPluginLogDriver(c *check.C) {
+func (s *DockerSuite) TestPluginLogDriver(c *testing.T) {
 	testRequires(c, IsAmd64, DaemonIsLinux)
 
 	pluginName := "cpuguy83/docker-logdriver-test:latest"
@@ -17,11 +17,11 @@ func (s *DockerSuite) TestPluginLogDriver(c *check.C) {
 	dockerCmd(c, "plugin", "install", pluginName)
 	dockerCmd(c, "run", "--log-driver", pluginName, "--name=test", "busybox", "echo", "hello")
 	out, _ := dockerCmd(c, "logs", "test")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 
 	dockerCmd(c, "start", "-a", "test")
 	out, _ = dockerCmd(c, "logs", "test")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello\nhello")
+	assert.Equal(c, strings.TrimSpace(out), "hello\nhello")
 
 	dockerCmd(c, "rm", "test")
 	dockerCmd(c, "plugin", "disable", pluginName)
@@ -29,20 +29,20 @@ func (s *DockerSuite) TestPluginLogDriver(c *check.C) {
 }
 
 // Make sure log drivers are listed in info, and v2 plugins are not.
-func (s *DockerSuite) TestPluginLogDriverInfoList(c *check.C) {
+func (s *DockerSuite) TestPluginLogDriverInfoList(c *testing.T) {
 	testRequires(c, IsAmd64, DaemonIsLinux)
 	pluginName := "cpuguy83/docker-logdriver-test"
 
 	dockerCmd(c, "plugin", "install", pluginName)
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	info, err := cli.Info(context.Background())
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	drivers := strings.Join(info.Plugins.Log, " ")
-	c.Assert(drivers, checker.Contains, "json-file")
-	c.Assert(drivers, checker.Not(checker.Contains), pluginName)
+	assert.Assert(c, strings.Contains(drivers, "json-file"))
+	assert.Assert(c, !strings.Contains(drivers, pluginName))
 }
diff --git a/integration-cli/docker_cli_plugins_test.go b/integration-cli/docker_cli_plugins_test.go
index 2cc5bfe2ff7e5..716186766919a 100644
--- a/integration-cli/docker_cli_plugins_test.go
+++ b/integration-cli/docker_cli_plugins_test.go
@@ -3,20 +3,20 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/daemon"
-	"github.com/docker/docker/internal/test/fixtures/plugin"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/fixtures/plugin"
+	"gotest.tools/v3/assert"
 )
 
 var (
@@ -28,135 +28,123 @@ var (
 	npNameWithTag     = npName + ":" + pTag
 )
 
-func (ps *DockerPluginSuite) TestPluginBasicOps(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginBasicOps(c *testing.T) {
 	plugin := ps.getPluginRepoWithTag()
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", plugin)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err := dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, plugin)
-	c.Assert(out, checker.Contains, "true")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, plugin))
+	assert.Assert(c, strings.Contains(out, "true"))
 	id, _, err := dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", plugin)
 	id = strings.TrimSpace(id)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err = dockerCmdWithError("plugin", "remove", plugin)
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "is enabled")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "is enabled"))
 	_, _, err = dockerCmdWithError("plugin", "disable", plugin)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err = dockerCmdWithError("plugin", "remove", plugin)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, plugin)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, plugin))
 	_, err = os.Stat(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "plugins", id))
 	if !os.IsNotExist(err) {
 		c.Fatal(err)
 	}
 }
 
-func (ps *DockerPluginSuite) TestPluginForceRemove(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginForceRemove(c *testing.T) {
 	pNameWithTag := ps.getPluginRepoWithTag()
 
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, _ := dockerCmdWithError("plugin", "remove", pNameWithTag)
-	c.Assert(out, checker.Contains, "is enabled")
-
+	assert.Assert(c, strings.Contains(out, "is enabled"))
 	out, _, err = dockerCmdWithError("plugin", "remove", "--force", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, pNameWithTag)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, pNameWithTag))
 }
 
-func (s *DockerSuite) TestPluginActive(c *check.C) {
+func (s *DockerSuite) TestPluginActive(c *testing.T) {
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
 
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, _, err = dockerCmdWithError("volume", "create", "-d", pNameWithTag, "--name", "testvol1")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, _ := dockerCmdWithError("plugin", "disable", pNameWithTag)
-	c.Assert(out, checker.Contains, "in use")
-
+	assert.Assert(c, strings.Contains(out, "in use"))
 	_, _, err = dockerCmdWithError("volume", "rm", "testvol1")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, _, err = dockerCmdWithError("plugin", "disable", pNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, pNameWithTag)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, pNameWithTag))
 }
 
-func (s *DockerSuite) TestPluginActiveNetwork(c *check.C) {
+func (s *DockerSuite) TestPluginActiveNetwork(c *testing.T) {
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", npNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err := dockerCmdWithError("network", "create", "-d", npNameWithTag, "test")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	nID := strings.TrimSpace(out)
 
 	out, _, _ = dockerCmdWithError("plugin", "remove", npNameWithTag)
-	c.Assert(out, checker.Contains, "is in use")
-
+	assert.Assert(c, strings.Contains(out, "is in use"))
 	_, _, err = dockerCmdWithError("network", "rm", nID)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, _ = dockerCmdWithError("plugin", "remove", npNameWithTag)
-	c.Assert(out, checker.Contains, "is enabled")
-
+	assert.Assert(c, strings.Contains(out, "is enabled"))
 	_, _, err = dockerCmdWithError("plugin", "disable", npNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err = dockerCmdWithError("plugin", "remove", npNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, npNameWithTag)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, npNameWithTag))
 }
 
-func (ps *DockerPluginSuite) TestPluginInstallDisable(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginInstallDisable(c *testing.T) {
 	pName := ps.getPluginRepoWithTag()
 
 	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", "--disable", pName)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), pName))
 	out, _, err = dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "false")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "false"))
 	out, _, err = dockerCmdWithError("plugin", "enable", pName)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), pName))
 	out, _, err = dockerCmdWithError("plugin", "disable", pName)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), pName))
 	out, _, err = dockerCmdWithError("plugin", "remove", pName)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), pName))
 }
 
-func (s *DockerSuite) TestPluginInstallDisableVolumeLs(c *check.C) {
+func (s *DockerSuite) TestPluginInstallDisableVolumeLs(c *testing.T) {
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
 	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", "--disable", pName)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), pName))
 	dockerCmd(c, "volume", "ls")
 }
 
-func (ps *DockerPluginSuite) TestPluginSet(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginSet(c *testing.T) {
 	client := testEnv.APIClient()
 
 	name := "test"
@@ -179,35 +167,31 @@ func (ps *DockerPluginSuite) TestPluginSet(c *check.C) {
 			{Name: "pdev2", Settable: []string{"path"}}, // Device without Path is invalid.
 		}
 	})
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create test plugin"))
+	assert.Assert(c, err == nil, "failed to create test plugin")
 
 	env, _ := dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", name)
-	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=0]")
+	assert.Equal(c, strings.TrimSpace(env), "[DEBUG=0]")
 
 	dockerCmd(c, "plugin", "set", name, "DEBUG=1")
 
 	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", name)
-	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=1]")
+	assert.Equal(c, strings.TrimSpace(env), "[DEBUG=1]")
 
 	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}", name)
-	c.Assert(strings.TrimSpace(env), checker.Contains, mntSrc)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(env), mntSrc))
 	dockerCmd(c, "plugin", "set", name, "pmount1.source=bar")
 
 	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}", name)
-	c.Assert(strings.TrimSpace(env), checker.Contains, "bar")
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(env), "bar"))
 	out, _, err := dockerCmdWithError("plugin", "set", name, "pmount2.source=bar2")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Plugin config has no mount source")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Plugin config has no mount source"))
 	out, _, err = dockerCmdWithError("plugin", "set", name, "pdev2.path=/dev/bar2")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Plugin config has no device path")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Plugin config has no device path"))
 }
 
-func (ps *DockerPluginSuite) TestPluginInstallArgs(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginInstallArgs(c *testing.T) {
 	pName := path.Join(ps.registryHost(), "plugin", "testplugininstallwithargs")
 	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
 	defer cancel()
@@ -217,13 +201,12 @@ func (ps *DockerPluginSuite) TestPluginInstallArgs(c *check.C) {
 	})
 
 	out, _ := dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--disable", pName, "DEBUG=1")
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), pName))
 	env, _ := dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", pName)
-	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=1]")
+	assert.Equal(c, strings.TrimSpace(env), "[DEBUG=1]")
 }
 
-func (ps *DockerPluginSuite) TestPluginInstallImage(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginInstallImage(c *testing.T) {
 	testRequires(c, IsAmd64)
 
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
@@ -233,125 +216,117 @@ func (ps *DockerPluginSuite) TestPluginInstallImage(c *check.C) {
 	dockerCmd(c, "push", repoName)
 
 	out, _, err := dockerCmdWithError("plugin", "install", repoName)
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, `Encountered remote "application/vnd.docker.container.image.v1+json"(image) when fetching`)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, `Encountered remote "application/vnd.docker.container.image.v1+json"(image) when fetching`))
 }
 
-func (ps *DockerPluginSuite) TestPluginEnableDisableNegative(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginEnableDisableNegative(c *testing.T) {
 	pName := ps.getPluginRepoWithTag()
 
 	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pName)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), pName))
 	out, _, err = dockerCmdWithError("plugin", "enable", pName)
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, "already enabled")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "already enabled"))
 	_, _, err = dockerCmdWithError("plugin", "disable", pName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err = dockerCmdWithError("plugin", "disable", pName)
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, "already disabled")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "already disabled"))
 	_, _, err = dockerCmdWithError("plugin", "remove", pName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
-func (ps *DockerPluginSuite) TestPluginCreate(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginCreate(c *testing.T) {
 	name := "foo/bar-driver"
-	temp, err := ioutil.TempDir("", "foo")
-	c.Assert(err, checker.IsNil)
+	temp, err := os.MkdirTemp("", "foo")
+	assert.NilError(c, err)
 	defer os.RemoveAll(temp)
 
 	data := `{"description": "foo plugin"}`
-	err = ioutil.WriteFile(filepath.Join(temp, "config.json"), []byte(data), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(temp, "config.json"), []byte(data), 0644)
+	assert.NilError(c, err)
 
 	err = os.MkdirAll(filepath.Join(temp, "rootfs"), 0700)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err := dockerCmdWithError("plugin", "create", name, temp)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, name)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, name))
 	out, _, err = dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, name)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, name))
 	out, _, err = dockerCmdWithError("plugin", "create", name, temp)
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "already exist")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "already exist"))
 	out, _, err = dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, name)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, name))
 	// The output will consists of one HEADER line and one line of foo/bar-driver
-	c.Assert(len(strings.Split(strings.TrimSpace(out), "\n")), checker.Equals, 2)
+	assert.Equal(c, len(strings.Split(strings.TrimSpace(out), "\n")), 2)
 }
 
-func (ps *DockerPluginSuite) TestPluginInspect(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginInspect(c *testing.T) {
 	pNameWithTag := ps.getPluginRepoWithTag()
 
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err := dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, pNameWithTag)
-	c.Assert(out, checker.Contains, "true")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, pNameWithTag))
+	assert.Assert(c, strings.Contains(out, "true"))
 	// Find the ID first
 	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", pNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	id := strings.TrimSpace(out)
-	c.Assert(id, checker.Not(checker.Equals), "")
+	assert.Assert(c, id != "")
 
 	// Long form
 	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", id)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, id)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), id)
 
 	// Short form
 	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", id[:5])
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, id)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), id)
 
 	// Name with tag form
 	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, id)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), id)
 
 	// Name without tag form
 	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", ps.getPluginRepo())
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, id)
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), id)
 
 	_, _, err = dockerCmdWithError("plugin", "disable", pNameWithTag)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, pNameWithTag)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, pNameWithTag))
 	// After remove nothing should be found
 	_, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", id[:5])
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
 // Test case for https://github.com/docker/docker/pull/29186#discussion_r91277345
-func (s *DockerSuite) TestPluginInspectOnWindows(c *check.C) {
+func (s *DockerSuite) TestPluginInspectOnWindows(c *testing.T) {
 	// This test should work on Windows only
 	testRequires(c, DaemonIsWindows)
 
 	out, _, err := dockerCmdWithError("plugin", "inspect", "foobar")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "plugins are not supported on this platform")
-	c.Assert(err.Error(), checker.Contains, "plugins are not supported on this platform")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "plugins are not supported on this platform"))
+	assert.ErrorContains(c, err, "plugins are not supported on this platform")
 }
 
-func (ps *DockerPluginSuite) TestPluginIDPrefix(c *check.C) {
+func (ps *DockerPluginSuite) TestPluginIDPrefix(c *testing.T) {
 	name := "test"
 	client := testEnv.APIClient()
 
@@ -362,59 +337,56 @@ func (ps *DockerPluginSuite) TestPluginIDPrefix(c *check.C) {
 	})
 	cancel()
 
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create test plugin"))
+	assert.Assert(c, err == nil, "failed to create test plugin")
 
 	// Find ID first
 	id, _, err := dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", name)
 	id = strings.TrimSpace(id)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// List current state
 	out, _, err := dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, name)
-	c.Assert(out, checker.Contains, "false")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, name))
+	assert.Assert(c, strings.Contains(out, "false"))
 	env, _ := dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", id[:5])
-	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=0]")
+	assert.Equal(c, strings.TrimSpace(env), "[DEBUG=0]")
 
 	dockerCmd(c, "plugin", "set", id[:5], "DEBUG=1")
 
 	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", id[:5])
-	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=1]")
+	assert.Equal(c, strings.TrimSpace(env), "[DEBUG=1]")
 
 	// Enable
 	_, _, err = dockerCmdWithError("plugin", "enable", id[:5])
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	out, _, err = dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, name)
-	c.Assert(out, checker.Contains, "true")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, name))
+	assert.Assert(c, strings.Contains(out, "true"))
 	// Disable
 	_, _, err = dockerCmdWithError("plugin", "disable", id[:5])
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	out, _, err = dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, name)
-	c.Assert(out, checker.Contains, "false")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, name))
+	assert.Assert(c, strings.Contains(out, "false"))
 	// Remove
 	_, _, err = dockerCmdWithError("plugin", "remove", id[:5])
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	// List returns none
 	out, _, err = dockerCmdWithError("plugin", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Not(checker.Contains), name)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(out, name))
 }
 
-func (ps *DockerPluginSuite) TestPluginListDefaultFormat(c *check.C) {
-	config, err := ioutil.TempDir("", "config-file-")
-	c.Assert(err, check.IsNil)
+func (ps *DockerPluginSuite) TestPluginListDefaultFormat(c *testing.T) {
+	config, err := os.MkdirTemp("", "config-file-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(config)
 
-	err = ioutil.WriteFile(filepath.Join(config, "config.json"), []byte(`{"pluginsFormat": "raw"}`), 0644)
-	c.Assert(err, check.IsNil)
+	err = os.WriteFile(filepath.Join(config, "config.json"), []byte(`{"pluginsFormat": "raw"}`), 0644)
+	assert.NilError(c, err)
 
 	name := "test:latest"
 	client := testEnv.APIClient()
@@ -424,7 +396,7 @@ func (ps *DockerPluginSuite) TestPluginListDefaultFormat(c *check.C) {
 	err = plugin.Create(ctx, client, name, func(cfg *plugin.Config) {
 		cfg.Description = "test plugin"
 	})
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create test plugin"))
+	assert.Assert(c, err == nil, "failed to create test plugin")
 
 	out, _ := dockerCmd(c, "plugin", "inspect", "--format", "{{.ID}}", name)
 	id := strings.TrimSpace(out)
@@ -436,11 +408,11 @@ description: test plugin
 enabled: false`, id, name)
 
 	out, _ = dockerCmd(c, "--config", config, "plugin", "ls", "--no-trunc")
-	c.Assert(strings.TrimSpace(out), checker.Contains, expectedOutput)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), expectedOutput))
 }
 
-func (s *DockerSuite) TestPluginUpgrade(c *check.C) {
-	testRequires(c, DaemonIsLinux, Network, SameHostDaemon, IsAmd64, NotUserNamespace)
+func (s *DockerSuite) TestPluginUpgrade(c *testing.T) {
+	testRequires(c, DaemonIsLinux, Network, testEnv.IsLocalDaemon, IsAmd64, NotUserNamespace)
 	plugin := "cpuguy83/docker-volume-driver-plugin-local:latest"
 	pluginV2 := "cpuguy83/docker-volume-driver-plugin-local:v2"
 
@@ -449,45 +421,44 @@ func (s *DockerSuite) TestPluginUpgrade(c *check.C) {
 	dockerCmd(c, "run", "--rm", "-v", "bananas:/apple", "busybox", "sh", "-c", "touch /apple/core")
 
 	out, _, err := dockerCmdWithError("plugin", "upgrade", "--grant-all-permissions", plugin, pluginV2)
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "disabled before upgrading")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "disabled before upgrading"))
 	out, _ = dockerCmd(c, "plugin", "inspect", "--format={{.ID}}", plugin)
 	id := strings.TrimSpace(out)
 
 	// make sure "v2" does not exists
 	_, err = os.Stat(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "plugins", id, "rootfs", "v2"))
-	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("%s", out))
+	assert.Assert(c, os.IsNotExist(err), out)
 
 	dockerCmd(c, "plugin", "disable", "-f", plugin)
 	dockerCmd(c, "plugin", "upgrade", "--grant-all-permissions", "--skip-remote-check", plugin, pluginV2)
 
 	// make sure "v2" file exists
 	_, err = os.Stat(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "plugins", id, "rootfs", "v2"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "plugin", "enable", plugin)
 	dockerCmd(c, "volume", "inspect", "bananas")
 	dockerCmd(c, "run", "--rm", "-v", "bananas:/apple", "busybox", "sh", "-c", "ls -lh /apple/core")
 }
 
-func (s *DockerSuite) TestPluginMetricsCollector(c *check.C) {
-	testRequires(c, DaemonIsLinux, Network, SameHostDaemon, IsAmd64)
+func (s *DockerSuite) TestPluginMetricsCollector(c *testing.T) {
+	testRequires(c, DaemonIsLinux, Network, testEnv.IsLocalDaemon, IsAmd64)
 	d := daemon.New(c, dockerBinary, dockerdBinary)
 	d.Start(c)
 	defer d.Stop(c)
 
 	name := "cpuguy83/docker-metrics-plugin-test:latest"
 	r := cli.Docker(cli.Args("plugin", "install", "--grant-all-permissions", name), cli.Daemon(d))
-	c.Assert(r.Error, checker.IsNil, check.Commentf(r.Combined()))
+	assert.Assert(c, r.Error == nil, r.Combined())
 
 	// plugin lisens on localhost:19393 and proxies the metrics
 	resp, err := http.Get("http://localhost:19393/metrics")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer resp.Body.Close()
 
-	b, err := ioutil.ReadAll(resp.Body)
-	c.Assert(err, checker.IsNil)
+	b, err := io.ReadAll(resp.Body)
+	assert.NilError(c, err)
 	// check that a known metric is there... don't expect this metric to change over time.. probably safe
-	c.Assert(string(b), checker.Contains, "container_actions")
+	assert.Assert(c, strings.Contains(string(b), "container_actions"))
 }
diff --git a/integration-cli/docker_cli_port_test.go b/integration-cli/docker_cli_port_test.go
index 84058cda10c44..dd41d9891fd35 100644
--- a/integration-cli/docker_cli_port_test.go
+++ b/integration-cli/docker_cli_port_test.go
@@ -1,18 +1,18 @@
 package main
 
 import (
+	"context"
 	"fmt"
-	"net"
 	"regexp"
 	"sort"
 	"strconv"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestPortList(c *check.C) {
+func (s *DockerSuite) TestPortList(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// one port
 	out, _ := dockerCmd(c, "run", "-d", "-p", "9876:80", "busybox", "top")
@@ -20,15 +20,15 @@ func (s *DockerSuite) TestPortList(c *check.C) {
 
 	out, _ = dockerCmd(c, "port", firstID, "80")
 
-	err := assertPortList(c, out, []string{"0.0.0.0:9876"})
+	err := assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _ = dockerCmd(c, "port", firstID)
 
-	err = assertPortList(c, out, []string{"80/tcp -> 0.0.0.0:9876"})
+	err = assertPortList(c, out, []string{"80/tcp -> 0.0.0.0:9876", "80/tcp -> [::]:9876"})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "rm", "-f", firstID)
 
@@ -42,18 +42,22 @@ func (s *DockerSuite) TestPortList(c *check.C) {
 
 	out, _ = dockerCmd(c, "port", ID, "80")
 
-	err = assertPortList(c, out, []string{"0.0.0.0:9876"})
+	err = assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _ = dockerCmd(c, "port", ID)
 
 	err = assertPortList(c, out, []string{
 		"80/tcp -> 0.0.0.0:9876",
+		"80/tcp -> [::]:9876",
 		"81/tcp -> 0.0.0.0:9877",
-		"82/tcp -> 0.0.0.0:9878"})
+		"81/tcp -> [::]:9877",
+		"82/tcp -> 0.0.0.0:9878",
+		"82/tcp -> [::]:9878",
+	})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "rm", "-f", ID)
 
@@ -68,43 +72,47 @@ func (s *DockerSuite) TestPortList(c *check.C) {
 
 	out, _ = dockerCmd(c, "port", ID, "80")
 
-	err = assertPortList(c, out, []string{"0.0.0.0:9876", "0.0.0.0:9999"})
+	err = assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876", "0.0.0.0:9999", "[::]:9999"})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _ = dockerCmd(c, "port", ID)
 
 	err = assertPortList(c, out, []string{
 		"80/tcp -> 0.0.0.0:9876",
 		"80/tcp -> 0.0.0.0:9999",
+		"80/tcp -> [::]:9876",
+		"80/tcp -> [::]:9999",
 		"81/tcp -> 0.0.0.0:9877",
-		"82/tcp -> 0.0.0.0:9878"})
+		"81/tcp -> [::]:9877",
+		"82/tcp -> 0.0.0.0:9878",
+		"82/tcp -> [::]:9878",
+	})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	dockerCmd(c, "rm", "-f", ID)
 
 	testRange := func() {
 		// host port ranges used
 		IDs := make([]string, 3)
 		for i := 0; i < 3; i++ {
-			out, _ = dockerCmd(c, "run", "-d",
-				"-p", "9090-9092:80",
-				"busybox", "top")
+			out, _ = dockerCmd(c, "run", "-d", "-p", "9090-9092:80", "busybox", "top")
 			IDs[i] = strings.TrimSpace(out)
 
 			out, _ = dockerCmd(c, "port", IDs[i])
 
-			err = assertPortList(c, out, []string{fmt.Sprintf("80/tcp -> 0.0.0.0:%d", 9090+i)})
+			err = assertPortList(c, out, []string{
+				fmt.Sprintf("80/tcp -> 0.0.0.0:%d", 9090+i),
+				fmt.Sprintf("80/tcp -> [::]:%d", 9090+i),
+			})
 			// Port list is not correct
-			c.Assert(err, checker.IsNil)
+			assert.NilError(c, err)
 		}
 
 		// test port range exhaustion
-		out, _, err = dockerCmdWithError("run", "-d",
-			"-p", "9090-9092:80",
-			"busybox", "top")
+		out, _, err = dockerCmdWithError("run", "-d", "-p", "9090-9092:80", "busybox", "top")
 		// Exhausted port range did not return an error
-		c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+		assert.Assert(c, err != nil, "out: %s", out)
 
 		for i := 0; i < 3; i++ {
 			dockerCmd(c, "rm", "-f", IDs[i])
@@ -116,47 +124,46 @@ func (s *DockerSuite) TestPortList(c *check.C) {
 
 	// test invalid port ranges
 	for _, invalidRange := range []string{"9090-9089:80", "9090-:80", "-9090:80"} {
-		out, _, err = dockerCmdWithError("run", "-d",
-			"-p", invalidRange,
-			"busybox", "top")
+		out, _, err = dockerCmdWithError("run", "-d", "-p", invalidRange, "busybox", "top")
 		// Port range should have returned an error
-		c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+		assert.Assert(c, err != nil, "out: %s", out)
 	}
 
 	// test host range:container range spec.
-	out, _ = dockerCmd(c, "run", "-d",
-		"-p", "9800-9803:80-83",
-		"busybox", "top")
+	out, _ = dockerCmd(c, "run", "-d", "-p", "9800-9803:80-83", "busybox", "top")
 	ID = strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "port", ID)
 
 	err = assertPortList(c, out, []string{
 		"80/tcp -> 0.0.0.0:9800",
+		"80/tcp -> [::]:9800",
 		"81/tcp -> 0.0.0.0:9801",
+		"81/tcp -> [::]:9801",
 		"82/tcp -> 0.0.0.0:9802",
-		"83/tcp -> 0.0.0.0:9803"})
+		"82/tcp -> [::]:9802",
+		"83/tcp -> 0.0.0.0:9803",
+		"83/tcp -> [::]:9803",
+	})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	dockerCmd(c, "rm", "-f", ID)
 
 	// test mixing protocols in same port range
-	out, _ = dockerCmd(c, "run", "-d",
-		"-p", "8000-8080:80",
-		"-p", "8000-8080:80/udp",
-		"busybox", "top")
+	out, _ = dockerCmd(c, "run", "-d", "-p", "8000-8080:80", "-p", "8000-8080:80/udp", "busybox", "top")
 	ID = strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "port", ID)
 
 	// Running this test multiple times causes the TCP port to increment.
-	err = assertPortRange(c, out, []int{8000, 8080}, []int{8000, 8080})
+	err = assertPortRange(ID, []int{8000, 8080}, []int{8000, 8080})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	dockerCmd(c, "rm", "-f", ID)
 }
 
-func assertPortList(c *check.C, out string, expected []string) error {
+func assertPortList(c *testing.T, out string, expected []string) error {
+	c.Helper()
 	lines := strings.Split(strings.Trim(out, "\n "), "\n")
 	if len(lines) != len(expected) {
 		return fmt.Errorf("different size lists %s, %d, %d", out, len(lines), len(expected))
@@ -164,8 +171,20 @@ func assertPortList(c *check.C, out string, expected []string) error {
 	sort.Strings(lines)
 	sort.Strings(expected)
 
+	// "docker port" does not yet have a "--format" flag, and older versions
+	// of the CLI used an incorrect output format for mappings on IPv6 addresses
+	// for example, "80/tcp -> :::80" instead of "80/tcp -> [::]:80".
+	oldFormat := func(mapping string) string {
+		old := strings.Replace(mapping, "[", "", 1)
+		old = strings.Replace(old, "]:", ":", 1)
+		return old
+	}
+
 	for i := 0; i < len(expected); i++ {
-		if lines[i] != expected[i] {
+		if lines[i] == expected[i] {
+			continue
+		}
+		if lines[i] != oldFormat(expected[i]) {
 			return fmt.Errorf("|" + lines[i] + "!=" + expected[i] + "|")
 		}
 	}
@@ -173,43 +192,56 @@ func assertPortList(c *check.C, out string, expected []string) error {
 	return nil
 }
 
-func assertPortRange(c *check.C, out string, expectedTcp, expectedUdp []int) error {
-	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+func assertPortRange(id string, expectedTCP, expectedUDP []int) error {
+	client := testEnv.APIClient()
+	inspect, err := client.ContainerInspect(context.TODO(), id)
+	if err != nil {
+		return err
+	}
 
-	var validTcp, validUdp bool
-	for _, l := range lines {
-		// 80/tcp -> 0.0.0.0:8015
-		port, err := strconv.Atoi(strings.Split(l, ":")[1])
-		if err != nil {
-			return err
+	var validTCP, validUDP bool
+	for portAndProto, binding := range inspect.NetworkSettings.Ports {
+		if portAndProto.Proto() == "tcp" && len(expectedTCP) == 0 {
+			continue
 		}
-		if strings.Contains(l, "tcp") && expectedTcp != nil {
-			if port < expectedTcp[0] || port > expectedTcp[1] {
-				return fmt.Errorf("tcp port (%d) not in range expected range %d-%d", port, expectedTcp[0], expectedTcp[1])
-			}
-			validTcp = true
+		if portAndProto.Proto() == "udp" && len(expectedTCP) == 0 {
+			continue
 		}
-		if strings.Contains(l, "udp") && expectedUdp != nil {
-			if port < expectedUdp[0] || port > expectedUdp[1] {
-				return fmt.Errorf("udp port (%d) not in range expected range %d-%d", port, expectedUdp[0], expectedUdp[1])
+
+		for _, b := range binding {
+			port, err := strconv.Atoi(b.HostPort)
+			if err != nil {
+				return err
+			}
+
+			if len(expectedTCP) > 0 {
+				if port < expectedTCP[0] || port > expectedTCP[1] {
+					return fmt.Errorf("tcp port (%d) not in range expected range %d-%d", port, expectedTCP[0], expectedTCP[1])
+				}
+				validTCP = true
+			}
+			if len(expectedUDP) > 0 {
+				if port < expectedUDP[0] || port > expectedUDP[1] {
+					return fmt.Errorf("udp port (%d) not in range expected range %d-%d", port, expectedUDP[0], expectedUDP[1])
+				}
+				validUDP = true
 			}
-			validUdp = true
 		}
 	}
-	if !validTcp {
+	if !validTCP {
 		return fmt.Errorf("tcp port not found")
 	}
-	if !validUdp {
+	if !validUDP {
 		return fmt.Errorf("udp port not found")
 	}
 	return nil
 }
 
-func stopRemoveContainer(id string, c *check.C) {
+func stopRemoveContainer(id string, c *testing.T) {
 	dockerCmd(c, "rm", "-f", id)
 }
 
-func (s *DockerSuite) TestUnpublishedPortsInPsOutput(c *check.C) {
+func (s *DockerSuite) TestUnpublishedPortsInPsOutput(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	// Run busybox with command line expose (equivalent to EXPOSE in image's Dockerfile) for the following ports
 	port1 := 80
@@ -223,10 +255,9 @@ func (s *DockerSuite) TestUnpublishedPortsInPsOutput(c *check.C) {
 	unpPort2 := fmt.Sprintf("%d/tcp", port2)
 	out, _ := dockerCmd(c, "ps", "-n=1")
 	// Missing unpublished ports in docker ps output
-	c.Assert(out, checker.Contains, unpPort1)
+	assert.Assert(c, strings.Contains(out, unpPort1))
 	// Missing unpublished ports in docker ps output
-	c.Assert(out, checker.Contains, unpPort2)
-
+	assert.Assert(c, strings.Contains(out, unpPort2))
 	// Run the container forcing to publish the exposed ports
 	dockerCmd(c, "run", "-d", "-P", expose1, expose2, "busybox", "sleep", "5")
 
@@ -235,9 +266,9 @@ func (s *DockerSuite) TestUnpublishedPortsInPsOutput(c *check.C) {
 	expBndRegx2 := regexp.MustCompile(`0.0.0.0:\d\d\d\d\d->` + unpPort2)
 	out, _ = dockerCmd(c, "ps", "-n=1")
 	// Cannot find expected port binding port (0.0.0.0:xxxxx->unpPort1) in docker ps output
-	c.Assert(expBndRegx1.MatchString(out), checker.Equals, true, check.Commentf("out: %s; unpPort1: %s", out, unpPort1))
+	assert.Equal(c, expBndRegx1.MatchString(out), true, fmt.Sprintf("out: %s; unpPort1: %s", out, unpPort1))
 	// Cannot find expected port binding port (0.0.0.0:xxxxx->unpPort2) in docker ps output
-	c.Assert(expBndRegx2.MatchString(out), checker.Equals, true, check.Commentf("out: %s; unpPort2: %s", out, unpPort2))
+	assert.Equal(c, expBndRegx2.MatchString(out), true, fmt.Sprintf("out: %s; unpPort2: %s", out, unpPort2))
 
 	// Run the container specifying explicit port bindings for the exposed ports
 	offset := 10000
@@ -251,10 +282,9 @@ func (s *DockerSuite) TestUnpublishedPortsInPsOutput(c *check.C) {
 	expBnd2 := fmt.Sprintf("0.0.0.0:%d->%s", offset+port2, unpPort2)
 	out, _ = dockerCmd(c, "ps", "-n=1")
 	// Cannot find expected port binding (expBnd1) in docker ps output
-	c.Assert(out, checker.Contains, expBnd1)
+	assert.Assert(c, strings.Contains(out, expBnd1))
 	// Cannot find expected port binding (expBnd2) in docker ps output
-	c.Assert(out, checker.Contains, expBnd2)
-
+	assert.Assert(c, strings.Contains(out, expBnd2))
 	// Remove container now otherwise it will interfere with next test
 	stopRemoveContainer(id, c)
 
@@ -265,9 +295,9 @@ func (s *DockerSuite) TestUnpublishedPortsInPsOutput(c *check.C) {
 	// Check docker ps o/p for last created container reports the specified port mappings
 	out, _ = dockerCmd(c, "ps", "-n=1")
 	// Cannot find expected port binding (expBnd1) in docker ps output
-	c.Assert(out, checker.Contains, expBnd1)
+	assert.Assert(c, strings.Contains(out, expBnd1))
 	// Cannot find expected port binding (expBnd2) in docker ps output
-	c.Assert(out, checker.Contains, expBnd2)
+	assert.Assert(c, strings.Contains(out, expBnd2))
 	// Remove container now otherwise it will interfere with next test
 	stopRemoveContainer(id, c)
 
@@ -277,75 +307,64 @@ func (s *DockerSuite) TestUnpublishedPortsInPsOutput(c *check.C) {
 	// Check docker ps o/p for last created container reports the specified unpublished port and port mapping
 	out, _ = dockerCmd(c, "ps", "-n=1")
 	// Missing unpublished exposed ports (unpPort1) in docker ps output
-	c.Assert(out, checker.Contains, unpPort1)
+	assert.Assert(c, strings.Contains(out, unpPort1))
 	// Missing port binding (expBnd2) in docker ps output
-	c.Assert(out, checker.Contains, expBnd2)
+	assert.Assert(c, strings.Contains(out, expBnd2))
 }
 
-func (s *DockerSuite) TestPortHostBinding(c *check.C) {
+func (s *DockerSuite) TestPortHostBinding(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
-	out, _ := dockerCmd(c, "run", "-d", "-p", "9876:80", "busybox",
-		"nc", "-l", "-p", "80")
+	out, _ := dockerCmd(c, "run", "-d", "-p", "9876:80", "busybox", "nc", "-l", "-p", "80")
 	firstID := strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "port", firstID, "80")
 
-	err := assertPortList(c, out, []string{"0.0.0.0:9876"})
+	err := assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
 	// Port list is not correct
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	dockerCmd(c, "run", "--net=host", "busybox",
-		"nc", "localhost", "9876")
+	dockerCmd(c, "run", "--net=host", "busybox", "nc", "localhost", "9876")
 
 	dockerCmd(c, "rm", "-f", firstID)
 
 	out, _, err = dockerCmdWithError("run", "--net=host", "busybox", "nc", "localhost", "9876")
 	// Port is still bound after the Container is removed
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 }
 
-func (s *DockerSuite) TestPortExposeHostBinding(c *check.C) {
+func (s *DockerSuite) TestPortExposeHostBinding(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
-	out, _ := dockerCmd(c, "run", "-d", "-P", "--expose", "80", "busybox",
-		"nc", "-l", "-p", "80")
+	out, _ := dockerCmd(c, "run", "-d", "-P", "--expose", "80", "busybox", "nc", "-l", "-p", "80")
 	firstID := strings.TrimSpace(out)
 
-	out, _ = dockerCmd(c, "port", firstID, "80")
-
-	_, exposedPort, err := net.SplitHostPort(out)
-	c.Assert(err, checker.IsNil, check.Commentf("out: %s", out))
+	out, _ = dockerCmd(c, "inspect", "--format", `{{index .NetworkSettings.Ports "80/tcp" 0 "HostPort" }}`, firstID)
 
-	dockerCmd(c, "run", "--net=host", "busybox",
-		"nc", "localhost", strings.TrimSpace(exposedPort))
+	exposedPort := strings.TrimSpace(out)
+	dockerCmd(c, "run", "--net=host", "busybox", "nc", "127.0.0.1", exposedPort)
 
 	dockerCmd(c, "rm", "-f", firstID)
 
-	out, _, err = dockerCmdWithError("run", "--net=host", "busybox",
-		"nc", "localhost", strings.TrimSpace(exposedPort))
+	out, _, err := dockerCmdWithError("run", "--net=host", "busybox", "nc", "127.0.0.1", exposedPort)
 	// Port is still bound after the Container is removed
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 }
 
-func (s *DockerSuite) TestPortBindingOnSandbox(c *check.C) {
+func (s *DockerSuite) TestPortBindingOnSandbox(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	dockerCmd(c, "network", "create", "--internal", "-d", "bridge", "internal-net")
 	nr := getNetworkResource(c, "internal-net")
-	c.Assert(nr.Internal, checker.Equals, true)
+	assert.Equal(c, nr.Internal, true)
 
 	dockerCmd(c, "run", "--net", "internal-net", "-d", "--name", "c1",
 		"-p", "8080:8080", "busybox", "nc", "-l", "-p", "8080")
-	c.Assert(waitRun("c1"), check.IsNil)
+	assert.Assert(c, waitRun("c1") == nil)
 
 	_, _, err := dockerCmdWithError("run", "--net=host", "busybox", "nc", "localhost", "8080")
-	c.Assert(err, check.NotNil,
-		check.Commentf("Port mapping on internal network is expected to fail"))
-
+	assert.Assert(c, err != nil, "Port mapping on internal network is expected to fail")
 	// Connect container to another normal bridge network
 	dockerCmd(c, "network", "create", "-d", "bridge", "foo-net")
 	dockerCmd(c, "network", "connect", "foo-net", "c1")
 
 	_, _, err = dockerCmdWithError("run", "--net=host", "busybox", "nc", "localhost", "8080")
-	c.Assert(err, check.IsNil,
-		check.Commentf("Port mapping on the new network is expected to succeed"))
-
+	assert.Assert(c, err == nil, "Port mapping on the new network is expected to succeed")
 }
diff --git a/integration-cli/docker_cli_proxy_test.go b/integration-cli/docker_cli_proxy_test.go
index 52159aa9c538e..a803328665081 100644
--- a/integration-cli/docker_cli_proxy_test.go
+++ b/integration-cli/docker_cli_proxy_test.go
@@ -3,14 +3,14 @@ package main
 import (
 	"net"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestCLIProxyDisableProxyUnixSock(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestCLIProxyDisableProxyUnixSock(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 
 	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "info"},
@@ -20,11 +20,10 @@ func (s *DockerSuite) TestCLIProxyDisableProxyUnixSock(c *check.C) {
 
 // Can't use localhost here since go has a special case to not use proxy if connecting to localhost
 // See https://golang.org/pkg/net/http/#ProxyFromEnvironment
-func (s *DockerDaemonSuite) TestCLIProxyProxyTCPSock(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerDaemonSuite) TestCLIProxyProxyTCPSock(c *testing.T) {
 	// get the IP to use to connect since we can't use localhost
 	addrs, err := net.InterfaceAddrs()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	var ip string
 	for _, addr := range addrs {
 		sAddr := addr.String()
@@ -35,7 +34,7 @@ func (s *DockerDaemonSuite) TestCLIProxyProxyTCPSock(c *check.C) {
 		}
 	}
 
-	c.Assert(ip, checker.Not(checker.Equals), "")
+	assert.Assert(c, ip != "")
 
 	s.d.Start(c, "-H", "tcp://"+ip+":2375")
 
diff --git a/integration-cli/docker_cli_prune_unix_test.go b/integration-cli/docker_cli_prune_unix_test.go
index d60420b591481..f3afe70a2093b 100644
--- a/integration-cli/docker_cli_prune_unix_test.go
+++ b/integration-cli/docker_cli_prune_unix_test.go
@@ -1,58 +1,61 @@
+//go:build !windows
 // +build !windows
 
 package main
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/integration-cli/daemon"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
-func pruneNetworkAndVerify(c *check.C, d *daemon.Daemon, kept, pruned []string) {
+func pruneNetworkAndVerify(c *testing.T, d *daemon.Daemon, kept, pruned []string) {
 	_, err := d.Cmd("network", "prune", "--force")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	for _, s := range kept {
-		waitAndAssert(c, defaultReconciliationTimeout, func(*check.C) (interface{}, check.CommentInterface) {
+		poll.WaitOn(c, pollCheck(c, func(*testing.T) (interface{}, string) {
 			out, err := d.Cmd("network", "ls", "--format", "{{.Name}}")
-			c.Assert(err, checker.IsNil)
-			return out, nil
-		}, checker.Contains, s)
+			assert.NilError(c, err)
+			return out, ""
+		}, checker.Contains(s)), poll.WithTimeout(defaultReconciliationTimeout))
+
 	}
 
 	for _, s := range pruned {
-		waitAndAssert(c, defaultReconciliationTimeout, func(*check.C) (interface{}, check.CommentInterface) {
+		poll.WaitOn(c, pollCheck(c, func(*testing.T) (interface{}, string) {
 			out, err := d.Cmd("network", "ls", "--format", "{{.Name}}")
-			c.Assert(err, checker.IsNil)
-			return out, nil
-		}, checker.Not(checker.Contains), s)
+			assert.NilError(c, err)
+			return out, ""
+		}, checker.Not(checker.Contains(s))), poll.WithTimeout(defaultReconciliationTimeout))
 	}
 }
 
-func (s *DockerSwarmSuite) TestPruneNetwork(c *check.C) {
+func (s *DockerSwarmSuite) TestPruneNetwork(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 	_, err := d.Cmd("network", "create", "n1") // used by container (testprune)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = d.Cmd("network", "create", "n2")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = d.Cmd("network", "create", "n3", "--driver", "overlay") // used by service (testprunesvc)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = d.Cmd("network", "create", "n4", "--driver", "overlay")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	cName := "testprune"
 	_, err = d.Cmd("run", "-d", "--name", cName, "--net", "n1", "busybox", "top")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	serviceName := "testprunesvc"
 	replicas := 1
@@ -61,24 +64,24 @@ func (s *DockerSwarmSuite) TestPruneNetwork(c *check.C) {
 		"--replicas", strconv.Itoa(replicas),
 		"--network", "n3",
 		"busybox", "top")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, replicas+1)
+	assert.NilError(c, err)
+	assert.Assert(c, strings.TrimSpace(out) != "")
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(replicas+1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// prune and verify
 	pruneNetworkAndVerify(c, d, []string{"n1", "n3"}, []string{"n2", "n4"})
 
 	// remove containers, then prune and verify again
 	_, err = d.Cmd("rm", "-f", cName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	_, err = d.Cmd("service", "rm", serviceName)
-	c.Assert(err, checker.IsNil)
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 0)
+	assert.NilError(c, err)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(0)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	pruneNetworkAndVerify(c, d, []string{}, []string{"n1", "n3"})
 }
 
-func (s *DockerDaemonSuite) TestPruneImageDangling(c *check.C) {
+func (s *DockerDaemonSuite) TestPruneImageDangling(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	result := cli.BuildCmd(c, "test", cli.Daemon(s.d),
@@ -90,27 +93,23 @@ func (s *DockerDaemonSuite) TestPruneImageDangling(c *check.C) {
 	id := strings.TrimSpace(result.Combined())
 
 	out, err := s.d.Cmd("images", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id))
 	out, err = s.d.Cmd("image", "prune", "--force")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id)
-
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id))
 	out, err = s.d.Cmd("images", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id))
 	out, err = s.d.Cmd("image", "prune", "--force", "--all")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id))
 	out, err = s.d.Cmd("images", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id))
 }
 
-func (s *DockerSuite) TestPruneContainerUntil(c *check.C) {
+func (s *DockerSuite) TestPruneContainerUntil(c *testing.T) {
 	out := cli.DockerCmd(c, "run", "-d", "busybox").Combined()
 	id1 := strings.TrimSpace(out)
 	cli.WaitExited(c, id1, 5*time.Second)
@@ -122,15 +121,14 @@ func (s *DockerSuite) TestPruneContainerUntil(c *check.C) {
 	cli.WaitExited(c, id2, 5*time.Second)
 
 	out = cli.DockerCmd(c, "container", "prune", "--force", "--filter", "until="+until).Combined()
-	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
 	out = cli.DockerCmd(c, "ps", "-a", "-q", "--no-trunc").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
 }
 
-func (s *DockerSuite) TestPruneContainerLabel(c *check.C) {
+func (s *DockerSuite) TestPruneContainerLabel(c *testing.T) {
 	out := cli.DockerCmd(c, "run", "-d", "--label", "foo", "busybox").Combined()
 	id1 := strings.TrimSpace(out)
 	cli.WaitExited(c, id1, 5*time.Second)
@@ -149,125 +147,111 @@ func (s *DockerSuite) TestPruneContainerLabel(c *check.C) {
 
 	// Add a config file of label=foobar, that will have no impact if cli is label!=foobar
 	config := `{"pruneFilters": ["label=foobar"]}`
-	d, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	d, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(d)
-	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	assert.NilError(c, err)
 
 	// With config.json only, prune based on label=foobar
 	out = cli.DockerCmd(c, "--config", d, "container", "prune", "--force").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id4)
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id3))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id4))
 	out = cli.DockerCmd(c, "container", "prune", "--force", "--filter", "label=foo").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id3))
 	out = cli.DockerCmd(c, "ps", "-a", "-q", "--no-trunc").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id3)
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id3))
 	out = cli.DockerCmd(c, "container", "prune", "--force", "--filter", "label!=bar").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id3)
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id3))
 	out = cli.DockerCmd(c, "ps", "-a", "-q", "--no-trunc").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id3))
 	// With config.json label=foobar and CLI label!=foobar, CLI label!=foobar supersede
 	out = cli.DockerCmd(c, "--config", d, "container", "prune", "--force", "--filter", "label!=foobar").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
 	out = cli.DockerCmd(c, "ps", "-a", "-q", "--no-trunc").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
 }
 
-func (s *DockerSuite) TestPruneVolumeLabel(c *check.C) {
+func (s *DockerSuite) TestPruneVolumeLabel(c *testing.T) {
 	out, _ := dockerCmd(c, "volume", "create", "--label", "foo")
 	id1 := strings.TrimSpace(out)
-	c.Assert(id1, checker.Not(checker.Equals), "")
+	assert.Assert(c, id1 != "")
 
 	out, _ = dockerCmd(c, "volume", "create", "--label", "bar")
 	id2 := strings.TrimSpace(out)
-	c.Assert(id2, checker.Not(checker.Equals), "")
+	assert.Assert(c, id2 != "")
 
 	out, _ = dockerCmd(c, "volume", "create")
 	id3 := strings.TrimSpace(out)
-	c.Assert(id3, checker.Not(checker.Equals), "")
+	assert.Assert(c, id3 != "")
 
 	out, _ = dockerCmd(c, "volume", "create", "--label", "foobar")
 	id4 := strings.TrimSpace(out)
-	c.Assert(id4, checker.Not(checker.Equals), "")
+	assert.Assert(c, id4 != "")
 
 	// Add a config file of label=foobar, that will have no impact if cli is label!=foobar
 	config := `{"pruneFilters": ["label=foobar"]}`
-	d, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	d, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(d)
-	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	assert.NilError(c, err)
 
 	// With config.json only, prune based on label=foobar
 	out, _ = dockerCmd(c, "--config", d, "volume", "prune", "--force")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id4)
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id3))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id4))
 	out, _ = dockerCmd(c, "volume", "prune", "--force", "--filter", "label=foo")
-	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id3))
 	out, _ = dockerCmd(c, "volume", "ls", "--format", "{{.Name}}")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id3)
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id3))
 	out, _ = dockerCmd(c, "volume", "prune", "--force", "--filter", "label!=bar")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id3)
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id3))
 	out, _ = dockerCmd(c, "volume", "ls", "--format", "{{.Name}}")
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id3))
 	// With config.json label=foobar and CLI label!=foobar, CLI label!=foobar supersede
 	out, _ = dockerCmd(c, "--config", d, "volume", "prune", "--force", "--filter", "label!=foobar")
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
 	out, _ = dockerCmd(c, "volume", "ls", "--format", "{{.Name}}")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
 }
 
-func (s *DockerSuite) TestPruneNetworkLabel(c *check.C) {
+func (s *DockerSuite) TestPruneNetworkLabel(c *testing.T) {
 	dockerCmd(c, "network", "create", "--label", "foo", "n1")
 	dockerCmd(c, "network", "create", "--label", "bar", "n2")
 	dockerCmd(c, "network", "create", "n3")
 
 	out, _ := dockerCmd(c, "network", "prune", "--force", "--filter", "label=foo")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "n1")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n2")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n3")
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "n1"))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), "n2"))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), "n3"))
 	out, _ = dockerCmd(c, "network", "prune", "--force", "--filter", "label!=bar")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n1")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n2")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "n3")
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), "n1"))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), "n2"))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "n3"))
 	out, _ = dockerCmd(c, "network", "prune", "--force")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n1")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "n2")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n3")
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), "n1"))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "n2"))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), "n3"))
 }
 
-func (s *DockerDaemonSuite) TestPruneImageLabel(c *check.C) {
+func (s *DockerDaemonSuite) TestPruneImageLabel(c *testing.T) {
 	s.d.StartWithBusybox(c)
 
 	result := cli.BuildCmd(c, "test1", cli.Daemon(s.d),
@@ -278,9 +262,8 @@ func (s *DockerDaemonSuite) TestPruneImageLabel(c *check.C) {
 	result.Assert(c, icmd.Success)
 	id1 := strings.TrimSpace(result.Combined())
 	out, err := s.d.Cmd("images", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id1))
 	result = cli.BuildCmd(c, "test2", cli.Daemon(s.d),
 		build.WithDockerfile(`FROM busybox
                  LABEL bar=foo`),
@@ -289,21 +272,18 @@ func (s *DockerDaemonSuite) TestPruneImageLabel(c *check.C) {
 	result.Assert(c, icmd.Success)
 	id2 := strings.TrimSpace(result.Combined())
 	out, err = s.d.Cmd("images", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
 	out, err = s.d.Cmd("image", "prune", "--force", "--all", "--filter", "label=foo=bar")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
 	out, err = s.d.Cmd("image", "prune", "--force", "--all", "--filter", "label!=bar=foo")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
-
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id2))
 	out, err = s.d.Cmd("image", "prune", "--force", "--all", "--filter", "label=bar=foo")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
 }
diff --git a/integration-cli/docker_cli_ps_test.go b/integration-cli/docker_cli_ps_test.go
index 824ca683ba5cc..fe625263bc593 100644
--- a/integration-cli/docker_cli_ps_test.go
+++ b/integration-cli/docker_cli_ps_test.go
@@ -5,18 +5,20 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/skip"
 )
 
-func (s *DockerSuite) TestPsListContainersBase(c *check.C) {
+func (s *DockerSuite) TestPsListContainersBase(c *testing.T) {
 	existingContainers := ExistingContainerIDs(c)
 
 	out := runSleepingContainer(c, "-d")
@@ -33,89 +35,89 @@ func (s *DockerSuite) TestPsListContainersBase(c *check.C) {
 	fourthID := strings.TrimSpace(out)
 
 	// make sure the second is running
-	c.Assert(waitRun(secondID), checker.IsNil)
+	assert.Assert(c, waitRun(secondID) == nil)
 
 	// make sure third one is not running
 	dockerCmd(c, "wait", thirdID)
 
 	// make sure the forth is running
-	c.Assert(waitRun(fourthID), checker.IsNil)
+	assert.Assert(c, waitRun(fourthID) == nil)
 
 	// all
 	out, _ = dockerCmd(c, "ps", "-a")
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), []string{fourthID, thirdID, secondID, firstID}), checker.Equals, true, check.Commentf("ALL: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), []string{fourthID, thirdID, secondID, firstID}), true, fmt.Sprintf("ALL: Container list is not in the correct order: \n%s", out))
 
 	// running
 	out, _ = dockerCmd(c, "ps")
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), []string{fourthID, secondID, firstID}), checker.Equals, true, check.Commentf("RUNNING: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), []string{fourthID, secondID, firstID}), true, fmt.Sprintf("RUNNING: Container list is not in the correct order: \n%s", out))
 
 	// limit
 	out, _ = dockerCmd(c, "ps", "-n=2", "-a")
 	expected := []string{fourthID, thirdID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("LIMIT & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-n=2")
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("LIMIT: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("LIMIT: Container list is not in the correct order: \n%s", out))
 
 	// filter since
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-a")
 	expected = []string{fourthID, thirdID, secondID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter & ALL: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID)
 	expected = []string{fourthID, secondID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+thirdID)
 	expected = []string{fourthID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter: Container list is not in the correct order: \n%s", out))
 
 	// filter before
 	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-a")
 	expected = []string{thirdID, secondID, firstID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID)
 	expected = []string{secondID, firstID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("BEFORE filter: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("BEFORE filter: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "before="+thirdID)
 	expected = []string{secondID, firstID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter: Container list is not in the correct order: \n%s", out))
 
 	// filter since & before
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-a")
 	expected = []string{thirdID, secondID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter, BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID)
 	expected = []string{secondID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter, BEFORE filter: Container list is not in the correct order: \n%s", out))
 
 	// filter since & limit
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-n=2", "-a")
 	expected = []string{fourthID, thirdID}
 
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-n=2")
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter, LIMIT: Container list is not in the correct order: \n%s", out))
 
 	// filter before & limit
 	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-n=1", "-a")
 	expected = []string{thirdID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-n=1")
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
 
 	// filter since & filter before & limit
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-n=1", "-a")
 	expected = []string{thirdID}
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter, BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-n=1")
-	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+	assert.Equal(c, assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), true, fmt.Sprintf("SINCE filter, BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
 
 }
 
@@ -137,7 +139,7 @@ func assertContainerList(out string, expected []string) bool {
 	return true
 }
 
-func (s *DockerSuite) TestPsListContainersSize(c *check.C) {
+func (s *DockerSuite) TestPsListContainersSize(c *testing.T) {
 	// Problematic on Windows as it doesn't report the size correctly @swernli
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "busybox")
@@ -147,7 +149,7 @@ func (s *DockerSuite) TestPsListContainersSize(c *check.C) {
 	baseSizeIndex := strings.Index(baseLines[0], "SIZE")
 	baseFoundsize := baseLines[1][baseSizeIndex:]
 	baseBytes, err := strconv.Atoi(strings.Split(baseFoundsize, "B")[0])
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	name := "test_size"
 	dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo 1 > test")
@@ -167,17 +169,17 @@ func (s *DockerSuite) TestPsListContainersSize(c *check.C) {
 	}
 	result.Assert(c, icmd.Success)
 	lines := strings.Split(strings.Trim(result.Combined(), "\n "), "\n")
-	c.Assert(lines, checker.HasLen, 2, check.Commentf("Expected 2 lines for 'ps -s -n=1' output, got %d", len(lines)))
+	assert.Equal(c, len(lines), 2, "Expected 2 lines for 'ps -s -n=1' output, got %d", len(lines))
 	sizeIndex := strings.Index(lines[0], "SIZE")
 	idIndex := strings.Index(lines[0], "CONTAINER ID")
 	foundID := lines[1][idIndex : idIndex+12]
-	c.Assert(foundID, checker.Equals, id[:12], check.Commentf("Expected id %s, got %s", id[:12], foundID))
+	assert.Equal(c, foundID, id[:12], fmt.Sprintf("Expected id %s, got %s", id[:12], foundID))
 	expectedSize := fmt.Sprintf("%dB", 2+baseBytes)
 	foundSize := lines[1][sizeIndex:]
-	c.Assert(foundSize, checker.Contains, expectedSize, check.Commentf("Expected size %q, got %q", expectedSize, foundSize))
+	assert.Assert(c, strings.Contains(foundSize, expectedSize), "Expected size %q, got %q", expectedSize, foundSize)
 }
 
-func (s *DockerSuite) TestPsListContainersFilterStatus(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterStatus(c *testing.T) {
 	existingContainers := ExistingContainerIDs(c)
 
 	// start exited container
@@ -194,11 +196,11 @@ func (s *DockerSuite) TestPsListContainersFilterStatus(c *check.C) {
 	// filter containers by exited
 	out = cli.DockerCmd(c, "ps", "--no-trunc", "-q", "--filter=status=exited").Combined()
 	containerOut := strings.TrimSpace(out)
-	c.Assert(RemoveOutputForExistingElements(containerOut, existingContainers), checker.Equals, firstID)
+	assert.Equal(c, RemoveOutputForExistingElements(containerOut, existingContainers), firstID)
 
 	out = cli.DockerCmd(c, "ps", "-a", "--no-trunc", "-q", "--filter=status=running").Combined()
 	containerOut = strings.TrimSpace(out)
-	c.Assert(RemoveOutputForExistingElements(containerOut, existingContainers), checker.Equals, secondID)
+	assert.Equal(c, RemoveOutputForExistingElements(containerOut, existingContainers), secondID)
 
 	result := cli.Docker(cli.Args("ps", "-a", "-q", "--filter=status=rubbish"), cli.WithTimeout(time.Second*60))
 	err := "Invalid filter 'status=rubbish'"
@@ -220,11 +222,12 @@ func (s *DockerSuite) TestPsListContainersFilterStatus(c *check.C) {
 
 		out = cli.DockerCmd(c, "ps", "--no-trunc", "-q", "--filter=status=paused").Combined()
 		containerOut = strings.TrimSpace(out)
-		c.Assert(RemoveOutputForExistingElements(containerOut, existingContainers), checker.Equals, pausedID)
+		assert.Equal(c, RemoveOutputForExistingElements(containerOut, existingContainers), pausedID)
 	}
 }
 
-func (s *DockerSuite) TestPsListContainersFilterHealth(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterHealth(c *testing.T) {
+	skip.If(c, RuntimeIsWindowsContainerd(), "FIXME. Hang on Windows + containerd combination")
 	existingContainers := ExistingContainerIDs(c)
 	// Test legacy no health check
 	out := runSleepingContainer(c, "--name=none_legacy")
@@ -234,7 +237,7 @@ func (s *DockerSuite) TestPsListContainersFilterHealth(c *check.C) {
 
 	out = cli.DockerCmd(c, "ps", "-q", "-l", "--no-trunc", "--filter=health=none").Combined()
 	containerOut := strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected id %s, got %s for legacy none filter, output: %q", containerID, containerOut, out))
+	assert.Equal(c, containerOut, containerID, fmt.Sprintf("Expected id %s, got %s for legacy none filter, output: %q", containerID, containerOut, out))
 
 	// Test no health check specified explicitly
 	out = runSleepingContainer(c, "--name=none", "--no-healthcheck")
@@ -244,7 +247,7 @@ func (s *DockerSuite) TestPsListContainersFilterHealth(c *check.C) {
 
 	out = cli.DockerCmd(c, "ps", "-q", "-l", "--no-trunc", "--filter=health=none").Combined()
 	containerOut = strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected id %s, got %s for none filter, output: %q", containerID, containerOut, out))
+	assert.Equal(c, containerOut, containerID, fmt.Sprintf("Expected id %s, got %s for none filter, output: %q", containerID, containerOut, out))
 
 	// Test failing health check
 	out = runSleepingContainer(c, "--name=failing_container", "--health-cmd=exit 1", "--health-interval=1s")
@@ -254,7 +257,7 @@ func (s *DockerSuite) TestPsListContainersFilterHealth(c *check.C) {
 
 	out = cli.DockerCmd(c, "ps", "-q", "--no-trunc", "--filter=health=unhealthy").Combined()
 	containerOut = strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected containerID %s, got %s for unhealthy filter, output: %q", containerID, containerOut, out))
+	assert.Equal(c, containerOut, containerID, fmt.Sprintf("Expected containerID %s, got %s for unhealthy filter, output: %q", containerID, containerOut, out))
 
 	// Check passing healthcheck
 	out = runSleepingContainer(c, "--name=passing_container", "--health-cmd=exit 0", "--health-interval=1s")
@@ -264,10 +267,10 @@ func (s *DockerSuite) TestPsListContainersFilterHealth(c *check.C) {
 
 	out = cli.DockerCmd(c, "ps", "-q", "--no-trunc", "--filter=health=healthy").Combined()
 	containerOut = strings.TrimSpace(RemoveOutputForExistingElements(out, existingContainers))
-	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected containerID %s, got %s for healthy filter, output: %q", containerID, containerOut, out))
+	assert.Equal(c, containerOut, containerID, fmt.Sprintf("Expected containerID %s, got %s for healthy filter, output: %q", containerID, containerOut, out))
 }
 
-func (s *DockerSuite) TestPsListContainersFilterID(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterID(c *testing.T) {
 	// start container
 	out, _ := dockerCmd(c, "run", "-d", "busybox")
 	firstID := strings.TrimSpace(out)
@@ -278,10 +281,10 @@ func (s *DockerSuite) TestPsListContainersFilterID(c *check.C) {
 	// filter containers by id
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--filter=id="+firstID)
 	containerOut := strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, firstID[:12], check.Commentf("Expected id %s, got %s for exited filter, output: %q", firstID[:12], containerOut, out))
+	assert.Equal(c, containerOut, firstID[:12], fmt.Sprintf("Expected id %s, got %s for exited filter, output: %q", firstID[:12], containerOut, out))
 }
 
-func (s *DockerSuite) TestPsListContainersFilterName(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterName(c *testing.T) {
 	// start container
 	dockerCmd(c, "run", "--name=a_name_to_match", "busybox")
 	id := getIDByName(c, "a_name_to_match")
@@ -292,7 +295,7 @@ func (s *DockerSuite) TestPsListContainersFilterName(c *check.C) {
 	// filter containers by name
 	out, _ := dockerCmd(c, "ps", "-a", "-q", "--filter=name=a_name_to_match")
 	containerOut := strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, id[:12], check.Commentf("Expected id %s, got %s for exited filter, output: %q", id[:12], containerOut, out))
+	assert.Equal(c, containerOut, id[:12], fmt.Sprintf("Expected id %s, got %s for exited filter, output: %q", id[:12], containerOut, out))
 }
 
 // Test for the ancestor filter for ps.
@@ -303,7 +306,7 @@ func (s *DockerSuite) TestPsListContainersFilterName(c *check.C) {
 // - Create an image based on the previous image (images_ps_filter_test2)
 // - Run containers for each of those image (busybox, images_ps_filter_test1, images_ps_filter_test2)
 // - Filter them out :P
-func (s *DockerSuite) TestPsListContainersFilterAncestorImage(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterAncestorImage(c *testing.T) {
 	existingContainers := ExistingContainerIDs(c)
 
 	// Build images
@@ -376,7 +379,7 @@ func (s *DockerSuite) TestPsListContainersFilterAncestorImage(c *check.C) {
 	checkPsAncestorFilterOutput(c, RemoveOutputForExistingElements(out, existingContainers), imageName2+","+imageName1Tagged, []string{fourthID, fifthID})
 }
 
-func checkPsAncestorFilterOutput(c *check.C, out string, filterName string, expectedIDs []string) {
+func checkPsAncestorFilterOutput(c *testing.T, out string, filterName string, expectedIDs []string) {
 	var actualIDs []string
 	if out != "" {
 		actualIDs = strings.Split(out[:len(out)-1], "\n")
@@ -384,7 +387,7 @@ func checkPsAncestorFilterOutput(c *check.C, out string, filterName string, expe
 	sort.Strings(actualIDs)
 	sort.Strings(expectedIDs)
 
-	c.Assert(actualIDs, checker.HasLen, len(expectedIDs), check.Commentf("Expected filtered container(s) for %s ancestor filter to be %v:%v, got %v:%v", filterName, len(expectedIDs), expectedIDs, len(actualIDs), actualIDs))
+	assert.Equal(c, len(actualIDs), len(expectedIDs), fmt.Sprintf("Expected filtered container(s) for %s ancestor filter to be %v:%v, got %v:%v", filterName, len(expectedIDs), expectedIDs, len(actualIDs), actualIDs))
 	if len(expectedIDs) > 0 {
 		same := true
 		for i := range expectedIDs {
@@ -394,11 +397,11 @@ func checkPsAncestorFilterOutput(c *check.C, out string, filterName string, expe
 				break
 			}
 		}
-		c.Assert(same, checker.Equals, true, check.Commentf("Expected filtered container(s) for %s ancestor filter to be %v, got %v", filterName, expectedIDs, actualIDs))
+		assert.Equal(c, same, true, fmt.Sprintf("Expected filtered container(s) for %s ancestor filter to be %v, got %v", filterName, expectedIDs, actualIDs))
 	}
 }
 
-func (s *DockerSuite) TestPsListContainersFilterLabel(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterLabel(c *testing.T) {
 	// start container
 	dockerCmd(c, "run", "--name=first", "-l", "match=me", "-l", "second=tag", "busybox")
 	firstID := getIDByName(c, "first")
@@ -414,60 +417,58 @@ func (s *DockerSuite) TestPsListContainersFilterLabel(c *check.C) {
 	// filter containers by exact match
 	out, _ := dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match=me")
 	containerOut := strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, firstID, check.Commentf("Expected id %s, got %s for exited filter, output: %q", firstID, containerOut, out))
+	assert.Equal(c, containerOut, firstID, fmt.Sprintf("Expected id %s, got %s for exited filter, output: %q", firstID, containerOut, out))
 
 	// filter containers by two labels
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match=me", "--filter=label=second=tag")
 	containerOut = strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, firstID, check.Commentf("Expected id %s, got %s for exited filter, output: %q", firstID, containerOut, out))
+	assert.Equal(c, containerOut, firstID, fmt.Sprintf("Expected id %s, got %s for exited filter, output: %q", firstID, containerOut, out))
 
 	// filter containers by two labels, but expect not found because of AND behavior
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match=me", "--filter=label=second=tag-no")
 	containerOut = strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, "", check.Commentf("Expected nothing, got %s for exited filter, output: %q", containerOut, out))
+	assert.Equal(c, containerOut, "", fmt.Sprintf("Expected nothing, got %s for exited filter, output: %q", containerOut, out))
 
 	// filter containers by exact key
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match")
 	containerOut = strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Contains, firstID)
-	c.Assert(containerOut, checker.Contains, secondID)
-	c.Assert(containerOut, checker.Not(checker.Contains), thirdID)
+	assert.Assert(c, strings.Contains(containerOut, firstID))
+	assert.Assert(c, strings.Contains(containerOut, secondID))
+	assert.Assert(c, !strings.Contains(containerOut, thirdID))
 }
 
-func (s *DockerSuite) TestPsListContainersFilterExited(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterExited(c *testing.T) {
+	// TODO Flaky on  Windows CI [both RS1 and RS5]
+	// On slower machines the container may not have exited
+	// yet when we filter below by exit status/exit value.
+	skip.If(c, DaemonIsWindows(), "FLAKY on Windows, see #20819")
 	runSleepingContainer(c, "--name=sleep")
 
-	dockerCmd(c, "run", "--name", "zero1", "busybox", "true")
-	firstZero := getIDByName(c, "zero1")
-
-	dockerCmd(c, "run", "--name", "zero2", "busybox", "true")
-	secondZero := getIDByName(c, "zero2")
+	firstZero, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+	secondZero, _ := dockerCmd(c, "run", "-d", "busybox", "true")
 
 	out, _, err := dockerCmdWithError("run", "--name", "nonzero1", "busybox", "false")
-	c.Assert(err, checker.NotNil, check.Commentf("Should fail.", out, err))
-
+	assert.Assert(c, err != nil, "Should fail. out: %s", out)
 	firstNonZero := getIDByName(c, "nonzero1")
 
 	out, _, err = dockerCmdWithError("run", "--name", "nonzero2", "busybox", "false")
-	c.Assert(err, checker.NotNil, check.Commentf("Should fail.", out, err))
+	assert.Assert(c, err != nil, "Should fail. out: %s", out)
 	secondNonZero := getIDByName(c, "nonzero2")
 
 	// filter containers by exited=0
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=exited=0")
-	ids := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(ids, checker.HasLen, 2, check.Commentf("Should be 2 zero exited containers got %d: %s", len(ids), out))
-	c.Assert(ids[0], checker.Equals, secondZero, check.Commentf("First in list should be %q, got %q", secondZero, ids[0]))
-	c.Assert(ids[1], checker.Equals, firstZero, check.Commentf("Second in list should be %q, got %q", firstZero, ids[1]))
-
+	assert.Assert(c, strings.Contains(out, strings.TrimSpace(firstZero)))
+	assert.Assert(c, strings.Contains(out, strings.TrimSpace(secondZero)))
+	assert.Assert(c, !strings.Contains(out, strings.TrimSpace(firstNonZero)))
+	assert.Assert(c, !strings.Contains(out, strings.TrimSpace(secondNonZero)))
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=exited=1")
-	ids = strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(ids, checker.HasLen, 2, check.Commentf("Should be 2 zero exited containers got %d", len(ids)))
-	c.Assert(ids[0], checker.Equals, secondNonZero, check.Commentf("First in list should be %q, got %q", secondNonZero, ids[0]))
-	c.Assert(ids[1], checker.Equals, firstNonZero, check.Commentf("Second in list should be %q, got %q", firstNonZero, ids[1]))
-
+	assert.Assert(c, strings.Contains(out, strings.TrimSpace(firstNonZero)))
+	assert.Assert(c, strings.Contains(out, strings.TrimSpace(secondNonZero)))
+	assert.Assert(c, !strings.Contains(out, strings.TrimSpace(firstZero)))
+	assert.Assert(c, !strings.Contains(out, strings.TrimSpace(secondZero)))
 }
 
-func (s *DockerSuite) TestPsRightTagName(c *check.C) {
+func (s *DockerSuite) TestPsRightTagName(c *testing.T) {
 	// TODO Investigate further why this fails on Windows to Windows CI
 	testRequires(c, DaemonIsLinux)
 
@@ -478,42 +479,42 @@ func (s *DockerSuite) TestPsRightTagName(c *check.C) {
 
 	var id1 string
 	out := runSleepingContainer(c)
-	id1 = strings.TrimSpace(string(out))
+	id1 = strings.TrimSpace(out)
 
 	var id2 string
 	out = runSleepingContainerInImage(c, tag)
-	id2 = strings.TrimSpace(string(out))
+	id2 = strings.TrimSpace(out)
 
 	var imageID string
 	out = inspectField(c, "busybox", "Id")
-	imageID = strings.TrimSpace(string(out))
+	imageID = strings.TrimSpace(out)
 
 	var id3 string
 	out = runSleepingContainerInImage(c, imageID)
-	id3 = strings.TrimSpace(string(out))
+	id3 = strings.TrimSpace(out)
 
 	out, _ = dockerCmd(c, "ps", "--no-trunc")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines := strings.Split(strings.TrimSpace(out), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	// skip header
 	lines = lines[1:]
-	c.Assert(lines, checker.HasLen, 3, check.Commentf("There should be 3 running container, got %d", len(lines)))
+	assert.Equal(c, len(lines), 3, "There should be 3 running container, got %d", len(lines))
 	for _, line := range lines {
 		f := strings.Fields(line)
 		switch f[0] {
 		case id1:
-			c.Assert(f[1], checker.Equals, "busybox", check.Commentf("Expected %s tag for id %s, got %s", "busybox", id1, f[1]))
+			assert.Equal(c, f[1], "busybox", fmt.Sprintf("Expected %s tag for id %s, got %s", "busybox", id1, f[1]))
 		case id2:
-			c.Assert(f[1], checker.Equals, tag, check.Commentf("Expected %s tag for id %s, got %s", tag, id2, f[1]))
+			assert.Equal(c, f[1], tag, fmt.Sprintf("Expected %s tag for id %s, got %s", tag, id2, f[1]))
 		case id3:
-			c.Assert(f[1], checker.Equals, imageID, check.Commentf("Expected %s imageID for id %s, got %s", tag, id3, f[1]))
+			assert.Equal(c, f[1], imageID, fmt.Sprintf("Expected %s imageID for id %s, got %s", tag, id3, f[1]))
 		default:
 			c.Fatalf("Unexpected id %s, expected %s and %s and %s", f[0], id1, id2, id3)
 		}
 	}
 }
 
-func (s *DockerSuite) TestPsListContainersFilterCreated(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterCreated(c *testing.T) {
 	// create a container
 	out, _ := dockerCmd(c, "create", "busybox")
 	cID := strings.TrimSpace(out)
@@ -521,8 +522,7 @@ func (s *DockerSuite) TestPsListContainersFilterCreated(c *check.C) {
 
 	// Make sure it DOESN'T show up w/o a '-a' for normal 'ps'
 	out, _ = dockerCmd(c, "ps", "-q")
-	c.Assert(out, checker.Not(checker.Contains), shortCID, check.Commentf("Should have not seen '%s' in ps output:\n%s", shortCID, out))
-
+	assert.Assert(c, !strings.Contains(out, shortCID), "Should have not seen '%s' in ps output:\n%s", shortCID, out)
 	// Make sure it DOES show up as 'Created' for 'ps -a'
 	out, _ = dockerCmd(c, "ps", "-a")
 
@@ -532,19 +532,19 @@ func (s *DockerSuite) TestPsListContainersFilterCreated(c *check.C) {
 			continue
 		}
 		hits++
-		c.Assert(line, checker.Contains, "Created", check.Commentf("Missing 'Created' on '%s'", line))
+		assert.Assert(c, strings.Contains(line, "Created"), "Missing 'Created' on '%s'", line)
 	}
 
-	c.Assert(hits, checker.Equals, 1, check.Commentf("Should have seen '%s' in ps -a output once:%d\n%s", shortCID, hits, out))
+	assert.Equal(c, hits, 1, fmt.Sprintf("Should have seen '%s' in ps -a output once:%d\n%s", shortCID, hits, out))
 
 	// filter containers by 'create' - note, no -a needed
 	out, _ = dockerCmd(c, "ps", "-q", "-f", "status=created")
 	containerOut := strings.TrimSpace(out)
-	c.Assert(cID, checker.HasPrefix, containerOut)
+	assert.Assert(c, strings.HasPrefix(cID, containerOut))
 }
 
 // Test for GitHub issue #12595
-func (s *DockerSuite) TestPsImageIDAfterUpdate(c *check.C) {
+func (s *DockerSuite) TestPsImageIDAfterUpdate(c *testing.T) {
 	// TODO: Investigate why this fails on Windows to Windows CI further.
 	testRequires(c, DaemonIsLinux)
 	originalImageName := "busybox:TestPsImageIDAfterUpdate-original"
@@ -563,15 +563,15 @@ func (s *DockerSuite) TestPsImageIDAfterUpdate(c *check.C) {
 	result = icmd.RunCommand(dockerBinary, "ps", "--no-trunc")
 	result.Assert(c, icmd.Success)
 
-	lines := strings.Split(strings.TrimSpace(string(result.Combined())), "\n")
+	lines := strings.Split(strings.TrimSpace(result.Combined()), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	// skip header
 	lines = lines[1:]
-	c.Assert(len(lines), checker.Equals, 1)
+	assert.Equal(c, len(lines), 1)
 
 	for _, line := range lines {
 		f := strings.Fields(line)
-		c.Assert(f[1], checker.Equals, originalImageName)
+		assert.Equal(c, f[1], originalImageName)
 	}
 
 	icmd.RunCommand(dockerBinary, "commit", containerID, updatedImageName).Assert(c, icmd.Success)
@@ -580,38 +580,34 @@ func (s *DockerSuite) TestPsImageIDAfterUpdate(c *check.C) {
 	result = icmd.RunCommand(dockerBinary, "ps", "--no-trunc")
 	result.Assert(c, icmd.Success)
 
-	lines = strings.Split(strings.TrimSpace(string(result.Combined())), "\n")
+	lines = strings.Split(strings.TrimSpace(result.Combined()), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	// skip header
 	lines = lines[1:]
-	c.Assert(len(lines), checker.Equals, 1)
+	assert.Equal(c, len(lines), 1)
 
 	for _, line := range lines {
 		f := strings.Fields(line)
-		c.Assert(f[1], checker.Equals, originalImageID)
+		assert.Equal(c, f[1], originalImageID)
 	}
 
 }
 
-func (s *DockerSuite) TestPsNotShowPortsOfStoppedContainer(c *check.C) {
+func (s *DockerSuite) TestPsNotShowPortsOfStoppedContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
-	dockerCmd(c, "run", "--name=foo", "-d", "-p", "5000:5000", "busybox", "top")
-	c.Assert(waitRun("foo"), checker.IsNil)
-	out, _ := dockerCmd(c, "ps")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
-	expected := "0.0.0.0:5000->5000/tcp"
-	fields := strings.Fields(lines[1])
-	c.Assert(fields[len(fields)-2], checker.Equals, expected, check.Commentf("Expected: %v, got: %v", expected, fields[len(fields)-2]))
+	dockerCmd(c, "run", "--name=foo", "-d", "-p", "6000:5000", "busybox", "top")
+	assert.Assert(c, waitRun("foo") == nil)
+	ports, _ := dockerCmd(c, "ps", "--format", "{{ .Ports }}", "--filter", "name=foo")
+	expected := ":6000->5000/tcp"
+	assert.Assert(c, is.Contains(ports, expected), "Expected: %v, got: %v", expected, ports)
 
 	dockerCmd(c, "kill", "foo")
 	dockerCmd(c, "wait", "foo")
-	out, _ = dockerCmd(c, "ps", "-l")
-	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
-	fields = strings.Fields(lines[1])
-	c.Assert(fields[len(fields)-2], checker.Not(checker.Equals), expected, check.Commentf("Should not got %v", expected))
+	ports, _ = dockerCmd(c, "ps", "--format", "{{ .Ports }}", "--filter", "name=foo")
+	assert.Equal(c, ports, "", "Should not got %v", expected)
 }
 
-func (s *DockerSuite) TestPsShowMounts(c *check.C) {
+func (s *DockerSuite) TestPsShowMounts(c *testing.T) {
 	existingContainers := ExistingContainerNames(c)
 
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
@@ -621,9 +617,9 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	dockerCmd(c, "volume", "create", "ps-volume-test")
 	// volume mount containers
 	runSleepingContainer(c, "--name=volume-test-1", "--volume", "ps-volume-test:"+mp)
-	c.Assert(waitRun("volume-test-1"), checker.IsNil)
+	assert.Assert(c, waitRun("volume-test-1") == nil)
 	runSleepingContainer(c, "--name=volume-test-2", "--volume", mp)
-	c.Assert(waitRun("volume-test-2"), checker.IsNil)
+	assert.Assert(c, waitRun("volume-test-2") == nil)
 	// bind mount container
 	var bindMountSource string
 	var bindMountDestination string
@@ -635,83 +631,83 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 		bindMountDestination = "/t"
 	}
 	runSleepingContainer(c, "--name=bind-mount-test", "-v", bindMountSource+":"+bindMountDestination)
-	c.Assert(waitRun("bind-mount-test"), checker.IsNil)
+	assert.Assert(c, waitRun("bind-mount-test") == nil)
 
 	out, _ := dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}")
 
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines := strings.Split(strings.TrimSpace(out), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
-	c.Assert(lines, checker.HasLen, 3)
+	assert.Equal(c, len(lines), 3)
 
 	fields := strings.Fields(lines[0])
-	c.Assert(fields, checker.HasLen, 2)
-	c.Assert(fields[0], checker.Equals, "bind-mount-test")
-	c.Assert(fields[1], checker.Equals, bindMountSource)
+	assert.Equal(c, len(fields), 2)
+	assert.Equal(c, fields[0], "bind-mount-test")
+	assert.Equal(c, fields[1], bindMountSource)
 
 	fields = strings.Fields(lines[1])
-	c.Assert(fields, checker.HasLen, 2)
+	assert.Equal(c, len(fields), 2)
 
 	anonymousVolumeID := fields[1]
 
 	fields = strings.Fields(lines[2])
-	c.Assert(fields[1], checker.Equals, "ps-volume-test")
+	assert.Equal(c, fields[1], "ps-volume-test")
 
 	// filter by volume name
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume=ps-volume-test")
 
-	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = strings.Split(strings.TrimSpace(out), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
-	c.Assert(lines, checker.HasLen, 1)
+	assert.Equal(c, len(lines), 1)
 
 	fields = strings.Fields(lines[0])
-	c.Assert(fields[1], checker.Equals, "ps-volume-test")
+	assert.Equal(c, fields[1], "ps-volume-test")
 
 	// empty results filtering by unknown volume
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume=this-volume-should-not-exist")
-	c.Assert(strings.TrimSpace(string(out)), checker.HasLen, 0)
+	assert.Equal(c, len(strings.TrimSpace(out)), 0)
 
 	// filter by mount destination
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+mp)
 
-	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = strings.Split(strings.TrimSpace(out), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
-	c.Assert(lines, checker.HasLen, 2)
+	assert.Equal(c, len(lines), 2)
 
 	fields = strings.Fields(lines[0])
-	c.Assert(fields[1], checker.Equals, anonymousVolumeID)
+	assert.Equal(c, fields[1], anonymousVolumeID)
 	fields = strings.Fields(lines[1])
-	c.Assert(fields[1], checker.Equals, "ps-volume-test")
+	assert.Equal(c, fields[1], "ps-volume-test")
 
 	// filter by bind mount source
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+bindMountSource)
 
-	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = strings.Split(strings.TrimSpace(out), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
-	c.Assert(lines, checker.HasLen, 1)
+	assert.Equal(c, len(lines), 1)
 
 	fields = strings.Fields(lines[0])
-	c.Assert(fields, checker.HasLen, 2)
-	c.Assert(fields[0], checker.Equals, "bind-mount-test")
-	c.Assert(fields[1], checker.Equals, bindMountSource)
+	assert.Equal(c, len(fields), 2)
+	assert.Equal(c, fields[0], "bind-mount-test")
+	assert.Equal(c, fields[1], bindMountSource)
 
 	// filter by bind mount destination
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+bindMountDestination)
 
-	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = strings.Split(strings.TrimSpace(out), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
-	c.Assert(lines, checker.HasLen, 1)
+	assert.Equal(c, len(lines), 1)
 
 	fields = strings.Fields(lines[0])
-	c.Assert(fields, checker.HasLen, 2)
-	c.Assert(fields[0], checker.Equals, "bind-mount-test")
-	c.Assert(fields[1], checker.Equals, bindMountSource)
+	assert.Equal(c, len(fields), 2)
+	assert.Equal(c, fields[0], "bind-mount-test")
+	assert.Equal(c, fields[1], bindMountSource)
 
 	// empty results filtering by unknown mount point
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+prefix+slash+"this-path-was-never-mounted")
-	c.Assert(strings.TrimSpace(string(out)), checker.HasLen, 0)
+	assert.Equal(c, len(strings.TrimSpace(out)), 0)
 }
 
-func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterNetwork(c *testing.T) {
 	existing := ExistingContainerIDs(c)
 
 	// TODO default network on Windows is not called "bridge", and creating a
@@ -724,18 +720,18 @@ func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
 
 	// Filter docker ps on non existing network
 	out, _ := dockerCmd(c, "ps", "--filter", "network=doesnotexist")
-	containerOut := strings.TrimSpace(string(out))
+	containerOut := strings.TrimSpace(out)
 	lines := strings.Split(containerOut, "\n")
 
 	// skip header
 	lines = lines[1:]
 
 	// ps output should have no containers
-	c.Assert(RemoveLinesForExistingElements(lines, existing), checker.HasLen, 0)
+	assert.Equal(c, len(RemoveLinesForExistingElements(lines, existing)), 0)
 
 	// Filter docker ps on network bridge
 	out, _ = dockerCmd(c, "ps", "--filter", "network=bridge")
-	containerOut = strings.TrimSpace(string(out))
+	containerOut = strings.TrimSpace(out)
 
 	lines = strings.Split(containerOut, "\n")
 
@@ -743,40 +739,38 @@ func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
 	lines = lines[1:]
 
 	// ps output should have only one container
-	c.Assert(RemoveLinesForExistingElements(lines, existing), checker.HasLen, 1)
+	assert.Equal(c, len(RemoveLinesForExistingElements(lines, existing)), 1)
 
 	// Making sure onbridgenetwork is on the output
-	c.Assert(containerOut, checker.Contains, "onbridgenetwork", check.Commentf("Missing the container on network\n"))
-
+	assert.Assert(c, strings.Contains(containerOut, "onbridgenetwork"), "Missing the container on network\n")
 	// Filter docker ps on networks bridge and none
 	out, _ = dockerCmd(c, "ps", "--filter", "network=bridge", "--filter", "network=none")
-	containerOut = strings.TrimSpace(string(out))
+	containerOut = strings.TrimSpace(out)
 
 	lines = strings.Split(containerOut, "\n")
 
 	// skip header
 	lines = lines[1:]
 
-	//ps output should have both the containers
-	c.Assert(RemoveLinesForExistingElements(lines, existing), checker.HasLen, 2)
+	// ps output should have both the containers
+	assert.Equal(c, len(RemoveLinesForExistingElements(lines, existing)), 2)
 
 	// Making sure onbridgenetwork and onnonenetwork is on the output
-	c.Assert(containerOut, checker.Contains, "onnonenetwork", check.Commentf("Missing the container on none network\n"))
-	c.Assert(containerOut, checker.Contains, "onbridgenetwork", check.Commentf("Missing the container on bridge network\n"))
-
+	assert.Assert(c, strings.Contains(containerOut, "onnonenetwork"), "Missing the container on none network\n")
+	assert.Assert(c, strings.Contains(containerOut, "onbridgenetwork"), "Missing the container on bridge network\n")
 	nwID, _ := dockerCmd(c, "network", "inspect", "--format", "{{.ID}}", "bridge")
 
 	// Filter by network ID
 	out, _ = dockerCmd(c, "ps", "--filter", "network="+nwID)
-	containerOut = strings.TrimSpace(string(out))
+	containerOut = strings.TrimSpace(out)
 
-	c.Assert(containerOut, checker.Contains, "onbridgenetwork")
+	assert.Assert(c, is.Contains(containerOut, "onbridgenetwork"))
 
 	// Filter by partial network ID
-	partialnwID := string(nwID[0:4])
+	partialnwID := nwID[0:4]
 
 	out, _ = dockerCmd(c, "ps", "--filter", "network="+partialnwID)
-	containerOut = strings.TrimSpace(string(out))
+	containerOut = strings.TrimSpace(out)
 
 	lines = strings.Split(containerOut, "\n")
 
@@ -784,14 +778,13 @@ func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
 	lines = lines[1:]
 
 	// ps output should have only one container
-	c.Assert(RemoveLinesForExistingElements(lines, existing), checker.HasLen, 1)
+	assert.Equal(c, len(RemoveLinesForExistingElements(lines, existing)), 1)
 
 	// Making sure onbridgenetwork is on the output
-	c.Assert(containerOut, checker.Contains, "onbridgenetwork", check.Commentf("Missing the container on network\n"))
-
+	assert.Assert(c, strings.Contains(containerOut, "onbridgenetwork"), "Missing the container on network\n")
 }
 
-func (s *DockerSuite) TestPsByOrder(c *check.C) {
+func (s *DockerSuite) TestPsByOrder(c *testing.T) {
 	out := runSleepingContainer(c, "--name", "xyz-abc")
 	container1 := strings.TrimSpace(out)
 
@@ -803,14 +796,14 @@ func (s *DockerSuite) TestPsByOrder(c *check.C) {
 
 	// Run multiple time should have the same result
 	out = cli.DockerCmd(c, "ps", "--no-trunc", "-q", "-f", "name=xyz").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Equals, fmt.Sprintf("%s\n%s", container2, container1))
+	assert.Equal(c, strings.TrimSpace(out), fmt.Sprintf("%s\n%s", container2, container1))
 
 	// Run multiple time should have the same result
 	out = cli.DockerCmd(c, "ps", "--no-trunc", "-q", "-f", "name=xyz").Combined()
-	c.Assert(strings.TrimSpace(out), checker.Equals, fmt.Sprintf("%s\n%s", container2, container1))
+	assert.Equal(c, strings.TrimSpace(out), fmt.Sprintf("%s\n%s", container2, container1))
 }
 
-func (s *DockerSuite) TestPsListContainersFilterPorts(c *check.C) {
+func (s *DockerSuite) TestPsListContainersFilterPorts(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	existingContainers := ExistingContainerIDs(c)
 
@@ -820,33 +813,47 @@ func (s *DockerSuite) TestPsListContainersFilterPorts(c *check.C) {
 	out, _ = dockerCmd(c, "run", "-d", "--expose=8080", "busybox", "top")
 	id2 := strings.TrimSpace(out)
 
+	out, _ = dockerCmd(c, "run", "-d", "-p", "1090:90", "busybox", "top")
+	id3 := strings.TrimSpace(out)
+
 	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
-	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id1))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id2))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), id3))
 
 	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "publish=80-8080/udp")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id2)
+	assert.Assert(c, strings.TrimSpace(out) != id1)
+	assert.Assert(c, strings.TrimSpace(out) != id2)
+	assert.Assert(c, strings.TrimSpace(out) != id3)
 
 	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "expose=8081")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id2)
+	assert.Assert(c, strings.TrimSpace(out) != id1)
+	assert.Assert(c, strings.TrimSpace(out) != id2)
+	assert.Assert(c, strings.TrimSpace(out) != id3)
 
 	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "publish=80-81")
-	c.Assert(strings.TrimSpace(out), checker.Equals, id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id2)
+	assert.Assert(c, strings.TrimSpace(out) != id1)
+	assert.Assert(c, strings.TrimSpace(out) != id2)
+	assert.Assert(c, strings.TrimSpace(out) != id3)
 
 	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "expose=80/tcp")
-	c.Assert(strings.TrimSpace(out), checker.Equals, id1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id2)
+	assert.Equal(c, strings.TrimSpace(out), id1)
+	assert.Assert(c, strings.TrimSpace(out) != id2)
+	assert.Assert(c, strings.TrimSpace(out) != id3)
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "publish=1090")
+	assert.Assert(c, strings.TrimSpace(out) != id1)
+	assert.Assert(c, strings.TrimSpace(out) != id2)
+	assert.Equal(c, strings.TrimSpace(out), id3)
 
 	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "expose=8080/tcp")
 	out = RemoveOutputForExistingElements(out, existingContainers)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id1)
-	c.Assert(strings.TrimSpace(out), checker.Equals, id2)
+	assert.Assert(c, strings.TrimSpace(out) != id1)
+	assert.Equal(c, strings.TrimSpace(out), id2)
+	assert.Assert(c, strings.TrimSpace(out) != id3)
 }
 
-func (s *DockerSuite) TestPsNotShowLinknamesOfDeletedContainer(c *check.C) {
+func (s *DockerSuite) TestPsNotShowLinknamesOfDeletedContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux, MinimumAPIVersion("1.31"))
 	existingContainers := ExistingContainerNames(c)
 
@@ -854,16 +861,16 @@ func (s *DockerSuite) TestPsNotShowLinknamesOfDeletedContainer(c *check.C) {
 	dockerCmd(c, "create", "--name=bbb", "--link=aaa", "busybox", "top")
 
 	out, _ := dockerCmd(c, "ps", "--no-trunc", "-a", "--format", "{{.Names}}")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines := strings.Split(strings.TrimSpace(out), "\n")
 	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	expected := []string{"bbb", "aaa,bbb/aaa"}
 	var names []string
 	names = append(names, lines...)
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with non-truncated names: %v, got: %v", expected, names))
+	assert.Assert(c, is.DeepEqual(names, expected), "Expected array with non-truncated names: %v, got: %v", expected, names)
 
 	dockerCmd(c, "rm", "bbb")
 
 	out, _ = dockerCmd(c, "ps", "--no-trunc", "-a", "--format", "{{.Names}}")
 	out = RemoveOutputForExistingElements(out, existingContainers)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "aaa")
+	assert.Equal(c, strings.TrimSpace(out), "aaa")
 }
diff --git a/integration-cli/docker_cli_pull_local_test.go b/integration-cli/docker_cli_pull_local_test.go
index 33d4ae5e7c612..489ca504febc8 100644
--- a/integration-cli/docker_cli_pull_local_test.go
+++ b/integration-cli/docker_cli_pull_local_test.go
@@ -3,28 +3,27 @@ package main
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
 	"strings"
+	"testing"
 
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest"
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/schema2"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/icmd"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
 // testPullImageWithAliases pulls a specific image tag and verifies that any aliases (i.e., other
 // tags for the same image) are not also pulled down.
 //
 // Ref: docker/docker#8141
-func testPullImageWithAliases(c *check.C) {
+func testPullImageWithAliases(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
 	var repos []string
@@ -47,20 +46,20 @@ func testPullImageWithAliases(c *check.C) {
 	dockerCmd(c, "inspect", repos[0])
 	for _, repo := range repos[1:] {
 		_, _, err := dockerCmdWithError("inspect", repo)
-		c.Assert(err, checker.NotNil, check.Commentf("Image %v shouldn't have been pulled down", repo))
+		assert.ErrorContains(c, err, "", "Image %v shouldn't have been pulled down", repo)
 	}
 }
 
-func (s *DockerRegistrySuite) TestPullImageWithAliases(c *check.C) {
+func (s *DockerRegistrySuite) TestPullImageWithAliases(c *testing.T) {
 	testPullImageWithAliases(c)
 }
 
-func (s *DockerSchema1RegistrySuite) TestPullImageWithAliases(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestPullImageWithAliases(c *testing.T) {
 	testPullImageWithAliases(c)
 }
 
 // testConcurrentPullWholeRepo pulls the same repo concurrently.
-func testConcurrentPullWholeRepo(c *check.C) {
+func testConcurrentPullWholeRepo(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
 	var repos []string
@@ -82,8 +81,8 @@ func testConcurrentPullWholeRepo(c *check.C) {
 	dockerCmd(c, args...)
 
 	// Run multiple re-pulls concurrently
-	results := make(chan error)
 	numPulls := 3
+	results := make(chan error, numPulls)
 
 	for i := 0; i != numPulls; i++ {
 		go func() {
@@ -96,32 +95,32 @@ func testConcurrentPullWholeRepo(c *check.C) {
 	// package is not goroutine-safe.
 	for i := 0; i != numPulls; i++ {
 		err := <-results
-		c.Assert(err, checker.IsNil, check.Commentf("concurrent pull failed with error: %v", err))
+		assert.NilError(c, err, "concurrent pull failed with error: %v", err)
 	}
 
 	// Ensure all tags were pulled successfully
 	for _, repo := range repos {
 		dockerCmd(c, "inspect", repo)
 		out, _ := dockerCmd(c, "run", "--rm", repo)
-		c.Assert(strings.TrimSpace(out), checker.Equals, "/bin/sh -c echo "+repo)
+		assert.Equal(c, strings.TrimSpace(out), "/bin/sh -c echo "+repo)
 	}
 }
 
-func (s *DockerRegistrySuite) testConcurrentPullWholeRepo(c *check.C) {
+func (s *DockerRegistrySuite) TestConcurrentPullWholeRepo(c *testing.T) {
 	testConcurrentPullWholeRepo(c)
 }
 
-func (s *DockerSchema1RegistrySuite) testConcurrentPullWholeRepo(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestConcurrentPullWholeRepo(c *testing.T) {
 	testConcurrentPullWholeRepo(c)
 }
 
 // testConcurrentFailingPull tries a concurrent pull that doesn't succeed.
-func testConcurrentFailingPull(c *check.C) {
+func testConcurrentFailingPull(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
 	// Run multiple pulls concurrently
-	results := make(chan error)
 	numPulls := 3
+	results := make(chan error, numPulls)
 
 	for i := 0; i != numPulls; i++ {
 		go func() {
@@ -134,21 +133,21 @@ func testConcurrentFailingPull(c *check.C) {
 	// package is not goroutine-safe.
 	for i := 0; i != numPulls; i++ {
 		err := <-results
-		c.Assert(err, checker.NotNil, check.Commentf("expected pull to fail"))
+		assert.ErrorContains(c, err, "", "expected pull to fail")
 	}
 }
 
-func (s *DockerRegistrySuite) testConcurrentFailingPull(c *check.C) {
+func (s *DockerRegistrySuite) TestConcurrentFailingPull(c *testing.T) {
 	testConcurrentFailingPull(c)
 }
 
-func (s *DockerSchema1RegistrySuite) testConcurrentFailingPull(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestConcurrentFailingPull(c *testing.T) {
 	testConcurrentFailingPull(c)
 }
 
 // testConcurrentPullMultipleTags pulls multiple tags from the same repo
 // concurrently.
-func testConcurrentPullMultipleTags(c *check.C) {
+func testConcurrentPullMultipleTags(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
 	var repos []string
@@ -170,7 +169,7 @@ func testConcurrentPullMultipleTags(c *check.C) {
 	dockerCmd(c, args...)
 
 	// Re-pull individual tags, in parallel
-	results := make(chan error)
+	results := make(chan error, len(repos))
 
 	for _, repo := range repos {
 		go func(repo string) {
@@ -183,28 +182,28 @@ func testConcurrentPullMultipleTags(c *check.C) {
 	// package is not goroutine-safe.
 	for range repos {
 		err := <-results
-		c.Assert(err, checker.IsNil, check.Commentf("concurrent pull failed with error: %v", err))
+		assert.NilError(c, err, "concurrent pull failed with error: %v", err)
 	}
 
 	// Ensure all tags were pulled successfully
 	for _, repo := range repos {
 		dockerCmd(c, "inspect", repo)
 		out, _ := dockerCmd(c, "run", "--rm", repo)
-		c.Assert(strings.TrimSpace(out), checker.Equals, "/bin/sh -c echo "+repo)
+		assert.Equal(c, strings.TrimSpace(out), "/bin/sh -c echo "+repo)
 	}
 }
 
-func (s *DockerRegistrySuite) TestConcurrentPullMultipleTags(c *check.C) {
+func (s *DockerRegistrySuite) TestConcurrentPullMultipleTags(c *testing.T) {
 	testConcurrentPullMultipleTags(c)
 }
 
-func (s *DockerSchema1RegistrySuite) TestConcurrentPullMultipleTags(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestConcurrentPullMultipleTags(c *testing.T) {
 	testConcurrentPullMultipleTags(c)
 }
 
 // testPullIDStability verifies that pushing an image and pulling it back
 // preserves the image ID.
-func testPullIDStability(c *check.C) {
+func testPullIDStability(c *testing.T) {
 	derivedImage := privateRegistryURL + "/dockercli/id-stability"
 	baseImage := "busybox"
 
@@ -255,16 +254,16 @@ func testPullIDStability(c *check.C) {
 	}
 }
 
-func (s *DockerRegistrySuite) TestPullIDStability(c *check.C) {
+func (s *DockerRegistrySuite) TestPullIDStability(c *testing.T) {
 	testPullIDStability(c)
 }
 
-func (s *DockerSchema1RegistrySuite) TestPullIDStability(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestPullIDStability(c *testing.T) {
 	testPullIDStability(c)
 }
 
 // #21213
-func testPullNoLayers(c *check.C) {
+func testPullNoLayers(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/scratch", privateRegistryURL)
 
 	buildImageSuccessfully(c, repoName, build.WithDockerfile(`
@@ -275,18 +274,18 @@ func testPullNoLayers(c *check.C) {
 	dockerCmd(c, "pull", repoName)
 }
 
-func (s *DockerRegistrySuite) TestPullNoLayers(c *check.C) {
+func (s *DockerRegistrySuite) TestPullNoLayers(c *testing.T) {
 	testPullNoLayers(c)
 }
 
-func (s *DockerSchema1RegistrySuite) TestPullNoLayers(c *check.C) {
+func (s *DockerSchema1RegistrySuite) TestPullNoLayers(c *testing.T) {
 	testPullNoLayers(c)
 }
 
-func (s *DockerRegistrySuite) TestPullManifestList(c *check.C) {
+func (s *DockerRegistrySuite) TestPullManifestList(c *testing.T) {
 	testRequires(c, NotArm)
 	pushDigest, err := setupImage(c)
-	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	assert.NilError(c, err, "error setting up image")
 
 	// Inject a manifest list into the registry
 	manifestList := &manifestlist.ManifestList{
@@ -321,7 +320,7 @@ func (s *DockerRegistrySuite) TestPullManifestList(c *check.C) {
 	}
 
 	manifestListJSON, err := json.MarshalIndent(manifestList, "", "   ")
-	c.Assert(err, checker.IsNil, check.Commentf("error marshalling manifest list"))
+	assert.NilError(c, err, "error marshalling manifest list")
 
 	manifestListDigest := digest.FromBytes(manifestListJSON)
 	hexDigest := manifestListDigest.Hex()
@@ -331,34 +330,34 @@ func (s *DockerRegistrySuite) TestPullManifestList(c *check.C) {
 	// Write manifest list to blob store
 	blobDir := filepath.Join(registryV2Path, "blobs", "sha256", hexDigest[:2], hexDigest)
 	err = os.MkdirAll(blobDir, 0755)
-	c.Assert(err, checker.IsNil, check.Commentf("error creating blob dir"))
+	assert.NilError(c, err, "error creating blob dir")
 	blobPath := filepath.Join(blobDir, "data")
-	err = ioutil.WriteFile(blobPath, []byte(manifestListJSON), 0644)
-	c.Assert(err, checker.IsNil, check.Commentf("error writing manifest list"))
+	err = os.WriteFile(blobPath, manifestListJSON, 0644)
+	assert.NilError(c, err, "error writing manifest list")
 
 	// Add to revision store
 	revisionDir := filepath.Join(registryV2Path, "repositories", remoteRepoName, "_manifests", "revisions", "sha256", hexDigest)
 	err = os.Mkdir(revisionDir, 0755)
-	c.Assert(err, checker.IsNil, check.Commentf("error creating revision dir"))
+	assert.Assert(c, err == nil, "error creating revision dir")
 	revisionPath := filepath.Join(revisionDir, "link")
-	err = ioutil.WriteFile(revisionPath, []byte(manifestListDigest.String()), 0644)
-	c.Assert(err, checker.IsNil, check.Commentf("error writing revision link"))
+	err = os.WriteFile(revisionPath, []byte(manifestListDigest.String()), 0644)
+	assert.Assert(c, err == nil, "error writing revision link")
 
 	// Update tag
 	tagPath := filepath.Join(registryV2Path, "repositories", remoteRepoName, "_manifests", "tags", "latest", "current", "link")
-	err = ioutil.WriteFile(tagPath, []byte(manifestListDigest.String()), 0644)
-	c.Assert(err, checker.IsNil, check.Commentf("error writing tag link"))
+	err = os.WriteFile(tagPath, []byte(manifestListDigest.String()), 0644)
+	assert.NilError(c, err, "error writing tag link")
 
 	// Verify that the image can be pulled through the manifest list.
 	out, _ := dockerCmd(c, "pull", repoName)
 
 	// The pull output includes "Digest: <digest>", so find that
 	matches := digestRegex.FindStringSubmatch(out)
-	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	assert.Equal(c, len(matches), 2, fmt.Sprintf("unable to parse digest from pull output: %s", out))
 	pullDigest := matches[1]
 
 	// Make sure the pushed and pull digests match
-	c.Assert(manifestListDigest.String(), checker.Equals, pullDigest)
+	assert.Equal(c, manifestListDigest.String(), pullDigest)
 
 	// Was the image actually created?
 	dockerCmd(c, "inspect", repoName)
@@ -367,35 +366,34 @@ func (s *DockerRegistrySuite) TestPullManifestList(c *check.C) {
 }
 
 // #23100
-func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuthLoginWithScheme(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuthLoginWithScheme(c *testing.T) {
 	osPath := os.Getenv("PATH")
 	defer os.Setenv("PATH", osPath)
 
 	workingDir, err := os.Getwd()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
 
 	os.Setenv("PATH", testPath)
 
 	repoName := fmt.Sprintf("%v/dockercli/busybox:authtest", privateRegistryURL)
 
-	tmp, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	tmp, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 
 	externalAuthConfig := `{ "credsStore": "shell-test" }`
 
 	configPath := filepath.Join(tmp, "config.json")
-	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 
-	b, err := ioutil.ReadFile(configPath)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
-
+	b, err := os.ReadFile(configPath)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(string(b), "\"auth\":"))
 	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
 	dockerCmd(c, "--config", tmp, "push", repoName)
 
@@ -412,35 +410,34 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuthLoginWithSchem
 	dockerCmd(c, "--config", tmp, "logout", "https://"+privateRegistryURL)
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuth(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuth(c *testing.T) {
 	osPath := os.Getenv("PATH")
 	defer os.Setenv("PATH", osPath)
 
 	workingDir, err := os.Getwd()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
 
 	os.Setenv("PATH", testPath)
 
 	repoName := fmt.Sprintf("%v/dockercli/busybox:authtest", privateRegistryURL)
 
-	tmp, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	tmp, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 
 	externalAuthConfig := `{ "credsStore": "shell-test" }`
 
 	configPath := filepath.Join(tmp, "config.json")
-	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 
-	b, err := ioutil.ReadFile(configPath)
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
-
+	b, err := os.ReadFile(configPath)
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(string(b), "\"auth\":"))
 	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
 	dockerCmd(c, "--config", tmp, "push", repoName)
 
@@ -448,7 +445,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuth(c *check.C) {
 }
 
 // TestRunImplicitPullWithNoTag should pull implicitly only the default tag (latest)
-func (s *DockerRegistrySuite) TestRunImplicitPullWithNoTag(c *check.C) {
+func (s *DockerRegistrySuite) TestRunImplicitPullWithNoTag(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	repo := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 	repoTag1 := fmt.Sprintf("%v:latest", repo)
@@ -461,10 +458,9 @@ func (s *DockerRegistrySuite) TestRunImplicitPullWithNoTag(c *check.C) {
 	dockerCmd(c, "rmi", repoTag2)
 
 	out, _ := dockerCmd(c, "run", repo)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Unable to find image '%s:latest' locally", repo))
-
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("Unable to find image '%s:latest' locally", repo)))
 	// There should be only one line for repo, the one with repo:latest
 	outImageCmd, _ := dockerCmd(c, "images", repo)
 	splitOutImageCmd := strings.Split(strings.TrimSpace(outImageCmd), "\n")
-	c.Assert(splitOutImageCmd, checker.HasLen, 2)
+	assert.Equal(c, len(splitOutImageCmd), 2)
 }
diff --git a/integration-cli/docker_cli_pull_test.go b/integration-cli/docker_cli_pull_test.go
index 0e88b1e56f672..9606d7a9033e9 100644
--- a/integration-cli/docker_cli_pull_test.go
+++ b/integration-cli/docker_cli_pull_test.go
@@ -5,40 +5,42 @@ import (
 	"regexp"
 	"strings"
 	"sync"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // TestPullFromCentralRegistry pulls an image from the central registry and verifies that the client
 // prints all expected output.
-func (s *DockerHubPullSuite) TestPullFromCentralRegistry(c *check.C) {
+func (s *DockerHubPullSuite) TestPullFromCentralRegistry(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out := s.Cmd(c, "pull", "hello-world")
 	defer deleteImages("hello-world")
 
-	c.Assert(out, checker.Contains, "Using default tag: latest", check.Commentf("expected the 'latest' tag to be automatically assumed"))
-	c.Assert(out, checker.Contains, "Pulling from library/hello-world", check.Commentf("expected the 'library/' prefix to be automatically assumed"))
-	c.Assert(out, checker.Contains, "Downloaded newer image for hello-world:latest")
+	assert.Assert(c, strings.Contains(out, "Using default tag: latest"), "expected the 'latest' tag to be automatically assumed")
+	assert.Assert(c, strings.Contains(out, "Pulling from library/hello-world"), "expected the 'library/' prefix to be automatically assumed")
+	assert.Assert(c, strings.Contains(out, "Downloaded newer image for hello-world:latest"))
 
 	matches := regexp.MustCompile(`Digest: (.+)\n`).FindAllStringSubmatch(out, -1)
-	c.Assert(len(matches), checker.Equals, 1, check.Commentf("expected exactly one image digest in the output"))
-	c.Assert(len(matches[0]), checker.Equals, 2, check.Commentf("unexpected number of submatches for the digest"))
+	assert.Equal(c, len(matches), 1, "expected exactly one image digest in the output")
+	assert.Equal(c, len(matches[0]), 2, "unexpected number of submatches for the digest")
 	_, err := digest.Parse(matches[0][1])
-	c.Check(err, checker.IsNil, check.Commentf("invalid digest %q in output", matches[0][1]))
+	assert.NilError(c, err, "invalid digest %q in output", matches[0][1])
 
 	// We should have a single entry in images.
 	img := strings.TrimSpace(s.Cmd(c, "images"))
 	splitImg := strings.Split(img, "\n")
-	c.Assert(splitImg, checker.HasLen, 2)
-	c.Assert(splitImg[1], checker.Matches, `hello-world\s+latest.*?`, check.Commentf("invalid output for `docker images` (expected image and tag name"))
+	assert.Equal(c, len(splitImg), 2)
+	match, _ := regexp.MatchString(`hello-world\s+latest.*?`, splitImg[1])
+	assert.Assert(c, match, "invalid output for `docker images` (expected image and tag name)")
 }
 
 // TestPullNonExistingImage pulls non-existing images from the central registry, with different
 // combinations of implicit tag and library prefix.
-func (s *DockerHubPullSuite) TestPullNonExistingImage(c *check.C) {
+func (s *DockerHubPullSuite) TestPullNonExistingImage(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	type entry struct {
@@ -97,13 +99,13 @@ func (s *DockerHubPullSuite) TestPullNonExistingImage(c *check.C) {
 	// Process the results (out, err).
 	for record := range recordChan {
 		if len(record.option) == 0 {
-			c.Assert(record.err, checker.NotNil, check.Commentf("expected non-zero exit status when pulling non-existing image: %s", record.out))
-			c.Assert(record.out, checker.Contains, fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", record.e.repo), check.Commentf("expected image not found error messages"))
+			assert.ErrorContains(c, record.err, "", "expected non-zero exit status when pulling non-existing image: %s", record.out)
+			assert.Assert(c, strings.Contains(record.out, fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", record.e.repo)), "expected image not found error messages")
 		} else {
 			// pull -a on a nonexistent registry should fall back as well
-			c.Assert(record.err, checker.NotNil, check.Commentf("expected non-zero exit status when pulling non-existing image: %s", record.out))
-			c.Assert(record.out, checker.Contains, fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", record.e.repo), check.Commentf("expected image not found error messages"))
-			c.Assert(record.out, checker.Not(checker.Contains), "unauthorized", check.Commentf(`message should not contain "unauthorized"`))
+			assert.ErrorContains(c, record.err, "", "expected non-zero exit status when pulling non-existing image: %s", record.out)
+			assert.Assert(c, strings.Contains(record.out, fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", record.e.repo)), "expected image not found error messages")
+			assert.Assert(c, !strings.Contains(record.out, "unauthorized"), `message should not contain "unauthorized"`)
 		}
 	}
 
@@ -113,7 +115,7 @@ func (s *DockerHubPullSuite) TestPullNonExistingImage(c *check.C) {
 // that pulling the same image with different combinations of implicit elements of the image
 // reference (tag, repository, central registry url, ...) doesn't trigger a new pull nor leads to
 // multiple images.
-func (s *DockerHubPullSuite) TestPullFromCentralRegistryImplicitRefParts(c *check.C) {
+func (s *DockerHubPullSuite) TestPullFromCentralRegistryImplicitRefParts(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	// Pull hello-world from v2
@@ -168,7 +170,7 @@ func (s *DockerHubPullSuite) TestPullFromCentralRegistryImplicitRefParts(c *chec
 			s.Cmd(c, "rmi", ref)
 			s.Cmd(c, "tag", "hello-world-backup", "hello-world")
 		}
-		c.Assert(out, checker.Contains, "Image is up to date for hello-world:latest")
+		assert.Assert(c, strings.Contains(out, "Image is up to date for hello-world:latest"))
 	}
 
 	s.Cmd(c, "rmi", "hello-world-backup")
@@ -176,32 +178,33 @@ func (s *DockerHubPullSuite) TestPullFromCentralRegistryImplicitRefParts(c *chec
 	// We should have a single entry in images.
 	img := strings.TrimSpace(s.Cmd(c, "images"))
 	splitImg := strings.Split(img, "\n")
-	c.Assert(splitImg, checker.HasLen, 2)
-	c.Assert(splitImg[1], checker.Matches, `hello-world\s+latest.*?`, check.Commentf("invalid output for `docker images` (expected image and tag name"))
+	assert.Equal(c, len(splitImg), 2)
+	match, _ := regexp.MatchString(`hello-world\s+latest.*?`, splitImg[1])
+	assert.Assert(c, match, "invalid output for `docker images` (expected image and tag name)")
 }
 
 // TestPullScratchNotAllowed verifies that pulling 'scratch' is rejected.
-func (s *DockerHubPullSuite) TestPullScratchNotAllowed(c *check.C) {
+func (s *DockerHubPullSuite) TestPullScratchNotAllowed(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, err := s.CmdWithError("pull", "scratch")
-	c.Assert(err, checker.NotNil, check.Commentf("expected pull of scratch to fail"))
-	c.Assert(out, checker.Contains, "'scratch' is a reserved name")
-	c.Assert(out, checker.Not(checker.Contains), "Pulling repository scratch")
+	assert.ErrorContains(c, err, "", "expected pull of scratch to fail")
+	assert.Assert(c, strings.Contains(out, "'scratch' is a reserved name"))
+	assert.Assert(c, !strings.Contains(out, "Pulling repository scratch"))
 }
 
 // TestPullAllTagsFromCentralRegistry pulls using `all-tags` for a given image and verifies that it
 // results in more images than a naked pull.
-func (s *DockerHubPullSuite) TestPullAllTagsFromCentralRegistry(c *check.C) {
+func (s *DockerHubPullSuite) TestPullAllTagsFromCentralRegistry(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	s.Cmd(c, "pull", "dockercore/engine-pull-all-test-fixture")
 	outImageCmd := s.Cmd(c, "images", "dockercore/engine-pull-all-test-fixture")
 	splitOutImageCmd := strings.Split(strings.TrimSpace(outImageCmd), "\n")
-	c.Assert(splitOutImageCmd, checker.HasLen, 2)
+	assert.Equal(c, len(splitOutImageCmd), 2)
 
 	s.Cmd(c, "pull", "--all-tags=true", "dockercore/engine-pull-all-test-fixture")
 	outImageAllTagCmd := s.Cmd(c, "images", "dockercore/engine-pull-all-test-fixture")
 	linesCount := strings.Count(outImageAllTagCmd, "\n")
-	c.Assert(linesCount, checker.GreaterThan, 2, check.Commentf("pulling all tags should provide more than two images, got %s", outImageAllTagCmd))
+	assert.Assert(c, linesCount > 2, "pulling all tags should provide more than two images, got %s", outImageAllTagCmd)
 
 	// Verify that the line for 'dockercore/engine-pull-all-test-fixture:latest' is left unchanged.
 	var latestLine string
@@ -211,7 +214,7 @@ func (s *DockerHubPullSuite) TestPullAllTagsFromCentralRegistry(c *check.C) {
 			break
 		}
 	}
-	c.Assert(latestLine, checker.Not(checker.Equals), "", check.Commentf("no entry for dockercore/engine-pull-all-test-fixture:latest found after pulling all tags"))
+	assert.Assert(c, latestLine != "", "no entry for dockercore/engine-pull-all-test-fixture:latest found after pulling all tags")
 
 	splitLatest := strings.Fields(latestLine)
 	splitCurrent := strings.Fields(splitOutImageCmd[1])
@@ -228,47 +231,47 @@ func (s *DockerHubPullSuite) TestPullAllTagsFromCentralRegistry(c *check.C) {
 	splitCurrent[4] = ""
 	splitCurrent[5] = ""
 
-	c.Assert(splitLatest, checker.DeepEquals, splitCurrent, check.Commentf("dockercore/engine-pull-all-test-fixture:latest was changed after pulling all tags"))
+	assert.Assert(c, is.DeepEqual(splitLatest, splitCurrent), "dockercore/engine-pull-all-test-fixture:latest was changed after pulling all tags")
 }
 
 // TestPullClientDisconnect kills the client during a pull operation and verifies that the operation
 // gets cancelled.
 //
 // Ref: docker/docker#15589
-func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) {
+func (s *DockerHubPullSuite) TestPullClientDisconnect(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	repoName := "hello-world:latest"
 
 	pullCmd := s.MakeCmd("pull", repoName)
 	stdout, err := pullCmd.StdoutPipe()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	err = pullCmd.Start()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	go pullCmd.Wait()
 
 	// Cancel as soon as we get some output.
 	buf := make([]byte, 10)
 	_, err = stdout.Read(buf)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	err = pullCmd.Process.Kill()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	time.Sleep(2 * time.Second)
 	_, err = s.CmdWithError("inspect", repoName)
-	c.Assert(err, checker.NotNil, check.Commentf("image was pulled after client disconnected"))
+	assert.ErrorContains(c, err, "", "image was pulled after client disconnected")
 }
 
 // Regression test for https://github.com/docker/docker/issues/26429
-func (s *DockerSuite) TestPullLinuxImageFailsOnWindows(c *check.C) {
+func (s *DockerSuite) TestPullLinuxImageFailsOnWindows(c *testing.T) {
 	testRequires(c, DaemonIsWindows, Network)
 	_, _, err := dockerCmdWithError("pull", "ubuntu")
-	c.Assert(err.Error(), checker.Contains, "no matching manifest")
+	assert.ErrorContains(c, err, "no matching manifest for windows")
 }
 
 // Regression test for https://github.com/docker/docker/issues/28892
-func (s *DockerSuite) TestPullWindowsImageFailsOnLinux(c *check.C) {
+func (s *DockerSuite) TestPullWindowsImageFailsOnLinux(c *testing.T) {
 	testRequires(c, DaemonIsLinux, Network)
-	_, _, err := dockerCmdWithError("pull", "microsoft/nanoserver")
-	c.Assert(err.Error(), checker.Contains, "cannot be used on this platform")
+	_, _, err := dockerCmdWithError("pull", "mcr.microsoft.com/windows/servercore:ltsc2019")
+	assert.ErrorContains(c, err, "no matching manifest for linux")
 }
diff --git a/integration-cli/docker_cli_push_test.go b/integration-cli/docker_cli_push_test.go
index 0f0df1ab24cd5..d3af28e46eef4 100644
--- a/integration-cli/docker_cli_push_test.go
+++ b/integration-cli/docker_cli_push_test.go
@@ -3,22 +3,21 @@ package main
 import (
 	"archive/tar"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"strings"
 	"sync"
+	"testing"
 
 	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-// Pushing an image to a private registry.
-func testPushBusyboxImage(c *check.C) {
+func (s *DockerRegistrySuite) TestPushBusyboxImage(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 	// tag the image to upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
@@ -26,69 +25,51 @@ func testPushBusyboxImage(c *check.C) {
 	dockerCmd(c, "push", repoName)
 }
 
-func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) {
-	testPushBusyboxImage(c)
-}
-
-func (s *DockerSchema1RegistrySuite) TestPushBusyboxImage(c *check.C) {
-	testPushBusyboxImage(c)
-}
-
 // pushing an image without a prefix should throw an error
-func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) {
+func (s *DockerSuite) TestPushUnprefixedRepo(c *testing.T) {
 	out, _, err := dockerCmdWithError("push", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out))
+	assert.ErrorContains(c, err, "", "pushing an unprefixed repo didn't result in a non-zero exit status: %s", out)
 }
 
-func testPushUntagged(c *check.C) {
+func (s *DockerRegistrySuite) TestPushUntagged(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 	expected := "An image does not exist locally with the tag"
 
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
-	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
-}
-
-func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) {
-	testPushUntagged(c)
-}
-
-func (s *DockerSchema1RegistrySuite) TestPushUntagged(c *check.C) {
-	testPushUntagged(c)
+	assert.ErrorContains(c, err, "", "pushing the image to the private registry should have failed: output %q", out)
+	assert.Assert(c, strings.Contains(out, expected), "pushing the image failed")
 }
 
-func testPushBadTag(c *check.C) {
+func (s *DockerRegistrySuite) TestPushBadTag(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
 	expected := "does not exist"
 
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
-	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
+	assert.ErrorContains(c, err, "", "pushing the image to the private registry should have failed: output %q", out)
+	assert.Assert(c, strings.Contains(out, expected), "pushing the image failed")
 }
 
-func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) {
-	testPushBadTag(c)
-}
-
-func (s *DockerSchema1RegistrySuite) TestPushBadTag(c *check.C) {
-	testPushBadTag(c)
-}
-
-func testPushMultipleTags(c *check.C) {
+func (s *DockerRegistrySuite) TestPushMultipleTags(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 	repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
 	repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL)
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoTag1)
-
 	dockerCmd(c, "tag", "busybox", repoTag2)
 
-	dockerCmd(c, "push", repoName)
+	args := []string{"push"}
+	if versions.GreaterThanOrEqualTo(DockerCLIVersion(c), "20.10.0") {
+		// 20.10 CLI removed implicit push all tags and requires the "--all" flag
+		args = append(args, "--all-tags")
+	}
+	args = append(args, repoName)
 
-	// Ensure layer list is equivalent for repoTag1 and repoTag2
-	out1, _ := dockerCmd(c, "pull", repoTag1)
+	dockerCmd(c, args...)
 
 	imageAlreadyExists := ": Image already exists"
+
+	// Ensure layer list is equivalent for repoTag1 and repoTag2
+	out1, _ := dockerCmd(c, "push", repoTag1)
 	var out1Lines []string
 	for _, outputLine := range strings.Split(out1, "\n") {
 		if strings.Contains(outputLine, imageAlreadyExists) {
@@ -96,40 +77,27 @@ func testPushMultipleTags(c *check.C) {
 		}
 	}
 
-	out2, _ := dockerCmd(c, "pull", repoTag2)
-
+	out2, _ := dockerCmd(c, "push", repoTag2)
 	var out2Lines []string
 	for _, outputLine := range strings.Split(out2, "\n") {
 		if strings.Contains(outputLine, imageAlreadyExists) {
-			out1Lines = append(out1Lines, outputLine)
+			out2Lines = append(out2Lines, outputLine)
 		}
 	}
-	c.Assert(out2Lines, checker.HasLen, len(out1Lines))
-
-	for i := range out1Lines {
-		c.Assert(out1Lines[i], checker.Equals, out2Lines[i])
-	}
-}
-
-func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) {
-	testPushMultipleTags(c)
+	assert.DeepEqual(c, out1Lines, out2Lines)
 }
 
-func (s *DockerSchema1RegistrySuite) TestPushMultipleTags(c *check.C) {
-	testPushMultipleTags(c)
-}
-
-func testPushEmptyLayer(c *check.C) {
+func (s *DockerRegistrySuite) TestPushEmptyLayer(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
-	emptyTarball, err := ioutil.TempFile("", "empty_tarball")
-	c.Assert(err, check.IsNil, check.Commentf("Unable to create test file"))
+	emptyTarball, err := os.CreateTemp("", "empty_tarball")
+	assert.NilError(c, err, "Unable to create test file")
 
 	tw := tar.NewWriter(emptyTarball)
 	err = tw.Close()
-	c.Assert(err, check.IsNil, check.Commentf("Error creating empty tarball"))
+	assert.NilError(c, err, "Error creating empty tarball")
 
 	freader, err := os.Open(emptyTarball.Name())
-	c.Assert(err, check.IsNil, check.Commentf("Could not open test tarball"))
+	assert.NilError(c, err, "Could not open test tarball")
 	defer freader.Close()
 
 	icmd.RunCmd(icmd.Cmd{
@@ -139,20 +107,12 @@ func testPushEmptyLayer(c *check.C) {
 
 	// Now verify we can push it
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
-}
-
-func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) {
-	testPushEmptyLayer(c)
+	assert.NilError(c, err, "pushing the image to the private registry has failed: %s", out)
 }
 
-func (s *DockerSchema1RegistrySuite) TestPushEmptyLayer(c *check.C) {
-	testPushEmptyLayer(c)
-}
-
-// testConcurrentPush pushes multiple tags to the same repo
+// TestConcurrentPush pushes multiple tags to the same repo
 // concurrently.
-func testConcurrentPush(c *check.C) {
+func (s *DockerRegistrySuite) TestConcurrentPush(c *testing.T) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
 	var repos []string
@@ -169,7 +129,7 @@ func testConcurrentPush(c *check.C) {
 	}
 
 	// Push tags, in parallel
-	results := make(chan error)
+	results := make(chan error, len(repos))
 
 	for _, repo := range repos {
 		go func(repo string) {
@@ -180,7 +140,7 @@ func testConcurrentPush(c *check.C) {
 
 	for range repos {
 		err := <-results
-		c.Assert(err, checker.IsNil, check.Commentf("concurrent push failed with error: %v", err))
+		assert.NilError(c, err, "concurrent push failed with error: %v", err)
 	}
 
 	// Clear local images store.
@@ -192,109 +152,69 @@ func testConcurrentPush(c *check.C) {
 		dockerCmd(c, "pull", repo)
 		dockerCmd(c, "inspect", repo)
 		out, _ := dockerCmd(c, "run", "--rm", repo)
-		c.Assert(strings.TrimSpace(out), checker.Equals, "/bin/sh -c echo "+repo)
+		assert.Equal(c, strings.TrimSpace(out), "/bin/sh -c echo "+repo)
 	}
 }
 
-func (s *DockerRegistrySuite) TestConcurrentPush(c *check.C) {
-	testConcurrentPush(c)
-}
-
-func (s *DockerSchema1RegistrySuite) TestConcurrentPush(c *check.C) {
-	testConcurrentPush(c)
-}
-
-func (s *DockerRegistrySuite) TestCrossRepositoryLayerPush(c *check.C) {
+func (s *DockerRegistrySuite) TestCrossRepositoryLayerPush(c *testing.T) {
 	sourceRepoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 	// tag the image to upload it to the private registry
 	dockerCmd(c, "tag", "busybox", sourceRepoName)
 	// push the image to the registry
 	out1, _, err := dockerCmdWithError("push", sourceRepoName)
-	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out1))
+	assert.NilError(c, err, "pushing the image to the private registry has failed: %s", out1)
 	// ensure that none of the layers were mounted from another repository during push
-	c.Assert(strings.Contains(out1, "Mounted from"), check.Equals, false)
+	assert.Assert(c, !strings.Contains(out1, "Mounted from"))
 
 	digest1 := reference.DigestRegexp.FindString(out1)
-	c.Assert(len(digest1), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
+	assert.Assert(c, len(digest1) > 0, "no digest found for pushed manifest")
 
 	destRepoName := fmt.Sprintf("%v/dockercli/crossrepopush", privateRegistryURL)
 	// retag the image to upload the same layers to another repo in the same registry
 	dockerCmd(c, "tag", "busybox", destRepoName)
 	// push the image to the registry
 	out2, _, err := dockerCmdWithError("push", destRepoName)
-	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out2))
+	assert.NilError(c, err, "pushing the image to the private registry has failed: %s", out2)
+
 	// ensure that layers were mounted from the first repo during push
-	c.Assert(strings.Contains(out2, "Mounted from dockercli/busybox"), check.Equals, true)
+	assert.Assert(c, strings.Contains(out2, "Mounted from dockercli/busybox"))
 
 	digest2 := reference.DigestRegexp.FindString(out2)
-	c.Assert(len(digest2), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
-	c.Assert(digest1, check.Equals, digest2)
+	assert.Assert(c, len(digest2) > 0, "no digest found for pushed manifest")
+	assert.Equal(c, digest1, digest2)
 
 	// ensure that pushing again produces the same digest
 	out3, _, err := dockerCmdWithError("push", destRepoName)
-	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out2))
+	assert.NilError(c, err, "pushing the image to the private registry has failed: %s", out3)
 
 	digest3 := reference.DigestRegexp.FindString(out3)
-	c.Assert(len(digest2), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
-	c.Assert(digest3, check.Equals, digest2)
+	assert.Assert(c, len(digest3) > 0, "no digest found for pushed manifest")
+	assert.Equal(c, digest3, digest2)
 
 	// ensure that we can pull and run the cross-repo-pushed repository
 	dockerCmd(c, "rmi", destRepoName)
 	dockerCmd(c, "pull", destRepoName)
 	out4, _ := dockerCmd(c, "run", destRepoName, "echo", "-n", "hello world")
-	c.Assert(out4, check.Equals, "hello world")
-}
-
-func (s *DockerSchema1RegistrySuite) TestCrossRepositoryLayerPushNotSupported(c *check.C) {
-	sourceRepoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
-	// tag the image to upload it to the private registry
-	dockerCmd(c, "tag", "busybox", sourceRepoName)
-	// push the image to the registry
-	out1, _, err := dockerCmdWithError("push", sourceRepoName)
-	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out1))
-	// ensure that none of the layers were mounted from another repository during push
-	c.Assert(strings.Contains(out1, "Mounted from"), check.Equals, false)
-
-	digest1 := reference.DigestRegexp.FindString(out1)
-	c.Assert(len(digest1), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
-
-	destRepoName := fmt.Sprintf("%v/dockercli/crossrepopush", privateRegistryURL)
-	// retag the image to upload the same layers to another repo in the same registry
-	dockerCmd(c, "tag", "busybox", destRepoName)
-	// push the image to the registry
-	out2, _, err := dockerCmdWithError("push", destRepoName)
-	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out2))
-	// schema1 registry should not support cross-repo layer mounts, so ensure that this does not happen
-	c.Assert(strings.Contains(out2, "Mounted from"), check.Equals, false)
-
-	digest2 := reference.DigestRegexp.FindString(out2)
-	c.Assert(len(digest2), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
-	c.Assert(digest1, check.Not(check.Equals), digest2)
-
-	// ensure that we can pull and run the second pushed repository
-	dockerCmd(c, "rmi", destRepoName)
-	dockerCmd(c, "pull", destRepoName)
-	out3, _ := dockerCmd(c, "run", destRepoName, "echo", "-n", "hello world")
-	c.Assert(out3, check.Equals, "hello world")
+	assert.Equal(c, out4, "hello world")
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) TestPushNoCredentialsNoRetry(c *check.C) {
+func (s *DockerRegistryAuthHtpasswdSuite) TestPushNoCredentialsNoRetry(c *testing.T) {
 	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
 	dockerCmd(c, "tag", "busybox", repoName)
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, check.Not(checker.Contains), "Retrying")
-	c.Assert(out, checker.Contains, "no basic auth credentials")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, !strings.Contains(out, "Retrying"))
+	assert.Assert(c, strings.Contains(out, "no basic auth credentials"))
 }
 
 // This may be flaky but it's needed not to regress on unauthorized push, see #21054
-func (s *DockerSuite) TestPushToCentralRegistryUnauthorized(c *check.C) {
+func (s *DockerSuite) TestPushToCentralRegistryUnauthorized(c *testing.T) {
 	testRequires(c, Network)
 	repoName := "test/busybox"
 	dockerCmd(c, "tag", "busybox", repoName)
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, check.Not(checker.Contains), "Retrying")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, !strings.Contains(out, "Retrying"))
 }
 
 func getTestTokenService(status int, body string, retries int) *httptest.Server {
@@ -315,68 +235,68 @@ func getTestTokenService(status int, body string, retries int) *httptest.Server
 	}))
 }
 
-func (s *DockerRegistryAuthTokenSuite) TestPushTokenServiceUnauthResponse(c *check.C) {
+func (s *DockerRegistryAuthTokenSuite) TestPushTokenServiceUnauthResponse(c *testing.T) {
 	ts := getTestTokenService(http.StatusUnauthorized, `{"errors": [{"Code":"UNAUTHORIZED", "message": "a message", "detail": null}]}`, 0)
 	defer ts.Close()
 	s.setupRegistryWithTokenService(c, ts.URL)
 	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
 	dockerCmd(c, "tag", "busybox", repoName)
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), "Retrying")
-	c.Assert(out, checker.Contains, "unauthorized: a message")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, !strings.Contains(out, "Retrying"))
+	assert.Assert(c, strings.Contains(out, "unauthorized: a message"))
 }
 
-func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *check.C) {
+func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *testing.T) {
 	ts := getTestTokenService(http.StatusUnauthorized, `{"error": "unauthorized"}`, 0)
 	defer ts.Close()
 	s.setupRegistryWithTokenService(c, ts.URL)
 	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
 	dockerCmd(c, "tag", "busybox", repoName)
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), "Retrying")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, !strings.Contains(out, "Retrying"))
 	split := strings.Split(out, "\n")
-	c.Assert(split[len(split)-2], check.Equals, "unauthorized: authentication required")
+	assert.Equal(c, split[len(split)-2], "unauthorized: authentication required")
 }
 
-func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *check.C) {
+func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *testing.T) {
 	ts := getTestTokenService(http.StatusTooManyRequests, `{"errors": [{"code":"TOOMANYREQUESTS","message":"out of tokens"}]}`, 3)
 	defer ts.Close()
 	s.setupRegistryWithTokenService(c, ts.URL)
 	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
 	dockerCmd(c, "tag", "busybox", repoName)
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 	// TODO: isolate test so that it can be guaranteed that the 503 will trigger xfer retries
-	//c.Assert(out, checker.Contains, "Retrying")
-	//c.Assert(out, checker.Not(checker.Contains), "Retrying in 15")
+	//assert.Assert(c, strings.Contains(out, "Retrying"))
+	//assert.Assert(c, !strings.Contains(out, "Retrying in 15"))
 	split := strings.Split(out, "\n")
-	c.Assert(split[len(split)-2], check.Equals, "toomanyrequests: out of tokens")
+	assert.Equal(c, split[len(split)-2], "toomanyrequests: out of tokens")
 }
 
-func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *check.C) {
+func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *testing.T) {
 	ts := getTestTokenService(http.StatusForbidden, `no way`, 0)
 	defer ts.Close()
 	s.setupRegistryWithTokenService(c, ts.URL)
 	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
 	dockerCmd(c, "tag", "busybox", repoName)
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), "Retrying")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, !strings.Contains(out, "Retrying"))
 	split := strings.Split(out, "\n")
-	c.Assert(split[len(split)-2], checker.Contains, "error parsing HTTP 403 response body: ")
+	assert.Assert(c, strings.Contains(split[len(split)-2], "error parsing HTTP 403 response body: "))
 }
 
-func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *check.C) {
+func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *testing.T) {
 	ts := getTestTokenService(http.StatusOK, `{"something": "wrong"}`, 0)
 	defer ts.Close()
 	s.setupRegistryWithTokenService(c, ts.URL)
 	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
 	dockerCmd(c, "tag", "busybox", repoName)
 	out, _, err := dockerCmdWithError("push", repoName)
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), "Retrying")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, !strings.Contains(out, "Retrying"))
 	split := strings.Split(out, "\n")
-	c.Assert(split[len(split)-2], check.Equals, "authorization server did not include a token in the response")
+	assert.Equal(c, split[len(split)-2], "authorization server did not include a token in the response")
 }
diff --git a/integration-cli/docker_cli_registry_user_agent_test.go b/integration-cli/docker_cli_registry_user_agent_test.go
index 7ee3c3d1ba060..13e2c8058e5b6 100644
--- a/integration-cli/docker_cli_registry_user_agent_test.go
+++ b/integration-cli/docker_cli_registry_user_agent_test.go
@@ -2,13 +2,13 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"regexp"
+	"testing"
 
-	"github.com/docker/docker/internal/test/registry"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/registry"
+	"gotest.tools/v3/assert"
 )
 
 // unescapeBackslashSemicolonParens unescapes \;()
@@ -17,36 +17,36 @@ func unescapeBackslashSemicolonParens(s string) string {
 	ret := re.ReplaceAll([]byte(s), []byte(";"))
 
 	re = regexp.MustCompile(`\\\(`)
-	ret = re.ReplaceAll([]byte(ret), []byte("("))
+	ret = re.ReplaceAll(ret, []byte("("))
 
 	re = regexp.MustCompile(`\\\)`)
-	ret = re.ReplaceAll([]byte(ret), []byte(")"))
+	ret = re.ReplaceAll(ret, []byte(")"))
 
 	re = regexp.MustCompile(`\\\\`)
-	ret = re.ReplaceAll([]byte(ret), []byte(`\`))
+	ret = re.ReplaceAll(ret, []byte(`\`))
 
 	return string(ret)
 }
 
-func regexpCheckUA(c *check.C, ua string) {
+func regexpCheckUA(c *testing.T, ua string) {
 	re := regexp.MustCompile("(?P<dockerUA>.+) UpstreamClient(?P<upstreamUA>.+)")
 	substrArr := re.FindStringSubmatch(ua)
 
-	c.Assert(substrArr, check.HasLen, 3, check.Commentf("Expected 'UpstreamClient()' with upstream client UA"))
+	assert.Equal(c, len(substrArr), 3, "Expected 'UpstreamClient()' with upstream client UA")
 	dockerUA := substrArr[1]
 	upstreamUAEscaped := substrArr[2]
 
 	// check dockerUA looks correct
 	reDockerUA := regexp.MustCompile("^docker/[0-9A-Za-z+]")
 	bMatchDockerUA := reDockerUA.MatchString(dockerUA)
-	c.Assert(bMatchDockerUA, check.Equals, true, check.Commentf("Docker Engine User-Agent malformed"))
+	assert.Assert(c, bMatchDockerUA, "Docker Engine User-Agent malformed")
 
 	// check upstreamUA looks correct
 	// Expecting something like:  Docker-Client/1.11.0-dev (linux)
 	upstreamUA := unescapeBackslashSemicolonParens(upstreamUAEscaped)
-	reUpstreamUA := regexp.MustCompile("^\\(Docker-Client/[0-9A-Za-z+]")
+	reUpstreamUA := regexp.MustCompile(`^\(Docker-Client/[0-9A-Za-z+]`)
 	bMatchUpstreamUA := reUpstreamUA.MatchString(upstreamUA)
-	c.Assert(bMatchUpstreamUA, check.Equals, true, check.Commentf("(Upstream) Docker Client User-Agent malformed"))
+	assert.Assert(c, bMatchUpstreamUA, "(Upstream) Docker Client User-Agent malformed")
 }
 
 // registerUserAgentHandler registers a handler for the `/v2/*` endpoint.
@@ -70,23 +70,24 @@ func registerUserAgentHandler(reg *registry.Mock, result *string) {
 // TestUserAgentPassThrough verifies that when an image is pulled from
 // a registry, the registry should see a User-Agent string of the form
 // [docker engine UA] UpstreamClientSTREAM-CLIENT([client UA])
-func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) {
+func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *testing.T) {
 	var ua string
 
 	reg, err := registry.NewMock(c)
+	assert.NilError(c, err)
 	defer reg.Close()
-	c.Assert(err, check.IsNil)
+
 	registerUserAgentHandler(reg, &ua)
 	repoName := fmt.Sprintf("%s/busybox", reg.URL())
 
 	s.d.StartWithBusybox(c, "--insecure-registry", reg.URL())
 
-	tmp, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, check.IsNil)
+	tmp, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmp)
 
 	dockerfile, err := makefile(tmp, fmt.Sprintf("FROM %s", repoName))
-	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
+	assert.NilError(c, err, "Unable to create test dockerfile")
 
 	s.d.Cmd("build", "--file", dockerfile, tmp)
 	regexpCheckUA(c, ua)
diff --git a/integration-cli/docker_cli_restart_test.go b/integration-cli/docker_cli_restart_test.go
index 791677e6e0c6d..fc6f4918f1073 100644
--- a/integration-cli/docker_cli_restart_test.go
+++ b/integration-cli/docker_cli_restart_test.go
@@ -4,277 +4,291 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
 )
 
-func (s *DockerSuite) TestRestartStoppedContainer(c *check.C) {
+func (s *DockerSuite) TestRestartStoppedContainer(c *testing.T) {
 	dockerCmd(c, "run", "--name=test", "busybox", "echo", "foobar")
 	cleanedContainerID := getIDByName(c, "test")
 
 	out, _ := dockerCmd(c, "logs", cleanedContainerID)
-	c.Assert(out, checker.Equals, "foobar\n")
+	assert.Equal(c, out, "foobar\n")
 
 	dockerCmd(c, "restart", cleanedContainerID)
 
 	// Wait until the container has stopped
 	err := waitInspect(cleanedContainerID, "{{.State.Running}}", "false", 20*time.Second)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _ = dockerCmd(c, "logs", cleanedContainerID)
-	c.Assert(out, checker.Equals, "foobar\nfoobar\n")
+	assert.Equal(c, out, "foobar\nfoobar\n")
 }
 
-func (s *DockerSuite) TestRestartRunningContainer(c *check.C) {
+func (s *DockerSuite) TestRestartRunningContainer(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", "echo foobar && sleep 30 && echo 'should not print this'")
 
 	cleanedContainerID := strings.TrimSpace(out)
 
-	c.Assert(waitRun(cleanedContainerID), checker.IsNil)
+	assert.NilError(c, waitRun(cleanedContainerID))
 
-	getLogs := func(c *check.C) (interface{}, check.CommentInterface) {
+	getLogs := func(c *testing.T) (interface{}, string) {
 		out, _ := dockerCmd(c, "logs", cleanedContainerID)
-		return out, nil
+		return out, ""
 	}
 
 	// Wait 10 seconds for the 'echo' to appear in the logs
-	waitAndAssert(c, 10*time.Second, getLogs, checker.Equals, "foobar\n")
+	poll.WaitOn(c, pollCheck(c, getLogs, checker.Equals("foobar\n")), poll.WithTimeout(10*time.Second))
 
 	dockerCmd(c, "restart", "-t", "1", cleanedContainerID)
-	c.Assert(waitRun(cleanedContainerID), checker.IsNil)
+	assert.NilError(c, waitRun(cleanedContainerID))
 
 	// Wait 10 seconds for first 'echo' appear (again) in the logs
-	waitAndAssert(c, 10*time.Second, getLogs, checker.Equals, "foobar\nfoobar\n")
+	poll.WaitOn(c, pollCheck(c, getLogs, checker.Equals("foobar\nfoobar\n")), poll.WithTimeout(10*time.Second))
 }
 
 // Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819.
-func (s *DockerSuite) TestRestartWithVolumes(c *check.C) {
+func (s *DockerSuite) TestRestartWithVolumes(c *testing.T) {
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 	out := runSleepingContainer(c, "-d", "-v", prefix+slash+"test")
 
 	cleanedContainerID := strings.TrimSpace(out)
 	out, err := inspectFilter(cleanedContainerID, "len .Mounts")
-	c.Assert(err, check.IsNil, check.Commentf("failed to inspect %s: %s", cleanedContainerID, out))
+	assert.NilError(c, err, "failed to inspect %s: %s", cleanedContainerID, out)
 	out = strings.Trim(out, " \n\r")
-	c.Assert(out, checker.Equals, "1")
+	assert.Equal(c, out, "1")
 
 	source, err := inspectMountSourceField(cleanedContainerID, prefix+slash+"test")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "restart", cleanedContainerID)
 
 	out, err = inspectFilter(cleanedContainerID, "len .Mounts")
-	c.Assert(err, check.IsNil, check.Commentf("failed to inspect %s: %s", cleanedContainerID, out))
+	assert.NilError(c, err, "failed to inspect %s: %s", cleanedContainerID, out)
 	out = strings.Trim(out, " \n\r")
-	c.Assert(out, checker.Equals, "1")
+	assert.Equal(c, out, "1")
 
 	sourceAfterRestart, err := inspectMountSourceField(cleanedContainerID, prefix+slash+"test")
-	c.Assert(err, checker.IsNil)
-	c.Assert(source, checker.Equals, sourceAfterRestart)
+	assert.NilError(c, err)
+	assert.Equal(c, source, sourceAfterRestart)
 }
 
-func (s *DockerSuite) TestRestartDisconnectedContainer(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace, NotArm)
+func (s *DockerSuite) TestRestartDisconnectedContainer(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon, NotUserNamespace, NotArm)
 
 	// Run a container on the default bridge network
 	out, _ := dockerCmd(c, "run", "-d", "--name", "c0", "busybox", "top")
 	cleanedContainerID := strings.TrimSpace(out)
-	c.Assert(waitRun(cleanedContainerID), checker.IsNil)
+	assert.NilError(c, waitRun(cleanedContainerID))
 
 	// Disconnect the container from the network
-	out, err := dockerCmd(c, "network", "disconnect", "bridge", "c0")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	out, exitCode := dockerCmd(c, "network", "disconnect", "bridge", "c0")
+	assert.Assert(c, exitCode == 0, out)
 
 	// Restart the container
-	dockerCmd(c, "restart", "c0")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	out, exitCode = dockerCmd(c, "restart", "c0")
+	assert.Assert(c, exitCode == 0, out)
 }
 
-func (s *DockerSuite) TestRestartPolicyNO(c *check.C) {
+func (s *DockerSuite) TestRestartPolicyNO(c *testing.T) {
 	out, _ := dockerCmd(c, "create", "--restart=no", "busybox")
 
-	id := strings.TrimSpace(string(out))
+	id := strings.TrimSpace(out)
 	name := inspectField(c, id, "HostConfig.RestartPolicy.Name")
-	c.Assert(name, checker.Equals, "no")
+	assert.Equal(c, name, "no")
 }
 
-func (s *DockerSuite) TestRestartPolicyAlways(c *check.C) {
+func (s *DockerSuite) TestRestartPolicyAlways(c *testing.T) {
 	out, _ := dockerCmd(c, "create", "--restart=always", "busybox")
 
-	id := strings.TrimSpace(string(out))
+	id := strings.TrimSpace(out)
 	name := inspectField(c, id, "HostConfig.RestartPolicy.Name")
-	c.Assert(name, checker.Equals, "always")
+	assert.Equal(c, name, "always")
 
 	MaximumRetryCount := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
 
 	// MaximumRetryCount=0 if the restart policy is always
-	c.Assert(MaximumRetryCount, checker.Equals, "0")
+	assert.Equal(c, MaximumRetryCount, "0")
 }
 
-func (s *DockerSuite) TestRestartPolicyOnFailure(c *check.C) {
+func (s *DockerSuite) TestRestartPolicyOnFailure(c *testing.T) {
 	out, _, err := dockerCmdWithError("create", "--restart=on-failure:-1", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "maximum retry count cannot be negative")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "maximum retry count cannot be negative"))
 
 	out, _ = dockerCmd(c, "create", "--restart=on-failure:1", "busybox")
 
-	id := strings.TrimSpace(string(out))
+	id := strings.TrimSpace(out)
 	name := inspectField(c, id, "HostConfig.RestartPolicy.Name")
 	maxRetry := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
 
-	c.Assert(name, checker.Equals, "on-failure")
-	c.Assert(maxRetry, checker.Equals, "1")
+	assert.Equal(c, name, "on-failure")
+	assert.Equal(c, maxRetry, "1")
 
 	out, _ = dockerCmd(c, "create", "--restart=on-failure:0", "busybox")
 
-	id = strings.TrimSpace(string(out))
+	id = strings.TrimSpace(out)
 	name = inspectField(c, id, "HostConfig.RestartPolicy.Name")
 	maxRetry = inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
 
-	c.Assert(name, checker.Equals, "on-failure")
-	c.Assert(maxRetry, checker.Equals, "0")
+	assert.Equal(c, name, "on-failure")
+	assert.Equal(c, maxRetry, "0")
 
 	out, _ = dockerCmd(c, "create", "--restart=on-failure", "busybox")
 
-	id = strings.TrimSpace(string(out))
+	id = strings.TrimSpace(out)
 	name = inspectField(c, id, "HostConfig.RestartPolicy.Name")
 	maxRetry = inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
 
-	c.Assert(name, checker.Equals, "on-failure")
-	c.Assert(maxRetry, checker.Equals, "0")
+	assert.Equal(c, name, "on-failure")
+	assert.Equal(c, maxRetry, "0")
 }
 
 // a good container with --restart=on-failure:3
 // MaximumRetryCount!=0; RestartCount=0
-func (s *DockerSuite) TestRestartContainerwithGoodContainer(c *check.C) {
+func (s *DockerSuite) TestRestartContainerwithGoodContainer(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "true")
 
-	id := strings.TrimSpace(string(out))
+	id := strings.TrimSpace(out)
 	err := waitInspect(id, "{{ .State.Restarting }} {{ .State.Running }}", "false false", 30*time.Second)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	count := inspectField(c, id, "RestartCount")
-	c.Assert(count, checker.Equals, "0")
+	assert.Equal(c, count, "0")
 
 	MaximumRetryCount := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
-	c.Assert(MaximumRetryCount, checker.Equals, "3")
-
+	assert.Equal(c, MaximumRetryCount, "3")
 }
 
-func (s *DockerSuite) TestRestartContainerSuccess(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestRestartContainerSuccess(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
+	// Skipped for Hyper-V isolated containers. Test is currently written
+	// such that it assumes there is a host process to kill. In Hyper-V
+	// containers, the process is inside the utility VM, not on the host.
+	if DaemonIsWindows() {
+		testRequires(c, IsolationIsProcess)
+	}
 
 	out := runSleepingContainer(c, "-d", "--restart=always")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	pidStr := inspectField(c, id, "State.Pid")
 
 	pid, err := strconv.Atoi(pidStr)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	p, err := os.FindProcess(pid)
-	c.Assert(err, check.IsNil)
-	c.Assert(p, check.NotNil)
+	assert.NilError(c, err)
+	assert.Assert(c, p != nil)
 
 	err = p.Kill()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	err = waitInspect(id, "{{.RestartCount}}", "1", 30*time.Second)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	err = waitInspect(id, "{{.State.Status}}", "running", 30*time.Second)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestRestartWithPolicyUserDefinedNetwork(c *check.C) {
+func (s *DockerSuite) TestRestartWithPolicyUserDefinedNetwork(c *testing.T) {
 	// TODO Windows. This may be portable following HNS integration post TP5.
-	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace, NotArm)
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon, NotUserNamespace, NotArm)
 	dockerCmd(c, "network", "create", "-d", "bridge", "udNet")
 
 	dockerCmd(c, "run", "-d", "--net=udNet", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.NilError(c, waitRun("first"))
 
 	dockerCmd(c, "run", "-d", "--restart=always", "--net=udNet", "--name=second",
 		"--link=first:foo", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.NilError(c, waitRun("second"))
 
 	// ping to first and its alias foo must succeed
 	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// Now kill the second container and let the restart policy kick in
 	pidStr := inspectField(c, "second", "State.Pid")
 
 	pid, err := strconv.Atoi(pidStr)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	p, err := os.FindProcess(pid)
-	c.Assert(err, check.IsNil)
-	c.Assert(p, check.NotNil)
+	assert.NilError(c, err)
+	assert.Assert(c, p != nil)
 
 	err = p.Kill()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	err = waitInspect("second", "{{.RestartCount}}", "1", 5*time.Second)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	err = waitInspect("second", "{{.State.Status}}", "running", 5*time.Second)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// ping to first and its alias foo must still succeed
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestRestartPolicyAfterRestart(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestRestartPolicyAfterRestart(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
+	// Skipped for Hyper-V isolated containers. Test is currently written
+	// such that it assumes there is a host process to kill. In Hyper-V
+	// containers, the process is inside the utility VM, not on the host.
+	if DaemonIsWindows() {
+		testRequires(c, IsolationIsProcess)
+	}
 
 	out := runSleepingContainer(c, "-d", "--restart=always")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	dockerCmd(c, "restart", id)
 
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	pidStr := inspectField(c, id, "State.Pid")
 
 	pid, err := strconv.Atoi(pidStr)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	p, err := os.FindProcess(pid)
-	c.Assert(err, check.IsNil)
-	c.Assert(p, check.NotNil)
+	assert.NilError(c, err)
+	assert.Assert(c, p != nil)
 
 	err = p.Kill()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	err = waitInspect(id, "{{.RestartCount}}", "1", 30*time.Second)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	err = waitInspect(id, "{{.State.Status}}", "running", 30*time.Second)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestRestartContainerwithRestartPolicy(c *check.C) {
+func (s *DockerSuite) TestRestartContainerwithRestartPolicy(c *testing.T) {
 	out1, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "false")
 	out2, _ := dockerCmd(c, "run", "-d", "--restart=always", "busybox", "false")
 
-	id1 := strings.TrimSpace(string(out1))
-	id2 := strings.TrimSpace(string(out2))
+	id1 := strings.TrimSpace(out1)
+	id2 := strings.TrimSpace(out2)
 	waitTimeout := 15 * time.Second
 	if testEnv.OSType == "windows" {
 		waitTimeout = 150 * time.Second
 	}
 	err := waitInspect(id1, "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTimeout)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "restart", id1)
 	dockerCmd(c, "restart", id2)
@@ -285,25 +299,25 @@ func (s *DockerSuite) TestRestartContainerwithRestartPolicy(c *check.C) {
 	dockerCmd(c, "start", id1)
 	dockerCmd(c, "start", id2)
 
-	// Kill the containers, making sure the are stopped at the end of the test
+	// Kill the containers, making sure they are stopped at the end of the test
 	dockerCmd(c, "kill", id1)
 	dockerCmd(c, "kill", id2)
 	err = waitInspect(id1, "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTimeout)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	err = waitInspect(id2, "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTimeout)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestRestartAutoRemoveContainer(c *check.C) {
+func (s *DockerSuite) TestRestartAutoRemoveContainer(c *testing.T) {
 	out := runSleepingContainer(c, "--rm")
 
-	id := strings.TrimSpace(string(out))
+	id := strings.TrimSpace(out)
 	dockerCmd(c, "restart", id)
 	err := waitInspect(id, "{{ .State.Restarting }} {{ .State.Running }}", "false true", 15*time.Second)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _ = dockerCmd(c, "ps")
-	c.Assert(out, checker.Contains, id[:12], check.Commentf("container should be restarted instead of removed: %v", out))
+	assert.Assert(c, is.Contains(out, id[:12]), "container should be restarted instead of removed: %v", out)
 
 	// Kill the container to make sure it will be removed
 	dockerCmd(c, "kill", id)
diff --git a/integration-cli/docker_cli_rmi_test.go b/integration-cli/docker_cli_rmi_test.go
index 662285682327d..f0bb557f9564e 100644
--- a/integration-cli/docker_cli_rmi_test.go
+++ b/integration-cli/docker_cli_rmi_test.go
@@ -3,17 +3,17 @@ package main
 import (
 	"fmt"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestRmiWithContainerFails(c *check.C) {
+func (s *DockerSuite) TestRmiWithContainerFails(c *testing.T) {
 	errSubstr := "is using it"
 
 	// create a container
@@ -24,45 +24,44 @@ func (s *DockerSuite) TestRmiWithContainerFails(c *check.C) {
 	// try to delete the image
 	out, _, err := dockerCmdWithError("rmi", "busybox")
 	// Container is using image, should not be able to rmi
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 	// Container is using image, error message should contain errSubstr
-	c.Assert(out, checker.Contains, errSubstr, check.Commentf("Container: %q", cleanedContainerID))
-
+	assert.Assert(c, strings.Contains(out, errSubstr), "Container: %q", cleanedContainerID)
 	// make sure it didn't delete the busybox name
 	images, _ := dockerCmd(c, "images")
 	// The name 'busybox' should not have been removed from images
-	c.Assert(images, checker.Contains, "busybox")
+	assert.Assert(c, strings.Contains(images, "busybox"))
 }
 
-func (s *DockerSuite) TestRmiTag(c *check.C) {
+func (s *DockerSuite) TestRmiTag(c *testing.T) {
 	imagesBefore, _ := dockerCmd(c, "images", "-a")
 	dockerCmd(c, "tag", "busybox", "utest:tag1")
 	dockerCmd(c, "tag", "busybox", "utest/docker:tag2")
 	dockerCmd(c, "tag", "busybox", "utest:5000/docker:tag3")
 	{
 		imagesAfter, _ := dockerCmd(c, "images", "-a")
-		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+3, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+		assert.Equal(c, strings.Count(imagesAfter, "\n"), strings.Count(imagesBefore, "\n")+3, fmt.Sprintf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
 	}
 	dockerCmd(c, "rmi", "utest/docker:tag2")
 	{
 		imagesAfter, _ := dockerCmd(c, "images", "-a")
-		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+2, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+		assert.Equal(c, strings.Count(imagesAfter, "\n"), strings.Count(imagesBefore, "\n")+2, fmt.Sprintf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
 	}
 	dockerCmd(c, "rmi", "utest:5000/docker:tag3")
 	{
 		imagesAfter, _ := dockerCmd(c, "images", "-a")
-		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+1, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+		assert.Equal(c, strings.Count(imagesAfter, "\n"), strings.Count(imagesBefore, "\n")+1, fmt.Sprintf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
 
 	}
 	dockerCmd(c, "rmi", "utest:tag1")
 	{
 		imagesAfter, _ := dockerCmd(c, "images", "-a")
-		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n"), check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+		assert.Equal(c, strings.Count(imagesAfter, "\n"), strings.Count(imagesBefore, "\n"), fmt.Sprintf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
 
 	}
 }
 
-func (s *DockerSuite) TestRmiImgIDMultipleTag(c *check.C) {
+func (s *DockerSuite) TestRmiImgIDMultipleTag(c *testing.T) {
 	out := cli.DockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir '/busybox-one'").Combined()
 	containerID := strings.TrimSpace(out)
 
@@ -80,7 +79,7 @@ func (s *DockerSuite) TestRmiImgIDMultipleTag(c *check.C) {
 
 	imagesAfter := cli.DockerCmd(c, "images", "-a").Combined()
 	// tag busybox to create 2 more images with same imageID
-	c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+2, check.Commentf("docker images shows: %q\n", imagesAfter))
+	assert.Equal(c, strings.Count(imagesAfter, "\n"), strings.Count(imagesBefore, "\n")+2, fmt.Sprintf("docker images shows: %q\n", imagesAfter))
 
 	imgID := inspectField(c, "busybox-one:tag1", "Id")
 
@@ -100,10 +99,10 @@ func (s *DockerSuite) TestRmiImgIDMultipleTag(c *check.C) {
 
 	imagesAfter = cli.DockerCmd(c, "images", "-a").Combined()
 	// rmi -f failed, image still exists
-	c.Assert(imagesAfter, checker.Not(checker.Contains), imgID[:12], check.Commentf("ImageID:%q; ImagesAfter: %q", imgID, imagesAfter))
+	assert.Assert(c, !strings.Contains(imagesAfter, imgID[:12]), "ImageID:%q; ImagesAfter: %q", imgID, imagesAfter)
 }
 
-func (s *DockerSuite) TestRmiImgIDForce(c *check.C) {
+func (s *DockerSuite) TestRmiImgIDForce(c *testing.T) {
 	out := cli.DockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir '/busybox-test'").Combined()
 	containerID := strings.TrimSpace(out)
 
@@ -122,7 +121,7 @@ func (s *DockerSuite) TestRmiImgIDForce(c *check.C) {
 	cli.DockerCmd(c, "tag", "busybox-test", "utest:5000/docker:tag4")
 	{
 		imagesAfter := cli.DockerCmd(c, "images", "-a").Combined()
-		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+4, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+		assert.Equal(c, strings.Count(imagesAfter, "\n"), strings.Count(imagesBefore, "\n")+4, fmt.Sprintf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
 	}
 	imgID := inspectField(c, "busybox-test", "Id")
 
@@ -136,12 +135,12 @@ func (s *DockerSuite) TestRmiImgIDForce(c *check.C) {
 	{
 		imagesAfter := cli.DockerCmd(c, "images", "-a").Combined()
 		// rmi failed, image still exists
-		c.Assert(imagesAfter, checker.Not(checker.Contains), imgID[:12])
+		assert.Assert(c, !strings.Contains(imagesAfter, imgID[:12]))
 	}
 }
 
 // See https://github.com/docker/docker/issues/14116
-func (s *DockerSuite) TestRmiImageIDForceWithRunningContainersAndMultipleTags(c *check.C) {
+func (s *DockerSuite) TestRmiImageIDForceWithRunningContainersAndMultipleTags(c *testing.T) {
 	dockerfile := "FROM busybox\nRUN echo test 14116\n"
 	buildImageSuccessfully(c, "test-14116", build.WithDockerfile(dockerfile))
 	imgID := getIDByName(c, "test-14116")
@@ -152,11 +151,11 @@ func (s *DockerSuite) TestRmiImageIDForceWithRunningContainersAndMultipleTags(c
 
 	out, _, err := dockerCmdWithError("rmi", "-f", imgID)
 	// rmi -f should not delete image with running containers
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "(cannot be forced) - image is being used by running container")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "(cannot be forced) - image is being used by running container"))
 }
 
-func (s *DockerSuite) TestRmiTagWithExistingContainers(c *check.C) {
+func (s *DockerSuite) TestRmiTagWithExistingContainers(c *testing.T) {
 	container := "test-delete-tag"
 	newtag := "busybox:newtag"
 	bb := "busybox:latest"
@@ -165,10 +164,10 @@ func (s *DockerSuite) TestRmiTagWithExistingContainers(c *check.C) {
 	dockerCmd(c, "run", "--name", container, bb, "/bin/true")
 
 	out, _ := dockerCmd(c, "rmi", newtag)
-	c.Assert(strings.Count(out, "Untagged: "), checker.Equals, 1)
+	assert.Equal(c, strings.Count(out, "Untagged: "), 1)
 }
 
-func (s *DockerSuite) TestRmiForceWithExistingContainers(c *check.C) {
+func (s *DockerSuite) TestRmiForceWithExistingContainers(c *testing.T) {
 	image := "busybox-clone"
 
 	icmd.RunCmd(icmd.Cmd{
@@ -182,7 +181,7 @@ MAINTAINER foo`),
 	dockerCmd(c, "rmi", "-f", image)
 }
 
-func (s *DockerSuite) TestRmiWithMultipleRepositories(c *check.C) {
+func (s *DockerSuite) TestRmiWithMultipleRepositories(c *testing.T) {
 	newRepo := "127.0.0.1:5000/busybox"
 	oldRepo := "busybox"
 	newTag := "busybox:test"
@@ -193,10 +192,10 @@ func (s *DockerSuite) TestRmiWithMultipleRepositories(c *check.C) {
 	dockerCmd(c, "commit", "test", newTag)
 
 	out, _ := dockerCmd(c, "rmi", newTag)
-	c.Assert(out, checker.Contains, "Untagged: "+newTag)
+	assert.Assert(c, strings.Contains(out, "Untagged: "+newTag))
 }
 
-func (s *DockerSuite) TestRmiForceWithMultipleRepositories(c *check.C) {
+func (s *DockerSuite) TestRmiForceWithMultipleRepositories(c *testing.T) {
 	imageName := "rmiimage"
 	tag1 := imageName + ":tag1"
 	tag2 := imageName + ":tag2"
@@ -206,25 +205,24 @@ func (s *DockerSuite) TestRmiForceWithMultipleRepositories(c *check.C) {
 	dockerCmd(c, "tag", tag1, tag2)
 
 	out, _ := dockerCmd(c, "rmi", "-f", tag2)
-	c.Assert(out, checker.Contains, "Untagged: "+tag2)
-	c.Assert(out, checker.Not(checker.Contains), "Untagged: "+tag1)
-
+	assert.Assert(c, strings.Contains(out, "Untagged: "+tag2))
+	assert.Assert(c, !strings.Contains(out, "Untagged: "+tag1))
 	// Check built image still exists
 	images, _ := dockerCmd(c, "images", "-a")
-	c.Assert(images, checker.Contains, imageName, check.Commentf("Built image missing %q; Images: %q", imageName, images))
+	assert.Assert(c, strings.Contains(images, imageName), "Built image missing %q; Images: %q", imageName, images)
 }
 
-func (s *DockerSuite) TestRmiBlank(c *check.C) {
+func (s *DockerSuite) TestRmiBlank(c *testing.T) {
 	out, _, err := dockerCmdWithError("rmi", " ")
 	// Should have failed to delete ' ' image
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 	// Wrong error message generated
-	c.Assert(out, checker.Not(checker.Contains), "no such id", check.Commentf("out: %s", out))
+	assert.Assert(c, !strings.Contains(out, "no such id"), "out: %s", out)
 	// Expected error message not generated
-	c.Assert(out, checker.Contains, "image name cannot be blank", check.Commentf("out: %s", out))
+	assert.Assert(c, strings.Contains(out, "image name cannot be blank"), "out: %s", out)
 }
 
-func (s *DockerSuite) TestRmiContainerImageNotFound(c *check.C) {
+func (s *DockerSuite) TestRmiContainerImageNotFound(c *testing.T) {
 	// Build 2 images for testing.
 	imageNames := []string{"test1", "test2"}
 	imageIds := make([]string, 2)
@@ -245,12 +243,12 @@ func (s *DockerSuite) TestRmiContainerImageNotFound(c *check.C) {
 	// Try to remove the image of the running container and see if it fails as expected.
 	out, _, err := dockerCmdWithError("rmi", "-f", imageIds[0])
 	// The image of the running container should not be removed.
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "image is being used by running container", check.Commentf("out: %s", out))
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "image is being used by running container"), "out: %s", out)
 }
 
 // #13422
-func (s *DockerSuite) TestRmiUntagHistoryLayer(c *check.C) {
+func (s *DockerSuite) TestRmiUntagHistoryLayer(c *testing.T) {
 	image := "tmp1"
 	// Build an image for testing.
 	dockerfile := `FROM busybox
@@ -273,7 +271,7 @@ RUN echo 2 #layer2
 	// See if the "tmp2" can be untagged.
 	out, _ = dockerCmd(c, "rmi", newTag)
 	// Expected 1 untagged entry
-	c.Assert(strings.Count(out, "Untagged: "), checker.Equals, 1, check.Commentf("out: %s", out))
+	assert.Equal(c, strings.Count(out, "Untagged: "), 1, fmt.Sprintf("out: %s", out))
 
 	// Now let's add the tag again and create a container based on it.
 	dockerCmd(c, "tag", idToTag, newTag)
@@ -284,30 +282,29 @@ RUN echo 2 #layer2
 	// Try to untag "tmp2" without the -f flag.
 	out, _, err := dockerCmdWithError("rmi", newTag)
 	// should not be untagged without the -f flag
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, cid[:12])
-	c.Assert(out, checker.Contains, "(must force)")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, cid[:12]))
+	assert.Assert(c, strings.Contains(out, "(must force)"))
 	// Add the -f flag and test again.
 	out, _ = dockerCmd(c, "rmi", "-f", newTag)
 	// should be allowed to untag with the -f flag
-	c.Assert(out, checker.Contains, fmt.Sprintf("Untagged: %s:latest", newTag))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("Untagged: %s:latest", newTag)))
 }
 
-func (*DockerSuite) TestRmiParentImageFail(c *check.C) {
+func (*DockerSuite) TestRmiParentImageFail(c *testing.T) {
 	buildImageSuccessfully(c, "test", build.WithDockerfile(`
 	FROM busybox
 	RUN echo hello`))
 
 	id := inspectField(c, "busybox", "ID")
 	out, _, err := dockerCmdWithError("rmi", id)
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	if !strings.Contains(out, "image has dependent child images") {
 		c.Fatalf("rmi should have failed because it's a parent image, got %s", out)
 	}
 }
 
-func (s *DockerSuite) TestRmiWithParentInUse(c *check.C) {
+func (s *DockerSuite) TestRmiWithParentInUse(c *testing.T) {
 	out, _ := dockerCmd(c, "create", "busybox")
 	cID := strings.TrimSpace(out)
 
@@ -324,15 +321,15 @@ func (s *DockerSuite) TestRmiWithParentInUse(c *check.C) {
 }
 
 // #18873
-func (s *DockerSuite) TestRmiByIDHardConflict(c *check.C) {
+func (s *DockerSuite) TestRmiByIDHardConflict(c *testing.T) {
 	dockerCmd(c, "create", "busybox")
 
 	imgID := inspectField(c, "busybox:latest", "Id")
 
 	_, _, err := dockerCmdWithError("rmi", imgID[:12])
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// check that tag was not removed
 	imgID2 := inspectField(c, "busybox:latest", "Id")
-	c.Assert(imgID, checker.Equals, imgID2)
+	assert.Equal(c, imgID, imgID2)
 }
diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
index 4f55c05aeb31a..7977f73bb2158 100644
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -7,7 +7,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@@ -20,27 +19,27 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"testing"
 	"time"
 
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/docker/internal/testutil"
-	"github.com/docker/docker/pkg/mount"
-	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/libnetwork/resolvconf"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/testutil"
+	"github.com/docker/docker/testutil/fakecontext"
 	"github.com/docker/go-connections/nat"
-	"github.com/docker/libnetwork/resolvconf"
-	"github.com/docker/libnetwork/types"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"github.com/moby/sys/mountinfo"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/skip"
 )
 
 // "test123" should be printed by docker run
-func (s *DockerSuite) TestRunEchoStdout(c *check.C) {
+func (s *DockerSuite) TestRunEchoStdout(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "busybox", "echo", "test123")
 	if out != "test123\n" {
 		c.Fatalf("container should've printed 'test123', got '%s'", out)
@@ -48,7 +47,7 @@ func (s *DockerSuite) TestRunEchoStdout(c *check.C) {
 }
 
 // "test" should be printed
-func (s *DockerSuite) TestRunEchoNamedContainer(c *check.C) {
+func (s *DockerSuite) TestRunEchoNamedContainer(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "--name", "testfoonamedcontainer", "busybox", "echo", "test")
 	if out != "test\n" {
 		c.Errorf("container should've printed 'test'")
@@ -57,7 +56,7 @@ func (s *DockerSuite) TestRunEchoNamedContainer(c *check.C) {
 
 // docker run should not leak file descriptors. This test relies on Unix
 // specific functionality and cannot run on Windows.
-func (s *DockerSuite) TestRunLeakyFileDescriptors(c *check.C) {
+func (s *DockerSuite) TestRunLeakyFileDescriptors(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "busybox", "ls", "-C", "/proc/self/fd")
 
@@ -69,7 +68,7 @@ func (s *DockerSuite) TestRunLeakyFileDescriptors(c *check.C) {
 
 // it should be possible to lookup Google DNS
 // this will fail when Internet access is unavailable
-func (s *DockerSuite) TestRunLookupGoogleDNS(c *check.C) {
+func (s *DockerSuite) TestRunLookupGoogleDNS(c *testing.T) {
 	testRequires(c, Network, NotArm)
 	if testEnv.OSType == "windows" {
 		// nslookup isn't present in Windows busybox. Is built-in. Further,
@@ -82,19 +81,19 @@ func (s *DockerSuite) TestRunLookupGoogleDNS(c *check.C) {
 }
 
 // the exit code should be 0
-func (s *DockerSuite) TestRunExitCodeZero(c *check.C) {
+func (s *DockerSuite) TestRunExitCodeZero(c *testing.T) {
 	dockerCmd(c, "run", "busybox", "true")
 }
 
 // the exit code should be 1
-func (s *DockerSuite) TestRunExitCodeOne(c *check.C) {
+func (s *DockerSuite) TestRunExitCodeOne(c *testing.T) {
 	_, exitCode, err := dockerCmdWithError("run", "busybox", "false")
-	c.Assert(err, checker.NotNil)
-	c.Assert(exitCode, checker.Equals, 1)
+	assert.ErrorContains(c, err, "")
+	assert.Equal(c, exitCode, 1)
 }
 
 // it should be possible to pipe in data via stdin to a process running in a container
-func (s *DockerSuite) TestRunStdinPipe(c *check.C) {
+func (s *DockerSuite) TestRunStdinPipe(c *testing.T) {
 	// TODO Windows: This needs some work to make compatible.
 	testRequires(c, DaemonIsLinux)
 	result := icmd.RunCmd(icmd.Cmd{
@@ -118,7 +117,7 @@ func (s *DockerSuite) TestRunStdinPipe(c *check.C) {
 }
 
 // the container's ID should be printed when starting a container in detached mode
-func (s *DockerSuite) TestRunDetachedContainerIDPrinting(c *check.C) {
+func (s *DockerSuite) TestRunDetachedContainerIDPrinting(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
 
 	out = strings.TrimSpace(out)
@@ -133,7 +132,7 @@ func (s *DockerSuite) TestRunDetachedContainerIDPrinting(c *check.C) {
 }
 
 // the working directory should be set correctly
-func (s *DockerSuite) TestRunWorkingDirectory(c *check.C) {
+func (s *DockerSuite) TestRunWorkingDirectory(c *testing.T) {
 	dir := "/root"
 	image := "busybox"
 	if testEnv.OSType == "windows" {
@@ -156,7 +155,7 @@ func (s *DockerSuite) TestRunWorkingDirectory(c *check.C) {
 }
 
 // pinging Google's DNS resolver should fail when we disable the networking
-func (s *DockerSuite) TestRunWithoutNetworking(c *check.C) {
+func (s *DockerSuite) TestRunWithoutNetworking(c *testing.T) {
 	count := "-c"
 	image := "busybox"
 	if testEnv.OSType == "windows" {
@@ -174,8 +173,8 @@ func (s *DockerSuite) TestRunWithoutNetworking(c *check.C) {
 	}
 }
 
-//test --link use container name to link target
-func (s *DockerSuite) TestRunLinksContainerWithContainerName(c *check.C) {
+// test --link use container name to link target
+func (s *DockerSuite) TestRunLinksContainerWithContainerName(c *testing.T) {
 	// TODO Windows: This test cannot run on a Windows daemon as the networking
 	// settings are not populated back yet on inspect.
 	testRequires(c, DaemonIsLinux)
@@ -189,8 +188,8 @@ func (s *DockerSuite) TestRunLinksContainerWithContainerName(c *check.C) {
 	}
 }
 
-//test --link use container id to link target
-func (s *DockerSuite) TestRunLinksContainerWithContainerID(c *check.C) {
+// test --link use container id to link target
+func (s *DockerSuite) TestRunLinksContainerWithContainerID(c *testing.T) {
 	// TODO Windows: This test cannot run on a Windows daemon as the networking
 	// settings are not populated back yet on inspect.
 	testRequires(c, DaemonIsLinux)
@@ -205,147 +204,145 @@ func (s *DockerSuite) TestRunLinksContainerWithContainerID(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestUserDefinedNetworkLinks(c *check.C) {
+func (s *DockerSuite) TestUserDefinedNetworkLinks(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	dockerCmd(c, "network", "create", "-d", "bridge", "udlinkNet")
 
 	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	// run a container in user-defined network udlinkNet with a link for an existing container
 	// and a link for a container that doesn't exist
 	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=second", "--link=first:foo",
 		"--link=third:bar", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// ping to first and its alias foo must succeed
 	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// ping to third and its alias must fail
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "third")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "bar")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// start third container now
 	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=third", "busybox", "top")
-	c.Assert(waitRun("third"), check.IsNil)
+	assert.Assert(c, waitRun("third") == nil)
 
 	// ping to third and its alias must succeed now
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "third")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "bar")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestUserDefinedNetworkLinksWithRestart(c *check.C) {
+func (s *DockerSuite) TestUserDefinedNetworkLinksWithRestart(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	dockerCmd(c, "network", "create", "-d", "bridge", "udlinkNet")
 
 	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=second", "--link=first:foo",
 		"busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// ping to first and its alias foo must succeed
 	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// Restart first container
 	dockerCmd(c, "restart", "first")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	// ping to first and its alias foo must still succeed
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// Restart second container
 	dockerCmd(c, "restart", "second")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// ping to first and its alias foo must still succeed
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSuite) TestRunWithNetAliasOnDefaultNetworks(c *check.C) {
+func (s *DockerSuite) TestRunWithNetAliasOnDefaultNetworks(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 
 	defaults := []string{"bridge", "host", "none"}
 	for _, net := range defaults {
 		out, _, err := dockerCmdWithError("run", "-d", "--net", net, "--net-alias", "alias_"+net, "busybox", "top")
-		c.Assert(err, checker.NotNil)
-		c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
+		assert.ErrorContains(c, err, "")
+		assert.Assert(c, strings.Contains(out, runconfig.ErrUnsupportedNetworkAndAlias.Error()))
 	}
 }
 
-func (s *DockerSuite) TestUserDefinedNetworkAlias(c *check.C) {
+func (s *DockerSuite) TestUserDefinedNetworkAlias(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	dockerCmd(c, "network", "create", "-d", "bridge", "net1")
 
 	cid1, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=first", "--net-alias=foo1", "--net-alias=foo2", "busybox:glibc", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	// Check if default short-id alias is added automatically
 	id := strings.TrimSpace(cid1)
 	aliases := inspectField(c, id, "NetworkSettings.Networks.net1.Aliases")
-	c.Assert(aliases, checker.Contains, stringid.TruncateID(id))
-
+	assert.Assert(c, strings.Contains(aliases, stringid.TruncateID(id)))
 	cid2, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=second", "busybox:glibc", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// Check if default short-id alias is added automatically
 	id = strings.TrimSpace(cid2)
 	aliases = inspectField(c, id, "NetworkSettings.Networks.net1.Aliases")
-	c.Assert(aliases, checker.Contains, stringid.TruncateID(id))
-
+	assert.Assert(c, strings.Contains(aliases, stringid.TruncateID(id)))
 	// ping to first and its network-scoped aliases
 	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo1")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo2")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	// ping first container's short-id alias
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", stringid.TruncateID(cid1))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// Restart first container
 	dockerCmd(c, "restart", "first")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	// ping to first and its network-scoped aliases must succeed
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo1")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo2")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	// ping first container's short-id alias
 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", stringid.TruncateID(cid1))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
 // Issue 9677.
-func (s *DockerSuite) TestRunWithDaemonFlags(c *check.C) {
+func (s *DockerSuite) TestRunWithDaemonFlags(c *testing.T) {
 	out, _, err := dockerCmdWithError("--exec-opt", "foo=bar", "run", "-i", "busybox", "true")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "unknown flag: --exec-opt")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "unknown flag: --exec-opt"))
 }
 
 // Regression test for #4979
-func (s *DockerSuite) TestRunWithVolumesFromExited(c *check.C) {
+func (s *DockerSuite) TestRunWithVolumesFromExited(c *testing.T) {
 
 	var (
 		out      string
@@ -375,7 +372,7 @@ func (s *DockerSuite) TestRunWithVolumesFromExited(c *check.C) {
 
 // Volume path is a symlink which also exists on the host, and the host side is a file not a dir
 // But the volume call is just a normal volume, not a bind mount
-func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) {
+func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *testing.T) {
 	var (
 		dockerFile    string
 		containerPath string
@@ -383,10 +380,10 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) {
 	)
 	// This test cannot run on a Windows daemon as
 	// Windows does not support symlinks inside a volume path
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 	name := "test-volume-symlink"
 
-	dir, err := ioutil.TempDir("", name)
+	dir, err := os.MkdirTemp("", name)
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -419,7 +416,7 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) {
 }
 
 // Volume path is a symlink in the container
-func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir2(c *check.C) {
+func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir2(c *testing.T) {
 	var (
 		dockerFile    string
 		containerPath string
@@ -427,7 +424,7 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir2(c *check.C) {
 	)
 	// This test cannot run on a Windows daemon as
 	// Windows does not support symlinks inside a volume path
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 	name := "test-volume-symlink2"
 
 	if testEnv.OSType == "windows" {
@@ -443,13 +440,13 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir2(c *check.C) {
 	dockerCmd(c, "run", "-v", containerPath, name, cmd)
 }
 
-func (s *DockerSuite) TestRunVolumesMountedAsReadonly(c *check.C) {
+func (s *DockerSuite) TestRunVolumesMountedAsReadonly(c *testing.T) {
 	if _, code, err := dockerCmdWithError("run", "-v", "/test:/test:ro", "busybox", "touch", "/test/somefile"); err == nil || code == 0 {
 		c.Fatalf("run should fail because volume is ro: exit code %d", code)
 	}
 }
 
-func (s *DockerSuite) TestRunVolumesFromInReadonlyModeFails(c *check.C) {
+func (s *DockerSuite) TestRunVolumesFromInReadonlyModeFails(c *testing.T) {
 	var (
 		volumeDir string
 		fileInVol string
@@ -470,7 +467,7 @@ func (s *DockerSuite) TestRunVolumesFromInReadonlyModeFails(c *check.C) {
 }
 
 // Regression test for #1201
-func (s *DockerSuite) TestRunVolumesFromInReadWriteMode(c *check.C) {
+func (s *DockerSuite) TestRunVolumesFromInReadWriteMode(c *testing.T) {
 	var (
 		volumeDir string
 		fileInVol string
@@ -493,8 +490,8 @@ func (s *DockerSuite) TestRunVolumesFromInReadWriteMode(c *check.C) {
 	dockerCmd(c, "run", "--volumes-from", "parent", "busybox", "touch", fileInVol)
 }
 
-func (s *DockerSuite) TestVolumesFromGetsProperMode(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestVolumesFromGetsProperMode(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 	hostpath := RandomTmpDirPath("test", testEnv.OSType)
 	if err := os.MkdirAll(hostpath, 0755); err != nil {
@@ -518,14 +515,14 @@ func (s *DockerSuite) TestVolumesFromGetsProperMode(c *check.C) {
 }
 
 // Test for GH#10618
-func (s *DockerSuite) TestRunNoDupVolumes(c *check.C) {
+func (s *DockerSuite) TestRunNoDupVolumes(c *testing.T) {
 	path1 := RandomTmpDirPath("test1", testEnv.OSType)
 	path2 := RandomTmpDirPath("test2", testEnv.OSType)
 
 	someplace := ":/someplace"
 	if testEnv.OSType == "windows" {
 		// Windows requires that the source directory exists before calling HCS
-		testRequires(c, SameHostDaemon)
+		testRequires(c, testEnv.IsLocalDaemon)
 		someplace = `:c:\someplace`
 		if err := os.MkdirAll(path1, 0755); err != nil {
 			c.Fatalf("Failed to create %s: %q", path1, err)
@@ -570,7 +567,7 @@ func (s *DockerSuite) TestRunNoDupVolumes(c *check.C) {
 }
 
 // Test for #1351
-func (s *DockerSuite) TestRunApplyVolumesFromBeforeVolumes(c *check.C) {
+func (s *DockerSuite) TestRunApplyVolumesFromBeforeVolumes(c *testing.T) {
 	prefix := ""
 	if testEnv.OSType == "windows" {
 		prefix = `c:`
@@ -579,7 +576,7 @@ func (s *DockerSuite) TestRunApplyVolumesFromBeforeVolumes(c *check.C) {
 	dockerCmd(c, "run", "--volumes-from", "parent", "-v", prefix+"/test", "busybox", "cat", prefix+"/test/foo")
 }
 
-func (s *DockerSuite) TestRunMultipleVolumesFrom(c *check.C) {
+func (s *DockerSuite) TestRunMultipleVolumesFrom(c *testing.T) {
 	prefix := ""
 	if testEnv.OSType == "windows" {
 		prefix = `c:`
@@ -590,7 +587,7 @@ func (s *DockerSuite) TestRunMultipleVolumesFrom(c *check.C) {
 }
 
 // this tests verifies the ID format for the container
-func (s *DockerSuite) TestRunVerifyContainerID(c *check.C) {
+func (s *DockerSuite) TestRunVerifyContainerID(c *testing.T) {
 	out, exit, err := dockerCmdWithError("run", "-d", "busybox", "true")
 	if err != nil {
 		c.Fatal(err)
@@ -609,7 +606,7 @@ func (s *DockerSuite) TestRunVerifyContainerID(c *check.C) {
 }
 
 // Test that creating a container with a volume doesn't crash. Regression test for #995.
-func (s *DockerSuite) TestRunCreateVolume(c *check.C) {
+func (s *DockerSuite) TestRunCreateVolume(c *testing.T) {
 	prefix := ""
 	if testEnv.OSType == "windows" {
 		prefix = `c:`
@@ -619,11 +616,11 @@ func (s *DockerSuite) TestRunCreateVolume(c *check.C) {
 
 // Test that creating a volume with a symlink in its path works correctly. Test for #5152.
 // Note that this bug happens only with symlinks with a target that starts with '/'.
-func (s *DockerSuite) TestRunCreateVolumeWithSymlink(c *check.C) {
+func (s *DockerSuite) TestRunCreateVolumeWithSymlink(c *testing.T) {
 	// Cannot run on Windows as relies on Linux-specific functionality (sh -c mount...)
 	testRequires(c, DaemonIsLinux)
-	workingDirectory, err := ioutil.TempDir("", "TestRunCreateVolumeWithSymlink")
-	c.Assert(err, checker.IsNil)
+	workingDirectory, err := os.MkdirTemp("", "TestRunCreateVolumeWithSymlink")
+	assert.NilError(c, err)
 	image := "docker-test-createvolumewithsymlink"
 
 	buildCmd := exec.Command(dockerBinary, "build", "-t", image, "-")
@@ -641,7 +638,7 @@ func (s *DockerSuite) TestRunCreateVolumeWithSymlink(c *check.C) {
 	}
 
 	volPath, err := inspectMountSourceField("test-createvolumewithsymlink", "/bar/foo")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, exitCode, err = dockerCmdWithError("rm", "-v", "test-createvolumewithsymlink")
 	if err != nil || exitCode != 0 {
@@ -655,13 +652,13 @@ func (s *DockerSuite) TestRunCreateVolumeWithSymlink(c *check.C) {
 }
 
 // Tests that a volume path that has a symlink exists in a container mounting it with `--volumes-from`.
-func (s *DockerSuite) TestRunVolumesFromSymlinkPath(c *check.C) {
+func (s *DockerSuite) TestRunVolumesFromSymlinkPath(c *testing.T) {
 	// This test cannot run on a Windows daemon as
 	// Windows does not support symlinks inside a volume path
 	testRequires(c, DaemonIsLinux)
 
-	workingDirectory, err := ioutil.TempDir("", "TestRunVolumesFromSymlinkPath")
-	c.Assert(err, checker.IsNil)
+	workingDirectory, err := os.MkdirTemp("", "TestRunVolumesFromSymlinkPath")
+	assert.NilError(c, err)
 	name := "docker-test-volumesfromsymlinkpath"
 	prefix := ""
 	dfContents := `FROM busybox
@@ -696,7 +693,7 @@ func (s *DockerSuite) TestRunVolumesFromSymlinkPath(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunExitCode(c *check.C) {
+func (s *DockerSuite) TestRunExitCode(c *testing.T) {
 	var (
 		exit int
 		err  error
@@ -712,10 +709,10 @@ func (s *DockerSuite) TestRunExitCode(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUserDefaults(c *check.C) {
+func (s *DockerSuite) TestRunUserDefaults(c *testing.T) {
 	expected := "uid=0(root) gid=0(root)"
 	if testEnv.OSType == "windows" {
-		expected = "uid=1000(ContainerAdministrator) gid=1000(ContainerAdministrator)"
+		expected = "uid=0(root) gid=0(root) groups=0(root)"
 	}
 	out, _ := dockerCmd(c, "run", "busybox", "id")
 	if !strings.Contains(out, expected) {
@@ -723,7 +720,7 @@ func (s *DockerSuite) TestRunUserDefaults(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUserByName(c *check.C) {
+func (s *DockerSuite) TestRunUserByName(c *testing.T) {
 	// TODO Windows: This test cannot run on a Windows daemon as Windows does
 	// not support the use of -u
 	testRequires(c, DaemonIsLinux)
@@ -733,7 +730,7 @@ func (s *DockerSuite) TestRunUserByName(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUserByID(c *check.C) {
+func (s *DockerSuite) TestRunUserByID(c *testing.T) {
 	// TODO Windows: This test cannot run on a Windows daemon as Windows does
 	// not support the use of -u
 	testRequires(c, DaemonIsLinux)
@@ -743,7 +740,7 @@ func (s *DockerSuite) TestRunUserByID(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUserByIDBig(c *check.C) {
+func (s *DockerSuite) TestRunUserByIDBig(c *testing.T) {
 	// TODO Windows: This test cannot run on a Windows daemon as Windows does
 	// not support the use of -u
 	testRequires(c, DaemonIsLinux, NotArm)
@@ -756,7 +753,7 @@ func (s *DockerSuite) TestRunUserByIDBig(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUserByIDNegative(c *check.C) {
+func (s *DockerSuite) TestRunUserByIDNegative(c *testing.T) {
 	// TODO Windows: This test cannot run on a Windows daemon as Windows does
 	// not support the use of -u
 	testRequires(c, DaemonIsLinux)
@@ -769,7 +766,7 @@ func (s *DockerSuite) TestRunUserByIDNegative(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUserByIDZero(c *check.C) {
+func (s *DockerSuite) TestRunUserByIDZero(c *testing.T) {
 	// TODO Windows: This test cannot run on a Windows daemon as Windows does
 	// not support the use of -u
 	testRequires(c, DaemonIsLinux)
@@ -782,7 +779,7 @@ func (s *DockerSuite) TestRunUserByIDZero(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUserNotFound(c *check.C) {
+func (s *DockerSuite) TestRunUserNotFound(c *testing.T) {
 	// TODO Windows: This test cannot run on a Windows daemon as Windows does
 	// not support the use of -u
 	testRequires(c, DaemonIsLinux)
@@ -792,7 +789,7 @@ func (s *DockerSuite) TestRunUserNotFound(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunTwoConcurrentContainers(c *check.C) {
+func (s *DockerSuite) TestRunTwoConcurrentContainers(c *testing.T) {
 	sleepTime := "2"
 	group := sync.WaitGroup{}
 	group.Add(2)
@@ -810,11 +807,11 @@ func (s *DockerSuite) TestRunTwoConcurrentContainers(c *check.C) {
 	close(errChan)
 
 	for err := range errChan {
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	}
 }
 
-func (s *DockerSuite) TestRunEnvironment(c *check.C) {
+func (s *DockerSuite) TestRunEnvironment(c *testing.T) {
 	// TODO Windows: Environment handling is different between Linux and
 	// Windows and this test relies currently on unix functionality.
 	testRequires(c, DaemonIsLinux)
@@ -853,7 +850,7 @@ func (s *DockerSuite) TestRunEnvironment(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunEnvironmentErase(c *check.C) {
+func (s *DockerSuite) TestRunEnvironmentErase(c *testing.T) {
 	// TODO Windows: Environment handling is different between Linux and
 	// Windows and this test relies currently on unix functionality.
 	testRequires(c, DaemonIsLinux)
@@ -886,7 +883,7 @@ func (s *DockerSuite) TestRunEnvironmentErase(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) {
+func (s *DockerSuite) TestRunEnvironmentOverride(c *testing.T) {
 	// TODO Windows: Environment handling is different between Linux and
 	// Windows and this test relies currently on unix functionality.
 	testRequires(c, DaemonIsLinux)
@@ -919,7 +916,7 @@ func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunContainerNetwork(c *check.C) {
+func (s *DockerSuite) TestRunContainerNetwork(c *testing.T) {
 	if testEnv.OSType == "windows" {
 		// Windows busybox does not have ping. Use built in ping instead.
 		dockerCmd(c, "run", testEnv.PlatformDefaults.BaseImage, "ping", "-n", "1", "127.0.0.1")
@@ -928,7 +925,7 @@ func (s *DockerSuite) TestRunContainerNetwork(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunNetHostNotAllowedWithLinks(c *check.C) {
+func (s *DockerSuite) TestRunNetHostNotAllowedWithLinks(c *testing.T) {
 	// TODO Windows: This is Linux specific as --link is not supported and
 	// this will be deprecated in favor of container networking model.
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
@@ -945,7 +942,7 @@ func (s *DockerSuite) TestRunNetHostNotAllowedWithLinks(c *check.C) {
 // and use "--net=host" (as the original issue submitter did), as the same
 // codepath is executed with "docker run -h <hostname>".  Both were manually
 // tested, but this testcase takes the simpler path of using "run -h .."
-func (s *DockerSuite) TestRunFullHostnameSet(c *check.C) {
+func (s *DockerSuite) TestRunFullHostnameSet(c *testing.T) {
 	// TODO Windows: -h is not yet functional.
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-h", "foo.bar.baz", "busybox", "hostname")
@@ -954,7 +951,7 @@ func (s *DockerSuite) TestRunFullHostnameSet(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunPrivilegedCanMknod(c *check.C) {
+func (s *DockerSuite) TestRunPrivilegedCanMknod(c *testing.T) {
 	// Not applicable for Windows as Windows daemon does not support
 	// the concept of --privileged, and mknod is a Unix concept.
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
@@ -964,7 +961,7 @@ func (s *DockerSuite) TestRunPrivilegedCanMknod(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUnprivilegedCanMknod(c *check.C) {
+func (s *DockerSuite) TestRunUnprivilegedCanMknod(c *testing.T) {
 	// Not applicable for Windows as Windows daemon does not support
 	// the concept of --privileged, and mknod is a Unix concept.
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
@@ -974,7 +971,7 @@ func (s *DockerSuite) TestRunUnprivilegedCanMknod(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapDropInvalid(c *check.C) {
+func (s *DockerSuite) TestRunCapDropInvalid(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-drop
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--cap-drop=CHPASS", "busybox", "ls")
@@ -983,7 +980,7 @@ func (s *DockerSuite) TestRunCapDropInvalid(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapDropCannotMknod(c *check.C) {
+func (s *DockerSuite) TestRunCapDropCannotMknod(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-drop or mknod
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--cap-drop=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
@@ -996,7 +993,7 @@ func (s *DockerSuite) TestRunCapDropCannotMknod(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapDropCannotMknodLowerCase(c *check.C) {
+func (s *DockerSuite) TestRunCapDropCannotMknodLowerCase(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-drop or mknod
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--cap-drop=mknod", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
@@ -1009,7 +1006,7 @@ func (s *DockerSuite) TestRunCapDropCannotMknodLowerCase(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapDropALLCannotMknod(c *check.C) {
+func (s *DockerSuite) TestRunCapDropALLCannotMknod(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-drop or mknod
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--cap-drop=ALL", "--cap-add=SETGID", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
@@ -1021,7 +1018,7 @@ func (s *DockerSuite) TestRunCapDropALLCannotMknod(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapDropALLAddMknodCanMknod(c *check.C) {
+func (s *DockerSuite) TestRunCapDropALLAddMknodCanMknod(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-drop or mknod
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	out, _ := dockerCmd(c, "run", "--cap-drop=ALL", "--cap-add=MKNOD", "--cap-add=SETGID", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
@@ -1031,7 +1028,7 @@ func (s *DockerSuite) TestRunCapDropALLAddMknodCanMknod(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapAddInvalid(c *check.C) {
+func (s *DockerSuite) TestRunCapAddInvalid(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-add
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--cap-add=CHPASS", "busybox", "ls")
@@ -1040,7 +1037,7 @@ func (s *DockerSuite) TestRunCapAddInvalid(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapAddCanDownInterface(c *check.C) {
+func (s *DockerSuite) TestRunCapAddCanDownInterface(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-add
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "--cap-add=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
@@ -1050,7 +1047,7 @@ func (s *DockerSuite) TestRunCapAddCanDownInterface(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapAddALLCanDownInterface(c *check.C) {
+func (s *DockerSuite) TestRunCapAddALLCanDownInterface(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-add
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "--cap-add=ALL", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
@@ -1060,7 +1057,7 @@ func (s *DockerSuite) TestRunCapAddALLCanDownInterface(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapAddALLDropNetAdminCanDownInterface(c *check.C) {
+func (s *DockerSuite) TestRunCapAddALLDropNetAdminCanDownInterface(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --cap-add
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--cap-add=ALL", "--cap-drop=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
@@ -1072,7 +1069,7 @@ func (s *DockerSuite) TestRunCapAddALLDropNetAdminCanDownInterface(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunGroupAdd(c *check.C) {
+func (s *DockerSuite) TestRunGroupAdd(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --group-add
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "--group-add=audio", "--group-add=staff", "--group-add=777", "busybox", "sh", "-c", "id")
@@ -1083,7 +1080,7 @@ func (s *DockerSuite) TestRunGroupAdd(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunPrivilegedCanMount(c *check.C) {
+func (s *DockerSuite) TestRunPrivilegedCanMount(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --privileged
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	out, _ := dockerCmd(c, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
@@ -1093,7 +1090,7 @@ func (s *DockerSuite) TestRunPrivilegedCanMount(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunUnprivilegedCannotMount(c *check.C) {
+func (s *DockerSuite) TestRunUnprivilegedCannotMount(c *testing.T) {
 	// Not applicable for Windows as there is no concept of unprivileged
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
@@ -1106,7 +1103,7 @@ func (s *DockerSuite) TestRunUnprivilegedCannotMount(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunSysNotWritableInNonPrivilegedContainers(c *check.C) {
+func (s *DockerSuite) TestRunSysNotWritableInNonPrivilegedContainers(c *testing.T) {
 	// Not applicable for Windows as there is no concept of unprivileged
 	testRequires(c, DaemonIsLinux, NotArm)
 	if _, code, err := dockerCmdWithError("run", "busybox", "touch", "/sys/kernel/profiling"); err == nil || code == 0 {
@@ -1114,7 +1111,7 @@ func (s *DockerSuite) TestRunSysNotWritableInNonPrivilegedContainers(c *check.C)
 	}
 }
 
-func (s *DockerSuite) TestRunSysWritableInPrivilegedContainers(c *check.C) {
+func (s *DockerSuite) TestRunSysWritableInPrivilegedContainers(c *testing.T) {
 	// Not applicable for Windows as there is no concept of unprivileged
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	if _, code, err := dockerCmdWithError("run", "--privileged", "busybox", "touch", "/sys/kernel/profiling"); err != nil || code != 0 {
@@ -1122,7 +1119,7 @@ func (s *DockerSuite) TestRunSysWritableInPrivilegedContainers(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunProcNotWritableInNonPrivilegedContainers(c *check.C) {
+func (s *DockerSuite) TestRunProcNotWritableInNonPrivilegedContainers(c *testing.T) {
 	// Not applicable for Windows as there is no concept of unprivileged
 	testRequires(c, DaemonIsLinux)
 	if _, code, err := dockerCmdWithError("run", "busybox", "touch", "/proc/sysrq-trigger"); err == nil || code == 0 {
@@ -1130,7 +1127,7 @@ func (s *DockerSuite) TestRunProcNotWritableInNonPrivilegedContainers(c *check.C
 	}
 }
 
-func (s *DockerSuite) TestRunProcWritableInPrivilegedContainers(c *check.C) {
+func (s *DockerSuite) TestRunProcWritableInPrivilegedContainers(c *testing.T) {
 	// Not applicable for Windows as there is no concept of --privileged
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	if _, code := dockerCmd(c, "run", "--privileged", "busybox", "sh", "-c", "touch /proc/sysrq-trigger"); code != 0 {
@@ -1138,7 +1135,7 @@ func (s *DockerSuite) TestRunProcWritableInPrivilegedContainers(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunDeviceNumbers(c *check.C) {
+func (s *DockerSuite) TestRunDeviceNumbers(c *testing.T) {
 	// Not applicable on Windows as /dev/ is a Unix specific concept
 	// TODO: NotUserNamespace could be removed here if "root" "root" is replaced w user
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
@@ -1154,7 +1151,7 @@ func (s *DockerSuite) TestRunDeviceNumbers(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunThatCharacterDevicesActLikeCharacterDevices(c *check.C) {
+func (s *DockerSuite) TestRunThatCharacterDevicesActLikeCharacterDevices(c *testing.T) {
 	// Not applicable on Windows as /dev/ is a Unix specific concept
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "busybox", "sh", "-c", "dd if=/dev/zero of=/zero bs=1k count=5 2> /dev/null ; du -h /zero")
@@ -1163,13 +1160,13 @@ func (s *DockerSuite) TestRunThatCharacterDevicesActLikeCharacterDevices(c *chec
 	}
 }
 
-func (s *DockerSuite) TestRunUnprivilegedWithChroot(c *check.C) {
+func (s *DockerSuite) TestRunUnprivilegedWithChroot(c *testing.T) {
 	// Not applicable on Windows as it does not support chroot
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "busybox", "chroot", "/", "true")
 }
 
-func (s *DockerSuite) TestRunAddingOptionalDevices(c *check.C) {
+func (s *DockerSuite) TestRunAddingOptionalDevices(c *testing.T) {
 	// Not applicable on Windows as Windows does not support --device
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	out, _ := dockerCmd(c, "run", "--device", "/dev/zero:/dev/nulo", "busybox", "sh", "-c", "ls /dev/nulo")
@@ -1178,7 +1175,7 @@ func (s *DockerSuite) TestRunAddingOptionalDevices(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunAddingOptionalDevicesNoSrc(c *check.C) {
+func (s *DockerSuite) TestRunAddingOptionalDevicesNoSrc(c *testing.T) {
 	// Not applicable on Windows as Windows does not support --device
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	out, _ := dockerCmd(c, "run", "--device", "/dev/zero:rw", "busybox", "sh", "-c", "ls /dev/zero")
@@ -1187,7 +1184,7 @@ func (s *DockerSuite) TestRunAddingOptionalDevicesNoSrc(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunAddingOptionalDevicesInvalidMode(c *check.C) {
+func (s *DockerSuite) TestRunAddingOptionalDevicesInvalidMode(c *testing.T) {
 	// Not applicable on Windows as Windows does not support --device
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	_, _, err := dockerCmdWithError("run", "--device", "/dev/zero:ro", "busybox", "sh", "-c", "ls /dev/zero")
@@ -1196,9 +1193,9 @@ func (s *DockerSuite) TestRunAddingOptionalDevicesInvalidMode(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModeHostname(c *check.C) {
+func (s *DockerSuite) TestRunModeHostname(c *testing.T) {
 	// Not applicable on Windows as Windows does not support -h
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 
 	out, _ := dockerCmd(c, "run", "-h=testhostname", "busybox", "cat", "/etc/hostname")
 
@@ -1217,7 +1214,7 @@ func (s *DockerSuite) TestRunModeHostname(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunRootWorkdir(c *check.C) {
+func (s *DockerSuite) TestRunRootWorkdir(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "--workdir", "/", "busybox", "pwd")
 	expected := "/\n"
 	if testEnv.OSType == "windows" {
@@ -1228,7 +1225,7 @@ func (s *DockerSuite) TestRunRootWorkdir(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunAllowBindMountingRoot(c *check.C) {
+func (s *DockerSuite) TestRunAllowBindMountingRoot(c *testing.T) {
 	if testEnv.OSType == "windows" {
 		// Windows busybox will fail with Permission Denied on items such as pagefile.sys
 		dockerCmd(c, "run", "-v", `c:\:c:\host`, testEnv.PlatformDefaults.BaseImage, "cmd", "-c", "dir", `c:\host`)
@@ -1237,7 +1234,7 @@ func (s *DockerSuite) TestRunAllowBindMountingRoot(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunDisallowBindMountingRootToRoot(c *check.C) {
+func (s *DockerSuite) TestRunDisallowBindMountingRootToRoot(c *testing.T) {
 	mount := "/:/"
 	targetDir := "/host"
 	if testEnv.OSType == "windows" {
@@ -1251,18 +1248,18 @@ func (s *DockerSuite) TestRunDisallowBindMountingRootToRoot(c *check.C) {
 }
 
 // Verify that a container gets default DNS when only localhost resolvers exist
-func (s *DockerSuite) TestRunDNSDefaultOptions(c *check.C) {
+func (s *DockerSuite) TestRunDNSDefaultOptions(c *testing.T) {
 	// Not applicable on Windows as this is testing Unix specific functionality
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	// preserve original resolv.conf for restoring after test
-	origResolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
+	origResolvConf, err := os.ReadFile("/etc/resolv.conf")
 	if os.IsNotExist(err) {
 		c.Fatalf("/etc/resolv.conf does not exist")
 	}
 	// defer restored original conf
 	defer func() {
-		if err := ioutil.WriteFile("/etc/resolv.conf", origResolvConf, 0644); err != nil {
+		if err := os.WriteFile("/etc/resolv.conf", origResolvConf, 0644); err != nil {
 			c.Fatal(err)
 		}
 	}()
@@ -1271,7 +1268,7 @@ func (s *DockerSuite) TestRunDNSDefaultOptions(c *check.C) {
 	// 2 are removed from the file at container start, and the 3rd (commented out) one is ignored by
 	// GetNameservers(), leading to a replacement of nameservers with the default set
 	tmpResolvConf := []byte("nameserver 127.0.0.1\n#nameserver 127.0.2.1\nnameserver ::1")
-	if err := ioutil.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
+	if err := os.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
 		c.Fatal(err)
 	}
 
@@ -1285,7 +1282,7 @@ func (s *DockerSuite) TestRunDNSDefaultOptions(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunDNSOptions(c *check.C) {
+func (s *DockerSuite) TestRunDNSOptions(c *testing.T) {
 	// Not applicable on Windows as Windows does not support --dns*, or
 	// the Unix-specific functionality of resolv.conf.
 	testRequires(c, DaemonIsLinux)
@@ -1309,7 +1306,7 @@ func (s *DockerSuite) TestRunDNSOptions(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunDNSRepeatOptions(c *check.C) {
+func (s *DockerSuite) TestRunDNSRepeatOptions(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out := cli.DockerCmd(c, "run", "--dns=1.1.1.1", "--dns=2.2.2.2", "--dns-search=mydomain", "--dns-search=mydomain2", "--dns-opt=ndots:9", "--dns-opt=timeout:3", "busybox", "cat", "/etc/resolv.conf").Stdout()
 
@@ -1319,23 +1316,23 @@ func (s *DockerSuite) TestRunDNSRepeatOptions(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunDNSOptionsBasedOnHostResolvConf(c *check.C) {
+func (s *DockerSuite) TestRunDNSOptionsBasedOnHostResolvConf(c *testing.T) {
 	// Not applicable on Windows as testing Unix specific functionality
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
-	origResolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
+	origResolvConf, err := os.ReadFile("/etc/resolv.conf")
 	if os.IsNotExist(err) {
 		c.Fatalf("/etc/resolv.conf does not exist")
 	}
 
-	hostNameservers := resolvconf.GetNameservers(origResolvConf, types.IP)
+	hostNameservers := resolvconf.GetNameservers(origResolvConf, resolvconf.IP)
 	hostSearch := resolvconf.GetSearchDomains(origResolvConf)
 
 	var out string
 	out, _ = dockerCmd(c, "run", "--dns=127.0.0.1", "busybox", "cat", "/etc/resolv.conf")
 
-	if actualNameservers := resolvconf.GetNameservers([]byte(out), types.IP); string(actualNameservers[0]) != "127.0.0.1" {
-		c.Fatalf("expected '127.0.0.1', but says: %q", string(actualNameservers[0]))
+	if actualNameservers := resolvconf.GetNameservers([]byte(out), resolvconf.IP); actualNameservers[0] != "127.0.0.1" {
+		c.Fatalf("expected '127.0.0.1', but says: %q", actualNameservers[0])
 	}
 
 	actualSearch := resolvconf.GetSearchDomains([]byte(out))
@@ -1350,7 +1347,7 @@ func (s *DockerSuite) TestRunDNSOptionsBasedOnHostResolvConf(c *check.C) {
 
 	out, _ = dockerCmd(c, "run", "--dns-search=mydomain", "busybox", "cat", "/etc/resolv.conf")
 
-	actualNameservers := resolvconf.GetNameservers([]byte(out), types.IP)
+	actualNameservers := resolvconf.GetNameservers([]byte(out), resolvconf.IP)
 	if len(actualNameservers) != len(hostNameservers) {
 		c.Fatalf("expected %q nameserver(s), but it has: %q", len(hostNameservers), len(actualNameservers))
 	}
@@ -1360,23 +1357,23 @@ func (s *DockerSuite) TestRunDNSOptionsBasedOnHostResolvConf(c *check.C) {
 		}
 	}
 
-	if actualSearch = resolvconf.GetSearchDomains([]byte(out)); string(actualSearch[0]) != "mydomain" {
-		c.Fatalf("expected 'mydomain', but says: %q", string(actualSearch[0]))
+	if actualSearch = resolvconf.GetSearchDomains([]byte(out)); actualSearch[0] != "mydomain" {
+		c.Fatalf("expected 'mydomain', but says: %q", actualSearch[0])
 	}
 
 	// test with file
 	tmpResolvConf := []byte("search example.com\nnameserver 12.34.56.78\nnameserver 127.0.0.1")
-	if err := ioutil.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
+	if err := os.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
 		c.Fatal(err)
 	}
 	// put the old resolvconf back
 	defer func() {
-		if err := ioutil.WriteFile("/etc/resolv.conf", origResolvConf, 0644); err != nil {
+		if err := os.WriteFile("/etc/resolv.conf", origResolvConf, 0644); err != nil {
 			c.Fatal(err)
 		}
 	}()
 
-	resolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
+	resolvConf, err := os.ReadFile("/etc/resolv.conf")
 	if os.IsNotExist(err) {
 		c.Fatalf("/etc/resolv.conf does not exist")
 	}
@@ -1384,7 +1381,7 @@ func (s *DockerSuite) TestRunDNSOptionsBasedOnHostResolvConf(c *check.C) {
 	hostSearch = resolvconf.GetSearchDomains(resolvConf)
 
 	out, _ = dockerCmd(c, "run", "busybox", "cat", "/etc/resolv.conf")
-	if actualNameservers = resolvconf.GetNameservers([]byte(out), types.IP); string(actualNameservers[0]) != "12.34.56.78" || len(actualNameservers) != 1 {
+	if actualNameservers = resolvconf.GetNameservers([]byte(out), resolvconf.IP); actualNameservers[0] != "12.34.56.78" || len(actualNameservers) != 1 {
 		c.Fatalf("expected '12.34.56.78', but has: %v", actualNameservers)
 	}
 
@@ -1401,11 +1398,11 @@ func (s *DockerSuite) TestRunDNSOptionsBasedOnHostResolvConf(c *check.C) {
 
 // Test to see if a non-root user can resolve a DNS name. Also
 // check if the container resolv.conf file has at least 0644 perm.
-func (s *DockerSuite) TestRunNonRootUserResolvName(c *check.C) {
+func (s *DockerSuite) TestRunNonRootUserResolvName(c *testing.T) {
 	// Not applicable on Windows as Windows does not support --user
-	testRequires(c, SameHostDaemon, Network, DaemonIsLinux, NotArm)
+	testRequires(c, testEnv.IsLocalDaemon, Network, DaemonIsLinux, NotArm)
 
-	dockerCmd(c, "run", "--name=testperm", "--user=nobody", "busybox", "nslookup", "apt.dockerproject.org")
+	dockerCmd(c, "run", "--name=testperm", "--user=nobody", "busybox", "nslookup", "example.com")
 
 	cID := getIDByName(c, "testperm")
 
@@ -1423,16 +1420,16 @@ func (s *DockerSuite) TestRunNonRootUserResolvName(c *check.C) {
 // Test if container resolv.conf gets updated the next time it restarts
 // if host /etc/resolv.conf has changed. This only applies if the container
 // uses the host's /etc/resolv.conf and does not have any dns options provided.
-func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
+func (s *DockerSuite) TestRunResolvconfUpdate(c *testing.T) {
 	// Not applicable on Windows as testing unix specific functionality
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 	c.Skip("Unstable test, to be re-activated once #19937 is resolved")
 
 	tmpResolvConf := []byte("search pommesfrites.fr\nnameserver 12.34.56.78\n")
 	tmpLocalhostResolvConf := []byte("nameserver 127.0.0.1")
 
-	//take a copy of resolv.conf for restoring after test completes
-	resolvConfSystem, err := ioutil.ReadFile("/etc/resolv.conf")
+	// take a copy of resolv.conf for restoring after test completes
+	resolvConfSystem, err := os.ReadFile("/etc/resolv.conf")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -1440,7 +1437,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 	// This test case is meant to test monitoring resolv.conf when it is
 	// a regular file not a bind mounc. So we unmount resolv.conf and replace
 	// it with a file containing the original settings.
-	mounted, err := mount.Mounted("/etc/resolv.conf")
+	mounted, err := mountinfo.Mounted("/etc/resolv.conf")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -1448,20 +1445,19 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 		icmd.RunCommand("umount", "/etc/resolv.conf").Assert(c, icmd.Success)
 	}
 
-	//cleanup
+	// cleanup
 	defer func() {
-		if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+		if err := os.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
 			c.Fatal(err)
 		}
 	}()
 
-	//1. test that a restarting container gets an updated resolv.conf
+	// 1. test that a restarting container gets an updated resolv.conf
 	dockerCmd(c, "run", "--name=first", "busybox", "true")
 	containerID1 := getIDByName(c, "first")
 
 	// replace resolv.conf with our temporary copy
-	bytesResolvConf := []byte(tmpResolvConf)
-	if err := ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil {
+	if err := os.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
 		c.Fatal(err)
 	}
 
@@ -1470,21 +1466,21 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 
 	// check for update in container
 	containerResolv := readContainerFile(c, containerID1, "resolv.conf")
-	if !bytes.Equal(containerResolv, bytesResolvConf) {
+	if !bytes.Equal(containerResolv, tmpResolvConf) {
 		c.Fatalf("Restarted container does not have updated resolv.conf; expected %q, got %q", tmpResolvConf, string(containerResolv))
 	}
 
-	/*	//make a change to resolv.conf (in this case replacing our tmp copy with orig copy)
-		if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+	/*	// make a change to resolv.conf (in this case replacing our tmp copy with orig copy)
+		if err := os.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
 						c.Fatal(err)
 								} */
-	//2. test that a restarting container does not receive resolv.conf updates
+	// 2. test that a restarting container does not receive resolv.conf updates
 	//   if it modified the container copy of the starting point resolv.conf
 	dockerCmd(c, "run", "--name=second", "busybox", "sh", "-c", "echo 'search mylittlepony.com' >>/etc/resolv.conf")
 	containerID2 := getIDByName(c, "second")
 
-	//make a change to resolv.conf (in this case replacing our tmp copy with orig copy)
-	if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+	// make a change to resolv.conf (in this case replacing our tmp copy with orig copy)
+	if err := os.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
 		c.Fatal(err)
 	}
 
@@ -1497,37 +1493,36 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 		c.Fatalf("Container's resolv.conf should not have been updated with host resolv.conf: %q", string(containerResolv))
 	}
 
-	//3. test that a running container's resolv.conf is not modified while running
+	// 3. test that a running container's resolv.conf is not modified while running
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	runningContainerID := strings.TrimSpace(out)
 
 	// replace resolv.conf
-	if err := ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil {
+	if err := os.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
 		c.Fatal(err)
 	}
 
 	// check for update in container
 	containerResolv = readContainerFile(c, runningContainerID, "resolv.conf")
-	if bytes.Equal(containerResolv, bytesResolvConf) {
+	if bytes.Equal(containerResolv, tmpResolvConf) {
 		c.Fatalf("Running container should not have updated resolv.conf; expected %q, got %q", string(resolvConfSystem), string(containerResolv))
 	}
 
-	//4. test that a running container's resolv.conf is updated upon restart
+	// 4. test that a running container's resolv.conf is updated upon restart
 	//   (the above container is still running..)
 	dockerCmd(c, "restart", runningContainerID)
 
 	// check for update in container
 	containerResolv = readContainerFile(c, runningContainerID, "resolv.conf")
-	if !bytes.Equal(containerResolv, bytesResolvConf) {
-		c.Fatalf("Restarted container should have updated resolv.conf; expected %q, got %q", string(bytesResolvConf), string(containerResolv))
+	if !bytes.Equal(containerResolv, tmpResolvConf) {
+		c.Fatalf("Restarted container should have updated resolv.conf; expected %q, got %q", string(tmpResolvConf), string(containerResolv))
 	}
 
-	//5. test that additions of a localhost resolver are cleaned from
+	// 5. test that additions of a localhost resolver are cleaned from
 	//   host resolv.conf before updating container's resolv.conf copies
 
 	// replace resolv.conf with a localhost-only nameserver copy
-	bytesResolvConf = []byte(tmpLocalhostResolvConf)
-	if err = ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil {
+	if err = os.WriteFile("/etc/resolv.conf", tmpLocalhostResolvConf, 0644); err != nil {
 		c.Fatal(err)
 	}
 
@@ -1542,11 +1537,11 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 		c.Fatalf("Container does not have cleaned/replaced DNS in resolv.conf; expected %q, got %q", expected, string(containerResolv))
 	}
 
-	//6. Test that replacing (as opposed to modifying) resolv.conf triggers an update
+	// 6. Test that replacing (as opposed to modifying) resolv.conf triggers an update
 	//   of containers' resolv.conf.
 
 	// Restore the original resolv.conf
-	if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+	if err := os.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
 		c.Fatal(err)
 	}
 
@@ -1555,8 +1550,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 	containerID3 := getIDByName(c, "third")
 
 	// Create a modified resolv.conf.aside and override resolv.conf with it
-	bytesResolvConf = []byte(tmpResolvConf)
-	if err := ioutil.WriteFile("/etc/resolv.conf.aside", bytesResolvConf, 0644); err != nil {
+	if err := os.WriteFile("/etc/resolv.conf.aside", tmpResolvConf, 0644); err != nil {
 		c.Fatal(err)
 	}
 
@@ -1570,14 +1564,14 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 
 	// check for update in container
 	containerResolv = readContainerFile(c, containerID3, "resolv.conf")
-	if !bytes.Equal(containerResolv, bytesResolvConf) {
+	if !bytes.Equal(containerResolv, tmpResolvConf) {
 		c.Fatalf("Stopped container does not have updated resolv.conf; expected\n%q\n got\n%q", tmpResolvConf, string(containerResolv))
 	}
 
-	//cleanup, restore original resolv.conf happens in defer func()
+	// cleanup, restore original resolv.conf happens in defer func()
 }
 
-func (s *DockerSuite) TestRunAddHost(c *check.C) {
+func (s *DockerSuite) TestRunAddHost(c *testing.T) {
 	// Not applicable on Windows as it does not support --add-host
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "--add-host=extra:86.75.30.9", "busybox", "grep", "extra", "/etc/hosts")
@@ -1589,7 +1583,7 @@ func (s *DockerSuite) TestRunAddHost(c *check.C) {
 }
 
 // Regression test for #6983
-func (s *DockerSuite) TestRunAttachStdErrOnlyTTYMode(c *check.C) {
+func (s *DockerSuite) TestRunAttachStdErrOnlyTTYMode(c *testing.T) {
 	_, exitCode := dockerCmd(c, "run", "-t", "-a", "stderr", "busybox", "true")
 	if exitCode != 0 {
 		c.Fatalf("Container should have exited with error code 0")
@@ -1597,7 +1591,7 @@ func (s *DockerSuite) TestRunAttachStdErrOnlyTTYMode(c *check.C) {
 }
 
 // Regression test for #6983
-func (s *DockerSuite) TestRunAttachStdOutOnlyTTYMode(c *check.C) {
+func (s *DockerSuite) TestRunAttachStdOutOnlyTTYMode(c *testing.T) {
 	_, exitCode := dockerCmd(c, "run", "-t", "-a", "stdout", "busybox", "true")
 	if exitCode != 0 {
 		c.Fatalf("Container should have exited with error code 0")
@@ -1605,7 +1599,7 @@ func (s *DockerSuite) TestRunAttachStdOutOnlyTTYMode(c *check.C) {
 }
 
 // Regression test for #6983
-func (s *DockerSuite) TestRunAttachStdOutAndErrTTYMode(c *check.C) {
+func (s *DockerSuite) TestRunAttachStdOutAndErrTTYMode(c *testing.T) {
 	_, exitCode := dockerCmd(c, "run", "-t", "-a", "stdout", "-a", "stderr", "busybox", "true")
 	if exitCode != 0 {
 		c.Fatalf("Container should have exited with error code 0")
@@ -1614,7 +1608,7 @@ func (s *DockerSuite) TestRunAttachStdOutAndErrTTYMode(c *check.C) {
 
 // Test for #10388 - this will run the same test as TestRunAttachStdOutAndErrTTYMode
 // but using --attach instead of -a to make sure we read the flag correctly
-func (s *DockerSuite) TestRunAttachWithDetach(c *check.C) {
+func (s *DockerSuite) TestRunAttachWithDetach(c *testing.T) {
 	icmd.RunCommand(dockerBinary, "run", "-d", "--attach", "stdout", "busybox", "true").Assert(c, icmd.Expected{
 		ExitCode: 1,
 		Error:    "exit status 1",
@@ -1622,7 +1616,7 @@ func (s *DockerSuite) TestRunAttachWithDetach(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestRunState(c *check.C) {
+func (s *DockerSuite) TestRunState(c *testing.T) {
 	// TODO Windows: This needs some rework as Windows busybox does not support top
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
@@ -1659,7 +1653,7 @@ func (s *DockerSuite) TestRunState(c *check.C) {
 }
 
 // Test for #1737
-func (s *DockerSuite) TestRunCopyVolumeUIDGID(c *check.C) {
+func (s *DockerSuite) TestRunCopyVolumeUIDGID(c *testing.T) {
 	// Not applicable on Windows as it does not support uid or gid in this way
 	testRequires(c, DaemonIsLinux)
 	name := "testrunvolumesuidgid"
@@ -1677,7 +1671,7 @@ func (s *DockerSuite) TestRunCopyVolumeUIDGID(c *check.C) {
 }
 
 // Test for #1582
-func (s *DockerSuite) TestRunCopyVolumeContent(c *check.C) {
+func (s *DockerSuite) TestRunCopyVolumeContent(c *testing.T) {
 	// TODO Windows, post RS1. Windows does not yet support volume functionality
 	// that copies from the image to the volume.
 	testRequires(c, DaemonIsLinux)
@@ -1692,7 +1686,7 @@ func (s *DockerSuite) TestRunCopyVolumeContent(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) {
+func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *testing.T) {
 	name := "testrunmdcleanuponentrypoint"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		ENTRYPOINT ["echo"]
@@ -1705,7 +1699,7 @@ func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) {
 	out = strings.TrimSpace(out)
 	expected := "root"
 	if testEnv.OSType == "windows" {
-		if strings.Contains(testEnv.PlatformDefaults.BaseImage, "windowsservercore") {
+		if strings.Contains(testEnv.PlatformDefaults.BaseImage, "servercore") {
 			expected = `user manager\containeradministrator`
 		} else {
 			expected = `ContainerAdministrator` // nanoserver
@@ -1717,7 +1711,7 @@ func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) {
 }
 
 // TestRunWorkdirExistsAndIsFile checks that if 'docker run -w' with existing file can be detected
-func (s *DockerSuite) TestRunWorkdirExistsAndIsFile(c *check.C) {
+func (s *DockerSuite) TestRunWorkdirExistsAndIsFile(c *testing.T) {
 	existingFile := "/bin/cat"
 	expected := "not a directory"
 	if testEnv.OSType == "windows" {
@@ -1731,7 +1725,7 @@ func (s *DockerSuite) TestRunWorkdirExistsAndIsFile(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunExitOnStdinClose(c *check.C) {
+func (s *DockerSuite) TestRunExitOnStdinClose(c *testing.T) {
 	name := "testrunexitonstdinclose"
 
 	meow := "/bin/cat"
@@ -1769,14 +1763,14 @@ func (s *DockerSuite) TestRunExitOnStdinClose(c *check.C) {
 	if err := stdin.Close(); err != nil {
 		c.Fatal(err)
 	}
-	finish := make(chan error)
+	finish := make(chan error, 1)
 	go func() {
 		finish <- runCmd.Wait()
 		close(finish)
 	}()
 	select {
 	case err := <-finish:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(time.Duration(delay) * time.Second):
 		c.Fatal("docker run failed to exit on stdin close")
 	}
@@ -1788,24 +1782,22 @@ func (s *DockerSuite) TestRunExitOnStdinClose(c *check.C) {
 }
 
 // Test run -i --restart xxx doesn't hang
-func (s *DockerSuite) TestRunInteractiveWithRestartPolicy(c *check.C) {
+func (s *DockerSuite) TestRunInteractiveWithRestartPolicy(c *testing.T) {
 	name := "test-inter-restart"
 
-	result := icmd.StartCmd(icmd.Cmd{
+	result := icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "run", "-i", "--name", name, "--restart=always", "busybox", "sh"},
 		Stdin:   bytes.NewBufferString("exit 11"),
 	})
-	c.Assert(result.Error, checker.IsNil)
 	defer func() {
-		dockerCmdWithResult("stop", name).Assert(c, icmd.Success)
+		cli.Docker(cli.Args("stop", name)).Assert(c, icmd.Success)
 	}()
 
-	result = icmd.WaitOnCmd(60*time.Second, result)
 	result.Assert(c, icmd.Expected{ExitCode: 11})
 }
 
 // Test for #2267
-func (s *DockerSuite) TestRunWriteSpecialFilesAndNotCommit(c *check.C) {
+func (s *DockerSuite) TestRunWriteSpecialFilesAndNotCommit(c *testing.T) {
 	// Cannot run on Windows as this files are not present in Windows
 	testRequires(c, DaemonIsLinux)
 
@@ -1814,7 +1806,7 @@ func (s *DockerSuite) TestRunWriteSpecialFilesAndNotCommit(c *check.C) {
 	testRunWriteSpecialFilesAndNotCommit(c, "writeresolv", "/etc/resolv.conf")
 }
 
-func testRunWriteSpecialFilesAndNotCommit(c *check.C, name, path string) {
+func testRunWriteSpecialFilesAndNotCommit(c *testing.T, name, path string) {
 	command := fmt.Sprintf("echo test2267 >> %s && cat %s", path, path)
 	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", command)
 	if !strings.Contains(out, "test2267") {
@@ -1827,7 +1819,7 @@ func testRunWriteSpecialFilesAndNotCommit(c *check.C, name, path string) {
 	}
 }
 
-func eqToBaseDiff(out string, c *check.C) bool {
+func eqToBaseDiff(out string, c *testing.T) bool {
 	name := "eqToBaseDiff" + testutil.GenerateRandomAlphaOnlyString(32)
 	dockerCmd(c, "run", "--name", name, "busybox", "echo", "hello")
 	cID := getIDByName(c, name)
@@ -1853,7 +1845,7 @@ func sliceEq(a, b []string) bool {
 	return true
 }
 
-func (s *DockerSuite) TestRunWithBadDevice(c *check.C) {
+func (s *DockerSuite) TestRunWithBadDevice(c *testing.T) {
 	// Cannot run on Windows as Windows does not support --device
 	testRequires(c, DaemonIsLinux)
 	name := "baddevice"
@@ -1868,7 +1860,7 @@ func (s *DockerSuite) TestRunWithBadDevice(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunEntrypoint(c *check.C) {
+func (s *DockerSuite) TestRunEntrypoint(c *testing.T) {
 	name := "entrypoint"
 
 	out, _ := dockerCmd(c, "run", "--name", name, "--entrypoint", "echo", "busybox", "-n", "foobar")
@@ -1879,15 +1871,20 @@ func (s *DockerSuite) TestRunEntrypoint(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunBindMounts(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestRunBindMounts(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	if testEnv.OSType == "linux" {
 		testRequires(c, DaemonIsLinux, NotUserNamespace)
 	}
 
+	if testEnv.OSType == "windows" {
+		// Disabled prior to RS5 due to how volumes are mapped
+		testRequires(c, DaemonIsWindowsAtLeastBuild(osversion.RS5))
+	}
+
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 
-	tmpDir, err := ioutil.TempDir("", "docker-test-container")
+	tmpDir, err := os.MkdirTemp("", "docker-test-container")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -1896,7 +1893,7 @@ func (s *DockerSuite) TestRunBindMounts(c *check.C) {
 	writeFile(path.Join(tmpDir, "touch-me"), "", c)
 
 	// Test reading from a read-only bind mount
-	out, _ := dockerCmd(c, "run", "-v", fmt.Sprintf("%s:%s/tmp:ro", tmpDir, prefix), "busybox", "ls", prefix+"/tmp")
+	out, _ := dockerCmd(c, "run", "-v", fmt.Sprintf("%s:%s/tmpx:ro", tmpDir, prefix), "busybox", "ls", prefix+"/tmpx")
 	if !strings.Contains(out, "touch-me") {
 		c.Fatal("Container failed to read from bind mount")
 	}
@@ -1930,11 +1927,11 @@ func (s *DockerSuite) TestRunBindMounts(c *check.C) {
 
 // Ensure that CIDFile gets deleted if it's empty
 // Perform this test by making `docker run` fail
-func (s *DockerSuite) TestRunCidFileCleanupIfEmpty(c *check.C) {
+func (s *DockerSuite) TestRunCidFileCleanupIfEmpty(c *testing.T) {
 	// Skip on Windows. Base image on Windows has a CMD set in the image.
 	testRequires(c, DaemonIsLinux)
 
-	tmpDir, err := ioutil.TempDir("", "TestRunCidFile")
+	tmpDir, err := os.MkdirTemp("", "TestRunCidFile")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -1959,10 +1956,10 @@ func (s *DockerSuite) TestRunCidFileCleanupIfEmpty(c *check.C) {
 }
 
 // #2098 - Docker cidFiles only contain short version of the containerId
-//sudo docker run --cidfile /tmp/docker_tesc.cid ubuntu echo "test"
+// sudo docker run --cidfile /tmp/docker_tesc.cid ubuntu echo "test"
 // TestRunCidFile tests that run --cidfile returns the longid
-func (s *DockerSuite) TestRunCidFileCheckIDLength(c *check.C) {
-	tmpDir, err := ioutil.TempDir("", "TestRunCidFile")
+func (s *DockerSuite) TestRunCidFileCheckIDLength(c *testing.T) {
+	tmpDir, err := os.MkdirTemp("", "TestRunCidFile")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -1972,7 +1969,7 @@ func (s *DockerSuite) TestRunCidFileCheckIDLength(c *check.C) {
 	out, _ := dockerCmd(c, "run", "-d", "--cidfile", tmpCidFile, "busybox", "true")
 
 	id := strings.TrimSpace(out)
-	buffer, err := ioutil.ReadFile(tmpCidFile)
+	buffer, err := os.ReadFile(tmpCidFile)
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -1985,7 +1982,8 @@ func (s *DockerSuite) TestRunCidFileCheckIDLength(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunSetMacAddress(c *check.C) {
+func (s *DockerSuite) TestRunSetMacAddress(c *testing.T) {
+	skip.If(c, RuntimeIsWindowsContainerd(), "FIXME: Broken on Windows + containerd combination")
 	mac := "12:34:56:78:9a:bc"
 	var out string
 	if testEnv.OSType == "windows" {
@@ -2001,7 +1999,7 @@ func (s *DockerSuite) TestRunSetMacAddress(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunInspectMacAddress(c *check.C) {
+func (s *DockerSuite) TestRunInspectMacAddress(c *testing.T) {
 	// TODO Windows. Network settings are not propagated back to inspect.
 	testRequires(c, DaemonIsLinux)
 	mac := "12:34:56:78:9a:bc"
@@ -2015,17 +2013,17 @@ func (s *DockerSuite) TestRunInspectMacAddress(c *check.C) {
 }
 
 // test docker run use an invalid mac address
-func (s *DockerSuite) TestRunWithInvalidMacAddress(c *check.C) {
+func (s *DockerSuite) TestRunWithInvalidMacAddress(c *testing.T) {
 	out, _, err := dockerCmdWithError("run", "--mac-address", "92:d0:c6:0a:29", "busybox")
-	//use an invalid mac address should with an error out
+	// use an invalid mac address should with an error out
 	if err == nil || !strings.Contains(out, "is not a valid mac address") {
 		c.Fatalf("run with an invalid --mac-address should with error out")
 	}
 }
 
-func (s *DockerSuite) TestRunDeallocatePortOnMissingIptablesRule(c *check.C) {
+func (s *DockerSuite) TestRunDeallocatePortOnMissingIptablesRule(c *testing.T) {
 	// TODO Windows. Network settings are not propagated back to inspect.
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	out := cli.DockerCmd(c, "run", "-d", "-p", "23:23", "busybox", "top").Combined()
 
@@ -2039,11 +2037,11 @@ func (s *DockerSuite) TestRunDeallocatePortOnMissingIptablesRule(c *check.C) {
 	cli.DockerCmd(c, "run", "-d", "-p", "23:23", "busybox", "top")
 }
 
-func (s *DockerSuite) TestRunPortInUse(c *check.C) {
+func (s *DockerSuite) TestRunPortInUse(c *testing.T) {
 	// TODO Windows. The duplicate NAT message returned by Windows will be
 	// changing as is currently completely undecipherable. Does need modifying
 	// to run sh rather than top though as top isn't in Windows busybox.
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	port := "1234"
 	dockerCmd(c, "run", "-d", "-p", port+":80", "busybox", "top")
@@ -2058,19 +2056,18 @@ func (s *DockerSuite) TestRunPortInUse(c *check.C) {
 }
 
 // https://github.com/docker/docker/issues/12148
-func (s *DockerSuite) TestRunAllocatePortInReservedRange(c *check.C) {
+func (s *DockerSuite) TestRunAllocatePortInReservedRange(c *testing.T) {
 	// TODO Windows. -P is not yet supported
 	testRequires(c, DaemonIsLinux)
 	// allocate a dynamic port to get the most recent
 	out, _ := dockerCmd(c, "run", "-d", "-P", "-p", "80", "busybox", "top")
 
 	id := strings.TrimSpace(out)
-	out, _ = dockerCmd(c, "port", id, "80")
-
-	strPort := strings.Split(strings.TrimSpace(out), ":")[1]
-	port, err := strconv.ParseInt(strPort, 10, 64)
+	out, _ = dockerCmd(c, "inspect", "--format", `{{index .NetworkSettings.Ports "80/tcp" 0 "HostPort" }}`, id)
+	out = strings.TrimSpace(out)
+	port, err := strconv.ParseInt(out, 10, 64)
 	if err != nil {
-		c.Fatalf("invalid port, got: %s, error: %s", strPort, err)
+		c.Fatalf("invalid port, got: %s, error: %s", out, err)
 	}
 
 	// allocate a static port and a dynamic port together, with static port
@@ -2079,18 +2076,18 @@ func (s *DockerSuite) TestRunAllocatePortInReservedRange(c *check.C) {
 }
 
 // Regression test for #7792
-func (s *DockerSuite) TestRunMountOrdering(c *check.C) {
+func (s *DockerSuite) TestRunMountOrdering(c *testing.T) {
 	// TODO Windows: Post RS1. Windows does not support nested mounts.
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 
-	tmpDir, err := ioutil.TempDir("", "docker_nested_mount_test")
+	tmpDir, err := os.MkdirTemp("", "docker_nested_mount_test")
 	if err != nil {
 		c.Fatal(err)
 	}
 	defer os.RemoveAll(tmpDir)
 
-	tmpDir2, err := ioutil.TempDir("", "docker_nested_mount_test2")
+	tmpDir2, err := os.MkdirTemp("", "docker_nested_mount_test2")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -2102,15 +2099,15 @@ func (s *DockerSuite) TestRunMountOrdering(c *check.C) {
 		c.Fatalf("failed to mkdir at %s - %s", fooDir, err)
 	}
 
-	if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", fooDir), []byte{}, 0644); err != nil {
+	if err := os.WriteFile(fmt.Sprintf("%s/touch-me", fooDir), []byte{}, 0644); err != nil {
 		c.Fatal(err)
 	}
 
-	if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", tmpDir), []byte{}, 0644); err != nil {
+	if err := os.WriteFile(fmt.Sprintf("%s/touch-me", tmpDir), []byte{}, 0644); err != nil {
 		c.Fatal(err)
 	}
 
-	if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", tmpDir2), []byte{}, 0644); err != nil {
+	if err := os.WriteFile(fmt.Sprintf("%s/touch-me", tmpDir2), []byte{}, 0644); err != nil {
 		c.Fatal(err)
 	}
 
@@ -2124,12 +2121,12 @@ func (s *DockerSuite) TestRunMountOrdering(c *check.C) {
 }
 
 // Regression test for https://github.com/docker/docker/issues/8259
-func (s *DockerSuite) TestRunReuseBindVolumeThatIsSymlink(c *check.C) {
+func (s *DockerSuite) TestRunReuseBindVolumeThatIsSymlink(c *testing.T) {
 	// Not applicable on Windows as Windows does not support volumes
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 
-	tmpDir, err := ioutil.TempDir(os.TempDir(), "testlink")
+	tmpDir, err := os.MkdirTemp(os.TempDir(), "testlink")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -2149,8 +2146,8 @@ func (s *DockerSuite) TestRunReuseBindVolumeThatIsSymlink(c *check.C) {
 	dockerCmd(c, "run", "-v", fmt.Sprintf("%s:"+prefix+"/tmp/test", linkPath), "busybox", "ls", prefix+"/tmp/test")
 }
 
-//GH#10604: Test an "/etc" volume doesn't overlay special bind mounts in container
-func (s *DockerSuite) TestRunCreateVolumeEtc(c *check.C) {
+// GH#10604: Test an "/etc" volume doesn't overlay special bind mounts in container
+func (s *DockerSuite) TestRunCreateVolumeEtc(c *testing.T) {
 	// While Windows supports volumes, it does not support --add-host hence
 	// this test is not applicable on Windows.
 	testRequires(c, DaemonIsLinux)
@@ -2171,7 +2168,7 @@ func (s *DockerSuite) TestRunCreateVolumeEtc(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestVolumesNoCopyData(c *check.C) {
+func (s *DockerSuite) TestVolumesNoCopyData(c *testing.T) {
 	// TODO Windows (Post RS1). Windows does not support volumes which
 	// are pre-populated such as is built in the dockerfile used in this test.
 	testRequires(c, DaemonIsLinux)
@@ -2191,7 +2188,7 @@ func (s *DockerSuite) TestVolumesNoCopyData(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunNoOutputFromPullInStdout(c *check.C) {
+func (s *DockerSuite) TestRunNoOutputFromPullInStdout(c *testing.T) {
 	// just run with unknown image
 	cmd := exec.Command(dockerBinary, "run", "asdfsg")
 	stdout := bytes.NewBuffer(nil)
@@ -2204,8 +2201,8 @@ func (s *DockerSuite) TestRunNoOutputFromPullInStdout(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunVolumesCleanPaths(c *check.C) {
-	testRequires(c, SameHostDaemon)
+func (s *DockerSuite) TestRunVolumesCleanPaths(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon)
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 	buildImageSuccessfully(c, "run_volumes_clean_paths", build.WithDockerfile(`FROM busybox
 		VOLUME `+prefix+`/foo/`))
@@ -2217,7 +2214,7 @@ func (s *DockerSuite) TestRunVolumesCleanPaths(c *check.C) {
 	}
 
 	out, err = inspectMountSourceField("dark_helmet", prefix+slash+`foo`)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	if !strings.Contains(strings.ToLower(out), strings.ToLower(testEnv.PlatformDefaults.VolumesConfigPath)) {
 		c.Fatalf("Volume was not defined for %s/foo\n%q", prefix, out)
 	}
@@ -2228,14 +2225,14 @@ func (s *DockerSuite) TestRunVolumesCleanPaths(c *check.C) {
 	}
 
 	out, err = inspectMountSourceField("dark_helmet", prefix+slash+"bar")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	if !strings.Contains(strings.ToLower(out), strings.ToLower(testEnv.PlatformDefaults.VolumesConfigPath)) {
 		c.Fatalf("Volume was not defined for %s/bar\n%q", prefix, out)
 	}
 }
 
 // Regression test for #3631
-func (s *DockerSuite) TestRunSlowStdoutConsumer(c *check.C) {
+func (s *DockerSuite) TestRunSlowStdoutConsumer(c *testing.T) {
 	// TODO Windows: This should be able to run on Windows if can find an
 	// alternate to /dev/zero and /dev/stdout.
 	testRequires(c, DaemonIsLinux)
@@ -2263,7 +2260,7 @@ func (s *DockerSuite) TestRunSlowStdoutConsumer(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunAllowPortRangeThroughExpose(c *check.C) {
+func (s *DockerSuite) TestRunAllowPortRangeThroughExpose(c *testing.T) {
 	// TODO Windows: -P is not currently supported. Also network
 	// settings are not propagated back.
 	testRequires(c, DaemonIsLinux)
@@ -2280,21 +2277,21 @@ func (s *DockerSuite) TestRunAllowPortRangeThroughExpose(c *check.C) {
 		if portnum < 3000 || portnum > 3003 {
 			c.Fatalf("Port %d is out of range ", portnum)
 		}
-		if binding == nil || len(binding) != 1 || len(binding[0].HostPort) == 0 {
+		if len(binding) == 0 || len(binding[0].HostPort) == 0 {
 			c.Fatalf("Port is not mapped for the port %s", port)
 		}
 	}
 }
 
-func (s *DockerSuite) TestRunExposePort(c *check.C) {
+func (s *DockerSuite) TestRunExposePort(c *testing.T) {
 	out, _, err := dockerCmdWithError("run", "--expose", "80000", "busybox")
-	c.Assert(err, checker.NotNil, check.Commentf("--expose with an invalid port should error out"))
-	c.Assert(out, checker.Contains, "invalid range format for --expose")
+	assert.Assert(c, err != nil, "--expose with an invalid port should error out")
+	assert.Assert(c, strings.Contains(out, "invalid range format for --expose"))
 }
 
-func (s *DockerSuite) TestRunModeIpcHost(c *check.C) {
+func (s *DockerSuite) TestRunModeIpcHost(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 
 	hostIpc, err := os.Readlink("/proc/1/ns/ipc")
 	if err != nil {
@@ -2314,7 +2311,7 @@ func (s *DockerSuite) TestRunModeIpcHost(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModeIpcContainerNotExists(c *check.C) {
+func (s *DockerSuite) TestRunModeIpcContainerNotExists(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "-d", "--ipc", "container:abcd1234", "busybox", "top")
@@ -2323,9 +2320,9 @@ func (s *DockerSuite) TestRunModeIpcContainerNotExists(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModeIpcContainerNotRunning(c *check.C) {
+func (s *DockerSuite) TestRunModeIpcContainerNotRunning(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "create", "busybox")
 
@@ -2336,9 +2333,9 @@ func (s *DockerSuite) TestRunModeIpcContainerNotRunning(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModePIDContainer(c *check.C) {
+func (s *DockerSuite) TestRunModePIDContainer(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", "top")
 
@@ -2361,7 +2358,7 @@ func (s *DockerSuite) TestRunModePIDContainer(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModePIDContainerNotExists(c *check.C) {
+func (s *DockerSuite) TestRunModePIDContainerNotExists(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "-d", "--pid", "container:abcd1234", "busybox", "top")
@@ -2370,9 +2367,9 @@ func (s *DockerSuite) TestRunModePIDContainerNotExists(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModePIDContainerNotRunning(c *check.C) {
+func (s *DockerSuite) TestRunModePIDContainerNotRunning(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "create", "busybox")
 
@@ -2383,15 +2380,15 @@ func (s *DockerSuite) TestRunModePIDContainerNotRunning(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunMountShmMqueueFromHost(c *check.C) {
+func (s *DockerSuite) TestRunMountShmMqueueFromHost(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 
 	dockerCmd(c, "run", "-d", "--name", "shmfromhost", "-v", "/dev/shm:/dev/shm", "-v", "/dev/mqueue:/dev/mqueue", "busybox", "sh", "-c", "echo -n test > /dev/shm/test && touch /dev/mqueue/toto && top")
 	defer os.Remove("/dev/mqueue/toto")
 	defer os.Remove("/dev/shm/test")
 	volPath, err := inspectMountSourceField("shmfromhost", "/dev/shm")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	if volPath != "/dev/shm" {
 		c.Fatalf("volumePath should have been /dev/shm, was %s", volPath)
 	}
@@ -2407,13 +2404,13 @@ func (s *DockerSuite) TestRunMountShmMqueueFromHost(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestContainerNetworkMode(c *check.C) {
+func (s *DockerSuite) TestContainerNetworkMode(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 	pid1 := inspectField(c, id, "State.Pid")
 
 	parentContainerNet, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/net", pid1))
@@ -2428,31 +2425,9 @@ func (s *DockerSuite) TestContainerNetworkMode(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModePIDHost(c *check.C) {
-	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
-
-	hostPid, err := os.Readlink("/proc/1/ns/pid")
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	out, _ := dockerCmd(c, "run", "--pid=host", "busybox", "readlink", "/proc/self/ns/pid")
-	out = strings.Trim(out, "\n")
-	if hostPid != out {
-		c.Fatalf("PID different with --pid=host %s != %s\n", hostPid, out)
-	}
-
-	out, _ = dockerCmd(c, "run", "busybox", "readlink", "/proc/self/ns/pid")
-	out = strings.Trim(out, "\n")
-	if hostPid == out {
-		c.Fatalf("PID should be different without --pid=host %s == %s\n", hostPid, out)
-	}
-}
-
-func (s *DockerSuite) TestRunModeUTSHost(c *check.C) {
+func (s *DockerSuite) TestRunModeUTSHost(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	hostUTS, err := os.Readlink("/proc/1/ns/uts")
 	if err != nil {
@@ -2472,12 +2447,12 @@ func (s *DockerSuite) TestRunModeUTSHost(c *check.C) {
 	}
 
 	out, _ = dockerCmdWithFail(c, "run", "-h=name", "--uts=host", "busybox", "ps")
-	c.Assert(out, checker.Contains, runconfig.ErrConflictUTSHostname.Error())
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictUTSHostname.Error()))
 }
 
-func (s *DockerSuite) TestRunTLSVerify(c *check.C) {
+func (s *DockerSuite) TestRunTLSVerify(c *testing.T) {
 	// Remote daemons use TLS and this test is not applicable when TLS is required.
-	testRequires(c, SameHostDaemon)
+	testRequires(c, testEnv.IsLocalDaemon)
 	if out, code, err := dockerCmdWithError("ps"); err != nil || code != 0 {
 		c.Fatalf("Should have worked: %v:\n%v", err, out)
 	}
@@ -2491,7 +2466,7 @@ func (s *DockerSuite) TestRunTLSVerify(c *check.C) {
 	result.Assert(c, icmd.Expected{ExitCode: 1, Err: "cert"})
 }
 
-func (s *DockerSuite) TestRunPortFromDockerRangeInUse(c *check.C) {
+func (s *DockerSuite) TestRunPortFromDockerRangeInUse(c *testing.T) {
 	// TODO Windows. Once moved to libnetwork/CNM, this may be able to be
 	// re-instated.
 	testRequires(c, DaemonIsLinux)
@@ -2499,13 +2474,12 @@ func (s *DockerSuite) TestRunPortFromDockerRangeInUse(c *check.C) {
 	out, _ := dockerCmd(c, "run", "-d", "-p", ":80", "busybox", "top")
 
 	id := strings.TrimSpace(out)
-	out, _ = dockerCmd(c, "port", id)
 
+	out, _ = dockerCmd(c, "inspect", "--format", `{{index .NetworkSettings.Ports "80/tcp" 0 "HostPort" }}`, id)
 	out = strings.TrimSpace(out)
 	if out == "" {
 		c.Fatal("docker port command output is empty")
 	}
-	out = strings.Split(out, ":")[1]
 	lastPort, err := strconv.Atoi(out)
 	if err != nil {
 		c.Fatal(err)
@@ -2523,8 +2497,8 @@ func (s *DockerSuite) TestRunPortFromDockerRangeInUse(c *check.C) {
 	dockerCmd(c, "port", id)
 }
 
-func (s *DockerSuite) TestRunTTYWithPipe(c *check.C) {
-	errChan := make(chan error)
+func (s *DockerSuite) TestRunTTYWithPipe(c *testing.T) {
+	errChan := make(chan error, 1)
 	go func() {
 		defer close(errChan)
 
@@ -2549,13 +2523,13 @@ func (s *DockerSuite) TestRunTTYWithPipe(c *check.C) {
 
 	select {
 	case err := <-errChan:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(30 * time.Second):
 		c.Fatal("container is running but should have failed")
 	}
 }
 
-func (s *DockerSuite) TestRunNonLocalMacAddress(c *check.C) {
+func (s *DockerSuite) TestRunNonLocalMacAddress(c *testing.T) {
 	addr := "00:16:3E:08:00:50"
 	args := []string{"run", "--mac-address", addr}
 	expected := addr
@@ -2572,9 +2546,9 @@ func (s *DockerSuite) TestRunNonLocalMacAddress(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunNetHost(c *check.C) {
+func (s *DockerSuite) TestRunNetHost(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 
 	hostNet, err := os.Readlink("/proc/1/ns/net")
 	if err != nil {
@@ -2594,18 +2568,18 @@ func (s *DockerSuite) TestRunNetHost(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunNetHostTwiceSameName(c *check.C) {
+func (s *DockerSuite) TestRunNetHostTwiceSameName(c *testing.T) {
 	// TODO Windows. As Windows networking evolves and converges towards
 	// CNM, this test may be possible to enable on Windows.
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 
 	dockerCmd(c, "run", "--rm", "--name=thost", "--net=host", "busybox", "true")
 	dockerCmd(c, "run", "--rm", "--name=thost", "--net=host", "busybox", "true")
 }
 
-func (s *DockerSuite) TestRunNetContainerWhichHost(c *check.C) {
+func (s *DockerSuite) TestRunNetContainerWhichHost(c *testing.T) {
 	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 
 	hostNet, err := os.Readlink("/proc/1/ns/net")
 	if err != nil {
@@ -2621,7 +2595,7 @@ func (s *DockerSuite) TestRunNetContainerWhichHost(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunAllowPortRangeThroughPublish(c *check.C) {
+func (s *DockerSuite) TestRunAllowPortRangeThroughPublish(c *testing.T) {
 	// TODO Windows. This may be possible to enable in the future. However,
 	// Windows does not currently support --expose, or populate the network
 	// settings seen through inspect.
@@ -2633,19 +2607,19 @@ func (s *DockerSuite) TestRunAllowPortRangeThroughPublish(c *check.C) {
 
 	var ports nat.PortMap
 	err := json.Unmarshal([]byte(portstr), &ports)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to unmarshal: %v", portstr))
+	assert.NilError(c, err, "failed to unmarshal: %v", portstr)
 	for port, binding := range ports {
 		portnum, _ := strconv.Atoi(strings.Split(string(port), "/")[0])
 		if portnum < 3000 || portnum > 3003 {
 			c.Fatalf("Port %d is out of range ", portnum)
 		}
-		if binding == nil || len(binding) != 1 || len(binding[0].HostPort) == 0 {
+		if len(binding) == 0 || len(binding[0].HostPort) == 0 {
 			c.Fatal("Port is not mapped for the port "+port, out)
 		}
 	}
 }
 
-func (s *DockerSuite) TestRunSetDefaultRestartPolicy(c *check.C) {
+func (s *DockerSuite) TestRunSetDefaultRestartPolicy(c *testing.T) {
 	runSleepingContainer(c, "--name=testrunsetdefaultrestartpolicy")
 	out := inspectField(c, "testrunsetdefaultrestartpolicy", "HostConfig.RestartPolicy.Name")
 	if out != "no" {
@@ -2653,14 +2627,14 @@ func (s *DockerSuite) TestRunSetDefaultRestartPolicy(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunRestartMaxRetries(c *check.C) {
+func (s *DockerSuite) TestRunRestartMaxRetries(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "false")
 	timeout := 10 * time.Second
 	if testEnv.OSType == "windows" {
 		timeout = 120 * time.Second
 	}
 
-	id := strings.TrimSpace(string(out))
+	id := strings.TrimSpace(out)
 	if err := waitInspect(id, "{{ .State.Restarting }} {{ .State.Running }}", "false false", timeout); err != nil {
 		c.Fatal(err)
 	}
@@ -2676,11 +2650,11 @@ func (s *DockerSuite) TestRunRestartMaxRetries(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunContainerWithWritableRootfs(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithWritableRootfs(c *testing.T) {
 	dockerCmd(c, "run", "--rm", "busybox", "touch", "/file")
 }
 
-func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *testing.T) {
 	// Not applicable on Windows which does not support --read-only
 	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
 
@@ -2692,7 +2666,7 @@ func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *check.C) {
 	testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname")
 }
 
-func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) {
+func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *testing.T) {
 	// Not applicable on Windows due to use of Unix specific functionality, plus
 	// the use of --read-only which is not supported.
 	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
@@ -2703,19 +2677,19 @@ func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) {
 		c.Fatal("Could not obtain mounts when checking /dev/pts mntpnt.")
 	}
 	expected := "type devpts (rw,"
-	if !strings.Contains(string(out), expected) {
+	if !strings.Contains(out, expected) {
 		c.Fatalf("expected output to contain %s but contains %s", expected, out)
 	}
 }
 
-func testReadOnlyFile(c *check.C, testPriv bool, filenames ...string) {
+func testReadOnlyFile(c *testing.T, testPriv bool, filenames ...string) {
 	touch := "touch " + strings.Join(filenames, " ")
 	out, _, err := dockerCmdWithError("run", "--read-only", "--rm", "busybox", "sh", "-c", touch)
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	for _, f := range filenames {
 		expected := "touch: " + f + ": Read-only file system"
-		c.Assert(out, checker.Contains, expected)
+		assert.Assert(c, strings.Contains(out, expected))
 	}
 
 	if !testPriv {
@@ -2723,47 +2697,47 @@ func testReadOnlyFile(c *check.C, testPriv bool, filenames ...string) {
 	}
 
 	out, _, err = dockerCmdWithError("run", "--read-only", "--privileged", "--rm", "busybox", "sh", "-c", touch)
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	for _, f := range filenames {
 		expected := "touch: " + f + ": Read-only file system"
-		c.Assert(out, checker.Contains, expected)
+		assert.Assert(c, strings.Contains(out, expected))
 	}
 }
 
-func (s *DockerSuite) TestRunContainerWithReadonlyEtcHostsAndLinkedContainer(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithReadonlyEtcHostsAndLinkedContainer(c *testing.T) {
 	// Not applicable on Windows which does not support --link
 	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
 
 	dockerCmd(c, "run", "-d", "--name", "test-etc-hosts-ro-linked", "busybox", "top")
 
 	out, _ := dockerCmd(c, "run", "--read-only", "--link", "test-etc-hosts-ro-linked:testlinked", "busybox", "cat", "/etc/hosts")
-	if !strings.Contains(string(out), "testlinked") {
+	if !strings.Contains(out, "testlinked") {
 		c.Fatal("Expected /etc/hosts to be updated even if --read-only enabled")
 	}
 }
 
-func (s *DockerSuite) TestRunContainerWithReadonlyRootfsWithDNSFlag(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithReadonlyRootfsWithDNSFlag(c *testing.T) {
 	// Not applicable on Windows which does not support either --read-only or --dns.
 	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
 
 	out, _ := dockerCmd(c, "run", "--read-only", "--dns", "1.1.1.1", "busybox", "/bin/cat", "/etc/resolv.conf")
-	if !strings.Contains(string(out), "1.1.1.1") {
+	if !strings.Contains(out, "1.1.1.1") {
 		c.Fatal("Expected /etc/resolv.conf to be updated even if --read-only enabled and --dns flag used")
 	}
 }
 
-func (s *DockerSuite) TestRunContainerWithReadonlyRootfsWithAddHostFlag(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithReadonlyRootfsWithAddHostFlag(c *testing.T) {
 	// Not applicable on Windows which does not support --read-only
 	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
 
 	out, _ := dockerCmd(c, "run", "--read-only", "--add-host", "testreadonly:127.0.0.1", "busybox", "/bin/cat", "/etc/hosts")
-	if !strings.Contains(string(out), "testreadonly") {
+	if !strings.Contains(out, "testreadonly") {
 		c.Fatal("Expected /etc/hosts to be updated even if --read-only enabled and --add-host flag used")
 	}
 }
 
-func (s *DockerSuite) TestRunVolumesFromRestartAfterRemoved(c *check.C) {
+func (s *DockerSuite) TestRunVolumesFromRestartAfterRemoved(c *testing.T) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 	runSleepingContainer(c, "--name=voltest", "-v", prefix+"/foo")
 	runSleepingContainer(c, "--name=restarter", "--volumes-from", "voltest")
@@ -2776,7 +2750,7 @@ func (s *DockerSuite) TestRunVolumesFromRestartAfterRemoved(c *check.C) {
 }
 
 // run container with --rm should remove container if exit code != 0
-func (s *DockerSuite) TestRunContainerWithRmFlagExitCodeNotEqualToZero(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithRmFlagExitCodeNotEqualToZero(c *testing.T) {
 	existingContainers := ExistingContainerIDs(c)
 	name := "flowers"
 	cli.Docker(cli.Args("run", "--name", name, "--rm", "busybox", "ls", "/notexists")).Assert(c, icmd.Expected{
@@ -2790,7 +2764,7 @@ func (s *DockerSuite) TestRunContainerWithRmFlagExitCodeNotEqualToZero(c *check.
 	}
 }
 
-func (s *DockerSuite) TestRunContainerWithRmFlagCannotStartContainer(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithRmFlagCannotStartContainer(c *testing.T) {
 	existingContainers := ExistingContainerIDs(c)
 	name := "sparkles"
 	cli.Docker(cli.Args("run", "--name", name, "--rm", "busybox", "commandNotFound")).Assert(c, icmd.Expected{
@@ -2803,15 +2777,15 @@ func (s *DockerSuite) TestRunContainerWithRmFlagCannotStartContainer(c *check.C)
 	}
 }
 
-func (s *DockerSuite) TestRunPIDHostWithChildIsKillable(c *check.C) {
+func (s *DockerSuite) TestRunPIDHostWithChildIsKillable(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	name := "ibuildthecloud"
 	dockerCmd(c, "run", "-d", "--pid=host", "--name", name, "busybox", "sh", "-c", "sleep 30; echo hi")
 
-	c.Assert(waitRun(name), check.IsNil)
+	assert.Assert(c, waitRun(name) == nil)
 
-	errchan := make(chan error)
+	errchan := make(chan error, 1)
 	go func() {
 		if out, _, err := dockerCmdWithError("kill", name); err != nil {
 			errchan <- fmt.Errorf("%v:\n%s", err, out)
@@ -2820,25 +2794,23 @@ func (s *DockerSuite) TestRunPIDHostWithChildIsKillable(c *check.C) {
 	}()
 	select {
 	case err := <-errchan:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(5 * time.Second):
 		c.Fatal("Kill container timed out")
 	}
 }
 
-func (s *DockerSuite) TestRunWithTooSmallMemoryLimit(c *check.C) {
-	// TODO Windows. This may be possible to enable once Windows supports
-	// memory limits on containers
+func (s *DockerSuite) TestRunWithTooSmallMemoryLimit(c *testing.T) {
+	// TODO Windows. This may be possible to enable once Windows supports memory limits on containers
 	testRequires(c, DaemonIsLinux)
-	// this memory limit is 1 byte less than the min, which is 4MB
-	// https://github.com/docker/docker/blob/v1.5.0/daemon/create.go#L22
-	out, _, err := dockerCmdWithError("run", "-m", "4194303", "busybox")
-	if err == nil || !strings.Contains(out, "Minimum memory limit allowed is 4MB") {
+	// this memory limit is 1 byte less than the min (daemon.linuxMinMemory), which is 6MB (6291456 bytes)
+	out, _, err := dockerCmdWithError("create", "-m", "6291455", "busybox")
+	if err == nil || !strings.Contains(out, "Minimum memory limit allowed is 6MB") {
 		c.Fatalf("expected run to fail when using too low a memory limit: %q", out)
 	}
 }
 
-func (s *DockerSuite) TestRunWriteToProcAsound(c *check.C) {
+func (s *DockerSuite) TestRunWriteToProcAsound(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 	_, code, err := dockerCmdWithError("run", "busybox", "sh", "-c", "echo 111 >> /proc/asound/version")
@@ -2847,7 +2819,7 @@ func (s *DockerSuite) TestRunWriteToProcAsound(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunReadProcTimer(c *check.C) {
+func (s *DockerSuite) TestRunReadProcTimer(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 	out, code, err := dockerCmdWithError("run", "busybox", "cat", "/proc/timer_stats")
@@ -2862,7 +2834,7 @@ func (s *DockerSuite) TestRunReadProcTimer(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunReadProcLatency(c *check.C) {
+func (s *DockerSuite) TestRunReadProcLatency(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 	// some kernels don't have this configured so skip the test if this file is not found
@@ -2883,7 +2855,7 @@ func (s *DockerSuite) TestRunReadProcLatency(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunReadFilteredProc(c *check.C) {
+func (s *DockerSuite) TestRunReadFilteredProc(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, Apparmor, DaemonIsLinux, NotUserNamespace)
 
@@ -2906,7 +2878,7 @@ func (s *DockerSuite) TestRunReadFilteredProc(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestMountIntoProc(c *check.C) {
+func (s *DockerSuite) TestMountIntoProc(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 	_, code, err := dockerCmdWithError("run", "-v", "/proc//sys", "busybox", "true")
@@ -2915,14 +2887,14 @@ func (s *DockerSuite) TestMountIntoProc(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestMountIntoSys(c *check.C) {
+func (s *DockerSuite) TestMountIntoSys(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, NotUserNamespace)
 	dockerCmd(c, "run", "-v", "/sys/fs/cgroup", "busybox", "true")
 }
 
-func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
+func (s *DockerSuite) TestRunUnshareProc(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, Apparmor, DaemonIsLinux, NotUserNamespace)
 
@@ -2931,7 +2903,7 @@ func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
 
 	go func() {
 		name := "acidburn"
-		out, _, err := dockerCmdWithError("run", "--name", name, "--security-opt", "seccomp=unconfined", "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "--mount-proc=/proc", "mount")
+		out, _, err := dockerCmdWithError("run", "--name", name, "--security-opt", "seccomp=unconfined", "debian:bullseye-slim", "unshare", "-p", "-m", "-f", "-r", "--mount-proc=/proc", "mount")
 		if err == nil ||
 			!(strings.Contains(strings.ToLower(out), "permission denied") ||
 				strings.Contains(strings.ToLower(out), "operation not permitted")) {
@@ -2943,7 +2915,7 @@ func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
 
 	go func() {
 		name := "cereal"
-		out, _, err := dockerCmdWithError("run", "--name", name, "--security-opt", "seccomp=unconfined", "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
+		out, _, err := dockerCmdWithError("run", "--name", name, "--security-opt", "seccomp=unconfined", "debian:bullseye-slim", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
 		if err == nil ||
 			!(strings.Contains(strings.ToLower(out), "mount: cannot mount none") ||
 				strings.Contains(strings.ToLower(out), "permission denied") ||
@@ -2957,7 +2929,7 @@ func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
 	/* Ensure still fails if running privileged with the default policy */
 	go func() {
 		name := "crashoverride"
-		out, _, err := dockerCmdWithError("run", "--privileged", "--security-opt", "seccomp=unconfined", "--security-opt", "apparmor=docker-default", "--name", name, "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
+		out, _, err := dockerCmdWithError("run", "--privileged", "--security-opt", "seccomp=unconfined", "--security-opt", "apparmor=docker-default", "--name", name, "debian:bullseye-slim", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
 		if err == nil ||
 			!(strings.Contains(strings.ToLower(out), "mount: cannot mount none") ||
 				strings.Contains(strings.ToLower(out), "permission denied") ||
@@ -2980,7 +2952,7 @@ func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunPublishPort(c *check.C) {
+func (s *DockerSuite) TestRunPublishPort(c *testing.T) {
 	// TODO Windows: This may be possible once Windows moves to libnetwork and CNM
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name", "test", "--expose", "8080", "busybox", "top")
@@ -2992,7 +2964,7 @@ func (s *DockerSuite) TestRunPublishPort(c *check.C) {
 }
 
 // Issue #10184.
-func (s *DockerSuite) TestDevicePermissions(c *check.C) {
+func (s *DockerSuite) TestDevicePermissions(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 	const permissions = "crw-rw-rw-"
@@ -3005,7 +2977,7 @@ func (s *DockerSuite) TestDevicePermissions(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapAddCHOWN(c *check.C) {
+func (s *DockerSuite) TestRunCapAddCHOWN(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "--cap-drop=ALL", "--cap-add=CHOWN", "busybox", "sh", "-c", "adduser -D -H newuser && chown newuser /home && echo ok")
@@ -3016,7 +2988,7 @@ func (s *DockerSuite) TestRunCapAddCHOWN(c *check.C) {
 }
 
 // https://github.com/docker/docker/pull/14498
-func (s *DockerSuite) TestVolumeFromMixedRWOptions(c *check.C) {
+func (s *DockerSuite) TestVolumeFromMixedRWOptions(c *testing.T) {
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 
 	dockerCmd(c, "run", "--name", "parent", "-v", prefix+"/test", "busybox", "true")
@@ -3026,20 +2998,20 @@ func (s *DockerSuite) TestVolumeFromMixedRWOptions(c *check.C) {
 
 	if testEnv.OSType != "windows" {
 		mRO, err := inspectMountPoint("test-volumes-1", prefix+slash+"test")
-		c.Assert(err, checker.IsNil, check.Commentf("failed to inspect mount point"))
+		assert.NilError(c, err, "failed to inspect mount point")
 		if mRO.RW {
 			c.Fatalf("Expected RO volume was RW")
 		}
 	}
 
 	mRW, err := inspectMountPoint("test-volumes-2", prefix+slash+"test")
-	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect mount point"))
+	assert.NilError(c, err, "failed to inspect mount point")
 	if !mRW.RW {
 		c.Fatalf("Expected RW volume was RO")
 	}
 }
 
-func (s *DockerSuite) TestRunWriteFilteredProc(c *check.C) {
+func (s *DockerSuite) TestRunWriteFilteredProc(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, Apparmor, DaemonIsLinux, NotUserNamespace)
 
@@ -3066,9 +3038,9 @@ func (s *DockerSuite) TestRunWriteFilteredProc(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunNetworkFilesBindMount(c *check.C) {
+func (s *DockerSuite) TestRunNetworkFilesBindMount(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	expected := "test123"
 
@@ -3090,9 +3062,9 @@ func (s *DockerSuite) TestRunNetworkFilesBindMount(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunNetworkFilesBindMountRO(c *check.C) {
+func (s *DockerSuite) TestRunNetworkFilesBindMountRO(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	filename := createTmpFile(c, "test123")
 	defer os.Remove(filename)
@@ -3112,9 +3084,9 @@ func (s *DockerSuite) TestRunNetworkFilesBindMountRO(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunNetworkFilesBindMountROFilesystem(c *check.C) {
+func (s *DockerSuite) TestRunNetworkFilesBindMountROFilesystem(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, SameHostDaemon, DaemonIsLinux, UserNamespaceROMount)
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, UserNamespaceROMount)
 
 	filename := createTmpFile(c, "test123")
 	defer os.Remove(filename)
@@ -3141,13 +3113,13 @@ func (s *DockerSuite) TestRunNetworkFilesBindMountROFilesystem(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestPtraceContainerProcsFromHost(c *check.C) {
+func (s *DockerSuite) TestPtraceContainerProcsFromHost(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), check.IsNil)
+	assert.NilError(c, waitRun(id))
 	pid1 := inspectField(c, id, "State.Pid")
 
 	_, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/net", pid1))
@@ -3156,9 +3128,9 @@ func (s *DockerSuite) TestPtraceContainerProcsFromHost(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestAppArmorDeniesPtrace(c *check.C) {
+func (s *DockerSuite) TestAppArmorDeniesPtrace(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, SameHostDaemon, Apparmor, DaemonIsLinux)
+	testRequires(c, testEnv.IsLocalDaemon, Apparmor, DaemonIsLinux)
 
 	// Run through 'sh' so we are NOT pid 1. Pid 1 may be able to trace
 	// itself, but pid>1 should not be able to trace pid1.
@@ -3168,9 +3140,9 @@ func (s *DockerSuite) TestAppArmorDeniesPtrace(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestAppArmorTraceSelf(c *check.C) {
+func (s *DockerSuite) TestAppArmorTraceSelf(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, DaemonIsLinux, SameHostDaemon, Apparmor)
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon, Apparmor)
 
 	_, exitCode, _ := dockerCmdWithError("run", "busybox", "readlink", "/proc/1/ns/net")
 	if exitCode != 0 {
@@ -3178,9 +3150,9 @@ func (s *DockerSuite) TestAppArmorTraceSelf(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestAppArmorDeniesChmodProc(c *check.C) {
+func (s *DockerSuite) TestAppArmorDeniesChmodProc(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, SameHostDaemon, Apparmor, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, testEnv.IsLocalDaemon, Apparmor, DaemonIsLinux, NotUserNamespace)
 	_, exitCode, _ := dockerCmdWithError("run", "busybox", "chmod", "744", "/proc/cpuinfo")
 	if exitCode == 0 {
 		// If our test failed, attempt to repair the host system...
@@ -3191,7 +3163,7 @@ func (s *DockerSuite) TestAppArmorDeniesChmodProc(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunCapAddSYSTIME(c *check.C) {
+func (s *DockerSuite) TestRunCapAddSYSTIME(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 
@@ -3199,31 +3171,31 @@ func (s *DockerSuite) TestRunCapAddSYSTIME(c *check.C) {
 }
 
 // run create container failed should clean up the container
-func (s *DockerSuite) TestRunCreateContainerFailedCleanUp(c *check.C) {
+func (s *DockerSuite) TestRunCreateContainerFailedCleanUp(c *testing.T) {
 	// TODO Windows. This may be possible to enable once link is supported
 	testRequires(c, DaemonIsLinux)
 	name := "unique_name"
 	_, _, err := dockerCmdWithError("run", "--name", name, "--link", "nothing:nothing", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("Expected docker run to fail!"))
+	assert.Assert(c, err != nil, "Expected docker run to fail!")
 
 	containerID, err := inspectFieldWithError(name, "Id")
-	c.Assert(err, checker.NotNil, check.Commentf("Expected not to have this container: %s!", containerID))
-	c.Assert(containerID, check.Equals, "", check.Commentf("Expected not to have this container: %s!", containerID))
+	assert.Assert(c, err != nil, "Expected not to have this container: %s!", containerID)
+	assert.Equal(c, containerID, "", fmt.Sprintf("Expected not to have this container: %s!", containerID))
 }
 
-func (s *DockerSuite) TestRunNamedVolume(c *check.C) {
+func (s *DockerSuite) TestRunNamedVolume(c *testing.T) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "--name=test", "-v", "testing:"+prefix+"/foo", "busybox", "sh", "-c", "echo hello > "+prefix+"/foo/bar")
 
 	out, _ := dockerCmd(c, "run", "--volumes-from", "test", "busybox", "sh", "-c", "cat "+prefix+"/foo/bar")
-	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 
 	out, _ = dockerCmd(c, "run", "-v", "testing:"+prefix+"/foo", "busybox", "sh", "-c", "cat "+prefix+"/foo/bar")
-	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 }
 
-func (s *DockerSuite) TestRunWithUlimits(c *check.C) {
+func (s *DockerSuite) TestRunWithUlimits(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 
@@ -3234,7 +3206,7 @@ func (s *DockerSuite) TestRunWithUlimits(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunContainerWithCgroupParent(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithCgroupParent(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 
@@ -3245,14 +3217,14 @@ func (s *DockerSuite) TestRunContainerWithCgroupParent(c *check.C) {
 	testRunContainerWithCgroupParent(c, "/cgroup-parent/test", "cgroup-test-absolute")
 }
 
-func testRunContainerWithCgroupParent(c *check.C, cgroupParent, name string) {
+func testRunContainerWithCgroupParent(c *testing.T, cgroupParent, name string) {
 	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
 	if err != nil {
-		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
+		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", out, err)
 	}
-	cgroupPaths := ParseCgroupPaths(string(out))
+	cgroupPaths := ParseCgroupPaths(out)
 	if len(cgroupPaths) == 0 {
-		c.Fatalf("unexpected output - %q", string(out))
+		c.Fatalf("unexpected output - %q", out)
 	}
 	id := getIDByName(c, name)
 	expectedCgroup := path.Join(cgroupParent, id)
@@ -3269,7 +3241,7 @@ func testRunContainerWithCgroupParent(c *check.C, cgroupParent, name string) {
 }
 
 // TestRunInvalidCgroupParent checks that a specially-crafted cgroup parent doesn't cause Docker to crash or start modifying /.
-func (s *DockerSuite) TestRunInvalidCgroupParent(c *check.C) {
+func (s *DockerSuite) TestRunInvalidCgroupParent(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 
@@ -3278,11 +3250,11 @@ func (s *DockerSuite) TestRunInvalidCgroupParent(c *check.C) {
 	testRunInvalidCgroupParent(c, "/../../../../../../../../SHOULD_NOT_EXIST", "/SHOULD_NOT_EXIST", "cgroup-absolute-invalid-test")
 }
 
-func testRunInvalidCgroupParent(c *check.C, cgroupParent, cleanCgroupParent, name string) {
+func testRunInvalidCgroupParent(c *testing.T, cgroupParent, cleanCgroupParent, name string) {
 	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
 	if err != nil {
 		// XXX: This may include a daemon crash.
-		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
+		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", out, err)
 	}
 
 	// We expect "/SHOULD_NOT_EXIST" to not exist. If not, we have a security issue.
@@ -3290,9 +3262,9 @@ func testRunInvalidCgroupParent(c *check.C, cgroupParent, cleanCgroupParent, nam
 		c.Fatalf("SECURITY: --cgroup-parent with ../../ relative paths cause files to be created in the host (this is bad) !!")
 	}
 
-	cgroupPaths := ParseCgroupPaths(string(out))
+	cgroupPaths := ParseCgroupPaths(out)
 	if len(cgroupPaths) == 0 {
-		c.Fatalf("unexpected output - %q", string(out))
+		c.Fatalf("unexpected output - %q", out)
 	}
 	id := getIDByName(c, name)
 	expectedCgroup := path.Join(cleanCgroupParent, id)
@@ -3308,7 +3280,7 @@ func testRunInvalidCgroupParent(c *check.C, cgroupParent, cleanCgroupParent, nam
 	}
 }
 
-func (s *DockerSuite) TestRunContainerWithCgroupMountRO(c *check.C) {
+func (s *DockerSuite) TestRunContainerWithCgroupMountRO(c *testing.T) {
 	// Not applicable on Windows as uses Unix specific functionality
 	// --read-only + userns has remount issues
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
@@ -3324,7 +3296,7 @@ func (s *DockerSuite) TestRunContainerWithCgroupMountRO(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunContainerNetworkModeToSelf(c *check.C) {
+func (s *DockerSuite) TestRunContainerNetworkModeToSelf(c *testing.T) {
 	// Not applicable on Windows which does not support --net=container
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--name=me", "--net=container:me", "busybox", "true")
@@ -3333,7 +3305,7 @@ func (s *DockerSuite) TestRunContainerNetworkModeToSelf(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunContainerNetModeWithDNSMacHosts(c *check.C) {
+func (s *DockerSuite) TestRunContainerNetModeWithDNSMacHosts(c *testing.T) {
 	// Not applicable on Windows which does not support --net=container
 	testRequires(c, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "-d", "--name", "parent", "busybox", "top")
@@ -3357,7 +3329,7 @@ func (s *DockerSuite) TestRunContainerNetModeWithDNSMacHosts(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunContainerNetModeWithExposePort(c *check.C) {
+func (s *DockerSuite) TestRunContainerNetModeWithExposePort(c *testing.T) {
 	// Not applicable on Windows which does not support --net=container
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name", "parent", "busybox", "top")
@@ -3378,7 +3350,7 @@ func (s *DockerSuite) TestRunContainerNetModeWithExposePort(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunLinkToContainerNetMode(c *check.C) {
+func (s *DockerSuite) TestRunLinkToContainerNetMode(c *testing.T) {
 	// Not applicable on Windows which does not support --net=container or --link
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "--name", "test", "-d", "busybox", "top")
@@ -3388,7 +3360,7 @@ func (s *DockerSuite) TestRunLinkToContainerNetMode(c *check.C) {
 	dockerCmd(c, "run", "-d", "--link=child:child", "busybox", "top")
 }
 
-func (s *DockerSuite) TestRunLoopbackOnlyExistsWhenNetworkingDisabled(c *check.C) {
+func (s *DockerSuite) TestRunLoopbackOnlyExistsWhenNetworkingDisabled(c *testing.T) {
 	// TODO Windows: This may be possible to convert.
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "--net=none", "busybox", "ip", "-o", "-4", "a", "show", "up")
@@ -3414,7 +3386,7 @@ func (s *DockerSuite) TestRunLoopbackOnlyExistsWhenNetworkingDisabled(c *check.C
 }
 
 // Issue #4681
-func (s *DockerSuite) TestRunLoopbackWhenNetworkDisabled(c *check.C) {
+func (s *DockerSuite) TestRunLoopbackWhenNetworkDisabled(c *testing.T) {
 	if testEnv.OSType == "windows" {
 		dockerCmd(c, "run", "--net=none", testEnv.PlatformDefaults.BaseImage, "ping", "-n", "1", "127.0.0.1")
 	} else {
@@ -3422,9 +3394,9 @@ func (s *DockerSuite) TestRunLoopbackWhenNetworkDisabled(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModeNetContainerHostname(c *check.C) {
+func (s *DockerSuite) TestRunModeNetContainerHostname(c *testing.T) {
 	// Windows does not support --net=container
-	testRequires(c, DaemonIsLinux, ExecSupport)
+	testRequires(c, DaemonIsLinux)
 
 	dockerCmd(c, "run", "-i", "-d", "--name", "parent", "busybox", "top")
 	out, _ := dockerCmd(c, "exec", "parent", "cat", "/etc/hostname")
@@ -3435,7 +3407,7 @@ func (s *DockerSuite) TestRunModeNetContainerHostname(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunNetworkNotInitializedNoneMode(c *check.C) {
+func (s *DockerSuite) TestRunNetworkNotInitializedNoneMode(c *testing.T) {
 	// TODO Windows: Network settings are not currently propagated. This may
 	// be resolved in the future with the move to libnetwork and CNM.
 	testRequires(c, DaemonIsLinux)
@@ -3447,7 +3419,7 @@ func (s *DockerSuite) TestRunNetworkNotInitializedNoneMode(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestTwoContainersInNetHost(c *check.C) {
+func (s *DockerSuite) TestTwoContainersInNetHost(c *testing.T) {
 	// Not applicable as Windows does not support --net=host
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotUserNamespace)
 	dockerCmd(c, "run", "-d", "--net=host", "--name=first", "busybox", "top")
@@ -3456,24 +3428,24 @@ func (s *DockerSuite) TestTwoContainersInNetHost(c *check.C) {
 	dockerCmd(c, "stop", "second")
 }
 
-func (s *DockerSuite) TestContainersInUserDefinedNetwork(c *check.C) {
+func (s *DockerSuite) TestContainersInUserDefinedNetwork(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork")
 	dockerCmd(c, "run", "-d", "--net=testnetwork", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 	dockerCmd(c, "run", "-t", "--net=testnetwork", "--name=second", "busybox", "ping", "-c", "1", "first")
 }
 
-func (s *DockerSuite) TestContainersInMultipleNetworks(c *check.C) {
+func (s *DockerSuite) TestContainersInMultipleNetworks(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	// Create 2 networks using bridge driver
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork2")
 	// Run and connect containers to testnetwork1
 	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 	// Check connectivity between containers in testnetwork2
 	dockerCmd(c, "exec", "first", "ping", "-c", "1", "second.testnetwork1")
 	// Connect containers to testnetwork2
@@ -3483,52 +3455,52 @@ func (s *DockerSuite) TestContainersInMultipleNetworks(c *check.C) {
 	dockerCmd(c, "exec", "second", "ping", "-c", "1", "first.testnetwork2")
 }
 
-func (s *DockerSuite) TestContainersNetworkIsolation(c *check.C) {
+func (s *DockerSuite) TestContainersNetworkIsolation(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	// Create 2 networks using bridge driver
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork2")
 	// Run 1 container in testnetwork1 and another in testnetwork2
 	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 	dockerCmd(c, "run", "-d", "--net=testnetwork2", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// Check Isolation between containers : ping must fail
 	_, _, err := dockerCmdWithError("exec", "first", "ping", "-c", "1", "second")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	// Connect first container to testnetwork2
 	dockerCmd(c, "network", "connect", "testnetwork2", "first")
 	// ping must succeed now
 	_, _, err = dockerCmdWithError("exec", "first", "ping", "-c", "1", "second")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// Disconnect first container from testnetwork2
 	dockerCmd(c, "network", "disconnect", "testnetwork2", "first")
 	// ping must fail again
 	_, _, err = dockerCmdWithError("exec", "first", "ping", "-c", "1", "second")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
-func (s *DockerSuite) TestNetworkRmWithActiveContainers(c *check.C) {
+func (s *DockerSuite) TestNetworkRmWithActiveContainers(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	// Create 2 networks using bridge driver
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
 	// Run and connect containers to testnetwork1
 	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 	// Network delete with active containers must fail
 	_, _, err := dockerCmdWithError("network", "rm", "testnetwork1")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	dockerCmd(c, "stop", "first")
 	_, _, err = dockerCmdWithError("network", "rm", "testnetwork1")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
-func (s *DockerSuite) TestContainerRestartInMultipleNetworks(c *check.C) {
+func (s *DockerSuite) TestContainerRestartInMultipleNetworks(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	// Create 2 networks using bridge driver
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
@@ -3536,9 +3508,9 @@ func (s *DockerSuite) TestContainerRestartInMultipleNetworks(c *check.C) {
 
 	// Run and connect containers to testnetwork1
 	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 	// Check connectivity between containers in testnetwork2
 	dockerCmd(c, "exec", "first", "ping", "-c", "1", "second.testnetwork1")
 	// Connect containers to testnetwork2
@@ -3550,9 +3522,9 @@ func (s *DockerSuite) TestContainerRestartInMultipleNetworks(c *check.C) {
 	// Stop second container and test ping failures on both networks
 	dockerCmd(c, "stop", "second")
 	_, _, err := dockerCmdWithError("exec", "first", "ping", "-c", "1", "second.testnetwork1")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	_, _, err = dockerCmdWithError("exec", "first", "ping", "-c", "1", "second.testnetwork2")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// Start second container and connectivity must be restored on both networks
 	dockerCmd(c, "start", "second")
@@ -3560,99 +3532,98 @@ func (s *DockerSuite) TestContainerRestartInMultipleNetworks(c *check.C) {
 	dockerCmd(c, "exec", "second", "ping", "-c", "1", "first.testnetwork2")
 }
 
-func (s *DockerSuite) TestContainerWithConflictingHostNetworks(c *check.C) {
+func (s *DockerSuite) TestContainerWithConflictingHostNetworks(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	// Run a container with --net=host
 	dockerCmd(c, "run", "-d", "--net=host", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	// Create a network using bridge driver
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
 
 	// Connecting to the user defined network must fail
 	_, _, err := dockerCmdWithError("network", "connect", "testnetwork1", "first")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
-func (s *DockerSuite) TestContainerWithConflictingSharedNetwork(c *check.C) {
+func (s *DockerSuite) TestContainerWithConflictingSharedNetwork(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 	// Run second container in first container's network namespace
 	dockerCmd(c, "run", "-d", "--net=container:first", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// Create a network using bridge driver
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
 
 	// Connecting to the user defined network must fail
 	out, _, err := dockerCmdWithError("network", "connect", "testnetwork1", "second")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, runconfig.ErrConflictSharedNetwork.Error())
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictSharedNetwork.Error()))
 }
 
-func (s *DockerSuite) TestContainerWithConflictingNoneNetwork(c *check.C) {
+func (s *DockerSuite) TestContainerWithConflictingNoneNetwork(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--net=none", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
+	assert.Assert(c, waitRun("first") == nil)
 
 	// Create a network using bridge driver
 	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
 
 	// Connecting to the user defined network must fail
 	out, _, err := dockerCmdWithError("network", "connect", "testnetwork1", "first")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, runconfig.ErrConflictNoNetwork.Error())
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, runconfig.ErrConflictNoNetwork.Error()))
 	// create a container connected to testnetwork1
 	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
+	assert.Assert(c, waitRun("second") == nil)
 
 	// Connect second container to none network. it must fail as well
 	_, _, err = dockerCmdWithError("network", "connect", "none", "second")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
 // #11957 - stdin with no tty does not exit if stdin is not closed even though container exited
-func (s *DockerSuite) TestRunStdinBlockedAfterContainerExit(c *check.C) {
+func (s *DockerSuite) TestRunStdinBlockedAfterContainerExit(c *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "-i", "--name=test", "busybox", "true")
 	in, err := cmd.StdinPipe()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	defer in.Close()
 	stdout := bytes.NewBuffer(nil)
 	cmd.Stdout = stdout
 	cmd.Stderr = stdout
-	c.Assert(cmd.Start(), check.IsNil)
+	assert.Assert(c, cmd.Start() == nil)
 
-	waitChan := make(chan error)
+	waitChan := make(chan error, 1)
 	go func() {
 		waitChan <- cmd.Wait()
 	}()
 
 	select {
 	case err := <-waitChan:
-		c.Assert(err, check.IsNil, check.Commentf(stdout.String()))
+		assert.Assert(c, err == nil, stdout.String())
 	case <-time.After(30 * time.Second):
 		c.Fatal("timeout waiting for command to exit")
 	}
 }
 
-func (s *DockerSuite) TestRunWrongCpusetCpusFlagValue(c *check.C) {
+func (s *DockerSuite) TestRunWrongCpusetCpusFlagValue(c *testing.T) {
 	// TODO Windows: This needs validation (error out) in the daemon.
 	testRequires(c, DaemonIsLinux)
 	out, exitCode, err := dockerCmdWithError("run", "--cpuset-cpus", "1-10,11--", "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected := "Error response from daemon: Invalid value 1-10,11-- for cpuset cpus.\n"
 	if !(strings.Contains(out, expected) || exitCode == 125) {
 		c.Fatalf("Expected output to contain %q with exitCode 125, got out: %q exitCode: %v", expected, out, exitCode)
 	}
 }
 
-func (s *DockerSuite) TestRunWrongCpusetMemsFlagValue(c *check.C) {
+func (s *DockerSuite) TestRunWrongCpusetMemsFlagValue(c *testing.T) {
 	// TODO Windows: This needs validation (error out) in the daemon.
 	testRequires(c, DaemonIsLinux)
 	out, exitCode, err := dockerCmdWithError("run", "--cpuset-mems", "1-42--", "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected := "Error response from daemon: Invalid value 1-42-- for cpuset mems.\n"
 	if !(strings.Contains(out, expected) || exitCode == 125) {
 		c.Fatalf("Expected output to contain %q with exitCode 125, got out: %q exitCode: %v", expected, out, exitCode)
@@ -3660,7 +3631,7 @@ func (s *DockerSuite) TestRunWrongCpusetMemsFlagValue(c *check.C) {
 }
 
 // TestRunNonExecutableCmd checks that 'docker run busybox foo' exits with error code 127'
-func (s *DockerSuite) TestRunNonExecutableCmd(c *check.C) {
+func (s *DockerSuite) TestRunNonExecutableCmd(c *testing.T) {
 	name := "testNonExecutableCmd"
 	icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "foo").Assert(c, icmd.Expected{
 		ExitCode: 127,
@@ -3669,7 +3640,7 @@ func (s *DockerSuite) TestRunNonExecutableCmd(c *check.C) {
 }
 
 // TestRunNonExistingCmd checks that 'docker run busybox /bin/foo' exits with code 127.
-func (s *DockerSuite) TestRunNonExistingCmd(c *check.C) {
+func (s *DockerSuite) TestRunNonExistingCmd(c *testing.T) {
 	name := "testNonExistingCmd"
 	icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/bin/foo").Assert(c, icmd.Expected{
 		ExitCode: 127,
@@ -3680,7 +3651,7 @@ func (s *DockerSuite) TestRunNonExistingCmd(c *check.C) {
 // TestCmdCannotBeInvoked checks that 'docker run busybox /etc' exits with 126, or
 // 127 on Windows. The difference is that in Windows, the container must be started
 // as that's when the check is made (and yes, by its design...)
-func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) {
+func (s *DockerSuite) TestCmdCannotBeInvoked(c *testing.T) {
 	expected := 126
 	if testEnv.OSType == "windows" {
 		expected = 127
@@ -3694,7 +3665,7 @@ func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) {
 
 // TestRunNonExistingImage checks that 'docker run foo' exits with error msg 125 and contains  'Unable to find image'
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestRunNonExistingImage(c *check.C) {
+func (s *DockerSuite) TestRunNonExistingImage(c *testing.T) {
 	icmd.RunCommand(dockerBinary, "run", "foo").Assert(c, icmd.Expected{
 		ExitCode: 125,
 		Err:      "Unable to find image",
@@ -3703,7 +3674,7 @@ func (s *DockerSuite) TestRunNonExistingImage(c *check.C) {
 
 // TestDockerFails checks that 'docker run -foo busybox' exits with 125 to signal docker run failed
 // FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestDockerFails(c *check.C) {
+func (s *DockerSuite) TestDockerFails(c *testing.T) {
 	icmd.RunCommand(dockerBinary, "run", "-foo", "busybox").Assert(c, icmd.Expected{
 		ExitCode: 125,
 		Error:    "exit status 125",
@@ -3711,7 +3682,7 @@ func (s *DockerSuite) TestDockerFails(c *check.C) {
 }
 
 // TestRunInvalidReference invokes docker run with a bad reference.
-func (s *DockerSuite) TestRunInvalidReference(c *check.C) {
+func (s *DockerSuite) TestRunInvalidReference(c *testing.T) {
 	out, exit, _ := dockerCmdWithError("run", "busybox@foo")
 	if exit == 0 {
 		c.Fatalf("expected non-zero exist code; received %d", exit)
@@ -3723,7 +3694,7 @@ func (s *DockerSuite) TestRunInvalidReference(c *check.C) {
 }
 
 // Test fix for issue #17854
-func (s *DockerSuite) TestRunInitLayerPathOwnership(c *check.C) {
+func (s *DockerSuite) TestRunInitLayerPathOwnership(c *testing.T) {
 	// Not applicable on Windows as it does not support Linux uid/gid ownership
 	testRequires(c, DaemonIsLinux)
 	name := "testetcfileownership"
@@ -3740,7 +3711,7 @@ func (s *DockerSuite) TestRunInitLayerPathOwnership(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunWithOomScoreAdj(c *check.C) {
+func (s *DockerSuite) TestRunWithOomScoreAdj(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	expected := "642"
@@ -3751,111 +3722,31 @@ func (s *DockerSuite) TestRunWithOomScoreAdj(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunWithOomScoreAdjInvalidRange(c *check.C) {
+func (s *DockerSuite) TestRunWithOomScoreAdjInvalidRange(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	out, _, err := dockerCmdWithError("run", "--oom-score-adj", "1001", "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected := "Invalid value 1001, range for oom score adj is [-1000, 1000]."
 	if !strings.Contains(out, expected) {
 		c.Fatalf("Expected output to contain %q, got %q instead", expected, out)
 	}
 	out, _, err = dockerCmdWithError("run", "--oom-score-adj", "-1001", "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected = "Invalid value -1001, range for oom score adj is [-1000, 1000]."
 	if !strings.Contains(out, expected) {
 		c.Fatalf("Expected output to contain %q, got %q instead", expected, out)
 	}
 }
 
-func (s *DockerSuite) TestRunVolumesMountedAsShared(c *check.C) {
-	// Volume propagation is linux only. Also it creates directories for
-	// bind mounting, so needs to be same host.
-	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
-
-	// Prepare a source directory to bind mount
-	tmpDir, err := ioutil.TempDir("", "volume-source")
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer os.RemoveAll(tmpDir)
-
-	if err := os.Mkdir(path.Join(tmpDir, "mnt1"), 0755); err != nil {
-		c.Fatal(err)
-	}
-
-	// Convert this directory into a shared mount point so that we do
-	// not rely on propagation properties of parent mount.
-	icmd.RunCommand("mount", "--bind", tmpDir, tmpDir).Assert(c, icmd.Success)
-	icmd.RunCommand("mount", "--make-private", "--make-shared", tmpDir).Assert(c, icmd.Success)
-
-	dockerCmd(c, "run", "--privileged", "-v", fmt.Sprintf("%s:/volume-dest:shared", tmpDir), "busybox", "mount", "--bind", "/volume-dest/mnt1", "/volume-dest/mnt1")
-
-	// Make sure a bind mount under a shared volume propagated to host.
-	if mounted, _ := mount.Mounted(path.Join(tmpDir, "mnt1")); !mounted {
-		c.Fatalf("Bind mount under shared volume did not propagate to host")
-	}
-
-	mount.Unmount(path.Join(tmpDir, "mnt1"))
-}
-
-func (s *DockerSuite) TestRunVolumesMountedAsSlave(c *check.C) {
-	// Volume propagation is linux only. Also it creates directories for
-	// bind mounting, so needs to be same host.
-	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
-
-	// Prepare a source directory to bind mount
-	tmpDir, err := ioutil.TempDir("", "volume-source")
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer os.RemoveAll(tmpDir)
-
-	if err := os.Mkdir(path.Join(tmpDir, "mnt1"), 0755); err != nil {
-		c.Fatal(err)
-	}
-
-	// Prepare a source directory with file in it. We will bind mount this
-	// directory and see if file shows up.
-	tmpDir2, err := ioutil.TempDir("", "volume-source2")
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer os.RemoveAll(tmpDir2)
-
-	if err := ioutil.WriteFile(path.Join(tmpDir2, "slave-testfile"), []byte("Test"), 0644); err != nil {
-		c.Fatal(err)
-	}
-
-	// Convert this directory into a shared mount point so that we do
-	// not rely on propagation properties of parent mount.
-	icmd.RunCommand("mount", "--bind", tmpDir, tmpDir).Assert(c, icmd.Success)
-	icmd.RunCommand("mount", "--make-private", "--make-shared", tmpDir).Assert(c, icmd.Success)
-
-	dockerCmd(c, "run", "-i", "-d", "--name", "parent", "-v", fmt.Sprintf("%s:/volume-dest:slave", tmpDir), "busybox", "top")
-
-	// Bind mount tmpDir2/ onto tmpDir/mnt1. If mount propagates inside
-	// container then contents of tmpDir2/slave-testfile should become
-	// visible at "/volume-dest/mnt1/slave-testfile"
-	icmd.RunCommand("mount", "--bind", tmpDir2, path.Join(tmpDir, "mnt1")).Assert(c, icmd.Success)
-
-	out, _ := dockerCmd(c, "exec", "parent", "cat", "/volume-dest/mnt1/slave-testfile")
-
-	mount.Unmount(path.Join(tmpDir, "mnt1"))
-
-	if out != "Test" {
-		c.Fatalf("Bind mount under slave volume did not propagate to container")
-	}
-}
-
-func (s *DockerSuite) TestRunNamedVolumesMountedAsShared(c *check.C) {
+func (s *DockerSuite) TestRunNamedVolumesMountedAsShared(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	out, exitCode, _ := dockerCmdWithError("run", "-v", "foo:/test:shared", "busybox", "touch", "/test/somefile")
-	c.Assert(exitCode, checker.Not(checker.Equals), 0)
-	c.Assert(out, checker.Contains, "invalid mount config")
+	assert.Assert(c, exitCode != 0)
+	assert.Assert(c, strings.Contains(out, "invalid mount config"))
 }
 
-func (s *DockerSuite) TestRunNamedVolumeCopyImageData(c *check.C) {
+func (s *DockerSuite) TestRunNamedVolumeCopyImageData(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	testImg := "testvolumecopy"
@@ -3866,10 +3757,10 @@ func (s *DockerSuite) TestRunNamedVolumeCopyImageData(c *check.C) {
 
 	dockerCmd(c, "run", "-v", "foo:/foo", testImg)
 	out, _ := dockerCmd(c, "run", "-v", "foo:/foo", "busybox", "cat", "/foo/hello")
-	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 }
 
-func (s *DockerSuite) TestRunNamedVolumeNotRemoved(c *check.C) {
+func (s *DockerSuite) TestRunNamedVolumeNotRemoved(c *testing.T) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 
 	dockerCmd(c, "volume", "create", "test")
@@ -3877,35 +3768,35 @@ func (s *DockerSuite) TestRunNamedVolumeNotRemoved(c *check.C) {
 	dockerCmd(c, "run", "--rm", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
 	dockerCmd(c, "volume", "inspect", "test")
 	out, _ := dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "test")
+	assert.Assert(c, strings.Contains(out, "test"))
 
 	dockerCmd(c, "run", "--name=test", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
 	dockerCmd(c, "rm", "-fv", "test")
 	dockerCmd(c, "volume", "inspect", "test")
 	out, _ = dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "test")
+	assert.Assert(c, strings.Contains(out, "test"))
 }
 
-func (s *DockerSuite) TestRunNamedVolumesFromNotRemoved(c *check.C) {
+func (s *DockerSuite) TestRunNamedVolumesFromNotRemoved(c *testing.T) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 
 	dockerCmd(c, "volume", "create", "test")
 	cid, _ := dockerCmd(c, "run", "-d", "--name=parent", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
 	dockerCmd(c, "run", "--name=child", "--volumes-from=parent", "busybox", "true")
 
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	container, err := cli.ContainerInspect(context.Background(), strings.TrimSpace(cid))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	var vname string
 	for _, v := range container.Mounts {
 		if v.Name != "test" {
 			vname = v.Name
 		}
 	}
-	c.Assert(vname, checker.Not(checker.Equals), "")
+	assert.Assert(c, vname != "")
 
 	// Remove the parent so there are not other references to the volumes
 	dockerCmd(c, "rm", "-f", "parent")
@@ -3913,60 +3804,47 @@ func (s *DockerSuite) TestRunNamedVolumesFromNotRemoved(c *check.C) {
 	dockerCmd(c, "rm", "-fv", "child")
 	dockerCmd(c, "volume", "inspect", "test")
 	out, _ := dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "test")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), vname)
-}
-
-func (s *DockerSuite) TestRunAttachFailedNoLeak(c *check.C) {
-	// TODO @msabansal - https://github.com/moby/moby/issues/35023. Duplicate
-	// port mappings are not errored out on RS3 builds. Temporarily disabling
-	// this test pending further investigation. Note we parse kernel.GetKernelVersion
-	// rather than system.GetOSVersion as test binaries aren't manifested, so would
-	// otherwise report build 9200.
-	if runtime.GOOS == "windows" {
-		v, err := kernel.GetKernelVersion()
-		c.Assert(err, checker.IsNil)
-		build, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
-		if build == 16299 {
-			c.Skip("Temporarily disabled on RS3 builds")
-		}
-	}
+	assert.Assert(c, strings.Contains(out, "test"))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), vname))
+}
 
+func (s *DockerSuite) TestRunAttachFailedNoLeak(c *testing.T) {
 	nroutines, err := getGoroutineNumber()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	runSleepingContainer(c, "--name=test", "-p", "8000:8000")
 
 	// Wait until container is fully up and running
-	c.Assert(waitRun("test"), check.IsNil)
+	assert.Assert(c, waitRun("test") == nil)
 
 	out, _, err := dockerCmdWithError("run", "--name=fail", "-p", "8000:8000", "busybox", "true")
 	// We will need the following `inspect` to diagnose the issue if test fails (#21247)
 	out1, err1 := dockerCmd(c, "inspect", "--format", "{{json .State}}", "test")
 	out2, err2 := dockerCmd(c, "inspect", "--format", "{{json .State}}", "fail")
-	c.Assert(err, checker.NotNil, check.Commentf("Command should have failed but succeeded with: %s\nContainer 'test' [%+v]: %s\nContainer 'fail' [%+v]: %s", out, err1, out1, err2, out2))
+	assert.Assert(c, err != nil, "Command should have failed but succeeded with: %s\nContainer 'test' [%+v]: %s\nContainer 'fail' [%+v]: %s", out, err1, out1, err2, out2)
 	// check for windows error as well
 	// TODO Windows Post TP5. Fix the error message string
-	c.Assert(strings.Contains(string(out), "port is already allocated") ||
-		strings.Contains(string(out), "were not connected because a duplicate name exists") ||
-		strings.Contains(string(out), "The specified port already exists") ||
-		strings.Contains(string(out), "HNS failed with error : Failed to create endpoint") ||
-		strings.Contains(string(out), "HNS failed with error : The object already exists"), checker.Equals, true, check.Commentf("Output: %s", out))
+	outLowerCase := strings.ToLower(out)
+	assert.Assert(c, strings.Contains(outLowerCase, "port is already allocated") ||
+		strings.Contains(outLowerCase, "were not connected because a duplicate name exists") ||
+		strings.Contains(outLowerCase, "the specified port already exists") ||
+		strings.Contains(outLowerCase, "hns failed with error : failed to create endpoint") ||
+		strings.Contains(outLowerCase, "hns failed with error : the object already exists"), fmt.Sprintf("Output: %s", out))
 	dockerCmd(c, "rm", "-f", "test")
 
 	// NGoroutines is not updated right away, so we need to wait before failing
-	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
+	assert.Assert(c, waitForGoroutines(nroutines) == nil)
 }
 
 // Test for one character directory name case (#20122)
-func (s *DockerSuite) TestRunVolumeWithOneCharacter(c *check.C) {
+func (s *DockerSuite) TestRunVolumeWithOneCharacter(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "run", "-v", "/tmp/q:/foo", "busybox", "sh", "-c", "find /foo")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "/foo")
+	assert.Equal(c, strings.TrimSpace(out), "/foo")
 }
 
-func (s *DockerSuite) TestRunVolumeCopyFlag(c *check.C) {
+func (s *DockerSuite) TestRunVolumeCopyFlag(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // Windows does not support copying data from image to the volume
 	buildImageSuccessfully(c, "volumecopy", build.WithDockerfile(`FROM busybox
 		RUN mkdir /foo && echo hello > /foo/bar
@@ -3975,33 +3853,33 @@ func (s *DockerSuite) TestRunVolumeCopyFlag(c *check.C) {
 
 	// test with the nocopy flag
 	out, _, err := dockerCmdWithError("run", "-v", "test:/foo:nocopy", "volumecopy")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 	// test default behavior which is to copy for non-binds
 	out, _ = dockerCmd(c, "run", "-v", "test:/foo", "volumecopy")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 	// error out when the volume is already populated
 	out, _, err = dockerCmdWithError("run", "-v", "test:/foo:copy", "volumecopy")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 	// do not error out when copy isn't explicitly set even though it's already populated
 	out, _ = dockerCmd(c, "run", "-v", "test:/foo", "volumecopy")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 
 	// do not allow copy modes on volumes-from
 	dockerCmd(c, "run", "--name=test", "-v", "/foo", "busybox", "true")
 	out, _, err = dockerCmdWithError("run", "--volumes-from=test:copy", "busybox", "true")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 	out, _, err = dockerCmdWithError("run", "--volumes-from=test:nocopy", "busybox", "true")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 
 	// do not allow copy modes on binds
 	out, _, err = dockerCmdWithError("run", "-v", "/foo:/bar:copy", "busybox", "true")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 	out, _, err = dockerCmdWithError("run", "-v", "/foo:/bar:nocopy", "busybox", "true")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 }
 
 // Test case for #21976
-func (s *DockerSuite) TestRunDNSInHostMode(c *check.C) {
+func (s *DockerSuite) TestRunDNSInHostMode(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 
 	expectedOutput := "nameserver 127.0.0.1"
@@ -4030,31 +3908,31 @@ func (s *DockerSuite) TestRunDNSInHostMode(c *check.C) {
 	expectedOutput2 := "search example.com"
 	expectedOutput3 := "options timeout:3"
 	out := cli.DockerCmd(c, "run", "--dns=1.2.3.4", "--dns-search=example.com", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf").Combined()
-	c.Assert(out, checker.Contains, expectedOutput1, check.Commentf("Expected '%s', but got %q", expectedOutput1, out))
-	c.Assert(out, checker.Contains, expectedOutput2, check.Commentf("Expected '%s', but got %q", expectedOutput2, out))
-	c.Assert(out, checker.Contains, expectedOutput3, check.Commentf("Expected '%s', but got %q", expectedOutput3, out))
+	assert.Assert(c, strings.Contains(out, expectedOutput1), "Expected '%s', but got %q", expectedOutput1, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput2), "Expected '%s', but got %q", expectedOutput2, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput3), "Expected '%s', but got %q", expectedOutput3, out)
 }
 
 // Test case for #21976
-func (s *DockerSuite) TestRunAddHostInHostMode(c *check.C) {
+func (s *DockerSuite) TestRunAddHostInHostMode(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 
 	expectedOutput := "1.2.3.4\textra"
 	out, _ := dockerCmd(c, "run", "--add-host=extra:1.2.3.4", "--net=host", "busybox", "cat", "/etc/hosts")
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	assert.Assert(c, strings.Contains(out, expectedOutput), "Expected '%s', but got %q", expectedOutput, out)
 }
 
-func (s *DockerSuite) TestRunRmAndWait(c *check.C) {
+func (s *DockerSuite) TestRunRmAndWait(c *testing.T) {
 	dockerCmd(c, "run", "--name=test", "--rm", "-d", "busybox", "sh", "-c", "sleep 3;exit 2")
 
 	out, code, err := dockerCmdWithError("wait", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %s; exit code: %d", out, code))
-	c.Assert(out, checker.Equals, "2\n", check.Commentf("exit code: %d", code))
-	c.Assert(code, checker.Equals, 0)
+	assert.Assert(c, err == nil, "out: %s; exit code: %d", out, code)
+	assert.Equal(c, out, "2\n", "exit code: %d", code)
+	assert.Equal(c, code, 0)
 }
 
 // Test that auto-remove is performed by the daemon (API 1.25 and above)
-func (s *DockerSuite) TestRunRm(c *check.C) {
+func (s *DockerSuite) TestRunRm(c *testing.T) {
 	name := "miss-me-when-im-gone"
 	cli.DockerCmd(c, "run", "--name="+name, "--rm", "busybox")
 
@@ -4065,7 +3943,7 @@ func (s *DockerSuite) TestRunRm(c *check.C) {
 }
 
 // Test that auto-remove is performed by the client on API versions that do not support daemon-side api-remove (API < 1.25)
-func (s *DockerSuite) TestRunRmPre125Api(c *check.C) {
+func (s *DockerSuite) TestRunRmPre125Api(c *testing.T) {
 	name := "miss-me-when-im-gone"
 	envs := appendBaseEnv(os.Getenv("DOCKER_TLS_VERIFY") != "", "DOCKER_API_VERSION=1.24")
 	cli.Docker(cli.Args("run", "--name="+name, "--rm", "busybox"), cli.WithEnvironmentVariables(envs...)).Assert(c, icmd.Success)
@@ -4077,7 +3955,7 @@ func (s *DockerSuite) TestRunRmPre125Api(c *check.C) {
 }
 
 // Test case for #23498
-func (s *DockerSuite) TestRunUnsetEntrypoint(c *check.C) {
+func (s *DockerSuite) TestRunUnsetEntrypoint(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "test-entrypoint"
 	dockerfile := `FROM busybox
@@ -4098,7 +3976,7 @@ exec "$@"`,
 	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
 	out := cli.DockerCmd(c, "run", "--entrypoint=", "-t", name, "echo", "foo").Combined()
-	c.Assert(strings.TrimSpace(out), check.Equals, "foo")
+	assert.Equal(c, strings.TrimSpace(out), "foo")
 
 	// CMD will be reset as well (the same as setting a custom entrypoint)
 	cli.Docker(cli.Args("run", "--entrypoint=", "-t", name)).Assert(c, icmd.Expected{
@@ -4107,74 +3985,80 @@ exec "$@"`,
 	})
 }
 
-func (s *DockerDaemonSuite) TestRunWithUlimitAndDaemonDefault(c *check.C) {
+func (s *DockerDaemonSuite) TestRunWithUlimitAndDaemonDefault(c *testing.T) {
 	s.d.StartWithBusybox(c, "--debug", "--default-ulimit=nofile=65535")
 
 	name := "test-A"
 	_, err := s.d.Cmd("run", "--name", name, "-d", "busybox", "top")
-	c.Assert(err, checker.IsNil)
-	c.Assert(s.d.WaitRun(name), check.IsNil)
+	assert.NilError(c, err)
+	assert.NilError(c, s.d.WaitRun(name))
 
 	out, err := s.d.Cmd("inspect", "--format", "{{.HostConfig.Ulimits}}", name)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "[nofile=65535:65535]")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "[nofile=65535:65535]"))
 	name = "test-B"
 	_, err = s.d.Cmd("run", "--name", name, "--ulimit=nofile=42", "-d", "busybox", "top")
-	c.Assert(err, checker.IsNil)
-	c.Assert(s.d.WaitRun(name), check.IsNil)
+	assert.NilError(c, err)
+	assert.NilError(c, s.d.WaitRun(name))
 
 	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.Ulimits}}", name)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "[nofile=42:42]")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "[nofile=42:42]"))
 }
 
-func (s *DockerSuite) TestRunStoppedLoggingDriverNoLeak(c *check.C) {
+func (s *DockerSuite) TestRunStoppedLoggingDriverNoLeak(c *testing.T) {
 	nroutines, err := getGoroutineNumber()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, _, err := dockerCmdWithError("run", "--name=fail", "--log-driver=splunk", "busybox", "true")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "failed to initialize logging driver", check.Commentf("error should be about logging driver, got output %s", out))
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "failed to initialize logging driver"), "error should be about logging driver, got output %s", out)
 	// NGoroutines is not updated right away, so we need to wait before failing
-	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
+	assert.Assert(c, waitForGoroutines(nroutines) == nil)
 }
 
 // Handles error conditions for --credentialspec. Validating E2E success cases
 // requires additional infrastructure (AD for example) on CI servers.
-func (s *DockerSuite) TestRunCredentialSpecFailures(c *check.C) {
+func (s *DockerSuite) TestRunCredentialSpecFailures(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
+
 	attempts := []struct{ value, expectedError string }{
-		{"rubbish", "invalid credential spec security option - value must be prefixed file:// or registry://"},
-		{"rubbish://", "invalid credential spec security option - value must be prefixed file:// or registry://"},
-		{"file://", "no value supplied for file:// credential spec security option"},
-		{"registry://", "no value supplied for registry:// credential spec security option"},
+		{"rubbish", "invalid credential spec security option - value must be prefixed by 'file://', 'registry://', or 'raw://' followed by a non-empty value"},
+		{"rubbish://", "invalid credential spec security option - value must be prefixed by 'file://', 'registry://', or 'raw://' followed by a non-empty value"},
+		{"file://", "invalid credential spec security option - value must be prefixed by 'file://', 'registry://', or 'raw://' followed by a non-empty value"},
+		{"registry://", "invalid credential spec security option - value must be prefixed by 'file://', 'registry://', or 'raw://' followed by a non-empty value"},
 		{`file://c:\blah.txt`, "path cannot be absolute"},
 		{`file://doesnotexist.txt`, "The system cannot find the file specified"},
 	}
 	for _, attempt := range attempts {
 		_, _, err := dockerCmdWithError("run", "--security-opt=credentialspec="+attempt.value, "busybox", "true")
-		c.Assert(err, checker.NotNil, check.Commentf("%s expected non-nil err", attempt.value))
-		c.Assert(err.Error(), checker.Contains, attempt.expectedError, check.Commentf("%s expected %s got %s", attempt.value, attempt.expectedError, err))
+		assert.Assert(c, err != nil, "%s expected non-nil err", attempt.value)
+		assert.Assert(c, strings.Contains(err.Error(), attempt.expectedError), "%s expected %s got %s", attempt.value, attempt.expectedError, err)
 	}
 }
 
 // Windows specific test to validate credential specs with a well-formed spec.
-// Note it won't actually do anything in CI configuration with the spec, but
-// it should not fail to run a container.
-func (s *DockerSuite) TestRunCredentialSpecWellFormed(c *check.C) {
-	testRequires(c, DaemonIsWindows, SameHostDaemon)
-	validCS := readFile(`fixtures\credentialspecs\valid.json`, c)
-	writeFile(filepath.Join(testEnv.DaemonInfo.DockerRootDir, `credentialspecs\valid.json`), validCS, c)
-	dockerCmd(c, "run", `--security-opt=credentialspec=file://valid.json`, "busybox", "true")
+func (s *DockerSuite) TestRunCredentialSpecWellFormed(c *testing.T) {
+	testRequires(c, DaemonIsWindows, testEnv.IsLocalDaemon)
+
+	validCredSpecs := readFile(`fixtures\credentialspecs\valid.json`, c)
+	writeFile(filepath.Join(testEnv.DaemonInfo.DockerRootDir, `credentialspecs\valid.json`), validCredSpecs, c)
+
+	for _, value := range []string{"file://valid.json", "raw://" + validCredSpecs} {
+		// `nltest /PARENTDOMAIN` simply reads the local config, and does not require having an AD
+		// controller handy
+		out, _ := dockerCmd(c, "run", "--rm", "--security-opt=credentialspec="+value, minimalBaseImage(), "nltest", "/PARENTDOMAIN")
+
+		assert.Assert(c, strings.Contains(out, "hyperv.local."))
+		assert.Assert(c, strings.Contains(out, "The command completed successfully"))
+	}
 }
 
-func (s *DockerSuite) TestRunDuplicateMount(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+func (s *DockerSuite) TestRunDuplicateMount(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
 
-	tmpFile, err := ioutil.TempFile("", "touch-me")
-	c.Assert(err, checker.IsNil)
+	tmpFile, err := os.CreateTemp("", "touch-me")
+	assert.NilError(c, err)
 	defer tmpFile.Close()
 
 	data := "touch-me-foo-bar\n"
@@ -4184,98 +4068,95 @@ func (s *DockerSuite) TestRunDuplicateMount(c *check.C) {
 
 	name := "test"
 	out, _ := dockerCmd(c, "run", "--name", name, "-v", "/tmp:/tmp", "-v", "/tmp:/tmp", "busybox", "sh", "-c", "cat "+tmpFile.Name()+" && ls /")
-	c.Assert(out, checker.Not(checker.Contains), "tmp:")
-	c.Assert(out, checker.Contains, data)
-
+	assert.Assert(c, !strings.Contains(out, "tmp:"))
+	assert.Assert(c, strings.Contains(out, data))
 	out = inspectFieldJSON(c, name, "Config.Volumes")
-	c.Assert(out, checker.Contains, "null")
+	assert.Assert(c, strings.Contains(out, "null"))
 }
 
-func (s *DockerSuite) TestRunWindowsWithCPUCount(c *check.C) {
+func (s *DockerSuite) TestRunWindowsWithCPUCount(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 
 	out, _ := dockerCmd(c, "run", "--cpu-count=1", "--name", "test", "busybox", "echo", "testing")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "testing")
+	assert.Equal(c, strings.TrimSpace(out), "testing")
 
 	out = inspectField(c, "test", "HostConfig.CPUCount")
-	c.Assert(out, check.Equals, "1")
+	assert.Equal(c, out, "1")
 }
 
-func (s *DockerSuite) TestRunWindowsWithCPUShares(c *check.C) {
+func (s *DockerSuite) TestRunWindowsWithCPUShares(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 
 	out, _ := dockerCmd(c, "run", "--cpu-shares=1000", "--name", "test", "busybox", "echo", "testing")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "testing")
+	assert.Equal(c, strings.TrimSpace(out), "testing")
 
 	out = inspectField(c, "test", "HostConfig.CPUShares")
-	c.Assert(out, check.Equals, "1000")
+	assert.Equal(c, out, "1000")
 }
 
-func (s *DockerSuite) TestRunWindowsWithCPUPercent(c *check.C) {
+func (s *DockerSuite) TestRunWindowsWithCPUPercent(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 
 	out, _ := dockerCmd(c, "run", "--cpu-percent=80", "--name", "test", "busybox", "echo", "testing")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "testing")
+	assert.Equal(c, strings.TrimSpace(out), "testing")
 
 	out = inspectField(c, "test", "HostConfig.CPUPercent")
-	c.Assert(out, check.Equals, "80")
+	assert.Equal(c, out, "80")
 }
 
-func (s *DockerSuite) TestRunProcessIsolationWithCPUCountCPUSharesAndCPUPercent(c *check.C) {
-	testRequires(c, DaemonIsWindows, IsolationIsProcess)
+func (s *DockerSuite) TestRunProcessIsolationWithCPUCountCPUSharesAndCPUPercent(c *testing.T) {
+	testRequires(c, IsolationIsProcess)
 
 	out, _ := dockerCmd(c, "run", "--cpu-count=1", "--cpu-shares=1000", "--cpu-percent=80", "--name", "test", "busybox", "echo", "testing")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "WARNING: Conflicting options: CPU count takes priority over CPU shares on Windows Server Containers. CPU shares discarded")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "WARNING: Conflicting options: CPU count takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "testing")
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "WARNING: Conflicting options: CPU count takes priority over CPU shares on Windows Server Containers. CPU shares discarded"))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "WARNING: Conflicting options: CPU count takes priority over CPU percent on Windows Server Containers. CPU percent discarded"))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "testing"))
 	out = inspectField(c, "test", "HostConfig.CPUCount")
-	c.Assert(out, check.Equals, "1")
+	assert.Equal(c, out, "1")
 
 	out = inspectField(c, "test", "HostConfig.CPUShares")
-	c.Assert(out, check.Equals, "0")
+	assert.Equal(c, out, "0")
 
 	out = inspectField(c, "test", "HostConfig.CPUPercent")
-	c.Assert(out, check.Equals, "0")
+	assert.Equal(c, out, "0")
 }
 
-func (s *DockerSuite) TestRunHypervIsolationWithCPUCountCPUSharesAndCPUPercent(c *check.C) {
-	testRequires(c, DaemonIsWindows, IsolationIsHyperv)
+func (s *DockerSuite) TestRunHypervIsolationWithCPUCountCPUSharesAndCPUPercent(c *testing.T) {
+	testRequires(c, IsolationIsHyperv)
 
 	out, _ := dockerCmd(c, "run", "--cpu-count=1", "--cpu-shares=1000", "--cpu-percent=80", "--name", "test", "busybox", "echo", "testing")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "testing")
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "testing"))
 	out = inspectField(c, "test", "HostConfig.CPUCount")
-	c.Assert(out, check.Equals, "1")
+	assert.Equal(c, out, "1")
 
 	out = inspectField(c, "test", "HostConfig.CPUShares")
-	c.Assert(out, check.Equals, "1000")
+	assert.Equal(c, out, "1000")
 
 	out = inspectField(c, "test", "HostConfig.CPUPercent")
-	c.Assert(out, check.Equals, "80")
+	assert.Equal(c, out, "80")
 }
 
 // Test for #25099
-func (s *DockerSuite) TestRunEmptyEnv(c *check.C) {
+func (s *DockerSuite) TestRunEmptyEnv(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	expectedOutput := "invalid environment variable:"
 
 	out, _, err := dockerCmdWithError("run", "-e", "", "busybox", "true")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, expectedOutput)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, expectedOutput))
 
 	out, _, err = dockerCmdWithError("run", "-e", "=", "busybox", "true")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, expectedOutput)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, expectedOutput))
 
 	out, _, err = dockerCmdWithError("run", "-e", "=foo", "busybox", "true")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, expectedOutput)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, expectedOutput))
 }
 
 // #28658
-func (s *DockerSuite) TestSlowStdinClosing(c *check.C) {
+func (s *DockerSuite) TestSlowStdinClosing(c *testing.T) {
 	name := "testslowstdinclosing"
 	repeat := 3 // regression happened 50% of the time
 	for i := 0; i < repeat; i++ {
@@ -4293,7 +4174,7 @@ func (s *DockerSuite) TestSlowStdinClosing(c *check.C) {
 		case <-time.After(30 * time.Second):
 			c.Fatal("running container timed out") // cleanup in teardown
 		case err := <-done:
-			c.Assert(err, checker.IsNil)
+			assert.NilError(c, err)
 		}
 	}
 }
@@ -4306,23 +4187,23 @@ func (s *delayedReader) Read([]byte) (int, error) {
 }
 
 // #28823 (originally #28639)
-func (s *DockerSuite) TestRunMountReadOnlyDevShm(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
-	emptyDir, err := ioutil.TempDir("", "test-read-only-dev-shm")
-	c.Assert(err, check.IsNil)
+func (s *DockerSuite) TestRunMountReadOnlyDevShm(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux, NotUserNamespace)
+	emptyDir, err := os.MkdirTemp("", "test-read-only-dev-shm")
+	assert.NilError(c, err)
 	defer os.RemoveAll(emptyDir)
 	out, _, err := dockerCmdWithError("run", "--rm", "--read-only",
 		"-v", fmt.Sprintf("%s:/dev/shm:ro", emptyDir),
 		"busybox", "touch", "/dev/shm/foo")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Read-only file system")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Read-only file system"))
 }
 
-func (s *DockerSuite) TestRunMount(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
+func (s *DockerSuite) TestRunMount(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon, NotUserNamespace)
 
 	// mnt1, mnt2, and testCatFooBar are commonly used in multiple test cases
-	tmpDir, err := ioutil.TempDir("", "mount")
+	tmpDir, err := os.MkdirTemp("", "mount")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -4334,10 +4215,10 @@ func (s *DockerSuite) TestRunMount(c *check.C) {
 	if err := os.Mkdir(mnt2, 0755); err != nil {
 		c.Fatal(err)
 	}
-	if err := ioutil.WriteFile(path.Join(mnt1, "test1"), []byte("test1"), 0644); err != nil {
+	if err := os.WriteFile(path.Join(mnt1, "test1"), []byte("test1"), 0644); err != nil {
 		c.Fatal(err)
 	}
-	if err := ioutil.WriteFile(path.Join(mnt2, "test2"), []byte("test2"), 0644); err != nil {
+	if err := os.WriteFile(path.Join(mnt2, "test2"), []byte("test2"), 0644); err != nil {
 		c.Fatal(err)
 	}
 	testCatFooBar := func(cName string) error {
@@ -4483,14 +4364,11 @@ func (s *DockerSuite) TestRunMount(c *check.C) {
 			_, _, err := dockerCmdWithError(append([]string{"run", "-i", "-d", "--name", cName},
 				append(opts, []string{"busybox", "top"}...)...)...)
 			if testCase.valid {
-				c.Assert(err, check.IsNil,
-					check.Commentf("got error while creating a container with %v (%s)", opts, cName))
-				c.Assert(testCase.fn(cName), check.IsNil,
-					check.Commentf("got error while executing test for %v (%s)", opts, cName))
+				assert.Assert(c, err == nil, "got error while creating a container with %v (%s)", opts, cName)
+				assert.Assert(c, testCase.fn(cName) == nil, "got error while executing test for %v (%s)", opts, cName)
 				dockerCmd(c, "rm", "-f", cName)
 			} else {
-				c.Assert(err, checker.NotNil,
-					check.Commentf("got nil while creating a container with %v (%s)", opts, cName))
+				assert.Assert(c, err != nil, "got nil while creating a container with %v (%s)", opts, cName)
 			}
 		}
 	}
@@ -4498,28 +4376,28 @@ func (s *DockerSuite) TestRunMount(c *check.C) {
 
 // Test that passing a FQDN as hostname properly sets hostname, and
 // /etc/hostname. Test case for 29100
-func (s *DockerSuite) TestRunHostnameFQDN(c *check.C) {
+func (s *DockerSuite) TestRunHostnameFQDN(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	expectedOutput := "foobar.example.com\nfoobar.example.com\nfoobar\nexample.com\nfoobar.example.com"
 	out, _ := dockerCmd(c, "run", "--hostname=foobar.example.com", "busybox", "sh", "-c", `cat /etc/hostname && hostname && hostname -s && hostname -d && hostname -f`)
-	c.Assert(strings.TrimSpace(out), checker.Equals, expectedOutput)
+	assert.Equal(c, strings.TrimSpace(out), expectedOutput)
 
 	out, _ = dockerCmd(c, "run", "--hostname=foobar.example.com", "busybox", "sh", "-c", `cat /etc/hosts`)
 	expectedOutput = "foobar.example.com foobar"
-	c.Assert(strings.TrimSpace(out), checker.Contains, expectedOutput)
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), expectedOutput))
 }
 
 // Test case for 29129
-func (s *DockerSuite) TestRunHostnameInHostMode(c *check.C) {
+func (s *DockerSuite) TestRunHostnameInHostMode(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 
 	expectedOutput := "foobar\nfoobar"
 	out, _ := dockerCmd(c, "run", "--net=host", "--hostname=foobar", "busybox", "sh", "-c", `echo $HOSTNAME && hostname`)
-	c.Assert(strings.TrimSpace(out), checker.Equals, expectedOutput)
+	assert.Equal(c, strings.TrimSpace(out), expectedOutput)
 }
 
-func (s *DockerSuite) TestRunAddDeviceCgroupRule(c *check.C) {
+func (s *DockerSuite) TestRunAddDeviceCgroupRule(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	deviceRule := "c 7:128 rwm"
@@ -4530,12 +4408,12 @@ func (s *DockerSuite) TestRunAddDeviceCgroupRule(c *check.C) {
 	}
 
 	out, _ = dockerCmd(c, "run", "--rm", fmt.Sprintf("--device-cgroup-rule=%s", deviceRule), "busybox", "grep", deviceRule, "/sys/fs/cgroup/devices/devices.list")
-	c.Assert(strings.TrimSpace(out), checker.Equals, deviceRule)
+	assert.Equal(c, strings.TrimSpace(out), deviceRule)
 }
 
 // Verifies that running as local system is operating correctly on Windows
-func (s *DockerSuite) TestWindowsRunAsSystem(c *check.C) {
-	testRequires(c, DaemonIsWindowsAtLeastBuild(15000))
+func (s *DockerSuite) TestWindowsRunAsSystem(c *testing.T) {
+	testRequires(c, DaemonIsWindowsAtLeastBuild(osversion.RS3))
 	out, _ := dockerCmd(c, "run", "--net=none", `--user=nt authority\system`, "--hostname=XYZZY", minimalBaseImage(), "cmd", "/c", `@echo %USERNAME%`)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "XYZZY$")
+	assert.Equal(c, strings.TrimSpace(out), "XYZZY$")
 }
diff --git a/integration-cli/docker_cli_run_unix_test.go b/integration-cli/docker_cli_run_unix_test.go
index 463a52c85b4b0..280948d6b2e67 100644
--- a/integration-cli/docker_cli_run_unix_test.go
+++ b/integration-cli/docker_cli_run_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -7,7 +8,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -15,32 +15,32 @@ import (
 	"strconv"
 	"strings"
 	"syscall"
+	"testing"
 	"time"
 
+	"github.com/creack/pty"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/pkg/homedir"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/sysinfo"
-	"github.com/go-check/check"
-	"github.com/kr/pty"
-	"gotest.tools/icmd"
+	"github.com/moby/sys/mount"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
 // #6509
-func (s *DockerSuite) TestRunRedirectStdout(c *check.C) {
+func (s *DockerSuite) TestRunRedirectStdout(c *testing.T) {
 	checkRedirect := func(command string) {
 		_, tty, err := pty.Open()
-		c.Assert(err, checker.IsNil, check.Commentf("Could not open pty"))
+		assert.Assert(c, err == nil, "Could not open pty")
 		cmd := exec.Command("sh", "-c", command)
 		cmd.Stdin = tty
 		cmd.Stdout = tty
 		cmd.Stderr = tty
-		c.Assert(cmd.Start(), checker.IsNil)
-		ch := make(chan error)
+		assert.NilError(c, cmd.Start())
+		ch := make(chan error, 1)
 		go func() {
 			ch <- cmd.Wait()
 			close(ch)
@@ -50,7 +50,7 @@ func (s *DockerSuite) TestRunRedirectStdout(c *check.C) {
 		case <-time.After(10 * time.Second):
 			c.Fatal("command timeout")
 		case err := <-ch:
-			c.Assert(err, checker.IsNil, check.Commentf("wait err"))
+			assert.Assert(c, err == nil, "wait err")
 		}
 	}
 
@@ -59,71 +59,70 @@ func (s *DockerSuite) TestRunRedirectStdout(c *check.C) {
 }
 
 // Test recursive bind mount works by default
-func (s *DockerSuite) TestRunWithVolumesIsRecursive(c *check.C) {
+func (s *DockerSuite) TestRunWithVolumesIsRecursive(c *testing.T) {
 	// /tmp gets permission denied
-	testRequires(c, NotUserNamespace, SameHostDaemon)
-	tmpDir, err := ioutil.TempDir("", "docker_recursive_mount_test")
-	c.Assert(err, checker.IsNil)
+	testRequires(c, NotUserNamespace, testEnv.IsLocalDaemon)
+	tmpDir, err := os.MkdirTemp("", "docker_recursive_mount_test")
+	assert.NilError(c, err)
 
 	defer os.RemoveAll(tmpDir)
 
 	// Create a temporary tmpfs mount.
 	tmpfsDir := filepath.Join(tmpDir, "tmpfs")
-	c.Assert(os.MkdirAll(tmpfsDir, 0777), checker.IsNil, check.Commentf("failed to mkdir at %s", tmpfsDir))
-	c.Assert(mount.Mount("tmpfs", tmpfsDir, "tmpfs", ""), checker.IsNil, check.Commentf("failed to create a tmpfs mount at %s", tmpfsDir))
+	assert.Assert(c, os.MkdirAll(tmpfsDir, 0777) == nil, "failed to mkdir at %s", tmpfsDir)
+	assert.Assert(c, mount.Mount("tmpfs", tmpfsDir, "tmpfs", "") == nil, "failed to create a tmpfs mount at %s", tmpfsDir)
 
-	f, err := ioutil.TempFile(tmpfsDir, "touch-me")
-	c.Assert(err, checker.IsNil)
+	f, err := os.CreateTemp(tmpfsDir, "touch-me")
+	assert.NilError(c, err)
 	defer f.Close()
 
 	out, _ := dockerCmd(c, "run", "--name", "test-data", "--volume", fmt.Sprintf("%s:/tmp:ro", tmpDir), "busybox:latest", "ls", "/tmp/tmpfs")
-	c.Assert(out, checker.Contains, filepath.Base(f.Name()), check.Commentf("Recursive bind mount test failed. Expected file not found"))
+	assert.Assert(c, strings.Contains(out, filepath.Base(f.Name())), "Recursive bind mount test failed. Expected file not found")
 }
 
-func (s *DockerSuite) TestRunDeviceDirectory(c *check.C) {
+func (s *DockerSuite) TestRunDeviceDirectory(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	if _, err := os.Stat("/dev/snd"); err != nil {
 		c.Skip("Host does not have /dev/snd")
 	}
 
 	out, _ := dockerCmd(c, "run", "--device", "/dev/snd:/dev/snd", "busybox", "sh", "-c", "ls /dev/snd/")
-	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "timer", check.Commentf("expected output /dev/snd/timer"))
-
+	assert.Assert(c, strings.Contains(strings.Trim(out, "\r\n"), "timer"), "expected output /dev/snd/timer")
 	out, _ = dockerCmd(c, "run", "--device", "/dev/snd:/dev/othersnd", "busybox", "sh", "-c", "ls /dev/othersnd/")
-	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "seq", check.Commentf("expected output /dev/othersnd/seq"))
+	assert.Assert(c, strings.Contains(strings.Trim(out, "\r\n"), "seq"), "expected output /dev/othersnd/seq")
 }
 
 // TestRunAttachDetach checks attaching and detaching with the default escape sequence.
-func (s *DockerSuite) TestRunAttachDetach(c *check.C) {
+func (s *DockerSuite) TestRunAttachDetach(c *testing.T) {
 	name := "attach-detach"
 
 	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "cat")
 
 	cmd := exec.Command(dockerBinary, "attach", name)
 	stdout, err := cmd.StdoutPipe()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	cpty, tty, err := pty.Open()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer cpty.Close()
 	cmd.Stdin = tty
-	c.Assert(cmd.Start(), checker.IsNil)
-	c.Assert(waitRun(name), check.IsNil)
+	assert.NilError(c, cmd.Start())
+	assert.Assert(c, waitRun(name) == nil)
 
 	_, err = cpty.Write([]byte("hello\n"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, err := bufio.NewReader(stdout).ReadString('\n')
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+	assert.NilError(c, err)
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 
 	// escape sequence
 	_, err = cpty.Write([]byte{16})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	time.Sleep(100 * time.Millisecond)
 	_, err = cpty.Write([]byte{17})
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	ch := make(chan struct{})
+	ch := make(chan struct{}, 1)
 	go func() {
 		cmd.Wait()
 		ch <- struct{}{}
@@ -136,16 +135,16 @@ func (s *DockerSuite) TestRunAttachDetach(c *check.C) {
 	}
 
 	running := inspectField(c, name, "State.Running")
-	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+	assert.Equal(c, running, "true", "expected container to still be running")
 
 	out, _ = dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c), "-f", "container="+name)
 	// attach and detach event should be monitored
-	c.Assert(out, checker.Contains, "attach")
-	c.Assert(out, checker.Contains, "detach")
+	assert.Assert(c, strings.Contains(out, "attach"))
+	assert.Assert(c, strings.Contains(out, "detach"))
 }
 
 // TestRunAttachDetachFromFlag checks attaching and detaching with the escape sequence specified via flags.
-func (s *DockerSuite) TestRunAttachDetachFromFlag(c *check.C) {
+func (s *DockerSuite) TestRunAttachDetachFromFlag(c *testing.T) {
 	name := "attach-detach"
 	keyCtrlA := []byte{1}
 	keyA := []byte{97}
@@ -166,7 +165,7 @@ func (s *DockerSuite) TestRunAttachDetachFromFlag(c *check.C) {
 	if err := cmd.Start(); err != nil {
 		c.Fatal(err)
 	}
-	c.Assert(waitRun(name), check.IsNil)
+	assert.Assert(c, waitRun(name) == nil)
 
 	if _, err := cpty.Write([]byte("hello\n")); err != nil {
 		c.Fatal(err)
@@ -189,7 +188,7 @@ func (s *DockerSuite) TestRunAttachDetachFromFlag(c *check.C) {
 		c.Fatal(err)
 	}
 
-	ch := make(chan struct{})
+	ch := make(chan struct{}, 1)
 	go func() {
 		cmd.Wait()
 		ch <- struct{}{}
@@ -202,14 +201,14 @@ func (s *DockerSuite) TestRunAttachDetachFromFlag(c *check.C) {
 	}
 
 	running := inspectField(c, name, "State.Running")
-	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+	assert.Equal(c, running, "true", "expected container to still be running")
 }
 
 // TestRunAttachDetachFromInvalidFlag checks attaching and detaching with the escape sequence specified via flags.
-func (s *DockerSuite) TestRunAttachDetachFromInvalidFlag(c *check.C) {
+func (s *DockerSuite) TestRunAttachDetachFromInvalidFlag(c *testing.T) {
 	name := "attach-detach"
 	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "top")
-	c.Assert(waitRun(name), check.IsNil)
+	assert.Assert(c, waitRun(name) == nil)
 
 	// specify an invalid detach key, container will ignore it and use default
 	cmd := exec.Command(dockerBinary, "attach", "--detach-keys=ctrl-A,a", name)
@@ -235,19 +234,19 @@ func (s *DockerSuite) TestRunAttachDetachFromInvalidFlag(c *check.C) {
 	}
 	// it should print a warning to indicate the detach key flag is invalid
 	errStr := "Invalid detach keys (ctrl-A,a) provided"
-	c.Assert(strings.TrimSpace(out), checker.Equals, errStr)
+	assert.Equal(c, strings.TrimSpace(out), errStr)
 }
 
 // TestRunAttachDetachFromConfig checks attaching and detaching with the escape sequence specified via config file.
-func (s *DockerSuite) TestRunAttachDetachFromConfig(c *check.C) {
+func (s *DockerSuite) TestRunAttachDetachFromConfig(c *testing.T) {
 	keyCtrlA := []byte{1}
 	keyA := []byte{97}
 
 	// Setup config
 	homeKey := homedir.Key()
 	homeVal := homedir.Get()
-	tmpDir, err := ioutil.TempDir("", "fake-home")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "fake-home")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpDir)
 
 	dotDocker := filepath.Join(tmpDir, ".docker")
@@ -261,8 +260,8 @@ func (s *DockerSuite) TestRunAttachDetachFromConfig(c *check.C) {
 		"detachKeys": "ctrl-a,a"
 	}`
 
-	err = ioutil.WriteFile(tmpCfg, []byte(data), 0600)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(tmpCfg, []byte(data), 0600)
+	assert.NilError(c, err)
 
 	// Then do the work
 	name := "attach-detach"
@@ -282,7 +281,7 @@ func (s *DockerSuite) TestRunAttachDetachFromConfig(c *check.C) {
 	if err := cmd.Start(); err != nil {
 		c.Fatal(err)
 	}
-	c.Assert(waitRun(name), check.IsNil)
+	assert.Assert(c, waitRun(name) == nil)
 
 	if _, err := cpty.Write([]byte("hello\n")); err != nil {
 		c.Fatal(err)
@@ -305,7 +304,7 @@ func (s *DockerSuite) TestRunAttachDetachFromConfig(c *check.C) {
 		c.Fatal(err)
 	}
 
-	ch := make(chan struct{})
+	ch := make(chan struct{}, 1)
 	go func() {
 		cmd.Wait()
 		ch <- struct{}{}
@@ -318,19 +317,19 @@ func (s *DockerSuite) TestRunAttachDetachFromConfig(c *check.C) {
 	}
 
 	running := inspectField(c, name, "State.Running")
-	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+	assert.Equal(c, running, "true", "expected container to still be running")
 }
 
 // TestRunAttachDetachKeysOverrideConfig checks attaching and detaching with the detach flags, making sure it overrides config file
-func (s *DockerSuite) TestRunAttachDetachKeysOverrideConfig(c *check.C) {
+func (s *DockerSuite) TestRunAttachDetachKeysOverrideConfig(c *testing.T) {
 	keyCtrlA := []byte{1}
 	keyA := []byte{97}
 
 	// Setup config
 	homeKey := homedir.Key()
 	homeVal := homedir.Get()
-	tmpDir, err := ioutil.TempDir("", "fake-home")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "fake-home")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpDir)
 
 	dotDocker := filepath.Join(tmpDir, ".docker")
@@ -344,8 +343,8 @@ func (s *DockerSuite) TestRunAttachDetachKeysOverrideConfig(c *check.C) {
 		"detachKeys": "ctrl-e,e"
 	}`
 
-	err = ioutil.WriteFile(tmpCfg, []byte(data), 0600)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(tmpCfg, []byte(data), 0600)
+	assert.NilError(c, err)
 
 	// Then do the work
 	name := "attach-detach"
@@ -365,7 +364,7 @@ func (s *DockerSuite) TestRunAttachDetachKeysOverrideConfig(c *check.C) {
 	if err := cmd.Start(); err != nil {
 		c.Fatal(err)
 	}
-	c.Assert(waitRun(name), check.IsNil)
+	assert.Assert(c, waitRun(name) == nil)
 
 	if _, err := cpty.Write([]byte("hello\n")); err != nil {
 		c.Fatal(err)
@@ -388,7 +387,7 @@ func (s *DockerSuite) TestRunAttachDetachKeysOverrideConfig(c *check.C) {
 		c.Fatal(err)
 	}
 
-	ch := make(chan struct{})
+	ch := make(chan struct{}, 1)
 	go func() {
 		cmd.Wait()
 		ch <- struct{}{}
@@ -401,10 +400,10 @@ func (s *DockerSuite) TestRunAttachDetachKeysOverrideConfig(c *check.C) {
 	}
 
 	running := inspectField(c, name, "State.Running")
-	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+	assert.Equal(c, running, "true", "expected container to still be running")
 }
 
-func (s *DockerSuite) TestRunAttachInvalidDetachKeySequencePreserved(c *check.C) {
+func (s *DockerSuite) TestRunAttachInvalidDetachKeySequencePreserved(c *testing.T) {
 	name := "attach-detach"
 	keyA := []byte{97}
 	keyB := []byte{98}
@@ -426,7 +425,7 @@ func (s *DockerSuite) TestRunAttachInvalidDetachKeySequencePreserved(c *check.C)
 		c.Fatal(err)
 	}
 	go cmd.Wait()
-	c.Assert(waitRun(name), check.IsNil)
+	assert.Assert(c, waitRun(name) == nil)
 
 	// Invalid escape sequence aba, should print aba in output
 	if _, err := cpty.Write(keyA); err != nil {
@@ -455,87 +454,60 @@ func (s *DockerSuite) TestRunAttachInvalidDetachKeySequencePreserved(c *check.C)
 }
 
 // "test" should be printed
-func (s *DockerSuite) TestRunWithCPUQuota(c *check.C) {
+func (s *DockerSuite) TestRunWithCPUQuota(c *testing.T) {
 	testRequires(c, cpuCfsQuota)
 
 	file := "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"
 	out, _ := dockerCmd(c, "run", "--cpu-quota", "8000", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "8000")
+	assert.Equal(c, strings.TrimSpace(out), "8000")
 
 	out = inspectField(c, "test", "HostConfig.CpuQuota")
-	c.Assert(out, checker.Equals, "8000", check.Commentf("setting the CPU CFS quota failed"))
+	assert.Equal(c, out, "8000", "setting the CPU CFS quota failed")
 }
 
-func (s *DockerSuite) TestRunWithCpuPeriod(c *check.C) {
+func (s *DockerSuite) TestRunWithCpuPeriod(c *testing.T) {
 	testRequires(c, cpuCfsPeriod)
 
 	file := "/sys/fs/cgroup/cpu/cpu.cfs_period_us"
 	out, _ := dockerCmd(c, "run", "--cpu-period", "50000", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "50000")
+	assert.Equal(c, strings.TrimSpace(out), "50000")
 
 	out, _ = dockerCmd(c, "run", "--cpu-period", "0", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "100000")
+	assert.Equal(c, strings.TrimSpace(out), "100000")
 
 	out = inspectField(c, "test", "HostConfig.CpuPeriod")
-	c.Assert(out, checker.Equals, "50000", check.Commentf("setting the CPU CFS period failed"))
+	assert.Equal(c, out, "50000", "setting the CPU CFS period failed")
 }
 
-func (s *DockerSuite) TestRunWithInvalidCpuPeriod(c *check.C) {
+func (s *DockerSuite) TestRunWithInvalidCpuPeriod(c *testing.T) {
 	testRequires(c, cpuCfsPeriod)
 	out, _, err := dockerCmdWithError("run", "--cpu-period", "900", "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected := "CPU cfs period can not be less than 1ms (i.e. 1000) or larger than 1s (i.e. 1000000)"
-	c.Assert(out, checker.Contains, expected)
+	assert.Assert(c, strings.Contains(out, expected))
 
 	out, _, err = dockerCmdWithError("run", "--cpu-period", "2000000", "busybox", "true")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, expected)
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, expected))
 
 	out, _, err = dockerCmdWithError("run", "--cpu-period", "-3", "busybox", "true")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, expected)
-}
-
-func (s *DockerSuite) TestRunWithKernelMemory(c *check.C) {
-	testRequires(c, kernelMemorySupport)
-
-	file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
-	cli.DockerCmd(c, "run", "--kernel-memory", "50M", "--name", "test1", "busybox", "cat", file).Assert(c, icmd.Expected{
-		Out: "52428800",
-	})
-
-	cli.InspectCmd(c, "test1", cli.Format(".HostConfig.KernelMemory")).Assert(c, icmd.Expected{
-		Out: "52428800",
-	})
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
-func (s *DockerSuite) TestRunWithInvalidKernelMemory(c *check.C) {
-	testRequires(c, kernelMemorySupport)
-
-	out, _, err := dockerCmdWithError("run", "--kernel-memory", "2M", "busybox", "true")
-	c.Assert(err, check.NotNil)
-	expected := "Minimum kernel memory limit allowed is 4MB"
-	c.Assert(out, checker.Contains, expected)
-
-	out, _, err = dockerCmdWithError("run", "--kernel-memory", "-16m", "--name", "test2", "busybox", "echo", "test")
-	c.Assert(err, check.NotNil)
-	expected = "invalid size"
-	c.Assert(out, checker.Contains, expected)
-}
-
-func (s *DockerSuite) TestRunWithCPUShares(c *check.C) {
+func (s *DockerSuite) TestRunWithCPUShares(c *testing.T) {
 	testRequires(c, cpuShare)
 
 	file := "/sys/fs/cgroup/cpu/cpu.shares"
 	out, _ := dockerCmd(c, "run", "--cpu-shares", "1000", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "1000")
+	assert.Equal(c, strings.TrimSpace(out), "1000")
 
 	out = inspectField(c, "test", "HostConfig.CPUShares")
-	c.Assert(out, check.Equals, "1000")
+	assert.Equal(c, out, "1000")
 }
 
 // "test" should be printed
-func (s *DockerSuite) TestRunEchoStdoutWithCPUSharesAndMemoryLimit(c *check.C) {
+func (s *DockerSuite) TestRunEchoStdoutWithCPUSharesAndMemoryLimit(c *testing.T) {
 	testRequires(c, cpuShare)
 	testRequires(c, memoryLimitSupport)
 	cli.DockerCmd(c, "run", "--cpu-shares", "1000", "-m", "32m", "busybox", "echo", "test").Assert(c, icmd.Expected{
@@ -543,80 +515,80 @@ func (s *DockerSuite) TestRunEchoStdoutWithCPUSharesAndMemoryLimit(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestRunWithCpusetCpus(c *check.C) {
+func (s *DockerSuite) TestRunWithCpusetCpus(c *testing.T) {
 	testRequires(c, cgroupCpuset)
 
 	file := "/sys/fs/cgroup/cpuset/cpuset.cpus"
 	out, _ := dockerCmd(c, "run", "--cpuset-cpus", "0", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0")
 
 	out = inspectField(c, "test", "HostConfig.CpusetCpus")
-	c.Assert(out, check.Equals, "0")
+	assert.Equal(c, out, "0")
 }
 
-func (s *DockerSuite) TestRunWithCpusetMems(c *check.C) {
+func (s *DockerSuite) TestRunWithCpusetMems(c *testing.T) {
 	testRequires(c, cgroupCpuset)
 
 	file := "/sys/fs/cgroup/cpuset/cpuset.mems"
 	out, _ := dockerCmd(c, "run", "--cpuset-mems", "0", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0")
 
 	out = inspectField(c, "test", "HostConfig.CpusetMems")
-	c.Assert(out, check.Equals, "0")
+	assert.Equal(c, out, "0")
 }
 
-func (s *DockerSuite) TestRunWithBlkioWeight(c *check.C) {
+func (s *DockerSuite) TestRunWithBlkioWeight(c *testing.T) {
 	testRequires(c, blkioWeight)
 
 	file := "/sys/fs/cgroup/blkio/blkio.weight"
 	out, _ := dockerCmd(c, "run", "--blkio-weight", "300", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "300")
+	assert.Equal(c, strings.TrimSpace(out), "300")
 
 	out = inspectField(c, "test", "HostConfig.BlkioWeight")
-	c.Assert(out, check.Equals, "300")
+	assert.Equal(c, out, "300")
 }
 
-func (s *DockerSuite) TestRunWithInvalidBlkioWeight(c *check.C) {
+func (s *DockerSuite) TestRunWithInvalidBlkioWeight(c *testing.T) {
 	testRequires(c, blkioWeight)
 	out, _, err := dockerCmdWithError("run", "--blkio-weight", "5", "busybox", "true")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 	expected := "Range of blkio weight is from 10 to 1000"
-	c.Assert(out, checker.Contains, expected)
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
-func (s *DockerSuite) TestRunWithInvalidPathforBlkioWeightDevice(c *check.C) {
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioWeightDevice(c *testing.T) {
 	testRequires(c, blkioWeight)
 	out, _, err := dockerCmdWithError("run", "--blkio-weight-device", "/dev/sdX:100", "busybox", "true")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 }
 
-func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceReadBps(c *check.C) {
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceReadBps(c *testing.T) {
 	testRequires(c, blkioWeight)
 	out, _, err := dockerCmdWithError("run", "--device-read-bps", "/dev/sdX:500", "busybox", "true")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 }
 
-func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceWriteBps(c *check.C) {
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceWriteBps(c *testing.T) {
 	testRequires(c, blkioWeight)
 	out, _, err := dockerCmdWithError("run", "--device-write-bps", "/dev/sdX:500", "busybox", "true")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 }
 
-func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceReadIOps(c *check.C) {
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceReadIOps(c *testing.T) {
 	testRequires(c, blkioWeight)
 	out, _, err := dockerCmdWithError("run", "--device-read-iops", "/dev/sdX:500", "busybox", "true")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 }
 
-func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceWriteIOps(c *check.C) {
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceWriteIOps(c *testing.T) {
 	testRequires(c, blkioWeight)
 	out, _, err := dockerCmdWithError("run", "--device-write-iops", "/dev/sdX:500", "busybox", "true")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 }
 
-func (s *DockerSuite) TestRunOOMExitCode(c *check.C) {
+func (s *DockerSuite) TestRunOOMExitCode(c *testing.T) {
 	testRequires(c, memoryLimitSupport, swapMemorySupport, NotPpc64le)
-	errChan := make(chan error)
+	errChan := make(chan error, 1)
 	go func() {
 		defer close(errChan)
 		// memory limit lower than 8MB will raise an error of "device or resource busy" from docker-runc.
@@ -628,13 +600,13 @@ func (s *DockerSuite) TestRunOOMExitCode(c *check.C) {
 
 	select {
 	case err := <-errChan:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(600 * time.Second):
 		c.Fatal("Timeout waiting for container to die on OOM")
 	}
 }
 
-func (s *DockerSuite) TestRunWithMemoryLimit(c *check.C) {
+func (s *DockerSuite) TestRunWithMemoryLimit(c *testing.T) {
 	testRequires(c, memoryLimitSupport)
 
 	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
@@ -650,88 +622,86 @@ func (s *DockerSuite) TestRunWithMemoryLimit(c *check.C) {
 // memory limit, this means the processes in the container can use
 // 16M memory and as much swap memory as they need (if the host
 // supports swap memory).
-func (s *DockerSuite) TestRunWithoutMemoryswapLimit(c *check.C) {
+func (s *DockerSuite) TestRunWithoutMemoryswapLimit(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 	testRequires(c, swapMemorySupport)
 	dockerCmd(c, "run", "-m", "32m", "--memory-swap", "-1", "busybox", "true")
 }
 
-func (s *DockerSuite) TestRunWithSwappiness(c *check.C) {
+func (s *DockerSuite) TestRunWithSwappiness(c *testing.T) {
 	testRequires(c, memorySwappinessSupport)
 	file := "/sys/fs/cgroup/memory/memory.swappiness"
 	out, _ := dockerCmd(c, "run", "--memory-swappiness", "0", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0")
 
 	out = inspectField(c, "test", "HostConfig.MemorySwappiness")
-	c.Assert(out, check.Equals, "0")
+	assert.Equal(c, out, "0")
 }
 
-func (s *DockerSuite) TestRunWithSwappinessInvalid(c *check.C) {
+func (s *DockerSuite) TestRunWithSwappinessInvalid(c *testing.T) {
 	testRequires(c, memorySwappinessSupport)
 	out, _, err := dockerCmdWithError("run", "--memory-swappiness", "101", "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected := "Valid memory swappiness range is 0-100"
-	c.Assert(out, checker.Contains, expected, check.Commentf("Expected output to contain %q, not %q", out, expected))
-
+	assert.Assert(c, strings.Contains(out, expected), "Expected output to contain %q, not %q", out, expected)
 	out, _, err = dockerCmdWithError("run", "--memory-swappiness", "-10", "busybox", "true")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, expected, check.Commentf("Expected output to contain %q, not %q", out, expected))
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, expected), "Expected output to contain %q, not %q", out, expected)
 }
 
-func (s *DockerSuite) TestRunWithMemoryReservation(c *check.C) {
-	testRequires(c, SameHostDaemon, memoryReservationSupport)
+func (s *DockerSuite) TestRunWithMemoryReservation(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, memoryReservationSupport)
 
 	file := "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"
 	out, _ := dockerCmd(c, "run", "--memory-reservation", "200M", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "209715200")
+	assert.Equal(c, strings.TrimSpace(out), "209715200")
 
 	out = inspectField(c, "test", "HostConfig.MemoryReservation")
-	c.Assert(out, check.Equals, "209715200")
+	assert.Equal(c, out, "209715200")
 }
 
-func (s *DockerSuite) TestRunWithMemoryReservationInvalid(c *check.C) {
+func (s *DockerSuite) TestRunWithMemoryReservationInvalid(c *testing.T) {
 	testRequires(c, memoryLimitSupport)
-	testRequires(c, SameHostDaemon, memoryReservationSupport)
+	testRequires(c, testEnv.IsLocalDaemon, memoryReservationSupport)
 	out, _, err := dockerCmdWithError("run", "-m", "500M", "--memory-reservation", "800M", "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected := "Minimum memory limit can not be less than memory reservation limit"
-	c.Assert(strings.TrimSpace(out), checker.Contains, expected, check.Commentf("run container should fail with invalid memory reservation"))
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), expected), "run container should fail with invalid memory reservation")
 	out, _, err = dockerCmdWithError("run", "--memory-reservation", "1k", "busybox", "true")
-	c.Assert(err, check.NotNil)
-	expected = "Minimum memory reservation allowed is 4MB"
-	c.Assert(strings.TrimSpace(out), checker.Contains, expected, check.Commentf("run container should fail with invalid memory reservation"))
+	assert.ErrorContains(c, err, "")
+	expected = "Minimum memory reservation allowed is 6MB"
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), expected), "run container should fail with invalid memory reservation")
 }
 
-func (s *DockerSuite) TestStopContainerSignal(c *check.C) {
+func (s *DockerSuite) TestStopContainerSignal(c *testing.T) {
 	out, _ := dockerCmd(c, "run", "--stop-signal", "SIGUSR1", "-d", "busybox", "/bin/sh", "-c", `trap 'echo "exit trapped"; exit 0' USR1; while true; do sleep 1; done`)
 	containerID := strings.TrimSpace(out)
 
-	c.Assert(waitRun(containerID), checker.IsNil)
+	assert.Assert(c, waitRun(containerID) == nil)
 
 	dockerCmd(c, "stop", containerID)
 	out, _ = dockerCmd(c, "logs", containerID)
 
-	c.Assert(out, checker.Contains, "exit trapped", check.Commentf("Expected `exit trapped` in the log"))
+	assert.Assert(c, strings.Contains(out, "exit trapped"), "Expected `exit trapped` in the log")
 }
 
-func (s *DockerSuite) TestRunSwapLessThanMemoryLimit(c *check.C) {
+func (s *DockerSuite) TestRunSwapLessThanMemoryLimit(c *testing.T) {
 	testRequires(c, memoryLimitSupport)
 	testRequires(c, swapMemorySupport)
 	out, _, err := dockerCmdWithError("run", "-m", "16m", "--memory-swap", "15m", "busybox", "echo", "test")
 	expected := "Minimum memoryswap limit should be larger than memory limit"
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
-	c.Assert(out, checker.Contains, expected)
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
-func (s *DockerSuite) TestRunInvalidCpusetCpusFlagValue(c *check.C) {
-	testRequires(c, cgroupCpuset, SameHostDaemon)
+func (s *DockerSuite) TestRunInvalidCpusetCpusFlagValue(c *testing.T) {
+	testRequires(c, cgroupCpuset, testEnv.IsLocalDaemon)
 
-	sysInfo := sysinfo.New(true)
+	sysInfo := sysinfo.New()
 	cpus, err := parsers.ParseUintList(sysInfo.Cpus)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	var invalid int
 	for i := 0; i <= len(cpus)+1; i++ {
 		if !cpus[i] {
@@ -740,17 +710,17 @@ func (s *DockerSuite) TestRunInvalidCpusetCpusFlagValue(c *check.C) {
 		}
 	}
 	out, _, err := dockerCmdWithError("run", "--cpuset-cpus", strconv.Itoa(invalid), "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected := fmt.Sprintf("Error response from daemon: Requested CPUs are not available - requested %s, available: %s", strconv.Itoa(invalid), sysInfo.Cpus)
-	c.Assert(out, checker.Contains, expected)
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
-func (s *DockerSuite) TestRunInvalidCpusetMemsFlagValue(c *check.C) {
+func (s *DockerSuite) TestRunInvalidCpusetMemsFlagValue(c *testing.T) {
 	testRequires(c, cgroupCpuset)
 
-	sysInfo := sysinfo.New(true)
+	sysInfo := sysinfo.New()
 	mems, err := parsers.ParseUintList(sysInfo.Mems)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	var invalid int
 	for i := 0; i <= len(mems)+1; i++ {
 		if !mems[i] {
@@ -759,30 +729,30 @@ func (s *DockerSuite) TestRunInvalidCpusetMemsFlagValue(c *check.C) {
 		}
 	}
 	out, _, err := dockerCmdWithError("run", "--cpuset-mems", strconv.Itoa(invalid), "busybox", "true")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 	expected := fmt.Sprintf("Error response from daemon: Requested memory nodes are not available - requested %s, available: %s", strconv.Itoa(invalid), sysInfo.Mems)
-	c.Assert(out, checker.Contains, expected)
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
-func (s *DockerSuite) TestRunInvalidCPUShares(c *check.C) {
+func (s *DockerSuite) TestRunInvalidCPUShares(c *testing.T) {
 	testRequires(c, cpuShare, DaemonIsLinux)
 	out, _, err := dockerCmdWithError("run", "--cpu-shares", "1", "busybox", "echo", "test")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	expected := "The minimum allowed cpu-shares is 2"
-	c.Assert(out, checker.Contains, expected)
+	assert.ErrorContains(c, err, "", out)
+	expected := "minimum allowed cpu-shares is 2"
+	assert.Assert(c, strings.Contains(out, expected))
 
 	out, _, err = dockerCmdWithError("run", "--cpu-shares", "-1", "busybox", "echo", "test")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 	expected = "shares: invalid argument"
-	c.Assert(out, checker.Contains, expected)
+	assert.Assert(c, strings.Contains(out, expected))
 
 	out, _, err = dockerCmdWithError("run", "--cpu-shares", "99999999", "busybox", "echo", "test")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	expected = "The maximum allowed cpu-shares is"
-	c.Assert(out, checker.Contains, expected)
+	assert.ErrorContains(c, err, "", out)
+	expected = "maximum allowed cpu-shares is"
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
-func (s *DockerSuite) TestRunWithDefaultShmSize(c *check.C) {
+func (s *DockerSuite) TestRunWithDefaultShmSize(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	name := "shm-default"
@@ -792,10 +762,10 @@ func (s *DockerSuite) TestRunWithDefaultShmSize(c *check.C) {
 		c.Fatalf("Expected shm of 64MB in mount command, got %v", out)
 	}
 	shmSize := inspectField(c, name, "HostConfig.ShmSize")
-	c.Assert(shmSize, check.Equals, "67108864")
+	assert.Equal(c, shmSize, "67108864")
 }
 
-func (s *DockerSuite) TestRunWithShmSize(c *check.C) {
+func (s *DockerSuite) TestRunWithShmSize(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	name := "shm"
@@ -805,18 +775,18 @@ func (s *DockerSuite) TestRunWithShmSize(c *check.C) {
 		c.Fatalf("Expected shm of 1GB in mount command, got %v", out)
 	}
 	shmSize := inspectField(c, name, "HostConfig.ShmSize")
-	c.Assert(shmSize, check.Equals, "1073741824")
+	assert.Equal(c, shmSize, "1073741824")
 }
 
-func (s *DockerSuite) TestRunTmpfsMountsEnsureOrdered(c *check.C) {
-	tmpFile, err := ioutil.TempFile("", "test")
-	c.Assert(err, check.IsNil)
+func (s *DockerSuite) TestRunTmpfsMountsEnsureOrdered(c *testing.T) {
+	tmpFile, err := os.CreateTemp("", "test")
+	assert.NilError(c, err)
 	defer tmpFile.Close()
 	out, _ := dockerCmd(c, "run", "--tmpfs", "/run", "-v", tmpFile.Name()+":/run/test", "busybox", "ls", "/run")
-	c.Assert(out, checker.Contains, "test")
+	assert.Assert(c, strings.Contains(out, "test"))
 }
 
-func (s *DockerSuite) TestRunTmpfsMounts(c *check.C) {
+func (s *DockerSuite) TestRunTmpfsMounts(c *testing.T) {
 	// TODO Windows (Post TP5): This test cannot run on a Windows daemon as
 	// Windows does not support tmpfs mounts.
 	testRequires(c, DaemonIsLinux)
@@ -837,7 +807,7 @@ func (s *DockerSuite) TestRunTmpfsMounts(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunTmpfsMountsOverrideImageVolumes(c *check.C) {
+func (s *DockerSuite) TestRunTmpfsMountsOverrideImageVolumes(c *testing.T) {
 	name := "img-with-volumes"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`
     FROM busybox
@@ -845,72 +815,70 @@ func (s *DockerSuite) TestRunTmpfsMountsOverrideImageVolumes(c *check.C) {
     RUN touch /run/stuff
     `))
 	out, _ := dockerCmd(c, "run", "--tmpfs", "/run", name, "ls", "/run")
-	c.Assert(out, checker.Not(checker.Contains), "stuff")
+	assert.Assert(c, !strings.Contains(out, "stuff"))
 }
 
 // Test case for #22420
-func (s *DockerSuite) TestRunTmpfsMountsWithOptions(c *check.C) {
+func (s *DockerSuite) TestRunTmpfsMountsWithOptions(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	expectedOptions := []string{"rw", "nosuid", "nodev", "noexec", "relatime"}
 	out, _ := dockerCmd(c, "run", "--tmpfs", "/tmp", "busybox", "sh", "-c", "mount | grep 'tmpfs on /tmp'")
 	for _, option := range expectedOptions {
-		c.Assert(out, checker.Contains, option)
+		assert.Assert(c, strings.Contains(out, option))
 	}
-	c.Assert(out, checker.Not(checker.Contains), "size=")
-
+	assert.Assert(c, !strings.Contains(out, "size="))
 	expectedOptions = []string{"rw", "nosuid", "nodev", "noexec", "relatime"}
 	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:rw", "busybox", "sh", "-c", "mount | grep 'tmpfs on /tmp'")
 	for _, option := range expectedOptions {
-		c.Assert(out, checker.Contains, option)
+		assert.Assert(c, strings.Contains(out, option))
 	}
-	c.Assert(out, checker.Not(checker.Contains), "size=")
-
+	assert.Assert(c, !strings.Contains(out, "size="))
 	expectedOptions = []string{"rw", "nosuid", "nodev", "relatime", "size=8192k"}
 	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:rw,exec,size=8192k", "busybox", "sh", "-c", "mount | grep 'tmpfs on /tmp'")
 	for _, option := range expectedOptions {
-		c.Assert(out, checker.Contains, option)
+		assert.Assert(c, strings.Contains(out, option))
 	}
 
 	expectedOptions = []string{"rw", "nosuid", "nodev", "noexec", "relatime", "size=4096k"}
 	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:rw,size=8192k,exec,size=4096k,noexec", "busybox", "sh", "-c", "mount | grep 'tmpfs on /tmp'")
 	for _, option := range expectedOptions {
-		c.Assert(out, checker.Contains, option)
+		assert.Assert(c, strings.Contains(out, option))
 	}
 
-	// We use debian:jessie as there is no findmnt in busybox. Also the output will be in the format of
+	// We use debian:bullseye-slim as there is no findmnt in busybox. Also the output will be in the format of
 	// TARGET PROPAGATION
 	// /tmp   shared
 	// so we only capture `shared` here.
 	expectedOptions = []string{"shared"}
-	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:shared", "debian:jessie", "findmnt", "-o", "TARGET,PROPAGATION", "/tmp")
+	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:shared", "debian:bullseye-slim", "findmnt", "-o", "TARGET,PROPAGATION", "/tmp")
 	for _, option := range expectedOptions {
-		c.Assert(out, checker.Contains, option)
+		assert.Assert(c, strings.Contains(out, option))
 	}
 }
 
-func (s *DockerSuite) TestRunSysctls(c *check.C) {
+func (s *DockerSuite) TestRunSysctls(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	var err error
 
 	out, _ := dockerCmd(c, "run", "--sysctl", "net.ipv4.ip_forward=1", "--name", "test", "busybox", "cat", "/proc/sys/net/ipv4/ip_forward")
-	c.Assert(strings.TrimSpace(out), check.Equals, "1")
+	assert.Equal(c, strings.TrimSpace(out), "1")
 
 	out = inspectFieldJSON(c, "test", "HostConfig.Sysctls")
 
 	sysctls := make(map[string]string)
 	err = json.Unmarshal([]byte(out), &sysctls)
-	c.Assert(err, check.IsNil)
-	c.Assert(sysctls["net.ipv4.ip_forward"], check.Equals, "1")
+	assert.NilError(c, err)
+	assert.Equal(c, sysctls["net.ipv4.ip_forward"], "1")
 
 	out, _ = dockerCmd(c, "run", "--sysctl", "net.ipv4.ip_forward=0", "--name", "test1", "busybox", "cat", "/proc/sys/net/ipv4/ip_forward")
-	c.Assert(strings.TrimSpace(out), check.Equals, "0")
+	assert.Equal(c, strings.TrimSpace(out), "0")
 
 	out = inspectFieldJSON(c, "test1", "HostConfig.Sysctls")
 
 	err = json.Unmarshal([]byte(out), &sysctls)
-	c.Assert(err, check.IsNil)
-	c.Assert(sysctls["net.ipv4.ip_forward"], check.Equals, "0")
+	assert.NilError(c, err)
+	assert.Equal(c, sysctls["net.ipv4.ip_forward"], "0")
 
 	icmd.RunCommand(dockerBinary, "run", "--sysctl", "kernel.foobar=1", "--name", "test2",
 		"busybox", "cat", "/proc/sys/kernel/foobar").Assert(c, icmd.Expected{
@@ -919,9 +887,9 @@ func (s *DockerSuite) TestRunSysctls(c *check.C) {
 	})
 }
 
-// TestRunSeccompProfileDenyUnshare checks that 'docker run --security-opt seccomp=/tmp/profile.json debian:jessie unshare' exits with operation not permitted.
-func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled, NotArm, Apparmor)
+// TestRunSeccompProfileDenyUnshare checks that 'docker run --security-opt seccomp=/tmp/profile.json debian:bullseye-slim unshare' exits with operation not permitted.
+func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, NotArm, Apparmor)
 	jsonData := `{
 	"defaultAction": "SCMP_ACT_ALLOW",
 	"syscalls": [
@@ -931,7 +899,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *check.C) {
 		}
 	]
 }`
-	tmpFile, err := ioutil.TempFile("", "profile.json")
+	tmpFile, err := os.CreateTemp("", "profile.json")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -942,15 +910,15 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *check.C) {
 	}
 	icmd.RunCommand(dockerBinary, "run", "--security-opt", "apparmor=unconfined",
 		"--security-opt", "seccomp="+tmpFile.Name(),
-		"debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc").Assert(c, icmd.Expected{
+		"debian:bullseye-slim", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc").Assert(c, icmd.Expected{
 		ExitCode: 1,
 		Err:      "Operation not permitted",
 	})
 }
 
 // TestRunSeccompProfileDenyChmod checks that 'docker run --security-opt seccomp=/tmp/profile.json busybox chmod 400 /etc/hostname' exits with operation not permitted.
-func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled)
+func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled)
 	jsonData := `{
 	"defaultAction": "SCMP_ACT_ALLOW",
 	"syscalls": [
@@ -968,8 +936,8 @@ func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *check.C) {
 		}
 	]
 }`
-	tmpFile, err := ioutil.TempFile("", "profile.json")
-	c.Assert(err, check.IsNil)
+	tmpFile, err := os.CreateTemp("", "profile.json")
+	assert.NilError(c, err)
 	defer tmpFile.Close()
 
 	if _, err := tmpFile.Write([]byte(jsonData)); err != nil {
@@ -982,10 +950,10 @@ func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *check.C) {
 	})
 }
 
-// TestRunSeccompProfileDenyUnshareUserns checks that 'docker run debian:jessie unshare --map-root-user --user sh -c whoami' with a specific profile to
+// TestRunSeccompProfileDenyUnshareUserns checks that 'docker run debian:bullseye-slim unshare --map-root-user --user sh -c whoami' with a specific profile to
 // deny unshare of a userns exits with operation not permitted.
-func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled, NotArm, Apparmor)
+func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, NotArm, Apparmor)
 	// from sched.h
 	jsonData := fmt.Sprintf(`{
 	"defaultAction": "SCMP_ACT_ALLOW",
@@ -1003,7 +971,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
 		}
 	]
 }`, uint64(0x10000000))
-	tmpFile, err := ioutil.TempFile("", "profile.json")
+	tmpFile, err := os.CreateTemp("", "profile.json")
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -1014,7 +982,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
 	}
 	icmd.RunCommand(dockerBinary, "run",
 		"--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(),
-		"debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami").Assert(c, icmd.Expected{
+		"debian:bullseye-slim", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami").Assert(c, icmd.Expected{
 		ExitCode: 1,
 		Err:      "Operation not permitted",
 	})
@@ -1022,8 +990,8 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
 
 // TestRunSeccompProfileDenyCloneUserns checks that 'docker run syscall-test'
 // with a the default seccomp profile exits with operation not permitted.
-func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled)
+func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled)
 	ensureSyscallTest(c)
 
 	icmd.RunCommand(dockerBinary, "run", "syscall-test", "userns-test", "id").Assert(c, icmd.Expected{
@@ -1034,8 +1002,8 @@ func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) {
 
 // TestRunSeccompUnconfinedCloneUserns checks that
 // 'docker run --security-opt seccomp=unconfined syscall-test' allows creating a userns.
-func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace, unprivilegedUsernsClone)
+func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace, unprivilegedUsernsClone)
 	ensureSyscallTest(c)
 
 	// make sure running w privileged is ok
@@ -1047,8 +1015,8 @@ func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) {
 
 // TestRunSeccompAllowPrivCloneUserns checks that 'docker run --privileged syscall-test'
 // allows creating a userns.
-func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace)
+func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace)
 	ensureSyscallTest(c)
 
 	// make sure running w privileged is ok
@@ -1059,23 +1027,23 @@ func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *check.C) {
 
 // TestRunSeccompProfileAllow32Bit checks that 32 bit code can run on x86_64
 // with the default seccomp profile.
-func (s *DockerSuite) TestRunSeccompProfileAllow32Bit(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled, IsAmd64)
+func (s *DockerSuite) TestRunSeccompProfileAllow32Bit(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, IsAmd64)
 	ensureSyscallTest(c)
 
 	icmd.RunCommand(dockerBinary, "run", "syscall-test", "exit32-test").Assert(c, icmd.Success)
 }
 
-// TestRunSeccompAllowSetrlimit checks that 'docker run debian:jessie ulimit -v 1048510' succeeds.
-func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled)
+// TestRunSeccompAllowSetrlimit checks that 'docker run debian:bullseye-slim ulimit -v 1048510' succeeds.
+func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled)
 
 	// ulimit uses setrlimit, so we want to make sure we don't break it
-	icmd.RunCommand(dockerBinary, "run", "debian:jessie", "bash", "-c", "ulimit -v 1048510").Assert(c, icmd.Success)
+	icmd.RunCommand(dockerBinary, "run", "debian:bullseye-slim", "bash", "-c", "ulimit -v 1048510").Assert(c, icmd.Success)
 }
 
-func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
+func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, NotUserNamespace)
 	ensureSyscallTest(c)
 
 	out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test")
@@ -1104,8 +1072,8 @@ func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
+func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, NotUserNamespace)
 	ensureSyscallTest(c)
 
 	out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0")
@@ -1141,8 +1109,8 @@ func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) {
 
 // TestRunNoNewPrivSetuid checks that --security-opt='no-new-privileges=true' prevents
 // effective uid transitions on executing setuid binaries.
-func (s *DockerSuite) TestRunNoNewPrivSetuid(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
+func (s *DockerSuite) TestRunNoNewPrivSetuid(c *testing.T) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, testEnv.IsLocalDaemon)
 	ensureNNPTest(c)
 
 	// test that running a setuid binary results in no effective uid transition
@@ -1154,8 +1122,8 @@ func (s *DockerSuite) TestRunNoNewPrivSetuid(c *check.C) {
 
 // TestLegacyRunNoNewPrivSetuid checks that --security-opt=no-new-privileges prevents
 // effective uid transitions on executing setuid binaries.
-func (s *DockerSuite) TestLegacyRunNoNewPrivSetuid(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
+func (s *DockerSuite) TestLegacyRunNoNewPrivSetuid(c *testing.T) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, testEnv.IsLocalDaemon)
 	ensureNNPTest(c)
 
 	// test that running a setuid binary results in no effective uid transition
@@ -1165,8 +1133,8 @@ func (s *DockerSuite) TestLegacyRunNoNewPrivSetuid(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChown(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChown(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_CHOWN
@@ -1183,8 +1151,8 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChown(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesDacOverride(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesDacOverride(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_DAC_OVERRIDE
@@ -1196,8 +1164,8 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesDacOverride(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesFowner(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesFowner(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_FOWNER
@@ -1212,8 +1180,8 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesFowner(c *check.C) {
 
 // TODO CAP_KILL
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetuid(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetuid(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SETUID
@@ -1230,8 +1198,8 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetuid(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetgid(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetgid(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SETGID
@@ -1250,26 +1218,45 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetgid(c *check.C) {
 
 // TODO CAP_SETPCAP
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetBindService(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+// sysctlExists checks if a sysctl exists; runc will error if we add any that do not actually
+// exist, so do not add the default ones if running on an old kernel.
+func sysctlExists(s string) bool {
+	f := filepath.Join("/proc", "sys", strings.Replace(s, ".", "/", -1))
+	_, err := os.Stat(f)
+	return err == nil
+}
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetBindService(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_NET_BIND_SERVICE
 	dockerCmd(c, "run", "syscall-test", "socket-test")
 	// test that non root user does not have default capability CAP_NET_BIND_SERVICE
-	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "socket-test").Assert(c, icmd.Expected{
+	// as we allow this via sysctl, also tweak the sysctl back to default
+	args := []string{"run", "--user", "1000:1000"}
+	if sysctlExists("net.ipv4.ip_unprivileged_port_start") {
+		args = append(args, "--sysctl", "net.ipv4.ip_unprivileged_port_start=1024")
+	}
+	args = append(args, "syscall-test", "socket-test")
+	icmd.RunCommand(dockerBinary, args...).Assert(c, icmd.Expected{
 		ExitCode: 1,
 		Err:      "Permission denied",
 	})
 	// test that root user can drop default capability CAP_NET_BIND_SERVICE
-	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_bind_service", "syscall-test", "socket-test").Assert(c, icmd.Expected{
+	args = []string{"run", "--cap-drop", "net_bind_service"}
+	if sysctlExists("net.ipv4.ip_unprivileged_port_start") {
+		args = append(args, "--sysctl", "net.ipv4.ip_unprivileged_port_start=1024")
+	}
+	args = append(args, "syscall-test", "socket-test")
+	icmd.RunCommand(dockerBinary, args...).Assert(c, icmd.Expected{
 		ExitCode: 1,
 		Err:      "Permission denied",
 	})
 }
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetRaw(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetRaw(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_NET_RAW
@@ -1286,8 +1273,8 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetRaw(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChroot(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChroot(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SYS_CHROOT
@@ -1304,8 +1291,8 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChroot(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestUserNoEffectiveCapabilitiesMknod(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesMknod(c *testing.T) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, testEnv.IsLocalDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_MKNOD
@@ -1326,8 +1313,8 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesMknod(c *check.C) {
 // TODO CAP_AUDIT_WRITE
 // TODO CAP_SETFCAP
 
-func (s *DockerSuite) TestRunApparmorProcDirectory(c *check.C) {
-	testRequires(c, SameHostDaemon, Apparmor)
+func (s *DockerSuite) TestRunApparmorProcDirectory(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, Apparmor)
 
 	// running w seccomp unconfined tests the apparmor profile
 	result := icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/cgroup")
@@ -1345,40 +1332,40 @@ func (s *DockerSuite) TestRunApparmorProcDirectory(c *check.C) {
 
 // make sure the default profile can be successfully parsed (using unshare as it is
 // something which we know is blocked in the default profile)
-func (s *DockerSuite) TestRunSeccompWithDefaultProfile(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled)
+func (s *DockerSuite) TestRunSeccompWithDefaultProfile(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, seccompEnabled)
 
-	out, _, err := dockerCmdWithError("run", "--security-opt", "seccomp=../profiles/seccomp/default.json", "debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "unshare: unshare failed: Operation not permitted")
+	out, _, err := dockerCmdWithError("run", "--security-opt", "seccomp=../profiles/seccomp/default.json", "debian:bullseye-slim", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami")
+	assert.ErrorContains(c, err, "", out)
+	assert.Equal(c, strings.TrimSpace(out), "unshare: unshare failed: Operation not permitted")
 }
 
 // TestRunDeviceSymlink checks run with device that follows symlink (#13840 and #22271)
-func (s *DockerSuite) TestRunDeviceSymlink(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm, SameHostDaemon)
+func (s *DockerSuite) TestRunDeviceSymlink(c *testing.T) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm, testEnv.IsLocalDaemon)
 	if _, err := os.Stat("/dev/zero"); err != nil {
 		c.Skip("Host does not have /dev/zero")
 	}
 
 	// Create a temporary directory to create symlink
-	tmpDir, err := ioutil.TempDir("", "docker_device_follow_symlink_tests")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "docker_device_follow_symlink_tests")
+	assert.NilError(c, err)
 
 	defer os.RemoveAll(tmpDir)
 
 	// Create a symbolic link to /dev/zero
 	symZero := filepath.Join(tmpDir, "zero")
 	err = os.Symlink("/dev/zero", symZero)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Create a temporary file "temp" inside tmpDir, write some data to "tmpDir/temp",
 	// then create a symlink "tmpDir/file" to the temporary file "tmpDir/temp".
 	tmpFile := filepath.Join(tmpDir, "temp")
-	err = ioutil.WriteFile(tmpFile, []byte("temp"), 0666)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(tmpFile, []byte("temp"), 0666)
+	assert.NilError(c, err)
 	symFile := filepath.Join(tmpDir, "file")
 	err = os.Symlink(tmpFile, symFile)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Create a symbolic link to /dev/zero, this time with a relative path (#22271)
 	err = os.Symlink("zero", "/dev/symzero")
@@ -1390,40 +1377,38 @@ func (s *DockerSuite) TestRunDeviceSymlink(c *check.C) {
 
 	// md5sum of 'dd if=/dev/zero bs=4K count=8' is bb7df04e1b0a2570657527a7e108ae23
 	out, _ := dockerCmd(c, "run", "--device", symZero+":/dev/symzero", "busybox", "sh", "-c", "dd if=/dev/symzero bs=4K count=8 | md5sum")
-	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "bb7df04e1b0a2570657527a7e108ae23", check.Commentf("expected output bb7df04e1b0a2570657527a7e108ae23"))
-
+	assert.Assert(c, strings.Contains(strings.Trim(out, "\r\n"), "bb7df04e1b0a2570657527a7e108ae23"), "expected output bb7df04e1b0a2570657527a7e108ae23")
 	// symlink "tmpDir/file" to a file "tmpDir/temp" will result in an error as it is not a device.
 	out, _, err = dockerCmdWithError("run", "--device", symFile+":/dev/symzero", "busybox", "sh", "-c", "dd if=/dev/symzero bs=4K count=8 | md5sum")
-	c.Assert(err, check.NotNil)
-	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "not a device node", check.Commentf("expected output 'not a device node'"))
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(strings.Trim(out, "\r\n"), "not a device node"), "expected output 'not a device node'")
 	// md5sum of 'dd if=/dev/zero bs=4K count=8' is bb7df04e1b0a2570657527a7e108ae23 (this time check with relative path backed, see #22271)
 	out, _ = dockerCmd(c, "run", "--device", "/dev/symzero:/dev/symzero", "busybox", "sh", "-c", "dd if=/dev/symzero bs=4K count=8 | md5sum")
-	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "bb7df04e1b0a2570657527a7e108ae23", check.Commentf("expected output bb7df04e1b0a2570657527a7e108ae23"))
+	assert.Assert(c, strings.Contains(strings.Trim(out, "\r\n"), "bb7df04e1b0a2570657527a7e108ae23"), "expected output bb7df04e1b0a2570657527a7e108ae23")
 }
 
 // TestRunPIDsLimit makes sure the pids cgroup is set with --pids-limit
-func (s *DockerSuite) TestRunPIDsLimit(c *check.C) {
-	testRequires(c, SameHostDaemon, pidsLimit)
+func (s *DockerSuite) TestRunPIDsLimit(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, pidsLimit)
 
 	file := "/sys/fs/cgroup/pids/pids.max"
 	out, _ := dockerCmd(c, "run", "--name", "skittles", "--pids-limit", "4", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "4")
+	assert.Equal(c, strings.TrimSpace(out), "4")
 
 	out = inspectField(c, "skittles", "HostConfig.PidsLimit")
-	c.Assert(out, checker.Equals, "4", check.Commentf("setting the pids limit failed"))
+	assert.Equal(c, out, "4", "setting the pids limit failed")
 }
 
-func (s *DockerSuite) TestRunPrivilegedAllowedDevices(c *check.C) {
+func (s *DockerSuite) TestRunPrivilegedAllowedDevices(c *testing.T) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 
 	file := "/sys/fs/cgroup/devices/devices.list"
 	out, _ := dockerCmd(c, "run", "--privileged", "busybox", "cat", file)
 	c.Logf("out: %q", out)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "a *:* rwm")
+	assert.Equal(c, strings.TrimSpace(out), "a *:* rwm")
 }
 
-func (s *DockerSuite) TestRunUserDeviceAllowed(c *check.C) {
+func (s *DockerSuite) TestRunUserDeviceAllowed(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	fi, err := os.Stat("/dev/snd/timer")
@@ -1437,11 +1422,11 @@ func (s *DockerSuite) TestRunUserDeviceAllowed(c *check.C) {
 
 	file := "/sys/fs/cgroup/devices/devices.list"
 	out, _ := dockerCmd(c, "run", "--device", "/dev/snd/timer:w", "busybox", "cat", file)
-	c.Assert(out, checker.Contains, fmt.Sprintf("c %d:%d w", stat.Rdev/256, stat.Rdev%256))
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("c %d:%d w", stat.Rdev/256, stat.Rdev%256)))
 }
 
-func (s *DockerDaemonSuite) TestRunSeccompJSONNewFormat(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled)
+func (s *DockerDaemonSuite) TestRunSeccompJSONNewFormat(c *testing.T) {
+	testRequires(c, seccompEnabled)
 
 	s.d.StartWithBusybox(c)
 
@@ -1454,19 +1439,19 @@ func (s *DockerDaemonSuite) TestRunSeccompJSONNewFormat(c *check.C) {
 		}
 	]
 }`
-	tmpFile, err := ioutil.TempFile("", "profile.json")
-	c.Assert(err, check.IsNil)
+	tmpFile, err := os.CreateTemp("", "profile.json")
+	assert.NilError(c, err)
 	defer tmpFile.Close()
 	_, err = tmpFile.Write([]byte(jsonData))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	out, err := s.d.Cmd("run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "777", ".")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Operation not permitted"))
 }
 
-func (s *DockerDaemonSuite) TestRunSeccompJSONNoNameAndNames(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled)
+func (s *DockerDaemonSuite) TestRunSeccompJSONNoNameAndNames(c *testing.T) {
+	testRequires(c, seccompEnabled)
 
 	s.d.StartWithBusybox(c)
 
@@ -1480,19 +1465,19 @@ func (s *DockerDaemonSuite) TestRunSeccompJSONNoNameAndNames(c *check.C) {
 		}
 	]
 }`
-	tmpFile, err := ioutil.TempFile("", "profile.json")
-	c.Assert(err, check.IsNil)
+	tmpFile, err := os.CreateTemp("", "profile.json")
+	assert.NilError(c, err)
 	defer tmpFile.Close()
 	_, err = tmpFile.Write([]byte(jsonData))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	out, err := s.d.Cmd("run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "777", ".")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "'name' and 'names' were specified in the seccomp profile, use either 'name' or 'names'")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "use either 'name' or 'names'"))
 }
 
-func (s *DockerDaemonSuite) TestRunSeccompJSONNoArchAndArchMap(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled)
+func (s *DockerDaemonSuite) TestRunSeccompJSONNoArchAndArchMap(c *testing.T) {
+	testRequires(c, seccompEnabled)
 
 	s.d.StartWithBusybox(c)
 
@@ -1517,25 +1502,25 @@ func (s *DockerDaemonSuite) TestRunSeccompJSONNoArchAndArchMap(c *check.C) {
 		}
 	]
 }`
-	tmpFile, err := ioutil.TempFile("", "profile.json")
-	c.Assert(err, check.IsNil)
+	tmpFile, err := os.CreateTemp("", "profile.json")
+	assert.NilError(c, err)
 	defer tmpFile.Close()
 	_, err = tmpFile.Write([]byte(jsonData))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	out, err := s.d.Cmd("run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "777", ".")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "'architectures' and 'archMap' were specified in the seccomp profile, use either 'architectures' or 'archMap'")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "use either 'architectures' or 'archMap'"))
 }
 
-func (s *DockerDaemonSuite) TestRunWithDaemonDefaultSeccompProfile(c *check.C) {
-	testRequires(c, SameHostDaemon, seccompEnabled)
+func (s *DockerDaemonSuite) TestRunWithDaemonDefaultSeccompProfile(c *testing.T) {
+	testRequires(c, seccompEnabled)
 
 	s.d.StartWithBusybox(c)
 
 	// 1) verify I can run containers with the Docker default shipped profile which allows chmod
 	_, err := s.d.Cmd("run", "busybox", "chmod", "777", ".")
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	jsonData := `{
 	"defaultAction": "SCMP_ACT_ALLOW",
@@ -1543,43 +1528,47 @@ func (s *DockerDaemonSuite) TestRunWithDaemonDefaultSeccompProfile(c *check.C) {
 		{
 			"name": "chmod",
 			"action": "SCMP_ACT_ERRNO"
+		},
+		{
+			"name": "fchmodat",
+			"action": "SCMP_ACT_ERRNO"
 		}
 	]
 }`
-	tmpFile, err := ioutil.TempFile("", "profile.json")
-	c.Assert(err, check.IsNil)
+	tmpFile, err := os.CreateTemp("", "profile.json")
+	assert.NilError(c, err)
 	defer tmpFile.Close()
 	_, err = tmpFile.Write([]byte(jsonData))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// 2) restart the daemon and add a custom seccomp profile in which we deny chmod
 	s.d.Restart(c, "--seccomp-profile="+tmpFile.Name())
 
 	out, err := s.d.Cmd("run", "busybox", "chmod", "777", ".")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Operation not permitted"))
 }
 
-func (s *DockerSuite) TestRunWithNanoCPUs(c *check.C) {
+func (s *DockerSuite) TestRunWithNanoCPUs(c *testing.T) {
 	testRequires(c, cpuCfsQuota, cpuCfsPeriod)
 
 	file1 := "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"
 	file2 := "/sys/fs/cgroup/cpu/cpu.cfs_period_us"
 	out, _ := dockerCmd(c, "run", "--cpus", "0.5", "--name", "test", "busybox", "sh", "-c", fmt.Sprintf("cat %s && cat %s", file1, file2))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "50000\n100000")
+	assert.Equal(c, strings.TrimSpace(out), "50000\n100000")
 
-	clt, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	clt, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	inspect, err := clt.ContainerInspect(context.Background(), "test")
-	c.Assert(err, checker.IsNil)
-	c.Assert(inspect.HostConfig.NanoCPUs, checker.Equals, int64(500000000))
+	assert.NilError(c, err)
+	assert.Equal(c, inspect.HostConfig.NanoCPUs, int64(500000000))
 
 	out = inspectField(c, "test", "HostConfig.CpuQuota")
-	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS quota should be 0"))
+	assert.Equal(c, out, "0", "CPU CFS quota should be 0")
 	out = inspectField(c, "test", "HostConfig.CpuPeriod")
-	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS period should be 0"))
+	assert.Equal(c, out, "0", "CPU CFS period should be 0")
 
 	out, _, err = dockerCmdWithError("run", "--cpus", "0.5", "--cpu-quota", "50000", "--cpu-period", "100000", "busybox", "sh")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "Conflicting options: Nano CPUs and CPU Period cannot both be set")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Conflicting options: Nano CPUs and CPU Period cannot both be set"))
 }
diff --git a/integration-cli/docker_cli_save_load_test.go b/integration-cli/docker_cli_save_load_test.go
index 688eac684ea83..eac6fb054c96a 100644
--- a/integration-cli/docker_cli_save_load_test.go
+++ b/integration-cli/docker_cli_save_load_test.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -13,17 +12,18 @@ import (
 	"regexp"
 	"sort"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/icmd"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
 )
 
 // save a repo using gz compression and try to load it using stdout
-func (s *DockerSuite) TestSaveXzAndLoadRepoStdout(c *check.C) {
+func (s *DockerSuite) TestSaveXzAndLoadRepoStdout(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "test-save-xz-and-load-repo-stdout"
 	dockerCmd(c, "run", "--name", name, "busybox", "true")
@@ -37,7 +37,7 @@ func (s *DockerSuite) TestSaveXzAndLoadRepoStdout(c *check.C) {
 		exec.Command(dockerBinary, "save", repoName),
 		exec.Command("xz", "-c"),
 		exec.Command("gzip", "-c"))
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo: %v %v", out, err))
+	assert.NilError(c, err, "failed to save repo: %v %v", out, err)
 	deleteImages(repoName)
 
 	icmd.RunCmd(icmd.Cmd{
@@ -48,11 +48,11 @@ func (s *DockerSuite) TestSaveXzAndLoadRepoStdout(c *check.C) {
 	})
 
 	after, _, err := dockerCmdWithError("inspect", repoName)
-	c.Assert(err, checker.NotNil, check.Commentf("the repo should not exist: %v", after))
+	assert.ErrorContains(c, err, "", "the repo should not exist: %v", after)
 }
 
 // save a repo using xz+gz compression and try to load it using stdout
-func (s *DockerSuite) TestSaveXzGzAndLoadRepoStdout(c *check.C) {
+func (s *DockerSuite) TestSaveXzGzAndLoadRepoStdout(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "test-save-xz-gz-and-load-repo-stdout"
 	dockerCmd(c, "run", "--name", name, "busybox", "true")
@@ -66,7 +66,7 @@ func (s *DockerSuite) TestSaveXzGzAndLoadRepoStdout(c *check.C) {
 		exec.Command(dockerBinary, "save", repoName),
 		exec.Command("xz", "-c"),
 		exec.Command("gzip", "-c"))
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo: %v %v", out, err))
+	assert.NilError(c, err, "failed to save repo: %v %v", out, err)
 
 	deleteImages(repoName)
 
@@ -78,10 +78,10 @@ func (s *DockerSuite) TestSaveXzGzAndLoadRepoStdout(c *check.C) {
 	})
 
 	after, _, err := dockerCmdWithError("inspect", repoName)
-	c.Assert(err, checker.NotNil, check.Commentf("the repo should not exist: %v", after))
+	assert.ErrorContains(c, err, "", "the repo should not exist: %v", after)
 }
 
-func (s *DockerSuite) TestSaveSingleTag(c *check.C) {
+func (s *DockerSuite) TestSaveSingleTag(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	repoName := "foobar-save-single-tag-test"
 	dockerCmd(c, "tag", "busybox:latest", fmt.Sprintf("%v:latest", repoName))
@@ -93,10 +93,10 @@ func (s *DockerSuite) TestSaveSingleTag(c *check.C) {
 		exec.Command(dockerBinary, "save", fmt.Sprintf("%v:latest", repoName)),
 		exec.Command("tar", "t"),
 		exec.Command("grep", "-E", fmt.Sprintf("(^repositories$|%v)", cleanedImageID)))
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo with image ID and 'repositories' file: %s, %v", out, err))
+	assert.NilError(c, err, "failed to save repo with image ID and 'repositories' file: %s, %v", out, err)
 }
 
-func (s *DockerSuite) TestSaveCheckTimes(c *check.C) {
+func (s *DockerSuite) TestSaveCheckTimes(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	repoName := "busybox:latest"
 	out, _ := dockerCmd(c, "inspect", repoName)
@@ -105,17 +105,17 @@ func (s *DockerSuite) TestSaveCheckTimes(c *check.C) {
 		Created time.Time
 	}
 	err := json.Unmarshal([]byte(out), &data)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to marshal from %q: err %v", repoName, err))
-	c.Assert(len(data), checker.Not(checker.Equals), 0, check.Commentf("failed to marshal the data from %q", repoName))
+	assert.NilError(c, err, "failed to marshal from %q: err %v", repoName, err)
+	assert.Assert(c, len(data) != 0, "failed to marshal the data from %q", repoName)
 	tarTvTimeFormat := "2006-01-02 15:04"
 	out, err = RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", repoName),
 		exec.Command("tar", "tv"),
 		exec.Command("grep", "-E", fmt.Sprintf("%s %s", data[0].Created.Format(tarTvTimeFormat), digest.Digest(data[0].ID).Hex())))
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo with image ID and 'repositories' file: %s, %v", out, err))
+	assert.NilError(c, err, "failed to save repo with image ID and 'repositories' file: %s, %v", out, err)
 }
 
-func (s *DockerSuite) TestSaveImageId(c *check.C) {
+func (s *DockerSuite) TestSaveImageId(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	repoName := "foobar-save-image-id-test"
 	dockerCmd(c, "tag", "emptyfs:latest", fmt.Sprintf("%v:latest", repoName))
@@ -127,21 +127,21 @@ func (s *DockerSuite) TestSaveImageId(c *check.C) {
 	cleanedShortImageID := strings.TrimSpace(out)
 
 	// Make sure IDs are not empty
-	c.Assert(cleanedLongImageID, checker.Not(check.Equals), "", check.Commentf("Id should not be empty."))
-	c.Assert(cleanedShortImageID, checker.Not(check.Equals), "", check.Commentf("Id should not be empty."))
+	assert.Assert(c, cleanedLongImageID != "", "Id should not be empty.")
+	assert.Assert(c, cleanedShortImageID != "", "Id should not be empty.")
 
 	saveCmd := exec.Command(dockerBinary, "save", cleanedShortImageID)
 	tarCmd := exec.Command("tar", "t")
 
 	var err error
 	tarCmd.Stdin, err = saveCmd.StdoutPipe()
-	c.Assert(err, checker.IsNil, check.Commentf("cannot set stdout pipe for tar: %v", err))
+	assert.Assert(c, err == nil, "cannot set stdout pipe for tar: %v", err)
 	grepCmd := exec.Command("grep", cleanedLongImageID)
 	grepCmd.Stdin, err = tarCmd.StdoutPipe()
-	c.Assert(err, checker.IsNil, check.Commentf("cannot set stdout pipe for grep: %v", err))
+	assert.Assert(c, err == nil, "cannot set stdout pipe for grep: %v", err)
 
-	c.Assert(tarCmd.Start(), checker.IsNil, check.Commentf("tar failed with error: %v", err))
-	c.Assert(saveCmd.Start(), checker.IsNil, check.Commentf("docker save failed with error: %v", err))
+	assert.Assert(c, tarCmd.Start() == nil, "tar failed with error: %v", err)
+	assert.Assert(c, saveCmd.Start() == nil, "docker save failed with error: %v", err)
 	defer func() {
 		saveCmd.Wait()
 		tarCmd.Wait()
@@ -150,11 +150,11 @@ func (s *DockerSuite) TestSaveImageId(c *check.C) {
 
 	out, _, err = runCommandWithOutput(grepCmd)
 
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo with image ID: %s, %v", out, err))
+	assert.Assert(c, err == nil, "failed to save repo with image ID: %s, %v", out, err)
 }
 
 // save a repo and try to load it using flags
-func (s *DockerSuite) TestSaveAndLoadRepoFlags(c *check.C) {
+func (s *DockerSuite) TestSaveAndLoadRepoFlags(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	name := "test-save-and-load-repo-flags"
 	dockerCmd(c, "run", "--name", name, "busybox", "true")
@@ -169,23 +169,23 @@ func (s *DockerSuite) TestSaveAndLoadRepoFlags(c *check.C) {
 	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", repoName),
 		exec.Command(dockerBinary, "load"))
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
+	assert.NilError(c, err, "failed to save and load repo: %s, %v", out, err)
 
 	after, _ := dockerCmd(c, "inspect", repoName)
-	c.Assert(before, checker.Equals, after, check.Commentf("inspect is not the same after a save / load"))
+	assert.Equal(c, before, after, "inspect is not the same after a save / load")
 }
 
-func (s *DockerSuite) TestSaveWithNoExistImage(c *check.C) {
+func (s *DockerSuite) TestSaveWithNoExistImage(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	imgName := "foobar-non-existing-image"
 
 	out, _, err := dockerCmdWithError("save", "-o", "test-img.tar", imgName)
-	c.Assert(err, checker.NotNil, check.Commentf("save image should fail for non-existing image"))
-	c.Assert(out, checker.Contains, fmt.Sprintf("No such image: %s", imgName))
+	assert.ErrorContains(c, err, "", "save image should fail for non-existing image")
+	assert.Assert(c, strings.Contains(out, fmt.Sprintf("No such image: %s", imgName)))
 }
 
-func (s *DockerSuite) TestSaveMultipleNames(c *check.C) {
+func (s *DockerSuite) TestSaveMultipleNames(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	repoName := "foobar-save-multi-name-test"
 
@@ -200,10 +200,10 @@ func (s *DockerSuite) TestSaveMultipleNames(c *check.C) {
 		exec.Command("tar", "xO", "repositories"),
 		exec.Command("grep", "-q", "-E", "(-one|-two)"),
 	)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save multiple repos: %s, %v", out, err))
+	assert.NilError(c, err, "failed to save multiple repos: %s, %v", out, err)
 }
 
-func (s *DockerSuite) TestSaveRepoWithMultipleImages(c *check.C) {
+func (s *DockerSuite) TestSaveRepoWithMultipleImages(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	makeImage := func(from string, tag string) string {
 		var (
@@ -230,12 +230,12 @@ func (s *DockerSuite) TestSaveRepoWithMultipleImages(c *check.C) {
 	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", repoName, "busybox:latest"),
 		exec.Command("tar", "t"))
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save multiple images: %s, %v", out, err))
+	assert.NilError(c, err, "failed to save multiple images: %s, %v", out, err)
 
 	lines := strings.Split(strings.TrimSpace(out), "\n")
 	var actual []string
 	for _, l := range lines {
-		if regexp.MustCompile("^[a-f0-9]{64}\\.json$").Match([]byte(l)) {
+		if regexp.MustCompile(`^[a-f0-9]{64}\.json$`).Match([]byte(l)) {
 			actual = append(actual, strings.TrimSuffix(l, ".json"))
 		}
 	}
@@ -251,18 +251,18 @@ func (s *DockerSuite) TestSaveRepoWithMultipleImages(c *check.C) {
 
 	sort.Strings(actual)
 	sort.Strings(expected)
-	c.Assert(actual, checker.DeepEquals, expected, check.Commentf("archive does not contains the right layers: got %v, expected %v, output: %q", actual, expected, out))
+	assert.Assert(c, is.DeepEqual(actual, expected), "archive does not contains the right layers: got %v, expected %v, output: %q", actual, expected, out)
 }
 
 // Issue #6722 #5892 ensure directories are included in changes
-func (s *DockerSuite) TestSaveDirectoryPermissions(c *check.C) {
+func (s *DockerSuite) TestSaveDirectoryPermissions(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	layerEntries := []string{"opt/", "opt/a/", "opt/a/b/", "opt/a/b/c"}
 	layerEntriesAUFS := []string{"./", ".wh..wh.aufs", ".wh..wh.orph/", ".wh..wh.plnk/", "opt/", "opt/a/", "opt/a/b/", "opt/a/b/c"}
 
 	name := "save-directory-permissions"
-	tmpDir, err := ioutil.TempDir("", "save-layers-with-directories")
-	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary directory: %s", err))
+	tmpDir, err := os.MkdirTemp("", "save-layers-with-directories")
+	assert.Assert(c, err == nil, "failed to create temporary directory: %s", err)
 	extractionDirectory := filepath.Join(tmpDir, "image-extraction-dir")
 	os.Mkdir(extractionDirectory, 0777)
 
@@ -275,10 +275,10 @@ func (s *DockerSuite) TestSaveDirectoryPermissions(c *check.C) {
 		exec.Command(dockerBinary, "save", name),
 		exec.Command("tar", "-xf", "-", "-C", extractionDirectory),
 	)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save and extract image: %s", out))
+	assert.NilError(c, err, "failed to save and extract image: %s", out)
 
-	dirs, err := ioutil.ReadDir(extractionDirectory)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to get a listing of the layer directories: %s", err))
+	dirs, err := os.ReadDir(extractionDirectory)
+	assert.NilError(c, err, "failed to get a listing of the layer directories: %s", err)
 
 	found := false
 	for _, entry := range dirs {
@@ -287,7 +287,8 @@ func (s *DockerSuite) TestSaveDirectoryPermissions(c *check.C) {
 			layerPath := filepath.Join(extractionDirectory, entry.Name(), "layer.tar")
 
 			f, err := os.Open(layerPath)
-			c.Assert(err, checker.IsNil, check.Commentf("failed to open %s: %s", layerPath, err))
+			assert.NilError(c, err, "failed to open %s: %s", layerPath, err)
+
 			defer f.Close()
 
 			entries, err := listTar(f)
@@ -296,7 +297,7 @@ func (s *DockerSuite) TestSaveDirectoryPermissions(c *check.C) {
 					entriesSansDev = append(entriesSansDev, e)
 				}
 			}
-			c.Assert(err, checker.IsNil, check.Commentf("encountered error while listing tar entries: %s", err))
+			assert.NilError(c, err, "encountered error while listing tar entries: %s", err)
 
 			if reflect.DeepEqual(entriesSansDev, layerEntries) || reflect.DeepEqual(entriesSansDev, layerEntriesAUFS) {
 				found = true
@@ -305,8 +306,7 @@ func (s *DockerSuite) TestSaveDirectoryPermissions(c *check.C) {
 		}
 	}
 
-	c.Assert(found, checker.Equals, true, check.Commentf("failed to find the layer with the right content listing"))
-
+	assert.Assert(c, found, "failed to find the layer with the right content listing")
 }
 
 func listTar(f io.Reader) ([]string, error) {
@@ -329,15 +329,15 @@ func listTar(f io.Reader) ([]string, error) {
 // Test loading a weird image where one of the layers is of zero size.
 // The layer.tar file is actually zero bytes, no padding or anything else.
 // See issue: 18170
-func (s *DockerSuite) TestLoadZeroSizeLayer(c *check.C) {
+func (s *DockerSuite) TestLoadZeroSizeLayer(c *testing.T) {
 	// this will definitely not work if using remote daemon
 	// very weird test
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 
 	dockerCmd(c, "load", "-i", "testdata/emptyLayer.tar")
 }
 
-func (s *DockerSuite) TestSaveLoadParents(c *check.C) {
+func (s *DockerSuite) TestSaveLoadParents(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	makeImage := func(from string, addfile string) string {
@@ -357,8 +357,8 @@ func (s *DockerSuite) TestSaveLoadParents(c *check.C) {
 	idFoo := makeImage("busybox", "foo")
 	idBar := makeImage(idFoo, "bar")
 
-	tmpDir, err := ioutil.TempDir("", "save-load-parents")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "save-load-parents")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmpDir)
 
 	c.Log("tmpdir", tmpDir)
@@ -370,13 +370,13 @@ func (s *DockerSuite) TestSaveLoadParents(c *check.C) {
 	dockerCmd(c, "load", "-i", outfile)
 
 	inspectOut := inspectField(c, idBar, "Parent")
-	c.Assert(inspectOut, checker.Equals, idFoo)
+	assert.Equal(c, inspectOut, idFoo)
 
 	inspectOut = inspectField(c, idFoo, "Parent")
-	c.Assert(inspectOut, checker.Equals, "")
+	assert.Equal(c, inspectOut, "")
 }
 
-func (s *DockerSuite) TestSaveLoadNoTag(c *check.C) {
+func (s *DockerSuite) TestSaveLoadNoTag(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	name := "saveloadnotag"
@@ -388,18 +388,18 @@ func (s *DockerSuite) TestSaveLoadNoTag(c *check.C) {
 	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", id),
 		exec.Command(dockerBinary, "load"))
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
+	assert.NilError(c, err, "failed to save and load repo: %s, %v", out, err)
 
 	// Should not show 'name' but should show the image ID during the load
-	c.Assert(out, checker.Not(checker.Contains), "Loaded image: ")
-	c.Assert(out, checker.Contains, "Loaded image ID:")
-	c.Assert(out, checker.Contains, id)
-
+	assert.Assert(c, !strings.Contains(out, "Loaded image: "))
+	assert.Assert(c, strings.Contains(out, "Loaded image ID:"))
+	assert.Assert(c, strings.Contains(out, id))
 	// Test to make sure that save by name shows that name during load
 	out, err = RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", name),
 		exec.Command(dockerBinary, "load"))
-	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
-	c.Assert(out, checker.Contains, "Loaded image: "+name+":latest")
-	c.Assert(out, checker.Not(checker.Contains), "Loaded image ID:")
+	assert.NilError(c, err, "failed to save and load repo: %s, %v", out, err)
+
+	assert.Assert(c, strings.Contains(out, "Loaded image: "+name+":latest"))
+	assert.Assert(c, !strings.Contains(out, "Loaded image ID:"))
 }
diff --git a/integration-cli/docker_cli_save_load_unix_test.go b/integration-cli/docker_cli_save_load_unix_test.go
index da520e41c0cb6..89776b92635cc 100644
--- a/integration-cli/docker_cli_save_load_unix_test.go
+++ b/integration-cli/docker_cli_save_load_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -5,21 +6,20 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
+	"github.com/creack/pty"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"github.com/kr/pty"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
 // save a repo and try to load it using stdout
-func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *check.C) {
+func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *testing.T) {
 	name := "test-save-and-load-repo-stdout"
 	dockerCmd(c, "run", "--name", name, "busybox", "true")
 
@@ -27,8 +27,8 @@ func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *check.C) {
 	before, _ := dockerCmd(c, "commit", name, repoName)
 	before = strings.TrimRight(before, "\n")
 
-	tmpFile, err := ioutil.TempFile("", "foobar-save-load-test.tar")
-	c.Assert(err, check.IsNil)
+	tmpFile, err := os.CreateTemp("", "foobar-save-load-test.tar")
+	assert.NilError(c, err)
 	defer os.Remove(tmpFile.Name())
 
 	icmd.RunCmd(icmd.Cmd{
@@ -37,7 +37,7 @@ func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *check.C) {
 	}).Assert(c, icmd.Success)
 
 	tmpFile, err = os.Open(tmpFile.Name())
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	defer tmpFile.Close()
 
 	deleteImages(repoName)
@@ -50,27 +50,27 @@ func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *check.C) {
 	after := inspectField(c, repoName, "Id")
 	after = strings.TrimRight(after, "\n")
 
-	c.Assert(after, check.Equals, before) //inspect is not the same after a save / load
+	assert.Equal(c, after, before, "inspect is not the same after a save / load")
 
 	deleteImages(repoName)
 
 	pty, tty, err := pty.Open()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	cmd := exec.Command(dockerBinary, "save", repoName)
 	cmd.Stdin = tty
 	cmd.Stdout = tty
 	cmd.Stderr = tty
-	c.Assert(cmd.Start(), check.IsNil)
-	c.Assert(cmd.Wait(), check.NotNil) //did not break writing to a TTY
+	assert.NilError(c, cmd.Start())
+	assert.ErrorContains(c, cmd.Wait(), "", "did not break writing to a TTY")
 
 	buf := make([]byte, 1024)
 
 	n, err := pty.Read(buf)
-	c.Assert(err, check.IsNil) //could not read tty output
-	c.Assert(string(buf[:n]), checker.Contains, "cowardly refusing", check.Commentf("help output is not being yielded"))
+	assert.NilError(c, err, "could not read tty output")
+	assert.Assert(c, strings.Contains(string(buf[:n]), "cowardly refusing"), "help output is not being yielded")
 }
 
-func (s *DockerSuite) TestSaveAndLoadWithProgressBar(c *check.C) {
+func (s *DockerSuite) TestSaveAndLoadWithProgressBar(c *testing.T) {
 	name := "test-load"
 	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 	RUN touch aa
@@ -84,24 +84,24 @@ func (s *DockerSuite) TestSaveAndLoadWithProgressBar(c *check.C) {
 	dockerCmd(c, "tag", "busybox", name)
 	out, _ := dockerCmd(c, "load", "-i", tmptar)
 	expected := fmt.Sprintf("The image %s:latest already exists, renaming the old one with ID", name)
-	c.Assert(out, checker.Contains, expected)
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
 // fail because load didn't receive data from stdin
-func (s *DockerSuite) TestLoadNoStdinFail(c *check.C) {
+func (s *DockerSuite) TestLoadNoStdinFail(c *testing.T) {
 	pty, tty, err := pty.Open()
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 	cmd := exec.CommandContext(ctx, dockerBinary, "load")
 	cmd.Stdin = tty
 	cmd.Stdout = tty
 	cmd.Stderr = tty
-	c.Assert(cmd.Run(), check.NotNil) // docker-load should fail
+	assert.ErrorContains(c, cmd.Run(), "", "docker-load should fail")
 
 	buf := make([]byte, 1024)
 
 	n, err := pty.Read(buf)
-	c.Assert(err, check.IsNil) //could not read tty output
-	c.Assert(string(buf[:n]), checker.Contains, "requested load from stdin, but stdin is empty")
+	assert.NilError(c, err) //could not read tty output
+	assert.Assert(c, strings.Contains(string(buf[:n]), "requested load from stdin, but stdin is empty"))
 }
diff --git a/integration-cli/docker_cli_search_test.go b/integration-cli/docker_cli_search_test.go
index 809088a11563d..baace44fb312f 100644
--- a/integration-cli/docker_cli_search_test.go
+++ b/integration-cli/docker_cli_search_test.go
@@ -3,129 +3,78 @@ package main
 import (
 	"fmt"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // search for repos named  "registry" on the central registry
-func (s *DockerSuite) TestSearchOnCentralRegistry(c *check.C) {
-	testRequires(c, Network, DaemonIsLinux)
-
+func (s *DockerSuite) TestSearchOnCentralRegistry(c *testing.T) {
 	out, _ := dockerCmd(c, "search", "busybox")
-	c.Assert(out, checker.Contains, "Busybox base image.", check.Commentf("couldn't find any repository named (or containing) 'Busybox base image.'"))
+	assert.Assert(c, strings.Contains(out, "Busybox base image."), "couldn't find any repository named (or containing) 'Busybox base image.'")
 }
 
-func (s *DockerSuite) TestSearchStarsOptionWithWrongParameter(c *check.C) {
+func (s *DockerSuite) TestSearchStarsOptionWithWrongParameter(c *testing.T) {
 	out, _, err := dockerCmdWithError("search", "--filter", "stars=a", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Invalid filter", check.Commentf("couldn't find the invalid filter warning"))
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Invalid filter"), "couldn't find the invalid filter warning")
 
 	out, _, err = dockerCmdWithError("search", "-f", "stars=a", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Invalid filter", check.Commentf("couldn't find the invalid filter warning"))
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Invalid filter"), "couldn't find the invalid filter warning")
 
 	out, _, err = dockerCmdWithError("search", "-f", "is-automated=a", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Invalid filter", check.Commentf("couldn't find the invalid filter warning"))
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Invalid filter"), "couldn't find the invalid filter warning")
 
 	out, _, err = dockerCmdWithError("search", "-f", "is-official=a", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "Invalid filter", check.Commentf("couldn't find the invalid filter warning"))
-
-	// -s --stars deprecated since Docker 1.13
-	out, _, err = dockerCmdWithError("search", "--stars=a", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "invalid syntax", check.Commentf("couldn't find the invalid value warning"))
-
-	// -s --stars deprecated since Docker 1.13
-	out, _, err = dockerCmdWithError("search", "-s=-1", "busybox")
-	c.Assert(err, check.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "invalid syntax", check.Commentf("couldn't find the invalid value warning"))
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "Invalid filter"), "couldn't find the invalid filter warning")
 }
 
-func (s *DockerSuite) TestSearchCmdOptions(c *check.C) {
-	testRequires(c, Network, DaemonIsLinux)
-
-	out, _ := dockerCmd(c, "search", "--help")
-	c.Assert(out, checker.Contains, "Usage:\tdocker search [OPTIONS] TERM")
-
+func (s *DockerSuite) TestSearchCmdOptions(c *testing.T) {
 	outSearchCmd, _ := dockerCmd(c, "search", "busybox")
-	outSearchCmdNotrunc, _ := dockerCmd(c, "search", "--no-trunc=true", "busybox")
+	assert.Assert(c, strings.Count(outSearchCmd, "\n") > 3, outSearchCmd)
 
-	c.Assert(len(outSearchCmd) > len(outSearchCmdNotrunc), check.Equals, false, check.Commentf("The no-trunc option can't take effect."))
-
-	outSearchCmdautomated, _ := dockerCmd(c, "search", "--filter", "is-automated=true", "busybox") //The busybox is a busybox base image, not an AUTOMATED image.
+	outSearchCmdautomated, _ := dockerCmd(c, "search", "--filter", "is-automated=true", "busybox") // The busybox is a busybox base image, not an AUTOMATED image.
 	outSearchCmdautomatedSlice := strings.Split(outSearchCmdautomated, "\n")
 	for i := range outSearchCmdautomatedSlice {
-		c.Assert(strings.HasPrefix(outSearchCmdautomatedSlice[i], "busybox "), check.Equals, false, check.Commentf("The busybox is not an AUTOMATED image: %s", outSearchCmdautomated))
+		assert.Assert(c, !strings.HasPrefix(outSearchCmdautomatedSlice[i], "busybox "), "The busybox is not an AUTOMATED image: %s", outSearchCmdautomated)
 	}
 
-	outSearchCmdNotOfficial, _ := dockerCmd(c, "search", "--filter", "is-official=false", "busybox") //The busybox is a busybox base image, official image.
+	outSearchCmdNotOfficial, _ := dockerCmd(c, "search", "--filter", "is-official=false", "busybox") // The busybox is a busybox base image, official image.
 	outSearchCmdNotOfficialSlice := strings.Split(outSearchCmdNotOfficial, "\n")
 	for i := range outSearchCmdNotOfficialSlice {
-		c.Assert(strings.HasPrefix(outSearchCmdNotOfficialSlice[i], "busybox "), check.Equals, false, check.Commentf("The busybox is not an OFFICIAL image: %s", outSearchCmdNotOfficial))
+		assert.Assert(c, !strings.HasPrefix(outSearchCmdNotOfficialSlice[i], "busybox "), "The busybox is not an OFFICIAL image: %s", outSearchCmdNotOfficial)
 	}
 
-	outSearchCmdOfficial, _ := dockerCmd(c, "search", "--filter", "is-official=true", "busybox") //The busybox is a busybox base image, official image.
+	outSearchCmdOfficial, _ := dockerCmd(c, "search", "--filter", "is-official=true", "busybox") // The busybox is a busybox base image, official image.
 	outSearchCmdOfficialSlice := strings.Split(outSearchCmdOfficial, "\n")
-	c.Assert(outSearchCmdOfficialSlice, checker.HasLen, 3) // 1 header, 1 line, 1 carriage return
-	c.Assert(strings.HasPrefix(outSearchCmdOfficialSlice[1], "busybox "), check.Equals, true, check.Commentf("The busybox is an OFFICIAL image: %s", outSearchCmdNotOfficial))
+	assert.Equal(c, len(outSearchCmdOfficialSlice), 3) // 1 header, 1 line, 1 carriage return
+	assert.Assert(c, strings.HasPrefix(outSearchCmdOfficialSlice[1], "busybox "), "The busybox is an OFFICIAL image: %s", outSearchCmdOfficial)
 
-	outSearchCmdStars, _ := dockerCmd(c, "search", "--filter", "stars=2", "busybox")
-	c.Assert(strings.Count(outSearchCmdStars, "[OK]") > strings.Count(outSearchCmd, "[OK]"), check.Equals, false, check.Commentf("The quantity of images with stars should be less than that of all images: %s", outSearchCmdStars))
+	outSearchCmdStars, _ := dockerCmd(c, "search", "--filter", "stars=10", "busybox")
+	assert.Assert(c, strings.Count(outSearchCmdStars, "\n") <= strings.Count(outSearchCmd, "\n"), "Number of images with 10+ stars should be less than that of all images:\noutSearchCmdStars: %s\noutSearch: %s\n", outSearchCmdStars, outSearchCmd)
 
 	dockerCmd(c, "search", "--filter", "is-automated=true", "--filter", "stars=2", "--no-trunc=true", "busybox")
-
-	// --automated deprecated since Docker 1.13
-	outSearchCmdautomated1, _ := dockerCmd(c, "search", "--automated=true", "busybox") //The busybox is a busybox base image, not an AUTOMATED image.
-	outSearchCmdautomatedSlice1 := strings.Split(outSearchCmdautomated1, "\n")
-	for i := range outSearchCmdautomatedSlice1 {
-		c.Assert(strings.HasPrefix(outSearchCmdautomatedSlice1[i], "busybox "), check.Equals, false, check.Commentf("The busybox is not an AUTOMATED image: %s", outSearchCmdautomated))
-	}
-
-	// -s --stars deprecated since Docker 1.13
-	outSearchCmdStars1, _ := dockerCmd(c, "search", "--stars=2", "busybox")
-	c.Assert(strings.Count(outSearchCmdStars1, "[OK]") > strings.Count(outSearchCmd, "[OK]"), check.Equals, false, check.Commentf("The quantity of images with stars should be less than that of all images: %s", outSearchCmdStars1))
-
-	// -s --stars deprecated since Docker 1.13
-	dockerCmd(c, "search", "--stars=2", "--automated=true", "--no-trunc=true", "busybox")
 }
 
 // search for repos which start with "ubuntu-" on the central registry
-func (s *DockerSuite) TestSearchOnCentralRegistryWithDash(c *check.C) {
-	testRequires(c, Network, DaemonIsLinux)
-
+func (s *DockerSuite) TestSearchOnCentralRegistryWithDash(c *testing.T) {
 	dockerCmd(c, "search", "ubuntu-")
 }
 
 // test case for #23055
-func (s *DockerSuite) TestSearchWithLimit(c *check.C) {
-	testRequires(c, Network, DaemonIsLinux)
-
-	limit := 10
-	out, _, err := dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
-	c.Assert(err, checker.IsNil)
-	outSlice := strings.Split(out, "\n")
-	c.Assert(outSlice, checker.HasLen, limit+2) // 1 header, 1 carriage return
-
-	limit = 50
-	out, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
-	c.Assert(err, checker.IsNil)
-	outSlice = strings.Split(out, "\n")
-	c.Assert(outSlice, checker.HasLen, limit+2) // 1 header, 1 carriage return
-
-	limit = 100
-	out, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
-	c.Assert(err, checker.IsNil)
-	outSlice = strings.Split(out, "\n")
-	c.Assert(outSlice, checker.HasLen, limit+2) // 1 header, 1 carriage return
-
-	limit = 0
-	_, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
-	c.Assert(err, checker.Not(checker.IsNil))
-
-	limit = 200
-	_, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
-	c.Assert(err, checker.Not(checker.IsNil))
+func (s *DockerSuite) TestSearchWithLimit(c *testing.T) {
+	for _, limit := range []int{10, 50, 100} {
+		out, _, err := dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+		assert.NilError(c, err)
+		outSlice := strings.Split(out, "\n")
+		assert.Equal(c, len(outSlice), limit+2) // 1 header, 1 carriage return
+	}
+
+	for _, limit := range []int{-1, 0, 101} {
+		_, _, err := dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+		assert.ErrorContains(c, err, "")
+	}
 }
diff --git a/integration-cli/docker_cli_service_create_test.go b/integration-cli/docker_cli_service_create_test.go
index d00e15a0e3484..6d4dc3a375f8b 100644
--- a/integration-cli/docker_cli_service_create_test.go
+++ b/integration-cli/docker_cli_service_create_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -7,63 +8,65 @@ import (
 	"fmt"
 	"path/filepath"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
 )
 
-func (s *DockerSwarmSuite) TestServiceCreateMountVolume(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateMountVolume(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=volume,source=foo,target=/foo,volume-nocopy", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, id)
-		return len(tasks) > 0, nil
-	}, checker.Equals, true)
+		return len(tasks) > 0, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		if task.NodeID == "" || task.Status.ContainerStatus == nil {
 			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
-	}, checker.Equals, true)
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// check container mount config
 	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .HostConfig.Mounts}}", task.Status.ContainerStatus.ContainerID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	var mountConfig []mount.Mount
-	c.Assert(json.Unmarshal([]byte(out), &mountConfig), checker.IsNil)
-	c.Assert(mountConfig, checker.HasLen, 1)
+	assert.Assert(c, json.Unmarshal([]byte(out), &mountConfig) == nil)
+	assert.Equal(c, len(mountConfig), 1)
 
-	c.Assert(mountConfig[0].Source, checker.Equals, "foo")
-	c.Assert(mountConfig[0].Target, checker.Equals, "/foo")
-	c.Assert(mountConfig[0].Type, checker.Equals, mount.TypeVolume)
-	c.Assert(mountConfig[0].VolumeOptions, checker.NotNil)
-	c.Assert(mountConfig[0].VolumeOptions.NoCopy, checker.True)
+	assert.Equal(c, mountConfig[0].Source, "foo")
+	assert.Equal(c, mountConfig[0].Target, "/foo")
+	assert.Equal(c, mountConfig[0].Type, mount.TypeVolume)
+	assert.Assert(c, mountConfig[0].VolumeOptions != nil)
+	assert.Assert(c, mountConfig[0].VolumeOptions.NoCopy)
 
 	// check container mounts actual
 	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .Mounts}}", task.Status.ContainerStatus.ContainerID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	var mounts []types.MountPoint
-	c.Assert(json.Unmarshal([]byte(out), &mounts), checker.IsNil)
-	c.Assert(mounts, checker.HasLen, 1)
+	assert.Assert(c, json.Unmarshal([]byte(out), &mounts) == nil)
+	assert.Equal(c, len(mounts), 1)
 
-	c.Assert(mounts[0].Type, checker.Equals, mount.TypeVolume)
-	c.Assert(mounts[0].Name, checker.Equals, "foo")
-	c.Assert(mounts[0].Destination, checker.Equals, "/foo")
-	c.Assert(mounts[0].RW, checker.Equals, true)
+	assert.Equal(c, mounts[0].Type, mount.TypeVolume)
+	assert.Equal(c, mounts[0].Name, "foo")
+	assert.Equal(c, mounts[0].Destination, "/foo")
+	assert.Equal(c, mounts[0].RW, true)
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateWithSecretSimple(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateWithSecretSimple(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	serviceName := "test-service-secret"
@@ -74,30 +77,30 @@ func (s *DockerSwarmSuite) TestServiceCreateWithSecretSimple(c *check.C) {
 		},
 		Data: []byte("TESTINGDATA"),
 	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+	assert.Assert(c, id != "", "secrets: %s", id)
 
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--secret", testName, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var refs []swarm.SecretReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 1)
+	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
+	assert.Equal(c, len(refs), 1)
 
-	c.Assert(refs[0].SecretName, checker.Equals, testName)
-	c.Assert(refs[0].File, checker.Not(checker.IsNil))
-	c.Assert(refs[0].File.Name, checker.Equals, testName)
-	c.Assert(refs[0].File.UID, checker.Equals, "0")
-	c.Assert(refs[0].File.GID, checker.Equals, "0")
+	assert.Equal(c, refs[0].SecretName, testName)
+	assert.Assert(c, refs[0].File != nil)
+	assert.Equal(c, refs[0].File.Name, testName)
+	assert.Equal(c, refs[0].File.UID, "0")
+	assert.Equal(c, refs[0].File.GID, "0")
 
 	out, err = d.Cmd("service", "rm", serviceName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	d.DeleteSecret(c, testName)
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTargetPaths(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTargetPaths(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	testPaths := map[string]string{
@@ -116,7 +119,7 @@ func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTargetPaths(c *check
 			},
 			Data: []byte("TESTINGDATA " + testName + " " + testTarget),
 		})
-		c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+		assert.Assert(c, id != "", "secrets: %s", id)
 
 		secretFlags = append(secretFlags, "--secret", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
 	}
@@ -126,28 +129,28 @@ func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTargetPaths(c *check
 	serviceCmd = append(serviceCmd, secretFlags...)
 	serviceCmd = append(serviceCmd, "busybox", "top")
 	out, err := d.Cmd(serviceCmd...)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var refs []swarm.SecretReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, len(testPaths))
+	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
+	assert.Equal(c, len(refs), len(testPaths))
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, serviceName)
-		return len(tasks) > 0, nil
-	}, checker.Equals, true)
+		return len(tasks) > 0, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		if task.NodeID == "" || task.Status.ContainerStatus == nil {
 			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
-	}, checker.Equals, true)
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	for testName, testTarget := range testPaths {
 		path := testTarget
@@ -155,15 +158,15 @@ func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTargetPaths(c *check
 			path = filepath.Join("/run/secrets", path)
 		}
 		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
-		c.Assert(err, checker.IsNil)
-		c.Assert(out, checker.Equals, "TESTINGDATA "+testName+" "+testTarget)
+		assert.NilError(c, err)
+		assert.Equal(c, out, "TESTINGDATA "+testName+" "+testTarget)
 	}
 
 	out, err = d.Cmd("service", "rm", serviceName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateWithSecretReferencedTwice(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateWithSecretReferencedTwice(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	id := d.CreateSecret(c, swarm.SecretSpec{
@@ -172,46 +175,46 @@ func (s *DockerSwarmSuite) TestServiceCreateWithSecretReferencedTwice(c *check.C
 		},
 		Data: []byte("TESTINGDATA"),
 	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+	assert.Assert(c, id != "", "secrets: %s", id)
 
 	serviceName := "svc"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--secret", "source=mysecret,target=target1", "--secret", "source=mysecret,target=target2", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var refs []swarm.SecretReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 2)
+	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
+	assert.Equal(c, len(refs), 2)
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, serviceName)
-		return len(tasks) > 0, nil
-	}, checker.Equals, true)
+		return len(tasks) > 0, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		if task.NodeID == "" || task.Status.ContainerStatus == nil {
 			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
-	}, checker.Equals, true)
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	for _, target := range []string{"target1", "target2"} {
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 		path := filepath.Join("/run/secrets", target)
 		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
-		c.Assert(err, checker.IsNil)
-		c.Assert(out, checker.Equals, "TESTINGDATA")
+		assert.NilError(c, err)
+		assert.Equal(c, out, "TESTINGDATA")
 	}
 
 	out, err = d.Cmd("service", "rm", serviceName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateWithConfigSimple(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateWithConfigSimple(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	serviceName := "test-service-config"
@@ -222,30 +225,30 @@ func (s *DockerSwarmSuite) TestServiceCreateWithConfigSimple(c *check.C) {
 		},
 		Data: []byte("TESTINGDATA"),
 	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+	assert.Assert(c, id != "", "configs: %s", id)
 
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--config", testName, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var refs []swarm.ConfigReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 1)
+	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
+	assert.Equal(c, len(refs), 1)
 
-	c.Assert(refs[0].ConfigName, checker.Equals, testName)
-	c.Assert(refs[0].File, checker.Not(checker.IsNil))
-	c.Assert(refs[0].File.Name, checker.Equals, testName)
-	c.Assert(refs[0].File.UID, checker.Equals, "0")
-	c.Assert(refs[0].File.GID, checker.Equals, "0")
+	assert.Equal(c, refs[0].ConfigName, testName)
+	assert.Assert(c, refs[0].File != nil)
+	assert.Equal(c, refs[0].File.Name, testName)
+	assert.Equal(c, refs[0].File.UID, "0")
+	assert.Equal(c, refs[0].File.GID, "0")
 
 	out, err = d.Cmd("service", "rm", serviceName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	d.DeleteConfig(c, testName)
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateWithConfigSourceTargetPaths(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateWithConfigSourceTargetPaths(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	testPaths := map[string]string{
@@ -263,7 +266,7 @@ func (s *DockerSwarmSuite) TestServiceCreateWithConfigSourceTargetPaths(c *check
 			},
 			Data: []byte("TESTINGDATA " + testName + " " + testTarget),
 		})
-		c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+		assert.Assert(c, id != "", "configs: %s", id)
 
 		configFlags = append(configFlags, "--config", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
 	}
@@ -273,28 +276,28 @@ func (s *DockerSwarmSuite) TestServiceCreateWithConfigSourceTargetPaths(c *check
 	serviceCmd = append(serviceCmd, configFlags...)
 	serviceCmd = append(serviceCmd, "busybox", "top")
 	out, err := d.Cmd(serviceCmd...)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var refs []swarm.ConfigReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, len(testPaths))
+	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
+	assert.Equal(c, len(refs), len(testPaths))
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, serviceName)
-		return len(tasks) > 0, nil
-	}, checker.Equals, true)
+		return len(tasks) > 0, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		if task.NodeID == "" || task.Status.ContainerStatus == nil {
 			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
-	}, checker.Equals, true)
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	for testName, testTarget := range testPaths {
 		path := testTarget
@@ -302,15 +305,15 @@ func (s *DockerSwarmSuite) TestServiceCreateWithConfigSourceTargetPaths(c *check
 			path = filepath.Join("/", path)
 		}
 		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
-		c.Assert(err, checker.IsNil)
-		c.Assert(out, checker.Equals, "TESTINGDATA "+testName+" "+testTarget)
+		assert.NilError(c, err)
+		assert.Equal(c, out, "TESTINGDATA "+testName+" "+testTarget)
 	}
 
 	out, err = d.Cmd("service", "rm", serviceName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateWithConfigReferencedTwice(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateWithConfigReferencedTwice(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	id := d.CreateConfig(c, swarm.ConfigSpec{
@@ -319,129 +322,129 @@ func (s *DockerSwarmSuite) TestServiceCreateWithConfigReferencedTwice(c *check.C
 		},
 		Data: []byte("TESTINGDATA"),
 	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+	assert.Assert(c, id != "", "configs: %s", id)
 
 	serviceName := "svc"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--config", "source=myconfig,target=target1", "--config", "source=myconfig,target=target2", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var refs []swarm.ConfigReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 2)
+	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
+	assert.Equal(c, len(refs), 2)
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, serviceName)
-		return len(tasks) > 0, nil
-	}, checker.Equals, true)
+		return len(tasks) > 0, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		if task.NodeID == "" || task.Status.ContainerStatus == nil {
 			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
-	}, checker.Equals, true)
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	for _, target := range []string{"target1", "target2"} {
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 		path := filepath.Join("/", target)
 		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
-		c.Assert(err, checker.IsNil)
-		c.Assert(out, checker.Equals, "TESTINGDATA")
+		assert.NilError(c, err)
+		assert.Equal(c, out, "TESTINGDATA")
 	}
 
 	out, err = d.Cmd("service", "rm", serviceName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateMountTmpfs(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateMountTmpfs(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
-	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=tmpfs,target=/foo,tmpfs-size=1MB", "busybox", "sh", "-c", "mount | grep foo; tail -f /dev/null")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=tmpfs,target=/foo,tmpfs-size=1MB", "busybox", "sh", "-c", "mount | grep foo; exec tail -f /dev/null")
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, id)
-		return len(tasks) > 0, nil
-	}, checker.Equals, true)
+		return len(tasks) > 0, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		if task.NodeID == "" || task.Status.ContainerStatus == nil {
 			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
-	}, checker.Equals, true)
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// check container mount config
 	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .HostConfig.Mounts}}", task.Status.ContainerStatus.ContainerID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	var mountConfig []mount.Mount
-	c.Assert(json.Unmarshal([]byte(out), &mountConfig), checker.IsNil)
-	c.Assert(mountConfig, checker.HasLen, 1)
+	assert.Assert(c, json.Unmarshal([]byte(out), &mountConfig) == nil)
+	assert.Equal(c, len(mountConfig), 1)
 
-	c.Assert(mountConfig[0].Source, checker.Equals, "")
-	c.Assert(mountConfig[0].Target, checker.Equals, "/foo")
-	c.Assert(mountConfig[0].Type, checker.Equals, mount.TypeTmpfs)
-	c.Assert(mountConfig[0].TmpfsOptions, checker.NotNil)
-	c.Assert(mountConfig[0].TmpfsOptions.SizeBytes, checker.Equals, int64(1048576))
+	assert.Equal(c, mountConfig[0].Source, "")
+	assert.Equal(c, mountConfig[0].Target, "/foo")
+	assert.Equal(c, mountConfig[0].Type, mount.TypeTmpfs)
+	assert.Assert(c, mountConfig[0].TmpfsOptions != nil)
+	assert.Equal(c, mountConfig[0].TmpfsOptions.SizeBytes, int64(1048576))
 
 	// check container mounts actual
 	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .Mounts}}", task.Status.ContainerStatus.ContainerID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	var mounts []types.MountPoint
-	c.Assert(json.Unmarshal([]byte(out), &mounts), checker.IsNil)
-	c.Assert(mounts, checker.HasLen, 1)
+	assert.Assert(c, json.Unmarshal([]byte(out), &mounts) == nil)
+	assert.Equal(c, len(mounts), 1)
 
-	c.Assert(mounts[0].Type, checker.Equals, mount.TypeTmpfs)
-	c.Assert(mounts[0].Name, checker.Equals, "")
-	c.Assert(mounts[0].Destination, checker.Equals, "/foo")
-	c.Assert(mounts[0].RW, checker.Equals, true)
+	assert.Equal(c, mounts[0].Type, mount.TypeTmpfs)
+	assert.Equal(c, mounts[0].Name, "")
+	assert.Equal(c, mounts[0].Destination, "/foo")
+	assert.Equal(c, mounts[0].RW, true)
 
 	out, err = s.nodeCmd(c, task.NodeID, "logs", task.Status.ContainerStatus.ContainerID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.HasPrefix, "tmpfs on /foo type tmpfs")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "size=1024k")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.HasPrefix(strings.TrimSpace(out), "tmpfs on /foo type tmpfs"))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "size=1024k"))
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateWithNetworkAlias(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateWithNetworkAlias(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 	out, err := d.Cmd("network", "create", "--scope=swarm", "test_swarm_br")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--network=name=test_swarm_br,alias=srv_alias", "--name=alias_tst_container", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, id)
-		return len(tasks) > 0, nil
-	}, checker.Equals, true)
+		return len(tasks) > 0, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		if task.NodeID == "" || task.Status.ContainerStatus == nil {
 			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
-	}, checker.Equals, true)
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
+	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// check container alias config
 	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .NetworkSettings.Networks.test_swarm_br.Aliases}}", task.Status.ContainerStatus.ContainerID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Make sure the only alias seen is the container-id
 	var aliases []string
-	c.Assert(json.Unmarshal([]byte(out), &aliases), checker.IsNil)
-	c.Assert(aliases, checker.HasLen, 1)
+	assert.Assert(c, json.Unmarshal([]byte(out), &aliases) == nil)
+	assert.Equal(c, len(aliases), 1)
 
-	c.Assert(task.Status.ContainerStatus.ContainerID, checker.Contains, aliases[0])
+	assert.Assert(c, strings.Contains(task.Status.ContainerStatus.ContainerID, aliases[0]))
 }
diff --git a/integration-cli/docker_cli_service_health_test.go b/integration-cli/docker_cli_service_health_test.go
index 994ee77b9951c..0caab32ea50b4 100644
--- a/integration-cli/docker_cli_service_health_test.go
+++ b/integration-cli/docker_cli_service_health_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -5,19 +6,21 @@ package main
 import (
 	"strconv"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/executor/container"
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
 // start a service, and then make its task unhealthy during running
 // finally, unhealthy task should be detected and killed
-func (s *DockerSwarmSuite) TestServiceHealthRun(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceHealthRun(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
 
 	d := s.AddDaemon(c, true, true)
@@ -27,50 +30,51 @@ func (s *DockerSwarmSuite) TestServiceHealthRun(c *check.C) {
 	result := cli.BuildCmd(c, imageName, cli.Daemon(d),
 		build.WithDockerfile(`FROM busybox
 		RUN touch /status
-		HEALTHCHECK --interval=1s --timeout=1s --retries=1\
+		HEALTHCHECK --interval=1s --timeout=5s --retries=1\
 		  CMD cat /status`),
 	)
 	result.Assert(c, icmd.Success)
 
 	serviceName := "healthServiceRun"
 	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--name", serviceName, imageName, "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, id)
-		return tasks, nil
-	}, checker.HasLen, 1)
+		return tasks, ""
+	}, checker.HasLen(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
 
 	// wait for task to start
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		task = d.GetTask(c, task.ID)
-		return task.Status.State, nil
-	}, checker.Equals, swarm.TaskStateRunning)
+		return task.Status.State, ""
+	}, checker.Equals(swarm.TaskStateRunning)), poll.WithTimeout(defaultReconciliationTimeout))
+
 	containerID := task.Status.ContainerStatus.ContainerID
 
 	// wait for container to be healthy
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		out, _ := d.Cmd("inspect", "--format={{.State.Health.Status}}", containerID)
-		return strings.TrimSpace(out), nil
-	}, checker.Equals, "healthy")
+		return strings.TrimSpace(out), ""
+	}, checker.Equals("healthy")), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// make it fail
 	d.Cmd("exec", containerID, "rm", "/status")
 	// wait for container to be unhealthy
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		out, _ := d.Cmd("inspect", "--format={{.State.Health.Status}}", containerID)
-		return strings.TrimSpace(out), nil
-	}, checker.Equals, "unhealthy")
+		return strings.TrimSpace(out), ""
+	}, checker.Equals("unhealthy")), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Task should be terminated
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		task = d.GetTask(c, task.ID)
-		return task.Status.State, nil
-	}, checker.Equals, swarm.TaskStateFailed)
+		return task.Status.State, ""
+	}, checker.Equals(swarm.TaskStateFailed)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	if !strings.Contains(task.Status.Err, container.ErrContainerUnhealthy.Error()) {
 		c.Fatal("unhealthy task exits because of other error")
@@ -79,7 +83,7 @@ func (s *DockerSwarmSuite) TestServiceHealthRun(c *check.C) {
 
 // start a service whose task is unhealthy at beginning
 // its tasks should be blocked in starting stage, until health check is passed
-func (s *DockerSwarmSuite) TestServiceHealthStart(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceHealthStart(c *testing.T) {
 	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
 
 	d := s.AddDaemon(c, true, true)
@@ -95,42 +99,43 @@ func (s *DockerSwarmSuite) TestServiceHealthStart(c *check.C) {
 
 	serviceName := "healthServiceStart"
 	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--name", serviceName, imageName, "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		tasks = d.GetServiceTasks(c, id)
-		return tasks, nil
-	}, checker.HasLen, 1)
+		return tasks, ""
+	}, checker.HasLen(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	task := tasks[0]
 
 	// wait for task to start
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		task = d.GetTask(c, task.ID)
-		return task.Status.State, nil
-	}, checker.Equals, swarm.TaskStateStarting)
+		return task.Status.State, ""
+	}, checker.Equals(swarm.TaskStateStarting)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	containerID := task.Status.ContainerStatus.ContainerID
 
 	// wait for health check to work
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		out, _ := d.Cmd("inspect", "--format={{.State.Health.FailingStreak}}", containerID)
 		failingStreak, _ := strconv.Atoi(strings.TrimSpace(out))
-		return failingStreak, nil
-	}, checker.GreaterThan, 0)
+		return failingStreak, ""
+	}, checker.GreaterThan(0)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// task should be blocked at starting status
 	task = d.GetTask(c, task.ID)
-	c.Assert(task.Status.State, check.Equals, swarm.TaskStateStarting)
+	assert.Equal(c, task.Status.State, swarm.TaskStateStarting)
 
 	// make it healthy
 	d.Cmd("exec", containerID, "touch", "/status")
 
 	// Task should be at running status
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
 		task = d.GetTask(c, task.ID)
-		return task.Status.State, nil
-	}, checker.Equals, swarm.TaskStateRunning)
+		return task.Status.State, ""
+	}, checker.Equals(swarm.TaskStateRunning)), poll.WithTimeout(defaultReconciliationTimeout))
+
 }
diff --git a/integration-cli/docker_cli_service_logs_test.go b/integration-cli/docker_cli_service_logs_test.go
index ba337491b1440..7727e1fe2a4ed 100644
--- a/integration-cli/docker_cli_service_logs_test.go
+++ b/integration-cli/docker_cli_service_logs_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -8,12 +9,14 @@ import (
 	"io"
 	"os/exec"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/daemon"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
 type logMessage struct {
@@ -21,7 +24,7 @@ type logMessage struct {
 	data []byte
 }
 
-func (s *DockerSwarmSuite) TestServiceLogs(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogs(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// we have multiple services here for detecting the goroutine issue #28915
@@ -32,151 +35,151 @@ func (s *DockerSwarmSuite) TestServiceLogs(c *check.C) {
 
 	for name, message := range services {
 		out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox",
-			"sh", "-c", fmt.Sprintf("echo %s; tail -f /dev/null", message))
-		c.Assert(err, checker.IsNil)
-		c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+			"sh", "-c", fmt.Sprintf("echo %s; exec tail -f /dev/null", message))
+		assert.NilError(c, err)
+		assert.Assert(c, strings.TrimSpace(out) != "")
 	}
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout,
-		d.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{"busybox:latest": len(services)})
+	poll.WaitOn(c, pollCheck(c,
+		d.CheckRunningTaskImages, checker.DeepEquals(map[string]int{"busybox:latest": len(services)})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	for name, message := range services {
 		out, err := d.Cmd("service", "logs", name)
-		c.Assert(err, checker.IsNil)
-		c.Logf("log for %q: %q", name, out)
-		c.Assert(out, checker.Contains, message)
+		assert.NilError(c, err)
+		assert.Assert(c, strings.Contains(out, message), "log for %q: %q", name, out)
 	}
 }
 
-// countLogLines returns a closure that can be used with waitAndAssert to
+// countLogLines returns a closure that can be used with poll.WaitOn() to
 // verify that a minimum number of expected container log messages have been
 // output.
-func countLogLines(d *daemon.Daemon, name string) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
+func countLogLines(d *daemon.Daemon, name string) func(*testing.T) (interface{}, string) {
+	return func(c *testing.T) (interface{}, string) {
 		result := icmd.RunCmd(d.Command("service", "logs", "-t", "--raw", name))
 		result.Assert(c, icmd.Expected{})
 		// if this returns an emptystring, trying to split it later will return
 		// an array containing emptystring. a valid log line will NEVER be
 		// emptystring because we ask for the timestamp.
 		if result.Stdout() == "" {
-			return 0, check.Commentf("Empty stdout")
+			return 0, "Empty stdout"
 		}
 		lines := strings.Split(strings.TrimSpace(result.Stdout()), "\n")
-		return len(lines), check.Commentf("output, %q", string(result.Stdout()))
+		return len(lines), fmt.Sprintf("output, %q", result.Stdout())
 	}
 }
 
-func (s *DockerSwarmSuite) TestServiceLogsCompleteness(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogsCompleteness(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "TestServiceLogsCompleteness"
 
 	// make a service that prints 6 lines
-	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "for line in $(seq 0 5); do echo log test $line; done; sleep 100000")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "for line in $(seq 0 5); do echo log test $line; done; exec tail /dev/null")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 	// and make sure we have all the log lines
-	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 6)
+	poll.WaitOn(c, pollCheck(c, countLogLines(d, name), checker.Equals(6)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "logs", name)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	lines := strings.Split(strings.TrimSpace(out), "\n")
 
 	// i have heard anecdotal reports that logs may come back from the engine
 	// mis-ordered. if this tests fails, consider the possibility that that
 	// might be occurring
 	for i, line := range lines {
-		c.Assert(line, checker.Contains, fmt.Sprintf("log test %v", i))
+		assert.Assert(c, strings.Contains(line, fmt.Sprintf("log test %v", i)))
 	}
 }
 
-func (s *DockerSwarmSuite) TestServiceLogsTail(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogsTail(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "TestServiceLogsTail"
 
 	// make a service that prints 6 lines
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "for line in $(seq 1 6); do echo log test $line; done; sleep 100000")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
-	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 6)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, countLogLines(d, name), checker.Equals(6)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "logs", "--tail=2", name)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	lines := strings.Split(strings.TrimSpace(out), "\n")
 
 	for i, line := range lines {
 		// doing i+5 is hacky but not too fragile, it's good enough. if it flakes something else is wrong
-		c.Assert(line, checker.Contains, fmt.Sprintf("log test %v", i+5))
+		assert.Assert(c, strings.Contains(line, fmt.Sprintf("log test %v", i+5)))
 	}
 }
 
-func (s *DockerSwarmSuite) TestServiceLogsSince(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogsSince(c *testing.T) {
 	// See DockerSuite.TestLogsSince, which is where this comes from
 	d := s.AddDaemon(c, true, true)
 
 	name := "TestServiceLogsSince"
 
-	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "for i in $(seq 1 3); do sleep .1; echo log$i; done; sleep 10000000")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "for i in $(seq 1 3); do usleep 100000; echo log$i; done; exec tail /dev/null")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.TrimSpace(out) != "")
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 	// wait a sec for the logs to come in
-	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 3)
+	poll.WaitOn(c, pollCheck(c, countLogLines(d, name), checker.Equals(3)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "logs", "-t", name)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	log2Line := strings.Split(strings.Split(out, "\n")[1], " ")
 	t, err := time.Parse(time.RFC3339Nano, log2Line[0]) // timestamp log2 is written
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	u := t.Add(50 * time.Millisecond) // add .05s so log1 & log2 don't show up
 	since := u.Format(time.RFC3339Nano)
 
 	out, err = d.Cmd("service", "logs", "-t", fmt.Sprintf("--since=%v", since), name)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	unexpected := []string{"log1", "log2"}
 	expected := []string{"log3"}
 	for _, v := range unexpected {
-		c.Assert(out, checker.Not(checker.Contains), v, check.Commentf("unexpected log message returned, since=%v", u))
+		assert.Assert(c, !strings.Contains(out, v), "unexpected log message returned, since=%v", u)
 	}
 	for _, v := range expected {
-		c.Assert(out, checker.Contains, v, check.Commentf("expected log message %v, was not present, since=%v", u))
+		assert.Assert(c, strings.Contains(out, v), "expected log message %v, was not present, since=%v", u)
 	}
 }
 
-func (s *DockerSwarmSuite) TestServiceLogsFollow(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogsFollow(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "TestServiceLogsFollow"
 
-	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "while true; do echo log test; sleep 0.1; done")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "trap 'exit 0' TERM; while true; do echo log test; usleep 100000; done")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	args := []string{"service", "logs", "-f", name}
 	cmd := exec.Command(dockerBinary, d.PrependHostArg(args)...)
 	r, w := io.Pipe()
 	cmd.Stdout = w
 	cmd.Stderr = w
-	c.Assert(cmd.Start(), checker.IsNil)
+	assert.NilError(c, cmd.Start())
 	go cmd.Wait()
 
 	// Make sure pipe is written to
 	ch := make(chan *logMessage)
 	done := make(chan struct{})
+	stop := make(chan struct{})
+	defer close(stop)
 	go func() {
 		reader := bufio.NewReader(r)
 		for {
@@ -184,6 +187,8 @@ func (s *DockerSwarmSuite) TestServiceLogsFollow(c *check.C) {
 			msg.data, _, msg.err = reader.ReadLine()
 			select {
 			case ch <- msg:
+			case <-stop:
+				return
 			case <-done:
 				return
 			}
@@ -192,15 +197,15 @@ func (s *DockerSwarmSuite) TestServiceLogsFollow(c *check.C) {
 
 	for i := 0; i < 3; i++ {
 		msg := <-ch
-		c.Assert(msg.err, checker.IsNil)
-		c.Assert(string(msg.data), checker.Contains, "log test")
+		assert.NilError(c, msg.err)
+		assert.Assert(c, strings.Contains(string(msg.data), "log test"))
 	}
 	close(done)
 
-	c.Assert(cmd.Process.Kill(), checker.IsNil)
+	assert.NilError(c, cmd.Process.Kill())
 }
 
-func (s *DockerSwarmSuite) TestServiceLogsTaskLogs(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogsTaskLogs(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "TestServicelogsTaskLogs"
@@ -214,28 +219,28 @@ func (s *DockerSwarmSuite) TestServiceLogsTaskLogs(c *check.C) {
 		// which has this the task id as an environment variable templated in
 		"--env", "TASK={{.Task.ID}}",
 		// and runs this command to print exactly 6 logs lines
-		"busybox", "sh", "-c", "for line in $(seq 0 5); do echo $TASK log test $line; done; sleep 100000",
+		"busybox", "sh", "-c", "trap 'exit 0' TERM; for line in $(seq 0 5); do echo $TASK log test $line; done; sleep 100000",
 	))
 	result.Assert(c, icmd.Expected{})
 	// ^^ verify that we get no error
 	// then verify that we have an id in stdout
 	id := strings.TrimSpace(result.Stdout())
-	c.Assert(id, checker.Not(checker.Equals), "")
+	assert.Assert(c, id != "")
 	// so, right here, we're basically inspecting by id and returning only
 	// the ID. if they don't match, the service doesn't exist.
 	result = icmd.RunCmd(d.Command("service", "inspect", "--format=\"{{.ID}}\"", id))
 	result.Assert(c, icmd.Expected{Out: id})
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, replicas)
-	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 6*replicas)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(replicas)), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, countLogLines(d, name), checker.Equals(6*replicas)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// get the task ids
 	result = icmd.RunCmd(d.Command("service", "ps", "-q", name))
 	result.Assert(c, icmd.Expected{})
 	// make sure we have two tasks
 	taskIDs := strings.Split(strings.TrimSpace(result.Stdout()), "\n")
-	c.Assert(taskIDs, checker.HasLen, replicas)
+	assert.Equal(c, len(taskIDs), replicas)
 
 	for _, taskID := range taskIDs {
 		c.Logf("checking task %v", taskID)
@@ -246,14 +251,14 @@ func (s *DockerSwarmSuite) TestServiceLogsTaskLogs(c *check.C) {
 		c.Logf("checking messages for %v", taskID)
 		for i, line := range lines {
 			// make sure the message is in order
-			c.Assert(line, checker.Contains, fmt.Sprintf("log test %v", i))
+			assert.Assert(c, strings.Contains(line, fmt.Sprintf("log test %v", i)))
 			// make sure it contains the task id
-			c.Assert(line, checker.Contains, taskID)
+			assert.Assert(c, strings.Contains(line, taskID))
 		}
 	}
 }
 
-func (s *DockerSwarmSuite) TestServiceLogsTTY(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogsTTY(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "TestServiceLogsTTY"
@@ -273,16 +278,16 @@ func (s *DockerSwarmSuite) TestServiceLogsTTY(c *check.C) {
 
 	result.Assert(c, icmd.Expected{})
 	id := strings.TrimSpace(result.Stdout())
-	c.Assert(id, checker.Not(checker.Equals), "")
+	assert.Assert(c, id != "")
 	// so, right here, we're basically inspecting by id and returning only
 	// the ID. if they don't match, the service doesn't exist.
 	result = icmd.RunCmd(d.Command("service", "inspect", "--format=\"{{.ID}}\"", id))
 	result.Assert(c, icmd.Expected{Out: id})
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 	// and make sure we have all the log lines
-	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 2)
+	poll.WaitOn(c, pollCheck(c, countLogLines(d, name), checker.Equals(2)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	cmd := d.Command("service", "logs", "--raw", name)
 	result = icmd.RunCmd(cmd)
@@ -291,7 +296,7 @@ func (s *DockerSwarmSuite) TestServiceLogsTTY(c *check.C) {
 	result.Assert(c, icmd.Expected{Out: "out\r\nerr\r\n"})
 }
 
-func (s *DockerSwarmSuite) TestServiceLogsNoHangDeletedContainer(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogsNoHangDeletedContainer(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "TestServiceLogsNoHangDeletedContainer"
@@ -311,20 +316,18 @@ func (s *DockerSwarmSuite) TestServiceLogsNoHangDeletedContainer(c *check.C) {
 	result.Assert(c, icmd.Expected{})
 	// get the service id
 	id := strings.TrimSpace(result.Stdout())
-	c.Assert(id, checker.Not(checker.Equals), "")
+	assert.Assert(c, id != "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 	// and make sure we have all the log lines
-	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 2)
+	poll.WaitOn(c, pollCheck(c, countLogLines(d, name), checker.Equals(2)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// now find and nuke the container
 	result = icmd.RunCmd(d.Command("ps", "-q"))
 	containerID := strings.TrimSpace(result.Stdout())
-	c.Assert(containerID, checker.Not(checker.Equals), "")
-	result = icmd.RunCmd(d.Command("stop", containerID))
-	result.Assert(c, icmd.Expected{Out: containerID})
-	result = icmd.RunCmd(d.Command("rm", containerID))
+	assert.Assert(c, containerID != "")
+	result = icmd.RunCmd(d.Command("rm", "-f", containerID))
 	result.Assert(c, icmd.Expected{Out: containerID})
 
 	// run logs. use tail 2 to make sure we don't try to get a bunch of logs
@@ -340,7 +343,7 @@ func (s *DockerSwarmSuite) TestServiceLogsNoHangDeletedContainer(c *check.C) {
 	result.Assert(c, icmd.Expected{})
 }
 
-func (s *DockerSwarmSuite) TestServiceLogsDetails(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceLogsDetails(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "TestServiceLogsDetails"
@@ -359,17 +362,17 @@ func (s *DockerSwarmSuite) TestServiceLogsDetails(c *check.C) {
 		// busybox image, shell string
 		"busybox", "sh", "-c",
 		// make a log line
-		"echo LogLine; while true; do sleep 1; done;",
+		"trap 'exit 0' TERM; echo LogLine; while true; do sleep 1; done;",
 	))
 
 	result.Assert(c, icmd.Expected{})
 	id := strings.TrimSpace(result.Stdout())
-	c.Assert(id, checker.Not(checker.Equals), "")
+	assert.Assert(c, id != "")
 
 	// make sure task has been deployed
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 	// and make sure we have all the log lines
-	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, countLogLines(d, name), checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// First, test without pretty printing
 	// call service logs with details. set raw to skip pretty printing
diff --git a/integration-cli/docker_cli_service_scale_test.go b/integration-cli/docker_cli_service_scale_test.go
index ad045ee570bd9..40afcc2a8ffab 100644
--- a/integration-cli/docker_cli_service_scale_test.go
+++ b/integration-cli/docker_cli_service_scale_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -5,33 +6,33 @@ package main
 import (
 	"fmt"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSwarmSuite) TestServiceScale(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceScale(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	service1Name := "TestService1"
-	service1Args := append([]string{"service", "create", "--detach", "--no-resolve-image", "--name", service1Name, defaultSleepImage}, sleepCommandForDaemonPlatform()...)
+	service1Args := append([]string{"service", "create", "--detach", "--no-resolve-image", "--name", service1Name, "busybox"}, sleepCommandForDaemonPlatform()...)
 
 	// global mode
 	service2Name := "TestService2"
-	service2Args := append([]string{"service", "create", "--detach", "--no-resolve-image", "--name", service2Name, "--mode=global", defaultSleepImage}, sleepCommandForDaemonPlatform()...)
+	service2Args := append([]string{"service", "create", "--detach", "--no-resolve-image", "--name", service2Name, "--mode=global", "busybox"}, sleepCommandForDaemonPlatform()...)
 
 	// Create services
 	_, err := d.Cmd(service1Args...)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, err = d.Cmd(service2Args...)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, err = d.Cmd("service", "scale", "TestService1=2")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	out, err := d.Cmd("service", "scale", "TestService1=foobar")
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	str := fmt.Sprintf("%s: invalid replicas value %s", service1Name, "foobar")
 	if !strings.Contains(out, str) {
@@ -39,7 +40,7 @@ func (s *DockerSwarmSuite) TestServiceScale(c *check.C) {
 	}
 
 	out, err = d.Cmd("service", "scale", "TestService1=-1")
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	str = fmt.Sprintf("%s: invalid replicas value %s", service1Name, "-1")
 	if !strings.Contains(out, str) {
@@ -48,7 +49,7 @@ func (s *DockerSwarmSuite) TestServiceScale(c *check.C) {
 
 	// TestService2 is a global mode
 	out, err = d.Cmd("service", "scale", "TestService2=2")
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	str = fmt.Sprintf("%s: scale can only be used with replicated mode\n", service2Name)
 	if out != str {
diff --git a/integration-cli/docker_cli_service_update_test.go b/integration-cli/docker_cli_service_update_test.go
deleted file mode 100644
index c729860ec9374..0000000000000
--- a/integration-cli/docker_cli_service_update_test.go
+++ /dev/null
@@ -1,137 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSwarmSuite) TestServiceUpdateLabel(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name=test", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	service := d.GetService(c, "test")
-	c.Assert(service.Spec.Labels, checker.HasLen, 0)
-
-	// add label to empty set
-	out, err = d.Cmd("service", "update", "--detach", "test", "--label-add", "foo=bar")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	service = d.GetService(c, "test")
-	c.Assert(service.Spec.Labels, checker.HasLen, 1)
-	c.Assert(service.Spec.Labels["foo"], checker.Equals, "bar")
-
-	// add label to non-empty set
-	out, err = d.Cmd("service", "update", "--detach", "test", "--label-add", "foo2=bar")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	service = d.GetService(c, "test")
-	c.Assert(service.Spec.Labels, checker.HasLen, 2)
-	c.Assert(service.Spec.Labels["foo2"], checker.Equals, "bar")
-
-	out, err = d.Cmd("service", "update", "--detach", "test", "--label-rm", "foo2")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	service = d.GetService(c, "test")
-	c.Assert(service.Spec.Labels, checker.HasLen, 1)
-	c.Assert(service.Spec.Labels["foo2"], checker.Equals, "")
-
-	out, err = d.Cmd("service", "update", "--detach", "test", "--label-rm", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	service = d.GetService(c, "test")
-	c.Assert(service.Spec.Labels, checker.HasLen, 0)
-	c.Assert(service.Spec.Labels["foo"], checker.Equals, "")
-
-	// now make sure we can add again
-	out, err = d.Cmd("service", "update", "--detach", "test", "--label-add", "foo=bar")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	service = d.GetService(c, "test")
-	c.Assert(service.Spec.Labels, checker.HasLen, 1)
-	c.Assert(service.Spec.Labels["foo"], checker.Equals, "bar")
-}
-
-func (s *DockerSwarmSuite) TestServiceUpdateSecrets(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-	testName := "test_secret"
-	id := d.CreateSecret(c, swarm.SecretSpec{
-		Annotations: swarm.Annotations{
-			Name: testName,
-		},
-		Data: []byte("TESTINGDATA"),
-	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
-	testTarget := "testing"
-	serviceName := "test"
-
-	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	// add secret
-	out, err = d.Cmd("service", "update", "--detach", "test", "--secret-add", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
-	c.Assert(err, checker.IsNil)
-
-	var refs []swarm.SecretReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 1)
-
-	c.Assert(refs[0].SecretName, checker.Equals, testName)
-	c.Assert(refs[0].File, checker.Not(checker.IsNil))
-	c.Assert(refs[0].File.Name, checker.Equals, testTarget)
-
-	// remove
-	out, err = d.Cmd("service", "update", "--detach", "test", "--secret-rm", testName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 0)
-}
-
-func (s *DockerSwarmSuite) TestServiceUpdateConfigs(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-	testName := "test_config"
-	id := d.CreateConfig(c, swarm.ConfigSpec{
-		Annotations: swarm.Annotations{
-			Name: testName,
-		},
-		Data: []byte("TESTINGDATA"),
-	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
-	testTarget := "/testing"
-	serviceName := "test"
-
-	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	// add config
-	out, err = d.Cmd("service", "update", "--detach", "test", "--config-add", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
-	c.Assert(err, checker.IsNil)
-
-	var refs []swarm.ConfigReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 1)
-
-	c.Assert(refs[0].ConfigName, checker.Equals, testName)
-	c.Assert(refs[0].File, checker.Not(checker.IsNil))
-	c.Assert(refs[0].File.Name, checker.Equals, testTarget)
-
-	// remove
-	out, err = d.Cmd("service", "update", "--detach", "test", "--config-rm", testName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-
-	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 0)
-}
diff --git a/integration-cli/docker_cli_sni_test.go b/integration-cli/docker_cli_sni_test.go
index f50b5bbf6d1d5..90e4f095d5a99 100644
--- a/integration-cli/docker_cli_sni_test.go
+++ b/integration-cli/docker_cli_sni_test.go
@@ -2,18 +2,19 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"os/exec"
 	"strings"
+	"testing"
 
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestClientSetsTLSServerName(c *check.C) {
+func (s *DockerSuite) TestClientSetsTLSServerName(c *testing.T) {
 	c.Skip("Flakey test")
 	// there may be more than one hit to the server for each registry request
 	var serverNameReceived []string
@@ -24,10 +25,10 @@ func (s *DockerSuite) TestClientSetsTLSServerName(c *check.C) {
 	}))
 	defer virtualHostServer.Close()
 	// discard TLS handshake errors written by default to os.Stderr
-	virtualHostServer.Config.ErrorLog = log.New(ioutil.Discard, "", 0)
+	virtualHostServer.Config.ErrorLog = log.New(io.Discard, "", 0)
 
 	u, err := url.Parse(virtualHostServer.URL)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	hostPort := u.Host
 	serverName = strings.Split(hostPort, ":")[0]
 
@@ -36,9 +37,9 @@ func (s *DockerSuite) TestClientSetsTLSServerName(c *check.C) {
 	cmd.Run()
 
 	// check that the fake server was hit at least once
-	c.Assert(len(serverNameReceived) > 0, check.Equals, true)
+	assert.Assert(c, len(serverNameReceived) > 0)
 	// check that for each hit the right server name was received
 	for _, item := range serverNameReceived {
-		c.Check(item, check.Equals, serverName)
+		assert.Check(c, item == serverName)
 	}
 }
diff --git a/integration-cli/docker_cli_start_test.go b/integration-cli/docker_cli_start_test.go
index 303deddb28b06..f3b57f2a7303e 100644
--- a/integration-cli/docker_cli_start_test.go
+++ b/integration-cli/docker_cli_start_test.go
@@ -2,17 +2,21 @@ package main
 
 import (
 	"fmt"
+	"runtime"
+	"strconv"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/docker/docker/integration-cli/cli"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
 // Regression test for https://github.com/docker/docker/issues/7843
-func (s *DockerSuite) TestStartAttachReturnsOnError(c *check.C) {
+func (s *DockerSuite) TestStartAttachReturnsOnError(c *testing.T) {
 	// Windows does not support link
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "--name", "test", "busybox")
@@ -20,9 +24,9 @@ func (s *DockerSuite) TestStartAttachReturnsOnError(c *check.C) {
 	// Expect this to fail because the above container is stopped, this is what we want
 	out, _, err := dockerCmdWithError("run", "--name", "test2", "--link", "test:test", "busybox")
 	// err shouldn't be nil because container test2 try to link to stopped container
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 
-	ch := make(chan error)
+	ch := make(chan error, 1)
 	go func() {
 		// Attempt to start attached to the container that won't start
 		// This should return an error immediately since the container can't be started
@@ -34,14 +38,14 @@ func (s *DockerSuite) TestStartAttachReturnsOnError(c *check.C) {
 
 	select {
 	case err := <-ch:
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	case <-time.After(5 * time.Second):
 		c.Fatalf("Attach did not exit properly")
 	}
 }
 
 // gh#8555: Exit code should be passed through when using start -a
-func (s *DockerSuite) TestStartAttachCorrectExitCode(c *check.C) {
+func (s *DockerSuite) TestStartAttachCorrectExitCode(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	out := cli.DockerCmd(c, "run", "-d", "busybox", "sh", "-c", "sleep 2; exit 1").Stdout()
 	out = strings.TrimSpace(out)
@@ -54,7 +58,7 @@ func (s *DockerSuite) TestStartAttachCorrectExitCode(c *check.C) {
 	})
 }
 
-func (s *DockerSuite) TestStartAttachSilent(c *check.C) {
+func (s *DockerSuite) TestStartAttachSilent(c *testing.T) {
 	name := "teststartattachcorrectexitcode"
 	dockerCmd(c, "run", "--name", name, "busybox", "echo", "test")
 
@@ -63,35 +67,34 @@ func (s *DockerSuite) TestStartAttachSilent(c *check.C) {
 
 	startOut, _ := dockerCmd(c, "start", "-a", name)
 	// start -a produced unexpected output
-	c.Assert(startOut, checker.Equals, "test\n")
+	assert.Equal(c, startOut, "test\n")
 }
 
-func (s *DockerSuite) TestStartRecordError(c *check.C) {
+func (s *DockerSuite) TestStartRecordError(c *testing.T) {
 	// TODO Windows CI: Requires further porting work. Should be possible.
 	testRequires(c, DaemonIsLinux)
 	// when container runs successfully, we should not have state.Error
 	dockerCmd(c, "run", "-d", "-p", "9999:9999", "--name", "test", "busybox", "top")
 	stateErr := inspectField(c, "test", "State.Error")
 	// Expected to not have state error
-	c.Assert(stateErr, checker.Equals, "")
+	assert.Equal(c, stateErr, "")
 
 	// Expect this to fail and records error because of ports conflict
 	out, _, err := dockerCmdWithError("run", "-d", "--name", "test2", "-p", "9999:9999", "busybox", "top")
 	// err shouldn't be nil because docker run will fail
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 
 	stateErr = inspectField(c, "test2", "State.Error")
-	c.Assert(stateErr, checker.Contains, "port is already allocated")
-
+	assert.Assert(c, strings.Contains(stateErr, "port is already allocated"))
 	// Expect the conflict to be resolved when we stop the initial container
 	dockerCmd(c, "stop", "test")
 	dockerCmd(c, "start", "test2")
 	stateErr = inspectField(c, "test2", "State.Error")
 	// Expected to not have state error but got one
-	c.Assert(stateErr, checker.Equals, "")
+	assert.Equal(c, stateErr, "")
 }
 
-func (s *DockerSuite) TestStartPausedContainer(c *check.C) {
+func (s *DockerSuite) TestStartPausedContainer(c *testing.T) {
 	// Windows does not support pausing containers
 	testRequires(c, IsPausable)
 
@@ -101,12 +104,12 @@ func (s *DockerSuite) TestStartPausedContainer(c *check.C) {
 
 	out, _, err := dockerCmdWithError("start", "testing")
 	// an error should have been shown that you cannot start paused container
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 	// an error should have been shown that you cannot start paused container
-	c.Assert(strings.ToLower(out), checker.Contains, "cannot start a paused container, try unpause instead")
+	assert.Assert(c, strings.Contains(strings.ToLower(out), "cannot start a paused container, try unpause instead"))
 }
 
-func (s *DockerSuite) TestStartMultipleContainers(c *check.C) {
+func (s *DockerSuite) TestStartMultipleContainers(c *testing.T) {
 	// Windows does not support --link
 	testRequires(c, DaemonIsLinux)
 	// run a container named 'parent' and create two container link to `parent`
@@ -121,7 +124,7 @@ func (s *DockerSuite) TestStartMultipleContainers(c *check.C) {
 
 	out := inspectField(c, "parent", "State.Running")
 	// Container should be stopped
-	c.Assert(out, checker.Equals, "false")
+	assert.Equal(c, out, "false")
 
 	// start all the three containers, container `child_first` start first which should be failed
 	// container 'parent' start second and then start container 'child_second'
@@ -129,7 +132,7 @@ func (s *DockerSuite) TestStartMultipleContainers(c *check.C) {
 	expErr := "failed to start containers: [child_first]"
 	out, _, err := dockerCmdWithError("start", "child_first", "parent", "child_second")
 	// err shouldn't be nil because start will fail
-	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	assert.Assert(c, err != nil, "out: %s", out)
 	// output does not correspond to what was expected
 	if !(strings.Contains(out, expOut) || strings.Contains(err.Error(), expErr)) {
 		c.Fatalf("Expected out: %v with err: %v  but got out: %v with err: %v", expOut, expErr, out, err)
@@ -138,11 +141,11 @@ func (s *DockerSuite) TestStartMultipleContainers(c *check.C) {
 	for container, expected := range map[string]string{"parent": "true", "child_first": "false", "child_second": "true"} {
 		out := inspectField(c, container, "State.Running")
 		// Container running state wrong
-		c.Assert(out, checker.Equals, expected)
+		assert.Equal(c, out, expected)
 	}
 }
 
-func (s *DockerSuite) TestStartAttachMultipleContainers(c *check.C) {
+func (s *DockerSuite) TestStartAttachMultipleContainers(c *testing.T) {
 	// run  multiple containers to test
 	for _, container := range []string{"test1", "test2", "test3"} {
 		runSleepingContainer(c, "--name", container)
@@ -157,21 +160,21 @@ func (s *DockerSuite) TestStartAttachMultipleContainers(c *check.C) {
 	for _, option := range []string{"-a", "-i", "-ai"} {
 		out, _, err := dockerCmdWithError("start", option, "test1", "test2", "test3")
 		// err shouldn't be nil because start will fail
-		c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+		assert.Assert(c, err != nil, "out: %s", out)
 		// output does not correspond to what was expected
-		c.Assert(out, checker.Contains, "you cannot start and attach multiple containers at once")
+		assert.Assert(c, strings.Contains(out, "you cannot start and attach multiple containers at once"))
 	}
 
 	// confirm the state of all the containers be stopped
 	for container, expected := range map[string]string{"test1": "false", "test2": "false", "test3": "false"} {
 		out := inspectField(c, container, "State.Running")
 		// Container running state wrong
-		c.Assert(out, checker.Equals, expected)
+		assert.Equal(c, out, expected)
 	}
 }
 
 // Test case for #23716
-func (s *DockerSuite) TestStartAttachWithRename(c *check.C) {
+func (s *DockerSuite) TestStartAttachWithRename(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	cli.DockerCmd(c, "create", "-t", "--name", "before", "busybox")
 	go func() {
@@ -183,18 +186,30 @@ func (s *DockerSuite) TestStartAttachWithRename(c *check.C) {
 	result := cli.Docker(cli.Args("start", "-a", "before")).Assert(c, icmd.Expected{
 		ExitCode: 137,
 	})
-	c.Assert(result.Stderr(), checker.Not(checker.Contains), "No such container")
+	assert.Assert(c, !strings.Contains(result.Stderr(), "No such container"))
 }
 
-func (s *DockerSuite) TestStartReturnCorrectExitCode(c *check.C) {
+func (s *DockerSuite) TestStartReturnCorrectExitCode(c *testing.T) {
+	// Note we parse kernel.GetKernelVersion rather than system.GetOSVersion
+	// as test binaries aren't manifested, so would otherwise report the wrong
+	// build number.
+	if runtime.GOOS == "windows" {
+		v, err := kernel.GetKernelVersion()
+		assert.NilError(c, err)
+		build, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
+		if build < osversion.RS3 {
+			c.Skip("FLAKY on Windows RS1, see #38521")
+		}
+	}
+
 	dockerCmd(c, "create", "--restart=on-failure:2", "--name", "withRestart", "busybox", "sh", "-c", "exit 11")
 	dockerCmd(c, "create", "--rm", "--name", "withRm", "busybox", "sh", "-c", "exit 12")
 
 	out, exitCode, err := dockerCmdWithError("start", "-a", "withRestart")
-	c.Assert(err, checker.NotNil)
-	c.Assert(exitCode, checker.Equals, 11, check.Commentf("out: %s", out))
+	assert.ErrorContains(c, err, "")
+	assert.Equal(c, exitCode, 11, fmt.Sprintf("out: %s", out))
 
 	out, exitCode, err = dockerCmdWithError("start", "-a", "withRm")
-	c.Assert(err, checker.NotNil)
-	c.Assert(exitCode, checker.Equals, 12, check.Commentf("out: %s", out))
+	assert.ErrorContains(c, err, "")
+	assert.Equal(c, exitCode, 12, fmt.Sprintf("out: %s", out))
 }
diff --git a/integration-cli/docker_cli_stats_test.go b/integration-cli/docker_cli_stats_test.go
index 454836367f625..5941e6b2943bf 100644
--- a/integration-cli/docker_cli_stats_test.go
+++ b/integration-cli/docker_cli_stats_test.go
@@ -5,19 +5,20 @@ import (
 	"os/exec"
 	"regexp"
 	"strings"
+	"testing"
 	"time"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
-func (s *DockerSuite) TestStatsNoStream(c *check.C) {
+func (s *DockerSuite) TestStatsNoStream(c *testing.T) {
 	// Windows does not support stats
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	id := strings.TrimSpace(out)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, waitRun(id))
 
 	statsCmd := exec.Command(dockerBinary, "stats", "--no-stream", id)
 	type output struct {
@@ -25,7 +26,7 @@ func (s *DockerSuite) TestStatsNoStream(c *check.C) {
 		err error
 	}
 
-	ch := make(chan output)
+	ch := make(chan output, 1)
 	go func() {
 		out, err := statsCmd.Output()
 		ch <- output{out, err}
@@ -33,40 +34,40 @@ func (s *DockerSuite) TestStatsNoStream(c *check.C) {
 
 	select {
 	case outerr := <-ch:
-		c.Assert(outerr.err, checker.IsNil, check.Commentf("Error running stats: %v", outerr.err))
-		c.Assert(string(outerr.out), checker.Contains, id[:12]) //running container wasn't present in output
+		assert.NilError(c, outerr.err, "Error running stats: %v", outerr.err)
+		assert.Assert(c, is.Contains(string(outerr.out), id[:12]), "running container wasn't present in output")
 	case <-time.After(3 * time.Second):
 		statsCmd.Process.Kill()
 		c.Fatalf("stats did not return immediately when not streaming")
 	}
 }
 
-func (s *DockerSuite) TestStatsContainerNotFound(c *check.C) {
+func (s *DockerSuite) TestStatsContainerNotFound(c *testing.T) {
 	// Windows does not support stats
 	testRequires(c, DaemonIsLinux)
 
 	out, _, err := dockerCmdWithError("stats", "notfound")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "No such container: notfound", check.Commentf("Expected to fail on not found container stats, got %q instead", out))
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, is.Contains(out, "No such container: notfound"), "Expected to fail on not found container stats, got %q instead", out)
 
 	out, _, err = dockerCmdWithError("stats", "--no-stream", "notfound")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "No such container: notfound", check.Commentf("Expected to fail on not found container stats with --no-stream, got %q instead", out))
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, is.Contains(out, "No such container: notfound"), "Expected to fail on not found container stats with --no-stream, got %q instead", out)
 }
 
-func (s *DockerSuite) TestStatsAllRunningNoStream(c *check.C) {
+func (s *DockerSuite) TestStatsAllRunningNoStream(c *testing.T) {
 	// Windows does not support stats
 	testRequires(c, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	id1 := strings.TrimSpace(out)[:12]
-	c.Assert(waitRun(id1), check.IsNil)
+	assert.NilError(c, waitRun(id1))
 	out, _ = dockerCmd(c, "run", "-d", "busybox", "top")
 	id2 := strings.TrimSpace(out)[:12]
-	c.Assert(waitRun(id2), check.IsNil)
+	assert.NilError(c, waitRun(id2))
 	out, _ = dockerCmd(c, "run", "-d", "busybox", "top")
 	id3 := strings.TrimSpace(out)[:12]
-	c.Assert(waitRun(id3), check.IsNil)
+	assert.NilError(c, waitRun(id3))
 	dockerCmd(c, "stop", id3)
 
 	out, _ = dockerCmd(c, "stats", "--no-stream")
@@ -84,23 +85,23 @@ func (s *DockerSuite) TestStatsAllRunningNoStream(c *check.C) {
 	outLines := strings.Split(out, "\n")
 	// check stat result of id2 contains real data
 	realData := reg.Find([]byte(outLines[1][12:]))
-	c.Assert(realData, checker.NotNil, check.Commentf("stat result are empty: %s", out))
+	assert.Assert(c, realData != nil, "stat result are empty: %s", out)
 	// check stat result of id1 contains real data
 	realData = reg.Find([]byte(outLines[2][12:]))
-	c.Assert(realData, checker.NotNil, check.Commentf("stat result are empty: %s", out))
+	assert.Assert(c, realData != nil, "stat result are empty: %s", out)
 }
 
-func (s *DockerSuite) TestStatsAllNoStream(c *check.C) {
+func (s *DockerSuite) TestStatsAllNoStream(c *testing.T) {
 	// Windows does not support stats
 	testRequires(c, DaemonIsLinux)
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	id1 := strings.TrimSpace(out)[:12]
-	c.Assert(waitRun(id1), check.IsNil)
+	assert.NilError(c, waitRun(id1))
 	dockerCmd(c, "stop", id1)
 	out, _ = dockerCmd(c, "run", "-d", "busybox", "top")
 	id2 := strings.TrimSpace(out)[:12]
-	c.Assert(waitRun(id2), check.IsNil)
+	assert.NilError(c, waitRun(id2))
 
 	out, _ = dockerCmd(c, "stats", "--all", "--no-stream")
 	if !strings.Contains(out, id1) || !strings.Contains(out, id2) {
@@ -113,13 +114,14 @@ func (s *DockerSuite) TestStatsAllNoStream(c *check.C) {
 	outLines := strings.Split(out, "\n")
 	// check stat result of id2 contains real data
 	realData := reg.Find([]byte(outLines[1][12:]))
-	c.Assert(realData, checker.NotNil, check.Commentf("stat result of %s is empty: %s", id2, out))
+	assert.Assert(c, realData != nil, "stat result of %s is empty: %s", id2, out)
+
 	// check stat result of id1 contains all zero
 	realData = reg.Find([]byte(outLines[2][12:]))
-	c.Assert(realData, checker.IsNil, check.Commentf("stat result of %s should be empty : %s", id1, out))
+	assert.Assert(c, realData == nil, "stat result of %s should be empty : %s", id1, out)
 }
 
-func (s *DockerSuite) TestStatsAllNewContainersAdded(c *check.C) {
+func (s *DockerSuite) TestStatsAllNewContainersAdded(c *testing.T) {
 	// Windows does not support stats
 	testRequires(c, DaemonIsLinux)
 
@@ -129,8 +131,8 @@ func (s *DockerSuite) TestStatsAllNewContainersAdded(c *check.C) {
 	runSleepingContainer(c, "-d")
 	statsCmd := exec.Command(dockerBinary, "stats")
 	stdout, err := statsCmd.StdoutPipe()
-	c.Assert(err, check.IsNil)
-	c.Assert(statsCmd.Start(), check.IsNil)
+	assert.NilError(c, err)
+	assert.NilError(c, statsCmd.Start())
 	go statsCmd.Wait()
 	defer statsCmd.Process.Kill()
 
@@ -149,7 +151,7 @@ func (s *DockerSuite) TestStatsAllNewContainersAdded(c *check.C) {
 	}()
 
 	out := runSleepingContainer(c, "-d")
-	c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil)
+	assert.NilError(c, waitRun(strings.TrimSpace(out)))
 	id <- strings.TrimSpace(out)[:12]
 
 	select {
@@ -160,7 +162,7 @@ func (s *DockerSuite) TestStatsAllNewContainersAdded(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestStatsFormatAll(c *check.C) {
+func (s *DockerSuite) TestStatsFormatAll(c *testing.T) {
 	// Windows does not support stats
 	testRequires(c, DaemonIsLinux)
 
@@ -171,10 +173,10 @@ func (s *DockerSuite) TestStatsFormatAll(c *check.C) {
 	cli.WaitExited(c, "ExitedOne", 5*time.Second)
 
 	out := cli.DockerCmd(c, "stats", "--no-stream", "--format", "{{.Name}}").Combined()
-	c.Assert(out, checker.Contains, "RunningOne")
-	c.Assert(out, checker.Not(checker.Contains), "ExitedOne")
+	assert.Assert(c, is.Contains(out, "RunningOne"))
+	assert.Assert(c, !strings.Contains(out, "ExitedOne"))
 
 	out = cli.DockerCmd(c, "stats", "--all", "--no-stream", "--format", "{{.Name}}").Combined()
-	c.Assert(out, checker.Contains, "RunningOne")
-	c.Assert(out, checker.Contains, "ExitedOne")
+	assert.Assert(c, is.Contains(out, "RunningOne"))
+	assert.Assert(c, is.Contains(out, "ExitedOne"))
 }
diff --git a/integration-cli/docker_cli_swarm_test.go b/integration-cli/docker_cli_swarm_test.go
index 9f99d0c84900a..daabbad4c6d68 100644
--- a/integration-cli/docker_cli_swarm_test.go
+++ b/integration-cli/docker_cli_swarm_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -8,12 +9,13 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/cloudflare/cfssl/helpers"
@@ -22,17 +24,18 @@ import (
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/daemon"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/ipamapi"
-	remoteipam "github.com/docker/libnetwork/ipams/remote/api"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	remoteipam "github.com/docker/docker/libnetwork/ipams/remote/api"
 	"github.com/docker/swarmkit/ca/keyutils"
-	"github.com/go-check/check"
 	"github.com/vishvananda/netlink"
-	"gotest.tools/fs"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/fs"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
-func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmUpdate(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	getSpec := func() swarm.Spec {
@@ -41,31 +44,31 @@ func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) {
 	}
 
 	out, err := d.Cmd("swarm", "update", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	spec := getSpec()
-	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
-	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 11*time.Second)
+	assert.Equal(c, spec.CAConfig.NodeCertExpiry, 30*time.Hour)
+	assert.Equal(c, spec.Dispatcher.HeartbeatPeriod, 11*time.Second)
 
 	// setting anything under 30m for cert-expiry is not allowed
 	out, err = d.Cmd("swarm", "update", "--cert-expiry", "15m")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "minimum certificate expiry time")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "minimum certificate expiry time"))
 	spec = getSpec()
-	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
+	assert.Equal(c, spec.CAConfig.NodeCertExpiry, 30*time.Hour)
 
 	// passing an external CA (this is without starting a root rotation) does not fail
 	cli.Docker(cli.Args("swarm", "update", "--external-ca", "protocol=cfssl,url=https://something.org",
 		"--external-ca", "protocol=cfssl,url=https://somethingelse.org,cacert=fixtures/https/ca.pem"),
 		cli.Daemon(d)).Assert(c, icmd.Success)
 
-	expected, err := ioutil.ReadFile("fixtures/https/ca.pem")
-	c.Assert(err, checker.IsNil)
+	expected, err := os.ReadFile("fixtures/https/ca.pem")
+	assert.NilError(c, err)
 
 	spec = getSpec()
-	c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 2)
-	c.Assert(spec.CAConfig.ExternalCAs[0].CACert, checker.Equals, "")
-	c.Assert(spec.CAConfig.ExternalCAs[1].CACert, checker.Equals, string(expected))
+	assert.Equal(c, len(spec.CAConfig.ExternalCAs), 2)
+	assert.Equal(c, spec.CAConfig.ExternalCAs[0].CACert, "")
+	assert.Equal(c, spec.CAConfig.ExternalCAs[1].CACert, string(expected))
 
 	// passing an invalid external CA fails
 	tempFile := fs.NewFile(c, "testfile", fs.WithContent("fakecert"))
@@ -80,7 +83,7 @@ func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) {
 	})
 }
 
-func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmInit(c *testing.T) {
 	d := s.AddDaemon(c, false, false)
 
 	getSpec := func() swarm.Spec {
@@ -105,25 +108,25 @@ func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) {
 		"--external-ca", "protocol=cfssl,url=https://somethingelse.org,cacert=fixtures/https/ca.pem"),
 		cli.Daemon(d)).Assert(c, icmd.Success)
 
-	expected, err := ioutil.ReadFile("fixtures/https/ca.pem")
-	c.Assert(err, checker.IsNil)
+	expected, err := os.ReadFile("fixtures/https/ca.pem")
+	assert.NilError(c, err)
 
 	spec := getSpec()
-	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
-	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 11*time.Second)
-	c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 2)
-	c.Assert(spec.CAConfig.ExternalCAs[0].CACert, checker.Equals, "")
-	c.Assert(spec.CAConfig.ExternalCAs[1].CACert, checker.Equals, string(expected))
+	assert.Equal(c, spec.CAConfig.NodeCertExpiry, 30*time.Hour)
+	assert.Equal(c, spec.Dispatcher.HeartbeatPeriod, 11*time.Second)
+	assert.Equal(c, len(spec.CAConfig.ExternalCAs), 2)
+	assert.Equal(c, spec.CAConfig.ExternalCAs[0].CACert, "")
+	assert.Equal(c, spec.CAConfig.ExternalCAs[1].CACert, string(expected))
 
-	c.Assert(d.SwarmLeave(true), checker.IsNil)
+	assert.Assert(c, d.SwarmLeave(c, true) == nil)
 	cli.Docker(cli.Args("swarm", "init"), cli.Daemon(d)).Assert(c, icmd.Success)
 
 	spec = getSpec()
-	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 90*24*time.Hour)
-	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 5*time.Second)
+	assert.Equal(c, spec.CAConfig.NodeCertExpiry, 90*24*time.Hour)
+	assert.Equal(c, spec.Dispatcher.HeartbeatPeriod, 5*time.Second)
 }
 
-func (s *DockerSwarmSuite) TestSwarmInitIPv6(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmInitIPv6(c *testing.T) {
 	testRequires(c, IPv6)
 	d1 := s.AddDaemon(c, false, false)
 	cli.Docker(cli.Args("swarm", "init", "--listen-add", "::1"), cli.Daemon(d1)).Assert(c, icmd.Success)
@@ -132,338 +135,336 @@ func (s *DockerSwarmSuite) TestSwarmInitIPv6(c *check.C) {
 	cli.Docker(cli.Args("swarm", "join", "::1"), cli.Daemon(d2)).Assert(c, icmd.Success)
 
 	out := cli.Docker(cli.Args("info"), cli.Daemon(d2)).Assert(c, icmd.Success).Combined()
-	c.Assert(out, checker.Contains, "Swarm: active")
+	assert.Assert(c, strings.Contains(out, "Swarm: active"))
 }
 
-func (s *DockerSwarmSuite) TestSwarmInitUnspecifiedAdvertiseAddr(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmInitUnspecifiedAdvertiseAddr(c *testing.T) {
 	d := s.AddDaemon(c, false, false)
 	out, err := d.Cmd("swarm", "init", "--advertise-addr", "0.0.0.0")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "advertise address must be a non-zero IP address")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "advertise address must be a non-zero IP address"))
 }
 
-func (s *DockerSwarmSuite) TestSwarmIncompatibleDaemon(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmIncompatibleDaemon(c *testing.T) {
 	// init swarm mode and stop a daemon
 	d := s.AddDaemon(c, true, true)
 	info := d.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 	d.Stop(c)
 
 	// start a daemon with --cluster-store and --cluster-advertise
 	err := d.StartWithError("--cluster-store=consul://consuladdr:consulport/some/path", "--cluster-advertise=1.1.1.1:2375")
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 	content, err := d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, "--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), "--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode"))
 	// start a daemon with --live-restore
 	err = d.StartWithError("--live-restore")
-	c.Assert(err, checker.NotNil)
+	assert.ErrorContains(c, err, "")
 	content, err = d.ReadLogFile()
-	c.Assert(err, checker.IsNil)
-	c.Assert(string(content), checker.Contains, "--live-restore daemon configuration is incompatible with swarm mode")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(string(content), "--live-restore daemon configuration is incompatible with swarm mode"))
 	// restart for teardown
-	d.Start(c)
+	d.StartNode(c)
 }
 
-func (s *DockerSwarmSuite) TestSwarmServiceTemplatingHostname(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmServiceTemplatingHostname(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 	hostname, err := d.Cmd("node", "inspect", "--format", "{{.Description.Hostname}}", "self")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", hostname))
+	assert.Assert(c, err == nil, hostname)
 
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "test", "--hostname", "{{.Service.Name}}-{{.Task.Slot}}-{{.Node.Hostname}}", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	containers := d.ActiveContainers(c)
 	out, err = d.Cmd("inspect", "--type", "container", "--format", "{{.Config.Hostname}}", containers[0])
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.Split(out, "\n")[0], checker.Equals, "test-1-"+strings.Split(hostname, "\n")[0], check.Commentf("hostname with templating invalid"))
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.Split(out, "\n")[0], "test-1-"+strings.Split(hostname, "\n")[0], "hostname with templating invalid")
 }
 
 // Test case for #24270
-func (s *DockerSwarmSuite) TestSwarmServiceListFilter(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmServiceListFilter(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name1 := "redis-cluster-md5"
 	name2 := "redis-cluster"
 	name3 := "other-cluster"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name1, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name2, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name3, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	filter1 := "name=redis-cluster-md5"
 	filter2 := "name=redis-cluster"
 
 	// We search checker.Contains with `name+" "` to prevent prefix only.
 	out, err = d.Cmd("service", "ls", "--filter", filter1)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name1+" ")
-	c.Assert(out, checker.Not(checker.Contains), name2+" ")
-	c.Assert(out, checker.Not(checker.Contains), name3+" ")
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name1+" "), out)
+	assert.Assert(c, !strings.Contains(out, name2+" "), out)
+	assert.Assert(c, !strings.Contains(out, name3+" "), out)
 	out, err = d.Cmd("service", "ls", "--filter", filter2)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name1+" ")
-	c.Assert(out, checker.Contains, name2+" ")
-	c.Assert(out, checker.Not(checker.Contains), name3+" ")
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name1+" "), out)
+	assert.Assert(c, strings.Contains(out, name2+" "), out)
+	assert.Assert(c, !strings.Contains(out, name3+" "), out)
 	out, err = d.Cmd("service", "ls")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name1+" ")
-	c.Assert(out, checker.Contains, name2+" ")
-	c.Assert(out, checker.Contains, name3+" ")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name1+" "), out)
+	assert.Assert(c, strings.Contains(out, name2+" "), out)
+	assert.Assert(c, strings.Contains(out, name3+" "), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmNodeListFilter(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmNodeListFilter(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("node", "inspect", "--format", "{{ .Description.Hostname }}", "self")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 	name := strings.TrimSpace(out)
 
 	filter := "name=" + name[:4]
 
 	out, err = d.Cmd("node", "ls", "--filter", filter)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name)
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name), out)
 	out, err = d.Cmd("node", "ls", "--filter", "name=none")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), name)
+	assert.NilError(c, err, out)
+	assert.Assert(c, !strings.Contains(out, name), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmNodeTaskListFilter(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmNodeTaskListFilter(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "redis-cluster-md5"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--replicas=3", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 3)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(3)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	filter := "name=redis-cluster"
 
 	out, err = d.Cmd("node", "ps", "--filter", filter, "self")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name+".1")
-	c.Assert(out, checker.Contains, name+".2")
-	c.Assert(out, checker.Contains, name+".3")
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name+".1"), out)
+	assert.Assert(c, strings.Contains(out, name+".2"), out)
+	assert.Assert(c, strings.Contains(out, name+".3"), out)
 	out, err = d.Cmd("node", "ps", "--filter", "name=none", "self")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), name+".1")
-	c.Assert(out, checker.Not(checker.Contains), name+".2")
-	c.Assert(out, checker.Not(checker.Contains), name+".3")
+	assert.NilError(c, err, out)
+	assert.Assert(c, !strings.Contains(out, name+".1"), out)
+	assert.Assert(c, !strings.Contains(out, name+".2"), out)
+	assert.Assert(c, !strings.Contains(out, name+".3"), out)
 }
 
 // Test case for #25375
-func (s *DockerSwarmSuite) TestSwarmPublishAdd(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmPublishAdd(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "top"
+	// this first command does not have to be retried because service creates
+	// don't return out of sequence errors.
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--label", "x=y", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
-	out, err = d.Cmd("service", "update", "--detach", "--publish-add", "80:80", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	out, err = d.CmdRetryOutOfSequence("service", "update", "--detach", "--publish-add", "80:80", name)
+	assert.NilError(c, err, out)
 
-	out, err = d.Cmd("service", "update", "--detach", "--publish-add", "80:80", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	out, err = d.CmdRetryOutOfSequence("service", "update", "--detach", "--publish-add", "80:80", name)
+	assert.NilError(c, err, out)
 
-	_, err = d.Cmd("service", "update", "--detach", "--publish-add", "80:80", "--publish-add", "80:20", name)
-	c.Assert(err, checker.NotNil)
+	_, err = d.CmdRetryOutOfSequence("service", "update", "--detach", "--publish-add", "80:80", "--publish-add", "80:20", name)
+	assert.ErrorContains(c, err, "")
 
+	// this last command does not have to be retried because service inspect
+	// does not return out of sequence errors.
 	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.EndpointSpec.Ports }}", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "[{ tcp 80 80 ingress}]")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "[{ tcp 80 80 ingress}]")
 }
 
-func (s *DockerSwarmSuite) TestSwarmServiceWithGroup(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmServiceWithGroup(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "top"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--user", "root:root", "--group", "wheel", "--group", "audio", "--group", "staff", "--group", "777", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("ps", "-q")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	container := strings.TrimSpace(out)
 
 	out, err = d.Cmd("exec", container, "id")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "uid=0(root) gid=0(root) groups=10(wheel),29(audio),50(staff),777")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "uid=0(root) gid=0(root) groups=10(wheel),29(audio),50(staff),777")
 }
 
-func (s *DockerSwarmSuite) TestSwarmContainerAutoStart(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmContainerAutoStart(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, err = d.Cmd("run", "-id", "--restart=always", "--net=foo", "--name=test", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, err = d.Cmd("ps", "-q")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
-	d.Restart(c)
+	d.RestartNode(c)
 
 	out, err = d.Cmd("ps", "-q")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 }
 
-func (s *DockerSwarmSuite) TestSwarmContainerEndpointOptions(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmContainerEndpointOptions(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, err = d.Cmd("run", "-d", "--net=foo", "--name=first", "--net-alias=first-alias", "busybox:glibc", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("run", "-d", "--net=foo", "--name=second", "busybox:glibc", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("run", "-d", "--net=foo", "--net-alias=third-alias", "busybox:glibc", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// ping first container and its alias, also ping third and anonymous container by its alias
 	out, err = d.Cmd("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	out, err = d.Cmd("exec", "second", "ping", "-c", "1", "first-alias")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	out, err = d.Cmd("exec", "second", "ping", "-c", "1", "third-alias")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmContainerAttachByNetworkId(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmContainerAttachByNetworkId(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("network", "create", "--attachable", "-d", "overlay", "testnet")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 	networkID := strings.TrimSpace(out)
 
 	out, err = d.Cmd("run", "-d", "--net", networkID, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	cID := strings.TrimSpace(out)
 	d.WaitRun(cID)
 
 	out, err = d.Cmd("rm", "-f", cID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("network", "rm", "testnet")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
-	checkNetwork := func(*check.C) (interface{}, check.CommentInterface) {
+	checkNetwork := func(*testing.T) (interface{}, string) {
 		out, err := d.Cmd("network", "ls")
-		c.Assert(err, checker.IsNil)
-		return out, nil
+		assert.NilError(c, err)
+		return out, ""
 	}
 
-	waitAndAssert(c, 3*time.Second, checkNetwork, checker.Not(checker.Contains), "testnet")
+	poll.WaitOn(c, pollCheck(c, checkNetwork, checker.Not(checker.Contains("testnet"))), poll.WithTimeout(3*time.Second))
 }
 
-func (s *DockerSwarmSuite) TestOverlayAttachable(c *check.C) {
+func (s *DockerSwarmSuite) TestOverlayAttachable(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("network", "create", "-d", "overlay", "--attachable", "ovnet")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// validate attachable
 	out, err = d.Cmd("network", "inspect", "--format", "{{json .Attachable}}", "ovnet")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "true")
 
 	// validate containers can attach to this overlay network
 	out, err = d.Cmd("run", "-d", "--network", "ovnet", "--name", "c1", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// redo validation, there was a bug that the value of attachable changes after
 	// containers attach to the network
 	out, err = d.Cmd("network", "inspect", "--format", "{{json .Attachable}}", "ovnet")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "true")
 }
 
-func (s *DockerSwarmSuite) TestOverlayAttachableOnSwarmLeave(c *check.C) {
+func (s *DockerSwarmSuite) TestOverlayAttachableOnSwarmLeave(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create an attachable swarm network
 	nwName := "attovl"
 	out, err := d.Cmd("network", "create", "-d", "overlay", "--attachable", nwName)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Connect a container to the network
 	out, err = d.Cmd("run", "-d", "--network", nwName, "--name", "c1", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Leave the swarm
-	err = d.SwarmLeave(true)
-	c.Assert(err, checker.IsNil)
+	assert.Assert(c, d.SwarmLeave(c, true) == nil)
 
 	// Check the container is disconnected
 	out, err = d.Cmd("inspect", "c1", "--format", "{{.NetworkSettings.Networks."+nwName+"}}")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "<no value>")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "<no value>")
 
 	// Check the network is gone
 	out, err = d.Cmd("network", "ls", "--format", "{{.Name}}")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), nwName)
+	assert.NilError(c, err, out)
+	assert.Assert(c, !strings.Contains(out, nwName), out)
 }
 
-func (s *DockerSwarmSuite) TestOverlayAttachableReleaseResourcesOnFailure(c *check.C) {
+func (s *DockerSwarmSuite) TestOverlayAttachableReleaseResourcesOnFailure(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create attachable network
 	out, err := d.Cmd("network", "create", "-d", "overlay", "--attachable", "--subnet", "10.10.9.0/24", "ovnet")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Attach a container with specific IP
 	out, err = d.Cmd("run", "-d", "--network", "ovnet", "--name", "c1", "--ip", "10.10.9.33", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Attempt to attach another container with same IP, must fail
 	out, err = d.Cmd("run", "-d", "--network", "ovnet", "--name", "c2", "--ip", "10.10.9.33", "busybox", "top")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
+	assert.ErrorContains(c, err, "", out)
 
 	// Remove first container
 	out, err = d.Cmd("rm", "-f", "c1")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Verify the network can be removed, no phantom network attachment task left over
 	out, err = d.Cmd("network", "rm", "ovnet")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmIngressNetwork(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmIngressNetwork(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Ingress network can be removed
@@ -478,16 +479,15 @@ func (s *DockerSwarmSuite) TestSwarmIngressNetwork(c *check.C) {
 
 	// And recreated
 	out, err := d.Cmd("network", "create", "-d", "overlay", "--ingress", "new-ingress")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// But only one is allowed
 	out, err = d.Cmd("network", "create", "-d", "overlay", "--ingress", "another-ingress")
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, "is already present")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "is already present"), out)
 	// It cannot be removed if it is being used
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "srv1", "-p", "9000:8000", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	result = removeNetwork("new-ingress")
 	result.Assert(c, icmd.Expected{
@@ -497,27 +497,25 @@ func (s *DockerSwarmSuite) TestSwarmIngressNetwork(c *check.C) {
 
 	// But it can be removed once no more services depend on it
 	out, err = d.Cmd("service", "update", "--detach", "--publish-rm", "9000:8000", "srv1")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	result = removeNetwork("new-ingress")
 	result.Assert(c, icmd.Success)
 
 	// A service which needs the ingress network cannot be created if no ingress is present
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "srv2", "-p", "500:500", "busybox", "top")
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, "no ingress network is present")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "no ingress network is present"), out)
 	// An existing service cannot be updated to use the ingress nw if the nw is not present
 	out, err = d.Cmd("service", "update", "--detach", "--publish-add", "9000:8000", "srv1")
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, "no ingress network is present")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "no ingress network is present"), out)
 	// But services which do not need routing mesh can be created regardless
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "srv3", "--endpoint-mode", "dnsrr", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmCreateServiceWithNoIngressNetwork(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmCreateServiceWithNoIngressNetwork(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Remove ingress network
@@ -529,105 +527,100 @@ func (s *DockerSwarmSuite) TestSwarmCreateServiceWithNoIngressNetwork(c *check.C
 	// Create a overlay network and launch a service on it
 	// Make sure nothing panics because ingress network is missing
 	out, err := d.Cmd("network", "create", "-d", "overlay", "another-network")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "srv4", "--network", "another-network", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 }
 
 // Test case for #24108, also the case from:
 // https://github.com/docker/docker/pull/24620#issuecomment-233715656
-func (s *DockerSwarmSuite) TestSwarmTaskListFilter(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmTaskListFilter(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "redis-cluster-md5"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--replicas=3", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	filter := "name=redis-cluster"
 
-	checkNumTasks := func(*check.C) (interface{}, check.CommentInterface) {
+	checkNumTasks := func(*testing.T) (interface{}, string) {
 		out, err := d.Cmd("service", "ps", "--filter", filter, name)
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-		return len(strings.Split(out, "\n")) - 2, nil // includes header and nl in last line
+		assert.NilError(c, err, out)
+		return len(strings.Split(out, "\n")) - 2, "" // includes header and nl in last line
 	}
 
 	// wait until all tasks have been created
-	waitAndAssert(c, defaultReconciliationTimeout, checkNumTasks, checker.Equals, 3)
+	poll.WaitOn(c, pollCheck(c, checkNumTasks, checker.Equals(3)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "ps", "--filter", filter, name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name+".1")
-	c.Assert(out, checker.Contains, name+".2")
-	c.Assert(out, checker.Contains, name+".3")
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name+".1"), out)
+	assert.Assert(c, strings.Contains(out, name+".2"), out)
+	assert.Assert(c, strings.Contains(out, name+".3"), out)
 	out, err = d.Cmd("service", "ps", "--filter", "name="+name+".1", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name+".1")
-	c.Assert(out, checker.Not(checker.Contains), name+".2")
-	c.Assert(out, checker.Not(checker.Contains), name+".3")
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name+".1"), out)
+	assert.Assert(c, !strings.Contains(out, name+".2"), out)
+	assert.Assert(c, !strings.Contains(out, name+".3"), out)
 	out, err = d.Cmd("service", "ps", "--filter", "name=none", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), name+".1")
-	c.Assert(out, checker.Not(checker.Contains), name+".2")
-	c.Assert(out, checker.Not(checker.Contains), name+".3")
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, !strings.Contains(out, name+".1"), out)
+	assert.Assert(c, !strings.Contains(out, name+".2"), out)
+	assert.Assert(c, !strings.Contains(out, name+".3"), out)
 	name = "redis-cluster-sha1"
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--mode=global", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
-	waitAndAssert(c, defaultReconciliationTimeout, checkNumTasks, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, checkNumTasks, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	filter = "name=redis-cluster"
 	out, err = d.Cmd("service", "ps", "--filter", filter, name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name)
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name), out)
 	out, err = d.Cmd("service", "ps", "--filter", "name="+name, name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, name)
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, name), out)
 	out, err = d.Cmd("service", "ps", "--filter", "name=none", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Not(checker.Contains), name)
+	assert.NilError(c, err, out)
+	assert.Assert(c, !strings.Contains(out, name), out)
 }
 
-func (s *DockerSwarmSuite) TestPsListContainersFilterIsTask(c *check.C) {
+func (s *DockerSwarmSuite) TestPsListContainersFilterIsTask(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create a bare container
 	out, err := d.Cmd("run", "-d", "--name=bare-container", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	bareID := strings.TrimSpace(out)[:12]
 	// Create a service
 	name := "busybox-top"
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckServiceRunningTasks(name), checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckServiceRunningTasks(name), checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Filter non-tasks
 	out, err = d.Cmd("ps", "-a", "-q", "--filter=is-task=false")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	psOut := strings.TrimSpace(out)
-	c.Assert(psOut, checker.Equals, bareID, check.Commentf("Expected id %s, got %s for is-task label, output %q", bareID, psOut, out))
+	assert.Equal(c, psOut, bareID, fmt.Sprintf("Expected id %s, got %s for is-task label, output %q", bareID, psOut, out))
 
 	// Filter tasks
 	out, err = d.Cmd("ps", "-a", "-q", "--filter=is-task=true")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	lines := strings.Split(strings.Trim(out, "\n "), "\n")
-	c.Assert(lines, checker.HasLen, 1)
-	c.Assert(lines[0], checker.Not(checker.Equals), bareID, check.Commentf("Expected not %s, but got it for is-task label, output %q", bareID, out))
+	assert.Equal(c, len(lines), 1)
+	assert.Assert(c, lines[0] != bareID, "Expected not %s, but got it for is-task label, output %q", bareID, out)
 }
 
 const globalNetworkPlugin = "global-network-plugin"
 const globalIPAMPlugin = "global-ipam-plugin"
 
-func setupRemoteGlobalNetworkPlugin(c *check.C, mux *http.ServeMux, url, netDrv, ipamDrv string) {
+func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDrv, ipamDrv string) {
 
 	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
@@ -784,139 +777,138 @@ func setupRemoteGlobalNetworkPlugin(c *check.C, mux *http.ServeMux, url, netDrv,
 	})
 
 	err := os.MkdirAll("/etc/docker/plugins", 0755)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", netDrv)
-	err = ioutil.WriteFile(fileName, []byte(url), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(fileName, []byte(url), 0644)
+	assert.NilError(c, err)
 
 	ipamFileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", ipamDrv)
-	err = ioutil.WriteFile(ipamFileName, []byte(url), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(ipamFileName, []byte(url), 0644)
+	assert.NilError(c, err)
 }
 
-func (s *DockerSwarmSuite) TestSwarmNetworkPlugin(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmNetworkPlugin(c *testing.T) {
 	mux := http.NewServeMux()
 	s.server = httptest.NewServer(mux)
-	c.Assert(s.server, check.NotNil) // check that HTTP server has started
+	assert.Assert(c, s.server != nil) // check that HTTP server has started
 	setupRemoteGlobalNetworkPlugin(c, mux, s.server.URL, globalNetworkPlugin, globalIPAMPlugin)
 	defer func() {
 		s.server.Close()
 		err := os.RemoveAll("/etc/docker/plugins")
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	}()
 
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("network", "create", "-d", globalNetworkPlugin, "foo")
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "not supported in swarm mode")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "not supported in swarm mode"), out)
 }
 
 // Test case for #24712
-func (s *DockerSwarmSuite) TestSwarmServiceEnvFile(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmServiceEnvFile(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	path := filepath.Join(d.Folder, "env.txt")
-	err := ioutil.WriteFile(path, []byte("VAR1=A\nVAR2=A\n"), 0644)
-	c.Assert(err, checker.IsNil)
+	err := os.WriteFile(path, []byte("VAR1=A\nVAR2=A\n"), 0644)
+	assert.NilError(c, err)
 
 	name := "worker"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--env-file", path, "--env", "VAR1=B", "--env", "VAR1=C", "--env", "VAR2=", "--env", "VAR2", "--name", name, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	// The complete env is [VAR1=A VAR2=A VAR1=B VAR1=C VAR2= VAR2] and duplicates will be removed => [VAR1=C VAR2]
 	out, err = d.Cmd("inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.Env }}", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "[VAR1=C VAR2]")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, "[VAR1=C VAR2]"), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmServiceTTY(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmServiceTTY(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "top"
 
-	ttyCheck := "if [ -t 0 ]; then echo TTY > /status && top; else echo none > /status && top; fi"
+	ttyCheck := "if [ -t 0 ]; then echo TTY > /status; else echo none > /status; fi; exec top"
 
 	// Without --tty
 	expectedOutput := "none"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", ttyCheck)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// We need to get the container id.
 	out, err = d.Cmd("ps", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	out, err = d.Cmd("exec", id, "cat", "/status")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput), "Expected '%s', but got %q", expectedOutput, out)
 	// Remove service
 	out, err = d.Cmd("service", "rm", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	// Make sure container has been destroyed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 0)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(0)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// With --tty
 	expectedOutput = "TTY"
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--tty", "busybox", "sh", "-c", ttyCheck)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// We need to get the container id.
 	out, err = d.Cmd("ps", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id = strings.TrimSpace(out)
 
 	out, err = d.Cmd("exec", id, "cat", "/status")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput), "Expected '%s', but got %q", expectedOutput, out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmServiceTTYUpdate(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmServiceTTYUpdate(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create a service
 	name := "top"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.TTY }}", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "false")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "false")
 
 	out, err = d.Cmd("service", "update", "--detach", "--tty", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.TTY }}", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "true")
 }
 
-func (s *DockerSwarmSuite) TestSwarmServiceNetworkUpdate(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmServiceNetworkUpdate(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	result := icmd.RunCmd(d.Command("network", "create", "-d", "overlay", "foo"))
 	result.Assert(c, icmd.Success)
-	fooNetwork := strings.TrimSpace(string(result.Combined()))
+	fooNetwork := strings.TrimSpace(result.Combined())
 
 	result = icmd.RunCmd(d.Command("network", "create", "-d", "overlay", "bar"))
 	result.Assert(c, icmd.Success)
-	barNetwork := strings.TrimSpace(string(result.Combined()))
+	barNetwork := strings.TrimSpace(result.Combined())
 
 	result = icmd.RunCmd(d.Command("network", "create", "-d", "overlay", "baz"))
 	result.Assert(c, icmd.Success)
-	bazNetwork := strings.TrimSpace(string(result.Combined()))
+	bazNetwork := strings.TrimSpace(result.Combined())
 
 	// Create a service
 	name := "top"
@@ -924,38 +916,36 @@ func (s *DockerSwarmSuite) TestSwarmServiceNetworkUpdate(c *check.C) {
 	result.Assert(c, icmd.Success)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskNetworks, checker.DeepEquals,
-		map[string]int{fooNetwork: 1, barNetwork: 1})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskNetworks, checker.DeepEquals(map[string]int{fooNetwork: 1, barNetwork: 1})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Remove a network
 	result = icmd.RunCmd(d.Command("service", "update", "--detach", "--network-rm", "foo", name))
 	result.Assert(c, icmd.Success)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskNetworks, checker.DeepEquals,
-		map[string]int{barNetwork: 1})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskNetworks, checker.DeepEquals(map[string]int{barNetwork: 1})), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Add a network
 	result = icmd.RunCmd(d.Command("service", "update", "--detach", "--network-add", "baz", name))
 	result.Assert(c, icmd.Success)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskNetworks, checker.DeepEquals,
-		map[string]int{barNetwork: 1, bazNetwork: 1})
+	poll.WaitOn(c, pollCheck(c, d.CheckRunningTaskNetworks, checker.DeepEquals(map[string]int{barNetwork: 1, bazNetwork: 1})), poll.WithTimeout(defaultReconciliationTimeout))
+
 }
 
-func (s *DockerSwarmSuite) TestDNSConfig(c *check.C) {
+func (s *DockerSwarmSuite) TestDNSConfig(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create a service
 	name := "top"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--dns=1.2.3.4", "--dns-search=example.com", "--dns-option=timeout:3", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// We need to get the container id.
 	out, err = d.Cmd("ps", "-a", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	// Compare against expected output.
@@ -963,69 +953,69 @@ func (s *DockerSwarmSuite) TestDNSConfig(c *check.C) {
 	expectedOutput2 := "search example.com"
 	expectedOutput3 := "options timeout:3"
 	out, err = d.Cmd("exec", id, "cat", "/etc/resolv.conf")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, expectedOutput1, check.Commentf("Expected '%s', but got %q", expectedOutput1, out))
-	c.Assert(out, checker.Contains, expectedOutput2, check.Commentf("Expected '%s', but got %q", expectedOutput2, out))
-	c.Assert(out, checker.Contains, expectedOutput3, check.Commentf("Expected '%s', but got %q", expectedOutput3, out))
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput1), "Expected '%s', but got %q", expectedOutput1, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput2), "Expected '%s', but got %q", expectedOutput2, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput3), "Expected '%s', but got %q", expectedOutput3, out)
 }
 
-func (s *DockerSwarmSuite) TestDNSConfigUpdate(c *check.C) {
+func (s *DockerSwarmSuite) TestDNSConfigUpdate(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create a service
 	name := "top"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "update", "--detach", "--dns-add=1.2.3.4", "--dns-search-add=example.com", "--dns-option-add=timeout:3", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.DNSConfig }}", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "{[1.2.3.4] [example.com] [timeout:3]}")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "{[1.2.3.4] [example.com] [timeout:3]}")
 }
 
-func getNodeStatus(c *check.C, d *daemon.Daemon) swarm.LocalNodeState {
+func getNodeStatus(c *testing.T, d *daemon.Daemon) swarm.LocalNodeState {
 	info := d.SwarmInfo(c)
 	return info.LocalNodeState
 }
 
-func checkKeyIsEncrypted(d *daemon.Daemon) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
-		keyBytes, err := ioutil.ReadFile(filepath.Join(d.Folder, "root", "swarm", "certificates", "swarm-node.key"))
+func checkKeyIsEncrypted(d *daemon.Daemon) func(*testing.T) (interface{}, string) {
+	return func(c *testing.T) (interface{}, string) {
+		keyBytes, err := os.ReadFile(filepath.Join(d.Folder, "root", "swarm", "certificates", "swarm-node.key"))
 		if err != nil {
-			return fmt.Errorf("error reading key: %v", err), nil
+			return fmt.Errorf("error reading key: %v", err), ""
 		}
 
 		keyBlock, _ := pem.Decode(keyBytes)
 		if keyBlock == nil {
-			return fmt.Errorf("invalid PEM-encoded private key"), nil
+			return fmt.Errorf("invalid PEM-encoded private key"), ""
 		}
 
-		return keyutils.IsEncryptedPEMBlock(keyBlock), nil
+		return keyutils.IsEncryptedPEMBlock(keyBlock), ""
 	}
 }
 
-func checkSwarmLockedToUnlocked(c *check.C, d *daemon.Daemon, unlockKey string) {
+func checkSwarmLockedToUnlocked(c *testing.T, d *daemon.Daemon) {
 	// Wait for the PEM file to become unencrypted
-	waitAndAssert(c, defaultReconciliationTimeout, checkKeyIsEncrypted(d), checker.Equals, false)
+	poll.WaitOn(c, pollCheck(c, checkKeyIsEncrypted(d), checker.Equals(false)), poll.WithTimeout(defaultReconciliationTimeout))
 
-	d.Restart(c)
-	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+	d.RestartNode(c)
+	poll.WaitOn(c, pollCheck(c, d.CheckLocalNodeState, checker.Equals(swarm.LocalNodeStateActive)), poll.WithTimeout(time.Second))
 }
 
-func checkSwarmUnlockedToLocked(c *check.C, d *daemon.Daemon) {
+func checkSwarmUnlockedToLocked(c *testing.T, d *daemon.Daemon) {
 	// Wait for the PEM file to become encrypted
-	waitAndAssert(c, defaultReconciliationTimeout, checkKeyIsEncrypted(d), checker.Equals, true)
+	poll.WaitOn(c, pollCheck(c, checkKeyIsEncrypted(d), checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))
 
-	d.Restart(c)
-	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
+	d.RestartNode(c)
+	poll.WaitOn(c, pollCheck(c, d.CheckLocalNodeState, checker.Equals(swarm.LocalNodeStateLocked)), poll.WithTimeout(time.Second))
 }
 
-func (s *DockerSwarmSuite) TestUnlockEngineAndUnlockedSwarm(c *check.C) {
+func (s *DockerSwarmSuite) TestUnlockEngineAndUnlockedSwarm(c *testing.T) {
 	d := s.AddDaemon(c, false, false)
 
 	// unlocking a normal engine should return an error - it does not even ask for the key
@@ -1034,11 +1024,11 @@ func (s *DockerSwarmSuite) TestUnlockEngineAndUnlockedSwarm(c *check.C) {
 	result.Assert(c, icmd.Expected{
 		ExitCode: 1,
 	})
-	c.Assert(result.Combined(), checker.Contains, "Error: This node is not part of a swarm")
-	c.Assert(result.Combined(), checker.Not(checker.Contains), "Please enter unlock key")
-
+	out := result.Combined()
+	assert.Assert(c, strings.Contains(result.Combined(), "Error: This node is not part of a swarm"), out)
+	assert.Assert(c, !strings.Contains(result.Combined(), "Please enter unlock key"), out)
 	out, err := d.Cmd("swarm", "init")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// unlocking an unlocked swarm should return an error - it does not even ask for the key
 	cmd = d.Command("swarm", "unlock")
@@ -1046,37 +1036,23 @@ func (s *DockerSwarmSuite) TestUnlockEngineAndUnlockedSwarm(c *check.C) {
 	result.Assert(c, icmd.Expected{
 		ExitCode: 1,
 	})
-	c.Assert(result.Combined(), checker.Contains, "Error: swarm is not locked")
-	c.Assert(result.Combined(), checker.Not(checker.Contains), "Please enter unlock key")
+	out = result.Combined()
+	assert.Assert(c, strings.Contains(result.Combined(), "Error: swarm is not locked"), out)
+	assert.Assert(c, !strings.Contains(result.Combined(), "Please enter unlock key"), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmInitLocked(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmInitLocked(c *testing.T) {
 	d := s.AddDaemon(c, false, false)
 
 	outs, err := d.Cmd("swarm", "init", "--autolock")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
-
-	c.Assert(outs, checker.Contains, "docker swarm unlock")
-
-	var unlockKey string
-	for _, line := range strings.Split(outs, "\n") {
-		if strings.Contains(line, "SWMKEY") {
-			unlockKey = strings.TrimSpace(line)
-			break
-		}
-	}
-
-	c.Assert(unlockKey, checker.Not(checker.Equals), "")
-
-	outs, err = d.Cmd("swarm", "unlock-key", "-q")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
-	c.Assert(outs, checker.Equals, unlockKey+"\n")
+	assert.Assert(c, err == nil, outs)
+	unlockKey := getUnlockKey(d, c, outs)
 
-	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateActive)
 
 	// It starts off locked
-	d.Restart(c)
-	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
+	d.RestartNode(c)
+	assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateLocked)
 
 	cmd := d.Command("swarm", "unlock")
 	cmd.Stdin = bytes.NewBufferString("wrong-secret-key")
@@ -1085,92 +1061,74 @@ func (s *DockerSwarmSuite) TestSwarmInitLocked(c *check.C) {
 		Err:      "invalid key",
 	})
 
-	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
+	assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateLocked)
 
 	cmd = d.Command("swarm", "unlock")
 	cmd.Stdin = bytes.NewBufferString(unlockKey)
 	icmd.RunCmd(cmd).Assert(c, icmd.Success)
 
-	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateActive)
 
 	outs, err = d.Cmd("node", "ls")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
-	c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked")
-
+	assert.Assert(c, err == nil, outs)
+	assert.Assert(c, !strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
 	outs, err = d.Cmd("swarm", "update", "--autolock=false")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
+	assert.Assert(c, err == nil, outs)
 
-	checkSwarmLockedToUnlocked(c, d, unlockKey)
+	checkSwarmLockedToUnlocked(c, d)
 
 	outs, err = d.Cmd("node", "ls")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
-	c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked")
+	assert.Assert(c, err == nil, outs)
+	assert.Assert(c, !strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
 }
 
-func (s *DockerSwarmSuite) TestSwarmLeaveLocked(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmLeaveLocked(c *testing.T) {
 	d := s.AddDaemon(c, false, false)
 
 	outs, err := d.Cmd("swarm", "init", "--autolock")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
+	assert.Assert(c, err == nil, outs)
 
 	// It starts off locked
-	d.Restart(c, "--swarm-default-advertise-addr=lo")
+	d.RestartNode(c)
 
 	info := d.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateLocked)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateLocked)
 
 	outs, _ = d.Cmd("node", "ls")
-	c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
-
+	assert.Assert(c, strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
 	// `docker swarm leave` a locked swarm without --force will return an error
 	outs, _ = d.Cmd("swarm", "leave")
-	c.Assert(outs, checker.Contains, "Swarm is encrypted and locked.")
-
+	assert.Assert(c, strings.Contains(outs, "Swarm is encrypted and locked."), outs)
 	// It is OK for user to leave a locked swarm with --force
 	outs, err = d.Cmd("swarm", "leave", "--force")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
+	assert.Assert(c, err == nil, outs)
 
 	info = d.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateInactive)
 
 	outs, err = d.Cmd("swarm", "init")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
+	assert.Assert(c, err == nil, outs)
 
 	info = d.SwarmInfo(c)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateActive)
 }
 
-func (s *DockerSwarmSuite) TestSwarmLockUnlockCluster(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmLockUnlockCluster(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, true)
 	d3 := s.AddDaemon(c, true, true)
 
 	// they start off unlocked
-	d2.Restart(c)
-	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateActive)
+	d2.RestartNode(c)
+	assert.Equal(c, getNodeStatus(c, d2), swarm.LocalNodeStateActive)
 
 	// stop this one so it does not get autolock info
 	d2.Stop(c)
 
 	// enable autolock
 	outs, err := d1.Cmd("swarm", "update", "--autolock")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
-
-	c.Assert(outs, checker.Contains, "docker swarm unlock")
-
-	var unlockKey string
-	for _, line := range strings.Split(outs, "\n") {
-		if strings.Contains(line, "SWMKEY") {
-			unlockKey = strings.TrimSpace(line)
-			break
-		}
-	}
-
-	c.Assert(unlockKey, checker.Not(checker.Equals), "")
-
-	outs, err = d1.Cmd("swarm", "unlock-key", "-q")
-	c.Assert(err, checker.IsNil)
-	c.Assert(outs, checker.Equals, unlockKey+"\n")
+	assert.Assert(c, err == nil, outs)
+	unlockKey := getUnlockKey(d1, c, outs)
 
 	// The ones that got the cluster update should be set to locked
 	for _, d := range []*daemon.Daemon{d1, d3} {
@@ -1179,76 +1137,60 @@ func (s *DockerSwarmSuite) TestSwarmLockUnlockCluster(c *check.C) {
 		cmd := d.Command("swarm", "unlock")
 		cmd.Stdin = bytes.NewBufferString(unlockKey)
 		icmd.RunCmd(cmd).Assert(c, icmd.Success)
-		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+		assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateActive)
 	}
 
 	// d2 never got the cluster update, so it is still set to unlocked
-	d2.Start(c)
-	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateActive)
+	d2.StartNode(c)
+	assert.Equal(c, getNodeStatus(c, d2), swarm.LocalNodeStateActive)
 
 	// d2 is now set to lock
 	checkSwarmUnlockedToLocked(c, d2)
 
 	// leave it locked, and set the cluster to no longer autolock
 	outs, err = d1.Cmd("swarm", "update", "--autolock=false")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+	assert.Assert(c, err == nil, "out: %v", outs)
 
 	// the ones that got the update are now set to unlocked
 	for _, d := range []*daemon.Daemon{d1, d3} {
-		checkSwarmLockedToUnlocked(c, d, unlockKey)
+		checkSwarmLockedToUnlocked(c, d)
 	}
 
 	// d2 still locked
-	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateLocked)
+	assert.Equal(c, getNodeStatus(c, d2), swarm.LocalNodeStateLocked)
 
 	// unlock it
 	cmd := d2.Command("swarm", "unlock")
 	cmd.Stdin = bytes.NewBufferString(unlockKey)
 	icmd.RunCmd(cmd).Assert(c, icmd.Success)
-	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateActive)
+	assert.Equal(c, getNodeStatus(c, d2), swarm.LocalNodeStateActive)
 
 	// once it's caught up, d2 is set to not be locked
-	checkSwarmLockedToUnlocked(c, d2, unlockKey)
+	checkSwarmLockedToUnlocked(c, d2)
 
 	// managers who join now are never set to locked in the first place
 	d4 := s.AddDaemon(c, true, true)
-	d4.Restart(c)
-	c.Assert(getNodeStatus(c, d4), checker.Equals, swarm.LocalNodeStateActive)
+	d4.RestartNode(c)
+	assert.Equal(c, getNodeStatus(c, d4), swarm.LocalNodeStateActive)
 }
 
-func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 
 	// enable autolock
 	outs, err := d1.Cmd("swarm", "update", "--autolock")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
-
-	c.Assert(outs, checker.Contains, "docker swarm unlock")
-
-	var unlockKey string
-	for _, line := range strings.Split(outs, "\n") {
-		if strings.Contains(line, "SWMKEY") {
-			unlockKey = strings.TrimSpace(line)
-			break
-		}
-	}
-
-	c.Assert(unlockKey, checker.Not(checker.Equals), "")
-
-	outs, err = d1.Cmd("swarm", "unlock-key", "-q")
-	c.Assert(err, checker.IsNil)
-	c.Assert(outs, checker.Equals, unlockKey+"\n")
+	assert.Assert(c, err == nil, "out: %v", outs)
+	unlockKey := getUnlockKey(d1, c, outs)
 
 	// joined workers start off unlocked
 	d2 := s.AddDaemon(c, true, false)
-	d2.Restart(c)
-	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateActive)
+	d2.RestartNode(c)
+	poll.WaitOn(c, pollCheck(c, d2.CheckLocalNodeState, checker.Equals(swarm.LocalNodeStateActive)), poll.WithTimeout(time.Second))
 
 	// promote worker
 	outs, err = d1.Cmd("node", "promote", d2.NodeID())
-	c.Assert(err, checker.IsNil)
-	c.Assert(outs, checker.Contains, "promoted to a manager in the swarm")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(outs, "promoted to a manager in the swarm"), outs)
 	// join new manager node
 	d3 := s.AddDaemon(c, true, true)
 
@@ -1259,74 +1201,57 @@ func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *check.C) {
 		cmd := d.Command("swarm", "unlock")
 		cmd.Stdin = bytes.NewBufferString(unlockKey)
 		icmd.RunCmd(cmd).Assert(c, icmd.Success)
-		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+		assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateActive)
 	}
 
 	// demote manager back to worker - workers are not locked
 	outs, err = d1.Cmd("node", "demote", d3.NodeID())
-	c.Assert(err, checker.IsNil)
-	c.Assert(outs, checker.Contains, "demoted in the swarm")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(outs, "demoted in the swarm"), outs)
 	// Wait for it to actually be demoted, for the key and cert to be replaced.
 	// Then restart and assert that the node is not locked.  If we don't wait for the cert
 	// to be replaced, then the node still has the manager TLS key which is still locked
 	// (because we never want a manager TLS key to be on disk unencrypted if the cluster
 	// is set to autolock)
-	waitAndAssert(c, defaultReconciliationTimeout, d3.CheckControlAvailable, checker.False)
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		certBytes, err := ioutil.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
+	poll.WaitOn(c, pollCheck(c, d3.CheckControlAvailable, checker.False()), poll.WithTimeout(defaultReconciliationTimeout))
+	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
+		certBytes, err := os.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
 		if err != nil {
-			return "", check.Commentf("error: %v", err)
+			return "", fmt.Sprintf("error: %v", err)
 		}
 		certs, err := helpers.ParseCertificatesPEM(certBytes)
 		if err == nil && len(certs) > 0 && len(certs[0].Subject.OrganizationalUnit) > 0 {
-			return certs[0].Subject.OrganizationalUnit[0], nil
+			return certs[0].Subject.OrganizationalUnit[0], ""
 		}
-		return "", check.Commentf("could not get organizational unit from certificate")
-	}, checker.Equals, "swarm-worker")
+		return "", "could not get organizational unit from certificate"
+	}, checker.Equals("swarm-worker")), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// by now, it should *never* be locked on restart
-	d3.Restart(c)
-	c.Assert(getNodeStatus(c, d3), checker.Equals, swarm.LocalNodeStateActive)
+	d3.RestartNode(c)
+	poll.WaitOn(c, pollCheck(c, d3.CheckLocalNodeState, checker.Equals(swarm.LocalNodeStateActive)), poll.WithTimeout(time.Second))
 }
 
-func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	outs, err := d.Cmd("swarm", "update", "--autolock")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
-
-	c.Assert(outs, checker.Contains, "docker swarm unlock")
-
-	var unlockKey string
-	for _, line := range strings.Split(outs, "\n") {
-		if strings.Contains(line, "SWMKEY") {
-			unlockKey = strings.TrimSpace(line)
-			break
-		}
-	}
-
-	c.Assert(unlockKey, checker.Not(checker.Equals), "")
-
-	outs, err = d.Cmd("swarm", "unlock-key", "-q")
-	c.Assert(err, checker.IsNil)
-	c.Assert(outs, checker.Equals, unlockKey+"\n")
+	assert.Assert(c, err == nil, "out: %v", outs)
+	unlockKey := getUnlockKey(d, c, outs)
 
 	// Rotate multiple times
 	for i := 0; i != 3; i++ {
 		outs, err = d.Cmd("swarm", "unlock-key", "-q", "--rotate")
-		c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+		assert.Assert(c, err == nil, "out: %v", outs)
 		// Strip \n
 		newUnlockKey := outs[:len(outs)-1]
-		c.Assert(newUnlockKey, checker.Not(checker.Equals), "")
-		c.Assert(newUnlockKey, checker.Not(checker.Equals), unlockKey)
+		assert.Assert(c, newUnlockKey != "")
+		assert.Assert(c, newUnlockKey != unlockKey)
 
-		d.Restart(c)
-		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
+		d.RestartNode(c)
+		assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateLocked)
 
 		outs, _ = d.Cmd("node", "ls")
-		c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
-
+		assert.Assert(c, strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
 		cmd := d.Command("swarm", "unlock")
 		cmd.Stdin = bytes.NewBufferString(unlockKey)
 		result := icmd.RunCmd(cmd)
@@ -1342,7 +1267,7 @@ func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
 
 			time.Sleep(3 * time.Second)
 
-			d.Restart(c)
+			d.RestartNode(c)
 
 			cmd = d.Command("swarm", "unlock")
 			cmd.Stdin = bytes.NewBufferString(unlockKey)
@@ -1354,17 +1279,28 @@ func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
 		})
 
 		outs, _ = d.Cmd("node", "ls")
-		c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
-
+		assert.Assert(c, strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
 		cmd = d.Command("swarm", "unlock")
 		cmd.Stdin = bytes.NewBufferString(newUnlockKey)
 		icmd.RunCmd(cmd).Assert(c, icmd.Success)
 
-		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+		assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateActive)
 
-		outs, err = d.Cmd("node", "ls")
-		c.Assert(err, checker.IsNil)
-		c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked")
+		retry := 0
+		for {
+			// an issue sometimes prevents leader to be available right away
+			outs, err = d.Cmd("node", "ls")
+			if err != nil && retry < 5 {
+				if strings.Contains(outs, "swarm does not have a leader") {
+					retry++
+					time.Sleep(3 * time.Second)
+					continue
+				}
+			}
+			assert.NilError(c, err)
+			assert.Assert(c, !strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
+			break
+		}
 
 		unlockKey = newUnlockKey
 	}
@@ -1373,48 +1309,39 @@ func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
 // This differs from `TestSwarmRotateUnlockKey` because that one rotates a single node, which is the leader.
 // This one keeps the leader up, and asserts that other manager nodes in the cluster also have their unlock
 // key rotated.
-func (s *DockerSwarmSuite) TestSwarmClusterRotateUnlockKey(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterRotateUnlockKey(c *testing.T) {
+	if runtime.GOARCH == "s390x" {
+		c.Skip("Disabled on s390x")
+	}
+	if runtime.GOARCH == "ppc64le" {
+		c.Skip("Disabled on  ppc64le")
+	}
+
 	d1 := s.AddDaemon(c, true, true) // leader - don't restart this one, we don't want leader election delays
 	d2 := s.AddDaemon(c, true, true)
 	d3 := s.AddDaemon(c, true, true)
 
 	outs, err := d1.Cmd("swarm", "update", "--autolock")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
-
-	c.Assert(outs, checker.Contains, "docker swarm unlock")
-
-	var unlockKey string
-	for _, line := range strings.Split(outs, "\n") {
-		if strings.Contains(line, "SWMKEY") {
-			unlockKey = strings.TrimSpace(line)
-			break
-		}
-	}
-
-	c.Assert(unlockKey, checker.Not(checker.Equals), "")
-
-	outs, err = d1.Cmd("swarm", "unlock-key", "-q")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
-	c.Assert(outs, checker.Equals, unlockKey+"\n")
+	assert.Assert(c, err == nil, outs)
+	unlockKey := getUnlockKey(d1, c, outs)
 
 	// Rotate multiple times
 	for i := 0; i != 3; i++ {
 		outs, err = d1.Cmd("swarm", "unlock-key", "-q", "--rotate")
-		c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
+		assert.Assert(c, err == nil, outs)
 		// Strip \n
 		newUnlockKey := outs[:len(outs)-1]
-		c.Assert(newUnlockKey, checker.Not(checker.Equals), "")
-		c.Assert(newUnlockKey, checker.Not(checker.Equals), unlockKey)
+		assert.Assert(c, newUnlockKey != "")
+		assert.Assert(c, newUnlockKey != unlockKey)
 
-		d2.Restart(c)
-		d3.Restart(c)
+		d2.RestartNode(c)
+		d3.RestartNode(c)
 
 		for _, d := range []*daemon.Daemon{d2, d3} {
-			c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
+			assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateLocked)
 
 			outs, _ := d.Cmd("node", "ls")
-			c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
-
+			assert.Assert(c, strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
 			cmd := d.Command("swarm", "unlock")
 			cmd.Stdin = bytes.NewBufferString(unlockKey)
 			result := icmd.RunCmd(cmd)
@@ -1430,7 +1357,7 @@ func (s *DockerSwarmSuite) TestSwarmClusterRotateUnlockKey(c *check.C) {
 
 				time.Sleep(3 * time.Second)
 
-				d.Restart(c)
+				d.RestartNode(c)
 
 				cmd = d.Command("swarm", "unlock")
 				cmd.Stdin = bytes.NewBufferString(unlockKey)
@@ -1442,141 +1369,147 @@ func (s *DockerSwarmSuite) TestSwarmClusterRotateUnlockKey(c *check.C) {
 			})
 
 			outs, _ = d.Cmd("node", "ls")
-			c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
-
+			assert.Assert(c, strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
 			cmd = d.Command("swarm", "unlock")
 			cmd.Stdin = bytes.NewBufferString(newUnlockKey)
 			icmd.RunCmd(cmd).Assert(c, icmd.Success)
 
-			c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
-
-			outs, err = d.Cmd("node", "ls")
-			c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
-			c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked")
+			assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateActive)
+
+			retry := 0
+			for {
+				// an issue sometimes prevents leader to be available right away
+				outs, err = d.Cmd("node", "ls")
+				if err != nil && retry < 5 {
+					if strings.Contains(outs, "swarm does not have a leader") {
+						retry++
+						c.Logf("[%s] got 'swarm does not have a leader'. retrying (attempt %d/5)", d.ID(), retry)
+						time.Sleep(3 * time.Second)
+						continue
+					} else {
+						c.Logf("[%s] gave error: '%v'. retrying (attempt %d/5): %s", d.ID(), err, retry, outs)
+					}
+				}
+				assert.NilError(c, err, "[%s] failed after %d retries: %v (%s)", d.ID(), retry, err, outs)
+				assert.Assert(c, !strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
+				break
+			}
 		}
 
 		unlockKey = newUnlockKey
 	}
 }
 
-func (s *DockerSwarmSuite) TestSwarmAlternateLockUnlock(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmAlternateLockUnlock(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
-	var unlockKey string
 	for i := 0; i < 2; i++ {
 		// set to lock
 		outs, err := d.Cmd("swarm", "update", "--autolock")
-		c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
-		c.Assert(outs, checker.Contains, "docker swarm unlock")
-
-		for _, line := range strings.Split(outs, "\n") {
-			if strings.Contains(line, "SWMKEY") {
-				unlockKey = strings.TrimSpace(line)
-				break
-			}
-		}
+		assert.Assert(c, err == nil, "out: %v", outs)
+		assert.Assert(c, strings.Contains(outs, "docker swarm unlock"), outs)
+		unlockKey := getUnlockKey(d, c, outs)
 
-		c.Assert(unlockKey, checker.Not(checker.Equals), "")
 		checkSwarmUnlockedToLocked(c, d)
 
 		cmd := d.Command("swarm", "unlock")
 		cmd.Stdin = bytes.NewBufferString(unlockKey)
 		icmd.RunCmd(cmd).Assert(c, icmd.Success)
 
-		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+		assert.Equal(c, getNodeStatus(c, d), swarm.LocalNodeStateActive)
 
 		outs, err = d.Cmd("swarm", "update", "--autolock=false")
-		c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+		assert.Assert(c, err == nil, "out: %v", outs)
 
-		checkSwarmLockedToUnlocked(c, d, unlockKey)
+		checkSwarmLockedToUnlocked(c, d)
 	}
 }
 
-func (s *DockerSwarmSuite) TestExtraHosts(c *check.C) {
+func (s *DockerSwarmSuite) TestExtraHosts(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create a service
 	name := "top"
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--host=example.com:1.2.3.4", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// We need to get the container id.
 	out, err = d.Cmd("ps", "-a", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	// Compare against expected output.
 	expectedOutput := "1.2.3.4\texample.com"
 	out, err = d.Cmd("exec", id, "cat", "/etc/hosts")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput), "Expected '%s', but got %q", expectedOutput, out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmManagerAddress(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmManagerAddress(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, false)
 	d3 := s.AddDaemon(c, true, false)
 
 	// Manager Addresses will always show Node 1's address
-	expectedOutput := fmt.Sprintf("Manager Addresses:\n  127.0.0.1:%d\n", d1.SwarmPort)
+	expectedOutput := fmt.Sprintf("127.0.0.1:%d", d1.SwarmPort)
 
-	out, err := d1.Cmd("info")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, expectedOutput)
+	out, err := d1.Cmd("info", "--format", "{{ (index .Swarm.RemoteManagers 0).Addr }}")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput), out)
 
-	out, err = d2.Cmd("info")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, expectedOutput)
+	out, err = d2.Cmd("info", "--format", "{{ (index .Swarm.RemoteManagers 0).Addr }}")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput), out)
 
-	out, err = d3.Cmd("info")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, expectedOutput)
+	out, err = d3.Cmd("info", "--format", "{{ (index .Swarm.RemoteManagers 0).Addr }}")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, expectedOutput), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmNetworkIPAMOptions(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmNetworkIPAMOptions(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("network", "create", "-d", "overlay", "--ipam-opt", "foo=bar", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, err = d.Cmd("network", "inspect", "--format", "{{.IPAM.Options}}", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Contains, "foo:bar")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "com.docker.network.ipam.serial:true")
-
+	out = strings.TrimSpace(out)
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, "foo:bar"), out)
+	assert.Assert(c, strings.Contains(out, "com.docker.network.ipam.serial:true"), out)
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--network=foo", "--name", "top", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("network", "inspect", "--format", "{{.IPAM.Options}}", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Contains, "foo:bar")
-	c.Assert(strings.TrimSpace(out), checker.Contains, "com.docker.network.ipam.serial:true")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, "foo:bar"), out)
+	assert.Assert(c, strings.Contains(out, "com.docker.network.ipam.serial:true"), out)
 }
 
 // Test case for issue #27866, which did not allow NW name that is the prefix of a swarm NW ID.
 // e.g. if the ingress ID starts with "n1", it was impossible to create a NW named "n1".
-func (s *DockerSwarmSuite) TestSwarmNetworkCreateIssue27866(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmNetworkCreateIssue27866(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 	out, err := d.Cmd("network", "inspect", "-f", "{{.Id}}", "ingress")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	assert.NilError(c, err, "out: %v", out)
 	ingressID := strings.TrimSpace(out)
-	c.Assert(ingressID, checker.Not(checker.Equals), "")
+	assert.Assert(c, ingressID != "")
 
 	// create a network of which name is the prefix of the ID of an overlay network
 	// (ingressID in this case)
 	newNetName := ingressID[0:2]
 	out, err = d.Cmd("network", "create", "--driver", "overlay", newNetName)
 	// In #27866, it was failing because of "network with name %s already exists"
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	assert.NilError(c, err, "out: %v", out)
 	out, err = d.Cmd("network", "rm", newNetName)
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	assert.NilError(c, err, "out: %v", out)
 }
 
 // Test case for https://github.com/docker/docker/pull/27938#issuecomment-265768303
@@ -1585,108 +1518,103 @@ func (s *DockerSwarmSuite) TestSwarmNetworkCreateIssue27866(c *check.C) {
 // "network with name FOO already exists".
 // Note that it is to ok have multiple networks with the same name if the operations are done
 // in parallel. (#18864)
-func (s *DockerSwarmSuite) TestSwarmNetworkCreateDup(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmNetworkCreateDup(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 	drivers := []string{"bridge", "overlay"}
 	for i, driver1 := range drivers {
-		nwName := fmt.Sprintf("network-test-%d", i)
 		for _, driver2 := range drivers {
-			c.Logf("Creating a network named %q with %q, then %q",
-				nwName, driver1, driver2)
-			out, err := d.Cmd("network", "create", "--driver", driver1, nwName)
-			c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
-			out, err = d.Cmd("network", "create", "--driver", driver2, nwName)
-			c.Assert(out, checker.Contains,
-				fmt.Sprintf("network with name %s already exists", nwName))
-			c.Assert(err, checker.NotNil)
-			c.Logf("As expected, the attempt to network %q with %q failed: %s",
-				nwName, driver2, out)
-			out, err = d.Cmd("network", "rm", nwName)
-			c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+			c.Run(fmt.Sprintf("driver %s then %s", driver1, driver2), func(c *testing.T) {
+				nwName := fmt.Sprintf("network-test-%d", i)
+				out, err := d.Cmd("network", "create", "--driver", driver1, nwName)
+				assert.NilError(c, err, "out: %v", out)
+				out, err = d.Cmd("network", "create", "--driver", driver2, nwName)
+				assert.Assert(c, strings.Contains(out, fmt.Sprintf("network with name %s already exists", nwName)), out)
+				assert.ErrorContains(c, err, "")
+				out, err = d.Cmd("network", "rm", nwName)
+				assert.NilError(c, err, "out: %v", out)
+			})
 		}
 	}
 }
 
-func (s *DockerSwarmSuite) TestSwarmPublishDuplicatePorts(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmPublishDuplicatePorts(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--publish", "5005:80", "--publish", "5006:80", "--publish", "80", "--publish", "80", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	id := strings.TrimSpace(out)
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// Total len = 4, with 2 dynamic ports and 2 non-dynamic ports
 	// Dynamic ports are likely to be 30000 and 30001 but doesn't matter
 	out, err = d.Cmd("service", "inspect", "--format", "{{.Endpoint.Ports}} len={{len .Endpoint.Ports}}", id)
-	c.Assert(err, check.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "len=4")
-	c.Assert(out, checker.Contains, "{ tcp 80 5005 ingress}")
-	c.Assert(out, checker.Contains, "{ tcp 80 5006 ingress}")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, "len=4"), out)
+	assert.Assert(c, strings.Contains(out, "{ tcp 80 5005 ingress}"), out)
+	assert.Assert(c, strings.Contains(out, "{ tcp 80 5006 ingress}"), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmJoinWithDrain(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmJoinWithDrain(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("node", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Not(checker.Contains), "Drain")
-
+	assert.NilError(c, err)
+	assert.Assert(c, !strings.Contains(out, "Drain"), out)
 	out, err = d.Cmd("swarm", "join-token", "-q", "manager")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	token := strings.TrimSpace(out)
 
 	d1 := s.AddDaemon(c, false, false)
 
 	out, err = d1.Cmd("swarm", "join", "--availability=drain", "--token", token, d.SwarmListenAddr())
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, err = d.Cmd("node", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Drain")
-
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "Drain"), out)
 	out, err = d1.Cmd("node", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Drain")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "Drain"), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmInitWithDrain(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmInitWithDrain(c *testing.T) {
 	d := s.AddDaemon(c, false, false)
 
 	out, err := d.Cmd("swarm", "init", "--availability", "drain")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	assert.NilError(c, err, "out: %v", out)
 
 	out, err = d.Cmd("node", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Drain")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.Contains(out, "Drain"))
 }
 
-func (s *DockerSwarmSuite) TestSwarmReadonlyRootfs(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmReadonlyRootfs(c *testing.T) {
 	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
 
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "top", "--read-only", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.ReadOnly }}", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "true")
 
 	containers := d.ActiveContainers(c)
 	out, err = d.Cmd("inspect", "--type", "container", "--format", "{{.HostConfig.ReadonlyRootfs}}", containers[0])
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "true")
 }
 
-func (s *DockerSwarmSuite) TestNetworkInspectWithDuplicateNames(c *check.C) {
+func (s *DockerSwarmSuite) TestNetworkInspectWithDuplicateNames(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "foo"
@@ -1695,140 +1623,136 @@ func (s *DockerSwarmSuite) TestNetworkInspectWithDuplicateNames(c *check.C) {
 		Driver:         "bridge",
 	}
 
-	cli, err := d.NewClient()
-	c.Assert(err, checker.IsNil)
+	cli := d.NewClientT(c)
 	defer cli.Close()
 
 	n1, err := cli.NetworkCreate(context.Background(), name, options)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Full ID always works
 	out, err := d.Cmd("network", "inspect", "--format", "{{.ID}}", n1.ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, n1.ID)
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), n1.ID)
 
 	// Name works if it is unique
 	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", name)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, n1.ID)
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), n1.ID)
 
 	n2, err := cli.NetworkCreate(context.Background(), name, options)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	// Full ID always works
 	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", n1.ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, n1.ID)
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), n1.ID)
 
 	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", n2.ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, n2.ID)
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), n2.ID)
 
 	// Name with duplicates
 	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", name)
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "2 matches found based on name")
-
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "2 matches found based on name"), out)
 	out, err = d.Cmd("network", "rm", n2.ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Duplicates with name but with different driver
 	options.Driver = "overlay"
 
 	n2, err = cli.NetworkCreate(context.Background(), name, options)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// Full ID always works
 	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", n1.ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, n1.ID)
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), n1.ID)
 
 	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", n2.ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, n2.ID)
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), n2.ID)
 
 	// Name with duplicates
 	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", name)
-	c.Assert(err, checker.NotNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "2 matches found based on name")
+	assert.ErrorContains(c, err, "", out)
+	assert.Assert(c, strings.Contains(out, "2 matches found based on name"), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmStopSignal(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmStopSignal(c *testing.T) {
 	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
 
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "top", "--stop-signal=SIGHUP", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.StopSignal }}", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "SIGHUP")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "SIGHUP")
 
 	containers := d.ActiveContainers(c)
 	out, err = d.Cmd("inspect", "--type", "container", "--format", "{{.Config.StopSignal}}", containers[0])
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "SIGHUP")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "SIGHUP")
 
 	out, err = d.Cmd("service", "update", "--detach", "--stop-signal=SIGUSR1", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.StopSignal }}", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "SIGUSR1")
+	assert.NilError(c, err, out)
+	assert.Equal(c, strings.TrimSpace(out), "SIGUSR1")
 }
 
-func (s *DockerSwarmSuite) TestSwarmServiceLsFilterMode(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmServiceLsFilterMode(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "top1", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "top2", "--mode=global", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 2)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(2)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("service", "ls")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "top1")
-	c.Assert(out, checker.Contains, "top2")
-	c.Assert(out, checker.Not(checker.Contains), "localnet")
-
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, "top1"), out)
+	assert.Assert(c, strings.Contains(out, "top2"), out)
+	assert.Assert(c, !strings.Contains(out, "localnet"), out)
 	out, err = d.Cmd("service", "ls", "--filter", "mode=global")
-	c.Assert(out, checker.Not(checker.Contains), "top1")
-	c.Assert(out, checker.Contains, "top2")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.Assert(c, !strings.Contains(out, "top1"), out)
+	assert.Assert(c, strings.Contains(out, "top2"), out)
+	assert.NilError(c, err, out)
 
 	out, err = d.Cmd("service", "ls", "--filter", "mode=replicated")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
-	c.Assert(out, checker.Contains, "top1")
-	c.Assert(out, checker.Not(checker.Contains), "top2")
+	assert.NilError(c, err, out)
+	assert.Assert(c, strings.Contains(out, "top1"), out)
+	assert.Assert(c, !strings.Contains(out, "top2"), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmInitUnspecifiedDataPathAddr(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmInitUnspecifiedDataPathAddr(c *testing.T) {
 	d := s.AddDaemon(c, false, false)
 
 	out, err := d.Cmd("swarm", "init", "--data-path-addr", "0.0.0.0")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "data path address must be a non-zero IP")
-
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "data path address must be a non-zero IP"), out)
 	out, err = d.Cmd("swarm", "init", "--data-path-addr", "0.0.0.0:2000")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "data path address must be a non-zero IP")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "data path address must be a non-zero IP"), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmJoinLeave(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmJoinLeave(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("swarm", "join-token", "-q", "worker")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.NilError(c, err)
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	token := strings.TrimSpace(out)
 
@@ -1836,17 +1760,17 @@ func (s *DockerSwarmSuite) TestSwarmJoinLeave(c *check.C) {
 	d1 := s.AddDaemon(c, false, false)
 	for i := 0; i < 10; i++ {
 		out, err = d1.Cmd("swarm", "join", "--token", token, d.SwarmListenAddr())
-		c.Assert(err, checker.IsNil)
-		c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+		assert.NilError(c, err)
+		assert.Assert(c, strings.TrimSpace(out) != "")
 
 		_, err = d1.Cmd("swarm", "leave")
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 	}
 }
 
 const defaultRetryCount = 10
 
-func waitForEvent(c *check.C, d *daemon.Daemon, since string, filter string, event string, retry int) string {
+func waitForEvent(c *testing.T, d *daemon.Daemon, since string, filter string, event string, retry int) string {
 	if retry < 1 {
 		c.Fatalf("retry count %d is invalid. It should be no less than 1", retry)
 		return ""
@@ -1860,7 +1784,7 @@ func waitForEvent(c *check.C, d *daemon.Daemon, since string, filter string, eve
 		} else {
 			out, err = d.Cmd("events", "--since", since, "--until", until)
 		}
-		c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+		assert.NilError(c, err, out)
 		if strings.Contains(out, event) {
 			return strings.TrimSpace(out)
 		}
@@ -1873,16 +1797,16 @@ func waitForEvent(c *check.C, d *daemon.Daemon, since string, filter string, eve
 	return ""
 }
 
-func (s *DockerSwarmSuite) TestSwarmClusterEventsSource(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterEventsSource(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, true)
 	d3 := s.AddDaemon(c, true, false)
 
 	// create a network
 	out, err := d1.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	networkID := strings.TrimSpace(out)
-	c.Assert(networkID, checker.Not(checker.Equals), "")
+	assert.Assert(c, networkID != "")
 
 	// d1, d2 are managers that can get swarm events
 	waitForEvent(c, d1, "0", "-f scope=swarm", "network create "+networkID, defaultRetryCount)
@@ -1890,59 +1814,57 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsSource(c *check.C) {
 
 	// d3 is a worker, not able to get cluster events
 	out = waitForEvent(c, d3, "0", "-f scope=swarm", "", 1)
-	c.Assert(out, checker.Not(checker.Contains), "network create ")
+	assert.Assert(c, !strings.Contains(out, "network create "), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmClusterEventsScope(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterEventsScope(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// create a service
 	out, err := d.Cmd("service", "create", "--no-resolve-image", "--name", "test", "--detach=false", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	serviceID := strings.Split(out, "\n")[0]
 
 	// scope swarm filters cluster events
 	out = waitForEvent(c, d, "0", "-f scope=swarm", "service create "+serviceID, defaultRetryCount)
-	c.Assert(out, checker.Not(checker.Contains), "container create ")
-
+	assert.Assert(c, !strings.Contains(out, "container create "), out)
 	// all events are returned if scope is not specified
 	waitForEvent(c, d, "0", "", "service create "+serviceID, 1)
 	waitForEvent(c, d, "0", "", "container create ", defaultRetryCount)
 
 	// scope local only shows non-cluster events
 	out = waitForEvent(c, d, "0", "-f scope=local", "container create ", 1)
-	c.Assert(out, checker.Not(checker.Contains), "service create ")
+	assert.Assert(c, !strings.Contains(out, "service create "), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmClusterEventsType(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterEventsType(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// create a service
 	out, err := d.Cmd("service", "create", "--no-resolve-image", "--name", "test", "--detach=false", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	serviceID := strings.Split(out, "\n")[0]
 
 	// create a network
 	out, err = d.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	networkID := strings.TrimSpace(out)
-	c.Assert(networkID, checker.Not(checker.Equals), "")
+	assert.Assert(c, networkID != "")
 
 	// filter by service
 	out = waitForEvent(c, d, "0", "-f type=service", "service create "+serviceID, defaultRetryCount)
-	c.Assert(out, checker.Not(checker.Contains), "network create")
-
+	assert.Assert(c, !strings.Contains(out, "network create"), out)
 	// filter by network
 	out = waitForEvent(c, d, "0", "-f type=network", "network create "+networkID, defaultRetryCount)
-	c.Assert(out, checker.Not(checker.Contains), "service create")
+	assert.Assert(c, !strings.Contains(out, "service create"), out)
 }
 
-func (s *DockerSwarmSuite) TestSwarmClusterEventsService(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterEventsService(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// create a service
 	out, err := d.Cmd("service", "create", "--no-resolve-image", "--name", "test", "--detach=false", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	serviceID := strings.Split(out, "\n")[0]
 
 	// validate service create event
@@ -1950,34 +1872,31 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsService(c *check.C) {
 
 	t1 := daemonUnixTime(c)
 	out, err = d.Cmd("service", "update", "--force", "--detach=false", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// wait for service update start
 	out = waitForEvent(c, d, t1, "-f scope=swarm", "service update "+serviceID, defaultRetryCount)
-	c.Assert(out, checker.Contains, "updatestate.new=updating")
-
+	assert.Assert(c, strings.Contains(out, "updatestate.new=updating"), out)
 	// allow service update complete. This is a service with 1 instance
 	time.Sleep(400 * time.Millisecond)
 	out = waitForEvent(c, d, t1, "-f scope=swarm", "service update "+serviceID, defaultRetryCount)
-	c.Assert(out, checker.Contains, "updatestate.new=completed, updatestate.old=updating")
-
+	assert.Assert(c, strings.Contains(out, "updatestate.new=completed, updatestate.old=updating"), out)
 	// scale service
 	t2 := daemonUnixTime(c)
 	out, err = d.Cmd("service", "scale", "test=3")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	out = waitForEvent(c, d, t2, "-f scope=swarm", "service update "+serviceID, defaultRetryCount)
-	c.Assert(out, checker.Contains, "replicas.new=3, replicas.old=1")
-
+	assert.Assert(c, strings.Contains(out, "replicas.new=3, replicas.old=1"), out)
 	// remove service
 	t3 := daemonUnixTime(c)
 	out, err = d.Cmd("service", "rm", "test")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	waitForEvent(c, d, t3, "-f scope=swarm", "service remove "+serviceID, defaultRetryCount)
 }
 
-func (s *DockerSwarmSuite) TestSwarmClusterEventsNode(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterEventsNode(c *testing.T) {
 	d1 := s.AddDaemon(c, true, true)
 	s.AddDaemon(c, true, true)
 	d3 := s.AddDaemon(c, true, true)
@@ -1987,32 +1906,31 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsNode(c *check.C) {
 
 	t1 := daemonUnixTime(c)
 	out, err := d1.Cmd("node", "update", "--availability=pause", d3ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// filter by type
 	out = waitForEvent(c, d1, t1, "-f type=node", "node update "+d3ID, defaultRetryCount)
-	c.Assert(out, checker.Contains, "availability.new=pause, availability.old=active")
-
+	assert.Assert(c, strings.Contains(out, "availability.new=pause, availability.old=active"), out)
 	t2 := daemonUnixTime(c)
 	out, err = d1.Cmd("node", "demote", d3ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	waitForEvent(c, d1, t2, "-f type=node", "node update "+d3ID, defaultRetryCount)
 
 	t3 := daemonUnixTime(c)
 	out, err = d1.Cmd("node", "rm", "-f", d3ID)
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// filter by scope
 	waitForEvent(c, d1, t3, "-f scope=swarm", "node remove "+d3ID, defaultRetryCount)
 }
 
-func (s *DockerSwarmSuite) TestSwarmClusterEventsNetwork(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterEventsNetwork(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	// create a network
 	out, err := d.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 	networkID := strings.TrimSpace(out)
 
 	waitForEvent(c, d, "0", "-f scope=swarm", "network create "+networkID, defaultRetryCount)
@@ -2020,13 +1938,13 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsNetwork(c *check.C) {
 	// remove network
 	t1 := daemonUnixTime(c)
 	out, err = d.Cmd("network", "rm", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// filtered by network
 	waitForEvent(c, d, t1, "-f type=network", "network remove "+networkID, defaultRetryCount)
 }
 
-func (s *DockerSwarmSuite) TestSwarmClusterEventsSecret(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterEventsSecret(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	testName := "test_secret"
@@ -2036,7 +1954,7 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsSecret(c *check.C) {
 		},
 		Data: []byte("TESTINGDATA"),
 	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+	assert.Assert(c, id != "", "secrets: %s", id)
 
 	waitForEvent(c, d, "0", "-f scope=swarm", "secret create "+id, defaultRetryCount)
 
@@ -2046,7 +1964,7 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsSecret(c *check.C) {
 	waitForEvent(c, d, t1, "-f type=secret", "secret remove "+id, defaultRetryCount)
 }
 
-func (s *DockerSwarmSuite) TestSwarmClusterEventsConfig(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmClusterEventsConfig(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	testName := "test_config"
@@ -2056,7 +1974,7 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsConfig(c *check.C) {
 		},
 		Data: []byte("TESTINGDATA"),
 	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+	assert.Assert(c, id != "", "configs: %s", id)
 
 	waitForEvent(c, d, "0", "-f scope=swarm", "config create "+id, defaultRetryCount)
 
@@ -2065,3 +1983,15 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsConfig(c *check.C) {
 	// filtered by config
 	waitForEvent(c, d, t1, "-f type=config", "config remove "+id, defaultRetryCount)
 }
+
+func getUnlockKey(d *daemon.Daemon, c *testing.T, autolockOutput string) string {
+	unlockKey, err := d.Cmd("swarm", "unlock-key", "-q")
+	assert.Assert(c, err == nil, unlockKey)
+	unlockKey = strings.TrimSuffix(unlockKey, "\n")
+
+	// Check that "docker swarm init --autolock" or "docker swarm update --autolock"
+	// contains all the expected strings, including the unlock key
+	assert.Assert(c, strings.Contains(autolockOutput, "docker swarm unlock"), autolockOutput)
+	assert.Assert(c, strings.Contains(autolockOutput, unlockKey), autolockOutput)
+	return unlockKey
+}
diff --git a/integration-cli/docker_cli_swarm_unix_test.go b/integration-cli/docker_cli_swarm_unix_test.go
index 7473937eda518..35f61a55f0345 100644
--- a/integration-cli/docker_cli_swarm_unix_test.go
+++ b/integration-cli/docker_cli_swarm_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -5,56 +6,58 @@ package main
 import (
 	"encoding/json"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
 )
 
-func (s *DockerSwarmSuite) TestSwarmVolumePlugin(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmVolumePlugin(c *testing.T) {
 	d := s.AddDaemon(c, true, true)
 
 	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--mount", "type=volume,source=my-volume,destination=/foo,volume-driver=customvolumedriver", "--name", "top", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// Make sure task stays pending before plugin is available
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckServiceTasksInStateWithError("top", swarm.TaskStatePending, "missing plugin on 1 node"), checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckServiceTasksInStateWithError("top", swarm.TaskStatePending, "missing plugin on 1 node"), checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	plugin := newVolumePlugin(c, "customvolumedriver")
 	defer plugin.Close()
 
 	// create a dummy volume to trigger lazy loading of the plugin
 	out, err = d.Cmd("volume", "create", "-d", "customvolumedriver", "hello")
-	c.Assert(err, checker.IsNil, check.Commentf("%s", out))
+	assert.NilError(c, err, out)
 
 	// TODO(aaronl): It will take about 15 seconds for swarm to realize the
 	// plugin was loaded. Switching the test over to plugin v2 would avoid
 	// this long delay.
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	poll.WaitOn(c, pollCheck(c, d.CheckActiveContainerCount, checker.Equals(1)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	out, err = d.Cmd("ps", "-q")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	containerID := strings.TrimSpace(out)
 
 	out, err = d.Cmd("inspect", "-f", "{{json .Mounts}}", containerID)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	var mounts []struct {
 		Name   string
 		Driver string
 	}
 
-	c.Assert(json.NewDecoder(strings.NewReader(out)).Decode(&mounts), checker.IsNil)
-	c.Assert(len(mounts), checker.Equals, 1, check.Commentf("%s", out))
-	c.Assert(mounts[0].Name, checker.Equals, "my-volume")
-	c.Assert(mounts[0].Driver, checker.Equals, "customvolumedriver")
+	assert.NilError(c, json.NewDecoder(strings.NewReader(out)).Decode(&mounts))
+	assert.Equal(c, len(mounts), 1, out)
+	assert.Equal(c, mounts[0].Name, "my-volume")
+	assert.Equal(c, mounts[0].Driver, "customvolumedriver")
 }
 
 // Test network plugin filter in swarm
-func (s *DockerSwarmSuite) TestSwarmNetworkPluginV2(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmNetworkPluginV2(c *testing.T) {
 	testRequires(c, IsAmd64)
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, true, false)
@@ -63,43 +66,43 @@ func (s *DockerSwarmSuite) TestSwarmNetworkPluginV2(c *check.C) {
 	pluginName := "aragunathan/global-net-plugin:latest"
 
 	_, err := d1.Cmd("plugin", "install", pluginName, "--grant-all-permissions")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	_, err = d2.Cmd("plugin", "install", pluginName, "--grant-all-permissions")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// create network
 	networkName := "globalnet"
 	_, err = d1.Cmd("network", "create", "--driver", pluginName, networkName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// create a global service to ensure that both nodes will have an instance
 	serviceName := "my-service"
 	_, err = d1.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--mode=global", "--network", networkName, "busybox", "top")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, 2)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals(2)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// remove service
 	_, err = d1.Cmd("service", "rm", serviceName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// wait to ensure all containers have exited before removing the plugin. Else there's a
 	// possibility of container exits erroring out due to plugins being unavailable.
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, 0)
+	poll.WaitOn(c, pollCheck(c, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals(0)), poll.WithTimeout(defaultReconciliationTimeout))
 
 	// disable plugin on worker
 	_, err = d2.Cmd("plugin", "disable", "-f", pluginName)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	time.Sleep(20 * time.Second)
 
 	image := "busybox:latest"
 	// create a new global service again.
 	_, err = d1.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--mode=global", "--network", networkName, image, "top")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
+
+	poll.WaitOn(c, pollCheck(c, d1.CheckRunningTaskImages, checker.DeepEquals(map[string]int{image: 1})), poll.WithTimeout(defaultReconciliationTimeout))
 
-	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckRunningTaskImages, checker.DeepEquals,
-		map[string]int{image: 1})
 }
diff --git a/integration-cli/docker_cli_top_test.go b/integration-cli/docker_cli_top_test.go
index 50744b0111187..9bc29f39c67f7 100644
--- a/integration-cli/docker_cli_top_test.go
+++ b/integration-cli/docker_cli_top_test.go
@@ -2,13 +2,13 @@ package main
 
 import (
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestTopMultipleArgs(c *check.C) {
+func (s *DockerSuite) TestTopMultipleArgs(c *testing.T) {
 	out := runSleepingContainer(c, "-d")
 	cleanedContainerID := strings.TrimSpace(out)
 
@@ -23,7 +23,7 @@ func (s *DockerSuite) TestTopMultipleArgs(c *check.C) {
 	result.Assert(c, expected)
 }
 
-func (s *DockerSuite) TestTopNonPrivileged(c *check.C) {
+func (s *DockerSuite) TestTopNonPrivileged(c *testing.T) {
 	out := runSleepingContainer(c, "-d")
 	cleanedContainerID := strings.TrimSpace(out)
 
@@ -40,25 +40,25 @@ func (s *DockerSuite) TestTopNonPrivileged(c *check.C) {
 		lookingFor = "top"
 	}
 
-	c.Assert(out1, checker.Contains, lookingFor, check.Commentf("top should've listed `%s` in the process list, but failed the first time", lookingFor))
-	c.Assert(out2, checker.Contains, lookingFor, check.Commentf("top should've listed `%s` in the process list, but failed the second time", lookingFor))
+	assert.Assert(c, strings.Contains(out1, lookingFor), "top should've listed `%s` in the process list, but failed the first time", lookingFor)
+	assert.Assert(c, strings.Contains(out2, lookingFor), "top should've listed `%s` in the process list, but failed the second time", lookingFor)
 }
 
 // TestTopWindowsCoreProcesses validates that there are lines for the critical
 // processes which are found in a Windows container. Note Windows is architecturally
 // very different to Linux in this regard.
-func (s *DockerSuite) TestTopWindowsCoreProcesses(c *check.C) {
+func (s *DockerSuite) TestTopWindowsCoreProcesses(c *testing.T) {
 	testRequires(c, DaemonIsWindows)
 	out := runSleepingContainer(c, "-d")
 	cleanedContainerID := strings.TrimSpace(out)
 	out1, _ := dockerCmd(c, "top", cleanedContainerID)
 	lookingFor := []string{"smss.exe", "csrss.exe", "wininit.exe", "services.exe", "lsass.exe", "CExecSvc.exe"}
 	for i, s := range lookingFor {
-		c.Assert(out1, checker.Contains, s, check.Commentf("top should've listed `%s` in the process list, but failed. Test case %d", s, i))
+		assert.Assert(c, strings.Contains(out1, s), "top should've listed `%s` in the process list, but failed. Test case %d", s, i)
 	}
 }
 
-func (s *DockerSuite) TestTopPrivileged(c *check.C) {
+func (s *DockerSuite) TestTopPrivileged(c *testing.T) {
 	// Windows does not support --privileged
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	out, _ := dockerCmd(c, "run", "--privileged", "-i", "-d", "busybox", "top")
@@ -68,6 +68,6 @@ func (s *DockerSuite) TestTopPrivileged(c *check.C) {
 	out2, _ := dockerCmd(c, "top", cleanedContainerID)
 	dockerCmd(c, "kill", cleanedContainerID)
 
-	c.Assert(out1, checker.Contains, "top", check.Commentf("top should've listed `top` in the process list, but failed the first time"))
-	c.Assert(out2, checker.Contains, "top", check.Commentf("top should've listed `top` in the process list, but failed the second time"))
+	assert.Assert(c, strings.Contains(out1, "top"), "top should've listed `top` in the process list, but failed the first time")
+	assert.Assert(c, strings.Contains(out2, "top"), "top should've listed `top` in the process list, but failed the second time")
 }
diff --git a/integration-cli/docker_cli_update_unix_test.go b/integration-cli/docker_cli_update_unix_test.go
index 1fb30f04d6df3..459b70e6468a7 100644
--- a/integration-cli/docker_cli_update_unix_test.go
+++ b/integration-cli/docker_cli_update_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -8,18 +9,17 @@ import (
 	"fmt"
 	"os/exec"
 	"strings"
+	"testing"
 	"time"
 
+	"github.com/creack/pty"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/go-check/check"
-	"github.com/kr/pty"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
 )
 
-func (s *DockerSuite) TestUpdateRunningContainer(c *check.C) {
+func (s *DockerSuite) TestUpdateRunningContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 
@@ -27,14 +27,14 @@ func (s *DockerSuite) TestUpdateRunningContainer(c *check.C) {
 	dockerCmd(c, "run", "-d", "--name", name, "-m", "300M", "busybox", "top")
 	dockerCmd(c, "update", "-m", "500M", name)
 
-	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "524288000")
+	assert.Equal(c, inspectField(c, name, "HostConfig.Memory"), "524288000")
 
 	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
 	out, _ := dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "524288000")
+	assert.Equal(c, strings.TrimSpace(out), "524288000")
 }
 
-func (s *DockerSuite) TestUpdateRunningContainerWithRestart(c *check.C) {
+func (s *DockerSuite) TestUpdateRunningContainerWithRestart(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 
@@ -43,14 +43,14 @@ func (s *DockerSuite) TestUpdateRunningContainerWithRestart(c *check.C) {
 	dockerCmd(c, "update", "-m", "500M", name)
 	dockerCmd(c, "restart", name)
 
-	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "524288000")
+	assert.Equal(c, inspectField(c, name, "HostConfig.Memory"), "524288000")
 
 	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
 	out, _ := dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "524288000")
+	assert.Equal(c, strings.TrimSpace(out), "524288000")
 }
 
-func (s *DockerSuite) TestUpdateStoppedContainer(c *check.C) {
+func (s *DockerSuite) TestUpdateStoppedContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 
@@ -59,13 +59,13 @@ func (s *DockerSuite) TestUpdateStoppedContainer(c *check.C) {
 	dockerCmd(c, "run", "--name", name, "-m", "300M", "busybox", "cat", file)
 	dockerCmd(c, "update", "-m", "500M", name)
 
-	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "524288000")
+	assert.Equal(c, inspectField(c, name, "HostConfig.Memory"), "524288000")
 
 	out, _ := dockerCmd(c, "start", "-a", name)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "524288000")
+	assert.Equal(c, strings.TrimSpace(out), "524288000")
 }
 
-func (s *DockerSuite) TestUpdatePausedContainer(c *check.C) {
+func (s *DockerSuite) TestUpdatePausedContainer(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, cpuShare)
 
@@ -74,15 +74,15 @@ func (s *DockerSuite) TestUpdatePausedContainer(c *check.C) {
 	dockerCmd(c, "pause", name)
 	dockerCmd(c, "update", "--cpu-shares", "500", name)
 
-	c.Assert(inspectField(c, name, "HostConfig.CPUShares"), checker.Equals, "500")
+	assert.Equal(c, inspectField(c, name, "HostConfig.CPUShares"), "500")
 
 	dockerCmd(c, "unpause", name)
 	file := "/sys/fs/cgroup/cpu/cpu.shares"
 	out, _ := dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "500")
+	assert.Equal(c, strings.TrimSpace(out), "500")
 }
 
-func (s *DockerSuite) TestUpdateWithUntouchedFields(c *check.C) {
+func (s *DockerSuite) TestUpdateWithUntouchedFields(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 	testRequires(c, cpuShare)
@@ -93,97 +93,36 @@ func (s *DockerSuite) TestUpdateWithUntouchedFields(c *check.C) {
 
 	// Update memory and not touch cpus, `cpuset.cpus` should still have the old value
 	out := inspectField(c, name, "HostConfig.CPUShares")
-	c.Assert(out, check.Equals, "800")
+	assert.Equal(c, out, "800")
 
 	file := "/sys/fs/cgroup/cpu/cpu.shares"
 	out, _ = dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "800")
+	assert.Equal(c, strings.TrimSpace(out), "800")
 }
 
-func (s *DockerSuite) TestUpdateContainerInvalidValue(c *check.C) {
+func (s *DockerSuite) TestUpdateContainerInvalidValue(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 
 	name := "test-update-container"
 	dockerCmd(c, "run", "-d", "--name", name, "-m", "300M", "busybox", "true")
 	out, _, err := dockerCmdWithError("update", "-m", "2M", name)
-	c.Assert(err, check.NotNil)
-	expected := "Minimum memory limit allowed is 4MB"
-	c.Assert(out, checker.Contains, expected)
+	assert.ErrorContains(c, err, "")
+	expected := "Minimum memory limit allowed is 6MB"
+	assert.Assert(c, strings.Contains(out, expected))
 }
 
-func (s *DockerSuite) TestUpdateContainerWithoutFlags(c *check.C) {
+func (s *DockerSuite) TestUpdateContainerWithoutFlags(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 
 	name := "test-update-container"
 	dockerCmd(c, "run", "-d", "--name", name, "-m", "300M", "busybox", "true")
 	_, _, err := dockerCmdWithError("update", name)
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 }
 
-func (s *DockerSuite) TestUpdateKernelMemory(c *check.C) {
-	testRequires(c, DaemonIsLinux, kernelMemorySupport)
-
-	name := "test-update-container"
-	dockerCmd(c, "run", "-d", "--name", name, "--kernel-memory", "50M", "busybox", "top")
-	dockerCmd(c, "update", "--kernel-memory", "100M", name)
-
-	c.Assert(inspectField(c, name, "HostConfig.KernelMemory"), checker.Equals, "104857600")
-
-	file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
-	out, _ := dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "104857600")
-}
-
-func (s *DockerSuite) TestUpdateKernelMemoryUninitialized(c *check.C) {
-	testRequires(c, DaemonIsLinux, kernelMemorySupport)
-
-	isNewKernel := CheckKernelVersion(4, 6, 0)
-	name := "test-update-container"
-	dockerCmd(c, "run", "-d", "--name", name, "busybox", "top")
-	_, _, err := dockerCmdWithError("update", "--kernel-memory", "100M", name)
-	// Update kernel memory to a running container without kernel memory initialized
-	// is not allowed before kernel version 4.6.
-	if !isNewKernel {
-		c.Assert(err, check.NotNil)
-	} else {
-		c.Assert(err, check.IsNil)
-	}
-
-	dockerCmd(c, "pause", name)
-	_, _, err = dockerCmdWithError("update", "--kernel-memory", "200M", name)
-	if !isNewKernel {
-		c.Assert(err, check.NotNil)
-	} else {
-		c.Assert(err, check.IsNil)
-	}
-	dockerCmd(c, "unpause", name)
-
-	dockerCmd(c, "stop", name)
-	dockerCmd(c, "update", "--kernel-memory", "300M", name)
-	dockerCmd(c, "start", name)
-
-	c.Assert(inspectField(c, name, "HostConfig.KernelMemory"), checker.Equals, "314572800")
-
-	file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
-	out, _ := dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "314572800")
-}
-
-// GetKernelVersion gets the current kernel version.
-func GetKernelVersion() *kernel.VersionInfo {
-	v, _ := kernel.ParseRelease(testEnv.DaemonInfo.KernelVersion)
-	return v
-}
-
-// CheckKernelVersion checks if current kernel is newer than (or equal to)
-// the given version.
-func CheckKernelVersion(k, major, minor int) bool {
-	return kernel.CompareKernelVersion(*GetKernelVersion(), kernel.VersionInfo{Kernel: k, Major: major, Minor: minor}) >= 0
-}
-
-func (s *DockerSuite) TestUpdateSwapMemoryOnly(c *check.C) {
+func (s *DockerSuite) TestUpdateSwapMemoryOnly(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 	testRequires(c, swapMemorySupport)
@@ -192,14 +131,14 @@ func (s *DockerSuite) TestUpdateSwapMemoryOnly(c *check.C) {
 	dockerCmd(c, "run", "-d", "--name", name, "--memory", "300M", "--memory-swap", "500M", "busybox", "top")
 	dockerCmd(c, "update", "--memory-swap", "600M", name)
 
-	c.Assert(inspectField(c, name, "HostConfig.MemorySwap"), checker.Equals, "629145600")
+	assert.Equal(c, inspectField(c, name, "HostConfig.MemorySwap"), "629145600")
 
 	file := "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"
 	out, _ := dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "629145600")
+	assert.Equal(c, strings.TrimSpace(out), "629145600")
 }
 
-func (s *DockerSuite) TestUpdateInvalidSwapMemory(c *check.C) {
+func (s *DockerSuite) TestUpdateInvalidSwapMemory(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 	testRequires(c, swapMemorySupport)
@@ -209,38 +148,38 @@ func (s *DockerSuite) TestUpdateInvalidSwapMemory(c *check.C) {
 	_, _, err := dockerCmdWithError("update", "--memory-swap", "200M", name)
 	// Update invalid swap memory should fail.
 	// This will pass docker config validation, but failed at kernel validation
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// Update invalid swap memory with failure should not change HostConfig
-	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "314572800")
-	c.Assert(inspectField(c, name, "HostConfig.MemorySwap"), checker.Equals, "524288000")
+	assert.Equal(c, inspectField(c, name, "HostConfig.Memory"), "314572800")
+	assert.Equal(c, inspectField(c, name, "HostConfig.MemorySwap"), "524288000")
 
 	dockerCmd(c, "update", "--memory-swap", "600M", name)
 
-	c.Assert(inspectField(c, name, "HostConfig.MemorySwap"), checker.Equals, "629145600")
+	assert.Equal(c, inspectField(c, name, "HostConfig.MemorySwap"), "629145600")
 
 	file := "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"
 	out, _ := dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "629145600")
+	assert.Equal(c, strings.TrimSpace(out), "629145600")
 }
 
-func (s *DockerSuite) TestUpdateStats(c *check.C) {
+func (s *DockerSuite) TestUpdateStats(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 	testRequires(c, cpuCfsQuota)
 	name := "foo"
 	dockerCmd(c, "run", "-d", "-ti", "--name", name, "-m", "500m", "busybox")
 
-	c.Assert(waitRun(name), checker.IsNil)
+	assert.NilError(c, waitRun(name))
 
 	getMemLimit := func(id string) uint64 {
 		resp, body, err := request.Get(fmt.Sprintf("/containers/%s/stats?stream=false", id))
-		c.Assert(err, checker.IsNil)
-		c.Assert(resp.Header.Get("Content-Type"), checker.Equals, "application/json")
+		assert.NilError(c, err)
+		assert.Equal(c, resp.Header.Get("Content-Type"), "application/json")
 
 		var v *types.Stats
 		err = json.NewDecoder(body).Decode(&v)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 		body.Close()
 
 		return v.MemoryStats.Limit
@@ -250,12 +189,10 @@ func (s *DockerSuite) TestUpdateStats(c *check.C) {
 	dockerCmd(c, "update", "--cpu-quota", "2000", name)
 
 	curMemLimit := getMemLimit(name)
-
-	c.Assert(preMemLimit, checker.Equals, curMemLimit)
-
+	assert.Equal(c, preMemLimit, curMemLimit)
 }
 
-func (s *DockerSuite) TestUpdateMemoryWithSwapMemory(c *check.C) {
+func (s *DockerSuite) TestUpdateMemoryWithSwapMemory(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
 	testRequires(c, swapMemorySupport)
@@ -263,77 +200,77 @@ func (s *DockerSuite) TestUpdateMemoryWithSwapMemory(c *check.C) {
 	name := "test-update-container"
 	dockerCmd(c, "run", "-d", "--name", name, "--memory", "300M", "busybox", "top")
 	out, _, err := dockerCmdWithError("update", "--memory", "800M", name)
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Memory limit should be smaller than already set memoryswap limit")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Memory limit should be smaller than already set memoryswap limit"))
 
 	dockerCmd(c, "update", "--memory", "800M", "--memory-swap", "1000M", name)
 }
 
-func (s *DockerSuite) TestUpdateNotAffectMonitorRestartPolicy(c *check.C) {
+func (s *DockerSuite) TestUpdateNotAffectMonitorRestartPolicy(c *testing.T) {
 	testRequires(c, DaemonIsLinux, cpuShare)
 
 	out, _ := dockerCmd(c, "run", "-tid", "--restart=always", "busybox", "sh")
-	id := strings.TrimSpace(string(out))
+	id := strings.TrimSpace(out)
 	dockerCmd(c, "update", "--cpu-shares", "512", id)
 
 	cpty, tty, err := pty.Open()
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer cpty.Close()
 
 	cmd := exec.Command(dockerBinary, "attach", id)
 	cmd.Stdin = tty
 
-	c.Assert(cmd.Start(), checker.IsNil)
+	assert.NilError(c, cmd.Start())
 	defer cmd.Process.Kill()
 
 	_, err = cpty.Write([]byte("exit\n"))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
-	c.Assert(cmd.Wait(), checker.IsNil)
+	assert.NilError(c, cmd.Wait())
 
 	// container should restart again and keep running
 	err = waitInspect(id, "{{.RestartCount}}", "1", 30*time.Second)
-	c.Assert(err, checker.IsNil)
-	c.Assert(waitRun(id), checker.IsNil)
+	assert.NilError(c, err)
+	assert.NilError(c, waitRun(id))
 }
 
-func (s *DockerSuite) TestUpdateWithNanoCPUs(c *check.C) {
+func (s *DockerSuite) TestUpdateWithNanoCPUs(c *testing.T) {
 	testRequires(c, cpuCfsQuota, cpuCfsPeriod)
 
 	file1 := "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"
 	file2 := "/sys/fs/cgroup/cpu/cpu.cfs_period_us"
 
 	out, _ := dockerCmd(c, "run", "-d", "--cpus", "0.5", "--name", "top", "busybox", "top")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.Assert(c, strings.TrimSpace(out) != "")
 
 	out, _ = dockerCmd(c, "exec", "top", "sh", "-c", fmt.Sprintf("cat %s && cat %s", file1, file2))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "50000\n100000")
+	assert.Equal(c, strings.TrimSpace(out), "50000\n100000")
 
-	clt, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	clt, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	inspect, err := clt.ContainerInspect(context.Background(), "top")
-	c.Assert(err, checker.IsNil)
-	c.Assert(inspect.HostConfig.NanoCPUs, checker.Equals, int64(500000000))
+	assert.NilError(c, err)
+	assert.Equal(c, inspect.HostConfig.NanoCPUs, int64(500000000))
 
 	out = inspectField(c, "top", "HostConfig.CpuQuota")
-	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS quota should be 0"))
+	assert.Equal(c, out, "0", "CPU CFS quota should be 0")
 	out = inspectField(c, "top", "HostConfig.CpuPeriod")
-	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS period should be 0"))
+	assert.Equal(c, out, "0", "CPU CFS period should be 0")
 
 	out, _, err = dockerCmdWithError("update", "--cpu-quota", "80000", "top")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Conflicting options: CPU Quota cannot be updated as NanoCPUs has already been set")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Conflicting options: CPU Quota cannot be updated as NanoCPUs has already been set"))
 
 	dockerCmd(c, "update", "--cpus", "0.8", "top")
 	inspect, err = clt.ContainerInspect(context.Background(), "top")
-	c.Assert(err, checker.IsNil)
-	c.Assert(inspect.HostConfig.NanoCPUs, checker.Equals, int64(800000000))
+	assert.NilError(c, err)
+	assert.Equal(c, inspect.HostConfig.NanoCPUs, int64(800000000))
 
 	out = inspectField(c, "top", "HostConfig.CpuQuota")
-	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS quota should be 0"))
+	assert.Equal(c, out, "0", "CPU CFS quota should be 0")
 	out = inspectField(c, "top", "HostConfig.CpuPeriod")
-	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS period should be 0"))
+	assert.Equal(c, out, "0", "CPU CFS period should be 0")
 
 	out, _ = dockerCmd(c, "exec", "top", "sh", "-c", fmt.Sprintf("cat %s && cat %s", file1, file2))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "80000\n100000")
+	assert.Equal(c, strings.TrimSpace(out), "80000\n100000")
 }
diff --git a/integration-cli/docker_cli_userns_test.go b/integration-cli/docker_cli_userns_test.go
index 13d1f56dc63d7..5c048c1f33fd8 100644
--- a/integration-cli/docker_cli_userns_test.go
+++ b/integration-cli/docker_cli_userns_test.go
@@ -1,33 +1,33 @@
+//go:build !windows
 // +build !windows
 
 package main
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/system"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // user namespaces test: run daemon with remapped root setting
 // 1. validate uid/gid maps are set properly
 // 2. verify that files created are owned by remapped root
-func (s *DockerDaemonSuite) TestDaemonUserNamespaceRootSetting(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon, UserNamespaceInKernel)
+func (s *DockerDaemonSuite) TestDaemonUserNamespaceRootSetting(c *testing.T) {
+	testRequires(c, UserNamespaceInKernel)
 
 	s.d.StartWithBusybox(c, "--userns-remap", "default")
 
-	tmpDir, err := ioutil.TempDir("", "userns")
-	c.Assert(err, checker.IsNil)
+	tmpDir, err := os.MkdirTemp("", "userns")
+	assert.NilError(c, err)
 
 	defer os.RemoveAll(tmpDir)
 
@@ -37,58 +37,59 @@ func (s *DockerDaemonSuite) TestDaemonUserNamespaceRootSetting(c *check.C) {
 
 	// we need to find the uid and gid of the remapped root from the daemon's root dir info
 	uidgid := strings.Split(filepath.Base(s.d.Root), ".")
-	c.Assert(uidgid, checker.HasLen, 2, check.Commentf("Should have gotten uid/gid strings from root dirname: %s", filepath.Base(s.d.Root)))
+	assert.Equal(c, len(uidgid), 2, fmt.Sprintf("Should have gotten uid/gid strings from root dirname: %s", filepath.Base(s.d.Root)))
 	uid, err := strconv.Atoi(uidgid[0])
-	c.Assert(err, checker.IsNil, check.Commentf("Can't parse uid"))
+	assert.NilError(c, err, "Can't parse uid")
 	gid, err := strconv.Atoi(uidgid[1])
-	c.Assert(err, checker.IsNil, check.Commentf("Can't parse gid"))
+	assert.NilError(c, err, "Can't parse gid")
 
 	// writable by the remapped root UID/GID pair
-	c.Assert(os.Chown(tmpDir, uid, gid), checker.IsNil)
+	assert.NilError(c, os.Chown(tmpDir, uid, gid))
+
+	out, err := s.d.Cmd("run", "-d", "--name", "userns", "-v", tmpDir+":/goofy", "-v", tmpDirNotExists+":/donald", "busybox", "sh", "-c", "touch /goofy/testfile; exec top")
+	assert.NilError(c, err, "Output: %s", out)
 
-	out, err := s.d.Cmd("run", "-d", "--name", "userns", "-v", tmpDir+":/goofy", "-v", tmpDirNotExists+":/donald", "busybox", "sh", "-c", "touch /goofy/testfile; top")
-	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
 	user := s.findUser(c, "userns")
-	c.Assert(uidgid[0], checker.Equals, user)
+	assert.Equal(c, uidgid[0], user)
 
 	// check that the created directory is owned by remapped uid:gid
 	statNotExists, err := system.Stat(tmpDirNotExists)
-	c.Assert(err, checker.IsNil)
-	c.Assert(statNotExists.UID(), checker.Equals, uint32(uid), check.Commentf("Created directory not owned by remapped root UID"))
-	c.Assert(statNotExists.GID(), checker.Equals, uint32(gid), check.Commentf("Created directory not owned by remapped root GID"))
+	assert.NilError(c, err)
+	assert.Equal(c, statNotExists.UID(), uint32(uid), "Created directory not owned by remapped root UID")
+	assert.Equal(c, statNotExists.GID(), uint32(gid), "Created directory not owned by remapped root GID")
 
 	pid, err := s.d.Cmd("inspect", "--format={{.State.Pid}}", "userns")
-	c.Assert(err, checker.IsNil, check.Commentf("Could not inspect running container: out: %q", pid))
+	assert.Assert(c, err == nil, "Could not inspect running container: out: %q", pid)
 	// check the uid and gid maps for the PID to ensure root is remapped
 	// (cmd = cat /proc/<pid>/uid_map | grep -E '0\s+9999\s+1')
 	_, err = RunCommandPipelineWithOutput(
 		exec.Command("cat", "/proc/"+strings.TrimSpace(pid)+"/uid_map"),
 		exec.Command("grep", "-E", fmt.Sprintf("0[[:space:]]+%d[[:space:]]+", uid)))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	_, err = RunCommandPipelineWithOutput(
 		exec.Command("cat", "/proc/"+strings.TrimSpace(pid)+"/gid_map"),
 		exec.Command("grep", "-E", fmt.Sprintf("0[[:space:]]+%d[[:space:]]+", gid)))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// check that the touched file is owned by remapped uid:gid
 	stat, err := system.Stat(filepath.Join(tmpDir, "testfile"))
-	c.Assert(err, checker.IsNil)
-	c.Assert(stat.UID(), checker.Equals, uint32(uid), check.Commentf("Touched file not owned by remapped root UID"))
-	c.Assert(stat.GID(), checker.Equals, uint32(gid), check.Commentf("Touched file not owned by remapped root GID"))
+	assert.NilError(c, err)
+	assert.Equal(c, stat.UID(), uint32(uid), "Touched file not owned by remapped root UID")
+	assert.Equal(c, stat.GID(), uint32(gid), "Touched file not owned by remapped root GID")
 
 	// use host usernamespace
-	out, err = s.d.Cmd("run", "-d", "--name", "userns_skip", "--userns", "host", "busybox", "sh", "-c", "touch /goofy/testfile; top")
-	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+	out, err = s.d.Cmd("run", "-d", "--name", "userns_skip", "--userns", "host", "busybox", "sh", "-c", "touch /goofy/testfile; exec top")
+	assert.Assert(c, err == nil, "Output: %s", out)
 	user = s.findUser(c, "userns_skip")
 	// userns are skipped, user is root
-	c.Assert(user, checker.Equals, "root")
+	assert.Equal(c, user, "root")
 }
 
 // findUser finds the uid or name of the user of the first process that runs in a container
-func (s *DockerDaemonSuite) findUser(c *check.C, container string) string {
+func (s *DockerDaemonSuite) findUser(c *testing.T, container string) string {
 	out, err := s.d.Cmd("top", container)
-	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+	assert.Assert(c, err == nil, "Output: %s", out)
 	rows := strings.Split(out, "\n")
 	if len(rows) < 2 {
 		// No process rows founds
diff --git a/integration-cli/docker_cli_v2_only_test.go b/integration-cli/docker_cli_v2_only_test.go
index df0c01a517c10..5620350fa6ba8 100644
--- a/integration-cli/docker_cli_v2_only_test.go
+++ b/integration-cli/docker_cli_v2_only_test.go
@@ -2,20 +2,20 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"os"
+	"testing"
 
-	"github.com/docker/docker/internal/test/registry"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/registry"
+	"gotest.tools/v3/assert"
 )
 
 func makefile(path string, contents string) (string, error) {
-	f, err := ioutil.TempFile(path, "tmp")
+	f, err := os.CreateTemp(path, "tmp")
 	if err != nil {
 		return "", err
 	}
-	err = ioutil.WriteFile(f.Name(), []byte(contents), os.ModePerm)
+	err = os.WriteFile(f.Name(), []byte(contents), os.ModePerm)
 	if err != nil {
 		return "", err
 	}
@@ -24,10 +24,10 @@ func makefile(path string, contents string) (string, error) {
 
 // TestV2Only ensures that a daemon does not
 // attempt to contact any v1 registry endpoints.
-func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
+func (s *DockerRegistrySuite) TestV2Only(c *testing.T) {
 	reg, err := registry.NewMock(c)
+	assert.NilError(c, err)
 	defer reg.Close()
-	c.Assert(err, check.IsNil)
 
 	reg.RegisterHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(404)
@@ -41,18 +41,17 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
 
 	s.d.Start(c, "--insecure-registry", reg.URL())
 
-	tmp, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, check.IsNil)
+	tmp, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(tmp)
 
 	dockerfileName, err := makefile(tmp, fmt.Sprintf("FROM %s/busybox", reg.URL()))
-	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
-
-	s.d.Cmd("build", "--file", dockerfileName, tmp)
-
-	s.d.Cmd("run", repoName)
-	s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.URL())
-	s.d.Cmd("tag", "busybox", repoName)
-	s.d.Cmd("push", repoName)
-	s.d.Cmd("pull", repoName)
+	assert.NilError(c, err, "Unable to create test dockerfile")
+
+	_, _ = s.d.Cmd("build", "--file", dockerfileName, tmp)
+	_, _ = s.d.Cmd("run", repoName)
+	_, _ = s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.URL())
+	_, _ = s.d.Cmd("tag", "busybox", repoName)
+	_, _ = s.d.Cmd("push", repoName)
+	_, _ = s.d.Cmd("pull", repoName)
 }
diff --git a/integration-cli/docker_cli_volume_test.go b/integration-cli/docker_cli_volume_test.go
index 257ac89701d5e..b7424c82afa9f 100644
--- a/integration-cli/docker_cli_volume_test.go
+++ b/integration-cli/docker_cli_volume_test.go
@@ -3,56 +3,50 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli/build"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
 )
 
-func (s *DockerSuite) TestVolumeCLICreate(c *check.C) {
+func (s *DockerSuite) TestVolumeCLICreate(c *testing.T) {
 	dockerCmd(c, "volume", "create")
 
 	_, _, err := dockerCmdWithError("volume", "create", "-d", "nosuchdriver")
-	c.Assert(err, check.NotNil)
+	assert.ErrorContains(c, err, "")
 
 	// test using hidden --name option
 	out, _ := dockerCmd(c, "volume", "create", "--name=test")
 	name := strings.TrimSpace(out)
-	c.Assert(name, check.Equals, "test")
+	assert.Equal(c, name, "test")
 
 	out, _ = dockerCmd(c, "volume", "create", "test2")
 	name = strings.TrimSpace(out)
-	c.Assert(name, check.Equals, "test2")
+	assert.Equal(c, name, "test2")
 }
 
-func (s *DockerSuite) TestVolumeCLIInspect(c *check.C) {
-	c.Assert(
-		exec.Command(dockerBinary, "volume", "inspect", "doesnotexist").Run(),
-		check.Not(check.IsNil),
-		check.Commentf("volume inspect should error on non-existent volume"),
-	)
-
+func (s *DockerSuite) TestVolumeCLIInspect(c *testing.T) {
+	assert.Assert(c, exec.Command(dockerBinary, "volume", "inspect", "doesnotexist").Run() != nil, "volume inspect should error on non-existent volume")
 	out, _ := dockerCmd(c, "volume", "create")
 	name := strings.TrimSpace(out)
 	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Name }}", name)
-	c.Assert(strings.TrimSpace(out), check.Equals, name)
+	assert.Equal(c, strings.TrimSpace(out), name)
 
 	dockerCmd(c, "volume", "create", "test")
 	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Name }}", "test")
-	c.Assert(strings.TrimSpace(out), check.Equals, "test")
+	assert.Equal(c, strings.TrimSpace(out), "test")
 }
 
-func (s *DockerSuite) TestVolumeCLIInspectMulti(c *check.C) {
+func (s *DockerSuite) TestVolumeCLIInspectMulti(c *testing.T) {
 	dockerCmd(c, "volume", "create", "test1")
 	dockerCmd(c, "volume", "create", "test2")
 	dockerCmd(c, "volume", "create", "test3")
@@ -64,12 +58,12 @@ func (s *DockerSuite) TestVolumeCLIInspectMulti(c *check.C) {
 	})
 
 	out := result.Stdout()
-	c.Assert(out, checker.Contains, "test1")
-	c.Assert(out, checker.Contains, "test2")
-	c.Assert(out, checker.Contains, "test3")
+	assert.Assert(c, strings.Contains(out, "test1"))
+	assert.Assert(c, strings.Contains(out, "test2"))
+	assert.Assert(c, strings.Contains(out, "test3"))
 }
 
-func (s *DockerSuite) TestVolumeCLILs(c *check.C) {
+func (s *DockerSuite) TestVolumeCLILs(c *testing.T) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 	dockerCmd(c, "volume", "create", "aaa")
 
@@ -82,7 +76,7 @@ func (s *DockerSuite) TestVolumeCLILs(c *check.C) {
 	assertVolumesInList(c, out, []string{"aaa", "soo", "test"})
 }
 
-func (s *DockerSuite) TestVolumeLsFormat(c *check.C) {
+func (s *DockerSuite) TestVolumeLsFormat(c *testing.T) {
 	dockerCmd(c, "volume", "create", "aaa")
 	dockerCmd(c, "volume", "create", "test")
 	dockerCmd(c, "volume", "create", "soo")
@@ -91,7 +85,7 @@ func (s *DockerSuite) TestVolumeLsFormat(c *check.C) {
 	assertVolumesInList(c, out, []string{"aaa", "soo", "test"})
 }
 
-func (s *DockerSuite) TestVolumeLsFormatDefaultFormat(c *check.C) {
+func (s *DockerSuite) TestVolumeLsFormatDefaultFormat(c *testing.T) {
 	dockerCmd(c, "volume", "create", "aaa")
 	dockerCmd(c, "volume", "create", "test")
 	dockerCmd(c, "volume", "create", "soo")
@@ -99,35 +93,19 @@ func (s *DockerSuite) TestVolumeLsFormatDefaultFormat(c *check.C) {
 	config := `{
 		"volumesFormat": "{{ .Name }} default"
 }`
-	d, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
+	d, err := os.MkdirTemp("", "integration-cli-")
+	assert.NilError(c, err)
 	defer os.RemoveAll(d)
 
-	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	assert.NilError(c, err)
 
 	out, _ := dockerCmd(c, "--config", d, "volume", "ls")
 	assertVolumesInList(c, out, []string{"aaa default", "soo default", "test default"})
 }
 
-// assertVolList checks volume retrieved with ls command
-// equals to expected volume list
-// note: out should be `volume ls [option]` result
-func assertVolList(c *check.C, out string, expectVols []string) {
-	lines := strings.Split(out, "\n")
-	var volList []string
-	for _, line := range lines[1 : len(lines)-1] {
-		volFields := strings.Fields(line)
-		// wrap all volume name in volList
-		volList = append(volList, volFields[1])
-	}
-
-	// volume ls should contains all expected volumes
-	c.Assert(volList, checker.DeepEquals, expectVols)
-}
-
-func assertVolumesInList(c *check.C, out string, expected []string) {
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+func assertVolumesInList(c *testing.T, out string, expected []string) {
+	lines := strings.Split(strings.TrimSpace(out), "\n")
 	for _, expect := range expected {
 		found := false
 		for _, v := range lines {
@@ -136,11 +114,11 @@ func assertVolumesInList(c *check.C, out string, expected []string) {
 				break
 			}
 		}
-		c.Assert(found, checker.Equals, true, check.Commentf("Expected volume not found: %v, got: %v", expect, lines))
+		assert.Assert(c, found, "Expected volume not found: %v, got: %v", expect, lines)
 	}
 }
 
-func (s *DockerSuite) TestVolumeCLILsFilterDangling(c *check.C) {
+func (s *DockerSuite) TestVolumeCLILsFilterDangling(c *testing.T) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 	dockerCmd(c, "volume", "create", "testnotinuse1")
 	dockerCmd(c, "volume", "create", "testisinuse1")
@@ -154,55 +132,50 @@ func (s *DockerSuite) TestVolumeCLILsFilterDangling(c *check.C) {
 	out, _ := dockerCmd(c, "volume", "ls")
 
 	// No filter, all volumes should show
-	c.Assert(out, checker.Contains, "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("expected volume 'testisinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
-
+	assert.Assert(c, strings.Contains(out, "testnotinuse1\n"), "expected volume 'testnotinuse1' in output")
+	assert.Assert(c, strings.Contains(out, "testisinuse1\n"), "expected volume 'testisinuse1' in output")
+	assert.Assert(c, strings.Contains(out, "testisinuse2\n"), "expected volume 'testisinuse2' in output")
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "dangling=false")
 
 	// Explicitly disabling dangling
-	c.Assert(out, check.Not(checker.Contains), "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("expected volume 'testisinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
-
+	assert.Assert(c, !strings.Contains(out, "testnotinuse1\n"), "expected volume 'testnotinuse1' in output")
+	assert.Assert(c, strings.Contains(out, "testisinuse1\n"), "expected volume 'testisinuse1' in output")
+	assert.Assert(c, strings.Contains(out, "testisinuse2\n"), "expected volume 'testisinuse2' in output")
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "dangling=true")
 
 	// Filter "dangling" volumes; only "dangling" (unused) volumes should be in the output
-	c.Assert(out, checker.Contains, "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
-	c.Assert(out, check.Not(checker.Contains), "testisinuse1\n", check.Commentf("volume 'testisinuse1' in output, but not expected"))
-	c.Assert(out, check.Not(checker.Contains), "testisinuse2\n", check.Commentf("volume 'testisinuse2' in output, but not expected"))
-
+	assert.Assert(c, strings.Contains(out, "testnotinuse1\n"), "expected volume 'testnotinuse1' in output")
+	assert.Assert(c, !strings.Contains(out, "testisinuse1\n"), "volume 'testisinuse1' in output, but not expected")
+	assert.Assert(c, !strings.Contains(out, "testisinuse2\n"), "volume 'testisinuse2' in output, but not expected")
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "dangling=1")
 	// Filter "dangling" volumes; only "dangling" (unused) volumes should be in the output, dangling also accept 1
-	c.Assert(out, checker.Contains, "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
-	c.Assert(out, check.Not(checker.Contains), "testisinuse1\n", check.Commentf("volume 'testisinuse1' in output, but not expected"))
-	c.Assert(out, check.Not(checker.Contains), "testisinuse2\n", check.Commentf("volume 'testisinuse2' in output, but not expected"))
-
+	assert.Assert(c, strings.Contains(out, "testnotinuse1\n"), "expected volume 'testnotinuse1' in output")
+	assert.Assert(c, !strings.Contains(out, "testisinuse1\n"), "volume 'testisinuse1' in output, but not expected")
+	assert.Assert(c, !strings.Contains(out, "testisinuse2\n"), "volume 'testisinuse2' in output, but not expected")
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "dangling=0")
 	// dangling=0 is same as dangling=false case
-	c.Assert(out, check.Not(checker.Contains), "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("expected volume 'testisinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
-
+	assert.Assert(c, !strings.Contains(out, "testnotinuse1\n"), "expected volume 'testnotinuse1' in output")
+	assert.Assert(c, strings.Contains(out, "testisinuse1\n"), "expected volume 'testisinuse1' in output")
+	assert.Assert(c, strings.Contains(out, "testisinuse2\n"), "expected volume 'testisinuse2' in output")
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "name=testisin")
-	c.Assert(out, check.Not(checker.Contains), "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("expected volume 'testisinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
+	assert.Assert(c, !strings.Contains(out, "testnotinuse1\n"), "expected volume 'testnotinuse1' in output")
+	assert.Assert(c, strings.Contains(out, "testisinuse1\n"), "expected volume 'testisinuse1' in output")
+	assert.Assert(c, strings.Contains(out, "testisinuse2\n"), "expected volume 'testisinuse2' in output")
 }
 
-func (s *DockerSuite) TestVolumeCLILsErrorWithInvalidFilterName(c *check.C) {
+func (s *DockerSuite) TestVolumeCLILsErrorWithInvalidFilterName(c *testing.T) {
 	out, _, err := dockerCmdWithError("volume", "ls", "-f", "FOO=123")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Invalid filter")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Invalid filter"))
 }
 
-func (s *DockerSuite) TestVolumeCLILsWithIncorrectFilterValue(c *check.C) {
+func (s *DockerSuite) TestVolumeCLILsWithIncorrectFilterValue(c *testing.T) {
 	out, _, err := dockerCmdWithError("volume", "ls", "-f", "dangling=invalid")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "Invalid filter")
+	assert.ErrorContains(c, err, "")
+	assert.Assert(c, strings.Contains(out, "Invalid filter"))
 }
 
-func (s *DockerSuite) TestVolumeCLIRm(c *check.C) {
+func (s *DockerSuite) TestVolumeCLIRm(c *testing.T) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 	out, _ := dockerCmd(c, "volume", "create")
 	id := strings.TrimSpace(out)
@@ -220,30 +193,25 @@ func (s *DockerSuite) TestVolumeCLIRm(c *check.C) {
 	})
 
 	out, _ = dockerCmd(c, "run", "--volumes-from=test", "--name=test2", "busybox", "sh", "-c", "cat /foo/bar")
-	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+	assert.Equal(c, strings.TrimSpace(out), "hello")
 	dockerCmd(c, "rm", "-fv", "test2")
 	dockerCmd(c, "volume", "inspect", volumeID)
 	dockerCmd(c, "rm", "-f", "test")
 
 	out, _ = dockerCmd(c, "run", "--name=test2", "-v", volumeID+":"+prefix+"/foo", "busybox", "sh", "-c", "cat /foo/bar")
-	c.Assert(strings.TrimSpace(out), check.Equals, "hello", check.Commentf("volume data was removed"))
+	assert.Equal(c, strings.TrimSpace(out), "hello", "volume data was removed")
 	dockerCmd(c, "rm", "test2")
 
 	dockerCmd(c, "volume", "rm", volumeID)
-	c.Assert(
-		exec.Command("volume", "rm", "doesnotexist").Run(),
-		check.Not(check.IsNil),
-		check.Commentf("volume rm should fail with non-existent volume"),
-	)
+	assert.Assert(c, exec.Command("volume", "rm", "doesnotexist").Run() != nil, "volume rm should fail with non-existent volume")
 }
 
 // FIXME(vdemeester) should be a unit test in cli/command/volume package
-func (s *DockerSuite) TestVolumeCLINoArgs(c *check.C) {
+func (s *DockerSuite) TestVolumeCLINoArgs(c *testing.T) {
 	out, _ := dockerCmd(c, "volume")
 	// no args should produce the cmd usage output
 	usage := "Usage:	docker volume COMMAND"
-	c.Assert(out, checker.Contains, usage)
-
+	assert.Assert(c, strings.Contains(out, usage))
 	// invalid arg should error and show the command usage on stderr
 	icmd.RunCommand(dockerBinary, "volume", "somearg").Assert(c, icmd.Expected{
 		ExitCode: 1,
@@ -258,20 +226,20 @@ func (s *DockerSuite) TestVolumeCLINoArgs(c *check.C) {
 		Error:    "exit status 125",
 		Err:      usage,
 	})
-	c.Assert(result.Stderr(), checker.Contains, "unknown flag: --no-such-flag")
+	assert.Assert(c, strings.Contains(result.Stderr(), "unknown flag: --no-such-flag"))
 }
 
-func (s *DockerSuite) TestVolumeCLIInspectTmplError(c *check.C) {
+func (s *DockerSuite) TestVolumeCLIInspectTmplError(c *testing.T) {
 	out, _ := dockerCmd(c, "volume", "create")
 	name := strings.TrimSpace(out)
 
 	out, exitCode, err := dockerCmdWithError("volume", "inspect", "--format='{{ .FooBar }}'", name)
-	c.Assert(err, checker.NotNil, check.Commentf("Output: %s", out))
-	c.Assert(exitCode, checker.Equals, 1, check.Commentf("Output: %s", out))
-	c.Assert(out, checker.Contains, "Template parsing error")
+	assert.Assert(c, err != nil, "Output: %s", out)
+	assert.Equal(c, exitCode, 1, fmt.Sprintf("Output: %s", out))
+	assert.Assert(c, strings.Contains(out, "Template parsing error"))
 }
 
-func (s *DockerSuite) TestVolumeCLICreateWithOpts(c *check.C) {
+func (s *DockerSuite) TestVolumeCLICreateWithOpts(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	dockerCmd(c, "volume", "create", "-d", "local", "test", "--opt=type=tmpfs", "--opt=device=tmpfs", "--opt=o=size=1m,uid=1000")
@@ -284,30 +252,30 @@ func (s *DockerSuite) TestVolumeCLICreateWithOpts(c *check.C) {
 			found = true
 			info := strings.Fields(m)
 			// tmpfs on <path> type tmpfs (rw,relatime,size=1024k,uid=1000)
-			c.Assert(info[0], checker.Equals, "tmpfs")
-			c.Assert(info[2], checker.Equals, "/foo")
-			c.Assert(info[4], checker.Equals, "tmpfs")
-			c.Assert(info[5], checker.Contains, "uid=1000")
-			c.Assert(info[5], checker.Contains, "size=1024k")
+			assert.Equal(c, info[0], "tmpfs")
+			assert.Equal(c, info[2], "/foo")
+			assert.Equal(c, info[4], "tmpfs")
+			assert.Assert(c, strings.Contains(info[5], "uid=1000"))
+			assert.Assert(c, strings.Contains(info[5], "size=1024k"))
 			break
 		}
 	}
-	c.Assert(found, checker.Equals, true)
+	assert.Equal(c, found, true)
 }
 
-func (s *DockerSuite) TestVolumeCLICreateLabel(c *check.C) {
+func (s *DockerSuite) TestVolumeCLICreateLabel(c *testing.T) {
 	testVol := "testvolcreatelabel"
 	testLabel := "foo"
 	testValue := "bar"
 
 	_, _, err := dockerCmdWithError("volume", "create", "--label", testLabel+"="+testValue, testVol)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	out, _ := dockerCmd(c, "volume", "inspect", "--format={{ .Labels."+testLabel+" }}", testVol)
-	c.Assert(strings.TrimSpace(out), check.Equals, testValue)
+	assert.Equal(c, strings.TrimSpace(out), testValue)
 }
 
-func (s *DockerSuite) TestVolumeCLICreateLabelMultiple(c *check.C) {
+func (s *DockerSuite) TestVolumeCLICreateLabelMultiple(c *testing.T) {
 	testVol := "testvolcreatelabel"
 
 	testLabels := map[string]string{
@@ -326,76 +294,73 @@ func (s *DockerSuite) TestVolumeCLICreateLabelMultiple(c *check.C) {
 	}
 
 	_, _, err := dockerCmdWithError(args...)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	for k, v := range testLabels {
 		out, _ := dockerCmd(c, "volume", "inspect", "--format={{ .Labels."+k+" }}", testVol)
-		c.Assert(strings.TrimSpace(out), check.Equals, v)
+		assert.Equal(c, strings.TrimSpace(out), v)
 	}
 }
 
-func (s *DockerSuite) TestVolumeCLILsFilterLabels(c *check.C) {
+func (s *DockerSuite) TestVolumeCLILsFilterLabels(c *testing.T) {
 	testVol1 := "testvolcreatelabel-1"
 	_, _, err := dockerCmdWithError("volume", "create", "--label", "foo=bar1", testVol1)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	testVol2 := "testvolcreatelabel-2"
 	_, _, err = dockerCmdWithError("volume", "create", "--label", "foo=bar2", testVol2)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	out, _ := dockerCmd(c, "volume", "ls", "--filter", "label=foo")
 
 	// filter with label=key
-	c.Assert(out, checker.Contains, "testvolcreatelabel-1\n", check.Commentf("expected volume 'testvolcreatelabel-1' in output"))
-	c.Assert(out, checker.Contains, "testvolcreatelabel-2\n", check.Commentf("expected volume 'testvolcreatelabel-2' in output"))
-
+	assert.Assert(c, strings.Contains(out, "testvolcreatelabel-1\n"), "expected volume 'testvolcreatelabel-1' in output")
+	assert.Assert(c, strings.Contains(out, "testvolcreatelabel-2\n"), "expected volume 'testvolcreatelabel-2' in output")
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "label=foo=bar1")
 
 	// filter with label=key=value
-	c.Assert(out, checker.Contains, "testvolcreatelabel-1\n", check.Commentf("expected volume 'testvolcreatelabel-1' in output"))
-	c.Assert(out, check.Not(checker.Contains), "testvolcreatelabel-2\n", check.Commentf("expected volume 'testvolcreatelabel-2 in output"))
-
+	assert.Assert(c, strings.Contains(out, "testvolcreatelabel-1\n"), "expected volume 'testvolcreatelabel-1' in output")
+	assert.Assert(c, !strings.Contains(out, "testvolcreatelabel-2\n"), "expected volume 'testvolcreatelabel-2 in output")
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "label=non-exist")
 	outArr := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+	assert.Equal(c, len(outArr), 1, fmt.Sprintf("\n%s", out))
 
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "label=foo=non-exist")
 	outArr = strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+	assert.Equal(c, len(outArr), 1, fmt.Sprintf("\n%s", out))
 }
 
-func (s *DockerSuite) TestVolumeCLILsFilterDrivers(c *check.C) {
+func (s *DockerSuite) TestVolumeCLILsFilterDrivers(c *testing.T) {
 	// using default volume driver local to create volumes
 	testVol1 := "testvol-1"
 	_, _, err := dockerCmdWithError("volume", "create", testVol1)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	testVol2 := "testvol-2"
 	_, _, err = dockerCmdWithError("volume", "create", testVol2)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	// filter with driver=local
 	out, _ := dockerCmd(c, "volume", "ls", "--filter", "driver=local")
-	c.Assert(out, checker.Contains, "testvol-1\n", check.Commentf("expected volume 'testvol-1' in output"))
-	c.Assert(out, checker.Contains, "testvol-2\n", check.Commentf("expected volume 'testvol-2' in output"))
-
+	assert.Assert(c, strings.Contains(out, "testvol-1\n"), "expected volume 'testvol-1' in output")
+	assert.Assert(c, strings.Contains(out, "testvol-2\n"), "expected volume 'testvol-2' in output")
 	// filter with driver=invaliddriver
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=invaliddriver")
 	outArr := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+	assert.Equal(c, len(outArr), 1, fmt.Sprintf("\n%s", out))
 
 	// filter with driver=loca
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=loca")
 	outArr = strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+	assert.Equal(c, len(outArr), 1, fmt.Sprintf("\n%s", out))
 
 	// filter with driver=
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=")
 	outArr = strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+	assert.Equal(c, len(outArr), 1, fmt.Sprintf("\n%s", out))
 }
 
-func (s *DockerSuite) TestVolumeCLIRmForceUsage(c *check.C) {
+func (s *DockerSuite) TestVolumeCLIRmForceUsage(c *testing.T) {
 	out, _ := dockerCmd(c, "volume", "create")
 	id := strings.TrimSpace(out)
 
@@ -403,77 +368,74 @@ func (s *DockerSuite) TestVolumeCLIRmForceUsage(c *check.C) {
 	dockerCmd(c, "volume", "rm", "--force", "nonexist")
 }
 
-func (s *DockerSuite) TestVolumeCLIRmForce(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerSuite) TestVolumeCLIRmForce(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	name := "test"
 	out, _ := dockerCmd(c, "volume", "create", name)
 	id := strings.TrimSpace(out)
-	c.Assert(id, checker.Equals, name)
+	assert.Equal(c, id, name)
 
 	out, _ = dockerCmd(c, "volume", "inspect", "--format", "{{.Mountpoint}}", name)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	assert.Assert(c, strings.TrimSpace(out) != "")
 	// Mountpoint is in the form of "/var/lib/docker/volumes/.../_data", removing `/_data`
 	path := strings.TrimSuffix(strings.TrimSpace(out), "/_data")
 	icmd.RunCommand("rm", "-rf", path).Assert(c, icmd.Success)
 
 	dockerCmd(c, "volume", "rm", "-f", name)
 	out, _ = dockerCmd(c, "volume", "ls")
-	c.Assert(out, checker.Not(checker.Contains), name)
+	assert.Assert(c, !strings.Contains(out, name))
 	dockerCmd(c, "volume", "create", name)
 	out, _ = dockerCmd(c, "volume", "ls")
-	c.Assert(out, checker.Contains, name)
+	assert.Assert(c, strings.Contains(out, name))
 }
 
 // TestVolumeCLIRmForceInUse verifies that repeated `docker volume rm -f` calls does not remove a volume
 // if it is in use. Test case for https://github.com/docker/docker/issues/31446
-func (s *DockerSuite) TestVolumeCLIRmForceInUse(c *check.C) {
+func (s *DockerSuite) TestVolumeCLIRmForceInUse(c *testing.T) {
 	name := "testvolume"
 	out, _ := dockerCmd(c, "volume", "create", name)
 	id := strings.TrimSpace(out)
-	c.Assert(id, checker.Equals, name)
+	assert.Equal(c, id, name)
 
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 	out, _ = dockerCmd(c, "create", "-v", "testvolume:"+prefix+slash+"foo", "busybox")
 	cid := strings.TrimSpace(out)
 
 	_, _, err := dockerCmdWithError("volume", "rm", "-f", name)
-	c.Assert(err, check.NotNil)
-	c.Assert(err.Error(), checker.Contains, "volume is in use")
+	assert.ErrorContains(c, err, "")
+	assert.ErrorContains(c, err, "volume is in use")
 	out, _ = dockerCmd(c, "volume", "ls")
-	c.Assert(out, checker.Contains, name)
-
+	assert.Assert(c, strings.Contains(out, name))
 	// The original issue did not _remove_ the volume from the list
 	// the first time. But a second call to `volume rm` removed it.
 	// Calling `volume rm` a second time to confirm it's not removed
 	// when calling twice.
 	_, _, err = dockerCmdWithError("volume", "rm", "-f", name)
-	c.Assert(err, check.NotNil)
-	c.Assert(err.Error(), checker.Contains, "volume is in use")
+	assert.ErrorContains(c, err, "")
+	assert.ErrorContains(c, err, "volume is in use")
 	out, _ = dockerCmd(c, "volume", "ls")
-	c.Assert(out, checker.Contains, name)
-
+	assert.Assert(c, strings.Contains(out, name))
 	// Verify removing the volume after the container is removed works
 	_, e := dockerCmd(c, "rm", cid)
-	c.Assert(e, check.Equals, 0)
+	assert.Equal(c, e, 0)
 
 	_, e = dockerCmd(c, "volume", "rm", "-f", name)
-	c.Assert(e, check.Equals, 0)
+	assert.Equal(c, e, 0)
 
 	out, e = dockerCmd(c, "volume", "ls")
-	c.Assert(e, check.Equals, 0)
-	c.Assert(out, checker.Not(checker.Contains), name)
+	assert.Equal(c, e, 0)
+	assert.Assert(c, !strings.Contains(out, name))
 }
 
-func (s *DockerSuite) TestVolumeCliInspectWithVolumeOpts(c *check.C) {
+func (s *DockerSuite) TestVolumeCliInspectWithVolumeOpts(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	// Without options
 	name := "test1"
 	dockerCmd(c, "volume", "create", "-d", "local", name)
 	out, _ := dockerCmd(c, "volume", "inspect", "--format={{ .Options }}", name)
-	c.Assert(strings.TrimSpace(out), checker.Contains, "map[]")
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "map[]"))
 	// With options
 	name = "test2"
 	k1, v1 := "type", "tmpfs"
@@ -481,13 +443,13 @@ func (s *DockerSuite) TestVolumeCliInspectWithVolumeOpts(c *check.C) {
 	k3, v3 := "o", "size=1m,uid=1000"
 	dockerCmd(c, "volume", "create", "-d", "local", name, "--opt", fmt.Sprintf("%s=%s", k1, v1), "--opt", fmt.Sprintf("%s=%s", k2, v2), "--opt", fmt.Sprintf("%s=%s", k3, v3))
 	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Options }}", name)
-	c.Assert(strings.TrimSpace(out), checker.Contains, fmt.Sprintf("%s:%s", k1, v1))
-	c.Assert(strings.TrimSpace(out), checker.Contains, fmt.Sprintf("%s:%s", k2, v2))
-	c.Assert(strings.TrimSpace(out), checker.Contains, fmt.Sprintf("%s:%s", k3, v3))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), fmt.Sprintf("%s:%s", k1, v1)))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), fmt.Sprintf("%s:%s", k2, v2)))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), fmt.Sprintf("%s:%s", k3, v3)))
 }
 
 // Test case (1) for 21845: duplicate targets for --volumes-from
-func (s *DockerSuite) TestDuplicateMountpointsForVolumesFrom(c *check.C) {
+func (s *DockerSuite) TestDuplicateMountpointsForVolumesFrom(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	image := "vimage"
@@ -500,23 +462,22 @@ func (s *DockerSuite) TestDuplicateMountpointsForVolumesFrom(c *check.C) {
 
 	out, _ := dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data1")
 	data1 := strings.TrimSpace(out)
-	c.Assert(data1, checker.Not(checker.Equals), "")
+	assert.Assert(c, data1 != "")
 
 	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data2")
 	data2 := strings.TrimSpace(out)
-	c.Assert(data2, checker.Not(checker.Equals), "")
+	assert.Assert(c, data2 != "")
 
 	// Both volume should exist
 	out, _ = dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Contains, data1)
-	c.Assert(strings.TrimSpace(out), checker.Contains, data2)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), data1))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), data2))
 	out, _, err := dockerCmdWithError("run", "--name=app", "--volumes-from=data1", "--volumes-from=data2", "-d", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("Out: %s", out))
+	assert.Assert(c, err == nil, "Out: %s", out)
 
 	// Only the second volume will be referenced, this is backward compatible
 	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "app")
-	c.Assert(strings.TrimSpace(out), checker.Equals, data2)
+	assert.Equal(c, strings.TrimSpace(out), data2)
 
 	dockerCmd(c, "rm", "-f", "-v", "app")
 	dockerCmd(c, "rm", "-f", "-v", "data1")
@@ -524,12 +485,12 @@ func (s *DockerSuite) TestDuplicateMountpointsForVolumesFrom(c *check.C) {
 
 	// Both volume should not exist
 	out, _ = dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data2))
 }
 
 // Test case (2) for 21845: duplicate targets for --volumes-from and -v (bind)
-func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndBind(c *check.C) {
+func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndBind(c *testing.T) {
 	testRequires(c, DaemonIsLinux)
 
 	image := "vimage"
@@ -542,39 +503,37 @@ func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndBind(c *check.C)
 
 	out, _ := dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data1")
 	data1 := strings.TrimSpace(out)
-	c.Assert(data1, checker.Not(checker.Equals), "")
+	assert.Assert(c, data1 != "")
 
 	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data2")
 	data2 := strings.TrimSpace(out)
-	c.Assert(data2, checker.Not(checker.Equals), "")
+	assert.Assert(c, data2 != "")
 
 	// Both volume should exist
 	out, _ = dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Contains, data1)
-	c.Assert(strings.TrimSpace(out), checker.Contains, data2)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), data1))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), data2))
 	// /tmp/data is automatically created, because we are not using the modern mount API here
 	out, _, err := dockerCmdWithError("run", "--name=app", "--volumes-from=data1", "--volumes-from=data2", "-v", "/tmp/data:/tmp/data", "-d", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf("Out: %s", out))
+	assert.Assert(c, err == nil, "Out: %s", out)
 
 	// No volume will be referenced (mount is /tmp/data), this is backward compatible
 	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "app")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data2))
 	dockerCmd(c, "rm", "-f", "-v", "app")
 	dockerCmd(c, "rm", "-f", "-v", "data1")
 	dockerCmd(c, "rm", "-f", "-v", "data2")
 
 	// Both volume should not exist
 	out, _ = dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data2))
 }
 
 // Test case (3) for 21845: duplicate targets for --volumes-from and `Mounts` (API only)
-func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndMounts(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndMounts(c *testing.T) {
+	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
 
 	image := "vimage"
 	buildImageSuccessfully(c, image, build.WithDockerfile(`
@@ -586,22 +545,21 @@ func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndMounts(c *check.C
 
 	out, _ := dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data1")
 	data1 := strings.TrimSpace(out)
-	c.Assert(data1, checker.Not(checker.Equals), "")
+	assert.Assert(c, data1 != "")
 
 	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data2")
 	data2 := strings.TrimSpace(out)
-	c.Assert(data2, checker.Not(checker.Equals), "")
+	assert.Assert(c, data2 != "")
 
 	// Both volume should exist
 	out, _ = dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Contains, data1)
-	c.Assert(strings.TrimSpace(out), checker.Contains, data2)
-
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), data1))
+	assert.Assert(c, strings.Contains(strings.TrimSpace(out), data2))
 	err := os.MkdirAll("/tmp/data", 0755)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	// Mounts is available in API
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	config := container.Config{
@@ -619,21 +577,20 @@ func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndMounts(c *check.C
 			},
 		},
 	}
-	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &network.NetworkingConfig{}, "app")
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &network.NetworkingConfig{}, nil, "app")
 
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	// No volume will be referenced (mount is /tmp/data), this is backward compatible
 	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "app")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
-
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data2))
 	dockerCmd(c, "rm", "-f", "-v", "app")
 	dockerCmd(c, "rm", "-f", "-v", "data1")
 	dockerCmd(c, "rm", "-f", "-v", "data2")
 
 	// Both volume should not exist
 	out, _ = dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data1))
+	assert.Assert(c, !strings.Contains(strings.TrimSpace(out), data2))
 }
diff --git a/integration-cli/docker_deprecated_api_v124_test.go b/integration-cli/docker_deprecated_api_v124_test.go
index ffb06da40fab5..ea778fdede33f 100644
--- a/integration-cli/docker_deprecated_api_v124_test.go
+++ b/integration-cli/docker_deprecated_api_v124_test.go
@@ -6,37 +6,38 @@ package main
 import (
 	"net/http"
 	"strings"
+	"testing"
 
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func formatV123StartAPIURL(url string) string {
 	return "/v1.23" + url
 }
 
-func (s *DockerSuite) TestDeprecatedContainerAPIStartHostConfig(c *check.C) {
+func (s *DockerSuite) TestDeprecatedContainerAPIStartHostConfig(c *testing.T) {
 	name := "test-deprecated-api-124"
 	dockerCmd(c, "create", "--name", name, "busybox")
 	config := map[string]interface{}{
 		"Binds": []string{"/aa:/bb"},
 	}
 	res, body, err := request.Post("/containers/"+name+"/start", request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
 		// assertions below won't work before 1.32
 		buf, err := request.ReadBody(body)
-		c.Assert(err, checker.IsNil)
+		assert.NilError(c, err)
 
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
-		c.Assert(string(buf), checker.Contains, "was deprecated since API v1.22")
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
+		assert.Assert(c, strings.Contains(string(buf), "was deprecated since API v1.22"))
 	}
 }
 
-func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumeBinds(c *check.C) {
+func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumeBinds(c *testing.T) {
 	// TODO Windows CI: Investigate further why this fails on Windows to Windows CI.
 	testRequires(c, DaemonIsLinux)
 	path := "/foo"
@@ -50,24 +51,24 @@ func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumeBinds(c *check.C) {
 	}
 
 	res, _, err := request.Post(formatV123StartAPIURL("/containers/create?name="+name), request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusCreated)
 
 	bindPath := RandomTmpDirPath("test", testEnv.OSType)
 	config = map[string]interface{}{
 		"Binds": []string{bindPath + ":" + path},
 	}
 	res, _, err = request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNoContent)
 
 	pth, err := inspectMountSourceField(name, path)
-	c.Assert(err, checker.IsNil)
-	c.Assert(pth, checker.Equals, bindPath, check.Commentf("expected volume host path to be %s, got %s", bindPath, pth))
+	assert.NilError(c, err)
+	assert.Equal(c, pth, bindPath, "expected volume host path to be %s, got %s", bindPath, pth)
 }
 
 // Test for GH#10618
-func (s *DockerSuite) TestDeprecatedContainerAPIStartDupVolumeBinds(c *check.C) {
+func (s *DockerSuite) TestDeprecatedContainerAPIStartDupVolumeBinds(c *testing.T) {
 	// TODO Windows to Windows CI - Port this
 	testRequires(c, DaemonIsLinux)
 	name := "testdups"
@@ -77,8 +78,8 @@ func (s *DockerSuite) TestDeprecatedContainerAPIStartDupVolumeBinds(c *check.C)
 	}
 
 	res, _, err := request.Post(formatV123StartAPIURL("/containers/create?name="+name), request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusCreated)
 
 	bindPath1 := RandomTmpDirPath("test1", testEnv.OSType)
 	bindPath2 := RandomTmpDirPath("test2", testEnv.OSType)
@@ -87,20 +88,20 @@ func (s *DockerSuite) TestDeprecatedContainerAPIStartDupVolumeBinds(c *check.C)
 		"Binds": []string{bindPath1 + ":/tmp", bindPath2 + ":/tmp"},
 	}
 	res, body, err := request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	buf, err := request.ReadBody(body)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+		assert.Equal(c, res.StatusCode, http.StatusInternalServerError)
 	} else {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	}
-	c.Assert(string(buf), checker.Contains, "Duplicate mount point", check.Commentf("Expected failure due to duplicate bind mounts to same path, instead got: %q with error: %v", string(buf), err))
+	assert.Assert(c, strings.Contains(string(buf), "Duplicate mount point"), "Expected failure due to duplicate bind mounts to same path, instead got: %q with error: %v", string(buf), err)
 }
 
-func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumesFrom(c *check.C) {
+func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumesFrom(c *testing.T) {
 	// TODO Windows to Windows CI - Port this
 	testRequires(c, DaemonIsLinux)
 	volName := "voltst"
@@ -115,45 +116,45 @@ func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumesFrom(c *check.C) {
 	}
 
 	res, _, err := request.Post(formatV123StartAPIURL("/containers/create?name="+name), request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusCreated)
 
 	config = map[string]interface{}{
 		"VolumesFrom": []string{volName},
 	}
 	res, _, err = request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNoContent)
 
 	pth, err := inspectMountSourceField(name, volPath)
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	pth2, err := inspectMountSourceField(volName, volPath)
-	c.Assert(err, checker.IsNil)
-	c.Assert(pth, checker.Equals, pth2, check.Commentf("expected volume host path to be %s, got %s", pth, pth2))
+	assert.NilError(c, err)
+	assert.Equal(c, pth, pth2, "expected volume host path to be %s, got %s", pth, pth2)
 }
 
 // #9981 - Allow a docker created volume (ie, one in /var/lib/docker/volumes) to be used to overwrite (via passing in Binds on api start) an existing volume
-func (s *DockerSuite) TestDeprecatedPostContainerBindNormalVolume(c *check.C) {
+func (s *DockerSuite) TestDeprecatedPostContainerBindNormalVolume(c *testing.T) {
 	// TODO Windows to Windows CI - Port this
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "create", "-v", "/foo", "--name=one", "busybox")
 
 	fooDir, err := inspectMountSourceField("one", "/foo")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 
 	dockerCmd(c, "create", "-v", "/foo", "--name=two", "busybox")
 
 	bindSpec := map[string][]string{"Binds": {fooDir + ":/foo"}}
 	res, _, err := request.Post(formatV123StartAPIURL("/containers/two/start"), request.JSONBody(bindSpec))
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNoContent)
 
 	fooDir2, err := inspectMountSourceField("two", "/foo")
-	c.Assert(err, checker.IsNil)
-	c.Assert(fooDir2, checker.Equals, fooDir, check.Commentf("expected volume path to be %s, got: %s", fooDir, fooDir2))
+	assert.NilError(c, err)
+	assert.Equal(c, fooDir2, fooDir, "expected volume path to be %s, got: %s", fooDir, fooDir2)
 }
 
-func (s *DockerSuite) TestDeprecatedStartWithTooLowMemoryLimit(c *check.C) {
+func (s *DockerSuite) TestDeprecatedStartWithTooLowMemoryLimit(c *testing.T) {
 	// TODO Windows: Port once memory is supported
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "create", "busybox")
@@ -166,19 +167,19 @@ func (s *DockerSuite) TestDeprecatedStartWithTooLowMemoryLimit(c *check.C) {
         }`
 
 	res, body, err := request.Post(formatV123StartAPIURL("/containers/"+containerID+"/start"), request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
-	b, err2 := request.ReadBody(body)
-	c.Assert(err2, checker.IsNil)
+	assert.NilError(c, err)
+	b, err := request.ReadBody(body)
+	assert.NilError(c, err)
 	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+		assert.Equal(c, res.StatusCode, http.StatusInternalServerError)
 	} else {
-		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		assert.Equal(c, res.StatusCode, http.StatusBadRequest)
 	}
-	c.Assert(string(b), checker.Contains, "Minimum memory limit allowed is 4MB")
+	assert.Assert(c, is.Contains(string(b), "Minimum memory limit allowed is 6MB"))
 }
 
 // #14640
-func (s *DockerSuite) TestDeprecatedPostContainersStartWithoutLinksInHostConfig(c *check.C) {
+func (s *DockerSuite) TestDeprecatedPostContainersStartWithoutLinksInHostConfig(c *testing.T) {
 	// TODO Windows: Windows doesn't support supplying a hostconfig on start.
 	// An alternate test could be written to validate the negative testing aspect of this
 	testRequires(c, DaemonIsLinux)
@@ -189,13 +190,13 @@ func (s *DockerSuite) TestDeprecatedPostContainersStartWithoutLinksInHostConfig(
 	config := `{"HostConfig":` + hc + `}`
 
 	res, b, err := request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNoContent)
 	b.Close()
 }
 
 // #14640
-func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfig(c *check.C) {
+func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfig(c *testing.T) {
 	// TODO Windows: Windows doesn't support supplying a hostconfig on start.
 	// An alternate test could be written to validate the negative testing aspect of this
 	testRequires(c, DaemonIsLinux)
@@ -207,13 +208,13 @@ func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfig(c *
 	config := `{"HostConfig":` + hc + `}`
 
 	res, b, err := request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNoContent)
 	b.Close()
 }
 
 // #14640
-func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfigIdLinked(c *check.C) {
+func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfigIdLinked(c *testing.T) {
 	// Windows does not support links
 	testRequires(c, DaemonIsLinux)
 	name := "test-host-config-links"
@@ -227,12 +228,12 @@ func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfigIdLi
 	config := `{"HostConfig":` + hc + `}`
 
 	res, b, err := request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNoContent)
 	b.Close()
 }
 
-func (s *DockerSuite) TestDeprecatedStartWithNilDNS(c *check.C) {
+func (s *DockerSuite) TestDeprecatedStartWithNilDNS(c *testing.T) {
 	// TODO Windows: Add once DNS is supported
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "create", "busybox")
@@ -241,10 +242,10 @@ func (s *DockerSuite) TestDeprecatedStartWithNilDNS(c *check.C) {
 	config := `{"HostConfig": {"Dns": null}}`
 
 	res, b, err := request.Post(formatV123StartAPIURL("/containers/"+containerID+"/start"), request.RawString(config), request.JSON)
-	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	assert.NilError(c, err)
+	assert.Equal(c, res.StatusCode, http.StatusNoContent)
 	b.Close()
 
 	dns := inspectFieldJSON(c, containerID, "HostConfig.Dns")
-	c.Assert(dns, checker.Equals, "[]")
+	assert.Equal(c, dns, "[]")
 }
diff --git a/integration-cli/docker_deprecated_api_v124_unix_test.go b/integration-cli/docker_deprecated_api_v124_unix_test.go
index c182b2a7aa8c6..f8665f58b1e82 100644
--- a/integration-cli/docker_deprecated_api_v124_unix_test.go
+++ b/integration-cli/docker_deprecated_api_v124_unix_test.go
@@ -1,17 +1,18 @@
+//go:build !windows
 // +build !windows
 
 package main
 
 import (
-	"fmt"
+	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
 )
 
 // #19100 This is a deprecated feature test, it should be removed in Docker 1.12
-func (s *DockerNetworkSuite) TestDeprecatedDockerNetworkStartAPIWithHostconfig(c *check.C) {
+func (s *DockerNetworkSuite) TestDeprecatedDockerNetworkStartAPIWithHostconfig(c *testing.T) {
 	netName := "test"
 	conName := "foo"
 	dockerCmd(c, "network", "create", netName)
@@ -23,9 +24,9 @@ func (s *DockerNetworkSuite) TestDeprecatedDockerNetworkStartAPIWithHostconfig(c
 		},
 	}
 	_, _, err := request.Post(formatV123StartAPIURL("/containers/"+conName+"/start"), request.JSONBody(config))
-	c.Assert(err, checker.IsNil)
-	c.Assert(waitRun(conName), checker.IsNil)
+	assert.NilError(c, err)
+	assert.NilError(c, waitRun(conName))
 	networks := inspectField(c, conName, "NetworkSettings.Networks")
-	c.Assert(networks, checker.Contains, netName, check.Commentf(fmt.Sprintf("Should contain '%s' network", netName)))
-	c.Assert(networks, checker.Not(checker.Contains), "bridge", check.Commentf("Should not contain 'bridge' network"))
+	assert.Assert(c, strings.Contains(networks, netName), "Should contain '%s' network", netName)
+	assert.Assert(c, !strings.Contains(networks, "bridge"), "Should not contain 'bridge' network")
 }
diff --git a/integration-cli/docker_hub_pull_suite_test.go b/integration-cli/docker_hub_pull_suite_test.go
index 125b8c10aa765..dbc6e9478549f 100644
--- a/integration-cli/docker_hub_pull_suite_test.go
+++ b/integration-cli/docker_hub_pull_suite_test.go
@@ -2,23 +2,14 @@ package main
 
 import (
 	"os/exec"
-	"runtime"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/daemon"
-	testdaemon "github.com/docker/docker/internal/test/daemon"
-	"github.com/go-check/check"
+	testdaemon "github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
 )
 
-func init() {
-	// FIXME. Temporarily turning this off for Windows as GH16039 was breaking
-	// Windows to Linux CI @icecrime
-	if runtime.GOOS != "windows" {
-		check.Suite(newDockerHubPullSuite())
-	}
-}
-
 // DockerHubPullSuite provides an isolated daemon that doesn't have all the
 // images that are baked into our 'global' test environment daemon (e.g.,
 // busybox, httpserver, ...).
@@ -39,26 +30,26 @@ func newDockerHubPullSuite() *DockerHubPullSuite {
 }
 
 // SetUpSuite starts the suite daemon.
-func (s *DockerHubPullSuite) SetUpSuite(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
+func (s *DockerHubPullSuite) SetUpSuite(c *testing.T) {
+	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
 	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 	s.d.Start(c)
 }
 
 // TearDownSuite stops the suite daemon.
-func (s *DockerHubPullSuite) TearDownSuite(c *check.C) {
+func (s *DockerHubPullSuite) TearDownSuite(c *testing.T) {
 	if s.d != nil {
 		s.d.Stop(c)
 	}
 }
 
 // SetUpTest declares that all tests of this suite require network.
-func (s *DockerHubPullSuite) SetUpTest(c *check.C) {
+func (s *DockerHubPullSuite) SetUpTest(c *testing.T) {
 	testRequires(c, Network)
 }
 
 // TearDownTest removes all images from the suite daemon.
-func (s *DockerHubPullSuite) TearDownTest(c *check.C) {
+func (s *DockerHubPullSuite) TearDownTest(c *testing.T) {
 	out := s.Cmd(c, "images", "-aq")
 	images := strings.Split(out, "\n")
 	images = append([]string{"rmi", "-f"}, images...)
@@ -68,9 +59,9 @@ func (s *DockerHubPullSuite) TearDownTest(c *check.C) {
 
 // Cmd executes a command against the suite daemon and returns the combined
 // output. The function fails the test when the command returns an error.
-func (s *DockerHubPullSuite) Cmd(c *check.C, name string, arg ...string) string {
+func (s *DockerHubPullSuite) Cmd(c *testing.T, name string, arg ...string) string {
 	out, err := s.CmdWithError(name, arg...)
-	c.Assert(err, checker.IsNil, check.Commentf("%q failed with errors: %s, %v", strings.Join(arg, " "), out, err))
+	assert.Assert(c, err == nil, "%q failed with errors: %s, %v", strings.Join(arg, " "), out, err)
 	return out
 }
 
diff --git a/integration-cli/docker_utils_test.go b/integration-cli/docker_utils_test.go
index 1c05bf5d04ac4..f8c8fcdca88ac 100644
--- a/integration-cli/docker_utils_test.go
+++ b/integration-cli/docker_utils_test.go
@@ -6,29 +6,24 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/integration-cli/cli"
 	"github.com/docker/docker/integration-cli/daemon"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/go-check/check"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
-// Deprecated
-func daemonHost() string {
-	return request.DaemonHost()
-}
-
 func deleteImages(images ...string) error {
 	args := []string{dockerBinary, "rmi", "-f"}
 	return icmd.RunCmd(icmd.Cmd{Command: append(args, images...)}).Error
@@ -44,7 +39,8 @@ func dockerCmdWithError(args ...string) (string, int, error) {
 }
 
 // Deprecated: use cli.Docker or cli.DockerCmd
-func dockerCmd(c *check.C, args ...string) (string, int) {
+func dockerCmd(c testing.TB, args ...string) (string, int) {
+	c.Helper()
 	result := cli.DockerCmd(c, args...)
 	return result.Combined(), result.ExitCode
 }
@@ -54,12 +50,14 @@ func dockerCmdWithResult(args ...string) *icmd.Result {
 	return cli.Docker(cli.Args(args...))
 }
 
-func findContainerIP(c *check.C, id string, network string) string {
+func findContainerIP(c *testing.T, id string, network string) string {
+	c.Helper()
 	out, _ := dockerCmd(c, "inspect", fmt.Sprintf("--format='{{ .NetworkSettings.Networks.%s.IPAddress }}'", network), id)
 	return strings.Trim(out, " \r\n'")
 }
 
-func getContainerCount(c *check.C) int {
+func getContainerCount(c *testing.T) int {
+	c.Helper()
 	const containers = "Containers:"
 
 	result := icmd.RunCommand(dockerBinary, "info")
@@ -69,21 +67,22 @@ func getContainerCount(c *check.C) int {
 	for _, line := range lines {
 		if strings.Contains(line, containers) {
 			output := strings.TrimSpace(line)
-			output = strings.TrimLeft(output, containers)
+			output = strings.TrimPrefix(output, containers)
 			output = strings.Trim(output, " ")
 			containerCount, err := strconv.Atoi(output)
-			c.Assert(err, checker.IsNil)
+			assert.NilError(c, err)
 			return containerCount
 		}
 	}
 	return 0
 }
 
-func inspectFieldAndUnmarshall(c *check.C, name, field string, output interface{}) {
+func inspectFieldAndUnmarshall(c *testing.T, name, field string, output interface{}) {
+	c.Helper()
 	str := inspectFieldJSON(c, name, field)
 	err := json.Unmarshal([]byte(str), output)
 	if c != nil {
-		c.Assert(err, check.IsNil, check.Commentf("failed to unmarshal: %v", err))
+		assert.Assert(c, err == nil, "failed to unmarshal: %v", err)
 	}
 }
 
@@ -103,28 +102,31 @@ func inspectFieldWithError(name, field string) (string, error) {
 }
 
 // Deprecated: use cli.Inspect
-func inspectField(c *check.C, name, field string) string {
+func inspectField(c *testing.T, name, field string) string {
+	c.Helper()
 	out, err := inspectFilter(name, fmt.Sprintf(".%s", field))
 	if c != nil {
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	}
 	return out
 }
 
 // Deprecated: use cli.Inspect
-func inspectFieldJSON(c *check.C, name, field string) string {
+func inspectFieldJSON(c *testing.T, name, field string) string {
+	c.Helper()
 	out, err := inspectFilter(name, fmt.Sprintf("json .%s", field))
 	if c != nil {
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	}
 	return out
 }
 
 // Deprecated: use cli.Inspect
-func inspectFieldMap(c *check.C, name, path, field string) string {
+func inspectFieldMap(c *testing.T, name, path, field string) string {
+	c.Helper()
 	out, err := inspectFilter(name, fmt.Sprintf("index .%s %q", path, field))
 	if c != nil {
-		c.Assert(err, check.IsNil)
+		assert.NilError(c, err)
 	}
 	return out
 }
@@ -172,27 +174,16 @@ func inspectMountPointJSON(j, destination string) (types.MountPoint, error) {
 	return *m, nil
 }
 
-// Deprecated: use cli.Inspect
-func inspectImage(c *check.C, name, filter string) string {
-	args := []string{"inspect", "--type", "image"}
-	if filter != "" {
-		format := fmt.Sprintf("{{%s}}", filter)
-		args = append(args, "-f", format)
-	}
-	args = append(args, name)
-	result := icmd.RunCommand(dockerBinary, args...)
-	result.Assert(c, icmd.Success)
-	return strings.TrimSpace(result.Combined())
-}
-
-func getIDByName(c *check.C, name string) string {
+func getIDByName(c *testing.T, name string) string {
+	c.Helper()
 	id, err := inspectFieldWithError(name, "Id")
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	return id
 }
 
 // Deprecated: use cli.Build
-func buildImageSuccessfully(c *check.C, name string, cmdOperators ...cli.CmdOperator) {
+func buildImageSuccessfully(c *testing.T, name string, cmdOperators ...cli.CmdOperator) {
+	c.Helper()
 	buildImage(name, cmdOperators...).Assert(c, icmd.Success)
 }
 
@@ -205,22 +196,24 @@ func buildImage(name string, cmdOperators ...cli.CmdOperator) *icmd.Result {
 // as well as any missing directories.
 // The file is truncated if it already exists.
 // Fail the test when error occurs.
-func writeFile(dst, content string, c *check.C) {
+func writeFile(dst, content string, c *testing.T) {
+	c.Helper()
 	// Create subdirectories if necessary
-	c.Assert(os.MkdirAll(path.Dir(dst), 0700), check.IsNil)
+	assert.Assert(c, os.MkdirAll(path.Dir(dst), 0700) == nil)
 	f, err := os.OpenFile(dst, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0700)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	defer f.Close()
 	// Write content (truncate if it exists)
 	_, err = io.Copy(f, strings.NewReader(content))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 }
 
 // Return the contents of file at path `src`.
 // Fail the test when error occurs.
-func readFile(src string, c *check.C) (content string) {
-	data, err := ioutil.ReadFile(src)
-	c.Assert(err, check.IsNil)
+func readFile(src string, c *testing.T) (content string) {
+	c.Helper()
+	data, err := os.ReadFile(src)
+	assert.NilError(c, err)
 
 	return string(data)
 }
@@ -230,7 +223,8 @@ func containerStorageFile(containerID, basename string) string {
 }
 
 // docker commands that use this function must be run with the '-d' switch.
-func runCommandAndReadContainerFile(c *check.C, filename string, command string, args ...string) []byte {
+func runCommandAndReadContainerFile(c *testing.T, filename string, command string, args ...string) []byte {
+	c.Helper()
 	result := icmd.RunCommand(command, args...)
 	result.Assert(c, icmd.Success)
 	contID := strings.TrimSpace(result.Combined())
@@ -240,42 +234,46 @@ func runCommandAndReadContainerFile(c *check.C, filename string, command string,
 	return readContainerFile(c, contID, filename)
 }
 
-func readContainerFile(c *check.C, containerID, filename string) []byte {
+func readContainerFile(c *testing.T, containerID, filename string) []byte {
+	c.Helper()
 	f, err := os.Open(containerStorageFile(containerID, filename))
-	c.Assert(err, checker.IsNil)
+	assert.NilError(c, err)
 	defer f.Close()
 
-	content, err := ioutil.ReadAll(f)
-	c.Assert(err, checker.IsNil)
+	content, err := io.ReadAll(f)
+	assert.NilError(c, err)
 	return content
 }
 
-func readContainerFileWithExec(c *check.C, containerID, filename string) []byte {
+func readContainerFileWithExec(c *testing.T, containerID, filename string) []byte {
+	c.Helper()
 	result := icmd.RunCommand(dockerBinary, "exec", containerID, "cat", filename)
 	result.Assert(c, icmd.Success)
 	return []byte(result.Combined())
 }
 
 // daemonTime provides the current time on the daemon host
-func daemonTime(c *check.C) time.Time {
+func daemonTime(c *testing.T) time.Time {
+	c.Helper()
 	if testEnv.IsLocalDaemon() {
 		return time.Now()
 	}
-	cli, err := client.NewEnvClient()
-	c.Assert(err, check.IsNil)
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(c, err)
 	defer cli.Close()
 
 	info, err := cli.Info(context.Background())
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 
 	dt, err := time.Parse(time.RFC3339Nano, info.SystemTime)
-	c.Assert(err, check.IsNil, check.Commentf("invalid time format in GET /info response"))
+	assert.Assert(c, err == nil, "invalid time format in GET /info response")
 	return dt
 }
 
 // daemonUnixTime returns the current time on the daemon host with nanoseconds precision.
 // It return the time formatted how the client sends timestamps to the server.
-func daemonUnixTime(c *check.C) string {
+func daemonUnixTime(c *testing.T) string {
+	c.Helper()
 	return parseEventTime(daemonTime(c))
 }
 
@@ -310,14 +308,15 @@ func appendBaseEnv(isTLS bool, env ...string) []string {
 	return env
 }
 
-func createTmpFile(c *check.C, content string) string {
-	f, err := ioutil.TempFile("", "testfile")
-	c.Assert(err, check.IsNil)
+func createTmpFile(c *testing.T, content string) string {
+	c.Helper()
+	f, err := os.CreateTemp("", "testfile")
+	assert.NilError(c, err)
 
 	filename := f.Name()
 
-	err = ioutil.WriteFile(filename, []byte(content), 0644)
-	c.Assert(err, check.IsNil)
+	err = os.WriteFile(filename, []byte(content), 0644)
+	assert.NilError(c, err)
 
 	return filename
 }
@@ -341,24 +340,27 @@ func waitInspectWithArgs(name, expr, expected string, timeout time.Duration, arg
 	return daemon.WaitInspectWithArgs(dockerBinary, name, expr, expected, timeout, arg...)
 }
 
-func getInspectBody(c *check.C, version, id string) []byte {
+func getInspectBody(c *testing.T, version, id string) []byte {
+	c.Helper()
 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithVersion(version))
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	defer cli.Close()
 	_, body, err := cli.ContainerInspectWithRaw(context.Background(), id, false)
-	c.Assert(err, check.IsNil)
+	assert.NilError(c, err)
 	return body
 }
 
 // Run a long running idle task in a background container using the
 // system-specific default image and command.
-func runSleepingContainer(c *check.C, extraArgs ...string) string {
-	return runSleepingContainerInImage(c, defaultSleepImage, extraArgs...)
+func runSleepingContainer(c *testing.T, extraArgs ...string) string {
+	c.Helper()
+	return runSleepingContainerInImage(c, "busybox", extraArgs...)
 }
 
 // Run a long running idle task in a background container using the specified
 // image and the system-specific command.
-func runSleepingContainerInImage(c *check.C, image string, extraArgs ...string) string {
+func runSleepingContainerInImage(c *testing.T, image string, extraArgs ...string) string {
+	c.Helper()
 	args := []string{"run", "-d"}
 	args = append(args, extraArgs...)
 	args = append(args, image)
@@ -373,7 +375,7 @@ func minimalBaseImage() string {
 }
 
 func getGoroutineNumber() (int, error) {
-	cli, err := client.NewEnvClient()
+	cli, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {
 		return 0, err
 	}
@@ -412,48 +414,50 @@ func waitForGoroutines(expected int) error {
 }
 
 // getErrorMessage returns the error message from an error API response
-func getErrorMessage(c *check.C, body []byte) string {
+func getErrorMessage(c *testing.T, body []byte) string {
+	c.Helper()
 	var resp types.ErrorResponse
-	c.Assert(json.Unmarshal(body, &resp), check.IsNil)
+	assert.Assert(c, json.Unmarshal(body, &resp) == nil)
 	return strings.TrimSpace(resp.Message)
 }
 
-func waitAndAssert(c *check.C, timeout time.Duration, f checkF, checker check.Checker, args ...interface{}) {
-	after := time.After(timeout)
-	for {
-		v, comment := f(c)
-		assert, _ := checker.Check(append([]interface{}{v}, args...), checker.Info().Params)
-		select {
-		case <-after:
-			assert = true
-		default:
-		}
-		if assert {
-			if comment != nil {
-				args = append(args, comment)
+type checkF func(*testing.T) (interface{}, string)
+type reducer func(...interface{}) interface{}
+
+func pollCheck(t *testing.T, f checkF, compare func(x interface{}) assert.BoolOrComparison) poll.Check {
+	return func(poll.LogT) poll.Result {
+		t.Helper()
+		v, comment := f(t)
+		r := compare(v)
+		switch r := r.(type) {
+		case bool:
+			if r {
+				return poll.Success()
 			}
-			c.Assert(v, checker, args...)
-			return
+		case cmp.Comparison:
+			if r().Success() {
+				return poll.Success()
+			}
+		default:
+			panic(fmt.Errorf("pollCheck: type %T not implemented", r))
 		}
-		time.Sleep(100 * time.Millisecond)
+		return poll.Continue(comment)
 	}
 }
 
-type checkF func(*check.C) (interface{}, check.CommentInterface)
-type reducer func(...interface{}) interface{}
-
 func reducedCheck(r reducer, funcs ...checkF) checkF {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
+	return func(c *testing.T) (interface{}, string) {
+		c.Helper()
 		var values []interface{}
 		var comments []string
 		for _, f := range funcs {
 			v, comment := f(c)
 			values = append(values, v)
-			if comment != nil {
-				comments = append(comments, comment.CheckCommentString())
+			if len(comment) > 0 {
+				comments = append(comments, comment)
 			}
 		}
-		return r(values...), check.Commentf("%v", strings.Join(comments, ", "))
+		return r(values...), fmt.Sprintf("%v", strings.Join(comments, ", "))
 	}
 }
 
diff --git a/integration-cli/environment/environment.go b/integration-cli/environment/environment.go
index 82cf99652bc8c..0dcf8d929476b 100644
--- a/integration-cli/environment/environment.go
+++ b/integration-cli/environment/environment.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"os/exec"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var (
diff --git a/integration-cli/events_utils_test.go b/integration-cli/events_utils_test.go
index 356b2c326da18..6a094ba160217 100644
--- a/integration-cli/events_utils_test.go
+++ b/integration-cli/events_utils_test.go
@@ -8,11 +8,11 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
+	"testing"
 
 	eventstestutils "github.com/docker/docker/daemon/events/testutils"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
 	"github.com/sirupsen/logrus"
+	"gotest.tools/v3/assert"
 )
 
 // eventMatcher is a function that tries to match an event input.
@@ -35,13 +35,13 @@ type eventObserver struct {
 
 // newEventObserver creates the observer and initializes the command
 // without running it. Users must call `eventObserver.Start` to start the command.
-func newEventObserver(c *check.C, args ...string) (*eventObserver, error) {
+func newEventObserver(c *testing.T, args ...string) (*eventObserver, error) {
 	since := daemonTime(c).Unix()
 	return newEventObserverWithBacklog(c, since, args...)
 }
 
 // newEventObserverWithBacklog creates a new observer changing the start time of the backlog to return.
-func newEventObserverWithBacklog(c *check.C, since int64, args ...string) (*eventObserver, error) {
+func newEventObserverWithBacklog(c *testing.T, since int64, args ...string) (*eventObserver, error) {
 	startTime := strconv.FormatInt(since, 10)
 	cmdArgs := []string{"events", "--since", startTime}
 	if len(args) > 0 {
@@ -93,7 +93,7 @@ func (e *eventObserver) Match(match eventMatcher, process eventMatchProcessor) {
 	e.disconnectionError = err
 }
 
-func (e *eventObserver) CheckEventError(c *check.C, id, event string, match eventMatcher) {
+func (e *eventObserver) CheckEventError(c *testing.T, id, event string, match eventMatcher) {
 	var foundEvent bool
 	scannerOut := e.buffer.String()
 
@@ -144,18 +144,18 @@ func processEventMatch(actions map[string]chan bool) eventMatchProcessor {
 
 // parseEventAction parses an event text and returns the action.
 // It fails if the text is not in the event format.
-func parseEventAction(c *check.C, text string) string {
+func parseEventAction(c *testing.T, text string) string {
 	matches := eventstestutils.ScanMap(text)
 	return matches["action"]
 }
 
 // eventActionsByIDAndType returns the actions for a given id and type.
 // It fails if the text is not in the event format.
-func eventActionsByIDAndType(c *check.C, events []string, id, eventType string) []string {
+func eventActionsByIDAndType(c *testing.T, events []string, id, eventType string) []string {
 	var filtered []string
 	for _, event := range events {
 		matches := eventstestutils.ScanMap(event)
-		c.Assert(matches, checker.Not(checker.IsNil))
+		assert.Assert(c, matches != nil)
 		if matchIDAndEventType(matches, id, eventType) {
 			filtered = append(filtered, matches["action"])
 		}
@@ -183,24 +183,12 @@ func matchEventID(matches map[string]string, id string) bool {
 	return matchID
 }
 
-func parseEvents(c *check.C, out, match string) {
+func parseEvents(c *testing.T, out, match string) {
 	events := strings.Split(strings.TrimSpace(out), "\n")
 	for _, event := range events {
 		matches := eventstestutils.ScanMap(event)
 		matched, err := regexp.MatchString(match, matches["action"])
-		c.Assert(err, checker.IsNil)
-		c.Assert(matched, checker.True, check.Commentf("Matcher: %s did not match %s", match, matches["action"]))
-	}
-}
-
-func parseEventsWithID(c *check.C, out, match, id string) {
-	events := strings.Split(strings.TrimSpace(out), "\n")
-	for _, event := range events {
-		matches := eventstestutils.ScanMap(event)
-		c.Assert(matchEventID(matches, id), checker.True)
-
-		matched, err := regexp.MatchString(match, matches["action"])
-		c.Assert(err, checker.IsNil)
-		c.Assert(matched, checker.True, check.Commentf("Matcher: %s did not match %s", match, matches["action"]))
+		assert.NilError(c, err)
+		assert.Assert(c, matched, "Matcher: %s did not match %s", match, matches["action"])
 	}
 }
diff --git a/integration-cli/fixtures/auth/docker-credential-shell-test b/integration-cli/fixtures/auth/docker-credential-shell-test
index 97b3f1483e691..5acab521795ee 100755
--- a/integration-cli/fixtures/auth/docker-credential-shell-test
+++ b/integration-cli/fixtures/auth/docker-credential-shell-test
@@ -6,7 +6,7 @@ listFile=shell_test_list.json
 
 case $1 in
 	"store")
-		in=$(</dev/stdin)
+		in=$(< /dev/stdin)
 		server=$(echo "$in" | jq --raw-output ".ServerURL")
 		serverHash=$(echo "$server" | sha1sum - | awk '{print $1}')
 
@@ -17,34 +17,34 @@ case $1 in
 		if [[ ! -f $TEMP/$listFile ]]; then
 			echo "{ \"${server}\": \"${username}\" }" > $TEMP/$listFile
 		else
-			list=$(<$TEMP/$listFile)
+			list=$(< $TEMP/$listFile)
 			echo "$list" | jq ". + {\"${server}\": \"${username}\"}" > $TEMP/$listFile
 		fi
 		;;
 	"get")
-		in=$(</dev/stdin)
+		in=$(< /dev/stdin)
 		serverHash=$(echo "$in" | sha1sum - | awk '{print $1}')
 		if [[ ! -f $TEMP/$serverHash ]]; then
 			echo "credentials not found in native keychain"
 			exit 1
 		fi
-		payload=$(<$TEMP/$serverHash)
+		payload=$(< $TEMP/$serverHash)
 		echo "$payload"
 		;;
 	"erase")
-		in=$(</dev/stdin)
+		in=$(< /dev/stdin)
 		serverHash=$(echo "$in" | sha1sum - | awk '{print $1}')
 		rm -f $TEMP/$serverHash
 
 		# Remove the server from the list
-		list=$(<$TEMP/$listFile)
+		list=$(< $TEMP/$listFile)
 		echo "$list" | jq "del(.[\"${in}\"])" > $TEMP/$listFile
 		;;
 	"list")
 		if [[ ! -f $TEMP/$listFile ]]; then
 			echo "{}"
 		else
-			payload=$(<$TEMP/$listFile)
+			payload=$(< $TEMP/$listFile)
 			echo "$payload"
 		fi
 		;;
diff --git a/integration-cli/fixtures_linux_daemon_test.go b/integration-cli/fixtures_linux_daemon_test.go
index 2387a9ebee2ba..b91b510c1fcab 100644
--- a/integration-cli/fixtures_linux_daemon_test.go
+++ b/integration-cli/fixtures_linux_daemon_test.go
@@ -2,39 +2,24 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
-	"sync"
+	"testing"
 
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/internal/test/fixtures/load"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil/fixtures/load"
+	"gotest.tools/v3/assert"
 )
 
-type testingT interface {
-	logT
-	Fatalf(string, ...interface{})
-}
-
-type logT interface {
-	Logf(string, ...interface{})
-}
-
-var ensureSyscallTestOnce sync.Once
+func ensureSyscallTest(c *testing.T) {
+	defer testEnv.ProtectImage(c, "syscall-test:latest")
 
-func ensureSyscallTest(c *check.C) {
-	var doIt bool
-	ensureSyscallTestOnce.Do(func() {
-		doIt = true
-	})
-	if !doIt {
+	// If the image already exists, there's nothing left to do.
+	if testEnv.HasExistingImage(c, "syscall-test:latest") {
 		return
 	}
-	defer testEnv.ProtectImage(c, "syscall-test:latest")
 
 	// if no match, must build in docker, which is significantly slower
 	// (slower mostly because of the vfs graphdriver)
@@ -43,31 +28,31 @@ func ensureSyscallTest(c *check.C) {
 		return
 	}
 
-	tmp, err := ioutil.TempDir("", "syscall-test-build")
-	c.Assert(err, checker.IsNil, check.Commentf("couldn't create temp dir"))
+	tmp, err := os.MkdirTemp("", "syscall-test-build")
+	assert.NilError(c, err, "couldn't create temp dir")
 	defer os.RemoveAll(tmp)
 
 	gcc, err := exec.LookPath("gcc")
-	c.Assert(err, checker.IsNil, check.Commentf("could not find gcc"))
+	assert.NilError(c, err, "could not find gcc")
 
 	tests := []string{"userns", "ns", "acct", "setuid", "setgid", "socket", "raw"}
 	for _, test := range tests {
 		out, err := exec.Command(gcc, "-g", "-Wall", "-static", fmt.Sprintf("../contrib/syscall-test/%s.c", test), "-o", fmt.Sprintf("%s/%s-test", tmp, test)).CombinedOutput()
-		c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+		assert.NilError(c, err, string(out))
 	}
 
 	if runtime.GOOS == "linux" && runtime.GOARCH == "amd64" {
 		out, err := exec.Command(gcc, "-s", "-m32", "-nostdlib", "-static", "../contrib/syscall-test/exit32.s", "-o", tmp+"/"+"exit32-test").CombinedOutput()
-		c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+		assert.NilError(c, err, string(out))
 	}
 
 	dockerFile := filepath.Join(tmp, "Dockerfile")
 	content := []byte(`
-	FROM debian:jessie
+	FROM debian:bullseye-slim
 	COPY . /usr/bin/
 	`)
-	err = ioutil.WriteFile(dockerFile, content, 600)
-	c.Assert(err, checker.IsNil)
+	err = os.WriteFile(dockerFile, content, 0600)
+	assert.NilError(c, err)
 
 	var buildArgs []string
 	if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
@@ -78,9 +63,9 @@ func ensureSyscallTest(c *check.C) {
 	dockerCmd(c, buildArgs...)
 }
 
-func ensureSyscallTestBuild(c *check.C) {
-	err := load.FrozenImagesLinux(testEnv.APIClient(), "buildpack-deps:jessie")
-	c.Assert(err, checker.IsNil)
+func ensureSyscallTestBuild(c *testing.T) {
+	err := load.FrozenImagesLinux(testEnv.APIClient(), "debian:bullseye-slim")
+	assert.NilError(c, err)
 
 	var buildArgs []string
 	if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
@@ -91,30 +76,38 @@ func ensureSyscallTestBuild(c *check.C) {
 	dockerCmd(c, buildArgs...)
 }
 
-func ensureNNPTest(c *check.C) {
+func ensureNNPTest(c *testing.T) {
 	defer testEnv.ProtectImage(c, "nnp-test:latest")
+
+	// If the image already exists, there's nothing left to do.
+	if testEnv.HasExistingImage(c, "nnp-test:latest") {
+		return
+	}
+
+	// if no match, must build in docker, which is significantly slower
+	// (slower mostly because of the vfs graphdriver)
 	if testEnv.OSType != runtime.GOOS {
 		ensureNNPTestBuild(c)
 		return
 	}
 
-	tmp, err := ioutil.TempDir("", "docker-nnp-test")
-	c.Assert(err, checker.IsNil)
+	tmp, err := os.MkdirTemp("", "docker-nnp-test")
+	assert.NilError(c, err)
 
 	gcc, err := exec.LookPath("gcc")
-	c.Assert(err, checker.IsNil, check.Commentf("could not find gcc"))
+	assert.NilError(c, err, "could not find gcc")
 
 	out, err := exec.Command(gcc, "-g", "-Wall", "-static", "../contrib/nnp-test/nnp-test.c", "-o", filepath.Join(tmp, "nnp-test")).CombinedOutput()
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	assert.NilError(c, err, string(out))
 
 	dockerfile := filepath.Join(tmp, "Dockerfile")
 	content := `
-	FROM debian:jessie
+	FROM debian:bullseye-slim
 	COPY . /usr/bin
 	RUN chmod +s /usr/bin/nnp-test
 	`
-	err = ioutil.WriteFile(dockerfile, []byte(content), 600)
-	c.Assert(err, checker.IsNil, check.Commentf("could not write Dockerfile for nnp-test image"))
+	err = os.WriteFile(dockerfile, []byte(content), 0600)
+	assert.NilError(c, err, "could not write Dockerfile for nnp-test image")
 
 	var buildArgs []string
 	if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
@@ -125,9 +118,9 @@ func ensureNNPTest(c *check.C) {
 	dockerCmd(c, buildArgs...)
 }
 
-func ensureNNPTestBuild(c *check.C) {
-	err := load.FrozenImagesLinux(testEnv.APIClient(), "buildpack-deps:jessie")
-	c.Assert(err, checker.IsNil)
+func ensureNNPTestBuild(c *testing.T) {
+	err := load.FrozenImagesLinux(testEnv.APIClient(), "debian:bullseye-slim")
+	assert.NilError(c, err)
 
 	var buildArgs []string
 	if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
diff --git a/integration-cli/requirement/requirement.go b/integration-cli/requirement/requirement.go
index 45a1bcabfd914..f17e5291b7888 100644
--- a/integration-cli/requirement/requirement.go
+++ b/integration-cli/requirement/requirement.go
@@ -1,29 +1,25 @@
 package requirement // import "github.com/docker/docker/integration-cli/requirement"
 
 import (
-	"fmt"
 	"path"
 	"reflect"
 	"runtime"
 	"strings"
+	"testing"
 )
 
-// SkipT is the interface required to skip tests
-type SkipT interface {
-	Skip(reason string)
-}
-
 // Test represent a function that can be used as a requirement validation.
 type Test func() bool
 
 // Is checks if the environment satisfies the requirements
 // for the test to run or skips the tests.
-func Is(s SkipT, requirements ...Test) {
+func Is(t *testing.T, requirements ...Test) {
+	t.Helper()
 	for _, r := range requirements {
 		isValid := r()
 		if !isValid {
 			requirementFunc := runtime.FuncForPC(reflect.ValueOf(r).Pointer()).Name()
-			s.Skip(fmt.Sprintf("unmatched requirement %s", extractRequirement(requirementFunc)))
+			t.Skipf("unmatched requirement %s", extractRequirement(requirementFunc))
 		}
 	}
 }
diff --git a/integration-cli/requirements_test.go b/integration-cli/requirements_test.go
index 194a9b22b8d2d..1f466081192bb 100644
--- a/integration-cli/requirements_test.go
+++ b/integration-cli/requirements_test.go
@@ -3,12 +3,12 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"os/exec"
 	"strconv"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
@@ -16,7 +16,7 @@ import (
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration-cli/requirement"
-	"github.com/docker/docker/internal/test/registry"
+	"github.com/docker/docker/testutil/registry"
 )
 
 func ArchitectureIsNot(arch string) bool {
@@ -49,7 +49,7 @@ func MinimumAPIVersion(version string) func() bool {
 }
 
 func OnlyDefaultNetworks() bool {
-	cli, err := client.NewEnvClient()
+	cli, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {
 		return false
 	}
@@ -60,11 +60,6 @@ func OnlyDefaultNetworks() bool {
 	return true
 }
 
-// Deprecated: use skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
-func ExperimentalDaemon() bool {
-	return testEnv.DaemonInfo.ExperimentalBuild
-}
-
 func IsAmd64() bool {
 	return os.Getenv("DOCKER_ENGINE_GOARCH") == "amd64"
 }
@@ -81,26 +76,14 @@ func NotPpc64le() bool {
 	return ArchitectureIsNot("ppc64le")
 }
 
-func NotS390X() bool {
-	return ArchitectureIsNot("s390x")
-}
-
-func SameHostDaemon() bool {
-	return testEnv.IsLocalDaemon()
-}
-
 func UnixCli() bool {
 	return isUnixCli
 }
 
-func ExecSupport() bool {
-	return supportsExec
-}
-
 func Network() bool {
 	// Set a timeout on the GET at 15s
-	var timeout = time.Duration(15 * time.Second)
-	var url = "https://hub.docker.com"
+	const timeout = 15 * time.Second
+	const url = "https://hub.docker.com"
 
 	client := http.Client{
 		Timeout: timeout,
@@ -120,7 +103,7 @@ func Apparmor() bool {
 	if strings.HasPrefix(testEnv.DaemonInfo.OperatingSystem, "SUSE Linux Enterprise Server ") {
 		return false
 	}
-	buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
+	buf, err := os.ReadFile("/sys/module/apparmor/parameters/enabled")
 	return err == nil && len(buf) > 1 && buf[0] == 'Y'
 }
 
@@ -176,13 +159,6 @@ func IsPausable() bool {
 	return true
 }
 
-func NotPausable() bool {
-	if testEnv.OSType == "windows" {
-		return testEnv.DaemonInfo.Isolation == "process"
-	}
-	return false
-}
-
 func IsolationIs(expectedIsolation string) bool {
 	return testEnv.OSType == "windows" && string(testEnv.DaemonInfo.Isolation) == expectedIsolation
 }
@@ -204,6 +180,10 @@ func RegistryHosting() bool {
 	return err == nil
 }
 
+func RuntimeIsWindowsContainerd() bool {
+	return os.Getenv("DOCKER_WINDOWS_CONTAINERD_RUNTIME") == "1"
+}
+
 func SwarmInactive() bool {
 	return testEnv.DaemonInfo.Swarm.LocalNodeState == swarm.LocalNodeStateInactive
 }
@@ -212,8 +192,18 @@ func TODOBuildkit() bool {
 	return os.Getenv("DOCKER_BUILDKIT") == ""
 }
 
+func DockerCLIVersion(t testing.TB) string {
+	out, _ := dockerCmd(t, "--version")
+	version := strings.Fields(out)
+	if len(version) < 3 {
+		t.Fatal("unknown version output", version)
+	}
+	return version[2]
+}
+
 // testRequires checks if the environment satisfies the requirements
 // for the test to run or skips the tests.
-func testRequires(c requirement.SkipT, requirements ...requirement.Test) {
-	requirement.Is(c, requirements...)
+func testRequires(t *testing.T, requirements ...requirement.Test) {
+	t.Helper()
+	requirement.Is(t, requirements...)
 }
diff --git a/integration-cli/requirements_unix_test.go b/integration-cli/requirements_unix_test.go
index 7c594f7db481e..b0cc0e8f11fe9 100644
--- a/integration-cli/requirements_unix_test.go
+++ b/integration-cli/requirements_unix_test.go
@@ -1,14 +1,14 @@
+//go:build !windows
 // +build !windows
 
 package main
 
 import (
 	"bytes"
-	"io/ioutil"
+	"os"
 	"os/exec"
 	"strings"
 
-	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/sysinfo"
 )
 
@@ -37,10 +37,6 @@ func pidsLimit() bool {
 	return SysInfo.PidsLimit
 }
 
-func kernelMemorySupport() bool {
-	return testEnv.DaemonInfo.KernelMemory
-}
-
 func memoryLimitSupport() bool {
 	return testEnv.DaemonInfo.MemoryLimit
 }
@@ -54,11 +50,11 @@ func swapMemorySupport() bool {
 }
 
 func memorySwappinessSupport() bool {
-	return SameHostDaemon() && SysInfo.MemorySwappiness
+	return testEnv.IsLocalDaemon() && SysInfo.MemorySwappiness
 }
 
 func blkioWeight() bool {
-	return SameHostDaemon() && SysInfo.BlkioWeight
+	return testEnv.IsLocalDaemon() && SysInfo.BlkioWeight
 }
 
 func cgroupCpuset() bool {
@@ -73,20 +69,11 @@ func bridgeNfIptables() bool {
 	return !SysInfo.BridgeNFCallIPTablesDisabled
 }
 
-func bridgeNfIP6tables() bool {
-	return !SysInfo.BridgeNFCallIP6TablesDisabled
-}
-
 func unprivilegedUsernsClone() bool {
-	content, err := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
+	content, err := os.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
 	return err != nil || !strings.Contains(string(content), "0")
 }
 
-func ambientCapabilities() bool {
-	content, err := ioutil.ReadFile("/proc/self/status")
-	return err != nil || strings.Contains(string(content), "CapAmb:")
-}
-
 func overlayFSSupported() bool {
 	cmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "cat /proc/filesystems")
 	out, err := cmd.CombinedOutput()
@@ -96,22 +83,8 @@ func overlayFSSupported() bool {
 	return bytes.Contains(out, []byte("overlay\n"))
 }
 
-func overlay2Supported() bool {
-	if !overlayFSSupported() {
-		return false
-	}
-
-	daemonV, err := kernel.ParseRelease(testEnv.DaemonInfo.KernelVersion)
-	if err != nil {
-		return false
-	}
-	requiredV := kernel.VersionInfo{Kernel: 4}
-	return kernel.CompareKernelVersion(*daemonV, requiredV) > -1
-
-}
-
 func init() {
-	if SameHostDaemon() {
-		SysInfo = sysinfo.New(true)
+	if testEnv.IsLocalDaemon() {
+		SysInfo = sysinfo.New()
 	}
 }
diff --git a/integration-cli/test_vars_exec_test.go b/integration-cli/test_vars_exec_test.go
deleted file mode 100644
index 7633b346ba9bd..0000000000000
--- a/integration-cli/test_vars_exec_test.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// +build !test_no_exec
-
-package main
-
-const (
-	// indicates docker daemon tested supports 'docker exec'
-	supportsExec = true
-)
diff --git a/integration-cli/test_vars_noexec_test.go b/integration-cli/test_vars_noexec_test.go
deleted file mode 100644
index 08450905247f2..0000000000000
--- a/integration-cli/test_vars_noexec_test.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// +build test_no_exec
-
-package main
-
-const (
-	// indicates docker daemon tested supports 'docker exec'
-	supportsExec = false
-)
diff --git a/integration-cli/test_vars_noseccomp_test.go b/integration-cli/test_vars_noseccomp_test.go
index 2f47ab07a0b8d..79c7f3bb6e205 100644
--- a/integration-cli/test_vars_noseccomp_test.go
+++ b/integration-cli/test_vars_noseccomp_test.go
@@ -1,3 +1,4 @@
+//go:build !seccomp
 // +build !seccomp
 
 package main
diff --git a/integration-cli/test_vars_seccomp_test.go b/integration-cli/test_vars_seccomp_test.go
index 00cf697209193..0c16cf4ae85bb 100644
--- a/integration-cli/test_vars_seccomp_test.go
+++ b/integration-cli/test_vars_seccomp_test.go
@@ -1,3 +1,4 @@
+//go:build seccomp
 // +build seccomp
 
 package main
diff --git a/integration-cli/test_vars_unix_test.go b/integration-cli/test_vars_unix_test.go
index f9ecc01123cd9..57666fc14379b 100644
--- a/integration-cli/test_vars_unix_test.go
+++ b/integration-cli/test_vars_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main
@@ -7,8 +8,4 @@ const (
 	isUnixCli = true
 
 	expectedFileChmod = "-rw-r--r--"
-
-	// On Unix variants, the busybox image comes with the `top` command which
-	// runs indefinitely while still being interruptible by a signal.
-	defaultSleepImage = "busybox"
 )
diff --git a/integration-cli/test_vars_windows_test.go b/integration-cli/test_vars_windows_test.go
index bfc9a5a915c09..c2d892f6257f9 100644
--- a/integration-cli/test_vars_windows_test.go
+++ b/integration-cli/test_vars_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package main
@@ -8,8 +9,4 @@ const (
 
 	// this is the expected file permission set on windows: gh#11395
 	expectedFileChmod = "-rwxr-xr-x"
-
-	// On Windows, the busybox image doesn't have the `top` command, so we rely
-	// on `sleep` with a high duration.
-	defaultSleepImage = "busybox"
 )
diff --git a/integration-cli/utils_test.go b/integration-cli/utils_test.go
index fd083681f266b..5d1ad302b2703 100644
--- a/integration-cli/utils_test.go
+++ b/integration-cli/utils_test.go
@@ -6,11 +6,11 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"testing"
 
-	"github.com/docker/docker/internal/testutil"
-	"github.com/go-check/check"
+	"github.com/docker/docker/testutil"
 	"github.com/pkg/errors"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/icmd"
 )
 
 func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
@@ -118,7 +118,7 @@ type elementListOptions struct {
 	element, format string
 }
 
-func existingElements(c *check.C, opts elementListOptions) []string {
+func existingElements(c *testing.T, opts elementListOptions) []string {
 	var args []string
 	switch opts.element {
 	case "container":
@@ -146,12 +146,12 @@ func existingElements(c *check.C, opts elementListOptions) []string {
 }
 
 // ExistingContainerIDs returns a list of currently existing container IDs.
-func ExistingContainerIDs(c *check.C) []string {
+func ExistingContainerIDs(c *testing.T) []string {
 	return existingElements(c, elementListOptions{element: "container", format: "{{.ID}}"})
 }
 
 // ExistingContainerNames returns a list of existing container names.
-func ExistingContainerNames(c *check.C) []string {
+func ExistingContainerNames(c *testing.T) []string {
 	return existingElements(c, elementListOptions{element: "container", format: "{{.Names}}"})
 }
 
diff --git a/integration/build/build_cgroupns_linux_test.go b/integration/build/build_cgroupns_linux_test.go
new file mode 100644
index 0000000000000..20e982d85f9fb
--- /dev/null
+++ b/integration/build/build_cgroupns_linux_test.go
@@ -0,0 +1,92 @@
+package build // import "github.com/docker/docker/integration/build"
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/requirement"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/fakecontext"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
+)
+
+// Finds the output of `readlink /proc/<pid>/ns/cgroup` in build output
+func getCgroupFromBuildOutput(buildOutput io.Reader) (string, error) {
+	const prefix = "cgroup:"
+
+	dec := json.NewDecoder(buildOutput)
+	for {
+		m := jsonmessage.JSONMessage{}
+		err := dec.Decode(&m)
+		if err == io.EOF {
+			return "", nil
+		}
+		if err != nil {
+			return "", err
+		}
+		if ix := strings.Index(m.Stream, prefix); ix == 0 {
+			return strings.TrimSpace(m.Stream), nil
+		}
+	}
+}
+
+// Runs a docker build against a daemon with the given cgroup namespace default value.
+// Returns the container cgroup and daemon cgroup.
+func testBuildWithCgroupNs(t *testing.T, daemonNsMode string) (string, string) {
+	d := daemon.New(t, daemon.WithDefaultCgroupNamespaceMode(daemonNsMode))
+	d.StartWithBusybox(t)
+	defer d.Stop(t)
+
+	dockerfile := `
+		FROM busybox
+		RUN readlink /proc/self/ns/cgroup
+	`
+	ctx := context.Background()
+	source := fakecontext.New(t, "", fakecontext.WithDockerfile(dockerfile))
+	defer source.Close()
+
+	client := d.NewClientT(t)
+	resp, err := client.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+			Tags:        []string{"buildcgroupns"},
+		})
+	assert.NilError(t, err)
+	defer resp.Body.Close()
+
+	containerCgroup, err := getCgroupFromBuildOutput(resp.Body)
+	assert.NilError(t, err)
+	daemonCgroup := d.CgroupNamespace(t)
+
+	return containerCgroup, daemonCgroup
+}
+
+func TestCgroupNamespacesBuild(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	// When the daemon defaults to private cgroup namespaces, containers launched
+	// should be in their own private cgroup namespace by default
+	containerCgroup, daemonCgroup := testBuildWithCgroupNs(t, "private")
+	assert.Assert(t, daemonCgroup != containerCgroup)
+}
+
+func TestCgroupNamespacesBuildDaemonHostMode(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	// When the daemon defaults to host cgroup namespaces, containers
+	// launched should not be inside their own cgroup namespaces
+	containerCgroup, daemonCgroup := testBuildWithCgroupNs(t, "host")
+	assert.Assert(t, daemonCgroup == containerCgroup)
+}
diff --git a/integration/build/build_session_test.go b/integration/build/build_session_test.go
index e1f5ae43ba0b9..2ca31a635dd5f 100644
--- a/integration/build/build_session_test.go
+++ b/integration/build/build_session_test.go
@@ -2,30 +2,29 @@ package build
 
 import (
 	"context"
-	"io/ioutil"
+	"io"
+	"net"
 	"net/http"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
 	dclient "github.com/docker/docker/client"
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/testutil/fakecontext"
+	"github.com/docker/docker/testutil/request"
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/session/filesync"
 	"golang.org/x/sync/errgroup"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestBuildWithSession(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	t.Skip("TODO: BuildKit")
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
-	d := daemon.New(t, daemon.WithExperimental)
-	d.StartWithBusybox(t)
-	defer d.Stop(t)
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.39"), "experimental in older versions")
 
 	client := testEnv.APIClient()
 
@@ -54,14 +53,14 @@ func TestBuildWithSession(t *testing.T) {
 	assert.Check(t, is.Equal(strings.Count(out, "Using cache"), 2))
 	assert.Check(t, is.Contains(out, "contentcontent"))
 
-	du, err := client.DiskUsage(context.TODO())
+	du, err := client.DiskUsage(context.TODO(), types.DiskUsageOptions{})
 	assert.Check(t, err)
 	assert.Check(t, du.BuilderSize > 10)
 
 	out = testBuildWithSession(t, client, client.DaemonHost(), fctx.Dir, dockerfile)
 	assert.Check(t, is.Equal(strings.Count(out, "Using cache"), 4))
 
-	du2, err := client.DiskUsage(context.TODO())
+	du2, err := client.DiskUsage(context.TODO(), types.DiskUsageOptions{})
 	assert.Check(t, err)
 	assert.Check(t, is.Equal(du.BuilderSize, du2.BuilderSize))
 
@@ -85,11 +84,12 @@ func TestBuildWithSession(t *testing.T) {
 	_, err = client.BuildCachePrune(context.TODO(), types.BuildCachePruneOptions{All: true})
 	assert.Check(t, err)
 
-	du, err = client.DiskUsage(context.TODO())
+	du, err = client.DiskUsage(context.TODO(), types.DiskUsageOptions{})
 	assert.Check(t, err)
 	assert.Check(t, is.Equal(du.BuilderSize, int64(0)))
 }
 
+//nolint:unused // false positive: linter detects this as "unused"
 func testBuildWithSession(t *testing.T, client dclient.APIClient, daemonHost string, dir, dockerfile string) (outStr string) {
 	ctx := context.Background()
 	sess, err := session.NewSession(ctx, "foo1", "foo")
@@ -103,7 +103,9 @@ func testBuildWithSession(t *testing.T, client dclient.APIClient, daemonHost str
 	g, ctx := errgroup.WithContext(ctx)
 
 	g.Go(func() error {
-		return sess.Run(ctx, client.DialSession)
+		return sess.Run(ctx, func(ctx context.Context, proto string, meta map[string][]string) (net.Conn, error) {
+			return client.DialHijack(ctx, "/session", "h2c", meta)
+		})
 	})
 
 	g.Go(func() error {
@@ -113,7 +115,7 @@ func testBuildWithSession(t *testing.T, client dclient.APIClient, daemonHost str
 			request.Host(daemonHost),
 			request.Method(http.MethodPost),
 			request.With(func(req *http.Request) error {
-				req.Body = ioutil.NopCloser(strings.NewReader(dockerfile))
+				req.Body = io.NopCloser(strings.NewReader(dockerfile))
 				return nil
 			}),
 		)
diff --git a/integration/build/build_squash_test.go b/integration/build/build_squash_test.go
index 8acdec596a7ce..2e8e45604b255 100644
--- a/integration/build/build_squash_test.go
+++ b/integration/build/build_squash_test.go
@@ -4,29 +4,34 @@ import (
 	"bytes"
 	"context"
 	"io"
-	"io/ioutil"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	dclient "github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/fakecontext"
 	"github.com/docker/docker/pkg/stdcopy"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/fakecontext"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestBuildSquashParent(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
-	skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
-	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
-	d := daemon.New(t, daemon.WithExperimental)
-	d.StartWithBusybox(t)
-	defer d.Stop(t)
 
-	client := testEnv.APIClient()
+	var client dclient.APIClient
+	if !testEnv.DaemonInfo.ExperimentalBuild {
+		skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+
+		d := daemon.New(t, daemon.WithExperimental())
+		d.StartWithBusybox(t)
+		defer d.Stop(t)
+		client = d.NewClientT(t)
+	} else {
+		client = testEnv.APIClient()
+	}
 
 	dockerfile := `
 		FROM busybox
@@ -42,7 +47,7 @@ func TestBuildSquashParent(t *testing.T) {
 	source := fakecontext.New(t, "", fakecontext.WithDockerfile(dockerfile))
 	defer source.Close()
 
-	name := "test"
+	name := strings.ToLower(t.Name())
 	resp, err := client.ImageBuild(ctx,
 		source.AsTarReader(t),
 		types.ImageBuildOptions{
@@ -51,7 +56,7 @@ func TestBuildSquashParent(t *testing.T) {
 			Tags:        []string{name},
 		})
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, resp.Body)
+	_, err = io.Copy(io.Discard, resp.Body)
 	resp.Body.Close()
 	assert.NilError(t, err)
 
@@ -69,11 +74,11 @@ func TestBuildSquashParent(t *testing.T) {
 			Tags:        []string{name},
 		})
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, resp.Body)
+	_, err = io.Copy(io.Discard, resp.Body)
 	resp.Body.Close()
 	assert.NilError(t, err)
 
-	cid := container.Run(t, ctx, client,
+	cid := container.Run(ctx, t, client,
 		container.WithImage(name),
 		container.WithCmd("/bin/sh", "-c", "cat /hello"),
 	)
@@ -83,18 +88,18 @@ func TestBuildSquashParent(t *testing.T) {
 	assert.NilError(t, err)
 
 	actualStdout := new(bytes.Buffer)
-	actualStderr := ioutil.Discard
+	actualStderr := io.Discard
 	_, err = stdcopy.StdCopy(actualStdout, actualStderr, reader)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(strings.TrimSpace(actualStdout.String()), "hello\nworld"))
 
-	container.Run(t, ctx, client,
+	container.Run(ctx, t, client,
 		container.WithImage(name),
 		container.WithCmd("/bin/sh", "-c", "[ ! -f /remove_me ]"),
 	)
-	container.Run(t, ctx, client,
+	container.Run(ctx, t, client,
 		container.WithImage(name),
-		container.WithCmd("/bin/sh", "-c", `[ "$(echo $HELLO)" == "world" ]`),
+		container.WithCmd("/bin/sh", "-c", `[ "$(echo $HELLO)" = "world" ]`),
 	)
 
 	origHistory, err := client.ImageHistory(ctx, origID)
diff --git a/integration/build/build_test.go b/integration/build/build_test.go
index 7b64cb8c6d8f8..5da3a294a17a6 100644
--- a/integration/build/build_test.go
+++ b/integration/build/build_test.go
@@ -6,26 +6,24 @@ import (
 	"context"
 	"encoding/json"
 	"io"
-	"io/ioutil"
+	"os"
 	"strings"
 	"testing"
-	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/jsonmessage"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/fakecontext"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestBuildWithRemoveAndForceRemove(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
 	defer setupTest(t)()
-	t.Parallel()
+
 	cases := []struct {
 		name                           string
 		dockerfile                     string
@@ -89,7 +87,7 @@ func TestBuildWithRemoveAndForceRemove(t *testing.T) {
 		},
 	}
 
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
@@ -137,9 +135,59 @@ func buildContainerIdsFilter(buildOutput io.Reader) (filters.Args, error) {
 	}
 }
 
+// TestBuildMultiStageCopy verifies that copying between stages works correctly.
+//
+// Regression test for docker/for-win#4349, ENGCORE-935, where creating the target
+// directory failed on Windows, because `os.MkdirAll()` was called with a volume
+// GUID path (\\?\Volume{dae8d3ac-b9a1-11e9-88eb-e8554b2ba1db}\newdir\hello}),
+// which currently isn't supported by Golang.
+func TestBuildMultiStageCopy(t *testing.T) {
+	ctx := context.Background()
+
+	dockerfile, err := os.ReadFile("testdata/Dockerfile." + t.Name())
+	assert.NilError(t, err)
+
+	source := fakecontext.New(t, "", fakecontext.WithDockerfile(string(dockerfile)))
+	defer source.Close()
+
+	apiclient := testEnv.APIClient()
+
+	for _, target := range []string{"copy_to_root", "copy_to_newdir", "copy_to_newdir_nested", "copy_to_existingdir", "copy_to_newsubdir"} {
+		t.Run(target, func(t *testing.T) {
+			imgName := strings.ToLower(t.Name())
+
+			resp, err := apiclient.ImageBuild(
+				ctx,
+				source.AsTarReader(t),
+				types.ImageBuildOptions{
+					Remove:      true,
+					ForceRemove: true,
+					Target:      target,
+					Tags:        []string{imgName},
+				},
+			)
+			assert.NilError(t, err)
+
+			out := bytes.NewBuffer(nil)
+			_, err = io.Copy(out, resp.Body)
+			_ = resp.Body.Close()
+			if err != nil {
+				t.Log(out)
+			}
+			assert.NilError(t, err)
+
+			// verify the image was successfully built
+			_, _, err = apiclient.ImageInspectWithRaw(ctx, imgName)
+			if err != nil {
+				t.Log(out)
+			}
+			assert.NilError(t, err)
+		})
+	}
+}
+
 func TestBuildMultiStageParentConfig(t *testing.T) {
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.35"), "broken in earlier versions")
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
 	dockerfile := `
 		FROM busybox AS stage0
 		ENV WHO=parent
@@ -157,25 +205,20 @@ func TestBuildMultiStageParentConfig(t *testing.T) {
 	defer source.Close()
 
 	apiclient := testEnv.APIClient()
+	imgName := strings.ToLower(t.Name())
 	resp, err := apiclient.ImageBuild(ctx,
 		source.AsTarReader(t),
 		types.ImageBuildOptions{
 			Remove:      true,
 			ForceRemove: true,
-			Tags:        []string{"build1"},
+			Tags:        []string{imgName},
 		})
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, resp.Body)
+	_, err = io.Copy(io.Discard, resp.Body)
 	resp.Body.Close()
 	assert.NilError(t, err)
 
-	time.Sleep(30 * time.Second)
-
-	imgs, err := apiclient.ImageList(ctx, types.ImageListOptions{})
-	assert.NilError(t, err)
-	t.Log(imgs)
-
-	image, _, err := apiclient.ImageInspectWithRaw(ctx, "build1")
+	image, _, err := apiclient.ImageInspectWithRaw(ctx, imgName)
 	assert.NilError(t, err)
 
 	expected := "/foo/sub2"
@@ -190,7 +233,7 @@ func TestBuildMultiStageParentConfig(t *testing.T) {
 func TestBuildLabelWithTargets(t *testing.T) {
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "test added after 1.38")
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
-	bldName := "build-a"
+	imgName := strings.ToLower(t.Name() + "-a")
 	testLabels := map[string]string{
 		"foo":  "bar",
 		"dead": "beef",
@@ -216,16 +259,16 @@ func TestBuildLabelWithTargets(t *testing.T) {
 		types.ImageBuildOptions{
 			Remove:      true,
 			ForceRemove: true,
-			Tags:        []string{bldName},
+			Tags:        []string{imgName},
 			Labels:      testLabels,
 			Target:      "target-a",
 		})
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, resp.Body)
+	_, err = io.Copy(io.Discard, resp.Body)
 	resp.Body.Close()
 	assert.NilError(t, err)
 
-	image, _, err := apiclient.ImageInspectWithRaw(ctx, bldName)
+	image, _, err := apiclient.ImageInspectWithRaw(ctx, imgName)
 	assert.NilError(t, err)
 
 	testLabels["label-a"] = "inline-a"
@@ -236,23 +279,23 @@ func TestBuildLabelWithTargets(t *testing.T) {
 	}
 
 	// For `target-b` build
-	bldName = "build-b"
+	imgName = strings.ToLower(t.Name() + "-b")
 	delete(testLabels, "label-a")
 	resp, err = apiclient.ImageBuild(ctx,
 		source.AsTarReader(t),
 		types.ImageBuildOptions{
 			Remove:      true,
 			ForceRemove: true,
-			Tags:        []string{bldName},
+			Tags:        []string{imgName},
 			Labels:      testLabels,
 			Target:      "target-b",
 		})
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, resp.Body)
+	_, err = io.Copy(io.Discard, resp.Body)
 	resp.Body.Close()
 	assert.NilError(t, err)
 
-	image, _, err = apiclient.ImageInspectWithRaw(ctx, bldName)
+	image, _, err = apiclient.ImageInspectWithRaw(ctx, imgName)
 	assert.NilError(t, err)
 
 	testLabels["label-b"] = "inline-b"
@@ -286,7 +329,7 @@ func TestBuildWithEmptyLayers(t *testing.T) {
 			ForceRemove: true,
 		})
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, resp.Body)
+	_, err = io.Copy(io.Discard, resp.Body)
 	resp.Body.Close()
 	assert.NilError(t, err)
 }
@@ -296,7 +339,6 @@ func TestBuildWithEmptyLayers(t *testing.T) {
 // #35652
 func TestBuildMultiStageOnBuild(t *testing.T) {
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.33"), "broken in earlier versions")
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
 	defer setupTest(t)()
 	// test both metadata and layer based commands as they may be implemented differently
 	dockerfile := `FROM busybox AS stage1
@@ -333,7 +375,7 @@ RUN cat somefile`
 
 	imageIDs, err := getImageIDsFromBuild(out.Bytes())
 	assert.NilError(t, err)
-	assert.Check(t, is.Equal(3, len(imageIDs)))
+	assert.Assert(t, is.Equal(3, len(imageIDs)))
 
 	image, _, err := apiclient.ImageInspectWithRaw(context.Background(), imageIDs[2])
 	assert.NilError(t, err)
@@ -403,7 +445,6 @@ COPY bar /`
 // docker/for-linux#135
 // #35641
 func TestBuildMultiStageLayerLeak(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.37"), "broken in earlier versions")
 	ctx := context.TODO()
 	defer setupTest(t)()
@@ -443,15 +484,22 @@ RUN [ ! -f foo ]
 }
 
 // #37581
+// #40444 (Windows Containers only)
 func TestBuildWithHugeFile(t *testing.T) {
-	skip.If(t, testEnv.OSType == "windows")
 	ctx := context.TODO()
 	defer setupTest(t)()
 
 	dockerfile := `FROM busybox
-# create a sparse file with size over 8GB
+`
+
+	if testEnv.DaemonInfo.OSType == "windows" {
+		dockerfile += `# create a file with size of 8GB
+RUN powershell "fsutil.exe file createnew bigfile.txt 8589934592 ; dir bigfile.txt"`
+	} else {
+		dockerfile += `# create a sparse file with size over 8GB
 RUN for g in $(seq 0 8); do dd if=/dev/urandom of=rnd bs=1K count=1 seek=$((1024*1024*g)) status=none; done && \
     ls -la rnd && du -sk rnd`
+	}
 
 	buf := bytes.NewBuffer(nil)
 	w := tar.NewWriter(buf)
@@ -475,6 +523,179 @@ RUN for g in $(seq 0 8); do dd if=/dev/urandom of=rnd bs=1K count=1 seek=$((1024
 	assert.Check(t, is.Contains(out.String(), "Successfully built"))
 }
 
+func TestBuildWCOWSandboxSize(t *testing.T) {
+	t.Skip("FLAKY_TEST that needs to be fixed; see https://github.com/moby/moby/issues/42743")
+	skip.If(t, testEnv.DaemonInfo.OSType != "windows", "only Windows has sandbox size control")
+	ctx := context.TODO()
+	defer setupTest(t)()
+
+	dockerfile := `FROM busybox AS intermediate
+WORKDIR C:\\stuff
+# Create and delete a 21GB file
+RUN fsutil file createnew C:\\stuff\\bigfile_0.txt 22548578304 && del bigfile_0.txt
+# Create three 7GB files
+RUN fsutil file createnew C:\\stuff\\bigfile_1.txt 7516192768
+RUN fsutil file createnew C:\\stuff\\bigfile_2.txt 7516192768
+RUN fsutil file createnew C:\\stuff\\bigfile_3.txt 7516192768
+# Copy that 21GB of data out into a new target
+FROM busybox
+COPY --from=intermediate C:\\stuff C:\\stuff
+`
+
+	buf := bytes.NewBuffer(nil)
+	w := tar.NewWriter(buf)
+	writeTarRecord(t, w, "Dockerfile", dockerfile)
+	err := w.Close()
+	assert.NilError(t, err)
+
+	apiclient := testEnv.APIClient()
+	resp, err := apiclient.ImageBuild(ctx,
+		buf,
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+		})
+
+	out := bytes.NewBuffer(nil)
+	assert.NilError(t, err)
+	_, err = io.Copy(out, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+	// The test passes if either:
+	// - the image build succeeded; or
+	// - The "COPY --from=intermediate" step ran out of space during re-exec'd writing of the transport layer information to hcsshim's temp directory
+	// The latter case means we finished the COPY operation, so the sandbox must have been larger than 20GB, which was the test,
+	// and _then_ ran out of space on the host during `importLayer` in the WindowsFilter graph driver, while committing the layer.
+	// See https://github.com/moby/moby/pull/41636#issuecomment-723038517 for more details on the operations being done here.
+	// Specifically, this happens on the Docker Jenkins CI Windows-RS5 build nodes.
+	// The two parts of the acceptable-failure case are on different lines, so we need two regexp checks.
+	assert.Check(t, is.Regexp("Successfully built|COPY --from=intermediate", out.String()))
+	assert.Check(t, is.Regexp("Successfully built|re-exec error: exit status 1: output: write.*daemon\\\\\\\\tmp\\\\\\\\hcs.*bigfile_[1-3].txt: There is not enough space on the disk.", out.String()))
+}
+
+func TestBuildWithEmptyDockerfile(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "broken in earlier versions")
+	ctx := context.TODO()
+	defer setupTest(t)()
+
+	tests := []struct {
+		name        string
+		dockerfile  string
+		expectedErr string
+	}{
+		{
+			name:        "empty-dockerfile",
+			dockerfile:  "",
+			expectedErr: "cannot be empty",
+		},
+		{
+			name: "empty-lines-dockerfile",
+			dockerfile: `
+
+
+
+			`,
+			expectedErr: "file with no instructions",
+		},
+		{
+			name:        "comment-only-dockerfile",
+			dockerfile:  `# this is a comment`,
+			expectedErr: "file with no instructions",
+		},
+	}
+
+	apiclient := testEnv.APIClient()
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			buf := bytes.NewBuffer(nil)
+			w := tar.NewWriter(buf)
+			writeTarRecord(t, w, "Dockerfile", tc.dockerfile)
+			err := w.Close()
+			assert.NilError(t, err)
+
+			_, err = apiclient.ImageBuild(ctx,
+				buf,
+				types.ImageBuildOptions{
+					Remove:      true,
+					ForceRemove: true,
+				})
+
+			assert.Check(t, is.Contains(err.Error(), tc.expectedErr))
+		})
+	}
+}
+
+func TestBuildPreserveOwnership(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "broken in earlier versions")
+
+	ctx := context.Background()
+
+	dockerfile, err := os.ReadFile("testdata/Dockerfile." + t.Name())
+	assert.NilError(t, err)
+
+	source := fakecontext.New(t, "", fakecontext.WithDockerfile(string(dockerfile)))
+	defer source.Close()
+
+	apiclient := testEnv.APIClient()
+
+	for _, target := range []string{"copy_from", "copy_from_chowned"} {
+		t.Run(target, func(t *testing.T) {
+			resp, err := apiclient.ImageBuild(
+				ctx,
+				source.AsTarReader(t),
+				types.ImageBuildOptions{
+					Remove:      true,
+					ForceRemove: true,
+					Target:      target,
+				},
+			)
+			assert.NilError(t, err)
+
+			out := bytes.NewBuffer(nil)
+			_, err = io.Copy(out, resp.Body)
+			_ = resp.Body.Close()
+			if err != nil {
+				t.Log(out)
+			}
+			assert.NilError(t, err)
+		})
+	}
+}
+
+func TestBuildPlatformInvalid(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "experimental in older versions")
+
+	ctx := context.Background()
+	defer setupTest(t)()
+
+	dockerfile := `FROM busybox
+`
+
+	buf := bytes.NewBuffer(nil)
+	w := tar.NewWriter(buf)
+	writeTarRecord(t, w, "Dockerfile", dockerfile)
+	err := w.Close()
+	assert.NilError(t, err)
+
+	apiclient := testEnv.APIClient()
+	_, err = apiclient.ImageBuild(ctx,
+		buf,
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+			Platform:    "foobar",
+		})
+
+	assert.Assert(t, err != nil)
+	assert.ErrorContains(t, err, "unknown operating system or architecture")
+	assert.Assert(t, errdefs.IsInvalidParameter(err))
+}
+
 func writeTarRecord(t *testing.T, w *tar.Writer, fn, contents string) {
 	err := w.WriteHeader(&tar.Header{
 		Name:     fn,
diff --git a/integration/build/build_userns_linux_test.go b/integration/build/build_userns_linux_test.go
new file mode 100644
index 0000000000000..dbb70f5961d88
--- /dev/null
+++ b/integration/build/build_userns_linux_test.go
@@ -0,0 +1,131 @@
+package build // import "github.com/docker/docker/integration/build"
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"io"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/fakecontext"
+	"github.com/docker/docker/testutil/fixtures/load"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
+)
+
+// Implements a test for https://github.com/moby/moby/issues/41723
+// Images built in a user-namespaced daemon should have capabilities serialised in
+// VFS_CAP_REVISION_2 (no user-namespace root uid) format rather than V3 (that includes
+// the root uid).
+func TestBuildUserNamespaceValidateCapabilitiesAreV2(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !testEnv.IsUserNamespaceInKernel())
+	skip.If(t, testEnv.IsRootless())
+
+	const imageTag = "capabilities:1.0"
+
+	tmp, err := os.MkdirTemp("", "integration-")
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmp)
+
+	dUserRemap := daemon.New(t)
+	dUserRemap.Start(t, "--userns-remap", "default")
+	ctx := context.Background()
+	clientUserRemap := dUserRemap.NewClientT(t)
+	defer clientUserRemap.Close()
+
+	err = load.FrozenImagesLinux(clientUserRemap, "debian:bullseye-slim")
+	assert.NilError(t, err)
+
+	dUserRemapRunning := true
+	defer func() {
+		if dUserRemapRunning {
+			dUserRemap.Stop(t)
+			dUserRemap.Cleanup(t)
+		}
+	}()
+
+	dockerfile := `
+		FROM debian:bullseye-slim
+		RUN apt-get update && apt-get install -y libcap2-bin --no-install-recommends
+		RUN setcap CAP_NET_BIND_SERVICE=+eip /bin/sleep
+	`
+
+	source := fakecontext.New(t, "", fakecontext.WithDockerfile(dockerfile))
+	defer source.Close()
+
+	resp, err := clientUserRemap.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Tags: []string{imageTag},
+		})
+	assert.NilError(t, err)
+	defer resp.Body.Close()
+
+	buf := bytes.NewBuffer(nil)
+	err = jsonmessage.DisplayJSONMessagesStream(resp.Body, buf, 0, false, nil)
+	assert.NilError(t, err)
+
+	reader, err := clientUserRemap.ImageSave(ctx, []string{imageTag})
+	assert.NilError(t, err, "failed to download capabilities image")
+	defer reader.Close()
+
+	tar, err := os.Create(tmp + "/image.tar")
+	assert.NilError(t, err, "failed to create image tar file")
+	defer tar.Close()
+
+	_, err = io.Copy(tar, reader)
+	assert.NilError(t, err, "failed to write image tar file")
+
+	dUserRemap.Stop(t)
+	dUserRemap.Cleanup(t)
+	dUserRemapRunning = false
+
+	dNoUserRemap := daemon.New(t)
+	dNoUserRemap.Start(t)
+	defer func() {
+		dNoUserRemap.Stop(t)
+		dNoUserRemap.Cleanup(t)
+	}()
+
+	clientNoUserRemap := dNoUserRemap.NewClientT(t)
+	defer clientNoUserRemap.Close()
+
+	tarFile, err := os.Open(tmp + "/image.tar")
+	assert.NilError(t, err, "failed to open image tar file")
+	defer tarFile.Close()
+
+	tarReader := bufio.NewReader(tarFile)
+	loadResp, err := clientNoUserRemap.ImageLoad(ctx, tarReader, false)
+	assert.NilError(t, err, "failed to load image tar file")
+	defer loadResp.Body.Close()
+	buf = bytes.NewBuffer(nil)
+	err = jsonmessage.DisplayJSONMessagesStream(loadResp.Body, buf, 0, false, nil)
+	assert.NilError(t, err)
+
+	cid := container.Run(ctx, t, clientNoUserRemap,
+		container.WithImage(imageTag),
+		container.WithCmd("/sbin/getcap", "-n", "/bin/sleep"),
+	)
+	logReader, err := clientNoUserRemap.ContainerLogs(ctx, cid, types.ContainerLogsOptions{
+		ShowStdout: true,
+	})
+	assert.NilError(t, err)
+	defer logReader.Close()
+
+	actualStdout := new(bytes.Buffer)
+	actualStderr := io.Discard
+	_, err = stdcopy.StdCopy(actualStdout, actualStderr, logReader)
+	assert.NilError(t, err)
+	if strings.TrimSpace(actualStdout.String()) != "/bin/sleep cap_net_bind_service=eip" {
+		t.Fatalf("run produced invalid output: %q, expected %q", actualStdout.String(), "/bin/sleep cap_net_bind_service=eip")
+	}
+}
diff --git a/integration/build/main_test.go b/integration/build/main_test.go
index fef3909fd5666..735f2a49a6a7a 100644
--- a/integration/build/main_test.go
+++ b/integration/build/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/build/testdata/Dockerfile.TestBuildMultiStageCopy b/integration/build/testdata/Dockerfile.TestBuildMultiStageCopy
new file mode 100644
index 0000000000000..52b0acff16baa
--- /dev/null
+++ b/integration/build/testdata/Dockerfile.TestBuildMultiStageCopy
@@ -0,0 +1,20 @@
+FROM busybox AS base
+RUN mkdir existingdir
+
+FROM base AS source
+RUN echo "Hello World" > /hello
+
+FROM base AS copy_to_root
+COPY --from=source /hello /hello
+
+FROM base AS copy_to_newdir
+COPY --from=source /hello /newdir/hello
+
+FROM base AS copy_to_newdir_nested
+COPY --from=source /hello /newdir/newsubdir/hello
+
+FROM base AS copy_to_existingdir
+COPY --from=source /hello /existingdir/hello
+
+FROM base AS copy_to_newsubdir
+COPY --from=source /hello /existingdir/newsubdir/hello
diff --git a/integration/build/testdata/Dockerfile.TestBuildPreserveOwnership b/integration/build/testdata/Dockerfile.TestBuildPreserveOwnership
new file mode 100644
index 0000000000000..ba9d0599423f5
--- /dev/null
+++ b/integration/build/testdata/Dockerfile.TestBuildPreserveOwnership
@@ -0,0 +1,57 @@
+# Set up files and directories with known ownership
+FROM busybox AS source
+RUN touch /file && chown 100:200 /file \
+ && mkdir -p /dir/subdir \
+ && touch /dir/subdir/nestedfile \
+ && chown 100:200 /dir \
+ && chown 101:201 /dir/subdir \
+ && chown 102:202 /dir/subdir/nestedfile
+
+FROM busybox AS test_base
+RUN mkdir -p /existingdir/existingsubdir \
+ && touch /existingdir/existingfile \
+ && chown 500:600 /existingdir \
+ && chown 501:601 /existingdir/existingsubdir \
+ && chown 501:601 /existingdir/existingfile
+
+
+# Copy files from the source stage
+FROM test_base AS copy_from
+COPY --from=source /file .
+# Copy to a non-existing target directory creates the target directory (as root), then copies the _contents_ of the source directory into it
+COPY --from=source /dir /dir
+# Copying to an existing target directory will copy the _contents_ of the source directory into it
+COPY --from=source /dir/. /existingdir
+
+RUN e="100:200"; p="/file"                         ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="0:0";     p="/dir"                          ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="101:201"; p="/dir/subdir"                   ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="102:202"; p="/dir/subdir/nestedfile"        ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+# Existing files and directories ownership should not be modified
+ && e="500:600"; p="/existingdir"                  ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="501:601"; p="/existingdir/existingsubdir"   ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="501:601"; p="/existingdir/existingfile"     ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+# But new files and directories should maintain their ownership
+ && e="101:201"; p="/existingdir/subdir"           ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="102:202"; p="/existingdir/subdir/nestedfile"; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi
+
+
+# Copy files from the source stage and chown them.
+FROM test_base AS copy_from_chowned
+COPY --from=source --chown=300:400 /file .
+# Copy to a non-existing target directory creates the target directory (as root), then copies the _contents_ of the source directory into it
+COPY --from=source --chown=300:400 /dir /dir
+# Copying to an existing target directory copies the _contents_ of the source directory into it
+COPY --from=source --chown=300:400 /dir/. /existingdir
+
+RUN e="300:400"; p="/file"                         ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="300:400"; p="/dir"                          ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="300:400"; p="/dir/subdir"                   ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="300:400"; p="/dir/subdir/nestedfile"        ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+# Existing files and directories ownership should not be modified
+ && e="500:600"; p="/existingdir"                  ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="501:601"; p="/existingdir/existingsubdir"   ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="501:601"; p="/existingdir/existingfile"     ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+# But new files and directories should be chowned
+ && e="300:400"; p="/existingdir/subdir"           ; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi \
+ && e="300:400"; p="/existingdir/subdir/nestedfile"; a=`stat -c "%u:%g" "$p"`; if [ "$a" != "$e" ]; then echo "incorrect ownership on $p. expected $e, got $a"; exit 1; fi
diff --git a/integration/config/config_test.go b/integration/config/config_test.go
index 042f00e8df0ff..5df1bfc3c78a3 100644
--- a/integration/config/config_test.go
+++ b/integration/config/config_test.go
@@ -12,26 +12,51 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/client"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/integration/internal/swarm"
 	"github.com/docker/docker/pkg/stdcopy"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
-func TestConfigList(t *testing.T) {
+func TestConfigInspect(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
 
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	ctx := context.Background()
 
+	testName := t.Name()
+	configID := createConfig(ctx, t, c, testName, []byte("TESTINGDATA"), nil)
+
+	insp, body, err := c.ConfigInspectWithRaw(ctx, configID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Name, testName))
+
+	var config swarmtypes.Config
+	err = json.Unmarshal(body, &config)
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(config, insp))
+}
+
+func TestConfigList(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	c := d.NewClientT(t)
+	defer c.Close()
+	ctx := context.Background()
+
 	// This test case is ported from the original TestConfigsEmptyList
-	configs, err := client.ConfigList(ctx, types.ConfigListOptions{})
+	configs, err := c.ConfigList(ctx, types.ConfigListOptions{})
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(len(configs), 0))
 
@@ -41,12 +66,12 @@ func TestConfigList(t *testing.T) {
 	sort.Strings(testNames)
 
 	// create config test0
-	createConfig(ctx, t, client, testName0, []byte("TESTINGDATA0"), map[string]string{"type": "test"})
+	createConfig(ctx, t, c, testName0, []byte("TESTINGDATA0"), map[string]string{"type": "test"})
 
-	config1ID := createConfig(ctx, t, client, testName1, []byte("TESTINGDATA1"), map[string]string{"type": "production"})
+	config1ID := createConfig(ctx, t, c, testName1, []byte("TESTINGDATA1"), map[string]string{"type": "production"})
 
 	// test by `config ls`
-	entries, err := client.ConfigList(ctx, types.ConfigListOptions{})
+	entries, err := c.ConfigList(ctx, types.ConfigListOptions{})
 	assert.NilError(t, err)
 	assert.Check(t, is.DeepEqual(configNamesFromList(entries), testNames))
 
@@ -79,7 +104,7 @@ func TestConfigList(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
-		entries, err = client.ConfigList(ctx, types.ConfigListOptions{
+		entries, err = c.ConfigList(ctx, types.ConfigListOptions{
 			Filters: tc.filters,
 		})
 		assert.NilError(t, err)
@@ -107,26 +132,36 @@ func TestConfigsCreateAndDelete(t *testing.T) {
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
-
+	c := d.NewClientT(t)
+	defer c.Close()
 	ctx := context.Background()
 
 	testName := "test_config-" + t.Name()
+	configID := createConfig(ctx, t, c, testName, []byte("TESTINGDATA"), nil)
 
-	// This test case is ported from the original TestConfigsCreate
-	configID := createConfig(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
-
-	insp, _, err := client.ConfigInspectWithRaw(ctx, configID)
+	err := c.ConfigRemove(ctx, configID)
 	assert.NilError(t, err)
-	assert.Check(t, is.Equal(insp.Spec.Name, testName))
 
-	// This test case is ported from the original TestConfigsDelete
-	err = client.ConfigRemove(ctx, configID)
-	assert.NilError(t, err)
+	_, _, err = c.ConfigInspectWithRaw(ctx, configID)
+	assert.Check(t, errdefs.IsNotFound(err))
+	assert.Check(t, is.ErrorContains(err, configID))
+
+	err = c.ConfigRemove(ctx, "non-existing")
+	assert.Check(t, errdefs.IsNotFound(err))
+	assert.Check(t, is.ErrorContains(err, "non-existing"))
 
-	insp, _, err = client.ConfigInspectWithRaw(ctx, configID)
-	assert.Check(t, is.ErrorContains(err, "No such config"))
+	testName = "test_secret_with_labels_" + t.Name()
+	configID = createConfig(ctx, t, c, testName, []byte("TESTINGDATA"), map[string]string{
+		"key1": "value1",
+		"key2": "value2",
+	})
+
+	insp, _, err := c.ConfigInspectWithRaw(ctx, configID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Name, testName))
+	assert.Check(t, is.Equal(len(insp.Spec.Labels), 2))
+	assert.Check(t, is.Equal(insp.Spec.Labels["key1"], "value1"))
+	assert.Check(t, is.Equal(insp.Spec.Labels["key2"], "value2"))
 }
 
 func TestConfigsUpdate(t *testing.T) {
@@ -135,51 +170,49 @@ func TestConfigsUpdate(t *testing.T) {
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
-
+	c := d.NewClientT(t)
+	defer c.Close()
 	ctx := context.Background()
 
 	testName := "test_config-" + t.Name()
+	configID := createConfig(ctx, t, c, testName, []byte("TESTINGDATA"), nil)
 
-	// This test case is ported from the original TestConfigsCreate
-	configID := createConfig(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
-
-	insp, _, err := client.ConfigInspectWithRaw(ctx, configID)
+	insp, _, err := c.ConfigInspectWithRaw(ctx, configID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.ID, configID))
 
 	// test UpdateConfig with full ID
 	insp.Spec.Labels = map[string]string{"test": "test1"}
-	err = client.ConfigUpdate(ctx, configID, insp.Version, insp.Spec)
+	err = c.ConfigUpdate(ctx, configID, insp.Version, insp.Spec)
 	assert.NilError(t, err)
 
-	insp, _, err = client.ConfigInspectWithRaw(ctx, configID)
+	insp, _, err = c.ConfigInspectWithRaw(ctx, configID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test1"))
 
 	// test UpdateConfig with full name
 	insp.Spec.Labels = map[string]string{"test": "test2"}
-	err = client.ConfigUpdate(ctx, testName, insp.Version, insp.Spec)
+	err = c.ConfigUpdate(ctx, testName, insp.Version, insp.Spec)
 	assert.NilError(t, err)
 
-	insp, _, err = client.ConfigInspectWithRaw(ctx, configID)
+	insp, _, err = c.ConfigInspectWithRaw(ctx, configID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test2"))
 
 	// test UpdateConfig with prefix ID
 	insp.Spec.Labels = map[string]string{"test": "test3"}
-	err = client.ConfigUpdate(ctx, configID[:1], insp.Version, insp.Spec)
+	err = c.ConfigUpdate(ctx, configID[:1], insp.Version, insp.Spec)
 	assert.NilError(t, err)
 
-	insp, _, err = client.ConfigInspectWithRaw(ctx, configID)
+	insp, _, err = c.ConfigInspectWithRaw(ctx, configID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test3"))
 
 	// test UpdateConfig in updating Data which is not supported in daemon
 	// this test will produce an error in func UpdateConfig
 	insp.Spec.Data = []byte("TESTINGDATA2")
-	err = client.ConfigUpdate(ctx, configID, insp.Version, insp.Spec)
+	err = c.ConfigUpdate(ctx, configID, insp.Version, insp.Spec)
+	assert.Check(t, errdefs.IsInvalidParameter(err))
 	assert.Check(t, is.ErrorContains(err, "only updates to Labels are allowed"))
 }
 
@@ -187,8 +220,8 @@ func TestTemplatedConfig(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 	ctx := context.Background()
 
 	referencedSecretName := "referencedsecret-" + t.Name()
@@ -198,7 +231,7 @@ func TestTemplatedConfig(t *testing.T) {
 		},
 		Data: []byte("this is a secret"),
 	}
-	referencedSecret, err := client.SecretCreate(ctx, referencedSecretSpec)
+	referencedSecret, err := c.SecretCreate(ctx, referencedSecretSpec)
 	assert.Check(t, err)
 
 	referencedConfigName := "referencedconfig-" + t.Name()
@@ -208,7 +241,7 @@ func TestTemplatedConfig(t *testing.T) {
 		},
 		Data: []byte("this is a config"),
 	}
-	referencedConfig, err := client.ConfigCreate(ctx, referencedConfigSpec)
+	referencedConfig, err := c.ConfigCreate(ctx, referencedConfigSpec)
 	assert.Check(t, err)
 
 	templatedConfigName := "templated_config-" + t.Name()
@@ -224,14 +257,15 @@ func TestTemplatedConfig(t *testing.T) {
 			"{{config \"referencedconfigtarget\"}}\n"),
 	}
 
-	templatedConfig, err := client.ConfigCreate(ctx, configSpec)
+	templatedConfig, err := c.ConfigCreate(ctx, configSpec)
 	assert.Check(t, err)
 
+	serviceName := "svc_" + t.Name()
 	serviceID := swarm.CreateService(t, d,
 		swarm.ServiceWithConfig(
 			&swarmtypes.ConfigReference{
 				File: &swarmtypes.ConfigReferenceFileTarget{
-					Name: "/" + templatedConfigName,
+					Name: "templated_config",
 					UID:  "0",
 					GID:  "0",
 					Mode: 0600,
@@ -264,113 +298,31 @@ func TestTemplatedConfig(t *testing.T) {
 				SecretName: referencedSecretName,
 			},
 		),
-		swarm.ServiceWithName("svc"),
+		swarm.ServiceWithName(serviceName),
 	)
 
-	var tasks []swarmtypes.Task
-	waitAndAssert(t, 60*time.Second, func(t *testing.T) bool {
-		tasks = swarm.GetRunningTasks(t, d, serviceID)
-		return len(tasks) > 0
-	})
+	poll.WaitOn(t, swarm.RunningTasksCount(c, serviceID, 1), swarm.ServicePoll, poll.WithTimeout(1*time.Minute))
 
-	task := tasks[0]
-	waitAndAssert(t, 60*time.Second, func(t *testing.T) bool {
-		if task.NodeID == "" || (task.Status.ContainerStatus == nil || task.Status.ContainerStatus.ContainerID == "") {
-			task, _, _ = client.TaskInspectWithRaw(context.Background(), task.ID)
-		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil && task.Status.ContainerStatus.ContainerID != ""
-	})
+	tasks := swarm.GetRunningTasks(t, c, serviceID)
+	assert.Assert(t, len(tasks) > 0, "no running tasks found for service %s", serviceID)
 
-	attach := swarm.ExecTask(t, d, task, types.ExecConfig{
-		Cmd:          []string{"/bin/cat", "/" + templatedConfigName},
+	attach := swarm.ExecTask(t, d, tasks[0], types.ExecConfig{
+		Cmd:          []string{"/bin/cat", "/templated_config"},
 		AttachStdout: true,
 		AttachStderr: true,
 	})
 
-	expect := "SERVICE_NAME=svc\n" +
+	expect := "SERVICE_NAME=" + serviceName + "\n" +
 		"this is a secret\n" +
 		"this is a config\n"
 	assertAttachedStream(t, attach, expect)
 
-	attach = swarm.ExecTask(t, d, task, types.ExecConfig{
+	attach = swarm.ExecTask(t, d, tasks[0], types.ExecConfig{
 		Cmd:          []string{"mount"},
 		AttachStdout: true,
 		AttachStderr: true,
 	})
-	assertAttachedStream(t, attach, "tmpfs on /"+templatedConfigName+" type tmpfs")
-}
-
-func assertAttachedStream(t *testing.T, attach types.HijackedResponse, expect string) {
-	buf := bytes.NewBuffer(nil)
-	_, err := stdcopy.StdCopy(buf, buf, attach.Reader)
-	assert.NilError(t, err)
-	assert.Check(t, is.Contains(buf.String(), expect))
-}
-
-func waitAndAssert(t *testing.T, timeout time.Duration, f func(*testing.T) bool) {
-	t.Helper()
-	after := time.After(timeout)
-	for {
-		select {
-		case <-after:
-			t.Fatalf("timed out waiting for condition")
-		default:
-		}
-		if f(t) {
-			return
-		}
-		time.Sleep(100 * time.Millisecond)
-	}
-}
-
-func TestConfigInspect(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
-
-	defer setupTest(t)()
-	d := swarm.NewSwarm(t, testEnv)
-	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
-
-	ctx := context.Background()
-
-	testName := t.Name()
-	configID := createConfig(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
-
-	insp, body, err := client.ConfigInspectWithRaw(ctx, configID)
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(insp.Spec.Name, testName))
-
-	var config swarmtypes.Config
-	err = json.Unmarshal(body, &config)
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual(config, insp))
-}
-
-func TestConfigCreateWithLabels(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
-
-	defer setupTest(t)()
-	d := swarm.NewSwarm(t, testEnv)
-	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
-
-	ctx := context.Background()
-
-	labels := map[string]string{
-		"key1": "value1",
-		"key2": "value2",
-	}
-	testName := t.Name()
-	configID := createConfig(ctx, t, client, testName, []byte("TESTINGDATA"), labels)
-
-	insp, _, err := client.ConfigInspectWithRaw(ctx, configID)
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(insp.Spec.Name, testName))
-	assert.Check(t, is.Equal(2, len(insp.Spec.Labels)))
-	assert.Check(t, is.Equal("value1", insp.Spec.Labels["key1"]))
-	assert.Check(t, is.Equal("value2", insp.Spec.Labels["key2"]))
+	assertAttachedStream(t, attach, "tmpfs on /templated_config type tmpfs")
 }
 
 // Test case for 28884
@@ -380,27 +332,27 @@ func TestConfigCreateResolve(t *testing.T) {
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	ctx := context.Background()
 
 	configName := "test_config_" + t.Name()
+	configID := createConfig(ctx, t, c, configName, []byte("foo"), nil)
 
-	configID := createConfig(ctx, t, client, configName, []byte("foo"), nil)
 	fakeName := configID
-	fakeID := createConfig(ctx, t, client, fakeName, []byte("fake foo"), nil)
+	fakeID := createConfig(ctx, t, c, fakeName, []byte("fake foo"), nil)
 
-	entries, err := client.ConfigList(ctx, types.ConfigListOptions{})
+	entries, err := c.ConfigList(ctx, types.ConfigListOptions{})
 	assert.NilError(t, err)
 	assert.Assert(t, is.Contains(configNamesFromList(entries), configName))
 	assert.Assert(t, is.Contains(configNamesFromList(entries), fakeName))
 
-	err = client.ConfigRemove(ctx, configID)
+	err = c.ConfigRemove(ctx, configID)
 	assert.NilError(t, err)
 
 	// Fake one will remain
-	entries, err = client.ConfigList(ctx, types.ConfigListOptions{})
+	entries, err = c.ConfigList(ctx, types.ConfigListOptions{})
 	assert.NilError(t, err)
 	assert.Assert(t, is.DeepEqual(configNamesFromList(entries), []string{fakeName}))
 
@@ -410,20 +362,27 @@ func TestConfigCreateResolve(t *testing.T) {
 	// - Full ID
 	// - Full Name
 	// - Partial ID (prefix)
-	err = client.ConfigRemove(ctx, configID[:5])
+	err = c.ConfigRemove(ctx, configID[:5])
 	assert.Assert(t, nil != err)
-	entries, err = client.ConfigList(ctx, types.ConfigListOptions{})
+	entries, err = c.ConfigList(ctx, types.ConfigListOptions{})
 	assert.NilError(t, err)
 	assert.Assert(t, is.DeepEqual(configNamesFromList(entries), []string{fakeName}))
 
 	// Remove based on ID prefix of the fake one should succeed
-	err = client.ConfigRemove(ctx, fakeID[:5])
+	err = c.ConfigRemove(ctx, fakeID[:5])
 	assert.NilError(t, err)
-	entries, err = client.ConfigList(ctx, types.ConfigListOptions{})
+	entries, err = c.ConfigList(ctx, types.ConfigListOptions{})
 	assert.NilError(t, err)
 	assert.Assert(t, is.Equal(0, len(entries)))
 }
 
+func assertAttachedStream(t *testing.T, attach types.HijackedResponse, expect string) {
+	buf := bytes.NewBuffer(nil)
+	_, err := stdcopy.StdCopy(buf, buf, attach.Reader)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(buf.String(), expect))
+}
+
 func configNamesFromList(entries []swarmtypes.Config) []string {
 	var values []string
 	for _, entry := range entries {
diff --git a/integration/config/main_test.go b/integration/config/main_test.go
index 3c8f0483f2372..dc5c8e834d257 100644
--- a/integration/config/main_test.go
+++ b/integration/config/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/container/checkpoint_test.go b/integration/container/checkpoint_test.go
new file mode 100644
index 0000000000000..fb37fcea60465
--- /dev/null
+++ b/integration/container/checkpoint_test.go
@@ -0,0 +1,165 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"regexp"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
+)
+
+//nolint:unused // false positive: linter detects this as "unused"
+func containerExec(t *testing.T, client client.APIClient, cID string, cmd []string) {
+	t.Logf("Exec: %s", cmd)
+	ctx := context.Background()
+	r, err := container.Exec(ctx, client, cID, cmd)
+	assert.NilError(t, err)
+	t.Log(r.Combined())
+	assert.Equal(t, r.ExitCode, 0)
+}
+
+func TestCheckpoint(t *testing.T) {
+	t.Skip("TestCheckpoint is broken; see https://github.com/moby/moby/issues/38963")
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
+
+	defer setupTest(t)()
+
+	cmd := exec.Command("criu", "check")
+	stdoutStderr, err := cmd.CombinedOutput()
+	t.Logf("%s", stdoutStderr)
+	assert.NilError(t, err)
+
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	mnt := mounttypes.Mount{
+		Type:   mounttypes.TypeTmpfs,
+		Target: "/tmp",
+	}
+
+	t.Log("Start a container")
+	cID := container.Run(ctx, t, client, container.WithMount(mnt))
+	poll.WaitOn(t,
+		container.IsInState(ctx, client, cID, "running"),
+		poll.WithDelay(100*time.Millisecond),
+	)
+
+	cptOpt := types.CheckpointCreateOptions{
+		Exit:         false,
+		CheckpointID: "test",
+	}
+
+	{
+		// FIXME: ipv6 iptables modules are not uploaded in the test environment
+		cmd := exec.Command("bash", "-c", "set -x; "+
+			"mount --bind $(type -P true) $(type -P ip6tables-restore) && "+
+			"mount --bind $(type -P true) $(type -P ip6tables-save)")
+		stdoutStderr, err = cmd.CombinedOutput()
+		t.Logf("%s", stdoutStderr)
+		assert.NilError(t, err)
+
+		defer func() {
+			cmd := exec.Command("bash", "-c", "set -x; "+
+				"umount -c -i -l $(type -P ip6tables-restore); "+
+				"umount -c -i -l $(type -P ip6tables-save)")
+			stdoutStderr, err = cmd.CombinedOutput()
+			t.Logf("%s", stdoutStderr)
+			assert.NilError(t, err)
+		}()
+	}
+	t.Log("Do a checkpoint and leave the container running")
+	err = client.CheckpointCreate(ctx, cID, cptOpt)
+	if err != nil {
+		// An error can contain a path to a dump file
+		t.Logf("%s", err)
+		re := regexp.MustCompile("path= (.*): ")
+		m := re.FindStringSubmatch(fmt.Sprintf("%s", err))
+		if len(m) >= 2 {
+			dumpLog := m[1]
+			t.Logf("%s", dumpLog)
+			cmd := exec.Command("cat", dumpLog)
+			stdoutStderr, err = cmd.CombinedOutput()
+			t.Logf("%s", stdoutStderr)
+		}
+	}
+	assert.NilError(t, err)
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(true, inspect.State.Running))
+
+	checkpoints, err := client.CheckpointList(ctx, cID, types.CheckpointListOptions{})
+	assert.NilError(t, err)
+	assert.Equal(t, len(checkpoints), 1)
+	assert.Equal(t, checkpoints[0].Name, "test")
+
+	// Create a test file on a tmpfs mount.
+	containerExec(t, client, cID, []string{"touch", "/tmp/test-file"})
+
+	// Do a second checkpoint
+	cptOpt = types.CheckpointCreateOptions{
+		Exit:         true,
+		CheckpointID: "test2",
+	}
+	t.Log("Do a checkpoint and stop the container")
+	err = client.CheckpointCreate(ctx, cID, cptOpt)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t,
+		container.IsInState(ctx, client, cID, "exited"),
+		poll.WithDelay(100*time.Millisecond),
+	)
+
+	inspect, err = client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(false, inspect.State.Running))
+
+	// Check that both checkpoints are listed.
+	checkpoints, err = client.CheckpointList(ctx, cID, types.CheckpointListOptions{})
+	assert.NilError(t, err)
+	assert.Equal(t, len(checkpoints), 2)
+	cptNames := make([]string, 2)
+	for i, c := range checkpoints {
+		cptNames[i] = c.Name
+	}
+	sort.Strings(cptNames)
+	assert.Equal(t, cptNames[0], "test")
+	assert.Equal(t, cptNames[1], "test2")
+
+	// Restore the container from a second checkpoint.
+	startOpt := types.ContainerStartOptions{
+		CheckpointID: "test2",
+	}
+	t.Log("Restore the container")
+	err = client.ContainerStart(ctx, cID, startOpt)
+	assert.NilError(t, err)
+
+	inspect, err = client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(true, inspect.State.Running))
+
+	// Check that the test file has been restored.
+	containerExec(t, client, cID, []string{"test", "-f", "/tmp/test-file"})
+
+	for _, id := range []string{"test", "test2"} {
+		cptDelOpt := types.CheckpointDeleteOptions{
+			CheckpointID: id,
+		}
+
+		err = client.CheckpointDelete(ctx, cID, cptDelOpt)
+		assert.NilError(t, err)
+	}
+}
diff --git a/integration/container/container_test.go b/integration/container/container_test.go
new file mode 100644
index 0000000000000..0402828a77bd3
--- /dev/null
+++ b/integration/container/container_test.go
@@ -0,0 +1,42 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+func TestContainerInvalidJSON(t *testing.T) {
+	defer setupTest(t)()
+
+	endpoints := []string{
+		"/containers/foobar/exec",
+		"/exec/foobar/start",
+	}
+
+	for _, ep := range endpoints {
+		ep := ep
+		t.Run(ep, func(t *testing.T) {
+			t.Parallel()
+
+			res, body, err := request.Post(ep, request.RawString("{invalid json"), request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusBadRequest)
+
+			buf, err := request.ReadBody(body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(buf), "invalid character 'i' looking for beginning of object key string"))
+
+			res, body, err = request.Post(ep, request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusBadRequest)
+
+			buf, err = request.ReadBody(body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(buf), "got EOF while reading request body"))
+		})
+	}
+}
diff --git a/integration/container/copy_test.go b/integration/container/copy_test.go
index 9c5c5ce297317..128e2029033bf 100644
--- a/integration/container/copy_test.go
+++ b/integration/container/copy_test.go
@@ -1,25 +1,30 @@
 package container // import "github.com/docker/docker/integration/container"
 
 import (
+	"archive/tar"
 	"context"
+	"encoding/json"
 	"fmt"
+	"io"
+	"os"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/testutil/fakecontext"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestCopyFromContainerPathDoesNotExist(t *testing.T) {
 	defer setupTest(t)()
-	skip.If(t, testEnv.OSType == "windows")
 
 	ctx := context.Background()
 	apiclient := testEnv.APIClient()
-	cid := container.Create(t, ctx, apiclient)
+	cid := container.Create(ctx, t, apiclient)
 
 	_, _, err := apiclient.CopyFromContainer(ctx, cid, "/dne")
 	assert.Check(t, client.IsErrNotFound(err))
@@ -29,23 +34,27 @@ func TestCopyFromContainerPathDoesNotExist(t *testing.T) {
 
 func TestCopyFromContainerPathIsNotDir(t *testing.T) {
 	defer setupTest(t)()
-	skip.If(t, testEnv.OSType == "windows")
 
 	ctx := context.Background()
 	apiclient := testEnv.APIClient()
-	cid := container.Create(t, ctx, apiclient)
+	cid := container.Create(ctx, t, apiclient)
 
-	_, _, err := apiclient.CopyFromContainer(ctx, cid, "/etc/passwd/")
-	assert.Assert(t, is.ErrorContains(err, "not a directory"))
+	path := "/etc/passwd/"
+	expected := "not a directory"
+	if testEnv.OSType == "windows" {
+		path = "c:/windows/system32/drivers/etc/hosts/"
+		expected = "The filename, directory name, or volume label syntax is incorrect."
+	}
+	_, _, err := apiclient.CopyFromContainer(ctx, cid, path)
+	assert.Assert(t, is.ErrorContains(err, expected))
 }
 
 func TestCopyToContainerPathDoesNotExist(t *testing.T) {
 	defer setupTest(t)()
-	skip.If(t, testEnv.OSType == "windows")
 
 	ctx := context.Background()
 	apiclient := testEnv.APIClient()
-	cid := container.Create(t, ctx, apiclient)
+	cid := container.Create(ctx, t, apiclient)
 
 	err := apiclient.CopyToContainer(ctx, cid, "/dne", nil, types.CopyToContainerOptions{})
 	assert.Check(t, client.IsErrNotFound(err))
@@ -55,12 +64,105 @@ func TestCopyToContainerPathDoesNotExist(t *testing.T) {
 
 func TestCopyToContainerPathIsNotDir(t *testing.T) {
 	defer setupTest(t)()
-	skip.If(t, testEnv.OSType == "windows")
 
 	ctx := context.Background()
 	apiclient := testEnv.APIClient()
-	cid := container.Create(t, ctx, apiclient)
+	cid := container.Create(ctx, t, apiclient)
 
-	err := apiclient.CopyToContainer(ctx, cid, "/etc/passwd/", nil, types.CopyToContainerOptions{})
+	path := "/etc/passwd/"
+	if testEnv.OSType == "windows" {
+		path = "c:/windows/system32/drivers/etc/hosts/"
+	}
+	err := apiclient.CopyToContainer(ctx, cid, path, nil, types.CopyToContainerOptions{})
 	assert.Assert(t, is.ErrorContains(err, "not a directory"))
 }
+
+func TestCopyFromContainer(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	defer setupTest(t)()
+
+	ctx := context.Background()
+	apiClient := testEnv.APIClient()
+
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+	defer os.RemoveAll(dir)
+
+	buildCtx := fakecontext.New(t, dir, fakecontext.WithFile("foo", "hello"), fakecontext.WithFile("baz", "world"), fakecontext.WithDockerfile(`
+		FROM busybox
+		COPY foo /foo
+		COPY baz /bar/quux/baz
+		RUN ln -s notexist /bar/notarget && ln -s quux/baz /bar/filesymlink && ln -s quux /bar/dirsymlink && ln -s / /bar/root
+		CMD /fake
+	`))
+	defer buildCtx.Close()
+
+	resp, err := apiClient.ImageBuild(ctx, buildCtx.AsTarReader(t), types.ImageBuildOptions{})
+	assert.NilError(t, err)
+	defer resp.Body.Close()
+
+	var imageID string
+	err = jsonmessage.DisplayJSONMessagesStream(resp.Body, io.Discard, 0, false, func(msg jsonmessage.JSONMessage) {
+		var r types.BuildResult
+		assert.NilError(t, json.Unmarshal(*msg.Aux, &r))
+		imageID = r.ID
+	})
+	assert.NilError(t, err)
+	assert.Assert(t, imageID != "")
+
+	cid := container.Create(ctx, t, apiClient, container.WithImage(imageID))
+
+	for _, x := range []struct {
+		src    string
+		expect map[string]string
+	}{
+		{"/", map[string]string{"/": "", "/foo": "hello", "/bar/quux/baz": "world", "/bar/filesymlink": "", "/bar/dirsymlink": "", "/bar/notarget": ""}},
+		{"/bar/root", map[string]string{"root": ""}},
+		{"/bar/root/", map[string]string{"root/": "", "root/foo": "hello", "root/bar/quux/baz": "world", "root/bar/filesymlink": "", "root/bar/dirsymlink": "", "root/bar/notarget": ""}},
+
+		{"bar/quux", map[string]string{"quux/": "", "quux/baz": "world"}},
+		{"bar/quux/", map[string]string{"quux/": "", "quux/baz": "world"}},
+		{"bar/quux/baz", map[string]string{"baz": "world"}},
+
+		{"bar/filesymlink", map[string]string{"filesymlink": ""}},
+		{"bar/dirsymlink", map[string]string{"dirsymlink": ""}},
+		{"bar/dirsymlink/", map[string]string{"dirsymlink/": "", "dirsymlink/baz": "world"}},
+		{"bar/notarget", map[string]string{"notarget": ""}},
+	} {
+		t.Run(x.src, func(t *testing.T) {
+			rdr, _, err := apiClient.CopyFromContainer(ctx, cid, x.src)
+			assert.NilError(t, err)
+			defer rdr.Close()
+
+			found := make(map[string]bool, len(x.expect))
+			var numFound int
+			tr := tar.NewReader(rdr)
+			for numFound < len(x.expect) {
+				h, err := tr.Next()
+				if err == io.EOF {
+					break
+				}
+				assert.NilError(t, err)
+
+				expected, exists := x.expect[h.Name]
+				if !exists {
+					// this archive will have extra stuff in it since we are copying from root
+					// and docker adds a bunch of stuff
+					continue
+				}
+
+				numFound++
+				found[h.Name] = true
+
+				buf, err := io.ReadAll(tr)
+				if err == nil {
+					assert.Check(t, is.Equal(string(buf), expected))
+				}
+			}
+
+			for f := range x.expect {
+				assert.Check(t, found[f], f+" not found in archive")
+			}
+		})
+	}
+}
diff --git a/integration/container/create_test.go b/integration/container/create_test.go
index 8d5afd1f934dc..b47d4c7dbbb8c 100644
--- a/integration/container/create_test.go
+++ b/integration/container/create_test.go
@@ -4,27 +4,29 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"net/http"
 	"strconv"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
+	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/errdefs"
 	ctr "github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/oci"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestCreateFailsWhenIdentifierDoesNotExist(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	testCases := []struct {
 		doc           string
@@ -56,16 +58,41 @@ func TestCreateFailsWhenIdentifierDoesNotExist(t *testing.T) {
 				&container.Config{Image: tc.image},
 				&container.HostConfig{},
 				&network.NetworkingConfig{},
+				nil,
 				"",
 			)
 			assert.Check(t, is.ErrorContains(err, tc.expectedError))
+			assert.Check(t, errdefs.IsNotFound(err))
 		})
 	}
 }
 
+// TestCreateLinkToNonExistingContainer verifies that linking to a non-existing
+// container returns an "invalid parameter" (400) status, and not the underlying
+// "non exists" (404).
+func TestCreateLinkToNonExistingContainer(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "legacy links are not supported on windows")
+	defer setupTest(t)()
+	c := testEnv.APIClient()
+
+	_, err := c.ContainerCreate(context.Background(),
+		&container.Config{
+			Image: "busybox",
+		},
+		&container.HostConfig{
+			Links: []string{"no-such-container"},
+		},
+		&network.NetworkingConfig{},
+		nil,
+		"",
+	)
+	assert.Check(t, is.ErrorContains(err, "could not get container for no-such-container"))
+	assert.Check(t, errdefs.IsInvalidParameter(err))
+}
+
 func TestCreateWithInvalidEnv(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	testCases := []struct {
 		env           string
@@ -96,9 +123,11 @@ func TestCreateWithInvalidEnv(t *testing.T) {
 				},
 				&container.HostConfig{},
 				&network.NetworkingConfig{},
+				nil,
 				"",
 			)
 			assert.Check(t, is.ErrorContains(err, tc.expectedError))
+			assert.Check(t, errdefs.IsInvalidParameter(err))
 		})
 	}
 }
@@ -108,7 +137,7 @@ func TestCreateTmpfsMountsTarget(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	testCases := []struct {
 		target        string
@@ -141,16 +170,18 @@ func TestCreateTmpfsMountsTarget(t *testing.T) {
 				Tmpfs: map[string]string{tc.target: ""},
 			},
 			&network.NetworkingConfig{},
+			nil,
 			"",
 		)
 		assert.Check(t, is.ErrorContains(err, tc.expectedError))
+		assert.Check(t, errdefs.IsInvalidParameter(err))
 	}
 }
 func TestCreateWithCustomMaskedPaths(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	testCases := []struct {
@@ -209,6 +240,7 @@ func TestCreateWithCustomMaskedPaths(t *testing.T) {
 			&config,
 			&hc,
 			&network.NetworkingConfig{},
+			nil,
 			name,
 		)
 		assert.NilError(t, err)
@@ -229,11 +261,10 @@ func TestCreateWithCustomReadonlyPaths(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	testCases := []struct {
-		doc           string
 		readonlyPaths []string
 		expected      []string
 	}{
@@ -288,6 +319,7 @@ func TestCreateWithCustomReadonlyPaths(t *testing.T) {
 			&config,
 			&hc,
 			&network.NetworkingConfig{},
+			nil,
 			name,
 		)
 		assert.NilError(t, err)
@@ -306,6 +338,8 @@ func TestCreateWithCustomReadonlyPaths(t *testing.T) {
 
 func TestCreateWithInvalidHealthcheckParams(t *testing.T) {
 	defer setupTest(t)()
+	client := testEnv.APIClient()
+	ctx := context.Background()
 
 	testCases := []struct {
 		doc         string
@@ -353,38 +387,144 @@ func TestCreateWithInvalidHealthcheckParams(t *testing.T) {
 		},
 	}
 
-	for i, tc := range testCases {
-		i := i
+	for _, tc := range testCases {
 		tc := tc
 		t.Run(tc.doc, func(t *testing.T) {
 			t.Parallel()
-			healthCheck := map[string]interface{}{
-				"Interval": tc.interval,
-				"Timeout":  tc.timeout,
-				"Retries":  tc.retries,
+			cfg := container.Config{
+				Image: "busybox",
+				Healthcheck: &container.HealthConfig{
+					Interval: tc.interval,
+					Timeout:  tc.timeout,
+					Retries:  tc.retries,
+				},
 			}
 			if tc.startPeriod != 0 {
-				healthCheck["StartPeriod"] = tc.startPeriod
-			}
-
-			config := map[string]interface{}{
-				"Image":       "busybox",
-				"Healthcheck": healthCheck,
+				cfg.Healthcheck.StartPeriod = tc.startPeriod
 			}
 
-			res, body, err := request.Post("/containers/create?name="+fmt.Sprintf("test_%d_", i)+t.Name(), request.JSONBody(config))
-			assert.NilError(t, err)
+			resp, err := client.ContainerCreate(ctx, &cfg, &container.HostConfig{}, nil, nil, "")
+			assert.Check(t, is.Equal(len(resp.Warnings), 0))
 
 			if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
-				assert.Check(t, is.Equal(http.StatusInternalServerError, res.StatusCode))
+				assert.Check(t, errdefs.IsSystem(err))
 			} else {
-				assert.Check(t, is.Equal(http.StatusBadRequest, res.StatusCode))
+				assert.Check(t, errdefs.IsInvalidParameter(err))
 			}
+			assert.ErrorContains(t, err, tc.expectedErr)
+		})
+	}
+}
+
+// Make sure that anonymous volumes can be overritten by tmpfs
+// https://github.com/moby/moby/issues/40446
+func TestCreateTmpfsOverrideAnonymousVolume(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "windows does not support tmpfs")
+	defer setupTest(t)()
+	client := testEnv.APIClient()
+	ctx := context.Background()
 
-			buf, err := request.ReadBody(body)
-			assert.NilError(t, err)
+	id := ctr.Create(ctx, t, client,
+		ctr.WithVolume("/foo"),
+		ctr.WithTmpfs("/foo"),
+		ctr.WithVolume("/bar"),
+		ctr.WithTmpfs("/bar:size=999"),
+		ctr.WithCmd("/bin/sh", "-c", "mount | grep '/foo' | grep tmpfs && mount | grep '/bar' | grep tmpfs"),
+	)
 
-			assert.Check(t, is.Contains(string(buf), tc.expectedErr))
-		})
+	defer func() {
+		err := client.ContainerRemove(ctx, id, types.ContainerRemoveOptions{Force: true})
+		assert.NilError(t, err)
+	}()
+
+	inspect, err := client.ContainerInspect(ctx, id)
+	assert.NilError(t, err)
+	// tmpfs do not currently get added to inspect.Mounts
+	// Normally an anonymous volume would, except now tmpfs should prevent that.
+	assert.Assert(t, is.Len(inspect.Mounts, 0))
+
+	chWait, chErr := client.ContainerWait(ctx, id, container.WaitConditionNextExit)
+	assert.NilError(t, client.ContainerStart(ctx, id, types.ContainerStartOptions{}))
+
+	timeout := time.NewTimer(30 * time.Second)
+	defer timeout.Stop()
+
+	select {
+	case <-timeout.C:
+		t.Fatal("timeout waiting for container to exit")
+	case status := <-chWait:
+		var errMsg string
+		if status.Error != nil {
+			errMsg = status.Error.Message
+		}
+		assert.Equal(t, int(status.StatusCode), 0, errMsg)
+	case err := <-chErr:
+		assert.NilError(t, err)
 	}
 }
+
+// Test that if the referenced image platform does not match the requested platform on container create that we get an
+// error.
+func TestCreateDifferentPlatform(t *testing.T) {
+	defer setupTest(t)()
+	c := testEnv.APIClient()
+	ctx := context.Background()
+
+	img, _, err := c.ImageInspectWithRaw(ctx, "busybox:latest")
+	assert.NilError(t, err)
+	assert.Assert(t, img.Architecture != "")
+
+	t.Run("different os", func(t *testing.T) {
+		p := specs.Platform{
+			OS:           img.Os + "DifferentOS",
+			Architecture: img.Architecture,
+			Variant:      img.Variant,
+		}
+		_, err := c.ContainerCreate(ctx, &containertypes.Config{Image: "busybox:latest"}, &containertypes.HostConfig{}, nil, &p, "")
+		assert.Assert(t, client.IsErrNotFound(err), err)
+	})
+	t.Run("different cpu arch", func(t *testing.T) {
+		p := specs.Platform{
+			OS:           img.Os,
+			Architecture: img.Architecture + "DifferentArch",
+			Variant:      img.Variant,
+		}
+		_, err := c.ContainerCreate(ctx, &containertypes.Config{Image: "busybox:latest"}, &containertypes.HostConfig{}, nil, &p, "")
+		assert.Assert(t, client.IsErrNotFound(err), err)
+	})
+}
+
+func TestCreateVolumesFromNonExistingContainer(t *testing.T) {
+	defer setupTest(t)()
+	cli := testEnv.APIClient()
+
+	_, err := cli.ContainerCreate(
+		context.Background(),
+		&container.Config{Image: "busybox"},
+		&container.HostConfig{VolumesFrom: []string{"nosuchcontainer"}},
+		nil,
+		nil,
+		"",
+	)
+	assert.Check(t, errdefs.IsInvalidParameter(err))
+}
+
+// Test that we can create a container from an image that is for a different platform even if a platform was not specified
+// This is for the regression detailed here: https://github.com/moby/moby/issues/41552
+func TestCreatePlatformSpecificImageNoPlatform(t *testing.T) {
+	defer setupTest(t)()
+
+	skip.If(t, testEnv.DaemonInfo.Architecture == "arm", "test only makes sense to run on non-arm systems")
+	skip.If(t, testEnv.OSType != "linux", "test image is only available on linux")
+	cli := testEnv.APIClient()
+
+	_, err := cli.ContainerCreate(
+		context.Background(),
+		&container.Config{Image: "arm32v7/hello-world"},
+		&container.HostConfig{},
+		nil,
+		nil,
+		"",
+	)
+	assert.NilError(t, err)
+}
diff --git a/integration/container/daemon_linux_test.go b/integration/container/daemon_linux_test.go
index bd13e30939f45..1683c51fec12f 100644
--- a/integration/container/daemon_linux_test.go
+++ b/integration/container/daemon_linux_test.go
@@ -2,18 +2,24 @@ package container // import "github.com/docker/docker/integration/container"
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/docker/docker/api/types"
+	containerapi "github.com/docker/docker/api/types/container"
+	realcontainer "github.com/docker/docker/container"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/testutil/daemon"
 	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 // This is a regression test for #36145
@@ -29,25 +35,24 @@ import (
 func TestContainerStartOnDaemonRestart(t *testing.T) {
 	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
-	skip.If(t, testEnv.IsRemoteDaemon(), "cannot start daemon on remote test run")
+	skip.If(t, testEnv.IsRootless)
 	t.Parallel()
 
 	d := daemon.New(t)
 	d.StartWithBusybox(t, "--iptables=false")
 	defer d.Stop(t)
 
-	client, err := d.NewClient()
-	assert.Check(t, err, "error creating client")
+	c := d.NewClientT(t)
 
 	ctx := context.Background()
 
-	cID := container.Create(t, ctx, client)
-	defer client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
+	cID := container.Create(ctx, t, c)
+	defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
 
-	err = client.ContainerStart(ctx, cID, types.ContainerStartOptions{})
+	err := c.ContainerStart(ctx, cID, types.ContainerStartOptions{})
 	assert.Check(t, err, "error starting test container")
 
-	inspect, err := client.ContainerInspect(ctx, cID)
+	inspect, err := c.ContainerInspect(ctx, cID)
 	assert.Check(t, err, "error getting inspect data")
 
 	ppid := getContainerdShimPid(t, inspect)
@@ -63,12 +68,12 @@ func TestContainerStartOnDaemonRestart(t *testing.T) {
 
 	d.Start(t, "--iptables=false")
 
-	err = client.ContainerStart(ctx, cID, types.ContainerStartOptions{})
+	err = c.ContainerStart(ctx, cID, types.ContainerStartOptions{})
 	assert.Check(t, err, "failed to start test container")
 }
 
 func getContainerdShimPid(t *testing.T, c types.ContainerJSON) int {
-	statB, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/stat", c.State.Pid))
+	statB, err := os.ReadFile(fmt.Sprintf("/proc/%d/stat", c.State.Pid))
 	assert.Check(t, err, "error looking up containerd-shim pid")
 
 	// ppid is the 4th entry in `/proc/pid/stat`
@@ -78,3 +83,152 @@ func getContainerdShimPid(t *testing.T, c types.ContainerJSON) int {
 	assert.Check(t, ppid != 1, "got unexpected ppid")
 	return ppid
 }
+
+// TestDaemonRestartIpcMode makes sure a container keeps its ipc mode
+// (derived from daemon default) even after the daemon is restarted
+// with a different default ipc mode.
+func TestDaemonRestartIpcMode(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	t.Parallel()
+
+	d := daemon.New(t)
+	d.StartWithBusybox(t, "--iptables=false", "--default-ipc-mode=private")
+	defer d.Stop(t)
+
+	c := d.NewClientT(t)
+	ctx := context.Background()
+
+	// check the container is created with private ipc mode as per daemon default
+	cID := container.Run(ctx, t, c,
+		container.WithCmd("top"),
+		container.WithRestartPolicy("always"),
+	)
+	defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
+
+	inspect, err := c.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "private"))
+
+	// restart the daemon with shareable default ipc mode
+	d.Restart(t, "--iptables=false", "--default-ipc-mode=shareable")
+
+	// check the container is still having private ipc mode
+	inspect, err = c.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "private"))
+
+	// check a new container is created with shareable ipc mode as per new daemon default
+	cID = container.Run(ctx, t, c)
+	defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
+
+	inspect, err = c.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "shareable"))
+}
+
+// TestDaemonHostGatewayIP verifies that when a magic string "host-gateway" is passed
+// to ExtraHosts (--add-host) instead of an IP address, its value is set to
+// 1. Daemon config flag value specified by host-gateway-ip or
+// 2. IP of the default bridge network
+// and is added to the /etc/hosts file
+func TestDaemonHostGatewayIP(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
+	t.Parallel()
+
+	// Verify the IP in /etc/hosts is same as host-gateway-ip
+	d := daemon.New(t)
+	// Verify the IP in /etc/hosts is same as the default bridge's IP
+	d.StartWithBusybox(t)
+	c := d.NewClientT(t)
+	ctx := context.Background()
+	cID := container.Run(ctx, t, c,
+		container.WithExtraHost("host.docker.internal:host-gateway"),
+	)
+	res, err := container.Exec(ctx, c, cID, []string{"cat", "/etc/hosts"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	inspect, err := c.NetworkInspect(ctx, "bridge", types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(res.Stdout(), inspect.IPAM.Config[0].Gateway))
+	c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
+	d.Stop(t)
+
+	// Verify the IP in /etc/hosts is same as host-gateway-ip
+	d.StartWithBusybox(t, "--host-gateway-ip=6.7.8.9")
+	cID = container.Run(ctx, t, c,
+		container.WithExtraHost("host.docker.internal:host-gateway"),
+	)
+	res, err = container.Exec(ctx, c, cID, []string{"cat", "/etc/hosts"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	assert.Check(t, is.Contains(res.Stdout(), "6.7.8.9"))
+	c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
+	d.Stop(t)
+
+}
+
+// TestRestartDaemonWithRestartingContainer simulates a case where a container is in "restarting" state when
+// dockerd is killed (due to machine reset or something else).
+//
+// Related to moby/moby#41817
+//
+// In this test we'll change the container state to "restarting".
+// This means that the container will not be 'alive' when we attempt to restore in on daemon startup.
+//
+// We could do the same with `docker run -d --resetart=always busybox:latest exit 1`, and then
+// `kill -9` dockerd while the container is in "restarting" state. This is difficult to reproduce reliably
+// in an automated test, so we manipulate on disk state instead.
+func TestRestartDaemonWithRestartingContainer(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+
+	t.Parallel()
+
+	d := daemon.New(t)
+	defer d.Cleanup(t)
+
+	d.StartWithBusybox(t, "--iptables=false")
+	defer d.Stop(t)
+
+	ctx := context.Background()
+	client := d.NewClientT(t)
+
+	// Just create the container, no need to start it to be started.
+	// We really want to make sure there is no process running when docker starts back up.
+	// We will manipulate the on disk state later
+	id := container.Create(ctx, t, client, container.WithRestartPolicy("always"), container.WithCmd("/bin/sh", "-c", "exit 1"))
+
+	d.Stop(t)
+
+	configPath := filepath.Join(d.Root, "containers", id, "config.v2.json")
+	configBytes, err := os.ReadFile(configPath)
+	assert.NilError(t, err)
+
+	var c realcontainer.Container
+
+	assert.NilError(t, json.Unmarshal(configBytes, &c))
+
+	c.State = realcontainer.NewState()
+	c.SetRestarting(&realcontainer.ExitStatus{ExitCode: 1})
+	c.HasBeenStartedBefore = true
+
+	configBytes, err = json.Marshal(&c)
+	assert.NilError(t, err)
+	assert.NilError(t, os.WriteFile(configPath, configBytes, 0600))
+
+	d.Start(t)
+
+	ctxTimeout, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+	chOk, chErr := client.ContainerWait(ctxTimeout, id, containerapi.WaitConditionNextExit)
+	select {
+	case <-chOk:
+	case err := <-chErr:
+		assert.NilError(t, err)
+	}
+}
diff --git a/integration/container/daemon_test.go b/integration/container/daemon_test.go
new file mode 100644
index 0000000000000..94468a440914f
--- /dev/null
+++ b/integration/container/daemon_test.go
@@ -0,0 +1,51 @@
+package container
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
+)
+
+// Make sure a container that does not exit when it upon receiving it's stop signal is actually shutdown on daemon
+// startup.
+func TestContainerKillOnDaemonStart(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "scenario doesn't work with rootless mode")
+
+	t.Parallel()
+
+	d := daemon.New(t)
+	defer d.Cleanup(t)
+
+	d.StartWithBusybox(t, "--iptables=false")
+	defer d.Stop(t)
+
+	client := d.NewClientT(t)
+	ctx := context.Background()
+
+	// The intention of this container is to ignore stop signals.
+	// Sadly this means the test will take longer, but at least this test can be parallelized.
+	id := container.Run(ctx, t, client, container.WithCmd("/bin/sh", "-c", "while true; do echo hello; sleep 1; done"))
+	defer func() {
+		err := client.ContainerRemove(ctx, id, types.ContainerRemoveOptions{Force: true})
+		assert.NilError(t, err)
+	}()
+
+	inspect, err := client.ContainerInspect(ctx, id)
+	assert.NilError(t, err)
+	assert.Assert(t, inspect.State.Running)
+
+	assert.NilError(t, d.Kill())
+	d.Start(t)
+
+	inspect, err = client.ContainerInspect(ctx, id)
+	assert.Check(t, is.Nil(err))
+	assert.Assert(t, !inspect.State.Running)
+}
diff --git a/integration/container/diff_test.go b/integration/container/diff_test.go
index 32ad94b934889..7df11ce605f5e 100644
--- a/integration/container/diff_test.go
+++ b/integration/container/diff_test.go
@@ -7,20 +7,19 @@ import (
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/archive"
-	"gotest.tools/assert"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestDiff(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", `mkdir /foo; echo xyzzy > /foo/bar`))
+	cID := container.Run(ctx, t, client, container.WithCmd("sh", "-c", `mkdir /foo; echo xyzzy > /foo/bar`))
 
 	// Wait for it to exit as cannot diff a running container on Windows, and
 	// it will take a few seconds to exit. Also there's no way in Windows to
diff --git a/integration/container/exec_test.go b/integration/container/exec_test.go
index 8d23f6b1cc71c..5ef8a7506dbc0 100644
--- a/integration/container/exec_test.go
+++ b/integration/container/exec_test.go
@@ -2,27 +2,95 @@ package container // import "github.com/docker/docker/integration/container"
 
 import (
 	"context"
-	"io/ioutil"
+	"io"
 	"testing"
+	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
+// TestExecWithCloseStdin adds case for moby#37870 issue.
+func TestExecWithCloseStdin(t *testing.T) {
+	skip.If(t, testEnv.RuntimeIsWindowsContainerd(), "FIXME. Hang on Windows + containerd combination")
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.39"), "broken in earlier versions")
+	defer setupTest(t)()
+
+	ctx := context.Background()
+	client := testEnv.APIClient()
+
+	// run top with detached mode
+	cID := container.Run(ctx, t, client)
+
+	expected := "closeIO"
+	execResp, err := client.ContainerExecCreate(ctx, cID,
+		types.ExecConfig{
+			AttachStdin:  true,
+			AttachStdout: true,
+			Cmd:          strslice.StrSlice([]string{"sh", "-c", "cat && echo " + expected}),
+		},
+	)
+	assert.NilError(t, err)
+
+	resp, err := client.ContainerExecAttach(ctx, execResp.ID,
+		types.ExecStartCheck{
+			Detach: false,
+			Tty:    false,
+		},
+	)
+	assert.NilError(t, err)
+	defer resp.Close()
+
+	// close stdin to send EOF to cat
+	assert.NilError(t, resp.CloseWrite())
+
+	var (
+		waitCh = make(chan struct{})
+		resCh  = make(chan struct {
+			content string
+			err     error
+		}, 1)
+	)
+
+	go func() {
+		close(waitCh)
+		defer close(resCh)
+		r, err := io.ReadAll(resp.Reader)
+
+		resCh <- struct {
+			content string
+			err     error
+		}{
+			content: string(r),
+			err:     err,
+		}
+	}()
+
+	<-waitCh
+	select {
+	case <-time.After(3 * time.Second):
+		t.Fatal("failed to read the content in time")
+	case got := <-resCh:
+		assert.NilError(t, got.err)
+
+		// NOTE: using Contains because no-tty's stream contains UX information
+		// like size, stream type.
+		assert.Assert(t, is.Contains(got.content, expected))
+	}
+}
+
 func TestExec(t *testing.T) {
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.35"), "broken in earlier versions")
-	skip.If(t, testEnv.OSType == "windows", "FIXME. Probably needs to wait for container to be in running state.")
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
-	cID := container.Run(t, ctx, client, container.WithTty(true), container.WithWorkingDir("/root"))
+	cID := container.Run(ctx, t, client, container.WithTty(true), container.WithWorkingDir("/root"))
 
 	id, err := client.ContainerExecCreate(ctx, cID,
 		types.ExecConfig{
@@ -34,6 +102,10 @@ func TestExec(t *testing.T) {
 	)
 	assert.NilError(t, err)
 
+	inspect, err := client.ContainerExecInspect(ctx, id.ID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(inspect.ExecID, id.ID))
+
 	resp, err := client.ContainerExecAttach(ctx, id.ID,
 		types.ExecStartCheck{
 			Detach: false,
@@ -42,10 +114,29 @@ func TestExec(t *testing.T) {
 	)
 	assert.NilError(t, err)
 	defer resp.Close()
-	r, err := ioutil.ReadAll(resp.Reader)
+	r, err := io.ReadAll(resp.Reader)
 	assert.NilError(t, err)
 	out := string(r)
 	assert.NilError(t, err)
-	assert.Assert(t, is.Contains(out, "PWD=/tmp"), "exec command not running in expected /tmp working directory")
+	expected := "PWD=/tmp"
+	if testEnv.OSType == "windows" {
+		expected = "PWD=C:/tmp"
+	}
+	assert.Assert(t, is.Contains(out, expected), "exec command not running in expected /tmp working directory")
 	assert.Assert(t, is.Contains(out, "FOO=BAR"), "exec command not running with expected environment variable FOO")
 }
+
+func TestExecUser(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.39"), "broken in earlier versions")
+	skip.If(t, testEnv.OSType == "windows", "FIXME. Probably needs to wait for container to be in running state.")
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := testEnv.APIClient()
+
+	cID := container.Run(ctx, t, client, container.WithTty(true), container.WithUser("1:1"))
+
+	result, err := container.Exec(ctx, client, cID, []string{"id"})
+	assert.NilError(t, err)
+
+	assert.Assert(t, is.Contains(result.Stdout(), "uid=1(daemon) gid=1(daemon)"), "exec command not running as uid/gid 1")
+}
diff --git a/integration/container/export_test.go b/integration/container/export_test.go
index ed3a3305009e2..bcf85cf0c0966 100644
--- a/integration/container/export_test.go
+++ b/integration/container/export_test.go
@@ -3,19 +3,19 @@ package container // import "github.com/docker/docker/integration/container"
 import (
 	"context"
 	"encoding/json"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/jsonmessage"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 // export an image and try to import it into a new one
@@ -23,13 +23,13 @@ func TestExportContainerAndImportImage(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("true"))
+	cID := container.Run(ctx, t, client, container.WithCmd("true"))
 	poll.WaitOn(t, container.IsStopped(ctx, client, cID), poll.WithDelay(100*time.Millisecond))
 
-	reference := "repo/testexp:v1"
+	reference := "repo/" + strings.ToLower(t.Name()) + ":v1"
 	exportResp, err := client.ContainerExport(ctx, cID)
 	assert.NilError(t, err)
 	importResp, err := client.ImageImport(ctx, types.ImageImportSource{
@@ -59,20 +59,19 @@ func TestExportContainerAndImportImage(t *testing.T) {
 // condition, daemon restart is needed after container creation.
 func TestExportContainerAfterDaemonRestart(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 
 	d := daemon.New(t)
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	d.StartWithBusybox(t)
 	defer d.Stop(t)
 
 	ctx := context.Background()
-	ctrID := container.Create(t, ctx, client)
+	ctrID := container.Create(ctx, t, c)
 
 	d.Restart(t)
 
-	_, err = client.ContainerExport(ctx, ctrID)
+	_, err := c.ContainerExport(ctx, ctrID)
 	assert.NilError(t, err)
 }
diff --git a/integration/container/health_test.go b/integration/container/health_test.go
index b90e86e0c0afa..ad0245c6a80d4 100644
--- a/integration/container/health_test.go
+++ b/integration/container/health_test.go
@@ -9,9 +9,9 @@ import (
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 // TestHealthCheckWorkdir verifies that health-checks inherit the containers'
@@ -20,9 +20,9 @@ func TestHealthCheckWorkdir(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
-	cID := container.Run(t, ctx, client, container.WithTty(true), container.WithWorkingDir("/foo"), func(c *container.TestContainerConfig) {
+	cID := container.Run(ctx, t, client, container.WithTty(true), container.WithWorkingDir("/foo"), func(c *container.TestContainerConfig) {
 		c.Config.Healthcheck = &containertypes.HealthConfig{
 			Test:     []string{"CMD-SHELL", "if [ \"$PWD\" = \"/foo\" ]; then exit 0; else exit 1; fi;"},
 			Interval: 50 * time.Millisecond,
@@ -33,6 +33,66 @@ func TestHealthCheckWorkdir(t *testing.T) {
 	poll.WaitOn(t, pollForHealthStatus(ctx, client, cID, types.Healthy), poll.WithDelay(100*time.Millisecond))
 }
 
+// GitHub #37263
+// Do not stop healthchecks just because we sent a signal to the container
+func TestHealthKillContainer(t *testing.T) {
+	skip.If(t, testEnv.OSType == "windows", "Windows only supports SIGKILL and SIGTERM? See https://github.com/moby/moby/issues/39574")
+	defer setupTest(t)()
+
+	ctx := context.Background()
+	client := testEnv.APIClient()
+
+	id := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
+		cmd := `
+# Set the initial HEALTH value so the healthcheck passes
+HEALTH="1"
+echo $HEALTH > /health
+
+# Any time doHealth is run we flip the value
+# This lets us use kill signals to determine when healtchecks have run.
+doHealth() {
+	case "$HEALTH" in
+		"0")
+			HEALTH="1"
+			;;
+		"1")
+			HEALTH="0"
+			;;
+	esac
+	echo $HEALTH > /health
+}
+
+trap 'doHealth' USR1
+
+while true; do sleep 1; done
+`
+		c.Config.Cmd = []string{"/bin/sh", "-c", cmd}
+		c.Config.Healthcheck = &containertypes.HealthConfig{
+			Test:     []string{"CMD-SHELL", `[ "$(cat /health)" = "1" ]`},
+			Interval: time.Second,
+			Retries:  5,
+		}
+	})
+
+	ctxPoll, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+	poll.WaitOn(t, pollForHealthStatus(ctxPoll, client, id, "healthy"), poll.WithDelay(100*time.Millisecond))
+
+	err := client.ContainerKill(ctx, id, "SIGUSR1")
+	assert.NilError(t, err)
+
+	ctxPoll, cancel = context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+	poll.WaitOn(t, pollForHealthStatus(ctxPoll, client, id, "unhealthy"), poll.WithDelay(100*time.Millisecond))
+
+	err = client.ContainerKill(ctx, id, "SIGUSR1")
+	assert.NilError(t, err)
+
+	ctxPoll, cancel = context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+	poll.WaitOn(t, pollForHealthStatus(ctxPoll, client, id, "healthy"), poll.WithDelay(100*time.Millisecond))
+}
+
 func pollForHealthStatus(ctx context.Context, client client.APIClient, containerID string, healthStatus string) func(log poll.LogT) poll.Result {
 	return func(log poll.LogT) poll.Result {
 		inspect, err := client.ContainerInspect(ctx, containerID)
diff --git a/integration/container/inspect_test.go b/integration/container/inspect_test.go
index 11f78b9d40308..f8606a3b09c78 100644
--- a/integration/container/inspect_test.go
+++ b/integration/container/inspect_test.go
@@ -3,16 +3,17 @@ package container // import "github.com/docker/docker/integration/container"
 import (
 	"context"
 	"encoding/json"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestInspectCpusetInConfigPre120(t *testing.T) {
@@ -22,9 +23,9 @@ func TestInspectCpusetInConfigPre120(t *testing.T) {
 	client := request.NewAPIClient(t, client.WithVersion("1.19"))
 	ctx := context.Background()
 
-	name := "cpusetinconfig-pre120-" + t.Name()
+	name := strings.ToLower(t.Name())
 	// Create container with up to-date-API
-	container.Run(t, ctx, request.NewAPIClient(t), container.WithName(name),
+	container.Run(ctx, t, request.NewAPIClient(t), container.WithName(name),
 		container.WithCmd("true"),
 		func(c *container.TestContainerConfig) {
 			c.HostConfig.Resources.CpusetCpus = "0"
diff --git a/integration/container/ipcmode_linux_test.go b/integration/container/ipcmode_linux_test.go
new file mode 100644
index 0000000000000..86b60e5f5b131
--- /dev/null
+++ b/integration/container/ipcmode_linux_test.go
@@ -0,0 +1,327 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"bufio"
+	"context"
+	"os"
+	"regexp"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
+	"gotest.tools/v3/skip"
+)
+
+// testIpcCheckDevExists checks whether a given mount (identified by its
+// major:minor pair from /proc/self/mountinfo) exists on the host system.
+//
+// The format of /proc/self/mountinfo is like:
+//
+// 29 23 0:24 / /dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw
+//       ^^^^\
+//            - this is the minor:major we look for
+func testIpcCheckDevExists(mm string) (bool, error) {
+	f, err := os.Open("/proc/self/mountinfo")
+	if err != nil {
+		return false, err
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		fields := strings.Fields(s.Text())
+		if len(fields) < 7 {
+			continue
+		}
+		if fields[2] == mm {
+			return true, nil
+		}
+	}
+
+	return false, s.Err()
+}
+
+// testIpcNonePrivateShareable is a helper function to test "none",
+// "private" and "shareable" modes.
+func testIpcNonePrivateShareable(t *testing.T, mode string, mustBeMounted bool, mustBeShared bool) {
+	defer setupTest(t)()
+
+	cfg := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"top"},
+	}
+	hostCfg := containertypes.HostConfig{
+		IpcMode: containertypes.IpcMode(mode),
+	}
+	client := testEnv.APIClient()
+	ctx := context.Background()
+
+	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, nil, "")
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(resp.Warnings), 0))
+
+	err = client.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	// get major:minor pair for /dev/shm from container's /proc/self/mountinfo
+	cmd := "awk '($5 == \"/dev/shm\") {printf $3}' /proc/self/mountinfo"
+	result, err := container.Exec(ctx, client, resp.ID, []string{"sh", "-c", cmd})
+	assert.NilError(t, err)
+	mm := result.Combined()
+	if !mustBeMounted {
+		assert.Check(t, is.Equal(mm, ""))
+		// no more checks to perform
+		return
+	}
+	assert.Check(t, is.Equal(true, regexp.MustCompile("^[0-9]+:[0-9]+$").MatchString(mm)))
+
+	shared, err := testIpcCheckDevExists(mm)
+	assert.NilError(t, err)
+	t.Logf("[testIpcPrivateShareable] ipcmode: %v, ipcdev: %v, shared: %v, mustBeShared: %v\n", mode, mm, shared, mustBeShared)
+	assert.Check(t, is.Equal(shared, mustBeShared))
+}
+
+// TestIpcModeNone checks the container "none" IPC mode
+// (--ipc none) works as expected. It makes sure there is no
+// /dev/shm mount inside the container.
+func TestIpcModeNone(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+
+	testIpcNonePrivateShareable(t, "none", false, false)
+}
+
+// TestAPIIpcModePrivate checks the container private IPC mode
+// (--ipc private) works as expected. It gets the minor:major pair
+// of /dev/shm mount from the container, and makes sure there is no
+// such pair on the host.
+func TestIpcModePrivate(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+
+	testIpcNonePrivateShareable(t, "private", true, false)
+}
+
+// TestAPIIpcModeShareable checks the container shareable IPC mode
+// (--ipc shareable) works as expected. It gets the minor:major pair
+// of /dev/shm mount from the container, and makes sure such pair
+// also exists on the host.
+func TestIpcModeShareable(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsRootless, "cannot test /dev/shm in rootless")
+
+	testIpcNonePrivateShareable(t, "shareable", true, true)
+}
+
+// testIpcContainer is a helper function to test --ipc container:NNN mode in various scenarios
+func testIpcContainer(t *testing.T, donorMode string, mustWork bool) {
+	t.Helper()
+
+	defer setupTest(t)()
+
+	cfg := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"top"},
+	}
+	hostCfg := containertypes.HostConfig{
+		IpcMode: containertypes.IpcMode(donorMode),
+	}
+	ctx := context.Background()
+	client := testEnv.APIClient()
+
+	// create and start the "donor" container
+	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, nil, "")
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(resp.Warnings), 0))
+	name1 := resp.ID
+
+	err = client.ContainerStart(ctx, name1, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	// create and start the second container
+	hostCfg.IpcMode = containertypes.IpcMode("container:" + name1)
+	resp, err = client.ContainerCreate(ctx, &cfg, &hostCfg, nil, nil, "")
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(resp.Warnings), 0))
+	name2 := resp.ID
+
+	err = client.ContainerStart(ctx, name2, types.ContainerStartOptions{})
+	if !mustWork {
+		// start should fail with a specific error
+		assert.Check(t, is.ErrorContains(err, "non-shareable IPC"))
+		// no more checks to perform here
+		return
+	}
+
+	// start should succeed
+	assert.NilError(t, err)
+
+	// check that IPC is shared
+	// 1. create a file in the first container
+	_, err = container.Exec(ctx, client, name1, []string{"sh", "-c", "printf covfefe > /dev/shm/bar"})
+	assert.NilError(t, err)
+	// 2. check it's the same file in the second one
+	result, err := container.Exec(ctx, client, name2, []string{"cat", "/dev/shm/bar"})
+	assert.NilError(t, err)
+	out := result.Combined()
+	assert.Check(t, is.Equal(true, regexp.MustCompile("^covfefe$").MatchString(out)))
+}
+
+// TestAPIIpcModeShareableAndPrivate checks that
+// 1) a container created with --ipc container:ID can use IPC of another shareable container.
+// 2) a container created with --ipc container:ID can NOT use IPC of another private container.
+func TestAPIIpcModeShareableAndContainer(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+
+	testIpcContainer(t, "shareable", true)
+
+	testIpcContainer(t, "private", false)
+}
+
+/* TestAPIIpcModeHost checks that a container created with --ipc host
+ * can use IPC of the host system.
+ */
+func TestAPIIpcModeHost(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsUserNamespace)
+	skip.If(t, testEnv.IsRootless, "cannot test /dev/shm in rootless")
+
+	cfg := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"top"},
+	}
+	hostCfg := containertypes.HostConfig{
+		IpcMode: containertypes.IPCModeHost,
+	}
+	ctx := context.Background()
+
+	client := testEnv.APIClient()
+	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, nil, "")
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(resp.Warnings), 0))
+	name := resp.ID
+
+	err = client.ContainerStart(ctx, name, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	// check that IPC is shared
+	// 1. create a file inside container
+	_, err = container.Exec(ctx, client, name, []string{"sh", "-c", "printf covfefe > /dev/shm/." + name})
+	assert.NilError(t, err)
+	// 2. check it's the same on the host
+	bytes, err := os.ReadFile("/dev/shm/." + name)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("covfefe", string(bytes)))
+	// 3. clean up
+	_, err = container.Exec(ctx, client, name, []string{"rm", "-f", "/dev/shm/." + name})
+	assert.NilError(t, err)
+}
+
+// testDaemonIpcPrivateShareable is a helper function to test "private" and "shareable" daemon default ipc modes.
+func testDaemonIpcPrivateShareable(t *testing.T, mustBeShared bool, arg ...string) {
+	defer setupTest(t)()
+
+	d := daemon.New(t)
+	d.StartWithBusybox(t, arg...)
+	defer d.Stop(t)
+
+	c := d.NewClientT(t)
+
+	cfg := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"top"},
+	}
+	ctx := context.Background()
+
+	resp, err := c.ContainerCreate(ctx, &cfg, &containertypes.HostConfig{}, nil, nil, "")
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(resp.Warnings), 0))
+
+	err = c.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	// get major:minor pair for /dev/shm from container's /proc/self/mountinfo
+	cmd := "awk '($5 == \"/dev/shm\") {printf $3}' /proc/self/mountinfo"
+	result, err := container.Exec(ctx, c, resp.ID, []string{"sh", "-c", cmd})
+	assert.NilError(t, err)
+	mm := result.Combined()
+	assert.Check(t, is.Equal(true, regexp.MustCompile("^[0-9]+:[0-9]+$").MatchString(mm)))
+
+	shared, err := testIpcCheckDevExists(mm)
+	assert.NilError(t, err)
+	t.Logf("[testDaemonIpcPrivateShareable] ipcdev: %v, shared: %v, mustBeShared: %v\n", mm, shared, mustBeShared)
+	assert.Check(t, is.Equal(shared, mustBeShared))
+}
+
+// TestDaemonIpcModeShareable checks that --default-ipc-mode shareable works as intended.
+func TestDaemonIpcModeShareable(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsRootless, "cannot test /dev/shm in rootless")
+
+	testDaemonIpcPrivateShareable(t, true, "--default-ipc-mode", "shareable")
+}
+
+// TestDaemonIpcModePrivate checks that --default-ipc-mode private works as intended.
+func TestDaemonIpcModePrivate(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+
+	testDaemonIpcPrivateShareable(t, false, "--default-ipc-mode", "private")
+}
+
+// used to check if an IpcMode given in config works as intended
+func testDaemonIpcFromConfig(t *testing.T, mode string, mustExist bool) {
+	skip.If(t, testEnv.IsRootless, "cannot test /dev/shm in rootless")
+	config := `{"default-ipc-mode": "` + mode + `"}`
+	file := fs.NewFile(t, "test-daemon-ipc-config", fs.WithContent(config))
+	defer file.Remove()
+
+	testDaemonIpcPrivateShareable(t, mustExist, "--config-file", file.Path())
+}
+
+// TestDaemonIpcModePrivateFromConfig checks that "default-ipc-mode: private" config works as intended.
+func TestDaemonIpcModePrivateFromConfig(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+
+	testDaemonIpcFromConfig(t, "private", false)
+}
+
+// TestDaemonIpcModeShareableFromConfig checks that "default-ipc-mode: shareable" config works as intended.
+func TestDaemonIpcModeShareableFromConfig(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+
+	testDaemonIpcFromConfig(t, "shareable", true)
+}
+
+// TestIpcModeOlderClient checks that older client gets shareable IPC mode
+// by default, even when the daemon default is private.
+func TestIpcModeOlderClient(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "requires a daemon with DefaultIpcMode: private")
+	c := testEnv.APIClient()
+	skip.If(t, versions.LessThan(c.ClientVersion(), "1.40"), "requires client API >= 1.40")
+
+	t.Parallel()
+
+	ctx := context.Background()
+
+	// pre-check: default ipc mode in daemon is private
+	cID := container.Create(ctx, t, c, container.WithAutoRemove)
+
+	inspect, err := c.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "private"))
+
+	// main check: using older client creates "shareable" container
+	c = request.NewAPIClient(t, client.WithVersion("1.39"))
+	cID = container.Create(ctx, t, c, container.WithAutoRemove)
+
+	inspect, err = c.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "shareable"))
+}
diff --git a/integration/container/ipcmode_test.go b/integration/container/ipcmode_test.go
deleted file mode 100644
index 7f4f818cfd400..0000000000000
--- a/integration/container/ipcmode_test.go
+++ /dev/null
@@ -1,295 +0,0 @@
-package container // import "github.com/docker/docker/integration/container"
-
-import (
-	"bufio"
-	"context"
-	"io/ioutil"
-	"os"
-	"regexp"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/api/types"
-	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
-	"gotest.tools/skip"
-)
-
-// testIpcCheckDevExists checks whether a given mount (identified by its
-// major:minor pair from /proc/self/mountinfo) exists on the host system.
-//
-// The format of /proc/self/mountinfo is like:
-//
-// 29 23 0:24 / /dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw
-//       ^^^^\
-//            - this is the minor:major we look for
-func testIpcCheckDevExists(mm string) (bool, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return false, err
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		fields := strings.Fields(s.Text())
-		if len(fields) < 7 {
-			continue
-		}
-		if fields[2] == mm {
-			return true, nil
-		}
-	}
-
-	return false, s.Err()
-}
-
-// testIpcNonePrivateShareable is a helper function to test "none",
-// "private" and "shareable" modes.
-func testIpcNonePrivateShareable(t *testing.T, mode string, mustBeMounted bool, mustBeShared bool) {
-	defer setupTest(t)()
-
-	cfg := containertypes.Config{
-		Image: "busybox",
-		Cmd:   []string{"top"},
-	}
-	hostCfg := containertypes.HostConfig{
-		IpcMode: containertypes.IpcMode(mode),
-	}
-	client := request.NewAPIClient(t)
-	ctx := context.Background()
-
-	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, "")
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(len(resp.Warnings), 0))
-
-	err = client.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{})
-	assert.NilError(t, err)
-
-	// get major:minor pair for /dev/shm from container's /proc/self/mountinfo
-	cmd := "awk '($5 == \"/dev/shm\") {printf $3}' /proc/self/mountinfo"
-	result, err := container.Exec(ctx, client, resp.ID, []string{"sh", "-c", cmd})
-	assert.NilError(t, err)
-	mm := result.Combined()
-	if !mustBeMounted {
-		assert.Check(t, is.Equal(mm, ""))
-		// no more checks to perform
-		return
-	}
-	assert.Check(t, is.Equal(true, regexp.MustCompile("^[0-9]+:[0-9]+$").MatchString(mm)))
-
-	shared, err := testIpcCheckDevExists(mm)
-	assert.NilError(t, err)
-	t.Logf("[testIpcPrivateShareable] ipcmode: %v, ipcdev: %v, shared: %v, mustBeShared: %v\n", mode, mm, shared, mustBeShared)
-	assert.Check(t, is.Equal(shared, mustBeShared))
-}
-
-// TestIpcModeNone checks the container "none" IPC mode
-// (--ipc none) works as expected. It makes sure there is no
-// /dev/shm mount inside the container.
-func TestIpcModeNone(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
-
-	testIpcNonePrivateShareable(t, "none", false, false)
-}
-
-// TestAPIIpcModePrivate checks the container private IPC mode
-// (--ipc private) works as expected. It gets the minor:major pair
-// of /dev/shm mount from the container, and makes sure there is no
-// such pair on the host.
-func TestIpcModePrivate(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
-
-	testIpcNonePrivateShareable(t, "private", true, false)
-}
-
-// TestAPIIpcModeShareable checks the container shareable IPC mode
-// (--ipc shareable) works as expected. It gets the minor:major pair
-// of /dev/shm mount from the container, and makes sure such pair
-// also exists on the host.
-func TestIpcModeShareable(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
-
-	testIpcNonePrivateShareable(t, "shareable", true, true)
-}
-
-// testIpcContainer is a helper function to test --ipc container:NNN mode in various scenarios
-func testIpcContainer(t *testing.T, donorMode string, mustWork bool) {
-	t.Helper()
-
-	defer setupTest(t)()
-
-	cfg := containertypes.Config{
-		Image: "busybox",
-		Cmd:   []string{"top"},
-	}
-	hostCfg := containertypes.HostConfig{
-		IpcMode: containertypes.IpcMode(donorMode),
-	}
-	ctx := context.Background()
-	client := request.NewAPIClient(t)
-
-	// create and start the "donor" container
-	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, "")
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(len(resp.Warnings), 0))
-	name1 := resp.ID
-
-	err = client.ContainerStart(ctx, name1, types.ContainerStartOptions{})
-	assert.NilError(t, err)
-
-	// create and start the second container
-	hostCfg.IpcMode = containertypes.IpcMode("container:" + name1)
-	resp, err = client.ContainerCreate(ctx, &cfg, &hostCfg, nil, "")
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(len(resp.Warnings), 0))
-	name2 := resp.ID
-
-	err = client.ContainerStart(ctx, name2, types.ContainerStartOptions{})
-	if !mustWork {
-		// start should fail with a specific error
-		assert.Check(t, is.ErrorContains(err, "non-shareable IPC"))
-		// no more checks to perform here
-		return
-	}
-
-	// start should succeed
-	assert.NilError(t, err)
-
-	// check that IPC is shared
-	// 1. create a file in the first container
-	_, err = container.Exec(ctx, client, name1, []string{"sh", "-c", "printf covfefe > /dev/shm/bar"})
-	assert.NilError(t, err)
-	// 2. check it's the same file in the second one
-	result, err := container.Exec(ctx, client, name2, []string{"cat", "/dev/shm/bar"})
-	assert.NilError(t, err)
-	out := result.Combined()
-	assert.Check(t, is.Equal(true, regexp.MustCompile("^covfefe$").MatchString(out)))
-}
-
-// TestAPIIpcModeShareableAndPrivate checks that
-// 1) a container created with --ipc container:ID can use IPC of another shareable container.
-// 2) a container created with --ipc container:ID can NOT use IPC of another private container.
-func TestAPIIpcModeShareableAndContainer(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
-
-	testIpcContainer(t, "shareable", true)
-
-	testIpcContainer(t, "private", false)
-}
-
-/* TestAPIIpcModeHost checks that a container created with --ipc host
- * can use IPC of the host system.
- */
-func TestAPIIpcModeHost(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon() || testEnv.IsUserNamespace())
-
-	cfg := containertypes.Config{
-		Image: "busybox",
-		Cmd:   []string{"top"},
-	}
-	hostCfg := containertypes.HostConfig{
-		IpcMode: containertypes.IpcMode("host"),
-	}
-	ctx := context.Background()
-
-	client := testEnv.APIClient()
-	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, "")
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(len(resp.Warnings), 0))
-	name := resp.ID
-
-	err = client.ContainerStart(ctx, name, types.ContainerStartOptions{})
-	assert.NilError(t, err)
-
-	// check that IPC is shared
-	// 1. create a file inside container
-	_, err = container.Exec(ctx, client, name, []string{"sh", "-c", "printf covfefe > /dev/shm/." + name})
-	assert.NilError(t, err)
-	// 2. check it's the same on the host
-	bytes, err := ioutil.ReadFile("/dev/shm/." + name)
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal("covfefe", string(bytes)))
-	// 3. clean up
-	_, err = container.Exec(ctx, client, name, []string{"rm", "-f", "/dev/shm/." + name})
-	assert.NilError(t, err)
-}
-
-// testDaemonIpcPrivateShareable is a helper function to test "private" and "shareable" daemon default ipc modes.
-func testDaemonIpcPrivateShareable(t *testing.T, mustBeShared bool, arg ...string) {
-	defer setupTest(t)()
-
-	d := daemon.New(t)
-	d.StartWithBusybox(t, arg...)
-	defer d.Stop(t)
-
-	client, err := d.NewClient()
-	assert.Check(t, err, "error creating client")
-
-	cfg := containertypes.Config{
-		Image: "busybox",
-		Cmd:   []string{"top"},
-	}
-	ctx := context.Background()
-
-	resp, err := client.ContainerCreate(ctx, &cfg, &containertypes.HostConfig{}, nil, "")
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(len(resp.Warnings), 0))
-
-	err = client.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{})
-	assert.NilError(t, err)
-
-	// get major:minor pair for /dev/shm from container's /proc/self/mountinfo
-	cmd := "awk '($5 == \"/dev/shm\") {printf $3}' /proc/self/mountinfo"
-	result, err := container.Exec(ctx, client, resp.ID, []string{"sh", "-c", cmd})
-	assert.NilError(t, err)
-	mm := result.Combined()
-	assert.Check(t, is.Equal(true, regexp.MustCompile("^[0-9]+:[0-9]+$").MatchString(mm)))
-
-	shared, err := testIpcCheckDevExists(mm)
-	assert.NilError(t, err)
-	t.Logf("[testDaemonIpcPrivateShareable] ipcdev: %v, shared: %v, mustBeShared: %v\n", mm, shared, mustBeShared)
-	assert.Check(t, is.Equal(shared, mustBeShared))
-}
-
-// TestDaemonIpcModeShareable checks that --default-ipc-mode shareable works as intended.
-func TestDaemonIpcModeShareable(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
-
-	testDaemonIpcPrivateShareable(t, true, "--default-ipc-mode", "shareable")
-}
-
-// TestDaemonIpcModePrivate checks that --default-ipc-mode private works as intended.
-func TestDaemonIpcModePrivate(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
-
-	testDaemonIpcPrivateShareable(t, false, "--default-ipc-mode", "private")
-}
-
-// used to check if an IpcMode given in config works as intended
-func testDaemonIpcFromConfig(t *testing.T, mode string, mustExist bool) {
-	config := `{"default-ipc-mode": "` + mode + `"}`
-	file := fs.NewFile(t, "test-daemon-ipc-config", fs.WithContent(config))
-	defer file.Remove()
-
-	testDaemonIpcPrivateShareable(t, mustExist, "--config-file", file.Path())
-}
-
-// TestDaemonIpcModePrivateFromConfig checks that "default-ipc-mode: private" config works as intended.
-func TestDaemonIpcModePrivateFromConfig(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
-
-	testDaemonIpcFromConfig(t, "private", false)
-}
-
-// TestDaemonIpcModeShareableFromConfig checks that "default-ipc-mode: shareable" config works as intended.
-func TestDaemonIpcModeShareableFromConfig(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
-
-	testDaemonIpcFromConfig(t, "shareable", true)
-}
diff --git a/integration/container/kill_test.go b/integration/container/kill_test.go
index 0b51b5163ca4f..50bc72063c0ce 100644
--- a/integration/container/kill_test.go
+++ b/integration/container/kill_test.go
@@ -5,63 +5,68 @@ import (
 	"testing"
 	"time"
 
-	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestKillContainerInvalidSignal(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
-	id := container.Run(t, ctx, client)
+	id := container.Run(ctx, t, client)
 
 	err := client.ContainerKill(ctx, id, "0")
-	assert.Error(t, err, "Error response from daemon: Invalid signal: 0")
+	assert.ErrorContains(t, err, "Error response from daemon:")
+	assert.ErrorContains(t, err, "nvalid signal: 0") // match "(I|i)nvalid" case-insensitive to allow testing against older daemons.
 	poll.WaitOn(t, container.IsInState(ctx, client, id, "running"), poll.WithDelay(100*time.Millisecond))
 
 	err = client.ContainerKill(ctx, id, "SIG42")
-	assert.Error(t, err, "Error response from daemon: Invalid signal: SIG42")
+	assert.ErrorContains(t, err, "Error response from daemon:")
+	assert.ErrorContains(t, err, "nvalid signal: SIG42") // match "(I|i)nvalid" case-insensitive to allow testing against older daemons.
 	poll.WaitOn(t, container.IsInState(ctx, client, id, "running"), poll.WithDelay(100*time.Millisecond))
 }
 
 func TestKillContainer(t *testing.T) {
-	skip.If(t, testEnv.OSType == "windows", "TODO Windows: FIXME. No SIGWINCH")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	testCases := []struct {
 		doc    string
 		signal string
 		status string
+		skipOs string
 	}{
 		{
 			doc:    "no signal",
 			signal: "",
 			status: "exited",
+			skipOs: "",
 		},
 		{
 			doc:    "non killing signal",
 			signal: "SIGWINCH",
 			status: "running",
+			skipOs: "windows",
 		},
 		{
 			doc:    "killing signal",
 			signal: "SIGTERM",
 			status: "exited",
+			skipOs: "",
 		},
 	}
 
 	for _, tc := range testCases {
 		tc := tc
 		t.Run(tc.doc, func(t *testing.T) {
+			skip.If(t, testEnv.OSType == tc.skipOs, "Windows does not support SIGWINCH")
 			ctx := context.Background()
-			id := container.Run(t, ctx, client)
+			id := container.Run(ctx, t, client)
 			err := client.ContainerKill(ctx, id, tc.signal)
 			assert.NilError(t, err)
 
@@ -73,7 +78,7 @@ func TestKillContainer(t *testing.T) {
 func TestKillWithStopSignalAndRestartPolicies(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows", "Windows only supports 1.25 or later")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	testCases := []struct {
 		doc        string
@@ -96,12 +101,11 @@ func TestKillWithStopSignalAndRestartPolicies(t *testing.T) {
 		tc := tc
 		t.Run(tc.doc, func(t *testing.T) {
 			ctx := context.Background()
-			id := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
-				c.Config.StopSignal = tc.stopsignal
-				c.HostConfig.RestartPolicy = containertypes.RestartPolicy{
-					Name: "always",
-				}
-			})
+			id := container.Run(ctx, t, client,
+				container.WithRestartPolicy("always"),
+				func(c *container.TestContainerConfig) {
+					c.Config.StopSignal = tc.stopsignal
+				})
 			err := client.ContainerKill(ctx, id, "TERM")
 			assert.NilError(t, err)
 
@@ -114,8 +118,8 @@ func TestKillStoppedContainer(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows", "Windows only supports 1.25 or later")
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
-	id := container.Create(t, ctx, client)
+	client := testEnv.APIClient()
+	id := container.Create(ctx, t, client)
 	err := client.ContainerKill(ctx, id, "SIGKILL")
 	assert.Assert(t, is.ErrorContains(err, ""))
 	assert.Assert(t, is.Contains(err.Error(), "is not running"))
@@ -126,7 +130,7 @@ func TestKillStoppedContainerAPIPre120(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
 	client := request.NewAPIClient(t, client.WithVersion("1.19"))
-	id := container.Create(t, ctx, client)
+	id := container.Create(ctx, t, client)
 	err := client.ContainerKill(ctx, id, "SIGKILL")
 	assert.NilError(t, err)
 }
@@ -139,7 +143,7 @@ func TestKillDifferentUserContainer(t *testing.T) {
 	ctx := context.Background()
 	client := request.NewAPIClient(t, client.WithVersion("1.19"))
 
-	id := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+	id := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
 		c.Config.User = "daemon"
 	})
 	poll.WaitOn(t, container.IsInState(ctx, client, id, "running"), poll.WithDelay(100*time.Millisecond))
@@ -150,13 +154,16 @@ func TestKillDifferentUserContainer(t *testing.T) {
 }
 
 func TestInspectOomKilledTrue(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows" || !testEnv.DaemonInfo.MemoryLimit || !testEnv.DaemonInfo.SwapLimit)
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
+	skip.If(t, !testEnv.DaemonInfo.MemoryLimit || !testEnv.DaemonInfo.SwapLimit)
+	skip.If(t, testEnv.DaemonInfo.CgroupVersion == "2", "FIXME: flaky on cgroup v2 (https://github.com/moby/moby/issues/41929)")
 
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", "x=a; while true; do x=$x$x$x$x; done"), func(c *container.TestContainerConfig) {
+	cID := container.Run(ctx, t, client, container.WithCmd("sh", "-c", "x=a; while true; do x=$x$x$x$x; done"), func(c *container.TestContainerConfig) {
 		c.HostConfig.Resources.Memory = 32 * 1024 * 1024
 	})
 
@@ -172,9 +179,9 @@ func TestInspectOomKilledFalse(t *testing.T) {
 
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", "echo hello world"))
+	cID := container.Run(ctx, t, client, container.WithCmd("sh", "-c", "echo hello world"))
 
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
 
diff --git a/integration/container/links_linux_test.go b/integration/container/links_linux_test.go
index 775bf6d365b17..3f038d8b90636 100644
--- a/integration/container/links_linux_test.go
+++ b/integration/container/links_linux_test.go
@@ -2,30 +2,29 @@ package container // import "github.com/docker/docker/integration/container"
 
 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestLinksEtcHostsContentMatch(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of /etc/hosts")
 
-	hosts, err := ioutil.ReadFile("/etc/hosts")
+	hosts, err := os.ReadFile("/etc/hosts")
 	skip.If(t, os.IsNotExist(err))
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, container.WithNetworkMode("host"))
+	cID := container.Run(ctx, t, client, container.WithNetworkMode("host"))
 	res, err := container.Exec(ctx, client, cID, []string{"cat", "/etc/hosts"})
 	assert.NilError(t, err)
 	assert.Assert(t, is.Len(res.Stderr(), 0))
@@ -38,13 +37,13 @@ func TestLinksContainerNames(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	containerA := "first_" + t.Name()
 	containerB := "second_" + t.Name()
-	container.Run(t, ctx, client, container.WithName(containerA))
-	container.Run(t, ctx, client, container.WithName(containerB), container.WithLinks(containerA+":"+containerA))
+	container.Run(ctx, t, client, container.WithName(containerA))
+	container.Run(ctx, t, client, container.WithName(containerB), container.WithLinks(containerA+":"+containerA))
 
 	f := filters.NewArgs(filters.Arg("name", containerA))
 
diff --git a/integration/container/logs_test.go b/integration/container/logs_test.go
index 68fbe13a73709..837c75ac08a01 100644
--- a/integration/container/logs_test.go
+++ b/integration/container/logs_test.go
@@ -2,27 +2,26 @@ package container // import "github.com/docker/docker/integration/container"
 
 import (
 	"context"
-	"io/ioutil"
+	"io"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/stdcopy"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 // Regression test for #35370
 // Makes sure that when following we don't get an EOF error when there are no logs
 func TestLogsFollowTailEmpty(t *testing.T) {
 	// FIXME(vdemeester) fails on a e2e run on linux...
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	id := container.Run(t, ctx, client, container.WithCmd("sleep", "100000"))
+	id := container.Run(ctx, t, client, container.WithCmd("sleep", "100000"))
 
 	logs, err := client.ContainerLogs(ctx, id, types.ContainerLogsOptions{ShowStdout: true, Tail: "2"})
 	if logs != nil {
@@ -30,6 +29,6 @@ func TestLogsFollowTailEmpty(t *testing.T) {
 	}
 	assert.Check(t, err)
 
-	_, err = stdcopy.StdCopy(ioutil.Discard, ioutil.Discard, logs)
+	_, err = stdcopy.StdCopy(io.Discard, io.Discard, logs)
 	assert.Check(t, err)
 }
diff --git a/integration/container/main_test.go b/integration/container/main_test.go
index fb87fddcc260f..bb7b2eb02f5da 100644
--- a/integration/container/main_test.go
+++ b/integration/container/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/container/mounts_linux_test.go b/integration/container/mounts_linux_test.go
index 8e7e663fd4f7c..3c7aabda24578 100644
--- a/integration/container/mounts_linux_test.go
+++ b/integration/container/mounts_linux_test.go
@@ -5,23 +5,28 @@ import (
 	"fmt"
 	"path/filepath"
 	"testing"
+	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/mount"
+	containertypes "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/integration/internal/container"
 	"github.com/docker/docker/pkg/system"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
-	"gotest.tools/skip"
+	"github.com/moby/sys/mount"
+	"github.com/moby/sys/mountinfo"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestContainerNetworkMountsNoChown(t *testing.T) {
 	// chown only applies to Linux bind mounted volumes; must be same host to verify
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows" || testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 
 	defer setupTest(t)()
 
@@ -32,11 +37,11 @@ func TestContainerNetworkMountsNoChown(t *testing.T) {
 
 	tmpNWFileMount := tmpDir.Join("nwfile")
 
-	config := container.Config{
+	config := containertypes.Config{
 		Image: "busybox",
 	}
-	hostConfig := container.HostConfig{
-		Mounts: []mount.Mount{
+	hostConfig := containertypes.HostConfig{
+		Mounts: []mounttypes.Mount{
 			{
 				Type:   "bind",
 				Source: tmpNWFileMount,
@@ -55,11 +60,11 @@ func TestContainerNetworkMountsNoChown(t *testing.T) {
 		},
 	}
 
-	cli, err := client.NewEnvClient()
+	cli, err := client.NewClientWithOpts(client.FromEnv)
 	assert.NilError(t, err)
 	defer cli.Close()
 
-	ctrCreate, err := cli.ContainerCreate(ctx, &config, &hostConfig, &network.NetworkingConfig{}, "")
+	ctrCreate, err := cli.ContainerCreate(ctx, &config, &hostConfig, &network.NetworkingConfig{}, nil, "")
 	assert.NilError(t, err)
 	// container will exit immediately because of no tty, but we only need the start sequence to test the condition
 	err = cli.ContainerStart(ctx, ctrCreate.ID, types.ContainerStartOptions{})
@@ -81,10 +86,10 @@ func TestContainerNetworkMountsNoChown(t *testing.T) {
 }
 
 func TestMountDaemonRoot(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows" || testEnv.IsRemoteDaemon())
-	t.Parallel()
+	skip.If(t, testEnv.IsRemoteDaemon)
 
-	client := request.NewAPIClient(t)
+	defer setupTest(t)()
+	client := testEnv.APIClient()
 	ctx := context.Background()
 	info, err := client.Info(ctx)
 	if err != nil {
@@ -93,39 +98,39 @@ func TestMountDaemonRoot(t *testing.T) {
 
 	for _, test := range []struct {
 		desc        string
-		propagation mount.Propagation
-		expected    mount.Propagation
+		propagation mounttypes.Propagation
+		expected    mounttypes.Propagation
 	}{
 		{
 			desc:        "default",
 			propagation: "",
-			expected:    mount.PropagationRSlave,
+			expected:    mounttypes.PropagationRSlave,
 		},
 		{
 			desc:        "private",
-			propagation: mount.PropagationPrivate,
+			propagation: mounttypes.PropagationPrivate,
 		},
 		{
 			desc:        "rprivate",
-			propagation: mount.PropagationRPrivate,
+			propagation: mounttypes.PropagationRPrivate,
 		},
 		{
 			desc:        "slave",
-			propagation: mount.PropagationSlave,
+			propagation: mounttypes.PropagationSlave,
 		},
 		{
 			desc:        "rslave",
-			propagation: mount.PropagationRSlave,
-			expected:    mount.PropagationRSlave,
+			propagation: mounttypes.PropagationRSlave,
+			expected:    mounttypes.PropagationRSlave,
 		},
 		{
 			desc:        "shared",
-			propagation: mount.PropagationShared,
+			propagation: mounttypes.PropagationShared,
 		},
 		{
 			desc:        "rshared",
-			propagation: mount.PropagationRShared,
-			expected:    mount.PropagationRShared,
+			propagation: mounttypes.PropagationRShared,
+			expected:    mounttypes.PropagationRShared,
 		},
 	} {
 		t.Run(test.desc, func(t *testing.T) {
@@ -139,26 +144,26 @@ func TestMountDaemonRoot(t *testing.T) {
 			bindSpecRoot := info.DockerRootDir + ":" + "/foo" + propagationSpec
 			bindSpecSub := filepath.Join(info.DockerRootDir, "containers") + ":/foo" + propagationSpec
 
-			for name, hc := range map[string]*container.HostConfig{
+			for name, hc := range map[string]*containertypes.HostConfig{
 				"bind root":    {Binds: []string{bindSpecRoot}},
 				"bind subpath": {Binds: []string{bindSpecSub}},
 				"mount root": {
-					Mounts: []mount.Mount{
+					Mounts: []mounttypes.Mount{
 						{
-							Type:        mount.TypeBind,
+							Type:        mounttypes.TypeBind,
 							Source:      info.DockerRootDir,
 							Target:      "/foo",
-							BindOptions: &mount.BindOptions{Propagation: test.propagation},
+							BindOptions: &mounttypes.BindOptions{Propagation: test.propagation},
 						},
 					},
 				},
 				"mount subpath": {
-					Mounts: []mount.Mount{
+					Mounts: []mounttypes.Mount{
 						{
-							Type:        mount.TypeBind,
+							Type:        mounttypes.TypeBind,
 							Source:      filepath.Join(info.DockerRootDir, "containers"),
 							Target:      "/foo",
-							BindOptions: &mount.BindOptions{Propagation: test.propagation},
+							BindOptions: &mounttypes.BindOptions{Propagation: test.propagation},
 						},
 					},
 				},
@@ -167,10 +172,10 @@ func TestMountDaemonRoot(t *testing.T) {
 					hc := hc
 					t.Parallel()
 
-					c, err := client.ContainerCreate(ctx, &container.Config{
+					c, err := client.ContainerCreate(ctx, &containertypes.Config{
 						Image: "busybox",
 						Cmd:   []string{"true"},
-					}, hc, nil, "")
+					}, hc, nil, nil, "")
 
 					if err != nil {
 						if test.expected != "" {
@@ -206,3 +211,183 @@ func TestMountDaemonRoot(t *testing.T) {
 		})
 	}
 }
+
+func TestContainerBindMountNonRecursive(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "BindOptions.NonRecursive requires API v1.40")
+	skip.If(t, testEnv.IsRootless, "cannot be tested because RootlessKit executes the daemon in private mount namespace (https://github.com/rootless-containers/rootlesskit/issues/97)")
+
+	defer setupTest(t)()
+
+	tmpDir1 := fs.NewDir(t, "tmpdir1", fs.WithMode(0755),
+		fs.WithDir("mnt", fs.WithMode(0755)))
+	defer tmpDir1.Remove()
+	tmpDir1Mnt := filepath.Join(tmpDir1.Path(), "mnt")
+	tmpDir2 := fs.NewDir(t, "tmpdir2", fs.WithMode(0755),
+		fs.WithFile("file", "should not be visible when NonRecursive", fs.WithMode(0644)))
+	defer tmpDir2.Remove()
+
+	err := mount.Mount(tmpDir2.Path(), tmpDir1Mnt, "none", "bind,ro")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := mount.Unmount(tmpDir1Mnt); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// implicit is recursive (NonRecursive: false)
+	implicit := mounttypes.Mount{
+		Type:     "bind",
+		Source:   tmpDir1.Path(),
+		Target:   "/foo",
+		ReadOnly: true,
+	}
+	recursive := implicit
+	recursive.BindOptions = &mounttypes.BindOptions{
+		NonRecursive: false,
+	}
+	recursiveVerifier := []string{"test", "-f", "/foo/mnt/file"}
+	nonRecursive := implicit
+	nonRecursive.BindOptions = &mounttypes.BindOptions{
+		NonRecursive: true,
+	}
+	nonRecursiveVerifier := []string{"test", "!", "-f", "/foo/mnt/file"}
+
+	ctx := context.Background()
+	client := testEnv.APIClient()
+	containers := []string{
+		container.Run(ctx, t, client, container.WithMount(implicit), container.WithCmd(recursiveVerifier...)),
+		container.Run(ctx, t, client, container.WithMount(recursive), container.WithCmd(recursiveVerifier...)),
+		container.Run(ctx, t, client, container.WithMount(nonRecursive), container.WithCmd(nonRecursiveVerifier...)),
+	}
+
+	for _, c := range containers {
+		poll.WaitOn(t, container.IsSuccessful(ctx, client, c), poll.WithDelay(100*time.Millisecond))
+	}
+}
+
+func TestContainerVolumesMountedAsShared(t *testing.T) {
+	// Volume propagation is linux only. Also it creates directories for
+	// bind mounting, so needs to be same host.
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsUserNamespace)
+	skip.If(t, testEnv.IsRootless, "cannot be tested because RootlessKit executes the daemon in private mount namespace (https://github.com/rootless-containers/rootlesskit/issues/97)")
+
+	defer setupTest(t)()
+
+	// Prepare a source directory to bind mount
+	tmpDir1 := fs.NewDir(t, "volume-source", fs.WithMode(0755),
+		fs.WithDir("mnt1", fs.WithMode(0755)))
+	defer tmpDir1.Remove()
+	tmpDir1Mnt := filepath.Join(tmpDir1.Path(), "mnt1")
+
+	// Convert this directory into a shared mount point so that we do
+	// not rely on propagation properties of parent mount.
+	if err := mount.MakePrivate(tmpDir1.Path()); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := mount.Unmount(tmpDir1.Path()); err != nil {
+			t.Fatal(err)
+		}
+	}()
+	if err := mount.MakeShared(tmpDir1.Path()); err != nil {
+		t.Fatal(err)
+	}
+
+	sharedMount := mounttypes.Mount{
+		Type:   mounttypes.TypeBind,
+		Source: tmpDir1.Path(),
+		Target: "/volume-dest",
+		BindOptions: &mounttypes.BindOptions{
+			Propagation: mounttypes.PropagationShared,
+		},
+	}
+
+	bindMountCmd := []string{"mount", "--bind", "/volume-dest/mnt1", "/volume-dest/mnt1"}
+
+	ctx := context.Background()
+	client := testEnv.APIClient()
+	containerID := container.Run(ctx, t, client, container.WithPrivileged(true), container.WithMount(sharedMount), container.WithCmd(bindMountCmd...))
+	poll.WaitOn(t, container.IsSuccessful(ctx, client, containerID), poll.WithDelay(100*time.Millisecond))
+
+	// Make sure a bind mount under a shared volume propagated to host.
+	if mounted, _ := mountinfo.Mounted(tmpDir1Mnt); !mounted {
+		t.Fatalf("Bind mount under shared volume did not propagate to host")
+	}
+
+	mount.Unmount(tmpDir1Mnt)
+}
+
+func TestContainerVolumesMountedAsSlave(t *testing.T) {
+	// Volume propagation is linux only. Also it creates directories for
+	// bind mounting, so needs to be same host.
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsUserNamespace)
+	skip.If(t, testEnv.IsRootless, "cannot be tested because RootlessKit executes the daemon in private mount namespace (https://github.com/rootless-containers/rootlesskit/issues/97)")
+
+	// Prepare a source directory to bind mount
+	tmpDir1 := fs.NewDir(t, "volume-source", fs.WithMode(0755),
+		fs.WithDir("mnt1", fs.WithMode(0755)))
+	defer tmpDir1.Remove()
+	tmpDir1Mnt := filepath.Join(tmpDir1.Path(), "mnt1")
+
+	// Prepare a source directory with file in it. We will bind mount this
+	// directory and see if file shows up.
+	tmpDir2 := fs.NewDir(t, "volume-source2", fs.WithMode(0755),
+		fs.WithFile("slave-testfile", "Test", fs.WithMode(0644)))
+	defer tmpDir2.Remove()
+
+	// Convert this directory into a shared mount point so that we do
+	// not rely on propagation properties of parent mount.
+	if err := mount.MakePrivate(tmpDir1.Path()); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := mount.Unmount(tmpDir1.Path()); err != nil {
+			t.Fatal(err)
+		}
+	}()
+	if err := mount.MakeShared(tmpDir1.Path()); err != nil {
+		t.Fatal(err)
+	}
+
+	slaveMount := mounttypes.Mount{
+		Type:   mounttypes.TypeBind,
+		Source: tmpDir1.Path(),
+		Target: "/volume-dest",
+		BindOptions: &mounttypes.BindOptions{
+			Propagation: mounttypes.PropagationSlave,
+		},
+	}
+
+	topCmd := []string{"top"}
+
+	ctx := context.Background()
+	client := testEnv.APIClient()
+	containerID := container.Run(ctx, t, client, container.WithTty(true), container.WithMount(slaveMount), container.WithCmd(topCmd...))
+
+	// Bind mount tmpDir2/ onto tmpDir1/mnt1. If mount propagates inside
+	// container then contents of tmpDir2/slave-testfile should become
+	// visible at "/volume-dest/mnt1/slave-testfile"
+	if err := mount.Mount(tmpDir2.Path(), tmpDir1Mnt, "none", "bind"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := mount.Unmount(tmpDir1Mnt); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	mountCmd := []string{"cat", "/volume-dest/mnt1/slave-testfile"}
+
+	if result, err := container.Exec(ctx, client, containerID, mountCmd); err == nil {
+		if result.Stdout() != "Test" {
+			t.Fatalf("Bind mount under slave volume did not propagate to container")
+		}
+	} else {
+		t.Fatal(err)
+	}
+}
diff --git a/integration/container/nat_test.go b/integration/container/nat_test.go
index caaaf10fde0ef..5567e01ab39d2 100644
--- a/integration/container/nat_test.go
+++ b/integration/container/nat_test.go
@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"strings"
 	"testing"
@@ -13,16 +12,16 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/go-connections/nat"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestNetworkNat(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.OSType == "windows", "FIXME")
+	skip.If(t, testEnv.IsRemoteDaemon)
 
 	defer setupTest(t)()
 
@@ -30,18 +29,17 @@ func TestNetworkNat(t *testing.T) {
 	startServerContainer(t, msg, 8080)
 
 	endpoint := getExternalAddress(t)
-	conn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", endpoint.String(), 8080))
+	conn, err := net.Dial("tcp", net.JoinHostPort(endpoint.String(), "8080"))
 	assert.NilError(t, err)
 	defer conn.Close()
 
-	data, err := ioutil.ReadAll(conn)
+	data, err := io.ReadAll(conn)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(msg, strings.TrimSpace(string(data))))
 }
 
 func TestNetworkLocalhostTCPNat(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 
 	defer setupTest(t)()
 
@@ -52,13 +50,14 @@ func TestNetworkLocalhostTCPNat(t *testing.T) {
 	assert.NilError(t, err)
 	defer conn.Close()
 
-	data, err := ioutil.ReadAll(conn)
+	data, err := io.ReadAll(conn)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(msg, strings.TrimSpace(string(data))))
 }
 
 func TestNetworkLoopbackNat(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.OSType == "windows", "FIXME")
+	skip.If(t, testEnv.IsRemoteDaemon)
 
 	defer setupTest(t)()
 
@@ -67,10 +66,14 @@ func TestNetworkLoopbackNat(t *testing.T) {
 
 	endpoint := getExternalAddress(t)
 
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", fmt.Sprintf("stty raw && nc -w 5 %s 8080", endpoint.String())), container.WithTty(true), container.WithNetworkMode("container:"+serverContainerID))
+	cID := container.Run(ctx, t, client,
+		container.WithCmd("sh", "-c", fmt.Sprintf("stty raw && nc -w 1 %s 8080", endpoint.String())),
+		container.WithTty(true),
+		container.WithNetworkMode("container:"+serverContainerID),
+	)
 
 	poll.WaitOn(t, container.IsStopped(ctx, client, cID), poll.WithDelay(100*time.Millisecond))
 
@@ -88,26 +91,34 @@ func TestNetworkLoopbackNat(t *testing.T) {
 }
 
 func startServerContainer(t *testing.T, msg string, port int) string {
-	client := request.NewAPIClient(t)
+	t.Helper()
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, container.WithName("server-"+t.Name()), container.WithCmd("sh", "-c", fmt.Sprintf("echo %q | nc -lp %d", msg, port)), container.WithExposedPorts(fmt.Sprintf("%d/tcp", port)), func(c *container.TestContainerConfig) {
-		c.HostConfig.PortBindings = nat.PortMap{
-			nat.Port(fmt.Sprintf("%d/tcp", port)): []nat.PortBinding{
-				{
-					HostPort: fmt.Sprintf("%d", port),
+	cID := container.Run(ctx, t, client,
+		container.WithName("server-"+t.Name()),
+		container.WithCmd("sh", "-c", fmt.Sprintf("echo %q | nc -lp %d", msg, port)),
+		container.WithExposedPorts(fmt.Sprintf("%d/tcp", port)),
+		func(c *container.TestContainerConfig) {
+			c.HostConfig.PortBindings = nat.PortMap{
+				nat.Port(fmt.Sprintf("%d/tcp", port)): []nat.PortBinding{
+					{
+						HostPort: fmt.Sprintf("%d", port),
+					},
 				},
-			},
-		}
-	})
+			}
+		})
 
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
 	return cID
 }
 
+// getExternalAddress() returns the external IP-address from eth0. If eth0 has
+// multiple IP-addresses, it returns the first IPv4 IP-address; if no IPv4
+// address is present, it returns the first IP-address found.
 func getExternalAddress(t *testing.T) net.IP {
-	skip.If(t, testEnv.OSType == "windows", "FIXME")
+	t.Helper()
 	iface, err := net.InterfaceByName("eth0")
 	skip.If(t, err != nil, "Test not running with `make test-integration`. Interface eth0 not found: %s", err)
 
@@ -115,6 +126,17 @@ func getExternalAddress(t *testing.T) net.IP {
 	assert.NilError(t, err)
 	assert.Check(t, 0 != len(ifaceAddrs))
 
+	if len(ifaceAddrs) > 1 {
+		// Prefer IPv4 address if multiple addresses found, as rootlesskit
+		// does not handle IPv6 currently https://github.com/moby/moby/pull/41908#issuecomment-774200001
+		for _, a := range ifaceAddrs {
+			ifaceIP, _, err := net.ParseCIDR(a.String())
+			assert.NilError(t, err)
+			if ifaceIP.To4() != nil {
+				return ifaceIP
+			}
+		}
+	}
 	ifaceIP, _, err := net.ParseCIDR(ifaceAddrs[0].String())
 	assert.NilError(t, err)
 
diff --git a/integration/container/pause_test.go b/integration/container/pause_test.go
index 0905b95a836db..63e7fe3a6e4fc 100644
--- a/integration/container/pause_test.go
+++ b/integration/container/pause_test.go
@@ -6,26 +6,28 @@ import (
 	"testing"
 	"time"
 
+	containerderrdefs "github.com/containerd/containerd/errdefs"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestPause(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows" && testEnv.DaemonInfo.Isolation == "process")
+	skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
 	since := request.DaemonUnixTime(ctx, t, client, testEnv)
@@ -54,24 +56,25 @@ func TestPauseFailsOnWindowsServerContainers(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType != "windows" || testEnv.DaemonInfo.Isolation != "process")
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
 	err := client.ContainerPause(ctx, cID)
-	assert.Check(t, is.ErrorContains(err, "cannot pause Windows Server Containers"))
+	assert.Check(t, is.ErrorContains(err, containerderrdefs.ErrNotImplemented.Error()))
 }
 
 func TestPauseStopPausedContainer(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.31"), "broken in earlier versions")
+	skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
 	err := client.ContainerPause(ctx, cID)
diff --git a/integration/container/pidmode_linux_test.go b/integration/container/pidmode_linux_test.go
new file mode 100644
index 0000000000000..003192ac05a9c
--- /dev/null
+++ b/integration/container/pidmode_linux_test.go
@@ -0,0 +1,37 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/integration/internal/container"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
+)
+
+func TestPidHost(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+
+	hostPid, err := os.Readlink("/proc/1/ns/pid")
+	assert.NilError(t, err)
+
+	defer setupTest(t)()
+	client := testEnv.APIClient()
+	ctx := context.Background()
+
+	cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
+		c.HostConfig.PidMode = "host"
+	})
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+	cPid := container.GetContainerNS(ctx, t, client, cID, "pid")
+	assert.Assert(t, hostPid == cPid)
+
+	cID = container.Run(ctx, t, client)
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+	cPid = container.GetContainerNS(ctx, t, client, cID, "pid")
+	assert.Assert(t, hostPid != cPid)
+}
diff --git a/integration/container/ps_test.go b/integration/container/ps_test.go
index 4ae07043ab9a0..6e3a09a19ce47 100644
--- a/integration/container/ps_test.go
+++ b/integration/container/ps_test.go
@@ -7,19 +7,18 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestPsFilter(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	prev := container.Create(t, ctx, client)
-	top := container.Create(t, ctx, client)
-	next := container.Create(t, ctx, client)
+	prev := container.Create(ctx, t, client)
+	top := container.Create(ctx, t, client)
+	next := container.Create(ctx, t, client)
 
 	containerIDs := func(containers []types.Container) []string {
 		var entries []string
diff --git a/integration/container/remove_test.go b/integration/container/remove_test.go
index 5de13f22adcef..860d5479e33b4 100644
--- a/integration/container/remove_test.go
+++ b/integration/container/remove_test.go
@@ -9,12 +9,11 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
@@ -26,18 +25,18 @@ func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
 
 // Test case for #5244: `docker rm` fails if bind dir doesn't exist anymore
 func TestRemoveContainerWithRemovedVolume(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 
 	tempDir := fs.NewDir(t, "test-rm-container-with-removed-volume", fs.WithMode(0755))
 	defer tempDir.Remove()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("true"), container.WithBind(tempDir.Path(), prefix+slash+"test"))
+	cID := container.Run(ctx, t, client, container.WithCmd("true"), container.WithBind(tempDir.Path(), prefix+slash+"test"))
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
 
 	err := os.RemoveAll(tempDir.Path())
@@ -56,11 +55,11 @@ func TestRemoveContainerWithRemovedVolume(t *testing.T) {
 func TestRemoveContainerWithVolume(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("true"), container.WithVolume(prefix+slash+"srv"))
+	cID := container.Run(ctx, t, client, container.WithCmd("true"), container.WithVolume(prefix+slash+"srv"))
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
 
 	insp, _, err := client.ContainerInspectWithRaw(ctx, cID, true)
@@ -81,9 +80,9 @@ func TestRemoveContainerWithVolume(t *testing.T) {
 func TestRemoveContainerRunning(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 
 	err := client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{})
 	assert.Check(t, is.ErrorContains(err, "cannot remove a running container"))
@@ -92,9 +91,9 @@ func TestRemoveContainerRunning(t *testing.T) {
 func TestRemoveContainerForceRemoveRunning(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 
 	err := client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{
 		Force: true,
@@ -105,7 +104,7 @@ func TestRemoveContainerForceRemoveRunning(t *testing.T) {
 func TestRemoveInvalidContainer(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	err := client.ContainerRemove(ctx, "unknown", types.ContainerRemoveOptions{})
 	assert.Check(t, is.ErrorContains(err, "No such container"))
diff --git a/integration/container/rename_test.go b/integration/container/rename_test.go
index 5c98608a8ae39..b2ad4902ecd3c 100644
--- a/integration/container/rename_test.go
+++ b/integration/container/rename_test.go
@@ -10,12 +10,11 @@ import (
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/stringid"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 // This test simulates the scenario mentioned in #31392:
@@ -27,22 +26,22 @@ func TestRenameLinkedContainer(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	aName := "a0" + t.Name()
 	bName := "b0" + t.Name()
-	aID := container.Run(t, ctx, client, container.WithName(aName))
-	bID := container.Run(t, ctx, client, container.WithName(bName), container.WithLinks(aName))
+	aID := container.Run(ctx, t, client, container.WithName(aName))
+	bID := container.Run(ctx, t, client, container.WithName(bName), container.WithLinks(aName))
 
 	err := client.ContainerRename(ctx, aID, "a1"+t.Name())
 	assert.NilError(t, err)
 
-	container.Run(t, ctx, client, container.WithName(aName))
+	container.Run(ctx, t, client, container.WithName(aName))
 
 	err = client.ContainerRemove(ctx, bID, types.ContainerRemoveOptions{Force: true})
 	assert.NilError(t, err)
 
-	bID = container.Run(t, ctx, client, container.WithName(bName), container.WithLinks(aName))
+	bID = container.Run(ctx, t, client, container.WithName(bName), container.WithLinks(aName))
 
 	inspect, err := client.ContainerInspect(ctx, bID)
 	assert.NilError(t, err)
@@ -52,17 +51,17 @@ func TestRenameLinkedContainer(t *testing.T) {
 func TestRenameStoppedContainer(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	oldName := "first_name" + t.Name()
-	cID := container.Run(t, ctx, client, container.WithName(oldName), container.WithCmd("sh"))
+	cID := container.Run(ctx, t, client, container.WithName(oldName), container.WithCmd("sh"))
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
 
 	inspect, err := client.ContainerInspect(ctx, cID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal("/"+oldName, inspect.Name))
 
-	newName := "new_name" + stringid.GenerateNonCryptoID()
+	newName := "new_name" + stringid.GenerateRandomID()
 	err = client.ContainerRename(ctx, oldName, newName)
 	assert.NilError(t, err)
 
@@ -74,13 +73,13 @@ func TestRenameStoppedContainer(t *testing.T) {
 func TestRenameRunningContainerAndReuse(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	oldName := "first_name" + t.Name()
-	cID := container.Run(t, ctx, client, container.WithName(oldName))
+	cID := container.Run(ctx, t, client, container.WithName(oldName))
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
-	newName := "new_name" + stringid.GenerateNonCryptoID()
+	newName := "new_name" + stringid.GenerateRandomID()
 	err := client.ContainerRename(ctx, oldName, newName)
 	assert.NilError(t, err)
 
@@ -91,7 +90,7 @@ func TestRenameRunningContainerAndReuse(t *testing.T) {
 	_, err = client.ContainerInspect(ctx, oldName)
 	assert.Check(t, is.ErrorContains(err, "No such container: "+oldName))
 
-	cID = container.Run(t, ctx, client, container.WithName(oldName))
+	cID = container.Run(ctx, t, client, container.WithName(oldName))
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
 	inspect, err = client.ContainerInspect(ctx, cID)
@@ -102,10 +101,10 @@ func TestRenameRunningContainerAndReuse(t *testing.T) {
 func TestRenameInvalidName(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	oldName := "first_name" + t.Name()
-	cID := container.Run(t, ctx, client, container.WithName(oldName))
+	cID := container.Run(ctx, t, client, container.WithName(oldName))
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
 	err := client.ContainerRename(ctx, oldName, "new:invalid")
@@ -124,16 +123,15 @@ func TestRenameInvalidName(t *testing.T) {
 // This test is to make sure once the container has been renamed,
 // the service discovery for the (re)named container works.
 func TestRenameAnonymousContainer(t *testing.T) {
-	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	networkName := "network1" + t.Name()
 	_, err := client.NetworkCreate(ctx, networkName, types.NetworkCreate{})
 
 	assert.NilError(t, err)
-	cID := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+	cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
 		c.NetworkingConfig.EndpointsConfig = map[string]*network.EndpointSettings{
 			networkName: {},
 		}
@@ -156,7 +154,7 @@ func TestRenameAnonymousContainer(t *testing.T) {
 	if testEnv.OSType == "windows" {
 		count = "-n"
 	}
-	cID = container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+	cID = container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
 		c.NetworkingConfig.EndpointsConfig = map[string]*network.EndpointSettings{
 			networkName: {},
 		}
@@ -166,17 +164,17 @@ func TestRenameAnonymousContainer(t *testing.T) {
 
 	inspect, err := client.ContainerInspect(ctx, cID)
 	assert.NilError(t, err)
-	assert.Check(t, is.Equal(0, inspect.State.ExitCode), "container %s exited with the wrong exitcode: %+v", cID, inspect)
+	assert.Check(t, is.Equal(0, inspect.State.ExitCode), "container %s exited with the wrong exitcode: %s", cID, inspect.State.Error)
 }
 
 // TODO: should be a unit test
 func TestRenameContainerWithSameName(t *testing.T) {
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	oldName := "old" + t.Name()
-	cID := container.Run(t, ctx, client, container.WithName(oldName))
+	cID := container.Run(ctx, t, client, container.WithName(oldName))
 
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 	err := client.ContainerRename(ctx, oldName, oldName)
@@ -191,20 +189,20 @@ func TestRenameContainerWithSameName(t *testing.T) {
 // of the linked container should be updated so that the other
 // container could still reference to the container that is renamed.
 func TestRenameContainerWithLinkedContainer(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 	skip.If(t, testEnv.OSType == "windows", "FIXME")
 
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	db1Name := "db1" + t.Name()
-	db1ID := container.Run(t, ctx, client, container.WithName(db1Name))
+	db1ID := container.Run(ctx, t, client, container.WithName(db1Name))
 	poll.WaitOn(t, container.IsInState(ctx, client, db1ID, "running"), poll.WithDelay(100*time.Millisecond))
 
 	app1Name := "app1" + t.Name()
 	app2Name := "app2" + t.Name()
-	app1ID := container.Run(t, ctx, client, container.WithName(app1Name), container.WithLinks(db1Name+":/mysql"))
+	app1ID := container.Run(ctx, t, client, container.WithName(app1Name), container.WithLinks(db1Name+":/mysql"))
 	poll.WaitOn(t, container.IsInState(ctx, client, app1ID, "running"), poll.WithDelay(100*time.Millisecond))
 
 	err := client.ContainerRename(ctx, app1Name, app2Name)
diff --git a/integration/container/resize_test.go b/integration/container/resize_test.go
index 461ef14dfa00b..05f4816f6e9f2 100644
--- a/integration/container/resize_test.go
+++ b/integration/container/resize_test.go
@@ -9,21 +9,19 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	req "github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	req "github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestResize(t *testing.T) {
-	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client, container.WithTty(true))
 
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
@@ -36,12 +34,11 @@ func TestResize(t *testing.T) {
 
 func TestResizeWithInvalidSize(t *testing.T) {
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.32"), "broken in earlier versions")
-	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
@@ -53,10 +50,10 @@ func TestResizeWithInvalidSize(t *testing.T) {
 
 func TestResizeWhenContainerNotStarted(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("echo"))
+	cID := container.Run(ctx, t, client, container.WithCmd("echo"))
 
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
 
diff --git a/integration/container/restart_test.go b/integration/container/restart_test.go
index 64b076410fc70..0c29812e8dec4 100644
--- a/integration/container/restart_test.go
+++ b/integration/container/restart_test.go
@@ -8,14 +8,17 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/internal/test/daemon"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestDaemonRestartKillContainers(t *testing.T) {
 	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support live-restore")
 	type testCase struct {
 		desc       string
 		config     *container.Config
@@ -24,9 +27,10 @@ func TestDaemonRestartKillContainers(t *testing.T) {
 		xRunning            bool
 		xRunningLiveRestore bool
 		xStart              bool
+		xHealthCheck        bool
 	}
 
-	for _, c := range []testCase{
+	for _, tc := range []testCase{
 		{
 			desc:                "container without restart policy",
 			config:              &container.Config{Image: "busybox", Cmd: []string{"top"}},
@@ -41,6 +45,20 @@ func TestDaemonRestartKillContainers(t *testing.T) {
 			xRunningLiveRestore: true,
 			xStart:              true,
 		},
+		{
+			desc: "container with restart=always and with healthcheck",
+			config: &container.Config{Image: "busybox", Cmd: []string{"top"},
+				Healthcheck: &container.HealthConfig{
+					Test:     []string{"CMD-SHELL", "sleep 1"},
+					Interval: time.Second,
+				},
+			},
+			hostConfig:          &container.HostConfig{RestartPolicy: container.RestartPolicy{Name: "always"}},
+			xRunning:            true,
+			xRunningLiveRestore: true,
+			xStart:              true,
+			xHealthCheck:        true,
+		},
 		{
 			desc:       "container created should not be restarted",
 			config:     &container.Config{Image: "busybox", Cmd: []string{"top"}},
@@ -57,16 +75,15 @@ func TestDaemonRestartKillContainers(t *testing.T) {
 					d.Stop(t)
 				},
 			} {
-				t.Run(fmt.Sprintf("live-restore=%v/%s/%s", liveRestoreEnabled, c.desc, fnName), func(t *testing.T) {
-					c := c
+				t.Run(fmt.Sprintf("live-restore=%v/%s/%s", liveRestoreEnabled, tc.desc, fnName), func(t *testing.T) {
+					c := tc
 					liveRestoreEnabled := liveRestoreEnabled
 					stopDaemon := stopDaemon
 
 					t.Parallel()
 
 					d := daemon.New(t)
-					client, err := d.NewClient()
-					assert.NilError(t, err)
+					client := d.NewClientT(t)
 
 					args := []string{"--iptables=false"}
 					if liveRestoreEnabled {
@@ -77,7 +94,7 @@ func TestDaemonRestartKillContainers(t *testing.T) {
 					defer d.Stop(t)
 					ctx := context.Background()
 
-					resp, err := client.ContainerCreate(ctx, c.config, c.hostConfig, nil, "")
+					resp, err := client.ContainerCreate(ctx, c.config, c.hostConfig, nil, nil, "")
 					assert.NilError(t, err)
 					defer client.ContainerRemove(ctx, resp.ID, types.ContainerRemoveOptions{Force: true})
 
@@ -107,9 +124,32 @@ func TestDaemonRestartKillContainers(t *testing.T) {
 
 					}
 					assert.Equal(t, expected, running, "got unexpected running state, expected %v, got: %v", expected, running)
+
+					if c.xHealthCheck {
+						startTime := time.Now()
+						ctxPoll, cancel := context.WithTimeout(ctx, 30*time.Second)
+						defer cancel()
+						poll.WaitOn(t, pollForNewHealthCheck(ctxPoll, client, startTime, resp.ID), poll.WithDelay(100*time.Millisecond))
+					}
 					// TODO(cpuguy83): test pause states... this seems to be rather undefined currently
 				})
 			}
 		}
 	}
 }
+
+func pollForNewHealthCheck(ctx context.Context, client *client.Client, startTime time.Time, containerID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		inspect, err := client.ContainerInspect(ctx, containerID)
+		if err != nil {
+			return poll.Error(err)
+		}
+		healthChecksTotal := len(inspect.State.Health.Log)
+		if healthChecksTotal > 0 {
+			if inspect.State.Health.Log[healthChecksTotal-1].Start.After(startTime) {
+				return poll.Success()
+			}
+		}
+		return poll.Continue("waiting for a new container healthcheck")
+	}
+}
diff --git a/integration/container/run_cgroupns_linux_test.go b/integration/container/run_cgroupns_linux_test.go
new file mode 100644
index 0000000000000..311219003296f
--- /dev/null
+++ b/integration/container/run_cgroupns_linux_test.go
@@ -0,0 +1,145 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/integration/internal/requirement"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
+)
+
+// Bring up a daemon with the specified default cgroup namespace mode, and then create a container with the container options
+func testRunWithCgroupNs(t *testing.T, daemonNsMode string, containerOpts ...func(*container.TestContainerConfig)) (string, string) {
+	d := daemon.New(t, daemon.WithDefaultCgroupNamespaceMode(daemonNsMode))
+	client := d.NewClientT(t)
+	ctx := context.Background()
+
+	d.StartWithBusybox(t)
+	defer d.Stop(t)
+
+	cID := container.Run(ctx, t, client, containerOpts...)
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	daemonCgroup := d.CgroupNamespace(t)
+	containerCgroup := container.GetContainerNS(ctx, t, client, cID, "cgroup")
+	return containerCgroup, daemonCgroup
+}
+
+// Bring up a daemon with the specified default cgroup namespace mode. Create a container with the container options,
+// expecting an error with the specified string
+func testCreateFailureWithCgroupNs(t *testing.T, daemonNsMode string, errStr string, containerOpts ...func(*container.TestContainerConfig)) {
+	d := daemon.New(t, daemon.WithDefaultCgroupNamespaceMode(daemonNsMode))
+	client := d.NewClientT(t)
+	ctx := context.Background()
+
+	d.StartWithBusybox(t)
+	defer d.Stop(t)
+	container.CreateExpectingErr(ctx, t, client, errStr, containerOpts...)
+}
+
+func TestCgroupNamespacesRun(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	// When the daemon defaults to private cgroup namespaces, containers launched
+	// should be in their own private cgroup namespace by default
+	containerCgroup, daemonCgroup := testRunWithCgroupNs(t, "private")
+	assert.Assert(t, daemonCgroup != containerCgroup)
+}
+
+func TestCgroupNamespacesRunPrivileged(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+	skip.If(t, testEnv.DaemonInfo.CgroupVersion == "2", "on cgroup v2, privileged containers use private cgroupns")
+
+	// When the daemon defaults to private cgroup namespaces, privileged containers
+	// launched should not be inside their own cgroup namespaces
+	containerCgroup, daemonCgroup := testRunWithCgroupNs(t, "private", container.WithPrivileged(true))
+	assert.Assert(t, daemonCgroup == containerCgroup)
+}
+
+func TestCgroupNamespacesRunDaemonHostMode(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	// When the daemon defaults to host cgroup namespaces, containers
+	// launched should not be inside their own cgroup namespaces
+	containerCgroup, daemonCgroup := testRunWithCgroupNs(t, "host")
+	assert.Assert(t, daemonCgroup == containerCgroup)
+}
+
+func TestCgroupNamespacesRunHostMode(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	// When the daemon defaults to private cgroup namespaces, containers launched
+	// with a cgroup ns mode of "host" should not be inside their own cgroup namespaces
+	containerCgroup, daemonCgroup := testRunWithCgroupNs(t, "private", container.WithCgroupnsMode("host"))
+	assert.Assert(t, daemonCgroup == containerCgroup)
+}
+
+func TestCgroupNamespacesRunPrivateMode(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	// When the daemon defaults to private cgroup namespaces, containers launched
+	// with a cgroup ns mode of "private" should be inside their own cgroup namespaces
+	containerCgroup, daemonCgroup := testRunWithCgroupNs(t, "private", container.WithCgroupnsMode("private"))
+	assert.Assert(t, daemonCgroup != containerCgroup)
+}
+
+func TestCgroupNamespacesRunPrivilegedAndPrivate(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	containerCgroup, daemonCgroup := testRunWithCgroupNs(t, "private", container.WithPrivileged(true), container.WithCgroupnsMode("private"))
+	assert.Assert(t, daemonCgroup != containerCgroup)
+}
+
+func TestCgroupNamespacesRunInvalidMode(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	// An invalid cgroup namespace mode should return an error on container creation
+	errStr := "invalid cgroup namespace mode: invalid"
+	testCreateFailureWithCgroupNs(t, "private", errStr, container.WithCgroupnsMode("invalid"))
+}
+
+// Clients before 1.40 expect containers to be created in the host cgroup namespace,
+// regardless of the default setting of the daemon, unless running with cgroup v2
+func TestCgroupNamespacesRunOlderClient(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
+
+	d := daemon.New(t, daemon.WithDefaultCgroupNamespaceMode("private"))
+	client := d.NewClientT(t, client.WithVersion("1.39"))
+
+	ctx := context.Background()
+	d.StartWithBusybox(t)
+	defer d.Stop(t)
+
+	cID := container.Run(ctx, t, client)
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	daemonCgroup := d.CgroupNamespace(t)
+	containerCgroup := container.GetContainerNS(ctx, t, client, cID, "cgroup")
+	if testEnv.DaemonInfo.CgroupVersion != "2" {
+		assert.Assert(t, daemonCgroup == containerCgroup)
+	} else {
+		assert.Assert(t, daemonCgroup != containerCgroup)
+	}
+}
diff --git a/integration/container/run_linux_test.go b/integration/container/run_linux_test.go
new file mode 100644
index 0000000000000..a8e47e9f9e56c
--- /dev/null
+++ b/integration/container/run_linux_test.go
@@ -0,0 +1,130 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"strings"
+	"testing"
+	"time"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/container"
+	net "github.com/docker/docker/integration/internal/network"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
+)
+
+func TestNISDomainname(t *testing.T) {
+	// Older versions of the daemon would concatenate hostname and domainname,
+	// so hostname "foobar" and domainname "baz.cyphar.com" would produce
+	// `foobar.baz.cyphar.com` as hostname.
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "skip test from new feature")
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	// Rootless supports custom Hostname but doesn't support custom Domainname
+	//  OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \
+	//  "write sysctl key kernel.domainname: open /proc/sys/kernel/domainname: permission denied\"": unknown.
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support setting Domainname (TODO: https://github.com/moby/moby/issues/40632)")
+
+	defer setupTest(t)()
+	client := testEnv.APIClient()
+	ctx := context.Background()
+
+	const (
+		hostname   = "foobar"
+		domainname = "baz.cyphar.com"
+	)
+
+	cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
+		c.Config.Hostname = hostname
+		c.Config.Domainname = domainname
+	})
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(hostname, inspect.Config.Hostname))
+	assert.Check(t, is.Equal(domainname, inspect.Config.Domainname))
+
+	// Check hostname.
+	res, err := container.Exec(ctx, client, cID,
+		[]string{"cat", "/proc/sys/kernel/hostname"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	assert.Check(t, is.Equal(hostname, strings.TrimSpace(res.Stdout())))
+
+	// Check domainname.
+	res, err = container.Exec(ctx, client, cID,
+		[]string{"cat", "/proc/sys/kernel/domainname"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	assert.Check(t, is.Equal(domainname, strings.TrimSpace(res.Stdout())))
+}
+
+func TestHostnameDnsResolution(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	client := testEnv.APIClient()
+	ctx := context.Background()
+
+	const (
+		hostname = "foobar"
+	)
+
+	// using user defined network as we want to use internal DNS
+	netName := "foobar-net"
+	net.CreateNoError(context.Background(), t, client, netName, net.WithDriver("bridge"))
+
+	cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
+		c.Config.Hostname = hostname
+		c.HostConfig.NetworkMode = containertypes.NetworkMode(netName)
+	})
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(hostname, inspect.Config.Hostname))
+
+	// Clear hosts file so ping will use DNS for hostname resolution
+	res, err := container.Exec(ctx, client, cID,
+		[]string{"sh", "-c", "echo 127.0.0.1 localhost | tee /etc/hosts && ping -c 1 foobar"})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("", res.Stderr()))
+	assert.Equal(t, 0, res.ExitCode)
+}
+
+func TestUnprivilegedPortsAndPing(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support setting net.ipv4.ping_group_range and net.ipv4.ip_unprivileged_port_start")
+
+	defer setupTest(t)()
+	client := testEnv.APIClient()
+	ctx := context.Background()
+
+	cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
+		c.Config.User = "1000:1000"
+	})
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	// Check net.ipv4.ping_group_range.
+	res, err := container.Exec(ctx, client, cID, []string{"cat", "/proc/sys/net/ipv4/ping_group_range"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	assert.Equal(t, `0	2147483647`, strings.TrimSpace(res.Stdout()))
+
+	// Check net.ipv4.ip_unprivileged_port_start.
+	res, err = container.Exec(ctx, client, cID, []string{"cat", "/proc/sys/net/ipv4/ip_unprivileged_port_start"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	assert.Equal(t, "0", strings.TrimSpace(res.Stdout()))
+}
diff --git a/integration/container/stats_test.go b/integration/container/stats_test.go
index 6493a30573e21..b6cd0f5ca7e10 100644
--- a/integration/container/stats_test.go
+++ b/integration/container/stats_test.go
@@ -4,29 +4,30 @@ import (
 	"context"
 	"encoding/json"
 	"io"
+	"reflect"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestStats(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
 	skip.If(t, !testEnv.DaemonInfo.MemoryLimit)
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	info, err := client.Info(ctx)
 	assert.NilError(t, err)
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 
 	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
 
@@ -34,10 +35,23 @@ func TestStats(t *testing.T) {
 	assert.NilError(t, err)
 	defer resp.Body.Close()
 
-	var v *types.Stats
+	var v types.Stats
 	err = json.NewDecoder(resp.Body).Decode(&v)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(int64(v.MemoryStats.Limit), info.MemTotal))
+	assert.Check(t, !reflect.DeepEqual(v.PreCPUStats, types.CPUStats{}))
+	err = json.NewDecoder(resp.Body).Decode(&v)
+	assert.Assert(t, is.ErrorContains(err, ""), io.EOF)
+
+	resp, err = client.ContainerStatsOneShot(ctx, cID)
+	assert.NilError(t, err)
+	defer resp.Body.Close()
+
+	v = types.Stats{}
+	err = json.NewDecoder(resp.Body).Decode(&v)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(int64(v.MemoryStats.Limit), info.MemTotal))
+	assert.Check(t, is.DeepEqual(v.PreCPUStats, types.CPUStats{}))
 	err = json.NewDecoder(resp.Body).Decode(&v)
 	assert.Assert(t, is.ErrorContains(err, ""), io.EOF)
 }
diff --git a/integration/container/stop_linux_test.go b/integration/container/stop_linux_test.go
index 92db0de41f989..9ce11f37d12d3 100644
--- a/integration/container/stop_linux_test.go
+++ b/integration/container/stop_linux_test.go
@@ -10,11 +10,10 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	"gotest.tools/icmd"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 // TestStopContainerWithTimeout checks that ContainerStop with
@@ -22,7 +21,7 @@ import (
 // waiting is not limited (issue #35311).
 func TestStopContainerWithTimeout(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	testCmd := container.WithCmd("sh", "-c", "sleep 2 && exit 42")
@@ -55,7 +54,7 @@ func TestStopContainerWithTimeout(t *testing.T) {
 		d := d
 		t.Run(strconv.Itoa(d.timeout), func(t *testing.T) {
 			t.Parallel()
-			id := container.Run(t, ctx, client, testCmd)
+			id := container.Run(ctx, t, client, testCmd)
 
 			timeout := time.Duration(d.timeout) * time.Second
 			err := client.ContainerStop(ctx, id, &timeout)
@@ -73,13 +72,13 @@ func TestStopContainerWithTimeout(t *testing.T) {
 
 func TestDeleteDevicemapper(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.Driver != "devicemapper")
-	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
+	skip.If(t, testEnv.IsRemoteDaemon)
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	id := container.Run(t, ctx, client, container.WithName("foo-"+t.Name()), container.WithCmd("echo"))
+	id := container.Run(ctx, t, client, container.WithName("foo-"+t.Name()), container.WithCmd("echo"))
 
 	poll.WaitOn(t, container.IsStopped(ctx, client, id), poll.WithDelay(100*time.Millisecond))
 
diff --git a/integration/container/stop_test.go b/integration/container/stop_test.go
index 03e76b054d934..7e12996e333f3 100644
--- a/integration/container/stop_test.go
+++ b/integration/container/stop_test.go
@@ -6,21 +6,22 @@ import (
 	"time"
 
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	"gotest.tools/poll"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
 )
 
 func TestStopContainerWithRestartPolicyAlways(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	names := []string{"verifyRestart1-" + t.Name(), "verifyRestart2-" + t.Name()}
 	for _, name := range names {
-		container.Run(t, ctx, client, container.WithName(name), container.WithCmd("false"), func(c *container.TestContainerConfig) {
-			c.HostConfig.RestartPolicy.Name = "always"
-		})
+		container.Run(ctx, t, client,
+			container.WithName(name),
+			container.WithCmd("false"),
+			container.WithRestartPolicy("always"),
+		)
 	}
 
 	for _, name := range names {
diff --git a/integration/container/stop_windows_test.go b/integration/container/stop_windows_test.go
index 0992f62bc9308..a20ba5e6d92e9 100644
--- a/integration/container/stop_windows_test.go
+++ b/integration/container/stop_windows_test.go
@@ -7,10 +7,9 @@ import (
 	"time"
 
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 // TestStopContainerWithTimeout checks that ContainerStop with
@@ -19,7 +18,7 @@ import (
 func TestStopContainerWithTimeout(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	testCmd := container.WithCmd("sh", "-c", "sleep 2 && exit 42")
@@ -52,7 +51,7 @@ func TestStopContainerWithTimeout(t *testing.T) {
 		d := d
 		t.Run(strconv.Itoa(d.timeout), func(t *testing.T) {
 			t.Parallel()
-			id := container.Run(t, ctx, client, testCmd)
+			id := container.Run(ctx, t, client, testCmd)
 
 			timeout := time.Duration(d.timeout) * time.Second
 			err := client.ContainerStop(ctx, id, &timeout)
diff --git a/integration/container/update_linux_test.go b/integration/container/update_linux_test.go
index 7ebe64e7e3e2d..4d43124900bc4 100644
--- a/integration/container/update_linux_test.go
+++ b/integration/container/update_linux_test.go
@@ -8,24 +8,26 @@ import (
 	"time"
 
 	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestUpdateMemory(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
 	skip.If(t, !testEnv.DaemonInfo.MemoryLimit)
 	skip.If(t, !testEnv.DaemonInfo.SwapLimit)
 
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+	cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
 		c.HostConfig.Resources = containertypes.Resources{
 			Memory: 200 * 1024 * 1024,
 		}
@@ -51,29 +53,43 @@ func TestUpdateMemory(t *testing.T) {
 	assert.Check(t, is.Equal(setMemory, inspect.HostConfig.Memory))
 	assert.Check(t, is.Equal(setMemorySwap, inspect.HostConfig.MemorySwap))
 
+	memoryFile := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
+	if testEnv.DaemonInfo.CgroupVersion == "2" {
+		memoryFile = "/sys/fs/cgroup/memory.max"
+	}
 	res, err := container.Exec(ctx, client, cID,
-		[]string{"cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"})
+		[]string{"cat", memoryFile})
 	assert.NilError(t, err)
 	assert.Assert(t, is.Len(res.Stderr(), 0))
 	assert.Equal(t, 0, res.ExitCode)
 	assert.Check(t, is.Equal(strconv.FormatInt(setMemory, 10), strings.TrimSpace(res.Stdout())))
 
-	res, err = container.Exec(ctx, client, cID,
-		[]string{"cat", "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"})
-	assert.NilError(t, err)
-	assert.Assert(t, is.Len(res.Stderr(), 0))
-	assert.Equal(t, 0, res.ExitCode)
-	assert.Check(t, is.Equal(strconv.FormatInt(setMemorySwap, 10), strings.TrimSpace(res.Stdout())))
+	// see ConvertMemorySwapToCgroupV2Value() for the convention:
+	// https://github.com/opencontainers/runc/commit/c86be8a2c118ca7bad7bbe9eaf106c659a83940d
+	if testEnv.DaemonInfo.CgroupVersion == "2" {
+		res, err = container.Exec(ctx, client, cID,
+			[]string{"cat", "/sys/fs/cgroup/memory.swap.max"})
+		assert.NilError(t, err)
+		assert.Assert(t, is.Len(res.Stderr(), 0))
+		assert.Equal(t, 0, res.ExitCode)
+		assert.Check(t, is.Equal(strconv.FormatInt(setMemorySwap-setMemory, 10), strings.TrimSpace(res.Stdout())))
+	} else {
+		res, err = container.Exec(ctx, client, cID,
+			[]string{"cat", "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"})
+		assert.NilError(t, err)
+		assert.Assert(t, is.Len(res.Stderr(), 0))
+		assert.Equal(t, 0, res.ExitCode)
+		assert.Check(t, is.Equal(strconv.FormatInt(setMemorySwap, 10), strings.TrimSpace(res.Stdout())))
+	}
 }
 
 func TestUpdateCPUQuota(t *testing.T) {
-	t.Parallel()
-
+	skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 
 	for _, test := range []struct {
 		desc   string
@@ -84,24 +100,120 @@ func TestUpdateCPUQuota(t *testing.T) {
 		{desc: "a lower value", update: 10000},
 		{desc: "unset value", update: -1},
 	} {
-		if _, err := client.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
-			Resources: containertypes.Resources{
-				CPUQuota: test.update,
-			},
-		}); err != nil {
-			t.Fatal(err)
+		if testEnv.DaemonInfo.CgroupVersion == "2" {
+			// On v2, specifying CPUQuota without CPUPeriod is currently broken:
+			// https://github.com/opencontainers/runc/issues/2456
+			// As a workaround we set them together.
+			_, err := client.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
+				Resources: containertypes.Resources{
+					CPUQuota:  test.update,
+					CPUPeriod: 100000,
+				},
+			})
+			assert.NilError(t, err)
+		} else {
+			_, err := client.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
+				Resources: containertypes.Resources{
+					CPUQuota: test.update,
+				},
+			})
+			assert.NilError(t, err)
 		}
 
 		inspect, err := client.ContainerInspect(ctx, cID)
 		assert.NilError(t, err)
 		assert.Check(t, is.Equal(test.update, inspect.HostConfig.CPUQuota))
 
-		res, err := container.Exec(ctx, client, cID,
-			[]string{"/bin/cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"})
-		assert.NilError(t, err)
-		assert.Assert(t, is.Len(res.Stderr(), 0))
-		assert.Equal(t, 0, res.ExitCode)
+		if testEnv.DaemonInfo.CgroupVersion == "2" {
+			res, err := container.Exec(ctx, client, cID,
+				[]string{"/bin/cat", "/sys/fs/cgroup/cpu.max"})
+			assert.NilError(t, err)
+			assert.Assert(t, is.Len(res.Stderr(), 0))
+			assert.Equal(t, 0, res.ExitCode)
+
+			quotaPeriodPair := strings.Fields(res.Stdout())
+			quota := quotaPeriodPair[0]
+			if test.update == -1 {
+				assert.Check(t, is.Equal("max", quota))
+			} else {
+				assert.Check(t, is.Equal(strconv.FormatInt(test.update, 10), quota))
+			}
+		} else {
+			res, err := container.Exec(ctx, client, cID,
+				[]string{"/bin/cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"})
+			assert.NilError(t, err)
+			assert.Assert(t, is.Len(res.Stderr(), 0))
+			assert.Equal(t, 0, res.ExitCode)
+
+			assert.Check(t, is.Equal(strconv.FormatInt(test.update, 10), strings.TrimSpace(res.Stdout())))
+		}
+	}
+}
+
+func TestUpdatePidsLimit(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
+	skip.If(t, !testEnv.DaemonInfo.PidsLimit)
+
+	defer setupTest(t)()
+	apiClient := testEnv.APIClient()
+	oldAPIclient := request.NewAPIClient(t, client.WithVersion("1.24"))
+	ctx := context.Background()
+
+	intPtr := func(i int64) *int64 {
+		return &i
+	}
+
+	for _, test := range []struct {
+		desc     string
+		oldAPI   bool
+		initial  *int64
+		update   *int64
+		expect   int64
+		expectCg string
+	}{
+		{desc: "update from none", update: intPtr(32), expect: 32, expectCg: "32"},
+		{desc: "no change", initial: intPtr(32), expect: 32, expectCg: "32"},
+		{desc: "update lower", initial: intPtr(32), update: intPtr(16), expect: 16, expectCg: "16"},
+		{desc: "update on old api ignores value", oldAPI: true, initial: intPtr(32), update: intPtr(16), expect: 32, expectCg: "32"},
+		{desc: "unset limit with zero", initial: intPtr(32), update: intPtr(0), expect: 0, expectCg: "max"},
+		{desc: "unset limit with minus one", initial: intPtr(32), update: intPtr(-1), expect: 0, expectCg: "max"},
+		{desc: "unset limit with minus two", initial: intPtr(32), update: intPtr(-2), expect: 0, expectCg: "max"},
+	} {
+		c := apiClient
+		if test.oldAPI {
+			c = oldAPIclient
+		}
 
-		assert.Check(t, is.Equal(strconv.FormatInt(test.update, 10), strings.TrimSpace(res.Stdout())))
+		t.Run(test.desc, func(t *testing.T) {
+			// Using "network=host" to speed up creation (13.96s vs 6.54s)
+			cID := container.Run(ctx, t, apiClient, container.WithPidsLimit(test.initial), container.WithNetworkMode("host"))
+
+			_, err := c.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
+				Resources: containertypes.Resources{
+					PidsLimit: test.update,
+				},
+			})
+			assert.NilError(t, err)
+
+			inspect, err := c.ContainerInspect(ctx, cID)
+			assert.NilError(t, err)
+			assert.Assert(t, inspect.HostConfig.Resources.PidsLimit != nil)
+			assert.Equal(t, *inspect.HostConfig.Resources.PidsLimit, test.expect)
+
+			ctx, cancel := context.WithTimeout(ctx, 60*time.Second)
+			defer cancel()
+
+			pidsFile := "/sys/fs/cgroup/pids/pids.max"
+			if testEnv.DaemonInfo.CgroupVersion == "2" {
+				pidsFile = "/sys/fs/cgroup/pids.max"
+			}
+			res, err := container.Exec(ctx, c, cID, []string{"cat", pidsFile})
+			assert.NilError(t, err)
+			assert.Assert(t, is.Len(res.Stderr(), 0))
+
+			out := strings.TrimSpace(res.Stdout())
+			assert.Equal(t, out, test.expectCg)
+		})
 	}
 }
diff --git a/integration/container/update_test.go b/integration/container/update_test.go
index 0e32184d27f10..086014540a983 100644
--- a/integration/container/update_test.go
+++ b/integration/container/update_test.go
@@ -7,18 +7,17 @@ import (
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
 )
 
 func TestUpdateRestartPolicy(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", "sleep 1 && false"), func(c *container.TestContainerConfig) {
+	cID := container.Run(ctx, t, client, container.WithCmd("sh", "-c", "sleep 1 && false"), func(c *container.TestContainerConfig) {
 		c.HostConfig.RestartPolicy = containertypes.RestartPolicy{
 			Name:              "on-failure",
 			MaximumRetryCount: 3,
@@ -48,12 +47,10 @@ func TestUpdateRestartPolicy(t *testing.T) {
 
 func TestUpdateRestartWithAutoRemove(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
-		c.HostConfig.AutoRemove = true
-	})
+	cID := container.Run(ctx, t, client, container.WithAutoRemove)
 
 	_, err := client.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
 		RestartPolicy: containertypes.RestartPolicy{
diff --git a/integration/container/wait_test.go b/integration/container/wait_test.go
index 09edcabf1e74d..44e2c8114391e 100644
--- a/integration/container/wait_test.go
+++ b/integration/container/wait_test.go
@@ -6,11 +6,11 @@ import (
 	"time"
 
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestWaitNonBlocked(t *testing.T) {
@@ -39,15 +39,15 @@ func TestWaitNonBlocked(t *testing.T) {
 		t.Run(tc.doc, func(t *testing.T) {
 			t.Parallel()
 			ctx := context.Background()
-			containerID := container.Run(t, ctx, cli, container.WithCmd("sh", "-c", tc.cmd))
+			containerID := container.Run(ctx, t, cli, container.WithCmd("sh", "-c", tc.cmd))
 			poll.WaitOn(t, container.IsInState(ctx, cli, containerID, "exited"), poll.WithTimeout(30*time.Second), poll.WithDelay(100*time.Millisecond))
 
-			waitresC, errC := cli.ContainerWait(ctx, containerID, "")
+			waitResC, errC := cli.ContainerWait(ctx, containerID, "")
 			select {
 			case err := <-errC:
 				assert.NilError(t, err)
-			case waitres := <-waitresC:
-				assert.Check(t, is.Equal(tc.expectedCode, waitres.StatusCode))
+			case waitRes := <-waitResC:
+				assert.Check(t, is.Equal(tc.expectedCode, waitRes.StatusCode))
 			}
 		})
 	}
@@ -81,10 +81,10 @@ func TestWaitBlocked(t *testing.T) {
 		t.Run(tc.doc, func(t *testing.T) {
 			t.Parallel()
 			ctx := context.Background()
-			containerID := container.Run(t, ctx, cli, container.WithCmd("sh", "-c", tc.cmd))
+			containerID := container.Run(ctx, t, cli, container.WithCmd("sh", "-c", tc.cmd))
 			poll.WaitOn(t, container.IsInState(ctx, cli, containerID, "running"), poll.WithTimeout(30*time.Second), poll.WithDelay(100*time.Millisecond))
 
-			waitresC, errC := cli.ContainerWait(ctx, containerID, "")
+			waitResC, errC := cli.ContainerWait(ctx, containerID, "")
 
 			err := cli.ContainerStop(ctx, containerID, nil)
 			assert.NilError(t, err)
@@ -92,8 +92,8 @@ func TestWaitBlocked(t *testing.T) {
 			select {
 			case err := <-errC:
 				assert.NilError(t, err)
-			case waitres := <-waitresC:
-				assert.Check(t, is.Equal(tc.expectedCode, waitres.StatusCode))
+			case waitRes := <-waitResC:
+				assert.Check(t, is.Equal(tc.expectedCode, waitRes.StatusCode))
 			case <-time.After(2 * time.Second):
 				t.Fatal("timeout waiting for `docker wait`")
 			}
diff --git a/integration/daemon/daemon_test.go b/integration/daemon/daemon_test.go
new file mode 100644
index 0000000000000..0c4f80f959ba2
--- /dev/null
+++ b/integration/daemon/daemon_test.go
@@ -0,0 +1,339 @@
+package daemon // import "github.com/docker/docker/integration/daemon"
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"syscall"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/env"
+	"gotest.tools/v3/skip"
+)
+
+func TestConfigDaemonLibtrustID(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows")
+
+	d := daemon.New(t)
+	defer d.Stop(t)
+
+	trustKey := filepath.Join(d.RootDir(), "key.json")
+	err := os.WriteFile(trustKey, []byte(`{"crv":"P-256","d":"dm28PH4Z4EbyUN8L0bPonAciAQa1QJmmyYd876mnypY","kid":"WTJ3:YSIP:CE2E:G6KJ:PSBD:YX2Y:WEYD:M64G:NU2V:XPZV:H2CR:VLUB","kty":"EC","x":"Mh5-JINSjaa_EZdXDttri255Z5fbCEOTQIZjAcScFTk","y":"eUyuAjfxevb07hCCpvi4Zi334Dy4GDWQvEToGEX4exQ"}`), 0644)
+	assert.NilError(t, err)
+
+	config := filepath.Join(d.RootDir(), "daemon.json")
+	err = os.WriteFile(config, []byte(`{"deprecated-key-path": "`+trustKey+`"}`), 0644)
+	assert.NilError(t, err)
+
+	d.Start(t, "--config-file", config)
+	info := d.Info(t)
+	assert.Equal(t, info.ID, "WTJ3:YSIP:CE2E:G6KJ:PSBD:YX2Y:WEYD:M64G:NU2V:XPZV:H2CR:VLUB")
+}
+
+func TestDaemonConfigValidation(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows")
+
+	d := daemon.New(t)
+	dockerBinary, err := d.BinaryPath()
+	assert.NilError(t, err)
+	params := []string{"--validate", "--config-file"}
+
+	dest := os.Getenv("DOCKER_INTEGRATION_DAEMON_DEST")
+	if dest == "" {
+		dest = os.Getenv("DEST")
+	}
+	testdata := filepath.Join(dest, "..", "..", "integration", "daemon", "testdata")
+
+	const (
+		validOut  = "configuration OK"
+		failedOut = "unable to configure the Docker daemon with file"
+	)
+
+	tests := []struct {
+		name        string
+		args        []string
+		expectedOut string
+	}{
+		{
+			name:        "config with no content",
+			args:        append(params, filepath.Join(testdata, "empty-config-1.json")),
+			expectedOut: validOut,
+		},
+		{
+			name:        "config with {}",
+			args:        append(params, filepath.Join(testdata, "empty-config-2.json")),
+			expectedOut: validOut,
+		},
+		{
+			name:        "invalid config",
+			args:        append(params, filepath.Join(testdata, "invalid-config-1.json")),
+			expectedOut: failedOut,
+		},
+		{
+			name:        "malformed config",
+			args:        append(params, filepath.Join(testdata, "malformed-config.json")),
+			expectedOut: failedOut,
+		},
+		{
+			name:        "valid config",
+			args:        append(params, filepath.Join(testdata, "valid-config-1.json")),
+			expectedOut: validOut,
+		},
+	}
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			cmd := exec.Command(dockerBinary, tc.args...)
+			out, err := cmd.CombinedOutput()
+			assert.Check(t, is.Contains(string(out), tc.expectedOut))
+			if tc.expectedOut == failedOut {
+				assert.ErrorContains(t, err, "", "expected an error, but got none")
+			} else {
+				assert.NilError(t, err)
+			}
+		})
+	}
+}
+
+func TestConfigDaemonSeccompProfiles(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows")
+
+	d := daemon.New(t)
+	defer d.Stop(t)
+
+	tests := []struct {
+		doc             string
+		profile         string
+		expectedProfile string
+	}{
+		{
+			doc:             "empty profile set",
+			profile:         "",
+			expectedProfile: config.SeccompProfileDefault,
+		},
+		{
+			doc:             "default profile",
+			profile:         config.SeccompProfileDefault,
+			expectedProfile: config.SeccompProfileDefault,
+		},
+		{
+			doc:             "unconfined profile",
+			profile:         config.SeccompProfileUnconfined,
+			expectedProfile: config.SeccompProfileUnconfined,
+		},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.doc, func(t *testing.T) {
+			d.Start(t, "--seccomp-profile="+tc.profile)
+			info := d.Info(t)
+			assert.Assert(t, is.Contains(info.SecurityOptions, "name=seccomp,profile="+tc.expectedProfile))
+			d.Stop(t)
+
+			cfg := filepath.Join(d.RootDir(), "daemon.json")
+			err := os.WriteFile(cfg, []byte(`{"seccomp-profile": "`+tc.profile+`"}`), 0644)
+			assert.NilError(t, err)
+
+			d.Start(t, "--config-file", cfg)
+			info = d.Info(t)
+			assert.Assert(t, is.Contains(info.SecurityOptions, "name=seccomp,profile="+tc.expectedProfile))
+			d.Stop(t)
+		})
+	}
+}
+
+func TestDaemonProxy(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "cannot start multiple daemons on windows")
+	skip.If(t, os.Getenv("DOCKER_ROOTLESS") != "", "cannot connect to localhost proxy in rootless environment")
+
+	var received string
+	proxyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		received = r.Host
+		w.Header().Set("Content-Type", "application/json")
+		_, _ = w.Write([]byte("OK"))
+	}))
+	defer proxyServer.Close()
+
+	const userPass = "myuser:mypassword@"
+
+	// Configure proxy through env-vars
+	t.Run("environment variables", func(t *testing.T) {
+		defer env.Patch(t, "HTTP_PROXY", proxyServer.URL)()
+		defer env.Patch(t, "HTTPS_PROXY", proxyServer.URL)()
+		defer env.Patch(t, "NO_PROXY", "example.com")()
+
+		d := daemon.New(t)
+		c := d.NewClientT(t)
+		defer func() { _ = c.Close() }()
+		ctx := context.Background()
+		d.Start(t)
+
+		_, err := c.ImagePull(ctx, "example.org:5000/some/image:latest", types.ImagePullOptions{})
+		assert.ErrorContains(t, err, "", "pulling should have failed")
+		assert.Equal(t, received, "example.org:5000")
+
+		// Test NoProxy: example.com should not hit the proxy, and "received" variable should not be changed.
+		_, err = c.ImagePull(ctx, "example.com/some/image:latest", types.ImagePullOptions{})
+		assert.ErrorContains(t, err, "", "pulling should have failed")
+		assert.Equal(t, received, "example.org:5000", "should not have used proxy")
+
+		info := d.Info(t)
+		assert.Equal(t, info.HTTPProxy, proxyServer.URL)
+		assert.Equal(t, info.HTTPSProxy, proxyServer.URL)
+		assert.Equal(t, info.NoProxy, "example.com")
+		d.Stop(t)
+	})
+
+	// Configure proxy through command-line flags
+	t.Run("command-line options", func(t *testing.T) {
+		defer env.Patch(t, "HTTP_PROXY", "http://"+userPass+"from-env-http.invalid")()
+		defer env.Patch(t, "http_proxy", "http://"+userPass+"from-env-http.invalid")()
+		defer env.Patch(t, "HTTPS_PROXY", "https://"+userPass+"myuser:mypassword@from-env-https.invalid")()
+		defer env.Patch(t, "https_proxy", "https://"+userPass+"myuser:mypassword@from-env-https.invalid")()
+		defer env.Patch(t, "NO_PROXY", "ignore.invalid")()
+		defer env.Patch(t, "no_proxy", "ignore.invalid")()
+
+		d := daemon.New(t)
+		d.Start(t, "--http-proxy", proxyServer.URL, "--https-proxy", proxyServer.URL, "--no-proxy", "example.com")
+
+		logs, err := d.ReadLogFile()
+		assert.NilError(t, err)
+		assert.Assert(t, is.Contains(string(logs), "overriding existing proxy variable with value from configuration"))
+		for _, v := range []string{"http_proxy", "HTTP_PROXY", "https_proxy", "HTTPS_PROXY", "no_proxy", "NO_PROXY"} {
+			assert.Assert(t, is.Contains(string(logs), "name="+v))
+			assert.Assert(t, !strings.Contains(string(logs), userPass), "logs should not contain the non-sanitized proxy URL: %s", string(logs))
+		}
+
+		c := d.NewClientT(t)
+		defer func() { _ = c.Close() }()
+		ctx := context.Background()
+
+		_, err = c.ImagePull(ctx, "example.org:5001/some/image:latest", types.ImagePullOptions{})
+		assert.ErrorContains(t, err, "", "pulling should have failed")
+		assert.Equal(t, received, "example.org:5001")
+
+		// Test NoProxy: example.com should not hit the proxy, and "received" variable should not be changed.
+		_, err = c.ImagePull(ctx, "example.com/some/image:latest", types.ImagePullOptions{})
+		assert.ErrorContains(t, err, "", "pulling should have failed")
+		assert.Equal(t, received, "example.org:5001", "should not have used proxy")
+
+		info := d.Info(t)
+		assert.Equal(t, info.HTTPProxy, proxyServer.URL)
+		assert.Equal(t, info.HTTPSProxy, proxyServer.URL)
+		assert.Equal(t, info.NoProxy, "example.com")
+
+		d.Stop(t)
+	})
+
+	// Configure proxy through configuration file
+	t.Run("configuration file", func(t *testing.T) {
+		defer env.Patch(t, "HTTP_PROXY", "http://"+userPass+"from-env-http.invalid")()
+		defer env.Patch(t, "http_proxy", "http://"+userPass+"from-env-http.invalid")()
+		defer env.Patch(t, "HTTPS_PROXY", "https://"+userPass+"myuser:mypassword@from-env-https.invalid")()
+		defer env.Patch(t, "https_proxy", "https://"+userPass+"myuser:mypassword@from-env-https.invalid")()
+		defer env.Patch(t, "NO_PROXY", "ignore.invalid")()
+		defer env.Patch(t, "no_proxy", "ignore.invalid")()
+
+		d := daemon.New(t)
+		c := d.NewClientT(t)
+		defer func() { _ = c.Close() }()
+		ctx := context.Background()
+
+		configFile := filepath.Join(d.RootDir(), "daemon.json")
+		configJSON := fmt.Sprintf(`{"http-proxy":%[1]q, "https-proxy": %[1]q, "no-proxy": "example.com"}`, proxyServer.URL)
+		assert.NilError(t, os.WriteFile(configFile, []byte(configJSON), 0644))
+
+		d.Start(t, "--config-file", configFile)
+
+		logs, err := d.ReadLogFile()
+		assert.NilError(t, err)
+		assert.Assert(t, is.Contains(string(logs), "overriding existing proxy variable with value from configuration"))
+		for _, v := range []string{"http_proxy", "HTTP_PROXY", "https_proxy", "HTTPS_PROXY", "no_proxy", "NO_PROXY"} {
+			assert.Assert(t, is.Contains(string(logs), "name="+v))
+			assert.Assert(t, !strings.Contains(string(logs), userPass), "logs should not contain the non-sanitized proxy URL: %s", string(logs))
+		}
+
+		_, err = c.ImagePull(ctx, "example.org:5002/some/image:latest", types.ImagePullOptions{})
+		assert.ErrorContains(t, err, "", "pulling should have failed")
+		assert.Equal(t, received, "example.org:5002")
+
+		// Test NoProxy: example.com should not hit the proxy, and "received" variable should not be changed.
+		_, err = c.ImagePull(ctx, "example.com/some/image:latest", types.ImagePullOptions{})
+		assert.ErrorContains(t, err, "", "pulling should have failed")
+		assert.Equal(t, received, "example.org:5002", "should not have used proxy")
+
+		info := d.Info(t)
+		assert.Equal(t, info.HTTPProxy, proxyServer.URL)
+		assert.Equal(t, info.HTTPSProxy, proxyServer.URL)
+		assert.Equal(t, info.NoProxy, "example.com")
+
+		d.Stop(t)
+	})
+
+	// Conflicting options (passed both through command-line options and config file)
+	t.Run("conflicting options", func(t *testing.T) {
+		const (
+			proxyRawURL = "https://" + userPass + "example.org"
+			proxyURL    = "https://xxxxx:xxxxx@example.org"
+		)
+
+		d := daemon.New(t)
+
+		configFile := filepath.Join(d.RootDir(), "daemon.json")
+		configJSON := fmt.Sprintf(`{"http-proxy":%[1]q, "https-proxy": %[1]q, "no-proxy": "example.com"}`, proxyRawURL)
+		assert.NilError(t, os.WriteFile(configFile, []byte(configJSON), 0644))
+
+		err := d.StartWithError("--http-proxy", proxyRawURL, "--https-proxy", proxyRawURL, "--no-proxy", "example.com", "--config-file", configFile, "--validate")
+		assert.ErrorContains(t, err, "daemon exited during startup")
+		logs, err := d.ReadLogFile()
+		assert.NilError(t, err)
+		expected := fmt.Sprintf(
+			`the following directives are specified both as a flag and in the configuration file: http-proxy: (from flag: %[1]s, from file: %[1]s), https-proxy: (from flag: %[1]s, from file: %[1]s), no-proxy: (from flag: example.com, from file: example.com)`,
+			proxyURL,
+		)
+		assert.Assert(t, is.Contains(string(logs), expected))
+	})
+
+	// Make sure values are sanitized when reloading the daemon-config
+	t.Run("reload sanitized", func(t *testing.T) {
+		const (
+			proxyRawURL = "https://" + userPass + "example.org"
+			proxyURL    = "https://xxxxx:xxxxx@example.org"
+		)
+
+		d := daemon.New(t)
+		d.Start(t, "--http-proxy", proxyRawURL, "--https-proxy", proxyRawURL, "--no-proxy", "example.com")
+		defer d.Stop(t)
+		err := d.Signal(syscall.SIGHUP)
+		assert.NilError(t, err)
+
+		logs, err := d.ReadLogFile()
+		assert.NilError(t, err)
+
+		// FIXME: there appears to ba a race condition, which causes ReadLogFile
+		//        to not contain the full logs after signaling the daemon to reload,
+		//        causing the test to fail here. As a workaround, check if we
+		//        received the "reloaded" message after signaling, and only then
+		//        check that it's sanitized properly. For more details on this
+		//        issue, see https://github.com/moby/moby/pull/42835/files#r713120315
+		if !strings.Contains(string(logs), "Reloaded configuration:") {
+			t.Skip("Skipping test, because we did not find 'Reloaded configuration' in the logs")
+		}
+
+		assert.Assert(t, is.Contains(string(logs), proxyURL))
+		assert.Assert(t, !strings.Contains(string(logs), userPass), "logs should not contain the non-sanitized proxy URL: %s", string(logs))
+	})
+}
diff --git a/integration/daemon/main_test.go b/integration/daemon/main_test.go
new file mode 100644
index 0000000000000..74a342e298243
--- /dev/null
+++ b/integration/daemon/main_test.go
@@ -0,0 +1,10 @@
+package daemon // import "github.com/docker/docker/integration/daemon"
+
+import (
+	"os"
+	"testing"
+)
+
+func TestMain(m *testing.M) {
+	os.Exit(m.Run())
+}
diff --git a/integration/daemon/testdata/empty-config-1.json b/integration/daemon/testdata/empty-config-1.json
new file mode 100644
index 0000000000000..8b137891791fe
--- /dev/null
+++ b/integration/daemon/testdata/empty-config-1.json
@@ -0,0 +1 @@
+
diff --git a/integration/daemon/testdata/empty-config-2.json b/integration/daemon/testdata/empty-config-2.json
new file mode 100644
index 0000000000000..0967ef424bce6
--- /dev/null
+++ b/integration/daemon/testdata/empty-config-2.json
@@ -0,0 +1 @@
+{}
diff --git a/integration/daemon/testdata/invalid-config-1.json b/integration/daemon/testdata/invalid-config-1.json
new file mode 100644
index 0000000000000..f3c7781e52f34
--- /dev/null
+++ b/integration/daemon/testdata/invalid-config-1.json
@@ -0,0 +1 @@
+{"unknown-option": true}
diff --git a/integration/daemon/testdata/malformed-config.json b/integration/daemon/testdata/malformed-config.json
new file mode 100644
index 0000000000000..98232c64fce93
--- /dev/null
+++ b/integration/daemon/testdata/malformed-config.json
@@ -0,0 +1 @@
+{
diff --git a/integration/daemon/testdata/valid-config-1.json b/integration/daemon/testdata/valid-config-1.json
new file mode 100644
index 0000000000000..b1608d8f8af6f
--- /dev/null
+++ b/integration/daemon/testdata/valid-config-1.json
@@ -0,0 +1 @@
+{"debug": true}
diff --git a/integration/distribution/inspect_test.go.temp b/integration/distribution/inspect_test.go.temp
new file mode 100644
index 0000000000000..5a821f6415648
--- /dev/null
+++ b/integration/distribution/inspect_test.go.temp
@@ -0,0 +1,24 @@
+package distribution
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/v3/assert"
+)
+
+// tagging a named image in a new unprefixed repo should work
+func TestUnknownManifest(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	// By name
+	insp, err := client.DistributionInspect(ctx, "nosuchimage:latest", "")
+	assert.NilError(t, err)
+	assert.Equal(t, insp.Descriptor, nil)
+
+	//err = client.ImageTag(ctx, insp.ID, "testfoobarbaz")
+	//assert.NilError(t, err)
+}
diff --git a/integration/distribution/main_test.go.temp b/integration/distribution/main_test.go.temp
new file mode 100644
index 0000000000000..bd75788087687
--- /dev/null
+++ b/integration/distribution/main_test.go.temp
@@ -0,0 +1,33 @@
+package distribution // import "github.com/docker/docker/integration/distribution"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/integration/image/commit_test.go b/integration/image/commit_test.go
index ad3f89ec79fc8..813af90aa2095 100644
--- a/integration/image/commit_test.go
+++ b/integration/image/commit_test.go
@@ -2,29 +2,30 @@ package image // import "github.com/docker/docker/integration/image"
 
 import (
 	"context"
+	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestCommitInheritsEnv(t *testing.T) {
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.36"), "broken in earlier versions")
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	cID1 := container.Create(t, ctx, client)
+	cID1 := container.Create(ctx, t, client)
+	imgName := strings.ToLower(t.Name())
 
 	commitResp1, err := client.ContainerCommit(ctx, cID1, types.ContainerCommitOptions{
 		Changes:   []string{"ENV PATH=/bin"},
-		Reference: "test-commit-image",
+		Reference: imgName,
 	})
 	assert.NilError(t, err)
 
@@ -34,11 +35,11 @@ func TestCommitInheritsEnv(t *testing.T) {
 	expectedEnv1 := []string{"PATH=/bin"}
 	assert.Check(t, is.DeepEqual(expectedEnv1, image1.Config.Env))
 
-	cID2 := container.Create(t, ctx, client, container.WithImage(image1.ID))
+	cID2 := container.Create(ctx, t, client, container.WithImage(image1.ID))
 
 	commitResp2, err := client.ContainerCommit(ctx, cID2, types.ContainerCommitOptions{
 		Changes:   []string{"ENV PATH=/usr/bin:$PATH"},
-		Reference: "test-commit-image",
+		Reference: imgName,
 	})
 	assert.NilError(t, err)
 
diff --git a/integration/image/import_test.go b/integration/image/import_test.go
index 2e2fdf7192982..2880df8d324ac 100644
--- a/integration/image/import_test.go
+++ b/integration/image/import_test.go
@@ -6,20 +6,29 @@ import (
 	"context"
 	"io"
 	"runtime"
+	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/docker/docker/internal/testutil"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 // Ensure we don't regress on CVE-2017-14992.
 func TestImportExtremelyLargeImageWorks(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
 	skip.If(t, runtime.GOARCH == "arm64", "effective test will be time out")
 	skip.If(t, testEnv.OSType == "windows", "TODO enable on windows")
+	t.Parallel()
 
-	client := request.NewAPIClient(t)
+	// Spin up a new daemon, so that we can run this test in parallel (it's a slow test)
+	d := daemon.New(t)
+	d.Start(t)
+	defer d.Stop(t)
+
+	client := d.NewClientT(t)
 
 	// Construct an empty tar archive with about 8GB of junk padding at the
 	// end. This should not cause any crashes (the padding should be mostly
@@ -27,16 +36,14 @@ func TestImportExtremelyLargeImageWorks(t *testing.T) {
 	var tarBuffer bytes.Buffer
 
 	tw := tar.NewWriter(&tarBuffer)
-	if err := tw.Close(); err != nil {
-		t.Fatal(err)
-	}
+	err := tw.Close()
+	assert.NilError(t, err)
 	imageRdr := io.MultiReader(&tarBuffer, io.LimitReader(testutil.DevZero, 8*1024*1024*1024))
+	reference := strings.ToLower(t.Name()) + ":v42"
 
-	_, err := client.ImageImport(context.Background(),
+	_, err = client.ImageImport(context.Background(),
 		types.ImageImportSource{Source: imageRdr, SourceName: "-"},
-		"test1234:v42",
+		reference,
 		types.ImageImportOptions{})
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 }
diff --git a/integration/image/list_test.go b/integration/image/list_test.go
new file mode 100644
index 0000000000000..68dd8d6741baa
--- /dev/null
+++ b/integration/image/list_test.go
@@ -0,0 +1,53 @@
+package image // import "github.com/docker/docker/integration/image"
+
+import (
+	"context"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/versions"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
+)
+
+// Regression : #38171
+func TestImagesFilterMultiReference(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "broken in earlier versions")
+	defer setupTest(t)()
+	client := testEnv.APIClient()
+	ctx := context.Background()
+
+	name := strings.ToLower(t.Name())
+	repoTags := []string{
+		name + ":v1",
+		name + ":v2",
+		name + ":v3",
+		name + ":v4",
+	}
+
+	for _, repoTag := range repoTags {
+		err := client.ImageTag(ctx, "busybox:latest", repoTag)
+		assert.NilError(t, err)
+	}
+
+	filter := filters.NewArgs()
+	filter.Add("reference", repoTags[0])
+	filter.Add("reference", repoTags[1])
+	filter.Add("reference", repoTags[2])
+	options := types.ImageListOptions{
+		All:     false,
+		Filters: filter,
+	}
+	images, err := client.ImageList(ctx, options)
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Equal(len(images[0].RepoTags), 3))
+	for _, repoTag := range images[0].RepoTags {
+		if repoTag != repoTags[0] && repoTag != repoTags[1] && repoTag != repoTags[2] {
+			t.Errorf("list images doesn't match any repoTag we expected, repoTag: %s", repoTag)
+		}
+	}
+}
diff --git a/integration/image/main_test.go b/integration/image/main_test.go
index 1b4270dfc64b7..893e2fdf5dca9 100644
--- a/integration/image/main_test.go
+++ b/integration/image/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/image/pull_test.go b/integration/image/pull_test.go
new file mode 100644
index 0000000000000..15db3295d8f85
--- /dev/null
+++ b/integration/image/pull_test.go
@@ -0,0 +1,24 @@
+package image
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
+)
+
+func TestImagePullPlatformInvalid(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "experimental in older versions")
+	defer setupTest(t)()
+	client := testEnv.APIClient()
+	ctx := context.Background()
+
+	_, err := client.ImagePull(ctx, "docker.io/library/hello-world:latest", types.ImagePullOptions{Platform: "foobar"})
+	assert.Assert(t, err != nil)
+	assert.ErrorContains(t, err, "unknown operating system or architecture")
+	assert.Assert(t, errdefs.IsInvalidParameter(err))
+}
diff --git a/integration/image/remove_test.go b/integration/image/remove_test.go
index 76d73a7135264..11d8141da38ac 100644
--- a/integration/image/remove_test.go
+++ b/integration/image/remove_test.go
@@ -2,52 +2,50 @@ package image // import "github.com/docker/docker/integration/image"
 
 import (
 	"context"
+	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestRemoveImageOrphaning(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
-	img := "test-container-orphaning"
+	imgName := strings.ToLower(t.Name())
 
 	// Create a container from busybox, and commit a small change so we have a new image
-	cID1 := container.Create(t, ctx, client, container.WithCmd(""))
+	cID1 := container.Create(ctx, t, client, container.WithCmd(""))
 	commitResp1, err := client.ContainerCommit(ctx, cID1, types.ContainerCommitOptions{
 		Changes:   []string{`ENTRYPOINT ["true"]`},
-		Reference: img,
+		Reference: imgName,
 	})
 	assert.NilError(t, err)
 
 	// verifies that reference now points to first image
-	resp, _, err := client.ImageInspectWithRaw(ctx, img)
+	resp, _, err := client.ImageInspectWithRaw(ctx, imgName)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(resp.ID, commitResp1.ID))
 
 	// Create a container from created image, and commit a small change with same reference name
-	cID2 := container.Create(t, ctx, client, container.WithImage(img), container.WithCmd(""))
+	cID2 := container.Create(ctx, t, client, container.WithImage(imgName), container.WithCmd(""))
 	commitResp2, err := client.ContainerCommit(ctx, cID2, types.ContainerCommitOptions{
 		Changes:   []string{`LABEL Maintainer="Integration Tests"`},
-		Reference: img,
+		Reference: imgName,
 	})
 	assert.NilError(t, err)
 
 	// verifies that reference now points to second image
-	resp, _, err = client.ImageInspectWithRaw(ctx, img)
+	resp, _, err = client.ImageInspectWithRaw(ctx, imgName)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(resp.ID, commitResp2.ID))
 
 	// try to remove the image, should not error out.
-	_, err = client.ImageRemove(ctx, img, types.ImageRemoveOptions{})
+	_, err = client.ImageRemove(ctx, imgName, types.ImageRemoveOptions{})
 	assert.NilError(t, err)
 
 	// check if the first image is still there
diff --git a/integration/image/remove_unix_test.go b/integration/image/remove_unix_test.go
new file mode 100644
index 0000000000000..65fffe2c29443
--- /dev/null
+++ b/integration/image/remove_unix_test.go
@@ -0,0 +1,119 @@
+//go:build !windows
+// +build !windows
+
+package image // import "github.com/docker/docker/integration/image"
+
+import (
+	"context"
+	"io"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"strings"
+	"syscall"
+	"testing"
+	"unsafe"
+
+	"github.com/docker/docker/api/types"
+	_ "github.com/docker/docker/daemon/graphdriver/register" // register graph drivers
+	"github.com/docker/docker/daemon/images"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/fakecontext"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
+)
+
+// This is a regression test for #38488
+// It ensures that orphan layers can be found and cleaned up
+// after unsuccessful image removal
+func TestRemoveImageGarbageCollector(t *testing.T) {
+	// This test uses very platform specific way to prevent
+	// daemon for remove image layer.
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support overlay2 on most distros")
+
+	// Create daemon with overlay2 graphdriver because vfs uses disk differently
+	// and this test case would not work with it.
+	d := daemon.New(t, daemon.WithStorageDriver("overlay2"))
+	d.Start(t)
+	defer d.Stop(t)
+
+	ctx := context.Background()
+	client := d.NewClientT(t)
+
+	layerStore, _ := layer.NewStoreFromOptions(layer.StoreOptions{
+		Root:                      d.Root,
+		MetadataStorePathTemplate: filepath.Join(d.RootDir(), "image", "%s", "layerdb"),
+		GraphDriver:               d.StorageDriver(),
+		GraphDriverOptions:        nil,
+		IDMapping:                 &idtools.IdentityMapping{},
+		PluginGetter:              nil,
+		ExperimentalEnabled:       false,
+		OS:                        runtime.GOOS,
+	})
+	i := images.NewImageService(images.ImageServiceConfig{
+		LayerStore: layerStore,
+	})
+
+	img := "test-garbage-collector"
+
+	// Build a image with multiple layers
+	dockerfile := `FROM busybox
+	RUN echo echo Running... > /run.sh`
+	source := fakecontext.New(t, "", fakecontext.WithDockerfile(dockerfile))
+	defer source.Close()
+	resp, err := client.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+			Tags:        []string{img},
+		})
+	assert.NilError(t, err)
+	_, err = io.Copy(io.Discard, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+	image, _, err := client.ImageInspectWithRaw(ctx, img)
+	assert.NilError(t, err)
+
+	// Mark latest image layer to immutable
+	data := image.GraphDriver.Data
+	file, _ := os.Open(data["UpperDir"])
+	attr := 0x00000010
+	fsflags := uintptr(0x40086602)
+	argp := uintptr(unsafe.Pointer(&attr))
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), fsflags, argp)
+	assert.Equal(t, "errno 0", errno.Error())
+
+	// Try to remove the image, it should generate error
+	// but marking layer back to mutable before checking errors (so we don't break CI server)
+	_, err = client.ImageRemove(ctx, img, types.ImageRemoveOptions{})
+	attr = 0x00000000
+	argp = uintptr(unsafe.Pointer(&attr))
+	_, _, errno = syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), fsflags, argp)
+	assert.Equal(t, "errno 0", errno.Error())
+	assert.Assert(t, err != nil)
+	errStr := err.Error()
+	if !(strings.Contains(errStr, "permission denied") || strings.Contains(errStr, "operation not permitted")) {
+		t.Errorf("ImageRemove error not an permission error %s", errStr)
+	}
+
+	// Verify that layer remaining on disk
+	dir, _ := os.Stat(data["UpperDir"])
+	assert.Equal(t, "true", strconv.FormatBool(dir.IsDir()))
+
+	// Run imageService.Cleanup() and make sure that layer was removed from disk
+	i.Cleanup()
+	_, err = os.Stat(data["UpperDir"])
+	assert.Assert(t, os.IsNotExist(err))
+
+	// Make sure that removal pending layers does not exist on layerdb either
+	layerdbItems, _ := os.ReadDir(filepath.Join(d.RootDir(), "/image/overlay2/layerdb/sha256"))
+	for _, folder := range layerdbItems {
+		assert.Equal(t, false, strings.HasSuffix(folder.Name(), "-removing"))
+	}
+}
diff --git a/integration/image/tag_test.go b/integration/image/tag_test.go
index f3eb9eb7dfff9..a6b44d67e048f 100644
--- a/integration/image/tag_test.go
+++ b/integration/image/tag_test.go
@@ -5,17 +5,15 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/docker/docker/internal/test/request"
-	"github.com/docker/docker/internal/testutil"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // tagging a named image in a new unprefixed repo should work
 func TestTagUnprefixedRepoByNameOrName(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	// By name
@@ -33,7 +31,7 @@ func TestTagUnprefixedRepoByNameOrName(t *testing.T) {
 // TODO (yongtang): Migrate to unit tests
 func TestTagInvalidReference(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	invalidRepos := []string{"fo$z$", "Foo@3cc", "Foo$3", "Foo*3", "Fo^3", "Foo!3", "F)xcz(", "fo%asd", "FOO/bar"}
@@ -72,7 +70,7 @@ func TestTagInvalidReference(t *testing.T) {
 // ensure we allow the use of valid tags
 func TestTagValidPrefixedRepo(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	validRepos := []string{"fooo/bar", "fooaa/test", "foooo:t", "HOSTNAME.DOMAIN.COM:443/foo/bar"}
@@ -86,7 +84,7 @@ func TestTagValidPrefixedRepo(t *testing.T) {
 // tag an image with an existed tag name without -f option should work
 func TestTagExistedNameWithoutForce(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	err := client.ImageTag(ctx, "busybox:latest", "busybox:test")
@@ -96,9 +94,8 @@ func TestTagExistedNameWithoutForce(t *testing.T) {
 // ensure tagging using official names works
 // ensure all tags result in the same name
 func TestTagOfficialNames(t *testing.T) {
-	skip.If(t, testEnv.OSType == "windows")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	names := []string{
@@ -128,7 +125,7 @@ func TestTagOfficialNames(t *testing.T) {
 // ensure tags can not match digests
 func TestTagMatchesDigest(t *testing.T) {
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	digest := "busybox@sha256:abcdef76720241213f5303bda7704ec4c2ef75613173910a56fb1b6e20251507"
diff --git a/integration/internal/container/container.go b/integration/internal/container/container.go
index 20ad774242199..d082c6000b469 100644
--- a/integration/internal/container/container.go
+++ b/integration/internal/container/container.go
@@ -2,13 +2,15 @@ package container
 
 import (
 	"context"
+	"runtime"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
-	"gotest.tools/assert"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
 )
 
 // TestContainerConfig holds container configuration struct that
@@ -18,16 +20,20 @@ type TestContainerConfig struct {
 	Config           *container.Config
 	HostConfig       *container.HostConfig
 	NetworkingConfig *network.NetworkingConfig
+	Platform         *specs.Platform
 }
 
-// Create creates a container with the specified options
-// nolint: golint
-func Create(t *testing.T, ctx context.Context, client client.APIClient, ops ...func(*TestContainerConfig)) string { // nolint: golint
+// create creates a container with the specified options
+func create(ctx context.Context, t *testing.T, client client.APIClient, ops ...func(*TestContainerConfig)) (container.ContainerCreateCreatedBody, error) {
 	t.Helper()
+	cmd := []string{"top"}
+	if runtime.GOOS == "windows" {
+		cmd = []string{"sleep", "240"}
+	}
 	config := &TestContainerConfig{
 		Config: &container.Config{
 			Image: "busybox",
-			Cmd:   []string{"top"},
+			Cmd:   cmd,
 		},
 		HostConfig:       &container.HostConfig{},
 		NetworkingConfig: &network.NetworkingConfig{},
@@ -37,17 +43,27 @@ func Create(t *testing.T, ctx context.Context, client client.APIClient, ops ...f
 		op(config)
 	}
 
-	c, err := client.ContainerCreate(ctx, config.Config, config.HostConfig, config.NetworkingConfig, config.Name)
+	return client.ContainerCreate(ctx, config.Config, config.HostConfig, config.NetworkingConfig, config.Platform, config.Name)
+}
+
+// Create creates a container with the specified options, asserting that there was no error
+func Create(ctx context.Context, t *testing.T, client client.APIClient, ops ...func(*TestContainerConfig)) string {
+	c, err := create(ctx, t, client, ops...)
 	assert.NilError(t, err)
 
 	return c.ID
 }
 
+// CreateExpectingErr creates a container, expecting an error with the specified message
+func CreateExpectingErr(ctx context.Context, t *testing.T, client client.APIClient, errMsg string, ops ...func(*TestContainerConfig)) {
+	_, err := create(ctx, t, client, ops...)
+	assert.ErrorContains(t, err, errMsg)
+}
+
 // Run creates and start a container with the specified options
-// nolint: golint
-func Run(t *testing.T, ctx context.Context, client client.APIClient, ops ...func(*TestContainerConfig)) string { // nolint: golint
+func Run(ctx context.Context, t *testing.T, client client.APIClient, ops ...func(*TestContainerConfig)) string {
 	t.Helper()
-	id := Create(t, ctx, client, ops...)
+	id := Create(ctx, t, client, ops...)
 
 	err := client.ContainerStart(ctx, id, types.ContainerStartOptions{})
 	assert.NilError(t, err)
diff --git a/integration/internal/container/exec.go b/integration/internal/container/exec.go
index 55ad23aeb5735..dfd46a2436b9d 100644
--- a/integration/internal/container/exec.go
+++ b/integration/internal/container/exec.go
@@ -57,7 +57,7 @@ func Exec(ctx context.Context, cli client.APIClient, id string, cmd []string) (E
 
 	// read the output
 	var outBuf, errBuf bytes.Buffer
-	outputDone := make(chan error)
+	outputDone := make(chan error, 1)
 
 	go func() {
 		// StdCopy demultiplexes the stream into two buffers
diff --git a/integration/internal/container/ns.go b/integration/internal/container/ns.go
new file mode 100644
index 0000000000000..bda06dd74c6f0
--- /dev/null
+++ b/integration/internal/container/ns.go
@@ -0,0 +1,21 @@
+package container
+
+import (
+	"context"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/client"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+// GetContainerNS gets the value of the specified namespace of a container
+func GetContainerNS(ctx context.Context, t *testing.T, client client.APIClient, cID, nsName string) string {
+	t.Helper()
+	res, err := Exec(ctx, client, cID, []string{"readlink", "/proc/self/ns/" + nsName})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	return strings.TrimSpace(res.Stdout())
+}
diff --git a/integration/internal/container/ops.go b/integration/internal/container/ops.go
index df5598b62fb91..dae5a2a51269e 100644
--- a/integration/internal/container/ops.go
+++ b/integration/internal/container/ops.go
@@ -2,11 +2,14 @@ package container
 
 import (
 	"fmt"
+	"strings"
 
 	containertypes "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/go-connections/nat"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // WithName sets the name of the container
@@ -68,13 +71,20 @@ func WithWorkingDir(dir string) func(*TestContainerConfig) {
 	}
 }
 
+// WithMount adds an mount
+func WithMount(m mounttypes.Mount) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.HostConfig.Mounts = append(c.HostConfig.Mounts, m)
+	}
+}
+
 // WithVolume sets the volume of the container
-func WithVolume(name string) func(*TestContainerConfig) {
+func WithVolume(target string) func(*TestContainerConfig) {
 	return func(c *TestContainerConfig) {
 		if c.Config.Volumes == nil {
 			c.Config.Volumes = map[string]struct{}{}
 		}
-		c.Config.Volumes[name] = struct{}{}
+		c.Config.Volumes[target] = struct{}{}
 	}
 }
 
@@ -85,6 +95,22 @@ func WithBind(src, target string) func(*TestContainerConfig) {
 	}
 }
 
+// WithTmpfs sets a target path in the container to a tmpfs
+func WithTmpfs(target string) func(config *TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		if c.HostConfig.Tmpfs == nil {
+			c.HostConfig.Tmpfs = make(map[string]string)
+		}
+
+		spec := strings.SplitN(target, ":", 2)
+		var opts string
+		if len(spec) > 1 {
+			opts = spec[1]
+		}
+		c.HostConfig.Tmpfs[spec[0]] = opts
+	}
+}
+
 // WithIPv4 sets the specified ip for the specified network of the container
 func WithIPv4(network, ip string) func(*TestContainerConfig) {
 	return func(c *TestContainerConfig) {
@@ -120,17 +146,70 @@ func WithIPv6(network, ip string) func(*TestContainerConfig) {
 // WithLogDriver sets the log driver to use for the container
 func WithLogDriver(driver string) func(*TestContainerConfig) {
 	return func(c *TestContainerConfig) {
-		if c.HostConfig == nil {
-			c.HostConfig = &containertypes.HostConfig{}
-		}
 		c.HostConfig.LogConfig.Type = driver
 	}
 }
 
 // WithAutoRemove sets the container to be removed on exit
 func WithAutoRemove(c *TestContainerConfig) {
-	if c.HostConfig == nil {
-		c.HostConfig = &containertypes.HostConfig{}
-	}
 	c.HostConfig.AutoRemove = true
 }
+
+// WithPidsLimit sets the container's "pids-limit
+func WithPidsLimit(limit *int64) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		if c.HostConfig == nil {
+			c.HostConfig = &containertypes.HostConfig{}
+		}
+		c.HostConfig.PidsLimit = limit
+	}
+}
+
+// WithRestartPolicy sets container's restart policy
+func WithRestartPolicy(policy string) func(c *TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.HostConfig.RestartPolicy.Name = policy
+	}
+}
+
+// WithUser sets the user
+func WithUser(user string) func(c *TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Config.User = user
+	}
+}
+
+// WithPrivileged sets privileged mode for the container
+func WithPrivileged(privileged bool) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		if c.HostConfig == nil {
+			c.HostConfig = &containertypes.HostConfig{}
+		}
+		c.HostConfig.Privileged = privileged
+	}
+}
+
+// WithCgroupnsMode sets the cgroup namespace mode for the container
+func WithCgroupnsMode(mode string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		if c.HostConfig == nil {
+			c.HostConfig = &containertypes.HostConfig{}
+		}
+		c.HostConfig.CgroupnsMode = containertypes.CgroupnsMode(mode)
+	}
+}
+
+// WithExtraHost sets the user defined IP:Host mappings in the container's
+// /etc/hosts file
+func WithExtraHost(extraHost string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.HostConfig.ExtraHosts = append(c.HostConfig.ExtraHosts, extraHost)
+	}
+}
+
+// WithPlatform specifies the desired platform the image should have.
+func WithPlatform(p *specs.Platform) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Platform = p
+	}
+}
diff --git a/integration/internal/container/states.go b/integration/internal/container/states.go
index 088407deb84eb..fea8e3f598ea8 100644
--- a/integration/internal/container/states.go
+++ b/integration/internal/container/states.go
@@ -5,7 +5,8 @@ import (
 	"strings"
 
 	"github.com/docker/docker/client"
-	"gotest.tools/poll"
+	"github.com/pkg/errors"
+	"gotest.tools/v3/poll"
 )
 
 // IsStopped verifies the container is in stopped state.
@@ -39,3 +40,20 @@ func IsInState(ctx context.Context, client client.APIClient, containerID string,
 		return poll.Continue("waiting for container to be one of (%s), currently %s", strings.Join(state, ", "), inspect.State.Status)
 	}
 }
+
+// IsSuccessful verifies state.Status == "exited" && state.ExitCode == 0
+func IsSuccessful(ctx context.Context, client client.APIClient, containerID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		inspect, err := client.ContainerInspect(ctx, containerID)
+		if err != nil {
+			return poll.Error(err)
+		}
+		if inspect.State.Status == "exited" {
+			if inspect.State.ExitCode == 0 {
+				return poll.Success()
+			}
+			return poll.Error(errors.Errorf("expected exit code 0, got %d", inspect.State.ExitCode))
+		}
+		return poll.Continue("waiting for container to be \"exited\", currently %s", inspect.State.Status)
+	}
+}
diff --git a/integration/internal/network/network.go b/integration/internal/network/network.go
index 07d366433ba1d..04f29c7bb24ca 100644
--- a/integration/internal/network/network.go
+++ b/integration/internal/network/network.go
@@ -6,7 +6,7 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func createNetwork(ctx context.Context, client client.APIClient, name string, ops ...func(*types.NetworkCreate)) (string, error) {
@@ -26,8 +26,7 @@ func Create(ctx context.Context, client client.APIClient, name string, ops ...fu
 }
 
 // CreateNoError creates a network with the specified options and verifies there were no errors
-// nolint: golint
-func CreateNoError(t *testing.T, ctx context.Context, client client.APIClient, name string, ops ...func(*types.NetworkCreate)) string { // nolint: golint
+func CreateNoError(ctx context.Context, t *testing.T, client client.APIClient, name string, ops ...func(*types.NetworkCreate)) string { //nolint: golint
 	t.Helper()
 
 	name, err := createNetwork(ctx, client, name, ops...)
diff --git a/integration/internal/network/states.go b/integration/internal/network/states.go
new file mode 100644
index 0000000000000..31bf6ac7fe0fc
--- /dev/null
+++ b/integration/internal/network/states.go
@@ -0,0 +1,20 @@
+package network
+
+import (
+	"context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"gotest.tools/v3/poll"
+)
+
+// IsRemoved verifies the network is removed.
+func IsRemoved(ctx context.Context, client client.NetworkAPIClient, networkID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		_, err := client.NetworkInspect(ctx, networkID, types.NetworkInspectOptions{})
+		if err == nil {
+			return poll.Continue("waiting for network %s to be removed", networkID)
+		}
+		return poll.Success()
+	}
+}
diff --git a/integration/internal/requirement/requirement_linux.go b/integration/internal/requirement/requirement_linux.go
index 10a36b0fd94e8..0718646f9cbb9 100644
--- a/integration/internal/requirement/requirement_linux.go
+++ b/integration/internal/requirement/requirement_linux.go
@@ -1,12 +1,22 @@
 package requirement // import "github.com/docker/docker/integration/internal/requirement"
 
 import (
+	"os"
 	"strings"
 
 	"github.com/docker/docker/pkg/parsers/kernel"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/icmd"
 )
 
+// CgroupNamespacesEnabled checks if cgroup namespaces are enabled on this host
+func CgroupNamespacesEnabled() bool {
+	if _, err := os.Stat("/proc/self/ns/cgroup"); os.IsNotExist(err) {
+		return false
+	}
+
+	return true
+}
+
 func overlayFSSupported() bool {
 	result := icmd.RunCommand("/bin/sh", "-c", "cat /proc/filesystems")
 	if result.Error != nil {
diff --git a/integration/internal/requirement/requirement_windows.go b/integration/internal/requirement/requirement_windows.go
index 975aa77c7343b..7abcaa2990f50 100644
--- a/integration/internal/requirement/requirement_windows.go
+++ b/integration/internal/requirement/requirement_windows.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package requirement // import "github.com/docker/docker/integration/internal/requirement"
diff --git a/integration/internal/swarm/service.go b/integration/internal/swarm/service.go
index 33c8a67d96263..19ebff0e9a691 100644
--- a/integration/internal/swarm/service.go
+++ b/integration/internal/swarm/service.go
@@ -9,17 +9,18 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/environment"
-	"gotest.tools/assert"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/environment"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 // ServicePoll tweaks the pollSettings for `service`
 func ServicePoll(config *poll.Settings) {
 	// Override the default pollSettings for `service` resource here ...
-	config.Timeout = 30 * time.Second
+	config.Timeout = 15 * time.Second
 	config.Delay = 100 * time.Millisecond
 	if runtime.GOARCH == "arm64" || runtime.GOARCH == "arm" {
 		config.Timeout = 90 * time.Second
@@ -48,12 +49,13 @@ func ContainerPoll(config *poll.Settings) {
 }
 
 // NewSwarm creates a swarm daemon for testing
-func NewSwarm(t *testing.T, testEnv *environment.Execution, ops ...func(*daemon.Daemon)) *daemon.Daemon {
+func NewSwarm(t *testing.T, testEnv *environment.Execution, ops ...daemon.Option) *daemon.Daemon {
 	t.Helper()
 	skip.If(t, testEnv.IsRemoteDaemon)
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support Swarm-mode")
 	if testEnv.DaemonInfo.ExperimentalBuild {
-		ops = append(ops, daemon.WithExperimental)
+		ops = append(ops, daemon.WithExperimental())
 	}
 	d := daemon.New(t, ops...)
 	d.StartAndSwarmInit(t)
@@ -66,27 +68,37 @@ type ServiceSpecOpt func(*swarmtypes.ServiceSpec)
 // CreateService creates a service on the passed in swarm daemon.
 func CreateService(t *testing.T, d *daemon.Daemon, opts ...ServiceSpecOpt) string {
 	t.Helper()
-	spec := defaultServiceSpec()
-	for _, o := range opts {
-		o(&spec)
-	}
 
 	client := d.NewClientT(t)
 	defer client.Close()
 
+	spec := CreateServiceSpec(t, opts...)
 	resp, err := client.ServiceCreate(context.Background(), spec, types.ServiceCreateOptions{})
 	assert.NilError(t, err, "error creating service")
 	return resp.ID
 }
 
-func defaultServiceSpec() swarmtypes.ServiceSpec {
+// CreateServiceSpec creates a default service-spec, and applies the provided options
+func CreateServiceSpec(t *testing.T, opts ...ServiceSpecOpt) swarmtypes.ServiceSpec {
+	t.Helper()
 	var spec swarmtypes.ServiceSpec
 	ServiceWithImage("busybox:latest")(&spec)
 	ServiceWithCommand([]string{"/bin/top"})(&spec)
 	ServiceWithReplicas(1)(&spec)
+
+	for _, o := range opts {
+		o(&spec)
+	}
 	return spec
 }
 
+// ServiceWithMode sets the mode of the service to the provided mode.
+func ServiceWithMode(mode swarmtypes.ServiceMode) func(*swarmtypes.ServiceSpec) {
+	return func(spec *swarmtypes.ServiceSpec) {
+		spec.Mode = mode
+	}
+}
+
 // ServiceWithInit sets whether the service should use init or not
 func ServiceWithInit(b *bool) func(*swarmtypes.ServiceSpec) {
 	return func(spec *swarmtypes.ServiceSpec) {
@@ -138,6 +150,14 @@ func ServiceWithReplicas(n uint64) ServiceSpecOpt {
 	}
 }
 
+// ServiceWithMaxReplicas sets the max replicas for the service
+func ServiceWithMaxReplicas(n uint64) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		ensurePlacement(spec)
+		spec.TaskTemplate.Placement.MaxReplicas = n
+	}
+}
+
 // ServiceWithName sets the name of the service
 func ServiceWithName(name string) ServiceSpecOpt {
 	return func(spec *swarmtypes.ServiceSpec) {
@@ -168,20 +188,34 @@ func ServiceWithSysctls(sysctls map[string]string) ServiceSpecOpt {
 	}
 }
 
+// ServiceWithCapabilities sets the Capabilities option of the service's ContainerSpec.
+func ServiceWithCapabilities(add []string, drop []string) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		ensureContainerSpec(spec)
+		spec.TaskTemplate.ContainerSpec.CapabilityAdd = add
+		spec.TaskTemplate.ContainerSpec.CapabilityDrop = drop
+	}
+}
+
+// ServiceWithPidsLimit sets the PidsLimit option of the service's Resources.Limits.
+func ServiceWithPidsLimit(limit int64) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		ensureResources(spec)
+		spec.TaskTemplate.Resources.Limits.Pids = limit
+	}
+}
+
 // GetRunningTasks gets the list of running tasks for a service
-func GetRunningTasks(t *testing.T, d *daemon.Daemon, serviceID string) []swarmtypes.Task {
+func GetRunningTasks(t *testing.T, c client.ServiceAPIClient, serviceID string) []swarmtypes.Task {
 	t.Helper()
-	client := d.NewClientT(t)
-	defer client.Close()
 
-	filterArgs := filters.NewArgs()
-	filterArgs.Add("desired-state", "running")
-	filterArgs.Add("service", serviceID)
+	tasks, err := c.TaskList(context.Background(), types.TaskListOptions{
+		Filters: filters.NewArgs(
+			filters.Arg("service", serviceID),
+			filters.Arg("desired-state", "running"),
+		),
+	})
 
-	options := types.TaskListOptions{
-		Filters: filterArgs,
-	}
-	tasks, err := client.TaskList(context.Background(), options)
 	assert.NilError(t, err)
 	return tasks
 }
@@ -202,8 +236,26 @@ func ExecTask(t *testing.T, d *daemon.Daemon, task swarmtypes.Task, config types
 	return attach
 }
 
+func ensureResources(spec *swarmtypes.ServiceSpec) {
+	if spec.TaskTemplate.Resources == nil {
+		spec.TaskTemplate.Resources = &swarmtypes.ResourceRequirements{}
+	}
+	if spec.TaskTemplate.Resources.Limits == nil {
+		spec.TaskTemplate.Resources.Limits = &swarmtypes.Limit{}
+	}
+	if spec.TaskTemplate.Resources.Reservations == nil {
+		spec.TaskTemplate.Resources.Reservations = &swarmtypes.Resources{}
+	}
+}
+
 func ensureContainerSpec(spec *swarmtypes.ServiceSpec) {
 	if spec.TaskTemplate.ContainerSpec == nil {
 		spec.TaskTemplate.ContainerSpec = &swarmtypes.ContainerSpec{}
 	}
 }
+
+func ensurePlacement(spec *swarmtypes.ServiceSpec) {
+	if spec.TaskTemplate.Placement == nil {
+		spec.TaskTemplate.Placement = &swarmtypes.Placement{}
+	}
+}
diff --git a/integration/internal/swarm/states.go b/integration/internal/swarm/states.go
new file mode 100644
index 0000000000000..3f69feeef3656
--- /dev/null
+++ b/integration/internal/swarm/states.go
@@ -0,0 +1,165 @@
+package swarm
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"gotest.tools/v3/poll"
+)
+
+// NoTasksForService verifies that there are no more tasks for the given service
+func NoTasksForService(ctx context.Context, client client.ServiceAPIClient, serviceID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		tasks, err := client.TaskList(ctx, types.TaskListOptions{
+			Filters: filters.NewArgs(
+				filters.Arg("service", serviceID),
+			),
+		})
+		if err == nil {
+			if len(tasks) == 0 {
+				return poll.Success()
+			}
+			if len(tasks) > 0 {
+				return poll.Continue("task count for service %s at %d waiting for 0", serviceID, len(tasks))
+			}
+			return poll.Continue("waiting for tasks for service %s to be deleted", serviceID)
+		}
+		// TODO we should not use an error as indication that the tasks are gone. There may be other reasons for an error to occur.
+		return poll.Success()
+	}
+}
+
+// NoTasks verifies that all tasks are gone
+func NoTasks(ctx context.Context, client client.ServiceAPIClient) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		tasks, err := client.TaskList(ctx, types.TaskListOptions{})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case len(tasks) == 0:
+			return poll.Success()
+		default:
+			return poll.Continue("waiting for all tasks to be removed: task count at %d", len(tasks))
+		}
+	}
+}
+
+// RunningTasksCount verifies there are `instances` tasks running for `serviceID`
+func RunningTasksCount(client client.ServiceAPIClient, serviceID string, instances uint64) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		filter := filters.NewArgs()
+		filter.Add("service", serviceID)
+		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+		var running int
+		var taskError string
+		for _, task := range tasks {
+			switch task.Status.State {
+			case swarmtypes.TaskStateRunning:
+				running++
+			case swarmtypes.TaskStateFailed:
+				if task.Status.Err != "" {
+					taskError = task.Status.Err
+				}
+			}
+		}
+
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case running > int(instances):
+			return poll.Continue("waiting for tasks to terminate")
+		case running < int(instances) && taskError != "":
+			return poll.Continue("waiting for tasks to enter run state. task failed with error: %s", taskError)
+		case running == int(instances):
+			return poll.Success()
+		default:
+			return poll.Continue("running task count at %d waiting for %d (total tasks: %d)", running, instances, len(tasks))
+		}
+	}
+}
+
+// JobComplete is a poll function for determining that a ReplicatedJob is
+// completed additionally, while polling, it verifies that the job never
+// exceeds MaxConcurrent running tasks
+func JobComplete(client client.CommonAPIClient, service swarmtypes.Service) func(log poll.LogT) poll.Result {
+	filter := filters.NewArgs()
+	filter.Add("service", service.ID)
+
+	var jobIteration swarmtypes.Version
+	if service.JobStatus != nil {
+		jobIteration = service.JobStatus.JobIteration
+	}
+
+	maxRaw := service.Spec.Mode.ReplicatedJob.MaxConcurrent
+	totalRaw := service.Spec.Mode.ReplicatedJob.TotalCompletions
+
+	max := int(*maxRaw)
+	total := int(*totalRaw)
+
+	previousResult := ""
+
+	return func(log poll.LogT) poll.Result {
+		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+
+		if err != nil {
+			poll.Error(err)
+		}
+
+		var running int
+		var completed int
+
+		var runningSlot []int
+		var runningID []string
+
+		for _, task := range tasks {
+			// make sure the task has the same job iteration
+			if task.JobIteration == nil || task.JobIteration.Index != jobIteration.Index {
+				continue
+			}
+			switch task.Status.State {
+			case swarmtypes.TaskStateRunning:
+				running++
+				runningSlot = append(runningSlot, task.Slot)
+				runningID = append(runningID, task.ID)
+			case swarmtypes.TaskStateComplete:
+				completed++
+			}
+		}
+
+		switch {
+		case running > max:
+			return poll.Error(fmt.Errorf(
+				"number of running tasks (%v) exceeds max (%v)", running, max,
+			))
+		case (completed + running) > total:
+			return poll.Error(fmt.Errorf(
+				"number of tasks exceeds total (%v), %v running and %v completed",
+				total, running, completed,
+			))
+		case completed == total && running == 0:
+			return poll.Success()
+		default:
+			newRes := fmt.Sprintf(
+				"Completed: %2d Running: %v\n\t%v",
+				completed, runningSlot, runningID,
+			)
+			if newRes == previousResult {
+			} else {
+				previousResult = newRes
+			}
+
+			return poll.Continue(
+				"Job not yet finished, %v completed and %v running out of %v total",
+				completed, running, total,
+			)
+		}
+	}
+}
diff --git a/integration/network/delete_test.go b/integration/network/delete_test.go
index f9ab91986d4b9..221960e986bba 100644
--- a/integration/network/delete_test.go
+++ b/integration/network/delete_test.go
@@ -6,11 +6,11 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
+	dclient "github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/network"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func containsNetwork(nws []types.NetworkResource, networkID string) bool {
@@ -27,13 +27,10 @@ func containsNetwork(nws []types.NetworkResource, networkID string) bool {
 // first network's ID as name.
 //
 // After successful creation, properties of all three networks is returned
-func createAmbiguousNetworks(t *testing.T) (string, string, string) {
-	client := request.NewAPIClient(t)
-	ctx := context.Background()
-
-	testNet := network.CreateNoError(t, ctx, client, "testNet")
-	idPrefixNet := network.CreateNoError(t, ctx, client, testNet[:12])
-	fullIDNet := network.CreateNoError(t, ctx, client, testNet)
+func createAmbiguousNetworks(ctx context.Context, t *testing.T, client dclient.APIClient) (string, string, string) {
+	testNet := network.CreateNoError(ctx, t, client, "testNet")
+	idPrefixNet := network.CreateNoError(ctx, t, client, testNet[:12])
+	fullIDNet := network.CreateNoError(ctx, t, client, testNet)
 
 	nws, err := client.NetworkList(ctx, types.NetworkListOptions{})
 	assert.NilError(t, err)
@@ -48,11 +45,11 @@ func createAmbiguousNetworks(t *testing.T) (string, string, string) {
 func TestNetworkCreateDelete(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	netName := "testnetwork_" + t.Name()
-	network.CreateNoError(t, ctx, client, netName,
+	network.CreateNoError(ctx, t, client, netName,
 		network.WithCheckDuplicate(),
 	)
 	assert.Check(t, IsNetworkAvailable(client, netName))
@@ -71,9 +68,9 @@ func TestDockerNetworkDeletePreferID(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows",
 		"FIXME. Windows doesn't run DinD and uses networks shared between control daemon and daemon under test")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
-	testNet, idPrefixNet, fullIDNet := createAmbiguousNetworks(t)
+	testNet, idPrefixNet, fullIDNet := createAmbiguousNetworks(ctx, t, client)
 
 	// Delete the network using a prefix of the first network's ID as name.
 	// This should the network name with the id-prefix, not the original network.
diff --git a/integration/network/dns_test.go b/integration/network/dns_test.go
new file mode 100644
index 0000000000000..c4a50fe9a235a
--- /dev/null
+++ b/integration/network/dns_test.go
@@ -0,0 +1,35 @@
+package network // import "github.com/docker/docker/integration/network"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/integration/internal/network"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
+)
+
+func TestDaemonDNSFallback(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsUserNamespace)
+
+	d := daemon.New(t)
+	d.StartWithBusybox(t, "-b", "none", "--dns", "127.127.127.1", "--dns", "8.8.8.8")
+	defer d.Stop(t)
+
+	c := d.NewClientT(t)
+	ctx := context.Background()
+
+	network.CreateNoError(ctx, t, c, "test")
+	defer c.NetworkRemove(ctx, "test")
+
+	cid := container.Run(ctx, t, c, container.WithNetworkMode("test"), container.WithCmd("nslookup", "docker.com"))
+	defer c.ContainerRemove(ctx, cid, types.ContainerRemoveOptions{Force: true})
+
+	poll.WaitOn(t, container.IsSuccessful(ctx, c, cid), poll.WithDelay(100*time.Millisecond), poll.WithTimeout(10*time.Second))
+}
diff --git a/integration/network/helpers.go b/integration/network/helpers.go
index d5907f2baa125..ac015b17152bc 100644
--- a/integration/network/helpers.go
+++ b/integration/network/helpers.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package network
@@ -5,14 +6,12 @@ package network
 import (
 	"context"
 	"fmt"
-	"os"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"gotest.tools/assert/cmp"
-	"gotest.tools/icmd"
+	"gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
 )
 
 // CreateMasterDummy creates a dummy network interface
@@ -74,21 +73,3 @@ func IsNetworkNotAvailable(c client.NetworkAPIClient, name string) cmp.Compariso
 		return cmp.ResultSuccess
 	}
 }
-
-// CheckKernelMajorVersionGreaterOrEqualThen returns whether the kernel version is greater or equal than the one provided
-func CheckKernelMajorVersionGreaterOrEqualThen(kernelVersion int, majorVersion int) bool {
-	kv, err := kernel.GetKernelVersion()
-	if err != nil {
-		return false
-	}
-	if kv.Kernel < kernelVersion || (kv.Kernel == kernelVersion && kv.Major < majorVersion) {
-		return false
-	}
-	return true
-}
-
-// IsUserNamespace returns whether the user namespace remapping is enabled
-func IsUserNamespace() bool {
-	root := os.Getenv("DOCKER_REMAP_ROOT")
-	return root != ""
-}
diff --git a/integration/network/helpers_windows.go b/integration/network/helpers_windows.go
index 049d89310a696..35121fb200897 100644
--- a/integration/network/helpers_windows.go
+++ b/integration/network/helpers_windows.go
@@ -3,11 +3,10 @@ package network
 import (
 	"context"
 	"fmt"
-	"os"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-	"gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert/cmp"
 )
 
 // IsNetworkAvailable provides a comparison to check if a docker network is available
@@ -41,9 +40,3 @@ func IsNetworkNotAvailable(c client.NetworkAPIClient, name string) cmp.Compariso
 		return cmp.ResultSuccess
 	}
 }
-
-// IsUserNamespace returns whether the user namespace remapping is enabled
-func IsUserNamespace() bool {
-	root := os.Getenv("DOCKER_REMAP_ROOT")
-	return root != ""
-}
diff --git a/integration/network/inspect_test.go b/integration/network/inspect_test.go
index 1e9ad94865f3b..0a97154d8e7ad 100644
--- a/integration/network/inspect_test.go
+++ b/integration/network/inspect_test.go
@@ -3,177 +3,101 @@ package network // import "github.com/docker/docker/integration/network"
 import (
 	"context"
 	"testing"
-	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	swarmtypes "github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/network"
 	"github.com/docker/docker/integration/internal/swarm"
-	"gotest.tools/assert"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
-const defaultSwarmPort = 2477
-
 func TestInspectNetwork(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows", "FIXME")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support Swarm-mode")
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
-	overlayName := "overlay1"
-	overlayID := network.CreateNoError(t, context.Background(), client, overlayName,
+	networkName := "Overlay" + t.Name()
+	overlayID := network.CreateNoError(context.Background(), t, c, networkName,
 		network.WithDriver("overlay"),
 		network.WithCheckDuplicate(),
 	)
 
-	var instances uint64 = 4
+	var instances uint64 = 2
 	serviceName := "TestService" + t.Name()
 
 	serviceID := swarm.CreateService(t, d,
 		swarm.ServiceWithReplicas(instances),
 		swarm.ServiceWithName(serviceName),
-		swarm.ServiceWithNetwork(overlayName),
-	)
-
-	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
-
-	_, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
-	assert.NilError(t, err)
-
-	// Test inspect verbose with full NetworkID
-	networkVerbose, err := client.NetworkInspect(context.Background(), overlayID, types.NetworkInspectOptions{
-		Verbose: true,
-	})
-	assert.NilError(t, err)
-	assert.Assert(t, validNetworkVerbose(networkVerbose, serviceName, instances))
-
-	// Test inspect verbose with partial NetworkID
-	networkVerbose, err = client.NetworkInspect(context.Background(), overlayID[0:11], types.NetworkInspectOptions{
-		Verbose: true,
-	})
-	assert.NilError(t, err)
-	assert.Assert(t, validNetworkVerbose(networkVerbose, serviceName, instances))
-
-	// Test inspect verbose with Network name and swarm scope
-	networkVerbose, err = client.NetworkInspect(context.Background(), overlayName, types.NetworkInspectOptions{
-		Verbose: true,
-		Scope:   "swarm",
-	})
-	assert.NilError(t, err)
-	assert.Assert(t, validNetworkVerbose(networkVerbose, serviceName, instances))
-
-	err = client.ServiceRemove(context.Background(), serviceID)
-	assert.NilError(t, err)
-
-	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
-	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
-
-	serviceID2 := swarm.CreateService(t, d,
-		swarm.ServiceWithReplicas(instances),
-		swarm.ServiceWithName(serviceName),
-		swarm.ServiceWithNetwork(overlayName),
+		swarm.ServiceWithNetwork(networkName),
 	)
 
-	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID2, instances), swarm.ServicePoll)
-
-	err = client.ServiceRemove(context.Background(), serviceID2)
-	assert.NilError(t, err)
-
-	poll.WaitOn(t, serviceIsRemoved(client, serviceID2), swarm.ServicePoll)
-	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
-
-	err = client.NetworkRemove(context.Background(), overlayID)
-	assert.NilError(t, err)
-
-	poll.WaitOn(t, networkIsRemoved(client, overlayID), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
-}
-
-func serviceRunningTasksCount(client client.ServiceAPIClient, serviceID string, instances uint64) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		filter := filters.NewArgs()
-		filter.Add("service", serviceID)
-		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
-			Filters: filter,
-		})
-		switch {
-		case err != nil:
-			return poll.Error(err)
-		case len(tasks) == int(instances):
-			for _, task := range tasks {
-				if task.Status.State != swarmtypes.TaskStateRunning {
-					return poll.Continue("waiting for tasks to enter run state")
-				}
-			}
-			return poll.Success()
-		default:
-			return poll.Continue("task count at %d waiting for %d", len(tasks), instances)
-		}
+	poll.WaitOn(t, swarm.RunningTasksCount(c, serviceID, instances), swarm.ServicePoll)
+
+	tests := []struct {
+		name    string
+		network string
+		opts    types.NetworkInspectOptions
+	}{
+		{
+			name:    "full network id",
+			network: overlayID,
+			opts: types.NetworkInspectOptions{
+				Verbose: true,
+			},
+		},
+		{
+			name:    "partial network id",
+			network: overlayID[0:11],
+			opts: types.NetworkInspectOptions{
+				Verbose: true,
+			},
+		},
+		{
+			name:    "network name",
+			network: networkName,
+			opts: types.NetworkInspectOptions{
+				Verbose: true,
+			},
+		},
+		{
+			name:    "network name and swarm scope",
+			network: networkName,
+			opts: types.NetworkInspectOptions{
+				Verbose: true,
+				Scope:   "swarm",
+			},
+		},
 	}
-}
-
-func networkIsRemoved(client client.NetworkAPIClient, networkID string) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		_, err := client.NetworkInspect(context.Background(), networkID, types.NetworkInspectOptions{})
-		if err == nil {
-			return poll.Continue("waiting for network %s to be removed", networkID)
-		}
-		return poll.Success()
-	}
-}
+	ctx := context.Background()
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			nw, err := c.NetworkInspect(ctx, tc.network, tc.opts)
+			assert.NilError(t, err)
+
+			if service, ok := nw.Services[serviceName]; ok {
+				assert.Equal(t, len(service.Tasks), int(instances))
+			}
 
-func serviceIsRemoved(client client.ServiceAPIClient, serviceID string) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		filter := filters.NewArgs()
-		filter.Add("service", serviceID)
-		_, err := client.TaskList(context.Background(), types.TaskListOptions{
-			Filters: filter,
-		})
-		if err == nil {
-			return poll.Continue("waiting for service %s to be deleted", serviceID)
-		}
-		return poll.Success()
-	}
-}
+			assert.Assert(t, nw.IPAM.Config != nil)
 
-func noTasks(client client.ServiceAPIClient) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		filter := filters.NewArgs()
-		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
-			Filters: filter,
+			for _, cfg := range nw.IPAM.Config {
+				assert.Assert(t, cfg.Gateway != "")
+				assert.Assert(t, cfg.Subnet != "")
+			}
 		})
-		switch {
-		case err != nil:
-			return poll.Error(err)
-		case len(tasks) == 0:
-			return poll.Success()
-		default:
-			return poll.Continue("task count at %d waiting for 0", len(tasks))
-		}
-	}
-}
-
-// Check to see if Service and Tasks info are part of the inspect verbose response
-func validNetworkVerbose(network types.NetworkResource, service string, instances uint64) bool {
-	if service, ok := network.Services[service]; ok {
-		if len(service.Tasks) != int(instances) {
-			return false
-		}
 	}
 
-	if network.IPAM.Config == nil {
-		return false
-	}
-
-	for _, cfg := range network.IPAM.Config {
-		if cfg.Gateway == "" || cfg.Subnet == "" {
-			return false
-		}
-	}
-	return true
+	// TODO find out why removing networks is needed; other tests fail if the network is not removed, even though they run on a new daemon.
+	err := c.ServiceRemove(ctx, serviceID)
+	assert.NilError(t, err)
+	poll.WaitOn(t, swarm.NoTasksForService(ctx, c, serviceID), swarm.ServicePoll)
+	err = c.NetworkRemove(ctx, overlayID)
+	assert.NilError(t, err)
+	poll.WaitOn(t, network.IsRemoved(ctx, c, overlayID), swarm.NetworkPoll)
 }
diff --git a/integration/network/ipvlan/ipvlan_test.go b/integration/network/ipvlan/ipvlan_test.go
index b14649429231b..969772fe96cb4 100644
--- a/integration/network/ipvlan/ipvlan_test.go
+++ b/integration/network/ipvlan/ipvlan_test.go
@@ -1,29 +1,31 @@
+//go:build !windows
 // +build !windows
 
-package ipvlan
+package ipvlan // import "github.com/docker/docker/integration/network/ipvlan"
 
 import (
 	"context"
+	"os"
+	"os/exec"
 	"strings"
+	"sync"
 	"testing"
-	"time"
 
 	dclient "github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
 	net "github.com/docker/docker/integration/internal/network"
 	n "github.com/docker/docker/integration/network"
-	"github.com/docker/docker/internal/test/daemon"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 func TestDockerNetworkIpvlanPersistance(t *testing.T) {
 	// verify the driver automatically provisions the 802.1q link (di-dummy0.70)
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
-	skip.If(t, testEnv.IsRemoteDaemon())
-	skip.If(t, !ipvlanKernelSupport(), "Kernel doesn't support ipvlan")
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, !ipvlanKernelSupport(t), "Kernel doesn't support ipvlan")
 
-	d := daemon.New(t, daemon.WithExperimental)
+	d := daemon.New(t)
 	d.StartWithBusybox(t)
 	defer d.Stop(t)
 
@@ -32,25 +34,23 @@ func TestDockerNetworkIpvlanPersistance(t *testing.T) {
 	n.CreateMasterDummy(t, master)
 	defer n.DeleteInterface(t, master)
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	// create a network specifying the desired sub-interface name
 	netName := "di-persist"
-	net.CreateNoError(t, context.Background(), client, netName,
+	net.CreateNoError(context.Background(), t, c, netName,
 		net.WithIPvlan("di-dummy0.70", ""),
 	)
 
-	assert.Check(t, n.IsNetworkAvailable(client, netName))
+	assert.Check(t, n.IsNetworkAvailable(c, netName))
 	// Restart docker daemon to test the config has persisted to disk
 	d.Restart(t)
-	assert.Check(t, n.IsNetworkAvailable(client, netName))
+	assert.Check(t, n.IsNetworkAvailable(c, netName))
 }
 
 func TestDockerNetworkIpvlan(t *testing.T) {
-	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
-	skip.If(t, testEnv.IsRemoteDaemon())
-	skip.If(t, !ipvlanKernelSupport(), "Kernel doesn't support ipvlan")
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, !ipvlanKernelSupport(t), "Kernel doesn't support ipvlan")
 
 	for _, tc := range []struct {
 		name string
@@ -85,13 +85,11 @@ func TestDockerNetworkIpvlan(t *testing.T) {
 			test: testIpvlanAddressing,
 		},
 	} {
-		d := daemon.New(t, daemon.WithExperimental)
+		d := daemon.New(t)
 		d.StartWithBusybox(t)
+		c := d.NewClientT(t)
 
-		client, err := d.NewClient()
-		assert.NilError(t, err)
-
-		t.Run(tc.name, tc.test(client))
+		t.Run(tc.name, tc.test(c))
 
 		d.Stop(t)
 		// FIXME(vdemeester) clean network
@@ -105,7 +103,7 @@ func testIpvlanSubinterface(client dclient.APIClient) func(*testing.T) {
 		defer n.DeleteInterface(t, master)
 
 		netName := "di-subinterface"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithIPvlan("di-dummy0.60", ""),
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
@@ -130,7 +128,7 @@ func testIpvlanOverlapParent(client dclient.APIClient) func(*testing.T) {
 		n.CreateVlanInterface(t, master, parent, "30")
 
 		netName := "di-subinterface"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithIPvlan(parent, ""),
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
@@ -147,14 +145,14 @@ func testIpvlanL2NilParent(client dclient.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		// ipvlan l2 mode - dummy parent interface is provisioned dynamically
 		netName := "di-nil-parent"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithIPvlan("", ""),
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
 
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
-		id2 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
+		id1 := container.Run(ctx, t, client, container.WithNetworkMode(netName))
+		id2 := container.Run(ctx, t, client, container.WithNetworkMode(netName))
 
 		_, err := container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
 		assert.NilError(t, err)
@@ -164,24 +162,20 @@ func testIpvlanL2NilParent(client dclient.APIClient) func(*testing.T) {
 func testIpvlanL2InternalMode(client dclient.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		netName := "di-internal"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithIPvlan("", ""),
 			net.WithInternal(),
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
 
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
-		id2 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
+		id1 := container.Run(ctx, t, client, container.WithNetworkMode(netName))
+		id2 := container.Run(ctx, t, client, container.WithNetworkMode(netName))
 
-		timeoutCtx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
-		defer cancel()
-		_, err := container.Exec(timeoutCtx, client, id1, []string{"ping", "-c", "1", "-w", "1", "8.8.8.8"})
-		// FIXME(vdemeester) check the time of error ?
-		assert.Check(t, err != nil)
-		assert.Check(t, timeoutCtx.Err() == context.DeadlineExceeded)
+		result, _ := container.Exec(ctx, client, id1, []string{"ping", "-c", "1", "8.8.8.8"})
+		assert.Check(t, strings.Contains(result.Combined(), "Network is unreachable"))
 
-		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		_, err := container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
 		assert.NilError(t, err)
 	}
 }
@@ -189,7 +183,7 @@ func testIpvlanL2InternalMode(client dclient.APIClient) func(*testing.T) {
 func testIpvlanL3NilParent(client dclient.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		netName := "di-nil-parent-l3"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithIPvlan("", "l3"),
 			net.WithIPAM("172.28.230.0/24", ""),
 			net.WithIPAM("172.28.220.0/24", ""),
@@ -197,11 +191,11 @@ func testIpvlanL3NilParent(client dclient.APIClient) func(*testing.T) {
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
 
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client,
+		id1 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.220.10"),
 		)
-		id2 := container.Run(t, ctx, client,
+		id2 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.230.10"),
 		)
@@ -214,7 +208,7 @@ func testIpvlanL3NilParent(client dclient.APIClient) func(*testing.T) {
 func testIpvlanL3InternalMode(client dclient.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		netName := "di-internal-l3"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithIPvlan("", "l3"),
 			net.WithInternal(),
 			net.WithIPAM("172.28.230.0/24", ""),
@@ -223,23 +217,19 @@ func testIpvlanL3InternalMode(client dclient.APIClient) func(*testing.T) {
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
 
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client,
+		id1 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.220.10"),
 		)
-		id2 := container.Run(t, ctx, client,
+		id2 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.230.10"),
 		)
 
-		timeoutCtx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
-		defer cancel()
-		_, err := container.Exec(timeoutCtx, client, id1, []string{"ping", "-c", "1", "-w", "1", "8.8.8.8"})
-		// FIXME(vdemeester) check the time of error ?
-		assert.Check(t, err != nil)
-		assert.Check(t, timeoutCtx.Err() == context.DeadlineExceeded)
+		result, _ := container.Exec(ctx, client, id1, []string{"ping", "-c", "1", "8.8.8.8"})
+		assert.Check(t, strings.Contains(result.Combined(), "Network is unreachable"))
 
-		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		_, err := container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
 		assert.NilError(t, err)
 	}
 }
@@ -247,7 +237,7 @@ func testIpvlanL3InternalMode(client dclient.APIClient) func(*testing.T) {
 func testIpvlanL2MultiSubnet(client dclient.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		netName := "dualstackl2"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithIPvlan("", ""),
 			net.WithIPv6(),
 			net.WithIPAM("172.28.200.0/24", ""),
@@ -259,12 +249,12 @@ func testIpvlanL2MultiSubnet(client dclient.APIClient) func(*testing.T) {
 
 		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.100.0/24 and 2001:db8:abc2::/64
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client,
+		id1 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.200.20"),
 			container.WithIPv6(netName, "2001:db8:abc8::20"),
 		)
-		id2 := container.Run(t, ctx, client,
+		id2 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.200.21"),
 			container.WithIPv6(netName, "2001:db8:abc8::21"),
@@ -280,12 +270,12 @@ func testIpvlanL2MultiSubnet(client dclient.APIClient) func(*testing.T) {
 		assert.NilError(t, err)
 
 		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.102.0/24 and 2001:db8:abc4::/64
-		id3 := container.Run(t, ctx, client,
+		id3 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.202.20"),
 			container.WithIPv6(netName, "2001:db8:abc6::20"),
 		)
-		id4 := container.Run(t, ctx, client,
+		id4 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.202.21"),
 			container.WithIPv6(netName, "2001:db8:abc6::21"),
@@ -314,7 +304,7 @@ func testIpvlanL2MultiSubnet(client dclient.APIClient) func(*testing.T) {
 func testIpvlanL3MultiSubnet(client dclient.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		netName := "dualstackl3"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithIPvlan("", "l3"),
 			net.WithIPv6(),
 			net.WithIPAM("172.28.10.0/24", ""),
@@ -326,12 +316,12 @@ func testIpvlanL3MultiSubnet(client dclient.APIClient) func(*testing.T) {
 
 		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.100.0/24 and 2001:db8:abc2::/64
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client,
+		id1 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.10.20"),
 			container.WithIPv6(netName, "2001:db8:abc9::20"),
 		)
-		id2 := container.Run(t, ctx, client,
+		id2 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.10.21"),
 			container.WithIPv6(netName, "2001:db8:abc9::21"),
@@ -347,12 +337,12 @@ func testIpvlanL3MultiSubnet(client dclient.APIClient) func(*testing.T) {
 		assert.NilError(t, err)
 
 		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.102.0/24 and 2001:db8:abc4::/64
-		id3 := container.Run(t, ctx, client,
+		id3 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.12.20"),
 			container.WithIPv6(netName, "2001:db8:abc7::20"),
 		)
-		id4 := container.Run(t, ctx, client,
+		id4 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netName),
 			container.WithIPv4(netName, "172.28.12.21"),
 			container.WithIPv6(netName, "2001:db8:abc7::21"),
@@ -383,7 +373,7 @@ func testIpvlanAddressing(client dclient.APIClient) func(*testing.T) {
 		// Verify ipvlan l2 mode sets the proper default gateway routes via netlink
 		// for either an explicitly set route by the user or inferred via default IPAM
 		netNameL2 := "dualstackl2"
-		net.CreateNoError(t, context.Background(), client, netNameL2,
+		net.CreateNoError(context.Background(), t, client, netNameL2,
 			net.WithIPvlan("", "l2"),
 			net.WithIPv6(),
 			net.WithIPAM("172.28.140.0/24", "172.28.140.254"),
@@ -392,7 +382,7 @@ func testIpvlanAddressing(client dclient.APIClient) func(*testing.T) {
 		assert.Check(t, n.IsNetworkAvailable(client, netNameL2))
 
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client,
+		id1 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netNameL2),
 		)
 		// Validate ipvlan l2 mode defaults gateway sets the default IPAM next-hop inferred from the subnet
@@ -406,7 +396,7 @@ func testIpvlanAddressing(client dclient.APIClient) func(*testing.T) {
 
 		// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
 		netNameL3 := "dualstackl3"
-		net.CreateNoError(t, context.Background(), client, netNameL3,
+		net.CreateNoError(context.Background(), t, client, netNameL3,
 			net.WithIPvlan("", "l3"),
 			net.WithIPv6(),
 			net.WithIPAM("172.28.160.0/24", "172.28.160.254"),
@@ -414,7 +404,7 @@ func testIpvlanAddressing(client dclient.APIClient) func(*testing.T) {
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netNameL3))
 
-		id2 := container.Run(t, ctx, client,
+		id2 := container.Run(ctx, t, client,
 			container.WithNetworkMode(netNameL3),
 		)
 		// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
@@ -428,7 +418,23 @@ func testIpvlanAddressing(client dclient.APIClient) func(*testing.T) {
 	}
 }
 
-// ensure Kernel version is >= v4.2 for ipvlan support
-func ipvlanKernelSupport() bool {
-	return n.CheckKernelMajorVersionGreaterOrEqualThen(4, 2)
+var (
+	once            sync.Once
+	ipvlanSupported bool
+)
+
+// figure out if ipvlan is supported by the kernel
+func ipvlanKernelSupport(t *testing.T) bool {
+	once.Do(func() {
+		// this may have the side effect of enabling the ipvlan module
+		exec.Command("modprobe", "ipvlan").Run()
+		_, err := os.Stat("/sys/module/ipvlan")
+		if err == nil {
+			ipvlanSupported = true
+		} else if !os.IsNotExist(err) {
+			t.Logf("WARNING: ipvlanKernelSupport: stat failed: %v\n", err)
+		}
+	})
+
+	return ipvlanSupported
 }
diff --git a/integration/network/ipvlan/main_test.go b/integration/network/ipvlan/main_test.go
index 2d5f62453c4ba..470a75a90fbff 100644
--- a/integration/network/ipvlan/main_test.go
+++ b/integration/network/ipvlan/main_test.go
@@ -1,3 +1,6 @@
+//go:build !windows
+// +build !windows
+
 package ipvlan // import "github.com/docker/docker/integration/network/ipvlan"
 
 import (
@@ -5,7 +8,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
@@ -26,8 +29,3 @@ func TestMain(m *testing.M) {
 	testEnv.Print()
 	os.Exit(m.Run())
 }
-
-func setupTest(t *testing.T) func() {
-	environment.ProtectAll(t, testEnv)
-	return func() { testEnv.Clean(t) }
-}
diff --git a/integration/network/ipvlan/main_windows_test.go b/integration/network/ipvlan/main_windows_test.go
new file mode 100644
index 0000000000000..d016a04b66905
--- /dev/null
+++ b/integration/network/ipvlan/main_windows_test.go
@@ -0,0 +1 @@
+package ipvlan // import "github.com/docker/docker/integration/network/ipvlan"
diff --git a/integration/network/macvlan/macvlan_test.go b/integration/network/macvlan/macvlan_test.go
index a81b9014b4c0d..d7dae5c86e2c8 100644
--- a/integration/network/macvlan/macvlan_test.go
+++ b/integration/network/macvlan/macvlan_test.go
@@ -1,26 +1,26 @@
+//go:build !windows
 // +build !windows
 
-package macvlan
+package macvlan // import "github.com/docker/docker/integration/network/macvlan"
 
 import (
 	"context"
 	"strings"
 	"testing"
-	"time"
 
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
 	net "github.com/docker/docker/integration/internal/network"
 	n "github.com/docker/docker/integration/network"
-	"github.com/docker/docker/internal/test/daemon"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 func TestDockerNetworkMacvlanPersistance(t *testing.T) {
 	// verify the driver automatically provisions the 802.1q link (dm-dummy0.60)
-	skip.If(t, testEnv.IsRemoteDaemon())
-	skip.If(t, !macvlanKernelSupport(), "Kernel doesn't support macvlan")
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
 
 	d := daemon.New(t)
 	d.StartWithBusybox(t)
@@ -30,21 +30,20 @@ func TestDockerNetworkMacvlanPersistance(t *testing.T) {
 	n.CreateMasterDummy(t, master)
 	defer n.DeleteInterface(t, master)
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	netName := "dm-persist"
-	net.CreateNoError(t, context.Background(), client, netName,
+	net.CreateNoError(context.Background(), t, c, netName,
 		net.WithMacvlan("dm-dummy0.60"),
 	)
-	assert.Check(t, n.IsNetworkAvailable(client, netName))
+	assert.Check(t, n.IsNetworkAvailable(c, netName))
 	d.Restart(t)
-	assert.Check(t, n.IsNetworkAvailable(client, netName))
+	assert.Check(t, n.IsNetworkAvailable(c, netName))
 }
 
 func TestDockerNetworkMacvlan(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon())
-	skip.If(t, !macvlanKernelSupport(), "Kernel doesn't support macvlan")
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
 
 	for _, tc := range []struct {
 		name string
@@ -62,6 +61,9 @@ func TestDockerNetworkMacvlan(t *testing.T) {
 		}, {
 			name: "InternalMode",
 			test: testMacvlanInternalMode,
+		}, {
+			name: "MultiSubnet",
+			test: testMacvlanMultiSubnet,
 		}, {
 			name: "Addressing",
 			test: testMacvlanAddressing,
@@ -69,11 +71,9 @@ func TestDockerNetworkMacvlan(t *testing.T) {
 	} {
 		d := daemon.New(t)
 		d.StartWithBusybox(t)
+		c := d.NewClientT(t)
 
-		client, err := d.NewClient()
-		assert.NilError(t, err)
-
-		t.Run(tc.name, tc.test(client))
+		t.Run(tc.name, tc.test(c))
 
 		d.Stop(t)
 		// FIXME(vdemeester) clean network
@@ -89,7 +89,7 @@ func testMacvlanOverlapParent(client client.APIClient) func(*testing.T) {
 
 		netName := "dm-subinterface"
 		parentName := "dm-dummy0.40"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithMacvlan(parentName),
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
@@ -119,7 +119,7 @@ func testMacvlanSubinterface(client client.APIClient) func(*testing.T) {
 		n.CreateVlanInterface(t, master, parentName, "20")
 
 		netName := "dm-subinterface"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithMacvlan(parentName),
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
@@ -138,14 +138,14 @@ func testMacvlanNilParent(client client.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		// macvlan bridge mode - dummy parent interface is provisioned dynamically
 		netName := "dm-nil-parent"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithMacvlan(""),
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
 
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
-		id2 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
+		id1 := container.Run(ctx, t, client, container.WithNetworkMode(netName))
+		id2 := container.Run(ctx, t, client, container.WithNetworkMode(netName))
 
 		_, err := container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
 		assert.Check(t, err == nil)
@@ -156,24 +156,20 @@ func testMacvlanInternalMode(client client.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		// macvlan bridge mode - dummy parent interface is provisioned dynamically
 		netName := "dm-internal"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithMacvlan(""),
 			net.WithInternal(),
 		)
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
 
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
-		id2 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
+		id1 := container.Run(ctx, t, client, container.WithNetworkMode(netName))
+		id2 := container.Run(ctx, t, client, container.WithNetworkMode(netName))
 
-		timeoutCtx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
-		defer cancel()
-		_, err := container.Exec(timeoutCtx, client, id1, []string{"ping", "-c", "1", "-w", "1", "8.8.8.8"})
-		// FIXME(vdemeester) check the time of error ?
-		assert.Check(t, err != nil)
-		assert.Check(t, timeoutCtx.Err() == context.DeadlineExceeded)
+		result, _ := container.Exec(ctx, client, id1, []string{"ping", "-c", "1", "8.8.8.8"})
+		assert.Check(t, strings.Contains(result.Combined(), "Network is unreachable"))
 
-		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		_, err := container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
 		assert.Check(t, err == nil)
 	}
 }
@@ -181,7 +177,7 @@ func testMacvlanInternalMode(client client.APIClient) func(*testing.T) {
 func testMacvlanMultiSubnet(client client.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		netName := "dualstackbridge"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithMacvlan(""),
 			net.WithIPv6(),
 			net.WithIPAM("172.28.100.0/24", ""),
@@ -194,12 +190,12 @@ func testMacvlanMultiSubnet(client client.APIClient) func(*testing.T) {
 
 		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.100.0/24 and 2001:db8:abc2::/64
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client,
+		id1 := container.Run(ctx, t, client,
 			container.WithNetworkMode("dualstackbridge"),
 			container.WithIPv4("dualstackbridge", "172.28.100.20"),
 			container.WithIPv6("dualstackbridge", "2001:db8:abc2::20"),
 		)
-		id2 := container.Run(t, ctx, client,
+		id2 := container.Run(ctx, t, client,
 			container.WithNetworkMode("dualstackbridge"),
 			container.WithIPv4("dualstackbridge", "172.28.100.21"),
 			container.WithIPv6("dualstackbridge", "2001:db8:abc2::21"),
@@ -215,12 +211,12 @@ func testMacvlanMultiSubnet(client client.APIClient) func(*testing.T) {
 		assert.NilError(t, err)
 
 		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.102.0/24 and 2001:db8:abc4::/64
-		id3 := container.Run(t, ctx, client,
+		id3 := container.Run(ctx, t, client,
 			container.WithNetworkMode("dualstackbridge"),
 			container.WithIPv4("dualstackbridge", "172.28.102.20"),
 			container.WithIPv6("dualstackbridge", "2001:db8:abc4::20"),
 		)
-		id4 := container.Run(t, ctx, client,
+		id4 := container.Run(ctx, t, client,
 			container.WithNetworkMode("dualstackbridge"),
 			container.WithIPv4("dualstackbridge", "172.28.102.21"),
 			container.WithIPv6("dualstackbridge", "2001:db8:abc4::21"),
@@ -242,7 +238,7 @@ func testMacvlanMultiSubnet(client client.APIClient) func(*testing.T) {
 		// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
 		assert.Equal(t, c3.NetworkSettings.Networks["dualstackbridge"].Gateway, "172.28.102.254")
 		// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
-		assert.Equal(t, c3.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, "2001:db8.abc4::254")
+		assert.Equal(t, c3.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, "2001:db8:abc4::254")
 	}
 }
 
@@ -250,7 +246,7 @@ func testMacvlanAddressing(client client.APIClient) func(*testing.T) {
 	return func(t *testing.T) {
 		// Ensure the default gateways, next-hops and default dev devices are properly set
 		netName := "dualstackbridge"
-		net.CreateNoError(t, context.Background(), client, netName,
+		net.CreateNoError(context.Background(), t, client, netName,
 			net.WithMacvlan(""),
 			net.WithIPv6(),
 			net.WithOption("macvlan_mode", "bridge"),
@@ -260,7 +256,7 @@ func testMacvlanAddressing(client client.APIClient) func(*testing.T) {
 		assert.Check(t, n.IsNetworkAvailable(client, netName))
 
 		ctx := context.Background()
-		id1 := container.Run(t, ctx, client,
+		id1 := container.Run(ctx, t, client,
 			container.WithNetworkMode("dualstackbridge"),
 		)
 
@@ -274,8 +270,3 @@ func testMacvlanAddressing(client client.APIClient) func(*testing.T) {
 		assert.Check(t, strings.Contains(result.Combined(), "default via 2001:db8:abca::254 dev eth0"))
 	}
 }
-
-// ensure Kernel version is >= v3.9 for macvlan support
-func macvlanKernelSupport() bool {
-	return n.CheckKernelMajorVersionGreaterOrEqualThen(3, 9)
-}
diff --git a/integration/network/macvlan/main_test.go b/integration/network/macvlan/main_test.go
index 31cf111b22af7..c7adc4f9072ec 100644
--- a/integration/network/macvlan/main_test.go
+++ b/integration/network/macvlan/main_test.go
@@ -1,3 +1,6 @@
+//go:build !windows
+// +build !windows
+
 package macvlan // import "github.com/docker/docker/integration/network/macvlan"
 
 import (
@@ -5,7 +8,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
@@ -26,8 +29,3 @@ func TestMain(m *testing.M) {
 	testEnv.Print()
 	os.Exit(m.Run())
 }
-
-func setupTest(t *testing.T) func() {
-	environment.ProtectAll(t, testEnv)
-	return func() { testEnv.Clean(t) }
-}
diff --git a/integration/network/macvlan/main_windows_test.go b/integration/network/macvlan/main_windows_test.go
new file mode 100644
index 0000000000000..367cd2c540679
--- /dev/null
+++ b/integration/network/macvlan/main_windows_test.go
@@ -0,0 +1 @@
+package macvlan // import "github.com/docker/docker/integration/network/macvlan"
diff --git a/integration/network/main_test.go b/integration/network/main_test.go
index 36ed19ca67add..80354dcf0e61b 100644
--- a/integration/network/main_test.go
+++ b/integration/network/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/network/network_test.go b/integration/network/network_test.go
index 3829dd728e25f..ec0546aa0e866 100644
--- a/integration/network/network_test.go
+++ b/integration/network/network_test.go
@@ -3,42 +3,47 @@ package network // import "github.com/docker/docker/integration/network"
 import (
 	"bytes"
 	"context"
+	"encoding/json"
+	"net/http"
 	"os/exec"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/daemon"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/integration/internal/network"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/skip"
 )
 
 func TestRunContainerWithBridgeNone(t *testing.T) {
 	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
-	skip.If(t, IsUserNamespace())
+	skip.If(t, testEnv.IsUserNamespace)
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
 
 	d := daemon.New(t)
 	d.StartWithBusybox(t, "-b", "none")
 	defer d.Stop(t)
 
-	client, err := d.NewClient()
-	assert.Check(t, err, "error creating client")
-
+	c := d.NewClientT(t)
 	ctx := context.Background()
-	id1 := container.Run(t, ctx, client)
-	defer client.ContainerRemove(ctx, id1, types.ContainerRemoveOptions{Force: true})
 
-	result, err := container.Exec(ctx, client, id1, []string{"ip", "l"})
+	id1 := container.Run(ctx, t, c)
+	defer c.ContainerRemove(ctx, id1, types.ContainerRemoveOptions{Force: true})
+
+	result, err := container.Exec(ctx, c, id1, []string{"ip", "l"})
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(false, strings.Contains(result.Combined(), "eth0")), "There shouldn't be eth0 in container in default(bridge) mode when bridge network is disabled")
 
-	id2 := container.Run(t, ctx, client, container.WithNetworkMode("bridge"))
-	defer client.ContainerRemove(ctx, id2, types.ContainerRemoveOptions{Force: true})
+	id2 := container.Run(ctx, t, c, container.WithNetworkMode("bridge"))
+	defer c.ContainerRemove(ctx, id2, types.ContainerRemoveOptions{Force: true})
 
-	result, err = container.Exec(ctx, client, id2, []string{"ip", "l"})
+	result, err = container.Exec(ctx, c, id2, []string{"ip", "l"})
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(false, strings.Contains(result.Combined(), "eth0")), "There shouldn't be eth0 in container in bridge mode when bridge network is disabled")
 
@@ -49,10 +54,98 @@ func TestRunContainerWithBridgeNone(t *testing.T) {
 	err = cmd.Run()
 	assert.NilError(t, err, "Failed to get current process network namespace: %+v", err)
 
-	id3 := container.Run(t, ctx, client, container.WithNetworkMode("host"))
-	defer client.ContainerRemove(ctx, id3, types.ContainerRemoveOptions{Force: true})
+	id3 := container.Run(ctx, t, c, container.WithNetworkMode("host"))
+	defer c.ContainerRemove(ctx, id3, types.ContainerRemoveOptions{Force: true})
+
+	result, err = container.Exec(ctx, c, id3, []string{"sh", "-c", nsCommand})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(stdout.String(), result.Combined()), "The network namespace of container should be the same with host when --net=host and bridge network is disabled")
+}
+
+func TestNetworkInvalidJSON(t *testing.T) {
+	defer setupTest(t)()
+
+	endpoints := []string{
+		"/networks/create",
+		"/networks/bridge/connect",
+		"/networks/bridge/disconnect",
+	}
+
+	for _, ep := range endpoints {
+		ep := ep
+		t.Run(ep, func(t *testing.T) {
+			t.Parallel()
+
+			res, body, err := request.Post(ep, request.RawString("{invalid json"), request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusBadRequest)
+
+			buf, err := request.ReadBody(body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(buf), "invalid character 'i' looking for beginning of object key string"))
+
+			res, body, err = request.Post(ep, request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusBadRequest)
+
+			buf, err = request.ReadBody(body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(buf), "got EOF while reading request body"))
+		})
+	}
+}
+
+// TestNetworkList verifies that /networks returns a list of networks either
+// with, or without a trailing slash (/networks/). Regression test for https://github.com/moby/moby/issues/24595
+func TestNetworkList(t *testing.T) {
+	defer setupTest(t)()
+
+	endpoints := []string{
+		"/networks",
+		"/networks/",
+	}
+
+	for _, ep := range endpoints {
+		ep := ep
+		t.Run(ep, func(t *testing.T) {
+			t.Parallel()
+
+			res, body, err := request.Get(ep, request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusOK)
+
+			buf, err := request.ReadBody(body)
+			assert.NilError(t, err)
+			var nws []types.NetworkResource
+			err = json.Unmarshal(buf, &nws)
+			assert.NilError(t, err)
+			assert.Assert(t, len(nws) > 0)
+		})
+	}
+}
+
+func TestHostIPv4BridgeLabel(t *testing.T) {
+	skip.If(t, testEnv.OSType == "windows")
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
+	d := daemon.New(t)
+	d.Start(t)
+	defer d.Stop(t)
+	c := d.NewClientT(t)
+	defer c.Close()
+	ctx := context.Background()
 
-	result, err = container.Exec(ctx, client, id3, []string{"sh", "-c", nsCommand})
+	ipv4SNATAddr := "172.0.0.172"
+	// Create a bridge network with --opt com.docker.network.host_ipv4=172.0.0.172
+	bridgeName := "hostIPv4Bridge"
+	network.CreateNoError(ctx, t, c, bridgeName,
+		network.WithDriver("bridge"),
+		network.WithOption("com.docker.network.host_ipv4", ipv4SNATAddr),
+		network.WithOption("com.docker.network.bridge.name", bridgeName),
+	)
+	out, err := c.NetworkInspect(ctx, bridgeName, types.NetworkInspectOptions{Verbose: true})
 	assert.NilError(t, err)
-	assert.Check(t, is.Equal(stdout.String(), result.Combined()), "The network namspace of container should be the same with host when --net=host and bridge network is disabled")
+	assert.Assert(t, len(out.IPAM.Config) > 0)
+	// Make sure the SNAT rule exists
+	icmd.RunCommand("iptables", "-t", "nat", "-C", "POSTROUTING", "-s", out.IPAM.Config[0].Subnet, "!", "-o", bridgeName, "-j", "SNAT", "--to-source", ipv4SNATAddr).Assert(t, icmd.Success)
 }
diff --git a/integration/network/service_test.go b/integration/network/service_test.go
index 4762b577ac9a7..e3cbb0ff17544 100644
--- a/integration/network/service_test.go
+++ b/integration/network/service_test.go
@@ -11,15 +11,16 @@ import (
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/network"
 	"github.com/docker/docker/integration/internal/swarm"
-	"github.com/docker/docker/internal/test/daemon"
-	"gotest.tools/assert"
-	"gotest.tools/icmd"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 // delInterface removes given network interface
 func delInterface(t *testing.T, ifName string) {
+	t.Helper()
 	icmd.RunCommand("ip", "link", "delete", ifName).Assert(t, icmd.Success)
 	icmd.RunCommand("iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
 	icmd.RunCommand("iptables", "--flush").Assert(t, icmd.Success)
@@ -27,61 +28,71 @@ func delInterface(t *testing.T, ifName string) {
 
 func TestDaemonRestartWithLiveRestore(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows")
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
 	d := daemon.New(t)
 	defer d.Stop(t)
 	d.Start(t)
-	d.Restart(t, "--live-restore=true",
-		"--default-address-pool", "base=175.30.0.0/16,size=16",
-		"--default-address-pool", "base=175.33.0.0/16,size=24")
+
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	// Verify bridge network's subnet
-	cli, err := d.NewClient()
-	assert.Assert(t, err)
-	defer cli.Close()
-	out, err := cli.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
+	out, err := c.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	subnet := out.IPAM.Config[0].Subnet
+
+	d.Restart(t,
+		"--live-restore=true",
+		"--default-address-pool", "base=175.30.0.0/16,size=16",
+		"--default-address-pool", "base=175.33.0.0/16,size=24",
+	)
+
+	out1, err := c.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	// Make sure docker0 doesn't get override with new IP in live restore case
-	assert.Equal(t, out.IPAM.Config[0].Subnet, "172.18.0.0/16")
+	assert.Equal(t, out1.IPAM.Config[0].Subnet, subnet)
 }
 
 func TestDaemonDefaultNetworkPools(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows")
 	// Remove docker0 bridge and the start daemon defining the predefined address pools
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
 	defaultNetworkBridge := "docker0"
 	delInterface(t, defaultNetworkBridge)
 	d := daemon.New(t)
 	defer d.Stop(t)
 	d.Start(t,
 		"--default-address-pool", "base=175.30.0.0/16,size=16",
-		"--default-address-pool", "base=175.33.0.0/16,size=24")
+		"--default-address-pool", "base=175.33.0.0/16,size=24",
+	)
+
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	// Verify bridge network's subnet
-	cli, err := d.NewClient()
-	assert.Assert(t, err)
-	defer cli.Close()
-	out, err := cli.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
+	out, err := c.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	assert.Equal(t, out.IPAM.Config[0].Subnet, "175.30.0.0/16")
 
 	// Create a bridge network and verify its subnet is the second default pool
 	name := "elango" + t.Name()
-	network.CreateNoError(t, context.Background(), cli, name,
+	network.CreateNoError(context.Background(), t, c, name,
 		network.WithDriver("bridge"),
 	)
-	out, err = cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	out, err = c.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	assert.Equal(t, out.IPAM.Config[0].Subnet, "175.33.0.0/24")
 
 	// Create a bridge network and verify its subnet is the third default pool
 	name = "saanvi" + t.Name()
-	network.CreateNoError(t, context.Background(), cli, name,
+	network.CreateNoError(context.Background(), t, c, name,
 		network.WithDriver("bridge"),
 	)
-	out, err = cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	out, err = c.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	assert.Equal(t, out.IPAM.Config[0].Subnet, "175.33.1.0/24")
 	delInterface(t, defaultNetworkBridge)
@@ -90,23 +101,24 @@ func TestDaemonDefaultNetworkPools(t *testing.T) {
 
 func TestDaemonRestartWithExistingNetwork(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows")
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
 	defaultNetworkBridge := "docker0"
 	d := daemon.New(t)
 	d.Start(t)
 	defer d.Stop(t)
-	// Verify bridge network's subnet
-	cli, err := d.NewClient()
-	assert.Assert(t, err)
-	defer cli.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	// Create a bridge network
 	name := "elango" + t.Name()
-	network.CreateNoError(t, context.Background(), cli, name,
+	network.CreateNoError(context.Background(), t, c, name,
 		network.WithDriver("bridge"),
 	)
-	out, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+
+	// Verify bridge network's subnet
+	out, err := c.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	networkip := out.IPAM.Config[0].Subnet
 
@@ -115,7 +127,7 @@ func TestDaemonRestartWithExistingNetwork(t *testing.T) {
 		"--default-address-pool", "base=175.30.0.0/16,size=16",
 		"--default-address-pool", "base=175.33.0.0/16,size=24")
 
-	out1, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	out1, err := c.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	assert.Equal(t, out1.IPAM.Config[0].Subnet, networkip)
 	delInterface(t, defaultNetworkBridge)
@@ -123,46 +135,48 @@ func TestDaemonRestartWithExistingNetwork(t *testing.T) {
 
 func TestDaemonRestartWithExistingNetworkWithDefaultPoolRange(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows")
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
 	defaultNetworkBridge := "docker0"
 	d := daemon.New(t)
 	d.Start(t)
 	defer d.Stop(t)
-	// Verify bridge network's subnet
-	cli, err := d.NewClient()
-	assert.Assert(t, err)
-	defer cli.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	// Create a bridge network
 	name := "elango" + t.Name()
-	network.CreateNoError(t, context.Background(), cli, name,
+	network.CreateNoError(context.Background(), t, c, name,
 		network.WithDriver("bridge"),
 	)
-	out, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+
+	// Verify bridge network's subnet
+	out, err := c.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	networkip := out.IPAM.Config[0].Subnet
 
 	// Create a bridge network
 	name = "sthira" + t.Name()
-	network.CreateNoError(t, context.Background(), cli, name,
+	network.CreateNoError(context.Background(), t, c, name,
 		network.WithDriver("bridge"),
 	)
-	out, err = cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	out, err = c.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	networkip2 := out.IPAM.Config[0].Subnet
 
 	// Restart daemon with default address pool option
 	d.Restart(t,
 		"--default-address-pool", "base=175.18.0.0/16,size=16",
-		"--default-address-pool", "base=175.19.0.0/16,size=24")
+		"--default-address-pool", "base=175.19.0.0/16,size=24",
+	)
 
 	// Create a bridge network
 	name = "saanvi" + t.Name()
-	network.CreateNoError(t, context.Background(), cli, name,
+	network.CreateNoError(context.Background(), t, c, name,
 		network.WithDriver("bridge"),
 	)
-	out1, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	out1, err := c.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 
 	assert.Check(t, out1.IPAM.Config[0].Subnet != networkip)
@@ -172,33 +186,37 @@ func TestDaemonRestartWithExistingNetworkWithDefaultPoolRange(t *testing.T) {
 
 func TestDaemonWithBipAndDefaultNetworkPool(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows")
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
 	defaultNetworkBridge := "docker0"
 	d := daemon.New(t)
 	defer d.Stop(t)
-	d.Start(t, "--bip=172.60.0.1/16",
+	d.Start(t,
+		"--bip=172.60.0.1/16",
 		"--default-address-pool", "base=175.30.0.0/16,size=16",
-		"--default-address-pool", "base=175.33.0.0/16,size=24")
+		"--default-address-pool", "base=175.33.0.0/16,size=24",
+	)
+
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	// Verify bridge network's subnet
-	cli, err := d.NewClient()
-	assert.Assert(t, err)
-	defer cli.Close()
-	out, err := cli.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
+	out, err := c.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
 	assert.NilError(t, err)
 	// Make sure BIP IP doesn't get override with new default address pool .
-	assert.Equal(t, out.IPAM.Config[0].Subnet, "172.60.0.1/16")
+	assert.Equal(t, out.IPAM.Config[0].Subnet, "172.60.0.0/16")
 	delInterface(t, defaultNetworkBridge)
 }
 
 func TestServiceWithPredefinedNetwork(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support Swarm-mode")
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	hostName := "host"
 	var instances uint64 = 1
@@ -210,26 +228,29 @@ func TestServiceWithPredefinedNetwork(t *testing.T) {
 		swarm.ServiceWithNetwork(hostName),
 	)
 
-	poll.WaitOn(t, serviceRunningCount(client, serviceID, instances), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.RunningTasksCount(c, serviceID, instances), swarm.ServicePoll)
 
-	_, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	_, _, err := c.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
 	assert.NilError(t, err)
 
-	err = client.ServiceRemove(context.Background(), serviceID)
+	err = c.ServiceRemove(context.Background(), serviceID)
 	assert.NilError(t, err)
 }
 
 const ingressNet = "ingress"
 
 func TestServiceRemoveKeepsIngressNetwork(t *testing.T) {
+	t.Skip("FLAKY_TEST")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support Swarm-mode")
+
 	skip.If(t, testEnv.OSType == "windows")
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
-	poll.WaitOn(t, swarmIngressReady(client), swarm.NetworkPoll)
+	poll.WaitOn(t, swarmIngressReady(c), swarm.NetworkPoll)
 
 	var instances uint64 = 1
 
@@ -247,20 +268,21 @@ func TestServiceRemoveKeepsIngressNetwork(t *testing.T) {
 		}),
 	)
 
-	poll.WaitOn(t, serviceRunningCount(client, serviceID, instances), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.RunningTasksCount(c, serviceID, instances), swarm.ServicePoll)
 
-	_, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	ctx := context.Background()
+	_, _, err := c.ServiceInspectWithRaw(ctx, serviceID, types.ServiceInspectOptions{})
 	assert.NilError(t, err)
 
-	err = client.ServiceRemove(context.Background(), serviceID)
+	err = c.ServiceRemove(ctx, serviceID)
 	assert.NilError(t, err)
 
-	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
-	poll.WaitOn(t, noServices(client), swarm.ServicePoll)
+	poll.WaitOn(t, noServices(ctx, c), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.NoTasks(ctx, c), swarm.ServicePoll)
 
 	// Ensure that "ingress" is not removed or corrupted
 	time.Sleep(10 * time.Second)
-	netInfo, err := client.NetworkInspect(context.Background(), ingressNet, types.NetworkInspectOptions{
+	netInfo, err := c.NetworkInspect(ctx, ingressNet, types.NetworkInspectOptions{
 		Verbose: true,
 		Scope:   "swarm",
 	})
@@ -271,20 +293,7 @@ func TestServiceRemoveKeepsIngressNetwork(t *testing.T) {
 	assert.Assert(t, ok, "ingress-sbox not present in ingress network")
 }
 
-func serviceRunningCount(client client.ServiceAPIClient, serviceID string, instances uint64) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		services, err := client.ServiceList(context.Background(), types.ServiceListOptions{})
-		if err != nil {
-			return poll.Error(err)
-		}
-
-		if len(services) != int(instances) {
-			return poll.Continue("Service count at %d waiting for %d", len(services), instances)
-		}
-		return poll.Success()
-	}
-}
-
+//nolint:unused // for some reason, the "unused" linter marks this function as "unused"
 func swarmIngressReady(client client.NetworkAPIClient) func(log poll.LogT) poll.Result {
 	return func(log poll.LogT) poll.Result {
 		netInfo, err := client.NetworkInspect(context.Background(), ingressNet, types.NetworkInspectOptions{
@@ -307,36 +316,106 @@ func swarmIngressReady(client client.NetworkAPIClient) func(log poll.LogT) poll.
 	}
 }
 
-func noServices(client client.ServiceAPIClient) func(log poll.LogT) poll.Result {
+func noServices(ctx context.Context, client client.ServiceAPIClient) func(log poll.LogT) poll.Result {
 	return func(log poll.LogT) poll.Result {
-		services, err := client.ServiceList(context.Background(), types.ServiceListOptions{})
+		services, err := client.ServiceList(ctx, types.ServiceListOptions{})
 		switch {
 		case err != nil:
 			return poll.Error(err)
 		case len(services) == 0:
 			return poll.Success()
 		default:
-			return poll.Continue("Service count at %d waiting for 0", len(services))
+			return poll.Continue("waiting for all services to be removed: service count at %d", len(services))
 		}
 	}
 }
 
-func TestServiceWithDefaultAddressPoolInit(t *testing.T) {
+func TestServiceWithDataPathPortInit(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows")
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "DataPathPort was added in API v1.40")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support Swarm-mode")
 	defer setupTest(t)()
-	var ops = []func(*daemon.Daemon){}
-	ipAddr := []string{"20.20.0.0/16"}
-	ops = append(ops, daemon.WithSwarmDefaultAddrPool(ipAddr))
-	ops = append(ops, daemon.WithSwarmDefaultAddrPoolSubnetSize(24))
-	d := swarm.NewSwarm(t, testEnv, ops...)
+	var datapathPort uint32 = 7777
+	d := swarm.NewSwarm(t, testEnv, daemon.WithSwarmDataPathPort(datapathPort))
+	c := d.NewClientT(t)
+	ctx := context.Background()
+	// Create a overlay network
+	name := "saanvisthira" + t.Name()
+	overlayID := network.CreateNoError(context.Background(), t, c, name,
+		network.WithDriver("overlay"))
+
+	var instances uint64 = 1
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(name),
+		swarm.ServiceWithNetwork(name),
+	)
+
+	poll.WaitOn(t, swarm.RunningTasksCount(c, serviceID, instances), swarm.ServicePoll)
+
+	info := d.Info(t)
+	assert.Equal(t, info.Swarm.Cluster.DataPathPort, datapathPort)
+	err := c.ServiceRemove(ctx, serviceID)
+	assert.NilError(t, err)
+	poll.WaitOn(t, noServices(ctx, c), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.NoTasks(ctx, c), swarm.ServicePoll)
+	err = c.NetworkRemove(ctx, overlayID)
+	assert.NilError(t, err)
+	c.Close()
+	err = d.SwarmLeave(t, true)
+	assert.NilError(t, err)
+	d.Stop(t)
+
+	// Clean up , set it back to original one to make sure other tests don't fail
+	// call without datapath port option.
+	d = swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	nc := d.NewClientT(t)
+	defer nc.Close()
+	// Create a overlay network
+	name = "not-saanvisthira" + t.Name()
+	overlayID = network.CreateNoError(ctx, t, nc, name,
+		network.WithDriver("overlay"))
+
+	serviceID = swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(name),
+		swarm.ServiceWithNetwork(name),
+	)
+
+	poll.WaitOn(t, swarm.RunningTasksCount(nc, serviceID, instances), swarm.ServicePoll)
 
+	info = d.Info(t)
+	var defaultDataPathPort uint32 = 4789
+	assert.Equal(t, info.Swarm.Cluster.DataPathPort, defaultDataPathPort)
+	err = nc.ServiceRemove(ctx, serviceID)
+	assert.NilError(t, err)
+	poll.WaitOn(t, noServices(ctx, nc), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.NoTasks(ctx, nc), swarm.ServicePoll)
+	err = nc.NetworkRemove(ctx, overlayID)
+	assert.NilError(t, err)
+	err = d.SwarmLeave(t, true)
+	assert.NilError(t, err)
+}
+
+func TestServiceWithDefaultAddressPoolInit(t *testing.T) {
+	skip.If(t, testEnv.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support Swarm-mode")
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv,
+		daemon.WithSwarmDefaultAddrPool([]string{"20.20.0.0/16"}),
+		daemon.WithSwarmDefaultAddrPoolSubnetSize(24))
+	defer d.Stop(t)
 	cli := d.NewClientT(t)
 	defer cli.Close()
+	ctx := context.Background()
 
 	// Create a overlay network
-	name := "saanvisthira" + t.Name()
-	network.CreateNoError(t, context.Background(), cli, name,
-		network.WithDriver("overlay"))
+	name := "sthira" + t.Name()
+	overlayID := network.CreateNoError(ctx, t, cli, name,
+		network.WithDriver("overlay"),
+		network.WithCheckDuplicate(),
+	)
 
 	var instances uint64 = 1
 	serviceName := "TestService" + t.Name()
@@ -346,27 +425,34 @@ func TestServiceWithDefaultAddressPoolInit(t *testing.T) {
 		swarm.ServiceWithNetwork(name),
 	)
 
-	poll.WaitOn(t, serviceRunningCount(cli, serviceID, instances), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.RunningTasksCount(cli, serviceID, instances), swarm.ServicePoll)
 
-	_, _, err := cli.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	_, _, err := cli.ServiceInspectWithRaw(ctx, serviceID, types.ServiceInspectOptions{})
 	assert.NilError(t, err)
 
-	out, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	out, err := cli.NetworkInspect(ctx, overlayID, types.NetworkInspectOptions{Verbose: true})
 	assert.NilError(t, err)
 	t.Logf("%s: NetworkInspect: %+v", t.Name(), out)
 	assert.Assert(t, len(out.IPAM.Config) > 0)
+	// As of docker/swarmkit#2890, the ingress network uses the default address
+	// pool (whereas before, the subnet for the ingress network was hard-coded.
+	// This means that the ingress network gets the subnet 20.20.0.0/24, and
+	// the network we just created gets subnet 20.20.1.0/24.
+	assert.Equal(t, out.IPAM.Config[0].Subnet, "20.20.1.0/24")
+
+	// Also inspect ingress network and make sure its in the same subnet
+	out, err = cli.NetworkInspect(ctx, "ingress", types.NetworkInspectOptions{Verbose: true})
+	assert.NilError(t, err)
+	assert.Assert(t, len(out.IPAM.Config) > 0)
 	assert.Equal(t, out.IPAM.Config[0].Subnet, "20.20.0.0/24")
 
-	err = cli.ServiceRemove(context.Background(), serviceID)
+	err = cli.ServiceRemove(ctx, serviceID)
+	poll.WaitOn(t, noServices(ctx, cli), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.NoTasks(ctx, cli), swarm.ServicePoll)
+	assert.NilError(t, err)
+	err = cli.NetworkRemove(ctx, overlayID)
+	assert.NilError(t, err)
+	err = d.SwarmLeave(t, true)
 	assert.NilError(t, err)
-	d.SwarmLeave(true)
-	d.Stop(t)
 
-	// Clean up , set it back to original one to make sure other tests don't fail
-	ipAddr = []string{"10.0.0.0/8"}
-	ops = append(ops, daemon.WithSwarmDefaultAddrPool(ipAddr))
-	ops = append(ops, daemon.WithSwarmDefaultAddrPoolSubnetSize(24))
-	d = swarm.NewSwarm(t, testEnv, ops...)
-	d.SwarmLeave(true)
-	defer d.Stop(t)
 }
diff --git a/integration/plugin/authz/authz_plugin_test.go b/integration/plugin/authz/authz_plugin_test.go
index d0f5d8a783a60..3c8cfc6a65f6b 100644
--- a/integration/plugin/authz/authz_plugin_test.go
+++ b/integration/plugin/authz/authz_plugin_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package authz // import "github.com/docker/docker/integration/plugin/authz"
@@ -6,7 +7,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/http/httputil"
@@ -22,11 +22,12 @@ import (
 	eventtypes "github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/environment"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/authorization"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/environment"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 const (
@@ -59,7 +60,7 @@ func setupTestV1(t *testing.T) func() {
 	assert.NilError(t, err)
 
 	fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", testAuthZPlugin)
-	err = ioutil.WriteFile(fileName, []byte(server.URL), 0644)
+	err = os.WriteFile(fileName, []byte(server.URL), 0644)
 	assert.NilError(t, err)
 
 	return func() {
@@ -87,18 +88,16 @@ func TestAuthZPluginAllowRequest(t *testing.T) {
 	ctrl.resRes.Allow = true
 	d.StartWithBusybox(t, "--authorization-plugin="+testAuthZPlugin)
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
-
+	c := d.NewClientT(t)
 	ctx := context.Background()
 
 	// Ensure command successful
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, c)
 
 	assertURIRecorded(t, ctrl.requestsURIs, "/containers/create")
 	assertURIRecorded(t, ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", cID))
 
-	_, err = client.ServerVersion(ctx)
+	_, err := c.ServerVersion(ctx)
 	assert.NilError(t, err)
 	assert.Equal(t, 1, ctrl.versionReqCount)
 	assert.Equal(t, 1, ctrl.versionResCount)
@@ -126,10 +125,10 @@ func TestAuthZPluginTLS(t *testing.T) {
 	ctrl.reqRes.Allow = true
 	ctrl.resRes.Allow = true
 
-	client, err := newTLSAPIClient(testDaemonHTTPSAddr, cacertPath, clientCertPath, clientKeyPath)
+	c, err := newTLSAPIClient(testDaemonHTTPSAddr, cacertPath, clientCertPath, clientKeyPath)
 	assert.NilError(t, err)
 
-	_, err = client.ServerVersion(context.Background())
+	_, err = c.ServerVersion(context.Background())
 	assert.NilError(t, err)
 
 	assert.Equal(t, "client", ctrl.reqUser)
@@ -143,7 +142,7 @@ func newTLSAPIClient(host, cacertPath, certPath, keyPath string) (client.APIClie
 	}
 	return client.NewClientWithOpts(
 		client.WithTLSClientConfig(cacertPath, certPath, keyPath),
-		client.WithDialer(dialer),
+		client.WithDialContext(dialer.DialContext),
 		client.WithHost(host))
 }
 
@@ -153,11 +152,10 @@ func TestAuthZPluginDenyRequest(t *testing.T) {
 	ctrl.reqRes.Allow = false
 	ctrl.reqRes.Msg = unauthorizedMessage
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	// Ensure command is blocked
-	_, err = client.ServerVersion(context.Background())
+	_, err := c.ServerVersion(context.Background())
 	assert.Assert(t, err != nil)
 	assert.Equal(t, 1, ctrl.versionReqCount)
 	assert.Equal(t, 0, ctrl.versionResCount)
@@ -179,10 +177,10 @@ func TestAuthZPluginAPIDenyResponse(t *testing.T) {
 
 	conn, err := net.DialTimeout(daemonURL.Scheme, daemonURL.Path, time.Second*10)
 	assert.NilError(t, err)
-	client := httputil.NewClientConn(conn, nil)
-	req, err := http.NewRequest("GET", "/version", nil)
+	c := httputil.NewClientConn(conn, nil)
+	req, err := http.NewRequest(http.MethodGet, "/version", nil)
 	assert.NilError(t, err)
-	resp, err := client.Do(req)
+	resp, err := c.Do(req)
 
 	assert.NilError(t, err)
 	assert.DeepEqual(t, http.StatusForbidden, resp.StatusCode)
@@ -195,11 +193,10 @@ func TestAuthZPluginDenyResponse(t *testing.T) {
 	ctrl.resRes.Allow = false
 	ctrl.resRes.Msg = unauthorizedMessage
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	// Ensure command is blocked
-	_, err = client.ServerVersion(context.Background())
+	_, err := c.ServerVersion(context.Background())
 	assert.Assert(t, err != nil)
 	assert.Equal(t, 1, ctrl.versionReqCount)
 	assert.Equal(t, 1, ctrl.versionResCount)
@@ -219,29 +216,16 @@ func TestAuthZPluginAllowEventStream(t *testing.T) {
 	ctrl.resRes.Allow = true
 	d.StartWithBusybox(t, "--authorization-plugin="+testAuthZPlugin)
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
-
+	c := d.NewClientT(t)
 	ctx := context.Background()
 
-	startTime := strconv.FormatInt(systemTime(t, client, testEnv).Unix(), 10)
-	events, errs, cancel := systemEventsSince(client, startTime)
+	startTime := strconv.FormatInt(systemTime(t, c, testEnv).Unix(), 10)
+	events, errs, cancel := systemEventsSince(c, startTime)
 	defer cancel()
 
 	// Create a container and wait for the creation events
-	cID := container.Run(t, ctx, client)
-
-	for i := 0; i < 100; i++ {
-		c, err := client.ContainerInspect(ctx, cID)
-		assert.NilError(t, err)
-		if c.State.Running {
-			break
-		}
-		if i == 99 {
-			t.Fatal("Container didn't run within 10s")
-		}
-		time.Sleep(100 * time.Millisecond)
-	}
+	cID := container.Run(ctx, t, c)
+	poll.WaitOn(t, container.IsInState(ctx, c, cID, "running"))
 
 	created := false
 	started := false
@@ -304,11 +288,10 @@ func TestAuthZPluginErrorResponse(t *testing.T) {
 	ctrl.reqRes.Allow = true
 	ctrl.resRes.Err = errorMessage
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	// Ensure command is blocked
-	_, err = client.ServerVersion(context.Background())
+	_, err := c.ServerVersion(context.Background())
 	assert.Assert(t, err != nil)
 	assert.Equal(t, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s", testAuthZPlugin, authorization.AuthZApiResponse, errorMessage), err.Error())
 }
@@ -318,11 +301,10 @@ func TestAuthZPluginErrorRequest(t *testing.T) {
 	d.Start(t, "--authorization-plugin="+testAuthZPlugin)
 	ctrl.reqRes.Err = errorMessage
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	// Ensure command is blocked
-	_, err = client.ServerVersion(context.Background())
+	_, err := c.ServerVersion(context.Background())
 	assert.Assert(t, err != nil)
 	assert.Equal(t, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s", testAuthZPlugin, authorization.AuthZApiRequest, errorMessage), err.Error())
 }
@@ -334,10 +316,9 @@ func TestAuthZPluginEnsureNoDuplicatePluginRegistration(t *testing.T) {
 	ctrl.reqRes.Allow = true
 	ctrl.resRes.Allow = true
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
-	_, err = client.ServerVersion(context.Background())
+	_, err := c.ServerVersion(context.Background())
 	assert.NilError(t, err)
 
 	// assert plugin is only called once..
@@ -351,27 +332,25 @@ func TestAuthZPluginEnsureLoadImportWorking(t *testing.T) {
 	ctrl.resRes.Allow = true
 	d.StartWithBusybox(t, "--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin)
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
-
+	c := d.NewClientT(t)
 	ctx := context.Background()
 
-	tmp, err := ioutil.TempDir("", "test-authz-load-import")
+	tmp, err := os.MkdirTemp("", "test-authz-load-import")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tmp)
 
 	savedImagePath := filepath.Join(tmp, "save.tar")
 
-	err = imageSave(client, savedImagePath, "busybox")
+	err = imageSave(c, savedImagePath, "busybox")
 	assert.NilError(t, err)
-	err = imageLoad(client, savedImagePath)
+	err = imageLoad(c, savedImagePath)
 	assert.NilError(t, err)
 
 	exportedImagePath := filepath.Join(tmp, "export.tar")
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, c)
 
-	responseReader, err := client.ContainerExport(context.Background(), cID)
+	responseReader, err := c.ContainerExport(context.Background(), cID)
 	assert.NilError(t, err)
 	defer responseReader.Close()
 	file, err := os.Create(exportedImagePath)
@@ -380,7 +359,7 @@ func TestAuthZPluginEnsureLoadImportWorking(t *testing.T) {
 	_, err = io.Copy(file, responseReader)
 	assert.NilError(t, err)
 
-	err = imageImport(client, exportedImagePath)
+	err = imageImport(c, exportedImagePath)
 	assert.NilError(t, err)
 }
 
@@ -390,48 +369,47 @@ func TestAuthzPluginEnsureContainerCopyToFrom(t *testing.T) {
 	ctrl.resRes.Allow = true
 	d.StartWithBusybox(t, "--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin)
 
-	dir, err := ioutil.TempDir("", t.Name())
-	assert.Assert(t, err)
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
 
-	f, err := ioutil.TempFile(dir, "send")
-	assert.Assert(t, err)
+	f, err := os.CreateTemp(dir, "send")
+	assert.NilError(t, err)
 	defer f.Close()
 
 	buf := make([]byte, 1024)
 	fileSize := len(buf) * 1024 * 10
 	for written := 0; written < fileSize; {
 		n, err := f.Write(buf)
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 		written += n
 	}
 
+	c := d.NewClientT(t)
 	ctx := context.Background()
-	client, err := d.NewClient()
-	assert.Assert(t, err)
 
-	cID := container.Run(t, ctx, client)
-	defer client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
+	cID := container.Run(ctx, t, c)
+	defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
 
 	_, err = f.Seek(0, io.SeekStart)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	srcInfo, err := archive.CopyInfoSourcePath(f.Name(), false)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	srcArchive, err := archive.TarResource(srcInfo)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	defer srcArchive.Close()
 
 	dstDir, preparedArchive, err := archive.PrepareArchiveCopy(srcArchive, srcInfo, archive.CopyInfo{Path: "/test"})
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
-	err = client.CopyToContainer(ctx, cID, dstDir, preparedArchive, types.CopyToContainerOptions{})
-	assert.Assert(t, err)
+	err = c.CopyToContainer(ctx, cID, dstDir, preparedArchive, types.CopyToContainerOptions{})
+	assert.NilError(t, err)
 
-	rdr, _, err := client.CopyFromContainer(ctx, cID, "/test")
-	assert.Assert(t, err)
-	_, err = io.Copy(ioutil.Discard, rdr)
-	assert.Assert(t, err)
+	rdr, _, err := c.CopyFromContainer(ctx, cID, "/test")
+	assert.NilError(t, err)
+	_, err = io.Copy(io.Discard, rdr)
+	assert.NilError(t, err)
 }
 
 func imageSave(client client.APIClient, path, image string) error {
@@ -499,7 +477,7 @@ func TestAuthZPluginHeader(t *testing.T) {
 	conn, err := net.DialTimeout(daemonURL.Scheme, daemonURL.Path, time.Second*10)
 	assert.NilError(t, err)
 	client := httputil.NewClientConn(conn, nil)
-	req, err := http.NewRequest("GET", "/version", nil)
+	req, err := http.NewRequest(http.MethodGet, "/version", nil)
 	assert.NilError(t, err)
 	resp, err := client.Do(req)
 	assert.NilError(t, err)
diff --git a/integration/plugin/authz/authz_plugin_v2_test.go b/integration/plugin/authz/authz_plugin_v2_test.go
index 6b5115146b242..173d0a5df6a32 100644
--- a/integration/plugin/authz/authz_plugin_v2_test.go
+++ b/integration/plugin/authz/authz_plugin_v2_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package authz // import "github.com/docker/docker/integration/plugin/authz"
@@ -5,7 +6,7 @@ package authz // import "github.com/docker/docker/integration/plugin/authz"
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"strings"
 	"testing"
@@ -16,8 +17,8 @@ import (
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/container"
 	"github.com/docker/docker/integration/internal/requirement"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 var (
@@ -43,13 +44,11 @@ func TestAuthZPluginV2AllowNonVolumeRequest(t *testing.T) {
 	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
 	defer setupTestV2(t)()
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
-
+	c := d.NewClientT(t)
 	ctx := context.Background()
 
 	// Install authz plugin
-	err = pluginInstallGrantAllPermissions(client, authzPluginNameWithTag)
+	err := pluginInstallGrantAllPermissions(c, authzPluginNameWithTag)
 	assert.NilError(t, err)
 	// start the daemon with the plugin and load busybox, --net=none build fails otherwise
 	// because it needs to pull busybox
@@ -57,9 +56,9 @@ func TestAuthZPluginV2AllowNonVolumeRequest(t *testing.T) {
 	d.LoadBusybox(t)
 
 	// Ensure docker run command and accompanying docker ps are successful
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, c)
 
-	_, err = client.ContainerInspect(ctx, cID)
+	_, err = c.ContainerInspect(ctx, cID)
 	assert.NilError(t, err)
 }
 
@@ -67,26 +66,25 @@ func TestAuthZPluginV2Disable(t *testing.T) {
 	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
 	defer setupTestV2(t)()
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	// Install authz plugin
-	err = pluginInstallGrantAllPermissions(client, authzPluginNameWithTag)
+	err := pluginInstallGrantAllPermissions(c, authzPluginNameWithTag)
 	assert.NilError(t, err)
 
 	d.Restart(t, "--authorization-plugin="+authzPluginNameWithTag)
 	d.LoadBusybox(t)
 
-	_, err = client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
+	_, err = c.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
 	assert.Assert(t, err != nil)
 	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
 
 	// disable the plugin
-	err = client.PluginDisable(context.Background(), authzPluginNameWithTag, types.PluginDisableOptions{})
+	err = c.PluginDisable(context.Background(), authzPluginNameWithTag, types.PluginDisableOptions{})
 	assert.NilError(t, err)
 
 	// now test to see if the docker api works.
-	_, err = client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
+	_, err = c.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
 	assert.NilError(t, err)
 }
 
@@ -94,34 +92,33 @@ func TestAuthZPluginV2RejectVolumeRequests(t *testing.T) {
 	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
 	defer setupTestV2(t)()
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	// Install authz plugin
-	err = pluginInstallGrantAllPermissions(client, authzPluginNameWithTag)
+	err := pluginInstallGrantAllPermissions(c, authzPluginNameWithTag)
 	assert.NilError(t, err)
 
 	// restart the daemon with the plugin
 	d.Restart(t, "--authorization-plugin="+authzPluginNameWithTag)
 
-	_, err = client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
+	_, err = c.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
 	assert.Assert(t, err != nil)
 	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
 
-	_, err = client.VolumeList(context.Background(), filters.Args{})
+	_, err = c.VolumeList(context.Background(), filters.Args{})
 	assert.Assert(t, err != nil)
 	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
 
 	// The plugin will block the command before it can determine the volume does not exist
-	err = client.VolumeRemove(context.Background(), "test", false)
+	err = c.VolumeRemove(context.Background(), "test", false)
 	assert.Assert(t, err != nil)
 	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
 
-	_, err = client.VolumeInspect(context.Background(), "test")
+	_, err = c.VolumeInspect(context.Background(), "test")
 	assert.Assert(t, err != nil)
 	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
 
-	_, err = client.VolumesPrune(context.Background(), filters.Args{})
+	_, err = c.VolumesPrune(context.Background(), filters.Args{})
 	assert.Assert(t, err != nil)
 	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
 }
@@ -130,11 +127,10 @@ func TestAuthZPluginV2BadManifestFailsDaemonStart(t *testing.T) {
 	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
 	defer setupTestV2(t)()
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
 
 	// Install authz plugin with bad manifest
-	err = pluginInstallGrantAllPermissions(client, authzPluginBadManifestName)
+	err := pluginInstallGrantAllPermissions(c, authzPluginBadManifestName)
 	assert.NilError(t, err)
 
 	// start the daemon with the plugin, it will error
@@ -170,6 +166,6 @@ func pluginInstallGrantAllPermissions(client client.APIClient, name string) erro
 	// we have to read the response out here because the client API
 	// actually starts a goroutine which we can only be sure has
 	// completed when we get EOF from reading responseBody
-	_, err = ioutil.ReadAll(responseReader)
+	_, err = io.ReadAll(responseReader)
 	return err
 }
diff --git a/integration/plugin/authz/main_test.go b/integration/plugin/authz/main_test.go
index 96c5901073f0f..b4e65640819be 100644
--- a/integration/plugin/authz/main_test.go
+++ b/integration/plugin/authz/main_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package authz // import "github.com/docker/docker/integration/plugin/authz"
@@ -5,18 +6,18 @@ package authz // import "github.com/docker/docker/integration/plugin/authz"
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"strings"
 	"testing"
 
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/environment"
 	"github.com/docker/docker/pkg/authorization"
 	"github.com/docker/docker/pkg/plugins"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/environment"
+	"gotest.tools/v3/skip"
 )
 
 var (
@@ -49,9 +50,10 @@ func TestMain(m *testing.M) {
 func setupTest(t *testing.T) func() {
 	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of localhost")
 	environment.ProtectAll(t, testEnv)
 
-	d = daemon.New(t, daemon.WithExperimental)
+	d = daemon.New(t, daemon.WithExperimental())
 
 	return func() {
 		if d != nil {
@@ -75,7 +77,7 @@ func setupSuite() {
 
 	mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) {
 		defer r.Body.Close()
-		body, err := ioutil.ReadAll(r.Body)
+		body, err := io.ReadAll(r.Body)
 		if err != nil {
 			panic("could not read body for /AuthZPlugin.AuthZReq: " + err.Error())
 		}
@@ -113,7 +115,7 @@ func setupSuite() {
 
 	mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) {
 		defer r.Body.Close()
-		body, err := ioutil.ReadAll(r.Body)
+		body, err := io.ReadAll(r.Body)
 		if err != nil {
 			panic("could not read body for /AuthZPlugin.AuthZRes: " + err.Error())
 		}
diff --git a/integration/plugin/common/main_test.go b/integration/plugin/common/main_test.go
new file mode 100644
index 0000000000000..cd42c8f76153e
--- /dev/null
+++ b/integration/plugin/common/main_test.go
@@ -0,0 +1,31 @@
+package common // import "github.com/docker/docker/integration/plugin/common"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/docker/testutil/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	if reexec.Init() {
+		return
+	}
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/integration/plugin/common/plugin_test.go b/integration/plugin/common/plugin_test.go
new file mode 100644
index 0000000000000..fb37a5e174616
--- /dev/null
+++ b/integration/plugin/common/plugin_test.go
@@ -0,0 +1,284 @@
+package common // import "github.com/docker/docker/integration/plugin/common"
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/remotes/docker"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/fixtures/plugin"
+	"github.com/docker/docker/testutil/registry"
+	"github.com/docker/docker/testutil/request"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
+)
+
+func TestPluginInvalidJSON(t *testing.T) {
+	defer setupTest(t)()
+
+	endpoints := []string{"/plugins/foobar/set"}
+
+	for _, ep := range endpoints {
+		ep := ep
+		t.Run(ep, func(t *testing.T) {
+			t.Parallel()
+
+			res, body, err := request.Post(ep, request.RawString("{invalid json"), request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusBadRequest)
+
+			buf, err := request.ReadBody(body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(buf), "invalid character 'i' looking for beginning of object key string"))
+
+			res, body, err = request.Post(ep, request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusBadRequest)
+
+			buf, err = request.ReadBody(body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(buf), "got EOF while reading request body"))
+		})
+	}
+}
+
+func TestPluginInstall(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, testEnv.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of localhost")
+
+	ctx := context.Background()
+	client := testEnv.APIClient()
+
+	t.Run("no auth", func(t *testing.T) {
+		defer setupTest(t)()
+
+		reg := registry.NewV2(t)
+		defer reg.Close()
+
+		name := "test-" + strings.ToLower(t.Name())
+		repo := path.Join(registry.DefaultURL, name+":latest")
+		assert.NilError(t, plugin.CreateInRegistry(ctx, repo, nil))
+
+		rdr, err := client.PluginInstall(ctx, repo, types.PluginInstallOptions{Disabled: true, RemoteRef: repo})
+		assert.NilError(t, err)
+		defer rdr.Close()
+
+		_, err = io.Copy(io.Discard, rdr)
+		assert.NilError(t, err)
+
+		_, _, err = client.PluginInspectWithRaw(ctx, repo)
+		assert.NilError(t, err)
+	})
+
+	t.Run("with htpasswd", func(t *testing.T) {
+		defer setupTest(t)()
+
+		reg := registry.NewV2(t, registry.Htpasswd)
+		defer reg.Close()
+
+		name := "test-" + strings.ToLower(t.Name())
+		repo := path.Join(registry.DefaultURL, name+":latest")
+		auth := &types.AuthConfig{ServerAddress: registry.DefaultURL, Username: "testuser", Password: "testpassword"}
+		assert.NilError(t, plugin.CreateInRegistry(ctx, repo, auth))
+
+		authEncoded, err := json.Marshal(auth)
+		assert.NilError(t, err)
+
+		rdr, err := client.PluginInstall(ctx, repo, types.PluginInstallOptions{
+			RegistryAuth: base64.URLEncoding.EncodeToString(authEncoded),
+			Disabled:     true,
+			RemoteRef:    repo,
+		})
+		assert.NilError(t, err)
+		defer rdr.Close()
+
+		_, err = io.Copy(io.Discard, rdr)
+		assert.NilError(t, err)
+
+		_, _, err = client.PluginInspectWithRaw(ctx, repo)
+		assert.NilError(t, err)
+	})
+	t.Run("with insecure", func(t *testing.T) {
+		skip.If(t, !testEnv.IsLocalDaemon())
+
+		addrs, err := net.InterfaceAddrs()
+		assert.NilError(t, err)
+
+		var bindTo string
+		for _, addr := range addrs {
+			ip, ok := addr.(*net.IPNet)
+			if !ok {
+				continue
+			}
+			if ip.IP.IsLoopback() || ip.IP.To4() == nil {
+				continue
+			}
+			bindTo = ip.IP.String()
+		}
+
+		if bindTo == "" {
+			t.Skip("No suitable interface to bind registry to")
+		}
+
+		regURL := bindTo + ":5000"
+
+		d := daemon.New(t)
+		defer d.Stop(t)
+
+		d.Start(t, "--insecure-registry="+regURL)
+		defer d.Stop(t)
+
+		reg := registry.NewV2(t, registry.URL(regURL))
+		defer reg.Close()
+
+		name := "test-" + strings.ToLower(t.Name())
+		repo := path.Join(regURL, name+":latest")
+		assert.NilError(t, plugin.CreateInRegistry(ctx, repo, nil, plugin.WithInsecureRegistry(regURL)))
+
+		client := d.NewClientT(t)
+		rdr, err := client.PluginInstall(ctx, repo, types.PluginInstallOptions{Disabled: true, RemoteRef: repo})
+		assert.NilError(t, err)
+		defer rdr.Close()
+
+		_, err = io.Copy(io.Discard, rdr)
+		assert.NilError(t, err)
+
+		_, _, err = client.PluginInspectWithRaw(ctx, repo)
+		assert.NilError(t, err)
+	})
+	// TODO: test insecure registry with https
+}
+
+func TestPluginsWithRuntimes(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, testEnv.IsRootless, "Test not supported on rootless due to buggy daemon setup in rootless mode due to daemon restart")
+	skip.If(t, testEnv.OSType == "windows")
+
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+	defer os.RemoveAll(dir)
+
+	d := daemon.New(t)
+	defer d.Cleanup(t)
+
+	d.Start(t)
+	defer d.Stop(t)
+
+	ctx := context.Background()
+	client := d.NewClientT(t)
+
+	assert.NilError(t, plugin.Create(ctx, client, "test:latest"))
+	defer client.PluginRemove(ctx, "test:latest", types.PluginRemoveOptions{Force: true})
+
+	assert.NilError(t, client.PluginEnable(ctx, "test:latest", types.PluginEnableOptions{Timeout: 30}))
+
+	p := filepath.Join(dir, "myrt")
+	script := fmt.Sprintf(`#!/bin/sh
+	file="%s/success"
+	if [ "$1" = "someArg" ]; then
+		shift
+		file="${file}_someArg"
+	fi
+
+	touch $file
+	exec runc $@
+	`, dir)
+
+	assert.NilError(t, os.WriteFile(p, []byte(script), 0777))
+
+	type config struct {
+		Runtimes map[string]types.Runtime `json:"runtimes"`
+	}
+
+	cfg, err := json.Marshal(config{
+		Runtimes: map[string]types.Runtime{
+			"myrt":     {Path: p},
+			"myrtArgs": {Path: p, Args: []string{"someArg"}},
+		},
+	})
+	configPath := filepath.Join(dir, "config.json")
+	os.WriteFile(configPath, cfg, 0644)
+
+	t.Run("No Args", func(t *testing.T) {
+		d.Restart(t, "--default-runtime=myrt", "--config-file="+configPath)
+		_, err = os.Stat(filepath.Join(dir, "success"))
+		assert.NilError(t, err)
+	})
+
+	t.Run("With Args", func(t *testing.T) {
+		d.Restart(t, "--default-runtime=myrtArgs", "--config-file="+configPath)
+		_, err = os.Stat(filepath.Join(dir, "success_someArg"))
+		assert.NilError(t, err)
+	})
+}
+
+func TestPluginBackCompatMediaTypes(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, testEnv.OSType == "windows")
+	skip.If(t, testEnv.IsRootless, "Rootless has a different view of localhost (needed for test registry access)")
+
+	defer setupTest(t)()
+
+	reg := registry.NewV2(t)
+	defer reg.Close()
+	reg.WaitReady(t)
+
+	repo := path.Join(registry.DefaultURL, strings.ToLower(t.Name())+":latest")
+
+	client := testEnv.APIClient()
+
+	ctx := context.Background()
+	assert.NilError(t, plugin.Create(ctx, client, repo))
+
+	rdr, err := client.PluginPush(ctx, repo, "")
+	assert.NilError(t, err)
+	defer rdr.Close()
+
+	buf := &strings.Builder{}
+	assert.NilError(t, jsonmessage.DisplayJSONMessagesStream(rdr, buf, 0, false, nil), buf)
+
+	// Use custom header here because older versions of the registry do not
+	// parse the accept header correctly and does not like the accept header
+	// that the default resolver code uses. "Older registries" here would be
+	// like the one currently included in the test suite.
+	headers := http.Header{}
+	headers.Add("Accept", images.MediaTypeDockerSchema2Manifest)
+
+	resolver := docker.NewResolver(docker.ResolverOptions{
+		Headers: headers,
+	})
+	assert.NilError(t, err)
+
+	n, desc, err := resolver.Resolve(ctx, repo)
+	assert.NilError(t, err, repo)
+
+	fetcher, err := resolver.Fetcher(ctx, n)
+	assert.NilError(t, err)
+
+	rdr, err = fetcher.Fetch(ctx, desc)
+	assert.NilError(t, err)
+	defer rdr.Close()
+
+	var m v1.Manifest
+	assert.NilError(t, json.NewDecoder(rdr).Decode(&m))
+	assert.Check(t, cmp.Equal(m.MediaType, images.MediaTypeDockerSchema2Manifest))
+	assert.Check(t, cmp.Len(m.Layers, 1))
+	assert.Check(t, cmp.Equal(m.Layers[0].MediaType, images.MediaTypeDockerSchema2LayerGzip))
+}
diff --git a/integration/plugin/graphdriver/external_test.go b/integration/plugin/graphdriver/external_test.go
index 99ce60ceef0e1..57fb27856d0d3 100644
--- a/integration/plugin/graphdriver/external_test.go
+++ b/integration/plugin/graphdriver/external_test.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -19,12 +18,12 @@ import (
 	"github.com/docker/docker/daemon/graphdriver/vfs"
 	"github.com/docker/docker/integration/internal/container"
 	"github.com/docker/docker/integration/internal/requirement"
-	"github.com/docker/docker/internal/test/daemon"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/plugins"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 type graphEventsCounter struct {
@@ -48,13 +47,14 @@ func TestExternalGraphDriver(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows")
 	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
 	skip.If(t, !requirement.HasHubConnectivity(t))
+	skip.If(t, testEnv.IsRootless, "rootless mode doesn't support external graph driver")
 
 	// Setup plugin(s)
 	ec := make(map[string]*graphEventsCounter)
 	sserver := setupPluginViaSpecFile(t, ec)
 	jserver := setupPluginViaJSONFile(t, ec)
 	// Create daemon
-	d := daemon.New(t, daemon.WithExperimental)
+	d := daemon.New(t, daemon.WithExperimental())
 	c := d.NewClientT(t)
 
 	for _, tc := range []struct {
@@ -128,7 +128,7 @@ func setupPlugin(t *testing.T, ec map[string]*graphEventsCounter, ext string, mu
 		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
 		switch t := data.(type) {
 		case error:
-			fmt.Fprintln(w, fmt.Sprintf(`{"Err": %q}`, t.Error()))
+			fmt.Fprintf(w, "{\"Err\": %q}\n", t.Error())
 		case string:
 			fmt.Fprintln(w, t)
 		default:
@@ -144,7 +144,7 @@ func setupPlugin(t *testing.T, ec map[string]*graphEventsCounter, ext string, mu
 		return nil
 	}
 
-	base, err := ioutil.TempDir("", name)
+	base, err := os.MkdirTemp("", name)
 	assert.NilError(t, err)
 	vfsProto, err := vfs.Init(base, []string{}, nil, nil)
 	assert.NilError(t, err, "error initializing graph driver")
@@ -317,7 +317,7 @@ func setupPlugin(t *testing.T, ec map[string]*graphEventsCounter, ext string, mu
 		parent := r.URL.Query().Get("parent")
 
 		if id == "" {
-			http.Error(w, fmt.Sprintf("missing id"), 409)
+			http.Error(w, "missing id", 409)
 		}
 
 		size, err := driver.ApplyDiff(id, parent, diff)
@@ -348,7 +348,7 @@ func setupPlugin(t *testing.T, ec map[string]*graphEventsCounter, ext string, mu
 	assert.NilError(t, err)
 
 	specFile := "/etc/docker/plugins/" + name + "." + ext
-	err = ioutil.WriteFile(specFile, b, 0644)
+	err = os.WriteFile(specFile, b, 0644)
 	assert.NilError(t, err)
 }
 
@@ -360,7 +360,7 @@ func testExternalGraphDriver(ext string, ec map[string]*graphEventsCounter) func
 
 			ctx := context.Background()
 
-			testGraphDriver(t, c, ctx, driverName, func(t *testing.T) {
+			testGraphDriver(ctx, t, c, driverName, func(t *testing.T) {
 				d.Restart(t, "-s", driverName)
 			})
 
@@ -394,12 +394,12 @@ func testGraphDriverPull(c client.APIClient, d *daemon.Daemon) func(*testing.T)
 		defer d.Stop(t)
 		ctx := context.Background()
 
-		r, err := c.ImagePull(ctx, "busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0", types.ImagePullOptions{})
+		r, err := c.ImagePull(ctx, "busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209", types.ImagePullOptions{})
 		assert.NilError(t, err)
-		_, err = io.Copy(ioutil.Discard, r)
+		_, err = io.Copy(io.Discard, r)
 		assert.NilError(t, err)
 
-		container.Run(t, ctx, c, container.WithImage("busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0"))
+		container.Run(ctx, t, c, container.WithImage("busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209"))
 	}
 }
 
@@ -410,7 +410,7 @@ func TestGraphdriverPluginV2(t *testing.T) {
 	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
 	skip.If(t, !requirement.Overlay2Supported(testEnv.DaemonInfo.KernelVersion))
 
-	d := daemon.New(t, daemon.WithExperimental)
+	d := daemon.New(t, daemon.WithExperimental())
 	d.Start(t)
 	defer d.Stop(t)
 
@@ -424,22 +424,21 @@ func TestGraphdriverPluginV2(t *testing.T) {
 		RemoteRef:            plugin,
 		AcceptAllPermissions: true,
 	})
-	defer responseReader.Close()
 	assert.NilError(t, err)
+	defer responseReader.Close()
 	// ensure it's done by waiting for EOF on the response
-	_, err = io.Copy(ioutil.Discard, responseReader)
+	_, err = io.Copy(io.Discard, responseReader)
 	assert.NilError(t, err)
 
 	// restart the daemon with the plugin set as the storage driver
 	d.Stop(t)
 	d.StartWithBusybox(t, "-s", plugin, "--storage-opt", "overlay2.override_kernel_check=1")
 
-	testGraphDriver(t, client, ctx, plugin, nil)
+	testGraphDriver(ctx, t, client, plugin, nil)
 }
 
-// nolint: golint
-func testGraphDriver(t *testing.T, c client.APIClient, ctx context.Context, driverName string, afterContainerRunFn func(*testing.T)) { //nolint: golint
-	id := container.Run(t, ctx, c, container.WithCmd("sh", "-c", "echo hello > /hello"))
+func testGraphDriver(ctx context.Context, t *testing.T, c client.APIClient, driverName string, afterContainerRunFn func(*testing.T)) {
+	id := container.Run(ctx, t, c, container.WithCmd("sh", "-c", "echo hello > /hello"))
 
 	if afterContainerRunFn != nil {
 		afterContainerRunFn(t)
diff --git a/integration/plugin/graphdriver/main_test.go b/integration/plugin/graphdriver/main_test.go
index 6b6c1a12323aa..68fa02c81e9bf 100644
--- a/integration/plugin/graphdriver/main_test.go
+++ b/integration/plugin/graphdriver/main_test.go
@@ -5,8 +5,8 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
 	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var (
@@ -17,8 +17,6 @@ func init() {
 	reexec.Init() // This is required for external graphdriver tests
 }
 
-const dockerdBinary = "dockerd"
-
 func TestMain(m *testing.M) {
 	var err error
 	testEnv, err = environment.New()
diff --git a/integration/plugin/logging/cmd/cmd_test.go b/integration/plugin/logging/cmd/cmd_test.go
deleted file mode 100644
index 1d619dd05e2ae..0000000000000
--- a/integration/plugin/logging/cmd/cmd_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package cmd
diff --git a/integration/plugin/logging/cmd/discard/driver.go b/integration/plugin/logging/cmd/discard/driver.go
new file mode 100644
index 0000000000000..bbdebaf443bdc
--- /dev/null
+++ b/integration/plugin/logging/cmd/discard/driver.go
@@ -0,0 +1,85 @@
+package main
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"os"
+	"sync"
+	"syscall"
+)
+
+type startLoggingRequest struct {
+	File string
+}
+
+type capabilitiesResponse struct {
+	Cap struct {
+		ReadLogs bool
+	}
+}
+
+type driver struct {
+	mu   sync.Mutex
+	logs map[string]io.Closer
+}
+
+type stopLoggingRequest struct {
+	File string
+}
+
+func handle(mux *http.ServeMux) {
+	d := &driver{logs: make(map[string]io.Closer)}
+	mux.HandleFunc("/LogDriver.StartLogging", func(w http.ResponseWriter, r *http.Request) {
+		var req startLoggingRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		f, err := os.OpenFile(req.File, syscall.O_RDONLY, 0700)
+		if err != nil {
+			respond(err, w)
+		}
+
+		d.mu.Lock()
+		d.logs[req.File] = f
+		d.mu.Unlock()
+
+		go io.Copy(io.Discard, f)
+		respond(err, w)
+	})
+
+	mux.HandleFunc("/LogDriver.StopLogging", func(w http.ResponseWriter, r *http.Request) {
+		var req stopLoggingRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		d.mu.Lock()
+		if f := d.logs[req.File]; f != nil {
+			f.Close()
+		}
+		d.mu.Unlock()
+		respond(nil, w)
+	})
+
+	mux.HandleFunc("/LogDriver.Capabilities", func(w http.ResponseWriter, r *http.Request) {
+		json.NewEncoder(w).Encode(&capabilitiesResponse{
+			Cap: struct{ ReadLogs bool }{ReadLogs: false},
+		})
+	})
+}
+
+type response struct {
+	Err string
+}
+
+func respond(err error, w io.Writer) {
+	var res response
+	if err != nil {
+		res.Err = err.Error()
+	}
+	json.NewEncoder(w).Encode(&res)
+}
diff --git a/integration/plugin/logging/cmd/discard/main.go b/integration/plugin/logging/cmd/discard/main.go
new file mode 100644
index 0000000000000..15577ca0a9d12
--- /dev/null
+++ b/integration/plugin/logging/cmd/discard/main.go
@@ -0,0 +1,22 @@
+package main
+
+import (
+	"net"
+	"net/http"
+)
+
+func main() {
+	l, err := net.Listen("unix", "/run/docker/plugins/plugin.sock")
+	if err != nil {
+		panic(err)
+	}
+
+	mux := http.NewServeMux()
+	handle(mux)
+
+	server := http.Server{
+		Addr:    l.Addr().String(),
+		Handler: mux,
+	}
+	server.Serve(l)
+}
diff --git a/integration/plugin/logging/cmd/close_on_start/main_test.go b/integration/plugin/logging/cmd/discard/main_test.go
similarity index 100%
rename from integration/plugin/logging/cmd/close_on_start/main_test.go
rename to integration/plugin/logging/cmd/discard/main_test.go
diff --git a/integration/plugin/logging/cmd/dummy/main_test.go b/integration/plugin/logging/cmd/dummy/main_test.go
deleted file mode 100644
index 06ab7d0f9a35a..0000000000000
--- a/integration/plugin/logging/cmd/dummy/main_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package main
diff --git a/integration/plugin/logging/helpers_test.go b/integration/plugin/logging/helpers_test.go
index dbdd36b90512f..7a9f146c9d3f4 100644
--- a/integration/plugin/logging/helpers_test.go
+++ b/integration/plugin/logging/helpers_test.go
@@ -9,8 +9,8 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/internal/test/fixtures/plugin"
-	"github.com/docker/docker/pkg/locker"
+	"github.com/docker/docker/testutil/fixtures/plugin"
+	"github.com/moby/locker"
 	"github.com/pkg/errors"
 )
 
@@ -31,7 +31,7 @@ func ensurePlugin(t *testing.T, name string) string {
 	}
 
 	cmd := exec.Command(goBin, "build", "-o", installPath, "./"+filepath.Join("cmd", name))
-	cmd.Env = append(cmd.Env, "CGO_ENABLED=0")
+	cmd.Env = append(os.Environ(), "CGO_ENABLED=0", "GO111MODULE=off")
 	if out, err := cmd.CombinedOutput(); err != nil {
 		t.Fatal(errors.Wrapf(err, "error building basic plugin bin: %s", string(out)))
 	}
diff --git a/integration/plugin/logging/logging_linux_test.go b/integration/plugin/logging/logging_linux_test.go
index 3921fa6e6985c..2af0237f7cfb5 100644
--- a/integration/plugin/logging/logging_linux_test.go
+++ b/integration/plugin/logging/logging_linux_test.go
@@ -10,13 +10,13 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/daemon"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 func TestContinueAfterPluginCrash(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon(), "test requires daemon on the same host")
+	skip.If(t, testEnv.IsRemoteDaemon, "test requires daemon on the same host")
 	t.Parallel()
 
 	d := daemon.New(t)
@@ -33,7 +33,7 @@ func TestContinueAfterPluginCrash(t *testing.T) {
 
 	ctx, cancel = context.WithTimeout(context.Background(), 60*time.Second)
 
-	id := container.Run(t, ctx, client,
+	id := container.Run(ctx, t, client,
 		container.WithAutoRemove,
 		container.WithLogDriver("test"),
 		container.WithCmd(
@@ -45,9 +45,9 @@ func TestContinueAfterPluginCrash(t *testing.T) {
 
 	// Attach to the container to make sure it's written a few times to stdout
 	attach, err := client.ContainerAttach(context.Background(), id, types.ContainerAttachOptions{Stream: true, Stdout: true})
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
-	chErr := make(chan error)
+	chErr := make(chan error, 1)
 	go func() {
 		defer close(chErr)
 		rdr := bufio.NewReader(attach.Reader)
@@ -62,7 +62,7 @@ func TestContinueAfterPluginCrash(t *testing.T) {
 
 	select {
 	case err := <-chErr:
-		assert.Assert(t, err)
+		assert.NilError(t, err)
 	case <-time.After(60 * time.Second):
 		t.Fatal("timeout waiting for container i/o")
 	}
@@ -71,7 +71,7 @@ func TestContinueAfterPluginCrash(t *testing.T) {
 	// TODO(@cpuguy83): This is horribly hacky but is the only way to really test this case right now.
 	// It would be nice if there was a way to know that a broken pipe has occurred without looking through the logs.
 	log, err := os.Open(d.LogFileName())
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	scanner := bufio.NewScanner(log)
 	for scanner.Scan() {
 		assert.Assert(t, !strings.Contains(scanner.Text(), "broken pipe"))
diff --git a/integration/plugin/logging/main_test.go b/integration/plugin/logging/main_test.go
index e1292a5718d80..40a41b9b2c0b0 100644
--- a/integration/plugin/logging/main_test.go
+++ b/integration/plugin/logging/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var (
diff --git a/integration/plugin/logging/read_test.go b/integration/plugin/logging/read_test.go
new file mode 100644
index 0000000000000..e84738a72e314
--- /dev/null
+++ b/integration/plugin/logging/read_test.go
@@ -0,0 +1,92 @@
+package logging
+
+import (
+	"bytes"
+	"context"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+)
+
+// TestReadPluginNoRead tests that reads are supported even if the plugin isn't capable.
+func TestReadPluginNoRead(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("no unix domain sockets on Windows")
+	}
+	t.Parallel()
+	d := daemon.New(t)
+	d.StartWithBusybox(t, "--iptables=false")
+	defer d.Stop(t)
+
+	client, err := d.NewClient()
+	assert.Assert(t, err)
+	createPlugin(t, client, "test", "discard", asLogDriver)
+
+	ctx := context.Background()
+
+	err = client.PluginEnable(ctx, "test", types.PluginEnableOptions{Timeout: 30})
+	assert.Check(t, err)
+	d.Stop(t)
+
+	cfg := &container.Config{
+		Image: "busybox",
+		Cmd:   []string{"/bin/echo", "hello world"},
+	}
+	for desc, test := range map[string]struct {
+		dOpts         []string
+		logsSupported bool
+	}{
+		"default":                    {logsSupported: true},
+		"disabled caching":           {[]string{"--log-opt=cache-disabled=true"}, false},
+		"explicitly enabled caching": {[]string{"--log-opt=cache-disabled=false"}, true},
+	} {
+		t.Run(desc, func(t *testing.T) {
+			d.Start(t, append([]string{"--iptables=false"}, test.dOpts...)...)
+			defer d.Stop(t)
+			c, err := client.ContainerCreate(ctx,
+				cfg,
+				&container.HostConfig{LogConfig: container.LogConfig{Type: "test"}},
+				nil,
+				nil,
+				"",
+			)
+			assert.Assert(t, err)
+			defer client.ContainerRemove(ctx, c.ID, types.ContainerRemoveOptions{Force: true})
+
+			err = client.ContainerStart(ctx, c.ID, types.ContainerStartOptions{})
+			assert.Assert(t, err)
+
+			logs, err := client.ContainerLogs(ctx, c.ID, types.ContainerLogsOptions{ShowStdout: true})
+			if !test.logsSupported {
+				assert.Assert(t, err != nil)
+				return
+			}
+			assert.Assert(t, err)
+			defer logs.Close()
+
+			buf := bytes.NewBuffer(nil)
+
+			errCh := make(chan error, 1)
+			go func() {
+				_, err := stdcopy.StdCopy(buf, buf, logs)
+				errCh <- err
+			}()
+
+			select {
+			case <-time.After(60 * time.Second):
+				t.Fatal("timeout waiting for IO to complete")
+			case err := <-errCh:
+				assert.Assert(t, err)
+			}
+			assert.Assert(t, strings.TrimSpace(buf.String()) == "hello world", buf.Bytes())
+		})
+	}
+
+}
diff --git a/integration/plugin/logging/validation_test.go b/integration/plugin/logging/validation_test.go
index 200eb98759591..9a0a46350df3d 100644
--- a/integration/plugin/logging/validation_test.go
+++ b/integration/plugin/logging/validation_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package logging
@@ -7,9 +8,9 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/internal/test/daemon"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 // Regression test for #35553
@@ -24,14 +25,13 @@ func TestDaemonStartWithLogOpt(t *testing.T) {
 	d.Start(t, "--iptables=false")
 	defer d.Stop(t)
 
-	client, err := d.NewClient()
-	assert.Check(t, err)
+	c := d.NewClientT(t)
 	ctx := context.Background()
 
-	createPlugin(t, client, "test", "dummy", asLogDriver)
-	err = client.PluginEnable(ctx, "test", types.PluginEnableOptions{Timeout: 30})
+	createPlugin(t, c, "test", "dummy", asLogDriver)
+	err := c.PluginEnable(ctx, "test", types.PluginEnableOptions{Timeout: 30})
 	assert.Check(t, err)
-	defer client.PluginRemove(ctx, "test", types.PluginRemoveOptions{Force: true})
+	defer c.PluginRemove(ctx, "test", types.PluginRemoveOptions{Force: true})
 
 	d.Stop(t)
 	d.Start(t, "--iptables=false", "--log-driver=test", "--log-opt=foo=bar")
diff --git a/integration/plugin/volumes/cmd/cmd_test.go b/integration/plugin/volumes/cmd/cmd_test.go
deleted file mode 100644
index 1d619dd05e2ae..0000000000000
--- a/integration/plugin/volumes/cmd/cmd_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package cmd
diff --git a/integration/plugin/volumes/cmd/dummy/main_test.go b/integration/plugin/volumes/cmd/dummy/main_test.go
deleted file mode 100644
index 06ab7d0f9a35a..0000000000000
--- a/integration/plugin/volumes/cmd/dummy/main_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package main
diff --git a/integration/plugin/volumes/helpers_test.go b/integration/plugin/volumes/helpers_test.go
index 36aafd59c2000..96cefead92df0 100644
--- a/integration/plugin/volumes/helpers_test.go
+++ b/integration/plugin/volumes/helpers_test.go
@@ -9,9 +9,10 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/internal/test/fixtures/plugin"
-	"github.com/docker/docker/pkg/locker"
+	"github.com/docker/docker/testutil/fixtures/plugin"
+	"github.com/moby/locker"
 	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
 )
 
 var pluginBuildLock = locker.New()
@@ -32,12 +33,10 @@ func ensurePlugin(t *testing.T, name string) string {
 	}
 
 	goBin, err := exec.LookPath("go")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	cmd := exec.Command(goBin, "build", "-o", installPath, "./"+filepath.Join("cmd", name))
-	cmd.Env = append(cmd.Env, "CGO_ENABLED=0")
+	cmd.Env = append(os.Environ(), "CGO_ENABLED=0", "GO111MODULE=off")
 	if out, err := cmd.CombinedOutput(); err != nil {
 		t.Fatal(errors.Wrapf(err, "error building basic plugin bin: %s", string(out)))
 	}
@@ -61,9 +60,7 @@ func createPlugin(t *testing.T, client plugin.CreateClient, alias, bin string, o
 	err := plugin.Create(ctx, client, alias, opts...)
 	cancel()
 
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 }
 
 func asVolumeDriver(cfg *plugin.Config) {
diff --git a/integration/plugin/volumes/main_test.go b/integration/plugin/volumes/main_test.go
index 5a5678d9c4555..a8ca6a82a18e2 100644
--- a/integration/plugin/volumes/main_test.go
+++ b/integration/plugin/volumes/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var (
@@ -19,9 +19,6 @@ func TestMain(m *testing.M) {
 		fmt.Println(err)
 		os.Exit(1)
 	}
-	if testEnv.OSType != "linux" {
-		os.Exit(0)
-	}
 	err = environment.EnsureFrozenImagesLinux(testEnv)
 	if err != nil {
 		fmt.Println(err)
diff --git a/integration/plugin/volumes/mounts_test.go b/integration/plugin/volumes/mounts_test.go
index fb4b492c3a1f5..c80c4cd79c767 100644
--- a/integration/plugin/volumes/mounts_test.go
+++ b/integration/plugin/volumes/mounts_test.go
@@ -2,15 +2,14 @@ package volumes
 
 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/fixtures/plugin"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/fixtures/plugin"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 // TestPluginWithDevMounts tests very specific regression caused by mounts ordering
@@ -18,21 +17,21 @@ import (
 func TestPluginWithDevMounts(t *testing.T) {
 	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, testEnv.IsRootless)
 	t.Parallel()
 
 	d := daemon.New(t)
 	d.Start(t, "--iptables=false")
 	defer d.Stop(t)
 
-	client, err := d.NewClient()
-	assert.Assert(t, err)
+	c := d.NewClientT(t)
 	ctx := context.Background()
 
-	testDir, err := ioutil.TempDir("", "test-dir")
-	assert.Assert(t, err)
+	testDir, err := os.MkdirTemp("", "test-dir")
+	assert.NilError(t, err)
 	defer os.RemoveAll(testDir)
 
-	createPlugin(t, client, "test", "dummy", asVolumeDriver, func(c *plugin.Config) {
+	createPlugin(t, c, "test", "dummy", asVolumeDriver, func(c *plugin.Config) {
 		root := "/"
 		dev := "/dev"
 		mounts := []types.PluginMount{
@@ -46,14 +45,14 @@ func TestPluginWithDevMounts(t *testing.T) {
 		c.IpcHost = true
 	})
 
-	err = client.PluginEnable(ctx, "test", types.PluginEnableOptions{Timeout: 30})
-	assert.Assert(t, err)
+	err = c.PluginEnable(ctx, "test", types.PluginEnableOptions{Timeout: 30})
+	assert.NilError(t, err)
 	defer func() {
-		err := client.PluginRemove(ctx, "test", types.PluginRemoveOptions{Force: true})
+		err := c.PluginRemove(ctx, "test", types.PluginRemoveOptions{Force: true})
 		assert.Check(t, err)
 	}()
 
-	p, _, err := client.PluginInspectWithRaw(ctx, "test")
-	assert.Assert(t, err)
+	p, _, err := c.PluginInspectWithRaw(ctx, "test")
+	assert.NilError(t, err)
 	assert.Assert(t, p.Enabled)
 }
diff --git a/integration/secret/main_test.go b/integration/secret/main_test.go
index abd4eef9f0bde..a0cc4d889c50e 100644
--- a/integration/secret/main_test.go
+++ b/integration/secret/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/secret/secret_test.go b/integration/secret/secret_test.go
index 565de2ba09bf7..fb307bb60ed26 100644
--- a/integration/secret/secret_test.go
+++ b/integration/secret/secret_test.go
@@ -3,6 +3,7 @@ package secret // import "github.com/docker/docker/integration/secret"
 import (
 	"bytes"
 	"context"
+	"encoding/json"
 	"sort"
 	"testing"
 	"time"
@@ -11,11 +12,13 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/client"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/integration/internal/swarm"
 	"github.com/docker/docker/pkg/stdcopy"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestSecretInspect(t *testing.T) {
@@ -24,21 +27,22 @@ func TestSecretInspect(t *testing.T) {
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	ctx := context.Background()
 
-	testName := "test_secret_" + t.Name()
-	secretID := createSecret(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+	testName := t.Name()
+	secretID := createSecret(ctx, t, c, testName, []byte("TESTINGDATA"), nil)
 
-	secret, _, err := client.SecretInspectWithRaw(context.Background(), secretID)
+	insp, body, err := c.SecretInspectWithRaw(ctx, secretID)
 	assert.NilError(t, err)
-	assert.Check(t, is.Equal(secret.Spec.Name, testName))
+	assert.Check(t, is.Equal(insp.Spec.Name, testName))
 
-	secret, _, err = client.SecretInspectWithRaw(context.Background(), testName)
+	var secret swarmtypes.Secret
+	err = json.Unmarshal(body, &secret)
 	assert.NilError(t, err)
-	assert.Check(t, is.Equal(secretID, secretID))
+	assert.Check(t, is.DeepEqual(secret, insp))
 }
 
 func TestSecretList(t *testing.T) {
@@ -47,23 +51,27 @@ func TestSecretList(t *testing.T) {
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 	ctx := context.Background()
 
+	configs, err := c.SecretList(ctx, types.SecretListOptions{})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(configs), 0))
+
 	testName0 := "test0_" + t.Name()
 	testName1 := "test1_" + t.Name()
 	testNames := []string{testName0, testName1}
 	sort.Strings(testNames)
 
 	// create secret test0
-	createSecret(ctx, t, client, testName0, []byte("TESTINGDATA0"), map[string]string{"type": "test"})
+	createSecret(ctx, t, c, testName0, []byte("TESTINGDATA0"), map[string]string{"type": "test"})
 
 	// create secret test1
-	secret1ID := createSecret(ctx, t, client, testName1, []byte("TESTINGDATA1"), map[string]string{"type": "production"})
+	secret1ID := createSecret(ctx, t, c, testName1, []byte("TESTINGDATA1"), map[string]string{"type": "production"})
 
 	// test by `secret ls`
-	entries, err := client.SecretList(ctx, types.SecretListOptions{})
+	entries, err := c.SecretList(ctx, types.SecretListOptions{})
 	assert.NilError(t, err)
 	assert.Check(t, is.DeepEqual(secretNamesFromList(entries), testNames))
 
@@ -96,7 +104,7 @@ func TestSecretList(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
-		entries, err = client.SecretList(ctx, types.SecretListOptions{
+		entries, err = c.SecretList(ctx, types.SecretListOptions{
 			Filters: tc.filters,
 		})
 		assert.NilError(t, err)
@@ -124,40 +132,41 @@ func TestSecretsCreateAndDelete(t *testing.T) {
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 	ctx := context.Background()
 
 	testName := "test_secret_" + t.Name()
-	secretID := createSecret(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+	secretID := createSecret(ctx, t, c, testName, []byte("TESTINGDATA"), nil)
 
-	// create an already existin secret, daemon should return a status code of 409
-	_, err := client.SecretCreate(ctx, swarmtypes.SecretSpec{
+	// create an already existing secret, daemon should return a status code of 409
+	_, err := c.SecretCreate(ctx, swarmtypes.SecretSpec{
 		Annotations: swarmtypes.Annotations{
 			Name: testName,
 		},
 		Data: []byte("TESTINGDATA"),
 	})
-	assert.Check(t, is.ErrorContains(err, "already exists"))
+	assert.Check(t, errdefs.IsConflict(err))
+	assert.Check(t, is.ErrorContains(err, testName))
 
-	// Ported from original TestSecretsDelete
-	err = client.SecretRemove(ctx, secretID)
+	err = c.SecretRemove(ctx, secretID)
 	assert.NilError(t, err)
 
-	_, _, err = client.SecretInspectWithRaw(ctx, secretID)
-	assert.Check(t, is.ErrorContains(err, "No such secret"))
+	_, _, err = c.SecretInspectWithRaw(ctx, secretID)
+	assert.Check(t, errdefs.IsNotFound(err))
+	assert.Check(t, is.ErrorContains(err, secretID))
 
-	err = client.SecretRemove(ctx, "non-existin")
-	assert.Check(t, is.ErrorContains(err, "No such secret: non-existin"))
+	err = c.SecretRemove(ctx, "non-existing")
+	assert.Check(t, errdefs.IsNotFound(err))
+	assert.Check(t, is.ErrorContains(err, "non-existing"))
 
-	// Ported from original TestSecretsCreteaWithLabels
 	testName = "test_secret_with_labels_" + t.Name()
-	secretID = createSecret(ctx, t, client, testName, []byte("TESTINGDATA"), map[string]string{
+	secretID = createSecret(ctx, t, c, testName, []byte("TESTINGDATA"), map[string]string{
 		"key1": "value1",
 		"key2": "value2",
 	})
 
-	insp, _, err := client.SecretInspectWithRaw(ctx, secretID)
+	insp, _, err := c.SecretInspectWithRaw(ctx, secretID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.Spec.Name, testName))
 	assert.Check(t, is.Equal(len(insp.Spec.Labels), 2))
@@ -171,48 +180,49 @@ func TestSecretsUpdate(t *testing.T) {
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 	ctx := context.Background()
 
 	testName := "test_secret_" + t.Name()
-	secretID := createSecret(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+	secretID := createSecret(ctx, t, c, testName, []byte("TESTINGDATA"), nil)
 
-	insp, _, err := client.SecretInspectWithRaw(ctx, secretID)
+	insp, _, err := c.SecretInspectWithRaw(ctx, secretID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.ID, secretID))
 
 	// test UpdateSecret with full ID
 	insp.Spec.Labels = map[string]string{"test": "test1"}
-	err = client.SecretUpdate(ctx, secretID, insp.Version, insp.Spec)
+	err = c.SecretUpdate(ctx, secretID, insp.Version, insp.Spec)
 	assert.NilError(t, err)
 
-	insp, _, err = client.SecretInspectWithRaw(ctx, secretID)
+	insp, _, err = c.SecretInspectWithRaw(ctx, secretID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test1"))
 
 	// test UpdateSecret with full name
 	insp.Spec.Labels = map[string]string{"test": "test2"}
-	err = client.SecretUpdate(ctx, testName, insp.Version, insp.Spec)
+	err = c.SecretUpdate(ctx, testName, insp.Version, insp.Spec)
 	assert.NilError(t, err)
 
-	insp, _, err = client.SecretInspectWithRaw(ctx, secretID)
+	insp, _, err = c.SecretInspectWithRaw(ctx, secretID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test2"))
 
 	// test UpdateSecret with prefix ID
 	insp.Spec.Labels = map[string]string{"test": "test3"}
-	err = client.SecretUpdate(ctx, secretID[:1], insp.Version, insp.Spec)
+	err = c.SecretUpdate(ctx, secretID[:1], insp.Version, insp.Spec)
 	assert.NilError(t, err)
 
-	insp, _, err = client.SecretInspectWithRaw(ctx, secretID)
+	insp, _, err = c.SecretInspectWithRaw(ctx, secretID)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test3"))
 
 	// test UpdateSecret in updating Data which is not supported in daemon
 	// this test will produce an error in func UpdateSecret
 	insp.Spec.Data = []byte("TESTINGDATA2")
-	err = client.SecretUpdate(ctx, secretID, insp.Version, insp.Spec)
+	err = c.SecretUpdate(ctx, secretID, insp.Version, insp.Spec)
+	assert.Check(t, errdefs.IsInvalidParameter(err))
 	assert.Check(t, is.ErrorContains(err, "only updates to Labels are allowed"))
 }
 
@@ -220,8 +230,8 @@ func TestTemplatedSecret(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 	ctx := context.Background()
 
 	referencedSecretName := "referencedsecret_" + t.Name()
@@ -231,7 +241,7 @@ func TestTemplatedSecret(t *testing.T) {
 		},
 		Data: []byte("this is a secret"),
 	}
-	referencedSecret, err := client.SecretCreate(ctx, referencedSecretSpec)
+	referencedSecret, err := c.SecretCreate(ctx, referencedSecretSpec)
 	assert.Check(t, err)
 
 	referencedConfigName := "referencedconfig_" + t.Name()
@@ -241,7 +251,7 @@ func TestTemplatedSecret(t *testing.T) {
 		},
 		Data: []byte("this is a config"),
 	}
-	referencedConfig, err := client.ConfigCreate(ctx, referencedConfigSpec)
+	referencedConfig, err := c.ConfigCreate(ctx, referencedConfigSpec)
 	assert.Check(t, err)
 
 	templatedSecretName := "templated_secret_" + t.Name()
@@ -257,7 +267,7 @@ func TestTemplatedSecret(t *testing.T) {
 			"{{config \"referencedconfigtarget\"}}\n"),
 	}
 
-	templatedSecret, err := client.SecretCreate(ctx, secretSpec)
+	templatedSecret, err := c.SecretCreate(ctx, secretSpec)
 	assert.Check(t, err)
 
 	serviceName := "svc_" + t.Name()
@@ -301,21 +311,12 @@ func TestTemplatedSecret(t *testing.T) {
 		swarm.ServiceWithName(serviceName),
 	)
 
-	var tasks []swarmtypes.Task
-	waitAndAssert(t, 60*time.Second, func(t *testing.T) bool {
-		tasks = swarm.GetRunningTasks(t, d, serviceID)
-		return len(tasks) > 0
-	})
+	poll.WaitOn(t, swarm.RunningTasksCount(c, serviceID, 1), swarm.ServicePoll, poll.WithTimeout(1*time.Minute))
 
-	task := tasks[0]
-	waitAndAssert(t, 60*time.Second, func(t *testing.T) bool {
-		if task.NodeID == "" || (task.Status.ContainerStatus == nil || task.Status.ContainerStatus.ContainerID == "") {
-			task, _, _ = client.TaskInspectWithRaw(context.Background(), task.ID)
-		}
-		return task.NodeID != "" && task.Status.ContainerStatus != nil && task.Status.ContainerStatus.ContainerID != ""
-	})
+	tasks := swarm.GetRunningTasks(t, c, serviceID)
+	assert.Assert(t, len(tasks) > 0, "no running tasks found for service %s", serviceID)
 
-	attach := swarm.ExecTask(t, d, task, types.ExecConfig{
+	attach := swarm.ExecTask(t, d, tasks[0], types.ExecConfig{
 		Cmd:          []string{"/bin/cat", "/run/secrets/templated_secret"},
 		AttachStdout: true,
 		AttachStderr: true,
@@ -326,7 +327,7 @@ func TestTemplatedSecret(t *testing.T) {
 		"this is a config\n"
 	assertAttachedStream(t, attach, expect)
 
-	attach = swarm.ExecTask(t, d, task, types.ExecConfig{
+	attach = swarm.ExecTask(t, d, tasks[0], types.ExecConfig{
 		Cmd:          []string{"mount"},
 		AttachStdout: true,
 		AttachStderr: true,
@@ -341,27 +342,27 @@ func TestSecretCreateResolve(t *testing.T) {
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
 	defer d.Stop(t)
-	client := d.NewClientT(t)
-	defer client.Close()
+	c := d.NewClientT(t)
+	defer c.Close()
 
 	ctx := context.Background()
 
 	testName := "test_secret_" + t.Name()
-	secretID := createSecret(ctx, t, client, testName, []byte("foo"), nil)
+	secretID := createSecret(ctx, t, c, testName, []byte("foo"), nil)
 
 	fakeName := secretID
-	fakeID := createSecret(ctx, t, client, fakeName, []byte("fake foo"), nil)
+	fakeID := createSecret(ctx, t, c, fakeName, []byte("fake foo"), nil)
 
-	entries, err := client.SecretList(ctx, types.SecretListOptions{})
+	entries, err := c.SecretList(ctx, types.SecretListOptions{})
 	assert.NilError(t, err)
 	assert.Check(t, is.Contains(secretNamesFromList(entries), testName))
 	assert.Check(t, is.Contains(secretNamesFromList(entries), fakeName))
 
-	err = client.SecretRemove(ctx, secretID)
+	err = c.SecretRemove(ctx, secretID)
 	assert.NilError(t, err)
 
 	// Fake one will remain
-	entries, err = client.SecretList(ctx, types.SecretListOptions{})
+	entries, err = c.SecretList(ctx, types.SecretListOptions{})
 	assert.NilError(t, err)
 	assert.Assert(t, is.DeepEqual(secretNamesFromList(entries), []string{fakeName}))
 
@@ -370,16 +371,16 @@ func TestSecretCreateResolve(t *testing.T) {
 	// - Full ID
 	// - Full Name
 	// - Partial ID (prefix)
-	err = client.SecretRemove(ctx, fakeName[:5])
+	err = c.SecretRemove(ctx, fakeName[:5])
 	assert.Assert(t, nil != err)
-	entries, err = client.SecretList(ctx, types.SecretListOptions{})
+	entries, err = c.SecretList(ctx, types.SecretListOptions{})
 	assert.NilError(t, err)
 	assert.Assert(t, is.DeepEqual(secretNamesFromList(entries), []string{fakeName}))
 
 	// Remove based on ID prefix of the fake one should succeed
-	err = client.SecretRemove(ctx, fakeID[:5])
+	err = c.SecretRemove(ctx, fakeID[:5])
 	assert.NilError(t, err)
-	entries, err = client.SecretList(ctx, types.SecretListOptions{})
+	entries, err = c.SecretList(ctx, types.SecretListOptions{})
 	assert.NilError(t, err)
 	assert.Assert(t, is.Equal(0, len(entries)))
 }
@@ -391,22 +392,6 @@ func assertAttachedStream(t *testing.T, attach types.HijackedResponse, expect st
 	assert.Check(t, is.Contains(buf.String(), expect))
 }
 
-func waitAndAssert(t *testing.T, timeout time.Duration, f func(*testing.T) bool) {
-	t.Helper()
-	after := time.After(timeout)
-	for {
-		select {
-		case <-after:
-			t.Fatalf("timed out waiting for condition")
-		default:
-		}
-		if f(t) {
-			return
-		}
-		time.Sleep(100 * time.Millisecond)
-	}
-}
-
 func secretNamesFromList(entries []swarmtypes.Secret) []string {
 	var values []string
 	for _, entry := range entries {
diff --git a/integration/service/create_test.go b/integration/service/create_test.go
index f5a5a6dc566f2..8335f894b8f00 100644
--- a/integration/service/create_test.go
+++ b/integration/service/create_test.go
@@ -3,22 +3,25 @@ package service // import "github.com/docker/docker/integration/service"
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/strslice"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/client"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/integration/internal/network"
 	"github.com/docker/docker/integration/internal/swarm"
-	"github.com/docker/docker/internal/test/daemon"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestServiceCreateInit(t *testing.T) {
@@ -29,10 +32,10 @@ func TestServiceCreateInit(t *testing.T) {
 
 func testServiceCreateInit(daemonEnabled bool) func(t *testing.T) {
 	return func(t *testing.T) {
-		var ops = []func(*daemon.Daemon){}
+		var ops = []daemon.Option{}
 
 		if daemonEnabled {
-			ops = append(ops, daemon.WithInit)
+			ops = append(ops, daemon.WithInit())
 		}
 		d := swarm.NewSwarm(t, testEnv, ops...)
 		defer d.Stop(t)
@@ -43,18 +46,18 @@ func testServiceCreateInit(daemonEnabled bool) func(t *testing.T) {
 		booleanFalse := false
 
 		serviceID := swarm.CreateService(t, d)
-		poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
+		poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
 		i := inspectServiceContainer(t, client, serviceID)
 		// HostConfig.Init == nil means that it delegates to daemon configuration
 		assert.Check(t, i.HostConfig.Init == nil)
 
 		serviceID = swarm.CreateService(t, d, swarm.ServiceWithInit(&booleanTrue))
-		poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
+		poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
 		i = inspectServiceContainer(t, client, serviceID)
 		assert.Check(t, is.Equal(true, *i.HostConfig.Init))
 
 		serviceID = swarm.CreateService(t, d, swarm.ServiceWithInit(&booleanFalse))
-		poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
+		poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
 		i = inspectServiceContainer(t, client, serviceID)
 		assert.Check(t, is.Equal(false, *i.HostConfig.Init))
 	}
@@ -80,9 +83,10 @@ func TestCreateServiceMultipleTimes(t *testing.T) {
 	defer d.Stop(t)
 	client := d.NewClientT(t)
 	defer client.Close()
+	ctx := context.Background()
 
 	overlayName := "overlay1_" + t.Name()
-	overlayID := network.CreateNoError(t, context.Background(), client, overlayName,
+	overlayID := network.CreateNoError(ctx, t, client, overlayName,
 		network.WithCheckDuplicate(),
 		network.WithDriver("overlay"),
 	)
@@ -97,7 +101,7 @@ func TestCreateServiceMultipleTimes(t *testing.T) {
 	}
 
 	serviceID := swarm.CreateService(t, d, serviceSpec...)
-	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
 
 	_, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
 	assert.NilError(t, err)
@@ -105,22 +109,86 @@ func TestCreateServiceMultipleTimes(t *testing.T) {
 	err = client.ServiceRemove(context.Background(), serviceID)
 	assert.NilError(t, err)
 
-	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
-	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.NoTasksForService(ctx, client, serviceID), swarm.ServicePoll)
 
 	serviceID2 := swarm.CreateService(t, d, serviceSpec...)
-	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID2, instances), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID2, instances), swarm.ServicePoll)
 
 	err = client.ServiceRemove(context.Background(), serviceID2)
 	assert.NilError(t, err)
 
-	poll.WaitOn(t, serviceIsRemoved(client, serviceID2), swarm.ServicePoll)
-	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
-
-	err = client.NetworkRemove(context.Background(), overlayID)
+	// we can't just wait on no tasks for the service, counter-intuitively.
+	// Tasks may briefly exist but not show up, if they are are in the process
+	// of being deallocated. To avoid this case, we should retry network remove
+	// a few times, to give tasks time to be deallcoated
+	poll.WaitOn(t, swarm.NoTasksForService(ctx, client, serviceID2), swarm.ServicePoll)
+
+	for retry := 0; retry < 5; retry++ {
+		err = client.NetworkRemove(context.Background(), overlayID)
+		// TODO(dperny): using strings.Contains for error checking is awful,
+		// but so is the fact that swarm functions don't return errdefs errors.
+		// I don't have time at this moment to fix the latter, so I guess I'll
+		// go with the former.
+		//
+		// The full error we're looking for is something like this:
+		//
+		// Error response from daemon: rpc error: code = FailedPrecondition desc = network %v is in use by task %v
+		//
+		// The safest way to catch this, I think, will be to match on "is in
+		// use by", as this is an uninterrupted string that best identifies
+		// this error.
+		if err == nil || !strings.Contains(err.Error(), "is in use by") {
+			// if there is no error, or the error isn't this kind of error,
+			// then we'll break the loop body, and either fail the test or
+			// continue.
+			break
+		}
+	}
 	assert.NilError(t, err)
 
-	poll.WaitOn(t, networkIsRemoved(client, overlayID), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+	poll.WaitOn(t, network.IsRemoved(context.Background(), client, overlayID), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+}
+
+func TestCreateServiceConflict(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	c := d.NewClientT(t)
+	defer c.Close()
+	ctx := context.Background()
+
+	serviceName := "TestService_" + t.Name()
+	serviceSpec := []swarm.ServiceSpecOpt{
+		swarm.ServiceWithName(serviceName),
+	}
+
+	swarm.CreateService(t, d, serviceSpec...)
+
+	spec := swarm.CreateServiceSpec(t, serviceSpec...)
+	_, err := c.ServiceCreate(ctx, spec, types.ServiceCreateOptions{})
+	assert.Check(t, errdefs.IsConflict(err))
+	assert.ErrorContains(t, err, "service "+serviceName+" already exists")
+}
+
+func TestCreateServiceMaxReplicas(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	var maxReplicas uint64 = 2
+	serviceSpec := []swarm.ServiceSpecOpt{
+		swarm.ServiceWithReplicas(maxReplicas),
+		swarm.ServiceWithMaxReplicas(maxReplicas),
+	}
+
+	serviceID := swarm.CreateService(t, d, serviceSpec...)
+	poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, maxReplicas), swarm.ServicePoll)
+
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
 }
 
 func TestCreateWithDuplicateNetworkNames(t *testing.T) {
@@ -130,19 +198,14 @@ func TestCreateWithDuplicateNetworkNames(t *testing.T) {
 	defer d.Stop(t)
 	client := d.NewClientT(t)
 	defer client.Close()
+	ctx := context.Background()
 
 	name := "foo_" + t.Name()
-	n1 := network.CreateNoError(t, context.Background(), client, name,
-		network.WithDriver("bridge"),
-	)
-	n2 := network.CreateNoError(t, context.Background(), client, name,
-		network.WithDriver("bridge"),
-	)
+	n1 := network.CreateNoError(ctx, t, client, name, network.WithDriver("bridge"))
+	n2 := network.CreateNoError(ctx, t, client, name, network.WithDriver("bridge"))
 
 	// Duplicates with name but with different driver
-	n3 := network.CreateNoError(t, context.Background(), client, name,
-		network.WithDriver("overlay"),
-	)
+	n3 := network.CreateNoError(ctx, t, client, name, network.WithDriver("overlay"))
 
 	// Create Service with the same name
 	var instances uint64 = 1
@@ -154,18 +217,16 @@ func TestCreateWithDuplicateNetworkNames(t *testing.T) {
 		swarm.ServiceWithNetwork(name),
 	)
 
-	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
 
-	resp, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	resp, _, err := client.ServiceInspectWithRaw(ctx, serviceID, types.ServiceInspectOptions{})
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(n3, resp.Spec.TaskTemplate.Networks[0].Target))
 
-	// Remove Service
-	err = client.ServiceRemove(context.Background(), serviceID)
+	// Remove Service, and wait for its tasks to be removed
+	err = client.ServiceRemove(ctx, serviceID)
 	assert.NilError(t, err)
-
-	// Make sure task has been destroyed.
-	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.NoTasksForService(ctx, client, serviceID), swarm.ServicePoll)
 
 	// Remove networks
 	err = client.NetworkRemove(context.Background(), n3)
@@ -178,9 +239,9 @@ func TestCreateWithDuplicateNetworkNames(t *testing.T) {
 	assert.NilError(t, err)
 
 	// Make sure networks have been destroyed.
-	poll.WaitOn(t, networkIsRemoved(client, n3), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
-	poll.WaitOn(t, networkIsRemoved(client, n2), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
-	poll.WaitOn(t, networkIsRemoved(client, n1), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+	poll.WaitOn(t, network.IsRemoved(context.Background(), client, n3), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+	poll.WaitOn(t, network.IsRemoved(context.Background(), client, n2), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+	poll.WaitOn(t, network.IsRemoved(context.Background(), client, n1), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
 }
 
 func TestCreateServiceSecretFileMode(t *testing.T) {
@@ -206,7 +267,7 @@ func TestCreateServiceSecretFileMode(t *testing.T) {
 	serviceID := swarm.CreateService(t, d,
 		swarm.ServiceWithReplicas(instances),
 		swarm.ServiceWithName(serviceName),
-		swarm.ServiceWithCommand([]string{"/bin/sh", "-c", "ls -l /etc/secret || /bin/top"}),
+		swarm.ServiceWithCommand([]string{"/bin/sh", "-c", "ls -l /etc/secret && sleep inf"}),
 		swarm.ServiceWithSecret(&swarmtypes.SecretReference{
 			File: &swarmtypes.SecretReferenceFileTarget{
 				Name: "/etc/secret",
@@ -219,31 +280,22 @@ func TestCreateServiceSecretFileMode(t *testing.T) {
 		}),
 	)
 
-	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
 
-	filter := filters.NewArgs()
-	filter.Add("service", serviceID)
-	tasks, err := client.TaskList(ctx, types.TaskListOptions{
-		Filters: filter,
-	})
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(len(tasks), 1))
-
-	body, err := client.ContainerLogs(ctx, tasks[0].Status.ContainerStatus.ContainerID, types.ContainerLogsOptions{
+	body, err := client.ServiceLogs(ctx, serviceID, types.ContainerLogsOptions{
+		Tail:       "1",
 		ShowStdout: true,
 	})
 	assert.NilError(t, err)
 	defer body.Close()
 
-	content, err := ioutil.ReadAll(body)
+	content, err := io.ReadAll(body)
 	assert.NilError(t, err)
 	assert.Check(t, is.Contains(string(content), "-rwxrwxrwx"))
 
 	err = client.ServiceRemove(ctx, serviceID)
 	assert.NilError(t, err)
-
-	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
-	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
+	poll.WaitOn(t, swarm.NoTasksForService(ctx, client, serviceID), swarm.ServicePoll)
 
 	err = client.SecretRemove(ctx, secretName)
 	assert.NilError(t, err)
@@ -271,7 +323,7 @@ func TestCreateServiceConfigFileMode(t *testing.T) {
 	serviceName := "TestService_" + t.Name()
 	serviceID := swarm.CreateService(t, d,
 		swarm.ServiceWithName(serviceName),
-		swarm.ServiceWithCommand([]string{"/bin/sh", "-c", "ls -l /etc/config || /bin/top"}),
+		swarm.ServiceWithCommand([]string{"/bin/sh", "-c", "ls -l /etc/config && sleep inf"}),
 		swarm.ServiceWithReplicas(instances),
 		swarm.ServiceWithConfig(&swarmtypes.ConfigReference{
 			File: &swarmtypes.ConfigReferenceFileTarget{
@@ -285,31 +337,22 @@ func TestCreateServiceConfigFileMode(t *testing.T) {
 		}),
 	)
 
-	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances))
-
-	filter := filters.NewArgs()
-	filter.Add("service", serviceID)
-	tasks, err := client.TaskList(ctx, types.TaskListOptions{
-		Filters: filter,
-	})
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal(len(tasks), 1))
+	poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, instances))
 
-	body, err := client.ContainerLogs(ctx, tasks[0].Status.ContainerStatus.ContainerID, types.ContainerLogsOptions{
+	body, err := client.ServiceLogs(ctx, serviceID, types.ContainerLogsOptions{
+		Tail:       "1",
 		ShowStdout: true,
 	})
 	assert.NilError(t, err)
 	defer body.Close()
 
-	content, err := ioutil.ReadAll(body)
+	content, err := io.ReadAll(body)
 	assert.NilError(t, err)
 	assert.Check(t, is.Contains(string(content), "-rwxrwxrwx"))
 
 	err = client.ServiceRemove(ctx, serviceID)
 	assert.NilError(t, err)
-
-	poll.WaitOn(t, serviceIsRemoved(client, serviceID))
-	poll.WaitOn(t, noTasks(client))
+	poll.WaitOn(t, swarm.NoTasksForService(ctx, client, serviceID))
 
 	err = client.ConfigRemove(ctx, configName)
 	assert.NilError(t, err)
@@ -339,8 +382,8 @@ func TestCreateServiceConfigFileMode(t *testing.T) {
 // anything up in the test environment
 func TestCreateServiceSysctls(t *testing.T) {
 	skip.If(
-		t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.39"),
-		"setting service sysctls is unsupported before api v1.39",
+		t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"),
+		"setting service sysctls is unsupported before api v1.40",
 	)
 
 	defer setupTest(t)()
@@ -366,7 +409,7 @@ func TestCreateServiceSysctls(t *testing.T) {
 		)
 
 		// wait for the service to converge to 1 running task as expected
-		poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances))
+		poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, instances))
 
 		// we're going to check 3 things:
 		//
@@ -410,66 +453,80 @@ func TestCreateServiceSysctls(t *testing.T) {
 	}
 }
 
-func serviceRunningTasksCount(client client.ServiceAPIClient, serviceID string, instances uint64) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		filter := filters.NewArgs()
-		filter.Add("service", serviceID)
-		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
-			Filters: filter,
-		})
-		switch {
-		case err != nil:
-			return poll.Error(err)
-		case len(tasks) == int(instances):
-			for _, task := range tasks {
-				if task.Status.State != swarmtypes.TaskStateRunning {
-					return poll.Continue("waiting for tasks to enter run state")
-				}
-			}
-			return poll.Success()
-		default:
-			return poll.Continue("task count at %d waiting for %d", len(tasks), instances)
-		}
-	}
-}
+// TestServiceCreateCapabilities tests that a service created with capabilities options in
+// the ContainerSpec correctly applies those options.
+//
+// To test this, we're going to create a service with the capabilities option
+//
+//   []string{"CAP_NET_RAW", "CAP_SYS_CHROOT"}
+//
+// We'll get the service's tasks to get the container ID, and then we'll
+// inspect the container. If the output of the container inspect contains the
+// capabilities option with the correct value, we can assume that the capabilities has been
+// plumbed correctly.
+func TestCreateServiceCapabilities(t *testing.T) {
+	skip.If(
+		t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.41"),
+		"setting service capabilities is unsupported before api v1.41",
+	)
 
-func noTasks(client client.ServiceAPIClient) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		filter := filters.NewArgs()
-		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
-			Filters: filter,
-		})
-		switch {
-		case err != nil:
-			return poll.Error(err)
-		case len(tasks) == 0:
-			return poll.Success()
-		default:
-			return poll.Continue("task count at %d waiting for 0", len(tasks))
-		}
-	}
-}
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
 
-func serviceIsRemoved(client client.ServiceAPIClient, serviceID string) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		filter := filters.NewArgs()
-		filter.Add("service", serviceID)
-		_, err := client.TaskList(context.Background(), types.TaskListOptions{
-			Filters: filter,
-		})
-		if err == nil {
-			return poll.Continue("waiting for service %s to be deleted", serviceID)
-		}
-		return poll.Success()
-	}
-}
+	ctx := context.Background()
 
-func networkIsRemoved(client client.NetworkAPIClient, networkID string) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		_, err := client.NetworkInspect(context.Background(), networkID, types.NetworkInspectOptions{})
-		if err == nil {
-			return poll.Continue("waiting for network %s to be removed", networkID)
-		}
-		return poll.Success()
-	}
+	// store the map we're going to be using everywhere.
+	capAdd := []string{"CAP_SYS_CHROOT"}
+	capDrop := []string{"CAP_NET_RAW"}
+
+	// Create the service with the capabilities options
+	var instances uint64 = 1
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithCapabilities(capAdd, capDrop),
+	)
+
+	// wait for the service to converge to 1 running task as expected
+	poll.WaitOn(t, swarm.RunningTasksCount(client, serviceID, instances))
+
+	// we're going to check 3 things:
+	//
+	//   1. Does the container, when inspected, have the capabilities option set?
+	//   2. Does the task have the capabilities in the spec?
+	//   3. Does the service have the capabilities in the spec?
+	//
+	// if all 3 of these things are true, we know that the capabilities has been
+	// plumbed correctly through the engine.
+	//
+	// We don't actually have to get inside the container and check its
+	// logs or anything. If we see the capabilities set on the container inspect,
+	// we know that the capabilities is plumbed correctly. everything below that
+	// level has been tested elsewhere.
+
+	// get all of the tasks of the service, so we can get the container
+	filter := filters.NewArgs()
+	filter.Add("service", serviceID)
+	tasks, err := client.TaskList(ctx, types.TaskListOptions{
+		Filters: filter,
+	})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(tasks), 1))
+
+	// verify that the container has the capabilities option set
+	ctnr, err := client.ContainerInspect(ctx, tasks[0].Status.ContainerStatus.ContainerID)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, ctnr.HostConfig.CapAdd, strslice.StrSlice(capAdd))
+	assert.DeepEqual(t, ctnr.HostConfig.CapDrop, strslice.StrSlice(capDrop))
+
+	// verify that the task has the capabilities option set in the task object
+	assert.DeepEqual(t, tasks[0].Spec.ContainerSpec.CapabilityAdd, capAdd)
+	assert.DeepEqual(t, tasks[0].Spec.ContainerSpec.CapabilityDrop, capDrop)
+
+	// verify that the service also has the capabilities set in the spec.
+	service, _, err := client.ServiceInspectWithRaw(ctx, serviceID, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+	assert.DeepEqual(t, service.Spec.TaskTemplate.ContainerSpec.CapabilityAdd, capAdd)
+	assert.DeepEqual(t, service.Spec.TaskTemplate.ContainerSpec.CapabilityDrop, capDrop)
 }
diff --git a/integration/service/inspect_test.go b/integration/service/inspect_test.go
index 33e90938bdeac..5d8f12dbc34a3 100644
--- a/integration/service/inspect_test.go
+++ b/integration/service/inspect_test.go
@@ -7,19 +7,17 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration/internal/swarm"
 	"github.com/google/go-cmp/cmp"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestInspect(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, testEnv.IsRemoteDaemon)
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
 	defer setupTest(t)()
 	d := swarm.NewSwarm(t, testEnv)
@@ -29,7 +27,7 @@ func TestInspect(t *testing.T) {
 
 	var now = time.Now()
 	var instances uint64 = 2
-	serviceSpec := fullSwarmServiceSpec("test-service-inspect", instances)
+	serviceSpec := fullSwarmServiceSpec("test-service-inspect"+t.Name(), instances)
 
 	ctx := context.Background()
 	resp, err := client.ServiceCreate(ctx, serviceSpec, types.ServiceCreateOptions{
@@ -38,7 +36,7 @@ func TestInspect(t *testing.T) {
 	assert.NilError(t, err)
 
 	id := resp.ID
-	poll.WaitOn(t, serviceContainerCount(client, id, instances))
+	poll.WaitOn(t, swarm.RunningTasksCount(client, id, instances))
 
 	service, _, err := client.ServiceInspectWithRaw(ctx, id, types.ServiceInspectOptions{})
 	assert.NilError(t, err)
@@ -90,7 +88,7 @@ func fullSwarmServiceSpec(name string, replicas uint64) swarmtypes.ServiceSpec {
 				Image:           "busybox:latest",
 				Labels:          map[string]string{"container-label": "container-value"},
 				Command:         []string{"/bin/top"},
-				Args:            []string{"-u", "root"},
+				Args:            []string{"-d", "5"},
 				Hostname:        "hostname",
 				Env:             []string{"envvar=envvalue"},
 				Dir:             "/work",
@@ -134,21 +132,3 @@ func fullSwarmServiceSpec(name string, replicas uint64) swarmtypes.ServiceSpec {
 		},
 	}
 }
-
-func serviceContainerCount(client client.ServiceAPIClient, id string, count uint64) func(log poll.LogT) poll.Result {
-	return func(log poll.LogT) poll.Result {
-		filter := filters.NewArgs()
-		filter.Add("service", id)
-		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
-			Filters: filter,
-		})
-		switch {
-		case err != nil:
-			return poll.Error(err)
-		case len(tasks) == int(count):
-			return poll.Success()
-		default:
-			return poll.Continue("task count at %d waiting for %d", len(tasks), count)
-		}
-	}
-}
diff --git a/integration/service/jobs_test.go b/integration/service/jobs_test.go
new file mode 100644
index 0000000000000..6379b7cad09fb
--- /dev/null
+++ b/integration/service/jobs_test.go
@@ -0,0 +1,143 @@
+package service
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/integration/internal/swarm"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
+)
+
+// The file jobs_test.go contains tests that verify that services which are in
+// the mode ReplicatedJob or GlobalJob.
+
+// TestCreateJob tests that a Service can be created and run with
+// mode ReplicatedJob
+func TestCreateJob(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+
+	defer setupTest(t)
+
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	for _, mode := range []swarmtypes.ServiceMode{
+		{ReplicatedJob: &swarmtypes.ReplicatedJob{}},
+		{GlobalJob: &swarmtypes.GlobalJob{}},
+	} {
+		id := swarm.CreateService(t, d, swarm.ServiceWithMode(mode))
+
+		poll.WaitOn(t, swarm.RunningTasksCount(client, id, 1), swarm.ServicePoll)
+	}
+}
+
+// TestReplicatedJob tests that running a replicated job starts the requisite
+// number of tasks,
+func TestReplicatedJob(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+
+	// we need variables, because the replicas field takes a pointer
+	maxConcurrent := uint64(2)
+	// there is overhead, especially in the test environment, associated with
+	// starting tasks. if total is set too high, then the time needed to
+	// complete the test, even if everything is proceeding ideally, may exceed
+	// the time the test has to execute
+	//
+	// in CI,the test has been seen to time out with as few as 7 completions
+	// after 15 seconds. this means 7 completions ought not be too many.
+	total := uint64(7)
+
+	defer setupTest(t)
+
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	id := swarm.CreateService(t, d,
+		swarm.ServiceWithMode(swarmtypes.ServiceMode{
+			ReplicatedJob: &swarmtypes.ReplicatedJob{
+				MaxConcurrent:    &maxConcurrent,
+				TotalCompletions: &total,
+			},
+		}),
+		// just run a command to execute and exit peacefully.
+		swarm.ServiceWithCommand([]string{"true"}),
+	)
+
+	service, _, err := client.ServiceInspectWithRaw(
+		context.Background(), id, types.ServiceInspectOptions{},
+	)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, swarm.JobComplete(client, service), swarm.ServicePoll)
+}
+
+// TestUpdateJob tests that a job can be updated, and that it runs with the
+// correct parameters.
+func TestUpdateReplicatedJob(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+
+	defer setupTest(t)()
+
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	// avoid writing "context.Background()" over and over again
+	ctx := context.Background()
+
+	// Create the job service
+	id := swarm.CreateService(t, d,
+		swarm.ServiceWithMode(swarmtypes.ServiceMode{
+			ReplicatedJob: &swarmtypes.ReplicatedJob{
+				// use the default, empty values.
+			},
+		}),
+		// run "true" so the task exits with 0
+		swarm.ServiceWithCommand([]string{"true"}),
+	)
+
+	service, _, err := client.ServiceInspectWithRaw(
+		ctx, id, types.ServiceInspectOptions{},
+	)
+	assert.NilError(t, err)
+
+	// wait for the job to completed
+	poll.WaitOn(t, swarm.JobComplete(client, service), swarm.ServicePoll)
+
+	// update the job.
+	spec := service.Spec
+	spec.TaskTemplate.ForceUpdate++
+
+	_, err = client.ServiceUpdate(
+		ctx, id, service.Version, spec, types.ServiceUpdateOptions{},
+	)
+	assert.NilError(t, err)
+
+	service2, _, err := client.ServiceInspectWithRaw(
+		ctx, id, types.ServiceInspectOptions{},
+	)
+	assert.NilError(t, err)
+
+	// assert that the job iteration has increased
+	assert.Assert(t,
+		service.JobStatus.JobIteration.Index < service2.JobStatus.JobIteration.Index,
+	)
+
+	// now wait for the service to complete a second time.
+	poll.WaitOn(t, swarm.JobComplete(client, service2), swarm.ServicePoll)
+}
diff --git a/integration/service/list_test.go b/integration/service/list_test.go
new file mode 100644
index 0000000000000..5ea5ba01c9383
--- /dev/null
+++ b/integration/service/list_test.go
@@ -0,0 +1,108 @@
+package service // import "github.com/docker/docker/integration/service"
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/swarm"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
+)
+
+// TestServiceListWithStatuses tests that performing a ServiceList operation
+// correctly uses the Status parameter, and that the resulting response
+// contains correct service statuses.
+//
+// NOTE(dperny): because it's a pain to elicit the behavior of an unconverged
+// service reliably, I'm not testing that an unconverged service returns X
+// running and Y desired tasks. Instead, I'm just going to trust that I can
+// successfully assign a value to another value without screwing it up. The
+// logic for computing service statuses is in swarmkit anyway, not in the
+// engine, and is well-tested there, so this test just needs to make sure that
+// statuses get correctly associated with the right services.
+func TestServiceListWithStatuses(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon)
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	// statuses were added in API version 1.41
+	skip.If(t, versions.LessThan(testEnv.DaemonInfo.ServerVersion, "1.41"))
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+
+	serviceCount := 3
+	// create some services.
+	for i := 0; i < serviceCount; i++ {
+		spec := fullSwarmServiceSpec(fmt.Sprintf("test-list-%d", i), uint64(i+1))
+		// for whatever reason, the args "-u root", when included, cause these
+		// tasks to fail and exit. instead, we'll just pass no args, which
+		// works.
+		spec.TaskTemplate.ContainerSpec.Args = []string{}
+		resp, err := client.ServiceCreate(ctx, spec, types.ServiceCreateOptions{
+			QueryRegistry: false,
+		})
+		assert.NilError(t, err)
+		id := resp.ID
+		// we need to wait specifically for the tasks to be running, which the
+		// serviceContainerCount function does not do. instead, we'll use a
+		// bespoke closure right here.
+		poll.WaitOn(t, func(log poll.LogT) poll.Result {
+			filter := filters.NewArgs()
+			filter.Add("service", id)
+			tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
+				Filters: filter,
+			})
+
+			running := 0
+			for _, task := range tasks {
+				if task.Status.State == swarmtypes.TaskStateRunning {
+					running++
+				}
+			}
+
+			switch {
+			case err != nil:
+				return poll.Error(err)
+			case running == i+1:
+				return poll.Success()
+			default:
+				return poll.Continue(
+					"running task count %d (%d total), waiting for %d",
+					running, len(tasks), i+1,
+				)
+			}
+		})
+	}
+
+	// now, let's do the list operation with no status arg set.
+	resp, err := client.ServiceList(ctx, types.ServiceListOptions{})
+	assert.NilError(t, err)
+	assert.Check(t, is.Len(resp, serviceCount))
+	for _, service := range resp {
+		assert.Check(t, is.Nil(service.ServiceStatus))
+	}
+
+	// now try again, but with Status: true. This time, we should have statuses
+	resp, err = client.ServiceList(ctx, types.ServiceListOptions{Status: true})
+	assert.NilError(t, err)
+	assert.Check(t, is.Len(resp, serviceCount))
+	for _, service := range resp {
+		replicas := *service.Spec.Mode.Replicated.Replicas
+
+		assert.Assert(t, service.ServiceStatus != nil)
+		// Use assert.Check to not fail out of the test if this fails
+		assert.Check(t, is.Equal(service.ServiceStatus.DesiredTasks, replicas))
+		assert.Check(t, is.Equal(service.ServiceStatus.RunningTasks, replicas))
+	}
+
+}
diff --git a/integration/service/main_test.go b/integration/service/main_test.go
index 28fd19df4debf..939c5ac897065 100644
--- a/integration/service/main_test.go
+++ b/integration/service/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/service/network_test.go b/integration/service/network_test.go
index 4e8f90fe0ed7a..e0c2103f6064c 100644
--- a/integration/service/network_test.go
+++ b/integration/service/network_test.go
@@ -9,9 +9,9 @@ import (
 	"github.com/docker/docker/integration/internal/container"
 	net "github.com/docker/docker/integration/internal/network"
 	"github.com/docker/docker/integration/internal/swarm"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestDockerNetworkConnectAlias(t *testing.T) {
@@ -24,12 +24,12 @@ func TestDockerNetworkConnectAlias(t *testing.T) {
 	ctx := context.Background()
 
 	name := t.Name() + "test-alias"
-	net.CreateNoError(t, ctx, client, name,
+	net.CreateNoError(ctx, t, client, name,
 		net.WithDriver("overlay"),
 		net.WithAttachable(),
 	)
 
-	cID1 := container.Create(t, ctx, client, func(c *container.TestContainerConfig) {
+	cID1 := container.Create(ctx, t, client, func(c *container.TestContainerConfig) {
 		c.NetworkingConfig = &network.NetworkingConfig{
 			EndpointsConfig: map[string]*network.EndpointSettings{
 				name: {},
@@ -52,7 +52,7 @@ func TestDockerNetworkConnectAlias(t *testing.T) {
 	assert.Check(t, is.Equal(len(ng1.NetworkSettings.Networks[name].Aliases), 2))
 	assert.Check(t, is.Equal(ng1.NetworkSettings.Networks[name].Aliases[0], "aaa"))
 
-	cID2 := container.Create(t, ctx, client, func(c *container.TestContainerConfig) {
+	cID2 := container.Create(ctx, t, client, func(c *container.TestContainerConfig) {
 		c.NetworkingConfig = &network.NetworkingConfig{
 			EndpointsConfig: map[string]*network.EndpointSettings{
 				name: {},
@@ -75,3 +75,43 @@ func TestDockerNetworkConnectAlias(t *testing.T) {
 	assert.Check(t, is.Equal(len(ng2.NetworkSettings.Networks[name].Aliases), 2))
 	assert.Check(t, is.Equal(ng2.NetworkSettings.Networks[name].Aliases[0], "bbb"))
 }
+
+func TestDockerNetworkReConnect(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+	ctx := context.Background()
+
+	name := t.Name() + "dummyNet"
+	net.CreateNoError(ctx, t, client, name,
+		net.WithDriver("overlay"),
+		net.WithAttachable(),
+	)
+
+	c1 := container.Create(ctx, t, client, func(c *container.TestContainerConfig) {
+		c.NetworkingConfig = &network.NetworkingConfig{
+			EndpointsConfig: map[string]*network.EndpointSettings{
+				name: {},
+			},
+		}
+	})
+
+	err := client.NetworkConnect(ctx, name, c1, &network.EndpointSettings{})
+	assert.NilError(t, err)
+
+	err = client.ContainerStart(ctx, c1, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	n1, err := client.ContainerInspect(ctx, c1)
+	assert.NilError(t, err)
+
+	err = client.NetworkConnect(ctx, name, c1, &network.EndpointSettings{})
+	assert.ErrorContains(t, err, "is already attached to network")
+
+	n2, err := client.ContainerInspect(ctx, c1)
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(n1, n2))
+}
diff --git a/integration/service/plugin_test.go b/integration/service/plugin_test.go
index e476c2f1f4707..33505990caaf0 100644
--- a/integration/service/plugin_test.go
+++ b/integration/service/plugin_test.go
@@ -3,21 +3,22 @@ package service
 import (
 	"context"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
+	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/api/types/swarm/runtime"
 	"github.com/docker/docker/integration/internal/swarm"
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/fixtures/plugin"
-	"github.com/docker/docker/internal/test/registry"
-	"gotest.tools/assert"
-	"gotest.tools/poll"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/daemon"
+	"github.com/docker/docker/testutil/fixtures/plugin"
+	"github.com/docker/docker/testutil/registry"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
 )
 
 func TestServicePlugin(t *testing.T) {
@@ -29,9 +30,9 @@ func TestServicePlugin(t *testing.T) {
 	reg := registry.NewV2(t)
 	defer reg.Close()
 
-	repo := path.Join(registry.DefaultURL, "swarm", "test:v1")
-	repo2 := path.Join(registry.DefaultURL, "swarm", "test:v2")
-	name := "test"
+	name := "test-" + strings.ToLower(t.Name())
+	repo := path.Join(registry.DefaultURL, "swarm", name+":v1")
+	repo2 := path.Join(registry.DefaultURL, "swarm", name+":v2")
 
 	d := daemon.New(t)
 	d.StartWithBusybox(t)
@@ -40,7 +41,7 @@ func TestServicePlugin(t *testing.T) {
 	assert.NilError(t, err)
 	r, err := apiclient.PluginPush(context.Background(), repo, "")
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, r)
+	_, err = io.Copy(io.Discard, r)
 	assert.NilError(t, err)
 	err = apiclient.PluginRemove(context.Background(), repo, types.PluginRemoveOptions{})
 	assert.NilError(t, err)
@@ -48,61 +49,79 @@ func TestServicePlugin(t *testing.T) {
 	assert.NilError(t, err)
 	r, err = apiclient.PluginPush(context.Background(), repo2, "")
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, r)
+	_, err = io.Copy(io.Discard, r)
 	assert.NilError(t, err)
 	err = apiclient.PluginRemove(context.Background(), repo2, types.PluginRemoveOptions{})
 	assert.NilError(t, err)
 	d.Stop(t)
 
-	d1 := swarm.NewSwarm(t, testEnv, daemon.WithExperimental)
+	d1 := swarm.NewSwarm(t, testEnv, daemon.WithExperimental())
 	defer d1.Stop(t)
-	d2 := daemon.New(t, daemon.WithExperimental, daemon.WithSwarmPort(daemon.DefaultSwarmPort+1))
+	d2 := daemon.New(t, daemon.WithExperimental(), daemon.WithSwarmPort(daemon.DefaultSwarmPort+1))
 	d2.StartAndSwarmJoin(t, d1, true)
 	defer d2.Stop(t)
-	d3 := daemon.New(t, daemon.WithExperimental, daemon.WithSwarmPort(daemon.DefaultSwarmPort+2))
+	d3 := daemon.New(t, daemon.WithExperimental(), daemon.WithSwarmPort(daemon.DefaultSwarmPort+2))
 	d3.StartAndSwarmJoin(t, d1, false)
 	defer d3.Stop(t)
 
 	id := d1.CreateService(t, makePlugin(repo, name, nil))
-	poll.WaitOn(t, d1.PluginIsRunning(name), swarm.ServicePoll)
-	poll.WaitOn(t, d2.PluginIsRunning(name), swarm.ServicePoll)
-	poll.WaitOn(t, d3.PluginIsRunning(name), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginIsRunning(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsRunning(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsRunning(t, name), swarm.ServicePoll)
 
+	// test that environment variables are passed from plugin service to plugin instance
 	service := d1.GetService(t, id)
+	tasks := d1.GetServiceTasks(t, service.Spec.Annotations.Name, filters.Arg("runtime", "plugin"))
+	if len(tasks) == 0 {
+		t.Log("No tasks found for plugin service")
+		t.Fail()
+	}
+	plugin, _, err := d1.NewClientT(t).PluginInspectWithRaw(context.Background(), name)
+	assert.NilError(t, err, "Error inspecting service plugin")
+	found := false
+	for _, env := range plugin.Settings.Env {
+		assert.Equal(t, strings.HasPrefix(env, "baz"), false, "Environment variable entry %q is invalid and should not be present", "baz")
+		if strings.HasPrefix(env, "foo=") {
+			found = true
+			assert.Equal(t, env, "foo=bar")
+		}
+	}
+	assert.Equal(t, true, found, "Environment variable %q not found in plugin", "foo")
+
 	d1.UpdateService(t, service, makePlugin(repo2, name, nil))
-	poll.WaitOn(t, d1.PluginReferenceIs(name, repo2), swarm.ServicePoll)
-	poll.WaitOn(t, d2.PluginReferenceIs(name, repo2), swarm.ServicePoll)
-	poll.WaitOn(t, d3.PluginReferenceIs(name, repo2), swarm.ServicePoll)
-	poll.WaitOn(t, d1.PluginIsRunning(name), swarm.ServicePoll)
-	poll.WaitOn(t, d2.PluginIsRunning(name), swarm.ServicePoll)
-	poll.WaitOn(t, d3.PluginIsRunning(name), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginReferenceIs(t, name, repo2), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginReferenceIs(t, name, repo2), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginReferenceIs(t, name, repo2), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginIsRunning(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsRunning(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsRunning(t, name), swarm.ServicePoll)
 
 	d1.RemoveService(t, id)
-	poll.WaitOn(t, d1.PluginIsNotPresent(name), swarm.ServicePoll)
-	poll.WaitOn(t, d2.PluginIsNotPresent(name), swarm.ServicePoll)
-	poll.WaitOn(t, d3.PluginIsNotPresent(name), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginIsNotPresent(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsNotPresent(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsNotPresent(t, name), swarm.ServicePoll)
 
 	// constrain to managers only
 	id = d1.CreateService(t, makePlugin(repo, name, []string{"node.role==manager"}))
-	poll.WaitOn(t, d1.PluginIsRunning(name), swarm.ServicePoll)
-	poll.WaitOn(t, d2.PluginIsRunning(name), swarm.ServicePoll)
-	poll.WaitOn(t, d3.PluginIsNotPresent(name), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginIsRunning(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsRunning(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsNotPresent(t, name), swarm.ServicePoll)
 
 	d1.RemoveService(t, id)
-	poll.WaitOn(t, d1.PluginIsNotPresent(name), swarm.ServicePoll)
-	poll.WaitOn(t, d2.PluginIsNotPresent(name), swarm.ServicePoll)
-	poll.WaitOn(t, d3.PluginIsNotPresent(name), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginIsNotPresent(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsNotPresent(t, name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsNotPresent(t, name), swarm.ServicePoll)
 
 	// with no name
 	id = d1.CreateService(t, makePlugin(repo, "", nil))
-	poll.WaitOn(t, d1.PluginIsRunning(repo), swarm.ServicePoll)
-	poll.WaitOn(t, d2.PluginIsRunning(repo), swarm.ServicePoll)
-	poll.WaitOn(t, d3.PluginIsRunning(repo), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginIsRunning(t, repo), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsRunning(t, repo), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsRunning(t, repo), swarm.ServicePoll)
 
 	d1.RemoveService(t, id)
-	poll.WaitOn(t, d1.PluginIsNotPresent(repo), swarm.ServicePoll)
-	poll.WaitOn(t, d2.PluginIsNotPresent(repo), swarm.ServicePoll)
-	poll.WaitOn(t, d3.PluginIsNotPresent(repo), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginIsNotPresent(t, repo), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsNotPresent(t, repo), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsNotPresent(t, repo), swarm.ServicePoll)
 }
 
 func makePlugin(repo, name string, constraints []string) func(*swarmtypes.Service) {
@@ -111,6 +130,10 @@ func makePlugin(repo, name string, constraints []string) func(*swarmtypes.Servic
 		s.Spec.TaskTemplate.PluginSpec = &runtime.PluginSpec{
 			Name:   name,
 			Remote: repo,
+			Env: []string{
+				"baz",     // invalid environment variable entries are ignored
+				"foo=bar", // "foo" will be the single environment variable
+			},
 		}
 		if constraints != nil {
 			s.Spec.TaskTemplate.Placement = &swarmtypes.Placement{
diff --git a/integration/service/update_test.go b/integration/service/update_test.go
new file mode 100644
index 0000000000000..db12ec210de3d
--- /dev/null
+++ b/integration/service/update_test.go
@@ -0,0 +1,380 @@
+package service // import "github.com/docker/docker/integration/service"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/network"
+	"github.com/docker/docker/integration/internal/swarm"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+	"gotest.tools/v3/skip"
+)
+
+func TestServiceUpdateLabel(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	ctx := context.Background()
+	serviceName := "TestService_" + t.Name()
+	serviceID := swarm.CreateService(t, d, swarm.ServiceWithName(serviceName))
+	service := getService(t, cli, serviceID)
+	assert.Check(t, is.DeepEqual(service.Spec.Labels, map[string]string{}))
+
+	// add label to empty set
+	service.Spec.Labels["foo"] = "bar"
+	_, err := cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceSpecIsUpdated(cli, serviceID, service.Version.Index), swarm.ServicePoll)
+	service = getService(t, cli, serviceID)
+	assert.Check(t, is.DeepEqual(service.Spec.Labels, map[string]string{"foo": "bar"}))
+
+	// add label to non-empty set
+	service.Spec.Labels["foo2"] = "bar"
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceSpecIsUpdated(cli, serviceID, service.Version.Index), swarm.ServicePoll)
+	service = getService(t, cli, serviceID)
+	assert.Check(t, is.DeepEqual(service.Spec.Labels, map[string]string{"foo": "bar", "foo2": "bar"}))
+
+	delete(service.Spec.Labels, "foo2")
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceSpecIsUpdated(cli, serviceID, service.Version.Index), swarm.ServicePoll)
+	service = getService(t, cli, serviceID)
+	assert.Check(t, is.DeepEqual(service.Spec.Labels, map[string]string{"foo": "bar"}))
+
+	delete(service.Spec.Labels, "foo")
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceSpecIsUpdated(cli, serviceID, service.Version.Index), swarm.ServicePoll)
+	service = getService(t, cli, serviceID)
+	assert.Check(t, is.DeepEqual(service.Spec.Labels, map[string]string{}))
+
+	// now make sure we can add again
+	service.Spec.Labels["foo"] = "bar"
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceSpecIsUpdated(cli, serviceID, service.Version.Index), swarm.ServicePoll)
+	service = getService(t, cli, serviceID)
+	assert.Check(t, is.DeepEqual(service.Spec.Labels, map[string]string{"foo": "bar"}))
+
+	err = cli.ServiceRemove(context.Background(), serviceID)
+	assert.NilError(t, err)
+}
+
+func TestServiceUpdateSecrets(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	ctx := context.Background()
+	secretName := "TestSecret_" + t.Name()
+	secretTarget := "targetName"
+	resp, err := cli.SecretCreate(ctx, swarmtypes.SecretSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: secretName,
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	assert.NilError(t, err)
+	assert.Check(t, resp.ID != "")
+
+	serviceName := "TestService_" + t.Name()
+	serviceID := swarm.CreateService(t, d, swarm.ServiceWithName(serviceName))
+	service := getService(t, cli, serviceID)
+
+	// add secret
+	service.Spec.TaskTemplate.ContainerSpec.Secrets = append(service.Spec.TaskTemplate.ContainerSpec.Secrets,
+		&swarmtypes.SecretReference{
+			File: &swarmtypes.SecretReferenceFileTarget{
+				Name: secretTarget,
+				UID:  "0",
+				GID:  "0",
+				Mode: 0600,
+			},
+			SecretID:   resp.ID,
+			SecretName: secretName,
+		},
+	)
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceIsUpdated(cli, serviceID), swarm.ServicePoll)
+
+	service = getService(t, cli, serviceID)
+	secrets := service.Spec.TaskTemplate.ContainerSpec.Secrets
+	assert.Assert(t, is.Equal(1, len(secrets)))
+
+	secret := *secrets[0]
+	assert.Check(t, is.Equal(secretName, secret.SecretName))
+	assert.Check(t, nil != secret.File)
+	assert.Check(t, is.Equal(secretTarget, secret.File.Name))
+
+	// remove
+	service.Spec.TaskTemplate.ContainerSpec.Secrets = []*swarmtypes.SecretReference{}
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceIsUpdated(cli, serviceID), swarm.ServicePoll)
+	service = getService(t, cli, serviceID)
+	assert.Check(t, is.Equal(0, len(service.Spec.TaskTemplate.ContainerSpec.Secrets)))
+
+	err = cli.ServiceRemove(context.Background(), serviceID)
+	assert.NilError(t, err)
+}
+
+func TestServiceUpdateConfigs(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	ctx := context.Background()
+	configName := "TestConfig_" + t.Name()
+	configTarget := "targetName"
+	resp, err := cli.ConfigCreate(ctx, swarmtypes.ConfigSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: configName,
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	assert.NilError(t, err)
+	assert.Check(t, resp.ID != "")
+
+	serviceName := "TestService_" + t.Name()
+	serviceID := swarm.CreateService(t, d, swarm.ServiceWithName(serviceName))
+	service := getService(t, cli, serviceID)
+
+	// add config
+	service.Spec.TaskTemplate.ContainerSpec.Configs = append(service.Spec.TaskTemplate.ContainerSpec.Configs,
+		&swarmtypes.ConfigReference{
+			File: &swarmtypes.ConfigReferenceFileTarget{
+				Name: configTarget,
+				UID:  "0",
+				GID:  "0",
+				Mode: 0600,
+			},
+			ConfigID:   resp.ID,
+			ConfigName: configName,
+		},
+	)
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceIsUpdated(cli, serviceID), swarm.ServicePoll)
+
+	service = getService(t, cli, serviceID)
+	configs := service.Spec.TaskTemplate.ContainerSpec.Configs
+	assert.Assert(t, is.Equal(1, len(configs)))
+
+	config := *configs[0]
+	assert.Check(t, is.Equal(configName, config.ConfigName))
+	assert.Check(t, nil != config.File)
+	assert.Check(t, is.Equal(configTarget, config.File.Name))
+
+	// remove
+	service.Spec.TaskTemplate.ContainerSpec.Configs = []*swarmtypes.ConfigReference{}
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceIsUpdated(cli, serviceID), swarm.ServicePoll)
+	service = getService(t, cli, serviceID)
+	assert.Check(t, is.Equal(0, len(service.Spec.TaskTemplate.ContainerSpec.Configs)))
+
+	err = cli.ServiceRemove(context.Background(), serviceID)
+	assert.NilError(t, err)
+}
+
+func TestServiceUpdateNetwork(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	ctx := context.Background()
+
+	// Create a overlay network
+	testNet := "testNet" + t.Name()
+	overlayID := network.CreateNoError(ctx, t, cli, testNet,
+		network.WithDriver("overlay"))
+
+	var instances uint64 = 1
+	// Create service with the overlay network
+	serviceName := "TestServiceUpdateNetworkRM_" + t.Name()
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(serviceName),
+		swarm.ServiceWithNetwork(testNet))
+
+	poll.WaitOn(t, swarm.RunningTasksCount(cli, serviceID, instances), swarm.ServicePoll)
+	service := getService(t, cli, serviceID)
+	netInfo, err := cli.NetworkInspect(ctx, testNet, types.NetworkInspectOptions{
+		Verbose: true,
+		Scope:   "swarm",
+	})
+	assert.NilError(t, err)
+	assert.Assert(t, len(netInfo.Containers) == 2, "Expected 2 endpoints, one for container and one for LB Sandbox")
+
+	// Remove network from service
+	service.Spec.TaskTemplate.Networks = []swarmtypes.NetworkAttachmentConfig{}
+	_, err = cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+	poll.WaitOn(t, serviceIsUpdated(cli, serviceID), swarm.ServicePoll)
+
+	netInfo, err = cli.NetworkInspect(ctx, testNet, types.NetworkInspectOptions{
+		Verbose: true,
+		Scope:   "swarm",
+	})
+
+	assert.NilError(t, err)
+	assert.Assert(t, len(netInfo.Containers) == 0, "Load balancing endpoint still exists in network")
+
+	err = cli.NetworkRemove(ctx, overlayID)
+	assert.NilError(t, err)
+
+	err = cli.ServiceRemove(ctx, serviceID)
+	assert.NilError(t, err)
+}
+
+// TestServiceUpdatePidsLimit tests creating and updating a service with PidsLimit
+func TestServiceUpdatePidsLimit(t *testing.T) {
+	skip.If(
+		t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.41"),
+		"setting pidslimit for services is not supported before api v1.41",
+	)
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	tests := []struct {
+		name      string
+		pidsLimit int64
+		expected  int64
+	}{
+		{
+			name:      "create service with PidsLimit 300",
+			pidsLimit: 300,
+			expected:  300,
+		},
+		{
+			name:      "unset PidsLimit to 0",
+			pidsLimit: 0,
+			expected:  0,
+		},
+		{
+			name:      "update PidsLimit to 100",
+			pidsLimit: 100,
+			expected:  100,
+		},
+	}
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	cli := d.NewClientT(t)
+	defer func() { _ = cli.Close() }()
+	ctx := context.Background()
+	var (
+		serviceID string
+		service   swarmtypes.Service
+	)
+	for i, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			if i == 0 {
+				serviceID = swarm.CreateService(t, d, swarm.ServiceWithPidsLimit(tc.pidsLimit))
+			} else {
+				service = getService(t, cli, serviceID)
+				if service.Spec.TaskTemplate.Resources == nil {
+					service.Spec.TaskTemplate.Resources = &swarmtypes.ResourceRequirements{}
+				}
+				if service.Spec.TaskTemplate.Resources.Limits == nil {
+					service.Spec.TaskTemplate.Resources.Limits = &swarmtypes.Limit{}
+				}
+				service.Spec.TaskTemplate.Resources.Limits.Pids = tc.pidsLimit
+				_, err := cli.ServiceUpdate(ctx, serviceID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+				assert.NilError(t, err)
+				poll.WaitOn(t, serviceIsUpdated(cli, serviceID), swarm.ServicePoll)
+			}
+
+			poll.WaitOn(t, swarm.RunningTasksCount(cli, serviceID, 1), swarm.ServicePoll)
+			service = getService(t, cli, serviceID)
+			container := getServiceTaskContainer(ctx, t, cli, serviceID)
+			assert.Equal(t, service.Spec.TaskTemplate.Resources.Limits.Pids, tc.expected)
+			if tc.expected == 0 {
+				if container.HostConfig.Resources.PidsLimit != nil {
+					t.Fatalf("Expected container.HostConfig.Resources.PidsLimit to be nil")
+				}
+			} else {
+				assert.Assert(t, container.HostConfig.Resources.PidsLimit != nil)
+				assert.Equal(t, *container.HostConfig.Resources.PidsLimit, tc.expected)
+			}
+		})
+	}
+
+	err := cli.ServiceRemove(ctx, serviceID)
+	assert.NilError(t, err)
+}
+
+func getServiceTaskContainer(ctx context.Context, t *testing.T, cli client.APIClient, serviceID string) types.ContainerJSON {
+	t.Helper()
+	filter := filters.NewArgs()
+	filter.Add("service", serviceID)
+	filter.Add("desired-state", "running")
+	tasks, err := cli.TaskList(ctx, types.TaskListOptions{Filters: filter})
+	assert.NilError(t, err)
+	assert.Assert(t, len(tasks) > 0)
+
+	ctr, err := cli.ContainerInspect(ctx, tasks[0].Status.ContainerStatus.ContainerID)
+	assert.NilError(t, err)
+	assert.Equal(t, ctr.State.Running, true)
+	return ctr
+}
+
+func getService(t *testing.T, cli client.ServiceAPIClient, serviceID string) swarmtypes.Service {
+	t.Helper()
+	service, _, err := cli.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+	return service
+}
+
+func serviceIsUpdated(client client.ServiceAPIClient, serviceID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		service, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case service.UpdateStatus != nil && service.UpdateStatus.State == swarmtypes.UpdateStateCompleted:
+			return poll.Success()
+		default:
+			if service.UpdateStatus != nil {
+				return poll.Continue("waiting for service %s to be updated, state: %s, message: %s", serviceID, service.UpdateStatus.State, service.UpdateStatus.Message)
+			}
+			return poll.Continue("waiting for service %s to be updated", serviceID)
+		}
+	}
+}
+
+func serviceSpecIsUpdated(client client.ServiceAPIClient, serviceID string, serviceOldVersion uint64) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		service, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case service.Version.Index > serviceOldVersion:
+			return poll.Success()
+		default:
+			return poll.Continue("waiting for service %s to be updated", serviceID)
+		}
+	}
+}
diff --git a/integration/session/main_test.go b/integration/session/main_test.go
index fc33025efe667..766bd512b3885 100644
--- a/integration/session/main_test.go
+++ b/integration/session/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/session/session_test.go b/integration/session/session_test.go
index 23464fc1a140e..b5fdf0b32d9ce 100644
--- a/integration/session/session_test.go
+++ b/integration/session/session_test.go
@@ -4,23 +4,28 @@ import (
 	"net/http"
 	"testing"
 
-	req "github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/api/types/versions"
+	req "github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestSessionCreate(t *testing.T) {
-	skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
 	skip.If(t, testEnv.OSType == "windows", "FIXME")
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.39"), "experimental in older versions")
 
 	defer setupTest(t)()
-
-	res, body, err := req.Post("/session", req.With(func(r *http.Request) error {
-		r.Header.Set("X-Docker-Expose-Session-Uuid", "testsessioncreate") // so we don't block default name if something else is using it
-		r.Header.Set("Upgrade", "h2c")
-		return nil
-	}))
+	daemonHost := req.DaemonHost()
+
+	res, body, err := req.Post("/session",
+		req.Host(daemonHost),
+		req.With(func(r *http.Request) error {
+			r.Header.Set("X-Docker-Expose-Session-Uuid", "testsessioncreate") // so we don't block default name if something else is using it
+			r.Header.Set("Upgrade", "h2c")
+			return nil
+		}),
+	)
 	assert.NilError(t, err)
 	assert.NilError(t, body.Close())
 	assert.Check(t, is.DeepEqual(res.StatusCode, http.StatusSwitchingProtocols))
@@ -28,20 +33,26 @@ func TestSessionCreate(t *testing.T) {
 }
 
 func TestSessionCreateWithBadUpgrade(t *testing.T) {
-	skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
 	skip.If(t, testEnv.OSType == "windows", "FIXME")
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.39"), "experimental in older versions")
+
+	defer setupTest(t)()
+	daemonHost := req.DaemonHost()
 
-	res, body, err := req.Post("/session")
+	res, body, err := req.Post("/session", req.Host(daemonHost))
 	assert.NilError(t, err)
 	assert.Check(t, is.DeepEqual(res.StatusCode, http.StatusBadRequest))
 	buf, err := req.ReadBody(body)
 	assert.NilError(t, err)
 	assert.Check(t, is.Contains(string(buf), "no upgrade"))
 
-	res, body, err = req.Post("/session", req.With(func(r *http.Request) error {
-		r.Header.Set("Upgrade", "foo")
-		return nil
-	}))
+	res, body, err = req.Post("/session",
+		req.Host(daemonHost),
+		req.With(func(r *http.Request) error {
+			r.Header.Set("Upgrade", "foo")
+			return nil
+		}),
+	)
 	assert.NilError(t, err)
 	assert.Check(t, is.DeepEqual(res.StatusCode, http.StatusBadRequest))
 	buf, err = req.ReadBody(body)
diff --git a/integration/system/cgroupdriver_systemd_test.go b/integration/system/cgroupdriver_systemd_test.go
index b955dd30257f2..c1b998abae228 100644
--- a/integration/system/cgroupdriver_systemd_test.go
+++ b/integration/system/cgroupdriver_systemd_test.go
@@ -7,10 +7,10 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/testutil/daemon"
 
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 // hasSystemd checks whether the host was booted with systemd as its init
@@ -29,30 +29,27 @@ func hasSystemd() bool {
 //  https://github.com/moby/moby/issues/35123
 func TestCgroupDriverSystemdMemoryLimit(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, !hasSystemd())
 	t.Parallel()
 
-	if !hasSystemd() {
-		t.Skip("systemd not available")
-	}
-
 	d := daemon.New(t)
-	client, err := d.NewClient()
-	assert.NilError(t, err)
+	c := d.NewClientT(t)
+
 	d.StartWithBusybox(t, "--exec-opt", "native.cgroupdriver=systemd", "--iptables=false")
 	defer d.Stop(t)
 
-	const mem = 64 * 1024 * 1024 // 64 MB
+	const mem = int64(64 * 1024 * 1024) // 64 MB
 
 	ctx := context.Background()
-	ctrID := container.Create(t, ctx, client, func(c *container.TestContainerConfig) {
-		c.HostConfig.Resources.Memory = mem
+	ctrID := container.Create(ctx, t, c, func(ctr *container.TestContainerConfig) {
+		ctr.HostConfig.Resources.Memory = mem
 	})
-	defer client.ContainerRemove(ctx, ctrID, types.ContainerRemoveOptions{Force: true})
+	defer c.ContainerRemove(ctx, ctrID, types.ContainerRemoveOptions{Force: true})
 
-	err = client.ContainerStart(ctx, ctrID, types.ContainerStartOptions{})
+	err := c.ContainerStart(ctx, ctrID, types.ContainerStartOptions{})
 	assert.NilError(t, err)
 
-	s, err := client.ContainerInspect(ctx, ctrID)
+	s, err := c.ContainerInspect(ctx, ctrID)
 	assert.NilError(t, err)
 	assert.Equal(t, s.HostConfig.Memory, mem)
 }
diff --git a/integration/system/disk_usage_test.go b/integration/system/disk_usage_test.go
new file mode 100644
index 0000000000000..6c40a9b2fddfe
--- /dev/null
+++ b/integration/system/disk_usage_test.go
@@ -0,0 +1,274 @@
+package system // import "github.com/docker/docker/integration/system"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
+)
+
+func TestDiskUsage(t *testing.T) {
+	skip.If(t, testEnv.OSType == "windows") // d.Start fails on Windows with `protocol not available`
+
+	t.Parallel()
+
+	d := daemon.New(t)
+	defer d.Cleanup(t)
+	d.Start(t, "--iptables=false")
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+
+	ctx := context.Background()
+
+	var stepDU types.DiskUsage
+	for _, step := range []struct {
+		doc  string
+		next func(t *testing.T, prev types.DiskUsage) types.DiskUsage
+	}{
+		{
+			doc: "empty",
+			next: func(t *testing.T, _ types.DiskUsage) types.DiskUsage {
+				du, err := client.DiskUsage(ctx, types.DiskUsageOptions{})
+				assert.NilError(t, err)
+				assert.DeepEqual(t, du, types.DiskUsage{
+					Images:     []*types.ImageSummary{},
+					Containers: []*types.Container{},
+					Volumes:    []*types.Volume{},
+					BuildCache: []*types.BuildCache{},
+				})
+				return du
+			},
+		},
+		{
+			doc: "after LoadBusybox",
+			next: func(t *testing.T, _ types.DiskUsage) types.DiskUsage {
+				d.LoadBusybox(t)
+
+				du, err := client.DiskUsage(ctx, types.DiskUsageOptions{})
+				assert.NilError(t, err)
+				assert.Assert(t, du.LayersSize > 0)
+				assert.Equal(t, len(du.Images), 1)
+				assert.DeepEqual(t, du, types.DiskUsage{
+					LayersSize: du.LayersSize,
+					Images: []*types.ImageSummary{
+						{
+							Created:     du.Images[0].Created,
+							ID:          du.Images[0].ID,
+							RepoTags:    []string{"busybox:latest"},
+							Size:        du.LayersSize,
+							VirtualSize: du.LayersSize,
+						},
+					},
+					Containers: []*types.Container{},
+					Volumes:    []*types.Volume{},
+					BuildCache: []*types.BuildCache{},
+				})
+				return du
+			},
+		},
+		{
+			doc: "after container.Run",
+			next: func(t *testing.T, prev types.DiskUsage) types.DiskUsage {
+				cID := container.Run(ctx, t, client)
+
+				du, err := client.DiskUsage(ctx, types.DiskUsageOptions{})
+				assert.NilError(t, err)
+				assert.Equal(t, len(du.Containers), 1)
+				assert.Equal(t, len(du.Containers[0].Names), 1)
+				assert.Assert(t, du.Containers[0].Created >= prev.Images[0].Created)
+				assert.DeepEqual(t, du, types.DiskUsage{
+					LayersSize: prev.LayersSize,
+					Images: []*types.ImageSummary{
+						func() *types.ImageSummary {
+							sum := *prev.Images[0]
+							sum.Containers++
+							return &sum
+						}(),
+					},
+					Containers: []*types.Container{
+						{
+							ID:              cID,
+							Names:           du.Containers[0].Names,
+							Image:           "busybox",
+							ImageID:         prev.Images[0].ID,
+							Command:         du.Containers[0].Command, // not relevant for the test
+							Created:         du.Containers[0].Created,
+							Ports:           du.Containers[0].Ports, // not relevant for the test
+							SizeRootFs:      prev.Images[0].Size,
+							Labels:          du.Containers[0].Labels,          // not relevant for the test
+							State:           du.Containers[0].State,           // not relevant for the test
+							Status:          du.Containers[0].Status,          // not relevant for the test
+							HostConfig:      du.Containers[0].HostConfig,      // not relevant for the test
+							NetworkSettings: du.Containers[0].NetworkSettings, // not relevant for the test
+							Mounts:          du.Containers[0].Mounts,          // not relevant for the test
+						},
+					},
+					Volumes:    []*types.Volume{},
+					BuildCache: []*types.BuildCache{},
+				})
+				return du
+			},
+		},
+	} {
+		t.Run(step.doc, func(t *testing.T) {
+			stepDU = step.next(t, stepDU)
+
+			for _, tc := range []struct {
+				doc      string
+				options  types.DiskUsageOptions
+				expected types.DiskUsage
+			}{
+				{
+					doc: "container types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.ContainerObject,
+						},
+					},
+					expected: types.DiskUsage{
+						Containers: stepDU.Containers,
+					},
+				},
+				{
+					doc: "image types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.ImageObject,
+						},
+					},
+					expected: types.DiskUsage{
+						LayersSize: stepDU.LayersSize,
+						Images:     stepDU.Images,
+					},
+				},
+				{
+					doc: "volume types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.VolumeObject,
+						},
+					},
+					expected: types.DiskUsage{
+						Volumes: stepDU.Volumes,
+					},
+				},
+				{
+					doc: "build-cache types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.BuildCacheObject,
+						},
+					},
+					expected: types.DiskUsage{
+						BuildCache: stepDU.BuildCache,
+					},
+				},
+				{
+					doc: "container, volume types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.ContainerObject,
+							types.VolumeObject,
+						},
+					},
+					expected: types.DiskUsage{
+						Containers: stepDU.Containers,
+						Volumes:    stepDU.Volumes,
+					},
+				},
+				{
+					doc: "image, build-cache types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.ImageObject,
+							types.BuildCacheObject,
+						},
+					},
+					expected: types.DiskUsage{
+						LayersSize: stepDU.LayersSize,
+						Images:     stepDU.Images,
+						BuildCache: stepDU.BuildCache,
+					},
+				},
+				{
+					doc: "container, volume, build-cache types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.ContainerObject,
+							types.VolumeObject,
+							types.BuildCacheObject,
+						},
+					},
+					expected: types.DiskUsage{
+						Containers: stepDU.Containers,
+						Volumes:    stepDU.Volumes,
+						BuildCache: stepDU.BuildCache,
+					},
+				},
+				{
+					doc: "image, volume, build-cache types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.ImageObject,
+							types.VolumeObject,
+							types.BuildCacheObject,
+						},
+					},
+					expected: types.DiskUsage{
+						LayersSize: stepDU.LayersSize,
+						Images:     stepDU.Images,
+						Volumes:    stepDU.Volumes,
+						BuildCache: stepDU.BuildCache,
+					},
+				},
+				{
+					doc: "container, image, volume types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.ContainerObject,
+							types.ImageObject,
+							types.VolumeObject,
+						},
+					},
+					expected: types.DiskUsage{
+						LayersSize: stepDU.LayersSize,
+						Containers: stepDU.Containers,
+						Images:     stepDU.Images,
+						Volumes:    stepDU.Volumes,
+					},
+				},
+				{
+					doc: "container, image, volume, build-cache types",
+					options: types.DiskUsageOptions{
+						Types: []types.DiskUsageObject{
+							types.ContainerObject,
+							types.ImageObject,
+							types.VolumeObject,
+							types.BuildCacheObject,
+						},
+					},
+					expected: types.DiskUsage{
+						LayersSize: stepDU.LayersSize,
+						Containers: stepDU.Containers,
+						Images:     stepDU.Images,
+						Volumes:    stepDU.Volumes,
+						BuildCache: stepDU.BuildCache,
+					},
+				},
+			} {
+				tc := tc
+				t.Run(tc.doc, func(t *testing.T) {
+					// TODO: Run in parallel once https://github.com/moby/moby/pull/42560 is merged.
+
+					du, err := client.DiskUsage(ctx, tc.options)
+					assert.NilError(t, err)
+					assert.DeepEqual(t, du, tc.expected)
+				})
+			}
+		})
+	}
+}
diff --git a/integration/system/event_test.go b/integration/system/event_test.go
index 60d10407f6b2a..592f4432ef6ff 100644
--- a/integration/system/event_test.go
+++ b/integration/system/event_test.go
@@ -3,6 +3,7 @@ package system // import "github.com/docker/docker/integration/system"
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
 	"net/url"
@@ -11,16 +12,19 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/api/types/volume"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
-	req "github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/jsonmessage"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/testutil/request"
+	req "github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestEventsExecDie(t *testing.T) {
@@ -28,9 +32,9 @@ func TestEventsExecDie(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows", "FIXME. Suspect may need to wait until container is running before exec")
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
-	cID := container.Run(t, ctx, client)
+	cID := container.Run(ctx, t, client)
 
 	id, err := client.ContainerExecCreate(ctx, cID,
 		types.ExecConfig{
@@ -63,7 +67,7 @@ func TestEventsExecDie(t *testing.T) {
 		assert.Equal(t, m.Actor.Attributes["execID"], id.ID)
 		assert.Equal(t, m.Actor.Attributes["exitCode"], "0")
 	case err = <-errors:
-		t.Fatal(err)
+		assert.NilError(t, err)
 	case <-time.After(time.Second * 3):
 		t.Fatal("timeout hit")
 	}
@@ -78,12 +82,12 @@ func TestEventsBackwardsCompatible(t *testing.T) {
 	skip.If(t, testEnv.OSType == "windows", "Windows doesn't support back-compat messages")
 	defer setupTest(t)()
 	ctx := context.Background()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 
 	since := request.DaemonTime(ctx, t, client, testEnv)
 	ts := strconv.FormatInt(since.Unix(), 10)
 
-	cID := container.Create(t, ctx, client)
+	cID := container.Create(ctx, t, client)
 
 	// In case there is no events, the API should have responded immediately (not blocking),
 	// The test here makes sure the response time is less than 3 sec.
@@ -109,7 +113,7 @@ func TestEventsBackwardsCompatible(t *testing.T) {
 			if err == io.EOF {
 				break
 			}
-			t.Fatal(err)
+			assert.NilError(t, err)
 		}
 		if event.Status == "create" && event.ID == cID {
 			containerCreateEvent = &event
@@ -122,3 +126,69 @@ func TestEventsBackwardsCompatible(t *testing.T) {
 	assert.Check(t, is.Equal(cID, containerCreateEvent.ID))
 	assert.Check(t, is.Equal("busybox", containerCreateEvent.From))
 }
+
+// TestEventsVolumeCreate verifies that volume create events are only fired
+// once: when creating the volume, and not when attaching to a container.
+func TestEventsVolumeCreate(t *testing.T) {
+	skip.If(t, testEnv.OSType == "windows", "FIXME: Windows doesn't trigger the events? Could be a race")
+
+	defer setupTest(t)()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	client := testEnv.APIClient()
+
+	since := request.DaemonUnixTime(ctx, t, client, testEnv)
+	volName := t.Name()
+	getEvents := func(messages <-chan events.Message, errs <-chan error) ([]events.Message, error) {
+		var evts []events.Message
+
+		for {
+			select {
+			case m := <-messages:
+				evts = append(evts, m)
+			case err := <-errs:
+				if err == io.EOF {
+					return evts, nil
+				}
+				return nil, err
+			case <-time.After(time.Second * 3):
+				return nil, errors.New("timeout hit")
+			}
+		}
+	}
+
+	_, err := client.VolumeCreate(ctx, volume.VolumeCreateBody{Name: volName})
+	assert.NilError(t, err)
+
+	filter := filters.NewArgs(
+		filters.Arg("type", "volume"),
+		filters.Arg("event", "create"),
+		filters.Arg("volume", volName),
+	)
+	messages, errs := client.Events(ctx, types.EventsOptions{
+		Since:   since,
+		Until:   request.DaemonUnixTime(ctx, t, client, testEnv),
+		Filters: filter,
+	})
+
+	volEvents, err := getEvents(messages, errs)
+	assert.NilError(t, err)
+	assert.Equal(t, len(volEvents), 1, "expected volume create event when creating a volume")
+
+	container.Create(ctx, t, client, container.WithMount(mount.Mount{
+		Type:   mount.TypeVolume,
+		Source: volName,
+		Target: "/tmp/foo",
+	}))
+
+	messages, errs = client.Events(ctx, types.EventsOptions{
+		Since:   since,
+		Until:   request.DaemonUnixTime(ctx, t, client, testEnv),
+		Filters: filter,
+	})
+
+	volEvents, err = getEvents(messages, errs)
+	assert.NilError(t, err)
+	assert.Equal(t, len(volEvents), 1, "expected volume create event to be fired only once")
+}
diff --git a/integration/system/info_linux_test.go b/integration/system/info_linux_test.go
index f1a60ef6d5312..87e691f526f20 100644
--- a/integration/system/info_linux_test.go
+++ b/integration/system/info_linux_test.go
@@ -1,20 +1,25 @@
+//go:build !windows
 // +build !windows
 
 package system // import "github.com/docker/docker/integration/system"
 
 import (
 	"context"
+	"fmt"
+	"net"
 	"net/http"
 	"testing"
 
-	"github.com/docker/docker/internal/test/request"
-	req "github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/testutil/daemon"
+	req "github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestInfoBinaryCommits(t *testing.T) {
-	client := request.NewAPIClient(t)
+	defer setupTest(t)()
+	client := testEnv.APIClient()
 
 	info, err := client.Info(context.Background())
 	assert.NilError(t, err)
@@ -43,3 +48,72 @@ func TestInfoAPIVersioned(t *testing.T) {
 	assert.Check(t, is.Contains(out, "ExecutionDriver"))
 	assert.Check(t, is.Contains(out, "not supported"))
 }
+
+// TestInfoDiscoveryBackend verifies that a daemon run with `--cluster-advertise` and
+// `--cluster-store` properly returns the backend's endpoint in info output.
+func TestInfoDiscoveryBackend(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+
+	const (
+		discoveryBackend   = "consul://consuladdr:consulport/some/path"
+		discoveryAdvertise = "1.1.1.1:2375"
+	)
+
+	d := daemon.New(t)
+	d.Start(t, "--cluster-store="+discoveryBackend, "--cluster-advertise="+discoveryAdvertise)
+	defer d.Stop(t)
+
+	info := d.Info(t)
+	assert.Equal(t, info.ClusterStore, discoveryBackend)
+	assert.Equal(t, info.ClusterAdvertise, discoveryAdvertise)
+}
+
+// TestInfoDiscoveryInvalidAdvertise verifies that a daemon run with
+// an invalid `--cluster-advertise` configuration
+func TestInfoDiscoveryInvalidAdvertise(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	d := daemon.New(t)
+
+	// --cluster-advertise with an invalid string is an error
+	err := d.StartWithError("--cluster-store=consul://consuladdr:consulport/some/path", "--cluster-advertise=invalid")
+	if err == nil {
+		d.Stop(t)
+	}
+	assert.ErrorContains(t, err, "", "expected error when starting daemon")
+
+	// --cluster-advertise without --cluster-store is also an error
+	err = d.StartWithError("--cluster-advertise=1.1.1.1:2375")
+	if err == nil {
+		d.Stop(t)
+	}
+	assert.ErrorContains(t, err, "", "expected error when starting daemon")
+}
+
+// TestInfoDiscoveryAdvertiseInterfaceName verifies that a daemon run with `--cluster-advertise`
+// configured with interface name properly show the advertise ip-address in info output.
+func TestInfoDiscoveryAdvertiseInterfaceName(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
+	// TODO should we check for networking availability (integration-cli suite checks for networking through `Network()`)
+
+	d := daemon.New(t)
+	const (
+		discoveryStore     = "consul://consuladdr:consulport/some/path"
+		discoveryInterface = "eth0"
+	)
+
+	d.Start(t, "--cluster-store="+discoveryStore, fmt.Sprintf("--cluster-advertise=%s:2375", discoveryInterface))
+	defer d.Stop(t)
+
+	iface, err := net.InterfaceByName(discoveryInterface)
+	assert.NilError(t, err)
+	addrs, err := iface.Addrs()
+	assert.NilError(t, err)
+	assert.Assert(t, len(addrs) > 0)
+	ip, _, err := net.ParseCIDR(addrs[0].String())
+	assert.NilError(t, err)
+
+	info := d.Info(t)
+	assert.Equal(t, info.ClusterStore, discoveryStore)
+	assert.Equal(t, info.ClusterAdvertise, ip.String()+":2375")
+}
diff --git a/integration/system/info_test.go b/integration/system/info_test.go
index fa2157b8517b8..d2f6dc4344380 100644
--- a/integration/system/info_test.go
+++ b/integration/system/info_test.go
@@ -3,17 +3,19 @@ package system // import "github.com/docker/docker/integration/system"
 import (
 	"context"
 	"fmt"
+	"sort"
 	"testing"
 
-	"github.com/docker/docker/internal/test/daemon"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/testutil/daemon"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestInfoAPI(t *testing.T) {
-	client := request.NewAPIClient(t)
+	defer setupTest(t)()
+	client := testEnv.APIClient()
 
 	info, err := client.Info(context.Background())
 	assert.NilError(t, err)
@@ -44,16 +46,15 @@ func TestInfoAPI(t *testing.T) {
 }
 
 func TestInfoAPIWarnings(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
 	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME")
 	d := daemon.New(t)
+	c := d.NewClientT(t)
 
-	client, err := d.NewClient()
-	assert.NilError(t, err)
-
-	d.StartWithBusybox(t, "--iptables=false", "-H=0.0.0.0:23756", "-H=unix://"+d.Sock())
+	d.Start(t, "-H=0.0.0.0:23756", "-H="+d.Sock())
 	defer d.Stop(t)
 
-	info, err := client.Info(context.Background())
+	info, err := c.Info(context.Background())
 	assert.NilError(t, err)
 
 	stringsToCheck := []string{
@@ -66,3 +67,67 @@ func TestInfoAPIWarnings(t *testing.T) {
 		assert.Check(t, is.Contains(out, linePrefix))
 	}
 }
+
+func TestInfoDebug(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME: test starts daemon with -H unix://.....")
+
+	d := daemon.New(t)
+	d.Start(t, "--debug")
+	defer d.Stop(t)
+
+	info := d.Info(t)
+	assert.Equal(t, info.Debug, true)
+
+	// Note that the information below is not tied to debug-mode being enabled.
+	assert.Check(t, info.NFd != 0)
+
+	// TODO need a stable way to generate event listeners
+	// assert.Check(t, info.NEventsListener != 0)
+	assert.Check(t, info.NGoroutines != 0)
+	assert.Check(t, info.SystemTime != "")
+	assert.Equal(t, info.DockerRootDir, d.Root)
+}
+
+func TestInfoInsecureRegistries(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME: test starts daemon with -H unix://.....")
+
+	const (
+		registryCIDR = "192.168.1.0/24"
+		registryHost = "insecurehost.com:5000"
+	)
+
+	d := daemon.New(t)
+	d.Start(t, "--insecure-registry="+registryCIDR, "--insecure-registry="+registryHost)
+	defer d.Stop(t)
+
+	info := d.Info(t)
+	assert.Assert(t, is.Len(info.RegistryConfig.InsecureRegistryCIDRs, 2))
+	cidrs := []string{
+		info.RegistryConfig.InsecureRegistryCIDRs[0].String(),
+		info.RegistryConfig.InsecureRegistryCIDRs[1].String(),
+	}
+	assert.Assert(t, is.Contains(cidrs, registryCIDR))
+	assert.Assert(t, is.Contains(cidrs, "127.0.0.0/8"))
+	assert.DeepEqual(t, *info.RegistryConfig.IndexConfigs["docker.io"], registry.IndexInfo{Name: "docker.io", Mirrors: []string{}, Secure: true, Official: true})
+	assert.DeepEqual(t, *info.RegistryConfig.IndexConfigs[registryHost], registry.IndexInfo{Name: registryHost, Mirrors: []string{}, Secure: false, Official: false})
+}
+
+func TestInfoRegistryMirrors(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME: test starts daemon with -H unix://.....")
+
+	const (
+		registryMirror1 = "https://192.168.1.2"
+		registryMirror2 = "http://registry-mirror.example.com:5000"
+	)
+
+	d := daemon.New(t)
+	d.Start(t, "--registry-mirror="+registryMirror1, "--registry-mirror="+registryMirror2)
+	defer d.Stop(t)
+
+	info := d.Info(t)
+	sort.Strings(info.RegistryConfig.Mirrors)
+	assert.DeepEqual(t, info.RegistryConfig.Mirrors, []string{registryMirror2 + "/", registryMirror1 + "/"})
+}
diff --git a/integration/system/login_test.go b/integration/system/login_test.go
index ad1a8756dc173..1284911020d80 100644
--- a/integration/system/login_test.go
+++ b/integration/system/login_test.go
@@ -6,23 +6,24 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/integration/internal/requirement"
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 // Test case for GitHub 22244
 func TestLoginFailsWithBadCredentials(t *testing.T) {
 	skip.If(t, !requirement.HasHubConnectivity(t))
 
-	client := request.NewAPIClient(t)
+	defer setupTest(t)()
+	client := testEnv.APIClient()
 
 	config := types.AuthConfig{
 		Username: "no-user",
 		Password: "no-password",
 	}
 	_, err := client.RegistryLogin(context.Background(), config)
-	expected := "Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password"
-	assert.Check(t, is.Error(err, expected))
+	assert.Assert(t, err != nil)
+	assert.Check(t, is.ErrorContains(err, "unauthorized: incorrect username or password"))
+	assert.Check(t, is.ErrorContains(err, "https://registry-1.docker.io/v2/"))
 }
diff --git a/integration/system/main_test.go b/integration/system/main_test.go
index f19a3157aa393..6dd4761cd5f68 100644
--- a/integration/system/main_test.go
+++ b/integration/system/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/system/ping_test.go b/integration/system/ping_test.go
new file mode 100644
index 0000000000000..cd7a1c8eff3f4
--- /dev/null
+++ b/integration/system/ping_test.go
@@ -0,0 +1,59 @@
+package system // import "github.com/docker/docker/integration/system"
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/testutil/request"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
+)
+
+func TestPingCacheHeaders(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "skip test from new feature")
+	defer setupTest(t)()
+
+	res, _, err := request.Get("/_ping")
+	assert.NilError(t, err)
+	assert.Equal(t, res.StatusCode, http.StatusOK)
+
+	assert.Equal(t, hdr(res, "Cache-Control"), "no-cache, no-store, must-revalidate")
+	assert.Equal(t, hdr(res, "Pragma"), "no-cache")
+}
+
+func TestPingGet(t *testing.T) {
+	defer setupTest(t)()
+
+	res, body, err := request.Get("/_ping")
+	assert.NilError(t, err)
+
+	b, err := request.ReadBody(body)
+	assert.NilError(t, err)
+	assert.Equal(t, string(b), "OK")
+	assert.Equal(t, res.StatusCode, http.StatusOK)
+	assert.Check(t, hdr(res, "API-Version") != "")
+}
+
+func TestPingHead(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "skip test from new feature")
+	defer setupTest(t)()
+
+	res, body, err := request.Head("/_ping")
+	assert.NilError(t, err)
+
+	b, err := request.ReadBody(body)
+	assert.NilError(t, err)
+	assert.Equal(t, 0, len(b))
+	assert.Equal(t, res.StatusCode, http.StatusOK)
+	assert.Check(t, hdr(res, "API-Version") != "")
+}
+
+func hdr(res *http.Response, name string) string {
+	val, ok := res.Header[http.CanonicalHeaderKey(name)]
+	if !ok || len(val) == 0 {
+		return ""
+	}
+	return strings.Join(val, ", ")
+}
diff --git a/integration/system/version_test.go b/integration/system/version_test.go
index 8904c09b26c6f..98a3c8ed44c04 100644
--- a/integration/system/version_test.go
+++ b/integration/system/version_test.go
@@ -4,13 +4,13 @@ import (
 	"context"
 	"testing"
 
-	"github.com/docker/docker/internal/test/request"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestVersion(t *testing.T) {
-	client := request.NewAPIClient(t)
+	defer setupTest(t)()
+	client := testEnv.APIClient()
 
 	version, err := client.ServerVersion(context.Background())
 	assert.NilError(t, err)
diff --git a/integration/testdata/https/ca.pem b/integration/testdata/https/ca.pem
index 6825d6d1bd15e..61285ec8e31ab 100644
--- a/integration/testdata/https/ca.pem
+++ b/integration/testdata/https/ca.pem
@@ -1,23 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            45:9c:ce:13:92:42:39:2e:90:f5:93:05:f1:03:92:17:5d:e4:89:8d
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=moby-ci/name=moby/emailAddress=moby@example.org
+        Validity
+            Not Before: May 17 19:49:34 2021 GMT
+            Not After : May 17 19:49:34 2031 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=moby-ci/name=moby/emailAddress=moby@example.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c2:5a:af:10:15:fb:c8:46:c4:31:d7:ee:ec:d9:
+                    c4:1e:c3:b3:b6:4c:ec:e1:2b:57:40:a2:74:cd:d5:
+                    8e:7d:69:b6:22:60:21:05:be:a5:92:40:4c:43:2b:
+                    eb:c9:00:32:5f:59:1c:59:50:e2:98:df:ff:9b:2d:
+                    16:9f:c6:a0:57:78:bc:ae:a5:8d:b3:7d:98:73:7a:
+                    6f:d2:05:52:15:89:89:22:ec:9d:9a:e7:c7:35:8f:
+                    6b:38:a3:33:54:c5:74:2a:05:ad:af:a0:8a:54:7b:
+                    7d:d4:6a:9b:2b:90:cb:9a:e7:6e:94:bd:a2:f3:5b:
+                    40:d1:fa:4d:ec:fd:6f:14:1d:89:5b:fc:35:c2:1c:
+                    98:0b:c4:53:7a:25:16:3f:02:e9:e8:46:20:4d:e8:
+                    1e:25:0d:0d:10:e9:36:42:2a:88:d9:91:b3:fa:9e:
+                    07:c0:a9:b1:44:db:2c:e5:cb:85:bf:4a:38:a0:cf:
+                    7e:2c:20:e5:a9:cf:49:2a:6f:e3:b8:93:fd:38:9b:
+                    2a:c2:ea:c3:0f:3b:f5:f3:30:c8:f7:51:d5:8b:d0:
+                    5e:97:75:21:e4:d2:47:ca:1d:66:4a:36:b2:81:13:
+                    d9:13:19:0d:35:04:84:ca:35:f4:47:f9:47:37:21:
+                    64:95:a1:cb:8a:01:d3:e6:50:e2:01:17:e5:0e:64:
+                    89:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                85:57:D0:FF:A9:B4:1E:1F:80:33:FB:B8:34:ED:7D:06:39:CD:34:98
+            X509v3 Authority Key Identifier: 
+                keyid:85:57:D0:FF:A9:B4:1E:1F:80:33:FB:B8:34:ED:7D:06:39:CD:34:98
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         46:73:2d:4b:ce:b0:c2:13:19:85:97:67:95:d9:15:6f:cf:e0:
+         89:e4:42:90:4e:a3:5a:64:8c:e9:92:6f:b4:cb:56:e6:ec:6e:
+         91:04:18:12:79:ca:70:bb:e5:ba:5d:ed:fe:8c:47:7e:8f:8b:
+         bd:9f:40:5a:63:51:b8:80:6f:b2:7b:ff:c1:43:68:7d:21:0c:
+         0a:a4:ea:b7:2d:0a:31:e4:3e:5e:bb:72:bd:63:6b:a1:2d:d3:
+         ca:6a:e0:af:17:52:12:71:73:77:41:11:f1:24:32:54:b4:67:
+         c9:5e:b1:f1:cf:bd:95:91:c8:9c:43:4f:3f:c3:f6:3c:0e:41:
+         2b:f9:c7:25:3f:17:4d:4a:e7:27:36:bc:9e:d4:30:e6:6e:29:
+         95:e4:33:66:b4:2e:11:ac:97:61:df:3f:4d:03:8e:96:04:10:
+         a5:d8:5f:85:a3:4b:6c:d5:1c:7d:17:8c:4c:8a:cb:9d:27:65:
+         2c:ee:dd:2b:19:27:1a:57:3c:68:2d:eb:6e:e8:b2:59:8c:0a:
+         17:75:ba:fc:89:d8:fc:c0:45:44:8a:a1:9c:52:b0:f3:b7:6d:
+         f2:2e:24:ee:50:d9:27:4d:33:89:5c:97:34:b0:47:81:94:4b:
+         c1:b4:aa:d9:65:b5:4f:98:0b:a9:76:30:a0:ef:f1:71:23:0f:
+         04:dc:83:fd
 -----BEGIN CERTIFICATE-----
-MIID0TCCAzqgAwIBAgIJAP2r7GqEJwSnMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
-VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
-A1UEChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMI
-Y2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWls
-QGhvc3QuZG9tYWluMB4XDTEzMTIwMzE2NTYzMFoXDTIzMTIwMTE2NTYzMFowgaIx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
-MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYD
-VQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEW
-EG1haWxAaG9zdC5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAn
-0xDw+5y7ZptQacq66pUhRu82JP2WU6IDgo5QUtNU6/CX5PwQATe/OnYTZQFbksxp
-AU9boG0FCkgxfsgPYXEuZxVEGKI2fxfKHOZZI8mrkWmj6eWU/0cvCjGVc9rTITP5
-sNQvg+hORyVDdNp2IdsbMJayiB3AQYMFx3vSDOMTAgMBAAGjggELMIIBBzAdBgNV
-HQ4EFgQUZu7DFz09q0QBa2+ymRm9qgK1NPswgdcGA1UdIwSBzzCBzIAUZu7DFz09
-q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
-QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
-ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
-Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
-hCcEpzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF8fJKKM+/oOdnNi
-zEd0M1+PmZOyqvjYQn/2ZR8UHH6Imgc/OPQKZXf0bVE1Txc/DaUNn9Isd1SuCuaE
-ic3vAIYYU7PmgeNN6vwec48V96T7jr+GAi6AVMhQEc2hHCfVtx11Xx+x6aHDZzJt
-Zxtf5lL6KSO9Y+EFwM+rju6hm5hW
+MIIEETCCAvmgAwIBAgIURZzOE5JCOS6Q9ZMF8QOSF13kiY0wDQYJKoZIhvcNAQEL
+BQAwgZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMU2FuRnJh
+bmNpc2NvMRUwEwYDVQQKDAxNb2J5LXByb2plY3QxCzAJBgNVBAsMAmNpMRAwDgYD
+VQQDDAdtb2J5LWNpMQ0wCwYDVQQpDARtb2J5MR8wHQYJKoZIhvcNAQkBFhBtb2J5
+QGV4YW1wbGUub3JnMB4XDTIxMDUxNzE5NDkzNFoXDTMxMDUxNzE5NDkzNFowgZcx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMU2FuRnJhbmNpc2Nv
+MRUwEwYDVQQKDAxNb2J5LXByb2plY3QxCzAJBgNVBAsMAmNpMRAwDgYDVQQDDAdt
+b2J5LWNpMQ0wCwYDVQQpDARtb2J5MR8wHQYJKoZIhvcNAQkBFhBtb2J5QGV4YW1w
+bGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlqvEBX7yEbE
+Mdfu7NnEHsOztkzs4StXQKJ0zdWOfWm2ImAhBb6lkkBMQyvryQAyX1kcWVDimN//
+my0Wn8agV3i8rqWNs32Yc3pv0gVSFYmJIuydmufHNY9rOKMzVMV0KgWtr6CKVHt9
+1GqbK5DLmudulL2i81tA0fpN7P1vFB2JW/w1whyYC8RTeiUWPwLp6EYgTegeJQ0N
+EOk2QiqI2ZGz+p4HwKmxRNss5cuFv0o4oM9+LCDlqc9JKm/juJP9OJsqwurDDzv1
+8zDI91HVi9Bel3Uh5NJHyh1mSjaygRPZExkNNQSEyjX0R/lHNyFklaHLigHT5lDi
+ARflDmSJDQIDAQABo1MwUTAdBgNVHQ4EFgQUhVfQ/6m0Hh+AM/u4NO19BjnNNJgw
+HwYDVR0jBBgwFoAUhVfQ/6m0Hh+AM/u4NO19BjnNNJgwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEARnMtS86wwhMZhZdnldkVb8/gieRCkE6jWmSM
+6ZJvtMtW5uxukQQYEnnKcLvlul3t/oxHfo+LvZ9AWmNRuIBvsnv/wUNofSEMCqTq
+ty0KMeQ+XrtyvWNroS3TymrgrxdSEnFzd0ER8SQyVLRnyV6x8c+9lZHInENPP8P2
+PA5BK/nHJT8XTUrnJza8ntQw5m4pleQzZrQuEayXYd8/TQOOlgQQpdhfhaNLbNUc
+fReMTIrLnSdlLO7dKxknGlc8aC3rbuiyWYwKF3W6/InY/MBFRIqhnFKw87dt8i4k
+7lDZJ00ziVyXNLBHgZRLwbSq2WW1T5gLqXYwoO/xcSMPBNyD/Q==
 -----END CERTIFICATE-----
diff --git a/integration/testdata/https/client-cert.pem b/integration/testdata/https/client-cert.pem
index c05ed47c2c5eb..77809c28815a5 100644
--- a/integration/testdata/https/client-cert.pem
+++ b/integration/testdata/https/client-cert.pem
@@ -2,72 +2,85 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 3 (0x3)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=moby-ci/name=moby/emailAddress=moby@example.org
         Validity
-            Not Before: Dec  4 14:17:54 2013 GMT
-            Not After : Dec  2 14:17:54 2023 GMT
-        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
+            Not Before: May 17 19:49:34 2021 GMT
+            Not After : May 17 19:49:34 2031 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=client/name=moby/emailAddress=moby@example.org
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:ca:c9:05:d0:09:4e:3e:a4:fc:d5:14:f4:a5:e8:
-                    34:d3:6b:51:e3:f3:62:ea:a1:f0:e8:ed:c4:2a:bc:
-                    f0:4f:ca:07:df:e3:88:fa:f4:21:99:35:0e:3d:ea:
-                    b0:86:e7:c4:d2:8a:83:2b:42:b8:ec:a3:99:62:70:
-                    81:46:cc:fc:a5:1d:d2:63:e8:eb:07:25:9a:e2:25:
-                    6d:11:56:f2:1a:51:a1:b6:3e:1c:57:32:e9:7b:2c:
-                    aa:1b:cc:97:2d:89:2d:b1:c9:5e:35:28:4d:7c:fa:
-                    65:31:3e:f7:70:dd:6e:0b:3c:58:af:a8:2e:24:c0:
-                    7e:4e:78:7d:0a:9e:8f:42:43
+                    00:e3:20:9f:c9:63:fe:29:a9:0e:21:e0:4d:4c:42:
+                    cb:cc:9f:29:8c:73:5d:f7:88:bd:81:62:1f:b2:a3:
+                    95:4d:3a:58:28:af:f0:3e:aa:a7:c2:c6:52:b9:94:
+                    9f:6b:58:d6:9a:08:b4:5f:60:fb:f1:ea:e7:49:8d:
+                    46:35:e2:e9:82:9f:20:44:41:82:a7:fa:ab:82:1b:
+                    03:7f:f0:4e:78:38:37:20:9d:67:43:c0:e2:8f:09:
+                    07:3f:7f:96:13:7a:64:c5:90:13:87:71:6d:ed:e7:
+                    28:3a:05:48:eb:d6:e6:27:da:46:f9:a4:5c:66:49:
+                    56:5f:88:87:4e:0a:8b:fe:ea:05:a6:c1:72:b9:94:
+                    d5:8e:d4:9a:18:58:ac:56:1b:34:3e:c3:50:06:5d:
+                    f3:3d:85:93:2c:8b:3f:33:e6:32:14:92:9e:fd:fc:
+                    5d:8a:71:1b:20:67:43:e0:72:fc:4e:31:c6:b7:03:
+                    98:99:e7:95:ef:7c:5a:30:cf:c1:a4:43:42:fb:be:
+                    1b:a7:08:d5:e0:b5:b2:10:ff:0f:e1:0d:ee:3e:b2:
+                    04:05:86:1e:72:a9:d6:16:84:37:73:28:5d:d9:3c:
+                    fd:f3:99:18:dc:90:83:59:23:90:bc:25:33:0f:23:
+                    48:9d:d2:97:a0:ac:94:4f:8e:31:22:cc:74:83:f7:
+                    31:9d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
-            Netscape Comment: 
-                Easy-RSA Generated Certificate
             X509v3 Subject Key Identifier: 
-                DE:42:EF:2D:98:A3:6C:A8:AA:E0:8C:71:2C:9D:64:23:A9:E2:7E:81
+                23:1C:5A:99:1A:2B:BC:FD:39:97:8D:1F:5A:49:BF:4F:33:0F:26:C1
             X509v3 Authority Key Identifier: 
-                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
-                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
-                serial:FD:AB:EC:6A:84:27:04:A7
+                keyid:85:57:D0:FF:A9:B4:1E:1F:80:33:FB:B8:34:ED:7D:06:39:CD:34:98
 
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha1WithRSAEncryption
-         1c:44:26:ea:e1:66:25:cb:e4:8e:57:1c:f6:b9:17:22:62:40:
-         12:90:8f:3b:b2:61:7a:54:94:8f:b1:20:0b:bf:a3:51:e3:fa:
-         1c:a1:be:92:3a:d0:76:44:c0:57:83:ab:6a:e4:1a:45:49:a4:
-         af:39:0d:60:32:fc:3a:be:d7:fb:5d:99:7a:1f:87:e7:d5:ab:
-         84:a2:5e:90:d8:bf:fa:89:6d:32:26:02:5e:31:35:68:7f:31:
-         f5:6b:51:46:bc:af:70:ed:5a:09:7d:ec:b2:48:4f:fe:c5:2f:
-         56:04:ad:f6:c1:d2:2a:e4:6a:c4:87:fe:08:35:c5:38:cb:5e:
-         4a:c4
+            X509v3 Subject Alternative Name: 
+                DNS:*, DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
+    Signature Algorithm: sha256WithRSAEncryption
+         4d:79:c0:07:ac:13:51:00:5c:4b:70:6d:9f:bf:87:c8:ac:31:
+         c9:37:5e:4e:4c:9f:c6:cd:a4:e3:df:72:b5:06:28:9d:f6:3e:
+         32:b5:01:81:43:78:6d:93:b2:b2:0a:0b:95:64:f2:25:a4:5e:
+         d1:4b:b1:11:5c:54:17:21:a7:f7:e6:73:af:f2:53:54:b3:69:
+         40:8c:26:5b:1b:a7:63:07:26:c4:d2:c4:7a:64:b3:ab:f1:23:
+         fa:58:9c:b2:b7:17:35:34:91:dd:84:bb:b0:ee:a6:cd:78:cf:
+         32:39:d8:5f:23:ad:62:ef:82:38:88:cd:34:1b:7d:3b:02:a8:
+         75:70:72:50:33:44:a4:65:01:14:ef:78:46:3b:27:4e:82:e6:
+         01:1b:5c:65:97:2c:08:f7:4f:e6:ee:dd:1c:40:0c:48:59:33:
+         5e:c7:da:bf:40:ce:b0:e9:03:95:6f:a8:07:b3:7f:6b:15:cd:
+         c0:6f:57:e3:73:99:67:aa:fd:90:6c:a7:6f:ff:b9:5f:f6:8a:
+         8c:93:f1:c3:75:34:10:c6:6c:0e:ae:0a:22:6b:16:6c:56:41:
+         0a:b5:e6:74:52:b8:3e:f2:e4:fc:f1:54:a0:84:90:d5:97:70:
+         25:4b:28:2c:8a:ec:46:0a:63:ac:32:c6:cd:96:71:ee:f6:17:
+         2c:e9:60:5e
 -----BEGIN CERTIFICATE-----
-MIIEFTCCA36gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
-cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
-MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
-bWFpbjAeFw0xMzEyMDQxNDE3NTRaFw0yMzEyMDIxNDE3NTRaMIGgMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
-ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEPMA0GA1UEAxMGY2xp
-ZW50MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0
-LmRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyskF0AlOPqT81RT0
-peg002tR4/Ni6qHw6O3EKrzwT8oH3+OI+vQhmTUOPeqwhufE0oqDK0K47KOZYnCB
-Rsz8pR3SY+jrByWa4iVtEVbyGlGhtj4cVzLpeyyqG8yXLYktscleNShNfPplMT73
-cN1uCzxYr6guJMB+Tnh9Cp6PQkMCAwEAAaOCAVkwggFVMAkGA1UdEwQCMAAwLQYJ
-YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
-HQ4EFgQU3kLvLZijbKiq4IxxLJ1kI6nifoEwgdcGA1UdIwSBzzCBzIAUZu7DFz09
-q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
-QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
-ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
-Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
-hCcEpzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcN
-AQEFBQADgYEAHEQm6uFmJcvkjlcc9rkXImJAEpCPO7JhelSUj7EgC7+jUeP6HKG+
-kjrQdkTAV4OrauQaRUmkrzkNYDL8Or7X+12Zeh+H59WrhKJekNi/+oltMiYCXjE1
-aH8x9WtRRryvcO1aCX3sskhP/sUvVgSt9sHSKuRqxIf+CDXFOMteSsQ=
+MIIEPzCCAyegAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xFTATBgNVBAoMDE1v
+YnktcHJvamVjdDELMAkGA1UECwwCY2kxEDAOBgNVBAMMB21vYnktY2kxDTALBgNV
+BCkMBG1vYnkxHzAdBgkqhkiG9w0BCQEWEG1vYnlAZXhhbXBsZS5vcmcwHhcNMjEw
+NTE3MTk0OTM0WhcNMzEwNTE3MTk0OTM0WjCBljELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xFTATBgNVBAoMDE1vYnktcHJv
+amVjdDELMAkGA1UECwwCY2kxDzANBgNVBAMMBmNsaWVudDENMAsGA1UEKQwEbW9i
+eTEfMB0GCSqGSIb3DQEJARYQbW9ieUBleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOMgn8lj/impDiHgTUxCy8yfKYxzXfeIvYFiH7Kj
+lU06WCiv8D6qp8LGUrmUn2tY1poItF9g+/Hq50mNRjXi6YKfIERBgqf6q4IbA3/w
+Tng4NyCdZ0PA4o8JBz9/lhN6ZMWQE4dxbe3nKDoFSOvW5ifaRvmkXGZJVl+Ih04K
+i/7qBabBcrmU1Y7UmhhYrFYbND7DUAZd8z2FkyyLPzPmMhSSnv38XYpxGyBnQ+By
+/E4xxrcDmJnnle98WjDPwaRDQvu+G6cI1eC1shD/D+EN7j6yBAWGHnKp1haEN3Mo
+Xdk8/fOZGNyQg1kjkLwlMw8jSJ3Sl6CslE+OMSLMdIP3MZ0CAwEAAaOBlDCBkTAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBQjHFqZGiu8/TmXjR9aSb9PMw8mwTAfBgNVHSME
+GDAWgBSFV9D/qbQeH4Az+7g07X0GOc00mDATBgNVHSUEDDAKBggrBgEFBQcDAjAv
+BgNVHREEKDAmggEqgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEw
+DQYJKoZIhvcNAQELBQADggEBAE15wAesE1EAXEtwbZ+/h8isMck3Xk5Mn8bNpOPf
+crUGKJ32PjK1AYFDeG2TsrIKC5Vk8iWkXtFLsRFcVBchp/fmc6/yU1SzaUCMJlsb
+p2MHJsTSxHpks6vxI/pYnLK3FzU0kd2Eu7Dups14zzI52F8jrWLvgjiIzTQbfTsC
+qHVwclAzRKRlARTveEY7J06C5gEbXGWXLAj3T+bu3RxADEhZM17H2r9AzrDpA5Vv
+qAezf2sVzcBvV+NzmWeq/ZBsp2//uV/2ioyT8cN1NBDGbA6uCiJrFmxWQQq15nRS
+uD7y5PzxVKCEkNWXcCVLKCyK7EYKY6wyxs2Wce72FyzpYF4=
 -----END CERTIFICATE-----
diff --git a/integration/testdata/https/client-key.pem b/integration/testdata/https/client-key.pem
index b5c15f8dc7d8e..47bedbe39b5ab 100644
--- a/integration/testdata/https/client-key.pem
+++ b/integration/testdata/https/client-key.pem
@@ -1,16 +1,27 @@
------BEGIN PRIVATE KEY-----
-MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMrJBdAJTj6k/NUU
-9KXoNNNrUePzYuqh8OjtxCq88E/KB9/jiPr0IZk1Dj3qsIbnxNKKgytCuOyjmWJw
-gUbM/KUd0mPo6wclmuIlbRFW8hpRobY+HFcy6XssqhvMly2JLbHJXjUoTXz6ZTE+
-93Ddbgs8WK+oLiTAfk54fQqej0JDAgMBAAECgYBOFEzKp2qbMEexe9ofL2N3rDDh
-xkrl8OijpzkLA6i78BxMFn4dsnZlWUpciMrjhsYAExkiRRSS+QMMJimAq1jzQqc3
-FAQV2XGYwkd0cUn7iZGvfNnEPysjsfyYQM+m+sT0ATj4BZjVShC6kkSjTdm1leLN
-OSvcHdcu3Xxg9ufF0QJBAPYdnNt5sIndt2WECePuRVi+uF4mlxTobFY0fjn26yhC
-4RsnhhD3Vldygo9gvnkwrAZYaALGSPBewes2InxvjA8CQQDS7erKiNXpwoqz5XiU
-SVEsIIVTdWzBjGbIqMOu/hUwM5FK4j6JTBks0aTGMyh0YV9L1EzM0X79J29JahCe
-iQKNAkBKNMOGqTpBV0hko1sYDk96YobUXG5RL4L6uvkUIQ7mJMQam+AgXXL7Ctuy
-v0iu4a38e8tgisiTMP7nHHtpaXihAkAOiN54/lzfMsykANgCP9scE1GcoqbP34Dl
-qttxH4kOPT9xzY1JoLjLYdbc4YGUI3GRpBt2sajygNkmUey7P+2xAkBBsVCZFvTw
-qHvOpPS2kX5ml5xoc/QAHK9N7kR+X7XFYx82RTVSqJEK4lPb+aEWn+CjiIewO4Q5
-ksDFuNxAzbhl
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA4yCfyWP+KakOIeBNTELLzJ8pjHNd94i9gWIfsqOVTTpYKK/w
+PqqnwsZSuZSfa1jWmgi0X2D78ernSY1GNeLpgp8gREGCp/qrghsDf/BOeDg3IJ1n
+Q8DijwkHP3+WE3pkxZATh3Ft7ecoOgVI69bmJ9pG+aRcZklWX4iHTgqL/uoFpsFy
+uZTVjtSaGFisVhs0PsNQBl3zPYWTLIs/M+YyFJKe/fxdinEbIGdD4HL8TjHGtwOY
+meeV73xaMM/BpENC+74bpwjV4LWyEP8P4Q3uPrIEBYYecqnWFoQ3cyhd2Tz985kY
+3JCDWSOQvCUzDyNIndKXoKyUT44xIsx0g/cxnQIDAQABAoIBAQCZ0oGFIlyDGISC
+uud+64oc9fpsrcGJIKm/k5YGJTW7jPUh8S4TMv7VMf3aw+ZIDG2i+pw2MHfRepbT
+wIM5gYlGNsDimT+ExocbYXI4Vqa+Usw7IX9LarnFx4aKIb2hSXYwOwiO5WpfAfvD
+d8rQNsW/XdxNvFv7xlVh9BQ27Xus0sjz7dNBSt+LQ4hSyfZgFwbXh1+E9k6PDhnX
+oYFz4/U/1G+HwXKivvKcRIkYZpMyD80H/M4+bB9x6btFvb4+R3K6Ii8wh+VMz5pX
+Nm+mN8d3W/7Mhyof8EbbQpJMdwemzI7lM6wf1FPfSEeKXAclJ3+BnjOuh295Jv4Z
+u+YWhzDhAoGBAPcRWiVyU7US7K4dhbVo2zyM6mGO3gFBXgeSwFFby8kMsbi8aewt
+m90WMdWjvITw/sNsIRye7sCUVXOmGgz+5UfxRKtcFB5JnfLymrmQS7y1+TZ1WRak
+T0400U+VEE4Cw3vkd4lFbyu94P4iDmn816Ix6tR8UTt11wMG3NgVoFSFAoGBAOtW
+uKYN58BXWA3nU9rPEKq7n1cx7ML/xFvIPPNWp+6Pc1EJ2yX7tnyhPzvPdm3+XdTz
+PU0oIBVfKNToPqYJRX8kK4hCYPvgOOAccZkSrxe3jBupKW72BwVvl/wN6Yb7ggda
+NMbsQ85XyF4K9bvIFxROrR1K/nsowO0UaLvtEOA5AoGBALf2pabIT+e95Zlnxg1j
+vAqD6mkl1cwdfgQpkyWBMmXLG/Gv6TbAZxPh2M14k4BxaWDdfHIxLRkb2dy4yyDu
+Eo7U6QqnDxvWONOTLP4KoTosTRntmp4vThWvYkLdfTx49lGjthXyK2rogUT42r60
+U2Mjw/TfdCTQA37vdzU2NSF5AoGBAOZQpsEMVsRsNqbUv8IiZ8NPf2+MUpO8T+Ur
+IEtdgVf9V/P1W13e7Acon4PfU53uFNJ1gobiQBPqX0GOUNGZvUPimB/wJo4aME9U
+RvBx0p25agsgEIahjNmLDwkEbIlH10duxrvvOaTVUCiJPVibR8r9/HnwjQDnL3hW
+QvG33o4xAoGBAOsX3ABiBnXzqotDlqgoofgmv7zGkjZByiGQz3d+nL74ucRmZRgX
+aeYb14YbJ1I1sGj2u2fPa4P1EJ0RnjgYkaQ7c0ZyTXceS+2/LtJ56RvRepKKs+Yg
+fX1EruZYZvoDW+AViWF784CzpIpmedgB7dbXJPahTh0Q76OWQdP3T/uh
+-----END RSA PRIVATE KEY-----
diff --git a/integration/testdata/https/server-cert.pem b/integration/testdata/https/server-cert.pem
index 08abfd1a3b08f..0616daba71e0a 100644
--- a/integration/testdata/https/server-cert.pem
+++ b/integration/testdata/https/server-cert.pem
@@ -1,76 +1,86 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=moby-ci/name=moby/emailAddress=moby@example.org
         Validity
-            Not Before: Dec  4 15:01:20 2013 GMT
-            Not After : Dec  2 15:01:20 2023 GMT
-        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=*/name=changeme/emailAddress=mail@host.domain
+            Not Before: May 17 19:49:34 2021 GMT
+            Not After : May 17 19:49:34 2031 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=server/name=moby/emailAddress=moby@example.org
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:c1:ff:7d:30:6f:64:4a:b1:92:b1:71:d1:c1:74:
-                    e2:1d:db:2d:11:24:e1:00:d4:00:ae:6f:c8:9e:ae:
-                    67:b3:4a:bd:f7:e6:9e:57:6d:19:4c:3c:23:94:2d:
-                    3d:d6:63:84:d8:fa:76:2b:38:12:c1:ed:20:9d:32:
-                    e0:e8:c2:bf:9a:77:70:04:3f:7f:ca:8c:2c:82:d6:
-                    3d:25:5c:02:1a:4f:64:93:03:dd:9c:42:97:5e:09:
-                    49:af:f0:c2:e1:30:08:0e:21:46:95:d1:13:59:c0:
-                    c8:76:be:94:0d:8b:43:67:21:33:b2:08:60:9d:76:
-                    a8:05:32:1e:f9:95:09:14:75
+                    00:f2:23:b2:a3:22:03:a2:0b:cd:71:de:19:29:14:
+                    92:7f:e8:9d:30:7f:e3:0e:13:da:de:f9:9b:5a:65:
+                    ec:22:c5:ce:73:e7:2f:c2:ae:c3:04:eb:72:43:77:
+                    87:46:d2:63:e2:3a:08:85:9f:58:1f:fc:f3:82:4f:
+                    5e:4e:5a:92:0f:ac:a1:16:a0:7e:92:a3:8e:aa:93:
+                    fd:4c:e0:ed:f0:96:09:43:b8:e6:ec:72:1b:aa:aa:
+                    76:3f:79:00:89:26:c4:2f:ff:99:01:95:f2:8e:39:
+                    a0:4f:13:63:bf:6b:6c:40:0f:7c:ed:ee:a8:2b:90:
+                    11:94:d8:a9:15:c1:91:40:89:13:eb:49:ec:0d:fe:
+                    4f:cd:41:8f:a6:e0:ab:15:db:45:86:28:23:79:98:
+                    42:bb:52:a8:96:c3:aa:91:df:5a:67:24:09:4b:2e:
+                    ce:9a:ba:fc:97:4e:89:5e:c3:18:08:4e:31:e4:1c:
+                    b6:65:c2:7e:93:ef:52:e7:92:ee:25:88:07:4a:d5:
+                    3d:86:44:31:07:e5:1a:f5:63:dc:c3:11:b5:4d:10:
+                    a0:9c:6a:99:7a:d9:b4:22:07:97:e2:f4:0e:5a:10:
+                    bc:90:09:c1:0f:5a:65:e8:f3:9c:e0:e2:04:29:24:
+                    ee:a7:ee:aa:fa:02:7f:80:ac:9d:ca:9f:0f:8d:f5:
+                    c5:b3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
-            Netscape Cert Type: 
-                SSL Server
-            Netscape Comment: 
-                Easy-RSA Generated Server Certificate
             X509v3 Subject Key Identifier: 
-                14:02:FD:FD:DD:13:38:E0:71:EA:D1:BE:C0:0E:89:1A:2D:B6:19:06
+                82:DD:B4:72:E4:DB:12:4E:9A:3B:45:75:F0:1B:4E:7F:43:2C:10:BF
             X509v3 Authority Key Identifier: 
-                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
-                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
-                serial:FD:AB:EC:6A:84:27:04:A7
+                keyid:85:57:D0:FF:A9:B4:1E:1F:80:33:FB:B8:34:ED:7D:06:39:CD:34:98
 
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha1WithRSAEncryption
-         40:0f:10:39:c4:b7:0f:0d:2f:bf:d2:16:cc:8e:d3:9a:fb:8b:
-         ce:4b:7b:0d:48:77:ce:f1:fe:d5:8f:ea:b1:71:ed:49:1d:9f:
-         23:3a:16:d4:70:7c:c5:29:bf:e4:90:34:d0:f0:00:24:f4:e4:
-         df:2c:c3:83:01:66:61:c9:a8:ab:29:e7:98:6d:27:89:4a:76:
-         c9:2e:19:8e:fe:6e:d5:f8:99:11:0e:97:67:4b:34:e3:1e:e3:
-         9f:35:00:a5:32:f9:b5:2c:f2:e0:c5:2e:cc:81:bd:18:dd:5c:
-         12:c8:6b:fa:0c:17:74:30:55:f6:6e:20:9a:6c:1e:09:b4:0c:
-         15:42
+            X509v3 Subject Alternative Name: 
+                DNS:*, DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
+    Signature Algorithm: sha256WithRSAEncryption
+         1e:a5:f6:ed:f9:8b:a4:c8:1d:11:e3:03:3b:ec:6a:a2:59:44:
+         35:d1:28:0a:0e:b5:84:3c:17:3b:38:6f:e5:8c:03:4c:70:13:
+         b8:cf:40:3c:4a:5d:bf:96:a6:ca:26:9d:ce:00:13:10:a9:eb:
+         91:b4:50:98:a2:68:6f:6b:95:54:46:39:97:74:d6:fd:bb:54:
+         f4:27:91:b7:4e:9f:bc:85:5f:51:69:59:87:86:7e:1d:06:10:
+         74:f5:c3:e3:81:09:e6:77:f5:b7:ed:ae:1c:b0:56:2e:8d:31:
+         60:ff:ef:f5:ab:03:fb:da:9a:69:d8:8a:ca:e7:00:99:d5:9f:
+         39:f7:d5:19:4c:57:a1:90:23:c8:21:a3:9b:ab:05:d4:b7:a8:
+         7c:12:a9:6e:d5:c3:ae:e0:c0:2c:08:95:da:16:c4:35:e0:89:
+         3b:01:f1:f7:b2:d8:15:b6:05:7f:ec:09:fd:0a:5f:a9:48:16:
+         11:c1:30:0a:fd:98:71:69:03:91:19:5f:02:14:d7:42:75:fb:
+         b7:01:af:c2:09:08:4c:7b:c9:d2:bc:0f:2d:de:57:84:9d:8e:
+         a8:f0:22:7e:eb:05:6e:f3:5b:cd:2f:1f:67:b4:3a:2f:b4:b1:
+         a6:bd:78:0f:c4:65:c5:01:7a:06:b2:63:3e:a0:de:a7:ef:84:
+         cc:17:4b:22
 -----BEGIN CERTIFICATE-----
-MIIEKjCCA5OgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
-cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
-MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
-bWFpbjAeFw0xMzEyMDQxNTAxMjBaFw0yMzEyMDIxNTAxMjBaMIGbMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
-ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEKMAgGA1UEAxQBKjER
-MA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21h
-aW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMH/fTBvZEqxkrFx0cF04h3b
-LREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y4OjCv5p3
-cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+lA2LQ2ch
-M7IIYJ12qAUyHvmVCRR1AgMBAAGjggFzMIIBbzAJBgNVHRMEAjAAMBEGCWCGSAGG
-+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNl
-cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUFAL9/d0TOOBx6tG+wA6JGi22GQYw
-gdcGA1UdIwSBzzCBzIAUZu7DFz09q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
-EwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQD
-EwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
-aWxAaG9zdC5kb21haW6CCQD9q+xqhCcEpzATBgNVHSUEDDAKBggrBgEFBQcDATAL
-BgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEAQA8QOcS3Dw0vv9IWzI7TmvuL
-zkt7DUh3zvH+1Y/qsXHtSR2fIzoW1HB8xSm/5JA00PAAJPTk3yzDgwFmYcmoqynn
-mG0niUp2yS4Zjv5u1fiZEQ6XZ0s04x7jnzUApTL5tSzy4MUuzIG9GN1cEshr+gwX
-dDBV9m4gmmweCbQMFUI=
+MIIEPzCCAyegAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xFTATBgNVBAoMDE1v
+YnktcHJvamVjdDELMAkGA1UECwwCY2kxEDAOBgNVBAMMB21vYnktY2kxDTALBgNV
+BCkMBG1vYnkxHzAdBgkqhkiG9w0BCQEWEG1vYnlAZXhhbXBsZS5vcmcwHhcNMjEw
+NTE3MTk0OTM0WhcNMzEwNTE3MTk0OTM0WjCBljELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xFTATBgNVBAoMDE1vYnktcHJv
+amVjdDELMAkGA1UECwwCY2kxDzANBgNVBAMMBnNlcnZlcjENMAsGA1UEKQwEbW9i
+eTEfMB0GCSqGSIb3DQEJARYQbW9ieUBleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAPIjsqMiA6ILzXHeGSkUkn/onTB/4w4T2t75m1pl
+7CLFznPnL8KuwwTrckN3h0bSY+I6CIWfWB/884JPXk5akg+soRagfpKjjqqT/Uzg
+7fCWCUO45uxyG6qqdj95AIkmxC//mQGV8o45oE8TY79rbEAPfO3uqCuQEZTYqRXB
+kUCJE+tJ7A3+T81Bj6bgqxXbRYYoI3mYQrtSqJbDqpHfWmckCUsuzpq6/JdOiV7D
+GAhOMeQctmXCfpPvUueS7iWIB0rVPYZEMQflGvVj3MMRtU0QoJxqmXrZtCIHl+L0
+DloQvJAJwQ9aZejznODiBCkk7qfuqvoCf4CsncqfD431xbMCAwEAAaOBlDCBkTAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBSC3bRy5NsSTpo7RXXwG05/QywQvzAfBgNVHSME
+GDAWgBSFV9D/qbQeH4Az+7g07X0GOc00mDATBgNVHSUEDDAKBggrBgEFBQcDATAv
+BgNVHREEKDAmggEqgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEw
+DQYJKoZIhvcNAQELBQADggEBAB6l9u35i6TIHRHjAzvsaqJZRDXRKAoOtYQ8Fzs4
+b+WMA0xwE7jPQDxKXb+Wpsomnc4AExCp65G0UJiiaG9rlVRGOZd01v27VPQnkbdO
+n7yFX1FpWYeGfh0GEHT1w+OBCeZ39bftrhywVi6NMWD/7/WrA/vammnYisrnAJnV
+nzn31RlMV6GQI8gho5urBdS3qHwSqW7Vw67gwCwIldoWxDXgiTsB8fey2BW2BX/s
+Cf0KX6lIFhHBMAr9mHFpA5EZXwIU10J1+7cBr8IJCEx7ydK8Dy3eV4SdjqjwIn7r
+BW7zW80vH2e0Oi+0saa9eA/EZcUBegayYz6g3qfvhMwXSyI=
 -----END CERTIFICATE-----
diff --git a/integration/testdata/https/server-key.pem b/integration/testdata/https/server-key.pem
index c269320ef0f75..1ba75cd137bdf 100644
--- a/integration/testdata/https/server-key.pem
+++ b/integration/testdata/https/server-key.pem
@@ -1,16 +1,27 @@
------BEGIN PRIVATE KEY-----
-MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMH/fTBvZEqxkrFx
-0cF04h3bLREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y
-4OjCv5p3cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+
-lA2LQ2chM7IIYJ12qAUyHvmVCRR1AgMBAAECgYAmwckb9RUfSwyYgLm8IYLPHiuJ
-wkllZfVg5Bo7gXJcQnFjZmJ56uTj8xvUjZlODIHM63TSO5ibv6kFXtXKCqZGd2M+
-wGbhZ0f+2GvKcwMmJERnIQjuoNaYSQLT0tM0VB9Iz0rJlZC+tzPZ+5pPqEumRdsS
-IzWNXfF42AhcbwAQYQJBAPVXtMYIJc9EZsz86ZcQiMPWUpCX5vnRmtwL8kKyR8D5
-4KfYeiowyFffSRMMcclwNHq7TgSXN+nIXM9WyzyzwikCQQDKbNA28AgZp9aT54HP
-WnbeE2pmt+uk/zl/BtxJSoK6H+69Jec+lf7EgL7HgOWYRSNot4uQWu8IhsHLTiUq
-+0FtAkEAqwlRxRy4/x24bP+D+QRV0/D97j93joFJbE4Hved7jlSlAV4xDGilwlyv
-HNB4Iu5OJ6Gcaibhm+FKkmD3noHSwQJBAIpu3fokLzX0bS+bDFBU6qO3HXX/47xj
-+tsfQvkwZrSI8AkU6c8IX0HdVhsz0FBRQAT2ORDQz1XCarfxykNZrwUCQQCGCBIc
-BBCWzhHlswlGidWJg3HqqO6hPPClEr3B5G87oCsdeYwiO23XT6rUnoJXfJHp6oCW
-5nCwDu5ZTP+khltg
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA8iOyoyIDogvNcd4ZKRSSf+idMH/jDhPa3vmbWmXsIsXOc+cv
+wq7DBOtyQ3eHRtJj4joIhZ9YH/zzgk9eTlqSD6yhFqB+kqOOqpP9TODt8JYJQ7jm
+7HIbqqp2P3kAiSbEL/+ZAZXyjjmgTxNjv2tsQA987e6oK5ARlNipFcGRQIkT60ns
+Df5PzUGPpuCrFdtFhigjeZhCu1KolsOqkd9aZyQJSy7Omrr8l06JXsMYCE4x5By2
+ZcJ+k+9S55LuJYgHStU9hkQxB+Ua9WPcwxG1TRCgnGqZetm0IgeX4vQOWhC8kAnB
+D1pl6POc4OIEKSTup+6q+gJ/gKydyp8PjfXFswIDAQABAoIBAEKIvJVGy2jDhXg8
+Zv16waaT7F1fRqyfmAyc2atFRlVntQr0A5OjIcNATu1q8qjrNrb660yMNFLV1rN/
+y5IMIQZdkQX+o8j3WERW1ctCIx9wmqsZK5rc3+1NWaCnRxZoqI/n08szwKqD+yC/
+WzFF+0C/AL0ATwVpWOtlfVCVF6x7dTkTqtc+65C/nw86ymp6cDq7Fh39d0deD8HB
+h4zxGnvTr4jFGkFWg6Vq4XdzKdVeVz/Njw19wJjdi/6Q3aC90APlJ6nuX3OWv6VV
+/Xs9rXqIUS4bhYyRrzCQ5Y/vINZCx3ekKynfghul4NDE4zo1GQm3E+7tVYZ6ll+9
++uHeUwECgYEA81NxVe5ViOWa4NFXucAgiNGl7KkN9/gDh77weXzGPhZDBULTv4OC
+yKokQOnn41qF5eq+YRKr+B733fGEhwJRoEyoyXSDpgTxdJHKmohdxGfsRoOEMO4Z
+ALm9+XmJYTq11l01M5Jqn36Smz5+iXAD7QVQdZMnA++IaBs2/uTuEQMCgYEA/sBv
+GweGKfdM11ZckNG8ocrAhkttq+5V9uFcGcpBmw08vu/Woy+L1dFvyUa7Hc/l6fe1
+PLdTvNaSK6mP/gfeevwNlS1NUVLtdnOq9cl/1/xfqi8Cj46VUTqRaEQMKHCeXyuA
+A3N1k06hMuW/bYstspyWvGyjsWth5QT7MNjkYZECgYEAoWcoNqfxdO1Y3uf+GOio
+rBjkxyccbO/G57RwLyXlGioKKuM5MkA58IFrquN9PgI971TXE+0exWdFY6NhFW0k
+WACBtZ/j86wzve83RWpPSIjm4Z87gHlvfFu4+FL2Hdij5Z3OPHdS4plDBldd+Cyl
+bgOoa1VA/AtXoDbtNAcHI6ECgYB7b6ymMSgd73jpIixp82ZuErrkl2nFlA9NN3cT
++/977JcRgU7D9UbRTNDYexAxasnhaygDCmVlq6ZZx6hAk3mGp9jA/plnHUJ4UaV1
+wLPUaLHF2U9pVdId8L4CAm7NrXvfa0l04p4GyWOsMMxnfLegwuT62b0bO4fMm3RG
+/+DxMQKBgQDTz8wKQFRWuDYshcRKJ8GB7Czgb4aFU0iTPFC4ql1HXkiGePDXyWjC
++6JQ3dTadn8HA540nCOWWvpgWeSCec9Q5YslpIdupMKpCx/zUfZZ2Y2/y+yJdQCr
+gGDf7LxhxBHQFyCLM9KuTdCzhQPsHVFHFrfr1UdDEe/e9QaJAyUw7Q==
+-----END RSA PRIVATE KEY-----
diff --git a/integration/volume/main_test.go b/integration/volume/main_test.go
index 206f7377ae06f..e3e99352078ce 100644
--- a/integration/volume/main_test.go
+++ b/integration/volume/main_test.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/testutil/environment"
 )
 
 var testEnv *environment.Execution
diff --git a/integration/volume/volume_test.go b/integration/volume/volume_test.go
index 0906c535f7515..f465e47b05c84 100644
--- a/integration/volume/volume_test.go
+++ b/integration/volume/volume_test.go
@@ -2,7 +2,8 @@ package volume
 
 import (
 	"context"
-	"fmt"
+	"net/http"
+	"path/filepath"
 	"strings"
 	"testing"
 	"time"
@@ -11,21 +12,22 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	volumetypes "github.com/docker/docker/api/types/volume"
 	"github.com/docker/docker/integration/internal/container"
-	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/testutil/request"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestVolumesCreateAndList(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
-	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	name := t.Name()
+	// Windows file system is case insensitive
+	if testEnv.OSType == "windows" {
+		name = strings.ToLower(name)
+	}
 	vol, err := client.VolumeCreate(ctx, volumetypes.VolumeCreateBody{
 		Name: name,
 	})
@@ -37,27 +39,34 @@ func TestVolumesCreateAndList(t *testing.T) {
 		Driver:     "local",
 		Scope:      "local",
 		Name:       name,
-		Mountpoint: fmt.Sprintf("%s/volumes/%s/_data", testEnv.DaemonInfo.DockerRootDir, name),
+		Mountpoint: filepath.Join(testEnv.DaemonInfo.DockerRootDir, "volumes", name, "_data"),
 	}
 	assert.Check(t, is.DeepEqual(vol, expected, cmpopts.EquateEmpty()))
 
-	volumes, err := client.VolumeList(ctx, filters.Args{})
+	volList, err := client.VolumeList(ctx, filters.Args{})
 	assert.NilError(t, err)
+	assert.Assert(t, len(volList.Volumes) > 0)
+
+	volumes := volList.Volumes[:0]
+	for _, v := range volList.Volumes {
+		if v.Name == vol.Name {
+			volumes = append(volumes, v)
+		}
+	}
 
-	assert.Check(t, is.Equal(len(volumes.Volumes), 1))
-	assert.Check(t, volumes.Volumes[0] != nil)
-	assert.Check(t, is.DeepEqual(*volumes.Volumes[0], expected, cmpopts.EquateEmpty()))
+	assert.Check(t, is.Equal(len(volumes), 1))
+	assert.Check(t, volumes[0] != nil)
+	assert.Check(t, is.DeepEqual(*volumes[0], expected, cmpopts.EquateEmpty()))
 }
 
 func TestVolumesRemove(t *testing.T) {
-	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 
-	id := container.Create(t, ctx, client, container.WithVolume(prefix+slash+"foo"))
+	id := container.Create(ctx, t, client, container.WithVolume(prefix+slash+"foo"))
 
 	c, err := client.ContainerInspect(ctx, id)
 	assert.NilError(t, err)
@@ -76,39 +85,52 @@ func TestVolumesRemove(t *testing.T) {
 }
 
 func TestVolumesInspect(t *testing.T) {
-	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
-	skip.If(t, testEnv.OSType == "windows", "FIXME")
 	defer setupTest(t)()
-	client := request.NewAPIClient(t)
+	client := testEnv.APIClient()
 	ctx := context.Background()
 
-	// sampling current time minus a minute so to now have false positive in case of delays
-	now := time.Now().Truncate(time.Minute)
-
-	name := t.Name()
-	_, err := client.VolumeCreate(ctx, volumetypes.VolumeCreateBody{
-		Name: name,
-	})
+	now := time.Now()
+	vol, err := client.VolumeCreate(ctx, volumetypes.VolumeCreateBody{})
 	assert.NilError(t, err)
 
-	vol, err := client.VolumeInspect(ctx, name)
+	inspected, err := client.VolumeInspect(ctx, vol.Name)
 	assert.NilError(t, err)
 
-	expected := types.Volume{
-		// Ignore timestamp of CreatedAt
-		CreatedAt:  vol.CreatedAt,
-		Driver:     "local",
-		Scope:      "local",
-		Name:       name,
-		Mountpoint: fmt.Sprintf("%s/volumes/%s/_data", testEnv.DaemonInfo.DockerRootDir, name),
-	}
-	assert.Check(t, is.DeepEqual(vol, expected, cmpopts.EquateEmpty()))
+	assert.Check(t, is.DeepEqual(inspected, vol, cmpopts.EquateEmpty()))
 
-	// comparing CreatedAt field time for the new volume to now. Removing a minute from both to avoid false positive
-	testCreatedAt, err := time.Parse(time.RFC3339, strings.TrimSpace(vol.CreatedAt))
+	// comparing CreatedAt field time for the new volume to now. Truncate to 1 minute precision to avoid false positive
+	createdAt, err := time.Parse(time.RFC3339, strings.TrimSpace(inspected.CreatedAt))
 	assert.NilError(t, err)
-	testCreatedAt = testCreatedAt.Truncate(time.Minute)
-	assert.Check(t, is.Equal(testCreatedAt.Equal(now), true), "Time Volume is CreatedAt not equal to current time")
+	assert.Check(t, createdAt.Unix()-now.Unix() < 60, "CreatedAt (%s) exceeds creation time (%s) 60s", createdAt, now)
+}
+
+func TestVolumesInvalidJSON(t *testing.T) {
+	defer setupTest(t)()
+
+	endpoints := []string{"/volumes/create"}
+
+	for _, ep := range endpoints {
+		ep := ep
+		t.Run(ep, func(t *testing.T) {
+			t.Parallel()
+
+			res, body, err := request.Post(ep, request.RawString("{invalid json"), request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusBadRequest)
+
+			buf, err := request.ReadBody(body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(buf), "invalid character 'i' looking for beginning of object key string"))
+
+			res, body, err = request.Post(ep, request.JSON)
+			assert.NilError(t, err)
+			assert.Equal(t, res.StatusCode, http.StatusBadRequest)
+
+			buf, err = request.ReadBody(body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(buf), "got EOF while reading request body"))
+		})
+	}
 }
 
 func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
diff --git a/internal/procfs/procfs_linux.go b/internal/procfs/procfs_linux.go
deleted file mode 100644
index 8a681108789ff..0000000000000
--- a/internal/procfs/procfs_linux.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package procfs
-
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"regexp"
-	"strconv"
-	"strings"
-	"unicode"
-
-	"github.com/sirupsen/logrus"
-)
-
-// PidOf finds process(es) with a specified name (regexp match)
-// and return their pid(s)
-func PidOf(name string) ([]int, error) {
-	if len(name) == 0 {
-		return []int{}, fmt.Errorf("name should not be empty")
-	}
-	re, err := regexp.Compile("(^|/)" + name + "$")
-	if err != nil {
-		return []int{}, err
-	}
-	return getPids(re), nil
-}
-
-func getPids(re *regexp.Regexp) []int {
-	pids := []int{}
-
-	dirFD, err := os.Open("/proc")
-	if err != nil {
-		return nil
-	}
-	defer dirFD.Close()
-
-	for {
-		// Read a small number at a time in case there are many entries, we don't want to
-		// allocate a lot here.
-		ls, err := dirFD.Readdir(10)
-		if err == io.EOF {
-			break
-		}
-		if err != nil {
-			return nil
-		}
-
-		for _, entry := range ls {
-			if !entry.IsDir() {
-				continue
-			}
-
-			// If the directory is not a number (i.e. not a PID), skip it
-			pid, err := strconv.Atoi(entry.Name())
-			if err != nil {
-				continue
-			}
-
-			cmdline, err := ioutil.ReadFile(filepath.Join("/proc", entry.Name(), "cmdline"))
-			if err != nil {
-				logrus.Infof("Error reading file %s: %+v", filepath.Join("/proc", entry.Name(), "cmdline"), err)
-				continue
-			}
-
-			// The bytes we read have '\0' as a separator for the command line
-			parts := bytes.SplitN(cmdline, []byte{0}, 2)
-			if len(parts) == 0 {
-				continue
-			}
-			// Split the command line itself we are interested in just the first part
-			exe := strings.FieldsFunc(string(parts[0]), func(c rune) bool {
-				return unicode.IsSpace(c) || c == ':'
-			})
-			if len(exe) == 0 {
-				continue
-			}
-			// Check if the name of the executable is what we are looking for
-			if re.MatchString(exe[0]) {
-				// Grab the PID from the directory path
-				pids = append(pids, pid)
-			}
-		}
-	}
-
-	return pids
-}
diff --git a/internal/procfs/procfs_linux_test.go b/internal/procfs/procfs_linux_test.go
deleted file mode 100644
index 4c5d822f76e03..0000000000000
--- a/internal/procfs/procfs_linux_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package procfs
-
-import (
-	"os"
-	"path/filepath"
-	"regexp"
-	"runtime"
-	"testing"
-
-	"gotest.tools/assert"
-)
-
-func TestPidOf(t *testing.T) {
-	pids, err := PidOf(filepath.Base(os.Args[0]))
-	assert.NilError(t, err)
-	assert.Check(t, len(pids) == 1)
-	assert.DeepEqual(t, pids[0], os.Getpid())
-}
-
-func BenchmarkGetPids(b *testing.B) {
-	if runtime.GOOS == "darwin" || runtime.GOOS == "windows" {
-		b.Skipf("not supported on GOOS=%s", runtime.GOOS)
-	}
-
-	re, err := regexp.Compile("(^|/)" + filepath.Base(os.Args[0]) + "$")
-	assert.Check(b, err == nil)
-
-	for i := 0; i < b.N; i++ {
-		pids := getPids(re)
-
-		b.StopTimer()
-		assert.Check(b, len(pids) > 0)
-		assert.Check(b, pids[0] == os.Getpid())
-		b.StartTimer()
-	}
-}
diff --git a/internal/test/daemon/config.go b/internal/test/daemon/config.go
deleted file mode 100644
index ce99222b37eac..0000000000000
--- a/internal/test/daemon/config.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package daemon
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/internal/test"
-	"gotest.tools/assert"
-)
-
-// ConfigConstructor defines a swarm config constructor
-type ConfigConstructor func(*swarm.Config)
-
-// CreateConfig creates a config given the specified spec
-func (d *Daemon) CreateConfig(t assert.TestingT, configSpec swarm.ConfigSpec) string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	scr, err := cli.ConfigCreate(context.Background(), configSpec)
-	assert.NilError(t, err)
-	return scr.ID
-}
-
-// ListConfigs returns the list of the current swarm configs
-func (d *Daemon) ListConfigs(t assert.TestingT) []swarm.Config {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	configs, err := cli.ConfigList(context.Background(), types.ConfigListOptions{})
-	assert.NilError(t, err)
-	return configs
-}
-
-// GetConfig returns a swarm config identified by the specified id
-func (d *Daemon) GetConfig(t assert.TestingT, id string) *swarm.Config {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	config, _, err := cli.ConfigInspectWithRaw(context.Background(), id)
-	assert.NilError(t, err)
-	return &config
-}
-
-// DeleteConfig removes the swarm config identified by the specified id
-func (d *Daemon) DeleteConfig(t assert.TestingT, id string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	err := cli.ConfigRemove(context.Background(), id)
-	assert.NilError(t, err)
-}
-
-// UpdateConfig updates the swarm config identified by the specified id
-// Currently, only label update is supported.
-func (d *Daemon) UpdateConfig(t assert.TestingT, id string, f ...ConfigConstructor) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	config := d.GetConfig(t, id)
-	for _, fn := range f {
-		fn(config)
-	}
-
-	err := cli.ConfigUpdate(context.Background(), config.ID, config.Version, config.Spec)
-	assert.NilError(t, err)
-}
diff --git a/internal/test/daemon/container.go b/internal/test/daemon/container.go
deleted file mode 100644
index 3aa69e195cdc9..0000000000000
--- a/internal/test/daemon/container.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package daemon
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/internal/test"
-	"gotest.tools/assert"
-)
-
-// ActiveContainers returns the list of ids of the currently running containers
-func (d *Daemon) ActiveContainers(t assert.TestingT) []string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{})
-	assert.NilError(t, err)
-
-	ids := make([]string, len(containers))
-	for i, c := range containers {
-		ids[i] = c.ID
-	}
-	return ids
-}
-
-// FindContainerIP returns the ip of the specified container
-func (d *Daemon) FindContainerIP(t assert.TestingT, id string) string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	i, err := cli.ContainerInspect(context.Background(), id)
-	assert.NilError(t, err)
-	return i.NetworkSettings.IPAddress
-}
diff --git a/internal/test/daemon/daemon.go b/internal/test/daemon/daemon.go
deleted file mode 100644
index d9126f9f0cc4f..0000000000000
--- a/internal/test/daemon/daemon.go
+++ /dev/null
@@ -1,684 +0,0 @@
-package daemon // import "github.com/docker/docker/internal/test/daemon"
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/internal/test"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/go-connections/sockets"
-	"github.com/docker/go-connections/tlsconfig"
-	"github.com/pkg/errors"
-	"gotest.tools/assert"
-)
-
-type testingT interface {
-	assert.TestingT
-	logT
-	Fatalf(string, ...interface{})
-}
-
-type logT interface {
-	Logf(string, ...interface{})
-}
-
-const defaultDockerdBinary = "dockerd"
-const containerdSocket = "/var/run/docker/containerd/containerd.sock"
-
-var errDaemonNotStarted = errors.New("daemon not started")
-
-// SockRoot holds the path of the default docker integration daemon socket
-var SockRoot = filepath.Join(os.TempDir(), "docker-integration")
-
-type clientConfig struct {
-	transport *http.Transport
-	scheme    string
-	addr      string
-}
-
-// Daemon represents a Docker daemon for the testing framework
-type Daemon struct {
-	GlobalFlags       []string
-	Root              string
-	Folder            string
-	Wait              chan error
-	UseDefaultHost    bool
-	UseDefaultTLSHost bool
-
-	id            string
-	logFile       *os.File
-	cmd           *exec.Cmd
-	storageDriver string
-	userlandProxy bool
-	execRoot      string
-	experimental  bool
-	init          bool
-	dockerdBinary string
-	log           logT
-
-	// swarm related field
-	swarmListenAddr string
-	SwarmPort       int // FIXME(vdemeester) should probably not be exported
-	DefaultAddrPool []string
-	SubnetSize      uint32
-	// cached information
-	CachedInfo types.Info
-}
-
-// New returns a Daemon instance to be used for testing.
-// This will create a directory such as d123456789 in the folder specified by $DOCKER_INTEGRATION_DAEMON_DEST or $DEST.
-// The daemon will not automatically start.
-func New(t testingT, ops ...func(*Daemon)) *Daemon {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	dest := os.Getenv("DOCKER_INTEGRATION_DAEMON_DEST")
-	if dest == "" {
-		dest = os.Getenv("DEST")
-	}
-	assert.Check(t, dest != "", "Please set the DOCKER_INTEGRATION_DAEMON_DEST or the DEST environment variable")
-
-	storageDriver := os.Getenv("DOCKER_GRAPHDRIVER")
-
-	assert.NilError(t, os.MkdirAll(SockRoot, 0700), "could not create daemon socket root")
-
-	id := fmt.Sprintf("d%s", stringid.TruncateID(stringid.GenerateRandomID()))
-	dir := filepath.Join(dest, id)
-	daemonFolder, err := filepath.Abs(dir)
-	assert.NilError(t, err, "Could not make %q an absolute path", dir)
-	daemonRoot := filepath.Join(daemonFolder, "root")
-
-	assert.NilError(t, os.MkdirAll(daemonRoot, 0755), "Could not create daemon root %q", dir)
-
-	userlandProxy := true
-	if env := os.Getenv("DOCKER_USERLANDPROXY"); env != "" {
-		if val, err := strconv.ParseBool(env); err != nil {
-			userlandProxy = val
-		}
-	}
-	d := &Daemon{
-		id:            id,
-		Folder:        daemonFolder,
-		Root:          daemonRoot,
-		storageDriver: storageDriver,
-		userlandProxy: userlandProxy,
-		// dxr stands for docker-execroot (shortened for avoiding unix(7) path length limitation)
-		execRoot:        filepath.Join(os.TempDir(), "dxr", id),
-		dockerdBinary:   defaultDockerdBinary,
-		swarmListenAddr: defaultSwarmListenAddr,
-		SwarmPort:       DefaultSwarmPort,
-		log:             t,
-	}
-
-	for _, op := range ops {
-		op(d)
-	}
-
-	return d
-}
-
-// RootDir returns the root directory of the daemon.
-func (d *Daemon) RootDir() string {
-	return d.Root
-}
-
-// ID returns the generated id of the daemon
-func (d *Daemon) ID() string {
-	return d.id
-}
-
-// StorageDriver returns the configured storage driver of the daemon
-func (d *Daemon) StorageDriver() string {
-	return d.storageDriver
-}
-
-// Sock returns the socket path of the daemon
-func (d *Daemon) Sock() string {
-	return fmt.Sprintf("unix://" + d.sockPath())
-}
-
-func (d *Daemon) sockPath() string {
-	return filepath.Join(SockRoot, d.id+".sock")
-}
-
-// LogFileName returns the path the daemon's log file
-func (d *Daemon) LogFileName() string {
-	return d.logFile.Name()
-}
-
-// ReadLogFile returns the content of the daemon log file
-func (d *Daemon) ReadLogFile() ([]byte, error) {
-	return ioutil.ReadFile(d.logFile.Name())
-}
-
-// NewClient creates new client based on daemon's socket path
-// FIXME(vdemeester): replace NewClient with NewClientT
-func (d *Daemon) NewClient() (*client.Client, error) {
-	return client.NewClientWithOpts(
-		client.FromEnv,
-		client.WithHost(d.Sock()))
-}
-
-// NewClientT creates new client based on daemon's socket path
-// FIXME(vdemeester): replace NewClient with NewClientT
-func (d *Daemon) NewClientT(t assert.TestingT) *client.Client {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	c, err := client.NewClientWithOpts(
-		client.FromEnv,
-		client.WithHost(d.Sock()))
-	assert.NilError(t, err, "cannot create daemon client")
-	return c
-}
-
-// Cleanup cleans the daemon files : exec root (network namespaces, ...), swarmkit files
-func (d *Daemon) Cleanup(t testingT) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	// Cleanup swarmkit wal files if present
-	cleanupRaftDir(t, d.Root)
-	cleanupNetworkNamespace(t, d.execRoot)
-}
-
-// Start starts the daemon and return once it is ready to receive requests.
-func (d *Daemon) Start(t testingT, args ...string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	if err := d.StartWithError(args...); err != nil {
-		t.Fatalf("failed to start daemon with arguments %v : %v", args, err)
-	}
-}
-
-// StartWithError starts the daemon and return once it is ready to receive requests.
-// It returns an error in case it couldn't start.
-func (d *Daemon) StartWithError(args ...string) error {
-	logFile, err := os.OpenFile(filepath.Join(d.Folder, "docker.log"), os.O_RDWR|os.O_CREATE|os.O_APPEND, 0600)
-	if err != nil {
-		return errors.Wrapf(err, "[%s] Could not create %s/docker.log", d.id, d.Folder)
-	}
-
-	return d.StartWithLogFile(logFile, args...)
-}
-
-// StartWithLogFile will start the daemon and attach its streams to a given file.
-func (d *Daemon) StartWithLogFile(out *os.File, providedArgs ...string) error {
-	d.handleUserns()
-	dockerdBinary, err := exec.LookPath(d.dockerdBinary)
-	if err != nil {
-		return errors.Wrapf(err, "[%s] could not find docker binary in $PATH", d.id)
-	}
-	args := append(d.GlobalFlags,
-		"--containerd", containerdSocket,
-		"--data-root", d.Root,
-		"--exec-root", d.execRoot,
-		"--pidfile", fmt.Sprintf("%s/docker.pid", d.Folder),
-		fmt.Sprintf("--userland-proxy=%t", d.userlandProxy),
-	)
-	if d.experimental {
-		args = append(args, "--experimental")
-	}
-	if d.init {
-		args = append(args, "--init")
-	}
-	if !(d.UseDefaultHost || d.UseDefaultTLSHost) {
-		args = append(args, []string{"--host", d.Sock()}...)
-	}
-	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
-		args = append(args, []string{"--userns-remap", root}...)
-	}
-
-	// If we don't explicitly set the log-level or debug flag(-D) then
-	// turn on debug mode
-	foundLog := false
-	foundSd := false
-	for _, a := range providedArgs {
-		if strings.Contains(a, "--log-level") || strings.Contains(a, "-D") || strings.Contains(a, "--debug") {
-			foundLog = true
-		}
-		if strings.Contains(a, "--storage-driver") {
-			foundSd = true
-		}
-	}
-	if !foundLog {
-		args = append(args, "--debug")
-	}
-	if d.storageDriver != "" && !foundSd {
-		args = append(args, "--storage-driver", d.storageDriver)
-	}
-
-	args = append(args, providedArgs...)
-	d.cmd = exec.Command(dockerdBinary, args...)
-	d.cmd.Env = append(os.Environ(), "DOCKER_SERVICE_PREFER_OFFLINE_IMAGE=1")
-	d.cmd.Stdout = out
-	d.cmd.Stderr = out
-	d.logFile = out
-
-	if err := d.cmd.Start(); err != nil {
-		return errors.Errorf("[%s] could not start daemon container: %v", d.id, err)
-	}
-
-	wait := make(chan error)
-
-	go func() {
-		wait <- d.cmd.Wait()
-		d.log.Logf("[%s] exiting daemon", d.id)
-		close(wait)
-	}()
-
-	d.Wait = wait
-
-	tick := time.Tick(500 * time.Millisecond)
-	// make sure daemon is ready to receive requests
-	startTime := time.Now().Unix()
-	for {
-		d.log.Logf("[%s] waiting for daemon to start", d.id)
-		if time.Now().Unix()-startTime > 5 {
-			// After 5 seconds, give up
-			return errors.Errorf("[%s] Daemon exited and never started", d.id)
-		}
-		select {
-		case <-time.After(2 * time.Second):
-			return errors.Errorf("[%s] timeout: daemon does not respond", d.id)
-		case <-tick:
-			clientConfig, err := d.getClientConfig()
-			if err != nil {
-				return err
-			}
-
-			client := &http.Client{
-				Transport: clientConfig.transport,
-			}
-
-			req, err := http.NewRequest("GET", "/_ping", nil)
-			if err != nil {
-				return errors.Wrapf(err, "[%s] could not create new request", d.id)
-			}
-			req.URL.Host = clientConfig.addr
-			req.URL.Scheme = clientConfig.scheme
-			resp, err := client.Do(req)
-			if err != nil {
-				continue
-			}
-			resp.Body.Close()
-			if resp.StatusCode != http.StatusOK {
-				d.log.Logf("[%s] received status != 200 OK: %s\n", d.id, resp.Status)
-			}
-			d.log.Logf("[%s] daemon started\n", d.id)
-			d.Root, err = d.queryRootDir()
-			if err != nil {
-				return errors.Errorf("[%s] error querying daemon for root directory: %v", d.id, err)
-			}
-			return nil
-		case err := <-d.Wait:
-			return errors.Errorf("[%s] Daemon exited during startup: %v", d.id, err)
-		}
-	}
-}
-
-// StartWithBusybox will first start the daemon with Daemon.Start()
-// then save the busybox image from the main daemon and load it into this Daemon instance.
-func (d *Daemon) StartWithBusybox(t testingT, arg ...string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	d.Start(t, arg...)
-	d.LoadBusybox(t)
-}
-
-// Kill will send a SIGKILL to the daemon
-func (d *Daemon) Kill() error {
-	if d.cmd == nil || d.Wait == nil {
-		return errDaemonNotStarted
-	}
-
-	defer func() {
-		d.logFile.Close()
-		d.cmd = nil
-	}()
-
-	if err := d.cmd.Process.Kill(); err != nil {
-		return err
-	}
-
-	return os.Remove(fmt.Sprintf("%s/docker.pid", d.Folder))
-}
-
-// Pid returns the pid of the daemon
-func (d *Daemon) Pid() int {
-	return d.cmd.Process.Pid
-}
-
-// Interrupt stops the daemon by sending it an Interrupt signal
-func (d *Daemon) Interrupt() error {
-	return d.Signal(os.Interrupt)
-}
-
-// Signal sends the specified signal to the daemon if running
-func (d *Daemon) Signal(signal os.Signal) error {
-	if d.cmd == nil || d.Wait == nil {
-		return errDaemonNotStarted
-	}
-	return d.cmd.Process.Signal(signal)
-}
-
-// DumpStackAndQuit sends SIGQUIT to the daemon, which triggers it to dump its
-// stack to its log file and exit
-// This is used primarily for gathering debug information on test timeout
-func (d *Daemon) DumpStackAndQuit() {
-	if d.cmd == nil || d.cmd.Process == nil {
-		return
-	}
-	SignalDaemonDump(d.cmd.Process.Pid)
-}
-
-// Stop will send a SIGINT every second and wait for the daemon to stop.
-// If it times out, a SIGKILL is sent.
-// Stop will not delete the daemon directory. If a purged daemon is needed,
-// instantiate a new one with NewDaemon.
-// If an error occurs while starting the daemon, the test will fail.
-func (d *Daemon) Stop(t testingT) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	err := d.StopWithError()
-	if err != nil {
-		if err != errDaemonNotStarted {
-			t.Fatalf("Error while stopping the daemon %s : %v", d.id, err)
-		} else {
-			t.Logf("Daemon %s is not started", d.id)
-		}
-	}
-}
-
-// StopWithError will send a SIGINT every second and wait for the daemon to stop.
-// If it timeouts, a SIGKILL is sent.
-// Stop will not delete the daemon directory. If a purged daemon is needed,
-// instantiate a new one with NewDaemon.
-func (d *Daemon) StopWithError() error {
-	if d.cmd == nil || d.Wait == nil {
-		return errDaemonNotStarted
-	}
-
-	defer func() {
-		d.logFile.Close()
-		d.cmd = nil
-	}()
-
-	i := 1
-	tick := time.Tick(time.Second)
-
-	if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
-		if strings.Contains(err.Error(), "os: process already finished") {
-			return errDaemonNotStarted
-		}
-		return errors.Errorf("could not send signal: %v", err)
-	}
-out1:
-	for {
-		select {
-		case err := <-d.Wait:
-			return err
-		case <-time.After(20 * time.Second):
-			// time for stopping jobs and run onShutdown hooks
-			d.log.Logf("[%s] daemon stop timeout", d.id)
-			break out1
-		}
-	}
-
-out2:
-	for {
-		select {
-		case err := <-d.Wait:
-			return err
-		case <-tick:
-			i++
-			if i > 5 {
-				d.log.Logf("tried to interrupt daemon for %d times, now try to kill it", i)
-				break out2
-			}
-			d.log.Logf("Attempt #%d: daemon is still running with pid %d", i, d.cmd.Process.Pid)
-			if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
-				return errors.Errorf("could not send signal: %v", err)
-			}
-		}
-	}
-
-	if err := d.cmd.Process.Kill(); err != nil {
-		d.log.Logf("Could not kill daemon: %v", err)
-		return err
-	}
-
-	d.cmd.Wait()
-
-	return os.Remove(fmt.Sprintf("%s/docker.pid", d.Folder))
-}
-
-// Restart will restart the daemon by first stopping it and the starting it.
-// If an error occurs while starting the daemon, the test will fail.
-func (d *Daemon) Restart(t testingT, args ...string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	d.Stop(t)
-	d.Start(t, args...)
-}
-
-// RestartWithError will restart the daemon by first stopping it and then starting it.
-func (d *Daemon) RestartWithError(arg ...string) error {
-	if err := d.StopWithError(); err != nil {
-		return err
-	}
-	return d.StartWithError(arg...)
-}
-
-func (d *Daemon) handleUserns() {
-	// in the case of tests running a user namespace-enabled daemon, we have resolved
-	// d.Root to be the actual final path of the graph dir after the "uid.gid" of
-	// remapped root is added--we need to subtract it from the path before calling
-	// start or else we will continue making subdirectories rather than truly restarting
-	// with the same location/root:
-	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
-		d.Root = filepath.Dir(d.Root)
-	}
-}
-
-// ReloadConfig asks the daemon to reload its configuration
-func (d *Daemon) ReloadConfig() error {
-	if d.cmd == nil || d.cmd.Process == nil {
-		return errors.New("daemon is not running")
-	}
-
-	errCh := make(chan error)
-	started := make(chan struct{})
-	go func() {
-		_, body, err := request.Get("/events", request.Host(d.Sock()))
-		close(started)
-		if err != nil {
-			errCh <- err
-		}
-		defer body.Close()
-		dec := json.NewDecoder(body)
-		for {
-			var e events.Message
-			if err := dec.Decode(&e); err != nil {
-				errCh <- err
-				return
-			}
-			if e.Type != events.DaemonEventType {
-				continue
-			}
-			if e.Action != "reload" {
-				continue
-			}
-			close(errCh) // notify that we are done
-			return
-		}
-	}()
-
-	<-started
-	if err := signalDaemonReload(d.cmd.Process.Pid); err != nil {
-		return errors.Errorf("error signaling daemon reload: %v", err)
-	}
-	select {
-	case err := <-errCh:
-		if err != nil {
-			return errors.Errorf("error waiting for daemon reload event: %v", err)
-		}
-	case <-time.After(30 * time.Second):
-		return errors.New("timeout waiting for daemon reload event")
-	}
-	return nil
-}
-
-// LoadBusybox image into the daemon
-func (d *Daemon) LoadBusybox(t assert.TestingT) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	clientHost, err := client.NewEnvClient()
-	assert.NilError(t, err, "failed to create client")
-	defer clientHost.Close()
-
-	ctx := context.Background()
-	reader, err := clientHost.ImageSave(ctx, []string{"busybox:latest"})
-	assert.NilError(t, err, "failed to download busybox")
-	defer reader.Close()
-
-	client, err := d.NewClient()
-	assert.NilError(t, err, "failed to create client")
-	defer client.Close()
-
-	resp, err := client.ImageLoad(ctx, reader, true)
-	assert.NilError(t, err, "failed to load busybox")
-	defer resp.Body.Close()
-}
-
-func (d *Daemon) getClientConfig() (*clientConfig, error) {
-	var (
-		transport *http.Transport
-		scheme    string
-		addr      string
-		proto     string
-	)
-	if d.UseDefaultTLSHost {
-		option := &tlsconfig.Options{
-			CAFile:   "fixtures/https/ca.pem",
-			CertFile: "fixtures/https/client-cert.pem",
-			KeyFile:  "fixtures/https/client-key.pem",
-		}
-		tlsConfig, err := tlsconfig.Client(*option)
-		if err != nil {
-			return nil, err
-		}
-		transport = &http.Transport{
-			TLSClientConfig: tlsConfig,
-		}
-		addr = fmt.Sprintf("%s:%d", opts.DefaultHTTPHost, opts.DefaultTLSHTTPPort)
-		scheme = "https"
-		proto = "tcp"
-	} else if d.UseDefaultHost {
-		addr = opts.DefaultUnixSocket
-		proto = "unix"
-		scheme = "http"
-		transport = &http.Transport{}
-	} else {
-		addr = d.sockPath()
-		proto = "unix"
-		scheme = "http"
-		transport = &http.Transport{}
-	}
-
-	if err := sockets.ConfigureTransport(transport, proto, addr); err != nil {
-		return nil, err
-	}
-	transport.DisableKeepAlives = true
-
-	return &clientConfig{
-		transport: transport,
-		scheme:    scheme,
-		addr:      addr,
-	}, nil
-}
-
-func (d *Daemon) queryRootDir() (string, error) {
-	// update daemon root by asking /info endpoint (to support user
-	// namespaced daemon with root remapped uid.gid directory)
-	clientConfig, err := d.getClientConfig()
-	if err != nil {
-		return "", err
-	}
-
-	client := &http.Client{
-		Transport: clientConfig.transport,
-	}
-
-	req, err := http.NewRequest("GET", "/info", nil)
-	if err != nil {
-		return "", err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.URL.Host = clientConfig.addr
-	req.URL.Scheme = clientConfig.scheme
-
-	resp, err := client.Do(req)
-	if err != nil {
-		return "", err
-	}
-	body := ioutils.NewReadCloserWrapper(resp.Body, func() error {
-		return resp.Body.Close()
-	})
-
-	type Info struct {
-		DockerRootDir string
-	}
-	var b []byte
-	var i Info
-	b, err = request.ReadBody(body)
-	if err == nil && resp.StatusCode == http.StatusOK {
-		// read the docker root dir
-		if err = json.Unmarshal(b, &i); err == nil {
-			return i.DockerRootDir, nil
-		}
-	}
-	return "", err
-}
-
-// Info returns the info struct for this daemon
-func (d *Daemon) Info(t assert.TestingT) types.Info {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	apiclient, err := d.NewClient()
-	assert.NilError(t, err)
-	info, err := apiclient.Info(context.Background())
-	assert.NilError(t, err)
-	return info
-}
-
-func cleanupRaftDir(t testingT, rootPath string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	walDir := filepath.Join(rootPath, "swarm/raft/wal")
-	if err := os.RemoveAll(walDir); err != nil {
-		t.Logf("error removing %v: %v", walDir, err)
-	}
-}
diff --git a/internal/test/daemon/daemon_unix.go b/internal/test/daemon/daemon_unix.go
deleted file mode 100644
index 9dd9e36f0c0c9..0000000000000
--- a/internal/test/daemon/daemon_unix.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// +build !windows
-
-package daemon // import "github.com/docker/docker/internal/test/daemon"
-
-import (
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/internal/test"
-	"golang.org/x/sys/unix"
-)
-
-func cleanupNetworkNamespace(t testingT, execRoot string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	// Cleanup network namespaces in the exec root of this
-	// daemon because this exec root is specific to this
-	// daemon instance and has no chance of getting
-	// cleaned up when a new daemon is instantiated with a
-	// new exec root.
-	netnsPath := filepath.Join(execRoot, "netns")
-	filepath.Walk(netnsPath, func(path string, info os.FileInfo, err error) error {
-		if err := unix.Unmount(path, unix.MNT_FORCE); err != nil {
-			t.Logf("unmount of %s failed: %v", path, err)
-		}
-		os.Remove(path)
-		return nil
-	})
-}
-
-// SignalDaemonDump sends a signal to the daemon to write a dump file
-func SignalDaemonDump(pid int) {
-	unix.Kill(pid, unix.SIGQUIT)
-}
-
-func signalDaemonReload(pid int) error {
-	return unix.Kill(pid, unix.SIGHUP)
-}
diff --git a/internal/test/daemon/daemon_windows.go b/internal/test/daemon/daemon_windows.go
deleted file mode 100644
index cb6bb6a4cb16c..0000000000000
--- a/internal/test/daemon/daemon_windows.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package daemon // import "github.com/docker/docker/internal/test/daemon"
-
-import (
-	"fmt"
-	"strconv"
-
-	"golang.org/x/sys/windows"
-)
-
-// SignalDaemonDump sends a signal to the daemon to write a dump file
-func SignalDaemonDump(pid int) {
-	ev, _ := windows.UTF16PtrFromString("Global\\docker-daemon-" + strconv.Itoa(pid))
-	h2, err := windows.OpenEvent(0x0002, false, ev)
-	if h2 == 0 || err != nil {
-		return
-	}
-	windows.PulseEvent(h2)
-}
-
-func signalDaemonReload(pid int) error {
-	return fmt.Errorf("daemon reload not supported")
-}
-
-func cleanupNetworkNamespace(t testingT, execRoot string) {
-}
diff --git a/internal/test/daemon/node.go b/internal/test/daemon/node.go
deleted file mode 100644
index d9263a7f29dc8..0000000000000
--- a/internal/test/daemon/node.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package daemon
-
-import (
-	"context"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/internal/test"
-	"gotest.tools/assert"
-)
-
-// NodeConstructor defines a swarm node constructor
-type NodeConstructor func(*swarm.Node)
-
-// GetNode returns a swarm node identified by the specified id
-func (d *Daemon) GetNode(t assert.TestingT, id string) *swarm.Node {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	node, _, err := cli.NodeInspectWithRaw(context.Background(), id)
-	assert.NilError(t, err)
-	assert.Check(t, node.ID == id)
-	return &node
-}
-
-// RemoveNode removes the specified node
-func (d *Daemon) RemoveNode(t assert.TestingT, id string, force bool) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	options := types.NodeRemoveOptions{
-		Force: force,
-	}
-	err := cli.NodeRemove(context.Background(), id, options)
-	assert.NilError(t, err)
-}
-
-// UpdateNode updates a swarm node with the specified node constructor
-func (d *Daemon) UpdateNode(t assert.TestingT, id string, f ...NodeConstructor) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	for i := 0; ; i++ {
-		node := d.GetNode(t, id)
-		for _, fn := range f {
-			fn(node)
-		}
-
-		err := cli.NodeUpdate(context.Background(), node.ID, node.Version, node.Spec)
-		if i < 10 && err != nil && strings.Contains(err.Error(), "update out of sequence") {
-			time.Sleep(100 * time.Millisecond)
-			continue
-		}
-		assert.NilError(t, err)
-		return
-	}
-}
-
-// ListNodes returns the list of the current swarm nodes
-func (d *Daemon) ListNodes(t assert.TestingT) []swarm.Node {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	nodes, err := cli.NodeList(context.Background(), types.NodeListOptions{})
-	assert.NilError(t, err)
-
-	return nodes
-}
diff --git a/internal/test/daemon/ops.go b/internal/test/daemon/ops.go
deleted file mode 100644
index 4154a77977cc1..0000000000000
--- a/internal/test/daemon/ops.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package daemon
-
-import "github.com/docker/docker/internal/test/environment"
-
-// WithExperimental sets the daemon in experimental mode
-func WithExperimental(d *Daemon) {
-	d.experimental = true
-	d.init = true
-}
-
-// WithInit sets the daemon init
-func WithInit(d *Daemon) {
-	d.init = true
-}
-
-// WithDockerdBinary sets the dockerd binary to the specified one
-func WithDockerdBinary(dockerdBinary string) func(*Daemon) {
-	return func(d *Daemon) {
-		d.dockerdBinary = dockerdBinary
-	}
-}
-
-// WithSwarmPort sets the swarm port to use for swarm mode
-func WithSwarmPort(port int) func(*Daemon) {
-	return func(d *Daemon) {
-		d.SwarmPort = port
-	}
-}
-
-// WithSwarmListenAddr sets the swarm listen addr to use for swarm mode
-func WithSwarmListenAddr(listenAddr string) func(*Daemon) {
-	return func(d *Daemon) {
-		d.swarmListenAddr = listenAddr
-	}
-}
-
-// WithSwarmDefaultAddrPool sets the swarm default address pool to use for swarm mode
-func WithSwarmDefaultAddrPool(defaultAddrPool []string) func(*Daemon) {
-	return func(d *Daemon) {
-		d.DefaultAddrPool = defaultAddrPool
-	}
-}
-
-// WithSwarmDefaultAddrPoolSubnetSize sets the subnet length mask of swarm default address pool to use for swarm mode
-func WithSwarmDefaultAddrPoolSubnetSize(subnetSize uint32) func(*Daemon) {
-	return func(d *Daemon) {
-		d.SubnetSize = subnetSize
-	}
-}
-
-// WithEnvironment sets options from internal/test/environment.Execution struct
-func WithEnvironment(e environment.Execution) func(*Daemon) {
-	return func(d *Daemon) {
-		if e.DaemonInfo.ExperimentalBuild {
-			d.experimental = true
-		}
-	}
-}
diff --git a/internal/test/daemon/plugin.go b/internal/test/daemon/plugin.go
deleted file mode 100644
index 63bbeed219327..0000000000000
--- a/internal/test/daemon/plugin.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package daemon
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/client"
-	"gotest.tools/poll"
-)
-
-// PluginIsRunning provides a poller to check if the specified plugin is running
-func (d *Daemon) PluginIsRunning(name string) func(poll.LogT) poll.Result {
-	return withClient(d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
-		if plugin.Enabled {
-			return poll.Success()
-		}
-		return poll.Continue("plugin %q is not enabled", name)
-	}))
-}
-
-// PluginIsNotRunning provides a poller to check if the specified plugin is not running
-func (d *Daemon) PluginIsNotRunning(name string) func(poll.LogT) poll.Result {
-	return withClient(d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
-		if !plugin.Enabled {
-			return poll.Success()
-		}
-		return poll.Continue("plugin %q is enabled", name)
-	}))
-}
-
-// PluginIsNotPresent provides a poller to check if the specified plugin is not present
-func (d *Daemon) PluginIsNotPresent(name string) func(poll.LogT) poll.Result {
-	return withClient(d, func(c client.APIClient, t poll.LogT) poll.Result {
-		_, _, err := c.PluginInspectWithRaw(context.Background(), name)
-		if client.IsErrNotFound(err) {
-			return poll.Success()
-		}
-		if err != nil {
-			return poll.Error(err)
-		}
-		return poll.Continue("plugin %q exists", name)
-	})
-}
-
-// PluginReferenceIs provides a poller to check if the specified plugin has the specified reference
-func (d *Daemon) PluginReferenceIs(name, expectedRef string) func(poll.LogT) poll.Result {
-	return withClient(d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
-		if plugin.PluginReference == expectedRef {
-			return poll.Success()
-		}
-		return poll.Continue("plugin %q reference is not %q", name, expectedRef)
-	}))
-}
-
-func withPluginInspect(name string, f func(*types.Plugin, poll.LogT) poll.Result) func(client.APIClient, poll.LogT) poll.Result {
-	return func(c client.APIClient, t poll.LogT) poll.Result {
-		plugin, _, err := c.PluginInspectWithRaw(context.Background(), name)
-		if client.IsErrNotFound(err) {
-			return poll.Continue("plugin %q not found", name)
-		}
-		if err != nil {
-			return poll.Error(err)
-		}
-		return f(plugin, t)
-	}
-
-}
-
-func withClient(d *Daemon, f func(client.APIClient, poll.LogT) poll.Result) func(poll.LogT) poll.Result {
-	return func(t poll.LogT) poll.Result {
-		c, err := d.NewClient()
-		if err != nil {
-			poll.Error(err)
-		}
-		return f(c, t)
-	}
-}
diff --git a/internal/test/daemon/secret.go b/internal/test/daemon/secret.go
deleted file mode 100644
index f3db7a42601da..0000000000000
--- a/internal/test/daemon/secret.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package daemon
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/internal/test"
-	"gotest.tools/assert"
-)
-
-// SecretConstructor defines a swarm secret constructor
-type SecretConstructor func(*swarm.Secret)
-
-// CreateSecret creates a secret given the specified spec
-func (d *Daemon) CreateSecret(t assert.TestingT, secretSpec swarm.SecretSpec) string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	scr, err := cli.SecretCreate(context.Background(), secretSpec)
-	assert.NilError(t, err)
-
-	return scr.ID
-}
-
-// ListSecrets returns the list of the current swarm secrets
-func (d *Daemon) ListSecrets(t assert.TestingT) []swarm.Secret {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	secrets, err := cli.SecretList(context.Background(), types.SecretListOptions{})
-	assert.NilError(t, err)
-	return secrets
-}
-
-// GetSecret returns a swarm secret identified by the specified id
-func (d *Daemon) GetSecret(t assert.TestingT, id string) *swarm.Secret {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	secret, _, err := cli.SecretInspectWithRaw(context.Background(), id)
-	assert.NilError(t, err)
-	return &secret
-}
-
-// DeleteSecret removes the swarm secret identified by the specified id
-func (d *Daemon) DeleteSecret(t assert.TestingT, id string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	err := cli.SecretRemove(context.Background(), id)
-	assert.NilError(t, err)
-}
-
-// UpdateSecret updates the swarm secret identified by the specified id
-// Currently, only label update is supported.
-func (d *Daemon) UpdateSecret(t assert.TestingT, id string, f ...SecretConstructor) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	secret := d.GetSecret(t, id)
-	for _, fn := range f {
-		fn(secret)
-	}
-
-	err := cli.SecretUpdate(context.Background(), secret.ID, secret.Version, secret.Spec)
-
-	assert.NilError(t, err)
-}
diff --git a/internal/test/daemon/service.go b/internal/test/daemon/service.go
deleted file mode 100644
index 0f88ca786b32d..0000000000000
--- a/internal/test/daemon/service.go
+++ /dev/null
@@ -1,131 +0,0 @@
-package daemon
-
-import (
-	"context"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/internal/test"
-	"gotest.tools/assert"
-)
-
-// ServiceConstructor defines a swarm service constructor function
-type ServiceConstructor func(*swarm.Service)
-
-func (d *Daemon) createServiceWithOptions(t assert.TestingT, opts types.ServiceCreateOptions, f ...ServiceConstructor) string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	var service swarm.Service
-	for _, fn := range f {
-		fn(&service)
-	}
-
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
-	defer cancel()
-
-	res, err := cli.ServiceCreate(ctx, service.Spec, opts)
-	assert.NilError(t, err)
-	return res.ID
-}
-
-// CreateService creates a swarm service given the specified service constructor
-func (d *Daemon) CreateService(t assert.TestingT, f ...ServiceConstructor) string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	return d.createServiceWithOptions(t, types.ServiceCreateOptions{}, f...)
-}
-
-// GetService returns the swarm service corresponding to the specified id
-func (d *Daemon) GetService(t assert.TestingT, id string) *swarm.Service {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	service, _, err := cli.ServiceInspectWithRaw(context.Background(), id, types.ServiceInspectOptions{})
-	assert.NilError(t, err)
-	return &service
-}
-
-// GetServiceTasks returns the swarm tasks for the specified service
-func (d *Daemon) GetServiceTasks(t assert.TestingT, service string) []swarm.Task {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	filterArgs := filters.NewArgs()
-	filterArgs.Add("desired-state", "running")
-	filterArgs.Add("service", service)
-
-	options := types.TaskListOptions{
-		Filters: filterArgs,
-	}
-
-	tasks, err := cli.TaskList(context.Background(), options)
-	assert.NilError(t, err)
-	return tasks
-}
-
-// UpdateService updates a swarm service with the specified service constructor
-func (d *Daemon) UpdateService(t assert.TestingT, service *swarm.Service, f ...ServiceConstructor) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	for _, fn := range f {
-		fn(service)
-	}
-
-	_, err := cli.ServiceUpdate(context.Background(), service.ID, service.Version, service.Spec, types.ServiceUpdateOptions{})
-	assert.NilError(t, err)
-}
-
-// RemoveService removes the specified service
-func (d *Daemon) RemoveService(t assert.TestingT, id string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	err := cli.ServiceRemove(context.Background(), id)
-	assert.NilError(t, err)
-}
-
-// ListServices returns the list of the current swarm services
-func (d *Daemon) ListServices(t assert.TestingT) []swarm.Service {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	services, err := cli.ServiceList(context.Background(), types.ServiceListOptions{})
-	assert.NilError(t, err)
-	return services
-}
-
-// GetTask returns the swarm task identified by the specified id
-func (d *Daemon) GetTask(t assert.TestingT, id string) swarm.Task {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	task, _, err := cli.TaskInspectWithRaw(context.Background(), id)
-	assert.NilError(t, err)
-	return task
-}
diff --git a/internal/test/daemon/swarm.go b/internal/test/daemon/swarm.go
deleted file mode 100644
index ae6a62c9eb1d4..0000000000000
--- a/internal/test/daemon/swarm.go
+++ /dev/null
@@ -1,198 +0,0 @@
-package daemon
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/internal/test"
-	"github.com/pkg/errors"
-	"gotest.tools/assert"
-)
-
-const (
-	// DefaultSwarmPort is the default port use for swarm in the tests
-	DefaultSwarmPort       = 2477
-	defaultSwarmListenAddr = "0.0.0.0"
-)
-
-// StartAndSwarmInit starts the daemon (with busybox) and init the swarm
-func (d *Daemon) StartAndSwarmInit(t testingT) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	// avoid networking conflicts
-	args := []string{"--iptables=false", "--swarm-default-advertise-addr=lo"}
-	d.StartWithBusybox(t, args...)
-
-	d.SwarmInit(t, swarm.InitRequest{})
-}
-
-// StartAndSwarmJoin starts the daemon (with busybox) and join the specified swarm as worker or manager
-func (d *Daemon) StartAndSwarmJoin(t testingT, leader *Daemon, manager bool) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	// avoid networking conflicts
-	args := []string{"--iptables=false", "--swarm-default-advertise-addr=lo"}
-	d.StartWithBusybox(t, args...)
-
-	tokens := leader.JoinTokens(t)
-	token := tokens.Worker
-	if manager {
-		token = tokens.Manager
-	}
-	d.SwarmJoin(t, swarm.JoinRequest{
-		RemoteAddrs: []string{leader.SwarmListenAddr()},
-		JoinToken:   token,
-	})
-}
-
-// SpecConstructor defines a swarm spec constructor
-type SpecConstructor func(*swarm.Spec)
-
-// SwarmListenAddr returns the listen-addr used for the daemon
-func (d *Daemon) SwarmListenAddr() string {
-	return fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
-}
-
-// NodeID returns the swarm mode node ID
-func (d *Daemon) NodeID() string {
-	return d.CachedInfo.Swarm.NodeID
-}
-
-// SwarmInit initializes a new swarm cluster.
-func (d *Daemon) SwarmInit(t assert.TestingT, req swarm.InitRequest) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	if req.ListenAddr == "" {
-		req.ListenAddr = fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
-	}
-	if req.DefaultAddrPool == nil {
-		req.DefaultAddrPool = d.DefaultAddrPool
-		req.SubnetSize = d.SubnetSize
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-	_, err := cli.SwarmInit(context.Background(), req)
-	assert.NilError(t, err, "initializing swarm")
-	d.CachedInfo = d.Info(t)
-}
-
-// SwarmJoin joins a daemon to an existing cluster.
-func (d *Daemon) SwarmJoin(t assert.TestingT, req swarm.JoinRequest) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	if req.ListenAddr == "" {
-		req.ListenAddr = fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-	err := cli.SwarmJoin(context.Background(), req)
-	assert.NilError(t, err, "initializing swarm")
-	d.CachedInfo = d.Info(t)
-}
-
-// SwarmLeave forces daemon to leave current cluster.
-func (d *Daemon) SwarmLeave(force bool) error {
-	cli, err := d.NewClient()
-	if err != nil {
-		return fmt.Errorf("leaving swarm: failed to create client %v", err)
-	}
-	defer cli.Close()
-	err = cli.SwarmLeave(context.Background(), force)
-	if err != nil {
-		err = fmt.Errorf("leaving swarm: %v", err)
-	}
-	return err
-}
-
-// SwarmInfo returns the swarm information of the daemon
-func (d *Daemon) SwarmInfo(t assert.TestingT) swarm.Info {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	info, err := cli.Info(context.Background())
-	assert.NilError(t, err, "get swarm info")
-	return info.Swarm
-}
-
-// SwarmUnlock tries to unlock a locked swarm
-func (d *Daemon) SwarmUnlock(req swarm.UnlockRequest) error {
-	cli, err := d.NewClient()
-	if err != nil {
-		return fmt.Errorf("unlocking swarm: failed to create client %v", err)
-	}
-	defer cli.Close()
-	err = cli.SwarmUnlock(context.Background(), req)
-	if err != nil {
-		err = errors.Wrap(err, "unlocking swarm")
-	}
-	return err
-}
-
-// GetSwarm returns the current swarm object
-func (d *Daemon) GetSwarm(t assert.TestingT) swarm.Swarm {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	sw, err := cli.SwarmInspect(context.Background())
-	assert.NilError(t, err)
-	return sw
-}
-
-// UpdateSwarm updates the current swarm object with the specified spec constructors
-func (d *Daemon) UpdateSwarm(t assert.TestingT, f ...SpecConstructor) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	sw := d.GetSwarm(t)
-	for _, fn := range f {
-		fn(&sw.Spec)
-	}
-
-	err := cli.SwarmUpdate(context.Background(), sw.Version, sw.Spec, swarm.UpdateFlags{})
-	assert.NilError(t, err)
-}
-
-// RotateTokens update the swarm to rotate tokens
-func (d *Daemon) RotateTokens(t assert.TestingT) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	sw, err := cli.SwarmInspect(context.Background())
-	assert.NilError(t, err)
-
-	flags := swarm.UpdateFlags{
-		RotateManagerToken: true,
-		RotateWorkerToken:  true,
-	}
-
-	err = cli.SwarmUpdate(context.Background(), sw.Version, sw.Spec, flags)
-	assert.NilError(t, err)
-}
-
-// JoinTokens returns the current swarm join tokens
-func (d *Daemon) JoinTokens(t assert.TestingT) swarm.JoinTokens {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	cli := d.NewClientT(t)
-	defer cli.Close()
-
-	sw, err := cli.SwarmInspect(context.Background())
-	assert.NilError(t, err)
-	return sw.JoinTokens
-}
diff --git a/internal/test/environment/clean.go b/internal/test/environment/clean.go
deleted file mode 100644
index 93dee593f2817..0000000000000
--- a/internal/test/environment/clean.go
+++ /dev/null
@@ -1,217 +0,0 @@
-package environment // import "github.com/docker/docker/internal/test/environment"
-
-import (
-	"context"
-	"regexp"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/internal/test"
-	"gotest.tools/assert"
-)
-
-type testingT interface {
-	assert.TestingT
-	logT
-	Fatalf(string, ...interface{})
-}
-
-type logT interface {
-	Logf(string, ...interface{})
-}
-
-// Clean the environment, preserving protected objects (images, containers, ...)
-// and removing everything else. It's meant to run after any tests so that they don't
-// depend on each others.
-func (e *Execution) Clean(t assert.TestingT) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	client := e.APIClient()
-
-	platform := e.OSType
-	if (platform != "windows") || (platform == "windows" && e.DaemonInfo.Isolation == "hyperv") {
-		unpauseAllContainers(t, client)
-	}
-	deleteAllContainers(t, client, e.protectedElements.containers)
-	deleteAllImages(t, client, e.protectedElements.images)
-	deleteAllVolumes(t, client, e.protectedElements.volumes)
-	deleteAllNetworks(t, client, platform, e.protectedElements.networks)
-	if platform == "linux" {
-		deleteAllPlugins(t, client, e.protectedElements.plugins)
-	}
-}
-
-func unpauseAllContainers(t assert.TestingT, client client.ContainerAPIClient) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	ctx := context.Background()
-	containers := getPausedContainers(ctx, t, client)
-	if len(containers) > 0 {
-		for _, container := range containers {
-			err := client.ContainerUnpause(ctx, container.ID)
-			assert.Check(t, err, "failed to unpause container %s", container.ID)
-		}
-	}
-}
-
-func getPausedContainers(ctx context.Context, t assert.TestingT, client client.ContainerAPIClient) []types.Container {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	filter := filters.NewArgs()
-	filter.Add("status", "paused")
-	containers, err := client.ContainerList(ctx, types.ContainerListOptions{
-		Filters: filter,
-		Quiet:   true,
-		All:     true,
-	})
-	assert.Check(t, err, "failed to list containers")
-	return containers
-}
-
-var alreadyExists = regexp.MustCompile(`Error response from daemon: removal of container (\w+) is already in progress`)
-
-func deleteAllContainers(t assert.TestingT, apiclient client.ContainerAPIClient, protectedContainers map[string]struct{}) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	ctx := context.Background()
-	containers := getAllContainers(ctx, t, apiclient)
-	if len(containers) == 0 {
-		return
-	}
-
-	for _, container := range containers {
-		if _, ok := protectedContainers[container.ID]; ok {
-			continue
-		}
-		err := apiclient.ContainerRemove(ctx, container.ID, types.ContainerRemoveOptions{
-			Force:         true,
-			RemoveVolumes: true,
-		})
-		if err == nil || client.IsErrNotFound(err) || alreadyExists.MatchString(err.Error()) || isErrNotFoundSwarmClassic(err) {
-			continue
-		}
-		assert.Check(t, err, "failed to remove %s", container.ID)
-	}
-}
-
-func getAllContainers(ctx context.Context, t assert.TestingT, client client.ContainerAPIClient) []types.Container {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	containers, err := client.ContainerList(ctx, types.ContainerListOptions{
-		Quiet: true,
-		All:   true,
-	})
-	assert.Check(t, err, "failed to list containers")
-	return containers
-}
-
-func deleteAllImages(t assert.TestingT, apiclient client.ImageAPIClient, protectedImages map[string]struct{}) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	images, err := apiclient.ImageList(context.Background(), types.ImageListOptions{})
-	assert.Check(t, err, "failed to list images")
-
-	ctx := context.Background()
-	for _, image := range images {
-		tags := tagsFromImageSummary(image)
-		if len(tags) == 0 {
-			removeImage(ctx, t, apiclient, image.ID)
-			continue
-		}
-		for _, tag := range tags {
-			if _, ok := protectedImages[tag]; !ok {
-				removeImage(ctx, t, apiclient, tag)
-			}
-		}
-	}
-}
-
-func removeImage(ctx context.Context, t assert.TestingT, apiclient client.ImageAPIClient, ref string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	_, err := apiclient.ImageRemove(ctx, ref, types.ImageRemoveOptions{
-		Force: true,
-	})
-	if client.IsErrNotFound(err) {
-		return
-	}
-	assert.Check(t, err, "failed to remove image %s", ref)
-}
-
-func deleteAllVolumes(t assert.TestingT, c client.VolumeAPIClient, protectedVolumes map[string]struct{}) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	volumes, err := c.VolumeList(context.Background(), filters.Args{})
-	assert.Check(t, err, "failed to list volumes")
-
-	for _, v := range volumes.Volumes {
-		if _, ok := protectedVolumes[v.Name]; ok {
-			continue
-		}
-		err := c.VolumeRemove(context.Background(), v.Name, true)
-		// Docker EE may list volumes that no longer exist.
-		if isErrNotFoundSwarmClassic(err) {
-			continue
-		}
-		assert.Check(t, err, "failed to remove volume %s", v.Name)
-	}
-}
-
-func deleteAllNetworks(t assert.TestingT, c client.NetworkAPIClient, daemonPlatform string, protectedNetworks map[string]struct{}) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	networks, err := c.NetworkList(context.Background(), types.NetworkListOptions{})
-	assert.Check(t, err, "failed to list networks")
-
-	for _, n := range networks {
-		if n.Name == "bridge" || n.Name == "none" || n.Name == "host" {
-			continue
-		}
-		if _, ok := protectedNetworks[n.ID]; ok {
-			continue
-		}
-		if daemonPlatform == "windows" && strings.ToLower(n.Name) == "nat" {
-			// nat is a pre-defined network on Windows and cannot be removed
-			continue
-		}
-		err := c.NetworkRemove(context.Background(), n.ID)
-		assert.Check(t, err, "failed to remove network %s", n.ID)
-	}
-}
-
-func deleteAllPlugins(t assert.TestingT, c client.PluginAPIClient, protectedPlugins map[string]struct{}) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	plugins, err := c.PluginList(context.Background(), filters.Args{})
-	// Docker EE does not allow cluster-wide plugin management.
-	if client.IsErrNotImplemented(err) {
-		return
-	}
-	assert.Check(t, err, "failed to list plugins")
-
-	for _, p := range plugins {
-		if _, ok := protectedPlugins[p.Name]; ok {
-			continue
-		}
-		err := c.PluginRemove(context.Background(), p.Name, types.PluginRemoveOptions{Force: true})
-		assert.Check(t, err, "failed to remove plugin %s", p.ID)
-	}
-}
-
-// Swarm classic aggregates node errors and returns a 500 so we need to check
-// the error string instead of just IsErrNotFound().
-func isErrNotFoundSwarmClassic(err error) bool {
-	return err != nil && strings.Contains(strings.ToLower(err.Error()), "no such")
-}
diff --git a/internal/test/environment/environment.go b/internal/test/environment/environment.go
deleted file mode 100644
index 5538d2097e9b0..0000000000000
--- a/internal/test/environment/environment.go
+++ /dev/null
@@ -1,164 +0,0 @@
-package environment // import "github.com/docker/docker/internal/test/environment"
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/internal/test/fixtures/load"
-	"github.com/pkg/errors"
-)
-
-// Execution contains information about the current test execution and daemon
-// under test
-type Execution struct {
-	client            client.APIClient
-	DaemonInfo        types.Info
-	OSType            string
-	PlatformDefaults  PlatformDefaults
-	protectedElements protectedElements
-}
-
-// PlatformDefaults are defaults values for the platform of the daemon under test
-type PlatformDefaults struct {
-	BaseImage            string
-	VolumesConfigPath    string
-	ContainerStoragePath string
-}
-
-// New creates a new Execution struct
-func New() (*Execution, error) {
-	client, err := client.NewClientWithOpts(client.FromEnv)
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to create client")
-	}
-
-	info, err := client.Info(context.Background())
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to get info from daemon")
-	}
-
-	osType := getOSType(info)
-
-	return &Execution{
-		client:            client,
-		DaemonInfo:        info,
-		OSType:            osType,
-		PlatformDefaults:  getPlatformDefaults(info, osType),
-		protectedElements: newProtectedElements(),
-	}, nil
-}
-
-func getOSType(info types.Info) string {
-	// Docker EE does not set the OSType so allow the user to override this value.
-	userOsType := os.Getenv("TEST_OSTYPE")
-	if userOsType != "" {
-		return userOsType
-	}
-	return info.OSType
-}
-
-func getPlatformDefaults(info types.Info, osType string) PlatformDefaults {
-	volumesPath := filepath.Join(info.DockerRootDir, "volumes")
-	containersPath := filepath.Join(info.DockerRootDir, "containers")
-
-	switch osType {
-	case "linux":
-		return PlatformDefaults{
-			BaseImage:            "scratch",
-			VolumesConfigPath:    toSlash(volumesPath),
-			ContainerStoragePath: toSlash(containersPath),
-		}
-	case "windows":
-		baseImage := "microsoft/windowsservercore"
-		if override := os.Getenv("WINDOWS_BASE_IMAGE"); override != "" {
-			baseImage = override
-			fmt.Println("INFO: Windows Base image is ", baseImage)
-		}
-		return PlatformDefaults{
-			BaseImage:            baseImage,
-			VolumesConfigPath:    filepath.FromSlash(volumesPath),
-			ContainerStoragePath: filepath.FromSlash(containersPath),
-		}
-	default:
-		panic(fmt.Sprintf("unknown OSType for daemon: %s", osType))
-	}
-}
-
-// Make sure in context of daemon, not the local platform. Note we can't
-// use filepath.FromSlash or ToSlash here as they are a no-op on Unix.
-func toSlash(path string) string {
-	return strings.Replace(path, `\`, `/`, -1)
-}
-
-// IsLocalDaemon is true if the daemon under test is on the same
-// host as the test process.
-//
-// Deterministically working out the environment in which CI is running
-// to evaluate whether the daemon is local or remote is not possible through
-// a build tag.
-//
-// For example Windows to Linux CI under Jenkins tests the 64-bit
-// Windows binary build with the daemon build tag, but calls a remote
-// Linux daemon.
-//
-// We can't just say if Windows then assume the daemon is local as at
-// some point, we will be testing the Windows CLI against a Windows daemon.
-//
-// Similarly, it will be perfectly valid to also run CLI tests from
-// a Linux CLI (built with the daemon tag) against a Windows daemon.
-func (e *Execution) IsLocalDaemon() bool {
-	return os.Getenv("DOCKER_REMOTE_DAEMON") == ""
-}
-
-// IsRemoteDaemon is true if the daemon under test is on different host
-// as the test process.
-func (e *Execution) IsRemoteDaemon() bool {
-	return !e.IsLocalDaemon()
-}
-
-// DaemonAPIVersion returns the negotiated daemon api version
-func (e *Execution) DaemonAPIVersion() string {
-	version, err := e.APIClient().ServerVersion(context.TODO())
-	if err != nil {
-		return ""
-	}
-	return version.APIVersion
-}
-
-// Print the execution details to stdout
-// TODO: print everything
-func (e *Execution) Print() {
-	if e.IsLocalDaemon() {
-		fmt.Println("INFO: Testing against a local daemon")
-	} else {
-		fmt.Println("INFO: Testing against a remote daemon")
-	}
-}
-
-// APIClient returns an APIClient connected to the daemon under test
-func (e *Execution) APIClient() client.APIClient {
-	return e.client
-}
-
-// IsUserNamespace returns whether the user namespace remapping is enabled
-func (e *Execution) IsUserNamespace() bool {
-	root := os.Getenv("DOCKER_REMAP_ROOT")
-	return root != ""
-}
-
-// EnsureFrozenImagesLinux loads frozen test images into the daemon
-// if they aren't already loaded
-func EnsureFrozenImagesLinux(testEnv *Execution) error {
-	if testEnv.OSType == "linux" {
-		err := load.FrozenImagesLinux(testEnv.APIClient(), frozenImages...)
-		if err != nil {
-			return errors.Wrap(err, "error loading frozen images")
-		}
-	}
-	return nil
-}
diff --git a/internal/test/environment/protect.go b/internal/test/environment/protect.go
deleted file mode 100644
index b5b27d2dd4f4c..0000000000000
--- a/internal/test/environment/protect.go
+++ /dev/null
@@ -1,254 +0,0 @@
-package environment // import "github.com/docker/docker/internal/test/environment"
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	dclient "github.com/docker/docker/client"
-	"github.com/docker/docker/internal/test"
-	"gotest.tools/assert"
-)
-
-var frozenImages = []string{"busybox:latest", "busybox:glibc", "hello-world:frozen", "debian:jessie"}
-
-type protectedElements struct {
-	containers map[string]struct{}
-	images     map[string]struct{}
-	networks   map[string]struct{}
-	plugins    map[string]struct{}
-	volumes    map[string]struct{}
-}
-
-func newProtectedElements() protectedElements {
-	return protectedElements{
-		containers: map[string]struct{}{},
-		images:     map[string]struct{}{},
-		networks:   map[string]struct{}{},
-		plugins:    map[string]struct{}{},
-		volumes:    map[string]struct{}{},
-	}
-}
-
-// ProtectAll protects the existing environment (containers, images, networks,
-// volumes, and, on Linux, plugins) from being cleaned up at the end of test
-// runs
-func ProtectAll(t testingT, testEnv *Execution) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	ProtectContainers(t, testEnv)
-	ProtectImages(t, testEnv)
-	ProtectNetworks(t, testEnv)
-	ProtectVolumes(t, testEnv)
-	if testEnv.OSType == "linux" {
-		ProtectPlugins(t, testEnv)
-	}
-}
-
-// ProtectContainer adds the specified container(s) to be protected in case of
-// clean
-func (e *Execution) ProtectContainer(t testingT, containers ...string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	for _, container := range containers {
-		e.protectedElements.containers[container] = struct{}{}
-	}
-}
-
-// ProtectContainers protects existing containers from being cleaned up at the
-// end of test runs
-func ProtectContainers(t testingT, testEnv *Execution) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	containers := getExistingContainers(t, testEnv)
-	testEnv.ProtectContainer(t, containers...)
-}
-
-func getExistingContainers(t assert.TestingT, testEnv *Execution) []string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	client := testEnv.APIClient()
-	containerList, err := client.ContainerList(context.Background(), types.ContainerListOptions{
-		All: true,
-	})
-	assert.NilError(t, err, "failed to list containers")
-
-	var containers []string
-	for _, container := range containerList {
-		containers = append(containers, container.ID)
-	}
-	return containers
-}
-
-// ProtectImage adds the specified image(s) to be protected in case of clean
-func (e *Execution) ProtectImage(t testingT, images ...string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	for _, image := range images {
-		e.protectedElements.images[image] = struct{}{}
-	}
-}
-
-// ProtectImages protects existing images and on linux frozen images from being
-// cleaned up at the end of test runs
-func ProtectImages(t testingT, testEnv *Execution) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	images := getExistingImages(t, testEnv)
-
-	if testEnv.OSType == "linux" {
-		images = append(images, frozenImages...)
-	}
-	testEnv.ProtectImage(t, images...)
-}
-
-func getExistingImages(t assert.TestingT, testEnv *Execution) []string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	client := testEnv.APIClient()
-	filter := filters.NewArgs()
-	filter.Add("dangling", "false")
-	imageList, err := client.ImageList(context.Background(), types.ImageListOptions{
-		All:     true,
-		Filters: filter,
-	})
-	assert.NilError(t, err, "failed to list images")
-
-	var images []string
-	for _, image := range imageList {
-		images = append(images, tagsFromImageSummary(image)...)
-	}
-	return images
-}
-
-func tagsFromImageSummary(image types.ImageSummary) []string {
-	var result []string
-	for _, tag := range image.RepoTags {
-		if tag != "<none>:<none>" {
-			result = append(result, tag)
-		}
-	}
-	for _, digest := range image.RepoDigests {
-		if digest != "<none>@<none>" {
-			result = append(result, digest)
-		}
-	}
-	return result
-}
-
-// ProtectNetwork adds the specified network(s) to be protected in case of
-// clean
-func (e *Execution) ProtectNetwork(t testingT, networks ...string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	for _, network := range networks {
-		e.protectedElements.networks[network] = struct{}{}
-	}
-}
-
-// ProtectNetworks protects existing networks from being cleaned up at the end
-// of test runs
-func ProtectNetworks(t testingT, testEnv *Execution) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	networks := getExistingNetworks(t, testEnv)
-	testEnv.ProtectNetwork(t, networks...)
-}
-
-func getExistingNetworks(t assert.TestingT, testEnv *Execution) []string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	client := testEnv.APIClient()
-	networkList, err := client.NetworkList(context.Background(), types.NetworkListOptions{})
-	assert.NilError(t, err, "failed to list networks")
-
-	var networks []string
-	for _, network := range networkList {
-		networks = append(networks, network.ID)
-	}
-	return networks
-}
-
-// ProtectPlugin adds the specified plugin(s) to be protected in case of clean
-func (e *Execution) ProtectPlugin(t testingT, plugins ...string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	for _, plugin := range plugins {
-		e.protectedElements.plugins[plugin] = struct{}{}
-	}
-}
-
-// ProtectPlugins protects existing plugins from being cleaned up at the end of
-// test runs
-func ProtectPlugins(t testingT, testEnv *Execution) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	plugins := getExistingPlugins(t, testEnv)
-	testEnv.ProtectPlugin(t, plugins...)
-}
-
-func getExistingPlugins(t assert.TestingT, testEnv *Execution) []string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	client := testEnv.APIClient()
-	pluginList, err := client.PluginList(context.Background(), filters.Args{})
-	// Docker EE does not allow cluster-wide plugin management.
-	if dclient.IsErrNotImplemented(err) {
-		return []string{}
-	}
-	assert.NilError(t, err, "failed to list plugins")
-
-	var plugins []string
-	for _, plugin := range pluginList {
-		plugins = append(plugins, plugin.Name)
-	}
-	return plugins
-}
-
-// ProtectVolume adds the specified volume(s) to be protected in case of clean
-func (e *Execution) ProtectVolume(t testingT, volumes ...string) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	for _, volume := range volumes {
-		e.protectedElements.volumes[volume] = struct{}{}
-	}
-}
-
-// ProtectVolumes protects existing volumes from being cleaned up at the end of
-// test runs
-func ProtectVolumes(t testingT, testEnv *Execution) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	volumes := getExistingVolumes(t, testEnv)
-	testEnv.ProtectVolume(t, volumes...)
-}
-
-func getExistingVolumes(t assert.TestingT, testEnv *Execution) []string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	client := testEnv.APIClient()
-	volumeList, err := client.VolumeList(context.Background(), filters.Args{})
-	assert.NilError(t, err, "failed to list volumes")
-
-	var volumes []string
-	for _, volume := range volumeList.Volumes {
-		volumes = append(volumes, volume.Name)
-	}
-	return volumes
-}
diff --git a/internal/test/fakecontext/context.go b/internal/test/fakecontext/context.go
deleted file mode 100644
index 8b11da207ed05..0000000000000
--- a/internal/test/fakecontext/context.go
+++ /dev/null
@@ -1,131 +0,0 @@
-package fakecontext // import "github.com/docker/docker/internal/test/fakecontext"
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/internal/test"
-	"github.com/docker/docker/pkg/archive"
-)
-
-type testingT interface {
-	Fatal(args ...interface{})
-	Fatalf(string, ...interface{})
-}
-
-// New creates a fake build context
-func New(t testingT, dir string, modifiers ...func(*Fake) error) *Fake {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	fakeContext := &Fake{Dir: dir}
-	if dir == "" {
-		if err := newDir(fakeContext); err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	for _, modifier := range modifiers {
-		if err := modifier(fakeContext); err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	return fakeContext
-}
-
-func newDir(fake *Fake) error {
-	tmp, err := ioutil.TempDir("", "fake-context")
-	if err != nil {
-		return err
-	}
-	if err := os.Chmod(tmp, 0755); err != nil {
-		return err
-	}
-	fake.Dir = tmp
-	return nil
-}
-
-// WithFile adds the specified file (with content) in the build context
-func WithFile(name, content string) func(*Fake) error {
-	return func(ctx *Fake) error {
-		return ctx.Add(name, content)
-	}
-}
-
-// WithDockerfile adds the specified content as Dockerfile in the build context
-func WithDockerfile(content string) func(*Fake) error {
-	return WithFile("Dockerfile", content)
-}
-
-// WithFiles adds the specified files in the build context, content is a string
-func WithFiles(files map[string]string) func(*Fake) error {
-	return func(fakeContext *Fake) error {
-		for file, content := range files {
-			if err := fakeContext.Add(file, content); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-}
-
-// WithBinaryFiles adds the specified files in the build context, content is binary
-func WithBinaryFiles(files map[string]*bytes.Buffer) func(*Fake) error {
-	return func(fakeContext *Fake) error {
-		for file, content := range files {
-			if err := fakeContext.Add(file, content.String()); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-}
-
-// Fake creates directories that can be used as a build context
-type Fake struct {
-	Dir string
-}
-
-// Add a file at a path, creating directories where necessary
-func (f *Fake) Add(file, content string) error {
-	return f.addFile(file, []byte(content))
-}
-
-func (f *Fake) addFile(file string, content []byte) error {
-	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
-	dirpath := filepath.Dir(fp)
-	if dirpath != "." {
-		if err := os.MkdirAll(dirpath, 0755); err != nil {
-			return err
-		}
-	}
-	return ioutil.WriteFile(fp, content, 0644)
-
-}
-
-// Delete a file at a path
-func (f *Fake) Delete(file string) error {
-	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
-	return os.RemoveAll(fp)
-}
-
-// Close deletes the context
-func (f *Fake) Close() error {
-	return os.RemoveAll(f.Dir)
-}
-
-// AsTarReader returns a ReadCloser with the contents of Dir as a tar archive.
-func (f *Fake) AsTarReader(t testingT) io.ReadCloser {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	reader, err := archive.TarWithOptions(f.Dir, &archive.TarOptions{})
-	if err != nil {
-		t.Fatalf("Failed to create tar from %s: %s", f.Dir, err)
-	}
-	return reader
-}
diff --git a/internal/test/fakestorage/storage.go b/internal/test/fakestorage/storage.go
deleted file mode 100644
index b091cbc3f1c85..0000000000000
--- a/internal/test/fakestorage/storage.go
+++ /dev/null
@@ -1,200 +0,0 @@
-package fakestorage // import "github.com/docker/docker/internal/test/fakestorage"
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"os"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/internal/test"
-	"github.com/docker/docker/internal/test/environment"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/docker/internal/test/request"
-	"github.com/docker/docker/internal/testutil"
-	"github.com/docker/go-connections/nat"
-	"gotest.tools/assert"
-)
-
-var testEnv *environment.Execution
-
-type testingT interface {
-	assert.TestingT
-	logT
-	skipT
-	Fatal(args ...interface{})
-	Fatalf(string, ...interface{})
-}
-
-type logT interface {
-	Logf(string, ...interface{})
-}
-
-type skipT interface {
-	Skip(reason string)
-}
-
-// Fake is a static file server. It might be running locally or remotely
-// on test host.
-type Fake interface {
-	Close() error
-	URL() string
-	CtxDir() string
-}
-
-// SetTestEnvironment sets a static test environment
-// TODO: decouple this package from environment
-func SetTestEnvironment(env *environment.Execution) {
-	testEnv = env
-}
-
-// New returns a static file server that will be use as build context.
-func New(t testingT, dir string, modifiers ...func(*fakecontext.Fake) error) Fake {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	if testEnv == nil {
-		t.Fatal("fakstorage package requires SetTestEnvironment() to be called before use.")
-	}
-	ctx := fakecontext.New(t, dir, modifiers...)
-	switch {
-	case testEnv.IsRemoteDaemon() && strings.HasPrefix(request.DaemonHost(), "unix:///"):
-		t.Skip(fmt.Sprintf("e2e run : daemon is remote but docker host points to a unix socket"))
-	case testEnv.IsLocalDaemon():
-		return newLocalFakeStorage(ctx)
-	default:
-		return newRemoteFileServer(t, ctx, testEnv.APIClient())
-	}
-	return nil
-}
-
-// localFileStorage is a file storage on the running machine
-type localFileStorage struct {
-	*fakecontext.Fake
-	*httptest.Server
-}
-
-func (s *localFileStorage) URL() string {
-	return s.Server.URL
-}
-
-func (s *localFileStorage) CtxDir() string {
-	return s.Fake.Dir
-}
-
-func (s *localFileStorage) Close() error {
-	defer s.Server.Close()
-	return s.Fake.Close()
-}
-
-func newLocalFakeStorage(ctx *fakecontext.Fake) *localFileStorage {
-	handler := http.FileServer(http.Dir(ctx.Dir))
-	server := httptest.NewServer(handler)
-	return &localFileStorage{
-		Fake:   ctx,
-		Server: server,
-	}
-}
-
-// remoteFileServer is a containerized static file server started on the remote
-// testing machine to be used in URL-accepting docker build functionality.
-type remoteFileServer struct {
-	host      string // hostname/port web server is listening to on docker host e.g. 0.0.0.0:43712
-	container string
-	image     string
-	client    client.APIClient
-	ctx       *fakecontext.Fake
-}
-
-func (f *remoteFileServer) URL() string {
-	u := url.URL{
-		Scheme: "http",
-		Host:   f.host}
-	return u.String()
-}
-
-func (f *remoteFileServer) CtxDir() string {
-	return f.ctx.Dir
-}
-
-func (f *remoteFileServer) Close() error {
-	defer func() {
-		if f.ctx != nil {
-			f.ctx.Close()
-		}
-		if f.image != "" {
-			if _, err := f.client.ImageRemove(context.Background(), f.image, types.ImageRemoveOptions{
-				Force: true,
-			}); err != nil {
-				fmt.Fprintf(os.Stderr, "Error closing remote file server : %v\n", err)
-			}
-		}
-		if err := f.client.Close(); err != nil {
-			fmt.Fprintf(os.Stderr, "Error closing remote file server : %v\n", err)
-		}
-	}()
-	if f.container == "" {
-		return nil
-	}
-	return f.client.ContainerRemove(context.Background(), f.container, types.ContainerRemoveOptions{
-		Force:         true,
-		RemoveVolumes: true,
-	})
-}
-
-func newRemoteFileServer(t testingT, ctx *fakecontext.Fake, c client.APIClient) *remoteFileServer {
-	var (
-		image     = fmt.Sprintf("fileserver-img-%s", strings.ToLower(testutil.GenerateRandomAlphaOnlyString(10)))
-		container = fmt.Sprintf("fileserver-cnt-%s", strings.ToLower(testutil.GenerateRandomAlphaOnlyString(10)))
-	)
-
-	ensureHTTPServerImage(t)
-
-	// Build the image
-	if err := ctx.Add("Dockerfile", `FROM httpserver
-COPY . /static`); err != nil {
-		t.Fatal(err)
-	}
-	resp, err := c.ImageBuild(context.Background(), ctx.AsTarReader(t), types.ImageBuildOptions{
-		NoCache: true,
-		Tags:    []string{image},
-	})
-	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, resp.Body)
-	assert.NilError(t, err)
-
-	// Start the container
-	b, err := c.ContainerCreate(context.Background(), &containertypes.Config{
-		Image: image,
-	}, &containertypes.HostConfig{}, nil, container)
-	assert.NilError(t, err)
-	err = c.ContainerStart(context.Background(), b.ID, types.ContainerStartOptions{})
-	assert.NilError(t, err)
-
-	// Find out the system assigned port
-	i, err := c.ContainerInspect(context.Background(), b.ID)
-	assert.NilError(t, err)
-	newP, err := nat.NewPort("tcp", "80")
-	assert.NilError(t, err)
-	ports, exists := i.NetworkSettings.Ports[newP]
-	if !exists || len(ports) != 1 {
-		t.Fatalf("unable to find port 80/tcp for %s", container)
-	}
-	host := ports[0].HostIP
-	port := ports[0].HostPort
-
-	return &remoteFileServer{
-		container: container,
-		image:     image,
-		host:      fmt.Sprintf("%s:%s", host, port),
-		ctx:       ctx,
-		client:    c,
-	}
-}
diff --git a/internal/test/fixtures/plugin/plugin.go b/internal/test/fixtures/plugin/plugin.go
deleted file mode 100644
index 71ad1281848d7..0000000000000
--- a/internal/test/fixtures/plugin/plugin.go
+++ /dev/null
@@ -1,216 +0,0 @@
-package plugin // import "github.com/docker/docker/internal/test/fixtures/plugin"
-
-import (
-	"context"
-	"encoding/json"
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/plugin"
-	"github.com/docker/docker/registry"
-	"github.com/pkg/errors"
-)
-
-// CreateOpt is passed used to change the default plugin config before
-// creating it
-type CreateOpt func(*Config)
-
-// Config wraps types.PluginConfig to provide some extra state for options
-// extra customizations on the plugin details, such as using a custom binary to
-// create the plugin with.
-type Config struct {
-	*types.PluginConfig
-	binPath string
-}
-
-// WithBinary is a CreateOpt to set an custom binary to create the plugin with.
-// This binary must be statically compiled.
-func WithBinary(bin string) CreateOpt {
-	return func(cfg *Config) {
-		cfg.binPath = bin
-	}
-}
-
-// CreateClient is the interface used for `BuildPlugin` to interact with the
-// daemon.
-type CreateClient interface {
-	PluginCreate(context.Context, io.Reader, types.PluginCreateOptions) error
-}
-
-// Create creates a new plugin with the specified name
-func Create(ctx context.Context, c CreateClient, name string, opts ...CreateOpt) error {
-	tmpDir, err := ioutil.TempDir("", "create-test-plugin")
-	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(tmpDir)
-
-	tar, err := makePluginBundle(tmpDir, opts...)
-	if err != nil {
-		return err
-	}
-	defer tar.Close()
-
-	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
-	defer cancel()
-
-	return c.PluginCreate(ctx, tar, types.PluginCreateOptions{RepoName: name})
-}
-
-// CreateInRegistry makes a plugin (locally) and pushes it to a registry.
-// This does not use a dockerd instance to create or push the plugin.
-// If you just want to create a plugin in some daemon, use `Create`.
-//
-// This can be useful when testing plugins on swarm where you don't really want
-// the plugin to exist on any of the daemons (immediately) and there needs to be
-// some way to distribute the plugin.
-func CreateInRegistry(ctx context.Context, repo string, auth *types.AuthConfig, opts ...CreateOpt) error {
-	tmpDir, err := ioutil.TempDir("", "create-test-plugin-local")
-	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(tmpDir)
-
-	inPath := filepath.Join(tmpDir, "plugin")
-	if err := os.MkdirAll(inPath, 0755); err != nil {
-		return errors.Wrap(err, "error creating plugin root")
-	}
-
-	tar, err := makePluginBundle(inPath, opts...)
-	if err != nil {
-		return err
-	}
-	defer tar.Close()
-
-	dummyExec := func(m *plugin.Manager) (plugin.Executor, error) {
-		return nil, nil
-	}
-
-	regService, err := registry.NewService(registry.ServiceOptions{V2Only: true})
-	if err != nil {
-		return err
-	}
-
-	managerConfig := plugin.ManagerConfig{
-		Store:           plugin.NewStore(),
-		RegistryService: regService,
-		Root:            filepath.Join(tmpDir, "root"),
-		ExecRoot:        "/run/docker", // manager init fails if not set
-		CreateExecutor:  dummyExec,
-		LogPluginEvent:  func(id, name, action string) {}, // panics when not set
-	}
-	manager, err := plugin.NewManager(managerConfig)
-	if err != nil {
-		return errors.Wrap(err, "error creating plugin manager")
-	}
-
-	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
-	defer cancel()
-	if err := manager.CreateFromContext(ctx, tar, &types.PluginCreateOptions{RepoName: repo}); err != nil {
-		return err
-	}
-
-	if auth == nil {
-		auth = &types.AuthConfig{}
-	}
-	err = manager.Push(ctx, repo, nil, auth, ioutil.Discard)
-	return errors.Wrap(err, "error pushing plugin")
-}
-
-func makePluginBundle(inPath string, opts ...CreateOpt) (io.ReadCloser, error) {
-	p := &types.PluginConfig{
-		Interface: types.PluginConfigInterface{
-			Socket: "basic.sock",
-			Types:  []types.PluginInterfaceType{{Capability: "docker.dummy/1.0"}},
-		},
-		Entrypoint: []string{"/basic"},
-	}
-	cfg := &Config{
-		PluginConfig: p,
-	}
-	for _, o := range opts {
-		o(cfg)
-	}
-	if cfg.binPath == "" {
-		binPath, err := ensureBasicPluginBin()
-		if err != nil {
-			return nil, err
-		}
-		cfg.binPath = binPath
-	}
-
-	configJSON, err := json.Marshal(p)
-	if err != nil {
-		return nil, err
-	}
-	if err := ioutil.WriteFile(filepath.Join(inPath, "config.json"), configJSON, 0644); err != nil {
-		return nil, err
-	}
-	if err := os.MkdirAll(filepath.Join(inPath, "rootfs", filepath.Dir(p.Entrypoint[0])), 0755); err != nil {
-		return nil, errors.Wrap(err, "error creating plugin rootfs dir")
-	}
-
-	// Ensure the mount target paths exist
-	for _, m := range p.Mounts {
-		var stat os.FileInfo
-		if m.Source != nil {
-			stat, err = os.Stat(*m.Source)
-			if err != nil && !os.IsNotExist(err) {
-				return nil, err
-			}
-		}
-
-		if stat == nil || stat.IsDir() {
-			var mode os.FileMode = 0755
-			if stat != nil {
-				mode = stat.Mode()
-			}
-			if err := os.MkdirAll(filepath.Join(inPath, "rootfs", m.Destination), mode); err != nil {
-				return nil, errors.Wrap(err, "error preparing plugin mount destination path")
-			}
-		} else {
-			if err := os.MkdirAll(filepath.Join(inPath, "rootfs", filepath.Dir(m.Destination)), 0755); err != nil {
-				return nil, errors.Wrap(err, "error preparing plugin mount destination dir")
-			}
-			f, err := os.Create(filepath.Join(inPath, "rootfs", m.Destination))
-			if err != nil && !os.IsExist(err) {
-				return nil, errors.Wrap(err, "error preparing plugin mount destination file")
-			}
-			if f != nil {
-				f.Close()
-			}
-		}
-	}
-	if err := archive.NewDefaultArchiver().CopyFileWithTar(cfg.binPath, filepath.Join(inPath, "rootfs", p.Entrypoint[0])); err != nil {
-		return nil, errors.Wrap(err, "error copying plugin binary to rootfs path")
-	}
-	tar, err := archive.Tar(inPath, archive.Uncompressed)
-	return tar, errors.Wrap(err, "error making plugin archive")
-}
-
-func ensureBasicPluginBin() (string, error) {
-	name := "docker-basic-plugin"
-	p, err := exec.LookPath(name)
-	if err == nil {
-		return p, nil
-	}
-
-	goBin, err := exec.LookPath("go")
-	if err != nil {
-		return "", err
-	}
-	installPath := filepath.Join(os.Getenv("GOPATH"), "bin", name)
-	sourcePath := filepath.Join("github.com", "docker", "docker", "internal", "test", "fixtures", "plugin", "basic")
-	cmd := exec.Command(goBin, "build", "-o", installPath, sourcePath)
-	cmd.Env = append(cmd.Env, "GOPATH="+os.Getenv("GOPATH"), "CGO_ENABLED=0")
-	if out, err := cmd.CombinedOutput(); err != nil {
-		return "", errors.Wrapf(err, "error building basic plugin bin: %s", string(out))
-	}
-	return installPath, nil
-}
diff --git a/internal/test/helper.go b/internal/test/helper.go
deleted file mode 100644
index 1b9fd75090eb0..0000000000000
--- a/internal/test/helper.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package test
-
-// HelperT is a subset of testing.T that implements the Helper function
-type HelperT interface {
-	Helper()
-}
diff --git a/internal/test/registry/ops.go b/internal/test/registry/ops.go
deleted file mode 100644
index c004f37424fe5..0000000000000
--- a/internal/test/registry/ops.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package registry
-
-// Schema1 sets the registry to serve v1 api
-func Schema1(c *Config) {
-	c.schema1 = true
-}
-
-// Htpasswd sets the auth method with htpasswd
-func Htpasswd(c *Config) {
-	c.auth = "htpasswd"
-}
-
-// Token sets the auth method to token, with the specified token url
-func Token(tokenURL string) func(*Config) {
-	return func(c *Config) {
-		c.auth = "token"
-		c.tokenURL = tokenURL
-	}
-}
-
-// URL sets the registry url
-func URL(registryURL string) func(*Config) {
-	return func(c *Config) {
-		c.registryURL = registryURL
-	}
-}
diff --git a/internal/test/registry/registry.go b/internal/test/registry/registry.go
deleted file mode 100644
index b6128d3ba4d3c..0000000000000
--- a/internal/test/registry/registry.go
+++ /dev/null
@@ -1,255 +0,0 @@
-package registry // import "github.com/docker/docker/internal/test/registry"
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"time"
-
-	"github.com/docker/docker/internal/test"
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/assert"
-)
-
-const (
-	// V2binary is the name of the registry v2 binary
-	V2binary = "registry-v2"
-	// V2binarySchema1 is the name of the registry that serve schema1
-	V2binarySchema1 = "registry-v2-schema1"
-	// DefaultURL is the default url that will be used by the registry (if not specified otherwise)
-	DefaultURL = "127.0.0.1:5000"
-)
-
-type testingT interface {
-	assert.TestingT
-	logT
-	Fatal(...interface{})
-	Fatalf(string, ...interface{})
-}
-
-type logT interface {
-	Logf(string, ...interface{})
-}
-
-// V2 represent a registry version 2
-type V2 struct {
-	cmd         *exec.Cmd
-	registryURL string
-	dir         string
-	auth        string
-	username    string
-	password    string
-	email       string
-}
-
-// Config contains the test registry configuration
-type Config struct {
-	schema1     bool
-	auth        string
-	tokenURL    string
-	registryURL string
-}
-
-// NewV2 creates a v2 registry server
-func NewV2(t testingT, ops ...func(*Config)) *V2 {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	c := &Config{
-		registryURL: DefaultURL,
-	}
-	for _, op := range ops {
-		op(c)
-	}
-	tmp, err := ioutil.TempDir("", "registry-test-")
-	assert.NilError(t, err)
-	template := `version: 0.1
-loglevel: debug
-storage:
-    filesystem:
-        rootdirectory: %s
-http:
-    addr: %s
-%s`
-	var (
-		authTemplate string
-		username     string
-		password     string
-		email        string
-	)
-	switch c.auth {
-	case "htpasswd":
-		htpasswdPath := filepath.Join(tmp, "htpasswd")
-		// generated with: htpasswd -Bbn testuser testpassword
-		userpasswd := "testuser:$2y$05$sBsSqk0OpSD1uTZkHXc4FeJ0Z70wLQdAX/82UiHuQOKbNbBrzs63m"
-		username = "testuser"
-		password = "testpassword"
-		email = "test@test.org"
-		err := ioutil.WriteFile(htpasswdPath, []byte(userpasswd), os.FileMode(0644))
-		assert.NilError(t, err)
-		authTemplate = fmt.Sprintf(`auth:
-    htpasswd:
-        realm: basic-realm
-        path: %s
-`, htpasswdPath)
-	case "token":
-		authTemplate = fmt.Sprintf(`auth:
-    token:
-        realm: %s
-        service: "registry"
-        issuer: "auth-registry"
-        rootcertbundle: "fixtures/registry/cert.pem"
-`, c.tokenURL)
-	}
-
-	confPath := filepath.Join(tmp, "config.yaml")
-	config, err := os.Create(confPath)
-	assert.NilError(t, err)
-	defer config.Close()
-
-	if _, err := fmt.Fprintf(config, template, tmp, c.registryURL, authTemplate); err != nil {
-		// FIXME(vdemeester) use a defer/clean func
-		os.RemoveAll(tmp)
-		t.Fatal(err)
-	}
-
-	binary := V2binary
-	if c.schema1 {
-		binary = V2binarySchema1
-	}
-	cmd := exec.Command(binary, confPath)
-	if err := cmd.Start(); err != nil {
-		// FIXME(vdemeester) use a defer/clean func
-		os.RemoveAll(tmp)
-		t.Fatal(err)
-	}
-	return &V2{
-		cmd:         cmd,
-		dir:         tmp,
-		auth:        c.auth,
-		username:    username,
-		password:    password,
-		email:       email,
-		registryURL: c.registryURL,
-	}
-}
-
-// WaitReady waits for the registry to be ready to serve requests (or fail after a while)
-func (r *V2) WaitReady(t testingT) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	var err error
-	for i := 0; i != 50; i++ {
-		if err = r.Ping(); err == nil {
-			return
-		}
-		time.Sleep(100 * time.Millisecond)
-	}
-	t.Fatalf("timeout waiting for test registry to become available: %v", err)
-}
-
-// Ping sends an http request to the current registry, and fail if it doesn't respond correctly
-func (r *V2) Ping() error {
-	// We always ping through HTTP for our test registry.
-	resp, err := http.Get(fmt.Sprintf("http://%s/v2/", r.registryURL))
-	if err != nil {
-		return err
-	}
-	resp.Body.Close()
-
-	fail := resp.StatusCode != http.StatusOK
-	if r.auth != "" {
-		// unauthorized is a _good_ status when pinging v2/ and it needs auth
-		fail = fail && resp.StatusCode != http.StatusUnauthorized
-	}
-	if fail {
-		return fmt.Errorf("registry ping replied with an unexpected status code %d", resp.StatusCode)
-	}
-	return nil
-}
-
-// Close kills the registry server
-func (r *V2) Close() {
-	r.cmd.Process.Kill()
-	r.cmd.Process.Wait()
-	os.RemoveAll(r.dir)
-}
-
-func (r *V2) getBlobFilename(blobDigest digest.Digest) string {
-	// Split the digest into its algorithm and hex components.
-	dgstAlg, dgstHex := blobDigest.Algorithm(), blobDigest.Hex()
-
-	// The path to the target blob data looks something like:
-	//   baseDir + "docker/registry/v2/blobs/sha256/a3/a3ed...46d4/data"
-	return fmt.Sprintf("%s/docker/registry/v2/blobs/%s/%s/%s/data", r.dir, dgstAlg, dgstHex[:2], dgstHex)
-}
-
-// ReadBlobContents read the file corresponding to the specified digest
-func (r *V2) ReadBlobContents(t assert.TestingT, blobDigest digest.Digest) []byte {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	// Load the target manifest blob.
-	manifestBlob, err := ioutil.ReadFile(r.getBlobFilename(blobDigest))
-	assert.NilError(t, err, "unable to read blob")
-	return manifestBlob
-}
-
-// WriteBlobContents write the file corresponding to the specified digest with the given content
-func (r *V2) WriteBlobContents(t assert.TestingT, blobDigest digest.Digest, data []byte) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	err := ioutil.WriteFile(r.getBlobFilename(blobDigest), data, os.FileMode(0644))
-	assert.NilError(t, err, "unable to write malicious data blob")
-}
-
-// TempMoveBlobData moves the existing data file aside, so that we can replace it with a
-// malicious blob of data for example.
-func (r *V2) TempMoveBlobData(t testingT, blobDigest digest.Digest) (undo func()) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	tempFile, err := ioutil.TempFile("", "registry-temp-blob-")
-	assert.NilError(t, err, "unable to get temporary blob file")
-	tempFile.Close()
-
-	blobFilename := r.getBlobFilename(blobDigest)
-
-	// Move the existing data file aside, so that we can replace it with a
-	// another blob of data.
-	if err := os.Rename(blobFilename, tempFile.Name()); err != nil {
-		// FIXME(vdemeester) use a defer/clean func
-		os.Remove(tempFile.Name())
-		t.Fatalf("unable to move data blob: %s", err)
-	}
-
-	return func() {
-		os.Rename(tempFile.Name(), blobFilename)
-		os.Remove(tempFile.Name())
-	}
-}
-
-// Username returns the configured user name of the server
-func (r *V2) Username() string {
-	return r.username
-}
-
-// Password returns the configured password of the server
-func (r *V2) Password() string {
-	return r.password
-}
-
-// Email returns the configured email of the server
-func (r *V2) Email() string {
-	return r.email
-}
-
-// Path returns the path where the registry write data
-func (r *V2) Path() string {
-	return filepath.Join(r.dir, "docker", "registry", "v2")
-}
diff --git a/internal/test/request/ops.go b/internal/test/request/ops.go
deleted file mode 100644
index c85308c476068..0000000000000
--- a/internal/test/request/ops.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package request
-
-import (
-	"bytes"
-	"encoding/json"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"strings"
-)
-
-// Options defines request options, like request modifiers and which host to target
-type Options struct {
-	host             string
-	requestModifiers []func(*http.Request) error
-}
-
-// Host creates a modifier that sets the specified host as the request URL host
-func Host(host string) func(*Options) {
-	return func(o *Options) {
-		o.host = host
-	}
-}
-
-// With adds a request modifier to the options
-func With(f func(*http.Request) error) func(*Options) {
-	return func(o *Options) {
-		o.requestModifiers = append(o.requestModifiers, f)
-	}
-}
-
-// Method creates a modifier that sets the specified string as the request method
-func Method(method string) func(*Options) {
-	return With(func(req *http.Request) error {
-		req.Method = method
-		return nil
-	})
-}
-
-// RawString sets the specified string as body for the request
-func RawString(content string) func(*Options) {
-	return RawContent(ioutil.NopCloser(strings.NewReader(content)))
-}
-
-// RawContent sets the specified reader as body for the request
-func RawContent(reader io.ReadCloser) func(*Options) {
-	return With(func(req *http.Request) error {
-		req.Body = reader
-		return nil
-	})
-}
-
-// ContentType sets the specified Content-Type request header
-func ContentType(contentType string) func(*Options) {
-	return With(func(req *http.Request) error {
-		req.Header.Set("Content-Type", contentType)
-		return nil
-	})
-}
-
-// JSON sets the Content-Type request header to json
-func JSON(o *Options) {
-	ContentType("application/json")(o)
-}
-
-// JSONBody creates a modifier that encodes the specified data to a JSON string and set it as request body. It also sets
-// the Content-Type header of the request.
-func JSONBody(data interface{}) func(*Options) {
-	return With(func(req *http.Request) error {
-		jsonData := bytes.NewBuffer(nil)
-		if err := json.NewEncoder(jsonData).Encode(data); err != nil {
-			return err
-		}
-		req.Body = ioutil.NopCloser(jsonData)
-		req.Header.Set("Content-Type", "application/json")
-		return nil
-	})
-}
diff --git a/internal/test/suite/interfaces.go b/internal/test/suite/interfaces.go
new file mode 100644
index 0000000000000..263de86ab8cd7
--- /dev/null
+++ b/internal/test/suite/interfaces.go
@@ -0,0 +1,33 @@
+package suite
+
+import "testing"
+
+// SetupAllSuite has a SetupSuite method, which will run before the
+// tests in the suite are run.
+type SetupAllSuite interface {
+	SetUpSuite(t *testing.T)
+}
+
+// SetupTestSuite has a SetupTest method, which will run before each
+// test in the suite.
+type SetupTestSuite interface {
+	SetUpTest(t *testing.T)
+}
+
+// TearDownAllSuite has a TearDownSuite method, which will run after
+// all the tests in the suite have been run.
+type TearDownAllSuite interface {
+	TearDownSuite(t *testing.T)
+}
+
+// TearDownTestSuite has a TearDownTest method, which will run after
+// each test in the suite.
+type TearDownTestSuite interface {
+	TearDownTest(t *testing.T)
+}
+
+// TimeoutTestSuite has a OnTimeout method, which will run after
+// a single test times out after a period specified by -timeout flag.
+type TimeoutTestSuite interface {
+	OnTimeout()
+}
diff --git a/internal/test/suite/suite.go b/internal/test/suite/suite.go
new file mode 100644
index 0000000000000..edb6e40c1c779
--- /dev/null
+++ b/internal/test/suite/suite.go
@@ -0,0 +1,72 @@
+// Package suite is a simplified version of testify's suite package which has unnecessary dependencies.
+// Please remove this package whenever possible.
+package suite
+
+import (
+	"flag"
+	"reflect"
+	"runtime/debug"
+	"strings"
+	"testing"
+)
+
+// TimeoutFlag is the flag to set a per-test timeout when running tests. Defaults to `-timeout`.
+var TimeoutFlag = flag.Duration("timeout", 0, "DO NOT USE")
+
+var typTestingT = reflect.TypeOf(new(testing.T))
+
+// Run takes a testing suite and runs all of the tests attached to it.
+func Run(t *testing.T, suite interface{}) {
+	defer failOnPanic(t)
+
+	suiteSetupDone := false
+
+	defer func() {
+		if suiteSetupDone {
+			if tearDownAllSuite, ok := suite.(TearDownAllSuite); ok {
+				tearDownAllSuite.TearDownSuite(t)
+			}
+		}
+	}()
+
+	methodFinder := reflect.TypeOf(suite)
+	for index := 0; index < methodFinder.NumMethod(); index++ {
+		method := methodFinder.Method(index)
+		if !methodFilter(method.Name, method.Type) {
+			continue
+		}
+		t.Run(method.Name, func(t *testing.T) {
+			defer failOnPanic(t)
+
+			if !suiteSetupDone {
+				if setupAllSuite, ok := suite.(SetupAllSuite); ok {
+					setupAllSuite.SetUpSuite(t)
+				}
+				suiteSetupDone = true
+			}
+
+			if setupTestSuite, ok := suite.(SetupTestSuite); ok {
+				setupTestSuite.SetUpTest(t)
+			}
+			defer func() {
+				if tearDownTestSuite, ok := suite.(TearDownTestSuite); ok {
+					tearDownTestSuite.TearDownTest(t)
+				}
+			}()
+
+			method.Func.Call([]reflect.Value{reflect.ValueOf(suite), reflect.ValueOf(t)})
+		})
+	}
+}
+
+func failOnPanic(t *testing.T) {
+	r := recover()
+	if r != nil {
+		t.Errorf("test suite panicked: %v\n%s", r, debug.Stack())
+		t.FailNow()
+	}
+}
+
+func methodFilter(name string, typ reflect.Type) bool {
+	return strings.HasPrefix(name, "Test") && typ.NumIn() == 2 && typ.In(1) == typTestingT // 2 params: method receiver and *testing.T
+}
diff --git a/internal/test/suite/testify.LICENSE b/internal/test/suite/testify.LICENSE
new file mode 100644
index 0000000000000..f38ec5956b640
--- /dev/null
+++ b/internal/test/suite/testify.LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2012-2018 Mat Ryer and Tyler Bunnell
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/internal/testutil/helpers.go b/internal/testutil/helpers.go
deleted file mode 100644
index 38cd1693f5f2c..0000000000000
--- a/internal/testutil/helpers.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package testutil // import "github.com/docker/docker/internal/testutil"
-
-import (
-	"io"
-)
-
-// DevZero acts like /dev/zero but in an OS-independent fashion.
-var DevZero io.Reader = devZero{}
-
-type devZero struct{}
-
-func (d devZero) Read(p []byte) (n int, err error) {
-	for i := range p {
-		p[i] = 0
-	}
-	return len(p), nil
-}
diff --git a/internal/testutil/stringutils.go b/internal/testutil/stringutils.go
deleted file mode 100644
index 574aeb51f2a82..0000000000000
--- a/internal/testutil/stringutils.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package testutil // import "github.com/docker/docker/internal/testutil"
-
-import "math/rand"
-
-// GenerateRandomAlphaOnlyString generates an alphabetical random string with length n.
-func GenerateRandomAlphaOnlyString(n int) string {
-	// make a really long string
-	letters := []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
-	b := make([]byte, n)
-	for i := range b {
-		b[i] = letters[rand.Intn(len(letters))]
-	}
-	return string(b)
-}
diff --git a/layer/empty.go b/layer/empty.go
index c81c702140280..46fc571255bd2 100644
--- a/layer/empty.go
+++ b/layer/empty.go
@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"io/ioutil"
 )
 
 // DigestSHA256EmptyTar is the canonical sha256 digest of empty tar file -
@@ -21,7 +20,7 @@ func (el *emptyLayer) TarStream() (io.ReadCloser, error) {
 	buf := new(bytes.Buffer)
 	tarWriter := tar.NewWriter(buf)
 	tarWriter.Close()
-	return ioutil.NopCloser(buf), nil
+	return io.NopCloser(buf), nil
 }
 
 func (el *emptyLayer) TarStreamFrom(p ChainID) (io.ReadCloser, error) {
diff --git a/layer/empty_test.go b/layer/empty_test.go
index ec9fbc1a3c352..d4671a1b07e1b 100644
--- a/layer/empty_test.go
+++ b/layer/empty_test.go
@@ -4,7 +4,7 @@ import (
 	"io"
 	"testing"
 
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 )
 
 func TestEmptyLayer(t *testing.T) {
diff --git a/layer/filestore.go b/layer/filestore.go
index 208a0c3a859a4..37bc41d514255 100644
--- a/layer/filestore.go
+++ b/layer/filestore.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -14,7 +13,7 @@ import (
 
 	"github.com/docker/distribution"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -143,7 +142,7 @@ func (fm *fileMetadataTransaction) String() string {
 }
 
 func (fms *fileMetadataStore) GetSize(layer ChainID) (int64, error) {
-	content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "size"))
+	content, err := os.ReadFile(fms.getLayerFilename(layer, "size"))
 	if err != nil {
 		return 0, err
 	}
@@ -157,7 +156,7 @@ func (fms *fileMetadataStore) GetSize(layer ChainID) (int64, error) {
 }
 
 func (fms *fileMetadataStore) GetParent(layer ChainID) (ChainID, error) {
-	content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "parent"))
+	content, err := os.ReadFile(fms.getLayerFilename(layer, "parent"))
 	if err != nil {
 		if os.IsNotExist(err) {
 			return "", nil
@@ -174,7 +173,7 @@ func (fms *fileMetadataStore) GetParent(layer ChainID) (ChainID, error) {
 }
 
 func (fms *fileMetadataStore) GetDiffID(layer ChainID) (DiffID, error) {
-	content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "diff"))
+	content, err := os.ReadFile(fms.getLayerFilename(layer, "diff"))
 	if err != nil {
 		return "", err
 	}
@@ -188,7 +187,7 @@ func (fms *fileMetadataStore) GetDiffID(layer ChainID) (DiffID, error) {
 }
 
 func (fms *fileMetadataStore) GetCacheID(layer ChainID) (string, error) {
-	contentBytes, err := ioutil.ReadFile(fms.getLayerFilename(layer, "cache-id"))
+	contentBytes, err := os.ReadFile(fms.getLayerFilename(layer, "cache-id"))
 	if err != nil {
 		return "", err
 	}
@@ -202,7 +201,7 @@ func (fms *fileMetadataStore) GetCacheID(layer ChainID) (string, error) {
 }
 
 func (fms *fileMetadataStore) GetDescriptor(layer ChainID) (distribution.Descriptor, error) {
-	content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "descriptor.json"))
+	content, err := os.ReadFile(fms.getLayerFilename(layer, "descriptor.json"))
 	if err != nil {
 		if os.IsNotExist(err) {
 			// only return empty descriptor to represent what is stored
@@ -240,25 +239,25 @@ func (fms *fileMetadataStore) SetMountID(mount string, mountID string) error {
 	if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil {
 		return err
 	}
-	return ioutil.WriteFile(fms.getMountFilename(mount, "mount-id"), []byte(mountID), 0644)
+	return os.WriteFile(fms.getMountFilename(mount, "mount-id"), []byte(mountID), 0644)
 }
 
 func (fms *fileMetadataStore) SetInitID(mount string, init string) error {
 	if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil {
 		return err
 	}
-	return ioutil.WriteFile(fms.getMountFilename(mount, "init-id"), []byte(init), 0644)
+	return os.WriteFile(fms.getMountFilename(mount, "init-id"), []byte(init), 0644)
 }
 
 func (fms *fileMetadataStore) SetMountParent(mount string, parent ChainID) error {
 	if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil {
 		return err
 	}
-	return ioutil.WriteFile(fms.getMountFilename(mount, "parent"), []byte(digest.Digest(parent).String()), 0644)
+	return os.WriteFile(fms.getMountFilename(mount, "parent"), []byte(digest.Digest(parent).String()), 0644)
 }
 
 func (fms *fileMetadataStore) GetMountID(mount string) (string, error) {
-	contentBytes, err := ioutil.ReadFile(fms.getMountFilename(mount, "mount-id"))
+	contentBytes, err := os.ReadFile(fms.getMountFilename(mount, "mount-id"))
 	if err != nil {
 		return "", err
 	}
@@ -272,7 +271,7 @@ func (fms *fileMetadataStore) GetMountID(mount string) (string, error) {
 }
 
 func (fms *fileMetadataStore) GetInitID(mount string) (string, error) {
-	contentBytes, err := ioutil.ReadFile(fms.getMountFilename(mount, "init-id"))
+	contentBytes, err := os.ReadFile(fms.getMountFilename(mount, "init-id"))
 	if err != nil {
 		if os.IsNotExist(err) {
 			return "", nil
@@ -289,7 +288,7 @@ func (fms *fileMetadataStore) GetInitID(mount string) (string, error) {
 }
 
 func (fms *fileMetadataStore) GetMountParent(mount string) (ChainID, error) {
-	content, err := ioutil.ReadFile(fms.getMountFilename(mount, "parent"))
+	content, err := os.ReadFile(fms.getMountFilename(mount, "parent"))
 	if err != nil {
 		if os.IsNotExist(err) {
 			return "", nil
@@ -305,10 +304,59 @@ func (fms *fileMetadataStore) GetMountParent(mount string) (ChainID, error) {
 	return ChainID(dgst), nil
 }
 
+func (fms *fileMetadataStore) getOrphan() ([]roLayer, error) {
+	var orphanLayers []roLayer
+	for _, algorithm := range supportedAlgorithms {
+		fileInfos, err := os.ReadDir(filepath.Join(fms.root, string(algorithm)))
+		if err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, err
+		}
+
+		for _, fi := range fileInfos {
+			if !fi.IsDir() || !strings.HasSuffix(fi.Name(), "-removing") {
+				continue
+			}
+			// At this stage, fi.Name value looks like <digest>-<random>-removing
+			// Split on '-' to get the digest value.
+			nameSplit := strings.Split(fi.Name(), "-")
+			dgst := digest.NewDigestFromEncoded(algorithm, nameSplit[0])
+			if err := dgst.Validate(); err != nil {
+				logrus.WithError(err).WithField("digest", string(algorithm)+":"+nameSplit[0]).Debug("ignoring invalid digest")
+				continue
+			}
+
+			chainFile := filepath.Join(fms.root, string(algorithm), fi.Name(), "cache-id")
+			contentBytes, err := os.ReadFile(chainFile)
+			if err != nil {
+				if !os.IsNotExist(err) {
+					logrus.WithError(err).WithField("digest", dgst).Error("failed to read cache ID")
+				}
+				continue
+			}
+			cacheID := strings.TrimSpace(string(contentBytes))
+			if cacheID == "" {
+				logrus.Error("invalid cache ID")
+				continue
+			}
+
+			l := &roLayer{
+				chainID: ChainID(dgst),
+				cacheID: cacheID,
+			}
+			orphanLayers = append(orphanLayers, *l)
+		}
+	}
+
+	return orphanLayers, nil
+}
+
 func (fms *fileMetadataStore) List() ([]ChainID, []string, error) {
 	var ids []ChainID
 	for _, algorithm := range supportedAlgorithms {
-		fileInfos, err := ioutil.ReadDir(filepath.Join(fms.root, string(algorithm)))
+		fileInfos, err := os.ReadDir(filepath.Join(fms.root, string(algorithm)))
 		if err != nil {
 			if os.IsNotExist(err) {
 				continue
@@ -328,7 +376,7 @@ func (fms *fileMetadataStore) List() ([]ChainID, []string, error) {
 		}
 	}
 
-	fileInfos, err := ioutil.ReadDir(filepath.Join(fms.root, "mounts"))
+	fileInfos, err := os.ReadDir(filepath.Join(fms.root, "mounts"))
 	if err != nil {
 		if os.IsNotExist(err) {
 			return ids, []string{}, nil
@@ -346,8 +394,39 @@ func (fms *fileMetadataStore) List() ([]ChainID, []string, error) {
 	return ids, mounts, nil
 }
 
-func (fms *fileMetadataStore) Remove(layer ChainID) error {
-	return os.RemoveAll(fms.getLayerDirectory(layer))
+// Remove layerdb folder if that is marked for removal
+func (fms *fileMetadataStore) Remove(layer ChainID, cache string) error {
+	dgst := digest.Digest(layer)
+	files, err := os.ReadDir(filepath.Join(fms.root, string(dgst.Algorithm())))
+	if err != nil {
+		return err
+	}
+	for _, f := range files {
+		if !strings.HasSuffix(f.Name(), "-removing") || !strings.HasPrefix(f.Name(), dgst.Encoded()) {
+			continue
+		}
+
+		// Make sure that we only remove layerdb folder which points to
+		// requested cacheID
+		dir := filepath.Join(fms.root, string(dgst.Algorithm()), f.Name())
+		chainFile := filepath.Join(dir, "cache-id")
+		contentBytes, err := os.ReadFile(chainFile)
+		if err != nil {
+			logrus.WithError(err).WithField("file", chainFile).Error("cannot get cache ID")
+			continue
+		}
+		cacheID := strings.TrimSpace(string(contentBytes))
+		if cacheID != cache {
+			continue
+		}
+		logrus.Debugf("Removing folder: %s", dir)
+		err = os.RemoveAll(dir)
+		if err != nil && !os.IsNotExist(err) {
+			logrus.WithError(err).WithField("name", f.Name()).Error("cannot remove layer")
+			continue
+		}
+	}
+	return nil
 }
 
 func (fms *fileMetadataStore) RemoveMount(mount string) error {
diff --git a/layer/filestore_test.go b/layer/filestore_test.go
index 498379e37fe2e..926260aca0221 100644
--- a/layer/filestore_test.go
+++ b/layer/filestore_test.go
@@ -2,7 +2,6 @@ package layer // import "github.com/docker/docker/layer"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"math/rand"
 	"os"
 	"path/filepath"
@@ -10,7 +9,8 @@ import (
 	"syscall"
 	"testing"
 
-	"github.com/opencontainers/go-digest"
+	"github.com/docker/docker/pkg/stringid"
+	digest "github.com/opencontainers/go-digest"
 )
 
 func randomLayerID(seed int64) ChainID {
@@ -20,7 +20,7 @@ func randomLayerID(seed int64) ChainID {
 }
 
 func newFileMetadataStore(t *testing.T) (*fileMetadataStore, string, func()) {
-	td, err := ioutil.TempDir("", "layers-")
+	td, err := os.MkdirTemp("", "layers-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -51,7 +51,7 @@ func TestCommitFailure(t *testing.T) {
 	fms, td, cleanup := newFileMetadataStore(t)
 	defer cleanup()
 
-	if err := ioutil.WriteFile(filepath.Join(td, "sha256"), []byte("was here first!"), 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(td, "sha256"), []byte("was here first!"), 0644); err != nil {
 		t.Fatal(err)
 	}
 
@@ -75,7 +75,7 @@ func TestStartTransactionFailure(t *testing.T) {
 	fms, td, cleanup := newFileMetadataStore(t)
 	defer cleanup()
 
-	if err := ioutil.WriteFile(filepath.Join(td, "tmp"), []byte("was here first!"), 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(td, "tmp"), []byte("was here first!"), 0644); err != nil {
 		t.Fatal(err)
 	}
 
@@ -102,3 +102,50 @@ func TestStartTransactionFailure(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestGetOrphan(t *testing.T) {
+	fms, td, cleanup := newFileMetadataStore(t)
+	defer cleanup()
+
+	layerRoot := filepath.Join(td, "sha256")
+	if err := os.MkdirAll(layerRoot, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	tx, err := fms.StartTransaction()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layerid := randomLayerID(5)
+	err = tx.Commit(layerid)
+	if err != nil {
+		t.Fatal(err)
+	}
+	layerPath := fms.getLayerDirectory(layerid)
+	if err := os.WriteFile(filepath.Join(layerPath, "cache-id"), []byte(stringid.GenerateRandomID()), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	orphanLayers, err := fms.getOrphan()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(orphanLayers) != 0 {
+		t.Fatalf("Expected to have zero orphan layers")
+	}
+
+	layeridSplit := strings.Split(layerid.String(), ":")
+	newPath := filepath.Join(layerRoot, fmt.Sprintf("%s-%s-removing", layeridSplit[1], stringid.GenerateRandomID()))
+	err = os.Rename(layerPath, newPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	orphanLayers, err = fms.getOrphan()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(orphanLayers) != 1 {
+		t.Fatalf("Expected to have one orphan layer")
+	}
+}
diff --git a/layer/filestore_unix.go b/layer/filestore_unix.go
index 68e7f90779a09..88a2a85595c30 100644
--- a/layer/filestore_unix.go
+++ b/layer/filestore_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package layer // import "github.com/docker/docker/layer"
diff --git a/layer/filestore_windows.go b/layer/filestore_windows.go
index cecad426c8ba9..325d68b63cfb4 100644
--- a/layer/filestore_windows.go
+++ b/layer/filestore_windows.go
@@ -2,7 +2,6 @@ package layer // import "github.com/docker/docker/layer"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"strings"
 )
@@ -17,7 +16,7 @@ func (fm *fileMetadataTransaction) setOS(os string) error {
 
 // getOS reads the "os" file from the layer filestore
 func (fms *fileMetadataStore) getOS(layer ChainID) (string, error) {
-	contentBytes, err := ioutil.ReadFile(fms.getLayerFilename(layer, "os"))
+	contentBytes, err := os.ReadFile(fms.getLayerFilename(layer, "os"))
 	if err != nil {
 		// For backwards compatibility, the os file may not exist. Default to "windows" if missing.
 		if os.IsNotExist(err) {
diff --git a/layer/layer.go b/layer/layer.go
index d0c7fa8608372..e7e3619ddd31c 100644
--- a/layer/layer.go
+++ b/layer/layer.go
@@ -16,7 +16,7 @@ import (
 	"github.com/docker/distribution"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/containerfs"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
 )
 
@@ -126,7 +126,7 @@ type RWLayer interface {
 	Parent() Layer
 
 	// Mount mounts the RWLayer and returns the filesystem path
-	// the to the writable layer.
+	// to the writable layer.
 	Mount(mountLabel string) (containerfs.ContainerFS, error)
 
 	// Unmount unmounts the RWLayer. This should be called
@@ -145,6 +145,9 @@ type RWLayer interface {
 
 	// Metadata returns the low level metadata for the mutable layer
 	Metadata() (map[string]string, error)
+
+	// ApplyDiff applies the diff to the RW layer
+	ApplyDiff(diff io.Reader) (int64, error)
 }
 
 // Metadata holds information about a
diff --git a/layer/layer_store.go b/layer/layer_store.go
index bc3e8719fc5bc..5520899b8d231 100644
--- a/layer/layer_store.go
+++ b/layer/layer_store.go
@@ -4,7 +4,8 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
+	"os"
+	"path/filepath"
 	"sync"
 
 	"github.com/docker/distribution"
@@ -13,7 +14,8 @@ import (
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/system"
-	"github.com/opencontainers/go-digest"
+	"github.com/moby/locker"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
 	"github.com/vbatts/tar-split/tar/asm"
 	"github.com/vbatts/tar-split/tar/storage"
@@ -36,7 +38,11 @@ type layerStore struct {
 
 	mounts map[string]*mountedLayer
 	mountL sync.Mutex
-	os     string
+
+	// protect *RWLayer() methods from operating on the same name/id
+	locker *locker.Locker
+
+	os string
 }
 
 // StoreOptions are the options used to create a new Store instance
@@ -92,6 +98,7 @@ func newStoreFromGraphDriver(root string, driver graphdriver.Driver, os string)
 		driver:      driver,
 		layerMap:    map[ChainID]*roLayer{},
 		mounts:      map[string]*mountedLayer{},
+		locker:      locker.New(),
 		useTarSplit: !caps.ReproducesExactDiffs,
 		os:          os,
 	}
@@ -189,6 +196,8 @@ func (ls *layerStore) loadLayer(layer ChainID) (*roLayer, error) {
 }
 
 func (ls *layerStore) loadMount(mount string) error {
+	ls.mountL.Lock()
+	defer ls.mountL.Unlock()
 	if _, ok := ls.mounts[mount]; ok {
 		return nil
 	}
@@ -253,13 +262,14 @@ func (ls *layerStore) applyTar(tx *fileMetadataTransaction, ts io.Reader, parent
 	}
 
 	applySize, err := ls.driver.ApplyDiff(layer.cacheID, parent, rdr)
+	// discard trailing data but ensure metadata is picked up to reconstruct stream
+	// unconditionally call io.Copy here before checking err to ensure the resources
+	// allocated by NewInputTarStream above are always released
+	io.Copy(io.Discard, rdr) // ignore error as reader may be closed
 	if err != nil {
 		return err
 	}
 
-	// Discard trailing data but ensure metadata is picked up to reconstruct stream
-	io.Copy(ioutil.Discard, rdr) // ignore error as reader may be closed
-
 	layer.size = applySize
 	layer.diffID = DiffID(digester.Digest())
 
@@ -406,11 +416,24 @@ func (ls *layerStore) Map() map[ChainID]Layer {
 }
 
 func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
+	// Rename layer digest folder first so we detect orphan layer(s)
+	// if ls.driver.Remove fails
+	var dir string
+	for {
+		dgst := digest.Digest(layer.chainID)
+		tmpID := fmt.Sprintf("%s-%s-removing", dgst.Hex(), stringid.GenerateRandomID())
+		dir = filepath.Join(ls.store.root, string(dgst.Algorithm()), tmpID)
+		err := os.Rename(ls.store.getLayerDirectory(layer.chainID), dir)
+		if os.IsExist(err) {
+			continue
+		}
+		break
+	}
 	err := ls.driver.Remove(layer.cacheID)
 	if err != nil {
 		return err
 	}
-	err = ls.store.Remove(layer.chainID)
+	err = os.RemoveAll(dir)
 	if err != nil {
 		return err
 	}
@@ -443,12 +466,14 @@ func (ls *layerStore) releaseLayer(l *roLayer) ([]Metadata, error) {
 		if l.hasReferences() {
 			panic("cannot delete referenced layer")
 		}
+		// Remove layer from layer map first so it is not considered to exist
+		// when if ls.deleteLayer fails.
+		delete(ls.layerMap, l.chainID)
+
 		var metadata Metadata
 		if err := ls.deleteLayer(l, &metadata); err != nil {
 			return nil, err
 		}
-
-		delete(ls.layerMap, l.chainID)
 		removed = append(removed, metadata)
 
 		if l.parent == nil {
@@ -476,7 +501,7 @@ func (ls *layerStore) Release(l Layer) ([]Metadata, error) {
 	return ls.releaseLayer(layer)
 }
 
-func (ls *layerStore) CreateRWLayer(name string, parent ChainID, opts *CreateRWLayerOpts) (RWLayer, error) {
+func (ls *layerStore) CreateRWLayer(name string, parent ChainID, opts *CreateRWLayerOpts) (_ RWLayer, err error) {
 	var (
 		storageOpt map[string]string
 		initFunc   MountInit
@@ -489,14 +514,16 @@ func (ls *layerStore) CreateRWLayer(name string, parent ChainID, opts *CreateRWL
 		initFunc = opts.InitFunc
 	}
 
+	ls.locker.Lock(name)
+	defer ls.locker.Unlock(name)
+
 	ls.mountL.Lock()
-	defer ls.mountL.Unlock()
-	m, ok := ls.mounts[name]
+	_, ok := ls.mounts[name]
+	ls.mountL.Unlock()
 	if ok {
 		return nil, ErrMountNameConflict
 	}
 
-	var err error
 	var pid string
 	var p *roLayer
 	if string(parent) != "" {
@@ -516,7 +543,7 @@ func (ls *layerStore) CreateRWLayer(name string, parent ChainID, opts *CreateRWL
 		}()
 	}
 
-	m = &mountedLayer{
+	m := &mountedLayer{
 		name:       name,
 		parent:     p,
 		mountID:    ls.mountID(name),
@@ -527,7 +554,7 @@ func (ls *layerStore) CreateRWLayer(name string, parent ChainID, opts *CreateRWL
 	if initFunc != nil {
 		pid, err = ls.initMount(m.mountID, pid, mountLabel, initFunc, storageOpt)
 		if err != nil {
-			return nil, err
+			return
 		}
 		m.initID = pid
 	}
@@ -537,20 +564,23 @@ func (ls *layerStore) CreateRWLayer(name string, parent ChainID, opts *CreateRWL
 	}
 
 	if err = ls.driver.CreateReadWrite(m.mountID, pid, createOpts); err != nil {
-		return nil, err
+		return
 	}
 	if err = ls.saveMount(m); err != nil {
-		return nil, err
+		return
 	}
 
 	return m.getReference(), nil
 }
 
 func (ls *layerStore) GetRWLayer(id string) (RWLayer, error) {
+	ls.locker.Lock(id)
+	defer ls.locker.Unlock(id)
+
 	ls.mountL.Lock()
-	defer ls.mountL.Unlock()
-	mount, ok := ls.mounts[id]
-	if !ok {
+	mount := ls.mounts[id]
+	ls.mountL.Unlock()
+	if mount == nil {
 		return nil, ErrMountDoesNotExist
 	}
 
@@ -559,9 +589,10 @@ func (ls *layerStore) GetRWLayer(id string) (RWLayer, error) {
 
 func (ls *layerStore) GetMountID(id string) (string, error) {
 	ls.mountL.Lock()
-	defer ls.mountL.Unlock()
-	mount, ok := ls.mounts[id]
-	if !ok {
+	mount := ls.mounts[id]
+	ls.mountL.Unlock()
+
+	if mount == nil {
 		return "", ErrMountDoesNotExist
 	}
 	logrus.Debugf("GetMountID id: %s -> mountID: %s", id, mount.mountID)
@@ -570,10 +601,14 @@ func (ls *layerStore) GetMountID(id string) (string, error) {
 }
 
 func (ls *layerStore) ReleaseRWLayer(l RWLayer) ([]Metadata, error) {
+	name := l.Name()
+	ls.locker.Lock(name)
+	defer ls.locker.Unlock(name)
+
 	ls.mountL.Lock()
-	defer ls.mountL.Unlock()
-	m, ok := ls.mounts[l.Name()]
-	if !ok {
+	m := ls.mounts[name]
+	ls.mountL.Unlock()
+	if m == nil {
 		return []Metadata{}, nil
 	}
 
@@ -605,7 +640,9 @@ func (ls *layerStore) ReleaseRWLayer(l RWLayer) ([]Metadata, error) {
 		return nil, err
 	}
 
-	delete(ls.mounts, m.Name())
+	ls.mountL.Lock()
+	delete(ls.mounts, name)
+	ls.mountL.Unlock()
 
 	ls.layerL.Lock()
 	defer ls.layerL.Unlock()
@@ -633,7 +670,9 @@ func (ls *layerStore) saveMount(mount *mountedLayer) error {
 		}
 	}
 
+	ls.mountL.Lock()
 	ls.mounts[mount.name] = mount
+	ls.mountL.Unlock()
 
 	return nil
 }
@@ -720,6 +759,23 @@ func (ls *layerStore) assembleTarTo(graphID string, metadata io.ReadCloser, size
 }
 
 func (ls *layerStore) Cleanup() error {
+	orphanLayers, err := ls.store.getOrphan()
+	if err != nil {
+		logrus.Errorf("Cannot get orphan layers: %v", err)
+	}
+	logrus.Debugf("found %v orphan layers", len(orphanLayers))
+	for _, orphan := range orphanLayers {
+		logrus.Debugf("removing orphan layer, chain ID: %v , cache ID: %v", orphan.chainID, orphan.cacheID)
+		err = ls.driver.Remove(orphan.cacheID)
+		if err != nil && !os.IsNotExist(err) {
+			logrus.WithError(err).WithField("cache-id", orphan.cacheID).Error("cannot remove orphan layer")
+			continue
+		}
+		err = ls.store.Remove(orphan.chainID, orphan.cacheID)
+		if err != nil {
+			logrus.WithError(err).WithField("chain-id", orphan.chainID).Error("cannot remove orphan layer metadata")
+		}
+	}
 	return ls.driver.Cleanup()
 }
 
diff --git a/layer/layer_test.go b/layer/layer_test.go
index 5c4e8fab190ad..4a4bcfb90e9ce 100644
--- a/layer/layer_test.go
+++ b/layer/layer_test.go
@@ -3,7 +3,6 @@ package layer // import "github.com/docker/docker/layer"
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -17,7 +16,7 @@ import (
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 )
 
 func init() {
@@ -47,7 +46,7 @@ func newVFSGraphDriver(td string) (graphdriver.Driver, error) {
 }
 
 func newTestGraphDriver(t *testing.T) (graphdriver.Driver, func()) {
-	td, err := ioutil.TempDir("", "graph-")
+	td, err := os.MkdirTemp("", "graph-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -63,7 +62,7 @@ func newTestGraphDriver(t *testing.T) (graphdriver.Driver, func()) {
 }
 
 func newTestStore(t *testing.T) (Store, string, func()) {
-	td, err := ioutil.TempDir("", "layerstore-")
+	td, err := os.MkdirTemp("", "layerstore-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -171,10 +170,6 @@ func getCachedLayer(l Layer) *roLayer {
 	return l.(*roLayer)
 }
 
-func getMountLayer(l RWLayer) *mountedLayer {
-	return l.(*referencedRWLayer).mountedLayer
-}
-
 func createMetadata(layers ...Layer) []Metadata {
 	metadata := make([]Metadata, len(layers))
 	for i := range layers {
@@ -559,7 +554,7 @@ func assertLayerDiff(t *testing.T, expected []byte, layer Layer) {
 	}
 	defer ts.Close()
 
-	actual, err := ioutil.ReadAll(ts)
+	actual, err := io.ReadAll(ts)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -607,7 +602,7 @@ func byteDiff(b1, b2 []byte) ([]byte, []byte) {
 }
 
 func tarFromFiles(files ...FileApplier) ([]byte, error) {
-	td, err := ioutil.TempDir("", "tar-")
+	td, err := os.MkdirTemp("", "tar-")
 	if err != nil {
 		return nil, err
 	}
@@ -758,7 +753,7 @@ func TestTarStreamVerification(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = io.Copy(ioutil.Discard, ts)
+	_, err = io.Copy(io.Discard, ts)
 	if err == nil {
 		t.Fatal("expected data verification to fail")
 	}
diff --git a/layer/layer_unix.go b/layer/layer_unix.go
index 002c7ff838b91..24cb88009220c 100644
--- a/layer/layer_unix.go
+++ b/layer/layer_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd || darwin || openbsd
 // +build linux freebsd darwin openbsd
 
 package layer // import "github.com/docker/docker/layer"
diff --git a/layer/layer_unix_test.go b/layer/layer_unix_test.go
index 68301581311ce..c3e4bdaf6bf0d 100644
--- a/layer/layer_unix_test.go
+++ b/layer/layer_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package layer // import "github.com/docker/docker/layer"
diff --git a/layer/layer_windows.go b/layer/layer_windows.go
index 25ef26afc1f7c..3d079a9af6222 100644
--- a/layer/layer_windows.go
+++ b/layer/layer_windows.go
@@ -7,7 +7,7 @@ import (
 // Getter is an interface to get the path to a layer on the host.
 type Getter interface {
 	// GetLayerPath gets the path for the layer. This is different from Get()
-	// since that returns an interface to account for umountable layers.
+	// since that returns an interface to account for unmountable layers.
 	GetLayerPath(id string) (string, error)
 }
 
diff --git a/layer/migration.go b/layer/migration.go
index 2668ea96bb863..80f0ff7ff4677 100644
--- a/layer/migration.go
+++ b/layer/migration.go
@@ -3,78 +3,18 @@ package layer // import "github.com/docker/docker/layer"
 import (
 	"compress/gzip"
 	"errors"
-	"fmt"
 	"io"
 	"os"
 
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
 	"github.com/vbatts/tar-split/tar/asm"
 	"github.com/vbatts/tar-split/tar/storage"
 )
 
-// CreateRWLayerByGraphID creates a RWLayer in the layer store using
-// the provided name with the given graphID. To get the RWLayer
-// after migration the layer may be retrieved by the given name.
-func (ls *layerStore) CreateRWLayerByGraphID(name, graphID string, parent ChainID) (err error) {
-	ls.mountL.Lock()
-	defer ls.mountL.Unlock()
-	m, ok := ls.mounts[name]
-	if ok {
-		if m.parent.chainID != parent {
-			return errors.New("name conflict, mismatched parent")
-		}
-		if m.mountID != graphID {
-			return errors.New("mount already exists")
-		}
-
-		return nil
-	}
-
-	if !ls.driver.Exists(graphID) {
-		return fmt.Errorf("graph ID does not exist: %q", graphID)
-	}
-
-	var p *roLayer
-	if string(parent) != "" {
-		p = ls.get(parent)
-		if p == nil {
-			return ErrLayerDoesNotExist
-		}
-
-		// Release parent chain if error
-		defer func() {
-			if err != nil {
-				ls.layerL.Lock()
-				ls.releaseLayer(p)
-				ls.layerL.Unlock()
-			}
-		}()
-	}
-
-	// TODO: Ensure graphID has correct parent
-
-	m = &mountedLayer{
-		name:       name,
-		parent:     p,
-		mountID:    graphID,
-		layerStore: ls,
-		references: map[RWLayer]*referencedRWLayer{},
-	}
-
-	// Check for existing init layer
-	initID := fmt.Sprintf("%s-init", graphID)
-	if ls.driver.Exists(initID) {
-		m.initID = initID
-	}
-
-	return ls.saveMount(m)
-}
-
 func (ls *layerStore) ChecksumForGraphID(id, parent, oldTarDataPath, newTarDataPath string) (diffID DiffID, size int64, err error) {
 	defer func() {
 		if err != nil {
-			logrus.Debugf("could not get checksum for %q with tar-split: %q", id, err)
 			diffID, size, err = ls.checksumForGraphIDNoTarsplit(id, parent, newTarDataPath)
 		}
 	}()
diff --git a/layer/migration_test.go b/layer/migration_test.go
index 923166371cf78..374d8cdcdc2ed 100644
--- a/layer/migration_test.go
+++ b/layer/migration_test.go
@@ -3,16 +3,13 @@ package layer // import "github.com/docker/docker/layer"
 import (
 	"bytes"
 	"compress/gzip"
-	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
 	"testing"
 
 	"github.com/docker/docker/daemon/graphdriver"
-	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/vbatts/tar-split/tar/asm"
 	"github.com/vbatts/tar-split/tar/storage"
@@ -35,7 +32,7 @@ func writeTarSplitFile(name string, tarContent []byte) error {
 		return err
 	}
 
-	if _, err := io.Copy(ioutil.Discard, rdr); err != nil {
+	if _, err := io.Copy(io.Discard, rdr); err != nil {
 		return err
 	}
 
@@ -47,7 +44,7 @@ func TestLayerMigration(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		t.Skip("Failing on Windows")
 	}
-	td, err := ioutil.TempDir("", "migration-test-")
+	td, err := os.MkdirTemp("", "migration-test-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -175,7 +172,7 @@ func tarFromFilesInGraph(graph graphdriver.Driver, graphID, parentID string, fil
 	}
 	defer ar.Close()
 
-	return ioutil.ReadAll(ar)
+	return io.ReadAll(ar)
 }
 
 func TestLayerMigrationNoTarsplit(t *testing.T) {
@@ -183,7 +180,7 @@ func TestLayerMigrationNoTarsplit(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		t.Skip("Failing on Windows")
 	}
-	td, err := ioutil.TempDir("", "migration-test-")
+	td, err := os.MkdirTemp("", "migration-test-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -269,161 +266,3 @@ func TestLayerMigrationNoTarsplit(t *testing.T) {
 
 	assertMetadata(t, metadata, createMetadata(layer2a))
 }
-
-func TestMountMigration(t *testing.T) {
-	// TODO Windows: Figure out why this is failing (obvious - paths... needs porting)
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
-	}
-	ls, _, cleanup := newTestStore(t)
-	defer cleanup()
-
-	baseFiles := []FileApplier{
-		newTestFile("/root/.bashrc", []byte("# Boring configuration"), 0644),
-		newTestFile("/etc/profile", []byte("# Base configuration"), 0644),
-	}
-	initFiles := []FileApplier{
-		newTestFile("/etc/hosts", []byte{}, 0644),
-		newTestFile("/etc/resolv.conf", []byte{}, 0644),
-	}
-	mountFiles := []FileApplier{
-		newTestFile("/etc/hosts", []byte("localhost 127.0.0.1"), 0644),
-		newTestFile("/root/.bashrc", []byte("# Updated configuration"), 0644),
-		newTestFile("/root/testfile1.txt", []byte("nothing valuable"), 0644),
-	}
-
-	initTar, err := tarFromFiles(initFiles...)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	mountTar, err := tarFromFiles(mountFiles...)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	graph := ls.(*layerStore).driver
-
-	layer1, err := createLayer(ls, "", initWithFiles(baseFiles...))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	graphID1 := layer1.(*referencedCacheLayer).cacheID
-
-	containerID := stringid.GenerateRandomID()
-	containerInit := fmt.Sprintf("%s-init", containerID)
-
-	if err := graph.Create(containerInit, graphID1, nil); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := graph.ApplyDiff(containerInit, graphID1, bytes.NewReader(initTar)); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := graph.Create(containerID, containerInit, nil); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := graph.ApplyDiff(containerID, containerInit, bytes.NewReader(mountTar)); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := ls.(*layerStore).CreateRWLayerByGraphID("migration-mount", containerID, layer1.ChainID()); err != nil {
-		t.Fatal(err)
-	}
-
-	rwLayer1, err := ls.GetRWLayer("migration-mount")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := rwLayer1.Mount(""); err != nil {
-		t.Fatal(err)
-	}
-
-	changes, err := rwLayer1.Changes()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if expected := 5; len(changes) != expected {
-		t.Logf("Changes %#v", changes)
-		t.Fatalf("Wrong number of changes %d, expected %d", len(changes), expected)
-	}
-
-	sortChanges(changes)
-
-	assertChange(t, changes[0], archive.Change{
-		Path: "/etc",
-		Kind: archive.ChangeModify,
-	})
-	assertChange(t, changes[1], archive.Change{
-		Path: "/etc/hosts",
-		Kind: archive.ChangeModify,
-	})
-	assertChange(t, changes[2], archive.Change{
-		Path: "/root",
-		Kind: archive.ChangeModify,
-	})
-	assertChange(t, changes[3], archive.Change{
-		Path: "/root/.bashrc",
-		Kind: archive.ChangeModify,
-	})
-	assertChange(t, changes[4], archive.Change{
-		Path: "/root/testfile1.txt",
-		Kind: archive.ChangeAdd,
-	})
-
-	if _, err := ls.CreateRWLayer("migration-mount", layer1.ChainID(), nil); err == nil {
-		t.Fatal("Expected error creating mount with same name")
-	} else if err != ErrMountNameConflict {
-		t.Fatal(err)
-	}
-
-	rwLayer2, err := ls.GetRWLayer("migration-mount")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if getMountLayer(rwLayer1) != getMountLayer(rwLayer2) {
-		t.Fatal("Expected same layer from get with same name as from migrate")
-	}
-
-	if _, err := rwLayer2.Mount(""); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := rwLayer2.Mount(""); err != nil {
-		t.Fatal(err)
-	}
-
-	if metadata, err := ls.Release(layer1); err != nil {
-		t.Fatal(err)
-	} else if len(metadata) > 0 {
-		t.Fatalf("Expected no layers to be deleted, deleted %#v", metadata)
-	}
-
-	if err := rwLayer1.Unmount(); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := ls.ReleaseRWLayer(rwLayer1); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := rwLayer2.Unmount(); err != nil {
-		t.Fatal(err)
-	}
-	if err := rwLayer2.Unmount(); err != nil {
-		t.Fatal(err)
-	}
-	metadata, err := ls.ReleaseRWLayer(rwLayer2)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(metadata) == 0 {
-		t.Fatal("Expected base layer to be deleted when deleting mount")
-	}
-
-	assertMetadata(t, metadata, createMetadata(layer1))
-}
diff --git a/layer/mount_test.go b/layer/mount_test.go
index 1cfc370eed11f..20de6e0c7c0a9 100644
--- a/layer/mount_test.go
+++ b/layer/mount_test.go
@@ -1,7 +1,7 @@
 package layer // import "github.com/docker/docker/layer"
 
 import (
-	"io/ioutil"
+	"io"
 	"runtime"
 	"sort"
 	"testing"
@@ -56,7 +56,7 @@ func TestMountInit(t *testing.T) {
 	}
 	defer f.Close()
 
-	b, err := ioutil.ReadAll(f)
+	b, err := io.ReadAll(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -206,6 +206,64 @@ func TestMountChanges(t *testing.T) {
 	})
 }
 
+func TestMountApply(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	basefile := newTestFile("testfile.txt", []byte("base data!"), 0644)
+	newfile := newTestFile("newfile.txt", []byte("new data!"), 0755)
+
+	li := initWithFiles(basefile)
+	layer, err := createLayer(ls, "", li)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	di := initWithFiles(newfile)
+	diffLayer, err := createLayer(ls, "", di)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	m, err := ls.CreateRWLayer("fun-mount", layer.ChainID(), nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	r, err := diffLayer.TarStream()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := m.ApplyDiff(r); err != nil {
+		t.Fatal(err)
+	}
+
+	pathFS, err := m.Mount("")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	f, err := pathFS.Open(pathFS.Join(pathFS.Path(), "newfile.txt"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+
+	b, err := io.ReadAll(f)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "new data!"; string(b) != expected {
+		t.Fatalf("Unexpected test file contents %q, expected %q", string(b), expected)
+	}
+}
+
 func assertChange(t *testing.T, actual, expected archive.Change) {
 	if actual.Path != expected.Path {
 		t.Fatalf("Unexpected change path %s, expected %s", actual.Path, expected.Path)
diff --git a/layer/mounted_layer.go b/layer/mounted_layer.go
index d6858c662ccfa..f614fd571df2a 100644
--- a/layer/mounted_layer.go
+++ b/layer/mounted_layer.go
@@ -2,6 +2,7 @@ package layer // import "github.com/docker/docker/layer"
 
 import (
 	"io"
+	"sync"
 
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/containerfs"
@@ -12,9 +13,9 @@ type mountedLayer struct {
 	mountID    string
 	initID     string
 	parent     *roLayer
-	path       string
 	layerStore *layerStore
 
+	sync.Mutex
 	references map[RWLayer]*referencedRWLayer
 }
 
@@ -62,16 +63,24 @@ func (ml *mountedLayer) getReference() RWLayer {
 	ref := &referencedRWLayer{
 		mountedLayer: ml,
 	}
+	ml.Lock()
 	ml.references[ref] = ref
+	ml.Unlock()
 
 	return ref
 }
 
 func (ml *mountedLayer) hasReferences() bool {
-	return len(ml.references) > 0
+	ml.Lock()
+	ret := len(ml.references) > 0
+	ml.Unlock()
+
+	return ret
 }
 
 func (ml *mountedLayer) deleteReference(ref RWLayer) error {
+	ml.Lock()
+	defer ml.Unlock()
 	if _, ok := ml.references[ref]; !ok {
 		return ErrLayerNotRetained
 	}
@@ -81,7 +90,9 @@ func (ml *mountedLayer) deleteReference(ref RWLayer) error {
 
 func (ml *mountedLayer) retakeReference(r RWLayer) {
 	if ref, ok := r.(*referencedRWLayer); ok {
+		ml.Lock()
 		ml.references[ref] = ref
+		ml.Unlock()
 	}
 }
 
@@ -98,3 +109,8 @@ func (rl *referencedRWLayer) Mount(mountLabel string) (containerfs.ContainerFS,
 func (rl *referencedRWLayer) Unmount() error {
 	return rl.layerStore.driver.Put(rl.mountedLayer.mountID)
 }
+
+// ApplyDiff applies specified diff to the layer
+func (rl *referencedRWLayer) ApplyDiff(diff io.Reader) (int64, error) {
+	return rl.layerStore.driver.ApplyDiff(rl.mountID, rl.cacheParent(), diff)
+}
diff --git a/layer/ro_layer.go b/layer/ro_layer.go
index 3555e8b027994..15841d5bd2447 100644
--- a/layer/ro_layer.go
+++ b/layer/ro_layer.go
@@ -5,7 +5,7 @@ import (
 	"io"
 
 	"github.com/docker/distribution"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 )
 
 type roLayer struct {
diff --git a/libcontainerd/client_daemon.go b/libcontainerd/client_daemon.go
deleted file mode 100644
index cb9cb43a7316f..0000000000000
--- a/libcontainerd/client_daemon.go
+++ /dev/null
@@ -1,913 +0,0 @@
-// +build !windows
-
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"reflect"
-	"runtime"
-	"strings"
-	"sync"
-	"syscall"
-	"time"
-
-	"github.com/containerd/containerd"
-	apievents "github.com/containerd/containerd/api/events"
-	"github.com/containerd/containerd/api/types"
-	"github.com/containerd/containerd/archive"
-	"github.com/containerd/containerd/cio"
-	"github.com/containerd/containerd/content"
-	containerderrors "github.com/containerd/containerd/errdefs"
-	"github.com/containerd/containerd/events"
-	"github.com/containerd/containerd/images"
-	"github.com/containerd/containerd/runtime/linux/runctypes"
-	"github.com/containerd/typeurl"
-	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/opencontainers/image-spec/specs-go/v1"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-)
-
-// InitProcessName is the name given to the first process of a
-// container
-const InitProcessName = "init"
-
-type container struct {
-	mu sync.Mutex
-
-	bundleDir string
-	ctr       containerd.Container
-	task      containerd.Task
-	execs     map[string]containerd.Process
-	oomKilled bool
-}
-
-func (c *container) setTask(t containerd.Task) {
-	c.mu.Lock()
-	c.task = t
-	c.mu.Unlock()
-}
-
-func (c *container) getTask() containerd.Task {
-	c.mu.Lock()
-	t := c.task
-	c.mu.Unlock()
-	return t
-}
-
-func (c *container) addProcess(id string, p containerd.Process) {
-	c.mu.Lock()
-	if c.execs == nil {
-		c.execs = make(map[string]containerd.Process)
-	}
-	c.execs[id] = p
-	c.mu.Unlock()
-}
-
-func (c *container) deleteProcess(id string) {
-	c.mu.Lock()
-	delete(c.execs, id)
-	c.mu.Unlock()
-}
-
-func (c *container) getProcess(id string) containerd.Process {
-	c.mu.Lock()
-	p := c.execs[id]
-	c.mu.Unlock()
-	return p
-}
-
-func (c *container) setOOMKilled(killed bool) {
-	c.mu.Lock()
-	c.oomKilled = killed
-	c.mu.Unlock()
-}
-
-func (c *container) getOOMKilled() bool {
-	c.mu.Lock()
-	killed := c.oomKilled
-	c.mu.Unlock()
-	return killed
-}
-
-type client struct {
-	sync.RWMutex // protects containers map
-
-	client   *containerd.Client
-	stateDir string
-	logger   *logrus.Entry
-	ns       string
-
-	backend    Backend
-	eventQ     queue
-	containers map[string]*container
-}
-
-// NewClient creates a new libcontainerd client from a containerd client
-func NewClient(ctx context.Context, cli *containerd.Client, stateDir, ns string, b Backend) (Client, error) {
-	c := &client{
-		client:     cli,
-		stateDir:   stateDir,
-		logger:     logrus.WithField("module", "libcontainerd").WithField("namespace", ns),
-		ns:         ns,
-		backend:    b,
-		containers: make(map[string]*container),
-	}
-
-	go c.processEventStream(ctx, ns)
-
-	return c, nil
-}
-
-func (c *client) Version(ctx context.Context) (containerd.Version, error) {
-	return c.client.Version(ctx)
-}
-
-// Restore loads the containerd container.
-// It should not be called concurrently with any other operation for the given ID.
-func (c *client) Restore(ctx context.Context, id string, attachStdio StdioCallback) (alive bool, pid int, err error) {
-	c.Lock()
-	_, ok := c.containers[id]
-	if ok {
-		c.Unlock()
-		return false, 0, errors.WithStack(newConflictError("id already in use"))
-	}
-
-	cntr := &container{}
-	c.containers[id] = cntr
-	cntr.mu.Lock()
-	defer cntr.mu.Unlock()
-
-	c.Unlock()
-
-	defer func() {
-		if err != nil {
-			c.Lock()
-			delete(c.containers, id)
-			c.Unlock()
-		}
-	}()
-
-	var dio *cio.DirectIO
-	defer func() {
-		if err != nil && dio != nil {
-			dio.Cancel()
-			dio.Close()
-		}
-		err = wrapError(err)
-	}()
-
-	ctr, err := c.client.LoadContainer(ctx, id)
-	if err != nil {
-		return false, -1, errors.WithStack(wrapError(err))
-	}
-
-	attachIO := func(fifos *cio.FIFOSet) (cio.IO, error) {
-		// dio must be assigned to the previously defined dio for the defer above
-		// to handle cleanup
-		dio, err = cio.NewDirectIO(ctx, fifos)
-		if err != nil {
-			return nil, err
-		}
-		return attachStdio(dio)
-	}
-	t, err := ctr.Task(ctx, attachIO)
-	if err != nil && !containerderrors.IsNotFound(err) {
-		return false, -1, errors.Wrap(wrapError(err), "error getting containerd task for container")
-	}
-
-	if t != nil {
-		s, err := t.Status(ctx)
-		if err != nil {
-			return false, -1, errors.Wrap(wrapError(err), "error getting task status")
-		}
-
-		alive = s.Status != containerd.Stopped
-		pid = int(t.Pid())
-	}
-
-	cntr.bundleDir = filepath.Join(c.stateDir, id)
-	cntr.ctr = ctr
-	cntr.task = t
-	// TODO(mlaventure): load execs
-
-	c.logger.WithFields(logrus.Fields{
-		"container": id,
-		"alive":     alive,
-		"pid":       pid,
-	}).Debug("restored container")
-
-	return alive, pid, nil
-}
-
-func (c *client) Create(ctx context.Context, id string, ociSpec *specs.Spec, runtimeOptions interface{}) error {
-	if ctr := c.getContainer(id); ctr != nil {
-		return errors.WithStack(newConflictError("id already in use"))
-	}
-
-	bdir, err := prepareBundleDir(filepath.Join(c.stateDir, id), ociSpec)
-	if err != nil {
-		return errdefs.System(errors.Wrap(err, "prepare bundle dir failed"))
-	}
-
-	c.logger.WithField("bundle", bdir).WithField("root", ociSpec.Root.Path).Debug("bundle dir created")
-
-	cdCtr, err := c.client.NewContainer(ctx, id,
-		containerd.WithSpec(ociSpec),
-		// TODO(mlaventure): when containerd support lcow, revisit runtime value
-		containerd.WithRuntime(fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS), runtimeOptions))
-	if err != nil {
-		return wrapError(err)
-	}
-
-	c.Lock()
-	c.containers[id] = &container{
-		bundleDir: bdir,
-		ctr:       cdCtr,
-	}
-	c.Unlock()
-
-	return nil
-}
-
-// Start create and start a task for the specified containerd id
-func (c *client) Start(ctx context.Context, id, checkpointDir string, withStdin bool, attachStdio StdioCallback) (int, error) {
-	ctr := c.getContainer(id)
-	if ctr == nil {
-		return -1, errors.WithStack(newNotFoundError("no such container"))
-	}
-	if t := ctr.getTask(); t != nil {
-		return -1, errors.WithStack(newConflictError("container already started"))
-	}
-
-	var (
-		cp             *types.Descriptor
-		t              containerd.Task
-		rio            cio.IO
-		err            error
-		stdinCloseSync = make(chan struct{})
-	)
-
-	if checkpointDir != "" {
-		// write checkpoint to the content store
-		tar := archive.Diff(ctx, "", checkpointDir)
-		cp, err = c.writeContent(ctx, images.MediaTypeContainerd1Checkpoint, checkpointDir, tar)
-		// remove the checkpoint when we're done
-		defer func() {
-			if cp != nil {
-				err := c.client.ContentStore().Delete(context.Background(), cp.Digest)
-				if err != nil {
-					c.logger.WithError(err).WithFields(logrus.Fields{
-						"ref":    checkpointDir,
-						"digest": cp.Digest,
-					}).Warnf("failed to delete temporary checkpoint entry")
-				}
-			}
-		}()
-		if err := tar.Close(); err != nil {
-			return -1, errors.Wrap(err, "failed to close checkpoint tar stream")
-		}
-		if err != nil {
-			return -1, errors.Wrapf(err, "failed to upload checkpoint to containerd")
-		}
-	}
-
-	spec, err := ctr.ctr.Spec(ctx)
-	if err != nil {
-		return -1, errors.Wrap(err, "failed to retrieve spec")
-	}
-	uid, gid := getSpecUser(spec)
-	t, err = ctr.ctr.NewTask(ctx,
-		func(id string) (cio.IO, error) {
-			fifos := newFIFOSet(ctr.bundleDir, InitProcessName, withStdin, spec.Process.Terminal)
-
-			rio, err = c.createIO(fifos, id, InitProcessName, stdinCloseSync, attachStdio)
-			return rio, err
-		},
-		func(_ context.Context, _ *containerd.Client, info *containerd.TaskInfo) error {
-			info.Checkpoint = cp
-			info.Options = &runctypes.CreateOptions{
-				IoUid:       uint32(uid),
-				IoGid:       uint32(gid),
-				NoPivotRoot: os.Getenv("DOCKER_RAMDISK") != "",
-			}
-			return nil
-		})
-	if err != nil {
-		close(stdinCloseSync)
-		if rio != nil {
-			rio.Cancel()
-			rio.Close()
-		}
-		return -1, wrapError(err)
-	}
-
-	ctr.setTask(t)
-
-	// Signal c.createIO that it can call CloseIO
-	close(stdinCloseSync)
-
-	if err := t.Start(ctx); err != nil {
-		if _, err := t.Delete(ctx); err != nil {
-			c.logger.WithError(err).WithField("container", id).
-				Error("failed to delete task after fail start")
-		}
-		ctr.setTask(nil)
-		return -1, wrapError(err)
-	}
-
-	return int(t.Pid()), nil
-}
-
-// Exec creates exec process.
-//
-// The containerd client calls Exec to register the exec config in the shim side.
-// When the client calls Start, the shim will create stdin fifo if needs. But
-// for the container main process, the stdin fifo will be created in Create not
-// the Start call. stdinCloseSync channel should be closed after Start exec
-// process.
-func (c *client) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio StdioCallback) (int, error) {
-	ctr := c.getContainer(containerID)
-	if ctr == nil {
-		return -1, errors.WithStack(newNotFoundError("no such container"))
-	}
-	t := ctr.getTask()
-	if t == nil {
-		return -1, errors.WithStack(newInvalidParameterError("container is not running"))
-	}
-
-	if p := ctr.getProcess(processID); p != nil {
-		return -1, errors.WithStack(newConflictError("id already in use"))
-	}
-
-	var (
-		p              containerd.Process
-		rio            cio.IO
-		err            error
-		stdinCloseSync = make(chan struct{})
-	)
-
-	fifos := newFIFOSet(ctr.bundleDir, processID, withStdin, spec.Terminal)
-
-	defer func() {
-		if err != nil {
-			if rio != nil {
-				rio.Cancel()
-				rio.Close()
-			}
-		}
-	}()
-
-	p, err = t.Exec(ctx, processID, spec, func(id string) (cio.IO, error) {
-		rio, err = c.createIO(fifos, containerID, processID, stdinCloseSync, attachStdio)
-		return rio, err
-	})
-	if err != nil {
-		close(stdinCloseSync)
-		return -1, wrapError(err)
-	}
-
-	ctr.addProcess(processID, p)
-
-	// Signal c.createIO that it can call CloseIO
-	//
-	// the stdin of exec process will be created after p.Start in containerd
-	defer close(stdinCloseSync)
-
-	if err = p.Start(ctx); err != nil {
-		p.Delete(context.Background())
-		ctr.deleteProcess(processID)
-		return -1, wrapError(err)
-	}
-
-	return int(p.Pid()), nil
-}
-
-func (c *client) SignalProcess(ctx context.Context, containerID, processID string, signal int) error {
-	p, err := c.getProcess(containerID, processID)
-	if err != nil {
-		return err
-	}
-	return wrapError(p.Kill(ctx, syscall.Signal(signal)))
-}
-
-func (c *client) ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error {
-	p, err := c.getProcess(containerID, processID)
-	if err != nil {
-		return err
-	}
-
-	return p.Resize(ctx, uint32(width), uint32(height))
-}
-
-func (c *client) CloseStdin(ctx context.Context, containerID, processID string) error {
-	p, err := c.getProcess(containerID, processID)
-	if err != nil {
-		return err
-	}
-
-	return p.CloseIO(ctx, containerd.WithStdinCloser)
-}
-
-func (c *client) Pause(ctx context.Context, containerID string) error {
-	p, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return err
-	}
-
-	return wrapError(p.(containerd.Task).Pause(ctx))
-}
-
-func (c *client) Resume(ctx context.Context, containerID string) error {
-	p, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return err
-	}
-
-	return p.(containerd.Task).Resume(ctx)
-}
-
-func (c *client) Stats(ctx context.Context, containerID string) (*Stats, error) {
-	p, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return nil, err
-	}
-
-	m, err := p.(containerd.Task).Metrics(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	v, err := typeurl.UnmarshalAny(m.Data)
-	if err != nil {
-		return nil, err
-	}
-	return interfaceToStats(m.Timestamp, v), nil
-}
-
-func (c *client) ListPids(ctx context.Context, containerID string) ([]uint32, error) {
-	p, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return nil, err
-	}
-
-	pis, err := p.(containerd.Task).Pids(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	var pids []uint32
-	for _, i := range pis {
-		pids = append(pids, i.Pid)
-	}
-
-	return pids, nil
-}
-
-func (c *client) Summary(ctx context.Context, containerID string) ([]Summary, error) {
-	p, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return nil, err
-	}
-
-	pis, err := p.(containerd.Task).Pids(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	var infos []Summary
-	for _, pi := range pis {
-		i, err := typeurl.UnmarshalAny(pi.Info)
-		if err != nil {
-			return nil, errors.Wrap(err, "unable to decode process details")
-		}
-		s, err := summaryFromInterface(i)
-		if err != nil {
-			return nil, err
-		}
-		infos = append(infos, *s)
-	}
-
-	return infos, nil
-}
-
-func (c *client) DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error) {
-	p, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return 255, time.Now(), nil
-	}
-
-	status, err := p.(containerd.Task).Delete(ctx)
-	if err != nil {
-		return 255, time.Now(), nil
-	}
-
-	if ctr := c.getContainer(containerID); ctr != nil {
-		ctr.setTask(nil)
-	}
-	return status.ExitCode(), status.ExitTime(), nil
-}
-
-func (c *client) Delete(ctx context.Context, containerID string) error {
-	ctr := c.getContainer(containerID)
-	if ctr == nil {
-		return errors.WithStack(newNotFoundError("no such container"))
-	}
-
-	if err := ctr.ctr.Delete(ctx); err != nil {
-		return wrapError(err)
-	}
-
-	if os.Getenv("LIBCONTAINERD_NOCLEAN") != "1" {
-		if err := os.RemoveAll(ctr.bundleDir); err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container": containerID,
-				"bundle":    ctr.bundleDir,
-			}).Error("failed to remove state dir")
-		}
-	}
-
-	c.removeContainer(containerID)
-
-	return nil
-}
-
-func (c *client) Status(ctx context.Context, containerID string) (Status, error) {
-	ctr := c.getContainer(containerID)
-	if ctr == nil {
-		return StatusUnknown, errors.WithStack(newNotFoundError("no such container"))
-	}
-
-	t := ctr.getTask()
-	if t == nil {
-		return StatusUnknown, errors.WithStack(newNotFoundError("no such task"))
-	}
-
-	s, err := t.Status(ctx)
-	if err != nil {
-		return StatusUnknown, wrapError(err)
-	}
-
-	return Status(s.Status), nil
-}
-
-func (c *client) CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error {
-	p, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return err
-	}
-
-	opts := []containerd.CheckpointTaskOpts{}
-	if exit {
-		opts = append(opts, func(r *containerd.CheckpointTaskInfo) error {
-			if r.Options == nil {
-				r.Options = &runctypes.CheckpointOptions{
-					Exit: true,
-				}
-			} else {
-				opts, _ := r.Options.(*runctypes.CheckpointOptions)
-				opts.Exit = true
-			}
-			return nil
-		})
-	}
-	img, err := p.(containerd.Task).Checkpoint(ctx, opts...)
-	if err != nil {
-		return wrapError(err)
-	}
-	// Whatever happens, delete the checkpoint from containerd
-	defer func() {
-		err := c.client.ImageService().Delete(context.Background(), img.Name())
-		if err != nil {
-			c.logger.WithError(err).WithField("digest", img.Target().Digest).
-				Warnf("failed to delete checkpoint image")
-		}
-	}()
-
-	b, err := content.ReadBlob(ctx, c.client.ContentStore(), img.Target())
-	if err != nil {
-		return errdefs.System(errors.Wrapf(err, "failed to retrieve checkpoint data"))
-	}
-	var index v1.Index
-	if err := json.Unmarshal(b, &index); err != nil {
-		return errdefs.System(errors.Wrapf(err, "failed to decode checkpoint data"))
-	}
-
-	var cpDesc *v1.Descriptor
-	for _, m := range index.Manifests {
-		if m.MediaType == images.MediaTypeContainerd1Checkpoint {
-			cpDesc = &m
-			break
-		}
-	}
-	if cpDesc == nil {
-		return errdefs.System(errors.Wrapf(err, "invalid checkpoint"))
-	}
-
-	rat, err := c.client.ContentStore().ReaderAt(ctx, *cpDesc)
-	if err != nil {
-		return errdefs.System(errors.Wrapf(err, "failed to get checkpoint reader"))
-	}
-	defer rat.Close()
-	_, err = archive.Apply(ctx, checkpointDir, content.NewReader(rat))
-	if err != nil {
-		return errdefs.System(errors.Wrapf(err, "failed to read checkpoint reader"))
-	}
-
-	return err
-}
-
-func (c *client) getContainer(id string) *container {
-	c.RLock()
-	ctr := c.containers[id]
-	c.RUnlock()
-
-	return ctr
-}
-
-func (c *client) removeContainer(id string) {
-	c.Lock()
-	delete(c.containers, id)
-	c.Unlock()
-}
-
-func (c *client) getProcess(containerID, processID string) (containerd.Process, error) {
-	ctr := c.getContainer(containerID)
-	if ctr == nil {
-		return nil, errors.WithStack(newNotFoundError("no such container"))
-	}
-
-	t := ctr.getTask()
-	if t == nil {
-		return nil, errors.WithStack(newNotFoundError("container is not running"))
-	}
-	if processID == InitProcessName {
-		return t, nil
-	}
-
-	p := ctr.getProcess(processID)
-	if p == nil {
-		return nil, errors.WithStack(newNotFoundError("no such exec"))
-	}
-	return p, nil
-}
-
-// createIO creates the io to be used by a process
-// This needs to get a pointer to interface as upon closure the process may not have yet been registered
-func (c *client) createIO(fifos *cio.FIFOSet, containerID, processID string, stdinCloseSync chan struct{}, attachStdio StdioCallback) (cio.IO, error) {
-	var (
-		io  *cio.DirectIO
-		err error
-	)
-
-	io, err = cio.NewDirectIO(context.Background(), fifos)
-	if err != nil {
-		return nil, err
-	}
-
-	if io.Stdin != nil {
-		var (
-			err       error
-			stdinOnce sync.Once
-		)
-		pipe := io.Stdin
-		io.Stdin = ioutils.NewWriteCloserWrapper(pipe, func() error {
-			stdinOnce.Do(func() {
-				err = pipe.Close()
-				// Do the rest in a new routine to avoid a deadlock if the
-				// Exec/Start call failed.
-				go func() {
-					<-stdinCloseSync
-					p, err := c.getProcess(containerID, processID)
-					if err == nil {
-						err = p.CloseIO(context.Background(), containerd.WithStdinCloser)
-						if err != nil && strings.Contains(err.Error(), "transport is closing") {
-							err = nil
-						}
-					}
-				}()
-			})
-			return err
-		})
-	}
-
-	rio, err := attachStdio(io)
-	if err != nil {
-		io.Cancel()
-		io.Close()
-	}
-	return rio, err
-}
-
-func (c *client) processEvent(ctr *container, et EventType, ei EventInfo) {
-	c.eventQ.append(ei.ContainerID, func() {
-		err := c.backend.ProcessEvent(ei.ContainerID, et, ei)
-		if err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container":  ei.ContainerID,
-				"event":      et,
-				"event-info": ei,
-			}).Error("failed to process event")
-		}
-
-		if et == EventExit && ei.ProcessID != ei.ContainerID {
-			p := ctr.getProcess(ei.ProcessID)
-			if p == nil {
-				c.logger.WithError(errors.New("no such process")).
-					WithFields(logrus.Fields{
-						"container": ei.ContainerID,
-						"process":   ei.ProcessID,
-					}).Error("exit event")
-				return
-			}
-			_, err = p.Delete(context.Background())
-			if err != nil {
-				c.logger.WithError(err).WithFields(logrus.Fields{
-					"container": ei.ContainerID,
-					"process":   ei.ProcessID,
-				}).Warn("failed to delete process")
-			}
-			ctr.deleteProcess(ei.ProcessID)
-
-			ctr := c.getContainer(ei.ContainerID)
-			if ctr == nil {
-				c.logger.WithFields(logrus.Fields{
-					"container": ei.ContainerID,
-				}).Error("failed to find container")
-			} else {
-				newFIFOSet(ctr.bundleDir, ei.ProcessID, true, false).Close()
-			}
-		}
-	})
-}
-
-func (c *client) processEventStream(ctx context.Context, ns string) {
-	var (
-		err error
-		ev  *events.Envelope
-		et  EventType
-		ei  EventInfo
-		ctr *container
-	)
-
-	// Filter on both namespace *and* topic. To create an "and" filter,
-	// this must be a single, comma-separated string
-	eventStream, errC := c.client.EventService().Subscribe(ctx, "namespace=="+ns+",topic~=|^/tasks/|")
-
-	c.logger.Debug("processing event stream")
-
-	var oomKilled bool
-	for {
-		select {
-		case err = <-errC:
-			if err != nil {
-				errStatus, ok := status.FromError(err)
-				if !ok || errStatus.Code() != codes.Canceled {
-					c.logger.WithError(err).Error("failed to get event")
-					go c.processEventStream(ctx, ns)
-				} else {
-					c.logger.WithError(ctx.Err()).Info("stopping event stream following graceful shutdown")
-				}
-			}
-			return
-		case ev = <-eventStream:
-			if ev.Event == nil {
-				c.logger.WithField("event", ev).Warn("invalid event")
-				continue
-			}
-
-			v, err := typeurl.UnmarshalAny(ev.Event)
-			if err != nil {
-				c.logger.WithError(err).WithField("event", ev).Warn("failed to unmarshal event")
-				continue
-			}
-
-			c.logger.WithField("topic", ev.Topic).Debug("event")
-
-			switch t := v.(type) {
-			case *apievents.TaskCreate:
-				et = EventCreate
-				ei = EventInfo{
-					ContainerID: t.ContainerID,
-					ProcessID:   t.ContainerID,
-					Pid:         t.Pid,
-				}
-			case *apievents.TaskStart:
-				et = EventStart
-				ei = EventInfo{
-					ContainerID: t.ContainerID,
-					ProcessID:   t.ContainerID,
-					Pid:         t.Pid,
-				}
-			case *apievents.TaskExit:
-				et = EventExit
-				ei = EventInfo{
-					ContainerID: t.ContainerID,
-					ProcessID:   t.ID,
-					Pid:         t.Pid,
-					ExitCode:    t.ExitStatus,
-					ExitedAt:    t.ExitedAt,
-				}
-			case *apievents.TaskOOM:
-				et = EventOOM
-				ei = EventInfo{
-					ContainerID: t.ContainerID,
-					OOMKilled:   true,
-				}
-				oomKilled = true
-			case *apievents.TaskExecAdded:
-				et = EventExecAdded
-				ei = EventInfo{
-					ContainerID: t.ContainerID,
-					ProcessID:   t.ExecID,
-				}
-			case *apievents.TaskExecStarted:
-				et = EventExecStarted
-				ei = EventInfo{
-					ContainerID: t.ContainerID,
-					ProcessID:   t.ExecID,
-					Pid:         t.Pid,
-				}
-			case *apievents.TaskPaused:
-				et = EventPaused
-				ei = EventInfo{
-					ContainerID: t.ContainerID,
-				}
-			case *apievents.TaskResumed:
-				et = EventResumed
-				ei = EventInfo{
-					ContainerID: t.ContainerID,
-				}
-			default:
-				c.logger.WithFields(logrus.Fields{
-					"topic": ev.Topic,
-					"type":  reflect.TypeOf(t)},
-				).Info("ignoring event")
-				continue
-			}
-
-			ctr = c.getContainer(ei.ContainerID)
-			if ctr == nil {
-				c.logger.WithField("container", ei.ContainerID).Warn("unknown container")
-				continue
-			}
-
-			if oomKilled {
-				ctr.setOOMKilled(true)
-				oomKilled = false
-			}
-			ei.OOMKilled = ctr.getOOMKilled()
-
-			c.processEvent(ctr, et, ei)
-		}
-	}
-}
-
-func (c *client) writeContent(ctx context.Context, mediaType, ref string, r io.Reader) (*types.Descriptor, error) {
-	writer, err := c.client.ContentStore().Writer(ctx, content.WithRef(ref))
-	if err != nil {
-		return nil, err
-	}
-	defer writer.Close()
-	size, err := io.Copy(writer, r)
-	if err != nil {
-		return nil, err
-	}
-	labels := map[string]string{
-		"containerd.io/gc.root": time.Now().UTC().Format(time.RFC3339),
-	}
-	if err := writer.Commit(ctx, 0, "", content.WithLabels(labels)); err != nil {
-		return nil, err
-	}
-	return &types.Descriptor{
-		MediaType: mediaType,
-		Digest:    writer.Digest(),
-		Size_:     size,
-	}, nil
-}
-
-func wrapError(err error) error {
-	switch {
-	case err == nil:
-		return nil
-	case containerderrors.IsNotFound(err):
-		return errdefs.NotFound(err)
-	}
-
-	msg := err.Error()
-	for _, s := range []string{"container does not exist", "not found", "no such container"} {
-		if strings.Contains(msg, s) {
-			return errdefs.NotFound(err)
-		}
-	}
-	return err
-}
diff --git a/libcontainerd/client_daemon_linux.go b/libcontainerd/client_daemon_linux.go
deleted file mode 100644
index bebe5f7ae8812..0000000000000
--- a/libcontainerd/client_daemon_linux.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/containerd/containerd"
-	"github.com/containerd/containerd/cio"
-	"github.com/docker/docker/pkg/idtools"
-	"github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/sirupsen/logrus"
-)
-
-func summaryFromInterface(i interface{}) (*Summary, error) {
-	return &Summary{}, nil
-}
-
-func (c *client) UpdateResources(ctx context.Context, containerID string, resources *Resources) error {
-	p, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return err
-	}
-
-	// go doesn't like the alias in 1.8, this means this need to be
-	// platform specific
-	return p.(containerd.Task).Update(ctx, containerd.WithResources((*specs.LinuxResources)(resources)))
-}
-
-func hostIDFromMap(id uint32, mp []specs.LinuxIDMapping) int {
-	for _, m := range mp {
-		if id >= m.ContainerID && id <= m.ContainerID+m.Size-1 {
-			return int(m.HostID + id - m.ContainerID)
-		}
-	}
-	return 0
-}
-
-func getSpecUser(ociSpec *specs.Spec) (int, int) {
-	var (
-		uid int
-		gid int
-	)
-
-	for _, ns := range ociSpec.Linux.Namespaces {
-		if ns.Type == specs.UserNamespace {
-			uid = hostIDFromMap(0, ociSpec.Linux.UIDMappings)
-			gid = hostIDFromMap(0, ociSpec.Linux.GIDMappings)
-			break
-		}
-	}
-
-	return uid, gid
-}
-
-func prepareBundleDir(bundleDir string, ociSpec *specs.Spec) (string, error) {
-	uid, gid := getSpecUser(ociSpec)
-	if uid == 0 && gid == 0 {
-		return bundleDir, idtools.MkdirAllAndChownNew(bundleDir, 0755, idtools.Identity{UID: 0, GID: 0})
-	}
-
-	p := string(filepath.Separator)
-	components := strings.Split(bundleDir, string(filepath.Separator))
-	for _, d := range components[1:] {
-		p = filepath.Join(p, d)
-		fi, err := os.Stat(p)
-		if err != nil && !os.IsNotExist(err) {
-			return "", err
-		}
-		if os.IsNotExist(err) || fi.Mode()&1 == 0 {
-			p = fmt.Sprintf("%s.%d.%d", p, uid, gid)
-			if err := idtools.MkdirAndChown(p, 0700, idtools.Identity{UID: uid, GID: gid}); err != nil && !os.IsExist(err) {
-				return "", err
-			}
-		}
-	}
-
-	return p, nil
-}
-
-func newFIFOSet(bundleDir, processID string, withStdin, withTerminal bool) *cio.FIFOSet {
-	config := cio.Config{
-		Terminal: withTerminal,
-		Stdout:   filepath.Join(bundleDir, processID+"-stdout"),
-	}
-	paths := []string{config.Stdout}
-
-	if withStdin {
-		config.Stdin = filepath.Join(bundleDir, processID+"-stdin")
-		paths = append(paths, config.Stdin)
-	}
-	if !withTerminal {
-		config.Stderr = filepath.Join(bundleDir, processID+"-stderr")
-		paths = append(paths, config.Stderr)
-	}
-	closer := func() error {
-		for _, path := range paths {
-			if err := os.RemoveAll(path); err != nil {
-				logrus.Warnf("libcontainerd: failed to remove fifo %v: %v", path, err)
-			}
-		}
-		return nil
-	}
-
-	return cio.NewFIFOSet(config, closer)
-}
diff --git a/libcontainerd/client_daemon_windows.go b/libcontainerd/client_daemon_windows.go
deleted file mode 100644
index 4aba33e18cf4a..0000000000000
--- a/libcontainerd/client_daemon_windows.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"fmt"
-	"path/filepath"
-
-	"github.com/containerd/containerd/cio"
-	"github.com/containerd/containerd/windows/hcsshimtypes"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-)
-
-func summaryFromInterface(i interface{}) (*Summary, error) {
-	switch pd := i.(type) {
-	case *hcsshimtypes.ProcessDetails:
-		return &Summary{
-			CreateTimestamp:              pd.CreatedAt,
-			ImageName:                    pd.ImageName,
-			KernelTime100ns:              pd.KernelTime_100Ns,
-			MemoryCommitBytes:            pd.MemoryCommitBytes,
-			MemoryWorkingSetPrivateBytes: pd.MemoryWorkingSetPrivateBytes,
-			MemoryWorkingSetSharedBytes:  pd.MemoryWorkingSetSharedBytes,
-			ProcessId:                    pd.ProcessID,
-			UserTime100ns:                pd.UserTime_100Ns,
-		}, nil
-	default:
-		return nil, errors.Errorf("Unknown process details type %T", pd)
-	}
-}
-
-func prepareBundleDir(bundleDir string, ociSpec *specs.Spec) (string, error) {
-	return bundleDir, nil
-}
-
-func pipeName(containerID, processID, name string) string {
-	return fmt.Sprintf(`\\.\pipe\containerd-%s-%s-%s`, containerID, processID, name)
-}
-
-func newFIFOSet(bundleDir, processID string, withStdin, withTerminal bool) *cio.FIFOSet {
-	containerID := filepath.Base(bundleDir)
-	config := cio.Config{
-		Terminal: withTerminal,
-		Stdout:   pipeName(containerID, processID, "stdout"),
-	}
-
-	if withStdin {
-		config.Stdin = pipeName(containerID, processID, "stdin")
-	}
-
-	if !config.Terminal {
-		config.Stderr = pipeName(containerID, processID, "stderr")
-	}
-
-	return cio.NewFIFOSet(config, nil)
-}
diff --git a/libcontainerd/client_local_windows.go b/libcontainerd/client_local_windows.go
deleted file mode 100644
index 80b7f4c879cc9..0000000000000
--- a/libcontainerd/client_local_windows.go
+++ /dev/null
@@ -1,1354 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"regexp"
-	"strings"
-	"sync"
-	"syscall"
-	"time"
-
-	"github.com/Microsoft/hcsshim"
-	opengcs "github.com/Microsoft/opengcs/client"
-	"github.com/containerd/containerd"
-	"github.com/containerd/containerd/cio"
-	"github.com/docker/docker/pkg/sysinfo"
-	"github.com/docker/docker/pkg/system"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/windows"
-)
-
-const InitProcessName = "init"
-
-type process struct {
-	id         string
-	pid        int
-	hcsProcess hcsshim.Process
-}
-
-type container struct {
-	sync.Mutex
-
-	// The ociSpec is required, as client.Create() needs a spec, but can
-	// be called from the RestartManager context which does not otherwise
-	// have access to the Spec
-	ociSpec *specs.Spec
-
-	isWindows    bool
-	hcsContainer hcsshim.Container
-
-	id               string
-	status           Status
-	exitedAt         time.Time
-	exitCode         uint32
-	waitCh           chan struct{}
-	init             *process
-	execs            map[string]*process
-	terminateInvoked bool
-}
-
-// Win32 error codes that are used for various workarounds
-// These really should be ALL_CAPS to match golangs syscall library and standard
-// Win32 error conventions, but golint insists on CamelCase.
-const (
-	CoEClassstring     = syscall.Errno(0x800401F3) // Invalid class string
-	ErrorNoNetwork     = syscall.Errno(1222)       // The network is not present or not started
-	ErrorBadPathname   = syscall.Errno(161)        // The specified path is invalid
-	ErrorInvalidObject = syscall.Errno(0x800710D8) // The object identifier does not represent a valid object
-)
-
-// defaultOwner is a tag passed to HCS to allow it to differentiate between
-// container creator management stacks. We hard code "docker" in the case
-// of docker.
-const defaultOwner = "docker"
-
-type client struct {
-	sync.Mutex
-
-	stateDir   string
-	backend    Backend
-	logger     *logrus.Entry
-	eventQ     queue
-	containers map[string]*container
-}
-
-// NewClient creates a new local executor for windows
-func NewClient(ctx context.Context, cli *containerd.Client, stateDir, ns string, b Backend) (Client, error) {
-	c := &client{
-		stateDir:   stateDir,
-		backend:    b,
-		logger:     logrus.WithField("module", "libcontainerd").WithField("module", "libcontainerd").WithField("namespace", ns),
-		containers: make(map[string]*container),
-	}
-
-	return c, nil
-}
-
-func (c *client) Version(ctx context.Context) (containerd.Version, error) {
-	return containerd.Version{}, errors.New("not implemented on Windows")
-}
-
-// Create is the entrypoint to create a container from a spec.
-// Table below shows the fields required for HCS JSON calling parameters,
-// where if not populated, is omitted.
-// +-----------------+--------------------------------------------+---------------------------------------------------+
-// |                 | Isolation=Process                          | Isolation=Hyper-V                                 |
-// +-----------------+--------------------------------------------+---------------------------------------------------+
-// | VolumePath      | \\?\\Volume{GUIDa}                         |                                                   |
-// | LayerFolderPath | %root%\windowsfilter\containerID           |                                                   |
-// | Layers[]        | ID=GUIDb;Path=%root%\windowsfilter\layerID | ID=GUIDb;Path=%root%\windowsfilter\layerID        |
-// | HvRuntime       |                                            | ImagePath=%root%\BaseLayerID\UtilityVM            |
-// +-----------------+--------------------------------------------+---------------------------------------------------+
-//
-// Isolation=Process example:
-//
-// {
-//	"SystemType": "Container",
-//	"Name": "5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
-//	"Owner": "docker",
-//	"VolumePath": "\\\\\\\\?\\\\Volume{66d1ef4c-7a00-11e6-8948-00155ddbef9d}",
-//	"IgnoreFlushesDuringBoot": true,
-//	"LayerFolderPath": "C:\\\\control\\\\windowsfilter\\\\5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
-//	"Layers": [{
-//		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
-//		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
-//	}],
-//	"HostName": "5e0055c814a6",
-//	"MappedDirectories": [],
-//	"HvPartition": false,
-//	"EndpointList": ["eef2649d-bb17-4d53-9937-295a8efe6f2c"],
-//}
-//
-// Isolation=Hyper-V example:
-//
-//{
-//	"SystemType": "Container",
-//	"Name": "475c2c58933b72687a88a441e7e0ca4bd72d76413c5f9d5031fee83b98f6045d",
-//	"Owner": "docker",
-//	"IgnoreFlushesDuringBoot": true,
-//	"Layers": [{
-//		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
-//		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
-//	}],
-//	"HostName": "475c2c58933b",
-//	"MappedDirectories": [],
-//	"HvPartition": true,
-//	"EndpointList": ["e1bb1e61-d56f-405e-b75d-fd520cefa0cb"],
-//	"DNSSearchList": "a.com,b.com,c.com",
-//	"HvRuntime": {
-//		"ImagePath": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c\\\\UtilityVM"
-//	},
-//}
-func (c *client) Create(_ context.Context, id string, spec *specs.Spec, runtimeOptions interface{}) error {
-	if ctr := c.getContainer(id); ctr != nil {
-		return errors.WithStack(newConflictError("id already in use"))
-	}
-
-	// spec.Linux must be nil for Windows containers, but spec.Windows
-	// will be filled in regardless of container platform.  This is a
-	// temporary workaround due to LCOW requiring layer folder paths,
-	// which are stored under spec.Windows.
-	//
-	// TODO: @darrenstahlmsft fix this once the OCI spec is updated to
-	// support layer folder paths for LCOW
-	if spec.Linux == nil {
-		return c.createWindows(id, spec, runtimeOptions)
-	}
-	return c.createLinux(id, spec, runtimeOptions)
-}
-
-func (c *client) createWindows(id string, spec *specs.Spec, runtimeOptions interface{}) error {
-	logger := c.logger.WithField("container", id)
-	configuration := &hcsshim.ContainerConfig{
-		SystemType:              "Container",
-		Name:                    id,
-		Owner:                   defaultOwner,
-		IgnoreFlushesDuringBoot: spec.Windows.IgnoreFlushesDuringBoot,
-		HostName:                spec.Hostname,
-		HvPartition:             false,
-	}
-
-	if spec.Windows.Resources != nil {
-		if spec.Windows.Resources.CPU != nil {
-			if spec.Windows.Resources.CPU.Count != nil {
-				// This check is being done here rather than in adaptContainerSettings
-				// because we don't want to update the HostConfig in case this container
-				// is moved to a host with more CPUs than this one.
-				cpuCount := *spec.Windows.Resources.CPU.Count
-				hostCPUCount := uint64(sysinfo.NumCPU())
-				if cpuCount > hostCPUCount {
-					c.logger.Warnf("Changing requested CPUCount of %d to current number of processors, %d", cpuCount, hostCPUCount)
-					cpuCount = hostCPUCount
-				}
-				configuration.ProcessorCount = uint32(cpuCount)
-			}
-			if spec.Windows.Resources.CPU.Shares != nil {
-				configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares)
-			}
-			if spec.Windows.Resources.CPU.Maximum != nil {
-				configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Maximum)
-			}
-		}
-		if spec.Windows.Resources.Memory != nil {
-			if spec.Windows.Resources.Memory.Limit != nil {
-				configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit) / 1024 / 1024
-			}
-		}
-		if spec.Windows.Resources.Storage != nil {
-			if spec.Windows.Resources.Storage.Bps != nil {
-				configuration.StorageBandwidthMaximum = *spec.Windows.Resources.Storage.Bps
-			}
-			if spec.Windows.Resources.Storage.Iops != nil {
-				configuration.StorageIOPSMaximum = *spec.Windows.Resources.Storage.Iops
-			}
-		}
-	}
-
-	if spec.Windows.HyperV != nil {
-		configuration.HvPartition = true
-	}
-
-	if spec.Windows.Network != nil {
-		configuration.EndpointList = spec.Windows.Network.EndpointList
-		configuration.AllowUnqualifiedDNSQuery = spec.Windows.Network.AllowUnqualifiedDNSQuery
-		if spec.Windows.Network.DNSSearchList != nil {
-			configuration.DNSSearchList = strings.Join(spec.Windows.Network.DNSSearchList, ",")
-		}
-		configuration.NetworkSharedContainerName = spec.Windows.Network.NetworkSharedContainerName
-	}
-
-	if cs, ok := spec.Windows.CredentialSpec.(string); ok {
-		configuration.Credentials = cs
-	}
-
-	// We must have least two layers in the spec, the bottom one being a
-	// base image, the top one being the RW layer.
-	if spec.Windows.LayerFolders == nil || len(spec.Windows.LayerFolders) < 2 {
-		return fmt.Errorf("OCI spec is invalid - at least two LayerFolders must be supplied to the runtime")
-	}
-
-	// Strip off the top-most layer as that's passed in separately to HCS
-	configuration.LayerFolderPath = spec.Windows.LayerFolders[len(spec.Windows.LayerFolders)-1]
-	layerFolders := spec.Windows.LayerFolders[:len(spec.Windows.LayerFolders)-1]
-
-	if configuration.HvPartition {
-		// We don't currently support setting the utility VM image explicitly.
-		// TODO @swernli/jhowardmsft circa RS5, this may be re-locatable.
-		if spec.Windows.HyperV.UtilityVMPath != "" {
-			return errors.New("runtime does not support an explicit utility VM path for Hyper-V containers")
-		}
-
-		// Find the upper-most utility VM image.
-		var uvmImagePath string
-		for _, path := range layerFolders {
-			fullPath := filepath.Join(path, "UtilityVM")
-			_, err := os.Stat(fullPath)
-			if err == nil {
-				uvmImagePath = fullPath
-				break
-			}
-			if !os.IsNotExist(err) {
-				return err
-			}
-		}
-		if uvmImagePath == "" {
-			return errors.New("utility VM image could not be found")
-		}
-		configuration.HvRuntime = &hcsshim.HvRuntime{ImagePath: uvmImagePath}
-
-		if spec.Root.Path != "" {
-			return errors.New("OCI spec is invalid - Root.Path must be omitted for a Hyper-V container")
-		}
-	} else {
-		const volumeGUIDRegex = `^\\\\\?\\(Volume)\{{0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}\}\\$`
-		if _, err := regexp.MatchString(volumeGUIDRegex, spec.Root.Path); err != nil {
-			return fmt.Errorf(`OCI spec is invalid - Root.Path '%s' must be a volume GUID path in the format '\\?\Volume{GUID}\'`, spec.Root.Path)
-		}
-		// HCS API requires the trailing backslash to be removed
-		configuration.VolumePath = spec.Root.Path[:len(spec.Root.Path)-1]
-	}
-
-	if spec.Root.Readonly {
-		return errors.New(`OCI spec is invalid - Root.Readonly must not be set on Windows`)
-	}
-
-	for _, layerPath := range layerFolders {
-		_, filename := filepath.Split(layerPath)
-		g, err := hcsshim.NameToGuid(filename)
-		if err != nil {
-			return err
-		}
-		configuration.Layers = append(configuration.Layers, hcsshim.Layer{
-			ID:   g.ToString(),
-			Path: layerPath,
-		})
-	}
-
-	// Add the mounts (volumes, bind mounts etc) to the structure
-	var mds []hcsshim.MappedDir
-	var mps []hcsshim.MappedPipe
-	for _, mount := range spec.Mounts {
-		const pipePrefix = `\\.\pipe\`
-		if mount.Type != "" {
-			return fmt.Errorf("OCI spec is invalid - Mount.Type '%s' must not be set", mount.Type)
-		}
-		if strings.HasPrefix(mount.Destination, pipePrefix) {
-			mp := hcsshim.MappedPipe{
-				HostPath:          mount.Source,
-				ContainerPipeName: mount.Destination[len(pipePrefix):],
-			}
-			mps = append(mps, mp)
-		} else {
-			md := hcsshim.MappedDir{
-				HostPath:      mount.Source,
-				ContainerPath: mount.Destination,
-				ReadOnly:      false,
-			}
-			for _, o := range mount.Options {
-				if strings.ToLower(o) == "ro" {
-					md.ReadOnly = true
-				}
-			}
-			mds = append(mds, md)
-		}
-	}
-	configuration.MappedDirectories = mds
-	if len(mps) > 0 && system.GetOSVersion().Build < 16299 { // RS3
-		return errors.New("named pipe mounts are not supported on this version of Windows")
-	}
-	configuration.MappedPipes = mps
-
-	hcsContainer, err := hcsshim.CreateContainer(id, configuration)
-	if err != nil {
-		return err
-	}
-
-	// Construct a container object for calling start on it.
-	ctr := &container{
-		id:           id,
-		execs:        make(map[string]*process),
-		isWindows:    true,
-		ociSpec:      spec,
-		hcsContainer: hcsContainer,
-		status:       StatusCreated,
-		waitCh:       make(chan struct{}),
-	}
-
-	logger.Debug("starting container")
-	if err = hcsContainer.Start(); err != nil {
-		c.logger.WithError(err).Error("failed to start container")
-		ctr.Lock()
-		if err := c.terminateContainer(ctr); err != nil {
-			c.logger.WithError(err).Error("failed to cleanup after a failed Start")
-		} else {
-			c.logger.Debug("cleaned up after failed Start by calling Terminate")
-		}
-		ctr.Unlock()
-		return err
-	}
-
-	c.Lock()
-	c.containers[id] = ctr
-	c.Unlock()
-
-	logger.Debug("createWindows() completed successfully")
-	return nil
-
-}
-
-func (c *client) createLinux(id string, spec *specs.Spec, runtimeOptions interface{}) error {
-	logrus.Debugf("libcontainerd: createLinux(): containerId %s ", id)
-	logger := c.logger.WithField("container", id)
-
-	if runtimeOptions == nil {
-		return fmt.Errorf("lcow option must be supplied to the runtime")
-	}
-	lcowConfig, ok := runtimeOptions.(*opengcs.Config)
-	if !ok {
-		return fmt.Errorf("lcow option must be supplied to the runtime")
-	}
-
-	configuration := &hcsshim.ContainerConfig{
-		HvPartition:                 true,
-		Name:                        id,
-		SystemType:                  "container",
-		ContainerType:               "linux",
-		Owner:                       defaultOwner,
-		TerminateOnLastHandleClosed: true,
-	}
-
-	if lcowConfig.ActualMode == opengcs.ModeActualVhdx {
-		configuration.HvRuntime = &hcsshim.HvRuntime{
-			ImagePath:          lcowConfig.Vhdx,
-			BootSource:         "Vhd",
-			WritableBootSource: false,
-		}
-	} else {
-		configuration.HvRuntime = &hcsshim.HvRuntime{
-			ImagePath:           lcowConfig.KirdPath,
-			LinuxKernelFile:     lcowConfig.KernelFile,
-			LinuxInitrdFile:     lcowConfig.InitrdFile,
-			LinuxBootParameters: lcowConfig.BootParameters,
-		}
-	}
-
-	if spec.Windows == nil {
-		return fmt.Errorf("spec.Windows must not be nil for LCOW containers")
-	}
-
-	// We must have least one layer in the spec
-	if spec.Windows.LayerFolders == nil || len(spec.Windows.LayerFolders) == 0 {
-		return fmt.Errorf("OCI spec is invalid - at least one LayerFolders must be supplied to the runtime")
-	}
-
-	// Strip off the top-most layer as that's passed in separately to HCS
-	configuration.LayerFolderPath = spec.Windows.LayerFolders[len(spec.Windows.LayerFolders)-1]
-	layerFolders := spec.Windows.LayerFolders[:len(spec.Windows.LayerFolders)-1]
-
-	for _, layerPath := range layerFolders {
-		_, filename := filepath.Split(layerPath)
-		g, err := hcsshim.NameToGuid(filename)
-		if err != nil {
-			return err
-		}
-		configuration.Layers = append(configuration.Layers, hcsshim.Layer{
-			ID:   g.ToString(),
-			Path: filepath.Join(layerPath, "layer.vhd"),
-		})
-	}
-
-	if spec.Windows.Network != nil {
-		configuration.EndpointList = spec.Windows.Network.EndpointList
-		configuration.AllowUnqualifiedDNSQuery = spec.Windows.Network.AllowUnqualifiedDNSQuery
-		if spec.Windows.Network.DNSSearchList != nil {
-			configuration.DNSSearchList = strings.Join(spec.Windows.Network.DNSSearchList, ",")
-		}
-		configuration.NetworkSharedContainerName = spec.Windows.Network.NetworkSharedContainerName
-	}
-
-	// Add the mounts (volumes, bind mounts etc) to the structure. We have to do
-	// some translation for both the mapped directories passed into HCS and in
-	// the spec.
-	//
-	// For HCS, we only pass in the mounts from the spec which are type "bind".
-	// Further, the "ContainerPath" field (which is a little mis-leadingly
-	// named when it applies to the utility VM rather than the container in the
-	// utility VM) is moved to under /tmp/gcs/<ID>/binds, where this is passed
-	// by the caller through a 'uvmpath' option.
-	//
-	// We do similar translation for the mounts in the spec by stripping out
-	// the uvmpath option, and translating the Source path to the location in the
-	// utility VM calculated above.
-	//
-	// From inside the utility VM, you would see a 9p mount such as in the following
-	// where a host folder has been mapped to /target. The line with /tmp/gcs/<ID>/binds
-	// specifically:
-	//
-	//	/ # mount
-	//	rootfs on / type rootfs (rw,size=463736k,nr_inodes=115934)
-	//	proc on /proc type proc (rw,relatime)
-	//	sysfs on /sys type sysfs (rw,relatime)
-	//	udev on /dev type devtmpfs (rw,relatime,size=498100k,nr_inodes=124525,mode=755)
-	//	tmpfs on /run type tmpfs (rw,relatime)
-	//	cgroup on /sys/fs/cgroup type cgroup (rw,relatime,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,net_cls,perf_event,net_prio,hugetlb,pids,rdma)
-	//	mqueue on /dev/mqueue type mqueue (rw,relatime)
-	//	devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=000)
-	//	/binds/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/target on /binds/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/target type 9p (rw,sync,dirsync,relatime,trans=fd,rfdno=6,wfdno=6)
-	//	/dev/pmem0 on /tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/layer0 type ext4 (ro,relatime,block_validity,delalloc,norecovery,barrier,dax,user_xattr,acl)
-	//	/dev/sda on /tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/scratch type ext4 (rw,relatime,block_validity,delalloc,barrier,user_xattr,acl)
-	//	overlay on /tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/rootfs type overlay (rw,relatime,lowerdir=/tmp/base/:/tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/layer0,upperdir=/tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/scratch/upper,workdir=/tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/scratch/work)
-	//
-	//  /tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc # ls -l
-	//	total 16
-	//	drwx------    3 0        0               60 Sep  7 18:54 binds
-	//	-rw-r--r--    1 0        0             3345 Sep  7 18:54 config.json
-	//	drwxr-xr-x   10 0        0             4096 Sep  6 17:26 layer0
-	//	drwxr-xr-x    1 0        0             4096 Sep  7 18:54 rootfs
-	//	drwxr-xr-x    5 0        0             4096 Sep  7 18:54 scratch
-	//
-	//	/tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc # ls -l binds
-	//	total 0
-	//	drwxrwxrwt    2 0        0             4096 Sep  7 16:51 target
-
-	mds := []hcsshim.MappedDir{}
-	specMounts := []specs.Mount{}
-	for _, mount := range spec.Mounts {
-		specMount := mount
-		if mount.Type == "bind" {
-			// Strip out the uvmpath from the options
-			updatedOptions := []string{}
-			uvmPath := ""
-			readonly := false
-			for _, opt := range mount.Options {
-				dropOption := false
-				elements := strings.SplitN(opt, "=", 2)
-				switch elements[0] {
-				case "uvmpath":
-					uvmPath = elements[1]
-					dropOption = true
-				case "rw":
-				case "ro":
-					readonly = true
-				case "rbind":
-				default:
-					return fmt.Errorf("unsupported option %q", opt)
-				}
-				if !dropOption {
-					updatedOptions = append(updatedOptions, opt)
-				}
-			}
-			mount.Options = updatedOptions
-			if uvmPath == "" {
-				return fmt.Errorf("no uvmpath for bind mount %+v", mount)
-			}
-			md := hcsshim.MappedDir{
-				HostPath:          mount.Source,
-				ContainerPath:     path.Join(uvmPath, mount.Destination),
-				CreateInUtilityVM: true,
-				ReadOnly:          readonly,
-			}
-			// If we are 1803/RS4+ enable LinuxMetadata support by default
-			if system.GetOSVersion().Build >= 17134 {
-				md.LinuxMetadata = true
-			}
-			mds = append(mds, md)
-			specMount.Source = path.Join(uvmPath, mount.Destination)
-		}
-		specMounts = append(specMounts, specMount)
-	}
-	configuration.MappedDirectories = mds
-
-	hcsContainer, err := hcsshim.CreateContainer(id, configuration)
-	if err != nil {
-		return err
-	}
-
-	spec.Mounts = specMounts
-
-	// Construct a container object for calling start on it.
-	ctr := &container{
-		id:           id,
-		execs:        make(map[string]*process),
-		isWindows:    false,
-		ociSpec:      spec,
-		hcsContainer: hcsContainer,
-		status:       StatusCreated,
-		waitCh:       make(chan struct{}),
-	}
-
-	// Start the container.
-	logger.Debug("starting container")
-	if err = hcsContainer.Start(); err != nil {
-		c.logger.WithError(err).Error("failed to start container")
-		ctr.debugGCS()
-		ctr.Lock()
-		if err := c.terminateContainer(ctr); err != nil {
-			c.logger.WithError(err).Error("failed to cleanup after a failed Start")
-		} else {
-			c.logger.Debug("cleaned up after failed Start by calling Terminate")
-		}
-		ctr.Unlock()
-		return err
-	}
-	ctr.debugGCS()
-
-	c.Lock()
-	c.containers[id] = ctr
-	c.Unlock()
-
-	c.eventQ.append(id, func() {
-		ei := EventInfo{
-			ContainerID: id,
-		}
-		c.logger.WithFields(logrus.Fields{
-			"container": ctr.id,
-			"event":     EventCreate,
-		}).Info("sending event")
-		err := c.backend.ProcessEvent(id, EventCreate, ei)
-		if err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container": id,
-				"event":     EventCreate,
-			}).Error("failed to process event")
-		}
-	})
-
-	logger.Debug("createLinux() completed successfully")
-	return nil
-}
-
-func (c *client) Start(_ context.Context, id, _ string, withStdin bool, attachStdio StdioCallback) (int, error) {
-	ctr := c.getContainer(id)
-	switch {
-	case ctr == nil:
-		return -1, errors.WithStack(newNotFoundError("no such container"))
-	case ctr.init != nil:
-		return -1, errors.WithStack(newConflictError("container already started"))
-	}
-
-	logger := c.logger.WithField("container", id)
-
-	// Note we always tell HCS to create stdout as it's required
-	// regardless of '-i' or '-t' options, so that docker can always grab
-	// the output through logs. We also tell HCS to always create stdin,
-	// even if it's not used - it will be closed shortly. Stderr is only
-	// created if it we're not -t.
-	var (
-		emulateConsole   bool
-		createStdErrPipe bool
-	)
-	if ctr.ociSpec.Process != nil {
-		emulateConsole = ctr.ociSpec.Process.Terminal
-		createStdErrPipe = !ctr.ociSpec.Process.Terminal
-	}
-
-	createProcessParms := &hcsshim.ProcessConfig{
-		EmulateConsole:   emulateConsole,
-		WorkingDirectory: ctr.ociSpec.Process.Cwd,
-		CreateStdInPipe:  true,
-		CreateStdOutPipe: true,
-		CreateStdErrPipe: createStdErrPipe,
-	}
-
-	if ctr.ociSpec.Process != nil && ctr.ociSpec.Process.ConsoleSize != nil {
-		createProcessParms.ConsoleSize[0] = uint(ctr.ociSpec.Process.ConsoleSize.Height)
-		createProcessParms.ConsoleSize[1] = uint(ctr.ociSpec.Process.ConsoleSize.Width)
-	}
-
-	// Configure the environment for the process
-	createProcessParms.Environment = setupEnvironmentVariables(ctr.ociSpec.Process.Env)
-	if ctr.isWindows {
-		createProcessParms.CommandLine = strings.Join(ctr.ociSpec.Process.Args, " ")
-	} else {
-		createProcessParms.CommandArgs = ctr.ociSpec.Process.Args
-	}
-	createProcessParms.User = ctr.ociSpec.Process.User.Username
-
-	// LCOW requires the raw OCI spec passed through HCS and onwards to
-	// GCS for the utility VM.
-	if !ctr.isWindows {
-		ociBuf, err := json.Marshal(ctr.ociSpec)
-		if err != nil {
-			return -1, err
-		}
-		ociRaw := json.RawMessage(ociBuf)
-		createProcessParms.OCISpecification = &ociRaw
-	}
-
-	ctr.Lock()
-	defer ctr.Unlock()
-
-	// Start the command running in the container.
-	newProcess, err := ctr.hcsContainer.CreateProcess(createProcessParms)
-	if err != nil {
-		logger.WithError(err).Error("CreateProcess() failed")
-		return -1, err
-	}
-	defer func() {
-		if err != nil {
-			if err := newProcess.Kill(); err != nil {
-				logger.WithError(err).Error("failed to kill process")
-			}
-			go func() {
-				if err := newProcess.Wait(); err != nil {
-					logger.WithError(err).Error("failed to wait for process")
-				}
-				if err := newProcess.Close(); err != nil {
-					logger.WithError(err).Error("failed to clean process resources")
-				}
-			}()
-		}
-	}()
-	p := &process{
-		hcsProcess: newProcess,
-		id:         InitProcessName,
-		pid:        newProcess.Pid(),
-	}
-	logger.WithField("pid", p.pid).Debug("init process started")
-
-	dio, err := newIOFromProcess(newProcess, ctr.ociSpec.Process.Terminal)
-	if err != nil {
-		logger.WithError(err).Error("failed to get stdio pipes")
-		return -1, err
-	}
-	_, err = attachStdio(dio)
-	if err != nil {
-		logger.WithError(err).Error("failed to attache stdio")
-		return -1, err
-	}
-	ctr.status = StatusRunning
-	ctr.init = p
-
-	// Spin up a go routine waiting for exit to handle cleanup
-	go c.reapProcess(ctr, p)
-
-	// Generate the associated event
-	c.eventQ.append(id, func() {
-		ei := EventInfo{
-			ContainerID: id,
-			ProcessID:   InitProcessName,
-			Pid:         uint32(p.pid),
-		}
-		c.logger.WithFields(logrus.Fields{
-			"container":  ctr.id,
-			"event":      EventStart,
-			"event-info": ei,
-		}).Info("sending event")
-		err := c.backend.ProcessEvent(ei.ContainerID, EventStart, ei)
-		if err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container":  id,
-				"event":      EventStart,
-				"event-info": ei,
-			}).Error("failed to process event")
-		}
-	})
-	logger.Debug("start() completed")
-	return p.pid, nil
-}
-
-func newIOFromProcess(newProcess hcsshim.Process, terminal bool) (*cio.DirectIO, error) {
-	stdin, stdout, stderr, err := newProcess.Stdio()
-	if err != nil {
-		return nil, err
-	}
-
-	dio := cio.NewDirectIO(createStdInCloser(stdin, newProcess), nil, nil, terminal)
-
-	// Convert io.ReadClosers to io.Readers
-	if stdout != nil {
-		dio.Stdout = ioutil.NopCloser(&autoClosingReader{ReadCloser: stdout})
-	}
-	if stderr != nil {
-		dio.Stderr = ioutil.NopCloser(&autoClosingReader{ReadCloser: stderr})
-	}
-	return dio, nil
-}
-
-// Exec adds a process in an running container
-func (c *client) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio StdioCallback) (int, error) {
-	ctr := c.getContainer(containerID)
-	switch {
-	case ctr == nil:
-		return -1, errors.WithStack(newNotFoundError("no such container"))
-	case ctr.hcsContainer == nil:
-		return -1, errors.WithStack(newInvalidParameterError("container is not running"))
-	case ctr.execs != nil && ctr.execs[processID] != nil:
-		return -1, errors.WithStack(newConflictError("id already in use"))
-	}
-	logger := c.logger.WithFields(logrus.Fields{
-		"container": containerID,
-		"exec":      processID,
-	})
-
-	// Note we always tell HCS to
-	// create stdout as it's required regardless of '-i' or '-t' options, so that
-	// docker can always grab the output through logs. We also tell HCS to always
-	// create stdin, even if it's not used - it will be closed shortly. Stderr
-	// is only created if it we're not -t.
-	createProcessParms := hcsshim.ProcessConfig{
-		CreateStdInPipe:  true,
-		CreateStdOutPipe: true,
-		CreateStdErrPipe: !spec.Terminal,
-	}
-	if spec.Terminal {
-		createProcessParms.EmulateConsole = true
-		if spec.ConsoleSize != nil {
-			createProcessParms.ConsoleSize[0] = uint(spec.ConsoleSize.Height)
-			createProcessParms.ConsoleSize[1] = uint(spec.ConsoleSize.Width)
-		}
-	}
-
-	// Take working directory from the process to add if it is defined,
-	// otherwise take from the first process.
-	if spec.Cwd != "" {
-		createProcessParms.WorkingDirectory = spec.Cwd
-	} else {
-		createProcessParms.WorkingDirectory = ctr.ociSpec.Process.Cwd
-	}
-
-	// Configure the environment for the process
-	createProcessParms.Environment = setupEnvironmentVariables(spec.Env)
-	if ctr.isWindows {
-		createProcessParms.CommandLine = strings.Join(spec.Args, " ")
-	} else {
-		createProcessParms.CommandArgs = spec.Args
-	}
-	createProcessParms.User = spec.User.Username
-
-	logger.Debugf("exec commandLine: %s", createProcessParms.CommandLine)
-
-	// Start the command running in the container.
-	newProcess, err := ctr.hcsContainer.CreateProcess(&createProcessParms)
-	if err != nil {
-		logger.WithError(err).Errorf("exec's CreateProcess() failed")
-		return -1, err
-	}
-	pid := newProcess.Pid()
-	defer func() {
-		if err != nil {
-			if err := newProcess.Kill(); err != nil {
-				logger.WithError(err).Error("failed to kill process")
-			}
-			go func() {
-				if err := newProcess.Wait(); err != nil {
-					logger.WithError(err).Error("failed to wait for process")
-				}
-				if err := newProcess.Close(); err != nil {
-					logger.WithError(err).Error("failed to clean process resources")
-				}
-			}()
-		}
-	}()
-
-	dio, err := newIOFromProcess(newProcess, spec.Terminal)
-	if err != nil {
-		logger.WithError(err).Error("failed to get stdio pipes")
-		return -1, err
-	}
-	// Tell the engine to attach streams back to the client
-	_, err = attachStdio(dio)
-	if err != nil {
-		return -1, err
-	}
-
-	p := &process{
-		id:         processID,
-		pid:        pid,
-		hcsProcess: newProcess,
-	}
-
-	// Add the process to the container's list of processes
-	ctr.Lock()
-	ctr.execs[processID] = p
-	ctr.Unlock()
-
-	// Spin up a go routine waiting for exit to handle cleanup
-	go c.reapProcess(ctr, p)
-
-	c.eventQ.append(ctr.id, func() {
-		ei := EventInfo{
-			ContainerID: ctr.id,
-			ProcessID:   p.id,
-			Pid:         uint32(p.pid),
-		}
-		c.logger.WithFields(logrus.Fields{
-			"container":  ctr.id,
-			"event":      EventExecAdded,
-			"event-info": ei,
-		}).Info("sending event")
-		err := c.backend.ProcessEvent(ctr.id, EventExecAdded, ei)
-		if err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container":  ctr.id,
-				"event":      EventExecAdded,
-				"event-info": ei,
-			}).Error("failed to process event")
-		}
-		err = c.backend.ProcessEvent(ctr.id, EventExecStarted, ei)
-		if err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container":  ctr.id,
-				"event":      EventExecStarted,
-				"event-info": ei,
-			}).Error("failed to process event")
-		}
-	})
-
-	return pid, nil
-}
-
-// Signal handles `docker stop` on Windows. While Linux has support for
-// the full range of signals, signals aren't really implemented on Windows.
-// We fake supporting regular stop and -9 to force kill.
-func (c *client) SignalProcess(_ context.Context, containerID, processID string, signal int) error {
-	ctr, p, err := c.getProcess(containerID, processID)
-	if err != nil {
-		return err
-	}
-
-	logger := c.logger.WithFields(logrus.Fields{
-		"container": containerID,
-		"process":   processID,
-		"pid":       p.pid,
-		"signal":    signal,
-	})
-	logger.Debug("Signal()")
-
-	if processID == InitProcessName {
-		if syscall.Signal(signal) == syscall.SIGKILL {
-			// Terminate the compute system
-			ctr.Lock()
-			ctr.terminateInvoked = true
-			if err := ctr.hcsContainer.Terminate(); err != nil {
-				if !hcsshim.IsPending(err) {
-					logger.WithError(err).Error("failed to terminate hccshim container")
-				}
-			}
-			ctr.Unlock()
-		} else {
-			// Shut down the container
-			if err := ctr.hcsContainer.Shutdown(); err != nil {
-				if !hcsshim.IsPending(err) && !hcsshim.IsAlreadyStopped(err) {
-					// ignore errors
-					logger.WithError(err).Error("failed to shutdown hccshim container")
-				}
-			}
-		}
-	} else {
-		return p.hcsProcess.Kill()
-	}
-
-	return nil
-}
-
-// Resize handles a CLI event to resize an interactive docker run or docker
-// exec window.
-func (c *client) ResizeTerminal(_ context.Context, containerID, processID string, width, height int) error {
-	_, p, err := c.getProcess(containerID, processID)
-	if err != nil {
-		return err
-	}
-
-	c.logger.WithFields(logrus.Fields{
-		"container": containerID,
-		"process":   processID,
-		"height":    height,
-		"width":     width,
-		"pid":       p.pid,
-	}).Debug("resizing")
-	return p.hcsProcess.ResizeConsole(uint16(width), uint16(height))
-}
-
-func (c *client) CloseStdin(_ context.Context, containerID, processID string) error {
-	_, p, err := c.getProcess(containerID, processID)
-	if err != nil {
-		return err
-	}
-
-	return p.hcsProcess.CloseStdin()
-}
-
-// Pause handles pause requests for containers
-func (c *client) Pause(_ context.Context, containerID string) error {
-	ctr, _, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return err
-	}
-
-	if ctr.ociSpec.Windows.HyperV == nil {
-		return errors.New("cannot pause Windows Server Containers")
-	}
-
-	ctr.Lock()
-	defer ctr.Unlock()
-
-	if err = ctr.hcsContainer.Pause(); err != nil {
-		return err
-	}
-
-	ctr.status = StatusPaused
-
-	c.eventQ.append(containerID, func() {
-		err := c.backend.ProcessEvent(containerID, EventPaused, EventInfo{
-			ContainerID: containerID,
-			ProcessID:   InitProcessName,
-		})
-		c.logger.WithFields(logrus.Fields{
-			"container": ctr.id,
-			"event":     EventPaused,
-		}).Info("sending event")
-		if err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container": containerID,
-				"event":     EventPaused,
-			}).Error("failed to process event")
-		}
-	})
-
-	return nil
-}
-
-// Resume handles resume requests for containers
-func (c *client) Resume(_ context.Context, containerID string) error {
-	ctr, _, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return err
-	}
-
-	if ctr.ociSpec.Windows.HyperV == nil {
-		return errors.New("cannot resume Windows Server Containers")
-	}
-
-	ctr.Lock()
-	defer ctr.Unlock()
-
-	if err = ctr.hcsContainer.Resume(); err != nil {
-		return err
-	}
-
-	ctr.status = StatusRunning
-
-	c.eventQ.append(containerID, func() {
-		err := c.backend.ProcessEvent(containerID, EventResumed, EventInfo{
-			ContainerID: containerID,
-			ProcessID:   InitProcessName,
-		})
-		c.logger.WithFields(logrus.Fields{
-			"container": ctr.id,
-			"event":     EventResumed,
-		}).Info("sending event")
-		if err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container": containerID,
-				"event":     EventResumed,
-			}).Error("failed to process event")
-		}
-	})
-
-	return nil
-}
-
-// Stats handles stats requests for containers
-func (c *client) Stats(_ context.Context, containerID string) (*Stats, error) {
-	ctr, _, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return nil, err
-	}
-
-	readAt := time.Now()
-	s, err := ctr.hcsContainer.Statistics()
-	if err != nil {
-		return nil, err
-	}
-	return &Stats{
-		Read:     readAt,
-		HCSStats: &s,
-	}, nil
-}
-
-// Restore is the handler for restoring a container
-func (c *client) Restore(ctx context.Context, id string, attachStdio StdioCallback) (bool, int, error) {
-	c.logger.WithField("container", id).Debug("restore()")
-
-	// TODO Windows: On RS1, a re-attach isn't possible.
-	// However, there is a scenario in which there is an issue.
-	// Consider a background container. The daemon dies unexpectedly.
-	// HCS will still have the compute service alive and running.
-	// For consistence, we call in to shoot it regardless if HCS knows about it
-	// We explicitly just log a warning if the terminate fails.
-	// Then we tell the backend the container exited.
-	if hc, err := hcsshim.OpenContainer(id); err == nil {
-		const terminateTimeout = time.Minute * 2
-		err := hc.Terminate()
-
-		if hcsshim.IsPending(err) {
-			err = hc.WaitTimeout(terminateTimeout)
-		} else if hcsshim.IsAlreadyStopped(err) {
-			err = nil
-		}
-
-		if err != nil {
-			c.logger.WithField("container", id).WithError(err).Debug("terminate failed on restore")
-			return false, -1, err
-		}
-	}
-	return false, -1, nil
-}
-
-// GetPidsForContainer returns a list of process IDs running in a container.
-// Not used on Windows.
-func (c *client) ListPids(_ context.Context, _ string) ([]uint32, error) {
-	return nil, errors.New("not implemented on Windows")
-}
-
-// Summary returns a summary of the processes running in a container.
-// This is present in Windows to support docker top. In linux, the
-// engine shells out to ps to get process information. On Windows, as
-// the containers could be Hyper-V containers, they would not be
-// visible on the container host. However, libcontainerd does have
-// that information.
-func (c *client) Summary(_ context.Context, containerID string) ([]Summary, error) {
-	ctr, _, err := c.getProcess(containerID, InitProcessName)
-	if err != nil {
-		return nil, err
-	}
-
-	p, err := ctr.hcsContainer.ProcessList()
-	if err != nil {
-		return nil, err
-	}
-
-	pl := make([]Summary, len(p))
-	for i := range p {
-		pl[i] = Summary(p[i])
-	}
-	return pl, nil
-}
-
-func (c *client) DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error) {
-	ec := -1
-	ctr := c.getContainer(containerID)
-	if ctr == nil {
-		return uint32(ec), time.Now(), errors.WithStack(newNotFoundError("no such container"))
-	}
-
-	select {
-	case <-ctx.Done():
-		return uint32(ec), time.Now(), errors.WithStack(ctx.Err())
-	case <-ctr.waitCh:
-	default:
-		return uint32(ec), time.Now(), errors.New("container is not stopped")
-	}
-
-	ctr.Lock()
-	defer ctr.Unlock()
-	return ctr.exitCode, ctr.exitedAt, nil
-}
-
-func (c *client) Delete(_ context.Context, containerID string) error {
-	c.Lock()
-	defer c.Unlock()
-	ctr := c.containers[containerID]
-	if ctr == nil {
-		return errors.WithStack(newNotFoundError("no such container"))
-	}
-
-	ctr.Lock()
-	defer ctr.Unlock()
-
-	switch ctr.status {
-	case StatusCreated:
-		if err := c.shutdownContainer(ctr); err != nil {
-			return err
-		}
-		fallthrough
-	case StatusStopped:
-		delete(c.containers, containerID)
-		return nil
-	}
-
-	return errors.WithStack(newInvalidParameterError("container is not stopped"))
-}
-
-func (c *client) Status(ctx context.Context, containerID string) (Status, error) {
-	c.Lock()
-	defer c.Unlock()
-	ctr := c.containers[containerID]
-	if ctr == nil {
-		return StatusUnknown, errors.WithStack(newNotFoundError("no such container"))
-	}
-
-	ctr.Lock()
-	defer ctr.Unlock()
-	return ctr.status, nil
-}
-
-func (c *client) UpdateResources(ctx context.Context, containerID string, resources *Resources) error {
-	// Updating resource isn't supported on Windows
-	// but we should return nil for enabling updating container
-	return nil
-}
-
-func (c *client) CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error {
-	return errors.New("Windows: Containers do not support checkpoints")
-}
-
-func (c *client) getContainer(id string) *container {
-	c.Lock()
-	ctr := c.containers[id]
-	c.Unlock()
-
-	return ctr
-}
-
-func (c *client) getProcess(containerID, processID string) (*container, *process, error) {
-	ctr := c.getContainer(containerID)
-	switch {
-	case ctr == nil:
-		return nil, nil, errors.WithStack(newNotFoundError("no such container"))
-	case ctr.init == nil:
-		return nil, nil, errors.WithStack(newNotFoundError("container is not running"))
-	case processID == InitProcessName:
-		return ctr, ctr.init, nil
-	default:
-		ctr.Lock()
-		defer ctr.Unlock()
-		if ctr.execs == nil {
-			return nil, nil, errors.WithStack(newNotFoundError("no execs"))
-		}
-	}
-
-	p := ctr.execs[processID]
-	if p == nil {
-		return nil, nil, errors.WithStack(newNotFoundError("no such exec"))
-	}
-
-	return ctr, p, nil
-}
-
-// ctr mutex must be held when calling this function.
-func (c *client) shutdownContainer(ctr *container) error {
-	var err error
-	const waitTimeout = time.Minute * 5
-
-	if !ctr.terminateInvoked {
-		err = ctr.hcsContainer.Shutdown()
-	}
-
-	if hcsshim.IsPending(err) || ctr.terminateInvoked {
-		err = ctr.hcsContainer.WaitTimeout(waitTimeout)
-	} else if hcsshim.IsAlreadyStopped(err) {
-		err = nil
-	}
-
-	if err != nil {
-		c.logger.WithError(err).WithField("container", ctr.id).
-			Debug("failed to shutdown container, terminating it")
-		terminateErr := c.terminateContainer(ctr)
-		if terminateErr != nil {
-			c.logger.WithError(terminateErr).WithField("container", ctr.id).
-				Error("failed to shutdown container, and subsequent terminate also failed")
-			return fmt.Errorf("%s: subsequent terminate failed %s", err, terminateErr)
-		}
-		return err
-	}
-
-	return nil
-}
-
-// ctr mutex must be held when calling this function.
-func (c *client) terminateContainer(ctr *container) error {
-	const terminateTimeout = time.Minute * 5
-	ctr.terminateInvoked = true
-	err := ctr.hcsContainer.Terminate()
-
-	if hcsshim.IsPending(err) {
-		err = ctr.hcsContainer.WaitTimeout(terminateTimeout)
-	} else if hcsshim.IsAlreadyStopped(err) {
-		err = nil
-	}
-
-	if err != nil {
-		c.logger.WithError(err).WithField("container", ctr.id).
-			Debug("failed to terminate container")
-		return err
-	}
-
-	return nil
-}
-
-func (c *client) reapProcess(ctr *container, p *process) int {
-	logger := c.logger.WithFields(logrus.Fields{
-		"container": ctr.id,
-		"process":   p.id,
-	})
-
-	var eventErr error
-
-	// Block indefinitely for the process to exit.
-	if err := p.hcsProcess.Wait(); err != nil {
-		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != windows.ERROR_BROKEN_PIPE {
-			logger.WithError(err).Warnf("Wait() failed (container may have been killed)")
-		}
-		// Fall through here, do not return. This ensures we attempt to
-		// continue the shutdown in HCS and tell the docker engine that the
-		// process/container has exited to avoid a container being dropped on
-		// the floor.
-	}
-	exitedAt := time.Now()
-
-	exitCode, err := p.hcsProcess.ExitCode()
-	if err != nil {
-		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != windows.ERROR_BROKEN_PIPE {
-			logger.WithError(err).Warnf("unable to get exit code for process")
-		}
-		// Since we got an error retrieving the exit code, make sure that the
-		// code we return doesn't incorrectly indicate success.
-		exitCode = -1
-
-		// Fall through here, do not return. This ensures we attempt to
-		// continue the shutdown in HCS and tell the docker engine that the
-		// process/container has exited to avoid a container being dropped on
-		// the floor.
-	}
-
-	if err := p.hcsProcess.Close(); err != nil {
-		logger.WithError(err).Warnf("failed to cleanup hcs process resources")
-		exitCode = -1
-		eventErr = fmt.Errorf("hcsProcess.Close() failed %s", err)
-	}
-
-	if p.id == InitProcessName {
-		// Update container status
-		ctr.Lock()
-		ctr.status = StatusStopped
-		ctr.exitedAt = exitedAt
-		ctr.exitCode = uint32(exitCode)
-		close(ctr.waitCh)
-
-		if err := c.shutdownContainer(ctr); err != nil {
-			exitCode = -1
-			logger.WithError(err).Warn("failed to shutdown container")
-			thisErr := fmt.Errorf("failed to shutdown container: %s", err)
-			if eventErr != nil {
-				eventErr = fmt.Errorf("%s: %s", eventErr, thisErr)
-			} else {
-				eventErr = thisErr
-			}
-		} else {
-			logger.Debug("completed container shutdown")
-		}
-		ctr.Unlock()
-
-		if err := ctr.hcsContainer.Close(); err != nil {
-			exitCode = -1
-			logger.WithError(err).Error("failed to clean hcs container resources")
-			thisErr := fmt.Errorf("failed to terminate container: %s", err)
-			if eventErr != nil {
-				eventErr = fmt.Errorf("%s: %s", eventErr, thisErr)
-			} else {
-				eventErr = thisErr
-			}
-		}
-	}
-
-	c.eventQ.append(ctr.id, func() {
-		ei := EventInfo{
-			ContainerID: ctr.id,
-			ProcessID:   p.id,
-			Pid:         uint32(p.pid),
-			ExitCode:    uint32(exitCode),
-			ExitedAt:    exitedAt,
-			Error:       eventErr,
-		}
-		c.logger.WithFields(logrus.Fields{
-			"container":  ctr.id,
-			"event":      EventExit,
-			"event-info": ei,
-		}).Info("sending event")
-		err := c.backend.ProcessEvent(ctr.id, EventExit, ei)
-		if err != nil {
-			c.logger.WithError(err).WithFields(logrus.Fields{
-				"container":  ctr.id,
-				"event":      EventExit,
-				"event-info": ei,
-			}).Error("failed to process event")
-		}
-		if p.id != InitProcessName {
-			ctr.Lock()
-			delete(ctr.execs, p.id)
-			ctr.Unlock()
-		}
-	})
-
-	return exitCode
-}
diff --git a/libcontainerd/errors.go b/libcontainerd/errors.go
deleted file mode 100644
index bdc26715bc798..0000000000000
--- a/libcontainerd/errors.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"errors"
-
-	"github.com/docker/docker/errdefs"
-)
-
-func newNotFoundError(err string) error { return errdefs.NotFound(errors.New(err)) }
-
-func newInvalidParameterError(err string) error { return errdefs.InvalidParameter(errors.New(err)) }
-
-func newConflictError(err string) error { return errdefs.Conflict(errors.New(err)) }
diff --git a/libcontainerd/libcontainerd_linux.go b/libcontainerd/libcontainerd_linux.go
new file mode 100644
index 0000000000000..ec195a7905e6f
--- /dev/null
+++ b/libcontainerd/libcontainerd_linux.go
@@ -0,0 +1,14 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"context"
+
+	"github.com/containerd/containerd"
+	"github.com/docker/docker/libcontainerd/remote"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+)
+
+// NewClient creates a new libcontainerd client from a containerd client
+func NewClient(ctx context.Context, cli *containerd.Client, stateDir, ns string, b libcontainerdtypes.Backend) (libcontainerdtypes.Client, error) {
+	return remote.NewClient(ctx, cli, stateDir, ns, b)
+}
diff --git a/libcontainerd/libcontainerd_windows.go b/libcontainerd/libcontainerd_windows.go
new file mode 100644
index 0000000000000..61f19ba087a3c
--- /dev/null
+++ b/libcontainerd/libcontainerd_windows.go
@@ -0,0 +1,19 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"context"
+
+	"github.com/containerd/containerd"
+	"github.com/docker/docker/libcontainerd/local"
+	"github.com/docker/docker/libcontainerd/remote"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	"github.com/docker/docker/pkg/system"
+)
+
+// NewClient creates a new libcontainerd client from a containerd client
+func NewClient(ctx context.Context, cli *containerd.Client, stateDir, ns string, b libcontainerdtypes.Backend) (libcontainerdtypes.Client, error) {
+	if !system.ContainerdRuntimeSupported() {
+		return local.NewClient(ctx, cli, stateDir, ns, b)
+	}
+	return remote.NewClient(ctx, cli, stateDir, ns, b)
+}
diff --git a/libcontainerd/local/local_windows.go b/libcontainerd/local/local_windows.go
new file mode 100644
index 0000000000000..1cc35c08132f4
--- /dev/null
+++ b/libcontainerd/local/local_windows.go
@@ -0,0 +1,1204 @@
+package local // import "github.com/docker/docker/libcontainerd/local"
+
+// This package contains the legacy in-proc calls in HCS using the v1 schema
+// for Windows runtime purposes.
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
+	containerderrdefs "github.com/containerd/containerd/errdefs"
+
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libcontainerd/queue"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/pkg/system"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows"
+)
+
+type process struct {
+	id         string
+	pid        int
+	hcsProcess hcsshim.Process
+}
+
+type container struct {
+	sync.Mutex
+
+	// The ociSpec is required, as client.Create() needs a spec, but can
+	// be called from the RestartManager context which does not otherwise
+	// have access to the Spec
+	ociSpec *specs.Spec
+
+	hcsContainer hcsshim.Container
+
+	id               string
+	status           containerd.ProcessStatus
+	exitedAt         time.Time
+	exitCode         uint32
+	waitCh           chan struct{}
+	init             *process
+	execs            map[string]*process
+	terminateInvoked bool
+}
+
+// defaultOwner is a tag passed to HCS to allow it to differentiate between
+// container creator management stacks. We hard code "docker" in the case
+// of docker.
+const defaultOwner = "docker"
+
+type client struct {
+	sync.Mutex
+
+	stateDir   string
+	backend    libcontainerdtypes.Backend
+	logger     *logrus.Entry
+	eventQ     queue.Queue
+	containers map[string]*container
+}
+
+// NewClient creates a new local executor for windows
+func NewClient(ctx context.Context, cli *containerd.Client, stateDir, ns string, b libcontainerdtypes.Backend) (libcontainerdtypes.Client, error) {
+	c := &client{
+		stateDir:   stateDir,
+		backend:    b,
+		logger:     logrus.WithField("module", "libcontainerd").WithField("module", "libcontainerd").WithField("namespace", ns),
+		containers: make(map[string]*container),
+	}
+
+	return c, nil
+}
+
+func (c *client) Version(ctx context.Context) (containerd.Version, error) {
+	return containerd.Version{}, errors.New("not implemented on Windows")
+}
+
+// Create is the entrypoint to create a container from a spec.
+// Table below shows the fields required for HCS JSON calling parameters,
+// where if not populated, is omitted.
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+// |                 | Isolation=Process                          | Isolation=Hyper-V                                 |
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+// | VolumePath      | \\?\\Volume{GUIDa}                         |                                                   |
+// | LayerFolderPath | %root%\windowsfilter\containerID           |                                                   |
+// | Layers[]        | ID=GUIDb;Path=%root%\windowsfilter\layerID | ID=GUIDb;Path=%root%\windowsfilter\layerID        |
+// | HvRuntime       |                                            | ImagePath=%root%\BaseLayerID\UtilityVM            |
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+//
+// Isolation=Process example:
+//
+// {
+// 	"SystemType": "Container",
+// 	"Name": "5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
+// 	"Owner": "docker",
+// 	"VolumePath": "\\\\\\\\?\\\\Volume{66d1ef4c-7a00-11e6-8948-00155ddbef9d}",
+// 	"IgnoreFlushesDuringBoot": true,
+// 	"LayerFolderPath": "C:\\\\control\\\\windowsfilter\\\\5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
+// 	"Layers": [{
+// 		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
+// 		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
+// 	}],
+// 	"HostName": "5e0055c814a6",
+// 	"MappedDirectories": [],
+// 	"HvPartition": false,
+// 	"EndpointList": ["eef2649d-bb17-4d53-9937-295a8efe6f2c"],
+// }
+//
+// Isolation=Hyper-V example:
+//
+// {
+// 	"SystemType": "Container",
+// 	"Name": "475c2c58933b72687a88a441e7e0ca4bd72d76413c5f9d5031fee83b98f6045d",
+// 	"Owner": "docker",
+// 	"IgnoreFlushesDuringBoot": true,
+// 	"Layers": [{
+// 		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
+// 		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
+// 	}],
+// 	"HostName": "475c2c58933b",
+// 	"MappedDirectories": [],
+// 	"HvPartition": true,
+// 	"EndpointList": ["e1bb1e61-d56f-405e-b75d-fd520cefa0cb"],
+// 	"DNSSearchList": "a.com,b.com,c.com",
+// 	"HvRuntime": {
+// 		"ImagePath": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c\\\\UtilityVM"
+// 	},
+// }
+func (c *client) Create(_ context.Context, id string, spec *specs.Spec, shim string, runtimeOptions interface{}, opts ...containerd.NewContainerOpts) error {
+	if ctr := c.getContainer(id); ctr != nil {
+		return errors.WithStack(errdefs.Conflict(errors.New("id already in use")))
+	}
+
+	var err error
+	if spec.Linux != nil {
+		return errors.New("linux containers are not supported on this platform")
+	}
+	err = c.createWindows(id, spec, runtimeOptions)
+
+	if err == nil {
+		c.eventQ.Append(id, func() {
+			ei := libcontainerdtypes.EventInfo{
+				ContainerID: id,
+			}
+			c.logger.WithFields(logrus.Fields{
+				"container": id,
+				"event":     libcontainerdtypes.EventCreate,
+			}).Info("sending event")
+			err := c.backend.ProcessEvent(id, libcontainerdtypes.EventCreate, ei)
+			if err != nil {
+				c.logger.WithError(err).WithFields(logrus.Fields{
+					"container": id,
+					"event":     libcontainerdtypes.EventCreate,
+				}).Error("failed to process event")
+			}
+		})
+	}
+	return err
+}
+
+func (c *client) createWindows(id string, spec *specs.Spec, runtimeOptions interface{}) error {
+	logger := c.logger.WithField("container", id)
+	configuration := &hcsshim.ContainerConfig{
+		SystemType:              "Container",
+		Name:                    id,
+		Owner:                   defaultOwner,
+		IgnoreFlushesDuringBoot: spec.Windows.IgnoreFlushesDuringBoot,
+		HostName:                spec.Hostname,
+		HvPartition:             false,
+	}
+
+	c.extractResourcesFromSpec(spec, configuration)
+
+	if spec.Windows.Resources != nil {
+		if spec.Windows.Resources.Storage != nil {
+			if spec.Windows.Resources.Storage.Bps != nil {
+				configuration.StorageBandwidthMaximum = *spec.Windows.Resources.Storage.Bps
+			}
+			if spec.Windows.Resources.Storage.Iops != nil {
+				configuration.StorageIOPSMaximum = *spec.Windows.Resources.Storage.Iops
+			}
+		}
+	}
+
+	if spec.Windows.HyperV != nil {
+		configuration.HvPartition = true
+	}
+
+	if spec.Windows.Network != nil {
+		configuration.EndpointList = spec.Windows.Network.EndpointList
+		configuration.AllowUnqualifiedDNSQuery = spec.Windows.Network.AllowUnqualifiedDNSQuery
+		if spec.Windows.Network.DNSSearchList != nil {
+			configuration.DNSSearchList = strings.Join(spec.Windows.Network.DNSSearchList, ",")
+		}
+		configuration.NetworkSharedContainerName = spec.Windows.Network.NetworkSharedContainerName
+	}
+
+	if cs, ok := spec.Windows.CredentialSpec.(string); ok {
+		configuration.Credentials = cs
+	}
+
+	// We must have least two layers in the spec, the bottom one being a
+	// base image, the top one being the RW layer.
+	if spec.Windows.LayerFolders == nil || len(spec.Windows.LayerFolders) < 2 {
+		return fmt.Errorf("OCI spec is invalid - at least two LayerFolders must be supplied to the runtime")
+	}
+
+	// Strip off the top-most layer as that's passed in separately to HCS
+	configuration.LayerFolderPath = spec.Windows.LayerFolders[len(spec.Windows.LayerFolders)-1]
+	layerFolders := spec.Windows.LayerFolders[:len(spec.Windows.LayerFolders)-1]
+
+	if configuration.HvPartition {
+		// We don't currently support setting the utility VM image explicitly.
+		// TODO circa RS5, this may be re-locatable.
+		if spec.Windows.HyperV.UtilityVMPath != "" {
+			return errors.New("runtime does not support an explicit utility VM path for Hyper-V containers")
+		}
+
+		// Find the upper-most utility VM image.
+		var uvmImagePath string
+		for _, path := range layerFolders {
+			fullPath := filepath.Join(path, "UtilityVM")
+			_, err := os.Stat(fullPath)
+			if err == nil {
+				uvmImagePath = fullPath
+				break
+			}
+			if !os.IsNotExist(err) {
+				return err
+			}
+		}
+		if uvmImagePath == "" {
+			return errors.New("utility VM image could not be found")
+		}
+		configuration.HvRuntime = &hcsshim.HvRuntime{ImagePath: uvmImagePath}
+
+		if spec.Root.Path != "" {
+			return errors.New("OCI spec is invalid - Root.Path must be omitted for a Hyper-V container")
+		}
+	} else {
+		const volumeGUIDRegex = `^\\\\\?\\(Volume)\{{0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}\}\\$`
+		if _, err := regexp.MatchString(volumeGUIDRegex, spec.Root.Path); err != nil {
+			return fmt.Errorf(`OCI spec is invalid - Root.Path '%s' must be a volume GUID path in the format '\\?\Volume{GUID}\'`, spec.Root.Path)
+		}
+		// HCS API requires the trailing backslash to be removed
+		configuration.VolumePath = spec.Root.Path[:len(spec.Root.Path)-1]
+	}
+
+	if spec.Root.Readonly {
+		return errors.New(`OCI spec is invalid - Root.Readonly must not be set on Windows`)
+	}
+
+	for _, layerPath := range layerFolders {
+		_, filename := filepath.Split(layerPath)
+		g, err := hcsshim.NameToGuid(filename)
+		if err != nil {
+			return err
+		}
+		configuration.Layers = append(configuration.Layers, hcsshim.Layer{
+			ID:   g.ToString(),
+			Path: layerPath,
+		})
+	}
+
+	// Add the mounts (volumes, bind mounts etc) to the structure
+	var mds []hcsshim.MappedDir
+	var mps []hcsshim.MappedPipe
+	for _, mount := range spec.Mounts {
+		const pipePrefix = `\\.\pipe\`
+		if mount.Type != "" {
+			return fmt.Errorf("OCI spec is invalid - Mount.Type '%s' must not be set", mount.Type)
+		}
+		if strings.HasPrefix(mount.Destination, pipePrefix) {
+			mp := hcsshim.MappedPipe{
+				HostPath:          mount.Source,
+				ContainerPipeName: mount.Destination[len(pipePrefix):],
+			}
+			mps = append(mps, mp)
+		} else {
+			md := hcsshim.MappedDir{
+				HostPath:      mount.Source,
+				ContainerPath: mount.Destination,
+				ReadOnly:      false,
+			}
+			for _, o := range mount.Options {
+				if strings.ToLower(o) == "ro" {
+					md.ReadOnly = true
+				}
+			}
+			mds = append(mds, md)
+		}
+	}
+	configuration.MappedDirectories = mds
+	if len(mps) > 0 && osversion.Build() < osversion.RS3 {
+		return errors.New("named pipe mounts are not supported on this version of Windows")
+	}
+	configuration.MappedPipes = mps
+
+	if len(spec.Windows.Devices) > 0 {
+		// Add any device assignments
+		if configuration.HvPartition {
+			return errors.New("device assignment is not supported for HyperV containers")
+		}
+		if osversion.Build() < osversion.RS5 {
+			return errors.New("device assignment requires Windows builds RS5 (17763+) or later")
+		}
+		for _, d := range spec.Windows.Devices {
+			configuration.AssignedDevices = append(configuration.AssignedDevices, hcsshim.AssignedDevice{InterfaceClassGUID: d.ID})
+		}
+	}
+
+	hcsContainer, err := hcsshim.CreateContainer(id, configuration)
+	if err != nil {
+		return err
+	}
+
+	// Construct a container object for calling start on it.
+	ctr := &container{
+		id:           id,
+		execs:        make(map[string]*process),
+		ociSpec:      spec,
+		hcsContainer: hcsContainer,
+		status:       containerd.Created,
+		waitCh:       make(chan struct{}),
+	}
+
+	logger.Debug("starting container")
+	if err = hcsContainer.Start(); err != nil {
+		c.logger.WithError(err).Error("failed to start container")
+		ctr.Lock()
+		if err := c.terminateContainer(ctr); err != nil {
+			c.logger.WithError(err).Error("failed to cleanup after a failed Start")
+		} else {
+			c.logger.Debug("cleaned up after failed Start by calling Terminate")
+		}
+		ctr.Unlock()
+		return err
+	}
+
+	c.Lock()
+	c.containers[id] = ctr
+	c.Unlock()
+
+	logger.Debug("createWindows() completed successfully")
+	return nil
+
+}
+
+func (c *client) extractResourcesFromSpec(spec *specs.Spec, configuration *hcsshim.ContainerConfig) {
+	if spec.Windows.Resources != nil {
+		if spec.Windows.Resources.CPU != nil {
+			if spec.Windows.Resources.CPU.Count != nil {
+				// This check is being done here rather than in adaptContainerSettings
+				// because we don't want to update the HostConfig in case this container
+				// is moved to a host with more CPUs than this one.
+				cpuCount := *spec.Windows.Resources.CPU.Count
+				hostCPUCount := uint64(sysinfo.NumCPU())
+				if cpuCount > hostCPUCount {
+					c.logger.Warnf("Changing requested CPUCount of %d to current number of processors, %d", cpuCount, hostCPUCount)
+					cpuCount = hostCPUCount
+				}
+				configuration.ProcessorCount = uint32(cpuCount)
+			}
+			if spec.Windows.Resources.CPU.Shares != nil {
+				configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares)
+			}
+			if spec.Windows.Resources.CPU.Maximum != nil {
+				configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Maximum)
+			}
+		}
+		if spec.Windows.Resources.Memory != nil {
+			if spec.Windows.Resources.Memory.Limit != nil {
+				configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit) / 1024 / 1024
+			}
+		}
+	}
+}
+
+func (c *client) Start(_ context.Context, id, _ string, withStdin bool, attachStdio libcontainerdtypes.StdioCallback) (int, error) {
+	ctr := c.getContainer(id)
+	switch {
+	case ctr == nil:
+		return -1, errors.WithStack(errdefs.NotFound(errors.New("no such container")))
+	case ctr.init != nil:
+		return -1, errors.WithStack(errdefs.NotModified(errors.New("container already started")))
+	}
+
+	logger := c.logger.WithField("container", id)
+
+	// Note we always tell HCS to create stdout as it's required
+	// regardless of '-i' or '-t' options, so that docker can always grab
+	// the output through logs. We also tell HCS to always create stdin,
+	// even if it's not used - it will be closed shortly. Stderr is only
+	// created if it we're not -t.
+	var (
+		emulateConsole   bool
+		createStdErrPipe bool
+	)
+	if ctr.ociSpec.Process != nil {
+		emulateConsole = ctr.ociSpec.Process.Terminal
+		createStdErrPipe = !ctr.ociSpec.Process.Terminal
+	}
+
+	createProcessParms := &hcsshim.ProcessConfig{
+		EmulateConsole:   emulateConsole,
+		WorkingDirectory: ctr.ociSpec.Process.Cwd,
+		CreateStdInPipe:  true,
+		CreateStdOutPipe: true,
+		CreateStdErrPipe: createStdErrPipe,
+	}
+
+	if ctr.ociSpec.Process != nil && ctr.ociSpec.Process.ConsoleSize != nil {
+		createProcessParms.ConsoleSize[0] = uint(ctr.ociSpec.Process.ConsoleSize.Height)
+		createProcessParms.ConsoleSize[1] = uint(ctr.ociSpec.Process.ConsoleSize.Width)
+	}
+
+	// Configure the environment for the process
+	createProcessParms.Environment = setupEnvironmentVariables(ctr.ociSpec.Process.Env)
+
+	// Configure the CommandLine/CommandArgs
+	setCommandLineAndArgs(ctr.ociSpec.Process, createProcessParms)
+	logger.Debugf("start commandLine: %s", createProcessParms.CommandLine)
+
+	createProcessParms.User = ctr.ociSpec.Process.User.Username
+
+	ctr.Lock()
+
+	// Start the command running in the container.
+	newProcess, err := ctr.hcsContainer.CreateProcess(createProcessParms)
+	if err != nil {
+		logger.WithError(err).Error("CreateProcess() failed")
+		// Fix for https://github.com/moby/moby/issues/38719.
+		// If the init process failed to launch, we still need to reap the
+		// container to avoid leaking it.
+		//
+		// Note we use the explicit exit code of 127 which is the
+		// Linux shell equivalent of "command not found". Windows cannot
+		// know ahead of time whether or not the command exists, especially
+		// in the case of Hyper-V containers.
+		ctr.Unlock()
+		exitedAt := time.Now()
+		p := &process{
+			id:  libcontainerdtypes.InitProcessName,
+			pid: 0,
+		}
+		c.reapContainer(ctr, p, 127, exitedAt, nil, logger)
+		return -1, err
+	}
+
+	defer ctr.Unlock()
+
+	defer func() {
+		if err != nil {
+			if err := newProcess.Kill(); err != nil {
+				logger.WithError(err).Error("failed to kill process")
+			}
+			go func() {
+				if err := newProcess.Wait(); err != nil {
+					logger.WithError(err).Error("failed to wait for process")
+				}
+				if err := newProcess.Close(); err != nil {
+					logger.WithError(err).Error("failed to clean process resources")
+				}
+			}()
+		}
+	}()
+	p := &process{
+		hcsProcess: newProcess,
+		id:         libcontainerdtypes.InitProcessName,
+		pid:        newProcess.Pid(),
+	}
+	logger.WithField("pid", p.pid).Debug("init process started")
+
+	ctr.status = containerd.Running
+	ctr.init = p
+
+	// Spin up a go routine waiting for exit to handle cleanup
+	go c.reapProcess(ctr, p)
+
+	// Don't shadow err here due to our deferred clean-up.
+	var dio *cio.DirectIO
+	dio, err = newIOFromProcess(newProcess, ctr.ociSpec.Process.Terminal)
+	if err != nil {
+		logger.WithError(err).Error("failed to get stdio pipes")
+		return -1, err
+	}
+	_, err = attachStdio(dio)
+	if err != nil {
+		logger.WithError(err).Error("failed to attach stdio")
+		return -1, err
+	}
+
+	// Generate the associated event
+	c.eventQ.Append(id, func() {
+		ei := libcontainerdtypes.EventInfo{
+			ContainerID: id,
+			ProcessID:   libcontainerdtypes.InitProcessName,
+			Pid:         uint32(p.pid),
+		}
+		c.logger.WithFields(logrus.Fields{
+			"container":  ctr.id,
+			"event":      libcontainerdtypes.EventStart,
+			"event-info": ei,
+		}).Info("sending event")
+		err := c.backend.ProcessEvent(ei.ContainerID, libcontainerdtypes.EventStart, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  id,
+				"event":      libcontainerdtypes.EventStart,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+	})
+	logger.Debug("start() completed")
+	return p.pid, nil
+}
+
+// setCommandLineAndArgs configures the HCS ProcessConfig based on an OCI process spec
+func setCommandLineAndArgs(process *specs.Process, createProcessParms *hcsshim.ProcessConfig) {
+	if process.CommandLine != "" {
+		createProcessParms.CommandLine = process.CommandLine
+	} else {
+		createProcessParms.CommandLine = system.EscapeArgs(process.Args)
+	}
+}
+
+func newIOFromProcess(newProcess hcsshim.Process, terminal bool) (*cio.DirectIO, error) {
+	stdin, stdout, stderr, err := newProcess.Stdio()
+	if err != nil {
+		return nil, err
+	}
+
+	dio := cio.NewDirectIO(createStdInCloser(stdin, newProcess), nil, nil, terminal)
+
+	// Convert io.ReadClosers to io.Readers
+	if stdout != nil {
+		dio.Stdout = io.NopCloser(&autoClosingReader{ReadCloser: stdout})
+	}
+	if stderr != nil {
+		dio.Stderr = io.NopCloser(&autoClosingReader{ReadCloser: stderr})
+	}
+	return dio, nil
+}
+
+// Exec adds a process in an running container
+func (c *client) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio libcontainerdtypes.StdioCallback) (int, error) {
+	ctr := c.getContainer(containerID)
+	switch {
+	case ctr == nil:
+		return -1, errors.WithStack(errdefs.NotFound(errors.New("no such container")))
+	case ctr.hcsContainer == nil:
+		return -1, errors.WithStack(errdefs.InvalidParameter(errors.New("container is not running")))
+	case ctr.execs != nil && ctr.execs[processID] != nil:
+		return -1, errors.WithStack(errdefs.Conflict(errors.New("id already in use")))
+	}
+	logger := c.logger.WithFields(logrus.Fields{
+		"container": containerID,
+		"exec":      processID,
+	})
+
+	// Note we always tell HCS to
+	// create stdout as it's required regardless of '-i' or '-t' options, so that
+	// docker can always grab the output through logs. We also tell HCS to always
+	// create stdin, even if it's not used - it will be closed shortly. Stderr
+	// is only created if it we're not -t.
+	createProcessParms := &hcsshim.ProcessConfig{
+		CreateStdInPipe:  true,
+		CreateStdOutPipe: true,
+		CreateStdErrPipe: !spec.Terminal,
+	}
+	if spec.Terminal {
+		createProcessParms.EmulateConsole = true
+		if spec.ConsoleSize != nil {
+			createProcessParms.ConsoleSize[0] = uint(spec.ConsoleSize.Height)
+			createProcessParms.ConsoleSize[1] = uint(spec.ConsoleSize.Width)
+		}
+	}
+
+	// Take working directory from the process to add if it is defined,
+	// otherwise take from the first process.
+	if spec.Cwd != "" {
+		createProcessParms.WorkingDirectory = spec.Cwd
+	} else {
+		createProcessParms.WorkingDirectory = ctr.ociSpec.Process.Cwd
+	}
+
+	// Configure the environment for the process
+	createProcessParms.Environment = setupEnvironmentVariables(spec.Env)
+
+	// Configure the CommandLine/CommandArgs
+	setCommandLineAndArgs(spec, createProcessParms)
+	logger.Debugf("exec commandLine: %s", createProcessParms.CommandLine)
+
+	createProcessParms.User = spec.User.Username
+
+	// Start the command running in the container.
+	newProcess, err := ctr.hcsContainer.CreateProcess(createProcessParms)
+	if err != nil {
+		logger.WithError(err).Errorf("exec's CreateProcess() failed")
+		return -1, err
+	}
+	pid := newProcess.Pid()
+	defer func() {
+		if err != nil {
+			if err := newProcess.Kill(); err != nil {
+				logger.WithError(err).Error("failed to kill process")
+			}
+			go func() {
+				if err := newProcess.Wait(); err != nil {
+					logger.WithError(err).Error("failed to wait for process")
+				}
+				if err := newProcess.Close(); err != nil {
+					logger.WithError(err).Error("failed to clean process resources")
+				}
+			}()
+		}
+	}()
+
+	dio, err := newIOFromProcess(newProcess, spec.Terminal)
+	if err != nil {
+		logger.WithError(err).Error("failed to get stdio pipes")
+		return -1, err
+	}
+	// Tell the engine to attach streams back to the client
+	_, err = attachStdio(dio)
+	if err != nil {
+		return -1, err
+	}
+
+	p := &process{
+		id:         processID,
+		pid:        pid,
+		hcsProcess: newProcess,
+	}
+
+	// Add the process to the container's list of processes
+	ctr.Lock()
+	ctr.execs[processID] = p
+	ctr.Unlock()
+
+	// Spin up a go routine waiting for exit to handle cleanup
+	go c.reapProcess(ctr, p)
+
+	c.eventQ.Append(ctr.id, func() {
+		ei := libcontainerdtypes.EventInfo{
+			ContainerID: ctr.id,
+			ProcessID:   p.id,
+			Pid:         uint32(p.pid),
+		}
+		c.logger.WithFields(logrus.Fields{
+			"container":  ctr.id,
+			"event":      libcontainerdtypes.EventExecAdded,
+			"event-info": ei,
+		}).Info("sending event")
+		err := c.backend.ProcessEvent(ctr.id, libcontainerdtypes.EventExecAdded, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  ctr.id,
+				"event":      libcontainerdtypes.EventExecAdded,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+		err = c.backend.ProcessEvent(ctr.id, libcontainerdtypes.EventExecStarted, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  ctr.id,
+				"event":      libcontainerdtypes.EventExecStarted,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+	})
+
+	return pid, nil
+}
+
+// SignalProcess handles `docker stop` on Windows. While Linux has support for
+// the full range of signals, signals aren't really implemented on Windows.
+// We fake supporting regular stop and -9 to force kill.
+func (c *client) SignalProcess(_ context.Context, containerID, processID string, signal int) error {
+	ctr, p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	logger := c.logger.WithFields(logrus.Fields{
+		"container": containerID,
+		"process":   processID,
+		"pid":       p.pid,
+		"signal":    signal,
+	})
+	logger.Debug("Signal()")
+
+	if processID == libcontainerdtypes.InitProcessName {
+		if syscall.Signal(signal) == syscall.SIGKILL {
+			// Terminate the compute system
+			ctr.Lock()
+			ctr.terminateInvoked = true
+			if err := ctr.hcsContainer.Terminate(); err != nil {
+				if !hcsshim.IsPending(err) {
+					logger.WithError(err).Error("failed to terminate hccshim container")
+				}
+			}
+			ctr.Unlock()
+		} else {
+			// Shut down the container
+			if err := ctr.hcsContainer.Shutdown(); err != nil {
+				if !hcsshim.IsPending(err) && !hcsshim.IsAlreadyStopped(err) {
+					// ignore errors
+					logger.WithError(err).Error("failed to shutdown hccshim container")
+				}
+			}
+		}
+	} else {
+		return p.hcsProcess.Kill()
+	}
+
+	return nil
+}
+
+// ResizeTerminal handles a CLI event to resize an interactive docker run or docker
+// exec window.
+func (c *client) ResizeTerminal(_ context.Context, containerID, processID string, width, height int) error {
+	_, p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	c.logger.WithFields(logrus.Fields{
+		"container": containerID,
+		"process":   processID,
+		"height":    height,
+		"width":     width,
+		"pid":       p.pid,
+	}).Debug("resizing")
+	return p.hcsProcess.ResizeConsole(uint16(width), uint16(height))
+}
+
+func (c *client) CloseStdin(_ context.Context, containerID, processID string) error {
+	_, p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	return p.hcsProcess.CloseStdin()
+}
+
+// Pause handles pause requests for containers
+func (c *client) Pause(_ context.Context, containerID string) error {
+	ctr, _, err := c.getProcess(containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	if ctr.ociSpec.Windows.HyperV == nil {
+		return containerderrdefs.ErrNotImplemented
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+
+	if err = ctr.hcsContainer.Pause(); err != nil {
+		return err
+	}
+
+	ctr.status = containerd.Paused
+
+	c.eventQ.Append(containerID, func() {
+		err := c.backend.ProcessEvent(containerID, libcontainerdtypes.EventPaused, libcontainerdtypes.EventInfo{
+			ContainerID: containerID,
+			ProcessID:   libcontainerdtypes.InitProcessName,
+		})
+		c.logger.WithFields(logrus.Fields{
+			"container": ctr.id,
+			"event":     libcontainerdtypes.EventPaused,
+		}).Info("sending event")
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container": containerID,
+				"event":     libcontainerdtypes.EventPaused,
+			}).Error("failed to process event")
+		}
+	})
+
+	return nil
+}
+
+// Resume handles resume requests for containers
+func (c *client) Resume(_ context.Context, containerID string) error {
+	ctr, _, err := c.getProcess(containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	if ctr.ociSpec.Windows.HyperV == nil {
+		return errors.New("cannot resume Windows Server Containers")
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+
+	if err = ctr.hcsContainer.Resume(); err != nil {
+		return err
+	}
+
+	ctr.status = containerd.Running
+
+	c.eventQ.Append(containerID, func() {
+		err := c.backend.ProcessEvent(containerID, libcontainerdtypes.EventResumed, libcontainerdtypes.EventInfo{
+			ContainerID: containerID,
+			ProcessID:   libcontainerdtypes.InitProcessName,
+		})
+		c.logger.WithFields(logrus.Fields{
+			"container": ctr.id,
+			"event":     libcontainerdtypes.EventResumed,
+		}).Info("sending event")
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container": containerID,
+				"event":     libcontainerdtypes.EventResumed,
+			}).Error("failed to process event")
+		}
+	})
+
+	return nil
+}
+
+// Stats handles stats requests for containers
+func (c *client) Stats(_ context.Context, containerID string) (*libcontainerdtypes.Stats, error) {
+	ctr, _, err := c.getProcess(containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	readAt := time.Now()
+	s, err := ctr.hcsContainer.Statistics()
+	if err != nil {
+		return nil, err
+	}
+	return &libcontainerdtypes.Stats{
+		Read:     readAt,
+		HCSStats: &s,
+	}, nil
+}
+
+// Restore is the handler for restoring a container
+func (c *client) Restore(ctx context.Context, id string, attachStdio libcontainerdtypes.StdioCallback) (bool, int, libcontainerdtypes.Process, error) {
+	c.logger.WithField("container", id).Debug("restore()")
+
+	// TODO Windows: On RS1, a re-attach isn't possible.
+	// However, there is a scenario in which there is an issue.
+	// Consider a background container. The daemon dies unexpectedly.
+	// HCS will still have the compute service alive and running.
+	// For consistence, we call in to shoot it regardless if HCS knows about it
+	// We explicitly just log a warning if the terminate fails.
+	// Then we tell the backend the container exited.
+	if hc, err := hcsshim.OpenContainer(id); err == nil {
+		const terminateTimeout = time.Minute * 2
+		err := hc.Terminate()
+
+		if hcsshim.IsPending(err) {
+			err = hc.WaitTimeout(terminateTimeout)
+		} else if hcsshim.IsAlreadyStopped(err) {
+			err = nil
+		}
+
+		if err != nil {
+			c.logger.WithField("container", id).WithError(err).Debug("terminate failed on restore")
+			return false, -1, nil, err
+		}
+	}
+	return false, -1, &restoredProcess{
+		c:  c,
+		id: id,
+	}, nil
+}
+
+// ListPids returns a list of process IDs running in a container. It is not
+// implemented on Windows.
+func (c *client) ListPids(_ context.Context, _ string) ([]uint32, error) {
+	return nil, errors.New("not implemented on Windows")
+}
+
+// Summary returns a summary of the processes running in a container.
+// This is present in Windows to support docker top. In linux, the
+// engine shells out to ps to get process information. On Windows, as
+// the containers could be Hyper-V containers, they would not be
+// visible on the container host. However, libcontainerd does have
+// that information.
+func (c *client) Summary(_ context.Context, containerID string) ([]libcontainerdtypes.Summary, error) {
+	ctr, _, err := c.getProcess(containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	p, err := ctr.hcsContainer.ProcessList()
+	if err != nil {
+		return nil, err
+	}
+
+	pl := make([]libcontainerdtypes.Summary, len(p))
+	for i := range p {
+		pl[i] = libcontainerdtypes.Summary{
+			ImageName:                    p[i].ImageName,
+			CreatedAt:                    p[i].CreateTimestamp,
+			KernelTime_100Ns:             p[i].KernelTime100ns,
+			MemoryCommitBytes:            p[i].MemoryCommitBytes,
+			MemoryWorkingSetPrivateBytes: p[i].MemoryWorkingSetPrivateBytes,
+			MemoryWorkingSetSharedBytes:  p[i].MemoryWorkingSetSharedBytes,
+			ProcessID:                    p[i].ProcessId,
+			UserTime_100Ns:               p[i].UserTime100ns,
+			ExecID:                       "",
+		}
+	}
+	return pl, nil
+}
+
+type restoredProcess struct {
+	id string
+	c  *client
+}
+
+func (p *restoredProcess) Delete(ctx context.Context) (uint32, time.Time, error) {
+	return p.c.DeleteTask(ctx, p.id)
+}
+
+func (c *client) DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error) {
+	ec := -1
+	ctr := c.getContainer(containerID)
+	if ctr == nil {
+		return uint32(ec), time.Now(), errors.WithStack(errdefs.NotFound(errors.New("no such container")))
+	}
+
+	select {
+	case <-ctx.Done():
+		return uint32(ec), time.Now(), errors.WithStack(ctx.Err())
+	case <-ctr.waitCh:
+	default:
+		return uint32(ec), time.Now(), errors.New("container is not stopped")
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+	return ctr.exitCode, ctr.exitedAt, nil
+}
+
+func (c *client) Delete(_ context.Context, containerID string) error {
+	c.Lock()
+	defer c.Unlock()
+	ctr := c.containers[containerID]
+	if ctr == nil {
+		return errors.WithStack(errdefs.NotFound(errors.New("no such container")))
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+
+	switch ctr.status {
+	case containerd.Created:
+		if err := c.shutdownContainer(ctr); err != nil {
+			return err
+		}
+		fallthrough
+	case containerd.Stopped:
+		delete(c.containers, containerID)
+		return nil
+	}
+
+	return errors.WithStack(errdefs.InvalidParameter(errors.New("container is not stopped")))
+}
+
+func (c *client) Status(ctx context.Context, containerID string) (containerd.ProcessStatus, error) {
+	c.Lock()
+	defer c.Unlock()
+	ctr := c.containers[containerID]
+	if ctr == nil {
+		return containerd.Unknown, errors.WithStack(errdefs.NotFound(errors.New("no such container")))
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+	return ctr.status, nil
+}
+
+func (c *client) UpdateResources(ctx context.Context, containerID string, resources *libcontainerdtypes.Resources) error {
+	// Updating resource isn't supported on Windows
+	// but we should return nil for enabling updating container
+	return nil
+}
+
+func (c *client) CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error {
+	return errors.New("Windows: Containers do not support checkpoints")
+}
+
+func (c *client) getContainer(id string) *container {
+	c.Lock()
+	ctr := c.containers[id]
+	c.Unlock()
+
+	return ctr
+}
+
+func (c *client) getProcess(containerID, processID string) (*container, *process, error) {
+	ctr := c.getContainer(containerID)
+	switch {
+	case ctr == nil:
+		return nil, nil, errors.WithStack(errdefs.NotFound(errors.New("no such container")))
+	case ctr.init == nil:
+		return nil, nil, errors.WithStack(errdefs.NotFound(errors.New("container is not running")))
+	case processID == libcontainerdtypes.InitProcessName:
+		return ctr, ctr.init, nil
+	default:
+		ctr.Lock()
+		defer ctr.Unlock()
+		if ctr.execs == nil {
+			return nil, nil, errors.WithStack(errdefs.NotFound(errors.New("no execs")))
+		}
+	}
+
+	p := ctr.execs[processID]
+	if p == nil {
+		return nil, nil, errors.WithStack(errdefs.NotFound(errors.New("no such exec")))
+	}
+
+	return ctr, p, nil
+}
+
+// ctr mutex must be held when calling this function.
+func (c *client) shutdownContainer(ctr *container) error {
+	var err error
+	const waitTimeout = time.Minute * 5
+
+	if !ctr.terminateInvoked {
+		err = ctr.hcsContainer.Shutdown()
+	}
+
+	if hcsshim.IsPending(err) || ctr.terminateInvoked {
+		err = ctr.hcsContainer.WaitTimeout(waitTimeout)
+	} else if hcsshim.IsAlreadyStopped(err) {
+		err = nil
+	}
+
+	if err != nil {
+		c.logger.WithError(err).WithField("container", ctr.id).
+			Debug("failed to shutdown container, terminating it")
+		terminateErr := c.terminateContainer(ctr)
+		if terminateErr != nil {
+			c.logger.WithError(terminateErr).WithField("container", ctr.id).
+				Error("failed to shutdown container, and subsequent terminate also failed")
+			return fmt.Errorf("%s: subsequent terminate failed %s", err, terminateErr)
+		}
+		return err
+	}
+
+	return nil
+}
+
+// ctr mutex must be held when calling this function.
+func (c *client) terminateContainer(ctr *container) error {
+	const terminateTimeout = time.Minute * 5
+	ctr.terminateInvoked = true
+	err := ctr.hcsContainer.Terminate()
+
+	if hcsshim.IsPending(err) {
+		err = ctr.hcsContainer.WaitTimeout(terminateTimeout)
+	} else if hcsshim.IsAlreadyStopped(err) {
+		err = nil
+	}
+
+	if err != nil {
+		c.logger.WithError(err).WithField("container", ctr.id).
+			Debug("failed to terminate container")
+		return err
+	}
+
+	return nil
+}
+
+func (c *client) reapProcess(ctr *container, p *process) int {
+	logger := c.logger.WithFields(logrus.Fields{
+		"container": ctr.id,
+		"process":   p.id,
+	})
+
+	var eventErr error
+
+	// Block indefinitely for the process to exit.
+	if err := p.hcsProcess.Wait(); err != nil {
+		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != windows.ERROR_BROKEN_PIPE {
+			logger.WithError(err).Warnf("Wait() failed (container may have been killed)")
+		}
+		// Fall through here, do not return. This ensures we attempt to
+		// continue the shutdown in HCS and tell the docker engine that the
+		// process/container has exited to avoid a container being dropped on
+		// the floor.
+	}
+	exitedAt := time.Now()
+
+	exitCode, err := p.hcsProcess.ExitCode()
+	if err != nil {
+		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != windows.ERROR_BROKEN_PIPE {
+			logger.WithError(err).Warnf("unable to get exit code for process")
+		}
+		// Since we got an error retrieving the exit code, make sure that the
+		// code we return doesn't incorrectly indicate success.
+		exitCode = -1
+
+		// Fall through here, do not return. This ensures we attempt to
+		// continue the shutdown in HCS and tell the docker engine that the
+		// process/container has exited to avoid a container being dropped on
+		// the floor.
+	}
+
+	if err := p.hcsProcess.Close(); err != nil {
+		logger.WithError(err).Warnf("failed to cleanup hcs process resources")
+		exitCode = -1
+		eventErr = fmt.Errorf("hcsProcess.Close() failed %s", err)
+	}
+
+	if p.id == libcontainerdtypes.InitProcessName {
+		exitCode, eventErr = c.reapContainer(ctr, p, exitCode, exitedAt, eventErr, logger)
+	}
+
+	c.eventQ.Append(ctr.id, func() {
+		ei := libcontainerdtypes.EventInfo{
+			ContainerID: ctr.id,
+			ProcessID:   p.id,
+			Pid:         uint32(p.pid),
+			ExitCode:    uint32(exitCode),
+			ExitedAt:    exitedAt,
+			Error:       eventErr,
+		}
+		c.logger.WithFields(logrus.Fields{
+			"container":  ctr.id,
+			"event":      libcontainerdtypes.EventExit,
+			"event-info": ei,
+		}).Info("sending event")
+		err := c.backend.ProcessEvent(ctr.id, libcontainerdtypes.EventExit, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  ctr.id,
+				"event":      libcontainerdtypes.EventExit,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+		if p.id != libcontainerdtypes.InitProcessName {
+			ctr.Lock()
+			delete(ctr.execs, p.id)
+			ctr.Unlock()
+		}
+	})
+
+	return exitCode
+}
+
+// reapContainer shuts down the container and releases associated resources. It returns
+// the error to be logged in the eventInfo sent back to the monitor.
+func (c *client) reapContainer(ctr *container, p *process, exitCode int, exitedAt time.Time, eventErr error, logger *logrus.Entry) (int, error) {
+	// Update container status
+	ctr.Lock()
+	ctr.status = containerd.Stopped
+	ctr.exitedAt = exitedAt
+	ctr.exitCode = uint32(exitCode)
+	close(ctr.waitCh)
+
+	if err := c.shutdownContainer(ctr); err != nil {
+		exitCode = -1
+		logger.WithError(err).Warn("failed to shutdown container")
+		thisErr := errors.Wrap(err, "failed to shutdown container")
+		if eventErr != nil {
+			eventErr = errors.Wrap(eventErr, thisErr.Error())
+		} else {
+			eventErr = thisErr
+		}
+	} else {
+		logger.Debug("completed container shutdown")
+	}
+	ctr.Unlock()
+
+	if err := ctr.hcsContainer.Close(); err != nil {
+		exitCode = -1
+		logger.WithError(err).Error("failed to clean hcs container resources")
+		thisErr := errors.Wrap(err, "failed to terminate container")
+		if eventErr != nil {
+			eventErr = errors.Wrap(eventErr, thisErr.Error())
+		} else {
+			eventErr = thisErr
+		}
+	}
+	return exitCode, eventErr
+}
diff --git a/libcontainerd/process_windows.go b/libcontainerd/local/process_windows.go
similarity index 92%
rename from libcontainerd/process_windows.go
rename to libcontainerd/local/process_windows.go
index 8cdf1daca8d56..6ff9f7e83ec75 100644
--- a/libcontainerd/process_windows.go
+++ b/libcontainerd/local/process_windows.go
@@ -1,4 +1,4 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
+package local // import "github.com/docker/docker/libcontainerd/local"
 
 import (
 	"io"
diff --git a/libcontainerd/local/utils_windows.go b/libcontainerd/local/utils_windows.go
new file mode 100644
index 0000000000000..ccb52ba4f2611
--- /dev/null
+++ b/libcontainerd/local/utils_windows.go
@@ -0,0 +1,16 @@
+package local // import "github.com/docker/docker/libcontainerd/local"
+
+import "strings"
+
+// setupEnvironmentVariables converts a string array of environment variables
+// into a map as required by the HCS. Source array is in format [v1=k1] [v2=k2] etc.
+func setupEnvironmentVariables(a []string) map[string]string {
+	r := make(map[string]string)
+	for _, s := range a {
+		arr := strings.SplitN(s, "=", 2)
+		if len(arr) == 2 {
+			r[arr[0]] = arr[1]
+		}
+	}
+	return r
+}
diff --git a/libcontainerd/utils_windows_test.go b/libcontainerd/local/utils_windows_test.go
similarity index 81%
rename from libcontainerd/utils_windows_test.go
rename to libcontainerd/local/utils_windows_test.go
index 2e0c260ecad45..4fc837e326581 100644
--- a/libcontainerd/utils_windows_test.go
+++ b/libcontainerd/local/utils_windows_test.go
@@ -1,4 +1,4 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
+package local // import "github.com/docker/docker/libcontainerd/local"
 
 import (
 	"testing"
diff --git a/libcontainerd/queue.go b/libcontainerd/queue.go
deleted file mode 100644
index 207722c4419a3..0000000000000
--- a/libcontainerd/queue.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import "sync"
-
-type queue struct {
-	sync.Mutex
-	fns map[string]chan struct{}
-}
-
-func (q *queue) append(id string, f func()) {
-	q.Lock()
-	defer q.Unlock()
-
-	if q.fns == nil {
-		q.fns = make(map[string]chan struct{})
-	}
-
-	done := make(chan struct{})
-
-	fn, ok := q.fns[id]
-	q.fns[id] = done
-	go func() {
-		if ok {
-			<-fn
-		}
-		f()
-		close(done)
-
-		q.Lock()
-		if q.fns[id] == done {
-			delete(q.fns, id)
-		}
-		q.Unlock()
-	}()
-}
diff --git a/libcontainerd/queue/queue.go b/libcontainerd/queue/queue.go
new file mode 100644
index 0000000000000..71ff0c79cd09a
--- /dev/null
+++ b/libcontainerd/queue/queue.go
@@ -0,0 +1,37 @@
+package queue // import "github.com/docker/docker/libcontainerd/queue"
+
+import "sync"
+
+// Queue is the structure used for holding functions in a queue.
+type Queue struct {
+	sync.Mutex
+	fns map[string]chan struct{}
+}
+
+// Append adds an item to a queue.
+func (q *Queue) Append(id string, f func()) {
+	q.Lock()
+	defer q.Unlock()
+
+	if q.fns == nil {
+		q.fns = make(map[string]chan struct{})
+	}
+
+	done := make(chan struct{})
+
+	fn, ok := q.fns[id]
+	q.fns[id] = done
+	go func() {
+		if ok {
+			<-fn
+		}
+		f()
+		close(done)
+
+		q.Lock()
+		if q.fns[id] == done {
+			delete(q.fns, id)
+		}
+		q.Unlock()
+	}()
+}
diff --git a/libcontainerd/queue/queue_test.go b/libcontainerd/queue/queue_test.go
new file mode 100644
index 0000000000000..66381bf8e8d6b
--- /dev/null
+++ b/libcontainerd/queue/queue_test.go
@@ -0,0 +1,31 @@
+package queue // import "github.com/docker/docker/libcontainerd/queue"
+
+import (
+	"testing"
+	"time"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestSerialization(t *testing.T) {
+	var (
+		q             Queue
+		serialization = 1
+	)
+
+	q.Append("aaa", func() {
+		// simulate a long time task
+		time.Sleep(10 * time.Millisecond)
+		assert.Equal(t, serialization, 1)
+		serialization = 2
+	})
+	q.Append("aaa", func() {
+		assert.Equal(t, serialization, 2)
+		serialization = 3
+	})
+	q.Append("aaa", func() {
+		assert.Equal(t, serialization, 3)
+		serialization = 4
+	})
+	time.Sleep(20 * time.Millisecond)
+}
diff --git a/libcontainerd/queue_test.go b/libcontainerd/queue_test.go
deleted file mode 100644
index e13afca89a25a..0000000000000
--- a/libcontainerd/queue_test.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"testing"
-	"time"
-
-	"gotest.tools/assert"
-)
-
-func TestSerialization(t *testing.T) {
-	var (
-		q             queue
-		serialization = 1
-	)
-
-	q.append("aaa", func() {
-		//simulate a long time task
-		time.Sleep(10 * time.Millisecond)
-		assert.Equal(t, serialization, 1)
-		serialization = 2
-	})
-	q.append("aaa", func() {
-		assert.Equal(t, serialization, 2)
-		serialization = 3
-	})
-	q.append("aaa", func() {
-		assert.Equal(t, serialization, 3)
-		serialization = 4
-	})
-	time.Sleep(20 * time.Millisecond)
-}
diff --git a/libcontainerd/remote/client.go b/libcontainerd/remote/client.go
new file mode 100644
index 0000000000000..f82911884e5b4
--- /dev/null
+++ b/libcontainerd/remote/client.go
@@ -0,0 +1,935 @@
+package remote // import "github.com/docker/docker/libcontainerd/remote"
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"os"
+	"path/filepath"
+	"reflect"
+	"runtime"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/containerd/containerd"
+	apievents "github.com/containerd/containerd/api/events"
+	"github.com/containerd/containerd/api/types"
+	"github.com/containerd/containerd/archive"
+	"github.com/containerd/containerd/cio"
+	"github.com/containerd/containerd/content"
+	containerderrors "github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/events"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/runtime/linux/runctypes"
+	v2runcoptions "github.com/containerd/containerd/runtime/v2/runc/options"
+	"github.com/containerd/typeurl"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libcontainerd/queue"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	"github.com/docker/docker/pkg/ioutils"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// DockerContainerBundlePath is the label key pointing to the container's bundle path
+const DockerContainerBundlePath = "com.docker/engine.bundle.path"
+
+type client struct {
+	client   *containerd.Client
+	stateDir string
+	logger   *logrus.Entry
+	ns       string
+
+	backend         libcontainerdtypes.Backend
+	eventQ          queue.Queue
+	oomMu           sync.Mutex
+	oom             map[string]bool
+	v2runcoptionsMu sync.Mutex
+	// v2runcoptions is used for copying options specified on Create() to Start()
+	v2runcoptions map[string]v2runcoptions.Options
+}
+
+// NewClient creates a new libcontainerd client from a containerd client
+func NewClient(ctx context.Context, cli *containerd.Client, stateDir, ns string, b libcontainerdtypes.Backend) (libcontainerdtypes.Client, error) {
+	c := &client{
+		client:        cli,
+		stateDir:      stateDir,
+		logger:        logrus.WithField("module", "libcontainerd").WithField("namespace", ns),
+		ns:            ns,
+		backend:       b,
+		oom:           make(map[string]bool),
+		v2runcoptions: make(map[string]v2runcoptions.Options),
+	}
+
+	go c.processEventStream(ctx, ns)
+
+	return c, nil
+}
+
+func (c *client) Version(ctx context.Context) (containerd.Version, error) {
+	return c.client.Version(ctx)
+}
+
+// Restore loads the containerd container.
+// It should not be called concurrently with any other operation for the given ID.
+func (c *client) Restore(ctx context.Context, id string, attachStdio libcontainerdtypes.StdioCallback) (alive bool, pid int, p libcontainerdtypes.Process, err error) {
+	var dio *cio.DirectIO
+	defer func() {
+		if err != nil && dio != nil {
+			dio.Cancel()
+			dio.Close()
+		}
+		err = wrapError(err)
+	}()
+
+	ctr, err := c.client.LoadContainer(ctx, id)
+	if err != nil {
+		return false, -1, nil, errors.WithStack(wrapError(err))
+	}
+
+	attachIO := func(fifos *cio.FIFOSet) (cio.IO, error) {
+		// dio must be assigned to the previously defined dio for the defer above
+		// to handle cleanup
+		dio, err = c.newDirectIO(ctx, fifos)
+		if err != nil {
+			return nil, err
+		}
+		return attachStdio(dio)
+	}
+	t, err := ctr.Task(ctx, attachIO)
+	if err != nil && !containerderrors.IsNotFound(err) {
+		return false, -1, nil, errors.Wrap(wrapError(err), "error getting containerd task for container")
+	}
+
+	if t != nil {
+		s, err := t.Status(ctx)
+		if err != nil {
+			return false, -1, nil, errors.Wrap(wrapError(err), "error getting task status")
+		}
+		alive = s.Status != containerd.Stopped
+		pid = int(t.Pid())
+	}
+
+	c.logger.WithFields(logrus.Fields{
+		"container": id,
+		"alive":     alive,
+		"pid":       pid,
+	}).Debug("restored container")
+
+	return alive, pid, &restoredProcess{
+		p: t,
+	}, nil
+}
+
+func (c *client) Create(ctx context.Context, id string, ociSpec *specs.Spec, shim string, runtimeOptions interface{}, opts ...containerd.NewContainerOpts) error {
+	bdir := c.bundleDir(id)
+	c.logger.WithField("bundle", bdir).WithField("root", ociSpec.Root.Path).Debug("bundle dir created")
+
+	newOpts := []containerd.NewContainerOpts{
+		containerd.WithSpec(ociSpec),
+		containerd.WithRuntime(shim, runtimeOptions),
+		WithBundle(bdir, ociSpec),
+	}
+	opts = append(opts, newOpts...)
+
+	_, err := c.client.NewContainer(ctx, id, opts...)
+	if err != nil {
+		if containerderrors.IsAlreadyExists(err) {
+			return errors.WithStack(errdefs.Conflict(errors.New("id already in use")))
+		}
+		return wrapError(err)
+	}
+	if x, ok := runtimeOptions.(*v2runcoptions.Options); ok {
+		c.v2runcoptionsMu.Lock()
+		c.v2runcoptions[id] = *x
+		c.v2runcoptionsMu.Unlock()
+	}
+	return nil
+}
+
+// Start create and start a task for the specified containerd id
+func (c *client) Start(ctx context.Context, id, checkpointDir string, withStdin bool, attachStdio libcontainerdtypes.StdioCallback) (int, error) {
+	ctr, err := c.getContainer(ctx, id)
+	if err != nil {
+		return -1, err
+	}
+	var (
+		cp             *types.Descriptor
+		t              containerd.Task
+		rio            cio.IO
+		stdinCloseSync = make(chan struct{})
+	)
+
+	if checkpointDir != "" {
+		// write checkpoint to the content store
+		tar := archive.Diff(ctx, "", checkpointDir)
+		cp, err = c.writeContent(ctx, images.MediaTypeContainerd1Checkpoint, checkpointDir, tar)
+		// remove the checkpoint when we're done
+		defer func() {
+			if cp != nil {
+				err := c.client.ContentStore().Delete(context.Background(), cp.Digest)
+				if err != nil {
+					c.logger.WithError(err).WithFields(logrus.Fields{
+						"ref":    checkpointDir,
+						"digest": cp.Digest,
+					}).Warnf("failed to delete temporary checkpoint entry")
+				}
+			}
+		}()
+		if err := tar.Close(); err != nil {
+			return -1, errors.Wrap(err, "failed to close checkpoint tar stream")
+		}
+		if err != nil {
+			return -1, errors.Wrapf(err, "failed to upload checkpoint to containerd")
+		}
+	}
+
+	spec, err := ctr.Spec(ctx)
+	if err != nil {
+		return -1, errors.Wrap(err, "failed to retrieve spec")
+	}
+	labels, err := ctr.Labels(ctx)
+	if err != nil {
+		return -1, errors.Wrap(err, "failed to retrieve labels")
+	}
+	bundle := labels[DockerContainerBundlePath]
+	uid, gid := getSpecUser(spec)
+
+	taskOpts := []containerd.NewTaskOpts{
+		func(_ context.Context, _ *containerd.Client, info *containerd.TaskInfo) error {
+			info.Checkpoint = cp
+			return nil
+		},
+	}
+
+	if runtime.GOOS != "windows" {
+		taskOpts = append(taskOpts, func(_ context.Context, _ *containerd.Client, info *containerd.TaskInfo) error {
+			c.v2runcoptionsMu.Lock()
+			opts, ok := c.v2runcoptions[id]
+			c.v2runcoptionsMu.Unlock()
+			if ok {
+				opts.IoUid = uint32(uid)
+				opts.IoGid = uint32(gid)
+				info.Options = &opts
+			} else {
+				info.Options = &runctypes.CreateOptions{
+					IoUid:       uint32(uid),
+					IoGid:       uint32(gid),
+					NoPivotRoot: os.Getenv("DOCKER_RAMDISK") != "",
+				}
+			}
+			return nil
+		})
+	} else {
+		taskOpts = append(taskOpts, withLogLevel(c.logger.Level))
+	}
+
+	t, err = ctr.NewTask(ctx,
+		func(id string) (cio.IO, error) {
+			fifos := newFIFOSet(bundle, libcontainerdtypes.InitProcessName, withStdin, spec.Process.Terminal)
+
+			rio, err = c.createIO(fifos, id, libcontainerdtypes.InitProcessName, stdinCloseSync, attachStdio)
+			return rio, err
+		},
+		taskOpts...,
+	)
+	if err != nil {
+		close(stdinCloseSync)
+		if rio != nil {
+			rio.Cancel()
+			rio.Close()
+		}
+		return -1, wrapError(err)
+	}
+
+	// Signal c.createIO that it can call CloseIO
+	close(stdinCloseSync)
+
+	if err := t.Start(ctx); err != nil {
+		if _, err := t.Delete(ctx); err != nil {
+			c.logger.WithError(err).WithField("container", id).
+				Error("failed to delete task after fail start")
+		}
+		return -1, wrapError(err)
+	}
+
+	return int(t.Pid()), nil
+}
+
+// Exec creates exec process.
+//
+// The containerd client calls Exec to register the exec config in the shim side.
+// When the client calls Start, the shim will create stdin fifo if needs. But
+// for the container main process, the stdin fifo will be created in Create not
+// the Start call. stdinCloseSync channel should be closed after Start exec
+// process.
+func (c *client) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio libcontainerdtypes.StdioCallback) (int, error) {
+	ctr, err := c.getContainer(ctx, containerID)
+	if err != nil {
+		return -1, err
+	}
+	t, err := ctr.Task(ctx, nil)
+	if err != nil {
+		if containerderrors.IsNotFound(err) {
+			return -1, errors.WithStack(errdefs.InvalidParameter(errors.New("container is not running")))
+		}
+		return -1, wrapError(err)
+	}
+
+	var (
+		p              containerd.Process
+		rio            cio.IO
+		stdinCloseSync = make(chan struct{})
+	)
+
+	labels, err := ctr.Labels(ctx)
+	if err != nil {
+		return -1, wrapError(err)
+	}
+
+	fifos := newFIFOSet(labels[DockerContainerBundlePath], processID, withStdin, spec.Terminal)
+
+	defer func() {
+		if err != nil {
+			if rio != nil {
+				rio.Cancel()
+				rio.Close()
+			}
+		}
+	}()
+
+	p, err = t.Exec(ctx, processID, spec, func(id string) (cio.IO, error) {
+		rio, err = c.createIO(fifos, containerID, processID, stdinCloseSync, attachStdio)
+		return rio, err
+	})
+	if err != nil {
+		close(stdinCloseSync)
+		if containerderrors.IsAlreadyExists(err) {
+			return -1, errors.WithStack(errdefs.Conflict(errors.New("id already in use")))
+		}
+		return -1, wrapError(err)
+	}
+
+	// Signal c.createIO that it can call CloseIO
+	//
+	// the stdin of exec process will be created after p.Start in containerd
+	defer close(stdinCloseSync)
+
+	if err = p.Start(ctx); err != nil {
+		// use new context for cleanup because old one may be cancelled by user, but leave a timeout to make sure
+		// we are not waiting forever if containerd is unresponsive or to work around fifo cancelling issues in
+		// older containerd-shim
+		ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)
+		defer cancel()
+		p.Delete(ctx)
+		return -1, wrapError(err)
+	}
+	return int(p.Pid()), nil
+}
+
+func (c *client) SignalProcess(ctx context.Context, containerID, processID string, signal int) error {
+	p, err := c.getProcess(ctx, containerID, processID)
+	if err != nil {
+		return err
+	}
+	return wrapError(p.Kill(ctx, syscall.Signal(signal)))
+}
+
+func (c *client) ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error {
+	p, err := c.getProcess(ctx, containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	return p.Resize(ctx, uint32(width), uint32(height))
+}
+
+func (c *client) CloseStdin(ctx context.Context, containerID, processID string) error {
+	p, err := c.getProcess(ctx, containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	return p.CloseIO(ctx, containerd.WithStdinCloser)
+}
+
+func (c *client) Pause(ctx context.Context, containerID string) error {
+	p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	return wrapError(p.(containerd.Task).Pause(ctx))
+}
+
+func (c *client) Resume(ctx context.Context, containerID string) error {
+	p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	return p.(containerd.Task).Resume(ctx)
+}
+
+func (c *client) Stats(ctx context.Context, containerID string) (*libcontainerdtypes.Stats, error) {
+	p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := p.(containerd.Task).Metrics(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	v, err := typeurl.UnmarshalAny(m.Data)
+	if err != nil {
+		return nil, err
+	}
+	return libcontainerdtypes.InterfaceToStats(m.Timestamp, v), nil
+}
+
+func (c *client) ListPids(ctx context.Context, containerID string) ([]uint32, error) {
+	p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	pis, err := p.(containerd.Task).Pids(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var pids []uint32
+	for _, i := range pis {
+		pids = append(pids, i.Pid)
+	}
+
+	return pids, nil
+}
+
+func (c *client) Summary(ctx context.Context, containerID string) ([]libcontainerdtypes.Summary, error) {
+	p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	pis, err := p.(containerd.Task).Pids(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var infos []libcontainerdtypes.Summary
+	for _, pi := range pis {
+		i, err := typeurl.UnmarshalAny(pi.Info)
+		if err != nil {
+			return nil, errors.Wrap(err, "unable to decode process details")
+		}
+		s, err := summaryFromInterface(i)
+		if err != nil {
+			return nil, err
+		}
+		infos = append(infos, *s)
+	}
+
+	return infos, nil
+}
+
+type restoredProcess struct {
+	p containerd.Process
+}
+
+func (p *restoredProcess) Delete(ctx context.Context) (uint32, time.Time, error) {
+	if p.p == nil {
+		return 255, time.Now(), nil
+	}
+	status, err := p.p.Delete(ctx)
+	if err != nil {
+		return 255, time.Now(), nil
+	}
+	return status.ExitCode(), status.ExitTime(), nil
+}
+
+func (c *client) DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error) {
+	p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return 255, time.Now(), nil
+	}
+
+	status, err := p.Delete(ctx)
+	if err != nil {
+		return 255, time.Now(), nil
+	}
+	return status.ExitCode(), status.ExitTime(), nil
+}
+
+func (c *client) Delete(ctx context.Context, containerID string) error {
+	ctr, err := c.getContainer(ctx, containerID)
+	if err != nil {
+		return err
+	}
+	labels, err := ctr.Labels(ctx)
+	if err != nil {
+		return err
+	}
+	bundle := labels[DockerContainerBundlePath]
+	if err := ctr.Delete(ctx); err != nil {
+		return wrapError(err)
+	}
+	c.oomMu.Lock()
+	delete(c.oom, containerID)
+	c.oomMu.Unlock()
+	c.v2runcoptionsMu.Lock()
+	delete(c.v2runcoptions, containerID)
+	c.v2runcoptionsMu.Unlock()
+	if os.Getenv("LIBCONTAINERD_NOCLEAN") != "1" {
+		if err := os.RemoveAll(bundle); err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container": containerID,
+				"bundle":    bundle,
+			}).Error("failed to remove state dir")
+		}
+	}
+	return nil
+}
+
+func (c *client) Status(ctx context.Context, containerID string) (containerd.ProcessStatus, error) {
+	t, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return containerd.Unknown, err
+	}
+	s, err := t.Status(ctx)
+	if err != nil {
+		return containerd.Unknown, wrapError(err)
+	}
+	return s.Status, nil
+}
+
+func (c *client) getCheckpointOptions(id string, exit bool) containerd.CheckpointTaskOpts {
+	return func(r *containerd.CheckpointTaskInfo) error {
+		if r.Options == nil {
+			c.v2runcoptionsMu.Lock()
+			_, isV2 := c.v2runcoptions[id]
+			c.v2runcoptionsMu.Unlock()
+
+			if isV2 {
+				r.Options = &v2runcoptions.CheckpointOptions{Exit: exit}
+			} else {
+				r.Options = &runctypes.CheckpointOptions{Exit: exit}
+			}
+			return nil
+		}
+
+		switch opts := r.Options.(type) {
+		case *v2runcoptions.CheckpointOptions:
+			opts.Exit = exit
+		case *runctypes.CheckpointOptions:
+			opts.Exit = exit
+		}
+
+		return nil
+	}
+}
+
+func (c *client) CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error {
+	p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	opts := []containerd.CheckpointTaskOpts{c.getCheckpointOptions(containerID, exit)}
+	img, err := p.(containerd.Task).Checkpoint(ctx, opts...)
+	if err != nil {
+		return wrapError(err)
+	}
+	// Whatever happens, delete the checkpoint from containerd
+	defer func() {
+		err := c.client.ImageService().Delete(context.Background(), img.Name())
+		if err != nil {
+			c.logger.WithError(err).WithField("digest", img.Target().Digest).
+				Warnf("failed to delete checkpoint image")
+		}
+	}()
+
+	b, err := content.ReadBlob(ctx, c.client.ContentStore(), img.Target())
+	if err != nil {
+		return errdefs.System(errors.Wrapf(err, "failed to retrieve checkpoint data"))
+	}
+	var index v1.Index
+	if err := json.Unmarshal(b, &index); err != nil {
+		return errdefs.System(errors.Wrapf(err, "failed to decode checkpoint data"))
+	}
+
+	var cpDesc *v1.Descriptor
+	for _, m := range index.Manifests {
+		m := m
+		if m.MediaType == images.MediaTypeContainerd1Checkpoint {
+			cpDesc = &m // nolint:gosec
+			break
+		}
+	}
+	if cpDesc == nil {
+		return errdefs.System(errors.Wrapf(err, "invalid checkpoint"))
+	}
+
+	rat, err := c.client.ContentStore().ReaderAt(ctx, *cpDesc)
+	if err != nil {
+		return errdefs.System(errors.Wrapf(err, "failed to get checkpoint reader"))
+	}
+	defer rat.Close()
+	_, err = archive.Apply(ctx, checkpointDir, content.NewReader(rat))
+	if err != nil {
+		return errdefs.System(errors.Wrapf(err, "failed to read checkpoint reader"))
+	}
+
+	return err
+}
+
+func (c *client) getContainer(ctx context.Context, id string) (containerd.Container, error) {
+	ctr, err := c.client.LoadContainer(ctx, id)
+	if err != nil {
+		if containerderrors.IsNotFound(err) {
+			return nil, errors.WithStack(errdefs.NotFound(errors.New("no such container")))
+		}
+		return nil, wrapError(err)
+	}
+	return ctr, nil
+}
+
+func (c *client) getProcess(ctx context.Context, containerID, processID string) (containerd.Process, error) {
+	ctr, err := c.getContainer(ctx, containerID)
+	if err != nil {
+		return nil, err
+	}
+	t, err := ctr.Task(ctx, nil)
+	if err != nil {
+		if containerderrors.IsNotFound(err) {
+			return nil, errors.WithStack(errdefs.NotFound(errors.New("container is not running")))
+		}
+		return nil, wrapError(err)
+	}
+	if processID == libcontainerdtypes.InitProcessName {
+		return t, nil
+	}
+	p, err := t.LoadProcess(ctx, processID, nil)
+	if err != nil {
+		if containerderrors.IsNotFound(err) {
+			return nil, errors.WithStack(errdefs.NotFound(errors.New("no such exec")))
+		}
+		return nil, wrapError(err)
+	}
+	return p, nil
+}
+
+// createIO creates the io to be used by a process
+// This needs to get a pointer to interface as upon closure the process may not have yet been registered
+func (c *client) createIO(fifos *cio.FIFOSet, containerID, processID string, stdinCloseSync chan struct{}, attachStdio libcontainerdtypes.StdioCallback) (cio.IO, error) {
+	var (
+		io  *cio.DirectIO
+		err error
+	)
+	io, err = c.newDirectIO(context.Background(), fifos)
+	if err != nil {
+		return nil, err
+	}
+
+	if io.Stdin != nil {
+		var (
+			err       error
+			stdinOnce sync.Once
+		)
+		pipe := io.Stdin
+		io.Stdin = ioutils.NewWriteCloserWrapper(pipe, func() error {
+			stdinOnce.Do(func() {
+				err = pipe.Close()
+				// Do the rest in a new routine to avoid a deadlock if the
+				// Exec/Start call failed.
+				go func() {
+					<-stdinCloseSync
+					p, err := c.getProcess(context.Background(), containerID, processID)
+					if err == nil {
+						err = p.CloseIO(context.Background(), containerd.WithStdinCloser)
+						if err != nil && strings.Contains(err.Error(), "transport is closing") {
+							err = nil
+						}
+					}
+				}()
+			})
+			return err
+		})
+	}
+
+	rio, err := attachStdio(io)
+	if err != nil {
+		io.Cancel()
+		io.Close()
+	}
+	return rio, err
+}
+
+func (c *client) processEvent(ctx context.Context, et libcontainerdtypes.EventType, ei libcontainerdtypes.EventInfo) {
+	c.eventQ.Append(ei.ContainerID, func() {
+		err := c.backend.ProcessEvent(ei.ContainerID, et, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  ei.ContainerID,
+				"event":      et,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+
+		if et == libcontainerdtypes.EventExit && ei.ProcessID != ei.ContainerID {
+			p, err := c.getProcess(ctx, ei.ContainerID, ei.ProcessID)
+			if err != nil {
+
+				c.logger.WithError(errors.New("no such process")).
+					WithFields(logrus.Fields{
+						"error":     err,
+						"container": ei.ContainerID,
+						"process":   ei.ProcessID,
+					}).Error("exit event")
+				return
+			}
+
+			ctr, err := c.getContainer(ctx, ei.ContainerID)
+			if err != nil {
+				c.logger.WithFields(logrus.Fields{
+					"container": ei.ContainerID,
+					"error":     err,
+				}).Error("failed to find container")
+			} else {
+				labels, err := ctr.Labels(ctx)
+				if err != nil {
+					c.logger.WithFields(logrus.Fields{
+						"container": ei.ContainerID,
+						"error":     err,
+					}).Error("failed to get container labels")
+					return
+				}
+				newFIFOSet(labels[DockerContainerBundlePath], ei.ProcessID, true, false).Close()
+			}
+			_, err = p.Delete(context.Background())
+			if err != nil {
+				c.logger.WithError(err).WithFields(logrus.Fields{
+					"container": ei.ContainerID,
+					"process":   ei.ProcessID,
+				}).Warn("failed to delete process")
+			}
+		}
+	})
+}
+
+func (c *client) waitServe(ctx context.Context) bool {
+	t := 100 * time.Millisecond
+	delay := time.NewTimer(t)
+	if !delay.Stop() {
+		<-delay.C
+	}
+	defer delay.Stop()
+
+	// `IsServing` will actually block until the service is ready.
+	// However it can return early, so we'll loop with a delay to handle it.
+	for {
+		serving, err := c.client.IsServing(ctx)
+		if err != nil {
+			if errors.Is(err, context.DeadlineExceeded) || errors.Is(err, context.Canceled) {
+				return false
+			}
+			logrus.WithError(err).Warn("Error while testing if containerd API is ready")
+		}
+
+		if serving {
+			return true
+		}
+
+		delay.Reset(t)
+		select {
+		case <-ctx.Done():
+			return false
+		case <-delay.C:
+		}
+	}
+}
+
+func (c *client) processEventStream(ctx context.Context, ns string) {
+	var (
+		err error
+		ev  *events.Envelope
+		et  libcontainerdtypes.EventType
+		ei  libcontainerdtypes.EventInfo
+	)
+
+	// Create a new context specifically for this subscription.
+	// The context must be cancelled to cancel the subscription.
+	// In cases where we have to restart event stream processing,
+	//   we'll need the original context b/c this one will be cancelled
+	subCtx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	// Filter on both namespace *and* topic. To create an "and" filter,
+	// this must be a single, comma-separated string
+	eventStream, errC := c.client.EventService().Subscribe(subCtx, "namespace=="+ns+",topic~=|^/tasks/|")
+
+	c.logger.Debug("processing event stream")
+
+	for {
+		var oomKilled bool
+		select {
+		case err = <-errC:
+			if err != nil {
+				errStatus, ok := status.FromError(err)
+				if !ok || errStatus.Code() != codes.Canceled {
+					c.logger.WithError(err).Error("Failed to get event")
+					c.logger.Info("Waiting for containerd to be ready to restart event processing")
+					if c.waitServe(ctx) {
+						go c.processEventStream(ctx, ns)
+						return
+					}
+				}
+				c.logger.WithError(ctx.Err()).Info("stopping event stream following graceful shutdown")
+			}
+			return
+		case ev = <-eventStream:
+			if ev.Event == nil {
+				c.logger.WithField("event", ev).Warn("invalid event")
+				continue
+			}
+
+			v, err := typeurl.UnmarshalAny(ev.Event)
+			if err != nil {
+				c.logger.WithError(err).WithField("event", ev).Warn("failed to unmarshal event")
+				continue
+			}
+
+			c.logger.WithField("topic", ev.Topic).Debug("event")
+
+			switch t := v.(type) {
+			case *apievents.TaskCreate:
+				et = libcontainerdtypes.EventCreate
+				ei = libcontainerdtypes.EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ContainerID,
+					Pid:         t.Pid,
+				}
+			case *apievents.TaskStart:
+				et = libcontainerdtypes.EventStart
+				ei = libcontainerdtypes.EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ContainerID,
+					Pid:         t.Pid,
+				}
+			case *apievents.TaskExit:
+				et = libcontainerdtypes.EventExit
+				ei = libcontainerdtypes.EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ID,
+					Pid:         t.Pid,
+					ExitCode:    t.ExitStatus,
+					ExitedAt:    t.ExitedAt,
+				}
+			case *apievents.TaskOOM:
+				et = libcontainerdtypes.EventOOM
+				ei = libcontainerdtypes.EventInfo{
+					ContainerID: t.ContainerID,
+					OOMKilled:   true,
+				}
+				oomKilled = true
+			case *apievents.TaskExecAdded:
+				et = libcontainerdtypes.EventExecAdded
+				ei = libcontainerdtypes.EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ExecID,
+				}
+			case *apievents.TaskExecStarted:
+				et = libcontainerdtypes.EventExecStarted
+				ei = libcontainerdtypes.EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ExecID,
+					Pid:         t.Pid,
+				}
+			case *apievents.TaskPaused:
+				et = libcontainerdtypes.EventPaused
+				ei = libcontainerdtypes.EventInfo{
+					ContainerID: t.ContainerID,
+				}
+			case *apievents.TaskResumed:
+				et = libcontainerdtypes.EventResumed
+				ei = libcontainerdtypes.EventInfo{
+					ContainerID: t.ContainerID,
+				}
+			case *apievents.TaskDelete:
+				c.logger.WithFields(logrus.Fields{
+					"topic":     ev.Topic,
+					"type":      reflect.TypeOf(t),
+					"container": t.ContainerID},
+				).Info("ignoring event")
+				continue
+			default:
+				c.logger.WithFields(logrus.Fields{
+					"topic": ev.Topic,
+					"type":  reflect.TypeOf(t)},
+				).Info("ignoring event")
+				continue
+			}
+
+			c.oomMu.Lock()
+			if oomKilled {
+				c.oom[ei.ContainerID] = true
+			}
+			ei.OOMKilled = c.oom[ei.ContainerID]
+			c.oomMu.Unlock()
+
+			c.processEvent(ctx, et, ei)
+		}
+	}
+}
+
+func (c *client) writeContent(ctx context.Context, mediaType, ref string, r io.Reader) (*types.Descriptor, error) {
+	writer, err := c.client.ContentStore().Writer(ctx, content.WithRef(ref))
+	if err != nil {
+		return nil, err
+	}
+	defer writer.Close()
+	size, err := io.Copy(writer, r)
+	if err != nil {
+		return nil, err
+	}
+	labels := map[string]string{
+		"containerd.io/gc.root": time.Now().UTC().Format(time.RFC3339),
+	}
+	if err := writer.Commit(ctx, 0, "", content.WithLabels(labels)); err != nil {
+		return nil, err
+	}
+	return &types.Descriptor{
+		MediaType: mediaType,
+		Digest:    writer.Digest(),
+		Size_:     size,
+	}, nil
+}
+
+func (c *client) bundleDir(id string) string {
+	return filepath.Join(c.stateDir, id)
+}
+
+func wrapError(err error) error {
+	switch {
+	case err == nil:
+		return nil
+	case containerderrors.IsNotFound(err):
+		return errdefs.NotFound(err)
+	}
+
+	msg := err.Error()
+	for _, s := range []string{"container does not exist", "not found", "no such container"} {
+		if strings.Contains(msg, s) {
+			return errdefs.NotFound(err)
+		}
+	}
+	return err
+}
diff --git a/libcontainerd/remote/client_io_windows.go b/libcontainerd/remote/client_io_windows.go
new file mode 100644
index 0000000000000..b437fb68986f1
--- /dev/null
+++ b/libcontainerd/remote/client_io_windows.go
@@ -0,0 +1,161 @@
+package remote // import "github.com/docker/docker/libcontainerd/remote"
+
+import (
+	"io"
+	"net"
+	"sync"
+
+	winio "github.com/Microsoft/go-winio"
+	"github.com/containerd/containerd/cio"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	//	"golang.org/x/net/context"
+)
+
+type delayedConnection struct {
+	l    net.Listener
+	con  net.Conn
+	wg   sync.WaitGroup
+	once sync.Once
+}
+
+func (dc *delayedConnection) Write(p []byte) (int, error) {
+	dc.wg.Wait()
+	if dc.con != nil {
+		return dc.con.Write(p)
+	}
+	return 0, errors.New("use of closed network connection")
+}
+
+func (dc *delayedConnection) Read(p []byte) (int, error) {
+	dc.wg.Wait()
+	if dc.con != nil {
+		return dc.con.Read(p)
+	}
+	return 0, errors.New("use of closed network connection")
+}
+
+func (dc *delayedConnection) unblockConnectionWaiters() {
+	defer dc.once.Do(func() {
+		dc.wg.Done()
+	})
+}
+
+func (dc *delayedConnection) Close() error {
+	dc.l.Close()
+	if dc.con != nil {
+		return dc.con.Close()
+	}
+	dc.unblockConnectionWaiters()
+	return nil
+}
+
+type stdioPipes struct {
+	stdin  io.WriteCloser
+	stdout io.ReadCloser
+	stderr io.ReadCloser
+}
+
+// newStdioPipes creates actual fifos for stdio.
+func (c *client) newStdioPipes(fifos *cio.FIFOSet) (_ *stdioPipes, err error) {
+	p := &stdioPipes{}
+	if fifos.Stdin != "" {
+		c.logger.WithFields(logrus.Fields{"stdin": fifos.Stdin}).Debug("listen")
+		l, err := winio.ListenPipe(fifos.Stdin, nil)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to create stdin pipe %s", fifos.Stdin)
+		}
+		dc := &delayedConnection{
+			l: l,
+		}
+		dc.wg.Add(1)
+		defer func() {
+			if err != nil {
+				dc.Close()
+			}
+		}()
+		p.stdin = dc
+
+		go func() {
+			c.logger.WithFields(logrus.Fields{"stdin": fifos.Stdin}).Debug("accept")
+			conn, err := l.Accept()
+			if err != nil {
+				dc.Close()
+				if err != winio.ErrPipeListenerClosed {
+					c.logger.WithError(err).Errorf("failed to accept stdin connection on %s", fifos.Stdin)
+				}
+				return
+			}
+			c.logger.WithFields(logrus.Fields{"stdin": fifos.Stdin}).Debug("connected")
+			dc.con = conn
+			dc.unblockConnectionWaiters()
+		}()
+	}
+
+	if fifos.Stdout != "" {
+		c.logger.WithFields(logrus.Fields{"stdout": fifos.Stdout}).Debug("listen")
+		l, err := winio.ListenPipe(fifos.Stdout, nil)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to create stdout pipe %s", fifos.Stdout)
+		}
+		dc := &delayedConnection{
+			l: l,
+		}
+		dc.wg.Add(1)
+		defer func() {
+			if err != nil {
+				dc.Close()
+			}
+		}()
+		p.stdout = dc
+
+		go func() {
+			c.logger.WithFields(logrus.Fields{"stdout": fifos.Stdout}).Debug("accept")
+			conn, err := l.Accept()
+			if err != nil {
+				dc.Close()
+				if err != winio.ErrPipeListenerClosed {
+					c.logger.WithError(err).Errorf("failed to accept stdout connection on %s", fifos.Stdout)
+				}
+				return
+			}
+			c.logger.WithFields(logrus.Fields{"stdout": fifos.Stdout}).Debug("connected")
+			dc.con = conn
+			dc.unblockConnectionWaiters()
+		}()
+	}
+
+	if fifos.Stderr != "" {
+		c.logger.WithFields(logrus.Fields{"stderr": fifos.Stderr}).Debug("listen")
+		l, err := winio.ListenPipe(fifos.Stderr, nil)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to create stderr pipe %s", fifos.Stderr)
+		}
+		dc := &delayedConnection{
+			l: l,
+		}
+		dc.wg.Add(1)
+		defer func() {
+			if err != nil {
+				dc.Close()
+			}
+		}()
+		p.stderr = dc
+
+		go func() {
+			c.logger.WithFields(logrus.Fields{"stderr": fifos.Stderr}).Debug("accept")
+			conn, err := l.Accept()
+			if err != nil {
+				dc.Close()
+				if err != winio.ErrPipeListenerClosed {
+					c.logger.WithError(err).Errorf("failed to accept stderr connection on %s", fifos.Stderr)
+				}
+				return
+			}
+			c.logger.WithFields(logrus.Fields{"stderr": fifos.Stderr}).Debug("connected")
+			dc.con = conn
+			dc.unblockConnectionWaiters()
+		}()
+	}
+	return p, nil
+}
diff --git a/libcontainerd/remote/client_linux.go b/libcontainerd/remote/client_linux.go
new file mode 100644
index 0000000000000..e45d140b2f079
--- /dev/null
+++ b/libcontainerd/remote/client_linux.go
@@ -0,0 +1,128 @@
+package remote // import "github.com/docker/docker/libcontainerd/remote"
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
+	"github.com/containerd/containerd/containers"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	"github.com/docker/docker/pkg/idtools"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
+)
+
+func summaryFromInterface(i interface{}) (*libcontainerdtypes.Summary, error) {
+	return &libcontainerdtypes.Summary{}, nil
+}
+
+func (c *client) UpdateResources(ctx context.Context, containerID string, resources *libcontainerdtypes.Resources) error {
+	p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	// go doesn't like the alias in 1.8, this means this need to be
+	// platform specific
+	return p.(containerd.Task).Update(ctx, containerd.WithResources((*specs.LinuxResources)(resources)))
+}
+
+func hostIDFromMap(id uint32, mp []specs.LinuxIDMapping) int {
+	for _, m := range mp {
+		if id >= m.ContainerID && id <= m.ContainerID+m.Size-1 {
+			return int(m.HostID + id - m.ContainerID)
+		}
+	}
+	return 0
+}
+
+func getSpecUser(ociSpec *specs.Spec) (int, int) {
+	var (
+		uid int
+		gid int
+	)
+
+	for _, ns := range ociSpec.Linux.Namespaces {
+		if ns.Type == specs.UserNamespace {
+			uid = hostIDFromMap(0, ociSpec.Linux.UIDMappings)
+			gid = hostIDFromMap(0, ociSpec.Linux.GIDMappings)
+			break
+		}
+	}
+
+	return uid, gid
+}
+
+// WithBundle creates the bundle for the container
+func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOpts {
+	return func(ctx context.Context, client *containerd.Client, c *containers.Container) error {
+		if c.Labels == nil {
+			c.Labels = make(map[string]string)
+		}
+		uid, gid := getSpecUser(ociSpec)
+		if uid == 0 && gid == 0 {
+			c.Labels[DockerContainerBundlePath] = bundleDir
+			return idtools.MkdirAllAndChownNew(bundleDir, 0755, idtools.Identity{UID: 0, GID: 0})
+		}
+
+		p := string(filepath.Separator)
+		components := strings.Split(bundleDir, string(filepath.Separator))
+		for _, d := range components[1:] {
+			p = filepath.Join(p, d)
+			fi, err := os.Stat(p)
+			if err != nil && !os.IsNotExist(err) {
+				return err
+			}
+			if os.IsNotExist(err) || fi.Mode()&1 == 0 {
+				p = fmt.Sprintf("%s.%d.%d", p, uid, gid)
+				if err := idtools.MkdirAndChown(p, 0700, idtools.Identity{UID: uid, GID: gid}); err != nil && !os.IsExist(err) {
+					return err
+				}
+			}
+		}
+		if c.Labels == nil {
+			c.Labels = make(map[string]string)
+		}
+		c.Labels[DockerContainerBundlePath] = p
+		return nil
+	}
+}
+
+func withLogLevel(_ logrus.Level) containerd.NewTaskOpts {
+	panic("Not implemented")
+}
+
+func newFIFOSet(bundleDir, processID string, withStdin, withTerminal bool) *cio.FIFOSet {
+	config := cio.Config{
+		Terminal: withTerminal,
+		Stdout:   filepath.Join(bundleDir, processID+"-stdout"),
+	}
+	paths := []string{config.Stdout}
+
+	if withStdin {
+		config.Stdin = filepath.Join(bundleDir, processID+"-stdin")
+		paths = append(paths, config.Stdin)
+	}
+	if !withTerminal {
+		config.Stderr = filepath.Join(bundleDir, processID+"-stderr")
+		paths = append(paths, config.Stderr)
+	}
+	closer := func() error {
+		for _, path := range paths {
+			if err := os.RemoveAll(path); err != nil {
+				logrus.Warnf("libcontainerd: failed to remove fifo %v: %v", path, err)
+			}
+		}
+		return nil
+	}
+
+	return cio.NewFIFOSet(config, closer)
+}
+
+func (c *client) newDirectIO(ctx context.Context, fifos *cio.FIFOSet) (*cio.DirectIO, error) {
+	return cio.NewDirectIO(ctx, fifos)
+}
diff --git a/libcontainerd/remote/client_windows.go b/libcontainerd/remote/client_windows.go
new file mode 100644
index 0000000000000..87fb0e119d064
--- /dev/null
+++ b/libcontainerd/remote/client_windows.go
@@ -0,0 +1,98 @@
+package remote // import "github.com/docker/docker/libcontainerd/remote"
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options"
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
+	"github.com/containerd/containerd/containers"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+func summaryFromInterface(i interface{}) (*libcontainerdtypes.Summary, error) {
+	switch pd := i.(type) {
+	case *options.ProcessDetails:
+		return &libcontainerdtypes.Summary{
+			ImageName:                    pd.ImageName,
+			CreatedAt:                    pd.CreatedAt,
+			KernelTime_100Ns:             pd.KernelTime_100Ns,
+			MemoryCommitBytes:            pd.MemoryCommitBytes,
+			MemoryWorkingSetPrivateBytes: pd.MemoryWorkingSetPrivateBytes,
+			MemoryWorkingSetSharedBytes:  pd.MemoryWorkingSetSharedBytes,
+			ProcessID:                    pd.ProcessID,
+			UserTime_100Ns:               pd.UserTime_100Ns,
+			ExecID:                       pd.ExecID,
+		}, nil
+	default:
+		return nil, errors.Errorf("Unknown process details type %T", pd)
+	}
+}
+
+// WithBundle creates the bundle for the container
+func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOpts {
+	return func(ctx context.Context, client *containerd.Client, c *containers.Container) error {
+		// TODO: (containerd) Determine if we need to use system.MkdirAllWithACL here
+		if c.Labels == nil {
+			c.Labels = make(map[string]string)
+		}
+		c.Labels[DockerContainerBundlePath] = bundleDir
+		return os.MkdirAll(bundleDir, 0755)
+	}
+}
+
+func withLogLevel(level logrus.Level) containerd.NewTaskOpts {
+	// Make sure we set the runhcs options to debug if we are at debug level.
+	return func(_ context.Context, _ *containerd.Client, info *containerd.TaskInfo) error {
+		if level == logrus.DebugLevel {
+			info.Options = &options.Options{Debug: true}
+		}
+		return nil
+	}
+}
+
+func pipeName(containerID, processID, name string) string {
+	return fmt.Sprintf(`\\.\pipe\containerd-%s-%s-%s`, containerID, processID, name)
+}
+
+func newFIFOSet(bundleDir, processID string, withStdin, withTerminal bool) *cio.FIFOSet {
+	containerID := filepath.Base(bundleDir)
+	config := cio.Config{
+		Terminal: withTerminal,
+		Stdout:   pipeName(containerID, processID, "stdout"),
+	}
+
+	if withStdin {
+		config.Stdin = pipeName(containerID, processID, "stdin")
+	}
+
+	if !config.Terminal {
+		config.Stderr = pipeName(containerID, processID, "stderr")
+	}
+
+	return cio.NewFIFOSet(config, nil)
+}
+
+func (c *client) newDirectIO(ctx context.Context, fifos *cio.FIFOSet) (*cio.DirectIO, error) {
+	pipes, err := c.newStdioPipes(fifos)
+	if err != nil {
+		return nil, err
+	}
+	return cio.NewDirectIOFromFIFOSet(ctx, pipes.stdin, pipes.stdout, pipes.stderr, fifos), nil
+}
+
+func (c *client) UpdateResources(ctx context.Context, containerID string, resources *libcontainerdtypes.Resources) error {
+	// TODO: (containerd): Not implemented, but don't error.
+	return nil
+}
+
+func getSpecUser(ociSpec *specs.Spec) (int, int) {
+	// TODO: (containerd): Not implemented, but don't error.
+	return 0, 0
+}
diff --git a/libcontainerd/supervisor/remote_daemon.go b/libcontainerd/supervisor/remote_daemon.go
index 01764068900ad..2f38f1505ccd6 100644
--- a/libcontainerd/supervisor/remote_daemon.go
+++ b/libcontainerd/supervisor/remote_daemon.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -13,10 +12,10 @@ import (
 	"sync"
 	"time"
 
-	"github.com/BurntSushi/toml"
 	"github.com/containerd/containerd"
-	"github.com/containerd/containerd/services/server"
+	"github.com/containerd/containerd/services/server/config"
 	"github.com/docker/docker/pkg/system"
+	"github.com/pelletier/go-toml"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -31,13 +30,11 @@ const (
 	pidFile                 = "containerd.pid"
 )
 
-type pluginConfigs struct {
-	Plugins map[string]interface{} `toml:"plugins"`
-}
-
 type remote struct {
 	sync.RWMutex
-	server.Config
+	config.Config
+	// Plugins overrides `Plugins map[string]toml.Tree` in config config.
+	Plugins map[string]interface{} `toml:"plugins"`
 
 	daemonPid int
 	logger    *logrus.Entry
@@ -46,9 +43,8 @@ type remote struct {
 	daemonStartCh chan error
 	daemonStopCh  chan struct{}
 
-	rootDir     string
-	stateDir    string
-	pluginConfs pluginConfigs
+	rootDir  string
+	stateDir string
 }
 
 // Daemon represents a running containerd daemon
@@ -65,11 +61,11 @@ func Start(ctx context.Context, rootDir, stateDir string, opts ...DaemonOpt) (Da
 	r := &remote{
 		rootDir:  rootDir,
 		stateDir: stateDir,
-		Config: server.Config{
+		Config: config.Config{
 			Root:  filepath.Join(rootDir, "daemon"),
 			State: filepath.Join(stateDir, "daemon"),
 		},
-		pluginConfs:   pluginConfigs{make(map[string]interface{})},
+		Plugins:       make(map[string]interface{}),
 		daemonPid:     -1,
 		logger:        logrus.WithField("module", "libcontainerd"),
 		daemonStartCh: make(chan error, 1),
@@ -83,14 +79,17 @@ func Start(ctx context.Context, rootDir, stateDir string, opts ...DaemonOpt) (Da
 	}
 	r.setDefaults()
 
-	if err := system.MkdirAll(stateDir, 0700, ""); err != nil {
+	if err := system.MkdirAll(stateDir, 0700); err != nil {
 		return nil, err
 	}
 
 	go r.monitorDaemon(ctx)
 
+	timeout := time.NewTimer(startupTimeout)
+	defer timeout.Stop()
+
 	select {
-	case <-time.After(startupTimeout):
+	case <-timeout.C:
 		return nil, errors.New("timeout waiting for containerd to start")
 	case err := <-r.daemonStartCh:
 		if err != nil {
@@ -101,8 +100,11 @@ func Start(ctx context.Context, rootDir, stateDir string, opts ...DaemonOpt) (Da
 	return r, nil
 }
 func (r *remote) WaitTimeout(d time.Duration) error {
+	timeout := time.NewTimer(d)
+	defer timeout.Stop()
+
 	select {
-	case <-time.After(d):
+	case <-timeout.C:
 		return errors.New("timeout waiting for containerd to stop")
 	case <-r.daemonStopCh:
 	}
@@ -151,14 +153,9 @@ func (r *remote) getContainerdConfig() (string, error) {
 	}
 	defer f.Close()
 
-	enc := toml.NewEncoder(f)
-	if err = enc.Encode(r.Config); err != nil {
-		return "", errors.Wrapf(err, "failed to encode general config")
-	}
-	if err = enc.Encode(r.pluginConfs); err != nil {
-		return "", errors.Wrapf(err, "failed to encode plugin configs")
+	if err := toml.NewEncoder(f).Encode(r); err != nil {
+		return "", errors.Wrapf(err, "failed to write containerd config file (%s)", path)
 	}
-
 	return path, nil
 }
 
@@ -213,7 +210,7 @@ func (r *remote) startContainerd() error {
 
 	r.daemonPid = cmd.Process.Pid
 
-	err = ioutil.WriteFile(filepath.Join(r.stateDir, pidFile), []byte(fmt.Sprintf("%d", r.daemonPid)), 0660)
+	err = os.WriteFile(filepath.Join(r.stateDir, pidFile), []byte(fmt.Sprintf("%d", r.daemonPid)), 0660)
 	if err != nil {
 		system.KillProcess(r.daemonPid)
 		return errors.Wrap(err, "libcontainerd: failed to save daemon pid to disk")
@@ -230,7 +227,8 @@ func (r *remote) monitorDaemon(ctx context.Context) {
 		transientFailureCount = 0
 		client                *containerd.Client
 		err                   error
-		delay                 <-chan time.Time
+		delay                 time.Duration
+		timer                 = time.NewTimer(0)
 		started               bool
 	)
 
@@ -245,19 +243,25 @@ func (r *remote) monitorDaemon(ctx context.Context) {
 		r.platformCleanup()
 
 		close(r.daemonStopCh)
+		timer.Stop()
 	}()
 
+	// ensure no races on sending to timer.C even though there is a 0 duration.
+	if !timer.Stop() {
+		<-timer.C
+	}
+
 	for {
-		if delay != nil {
-			select {
-			case <-ctx.Done():
-				r.logger.Info("stopping healthcheck following graceful shutdown")
-				if client != nil {
-					client.Close()
-				}
-				return
-			case <-delay:
+		timer.Reset(delay)
+
+		select {
+		case <-ctx.Done():
+			r.logger.Info("stopping healthcheck following graceful shutdown")
+			if client != nil {
+				client.Close()
 			}
+			return
+		case <-timer.C:
 		}
 
 		if r.daemonPid == -1 {
@@ -277,16 +281,17 @@ func (r *remote) monitorDaemon(ctx context.Context) {
 					return
 				}
 				r.logger.WithError(err).Error("failed restarting containerd")
-				delay = time.After(50 * time.Millisecond)
+				delay = 50 * time.Millisecond
 				continue
 			}
 
 			client, err = containerd.New(r.GRPC.Address, containerd.WithTimeout(60*time.Second))
 			if err != nil {
 				r.logger.WithError(err).Error("failed connecting to containerd")
-				delay = time.After(100 * time.Millisecond)
+				delay = 100 * time.Millisecond
 				continue
 			}
+			logrus.WithField("address", r.GRPC.Address).Debug("Created containerd monitoring client")
 		}
 
 		if client != nil {
@@ -300,7 +305,15 @@ func (r *remote) monitorDaemon(ctx context.Context) {
 				}
 
 				transientFailureCount = 0
-				delay = time.After(500 * time.Millisecond)
+
+				select {
+				case <-r.daemonWaitCh:
+				case <-ctx.Done():
+				}
+
+				// Set a small delay in case there is a recurring failure (or bug in this code)
+				// to ensure we don't end up in a super tight loop.
+				delay = 500 * time.Millisecond
 				continue
 			}
 
@@ -308,9 +321,11 @@ func (r *remote) monitorDaemon(ctx context.Context) {
 
 			transientFailureCount++
 			if transientFailureCount < maxConnectionRetryCount || system.IsProcessAlive(r.daemonPid) {
-				delay = time.After(time.Duration(transientFailureCount) * 200 * time.Millisecond)
+				delay = time.Duration(transientFailureCount) * 200 * time.Millisecond
 				continue
 			}
+			client.Close()
+			client = nil
 		}
 
 		if system.IsProcessAlive(r.daemonPid) {
@@ -318,10 +333,8 @@ func (r *remote) monitorDaemon(ctx context.Context) {
 			r.killDaemon()
 		}
 
-		client.Close()
-		client = nil
 		r.daemonPid = -1
-		delay = nil
+		delay = 0
 		transientFailureCount = 0
 	}
 }
diff --git a/libcontainerd/supervisor/remote_daemon_linux.go b/libcontainerd/supervisor/remote_daemon_linux.go
index 799399c07bc58..3f019a162f8d5 100644
--- a/libcontainerd/supervisor/remote_daemon_linux.go
+++ b/libcontainerd/supervisor/remote_daemon_linux.go
@@ -28,14 +28,11 @@ func (r *remote) setDefaults() {
 	if r.Debug.Address == "" {
 		r.Debug.Address = filepath.Join(r.stateDir, debugSockFile)
 	}
-	if r.OOMScore == 0 {
-		r.OOMScore = -999
-	}
 
-	for key, conf := range r.pluginConfs.Plugins {
+	for key, conf := range r.Plugins {
 		if conf == nil {
 			r.DisabledPlugins = append(r.DisabledPlugins, key)
-			delete(r.pluginConfs.Plugins, key)
+			delete(r.Plugins, key)
 		}
 	}
 }
diff --git a/libcontainerd/supervisor/remote_daemon_options.go b/libcontainerd/supervisor/remote_daemon_options.go
index 4c9387d6ce75a..fe4cb351671b5 100644
--- a/libcontainerd/supervisor/remote_daemon_options.go
+++ b/libcontainerd/supervisor/remote_daemon_options.go
@@ -49,7 +49,7 @@ func WithMetricsAddress(addr string) DaemonOpt {
 // the toml format.
 func WithPlugin(name string, conf interface{}) DaemonOpt {
 	return func(r *remote) error {
-		r.pluginConfs.Plugins[name] = conf
+		r.Plugins[name] = conf
 		return nil
 	}
 }
diff --git a/libcontainerd/types.go b/libcontainerd/types.go
deleted file mode 100644
index c4de5e674d9a6..0000000000000
--- a/libcontainerd/types.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"context"
-	"time"
-
-	"github.com/containerd/containerd"
-	"github.com/containerd/containerd/cio"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// EventType represents a possible event from libcontainerd
-type EventType string
-
-// Event constants used when reporting events
-const (
-	EventUnknown     EventType = "unknown"
-	EventExit        EventType = "exit"
-	EventOOM         EventType = "oom"
-	EventCreate      EventType = "create"
-	EventStart       EventType = "start"
-	EventExecAdded   EventType = "exec-added"
-	EventExecStarted EventType = "exec-started"
-	EventPaused      EventType = "paused"
-	EventResumed     EventType = "resumed"
-)
-
-// Status represents the current status of a container
-type Status string
-
-// Possible container statuses
-const (
-	// Running indicates the process is currently executing
-	StatusRunning Status = "running"
-	// Created indicates the process has been created within containerd but the
-	// user's defined process has not started
-	StatusCreated Status = "created"
-	// Stopped indicates that the process has ran and exited
-	StatusStopped Status = "stopped"
-	// Paused indicates that the process is currently paused
-	StatusPaused Status = "paused"
-	// Pausing indicates that the process is currently switching from a
-	// running state into a paused state
-	StatusPausing Status = "pausing"
-	// Unknown indicates that we could not determine the status from the runtime
-	StatusUnknown Status = "unknown"
-)
-
-// EventInfo contains the event info
-type EventInfo struct {
-	ContainerID string
-	ProcessID   string
-	Pid         uint32
-	ExitCode    uint32
-	ExitedAt    time.Time
-	OOMKilled   bool
-	Error       error
-}
-
-// Backend defines callbacks that the client of the library needs to implement.
-type Backend interface {
-	ProcessEvent(containerID string, event EventType, ei EventInfo) error
-}
-
-// Client provides access to containerd features.
-type Client interface {
-	Version(ctx context.Context) (containerd.Version, error)
-
-	Restore(ctx context.Context, containerID string, attachStdio StdioCallback) (alive bool, pid int, err error)
-
-	Create(ctx context.Context, containerID string, spec *specs.Spec, runtimeOptions interface{}) error
-	Start(ctx context.Context, containerID, checkpointDir string, withStdin bool, attachStdio StdioCallback) (pid int, err error)
-	SignalProcess(ctx context.Context, containerID, processID string, signal int) error
-	Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio StdioCallback) (int, error)
-	ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error
-	CloseStdin(ctx context.Context, containerID, processID string) error
-	Pause(ctx context.Context, containerID string) error
-	Resume(ctx context.Context, containerID string) error
-	Stats(ctx context.Context, containerID string) (*Stats, error)
-	ListPids(ctx context.Context, containerID string) ([]uint32, error)
-	Summary(ctx context.Context, containerID string) ([]Summary, error)
-	DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error)
-	Delete(ctx context.Context, containerID string) error
-	Status(ctx context.Context, containerID string) (Status, error)
-
-	UpdateResources(ctx context.Context, containerID string, resources *Resources) error
-	CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error
-}
-
-// StdioCallback is called to connect a container or process stdio.
-type StdioCallback func(io *cio.DirectIO) (cio.IO, error)
diff --git a/libcontainerd/types/types.go b/libcontainerd/types/types.go
new file mode 100644
index 0000000000000..1d1a420e794c9
--- /dev/null
+++ b/libcontainerd/types/types.go
@@ -0,0 +1,78 @@
+package types // import "github.com/docker/docker/libcontainerd/types"
+
+import (
+	"context"
+	"time"
+
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// EventType represents a possible event from libcontainerd
+type EventType string
+
+// Event constants used when reporting events
+const (
+	EventUnknown     EventType = "unknown"
+	EventExit        EventType = "exit"
+	EventOOM         EventType = "oom"
+	EventCreate      EventType = "create"
+	EventStart       EventType = "start"
+	EventExecAdded   EventType = "exec-added"
+	EventExecStarted EventType = "exec-started"
+	EventPaused      EventType = "paused"
+	EventResumed     EventType = "resumed"
+)
+
+// EventInfo contains the event info
+type EventInfo struct {
+	ContainerID string
+	ProcessID   string
+	Pid         uint32
+	ExitCode    uint32
+	ExitedAt    time.Time
+	OOMKilled   bool
+	Error       error
+}
+
+// Backend defines callbacks that the client of the library needs to implement.
+type Backend interface {
+	ProcessEvent(containerID string, event EventType, ei EventInfo) error
+}
+
+// Process of a container
+type Process interface {
+	Delete(context.Context) (uint32, time.Time, error)
+}
+
+// Client provides access to containerd features.
+type Client interface {
+	Version(ctx context.Context) (containerd.Version, error)
+
+	Restore(ctx context.Context, containerID string, attachStdio StdioCallback) (alive bool, pid int, p Process, err error)
+
+	Create(ctx context.Context, containerID string, spec *specs.Spec, shim string, runtimeOptions interface{}, opts ...containerd.NewContainerOpts) error
+	Start(ctx context.Context, containerID, checkpointDir string, withStdin bool, attachStdio StdioCallback) (pid int, err error)
+	SignalProcess(ctx context.Context, containerID, processID string, signal int) error
+	Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio StdioCallback) (int, error)
+	ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error
+	CloseStdin(ctx context.Context, containerID, processID string) error
+	Pause(ctx context.Context, containerID string) error
+	Resume(ctx context.Context, containerID string) error
+	Stats(ctx context.Context, containerID string) (*Stats, error)
+	ListPids(ctx context.Context, containerID string) ([]uint32, error)
+	Summary(ctx context.Context, containerID string) ([]Summary, error)
+	DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error)
+	Delete(ctx context.Context, containerID string) error
+	Status(ctx context.Context, containerID string) (containerd.ProcessStatus, error)
+
+	UpdateResources(ctx context.Context, containerID string, resources *Resources) error
+	CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error
+}
+
+// StdioCallback is called to connect a container or process stdio.
+type StdioCallback func(io *cio.DirectIO) (cio.IO, error)
+
+// InitProcessName is the name given to the first process of a container
+const InitProcessName = "init"
diff --git a/libcontainerd/types/types_linux.go b/libcontainerd/types/types_linux.go
new file mode 100644
index 0000000000000..6b05385221641
--- /dev/null
+++ b/libcontainerd/types/types_linux.go
@@ -0,0 +1,33 @@
+package types // import "github.com/docker/docker/libcontainerd/types"
+
+import (
+	"time"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Summary is not used on linux
+type Summary struct{}
+
+// Stats holds metrics properties as returned by containerd
+type Stats struct {
+	Read time.Time
+	// Metrics is expected to be either one of:
+	// * github.com/containerd/cgroups/stats/v1.Metrics
+	// * github.com/containerd/cgroups/stats/v2.Metrics
+	Metrics interface{}
+}
+
+// InterfaceToStats returns a stats object from the platform-specific interface.
+func InterfaceToStats(read time.Time, v interface{}) *Stats {
+	return &Stats{
+		Metrics: v,
+		Read:    read,
+	}
+}
+
+// Resources defines updatable container resource values. TODO: it must match containerd upcoming API
+type Resources specs.LinuxResources
+
+// Checkpoints contains the details of a checkpoint
+type Checkpoints struct{}
diff --git a/libcontainerd/types/types_windows.go b/libcontainerd/types/types_windows.go
new file mode 100644
index 0000000000000..3b521f1342208
--- /dev/null
+++ b/libcontainerd/types/types_windows.go
@@ -0,0 +1,37 @@
+package types // import "github.com/docker/docker/libcontainerd/types"
+
+import (
+	"time"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options"
+)
+
+type Summary options.ProcessDetails
+
+// Stats contains statistics from HCS
+type Stats struct {
+	Read     time.Time
+	HCSStats *hcsshim.Statistics
+}
+
+// InterfaceToStats returns a stats object from the platform-specific interface.
+func InterfaceToStats(read time.Time, v interface{}) *Stats {
+	return &Stats{
+		HCSStats: v.(*hcsshim.Statistics),
+		Read:     read,
+	}
+}
+
+// Resources defines updatable container resource values.
+type Resources struct{}
+
+// Checkpoint holds the details of a checkpoint (not supported in windows)
+type Checkpoint struct {
+	Name string
+}
+
+// Checkpoints contains the details of a checkpoint
+type Checkpoints struct {
+	Checkpoints []*Checkpoint
+}
diff --git a/libcontainerd/types_linux.go b/libcontainerd/types_linux.go
deleted file mode 100644
index 943382b9b005d..0000000000000
--- a/libcontainerd/types_linux.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"time"
-
-	"github.com/containerd/cgroups"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// Summary is not used on linux
-type Summary struct{}
-
-// Stats holds metrics properties as returned by containerd
-type Stats struct {
-	Read    time.Time
-	Metrics *cgroups.Metrics
-}
-
-func interfaceToStats(read time.Time, v interface{}) *Stats {
-	return &Stats{
-		Metrics: v.(*cgroups.Metrics),
-		Read:    read,
-	}
-}
-
-// Resources defines updatable container resource values. TODO: it must match containerd upcoming API
-type Resources specs.LinuxResources
-
-// Checkpoints contains the details of a checkpoint
-type Checkpoints struct{}
diff --git a/libcontainerd/types_windows.go b/libcontainerd/types_windows.go
deleted file mode 100644
index 9041a2e8d53bf..0000000000000
--- a/libcontainerd/types_windows.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"time"
-
-	"github.com/Microsoft/hcsshim"
-	opengcs "github.com/Microsoft/opengcs/client"
-)
-
-// Summary contains a ProcessList item from HCS to support `top`
-type Summary hcsshim.ProcessListItem
-
-// Stats contains statistics from HCS
-type Stats struct {
-	Read     time.Time
-	HCSStats *hcsshim.Statistics
-}
-
-func interfaceToStats(read time.Time, v interface{}) *Stats {
-	return &Stats{
-		HCSStats: v.(*hcsshim.Statistics),
-		Read:     read,
-	}
-}
-
-// Resources defines updatable container resource values.
-type Resources struct{}
-
-// LCOWOption is a CreateOption required for LCOW configuration
-type LCOWOption struct {
-	Config *opengcs.Config
-}
-
-// Checkpoint holds the details of a checkpoint (not supported in windows)
-type Checkpoint struct {
-	Name string
-}
-
-// Checkpoints contains the details of a checkpoint
-type Checkpoints struct {
-	Checkpoints []*Checkpoint
-}
diff --git a/libcontainerd/utils_windows.go b/libcontainerd/utils_windows.go
deleted file mode 100644
index aabb9aeaaa9d3..0000000000000
--- a/libcontainerd/utils_windows.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package libcontainerd // import "github.com/docker/docker/libcontainerd"
-
-import (
-	"strings"
-
-	opengcs "github.com/Microsoft/opengcs/client"
-)
-
-// setupEnvironmentVariables converts a string array of environment variables
-// into a map as required by the HCS. Source array is in format [v1=k1] [v2=k2] etc.
-func setupEnvironmentVariables(a []string) map[string]string {
-	r := make(map[string]string)
-	for _, s := range a {
-		arr := strings.SplitN(s, "=", 2)
-		if len(arr) == 2 {
-			r[arr[0]] = arr[1]
-		}
-	}
-	return r
-}
-
-// Apply for the LCOW option is a no-op.
-func (s *LCOWOption) Apply(interface{}) error {
-	return nil
-}
-
-// debugGCS is a dirty hack for debugging for Linux Utility VMs. It simply
-// runs a bunch of commands inside the UVM, but seriously aides in advanced debugging.
-func (c *container) debugGCS() {
-	if c == nil || c.isWindows || c.hcsContainer == nil {
-		return
-	}
-	cfg := opengcs.Config{
-		Uvm:               c.hcsContainer,
-		UvmTimeoutSeconds: 600,
-	}
-	cfg.DebugGCS()
-}
diff --git a/libnetwork/.dockerignore b/libnetwork/.dockerignore
new file mode 100644
index 0000000000000..31de392ac1e97
--- /dev/null
+++ b/libnetwork/.dockerignore
@@ -0,0 +1,5 @@
+.git
+.dockerignore
+Dockerfile
+bin
+tags
diff --git a/libnetwork/.gitignore b/libnetwork/.gitignore
new file mode 100644
index 0000000000000..81dff39251277
--- /dev/null
+++ b/libnetwork/.gitignore
@@ -0,0 +1,45 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+*~
+.gtm
+bin/
+tags
+.DS_Store
+
+# Folders
+integration-tmp/
+_obj
+_test
+.vagrant
+
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+cmd/dnet/dnet
+
+# Coverage
+*.tmp
+*.coverprofile
+
+# IDE files and folders
+.project
+.settings/
+
+libnetworkbuild.created
+test/networkDb/testMain
+test/networkDb/gossipdb
diff --git a/libnetwork/CHANGELOG.md b/libnetwork/CHANGELOG.md
new file mode 100644
index 0000000000000..77de7665a51e2
--- /dev/null
+++ b/libnetwork/CHANGELOG.md
@@ -0,0 +1,199 @@
+# Changelog
+
+## 0.8.0-dev.2 (2016-05-07)
+- Fix an issue which may arise during sandbox cleanup (https://github.com/docker/libnetwork/pull/1157)
+- Fix cleanup logic in case of ipv6 allocation failure
+- Don't add /etc/hosts record if container's ip is empty (--net=none)
+- Fix default gw logic for internal networks
+- Error when updating IPv6 gateway (https://github.com/docker/libnetwork/issues/1142)
+- Fixes https://github.com/docker/libnetwork/issues/1113
+- Fixes https://github.com/docker/libnetwork/issues/1069
+- Fxies https://github.com/docker/libnetwork/issues/1117
+- Increase the concurrent query rate-limit count
+- Changes to build libnetwork in Solaris
+
+## 0.8.0-dev.1 (2016-04-16)
+- Fixes docker/docker#16964
+- Added maximum egress bandwidth qos for Windows
+
+## 0.7.0-rc.6 (2016-04-10)
+- Flush cached resolver socket on default gateway change
+
+## 0.7.0-rc.5 (2016-04-08)
+- Persist ipam driver options
+- Fixes https://github.com/docker/libnetwork/issues/1087
+- Use go vet from go tool
+- Godep update to pick up latest docker/docker packages
+- Validate remote driver response using docker plugins package method.
+
+## 0.7.0-rc.4 (2016-04-06)
+- Fix the handling for default gateway Endpoint join/leave.
+
+## 0.7.0-rc.3 (2016-04-05)
+- Revert fix for default gateway endpoint join/leave. Needs to be reworked.
+- Persist the network internal mode for bridge networks
+
+## 0.7.0-rc.2 (2016-04-05)
+- Fixes https://github.com/docker/libnetwork/issues/1070
+- Move IPAM resource initialization out of init()
+- Initialize overlay driver before network delete
+- Fix the handling for default gateway Endpoint join/lean
+
+## 0.7.0-rc.1 (2016-03-30)
+- Fixes https://github.com/docker/libnetwork/issues/985
+- Fixes https://github.com/docker/libnetwork/issues/945
+- Log time taken to set sandbox key
+- Limit number of concurrent DNS queries
+
+## 0.7.0-dev.10 (2016-03-21)
+- Add IPv6 service discovery (AAAA records) in embedded DNS server
+- Honor enableIPv6 flag in network create for the IP allocation
+- Avoid V6 queries in docker domain going to external nameservers
+
+## 0.7.0-dev.9 (2016-03-18)
+- Support labels on networks
+
+## 0.7.0-dev.8 (2016-03-16)
+- Windows driver to respect user set MAC address.
+- Fix possible nil pointer reference in ServeDNS() with concurrent go routines.
+- Fix netns path setting from hook (for containerd integration)
+- Clear cached udp connections on resolver Stop()
+- Avoid network/endpoint count inconsistences and remove stale networks after ungraceful shutdown
+- Fix possible endpoint count inconsistency after ungraceful shutdown
+- Reject a null v4 IPAM slice in exp vlan drivers
+- Removed experimental drivers modprobe check
+
+## 0.7.0-dev.7 (2016-03-11)
+- Bumped up the minimum kernel version for ipvlan to 4.2
+- Removed modprobe from macvlan/ipvlan drivers to resolve docker IT failures
+- Close dbus connection if firewalld is not started
+
+## 0.7.0-dev.6 (2016-03-10)
+- Experimental support for macvlan and ipvlan drivers
+
+## 0.7.0-dev.5 (2016-03-08)
+- Fixes https://github.com/docker/docker/issues/20847
+- Fixes https://github.com/docker/docker/issues/20997
+- Fixes issues unveiled by docker integ test over 0.7.0-dev.4
+
+## 0.7.0-dev.4 (2016-03-07)
+- Changed ownership of exposed ports and port-mapping options from Endpoint to Sandbox
+- Implement DNS RR in the Docker embedded DNS server
+- Fixes https://github.com/docker/libnetwork/issues/984 (multi container overlay veth leak)
+- Libnetwork to program container's interface MAC address
+- Fixed bug in iptables.Exists() logic
+- Fixes https://github.com/docker/docker/issues/20694
+- Source external DNS queries from container namespace
+- Added inbuilt nil IPAM driver
+- Windows drivers integration fixes
+- Extract hostname from (hostname.domainname). Related to https://github.com/docker/docker/issues/14282
+- Fixed race in sandbox statistics read
+- Fixes https://github.com/docker/libnetwork/issues/892 (docker start fails when ipv6.disable=1)
+- Fixed error message on bridge network creation conflict
+
+## 0.7.0-dev.3 (2016-02-17)
+- Fixes https://github.com/docker/docker/issues/20350
+- Fixes https://github.com/docker/docker/issues/20145
+- Initial Windows HNS integration
+- Allow passing global datastore config to libnetwork after boot
+- Set Recursion Available bit in DNS query responses
+- Make sure iptables chains are recreated on firewalld reload
+
+## 0.7.0-dev.2 (2016-02-11)
+- Fixes https://github.com/docker/docker/issues/20140
+
+## 0.7.0-dev.1 (2016-02-10)
+- Expose EnableIPV6 option
+- discoverapi refactoring
+- Fixed a few typos & docs update
+
+## 0.6.1-rc2 (2016-02-09)
+- Fixes https://github.com/docker/docker/issues/20132
+- Fixes https://github.com/docker/docker/issues/20140
+- Fixes https://github.com/docker/docker/issues/20019
+
+## 0.6.1-rc1 (2016-02-05)
+- Fixes https://github.com/docker/docker/issues/20026
+
+## 0.6.0-rc7 (2016-02-01)
+- Allow inter-network connections via exposed ports
+
+## 0.6.0-rc6 (2016-01-30)
+- Properly fixes https://github.com/docker/docker/issues/18814
+
+## 0.6.0-rc5 (2016-01-26)
+- Cleanup stale overlay sandboxes
+
+## 0.6.0-rc4 (2016-01-25)
+- Add Endpoints() API to Sandbox interface
+- Fixed a race-condition in default gateway network creation
+
+## 0.6.0-rc3 (2016-01-25)
+- Fixes docker/docker#19576
+- Fixed embedded DNS to listen in TCP as well
+- Fixed a race-condition in IPAM to choose non-overlapping subnet for concurrent requests
+
+## 0.6.0-rc2 (2016-01-21)
+- Fixes docker/docker#19376
+- Fixes docker/docker#15819
+- Fixes libnetwork/#885, Not filter v6 DNS servers from resolv.conf
+- Fixes docker/docker #19448, also handles the . in service and network names correctly.
+
+## 0.6.0-rc1 (2016-01-14)
+- Fixes docker/docker#19404
+- Fixes the ungraceful daemon restart issue in systemd with remote network plugin
+  (https://github.com/docker/libnetwork/issues/813)
+
+## 0.5.6 (2016-01-14)
+- Setup embedded DNS server correctly on container restart. Fixes docker/docker#19354
+
+## 0.5.5 (2016-01-14)
+- Allow network-scoped alias to be resolved for anonymous endpoint
+- Self repair corrupted IP database that could happen in 1.9.0 & 1.9.1
+- Skip IPTables cleanup if --iptables=false is set. Fixes docker/docker#19063
+
+## 0.5.4 (2016-01-12)
+- Removed the isNodeAlive protection when user forces an endpoint delete
+
+## 0.5.3 (2016-01-12)
+- Bridge driver supporting internal network option
+- Backend implementation to support "force" option to network disconnect
+- Fixing a regex in etchosts package to fix docker/docker#19080
+
+## 0.5.2 (2016-01-08)
+- Embedded DNS replacing /etc/hosts based Service Discovery
+- Container local alias and Network-scoped alias support
+- Backend support for internal network mode
+- Support for IPAM driver options
+- Fixes overlay veth cleanup issue : docker/docker#18814
+- fixes docker/docker#19139
+- disable IPv6 Duplicate Address Detection
+
+## 0.5.1 (2015-12-07)
+- Allowing user to assign IP Address for containers
+- Fixes docker/docker#18214
+- Fixes docker/docker#18380
+
+## 0.5.0 (2015-10-30)
+
+- Docker multi-host networking exiting experimental channel
+- Introduced IP Address Management and IPAM drivers
+- DEPRECATE service discovery from default bridge network
+- Introduced new network UX
+- Support for multiple networks in bridge driver
+- Local persistence with boltdb
+
+## 0.4.0 (2015-07-24)
+
+- Introduce experimental version of Overlay driver
+- Introduce experimental version of network plugins
+- Introduce experimental version of network & service UX
+- Introduced experimental /etc/hosts based service discovery
+- Integrated with libkv
+- Improving test coverage
+- Fixed a bunch of issues with osl namespace mgmt
+
+## 0.3.0 (2015-05-27)
+ 
+- Introduce CNM (Container Networking Model)
+- Replace docker networking with CNM & Bridge driver
diff --git a/libnetwork/README.md b/libnetwork/README.md
new file mode 100644
index 0000000000000..c48c5b5794e35
--- /dev/null
+++ b/libnetwork/README.md
@@ -0,0 +1,97 @@
+# libnetwork - networking for containers
+
+Libnetwork provides a native Go implementation for connecting containers
+
+The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications.
+
+#### Design
+Please refer to the [design](docs/design.md) for more information.
+
+#### Using libnetwork
+
+There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users.
+
+
+```go
+package main
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+)
+
+func main() {
+	if reexec.Init() {
+		return
+	}
+
+	// Select and configure the network driver
+	networkType := "bridge"
+
+	// Create a new controller instance
+	driverOptions := options.Generic{}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = driverOptions
+	controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption))
+	if err != nil {
+		log.Fatalf("libnetwork.New: %s", err)
+	}
+
+	// Create a network for containers to join.
+	// NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use.
+	network, err := controller.NewNetwork(networkType, "network1", "")
+	if err != nil {
+		log.Fatalf("controller.NewNetwork: %s", err)
+	}
+
+	// For each new container: allocate IP and interfaces. The returned network
+	// settings will be used for container infos (inspect and such), as well as
+	// iptables rules for port publishing. This info is contained or accessible
+	// from the returned endpoint.
+	ep, err := network.CreateEndpoint("Endpoint1")
+	if err != nil {
+		log.Fatalf("network.CreateEndpoint: %s", err)
+	}
+
+	// Create the sandbox for the container.
+	// NewSandbox accepts Variadic optional arguments which libnetwork can use.
+	sbx, err := controller.NewSandbox("container1",
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"))
+	if err != nil {
+		log.Fatalf("controller.NewSandbox: %s", err)
+	}
+
+	// A sandbox can join the endpoint via the join api.
+	err = ep.Join(sbx)
+	if err != nil {
+		log.Fatalf("ep.Join: %s", err)
+	}
+
+	// libnetwork client can check the endpoint's operational data via the Info() API
+	epInfo, err := ep.DriverInfo()
+	if err != nil {
+		log.Fatalf("ep.DriverInfo: %s", err)
+	}
+
+	macAddress, ok := epInfo[netlabel.MacAddress]
+	if !ok {
+		log.Fatalf("failed to get mac address from endpoint info")
+	}
+
+	fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key())
+}
+```
+
+## Contributing
+
+Want to hack on libnetwork? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply.
+
+## Copyright and license
+Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.
diff --git a/vendor/github.com/docker/libnetwork/agent.go b/libnetwork/agent.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/agent.go
rename to libnetwork/agent.go
index a9d77e26701d4..feca147ea840b 100644
--- a/vendor/github.com/docker/libnetwork/agent.go
+++ b/libnetwork/agent.go
@@ -1,6 +1,6 @@
 package libnetwork
 
-//go:generate protoc -I.:Godeps/_workspace/src/github.com/gogo/protobuf  --gogo_out=import_path=github.com/docker/libnetwork,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. agent.proto
+//go:generate protoc -I.:Godeps/_workspace/src/github.com/gogo/protobuf  --gogo_out=import_path=github.com/docker/docker/libnetwork,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. agent.proto
 
 import (
 	"encoding/json"
@@ -9,13 +9,13 @@ import (
 	"sort"
 	"sync"
 
+	"github.com/docker/docker/libnetwork/cluster"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/networkdb"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/go-events"
-	"github.com/docker/libnetwork/cluster"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/networkdb"
-	"github.com/docker/libnetwork/types"
 	"github.com/gogo/protobuf/proto"
 	"github.com/sirupsen/logrus"
 )
@@ -184,6 +184,16 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error {
 		err := driver.DiscoverNew(discoverapi.EncryptionKeysUpdate, drvEnc)
 		if err != nil {
 			logrus.Warnf("Failed to update datapath keys in driver %s: %v", name, err)
+			// Attempt to reconfigure keys in case of a update failure
+			// which can arise due to a mismatch of keys
+			// if worker nodes get temporarily disconnected
+			logrus.Warnf("Reconfiguring datapath keys for  %s", name)
+			drvCfgEnc := discoverapi.DriverEncryptionConfig{}
+			drvCfgEnc.Keys, drvCfgEnc.Tags = c.getKeys(subsysIPSec)
+			err = driver.DiscoverNew(discoverapi.EncryptionKeysConfig, drvCfgEnc)
+			if err != nil {
+				logrus.Warnf("Failed to reset datapath keys in driver %s: %v", name, err)
+			}
 		}
 		return false
 	})
@@ -378,6 +388,9 @@ func (c *controller) agentClose() {
 	c.agent = nil
 	c.Unlock()
 
+	// when the agent is closed the cluster provider should be cleaned up
+	c.SetClusterProvider(nil)
+
 	if agent == nil {
 		return
 	}
@@ -583,7 +596,7 @@ func (ep *endpoint) deleteDriverInfoFromCluster() error {
 }
 
 func (ep *endpoint) addServiceInfoToCluster(sb *sandbox) error {
-	if ep.isAnonymous() && len(ep.myAliases) == 0 || ep.Iface().Address() == nil {
+	if ep.isAnonymous() && len(ep.myAliases) == 0 || ep.Iface() == nil || ep.Iface().Address() == nil {
 		return nil
 	}
 
@@ -706,7 +719,7 @@ func (ep *endpoint) deleteServiceInfoFromCluster(sb *sandbox, fullRemove bool, m
 		}
 	}
 
-	if ep.Iface().Address() != nil {
+	if ep.Iface() != nil && ep.Iface().Address() != nil {
 		if ep.svcID != "" {
 			// This is a task part of a service
 			var ingressPorts []*PortConfig
@@ -780,7 +793,7 @@ func (n *network) addDriverWatches() {
 			return
 		}
 
-		agent.networkDB.WalkTable(table.name, func(nid, key string, value []byte, deleted bool) bool {
+		err = agent.networkDB.WalkTable(table.name, func(nid, key string, value []byte, deleted bool) bool {
 			// skip the entries that are mark for deletion, this is safe because this function is
 			// called at initialization time so there is no state to delete
 			if nid == n.ID() && !deleted {
@@ -788,6 +801,9 @@ func (n *network) addDriverWatches() {
 			}
 			return false
 		})
+		if err != nil {
+			logrus.WithError(err).Warn("Error while walking networkdb")
+		}
 	}
 }
 
diff --git a/vendor/github.com/docker/libnetwork/agent.pb.go b/libnetwork/agent.pb.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/agent.pb.go
rename to libnetwork/agent.pb.go
diff --git a/vendor/github.com/docker/libnetwork/agent.proto b/libnetwork/agent.proto
similarity index 100%
rename from vendor/github.com/docker/libnetwork/agent.proto
rename to libnetwork/agent.proto
diff --git a/libnetwork/bitseq/sequence.go b/libnetwork/bitseq/sequence.go
new file mode 100644
index 0000000000000..b53721d2120d8
--- /dev/null
+++ b/libnetwork/bitseq/sequence.go
@@ -0,0 +1,731 @@
+// Package bitseq provides a structure and utilities for representing long bitmask
+// as sequence of run-length encoded blocks. It operates directly on the encoded
+// representation, it does not decode/encode.
+package bitseq
+
+import (
+	"encoding/binary"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"sync"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/sirupsen/logrus"
+)
+
+// block sequence constants
+// If needed we can think of making these configurable
+const (
+	blockLen      = uint32(32)
+	blockBytes    = uint64(blockLen / 8)
+	blockMAX      = uint32(1<<blockLen - 1)
+	blockFirstBit = uint32(1) << (blockLen - 1)
+	invalidPos    = uint64(0xFFFFFFFFFFFFFFFF)
+)
+
+var (
+	// ErrNoBitAvailable is returned when no more bits are available to set
+	ErrNoBitAvailable = errors.New("no bit available")
+	// ErrBitAllocated is returned when the specific bit requested is already set
+	ErrBitAllocated = errors.New("requested bit is already allocated")
+)
+
+// Handle contains the sequence representing the bitmask and its identifier
+type Handle struct {
+	bits       uint64
+	unselected uint64
+	head       *sequence
+	app        string
+	id         string
+	dbIndex    uint64
+	dbExists   bool
+	curr       uint64
+	store      datastore.DataStore
+	sync.Mutex
+}
+
+// NewHandle returns a thread-safe instance of the bitmask handler
+func NewHandle(app string, ds datastore.DataStore, id string, numElements uint64) (*Handle, error) {
+	h := &Handle{
+		app:        app,
+		id:         id,
+		store:      ds,
+		bits:       numElements,
+		unselected: numElements,
+		head: &sequence{
+			block: 0x0,
+			count: getNumBlocks(numElements),
+		},
+	}
+
+	if h.store == nil {
+		return h, nil
+	}
+
+	// Get the initial status from the ds if present.
+	if err := h.store.GetObject(datastore.Key(h.Key()...), h); err != nil && err != datastore.ErrKeyNotFound {
+		return nil, err
+	}
+
+	// If the handle is not in store, write it.
+	if !h.Exists() {
+		if err := h.writeToStore(); err != nil {
+			return nil, fmt.Errorf("failed to write bitsequence to store: %v", err)
+		}
+	}
+
+	return h, nil
+}
+
+// sequence represents a recurring sequence of 32 bits long bitmasks
+type sequence struct {
+	block uint32    // block is a symbol representing 4 byte long allocation bitmask
+	count uint64    // number of consecutive blocks (symbols)
+	next  *sequence // next sequence
+}
+
+// String returns a string representation of the block sequence starting from this block
+func (s *sequence) toString() string {
+	var nextBlock string
+	if s.next == nil {
+		nextBlock = "end"
+	} else {
+		nextBlock = s.next.toString()
+	}
+	return fmt.Sprintf("(0x%x, %d)->%s", s.block, s.count, nextBlock)
+}
+
+// GetAvailableBit returns the position of the first unset bit in the bitmask represented by this sequence
+func (s *sequence) getAvailableBit(from uint64) (uint64, uint64, error) {
+	if s.block == blockMAX || s.count == 0 {
+		return invalidPos, invalidPos, ErrNoBitAvailable
+	}
+	bits := from
+	bitSel := blockFirstBit >> from
+	for bitSel > 0 && s.block&bitSel != 0 {
+		bitSel >>= 1
+		bits++
+	}
+	// Check if the loop exited because it could not
+	// find any available bit int block  starting from
+	// "from". Return invalid pos in that case.
+	if bitSel == 0 {
+		return invalidPos, invalidPos, ErrNoBitAvailable
+	}
+	return bits / 8, bits % 8, nil
+}
+
+// GetCopy returns a copy of the linked list rooted at this node
+func (s *sequence) getCopy() *sequence {
+	n := &sequence{block: s.block, count: s.count}
+	pn := n
+	ps := s.next
+	for ps != nil {
+		pn.next = &sequence{block: ps.block, count: ps.count}
+		pn = pn.next
+		ps = ps.next
+	}
+	return n
+}
+
+// Equal checks if this sequence is equal to the passed one
+func (s *sequence) equal(o *sequence) bool {
+	this := s
+	other := o
+	for this != nil {
+		if other == nil {
+			return false
+		}
+		if this.block != other.block || this.count != other.count {
+			return false
+		}
+		this = this.next
+		other = other.next
+	}
+	return other == nil
+}
+
+// ToByteArray converts the sequence into a byte array
+func (s *sequence) toByteArray() ([]byte, error) {
+	var bb []byte
+
+	p := s
+	for p != nil {
+		b := make([]byte, 12)
+		binary.BigEndian.PutUint32(b[0:], p.block)
+		binary.BigEndian.PutUint64(b[4:], p.count)
+		bb = append(bb, b...)
+		p = p.next
+	}
+
+	return bb, nil
+}
+
+// fromByteArray construct the sequence from the byte array
+func (s *sequence) fromByteArray(data []byte) error {
+	l := len(data)
+	if l%12 != 0 {
+		return fmt.Errorf("cannot deserialize byte sequence of length %d (%v)", l, data)
+	}
+
+	p := s
+	i := 0
+	for {
+		p.block = binary.BigEndian.Uint32(data[i : i+4])
+		p.count = binary.BigEndian.Uint64(data[i+4 : i+12])
+		i += 12
+		if i == l {
+			break
+		}
+		p.next = &sequence{}
+		p = p.next
+	}
+
+	return nil
+}
+
+func (h *Handle) getCopy() *Handle {
+	return &Handle{
+		bits:       h.bits,
+		unselected: h.unselected,
+		head:       h.head.getCopy(),
+		app:        h.app,
+		id:         h.id,
+		dbIndex:    h.dbIndex,
+		dbExists:   h.dbExists,
+		store:      h.store,
+		curr:       h.curr,
+	}
+}
+
+// SetAnyInRange atomically sets the first unset bit in the specified range in the sequence and returns the corresponding ordinal
+func (h *Handle) SetAnyInRange(start, end uint64, serial bool) (uint64, error) {
+	if end < start || end >= h.bits {
+		return invalidPos, fmt.Errorf("invalid bit range [%d, %d]", start, end)
+	}
+	if h.Unselected() == 0 {
+		return invalidPos, ErrNoBitAvailable
+	}
+	return h.set(0, start, end, true, false, serial)
+}
+
+// SetAny atomically sets the first unset bit in the sequence and returns the corresponding ordinal
+func (h *Handle) SetAny(serial bool) (uint64, error) {
+	if h.Unselected() == 0 {
+		return invalidPos, ErrNoBitAvailable
+	}
+	return h.set(0, 0, h.bits-1, true, false, serial)
+}
+
+// Set atomically sets the corresponding bit in the sequence
+func (h *Handle) Set(ordinal uint64) error {
+	if err := h.validateOrdinal(ordinal); err != nil {
+		return err
+	}
+	_, err := h.set(ordinal, 0, 0, false, false, false)
+	return err
+}
+
+// Unset atomically unsets the corresponding bit in the sequence
+func (h *Handle) Unset(ordinal uint64) error {
+	if err := h.validateOrdinal(ordinal); err != nil {
+		return err
+	}
+	_, err := h.set(ordinal, 0, 0, false, true, false)
+	return err
+}
+
+// IsSet atomically checks if the ordinal bit is set. In case ordinal
+// is outside of the bit sequence limits, false is returned.
+func (h *Handle) IsSet(ordinal uint64) bool {
+	if err := h.validateOrdinal(ordinal); err != nil {
+		return false
+	}
+	h.Lock()
+	_, _, err := checkIfAvailable(h.head, ordinal)
+	h.Unlock()
+	return err != nil
+}
+
+func (h *Handle) runConsistencyCheck() bool {
+	corrupted := false
+	for p, c := h.head, h.head.next; c != nil; c = c.next {
+		if c.count == 0 {
+			corrupted = true
+			p.next = c.next
+			continue // keep same p
+		}
+		p = c
+	}
+	return corrupted
+}
+
+// CheckConsistency checks if the bit sequence is in an inconsistent state and attempts to fix it.
+// It looks for a corruption signature that may happen in docker 1.9.0 and 1.9.1.
+func (h *Handle) CheckConsistency() error {
+	for {
+		h.Lock()
+		store := h.store
+		h.Unlock()
+
+		if store != nil {
+			if err := store.GetObject(datastore.Key(h.Key()...), h); err != nil && err != datastore.ErrKeyNotFound {
+				return err
+			}
+		}
+
+		h.Lock()
+		nh := h.getCopy()
+		h.Unlock()
+
+		if !nh.runConsistencyCheck() {
+			return nil
+		}
+
+		if err := nh.writeToStore(); err != nil {
+			if _, ok := err.(types.RetryError); !ok {
+				return fmt.Errorf("internal failure while fixing inconsistent bitsequence: %v", err)
+			}
+			continue
+		}
+
+		logrus.Infof("Fixed inconsistent bit sequence in datastore:\n%s\n%s", h, nh)
+
+		h.Lock()
+		h.head = nh.head
+		h.Unlock()
+
+		return nil
+	}
+}
+
+// set/reset the bit
+func (h *Handle) set(ordinal, start, end uint64, any bool, release bool, serial bool) (uint64, error) {
+	var (
+		bitPos  uint64
+		bytePos uint64
+		ret     uint64
+		err     error
+	)
+
+	for {
+		var store datastore.DataStore
+		curr := uint64(0)
+		h.Lock()
+		store = h.store
+		if store != nil {
+			h.Unlock() // The lock is acquired in the GetObject
+			if err := store.GetObject(datastore.Key(h.Key()...), h); err != nil && err != datastore.ErrKeyNotFound {
+				return ret, err
+			}
+			h.Lock() // Acquire the lock back
+		}
+		if serial {
+			curr = h.curr
+		}
+		// Get position if available
+		if release {
+			bytePos, bitPos = ordinalToPos(ordinal)
+		} else {
+			if any {
+				bytePos, bitPos, err = getAvailableFromCurrent(h.head, start, curr, end)
+				ret = posToOrdinal(bytePos, bitPos)
+				if err == nil {
+					h.curr = ret + 1
+				}
+			} else {
+				bytePos, bitPos, err = checkIfAvailable(h.head, ordinal)
+				ret = ordinal
+			}
+		}
+		if err != nil {
+			h.Unlock()
+			return ret, err
+		}
+
+		// Create a private copy of h and work on it
+		nh := h.getCopy()
+
+		nh.head = pushReservation(bytePos, bitPos, nh.head, release)
+		if release {
+			nh.unselected++
+		} else {
+			nh.unselected--
+		}
+
+		if h.store != nil {
+			h.Unlock()
+			// Attempt to write private copy to store
+			if err := nh.writeToStore(); err != nil {
+				if _, ok := err.(types.RetryError); !ok {
+					return ret, fmt.Errorf("internal failure while setting the bit: %v", err)
+				}
+				// Retry
+				continue
+			}
+			h.Lock()
+		}
+
+		// Previous atomic push was successful. Save private copy to local copy
+		h.unselected = nh.unselected
+		h.head = nh.head
+		h.dbExists = nh.dbExists
+		h.dbIndex = nh.dbIndex
+		h.Unlock()
+		return ret, nil
+	}
+}
+
+// checks is needed because to cover the case where the number of bits is not a multiple of blockLen
+func (h *Handle) validateOrdinal(ordinal uint64) error {
+	h.Lock()
+	defer h.Unlock()
+	if ordinal >= h.bits {
+		return errors.New("bit does not belong to the sequence")
+	}
+	return nil
+}
+
+// Destroy removes from the datastore the data belonging to this handle
+func (h *Handle) Destroy() error {
+	for {
+		if err := h.deleteFromStore(); err != nil {
+			if _, ok := err.(types.RetryError); !ok {
+				return fmt.Errorf("internal failure while destroying the sequence: %v", err)
+			}
+			// Fetch latest
+			if err := h.store.GetObject(datastore.Key(h.Key()...), h); err != nil {
+				if err == datastore.ErrKeyNotFound { // already removed
+					return nil
+				}
+				return fmt.Errorf("failed to fetch from store when destroying the sequence: %v", err)
+			}
+			continue
+		}
+		return nil
+	}
+}
+
+// ToByteArray converts this handle's data into a byte array
+func (h *Handle) ToByteArray() ([]byte, error) {
+
+	h.Lock()
+	defer h.Unlock()
+	ba := make([]byte, 16)
+	binary.BigEndian.PutUint64(ba[0:], h.bits)
+	binary.BigEndian.PutUint64(ba[8:], h.unselected)
+	bm, err := h.head.toByteArray()
+	if err != nil {
+		return nil, fmt.Errorf("failed to serialize head: %s", err.Error())
+	}
+	ba = append(ba, bm...)
+
+	return ba, nil
+}
+
+// FromByteArray reads his handle's data from a byte array
+func (h *Handle) FromByteArray(ba []byte) error {
+	if ba == nil {
+		return errors.New("nil byte array")
+	}
+
+	nh := &sequence{}
+	err := nh.fromByteArray(ba[16:])
+	if err != nil {
+		return fmt.Errorf("failed to deserialize head: %s", err.Error())
+	}
+
+	h.Lock()
+	h.head = nh
+	h.bits = binary.BigEndian.Uint64(ba[0:8])
+	h.unselected = binary.BigEndian.Uint64(ba[8:16])
+	h.Unlock()
+
+	return nil
+}
+
+// Bits returns the length of the bit sequence
+func (h *Handle) Bits() uint64 {
+	return h.bits
+}
+
+// Unselected returns the number of bits which are not selected
+func (h *Handle) Unselected() uint64 {
+	h.Lock()
+	defer h.Unlock()
+	return h.unselected
+}
+
+func (h *Handle) String() string {
+	h.Lock()
+	defer h.Unlock()
+	return fmt.Sprintf("App: %s, ID: %s, DBIndex: 0x%x, Bits: %d, Unselected: %d, Sequence: %s Curr:%d",
+		h.app, h.id, h.dbIndex, h.bits, h.unselected, h.head.toString(), h.curr)
+}
+
+// MarshalJSON encodes Handle into json message
+func (h *Handle) MarshalJSON() ([]byte, error) {
+	m := map[string]interface{}{
+		"id": h.id,
+	}
+
+	b, err := h.ToByteArray()
+	if err != nil {
+		return nil, err
+	}
+	m["sequence"] = b
+	return json.Marshal(m)
+}
+
+// UnmarshalJSON decodes json message into Handle
+func (h *Handle) UnmarshalJSON(data []byte) error {
+	var (
+		m   map[string]interface{}
+		b   []byte
+		err error
+	)
+	if err = json.Unmarshal(data, &m); err != nil {
+		return err
+	}
+	h.id = m["id"].(string)
+	bi, _ := json.Marshal(m["sequence"])
+	if err := json.Unmarshal(bi, &b); err != nil {
+		return err
+	}
+	return h.FromByteArray(b)
+}
+
+// getFirstAvailable looks for the first unset bit in passed mask starting from start
+func getFirstAvailable(head *sequence, start uint64) (uint64, uint64, error) {
+	// Find sequence which contains the start bit
+	byteStart, bitStart := ordinalToPos(start)
+	current, _, precBlocks, inBlockBytePos := findSequence(head, byteStart)
+	// Derive the this sequence offsets
+	byteOffset := byteStart - inBlockBytePos
+	bitOffset := inBlockBytePos*8 + bitStart
+	for current != nil {
+		if current.block != blockMAX {
+			// If the current block is not full, check if there is any bit
+			// from the current bit in the current block. If not, before proceeding to the
+			// next block node, make sure we check for available bit in the next
+			// instance of the same block. Due to RLE same block signature will be
+			// compressed.
+		retry:
+			bytePos, bitPos, err := current.getAvailableBit(bitOffset)
+			if err != nil && precBlocks == current.count-1 {
+				// This is the last instance in the same block node,
+				// so move to the next block.
+				goto next
+			}
+			if err != nil {
+				// There are some more instances of the same block, so add the offset
+				// and be optimistic that you will find the available bit in the next
+				// instance of the same block.
+				bitOffset = 0
+				byteOffset += blockBytes
+				precBlocks++
+				goto retry
+			}
+			return byteOffset + bytePos, bitPos, err
+		}
+		// Moving to next block: Reset bit offset.
+	next:
+		bitOffset = 0
+		byteOffset += (current.count * blockBytes) - (precBlocks * blockBytes)
+		precBlocks = 0
+		current = current.next
+	}
+	return invalidPos, invalidPos, ErrNoBitAvailable
+}
+
+// getAvailableFromCurrent will look for available ordinal from the current ordinal.
+// If none found then it will loop back to the start to check of the available bit.
+// This can be further optimized to check from start till curr in case of a rollover
+func getAvailableFromCurrent(head *sequence, start, curr, end uint64) (uint64, uint64, error) {
+	var bytePos, bitPos uint64
+	var err error
+	if curr != 0 && curr > start {
+		bytePos, bitPos, err = getFirstAvailable(head, curr)
+		ret := posToOrdinal(bytePos, bitPos)
+		if end < ret || err != nil {
+			goto begin
+		}
+		return bytePos, bitPos, nil
+	}
+
+begin:
+	bytePos, bitPos, err = getFirstAvailable(head, start)
+	ret := posToOrdinal(bytePos, bitPos)
+	if end < ret || err != nil {
+		return invalidPos, invalidPos, ErrNoBitAvailable
+	}
+	return bytePos, bitPos, nil
+}
+
+// checkIfAvailable checks if the bit correspondent to the specified ordinal is unset
+// If the ordinal is beyond the sequence limits, a negative response is returned
+func checkIfAvailable(head *sequence, ordinal uint64) (uint64, uint64, error) {
+	bytePos, bitPos := ordinalToPos(ordinal)
+
+	// Find the sequence containing this byte
+	current, _, _, inBlockBytePos := findSequence(head, bytePos)
+	if current != nil {
+		// Check whether the bit corresponding to the ordinal address is unset
+		bitSel := blockFirstBit >> (inBlockBytePos*8 + bitPos)
+		if current.block&bitSel == 0 {
+			return bytePos, bitPos, nil
+		}
+	}
+
+	return invalidPos, invalidPos, ErrBitAllocated
+}
+
+// Given the byte position and the sequences list head, return the pointer to the
+// sequence containing the byte (current), the pointer to the previous sequence,
+// the number of blocks preceding the block containing the byte inside the current sequence.
+// If bytePos is outside of the list, function will return (nil, nil, 0, invalidPos)
+func findSequence(head *sequence, bytePos uint64) (*sequence, *sequence, uint64, uint64) {
+	// Find the sequence containing this byte
+	previous := head
+	current := head
+	n := bytePos
+	for current.next != nil && n >= (current.count*blockBytes) { // Nil check for less than 32 addresses masks
+		n -= (current.count * blockBytes)
+		previous = current
+		current = current.next
+	}
+
+	// If byte is outside of the list, let caller know
+	if n >= (current.count * blockBytes) {
+		return nil, nil, 0, invalidPos
+	}
+
+	// Find the byte position inside the block and the number of blocks
+	// preceding the block containing the byte inside this sequence
+	precBlocks := n / blockBytes
+	inBlockBytePos := bytePos % blockBytes
+
+	return current, previous, precBlocks, inBlockBytePos
+}
+
+// PushReservation pushes the bit reservation inside the bitmask.
+// Given byte and bit positions, identify the sequence (current) which holds the block containing the affected bit.
+// Create a new block with the modified bit according to the operation (allocate/release).
+// Create a new sequence containing the new block and insert it in the proper position.
+// Remove current sequence if empty.
+// Check if new sequence can be merged with neighbour (previous/next) sequences.
+//
+//
+// Identify "current" sequence containing block:
+//                                      [prev seq] [current seq] [next seq]
+//
+// Based on block position, resulting list of sequences can be any of three forms:
+//
+//        block position                        Resulting list of sequences
+// A) block is first in current:         [prev seq] [new] [modified current seq] [next seq]
+// B) block is last in current:          [prev seq] [modified current seq] [new] [next seq]
+// C) block is in the middle of current: [prev seq] [curr pre] [new] [curr post] [next seq]
+func pushReservation(bytePos, bitPos uint64, head *sequence, release bool) *sequence {
+	// Store list's head
+	newHead := head
+
+	// Find the sequence containing this byte
+	current, previous, precBlocks, inBlockBytePos := findSequence(head, bytePos)
+	if current == nil {
+		return newHead
+	}
+
+	// Construct updated block
+	bitSel := blockFirstBit >> (inBlockBytePos*8 + bitPos)
+	newBlock := current.block
+	if release {
+		newBlock &^= bitSel
+	} else {
+		newBlock |= bitSel
+	}
+
+	// Quit if it was a redundant request
+	if current.block == newBlock {
+		return newHead
+	}
+
+	// Current sequence inevitably looses one block, upadate count
+	current.count--
+
+	// Create new sequence
+	newSequence := &sequence{block: newBlock, count: 1}
+
+	// Insert the new sequence in the list based on block position
+	if precBlocks == 0 { // First in sequence (A)
+		newSequence.next = current
+		if current == head {
+			newHead = newSequence
+			previous = newHead
+		} else {
+			previous.next = newSequence
+		}
+		removeCurrentIfEmpty(&newHead, newSequence, current)
+		mergeSequences(previous)
+	} else if precBlocks == current.count { // Last in sequence (B)
+		newSequence.next = current.next
+		current.next = newSequence
+		mergeSequences(current)
+	} else { // In between the sequence (C)
+		currPre := &sequence{block: current.block, count: precBlocks, next: newSequence}
+		currPost := current
+		currPost.count -= precBlocks
+		newSequence.next = currPost
+		if currPost == head {
+			newHead = currPre
+		} else {
+			previous.next = currPre
+		}
+		// No merging or empty current possible here
+	}
+
+	return newHead
+}
+
+// Removes the current sequence from the list if empty, adjusting the head pointer if needed
+func removeCurrentIfEmpty(head **sequence, previous, current *sequence) {
+	if current.count == 0 {
+		if current == *head {
+			*head = current.next
+		} else {
+			previous.next = current.next
+		}
+	}
+}
+
+// Given a pointer to a sequence, it checks if it can be merged with any following sequences
+// It stops when no more merging is possible.
+// TODO: Optimization: only attempt merge from start to end sequence, no need to scan till the end of the list
+func mergeSequences(seq *sequence) {
+	if seq != nil {
+		// Merge all what possible from seq
+		for seq.next != nil && seq.block == seq.next.block {
+			seq.count += seq.next.count
+			seq.next = seq.next.next
+		}
+		// Move to next
+		mergeSequences(seq.next)
+	}
+}
+
+func getNumBlocks(numBits uint64) uint64 {
+	numBlocks := numBits / uint64(blockLen)
+	if numBits%uint64(blockLen) != 0 {
+		numBlocks++
+	}
+	return numBlocks
+}
+
+func ordinalToPos(ordinal uint64) (uint64, uint64) {
+	return ordinal / 8, ordinal % 8
+}
+
+func posToOrdinal(bytePos, bitPos uint64) uint64 {
+	return bytePos*8 + bitPos
+}
diff --git a/libnetwork/bitseq/sequence_test.go b/libnetwork/bitseq/sequence_test.go
new file mode 100644
index 0000000000000..6ba671ce62019
--- /dev/null
+++ b/libnetwork/bitseq/sequence_test.go
@@ -0,0 +1,1361 @@
+package bitseq
+
+import (
+	"fmt"
+	"math/rand"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/libkv/store"
+	"github.com/docker/libkv/store/boltdb"
+)
+
+var (
+	defaultPrefix = filepath.Join(os.TempDir(), "libnetwork", "test", "bitseq")
+)
+
+func init() {
+	boltdb.Register()
+}
+
+func randomLocalStore() (datastore.DataStore, error) {
+	tmp, err := os.CreateTemp("", "libnetwork-")
+	if err != nil {
+		return nil, fmt.Errorf("Error creating temp file: %v", err)
+	}
+	if err := tmp.Close(); err != nil {
+		return nil, fmt.Errorf("Error closing temp file: %v", err)
+	}
+	return datastore.NewDataStore(datastore.LocalScope, &datastore.ScopeCfg{
+		Client: datastore.ScopeClientCfg{
+			Provider: "boltdb",
+			Address:  filepath.Join(defaultPrefix, filepath.Base(tmp.Name())),
+			Config: &store.Config{
+				Bucket:            "libnetwork",
+				ConnectionTimeout: 3 * time.Second,
+			},
+		},
+	})
+}
+
+func TestSequenceGetAvailableBit(t *testing.T) {
+	input := []struct {
+		head    *sequence
+		from    uint64
+		bytePos uint64
+		bitPos  uint64
+	}{
+		{&sequence{block: 0x0, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0x0, count: 1}, 0, 0, 0},
+		{&sequence{block: 0x0, count: 100}, 0, 0, 0},
+
+		{&sequence{block: 0x80000000, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0x80000000, count: 1}, 0, 0, 1},
+		{&sequence{block: 0x80000000, count: 100}, 0, 0, 1},
+
+		{&sequence{block: 0xFF000000, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFF000000, count: 1}, 0, 1, 0},
+		{&sequence{block: 0xFF000000, count: 100}, 0, 1, 0},
+
+		{&sequence{block: 0xFF800000, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFF800000, count: 1}, 0, 1, 1},
+		{&sequence{block: 0xFF800000, count: 100}, 0, 1, 1},
+
+		{&sequence{block: 0xFFC0FF00, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFC0FF00, count: 1}, 0, 1, 2},
+		{&sequence{block: 0xFFC0FF00, count: 100}, 0, 1, 2},
+
+		{&sequence{block: 0xFFE0FF00, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFE0FF00, count: 1}, 0, 1, 3},
+		{&sequence{block: 0xFFE0FF00, count: 100}, 0, 1, 3},
+
+		{&sequence{block: 0xFFFEFF00, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFEFF00, count: 1}, 0, 1, 7},
+		{&sequence{block: 0xFFFEFF00, count: 100}, 0, 1, 7},
+
+		{&sequence{block: 0xFFFFC0FF, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFC0FF, count: 1}, 0, 2, 2},
+		{&sequence{block: 0xFFFFC0FF, count: 100}, 0, 2, 2},
+
+		{&sequence{block: 0xFFFFFF00, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFFF00, count: 1}, 0, 3, 0},
+		{&sequence{block: 0xFFFFFF00, count: 100}, 0, 3, 0},
+
+		{&sequence{block: 0xFFFFFFFE, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFFFFE, count: 1}, 0, 3, 7},
+		{&sequence{block: 0xFFFFFFFE, count: 100}, 0, 3, 7},
+
+		{&sequence{block: 0xFFFFFFFF, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFFFFF, count: 1}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFFFFF, count: 100}, 0, invalidPos, invalidPos},
+
+		// now test with offset
+		{&sequence{block: 0x0, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0x0, count: 0}, 31, invalidPos, invalidPos},
+		{&sequence{block: 0x0, count: 0}, 32, invalidPos, invalidPos},
+		{&sequence{block: 0x0, count: 1}, 0, 0, 0},
+		{&sequence{block: 0x0, count: 1}, 1, 0, 1},
+		{&sequence{block: 0x0, count: 1}, 31, 3, 7},
+		{&sequence{block: 0xF0FF0000, count: 1}, 0, 0, 4},
+		{&sequence{block: 0xF0FF0000, count: 1}, 8, 2, 0},
+		{&sequence{block: 0xFFFFFFFF, count: 1}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFFFFF, count: 1}, 16, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFFFFF, count: 1}, 31, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFFFFE, count: 1}, 0, 3, 7},
+		{&sequence{block: 0xFFFFFFFF, count: 2}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xFFFFFFFF, count: 2}, 32, invalidPos, invalidPos},
+	}
+
+	for n, i := range input {
+		b, bb, err := i.head.getAvailableBit(i.from)
+		if b != i.bytePos || bb != i.bitPos {
+			t.Fatalf("Error in sequence.getAvailableBit(%d) (%d).\nExp: (%d, %d)\nGot: (%d, %d), err: %v", i.from, n, i.bytePos, i.bitPos, b, bb, err)
+		}
+	}
+}
+
+func TestSequenceEqual(t *testing.T) {
+	input := []struct {
+		first    *sequence
+		second   *sequence
+		areEqual bool
+	}{
+		{&sequence{block: 0x0, count: 8, next: nil}, &sequence{block: 0x0, count: 8}, true},
+		{&sequence{block: 0x0, count: 0, next: nil}, &sequence{block: 0x0, count: 0}, true},
+		{&sequence{block: 0x0, count: 2, next: nil}, &sequence{block: 0x0, count: 1, next: &sequence{block: 0x0, count: 1}}, false},
+		{&sequence{block: 0x0, count: 2, next: &sequence{block: 0x1, count: 1}}, &sequence{block: 0x0, count: 2}, false},
+
+		{&sequence{block: 0x12345678, count: 8, next: nil}, &sequence{block: 0x12345678, count: 8}, true},
+		{&sequence{block: 0x12345678, count: 8, next: nil}, &sequence{block: 0x12345678, count: 9}, false},
+		{&sequence{block: 0x12345678, count: 1, next: &sequence{block: 0xFFFFFFFF, count: 1}}, &sequence{block: 0x12345678, count: 1}, false},
+		{&sequence{block: 0x12345678, count: 1}, &sequence{block: 0x12345678, count: 1, next: &sequence{block: 0xFFFFFFFF, count: 1}}, false},
+	}
+
+	for n, i := range input {
+		if i.areEqual != i.first.equal(i.second) {
+			t.Fatalf("Error in sequence.equal() (%d).\nExp: %t\nGot: %t,", n, i.areEqual, !i.areEqual)
+		}
+	}
+}
+
+func TestSequenceCopy(t *testing.T) {
+	s := getTestSequence()
+	n := s.getCopy()
+	if !s.equal(n) {
+		t.Fatal("copy of s failed")
+	}
+	if n == s {
+		t.Fatal("not true copy of s")
+	}
+}
+
+func TestGetFirstAvailable(t *testing.T) {
+	input := []struct {
+		mask    *sequence
+		bytePos uint64
+		bitPos  uint64
+		start   uint64
+	}{
+		{&sequence{block: 0xffffffff, count: 2048}, invalidPos, invalidPos, 0},
+		{&sequence{block: 0x0, count: 8}, 0, 0, 0},
+		{&sequence{block: 0x80000000, count: 8}, 0, 1, 0},
+		{&sequence{block: 0xC0000000, count: 8}, 0, 2, 0},
+		{&sequence{block: 0xE0000000, count: 8}, 0, 3, 0},
+		{&sequence{block: 0xF0000000, count: 8}, 0, 4, 0},
+		{&sequence{block: 0xF8000000, count: 8}, 0, 5, 0},
+		{&sequence{block: 0xFC000000, count: 8}, 0, 6, 0},
+		{&sequence{block: 0xFE000000, count: 8}, 0, 7, 0},
+		{&sequence{block: 0xFE000000, count: 8}, 3, 0, 24},
+
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x00000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 0, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x80000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 1, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 2, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xE0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 3, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xF0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 4, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xF8000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 5, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFC000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 6, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFE000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 7, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x0E000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 0, 16},
+
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFF000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 0, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFF800000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 1, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFC00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 2, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFE00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 3, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFF00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 4, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFF80000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 5, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFFC0000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 6, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFFE0000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 7, 0},
+
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xfffffffe, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 7, 7, 0},
+
+		{&sequence{block: 0xffffffff, count: 2, next: &sequence{block: 0x0, count: 6}}, 8, 0, 0},
+		{&sequence{block: 0xfffcffff, count: 1, next: &sequence{block: 0x0, count: 6}}, 4, 0, 16},
+		{&sequence{block: 0xfffcffff, count: 1, next: &sequence{block: 0x0, count: 6}}, 1, 7, 15},
+		{&sequence{block: 0xfffcffff, count: 1, next: &sequence{block: 0x0, count: 6}}, 1, 6, 10},
+		{&sequence{block: 0xfffcfffe, count: 1, next: &sequence{block: 0x0, count: 6}}, 3, 7, 31},
+		{&sequence{block: 0xfffcffff, count: 1, next: &sequence{block: 0xffffffff, count: 6}}, invalidPos, invalidPos, 31},
+	}
+
+	for n, i := range input {
+		bytePos, bitPos, _ := getFirstAvailable(i.mask, i.start)
+		if bytePos != i.bytePos || bitPos != i.bitPos {
+			t.Fatalf("Error in (%d) getFirstAvailable(). Expected (%d, %d). Got (%d, %d)", n, i.bytePos, i.bitPos, bytePos, bitPos)
+		}
+	}
+}
+
+func TestFindSequence(t *testing.T) {
+	input := []struct {
+		head           *sequence
+		bytePos        uint64
+		precBlocks     uint64
+		inBlockBytePos uint64
+	}{
+		{&sequence{block: 0xffffffff, count: 0}, 0, 0, invalidPos},
+		{&sequence{block: 0xffffffff, count: 0}, 31, 0, invalidPos},
+		{&sequence{block: 0xffffffff, count: 0}, 100, 0, invalidPos},
+
+		{&sequence{block: 0x0, count: 1}, 0, 0, 0},
+		{&sequence{block: 0x0, count: 1}, 1, 0, 1},
+		{&sequence{block: 0x0, count: 1}, 31, 0, invalidPos},
+		{&sequence{block: 0x0, count: 1}, 60, 0, invalidPos},
+
+		{&sequence{block: 0xffffffff, count: 10}, 0, 0, 0},
+		{&sequence{block: 0xffffffff, count: 10}, 3, 0, 3},
+		{&sequence{block: 0xffffffff, count: 10}, 4, 1, 0},
+		{&sequence{block: 0xffffffff, count: 10}, 7, 1, 3},
+		{&sequence{block: 0xffffffff, count: 10}, 8, 2, 0},
+		{&sequence{block: 0xffffffff, count: 10}, 39, 9, 3},
+
+		{&sequence{block: 0xffffffff, count: 10, next: &sequence{block: 0xcc000000, count: 10}}, 79, 9, 3},
+		{&sequence{block: 0xffffffff, count: 10, next: &sequence{block: 0xcc000000, count: 10}}, 80, 0, invalidPos},
+	}
+
+	for n, i := range input {
+		_, _, precBlocks, inBlockBytePos := findSequence(i.head, i.bytePos)
+		if precBlocks != i.precBlocks || inBlockBytePos != i.inBlockBytePos {
+			t.Fatalf("Error in (%d) findSequence(). Expected (%d, %d). Got (%d, %d)", n, i.precBlocks, i.inBlockBytePos, precBlocks, inBlockBytePos)
+		}
+	}
+}
+
+func TestCheckIfAvailable(t *testing.T) {
+	input := []struct {
+		head    *sequence
+		ordinal uint64
+		bytePos uint64
+		bitPos  uint64
+	}{
+		{&sequence{block: 0xffffffff, count: 0}, 0, invalidPos, invalidPos},
+		{&sequence{block: 0xffffffff, count: 0}, 31, invalidPos, invalidPos},
+		{&sequence{block: 0xffffffff, count: 0}, 100, invalidPos, invalidPos},
+
+		{&sequence{block: 0x0, count: 1}, 0, 0, 0},
+		{&sequence{block: 0x0, count: 1}, 1, 0, 1},
+		{&sequence{block: 0x0, count: 1}, 31, 3, 7},
+		{&sequence{block: 0x0, count: 1}, 60, invalidPos, invalidPos},
+
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x800000ff, count: 1}}, 31, invalidPos, invalidPos},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x800000ff, count: 1}}, 32, invalidPos, invalidPos},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x800000ff, count: 1}}, 33, 4, 1},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC00000ff, count: 1}}, 33, invalidPos, invalidPos},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC00000ff, count: 1}}, 34, 4, 2},
+
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC00000ff, count: 1, next: &sequence{block: 0x0, count: 1}}}, 55, 6, 7},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC00000ff, count: 1, next: &sequence{block: 0x0, count: 1}}}, 56, invalidPos, invalidPos},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC00000ff, count: 1, next: &sequence{block: 0x0, count: 1}}}, 63, invalidPos, invalidPos},
+
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC00000ff, count: 1, next: &sequence{block: 0x0, count: 1}}}, 64, 8, 0},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC00000ff, count: 1, next: &sequence{block: 0x0, count: 1}}}, 95, 11, 7},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC00000ff, count: 1, next: &sequence{block: 0x0, count: 1}}}, 96, invalidPos, invalidPos},
+	}
+
+	for n, i := range input {
+		bytePos, bitPos, err := checkIfAvailable(i.head, i.ordinal)
+		if bytePos != i.bytePos || bitPos != i.bitPos {
+			t.Fatalf("Error in (%d) checkIfAvailable(ord:%d). Expected (%d, %d). Got (%d, %d). err: %v", n, i.ordinal, i.bytePos, i.bitPos, bytePos, bitPos, err)
+		}
+	}
+}
+
+func TestMergeSequences(t *testing.T) {
+	input := []struct {
+		original *sequence
+		merged   *sequence
+	}{
+		{&sequence{block: 0xFE000000, count: 8, next: &sequence{block: 0xFE000000, count: 2}}, &sequence{block: 0xFE000000, count: 10}},
+		{&sequence{block: 0xFFFFFFFF, count: 8, next: &sequence{block: 0xFFFFFFFF, count: 1}}, &sequence{block: 0xFFFFFFFF, count: 9}},
+		{&sequence{block: 0xFFFFFFFF, count: 1, next: &sequence{block: 0xFFFFFFFF, count: 8}}, &sequence{block: 0xFFFFFFFF, count: 9}},
+
+		{&sequence{block: 0xFFFFFFF0, count: 8, next: &sequence{block: 0xFFFFFFF0, count: 1}}, &sequence{block: 0xFFFFFFF0, count: 9}},
+		{&sequence{block: 0xFFFFFFF0, count: 1, next: &sequence{block: 0xFFFFFFF0, count: 8}}, &sequence{block: 0xFFFFFFF0, count: 9}},
+
+		{&sequence{block: 0xFE, count: 8, next: &sequence{block: 0xFE, count: 1, next: &sequence{block: 0xFE, count: 5}}}, &sequence{block: 0xFE, count: 14}},
+		{&sequence{block: 0xFE, count: 8, next: &sequence{block: 0xFE, count: 1, next: &sequence{block: 0xFE, count: 5, next: &sequence{block: 0xFF, count: 1}}}},
+			&sequence{block: 0xFE, count: 14, next: &sequence{block: 0xFF, count: 1}}},
+
+		// No merge
+		{&sequence{block: 0xFE, count: 8, next: &sequence{block: 0xF8, count: 1, next: &sequence{block: 0xFE, count: 5}}},
+			&sequence{block: 0xFE, count: 8, next: &sequence{block: 0xF8, count: 1, next: &sequence{block: 0xFE, count: 5}}}},
+
+		// No merge from head: // Merge function tries to merge from passed head. If it can't merge with next, it does not reattempt with next as head
+		{&sequence{block: 0xFE, count: 8, next: &sequence{block: 0xFF, count: 1, next: &sequence{block: 0xFF, count: 5}}},
+			&sequence{block: 0xFE, count: 8, next: &sequence{block: 0xFF, count: 6}}},
+	}
+
+	for n, i := range input {
+		mergeSequences(i.original)
+		for !i.merged.equal(i.original) {
+			t.Fatalf("Error in (%d) mergeSequences().\nExp: %s\nGot: %s,", n, i.merged.toString(), i.original.toString())
+		}
+	}
+}
+
+func TestPushReservation(t *testing.T) {
+	input := []struct {
+		mask    *sequence
+		bytePos uint64
+		bitPos  uint64
+		newMask *sequence
+	}{
+		// Create first sequence and fill in 8 addresses starting from address 0
+		{&sequence{block: 0x0, count: 8, next: nil}, 0, 0, &sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 7, next: nil}}},
+		{&sequence{block: 0x80000000, count: 8}, 0, 1, &sequence{block: 0xC0000000, count: 1, next: &sequence{block: 0x80000000, count: 7, next: nil}}},
+		{&sequence{block: 0xC0000000, count: 8}, 0, 2, &sequence{block: 0xE0000000, count: 1, next: &sequence{block: 0xC0000000, count: 7, next: nil}}},
+		{&sequence{block: 0xE0000000, count: 8}, 0, 3, &sequence{block: 0xF0000000, count: 1, next: &sequence{block: 0xE0000000, count: 7, next: nil}}},
+		{&sequence{block: 0xF0000000, count: 8}, 0, 4, &sequence{block: 0xF8000000, count: 1, next: &sequence{block: 0xF0000000, count: 7, next: nil}}},
+		{&sequence{block: 0xF8000000, count: 8}, 0, 5, &sequence{block: 0xFC000000, count: 1, next: &sequence{block: 0xF8000000, count: 7, next: nil}}},
+		{&sequence{block: 0xFC000000, count: 8}, 0, 6, &sequence{block: 0xFE000000, count: 1, next: &sequence{block: 0xFC000000, count: 7, next: nil}}},
+		{&sequence{block: 0xFE000000, count: 8}, 0, 7, &sequence{block: 0xFF000000, count: 1, next: &sequence{block: 0xFE000000, count: 7, next: nil}}},
+
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 7}}, 0, 1, &sequence{block: 0xC0000000, count: 1, next: &sequence{block: 0x0, count: 7, next: nil}}},
+
+		// Create second sequence and fill in 8 addresses starting from address 32
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x00000000, count: 1, next: &sequence{block: 0xffffffff, count: 6, next: nil}}}, 4, 0,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x80000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x80000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 1,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xC0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 2,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xE0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xE0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 3,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xF0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xF0000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 4,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xF8000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xF8000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 5,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFC000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFC000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 6,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFE000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFE000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 4, 7,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFF000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		// fill in 8 addresses starting from address 40
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFF000000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 0,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFF800000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFF800000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 1,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFC00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFC00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 2,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFE00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFE00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 3,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFF00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFF00000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 4,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFF80000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFF80000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 5,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFFC0000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFFC0000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 6,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFFE0000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFFE0000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}, 5, 7,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xFFFF0000, count: 1, next: &sequence{block: 0xffffffff, count: 6}}}},
+
+		// Insert new sequence
+		{&sequence{block: 0xffffffff, count: 2, next: &sequence{block: 0x0, count: 6}}, 8, 0,
+			&sequence{block: 0xffffffff, count: 2, next: &sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 5}}}},
+		{&sequence{block: 0xffffffff, count: 2, next: &sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 5}}}, 8, 1,
+			&sequence{block: 0xffffffff, count: 2, next: &sequence{block: 0xC0000000, count: 1, next: &sequence{block: 0x0, count: 5}}}},
+
+		// Merge affected with next
+		{&sequence{block: 0xffffffff, count: 7, next: &sequence{block: 0xfffffffe, count: 2, next: &sequence{block: 0xffffffff, count: 1}}}, 31, 7,
+			&sequence{block: 0xffffffff, count: 8, next: &sequence{block: 0xfffffffe, count: 1, next: &sequence{block: 0xffffffff, count: 1}}}},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xfffffffc, count: 1, next: &sequence{block: 0xfffffffe, count: 6}}}, 7, 6,
+			&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xfffffffe, count: 7}}},
+
+		// Merge affected with next and next.next
+		{&sequence{block: 0xffffffff, count: 7, next: &sequence{block: 0xfffffffe, count: 1, next: &sequence{block: 0xffffffff, count: 1}}}, 31, 7,
+			&sequence{block: 0xffffffff, count: 9}},
+		{&sequence{block: 0xffffffff, count: 7, next: &sequence{block: 0xfffffffe, count: 1}}, 31, 7,
+			&sequence{block: 0xffffffff, count: 8}},
+
+		// Merge affected with previous and next
+		{&sequence{block: 0xffffffff, count: 7, next: &sequence{block: 0xfffffffe, count: 1, next: &sequence{block: 0xffffffff, count: 1}}}, 31, 7,
+			&sequence{block: 0xffffffff, count: 9}},
+
+		// Redundant push: No change
+		{&sequence{block: 0xffff0000, count: 1}, 0, 0, &sequence{block: 0xffff0000, count: 1}},
+		{&sequence{block: 0xffff0000, count: 7}, 25, 7, &sequence{block: 0xffff0000, count: 7}},
+		{&sequence{block: 0xffffffff, count: 7, next: &sequence{block: 0xfffffffe, count: 1, next: &sequence{block: 0xffffffff, count: 1}}}, 7, 7,
+			&sequence{block: 0xffffffff, count: 7, next: &sequence{block: 0xfffffffe, count: 1, next: &sequence{block: 0xffffffff, count: 1}}}},
+
+		// Set last bit
+		{&sequence{block: 0x0, count: 8}, 31, 7, &sequence{block: 0x0, count: 7, next: &sequence{block: 0x1, count: 1}}},
+
+		// Set bit in a middle sequence in the first block, first bit
+		{&sequence{block: 0x40000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 4, 0,
+			&sequence{block: 0x40000000, count: 1, next: &sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 5,
+				next: &sequence{block: 0x1, count: 1}}}}},
+
+		// Set bit in a middle sequence in the first block, first bit (merge involved)
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 4, 0,
+			&sequence{block: 0x80000000, count: 2, next: &sequence{block: 0x0, count: 5, next: &sequence{block: 0x1, count: 1}}}},
+
+		// Set bit in a middle sequence in the first block, last bit
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 4, 31,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x1, count: 1, next: &sequence{block: 0x0, count: 5,
+				next: &sequence{block: 0x1, count: 1}}}}},
+
+		// Set bit in a middle sequence in the first block, middle bit
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 4, 16,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x8000, count: 1, next: &sequence{block: 0x0, count: 5,
+				next: &sequence{block: 0x1, count: 1}}}}},
+
+		// Set bit in a middle sequence in a middle block, first bit
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 16, 0,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 3, next: &sequence{block: 0x80000000, count: 1,
+				next: &sequence{block: 0x0, count: 2, next: &sequence{block: 0x1, count: 1}}}}}},
+
+		// Set bit in a middle sequence in a middle block, last bit
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 16, 31,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 3, next: &sequence{block: 0x1, count: 1,
+				next: &sequence{block: 0x0, count: 2, next: &sequence{block: 0x1, count: 1}}}}}},
+
+		// Set bit in a middle sequence in a middle block, middle bit
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 16, 15,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 3, next: &sequence{block: 0x10000, count: 1,
+				next: &sequence{block: 0x0, count: 2, next: &sequence{block: 0x1, count: 1}}}}}},
+
+		// Set bit in a middle sequence in the last block, first bit
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 24, 0,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 5, next: &sequence{block: 0x80000000, count: 1,
+				next: &sequence{block: 0x1, count: 1}}}}},
+
+		// Set bit in a middle sequence in the last block, last bit
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x4, count: 1}}}, 24, 31,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 5, next: &sequence{block: 0x1, count: 1,
+				next: &sequence{block: 0x4, count: 1}}}}},
+
+		// Set bit in a middle sequence in the last block, last bit (merge involved)
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 24, 31,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 5, next: &sequence{block: 0x1, count: 2}}}},
+
+		// Set bit in a middle sequence in the last block, middle bit
+		{&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 6, next: &sequence{block: 0x1, count: 1}}}, 24, 16,
+			&sequence{block: 0x80000000, count: 1, next: &sequence{block: 0x0, count: 5, next: &sequence{block: 0x8000, count: 1,
+				next: &sequence{block: 0x1, count: 1}}}}},
+	}
+
+	for n, i := range input {
+		mask := pushReservation(i.bytePos, i.bitPos, i.mask, false)
+		if !mask.equal(i.newMask) {
+			t.Fatalf("Error in (%d) pushReservation():\n%s + (%d,%d):\nExp: %s\nGot: %s,",
+				n, i.mask.toString(), i.bytePos, i.bitPos, i.newMask.toString(), mask.toString())
+		}
+	}
+}
+
+func TestSerializeDeserialize(t *testing.T) {
+	s := getTestSequence()
+
+	data, err := s.toByteArray()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	r := &sequence{}
+	err = r.fromByteArray(data)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !s.equal(r) {
+		t.Fatalf("Sequences are different: \n%v\n%v", s, r)
+	}
+}
+
+func getTestSequence() *sequence {
+	// Returns a custom sequence of 1024 * 32 bits
+	return &sequence{
+		block: 0xFFFFFFFF,
+		count: 100,
+		next: &sequence{
+			block: 0xFFFFFFFE,
+			count: 1,
+			next: &sequence{
+				block: 0xFF000000,
+				count: 10,
+				next: &sequence{
+					block: 0xFFFFFFFF,
+					count: 50,
+					next: &sequence{
+						block: 0xFFFFFFFC,
+						count: 1,
+						next: &sequence{
+							block: 0xFF800000,
+							count: 1,
+							next: &sequence{
+								block: 0xFFFFFFFF,
+								count: 87,
+								next: &sequence{
+									block: 0x0,
+									count: 150,
+									next: &sequence{
+										block: 0xFFFFFFFF,
+										count: 200,
+										next: &sequence{
+											block: 0x0000FFFF,
+											count: 1,
+											next: &sequence{
+												block: 0x0,
+												count: 399,
+												next: &sequence{
+													block: 0xFFFFFFFF,
+													count: 23,
+													next: &sequence{
+														block: 0x1,
+														count: 1,
+													},
+												},
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func TestSet(t *testing.T) {
+	hnd, err := NewHandle("", nil, "", 1024*32)
+	if err != nil {
+		t.Fatal(err)
+	}
+	hnd.head = getTestSequence()
+
+	firstAv := uint64(32*100 + 31)
+	last := uint64(1024*32 - 1)
+
+	if hnd.IsSet(100000) {
+		t.Fatal("IsSet() returned wrong result")
+	}
+
+	if !hnd.IsSet(0) {
+		t.Fatal("IsSet() returned wrong result")
+	}
+
+	if hnd.IsSet(firstAv) {
+		t.Fatal("IsSet() returned wrong result")
+	}
+
+	if !hnd.IsSet(last) {
+		t.Fatal("IsSet() returned wrong result")
+	}
+
+	if err := hnd.Set(0); err == nil {
+		t.Fatal("Expected failure, but succeeded")
+	}
+
+	os, err := hnd.SetAny(false)
+	if err != nil {
+		t.Fatalf("Unexpected failure: %v", err)
+	}
+	if os != firstAv {
+		t.Fatalf("SetAny returned unexpected ordinal. Expected %d. Got %d.", firstAv, os)
+	}
+	if !hnd.IsSet(firstAv) {
+		t.Fatal("IsSet() returned wrong result")
+	}
+
+	if err := hnd.Unset(firstAv); err != nil {
+		t.Fatalf("Unexpected failure: %v", err)
+	}
+
+	if hnd.IsSet(firstAv) {
+		t.Fatal("IsSet() returned wrong result")
+	}
+
+	if err := hnd.Set(firstAv); err != nil {
+		t.Fatalf("Unexpected failure: %v", err)
+	}
+
+	if err := hnd.Set(last); err == nil {
+		t.Fatal("Expected failure, but succeeded")
+	}
+}
+
+func TestSetUnset(t *testing.T) {
+	numBits := uint64(32 * blockLen)
+	hnd, err := NewHandle("", nil, "", numBits)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := hnd.Set(uint64(32 * blockLen)); err == nil {
+		t.Fatal("Expected failure, but succeeded")
+	}
+	if err := hnd.Unset(uint64(32 * blockLen)); err == nil {
+		t.Fatal("Expected failure, but succeeded")
+	}
+
+	// set and unset all one by one
+	for hnd.Unselected() > 0 {
+		if _, err := hnd.SetAny(false); err != nil {
+			t.Fatal(err)
+		}
+	}
+	if _, err := hnd.SetAny(false); err != ErrNoBitAvailable {
+		t.Fatal("Expected error. Got success")
+	}
+	if _, err := hnd.SetAnyInRange(10, 20, false); err != ErrNoBitAvailable {
+		t.Fatal("Expected error. Got success")
+	}
+	if err := hnd.Set(50); err != ErrBitAllocated {
+		t.Fatalf("Expected error. Got %v: %s", err, hnd)
+	}
+	i := uint64(0)
+	for hnd.Unselected() < numBits {
+		if err := hnd.Unset(i); err != nil {
+			t.Fatal(err)
+		}
+		i++
+	}
+}
+
+func TestOffsetSetUnset(t *testing.T) {
+	numBits := uint64(32 * blockLen)
+	var o uint64
+	hnd, err := NewHandle("", nil, "", numBits)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// set and unset all one by one
+	for hnd.Unselected() > 0 {
+		if _, err := hnd.SetAny(false); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if _, err := hnd.SetAny(false); err != ErrNoBitAvailable {
+		t.Fatal("Expected error. Got success")
+	}
+
+	if _, err := hnd.SetAnyInRange(10, 20, false); err != ErrNoBitAvailable {
+		t.Fatal("Expected error. Got success")
+	}
+
+	if err := hnd.Unset(288); err != nil {
+		t.Fatal(err)
+	}
+
+	//At this point sequence is (0xffffffff, 9)->(0x7fffffff, 1)->(0xffffffff, 22)->end
+	if o, err = hnd.SetAnyInRange(32, 500, false); err != nil {
+		t.Fatal(err)
+	}
+
+	if o != 288 {
+		t.Fatalf("Expected ordinal not received, Received:%d", o)
+	}
+}
+
+func TestSetInRange(t *testing.T) {
+	numBits := uint64(1024 * blockLen)
+	hnd, err := NewHandle("", nil, "", numBits)
+	if err != nil {
+		t.Fatal(err)
+	}
+	hnd.head = getTestSequence()
+
+	firstAv := uint64(100*blockLen + blockLen - 1)
+
+	if o, err := hnd.SetAnyInRange(4, 3, false); err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+
+	if o, err := hnd.SetAnyInRange(0, numBits, false); err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+
+	o, err := hnd.SetAnyInRange(100*uint64(blockLen), 101*uint64(blockLen), false)
+	if err != nil {
+		t.Fatalf("Unexpected failure: (%d, %v)", o, err)
+	}
+	if o != firstAv {
+		t.Fatalf("Unexpected ordinal: %d", o)
+	}
+
+	if o, err := hnd.SetAnyInRange(0, uint64(blockLen), false); err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+
+	if o, err := hnd.SetAnyInRange(0, firstAv-1, false); err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+
+	if o, err := hnd.SetAnyInRange(111*uint64(blockLen), 161*uint64(blockLen), false); err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+
+	o, err = hnd.SetAnyInRange(161*uint64(blockLen), 162*uint64(blockLen), false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 161*uint64(blockLen)+30 {
+		t.Fatalf("Unexpected ordinal: %d", o)
+	}
+
+	o, err = hnd.SetAnyInRange(161*uint64(blockLen), 162*uint64(blockLen), false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 161*uint64(blockLen)+31 {
+		t.Fatalf("Unexpected ordinal: %d", o)
+	}
+
+	o, err = hnd.SetAnyInRange(161*uint64(blockLen), 162*uint64(blockLen), false)
+	if err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+
+	if _, err := hnd.SetAnyInRange(0, numBits-1, false); err != nil {
+		t.Fatalf("Unexpected failure: %v", err)
+	}
+
+	// set one bit using the set range with 1 bit size range
+	if _, err := hnd.SetAnyInRange(uint64(163*blockLen-1), uint64(163*blockLen-1), false); err != nil {
+		t.Fatal(err)
+	}
+
+	// create a non multiple of 32 mask
+	hnd, err = NewHandle("", nil, "", 30)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// set all bit in the first range
+	for hnd.Unselected() > 22 {
+		if o, err := hnd.SetAnyInRange(0, 7, false); err != nil {
+			t.Fatalf("Unexpected failure: (%d, %v)", o, err)
+		}
+	}
+	// try one more set, which should fail
+	o, err = hnd.SetAnyInRange(0, 7, false)
+	if err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+	if err != ErrNoBitAvailable {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+
+	// set all bit in a second range
+	for hnd.Unselected() > 14 {
+		if o, err := hnd.SetAnyInRange(8, 15, false); err != nil {
+			t.Fatalf("Unexpected failure: (%d, %v)", o, err)
+		}
+	}
+
+	// try one more set, which should fail
+	o, err = hnd.SetAnyInRange(0, 15, false)
+	if err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+	if err != ErrNoBitAvailable {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+
+	// set all bit in a range which includes the last bit
+	for hnd.Unselected() > 12 {
+		if o, err := hnd.SetAnyInRange(28, 29, false); err != nil {
+			t.Fatalf("Unexpected failure: (%d, %v)", o, err)
+		}
+	}
+	o, err = hnd.SetAnyInRange(28, 29, false)
+	if err == nil {
+		t.Fatalf("Expected failure. Got success with ordinal:%d", o)
+	}
+	if err != ErrNoBitAvailable {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+}
+
+// This one tests an allocation pattern which unveiled an issue in pushReservation
+// Specifically a failure in detecting when we are in the (B) case (the bit to set
+// belongs to the last block of the current sequence). Because of a bug, code
+// was assuming the bit belonged to a block in the middle of the current sequence.
+// Which in turn caused an incorrect allocation when requesting a bit which is not
+// in the first or last sequence block.
+func TestSetAnyInRange(t *testing.T) {
+	numBits := uint64(8 * blockLen)
+	hnd, err := NewHandle("", nil, "", numBits)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := hnd.Set(0); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := hnd.Set(255); err != nil {
+		t.Fatal(err)
+	}
+
+	o, err := hnd.SetAnyInRange(128, 255, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 128 {
+		t.Fatalf("Unexpected ordinal: %d", o)
+	}
+
+	o, err = hnd.SetAnyInRange(128, 255, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if o != 129 {
+		t.Fatalf("Unexpected ordinal: %d", o)
+	}
+
+	o, err = hnd.SetAnyInRange(246, 255, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 246 {
+		t.Fatalf("Unexpected ordinal: %d", o)
+	}
+
+	o, err = hnd.SetAnyInRange(246, 255, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 247 {
+		t.Fatalf("Unexpected ordinal: %d", o)
+	}
+}
+
+func TestMethods(t *testing.T) {
+	numBits := uint64(256 * blockLen)
+	hnd, err := NewHandle("path/to/data", nil, "sequence1", numBits)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if hnd.Bits() != numBits {
+		t.Fatalf("Unexpected bit number: %d", hnd.Bits())
+	}
+
+	if hnd.Unselected() != numBits {
+		t.Fatalf("Unexpected bit number: %d", hnd.Unselected())
+	}
+
+	exp := "(0x0, 256)->end"
+	if hnd.head.toString() != exp {
+		t.Fatalf("Unexpected sequence string: %s", hnd.head.toString())
+	}
+
+	for i := 0; i < 192; i++ {
+		_, err := hnd.SetAny(false)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	exp = "(0xffffffff, 6)->(0x0, 250)->end"
+	if hnd.head.toString() != exp {
+		t.Fatalf("Unexpected sequence string: %s", hnd.head.toString())
+	}
+}
+
+func TestRandomAllocateDeallocate(t *testing.T) {
+	ds, err := randomLocalStore()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	numBits := int(16 * blockLen)
+	hnd, err := NewHandle("bitseq-test/data/", ds, "test1", uint64(numBits))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	seed := time.Now().Unix()
+	rand.Seed(seed)
+
+	// Allocate all bits using a random pattern
+	pattern := rand.Perm(numBits)
+	for _, bit := range pattern {
+		err := hnd.Set(uint64(bit))
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation of %d: %v.\nSeed: %d.\n%s", bit, err, seed, hnd)
+		}
+	}
+	if hnd.Unselected() != 0 {
+		t.Fatalf("Expected full sequence. Instead found %d free bits. Seed: %d.\n%s", hnd.unselected, seed, hnd)
+	}
+	if hnd.head.toString() != "(0xffffffff, 16)->end" {
+		t.Fatalf("Unexpected db: %s", hnd.head.toString())
+	}
+
+	// Deallocate all bits using a random pattern
+	pattern = rand.Perm(numBits)
+	for _, bit := range pattern {
+		err := hnd.Unset(uint64(bit))
+		if err != nil {
+			t.Fatalf("Unexpected failure on deallocation of %d: %v.\nSeed: %d.\n%s", bit, err, seed, hnd)
+		}
+	}
+	if hnd.Unselected() != uint64(numBits) {
+		t.Fatalf("Expected full sequence. Instead found %d free bits. Seed: %d.\n%s", hnd.unselected, seed, hnd)
+	}
+	if hnd.head.toString() != "(0x0, 16)->end" {
+		t.Fatalf("Unexpected db: %s", hnd.head.toString())
+	}
+
+	err = hnd.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestAllocateRandomDeallocate(t *testing.T) {
+	ds, err := randomLocalStore()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	numBlocks := uint32(8)
+	numBits := int(numBlocks * blockLen)
+	hnd, err := NewHandle(filepath.Join("bitseq", "test", "data"), ds, "test1", uint64(numBits))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := &sequence{block: 0xffffffff, count: uint64(numBlocks / 2), next: &sequence{block: 0x0, count: uint64(numBlocks / 2)}}
+
+	// Allocate first half of the bits
+	for i := 0; i < numBits/2; i++ {
+		_, err := hnd.SetAny(false)
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation %d: %v\n%s", i, err, hnd)
+		}
+	}
+	if hnd.Unselected() != uint64(numBits/2) {
+		t.Fatalf("Expected full sequence. Instead found %d free bits. %s", hnd.unselected, hnd)
+	}
+	if !hnd.head.equal(expected) {
+		t.Fatalf("Unexpected sequence. Got:\n%s", hnd)
+	}
+
+	seed := time.Now().Unix()
+	rand.Seed(seed)
+
+	// Deallocate half of the allocated bits following a random pattern
+	pattern := rand.Perm(numBits / 2)
+	for i := 0; i < numBits/4; i++ {
+		bit := pattern[i]
+		err := hnd.Unset(uint64(bit))
+		if err != nil {
+			t.Fatalf("Unexpected failure on deallocation of %d: %v.\nSeed: %d.\n%s", bit, err, seed, hnd)
+		}
+	}
+	if hnd.Unselected() != uint64(3*numBits/4) {
+		t.Fatalf("Expected full sequence. Instead found %d free bits.\nSeed: %d.\n%s", hnd.unselected, seed, hnd)
+	}
+
+	// Request a quarter of bits
+	for i := 0; i < numBits/4; i++ {
+		_, err := hnd.SetAny(false)
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation %d: %v\nSeed: %d\n%s", i, err, seed, hnd)
+		}
+	}
+	if hnd.Unselected() != uint64(numBits/2) {
+		t.Fatalf("Expected half sequence. Instead found %d free bits.\nSeed: %d\n%s", hnd.unselected, seed, hnd)
+	}
+	if !hnd.head.equal(expected) {
+		t.Fatalf("Unexpected sequence. Got:\n%s", hnd)
+	}
+
+	err = hnd.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestAllocateRandomDeallocateSerialize(t *testing.T) {
+	ds, err := randomLocalStore()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	numBlocks := uint32(8)
+	numBits := int(numBlocks * blockLen)
+	hnd, err := NewHandle("bitseq-test/data/", ds, "test1", uint64(numBits))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := &sequence{block: 0xffffffff, count: uint64(numBlocks / 2), next: &sequence{block: 0x0, count: uint64(numBlocks / 2)}}
+
+	// Allocate first half of the bits
+	for i := 0; i < numBits/2; i++ {
+		_, err := hnd.SetAny(true)
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation %d: %v\n%s", i, err, hnd)
+		}
+	}
+
+	if hnd.Unselected() != uint64(numBits/2) {
+		t.Fatalf("Expected full sequence. Instead found %d free bits. %s", hnd.unselected, hnd)
+	}
+	if !hnd.head.equal(expected) {
+		t.Fatalf("Unexpected sequence. Got:\n%s", hnd)
+	}
+
+	seed := time.Now().Unix()
+	rand.Seed(seed)
+
+	// Deallocate half of the allocated bits following a random pattern
+	pattern := rand.Perm(numBits / 2)
+	for i := 0; i < numBits/4; i++ {
+		bit := pattern[i]
+		err := hnd.Unset(uint64(bit))
+		if err != nil {
+			t.Fatalf("Unexpected failure on deallocation of %d: %v.\nSeed: %d.\n%s", bit, err, seed, hnd)
+		}
+	}
+	if hnd.Unselected() != uint64(3*numBits/4) {
+		t.Fatalf("Expected full sequence. Instead found %d free bits.\nSeed: %d.\n%s", hnd.unselected, seed, hnd)
+	}
+
+	// Request a quarter of bits
+	for i := 0; i < numBits/4; i++ {
+		_, err := hnd.SetAny(true)
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation %d: %v\nSeed: %d\n%s", i, err, seed, hnd)
+		}
+	}
+	if hnd.Unselected() != uint64(numBits/2) {
+		t.Fatalf("Expected half sequence. Instead found %d free bits.\nSeed: %d\n%s", hnd.unselected, seed, hnd)
+	}
+
+	err = hnd.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestRetrieveFromStore(t *testing.T) {
+	ds, err := randomLocalStore()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	numBits := int(8 * blockLen)
+	hnd, err := NewHandle("bitseq-test/data/", ds, "test1", uint64(numBits))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Allocate first half of the bits
+	for i := 0; i < numBits/2; i++ {
+		_, err := hnd.SetAny(false)
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation %d: %v\n%s", i, err, hnd)
+		}
+	}
+	hnd0 := hnd.String()
+
+	// Retrieve same handle
+	hnd, err = NewHandle("bitseq-test/data/", ds, "test1", uint64(numBits))
+	if err != nil {
+		t.Fatal(err)
+	}
+	hnd1 := hnd.String()
+
+	if hnd1 != hnd0 {
+		t.Fatalf("%v\n%v", hnd0, hnd1)
+	}
+
+	err = hnd.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestIsCorrupted(t *testing.T) {
+	ds, err := randomLocalStore()
+	if err != nil {
+		t.Fatal(err)
+	}
+	// Negative test
+	hnd, err := NewHandle("bitseq-test/data/", ds, "test_corrupted", 1024)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if hnd.runConsistencyCheck() {
+		t.Fatalf("Unexpected corrupted for %s", hnd)
+	}
+
+	if err := hnd.CheckConsistency(); err != nil {
+		t.Fatal(err)
+	}
+
+	hnd.Set(0)
+	if hnd.runConsistencyCheck() {
+		t.Fatalf("Unexpected corrupted for %s", hnd)
+	}
+
+	hnd.Set(1023)
+	if hnd.runConsistencyCheck() {
+		t.Fatalf("Unexpected corrupted for %s", hnd)
+	}
+
+	if err := hnd.CheckConsistency(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Try real corrupted ipam handles found in the local store files reported by three docker users,
+	// plus a generic ipam handle from docker 1.9.1. This last will fail as well, because of how the
+	// last node in the sequence is expressed (This is true for IPAM handle only, because of the broadcast
+	// address reservation: last bit). This will allow an application using bitseq that runs a consistency
+	// check to detect and replace the 1.9.0/1 old vulnerable handle with the new one.
+	input := []*Handle{
+		{
+			id:         "LocalDefault/172.17.0.0/16",
+			bits:       65536,
+			unselected: 65412,
+			head: &sequence{
+				block: 0xffffffff,
+				count: 3,
+				next: &sequence{
+					block: 0xffffffbf,
+					count: 0,
+					next: &sequence{
+						block: 0xfe98816e,
+						count: 1,
+						next: &sequence{
+							block: 0xffffffff,
+							count: 0,
+							next: &sequence{
+								block: 0xe3bc0000,
+								count: 1,
+								next: &sequence{
+									block: 0x0,
+									count: 2042,
+									next: &sequence{
+										block: 0x1, count: 1,
+										next: &sequence{
+											block: 0x0, count: 0,
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			id:         "LocalDefault/172.17.0.0/16",
+			bits:       65536,
+			unselected: 65319,
+			head: &sequence{
+				block: 0xffffffff,
+				count: 7,
+				next: &sequence{
+					block: 0xffffff7f,
+					count: 0,
+					next: &sequence{
+						block: 0xffffffff,
+						count: 0,
+						next: &sequence{
+							block: 0x2000000,
+							count: 1,
+							next: &sequence{
+								block: 0x0,
+								count: 2039,
+								next: &sequence{
+									block: 0x1,
+									count: 1,
+									next: &sequence{
+										block: 0x0,
+										count: 0,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			id:         "LocalDefault/172.17.0.0/16",
+			bits:       65536,
+			unselected: 65456,
+			head: &sequence{
+				block: 0xffffffff, count: 2,
+				next: &sequence{
+					block: 0xfffbffff, count: 0,
+					next: &sequence{
+						block: 0xffd07000, count: 1,
+						next: &sequence{
+							block: 0x0, count: 333,
+							next: &sequence{
+								block: 0x40000000, count: 1,
+								next: &sequence{
+									block: 0x0, count: 1710,
+									next: &sequence{
+										block: 0x1, count: 1,
+										next: &sequence{
+											block: 0x0, count: 0,
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for idx, hnd := range input {
+		if !hnd.runConsistencyCheck() {
+			t.Fatalf("Expected corrupted for (%d): %s", idx, hnd)
+		}
+		if hnd.runConsistencyCheck() {
+			t.Fatalf("Sequence still marked corrupted (%d): %s", idx, hnd)
+		}
+	}
+}
+
+func testSetRollover(t *testing.T, serial bool) {
+	ds, err := randomLocalStore()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	numBlocks := uint32(8)
+	numBits := int(numBlocks * blockLen)
+	hnd, err := NewHandle("bitseq-test/data/", ds, "test1", uint64(numBits))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Allocate first half of the bits
+	for i := 0; i < numBits/2; i++ {
+		_, err := hnd.SetAny(serial)
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation %d: %v\n%s", i, err, hnd)
+		}
+	}
+
+	if hnd.Unselected() != uint64(numBits/2) {
+		t.Fatalf("Expected full sequence. Instead found %d free bits. %s", hnd.unselected, hnd)
+	}
+
+	seed := time.Now().Unix()
+	rand.Seed(seed)
+
+	// Deallocate half of the allocated bits following a random pattern
+	pattern := rand.Perm(numBits / 2)
+	for i := 0; i < numBits/4; i++ {
+		bit := pattern[i]
+		err := hnd.Unset(uint64(bit))
+		if err != nil {
+			t.Fatalf("Unexpected failure on deallocation of %d: %v.\nSeed: %d.\n%s", bit, err, seed, hnd)
+		}
+	}
+	if hnd.Unselected() != uint64(3*numBits/4) {
+		t.Fatalf("Unexpected free bits: found %d free bits.\nSeed: %d.\n%s", hnd.unselected, seed, hnd)
+	}
+
+	//request to allocate for remaining half of the bits
+	for i := 0; i < numBits/2; i++ {
+		_, err := hnd.SetAny(serial)
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation %d: %v\nSeed: %d\n%s", i, err, seed, hnd)
+		}
+	}
+
+	//At this point all the bits must be allocated except the randomly unallocated bits
+	//which were unallocated in the first half of the bit sequence
+	if hnd.Unselected() != uint64(numBits/4) {
+		t.Fatalf("Unexpected number of unselected bits %d, Expected %d", hnd.Unselected(), numBits/4)
+	}
+
+	for i := 0; i < numBits/4; i++ {
+		_, err := hnd.SetAny(serial)
+		if err != nil {
+			t.Fatalf("Unexpected failure on allocation %d: %v\nSeed: %d\n%s", i, err, seed, hnd)
+		}
+	}
+	//Now requesting to allocate the unallocated random bits (qurter of the number of bits) should
+	//leave no more bits that can be allocated.
+	if hnd.Unselected() != 0 {
+		t.Fatalf("Unexpected number of unselected bits %d, Expected %d", hnd.Unselected(), 0)
+	}
+
+	err = hnd.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestSetRollover(t *testing.T) {
+	testSetRollover(t, false)
+}
+
+func TestSetRolloverSerial(t *testing.T) {
+	testSetRollover(t, true)
+}
+
+func TestGetFirstAvailableFromCurrent(t *testing.T) {
+	input := []struct {
+		mask    *sequence
+		bytePos uint64
+		bitPos  uint64
+		start   uint64
+		curr    uint64
+		end     uint64
+	}{
+		{&sequence{block: 0xffffffff, count: 2048}, invalidPos, invalidPos, 0, 0, 65536},
+		{&sequence{block: 0x0, count: 8}, 0, 0, 0, 0, 256},
+		{&sequence{block: 0x80000000, count: 8}, 1, 0, 0, 8, 256},
+		{&sequence{block: 0xC0000000, count: 8}, 0, 2, 0, 2, 256},
+		{&sequence{block: 0xE0000000, count: 8}, 0, 3, 0, 0, 256},
+		{&sequence{block: 0xFFFB1FFF, count: 8}, 2, 0, 14, 0, 256},
+		{&sequence{block: 0xFFFFFFFE, count: 8}, 3, 7, 0, 0, 256},
+
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0x00000000, count: 1, next: &sequence{block: 0xffffffff, count: 14}}}, 4, 0, 0, 32, 512},
+		{&sequence{block: 0xfffeffff, count: 1, next: &sequence{block: 0xffffffff, count: 15}}, 1, 7, 0, 16, 512},
+		{&sequence{block: 0xfffeffff, count: 15, next: &sequence{block: 0xffffffff, count: 1}}, 5, 7, 0, 16, 512},
+		{&sequence{block: 0xfffeffff, count: 15, next: &sequence{block: 0xffffffff, count: 1}}, 9, 7, 0, 48, 512},
+		{&sequence{block: 0xffffffff, count: 2, next: &sequence{block: 0xffffffef, count: 14}}, 19, 3, 0, 124, 512},
+		{&sequence{block: 0xfffeffff, count: 15, next: &sequence{block: 0x0fffffff, count: 1}}, 60, 0, 0, 480, 512},
+		{&sequence{block: 0xffffffff, count: 1, next: &sequence{block: 0xfffeffff, count: 14, next: &sequence{block: 0xffffffff, count: 1}}}, 17, 7, 0, 124, 512},
+		{&sequence{block: 0xfffffffb, count: 1, next: &sequence{block: 0xffffffff, count: 14, next: &sequence{block: 0xffffffff, count: 1}}}, 3, 5, 0, 124, 512},
+		{&sequence{block: 0xfffffffb, count: 1, next: &sequence{block: 0xfffeffff, count: 14, next: &sequence{block: 0xffffffff, count: 1}}}, 13, 7, 0, 80, 512},
+	}
+
+	for n, i := range input {
+		bytePos, bitPos, _ := getAvailableFromCurrent(i.mask, i.start, i.curr, i.end)
+		if bytePos != i.bytePos || bitPos != i.bitPos {
+			t.Fatalf("Error in (%d) getFirstAvailable(). Expected (%d, %d). Got (%d, %d)", n, i.bytePos, i.bitPos, bytePos, bitPos)
+		}
+	}
+}
diff --git a/libnetwork/bitseq/store.go b/libnetwork/bitseq/store.go
new file mode 100644
index 0000000000000..30657123e5f71
--- /dev/null
+++ b/libnetwork/bitseq/store.go
@@ -0,0 +1,130 @@
+package bitseq
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/types"
+)
+
+// Key provides the Key to be used in KV Store
+func (h *Handle) Key() []string {
+	h.Lock()
+	defer h.Unlock()
+	return []string{h.app, h.id}
+}
+
+// KeyPrefix returns the immediate parent key that can be used for tree walk
+func (h *Handle) KeyPrefix() []string {
+	h.Lock()
+	defer h.Unlock()
+	return []string{h.app}
+}
+
+// Value marshals the data to be stored in the KV store
+func (h *Handle) Value() []byte {
+	b, err := json.Marshal(h)
+	if err != nil {
+		return nil
+	}
+	return b
+}
+
+// SetValue unmarshals the data from the KV store
+func (h *Handle) SetValue(value []byte) error {
+	return json.Unmarshal(value, h)
+}
+
+// Index returns the latest DB Index as seen by this object
+func (h *Handle) Index() uint64 {
+	h.Lock()
+	defer h.Unlock()
+	return h.dbIndex
+}
+
+// SetIndex method allows the datastore to store the latest DB Index into this object
+func (h *Handle) SetIndex(index uint64) {
+	h.Lock()
+	h.dbIndex = index
+	h.dbExists = true
+	h.Unlock()
+}
+
+// Exists method is true if this object has been stored in the DB.
+func (h *Handle) Exists() bool {
+	h.Lock()
+	defer h.Unlock()
+	return h.dbExists
+}
+
+// New method returns a handle based on the receiver handle
+func (h *Handle) New() datastore.KVObject {
+	h.Lock()
+	defer h.Unlock()
+
+	return &Handle{
+		app:   h.app,
+		store: h.store,
+	}
+}
+
+// CopyTo deep copies the handle into the passed destination object
+func (h *Handle) CopyTo(o datastore.KVObject) error {
+	h.Lock()
+	defer h.Unlock()
+
+	dstH := o.(*Handle)
+	if h == dstH {
+		return nil
+	}
+	dstH.Lock()
+	dstH.bits = h.bits
+	dstH.unselected = h.unselected
+	dstH.head = h.head.getCopy()
+	dstH.app = h.app
+	dstH.id = h.id
+	dstH.dbIndex = h.dbIndex
+	dstH.dbExists = h.dbExists
+	dstH.store = h.store
+	dstH.curr = h.curr
+	dstH.Unlock()
+
+	return nil
+}
+
+// Skip provides a way for a KV Object to avoid persisting it in the KV Store
+func (h *Handle) Skip() bool {
+	return false
+}
+
+// DataScope method returns the storage scope of the datastore
+func (h *Handle) DataScope() string {
+	h.Lock()
+	defer h.Unlock()
+
+	return h.store.Scope()
+}
+
+func (h *Handle) writeToStore() error {
+	h.Lock()
+	store := h.store
+	h.Unlock()
+	if store == nil {
+		return nil
+	}
+	err := store.PutObjectAtomic(h)
+	if err == datastore.ErrKeyModified {
+		return types.RetryErrorf("failed to perform atomic write (%v). Retry might fix the error", err)
+	}
+	return err
+}
+
+func (h *Handle) deleteFromStore() error {
+	h.Lock()
+	store := h.store
+	h.Unlock()
+	if store == nil {
+		return nil
+	}
+	return store.DeleteObjectAtomic(h)
+}
diff --git a/vendor/github.com/docker/libnetwork/cluster/provider.go b/libnetwork/cluster/provider.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/cluster/provider.go
rename to libnetwork/cluster/provider.go
diff --git a/libnetwork/cmd/diagnostic/Dockerfile.client b/libnetwork/cmd/diagnostic/Dockerfile.client
new file mode 100644
index 0000000000000..ee8771517a441
--- /dev/null
+++ b/libnetwork/cmd/diagnostic/Dockerfile.client
@@ -0,0 +1,4 @@
+FROM alpine
+RUN apk add --no-cache curl
+COPY diagnosticClient /usr/local/bin/diagnosticClient
+ENTRYPOINT ["/usr/local/bin/diagnosticClient"]
diff --git a/libnetwork/cmd/diagnostic/Dockerfile.dind b/libnetwork/cmd/diagnostic/Dockerfile.dind
new file mode 100644
index 0000000000000..e0629fa666048
--- /dev/null
+++ b/libnetwork/cmd/diagnostic/Dockerfile.dind
@@ -0,0 +1,5 @@
+FROM docker:17.12-dind
+RUN apk add --no-cache curl
+ENV DIND_CLIENT=true
+COPY daemon.json /etc/docker/daemon.json
+COPY diagnosticClient /usr/local/bin/diagnosticClient
diff --git a/libnetwork/cmd/diagnostic/README.md b/libnetwork/cmd/diagnostic/README.md
new file mode 100644
index 0000000000000..d21efea3340ff
--- /dev/null
+++ b/libnetwork/cmd/diagnostic/README.md
@@ -0,0 +1,262 @@
+---
+description: Learn to use the built-in network debugger to debug overlay networking problems
+keywords: network, troubleshooting, debug
+title: Debug overlay or swarm networking issues
+---
+
+**WARNING**
+This tool can change the internal state of the libnetwork API, be really mindful
+on its use and read carefully the following guide. Improper use of it will damage
+or permanently destroy the network configuration.
+
+
+Docker CE 17.12 and higher introduce a network debugging tool designed to help
+debug issues with overlay networks and swarm services running on Linux hosts.
+When enabled, a network diagnostic server listens on the specified port and
+provides diagnostic information. The network debugging tool should only be
+started to debug specific issues, and should not be left running all the time.
+
+Information about networks is stored in the database, which can be examined using
+the API. Currently the database contains information about the overlay network
+as well as the service discovery data.
+
+The Docker API exposes endpoints to query and control the network debugging
+tool. CLI integration is provided as a preview, but the implementation is not
+yet considered stable and commands and options may change without notice.
+
+The tool is available into 2 forms:
+1) client only: dockereng/network-diagnostic:onlyclient
+2) docker in docker version: dockereng/network-diagnostic:17.12-dind
+The latter allows to use the tool with a cluster running an engine older than 17.12
+
+## Enable the diagnostic server
+
+The tool currently only works on Docker hosts running on Linux. To enable it on a node
+follow the step below.
+
+1.  Set the `network-diagnostic-port` to a port which is free on the Docker
+    host, in the `/etc/docker/daemon.json` configuration file.
+
+    ```json
+    “network-diagnostic-port”: <port>
+    ```
+
+2.  Get the process ID (PID) of the `dockerd` process. It is the second field in
+    the output, and is typically a number from 2 to 6 digits long.
+
+    ```bash
+    $ ps aux |grep dockerd | grep -v grep
+    ```
+
+3.  Reload the Docker configuration without restarting Docker, by sending the
+    `HUP` signal to the PID you found in the previous step.
+
+    ```bash
+    kill -HUP <pid-of-dockerd>
+    ```
+
+If systemd is used the command `systemctl reload docker` will be enough
+
+
+A message like the following will appear in the Docker host logs:
+
+```none
+Starting the diagnostic server listening on <port> for commands
+```
+
+## Disable the diagnostic tool
+
+Repeat these steps for each node participating in the swarm.
+
+1.  Remove the `network-diagnostic-port` key from the `/etc/docker/daemon.json`
+    configuration file.
+
+2.  Get the process ID (PID) of the `dockerd` process. It is the second field in
+    the output, and is typically a number from 2 to 6 digits long.
+
+    ```bash
+    $ ps aux |grep dockerd | grep -v grep
+    ```
+
+3.  Reload the Docker configuration without restarting Docker, by sending the
+    `HUP` signal to the PID you found in the previous step.
+
+    ```bash
+    kill -HUP <pid-of-dockerd>
+    ```
+
+A message like the following will appear in the Docker host logs:
+
+```none
+Disabling the diagnostic server
+```
+
+## Access the diagnostic tool's API
+
+The network diagnostic tool exposes its own RESTful API. To access the API,
+send a HTTP request to the port where the tool is listening. The following
+commands assume the tool is listening on port 2000.
+
+Examples are not given for every endpoint.
+
+### Get help
+
+```bash
+$ curl localhost:2000/help
+
+OK
+/updateentry
+/getentry
+/gettable
+/leavenetwork
+/createentry
+/help
+/clusterpeers
+/ready
+/joinnetwork
+/deleteentry
+/networkpeers
+/
+/join
+```
+
+### Join or leave the network database cluster
+
+```bash
+$ curl localhost:2000/join?members=ip1,ip2,...
+```
+
+```bash
+$ curl localhost:2000/leave?members=ip1,ip2,...
+```
+
+`ip1`, `ip2`, ... are the swarm node ips (usually one is enough)
+
+### Join or leave a network
+
+```bash
+$ curl localhost:2000/joinnetwork?nid=<network id>
+```
+
+```bash
+$ curl localhost:2000/leavenetwork?nid=<network id>
+```
+
+`network id` can be retrieved on the manager with `docker network ls --no-trunc` and has
+to be the full length identifier
+
+### List cluster peers
+
+```bash
+$ curl localhost:2000/clusterpeers
+```
+
+### List nodes connected to a given network
+
+```bash
+$ curl localhost:2000/networkpeers?nid=<network id>
+```
+`network id` can be retrieved on the manager with `docker network ls --no-trunc` and has
+to be the full length identifier
+
+### Dump database tables
+
+The tables are called `endpoint_table` and `overlay_peer_table`.
+The `overlay_peer_table` contains all the overlay forwarding information
+The `endpoint_table` contains all the service discovery information
+
+```bash
+$ curl localhost:2000/gettable?nid=<network id>&tname=<table name>
+```
+
+### Interact with a specific database table
+
+The tables are called `endpoint_table` and `overlay_peer_table`.
+
+```bash
+$ curl localhost:2000/<method>?nid=<network id>&tname=<table name>&key=<key>[&value=<value>]
+```
+
+Note:
+operations on tables have node ownership, this means that are going to remain persistent till
+the node that inserted them is part of the cluster
+
+## Access the diagnostic tool's CLI
+
+The CLI is provided as a preview and is not yet stable. Commands or options may
+change at any time.
+
+The CLI executable is called `diagnosticClient` and is made available using a
+standalone container.
+
+`docker run --net host dockereng/network-diagnostic:onlyclient -v -net <full network id> -t sd`
+
+The following flags are supported:
+
+| Flag          | Description                                     |
+|---------------|-------------------------------------------------|
+| -t <string>   | Table one of `sd` or `overlay`.                 |
+| -ip <string>  | The IP address to query. Defaults to 127.0.0.1. |
+| -net <string> | The target network ID.                          |
+| -port <int>   | The target port. (default port is 2000)         |
+| -a            | Join/leave network                              |
+| -v            | Enable verbose output.                          |
+
+*NOTE*
+By default the tool won't try to join the network. This is following the intent to not change
+the state on which the node is when the diagnostic client is run. This means that it is safe
+to run the diagnosticClient against a running daemon because it will just dump the current state.
+When using instead the diagnosticClient in the containerized version the flag `-a` MUST be passed
+to avoid retrieving empty results. On the other side using the `-a` flag against a loaded daemon
+will have the undesirable side effect to leave the network and so cutting down the data path for
+that daemon.
+
+### Container version of the diagnostic tool
+
+The CLI is provided as a container with a 17.12 engine that needs to run using privileged mode.
+*NOTE*
+Remember that table operations have ownership, so any `create entry` will be persistent till
+the diagnostic container is part of the swarm.
+
+1.  Make sure that the node where the diagnostic client will run is not part of the swarm, if so do `docker swarm leave -f`
+
+2.  To run the container, use a command like the following:
+
+    ```bash
+    $ docker container run --name net-diagnostic -d --privileged --network host dockereng/network-diagnostic:17.12-dind
+    ```
+
+3.  Connect to the container using `docker exec -it <container-ID> sh`,
+    and start the server using the following command:
+
+    ```bash
+    $ kill -HUP 1
+    ```
+
+4.  Join the diagnostic container to the swarm, then run the diagnostic CLI within the container.
+
+    ```bash
+    $ ./diagnosticClient <flags>...
+    ```
+
+4.  When finished debugging, leave the swarm and stop the container.
+
+### Examples
+
+The following commands dump the service discovery table and verify node
+ownership.
+
+*NOTE*
+Remember to use the full network ID, you can easily find that with `docker network ls --no-trunc`
+
+**Service discovery and load balancer:**
+
+```bash
+$ diagnostiClient -t sd -v -net n8a8ie6tb3wr2e260vxj8ncy4 -a
+```
+
+**Overlay network:**
+
+```bash
+$ diagnostiClient -port 2001 -t overlay -v -net n8a8ie6tb3wr2e260vxj8ncy4 -a
+```
diff --git a/libnetwork/cmd/diagnostic/daemon.json b/libnetwork/cmd/diagnostic/daemon.json
new file mode 100644
index 0000000000000..b5eb9889b868b
--- /dev/null
+++ b/libnetwork/cmd/diagnostic/daemon.json
@@ -0,0 +1,4 @@
+{
+  "debug": true,
+  "network-diagnostic-port": 2000
+}
diff --git a/libnetwork/cmd/diagnostic/main.go b/libnetwork/cmd/diagnostic/main.go
new file mode 100644
index 0000000000000..01b0a6422f8a5
--- /dev/null
+++ b/libnetwork/cmd/diagnostic/main.go
@@ -0,0 +1,208 @@
+package main
+
+import (
+	"bufio"
+	"encoding/base64"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/libnetwork/diagnostic"
+	"github.com/docker/docker/libnetwork/drivers/overlay"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	readyPath    = "http://%s:%d/ready"
+	joinNetwork  = "http://%s:%d/joinnetwork?nid=%s"
+	leaveNetwork = "http://%s:%d/leavenetwork?nid=%s"
+	clusterPeers = "http://%s:%d/clusterpeers?json"
+	networkPeers = "http://%s:%d/networkpeers?nid=%s&json"
+	dumpTable    = "http://%s:%d/gettable?nid=%s&tname=%s&json"
+	deleteEntry  = "http://%s:%d/deleteentry?nid=%s&tname=%s&key=%s&json"
+)
+
+func httpIsOk(body io.ReadCloser) {
+	b, err := io.ReadAll(body)
+	if err != nil {
+		logrus.Fatalf("Failed the body parse %s", err)
+	}
+	if !strings.Contains(string(b), "OK") {
+		logrus.Fatalf("Server not ready %s", b)
+	}
+	body.Close()
+}
+
+func main() {
+	ipPtr := flag.String("ip", "127.0.0.1", "ip address")
+	portPtr := flag.Int("port", 2000, "port")
+	networkPtr := flag.String("net", "", "target network")
+	tablePtr := flag.String("t", "", "table to process <sd/overlay>")
+	remediatePtr := flag.Bool("r", false, "perform remediation deleting orphan entries")
+	joinPtr := flag.Bool("a", false, "join/leave network")
+	verbosePtr := flag.Bool("v", false, "verbose output")
+
+	flag.Parse()
+
+	if *verbosePtr {
+		logrus.SetLevel(logrus.DebugLevel)
+	}
+
+	if _, ok := os.LookupEnv("DIND_CLIENT"); !ok && *joinPtr {
+		logrus.Fatal("you are not using the client in docker in docker mode, the use of the -a flag can be disruptive, " +
+			"please remove it (doc:https://github.com/docker/docker/libnetwork/blob/master/cmd/diagnostic/README.md)")
+	}
+
+	logrus.Infof("Connecting to %s:%d checking ready", *ipPtr, *portPtr)
+	resp, err := http.Get(fmt.Sprintf(readyPath, *ipPtr, *portPtr))
+	if err != nil {
+		logrus.WithError(err).Fatalf("The connection failed")
+	}
+	httpIsOk(resp.Body)
+
+	clusterPeers := fetchNodePeers(*ipPtr, *portPtr, "")
+	var networkPeers map[string]string
+	var joinedNetwork bool
+	if *networkPtr != "" {
+		if *joinPtr {
+			logrus.Infof("Joining the network:%q", *networkPtr)
+			resp, err = http.Get(fmt.Sprintf(joinNetwork, *ipPtr, *portPtr, *networkPtr))
+			if err != nil {
+				logrus.WithError(err).Fatalf("Failed joining the network")
+			}
+			httpIsOk(resp.Body)
+			joinedNetwork = true
+		}
+
+		networkPeers = fetchNodePeers(*ipPtr, *portPtr, *networkPtr)
+		if len(networkPeers) == 0 {
+			logrus.Warnf("There is no peer on network %q, check the network ID, and verify that is the non truncated version", *networkPtr)
+		}
+	}
+
+	switch *tablePtr {
+	case "sd":
+		fetchTable(*ipPtr, *portPtr, *networkPtr, "endpoint_table", clusterPeers, networkPeers, *remediatePtr)
+	case "overlay":
+		fetchTable(*ipPtr, *portPtr, *networkPtr, "overlay_peer_table", clusterPeers, networkPeers, *remediatePtr)
+	}
+
+	if joinedNetwork {
+		logrus.Infof("Leaving the network:%q", *networkPtr)
+		resp, err = http.Get(fmt.Sprintf(leaveNetwork, *ipPtr, *portPtr, *networkPtr))
+		if err != nil {
+			logrus.WithError(err).Fatalf("Failed leaving the network")
+		}
+		httpIsOk(resp.Body)
+	}
+}
+
+func fetchNodePeers(ip string, port int, network string) map[string]string {
+	if network == "" {
+		logrus.Infof("Fetch cluster peers")
+	} else {
+		logrus.Infof("Fetch peers network:%q", network)
+	}
+
+	var path string
+	if network != "" {
+		path = fmt.Sprintf(networkPeers, ip, port, network)
+	} else {
+		path = fmt.Sprintf(clusterPeers, ip, port)
+	}
+
+	resp, err := http.Get(path) //nolint:gosec // G107: Potential HTTP request made with variable url
+	if err != nil {
+		logrus.WithError(err).Fatalf("Failed fetching path")
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		logrus.WithError(err).Fatalf("Failed the body parse")
+	}
+
+	output := diagnostic.HTTPResult{Details: &diagnostic.TablePeersResult{}}
+	err = json.Unmarshal(body, &output)
+	if err != nil {
+		logrus.WithError(err).Fatalf("Failed the json unmarshalling")
+	}
+
+	logrus.Debugf("Parsing JSON response")
+	result := make(map[string]string, output.Details.(*diagnostic.TablePeersResult).Length)
+	for _, v := range output.Details.(*diagnostic.TablePeersResult).Elements {
+		logrus.Debugf("name:%s ip:%s", v.Name, v.IP)
+		result[v.Name] = v.IP
+	}
+	return result
+}
+
+func fetchTable(ip string, port int, network, tableName string, clusterPeers, networkPeers map[string]string, remediate bool) {
+	logrus.Infof("Fetch %s table and check owners", tableName)
+	resp, err := http.Get(fmt.Sprintf(dumpTable, ip, port, network, tableName))
+	if err != nil {
+		logrus.WithError(err).Fatalf("Failed fetching endpoint table")
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		logrus.WithError(err).Fatalf("Failed the body parse")
+	}
+
+	output := diagnostic.HTTPResult{Details: &diagnostic.TableEndpointsResult{}}
+	err = json.Unmarshal(body, &output)
+	if err != nil {
+		logrus.WithError(err).Fatalf("Failed the json unmarshalling")
+	}
+
+	logrus.Debug("Parsing data structures")
+	var orphanKeys []string
+	for _, v := range output.Details.(*diagnostic.TableEndpointsResult).Elements {
+		decoded, err := base64.StdEncoding.DecodeString(v.Value)
+		if err != nil {
+			logrus.WithError(err).Errorf("Failed decoding entry")
+			continue
+		}
+		switch tableName {
+		case "endpoint_table":
+			var elem libnetwork.EndpointRecord
+			elem.Unmarshal(decoded)
+			logrus.Debugf("key:%s value:%+v owner:%s", v.Key, elem, v.Owner)
+		case "overlay_peer_table":
+			var elem overlay.PeerRecord
+			elem.Unmarshal(decoded)
+			logrus.Debugf("key:%s value:%+v owner:%s", v.Key, elem, v.Owner)
+		}
+
+		if _, ok := networkPeers[v.Owner]; !ok {
+			logrus.Warnf("The element with key:%s does not belong to any node on this network", v.Key)
+			orphanKeys = append(orphanKeys, v.Key)
+		}
+		if _, ok := clusterPeers[v.Owner]; !ok {
+			logrus.Warnf("The element with key:%s does not belong to any node on this cluster", v.Key)
+		}
+	}
+
+	if len(orphanKeys) > 0 && remediate {
+		logrus.Warnf("The following keys:%v results as orphan, do you want to proceed with the deletion (this operation is irreversible)? [Yes/No]", orphanKeys)
+		reader := bufio.NewReader(os.Stdin)
+		text, _ := reader.ReadString('\n')
+		text = strings.Replace(text, "\n", "", -1)
+		if strings.Compare(text, "Yes") == 0 {
+			for _, k := range orphanKeys {
+				resp, err := http.Get(fmt.Sprintf(deleteEntry, ip, port, network, tableName, k))
+				if err != nil {
+					logrus.WithError(err).Errorf("Failed deleting entry k:%s", k)
+					break
+				}
+				resp.Body.Close()
+			}
+		} else {
+			logrus.Infof("Deletion skipped")
+		}
+	}
+}
diff --git a/libnetwork/cmd/networkdb-test/Dockerfile b/libnetwork/cmd/networkdb-test/Dockerfile
new file mode 100644
index 0000000000000..f30a6b423c794
--- /dev/null
+++ b/libnetwork/cmd/networkdb-test/Dockerfile
@@ -0,0 +1,9 @@
+FROM alpine
+
+RUN apk --no-cache add curl
+
+COPY testMain /app/
+
+WORKDIR app
+
+ENTRYPOINT ["/app/testMain"]
diff --git a/libnetwork/cmd/networkdb-test/README b/libnetwork/cmd/networkdb-test/README
new file mode 100644
index 0000000000000..18227f94aaf71
--- /dev/null
+++ b/libnetwork/cmd/networkdb-test/README
@@ -0,0 +1,15 @@
+SERVER
+
+cd test/networkdb
+env GOOS=linux go build -v testMain.go && docker build -t dockereng/e2e-networkdb .
+(only for testkit case) docker push dockereng/e2e-networkdb
+
+Run server: docker service create --name testdb --network net1 --replicas 3 --env TASK_ID="{{.Task.ID}}" -p mode=host,target=8000 dockereng/e2e-networkdb server 8000
+
+CLIENT
+
+cd test/networkdb
+Join cluster: docker run -it --network net1 dockereng/e2e-networkdb client join testdb 8000
+Join network: docker run -it --network net1 dockereng/e2e-networkdb client join-network testdb 8000 test
+Run test: docker run -it --network net1 dockereng/e2e-networkdb client write-delete-unique-keys testdb 8000 test tableBla 3 10
+check table: curl "localhost:32768/gettable?nid=test&tname=table_name"
diff --git a/libnetwork/cmd/networkdb-test/dbclient/ndbClient.go b/libnetwork/cmd/networkdb-test/dbclient/ndbClient.go
new file mode 100644
index 0000000000000..56f9dfea2c730
--- /dev/null
+++ b/libnetwork/cmd/networkdb-test/dbclient/ndbClient.go
@@ -0,0 +1,861 @@
+package dbclient
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/sirupsen/logrus"
+)
+
+var servicePort string
+
+const totalWrittenKeys string = "totalKeys"
+
+type resultTuple struct {
+	id     string
+	result int
+}
+
+func httpGetFatalError(ip, port, path string) {
+	body, err := httpGet(ip, port, path)
+	if err != nil || !strings.Contains(string(body), "OK") {
+		log.Fatalf("[%s] error %s %s", path, err, body)
+	}
+}
+
+func httpGet(ip, port, path string) ([]byte, error) {
+	resp, err := http.Get("http://" + ip + ":" + port + path)
+	if err != nil {
+		logrus.Errorf("httpGet error:%s", err)
+		return nil, err
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	return body, err
+}
+
+func joinCluster(ip, port string, members []string, doneCh chan resultTuple) {
+	httpGetFatalError(ip, port, "/join?members="+strings.Join(members, ","))
+
+	if doneCh != nil {
+		doneCh <- resultTuple{id: ip, result: 0}
+	}
+}
+
+func joinNetwork(ip, port, network string, doneCh chan resultTuple) {
+	httpGetFatalError(ip, port, "/joinnetwork?nid="+network)
+
+	if doneCh != nil {
+		doneCh <- resultTuple{id: ip, result: 0}
+	}
+}
+
+func leaveNetwork(ip, port, network string, doneCh chan resultTuple) {
+	httpGetFatalError(ip, port, "/leavenetwork?nid="+network)
+
+	if doneCh != nil {
+		doneCh <- resultTuple{id: ip, result: 0}
+	}
+}
+
+func writeTableKey(ip, port, networkName, tableName, key string) {
+	createPath := "/createentry?unsafe&nid=" + networkName + "&tname=" + tableName + "&value=v&key="
+	httpGetFatalError(ip, port, createPath+key)
+}
+
+func deleteTableKey(ip, port, networkName, tableName, key string) {
+	deletePath := "/deleteentry?nid=" + networkName + "&tname=" + tableName + "&key="
+	httpGetFatalError(ip, port, deletePath+key)
+}
+
+func clusterPeersNumber(ip, port string, doneCh chan resultTuple) {
+	body, err := httpGet(ip, port, "/clusterpeers")
+
+	if err != nil {
+		logrus.Errorf("clusterPeers %s there was an error: %s", ip, err)
+		doneCh <- resultTuple{id: ip, result: -1}
+		return
+	}
+	peersRegexp := regexp.MustCompile(`total entries: ([0-9]+)`)
+	peersNum, _ := strconv.Atoi(peersRegexp.FindStringSubmatch(string(body))[1])
+
+	doneCh <- resultTuple{id: ip, result: peersNum}
+}
+
+func networkPeersNumber(ip, port, networkName string, doneCh chan resultTuple) {
+	body, err := httpGet(ip, port, "/networkpeers?nid="+networkName)
+
+	if err != nil {
+		logrus.Errorf("networkPeersNumber %s there was an error: %s", ip, err)
+		doneCh <- resultTuple{id: ip, result: -1}
+		return
+	}
+	peersRegexp := regexp.MustCompile(`total entries: ([0-9]+)`)
+	peersNum, _ := strconv.Atoi(peersRegexp.FindStringSubmatch(string(body))[1])
+
+	doneCh <- resultTuple{id: ip, result: peersNum}
+}
+
+func dbTableEntriesNumber(ip, port, networkName, tableName string, doneCh chan resultTuple) {
+	body, err := httpGet(ip, port, "/gettable?nid="+networkName+"&tname="+tableName)
+
+	if err != nil {
+		logrus.Errorf("tableEntriesNumber %s there was an error: %s", ip, err)
+		doneCh <- resultTuple{id: ip, result: -1}
+		return
+	}
+	elementsRegexp := regexp.MustCompile(`total entries: ([0-9]+)`)
+	entriesNum, _ := strconv.Atoi(elementsRegexp.FindStringSubmatch(string(body))[1])
+	doneCh <- resultTuple{id: ip, result: entriesNum}
+}
+
+func dbQueueLength(ip, port, networkName string, doneCh chan resultTuple) {
+	body, err := httpGet(ip, port, "/networkstats?nid="+networkName)
+
+	if err != nil {
+		logrus.Errorf("queueLength %s there was an error: %s", ip, err)
+		doneCh <- resultTuple{id: ip, result: -1}
+		return
+	}
+	elementsRegexp := regexp.MustCompile(`qlen: ([0-9]+)`)
+	entriesNum, _ := strconv.Atoi(elementsRegexp.FindStringSubmatch(string(body))[1])
+	doneCh <- resultTuple{id: ip, result: entriesNum}
+}
+
+func clientWatchTable(ip, port, networkName, tableName string, doneCh chan resultTuple) {
+	httpGetFatalError(ip, port, "/watchtable?nid="+networkName+"&tname="+tableName)
+	if doneCh != nil {
+		doneCh <- resultTuple{id: ip, result: 0}
+	}
+}
+
+func clientTableEntriesNumber(ip, port, networkName, tableName string, doneCh chan resultTuple) {
+	body, err := httpGet(ip, port, "/watchedtableentries?nid="+networkName+"&tname="+tableName)
+
+	if err != nil {
+		logrus.Errorf("clientTableEntriesNumber %s there was an error: %s", ip, err)
+		doneCh <- resultTuple{id: ip, result: -1}
+		return
+	}
+	elementsRegexp := regexp.MustCompile(`total elements: ([0-9]+)`)
+	entriesNum, _ := strconv.Atoi(elementsRegexp.FindStringSubmatch(string(body))[1])
+	doneCh <- resultTuple{id: ip, result: entriesNum}
+}
+
+func writeKeysNumber(ip, port, networkName, tableName, key string, number int, doneCh chan resultTuple) {
+	x := 0
+	for ; x < number; x++ {
+		k := key + strconv.Itoa(x)
+		// write key
+		writeTableKey(ip, port, networkName, tableName, k)
+	}
+	doneCh <- resultTuple{id: ip, result: x}
+}
+
+func deleteKeysNumber(ip, port, networkName, tableName, key string, number int, doneCh chan resultTuple) {
+	x := 0
+	for ; x < number; x++ {
+		k := key + strconv.Itoa(x)
+		// write key
+		deleteTableKey(ip, port, networkName, tableName, k)
+	}
+	doneCh <- resultTuple{id: ip, result: x}
+}
+
+func writeUniqueKeys(ctx context.Context, ip, port, networkName, tableName, key string, doneCh chan resultTuple) {
+	for x := 0; ; x++ {
+		select {
+		case <-ctx.Done():
+			doneCh <- resultTuple{id: ip, result: x}
+			return
+		default:
+			k := key + strconv.Itoa(x)
+			// write key
+			writeTableKey(ip, port, networkName, tableName, k)
+			// give time to send out key writes
+			time.Sleep(100 * time.Millisecond)
+		}
+	}
+}
+
+func writeDeleteUniqueKeys(ctx context.Context, ip, port, networkName, tableName, key string, doneCh chan resultTuple) {
+	for x := 0; ; x++ {
+		select {
+		case <-ctx.Done():
+			doneCh <- resultTuple{id: ip, result: x}
+			return
+		default:
+			k := key + strconv.Itoa(x)
+			// write key
+			writeTableKey(ip, port, networkName, tableName, k)
+			// give time to send out key writes
+			time.Sleep(100 * time.Millisecond)
+			// delete key
+			deleteTableKey(ip, port, networkName, tableName, k)
+		}
+	}
+}
+
+func writeDeleteLeaveJoin(ctx context.Context, ip, port, networkName, tableName, key string, doneCh chan resultTuple) {
+	for x := 0; ; x++ {
+		select {
+		case <-ctx.Done():
+			doneCh <- resultTuple{id: ip, result: x}
+			return
+		default:
+			k := key + strconv.Itoa(x)
+			// write key
+			writeTableKey(ip, port, networkName, tableName, k)
+			time.Sleep(100 * time.Millisecond)
+			// delete key
+			deleteTableKey(ip, port, networkName, tableName, k)
+			// give some time
+			time.Sleep(100 * time.Millisecond)
+			// leave network
+			leaveNetwork(ip, port, networkName, nil)
+			// join network
+			joinNetwork(ip, port, networkName, nil)
+		}
+	}
+}
+
+func ready(ip, port string, doneCh chan resultTuple) {
+	for {
+		body, err := httpGet(ip, port, "/ready")
+		if err != nil || !strings.Contains(string(body), "OK") {
+			time.Sleep(500 * time.Millisecond)
+			continue
+		}
+		// success
+		break
+	}
+	// notify the completion
+	doneCh <- resultTuple{id: ip, result: 0}
+}
+
+func checkTable(ctx context.Context, ips []string, port, networkName, tableName string, expectedEntries int, fn func(string, string, string, string, chan resultTuple)) (opTime time.Duration) {
+	startTime := time.Now().UnixNano()
+	var successTime int64
+
+	// Loop for 2 minutes to guarantee that the result is stable
+	for {
+		select {
+		case <-ctx.Done():
+			// Validate test success, if the time is set means that all the tables are empty
+			if successTime != 0 {
+				opTime = time.Duration(successTime-startTime) / time.Millisecond
+				logrus.Infof("Check table passed, the cluster converged in %d msec", opTime)
+				return
+			}
+			log.Fatal("Test failed, there is still entries in the tables of the nodes")
+		default:
+			logrus.Infof("Checking table %s expected %d", tableName, expectedEntries)
+			doneCh := make(chan resultTuple, len(ips))
+			for _, ip := range ips {
+				go fn(ip, servicePort, networkName, tableName, doneCh)
+			}
+
+			nodesWithCorrectEntriesNum := 0
+			for i := len(ips); i > 0; i-- {
+				tableEntries := <-doneCh
+				logrus.Infof("Node %s has %d entries", tableEntries.id, tableEntries.result)
+				if tableEntries.result == expectedEntries {
+					nodesWithCorrectEntriesNum++
+				}
+			}
+			close(doneCh)
+			if nodesWithCorrectEntriesNum == len(ips) {
+				if successTime == 0 {
+					successTime = time.Now().UnixNano()
+					logrus.Infof("Success after %d msec", time.Duration(successTime-startTime)/time.Millisecond)
+				}
+			} else {
+				successTime = 0
+			}
+			time.Sleep(10 * time.Second)
+		}
+	}
+}
+
+func waitWriters(parallelWriters int, mustWrite bool, doneCh chan resultTuple) map[string]int {
+	var totalKeys int
+	resultTable := make(map[string]int)
+	for i := 0; i < parallelWriters; i++ {
+		logrus.Infof("Waiting for %d workers", parallelWriters-i)
+		workerReturn := <-doneCh
+		totalKeys += workerReturn.result
+		if mustWrite && workerReturn.result == 0 {
+			log.Fatalf("The worker %s did not write any key %d == 0", workerReturn.id, workerReturn.result)
+		}
+		if !mustWrite && workerReturn.result != 0 {
+			log.Fatalf("The worker %s was supposed to return 0 instead %d != 0", workerReturn.id, workerReturn.result)
+		}
+		if mustWrite {
+			resultTable[workerReturn.id] = workerReturn.result
+			logrus.Infof("The worker %s wrote %d keys", workerReturn.id, workerReturn.result)
+		}
+	}
+	resultTable[totalWrittenKeys] = totalKeys
+	return resultTable
+}
+
+// ready
+func doReady(ips []string) {
+	doneCh := make(chan resultTuple, len(ips))
+	// check all the nodes
+	for _, ip := range ips {
+		go ready(ip, servicePort, doneCh)
+	}
+	// wait for the readiness of all nodes
+	for i := len(ips); i > 0; i-- {
+		<-doneCh
+	}
+	close(doneCh)
+}
+
+// join
+func doJoin(ips []string) {
+	doneCh := make(chan resultTuple, len(ips))
+	// check all the nodes
+	for i, ip := range ips {
+		members := append([]string(nil), ips[:i]...)
+		members = append(members, ips[i+1:]...)
+		go joinCluster(ip, servicePort, members, doneCh)
+	}
+	// wait for the readiness of all nodes
+	for i := len(ips); i > 0; i-- {
+		<-doneCh
+	}
+	close(doneCh)
+}
+
+// cluster-peers expectedNumberPeers maxRetry
+func doClusterPeers(ips []string, args []string) {
+	doneCh := make(chan resultTuple, len(ips))
+	expectedPeers, _ := strconv.Atoi(args[0])
+	maxRetry, _ := strconv.Atoi(args[1])
+	for retry := 0; retry < maxRetry; retry++ {
+		// check all the nodes
+		for _, ip := range ips {
+			go clusterPeersNumber(ip, servicePort, doneCh)
+		}
+		var failed bool
+		// wait for the readiness of all nodes
+		for i := len(ips); i > 0; i-- {
+			node := <-doneCh
+			if node.result != expectedPeers {
+				failed = true
+				if retry == maxRetry-1 {
+					log.Fatalf("Expected peers from %s mismatch %d != %d", node.id, expectedPeers, node.result)
+				} else {
+					logrus.Warnf("Expected peers from %s mismatch %d != %d", node.id, expectedPeers, node.result)
+				}
+				time.Sleep(1 * time.Second)
+			}
+		}
+		// check if needs retry
+		if !failed {
+			break
+		}
+	}
+	close(doneCh)
+}
+
+// join-network networkName
+func doJoinNetwork(ips []string, args []string) {
+	doneCh := make(chan resultTuple, len(ips))
+	// check all the nodes
+	for _, ip := range ips {
+		go joinNetwork(ip, servicePort, args[0], doneCh)
+	}
+	// wait for the readiness of all nodes
+	for i := len(ips); i > 0; i-- {
+		<-doneCh
+	}
+	close(doneCh)
+}
+
+// leave-network networkName
+func doLeaveNetwork(ips []string, args []string) {
+	doneCh := make(chan resultTuple, len(ips))
+	// check all the nodes
+	for _, ip := range ips {
+		go leaveNetwork(ip, servicePort, args[0], doneCh)
+	}
+	// wait for the readiness of all nodes
+	for i := len(ips); i > 0; i-- {
+		<-doneCh
+	}
+	close(doneCh)
+}
+
+// network-peers networkName expectedNumberPeers maxRetry
+func doNetworkPeers(ips []string, args []string) {
+	doneCh := make(chan resultTuple, len(ips))
+	networkName := args[0]
+	expectedPeers, _ := strconv.Atoi(args[1])
+	maxRetry, _ := strconv.Atoi(args[2])
+	for retry := 0; retry < maxRetry; retry++ {
+		// check all the nodes
+		for _, ip := range ips {
+			go networkPeersNumber(ip, servicePort, networkName, doneCh)
+		}
+		var failed bool
+		// wait for the readiness of all nodes
+		for i := len(ips); i > 0; i-- {
+			node := <-doneCh
+			if node.result != expectedPeers {
+				failed = true
+				if retry == maxRetry-1 {
+					log.Fatalf("Expected peers from %s mismatch %d != %d", node.id, expectedPeers, node.result)
+				} else {
+					logrus.Warnf("Expected peers from %s mismatch %d != %d", node.id, expectedPeers, node.result)
+				}
+				time.Sleep(1 * time.Second)
+			}
+		}
+		// check if needs retry
+		if !failed {
+			break
+		}
+	}
+	close(doneCh)
+}
+
+// network-stats-queue networkName <gt/lt> queueSize
+func doNetworkStatsQueue(ips []string, args []string) {
+	doneCh := make(chan resultTuple, len(ips))
+	networkName := args[0]
+	comparison := args[1]
+	size, _ := strconv.Atoi(args[2])
+
+	// check all the nodes
+	for _, ip := range ips {
+		go dbQueueLength(ip, servicePort, networkName, doneCh)
+	}
+
+	var avgQueueSize int
+	// wait for the readiness of all nodes
+	for i := len(ips); i > 0; i-- {
+		node := <-doneCh
+		switch comparison {
+		case "lt":
+			if node.result > size {
+				log.Fatalf("Expected queue size from %s to be %d < %d", node.id, node.result, size)
+			}
+		case "gt":
+			if node.result < size {
+				log.Fatalf("Expected queue size from %s to be %d > %d", node.id, node.result, size)
+			}
+		default:
+			log.Fatal("unknown comparison operator")
+		}
+		avgQueueSize += node.result
+	}
+	close(doneCh)
+	avgQueueSize /= len(ips)
+	fmt.Fprintf(os.Stderr, "doNetworkStatsQueue succeeded with avg queue:%d", avgQueueSize)
+}
+
+// write-keys networkName tableName parallelWriters numberOfKeysEach
+func doWriteKeys(ips []string, args []string) {
+	networkName := args[0]
+	tableName := args[1]
+	parallelWriters, _ := strconv.Atoi(args[2])
+	numberOfKeys, _ := strconv.Atoi(args[3])
+
+	doneCh := make(chan resultTuple, parallelWriters)
+	// Enable watch of tables from clients
+	for i := 0; i < parallelWriters; i++ {
+		go clientWatchTable(ips[i], servicePort, networkName, tableName, doneCh)
+	}
+	waitWriters(parallelWriters, false, doneCh)
+
+	// Start parallel writers that will create and delete unique keys
+	defer close(doneCh)
+	for i := 0; i < parallelWriters; i++ {
+		key := "key-" + strconv.Itoa(i) + "-"
+		logrus.Infof("Spawn worker: %d on IP:%s", i, ips[i])
+		go writeKeysNumber(ips[i], servicePort, networkName, tableName, key, numberOfKeys, doneCh)
+	}
+
+	// Sync with all the writers
+	keyMap := waitWriters(parallelWriters, true, doneCh)
+	logrus.Infof("Written a total of %d keys on the cluster", keyMap[totalWrittenKeys])
+
+	// check table entries for 2 minutes
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Minute)
+	opTime := checkTable(ctx, ips, servicePort, networkName, tableName, keyMap[totalWrittenKeys], dbTableEntriesNumber)
+	cancel()
+	fmt.Fprintf(os.Stderr, "doWriteKeys succeeded in %d msec", opTime)
+}
+
+// delete-keys networkName tableName parallelWriters numberOfKeysEach
+func doDeleteKeys(ips []string, args []string) {
+	networkName := args[0]
+	tableName := args[1]
+	parallelWriters, _ := strconv.Atoi(args[2])
+	numberOfKeys, _ := strconv.Atoi(args[3])
+
+	doneCh := make(chan resultTuple, parallelWriters)
+	// Enable watch of tables from clients
+	for i := 0; i < parallelWriters; i++ {
+		go clientWatchTable(ips[i], servicePort, networkName, tableName, doneCh)
+	}
+	waitWriters(parallelWriters, false, doneCh)
+
+	// Start parallel writers that will create and delete unique keys
+	defer close(doneCh)
+	for i := 0; i < parallelWriters; i++ {
+		key := "key-" + strconv.Itoa(i) + "-"
+		logrus.Infof("Spawn worker: %d on IP:%s", i, ips[i])
+		go deleteKeysNumber(ips[i], servicePort, networkName, tableName, key, numberOfKeys, doneCh)
+	}
+
+	// Sync with all the writers
+	keyMap := waitWriters(parallelWriters, true, doneCh)
+	logrus.Infof("Written a total of %d keys on the cluster", keyMap[totalWrittenKeys])
+
+	// check table entries for 2 minutes
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Minute)
+	opTime := checkTable(ctx, ips, servicePort, networkName, tableName, 0, dbTableEntriesNumber)
+	cancel()
+	fmt.Fprintf(os.Stderr, "doDeletekeys succeeded in %d msec", opTime)
+}
+
+// write-delete-unique-keys networkName tableName numParallelWriters writeTimeSec
+func doWriteDeleteUniqueKeys(ips []string, args []string) {
+	networkName := args[0]
+	tableName := args[1]
+	parallelWriters, _ := strconv.Atoi(args[2])
+	writeTimeSec, _ := strconv.Atoi(args[3])
+
+	doneCh := make(chan resultTuple, parallelWriters)
+	// Enable watch of tables from clients
+	for i := 0; i < parallelWriters; i++ {
+		go clientWatchTable(ips[i], servicePort, networkName, tableName, doneCh)
+	}
+	waitWriters(parallelWriters, false, doneCh)
+
+	// Start parallel writers that will create and delete unique keys
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(writeTimeSec)*time.Second)
+	for i := 0; i < parallelWriters; i++ {
+		key := "key-" + strconv.Itoa(i) + "-"
+		logrus.Infof("Spawn worker: %d on IP:%s", i, ips[i])
+		go writeDeleteUniqueKeys(ctx, ips[i], servicePort, networkName, tableName, key, doneCh)
+	}
+
+	// Sync with all the writers
+	keyMap := waitWriters(parallelWriters, true, doneCh)
+	cancel()
+	logrus.Infof("Written a total of %d keys on the cluster", keyMap[totalWrittenKeys])
+
+	// check table entries for 2 minutes
+	ctx, cancel = context.WithTimeout(context.Background(), 2*time.Minute)
+	opDBTime := checkTable(ctx, ips, servicePort, networkName, tableName, 0, dbTableEntriesNumber)
+	cancel()
+	ctx, cancel = context.WithTimeout(context.Background(), 30*time.Second)
+	opClientTime := checkTable(ctx, ips, servicePort, networkName, tableName, 0, clientTableEntriesNumber)
+	cancel()
+	fmt.Fprintf(os.Stderr, "doWriteDeleteUniqueKeys succeeded in %d msec and client %d msec", opDBTime, opClientTime)
+}
+
+// write-unique-keys networkName tableName numParallelWriters writeTimeSec
+func doWriteUniqueKeys(ips []string, args []string) {
+	networkName := args[0]
+	tableName := args[1]
+	parallelWriters, _ := strconv.Atoi(args[2])
+	writeTimeSec, _ := strconv.Atoi(args[3])
+
+	doneCh := make(chan resultTuple, parallelWriters)
+	// Enable watch of tables from clients
+	for i := 0; i < parallelWriters; i++ {
+		go clientWatchTable(ips[i], servicePort, networkName, tableName, doneCh)
+	}
+	waitWriters(parallelWriters, false, doneCh)
+
+	// Start parallel writers that will create and delete unique keys
+	defer close(doneCh)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(writeTimeSec)*time.Second)
+	for i := 0; i < parallelWriters; i++ {
+		key := "key-" + strconv.Itoa(i) + "-"
+		logrus.Infof("Spawn worker: %d on IP:%s", i, ips[i])
+		go writeUniqueKeys(ctx, ips[i], servicePort, networkName, tableName, key, doneCh)
+	}
+
+	// Sync with all the writers
+	keyMap := waitWriters(parallelWriters, true, doneCh)
+	cancel()
+	logrus.Infof("Written a total of %d keys on the cluster", keyMap[totalWrittenKeys])
+
+	// check table entries for 2 minutes
+	ctx, cancel = context.WithTimeout(context.Background(), 2*time.Minute)
+	opTime := checkTable(ctx, ips, servicePort, networkName, tableName, keyMap[totalWrittenKeys], dbTableEntriesNumber)
+	cancel()
+	fmt.Fprintf(os.Stderr, "doWriteUniqueKeys succeeded in %d msec", opTime)
+}
+
+// write-delete-leave-join networkName tableName numParallelWriters writeTimeSec
+func doWriteDeleteLeaveJoin(ips []string, args []string) {
+	networkName := args[0]
+	tableName := args[1]
+	parallelWriters, _ := strconv.Atoi(args[2])
+	writeTimeSec, _ := strconv.Atoi(args[3])
+
+	// Start parallel writers that will create and delete unique keys
+	doneCh := make(chan resultTuple, parallelWriters)
+	defer close(doneCh)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(writeTimeSec)*time.Second)
+	for i := 0; i < parallelWriters; i++ {
+		key := "key-" + strconv.Itoa(i) + "-"
+		logrus.Infof("Spawn worker: %d on IP:%s", i, ips[i])
+		go writeDeleteLeaveJoin(ctx, ips[i], servicePort, networkName, tableName, key, doneCh)
+	}
+
+	// Sync with all the writers
+	keyMap := waitWriters(parallelWriters, true, doneCh)
+	cancel()
+	logrus.Infof("Written a total of %d keys on the cluster", keyMap["totalKeys"])
+
+	// check table entries for 2 minutes
+	ctx, cancel = context.WithTimeout(context.Background(), 2*time.Minute)
+	opTime := checkTable(ctx, ips, servicePort, networkName, tableName, 0, dbTableEntriesNumber)
+	cancel()
+	fmt.Fprintf(os.Stderr, "doWriteDeleteLeaveJoin succeeded in %d msec", opTime)
+}
+
+// write-delete-wait-leave-join networkName tableName numParallelWriters writeTimeSec
+func doWriteDeleteWaitLeaveJoin(ips []string, args []string) {
+	networkName := args[0]
+	tableName := args[1]
+	parallelWriters, _ := strconv.Atoi(args[2])
+	writeTimeSec, _ := strconv.Atoi(args[3])
+
+	// Start parallel writers that will create and delete unique keys
+	doneCh := make(chan resultTuple, parallelWriters)
+	defer close(doneCh)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(writeTimeSec)*time.Second)
+	for i := 0; i < parallelWriters; i++ {
+		key := "key-" + strconv.Itoa(i) + "-"
+		logrus.Infof("Spawn worker: %d on IP:%s", i, ips[i])
+		go writeDeleteUniqueKeys(ctx, ips[i], servicePort, networkName, tableName, key, doneCh)
+	}
+
+	// Sync with all the writers
+	keyMap := waitWriters(parallelWriters, true, doneCh)
+	cancel()
+	logrus.Infof("Written a total of %d keys on the cluster", keyMap[totalWrittenKeys])
+
+	// The writers will leave the network
+	for i := 0; i < parallelWriters; i++ {
+		logrus.Infof("worker leaveNetwork: %d on IP:%s", i, ips[i])
+		go leaveNetwork(ips[i], servicePort, networkName, doneCh)
+	}
+	waitWriters(parallelWriters, false, doneCh)
+
+	// Give some time
+	time.Sleep(100 * time.Millisecond)
+
+	// The writers will join the network
+	for i := 0; i < parallelWriters; i++ {
+		logrus.Infof("worker joinNetwork: %d on IP:%s", i, ips[i])
+		go joinNetwork(ips[i], servicePort, networkName, doneCh)
+	}
+	waitWriters(parallelWriters, false, doneCh)
+
+	// check table entries for 2 minutes
+	ctx, cancel = context.WithTimeout(context.Background(), 2*time.Minute)
+	opTime := checkTable(ctx, ips, servicePort, networkName, tableName, 0, dbTableEntriesNumber)
+	cancel()
+	fmt.Fprintf(os.Stderr, "doWriteDeleteWaitLeaveJoin succeeded in %d msec", opTime)
+}
+
+// write-wait-leave networkName tableName numParallelWriters writeTimeSec
+func doWriteWaitLeave(ips []string, args []string) {
+	networkName := args[0]
+	tableName := args[1]
+	parallelWriters, _ := strconv.Atoi(args[2])
+	writeTimeSec, _ := strconv.Atoi(args[3])
+
+	// Start parallel writers that will create and delete unique keys
+	doneCh := make(chan resultTuple, parallelWriters)
+	defer close(doneCh)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(writeTimeSec)*time.Second)
+	for i := 0; i < parallelWriters; i++ {
+		key := "key-" + strconv.Itoa(i) + "-"
+		logrus.Infof("Spawn worker: %d on IP:%s", i, ips[i])
+		go writeUniqueKeys(ctx, ips[i], servicePort, networkName, tableName, key, doneCh)
+	}
+
+	// Sync with all the writers
+	keyMap := waitWriters(parallelWriters, true, doneCh)
+	cancel()
+	logrus.Infof("Written a total of %d keys on the cluster", keyMap[totalWrittenKeys])
+
+	// The writers will leave the network
+	for i := 0; i < parallelWriters; i++ {
+		logrus.Infof("worker leaveNetwork: %d on IP:%s", i, ips[i])
+		go leaveNetwork(ips[i], servicePort, networkName, doneCh)
+	}
+	waitWriters(parallelWriters, false, doneCh)
+
+	// check table entries for 2 minutes
+	ctx, cancel = context.WithTimeout(context.Background(), 2*time.Minute)
+	opTime := checkTable(ctx, ips, servicePort, networkName, tableName, 0, dbTableEntriesNumber)
+	cancel()
+	fmt.Fprintf(os.Stderr, "doWriteLeaveJoin succeeded in %d msec", opTime)
+}
+
+// write-wait-leave-join networkName tableName numParallelWriters writeTimeSec numParallelLeaver
+func doWriteWaitLeaveJoin(ips []string, args []string) {
+	networkName := args[0]
+	tableName := args[1]
+	parallelWriters, _ := strconv.Atoi(args[2])
+	writeTimeSec, _ := strconv.Atoi(args[3])
+	parallelLeaver, _ := strconv.Atoi(args[4])
+
+	// Start parallel writers that will create and delete unique keys
+	doneCh := make(chan resultTuple, parallelWriters)
+	defer close(doneCh)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(writeTimeSec)*time.Second)
+	for i := 0; i < parallelWriters; i++ {
+		key := "key-" + strconv.Itoa(i) + "-"
+		logrus.Infof("Spawn worker: %d on IP:%s", i, ips[i])
+		go writeUniqueKeys(ctx, ips[i], servicePort, networkName, tableName, key, doneCh)
+	}
+
+	// Sync with all the writers
+	keyMap := waitWriters(parallelWriters, true, doneCh)
+	cancel()
+	logrus.Infof("Written a total of %d keys on the cluster", keyMap[totalWrittenKeys])
+
+	keysExpected := keyMap[totalWrittenKeys]
+	// The Leavers will leave the network
+	for i := 0; i < parallelLeaver; i++ {
+		logrus.Infof("worker leaveNetwork: %d on IP:%s", i, ips[i])
+		go leaveNetwork(ips[i], servicePort, networkName, doneCh)
+		// Once a node leave all the keys written previously will be deleted, so the expected keys will consider that as removed
+		keysExpected -= keyMap[ips[i]]
+	}
+	waitWriters(parallelLeaver, false, doneCh)
+
+	// Give some time
+	time.Sleep(100 * time.Millisecond)
+
+	// The writers will join the network
+	for i := 0; i < parallelLeaver; i++ {
+		logrus.Infof("worker joinNetwork: %d on IP:%s", i, ips[i])
+		go joinNetwork(ips[i], servicePort, networkName, doneCh)
+	}
+	waitWriters(parallelLeaver, false, doneCh)
+
+	// check table entries for 2 minutes
+	ctx, cancel = context.WithTimeout(context.Background(), 2*time.Minute)
+	opTime := checkTable(ctx, ips, servicePort, networkName, tableName, keysExpected, dbTableEntriesNumber)
+	cancel()
+	fmt.Fprintf(os.Stderr, "doWriteWaitLeaveJoin succeeded in %d msec", opTime)
+}
+
+var cmdArgChec = map[string]int{
+	"debug":                    0,
+	"fail":                     0,
+	"ready":                    2,
+	"join":                     2,
+	"leave":                    2,
+	"join-network":             3,
+	"leave-network":            3,
+	"cluster-peers":            5,
+	"network-peers":            5,
+	"write-delete-unique-keys": 7,
+}
+
+// Client is a client
+func Client(args []string) {
+	logrus.Infof("[CLIENT] Starting with arguments %v", args)
+	command := args[0]
+
+	if len(args) < cmdArgChec[command] {
+		log.Fatalf("Command %s requires %d arguments, passed %d, aborting...", command, cmdArgChec[command], len(args))
+	}
+
+	switch command {
+	case "debug":
+		time.Sleep(1 * time.Hour)
+		os.Exit(0)
+	case "fail":
+		log.Fatalf("Test error condition with message: error error error")
+	}
+
+	serviceName := args[1]
+	ips, _ := net.LookupHost("tasks." + serviceName)
+	logrus.Infof("got the ips %v", ips)
+	if len(ips) == 0 {
+		log.Fatalf("Cannot resolve any IP for the service tasks.%s", serviceName)
+	}
+	servicePort = args[2]
+	commandArgs := args[3:]
+	logrus.Infof("Executing %s with args:%v", command, commandArgs)
+	switch command {
+	case "ready":
+		doReady(ips)
+	case "join":
+		doJoin(ips)
+	case "leave":
+
+	case "cluster-peers":
+		// cluster-peers maxRetry
+		doClusterPeers(ips, commandArgs)
+
+	case "join-network":
+		// join-network networkName
+		doJoinNetwork(ips, commandArgs)
+	case "leave-network":
+		// leave-network networkName
+		doLeaveNetwork(ips, commandArgs)
+	case "network-peers":
+		// network-peers networkName expectedNumberPeers maxRetry
+		doNetworkPeers(ips, commandArgs)
+		//	case "network-stats-entries":
+		//		// network-stats-entries networkName maxRetry
+		//		doNetworkPeers(ips, commandArgs)
+	case "network-stats-queue":
+		// network-stats-queue networkName <lt/gt> queueSize
+		doNetworkStatsQueue(ips, commandArgs)
+
+	case "write-keys":
+		// write-keys networkName tableName parallelWriters numberOfKeysEach
+		doWriteKeys(ips, commandArgs)
+	case "delete-keys":
+		// delete-keys networkName tableName parallelWriters numberOfKeysEach
+		doDeleteKeys(ips, commandArgs)
+	case "write-unique-keys":
+		// write-delete-unique-keys networkName tableName numParallelWriters writeTimeSec
+		doWriteUniqueKeys(ips, commandArgs)
+	case "write-delete-unique-keys":
+		// write-delete-unique-keys networkName tableName numParallelWriters writeTimeSec
+		doWriteDeleteUniqueKeys(ips, commandArgs)
+	case "write-delete-leave-join":
+		// write-delete-leave-join networkName tableName numParallelWriters writeTimeSec
+		doWriteDeleteLeaveJoin(ips, commandArgs)
+	case "write-delete-wait-leave-join":
+		// write-delete-wait-leave-join networkName tableName numParallelWriters writeTimeSec
+		doWriteDeleteWaitLeaveJoin(ips, commandArgs)
+	case "write-wait-leave":
+		// write-wait-leave networkName tableName numParallelWriters writeTimeSec
+		doWriteWaitLeave(ips, commandArgs)
+	case "write-wait-leave-join":
+		// write-wait-leave networkName tableName numParallelWriters writeTimeSec
+		doWriteWaitLeaveJoin(ips, commandArgs)
+	default:
+		log.Fatalf("Command %s not recognized", command)
+	}
+}
diff --git a/libnetwork/cmd/networkdb-test/dbserver/ndbServer.go b/libnetwork/cmd/networkdb-test/dbserver/ndbServer.go
new file mode 100644
index 0000000000000..fc836bd22e5d7
--- /dev/null
+++ b/libnetwork/cmd/networkdb-test/dbserver/ndbServer.go
@@ -0,0 +1,111 @@
+package dbserver
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"strconv"
+
+	"github.com/docker/docker/libnetwork/cmd/networkdb-test/dummyclient"
+	"github.com/docker/docker/libnetwork/diagnostic"
+	"github.com/docker/docker/libnetwork/networkdb"
+	"github.com/sirupsen/logrus"
+)
+
+var nDB *networkdb.NetworkDB
+var server *diagnostic.Server
+var ipAddr string
+
+var testerPaths2Func = map[string]diagnostic.HTTPHandlerFunc{
+	"/myip": ipaddress,
+}
+
+func ipaddress(ctx interface{}, w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "%s\n", ipAddr)
+}
+
+// Server starts the server
+func Server(args []string) {
+	logrus.Infof("[SERVER] Starting with arguments %v", args)
+	if len(args) < 1 {
+		log.Fatal("Port number is a mandatory argument, aborting...")
+	}
+	port, _ := strconv.Atoi(args[0])
+	var localNodeName string
+	var ok bool
+	if localNodeName, ok = os.LookupEnv("TASK_ID"); !ok {
+		log.Fatal("TASK_ID environment variable not set, aborting...")
+	}
+	logrus.Infof("[SERVER] Starting node %s on port %d", localNodeName, port)
+
+	ip, err := getIPInterface("eth0")
+	if err != nil {
+		logrus.Errorf("%s There was a problem with the IP %s\n", localNodeName, err)
+		return
+	}
+	ipAddr = ip
+	logrus.Infof("%s uses IP %s\n", localNodeName, ipAddr)
+
+	server = diagnostic.New()
+	server.Init()
+	conf := networkdb.DefaultConfig()
+	conf.Hostname = localNodeName
+	conf.AdvertiseAddr = ipAddr
+	conf.BindAddr = ipAddr
+	nDB, err = networkdb.New(conf)
+	if err != nil {
+		logrus.Infof("%s error in the DB init %s\n", localNodeName, err)
+		return
+	}
+
+	// Register network db handlers
+	server.RegisterHandler(nDB, networkdb.NetDbPaths2Func)
+	server.RegisterHandler(nil, testerPaths2Func)
+	server.RegisterHandler(nDB, dummyclient.DummyClientPaths2Func)
+	server.EnableDiagnostic("", port)
+	// block here
+	select {}
+}
+
+func getIPInterface(name string) (string, error) {
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return "", err
+	}
+	for _, iface := range ifaces {
+		if iface.Name != name {
+			continue // not the name specified
+		}
+
+		if iface.Flags&net.FlagUp == 0 {
+			return "", errors.New("Interfaces is down")
+		}
+
+		addrs, err := iface.Addrs()
+		if err != nil {
+			return "", err
+		}
+		for _, addr := range addrs {
+			var ip net.IP
+			switch v := addr.(type) {
+			case *net.IPNet:
+				ip = v.IP
+			case *net.IPAddr:
+				ip = v.IP
+			}
+			if ip == nil || ip.IsLoopback() {
+				continue
+			}
+			ip = ip.To4()
+			if ip == nil {
+				continue
+			}
+			return ip.String(), nil
+		}
+		return "", errors.New("Interfaces does not have a valid IPv4")
+	}
+	return "", errors.New("Interface not found")
+}
diff --git a/libnetwork/cmd/networkdb-test/dummyclient/dummyClient.go b/libnetwork/cmd/networkdb-test/dummyclient/dummyClient.go
new file mode 100644
index 0000000000000..20c2d4132807b
--- /dev/null
+++ b/libnetwork/cmd/networkdb-test/dummyclient/dummyClient.go
@@ -0,0 +1,120 @@
+package dummyclient
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+
+	"github.com/docker/docker/libnetwork/diagnostic"
+	"github.com/docker/docker/libnetwork/networkdb"
+	events "github.com/docker/go-events"
+	"github.com/sirupsen/logrus"
+)
+
+// DummyClientPaths2Func exported paths for the client
+var DummyClientPaths2Func = map[string]diagnostic.HTTPHandlerFunc{
+	"/watchtable":          watchTable,
+	"/watchedtableentries": watchTableEntries,
+}
+
+const (
+	missingParameter = "missing parameter"
+)
+
+type tableHandler struct {
+	cancelWatch func()
+	entries     map[string]string
+}
+
+var clientWatchTable = map[string]tableHandler{}
+
+func watchTable(ctx interface{}, w http.ResponseWriter, r *http.Request) {
+	r.ParseForm() // nolint:errcheck
+	diagnostic.DebugHTTPForm(r)
+	if len(r.Form["tname"]) < 1 {
+		rsp := diagnostic.WrongCommand(missingParameter, fmt.Sprintf("%s?tname=table_name", r.URL.Path))
+		diagnostic.HTTPReply(w, rsp, &diagnostic.JSONOutput{}) // nolint:errcheck
+		return
+	}
+
+	tableName := r.Form["tname"][0]
+	if _, ok := clientWatchTable[tableName]; ok {
+		fmt.Fprintf(w, "OK\n")
+		return
+	}
+
+	nDB, ok := ctx.(*networkdb.NetworkDB)
+	if ok {
+		ch, cancel := nDB.Watch(tableName, "", "")
+		clientWatchTable[tableName] = tableHandler{cancelWatch: cancel, entries: make(map[string]string)}
+		go handleTableEvents(tableName, ch)
+
+		fmt.Fprintf(w, "OK\n")
+	}
+}
+
+func watchTableEntries(ctx interface{}, w http.ResponseWriter, r *http.Request) {
+	r.ParseForm() // nolint:errcheck
+	diagnostic.DebugHTTPForm(r)
+	if len(r.Form["tname"]) < 1 {
+		rsp := diagnostic.WrongCommand(missingParameter, fmt.Sprintf("%s?tname=table_name", r.URL.Path))
+		diagnostic.HTTPReply(w, rsp, &diagnostic.JSONOutput{}) // nolint:errcheck
+		return
+	}
+
+	tableName := r.Form["tname"][0]
+	table, ok := clientWatchTable[tableName]
+	if !ok {
+		fmt.Fprintf(w, "Table %s not watched\n", tableName)
+		return
+	}
+
+	fmt.Fprintf(w, "total elements: %d\n", len(table.entries))
+	i := 0
+	for k, v := range table.entries {
+		fmt.Fprintf(w, "%d) k:`%s` -> v:`%s`\n", i, k, v)
+		i++
+	}
+}
+
+func handleTableEvents(tableName string, ch *events.Channel) {
+	var (
+		// nid   string
+		eid   string
+		value []byte
+		isAdd bool
+	)
+
+	logrus.Infof("Started watching table:%s", tableName)
+	for {
+		select {
+		case <-ch.Done():
+			logrus.Infof("End watching %s", tableName)
+			return
+
+		case evt := <-ch.C:
+			logrus.Infof("Recevied new event on:%s", tableName)
+			switch event := evt.(type) {
+			case networkdb.CreateEvent:
+				// nid = event.NetworkID
+				eid = event.Key
+				value = event.Value
+				isAdd = true
+			case networkdb.DeleteEvent:
+				// nid = event.NetworkID
+				eid = event.Key
+				value = event.Value
+				isAdd = false
+			default:
+				log.Fatalf("Unexpected table event = %#v", event)
+			}
+			if isAdd {
+				// logrus.Infof("Add %s %s", tableName, eid)
+				clientWatchTable[tableName].entries[eid] = string(value)
+			} else {
+				// logrus.Infof("Del %s %s", tableName, eid)
+				delete(clientWatchTable[tableName].entries, eid)
+			}
+		}
+	}
+}
diff --git a/libnetwork/cmd/networkdb-test/testMain.go b/libnetwork/cmd/networkdb-test/testMain.go
new file mode 100644
index 0000000000000..8731e3440d33e
--- /dev/null
+++ b/libnetwork/cmd/networkdb-test/testMain.go
@@ -0,0 +1,28 @@
+package main
+
+import (
+	"log"
+	"os"
+
+	"github.com/docker/docker/libnetwork/cmd/networkdb-test/dbclient"
+	"github.com/docker/docker/libnetwork/cmd/networkdb-test/dbserver"
+	"github.com/sirupsen/logrus"
+)
+
+func main() {
+	formatter := &logrus.TextFormatter{
+		FullTimestamp: true,
+	}
+	logrus.SetFormatter(formatter)
+	logrus.Infof("Starting the image with these args: %v", os.Args)
+	if len(os.Args) < 1 {
+		log.Fatal("You need at least 1 argument [client/server]")
+	}
+
+	switch os.Args[1] {
+	case "server":
+		dbserver.Server(os.Args[2:])
+	case "client":
+		dbclient.Client(os.Args[2:])
+	}
+}
diff --git a/libnetwork/cmd/ovrouter/ovrouter.go b/libnetwork/cmd/ovrouter/ovrouter.go
new file mode 100644
index 0000000000000..bca34d504f6c6
--- /dev/null
+++ b/libnetwork/cmd/ovrouter/ovrouter.go
@@ -0,0 +1,176 @@
+//go:build linux
+// +build linux
+
+package main
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"os/signal"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/drivers/overlay"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/vishvananda/netlink"
+)
+
+type router struct {
+	d driverapi.Driver
+}
+
+type endpoint struct {
+	addr *net.IPNet
+	mac  net.HardwareAddr
+	name string
+}
+
+func (r *router) GetPluginGetter() plugingetter.PluginGetter {
+	return nil
+}
+
+func (r *router) RegisterDriver(name string, driver driverapi.Driver, c driverapi.Capability) error {
+	r.d = driver
+	return nil
+}
+
+func (ep *endpoint) Interface() driverapi.InterfaceInfo {
+	return nil
+}
+
+func (ep *endpoint) SetMacAddress(mac net.HardwareAddr) error {
+	if ep.mac != nil {
+		return types.ForbiddenErrorf("endpoint interface MAC address present (%s). Cannot be modified with %s.", ep.mac, mac)
+	}
+	if mac == nil {
+		return types.BadRequestErrorf("tried to set nil MAC address to endpoint interface")
+	}
+	ep.mac = types.GetMacCopy(mac)
+	return nil
+}
+
+func (ep *endpoint) SetIPAddress(address *net.IPNet) error {
+	if address.IP == nil {
+		return types.BadRequestErrorf("tried to set nil IP address to endpoint interface")
+	}
+	if address.IP.To4() == nil {
+		return types.NotImplementedErrorf("do not support ipv6 yet")
+	}
+	if ep.addr != nil {
+		return types.ForbiddenErrorf("endpoint interface IP present (%s). Cannot be modified with %s.", ep.addr, address)
+	}
+	ep.addr = types.GetIPNetCopy(address)
+	return nil
+}
+
+func (ep *endpoint) MacAddress() net.HardwareAddr {
+	return types.GetMacCopy(ep.mac)
+}
+
+func (ep *endpoint) Address() *net.IPNet {
+	return types.GetIPNetCopy(ep.addr)
+}
+
+func (ep *endpoint) AddressIPv6() *net.IPNet {
+	return nil
+}
+
+func (ep *endpoint) InterfaceName() driverapi.InterfaceNameInfo {
+	return ep
+}
+
+func (ep *endpoint) SetNames(srcName, dstPrefix string) error {
+	ep.name = srcName
+	return nil
+}
+
+func (ep *endpoint) SetGateway(net.IP) error {
+	return nil
+}
+
+func (ep *endpoint) SetGatewayIPv6(net.IP) error {
+	return nil
+}
+
+func (ep *endpoint) AddStaticRoute(destination *net.IPNet, routeType int,
+	nextHop net.IP) error {
+	return nil
+}
+
+func (ep *endpoint) AddTableEntry(tableName string, key string, value []byte) error {
+	return nil
+}
+
+func (ep *endpoint) DisableGatewayService() {}
+
+func main() {
+	if reexec.Init() {
+		return
+	}
+
+	opt := make(map[string]interface{})
+	if len(os.Args) > 1 {
+		opt[netlabel.OverlayBindInterface] = os.Args[1]
+	}
+	if len(os.Args) > 2 {
+		opt[netlabel.OverlayNeighborIP] = os.Args[2]
+	}
+	if len(os.Args) > 3 {
+		opt[netlabel.GlobalKVProvider] = os.Args[3]
+	}
+	if len(os.Args) > 4 {
+		opt[netlabel.GlobalKVProviderURL] = os.Args[4]
+	}
+
+	r := &router{}
+	if err := overlay.Init(r, opt); err != nil {
+		fmt.Printf("Failed to initialize overlay driver: %v\n", err)
+		os.Exit(1)
+	}
+
+	if err := r.d.CreateNetwork("testnetwork",
+		map[string]interface{}{}, nil, nil, nil); err != nil {
+		fmt.Printf("Failed to create network in the driver: %v\n", err)
+		os.Exit(1)
+	}
+
+	ep := &endpoint{}
+	if err := r.d.CreateEndpoint("testnetwork", "testep",
+		ep, map[string]interface{}{}); err != nil {
+		fmt.Printf("Failed to create endpoint in the driver: %v\n", err)
+		os.Exit(1)
+	}
+
+	if err := r.d.Join("testnetwork", "testep",
+		"", ep, map[string]interface{}{}); err != nil {
+		fmt.Printf("Failed to join an endpoint in the driver: %v\n", err)
+		os.Exit(1)
+	}
+
+	link, err := netlink.LinkByName(ep.name)
+	if err != nil {
+		fmt.Printf("Failed to find the container interface with name %s: %v\n",
+			ep.name, err)
+		os.Exit(1)
+	}
+
+	ipAddr := &netlink.Addr{IPNet: ep.addr, Label: ""}
+	if err := netlink.AddrAdd(link, ipAddr); err != nil {
+		fmt.Printf("Failed to add address to the interface: %v\n", err)
+		os.Exit(1)
+	}
+
+	sigCh := make(chan os.Signal, 1)
+	signal.Notify(sigCh, os.Interrupt)
+
+	for range sigCh {
+		if err := r.d.Leave("testnetwork", "testep"); err != nil {
+			fmt.Printf("Error leaving: %v", err)
+		}
+		overlay.Fini(r.d)
+		os.Exit(0)
+	}
+}
diff --git a/libnetwork/cmd/readme_test/readme.go b/libnetwork/cmd/readme_test/readme.go
new file mode 100644
index 0000000000000..8be24ab9b6e1e
--- /dev/null
+++ b/libnetwork/cmd/readme_test/readme.go
@@ -0,0 +1,74 @@
+package main
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+func main() {
+	if reexec.Init() {
+		return
+	}
+
+	// Select and configure the network driver
+	networkType := "bridge"
+
+	// Create a new controller instance
+	driverOptions := options.Generic{}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = driverOptions
+	controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption))
+	if err != nil {
+		log.Fatalf("libnetwork.New: %s", err)
+	}
+
+	// Create a network for containers to join.
+	// NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use.
+	network, err := controller.NewNetwork(networkType, "network1", "")
+	if err != nil {
+		log.Fatalf("controller.NewNetwork: %s", err)
+	}
+
+	// For each new container: allocate IP and interfaces. The returned network
+	// settings will be used for container infos (inspect and such), as well as
+	// iptables rules for port publishing. This info is contained or accessible
+	// from the returned endpoint.
+	ep, err := network.CreateEndpoint("Endpoint1")
+	if err != nil {
+		log.Fatalf("network.CreateEndpoint: %s", err)
+	}
+
+	// Create the sandbox for the container.
+	// NewSandbox accepts Variadic optional arguments which libnetwork can use.
+	sbx, err := controller.NewSandbox("container1",
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"))
+	if err != nil {
+		log.Fatalf("controller.NewSandbox: %s", err)
+	}
+
+	// A sandbox can join the endpoint via the join api.
+	err = ep.Join(sbx)
+	if err != nil {
+		log.Fatalf("ep.Join: %s", err)
+	}
+
+	// libnetwork client can check the endpoint's operational data via the Info() API
+	epInfo, err := ep.DriverInfo()
+	if err != nil {
+		log.Fatalf("ep.DriverInfo: %s", err)
+	}
+
+	macAddress, ok := epInfo[netlabel.MacAddress]
+	if !ok {
+		log.Fatal("failed to get mac address from endpoint info")
+	}
+
+	fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key())
+}
diff --git a/libnetwork/cmd/ssd/Dockerfile b/libnetwork/cmd/ssd/Dockerfile
new file mode 100755
index 0000000000000..05422479207a2
--- /dev/null
+++ b/libnetwork/cmd/ssd/Dockerfile
@@ -0,0 +1,34 @@
+FROM alpine:3.7
+ENV PACKAGES="\
+    musl \
+    linux-headers \
+    build-base \
+    util-linux \
+    bash \
+    git \
+    ca-certificates \
+    python2 \
+    python2-dev \
+    py-setuptools \
+    iproute2 \
+    curl \
+    strace \
+    drill \
+    ipvsadm \
+    iperf \
+    ethtool \
+"
+
+RUN echo \
+    && apk add --no-cache $PACKAGES \
+    && if [[ ! -e /usr/bin/python ]];        then ln -sf /usr/bin/python2.7 /usr/bin/python; fi \
+    && if [[ ! -e /usr/bin/python-config ]]; then ln -sf /usr/bin/python2.7-config /usr/bin/python-config; fi \
+    && if [[ ! -e /usr/bin/easy_install ]];  then ln -sf /usr/bin/easy_install-2.7 /usr/bin/easy_install; fi \
+    && easy_install pip \
+    && pip install --upgrade pip \
+    && if [[ ! -e /usr/bin/pip ]]; then ln -sf /usr/bin/pip2.7 /usr/bin/pip; fi \
+    && echo
+
+ADD ssd.py /
+RUN pip install git+git://github.com/docker/docker-py.git
+ENTRYPOINT [ "python", "/ssd.py"]
diff --git a/libnetwork/cmd/ssd/README.md b/libnetwork/cmd/ssd/README.md
new file mode 100755
index 0000000000000..a0a0048da5ed3
--- /dev/null
+++ b/libnetwork/cmd/ssd/README.md
@@ -0,0 +1,47 @@
+# Docker Swarm Service Driller(ssd)
+
+ssd is a troubleshooting utility for Docker swarm networks. 
+
+### control-plane and datapath consistency check on a node
+ssd checks for the consistency between docker network control-plane (from the docker daemon in-memory state) and kernel data path programming. Currently the tool checks only for the consistency of the Load balancer (implemented using IPVS).
+
+In a three node swarm cluser ssd status for a overlay network `ov2` which has three services running, each replicated to 3 instances.
+
+````bash
+vagrant@net-1:~/code/go/src/github.com/docker/docker-e2e/tests$ docker run -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/docker/netns:/var/run/docker/netns --privileged --net=host sanimej/ssd ov2
+Verifying LB programming for containers on network ov2
+Verifying container /s2.3.ltrdwef0iqf90rqauw3ehcs56...
+service s2... OK
+service s3... OK
+service s1... OK
+Verifying container /s3.3.nyhwvdvnocb4wftyhb8dr4fj8...
+service s2... OK
+service s3... OK
+service s1... OK
+Verifying container /s1.3.wwx5tuxhnvoz5vrb8ohphby0r...
+service s2... OK
+service s3... OK
+service s1... OK
+Verifying LB programming for containers on network ingress
+Verifying container Ingress...
+service web... OK
+````
+
+ssd checks the required iptables programming to direct an incoming packet with the <host ip>:<published port> to the right <backend ip>:<target port>
+
+### control-plane consistency check across nodes in a cluster
+
+Docker networking uses a gossip protocol to synchronize networking state across nodes  in a cluster. ssd's `gossip-consistency` command verifies if the state maintained by all the nodes are consistent.
+
+````bash
+In a three node cluster with services running on an overlay network ov2 ssd consistency-checker shows 
+
+vagrant@net-1:~/code/go/src/github.com/docker/docker-e2e/tests$ docker run -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/docker/netns:/var/run/docker/netns --privileged sanimej/ssd ov2 gossip-consistency
+Node id: sjfp0ca8f43rvnab6v7f21gq0 gossip hash c57d89094dbb574a37930393278dc282
+
+Node id: bg228r3q9095grj4wxkqs80oe gossip hash c57d89094dbb574a37930393278dc282
+
+Node id: 6jylcraipcv2pxdricqe77j5q gossip hash c57d89094dbb574a37930393278dc282
+````
+
+This is hash digest of the control-plane state for the network `ov2` from all the cluster nodes. If the values have a mismatch `docker network inspect --verbose` on the individual nodes can help in identifying what the specific difference is.
diff --git a/libnetwork/cmd/ssd/ssd.py b/libnetwork/cmd/ssd/ssd.py
new file mode 100755
index 0000000000000..ad58536ff88d2
--- /dev/null
+++ b/libnetwork/cmd/ssd/ssd.py
@@ -0,0 +1,193 @@
+#!/usr/bin/python
+
+import sys, signal, time, os
+import docker
+import re
+import subprocess
+import json
+import hashlib
+
+ipv4match = re.compile(
+    r'(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9]).' +
+    r'(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9]).' +
+    r'(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9]).' +
+    r'(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])'
+)
+
+def which(name, defaultPath=""):
+    if defaultPath and os.path.exists(defaultPath):
+      return defaultPath
+    for path in os.getenv("PATH").split(os.path.pathsep):
+        fullPath = path + os.sep + name
+        if os.path.exists(fullPath):
+            return fullPath
+        
+def check_iptables(name, plist):
+    replace = (':', ',')
+    ports = []
+    for port in plist:
+        for r in replace:
+            port = port.replace(r, ' ')
+
+        p = port.split()
+        ports.append((p[1], p[3]))
+
+    # get the ingress sandbox's docker_gwbridge network IP.
+    # published ports get DNAT'ed to this IP.
+    ip = subprocess.check_output([ which("nsenter","/usr/bin/nsenter"), '--net=/var/run/docker/netns/ingress_sbox', which("bash", "/bin/bash"), '-c', 'ifconfig eth1 | grep \"inet\\ addr\" | cut -d: -f2 | cut -d\" \" -f1'])
+    ip = ip.rstrip()
+
+    for p in ports:
+        rule = which("iptables", "/sbin/iptables") + '-t nat -C DOCKER-INGRESS -p tcp --dport {0} -j DNAT --to {1}:{2}'.format(p[1], ip, p[1])
+        try:
+            subprocess.check_output([which("bash", "/bin/bash"), "-c", rule])
+        except subprocess.CalledProcessError as e:
+            print "Service {0}: host iptables DNAT rule for port {1} -> ingress sandbox {2}:{3} missing".format(name, p[1], ip, p[1])
+
+def get_namespaces(data, ingress=False):
+    if ingress is True:
+        return {"Ingress":"/var/run/docker/netns/ingress_sbox"}
+    else:
+        spaces =[]
+        for c in data["Containers"]:
+            sandboxes = {str(c) for c in data["Containers"]}
+
+        containers = {}
+        for s in sandboxes:
+            spaces.append(str(cli.inspect_container(s)["NetworkSettings"]["SandboxKey"]))
+            inspect = cli.inspect_container(s)
+            containers[str(inspect["Name"])] = str(inspect["NetworkSettings"]["SandboxKey"])
+        return containers
+
+
+def check_network(nw_name, ingress=False):
+
+    print "Verifying LB programming for containers on network %s" % nw_name
+
+    data = cli.inspect_network(nw_name, verbose=True)
+
+    if "Services" in data.keys():
+        services = data["Services"]
+    else:
+        print "Network %s has no services. Skipping check" % nw_name
+        return
+
+    fwmarks = {str(service): str(svalue["LocalLBIndex"]) for service, svalue in services.items()}
+
+    stasks = {}
+    for service, svalue in services.items():
+        if service == "":
+            continue
+        tasks = []
+        for task in svalue["Tasks"]:
+            tasks.append(str(task["EndpointIP"]))
+        stasks[fwmarks[str(service)]] = tasks
+
+        # for services in ingress network verify the iptables rules
+        # that direct ingress (published port) to backend (target port)
+        if ingress is True:
+            check_iptables(service, svalue["Ports"])
+
+    containers = get_namespaces(data, ingress)
+    for container, namespace in containers.items():
+        print "Verifying container %s..." % container
+        ipvs = subprocess.check_output([which("nsenter","/usr/bin/nsenter"), '--net=%s' % namespace, which("ipvsadm","/usr/sbin/ipvsadm"), '-ln'])
+
+        mark = ""
+        realmark = {}
+        for line in ipvs.splitlines():
+            if "FWM" in line:
+                mark = re.findall("[0-9]+", line)[0]
+                realmark[str(mark)] = []
+            elif "->" in line:
+                if mark == "":
+                    continue
+                ip = ipv4match.search(line)
+                if ip is not None:
+                    realmark[mark].append(format(ip.group(0)))
+            else:
+                mark = ""
+        for key in realmark.keys():
+            if key not in stasks:
+                print "LB Index %s" % key, "present in IPVS but missing in docker daemon"
+                del realmark[key]
+
+        for key in stasks.keys():
+            if key not in realmark:
+                print "LB Index %s" % key, "present in docker daemon but missing in IPVS"
+                del stasks[key]
+
+        for key in realmark:
+            service = "--Invalid--"
+            for sname, idx in fwmarks.items():
+                if key == idx:
+                    service = sname
+            if len(set(realmark[key])) != len(set(stasks[key])):
+                print "Incorrect LB Programming for service %s" % service
+                print "control-plane backend tasks:"
+                for task in stasks[key]:
+                    print task
+                print "kernel IPVS backend tasks:"
+                for task in realmark[key]:
+                    print task
+            else:
+                print "service %s... OK" % service
+
+if __name__ == '__main__':
+    if len(sys.argv) < 2:
+        print 'Usage: ssd.py network-name [gossip-consistency]'
+        sys.exit()
+
+    cli = docker.APIClient(base_url='unix://var/run/docker.sock', version='auto')
+    if len(sys.argv) == 3:
+        command = sys.argv[2]
+    else:
+        command = 'default'
+
+    if command == 'gossip-consistency':
+        cspec = docker.types.ContainerSpec(
+            image='docker/ssd',
+            args=[sys.argv[1], 'gossip-hash'],
+            mounts=[docker.types.Mount('/var/run/docker.sock', '/var/run/docker.sock', type='bind')]
+        )
+        mode = docker.types.ServiceMode(
+            mode='global'
+        )
+        task_template = docker.types.TaskTemplate(cspec)
+
+        cli.create_service(task_template, name='gossip-hash', mode=mode)
+        #TODO change to a deterministic way to check if the service is up.
+        time.sleep(5)
+        output = cli.service_logs('gossip-hash', stdout=True, stderr=True, details=True)
+        for line in output:
+            print("Node id: %s gossip hash %s" % (line[line.find("=")+1:line.find(",")], line[line.find(" ")+1:]))
+        if cli.remove_service('gossip-hash') is not True:
+            print("Deleting gossip-hash service failed")
+    elif command == 'gossip-hash':
+        data = cli.inspect_network(sys.argv[1], verbose=True)
+        services = data["Services"]
+        md5 = hashlib.md5()
+        entries = []
+        for service, value in services.items():
+            entries.append(service)
+            entries.append(value["VIP"])
+            for task in value["Tasks"]:
+                for key, val in task.items():
+                    if isinstance(val, dict):
+                        for k, v in val.items():
+                            entries.append(v)
+                    else:
+                        entries.append(val)
+        entries.sort()
+        for e in entries:
+            md5.update(e)
+        print(md5.hexdigest())
+        sys.stdout.flush()
+        while True:
+           signal.pause()
+    elif command == 'default':
+        if sys.argv[1] == "ingress":
+            check_network("ingress", ingress=True)
+        else:
+            check_network(sys.argv[1])
+            check_network("ingress", ingress=True)
diff --git a/libnetwork/config/config.go b/libnetwork/config/config.go
new file mode 100644
index 0000000000000..c5efbd2bcf9ab
--- /dev/null
+++ b/libnetwork/config/config.go
@@ -0,0 +1,332 @@
+package config
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/libnetwork/cluster"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/ipamutils"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/portallocator"
+	"github.com/docker/docker/pkg/discovery"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/docker/libkv/store"
+	"github.com/pelletier/go-toml"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	warningThNetworkControlPlaneMTU = 1500
+	minimumNetworkControlPlaneMTU   = 500
+)
+
+// Config encapsulates configurations of various Libnetwork components
+type Config struct {
+	Daemon          DaemonCfg
+	Cluster         ClusterCfg
+	Scopes          map[string]*datastore.ScopeCfg
+	ActiveSandboxes map[string]interface{}
+	PluginGetter    plugingetter.PluginGetter
+}
+
+// DaemonCfg represents libnetwork core configuration
+type DaemonCfg struct {
+	Debug                  bool
+	Experimental           bool
+	DataDir                string
+	ExecRoot               string
+	DefaultNetwork         string
+	DefaultDriver          string
+	Labels                 []string
+	DriverCfg              map[string]interface{}
+	ClusterProvider        cluster.Provider
+	NetworkControlPlaneMTU int
+	DefaultAddressPool     []*ipamutils.NetworkToSplit
+}
+
+// ClusterCfg represents cluster configuration
+type ClusterCfg struct {
+	Watcher   discovery.Watcher
+	Address   string
+	Discovery string
+	Heartbeat uint64
+}
+
+// LoadDefaultScopes loads default scope configs for scopes which
+// doesn't have explicit user specified configs.
+func (c *Config) LoadDefaultScopes(dataDir string) {
+	for k, v := range datastore.DefaultScopes(dataDir) {
+		if _, ok := c.Scopes[k]; !ok {
+			c.Scopes[k] = v
+		}
+	}
+}
+
+// ParseConfig parses the libnetwork configuration file
+func ParseConfig(tomlCfgFile string) (*Config, error) {
+	cfg := &Config{
+		Scopes: map[string]*datastore.ScopeCfg{},
+	}
+	data, err := os.ReadFile(tomlCfgFile)
+	if err != nil {
+		return nil, err
+	}
+	if err := toml.Unmarshal(data, cfg); err != nil {
+		return nil, err
+	}
+
+	cfg.LoadDefaultScopes(cfg.Daemon.DataDir)
+	return cfg, nil
+}
+
+// ParseConfigOptions parses the configuration options and returns
+// a reference to the corresponding Config structure
+func ParseConfigOptions(cfgOptions ...Option) *Config {
+	cfg := &Config{
+		Daemon: DaemonCfg{
+			DriverCfg: make(map[string]interface{}),
+		},
+		Scopes: make(map[string]*datastore.ScopeCfg),
+	}
+
+	cfg.ProcessOptions(cfgOptions...)
+	cfg.LoadDefaultScopes(cfg.Daemon.DataDir)
+
+	return cfg
+}
+
+// Option is an option setter function type used to pass various configurations
+// to the controller
+type Option func(c *Config)
+
+// OptionDefaultNetwork function returns an option setter for a default network
+func OptionDefaultNetwork(dn string) Option {
+	return func(c *Config) {
+		logrus.Debugf("Option DefaultNetwork: %s", dn)
+		c.Daemon.DefaultNetwork = strings.TrimSpace(dn)
+	}
+}
+
+// OptionDefaultDriver function returns an option setter for default driver
+func OptionDefaultDriver(dd string) Option {
+	return func(c *Config) {
+		logrus.Debugf("Option DefaultDriver: %s", dd)
+		c.Daemon.DefaultDriver = strings.TrimSpace(dd)
+	}
+}
+
+// OptionDefaultAddressPoolConfig function returns an option setter for default address pool
+func OptionDefaultAddressPoolConfig(addressPool []*ipamutils.NetworkToSplit) Option {
+	return func(c *Config) {
+		c.Daemon.DefaultAddressPool = addressPool
+	}
+}
+
+// OptionDriverConfig returns an option setter for driver configuration.
+func OptionDriverConfig(networkType string, config map[string]interface{}) Option {
+	return func(c *Config) {
+		c.Daemon.DriverCfg[networkType] = config
+	}
+}
+
+// OptionLabels function returns an option setter for labels
+func OptionLabels(labels []string) Option {
+	return func(c *Config) {
+		for _, label := range labels {
+			if strings.HasPrefix(label, netlabel.Prefix) {
+				c.Daemon.Labels = append(c.Daemon.Labels, label)
+			}
+		}
+	}
+}
+
+// OptionKVProvider function returns an option setter for kvstore provider
+func OptionKVProvider(provider string) Option {
+	return func(c *Config) {
+		logrus.Debugf("Option OptionKVProvider: %s", provider)
+		if _, ok := c.Scopes[datastore.GlobalScope]; !ok {
+			c.Scopes[datastore.GlobalScope] = &datastore.ScopeCfg{}
+		}
+		c.Scopes[datastore.GlobalScope].Client.Provider = strings.TrimSpace(provider)
+	}
+}
+
+// OptionKVProviderURL function returns an option setter for kvstore url
+func OptionKVProviderURL(url string) Option {
+	return func(c *Config) {
+		logrus.Debugf("Option OptionKVProviderURL: %s", url)
+		if _, ok := c.Scopes[datastore.GlobalScope]; !ok {
+			c.Scopes[datastore.GlobalScope] = &datastore.ScopeCfg{}
+		}
+		c.Scopes[datastore.GlobalScope].Client.Address = strings.TrimSpace(url)
+	}
+}
+
+// OptionKVOpts function returns an option setter for kvstore options
+func OptionKVOpts(opts map[string]string) Option {
+	return func(c *Config) {
+		if opts["kv.cacertfile"] != "" && opts["kv.certfile"] != "" && opts["kv.keyfile"] != "" {
+			logrus.Info("Option Initializing KV with TLS")
+			tlsConfig, err := tlsconfig.Client(tlsconfig.Options{
+				CAFile:   opts["kv.cacertfile"],
+				CertFile: opts["kv.certfile"],
+				KeyFile:  opts["kv.keyfile"],
+			})
+			if err != nil {
+				logrus.Errorf("Unable to set up TLS: %s", err)
+				return
+			}
+			if _, ok := c.Scopes[datastore.GlobalScope]; !ok {
+				c.Scopes[datastore.GlobalScope] = &datastore.ScopeCfg{}
+			}
+			if c.Scopes[datastore.GlobalScope].Client.Config == nil {
+				c.Scopes[datastore.GlobalScope].Client.Config = &store.Config{TLS: tlsConfig}
+			} else {
+				c.Scopes[datastore.GlobalScope].Client.Config.TLS = tlsConfig
+			}
+			// Workaround libkv/etcd bug for https
+			c.Scopes[datastore.GlobalScope].Client.Config.ClientTLS = &store.ClientTLSConfig{
+				CACertFile: opts["kv.cacertfile"],
+				CertFile:   opts["kv.certfile"],
+				KeyFile:    opts["kv.keyfile"],
+			}
+		} else {
+			logrus.Info("Option Initializing KV without TLS")
+		}
+	}
+}
+
+// OptionDiscoveryWatcher function returns an option setter for discovery watcher
+func OptionDiscoveryWatcher(watcher discovery.Watcher) Option {
+	return func(c *Config) {
+		c.Cluster.Watcher = watcher
+	}
+}
+
+// OptionDiscoveryAddress function returns an option setter for self discovery address
+func OptionDiscoveryAddress(address string) Option {
+	return func(c *Config) {
+		c.Cluster.Address = address
+	}
+}
+
+// OptionDataDir function returns an option setter for data folder
+func OptionDataDir(dataDir string) Option {
+	return func(c *Config) {
+		c.Daemon.DataDir = dataDir
+	}
+}
+
+// OptionExecRoot function returns an option setter for exec root folder
+func OptionExecRoot(execRoot string) Option {
+	return func(c *Config) {
+		c.Daemon.ExecRoot = execRoot
+		osl.SetBasePath(execRoot)
+	}
+}
+
+// OptionPluginGetter returns a plugingetter for remote drivers.
+func OptionPluginGetter(pg plugingetter.PluginGetter) Option {
+	return func(c *Config) {
+		c.PluginGetter = pg
+	}
+}
+
+// OptionExperimental function returns an option setter for experimental daemon
+func OptionExperimental(exp bool) Option {
+	return func(c *Config) {
+		logrus.Debugf("Option Experimental: %v", exp)
+		c.Daemon.Experimental = exp
+	}
+}
+
+// OptionDynamicPortRange function returns an option setter for service port allocation range
+func OptionDynamicPortRange(in string) Option {
+	return func(c *Config) {
+		start, end := 0, 0
+		if len(in) > 0 {
+			n, err := fmt.Sscanf(in, "%d-%d", &start, &end)
+			if n != 2 || err != nil {
+				logrus.Errorf("Failed to parse range string with err %v", err)
+				return
+			}
+		}
+		if err := portallocator.Get().SetPortRange(start, end); err != nil {
+			logrus.Errorf("Failed to set port range with err %v", err)
+		}
+	}
+}
+
+// OptionNetworkControlPlaneMTU function returns an option setter for control plane MTU
+func OptionNetworkControlPlaneMTU(exp int) Option {
+	return func(c *Config) {
+		logrus.Debugf("Network Control Plane MTU: %d", exp)
+		if exp < warningThNetworkControlPlaneMTU {
+			logrus.Warnf("Received a MTU of %d, this value is very low, the network control plane can misbehave,"+
+				" defaulting to minimum value (%d)", exp, minimumNetworkControlPlaneMTU)
+			if exp < minimumNetworkControlPlaneMTU {
+				exp = minimumNetworkControlPlaneMTU
+			}
+		}
+		c.Daemon.NetworkControlPlaneMTU = exp
+	}
+}
+
+// ProcessOptions processes options and stores it in config
+func (c *Config) ProcessOptions(options ...Option) {
+	for _, opt := range options {
+		if opt != nil {
+			opt(c)
+		}
+	}
+}
+
+// IsValidName validates configuration objects supported by libnetwork
+func IsValidName(name string) bool {
+	return strings.TrimSpace(name) != ""
+}
+
+// OptionLocalKVProvider function returns an option setter for kvstore provider
+func OptionLocalKVProvider(provider string) Option {
+	return func(c *Config) {
+		logrus.Debugf("Option OptionLocalKVProvider: %s", provider)
+		if _, ok := c.Scopes[datastore.LocalScope]; !ok {
+			c.Scopes[datastore.LocalScope] = &datastore.ScopeCfg{}
+		}
+		c.Scopes[datastore.LocalScope].Client.Provider = strings.TrimSpace(provider)
+	}
+}
+
+// OptionLocalKVProviderURL function returns an option setter for kvstore url
+func OptionLocalKVProviderURL(url string) Option {
+	return func(c *Config) {
+		logrus.Debugf("Option OptionLocalKVProviderURL: %s", url)
+		if _, ok := c.Scopes[datastore.LocalScope]; !ok {
+			c.Scopes[datastore.LocalScope] = &datastore.ScopeCfg{}
+		}
+		c.Scopes[datastore.LocalScope].Client.Address = strings.TrimSpace(url)
+	}
+}
+
+// OptionLocalKVProviderConfig function returns an option setter for kvstore config
+func OptionLocalKVProviderConfig(config *store.Config) Option {
+	return func(c *Config) {
+		logrus.Debugf("Option OptionLocalKVProviderConfig: %v", config)
+		if _, ok := c.Scopes[datastore.LocalScope]; !ok {
+			c.Scopes[datastore.LocalScope] = &datastore.ScopeCfg{}
+		}
+		c.Scopes[datastore.LocalScope].Client.Config = config
+	}
+}
+
+// OptionActiveSandboxes function returns an option setter for passing the sandboxes
+// which were active during previous daemon life
+func OptionActiveSandboxes(sandboxes map[string]interface{}) Option {
+	return func(c *Config) {
+		c.ActiveSandboxes = sandboxes
+	}
+}
diff --git a/libnetwork/config/config_test.go b/libnetwork/config/config_test.go
new file mode 100644
index 0000000000000..93e3e99c5f6ad
--- /dev/null
+++ b/libnetwork/config/config_test.go
@@ -0,0 +1,143 @@
+package config
+
+import (
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/netlabel"
+)
+
+func TestInvalidConfig(t *testing.T) {
+	_, err := ParseConfig("invalid.toml")
+	if err == nil {
+		t.Fatal("Invalid Configuration file must fail")
+	}
+}
+
+func TestConfig(t *testing.T) {
+	_, err := ParseConfig("libnetwork.toml")
+	if err != nil {
+		t.Fatal("Error parsing a valid configuration file :", err)
+	}
+}
+
+func TestOptionsLabels(t *testing.T) {
+	c := &Config{}
+	l := []string{
+		"com.docker.network.key1=value1",
+		"com.docker.storage.key1=value1",
+		"com.docker.network.driver.key1=value1",
+		"com.docker.network.driver.key2=value2",
+	}
+	f := OptionLabels(l)
+	f(c)
+	if len(c.Daemon.Labels) != 3 {
+		t.Fatalf("Expecting 3 labels, seen %d", len(c.Daemon.Labels))
+	}
+	for _, l := range c.Daemon.Labels {
+		if !strings.HasPrefix(l, netlabel.Prefix) {
+			t.Fatalf("config must accept only libnetwork labels. Not : %s", l)
+		}
+	}
+}
+
+func TestValidName(t *testing.T) {
+	if !IsValidName("test") {
+		t.Fatal("Name validation fails for a name that must be accepted")
+	}
+	if IsValidName("") {
+		t.Fatal("Name validation succeeds for a case when it is expected to fail")
+	}
+	if IsValidName("   ") {
+		t.Fatal("Name validation succeeds for a case when it is expected to fail")
+	}
+}
+
+func TestTLSConfiguration(t *testing.T) {
+	cert := `-----BEGIN CERTIFICATE-----
+MIIDCDCCAfKgAwIBAgIICifG7YeiQOEwCwYJKoZIhvcNAQELMBIxEDAOBgNVBAMT
+B1Rlc3QgQ0EwHhcNMTUxMDAxMjMwMDAwWhcNMjAwOTI5MjMwMDAwWjASMRAwDgYD
+VQQDEwdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wRC
+O+flnLTK5ImjTurNRHwSejuqGbc4CAvpB0hS+z0QlSs4+zE9h80aC4hz+6caRpds
++J908Q+RvAittMHbpc7VjbZP72G6fiXk7yPPl6C10HhRSoSi3nY+B7F2E8cuz14q
+V2e+ejhWhSrBb/keyXpcyjoW1BOAAJ2TIclRRkICSCZrpXUyXxAvzXfpFXo1RhSb
+UywN11pfiCQzDUN7sPww9UzFHuAHZHoyfTr27XnJYVUerVYrCPq8vqfn//01qz55
+Xs0hvzGdlTFXhuabFtQnKFH5SNwo/fcznhB7rePOwHojxOpXTBepUCIJLbtNnWFT
+V44t9gh5IqIWtoBReQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAAYwEgYDVR0TAQH/
+BAgwBgEB/wIBAjAdBgNVHQ4EFgQUZKUI8IIjIww7X/6hvwggQK4bD24wHwYDVR0j
+BBgwFoAUZKUI8IIjIww7X/6hvwggQK4bD24wCwYJKoZIhvcNAQELA4IBAQDES2cz
+7sCQfDCxCIWH7X8kpi/JWExzUyQEJ0rBzN1m3/x8ySRxtXyGekimBqQwQdFqlwMI
+xzAQKkh3ue8tNSzRbwqMSyH14N1KrSxYS9e9szJHfUasoTpQGPmDmGIoRJuq1h6M
+ej5x1SCJ7GWCR6xEXKUIE9OftXm9TdFzWa7Ja3OHz/mXteii8VXDuZ5ACq6EE5bY
+8sP4gcICfJ5fTrpTlk9FIqEWWQrCGa5wk95PGEj+GJpNogjXQ97wVoo/Y3p1brEn
+t5zjN9PAq4H1fuCMdNNA+p1DHNwd+ELTxcMAnb2ajwHvV6lKPXutrTFc4umJToBX
+FpTxDmJHEV4bzUzh
+-----END CERTIFICATE-----
+`
+	key := `-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA1wRCO+flnLTK5ImjTurNRHwSejuqGbc4CAvpB0hS+z0QlSs4
++zE9h80aC4hz+6caRpds+J908Q+RvAittMHbpc7VjbZP72G6fiXk7yPPl6C10HhR
+SoSi3nY+B7F2E8cuz14qV2e+ejhWhSrBb/keyXpcyjoW1BOAAJ2TIclRRkICSCZr
+pXUyXxAvzXfpFXo1RhSbUywN11pfiCQzDUN7sPww9UzFHuAHZHoyfTr27XnJYVUe
+rVYrCPq8vqfn//01qz55Xs0hvzGdlTFXhuabFtQnKFH5SNwo/fcznhB7rePOwHoj
+xOpXTBepUCIJLbtNnWFTV44t9gh5IqIWtoBReQIDAQABAoIBAHSWipORGp/uKFXj
+i/mut776x8ofsAxhnLBARQr93ID+i49W8H7EJGkOfaDjTICYC1dbpGrri61qk8sx
+qX7p3v/5NzKwOIfEpirgwVIqSNYe/ncbxnhxkx6tXtUtFKmEx40JskvSpSYAhmmO
+1XSx0E/PWaEN/nLgX/f1eWJIlxlQkk3QeqL+FGbCXI48DEtlJ9+MzMu4pAwZTpj5
+5qtXo5JJ0jRGfJVPAOznRsYqv864AhMdMIWguzk6EGnbaCWwPcfcn+h9a5LMdony
+MDHfBS7bb5tkF3+AfnVY3IBMVx7YlsD9eAyajlgiKu4zLbwTRHjXgShy+4Oussz0
+ugNGnkECgYEA/hi+McrZC8C4gg6XqK8+9joD8tnyDZDz88BQB7CZqABUSwvjDqlP
+L8hcwo/lzvjBNYGkqaFPUICGWKjeCtd8pPS2DCVXxDQX4aHF1vUur0uYNncJiV3N
+XQz4Iemsa6wnKf6M67b5vMXICw7dw0HZCdIHD1hnhdtDz0uVpeevLZ8CgYEA2KCT
+Y43lorjrbCgMqtlefkr3GJA9dey+hTzCiWEOOqn9RqGoEGUday0sKhiLofOgmN2B
+LEukpKIey8s+Q/cb6lReajDVPDsMweX8i7hz3Wa4Ugp4Xa5BpHqu8qIAE2JUZ7bU
+t88aQAYE58pUF+/Lq1QzAQdrjjzQBx6SrBxieecCgYEAvukoPZEC8mmiN1VvbTX+
+QFHmlZha3QaDxChB+QUe7bMRojEUL/fVnzkTOLuVFqSfxevaI/km9n0ac5KtAchV
+xjp2bTnBb5EUQFqjopYktWA+xO07JRJtMfSEmjZPbbay1kKC7rdTfBm961EIHaRj
+xZUf6M+rOE8964oGrdgdLlECgYEA046GQmx6fh7/82FtdZDRQp9tj3SWQUtSiQZc
+qhO59Lq8mjUXz+MgBuJXxkiwXRpzlbaFB0Bca1fUoYw8o915SrDYf/Zu2OKGQ/qa
+V81sgiVmDuEgycR7YOlbX6OsVUHrUlpwhY3hgfMe6UtkMvhBvHF/WhroBEIJm1pV
+PXZ/CbMCgYEApNWVktFBjOaYfY6SNn4iSts1jgsQbbpglg3kT7PLKjCAhI6lNsbk
+dyT7ut01PL6RaW4SeQWtrJIVQaM6vF3pprMKqlc5XihOGAmVqH7rQx9rtQB5TicL
+BFrwkQE4HQtQBV60hYQUzzlSk44VFDz+jxIEtacRHaomDRh2FtOTz+I=
+-----END RSA PRIVATE KEY-----
+`
+	certFile, err := os.CreateTemp("", "cert")
+	if err != nil {
+		t.Fatalf("Failed to setup temp file: %s", err)
+	}
+	defer os.Remove(certFile.Name())
+	certFile.Write([]byte(cert))
+	certFile.Close()
+	keyFile, err := os.CreateTemp("", "key")
+	if err != nil {
+		t.Fatalf("Failed to setup temp file: %s", err)
+	}
+	defer os.Remove(keyFile.Name())
+	keyFile.Write([]byte(key))
+	keyFile.Close()
+
+	c := &Config{Scopes: map[string]*datastore.ScopeCfg{}}
+	l := map[string]string{
+		"kv.cacertfile": certFile.Name(),
+		"kv.certfile":   certFile.Name(),
+		"kv.keyfile":    keyFile.Name(),
+	}
+	f := OptionKVOpts(l)
+	f(c)
+	if _, ok := c.Scopes[datastore.GlobalScope]; !ok {
+		t.Fatal("GlobalScope not established")
+	}
+
+	if c.Scopes[datastore.GlobalScope].Client.Config.TLS == nil {
+		t.Fatal("TLS is nil")
+	}
+	if c.Scopes[datastore.GlobalScope].Client.Config.TLS.RootCAs == nil {
+		t.Fatal("TLS.RootCAs is nil")
+	}
+	if len(c.Scopes[datastore.GlobalScope].Client.Config.TLS.Certificates) != 1 {
+		t.Fatal("TLS.Certificates is not length 1")
+	}
+}
diff --git a/libnetwork/config/libnetwork.toml b/libnetwork/config/libnetwork.toml
new file mode 100644
index 0000000000000..93a2ff4756fcb
--- /dev/null
+++ b/libnetwork/config/libnetwork.toml
@@ -0,0 +1,12 @@
+title = "LibNetwork Configuration file"
+
+[daemon]
+  debug = false
+[cluster]
+  discovery = "token://swarm-discovery-token"
+  Address = "Cluster-wide reachable Host IP"
+[datastore]
+  embedded = false
+[datastore.client]
+  provider = "consul"
+  Address = "localhost:8500"
diff --git a/vendor/github.com/docker/libnetwork/controller.go b/libnetwork/controller.go
similarity index 92%
rename from vendor/github.com/docker/libnetwork/controller.go
rename to libnetwork/controller.go
index 2896011dbf297..b5d8f6375fcef 100644
--- a/vendor/github.com/docker/libnetwork/controller.go
+++ b/libnetwork/controller.go
@@ -52,23 +52,24 @@ import (
 	"sync"
 	"time"
 
+	"github.com/docker/docker/libnetwork/cluster"
+	"github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/diagnostic"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/drvregistry"
+	"github.com/docker/docker/libnetwork/hostdiscovery"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/discovery"
-	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/libnetwork/cluster"
-	"github.com/docker/libnetwork/config"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/diagnostic"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/drvregistry"
-	"github.com/docker/libnetwork/hostdiscovery"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
+	"github.com/moby/locker"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -155,28 +156,27 @@ type SandboxWalker func(sb Sandbox) bool
 type sandboxTable map[string]*sandbox
 
 type controller struct {
-	id                     string
-	drvRegistry            *drvregistry.DrvRegistry
-	sandboxes              sandboxTable
-	cfg                    *config.Config
-	stores                 []datastore.DataStore
-	discovery              hostdiscovery.HostDiscovery
-	extKeyListener         net.Listener
-	watchCh                chan *endpoint
-	unWatchCh              chan *endpoint
-	svcRecords             map[string]svcInfo
-	nmap                   map[string]*netWatch
-	serviceBindings        map[serviceKey]*service
-	defOsSbox              osl.Sandbox
-	ingressSandbox         *sandbox
-	sboxOnce               sync.Once
-	agent                  *agent
-	networkLocker          *locker.Locker
-	agentInitDone          chan struct{}
-	agentStopDone          chan struct{}
-	keys                   []*types.EncryptionKey
-	clusterConfigAvailable bool
-	DiagnosticServer       *diagnostic.Server
+	id               string
+	drvRegistry      *drvregistry.DrvRegistry
+	sandboxes        sandboxTable
+	cfg              *config.Config
+	stores           []datastore.DataStore
+	discovery        hostdiscovery.HostDiscovery
+	extKeyListener   net.Listener
+	watchCh          chan *endpoint
+	unWatchCh        chan *endpoint
+	svcRecords       map[string]svcInfo
+	nmap             map[string]*netWatch
+	serviceBindings  map[serviceKey]*service
+	defOsSbox        osl.Sandbox
+	ingressSandbox   *sandbox
+	sboxOnce         sync.Once
+	agent            *agent
+	networkLocker    *locker.Locker
+	agentInitDone    chan struct{}
+	agentStopDone    chan struct{}
+	keys             []*types.EncryptionKey
+	DiagnosticServer *diagnostic.Server
 	sync.Mutex
 }
 
@@ -252,6 +252,7 @@ func New(cfgOptions ...config.Option) (NetworkController, error) {
 		return nil, err
 	}
 
+	setupArrangeUserFilterRule(c)
 	return c, nil
 }
 
@@ -276,10 +277,6 @@ func (c *controller) SetClusterProvider(provider cluster.Provider) {
 	go c.clusterAgentInit()
 }
 
-func isValidClusteringIP(addr string) bool {
-	return addr != "" && !net.ParseIP(addr).IsLoopback() && !net.ParseIP(addr).IsUnspecified()
-}
-
 // libnetwork side of agent depends on the keys. On the first receipt of
 // keys setup the agent. For subsequent key set handle the key change
 func (c *controller) SetKeys(keys []*types.EncryptionKey) error {
@@ -339,7 +336,6 @@ func (c *controller) clusterAgentInit() {
 				}
 			}
 		case cluster.EventNodeLeave:
-			keysAvailable = false
 			c.agentOperationStart()
 			c.Lock()
 			c.keys = nil
@@ -558,13 +554,6 @@ func (c *controller) BuiltinIPAMDrivers() []string {
 	return drivers
 }
 
-func (c *controller) validateHostDiscoveryConfig() bool {
-	if c.cfg == nil || c.cfg.Cluster.Discovery == "" || c.cfg.Cluster.Address == "" {
-		return false
-	}
-	return true
-}
-
 func (c *controller) clusterHostID() string {
 	c.Lock()
 	defer c.Unlock()
@@ -575,21 +564,6 @@ func (c *controller) clusterHostID() string {
 	return addr[0]
 }
 
-func (c *controller) isNodeAlive(node string) bool {
-	if c.discovery == nil {
-		return false
-	}
-
-	nodes := c.discovery.Fetch()
-	for _, n := range nodes {
-		if n.String() == node {
-			return true
-		}
-	}
-
-	return false
-}
-
 func (c *controller) initDiscovery(watcher discovery.Watcher) error {
 	if c.cfg == nil {
 		return fmt.Errorf("discovery initialization requires a valid configuration")
@@ -706,11 +680,18 @@ const overlayDSROptionString = "dsr"
 // NewNetwork creates a new network of the specified network type. The options
 // are network specific and modeled in a generic way.
 func (c *controller) NewNetwork(networkType, name string, id string, options ...NetworkOption) (Network, error) {
+	var (
+		cap            *driverapi.Capability
+		err            error
+		t              *network
+		skipCfgEpCount bool
+	)
+
 	if id != "" {
 		c.networkLocker.Lock(id)
-		defer c.networkLocker.Unlock(id)
+		defer c.networkLocker.Unlock(id) // nolint:errcheck
 
-		if _, err := c.NetworkByID(id); err == nil {
+		if _, err = c.NetworkByID(id); err == nil {
 			return nil, NetworkNameError(id)
 		}
 	}
@@ -739,15 +720,10 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ...
 	}
 
 	network.processOptions(options...)
-	if err := network.validateConfiguration(); err != nil {
+	if err = network.validateConfiguration(); err != nil {
 		return nil, err
 	}
 
-	var (
-		cap *driverapi.Capability
-		err error
-	)
-
 	// Reset network types, force local scope and skip allocation and
 	// plumbing for configuration networks. Reset of the config-only
 	// network drivers is needed so that this special network is not
@@ -794,15 +770,16 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ...
 	// From this point on, we need the network specific configuration,
 	// which may come from a configuration-only network
 	if network.configFrom != "" {
-		t, err := c.getConfigNetwork(network.configFrom)
+		t, err = c.getConfigNetwork(network.configFrom)
 		if err != nil {
 			return nil, types.NotFoundErrorf("configuration network %q does not exist", network.configFrom)
 		}
-		if err := t.applyConfigurationTo(network); err != nil {
+		if err = t.applyConfigurationTo(network); err != nil {
 			return nil, types.InternalErrorf("Failed to apply configuration: %v", err)
 		}
+		network.generic[netlabel.Internal] = network.internal
 		defer func() {
-			if err == nil {
+			if err == nil && !skipCfgEpCount {
 				if err := t.getEpCnt().IncEndpointCnt(); err != nil {
 					logrus.Warnf("Failed to update reference count for configuration network %q on creation of network %q: %v",
 						t.Name(), network.Name(), err)
@@ -823,7 +800,13 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ...
 
 	err = c.addNetwork(network)
 	if err != nil {
-		return nil, err
+		if _, ok := err.(types.MaskableError); ok { // nolint:gosimple
+			// This error can be ignored and set this boolean
+			// value to skip a refcount increment for configOnly networks
+			skipCfgEpCount = true
+		} else {
+			return nil, err
+		}
 	}
 	defer func() {
 		if err != nil {
@@ -901,8 +884,7 @@ addToStore:
 		arrangeIngressFilterRule()
 		c.Unlock()
 	}
-
-	c.arrangeUserFilterRule()
+	arrangeUserFilterRule()
 
 	return network, nil
 }
@@ -971,6 +953,10 @@ func (c *controller) reservePools() {
 			continue
 		}
 		for _, ep := range epl {
+			if ep.Iface() == nil {
+				logrus.Warnf("endpoint interface is empty for %q (%s)", ep.Name(), ep.ID())
+				continue
+			}
 			if err := ep.assignAddress(ipam, true, ep.Iface().AddressIPv6() != nil); err != nil {
 				logrus.Warnf("Failed to reserve current address for endpoint %q (%s) on network %q (%s)",
 					ep.Name(), ep.ID(), n.Name(), n.ID())
@@ -1007,12 +993,7 @@ func (c *controller) addNetwork(n *network) error {
 func (c *controller) Networks() []Network {
 	var list []Network
 
-	networks, err := c.getNetworksFromStore()
-	if err != nil {
-		logrus.Error(err)
-	}
-
-	for _, n := range networks {
+	for _, n := range c.getNetworksFromStore() {
 		if n.inDelete {
 			continue
 		}
@@ -1298,7 +1279,7 @@ func (c *controller) loadIPAMDriver(name string) error {
 	}
 
 	if err != nil {
-		if err == plugins.ErrNotFound {
+		if errors.Cause(err) == plugins.ErrNotFound {
 			return types.NotFoundErrorf(err.Error())
 		}
 		return err
@@ -1355,3 +1336,27 @@ func (c *controller) IsDiagnosticEnabled() bool {
 	defer c.Unlock()
 	return c.DiagnosticServer.IsDiagnosticEnabled()
 }
+
+func (c *controller) iptablesEnabled() bool {
+	c.Lock()
+	defer c.Unlock()
+
+	if c.cfg == nil {
+		return false
+	}
+	// parse map cfg["bridge"]["generic"]["EnableIPTable"]
+	cfgBridge, ok := c.cfg.Daemon.DriverCfg["bridge"].(map[string]interface{})
+	if !ok {
+		return false
+	}
+	cfgGeneric, ok := cfgBridge[netlabel.GenericData].(options.Generic)
+	if !ok {
+		return false
+	}
+	enabled, ok := cfgGeneric["EnableIPTables"].(bool)
+	if !ok {
+		// unless user explicitly stated, assume iptable is enabled
+		enabled = true
+	}
+	return enabled
+}
diff --git a/vendor/github.com/docker/libnetwork/datastore/cache.go b/libnetwork/datastore/cache.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/datastore/cache.go
rename to libnetwork/datastore/cache.go
diff --git a/vendor/github.com/docker/libnetwork/datastore/datastore.go b/libnetwork/datastore/datastore.go
similarity index 99%
rename from vendor/github.com/docker/libnetwork/datastore/datastore.go
rename to libnetwork/datastore/datastore.go
index e35dc43b2e59c..4e176724d0b0c 100644
--- a/vendor/github.com/docker/libnetwork/datastore/datastore.go
+++ b/libnetwork/datastore/datastore.go
@@ -8,10 +8,10 @@ import (
 	"sync"
 	"time"
 
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/libkv"
 	"github.com/docker/libkv/store"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/types"
 )
 
 //DataStore exported
diff --git a/libnetwork/datastore/datastore_test.go b/libnetwork/datastore/datastore_test.go
new file mode 100644
index 0000000000000..534940a12a704
--- /dev/null
+++ b/libnetwork/datastore/datastore_test.go
@@ -0,0 +1,256 @@
+package datastore
+
+import (
+	"encoding/json"
+	"reflect"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/options"
+	"gotest.tools/v3/assert"
+)
+
+var dummyKey = "dummy"
+
+// NewCustomDataStore can be used by other Tests in order to use custom datastore
+func NewTestDataStore() DataStore {
+	return &datastore{scope: LocalScope, store: NewMockStore()}
+}
+
+func TestKey(t *testing.T) {
+	eKey := []string{"hello", "world"}
+	sKey := Key(eKey...)
+	if sKey != "docker/network/v1.0/hello/world/" {
+		t.Fatalf("unexpected key : %s", sKey)
+	}
+}
+
+func TestParseKey(t *testing.T) {
+	keySlice, err := ParseKey("/docker/network/v1.0/hello/world/")
+	if err != nil {
+		t.Fatal(err)
+	}
+	eKey := []string{"hello", "world"}
+	if len(keySlice) < 2 || !reflect.DeepEqual(eKey, keySlice) {
+		t.Fatalf("unexpected unkey : %s", keySlice)
+	}
+}
+
+func TestInvalidDataStore(t *testing.T) {
+	config := &ScopeCfg{}
+	config.Client.Provider = "invalid"
+	config.Client.Address = "localhost:8500"
+	_, err := NewDataStore(GlobalScope, config)
+	if err == nil {
+		t.Fatal("Invalid Datastore connection configuration must result in a failure")
+	}
+}
+
+func TestKVObjectFlatKey(t *testing.T) {
+	store := NewTestDataStore()
+	expected := dummyKVObject("1000", true)
+	err := store.PutObject(expected)
+	if err != nil {
+		t.Fatal(err)
+	}
+	keychain := []string{dummyKey, "1000"}
+	data, err := store.KVStore().Get(Key(keychain...))
+	if err != nil {
+		t.Fatal(err)
+	}
+	var n dummyObject
+	json.Unmarshal(data.Value, &n)
+	if n.Name != expected.Name {
+		t.Fatal("Dummy object doesn't match the expected object")
+	}
+}
+
+func TestAtomicKVObjectFlatKey(t *testing.T) {
+	store := NewTestDataStore()
+	expected := dummyKVObject("1111", true)
+	assert.Check(t, !expected.Exists())
+	err := store.PutObjectAtomic(expected)
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Check(t, expected.Exists())
+
+	// PutObjectAtomic automatically sets the Index again. Hence the following must pass.
+
+	err = store.PutObjectAtomic(expected)
+	if err != nil {
+		t.Fatal("Atomic update should succeed.")
+	}
+
+	// Get the latest index and try PutObjectAtomic again for the same Key
+	// This must succeed as well
+	data, err := store.KVStore().Get(Key(expected.Key()...))
+	if err != nil {
+		t.Fatal(err)
+	}
+	n := dummyObject{}
+	json.Unmarshal(data.Value, &n)
+	n.ID = "1111"
+	n.SetIndex(data.LastIndex)
+	n.ReturnValue = true
+	err = store.PutObjectAtomic(&n)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Get the Object using GetObject, then set again.
+	newObj := dummyObject{}
+	err = store.GetObject(Key(expected.Key()...), &newObj)
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Check(t, newObj.Exists())
+	err = store.PutObjectAtomic(&n)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+}
+
+// dummy data used to test the datastore
+type dummyObject struct {
+	Name        string                `kv:"leaf"`
+	NetworkType string                `kv:"leaf"`
+	EnableIPv6  bool                  `kv:"leaf"`
+	Rec         *recStruct            `kv:"recursive"`
+	Dict        map[string]*recStruct `kv:"iterative"`
+	Generic     options.Generic       `kv:"iterative"`
+	ID          string
+	DBIndex     uint64
+	DBExists    bool
+	SkipSave    bool
+	ReturnValue bool
+}
+
+func (n *dummyObject) Key() []string {
+	return []string{dummyKey, n.ID}
+}
+
+func (n *dummyObject) KeyPrefix() []string {
+	return []string{dummyKey}
+}
+
+func (n *dummyObject) Value() []byte {
+	if !n.ReturnValue {
+		return nil
+	}
+
+	b, err := json.Marshal(n)
+	if err != nil {
+		return nil
+	}
+	return b
+}
+
+func (n *dummyObject) SetValue(value []byte) error {
+	return json.Unmarshal(value, n)
+}
+
+func (n *dummyObject) Index() uint64 {
+	return n.DBIndex
+}
+
+func (n *dummyObject) SetIndex(index uint64) {
+	n.DBIndex = index
+	n.DBExists = true
+}
+
+func (n *dummyObject) Exists() bool {
+	return n.DBExists
+}
+
+func (n *dummyObject) Skip() bool {
+	return n.SkipSave
+}
+
+func (n *dummyObject) DataScope() string {
+	return LocalScope
+}
+
+func (n *dummyObject) MarshalJSON() ([]byte, error) {
+	netMap := make(map[string]interface{})
+	netMap["name"] = n.Name
+	netMap["networkType"] = n.NetworkType
+	netMap["enableIPv6"] = n.EnableIPv6
+	netMap["generic"] = n.Generic
+	return json.Marshal(netMap)
+}
+
+func (n *dummyObject) UnmarshalJSON(b []byte) (err error) {
+	var netMap map[string]interface{}
+	if err := json.Unmarshal(b, &netMap); err != nil {
+		return err
+	}
+	n.Name = netMap["name"].(string)
+	n.NetworkType = netMap["networkType"].(string)
+	n.EnableIPv6 = netMap["enableIPv6"].(bool)
+	n.Generic = netMap["generic"].(map[string]interface{})
+	return nil
+}
+
+// dummy structure to test "recursive" cases
+type recStruct struct {
+	Name     string            `kv:"leaf"`
+	Field1   int               `kv:"leaf"`
+	Dict     map[string]string `kv:"iterative"`
+	DBIndex  uint64
+	DBExists bool
+	SkipSave bool
+}
+
+func (r *recStruct) Key() []string {
+	return []string{"recStruct"}
+}
+func (r *recStruct) Value() []byte {
+	b, err := json.Marshal(r)
+	if err != nil {
+		return nil
+	}
+	return b
+}
+
+func (r *recStruct) SetValue(value []byte) error {
+	return json.Unmarshal(value, r)
+}
+
+func (r *recStruct) Index() uint64 {
+	return r.DBIndex
+}
+
+func (r *recStruct) SetIndex(index uint64) {
+	r.DBIndex = index
+	r.DBExists = true
+}
+
+func (r *recStruct) Exists() bool {
+	return r.DBExists
+}
+
+func (r *recStruct) Skip() bool {
+	return r.SkipSave
+}
+
+func dummyKVObject(id string, retValue bool) *dummyObject {
+	cDict := make(map[string]string)
+	cDict["foo"] = "bar"
+	cDict["hello"] = "world"
+	n := dummyObject{
+		Name:        "testNw",
+		NetworkType: "bridge",
+		EnableIPv6:  true,
+		Rec:         &recStruct{"gen", 5, cDict, 0, false, false},
+		ID:          id,
+		DBIndex:     0,
+		ReturnValue: retValue,
+		DBExists:    false,
+		SkipSave:    false}
+	generic := make(map[string]interface{})
+	generic["label1"] = &recStruct{"value1", 1, cDict, 0, false, false}
+	generic["label2"] = "subnet=10.1.1.0/16"
+	n.Generic = generic
+	return &n
+}
diff --git a/vendor/github.com/docker/libnetwork/datastore/mock_store.go b/libnetwork/datastore/mock_store.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/datastore/mock_store.go
rename to libnetwork/datastore/mock_store.go
index 215cc4fd01ea2..80e43db53db9b 100644
--- a/vendor/github.com/docker/libnetwork/datastore/mock_store.go
+++ b/libnetwork/datastore/mock_store.go
@@ -3,8 +3,8 @@ package datastore
 import (
 	"errors"
 
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/libkv/store"
-	"github.com/docker/libnetwork/types"
 )
 
 var (
@@ -125,5 +125,4 @@ func (s *MockStore) AtomicDelete(key string, previous *store.KVPair) (bool, erro
 
 // Close closes the client connection
 func (s *MockStore) Close() {
-	return
 }
diff --git a/vendor/github.com/docker/libnetwork/default_gateway.go b/libnetwork/default_gateway.go
similarity index 91%
rename from vendor/github.com/docker/libnetwork/default_gateway.go
rename to libnetwork/default_gateway.go
index cf094b39eec80..44431a017a6b1 100644
--- a/vendor/github.com/docker/libnetwork/default_gateway.go
+++ b/libnetwork/default_gateway.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -162,18 +162,6 @@ func (ep *endpoint) endpointInGWNetwork() bool {
 	return false
 }
 
-func (sb *sandbox) getEPwithoutGateway() *endpoint {
-	for _, ep := range sb.getConnectedEndpoints() {
-		if ep.getNetwork().Type() == "null" || ep.getNetwork().Type() == "host" {
-			continue
-		}
-		if len(ep.Gateway()) == 0 {
-			return ep
-		}
-	}
-	return nil
-}
-
 // Looks for the default gw network and creates it if not there.
 // Parallel executions are serialized.
 func (c *controller) defaultGwNetwork() (Network, error) {
@@ -181,10 +169,8 @@ func (c *controller) defaultGwNetwork() (Network, error) {
 	defer func() { <-procGwNetwork }()
 
 	n, err := c.NetworkByName(libnGWNetwork)
-	if err != nil {
-		if _, ok := err.(types.NotFoundError); ok {
-			n, err = c.createGWNetwork()
-		}
+	if _, ok := err.(types.NotFoundError); ok {
+		n, err = c.createGWNetwork()
 	}
 	return n, err
 }
diff --git a/vendor/github.com/docker/libnetwork/default_gateway_freebsd.go b/libnetwork/default_gateway_freebsd.go
similarity index 84%
rename from vendor/github.com/docker/libnetwork/default_gateway_freebsd.go
rename to libnetwork/default_gateway_freebsd.go
index dc4b1bd592a48..164900d66ee6d 100644
--- a/vendor/github.com/docker/libnetwork/default_gateway_freebsd.go
+++ b/libnetwork/default_gateway_freebsd.go
@@ -1,6 +1,6 @@
 package libnetwork
 
-import "github.com/docker/libnetwork/types"
+import "github.com/docker/docker/libnetwork/types"
 
 const libnGWNetwork = "docker_gwbridge"
 
diff --git a/vendor/github.com/docker/libnetwork/default_gateway_linux.go b/libnetwork/default_gateway_linux.go
similarity index 92%
rename from vendor/github.com/docker/libnetwork/default_gateway_linux.go
rename to libnetwork/default_gateway_linux.go
index 60df85672260e..25bec287f9123 100644
--- a/vendor/github.com/docker/libnetwork/default_gateway_linux.go
+++ b/libnetwork/default_gateway_linux.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strconv"
 
-	"github.com/docker/libnetwork/drivers/bridge"
+	"github.com/docker/docker/libnetwork/drivers/bridge"
 )
 
 const libnGWNetwork = "docker_gwbridge"
diff --git a/libnetwork/default_gateway_windows.go b/libnetwork/default_gateway_windows.go
new file mode 100644
index 0000000000000..9f59ef076bb03
--- /dev/null
+++ b/libnetwork/default_gateway_windows.go
@@ -0,0 +1,22 @@
+package libnetwork
+
+import (
+	windriver "github.com/docker/docker/libnetwork/drivers/windows"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/types"
+)
+
+const libnGWNetwork = "nat"
+
+func getPlatformOption() EndpointOption {
+
+	epOption := options.Generic{
+		windriver.DisableICC: true,
+		windriver.DisableDNS: true,
+	}
+	return EndpointOptionGeneric(epOption)
+}
+
+func (c *controller) createGWNetwork() (Network, error) {
+	return nil, types.NotImplementedErrorf("default gateway functionality is not implemented in windows")
+}
diff --git a/libnetwork/diagnostic/server.go b/libnetwork/diagnostic/server.go
new file mode 100644
index 0000000000000..08c3e875af9ca
--- /dev/null
+++ b/libnetwork/diagnostic/server.go
@@ -0,0 +1,227 @@
+package diagnostic
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"sync"
+	"sync/atomic"
+
+	"github.com/docker/docker/libnetwork/internal/caller"
+	"github.com/docker/docker/pkg/stack"
+	"github.com/sirupsen/logrus"
+)
+
+// HTTPHandlerFunc TODO
+type HTTPHandlerFunc func(interface{}, http.ResponseWriter, *http.Request)
+
+type httpHandlerCustom struct {
+	ctx interface{}
+	F   func(interface{}, http.ResponseWriter, *http.Request)
+}
+
+// ServeHTTP TODO
+func (h httpHandlerCustom) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	h.F(h.ctx, w, r)
+}
+
+var diagPaths2Func = map[string]HTTPHandlerFunc{
+	"/":          notImplemented,
+	"/help":      help,
+	"/ready":     ready,
+	"/stackdump": stackTrace,
+}
+
+// Server when the debug is enabled exposes a
+// This data structure is protected by the Agent mutex so does not require and additional mutex here
+type Server struct {
+	enable            int32
+	srv               *http.Server
+	port              int
+	mux               *http.ServeMux
+	registeredHanders map[string]bool
+	sync.Mutex
+}
+
+// New creates a new diagnostic server
+func New() *Server {
+	return &Server{
+		registeredHanders: make(map[string]bool),
+	}
+}
+
+// Init initialize the mux for the http handling and register the base hooks
+func (s *Server) Init() {
+	s.mux = http.NewServeMux()
+
+	// Register local handlers
+	s.RegisterHandler(s, diagPaths2Func)
+}
+
+// RegisterHandler allows to register new handlers to the mux and to a specific path
+func (s *Server) RegisterHandler(ctx interface{}, hdlrs map[string]HTTPHandlerFunc) {
+	s.Lock()
+	defer s.Unlock()
+	for path, fun := range hdlrs {
+		if _, ok := s.registeredHanders[path]; ok {
+			continue
+		}
+		s.mux.Handle(path, httpHandlerCustom{ctx, fun})
+		s.registeredHanders[path] = true
+	}
+}
+
+// ServeHTTP this is the method called bu the ListenAndServe, and is needed to allow us to
+// use our custom mux
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	s.mux.ServeHTTP(w, r)
+}
+
+// EnableDiagnostic opens a TCP socket to debug the passed network DB
+func (s *Server) EnableDiagnostic(ip string, port int) {
+	s.Lock()
+	defer s.Unlock()
+
+	s.port = port
+
+	if s.enable == 1 {
+		logrus.Info("The server is already up and running")
+		return
+	}
+
+	logrus.Infof("Starting the diagnostic server listening on %d for commands", port)
+	srv := &http.Server{Addr: fmt.Sprintf("%s:%d", ip, port), Handler: s}
+	s.srv = srv
+	s.enable = 1
+	go func(n *Server) {
+		// Ignore ErrServerClosed that is returned on the Shutdown call
+		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			logrus.Errorf("ListenAndServe error: %s", err)
+			atomic.SwapInt32(&n.enable, 0)
+		}
+	}(s)
+}
+
+// DisableDiagnostic stop the dubug and closes the tcp socket
+func (s *Server) DisableDiagnostic() {
+	s.Lock()
+	defer s.Unlock()
+
+	s.srv.Shutdown(context.Background()) // nolint:errcheck
+	s.srv = nil
+	s.enable = 0
+	logrus.Info("Disabling the diagnostic server")
+}
+
+// IsDiagnosticEnabled returns true when the debug is enabled
+func (s *Server) IsDiagnosticEnabled() bool {
+	s.Lock()
+	defer s.Unlock()
+	return s.enable == 1
+}
+
+func notImplemented(ctx interface{}, w http.ResponseWriter, r *http.Request) {
+	r.ParseForm() // nolint:errcheck
+	_, json := ParseHTTPFormOptions(r)
+	rsp := WrongCommand("not implemented", fmt.Sprintf("URL path: %s no method implemented check /help\n", r.URL.Path))
+
+	// audit logs
+	log := logrus.WithFields(logrus.Fields{"component": "diagnostic", "remoteIP": r.RemoteAddr, "method": caller.Name(0), "url": r.URL.String()})
+	log.Info("command not implemented done")
+
+	HTTPReply(w, rsp, json) // nolint:errcheck
+}
+
+func help(ctx interface{}, w http.ResponseWriter, r *http.Request) {
+	r.ParseForm() // nolint:errcheck
+	_, json := ParseHTTPFormOptions(r)
+
+	// audit logs
+	log := logrus.WithFields(logrus.Fields{"component": "diagnostic", "remoteIP": r.RemoteAddr, "method": caller.Name(0), "url": r.URL.String()})
+	log.Info("help done")
+
+	n, ok := ctx.(*Server)
+	var result string
+	if ok {
+		for path := range n.registeredHanders {
+			result += fmt.Sprintf("%s\n", path)
+		}
+		HTTPReply(w, CommandSucceed(&StringCmd{Info: result}), json) // nolint:errcheck
+	}
+}
+
+func ready(ctx interface{}, w http.ResponseWriter, r *http.Request) {
+	r.ParseForm() // nolint:errcheck
+	_, json := ParseHTTPFormOptions(r)
+
+	// audit logs
+	log := logrus.WithFields(logrus.Fields{"component": "diagnostic", "remoteIP": r.RemoteAddr, "method": caller.Name(0), "url": r.URL.String()})
+	log.Info("ready done")
+	HTTPReply(w, CommandSucceed(&StringCmd{Info: "OK"}), json) // nolint:errcheck
+}
+
+func stackTrace(ctx interface{}, w http.ResponseWriter, r *http.Request) {
+	r.ParseForm() // nolint:errcheck
+	_, json := ParseHTTPFormOptions(r)
+
+	// audit logs
+	log := logrus.WithFields(logrus.Fields{"component": "diagnostic", "remoteIP": r.RemoteAddr, "method": caller.Name(0), "url": r.URL.String()})
+	log.Info("stack trace")
+
+	path, err := stack.DumpToFile("/tmp/")
+	if err != nil {
+		log.WithError(err).Error("failed to write goroutines dump")
+		HTTPReply(w, FailCommand(err), json) // nolint:errcheck
+	} else {
+		log.Info("stack trace done")
+		HTTPReply(w, CommandSucceed(&StringCmd{Info: fmt.Sprintf("goroutine stacks written to %s", path)}), json) // nolint:errcheck
+	}
+}
+
+// DebugHTTPForm helper to print the form url parameters
+func DebugHTTPForm(r *http.Request) {
+	for k, v := range r.Form {
+		logrus.Debugf("Form[%q] = %q\n", k, v)
+	}
+}
+
+// JSONOutput contains details on JSON output printing
+type JSONOutput struct {
+	enable      bool
+	prettyPrint bool
+}
+
+// ParseHTTPFormOptions easily parse the JSON printing options
+func ParseHTTPFormOptions(r *http.Request) (bool, *JSONOutput) {
+	_, unsafe := r.Form["unsafe"]
+	v, json := r.Form["json"]
+	var pretty bool
+	if len(v) > 0 {
+		pretty = v[0] == "pretty"
+	}
+	return unsafe, &JSONOutput{enable: json, prettyPrint: pretty}
+}
+
+// HTTPReply helper function that takes care of sending the message out
+func HTTPReply(w http.ResponseWriter, r *HTTPResult, j *JSONOutput) (int, error) {
+	var response []byte
+	if j.enable {
+		w.Header().Set("Content-Type", "application/json")
+		var err error
+		if j.prettyPrint {
+			response, err = json.MarshalIndent(r, "", "  ")
+			if err != nil {
+				response, _ = json.MarshalIndent(FailCommand(err), "", "  ")
+			}
+		} else {
+			response, err = json.Marshal(r)
+			if err != nil {
+				response, _ = json.Marshal(FailCommand(err))
+			}
+		}
+	} else {
+		response = []byte(r.String())
+	}
+	return fmt.Fprint(w, string(response))
+}
diff --git a/vendor/github.com/docker/libnetwork/diagnostic/types.go b/libnetwork/diagnostic/types.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/diagnostic/types.go
rename to libnetwork/diagnostic/types.go
diff --git a/vendor/github.com/docker/libnetwork/discoverapi/discoverapi.go b/libnetwork/discoverapi/discoverapi.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/discoverapi/discoverapi.go
rename to libnetwork/discoverapi/discoverapi.go
diff --git a/libnetwork/docs/bridge.md b/libnetwork/docs/bridge.md
new file mode 100644
index 0000000000000..49e4e335a2bef
--- /dev/null
+++ b/libnetwork/docs/bridge.md
@@ -0,0 +1,13 @@
+Bridge Driver
+=============
+
+The bridge driver is an implementation that uses Linux Bridging and iptables to provide connectivity for containers
+It creates a single bridge, called `docker0` by default, and attaches a `veth pair` between the bridge and every endpoint.
+
+## Configuration
+
+The bridge driver supports configuration through the Docker Daemon flags. 
+
+## Usage
+
+This driver is supported for the default "bridge" network only and it cannot be used for any other networks.
diff --git a/libnetwork/docs/cnm-model.jpg b/libnetwork/docs/cnm-model.jpg
new file mode 100644
index 0000000000000..9bc45d0d9d845
Binary files /dev/null and b/libnetwork/docs/cnm-model.jpg differ
diff --git a/libnetwork/docs/design.md b/libnetwork/docs/design.md
new file mode 100644
index 0000000000000..4967290bfcccc
--- /dev/null
+++ b/libnetwork/docs/design.md
@@ -0,0 +1,158 @@
+Design
+======
+
+This document describes how libnetwork has been designed in order to achieve this.
+Requirements for individual releases can be found on the [Project Page](https://github.com/docker/libnetwork/wiki).
+
+Many of the design decisions are inspired by the learnings from the Docker networking design as of Docker v1.6.
+Please refer to this [Docker v1.6 Design](legacy.md) document for more information on networking design as of Docker v1.6.
+
+## Goal
+
+libnetwork project will follow Docker and Linux philosophy of developing small, highly modular and composable tools that work well independently.
+Libnetwork aims to satisfy that composable need for Networking in Containers.
+
+## The Container Network Model
+
+Libnetwork implements Container Network Model (CNM) which formalizes the steps required to provide networking for containers while providing an abstraction that can be used to support multiple network drivers. The CNM is built on 3 main components (shown below)
+
+![](/docs/cnm-model.jpg?raw=true)
+
+**Sandbox**
+
+A Sandbox contains the configuration of a container's network stack.
+This includes management of the container's interfaces, routing table and DNS settings.
+An implementation of a Sandbox could be a Linux Network Namespace, a FreeBSD Jail or other similar concept.
+A Sandbox may contain *many* endpoints from *multiple* networks.
+
+**Endpoint**
+
+An Endpoint joins a Sandbox to a Network.
+An implementation of an Endpoint could be a `veth` pair, an Open vSwitch internal port or similar.
+An Endpoint can belong to only one network and it can belong to only one Sandbox, if connected.
+
+**Network**
+
+A Network is a group of Endpoints that are able to communicate with each-other directly.
+An implementation of a Network could be a Linux bridge, a VLAN, etc.
+Networks consist of *many* endpoints.
+
+## CNM Objects
+
+**NetworkController**
+`NetworkController` object provides the entry-point into libnetwork that exposes simple APIs for the users (such as Docker Engine) to allocate and manage Networks. libnetwork supports multiple active drivers (both inbuilt and remote). `NetworkController` allows user to bind a particular driver to a given network.
+
+**Driver**
+`Driver` is not a user visible object, but drivers provide the actual network implementation. `NetworkController` provides an API to configure a driver with driver-specific options/labels that is transparent to libnetwork, but can be handled by the drivers directly. Drivers can be both inbuilt (such as Bridge, Host, None & overlay) and remote (from plugin providers) to satisfy various use cases & deployment scenarios. At this point, the Driver owns a network and is responsible for managing the network (including IPAM, etc.). This can be improved in the future by having multiple drivers participating in handling various network management functionalities.
+
+**Network**
+`Network` object is an implementation of the `CNM : Network` as defined above. `NetworkController` provides APIs to create and manage `Network` object. Whenever a `Network` is created or updated, the corresponding `Driver` will be notified of the event. LibNetwork treats `Network` objects at an abstract level to provide connectivity between a group of endpoints that belong to the same network and isolation from the rest. The `Driver` performs the actual work of providing the required connectivity and isolation. The connectivity can be within the same host or across multiple hosts. Hence `Network` has a global scope within a cluster.
+
+**Endpoint**
+`Endpoint` represents a Service Endpoint. It provides the connectivity for services exposed by a container in a network with other services provided by other containers in the network. `Network` object provides APIs to create and manage an endpoint. An endpoint can be attached to only one network. `Endpoint` creation calls are made to the corresponding `Driver` which is responsible for allocating resources for the corresponding `Sandbox`. Since `Endpoint` represents a Service and not necessarily a particular container, `Endpoint` has a global scope within a cluster.
+
+**Sandbox**
+`Sandbox` object represents container's network configuration such as IP address, MAC address, routes, DNS entries. A `Sandbox` object is created when the user requests to create an endpoint on a network. The `Driver` that handles the `Network` is responsible for allocating the required network resources (such as the IP address) and passing the info called `SandboxInfo` back to libnetwork. libnetwork will make use of OS specific constructs (example: netns for Linux) to populate the network configuration into the containers that is represented by the `Sandbox`. A `Sandbox` can have multiple endpoints attached to different networks. Since `Sandbox` is associated with a particular container in a given host, it has a local scope that represents the Host that the Container belong to.
+
+**CNM Attributes**
+
+***Options***
+`Options` provides a generic and flexible mechanism to pass `Driver` specific configuration options from the user to the `Driver` directly. `Options` are just key-value pairs of data with `key` represented by a string and `value` represented by a generic object (such as a Go `interface{}`). Libnetwork will operate on the `Options` ONLY if the `key` matches any of the well-known `Labels` defined in the `net-labels` package. `Options` also encompasses `Labels` as explained below. `Options` are generally NOT end-user visible (in UI), while `Labels` are.
+
+***Labels***
+`Labels` are very similar to `Options` and are in fact just a subset of `Options`. `Labels` are typically end-user visible and are represented in the UI explicitly using the `--labels` option. They are passed from the UI to the `Driver` so that `Driver` can make use of it and perform any `Driver` specific operation (such as a subnet to allocate IP-Addresses from in a Network).
+
+## CNM Lifecycle
+
+Consumers of the CNM, like Docker, interact through the CNM Objects and its APIs to network the containers that they manage.
+
+1. `Drivers` register with `NetworkController`. Built-in drivers register inside of libnetwork, while remote drivers register with libnetwork via the Plugin mechanism (*plugin-mechanism is WIP*). Each `driver` handles a particular `networkType`.
+
+2. `NetworkController` object is created using `libnetwork.New()` API to manage the allocation of Networks and optionally configure a `Driver` with driver specific `Options`.
+
+3. `Network` is created using the controller's `NewNetwork()` API by providing a `name` and `networkType`. `networkType` parameter helps to choose a corresponding `Driver` and binds the created `Network` to that `Driver`. From this point, any operation on `Network` will be handled by that `Driver`.
+
+4. `controller.NewNetwork()` API also takes in optional `options` parameter which carries Driver-specific options and `Labels`, which the Drivers can make use of for its purpose.
+
+5. `network.CreateEndpoint()` can be called to create a new Endpoint in a given network. This API also accepts optional `options` parameter which drivers can make use of. These 'options' carry both well-known labels and driver-specific labels. Drivers will in turn be called with `driver.CreateEndpoint` and it can choose to reserve IPv4/IPv6 addresses when an `Endpoint` is created in a `Network`. The `Driver` will assign these addresses using `InterfaceInfo` interface defined in the `driverapi`. The IP/IPv6 are needed to complete the endpoint as service definition along with the ports the endpoint exposes since essentially a service endpoint is nothing but a network address and the port number that the application container is listening on.
+
+6. `endpoint.Join()` can be used to attach a container to an `Endpoint`. The Join operation will create a `Sandbox` if it doesn't exist already for that container. The Drivers can make use of the Sandbox Key to identify multiple endpoints attached to a same container. This API also accepts optional `options` parameter which drivers can make use of.
+  * Though it is not a direct design issue of LibNetwork, it is highly encouraged to have users like `Docker` to call the endpoint.Join() during Container's `Start()` lifecycle that is invoked *before* the container is made operational. As part of Docker integration, this will be taken care of.
+  * One of a FAQ on endpoint join() API is that, why do we need an API to create an Endpoint and another to join the endpoint.
+    - The answer is based on the fact that Endpoint represents a Service which may or may not be backed by a Container. When an Endpoint is created, it will have its resources reserved so that any container can get attached to the endpoint later and get a consistent networking behaviour.
+
+7. `endpoint.Leave()` can be invoked when a container is stopped. The `Driver` can cleanup the states that it allocated during the `Join()` call. LibNetwork will delete the `Sandbox` when the last referencing endpoint leaves the network. But LibNetwork keeps hold of the IP addresses as long as the endpoint is still present and will be reused when the container(or any container) joins again. This ensures that the container's resources are reused when they are Stopped and Started again.
+
+8. `endpoint.Delete()` is used to delete an endpoint from a network. This results in deleting an endpoint and cleaning up the cached `sandbox.Info`.
+
+9. `network.Delete()` is used to delete a network. LibNetwork will not allow the delete to proceed if there are any existing endpoints attached to the Network.
+
+
+## Implementation Details
+
+### Networks & Endpoints
+
+LibNetwork's Network and Endpoint APIs are primarily for managing the corresponding Objects and book-keeping them to provide a level of abstraction as required by the CNM. It delegates the actual implementation to the drivers which realize the functionality as promised in the CNM. For more information on these details, please see [the drivers section](#drivers)
+
+### Sandbox
+
+Libnetwork provides a framework to implement of a Sandbox in multiple operating systems. Currently we have implemented Sandbox for Linux using `namespace_linux.go` and `configure_linux.go` in `sandbox` package.
+This creates a Network Namespace for each sandbox which is uniquely identified by a path on the host filesystem.
+Netlink calls are used to move interfaces from the global namespace to the Sandbox namespace.
+Netlink is also used to manage the routing table in the namespace.
+
+## Drivers
+
+## API
+
+Drivers are essentially an extension of libnetwork and provide the actual implementation for all of the LibNetwork APIs defined above. Hence there is an 1-1 correspondence for all the `Network` and `Endpoint` APIs, which includes :
+* `driver.Config`
+* `driver.CreateNetwork`
+* `driver.DeleteNetwork`
+* `driver.CreateEndpoint`
+* `driver.DeleteEndpoint`
+* `driver.Join`
+* `driver.Leave`
+
+These Driver facing APIs make use of unique identifiers (`networkid`,`endpointid`,...) instead of names (as seen in user-facing APIs).
+
+The APIs are still work in progress and there can be changes to these based on the driver requirements especially when it comes to Multi-host networking.
+
+### Driver semantics
+
+ * `Driver.CreateEndpoint`
+
+This method is passed an interface `EndpointInfo`, with methods `Interface` and `AddInterface`.
+
+If the value returned by `Interface` is non-nil, the driver is expected to make use of the interface information therein (e.g., treating the address or addresses as statically supplied), and must return an error if it cannot. If the value is `nil`, the driver should allocate exactly one _fresh_ interface, and use `AddInterface` to record them; or return an error if it cannot.
+
+It is forbidden to use `AddInterface` if `Interface` is non-nil.
+
+## Implementations
+
+Libnetwork includes the following driver packages:
+
+- null
+- bridge
+- overlay
+- remote
+
+### Null
+
+The null driver is a `noop` implementation of the driver API, used only in cases where no networking is desired. This is to provide backward compatibility to the Docker's `--net=none` option.
+
+### Bridge
+
+The `bridge` driver provides a Linux-specific bridging implementation based on the Linux Bridge.
+For more details, please [see the Bridge Driver documentation](bridge.md).
+
+### Overlay
+
+The `overlay` driver implements networking that can span multiple hosts using overlay network encapsulations such as VXLAN.
+For more details on its design, please see the [Overlay Driver Design](overlay.md).
+
+### Remote
+
+The `remote` package does not provide a driver, but provides a means of supporting drivers over a remote transport.
+This allows a driver to be written in a language of your choice.
+For further details, please see the [Remote Driver Design](remote.md).
diff --git a/libnetwork/docs/images/macvlan_bridge_simple.gliffy b/libnetwork/docs/images/macvlan_bridge_simple.gliffy
new file mode 100644
index 0000000000000..9d77e1f6fc0f8
--- /dev/null
+++ b/libnetwork/docs/images/macvlan_bridge_simple.gliffy
@@ -0,0 +1 @@
+{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":328,"height":292,"nodeIndex":215,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":16,"y":21.51999694824218},"max":{"x":328,"y":291.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":241.0,"y":36.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":42,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":85.0,"y":50.0,"rotation":0.0,"id":150,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[3.1159999999999997,6.359996948242184],[85.55799999999999,6.359996948242184],[85.55799999999999,62.0],[84.0,62.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":22.803646598905374,"y":21.51999694824218,"rotation":0.0,"id":134,"width":64.31235340109463,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":44,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":89.0,"y":22.199996948242188,"rotation":0.0,"id":187,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">eth1 172.16.86.0/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":147.0,"y":50.0,"rotation":0.0,"id":196,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":41,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":199,"py":0.5,"px":0.0}}},"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-82.00001598011289,6.075000000000003],[94.0,6.075000000000003]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":210.0,"y":80.19999694824219,"rotation":0.0,"id":207,"width":120.00000000000001,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":43,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Network Router</span></p><p style=\"text-align:center;\"><span style=\"\">172.16.86.1</span><span style=\"\">/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":27.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":129,"width":262.0,"height":124.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#929292","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":33.0,"y":157.96785409109907,"rotation":0.0,"id":114,"width":150.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":1,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.9951060358893704,"rotation":0.0,"id":95,"width":62.0,"height":36.17618270799329,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":6,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.2300163132136848,"rotation":0.0,"id":96,"width":3.719999999999998,"height":29.7161500815659,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":15,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":99,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":99,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8599999999999994,-1.2920065252854727],[1.8599999999999994,31.0081566068514]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.2300163132136848,"rotation":0.0,"id":97,"width":1.2156862745098034,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.292006525285804],[-1.4193795664340882,31.008156606851536]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.5073409461663854,"rotation":0.0,"id":98,"width":1.239999999999999,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.4306688417619762],[2.0393795664339223,32.73083197389853]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9380097879282103,"rotation":0.0,"id":99,"width":62.0,"height":32.300163132136866,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":38.326264274062034,"rotation":0.0,"id":112,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container1</span></span></p><p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">172.16.86.2/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":157.96785409109907,"rotation":0.0,"id":115,"width":150.0,"height":58.99999999999999,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":34,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.94518760195788,"rotation":0.0,"id":116,"width":62.0,"height":35.573246329526725,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":22,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.1761827079934557,"rotation":0.0,"id":117,"width":3.719999999999998,"height":29.220880913539798,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":31,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8600000000000136,-1.2704730831974018],[1.8600000000000136,30.49135399673719]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.1761827079934557,"rotation":0.0,"id":118,"width":1.2156862745098034,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.2704730831977067],[-1.4193795664340882,30.491353996737335]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.482218597063612,"rotation":0.0,"id":119,"width":1.239999999999999,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.42349102773260977],[2.0393795664339223,32.185318107666895]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9057096247960732,"rotation":0.0,"id":120,"width":62.0,"height":31.76182707993458,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.45415986949433,"rotation":0.0,"id":121,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container2</span></span></p><p style=\"text-align:center;\"><span style=\"\">172.16.86.3/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":102.0,"y":130.1999969482422,"rotation":0.0,"id":130,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">pub_net (eth0)</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":93.0,"y":92.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"text-decoration:none;font-family:Arial;font-size:12px;\"><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":14.0,"y":114.19999694824219,"rotation":0.0,"id":142,"width":78.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">Docker Host</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":235.5,"rotation":0.0,"id":184,"width":196.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":39,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">docker network create -d macvlan \\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; --subnet&#61;172.16.86.0/24 \\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; --gateway&#61;172.16.86.1 &nbsp;\\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; -o parent&#61;eth1 pub_net</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":45}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#999999","strokeWidth":6,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457586216662,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/libnetwork/docs/images/macvlan_bridge_simple.png b/libnetwork/docs/images/macvlan_bridge_simple.png
new file mode 100644
index 0000000000000..51fa66e263793
Binary files /dev/null and b/libnetwork/docs/images/macvlan_bridge_simple.png differ
diff --git a/libnetwork/docs/images/macvlan_bridge_simple.svg b/libnetwork/docs/images/macvlan_bridge_simple.svg
new file mode 100644
index 0000000000000..bce931f0002ab
--- /dev/null
+++ b/libnetwork/docs/images/macvlan_bridge_simple.svg
@@ -0,0 +1 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="348" height="311.5"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs><linearGradient id="ddeLbvFrpPPd" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="dLREXEIeFVSa" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient></defs><g transform="translate(0,0)"><g><rect fill="#ffffff" stroke="none" x="0" y="0" width="348" height="311.5"/></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,27.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(3.742857142857143,2.8181818181818183)"><g><g><g><path fill="#929292" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,77,162.90096991491666)"><g><g transform="translate(0,0) scale(0.62,0.32300163132136867)"><g><path fill="url(#ddeLbvFrpPPd)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(1.6129032258064517,3.0959595959596116)"><path fill="none" stroke="none" d="M 0 0 L 62 0 Q 62 0 62 0 L 62 32.300163132136866 Q 62 32.300163132136866 62 32.300163132136866 L 0 32.300163132136866 Q 0 32.300163132136866 0 32.300163132136866 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#ddeLbvFrpPPd)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 62 0 Q 62 0 62 0 L 62 32.300163132136866 Q 62 32.300163132136866 62 32.300163132136866 L 0 32.300163132136866 Q 0 32.300163132136866 0 32.300163132136866 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,84.45937956643391,158.4009699149168)"><g transform="translate(0,0)"><g transform="translate(-86.91999999999999,-162.47030107315481) translate(2.4606204335660777,4.069331158238015) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 88.95937956643391 162.9009699149168 L 88.95937956643391 195.20113304705336" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,122.54062043356592,158.40096991491632)"><g transform="translate(0,0)"><g transform="translate(-128.46,-164.19297644020213) translate(5.919379566434088,5.792006525285814) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 127.04062043356592 162.90096991491632 L 127.04062043356592 195.20113304705367" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,103.5,158.40096991491666)"><g transform="translate(0,0)"><g transform="translate(-106.14,-164.19297644020213) translate(2.6400000000000006,5.792006525285473) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 108 162.90096991491666 L 108 195.20113304705353" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,35,196)"><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="28" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="45" y="12">container1</text></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="33" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="70" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="74" y="26">86</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="87" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="90" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="97" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="100" y="26">24</text></g></g><g transform="translate(0,0) matrix(1,0,0,1,168,162.818751317853)"><g><g transform="translate(0,0) scale(0.62,0.3176182707993458)"><g><path fill="url(#dLREXEIeFVSa)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(1.6129032258064517,3.148433487416555)"><path fill="none" stroke="none" d="M 0 0 L 62 0 Q 62 0 62 0 L 62 31.76182707993458 Q 62 31.76182707993458 62 31.76182707993458 L 0 31.76182707993458 Q 0 31.76182707993458 0 31.76182707993458 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#dLREXEIeFVSa)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 62 0 Q 62 0 62 0 L 62 31.76182707993458 Q 62 31.76182707993458 62 31.76182707993458 L 0 31.76182707993458 Q 0 31.76182707993458 0 31.76182707993458 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,175.4593795664339,158.31875131785318)"><g transform="translate(0,0)"><g transform="translate(-177.92,-162.39526029012058) translate(2.4606204335660777,4.076508972267391) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 179.9593795664339 162.81875131785318 L 179.9593795664339 194.58057839778746" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,213.54062043356592,158.3187513178527)"><g transform="translate(0,0)"><g transform="translate(-219.46,-164.08922440105042) translate(5.919379566434088,5.7704730831977145) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 218.04062043356592 162.8187513178527 L 218.04062043356592 194.58057839778775" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,194.5,158.318751317853)"><g transform="translate(0,0)"><g transform="translate(-197.14,-164.08922440105042) translate(2.6399999999999864,5.770473083197402) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 199 162.818751317853 L 199 194.5805783977876" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,126,195)"><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="28" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="45" y="12">container2</text></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="33" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="70" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="74" y="26">86</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="87" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="90" y="26">3</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="97" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="100" y="26">24</text></g></g><g transform="matrix(1,0,0,1,104,130)"><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="34" y="0" width="79" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="34" y="12">pub_net</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="78" y="12"> (</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="85" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="109" y="12">)</text></g></g><g transform="matrix(1,0,0,1,95,100)"><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g/></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="matrix(1,0,0,1,16,114)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="4" y="12">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="12">Host</text></g></g><g transform="matrix(1,0,0,1,81.616,49.859996948242184)"><g transform="translate(0,0)"><g transform="translate(-85,-50) translate(3.3840000000000003,0.1400030517578159) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 88.116 56.359996948242184 L 160.558 56.359996948242184 Q 170.558 56.359996948242184 170.558 66.35999694824218 L 170.558 102 Q 170.558 112 169.779 112 L 169 112" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,73,236)"><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="193" height="56" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="187" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="12">network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="85" y="12">create</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="118" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="125" y="12">d</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="135" y="12">macvlan</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="180" y="12"> \</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="152" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="26">--</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="26">subnet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="64" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="84" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="88" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="101" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="104" y="26">86</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="118" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="121" y="26">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="128" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="131" y="26">24</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="144" y="26"> \</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="147" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="40">--</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="40">gateway</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="40">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="40">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="96" y="40">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="110" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="113" y="40">86</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="126" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="130" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="136" y="40"> &#160;\</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="139" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="54">-</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="17" y="54">o</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="54">parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="54">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="54">eth1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="95" y="54">pub_net</text></g></g><g transform="matrix(1,0,0,1,91,22)"><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="28" fill-opacity="0"/></g></g><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="28" fill-opacity="0"/></g></g><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="81" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">eth1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="20" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="23" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="37" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="40" y="26">86</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="67" y="26">24</text></g></g><g transform="matrix(1,0,0,1,58.49998401988711,49.575)"><g transform="translate(0,0)"><g transform="translate(-147,-50) translate(88.50001598011289,0.42499999999999716) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 64.99998401988711 56.075 L 241 56.075" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,241,36)"><g><g transform="translate(0,0) scale(0.6083333333333336,0.6104050109462419)"><g><g><path fill="#3966A0" stroke="rgb(0,0,0)" d="M 102.635 0 C 93.815 0 86.371 6.797 85.395 15.43 L 4.554 15.43 C 2.043 15.431 0 17.473 0 19.984 L 0 53.338 C 0 55.849 2.043 57.892 4.554 57.892 L 8.016 57.892 L 8.016 65.776 L 96.471 65.776 L 96.471 57.892 L 99.672 57.892 C 102.184 57.892 104.227 55.849 104.227 53.338 L 104.227 34.655 C 107.211 34.382 109.971 33.334 112.331 31.735 L 112.331 31.735 C 112.785 31.428 113.223 31.1 113.643 30.753 C 113.655 30.744 113.665 30.734 113.676 30.725 C 114.093 30.38 114.492 30.017 114.875 29.635 C 114.875 29.635 114.887 29.623 114.893 29.617 C 118.039 26.471 120 22.143 120 17.365 C 120 7.79 112.21 0 102.635 0 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 102.688 3.191 C 94.836 3.191 88.45 9.579 88.45 17.43 C 88.45 25.281 94.838 31.669 102.688 31.669 C 110.54 31.669 116.926 25.281 116.926 17.43 C 116.926 9.579 110.539 3.191 102.688 3.191 Z M 97.377 20.901 C 97.118 20.901 96.859 20.802 96.662 20.605 C 96.267 20.21 96.267 19.569 96.662 19.174 L 97.412 18.424 L 91.228 18.424 C 90.669 18.424 90.216 17.971 90.216 17.412 C 90.216 16.853 90.67 16.4 91.229 16.4 L 97.414 16.4 L 96.699 15.686 C 96.303 15.291 96.303 14.65 96.699 14.255 C 97.095 13.86 97.735 13.86 98.13 14.255 L 100.571 16.696 C 100.665 16.79 100.739 16.902 100.791 17.026 C 100.894 17.273 100.894 17.552 100.791 17.799 C 100.739 17.924 100.665 18.036 100.571 18.129 L 98.093 20.605 C 97.895 20.802 97.637 20.901 97.377 20.901 Z M 105.863 25.522 L 103.422 27.963 C 103.225 28.161 102.965 28.259 102.707 28.259 C 102.698 28.259 102.689 28.254 102.68 28.254 C 102.671 28.254 102.663 28.259 102.655 28.259 C 102.305 28.259 102.012 28.07 101.83 27.801 L 99.515 25.484 C 99.119 25.089 99.119 24.448 99.515 24.053 C 99.91 23.658 100.55 23.658 100.945 24.053 L 101.644 24.752 L 101.644 9.174 L 100.945 9.873 C 100.748 10.071 100.488 10.169 100.23 10.169 C 99.97 10.169 99.711 10.07 99.515 9.873 C 99.119 9.478 99.119 8.837 99.515 8.442 L 101.954 6 C 102.35 5.605 102.988 5.605 103.385 6 L 105.864 8.478 C 106.26 8.873 106.26 9.514 105.864 9.909 C 105.667 10.107 105.408 10.205 105.149 10.205 C 104.889 10.205 104.63 10.106 104.434 9.909 L 103.667 9.143 L 103.667 24.857 L 104.434 24.091 C 104.829 23.696 105.468 23.696 105.864 24.091 C 106.258 24.486 106.258 25.126 105.863 25.522 Z M 114.148 18.46 L 107.964 18.46 L 108.677 19.174 C 109.073 19.569 109.073 20.21 108.677 20.605 C 108.48 20.803 108.22 20.901 107.961 20.901 C 107.702 20.901 107.442 20.802 107.246 20.605 L 104.808 18.165 C 104.713 18.072 104.64 17.959 104.587 17.835 C 104.485 17.588 104.485 17.309 104.587 17.062 C 104.64 16.937 104.713 16.825 104.808 16.732 L 107.284 14.255 C 107.68 13.86 108.32 13.86 108.715 14.255 C 109.11 14.65 109.11 15.291 108.715 15.686 L 107.964 16.437 L 114.149 16.437 C 114.708 16.437 115.161 16.89 115.161 17.449 C 115.16 18.008 114.707 18.46 114.148 18.46 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 80.533 36.476 A 3.247 3.247 0 1 0 80.53299837650013 36.47924699945883 Z" opacity="0.5" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 35.006 L 20.39 35.006 L 20.39 24 L 9.278 24 L 9.278 35.006 Z M 10.929 25.567 L 18.819 25.567 L 18.819 31.173 L 16.536 31.173 L 16.536 33.456 L 13.213 33.456 L 13.213 31.173 L 10.93 31.173 L 10.929 25.567 L 10.929 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 35.015 L 35.365 35.015 L 35.365 24.009 L 24.253 24.009 L 24.253 35.015 Z M 25.904 25.576 L 33.794 25.576 L 33.794 31.182 L 31.51 31.182 L 31.51 33.465 L 28.187 33.465 L 28.187 31.182 L 25.904 31.182 L 25.904 25.576 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 50.3 24.009 L 39.188 24.009 L 39.188 35.014 L 50.3 35.014 L 50.3 24.009 Z M 48.729 31.173 L 46.446 31.173 L 46.446 33.456 L 43.123 33.456 L 43.123 31.173 L 40.84 31.173 L 40.84 25.567 L 48.73 25.567 L 48.729 31.173 L 48.729 31.173 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 35.023 L 65.234 35.023 L 65.234 24.018 L 54.123 24.018 L 54.123 35.023 Z M 55.774 25.567 L 63.664 25.567 L 63.664 31.173 L 61.38 31.173 L 61.38 33.456 L 58.057 33.456 L 58.057 31.173 L 55.774 31.173 L 55.774 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 49.95 L 20.39 49.95 L 20.39 38.944 L 9.278 38.944 L 9.278 49.95 Z M 10.929 40.502 L 18.819 40.502 L 18.819 46.108 L 16.536 46.108 L 16.536 48.391 L 13.213 48.391 L 13.213 46.108 L 10.93 46.108 L 10.929 40.502 L 10.929 40.502 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 49.958 L 35.365 49.958 L 35.365 38.953 L 24.253 38.953 L 24.253 49.958 Z M 25.904 40.52 L 33.794 40.52 L 33.794 46.126 L 31.51 46.126 L 31.51 48.408 L 28.187 48.408 L 28.187 46.126 L 25.904 46.126 L 25.904 40.52 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 39.228 49.966 L 50.34 49.966 L 50.34 38.962 L 39.228 38.962 L 39.228 49.966 Z M 40.839 40.511 L 48.729 40.511 L 48.729 46.117 L 46.446 46.117 L 46.446 48.4 L 43.123 48.4 L 43.123 46.117 L 40.84 46.117 L 40.839 40.511 L 40.839 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 49.966 L 65.234 49.966 L 65.234 38.962 L 54.123 38.962 L 54.123 49.966 Z M 55.774 40.511 L 63.664 40.511 L 63.664 46.117 L 61.38 46.117 L 61.38 48.4 L 58.057 48.4 L 58.057 46.117 L 55.774 46.117 L 55.774 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 11.504 57.898 L 92.919 57.898 Q 92.919 57.898 92.919 57.898 L 92.919 62.69 Q 92.919 62.69 92.919 62.69 L 11.504 62.69 Q 11.504 62.69 11.504 62.69 L 11.504 57.898 Q 11.504 57.898 11.504 57.898 Z" opacity="0.7" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 85.525 18.936 L 5.082 18.936 C 4.255 18.936 3.582 19.609 3.582 20.436 L 3.582 53.397 C 3.582 54.224 4.255 54.897 5.082 54.897 L 11.504 54.897 L 92.919 54.897 L 99.082 54.897 C 99.909 54.897 100.582 54.224 100.582 53.397 L 100.582 34.526 C 92.561 33.543 86.232 27.039 85.525 18.936 Z M 20.389 49.95 L 9.278 49.95 L 9.278 38.944 L 20.39 38.944 L 20.389 49.95 L 20.389 49.95 Z M 20.389 35.006 L 9.278 35.006 L 9.278 24 L 20.39 24 L 20.389 35.006 L 20.389 35.006 Z M 35.365 49.958 L 24.253 49.958 L 24.253 38.953 L 35.365 38.953 L 35.365 49.958 Z M 35.365 35.015 L 24.253 35.015 L 24.253 24.009 L 35.365 24.009 L 35.365 35.015 Z M 39.188 24.009 L 50.3 24.009 L 50.3 35.014 L 39.188 35.014 L 39.188 24.009 Z M 50.34 49.966 L 39.228 49.966 L 39.228 38.962 L 50.34 38.962 L 50.34 49.966 Z M 65.234 49.966 L 54.123 49.966 L 54.123 38.962 L 65.234 38.962 L 65.234 49.966 Z M 65.234 35.023 L 54.123 35.023 L 54.123 24.018 L 65.234 24.018 L 65.234 35.023 Z M 77.286 39.723 C 75.493 39.723 74.039 38.269 74.039 36.476 C 74.039 34.683 75.493 33.229 77.286 33.229 C 79.079 33.229 80.533 34.683 80.533 36.476 C 80.533 38.269 79.08 39.723 77.286 39.723 Z M 89.541 39.723 C 87.748 39.723 86.294 38.269 86.294 36.476 C 86.294 34.683 87.748 33.229 89.541 33.229 C 91.334 33.229 92.788 34.683 92.788 36.476 C 92.787 38.269 91.334 39.723 89.541 39.723 Z" opacity="0.93" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,212,80)"><g transform="translate(117,42) matrix(1,0,0,1,0,0) translate(-117,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="117" height="28" fill-opacity="0"/></g></g><g transform="translate(117,42) matrix(1,0,0,1,0,0) translate(-117,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="117" height="14" fill-opacity="0"/></g></g><g transform="translate(117,42) matrix(1,0,0,1,0,0) translate(-117,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="0" width="85" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="17" y="12">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="64" y="12">Router</text></g><g transform="translate(117,42) matrix(1,0,0,1,0,0) translate(-117,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="117" height="14" fill-opacity="0"/></g></g><g transform="translate(117,42) matrix(1,0,0,1,0,0) translate(-117,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="14" width="64" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="38" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="42" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="55" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="26">86</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="72" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="75" y="26">1</text></g><g transform="translate(117,42) matrix(1,0,0,1,0,0) translate(-117,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="82" y="14" width="18" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="82" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="85" y="26">24</text></g></g><g transform="translate(0,0) matrix(1,0,0,1,22.803646598905374,21.51999694824218)"><g><g transform="translate(0,0) scale(0.9127109745695561,0.9)"><g><g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 16.22 L -1.393 16.22 L -1.393 99.52 L 52.371 99.52" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 99.52 L 69.07 82.82 L 69.07 -0.48 L 19.98 -0.48 L -1.393 16.22 L 52.371 16.22 L 52.371 99.52 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 52.371 16.22 L 69.07 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 25.3 16.22 L 25.3 99.52" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 26.149 16.22 L 44.316 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 23.823 L 21.317 23.823 Q 21.317 23.823 21.317 23.823 L 21.317 34.868 Q 21.317 34.868 21.317 34.868 L 3.263 34.868 Q 3.263 34.868 3.263 34.868 L 3.263 23.823 Q 3.263 23.823 3.263 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 23.823 L 47.207 23.823 Q 47.207 23.823 47.207 23.823 L 47.207 34.868 Q 47.207 34.868 47.207 34.868 L 29.156 34.868 Q 29.156 34.868 29.156 34.868 L 29.156 23.823 Q 29.156 23.823 29.156 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 64.604 L 21.317 64.604 Q 21.317 64.604 21.317 64.604 L 21.317 75.648 Q 21.317 75.648 21.317 75.648 L 3.263 75.648 Q 3.263 75.648 3.263 75.648 L 3.263 64.604 Q 3.263 64.604 3.263 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 64.604 L 47.207 64.604 Q 47.207 64.604 47.207 64.604 L 47.207 75.648 Q 47.207 75.648 47.207 75.648 L 29.156 75.648 Q 29.156 75.648 29.156 75.648 L 29.156 64.604 Q 29.156 64.604 29.156 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 82.445 L 21.317 82.445 Q 21.317 82.445 21.317 82.445 L 21.317 93.49 Q 21.317 93.49 21.317 93.49 L 3.263 93.49 Q 3.263 93.49 3.263 93.49 L 3.263 82.445 Q 3.263 82.445 3.263 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 82.445 L 47.207 82.445 Q 47.207 82.445 47.207 82.445 L 47.207 93.49 Q 47.207 93.49 47.207 93.49 L 29.156 93.49 Q 29.156 93.49 29.156 93.49 L 29.156 82.445 Q 29.156 82.445 29.156 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g></g></g></g></g></g></svg>
\ No newline at end of file
diff --git a/libnetwork/docs/images/multi_tenant_8021q_vlans.gliffy b/libnetwork/docs/images/multi_tenant_8021q_vlans.gliffy
new file mode 100644
index 0000000000000..40eed17270d0d
--- /dev/null
+++ b/libnetwork/docs/images/multi_tenant_8021q_vlans.gliffy
@@ -0,0 +1 @@
+{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":389,"height":213,"nodeIndex":276,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":5,"y":6.6999969482421875},"max":{"x":389,"y":212.14285409109937}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":64.0,"y":36.0,"rotation":0.0,"id":216,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#e69138","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-12.0,33.0],[84.0,33.0],[84.0,86.0],[120.0,86.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":190.0,"y":32.0,"rotation":0.0,"id":254,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#f1c232","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-142.0,16.0],[54.0,16.0],[54.0,115.0],[87.0,115.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":133.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":226,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":15.147567221510933,"y":139.96785409109907,"rotation":0.0,"id":115,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":29,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":116,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":17,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":117,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":26,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887324033,-1.055138662316466],[1.3318647887324033,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":118,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":119,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":120,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":121,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container1 - vlan10</span></span></p><p style=\"text-align:center;\"><span style=\"\">192.168.1.2/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":68.0,"y":82.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"text-decoration:none;font-family:Arial;font-size:12px;\"><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":4.1999969482421875,"rotation":0.0,"id":187,"width":108.99999999999999,"height":19.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0 - 802.1q trunk</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":282.0,"y":8.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":32,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.0,"y":55.0,"rotation":0.0,"id":210,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#e06666","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-8.0,11.0],[-8.0,34.0],[26.0,34.0],[26.0,57.0]],"lockSegments":{},"ortho":true}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":12.805718530101615,"y":11.940280333547719,"rotation":0.0,"id":134,"width":59.31028146989837,"height":83.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":35,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":64.0,"y":73.19999694824219,"rotation":0.0,"id":211,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.10</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":65.0,"y":52.19999694824219,"rotation":0.0,"id":212,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.20</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.386363636363733,"y":108.14285409109937,"rotation":0.0,"id":219,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":139.1475672215109,"y":139.96785409109907,"rotation":0.0,"id":227,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":55,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":228,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":43,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":229,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":52,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":232,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":232,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887323891,-1.055138662316466],[1.3318647887323891,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":230,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":49,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":231,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":46,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":232,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":41,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":233,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":54,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container2 - vlan20</span></span></p><p style=\"text-align:center;\"><span style=\"\">172.16.1.2/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":259.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":248,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":56,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":265.14756722151094,"y":139.96785409109907,"rotation":0.0,"id":241,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":73,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":242,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":61,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":243,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":70,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":246,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887323891,-1.055138662316466],[1.3318647887323891,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":244,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":67,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":245,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":64,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":246,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":59,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":247,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":72,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container3 - vlan30</span></span></p><p style=\"text-align:center;\"><span style=\"\">10.1.1.2/16</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":65.0,"y":31.199996948242188,"rotation":0.0,"id":253,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":74,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.30</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":44.49612211422149,"y":17.874999999999943,"rotation":0.0,"id":266,"width":275.00609168449375,"height":15.70000000000006,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":75,"lockAspectRatio":false,"lockShape":false,"children":[{"x":68.50387788577851,"y":43.12500000000006,"rotation":0.0,"id":258,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-31.924999999999997],[197.00221379871527,-31.925000000000153]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":68.50387788577851,"y":38.55333333333314,"rotation":0.0,"id":262,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.50387788577851,"y":40.7533333333331,"rotation":0.0,"id":261,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":5,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#e06666","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.50387788577851,"y":42.88666666666643,"rotation":0.0,"id":260,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":3,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#e69138","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":73.50387788577851,"y":43.95333333333309,"rotation":0.0,"id":259,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#ffe599","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":248.0,"y":51.19999694824219,"rotation":0.0,"id":207,"width":143.0,"height":70.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">Network Router (gateway)</span></p><p style=\"text-align:left;\"><span style=\"\">vlan10 - 192.168.1.1/24</span></p><p style=\"text-align:left;\"><span style=\"\">vlan20 -&nbsp;</span><span style=\"\">172.16.1.1/24</span></p><p style=\"text-align:left;\"><span style=\"\">vlan30 -&nbsp;</span><span style=\"\">10.1.1.1/16</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":3.0,"y":88.19999694824219,"rotation":0.0,"id":272,"width":77.99999999999999,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":76,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Docker Host</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":80}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#e06666","strokeWidth":2,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457586821719,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/libnetwork/docs/images/multi_tenant_8021q_vlans.png b/libnetwork/docs/images/multi_tenant_8021q_vlans.png
new file mode 100644
index 0000000000000..a38633cdbc230
Binary files /dev/null and b/libnetwork/docs/images/multi_tenant_8021q_vlans.png differ
diff --git a/libnetwork/docs/images/multi_tenant_8021q_vlans.svg b/libnetwork/docs/images/multi_tenant_8021q_vlans.svg
new file mode 100644
index 0000000000000..5c6c6070a669c
--- /dev/null
+++ b/libnetwork/docs/images/multi_tenant_8021q_vlans.svg
@@ -0,0 +1 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="409" height="232.14285409109937"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs><linearGradient id="RKkzpzQhZTCk" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="SeALyqvahCFZ" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="KIKSmddbxdCC" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient></defs><g transform="translate(0,0)"><g><rect fill="#ffffff" stroke="none" x="0" y="0" width="409" height="232.14285409109937"/></g><g transform="matrix(1,0,0,1,49.49612211422149,23.274999999999892)"><g transform="translate(0,0)"><g transform="translate(-118,-61.828333333333035) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#ffe599" d="M 53.99612211422149 27.77500000000007 L 315.0022137987153 27.774999999999892" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46.49612211422149,22.20833333333323)"><g transform="translate(0,0)"><g transform="translate(-115,-60.76166666666637) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e69138" d="M 50.99612211422149 26.708333333333407 L 312.0022137987153 26.70833333333323" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46.49612211422149,20.074999999999903)"><g transform="translate(0,0)"><g transform="translate(-115,-58.628333333333046) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e06666" d="M 50.99612211422149 24.57500000000008 L 312.0022137987153 24.574999999999903" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,44.49612211422149,17.874999999999943)"><g transform="translate(0,0)"><g transform="translate(-113,-56.428333333333086) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 48.99612211422149 22.37500000000012 L 310.0022137987153 22.374999999999943" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,44.49612211422149,24.574999999999847)"><g transform="translate(0,0)"><g transform="translate(-113,-61) translate(68.50387788577851,36.42500000000015) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 48.99612211422149 29.075000000000003 L 310.0022137987153 29.074999999999847" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46,63)"><g transform="translate(0,0)"><g transform="translate(-64,-36) translate(18,-27) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e69138" d="M 52 69 L 138 69 Q 148 69 148 79 L 148 112 Q 148 122 158 122 L 184 122" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="matrix(1,0,0,1,42,42)"><g transform="translate(0,0)"><g transform="translate(-190,-32) translate(148,-10) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#f1c232" d="M 48 48 L 234 48 Q 244 48 244 58 L 244 137 Q 244 147 254 147 L 277 147" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,133.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,46.65404609475037,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#RKkzpzQhZTCk)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#RKkzpzQhZTCk)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,50.53252582967698,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-53.7573249679898,-143.64485245977795) translate(3.224799138312825,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 55.03252582967698 143.9965653472169 L 55.03252582967698 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,78.11478334058147,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-83.50230524967998,-145.05170400953324) translate(5.38752190909851,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 82.61478334058147 143.9965653472165 L 82.61478334058147 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,64.35179257362361,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-67.51992778489121,-145.05170400953324) translate(3.1681352112675967,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 68.85179257362361 143.99656534721677 L 68.85179257362361 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,17,177)"><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan10</text></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="12" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="12" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="79" y="26">24</text></g></g><g transform="matrix(1,0,0,1,70,90)"><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g/></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="matrix(1,0,0,1,73,7)"><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="106" height="19" fill-opacity="0"/></g></g><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="106" height="14" fill-opacity="0"/></g></g><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="0" width="102" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="3" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="26" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="37" y="12">802</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="60" y="12">1q</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="77" y="12">trunk</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,282,8)"><g><g transform="translate(0,0) scale(0.6083333333333336,0.6104050109462419)"><g><g><path fill="#3966A0" stroke="rgb(0,0,0)" d="M 102.635 0 C 93.815 0 86.371 6.797 85.395 15.43 L 4.554 15.43 C 2.043 15.431 0 17.473 0 19.984 L 0 53.338 C 0 55.849 2.043 57.892 4.554 57.892 L 8.016 57.892 L 8.016 65.776 L 96.471 65.776 L 96.471 57.892 L 99.672 57.892 C 102.184 57.892 104.227 55.849 104.227 53.338 L 104.227 34.655 C 107.211 34.382 109.971 33.334 112.331 31.735 L 112.331 31.735 C 112.785 31.428 113.223 31.1 113.643 30.753 C 113.655 30.744 113.665 30.734 113.676 30.725 C 114.093 30.38 114.492 30.017 114.875 29.635 C 114.875 29.635 114.887 29.623 114.893 29.617 C 118.039 26.471 120 22.143 120 17.365 C 120 7.79 112.21 0 102.635 0 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 102.688 3.191 C 94.836 3.191 88.45 9.579 88.45 17.43 C 88.45 25.281 94.838 31.669 102.688 31.669 C 110.54 31.669 116.926 25.281 116.926 17.43 C 116.926 9.579 110.539 3.191 102.688 3.191 Z M 97.377 20.901 C 97.118 20.901 96.859 20.802 96.662 20.605 C 96.267 20.21 96.267 19.569 96.662 19.174 L 97.412 18.424 L 91.228 18.424 C 90.669 18.424 90.216 17.971 90.216 17.412 C 90.216 16.853 90.67 16.4 91.229 16.4 L 97.414 16.4 L 96.699 15.686 C 96.303 15.291 96.303 14.65 96.699 14.255 C 97.095 13.86 97.735 13.86 98.13 14.255 L 100.571 16.696 C 100.665 16.79 100.739 16.902 100.791 17.026 C 100.894 17.273 100.894 17.552 100.791 17.799 C 100.739 17.924 100.665 18.036 100.571 18.129 L 98.093 20.605 C 97.895 20.802 97.637 20.901 97.377 20.901 Z M 105.863 25.522 L 103.422 27.963 C 103.225 28.161 102.965 28.259 102.707 28.259 C 102.698 28.259 102.689 28.254 102.68 28.254 C 102.671 28.254 102.663 28.259 102.655 28.259 C 102.305 28.259 102.012 28.07 101.83 27.801 L 99.515 25.484 C 99.119 25.089 99.119 24.448 99.515 24.053 C 99.91 23.658 100.55 23.658 100.945 24.053 L 101.644 24.752 L 101.644 9.174 L 100.945 9.873 C 100.748 10.071 100.488 10.169 100.23 10.169 C 99.97 10.169 99.711 10.07 99.515 9.873 C 99.119 9.478 99.119 8.837 99.515 8.442 L 101.954 6 C 102.35 5.605 102.988 5.605 103.385 6 L 105.864 8.478 C 106.26 8.873 106.26 9.514 105.864 9.909 C 105.667 10.107 105.408 10.205 105.149 10.205 C 104.889 10.205 104.63 10.106 104.434 9.909 L 103.667 9.143 L 103.667 24.857 L 104.434 24.091 C 104.829 23.696 105.468 23.696 105.864 24.091 C 106.258 24.486 106.258 25.126 105.863 25.522 Z M 114.148 18.46 L 107.964 18.46 L 108.677 19.174 C 109.073 19.569 109.073 20.21 108.677 20.605 C 108.48 20.803 108.22 20.901 107.961 20.901 C 107.702 20.901 107.442 20.802 107.246 20.605 L 104.808 18.165 C 104.713 18.072 104.64 17.959 104.587 17.835 C 104.485 17.588 104.485 17.309 104.587 17.062 C 104.64 16.937 104.713 16.825 104.808 16.732 L 107.284 14.255 C 107.68 13.86 108.32 13.86 108.715 14.255 C 109.11 14.65 109.11 15.291 108.715 15.686 L 107.964 16.437 L 114.149 16.437 C 114.708 16.437 115.161 16.89 115.161 17.449 C 115.16 18.008 114.707 18.46 114.148 18.46 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 80.533 36.476 A 3.247 3.247 0 1 0 80.53299837650013 36.47924699945883 Z" opacity="0.5" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 35.006 L 20.39 35.006 L 20.39 24 L 9.278 24 L 9.278 35.006 Z M 10.929 25.567 L 18.819 25.567 L 18.819 31.173 L 16.536 31.173 L 16.536 33.456 L 13.213 33.456 L 13.213 31.173 L 10.93 31.173 L 10.929 25.567 L 10.929 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 35.015 L 35.365 35.015 L 35.365 24.009 L 24.253 24.009 L 24.253 35.015 Z M 25.904 25.576 L 33.794 25.576 L 33.794 31.182 L 31.51 31.182 L 31.51 33.465 L 28.187 33.465 L 28.187 31.182 L 25.904 31.182 L 25.904 25.576 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 50.3 24.009 L 39.188 24.009 L 39.188 35.014 L 50.3 35.014 L 50.3 24.009 Z M 48.729 31.173 L 46.446 31.173 L 46.446 33.456 L 43.123 33.456 L 43.123 31.173 L 40.84 31.173 L 40.84 25.567 L 48.73 25.567 L 48.729 31.173 L 48.729 31.173 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 35.023 L 65.234 35.023 L 65.234 24.018 L 54.123 24.018 L 54.123 35.023 Z M 55.774 25.567 L 63.664 25.567 L 63.664 31.173 L 61.38 31.173 L 61.38 33.456 L 58.057 33.456 L 58.057 31.173 L 55.774 31.173 L 55.774 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 49.95 L 20.39 49.95 L 20.39 38.944 L 9.278 38.944 L 9.278 49.95 Z M 10.929 40.502 L 18.819 40.502 L 18.819 46.108 L 16.536 46.108 L 16.536 48.391 L 13.213 48.391 L 13.213 46.108 L 10.93 46.108 L 10.929 40.502 L 10.929 40.502 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 49.958 L 35.365 49.958 L 35.365 38.953 L 24.253 38.953 L 24.253 49.958 Z M 25.904 40.52 L 33.794 40.52 L 33.794 46.126 L 31.51 46.126 L 31.51 48.408 L 28.187 48.408 L 28.187 46.126 L 25.904 46.126 L 25.904 40.52 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 39.228 49.966 L 50.34 49.966 L 50.34 38.962 L 39.228 38.962 L 39.228 49.966 Z M 40.839 40.511 L 48.729 40.511 L 48.729 46.117 L 46.446 46.117 L 46.446 48.4 L 43.123 48.4 L 43.123 46.117 L 40.84 46.117 L 40.839 40.511 L 40.839 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 49.966 L 65.234 49.966 L 65.234 38.962 L 54.123 38.962 L 54.123 49.966 Z M 55.774 40.511 L 63.664 40.511 L 63.664 46.117 L 61.38 46.117 L 61.38 48.4 L 58.057 48.4 L 58.057 46.117 L 55.774 46.117 L 55.774 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 11.504 57.898 L 92.919 57.898 Q 92.919 57.898 92.919 57.898 L 92.919 62.69 Q 92.919 62.69 92.919 62.69 L 11.504 62.69 Q 11.504 62.69 11.504 62.69 L 11.504 57.898 Q 11.504 57.898 11.504 57.898 Z" opacity="0.7" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 85.525 18.936 L 5.082 18.936 C 4.255 18.936 3.582 19.609 3.582 20.436 L 3.582 53.397 C 3.582 54.224 4.255 54.897 5.082 54.897 L 11.504 54.897 L 92.919 54.897 L 99.082 54.897 C 99.909 54.897 100.582 54.224 100.582 53.397 L 100.582 34.526 C 92.561 33.543 86.232 27.039 85.525 18.936 Z M 20.389 49.95 L 9.278 49.95 L 9.278 38.944 L 20.39 38.944 L 20.389 49.95 L 20.389 49.95 Z M 20.389 35.006 L 9.278 35.006 L 9.278 24 L 20.39 24 L 20.389 35.006 L 20.389 35.006 Z M 35.365 49.958 L 24.253 49.958 L 24.253 38.953 L 35.365 38.953 L 35.365 49.958 Z M 35.365 35.015 L 24.253 35.015 L 24.253 24.009 L 35.365 24.009 L 35.365 35.015 Z M 39.188 24.009 L 50.3 24.009 L 50.3 35.014 L 39.188 35.014 L 39.188 24.009 Z M 50.34 49.966 L 39.228 49.966 L 39.228 38.962 L 50.34 38.962 L 50.34 49.966 Z M 65.234 49.966 L 54.123 49.966 L 54.123 38.962 L 65.234 38.962 L 65.234 49.966 Z M 65.234 35.023 L 54.123 35.023 L 54.123 24.018 L 65.234 24.018 L 65.234 35.023 Z M 77.286 39.723 C 75.493 39.723 74.039 38.269 74.039 36.476 C 74.039 34.683 75.493 33.229 77.286 33.229 C 79.079 33.229 80.533 34.683 80.533 36.476 C 80.533 38.269 79.08 39.723 77.286 39.723 Z M 89.541 39.723 C 87.748 39.723 86.294 38.269 86.294 36.476 C 86.294 34.683 87.748 33.229 89.541 33.229 C 91.334 33.229 92.788 34.683 92.788 36.476 C 92.787 38.269 91.334 39.723 89.541 39.723 Z" opacity="0.93" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,250,51)"><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="70" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="47" y="12">Router</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="12"> (</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="12">gateway</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="135" y="12">)</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="127" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="26">vlan10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="26"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="89" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="99" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="103" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="109" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="113" y="26">24</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="47" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="40">vlan20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="40"> -&#160;</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="46" y="28" width="74" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="40">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="40">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="86" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="96" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="103" y="40">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="106" y="40">24</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="47" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="54">vlan30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="54"> -&#160;</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="46" y="42" width="61" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="54">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="79" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="89" y="54">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="54">16</text></g></g><g transform="matrix(1,0,0,1,48,60)"><g transform="translate(0,0)"><g transform="translate(-62,-55) translate(14,-5) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e06666" d="M 54 66 L 54 79 Q 54 89 64 89 L 78 89 Q 88 89 88 99 L 88 112" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,12.805718530101615,11.940280333547719)"><g><g transform="translate(0,0) scale(0.8417223432141461,0.83)"><g><g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 16.22 L -1.393 16.22 L -1.393 99.52 L 52.371 99.52" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 99.52 L 69.07 82.82 L 69.07 -0.48 L 19.98 -0.48 L -1.393 16.22 L 52.371 16.22 L 52.371 99.52 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 52.371 16.22 L 69.07 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 25.3 16.22 L 25.3 99.52" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 26.149 16.22 L 44.316 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 23.823 L 21.317 23.823 Q 21.317 23.823 21.317 23.823 L 21.317 34.868 Q 21.317 34.868 21.317 34.868 L 3.263 34.868 Q 3.263 34.868 3.263 34.868 L 3.263 23.823 Q 3.263 23.823 3.263 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 23.823 L 47.207 23.823 Q 47.207 23.823 47.207 23.823 L 47.207 34.868 Q 47.207 34.868 47.207 34.868 L 29.156 34.868 Q 29.156 34.868 29.156 34.868 L 29.156 23.823 Q 29.156 23.823 29.156 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 64.604 L 21.317 64.604 Q 21.317 64.604 21.317 64.604 L 21.317 75.648 Q 21.317 75.648 21.317 75.648 L 3.263 75.648 Q 3.263 75.648 3.263 75.648 L 3.263 64.604 Q 3.263 64.604 3.263 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 64.604 L 47.207 64.604 Q 47.207 64.604 47.207 64.604 L 47.207 75.648 Q 47.207 75.648 47.207 75.648 L 29.156 75.648 Q 29.156 75.648 29.156 75.648 L 29.156 64.604 Q 29.156 64.604 29.156 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 82.445 L 21.317 82.445 Q 21.317 82.445 21.317 82.445 L 21.317 93.49 Q 21.317 93.49 21.317 93.49 L 3.263 93.49 Q 3.263 93.49 3.263 93.49 L 3.263 82.445 Q 3.263 82.445 3.263 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 82.445 L 47.207 82.445 Q 47.207 82.445 47.207 82.445 L 47.207 93.49 Q 47.207 93.49 47.207 93.49 L 29.156 93.49 Q 29.156 93.49 29.156 93.49 L 29.156 82.445 Q 29.156 82.445 29.156 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g></g></g></g></g><g transform="matrix(1,0,0,1,66,73)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">10</text></g></g><g transform="matrix(1,0,0,1,67,52)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">20</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,7.386363636363733,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,170.65404609475036,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#SeALyqvahCFZ)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#SeALyqvahCFZ)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,174.53252582967698,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-177.7573249679898,-143.64485245977795) translate(3.224799138312818,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 179.03252582967698 143.9965653472169 L 179.03252582967698 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,202.11478334058148,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-207.50230524967998,-145.05170400953324) translate(5.387521909098496,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 206.61478334058148 143.9965653472165 L 206.61478334058148 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,188.35179257362358,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-191.5199277848912,-145.05170400953324) translate(3.168135211267611,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 192.85179257362358 143.99656534721677 L 192.85179257362358 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,141,177)"><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan20</text></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="14" width="74" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="16" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="52" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="62" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="72" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="26">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,259.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,296.65404609475036,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#KIKSmddbxdCC)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#KIKSmddbxdCC)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,300.53252582967696,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-303.7573249679898,-143.64485245977795) translate(3.2247991383128465,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 305.03252582967696 143.9965653472169 L 305.03252582967696 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,328.1147833405815,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-333.50230524968,-145.05170400953324) translate(5.387521909098496,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 332.6147833405815 143.9965653472165 L 332.6147833405815 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,314.3517925736236,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-317.5199277848912,-145.05170400953324) translate(3.168135211267611,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 318.8517925736236 143.99656534721677 L 318.8517925736236 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,267,177)"><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container3</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan30</text></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="22" y="14" width="61" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="22" y="26">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="49" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">16</text></g></g><g transform="matrix(1,0,0,1,67,31)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">30</text></g></g><g transform="matrix(1,0,0,1,5,95)"><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="28" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="4" y="12">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="12">Host</text></g></g></g></svg>
\ No newline at end of file
diff --git a/libnetwork/docs/images/network_flow_bridge.png b/libnetwork/docs/images/network_flow_bridge.png
new file mode 100644
index 0000000000000..4660f9fe34c1b
Binary files /dev/null and b/libnetwork/docs/images/network_flow_bridge.png differ
diff --git a/libnetwork/docs/images/network_flow_overlay.png b/libnetwork/docs/images/network_flow_overlay.png
new file mode 100644
index 0000000000000..6606acb1c33a8
Binary files /dev/null and b/libnetwork/docs/images/network_flow_overlay.png differ
diff --git a/libnetwork/docs/images/vlans-deeper-look.gliffy b/libnetwork/docs/images/vlans-deeper-look.gliffy
new file mode 100644
index 0000000000000..4d9f2761c444a
--- /dev/null
+++ b/libnetwork/docs/images/vlans-deeper-look.gliffy
@@ -0,0 +1 @@
+{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":566,"height":581,"nodeIndex":500,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":-3,"y":-1.0100878848684474},"max":{"x":566,"y":581}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":-5.0,"y":-1.0100878848684474,"rotation":0.0,"id":499,"width":569.0,"height":582.0100878848684,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":103,"lockAspectRatio":false,"lockShape":false,"children":[{"x":374.0,"y":44.510087884868476,"rotation":0.0,"id":497,"width":145.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":101,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Network &amp;&nbsp;</span></span><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">other </span></span></p><p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Docker Hosts</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":157.40277777777783,"y":108.18042331083174,"rotation":0.0,"id":492,"width":121.19444444444446,"height":256.03113588084784,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":99,"lockAspectRatio":false,"lockShape":false,"children":[{"x":-126.13675213675185,"y":31.971494223140525,"rotation":180.0,"id":453,"width":11.1452323717951,"height":61.19357171974171,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":57,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#38761d","fillColor":"#38761d","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-121.4915197649562,-156.36606993796556],[-121.49151976495622,-99.52846483047983],[-229.68596420939843,-99.52846483047591],[-229.68596420939843,-34.22088765589871]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":289.82598824786317,"y":137.23816896148608,"rotation":180.0,"id":454,"width":11.1452323717951,"height":61.19357171974171,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":55,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#38761d","fillColor":"#38761d","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[291.05455395299924,191.93174068122784],[291.05455395299924,106.06051735724502],[186.27677617521402,106.06051735724502],[186.27677617521402,69.78655839914467]],"lockSegments":{},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":372.0,"y":332.0100878848684,"rotation":0.0,"id":490,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":97,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":9.5,"rotation":0.0,"id":365,"width":141.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":98,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">&nbsp;Parent: <span style=\"font-weight:bold;\">eth0.30</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN: <span style=\"font-weight:bold;\">30</span></span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":342,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":96,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#eb6c6c","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":52.0,"y":332.0100878848684,"rotation":0.0,"id":489,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":92,"lockAspectRatio":false,"lockShape":false,"children":[{"x":1.0,"y":10.5,"rotation":0.0,"id":367,"width":138.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":93,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\"><span style=\"\">Parent</span>: <span style=\"font-weight:bold;\">eth0.10</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN ID</span><span style=\"font-size:18px;font-family:Arial;\">:</span><span style=\"font-size:18px;font-weight:bold;font-family:Arial;\"> <span style=\"\">10</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":340,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":91,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#5fcc5a","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":289.40277777777794,"y":126.43727235088903,"rotation":0.0,"id":486,"width":121.19444444444446,"height":250.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":88,"lockAspectRatio":false,"lockShape":false,"children":[{"x":236.18596420940128,"y":158.89044937932732,"rotation":0.0,"id":449,"width":11.1452323717951,"height":59.50782702798556,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":53,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#cc0000","fillColor":"#cc0000","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-121.49151976495682,-152.05853787273531],[-121.49151976495682,-81.64750068755309],[-229.68596420940125,-81.64750068755139],[-229.68596420940125,-33.27817949077674]],"lockSegments":{},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":-179.77677617521388,"y":56.523633779319084,"rotation":0.0,"id":450,"width":11.1452323717951,"height":59.50782702798556,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":51,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#cc0000","fillColor":"#cc0000","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[291.0545539529992,186.6444547140887],[291.0545539529992,117.79470574474337],[186.276776175214,117.79470574474337],[186.276776175214,67.8640963321146]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":447.0,"y":150.01008788486848,"rotation":0.0,"id":472,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":87,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":473,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":86,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":474,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":84,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":475,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":82,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":368.0,"y":101.71008483311067,"rotation":0.0,"id":477,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":80,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.30.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":350.51767083236393,"y":87.47159983339776,"rotation":0.0,"id":478,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":79,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#cc0000","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":94.0,"y":155.01008788486848,"rotation":0.0,"id":463,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":78,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":464,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":77,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":465,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":75,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":466,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":73,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":80.0,"y":109.71008483311067,"rotation":0.0,"id":468,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":71,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.10.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.51767083236396,"y":95.47159983339776,"rotation":0.0,"id":469,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":70,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#38761d","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":341.0,"y":40.010087884868476,"rotation":0.0,"id":460,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":69,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":417,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":68,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":418,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":66,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":419,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":64,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":198.51767083236396,"y":41.471599833397754,"rotation":0.0,"id":459,"width":175.20345848455912,"height":79.73848499971291,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":62,"lockAspectRatio":false,"lockShape":false,"children":[{"x":17.482329167636067,"y":14.23848499971291,"rotation":0.0,"id":458,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":61,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.20.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":330,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":59,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#ff9900","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":279.0,"y":129.01008788486848,"rotation":0.0,"id":440,"width":5.0,"height":227.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":49,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#ff9900","fillColor":"#ff9900","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[4.000000000000057,-25.08952732449731],[4.000000000000114,176.01117206537933]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":56.0,"y":503.0913886978766,"rotation":0.0,"id":386,"width":135.0,"height":20.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":48,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Frontend</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.0,"y":420.0100878848684,"rotation":0.0,"id":381,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":41,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":382,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":383,"width":98.00597014925374,"height":44.0,"uid":null,"order":47,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.10.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":384,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":385,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":382.0,"y":420.0100878848684,"rotation":0.0,"id":376,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":31,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":377,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":378,"width":98.00597014925374,"height":44.0,"uid":null,"order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.30.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":379,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":32,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":380,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":214.0,"y":503.0100878848685,"rotation":0.0,"id":374,"width":135.0,"height":20.162601626016258,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Backend</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":376.0,"y":502.0100878848684,"rotation":0.0,"id":373,"width":135.0,"height":20.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":26,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Credit Cards</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":627.0,"y":99.94304076572786,"rotation":0.0,"id":364,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":25,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":363,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":342,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-183.0,310.0670471191406],[-183.0,292.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":372.0,"y":410.0100878848684,"rotation":0.0,"id":363,"width":144.0,"height":117.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#eb6c6c","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":218.0,"y":341.5100878848684,"rotation":0.0,"id":366,"width":132.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Parent: <span style=\"font-weight:bold;\">eth0.20</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN ID: <span style=\"font-weight:bold;\">20</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":297.0,"y":89.94304076572786,"rotation":0.0,"id":356,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":22,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":353,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":343,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-13.0,320.0670471191406],[-13.0,302.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":222.0,"y":420.0100878848684,"rotation":0.0,"id":348,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":21,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":349,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":350,"width":98.00597014925374,"height":44.0,"uid":null,"order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.20.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":351,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":352,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":13,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":212.0,"y":410.0100878848684,"rotation":0.0,"id":353,"width":144.0,"height":119.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#fca13f","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":212.0,"y":332.0100878848684,"rotation":0.0,"id":343,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#fca13f","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":203.0,"y":307.5100878848684,"rotation":0.0,"id":333,"width":160.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:20px;font-family:Arial;\"><span style=\"font-weight:bold;\">eth0</span>&nbsp;Interface</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":303.0,"y":240.51008788486845,"rotation":0.0,"id":323,"width":261.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":8,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-weight:bold;font-family:Arial;\">802.1Q Trunk - </span><span style=\"font-size:14px;font-family:Arial;\"><span style=\"font-style:italic;\">can be a single Ethernet link or Multiple Bonded Ethernet links</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.0,"y":291.0100878848684,"rotation":0.0,"id":290,"width":497.0,"height":80.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":543.5100878848684,"rotation":0.0,"id":282,"width":569.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":6,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Docker Host</span></span><span style=\"font-size:14px;font-style:italic;\">: Frontend, Backend &amp; Credit Card App Tiers are&nbsp;<span style=\"font-weight:bold;\">Isolated</span></span><span style=\"font-size:14px;\">&nbsp;but can still communicate inside <span style=\"font-weight:bold;\">parent</span> interface or any other Docker hosts using the <span style=\"font-weight:bold;\">VLAN ID</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":-33.0,"y":79.94304076572786,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":5,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":345,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":340,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[157.0,330.0670471191406],[157.0,312.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":52.0,"y":410.0100878848684,"rotation":0.0,"id":345,"width":144.0,"height":119.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#5fcc5a","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":323.0100878848684,"rotation":0.0,"id":276,"width":531.0,"height":259.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":3,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":19.609892022503004,"y":20.27621073737908,"rotation":355.62347411485274,"id":246,"width":540.0106597126834,"height":225.00000000000003,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":2,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":1.0,"y":99.94304076572786,"rotation":0.0,"id":394,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":3.0,"strokeColor":"#666666","fillColor":"#999999","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[261.0,233.5670471191406],[261.0,108.05111187584177]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":44.0,"y":90.94304076572786,"rotation":0.0,"id":481,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":3.0,"strokeColor":"#666666","fillColor":"#999999","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[261.0,233.56704711914062],[261.0,108.05111187584174]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":104}],"shapeStyles":{},"lineStyles":{"global":{"fill":"#999999","stroke":"#38761d","strokeWidth":3,"dashStyle":"1.0,1.0","orthoMode":2}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"14px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458117295143,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/libnetwork/docs/images/vlans-deeper-look.png b/libnetwork/docs/images/vlans-deeper-look.png
new file mode 100644
index 0000000000000..32d95f600e1d0
Binary files /dev/null and b/libnetwork/docs/images/vlans-deeper-look.png differ
diff --git a/libnetwork/docs/images/vlans-deeper-look.svg b/libnetwork/docs/images/vlans-deeper-look.svg
new file mode 100644
index 0000000000000..96cd21d52ff3c
--- /dev/null
+++ b/libnetwork/docs/images/vlans-deeper-look.svg
@@ -0,0 +1 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="586" height="601"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs/><g transform="translate(0,0)"><g><rect fill="#FFFFFF" stroke="none" x="0" y="0" width="586" height="601"/></g><g transform="matrix(1,0,0,1,295,192.98406475670114)"><g transform="translate(0,0)"><g transform="translate(-39,-89.9329528808594) translate(-256,-103.05111187584174) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#666666" d="M 300 323.5 L 300 197.98406475670114" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,295,192.98406475670114)"><g transform="translate(0,0)"><g transform="translate(-39,-89.9329528808594) translate(-256,-103.05111187584174) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 300 323.5 L 300 197.98406475670114" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,252,201.98406475670117)"><g transform="translate(0,0)"><g transform="translate(4,-98.9329528808594) translate(-256,-103.05111187584177) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#666666" d="M 257 332.5 L 257 206.98406475670117" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,252,201.98406475670117)"><g transform="translate(0,0)"><g transform="translate(4,-98.9329528808594) translate(-256,-103.05111187584177) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 257 332.5 L 257 206.98406475670117" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="translate(0,0) matrix(0.9970841003774397,-0.07631052859541608,0.07631052859541608,0.9970841003774397,6.812265994936054,40.19841100496578)"><g><g transform="translate(0,0) scale(5.40007959672885,3.87815826436388) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#999999" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,15,322)"><g><g transform="translate(0,0) scale(5.31,2.59)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.18832391713747648,0.3861003861003861)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 521 0 Q 531 0 531 10 L 531 249 Q 531 259 521 259 L 10 259 Q 0 259 0 249 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 521 0 Q 531 0 531 10 L 531 249 Q 531 259 521 259 L 10 259 Q 0 259 0 249 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,47,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.004201680672269)"><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#5fcc5a" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,115,387)"><g transform="translate(0,0)"><g transform="translate(38,-78.9329528808594) translate(-153,-308.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 119 409 L 119 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,-3,543)"><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="566" height="32" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="566" height="32" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="25" y="0" width="83" height="16" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="25" y="0" width="83" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="25" y="14">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="76" y="14">Host</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="108" y="0" width="360" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="108" y="14">:</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="115" y="14">Frontend</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="171" y="14">,</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="179" y="14">Backend</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="234" y="14"> &amp;</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="251" y="14">Credit</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="292" y="14">Card</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="326" y="14">App</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="355" y="14">Tiers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="390" y="14">are</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="414" y="0" width="53" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="bold" text-decoration="" line-height="16.5px" x="414" y="14">Isolated</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="467" y="0" width="515" height="32" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="471" y="14">but</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="494" y="14">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="521" y="14">still</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="27" y="30">communicate</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="114" y="30">inside</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="201" y="30">interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="258" y="30">or</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="275" y="30">any</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="301" y="30">other</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="337" y="30">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="385" y="30">hosts</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="423" y="30">using</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="460" y="30">the</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="154" y="16" width="44" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="154" y="30">parent</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="483" y="16" width="57" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="483" y="30">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="525" y="30">ID</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,31,290)"><g transform="translate(4,4) scale(1.0010060362173039,1.00625)"><g><g transform="translate(0,0) scale(4.97,0.8)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.2012072434607646,1.25)"><path fill="#000000" stroke="none" d="M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(4.97,0.8)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.2012072434607646,1.25)"><path fill="#cccccc" stroke="none" d="M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,300,248)"><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="258" height="48" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="258" height="32" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="0" width="101" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="3" y="14">802</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="27" y="14">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="31" y="14">1Q</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="53" y="14">Trunk</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="91" y="14"> -</text></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="104" y="0" width="242" height="32" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="104" y="0" width="242" height="32" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="104" y="14">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="130" y="14">be</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="150" y="14">a</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="161" y="14">single</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="202" y="14">Ethernet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="14" y="30">link</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="39" y="30">or</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="55" y="30">Multiple</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="107" y="30">Bonded</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="159" y="30">Ethernet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="216" y="30">links</text></g></g><g transform="matrix(1,0,0,1,200,307)"><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="157" height="22" fill-opacity="0"/></g></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="157" height="22" fill-opacity="0"/></g></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="125" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="normal" text-decoration="" line-height="22.75px" x="63" y="19">Interface</text></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="42" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="16" y="19">eth0</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,207,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#fca13f" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,207,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.004201680672269)"><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#fca13f" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,234.91044776119404,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,225.955223880597,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,217,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,227,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="matrix(1,0,0,1,275,387)"><g transform="translate(0,0)"><g transform="translate(-292,-88.9329528808594) translate(17,-298.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 279 409 L 279 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,215,341)"><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="129" height="40" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="129" height="20" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="0" width="127" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="2" y="17">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="55" y="17">:</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="65" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="65" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="102" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="107" y="17">20</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="129" height="20" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="20" width="101" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="14" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="66" y="37">ID</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="84" y="37">:</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="95" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="95" y="37">20</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,367,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.0042735042735043)"><g><g transform="translate(0,0) scale(1.44,1.17)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8547008547008548)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.17)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8547008547008548)"><path fill="#eb6c6c" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,435,387)"><g transform="translate(0,0)"><g transform="translate(-622,-98.9329528808594) translate(187,-288.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 439 409 L 439 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,373,501)"><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="15" y="0" width="102" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="15" y="17">Credit</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="69" y="17">Cards</text></g></g><g transform="matrix(1,0,0,1,211,502)"><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="31" y="0" width="72" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="31" y="17">Backend</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,394.910447761194,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,385.95522388059703,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,377,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,387,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,74.91044776119404,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,65.95522388059702,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,57,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,67,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="matrix(1,0,0,1,53,502)"><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="30" y="0" width="74" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="30" y="17">Frontend</text></g></g><g transform="matrix(1,0,0,1,271.50000000000006,96.41047267550272)"><g transform="translate(0,0)"><g transform="translate(-274,-128.00000000000003) translate(2.499999999999943,31.58952732449731) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#ff9900" d="M 278.00000000000006 102.91047267550272 M 278.00000000000006 102.91047267550272 L 278.00000000000006 108.91047267550272 M 278.00000000000006 108.91047267550272 M 278.00000000000006 114.91047267550272 L 278.00000000000006 120.91047267550272 M 278.00000000000006 120.91047267550272 M 278.00000000000006 126.91047267550272 L 278.00000000000006 132.91047267550272 M 278.00000000000006 132.91047267550272 M 278.00000000000006 138.91047267550272 L 278.00000000000006 144.91047267550272 M 278.00000000000006 144.91047267550272 M 278.00000000000006 150.91047267550272 L 278.00000000000006 156.91047267550272 M 278.00000000000006 156.91047267550272 M 278.00000000000006 162.91047267550272 L 278.00000000000006 168.91047267550272 M 278.00000000000006 168.91047267550272 M 278.00000000000006 174.91047267550272 L 278.00000000000006 180.91047267550272 M 278.00000000000006 180.91047267550272 M 278.00000000000006 186.91047267550272 L 278.00000000000006 192.91047267550272 M 278.00000000000006 192.91047267550272 M 278.00000000000006 198.91047267550272 L 278.00000000000006 204.91047267550272 M 278.00000000000006 204.91047267550272 M 278.00000000000006 210.91047267550272 L 278.00000000000006 216.91047267550272 M 278.00000000000006 216.91047267550272 M 278.00000000000006 222.91047267550272 L 278.00000000000006 228.91047267550272 M 278.00000000000006 228.91047267550272 M 278.00000000000006 234.91047267550272 L 278.00000000000006 240.91047267550272 M 278.00000000000006 240.91047267550272 M 278.00000000000006 246.91047267550272 L 278.00000000000006 252.91047267550272 M 278.00000000000006 252.91047267550272 M 278.00000000000006 258.9104726755027 L 278.00000000000006 264.9104726755027 M 278.00000000000006 264.9104726755027 M 278.00000000000006 270.9104726755027 L 278.00000000000006 276.9104726755027 M 278.00000000000006 276.9104726755027 M 278.00000000000006 282.9104726755027 L 278.00000000000006 288.9104726755027 M 278.00000000000006 288.9104726755027 M 278.00000000000006 294.9104726755027 L 278.0000000000001 300.9104726755027 M 278.0000000000001 300.9104726755027" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,284.40277777777806,243.31491457745426)"><g transform="translate(0,0)"><g transform="translate(-104.62600160256406,-181.95081824533966) translate(-179.776776175214,-61.3640963321146) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#cc0000" d="M 395.6805555555633 368.59527295942837 M 395.6805555555633 368.59527295942837 L 395.6805555555633 362.59527295942837 M 395.6805555555633 362.59527295942837 M 395.6805555555633 356.59527295942837 L 395.6805555555633 350.59527295942837 M 395.6805555555633 350.59527295942837 M 395.6805555555633 344.59527295942837 L 395.6805555555633 338.59527295942837 M 395.6805555555633 338.59527295942837 M 395.6805555555633 332.59527295942837 L 395.6805555555633 326.59527295942837 M 395.6805555555633 326.59527295942837 M 395.6805555555633 320.59527295942837 L 395.6805555555633 314.59527295942837 M 395.6805555555633 314.59527295942837 M 395.6454730957975 308.5959974887863 Q 395.42473204507803 305.08992137071624 393.81507437340014 302.97276187360467 M 393.81507437340014 302.97276187360467 M 388.7448234749301 300.0250475217899 Q 387.3524512811001 299.74552399008303 385.6805555555633 299.74552399008303 L 382.7625569263178 299.74552399008303 M 382.7625569263178 299.74552399008303 M 376.7625569263178 299.74552399008303 L 370.7625569263178 299.74552399008303 M 370.7625569263178 299.74552399008303 M 364.7625569263178 299.74552399008303 L 358.7625569263178 299.74552399008303 M 358.7625569263178 299.74552399008303 M 352.7625569263178 299.74552399008303 L 346.7625569263178 299.74552399008303 M 346.7625569263178 299.74552399008303 M 340.7625569263178 299.74552399008303 L 334.7625569263178 299.74552399008303 M 334.7625569263178 299.74552399008303 M 328.7625569263178 299.74552399008303 L 322.7625569263178 299.74552399008303 M 322.7625569263178 299.74552399008303 M 316.7625569263178 299.74552399008303 L 310.7625569263178 299.74552399008303 M 310.7625569263178 299.74552399008303 M 304.7625569263178 299.74552399008303 L 300.90277777777806 299.74552399008303 Q 299.7712873305603 299.74552399008303 298.7678239465571 299.6174969268685 M 298.7678239465571 299.6174969268685 M 293.3857693473039 297.228457504614 Q 291.4531834876415 295.28265607285664 291.0247864262038 291.83266584287463 M 291.0247864262038 291.83266584287463 M 290.90277777777806 285.8375555400254 L 290.90277777777806 279.8375555400254 M 290.90277777777806 279.8375555400254 M 290.90277777777806 273.8375555400254 L 290.90277777777806 267.8375555400254 M 290.90277777777806 267.8375555400254 M 290.90277777777806 261.8375555400254 L 290.90277777777806 255.8375555400254 M 290.90277777777806 255.8375555400254 M 290.90277777777806 249.8375555400254 L 290.90277777777806 249.81491457745426" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,284.40277777777794,125.75909597261261)"><g transform="translate(0,0)"><g transform="translate(-520.5887419871792,-284.3176338453479) translate(236.18596420940128,158.55853787273531) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#cc0000" d="M 399.0972222222224 132.2590959726126 M 399.0972222222224 132.2590959726126 L 399.0972222222224 138.2590959726126 M 399.0972222222224 138.2590959726126 M 399.0972222222224 144.2590959726126 L 399.0972222222224 150.2590959726126 M 399.0972222222224 150.2590959726126 M 399.0972222222224 156.2590959726126 L 399.0972222222224 162.2590959726126 M 399.0972222222224 162.2590959726126 M 399.0972222222224 168.2590959726126 L 399.0972222222224 174.2590959726126 M 399.0972222222224 174.2590959726126 M 399.0972222222224 180.2590959726126 L 399.0972222222224 186.2590959726126 M 399.0972222222224 186.2590959726126 M 399.0972222222224 192.2590959726126 L 399.0972222222224 192.67013315779485 Q 399.0972222222224 195.91836389834842 398.0421219278347 198.11149434451426 M 398.0421219278347 198.11149434451426 M 393.6659405128273 201.97829744802294 Q 391.72749922241087 202.67013315779496 389.0972222222224 202.67013315779502 L 387.7405118088071 202.67013315779505 M 387.7405118088071 202.67013315779505 M 381.7405118088071 202.67013315779514 L 375.7405118088071 202.67013315779522 M 375.7405118088071 202.67013315779522 M 369.7405118088071 202.6701331577953 L 363.7405118088071 202.6701331577954 M 363.7405118088071 202.6701331577954 M 357.7405118088071 202.67013315779548 L 351.7405118088071 202.67013315779556 M 351.7405118088071 202.67013315779556 M 345.7405118088071 202.67013315779565 L 339.7405118088071 202.67013315779573 M 339.7405118088071 202.67013315779573 M 333.7405118088071 202.67013315779585 L 327.7405118088071 202.67013315779593 M 327.7405118088071 202.67013315779593 M 321.7405118088071 202.67013315779604 L 315.7405118088071 202.67013315779613 M 315.7405118088071 202.67013315779613 M 309.7405118088071 202.67013315779624 L 303.7405118088071 202.67013315779633 M 303.7405118088071 202.67013315779633 M 297.7598678856485 202.9657135423712 Q 294.4328042761472 203.65647640532174 292.72003362291935 205.9615322245457 M 292.72003362291935 205.9615322245457 M 290.93300792210687 211.60072437358687 Q 290.90277777777794 212.12031369352724 290.90277777777794 212.67013315779656 L 290.90277777777794 217.600146725365 M 290.90277777777794 217.600146725365 M 290.90277777777794 223.600146725365 L 290.90277777777794 229.600146725365 M 290.90277777777794 229.600146725365 M 290.90277777777794 235.600146725365 L 290.90277777777794 241.600146725365 M 290.90277777777794 241.600146725365 M 290.90277777777794 247.600146725365 L 290.90277777777794 251.03945435457118" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,155.81944444443684,107.17033542596326)"><g transform="translate(0,0)"><g transform="translate(-453.3739983974361,-305.60207610719107) translate(297.55455395299924,198.4317406812278) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#38761d" d="M 162.31944444443684 113.67033542596326 M 162.31944444443684 113.67033542596326 L 162.31944444443684 119.67033542596326 M 162.31944444443684 119.67033542596326 M 162.31944444443684 125.67033542596326 L 162.31944444443684 131.67033542596326 M 162.31944444443684 131.67033542596326 M 162.31944444443684 137.67033542596326 L 162.31944444443684 143.67033542596326 M 162.31944444443684 143.67033542596326 M 162.31944444443684 149.67033542596326 L 162.31944444443684 155.67033542596326 M 162.31944444443684 155.67033542596326 M 162.31944444443684 161.67033542596326 L 162.31944444443684 167.67033542596326 M 162.31944444443684 167.67033542596326 M 162.31944444443684 173.67033542596326 L 162.31944444443684 179.67033542596326 M 162.31944444443684 179.67033542596326 M 162.31944444443684 185.67033542596326 L 162.31944444443684 189.5415587499461 Q 162.31944444443684 190.66665091919444 162.44602768336722 191.66515984951238 M 162.44602768336722 191.66515984951238 M 164.82839767826374 197.05049598033753 Q 166.77191548654997 198.987072120429 170.22094619965992 199.41813535569676 M 170.22094619965992 199.41813535569676 M 176.2159687190514 199.5415587499461 L 182.2159687190514 199.5415587499461 M 182.2159687190514 199.5415587499461 M 188.2159687190514 199.5415587499461 L 194.2159687190514 199.5415587499461 M 194.2159687190514 199.5415587499461 M 200.2159687190514 199.5415587499461 L 206.2159687190514 199.5415587499461 M 206.2159687190514 199.5415587499461 M 212.2159687190514 199.5415587499461 L 218.2159687190514 199.5415587499461 M 218.2159687190514 199.5415587499461 M 224.2159687190514 199.5415587499461 L 230.2159687190514 199.5415587499461 M 230.2159687190514 199.5415587499461 M 236.2159687190514 199.5415587499461 L 242.2159687190514 199.5415587499461 M 242.2159687190514 199.5415587499461 M 248.2159687190514 199.5415587499461 L 254.2159687190514 199.5415587499461 M 254.2159687190514 199.5415587499461 M 260.1975055563821 199.82836878769723 Q 263.5309416038837 200.5080005580397 265.2539063203237 202.79810365944377 M 265.2539063203237 202.79810365944377 M 267.0644085030223 208.4287072615088 Q 267.09722222222206 208.96872614612755 267.09722222222206 209.5415587499461 L 267.09722222222206 214.4280528453731 M 267.09722222222206 214.4280528453731 M 267.09722222222206 220.4280528453731 L 267.09722222222206 226.4280528453731 M 267.09722222222206 226.4280528453731 M 267.09722222222206 232.4280528453731 L 267.09722222222206 235.81551770804643" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,152.4027777777773,228.0562890247442)"><g transform="translate(0,0)"><g transform="translate(-37.41125801282108,-200.3354013688455) translate(-114.99151976495621,-27.72088765589868) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#38761d" d="M 158.9027777777773 356.7014713068111 M 158.9027777777773 356.7014713068111 L 158.9027777777773 350.7014713068111 M 158.9027777777773 350.7014713068111 M 158.9027777777773 344.7014713068111 L 158.9027777777773 338.7014713068111 M 158.9027777777773 338.7014713068111 M 158.9027777777773 332.7014713068111 L 158.9027777777773 326.7014713068111 M 158.9027777777773 326.7014713068111 M 158.9027777777773 320.7014713068111 L 158.90277777777732 314.7014713068111 M 158.90277777777732 314.7014713068111 M 158.9386276948351 308.7022201112491 Q 159.16189382506047 305.19660315095655 160.77561686556083 303.081443100939 M 160.77561686556083 303.081443100939 M 165.85041734767782 300.14100539293156 Q 167.23802796592435 299.86386619932506 168.90277777777732 299.863866199325 L 171.83292026888248 299.8638661993249 M 171.83292026888248 299.8638661993249 M 177.83292026888248 299.86386619932466 L 183.83292026888248 299.86386619932443 M 183.83292026888248 299.86386619932443 M 189.83292026888248 299.8638661993242 L 195.83292026888248 299.863866199324 M 195.83292026888248 299.863866199324 M 201.83292026888248 299.86386619932375 L 207.83292026888248 299.8638661993235 M 207.83292026888248 299.8638661993235 M 213.83292026888248 299.8638661993233 L 219.83292026888248 299.86386619932307 M 219.83292026888248 299.86386619932307 M 225.83292026888248 299.86386619932284 L 231.83292026888248 299.8638661993226 M 231.83292026888248 299.8638661993226 M 237.83292026888248 299.8638661993224 L 243.83292026888248 299.86386619932216 M 243.83292026888248 299.86386619932216 M 249.83292026888248 299.86386619932193 L 255.83292026888248 299.86386619932176 M 255.83292026888248 299.86386619932176 M 261.7528202251644 299.1405476054279 Q 264.7675844859315 298.0314529459795 266.0817275073145 295.22173704714703 M 266.0817275073145 295.22173704714703 M 267.0972222222195 289.3604205540609 L 267.0972222222195 283.3604205540609 M 267.0972222222195 283.3604205540609 M 267.0972222222195 277.3604205540609 L 267.0972222222195 271.3604205540609 M 267.0972222222195 271.3604205540609 M 267.0972222222195 265.3604205540609 L 267.0972222222195 259.3604205540609 M 267.0972222222195 259.3604205540609 M 267.0972222222195 253.3604205540609 L 267.0972222222195 247.3604205540609 M 267.0972222222195 247.3604205540609 M 267.0972222222195 241.3604205540609 L 267.0972222222195 235.3604205540609 M 267.0972222222195 235.3604205540609" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,193.51767083236396,40.461511948529306)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#ff9900" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,213,55)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,345.9019607843137,48.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,341.48549019607844,44.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,336,39.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,57.51767083236396,94.4615119485293)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#38761d" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,77,109)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,98.9019607843137,163.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,94.48549019607844,159.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,89,154.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,345.51767083236393,86.4615119485293)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#cc0000" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,365,101)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,451.9019607843137,158.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,447.48549019607844,154.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,442,149.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,47,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#5fcc5a" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,50,342)"><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="135" height="40" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="135" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="0" width="127" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="58" y="17">:</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="0" width="54" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="5" y="17">Parent</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="68" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="68" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="105" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="110" y="17">10</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="135" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="20" width="71" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="17" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="69" y="37">ID</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="87" y="20" width="6" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="87" y="37">:</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="93" y="20" width="26" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="98" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="98" y="37">10</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,367,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#eb6c6c" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,369,341)"><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="138" height="40" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="138" height="20" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="132" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="9" y="17">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="62" y="17">:</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="72" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="72" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="109" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="114" y="17">30</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="138" height="20" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="30" y="20" width="78" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="30" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="77" y="37">:</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="88" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="88" y="37">30</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g/></g></g><g transform="matrix(1,0,0,1,371,44)"><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="142" height="32" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="142" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="0" width="75" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="0" width="75" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="17" y="14">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="72" y="14"> &amp;&#160;</text></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="90" y="0" width="36" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="90" y="0" width="36" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="90" y="14">other</text></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="142" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="26" y="16" width="92" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="26" y="16" width="92" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="26" y="30">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="77" y="30">Hosts</text></g></g></g></svg>
\ No newline at end of file
diff --git a/libnetwork/docs/ipam.md b/libnetwork/docs/ipam.md
new file mode 100644
index 0000000000000..ba36eaebe3282
--- /dev/null
+++ b/libnetwork/docs/ipam.md
@@ -0,0 +1,274 @@
+# IPAM Driver
+
+During the Network and Endpoints lifecycle, the CNM model controls the IP address assignment for network and endpoint interfaces via the IPAM driver(s).
+Libnetwork has a default, built-in IPAM driver and allows third party IPAM drivers to be dynamically plugged. On network creation, the user can specify which IPAM driver libnetwork needs to use for the network's IP address management. This document explains the APIs with which the IPAM driver needs to comply, and the corresponding HTTPS request/response body relevant for remote drivers.
+
+
+## Remote IPAM driver
+
+On the same line of remote network driver registration (see [remote.md](./remote.md) for more details), libnetwork initializes the `ipams.remote` package with the `Init()` function. It passes a `ipamapi.Callback` as a parameter, which implements `RegisterIpamDriver()`. The remote driver package uses this interface to register remote drivers with libnetwork's `NetworkController`, by supplying it in a `plugins.Handle` callback.  The remote drivers register and communicate with libnetwork via the Docker plugin package. The `ipams.remote` provides the proxy for the remote driver processes.
+
+
+## Protocol
+
+Communication protocol is the same as the remote network driver.
+
+## Handshake
+
+During driver registration, libnetwork will query the remote driver about the default local and global address spaces strings, and about the driver capabilities.
+More detailed information can be found in the respective section in this document.
+
+## Datastore Requirements
+
+It is the remote driver's responsibility to manage its database. 
+
+## Ipam Contract
+
+The remote IPAM driver must serve the following requests:
+
+- **GetDefaultAddressSpaces**
+
+- **RequestPool**
+
+- **ReleasePool**
+
+- **Request address**
+
+- **Release address**
+
+
+The following sections explain each of the above requests' semantic, when they are called during network/endpoint lifecycle, and the corresponding payload for remote driver HTTP request/responses.
+
+
+## IPAM Configuration and flow
+
+A libnetwork user can provide IPAM related configuration when creating a network, via the `NetworkOptionIpam` setter function. 
+
+```go
+func NetworkOptionIpam(ipamDriver string, addrSpace string, ipV4 []*IpamConf, ipV6 []*IpamConf, opts map[string]string) NetworkOption
+```
+
+The caller has to provide the IPAM driver name and may provide the address space and a list of `IpamConf` structures for IPv4 and a list for IPv6. The IPAM driver name is the only mandatory field. If not provided, network creation will fail.
+
+In the list of configurations, each element has the following form:
+
+```go
+// IpamConf contains all the ipam related configurations for a network
+type IpamConf struct {
+	// The master address pool for containers and network interfaces
+	PreferredPool string
+	// A subset of the master pool. If specified,
+	// this becomes the container pool
+	SubPool string
+	// Input options for IPAM Driver (optional)
+	Options map[string]string
+	// Preferred Network Gateway address (optional)
+	Gateway string
+	// Auxiliary addresses for network driver. Must be within the master pool.
+	// libnetwork will reserve them if they fall into the container pool
+	AuxAddresses map[string]string
+}
+```
+
+On network creation, libnetwork will iterate the list and perform the following requests to the IPAM driver:
+
+1. Request the address pool and pass the options along via `RequestPool()`.
+2. Request the network gateway address if specified. Otherwise request any address from the pool to be used as network gateway. This is done via `RequestAddress()`.
+3. Request each of the specified auxiliary addresses via `RequestAddress()`.
+
+If the list of IPv4 configurations is empty, libnetwork will automatically add one empty `IpamConf` structure. This will cause libnetwork to request IPAM driver an IPv4 address pool of the driver's choice on the configured address space, if specified, or on the IPAM driver default address space otherwise. If the IPAM driver is not able to provide an address pool, network creation will fail.
+If the list of IPv6 configurations is empty, libnetwork will not take any action.
+The data retrieved from the IPAM driver during the execution of point 1) to 3) will be stored in the network structure as a list of `IpamInfo` structures for IPv4 and a list for IPv6.
+
+On endpoint creation, libnetwork will iterate over the list of configs and perform the following operation:
+
+1. Request an IPv4 address from the IPv4 pool and assign it to the endpoint interface IPv4 address. If successful, stop iterating.
+2. Request an IPv6 address from the IPv6 pool (if exists) and assign it to the endpoint interface IPv6 address. If successful, stop iterating.
+
+Endpoint creation will fail if any of the above operation does not succeed
+
+On endpoint deletion, libnetwork will perform the following operations:
+
+1. Release the endpoint interface IPv4 address
+2. Release the endpoint interface IPv6 address if present
+
+On network deletion, libnetwork will iterate the list of `IpamData` structures and perform the following requests to ipam driver:
+
+1. Release the network gateway address via `ReleaseAddress()`
+2. Release each of the auxiliary addresses via `ReleaseAddress()`
+3. Release the pool via `ReleasePool()`
+
+### GetDefaultAddressSpaces
+
+GetDefaultAddressSpaces returns the default local and global address space names for this IPAM. An address space is a set of non-overlapping address pools isolated from other address spaces' pools. In other words, same pool can exist on N different address spaces. An address space naturally maps to a tenant name. 
+In libnetwork, the meaning associated to `local` or `global` address space is that a local address space doesn't need to get synchronized across the
+cluster whereas the global address spaces does. Unless specified otherwise in the IPAM configuration, libnetwork will request address pools from the default local or default global address space based on the scope of the network being created. For example, if not specified otherwise in the configuration, libnetwork will request address pool from the default local address space for a bridge network, whereas from the default global address space for an overlay network.
+
+During registration, the remote driver will receive a POST message to the URL `/IpamDriver.GetDefaultAddressSpaces` with no payload. The driver's response should have the form:
+
+
+	{
+		"LocalDefaultAddressSpace": string
+		"GlobalDefaultAddressSpace": string
+	}
+
+
+
+### RequestPool
+
+This API is for registering an address pool with the IPAM driver. Multiple identical calls must return the same result.
+It is the IPAM driver's responsibility to keep a reference count for the pool.
+
+```go
+RequestPool(addressSpace, pool, subPool string, options map[string]string, v6 bool) (string, *net.IPNet, map[string]string, error)
+```
+
+
+For this API, the remote driver will receive a POST message to the URL `/IpamDriver.RequestPool` with the following payload:
+
+    {
+		"AddressSpace": string
+		"Pool":         string 
+		"SubPool":      string 
+		"Options":      map[string]string 
+		"V6":           bool 
+    }
+
+    
+Where:
+
+    * `AddressSpace` the IP address space. It denotes a set of non-overlapping pools.
+    * `Pool` The IPv4 or IPv6 address pool in CIDR format
+    * `SubPool` An optional subset of the address pool, an ip range in CIDR format
+    * `Options` A map of IPAM driver specific options
+    * `V6` Whether an IPAM self-chosen pool should be IPv6
+    
+AddressSpace is the only mandatory field. If no `Pool` is specified IPAM driver may choose to return a self chosen address pool. In such case, `V6` flag must be set if caller wants an IPAM-chosen IPv6 pool. A request with empty `Pool` and non-empty `SubPool` should be rejected as invalid.
+If a `Pool` is not specified IPAM will allocate one of the default pools. When `Pool` is not specified, the `V6` flag should be set if the network needs IPv6 addresses to be allocated.
+
+A successful response is in the form:
+
+
+	{
+		"PoolID": string
+		"Pool":   string
+		"Data":   map[string]string
+	}
+
+
+Where:
+
+* `PoolID` is an identifier for this pool. Same pools must have same pool id.
+* `Pool` is the pool in CIDR format
+* `Data` is the IPAM driver supplied metadata for this pool
+
+
+### ReleasePool
+
+This API is for releasing a previously registered address pool.
+
+```go
+ReleasePool(poolID string) error
+```
+
+For this API, the remote driver will receive a POST message to the URL `/IpamDriver.ReleasePool` with the following payload:
+
+	{
+		"PoolID": string
+	}
+
+Where:
+
+* `PoolID` is the pool identifier
+
+A successful response is empty:
+
+    {}
+    
+### RequestAddress
+
+This API is for reserving an ip address.
+
+```go
+RequestAddress(string, net.IP, map[string]string) (*net.IPNet, map[string]string, error)
+```
+
+For this API, the remote driver will receive a POST message to the URL `/IpamDriver.RequestAddress` with the following payload:
+
+    {
+		"PoolID":  string
+		"Address": string
+		"Options": map[string]string
+    }
+    
+Where:
+
+* `PoolID` is the pool identifier
+* `Address` is the required address in regular IP form (A.B.C.D). If this address cannot be satisfied, the request fails. If empty, the IPAM driver chooses any available address on the pool
+* `Options` are IPAM driver specific options
+
+
+A successful response is in the form:
+
+
+	{
+		"Address": string
+		"Data":    map[string]string
+	}
+
+
+Where:
+
+* `Address` is the allocated address in CIDR format (A.B.C.D/MM)
+* `Data` is some IPAM driver specific metadata
+
+### ReleaseAddress
+
+This API is for releasing an IP address.
+
+For this API, the remote driver will receive a POST message to the URL `/IpamDriver.ReleaseAddress` with the following payload:
+
+    {
+		"PoolID": string
+		"Address": string
+    }
+    
+Where:
+
+* `PoolID` is the pool identifier
+* `Address` is the IP address to release
+
+
+
+### GetCapabilities
+
+During the driver registration, libnetwork will query the driver about its capabilities. It is not mandatory for the driver to support this URL endpoint. If driver does not support it, registration will succeed with empty capabilities automatically added to the internal driver handle.
+
+During registration, the remote driver will receive a POST message to the URL `/IpamDriver.GetCapabilities` with no payload. The driver's response should have the form:
+
+
+	{
+		"RequiresMACAddress": bool
+		"RequiresRequestReplay": bool
+	}
+	
+	
+	
+## Capabilities
+
+Capabilities are requirements, features the remote ipam driver can express during registration with libnetwork.
+As of now libnetwork accepts the following capabilities:
+
+### RequiresMACAddress
+
+It is a boolean value which tells libnetwork whether the ipam driver needs to know the interface MAC address in order to properly process the `RequestAddress()` call.
+If true, on `CreateEndpoint()` request, libnetwork will generate a random MAC address for the endpoint (if an explicit MAC address was not already provided by the user) and pass it to `RequestAddress()` when requesting the IP address inside the options map. The key will be the `netlabel.MacAddress` constant: `"com.docker.network.endpoint.macaddress"`.
+
+### RequiresRequestReplay
+
+It is a boolean value which tells libnetwork whether the ipam driver needs to receive the replay of the `RequestPool()` and `RequestAddress()` requests on daemon reload.  When libnetwork controller is initializing, it retrieves from local store the list of current local scope networks and, if this capability flag is set, it allows the IPAM driver to reconstruct the database of pools by replaying the `RequestPool()` requests for each pool and the `RequestAddress()` for each network gateway owned by the local networks. This can be useful to ipam drivers which decide not to persist the pools allocated to local scope networks.
+
+
+## Appendix
+
+A Go extension for the IPAM remote API is available at [docker/go-plugins-helpers/ipam](https://github.com/docker/go-plugins-helpers/tree/master/ipam)
diff --git a/libnetwork/docs/legacy.md b/libnetwork/docs/legacy.md
new file mode 100644
index 0000000000000..7a19dcdff9e57
--- /dev/null
+++ b/libnetwork/docs/legacy.md
@@ -0,0 +1,15 @@
+
+This document provides a TLD&R version of https://docs.docker.com/v1.6/articles/networking/.
+If more interested in detailed operational design, please refer to this link.
+
+## Docker Networking design as of Docker v1.6
+
+Prior to libnetwork, Docker Networking was handled in both Docker Engine and libcontainer.
+Docker Engine makes use of the Bridge Driver to provide single-host networking solution with the help of linux bridge and IPTables.
+Docker Engine provides simple configurations such as `--link`, `--expose`,... to enable container connectivity within the same host by abstracting away networking configuration completely from the Containers.
+For external connectivity, it relied upon NAT & Port-mapping 
+
+Docker Engine was responsible for providing the configuration for the container's networking stack.
+
+Libcontainer would then use this information to create the necessary networking devices and move them in to a network namespace.
+This namespace would then be used when the container is started.
diff --git a/libnetwork/docs/macvlan.md b/libnetwork/docs/macvlan.md
new file mode 100644
index 0000000000000..b6b02fd2fb4a2
--- /dev/null
+++ b/libnetwork/docs/macvlan.md
@@ -0,0 +1,427 @@
+
+# Macvlan Driver
+
+### Overview
+
+The Macvlan driver provides operators the ability to integrate Docker networking in a simple and lightweight fashion into the underlying network. Macvlan is supported by the Linux kernel and is a well known Linux network type. The Macvlan built-in driver does not require any port mapping and supports VLAN trunking (Virtual Local Area Network). VLANs are a traditional method of network virtualization and layer 2 datapath isolation that is prevalent in some form or fashion in most data centers.
+
+The Linux implementation is considered lightweight because it eliminates the need for using a Linux bridge for isolating containers on the Docker host. The VLAN driver requires full access to the underlying host making it suitable for Enterprise data centers that have administrative access to the host.
+
+Instead of attaching container network interfaces to a Docker host Linux bridge for a network, the driver simply connects the container interface to the Docker Host Ethernet interface (or sub-interface). Each network is attached to a unique parent interface. Containers in a network share a common broadcast domain and intra-network connectivity is permitted. Two separate networks will each have a unique parent interface and that parent is what enforces datapath isolation between two networks. In order for inter-network communications to occur, an IP router, external to the Docker host, is required to route between the two networks by hair-pining into the physical network and then back to the Docker host. While hairpinning traffic can be less efficient then east/west traffic staying local to the host, there is often more complexity associated with disaggregating services to the host. It can be practical for some users to leverage existing network services, such firewalls and load balancers that already exist in a data center architecture.
+
+When using traditional Linux bridges there are two common techniques to get traffic out of a container and into the physical network and vice versa. The first method to connect containers to the underlying network is to use Iptable rules which perform a NAT translation from a bridge that represents the Docker network to the physical Ethernet connection such as `eth0`. The upside of Iptables using the Docker built-in bridge driver is that the NIC does not have to be in promiscuous mode. The second bridge driver method is to move a host's external Ethernet connection into the bridge. Moving the host Ethernet connection can at times be unforgiving. Common mistakes such as cutting oneself off from the host, or worse, creating bridging loops that can cripple a VLAN throughout a data center can open a network design up to potential risks as the infrastructure grows.
+
+Connecting containers without any NATing is where the VLAN drivers accel. Rather than having to manage a bridge for each Docker network containers are connected directly to a `parent` interface such as `eth0` that attaches the container to the same broadcast domain as the parent interface. A simple example is if a host's `eth0` is on the network `192.168.1.0/24` with a gateway of `192.168.1.1` then a Macvlan Docker network can start containers on the addresses `192.168.1.2 - 192.168.1.254`. Containers use the same network as the parent `-o parent` that is specified in the `docker network create` command.
+
+There are positive performance implication as a result of bypassing the Linux bridge, along with the simplicity of less moving parts, which is also attractive. Macvlan containers are easy to troubleshoot. The actual MAC and IP address of the container is bridged into the upstream network making a problematic application easy for operators to trace from the network. Existing underlay network management and monitoring tools remain relevant.
+
+### Pre-Requisites
+
+- The examples on this page are all single host and require Docker v1.12 or greater running on Linux.
+
+- Any examples using a sub-interface like `eth0.10` can be replaced with `eth0` or any other valid parent interface on the Docker host. Sub-interfaces with a `.` are dynamically created. The parent `-o parent` interface parameter can also be left out of the `docker network create` all together and the driver will create a `dummy` Linux type interface that will enable local host connectivity to perform the examples.
+
+- Kernel requirements:
+
+ - To check your current kernel version, use `uname -r` to display your kernel version.
+ - Macvlan Linux kernel v3.9–3.19 and 4.0+.
+
+### MacVlan Bridge Mode Example Usage
+
+- Macvlan driver networks are attached to a parent Docker host interface. Examples are a physical interface such as `eth0`, a sub-interface for 802.1q VLAN tagging like `eth0.10` (`.10` representing VLAN `10`) or even bonded `bond0` host adapters which bundle two Ethernet interfaces into a single logical interface and provide diversity in the server connection.
+
+- The specified gateway is external to the host that is expected to be provided by the network infrastructure. If a gateway is not specified using the `--gateway` parameter, then Libnetwork will infer the first usable address of a subnet. For example, if a network's subnet is `--subnet 10.1.100.0/24` and no gateway is specified, Libnetwork will assign a gateway of `10.1.100.1` to the container. A second example would be a subnet of `--subnet 10.1.100.128/25` would receive a gateway of `10.1.100.129`.
+
+- Containers on separate networks cannot reach one another without an external process routing between the two networks/subnets.
+
+- Each Macvlan Bridge mode Docker network is isolated from one another and there can be only one network attached to a parent interface at a time. There is a theoretical limit of 4,094 sub-interfaces per host adapter that a Docker network could be attached to.
+
+- The driver limits one network per parent interface. The driver does however accommodate secondary subnets to be allocated in a single Docker network for a multi-subnet requirement. The upstream router is responsible for proxy-arping between the two subnets.
+
+- Any Macvlan container sharing the same subnet can communicate via IP to any other container in the same subnet without a gateway. It is important to note, that the parent will go into promiscuous mode when a container is attached to the parent since each container has a unique MAC address. Alternatively, Ipvlan which is currently an experimental driver uses the same MAC address as the parent interface and thus precluding the need for the parent being promiscuous.
+
+In the following example, `eth0` on the docker host has an IP on the `172.16.86.0/24` network and a default gateway of `172.16.86.1`. The gateway is an external router with an address of `172.16.86.1`. An IP address is not required on the Docker host interface `eth0` in `bridge` mode, it merely needs to be on the proper upstream network to get forwarded by a network switch or network router.
+
+![Simple Macvlan Bridge Mode Example](images/macvlan_bridge_simple.png)
+
+**Note** The Docker network subnet specified needs to match the network that parent interface of the Docker host for external communications. For example, use the same subnet and gateway of the Docker host ethernet interface specified by the `-o parent=` option. The parent interface is not required to have a IP address assigned to it, since this is simply L2 flooding and learning.
+
+- The parent interface used in this example is `eth0` and it is on the subnet `172.16.86.0/24`. The containers in the `docker network` will also need to be on this same subnet as the parent `-o parent=`. The gateway is an external router on the network.
+
+- Libnetwork driver types are specified with the `-d <driver_name>` option. In this case `-d macvlan`
+
+- The parent interface `-o parent=eth0` is configured as followed:
+
+```
+ip addr show eth0
+3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
+    inet 172.16.86.250/24 brd 172.16.86.255 scope global eth0
+```
+
+Create the macvlan network and run a couple of containers attached to it:
+
+```
+# Macvlan  (-o macvlan_mode= Defaults to Bridge mode if not specified)
+docker network create -d macvlan \
+    --subnet=172.16.86.0/24 \
+    --gateway=172.16.86.1  \
+    -o parent=eth0 pub_net
+
+# Run a container on the new network specifying the --ip address.
+docker  run --net=pub_net --ip=172.16.86.10 -itd alpine /bin/sh
+
+# Start a second container and ping the first
+docker  run --net=pub_net -it --rm alpine /bin/sh
+ping -c 4 172.16.86.10
+
+```
+
+ Take a look at the containers ip and routing table:
+
+```
+
+ip a show eth0
+    eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UNKNOWN
+    link/ether 46:b2:6b:26:2f:69 brd ff:ff:ff:ff:ff:ff
+    inet 172.16.86.2/24 scope global eth0
+
+ip route
+    default via 172.16.86.1 dev eth0
+    172.16.86.0/24 dev eth0  src 172.16.86.2
+
+# NOTE: the containers can NOT ping the underlying host interfaces as
+# they are intentionally filtered by Linux for additional isolation.
+# In this case the containers cannot ping the -o parent=172.16.86.250
+```
+
+
+Users can explicitly specify the `bridge` mode option `-o macvlan_mode=bridge` or leave the mode option out since the most common mode of `bridge` is the driver default.
+
+While the `eth0` interface does not need to have an IP address, it is not uncommon to have an IP address on the interface. Addresses can be excluded from getting an address from the default built in IPAM by using the `--aux-address=x.x.x.x` argument. This will blacklist the specified address from being handed out to containers from the built-in Libnetwork IPAM.
+
+- The following is the same network example as above, but blacklisting the `-o parent=eth0` address from being handed out to a container.
+
+```
+docker network create -d macvlan \
+    --subnet=172.16.86.0/24 \
+    --gateway=172.16.86.1  \
+    --aux-address="exclude_host=172.16.86.250" \
+    -o parent=eth0 pub_net
+```
+
+Another option for specifying what subpool or range of usable addresses is used by the default Docker IPAM driver is to use the argument `--ip-range=`. This instructs the driver to allocate container addresses from the specific range, rather then the broader range from the `--subnet=` argument.
+
+- The network create in the following example, allocates addresses beginning at `192.168.32.128` and increments n+1 upwards from there.
+
+```
+docker network create -d macvlan  \
+    --subnet=192.168.32.0/24  \
+    --ip-range=192.168.32.128/25 \
+    --gateway=192.168.32.254  \
+    -o parent=eth0 macnet32
+
+# Start a container and verify the address is 192.168.32.128
+docker run --net=macnet32 -it --rm alpine /bin/sh
+```
+
+The network can then be deleted with:
+
+```
+docker network rm <network_name or id>
+```
+
+- **Note:** Linux Macvlan interface types are not able to ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host's `eth0` it will **not** work. That traffic is explicitly filtered by the kernel to offer additional provider isolation and security. This is a common gotcha when a user first uses those Linux interface types since it is natural to ping local addresses when testing.
+
+For more on Docker networking commands see: [Working with Docker network commands](https://docs.docker.com/engine/userguide/networking/work-with-networks/)
+
+### Macvlan 802.1q Trunk Bridge Mode Example Usage
+
+VLANs have long been a primary means of virtualizing data center networks and are still in virtually all existing networks today. VLANs work by tagging a Layer-2 isolation domain with a 12-bit identifier ranging from 1-4094. The VLAN tag is inserted into a packet header that enables a logical grouping of a single subnet or multiple subnets of IPv4 and/or IPv6. It is very common for network operators to separate traffic using VLANs based on a subnet(s) function or security profile such as `web`, `db` or any other isolation requirements.
+
+It is very common to have a compute host requirement of running multiple virtual networks concurrently on a host. Linux networking has long supported VLAN tagging, also known by its standard 802.1Q, for maintaining datapath isolation between networks. The Ethernet link connected to a Docker host can be configured to support the 802.1q VLAN IDs by creating Linux sub-interfaces, each sub-interface being allocated a unique VLAN ID.
+
+![Simple Macvlan Mode Example](images/multi_tenant_8021q_vlans.png)
+
+Trunking 802.1q to a Linux host is notoriously painful for operations. It requires configuration file changes in order to be persistent through a reboot. If a bridge is involved, a physical NIC needs to be moved into the bridge and the bridge then gets the IP address. This has lead to many a stranded servers since the risk of cutting off access or misconfiguration is relatively high.
+
+Like all of the Docker network drivers, the overarching goal is to alleviate the operational pains of managing network resources. To that end, when a network receives a sub-interface as the parent that does not exist, the drivers create the VLAN tagged interfaces while creating the network. If the sub-interface already exists it is simply used as is.
+
+In the case of a host reboot, instead of needing to modify often complex network configuration files the driver will recreate all network links when the Docker daemon restarts. The driver tracks if it created the VLAN tagged sub-interface originally with the network create and will **only** recreate the sub-interface after a restart if it created the link in the first place.
+
+The same holds true if the network is deleted `docker network rm`. If driver created the sub-interface with `docker network create` it will remove the sub-interface link for the operator.
+
+If the user doesn't want Docker to create and delete the `-o parent` sub-interface, then you simply pass an interface that already exists as the parent link. Parent interfaces such as `eth0` are not deleted, only interfaces that are slave links.
+
+For the driver to add/delete the vlan sub-interfaces the format needs to be `-o parent interface_name.vlan_tag`.
+
+For example: `-o parent eth0.50` denotes a parent interface of `eth0` with a slave of `eth0.50` tagged with vlan id `50`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.50 type vlan id 50`.
+
+Replace the `macvlan` with `ipvlan` in the `-d` driver argument to create macvlan 802.1q trunks.
+
+**Vlan ID 50**
+
+In the next example, the network is tagged and isolated by the Docker host. A parent of `eth0.50` will tag the Ethernet traffic with the vlan id `50` specified by the parent nomenclature `-o parent=eth0.50`. Other naming formats can be used, but the links need to be added and deleted manually using `ip link` or Linux configuration files. As long as the `-o parent` exists, anything can be used if compliant with Linux netlink.
+
+```
+# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
+docker network create -d macvlan \
+    --subnet=192.168.50.0/24 \
+    --gateway=192.168.50.1 \
+    -o parent=eth0.50 macvlan50
+
+# In two separate terminals, start a Docker container and the containers can now ping one another.
+docker run --net=macvlan50 -it --name macvlan_test5 --rm alpine /bin/sh
+docker run --net=macvlan50 -it --name macvlan_test6 --rm alpine /bin/sh
+```
+
+**Vlan ID 60**
+
+In the second network, tagged and isolated by the Docker host, `eth0.60` is the parent interface tagged with vlan id `60` specified with `-o parent=eth0.60`. The `macvlan_mode=` defaults to `macvlan_mode=bridge`. It can also be explicitly set with the same result, as shown in the next example.
+
+```
+# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged.
+docker network create -d macvlan \
+    --subnet=192.168.60.0/24 \
+    --gateway=192.168.60.1 \
+    -o parent=eth0.60 -o \
+    -o macvlan_mode=bridge macvlan60
+
+# In two separate terminals, start a Docker container and the containers can now ping one another.
+docker run --net=macvlan60 -it --name macvlan_test7 --rm alpine /bin/sh
+docker run --net=macvlan60 -it --name macvlan_test8 --rm alpine /bin/sh
+```
+
+**Example:** Multi-Subnet Macvlan 802.1q Trunking
+
+The same as the example before except there is an additional subnet bound to the network that the user can choose to provision containers on. In MacVlan/Bridge mode, containers can only ping one another if they are on the same subnet/broadcast domain unless there is an external router that routes the traffic (answers ARP etc) between the two subnets. Multiple subnets assigned to a network require a gateway external to the host that falls within the subnet range to hairpin the traffic back to the host.
+
+
+```
+docker network create -d macvlan \
+    --subnet=10.1.20.0/24 --subnet=10.1.10.0/24 \
+    --gateway=10.1.20.1 --gateway=10.1.10.1 \
+    -o parent=eth0.101 mcv101
+
+# View Links after to network create `ip link`
+$ ip link
+
+# Test 10.1.20.10.0/24 connectivity
+docker run --net=mcv101 --ip=10.1.20.9 -itd alpine /bin/sh
+docker run --net=mcv101 --ip=10.1.20.10 -it --rm alpine ping -c 4 10.1.20.10
+
+# Test 10.1.10.10.0/24 connectivity
+docker run --net=mcv101 --ip=10.1.10.10 -itd alpine /bin/sh
+docker run --net=mcv101 --ip=10.1.10.9 -it --rm alpine ping -c 4 10.1.10.10
+
+# Delete All Containers
+docker rm -f `docker ps -qa`
+
+# Delete all Networks
+docker network rm $(docker network ls -q)
+
+# Run ip links again and verify the links are cleaned up
+ip link
+```
+
+Hosts on the same VLAN are typically on the same subnet and almost always are grouped together based on their security policy. In most scenarios, a multi-tier application is tiered into different subnets because the security profile of each process requires some form of isolation. For example, hosting your credit card processing on the same virtual network as the front-end web-server would be a regulatory compliance issue, along with circumventing the long standing best practice of layered defense in depth architectures. VLANs or the equivalent VNI (Virtual Network Identifier) when using the built-in Overlay driver, are the first step in isolating tenant traffic.
+
+![Docker VLANs in Depth](images/vlans-deeper-look.png)
+
+
+### Dual Stack IPv4 IPv6 Macvlan Bridge Mode
+
+The following specifies both v4 and v6 addresses. An address from each family will be assigned to each container. You can specify either family type explicitly or allow the Libnetwork IPAM to assign them from the subnet pool.
+
+*Note on IPv6:* When declaring a v6 subnet with a `docker network create`, the flag `--ipv6` is required along with the subnet (in the following example `--subnet=2001:db8:abc8::/64`). Similar to IPv4 functionality, if a IPv6 `--gateway` is not specified, the first usable address in the v6 subnet is inferred and assigned as the gateway for the broadcast domain.
+
+The following example creates a network with multiple IPv4 and IPv6 subnets. The network is attached to a sub-interface of `eth0.218`. By specifying `eth0.218` as the parent, the driver will create the sub-interface (if it does not already exist) and tag all traffic for containers in the network with a VLAN ID of 218. The physical switch port on the ToR (top of rack) network port needs to have 802.1Q trunking enabled for communications in and out of the host to work.
+
+```
+# Create multiple subnets w/ dual stacks:
+docker network  create  -d macvlan \
+    --subnet=192.168.216.0/24 --subnet=192.168.218.0/24 \
+    --gateway=192.168.216.1  --gateway=192.168.218.1 \
+    --ipv6 --subnet=2001:db8:abc8::/64 --gateway=2001:db8:abc8::10 \
+     -o parent=eth0.218 \
+     -o macvlan_mode=bridge macvlan216
+
+# Start a container on the first subnet 192.168.216.0/24
+docker run --net=macvlan216 --name=macnet216_test --ip=192.168.216.10 -itd alpine /bin/sh
+
+# Start a container on the second subnet 192.168.218.0/24
+docker run --net=macvlan216 --name=macnet218_test --ip=192.168.218.10 -itd alpine /bin/sh
+
+# Ping the first container started on the 192.168.216.0/24 subnet
+docker run --net=macvlan216 --ip=192.168.216.11 -it --rm alpine /bin/sh
+
+# From inside the container shell ping the other host on the same subnet and then exit
+$ ping -c4 192.168.216.10
+$ exit
+
+# Ping the first container started on the 192.168.218.0/24 subnet
+docker run --net=macvlan216 --ip=192.168.218.11 -it --rm alpine /bin/sh
+
+# From inside the container shell ping the other host on the same subnet and then exit
+$ ping -c4 192.168.218.10
+$ exit
+
+# Start a container in the back explicitly declaring the v6 address
+docker run --net=macvlan216 --ip6=2001:db8:abc8::20 -itd alpine /bin/sh
+
+# Start another container pinging the v6 address of the previous container started in the background
+docker run --net=macvlan216 -it --rm alpine /bin/sh
+$ ping6 -c4 2001:db8:abc8::20
+$ exit
+# Or, run the ping as a explicit process
+docker run --net=macvlan216 -it --rm alpine ping6 -c4 2001:db8:abc8::20
+```
+
+View the details of one of the containers:
+
+```
+docker run --net=macvlan216 --ip=192.168.216.11 -it --rm alpine /bin/sh
+
+root@526f3060d759:/# ip a show eth0
+25: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UNKNOWN
+    link/ether 02:42:c0:a8:d8:0b brd ff:ff:ff:ff:ff:ff
+    inet 192.168.216.11/24 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc8::1/64 scope link
+       valid_lft forever preferred_lft forever
+
+# The default gateway is a network gateway external to the Docker host
+$ ip route
+default via 192.168.216.1 dev eth0
+192.168.216.0/24 dev eth0  src 192.168.216.11
+
+# Specified v6 gateway of 2001:db8:abc8::10
+$ ip -6 route
+  2001:db8:abc4::/64 dev eth0  proto kernel  metric 256
+  2001:db8:abc8::/64 dev eth0  proto kernel  metric 256
+  default via 2001:db8:abc8::10 dev eth0  metric 1024
+
+#Containers can have both v4 and v6 addresses assigned to their interfaces or
+# Both v4 and v6 addresses can be assigned to the container's interface
+docker run --net=macvlan216 --ip=192.168.216.50  --ip6=2001:db8:abc8::50 -it --rm alpine /bin/sh
+
+# View the details of the dual stack eth0 interface from inside of the container
+$ ip a show eth0
+95: eth0@if91: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UNKNOWN
+    link/ether 02:42:c0:a8:d8:32 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.216.50/24 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc8::50/64 scope global flags 02
+       valid_lft forever preferred_lft forever
+```
+
+The next example demonstrates how default gateways are inferred if the `--gateway` option is not specified for a subnet in the `docker network create ...` command. If the gateway is not specified, the first usable address in the subnet is selected. It also demonstrates how `--ip-range` and `--aux-address` are used in conjunction to exclude address assignments within a network and reserve sub-pools of usable addresses within a network's subnet. All traffic is untagged since `eth0` is used rather then a sub-interface.
+
+```
+docker network create -d macvlan \
+  --subnet=192.168.136.0/24 \
+  --subnet=192.168.138.0/24 \
+  --ipv6 --subnet=fd11::/64 \
+  --ip-range=192.168.136.0/25 \
+  --ip-range=192.168.138.0/25 \
+  --aux-address="reserved1=fd11::2" \
+  --aux-address="reserved2=192.168.136.2" \
+  --aux-address="reserved3=192.168.138.2" \
+  -o parent=eth0 mcv0
+
+docker run --net=mcv0 -it --rm alpine /bin/sh
+```
+
+Next is the output from a running container provisioned on the example network named `mcv0`.
+
+```
+# Container eth0 output (the fe80::42:c0ff:fea8:8803/64 address is the local link addr)
+ip address show eth0
+100: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UNKNOWN
+    link/ether 02:42:c0:a8:88:03 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.136.3/24 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 fd11::3/64 scope global flags 02
+       valid_lft forever preferred_lft forever
+    inet6 fe80::42:c0ff:fea8:8803/64 scope link
+       valid_lft forever preferred_lft forever
+
+# IPv4 routing table from within the container
+$ ip route
+default via 192.168.136.1 dev eth0
+192.168.136.0/24 dev eth0  src 192.168.136.3
+
+# IPv6 routing table from within the container (the second v6 addresses is the local link addr)
+$ ip -6 route
+fd11::/64 dev eth0  metric 256
+fe80::/64 dev eth0  metric 256
+default via fd11::1 dev eth0  metric 1024
+```    
+
+- After the examples, `docker rm -f `docker ps -qa`` can be used to remove all existing containers on the host, both running and stopped.
+
+A key takeaway is, operators have the ability to map their physical network into their virtual network for integrating containers into their environment with no operational overhauls required. NetOps simply drops an 802.1q trunk into the Docker host. That virtual link would be the `-o parent=` passed in the network creation. For untagged (non-VLAN) links, it is as simple as `-o parent=eth0` or for 802.1q trunks with VLAN IDs each network gets mapped to the corresponding VLAN/Subnet from the network.
+
+An example being, NetOps provides VLAN ID and the associated subnets for VLANs being passed on the Ethernet link to the Docker host server. Those values are simply plugged into the `docker network create` commands when provisioning the Docker networks. These are persistent configurations that are applied every time the Docker engine starts which alleviates having to manage often complex configuration files. The network interfaces can also be managed manually by being pre-created and docker networking will never modify them, simply use them as parent interfaces. Example mappings from NetOps to Docker network commands are as follows:
+
+- VLAN: 10, Subnet: 172.16.80.0/24, Gateway: 172.16.80.1
+
+    - `--subnet=172.16.80.0/24 --gateway=172.16.80.1 -o parent=eth0.10`
+
+- VLAN: 20, IP subnet: 172.16.50.0/22, Gateway: 172.16.50.1
+
+    - `--subnet=172.16.50.0/22 --gateway=172.16.50.1 -o parent=eth0.20`
+
+- VLAN: 30, Subnet: 10.1.100.0/16, Gateway: 10.1.100.1
+
+    - `--subnet=10.1.100.0/16 --gateway=10.1.100.1 -o parent=eth0.30`
+
+### Manually Creating 802.1q Links
+
+If a user does not want the driver to create the vlan sub-interface it simply needs to exist prior to the `docker network create`. If you have sub-interface naming that is not `interface.vlan_id` it is honored in the `-o parent=` option again as long as the interface exists and us up.
+
+Links if manually created can be named anything you want. As long as the exist when the network is created that is all that matters. Manually created links do not get deleted regardless of the name when the network is deleted with `docker network rm`.
+
+```
+# create a new sub-interface tied to dot1q vlan 40
+ip link add link eth0 name eth0.40 type vlan id 40
+
+# enable the new sub-interface
+ip link set eth0.40 up
+
+# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
+docker network create -d macvlan \
+   --subnet=192.168.40.0/24 \
+   --gateway=192.168.40.1 \
+   -o parent=eth0.40 macvlan40
+
+# in two separate terminals, start a Docker container and the containers can now ping one another.
+docker run --net=macvlan40 -it --name mcv_test5 --rm alpine /bin/sh
+docker run --net=macvlan40 -it --name mcv_test6 --rm alpine /bin/sh
+```
+
+**Example:** Vlan sub-interface manually created with any name:
+
+```
+# create a new sub interface tied to dot1q vlan 40
+ip link add link eth0 name foo type vlan id 40
+
+# enable the new sub-interface
+ip link set foo up
+
+# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
+docker network create -d macvlan \
+    --subnet=192.168.40.0/24 --gateway=192.168.40.1 \
+    -o parent=foo macvlan40
+
+# in two separate terminals, start a Docker container and the containers can now ping one another.
+docker run --net=macvlan40 -it --name mcv_test5 --rm alpine /bin/sh
+docker run --net=macvlan40 -it --name mcv_test6 --rm alpine /bin/sh
+```
+
+Manually created links can be cleaned up with:
+
+```
+ip link del foo
+```
+
+As with all of the Libnetwork drivers, networks of various driver types can be mixed and matched. This even applies to 3rd party ecosystem drivers that can be run in parallel with built-in drivers for maximum flexibility to the user.
diff --git a/libnetwork/docs/network.md b/libnetwork/docs/network.md
new file mode 100644
index 0000000000000..9f79d9c04592f
--- /dev/null
+++ b/libnetwork/docs/network.md
@@ -0,0 +1,143 @@
+
+# Docker Networking With Libnetwork
+
+This document describes docker networking in bridge and overlay mode delivered via libnetwork. Libnetwork uses iptables extensively to configure NATting and forwarding rules. [https://wiki.archlinux.org/index.php/iptables](https://wiki.archlinux.org/index.php/iptables) provides a good introduction to iptables and its default chains. More details may be found in [http://ipset.netfilter.org/iptables-extensions.man.html](http://ipset.netfilter.org/iptables-extensions.man.html)
+
+
+# Bridge Mode
+
+![alt_text](images/network_flow_bridge.png "image_tooltip")
+
+
+The above diagram illustrates the network topology when a container instantiated with network mode set to bridge by docker engine. In this case, the libnetwork does the following
+
+
+
+1. Creates a new network namespace container NS  for this container
+2. Creates a veth-pair, attaching one end to docker0 bridge on host NS, and move the other end to the new container NS.
+3. In the new NS, assigns an IP address from docker0 subnet, sets default route gateway to docker0 IP address.
+
+This completes network setup for container running in bridge mode. Outbound traffic from container flows through routing (Container NS) ? veth-pair ? docker0 bridge (Host NS) ---> docker0 interface (HOST NS) ? routing (HostNS) ? eth0 (HostNS) and out of host. And inbound traffic to container flows through the reverse direction.
+
+Note that the container?s assigned IP (172.17.0.2 in above example) address is on docker0 subnet, and is not visible to externally to host. For this reason, a default masquerading  rule is added to nat iptable?s POSTROUTING chain in host NS  at docker engine initialization time. It states that for request traffic flow that has gone through the routing stage and the srcIP is within docker0 subnet (172.17.0.0/16), the traffic request must be originated from docker containers, therefore its srcIP is replaced with IP of outbound interface determined by routing. In the above diagram eth0?s IP 172.31.2.1 is used by replacement IP. In another word,  masquerade is same as SNAT with replacement srcIP set to outbound interface?s IP.
+
+If the container backends a service and has a listening targetPort in the container NS, it also must also have a corresponding publishedPort in host NS to receive the request and forward it to the container. Two rules are created in host NS for this purpose:
+
+
+
+1. In nat iptable, a DOCKER(nat) chain is inserted to PREROUTING chain. And a rule such as ?DNAT tcp any any dport:45999 to conrts? is added to DOCKER chain, it does a DNAT for any traffic arriving at eth0 of host NS with dstIP=172.17.0.2 and dst Port=80, so that the DNATted request become routable to backend container listening on port 80.
+2. In filter iptable, a DOCKER(filter) chain is inserted to FORWARD chain. And a rule such as ?ACCEPT tcp any containerIP dport:targetPort? is added. This allows request that is DNATted in 1) to be forwarded container.
+
+
+# Swarm/Overlay Mode
+
+Libnetwork use completely different set of namespaces, bridges, and iptables to forward container traffic in swarm/overlay mode.
+
+
+![alt_text](images/network_flow_overlay.png "image_tooltip")
+
+
+As depicted in the above diagram, when a host joinis a swarm cluster, the docker engine creates following network topology.
+
+Initial Setup ( before any services are created)
+
+
+
+1. In host NS, creates a docker_gwbridge bridge, assigning a subnet range to this bridge. In this above diagram 172.18.0.1/16. This subnet is local, and does not leak outside of the host.
+2. In host NS, adds masquerading rule in nat iptable (5) PREROUTING chain for any request with srcIP within 172.18.0.0/16 subnet.
+3. Creates a new network namespace ingress_sbox NS, creates two veth-pairs, one eth1 connects to docker_gwbridge bridge with fixed IP 172.18.0.2, and other (eth0) connected to ingress NS bridge br0. The eth0 is assigned an IP address, in this example, 10.255.0.2. 
+4. In ingress_sbox NS, adds to nat iptable(2)?s PREROUTING chain a rule that snat and redirect service request to ipvs for load-balancing. For instance, 
+
+     ?SNAT  all  --  anywhere 10.255.0.0/16  ipvs to:10.255.0.2?
+
+5. In ingress_sbox NS, adds to nat iptable(2)?s POSTROUTING and OUTPUT chains rules that allows DNS lookup to be redirected to/from docker engine as is required by swarm service discovery.
+6. Creates a new network namespace ingress NS, and creates a bridge br0 that has two links, one attaches to eth0 interface on ingress_sbox NS, and other to vxlan interface that in essence makes bridge br0 span across all hosts on the same swarm cluster. Each eth0 interface in ingress_sbox, each container instance of a service, and each service itself are given a unique IP 10.255.xx.xx, and is attached to br0, so that on the same swarm cluster, services, container instances of services, and ingress_sbox?s eth0 are all connected via bridge br0.
+
+When a service is created, say with targetPort=80 and publishedPort=30000. The following are added to the existing network topology. 
+
+Service Setup
+
+
+
+1. A container backends the service has its own namespace container NS. And two vether-pairs are created,  eth1 is attached to docker_gwbridge in host NS, is given an IP assigned from docker_gwbridge subnet, in the example,  172.18.0.2, eth0 is attached to br0 in ingress NS, is given an IP of 10.255.0.5 in this example. 
+2. In container NS, adds rules to filter iptable (3)?s INPUT and OUTPUT chain that only allows targetPortt =80 traffic.
+3. In container NS, adds rule to nat iptables (4)?s PREROUTING chain that changes publishedPort to targetPort. For instance, 
+
+    ?REDIRECT   tcp  --  anywhere  10.255.0.11  tcp dpt:30000 redir ports 80?
+
+4. In container NS, adds rules to nat iptable(4)?s INPUT/OUTPUT chain that allow DNS lookup in this container to be redirected to docker engine.
+5. In host NS, in filter iptable (5)?s FORWARD chain, inserts DOCKER-INGRESS chain, and adds a rule to allow service request to port 30000 and its reply. 
+
+    I.e ?ACCEPT  tcp  --  anywhere anywhere tcp dpt:30000? and
+
+
+    ?ACCEPT tcp  --  anywhere anywhere state RELATED,ESTABLISHED tcp spt:30000?
+
+6. In host NS, in nat iptable(6)?s PREROUTING chain, inserts (different) DOCKER-INGRESS chain, and adds a rule to dnat service request to ingress NS?s eth1?s  IP (172.18.0.2). i.e 
+
+    ?DNAT tcp  --  anywhere anywhere  tcp dpt:30000 to:172.18.0.2:30000?
+
+7. In ingress_sbox NS, in mangle iptable(1)?s PREROUTING chain, adds a rule to mark service request, i.e 
+
+    ?MARK  tcp  --  anywhere anywhere  tcp dpt:30000 MARK set 0x100?
+
+8. In ingress_sbox NS, in nat iptable(2)?s POSTROUTING chain, adds a rule to snat request?s srcIP to eth1?s IP, and forward to ipvs to load-balancing, i.e 
+
+    ?SNAT all  --  0.0.0.0/0  10.255.0.0/16 ipvs to:10.255.0.2?
+
+9. In ingress_sbox, configures ipvs LB policy for marked traffic, i.e 
+
+    FWM  256 rr
+
+
+      -> 10.255.0.5:0                 Masq    1      0          0         
+
+
+      -> 10.255.0.7:0                 Masq    1      0          0         
+
+
+      -> 10.255.0.8:0                 Masq    1      0          0        
+
+
+    Here each of 10.255.0.x represents IP address of of container instance backending the service.
+
+
+
+## Service Traffic Flow
+
+This section describes traffic flow of request and reply to/from a service with publishedPort = 30000, targetPort = 80
+
+
+
+1. Request arrives at eth0 in host NS, with dstIP=172.31.2.1, dstPort=30000, srcIP=CLIENT_IP, srcPort=CLIENT_PORT. Before routing, It first goes through NAT rule in service setup (6) that dnats request with dstIP=172.18.0.2; It then go through FORWARD rule in service setup (5) during routing that allows request with dstPort=30000 to go through. The routing then forward request to docker_gwbridge, and in turn ...
+2. The request arrives at eth1 in ingress_sbox NS with dstIP=172.18.0.2, dstPort=30000, srcIP=CLIENT_IP, srcPort=CLIENT_PORT. Before routing, the request is marked before by mangle iptable rule in service setup (7). After routing, it is snated with eth1?s IP 10.255.0.2, forwarded to ipvs for LB by nat iptable rule in service setup (8). The ipvs policy in setup (9) picks one container instance of the service, in this example 10.255.0.5 and dnats it.
+3. The request arrives at br0 in ingress NS with dstIP=10.255.0.5, dstPort=30000, srcIP=10.255.0.2, srcPort=EPHEMERAL_PORT. For simplicity, we assume the container instance 10.255.0,5 is the local host, therefore simply forwards it. Note since br0  spans across all hosts in the cluster via vxlan, with all services instances latching onto it, so whether to pick remote or local container instance,  it does not change the routing policy configuration. 
+4. The request arrives at eth0 of container NS with dstIP=10.255.0.5, dstPort=30000, srcIP=10.255.0.x (eth1 IP in ingress_sbox NS), srcPort=EMPHEMERAL_PORT.  Before routing, it?s dstPort is changed to 80 via nat rule in service setup (3), and is allowed to be forwarded to local process by INPUT rule in service setup (2) post routig. The process listening on tcp:80 receives request with dstIP=10.255.0.5,  dstPort=80, srcIP=10.255.0.2, , srcPort=EPHEMERAL_PORT.
+5. The process replies, The reply has dstIP=10.255.0.2, dstPort=EPHEMERAL_PORT, srcIp=not_known, srcPort=80. It goes through filter rule in OUTPUT chain in service setup(2), which allows it to pass. It goes through routing that determines outbound interface is eth1, and srcIP=10.255.0.5; and  it ?un-dnats? srcPort=80 to 30000 via nat table rule in service setup (3).
+6. The reply arrives at br0 in ingress NS with dstIP=10.255.0.2, dstPort=EPHEMERAL_PORT, srcIP=10.255.0.5, srcPort=30000, which duly forwarded it to ...
+7. The eh0 interface in sb_ingress NS. The reply first go through ipvs LB that ?un-dnats? srcIP from 10.255.0.5 to 172.18.0.2; then ?un-snats? via nat rule in service setup (8) dstIP from 10.255.0.2 to CLIENT_IP, dstPort from EMPHERAL_PORT to CLIENT_PORT.
+8. The reply arrives at docker_gwbridge0 interface of host NS with dstIP=CLIENT_IP, dstPort=CLIENT_PORT, srcIP=172.18.0.2, srcPort=30000. The reply ?un-snats? with nat rule in service setup(6) with srcIP changes to 172.31.2.1. And is then forwarded out of eth0 interface, and complete the traffic flow. From external view,  request enters host with dstIP=172.31.2.1, dstPort=30000, srcIP=CLIENT_IP, srcPort=CLIENT_PORT; and reply exits with  dstIP=CLIENT_IP, dstPort=CLIENT_PORT, srcIP=172.31.2.1, srcPort=30000.
+
+
+## Other Flows
+
+**Northbound traffic originated from a container instance, for example, ping [www.cnn.com](www.cnn.com):**
+
+The traffic flow is exactly the same as in bridge mode, except it is via docker_gwbridge in host NS, and traffic is masqueraded with nat rule in initial setup (2).
+
+**DNS traffic**
+
+DNS lookup traffic is routed to docker engine from container instance for service discovery, filling the blank.
+
+
+# Other IPTable Chain and Rules
+
+Other iptable chains and rules created and/or managed by docker engine/libnetwork.
+
+**DOCKER-USER**: inserted as the first rule  to FORWARD chain of filter iptable in host NS. So that user can independently managed traffic that may or may not be related docker containers.
+
+**DOCKER-ISOLATION-STAGE-1** / 2: Filling in the blank
+
+
+<!-- Docs to Markdown version 1.0?17 -->
+
diff --git a/libnetwork/docs/networkdb.md b/libnetwork/docs/networkdb.md
new file mode 100644
index 0000000000000..dbd17e4df7d25
--- /dev/null
+++ b/libnetwork/docs/networkdb.md
@@ -0,0 +1,66 @@
+NetworkDB
+=========
+
+There are two databases used in libnetwork:
+
+- A persistent database that stores the network configuration requested by the user. This is typically the SwarmKit managers' raft store.
+- A non-persistent peer-to-peer gossip-based database that keeps track of the current runtime state. This is NetworkDB.
+
+NetworkDB is based on the [SWIM][] protocol, which is implemented by the [memberlist][] library.
+`memberlist` manages cluster membership (nodes can join and leave), as well as message encryption.
+Members of the cluster send each other ping messages from time to time, allowing the cluster to detect when a node has become unavailable.
+
+The information held by each node in NetworkDB is:
+
+- The set of nodes currently in the cluster (plus nodes that have recently left or failed).
+- For each peer node, the set of networks to which that node is connected.
+- For each of the node's currently-in-use networks, a set of named tables of key/value pairs.
+  Note that nodes only keep track of tables for networks to which they belong.
+
+Updates spread through the cluster from node to node, and nodes may have inconsistent views at any given time.
+They will eventually converge (quickly, if the network is operating well).
+Nodes look up information using their local networkdb instance. Queries are not sent to remote nodes.
+
+NetworkDB does not impose any structure on the tables; they are just maps from `string` keys to `[]byte` values.
+Other components in libnetwork use the tables for their own purposes.
+For example, there are tables for service discovery and load balancing,
+and the [overlay](overlay.md) driver uses NetworkDB to store routing information.
+Updates to a network's tables are only shared between nodes that are on that network.
+
+All libnetwork nodes join the gossip cluster.
+To do this, they need the IP address and port of at least one other member of the cluster.
+In the case of a SwarmKit cluster, for example, each Docker engine will use the IP addresses of the swarm managers as the initial join addresses.
+The `Join` method can be used to update these bootstrap IPs if they change while the system is running.
+
+When joining the cluster, the new node will initially synchronise its cluster-wide state (known nodes and networks, but not tables) with at least one other node.
+The state will be mostly kept up-to-date by small UDP gossip messages, but each node will also periodically perform a push-pull TCP sync with another random node.
+In a push-pull sync, the initiator sends all of its cluster-wide state to the target, and the target then sends all of its own state back in response.
+
+Once part of the gossip cluster, a node will also send a `NodeEventTypeJoin` message, which is a custom message defined by NetworkDB.
+This is not actually needed now, but keeping it is useful for backwards compatibility with nodes running previous versions.
+
+While a node is active in the cluster, it can join and leave networks.
+When a node wants to join a network, it will send a `NetworkEventTypeJoin` message via gossip to the whole cluster.
+It will also perform a bulk-sync of the network-specific state (the tables) with every other node on the network being joined.
+This will allow it to get all the network-specific information quickly.
+The tables will mostly be kept up-to-date by UDP gossip messages between the nodes on that network, but
+each node in the network will also periodically do a full TCP bulk sync of the tables with another random node on the same network.
+
+Note that there are two similar, but separate, gossip-and-periodic-sync mechanisms here:
+
+1. memberlist-provided gossip and push-pull sync of cluster-wide state, involving all nodes in the cluster.
+2. networkdb-provided gossip and bulk sync of network tables, for each network, involving just those nodes in that network.
+
+When a node wishes to leave a network, it will send a `NetworkEventTypeLeave` via gossip. It will then delete the network's table data.
+When a node hears that another node is leaving a network, it deletes all table entries belonging to the leaving node.
+Deleting an entry in this case means marking it for deletion for a while, so that we can detect and ignore any older events that may arrive about it.
+
+When a node wishes to leave the cluster, it will send a `NodeEventTypeLeave` message via gossip.
+Nodes receiving this will mark the node as "left".
+The leaving node will then send a memberlist leave message too.
+If we receive the memberlist leave message without first getting the `NodeEventTypeLeave` one, we mark the node as failed (for a while).
+Every node periodically attempts to reconnect to failed nodes, and will do a push-pull sync of cluster-wide state on success.
+On success we also send the node a `NodeEventTypeJoin` and then do a bulk sync of network-specific state for all networks that we have in common.
+
+[SWIM]: http://ieeexplore.ieee.org/document/1028914/
+[memberlist]: https://github.com/hashicorp/memberlist
diff --git a/libnetwork/docs/overlay.md b/libnetwork/docs/overlay.md
new file mode 100644
index 0000000000000..7e9094d3722a8
--- /dev/null
+++ b/libnetwork/docs/overlay.md
@@ -0,0 +1,153 @@
+# Overlay Driver
+
+### Design
+TODO
+
+### Multi-Host Overlay Driver Quick Start
+
+This example is to provision two Docker Hosts with the **experimental** Libnetwork overlay network driver.
+
+### Pre-Requisites
+
+- Kernel >= 3.16
+- Experimental Docker client
+
+### Install Docker Experimental
+
+Follow Docker experimental installation instructions at: [https://github.com/docker/docker/tree/master/experimental](https://github.com/docker/docker/tree/master/experimental)
+
+To ensure you are running the experimental Docker branch, check the version and look for the experimental tag:
+
+```
+$ docker -v
+Docker version 1.8.0-dev, build f39b9a0, experimental
+```
+
+### Install and Bootstrap K/V Store
+
+
+Multi-host networking uses a pluggable Key-Value store backend to distribute states using `libkv`.
+`libkv` supports multiple pluggable backends such as `consul`, `etcd` & `zookeeper` (more to come).
+
+In this example we will use `consul`
+
+Install:
+
+```
+$ curl -OL https://dl.bintray.com/mitchellh/consul/0.5.2_linux_amd64.zip
+$ unzip 0.5.2_linux_amd64.zip
+$ mv consul /usr/local/bin/
+```
+
+**host-1** Start Consul as a server in bootstrap mode:
+
+``` 
+$ consul agent -server -bootstrap -data-dir /tmp/consul -bind=<host-1-ip-address>
+```
+
+**host-2** Start the Consul agent:
+
+``` 
+$ consul agent -data-dir /tmp/consul -bind=<host-2-ip-address>
+$ consul join <host-1-ip-address>
+```
+
+
+### Start the Docker Daemon with the Network Driver Daemon Flags
+
+**host-1** Docker daemon:
+
+```
+$ docker -d --kv-store=consul:localhost:8500 --label=com.docker.network.driver.overlay.bind_interface=eth0
+```
+
+**host-2** Start the Docker Daemon with the neighbor ID configuration:
+
+```
+$ docker -d --kv-store=consul:localhost:8500 --label=com.docker.network.driver.overlay.bind_interface=eth0 --label=com.docker.network.driver.overlay.neighbor_ip=<host-1-ip-address>
+```
+
+### QuickStart Containers Attached to a Network
+
+**host-1** Start a container that publishes a service svc1 in the network dev that is managed by overlay driver.
+
+```
+$ docker run -i -t --publish-service=svc1.dev.overlay debian
+root@21578ff721a9:/# ip add show eth0
+34: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
+    link/ether 02:42:ec:41:35:bf brd ff:ff:ff:ff:ff:ff
+    inet 172.21.0.16/16 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 fe80::42:ecff:fe41:35bf/64 scope link
+       valid_lft forever preferred_lft forever
+```
+
+**host-2** Start a container that publishes a service svc2 in the network dev that is managed by overlay driver.
+
+```
+$ docker run -i -t --publish-service=svc2.dev.overlay debian
+root@d217828eb876:/# ping svc1
+PING svc1 (172.21.0.16): 56 data bytes
+64 bytes from 172.21.0.16: icmp_seq=0 ttl=64 time=0.706 ms
+64 bytes from 172.21.0.16: icmp_seq=1 ttl=64 time=0.687 ms
+64 bytes from 172.21.0.16: icmp_seq=2 ttl=64 time=0.841 ms
+```
+### Detailed Setup
+
+You can also setup networks and services and then attach a running container to them.
+
+**host-1**:
+
+```
+docker network create -d overlay prod 
+docker network ls
+docker network info prod
+docker service publish db1.prod
+cid=$(docker run -itd -p 8000:8000 ubuntu)
+docker service attach $cid db1.prod
+```
+
+**host-2**:
+
+```
+docker network ls
+docker network info prod
+docker service publish db2.prod
+cid=$(docker run -itd -p 8000:8000 ubuntu)
+docker service attach $cid db2.prod
+```
+
+Once a container is started, a container on `host-1` and `host-2` both containers should be able to ping one another via IP, service name, \<service name>.\<network name>
+
+
+View information about the networks and services using `ls` and `info` subcommands like so:
+
+```
+$ docker service ls
+SERVICE ID          NAME                  NETWORK             CONTAINER
+0771deb5f84b        db2                   prod                0e54a527f22c
+aea23b224acf        db1                   prod                4b0a309ca311
+
+$ docker network info prod
+Network Id: 5ac68be2518959b48ad102e9ec3d8f42fb2ec72056aa9592eb5abd0252203012
+	Name: prod
+	Type: overlay
+
+$ docker service info db1.prod
+Service Id: aea23b224acfd2da9b893870e0d632499188a1a4b3881515ba042928a9d3f465
+	Name: db1
+	Network: prod
+```
+
+To detach and unpublish a service:
+
+```
+$ docker service detach $cid <service>.<network>
+$ docker service unpublish <service>.<network>
+
+# Example:
+$ docker service detach $cid  db2.prod
+$ docker service unpublish db2.prod
+```
+
+To reiterate, this is experimental, and will be under active development.
diff --git a/libnetwork/docs/remote.md b/libnetwork/docs/remote.md
new file mode 100644
index 0000000000000..120f74abf10ba
--- /dev/null
+++ b/libnetwork/docs/remote.md
@@ -0,0 +1,304 @@
+Remote Drivers
+==============
+
+The `drivers.remote` package provides the integration point for dynamically-registered drivers. Unlike the other driver packages, it does not provide a single implementation of a driver; rather, it provides a proxy for remote driver processes, which are registered and communicate with LibNetwork via the Docker plugin package.
+
+For the semantics of driver methods, which correspond to the protocol below, please see the [overall design](design.md).
+
+## LibNetwork integration with the Docker `plugins` package
+
+When LibNetwork initializes the `drivers.remote` package with the `Init()` function, it passes a `DriverCallback` as a parameter, which implements `RegisterDriver()`. The remote driver package uses this interface to register remote drivers with LibNetwork's `NetworkController`, by supplying it in a `plugins.Handle` callback.
+
+The callback is invoked when a driver is loaded with the `plugins.Get` API call. How that comes about is out of scope here (but it might be, for instance, when that driver is mentioned by the user).
+
+This design ensures that the details of driver registration mechanism are owned by the remote driver package, and it doesn't expose any of the driver layer to the North of LibNetwork.
+
+## Implementation
+
+The remote driver implementation uses a `plugins.Client` to communicate with the remote driver process. The `driverapi.Driver` methods are implemented as RPCs over the plugin client.
+
+The payloads of these RPCs are mostly direct translations into JSON of the arguments given to the method. There are some exceptions to account for the use of the interfaces `InterfaceInfo` and `JoinInfo`, and data types that do not serialise to JSON well (e.g., `net.IPNet`). The protocol is detailed below under "Protocol".
+
+## Usage
+
+A remote driver proxy follows all the rules of any other in-built driver and has exactly the same `Driver` interface exposed. LibNetwork will also support driver-specific `options` and user-supplied `labels` which may influence the behaviour of a remote driver process.
+
+## Protocol
+
+The remote driver protocol is a set of RPCs, issued as HTTP POSTs with JSON payloads. The proxy issues requests, and the remote driver process is expected to respond usually with a JSON payload of its own, although in some cases these are empty maps.
+
+### Errors
+
+If the remote process cannot decode, or otherwise detects a syntactic problem with the HTTP request or payload, it must respond with an HTTP error status (4xx or 5xx).
+
+If the remote process http server receives a request for an unknown URI, it should respond with the HTTP StatusCode `404 Not Found`. This allows LibNetwork to detect when a remote driver does not implement yet a newly added method, therefore not to deem the request as failed.
+
+If the remote process can decode the request, but cannot complete the operation, it must send a response in the form
+
+    {
+		"Err": string
+    }
+
+The string value supplied may appear in logs, so should not include confidential information.
+
+### Handshake
+
+When loaded, a remote driver process receives an HTTP POST on the URL `/Plugin.Activate` with no payload. It must respond with a manifest of the form
+
+    {
+		"Implements": ["NetworkDriver"]
+    }
+
+Other entries in the list value are allowed; `"NetworkDriver"` indicates that the plugin should be registered with LibNetwork as a driver.
+
+### Set capability
+
+After Handshake, the remote driver will receive another POST message to the URL `/NetworkDriver.GetCapabilities` with no payload. The driver's response should have the form:
+
+	{
+		"Scope":             "local"
+		"ConnectivityScope": "global"
+	}
+
+Value of "Scope" should be either "local" or "global" which indicates whether the resource allocations for this driver's network can be done only locally to the node or globally across the cluster of nodes. Any other value will fail driver's registration and return an error to the caller.
+Similarly, value of "ConnectivityScope" should be either "local" or "global" which indicates whether the driver's network can provide connectivity only locally to this node or globally across the cluster of nodes. If the value is missing, libnetwork will set it to the value of "Scope". should be either "local" or "global" which indicates
+
+### Create network
+
+When the proxy is asked to create a network, the remote process shall receive a POST to the URL `/NetworkDriver.CreateNetwork` of the form
+
+    {
+		"NetworkID": string,
+		"IPv4Data" : [
+		{
+			"AddressSpace": string,
+			"Pool": ipv4-cidr-string,
+			"Gateway" : ipv4-cidr-string,
+			"AuxAddresses": {
+				"<identifier1>" : "<ipv4-address1>",
+				"<identifier2>" : "<ipv4-address2>",
+				...
+			}
+		},
+		],
+		"IPv6Data" : [
+		{
+			"AddressSpace": string,
+			"Pool": ipv6-cidr-string,
+			"Gateway" : ipv6-cidr-string,
+			"AuxAddresses": {
+				"<identifier1>" : "<ipv6-address1>",
+				"<identifier2>" : "<ipv6-address2>",
+				...
+			}
+		},
+		],
+		"Options": {
+			...
+		}
+    }
+
+* `NetworkID` value is generated by LibNetwork which represents a unique network. 
+* `Options` value is the arbitrary map given to the proxy by LibNetwork. 
+* `IPv4Data` and `IPv6Data` are the ip-addressing data configured by the user and managed by IPAM driver. The network driver is expected to honor the ip-addressing data supplied by IPAM driver. The data include,
+* `AddressSpace` : A unique string represents an isolated space for IP Addressing 
+* `Pool` : A range of IP Addresses represented in CIDR format address/mask. Since, the IPAM driver is responsible for allocating container ip-addresses, the network driver can make use of this information for the network plumbing purposes.
+* `Gateway` : Optionally, the IPAM driver may provide a Gateway IP address in CIDR format for the subnet represented by the Pool. The network driver can make use of this information for the network plumbing purposes.
+* `AuxAddresses` : A list of pre-allocated ip-addresses with an associated identifier as provided by the user to assist network driver if it requires specific ip-addresses for its operation.
+
+The response indicating success is empty:
+
+    {}
+
+### Delete network
+
+When a network owned by the remote driver is deleted, the remote process shall receive a POST to the URL `/NetworkDriver.DeleteNetwork` of the form
+
+    {
+		"NetworkID": string
+    }
+
+The success response is empty:
+
+    {}
+
+### Create endpoint
+
+When the proxy is asked to create an endpoint, the remote process shall receive a POST to the URL `/NetworkDriver.CreateEndpoint` of the form
+
+    {
+		"NetworkID": string,
+		"EndpointID": string,
+		"Options": {
+			...
+		},
+		"Interface": {
+			"Address": string,
+			"AddressIPv6": string,
+			"MacAddress": string
+		}
+    }
+
+The `NetworkID` is the generated identifier for the network to which the endpoint belongs; the `EndpointID` is a generated identifier for the endpoint.
+
+`Options` is an arbitrary map as supplied to the proxy.
+
+The `Interface` value is of the form given. The fields in the `Interface` may be empty; and the `Interface` itself may be empty. If supplied, `Address` is an IPv4 address and subnet in CIDR notation; e.g., `"192.168.34.12/16"`. If supplied, `AddressIPv6` is an IPv6 address and subnet in CIDR notation. `MacAddress` is a MAC address as a string; e.g., `"6e:75:32:60:44:c9"`.
+
+A success response is of the form
+
+    {
+		"Interface": {
+			"Address": string,
+			"AddressIPv6": string,
+			"MacAddress": string
+		}
+    }
+
+with values in the `Interface` as above. As far as the value of `Interface` is concerned, `MacAddress` and either or both of `Address` and `AddressIPv6` must be given.
+
+If the remote process was supplied a non-empty value in `Interface`, it must respond with an empty `Interface` value. LibNetwork will treat it as an error if it supplies a non-empty value and receives a non-empty value back, and roll back the operation.
+
+### Endpoint operational info
+
+The proxy may be asked for "operational info" on an endpoint. When this happens, the remote process shall receive a POST to `/NetworkDriver.EndpointOperInfo` of the form
+
+    {
+		"NetworkID": string,
+		"EndpointID": string
+    }
+
+where `NetworkID` and `EndpointID` have meanings as above. It must send a response of the form
+
+    {
+		"Value": { ... }
+    }
+
+where the value of the `Value` field is an arbitrary (possibly empty) map.
+
+### Delete endpoint
+
+When an endpoint is deleted, the remote process shall receive a POST to the URL `/NetworkDriver.DeleteEndpoint` with a body of the form
+
+    {
+		"NetworkID": string,
+		"EndpointID": string
+    }
+
+where `NetworkID` and `EndpointID` have meanings as above. A success response is empty:
+
+    {}
+
+### Join
+
+When a sandbox is given an endpoint, the remote process shall receive a POST to the URL `NetworkDriver.Join` of the form
+
+    {
+		"NetworkID": string,
+		"EndpointID": string,
+		"SandboxKey": string,
+		"Options": { ... }
+    }
+
+The `NetworkID` and `EndpointID` have meanings as above. The `SandboxKey` identifies the sandbox. `Options` is an arbitrary map as supplied to the proxy.
+
+The response must have the form
+
+    {
+		"InterfaceName": {
+			SrcName: string,
+			DstPrefix: string
+		},
+		"Gateway": string,
+		"GatewayIPv6": string,
+		"StaticRoutes": [{
+			"Destination": string,
+			"RouteType": int,
+			"NextHop": string,
+		}, ...]
+    }
+
+`Gateway` is optional and if supplied is an IP address as a string; e.g., `"192.168.0.1"`. `GatewayIPv6` is optional and if supplied is an IPv6 address as a string; e.g., `"fe80::7809:baff:fec6:7744"`.
+
+The entries in `InterfaceName` represent actual OS level interfaces that should be moved by LibNetwork into the sandbox; the `SrcName` is the name of the OS level interface that the remote process created, and the `DstPrefix` is a prefix for the name the OS level interface should have after it has been moved into the sandbox (LibNetwork will append an index to make sure the actual name does not collide with others).
+
+The entries in `"StaticRoutes"` represent routes that should be added to an interface once it has been moved into the sandbox. Since there may be zero or more routes for an interface, unlike the interface name they can be supplied in any order.
+
+Routes are either given a `RouteType` of `0` and a value for `NextHop`; or, a `RouteType` of `1` and no value for `NextHop`, meaning a connected route.
+
+If no gateway and no default static route is set by the driver in the Join response, LibNetwork will add an additional interface to the sandbox connecting to a default gateway network (a bridge network named *docker_gwbridge*) and program the default gateway into the sandbox accordingly, pointing to the interface address of the bridge *docker_gwbridge*.
+
+### Leave
+
+If the proxy is asked to remove an endpoint from a sandbox, the remote process shall receive a POST to the URL `/NetworkDriver.Leave` of the form
+
+    {
+		"NetworkID": string,
+		"EndpointID": string
+    }
+
+where `NetworkID` and `EndpointID` have meanings as above. The success response is empty:
+
+    {}
+
+### DiscoverNew Notification
+
+LibNetwork listens to inbuilt docker discovery notifications and passes it along to the interested drivers. 
+
+When the proxy receives a DiscoverNew notification, the remote process shall receive a POST to the URL `/NetworkDriver.DiscoverNew` of the form
+
+    {
+		"DiscoveryType": int,
+		"DiscoveryData": {
+			...
+		}
+    }
+
+`DiscoveryType` represents the discovery type. Each Discovery Type is represented by a number.
+`DiscoveryData` carries discovery data the structure of which is determined by the DiscoveryType
+
+The response indicating success is empty:
+
+    {}
+
+*  Node Discovery
+
+Node Discovery is represented by a `DiscoveryType` value of `1` and the corresponding `DiscoveryData` will carry Node discovery data.
+
+    {
+		"DiscoveryType": int,
+		"DiscoveryData": {
+                    "Address" : string
+                    "self" : bool
+		}
+    }
+
+### DiscoverDelete Notification
+
+When the proxy receives a DiscoverDelete notification, the remote process shall receive a POST to the URL `/NetworkDriver.DiscoverDelete` of the form
+
+    {
+		"DiscoveryType": int,
+		"DiscoveryData": {
+			...
+		}
+    }
+
+`DiscoveryType` represents the discovery type. Each Discovery Type is represented by a number.
+`DiscoveryData` carries discovery data the structure of which is determined by the DiscoveryType
+
+The response indicating success is empty:
+
+    {}
+
+* Node Discovery
+
+Similar to the DiscoverNew call, Node Discovery is represented by a `DiscoveryType` value of `1` and the corresponding `DiscoveryData` will carry Node discovery data to be deleted.
+
+    {
+		"DiscoveryType": int,
+		"DiscoveryData": {
+                    "Address" : string
+                    "self" : bool
+		}
+    }
diff --git a/libnetwork/docs/vagrant-systemd/docker.service b/libnetwork/docs/vagrant-systemd/docker.service
new file mode 100644
index 0000000000000..f17b7848f5df5
--- /dev/null
+++ b/libnetwork/docs/vagrant-systemd/docker.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network.target docker.socket
+Requires=docker.socket
+
+[Service]
+EnvironmentFile=-/etc/default/docker
+ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS
+MountFlags=slave
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+
+[Install]
+WantedBy=multi-user.target
diff --git a/libnetwork/docs/vagrant.md b/libnetwork/docs/vagrant.md
new file mode 100644
index 0000000000000..0d2d3daa0967e
--- /dev/null
+++ b/libnetwork/docs/vagrant.md
@@ -0,0 +1,185 @@
+# Vagrant Setup to Test the Overlay Driver
+
+This documentation highlights how to use Vagrant to start a three nodes setup to test Docker network.
+
+## Pre-requisites
+
+This was tested on:
+
+- Vagrant 1.7.2
+- VirtualBox 4.3.26
+
+## Machine Setup
+
+The Vagrantfile provided will start three virtual machines. One will act as a consul server, and the other two will act as Docker host.
+The experimental version of Docker is installed.
+
+- `consul-server` is the Consul server node, based on Ubuntu 14.04, this has IP 192.168.33.10
+- `net-1` is the first Docker host based on Ubuntu 14.10, this has IP 192.168.33.11
+- `net-2` is the second Docker host based on Ubuntu 14.10, this has IP 192.168.33.12
+
+## Getting Started
+
+Clone this repo, change to the `docs` directory and let Vagrant do the work.
+
+    $ vagrant up
+    $ vagrant status
+    Current machine states:
+
+    consul-server             running (virtualbox)
+    net-1                     running (virtualbox)
+    net-2                     running (virtualbox)
+
+You are now ready to SSH to the Docker hosts and start containers.
+
+    $ vagrant ssh net-1
+    vagrant@net-1:~$ docker version
+    Client version: 1.8.0-dev
+    ...<snip>...
+
+Check that Docker network is functional by listing the default networks:
+
+    vagrant@net-1:~$ docker network ls
+    NETWORK ID          NAME                TYPE
+    4275f8b3a821        none                null                
+    80eba28ed4a7        host                host                
+    64322973b4aa        bridge              bridge              
+
+No services has been published so far, so the `docker service ls` will return an empty list:
+
+    $ docker service ls
+    SERVICE ID          NAME                NETWORK             CONTAINER
+
+Start a container and check the content of `/etc/hosts`.
+
+    $ docker run -it --rm ubuntu:14.04 bash
+    root@df479e660658:/# cat /etc/hosts
+    172.21.0.3	df479e660658
+    127.0.0.1	localhost
+    ::1	localhost ip6-localhost ip6-loopback
+    fe00::0	ip6-localnet
+    ff00::0	ip6-mcastprefix
+    ff02::1	ip6-allnodes
+    ff02::2	ip6-allrouters
+    172.21.0.3	distracted_bohr
+    172.21.0.3	distracted_bohr.multihost
+
+In a separate terminal on `net-1` list the networks again. You will see that the _multihost_ overlay now appears.
+The overlay network _multihost_ is your default network. This was setup by the Docker daemon during the Vagrant provisioning. Check `/etc/default/docker` to see the options that were set.
+
+    vagrant@net-1:~$ docker network ls
+    NETWORK ID          NAME                TYPE
+    4275f8b3a821        none                null
+    80eba28ed4a7        host                host
+    64322973b4aa        bridge              bridge
+    b5c9f05f1f8f        multihost           overlay
+
+Now in a separate terminal, SSH to `net-2`, check the network and services. The networks will be the same, and the default network will also be _multihost_ of type overlay. But the service will show the container started on `net-1`:
+
+    $ vagrant ssh net-2
+    vagrant@net-2:~$ docker service ls
+    SERVICE ID          NAME                NETWORK             CONTAINER
+    b00f2bfd81ac        distracted_bohr     multihost           df479e660658
+
+Start a container on `net-2` and check the `/etc/hosts`.
+
+    vagrant@net-2:~$ docker run -ti --rm ubuntu:14.04 bash
+    root@2ac726b4ce60:/# cat /etc/hosts
+    172.21.0.4	2ac726b4ce60
+    127.0.0.1	localhost
+    ::1	localhost ip6-localhost ip6-loopback
+    fe00::0	ip6-localnet
+    ff00::0	ip6-mcastprefix
+    ff02::1	ip6-allnodes
+    ff02::2	ip6-allrouters
+    172.21.0.3	distracted_bohr
+    172.21.0.3	distracted_bohr.multihost
+    172.21.0.4	modest_curie
+    172.21.0.4	modest_curie.multihost
+
+You will see not only the container that you just started on `net-2` but also the container that you started earlier on `net-1`.
+And of course you will be able to ping each container.
+
+## Creating a Non Default Overlay Network
+
+In the previous test we started containers with regular options `-ti --rm` and these containers got placed automatically in the default network which was set to be the _multihost_ network of type overlay.
+
+But you could create your own overlay network and start containers in it. Let's create a new overlay network.
+On one of your Docker hosts, `net-1` or `net-2` do:
+
+    $ docker network create -d overlay foobar
+    8805e22ad6e29cd7abb95597c91420fdcac54f33fcdd6fbca6dd4ec9710dd6a4
+    $ docker network ls
+    NETWORK ID          NAME                TYPE
+    a77e16a1e394        host                host                
+    684a4bb4c471        bridge              bridge              
+    8805e22ad6e2        foobar              overlay             
+    b5c9f05f1f8f        multihost           overlay             
+    67d5a33a2e54        none                null   
+
+Automatically, the second host will also see this network. To start a container on this new network, simply use the `--publish-service` option of `docker run` like so:
+
+    $ docker run -it --rm --publish-service=bar.foobar.overlay ubuntu:14.04 bash
+
+Note, that you could directly start a container with a new overlay using the `--publish-service` option and it will create the network automatically.
+
+Check the docker services now:
+
+    $ docker service ls
+    SERVICE ID          NAME                NETWORK             CONTAINER
+    b1ffdbfb1ac6        bar                 foobar              6635a3822135
+
+Repeat the getting started steps, by starting another container in this new overlay on the other host, check the `/etc/hosts` file and try to ping each container.
+
+## A look at the interfaces
+
+This new Docker multihost networking is made possible via VXLAN tunnels and the use of network namespaces.
+Check the [design](design.md) documentation for all the details. But to explore these concepts a bit, nothing beats an example.
+
+With a running container in one overlay, check the network namespace:
+
+    $ docker inspect -f '{{ .NetworkSettings.SandboxKey}}' 6635a3822135
+    /var/run/docker/netns/6635a3822135
+
+This is a none default location for network namespaces which might confuse things a bit. So let's become root, head over to this directory that contains the network namespaces of the containers and check the interfaces:
+
+    $ sudo su
+    root@net-2:/home/vagrant# cd /var/run/docker/
+    root@net-2:/var/run/docker# ls netns
+    6635a3822135
+    8805e22ad6e2
+
+To be able to check the interfaces in those network namespace using `ip` command, just create a symlink for `netns` that points to `/var/run/docker/netns`:
+
+    root@net-2:/var/run# ln -s /var/run/docker/netns netns
+    root@net-2:/var/run# ip netns show
+    6635a3822135
+    8805e22ad6e2
+
+The two namespace ID return are the ones of the running container on that host and the one of the actual overlay network the container is in.
+Let's check the interfaces in the container:
+
+    root@net-2:/var/run/docker# ip netns exec 6635a3822135 ip addr show eth0
+    15: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
+        link/ether 02:42:b3:91:22:c3 brd ff:ff:ff:ff:ff:ff
+        inet 172.21.0.5/16 scope global eth0
+           valid_lft forever preferred_lft forever
+        inet6 fe80::42:b3ff:fe91:22c3/64 scope link 
+           valid_lft forever preferred_lft forever
+
+Indeed we get back the network interface of our running container, same MAC address, same IP.
+If we check the links of the overlay namespace we see our vxlan interface and the VLAN ID being used.
+
+    root@net-2:/var/run/docker# ip netns exec 8805e22ad6e2 ip -d link show
+    ...<snip>...
+    14: vxlan1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default 
+        link/ether 7a:af:20:ee:e3:81 brd ff:ff:ff:ff:ff:ff promiscuity 1 
+        vxlan id 256 srcport 32768 61000 dstport 8472 proxy l2miss l3miss ageing 300 
+        bridge_slave 
+    16: veth2: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT group default qlen 1000
+        link/ether 46:b1:e2:5c:48:a8 brd ff:ff:ff:ff:ff:ff promiscuity 1 
+        veth 
+        bridge_slave  
+
+If you sniff packets on these interfaces you will see the traffic between your containers.
+
diff --git a/vendor/github.com/docker/libnetwork/driverapi/driverapi.go b/libnetwork/driverapi/driverapi.go
similarity index 96%
rename from vendor/github.com/docker/libnetwork/driverapi/driverapi.go
rename to libnetwork/driverapi/driverapi.go
index 3d667ceb7e792..e9a0b5b1d31fe 100644
--- a/vendor/github.com/docker/libnetwork/driverapi/driverapi.go
+++ b/libnetwork/driverapi/driverapi.go
@@ -3,8 +3,8 @@ package driverapi
 import (
 	"net"
 
+	"github.com/docker/docker/libnetwork/discoverapi"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/libnetwork/discoverapi"
 )
 
 // NetworkPluginEndpointType represents the Endpoint Type used by Plugin system
@@ -95,6 +95,11 @@ type NetworkInfo interface {
 	// TableEventRegister registers driver interest in a given
 	// table name.
 	TableEventRegister(tableName string, objType ObjectType) error
+
+	// UpdateIPamConfig updates the networks IPAM configuration
+	// based on information from the driver.  In windows, the OS (HNS) chooses
+	// the IP address space if the user does not specify an address space.
+	UpdateIpamConfig(ipV4Data []IPAMData)
 }
 
 // InterfaceInfo provides a go interface for drivers to retrieve
diff --git a/libnetwork/driverapi/driverapi_test.go b/libnetwork/driverapi/driverapi_test.go
new file mode 100644
index 0000000000000..e26da27e148aa
--- /dev/null
+++ b/libnetwork/driverapi/driverapi_test.go
@@ -0,0 +1,118 @@
+package driverapi
+
+import (
+	"encoding/json"
+	"net"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+func TestIPDataMarshalling(t *testing.T) {
+	i := &IPAMData{
+		AddressSpace: "giallo",
+		Pool:         &net.IPNet{IP: net.IP{10, 10, 10, 8}, Mask: net.IPMask{255, 255, 255, 0}},
+		Gateway:      &net.IPNet{IP: net.IP{10, 10, 10, 254}, Mask: net.IPMask{255, 255, 255, 0}},
+		AuxAddresses: map[string]*net.IPNet{
+			"ip1": {IP: net.IP{10, 10, 10, 1}, Mask: net.IPMask{255, 255, 255, 0}},
+			"ip2": {IP: net.IP{10, 10, 10, 2}, Mask: net.IPMask{255, 255, 255, 0}},
+		},
+	}
+
+	b, err := json.Marshal(i)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ii := &IPAMData{}
+	err = json.Unmarshal(b, &ii)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if i.AddressSpace != ii.AddressSpace || !types.CompareIPNet(i.Pool, ii.Pool) ||
+		!types.CompareIPNet(i.Gateway, ii.Gateway) ||
+		!compareAddresses(i.AuxAddresses, ii.AuxAddresses) {
+		t.Fatalf("JSON marsh/unmarsh failed.\nOriginal:\n%s\nDecoded:\n%s", i, ii)
+	}
+}
+
+func compareAddresses(a, b map[string]*net.IPNet) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	if len(a) > 0 {
+		for k := range a {
+			if !types.CompareIPNet(a[k], b[k]) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func TestValidateAndIsV6(t *testing.T) {
+	var err error
+
+	i := &IPAMData{
+		Pool:    &net.IPNet{IP: net.IP{10, 10, 10, 8}, Mask: net.IPMask{255, 255, 255, 0}},
+		Gateway: &net.IPNet{IP: net.IP{10, 10, 10, 254}, Mask: net.IPMask{255, 255, 255, 0}},
+		AuxAddresses: map[string]*net.IPNet{
+			"ip1": {IP: net.IP{10, 10, 10, 1}, Mask: net.IPMask{255, 255, 255, 0}},
+			"ip2": {IP: net.IP{10, 10, 10, 2}, Mask: net.IPMask{255, 255, 255, 0}},
+		},
+	}
+
+	// Check ip version
+	if i.IsV6() {
+		t.Fatal("incorrect ip version returned")
+	}
+	orig := i.Pool
+	if i.Pool, err = types.ParseCIDR("2001:db8::33/64"); err != nil {
+		t.Fatal(err)
+	}
+	if !i.IsV6() {
+		t.Fatal("incorrect ip version returned")
+	}
+	i.Pool = orig
+
+	// valid ip data
+	if err = i.Validate(); err != nil {
+		t.Fatal(err)
+	}
+
+	// incongruent gw ver
+	if i.Gateway, err = types.ParseCIDR("2001:db8::45/65"); err != nil {
+		t.Fatal(err)
+	}
+	if err = i.Validate(); err == nil {
+		t.Fatal("expected error but succeeded")
+	}
+	i.Gateway = nil
+
+	// incongruent secondary ip ver
+	if i.AuxAddresses["ip2"], err = types.ParseCIDR("2001:db8::44/80"); err != nil {
+		t.Fatal(err)
+	}
+	if err = i.Validate(); err == nil {
+		t.Fatal("expected error but succeeded")
+	}
+	delete(i.AuxAddresses, "ip2")
+
+	// gw outside pool
+	if i.Gateway, err = types.ParseCIDR("10.10.15.254/24"); err != nil {
+		t.Fatal(err)
+	}
+	if err = i.Validate(); err == nil {
+		t.Fatal("expected error but succeeded")
+	}
+	i.Gateway = nil
+
+	// sec ip outside of pool
+	if i.AuxAddresses["ip1"], err = types.ParseCIDR("10.10.2.1/24"); err != nil {
+		t.Fatal(err)
+	}
+	if err = i.Validate(); err == nil {
+		t.Fatal("expected error but succeeded")
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/driverapi/errors.go b/libnetwork/driverapi/errors.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/driverapi/errors.go
rename to libnetwork/driverapi/errors.go
diff --git a/vendor/github.com/docker/libnetwork/driverapi/ipamdata.go b/libnetwork/driverapi/ipamdata.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/driverapi/ipamdata.go
rename to libnetwork/driverapi/ipamdata.go
index fc1c2af441afb..5d47122e2f46c 100644
--- a/vendor/github.com/docker/libnetwork/driverapi/ipamdata.go
+++ b/libnetwork/driverapi/ipamdata.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 // MarshalJSON encodes IPAMData into json message
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go b/libnetwork/drivers/bridge/bridge.go
similarity index 88%
rename from vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go
rename to libnetwork/drivers/bridge/bridge.go
index b617ea7bc445e..0c7811c1ef143 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go
+++ b/libnetwork/drivers/bridge/bridge.go
@@ -1,9 +1,11 @@
+//go:build linux
+// +build linux
+
 package bridge
 
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@@ -12,17 +14,17 @@ import (
 	"sync"
 	"syscall"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/iptables"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/options"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/portmapper"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/portmapper"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 )
@@ -57,6 +59,7 @@ type iptablesCleanFuncs []iptableCleanFunc
 type configuration struct {
 	EnableIPForwarding  bool
 	EnableIPTables      bool
+	EnableIP6Tables     bool
 	EnableUserlandProxy bool
 	UserlandProxyPath   string
 }
@@ -68,9 +71,11 @@ type networkConfiguration struct {
 	EnableIPv6           bool
 	EnableIPMasquerade   bool
 	EnableICC            bool
+	InhibitIPv4          bool
 	Mtu                  int
 	DefaultBindingIP     net.IP
 	DefaultBridge        bool
+	HostIP               net.IP
 	ContainerIfacePrefix string
 	// Internal fields set after ipam data parsing
 	AddressIPv4        *net.IPNet
@@ -131,22 +136,26 @@ type bridgeNetwork struct {
 	config        *networkConfiguration
 	endpoints     map[string]*bridgeEndpoint // key: endpoint id
 	portMapper    *portmapper.PortMapper
+	portMapperV6  *portmapper.PortMapper
 	driver        *driver // The network's driver
 	iptCleanFuncs iptablesCleanFuncs
 	sync.Mutex
 }
 
 type driver struct {
-	config          *configuration
-	network         *bridgeNetwork
-	natChain        *iptables.ChainInfo
-	filterChain     *iptables.ChainInfo
-	isolationChain1 *iptables.ChainInfo
-	isolationChain2 *iptables.ChainInfo
-	networks        map[string]*bridgeNetwork
-	store           datastore.DataStore
-	nlh             *netlink.Handle
-	configNetwork   sync.Mutex
+	config            *configuration
+	natChain          *iptables.ChainInfo
+	filterChain       *iptables.ChainInfo
+	isolationChain1   *iptables.ChainInfo
+	isolationChain2   *iptables.ChainInfo
+	natChainV6        *iptables.ChainInfo
+	filterChainV6     *iptables.ChainInfo
+	isolationChain1V6 *iptables.ChainInfo
+	isolationChain2V6 *iptables.ChainInfo
+	networks          map[string]*bridgeNetwork
+	store             datastore.DataStore
+	nlh               *netlink.Handle
+	configNetwork     sync.Mutex
 	sync.Mutex
 }
 
@@ -243,6 +252,10 @@ func (c *networkConfiguration) fromLabels(labels map[string]string) error {
 			if c.EnableICC, err = strconv.ParseBool(value); err != nil {
 				return parseErr(label, value, err.Error())
 			}
+		case InhibitIPv4:
+			if c.InhibitIPv4, err = strconv.ParseBool(value); err != nil {
+				return parseErr(label, value, err.Error())
+			}
 		case DefaultBridge:
 			if c.DefaultBridge, err = strconv.ParseBool(value); err != nil {
 				return parseErr(label, value, err.Error())
@@ -253,6 +266,10 @@ func (c *networkConfiguration) fromLabels(labels map[string]string) error {
 			}
 		case netlabel.ContainerIfacePrefix:
 			c.ContainerIfacePrefix = value
+		case netlabel.HostIP:
+			if c.HostIP = net.ParseIP(value); c.HostIP == nil {
+				return parseErr(label, value, "nil ip")
+			}
 		}
 	}
 
@@ -267,7 +284,7 @@ func (n *bridgeNetwork) registerIptCleanFunc(clean iptableCleanFunc) {
 	n.iptCleanFuncs = append(n.iptCleanFuncs, clean)
 }
 
-func (n *bridgeNetwork) getDriverChains() (*iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, error) {
+func (n *bridgeNetwork) getDriverChains(version iptables.IPVersion) (*iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, error) {
 	n.Lock()
 	defer n.Unlock()
 
@@ -275,6 +292,10 @@ func (n *bridgeNetwork) getDriverChains() (*iptables.ChainInfo, *iptables.ChainI
 		return nil, nil, nil, nil, types.BadRequestErrorf("no driver found")
 	}
 
+	if version == iptables.IPv6 {
+		return n.driver.natChainV6, n.driver.filterChainV6, n.driver.isolationChain1V6, n.driver.isolationChain2V6, nil
+	}
+
 	return n.driver.natChain, n.driver.filterChain, n.driver.isolationChain1, n.driver.isolationChain2, nil
 }
 
@@ -303,7 +324,7 @@ func (n *bridgeNetwork) getEndpoint(eid string) (*bridgeEndpoint, error) {
 
 // Install/Removes the iptables rules needed to isolate this network
 // from each of the other networks
-func (n *bridgeNetwork) isolateNetwork(others []*bridgeNetwork, enable bool) error {
+func (n *bridgeNetwork) isolateNetwork(enable bool) error {
 	n.Lock()
 	thisConfig := n.config
 	n.Unlock()
@@ -313,17 +334,31 @@ func (n *bridgeNetwork) isolateNetwork(others []*bridgeNetwork, enable bool) err
 	}
 
 	// Install the rules to isolate this network against each of the other networks
-	return setINC(thisConfig.BridgeName, enable)
+	if n.driver.config.EnableIP6Tables {
+		err := setINC(iptables.IPv6, thisConfig.BridgeName, enable)
+		if err != nil {
+			return err
+		}
+	}
+
+	if n.driver.config.EnableIPTables {
+		return setINC(iptables.IPv4, thisConfig.BridgeName, enable)
+	}
+	return nil
 }
 
 func (d *driver) configure(option map[string]interface{}) error {
 	var (
-		config          *configuration
-		err             error
-		natChain        *iptables.ChainInfo
-		filterChain     *iptables.ChainInfo
-		isolationChain1 *iptables.ChainInfo
-		isolationChain2 *iptables.ChainInfo
+		config            *configuration
+		err               error
+		natChain          *iptables.ChainInfo
+		filterChain       *iptables.ChainInfo
+		isolationChain1   *iptables.ChainInfo
+		isolationChain2   *iptables.ChainInfo
+		natChainV6        *iptables.ChainInfo
+		filterChainV6     *iptables.ChainInfo
+		isolationChain1V6 *iptables.ChainInfo
+		isolationChain2V6 *iptables.ChainInfo
 	)
 
 	genericData, ok := option[netlabel.GenericData]
@@ -344,23 +379,50 @@ func (d *driver) configure(option map[string]interface{}) error {
 		return &ErrInvalidDriverConfig{}
 	}
 
-	if config.EnableIPTables {
+	if config.EnableIPTables || config.EnableIP6Tables {
 		if _, err := os.Stat("/proc/sys/net/bridge"); err != nil {
 			if out, err := exec.Command("modprobe", "-va", "bridge", "br_netfilter").CombinedOutput(); err != nil {
 				logrus.Warnf("Running modprobe bridge br_netfilter failed with message: %s, error: %v", out, err)
 			}
 		}
-		removeIPChains()
-		natChain, filterChain, isolationChain1, isolationChain2, err = setupIPChains(config)
+	}
+
+	if config.EnableIPTables {
+		removeIPChains(iptables.IPv4)
+
+		natChain, filterChain, isolationChain1, isolationChain2, err = setupIPChains(config, iptables.IPv4)
+		if err != nil {
+			return err
+		}
+
+		// Make sure on firewall reload, first thing being re-played is chains creation
+		iptables.OnReloaded(func() {
+			logrus.Debugf("Recreating iptables chains on firewall reload")
+			if _, _, _, _, err := setupIPChains(config, iptables.IPv4); err != nil {
+				logrus.WithError(err).Error("Error reloading iptables chains")
+			}
+		})
+	}
+
+	if config.EnableIP6Tables {
+		removeIPChains(iptables.IPv6)
+
+		natChainV6, filterChainV6, isolationChain1V6, isolationChain2V6, err = setupIPChains(config, iptables.IPv6)
 		if err != nil {
 			return err
 		}
+
 		// Make sure on firewall reload, first thing being re-played is chains creation
-		iptables.OnReloaded(func() { logrus.Debugf("Recreating iptables chains on firewall reload"); setupIPChains(config) })
+		iptables.OnReloaded(func() {
+			logrus.Debugf("Recreating ip6tables chains on firewall reload")
+			if _, _, _, _, err := setupIPChains(config, iptables.IPv6); err != nil {
+				logrus.WithError(err).Error("Error reloading ip6tables chains")
+			}
+		})
 	}
 
 	if config.EnableIPForwarding {
-		err = setupIPForwarding(config.EnableIPTables)
+		err = setupIPForwarding(config.EnableIPTables, config.EnableIP6Tables)
 		if err != nil {
 			logrus.Warn(err)
 			return err
@@ -372,6 +434,10 @@ func (d *driver) configure(option map[string]interface{}) error {
 	d.filterChain = filterChain
 	d.isolationChain1 = isolationChain1
 	d.isolationChain2 = isolationChain2
+	d.natChainV6 = natChainV6
+	d.filterChainV6 = filterChainV6
+	d.isolationChain1V6 = isolationChain1V6
+	d.isolationChain2V6 = isolationChain2V6
 	d.config = config
 	d.Unlock()
 
@@ -486,7 +552,7 @@ func parseNetworkOptions(id string, option options.Generic) (*networkConfigurati
 		return nil, err
 	}
 
-	if config.BridgeName == "" && config.DefaultBridge == false {
+	if config.BridgeName == "" && !config.DefaultBridge {
 		config.BridgeName = "br-" + id[:12]
 	}
 
@@ -505,18 +571,6 @@ func parseNetworkOptions(id string, option options.Generic) (*networkConfigurati
 	return config, nil
 }
 
-// Returns the non link-local IPv6 subnet for the containers attached to this bridge if found, nil otherwise
-func getV6Network(config *networkConfiguration, i *bridgeInterface) *net.IPNet {
-	if config.AddressIPv6 != nil {
-		return config.AddressIPv6
-	}
-	if i.bridgeIPv6 != nil && i.bridgeIPv6.IP != nil && !i.bridgeIPv6.IP.IsLinkLocalUnicast() {
-		return i.bridgeIPv6
-	}
-
-	return nil
-}
-
 // Return a slice of networks over which caller can iterate safely
 func (d *driver) getNetworks() []*bridgeNetwork {
 	d.Lock()
@@ -580,7 +634,9 @@ func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo d
 		}
 		// Got a conflict with a stale default network, clean that up and continue
 		logrus.Warn(nerr)
-		d.deleteNetwork(nerr.ID)
+		if err := d.deleteNetwork(nerr.ID); err != nil {
+			logrus.WithError(err).Debug("Error while cleaning up network on conflict")
+		}
 	}
 
 	// there is no conflict, now create the network
@@ -617,8 +673,6 @@ func (d *driver) checkConflict(config *networkConfiguration) error {
 func (d *driver) createNetwork(config *networkConfiguration) (err error) {
 	defer osl.InitOSContext()()
 
-	networkList := d.getNetworks()
-
 	// Initialize handle when needed
 	d.Lock()
 	if d.nlh == nil {
@@ -634,12 +688,13 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
 
 	// Create and set network handler in driver
 	network := &bridgeNetwork{
-		id:         config.ID,
-		endpoints:  make(map[string]*bridgeEndpoint),
-		config:     config,
-		portMapper: portmapper.New(d.config.UserlandProxyPath),
-		bridge:     bridgeIface,
-		driver:     d,
+		id:           config.ID,
+		endpoints:    make(map[string]*bridgeEndpoint),
+		config:       config,
+		portMapper:   portmapper.New(d.config.UserlandProxyPath),
+		portMapperV6: portmapper.New(d.config.UserlandProxyPath),
+		bridge:       bridgeIface,
+		driver:       d,
 	}
 
 	d.Lock()
@@ -657,16 +712,15 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
 
 	// Add inter-network communication rules.
 	setupNetworkIsolationRules := func(config *networkConfiguration, i *bridgeInterface) error {
-		if err := network.isolateNetwork(networkList, true); err != nil {
-			if err = network.isolateNetwork(networkList, false); err != nil {
+		if err := network.isolateNetwork(true); err != nil {
+			if err = network.isolateNetwork(false); err != nil {
 				logrus.Warnf("Failed on removing the inter-network iptables rules on cleanup: %v", err)
 			}
 			return err
 		}
 		// register the cleanup function
 		network.registerIptCleanFunc(func() error {
-			nwList := d.getNetworks()
-			return network.isolateNetwork(nwList, false)
+			return network.isolateNetwork(false)
 		})
 		return nil
 	}
@@ -679,6 +733,12 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
 	bridgeAlreadyExists := bridgeIface.exists()
 	if !bridgeAlreadyExists {
 		bridgeSetup.queueStep(setupDevice)
+		bridgeSetup.queueStep(setupDefaultSysctl)
+	}
+
+	// For the default bridge, set expected sysctls
+	if config.DefaultBridge {
+		bridgeSetup.queueStep(setupDefaultSysctl)
 	}
 
 	// Even if a bridge exists try to setup IPv4.
@@ -699,7 +759,7 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
 
 		// We ensure that the bridge has the expectedIPv4 and IPv6 addresses in
 		// the case of a previously existing device.
-		{bridgeAlreadyExists, setupVerifyAndReconcile},
+		{bridgeAlreadyExists && !config.InhibitIPv4, setupVerifyAndReconcile},
 
 		// Enable IPv6 Forwarding
 		{enableIPv6Forwarding, setupIPv6Forwarding},
@@ -708,11 +768,16 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
 		{!d.config.EnableUserlandProxy, setupLoopbackAddressesRouting},
 
 		// Setup IPTables.
-		{d.config.EnableIPTables, network.setupIPTables},
+		{d.config.EnableIPTables, network.setupIP4Tables},
+
+		// Setup IP6Tables.
+		{config.EnableIPv6 && d.config.EnableIP6Tables, network.setupIP6Tables},
 
-		//We want to track firewalld configuration so that
-		//if it is started/reloaded, the rules can be applied correctly
+		// We want to track firewalld configuration so that
+		// if it is started/reloaded, the rules can be applied correctly
 		{d.config.EnableIPTables, network.setupFirewalld},
+		// same for IPv6
+		{config.EnableIPv6 && d.config.EnableIP6Tables, network.setupFirewalld6},
 
 		// Setup DefaultGatewayIPv4
 		{config.DefaultGatewayIPv4 != nil, setupGatewayIPv4},
@@ -723,7 +788,7 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
 		// Add inter-network communication rules.
 		{d.config.EnableIPTables, setupNetworkIsolationRules},
 
-		//Configure bridge networking filtering if ICC is off and IP tables are enabled
+		// Configure bridge networking filtering if ICC is off and IP tables are enabled
 		{!config.EnableICC && d.config.EnableIPTables, setupBridgeNetFiltering},
 	} {
 		if step.Condition {
@@ -862,7 +927,7 @@ func setHairpinMode(nlh *netlink.Handle, link netlink.Link, enable bool) error {
 		val = []byte{'0', '\n'}
 	}
 
-	if err := ioutil.WriteFile(path, val, 0644); err != nil {
+	if err := os.WriteFile(path, val, 0644); err != nil {
 		return fmt.Errorf("unable to set hairpin mode on %s via sysfs: %v", link.Attrs().Name, err)
 	}
 
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge_store.go b/libnetwork/drivers/bridge/bridge_store.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/drivers/bridge/bridge_store.go
rename to libnetwork/drivers/bridge/bridge_store.go
index 2988c34fa58bf..7578f964b9d4e 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge_store.go
+++ b/libnetwork/drivers/bridge/bridge_store.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package bridge
 
 import (
@@ -5,10 +8,10 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -137,10 +140,12 @@ func (ncfg *networkConfiguration) MarshalJSON() ([]byte, error) {
 	nMap["EnableIPv6"] = ncfg.EnableIPv6
 	nMap["EnableIPMasquerade"] = ncfg.EnableIPMasquerade
 	nMap["EnableICC"] = ncfg.EnableICC
+	nMap["InhibitIPv4"] = ncfg.InhibitIPv4
 	nMap["Mtu"] = ncfg.Mtu
 	nMap["Internal"] = ncfg.Internal
 	nMap["DefaultBridge"] = ncfg.DefaultBridge
 	nMap["DefaultBindingIP"] = ncfg.DefaultBindingIP.String()
+	nMap["HostIP"] = ncfg.HostIP.String()
 	nMap["DefaultGatewayIPv4"] = ncfg.DefaultGatewayIPv4.String()
 	nMap["DefaultGatewayIPv6"] = ncfg.DefaultGatewayIPv6.String()
 	nMap["ContainerIfacePrefix"] = ncfg.ContainerIfacePrefix
@@ -183,6 +188,10 @@ func (ncfg *networkConfiguration) UnmarshalJSON(b []byte) error {
 		ncfg.ContainerIfacePrefix = v.(string)
 	}
 
+	if v, ok := nMap["HostIP"]; ok {
+		ncfg.HostIP = net.ParseIP(v.(string))
+	}
+
 	ncfg.DefaultBridge = nMap["DefaultBridge"].(bool)
 	ncfg.DefaultBindingIP = net.ParseIP(nMap["DefaultBindingIP"].(string))
 	ncfg.DefaultGatewayIPv4 = net.ParseIP(nMap["DefaultGatewayIPv4"].(string))
@@ -192,6 +201,10 @@ func (ncfg *networkConfiguration) UnmarshalJSON(b []byte) error {
 	ncfg.EnableIPv6 = nMap["EnableIPv6"].(bool)
 	ncfg.EnableIPMasquerade = nMap["EnableIPMasquerade"].(bool)
 	ncfg.EnableICC = nMap["EnableICC"].(bool)
+	if v, ok := nMap["InhibitIPv4"]; ok {
+		ncfg.InhibitIPv4 = v.(bool)
+	}
+
 	ncfg.Mtu = int(nMap["Mtu"].(float64))
 	if v, ok := nMap["Internal"]; ok {
 		ncfg.Internal = v.(bool)
diff --git a/libnetwork/drivers/bridge/bridge_test.go b/libnetwork/drivers/bridge/bridge_test.go
new file mode 100644
index 0000000000000..c4ada1630ada1
--- /dev/null
+++ b/libnetwork/drivers/bridge/bridge_test.go
@@ -0,0 +1,1136 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net"
+	"regexp"
+	"strconv"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/vishvananda/netlink"
+)
+
+func TestEndpointMarshalling(t *testing.T) {
+	ip1, _ := types.ParseCIDR("172.22.0.9/16")
+	ip2, _ := types.ParseCIDR("2001:db8::9")
+	mac, _ := net.ParseMAC("ac:bd:24:57:66:77")
+	e := &bridgeEndpoint{
+		id:         "d2c015a1fe5930650cbcd50493efba0500bcebd8ee1f4401a16319f8a567de33",
+		nid:        "ee33fbb43c323f1920b6b35a0101552ac22ede960d0e5245e9738bccc68b2415",
+		addr:       ip1,
+		addrv6:     ip2,
+		macAddress: mac,
+		srcName:    "veth123456",
+		config:     &endpointConfiguration{MacAddress: mac},
+		containerConfig: &containerConfiguration{
+			ParentEndpoints: []string{"one", "due", "three"},
+			ChildEndpoints:  []string{"four", "five", "six"},
+		},
+		extConnConfig: &connectivityConfiguration{
+			ExposedPorts: []types.TransportPort{
+				{
+					Proto: 6,
+					Port:  uint16(18),
+				},
+			},
+			PortBindings: []types.PortBinding{
+				{
+					Proto:       6,
+					IP:          net.ParseIP("17210.33.9.56"),
+					Port:        uint16(18),
+					HostPort:    uint16(3000),
+					HostPortEnd: uint16(14000),
+				},
+			},
+		},
+		portMapping: []types.PortBinding{
+			{
+				Proto:       17,
+				IP:          net.ParseIP("172.33.9.56"),
+				Port:        uint16(99),
+				HostIP:      net.ParseIP("10.10.100.2"),
+				HostPort:    uint16(9900),
+				HostPortEnd: uint16(10000),
+			},
+			{
+				Proto:       6,
+				IP:          net.ParseIP("171.33.9.56"),
+				Port:        uint16(55),
+				HostIP:      net.ParseIP("10.11.100.2"),
+				HostPort:    uint16(5500),
+				HostPortEnd: uint16(55000),
+			},
+		},
+	}
+
+	b, err := json.Marshal(e)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ee := &bridgeEndpoint{}
+	err = json.Unmarshal(b, ee)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if e.id != ee.id || e.nid != ee.nid || e.srcName != ee.srcName || !bytes.Equal(e.macAddress, ee.macAddress) ||
+		!types.CompareIPNet(e.addr, ee.addr) || !types.CompareIPNet(e.addrv6, ee.addrv6) ||
+		!compareEpConfig(e.config, ee.config) ||
+		!compareContainerConfig(e.containerConfig, ee.containerConfig) ||
+		!compareConnConfig(e.extConnConfig, ee.extConnConfig) ||
+		!compareBindings(e.portMapping, ee.portMapping) {
+		t.Fatalf("JSON marsh/unmarsh failed.\nOriginal:\n%#v\nDecoded:\n%#v", e, ee)
+	}
+}
+
+func compareEpConfig(a, b *endpointConfiguration) bool {
+	if a == b {
+		return true
+	}
+	if a == nil || b == nil {
+		return false
+	}
+	return bytes.Equal(a.MacAddress, b.MacAddress)
+}
+
+func compareContainerConfig(a, b *containerConfiguration) bool {
+	if a == b {
+		return true
+	}
+	if a == nil || b == nil {
+		return false
+	}
+	if len(a.ParentEndpoints) != len(b.ParentEndpoints) ||
+		len(a.ChildEndpoints) != len(b.ChildEndpoints) {
+		return false
+	}
+	for i := 0; i < len(a.ParentEndpoints); i++ {
+		if a.ParentEndpoints[i] != b.ParentEndpoints[i] {
+			return false
+		}
+	}
+	for i := 0; i < len(a.ChildEndpoints); i++ {
+		if a.ChildEndpoints[i] != b.ChildEndpoints[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func compareConnConfig(a, b *connectivityConfiguration) bool {
+	if a == b {
+		return true
+	}
+	if a == nil || b == nil {
+		return false
+	}
+	if len(a.ExposedPorts) != len(b.ExposedPorts) ||
+		len(a.PortBindings) != len(b.PortBindings) {
+		return false
+	}
+	for i := 0; i < len(a.ExposedPorts); i++ {
+		if !a.ExposedPorts[i].Equal(&b.ExposedPorts[i]) {
+			return false
+		}
+	}
+	for i := 0; i < len(a.PortBindings); i++ {
+		if !a.PortBindings[i].Equal(&b.PortBindings[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+func compareBindings(a, b []types.PortBinding) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	for i := 0; i < len(a); i++ {
+		if !a[i].Equal(&b[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+func getIPv4Data(t *testing.T, iface string) []driverapi.IPAMData {
+	ipd := driverapi.IPAMData{AddressSpace: "full"}
+	nws, _, err := netutils.ElectInterfaceAddresses(iface)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ipd.Pool = nws[0]
+	// Set network gateway to X.X.X.1
+	ipd.Gateway = types.GetIPNetCopy(nws[0])
+	ipd.Gateway.IP[len(ipd.Gateway.IP)-1] = 1
+	return []driverapi.IPAMData{ipd}
+}
+
+func TestCreateFullOptions(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+	d := newDriver()
+
+	config := &configuration{
+		EnableIPForwarding: true,
+		EnableIPTables:     true,
+	}
+
+	// Test this scenario: Default gw address does not belong to
+	// container network and it's greater than bridge address
+	cnw, _ := types.ParseCIDR("172.16.122.0/24")
+	bnw, _ := types.ParseCIDR("172.16.0.0/24")
+	br, _ := types.ParseCIDR("172.16.0.1/16")
+	defgw, _ := types.ParseCIDR("172.16.0.100/16")
+
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	if err := d.configure(genericOption); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	netOption := make(map[string]interface{})
+	netOption[netlabel.EnableIPv6] = true
+	netOption[netlabel.GenericData] = &networkConfiguration{
+		BridgeName: DefaultBridgeName,
+	}
+
+	ipdList := []driverapi.IPAMData{
+		{
+			Pool:         bnw,
+			Gateway:      br,
+			AuxAddresses: map[string]*net.IPNet{DefaultGatewayV4AuxKey: defgw},
+		},
+	}
+	err := d.CreateNetwork("dummy", netOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	// Verify the IP address allocated for the endpoint belongs to the container network
+	epOptions := make(map[string]interface{})
+	te := newTestEndpoint(cnw, 10)
+	err = d.CreateEndpoint("dummy", "ep1", te.Interface(), epOptions)
+	if err != nil {
+		t.Fatalf("Failed to create an endpoint : %s", err.Error())
+	}
+
+	if !cnw.Contains(te.Interface().Address().IP) {
+		t.Fatalf("endpoint got assigned address outside of container network(%s): %s", cnw.String(), te.Interface().Address())
+	}
+}
+
+func TestCreateNoConfig(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+	d := newDriver()
+
+	netconfig := &networkConfiguration{BridgeName: DefaultBridgeName}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = netconfig
+
+	if err := d.CreateNetwork("dummy", genericOption, nil, getIPv4Data(t, ""), nil); err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+}
+
+func TestCreateFullOptionsLabels(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+	d := newDriver()
+
+	config := &configuration{
+		EnableIPForwarding: true,
+	}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	if err := d.configure(genericOption); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	bndIPs := "127.0.0.1"
+	testHostIP := "1.2.3.4"
+	nwV6s := "2001:db8:2600:2700:2800::/80"
+	gwV6s := "2001:db8:2600:2700:2800::25/80"
+	nwV6, _ := types.ParseCIDR(nwV6s)
+	gwV6, _ := types.ParseCIDR(gwV6s)
+
+	labels := map[string]string{
+		BridgeName:         DefaultBridgeName,
+		DefaultBridge:      "true",
+		EnableICC:          "true",
+		EnableIPMasquerade: "true",
+		DefaultBindingIP:   bndIPs,
+		netlabel.HostIP:    testHostIP,
+	}
+
+	netOption := make(map[string]interface{})
+	netOption[netlabel.EnableIPv6] = true
+	netOption[netlabel.GenericData] = labels
+
+	ipdList := getIPv4Data(t, "")
+	ipd6List := []driverapi.IPAMData{
+		{
+			Pool: nwV6,
+			AuxAddresses: map[string]*net.IPNet{
+				DefaultGatewayV6AuxKey: gwV6,
+			},
+		},
+	}
+
+	err := d.CreateNetwork("dummy", netOption, nil, ipdList, ipd6List)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	nw, ok := d.networks["dummy"]
+	if !ok {
+		t.Fatal("Cannot find dummy network in bridge driver")
+	}
+
+	if nw.config.BridgeName != DefaultBridgeName {
+		t.Fatal("incongruent name in bridge network")
+	}
+
+	if !nw.config.EnableIPv6 {
+		t.Fatal("incongruent EnableIPv6 in bridge network")
+	}
+
+	if !nw.config.EnableICC {
+		t.Fatal("incongruent EnableICC in bridge network")
+	}
+
+	if !nw.config.EnableIPMasquerade {
+		t.Fatal("incongruent EnableIPMasquerade in bridge network")
+	}
+
+	bndIP := net.ParseIP(bndIPs)
+	if !bndIP.Equal(nw.config.DefaultBindingIP) {
+		t.Fatalf("Unexpected: %v", nw.config.DefaultBindingIP)
+	}
+
+	hostIP := net.ParseIP(testHostIP)
+	if !hostIP.Equal(nw.config.HostIP) {
+		t.Fatalf("Unexpected: %v", nw.config.HostIP)
+	}
+
+	if !types.CompareIPNet(nw.config.AddressIPv6, nwV6) {
+		t.Fatalf("Unexpected: %v", nw.config.AddressIPv6)
+	}
+
+	if !gwV6.IP.Equal(nw.config.DefaultGatewayIPv6) {
+		t.Fatalf("Unexpected: %v", nw.config.DefaultGatewayIPv6)
+	}
+
+	// In short here we are testing --fixed-cidr-v6 daemon option
+	// plus --mac-address run option
+	mac, _ := net.ParseMAC("aa:bb:cc:dd:ee:ff")
+	epOptions := map[string]interface{}{netlabel.MacAddress: mac}
+	te := newTestEndpoint(ipdList[0].Pool, 20)
+	err = d.CreateEndpoint("dummy", "ep1", te.Interface(), epOptions)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !nwV6.Contains(te.Interface().AddressIPv6().IP) {
+		t.Fatalf("endpoint got assigned address outside of container network(%s): %s", nwV6.String(), te.Interface().AddressIPv6())
+	}
+	if te.Interface().AddressIPv6().IP.String() != "2001:db8:2600:2700:2800:aabb:ccdd:eeff" {
+		t.Fatalf("Unexpected endpoint IPv6 address: %v", te.Interface().AddressIPv6().IP)
+	}
+}
+
+func TestCreate(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	netconfig := &networkConfiguration{BridgeName: DefaultBridgeName}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = netconfig
+
+	if err := d.CreateNetwork("dummy", genericOption, nil, getIPv4Data(t, ""), nil); err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	err := d.CreateNetwork("dummy", genericOption, nil, getIPv4Data(t, ""), nil)
+	if err == nil {
+		t.Fatal("Expected bridge driver to refuse creation of second network with default name")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatal("Creation of second network with default name failed with unexpected error type")
+	}
+}
+
+func TestCreateFail(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	netconfig := &networkConfiguration{BridgeName: "dummy0", DefaultBridge: true}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = netconfig
+
+	if err := d.CreateNetwork("dummy", genericOption, nil, getIPv4Data(t, ""), nil); err == nil {
+		t.Fatal("Bridge creation was expected to fail")
+	}
+}
+
+func TestCreateMultipleNetworks(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	d := newDriver()
+
+	config := &configuration{
+		EnableIPTables: true,
+	}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	if err := d.configure(genericOption); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	config1 := &networkConfiguration{BridgeName: "net_test_1"}
+	genericOption = make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config1
+	if err := d.CreateNetwork("1", genericOption, nil, getIPv4Data(t, ""), nil); err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	verifyV4INCEntries(d.networks, t)
+
+	config2 := &networkConfiguration{BridgeName: "net_test_2"}
+	genericOption[netlabel.GenericData] = config2
+	if err := d.CreateNetwork("2", genericOption, nil, getIPv4Data(t, ""), nil); err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	verifyV4INCEntries(d.networks, t)
+
+	config3 := &networkConfiguration{BridgeName: "net_test_3"}
+	genericOption[netlabel.GenericData] = config3
+	if err := d.CreateNetwork("3", genericOption, nil, getIPv4Data(t, ""), nil); err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	verifyV4INCEntries(d.networks, t)
+
+	config4 := &networkConfiguration{BridgeName: "net_test_4"}
+	genericOption[netlabel.GenericData] = config4
+	if err := d.CreateNetwork("4", genericOption, nil, getIPv4Data(t, ""), nil); err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	verifyV4INCEntries(d.networks, t)
+
+	if err := d.DeleteNetwork("1"); err != nil {
+		t.Log(err)
+	}
+	verifyV4INCEntries(d.networks, t)
+
+	if err := d.DeleteNetwork("2"); err != nil {
+		t.Log(err)
+	}
+	verifyV4INCEntries(d.networks, t)
+
+	if err := d.DeleteNetwork("3"); err != nil {
+		t.Log(err)
+	}
+	verifyV4INCEntries(d.networks, t)
+
+	if err := d.DeleteNetwork("4"); err != nil {
+		t.Log(err)
+	}
+	verifyV4INCEntries(d.networks, t)
+}
+
+// Verify the network isolation rules are installed for each network
+func verifyV4INCEntries(networks map[string]*bridgeNetwork, t *testing.T) {
+	iptable := iptables.GetIptable(iptables.IPv4)
+	out1, err := iptable.Raw("-S", IsolationChain1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	out2, err := iptable.Raw("-S", IsolationChain2)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, n := range networks {
+		re := regexp.MustCompile(fmt.Sprintf("-i %s ! -o %s -j %s", n.config.BridgeName, n.config.BridgeName, IsolationChain2))
+		matches := re.FindAllString(string(out1[:]), -1)
+		if len(matches) != 1 {
+			t.Fatalf("Cannot find expected inter-network isolation rules in IP Tables for network %s:\n%s.", n.id, string(out1[:]))
+		}
+		re = regexp.MustCompile(fmt.Sprintf("-o %s -j DROP", n.config.BridgeName))
+		matches = re.FindAllString(string(out2[:]), -1)
+		if len(matches) != 1 {
+			t.Fatalf("Cannot find expected inter-network isolation rules in IP Tables for network %s:\n%s.", n.id, string(out2[:]))
+		}
+	}
+}
+
+type testInterface struct {
+	mac     net.HardwareAddr
+	addr    *net.IPNet
+	addrv6  *net.IPNet
+	srcName string
+	dstName string
+}
+
+type testEndpoint struct {
+	iface  *testInterface
+	gw     net.IP
+	gw6    net.IP
+	routes []types.StaticRoute
+}
+
+func newTestEndpoint(nw *net.IPNet, ordinal byte) *testEndpoint {
+	addr := types.GetIPNetCopy(nw)
+	addr.IP[len(addr.IP)-1] = ordinal
+	return &testEndpoint{iface: &testInterface{addr: addr}}
+}
+
+func (te *testEndpoint) Interface() driverapi.InterfaceInfo {
+	if te.iface != nil {
+		return te.iface
+	}
+
+	return nil
+}
+
+func (i *testInterface) MacAddress() net.HardwareAddr {
+	return i.mac
+}
+
+func (i *testInterface) Address() *net.IPNet {
+	return i.addr
+}
+
+func (i *testInterface) AddressIPv6() *net.IPNet {
+	return i.addrv6
+}
+
+func (i *testInterface) SetMacAddress(mac net.HardwareAddr) error {
+	if i.mac != nil {
+		return types.ForbiddenErrorf("endpoint interface MAC address present (%s). Cannot be modified with %s.", i.mac, mac)
+	}
+	if mac == nil {
+		return types.BadRequestErrorf("tried to set nil MAC address to endpoint interface")
+	}
+	i.mac = types.GetMacCopy(mac)
+	return nil
+}
+
+func (i *testInterface) SetIPAddress(address *net.IPNet) error {
+	if address.IP == nil {
+		return types.BadRequestErrorf("tried to set nil IP address to endpoint interface")
+	}
+	if address.IP.To4() == nil {
+		return setAddress(&i.addrv6, address)
+	}
+	return setAddress(&i.addr, address)
+}
+
+func setAddress(ifaceAddr **net.IPNet, address *net.IPNet) error {
+	if *ifaceAddr != nil {
+		return types.ForbiddenErrorf("endpoint interface IP present (%s). Cannot be modified with (%s).", *ifaceAddr, address)
+	}
+	*ifaceAddr = types.GetIPNetCopy(address)
+	return nil
+}
+
+func (i *testInterface) SetNames(srcName string, dstName string) error {
+	i.srcName = srcName
+	i.dstName = dstName
+	return nil
+}
+
+func (te *testEndpoint) InterfaceName() driverapi.InterfaceNameInfo {
+	if te.iface != nil {
+		return te.iface
+	}
+
+	return nil
+}
+
+func (te *testEndpoint) SetGateway(gw net.IP) error {
+	te.gw = gw
+	return nil
+}
+
+func (te *testEndpoint) SetGatewayIPv6(gw6 net.IP) error {
+	te.gw6 = gw6
+	return nil
+}
+
+func (te *testEndpoint) AddStaticRoute(destination *net.IPNet, routeType int, nextHop net.IP) error {
+	te.routes = append(te.routes, types.StaticRoute{Destination: destination, RouteType: routeType, NextHop: nextHop})
+	return nil
+}
+
+func (te *testEndpoint) AddTableEntry(tableName string, key string, value []byte) error {
+	return nil
+}
+
+func (te *testEndpoint) DisableGatewayService() {}
+
+func TestQueryEndpointInfo(t *testing.T) {
+	testQueryEndpointInfo(t, true)
+}
+
+func TestQueryEndpointInfoHairpin(t *testing.T) {
+	testQueryEndpointInfo(t, false)
+}
+
+func testQueryEndpointInfo(t *testing.T, ulPxyEnabled bool) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+	d := newDriver()
+
+	config := &configuration{
+		EnableIPTables:      true,
+		EnableUserlandProxy: ulPxyEnabled,
+	}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	if err := d.configure(genericOption); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	netconfig := &networkConfiguration{
+		BridgeName: DefaultBridgeName,
+		EnableICC:  false,
+	}
+	genericOption = make(map[string]interface{})
+	genericOption[netlabel.GenericData] = netconfig
+
+	ipdList := getIPv4Data(t, "")
+	err := d.CreateNetwork("net1", genericOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	sbOptions := make(map[string]interface{})
+	sbOptions[netlabel.PortMap] = getPortMapping()
+
+	te := newTestEndpoint(ipdList[0].Pool, 11)
+	err = d.CreateEndpoint("net1", "ep1", te.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create an endpoint : %s", err.Error())
+	}
+
+	err = d.Join("net1", "ep1", "sbox", te, sbOptions)
+	if err != nil {
+		t.Fatalf("Failed to join the endpoint: %v", err)
+	}
+
+	err = d.ProgramExternalConnectivity("net1", "ep1", sbOptions)
+	if err != nil {
+		t.Fatalf("Failed to program external connectivity: %v", err)
+	}
+
+	network, ok := d.networks["net1"]
+	if !ok {
+		t.Fatalf("Cannot find network %s inside driver", "net1")
+	}
+	ep := network.endpoints["ep1"]
+	data, err := d.EndpointOperInfo(network.id, ep.id)
+	if err != nil {
+		t.Fatalf("Failed to ask for endpoint operational data:  %v", err)
+	}
+	pmd, ok := data[netlabel.PortMap]
+	if !ok {
+		t.Fatal("Endpoint operational data does not contain port mapping data")
+	}
+	pm, ok := pmd.([]types.PortBinding)
+	if !ok {
+		t.Fatal("Unexpected format for port mapping in endpoint operational data")
+	}
+	if len(ep.portMapping) != len(pm) {
+		t.Fatal("Incomplete data for port mapping in endpoint operational data")
+	}
+	for i, pb := range ep.portMapping {
+		if !pb.Equal(&pm[i]) {
+			t.Fatal("Unexpected data for port mapping in endpoint operational data")
+		}
+	}
+
+	err = d.RevokeExternalConnectivity("net1", "ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// release host mapped ports
+	err = d.Leave("net1", "ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func getExposedPorts() []types.TransportPort {
+	return []types.TransportPort{
+		{Proto: types.TCP, Port: uint16(5000)},
+		{Proto: types.UDP, Port: uint16(400)},
+		{Proto: types.TCP, Port: uint16(600)},
+	}
+}
+
+func getPortMapping() []types.PortBinding {
+	return []types.PortBinding{
+		{Proto: types.TCP, Port: uint16(230), HostPort: uint16(23000)},
+		{Proto: types.UDP, Port: uint16(200), HostPort: uint16(22000)},
+		{Proto: types.TCP, Port: uint16(120), HostPort: uint16(12000)},
+	}
+}
+
+func TestLinkContainers(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	d := newDriver()
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	config := &configuration{
+		EnableIPTables: true,
+	}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	if err := d.configure(genericOption); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	netconfig := &networkConfiguration{
+		BridgeName: DefaultBridgeName,
+		EnableICC:  false,
+	}
+	genericOption = make(map[string]interface{})
+	genericOption[netlabel.GenericData] = netconfig
+
+	ipdList := getIPv4Data(t, "")
+	err := d.CreateNetwork("net1", genericOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	te1 := newTestEndpoint(ipdList[0].Pool, 11)
+	err = d.CreateEndpoint("net1", "ep1", te1.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create an endpoint : %s", err.Error())
+	}
+
+	exposedPorts := getExposedPorts()
+	sbOptions := make(map[string]interface{})
+	sbOptions[netlabel.ExposedPorts] = exposedPorts
+
+	err = d.Join("net1", "ep1", "sbox", te1, sbOptions)
+	if err != nil {
+		t.Fatalf("Failed to join the endpoint: %v", err)
+	}
+
+	err = d.ProgramExternalConnectivity("net1", "ep1", sbOptions)
+	if err != nil {
+		t.Fatalf("Failed to program external connectivity: %v", err)
+	}
+
+	addr1 := te1.iface.addr
+	if addr1.IP.To4() == nil {
+		t.Fatal("No Ipv4 address assigned to the endpoint:  ep1")
+	}
+
+	te2 := newTestEndpoint(ipdList[0].Pool, 22)
+	err = d.CreateEndpoint("net1", "ep2", te2.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create an endpoint : %s", err.Error())
+	}
+
+	addr2 := te2.iface.addr
+	if addr2.IP.To4() == nil {
+		t.Fatal("No Ipv4 address assigned to the endpoint:  ep2")
+	}
+
+	sbOptions = make(map[string]interface{})
+	sbOptions[netlabel.GenericData] = options.Generic{
+		"ChildEndpoints": []string{"ep1"},
+	}
+
+	err = d.Join("net1", "ep2", "", te2, sbOptions)
+	if err != nil {
+		t.Fatal("Failed to link ep1 and ep2")
+	}
+
+	err = d.ProgramExternalConnectivity("net1", "ep2", sbOptions)
+	if err != nil {
+		t.Fatalf("Failed to program external connectivity: %v", err)
+	}
+
+	out, _ := iptable.Raw("-L", DockerChain)
+	for _, pm := range exposedPorts {
+		regex := fmt.Sprintf("%s dpt:%d", pm.Proto.String(), pm.Port)
+		re := regexp.MustCompile(regex)
+		matches := re.FindAllString(string(out[:]), -1)
+		if len(matches) != 1 {
+			t.Fatalf("IP Tables programming failed %s", string(out[:]))
+		}
+
+		regex = fmt.Sprintf("%s spt:%d", pm.Proto.String(), pm.Port)
+		matched, _ := regexp.MatchString(regex, string(out[:]))
+		if !matched {
+			t.Fatalf("IP Tables programming failed %s", string(out[:]))
+		}
+	}
+
+	err = d.RevokeExternalConnectivity("net1", "ep2")
+	if err != nil {
+		t.Fatalf("Failed to revoke external connectivity: %v", err)
+	}
+
+	err = d.Leave("net1", "ep2")
+	if err != nil {
+		t.Fatal("Failed to unlink ep1 and ep2")
+	}
+
+	out, _ = iptable.Raw("-L", DockerChain)
+	for _, pm := range exposedPorts {
+		regex := fmt.Sprintf("%s dpt:%d", pm.Proto.String(), pm.Port)
+		re := regexp.MustCompile(regex)
+		matches := re.FindAllString(string(out[:]), -1)
+		if len(matches) != 0 {
+			t.Fatalf("Leave should have deleted relevant IPTables rules  %s", string(out[:]))
+		}
+
+		regex = fmt.Sprintf("%s spt:%d", pm.Proto.String(), pm.Port)
+		matched, _ := regexp.MatchString(regex, string(out[:]))
+		if matched {
+			t.Fatalf("Leave should have deleted relevant IPTables rules  %s", string(out[:]))
+		}
+	}
+
+	// Error condition test with an invalid endpoint-id "ep4"
+	sbOptions = make(map[string]interface{})
+	sbOptions[netlabel.GenericData] = options.Generic{
+		"ChildEndpoints": []string{"ep1", "ep4"},
+	}
+
+	err = d.Join("net1", "ep2", "", te2, sbOptions)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = d.ProgramExternalConnectivity("net1", "ep2", sbOptions)
+	if err != nil {
+		out, _ = iptable.Raw("-L", DockerChain)
+		for _, pm := range exposedPorts {
+			regex := fmt.Sprintf("%s dpt:%d", pm.Proto.String(), pm.Port)
+			re := regexp.MustCompile(regex)
+			matches := re.FindAllString(string(out[:]), -1)
+			if len(matches) != 0 {
+				t.Fatalf("Error handling should rollback relevant IPTables rules  %s", string(out[:]))
+			}
+
+			regex = fmt.Sprintf("%s spt:%d", pm.Proto.String(), pm.Port)
+			matched, _ := regexp.MatchString(regex, string(out[:]))
+			if matched {
+				t.Fatalf("Error handling should rollback relevant IPTables rules  %s", string(out[:]))
+			}
+		}
+	} else {
+		t.Fatal("Expected Join to fail given link conditions are not satisfied")
+	}
+}
+
+func TestValidateConfig(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	// Test mtu
+	c := networkConfiguration{Mtu: -2}
+	err := c.Validate()
+	if err == nil {
+		t.Fatal("Failed to detect invalid MTU number")
+	}
+
+	c.Mtu = 9000
+	err = c.Validate()
+	if err != nil {
+		t.Fatal("unexpected validation error on MTU number")
+	}
+
+	// Bridge network
+	_, network, _ := net.ParseCIDR("172.28.0.0/16")
+	c = networkConfiguration{
+		AddressIPv4: network,
+	}
+
+	err = c.Validate()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Test v4 gw
+	c.DefaultGatewayIPv4 = net.ParseIP("172.27.30.234")
+	err = c.Validate()
+	if err == nil {
+		t.Fatal("Failed to detect invalid default gateway")
+	}
+
+	c.DefaultGatewayIPv4 = net.ParseIP("172.28.30.234")
+	err = c.Validate()
+	if err != nil {
+		t.Fatal("Unexpected validation error on default gateway")
+	}
+
+	// Test v6 gw
+	_, v6nw, _ := net.ParseCIDR("2001:db8:ae:b004::/64")
+	c = networkConfiguration{
+		EnableIPv6:         true,
+		AddressIPv6:        v6nw,
+		DefaultGatewayIPv6: net.ParseIP("2001:db8:ac:b004::bad:a55"),
+	}
+	err = c.Validate()
+	if err == nil {
+		t.Fatal("Failed to detect invalid v6 default gateway")
+	}
+
+	c.DefaultGatewayIPv6 = net.ParseIP("2001:db8:ae:b004::bad:a55")
+	err = c.Validate()
+	if err != nil {
+		t.Fatal("Unexpected validation error on v6 default gateway")
+	}
+
+	c.AddressIPv6 = nil
+	err = c.Validate()
+	if err == nil {
+		t.Fatal("Failed to detect invalid v6 default gateway")
+	}
+
+	c.AddressIPv6 = nil
+	err = c.Validate()
+	if err == nil {
+		t.Fatal("Failed to detect invalid v6 default gateway")
+	}
+}
+
+func TestSetDefaultGw(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	_, subnetv6, _ := net.ParseCIDR("2001:db8:ea9:9abc:b0c4::/80")
+
+	ipdList := getIPv4Data(t, "")
+	gw4 := types.GetIPCopy(ipdList[0].Pool.IP).To4()
+	gw4[3] = 254
+	gw6 := net.ParseIP("2001:db8:ea9:9abc:b0c4::254")
+
+	config := &networkConfiguration{
+		BridgeName:         DefaultBridgeName,
+		AddressIPv6:        subnetv6,
+		DefaultGatewayIPv4: gw4,
+		DefaultGatewayIPv6: gw6,
+	}
+
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.EnableIPv6] = true
+	genericOption[netlabel.GenericData] = config
+
+	err := d.CreateNetwork("dummy", genericOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	te := newTestEndpoint(ipdList[0].Pool, 10)
+	err = d.CreateEndpoint("dummy", "ep", te.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create endpoint: %v", err)
+	}
+
+	err = d.Join("dummy", "ep", "sbox", te, nil)
+	if err != nil {
+		t.Fatalf("Failed to join endpoint: %v", err)
+	}
+
+	if !gw4.Equal(te.gw) {
+		t.Fatalf("Failed to configure default gateway. Expected %v. Found %v", gw4, te.gw)
+	}
+
+	if !gw6.Equal(te.gw6) {
+		t.Fatalf("Failed to configure default gateway. Expected %v. Found %v", gw6, te.gw6)
+	}
+}
+
+func TestCleanupIptableRules(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+	bridgeChain := []iptables.ChainInfo{
+		{Name: DockerChain, Table: iptables.Nat},
+		{Name: DockerChain, Table: iptables.Filter},
+		{Name: IsolationChain1, Table: iptables.Filter},
+	}
+
+	ipVersions := []iptables.IPVersion{iptables.IPv4, iptables.IPv6}
+
+	for _, version := range ipVersions {
+		if _, _, _, _, err := setupIPChains(&configuration{EnableIPTables: true}, version); err != nil {
+			t.Fatalf("Error setting up ip chains for %s: %v", version, err)
+		}
+
+		iptable := iptables.GetIptable(version)
+		for _, chainInfo := range bridgeChain {
+			if !iptable.ExistChain(chainInfo.Name, chainInfo.Table) {
+				t.Fatalf("iptables version %s chain %s of %s table should have been created", version, chainInfo.Name, chainInfo.Table)
+			}
+		}
+		removeIPChains(version)
+		for _, chainInfo := range bridgeChain {
+			if iptable.ExistChain(chainInfo.Name, chainInfo.Table) {
+				t.Fatalf("iptables version %s chain %s of %s table should have been deleted", version, chainInfo.Name, chainInfo.Table)
+			}
+		}
+	}
+}
+
+func TestCreateWithExistingBridge(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	brName := "br111"
+	br := &netlink.Bridge{
+		LinkAttrs: netlink.LinkAttrs{
+			Name: brName,
+		},
+	}
+	if err := netlink.LinkAdd(br); err != nil {
+		t.Fatalf("Failed to create bridge interface: %v", err)
+	}
+	defer netlink.LinkDel(br)
+	if err := netlink.LinkSetUp(br); err != nil {
+		t.Fatalf("Failed to set bridge interface up: %v", err)
+	}
+
+	ip := net.IP{192, 168, 122, 1}
+	addr := &netlink.Addr{IPNet: &net.IPNet{
+		IP:   ip,
+		Mask: net.IPv4Mask(255, 255, 255, 0),
+	}}
+	if err := netlink.AddrAdd(br, addr); err != nil {
+		t.Fatalf("Failed to add IP address to bridge: %v", err)
+	}
+
+	netconfig := &networkConfiguration{BridgeName: brName}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = netconfig
+
+	if err := d.CreateNetwork(brName, genericOption, nil, getIPv4Data(t, brName), nil); err != nil {
+		t.Fatalf("Failed to create bridge network: %v", err)
+	}
+
+	nw, err := d.getNetwork(brName)
+	if err != nil {
+		t.Fatalf("Failed to getNetwork(%s): %v", brName, err)
+	}
+
+	addrs4, _, err := nw.bridge.addresses()
+	if err != nil {
+		t.Fatalf("Failed to get the bridge network's address: %v", err)
+	}
+
+	if !addrs4[0].IP.Equal(ip) {
+		t.Fatal("Creating bridge network with existing bridge interface unexpectedly modified the IP address of the bridge")
+	}
+
+	if err := d.DeleteNetwork(brName); err != nil {
+		t.Fatalf("Failed to delete network %s: %v", brName, err)
+	}
+
+	if _, err := netlink.LinkByName(brName); err != nil {
+		t.Fatal("Deleting bridge network that using existing bridge interface unexpectedly deleted the bridge interface")
+	}
+}
+
+func TestCreateParallel(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	ch := make(chan error, 100)
+	for i := 0; i < 100; i++ {
+		go func(name string, ch chan<- error) {
+			config := &networkConfiguration{BridgeName: name}
+			genericOption := make(map[string]interface{})
+			genericOption[netlabel.GenericData] = config
+			if err := d.CreateNetwork(name, genericOption, nil, getIPv4Data(t, "docker0"), nil); err != nil {
+				ch <- fmt.Errorf("failed to create %s", name)
+				return
+			}
+			if err := d.CreateNetwork(name, genericOption, nil, getIPv4Data(t, "docker0"), nil); err == nil {
+				ch <- fmt.Errorf("failed was able to create overlap %s", name)
+				return
+			}
+			ch <- nil
+		}("net"+strconv.Itoa(i), ch)
+	}
+	// wait for the go routines
+	var success int
+	for i := 0; i < 100; i++ {
+		val := <-ch
+		if val == nil {
+			success++
+		}
+	}
+	if success != 1 {
+		t.Fatalf("Success should be 1 instead: %d", success)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/brmanager/brmanager.go b/libnetwork/drivers/bridge/brmanager/brmanager.go
similarity index 93%
rename from vendor/github.com/docker/libnetwork/drivers/bridge/brmanager/brmanager.go
rename to libnetwork/drivers/bridge/brmanager/brmanager.go
index 74bb95c001806..1bcddee85f580 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/brmanager/brmanager.go
+++ b/libnetwork/drivers/bridge/brmanager/brmanager.go
@@ -1,10 +1,10 @@
 package brmanager
 
 import (
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 const networkType = "bridge"
diff --git a/libnetwork/drivers/bridge/errors.go b/libnetwork/drivers/bridge/errors.go
new file mode 100644
index 0000000000000..5cb0692b564d0
--- /dev/null
+++ b/libnetwork/drivers/bridge/errors.go
@@ -0,0 +1,344 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"fmt"
+	"net"
+)
+
+// ErrConfigExists error is returned when driver already has a config applied.
+type ErrConfigExists struct{}
+
+func (ece *ErrConfigExists) Error() string {
+	return "configuration already exists, bridge configuration can be applied only once"
+}
+
+// Forbidden denotes the type of this error
+func (ece *ErrConfigExists) Forbidden() {}
+
+// ErrInvalidDriverConfig error is returned when Bridge Driver is passed an invalid config
+type ErrInvalidDriverConfig struct{}
+
+func (eidc *ErrInvalidDriverConfig) Error() string {
+	return "Invalid configuration passed to Bridge Driver"
+}
+
+// BadRequest denotes the type of this error
+func (eidc *ErrInvalidDriverConfig) BadRequest() {}
+
+// ErrInvalidNetworkConfig error is returned when a network is created on a driver without valid config.
+type ErrInvalidNetworkConfig struct{}
+
+func (einc *ErrInvalidNetworkConfig) Error() string {
+	return "trying to create a network on a driver without valid config"
+}
+
+// Forbidden denotes the type of this error
+func (einc *ErrInvalidNetworkConfig) Forbidden() {}
+
+// ErrInvalidContainerConfig error is returned when an endpoint create is attempted with an invalid configuration.
+type ErrInvalidContainerConfig struct{}
+
+func (eicc *ErrInvalidContainerConfig) Error() string {
+	return "Error in joining a container due to invalid configuration"
+}
+
+// BadRequest denotes the type of this error
+func (eicc *ErrInvalidContainerConfig) BadRequest() {}
+
+// ErrInvalidEndpointConfig error is returned when an endpoint create is attempted with an invalid endpoint configuration.
+type ErrInvalidEndpointConfig struct{}
+
+func (eiec *ErrInvalidEndpointConfig) Error() string {
+	return "trying to create an endpoint with an invalid endpoint configuration"
+}
+
+// BadRequest denotes the type of this error
+func (eiec *ErrInvalidEndpointConfig) BadRequest() {}
+
+// ErrNetworkExists error is returned when a network already exists and another network is created.
+type ErrNetworkExists struct{}
+
+func (ene *ErrNetworkExists) Error() string {
+	return "network already exists, bridge can only have one network"
+}
+
+// Forbidden denotes the type of this error
+func (ene *ErrNetworkExists) Forbidden() {}
+
+// ErrIfaceName error is returned when a new name could not be generated.
+type ErrIfaceName struct{}
+
+func (ein *ErrIfaceName) Error() string {
+	return "failed to find name for new interface"
+}
+
+// InternalError denotes the type of this error
+func (ein *ErrIfaceName) InternalError() {}
+
+// ErrNoIPAddr error is returned when bridge has no IPv4 address configured.
+type ErrNoIPAddr struct{}
+
+func (enip *ErrNoIPAddr) Error() string {
+	return "bridge has no IPv4 address configured"
+}
+
+// InternalError denotes the type of this error
+func (enip *ErrNoIPAddr) InternalError() {}
+
+// ErrInvalidGateway is returned when the user provided default gateway (v4/v6) is not not valid.
+type ErrInvalidGateway struct{}
+
+func (eig *ErrInvalidGateway) Error() string {
+	return "default gateway ip must be part of the network"
+}
+
+// BadRequest denotes the type of this error
+func (eig *ErrInvalidGateway) BadRequest() {}
+
+// ErrInvalidContainerSubnet is returned when the container subnet (FixedCIDR) is not valid.
+type ErrInvalidContainerSubnet struct{}
+
+func (eis *ErrInvalidContainerSubnet) Error() string {
+	return "container subnet must be a subset of bridge network"
+}
+
+// BadRequest denotes the type of this error
+func (eis *ErrInvalidContainerSubnet) BadRequest() {}
+
+// ErrInvalidMtu is returned when the user provided MTU is not valid.
+type ErrInvalidMtu int
+
+func (eim ErrInvalidMtu) Error() string {
+	return fmt.Sprintf("invalid MTU number: %d", int(eim))
+}
+
+// BadRequest denotes the type of this error
+func (eim ErrInvalidMtu) BadRequest() {}
+
+// ErrInvalidPort is returned when the container or host port specified in the port binding is not valid.
+type ErrInvalidPort string
+
+func (ip ErrInvalidPort) Error() string {
+	return fmt.Sprintf("invalid transport port: %s", string(ip))
+}
+
+// BadRequest denotes the type of this error
+func (ip ErrInvalidPort) BadRequest() {}
+
+// ErrUnsupportedAddressType is returned when the specified address type is not supported.
+type ErrUnsupportedAddressType string
+
+func (uat ErrUnsupportedAddressType) Error() string {
+	return fmt.Sprintf("unsupported address type: %s", string(uat))
+}
+
+// BadRequest denotes the type of this error
+func (uat ErrUnsupportedAddressType) BadRequest() {}
+
+// ErrInvalidAddressBinding is returned when the host address specified in the port binding is not valid.
+type ErrInvalidAddressBinding string
+
+func (iab ErrInvalidAddressBinding) Error() string {
+	return fmt.Sprintf("invalid host address in port binding: %s", string(iab))
+}
+
+// BadRequest denotes the type of this error
+func (iab ErrInvalidAddressBinding) BadRequest() {}
+
+// ActiveEndpointsError is returned when there are
+// still active endpoints in the network being deleted.
+type ActiveEndpointsError string
+
+func (aee ActiveEndpointsError) Error() string {
+	return fmt.Sprintf("network %s has active endpoint", string(aee))
+}
+
+// Forbidden denotes the type of this error
+func (aee ActiveEndpointsError) Forbidden() {}
+
+// InvalidNetworkIDError is returned when the passed
+// network id for an existing network is not a known id.
+type InvalidNetworkIDError string
+
+func (inie InvalidNetworkIDError) Error() string {
+	return fmt.Sprintf("invalid network id %s", string(inie))
+}
+
+// NotFound denotes the type of this error
+func (inie InvalidNetworkIDError) NotFound() {}
+
+// InvalidEndpointIDError is returned when the passed
+// endpoint id is not valid.
+type InvalidEndpointIDError string
+
+func (ieie InvalidEndpointIDError) Error() string {
+	return fmt.Sprintf("invalid endpoint id: %s", string(ieie))
+}
+
+// BadRequest denotes the type of this error
+func (ieie InvalidEndpointIDError) BadRequest() {}
+
+// InvalidSandboxIDError is returned when the passed
+// sandbox id is not valid.
+type InvalidSandboxIDError string
+
+func (isie InvalidSandboxIDError) Error() string {
+	return fmt.Sprintf("invalid sandbox id: %s", string(isie))
+}
+
+// BadRequest denotes the type of this error
+func (isie InvalidSandboxIDError) BadRequest() {}
+
+// EndpointNotFoundError is returned when the no endpoint
+// with the passed endpoint id is found.
+type EndpointNotFoundError string
+
+func (enfe EndpointNotFoundError) Error() string {
+	return fmt.Sprintf("endpoint not found: %s", string(enfe))
+}
+
+// NotFound denotes the type of this error
+func (enfe EndpointNotFoundError) NotFound() {}
+
+// NonDefaultBridgeExistError is returned when a non-default
+// bridge config is passed but it does not already exist.
+type NonDefaultBridgeExistError string
+
+func (ndbee NonDefaultBridgeExistError) Error() string {
+	return fmt.Sprintf("bridge device with non default name %s must be created manually", string(ndbee))
+}
+
+// Forbidden denotes the type of this error
+func (ndbee NonDefaultBridgeExistError) Forbidden() {}
+
+// NonDefaultBridgeNeedsIPError is returned when a non-default
+// bridge config is passed but it has no ip configured
+type NonDefaultBridgeNeedsIPError string
+
+func (ndbee NonDefaultBridgeNeedsIPError) Error() string {
+	return fmt.Sprintf("bridge device with non default name %s must have a valid IP address", string(ndbee))
+}
+
+// Forbidden denotes the type of this error
+func (ndbee NonDefaultBridgeNeedsIPError) Forbidden() {}
+
+// FixedCIDRv4Error is returned when fixed-cidrv4 configuration
+// failed.
+type FixedCIDRv4Error struct {
+	Net    *net.IPNet
+	Subnet *net.IPNet
+	Err    error
+}
+
+func (fcv4 *FixedCIDRv4Error) Error() string {
+	return fmt.Sprintf("setup FixedCIDRv4 failed for subnet %s in %s: %v", fcv4.Subnet, fcv4.Net, fcv4.Err)
+}
+
+// InternalError denotes the type of this error
+func (fcv4 *FixedCIDRv4Error) InternalError() {}
+
+// FixedCIDRv6Error is returned when fixed-cidrv6 configuration
+// failed.
+type FixedCIDRv6Error struct {
+	Net *net.IPNet
+	Err error
+}
+
+func (fcv6 *FixedCIDRv6Error) Error() string {
+	return fmt.Sprintf("setup FixedCIDRv6 failed for subnet %s in %s: %v", fcv6.Net, fcv6.Net, fcv6.Err)
+}
+
+// InternalError denotes the type of this error
+func (fcv6 *FixedCIDRv6Error) InternalError() {}
+
+// IPTableCfgError is returned when an unexpected ip tables configuration is entered
+type IPTableCfgError string
+
+func (name IPTableCfgError) Error() string {
+	return fmt.Sprintf("unexpected request to set IP tables for interface: %s", string(name))
+}
+
+// BadRequest denotes the type of this error
+func (name IPTableCfgError) BadRequest() {}
+
+// InvalidIPTablesCfgError is returned when an invalid ip tables configuration is entered
+type InvalidIPTablesCfgError string
+
+func (action InvalidIPTablesCfgError) Error() string {
+	return fmt.Sprintf("Invalid IPTables action '%s'", string(action))
+}
+
+// BadRequest denotes the type of this error
+func (action InvalidIPTablesCfgError) BadRequest() {}
+
+// IPv4AddrRangeError is returned when a valid IP address range couldn't be found.
+type IPv4AddrRangeError string
+
+func (name IPv4AddrRangeError) Error() string {
+	return fmt.Sprintf("can't find an address range for interface %q", string(name))
+}
+
+// BadRequest denotes the type of this error
+func (name IPv4AddrRangeError) BadRequest() {}
+
+// IPv4AddrAddError is returned when IPv4 address could not be added to the bridge.
+type IPv4AddrAddError struct {
+	IP  *net.IPNet
+	Err error
+}
+
+func (ipv4 *IPv4AddrAddError) Error() string {
+	return fmt.Sprintf("failed to add IPv4 address %s to bridge: %v", ipv4.IP, ipv4.Err)
+}
+
+// InternalError denotes the type of this error
+func (ipv4 *IPv4AddrAddError) InternalError() {}
+
+// IPv6AddrAddError is returned when IPv6 address could not be added to the bridge.
+type IPv6AddrAddError struct {
+	IP  *net.IPNet
+	Err error
+}
+
+func (ipv6 *IPv6AddrAddError) Error() string {
+	return fmt.Sprintf("failed to add IPv6 address %s to bridge: %v", ipv6.IP, ipv6.Err)
+}
+
+// InternalError denotes the type of this error
+func (ipv6 *IPv6AddrAddError) InternalError() {}
+
+// IPv4AddrNoMatchError is returned when the bridge's IPv4 address does not match configured.
+type IPv4AddrNoMatchError struct {
+	IP    net.IP
+	CfgIP net.IP
+}
+
+func (ipv4 *IPv4AddrNoMatchError) Error() string {
+	return fmt.Sprintf("bridge IPv4 (%s) does not match requested configuration %s", ipv4.IP, ipv4.CfgIP)
+}
+
+// BadRequest denotes the type of this error
+func (ipv4 *IPv4AddrNoMatchError) BadRequest() {}
+
+// IPv6AddrNoMatchError is returned when the bridge's IPv6 address does not match configured.
+type IPv6AddrNoMatchError net.IPNet
+
+func (ipv6 *IPv6AddrNoMatchError) Error() string {
+	return fmt.Sprintf("bridge IPv6 addresses do not match the expected bridge configuration %s", (*net.IPNet)(ipv6).String())
+}
+
+// BadRequest denotes the type of this error
+func (ipv6 *IPv6AddrNoMatchError) BadRequest() {}
+
+// InvalidLinkIPAddrError is returned when a link is configured to a container with an invalid ip address
+type InvalidLinkIPAddrError string
+
+func (address InvalidLinkIPAddrError) Error() string {
+	return fmt.Sprintf("Cannot link to a container with Invalid IP Address '%s'", string(address))
+}
+
+// BadRequest denotes the type of this error
+func (address InvalidLinkIPAddrError) BadRequest() {}
diff --git a/libnetwork/drivers/bridge/interface.go b/libnetwork/drivers/bridge/interface.go
new file mode 100644
index 0000000000000..1c53e38d9d640
--- /dev/null
+++ b/libnetwork/drivers/bridge/interface.go
@@ -0,0 +1,89 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/sirupsen/logrus"
+	"github.com/vishvananda/netlink"
+)
+
+const (
+	// DefaultBridgeName is the default name for the bridge interface managed
+	// by the driver when unspecified by the caller.
+	DefaultBridgeName = "docker0"
+)
+
+// Interface models the bridge network device.
+type bridgeInterface struct {
+	Link        netlink.Link
+	bridgeIPv4  *net.IPNet
+	bridgeIPv6  *net.IPNet
+	gatewayIPv4 net.IP
+	gatewayIPv6 net.IP
+	nlh         *netlink.Handle
+}
+
+// newInterface creates a new bridge interface structure. It attempts to find
+// an already existing device identified by the configuration BridgeName field,
+// or the default bridge name when unspecified, but doesn't attempt to create
+// one when missing
+func newInterface(nlh *netlink.Handle, config *networkConfiguration) (*bridgeInterface, error) {
+	var err error
+	i := &bridgeInterface{nlh: nlh}
+
+	// Initialize the bridge name to the default if unspecified.
+	if config.BridgeName == "" {
+		config.BridgeName = DefaultBridgeName
+	}
+
+	// Attempt to find an existing bridge named with the specified name.
+	i.Link, err = nlh.LinkByName(config.BridgeName)
+	if err != nil {
+		logrus.Debugf("Did not find any interface with name %s: %v", config.BridgeName, err)
+	} else if _, ok := i.Link.(*netlink.Bridge); !ok {
+		return nil, fmt.Errorf("existing interface %s is not a bridge", i.Link.Attrs().Name)
+	}
+	return i, nil
+}
+
+// exists indicates if the existing bridge interface exists on the system.
+func (i *bridgeInterface) exists() bool {
+	return i.Link != nil
+}
+
+// addresses returns all IPv4 addresses and all IPv6 addresses for the bridge interface.
+func (i *bridgeInterface) addresses() ([]netlink.Addr, []netlink.Addr, error) {
+	v4addr, err := i.nlh.AddrList(i.Link, netlink.FAMILY_V4)
+	if err != nil {
+		return nil, nil, fmt.Errorf("Failed to retrieve V4 addresses: %v", err)
+	}
+
+	v6addr, err := i.nlh.AddrList(i.Link, netlink.FAMILY_V6)
+	if err != nil {
+		return nil, nil, fmt.Errorf("Failed to retrieve V6 addresses: %v", err)
+	}
+
+	if len(v4addr) == 0 {
+		return nil, v6addr, nil
+	}
+	return v4addr, v6addr, nil
+}
+
+func (i *bridgeInterface) programIPv6Address() error {
+	_, nlAddressList, err := i.addresses()
+	if err != nil {
+		return &IPv6AddrAddError{IP: i.bridgeIPv6, Err: fmt.Errorf("failed to retrieve address list: %v", err)}
+	}
+	nlAddr := netlink.Addr{IPNet: i.bridgeIPv6}
+	if findIPv6Address(nlAddr, nlAddressList) {
+		return nil
+	}
+	if err := i.nlh.AddrAdd(i.Link, &nlAddr); err != nil {
+		return &IPv6AddrAddError{IP: i.bridgeIPv6, Err: err}
+	}
+	return nil
+}
diff --git a/libnetwork/drivers/bridge/interface_test.go b/libnetwork/drivers/bridge/interface_test.go
new file mode 100644
index 0000000000000..0d4e58bd2e717
--- /dev/null
+++ b/libnetwork/drivers/bridge/interface_test.go
@@ -0,0 +1,53 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/vishvananda/netlink"
+)
+
+func TestInterfaceDefaultName(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	config := &networkConfiguration{}
+	_, err = newInterface(nh, config)
+	if err != nil {
+		t.Fatalf("newInterface() failed: %v", err)
+	}
+
+	if config.BridgeName != DefaultBridgeName {
+		t.Fatalf("Expected default interface name %q, got %q", DefaultBridgeName, config.BridgeName)
+	}
+}
+
+func TestAddressesEmptyInterface(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	inf, err := newInterface(nh, &networkConfiguration{})
+	if err != nil {
+		t.Fatalf("newInterface() failed: %v", err)
+	}
+
+	addrsv4, addrsv6, err := inf.addresses()
+	if err != nil {
+		t.Fatalf("Failed to get addresses of default interface: %v", err)
+	}
+	if len(addrsv4) != 0 {
+		t.Fatalf("Default interface has unexpected IPv4: %s", addrsv4)
+	}
+	if len(addrsv6) != 0 {
+		t.Fatalf("Default interface has unexpected IPv6: %v", addrsv6)
+	}
+}
diff --git a/libnetwork/drivers/bridge/labels.go b/libnetwork/drivers/bridge/labels.go
new file mode 100644
index 0000000000000..b938a75477850
--- /dev/null
+++ b/libnetwork/drivers/bridge/labels.go
@@ -0,0 +1,21 @@
+package bridge
+
+const (
+	// BridgeName label for bridge driver
+	BridgeName = "com.docker.network.bridge.name"
+
+	// EnableIPMasquerade label for bridge driver
+	EnableIPMasquerade = "com.docker.network.bridge.enable_ip_masquerade"
+
+	// EnableICC label
+	EnableICC = "com.docker.network.bridge.enable_icc"
+
+	// InhibitIPv4 label
+	InhibitIPv4 = "com.docker.network.bridge.inhibit_ipv4"
+
+	// DefaultBindingIP label
+	DefaultBindingIP = "com.docker.network.bridge.host_binding_ipv4"
+
+	// DefaultBridge label
+	DefaultBridge = "com.docker.network.bridge.default_bridge"
+)
diff --git a/libnetwork/drivers/bridge/link.go b/libnetwork/drivers/bridge/link.go
new file mode 100644
index 0000000000000..7be183975af1c
--- /dev/null
+++ b/libnetwork/drivers/bridge/link.go
@@ -0,0 +1,88 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/sirupsen/logrus"
+)
+
+type link struct {
+	parentIP string
+	childIP  string
+	ports    []types.TransportPort
+	bridge   string
+}
+
+func (l *link) String() string {
+	return fmt.Sprintf("%s <-> %s [%v] on %s", l.parentIP, l.childIP, l.ports, l.bridge)
+}
+
+func newLink(parentIP, childIP string, ports []types.TransportPort, bridge string) *link {
+	return &link{
+		childIP:  childIP,
+		parentIP: parentIP,
+		ports:    ports,
+		bridge:   bridge,
+	}
+
+}
+
+func (l *link) Enable() error {
+	// -A == iptables append flag
+	linkFunction := func() error {
+		return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false)
+	}
+
+	iptables.OnReloaded(func() { linkFunction() })
+	return linkFunction()
+}
+
+func (l *link) Disable() {
+	// -D == iptables delete flag
+	err := linkContainers("-D", l.parentIP, l.childIP, l.ports, l.bridge, true)
+	if err != nil {
+		logrus.Errorf("Error removing IPTables rules for a link %s due to %s", l.String(), err.Error())
+	}
+	// Return proper error once we move to use a proper iptables package
+	// that returns typed errors
+}
+
+func linkContainers(action, parentIP, childIP string, ports []types.TransportPort, bridge string,
+	ignoreErrors bool) error {
+	var nfAction iptables.Action
+
+	switch action {
+	case "-A":
+		nfAction = iptables.Append
+	case "-I":
+		nfAction = iptables.Insert
+	case "-D":
+		nfAction = iptables.Delete
+	default:
+		return InvalidIPTablesCfgError(action)
+	}
+
+	ip1 := net.ParseIP(parentIP)
+	if ip1 == nil {
+		return InvalidLinkIPAddrError(parentIP)
+	}
+	ip2 := net.ParseIP(childIP)
+	if ip2 == nil {
+		return InvalidLinkIPAddrError(childIP)
+	}
+
+	chain := iptables.ChainInfo{Name: DockerChain}
+	for _, port := range ports {
+		err := chain.Link(nfAction, ip1, ip2, int(port.Port), port.Proto.String(), bridge)
+		if !ignoreErrors && err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/libnetwork/drivers/bridge/link_test.go b/libnetwork/drivers/bridge/link_test.go
new file mode 100644
index 0000000000000..3450292abd636
--- /dev/null
+++ b/libnetwork/drivers/bridge/link_test.go
@@ -0,0 +1,42 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+func getPorts() []types.TransportPort {
+	return []types.TransportPort{
+		{Proto: types.TCP, Port: uint16(5000)},
+		{Proto: types.UDP, Port: uint16(400)},
+		{Proto: types.TCP, Port: uint16(600)},
+	}
+}
+
+func TestLinkNew(t *testing.T) {
+	ports := getPorts()
+
+	link := newLink("172.0.17.3", "172.0.17.2", ports, "docker0")
+
+	if link == nil {
+		t.FailNow()
+	}
+	if link.parentIP != "172.0.17.3" {
+		t.Fail()
+	}
+	if link.childIP != "172.0.17.2" {
+		t.Fail()
+	}
+	for i, p := range link.ports {
+		if p != ports[i] {
+			t.Fail()
+		}
+	}
+	if link.bridge != "docker0" {
+		t.Fail()
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go b/libnetwork/drivers/bridge/netlink_deprecated_linux.go
similarity index 89%
rename from vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go
rename to libnetwork/drivers/bridge/netlink_deprecated_linux.go
index 6b49efa166648..fd25c9f376aa3 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go
+++ b/libnetwork/drivers/bridge/netlink_deprecated_linux.go
@@ -2,13 +2,9 @@ package bridge
 
 import (
 	"fmt"
-	"math/rand"
 	"net"
 	"syscall"
-	"time"
 	"unsafe"
-
-	"github.com/docker/libnetwork/netutils"
 )
 
 const (
@@ -27,8 +23,6 @@ type ifreqHwaddr struct {
 	IfruHwaddr syscall.RawSockaddr
 }
 
-var rnd = rand.New(rand.NewSource(time.Now().UnixNano()))
-
 // THIS CODE DOES NOT COMMUNICATE WITH KERNEL VIA RTNETLINK INTERFACE
 // IT IS HERE FOR BACKWARDS COMPATIBILITY WITH OLDER LINUX KERNELS
 // WHICH SHIP WITH OLDER NOT ENTIRELY FUNCTIONAL VERSION OF NETLINK
@@ -106,7 +100,7 @@ func ioctlSetMacAddress(name, addr string) error {
 	return nil
 }
 
-func ioctlCreateBridge(name string, setMacAddr bool) error {
+func ioctlCreateBridge(name, macAddr string) error {
 	if len(name) >= ifNameSize {
 		return fmt.Errorf("Interface name %s too long", name)
 	}
@@ -124,8 +118,5 @@ func ioctlCreateBridge(name string, setMacAddr bool) error {
 	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), ioctlBrAdd, uintptr(unsafe.Pointer(nameBytePtr))); err != 0 {
 		return err
 	}
-	if setMacAddr {
-		return ioctlSetMacAddress(name, netutils.GenerateRandomMAC().String())
-	}
-	return nil
+	return ioctlSetMacAddress(name, macAddr)
 }
diff --git a/libnetwork/drivers/bridge/netlink_deprecated_linux_rawsockaddr_data_int8.go b/libnetwork/drivers/bridge/netlink_deprecated_linux_rawsockaddr_data_int8.go
new file mode 100644
index 0000000000000..5a0763efdf7c3
--- /dev/null
+++ b/libnetwork/drivers/bridge/netlink_deprecated_linux_rawsockaddr_data_int8.go
@@ -0,0 +1,8 @@
+//go:build !arm && !ppc64 && !ppc64le && !riscv64
+// +build !arm,!ppc64,!ppc64le,!riscv64
+
+package bridge
+
+func ifrDataByte(b byte) int8 {
+	return int8(b)
+}
diff --git a/libnetwork/drivers/bridge/netlink_deprecated_linux_rawsockaddr_data_uint8.go b/libnetwork/drivers/bridge/netlink_deprecated_linux_rawsockaddr_data_uint8.go
new file mode 100644
index 0000000000000..e177146077608
--- /dev/null
+++ b/libnetwork/drivers/bridge/netlink_deprecated_linux_rawsockaddr_data_uint8.go
@@ -0,0 +1,8 @@
+//go:build arm || ppc64 || ppc64le || riscv64
+// +build arm ppc64 ppc64le riscv64
+
+package bridge
+
+func ifrDataByte(b byte) uint8 {
+	return uint8(b)
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_unsupported.go b/libnetwork/drivers/bridge/netlink_deprecated_unsupported.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_unsupported.go
rename to libnetwork/drivers/bridge/netlink_deprecated_unsupported.go
index 7e2d57b660eee..d4d34bef4451d 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_unsupported.go
+++ b/libnetwork/drivers/bridge/netlink_deprecated_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package bridge
diff --git a/libnetwork/drivers/bridge/network_test.go b/libnetwork/drivers/bridge/network_test.go
new file mode 100644
index 0000000000000..0c4525a56373e
--- /dev/null
+++ b/libnetwork/drivers/bridge/network_test.go
@@ -0,0 +1,220 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/vishvananda/netlink"
+)
+
+func TestLinkCreate(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	mtu := 1490
+	config := &networkConfiguration{
+		BridgeName: DefaultBridgeName,
+		Mtu:        mtu,
+		EnableIPv6: true,
+	}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	ipdList := getIPv4Data(t, "")
+	err := d.CreateNetwork("dummy", genericOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	te := newTestEndpoint(ipdList[0].Pool, 10)
+	err = d.CreateEndpoint("dummy", "", te.Interface(), nil)
+	if err != nil {
+		if _, ok := err.(InvalidEndpointIDError); !ok {
+			t.Fatalf("Failed with a wrong error :%s", err.Error())
+		}
+	} else {
+		t.Fatal("Failed to detect invalid config")
+	}
+
+	// Good endpoint creation
+	err = d.CreateEndpoint("dummy", "ep", te.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create a link: %s", err.Error())
+	}
+
+	err = d.Join("dummy", "ep", "sbox", te, nil)
+	if err != nil {
+		t.Fatalf("Failed to create a link: %s", err.Error())
+	}
+
+	// Verify sbox endpoint interface inherited MTU value from bridge config
+	sboxLnk, err := netlink.LinkByName(te.iface.srcName)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if mtu != sboxLnk.Attrs().MTU {
+		t.Fatal("Sandbox endpoint interface did not inherit bridge interface MTU config")
+	}
+	// TODO: if we could get peer name from (sboxLnk.(*netlink.Veth)).PeerName
+	// then we could check the MTU on hostLnk as well.
+
+	te1 := newTestEndpoint(ipdList[0].Pool, 11)
+	err = d.CreateEndpoint("dummy", "ep", te1.Interface(), nil)
+	if err == nil {
+		t.Fatal("Failed to detect duplicate endpoint id on same network")
+	}
+
+	if te.iface.dstName == "" {
+		t.Fatal("Invalid Dstname returned")
+	}
+
+	_, err = netlink.LinkByName(te.iface.srcName)
+	if err != nil {
+		t.Fatalf("Could not find source link %s: %v", te.iface.srcName, err)
+	}
+
+	n, ok := d.networks["dummy"]
+	if !ok {
+		t.Fatalf("Cannot find network %s inside driver", "dummy")
+	}
+	ip := te.iface.addr.IP
+	if !n.bridge.bridgeIPv4.Contains(ip) {
+		t.Fatalf("IP %s is not a valid ip in the subnet %s", ip.String(), n.bridge.bridgeIPv4.String())
+	}
+
+	ip6 := te.iface.addrv6.IP
+	if !n.bridge.bridgeIPv6.Contains(ip6) {
+		t.Fatalf("IP %s is not a valid ip in the subnet %s", ip6.String(), bridgeIPv6.String())
+	}
+
+	if !te.gw.Equal(n.bridge.bridgeIPv4.IP) {
+		t.Fatalf("Invalid default gateway. Expected %s. Got %s", n.bridge.bridgeIPv4.IP.String(),
+			te.gw.String())
+	}
+
+	if !te.gw6.Equal(n.bridge.bridgeIPv6.IP) {
+		t.Fatalf("Invalid default gateway for IPv6. Expected %s. Got %s", n.bridge.bridgeIPv6.IP.String(),
+			te.gw6.String())
+	}
+}
+
+func TestLinkCreateTwo(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	config := &networkConfiguration{
+		BridgeName: DefaultBridgeName,
+		EnableIPv6: true}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	ipdList := getIPv4Data(t, "")
+	err := d.CreateNetwork("dummy", genericOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	te1 := newTestEndpoint(ipdList[0].Pool, 11)
+	err = d.CreateEndpoint("dummy", "ep", te1.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create a link: %s", err.Error())
+	}
+
+	te2 := newTestEndpoint(ipdList[0].Pool, 12)
+	err = d.CreateEndpoint("dummy", "ep", te2.Interface(), nil)
+	if err != nil {
+		if _, ok := err.(driverapi.ErrEndpointExists); !ok {
+			t.Fatalf("Failed with a wrong error: %s", err.Error())
+		}
+	} else {
+		t.Fatal("Expected to fail while trying to add same endpoint twice")
+	}
+}
+
+func TestLinkCreateNoEnableIPv6(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	config := &networkConfiguration{
+		BridgeName: DefaultBridgeName}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	ipdList := getIPv4Data(t, "")
+	err := d.CreateNetwork("dummy", genericOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+	te := newTestEndpoint(ipdList[0].Pool, 30)
+	err = d.CreateEndpoint("dummy", "ep", te.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create a link: %s", err.Error())
+	}
+
+	iface := te.iface
+	if iface.addrv6 != nil && iface.addrv6.IP.To16() != nil {
+		t.Fatalf("Expected IPv6 address to be nil when IPv6 is not enabled. Got IPv6 = %s", iface.addrv6.String())
+	}
+
+	if te.gw6.To16() != nil {
+		t.Fatalf("Expected GatewayIPv6 to be nil when IPv6 is not enabled. Got GatewayIPv6 = %s", te.gw6.String())
+	}
+}
+
+func TestLinkDelete(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+	d := newDriver()
+
+	if err := d.configure(nil); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	config := &networkConfiguration{
+		BridgeName: DefaultBridgeName,
+		EnableIPv6: true}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	ipdList := getIPv4Data(t, "")
+	err := d.CreateNetwork("dummy", genericOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	te := newTestEndpoint(ipdList[0].Pool, 30)
+	err = d.CreateEndpoint("dummy", "ep1", te.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create a link: %s", err.Error())
+	}
+
+	err = d.DeleteEndpoint("dummy", "")
+	if err != nil {
+		if _, ok := err.(InvalidEndpointIDError); !ok {
+			t.Fatalf("Failed with a wrong error :%s", err.Error())
+		}
+	} else {
+		t.Fatal("Failed to detect invalid config")
+	}
+
+	err = d.DeleteEndpoint("dummy", "ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/libnetwork/drivers/bridge/port_mapping.go b/libnetwork/drivers/bridge/port_mapping.go
new file mode 100644
index 0000000000000..afff4b404585c
--- /dev/null
+++ b/libnetwork/drivers/bridge/port_mapping.go
@@ -0,0 +1,247 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/ishidawataru/sctp"
+	"github.com/sirupsen/logrus"
+)
+
+func (n *bridgeNetwork) allocatePorts(ep *bridgeEndpoint, reqDefBindIP net.IP, ulPxyEnabled bool) ([]types.PortBinding, error) {
+	if ep.extConnConfig == nil || ep.extConnConfig.PortBindings == nil {
+		return nil, nil
+	}
+
+	defHostIP := net.IPv4zero // 0.0.0.0
+	if reqDefBindIP != nil {
+		defHostIP = reqDefBindIP
+	}
+
+	var containerIPv6 net.IP
+	if ep.addrv6 != nil {
+		containerIPv6 = ep.addrv6.IP
+	}
+
+	pb, err := n.allocatePortsInternal(ep.extConnConfig.PortBindings, ep.addr.IP, containerIPv6, defHostIP, ulPxyEnabled)
+	if err != nil {
+		return nil, err
+	}
+	return pb, nil
+}
+
+func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, containerIPv4, containerIPv6, defHostIP net.IP, ulPxyEnabled bool) ([]types.PortBinding, error) {
+	bs := make([]types.PortBinding, 0, len(bindings))
+	for _, c := range bindings {
+		bIPv4 := c.GetCopy()
+		bIPv6 := c.GetCopy()
+		// Allocate IPv4 Port mappings
+		if ok := n.validatePortBindingIPv4(&bIPv4, containerIPv4, defHostIP); ok {
+			if err := n.allocatePort(&bIPv4, ulPxyEnabled); err != nil {
+				// On allocation failure, release previously allocated ports. On cleanup error, just log a warning message
+				if cuErr := n.releasePortsInternal(bs); cuErr != nil {
+					logrus.Warnf("allocation failure for %v, failed to clear previously allocated ipv4 port bindings: %v", bIPv4, cuErr)
+				}
+				return nil, err
+			}
+			bs = append(bs, bIPv4)
+		}
+
+		// skip adding implicit v6 addr, when the kernel was booted with `ipv6.disable=1`
+		// https://github.com/moby/moby/issues/42288
+		isV6Binding := c.HostIP != nil && c.HostIP.To4() == nil
+		if !isV6Binding && !IsV6Listenable() {
+			continue
+		}
+
+		// Allocate IPv6 Port mappings
+		// If the container has no IPv6 address, allow proxying host IPv6 traffic to it
+		// by setting up the binding with the IPv4 interface if the userland proxy is enabled
+		// This change was added to keep backward compatibility
+		containerIP := containerIPv6
+		if ulPxyEnabled && (containerIPv6 == nil) {
+			containerIP = containerIPv4
+		}
+		if ok := n.validatePortBindingIPv6(&bIPv6, containerIP, defHostIP); ok {
+			if err := n.allocatePort(&bIPv6, ulPxyEnabled); err != nil {
+				// On allocation failure, release previously allocated ports. On cleanup error, just log a warning message
+				if cuErr := n.releasePortsInternal(bs); cuErr != nil {
+					logrus.Warnf("allocation failure for %v, failed to clear previously allocated ipv6 port bindings: %v", bIPv6, cuErr)
+				}
+				return nil, err
+			}
+			bs = append(bs, bIPv6)
+		}
+	}
+	return bs, nil
+}
+
+// validatePortBindingIPv4 validates the port binding, populates the missing Host IP field and returns true
+// if this is a valid IPv4 binding, else returns false
+func (n *bridgeNetwork) validatePortBindingIPv4(bnd *types.PortBinding, containerIPv4, defHostIP net.IP) bool {
+	//Return early if there is a valid Host IP, but its not a IPv4 address
+	if len(bnd.HostIP) > 0 && bnd.HostIP.To4() == nil {
+		return false
+	}
+	// Adjust the host address in the operational binding
+	if len(bnd.HostIP) == 0 {
+		// Return early if the default binding address is an IPv6 address
+		if defHostIP.To4() == nil {
+			return false
+		}
+		bnd.HostIP = defHostIP
+	}
+	bnd.IP = containerIPv4
+	return true
+
+}
+
+// validatePortBindingIPv6 validates the port binding, populates the missing Host IP field and returns true
+// if this is a valid IPv6 binding, else returns false
+func (n *bridgeNetwork) validatePortBindingIPv6(bnd *types.PortBinding, containerIP, defHostIP net.IP) bool {
+	// Return early if there is no container endpoint
+	if containerIP == nil {
+		return false
+	}
+	// Return early if there is a valid Host IP, which is a IPv4 address
+	if len(bnd.HostIP) > 0 && bnd.HostIP.To4() != nil {
+		return false
+	}
+
+	// Setup a binding to  "::" if Host IP is empty and the default binding IP is 0.0.0.0
+	if len(bnd.HostIP) == 0 {
+		if defHostIP.Equal(net.IPv4zero) {
+			bnd.HostIP = net.IPv6zero
+			// If the default binding IP is an IPv6 address, use it
+		} else if defHostIP.To4() == nil {
+			bnd.HostIP = defHostIP
+			// Return false if default binding ip is an IPv4 address
+		} else {
+			return false
+		}
+	}
+	bnd.IP = containerIP
+	return true
+}
+
+func (n *bridgeNetwork) allocatePort(bnd *types.PortBinding, ulPxyEnabled bool) error {
+	var (
+		host net.Addr
+		err  error
+	)
+
+	// Adjust HostPortEnd if this is not a range.
+	if bnd.HostPortEnd == 0 {
+		bnd.HostPortEnd = bnd.HostPort
+	}
+
+	// Construct the container side transport address
+	container, err := bnd.ContainerAddr()
+	if err != nil {
+		return err
+	}
+
+	portmapper := n.portMapper
+
+	if bnd.HostIP.To4() == nil {
+		portmapper = n.portMapperV6
+	}
+
+	// Try up to maxAllocatePortAttempts times to get a port that's not already allocated.
+	for i := 0; i < maxAllocatePortAttempts; i++ {
+		if host, err = portmapper.MapRange(container, bnd.HostIP, int(bnd.HostPort), int(bnd.HostPortEnd), ulPxyEnabled); err == nil {
+			break
+		}
+		// There is no point in immediately retrying to map an explicitly chosen port.
+		if bnd.HostPort != 0 {
+			logrus.Warnf("Failed to allocate and map port %d-%d: %s", bnd.HostPort, bnd.HostPortEnd, err)
+			break
+		}
+		logrus.Warnf("Failed to allocate and map port: %s, retry: %d", err, i+1)
+	}
+	if err != nil {
+		return err
+	}
+
+	// Save the host port (regardless it was or not specified in the binding)
+	switch netAddr := host.(type) {
+	case *net.TCPAddr:
+		bnd.HostPort = uint16(host.(*net.TCPAddr).Port)
+		return nil
+	case *net.UDPAddr:
+		bnd.HostPort = uint16(host.(*net.UDPAddr).Port)
+		return nil
+	case *sctp.SCTPAddr:
+		bnd.HostPort = uint16(host.(*sctp.SCTPAddr).Port)
+		return nil
+	default:
+		// For completeness
+		return ErrUnsupportedAddressType(fmt.Sprintf("%T", netAddr))
+	}
+}
+
+func (n *bridgeNetwork) releasePorts(ep *bridgeEndpoint) error {
+	return n.releasePortsInternal(ep.portMapping)
+}
+
+func (n *bridgeNetwork) releasePortsInternal(bindings []types.PortBinding) error {
+	var errorBuf bytes.Buffer
+
+	// Attempt to release all port bindings, do not stop on failure
+	for _, m := range bindings {
+		if err := n.releasePort(m); err != nil {
+			errorBuf.WriteString(fmt.Sprintf("\ncould not release %v because of %v", m, err))
+		}
+	}
+
+	if errorBuf.Len() != 0 {
+		return errors.New(errorBuf.String())
+	}
+	return nil
+}
+
+func (n *bridgeNetwork) releasePort(bnd types.PortBinding) error {
+	// Construct the host side transport address
+	host, err := bnd.HostAddr()
+	if err != nil {
+		return err
+	}
+
+	portmapper := n.portMapper
+
+	if bnd.HostIP.To4() == nil {
+		portmapper = n.portMapperV6
+	}
+
+	return portmapper.Unmap(host)
+}
+
+var (
+	v6ListenableCached bool
+	v6ListenableOnce   sync.Once
+)
+
+// IsV6Listenable returns true when `[::1]:0` is listenable.
+// IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option.
+func IsV6Listenable() bool {
+	v6ListenableOnce.Do(func() {
+		ln, err := net.Listen("tcp6", "[::1]:0")
+		if err != nil {
+			// When the kernel was booted with `ipv6.disable=1`,
+			// we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
+			// https://github.com/moby/moby/issues/42288
+			logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
+		} else {
+			v6ListenableCached = true
+			ln.Close()
+		}
+	})
+	return v6ListenableCached
+}
diff --git a/libnetwork/drivers/bridge/port_mapping_test.go b/libnetwork/drivers/bridge/port_mapping_test.go
new file mode 100644
index 0000000000000..dab375e96b96a
--- /dev/null
+++ b/libnetwork/drivers/bridge/port_mapping_test.go
@@ -0,0 +1,185 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"os"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+func TestMain(m *testing.M) {
+	if reexec.Init() {
+		return
+	}
+	os.Exit(m.Run())
+}
+
+func TestPortMappingConfig(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+	d := newDriver()
+
+	config := &configuration{
+		EnableIPTables: true,
+	}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	if err := d.configure(genericOption); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	binding1 := types.PortBinding{Proto: types.UDP, Port: uint16(400), HostPort: uint16(54000)}
+	binding2 := types.PortBinding{Proto: types.TCP, Port: uint16(500), HostPort: uint16(65000)}
+	binding3 := types.PortBinding{Proto: types.SCTP, Port: uint16(300), HostPort: uint16(65000)}
+	portBindings := []types.PortBinding{binding1, binding2, binding3}
+
+	sbOptions := make(map[string]interface{})
+	sbOptions[netlabel.PortMap] = portBindings
+
+	netConfig := &networkConfiguration{
+		BridgeName: DefaultBridgeName,
+	}
+	netOptions := make(map[string]interface{})
+	netOptions[netlabel.GenericData] = netConfig
+
+	ipdList := getIPv4Data(t, "")
+	err := d.CreateNetwork("dummy", netOptions, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	te := newTestEndpoint(ipdList[0].Pool, 11)
+	err = d.CreateEndpoint("dummy", "ep1", te.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create the endpoint: %s", err.Error())
+	}
+
+	if err = d.Join("dummy", "ep1", "sbox", te, sbOptions); err != nil {
+		t.Fatalf("Failed to join the endpoint: %v", err)
+	}
+
+	if err = d.ProgramExternalConnectivity("dummy", "ep1", sbOptions); err != nil {
+		t.Fatalf("Failed to program external connectivity: %v", err)
+	}
+
+	network, ok := d.networks["dummy"]
+	if !ok {
+		t.Fatalf("Cannot find network %s inside driver", "dummy")
+	}
+	ep := network.endpoints["ep1"]
+	if len(ep.portMapping) != 3 {
+		t.Fatalf("Failed to store the port bindings into the sandbox info. Found: %v", ep.portMapping)
+	}
+	if ep.portMapping[0].Proto != binding1.Proto || ep.portMapping[0].Port != binding1.Port ||
+		ep.portMapping[1].Proto != binding2.Proto || ep.portMapping[1].Port != binding2.Port ||
+		ep.portMapping[2].Proto != binding3.Proto || ep.portMapping[2].Port != binding3.Port {
+		t.Fatal("bridgeEndpoint has incorrect port mapping values")
+	}
+	if ep.portMapping[0].HostIP == nil || ep.portMapping[0].HostPort == 0 ||
+		ep.portMapping[1].HostIP == nil || ep.portMapping[1].HostPort == 0 ||
+		ep.portMapping[2].HostIP == nil || ep.portMapping[2].HostPort == 0 {
+		t.Fatal("operational port mapping data not found on bridgeEndpoint")
+	}
+
+	// release host mapped ports
+	err = d.Leave("dummy", "ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = d.RevokeExternalConnectivity("dummy", "ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestPortMappingV6Config(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+	if err := loopbackUp(); err != nil {
+		t.Fatalf("Could not bring loopback iface up: %v", err)
+	}
+
+	d := newDriver()
+
+	config := &configuration{
+		EnableIPTables:  true,
+		EnableIP6Tables: true,
+	}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = config
+
+	if err := d.configure(genericOption); err != nil {
+		t.Fatalf("Failed to setup driver config: %v", err)
+	}
+
+	portBindings := []types.PortBinding{
+		{Proto: types.UDP, Port: uint16(400), HostPort: uint16(54000)},
+		{Proto: types.TCP, Port: uint16(500), HostPort: uint16(65000)},
+		{Proto: types.SCTP, Port: uint16(500), HostPort: uint16(65000)},
+	}
+
+	sbOptions := make(map[string]interface{})
+	sbOptions[netlabel.PortMap] = portBindings
+	netConfig := &networkConfiguration{
+		BridgeName: DefaultBridgeName,
+		EnableIPv6: true,
+	}
+	netOptions := make(map[string]interface{})
+	netOptions[netlabel.GenericData] = netConfig
+
+	ipdList := getIPv4Data(t, "")
+	err := d.CreateNetwork("dummy", netOptions, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+
+	te := newTestEndpoint(ipdList[0].Pool, 11)
+	err = d.CreateEndpoint("dummy", "ep1", te.Interface(), nil)
+	if err != nil {
+		t.Fatalf("Failed to create the endpoint: %s", err.Error())
+	}
+
+	if err = d.Join("dummy", "ep1", "sbox", te, sbOptions); err != nil {
+		t.Fatalf("Failed to join the endpoint: %v", err)
+	}
+
+	if err = d.ProgramExternalConnectivity("dummy", "ep1", sbOptions); err != nil {
+		t.Fatalf("Failed to program external connectivity: %v", err)
+	}
+
+	network, ok := d.networks["dummy"]
+	if !ok {
+		t.Fatalf("Cannot find network %s inside driver", "dummy")
+	}
+	ep := network.endpoints["ep1"]
+	if len(ep.portMapping) != 6 {
+		t.Fatalf("Failed to store the port bindings into the sandbox info. Found: %v", ep.portMapping)
+	}
+
+	// release host mapped ports
+	err = d.Leave("dummy", "ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = d.RevokeExternalConnectivity("dummy", "ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func loopbackUp() error {
+	nlHandle := ns.NlHandle()
+	iface, err := nlHandle.LinkByName("lo")
+	if err != nil {
+		return err
+	}
+	return nlHandle.LinkSetUp(iface)
+}
diff --git a/libnetwork/drivers/bridge/setup.go b/libnetwork/drivers/bridge/setup.go
new file mode 100644
index 0000000000000..aa6b1fe9fbdfe
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup.go
@@ -0,0 +1,29 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+type setupStep func(*networkConfiguration, *bridgeInterface) error
+
+type bridgeSetup struct {
+	config *networkConfiguration
+	bridge *bridgeInterface
+	steps  []setupStep
+}
+
+func newBridgeSetup(c *networkConfiguration, i *bridgeInterface) *bridgeSetup {
+	return &bridgeSetup{config: c, bridge: i}
+}
+
+func (b *bridgeSetup) apply() error {
+	for _, fn := range b.steps {
+		if err := fn(b.config, b.bridge); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (b *bridgeSetup) queueStep(step setupStep) {
+	b.steps = append(b.steps, step)
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_bridgenetfiltering.go b/libnetwork/drivers/bridge/setup_bridgenetfiltering.go
similarity index 97%
rename from vendor/github.com/docker/libnetwork/drivers/bridge/setup_bridgenetfiltering.go
rename to libnetwork/drivers/bridge/setup_bridgenetfiltering.go
index 9b90acfac2c12..755a00a7797e8 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_bridgenetfiltering.go
+++ b/libnetwork/drivers/bridge/setup_bridgenetfiltering.go
@@ -1,9 +1,11 @@
+//go:build linux
+// +build linux
+
 package bridge
 
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"syscall"
 
@@ -122,7 +124,7 @@ func getBridgeNFKernelParam(ipVer ipVersion) string {
 //Gets the value of the kernel parameters located at the given path
 func getKernelBoolParam(path string) (bool, error) {
 	enabled := false
-	line, err := ioutil.ReadFile(path)
+	line, err := os.ReadFile(path)
 	if err != nil {
 		return false, err
 	}
@@ -138,7 +140,7 @@ func setKernelBoolParam(path string, on bool) error {
 	if on {
 		value = byte('1')
 	}
-	return ioutil.WriteFile(path, []byte{value, '\n'}, 0644)
+	return os.WriteFile(path, []byte{value, '\n'}, 0644)
 }
 
 //Checks to see if packet forwarding is enabled
diff --git a/libnetwork/drivers/bridge/setup_bridgenetfiltering_test.go b/libnetwork/drivers/bridge/setup_bridgenetfiltering_test.go
new file mode 100644
index 0000000000000..67290bde892d6
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_bridgenetfiltering_test.go
@@ -0,0 +1,15 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import "testing"
+
+func TestIPConstantValues(t *testing.T) {
+	if ipv4|ipv6 != ipvboth {
+		t.Fatalf("bitwise or of ipv4(%04b) and ipv6(%04b) must yield ipvboth(%04b)", ipv4, ipv6, ipvboth)
+	}
+	if ipvboth&(^(ipv4 | ipv6)) != ipvnone {
+		t.Fatalf("ipvboth(%04b) with unset ipv4(%04b) and ipv6(%04b) bits shall equal to ipvnone", ipvboth, ipv4, ipv6)
+	}
+}
diff --git a/libnetwork/drivers/bridge/setup_device.go b/libnetwork/drivers/bridge/setup_device.go
new file mode 100644
index 0000000000000..a9d9bc1fdfc6c
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_device.go
@@ -0,0 +1,75 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/sirupsen/logrus"
+	"github.com/vishvananda/netlink"
+)
+
+// SetupDevice create a new bridge interface/
+func setupDevice(config *networkConfiguration, i *bridgeInterface) error {
+	// We only attempt to create the bridge when the requested device name is
+	// the default one.
+	if config.BridgeName != DefaultBridgeName && config.DefaultBridge {
+		return NonDefaultBridgeExistError(config.BridgeName)
+	}
+
+	// Set the bridgeInterface netlink.Bridge.
+	i.Link = &netlink.Bridge{
+		LinkAttrs: netlink.LinkAttrs{
+			Name: config.BridgeName,
+		},
+	}
+
+	// Set the bridge's MAC address. Requires kernel version 3.3 or up.
+	hwAddr := netutils.GenerateRandomMAC()
+	i.Link.Attrs().HardwareAddr = hwAddr
+	logrus.Debugf("Setting bridge mac address to %s", hwAddr)
+
+	if err := i.nlh.LinkAdd(i.Link); err != nil {
+		logrus.Debugf("Failed to create bridge %s via netlink. Trying ioctl", config.BridgeName)
+		return ioctlCreateBridge(config.BridgeName, hwAddr.String())
+	}
+
+	return nil
+}
+
+func setupDefaultSysctl(config *networkConfiguration, i *bridgeInterface) error {
+	// Disable IPv6 router advertisements originating on the bridge
+	sysPath := filepath.Join("/proc/sys/net/ipv6/conf/", config.BridgeName, "accept_ra")
+	if _, err := os.Stat(sysPath); err != nil {
+		logrus.
+			WithField("bridge", config.BridgeName).
+			WithField("syspath", sysPath).
+			Info("failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra")
+		return nil
+	}
+	if err := os.WriteFile(sysPath, []byte{'0', '\n'}, 0644); err != nil {
+		logrus.WithError(err).Warn("unable to disable IPv6 router advertisement")
+	}
+	return nil
+}
+
+// SetupDeviceUp ups the given bridge interface.
+func setupDeviceUp(config *networkConfiguration, i *bridgeInterface) error {
+	err := i.nlh.LinkSetUp(i.Link)
+	if err != nil {
+		return fmt.Errorf("Failed to set link up for %s: %v", config.BridgeName, err)
+	}
+
+	// Attempt to update the bridge interface to refresh the flags status,
+	// ignoring any failure to do so.
+	if lnk, err := i.nlh.LinkByName(config.BridgeName); err == nil {
+		i.Link = lnk
+	} else {
+		logrus.Warnf("Failed to retrieve link for interface (%s): %v", config.BridgeName, err)
+	}
+	return nil
+}
diff --git a/libnetwork/drivers/bridge/setup_device_test.go b/libnetwork/drivers/bridge/setup_device_test.go
new file mode 100644
index 0000000000000..7526fda6fbb8a
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_device_test.go
@@ -0,0 +1,97 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"bytes"
+	"net"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/vishvananda/netlink"
+)
+
+func TestSetupNewBridge(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nh.Delete()
+
+	config := &networkConfiguration{BridgeName: DefaultBridgeName}
+	br := &bridgeInterface{nlh: nh}
+
+	if err := setupDevice(config, br); err != nil {
+		t.Fatalf("Bridge creation failed: %v", err)
+	}
+	if br.Link == nil {
+		t.Fatal("bridgeInterface link is nil (expected valid link)")
+	}
+	if _, err := nh.LinkByName(DefaultBridgeName); err != nil {
+		t.Fatalf("Failed to retrieve bridge device: %v", err)
+	}
+	if br.Link.Attrs().Flags&net.FlagUp == net.FlagUp {
+		t.Fatal("bridgeInterface should be created down")
+	}
+}
+
+func TestSetupNewNonDefaultBridge(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nh.Delete()
+
+	config := &networkConfiguration{BridgeName: "test0", DefaultBridge: true}
+	br := &bridgeInterface{nlh: nh}
+
+	err = setupDevice(config, br)
+	if err == nil {
+		t.Fatal("Expected bridge creation failure with \"non default name\", succeeded")
+	}
+
+	if _, ok := err.(NonDefaultBridgeExistError); !ok {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+}
+
+func TestSetupDeviceUp(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nh.Delete()
+
+	config := &networkConfiguration{BridgeName: DefaultBridgeName}
+	br := &bridgeInterface{nlh: nh}
+
+	if err := setupDevice(config, br); err != nil {
+		t.Fatalf("Bridge creation failed: %v", err)
+	}
+	if err := setupDeviceUp(config, br); err != nil {
+		t.Fatalf("Failed to up bridge device: %v", err)
+	}
+
+	lnk, _ := nh.LinkByName(DefaultBridgeName)
+	if lnk.Attrs().Flags&net.FlagUp != net.FlagUp {
+		t.Fatal("bridgeInterface should be up")
+	}
+}
+
+func TestGenerateRandomMAC(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	mac1 := netutils.GenerateRandomMAC()
+	mac2 := netutils.GenerateRandomMAC()
+	if bytes.Equal(mac1, mac2) {
+		t.Fatalf("Generated twice the same MAC address %v", mac1)
+	}
+}
diff --git a/libnetwork/drivers/bridge/setup_firewalld.go b/libnetwork/drivers/bridge/setup_firewalld.go
new file mode 100644
index 0000000000000..b0a1ebcaf99c8
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_firewalld.go
@@ -0,0 +1,38 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import "github.com/docker/docker/libnetwork/iptables"
+
+func (n *bridgeNetwork) setupFirewalld(config *networkConfiguration, i *bridgeInterface) error {
+	d := n.driver
+	d.Lock()
+	driverConfig := d.config
+	d.Unlock()
+
+	// Sanity check.
+	if !driverConfig.EnableIPTables {
+		return IPTableCfgError(config.BridgeName)
+	}
+
+	iptables.OnReloaded(func() { n.setupIP4Tables(config, i) })
+	iptables.OnReloaded(n.portMapper.ReMapAll)
+	return nil
+}
+
+func (n *bridgeNetwork) setupFirewalld6(config *networkConfiguration, i *bridgeInterface) error {
+	d := n.driver
+	d.Lock()
+	driverConfig := d.config
+	d.Unlock()
+
+	// Sanity check.
+	if !driverConfig.EnableIP6Tables {
+		return IPTableCfgError(config.BridgeName)
+	}
+
+	iptables.OnReloaded(func() { n.setupIP6Tables(config, i) })
+	iptables.OnReloaded(n.portMapperV6.ReMapAll)
+	return nil
+}
diff --git a/libnetwork/drivers/bridge/setup_ip_forwarding.go b/libnetwork/drivers/bridge/setup_ip_forwarding.go
new file mode 100644
index 0000000000000..1932b773beab6
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_ip_forwarding.go
@@ -0,0 +1,74 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	ipv4ForwardConf     = "/proc/sys/net/ipv4/ip_forward"
+	ipv4ForwardConfPerm = 0644
+)
+
+func configureIPForwarding(enable bool) error {
+	var val byte
+	if enable {
+		val = '1'
+	}
+	return os.WriteFile(ipv4ForwardConf, []byte{val, '\n'}, ipv4ForwardConfPerm)
+}
+
+func setupIPForwarding(enableIPTables bool, enableIP6Tables bool) error {
+	// Get current IPv4 forward setup
+	ipv4ForwardData, err := os.ReadFile(ipv4ForwardConf)
+	if err != nil {
+		return fmt.Errorf("Cannot read IP forwarding setup: %v", err)
+	}
+
+	// Enable IPv4 forwarding only if it is not already enabled
+	if ipv4ForwardData[0] != '1' {
+		// Enable IPv4 forwarding
+		if err := configureIPForwarding(true); err != nil {
+			return fmt.Errorf("Enabling IP forwarding failed: %v", err)
+		}
+		// When enabling ip_forward set the default policy on forward chain to
+		// drop only if the daemon option iptables is not set to false.
+		if enableIPTables {
+			iptable := iptables.GetIptable(iptables.IPv4)
+			if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
+				if err := configureIPForwarding(false); err != nil {
+					logrus.Errorf("Disabling IP forwarding failed, %v", err)
+				}
+				return err
+			}
+			iptables.OnReloaded(func() {
+				logrus.Debug("Setting the default DROP policy on firewall reload")
+				if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
+					logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
+				}
+			})
+		}
+	}
+
+	// add only iptables rules - forwarding is handled by setupIPv6Forwarding in setup_ipv6
+	if enableIP6Tables {
+		iptable := iptables.GetIptable(iptables.IPv6)
+		if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
+			logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
+		}
+		iptables.OnReloaded(func() {
+			logrus.Debug("Setting the default DROP policy on firewall reload")
+			if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
+				logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
+			}
+		})
+	}
+
+	return nil
+}
diff --git a/libnetwork/drivers/bridge/setup_ip_forwarding_test.go b/libnetwork/drivers/bridge/setup_ip_forwarding_test.go
new file mode 100644
index 0000000000000..da0cd07d6292b
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_ip_forwarding_test.go
@@ -0,0 +1,54 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"bytes"
+	"os"
+	"testing"
+)
+
+func TestSetupIPForwarding(t *testing.T) {
+	// Read current setting and ensure the original value gets restored
+	procSetting := readCurrentIPForwardingSetting(t)
+	defer reconcileIPForwardingSetting(t, procSetting)
+
+	// Disable IP Forwarding if enabled
+	if bytes.Equal(procSetting, []byte("1\n")) {
+		writeIPForwardingSetting(t, []byte{'0', '\n'})
+	}
+
+	// Set IP Forwarding
+	if err := setupIPForwarding(true, true); err != nil {
+		t.Fatalf("Failed to setup IP forwarding: %v", err)
+	}
+
+	// Read new setting
+	procSetting = readCurrentIPForwardingSetting(t)
+	if !bytes.Equal(procSetting, []byte("1\n")) {
+		t.Fatal("Failed to effectively setup IP forwarding")
+	}
+}
+
+func readCurrentIPForwardingSetting(t *testing.T) []byte {
+	procSetting, err := os.ReadFile(ipv4ForwardConf)
+	if err != nil {
+		t.Fatalf("Can't execute test: Failed to read current IP forwarding setting: %v", err)
+	}
+	return procSetting
+}
+
+func writeIPForwardingSetting(t *testing.T, chars []byte) {
+	err := os.WriteFile(ipv4ForwardConf, chars, ipv4ForwardConfPerm)
+	if err != nil {
+		t.Fatalf("Can't execute or cleanup after test: Failed to reset IP forwarding: %v", err)
+	}
+}
+
+func reconcileIPForwardingSetting(t *testing.T, original []byte) {
+	current := readCurrentIPForwardingSetting(t)
+	if !bytes.Equal(original, current) {
+		writeIPForwardingSetting(t, original)
+	}
+}
diff --git a/libnetwork/drivers/bridge/setup_ip_tables.go b/libnetwork/drivers/bridge/setup_ip_tables.go
new file mode 100644
index 0000000000000..a9d39b30ad197
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_ip_tables.go
@@ -0,0 +1,432 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"errors"
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/sirupsen/logrus"
+	"github.com/vishvananda/netlink"
+)
+
+// DockerChain: DOCKER iptable chain name
+const (
+	DockerChain = "DOCKER"
+	// Isolation between bridge networks is achieved in two stages by means
+	// of the following two chains in the filter table. The first chain matches
+	// on the source interface being a bridge network's bridge and the
+	// destination being a different interface. A positive match leads to the
+	// second isolation chain. No match returns to the parent chain. The second
+	// isolation chain matches on destination interface being a bridge network's
+	// bridge. A positive match identifies a packet originated from one bridge
+	// network's bridge destined to another bridge network's bridge and will
+	// result in the packet being dropped. No match returns to the parent chain.
+	IsolationChain1 = "DOCKER-ISOLATION-STAGE-1"
+	IsolationChain2 = "DOCKER-ISOLATION-STAGE-2"
+)
+
+func setupIPChains(config *configuration, version iptables.IPVersion) (*iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, error) {
+	// Sanity check.
+	if !config.EnableIPTables {
+		return nil, nil, nil, nil, errors.New("cannot create new chains, EnableIPTable is disabled")
+	}
+
+	hairpinMode := !config.EnableUserlandProxy
+
+	iptable := iptables.GetIptable(version)
+
+	natChain, err := iptable.NewChain(DockerChain, iptables.Nat, hairpinMode)
+	if err != nil {
+		return nil, nil, nil, nil, fmt.Errorf("failed to create NAT chain %s: %v", DockerChain, err)
+	}
+	defer func() {
+		if err != nil {
+			if err := iptable.RemoveExistingChain(DockerChain, iptables.Nat); err != nil {
+				logrus.Warnf("failed on removing iptables NAT chain %s on cleanup: %v", DockerChain, err)
+			}
+		}
+	}()
+
+	filterChain, err := iptable.NewChain(DockerChain, iptables.Filter, false)
+	if err != nil {
+		return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER chain %s: %v", DockerChain, err)
+	}
+	defer func() {
+		if err != nil {
+			if err := iptable.RemoveExistingChain(DockerChain, iptables.Filter); err != nil {
+				logrus.Warnf("failed on removing iptables FILTER chain %s on cleanup: %v", DockerChain, err)
+			}
+		}
+	}()
+
+	isolationChain1, err := iptable.NewChain(IsolationChain1, iptables.Filter, false)
+	if err != nil {
+		return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER isolation chain: %v", err)
+	}
+	defer func() {
+		if err != nil {
+			if err := iptable.RemoveExistingChain(IsolationChain1, iptables.Filter); err != nil {
+				logrus.Warnf("failed on removing iptables FILTER chain %s on cleanup: %v", IsolationChain1, err)
+			}
+		}
+	}()
+
+	isolationChain2, err := iptable.NewChain(IsolationChain2, iptables.Filter, false)
+	if err != nil {
+		return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER isolation chain: %v", err)
+	}
+	defer func() {
+		if err != nil {
+			if err := iptable.RemoveExistingChain(IsolationChain2, iptables.Filter); err != nil {
+				logrus.Warnf("failed on removing iptables FILTER chain %s on cleanup: %v", IsolationChain2, err)
+			}
+		}
+	}()
+
+	if err := iptable.AddReturnRule(IsolationChain1); err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	if err := iptable.AddReturnRule(IsolationChain2); err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	return natChain, filterChain, isolationChain1, isolationChain2, nil
+}
+
+func (n *bridgeNetwork) setupIP4Tables(config *networkConfiguration, i *bridgeInterface) error {
+	d := n.driver
+	d.Lock()
+	driverConfig := d.config
+	d.Unlock()
+
+	// Sanity check.
+	if !driverConfig.EnableIPTables {
+		return errors.New("Cannot program chains, EnableIPTable is disabled")
+	}
+
+	maskedAddrv4 := &net.IPNet{
+		IP:   i.bridgeIPv4.IP.Mask(i.bridgeIPv4.Mask),
+		Mask: i.bridgeIPv4.Mask,
+	}
+	return n.setupIPTables(iptables.IPv4, maskedAddrv4, config, i)
+}
+
+func (n *bridgeNetwork) setupIP6Tables(config *networkConfiguration, i *bridgeInterface) error {
+	d := n.driver
+	d.Lock()
+	driverConfig := d.config
+	d.Unlock()
+
+	// Sanity check.
+	if !driverConfig.EnableIP6Tables {
+		return errors.New("Cannot program chains, EnableIP6Tables is disabled")
+	}
+
+	maskedAddrv6 := &net.IPNet{
+		IP:   i.bridgeIPv6.IP.Mask(i.bridgeIPv6.Mask),
+		Mask: i.bridgeIPv6.Mask,
+	}
+
+	return n.setupIPTables(iptables.IPv6, maskedAddrv6, config, i)
+}
+
+func (n *bridgeNetwork) setupIPTables(ipVersion iptables.IPVersion, maskedAddr *net.IPNet, config *networkConfiguration, i *bridgeInterface) error {
+	var err error
+
+	d := n.driver
+	d.Lock()
+	driverConfig := d.config
+	d.Unlock()
+
+	// Pickup this configuration option from driver
+	hairpinMode := !driverConfig.EnableUserlandProxy
+
+	iptable := iptables.GetIptable(ipVersion)
+
+	if config.Internal {
+		if err = setupInternalNetworkRules(config.BridgeName, maskedAddr, config.EnableICC, true); err != nil {
+			return fmt.Errorf("Failed to Setup IP tables: %s", err.Error())
+		}
+		n.registerIptCleanFunc(func() error {
+			return setupInternalNetworkRules(config.BridgeName, maskedAddr, config.EnableICC, false)
+		})
+	} else {
+		if err = setupIPTablesInternal(config.HostIP, config.BridgeName, maskedAddr, config.EnableICC, config.EnableIPMasquerade, hairpinMode, true); err != nil {
+			return fmt.Errorf("Failed to Setup IP tables: %s", err.Error())
+		}
+		n.registerIptCleanFunc(func() error {
+			return setupIPTablesInternal(config.HostIP, config.BridgeName, maskedAddr, config.EnableICC, config.EnableIPMasquerade, hairpinMode, false)
+		})
+		natChain, filterChain, _, _, err := n.getDriverChains(ipVersion)
+		if err != nil {
+			return fmt.Errorf("Failed to setup IP tables, cannot acquire chain info %s", err.Error())
+		}
+
+		err = iptable.ProgramChain(natChain, config.BridgeName, hairpinMode, true)
+		if err != nil {
+			return fmt.Errorf("Failed to program NAT chain: %s", err.Error())
+		}
+
+		err = iptable.ProgramChain(filterChain, config.BridgeName, hairpinMode, true)
+		if err != nil {
+			return fmt.Errorf("Failed to program FILTER chain: %s", err.Error())
+		}
+
+		n.registerIptCleanFunc(func() error {
+			return iptable.ProgramChain(filterChain, config.BridgeName, hairpinMode, false)
+		})
+
+		if ipVersion == iptables.IPv4 {
+			n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName())
+		} else {
+			n.portMapperV6.SetIptablesChain(natChain, n.getNetworkBridgeName())
+		}
+	}
+
+	d.Lock()
+	err = iptable.EnsureJumpRule("FORWARD", IsolationChain1)
+	d.Unlock()
+	return err
+}
+
+type iptRule struct {
+	table   iptables.Table
+	chain   string
+	preArgs []string
+	args    []string
+}
+
+func setupIPTablesInternal(hostIP net.IP, bridgeIface string, addr *net.IPNet, icc, ipmasq, hairpin, enable bool) error {
+
+	var (
+		address   = addr.String()
+		skipDNAT  = iptRule{table: iptables.Nat, chain: DockerChain, preArgs: []string{"-t", "nat"}, args: []string{"-i", bridgeIface, "-j", "RETURN"}}
+		outRule   = iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-i", bridgeIface, "!", "-o", bridgeIface, "-j", "ACCEPT"}}
+		natArgs   []string
+		hpNatArgs []string
+	)
+	// if hostIP is set use this address as the src-ip during SNAT
+	if hostIP != nil {
+		hostAddr := hostIP.String()
+		natArgs = []string{"-s", address, "!", "-o", bridgeIface, "-j", "SNAT", "--to-source", hostAddr}
+		hpNatArgs = []string{"-m", "addrtype", "--src-type", "LOCAL", "-o", bridgeIface, "-j", "SNAT", "--to-source", hostAddr}
+		// Else use MASQUERADE which picks the src-ip based on NH from the route table
+	} else {
+		natArgs = []string{"-s", address, "!", "-o", bridgeIface, "-j", "MASQUERADE"}
+		hpNatArgs = []string{"-m", "addrtype", "--src-type", "LOCAL", "-o", bridgeIface, "-j", "MASQUERADE"}
+	}
+
+	natRule := iptRule{table: iptables.Nat, chain: "POSTROUTING", preArgs: []string{"-t", "nat"}, args: natArgs}
+	hpNatRule := iptRule{table: iptables.Nat, chain: "POSTROUTING", preArgs: []string{"-t", "nat"}, args: hpNatArgs}
+
+	ipVersion := iptables.IPv4
+
+	if addr.IP.To4() == nil {
+		ipVersion = iptables.IPv6
+	}
+
+	// Set NAT.
+	if ipmasq {
+		if err := programChainRule(ipVersion, natRule, "NAT", enable); err != nil {
+			return err
+		}
+	}
+
+	if ipmasq && !hairpin {
+		if err := programChainRule(ipVersion, skipDNAT, "SKIP DNAT", enable); err != nil {
+			return err
+		}
+	}
+
+	// In hairpin mode, masquerade traffic from localhost
+	if hairpin {
+		if err := programChainRule(ipVersion, hpNatRule, "MASQ LOCAL HOST", enable); err != nil {
+			return err
+		}
+	}
+
+	// Set Inter Container Communication.
+	if err := setIcc(ipVersion, bridgeIface, icc, enable); err != nil {
+		return err
+	}
+
+	// Set Accept on all non-intercontainer outgoing packets.
+	return programChainRule(ipVersion, outRule, "ACCEPT NON_ICC OUTGOING", enable)
+}
+
+func programChainRule(version iptables.IPVersion, rule iptRule, ruleDescr string, insert bool) error {
+
+	iptable := iptables.GetIptable(version)
+
+	var (
+		prefix    []string
+		operation string
+		condition bool
+		doesExist = iptable.Exists(rule.table, rule.chain, rule.args...)
+	)
+
+	if insert {
+		condition = !doesExist
+		prefix = []string{"-I", rule.chain}
+		operation = "enable"
+	} else {
+		condition = doesExist
+		prefix = []string{"-D", rule.chain}
+		operation = "disable"
+	}
+	if rule.preArgs != nil {
+		prefix = append(rule.preArgs, prefix...)
+	}
+
+	if condition {
+		if err := iptable.RawCombinedOutput(append(prefix, rule.args...)...); err != nil {
+			return fmt.Errorf("Unable to %s %s rule: %s", operation, ruleDescr, err.Error())
+		}
+	}
+
+	return nil
+}
+
+func setIcc(version iptables.IPVersion, bridgeIface string, iccEnable, insert bool) error {
+	iptable := iptables.GetIptable(version)
+	var (
+		table      = iptables.Filter
+		chain      = "FORWARD"
+		args       = []string{"-i", bridgeIface, "-o", bridgeIface, "-j"}
+		acceptArgs = append(args, "ACCEPT")
+		dropArgs   = append(args, "DROP")
+	)
+
+	if insert {
+		if !iccEnable {
+			iptable.Raw(append([]string{"-D", chain}, acceptArgs...)...)
+
+			if !iptable.Exists(table, chain, dropArgs...) {
+				if err := iptable.RawCombinedOutput(append([]string{"-A", chain}, dropArgs...)...); err != nil {
+					return fmt.Errorf("Unable to prevent intercontainer communication: %s", err.Error())
+				}
+			}
+		} else {
+			iptable.Raw(append([]string{"-D", chain}, dropArgs...)...)
+
+			if !iptable.Exists(table, chain, acceptArgs...) {
+				if err := iptable.RawCombinedOutput(append([]string{"-I", chain}, acceptArgs...)...); err != nil {
+					return fmt.Errorf("Unable to allow intercontainer communication: %s", err.Error())
+				}
+			}
+		}
+	} else {
+		// Remove any ICC rule.
+		if !iccEnable {
+			if iptable.Exists(table, chain, dropArgs...) {
+				iptable.Raw(append([]string{"-D", chain}, dropArgs...)...)
+			}
+		} else {
+			if iptable.Exists(table, chain, acceptArgs...) {
+				iptable.Raw(append([]string{"-D", chain}, acceptArgs...)...)
+			}
+		}
+	}
+
+	return nil
+}
+
+// Control Inter Network Communication. Install[Remove] only if it is [not] present.
+func setINC(version iptables.IPVersion, iface string, enable bool) error {
+	iptable := iptables.GetIptable(version)
+	var (
+		action    = iptables.Insert
+		actionMsg = "add"
+		chains    = []string{IsolationChain1, IsolationChain2}
+		rules     = [][]string{
+			{"-i", iface, "!", "-o", iface, "-j", IsolationChain2},
+			{"-o", iface, "-j", "DROP"},
+		}
+	)
+
+	if !enable {
+		action = iptables.Delete
+		actionMsg = "remove"
+	}
+
+	for i, chain := range chains {
+		if err := iptable.ProgramRule(iptables.Filter, chain, action, rules[i]); err != nil {
+			msg := fmt.Sprintf("unable to %s inter-network communication rule: %v", actionMsg, err)
+			if enable {
+				if i == 1 {
+					// Rollback the rule installed on first chain
+					if err2 := iptable.ProgramRule(iptables.Filter, chains[0], iptables.Delete, rules[0]); err2 != nil {
+						logrus.Warnf("Failed to rollback iptables rule after failure (%v): %v", err, err2)
+					}
+				}
+				return fmt.Errorf(msg)
+			}
+			logrus.Warn(msg)
+		}
+	}
+
+	return nil
+}
+
+// Obsolete chain from previous docker versions
+const oldIsolationChain = "DOCKER-ISOLATION"
+
+func removeIPChains(version iptables.IPVersion) {
+	ipt := iptables.IPTable{Version: version}
+
+	// Remove obsolete rules from default chains
+	ipt.ProgramRule(iptables.Filter, "FORWARD", iptables.Delete, []string{"-j", oldIsolationChain})
+
+	// Remove chains
+	for _, chainInfo := range []iptables.ChainInfo{
+		{Name: DockerChain, Table: iptables.Nat, IPTable: ipt},
+		{Name: DockerChain, Table: iptables.Filter, IPTable: ipt},
+		{Name: IsolationChain1, Table: iptables.Filter, IPTable: ipt},
+		{Name: IsolationChain2, Table: iptables.Filter, IPTable: ipt},
+		{Name: oldIsolationChain, Table: iptables.Filter, IPTable: ipt},
+	} {
+
+		if err := chainInfo.Remove(); err != nil {
+			logrus.Warnf("Failed to remove existing iptables entries in table %s chain %s : %v", chainInfo.Table, chainInfo.Name, err)
+		}
+	}
+}
+
+func setupInternalNetworkRules(bridgeIface string, addr *net.IPNet, icc, insert bool) error {
+	var (
+		inDropRule  = iptRule{table: iptables.Filter, chain: IsolationChain1, args: []string{"-i", bridgeIface, "!", "-d", addr.String(), "-j", "DROP"}}
+		outDropRule = iptRule{table: iptables.Filter, chain: IsolationChain1, args: []string{"-o", bridgeIface, "!", "-s", addr.String(), "-j", "DROP"}}
+	)
+
+	version := iptables.IPv4
+
+	if addr.IP.To4() == nil {
+		version = iptables.IPv6
+	}
+
+	if err := programChainRule(version, inDropRule, "DROP INCOMING", insert); err != nil {
+		return err
+	}
+	if err := programChainRule(version, outDropRule, "DROP OUTGOING", insert); err != nil {
+		return err
+	}
+	// Set Inter Container Communication.
+	return setIcc(version, bridgeIface, icc, insert)
+}
+
+func clearEndpointConnections(nlh *netlink.Handle, ep *bridgeEndpoint) {
+	var ipv4List []net.IP
+	var ipv6List []net.IP
+	if ep.addr != nil {
+		ipv4List = append(ipv4List, ep.addr.IP)
+	}
+	if ep.addrv6 != nil {
+		ipv6List = append(ipv6List, ep.addrv6.IP)
+	}
+	iptables.DeleteConntrackEntries(nlh, ipv4List, ipv6List)
+}
diff --git a/libnetwork/drivers/bridge/setup_ip_tables_test.go b/libnetwork/drivers/bridge/setup_ip_tables_test.go
new file mode 100644
index 0000000000000..1eb781f3e9591
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_ip_tables_test.go
@@ -0,0 +1,141 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"net"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/portmapper"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/vishvananda/netlink"
+)
+
+const (
+	iptablesTestBridgeIP = "192.168.42.1"
+)
+
+func TestProgramIPTable(t *testing.T) {
+	// Create a test bridge with a basic bridge configuration (name + IPv4).
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	createTestBridge(getBasicTestConfig(), &bridgeInterface{nlh: nh}, t)
+
+	// Store various iptables chain rules we care for.
+	rules := []struct {
+		rule  iptRule
+		descr string
+	}{
+		{iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-d", "127.1.2.3", "-i", "lo", "-o", "lo", "-j", "DROP"}}, "Test Loopback"},
+		{iptRule{table: iptables.Nat, chain: "POSTROUTING", preArgs: []string{"-t", "nat"}, args: []string{"-s", iptablesTestBridgeIP, "!", "-o", DefaultBridgeName, "-j", "MASQUERADE"}}, "NAT Test"},
+		{iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-o", DefaultBridgeName, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"}}, "Test ACCEPT INCOMING"},
+		{iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-i", DefaultBridgeName, "!", "-o", DefaultBridgeName, "-j", "ACCEPT"}}, "Test ACCEPT NON_ICC OUTGOING"},
+		{iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-i", DefaultBridgeName, "-o", DefaultBridgeName, "-j", "ACCEPT"}}, "Test enable ICC"},
+		{iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-i", DefaultBridgeName, "-o", DefaultBridgeName, "-j", "DROP"}}, "Test disable ICC"},
+	}
+
+	// Assert the chain rules' insertion and removal.
+	for _, c := range rules {
+		assertIPTableChainProgramming(c.rule, c.descr, t)
+	}
+}
+
+func TestSetupIPChains(t *testing.T) {
+	// Create a test bridge with a basic bridge configuration (name + IPv4).
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	driverconfig := &configuration{
+		EnableIPTables: true,
+	}
+	d := &driver{
+		config: driverconfig,
+	}
+	assertChainConfig(d, t)
+
+	config := getBasicTestConfig()
+	br := &bridgeInterface{nlh: nh}
+	createTestBridge(config, br, t)
+
+	assertBridgeConfig(config, br, d, t)
+
+	config.EnableIPMasquerade = true
+	assertBridgeConfig(config, br, d, t)
+
+	config.EnableICC = true
+	assertBridgeConfig(config, br, d, t)
+
+	config.EnableIPMasquerade = false
+	assertBridgeConfig(config, br, d, t)
+}
+
+func getBasicTestConfig() *networkConfiguration {
+	config := &networkConfiguration{
+		BridgeName:  DefaultBridgeName,
+		AddressIPv4: &net.IPNet{IP: net.ParseIP(iptablesTestBridgeIP), Mask: net.CIDRMask(16, 32)}}
+	return config
+}
+
+func createTestBridge(config *networkConfiguration, br *bridgeInterface, t *testing.T) {
+	if err := setupDevice(config, br); err != nil {
+		t.Fatalf("Failed to create the testing Bridge: %s", err.Error())
+	}
+	if err := setupBridgeIPv4(config, br); err != nil {
+		t.Fatalf("Failed to bring up the testing Bridge: %s", err.Error())
+	}
+}
+
+// Assert base function which pushes iptables chain rules on insertion and removal.
+func assertIPTableChainProgramming(rule iptRule, descr string, t *testing.T) {
+	// Add
+	if err := programChainRule(iptables.IPv4, rule, descr, true); err != nil {
+		t.Fatalf("Failed to program iptable rule %s: %s", descr, err.Error())
+	}
+
+	iptable := iptables.GetIptable(iptables.IPv4)
+	if iptable.Exists(rule.table, rule.chain, rule.args...) == false {
+		t.Fatalf("Failed to effectively program iptable rule: %s", descr)
+	}
+
+	// Remove
+	if err := programChainRule(iptables.IPv4, rule, descr, false); err != nil {
+		t.Fatalf("Failed to remove iptable rule %s: %s", descr, err.Error())
+	}
+	if iptable.Exists(rule.table, rule.chain, rule.args...) == true {
+		t.Fatalf("Failed to effectively remove iptable rule: %s", descr)
+	}
+}
+
+// Assert function which create chains.
+func assertChainConfig(d *driver, t *testing.T) {
+	var err error
+
+	d.natChain, d.filterChain, d.isolationChain1, d.isolationChain2, err = setupIPChains(d.config, iptables.IPv4)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Assert function which pushes chains based on bridge config parameters.
+func assertBridgeConfig(config *networkConfiguration, br *bridgeInterface, d *driver, t *testing.T) {
+	nw := bridgeNetwork{portMapper: portmapper.New(""),
+		config: config}
+	nw.driver = d
+
+	// Attempt programming of ip tables.
+	err := nw.setupIP4Tables(config, br)
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+}
diff --git a/libnetwork/drivers/bridge/setup_ipv4.go b/libnetwork/drivers/bridge/setup_ipv4.go
new file mode 100644
index 0000000000000..fc814e81d4d52
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_ipv4.go
@@ -0,0 +1,85 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/sirupsen/logrus"
+	"github.com/vishvananda/netlink"
+)
+
+func selectIPv4Address(addresses []netlink.Addr, selector *net.IPNet) (netlink.Addr, error) {
+	if len(addresses) == 0 {
+		return netlink.Addr{}, errors.New("unable to select an address as the address pool is empty")
+	}
+	if selector != nil {
+		for _, addr := range addresses {
+			if selector.Contains(addr.IP) {
+				return addr, nil
+			}
+		}
+	}
+	return addresses[0], nil
+}
+
+func setupBridgeIPv4(config *networkConfiguration, i *bridgeInterface) error {
+	if !config.InhibitIPv4 {
+		addrv4List, _, err := i.addresses()
+		if err != nil {
+			return fmt.Errorf("failed to retrieve bridge interface addresses: %v", err)
+		}
+
+		addrv4, _ := selectIPv4Address(addrv4List, config.AddressIPv4)
+
+		if !types.CompareIPNet(addrv4.IPNet, config.AddressIPv4) {
+			if addrv4.IPNet != nil {
+				if err := i.nlh.AddrDel(i.Link, &addrv4); err != nil {
+					return fmt.Errorf("failed to remove current ip address from bridge: %v", err)
+				}
+			}
+			logrus.Debugf("Assigning address to bridge interface %s: %s", config.BridgeName, config.AddressIPv4)
+			if err := i.nlh.AddrAdd(i.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {
+				return &IPv4AddrAddError{IP: config.AddressIPv4, Err: err}
+			}
+		}
+	}
+
+	// Store bridge network and default gateway
+	i.bridgeIPv4 = config.AddressIPv4
+	i.gatewayIPv4 = config.AddressIPv4.IP
+
+	return nil
+}
+
+func setupGatewayIPv4(config *networkConfiguration, i *bridgeInterface) error {
+	if !i.bridgeIPv4.Contains(config.DefaultGatewayIPv4) {
+		return &ErrInvalidGateway{}
+	}
+
+	// Store requested default gateway
+	i.gatewayIPv4 = config.DefaultGatewayIPv4
+
+	return nil
+}
+
+func setupLoopbackAddressesRouting(config *networkConfiguration, i *bridgeInterface) error {
+	sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")
+	ipv4LoRoutingData, err := os.ReadFile(sysPath)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv4 local routing setup: %v", err)
+	}
+	// Enable loopback addresses routing only if it isn't already enabled
+	if ipv4LoRoutingData[0] != '1' {
+		if err := os.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
+			return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
+		}
+	}
+	return nil
+}
diff --git a/libnetwork/drivers/bridge/setup_ipv4_test.go b/libnetwork/drivers/bridge/setup_ipv4_test.go
new file mode 100644
index 0000000000000..1d513ab91083a
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_ipv4_test.go
@@ -0,0 +1,89 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"net"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/vishvananda/netlink"
+)
+
+func setupTestInterface(t *testing.T, nh *netlink.Handle) (*networkConfiguration, *bridgeInterface) {
+	config := &networkConfiguration{
+		BridgeName: DefaultBridgeName}
+	br := &bridgeInterface{nlh: nh}
+
+	if err := setupDevice(config, br); err != nil {
+		t.Fatalf("Bridge creation failed: %v", err)
+	}
+	return config, br
+}
+
+func TestSetupBridgeIPv4Fixed(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	ip, netw, err := net.ParseCIDR("192.168.1.1/24")
+	if err != nil {
+		t.Fatalf("Failed to parse bridge IPv4: %v", err)
+	}
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nh.Delete()
+
+	config, br := setupTestInterface(t, nh)
+	config.AddressIPv4 = &net.IPNet{IP: ip, Mask: netw.Mask}
+	if err := setupBridgeIPv4(config, br); err != nil {
+		t.Fatalf("Failed to setup bridge IPv4: %v", err)
+	}
+
+	addrsv4, err := nh.AddrList(br.Link, netlink.FAMILY_V4)
+	if err != nil {
+		t.Fatalf("Failed to list device IPv4 addresses: %v", err)
+	}
+
+	var found bool
+	for _, addr := range addrsv4 {
+		if config.AddressIPv4.String() == addr.IPNet.String() {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		t.Fatalf("Bridge device does not have requested IPv4 address %v", config.AddressIPv4)
+	}
+}
+
+func TestSetupGatewayIPv4(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nh.Delete()
+
+	ip, nw, _ := net.ParseCIDR("192.168.0.24/16")
+	nw.IP = ip
+	gw := net.ParseIP("192.168.2.254")
+
+	config := &networkConfiguration{
+		BridgeName:         DefaultBridgeName,
+		DefaultGatewayIPv4: gw}
+
+	br := &bridgeInterface{bridgeIPv4: nw, nlh: nh}
+
+	if err := setupGatewayIPv4(config, br); err != nil {
+		t.Fatalf("Set Default Gateway failed: %v", err)
+	}
+
+	if !gw.Equal(br.gatewayIPv4) {
+		t.Fatalf("Set Default Gateway failed. Expected %v, Found %v", gw, br.gatewayIPv4)
+	}
+}
diff --git a/libnetwork/drivers/bridge/setup_ipv6.go b/libnetwork/drivers/bridge/setup_ipv6.go
new file mode 100644
index 0000000000000..0f1380ce55ac4
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_ipv6.go
@@ -0,0 +1,111 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"fmt"
+	"net"
+	"os"
+
+	"github.com/sirupsen/logrus"
+	"github.com/vishvananda/netlink"
+)
+
+// bridgeIPv6 is the default, link-local IPv6 address for the bridge (fe80::1/64)
+var bridgeIPv6 = &net.IPNet{IP: net.ParseIP("fe80::1"), Mask: net.CIDRMask(64, 128)}
+
+const (
+	ipv6ForwardConfPerm    = 0644
+	ipv6ForwardConfDefault = "/proc/sys/net/ipv6/conf/default/forwarding"
+	ipv6ForwardConfAll     = "/proc/sys/net/ipv6/conf/all/forwarding"
+)
+
+func setupBridgeIPv6(config *networkConfiguration, i *bridgeInterface) error {
+	procFile := "/proc/sys/net/ipv6/conf/" + config.BridgeName + "/disable_ipv6"
+	ipv6BridgeData, err := os.ReadFile(procFile)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 setup for bridge %v: %v", config.BridgeName, err)
+	}
+	// Enable IPv6 on the bridge only if it isn't already enabled
+	if ipv6BridgeData[0] != '0' {
+		if err := os.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil {
+			return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err)
+		}
+	}
+
+	// Store bridge network and default gateway
+	i.bridgeIPv6 = bridgeIPv6
+	i.gatewayIPv6 = i.bridgeIPv6.IP
+
+	if err := i.programIPv6Address(); err != nil {
+		return err
+	}
+
+	if config.AddressIPv6 == nil {
+		return nil
+	}
+
+	// Store the user specified bridge network and network gateway and program it
+	i.bridgeIPv6 = config.AddressIPv6
+	i.gatewayIPv6 = config.AddressIPv6.IP
+
+	if err := i.programIPv6Address(); err != nil {
+		return err
+	}
+
+	// Setting route to global IPv6 subnet
+	logrus.Debugf("Adding route to IPv6 network %s via device %s", config.AddressIPv6.String(), config.BridgeName)
+	err = i.nlh.RouteAdd(&netlink.Route{
+		Scope:     netlink.SCOPE_UNIVERSE,
+		LinkIndex: i.Link.Attrs().Index,
+		Dst:       config.AddressIPv6,
+	})
+	if err != nil && !os.IsExist(err) {
+		logrus.Errorf("Could not add route to IPv6 network %s via device %s: %s", config.AddressIPv6.String(), config.BridgeName, err)
+	}
+
+	return nil
+}
+
+func setupGatewayIPv6(config *networkConfiguration, i *bridgeInterface) error {
+	if config.AddressIPv6 == nil {
+		return &ErrInvalidContainerSubnet{}
+	}
+	if !config.AddressIPv6.Contains(config.DefaultGatewayIPv6) {
+		return &ErrInvalidGateway{}
+	}
+
+	// Store requested default gateway
+	i.gatewayIPv6 = config.DefaultGatewayIPv6
+
+	return nil
+}
+
+func setupIPv6Forwarding(config *networkConfiguration, i *bridgeInterface) error {
+	// Get current IPv6 default forwarding setup
+	ipv6ForwardDataDefault, err := os.ReadFile(ipv6ForwardConfDefault)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 default forwarding setup: %v", err)
+	}
+	// Enable IPv6 default forwarding only if it is not already enabled
+	if ipv6ForwardDataDefault[0] != '1' {
+		if err := os.WriteFile(ipv6ForwardConfDefault, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
+			logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err)
+		}
+	}
+
+	// Get current IPv6 all forwarding setup
+	ipv6ForwardDataAll, err := os.ReadFile(ipv6ForwardConfAll)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 all forwarding setup: %v", err)
+	}
+	// Enable IPv6 all forwarding only if it is not already enabled
+	if ipv6ForwardDataAll[0] != '1' {
+		if err := os.WriteFile(ipv6ForwardConfAll, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
+			logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err)
+		}
+	}
+
+	return nil
+}
diff --git a/libnetwork/drivers/bridge/setup_ipv6_test.go b/libnetwork/drivers/bridge/setup_ipv6_test.go
new file mode 100644
index 0000000000000..bc34be87fe05a
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_ipv6_test.go
@@ -0,0 +1,85 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"bytes"
+	"fmt"
+	"net"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/vishvananda/netlink"
+)
+
+func TestSetupIPv6(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nh.Delete()
+
+	config, br := setupTestInterface(t, nh)
+	if err := setupBridgeIPv6(config, br); err != nil {
+		t.Fatalf("Failed to setup bridge IPv6: %v", err)
+	}
+
+	procSetting, err := os.ReadFile(fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/disable_ipv6", config.BridgeName))
+	if err != nil {
+		t.Fatalf("Failed to read disable_ipv6 kernel setting: %v", err)
+	}
+
+	if expected := []byte("0\n"); !bytes.Equal(expected, procSetting) {
+		t.Fatalf("Invalid kernel setting disable_ipv6: expected %q, got %q", string(expected), string(procSetting))
+	}
+
+	addrsv6, err := nh.AddrList(br.Link, netlink.FAMILY_V6)
+	if err != nil {
+		t.Fatalf("Failed to list device IPv6 addresses: %v", err)
+	}
+
+	var found bool
+	for _, addr := range addrsv6 {
+		if bridgeIPv6.String() == addr.IPNet.String() {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		t.Fatalf("Bridge device does not have requested IPv6 address %v", bridgeIPv6)
+	}
+
+}
+
+func TestSetupGatewayIPv6(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	_, nw, _ := net.ParseCIDR("2001:db8:ea9:9abc:ffff::/80")
+	gw := net.ParseIP("2001:db8:ea9:9abc:ffff::254")
+
+	config := &networkConfiguration{
+		BridgeName:         DefaultBridgeName,
+		AddressIPv6:        nw,
+		DefaultGatewayIPv6: gw}
+
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nh.Delete()
+
+	br := &bridgeInterface{nlh: nh}
+
+	if err := setupGatewayIPv6(config, br); err != nil {
+		t.Fatalf("Set Default Gateway failed: %v", err)
+	}
+
+	if !gw.Equal(br.gatewayIPv6) {
+		t.Fatalf("Set Default Gateway failed. Expected %v, Found %v", gw, br.gatewayIPv6)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_verify.go b/libnetwork/drivers/bridge/setup_verify.go
similarity index 93%
rename from vendor/github.com/docker/libnetwork/drivers/bridge/setup_verify.go
rename to libnetwork/drivers/bridge/setup_verify.go
index de77c38a667d8..e7fd1bf23cce0 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_verify.go
+++ b/libnetwork/drivers/bridge/setup_verify.go
@@ -1,11 +1,14 @@
+//go:build linux
+// +build linux
+
 package bridge
 
 import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 )
@@ -37,6 +40,7 @@ func setupVerifyAndReconcile(config *networkConfiguration, i *bridgeInterface) e
 
 	// Release any residual IPv6 address that might be there because of older daemon instances
 	for _, addrv6 := range addrsv6 {
+		addrv6 := addrv6
 		if addrv6.IP.IsGlobalUnicast() && !types.CompareIPNet(addrv6.IPNet, i.bridgeIPv6) {
 			if err := i.nlh.AddrDel(i.Link, &addrv6); err != nil {
 				logrus.Warnf("Failed to remove residual IPv6 address %s from bridge: %v", addrv6.IPNet, err)
diff --git a/libnetwork/drivers/bridge/setup_verify_test.go b/libnetwork/drivers/bridge/setup_verify_test.go
new file mode 100644
index 0000000000000..b949918b64f0d
--- /dev/null
+++ b/libnetwork/drivers/bridge/setup_verify_test.go
@@ -0,0 +1,117 @@
+//go:build linux
+// +build linux
+
+package bridge
+
+import (
+	"net"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/vishvananda/netlink"
+)
+
+func setupVerifyTest(t *testing.T) *bridgeInterface {
+	nh, err := netlink.NewHandle()
+	if err != nil {
+		t.Fatal(err)
+	}
+	inf := &bridgeInterface{nlh: nh}
+
+	br := netlink.Bridge{}
+	br.LinkAttrs.Name = "default0"
+	if err := nh.LinkAdd(&br); err == nil {
+		inf.Link = &br
+	} else {
+		t.Fatalf("Failed to create bridge interface: %v", err)
+	}
+
+	return inf
+}
+
+func TestSetupVerify(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	addrv4 := net.IPv4(192, 168, 1, 1)
+	inf := setupVerifyTest(t)
+	config := &networkConfiguration{}
+	config.AddressIPv4 = &net.IPNet{IP: addrv4, Mask: addrv4.DefaultMask()}
+
+	if err := netlink.AddrAdd(inf.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {
+		t.Fatalf("Failed to assign IPv4 %s to interface: %v", config.AddressIPv4, err)
+	}
+
+	if err := setupVerifyAndReconcile(config, inf); err != nil {
+		t.Fatalf("Address verification failed: %v", err)
+	}
+}
+
+func TestSetupVerifyBad(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	addrv4 := net.IPv4(192, 168, 1, 1)
+	inf := setupVerifyTest(t)
+	config := &networkConfiguration{}
+	config.AddressIPv4 = &net.IPNet{IP: addrv4, Mask: addrv4.DefaultMask()}
+
+	ipnet := &net.IPNet{IP: net.IPv4(192, 168, 1, 2), Mask: addrv4.DefaultMask()}
+	if err := netlink.AddrAdd(inf.Link, &netlink.Addr{IPNet: ipnet}); err != nil {
+		t.Fatalf("Failed to assign IPv4 %s to interface: %v", ipnet, err)
+	}
+
+	if err := setupVerifyAndReconcile(config, inf); err == nil {
+		t.Fatal("Address verification was expected to fail")
+	}
+}
+
+func TestSetupVerifyMissing(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	addrv4 := net.IPv4(192, 168, 1, 1)
+	inf := setupVerifyTest(t)
+	config := &networkConfiguration{}
+	config.AddressIPv4 = &net.IPNet{IP: addrv4, Mask: addrv4.DefaultMask()}
+
+	if err := setupVerifyAndReconcile(config, inf); err == nil {
+		t.Fatal("Address verification was expected to fail")
+	}
+}
+
+func TestSetupVerifyIPv6(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	addrv4 := net.IPv4(192, 168, 1, 1)
+	inf := setupVerifyTest(t)
+	config := &networkConfiguration{}
+	config.AddressIPv4 = &net.IPNet{IP: addrv4, Mask: addrv4.DefaultMask()}
+	config.EnableIPv6 = true
+
+	if err := netlink.AddrAdd(inf.Link, &netlink.Addr{IPNet: bridgeIPv6}); err != nil {
+		t.Fatalf("Failed to assign IPv6 %s to interface: %v", bridgeIPv6, err)
+	}
+	if err := netlink.AddrAdd(inf.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {
+		t.Fatalf("Failed to assign IPv4 %s to interface: %v", config.AddressIPv4, err)
+	}
+
+	if err := setupVerifyAndReconcile(config, inf); err != nil {
+		t.Fatalf("Address verification failed: %v", err)
+	}
+}
+
+func TestSetupVerifyIPv6Missing(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	addrv4 := net.IPv4(192, 168, 1, 1)
+	inf := setupVerifyTest(t)
+	config := &networkConfiguration{}
+	config.AddressIPv4 = &net.IPNet{IP: addrv4, Mask: addrv4.DefaultMask()}
+	config.EnableIPv6 = true
+
+	if err := netlink.AddrAdd(inf.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {
+		t.Fatalf("Failed to assign IPv4 %s to interface: %v", config.AddressIPv4, err)
+	}
+
+	if err := setupVerifyAndReconcile(config, inf); err == nil {
+		t.Fatal("Address verification was expected to fail")
+	}
+}
diff --git a/libnetwork/drivers/host/host.go b/libnetwork/drivers/host/host.go
new file mode 100644
index 0000000000000..b99049ff374d5
--- /dev/null
+++ b/libnetwork/drivers/host/host.go
@@ -0,0 +1,106 @@
+package host
+
+import (
+	"sync"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
+)
+
+const networkType = "host"
+
+type driver struct {
+	network string
+	sync.Mutex
+}
+
+// Init registers a new instance of host driver
+func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
+	c := driverapi.Capability{
+		DataScope:         datastore.LocalScope,
+		ConnectivityScope: datastore.LocalScope,
+	}
+	return dc.RegisterDriver(networkType, &driver{}, c)
+}
+
+func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
+	return nil, types.NotImplementedErrorf("not implemented")
+}
+
+func (d *driver) NetworkFree(id string) error {
+	return types.NotImplementedErrorf("not implemented")
+}
+
+func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
+}
+
+func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
+	return "", nil
+}
+
+func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
+	d.Lock()
+	defer d.Unlock()
+
+	if d.network != "" {
+		return types.ForbiddenErrorf("only one instance of \"%s\" network is allowed", networkType)
+	}
+
+	d.network = id
+
+	return nil
+}
+
+func (d *driver) DeleteNetwork(nid string) error {
+	return types.ForbiddenErrorf("network of type \"%s\" cannot be deleted", networkType)
+}
+
+func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
+	return nil
+}
+
+func (d *driver) DeleteEndpoint(nid, eid string) error {
+	return nil
+}
+
+func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
+	return make(map[string]interface{}), nil
+}
+
+// Join method is invoked when a Sandbox is attached to an endpoint.
+func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
+	return nil
+}
+
+// Leave method is invoked when a Sandbox detaches from an endpoint.
+func (d *driver) Leave(nid, eid string) error {
+	return nil
+}
+
+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
+	return nil
+}
+
+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
+	return nil
+}
+
+func (d *driver) Type() string {
+	return networkType
+}
+
+func (d *driver) IsBuiltIn() bool {
+	return true
+}
+
+// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
+func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
+func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
diff --git a/libnetwork/drivers/host/host_test.go b/libnetwork/drivers/host/host_test.go
new file mode 100644
index 0000000000000..caa77df7c5e2c
--- /dev/null
+++ b/libnetwork/drivers/host/host_test.go
@@ -0,0 +1,49 @@
+package host
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+func TestDriver(t *testing.T) {
+	d := &driver{}
+
+	if d.Type() != networkType {
+		t.Fatal("Unexpected network type returned by driver")
+	}
+
+	err := d.CreateNetwork("first", nil, nil, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if d.network != "first" {
+		t.Fatal("Unexpected network id stored")
+	}
+
+	err = d.CreateNetwork("second", nil, nil, nil, nil)
+	if err == nil {
+		t.Fatal("Second network creation should fail on this driver")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatal("Second network creation failed with unexpected error type")
+	}
+
+	err = d.DeleteNetwork("first")
+	if err == nil {
+		t.Fatal("network deletion should fail on this driver")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatal("network deletion failed with unexpected error type")
+	}
+
+	// we don't really check if it is there or not, delete is not allowed for this driver, period.
+	err = d.DeleteNetwork("unknown")
+	if err == nil {
+		t.Fatal("any network deletion should fail on this driver")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatal("any network deletion failed with unexpected error type")
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan.go b/libnetwork/drivers/ipvlan/ipvlan.go
similarity index 88%
rename from vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan.go
rename to libnetwork/drivers/ipvlan/ipvlan.go
index c64ad555a31cf..4e2abcf0ddd56 100644
--- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan.go
+++ b/libnetwork/drivers/ipvlan/ipvlan.go
@@ -1,14 +1,16 @@
+//go:build linux
+// +build linux
+
 package ipvlan
 
 import (
 	"net"
 	"sync"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 const (
@@ -48,7 +50,6 @@ type endpoint struct {
 
 type network struct {
 	id        string
-	sbox      osl.Sandbox
 	endpoints endpointTable
 	driver    *driver
 	config    *configuration
@@ -64,7 +65,9 @@ func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
 	d := &driver{
 		networks: networkTable{},
 	}
-	d.initStore(config)
+	if err := d.initStore(config); err != nil {
+		return err
+	}
 
 	return dc.RegisterDriver(ipvlanType, d, c)
 }
@@ -78,7 +81,7 @@ func (d *driver) NetworkFree(id string) error {
 }
 
 func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
-	return make(map[string]interface{}, 0), nil
+	return make(map[string]interface{}), nil
 }
 
 func (d *driver) Type() string {
diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_endpoint.go b/libnetwork/drivers/ipvlan/ipvlan_endpoint.go
similarity index 89%
rename from vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_endpoint.go
rename to libnetwork/drivers/ipvlan/ipvlan_endpoint.go
index 336b681baba3b..7d4c42a44279b 100644
--- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_endpoint.go
+++ b/libnetwork/drivers/ipvlan/ipvlan_endpoint.go
@@ -1,13 +1,16 @@
+//go:build linux
+// +build linux
+
 package ipvlan
 
 import (
 	"fmt"
 
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
diff --git a/libnetwork/drivers/ipvlan/ipvlan_joinleave.go b/libnetwork/drivers/ipvlan/ipvlan_joinleave.go
new file mode 100644
index 0000000000000..99e7b1fa93ec8
--- /dev/null
+++ b/libnetwork/drivers/ipvlan/ipvlan_joinleave.go
@@ -0,0 +1,213 @@
+//go:build linux
+// +build linux
+
+package ipvlan
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/sirupsen/logrus"
+)
+
+type staticRoute struct {
+	Destination *net.IPNet
+	RouteType   int
+	NextHop     net.IP
+}
+
+const (
+	defaultV4RouteCidr = "0.0.0.0/0"
+	defaultV6RouteCidr = "::/0"
+)
+
+// Join method is invoked when a Sandbox is attached to an endpoint.
+func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
+	defer osl.InitOSContext()()
+	n, err := d.getNetwork(nid)
+	if err != nil {
+		return err
+	}
+	endpoint := n.endpoint(eid)
+	if endpoint == nil {
+		return fmt.Errorf("could not find endpoint with id %s", eid)
+	}
+	// generate a name for the iface that will be renamed to eth0 in the sbox
+	containerIfName, err := netutils.GenerateIfaceName(ns.NlHandle(), vethPrefix, vethLen)
+	if err != nil {
+		return fmt.Errorf("error generating an interface name: %v", err)
+	}
+	// create the netlink ipvlan interface
+	vethName, err := createIPVlan(containerIfName, n.config.Parent, n.config.IpvlanMode)
+	if err != nil {
+		return err
+	}
+	// bind the generated iface name to the endpoint
+	endpoint.srcName = vethName
+	ep := n.endpoint(eid)
+	if ep == nil {
+		return fmt.Errorf("could not find endpoint with id %s", eid)
+	}
+	if !n.config.Internal {
+		if n.config.IpvlanMode == modeL3 {
+			// disable gateway services to add a default gw using dev eth0 only
+			jinfo.DisableGatewayService()
+			defaultRoute, err := ifaceGateway(defaultV4RouteCidr)
+			if err != nil {
+				return err
+			}
+			if err := jinfo.AddStaticRoute(defaultRoute.Destination, defaultRoute.RouteType, defaultRoute.NextHop); err != nil {
+				return fmt.Errorf("failed to set an ipvlan l3 mode ipv4 default gateway: %v", err)
+			}
+			logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, Ipvlan_Mode: %s, Parent: %s",
+				ep.addr.IP.String(), n.config.IpvlanMode, n.config.Parent)
+			// If the endpoint has a v6 address, set a v6 default route
+			if ep.addrv6 != nil {
+				default6Route, err := ifaceGateway(defaultV6RouteCidr)
+				if err != nil {
+					return err
+				}
+				if err = jinfo.AddStaticRoute(default6Route.Destination, default6Route.RouteType, default6Route.NextHop); err != nil {
+					return fmt.Errorf("failed to set an ipvlan l3 mode ipv6 default gateway: %v", err)
+				}
+				logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s, Ipvlan_Mode: %s, Parent: %s",
+					ep.addrv6.IP.String(), n.config.IpvlanMode, n.config.Parent)
+			}
+		}
+		if n.config.IpvlanMode == modeL2 {
+			// parse and correlate the endpoint v4 address with the available v4 subnets
+			if len(n.config.Ipv4Subnets) > 0 {
+				s := n.getSubnetforIPv4(ep.addr)
+				if s == nil {
+					return fmt.Errorf("could not find a valid ipv4 subnet for endpoint %s", eid)
+				}
+				v4gw, _, err := net.ParseCIDR(s.GwIP)
+				if err != nil {
+					return fmt.Errorf("gateway %s is not a valid ipv4 address: %v", s.GwIP, err)
+				}
+				err = jinfo.SetGateway(v4gw)
+				if err != nil {
+					return err
+				}
+				logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, Gateway: %s, Ipvlan_Mode: %s, Parent: %s",
+					ep.addr.IP.String(), v4gw.String(), n.config.IpvlanMode, n.config.Parent)
+			}
+			// parse and correlate the endpoint v6 address with the available v6 subnets
+			if len(n.config.Ipv6Subnets) > 0 {
+				s := n.getSubnetforIPv6(ep.addrv6)
+				if s == nil {
+					return fmt.Errorf("could not find a valid ipv6 subnet for endpoint %s", eid)
+				}
+				v6gw, _, err := net.ParseCIDR(s.GwIP)
+				if err != nil {
+					return fmt.Errorf("gateway %s is not a valid ipv6 address: %v", s.GwIP, err)
+				}
+				err = jinfo.SetGatewayIPv6(v6gw)
+				if err != nil {
+					return err
+				}
+				logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s, Gateway: %s, Ipvlan_Mode: %s, Parent: %s",
+					ep.addrv6.IP.String(), v6gw.String(), n.config.IpvlanMode, n.config.Parent)
+			}
+		}
+	} else {
+		if len(n.config.Ipv4Subnets) > 0 {
+			logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, IpVlan_Mode: %s, Parent: %s",
+				ep.addr.IP.String(), n.config.IpvlanMode, n.config.Parent)
+		}
+		if len(n.config.Ipv6Subnets) > 0 {
+			logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s IpVlan_Mode: %s, Parent: %s",
+				ep.addrv6.IP.String(), n.config.IpvlanMode, n.config.Parent)
+		}
+	}
+	iNames := jinfo.InterfaceName()
+	err = iNames.SetNames(vethName, containerVethPrefix)
+	if err != nil {
+		return err
+	}
+	if err = d.storeUpdate(ep); err != nil {
+		return fmt.Errorf("failed to save ipvlan endpoint %.7s to store: %v", ep.id, err)
+	}
+
+	return nil
+}
+
+// Leave method is invoked when a Sandbox detaches from an endpoint.
+func (d *driver) Leave(nid, eid string) error {
+	defer osl.InitOSContext()()
+	network, err := d.getNetwork(nid)
+	if err != nil {
+		return err
+	}
+	endpoint, err := network.getEndpoint(eid)
+	if err != nil {
+		return err
+	}
+	if endpoint == nil {
+		return fmt.Errorf("could not find endpoint with id %s", eid)
+	}
+
+	return nil
+}
+
+// ifaceGateway returns a static route for either v4/v6 to be set to the container eth0
+func ifaceGateway(dfNet string) (*staticRoute, error) {
+	nh, dst, err := net.ParseCIDR(dfNet)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse default route %v", err)
+	}
+	defaultRoute := &staticRoute{
+		Destination: dst,
+		RouteType:   types.CONNECTED,
+		NextHop:     nh,
+	}
+
+	return defaultRoute, nil
+}
+
+// getSubnetforIPv4 returns the ipv4 subnet to which the given IP belongs
+func (n *network) getSubnetforIPv4(ip *net.IPNet) *ipv4Subnet {
+	for _, s := range n.config.Ipv4Subnets {
+		_, snet, err := net.ParseCIDR(s.SubnetIP)
+		if err != nil {
+			return nil
+		}
+		// first check if the mask lengths are the same
+		i, _ := snet.Mask.Size()
+		j, _ := ip.Mask.Size()
+		if i != j {
+			continue
+		}
+		if snet.Contains(ip.IP) {
+			return s
+		}
+	}
+
+	return nil
+}
+
+// getSubnetforIPv6 returns the ipv6 subnet to which the given IP belongs
+func (n *network) getSubnetforIPv6(ip *net.IPNet) *ipv6Subnet {
+	for _, s := range n.config.Ipv6Subnets {
+		_, snet, err := net.ParseCIDR(s.SubnetIP)
+		if err != nil {
+			return nil
+		}
+		// first check if the mask lengths are the same
+		i, _ := snet.Mask.Size()
+		j, _ := ip.Mask.Size()
+		if i != j {
+			continue
+		}
+		if snet.Contains(ip.IP) {
+			return s
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_network.go b/libnetwork/drivers/ipvlan/ipvlan_network.go
similarity index 81%
rename from vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_network.go
rename to libnetwork/drivers/ipvlan/ipvlan_network.go
index 8825e1e117248..cde03a721b7a3 100644
--- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_network.go
+++ b/libnetwork/drivers/ipvlan/ipvlan_network.go
@@ -1,16 +1,19 @@
+//go:build linux
+// +build linux
+
 package ipvlan
 
 import (
 	"fmt"
 
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/options"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -57,13 +60,15 @@ func (d *driver) CreateNetwork(nid string, option map[string]interface{}, nInfo
 	// if parent interface not specified, create a dummy type link to use named dummy+net_id
 	if config.Parent == "" {
 		config.Parent = getDummyName(stringid.TruncateID(config.ID))
-		// empty parent and --internal are handled the same. Set here to update k/v
-		config.Internal = true
 	}
-	err = d.createNetwork(config)
+	foundExisting, err := d.createNetwork(config)
 	if err != nil {
 		return err
 	}
+
+	if foundExisting {
+		return types.InternalMaskableErrorf("restoring existing network %s", config.ID)
+	}
 	// update persistent db, rollback on fail
 	err = d.storeUpdate(config)
 	if err != nil {
@@ -76,48 +81,55 @@ func (d *driver) CreateNetwork(nid string, option map[string]interface{}, nInfo
 }
 
 // createNetwork is used by new network callbacks and persistent network cache
-func (d *driver) createNetwork(config *configuration) error {
+func (d *driver) createNetwork(config *configuration) (bool, error) {
+	foundExisting := false
 	networkList := d.getNetworks()
 	for _, nw := range networkList {
 		if config.Parent == nw.config.Parent {
-			return fmt.Errorf("network %s is already using parent interface %s",
-				getDummyName(stringid.TruncateID(nw.config.ID)), config.Parent)
+			if config.ID != nw.config.ID {
+				return false, fmt.Errorf("network %s is already using parent interface %s",
+					getDummyName(stringid.TruncateID(nw.config.ID)), config.Parent)
+			}
+			logrus.Debugf("Create Network for the same ID %s\n", config.ID)
+			foundExisting = true
+			break
 		}
 	}
 	if !parentExists(config.Parent) {
-		// if the --internal flag is set, create a dummy link
-		if config.Internal {
-			err := createDummyLink(config.Parent, getDummyName(stringid.TruncateID(config.ID)))
+		// Create a dummy link if a dummy name is set for parent
+		if dummyName := getDummyName(stringid.TruncateID(config.ID)); dummyName == config.Parent {
+			err := createDummyLink(config.Parent, dummyName)
 			if err != nil {
-				return err
+				return false, err
 			}
 			config.CreatedSlaveLink = true
+
 			// notify the user in logs they have limited communications
-			if config.Parent == getDummyName(stringid.TruncateID(config.ID)) {
-				logrus.Debugf("Empty -o parent= and --internal flags limit communications to other containers inside of network: %s",
-					config.Parent)
-			}
+			logrus.Debugf("Empty -o parent= flags limit communications to other containers inside of network: %s",
+				config.Parent)
 		} else {
 			// if the subinterface parent_iface.vlan_id checks do not pass, return err.
 			//  a valid example is 'eth0.10' for a parent iface 'eth0' with a vlan id '10'
 			err := createVlanLink(config.Parent)
 			if err != nil {
-				return err
+				return false, err
 			}
 			// if driver created the networks slave link, record it for future deletion
 			config.CreatedSlaveLink = true
 		}
 	}
-	n := &network{
-		id:        config.ID,
-		driver:    d,
-		endpoints: endpointTable{},
-		config:    config,
+	if !foundExisting {
+		n := &network{
+			id:        config.ID,
+			driver:    d,
+			endpoints: endpointTable{},
+			config:    config,
+		}
+		// add the network
+		d.addNetwork(n)
 	}
-	// add the *network
-	d.addNetwork(n)
 
-	return nil
+	return foundExisting, nil
 }
 
 // DeleteNetwork the network for the specified driver type
@@ -181,11 +193,10 @@ func parseNetworkOptions(id string, option options.Generic) (*configuration, err
 			return nil, err
 		}
 	}
-	// setting the parent to "" will trigger an isolated network dummy parent link
-	if _, ok := option[netlabel.Internal]; ok {
-		config.Internal = true
-		// empty --parent= and --internal are handled the same.
-		config.Parent = ""
+	if val, ok := option[netlabel.Internal]; ok {
+		if internal, ok := val.(bool); ok && internal {
+			config.Internal = true
+		}
 	}
 	return config, nil
 }
diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_setup.go b/libnetwork/drivers/ipvlan/ipvlan_setup.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_setup.go
rename to libnetwork/drivers/ipvlan/ipvlan_setup.go
index da8d8faeb8534..d7e037aaf7f67 100644
--- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_setup.go
+++ b/libnetwork/drivers/ipvlan/ipvlan_setup.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package ipvlan
 
 import (
@@ -5,7 +8,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/ns"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 )
@@ -63,11 +66,7 @@ func setIPVlanMode(mode string) (netlink.IPVlanMode, error) {
 // parentExists check if the specified interface exists in the default namespace
 func parentExists(ifaceStr string) bool {
 	_, err := ns.NlHandle().LinkByName(ifaceStr)
-	if err != nil {
-		return false
-	}
-
-	return true
+	return err == nil
 }
 
 // createVlanLink parses sub-interfaces and vlan id for creation
diff --git a/libnetwork/drivers/ipvlan/ipvlan_setup_test.go b/libnetwork/drivers/ipvlan/ipvlan_setup_test.go
new file mode 100644
index 0000000000000..0bc2bbd785335
--- /dev/null
+++ b/libnetwork/drivers/ipvlan/ipvlan_setup_test.go
@@ -0,0 +1,90 @@
+//go:build linux
+// +build linux
+
+package ipvlan
+
+import (
+	"testing"
+
+	"github.com/vishvananda/netlink"
+)
+
+// TestValidateLink tests the parentExists function
+func TestValidateLink(t *testing.T) {
+	validIface := "lo"
+	invalidIface := "foo12345"
+
+	// test a valid parent interface validation
+	if ok := parentExists(validIface); !ok {
+		t.Fatalf("failed validating loopback %s", validIface)
+	}
+	// test an invalid parent interface validation
+	if ok := parentExists(invalidIface); ok {
+		t.Fatalf("failed to invalidate interface %s", invalidIface)
+	}
+}
+
+// TestValidateSubLink tests valid 802.1q naming convention
+func TestValidateSubLink(t *testing.T) {
+	validSubIface := "lo.10"
+	invalidSubIface1 := "lo"
+	invalidSubIface2 := "lo:10"
+	invalidSubIface3 := "foo123.456"
+
+	// test a valid parent_iface.vlan_id
+	_, _, err := parseVlan(validSubIface)
+	if err != nil {
+		t.Fatalf("failed subinterface validation: %v", err)
+	}
+	// test an invalid vid with a valid parent link
+	_, _, err = parseVlan(invalidSubIface1)
+	if err == nil {
+		t.Fatalf("failed subinterface validation test: %s", invalidSubIface1)
+	}
+	// test a valid vid with a valid parent link with an invalid delimiter
+	_, _, err = parseVlan(invalidSubIface2)
+	if err == nil {
+		t.Fatalf("failed subinterface validation test: %v", invalidSubIface2)
+	}
+	// test an invalid parent link with a valid vid
+	_, _, err = parseVlan(invalidSubIface3)
+	if err == nil {
+		t.Fatalf("failed subinterface validation test: %v", invalidSubIface3)
+	}
+}
+
+// TestSetIPVlanMode tests the ipvlan mode setter
+func TestSetIPVlanMode(t *testing.T) {
+	// test ipvlan l2 mode
+	mode, err := setIPVlanMode(modeL2)
+	if err != nil {
+		t.Fatalf("error parsing %v vlan mode: %v", mode, err)
+	}
+	if mode != netlink.IPVLAN_MODE_L2 {
+		t.Fatalf("expected %d got %d", netlink.IPVLAN_MODE_L2, mode)
+	}
+	// test ipvlan l3 mode
+	mode, err = setIPVlanMode(modeL3)
+	if err != nil {
+		t.Fatalf("error parsing %v vlan mode: %v", mode, err)
+	}
+	if mode != netlink.IPVLAN_MODE_L3 {
+		t.Fatalf("expected %d got %d", netlink.IPVLAN_MODE_L3, mode)
+	}
+	// test invalid mode
+	mode, err = setIPVlanMode("foo")
+	if err == nil {
+		t.Fatal("invalid ipvlan mode should have returned an error")
+	}
+	if mode != 0 {
+		t.Fatalf("expected 0 got %d", mode)
+	}
+	// test null mode
+	mode, err = setIPVlanMode("")
+	if err == nil {
+		t.Fatal("invalid ipvlan mode should have returned an error")
+	}
+	if mode != 0 {
+		t.Fatalf("expected 0 got %d", mode)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_state.go b/libnetwork/drivers/ipvlan/ipvlan_state.go
similarity index 87%
rename from vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_state.go
rename to libnetwork/drivers/ipvlan/ipvlan_state.go
index dc73b6893d36b..fc26f1613e6e3 100644
--- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_state.go
+++ b/libnetwork/drivers/ipvlan/ipvlan_state.go
@@ -1,10 +1,12 @@
+//go:build linux
+// +build linux
+
 package ipvlan
 
 import (
 	"fmt"
 
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -87,19 +89,6 @@ func validateID(nid, eid string) error {
 	return nil
 }
 
-func (n *network) sandbox() osl.Sandbox {
-	n.Lock()
-	defer n.Unlock()
-
-	return n.sbox
-}
-
-func (n *network) setSandbox(sbox osl.Sandbox) {
-	n.Lock()
-	n.sbox = sbox
-	n.Unlock()
-}
-
 func (d *driver) getNetwork(id string) (*network, error) {
 	d.Lock()
 	defer d.Unlock()
diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_store.go b/libnetwork/drivers/ipvlan/ipvlan_store.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_store.go
rename to libnetwork/drivers/ipvlan/ipvlan_store.go
index 72eb3fc4fffdf..9f0eab6fc9c9b 100644
--- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_store.go
+++ b/libnetwork/drivers/ipvlan/ipvlan_store.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package ipvlan
 
 import (
@@ -5,10 +8,10 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -55,7 +58,14 @@ func (d *driver) initStore(option map[string]interface{}) error {
 			return types.InternalErrorf("ipvlan driver failed to initialize data store: %v", err)
 		}
 
-		return d.populateNetworks()
+		err = d.populateNetworks()
+		if err != nil {
+			return err
+		}
+		err = d.populateEndpoints()
+		if err != nil {
+			return err
+		}
 	}
 
 	return nil
@@ -73,7 +83,7 @@ func (d *driver) populateNetworks() error {
 	}
 	for _, kvo := range kvol {
 		config := kvo.(*configuration)
-		if err = d.createNetwork(config); err != nil {
+		if _, err = d.createNetwork(config); err != nil {
 			logrus.Warnf("could not create ipvlan network for id %s from persistent state", config.ID)
 		}
 	}
diff --git a/libnetwork/drivers/ipvlan/ipvlan_test.go b/libnetwork/drivers/ipvlan/ipvlan_test.go
new file mode 100644
index 0000000000000..b0f4de9cd7504
--- /dev/null
+++ b/libnetwork/drivers/ipvlan/ipvlan_test.go
@@ -0,0 +1,67 @@
+//go:build linux
+// +build linux
+
+package ipvlan
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/pkg/plugingetter"
+)
+
+const testNetworkType = "ipvlan"
+
+type driverTester struct {
+	t *testing.T
+	d *driver
+}
+
+func (dt *driverTester) GetPluginGetter() plugingetter.PluginGetter {
+	return nil
+}
+
+func (dt *driverTester) RegisterDriver(name string, drv driverapi.Driver,
+	cap driverapi.Capability) error {
+	if name != testNetworkType {
+		dt.t.Fatalf("Expected driver register name to be %q. Instead got %q",
+			testNetworkType, name)
+	}
+
+	if _, ok := drv.(*driver); !ok {
+		dt.t.Fatalf("Expected driver type to be %T. Instead got %T",
+			&driver{}, drv)
+	}
+
+	dt.d = drv.(*driver)
+	return nil
+}
+
+func TestIpvlanInit(t *testing.T) {
+	if err := Init(&driverTester{t: t}, nil); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestIpvlanNilConfig(t *testing.T) {
+	dt := &driverTester{t: t}
+	if err := Init(dt, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := dt.d.initStore(nil); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestIpvlanType(t *testing.T) {
+	dt := &driverTester{t: t}
+	if err := Init(dt, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if dt.d.Type() != testNetworkType {
+		t.Fatalf("Expected Type() to return %q. Instead got %q", testNetworkType,
+			dt.d.Type())
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ivmanager/ivmanager.go b/libnetwork/drivers/ipvlan/ivmanager/ivmanager.go
similarity index 93%
rename from vendor/github.com/docker/libnetwork/drivers/ipvlan/ivmanager/ivmanager.go
rename to libnetwork/drivers/ipvlan/ivmanager/ivmanager.go
index 519f1e8795d45..2c8f71c639f9e 100644
--- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ivmanager/ivmanager.go
+++ b/libnetwork/drivers/ipvlan/ivmanager/ivmanager.go
@@ -1,10 +1,10 @@
 package ivmanager
 
 import (
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 const networkType = "ipvlan"
diff --git a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan.go b/libnetwork/drivers/macvlan/macvlan.go
similarity index 89%
rename from vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan.go
rename to libnetwork/drivers/macvlan/macvlan.go
index 872e6f3ec1637..030323c6a0b99 100644
--- a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan.go
+++ b/libnetwork/drivers/macvlan/macvlan.go
@@ -1,14 +1,16 @@
+//go:build linux
+// +build linux
+
 package macvlan
 
 import (
 	"net"
 	"sync"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 const (
@@ -50,7 +52,6 @@ type endpoint struct {
 
 type network struct {
 	id        string
-	sbox      osl.Sandbox
 	endpoints endpointTable
 	driver    *driver
 	config    *configuration
@@ -66,7 +67,9 @@ func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
 	d := &driver{
 		networks: networkTable{},
 	}
-	d.initStore(config)
+	if err := d.initStore(config); err != nil {
+		return err
+	}
 
 	return dc.RegisterDriver(macvlanType, d, c)
 }
@@ -80,7 +83,7 @@ func (d *driver) NetworkFree(id string) error {
 }
 
 func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
-	return make(map[string]interface{}, 0), nil
+	return make(map[string]interface{}), nil
 }
 
 func (d *driver) Type() string {
diff --git a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_endpoint.go b/libnetwork/drivers/macvlan/macvlan_endpoint.go
similarity index 88%
rename from vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_endpoint.go
rename to libnetwork/drivers/macvlan/macvlan_endpoint.go
index dc3ce365433dc..8d4390f779f17 100644
--- a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_endpoint.go
+++ b/libnetwork/drivers/macvlan/macvlan_endpoint.go
@@ -1,14 +1,17 @@
+//go:build linux
+// +build linux
+
 package macvlan
 
 import (
 	"fmt"
 
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
diff --git a/libnetwork/drivers/macvlan/macvlan_joinleave.go b/libnetwork/drivers/macvlan/macvlan_joinleave.go
new file mode 100644
index 0000000000000..69f083328b691
--- /dev/null
+++ b/libnetwork/drivers/macvlan/macvlan_joinleave.go
@@ -0,0 +1,158 @@
+//go:build linux
+// +build linux
+
+package macvlan
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/sirupsen/logrus"
+)
+
+// Join method is invoked when a Sandbox is attached to an endpoint.
+func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
+	defer osl.InitOSContext()()
+	n, err := d.getNetwork(nid)
+	if err != nil {
+		return err
+	}
+	endpoint := n.endpoint(eid)
+	if endpoint == nil {
+		return fmt.Errorf("could not find endpoint with id %s", eid)
+	}
+	// generate a name for the iface that will be renamed to eth0 in the sbox
+	containerIfName, err := netutils.GenerateIfaceName(ns.NlHandle(), vethPrefix, vethLen)
+	if err != nil {
+		return fmt.Errorf("error generating an interface name: %s", err)
+	}
+	// create the netlink macvlan interface
+	vethName, err := createMacVlan(containerIfName, n.config.Parent, n.config.MacvlanMode)
+	if err != nil {
+		return err
+	}
+	// bind the generated iface name to the endpoint
+	endpoint.srcName = vethName
+	ep := n.endpoint(eid)
+	if ep == nil {
+		return fmt.Errorf("could not find endpoint with id %s", eid)
+	}
+	// parse and match the endpoint address with the available v4 subnets
+	if !n.config.Internal {
+		if len(n.config.Ipv4Subnets) > 0 {
+			s := n.getSubnetforIPv4(ep.addr)
+			if s == nil {
+				return fmt.Errorf("could not find a valid ipv4 subnet for endpoint %s", eid)
+			}
+			v4gw, _, err := net.ParseCIDR(s.GwIP)
+			if err != nil {
+				return fmt.Errorf("gateway %s is not a valid ipv4 address: %v", s.GwIP, err)
+			}
+			err = jinfo.SetGateway(v4gw)
+			if err != nil {
+				return err
+			}
+			logrus.Debugf("Macvlan Endpoint Joined with IPv4_Addr: %s, Gateway: %s, MacVlan_Mode: %s, Parent: %s",
+				ep.addr.IP.String(), v4gw.String(), n.config.MacvlanMode, n.config.Parent)
+		}
+		// parse and match the endpoint address with the available v6 subnets
+		if len(n.config.Ipv6Subnets) > 0 {
+			s := n.getSubnetforIPv6(ep.addrv6)
+			if s == nil {
+				return fmt.Errorf("could not find a valid ipv6 subnet for endpoint %s", eid)
+			}
+			v6gw, _, err := net.ParseCIDR(s.GwIP)
+			if err != nil {
+				return fmt.Errorf("gateway %s is not a valid ipv6 address: %v", s.GwIP, err)
+			}
+			err = jinfo.SetGatewayIPv6(v6gw)
+			if err != nil {
+				return err
+			}
+			logrus.Debugf("Macvlan Endpoint Joined with IPv6_Addr: %s Gateway: %s MacVlan_Mode: %s, Parent: %s",
+				ep.addrv6.IP.String(), v6gw.String(), n.config.MacvlanMode, n.config.Parent)
+		}
+	} else {
+		if len(n.config.Ipv4Subnets) > 0 {
+			logrus.Debugf("Macvlan Endpoint Joined with IPv4_Addr: %s, MacVlan_Mode: %s, Parent: %s",
+				ep.addr.IP.String(), n.config.MacvlanMode, n.config.Parent)
+		}
+		if len(n.config.Ipv6Subnets) > 0 {
+			logrus.Debugf("Macvlan Endpoint Joined with IPv6_Addr: %s MacVlan_Mode: %s, Parent: %s",
+				ep.addrv6.IP.String(), n.config.MacvlanMode, n.config.Parent)
+		}
+	}
+	iNames := jinfo.InterfaceName()
+	err = iNames.SetNames(vethName, containerVethPrefix)
+	if err != nil {
+		return err
+	}
+	if err := d.storeUpdate(ep); err != nil {
+		return fmt.Errorf("failed to save macvlan endpoint %.7s to store: %v", ep.id, err)
+	}
+	return nil
+}
+
+// Leave method is invoked when a Sandbox detaches from an endpoint.
+func (d *driver) Leave(nid, eid string) error {
+	defer osl.InitOSContext()()
+	network, err := d.getNetwork(nid)
+	if err != nil {
+		return err
+	}
+	endpoint, err := network.getEndpoint(eid)
+	if err != nil {
+		return err
+	}
+	if endpoint == nil {
+		return fmt.Errorf("could not find endpoint with id %s", eid)
+	}
+
+	return nil
+}
+
+// getSubnetforIP returns the ipv4 subnet to which the given IP belongs
+func (n *network) getSubnetforIPv4(ip *net.IPNet) *ipv4Subnet {
+	for _, s := range n.config.Ipv4Subnets {
+		_, snet, err := net.ParseCIDR(s.SubnetIP)
+		if err != nil {
+			return nil
+		}
+		// first check if the mask lengths are the same
+		i, _ := snet.Mask.Size()
+		j, _ := ip.Mask.Size()
+		if i != j {
+			continue
+		}
+		if snet.Contains(ip.IP) {
+			return s
+		}
+	}
+
+	return nil
+}
+
+// getSubnetforIPv6 returns the ipv6 subnet to which the given IP belongs
+func (n *network) getSubnetforIPv6(ip *net.IPNet) *ipv6Subnet {
+	for _, s := range n.config.Ipv6Subnets {
+		_, snet, err := net.ParseCIDR(s.SubnetIP)
+		if err != nil {
+			return nil
+		}
+		// first check if the mask lengths are the same
+		i, _ := snet.Mask.Size()
+		j, _ := ip.Mask.Size()
+		if i != j {
+			continue
+		}
+		if snet.Contains(ip.IP) {
+			return s
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_network.go b/libnetwork/drivers/macvlan/macvlan_network.go
similarity index 76%
rename from vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_network.go
rename to libnetwork/drivers/macvlan/macvlan_network.go
index beeed41638dac..943e90df8550a 100644
--- a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_network.go
+++ b/libnetwork/drivers/macvlan/macvlan_network.go
@@ -1,31 +1,25 @@
+//go:build linux
+// +build linux
+
 package macvlan
 
 import (
 	"fmt"
 
-	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/options"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
 // CreateNetwork the network for the specified driver type
 func (d *driver) CreateNetwork(nid string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
 	defer osl.InitOSContext()()
-	kv, err := kernel.GetKernelVersion()
-	if err != nil {
-		return fmt.Errorf("failed to check kernel version for %s driver support: %v", macvlanType, err)
-	}
-	// ensure Kernel version is >= v3.9 for macvlan support
-	if kv.Kernel < macvlanKernelVer || (kv.Kernel == macvlanKernelVer && kv.Major < macvlanMajorVer) {
-		return fmt.Errorf("kernel version failed to meet the minimum macvlan kernel requirement of %d.%d, found %d.%d.%d",
-			macvlanKernelVer, macvlanMajorVer, kv.Kernel, kv.Major, kv.Minor)
-	}
+
 	// reject a null v4 network
 	if len(ipV4Data) == 0 || ipV4Data[0].Pool.String() == "0.0.0.0/0" {
 		return fmt.Errorf("ipv4 pool is empty")
@@ -61,13 +55,16 @@ func (d *driver) CreateNetwork(nid string, option map[string]interface{}, nInfo
 	// if parent interface not specified, create a dummy type link to use named dummy+net_id
 	if config.Parent == "" {
 		config.Parent = getDummyName(stringid.TruncateID(config.ID))
-		// empty parent and --internal are handled the same. Set here to update k/v
-		config.Internal = true
 	}
-	err = d.createNetwork(config)
+	foundExisting, err := d.createNetwork(config)
 	if err != nil {
 		return err
 	}
+
+	if foundExisting {
+		return types.InternalMaskableErrorf("restoring existing network %s", config.ID)
+	}
+
 	// update persistent db, rollback on fail
 	err = d.storeUpdate(config)
 	if err != nil {
@@ -80,48 +77,54 @@ func (d *driver) CreateNetwork(nid string, option map[string]interface{}, nInfo
 }
 
 // createNetwork is used by new network callbacks and persistent network cache
-func (d *driver) createNetwork(config *configuration) error {
+func (d *driver) createNetwork(config *configuration) (bool, error) {
+	foundExisting := false
 	networkList := d.getNetworks()
 	for _, nw := range networkList {
 		if config.Parent == nw.config.Parent {
-			return fmt.Errorf("network %s is already using parent interface %s",
-				getDummyName(stringid.TruncateID(nw.config.ID)), config.Parent)
+			if config.ID != nw.config.ID {
+				return false, fmt.Errorf("network %s is already using parent interface %s",
+					getDummyName(stringid.TruncateID(nw.config.ID)), config.Parent)
+			}
+			logrus.Debugf("Create Network for the same ID %s\n", config.ID)
+			foundExisting = true
+			break
 		}
 	}
 	if !parentExists(config.Parent) {
-		// if the --internal flag is set, create a dummy link
-		if config.Internal {
-			err := createDummyLink(config.Parent, getDummyName(stringid.TruncateID(config.ID)))
+		// Create a dummy link if a dummy name is set for parent
+		if dummyName := getDummyName(stringid.TruncateID(config.ID)); dummyName == config.Parent {
+			err := createDummyLink(config.Parent, dummyName)
 			if err != nil {
-				return err
+				return false, err
 			}
 			config.CreatedSlaveLink = true
-			// notify the user in logs they have limited communications
-			if config.Parent == getDummyName(stringid.TruncateID(config.ID)) {
-				logrus.Debugf("Empty -o parent= and --internal flags limit communications to other containers inside of network: %s",
-					config.Parent)
-			}
+			// notify the user in logs that they have limited communications
+			logrus.Debugf("Empty -o parent= limit communications to other containers inside of network: %s",
+				config.Parent)
 		} else {
 			// if the subinterface parent_iface.vlan_id checks do not pass, return err.
 			//  a valid example is 'eth0.10' for a parent iface 'eth0' with a vlan id '10'
 			err := createVlanLink(config.Parent)
 			if err != nil {
-				return err
+				return false, err
 			}
 			// if driver created the networks slave link, record it for future deletion
 			config.CreatedSlaveLink = true
 		}
 	}
-	n := &network{
-		id:        config.ID,
-		driver:    d,
-		endpoints: endpointTable{},
-		config:    config,
+	if !foundExisting {
+		n := &network{
+			id:        config.ID,
+			driver:    d,
+			endpoints: endpointTable{},
+			config:    config,
+		}
+		// add the network
+		d.addNetwork(n)
 	}
-	// add the *network
-	d.addNetwork(n)
 
-	return nil
+	return foundExisting, nil
 }
 
 // DeleteNetwork deletes the network for the specified driver type
@@ -185,11 +188,10 @@ func parseNetworkOptions(id string, option options.Generic) (*configuration, err
 			return nil, err
 		}
 	}
-	// setting the parent to "" will trigger an isolated network dummy parent link
-	if _, ok := option[netlabel.Internal]; ok {
-		config.Internal = true
-		// empty --parent= and --internal are handled the same.
-		config.Parent = ""
+	if val, ok := option[netlabel.Internal]; ok {
+		if internal, ok := val.(bool); ok && internal {
+			config.Internal = true
+		}
 	}
 
 	return config, nil
diff --git a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_setup.go b/libnetwork/drivers/macvlan/macvlan_setup.go
similarity index 94%
rename from vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_setup.go
rename to libnetwork/drivers/macvlan/macvlan_setup.go
index fc33ebd707e48..7415a07a2739d 100644
--- a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_setup.go
+++ b/libnetwork/drivers/macvlan/macvlan_setup.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package macvlan
 
 import (
@@ -5,15 +8,13 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/ns"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 )
 
 const (
-	dummyPrefix      = "dm-" // macvlan prefix for dummy parent interface
-	macvlanKernelVer = 3     // minimum macvlan kernel support
-	macvlanMajorVer  = 9     // minimum macvlan major kernel support
+	dummyPrefix = "dm-" // macvlan prefix for dummy parent interface
 )
 
 // Create the macvlan slave specifying the source name
@@ -67,11 +68,7 @@ func setMacVlanMode(mode string) (netlink.MacvlanMode, error) {
 // parentExists checks if the specified interface exists in the default namespace
 func parentExists(ifaceStr string) bool {
 	_, err := ns.NlHandle().LinkByName(ifaceStr)
-	if err != nil {
-		return false
-	}
-
-	return true
+	return err == nil
 }
 
 // createVlanLink parses sub-interfaces and vlan id for creation
@@ -154,7 +151,7 @@ func parseVlan(linkName string) (string, int, error) {
 	}
 	// Check if the interface exists
 	if !parentExists(parent) {
-		return "", 0, fmt.Errorf("-o parent interface does was not found on the host: %s", parent)
+		return "", 0, fmt.Errorf("-o parent interface was not found on the host: %s", parent)
 	}
 
 	return parent, vidInt, nil
diff --git a/libnetwork/drivers/macvlan/macvlan_setup_test.go b/libnetwork/drivers/macvlan/macvlan_setup_test.go
new file mode 100644
index 0000000000000..f2053c16796fb
--- /dev/null
+++ b/libnetwork/drivers/macvlan/macvlan_setup_test.go
@@ -0,0 +1,106 @@
+//go:build linux
+// +build linux
+
+package macvlan
+
+import (
+	"testing"
+
+	"github.com/vishvananda/netlink"
+)
+
+// TestValidateLink tests the parentExists function
+func TestValidateLink(t *testing.T) {
+	validIface := "lo"
+	invalidIface := "foo12345"
+
+	// test a valid parent interface validation
+	if ok := parentExists(validIface); !ok {
+		t.Fatalf("failed validating loopback %s", validIface)
+	}
+	// test an invalid parent interface validation
+	if ok := parentExists(invalidIface); ok {
+		t.Fatalf("failed to invalidate interface %s", invalidIface)
+	}
+}
+
+// TestValidateSubLink tests valid 802.1q naming convention
+func TestValidateSubLink(t *testing.T) {
+	validSubIface := "lo.10"
+	invalidSubIface1 := "lo"
+	invalidSubIface2 := "lo:10"
+	invalidSubIface3 := "foo123.456"
+
+	// test a valid parent_iface.vlan_id
+	_, _, err := parseVlan(validSubIface)
+	if err != nil {
+		t.Fatalf("failed subinterface validation: %v", err)
+	}
+	// test an invalid vid with a valid parent link
+	_, _, err = parseVlan(invalidSubIface1)
+	if err == nil {
+		t.Fatalf("failed subinterface validation test: %s", invalidSubIface1)
+	}
+	// test a valid vid with a valid parent link with an invalid delimiter
+	_, _, err = parseVlan(invalidSubIface2)
+	if err == nil {
+		t.Fatalf("failed subinterface validation test: %v", invalidSubIface2)
+	}
+	// test an invalid parent link with a valid vid
+	_, _, err = parseVlan(invalidSubIface3)
+	if err == nil {
+		t.Fatalf("failed subinterface validation test: %v", invalidSubIface3)
+	}
+}
+
+// TestSetMacVlanMode tests the macvlan mode setter
+func TestSetMacVlanMode(t *testing.T) {
+	// test macvlan bridge mode
+	mode, err := setMacVlanMode(modeBridge)
+	if err != nil {
+		t.Fatalf("error parsing %v vlan mode: %v", mode, err)
+	}
+	if mode != netlink.MACVLAN_MODE_BRIDGE {
+		t.Fatalf("expected %d got %d", netlink.MACVLAN_MODE_BRIDGE, mode)
+	}
+	// test macvlan passthrough mode
+	mode, err = setMacVlanMode(modePassthru)
+	if err != nil {
+		t.Fatalf("error parsing %v vlan mode: %v", mode, err)
+	}
+	if mode != netlink.MACVLAN_MODE_PASSTHRU {
+		t.Fatalf("expected %d got %d", netlink.MACVLAN_MODE_PASSTHRU, mode)
+	}
+	// test macvlan private mode
+	mode, err = setMacVlanMode(modePrivate)
+	if err != nil {
+		t.Fatalf("error parsing %v vlan mode: %v", mode, err)
+	}
+	if mode != netlink.MACVLAN_MODE_PRIVATE {
+		t.Fatalf("expected %d got %d", netlink.MACVLAN_MODE_PRIVATE, mode)
+	}
+	// test macvlan vepa mode
+	mode, err = setMacVlanMode(modeVepa)
+	if err != nil {
+		t.Fatalf("error parsing %v vlan mode: %v", mode, err)
+	}
+	if mode != netlink.MACVLAN_MODE_VEPA {
+		t.Fatalf("expected %d got %d", netlink.MACVLAN_MODE_VEPA, mode)
+	}
+	// test invalid mode
+	mode, err = setMacVlanMode("foo")
+	if err == nil {
+		t.Fatal("invalid macvlan mode should have returned an error")
+	}
+	if mode != 0 {
+		t.Fatalf("expected 0 got %d", mode)
+	}
+	// test null mode
+	mode, err = setMacVlanMode("")
+	if err == nil {
+		t.Fatal("invalid macvlan mode should have returned an error")
+	}
+	if mode != 0 {
+		t.Fatalf("expected 0 got %d", mode)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_state.go b/libnetwork/drivers/macvlan/macvlan_state.go
similarity index 87%
rename from vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_state.go
rename to libnetwork/drivers/macvlan/macvlan_state.go
index 8fd1a9e4dc299..bb3e326867b56 100644
--- a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_state.go
+++ b/libnetwork/drivers/macvlan/macvlan_state.go
@@ -1,10 +1,12 @@
+//go:build linux
+// +build linux
+
 package macvlan
 
 import (
 	"fmt"
 
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -86,19 +88,6 @@ func validateID(nid, eid string) error {
 	return nil
 }
 
-func (n *network) sandbox() osl.Sandbox {
-	n.Lock()
-	defer n.Unlock()
-
-	return n.sbox
-}
-
-func (n *network) setSandbox(sbox osl.Sandbox) {
-	n.Lock()
-	n.sbox = sbox
-	n.Unlock()
-}
-
 func (d *driver) getNetwork(id string) (*network, error) {
 	d.Lock()
 	defer d.Unlock()
diff --git a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_store.go b/libnetwork/drivers/macvlan/macvlan_store.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_store.go
rename to libnetwork/drivers/macvlan/macvlan_store.go
index 8683cacd02c82..5cc04eac8e04b 100644
--- a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_store.go
+++ b/libnetwork/drivers/macvlan/macvlan_store.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package macvlan
 
 import (
@@ -5,10 +8,10 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -55,7 +58,15 @@ func (d *driver) initStore(option map[string]interface{}) error {
 			return types.InternalErrorf("macvlan driver failed to initialize data store: %v", err)
 		}
 
-		return d.populateNetworks()
+		err = d.populateNetworks()
+		if err != nil {
+			return err
+		}
+		err = d.populateEndpoints()
+		if err != nil {
+			return err
+		}
+
 	}
 
 	return nil
@@ -73,7 +84,7 @@ func (d *driver) populateNetworks() error {
 	}
 	for _, kvo := range kvol {
 		config := kvo.(*configuration)
-		if err = d.createNetwork(config); err != nil {
+		if _, err = d.createNetwork(config); err != nil {
 			logrus.Warnf("Could not create macvlan network for id %s from persistent state", config.ID)
 		}
 	}
diff --git a/libnetwork/drivers/macvlan/macvlan_test.go b/libnetwork/drivers/macvlan/macvlan_test.go
new file mode 100644
index 0000000000000..0439ffdc0d230
--- /dev/null
+++ b/libnetwork/drivers/macvlan/macvlan_test.go
@@ -0,0 +1,67 @@
+//go:build linux
+// +build linux
+
+package macvlan
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/pkg/plugingetter"
+)
+
+const testNetworkType = "macvlan"
+
+type driverTester struct {
+	t *testing.T
+	d *driver
+}
+
+func (dt *driverTester) GetPluginGetter() plugingetter.PluginGetter {
+	return nil
+}
+
+func (dt *driverTester) RegisterDriver(name string, drv driverapi.Driver,
+	cap driverapi.Capability) error {
+	if name != testNetworkType {
+		dt.t.Fatalf("Expected driver register name to be %q. Instead got %q",
+			testNetworkType, name)
+	}
+
+	if _, ok := drv.(*driver); !ok {
+		dt.t.Fatalf("Expected driver type to be %T. Instead got %T",
+			&driver{}, drv)
+	}
+
+	dt.d = drv.(*driver)
+	return nil
+}
+
+func TestMacvlanInit(t *testing.T) {
+	if err := Init(&driverTester{t: t}, nil); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMacvlanNilConfig(t *testing.T) {
+	dt := &driverTester{t: t}
+	if err := Init(dt, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := dt.d.initStore(nil); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMacvlanType(t *testing.T) {
+	dt := &driverTester{t: t}
+	if err := Init(dt, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if dt.d.Type() != testNetworkType {
+		t.Fatalf("Expected Type() to return %q. Instead got %q", testNetworkType,
+			dt.d.Type())
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/macvlan/mvmanager/mvmanager.go b/libnetwork/drivers/macvlan/mvmanager/mvmanager.go
similarity index 93%
rename from vendor/github.com/docker/libnetwork/drivers/macvlan/mvmanager/mvmanager.go
rename to libnetwork/drivers/macvlan/mvmanager/mvmanager.go
index 0f811ac36f857..1e3d3473d43ef 100644
--- a/vendor/github.com/docker/libnetwork/drivers/macvlan/mvmanager/mvmanager.go
+++ b/libnetwork/drivers/macvlan/mvmanager/mvmanager.go
@@ -1,10 +1,10 @@
 package mvmanager
 
 import (
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 const networkType = "macvlan"
diff --git a/libnetwork/drivers/null/null.go b/libnetwork/drivers/null/null.go
new file mode 100644
index 0000000000000..c54db37513ec5
--- /dev/null
+++ b/libnetwork/drivers/null/null.go
@@ -0,0 +1,105 @@
+package null
+
+import (
+	"sync"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
+)
+
+const networkType = "null"
+
+type driver struct {
+	network string
+	sync.Mutex
+}
+
+// Init registers a new instance of null driver
+func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
+	c := driverapi.Capability{
+		DataScope: datastore.LocalScope,
+	}
+	return dc.RegisterDriver(networkType, &driver{}, c)
+}
+
+func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
+	return nil, types.NotImplementedErrorf("not implemented")
+}
+
+func (d *driver) NetworkFree(id string) error {
+	return types.NotImplementedErrorf("not implemented")
+}
+
+func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
+}
+
+func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
+	return "", nil
+}
+
+func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
+	d.Lock()
+	defer d.Unlock()
+
+	if d.network != "" {
+		return types.ForbiddenErrorf("only one instance of \"%s\" network is allowed", networkType)
+	}
+
+	d.network = id
+
+	return nil
+}
+
+func (d *driver) DeleteNetwork(nid string) error {
+	return types.ForbiddenErrorf("network of type \"%s\" cannot be deleted", networkType)
+}
+
+func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
+	return nil
+}
+
+func (d *driver) DeleteEndpoint(nid, eid string) error {
+	return nil
+}
+
+func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
+	return make(map[string]interface{}), nil
+}
+
+// Join method is invoked when a Sandbox is attached to an endpoint.
+func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
+	return nil
+}
+
+// Leave method is invoked when a Sandbox detaches from an endpoint.
+func (d *driver) Leave(nid, eid string) error {
+	return nil
+}
+
+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
+	return nil
+}
+
+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
+	return nil
+}
+
+func (d *driver) Type() string {
+	return networkType
+}
+
+func (d *driver) IsBuiltIn() bool {
+	return true
+}
+
+// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
+func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
+func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
diff --git a/libnetwork/drivers/null/null_test.go b/libnetwork/drivers/null/null_test.go
new file mode 100644
index 0000000000000..1c76d3760be77
--- /dev/null
+++ b/libnetwork/drivers/null/null_test.go
@@ -0,0 +1,49 @@
+package null
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+func TestDriver(t *testing.T) {
+	d := &driver{}
+
+	if d.Type() != networkType {
+		t.Fatalf("Unexpected network type returned by driver")
+	}
+
+	err := d.CreateNetwork("first", nil, nil, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if d.network != "first" {
+		t.Fatalf("Unexpected network id stored")
+	}
+
+	err = d.CreateNetwork("second", nil, nil, nil, nil)
+	if err == nil {
+		t.Fatalf("Second network creation should fail on this driver")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("Second network creation failed with unexpected error type")
+	}
+
+	err = d.DeleteNetwork("first")
+	if err == nil {
+		t.Fatalf("network deletion should fail on this driver")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("network deletion failed with unexpected error type")
+	}
+
+	// we don't really check if it is there or not, delete is not allowed for this driver, period.
+	err = d.DeleteNetwork("unknown")
+	if err == nil {
+		t.Fatalf("any network deletion should fail on this driver")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("any network deletion failed with unexpected error type")
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/encryption.go b/libnetwork/drivers/overlay/encryption.go
similarity index 94%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/encryption.go
rename to libnetwork/drivers/overlay/encryption.go
index a97e73df82bc9..c5ab835cf31cc 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/encryption.go
+++ b/libnetwork/drivers/overlay/encryption.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package overlay
 
 import (
@@ -12,9 +15,10 @@ import (
 
 	"strconv"
 
-	"github.com/docker/libnetwork/iptables"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/drivers/overlay/overlayutils"
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 )
@@ -200,7 +204,7 @@ func removeEncryption(localIP, remoteIP net.IP, em *encrMap) error {
 
 func programMangle(vni uint32, add bool) (err error) {
 	var (
-		p      = strconv.FormatUint(uint64(vxlanPort), 10)
+		p      = strconv.FormatUint(uint64(overlayutils.VXLANUDPPort()), 10)
 		c      = fmt.Sprintf("0>>22&0x3C@12&0xFFFFFF00=%d", int(vni)<<8)
 		m      = strconv.FormatUint(uint64(r), 10)
 		chain  = "OUTPUT"
@@ -209,7 +213,10 @@ func programMangle(vni uint32, add bool) (err error) {
 		action = "install"
 	)
 
-	if add == iptables.Exists(iptables.Mangle, chain, rule...) {
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	if add == iptable.Exists(iptables.Mangle, chain, rule...) {
 		return
 	}
 
@@ -218,7 +225,7 @@ func programMangle(vni uint32, add bool) (err error) {
 		action = "remove"
 	}
 
-	if err = iptables.RawCombinedOutput(append([]string{"-t", string(iptables.Mangle), a, chain}, rule...)...); err != nil {
+	if err = iptable.RawCombinedOutput(append([]string{"-t", string(iptables.Mangle), a, chain}, rule...)...); err != nil {
 		logrus.Warnf("could not %s mangle rule: %v", action, err)
 	}
 
@@ -227,7 +234,7 @@ func programMangle(vni uint32, add bool) (err error) {
 
 func programInput(vni uint32, add bool) (err error) {
 	var (
-		port       = strconv.FormatUint(uint64(vxlanPort), 10)
+		port       = strconv.FormatUint(uint64(overlayutils.VXLANUDPPort()), 10)
 		vniMatch   = fmt.Sprintf("0>>22&0x3C@12&0xFFFFFF00=%d", int(vni)<<8)
 		plainVxlan = []string{"-p", "udp", "--dport", port, "-m", "u32", "--u32", vniMatch, "-j"}
 		ipsecVxlan = append([]string{"-m", "policy", "--dir", "in", "--pol", "ipsec"}, plainVxlan...)
@@ -238,16 +245,19 @@ func programInput(vni uint32, add bool) (err error) {
 		msg        = "add"
 	)
 
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+
 	if !add {
 		action = iptables.Delete
 		msg = "remove"
 	}
 
-	if err := iptables.ProgramRule(iptables.Filter, chain, action, accept); err != nil {
+	if err := iptable.ProgramRule(iptables.Filter, chain, action, accept); err != nil {
 		logrus.Errorf("could not %s input rule: %v. Please do it manually.", msg, err)
 	}
 
-	if err := iptables.ProgramRule(iptables.Filter, chain, action, block); err != nil {
+	if err := iptable.ProgramRule(iptables.Filter, chain, action, block); err != nil {
 		logrus.Errorf("could not %s input rule: %v. Please do it manually.", msg, err)
 	}
 
@@ -619,6 +629,7 @@ func clearEncryptionStates() {
 		logrus.Warnf("Failed to retrieve SA list for cleanup: %v", err)
 	}
 	for _, sp := range spList {
+		sp := sp
 		if sp.Mark != nil && sp.Mark.Value == spMark.Value {
 			if err := nlh.XfrmPolicyDel(&sp); err != nil {
 				logrus.Warnf("Failed to delete stale SP %s: %v", sp, err)
@@ -628,6 +639,7 @@ func clearEncryptionStates() {
 		}
 	}
 	for _, sa := range saList {
+		sa := sa
 		if sa.Reqid == r {
 			if err := nlh.XfrmStateDel(&sa); err != nil {
 				logrus.Warnf("Failed to delete stale SA %s: %v", sa, err)
diff --git a/libnetwork/drivers/overlay/filter.go b/libnetwork/drivers/overlay/filter.go
new file mode 100644
index 0000000000000..31a8c1f43f1c9
--- /dev/null
+++ b/libnetwork/drivers/overlay/filter.go
@@ -0,0 +1,153 @@
+//go:build linux
+// +build linux
+
+package overlay
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/sirupsen/logrus"
+)
+
+const globalChain = "DOCKER-OVERLAY"
+
+var filterOnce sync.Once
+
+var filterChan = make(chan struct{}, 1)
+
+func filterWait() func() {
+	filterChan <- struct{}{}
+	return func() { <-filterChan }
+}
+
+func chainExists(cname string) bool {
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+	if _, err := iptable.Raw("-L", cname); err != nil {
+		return false
+	}
+
+	return true
+}
+
+func setupGlobalChain() {
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+	// Because of an ungraceful shutdown, chain could already be present
+	if !chainExists(globalChain) {
+		if err := iptable.RawCombinedOutput("-N", globalChain); err != nil {
+			logrus.Errorf("could not create global overlay chain: %v", err)
+			return
+		}
+	}
+
+	if !iptable.Exists(iptables.Filter, globalChain, "-j", "RETURN") {
+		if err := iptable.RawCombinedOutput("-A", globalChain, "-j", "RETURN"); err != nil {
+			logrus.Errorf("could not install default return chain in the overlay global chain: %v", err)
+		}
+	}
+}
+
+func setNetworkChain(cname string, remove bool) error {
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+	// Initialize the onetime global overlay chain
+	filterOnce.Do(setupGlobalChain)
+
+	exists := chainExists(cname)
+
+	opt := "-N"
+	// In case of remove, make sure to flush the rules in the chain
+	if remove && exists {
+		if err := iptable.RawCombinedOutput("-F", cname); err != nil {
+			return fmt.Errorf("failed to flush overlay network chain %s rules: %v", cname, err)
+		}
+		opt = "-X"
+	}
+
+	if (!remove && !exists) || (remove && exists) {
+		if err := iptable.RawCombinedOutput(opt, cname); err != nil {
+			return fmt.Errorf("failed network chain operation %q for chain %s: %v", opt, cname, err)
+		}
+	}
+
+	if !remove {
+		if !iptable.Exists(iptables.Filter, cname, "-j", "DROP") {
+			if err := iptable.RawCombinedOutput("-A", cname, "-j", "DROP"); err != nil {
+				return fmt.Errorf("failed adding default drop rule to overlay network chain %s: %v", cname, err)
+			}
+		}
+	}
+
+	return nil
+}
+
+func addNetworkChain(cname string) error {
+	defer filterWait()()
+
+	return setNetworkChain(cname, false)
+}
+
+func removeNetworkChain(cname string) error {
+	defer filterWait()()
+
+	return setNetworkChain(cname, true)
+}
+
+func setFilters(cname, brName string, remove bool) error {
+	opt := "-I"
+	if remove {
+		opt = "-D"
+	}
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	// Every time we set filters for a new subnet make sure to move the global overlay hook to the top of the both the OUTPUT and forward chains
+	if !remove {
+		for _, chain := range []string{"OUTPUT", "FORWARD"} {
+			exists := iptable.Exists(iptables.Filter, chain, "-j", globalChain)
+			if exists {
+				if err := iptable.RawCombinedOutput("-D", chain, "-j", globalChain); err != nil {
+					return fmt.Errorf("failed to delete overlay hook in chain %s while moving the hook: %v", chain, err)
+				}
+			}
+
+			if err := iptable.RawCombinedOutput("-I", chain, "-j", globalChain); err != nil {
+				return fmt.Errorf("failed to insert overlay hook in chain %s: %v", chain, err)
+			}
+		}
+	}
+
+	// Insert/Delete the rule to jump to per-bridge chain
+	exists := iptable.Exists(iptables.Filter, globalChain, "-o", brName, "-j", cname)
+	if (!remove && !exists) || (remove && exists) {
+		if err := iptable.RawCombinedOutput(opt, globalChain, "-o", brName, "-j", cname); err != nil {
+			return fmt.Errorf("failed to add per-bridge filter rule for bridge %s, network chain %s: %v", brName, cname, err)
+		}
+	}
+
+	exists = iptable.Exists(iptables.Filter, cname, "-i", brName, "-j", "ACCEPT")
+	if (!remove && exists) || (remove && !exists) {
+		return nil
+	}
+
+	if err := iptable.RawCombinedOutput(opt, cname, "-i", brName, "-j", "ACCEPT"); err != nil {
+		return fmt.Errorf("failed to add overlay filter rile for network chain %s, bridge %s: %v", cname, brName, err)
+	}
+
+	return nil
+}
+
+func addFilters(cname, brName string) error {
+	defer filterWait()()
+
+	return setFilters(cname, brName, false)
+}
+
+func removeFilters(cname, brName string) error {
+	defer filterWait()()
+
+	return setFilters(cname, brName, true)
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/joinleave.go b/libnetwork/drivers/overlay/joinleave.go
similarity index 97%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/joinleave.go
rename to libnetwork/drivers/overlay/joinleave.go
index a51bcd8985f95..69b6d87068e17 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/joinleave.go
+++ b/libnetwork/drivers/overlay/joinleave.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package overlay
 
 import (
@@ -5,9 +8,9 @@ import (
 	"net"
 	"syscall"
 
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/gogo/protobuf/proto"
 	"github.com/sirupsen/logrus"
 )
diff --git a/libnetwork/drivers/overlay/ostweaks_linux.go b/libnetwork/drivers/overlay/ostweaks_linux.go
new file mode 100644
index 0000000000000..15f2a533eaada
--- /dev/null
+++ b/libnetwork/drivers/overlay/ostweaks_linux.go
@@ -0,0 +1,23 @@
+package overlay
+
+import (
+	"strconv"
+
+	"github.com/docker/docker/libnetwork/osl/kernel"
+)
+
+var ovConfig = map[string]*kernel.OSValue{
+	"net.ipv4.neigh.default.gc_thresh1": {Value: "8192", CheckFn: checkHigher},
+	"net.ipv4.neigh.default.gc_thresh2": {Value: "49152", CheckFn: checkHigher},
+	"net.ipv4.neigh.default.gc_thresh3": {Value: "65536", CheckFn: checkHigher},
+}
+
+func checkHigher(val1, val2 string) bool {
+	val1Int, _ := strconv.ParseInt(val1, 10, 32)
+	val2Int, _ := strconv.ParseInt(val2, 10, 32)
+	return val1Int < val2Int
+}
+
+func applyOStweaks() {
+	kernel.ApplyOSTweaks(ovConfig)
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_unsupported.go b/libnetwork/drivers/overlay/ostweaks_unsupported.go
similarity index 76%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_unsupported.go
rename to libnetwork/drivers/overlay/ostweaks_unsupported.go
index a5e8d910839d3..a90019e2d6dea 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_unsupported.go
+++ b/libnetwork/drivers/overlay/ostweaks_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package overlay
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_endpoint.go b/libnetwork/drivers/overlay/ov_endpoint.go
similarity index 94%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/ov_endpoint.go
rename to libnetwork/drivers/overlay/ov_endpoint.go
index 0aaaac59d9007..76619966d31fe 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_endpoint.go
+++ b/libnetwork/drivers/overlay/ov_endpoint.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package overlay
 
 import (
@@ -5,11 +8,11 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -136,7 +139,7 @@ func (d *driver) DeleteEndpoint(nid, eid string) error {
 }
 
 func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
-	return make(map[string]interface{}, 0), nil
+	return make(map[string]interface{}), nil
 }
 
 func (d *driver) deleteEndpointFromStore(e *endpoint) error {
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go b/libnetwork/drivers/overlay/ov_network.go
similarity index 94%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
rename to libnetwork/drivers/overlay/ov_network.go
index cf32e45951fc5..529f5297d6161 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
+++ b/libnetwork/drivers/overlay/ov_network.go
@@ -1,9 +1,11 @@
+//go:build linux
+// +build linux
+
 package overlay
 
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@@ -12,21 +14,21 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"syscall"
 
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/resolvconf"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/reexec"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/resolvconf"
-	"github.com/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 	"github.com/vishvananda/netlink/nl"
 	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 var (
@@ -97,18 +99,18 @@ func setDefaultVlan() {
 	}
 
 	// make sure the sysfs mount doesn't propagate back
-	if err = syscall.Unshare(syscall.CLONE_NEWNS); err != nil {
+	if err = unix.Unshare(unix.CLONE_NEWNS); err != nil {
 		logrus.Errorf("unshare failed, %v", err)
 		os.Exit(1)
 	}
 
-	flag := syscall.MS_PRIVATE | syscall.MS_REC
-	if err = syscall.Mount("", "/", "", uintptr(flag), ""); err != nil {
+	flag := unix.MS_PRIVATE | unix.MS_REC
+	if err = unix.Mount("", "/", "", uintptr(flag), ""); err != nil {
 		logrus.Errorf("root mount failed, %v", err)
 		os.Exit(1)
 	}
 
-	if err = syscall.Mount("sysfs", "/sys", "sysfs", 0, ""); err != nil {
+	if err = unix.Mount("sysfs", "/sys", "sysfs", 0, ""); err != nil {
 		logrus.Errorf("mounting sysfs failed, %v", err)
 		os.Exit(1)
 	}
@@ -117,7 +119,7 @@ func setDefaultVlan() {
 	path := filepath.Join("/sys/class/net", brName, "bridge/default_pvid")
 	data := []byte{'0', '\n'}
 
-	if err = ioutil.WriteFile(path, data, 0644); err != nil {
+	if err = os.WriteFile(path, data, 0644); err != nil {
 		logrus.Errorf("enabling default vlan on bridge %s failed %v", brName, err)
 		os.Exit(1)
 	}
@@ -413,7 +415,9 @@ func (n *network) destroySandbox() {
 
 func populateVNITbl() {
 	filepath.Walk(filepath.Dir(osl.GenerateKey("walk")),
-		func(path string, info os.FileInfo, err error) error {
+		// NOTE(cpuguy83): The linter picked up on the fact that this walk function was not using this error argument
+		// That seems wrong... however I'm not familiar with this code or if that error matters
+		func(path string, info os.FileInfo, _ error) error {
 			_, fname := filepath.Split(path)
 
 			if len(strings.Split(fname, "-")) <= 1 {
@@ -427,7 +431,7 @@ func populateVNITbl() {
 			}
 			defer ns.Close()
 
-			nlh, err := netlink.NewHandleAt(ns, syscall.NETLINK_ROUTE)
+			nlh, err := netlink.NewHandleAt(ns, unix.NETLINK_ROUTE)
 			if err != nil {
 				logrus.Errorf("Could not open netlink handle during vni population for ns %s: %v", path, err)
 				return nil
@@ -583,7 +587,7 @@ func (n *network) setupSubnetSandbox(s *subnet, brName, vxlanName string) error
 
 		if ok {
 			deleteVxlanByVNI(path, s.vni)
-			if err := syscall.Unmount(path, syscall.MNT_FORCE); err != nil {
+			if err := unix.Unmount(path, unix.MNT_FORCE); err != nil {
 				logrus.Errorf("unmount of %s failed: %v", path, err)
 			}
 			os.Remove(path)
@@ -693,7 +697,7 @@ func (n *network) cleanupStaleSandboxes() {
 			if strings.Contains(n.id, pattern) {
 				// Delete all vnis
 				deleteVxlanByVNI(path, 0)
-				syscall.Unmount(path, syscall.MNT_DETACH)
+				unix.Unmount(path, unix.MNT_DETACH)
 				os.Remove(path)
 
 				// Now that we have destroyed this
@@ -755,12 +759,12 @@ func (n *network) initSandbox(restore bool) error {
 
 	var nlSock *nl.NetlinkSocket
 	sbox.InvokeFunc(func() {
-		nlSock, err = nl.Subscribe(syscall.NETLINK_ROUTE, syscall.RTNLGRP_NEIGH)
+		nlSock, err = nl.Subscribe(unix.NETLINK_ROUTE, unix.RTNLGRP_NEIGH)
 		if err != nil {
 			return
 		}
 		// set the receive timeout to not remain stuck on the RecvFrom if the fd gets closed
-		tv := syscall.NsecToTimeval(soTimeout.Nanoseconds())
+		tv := unix.NsecToTimeval(soTimeout.Nanoseconds())
 		err = nlSock.SetReceiveTimeout(&tv)
 	})
 	n.nlSocket = nlSock
@@ -793,7 +797,7 @@ func (n *network) watchMiss(nlSock *nl.NetlinkSocket, nsPath string) {
 		return
 	}
 	for {
-		msgs, err := nlSock.Receive()
+		msgs, _, err := nlSock.Receive()
 		if err != nil {
 			n.Lock()
 			nlFd := nlSock.GetFd()
@@ -803,7 +807,7 @@ func (n *network) watchMiss(nlSock *nl.NetlinkSocket, nsPath string) {
 				return
 			}
 			// When the receive timeout expires the receive will return EAGAIN
-			if err == syscall.EAGAIN {
+			if err == unix.EAGAIN {
 				// we continue here to avoid spam for timeouts
 				continue
 			}
@@ -812,7 +816,7 @@ func (n *network) watchMiss(nlSock *nl.NetlinkSocket, nsPath string) {
 		}
 
 		for _, msg := range msgs {
-			if msg.Header.Type != syscall.RTM_GETNEIGH && msg.Header.Type != syscall.RTM_NEWNEIGH {
+			if msg.Header.Type != unix.RTM_GETNEIGH && msg.Header.Type != unix.RTM_NEWNEIGH {
 				continue
 			}
 
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_serf.go b/libnetwork/drivers/overlay/ov_serf.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/ov_serf.go
rename to libnetwork/drivers/overlay/ov_serf.go
index f644799afd181..07b955227ad2e 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_serf.go
+++ b/libnetwork/drivers/overlay/ov_serf.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package overlay
 
 import (
@@ -149,7 +152,7 @@ func (d *driver) resolvePeer(nid string, peerIP net.IP) (net.HardwareAddr, net.I
 		return nil, nil, nil, fmt.Errorf("could not resolve peer: serf instance not initialized")
 	}
 
-	qPayload := fmt.Sprintf("%s %s", string(nid), peerIP.String())
+	qPayload := fmt.Sprintf("%s %s", nid, peerIP.String())
 	resp, err := d.serfInstance.Query("peerlookup", []byte(qPayload), nil)
 	if err != nil {
 		return nil, nil, nil, fmt.Errorf("resolving peer by querying the cluster failed: %v", err)
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_utils.go b/libnetwork/drivers/overlay/ov_utils.go
similarity index 93%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/ov_utils.go
rename to libnetwork/drivers/overlay/ov_utils.go
index 27f57c1fe228d..0db0102d04e4f 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_utils.go
+++ b/libnetwork/drivers/overlay/ov_utils.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package overlay
 
 import (
@@ -5,9 +8,10 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/drivers/overlay/overlayutils"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/osl"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 	"github.com/vishvananda/netns"
@@ -61,7 +65,7 @@ func createVxlan(name string, vni uint32, mtu int) error {
 		LinkAttrs: netlink.LinkAttrs{Name: name, MTU: mtu},
 		VxlanId:   int(vni),
 		Learning:  true,
-		Port:      vxlanPort,
+		Port:      int(overlayutils.VXLANUDPPort()),
 		Proxy:     true,
 		L3miss:    true,
 		L2miss:    true,
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go b/libnetwork/drivers/overlay/overlay.go
similarity index 94%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go
rename to libnetwork/drivers/overlay/overlay.go
index 1bbd761c2f996..50263c3d79f29 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go
+++ b/libnetwork/drivers/overlay/overlay.go
@@ -1,6 +1,9 @@
+//go:build linux
+// +build linux
+
 package overlay
 
-//go:generate protoc -I.:../../Godeps/_workspace/src/github.com/gogo/protobuf  --gogo_out=import_path=github.com/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto
+//go:generate protoc -I.:../../Godeps/_workspace/src/github.com/gogo/protobuf  --gogo_out=import_path=github.com/docker/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto
 
 import (
 	"context"
@@ -8,13 +11,13 @@ import (
 	"net"
 	"sync"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/idm"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/idm"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/hashicorp/serf/serf"
 	"github.com/sirupsen/logrus"
 )
@@ -25,7 +28,6 @@ const (
 	vethLen      = 7
 	vxlanIDStart = 256
 	vxlanIDEnd   = (1 << 24) - 1
-	vxlanPort    = 4789
 	vxlanEncap   = 50
 	secureOption = "encrypted"
 )
@@ -379,7 +381,7 @@ func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{})
 			}
 		}
 		if err := d.updateKeys(newKey, priKey, delKey); err != nil {
-			logrus.Warn(err)
+			return err
 		}
 	default:
 	}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.pb.go b/libnetwork/drivers/overlay/overlay.pb.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/overlay.pb.go
rename to libnetwork/drivers/overlay/overlay.pb.go
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.proto b/libnetwork/drivers/overlay/overlay.proto
similarity index 100%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/overlay.proto
rename to libnetwork/drivers/overlay/overlay.proto
diff --git a/libnetwork/drivers/overlay/overlay_test.go b/libnetwork/drivers/overlay/overlay_test.go
new file mode 100644
index 0000000000000..55194c5730257
--- /dev/null
+++ b/libnetwork/drivers/overlay/overlay_test.go
@@ -0,0 +1,179 @@
+//go:build linux
+// +build linux
+
+package overlay
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"os"
+	"syscall"
+	"testing"
+	"time"
+
+	"golang.org/x/sys/unix"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/libkv/store/consul"
+	"github.com/vishvananda/netlink/nl"
+)
+
+func init() {
+	consul.Register()
+}
+
+type driverTester struct {
+	t *testing.T
+	d *driver
+}
+
+const testNetworkType = "overlay"
+
+func setupDriver(t *testing.T) *driverTester {
+	dt := &driverTester{t: t}
+	config := make(map[string]interface{})
+	config[netlabel.GlobalKVClient] = discoverapi.DatastoreConfigData{
+		Scope:    datastore.GlobalScope,
+		Provider: "consul",
+		Address:  "127.0.0.01:8500",
+	}
+
+	if err := Init(dt, config); err != nil {
+		t.Fatal(err)
+	}
+
+	iface, err := net.InterfaceByName("eth0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	addrs, err := iface.Addrs()
+	if err != nil || len(addrs) == 0 {
+		t.Fatal(err)
+	}
+	data := discoverapi.NodeDiscoveryData{
+		Address: addrs[0].String(),
+		Self:    true,
+	}
+	dt.d.DiscoverNew(discoverapi.NodeDiscovery, data)
+	return dt
+}
+
+func cleanupDriver(t *testing.T, dt *driverTester) {
+	ch := make(chan struct{})
+	go func() {
+		Fini(dt.d)
+		close(ch)
+	}()
+
+	select {
+	case <-ch:
+	case <-time.After(10 * time.Second):
+		t.Fatal("test timed out because Fini() did not return on time")
+	}
+}
+
+func (dt *driverTester) GetPluginGetter() plugingetter.PluginGetter {
+	return nil
+}
+
+func (dt *driverTester) RegisterDriver(name string, drv driverapi.Driver,
+	cap driverapi.Capability) error {
+	if name != testNetworkType {
+		dt.t.Fatalf("Expected driver register name to be %q. Instead got %q",
+			testNetworkType, name)
+	}
+
+	if _, ok := drv.(*driver); !ok {
+		dt.t.Fatalf("Expected driver type to be %T. Instead got %T",
+			&driver{}, drv)
+	}
+
+	dt.d = drv.(*driver)
+	return nil
+}
+
+func TestOverlayInit(t *testing.T) {
+	if err := Init(&driverTester{t: t}, nil); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestOverlayFiniWithoutConfig(t *testing.T) {
+	dt := &driverTester{t: t}
+	if err := Init(dt, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	cleanupDriver(t, dt)
+}
+
+func TestOverlayConfig(t *testing.T) {
+	dt := setupDriver(t)
+
+	time.Sleep(1 * time.Second)
+
+	d := dt.d
+	if d.notifyCh == nil {
+		t.Fatal("Driver notify channel wasn't initialized after Config method")
+	}
+
+	if d.exitCh == nil {
+		t.Fatal("Driver serfloop exit channel wasn't initialized after Config method")
+	}
+
+	if d.serfInstance == nil {
+		t.Fatal("Driver serfinstance  hasn't been initialized after Config method")
+	}
+
+	cleanupDriver(t, dt)
+}
+
+func TestOverlayType(t *testing.T) {
+	dt := &driverTester{t: t}
+	if err := Init(dt, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if dt.d.Type() != testNetworkType {
+		t.Fatalf("Expected Type() to return %q. Instead got %q", testNetworkType,
+			dt.d.Type())
+	}
+}
+
+// Test that the netlink socket close unblock the watchMiss to avoid deadlock
+func TestNetlinkSocket(t *testing.T) {
+	// This is the same code used by the overlay driver to create the netlink interface
+	// for the watch miss
+	nlSock, err := nl.Subscribe(syscall.NETLINK_ROUTE, syscall.RTNLGRP_NEIGH)
+	if err != nil {
+		t.Fatal()
+	}
+	// set the receive timeout to not remain stuck on the RecvFrom if the fd gets closed
+	tv := unix.NsecToTimeval(soTimeout.Nanoseconds())
+	err = nlSock.SetReceiveTimeout(&tv)
+	if err != nil {
+		t.Fatal()
+	}
+	n := &network{id: "testnetid"}
+	ch := make(chan error)
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	go func() {
+		n.watchMiss(nlSock, fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), syscall.Gettid()))
+		ch <- nil
+	}()
+	time.Sleep(5 * time.Second)
+	nlSock.Close()
+	select {
+	case <-ch:
+	case <-ctx.Done():
+		{
+			t.Fatalf("Timeout expired")
+		}
+	}
+}
diff --git a/libnetwork/drivers/overlay/overlayutils/utils.go b/libnetwork/drivers/overlay/overlayutils/utils.go
new file mode 100644
index 0000000000000..73136e8e2a788
--- /dev/null
+++ b/libnetwork/drivers/overlay/overlayutils/utils.go
@@ -0,0 +1,46 @@
+// Package overlayutils provides utility functions for overlay networks
+package overlayutils
+
+import (
+	"fmt"
+	"sync"
+)
+
+var (
+	mutex        sync.RWMutex
+	vxlanUDPPort uint32
+)
+
+const defaultVXLANUDPPort = 4789
+
+func init() {
+	vxlanUDPPort = defaultVXLANUDPPort
+}
+
+// ConfigVXLANUDPPort configures the VXLAN UDP port (data path port) number.
+// If no port is set, the default (4789) is returned. Valid port numbers are
+// between 1024 and 49151.
+func ConfigVXLANUDPPort(vxlanPort uint32) error {
+	if vxlanPort == 0 {
+		vxlanPort = defaultVXLANUDPPort
+	}
+	// IANA procedures for each range in detail
+	// The Well Known Ports, aka the System Ports, from 0-1023
+	// The Registered Ports, aka the User Ports, from 1024-49151
+	// The Dynamic Ports, aka the Private Ports, from 49152-65535
+	// So we can allow range between 1024 to 49151
+	if vxlanPort < 1024 || vxlanPort > 49151 {
+		return fmt.Errorf("VXLAN UDP port number is not in valid range (1024-49151): %d", vxlanPort)
+	}
+	mutex.Lock()
+	vxlanUDPPort = vxlanPort
+	mutex.Unlock()
+	return nil
+}
+
+// VXLANUDPPort returns Vxlan UDP port number
+func VXLANUDPPort() uint32 {
+	mutex.RLock()
+	defer mutex.RUnlock()
+	return vxlanUDPPort
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/ovmanager/ovmanager.go b/libnetwork/drivers/overlay/ovmanager/ovmanager.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/ovmanager/ovmanager.go
rename to libnetwork/drivers/overlay/ovmanager/ovmanager.go
index 12deb22e4416d..fcb0ea9cff4af 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ovmanager/ovmanager.go
+++ b/libnetwork/drivers/overlay/ovmanager/ovmanager.go
@@ -7,12 +7,12 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/idm"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/idm"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -27,7 +27,6 @@ type networkTable map[string]*network
 type driver struct {
 	config   map[string]interface{}
 	networks networkTable
-	store    datastore.DataStore
 	vxlanIdm *idm.Idm
 	sync.Mutex
 }
diff --git a/libnetwork/drivers/overlay/ovmanager/ovmanager_test.go b/libnetwork/drivers/overlay/ovmanager/ovmanager_test.go
new file mode 100644
index 0000000000000..319387345f7a5
--- /dev/null
+++ b/libnetwork/drivers/overlay/ovmanager/ovmanager_test.go
@@ -0,0 +1,87 @@
+package ovmanager
+
+import (
+	"fmt"
+	"net"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/idm"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+func newDriver(t *testing.T) *driver {
+	d := &driver{
+		networks: networkTable{},
+	}
+
+	vxlanIdm, err := idm.New(nil, "vxlan-id", vxlanIDStart, vxlanIDEnd)
+	assert.NilError(t, err)
+
+	d.vxlanIdm = vxlanIdm
+	return d
+}
+
+func parseCIDR(t *testing.T, ipnet string) *net.IPNet {
+	subnet, err := types.ParseCIDR(ipnet)
+	assert.NilError(t, err)
+	return subnet
+}
+
+func TestNetworkAllocateFree(t *testing.T) {
+	d := newDriver(t)
+
+	ipamData := []driverapi.IPAMData{
+		{
+			Pool: parseCIDR(t, "10.1.1.0/24"),
+		},
+		{
+			Pool: parseCIDR(t, "10.1.2.0/24"),
+		},
+	}
+
+	vals, err := d.NetworkAllocate("testnetwork", nil, ipamData, nil)
+	assert.NilError(t, err)
+
+	vxlanIDs, ok := vals[netlabel.OverlayVxlanIDList]
+	assert.Check(t, is.Equal(true, ok))
+	assert.Check(t, is.Len(strings.Split(vxlanIDs, ","), 2))
+
+	err = d.NetworkFree("testnetwork")
+	assert.NilError(t, err)
+}
+
+func TestNetworkAllocateUserDefinedVNIs(t *testing.T) {
+	d := newDriver(t)
+
+	ipamData := []driverapi.IPAMData{
+		{
+			Pool: parseCIDR(t, "10.1.1.0/24"),
+		},
+		{
+			Pool: parseCIDR(t, "10.1.2.0/24"),
+		},
+	}
+
+	options := make(map[string]string)
+	// Intentionally add mode vnis than subnets
+	options[netlabel.OverlayVxlanIDList] = fmt.Sprintf("%d,%d,%d", vxlanIDStart, vxlanIDStart+1, vxlanIDStart+2)
+
+	vals, err := d.NetworkAllocate("testnetwork", options, ipamData, nil)
+	assert.NilError(t, err)
+
+	vxlanIDs, ok := vals[netlabel.OverlayVxlanIDList]
+	assert.Check(t, is.Equal(true, ok))
+
+	// We should only get exactly the same number of vnis as
+	// subnets. No more, no less, even if we passed more vnis.
+	assert.Check(t, is.Len(strings.Split(vxlanIDs, ","), 2))
+	assert.Check(t, is.Equal(fmt.Sprintf("%d,%d", vxlanIDStart, vxlanIDStart+1), vxlanIDs))
+
+	err = d.NetworkFree("testnetwork")
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/peerdb.go b/libnetwork/drivers/overlay/peerdb.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/drivers/overlay/peerdb.go
rename to libnetwork/drivers/overlay/peerdb.go
index 58d70d04d8dd3..e812d3068cbff 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/peerdb.go
+++ b/libnetwork/drivers/overlay/peerdb.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package overlay
 
 import (
@@ -7,9 +10,9 @@ import (
 	"sync"
 	"syscall"
 
-	"github.com/docker/libnetwork/internal/caller"
-	"github.com/docker/libnetwork/internal/setmatrix"
-	"github.com/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/internal/caller"
+	"github.com/docker/docker/libnetwork/internal/setmatrix"
+	"github.com/docker/docker/libnetwork/osl"
 	"github.com/sirupsen/logrus"
 )
 
@@ -129,6 +132,7 @@ func (d *driver) peerDbNetworkWalk(nid string, f func(*peerKey, *peerEntry) bool
 
 	for pKeyStr, pEntry := range mp {
 		var pKey peerKey
+		pEntry := pEntry
 		if _, err := fmt.Sscan(pKeyStr, &pKey); err != nil {
 			logrus.Warnf("Peer key scan on network %s failed: %v", nid, err)
 		}
diff --git a/libnetwork/drivers/overlay/peerdb_test.go b/libnetwork/drivers/overlay/peerdb_test.go
new file mode 100644
index 0000000000000..1c924f61cf5cc
--- /dev/null
+++ b/libnetwork/drivers/overlay/peerdb_test.go
@@ -0,0 +1,31 @@
+//go:build linux
+// +build linux
+
+package overlay
+
+import (
+	"net"
+	"testing"
+)
+
+func TestPeerMarshal(t *testing.T) {
+	_, ipNet, _ := net.ParseCIDR("192.168.0.1/24")
+	p := &peerEntry{eid: "eid",
+		isLocal:    true,
+		peerIPMask: ipNet.Mask,
+		vtep:       ipNet.IP}
+	entryDB := p.MarshalDB()
+	x := entryDB.UnMarshalDB()
+	if x.eid != p.eid {
+		t.Fatalf("Incorrect Unmarshalling for eid: %v != %v", x.eid, p.eid)
+	}
+	if x.isLocal != p.isLocal {
+		t.Fatalf("Incorrect Unmarshalling for isLocal: %v != %v", x.isLocal, p.isLocal)
+	}
+	if x.peerIPMask.String() != p.peerIPMask.String() {
+		t.Fatalf("Incorrect Unmarshalling for eid: %v != %v", x.peerIPMask, p.peerIPMask)
+	}
+	if x.vtep.String() != p.vtep.String() {
+		t.Fatalf("Incorrect Unmarshalling for eid: %v != %v", x.vtep, p.vtep)
+	}
+}
diff --git a/libnetwork/drivers/remote/api/api.go b/libnetwork/drivers/remote/api/api.go
new file mode 100644
index 0000000000000..d6d1757be09ed
--- /dev/null
+++ b/libnetwork/drivers/remote/api/api.go
@@ -0,0 +1,221 @@
+/*
+Package api represents all requests and responses suitable for conversation
+with a remote driver.
+*/
+package api
+
+import (
+	"net"
+
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+)
+
+// Response is the basic response structure used in all responses.
+type Response struct {
+	Err string
+}
+
+// GetError returns the error from the response, if any.
+func (r *Response) GetError() string {
+	return r.Err
+}
+
+// GetCapabilityResponse is the response of GetCapability request
+type GetCapabilityResponse struct {
+	Response
+	Scope             string
+	ConnectivityScope string
+}
+
+// AllocateNetworkRequest requests allocation of new network by manager
+type AllocateNetworkRequest struct {
+	// A network ID that remote plugins are expected to store for future
+	// reference.
+	NetworkID string
+
+	// A free form map->object interface for communication of options.
+	Options map[string]string
+
+	// IPAMData contains the address pool information for this network
+	IPv4Data, IPv6Data []driverapi.IPAMData
+}
+
+// AllocateNetworkResponse is the response to the AllocateNetworkRequest.
+type AllocateNetworkResponse struct {
+	Response
+	// A free form plugin specific string->string object to be sent in
+	// CreateNetworkRequest call in the libnetwork agents
+	Options map[string]string
+}
+
+// FreeNetworkRequest is the request to free allocated network in the manager
+type FreeNetworkRequest struct {
+	// The ID of the network to be freed.
+	NetworkID string
+}
+
+// FreeNetworkResponse is the response to a request for freeing a network.
+type FreeNetworkResponse struct {
+	Response
+}
+
+// CreateNetworkRequest requests a new network.
+type CreateNetworkRequest struct {
+	// A network ID that remote plugins are expected to store for future
+	// reference.
+	NetworkID string
+
+	// A free form map->object interface for communication of options.
+	Options map[string]interface{}
+
+	// IPAMData contains the address pool information for this network
+	IPv4Data, IPv6Data []driverapi.IPAMData
+}
+
+// CreateNetworkResponse is the response to the CreateNetworkRequest.
+type CreateNetworkResponse struct {
+	Response
+}
+
+// DeleteNetworkRequest is the request to delete an existing network.
+type DeleteNetworkRequest struct {
+	// The ID of the network to delete.
+	NetworkID string
+}
+
+// DeleteNetworkResponse is the response to a request for deleting a network.
+type DeleteNetworkResponse struct {
+	Response
+}
+
+// CreateEndpointRequest is the request to create an endpoint within a network.
+type CreateEndpointRequest struct {
+	// Provided at create time, this will be the network id referenced.
+	NetworkID string
+	// The ID of the endpoint for later reference.
+	EndpointID string
+	Interface  *EndpointInterface
+	Options    map[string]interface{}
+}
+
+// EndpointInterface represents an interface endpoint.
+type EndpointInterface struct {
+	Address     string
+	AddressIPv6 string
+	MacAddress  string
+}
+
+// CreateEndpointResponse is the response to the CreateEndpoint action.
+type CreateEndpointResponse struct {
+	Response
+	Interface *EndpointInterface
+}
+
+// Interface is the representation of a linux interface.
+type Interface struct {
+	Address     *net.IPNet
+	AddressIPv6 *net.IPNet
+	MacAddress  net.HardwareAddr
+}
+
+// DeleteEndpointRequest describes the API for deleting an endpoint.
+type DeleteEndpointRequest struct {
+	NetworkID  string
+	EndpointID string
+}
+
+// DeleteEndpointResponse is the response to the DeleteEndpoint action.
+type DeleteEndpointResponse struct {
+	Response
+}
+
+// EndpointInfoRequest retrieves information about the endpoint from the network driver.
+type EndpointInfoRequest struct {
+	NetworkID  string
+	EndpointID string
+}
+
+// EndpointInfoResponse is the response to an EndpointInfoRequest.
+type EndpointInfoResponse struct {
+	Response
+	Value map[string]interface{}
+}
+
+// JoinRequest describes the API for joining an endpoint to a sandbox.
+type JoinRequest struct {
+	NetworkID  string
+	EndpointID string
+	SandboxKey string
+	Options    map[string]interface{}
+}
+
+// InterfaceName is the struct representation of a pair of devices with source
+// and destination, for the purposes of putting an endpoint into a container.
+type InterfaceName struct {
+	SrcName   string
+	DstName   string
+	DstPrefix string
+}
+
+// StaticRoute is the plain JSON representation of a static route.
+type StaticRoute struct {
+	Destination string
+	RouteType   int
+	NextHop     string
+}
+
+// JoinResponse is the response to a JoinRequest.
+type JoinResponse struct {
+	Response
+	InterfaceName         *InterfaceName
+	Gateway               string
+	GatewayIPv6           string
+	StaticRoutes          []StaticRoute
+	DisableGatewayService bool
+}
+
+// LeaveRequest describes the API for detaching an endpoint from a sandbox.
+type LeaveRequest struct {
+	NetworkID  string
+	EndpointID string
+}
+
+// LeaveResponse is the answer to LeaveRequest.
+type LeaveResponse struct {
+	Response
+}
+
+// ProgramExternalConnectivityRequest describes the API for programming the external connectivity for the given endpoint.
+type ProgramExternalConnectivityRequest struct {
+	NetworkID  string
+	EndpointID string
+	Options    map[string]interface{}
+}
+
+// ProgramExternalConnectivityResponse is the answer to ProgramExternalConnectivityRequest.
+type ProgramExternalConnectivityResponse struct {
+	Response
+}
+
+// RevokeExternalConnectivityRequest describes the API for revoking the external connectivity for the given endpoint.
+type RevokeExternalConnectivityRequest struct {
+	NetworkID  string
+	EndpointID string
+}
+
+// RevokeExternalConnectivityResponse is the answer to RevokeExternalConnectivityRequest.
+type RevokeExternalConnectivityResponse struct {
+	Response
+}
+
+// DiscoveryNotification represents a discovery notification
+type DiscoveryNotification struct {
+	DiscoveryType discoverapi.DiscoveryType
+	DiscoveryData interface{}
+}
+
+// DiscoveryResponse is used by libnetwork to log any plugin error processing the discovery notifications
+type DiscoveryResponse struct {
+	Response
+}
diff --git a/libnetwork/drivers/remote/driver.go b/libnetwork/drivers/remote/driver.go
new file mode 100644
index 0000000000000..a21a34e6b7f25
--- /dev/null
+++ b/libnetwork/drivers/remote/driver.go
@@ -0,0 +1,436 @@
+package remote
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/drivers/remote/api"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type driver struct {
+	endpoint    *plugins.Client
+	networkType string
+}
+
+type maybeError interface {
+	GetError() string
+}
+
+func newDriver(name string, client *plugins.Client) driverapi.Driver {
+	return &driver{networkType: name, endpoint: client}
+}
+
+// Init makes sure a remote driver is registered when a network driver
+// plugin is activated.
+func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
+	newPluginHandler := func(name string, client *plugins.Client) {
+		// negotiate driver capability with client
+		d := newDriver(name, client)
+		c, err := d.(*driver).getCapabilities()
+		if err != nil {
+			logrus.Errorf("error getting capability for %s due to %v", name, err)
+			return
+		}
+		if err = dc.RegisterDriver(name, d, *c); err != nil {
+			logrus.Errorf("error registering driver for %s due to %v", name, err)
+		}
+	}
+
+	// Unit test code is unaware of a true PluginStore. So we fall back to v1 plugins.
+	handleFunc := plugins.Handle
+	if pg := dc.GetPluginGetter(); pg != nil {
+		handleFunc = pg.Handle
+		activePlugins := pg.GetAllManagedPluginsByCap(driverapi.NetworkPluginEndpointType)
+		for _, ap := range activePlugins {
+			client, err := getPluginClient(ap)
+			if err != nil {
+				return err
+			}
+			newPluginHandler(ap.Name(), client)
+		}
+	}
+	handleFunc(driverapi.NetworkPluginEndpointType, newPluginHandler)
+
+	return nil
+}
+
+func getPluginClient(p plugingetter.CompatPlugin) (*plugins.Client, error) {
+	if v1, ok := p.(plugingetter.PluginWithV1Client); ok {
+		return v1.Client(), nil
+	}
+
+	pa, ok := p.(plugingetter.PluginAddr)
+	if !ok {
+		return nil, errors.Errorf("unknown plugin type %T", p)
+	}
+
+	if pa.Protocol() != plugins.ProtocolSchemeHTTPV1 {
+		return nil, errors.Errorf("unsupported plugin protocol %s", pa.Protocol())
+	}
+
+	addr := pa.Addr()
+	client, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, pa.Timeout())
+	if err != nil {
+		return nil, errors.Wrap(err, "error creating plugin client")
+	}
+	return client, nil
+}
+
+// Get capability from client
+func (d *driver) getCapabilities() (*driverapi.Capability, error) {
+	var capResp api.GetCapabilityResponse
+	if err := d.call("GetCapabilities", nil, &capResp); err != nil {
+		return nil, err
+	}
+
+	c := &driverapi.Capability{}
+	switch capResp.Scope {
+	case "global":
+		c.DataScope = datastore.GlobalScope
+	case "local":
+		c.DataScope = datastore.LocalScope
+	default:
+		return nil, fmt.Errorf("invalid capability: expecting 'local' or 'global', got %s", capResp.Scope)
+	}
+
+	switch capResp.ConnectivityScope {
+	case "global":
+		c.ConnectivityScope = datastore.GlobalScope
+	case "local":
+		c.ConnectivityScope = datastore.LocalScope
+	case "":
+		c.ConnectivityScope = c.DataScope
+	default:
+		return nil, fmt.Errorf("invalid capability: expecting 'local' or 'global', got %s", capResp.Scope)
+	}
+
+	return c, nil
+}
+
+// Config is not implemented for remote drivers, since it is assumed
+// to be supplied to the remote process out-of-band (e.g., as command
+// line arguments).
+func (d *driver) Config(option map[string]interface{}) error {
+	return &driverapi.ErrNotImplemented{}
+}
+
+func (d *driver) call(methodName string, arg interface{}, retVal maybeError) error {
+	method := driverapi.NetworkPluginEndpointType + "." + methodName
+	err := d.endpoint.Call(method, arg, retVal)
+	if err != nil {
+		return err
+	}
+	if e := retVal.GetError(); e != "" {
+		return fmt.Errorf("remote: %s", e)
+	}
+	return nil
+}
+
+func (d *driver) NetworkAllocate(id string, options map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
+	create := &api.AllocateNetworkRequest{
+		NetworkID: id,
+		Options:   options,
+		IPv4Data:  ipV4Data,
+		IPv6Data:  ipV6Data,
+	}
+	retVal := api.AllocateNetworkResponse{}
+	err := d.call("AllocateNetwork", create, &retVal)
+	return retVal.Options, err
+}
+
+func (d *driver) NetworkFree(id string) error {
+	fr := &api.FreeNetworkRequest{NetworkID: id}
+	return d.call("FreeNetwork", fr, &api.FreeNetworkResponse{})
+}
+
+func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
+}
+
+func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
+	return "", nil
+}
+
+func (d *driver) CreateNetwork(id string, options map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
+	create := &api.CreateNetworkRequest{
+		NetworkID: id,
+		Options:   options,
+		IPv4Data:  ipV4Data,
+		IPv6Data:  ipV6Data,
+	}
+	return d.call("CreateNetwork", create, &api.CreateNetworkResponse{})
+}
+
+func (d *driver) DeleteNetwork(nid string) error {
+	delete := &api.DeleteNetworkRequest{NetworkID: nid}
+	return d.call("DeleteNetwork", delete, &api.DeleteNetworkResponse{})
+}
+
+func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
+	if ifInfo == nil {
+		return errors.New("must not be called with nil InterfaceInfo")
+	}
+
+	reqIface := &api.EndpointInterface{}
+	if ifInfo.Address() != nil {
+		reqIface.Address = ifInfo.Address().String()
+	}
+	if ifInfo.AddressIPv6() != nil {
+		reqIface.AddressIPv6 = ifInfo.AddressIPv6().String()
+	}
+	if ifInfo.MacAddress() != nil {
+		reqIface.MacAddress = ifInfo.MacAddress().String()
+	}
+
+	create := &api.CreateEndpointRequest{
+		NetworkID:  nid,
+		EndpointID: eid,
+		Interface:  reqIface,
+		Options:    epOptions,
+	}
+	var res api.CreateEndpointResponse
+	if err := d.call("CreateEndpoint", create, &res); err != nil {
+		return err
+	}
+
+	inIface, err := parseInterface(res)
+	if err != nil {
+		return err
+	}
+	if inIface == nil {
+		// Remote driver did not set any field
+		return nil
+	}
+
+	if inIface.MacAddress != nil {
+		if err := ifInfo.SetMacAddress(inIface.MacAddress); err != nil {
+			return errorWithRollback(fmt.Sprintf("driver modified interface MAC address: %v", err), d.DeleteEndpoint(nid, eid))
+		}
+	}
+	if inIface.Address != nil {
+		if err := ifInfo.SetIPAddress(inIface.Address); err != nil {
+			return errorWithRollback(fmt.Sprintf("driver modified interface address: %v", err), d.DeleteEndpoint(nid, eid))
+		}
+	}
+	if inIface.AddressIPv6 != nil {
+		if err := ifInfo.SetIPAddress(inIface.AddressIPv6); err != nil {
+			return errorWithRollback(fmt.Sprintf("driver modified interface address: %v", err), d.DeleteEndpoint(nid, eid))
+		}
+	}
+
+	return nil
+}
+
+func errorWithRollback(msg string, err error) error {
+	rollback := "rolled back"
+	if err != nil {
+		rollback = "failed to roll back: " + err.Error()
+	}
+	return fmt.Errorf("%s; %s", msg, rollback)
+}
+
+func (d *driver) DeleteEndpoint(nid, eid string) error {
+	delete := &api.DeleteEndpointRequest{
+		NetworkID:  nid,
+		EndpointID: eid,
+	}
+	return d.call("DeleteEndpoint", delete, &api.DeleteEndpointResponse{})
+}
+
+func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
+	info := &api.EndpointInfoRequest{
+		NetworkID:  nid,
+		EndpointID: eid,
+	}
+	var res api.EndpointInfoResponse
+	if err := d.call("EndpointOperInfo", info, &res); err != nil {
+		return nil, err
+	}
+	return res.Value, nil
+}
+
+// Join method is invoked when a Sandbox is attached to an endpoint.
+func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
+	join := &api.JoinRequest{
+		NetworkID:  nid,
+		EndpointID: eid,
+		SandboxKey: sboxKey,
+		Options:    options,
+	}
+	var (
+		res api.JoinResponse
+		err error
+	)
+	if err = d.call("Join", join, &res); err != nil {
+		return err
+	}
+
+	ifaceName := res.InterfaceName
+	if iface := jinfo.InterfaceName(); iface != nil && ifaceName != nil {
+		if err := iface.SetNames(ifaceName.SrcName, ifaceName.DstPrefix); err != nil {
+			return errorWithRollback(fmt.Sprintf("failed to set interface name: %s", err), d.Leave(nid, eid))
+		}
+	}
+
+	var addr net.IP
+	if res.Gateway != "" {
+		if addr = net.ParseIP(res.Gateway); addr == nil {
+			return fmt.Errorf(`unable to parse Gateway "%s"`, res.Gateway)
+		}
+		if jinfo.SetGateway(addr) != nil {
+			return errorWithRollback(fmt.Sprintf("failed to set gateway: %v", addr), d.Leave(nid, eid))
+		}
+	}
+	if res.GatewayIPv6 != "" {
+		if addr = net.ParseIP(res.GatewayIPv6); addr == nil {
+			return fmt.Errorf(`unable to parse GatewayIPv6 "%s"`, res.GatewayIPv6)
+		}
+		if jinfo.SetGatewayIPv6(addr) != nil {
+			return errorWithRollback(fmt.Sprintf("failed to set gateway IPv6: %v", addr), d.Leave(nid, eid))
+		}
+	}
+	if len(res.StaticRoutes) > 0 {
+		routes, err := parseStaticRoutes(res)
+		if err != nil {
+			return err
+		}
+		for _, route := range routes {
+			if jinfo.AddStaticRoute(route.Destination, route.RouteType, route.NextHop) != nil {
+				return errorWithRollback(fmt.Sprintf("failed to set static route: %v", route), d.Leave(nid, eid))
+			}
+		}
+	}
+	if res.DisableGatewayService {
+		jinfo.DisableGatewayService()
+	}
+	return nil
+}
+
+// Leave method is invoked when a Sandbox detaches from an endpoint.
+func (d *driver) Leave(nid, eid string) error {
+	leave := &api.LeaveRequest{
+		NetworkID:  nid,
+		EndpointID: eid,
+	}
+	return d.call("Leave", leave, &api.LeaveResponse{})
+}
+
+// ProgramExternalConnectivity is invoked to program the rules to allow external connectivity for the endpoint.
+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
+	data := &api.ProgramExternalConnectivityRequest{
+		NetworkID:  nid,
+		EndpointID: eid,
+		Options:    options,
+	}
+	err := d.call("ProgramExternalConnectivity", data, &api.ProgramExternalConnectivityResponse{})
+	if err != nil && plugins.IsNotFound(err) {
+		// It is not mandatory yet to support this method
+		return nil
+	}
+	return err
+}
+
+// RevokeExternalConnectivity method is invoked to remove any external connectivity programming related to the endpoint.
+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
+	data := &api.RevokeExternalConnectivityRequest{
+		NetworkID:  nid,
+		EndpointID: eid,
+	}
+	err := d.call("RevokeExternalConnectivity", data, &api.RevokeExternalConnectivityResponse{})
+	if err != nil && plugins.IsNotFound(err) {
+		// It is not mandatory yet to support this method
+		return nil
+	}
+	return err
+}
+
+func (d *driver) Type() string {
+	return d.networkType
+}
+
+func (d *driver) IsBuiltIn() bool {
+	return false
+}
+
+// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
+func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
+	if dType != discoverapi.NodeDiscovery {
+		return nil
+	}
+	notif := &api.DiscoveryNotification{
+		DiscoveryType: dType,
+		DiscoveryData: data,
+	}
+	return d.call("DiscoverNew", notif, &api.DiscoveryResponse{})
+}
+
+// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
+func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
+	if dType != discoverapi.NodeDiscovery {
+		return nil
+	}
+	notif := &api.DiscoveryNotification{
+		DiscoveryType: dType,
+		DiscoveryData: data,
+	}
+	return d.call("DiscoverDelete", notif, &api.DiscoveryResponse{})
+}
+
+func parseStaticRoutes(r api.JoinResponse) ([]*types.StaticRoute, error) {
+	var routes = make([]*types.StaticRoute, len(r.StaticRoutes))
+	for i, inRoute := range r.StaticRoutes {
+		var err error
+		outRoute := &types.StaticRoute{RouteType: inRoute.RouteType}
+
+		if inRoute.Destination != "" {
+			if outRoute.Destination, err = types.ParseCIDR(inRoute.Destination); err != nil {
+				return nil, err
+			}
+		}
+
+		if inRoute.NextHop != "" {
+			outRoute.NextHop = net.ParseIP(inRoute.NextHop)
+			if outRoute.NextHop == nil {
+				return nil, fmt.Errorf("failed to parse nexthop IP %s", inRoute.NextHop)
+			}
+		}
+
+		routes[i] = outRoute
+	}
+	return routes, nil
+}
+
+// parseInterfaces validates all the parameters of an Interface and returns them.
+func parseInterface(r api.CreateEndpointResponse) (*api.Interface, error) {
+	var outIf *api.Interface
+
+	inIf := r.Interface
+	if inIf != nil {
+		var err error
+		outIf = &api.Interface{}
+		if inIf.Address != "" {
+			if outIf.Address, err = types.ParseCIDR(inIf.Address); err != nil {
+				return nil, err
+			}
+		}
+		if inIf.AddressIPv6 != "" {
+			if outIf.AddressIPv6, err = types.ParseCIDR(inIf.AddressIPv6); err != nil {
+				return nil, err
+			}
+		}
+		if inIf.MacAddress != "" {
+			if outIf.MacAddress, err = net.ParseMAC(inIf.MacAddress); err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return outIf, nil
+}
diff --git a/libnetwork/drivers/remote/driver_test.go b/libnetwork/drivers/remote/driver_test.go
new file mode 100644
index 0000000000000..0a390b9dabb8a
--- /dev/null
+++ b/libnetwork/drivers/remote/driver_test.go
@@ -0,0 +1,620 @@
+package remote
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/plugins"
+)
+
+func decodeToMap(r *http.Request) (res map[string]interface{}, err error) {
+	err = json.NewDecoder(r.Body).Decode(&res)
+	return
+}
+
+func handle(t *testing.T, mux *http.ServeMux, method string, h func(map[string]interface{}) interface{}) {
+	mux.HandleFunc(fmt.Sprintf("/%s.%s", driverapi.NetworkPluginEndpointType, method), func(w http.ResponseWriter, r *http.Request) {
+		ask, err := decodeToMap(r)
+		if err != nil && err != io.EOF {
+			t.Fatal(err)
+		}
+		answer := h(ask)
+		err = json.NewEncoder(w).Encode(&answer)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+}
+
+func setupPlugin(t *testing.T, name string, mux *http.ServeMux) func() {
+	specPath := "/etc/docker/plugins"
+	if runtime.GOOS == "windows" {
+		specPath = filepath.Join(os.Getenv("programdata"), "docker", "plugins")
+	}
+
+	if err := os.MkdirAll(specPath, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if t.Failed() {
+			os.RemoveAll(specPath)
+		}
+	}()
+
+	server := httptest.NewServer(mux)
+	if server == nil {
+		t.Fatal("Failed to start an HTTP Server")
+	}
+
+	if err := os.WriteFile(filepath.Join(specPath, name+".spec"), []byte(server.URL), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Implements": ["%s"]}`, driverapi.NetworkPluginEndpointType)
+	})
+
+	return func() {
+		if err := os.RemoveAll(specPath); err != nil {
+			t.Fatal(err)
+		}
+		server.Close()
+	}
+}
+
+type testEndpoint struct {
+	t                     *testing.T
+	src                   string
+	dst                   string
+	address               string
+	addressIPv6           string
+	macAddress            string
+	gateway               string
+	gatewayIPv6           string
+	resolvConfPath        string
+	hostsPath             string
+	nextHop               string
+	destination           string
+	routeType             int
+	disableGatewayService bool
+}
+
+func (test *testEndpoint) Interface() driverapi.InterfaceInfo {
+	return test
+}
+
+func (test *testEndpoint) Address() *net.IPNet {
+	if test.address == "" {
+		return nil
+	}
+	nw, _ := types.ParseCIDR(test.address)
+	return nw
+}
+
+func (test *testEndpoint) AddressIPv6() *net.IPNet {
+	if test.addressIPv6 == "" {
+		return nil
+	}
+	nw, _ := types.ParseCIDR(test.addressIPv6)
+	return nw
+}
+
+func (test *testEndpoint) MacAddress() net.HardwareAddr {
+	if test.macAddress == "" {
+		return nil
+	}
+	mac, _ := net.ParseMAC(test.macAddress)
+	return mac
+}
+
+func (test *testEndpoint) SetMacAddress(mac net.HardwareAddr) error {
+	if test.macAddress != "" {
+		return types.ForbiddenErrorf("endpoint interface MAC address present (%s). Cannot be modified with %s.", test.macAddress, mac)
+	}
+	if mac == nil {
+		return types.BadRequestErrorf("tried to set nil MAC address to endpoint interface")
+	}
+	test.macAddress = mac.String()
+	return nil
+}
+
+func (test *testEndpoint) SetIPAddress(address *net.IPNet) error {
+	if address.IP == nil {
+		return types.BadRequestErrorf("tried to set nil IP address to endpoint interface")
+	}
+	if address.IP.To4() == nil {
+		return setAddress(&test.addressIPv6, address)
+	}
+	return setAddress(&test.address, address)
+}
+
+func setAddress(ifaceAddr *string, address *net.IPNet) error {
+	if *ifaceAddr != "" {
+		return types.ForbiddenErrorf("endpoint interface IP present (%s). Cannot be modified with (%s).", *ifaceAddr, address)
+	}
+	*ifaceAddr = address.String()
+	return nil
+}
+
+func (test *testEndpoint) InterfaceName() driverapi.InterfaceNameInfo {
+	return test
+}
+
+func compareIPs(t *testing.T, kind string, shouldBe string, supplied net.IP) {
+	ip := net.ParseIP(shouldBe)
+	if ip == nil {
+		t.Fatalf(`Invalid IP to test against: "%s"`, shouldBe)
+	}
+	if !ip.Equal(supplied) {
+		t.Fatalf(`%s IPs are not equal: expected "%s", got %v`, kind, shouldBe, supplied)
+	}
+}
+
+func compareIPNets(t *testing.T, kind string, shouldBe string, supplied net.IPNet) {
+	_, net, _ := net.ParseCIDR(shouldBe)
+	if net == nil {
+		t.Fatalf(`Invalid IP network to test against: "%s"`, shouldBe)
+	}
+	if !types.CompareIPNet(net, &supplied) {
+		t.Fatalf(`%s IP networks are not equal: expected "%s", got %v`, kind, shouldBe, supplied)
+	}
+}
+
+func (test *testEndpoint) SetGateway(ipv4 net.IP) error {
+	compareIPs(test.t, "Gateway", test.gateway, ipv4)
+	return nil
+}
+
+func (test *testEndpoint) SetGatewayIPv6(ipv6 net.IP) error {
+	compareIPs(test.t, "GatewayIPv6", test.gatewayIPv6, ipv6)
+	return nil
+}
+
+func (test *testEndpoint) SetNames(src string, dst string) error {
+	if test.src != src {
+		test.t.Fatalf(`Wrong SrcName; expected "%s", got "%s"`, test.src, src)
+	}
+	if test.dst != dst {
+		test.t.Fatalf(`Wrong DstPrefix; expected "%s", got "%s"`, test.dst, dst)
+	}
+	return nil
+}
+
+func (test *testEndpoint) AddStaticRoute(destination *net.IPNet, routeType int, nextHop net.IP) error {
+	compareIPNets(test.t, "Destination", test.destination, *destination)
+	compareIPs(test.t, "NextHop", test.nextHop, nextHop)
+
+	if test.routeType != routeType {
+		test.t.Fatalf(`Wrong RouteType; expected "%d", got "%d"`, test.routeType, routeType)
+	}
+
+	return nil
+}
+
+func (test *testEndpoint) DisableGatewayService() {
+	test.disableGatewayService = true
+}
+
+func (test *testEndpoint) AddTableEntry(tableName string, key string, value []byte) error {
+	return nil
+}
+
+func TestGetEmptyCapabilities(t *testing.T) {
+	var plugin = "test-net-driver-empty-cap"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	handle(t, mux, "GetCapabilities", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{}
+	})
+
+	p, err := plugins.Get(plugin, driverapi.NetworkPluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	d := newDriver(plugin, client)
+	if d.Type() != plugin {
+		t.Fatal("Driver type does not match that given")
+	}
+
+	_, err = d.(*driver).getCapabilities()
+	if err == nil {
+		t.Fatal("There should be error reported when get empty capability")
+	}
+}
+
+func TestGetExtraCapabilities(t *testing.T) {
+	var plugin = "test-net-driver-extra-cap"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	handle(t, mux, "GetCapabilities", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{
+			"Scope":             "local",
+			"foo":               "bar",
+			"ConnectivityScope": "global",
+		}
+	})
+
+	p, err := plugins.Get(plugin, driverapi.NetworkPluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	d := newDriver(plugin, client)
+	if d.Type() != plugin {
+		t.Fatal("Driver type does not match that given")
+	}
+
+	c, err := d.(*driver).getCapabilities()
+	if err != nil {
+		t.Fatal(err)
+	} else if c.DataScope != datastore.LocalScope {
+		t.Fatalf("get capability '%s', expecting 'local'", c.DataScope)
+	} else if c.ConnectivityScope != datastore.GlobalScope {
+		t.Fatalf("get capability '%s', expecting %q", c.ConnectivityScope, datastore.GlobalScope)
+	}
+}
+
+func TestGetInvalidCapabilities(t *testing.T) {
+	var plugin = "test-net-driver-invalid-cap"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	handle(t, mux, "GetCapabilities", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{
+			"Scope": "fake",
+		}
+	})
+
+	p, err := plugins.Get(plugin, driverapi.NetworkPluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	d := newDriver(plugin, client)
+	if d.Type() != plugin {
+		t.Fatal("Driver type does not match that given")
+	}
+
+	_, err = d.(*driver).getCapabilities()
+	if err == nil {
+		t.Fatal("There should be error reported when get invalid capability")
+	}
+}
+
+func TestRemoteDriver(t *testing.T) {
+	var plugin = "test-net-driver"
+
+	ep := &testEndpoint{
+		t:              t,
+		src:            "vethsrc",
+		dst:            "vethdst",
+		address:        "192.168.5.7/16",
+		addressIPv6:    "2001:DB8::5:7/48",
+		macAddress:     "ab:cd:ef:ee:ee:ee",
+		gateway:        "192.168.0.1",
+		gatewayIPv6:    "2001:DB8::1",
+		hostsPath:      "/here/comes/the/host/path",
+		resolvConfPath: "/there/goes/the/resolv/conf",
+		destination:    "10.0.0.0/8",
+		nextHop:        "10.0.0.1",
+		routeType:      1,
+	}
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	var networkID string
+
+	handle(t, mux, "GetCapabilities", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{
+			"Scope": "global",
+		}
+	})
+	handle(t, mux, "CreateNetwork", func(msg map[string]interface{}) interface{} {
+		nid := msg["NetworkID"]
+		var ok bool
+		if networkID, ok = nid.(string); !ok {
+			t.Fatal("RPC did not include network ID string")
+		}
+		return map[string]interface{}{}
+	})
+	handle(t, mux, "DeleteNetwork", func(msg map[string]interface{}) interface{} {
+		if nid, ok := msg["NetworkID"]; !ok || nid != networkID {
+			t.Fatal("Network ID missing or does not match that created")
+		}
+		return map[string]interface{}{}
+	})
+	handle(t, mux, "CreateEndpoint", func(msg map[string]interface{}) interface{} {
+		iface := map[string]interface{}{
+			"MacAddress":  ep.macAddress,
+			"Address":     ep.address,
+			"AddressIPv6": ep.addressIPv6,
+		}
+		return map[string]interface{}{
+			"Interface": iface,
+		}
+	})
+	handle(t, mux, "Join", func(msg map[string]interface{}) interface{} {
+		options := msg["Options"].(map[string]interface{})
+		foo, ok := options["foo"].(string)
+		if !ok || foo != "fooValue" {
+			t.Fatalf("Did not receive expected foo string in request options: %+v", msg)
+		}
+		return map[string]interface{}{
+			"Gateway":        ep.gateway,
+			"GatewayIPv6":    ep.gatewayIPv6,
+			"HostsPath":      ep.hostsPath,
+			"ResolvConfPath": ep.resolvConfPath,
+			"InterfaceName": map[string]interface{}{
+				"SrcName":   ep.src,
+				"DstPrefix": ep.dst,
+			},
+			"StaticRoutes": []map[string]interface{}{
+				{
+					"Destination": ep.destination,
+					"RouteType":   ep.routeType,
+					"NextHop":     ep.nextHop,
+				},
+			},
+		}
+	})
+	handle(t, mux, "Leave", func(msg map[string]interface{}) interface{} {
+		return map[string]string{}
+	})
+	handle(t, mux, "DeleteEndpoint", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{}
+	})
+	handle(t, mux, "EndpointOperInfo", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{
+			"Value": map[string]string{
+				"Arbitrary": "key",
+				"Value":     "pairs?",
+			},
+		}
+	})
+	handle(t, mux, "DiscoverNew", func(msg map[string]interface{}) interface{} {
+		return map[string]string{}
+	})
+	handle(t, mux, "DiscoverDelete", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{}
+	})
+
+	p, err := plugins.Get(plugin, driverapi.NetworkPluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	d := newDriver(plugin, client)
+	if d.Type() != plugin {
+		t.Fatal("Driver type does not match that given")
+	}
+
+	c, err := d.(*driver).getCapabilities()
+	if err != nil {
+		t.Fatal(err)
+	} else if c.DataScope != datastore.GlobalScope {
+		t.Fatalf("get capability '%s', expecting 'global'", c.DataScope)
+	}
+
+	netID := "dummy-network"
+	err = d.CreateNetwork(netID, map[string]interface{}{}, nil, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	endID := "dummy-endpoint"
+	ifInfo := &testEndpoint{}
+	err = d.CreateEndpoint(netID, endID, ifInfo, map[string]interface{}{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(ep.MacAddress(), ifInfo.MacAddress()) || !types.CompareIPNet(ep.Address(), ifInfo.Address()) ||
+		!types.CompareIPNet(ep.AddressIPv6(), ifInfo.AddressIPv6()) {
+		t.Fatalf("Unexpected InterfaceInfo data. Expected (%s, %s, %s). Got (%v, %v, %v)",
+			ep.MacAddress(), ep.Address(), ep.AddressIPv6(),
+			ifInfo.MacAddress(), ifInfo.Address(), ifInfo.AddressIPv6())
+	}
+
+	joinOpts := map[string]interface{}{"foo": "fooValue"}
+	err = d.Join(netID, endID, "sandbox-key", ep, joinOpts)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err = d.EndpointOperInfo(netID, endID); err != nil {
+		t.Fatal(err)
+	}
+	if err = d.Leave(netID, endID); err != nil {
+		t.Fatal(err)
+	}
+	if err = d.DeleteEndpoint(netID, endID); err != nil {
+		t.Fatal(err)
+	}
+	if err = d.DeleteNetwork(netID); err != nil {
+		t.Fatal(err)
+	}
+
+	data := discoverapi.NodeDiscoveryData{
+		Address: "192.168.1.1",
+	}
+	if err = d.DiscoverNew(discoverapi.NodeDiscovery, data); err != nil {
+		t.Fatal(err)
+	}
+	if err = d.DiscoverDelete(discoverapi.NodeDiscovery, data); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestDriverError(t *testing.T) {
+	var plugin = "test-net-driver-error"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	handle(t, mux, "CreateEndpoint", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{
+			"Err": "this should get raised as an error",
+		}
+	})
+
+	p, err := plugins.Get(plugin, driverapi.NetworkPluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	driver := newDriver(plugin, client)
+
+	if err := driver.CreateEndpoint("dummy", "dummy", &testEndpoint{t: t}, map[string]interface{}{}); err == nil {
+		t.Fatal("Expected error from driver")
+	}
+}
+
+func TestMissingValues(t *testing.T) {
+	var plugin = "test-net-driver-missing"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	ep := &testEndpoint{
+		t: t,
+	}
+
+	handle(t, mux, "CreateEndpoint", func(msg map[string]interface{}) interface{} {
+		iface := map[string]interface{}{
+			"Address":     ep.address,
+			"AddressIPv6": ep.addressIPv6,
+			"MacAddress":  ep.macAddress,
+		}
+		return map[string]interface{}{
+			"Interface": iface,
+		}
+	})
+
+	p, err := plugins.Get(plugin, driverapi.NetworkPluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	driver := newDriver(plugin, client)
+
+	if err := driver.CreateEndpoint("dummy", "dummy", ep, map[string]interface{}{}); err != nil {
+		t.Fatal(err)
+	}
+}
+
+type rollbackEndpoint struct {
+}
+
+func (r *rollbackEndpoint) Interface() driverapi.InterfaceInfo {
+	return r
+}
+
+func (r *rollbackEndpoint) MacAddress() net.HardwareAddr {
+	return nil
+}
+
+func (r *rollbackEndpoint) Address() *net.IPNet {
+	return nil
+}
+
+func (r *rollbackEndpoint) AddressIPv6() *net.IPNet {
+	return nil
+}
+
+func (r *rollbackEndpoint) SetMacAddress(mac net.HardwareAddr) error {
+	return errors.New("invalid mac")
+}
+
+func (r *rollbackEndpoint) SetIPAddress(ip *net.IPNet) error {
+	return errors.New("invalid ip")
+}
+
+func TestRollback(t *testing.T) {
+	var plugin = "test-net-driver-rollback"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	rolledback := false
+
+	handle(t, mux, "CreateEndpoint", func(msg map[string]interface{}) interface{} {
+		iface := map[string]interface{}{
+			"Address":     "192.168.4.5/16",
+			"AddressIPv6": "",
+			"MacAddress":  "7a:12:34:56:78:90",
+		}
+		return map[string]interface{}{
+			"Interface": interface{}(iface),
+		}
+	})
+	handle(t, mux, "DeleteEndpoint", func(msg map[string]interface{}) interface{} {
+		rolledback = true
+		return map[string]interface{}{}
+	})
+
+	p, err := plugins.Get(plugin, driverapi.NetworkPluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	driver := newDriver(plugin, client)
+
+	ep := &rollbackEndpoint{}
+
+	if err := driver.CreateEndpoint("dummy", "dummy", ep.Interface(), map[string]interface{}{}); err == nil {
+		t.Fatal("Expected error from driver")
+	}
+	if !rolledback {
+		t.Fatal("Expected to have had DeleteEndpoint called")
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/labels.go b/libnetwork/drivers/windows/labels.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/drivers/windows/labels.go
rename to libnetwork/drivers/windows/labels.go
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/joinleave_windows.go b/libnetwork/drivers/windows/overlay/joinleave_windows.go
similarity index 89%
rename from vendor/github.com/docker/libnetwork/drivers/windows/overlay/joinleave_windows.go
rename to libnetwork/drivers/windows/overlay/joinleave_windows.go
index 83bee5ad93cb7..44b132cc90ba9 100644
--- a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/joinleave_windows.go
+++ b/libnetwork/drivers/windows/overlay/joinleave_windows.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/gogo/protobuf/proto"
 	"github.com/sirupsen/logrus"
 )
@@ -95,7 +95,10 @@ func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key stri
 		return
 	}
 
-	d.peerAdd(nid, eid, addr.IP, addr.Mask, mac, vtep, true)
+	err = d.peerAdd(nid, eid, addr.IP, addr.Mask, mac, vtep, true)
+	if err != nil {
+		logrus.Errorf("peerAdd failed (%v) for ip %s with mac %s", err, addr.IP.String(), mac.String())
+	}
 }
 
 func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/ov_endpoint_windows.go b/libnetwork/drivers/windows/overlay/ov_endpoint_windows.go
similarity index 76%
rename from vendor/github.com/docker/libnetwork/drivers/windows/overlay/ov_endpoint_windows.go
rename to libnetwork/drivers/windows/overlay/ov_endpoint_windows.go
index c990357922c40..5280e7ef396b9 100644
--- a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/ov_endpoint_windows.go
+++ b/libnetwork/drivers/windows/overlay/ov_endpoint_windows.go
@@ -4,13 +4,14 @@ import (
 	"encoding/json"
 	"fmt"
 	"net"
+	"sync"
 
 	"github.com/Microsoft/hcsshim"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/drivers/windows"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/drivers/windows"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -29,6 +30,13 @@ type endpoint struct {
 	portMapping    []types.PortBinding // Operation port bindings
 }
 
+var (
+	//Server 2016 (RS1) does not support concurrent add/delete of endpoints.  Therefore, we need
+	//to use this mutex and serialize the add/delete of endpoints on RS1.
+	endpointMu   sync.Mutex
+	windowsBuild = osversion.Build()
+)
+
 func validateID(nid, eid string) error {
 	if nid == "" {
 		return fmt.Errorf("invalid network id")
@@ -77,8 +85,7 @@ func (n *network) removeEndpointWithAddress(addr *net.IPNet) {
 
 	if networkEndpoint != nil {
 		logrus.Debugf("Removing stale endpoint from HNS")
-		_, err := hcsshim.HNSEndpointRequest("DELETE", networkEndpoint.profileID, "")
-
+		_, err := endpointRequest("DELETE", networkEndpoint.profileID, "")
 		if err != nil {
 			logrus.Debugf("Failed to delete stale overlay endpoint (%.7s) from hns", networkEndpoint.id)
 		}
@@ -101,8 +108,7 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,
 	if ep != nil {
 		logrus.Debugf("Deleting stale endpoint %s", eid)
 		n.deleteEndpoint(eid)
-
-		_, err := hcsshim.HNSEndpointRequest("DELETE", ep.profileID, "")
+		_, err := endpointRequest("DELETE", ep.profileID, "")
 		if err != nil {
 			return err
 		}
@@ -149,7 +155,7 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,
 
 	hnsEndpoint.Policies = append(hnsEndpoint.Policies, paPolicy)
 
-	if system.GetOSVersion().Build > 16236 {
+	if osversion.Build() > 16236 {
 		natPolicy, err := json.Marshal(hcsshim.PaPolicy{
 			Type: "OutBoundNAT",
 		})
@@ -165,7 +171,19 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,
 			return err
 		}
 
-		pbPolicy, err := windows.ConvertPortBindings(epConnectivity.PortBindings)
+		ep.portMapping = epConnectivity.PortBindings
+		ep.portMapping, err = windows.AllocatePorts(n.portMapper, ep.portMapping, ep.addr.IP)
+		if err != nil {
+			return err
+		}
+
+		defer func() {
+			if err != nil {
+				windows.ReleasePorts(n.portMapper, ep.portMapping)
+			}
+		}()
+
+		pbPolicy, err := windows.ConvertPortBindings(ep.portMapping)
 		if err != nil {
 			return err
 		}
@@ -179,7 +197,7 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,
 		return err
 	}
 
-	hnsresponse, err := hcsshim.HNSEndpointRequest("POST", "", string(configurationb))
+	hnsresponse, err := endpointRequest("POST", "", string(configurationb))
 	if err != nil {
 		return err
 	}
@@ -199,7 +217,7 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,
 
 	ep.portMapping, err = windows.ParsePortBindingPolicies(hnsresponse.Policies)
 	if err != nil {
-		hcsshim.HNSEndpointRequest("DELETE", hnsresponse.Id, "")
+		endpointRequest("DELETE", hnsresponse.Id, "")
 		return err
 	}
 
@@ -223,9 +241,11 @@ func (d *driver) DeleteEndpoint(nid, eid string) error {
 		return fmt.Errorf("endpoint id %q not found", eid)
 	}
 
+	windows.ReleasePorts(n.portMapper, ep.portMapping)
+
 	n.deleteEndpoint(eid)
 
-	_, err := hcsshim.HNSEndpointRequest("DELETE", ep.profileID, "")
+	_, err := endpointRequest("DELETE", ep.profileID, "")
 	if err != nil {
 		return err
 	}
@@ -263,3 +283,14 @@ func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, erro
 
 	return data, nil
 }
+
+func endpointRequest(method, path, request string) (*hcsshim.HNSEndpoint, error) {
+	if windowsBuild == 14393 {
+		endpointMu.Lock()
+	}
+	hnsresponse, err := hcsshim.HNSEndpointRequest(method, path, request)
+	if windowsBuild == 14393 {
+		endpointMu.Unlock()
+	}
+	return hnsresponse, err
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/ov_network_windows.go b/libnetwork/drivers/windows/overlay/ov_network_windows.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/drivers/windows/overlay/ov_network_windows.go
rename to libnetwork/drivers/windows/overlay/ov_network_windows.go
index 9cc46f8cfe985..4dec6b56a348d 100644
--- a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/ov_network_windows.go
+++ b/libnetwork/drivers/windows/overlay/ov_network_windows.go
@@ -9,9 +9,10 @@ import (
 	"sync"
 
 	"github.com/Microsoft/hcsshim"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/portmapper"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -46,6 +47,7 @@ type network struct {
 	initErr         error
 	subnets         []*subnet
 	secure          bool
+	portMapper      *portmapper.PortMapper
 	sync.Mutex
 }
 
@@ -89,10 +91,11 @@ func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo d
 	}
 
 	n := &network{
-		id:        id,
-		driver:    d,
-		endpoints: endpointTable{},
-		subnets:   []*subnet{},
+		id:         id,
+		driver:     d,
+		endpoints:  endpointTable{},
+		subnets:    []*subnet{},
+		portMapper: portmapper.New(""),
 	}
 
 	genData, ok := option[netlabel.GenericData].(map[string]string)
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/overlay.pb.go b/libnetwork/drivers/windows/overlay/overlay.pb.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/drivers/windows/overlay/overlay.pb.go
rename to libnetwork/drivers/windows/overlay/overlay.pb.go
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/overlay.proto b/libnetwork/drivers/windows/overlay/overlay.proto
similarity index 100%
rename from vendor/github.com/docker/libnetwork/drivers/windows/overlay/overlay.proto
rename to libnetwork/drivers/windows/overlay/overlay.proto
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/overlay_windows.go b/libnetwork/drivers/windows/overlay/overlay_windows.go
similarity index 90%
rename from vendor/github.com/docker/libnetwork/drivers/windows/overlay/overlay_windows.go
rename to libnetwork/drivers/windows/overlay/overlay_windows.go
index 65ad62ae0d7bc..d31370246c38f 100644
--- a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/overlay_windows.go
+++ b/libnetwork/drivers/windows/overlay/overlay_windows.go
@@ -1,6 +1,6 @@
 package overlay
 
-//go:generate protoc -I.:../../Godeps/_workspace/src/github.com/gogo/protobuf  --gogo_out=import_path=github.com/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto
+//go:generate protoc -I.:../../Godeps/_workspace/src/github.com/gogo/protobuf  --gogo_out=import_path=github.com/docker/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto
 
 import (
 	"encoding/json"
@@ -8,11 +8,11 @@ import (
 	"sync"
 
 	"github.com/Microsoft/hcsshim"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/peerdb_windows.go b/libnetwork/drivers/windows/overlay/peerdb_windows.go
similarity index 92%
rename from vendor/github.com/docker/libnetwork/drivers/windows/overlay/peerdb_windows.go
rename to libnetwork/drivers/windows/overlay/peerdb_windows.go
index 159bfd6ed1e36..983acf172f910 100644
--- a/vendor/github.com/docker/libnetwork/drivers/windows/overlay/peerdb_windows.go
+++ b/libnetwork/drivers/windows/overlay/peerdb_windows.go
@@ -6,7 +6,7 @@ import (
 
 	"encoding/json"
 
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 
 	"github.com/Microsoft/hcsshim"
@@ -67,8 +67,7 @@ func (d *driver) peerAdd(nid, eid string, peerIP net.IP, peerIPMask net.IPMask,
 		}
 
 		n.removeEndpointWithAddress(addr)
-
-		hnsresponse, err := hcsshim.HNSEndpointRequest("POST", "", string(configurationb))
+		hnsresponse, err := endpointRequest("POST", "", string(configurationb))
 		if err != nil {
 			return err
 		}
@@ -108,7 +107,7 @@ func (d *driver) peerDelete(nid, eid string, peerIP net.IP, peerIPMask net.IPMas
 	}
 
 	if updateDb {
-		_, err := hcsshim.HNSEndpointRequest("DELETE", ep.profileID, "")
+		_, err := endpointRequest("DELETE", ep.profileID, "")
 		if err != nil {
 			return err
 		}
diff --git a/libnetwork/drivers/windows/port_mapping.go b/libnetwork/drivers/windows/port_mapping.go
new file mode 100644
index 0000000000000..56933b62e8060
--- /dev/null
+++ b/libnetwork/drivers/windows/port_mapping.go
@@ -0,0 +1,132 @@
+//go:build windows
+// +build windows
+
+package windows
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/portmapper"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/ishidawataru/sctp"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	maxAllocatePortAttempts = 10
+)
+
+// ErrUnsupportedAddressType is returned when the specified address type is not supported.
+type ErrUnsupportedAddressType string
+
+func (uat ErrUnsupportedAddressType) Error() string {
+	return fmt.Sprintf("unsupported address type: %s", string(uat))
+}
+
+// AllocatePorts allocates ports specified in bindings from the portMapper
+func AllocatePorts(portMapper *portmapper.PortMapper, bindings []types.PortBinding, containerIP net.IP) ([]types.PortBinding, error) {
+	bs := make([]types.PortBinding, 0, len(bindings))
+	for _, c := range bindings {
+		b := c.GetCopy()
+		if err := allocatePort(portMapper, &b, containerIP); err != nil {
+			// On allocation failure, release previously allocated ports. On cleanup error, just log a warning message
+			if cuErr := ReleasePorts(portMapper, bs); cuErr != nil {
+				logrus.Warnf("Upon allocation failure for %v, failed to clear previously allocated port bindings: %v", b, cuErr)
+			}
+			return nil, err
+		}
+		bs = append(bs, b)
+	}
+	return bs, nil
+}
+
+func allocatePort(portMapper *portmapper.PortMapper, bnd *types.PortBinding, containerIP net.IP) error {
+	var (
+		host net.Addr
+		err  error
+	)
+
+	// Windows does not support a host ip for port bindings (this is validated in ConvertPortBindings()).
+	// If the HostIP is nil, force it to be 0.0.0.0 for use as the key in portMapper.
+	if bnd.HostIP == nil {
+		bnd.HostIP = net.IPv4zero
+	}
+
+	// Store the container interface address in the operational binding
+	bnd.IP = containerIP
+
+	// Adjust HostPortEnd if this is not a range.
+	if bnd.HostPortEnd == 0 {
+		bnd.HostPortEnd = bnd.HostPort
+	}
+
+	// Construct the container side transport address
+	container, err := bnd.ContainerAddr()
+	if err != nil {
+		return err
+	}
+
+	// Try up to maxAllocatePortAttempts times to get a port that's not already allocated.
+	for i := 0; i < maxAllocatePortAttempts; i++ {
+		if host, err = portMapper.MapRange(container, bnd.HostIP, int(bnd.HostPort), int(bnd.HostPortEnd), false); err == nil {
+			break
+		}
+		// There is no point in immediately retrying to map an explicitly chosen port.
+		if bnd.HostPort != 0 {
+			logrus.Warnf("Failed to allocate and map port %d-%d: %s", bnd.HostPort, bnd.HostPortEnd, err)
+			break
+		}
+		logrus.Warnf("Failed to allocate and map port: %s, retry: %d", err, i+1)
+	}
+	if err != nil {
+		return err
+	}
+
+	// Save the host port (regardless it was or not specified in the binding)
+	switch netAddr := host.(type) {
+	case *net.TCPAddr:
+		bnd.HostPort = uint16(host.(*net.TCPAddr).Port)
+		break
+	case *net.UDPAddr:
+		bnd.HostPort = uint16(host.(*net.UDPAddr).Port)
+		break
+	case *sctp.SCTPAddr:
+		bnd.HostPort = uint16(host.(*sctp.SCTPAddr).Port)
+		break
+	default:
+		// For completeness
+		return ErrUnsupportedAddressType(fmt.Sprintf("%T", netAddr))
+	}
+	//Windows does not support host port ranges.
+	bnd.HostPortEnd = bnd.HostPort
+	return nil
+}
+
+// ReleasePorts releases ports specified in bindings from the portMapper
+func ReleasePorts(portMapper *portmapper.PortMapper, bindings []types.PortBinding) error {
+	var errorBuf bytes.Buffer
+
+	// Attempt to release all port bindings, do not stop on failure
+	for _, m := range bindings {
+		if err := releasePort(portMapper, m); err != nil {
+			errorBuf.WriteString(fmt.Sprintf("\ncould not release %v because of %v", m, err))
+		}
+	}
+
+	if errorBuf.Len() != 0 {
+		return errors.New(errorBuf.String())
+	}
+	return nil
+}
+
+func releasePort(portMapper *portmapper.PortMapper, bnd types.PortBinding) error {
+	// Construct the host side transport address
+	host, err := bnd.HostAddr()
+	if err != nil {
+		return err
+	}
+	return portMapper.Unmap(host)
+}
diff --git a/libnetwork/drivers/windows/windows.go b/libnetwork/drivers/windows/windows.go
new file mode 100644
index 0000000000000..86a4691db48c8
--- /dev/null
+++ b/libnetwork/drivers/windows/windows.go
@@ -0,0 +1,921 @@
+//go:build windows
+// +build windows
+
+// Shim for the Host Network Service (HNS) to manage networking for
+// Windows Server containers and Hyper-V containers. This module
+// is a basic libnetwork driver that passes all the calls to HNS
+// It implements the 4 networking modes supported by HNS L2Bridge,
+// L2Tunnel, NAT and Transparent(DHCP)
+//
+// The network are stored in memory and docker daemon ensures discovering
+// and loading these networks on startup
+
+package windows
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/portmapper"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/sirupsen/logrus"
+)
+
+// networkConfiguration for network specific configuration
+type networkConfiguration struct {
+	ID                    string
+	Type                  string
+	Name                  string
+	HnsID                 string
+	RDID                  string
+	VLAN                  uint
+	VSID                  uint
+	DNSServers            string
+	MacPools              []hcsshim.MacPool
+	DNSSuffix             string
+	SourceMac             string
+	NetworkAdapterName    string
+	dbIndex               uint64
+	dbExists              bool
+	DisableGatewayDNS     bool
+	EnableOutboundNat     bool
+	OutboundNatExceptions []string
+}
+
+// endpointConfiguration represents the user specified configuration for the sandbox endpoint
+type endpointOption struct {
+	MacAddress  net.HardwareAddr
+	QosPolicies []types.QosPolicy
+	DNSServers  []string
+	DisableDNS  bool
+	DisableICC  bool
+}
+
+// EndpointConnectivity stores the port bindings and exposed ports that the user has specified in epOptions.
+type EndpointConnectivity struct {
+	PortBindings []types.PortBinding
+	ExposedPorts []types.TransportPort
+}
+
+type hnsEndpoint struct {
+	id        string
+	nid       string
+	profileID string
+	Type      string
+	//Note: Currently, the sandboxID is the same as the containerID since windows does
+	//not expose the sandboxID.
+	//In the future, windows will support a proper sandboxID that is different
+	//than the containerID.
+	//Therefore, we are using sandboxID now, so that we won't have to change this code
+	//when windows properly supports a sandboxID.
+	sandboxID      string
+	macAddress     net.HardwareAddr
+	epOption       *endpointOption       // User specified parameters
+	epConnectivity *EndpointConnectivity // User specified parameters
+	portMapping    []types.PortBinding   // Operation port bindings
+	addr           *net.IPNet
+	gateway        net.IP
+	dbIndex        uint64
+	dbExists       bool
+}
+
+type hnsNetwork struct {
+	id         string
+	created    bool
+	config     *networkConfiguration
+	endpoints  map[string]*hnsEndpoint // key: endpoint id
+	driver     *driver                 // The network's driver
+	portMapper *portmapper.PortMapper
+	sync.Mutex
+}
+
+type driver struct {
+	name     string
+	networks map[string]*hnsNetwork
+	store    datastore.DataStore
+	sync.Mutex
+}
+
+const (
+	errNotFound = "HNS failed with error : The object identifier does not represent a valid object. "
+)
+
+// IsBuiltinLocalDriver validates if network-type is a builtin local-scoped driver
+func IsBuiltinLocalDriver(networkType string) bool {
+	if "l2bridge" == networkType || "l2tunnel" == networkType ||
+		"nat" == networkType || "ics" == networkType ||
+		"transparent" == networkType || "internal" == networkType ||
+		"private" == networkType {
+		return true
+	}
+
+	return false
+}
+
+// New constructs a new bridge driver
+func newDriver(networkType string) *driver {
+	return &driver{name: networkType, networks: map[string]*hnsNetwork{}}
+}
+
+// GetInit returns an initializer for the given network type
+func GetInit(networkType string) func(dc driverapi.DriverCallback, config map[string]interface{}) error {
+	return func(dc driverapi.DriverCallback, config map[string]interface{}) error {
+		if !IsBuiltinLocalDriver(networkType) {
+			return types.BadRequestErrorf("Network type not supported: %s", networkType)
+		}
+
+		d := newDriver(networkType)
+
+		err := d.initStore(config)
+		if err != nil {
+			return err
+		}
+
+		return dc.RegisterDriver(networkType, d, driverapi.Capability{
+			DataScope:         datastore.LocalScope,
+			ConnectivityScope: datastore.LocalScope,
+		})
+	}
+}
+
+func (d *driver) getNetwork(id string) (*hnsNetwork, error) {
+	d.Lock()
+	defer d.Unlock()
+
+	if nw, ok := d.networks[id]; ok {
+		return nw, nil
+	}
+
+	return nil, types.NotFoundErrorf("network not found: %s", id)
+}
+
+func (n *hnsNetwork) getEndpoint(eid string) (*hnsEndpoint, error) {
+	n.Lock()
+	defer n.Unlock()
+
+	if ep, ok := n.endpoints[eid]; ok {
+		return ep, nil
+	}
+
+	return nil, types.NotFoundErrorf("Endpoint not found: %s", eid)
+}
+
+func (d *driver) parseNetworkOptions(id string, genericOptions map[string]string) (*networkConfiguration, error) {
+	config := &networkConfiguration{Type: d.name}
+
+	for label, value := range genericOptions {
+		switch label {
+		case NetworkName:
+			config.Name = value
+		case HNSID:
+			config.HnsID = value
+		case RoutingDomain:
+			config.RDID = value
+		case Interface:
+			config.NetworkAdapterName = value
+		case DNSSuffix:
+			config.DNSSuffix = value
+		case DNSServers:
+			config.DNSServers = value
+		case DisableGatewayDNS:
+			b, err := strconv.ParseBool(value)
+			if err != nil {
+				return nil, err
+			}
+			config.DisableGatewayDNS = b
+		case MacPool:
+			config.MacPools = make([]hcsshim.MacPool, 0)
+			s := strings.Split(value, ",")
+			if len(s)%2 != 0 {
+				return nil, types.BadRequestErrorf("Invalid mac pool. You must specify both a start range and an end range")
+			}
+			for i := 0; i < len(s)-1; i += 2 {
+				config.MacPools = append(config.MacPools, hcsshim.MacPool{
+					StartMacAddress: s[i],
+					EndMacAddress:   s[i+1],
+				})
+			}
+		case VLAN:
+			vlan, err := strconv.ParseUint(value, 10, 32)
+			if err != nil {
+				return nil, err
+			}
+			config.VLAN = uint(vlan)
+		case VSID:
+			vsid, err := strconv.ParseUint(value, 10, 32)
+			if err != nil {
+				return nil, err
+			}
+			config.VSID = uint(vsid)
+		case EnableOutboundNat:
+			if osversion.Build() <= 16236 {
+				return nil, fmt.Errorf("Invalid network option. OutboundNat is not supported on this OS version")
+			}
+			b, err := strconv.ParseBool(value)
+			if err != nil {
+				return nil, err
+			}
+			config.EnableOutboundNat = b
+		case OutboundNatExceptions:
+			s := strings.Split(value, ",")
+			config.OutboundNatExceptions = s
+		}
+	}
+
+	config.ID = id
+	config.Type = d.name
+	return config, nil
+}
+
+func (c *networkConfiguration) processIPAM(id string, ipamV4Data, ipamV6Data []driverapi.IPAMData) error {
+	if len(ipamV6Data) > 0 {
+		return types.ForbiddenErrorf("windowsshim driver doesn't support v6 subnets")
+	}
+
+	if len(ipamV4Data) == 0 {
+		return types.BadRequestErrorf("network %s requires ipv4 configuration", id)
+	}
+
+	return nil
+}
+
+func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
+}
+
+func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
+	return "", nil
+}
+
+func (d *driver) createNetwork(config *networkConfiguration) *hnsNetwork {
+	network := &hnsNetwork{
+		id:         config.ID,
+		endpoints:  make(map[string]*hnsEndpoint),
+		config:     config,
+		driver:     d,
+		portMapper: portmapper.New(""),
+	}
+
+	d.Lock()
+	d.networks[config.ID] = network
+	d.Unlock()
+
+	return network
+}
+
+// Create a new network
+func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
+	if _, err := d.getNetwork(id); err == nil {
+		return types.ForbiddenErrorf("network %s exists", id)
+	}
+
+	genData, ok := option[netlabel.GenericData].(map[string]string)
+	if !ok {
+		return fmt.Errorf("Unknown generic data option")
+	}
+
+	// Parse and validate the config. It should not conflict with existing networks' config
+	config, err := d.parseNetworkOptions(id, genData)
+	if err != nil {
+		return err
+	}
+
+	err = config.processIPAM(id, ipV4Data, ipV6Data)
+	if err != nil {
+		return err
+	}
+
+	n := d.createNetwork(config)
+
+	// A non blank hnsid indicates that the network was discovered
+	// from HNS. No need to call HNS if this network was discovered
+	// from HNS
+	if config.HnsID == "" {
+		subnets := []hcsshim.Subnet{}
+
+		for _, ipData := range ipV4Data {
+			subnet := hcsshim.Subnet{
+				AddressPrefix: ipData.Pool.String(),
+			}
+
+			if ipData.Gateway != nil {
+				subnet.GatewayAddress = ipData.Gateway.IP.String()
+			}
+
+			subnets = append(subnets, subnet)
+		}
+
+		network := &hcsshim.HNSNetwork{
+			Name:               config.Name,
+			Type:               d.name,
+			Subnets:            subnets,
+			DNSServerList:      config.DNSServers,
+			DNSSuffix:          config.DNSSuffix,
+			MacPools:           config.MacPools,
+			SourceMac:          config.SourceMac,
+			NetworkAdapterName: config.NetworkAdapterName,
+		}
+
+		if config.VLAN != 0 {
+			vlanPolicy, err := json.Marshal(hcsshim.VlanPolicy{
+				Type: "VLAN",
+				VLAN: config.VLAN,
+			})
+
+			if err != nil {
+				return err
+			}
+			network.Policies = append(network.Policies, vlanPolicy)
+		}
+
+		if config.VSID != 0 {
+			vsidPolicy, err := json.Marshal(hcsshim.VsidPolicy{
+				Type: "VSID",
+				VSID: config.VSID,
+			})
+
+			if err != nil {
+				return err
+			}
+			network.Policies = append(network.Policies, vsidPolicy)
+		}
+
+		if network.Name == "" {
+			network.Name = id
+		}
+
+		configurationb, err := json.Marshal(network)
+		if err != nil {
+			return err
+		}
+
+		configuration := string(configurationb)
+		logrus.Debugf("HNSNetwork Request =%v Address Space=%v", configuration, subnets)
+
+		hnsresponse, err := hcsshim.HNSNetworkRequest("POST", "", configuration)
+		if err != nil {
+			return err
+		}
+
+		config.HnsID = hnsresponse.Id
+		genData[HNSID] = config.HnsID
+		n.created = true
+
+		defer func() {
+			if err != nil {
+				d.DeleteNetwork(n.id)
+			}
+		}()
+
+		hnsIPv4Data := make([]driverapi.IPAMData, len(hnsresponse.Subnets))
+
+		for i, subnet := range hnsresponse.Subnets {
+			var gwIP, subnetIP *net.IPNet
+
+			//The gateway returned from HNS is an IPAddress.
+			//We need to convert it to an IPNet to use as the Gateway of driverapi.IPAMData struct
+			gwCIDR := subnet.GatewayAddress + "/32"
+			_, gwIP, err = net.ParseCIDR(gwCIDR)
+			if err != nil {
+				return err
+			}
+
+			hnsIPv4Data[i].Gateway = gwIP
+			_, subnetIP, err = net.ParseCIDR(subnet.AddressPrefix)
+			if err != nil {
+				return err
+			}
+			hnsIPv4Data[i].Pool = subnetIP
+		}
+
+		nInfo.UpdateIpamConfig(hnsIPv4Data)
+
+	} else {
+		// Delete any stale HNS endpoints for this network.
+		if endpoints, err := hcsshim.HNSListEndpointRequest(); err == nil {
+			for _, ep := range endpoints {
+				if ep.VirtualNetwork == config.HnsID {
+					logrus.Infof("Removing stale HNS endpoint %s", ep.Id)
+					_, err = hcsshim.HNSEndpointRequest("DELETE", ep.Id, "")
+					if err != nil {
+						logrus.Warnf("Error removing HNS endpoint %s", ep.Id)
+					}
+				}
+			}
+		} else {
+			logrus.Warnf("Error listing HNS endpoints for network %s", config.HnsID)
+		}
+
+		n.created = true
+	}
+
+	return d.storeUpdate(config)
+}
+
+func (d *driver) DeleteNetwork(nid string) error {
+	n, err := d.getNetwork(nid)
+	if err != nil {
+		return types.InternalMaskableErrorf("%s", err)
+	}
+
+	n.Lock()
+	config := n.config
+	n.Unlock()
+
+	if n.created {
+		_, err = hcsshim.HNSNetworkRequest("DELETE", config.HnsID, "")
+		if err != nil && err.Error() != errNotFound {
+			return types.ForbiddenErrorf(err.Error())
+		}
+	}
+
+	d.Lock()
+	delete(d.networks, nid)
+	d.Unlock()
+
+	// delele endpoints belong to this network
+	for _, ep := range n.endpoints {
+		if err := d.storeDelete(ep); err != nil {
+			logrus.Warnf("Failed to remove bridge endpoint %.7s from store: %v", ep.id, err)
+		}
+	}
+
+	return d.storeDelete(config)
+}
+
+func convertQosPolicies(qosPolicies []types.QosPolicy) ([]json.RawMessage, error) {
+	var qps []json.RawMessage
+
+	// Enumerate through the qos policies specified by the user and convert
+	// them into the internal structure matching the JSON blob that can be
+	// understood by the HCS.
+	for _, elem := range qosPolicies {
+		encodedPolicy, err := json.Marshal(hcsshim.QosPolicy{
+			Type:                            "QOS",
+			MaximumOutgoingBandwidthInBytes: elem.MaxEgressBandwidth,
+		})
+
+		if err != nil {
+			return nil, err
+		}
+		qps = append(qps, encodedPolicy)
+	}
+	return qps, nil
+}
+
+// ConvertPortBindings converts PortBindings to JSON for HNS request
+func ConvertPortBindings(portBindings []types.PortBinding) ([]json.RawMessage, error) {
+	var pbs []json.RawMessage
+
+	// Enumerate through the port bindings specified by the user and convert
+	// them into the internal structure matching the JSON blob that can be
+	// understood by the HCS.
+	for _, elem := range portBindings {
+		proto := strings.ToUpper(elem.Proto.String())
+		if proto != "TCP" && proto != "UDP" {
+			return nil, fmt.Errorf("invalid protocol %s", elem.Proto.String())
+		}
+
+		if elem.HostPort != elem.HostPortEnd {
+			return nil, fmt.Errorf("Windows does not support more than one host port in NAT settings")
+		}
+
+		if len(elem.HostIP) != 0 && !elem.HostIP.IsUnspecified() {
+			return nil, fmt.Errorf("Windows does not support host IP addresses in NAT settings")
+		}
+
+		encodedPolicy, err := json.Marshal(hcsshim.NatPolicy{
+			Type:         "NAT",
+			ExternalPort: elem.HostPort,
+			InternalPort: elem.Port,
+			Protocol:     elem.Proto.String(),
+		})
+
+		if err != nil {
+			return nil, err
+		}
+		pbs = append(pbs, encodedPolicy)
+	}
+	return pbs, nil
+}
+
+// ParsePortBindingPolicies parses HNS endpoint response message to PortBindings
+func ParsePortBindingPolicies(policies []json.RawMessage) ([]types.PortBinding, error) {
+	var bindings []types.PortBinding
+	hcsPolicy := &hcsshim.NatPolicy{}
+
+	for _, elem := range policies {
+
+		if err := json.Unmarshal([]byte(elem), &hcsPolicy); err != nil || hcsPolicy.Type != "NAT" {
+			continue
+		}
+
+		binding := types.PortBinding{
+			HostPort:    hcsPolicy.ExternalPort,
+			HostPortEnd: hcsPolicy.ExternalPort,
+			Port:        hcsPolicy.InternalPort,
+			Proto:       types.ParseProtocol(hcsPolicy.Protocol),
+			HostIP:      net.IPv4(0, 0, 0, 0),
+		}
+
+		bindings = append(bindings, binding)
+	}
+
+	return bindings, nil
+}
+
+func parseEndpointOptions(epOptions map[string]interface{}) (*endpointOption, error) {
+	if epOptions == nil {
+		return nil, nil
+	}
+
+	ec := &endpointOption{}
+
+	if opt, ok := epOptions[netlabel.MacAddress]; ok {
+		if mac, ok := opt.(net.HardwareAddr); ok {
+			ec.MacAddress = mac
+		} else {
+			return nil, fmt.Errorf("Invalid endpoint configuration")
+		}
+	}
+
+	if opt, ok := epOptions[QosPolicies]; ok {
+		if policies, ok := opt.([]types.QosPolicy); ok {
+			ec.QosPolicies = policies
+		} else {
+			return nil, fmt.Errorf("Invalid endpoint configuration")
+		}
+	}
+
+	if opt, ok := epOptions[netlabel.DNSServers]; ok {
+		if dns, ok := opt.([]string); ok {
+			ec.DNSServers = dns
+		} else {
+			return nil, fmt.Errorf("Invalid endpoint configuration")
+		}
+	}
+
+	if opt, ok := epOptions[DisableICC]; ok {
+		if disableICC, ok := opt.(bool); ok {
+			ec.DisableICC = disableICC
+		} else {
+			return nil, fmt.Errorf("Invalid endpoint configuration")
+		}
+	}
+
+	if opt, ok := epOptions[DisableDNS]; ok {
+		if disableDNS, ok := opt.(bool); ok {
+			ec.DisableDNS = disableDNS
+		} else {
+			return nil, fmt.Errorf("Invalid endpoint configuration")
+		}
+	}
+
+	return ec, nil
+}
+
+// ParseEndpointConnectivity parses options passed to CreateEndpoint, specifically port bindings, and store in a endpointConnectivity object.
+func ParseEndpointConnectivity(epOptions map[string]interface{}) (*EndpointConnectivity, error) {
+	if epOptions == nil {
+		return nil, nil
+	}
+
+	ec := &EndpointConnectivity{}
+
+	if opt, ok := epOptions[netlabel.PortMap]; ok {
+		if bs, ok := opt.([]types.PortBinding); ok {
+			ec.PortBindings = bs
+		} else {
+			return nil, fmt.Errorf("Invalid endpoint configuration")
+		}
+	}
+
+	if opt, ok := epOptions[netlabel.ExposedPorts]; ok {
+		if ports, ok := opt.([]types.TransportPort); ok {
+			ec.ExposedPorts = ports
+		} else {
+			return nil, fmt.Errorf("Invalid endpoint configuration")
+		}
+	}
+	return ec, nil
+}
+
+func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
+	n, err := d.getNetwork(nid)
+	if err != nil {
+		return err
+	}
+
+	// Check if endpoint id is good and retrieve corresponding endpoint
+	ep, err := n.getEndpoint(eid)
+	if err == nil && ep != nil {
+		return driverapi.ErrEndpointExists(eid)
+	}
+
+	endpointStruct := &hcsshim.HNSEndpoint{
+		VirtualNetwork: n.config.HnsID,
+	}
+
+	epOption, err := parseEndpointOptions(epOptions)
+	if err != nil {
+		return err
+	}
+	epConnectivity, err := ParseEndpointConnectivity(epOptions)
+	if err != nil {
+		return err
+	}
+
+	macAddress := ifInfo.MacAddress()
+	// Use the macaddress if it was provided
+	if macAddress != nil {
+		endpointStruct.MacAddress = strings.Replace(macAddress.String(), ":", "-", -1)
+	}
+
+	portMapping := epConnectivity.PortBindings
+
+	if n.config.Type == "l2bridge" || n.config.Type == "l2tunnel" {
+		ip := net.IPv4(0, 0, 0, 0)
+		if ifInfo.Address() != nil {
+			ip = ifInfo.Address().IP
+		}
+
+		portMapping, err = AllocatePorts(n.portMapper, portMapping, ip)
+		if err != nil {
+			return err
+		}
+
+		defer func() {
+			if err != nil {
+				ReleasePorts(n.portMapper, portMapping)
+			}
+		}()
+	}
+
+	endpointStruct.Policies, err = ConvertPortBindings(portMapping)
+	if err != nil {
+		return err
+	}
+
+	qosPolicies, err := convertQosPolicies(epOption.QosPolicies)
+	if err != nil {
+		return err
+	}
+	endpointStruct.Policies = append(endpointStruct.Policies, qosPolicies...)
+
+	if ifInfo.Address() != nil {
+		endpointStruct.IPAddress = ifInfo.Address().IP
+	}
+
+	endpointStruct.DNSServerList = strings.Join(epOption.DNSServers, ",")
+
+	// overwrite the ep DisableDNS option if DisableGatewayDNS was set to true during the network creation option
+	if n.config.DisableGatewayDNS {
+		logrus.Debugf("n.config.DisableGatewayDNS[%v] overwrites epOption.DisableDNS[%v]", n.config.DisableGatewayDNS, epOption.DisableDNS)
+		epOption.DisableDNS = n.config.DisableGatewayDNS
+	}
+
+	if n.driver.name == "nat" && !epOption.DisableDNS {
+		logrus.Debugf("endpointStruct.EnableInternalDNS =[%v]", endpointStruct.EnableInternalDNS)
+		endpointStruct.EnableInternalDNS = true
+	}
+
+	endpointStruct.DisableICC = epOption.DisableICC
+
+	// Inherit OutboundNat policy from the network
+	if n.config.EnableOutboundNat {
+		outboundNatPolicy, err := json.Marshal(hcsshim.OutboundNatPolicy{
+			Policy:     hcsshim.Policy{Type: hcsshim.OutboundNat},
+			Exceptions: n.config.OutboundNatExceptions,
+		})
+
+		if err != nil {
+			return err
+		}
+		endpointStruct.Policies = append(endpointStruct.Policies, outboundNatPolicy)
+	}
+
+	configurationb, err := json.Marshal(endpointStruct)
+	if err != nil {
+		return err
+	}
+
+	hnsresponse, err := hcsshim.HNSEndpointRequest("POST", "", string(configurationb))
+	if err != nil {
+		return err
+	}
+
+	mac, err := net.ParseMAC(hnsresponse.MacAddress)
+	if err != nil {
+		return err
+	}
+
+	// TODO For now the ip mask is not in the info generated by HNS
+	endpoint := &hnsEndpoint{
+		id:         eid,
+		nid:        n.id,
+		Type:       d.name,
+		addr:       &net.IPNet{IP: hnsresponse.IPAddress, Mask: hnsresponse.IPAddress.DefaultMask()},
+		macAddress: mac,
+	}
+
+	if hnsresponse.GatewayAddress != "" {
+		endpoint.gateway = net.ParseIP(hnsresponse.GatewayAddress)
+	}
+
+	endpoint.profileID = hnsresponse.Id
+	endpoint.epConnectivity = epConnectivity
+	endpoint.epOption = epOption
+	endpoint.portMapping, err = ParsePortBindingPolicies(hnsresponse.Policies)
+
+	if err != nil {
+		hcsshim.HNSEndpointRequest("DELETE", hnsresponse.Id, "")
+		return err
+	}
+
+	n.Lock()
+	n.endpoints[eid] = endpoint
+	n.Unlock()
+
+	if ifInfo.Address() == nil {
+		ifInfo.SetIPAddress(endpoint.addr)
+	}
+
+	if macAddress == nil {
+		ifInfo.SetMacAddress(endpoint.macAddress)
+	}
+
+	if err = d.storeUpdate(endpoint); err != nil {
+		logrus.Errorf("Failed to save endpoint %.7s to store: %v", endpoint.id, err)
+	}
+
+	return nil
+}
+
+func (d *driver) DeleteEndpoint(nid, eid string) error {
+	n, err := d.getNetwork(nid)
+	if err != nil {
+		return types.InternalMaskableErrorf("%s", err)
+	}
+
+	ep, err := n.getEndpoint(eid)
+	if err != nil {
+		return err
+	}
+
+	if n.config.Type == "l2bridge" || n.config.Type == "l2tunnel" {
+		ReleasePorts(n.portMapper, ep.portMapping)
+	}
+
+	n.Lock()
+	delete(n.endpoints, eid)
+	n.Unlock()
+
+	_, err = hcsshim.HNSEndpointRequest("DELETE", ep.profileID, "")
+	if err != nil && err.Error() != errNotFound {
+		return err
+	}
+
+	if err := d.storeDelete(ep); err != nil {
+		logrus.Warnf("Failed to remove bridge endpoint %.7s from store: %v", ep.id, err)
+	}
+	return nil
+}
+
+func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
+	network, err := d.getNetwork(nid)
+	if err != nil {
+		return nil, err
+	}
+
+	ep, err := network.getEndpoint(eid)
+	if err != nil {
+		return nil, err
+	}
+
+	data := make(map[string]interface{}, 1)
+	if network.driver.name == "nat" {
+		data["AllowUnqualifiedDNSQuery"] = true
+	}
+
+	data["hnsid"] = ep.profileID
+	if ep.epConnectivity.ExposedPorts != nil {
+		// Return a copy of the config data
+		epc := make([]types.TransportPort, 0, len(ep.epConnectivity.ExposedPorts))
+		for _, tp := range ep.epConnectivity.ExposedPorts {
+			epc = append(epc, tp.GetCopy())
+		}
+		data[netlabel.ExposedPorts] = epc
+	}
+
+	if ep.portMapping != nil {
+		// Return a copy of the operational data
+		pmc := make([]types.PortBinding, 0, len(ep.portMapping))
+		for _, pm := range ep.portMapping {
+			pmc = append(pmc, pm.GetCopy())
+		}
+		data[netlabel.PortMap] = pmc
+	}
+
+	if len(ep.macAddress) != 0 {
+		data[netlabel.MacAddress] = ep.macAddress
+	}
+	return data, nil
+}
+
+// Join method is invoked when a Sandbox is attached to an endpoint.
+func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
+	network, err := d.getNetwork(nid)
+	if err != nil {
+		return err
+	}
+
+	// Ensure that the endpoint exists
+	endpoint, err := network.getEndpoint(eid)
+	if err != nil {
+		return err
+	}
+
+	err = jinfo.SetGateway(endpoint.gateway)
+	if err != nil {
+		return err
+	}
+
+	endpoint.sandboxID = sboxKey
+
+	err = hcsshim.HotAttachEndpoint(endpoint.sandboxID, endpoint.profileID)
+	if err != nil {
+		// If container doesn't exists in hcs, do not throw error for hot add/remove
+		if err != hcsshim.ErrComputeSystemDoesNotExist {
+			return err
+		}
+	}
+
+	jinfo.DisableGatewayService()
+	return nil
+}
+
+// Leave method is invoked when a Sandbox detaches from an endpoint.
+func (d *driver) Leave(nid, eid string) error {
+	network, err := d.getNetwork(nid)
+	if err != nil {
+		return types.InternalMaskableErrorf("%s", err)
+	}
+
+	// Ensure that the endpoint exists
+	endpoint, err := network.getEndpoint(eid)
+	if err != nil {
+		return err
+	}
+
+	err = hcsshim.HotDetachEndpoint(endpoint.sandboxID, endpoint.profileID)
+	if err != nil {
+		// If container doesn't exists in hcs, do not throw error for hot add/remove
+		if err != hcsshim.ErrComputeSystemDoesNotExist {
+			return err
+		}
+	}
+	return nil
+}
+
+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
+	return nil
+}
+
+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
+	return nil
+}
+
+func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
+	return nil, types.NotImplementedErrorf("not implemented")
+}
+
+func (d *driver) NetworkFree(id string) error {
+	return types.NotImplementedErrorf("not implemented")
+}
+
+func (d *driver) Type() string {
+	return d.name
+}
+
+func (d *driver) IsBuiltIn() bool {
+	return true
+}
+
+// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
+func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
+func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/windows_store.go b/libnetwork/drivers/windows/windows_store.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/drivers/windows/windows_store.go
rename to libnetwork/drivers/windows/windows_store.go
index eae1edc6f1c2e..e5810443d00ec 100644
--- a/vendor/github.com/docker/libnetwork/drivers/windows/windows_store.go
+++ b/libnetwork/drivers/windows/windows_store.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package windows
@@ -7,10 +8,10 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -61,9 +62,7 @@ func (d *driver) populateNetworks() error {
 		if ncfg.Type != d.name {
 			continue
 		}
-		if err = d.createNetwork(ncfg); err != nil {
-			logrus.Warnf("could not create windows network for id %s hnsid %s while booting up from persistent state: %v", ncfg.ID, ncfg.HnsID, err)
-		}
+		d.createNetwork(ncfg)
 		logrus.Debugf("Network  %v (%.7s) restored", d.name, ncfg.ID)
 	}
 
diff --git a/libnetwork/drivers/windows/windows_test.go b/libnetwork/drivers/windows/windows_test.go
new file mode 100644
index 0000000000000..ea248e9d793b6
--- /dev/null
+++ b/libnetwork/drivers/windows/windows_test.go
@@ -0,0 +1,144 @@
+//go:build windows
+// +build windows
+
+package windows
+
+import (
+	"net"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
+)
+
+func testNetwork(networkType string, t *testing.T) {
+	d := newDriver(networkType)
+	bnw, _ := types.ParseCIDR("172.16.0.0/24")
+	br, _ := types.ParseCIDR("172.16.0.1/16")
+
+	netOption := make(map[string]interface{})
+	networkOptions := map[string]string{
+		NetworkName: "TestNetwork",
+	}
+
+	netOption[netlabel.GenericData] = networkOptions
+	ipdList := []driverapi.IPAMData{
+		{
+			Pool:    bnw,
+			Gateway: br,
+		},
+	}
+
+	err := d.CreateNetwork("dummy", netOption, nil, ipdList, nil)
+	if err != nil {
+		t.Fatalf("Failed to create bridge: %v", err)
+	}
+	defer func() {
+		err = d.DeleteNetwork("dummy")
+		if err != nil {
+			t.Fatalf("Failed to create bridge: %v", err)
+		}
+	}()
+
+	epOptions := make(map[string]interface{})
+	te := &testEndpoint{}
+	err = d.CreateEndpoint("dummy", "ep1", te.Interface(), epOptions)
+	if err != nil {
+		t.Fatalf("Failed to create an endpoint : %s", err.Error())
+	}
+
+	err = d.DeleteEndpoint("dummy", "ep1")
+	if err != nil {
+		t.Fatalf("Failed to delete an endpoint : %s", err.Error())
+	}
+}
+
+func TestNAT(t *testing.T) {
+	t.Skip("Test does not work on CI and was never running to begin with")
+	testNetwork("nat", t)
+}
+
+func TestTransparent(t *testing.T) {
+	t.Skip("Test does not work on CI and was never running to begin with")
+	testNetwork("transparent", t)
+}
+
+type testEndpoint struct {
+	t                     *testing.T
+	src                   string
+	dst                   string
+	address               string
+	macAddress            string
+	gateway               string
+	disableGatewayService bool
+}
+
+func (test *testEndpoint) Interface() driverapi.InterfaceInfo {
+	return test
+}
+
+func (test *testEndpoint) Address() *net.IPNet {
+	if test.address == "" {
+		return nil
+	}
+	nw, _ := types.ParseCIDR(test.address)
+	return nw
+}
+
+func (test *testEndpoint) AddressIPv6() *net.IPNet {
+	return nil
+}
+
+func (test *testEndpoint) MacAddress() net.HardwareAddr {
+	if test.macAddress == "" {
+		return nil
+	}
+	mac, _ := net.ParseMAC(test.macAddress)
+	return mac
+}
+
+func (test *testEndpoint) SetMacAddress(mac net.HardwareAddr) error {
+	if test.macAddress != "" {
+		return types.ForbiddenErrorf("endpoint interface MAC address present (%s). Cannot be modified with %s.", test.macAddress, mac)
+	}
+
+	if mac == nil {
+		return types.BadRequestErrorf("tried to set nil MAC address to endpoint interface")
+	}
+	test.macAddress = mac.String()
+	return nil
+}
+
+func (test *testEndpoint) SetIPAddress(address *net.IPNet) error {
+	if address.IP == nil {
+		return types.BadRequestErrorf("tried to set nil IP address to endpoint interface")
+	}
+
+	test.address = address.String()
+	return nil
+}
+
+func (test *testEndpoint) InterfaceName() driverapi.InterfaceNameInfo {
+	return test
+}
+
+func (test *testEndpoint) SetGateway(ipv4 net.IP) error {
+	return nil
+}
+
+func (test *testEndpoint) SetGatewayIPv6(ipv6 net.IP) error {
+	return nil
+}
+
+func (test *testEndpoint) SetNames(src string, dst string) error {
+	return nil
+}
+
+func (test *testEndpoint) AddStaticRoute(destination *net.IPNet, routeType int, nextHop net.IP) error {
+	return nil
+}
+
+func (test *testEndpoint) DisableGatewayService() {
+	test.disableGatewayService = true
+}
diff --git a/libnetwork/drivers_freebsd.go b/libnetwork/drivers_freebsd.go
new file mode 100644
index 0000000000000..30ac1d50adee0
--- /dev/null
+++ b/libnetwork/drivers_freebsd.go
@@ -0,0 +1,13 @@
+package libnetwork
+
+import (
+	"github.com/docker/docker/libnetwork/drivers/null"
+	"github.com/docker/docker/libnetwork/drivers/remote"
+)
+
+func getInitializers(experimental bool) []initializer {
+	return []initializer{
+		{null.Init, "null"},
+		{remote.Init, "remote"},
+	}
+}
diff --git a/libnetwork/drivers_ipam.go b/libnetwork/drivers_ipam.go
new file mode 100644
index 0000000000000..2fce9f55bcacd
--- /dev/null
+++ b/libnetwork/drivers_ipam.go
@@ -0,0 +1,25 @@
+package libnetwork
+
+import (
+	"github.com/docker/docker/libnetwork/drvregistry"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	builtinIpam "github.com/docker/docker/libnetwork/ipams/builtin"
+	nullIpam "github.com/docker/docker/libnetwork/ipams/null"
+	remoteIpam "github.com/docker/docker/libnetwork/ipams/remote"
+	"github.com/docker/docker/libnetwork/ipamutils"
+)
+
+func initIPAMDrivers(r *drvregistry.DrvRegistry, lDs, gDs interface{}, addressPool []*ipamutils.NetworkToSplit) error {
+	builtinIpam.SetDefaultIPAddressPool(addressPool)
+	for _, fn := range [](func(ipamapi.Callback, interface{}, interface{}) error){
+		builtinIpam.Init,
+		remoteIpam.Init,
+		nullIpam.Init,
+	} {
+		if err := fn(r, lDs, gDs); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/libnetwork/drivers_linux.go b/libnetwork/drivers_linux.go
new file mode 100644
index 0000000000000..63571492457c1
--- /dev/null
+++ b/libnetwork/drivers_linux.go
@@ -0,0 +1,24 @@
+package libnetwork
+
+import (
+	"github.com/docker/docker/libnetwork/drivers/bridge"
+	"github.com/docker/docker/libnetwork/drivers/host"
+	"github.com/docker/docker/libnetwork/drivers/ipvlan"
+	"github.com/docker/docker/libnetwork/drivers/macvlan"
+	"github.com/docker/docker/libnetwork/drivers/null"
+	"github.com/docker/docker/libnetwork/drivers/overlay"
+	"github.com/docker/docker/libnetwork/drivers/remote"
+)
+
+func getInitializers(experimental bool) []initializer {
+	in := []initializer{
+		{bridge.Init, "bridge"},
+		{host.Init, "host"},
+		{ipvlan.Init, "ipvlan"},
+		{macvlan.Init, "macvlan"},
+		{null.Init, "null"},
+		{overlay.Init, "overlay"},
+		{remote.Init, "remote"},
+	}
+	return in
+}
diff --git a/libnetwork/drivers_windows.go b/libnetwork/drivers_windows.go
new file mode 100644
index 0000000000000..7dbf34ccbb860
--- /dev/null
+++ b/libnetwork/drivers_windows.go
@@ -0,0 +1,23 @@
+package libnetwork
+
+import (
+	"github.com/docker/docker/libnetwork/drivers/null"
+	"github.com/docker/docker/libnetwork/drivers/remote"
+	"github.com/docker/docker/libnetwork/drivers/windows"
+	"github.com/docker/docker/libnetwork/drivers/windows/overlay"
+)
+
+func getInitializers(experimental bool) []initializer {
+	return []initializer{
+		{null.Init, "null"},
+		{overlay.Init, "overlay"},
+		{remote.Init, "remote"},
+		{windows.GetInit("transparent"), "transparent"},
+		{windows.GetInit("l2bridge"), "l2bridge"},
+		{windows.GetInit("l2tunnel"), "l2tunnel"},
+		{windows.GetInit("nat"), "nat"},
+		{windows.GetInit("internal"), "internal"},
+		{windows.GetInit("private"), "private"},
+		{windows.GetInit("ics"), "ics"},
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/drvregistry/drvregistry.go b/libnetwork/drvregistry/drvregistry.go
similarity index 97%
rename from vendor/github.com/docker/libnetwork/drvregistry/drvregistry.go
rename to libnetwork/drvregistry/drvregistry.go
index cc336fa5a82be..9063c472bf9f1 100644
--- a/vendor/github.com/docker/libnetwork/drvregistry/drvregistry.go
+++ b/libnetwork/drvregistry/drvregistry.go
@@ -6,10 +6,10 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/types"
 )
 
 type driverData struct {
diff --git a/libnetwork/drvregistry/drvregistry_test.go b/libnetwork/drvregistry/drvregistry_test.go
new file mode 100644
index 0000000000000..ead157ef5ea88
--- /dev/null
+++ b/libnetwork/drvregistry/drvregistry_test.go
@@ -0,0 +1,202 @@
+package drvregistry
+
+import (
+	"runtime"
+	"sort"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	builtinIpam "github.com/docker/docker/libnetwork/ipams/builtin"
+	nullIpam "github.com/docker/docker/libnetwork/ipams/null"
+	remoteIpam "github.com/docker/docker/libnetwork/ipams/remote"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+const mockDriverName = "mock-driver"
+
+type mockDriver struct{}
+
+var md = mockDriver{}
+
+func mockDriverInit(reg driverapi.DriverCallback, opt map[string]interface{}) error {
+	return reg.RegisterDriver(mockDriverName, &md, driverapi.Capability{DataScope: datastore.LocalScope})
+}
+
+func (m *mockDriver) CreateNetwork(nid string, options map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
+	return nil
+}
+
+func (m *mockDriver) DeleteNetwork(nid string) error {
+	return nil
+}
+
+func (m *mockDriver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, options map[string]interface{}) error {
+	return nil
+}
+
+func (m *mockDriver) DeleteEndpoint(nid, eid string) error {
+	return nil
+}
+
+func (m *mockDriver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
+	return nil, nil
+}
+
+func (m *mockDriver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
+	return nil
+}
+
+func (m *mockDriver) Leave(nid, eid string) error {
+	return nil
+}
+
+func (m *mockDriver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+func (m *mockDriver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+func (m *mockDriver) Type() string {
+	return mockDriverName
+}
+
+func (m *mockDriver) IsBuiltIn() bool {
+	return true
+}
+
+func (m *mockDriver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
+	return nil
+}
+
+func (m *mockDriver) RevokeExternalConnectivity(nid, eid string) error {
+	return nil
+}
+
+func (m *mockDriver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
+	return nil, nil
+}
+
+func (m *mockDriver) NetworkFree(id string) error {
+	return nil
+}
+
+func (m *mockDriver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
+}
+
+func (m *mockDriver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
+	return "", nil
+}
+
+func getNew(t *testing.T) *DrvRegistry {
+	reg, err := New(nil, nil, nil, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = initIPAMDrivers(reg, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return reg
+}
+
+func initIPAMDrivers(r *DrvRegistry, lDs, gDs interface{}) error {
+	for _, fn := range [](func(ipamapi.Callback, interface{}, interface{}) error){
+		builtinIpam.Init,
+		remoteIpam.Init,
+		nullIpam.Init,
+	} {
+		if err := fn(r, lDs, gDs); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+func TestNew(t *testing.T) {
+	getNew(t)
+}
+
+func TestAddDriver(t *testing.T) {
+	reg := getNew(t)
+
+	err := reg.AddDriver(mockDriverName, mockDriverInit, nil)
+	assert.NilError(t, err)
+}
+
+func TestAddDuplicateDriver(t *testing.T) {
+	reg := getNew(t)
+
+	err := reg.AddDriver(mockDriverName, mockDriverInit, nil)
+	assert.NilError(t, err)
+
+	// Try adding the same driver
+	err = reg.AddDriver(mockDriverName, mockDriverInit, nil)
+	assert.Check(t, is.ErrorContains(err, ""))
+}
+
+func TestIPAMDefaultAddressSpaces(t *testing.T) {
+	reg := getNew(t)
+
+	as1, as2, err := reg.IPAMDefaultAddressSpaces("default")
+	assert.NilError(t, err)
+	assert.Check(t, as1 != "")
+	assert.Check(t, as2 != "")
+}
+
+func TestDriver(t *testing.T) {
+	reg := getNew(t)
+
+	err := reg.AddDriver(mockDriverName, mockDriverInit, nil)
+	assert.NilError(t, err)
+
+	d, cap := reg.Driver(mockDriverName)
+	assert.Check(t, d != nil)
+	assert.Check(t, cap != nil)
+}
+
+func TestIPAM(t *testing.T) {
+	reg := getNew(t)
+
+	i, cap := reg.IPAM("default")
+	assert.Check(t, i != nil)
+	assert.Check(t, cap != nil)
+}
+
+func TestWalkIPAMs(t *testing.T) {
+	reg := getNew(t)
+
+	ipams := make([]string, 0, 2)
+	reg.WalkIPAMs(func(name string, driver ipamapi.Ipam, cap *ipamapi.Capability) bool {
+		ipams = append(ipams, name)
+		return false
+	})
+
+	sort.Strings(ipams)
+	expected := []string{"default", "null"}
+	if runtime.GOOS == "windows" {
+		expected = append(expected, "windows")
+	}
+	assert.Check(t, is.DeepEqual(ipams, expected))
+}
+
+func TestWalkDrivers(t *testing.T) {
+	reg := getNew(t)
+
+	err := reg.AddDriver(mockDriverName, mockDriverInit, nil)
+	assert.NilError(t, err)
+
+	var driverName string
+	reg.WalkDrivers(func(name string, driver driverapi.Driver, capability driverapi.Capability) bool {
+		driverName = name
+		return false
+	})
+
+	assert.Check(t, is.Equal(driverName, mockDriverName))
+}
diff --git a/vendor/github.com/docker/libnetwork/endpoint.go b/libnetwork/endpoint.go
similarity index 92%
rename from vendor/github.com/docker/libnetwork/endpoint.go
rename to libnetwork/endpoint.go
index 822f88bd3ef2c..4a9d02cfc8121 100644
--- a/vendor/github.com/docker/libnetwork/endpoint.go
+++ b/libnetwork/endpoint.go
@@ -4,14 +4,13 @@ import (
 	"encoding/json"
 	"fmt"
 	"net"
-	"strings"
 	"sync"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/options"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -60,7 +59,6 @@ type endpoint struct {
 	anonymous         bool
 	disableResolution bool
 	generic           map[string]interface{}
-	joinLeaveDone     chan struct{}
 	prefAddress       net.IP
 	prefAddressV6     net.IP
 	ipamOptions       map[string]string
@@ -117,19 +115,25 @@ func (ep *endpoint) UnmarshalJSON(b []byte) (err error) {
 	ep.name = epMap["name"].(string)
 	ep.id = epMap["id"].(string)
 
+	// TODO(cpuguy83): So yeah, this isn't checking any errors anywhere.
+	// Seems like we should be checking errors even because of memory related issues that can arise.
+	// Alas it seems like given the nature of this data we could introduce problems if we start checking these errors.
+	//
+	// If anyone ever comes here and figures out one way or another if we can/should be checking these errors and it turns out we can't... then please document *why*
+
 	ib, _ := json.Marshal(epMap["ep_iface"])
-	json.Unmarshal(ib, &ep.iface)
+	json.Unmarshal(ib, &ep.iface) // nolint:errcheck
 
 	jb, _ := json.Marshal(epMap["joinInfo"])
-	json.Unmarshal(jb, &ep.joinInfo)
+	json.Unmarshal(jb, &ep.joinInfo) // nolint:errcheck
 
 	tb, _ := json.Marshal(epMap["exposed_ports"])
 	var tPorts []types.TransportPort
-	json.Unmarshal(tb, &tPorts)
+	json.Unmarshal(tb, &tPorts) // nolint:errcheck
 	ep.exposedPorts = tPorts
 
 	cb, _ := json.Marshal(epMap["sandbox"])
-	json.Unmarshal(cb, &ep.sandboxID)
+	json.Unmarshal(cb, &ep.sandboxID) // nolint:errcheck
 
 	if v, ok := epMap["generic"]; ok {
 		ep.generic = v.(map[string]interface{})
@@ -208,17 +212,17 @@ func (ep *endpoint) UnmarshalJSON(b []byte) (err error) {
 
 	sal, _ := json.Marshal(epMap["svcAliases"])
 	var svcAliases []string
-	json.Unmarshal(sal, &svcAliases)
+	json.Unmarshal(sal, &svcAliases) // nolint:errcheck
 	ep.svcAliases = svcAliases
 
 	pc, _ := json.Marshal(epMap["ingressPorts"])
 	var ingressPorts []*PortConfig
-	json.Unmarshal(pc, &ingressPorts)
+	json.Unmarshal(pc, &ingressPorts) // nolint:errcheck
 	ep.ingressPorts = ingressPorts
 
 	ma, _ := json.Marshal(epMap["myAliases"])
 	var myAliases []string
-	json.Unmarshal(ma, &myAliases)
+	json.Unmarshal(ma, &myAliases) // nolint:errcheck
 	ep.myAliases = myAliases
 	return nil
 }
@@ -253,12 +257,16 @@ func (ep *endpoint) CopyTo(o datastore.KVObject) error {
 
 	if ep.iface != nil {
 		dstEp.iface = &endpointInterface{}
-		ep.iface.CopyTo(dstEp.iface)
+		if err := ep.iface.CopyTo(dstEp.iface); err != nil {
+			return err
+		}
 	}
 
 	if ep.joinInfo != nil {
 		dstEp.joinInfo = &endpointJoinInfo{}
-		ep.joinInfo.CopyTo(dstEp.joinInfo)
+		if err := ep.joinInfo.CopyTo(dstEp.joinInfo); err != nil {
+			return err
+		}
 	}
 
 	dstEp.exposedPorts = make([]types.TransportPort, len(ep.exposedPorts))
@@ -354,17 +362,6 @@ func (ep *endpoint) KeyPrefix() []string {
 	return []string{datastore.EndpointKeyPrefix, ep.network.id}
 }
 
-func (ep *endpoint) networkIDFromKey(key string) (string, error) {
-	// endpoint Key structure : docker/libnetwork/endpoint/${network-id}/${endpoint-id}
-	// it's an invalid key if the key doesn't have all the 5 key elements above
-	keyElements := strings.Split(key, "/")
-	if !strings.HasPrefix(key, datastore.Key(datastore.EndpointKeyPrefix)) || len(keyElements) < 5 {
-		return "", fmt.Errorf("invalid endpoint key : %v", key)
-	}
-	// network-id is placed at index=3. pls refer to endpoint.Key() method
-	return strings.Split(key, "/")[3], nil
-}
-
 func (ep *endpoint) Value() []byte {
 	b, err := json.Marshal(ep)
 	if err != nil {
@@ -497,12 +494,16 @@ func (ep *endpoint) sbJoin(sb *sandbox, options ...EndpointOption) (err error) {
 		n.getController().watchSvcRecord(ep)
 	}
 
-	if doUpdateHostsFile(n, sb) {
-		address := ""
-		if ip := ep.getFirstInterfaceAddress(); ip != nil {
-			address = ip.String()
+	// Do not update hosts file with internal networks endpoint IP
+	if !n.ingress && n.Name() != libnGWNetwork {
+		var addresses []string
+		if ip := ep.getFirstInterfaceIPv4Address(); ip != nil {
+			addresses = append(addresses, ip.String())
+		}
+		if ip := ep.getFirstInterfaceIPv6Address(); ip != nil {
+			addresses = append(addresses, ip.String())
 		}
-		if err = sb.updateHostsFile(address); err != nil {
+		if err = sb.updateHostsFile(addresses); err != nil {
 			return err
 		}
 	}
@@ -598,10 +599,6 @@ func (ep *endpoint) sbJoin(sb *sandbox, options ...EndpointOption) (err error) {
 	return nil
 }
 
-func doUpdateHostsFile(n *network, sb *sandbox) bool {
-	return !n.ingress && n.Name() != libnGWNetwork
-}
-
 func (ep *endpoint) rename(name string) error {
 	var (
 		err      error
@@ -647,10 +644,14 @@ func (ep *endpoint) rename(name string) error {
 		}
 		defer func() {
 			if err != nil {
-				ep.deleteServiceInfoFromCluster(sb, true, "rename")
+				if err2 := ep.deleteServiceInfoFromCluster(sb, true, "rename"); err2 != nil {
+					logrus.WithField("main error", err).WithError(err2).Debug("Error during cleanup due deleting service info from cluster while cleaning up due to other error")
+				}
 				ep.name = oldName
 				ep.anonymous = oldAnonymous
-				ep.addServiceInfoToCluster(sb)
+				if err2 := ep.addServiceInfoToCluster(sb); err2 != nil {
+					logrus.WithField("main error", err).WithError(err2).Debug("Error during cleanup due adding service to from cluster while cleaning up due to other error")
+				}
 			}
 		}()
 	} else {
@@ -676,7 +677,7 @@ func (ep *endpoint) rename(name string) error {
 	// benign error. Besides there is no meaningful recovery that
 	// we can do. When the cluster recovers subsequent EpCnt update
 	// will force the peers to get the correct EP name.
-	n.getEpCnt().updateStore()
+	_ = n.getEpCnt().updateStore()
 
 	return err
 }
@@ -912,7 +913,7 @@ func (ep *endpoint) getSandbox() (*sandbox, bool) {
 	return ps, ok
 }
 
-func (ep *endpoint) getFirstInterfaceAddress() net.IP {
+func (ep *endpoint) getFirstInterfaceIPv4Address() net.IP {
 	ep.Lock()
 	defer ep.Unlock()
 
@@ -923,6 +924,17 @@ func (ep *endpoint) getFirstInterfaceAddress() net.IP {
 	return nil
 }
 
+func (ep *endpoint) getFirstInterfaceIPv6Address() net.IP {
+	ep.Lock()
+	defer ep.Unlock()
+
+	if ep.iface.addrv6 != nil {
+		return ep.iface.addrv6.IP
+	}
+
+	return nil
+}
+
 // EndpointOptionGeneric function returns an option setter for a Generic option defined
 // in a Dictionary of Key-Value pair
 func EndpointOptionGeneric(generic map[string]interface{}) EndpointOption {
@@ -1041,7 +1053,7 @@ func CreateOptionLoadBalancer() EndpointOption {
 
 // JoinOptionPriority function returns an option setter for priority option to
 // be passed to the endpoint.Join() method.
-func JoinOptionPriority(ep Endpoint, prio int) EndpointOption {
+func JoinOptionPriority(prio int) EndpointOption {
 	return func(ep *endpoint) {
 		// ep lock already acquired
 		c := ep.network.getController()
@@ -1212,7 +1224,9 @@ func (c *controller) cleanupLocalEndpoints() {
 		epCnt := n.getEpCnt().EndpointCnt()
 		if epCnt != uint64(len(epl)) {
 			logrus.Infof("Fixing inconsistent endpoint_cnt for network %s. Expected=%d, Actual=%d", n.name, len(epl), epCnt)
-			n.getEpCnt().setCnt(uint64(len(epl)))
+			if err := n.getEpCnt().setCnt(uint64(len(epl))); err != nil {
+				logrus.WithField("network", n.name).WithError(err).Warn("Error while fixing inconsistent endpoint_cnt for network")
+			}
 		}
 	}
 }
diff --git a/vendor/github.com/docker/libnetwork/endpoint_cnt.go b/libnetwork/endpoint_cnt.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/endpoint_cnt.go
rename to libnetwork/endpoint_cnt.go
index 7b7527426dc7b..c4670335cef3b 100644
--- a/vendor/github.com/docker/libnetwork/endpoint_cnt.go
+++ b/libnetwork/endpoint_cnt.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"sync"
 
-	"github.com/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/datastore"
 )
 
 type endpointCnt struct {
diff --git a/vendor/github.com/docker/libnetwork/endpoint_info.go b/libnetwork/endpoint_info.go
similarity index 94%
rename from vendor/github.com/docker/libnetwork/endpoint_info.go
rename to libnetwork/endpoint_info.go
index 80b662defa478..7c04f9438bff5 100644
--- a/vendor/github.com/docker/libnetwork/endpoint_info.go
+++ b/libnetwork/endpoint_info.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 // EndpointInfo provides an interface to retrieve network resources bound to the endpoint.
@@ -135,7 +135,10 @@ func (epi *endpointInterface) UnmarshalJSON(b []byte) error {
 
 	rb, _ := json.Marshal(epMap["routes"])
 	var routes []string
-	json.Unmarshal(rb, &routes)
+
+	// TODO(cpuguy83): linter noticed we don't check the error here... no idea why but it seems like it could introduce problems if we start checking
+	json.Unmarshal(rb, &routes) // nolint:errcheck
+
 	epi.routes = make([]*net.IPNet, 0)
 	for _, route := range routes {
 		ip, ipr, err := net.ParseCIDR(route)
@@ -436,10 +439,16 @@ func (epj *endpointJoinInfo) UnmarshalJSON(b []byte) error {
 	if v, ok := epMap["StaticRoutes"]; ok {
 		tb, _ := json.Marshal(v)
 		var tStaticRoute []types.StaticRoute
-		json.Unmarshal(tb, &tStaticRoute)
+		// TODO(cpuguy83): Linter caught that we aren't checking errors here
+		// I don't know why we aren't other than potentially the data is not always expected to be right?
+		// This is why I'm not adding the error check.
+		//
+		// In any case for posterity please if you figure this out document it or check the error
+		json.Unmarshal(tb, &tStaticRoute) // nolint:errcheck
 	}
 	var StaticRoutes []*types.StaticRoute
 	for _, r := range tStaticRoute {
+		r := r
 		StaticRoutes = append(StaticRoutes, &r)
 	}
 	epj.StaticRoutes = StaticRoutes
diff --git a/vendor/github.com/docker/libnetwork/endpoint_info_unix.go b/libnetwork/endpoint_info_unix.go
similarity index 97%
rename from vendor/github.com/docker/libnetwork/endpoint_info_unix.go
rename to libnetwork/endpoint_info_unix.go
index f2534f490473e..018f02b367c42 100644
--- a/vendor/github.com/docker/libnetwork/endpoint_info_unix.go
+++ b/libnetwork/endpoint_info_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package libnetwork
diff --git a/vendor/github.com/docker/libnetwork/endpoint_info_windows.go b/libnetwork/endpoint_info_windows.go
similarity index 97%
rename from vendor/github.com/docker/libnetwork/endpoint_info_windows.go
rename to libnetwork/endpoint_info_windows.go
index 93ad8330e9d82..378cf8454da98 100644
--- a/vendor/github.com/docker/libnetwork/endpoint_info_windows.go
+++ b/libnetwork/endpoint_info_windows.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package libnetwork
diff --git a/libnetwork/endpoint_test.go b/libnetwork/endpoint_test.go
new file mode 100644
index 0000000000000..22cb160b9bea2
--- /dev/null
+++ b/libnetwork/endpoint_test.go
@@ -0,0 +1,76 @@
+//go:build !windows
+// +build !windows
+
+package libnetwork
+
+import (
+	"os"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/testutils"
+)
+
+func TestHostsEntries(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	expectedHostsFile := `127.0.0.1	localhost
+::1	localhost ip6-localhost ip6-loopback
+fe00::0	ip6-localnet
+ff00::0	ip6-mcastprefix
+ff02::1	ip6-allnodes
+ff02::2	ip6-allrouters
+192.168.222.2	somehost.example.com somehost
+fe90::2	somehost.example.com somehost
+`
+
+	opts := []NetworkOption{NetworkOptionEnableIPv6(true), NetworkOptionIpam(ipamapi.DefaultIPAM, "",
+		[]*IpamConf{{PreferredPool: "192.168.222.0/24", Gateway: "192.168.222.1"}},
+		[]*IpamConf{{PreferredPool: "fe90::/64", Gateway: "fe90::1"}},
+		nil)}
+
+	c, nws := getTestEnv(t, opts)
+	ctrlr := c.(*controller)
+
+	hostsFile, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(hostsFile.Name())
+
+	sbx, err := ctrlr.NewSandbox("sandbox1", OptionHostsPath(hostsFile.Name()), OptionHostname("somehost.example.com"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ep1, err := nws[0].CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep1.Join(sbx, JoinOptionPriority(1)); err != nil {
+		t.Fatal(err)
+	}
+
+	data, err := os.ReadFile(hostsFile.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if string(data) != expectedHostsFile {
+		t.Fatalf("expected the hosts file to read:\n%q\nbut instead got the following:\n%q\n", expectedHostsFile, string(data))
+	}
+
+	if err := sbx.Delete(); err != nil {
+		t.Fatal(err)
+	}
+
+	if len(ctrlr.sandboxes) != 0 {
+		t.Fatalf("controller sandboxes is not empty. len = %d", len(ctrlr.sandboxes))
+	}
+
+	osl.GC()
+}
diff --git a/vendor/github.com/docker/libnetwork/error.go b/libnetwork/error.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/error.go
rename to libnetwork/error.go
diff --git a/libnetwork/errors_test.go b/libnetwork/errors_test.go
new file mode 100644
index 0000000000000..195ad4e8f8fd6
--- /dev/null
+++ b/libnetwork/errors_test.go
@@ -0,0 +1,51 @@
+package libnetwork
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+func TestErrorInterfaces(t *testing.T) {
+
+	badRequestErrorList := []error{ErrInvalidID(""), ErrInvalidName(""), ErrInvalidJoin{}, ErrInvalidNetworkDriver(""), InvalidContainerIDError(""), ErrNoSuchNetwork(""), ErrNoSuchEndpoint("")}
+	for _, err := range badRequestErrorList {
+		switch u := err.(type) {
+		case types.BadRequestError:
+			return
+		default:
+			t.Fatalf("Failed to detect err %v is of type BadRequestError. Got type: %T", err, u)
+		}
+	}
+
+	maskableErrorList := []error{ErrNoContainer{}}
+	for _, err := range maskableErrorList {
+		switch u := err.(type) {
+		case types.MaskableError:
+			return
+		default:
+			t.Fatalf("Failed to detect err %v is of type MaskableError. Got type: %T", err, u)
+		}
+	}
+
+	notFoundErrorList := []error{NetworkTypeError(""), &UnknownNetworkError{}, &UnknownEndpointError{}}
+	for _, err := range notFoundErrorList {
+		switch u := err.(type) {
+		case types.NotFoundError:
+			return
+		default:
+			t.Fatalf("Failed to detect err %v is of type NotFoundError. Got type: %T", err, u)
+		}
+	}
+
+	forbiddenErrorList := []error{NetworkTypeError(""), &UnknownNetworkError{}, &UnknownEndpointError{}}
+	for _, err := range forbiddenErrorList {
+		switch u := err.(type) {
+		case types.ForbiddenError:
+			return
+		default:
+			t.Fatalf("Failed to detect err %v is of type ForbiddenError. Got type: %T", err, u)
+		}
+	}
+
+}
diff --git a/vendor/github.com/docker/libnetwork/etchosts/etchosts.go b/libnetwork/etchosts/etchosts.go
similarity index 93%
rename from vendor/github.com/docker/libnetwork/etchosts/etchosts.go
rename to libnetwork/etchosts/etchosts.go
index d55298af456af..52063eeefd326 100644
--- a/vendor/github.com/docker/libnetwork/etchosts/etchosts.go
+++ b/libnetwork/etchosts/etchosts.go
@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"regexp"
 	"strings"
@@ -108,7 +107,7 @@ func Build(path, IP, hostname, domainname string, extraContent []Record) error {
 		}
 	}
 
-	return ioutil.WriteFile(path, content.Bytes(), 0644)
+	return os.WriteFile(path, content.Bytes(), 0644)
 }
 
 // Add adds an arbitrary number of Records to an already existing /etc/hosts file
@@ -124,7 +123,7 @@ func Add(path string, recs []Record) error {
 		return err
 	}
 
-	return ioutil.WriteFile(path, b, 0644)
+	return os.WriteFile(path, b, 0644)
 }
 
 func mergeRecords(path string, recs []Record) ([]byte, error) {
@@ -189,7 +188,7 @@ loop:
 	if err := s.Err(); err != nil {
 		return err
 	}
-	return ioutil.WriteFile(path, buf.Bytes(), 0644)
+	return os.WriteFile(path, buf.Bytes(), 0644)
 }
 
 // Update all IP addresses where hostname matches.
@@ -199,10 +198,10 @@ loop:
 func Update(path, IP, hostname string) error {
 	defer pathLock(path)()
 
-	old, err := ioutil.ReadFile(path)
+	old, err := os.ReadFile(path)
 	if err != nil {
 		return err
 	}
 	var re = regexp.MustCompile(fmt.Sprintf("(\\S*)(\\t%s)(\\s|\\.)", regexp.QuoteMeta(hostname)))
-	return ioutil.WriteFile(path, re.ReplaceAll(old, []byte(IP+"$2"+"$3")), 0644)
+	return os.WriteFile(path, re.ReplaceAll(old, []byte(IP+"$2"+"$3")), 0644)
 }
diff --git a/libnetwork/etchosts/etchosts_test.go b/libnetwork/etchosts/etchosts_test.go
new file mode 100644
index 0000000000000..4b494d84d3fff
--- /dev/null
+++ b/libnetwork/etchosts/etchosts_test.go
@@ -0,0 +1,515 @@
+package etchosts
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"testing"
+
+	"golang.org/x/sync/errgroup"
+)
+
+func TestBuildDefault(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	// check that /etc/hosts has consistent ordering
+	for i := 0; i <= 5; i++ {
+		err = Build(file.Name(), "", "", "", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		content, err := os.ReadFile(file.Name())
+		if err != nil {
+			t.Fatal(err)
+		}
+		expected := "127.0.0.1\tlocalhost\n::1\tlocalhost ip6-localhost ip6-loopback\nfe00::0\tip6-localnet\nff00::0\tip6-mcastprefix\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n"
+
+		if expected != string(content) {
+			t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+		}
+	}
+}
+
+func TestBuildHostnameDomainname(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "10.11.12.13", "testhostname", "testdomainname", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "10.11.12.13\ttesthostname.testdomainname testhostname\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestBuildHostname(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "10.11.12.13", "testhostname", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "10.11.12.13\ttesthostname\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestBuildHostnameFQDN(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "10.11.12.13", "testhostname.testdomainname.com", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "10.11.12.13\ttesthostname.testdomainname.com testhostname\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestBuildNoIP(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "", "testhostname", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := ""; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestUpdate(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	if err := Build(file.Name(), "10.11.12.13", "testhostname", "testdomainname", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "10.11.12.13\ttesthostname.testdomainname testhostname\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+
+	if err := Update(file.Name(), "1.1.1.1", "testhostname"); err != nil {
+		t.Fatal(err)
+	}
+
+	content, err = os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "1.1.1.1\ttesthostname.testdomainname testhostname\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+// This regression test ensures that when a host is given a new IP
+// via the Update function that other hosts which start with the
+// same name as the targeted host are not erroneously updated as well.
+// In the test example, if updating a host called "prefix", unrelated
+// hosts named "prefixAndMore" or "prefix2" or anything else starting
+// with "prefix" should not be changed. For more information see
+// GitHub issue #603.
+func TestUpdateIgnoresPrefixedHostname(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	if err := Build(file.Name(), "10.11.12.13", "testhostname", "testdomainname", []Record{
+		{
+			Hosts: "prefix",
+			IP:    "2.2.2.2",
+		},
+		{
+			Hosts: "prefixAndMore",
+			IP:    "3.3.3.3",
+		},
+		{
+			Hosts: "unaffectedHost",
+			IP:    "4.4.4.4",
+		},
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "2.2.2.2\tprefix\n3.3.3.3\tprefixAndMore\n4.4.4.4\tunaffectedHost\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+
+	if err := Update(file.Name(), "5.5.5.5", "prefix"); err != nil {
+		t.Fatal(err)
+	}
+
+	content, err = os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "5.5.5.5\tprefix\n3.3.3.3\tprefixAndMore\n4.4.4.4\tunaffectedHost\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+
+}
+
+// This regression test covers the host prefix issue for the
+// Delete function. In the test example, if deleting a host called
+// "prefix", an unrelated host called "prefixAndMore" should not
+// be deleted. For more information see GitHub issue #603.
+func TestDeleteIgnoresPrefixedHostname(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "", "", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Add(file.Name(), []Record{
+		{
+			Hosts: "prefix",
+			IP:    "1.1.1.1",
+		},
+		{
+			Hosts: "prefixAndMore",
+			IP:    "2.2.2.2",
+		},
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Delete(file.Name(), []Record{
+		{
+			Hosts: "prefix",
+			IP:    "1.1.1.1",
+		},
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "2.2.2.2\tprefixAndMore\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+
+	if expected := "1.1.1.1\tprefix\n"; bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Did not expect to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestAddEmpty(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "", "", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Add(file.Name(), []Record{}); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestAdd(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "", "", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Add(file.Name(), []Record{
+		{
+			Hosts: "testhostname",
+			IP:    "2.2.2.2",
+		},
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "2.2.2.2\ttesthostname\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestDeleteEmpty(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "", "", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Delete(file.Name(), []Record{}); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestDeleteNewline(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	b := []byte("\n")
+	if _, err := file.Write(b); err != nil {
+		t.Fatal(err)
+	}
+
+	rec := []Record{
+		{
+			Hosts: "prefix",
+			IP:    "2.2.2.2",
+		},
+	}
+	if err := Delete(file.Name(), rec); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestDelete(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "", "", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Add(file.Name(), []Record{
+		{
+			Hosts: "testhostname1",
+			IP:    "1.1.1.1",
+		},
+		{
+			Hosts: "testhostname2",
+			IP:    "2.2.2.2",
+		},
+		{
+			Hosts: "testhostname3",
+			IP:    "3.3.3.3",
+		},
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Delete(file.Name(), []Record{
+		{
+			Hosts: "testhostname1",
+			IP:    "1.1.1.1",
+		},
+		{
+			Hosts: "testhostname3",
+			IP:    "3.3.3.3",
+		},
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "2.2.2.2\ttesthostname2\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+
+	if expected := "1.1.1.1\ttesthostname1\n"; bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Did not expect to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestConcurrentWrites(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), "", "", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Add(file.Name(), []Record{
+		{
+			Hosts: "inithostname",
+			IP:    "172.17.0.1",
+		},
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	group := new(errgroup.Group)
+	for i := 0; i < 10; i++ {
+		i := i
+		group.Go(func() error {
+			rec := []Record{
+				{
+					IP:    fmt.Sprintf("%d.%d.%d.%d", i, i, i, i),
+					Hosts: fmt.Sprintf("testhostname%d", i),
+				},
+			}
+
+			for j := 0; j < 25; j++ {
+				if err := Add(file.Name(), rec); err != nil {
+					return err
+				}
+
+				if err := Delete(file.Name(), rec); err != nil {
+					return err
+				}
+			}
+			return nil
+		})
+	}
+
+	if err := group.Wait(); err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "172.17.0.1\tinithostname\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func benchDelete(b *testing.B) {
+	b.StopTimer()
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer func() {
+		b.StopTimer()
+		file.Close()
+		os.Remove(file.Name())
+		b.StartTimer()
+	}()
+
+	err = Build(file.Name(), "", "", "", nil)
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	var records []Record
+	var toDelete []Record
+	for i := 0; i < 255; i++ {
+		record := Record{
+			Hosts: fmt.Sprintf("testhostname%d", i),
+			IP:    fmt.Sprintf("%d.%d.%d.%d", i, i, i, i),
+		}
+		records = append(records, record)
+		if i%2 == 0 {
+			toDelete = append(records, record)
+		}
+	}
+
+	if err := Add(file.Name(), records); err != nil {
+		b.Fatal(err)
+	}
+
+	b.StartTimer()
+	if err := Delete(file.Name(), toDelete); err != nil {
+		b.Fatal(err)
+	}
+}
+
+func BenchmarkDelete(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		benchDelete(b)
+	}
+}
diff --git a/libnetwork/firewall_linux.go b/libnetwork/firewall_linux.go
new file mode 100644
index 0000000000000..590e61f2af0bc
--- /dev/null
+++ b/libnetwork/firewall_linux.go
@@ -0,0 +1,46 @@
+package libnetwork
+
+import (
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/sirupsen/logrus"
+)
+
+const userChain = "DOCKER-USER"
+
+var (
+	ctrl *controller = nil
+)
+
+func setupArrangeUserFilterRule(c *controller) {
+	ctrl = c
+	iptables.OnReloaded(arrangeUserFilterRule)
+}
+
+// This chain allow users to configure firewall policies in a way that persists
+// docker operations/restarts. Docker will not delete or modify any pre-existing
+// rules from the DOCKER-USER filter chain.
+// Note once DOCKER-USER chain is created, docker engine does not remove it when
+// IPTableForwarding is disabled, because it contains rules configured by user that
+// are beyond docker engine's control.
+func arrangeUserFilterRule() {
+	if ctrl == nil || !ctrl.iptablesEnabled() {
+		return
+	}
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+	_, err := iptable.NewChain(userChain, iptables.Filter, false)
+	if err != nil {
+		logrus.Warnf("Failed to create %s chain: %v", userChain, err)
+		return
+	}
+
+	if err = iptable.AddReturnRule(userChain); err != nil {
+		logrus.Warnf("Failed to add the RETURN rule for %s: %v", userChain, err)
+		return
+	}
+
+	err = iptable.EnsureJumpRule("FORWARD", userChain)
+	if err != nil {
+		logrus.Warnf("Failed to ensure the jump rule for %s: %v", userChain, err)
+	}
+}
diff --git a/libnetwork/firewall_linux_test.go b/libnetwork/firewall_linux_test.go
new file mode 100644
index 0000000000000..e712900aafbe3
--- /dev/null
+++ b/libnetwork/firewall_linux_test.go
@@ -0,0 +1,103 @@
+package libnetwork
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"gotest.tools/v3/assert"
+)
+
+const (
+	fwdChainName = "FORWARD"
+	usrChainName = userChain
+)
+
+func TestUserChain(t *testing.T) {
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	nc, err := New()
+	assert.NilError(t, err)
+
+	tests := []struct {
+		iptables  bool
+		insert    bool // insert other rules to FORWARD
+		fwdChain  []string
+		userChain []string
+	}{
+		{
+			iptables: false,
+			insert:   false,
+			fwdChain: []string{"-P FORWARD ACCEPT"},
+		},
+		{
+			iptables:  true,
+			insert:    false,
+			fwdChain:  []string{"-P FORWARD ACCEPT", "-A FORWARD -j DOCKER-USER"},
+			userChain: []string{"-N DOCKER-USER", "-A DOCKER-USER -j RETURN"},
+		},
+		{
+			iptables:  true,
+			insert:    true,
+			fwdChain:  []string{"-P FORWARD ACCEPT", "-A FORWARD -j DOCKER-USER", "-A FORWARD -j DROP"},
+			userChain: []string{"-N DOCKER-USER", "-A DOCKER-USER -j RETURN"},
+		},
+	}
+
+	resetIptables(t)
+	for _, tc := range tests {
+		tc := tc
+		t.Run(fmt.Sprintf("iptables=%v,insert=%v", tc.iptables, tc.insert), func(t *testing.T) {
+			c := nc.(*controller)
+			c.cfg.Daemon.DriverCfg["bridge"] = map[string]interface{}{
+				netlabel.GenericData: options.Generic{
+					"EnableIPTables": tc.iptables,
+				},
+			}
+
+			// init. condition, FORWARD chain empty DOCKER-USER not exist
+			assert.DeepEqual(t, getRules(t, fwdChainName), []string{"-P FORWARD ACCEPT"})
+
+			if tc.insert {
+				_, err = iptable.Raw("-A", fwdChainName, "-j", "DROP")
+				assert.NilError(t, err)
+			}
+			arrangeUserFilterRule()
+
+			assert.DeepEqual(t, getRules(t, fwdChainName), tc.fwdChain)
+			if tc.userChain != nil {
+				assert.DeepEqual(t, getRules(t, usrChainName), tc.userChain)
+			} else {
+				_, err := iptable.Raw("-S", usrChainName)
+				assert.Assert(t, err != nil, "chain %v: created unexpectedly", usrChainName)
+			}
+		})
+		resetIptables(t)
+	}
+}
+
+func getRules(t *testing.T, chain string) []string {
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	t.Helper()
+	output, err := iptable.Raw("-S", chain)
+	assert.NilError(t, err, "chain %s: failed to get rules", chain)
+
+	rules := strings.Split(string(output), "\n")
+	if len(rules) > 0 {
+		rules = rules[:len(rules)-1]
+	}
+	return rules
+}
+
+func resetIptables(t *testing.T) {
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	t.Helper()
+	_, err := iptable.Raw("-F", fwdChainName)
+	assert.NilError(t, err)
+	_ = iptable.RemoveExistingChain(usrChainName, "")
+}
diff --git a/libnetwork/firewall_others.go b/libnetwork/firewall_others.go
new file mode 100644
index 0000000000000..c5a1fbac9fe28
--- /dev/null
+++ b/libnetwork/firewall_others.go
@@ -0,0 +1,7 @@
+//go:build !linux
+// +build !linux
+
+package libnetwork
+
+func setupArrangeUserFilterRule(c *controller) {}
+func arrangeUserFilterRule()                   {}
diff --git a/vendor/github.com/docker/libnetwork/hostdiscovery/hostdiscovery.go b/libnetwork/hostdiscovery/hostdiscovery.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/hostdiscovery/hostdiscovery.go
rename to libnetwork/hostdiscovery/hostdiscovery.go
index 452b5628c1365..a5dea04c2976d 100644
--- a/vendor/github.com/docker/libnetwork/hostdiscovery/hostdiscovery.go
+++ b/libnetwork/hostdiscovery/hostdiscovery.go
@@ -8,12 +8,13 @@ import (
 
 	mapset "github.com/deckarep/golang-set"
 	"github.com/docker/docker/pkg/discovery"
+
 	// Including KV
-	_ "github.com/docker/docker/pkg/discovery/kv"
+	"github.com/docker/docker/libnetwork/types"
+	_ "github.com/docker/docker/pkg/discovery/kv" // register all the things with host discovery
 	"github.com/docker/libkv/store/consul"
 	"github.com/docker/libkv/store/etcd"
 	"github.com/docker/libkv/store/zookeeper"
-	"github.com/docker/libnetwork/types"
 )
 
 type hostDiscovery struct {
diff --git a/vendor/github.com/docker/libnetwork/hostdiscovery/hostdiscovery_api.go b/libnetwork/hostdiscovery/hostdiscovery_api.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/hostdiscovery/hostdiscovery_api.go
rename to libnetwork/hostdiscovery/hostdiscovery_api.go
diff --git a/libnetwork/hostdiscovery/hostdiscovery_test.go b/libnetwork/hostdiscovery/hostdiscovery_test.go
new file mode 100644
index 0000000000000..2a6b0e45845cb
--- /dev/null
+++ b/libnetwork/hostdiscovery/hostdiscovery_test.go
@@ -0,0 +1,82 @@
+package hostdiscovery
+
+import (
+	"net"
+	"testing"
+
+	mapset "github.com/deckarep/golang-set"
+
+	"github.com/docker/docker/pkg/discovery"
+)
+
+func TestDiff(t *testing.T) {
+	existing := mapset.NewSetFromSlice([]interface{}{"1.1.1.1", "2.2.2.2"})
+	addedIP := "3.3.3.3"
+	updated := existing.Clone()
+	updated.Add(addedIP)
+
+	added, removed := diff(existing, updated)
+	if len(added) != 1 {
+		t.Fatalf("Diff failed for an Add update. Expecting 1 element, but got %d elements", len(added))
+	}
+	if added[0].String() != addedIP {
+		t.Fatalf("Expecting : %v, Got : %v", addedIP, added[0])
+	}
+	if len(removed) > 0 {
+		t.Fatalf("Diff failed for remove use-case. Expecting 0 element, but got %d elements", len(removed))
+	}
+
+	updated = mapset.NewSetFromSlice([]interface{}{addedIP})
+	added, removed = diff(existing, updated)
+	if len(removed) != 2 {
+		t.Fatalf("Diff failed for a remove update. Expecting 2 element, but got %d elements", len(removed))
+	}
+	if len(added) != 1 {
+		t.Fatalf("Diff failed for add use-case. Expecting 1 element, but got %d elements", len(added))
+	}
+}
+
+func TestAddedCallback(t *testing.T) {
+	hd := hostDiscovery{}
+	hd.nodes = mapset.NewSetFromSlice([]interface{}{"1.1.1.1"})
+	update := []*discovery.Entry{{Host: "1.1.1.1", Port: "0"}, {Host: "2.2.2.2", Port: "0"}}
+
+	added := false
+	removed := false
+	hd.processCallback(update, func() {}, func(hosts []net.IP) { added = true }, func(hosts []net.IP) { removed = true })
+	if !added {
+		t.Fatal("Expecting an Added callback notification. But none received")
+	}
+	if removed {
+		t.Fatal("Not expecting a Removed callback notification. But received a callback")
+	}
+}
+
+func TestRemovedCallback(t *testing.T) {
+	hd := hostDiscovery{}
+	hd.nodes = mapset.NewSetFromSlice([]interface{}{"1.1.1.1", "2.2.2.2"})
+	update := []*discovery.Entry{{Host: "1.1.1.1", Port: "0"}}
+
+	added := false
+	removed := false
+	hd.processCallback(update, func() {}, func(hosts []net.IP) { added = true }, func(hosts []net.IP) { removed = true })
+	if added {
+		t.Fatal("Not expecting an Added callback notification. But received a callback")
+	}
+	if !removed {
+		t.Fatal("Expecting a Removed callback notification. But none received")
+	}
+}
+
+func TestNoCallback(t *testing.T) {
+	hd := hostDiscovery{}
+	hd.nodes = mapset.NewSetFromSlice([]interface{}{"1.1.1.1", "2.2.2.2"})
+	update := []*discovery.Entry{{Host: "1.1.1.1", Port: "0"}, {Host: "2.2.2.2", Port: "0"}}
+
+	added := false
+	removed := false
+	hd.processCallback(update, func() {}, func(hosts []net.IP) { added = true }, func(hosts []net.IP) { removed = true })
+	if added || removed {
+		t.Fatal("Not expecting any callback notification. But received a callback")
+	}
+}
diff --git a/libnetwork/hostdiscovery/libnetwork.toml b/libnetwork/hostdiscovery/libnetwork.toml
new file mode 100644
index 0000000000000..7839d1e3a8b30
--- /dev/null
+++ b/libnetwork/hostdiscovery/libnetwork.toml
@@ -0,0 +1,6 @@
+title = "LibNetwork Configuration file"
+
+[cluster]
+  discovery = "consul://localhost:8500"
+  Address = "6.5.5.5"
+  Heartbeat = 3
diff --git a/vendor/github.com/docker/libnetwork/idm/idm.go b/libnetwork/idm/idm.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/idm/idm.go
rename to libnetwork/idm/idm.go
index d5843d4a580fd..49d16037a985e 100644
--- a/vendor/github.com/docker/libnetwork/idm/idm.go
+++ b/libnetwork/idm/idm.go
@@ -5,8 +5,8 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/docker/libnetwork/bitseq"
-	"github.com/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/bitseq"
+	"github.com/docker/docker/libnetwork/datastore"
 )
 
 // Idm manages the reservation/release of numerical ids from a contiguous set
diff --git a/libnetwork/idm/idm_test.go b/libnetwork/idm/idm_test.go
new file mode 100644
index 0000000000000..54055787bab1b
--- /dev/null
+++ b/libnetwork/idm/idm_test.go
@@ -0,0 +1,294 @@
+package idm
+
+import (
+	"testing"
+)
+
+func TestNew(t *testing.T) {
+	_, err := New(nil, "", 0, 1)
+	if err == nil {
+		t.Fatal("Expected failure, but succeeded")
+	}
+
+	_, err = New(nil, "myset", 1<<10, 0)
+	if err == nil {
+		t.Fatal("Expected failure, but succeeded")
+	}
+
+	i, err := New(nil, "myset", 0, 10)
+	if err != nil {
+		t.Fatalf("Unexpected failure: %v", err)
+	}
+	if i.handle == nil {
+		t.Fatal("set is not initialized")
+	}
+	if i.start != 0 {
+		t.Fatal("unexpected start")
+	}
+	if i.end != 10 {
+		t.Fatal("unexpected end")
+	}
+}
+
+func TestAllocate(t *testing.T) {
+	i, err := New(nil, "myids", 50, 52)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err = i.GetSpecificID(49); err == nil {
+		t.Fatal("Expected failure but succeeded")
+	}
+
+	if err = i.GetSpecificID(53); err == nil {
+		t.Fatal("Expected failure but succeeded")
+	}
+
+	o, err := i.GetID(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 50 {
+		t.Fatalf("Unexpected first id returned: %d", o)
+	}
+
+	err = i.GetSpecificID(50)
+	if err == nil {
+		t.Fatal(err)
+	}
+
+	o, err = i.GetID(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 51 {
+		t.Fatalf("Unexpected id returned: %d", o)
+	}
+
+	o, err = i.GetID(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 52 {
+		t.Fatalf("Unexpected id returned: %d", o)
+	}
+
+	o, err = i.GetID(false)
+	if err == nil {
+		t.Fatalf("Expected failure but succeeded: %d", o)
+	}
+
+	i.Release(50)
+
+	o, err = i.GetID(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 50 {
+		t.Fatal("Unexpected id returned")
+	}
+
+	i.Release(52)
+	err = i.GetSpecificID(52)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestUninitialized(t *testing.T) {
+	i := &Idm{}
+
+	if _, err := i.GetID(false); err == nil {
+		t.Fatal("Expected failure but succeeded")
+	}
+
+	if err := i.GetSpecificID(44); err == nil {
+		t.Fatal("Expected failure but succeeded")
+	}
+}
+
+func TestAllocateInRange(t *testing.T) {
+	i, err := New(nil, "myset", 5, 10)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	o, err := i.GetIDInRange(6, 6, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 6 {
+		t.Fatalf("Unexpected id returned. Expected: 6. Got: %d", o)
+	}
+
+	if err = i.GetSpecificID(6); err == nil {
+		t.Fatalf("Expected failure but succeeded")
+	}
+
+	o, err = i.GetID(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 5 {
+		t.Fatalf("Unexpected id returned. Expected: 5. Got: %d", o)
+	}
+
+	i.Release(6)
+
+	o, err = i.GetID(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 6 {
+		t.Fatalf("Unexpected id returned. Expected: 6. Got: %d", o)
+	}
+
+	for n := 7; n <= 10; n++ {
+		o, err := i.GetIDInRange(7, 10, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if o != uint64(n) {
+			t.Fatalf("Unexpected id returned. Expected: %d. Got: %d", n, o)
+		}
+	}
+
+	if err = i.GetSpecificID(7); err == nil {
+		t.Fatalf("Expected failure but succeeded")
+	}
+
+	if err = i.GetSpecificID(10); err == nil {
+		t.Fatalf("Expected failure but succeeded")
+	}
+
+	i.Release(10)
+
+	o, err = i.GetIDInRange(5, 10, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 10 {
+		t.Fatalf("Unexpected id returned. Expected: 10. Got: %d", o)
+	}
+
+	i.Release(5)
+
+	o, err = i.GetIDInRange(5, 10, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 5 {
+		t.Fatalf("Unexpected id returned. Expected: 5. Got: %d", o)
+	}
+
+	for n := 5; n <= 10; n++ {
+		i.Release(uint64(n))
+	}
+
+	for n := 5; n <= 10; n++ {
+		o, err := i.GetIDInRange(5, 10, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if o != uint64(n) {
+			t.Fatalf("Unexpected id returned. Expected: %d. Got: %d", n, o)
+		}
+	}
+
+	for n := 5; n <= 10; n++ {
+		if err = i.GetSpecificID(uint64(n)); err == nil {
+			t.Fatalf("Expected failure but succeeded for id: %d", n)
+		}
+	}
+
+	// New larger set
+	ul := uint64((1 << 24) - 1)
+	i, err = New(nil, "newset", 0, ul)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	o, err = i.GetIDInRange(4096, ul, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 4096 {
+		t.Fatalf("Unexpected id returned. Expected: 4096. Got: %d", o)
+	}
+
+	o, err = i.GetIDInRange(4096, ul, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 4097 {
+		t.Fatalf("Unexpected id returned. Expected: 4097. Got: %d", o)
+	}
+
+	o, err = i.GetIDInRange(4096, ul, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 4098 {
+		t.Fatalf("Unexpected id returned. Expected: 4098. Got: %d", o)
+	}
+}
+
+func TestAllocateSerial(t *testing.T) {
+	i, err := New(nil, "myids", 50, 55)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err = i.GetSpecificID(49); err == nil {
+		t.Fatal("Expected failure but succeeded")
+	}
+
+	if err = i.GetSpecificID(56); err == nil {
+		t.Fatal("Expected failure but succeeded")
+	}
+
+	o, err := i.GetID(true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 50 {
+		t.Fatalf("Unexpected first id returned: %d", o)
+	}
+
+	err = i.GetSpecificID(50)
+	if err == nil {
+		t.Fatal(err)
+	}
+
+	o, err = i.GetID(true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 51 {
+		t.Fatalf("Unexpected id returned: %d", o)
+	}
+
+	o, err = i.GetID(true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 52 {
+		t.Fatalf("Unexpected id returned: %d", o)
+	}
+
+	i.Release(50)
+
+	o, err = i.GetID(true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if o != 53 {
+		t.Fatal("Unexpected id returned")
+	}
+
+	i.Release(52)
+	err = i.GetSpecificID(52)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/internal/caller/caller.go b/libnetwork/internal/caller/caller.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/internal/caller/caller.go
rename to libnetwork/internal/caller/caller.go
diff --git a/libnetwork/internal/caller/caller_test.go b/libnetwork/internal/caller/caller_test.go
new file mode 100644
index 0000000000000..684cf5c1a1899
--- /dev/null
+++ b/libnetwork/internal/caller/caller_test.go
@@ -0,0 +1,51 @@
+package caller
+
+import (
+	"testing"
+)
+
+func fun1() string {
+	return Name(0)
+}
+
+func fun2() string {
+	return Name(1)
+}
+
+func fun3() string {
+	return fun4()
+}
+
+func fun4() string {
+	return Name(0)
+}
+
+func fun5() string {
+	return fun6()
+}
+
+func fun6() string {
+	return Name(1)
+}
+
+func TestCaller(t *testing.T) {
+	funName := fun1()
+	if funName != "fun1" {
+		t.Fatalf("error on fun1 caller %s", funName)
+	}
+
+	funName = fun2()
+	if funName != "TestCaller" {
+		t.Fatalf("error on fun2 caller %s", funName)
+	}
+
+	funName = fun3()
+	if funName != "fun4" {
+		t.Fatalf("error on fun2 caller %s", funName)
+	}
+
+	funName = fun5()
+	if funName != "fun5" {
+		t.Fatalf("error on fun5 caller %s", funName)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/internal/setmatrix/setmatrix.go b/libnetwork/internal/setmatrix/setmatrix.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/internal/setmatrix/setmatrix.go
rename to libnetwork/internal/setmatrix/setmatrix.go
diff --git a/libnetwork/internal/setmatrix/setmatrix_test.go b/libnetwork/internal/setmatrix/setmatrix_test.go
new file mode 100644
index 0000000000000..058a0f07cfa8a
--- /dev/null
+++ b/libnetwork/internal/setmatrix/setmatrix_test.go
@@ -0,0 +1,183 @@
+package setmatrix
+
+import (
+	"context"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestSetSerialInsertDelete(t *testing.T) {
+	s := NewSetMatrix()
+
+	b, i := s.Insert("a", "1")
+	if !b || i != 1 {
+		t.Fatalf("error in insert %t %d", b, i)
+	}
+	b, i = s.Insert("a", "1")
+	if b || i != 1 {
+		t.Fatalf("error in insert %t %d", b, i)
+	}
+	b, i = s.Insert("a", "2")
+	if !b || i != 2 {
+		t.Fatalf("error in insert %t %d", b, i)
+	}
+	b, i = s.Insert("a", "1")
+	if b || i != 2 {
+		t.Fatalf("error in insert %t %d", b, i)
+	}
+	b, i = s.Insert("a", "3")
+	if !b || i != 3 {
+		t.Fatalf("error in insert %t %d", b, i)
+	}
+	b, i = s.Insert("a", "2")
+	if b || i != 3 {
+		t.Fatalf("error in insert %t %d", b, i)
+	}
+	b, i = s.Insert("a", "3")
+	if b || i != 3 {
+		t.Fatalf("error in insert %t %d", b, i)
+	}
+	b, i = s.Insert("a", "4")
+	if !b || i != 4 {
+		t.Fatalf("error in insert %t %d", b, i)
+	}
+
+	b, p := s.Contains("a", "1")
+	if !b || !p {
+		t.Fatalf("error in contains %t %t", b, p)
+	}
+	b, p = s.Contains("a", "2")
+	if !b || !p {
+		t.Fatalf("error in contains %t %t", b, p)
+	}
+	b, p = s.Contains("a", "3")
+	if !b || !p {
+		t.Fatalf("error in contains %t %t", b, p)
+	}
+	b, p = s.Contains("a", "4")
+	if !b || !p {
+		t.Fatalf("error in contains %t %t", b, p)
+	}
+
+	i, b = s.Cardinality("a")
+	if !b || i != 4 {
+		t.Fatalf("error in cardinality count %t %d", b, i)
+	}
+	keys := s.Keys()
+	if len(keys) != 1 {
+		t.Fatalf("error in keys %v", keys)
+	}
+	str, b := s.String("a")
+	if !b ||
+		!strings.Contains(str, "1") ||
+		!strings.Contains(str, "2") ||
+		!strings.Contains(str, "3") ||
+		!strings.Contains(str, "4") {
+		t.Fatalf("error in string %t %s", b, str)
+	}
+
+	_, b = s.Get("a")
+	if !b {
+		t.Fatalf("error in get %t", b)
+	}
+
+	b, i = s.Remove("a", "1")
+	if !b || i != 3 {
+		t.Fatalf("error in remove %t %d", b, i)
+	}
+	b, i = s.Remove("a", "3")
+	if !b || i != 2 {
+		t.Fatalf("error in remove %t %d", b, i)
+	}
+	b, i = s.Remove("a", "1")
+	if b || i != 2 {
+		t.Fatalf("error in remove %t %d", b, i)
+	}
+	b, i = s.Remove("a", "4")
+	if !b || i != 1 {
+		t.Fatalf("error in remove %t %d", b, i)
+	}
+	b, i = s.Remove("a", "2")
+	if !b || i != 0 {
+		t.Fatalf("error in remove %t %d", b, i)
+	}
+	b, i = s.Remove("a", "2")
+	if b || i != 0 {
+		t.Fatalf("error in remove %t %d", b, i)
+	}
+
+	i, b = s.Cardinality("a")
+	if b || i != 0 {
+		t.Fatalf("error in cardinality count %t %d", b, i)
+	}
+
+	str, b = s.String("a")
+	if b || str != "" {
+		t.Fatalf("error in string %t %s", b, str)
+	}
+
+	keys = s.Keys()
+	if len(keys) > 0 {
+		t.Fatalf("error in keys %v", keys)
+	}
+
+	// Negative tests
+	_, b = s.Get("not exists")
+	if b {
+		t.Fatalf("error should not happen %t", b)
+	}
+
+	b1, b := s.Contains("not exists", "a")
+	if b1 || b {
+		t.Fatalf("error should not happen %t %t", b1, b)
+	}
+}
+
+func insertDeleteRotuine(ctx context.Context, endCh chan int, s SetMatrix, key, value string) {
+	for {
+		select {
+		case <-ctx.Done():
+			endCh <- 0
+			return
+		default:
+			b, _ := s.Insert(key, value)
+			if !b {
+				endCh <- 1
+				return
+			}
+
+			b, _ = s.Remove(key, value)
+			if !b {
+				endCh <- 2
+				return
+			}
+		}
+	}
+}
+
+func TestSetParallelInsertDelete(t *testing.T) {
+	s := NewSetMatrix()
+	parallelRoutines := 6
+	endCh := make(chan int)
+	// Let the routines running and competing for 10s
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	for i := 0; i < parallelRoutines; i++ {
+		go insertDeleteRotuine(ctx, endCh, s, "key-"+strconv.Itoa(i%3), strconv.Itoa(i))
+	}
+	for parallelRoutines > 0 {
+		v := <-endCh
+		if v == 1 {
+			t.Fatalf("error one goroutine failed on the insert")
+		}
+		if v == 2 {
+			t.Fatalf("error one goroutine failed on the remove")
+		}
+		parallelRoutines--
+	}
+	if i, b := s.Cardinality("key"); b || i > 0 {
+		t.Fatalf("error the set should be empty %t %d", b, i)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/ipam/allocator.go b/libnetwork/ipam/allocator.go
similarity index 97%
rename from vendor/github.com/docker/libnetwork/ipam/allocator.go
rename to libnetwork/ipam/allocator.go
index 73a682aba03c8..d7ed917637419 100644
--- a/vendor/github.com/docker/libnetwork/ipam/allocator.go
+++ b/libnetwork/ipam/allocator.go
@@ -6,21 +6,18 @@ import (
 	"sort"
 	"sync"
 
-	"github.com/docker/libnetwork/bitseq"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/ipamutils"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/bitseq"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/ipamutils"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
 const (
 	localAddressSpace  = "LocalDefault"
 	globalAddressSpace = "GlobalDefault"
-	// The biggest configurable host subnets
-	minNetSize   = 8
-	minNetSizeV6 = 64
 	// datastore keyes for ipam objects
 	dsConfigKey = "ipam/" + ipamapi.DefaultIPAM + "/config"
 	dsDataKey   = "ipam/" + ipamapi.DefaultIPAM + "/data"
@@ -103,11 +100,9 @@ func (a *Allocator) updateBitMasks(aSpace *addrSpace) error {
 	aSpace.Unlock()
 
 	// Add the bitmasks (data could come from datastore)
-	if inserterList != nil {
-		for _, f := range inserterList {
-			if err := f(); err != nil {
-				return err
-			}
+	for _, f := range inserterList {
+		if err := f(); err != nil {
+			return err
 		}
 	}
 
@@ -572,7 +567,7 @@ func (a *Allocator) getAddress(nw *net.IPNet, bitmask *bitseq.Handle, prefAddres
 	logrus.Debugf("Request address PoolID:%v %s Serial:%v PrefAddress:%v ", nw, bitmask.String(), serial, prefAddress)
 	base = types.GetIPNetCopy(nw)
 
-	if bitmask.Unselected() <= 0 {
+	if bitmask.Unselected() == 0 {
 		return nil, ipamapi.ErrNoAvailableIPs
 	}
 	if ipr == nil && prefAddress == nil {
diff --git a/libnetwork/ipam/allocator_test.go b/libnetwork/ipam/allocator_test.go
new file mode 100644
index 0000000000000..8b05d32371a03
--- /dev/null
+++ b/libnetwork/ipam/allocator_test.go
@@ -0,0 +1,1554 @@
+package ipam
+
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+	"math/rand"
+	"net"
+	"os"
+	"path/filepath"
+	"strconv"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/libnetwork/bitseq"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/libkv/store"
+	"github.com/docker/libkv/store/boltdb"
+	"golang.org/x/sync/errgroup"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+var (
+	defaultPrefix = filepath.Join(os.TempDir(), "libnetwork", "test", "ipam")
+)
+
+func init() {
+	boltdb.Register()
+}
+
+// OptionBoltdbWithRandomDBFile function returns a random dir for local store backend
+func randomLocalStore(needStore bool) (datastore.DataStore, error) {
+	if !needStore {
+		return nil, nil
+	}
+	tmp, err := os.CreateTemp("", "libnetwork-")
+	if err != nil {
+		return nil, fmt.Errorf("Error creating temp file: %v", err)
+	}
+	if err := tmp.Close(); err != nil {
+		return nil, fmt.Errorf("Error closing temp file: %v", err)
+	}
+	return datastore.NewDataStore(datastore.LocalScope, &datastore.ScopeCfg{
+		Client: datastore.ScopeClientCfg{
+			Provider: "boltdb",
+			Address:  filepath.Join(defaultPrefix, filepath.Base(tmp.Name())),
+			Config: &store.Config{
+				Bucket:            "libnetwork",
+				ConnectionTimeout: 3 * time.Second,
+			},
+		},
+	})
+}
+
+func getAllocator(store bool) (*Allocator, error) {
+	ds, err := randomLocalStore(store)
+	if err != nil {
+		return nil, err
+	}
+	return NewAllocator(ds, nil)
+}
+
+func TestInt2IP2IntConversion(t *testing.T) {
+	for i := uint64(0); i < 256*256*256; i++ {
+		var array [4]byte // new array at each cycle
+		addIntToIP(array[:], i)
+		j := ipToUint64(array[:])
+		if j != i {
+			t.Fatalf("Failed to convert ordinal %d to IP % x and back to ordinal. Got %d", i, array, j)
+		}
+	}
+}
+
+func TestGetAddressVersion(t *testing.T) {
+	if v4 != getAddressVersion(net.ParseIP("172.28.30.112")) {
+		t.Fatal("Failed to detect IPv4 version")
+	}
+	if v4 != getAddressVersion(net.ParseIP("0.0.0.1")) {
+		t.Fatal("Failed to detect IPv4 version")
+	}
+	if v6 != getAddressVersion(net.ParseIP("ff01::1")) {
+		t.Fatal("Failed to detect IPv6 version")
+	}
+	if v6 != getAddressVersion(net.ParseIP("2001:db8::76:51")) {
+		t.Fatal("Failed to detect IPv6 version")
+	}
+}
+
+func TestKeyString(t *testing.T) {
+	k := &SubnetKey{AddressSpace: "default", Subnet: "172.27.0.0/16"}
+	expected := "default/172.27.0.0/16"
+	if expected != k.String() {
+		t.Fatalf("Unexpected key string: %s", k.String())
+	}
+
+	k2 := &SubnetKey{}
+	err := k2.FromString(expected)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if k2.AddressSpace != k.AddressSpace || k2.Subnet != k.Subnet {
+		t.Fatalf("SubnetKey.FromString() failed. Expected %v. Got %v", k, k2)
+	}
+
+	expected = fmt.Sprintf("%s/%s", expected, "172.27.3.0/24")
+	k.ChildSubnet = "172.27.3.0/24"
+	if expected != k.String() {
+		t.Fatalf("Unexpected key string: %s", k.String())
+	}
+
+	err = k2.FromString(expected)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if k2.AddressSpace != k.AddressSpace || k2.Subnet != k.Subnet || k2.ChildSubnet != k.ChildSubnet {
+		t.Fatalf("SubnetKey.FromString() failed. Expected %v. Got %v", k, k2)
+	}
+}
+
+func TestPoolDataMarshal(t *testing.T) {
+	_, nw, err := net.ParseCIDR("172.28.30.1/24")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	p := &PoolData{
+		ParentKey: SubnetKey{AddressSpace: "Blue", Subnet: "172.28.0.0/16"},
+		Pool:      nw,
+		Range:     &AddressRange{Sub: &net.IPNet{IP: net.IP{172, 28, 20, 0}, Mask: net.IPMask{255, 255, 255, 0}}, Start: 0, End: 255},
+		RefCount:  4,
+	}
+
+	ba, err := json.Marshal(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var q PoolData
+	err = json.Unmarshal(ba, &q)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if p.ParentKey != q.ParentKey || !types.CompareIPNet(p.Range.Sub, q.Range.Sub) ||
+		p.Range.Start != q.Range.Start || p.Range.End != q.Range.End || p.RefCount != q.RefCount ||
+		!types.CompareIPNet(p.Pool, q.Pool) {
+		t.Fatalf("\n%#v\n%#v", p, &q)
+	}
+
+	p = &PoolData{
+		ParentKey: SubnetKey{AddressSpace: "Blue", Subnet: "172.28.0.0/16"},
+		Pool:      nw,
+		RefCount:  4,
+	}
+
+	ba, err = json.Marshal(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = json.Unmarshal(ba, &q)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if q.Range != nil {
+		t.Fatal("Unexpected Range")
+	}
+}
+
+func TestSubnetsMarshal(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		if err != nil {
+			t.Fatal(err)
+		}
+		pid0, _, _, err := a.RequestPool(localAddressSpace, "192.168.0.0/16", "", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		pid1, _, _, err := a.RequestPool(localAddressSpace, "192.169.0.0/16", "", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		_, _, err = a.RequestAddress(pid0, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		cfg, err := a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		ba := cfg.Value()
+		if err := cfg.SetValue(ba); err != nil {
+			t.Fatal(err)
+		}
+
+		expIP := &net.IPNet{IP: net.IP{192, 168, 0, 2}, Mask: net.IPMask{255, 255, 0, 0}}
+		ip, _, err := a.RequestAddress(pid0, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(expIP, ip) {
+			t.Fatalf("Got unexpected ip after pool config restore: %s", ip)
+		}
+
+		expIP = &net.IPNet{IP: net.IP{192, 169, 0, 1}, Mask: net.IPMask{255, 255, 0, 0}}
+		ip, _, err = a.RequestAddress(pid1, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(expIP, ip) {
+			t.Fatalf("Got unexpected ip after pool config restore: %s", ip)
+		}
+	}
+}
+
+func TestAddSubnets(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		if err != nil {
+			t.Fatal(err)
+		}
+		a.addrSpaces["abc"] = a.addrSpaces[localAddressSpace]
+
+		pid0, _, _, err := a.RequestPool(localAddressSpace, "10.0.0.0/8", "", nil, false)
+		if err != nil {
+			t.Fatal("Unexpected failure in adding subnet")
+		}
+
+		pid1, _, _, err := a.RequestPool("abc", "10.0.0.0/8", "", nil, false)
+		if err != nil {
+			t.Fatalf("Unexpected failure in adding overlapping subnets to different address spaces: %v", err)
+		}
+
+		if pid0 == pid1 {
+			t.Fatal("returned same pool id for same subnets in different namespaces")
+		}
+
+		_, _, _, err = a.RequestPool("abc", "10.0.0.0/8", "", nil, false)
+		if err == nil {
+			t.Fatalf("Expected failure requesting existing subnet")
+		}
+
+		_, _, _, err = a.RequestPool("abc", "10.128.0.0/9", "", nil, false)
+		if err == nil {
+			t.Fatal("Expected failure on adding overlapping base subnet")
+		}
+
+		_, _, _, err = a.RequestPool("abc", "10.0.0.0/8", "10.128.0.0/9", nil, false)
+		if err != nil {
+			t.Fatalf("Unexpected failure on adding sub pool: %v", err)
+		}
+		_, _, _, err = a.RequestPool("abc", "10.0.0.0/8", "10.128.0.0/9", nil, false)
+		if err == nil {
+			t.Fatalf("Expected failure on adding overlapping sub pool")
+		}
+
+		_, _, _, err = a.RequestPool(localAddressSpace, "10.20.2.0/24", "", nil, false)
+		if err == nil {
+			t.Fatal("Failed to detect overlapping subnets")
+		}
+
+		_, _, _, err = a.RequestPool(localAddressSpace, "10.128.0.0/9", "", nil, false)
+		if err == nil {
+			t.Fatal("Failed to detect overlapping subnets")
+		}
+
+		_, _, _, err = a.RequestPool(localAddressSpace, "1003:1:2:3:4:5:6::/112", "", nil, false)
+		if err != nil {
+			t.Fatalf("Failed to add v6 subnet: %s", err.Error())
+		}
+
+		_, _, _, err = a.RequestPool(localAddressSpace, "1003:1:2:3::/64", "", nil, false)
+		if err == nil {
+			t.Fatal("Failed to detect overlapping v6 subnet")
+		}
+	}
+}
+
+// TestDoublePoolRelease tests that releasing a pool which has already
+// been released raises an error.
+func TestDoublePoolRelease(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		pid0, _, _, err := a.RequestPool(localAddressSpace, "10.0.0.0/8", "", nil, false)
+		assert.NilError(t, err)
+
+		err = a.ReleasePool(pid0)
+		assert.NilError(t, err)
+
+		err = a.ReleasePool(pid0)
+		assert.Check(t, is.ErrorContains(err, ""))
+	}
+}
+
+func TestAddReleasePoolID(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		var k0, k1 SubnetKey
+		_, err = a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		pid0, _, _, err := a.RequestPool(localAddressSpace, "10.0.0.0/8", "", nil, false)
+		if err != nil {
+			t.Fatal("Unexpected failure in adding pool")
+		}
+		if err := k0.FromString(pid0); err != nil {
+			t.Fatal(err)
+		}
+
+		aSpace, err := a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		subnets := aSpace.subnets
+
+		if subnets[k0].RefCount != 1 {
+			t.Fatalf("Unexpected ref count for %s: %d", k0, subnets[k0].RefCount)
+		}
+
+		pid1, _, _, err := a.RequestPool(localAddressSpace, "10.0.0.0/8", "10.0.0.0/16", nil, false)
+		if err != nil {
+			t.Fatal("Unexpected failure in adding sub pool")
+		}
+		if err := k1.FromString(pid1); err != nil {
+			t.Fatal(err)
+		}
+
+		if pid0 == pid1 {
+			t.Fatalf("Incorrect poolIDs returned %s, %s", pid0, pid1)
+		}
+
+		aSpace, err = a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		subnets = aSpace.subnets
+		if subnets[k1].RefCount != 1 {
+			t.Fatalf("Unexpected ref count for %s: %d", k1, subnets[k1].RefCount)
+		}
+
+		_, _, _, err = a.RequestPool(localAddressSpace, "10.0.0.0/8", "10.0.0.0/16", nil, false)
+		if err == nil {
+			t.Fatal("Expected failure in adding sub pool")
+		}
+
+		aSpace, err = a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		subnets = aSpace.subnets
+
+		if subnets[k0].RefCount != 2 {
+			t.Fatalf("Unexpected ref count for %s: %d", k0, subnets[k0].RefCount)
+		}
+
+		if err := a.ReleasePool(pid1); err != nil {
+			t.Fatal(err)
+		}
+
+		aSpace, err = a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		subnets = aSpace.subnets
+		if subnets[k0].RefCount != 1 {
+			t.Fatalf("Unexpected ref count for %s: %d", k0, subnets[k0].RefCount)
+		}
+		if err := a.ReleasePool(pid0); err != nil {
+			t.Fatal(err)
+		}
+
+		pid00, _, _, err := a.RequestPool(localAddressSpace, "10.0.0.0/8", "", nil, false)
+		if err != nil {
+			t.Fatal("Unexpected failure in adding pool")
+		}
+		if pid00 != pid0 {
+			t.Fatal("main pool should still exist")
+		}
+
+		aSpace, err = a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		subnets = aSpace.subnets
+		if subnets[k0].RefCount != 1 {
+			t.Fatalf("Unexpected ref count for %s: %d", k0, subnets[k0].RefCount)
+		}
+
+		if err := a.ReleasePool(pid00); err != nil {
+			t.Fatal(err)
+		}
+
+		aSpace, err = a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		subnets = aSpace.subnets
+		if bp, ok := subnets[k0]; ok {
+			t.Fatalf("Base pool %s is still present: %v", k0, bp)
+		}
+
+		_, _, _, err = a.RequestPool(localAddressSpace, "10.0.0.0/8", "", nil, false)
+		if err != nil {
+			t.Fatal("Unexpected failure in adding pool")
+		}
+
+		aSpace, err = a.getAddrSpace(localAddressSpace)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		subnets = aSpace.subnets
+		if subnets[k0].RefCount != 1 {
+			t.Fatalf("Unexpected ref count for %s: %d", k0, subnets[k0].RefCount)
+		}
+	}
+}
+
+func TestPredefinedPool(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		if _, err := a.getPredefinedPool("blue", false); err == nil {
+			t.Fatal("Expected failure for non default addr space")
+		}
+
+		pid, nw, _, err := a.RequestPool(localAddressSpace, "", "", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		nw2, err := a.getPredefinedPool(localAddressSpace, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if types.CompareIPNet(nw, nw2) {
+			t.Fatalf("Unexpected default network returned: %s = %s", nw2, nw)
+		}
+
+		if err := a.ReleasePool(pid); err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+func TestRemoveSubnet(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		a.addrSpaces["splane"] = &addrSpace{
+			id:      dsConfigKey + "/" + "splane",
+			ds:      a.addrSpaces[localAddressSpace].ds,
+			alloc:   a.addrSpaces[localAddressSpace].alloc,
+			scope:   a.addrSpaces[localAddressSpace].scope,
+			subnets: map[SubnetKey]*PoolData{},
+		}
+
+		input := []struct {
+			addrSpace string
+			subnet    string
+			v6        bool
+		}{
+			{localAddressSpace, "192.168.0.0/16", false},
+			{localAddressSpace, "172.17.0.0/16", false},
+			{localAddressSpace, "10.0.0.0/8", false},
+			{localAddressSpace, "2001:db8:1:2:3:4:ffff::/112", false},
+			{"splane", "172.17.0.0/16", false},
+			{"splane", "10.0.0.0/8", false},
+			{"splane", "2001:db8:1:2:3:4:5::/112", true},
+			{"splane", "2001:db8:1:2:3:4:ffff::/112", true},
+		}
+
+		poolIDs := make([]string, len(input))
+
+		for ind, i := range input {
+			if poolIDs[ind], _, _, err = a.RequestPool(i.addrSpace, i.subnet, "", nil, i.v6); err != nil {
+				t.Fatalf("Failed to apply input. Can't proceed: %s", err.Error())
+			}
+		}
+
+		for ind, id := range poolIDs {
+			if err := a.ReleasePool(id); err != nil {
+				t.Fatalf("Failed to release poolID %s (%d)", id, ind)
+			}
+		}
+	}
+}
+
+func TestGetSameAddress(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		a.addrSpaces["giallo"] = &addrSpace{
+			id:      dsConfigKey + "/" + "giallo",
+			ds:      a.addrSpaces[localAddressSpace].ds,
+			alloc:   a.addrSpaces[localAddressSpace].alloc,
+			scope:   a.addrSpaces[localAddressSpace].scope,
+			subnets: map[SubnetKey]*PoolData{},
+		}
+
+		pid, _, _, err := a.RequestPool("giallo", "192.168.100.0/24", "", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		ip := net.ParseIP("192.168.100.250")
+		_, _, err = a.RequestAddress(pid, ip, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, _, err = a.RequestAddress(pid, ip, nil)
+		if err == nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+func TestPoolAllocationReuse(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		// First get all pools until they are exhausted to
+		pList := []string{}
+		pool, _, _, err := a.RequestPool(localAddressSpace, "", "", nil, false)
+		for err == nil {
+			pList = append(pList, pool)
+			pool, _, _, err = a.RequestPool(localAddressSpace, "", "", nil, false)
+		}
+		nPools := len(pList)
+		for _, pool := range pList {
+			if err := a.ReleasePool(pool); err != nil {
+				t.Fatal(err)
+			}
+		}
+
+		// Now try to allocate then free nPool pools sequentially.
+		// Verify that we don't see any repeat networks even though
+		// we have freed them.
+		seen := map[string]bool{}
+		for i := 0; i < nPools; i++ {
+			pool, nw, _, err := a.RequestPool(localAddressSpace, "", "", nil, false)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if _, ok := seen[nw.String()]; ok {
+				t.Fatalf("Network %s was reused before exhausing the pool list", nw.String())
+			}
+			seen[nw.String()] = true
+			if err := a.ReleasePool(pool); err != nil {
+				t.Fatal(err)
+			}
+		}
+	}
+}
+
+func TestGetAddressSubPoolEqualPool(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		// Requesting a subpool of same size of the master pool should not cause any problem on ip allocation
+		pid, _, _, err := a.RequestPool(localAddressSpace, "172.18.0.0/16", "172.18.0.0/16", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, _, err = a.RequestAddress(pid, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+func TestRequestReleaseAddressFromSubPool(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		a.addrSpaces["rosso"] = &addrSpace{
+			id:      dsConfigKey + "/" + "rosso",
+			ds:      a.addrSpaces[localAddressSpace].ds,
+			alloc:   a.addrSpaces[localAddressSpace].alloc,
+			scope:   a.addrSpaces[localAddressSpace].scope,
+			subnets: map[SubnetKey]*PoolData{},
+		}
+
+		poolID, _, _, err := a.RequestPool("rosso", "172.28.0.0/16", "172.28.30.0/24", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		var ip *net.IPNet
+		expected := &net.IPNet{IP: net.IP{172, 28, 30, 255}, Mask: net.IPMask{255, 255, 0, 0}}
+		for err == nil {
+			var c *net.IPNet
+			if c, _, err = a.RequestAddress(poolID, nil, nil); err == nil {
+				ip = c
+			}
+		}
+		if err != ipamapi.ErrNoAvailableIPs {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(expected, ip) {
+			t.Fatalf("Unexpected last IP from subpool. Expected: %s. Got: %v.", expected, ip)
+		}
+		rp := &net.IPNet{IP: net.IP{172, 28, 30, 97}, Mask: net.IPMask{255, 255, 0, 0}}
+		if err = a.ReleaseAddress(poolID, rp.IP); err != nil {
+			t.Fatal(err)
+		}
+		if ip, _, err = a.RequestAddress(poolID, nil, nil); err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(rp, ip) {
+			t.Fatalf("Unexpected IP from subpool. Expected: %s. Got: %v.", rp, ip)
+		}
+
+		_, _, _, err = a.RequestPool("rosso", "10.0.0.0/8", "10.0.0.0/16", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		poolID, _, _, err = a.RequestPool("rosso", "10.0.0.0/16", "10.0.0.0/24", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		expected = &net.IPNet{IP: net.IP{10, 0, 0, 255}, Mask: net.IPMask{255, 255, 0, 0}}
+		for err == nil {
+			var c *net.IPNet
+			if c, _, err = a.RequestAddress(poolID, nil, nil); err == nil {
+				ip = c
+			}
+		}
+		if err != ipamapi.ErrNoAvailableIPs {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(expected, ip) {
+			t.Fatalf("Unexpected last IP from subpool. Expected: %s. Got: %v.", expected, ip)
+		}
+		rp = &net.IPNet{IP: net.IP{10, 0, 0, 79}, Mask: net.IPMask{255, 255, 0, 0}}
+		if err = a.ReleaseAddress(poolID, rp.IP); err != nil {
+			t.Fatal(err)
+		}
+		if ip, _, err = a.RequestAddress(poolID, nil, nil); err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(rp, ip) {
+			t.Fatalf("Unexpected IP from subpool. Expected: %s. Got: %v.", rp, ip)
+		}
+
+		// Request any addresses from subpool after explicit address request
+		unoExp, _ := types.ParseCIDR("10.2.2.0/16")
+		dueExp, _ := types.ParseCIDR("10.2.2.2/16")
+		treExp, _ := types.ParseCIDR("10.2.2.1/16")
+
+		if poolID, _, _, err = a.RequestPool("rosso", "10.2.0.0/16", "10.2.2.0/24", nil, false); err != nil {
+			t.Fatal(err)
+		}
+		tre, _, err := a.RequestAddress(poolID, treExp.IP, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(tre, treExp) {
+			t.Fatalf("Unexpected address: %v", tre)
+		}
+
+		uno, _, err := a.RequestAddress(poolID, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(uno, unoExp) {
+			t.Fatalf("Unexpected address: %v", uno)
+		}
+
+		due, _, err := a.RequestAddress(poolID, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(due, dueExp) {
+			t.Fatalf("Unexpected address: %v", due)
+		}
+
+		if err = a.ReleaseAddress(poolID, uno.IP); err != nil {
+			t.Fatal(err)
+		}
+		uno, _, err = a.RequestAddress(poolID, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(uno, unoExp) {
+			t.Fatalf("Unexpected address: %v", uno)
+		}
+
+		if err = a.ReleaseAddress(poolID, tre.IP); err != nil {
+			t.Fatal(err)
+		}
+		tre, _, err = a.RequestAddress(poolID, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(tre, treExp) {
+			t.Fatalf("Unexpected address: %v", tre)
+		}
+	}
+}
+
+func TestSerializeRequestReleaseAddressFromSubPool(t *testing.T) {
+	opts := map[string]string{
+		ipamapi.AllocSerialPrefix: "true"}
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		a.addrSpaces["rosso"] = &addrSpace{
+			id:      dsConfigKey + "/" + "rosso",
+			ds:      a.addrSpaces[localAddressSpace].ds,
+			alloc:   a.addrSpaces[localAddressSpace].alloc,
+			scope:   a.addrSpaces[localAddressSpace].scope,
+			subnets: map[SubnetKey]*PoolData{},
+		}
+
+		poolID, _, _, err := a.RequestPool("rosso", "172.28.0.0/16", "172.28.30.0/24", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		var ip *net.IPNet
+		expected := &net.IPNet{IP: net.IP{172, 28, 30, 255}, Mask: net.IPMask{255, 255, 0, 0}}
+		for err == nil {
+			var c *net.IPNet
+			if c, _, err = a.RequestAddress(poolID, nil, opts); err == nil {
+				ip = c
+			}
+		}
+		if err != ipamapi.ErrNoAvailableIPs {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(expected, ip) {
+			t.Fatalf("Unexpected last IP from subpool. Expected: %s. Got: %v.", expected, ip)
+		}
+		rp := &net.IPNet{IP: net.IP{172, 28, 30, 97}, Mask: net.IPMask{255, 255, 0, 0}}
+		if err = a.ReleaseAddress(poolID, rp.IP); err != nil {
+			t.Fatal(err)
+		}
+		if ip, _, err = a.RequestAddress(poolID, nil, opts); err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(rp, ip) {
+			t.Fatalf("Unexpected IP from subpool. Expected: %s. Got: %v.", rp, ip)
+		}
+
+		_, _, _, err = a.RequestPool("rosso", "10.0.0.0/8", "10.0.0.0/16", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		poolID, _, _, err = a.RequestPool("rosso", "10.0.0.0/16", "10.0.0.0/24", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+		expected = &net.IPNet{IP: net.IP{10, 0, 0, 255}, Mask: net.IPMask{255, 255, 0, 0}}
+		for err == nil {
+			var c *net.IPNet
+			if c, _, err = a.RequestAddress(poolID, nil, opts); err == nil {
+				ip = c
+			}
+		}
+		if err != ipamapi.ErrNoAvailableIPs {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(expected, ip) {
+			t.Fatalf("Unexpected last IP from subpool. Expected: %s. Got: %v.", expected, ip)
+		}
+		rp = &net.IPNet{IP: net.IP{10, 0, 0, 79}, Mask: net.IPMask{255, 255, 0, 0}}
+		if err = a.ReleaseAddress(poolID, rp.IP); err != nil {
+			t.Fatal(err)
+		}
+		if ip, _, err = a.RequestAddress(poolID, nil, opts); err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(rp, ip) {
+			t.Fatalf("Unexpected IP from subpool. Expected: %s. Got: %v.", rp, ip)
+		}
+
+		// Request any addresses from subpool after explicit address request
+		unoExp, _ := types.ParseCIDR("10.2.2.0/16")
+		dueExp, _ := types.ParseCIDR("10.2.2.2/16")
+		treExp, _ := types.ParseCIDR("10.2.2.1/16")
+		quaExp, _ := types.ParseCIDR("10.2.2.3/16")
+		fivExp, _ := types.ParseCIDR("10.2.2.4/16")
+		if poolID, _, _, err = a.RequestPool("rosso", "10.2.0.0/16", "10.2.2.0/24", nil, false); err != nil {
+			t.Fatal(err)
+		}
+		tre, _, err := a.RequestAddress(poolID, treExp.IP, opts)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(tre, treExp) {
+			t.Fatalf("Unexpected address: %v", tre)
+		}
+
+		uno, _, err := a.RequestAddress(poolID, nil, opts)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(uno, unoExp) {
+			t.Fatalf("Unexpected address: %v", uno)
+		}
+
+		due, _, err := a.RequestAddress(poolID, nil, opts)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(due, dueExp) {
+			t.Fatalf("Unexpected address: %v", due)
+		}
+
+		if err = a.ReleaseAddress(poolID, uno.IP); err != nil {
+			t.Fatal(err)
+		}
+		uno, _, err = a.RequestAddress(poolID, nil, opts)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(uno, quaExp) {
+			t.Fatalf("Unexpected address: %v", uno)
+		}
+
+		if err = a.ReleaseAddress(poolID, tre.IP); err != nil {
+			t.Fatal(err)
+		}
+		tre, _, err = a.RequestAddress(poolID, nil, opts)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !types.CompareIPNet(tre, fivExp) {
+			t.Fatalf("Unexpected address: %v", tre)
+		}
+	}
+}
+
+func TestGetAddress(t *testing.T) {
+	input := []string{
+		/*"10.0.0.0/8", "10.0.0.0/9", "10.0.0.0/10",*/ "10.0.0.0/11", "10.0.0.0/12", "10.0.0.0/13", "10.0.0.0/14",
+		"10.0.0.0/15", "10.0.0.0/16", "10.0.0.0/17", "10.0.0.0/18", "10.0.0.0/19", "10.0.0.0/20", "10.0.0.0/21",
+		"10.0.0.0/22", "10.0.0.0/23", "10.0.0.0/24", "10.0.0.0/25", "10.0.0.0/26", "10.0.0.0/27", "10.0.0.0/28",
+		"10.0.0.0/29", "10.0.0.0/30", "10.0.0.0/31"}
+
+	for _, subnet := range input {
+		assertGetAddress(t, subnet)
+	}
+}
+
+func TestRequestSyntaxCheck(t *testing.T) {
+	var (
+		pool    = "192.168.0.0/16"
+		subPool = "192.168.0.0/24"
+		as      = "green"
+	)
+
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		a.addrSpaces[as] = &addrSpace{
+			id:      dsConfigKey + "/" + as,
+			ds:      a.addrSpaces[localAddressSpace].ds,
+			alloc:   a.addrSpaces[localAddressSpace].alloc,
+			scope:   a.addrSpaces[localAddressSpace].scope,
+			subnets: map[SubnetKey]*PoolData{},
+		}
+
+		_, _, _, err = a.RequestPool("", pool, "", nil, false)
+		if err == nil {
+			t.Fatal("Failed to detect wrong request: empty address space")
+		}
+
+		_, _, _, err = a.RequestPool("", pool, subPool, nil, false)
+		if err == nil {
+			t.Fatal("Failed to detect wrong request: empty address space")
+		}
+
+		_, _, _, err = a.RequestPool(as, "", subPool, nil, false)
+		if err == nil {
+			t.Fatal("Failed to detect wrong request: subPool specified and no pool")
+		}
+
+		pid, _, _, err := a.RequestPool(as, pool, subPool, nil, false)
+		if err != nil {
+			t.Fatalf("Unexpected failure: %v", err)
+		}
+
+		_, _, err = a.RequestAddress("", nil, nil)
+		if err == nil {
+			t.Fatal("Failed to detect wrong request: no pool id specified")
+		}
+
+		ip := net.ParseIP("172.17.0.23")
+		_, _, err = a.RequestAddress(pid, ip, nil)
+		if err == nil {
+			t.Fatal("Failed to detect wrong request: requested IP from different subnet")
+		}
+
+		ip = net.ParseIP("192.168.0.50")
+		_, _, err = a.RequestAddress(pid, ip, nil)
+		if err != nil {
+			t.Fatalf("Unexpected failure: %v", err)
+		}
+
+		err = a.ReleaseAddress("", ip)
+		if err == nil {
+			t.Fatal("Failed to detect wrong request: no pool id specified")
+		}
+
+		err = a.ReleaseAddress(pid, nil)
+		if err == nil {
+			t.Fatal("Failed to detect wrong request: no pool id specified")
+		}
+
+		err = a.ReleaseAddress(pid, ip)
+		if err != nil {
+			t.Fatalf("Unexpected failure: %v: %s, %s", err, pid, ip)
+		}
+	}
+}
+
+func TestRequest(t *testing.T) {
+	// Request N addresses from different size subnets, verifying last request
+	// returns expected address. Internal subnet host size is Allocator's default, 16
+	input := []struct {
+		subnet string
+		numReq int
+		lastIP string
+	}{
+		{"192.168.59.0/24", 254, "192.168.59.254"},
+		{"192.168.240.0/20", 255, "192.168.240.255"},
+		{"192.168.0.0/16", 255, "192.168.0.255"},
+		{"192.168.0.0/16", 256, "192.168.1.0"},
+		{"10.16.0.0/16", 255, "10.16.0.255"},
+		{"10.128.0.0/12", 255, "10.128.0.255"},
+		{"10.0.0.0/8", 256, "10.0.1.0"},
+
+		{"192.168.128.0/18", 4*256 - 1, "192.168.131.255"},
+		/*
+			{"192.168.240.0/20", 16*256 - 2, "192.168.255.254"},
+
+			{"192.168.0.0/16", 256*256 - 2, "192.168.255.254"},
+			{"10.0.0.0/8", 2 * 256, "10.0.2.0"},
+			{"10.0.0.0/8", 5 * 256, "10.0.5.0"},
+			{"10.0.0.0/8", 100 * 256 * 254, "10.99.255.254"},
+		*/
+	}
+
+	for _, d := range input {
+		assertNRequests(t, d.subnet, d.numReq, d.lastIP)
+	}
+}
+
+// TestOverlappingRequests tests that overlapping subnets cannot be allocated.
+// Requests for subnets which are supersets or subsets of existing allocations,
+// or which overlap at the beginning or end, should not be permitted.
+func TestOverlappingRequests(t *testing.T) {
+	input := []struct {
+		environment []string
+		subnet      string
+		ok          bool
+	}{
+		// IPv4
+		// Previously allocated network does not overlap with request
+		{[]string{"10.0.0.0/8"}, "11.0.0.0/8", true},
+		{[]string{"74.0.0.0/7"}, "9.111.99.72/30", true},
+		{[]string{"110.192.0.0/10"}, "16.0.0.0/10", true},
+
+		// Previously allocated network entirely contains request
+		{[]string{"10.0.0.0/8"}, "10.0.0.0/8", false}, // exact overlap
+		{[]string{"0.0.0.0/1"}, "16.182.0.0/15", false},
+		{[]string{"16.0.0.0/4"}, "17.11.66.0/23", false},
+
+		// Previously allocated network overlaps beginning of request
+		{[]string{"0.0.0.0/1"}, "0.0.0.0/0", false},
+		{[]string{"64.0.0.0/6"}, "64.0.0.0/3", false},
+		{[]string{"112.0.0.0/6"}, "112.0.0.0/4", false},
+
+		// Previously allocated network overlaps end of request
+		{[]string{"96.0.0.0/3"}, "0.0.0.0/1", false},
+		{[]string{"192.0.0.0/2"}, "128.0.0.0/1", false},
+		{[]string{"95.0.0.0/8"}, "92.0.0.0/6", false},
+
+		// Previously allocated network entirely contained within request
+		{[]string{"10.0.0.0/8"}, "10.0.0.0/6", false}, // non-canonical
+		{[]string{"10.0.0.0/8"}, "8.0.0.0/6", false},  // canonical
+		{[]string{"25.173.144.0/20"}, "0.0.0.0/0", false},
+
+		// IPv6
+		// Previously allocated network entirely contains request
+		{[]string{"::/0"}, "f656:3484:c878:a05:e540:a6ed:4d70:3740/123", false},
+		{[]string{"8000::/1"}, "8fe8:e7c4:5779::/49", false},
+		{[]string{"f000::/4"}, "ffc7:6000::/19", false},
+
+		// Previously allocated network overlaps beginning of request
+		{[]string{"::/2"}, "::/0", false},
+		{[]string{"::/3"}, "::/1", false},
+		{[]string{"::/6"}, "::/5", false},
+
+		// Previously allocated network overlaps end of request
+		{[]string{"c000::/2"}, "8000::/1", false},
+		{[]string{"7c00::/6"}, "::/1", false},
+		{[]string{"cf80::/9"}, "c000::/4", false},
+
+		// Previously allocated network entirely contained within request
+		{[]string{"ff77:93f8::/29"}, "::/0", false},
+		{[]string{"9287:2e20:5134:fab6:9061:a0c6:bfe3:9400/119"}, "8000::/1", false},
+		{[]string{"3ea1:bfa9:8691:d1c6:8c46:519b:db6d:e700/120"}, "3000::/4", false},
+	}
+
+	for _, store := range []bool{false, true} {
+		for _, tc := range input {
+			a, err := getAllocator(store)
+			assert.NilError(t, err)
+
+			// Set up some existing allocations.  This should always succeed.
+			for _, env := range tc.environment {
+				_, _, _, err = a.RequestPool(localAddressSpace, env, "", nil, false)
+				assert.NilError(t, err)
+			}
+
+			// Make the test allocation.
+			_, _, _, err = a.RequestPool(localAddressSpace, tc.subnet, "", nil, false)
+			if tc.ok {
+				assert.NilError(t, err)
+			} else {
+				assert.Check(t, is.ErrorContains(err, ""))
+			}
+		}
+	}
+}
+
+func TestRelease(t *testing.T) {
+	var (
+		subnet = "192.168.0.0/23"
+	)
+
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		pid, _, _, err := a.RequestPool(localAddressSpace, subnet, "", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		// Allocate all addresses
+		for err != ipamapi.ErrNoAvailableIPs {
+			_, _, err = a.RequestAddress(pid, nil, nil)
+		}
+
+		toRelease := []struct {
+			address string
+		}{
+			{"192.168.0.1"},
+			{"192.168.0.2"},
+			{"192.168.0.3"},
+			{"192.168.0.4"},
+			{"192.168.0.5"},
+			{"192.168.0.6"},
+			{"192.168.0.7"},
+			{"192.168.0.8"},
+			{"192.168.0.9"},
+			{"192.168.0.10"},
+			{"192.168.0.30"},
+			{"192.168.0.31"},
+			{"192.168.1.32"},
+
+			{"192.168.0.254"},
+			{"192.168.1.1"},
+			{"192.168.1.2"},
+
+			{"192.168.1.3"},
+
+			{"192.168.1.253"},
+			{"192.168.1.254"},
+		}
+
+		// One by one, release the address and request again. We should get the same IP
+		for i, inp := range toRelease {
+			ip0 := net.ParseIP(inp.address)
+			a.ReleaseAddress(pid, ip0)
+			bm := a.addresses[SubnetKey{localAddressSpace, subnet, ""}]
+			if bm.Unselected() != 1 {
+				t.Fatalf("Failed to update free address count after release. Expected %d, Found: %d", i+1, bm.Unselected())
+			}
+
+			nw, _, err := a.RequestAddress(pid, nil, nil)
+			if err != nil {
+				t.Fatalf("Failed to obtain the address: %s", err.Error())
+			}
+			ip := nw.IP
+			if !ip0.Equal(ip) {
+				t.Fatalf("Failed to obtain the same address. Expected: %s, Got: %s", ip0, ip)
+			}
+		}
+	}
+}
+
+func assertGetAddress(t *testing.T, subnet string) {
+	var (
+		err       error
+		printTime = false
+		a         = &Allocator{}
+	)
+
+	_, sub, _ := net.ParseCIDR(subnet)
+	ones, bits := sub.Mask.Size()
+	zeroes := bits - ones
+	numAddresses := 1 << uint(zeroes)
+
+	bm, err := bitseq.NewHandle("ipam_test", nil, "default/"+subnet, uint64(numAddresses))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	start := time.Now()
+	run := 0
+	for err != ipamapi.ErrNoAvailableIPs {
+		_, err = a.getAddress(sub, bm, nil, nil, false)
+		run++
+	}
+	if printTime {
+		fmt.Printf("\nTaken %v, to allocate all addresses on %s. (nemAddresses: %d. Runs: %d)", time.Since(start), subnet, numAddresses, run)
+	}
+	if bm.Unselected() != 0 {
+		t.Fatalf("Unexpected free count after reserving all addresses: %d", bm.Unselected())
+	}
+	/*
+		if bm.Head.Block != expectedMax || bm.Head.Count != numBlocks {
+			t.Fatalf("Failed to effectively reserve all addresses on %s. Expected (0x%x, %d) as first sequence. Found (0x%x,%d)",
+				subnet, expectedMax, numBlocks, bm.Head.Block, bm.Head.Count)
+		}
+	*/
+}
+
+func assertNRequests(t *testing.T, subnet string, numReq int, lastExpectedIP string) {
+	var (
+		nw        *net.IPNet
+		printTime = false
+	)
+
+	lastIP := net.ParseIP(lastExpectedIP)
+	for _, store := range []bool{false, true} {
+		a, err := getAllocator(store)
+		assert.NilError(t, err)
+
+		pid, _, _, err := a.RequestPool(localAddressSpace, subnet, "", nil, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		i := 0
+		start := time.Now()
+		for ; i < numReq; i++ {
+			nw, _, err = a.RequestAddress(pid, nil, nil)
+		}
+		if printTime {
+			fmt.Printf("\nTaken %v, to allocate %d addresses on %s\n", time.Since(start), numReq, subnet)
+		}
+
+		if !lastIP.Equal(nw.IP) {
+			t.Fatalf("Wrong last IP. Expected %s. Got: %s (err: %v, ind: %d)", lastExpectedIP, nw.IP.String(), err, i)
+		}
+	}
+}
+
+func benchmarkRequest(b *testing.B, a *Allocator, subnet string) {
+	pid, _, _, err := a.RequestPool(localAddressSpace, subnet, "", nil, false)
+	for err != ipamapi.ErrNoAvailableIPs {
+		_, _, err = a.RequestAddress(pid, nil, nil)
+	}
+}
+
+func BenchmarkRequest(b *testing.B) {
+
+	subnets := []string{
+		"10.0.0.0/24",
+		"10.0.0.0/16",
+		"10.0.0.0/8",
+	}
+
+	for _, subnet := range subnets {
+		name := fmt.Sprintf("%vSubnet", subnet)
+		b.Run(name, func(b *testing.B) {
+			a, _ := getAllocator(true)
+			benchmarkRequest(b, a, subnet)
+		})
+	}
+}
+
+func TestAllocateRandomDeallocate(t *testing.T) {
+	for _, store := range []bool{false, true} {
+		testAllocateRandomDeallocate(t, "172.25.0.0/16", "", 384, store)
+		testAllocateRandomDeallocate(t, "172.25.0.0/16", "172.25.252.0/22", 384, store)
+	}
+}
+
+func testAllocateRandomDeallocate(t *testing.T, pool, subPool string, num int, store bool) {
+	ds, err := randomLocalStore(store)
+	assert.NilError(t, err)
+
+	a, err := NewAllocator(ds, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	pid, _, _, err := a.RequestPool(localAddressSpace, pool, subPool, nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Allocate num ip addresses
+	indices := make(map[int]*net.IPNet, num)
+	allocated := make(map[string]bool, num)
+	for i := 0; i < num; i++ {
+		ip, _, err := a.RequestAddress(pid, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		ips := ip.String()
+		if _, ok := allocated[ips]; ok {
+			t.Fatalf("Address %s is already allocated", ips)
+		}
+		allocated[ips] = true
+		indices[i] = ip
+	}
+	if len(indices) != len(allocated) || len(indices) != num {
+		t.Fatalf("Unexpected number of allocated addresses: (%d,%d).", len(indices), len(allocated))
+	}
+
+	seed := time.Now().Unix()
+	rand.Seed(seed)
+
+	// Deallocate half of the allocated addresses following a random pattern
+	pattern := rand.Perm(num)
+	for i := 0; i < num/2; i++ {
+		idx := pattern[i]
+		ip := indices[idx]
+		err := a.ReleaseAddress(pid, ip.IP)
+		if err != nil {
+			t.Fatalf("Unexpected failure on deallocation of %s: %v.\nSeed: %d.", ip, err, seed)
+		}
+		delete(indices, idx)
+		delete(allocated, ip.String())
+	}
+
+	// Request a quarter of addresses
+	for i := 0; i < num/2; i++ {
+		ip, _, err := a.RequestAddress(pid, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		ips := ip.String()
+		if _, ok := allocated[ips]; ok {
+			t.Fatalf("\nAddress %s is already allocated.\nSeed: %d.", ips, seed)
+		}
+		allocated[ips] = true
+	}
+	if len(allocated) != num {
+		t.Fatalf("Unexpected number of allocated addresses: %d.\nSeed: %d.", len(allocated), seed)
+	}
+}
+
+func TestRetrieveFromStore(t *testing.T) {
+	num := 200
+	ds, err := randomLocalStore(true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	a, err := NewAllocator(ds, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	pid, _, _, err := a.RequestPool(localAddressSpace, "172.25.0.0/16", "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i := 0; i < num; i++ {
+		if _, _, err := a.RequestAddress(pid, nil, nil); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	// Restore
+	a1, err := NewAllocator(ds, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	a1.refresh(localAddressSpace)
+	db := a.DumpDatabase()
+	db1 := a1.DumpDatabase()
+	if db != db1 {
+		t.Fatalf("Unexpected db change.\nExpected:%s\nGot:%s", db, db1)
+	}
+	checkDBEquality(a, a1, t)
+	pid, _, _, err = a1.RequestPool(localAddressSpace, "172.25.0.0/16", "172.25.1.0/24", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i := 0; i < num/2; i++ {
+		if _, _, err := a1.RequestAddress(pid, nil, nil); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	// Restore
+	a2, err := NewAllocator(ds, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	a2.refresh(localAddressSpace)
+	checkDBEquality(a1, a2, t)
+	pid, _, _, err = a2.RequestPool(localAddressSpace, "172.25.0.0/16", "172.25.2.0/24", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i := 0; i < num/2; i++ {
+		if _, _, err := a2.RequestAddress(pid, nil, nil); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	// Restore
+	a3, err := NewAllocator(ds, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	a3.refresh(localAddressSpace)
+	checkDBEquality(a2, a3, t)
+	pid, _, _, err = a3.RequestPool(localAddressSpace, "172.26.0.0/16", "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i := 0; i < num/2; i++ {
+		if _, _, err := a3.RequestAddress(pid, nil, nil); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	// Restore
+	a4, err := NewAllocator(ds, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	a4.refresh(localAddressSpace)
+	checkDBEquality(a3, a4, t)
+}
+
+func checkDBEquality(a1, a2 *Allocator, t *testing.T) {
+	for k, cnf1 := range a1.addrSpaces[localAddressSpace].subnets {
+		cnf2 := a2.addrSpaces[localAddressSpace].subnets[k]
+		if cnf1.String() != cnf2.String() {
+			t.Fatalf("%s\n%s", cnf1, cnf2)
+		}
+		if cnf1.Range == nil {
+			a2.retrieveBitmask(k, cnf1.Pool)
+		}
+	}
+
+	for k, bm1 := range a1.addresses {
+		bm2 := a2.addresses[k]
+		if bm1.String() != bm2.String() {
+			t.Fatalf("%s\n%s", bm1, bm2)
+		}
+	}
+}
+
+const (
+	numInstances = 5
+	first        = 0
+	last         = numInstances - 1
+)
+
+var (
+	allocator *Allocator
+	start     = make(chan struct{})
+	done      = make(chan chan struct{}, numInstances-1)
+	pools     = make([]*net.IPNet, numInstances)
+)
+
+func runParallelTests(t *testing.T, instance int) {
+	var err error
+
+	t.Parallel()
+
+	pTest := flag.Lookup("test.parallel")
+	if pTest == nil {
+		t.Skip("Skipped because test.parallel flag not set;")
+	}
+	numParallel, err := strconv.Atoi(pTest.Value.String())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if numParallel < numInstances {
+		t.Skip("Skipped because t.parallel was less than ", numInstances)
+	}
+
+	// The first instance creates the allocator, gives the start
+	// and finally checks the pools each instance was assigned
+	if instance == first {
+		allocator, err = getAllocator(true)
+		if err != nil {
+			t.Fatal(err)
+		}
+		close(start)
+	}
+
+	if instance != first {
+		<-start
+		instDone := make(chan struct{})
+		done <- instDone
+		defer close(instDone)
+
+		if instance == last {
+			defer close(done)
+		}
+	}
+
+	_, pools[instance], _, err = allocator.RequestPool(localAddressSpace, "", "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if instance == first {
+		for instDone := range done {
+			<-instDone
+		}
+		// Now check each instance got a different pool
+		for i := 0; i < numInstances; i++ {
+			for j := i + 1; j < numInstances; j++ {
+				if types.CompareIPNet(pools[i], pools[j]) {
+					t.Fatalf("Instance %d and %d were given the same predefined pool: %v", i, j, pools)
+				}
+			}
+		}
+	}
+}
+
+func TestRequestReleaseAddressDuplicate(t *testing.T) {
+	a, err := getAllocator(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	type IP struct {
+		ip  *net.IPNet
+		ref int
+	}
+	ips := []IP{}
+	allocatedIPs := []*net.IPNet{}
+	a.addrSpaces["rosso"] = &addrSpace{
+		id:      dsConfigKey + "/" + "rosso",
+		ds:      a.addrSpaces[localAddressSpace].ds,
+		alloc:   a.addrSpaces[localAddressSpace].alloc,
+		scope:   a.addrSpaces[localAddressSpace].scope,
+		subnets: map[SubnetKey]*PoolData{},
+	}
+
+	opts := map[string]string{
+		ipamapi.AllocSerialPrefix: "true",
+	}
+	var l sync.Mutex
+
+	poolID, _, _, err := a.RequestPool("rosso", "198.168.0.0/23", "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	group := new(errgroup.Group)
+	for err == nil {
+		var c *net.IPNet
+		if c, _, err = a.RequestAddress(poolID, nil, opts); err == nil {
+			l.Lock()
+			ips = append(ips, IP{c, 1})
+			l.Unlock()
+			allocatedIPs = append(allocatedIPs, c)
+			if len(allocatedIPs) > 500 {
+				i := rand.Intn(len(allocatedIPs) - 1)
+				ip := allocatedIPs[i]
+				group.Go(func() error {
+					if err = a.ReleaseAddress(poolID, ip.IP); err != nil {
+						return err
+					}
+					l.Lock()
+					ips = append(ips, IP{ip, -1})
+					l.Unlock()
+					return nil
+				})
+
+				allocatedIPs = append(allocatedIPs[:i], allocatedIPs[i+1:]...)
+			}
+		}
+	}
+
+	if err := group.Wait(); err != nil {
+		t.Fatal(err)
+	}
+
+	refMap := make(map[string]int)
+	for _, ip := range ips {
+		refMap[ip.ip.String()] = refMap[ip.ip.String()] + ip.ref
+		if refMap[ip.ip.String()] < 0 {
+			t.Fatalf("IP %s was previously released", ip.ip.String())
+		}
+		if refMap[ip.ip.String()] > 1 {
+			t.Fatalf("IP %s was previously allocated", ip.ip.String())
+		}
+	}
+}
+
+func TestParallelPredefinedRequest1(t *testing.T) {
+	runParallelTests(t, 0)
+}
+
+func TestParallelPredefinedRequest2(t *testing.T) {
+	runParallelTests(t, 1)
+}
+
+func TestParallelPredefinedRequest3(t *testing.T) {
+	runParallelTests(t, 2)
+}
+
+func TestParallelPredefinedRequest4(t *testing.T) {
+	runParallelTests(t, 3)
+}
+
+func TestParallelPredefinedRequest5(t *testing.T) {
+	runParallelTests(t, 4)
+}
diff --git a/libnetwork/ipam/parallel_test.go b/libnetwork/ipam/parallel_test.go
new file mode 100644
index 0000000000000..52e1f83365938
--- /dev/null
+++ b/libnetwork/ipam/parallel_test.go
@@ -0,0 +1,318 @@
+package ipam
+
+import (
+	"context"
+	"fmt"
+	"math/rand"
+	"net"
+	"sort"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"golang.org/x/sync/errgroup"
+	"golang.org/x/sync/semaphore"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+const (
+	all = iota
+	even
+	odd
+)
+
+type releaseMode uint
+
+type testContext struct {
+	a      *Allocator
+	opts   map[string]string
+	ipList []*net.IPNet
+	ipMap  map[string]bool
+	pid    string
+	maxIP  int
+}
+
+func newTestContext(t *testing.T, mask int, options map[string]string) *testContext {
+	a, err := getAllocator(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	a.addrSpaces["giallo"] = &addrSpace{
+		id:      dsConfigKey + "/" + "giallo",
+		ds:      a.addrSpaces[localAddressSpace].ds,
+		alloc:   a.addrSpaces[localAddressSpace].alloc,
+		scope:   a.addrSpaces[localAddressSpace].scope,
+		subnets: map[SubnetKey]*PoolData{},
+	}
+
+	network := fmt.Sprintf("192.168.100.0/%d", mask)
+	// total ips 2^(32-mask) - 2 (network and broadcast)
+	totalIps := 1<<uint(32-mask) - 2
+
+	pid, _, _, err := a.RequestPool("giallo", network, "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return &testContext{
+		a:      a,
+		opts:   options,
+		ipList: make([]*net.IPNet, 0, totalIps),
+		ipMap:  make(map[string]bool),
+		pid:    pid,
+		maxIP:  totalIps,
+	}
+}
+
+func TestDebug(t *testing.T) {
+	tctx := newTestContext(t, 23, map[string]string{ipamapi.AllocSerialPrefix: "true"})
+	tctx.a.RequestAddress(tctx.pid, nil, map[string]string{ipamapi.AllocSerialPrefix: "true"})
+	tctx.a.RequestAddress(tctx.pid, nil, map[string]string{ipamapi.AllocSerialPrefix: "true"})
+}
+
+type op struct {
+	id   int32
+	add  bool
+	name string
+}
+
+func (o *op) String() string {
+	return fmt.Sprintf("%+v", *o)
+}
+
+func TestRequestPoolParallel(t *testing.T) {
+	a, err := getAllocator(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var operationIndex int32
+	ch := make(chan *op, 240)
+
+	group := new(errgroup.Group)
+	defer func() {
+		if err := group.Wait(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	for i := 0; i < 120; i++ {
+		group.Go(func() error {
+			name, _, _, err := a.RequestPool("GlobalDefault", "", "", nil, false)
+			if err != nil {
+				t.Log(err) // log so we can see the error in real time rather than at the end when we actually call "Wait".
+				return fmt.Errorf("request error %v", err)
+			}
+			idx := atomic.AddInt32(&operationIndex, 1)
+			ch <- &op{idx, true, name}
+			time.Sleep(time.Duration(rand.Intn(100)) * time.Millisecond)
+			idx = atomic.AddInt32(&operationIndex, 1)
+			err = a.ReleasePool(name)
+			if err != nil {
+				t.Log(err) // log so we can see the error in real time rather than at the end when we actually call "Wait".
+				return fmt.Errorf("release error %v", err)
+			}
+			ch <- &op{idx, false, name}
+			return nil
+		})
+	}
+
+	// map of events
+	m := make(map[string][]*op)
+	for i := 0; i < 240; i++ {
+		x := <-ch
+		ops, ok := m[x.name]
+		if !ok {
+			ops = make([]*op, 0, 10)
+		}
+		ops = append(ops, x)
+		m[x.name] = ops
+	}
+
+	// Post processing to avoid event reordering on the channel
+	for pool, ops := range m {
+		sort.Slice(ops[:], func(i, j int) bool {
+			return ops[i].id < ops[j].id
+		})
+		expected := true
+		for _, op := range ops {
+			if op.add != expected {
+				t.Fatalf("Operations for %v not valid %v, operations %v", pool, op, ops)
+			}
+			expected = !expected
+		}
+	}
+}
+
+func TestFullAllocateRelease(t *testing.T) {
+	for _, parallelism := range []int64{2, 4, 8} {
+		for _, mask := range []int{29, 25, 24, 21} {
+			tctx := newTestContext(t, mask, map[string]string{ipamapi.AllocSerialPrefix: "true"})
+			allocate(t, tctx, parallelism)
+			release(t, tctx, all, parallelism)
+		}
+	}
+}
+
+func TestOddAllocateRelease(t *testing.T) {
+	for _, parallelism := range []int64{2, 4, 8} {
+		for _, mask := range []int{29, 25, 24, 21} {
+			tctx := newTestContext(t, mask, map[string]string{ipamapi.AllocSerialPrefix: "true"})
+			allocate(t, tctx, parallelism)
+			release(t, tctx, odd, parallelism)
+		}
+	}
+}
+
+func TestFullAllocateSerialReleaseParallel(t *testing.T) {
+	for _, parallelism := range []int64{1, 4, 8} {
+		tctx := newTestContext(t, 23, map[string]string{ipamapi.AllocSerialPrefix: "true"})
+		allocate(t, tctx, 1)
+		release(t, tctx, all, parallelism)
+	}
+}
+
+func TestOddAllocateSerialReleaseParallel(t *testing.T) {
+	for _, parallelism := range []int64{1, 4, 8} {
+		tctx := newTestContext(t, 23, map[string]string{ipamapi.AllocSerialPrefix: "true"})
+		allocate(t, tctx, 1)
+		release(t, tctx, odd, parallelism)
+	}
+}
+
+func TestEvenAllocateSerialReleaseParallel(t *testing.T) {
+	for _, parallelism := range []int64{1, 4, 8} {
+		tctx := newTestContext(t, 23, map[string]string{ipamapi.AllocSerialPrefix: "true"})
+		allocate(t, tctx, 1)
+		release(t, tctx, even, parallelism)
+	}
+}
+
+func allocate(t *testing.T, tctx *testContext, parallel int64) {
+	// Allocate the whole space
+	parallelExec := semaphore.NewWeighted(parallel)
+	routineNum := tctx.maxIP + 10
+	ch := make(chan *net.IPNet, routineNum)
+	var id int
+	var wg sync.WaitGroup
+	// routine loop
+	for {
+		wg.Add(1)
+		go func(id int) {
+			parallelExec.Acquire(context.Background(), 1)
+			ip, _, _ := tctx.a.RequestAddress(tctx.pid, nil, tctx.opts)
+			ch <- ip
+			parallelExec.Release(1)
+			wg.Done()
+		}(id)
+		id++
+		if id == routineNum {
+			break
+		}
+	}
+
+	// give time to all the go routines to finish
+	wg.Wait()
+
+	// process results
+	for i := 0; i < routineNum; i++ {
+		ip := <-ch
+		if ip == nil {
+			continue
+		}
+		if there, ok := tctx.ipMap[ip.String()]; ok && there {
+			t.Fatalf("Got duplicate IP %s", ip.String())
+			break
+		}
+		tctx.ipList = append(tctx.ipList, ip)
+		tctx.ipMap[ip.String()] = true
+	}
+
+	assert.Check(t, is.Len(tctx.ipList, tctx.maxIP))
+	if len(tctx.ipList) != tctx.maxIP {
+		t.Fatal("mismatch number allocation")
+	}
+}
+
+func release(t *testing.T, tctx *testContext, mode releaseMode, parallel int64) {
+	var startIndex, increment, stopIndex, length int
+	switch mode {
+	case all:
+		startIndex = 0
+		increment = 1
+		stopIndex = tctx.maxIP - 1
+		length = tctx.maxIP
+	case odd, even:
+		if mode == odd {
+			startIndex = 1
+		}
+		increment = 2
+		stopIndex = tctx.maxIP - 1
+		length = tctx.maxIP / 2
+		if tctx.maxIP%2 > 0 {
+			length++
+		}
+	default:
+		t.Fatal("unsupported mode yet")
+	}
+
+	ipIndex := make([]int, 0, length)
+	// calculate the index to release from the ipList
+	for i := startIndex; ; i += increment {
+		ipIndex = append(ipIndex, i)
+		if i+increment > stopIndex {
+			break
+		}
+	}
+
+	var id int
+	parallelExec := semaphore.NewWeighted(parallel)
+	ch := make(chan *net.IPNet, len(ipIndex))
+	group := new(errgroup.Group)
+	for index := range ipIndex {
+		index := index
+		group.Go(func() error {
+			parallelExec.Acquire(context.Background(), 1)
+			err := tctx.a.ReleaseAddress(tctx.pid, tctx.ipList[index].IP)
+			if err != nil {
+				return fmt.Errorf("routine %d got %v", id, err)
+			}
+			ch <- tctx.ipList[index]
+			parallelExec.Release(1)
+			return nil
+		})
+		id++
+	}
+
+	if err := group.Wait(); err != nil {
+		t.Fatal(err)
+	}
+
+	for i := 0; i < len(ipIndex); i++ {
+		ip := <-ch
+
+		// check if it is really free
+		_, _, err := tctx.a.RequestAddress(tctx.pid, ip.IP, nil)
+		assert.Check(t, err, "ip %v not properly released", ip)
+		if err != nil {
+			t.Fatalf("ip %v not properly released, error:%v", ip, err)
+		}
+		err = tctx.a.ReleaseAddress(tctx.pid, ip.IP)
+		assert.NilError(t, err)
+
+		if there, ok := tctx.ipMap[ip.String()]; !ok || !there {
+			t.Fatalf("ip %v got double deallocated", ip)
+		}
+		tctx.ipMap[ip.String()] = false
+		for j, v := range tctx.ipList {
+			if v == ip {
+				tctx.ipList = append(tctx.ipList[:j], tctx.ipList[j+1:]...)
+				break
+			}
+		}
+	}
+
+	assert.Check(t, is.Len(tctx.ipList, tctx.maxIP-length))
+}
diff --git a/libnetwork/ipam/store.go b/libnetwork/ipam/store.go
new file mode 100644
index 0000000000000..e00401616b778
--- /dev/null
+++ b/libnetwork/ipam/store.go
@@ -0,0 +1,125 @@
+package ipam
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/sirupsen/logrus"
+)
+
+// Key provides the Key to be used in KV Store
+func (aSpace *addrSpace) Key() []string {
+	aSpace.Lock()
+	defer aSpace.Unlock()
+	return []string{aSpace.id}
+}
+
+// KeyPrefix returns the immediate parent key that can be used for tree walk
+func (aSpace *addrSpace) KeyPrefix() []string {
+	aSpace.Lock()
+	defer aSpace.Unlock()
+	return []string{dsConfigKey}
+}
+
+// Value marshals the data to be stored in the KV store
+func (aSpace *addrSpace) Value() []byte {
+	b, err := json.Marshal(aSpace)
+	if err != nil {
+		logrus.Warnf("Failed to marshal ipam configured pools: %v", err)
+		return nil
+	}
+	return b
+}
+
+// SetValue unmarshalls the data from the KV store.
+func (aSpace *addrSpace) SetValue(value []byte) error {
+	rc := &addrSpace{subnets: make(map[SubnetKey]*PoolData)}
+	if err := json.Unmarshal(value, rc); err != nil {
+		return err
+	}
+	aSpace.subnets = rc.subnets
+	return nil
+}
+
+// Index returns the latest DB Index as seen by this object
+func (aSpace *addrSpace) Index() uint64 {
+	aSpace.Lock()
+	defer aSpace.Unlock()
+	return aSpace.dbIndex
+}
+
+// SetIndex method allows the datastore to store the latest DB Index into this object
+func (aSpace *addrSpace) SetIndex(index uint64) {
+	aSpace.Lock()
+	aSpace.dbIndex = index
+	aSpace.dbExists = true
+	aSpace.Unlock()
+}
+
+// Exists method is true if this object has been stored in the DB.
+func (aSpace *addrSpace) Exists() bool {
+	aSpace.Lock()
+	defer aSpace.Unlock()
+	return aSpace.dbExists
+}
+
+// Skip provides a way for a KV Object to avoid persisting it in the KV Store
+func (aSpace *addrSpace) Skip() bool {
+	return false
+}
+
+func (a *Allocator) getStore(as string) datastore.DataStore {
+	a.Lock()
+	defer a.Unlock()
+
+	if aSpace, ok := a.addrSpaces[as]; ok {
+		return aSpace.ds
+	}
+
+	return nil
+}
+
+func (a *Allocator) getAddressSpaceFromStore(as string) (*addrSpace, error) {
+	store := a.getStore(as)
+
+	// IPAM may not have a valid store. In such cases it is just in-memory state.
+	if store == nil {
+		return nil, nil
+	}
+
+	pc := &addrSpace{id: dsConfigKey + "/" + as, ds: store, alloc: a}
+	if err := store.GetObject(datastore.Key(pc.Key()...), pc); err != nil {
+		if err == datastore.ErrKeyNotFound {
+			return nil, nil
+		}
+
+		return nil, types.InternalErrorf("could not get pools config from store: %v", err)
+	}
+
+	return pc, nil
+}
+
+func (a *Allocator) writeToStore(aSpace *addrSpace) error {
+	store := aSpace.store()
+
+	// IPAM may not have a valid store. In such cases it is just in-memory state.
+	if store == nil {
+		return nil
+	}
+
+	err := store.PutObjectAtomic(aSpace)
+	if err == datastore.ErrKeyModified {
+		return types.RetryErrorf("failed to perform atomic write (%v). retry might fix the error", err)
+	}
+
+	return err
+}
+
+// DataScope method returns the storage scope of the datastore
+func (aSpace *addrSpace) DataScope() string {
+	aSpace.Lock()
+	defer aSpace.Unlock()
+
+	return aSpace.scope
+}
diff --git a/vendor/github.com/docker/libnetwork/ipam/structures.go b/libnetwork/ipam/structures.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/ipam/structures.go
rename to libnetwork/ipam/structures.go
index 2e6d75eaa4db1..de4130f83d2bb 100644
--- a/vendor/github.com/docker/libnetwork/ipam/structures.go
+++ b/libnetwork/ipam/structures.go
@@ -7,9 +7,9 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 // SubnetKey is the pointer to the configured pools in each address space
@@ -159,7 +159,7 @@ func (aSpace *addrSpace) MarshalJSON() ([]byte, error) {
 	defer aSpace.Unlock()
 
 	m := map[string]interface{}{
-		"Scope": string(aSpace.scope),
+		"Scope": aSpace.scope,
 	}
 
 	if aSpace.subnets != nil {
diff --git a/libnetwork/ipam/utils.go b/libnetwork/ipam/utils.go
new file mode 100644
index 0000000000000..b0bdaedd9ac27
--- /dev/null
+++ b/libnetwork/ipam/utils.go
@@ -0,0 +1,81 @@
+package ipam
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/types"
+)
+
+type ipVersion int
+
+const (
+	v4 = 4
+	v6 = 6
+)
+
+func getAddressRange(pool string, masterNw *net.IPNet) (*AddressRange, error) {
+	ip, nw, err := net.ParseCIDR(pool)
+	if err != nil {
+		return nil, ipamapi.ErrInvalidSubPool
+	}
+	lIP, e := types.GetHostPartIP(nw.IP, masterNw.Mask)
+	if e != nil {
+		return nil, fmt.Errorf("failed to compute range's lowest ip address: %v", e)
+	}
+	bIP, e := types.GetBroadcastIP(nw.IP, nw.Mask)
+	if e != nil {
+		return nil, fmt.Errorf("failed to compute range's broadcast ip address: %v", e)
+	}
+	hIP, e := types.GetHostPartIP(bIP, masterNw.Mask)
+	if e != nil {
+		return nil, fmt.Errorf("failed to compute range's highest ip address: %v", e)
+	}
+	nw.IP = ip
+	return &AddressRange{nw, ipToUint64(types.GetMinimalIP(lIP)), ipToUint64(types.GetMinimalIP(hIP))}, nil
+}
+
+// It generates the ip address in the passed subnet specified by
+// the passed host address ordinal
+func generateAddress(ordinal uint64, network *net.IPNet) net.IP {
+	var address [16]byte
+
+	// Get network portion of IP
+	if getAddressVersion(network.IP) == v4 {
+		copy(address[:], network.IP.To4())
+	} else {
+		copy(address[:], network.IP)
+	}
+
+	end := len(network.Mask)
+	addIntToIP(address[:end], ordinal)
+
+	return net.IP(address[:end])
+}
+
+func getAddressVersion(ip net.IP) ipVersion {
+	if ip.To4() == nil {
+		return v6
+	}
+	return v4
+}
+
+// Adds the ordinal IP to the current array
+// 192.168.0.0 + 53 => 192.168.0.53
+func addIntToIP(array []byte, ordinal uint64) {
+	for i := len(array) - 1; i >= 0; i-- {
+		array[i] |= (byte)(ordinal & 0xff)
+		ordinal >>= 8
+	}
+}
+
+// Convert an ordinal to the respective IP address
+func ipToUint64(ip []byte) (value uint64) {
+	cip := types.GetMinimalIP(ip)
+	for i := 0; i < len(cip); i++ {
+		j := len(cip) - 1 - i
+		value += uint64(cip[i]) << uint(j*8)
+	}
+	return value
+}
diff --git a/vendor/github.com/docker/libnetwork/ipamapi/contract.go b/libnetwork/ipamapi/contract.go
similarity index 89%
rename from vendor/github.com/docker/libnetwork/ipamapi/contract.go
rename to libnetwork/ipamapi/contract.go
index 7f967863d8168..5e75bdfbd44ca 100644
--- a/vendor/github.com/docker/libnetwork/ipamapi/contract.go
+++ b/libnetwork/ipamapi/contract.go
@@ -4,15 +4,12 @@ package ipamapi
 import (
 	"net"
 
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/types"
 )
 
-/********************
- * IPAM plugin types
- ********************/
-
+// IPAM plugin types
 const (
 	// DefaultIPAM is the name of the built-in default ipam driver
 	DefaultIPAM = "default"
@@ -34,10 +31,6 @@ type Callback interface {
 	RegisterIpamDriverWithCapabilities(name string, driver Ipam, capability *Capability) error
 }
 
-/**************
- * IPAM Errors
- **************/
-
 // Well-known errors returned by IPAM
 var (
 	ErrIpamInternalError   = types.InternalErrorf("IPAM Internal Error")
@@ -56,10 +49,6 @@ var (
 	ErrBadPool             = types.BadRequestErrorf("Address space does not contain specified address pool")
 )
 
-/*******************************
- * IPAM Service Interface
- *******************************/
-
 // Ipam represents the interface the IPAM service plugins must implement
 // in order to allow injection/modification of IPAM database.
 type Ipam interface {
@@ -76,12 +65,12 @@ type Ipam interface {
 	RequestPool(addressSpace, pool, subPool string, options map[string]string, v6 bool) (string, *net.IPNet, map[string]string, error)
 	// ReleasePool releases the address pool identified by the passed id
 	ReleasePool(poolID string) error
-	// Request address from the specified pool ID. Input options or required IP can be passed.
+	// RequestAddress request an address from the specified pool ID. Input options or required IP can be passed.
 	RequestAddress(string, net.IP, map[string]string) (*net.IPNet, map[string]string, error)
-	// Release the address from the specified pool ID
+	// ReleaseAddress releases the address from the specified pool ID.
 	ReleaseAddress(string, net.IP) error
 
-	//IsBuiltIn returns true if it is a built-in driver.
+	// IsBuiltIn returns true if it is a built-in driver.
 	IsBuiltIn() bool
 }
 
diff --git a/vendor/github.com/docker/libnetwork/ipamapi/labels.go b/libnetwork/ipamapi/labels.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/ipamapi/labels.go
rename to libnetwork/ipamapi/labels.go
diff --git a/vendor/github.com/docker/libnetwork/ipams/builtin/builtin_unix.go b/libnetwork/ipams/builtin/builtin_unix.go
similarity index 78%
rename from vendor/github.com/docker/libnetwork/ipams/builtin/builtin_unix.go
rename to libnetwork/ipams/builtin/builtin_unix.go
index b07fb4b632897..e5d142121a9a9 100644
--- a/vendor/github.com/docker/libnetwork/ipams/builtin/builtin_unix.go
+++ b/libnetwork/ipams/builtin/builtin_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd || darwin
 // +build linux freebsd darwin
 
 package builtin
@@ -5,10 +6,10 @@ package builtin
 import (
 	"errors"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/ipam"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/ipamutils"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/ipam"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/ipamutils"
 )
 
 var (
@@ -35,7 +36,10 @@ func Init(ic ipamapi.Callback, l, g interface{}) error {
 		}
 	}
 
-	ipamutils.ConfigLocalScopeDefaultNetworks(GetDefaultIPAddressPool())
+	err := ipamutils.ConfigLocalScopeDefaultNetworks(GetDefaultIPAddressPool())
+	if err != nil {
+		return err
+	}
 
 	a, err := ipam.NewAllocator(localDs, globalDs)
 	if err != nil {
diff --git a/vendor/github.com/docker/libnetwork/ipams/builtin/builtin_windows.go b/libnetwork/ipams/builtin/builtin_windows.go
similarity index 84%
rename from vendor/github.com/docker/libnetwork/ipams/builtin/builtin_windows.go
rename to libnetwork/ipams/builtin/builtin_windows.go
index 7975981eec9d6..730e2d1f59e18 100644
--- a/vendor/github.com/docker/libnetwork/ipams/builtin/builtin_windows.go
+++ b/libnetwork/ipams/builtin/builtin_windows.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package builtin
@@ -5,12 +6,12 @@ package builtin
 import (
 	"errors"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/ipam"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/ipamutils"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/ipam"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/ipamutils"
 
-	windowsipam "github.com/docker/libnetwork/ipams/windowsipam"
+	windowsipam "github.com/docker/docker/libnetwork/ipams/windowsipam"
 )
 
 var (
diff --git a/libnetwork/ipams/null/null.go b/libnetwork/ipams/null/null.go
new file mode 100644
index 0000000000000..3d8a028944985
--- /dev/null
+++ b/libnetwork/ipams/null/null.go
@@ -0,0 +1,75 @@
+// Package null implements the null ipam driver. Null ipam driver satisfies ipamapi contract,
+// but does not effectively reserve/allocate any address pool or address
+package null
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/types"
+)
+
+var (
+	defaultAS      = "null"
+	defaultPool, _ = types.ParseCIDR("0.0.0.0/0")
+	defaultPoolID  = fmt.Sprintf("%s/%s", defaultAS, defaultPool.String())
+)
+
+type allocator struct{}
+
+func (a *allocator) GetDefaultAddressSpaces() (string, string, error) {
+	return defaultAS, defaultAS, nil
+}
+
+func (a *allocator) RequestPool(addressSpace, pool, subPool string, options map[string]string, v6 bool) (string, *net.IPNet, map[string]string, error) {
+	if addressSpace != defaultAS {
+		return "", nil, nil, types.BadRequestErrorf("unknown address space: %s", addressSpace)
+	}
+	if pool != "" {
+		return "", nil, nil, types.BadRequestErrorf("null ipam driver does not handle specific address pool requests")
+	}
+	if subPool != "" {
+		return "", nil, nil, types.BadRequestErrorf("null ipam driver does not handle specific address subpool requests")
+	}
+	if v6 {
+		return "", nil, nil, types.BadRequestErrorf("null ipam driver does not handle IPv6 address pool pool requests")
+	}
+	return defaultPoolID, defaultPool, nil, nil
+}
+
+func (a *allocator) ReleasePool(poolID string) error {
+	return nil
+}
+
+func (a *allocator) RequestAddress(poolID string, ip net.IP, opts map[string]string) (*net.IPNet, map[string]string, error) {
+	if poolID != defaultPoolID {
+		return nil, nil, types.BadRequestErrorf("unknown pool id: %s", poolID)
+	}
+	return nil, nil, nil
+}
+
+func (a *allocator) ReleaseAddress(poolID string, ip net.IP) error {
+	if poolID != defaultPoolID {
+		return types.BadRequestErrorf("unknown pool id: %s", poolID)
+	}
+	return nil
+}
+
+func (a *allocator) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+func (a *allocator) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+func (a *allocator) IsBuiltIn() bool {
+	return true
+}
+
+// Init registers a remote ipam when its plugin is activated
+func Init(ic ipamapi.Callback, l, g interface{}) error {
+	return ic.RegisterIpamDriver(ipamapi.NullIPAM, &allocator{})
+}
diff --git a/libnetwork/ipams/null/null_test.go b/libnetwork/ipams/null/null_test.go
new file mode 100644
index 0000000000000..d66e00853e2ea
--- /dev/null
+++ b/libnetwork/ipams/null/null_test.go
@@ -0,0 +1,60 @@
+package null
+
+import (
+	"testing"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+func TestPoolRequest(t *testing.T) {
+	a := allocator{}
+
+	pid, pool, _, err := a.RequestPool(defaultAS, "", "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !types.CompareIPNet(defaultPool, pool) {
+		t.Fatalf("Unexpected pool returned. Expected %v. Got: %v", defaultPool, pool)
+	}
+	if pid != defaultPoolID {
+		t.Fatalf("Unexpected pool id returned. Expected: %s. Got: %s", defaultPoolID, pid)
+	}
+
+	_, _, _, err = a.RequestPool("default", "", "", nil, false)
+	if err == nil {
+		t.Fatal("Unexpected success")
+	}
+
+	_, _, _, err = a.RequestPool(defaultAS, "192.168.0.0/16", "", nil, false)
+	if err == nil {
+		t.Fatal("Unexpected success")
+	}
+
+	_, _, _, err = a.RequestPool(defaultAS, "", "192.168.0.0/24", nil, false)
+	if err == nil {
+		t.Fatal("Unexpected success")
+	}
+
+	_, _, _, err = a.RequestPool(defaultAS, "", "", nil, true)
+	if err == nil {
+		t.Fatal("Unexpected success")
+	}
+}
+
+func TestOtherRequests(t *testing.T) {
+	a := allocator{}
+
+	ip, _, err := a.RequestAddress(defaultPoolID, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if ip != nil {
+		t.Fatalf("Unexpected address returned: %v", ip)
+	}
+
+	_, _, err = a.RequestAddress("anypid", nil, nil)
+	if err == nil {
+		t.Fatal("Unexpected success")
+	}
+
+}
diff --git a/libnetwork/ipams/remote/api/api.go b/libnetwork/ipams/remote/api/api.go
new file mode 100644
index 0000000000000..b78f6c5a288f0
--- /dev/null
+++ b/libnetwork/ipams/remote/api/api.go
@@ -0,0 +1,94 @@
+// Package api defines the data structure to be used in the request/response
+// messages between libnetwork and the remote ipam plugin
+package api
+
+import "github.com/docker/docker/libnetwork/ipamapi"
+
+// Response is the basic response structure used in all responses
+type Response struct {
+	Error string
+}
+
+// IsSuccess returns whether the plugin response is successful
+func (r *Response) IsSuccess() bool {
+	return r.Error == ""
+}
+
+// GetError returns the error from the response, if any.
+func (r *Response) GetError() string {
+	return r.Error
+}
+
+// GetCapabilityResponse is the response of GetCapability request
+type GetCapabilityResponse struct {
+	Response
+	RequiresMACAddress    bool
+	RequiresRequestReplay bool
+}
+
+// ToCapability converts the capability response into the internal ipam driver capability structure
+func (capRes GetCapabilityResponse) ToCapability() *ipamapi.Capability {
+	return &ipamapi.Capability{
+		RequiresMACAddress:    capRes.RequiresMACAddress,
+		RequiresRequestReplay: capRes.RequiresRequestReplay,
+	}
+}
+
+// GetAddressSpacesResponse is the response to the ``get default address spaces`` request message
+type GetAddressSpacesResponse struct {
+	Response
+	LocalDefaultAddressSpace  string
+	GlobalDefaultAddressSpace string
+}
+
+// RequestPoolRequest represents the expected data in a ``request address pool`` request message
+type RequestPoolRequest struct {
+	AddressSpace string
+	Pool         string
+	SubPool      string
+	Options      map[string]string
+	V6           bool
+}
+
+// RequestPoolResponse represents the response message to a ``request address pool`` request
+type RequestPoolResponse struct {
+	Response
+	PoolID string
+	Pool   string // CIDR format
+	Data   map[string]string
+}
+
+// ReleasePoolRequest represents the expected data in a ``release address pool`` request message
+type ReleasePoolRequest struct {
+	PoolID string
+}
+
+// ReleasePoolResponse represents the response message to a ``release address pool`` request
+type ReleasePoolResponse struct {
+	Response
+}
+
+// RequestAddressRequest represents the expected data in a ``request address`` request message
+type RequestAddressRequest struct {
+	PoolID  string
+	Address string
+	Options map[string]string
+}
+
+// RequestAddressResponse represents the expected data in the response message to a ``request address`` request
+type RequestAddressResponse struct {
+	Response
+	Address string // in CIDR format
+	Data    map[string]string
+}
+
+// ReleaseAddressRequest represents the expected data in a ``release address`` request message
+type ReleaseAddressRequest struct {
+	PoolID  string
+	Address string
+}
+
+// ReleaseAddressResponse represents the response message to a ``release address`` request
+type ReleaseAddressResponse struct {
+	Response
+}
diff --git a/libnetwork/ipams/remote/remote.go b/libnetwork/ipams/remote/remote.go
new file mode 100644
index 0000000000000..4b8c7c5014240
--- /dev/null
+++ b/libnetwork/ipams/remote/remote.go
@@ -0,0 +1,183 @@
+package remote
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/ipams/remote/api"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type allocator struct {
+	endpoint *plugins.Client
+	name     string
+}
+
+// PluginResponse is the interface for the plugin request responses
+type PluginResponse interface {
+	IsSuccess() bool
+	GetError() string
+}
+
+func newAllocator(name string, client *plugins.Client) ipamapi.Ipam {
+	a := &allocator{name: name, endpoint: client}
+	return a
+}
+
+// Init registers a remote ipam when its plugin is activated
+func Init(cb ipamapi.Callback, l, g interface{}) error {
+
+	newPluginHandler := func(name string, client *plugins.Client) {
+		a := newAllocator(name, client)
+		if cps, err := a.(*allocator).getCapabilities(); err == nil {
+			if err := cb.RegisterIpamDriverWithCapabilities(name, a, cps); err != nil {
+				logrus.Errorf("error registering remote ipam driver %s due to %v", name, err)
+			}
+		} else {
+			logrus.Infof("remote ipam driver %s does not support capabilities", name)
+			logrus.Debug(err)
+			if err := cb.RegisterIpamDriver(name, a); err != nil {
+				logrus.Errorf("error registering remote ipam driver %s due to %v", name, err)
+			}
+		}
+	}
+
+	// Unit test code is unaware of a true PluginStore. So we fall back to v1 plugins.
+	handleFunc := plugins.Handle
+	if pg := cb.GetPluginGetter(); pg != nil {
+		handleFunc = pg.Handle
+		activePlugins := pg.GetAllManagedPluginsByCap(ipamapi.PluginEndpointType)
+		for _, ap := range activePlugins {
+			client, err := getPluginClient(ap)
+			if err != nil {
+				return err
+			}
+			newPluginHandler(ap.Name(), client)
+		}
+	}
+	handleFunc(ipamapi.PluginEndpointType, newPluginHandler)
+	return nil
+}
+
+func getPluginClient(p plugingetter.CompatPlugin) (*plugins.Client, error) {
+	if v1, ok := p.(plugingetter.PluginWithV1Client); ok {
+		return v1.Client(), nil
+	}
+
+	pa, ok := p.(plugingetter.PluginAddr)
+	if !ok {
+		return nil, errors.Errorf("unknown plugin type %T", p)
+	}
+
+	if pa.Protocol() != plugins.ProtocolSchemeHTTPV1 {
+		return nil, errors.Errorf("unsupported plugin protocol %s", pa.Protocol())
+	}
+
+	addr := pa.Addr()
+	client, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, pa.Timeout())
+	if err != nil {
+		return nil, errors.Wrap(err, "error creating plugin client")
+	}
+	return client, nil
+}
+
+func (a *allocator) call(methodName string, arg interface{}, retVal PluginResponse) error {
+	method := ipamapi.PluginEndpointType + "." + methodName
+	err := a.endpoint.Call(method, arg, retVal)
+	if err != nil {
+		return err
+	}
+	if !retVal.IsSuccess() {
+		return fmt.Errorf("remote: %s", retVal.GetError())
+	}
+	return nil
+}
+
+func (a *allocator) getCapabilities() (*ipamapi.Capability, error) {
+	var res api.GetCapabilityResponse
+	if err := a.call("GetCapabilities", nil, &res); err != nil {
+		return nil, err
+	}
+	return res.ToCapability(), nil
+}
+
+// GetDefaultAddressSpaces returns the local and global default address spaces
+func (a *allocator) GetDefaultAddressSpaces() (string, string, error) {
+	res := &api.GetAddressSpacesResponse{}
+	if err := a.call("GetDefaultAddressSpaces", nil, res); err != nil {
+		return "", "", err
+	}
+	return res.LocalDefaultAddressSpace, res.GlobalDefaultAddressSpace, nil
+}
+
+// RequestPool requests an address pool in the specified address space
+func (a *allocator) RequestPool(addressSpace, pool, subPool string, options map[string]string, v6 bool) (string, *net.IPNet, map[string]string, error) {
+	req := &api.RequestPoolRequest{AddressSpace: addressSpace, Pool: pool, SubPool: subPool, Options: options, V6: v6}
+	res := &api.RequestPoolResponse{}
+	if err := a.call("RequestPool", req, res); err != nil {
+		return "", nil, nil, err
+	}
+	retPool, err := types.ParseCIDR(res.Pool)
+	return res.PoolID, retPool, res.Data, err
+}
+
+// ReleasePool removes an address pool from the specified address space
+func (a *allocator) ReleasePool(poolID string) error {
+	req := &api.ReleasePoolRequest{PoolID: poolID}
+	res := &api.ReleasePoolResponse{}
+	return a.call("ReleasePool", req, res)
+}
+
+// RequestAddress requests an address from the address pool
+func (a *allocator) RequestAddress(poolID string, address net.IP, options map[string]string) (*net.IPNet, map[string]string, error) {
+	var (
+		prefAddress string
+		retAddress  *net.IPNet
+		err         error
+	)
+	if address != nil {
+		prefAddress = address.String()
+	}
+	req := &api.RequestAddressRequest{PoolID: poolID, Address: prefAddress, Options: options}
+	res := &api.RequestAddressResponse{}
+	if err := a.call("RequestAddress", req, res); err != nil {
+		return nil, nil, err
+	}
+	if res.Address != "" {
+		retAddress, err = types.ParseCIDR(res.Address)
+	} else {
+		return nil, nil, ipamapi.ErrNoIPReturned
+	}
+	return retAddress, res.Data, err
+}
+
+// ReleaseAddress releases the address from the specified address pool
+func (a *allocator) ReleaseAddress(poolID string, address net.IP) error {
+	var relAddress string
+	if address != nil {
+		relAddress = address.String()
+	}
+	req := &api.ReleaseAddressRequest{PoolID: poolID, Address: relAddress}
+	res := &api.ReleaseAddressResponse{}
+	return a.call("ReleaseAddress", req, res)
+}
+
+// DiscoverNew is a notification for a new discovery event, such as a new global datastore
+func (a *allocator) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
+func (a *allocator) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+
+func (a *allocator) IsBuiltIn() bool {
+	return false
+}
diff --git a/libnetwork/ipams/remote/remote_test.go b/libnetwork/ipams/remote/remote_test.go
new file mode 100644
index 0000000000000..79ee22c0d113d
--- /dev/null
+++ b/libnetwork/ipams/remote/remote_test.go
@@ -0,0 +1,320 @@
+package remote
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/pkg/plugins"
+)
+
+func decodeToMap(r *http.Request) (res map[string]interface{}, err error) {
+	err = json.NewDecoder(r.Body).Decode(&res)
+	return
+}
+
+func handle(t *testing.T, mux *http.ServeMux, method string, h func(map[string]interface{}) interface{}) {
+	mux.HandleFunc(fmt.Sprintf("/%s.%s", ipamapi.PluginEndpointType, method), func(w http.ResponseWriter, r *http.Request) {
+		ask, err := decodeToMap(r)
+		if err != nil && err != io.EOF {
+			t.Fatal(err)
+		}
+		answer := h(ask)
+		err = json.NewEncoder(w).Encode(&answer)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+}
+
+func setupPlugin(t *testing.T, name string, mux *http.ServeMux) func() {
+	specPath := "/etc/docker/plugins"
+	if runtime.GOOS == "windows" {
+		specPath = filepath.Join(os.Getenv("programdata"), "docker", "plugins")
+	}
+
+	if err := os.MkdirAll(specPath, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if t.Failed() {
+			os.RemoveAll(specPath)
+		}
+	}()
+
+	server := httptest.NewServer(mux)
+	if server == nil {
+		t.Fatal("Failed to start an HTTP Server")
+	}
+
+	if err := os.WriteFile(filepath.Join(specPath, name+".spec"), []byte(server.URL), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Implements": ["%s"]}`, ipamapi.PluginEndpointType)
+	})
+
+	return func() {
+		if err := os.RemoveAll(specPath); err != nil {
+			t.Fatal(err)
+		}
+		server.Close()
+	}
+}
+
+func TestGetCapabilities(t *testing.T) {
+	var plugin = "test-ipam-driver-capabilities"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	handle(t, mux, "GetCapabilities", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{
+			"RequiresMACAddress": true,
+		}
+	})
+
+	p, err := plugins.Get(plugin, ipamapi.PluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	d := newAllocator(plugin, client)
+
+	caps, err := d.(*allocator).getCapabilities()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !caps.RequiresMACAddress || caps.RequiresRequestReplay {
+		t.Fatalf("Unexpected capability: %v", caps)
+	}
+}
+
+func TestGetCapabilitiesFromLegacyDriver(t *testing.T) {
+	var plugin = "test-ipam-legacy-driver"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	p, err := plugins.Get(plugin, ipamapi.PluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	d := newAllocator(plugin, client)
+
+	if _, err := d.(*allocator).getCapabilities(); err == nil {
+		t.Fatalf("Expected error, but got Success %v", err)
+	}
+}
+
+func TestGetDefaultAddressSpaces(t *testing.T) {
+	var plugin = "test-ipam-driver-addr-spaces"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	handle(t, mux, "GetDefaultAddressSpaces", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{
+			"LocalDefaultAddressSpace":  "white",
+			"GlobalDefaultAddressSpace": "blue",
+		}
+	})
+
+	p, err := plugins.Get(plugin, ipamapi.PluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	d := newAllocator(plugin, client)
+
+	l, g, err := d.(*allocator).GetDefaultAddressSpaces()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if l != "white" || g != "blue" {
+		t.Fatalf("Unexpected default local and global address spaces: %s, %s", l, g)
+	}
+}
+
+func TestRemoteDriver(t *testing.T) {
+	var plugin = "test-ipam-driver"
+
+	mux := http.NewServeMux()
+	defer setupPlugin(t, plugin, mux)()
+
+	handle(t, mux, "GetDefaultAddressSpaces", func(msg map[string]interface{}) interface{} {
+		return map[string]interface{}{
+			"LocalDefaultAddressSpace":  "white",
+			"GlobalDefaultAddressSpace": "blue",
+		}
+	})
+
+	handle(t, mux, "RequestPool", func(msg map[string]interface{}) interface{} {
+		as := "white"
+		if v, ok := msg["AddressSpace"]; ok && v.(string) != "" {
+			as = v.(string)
+		}
+
+		pl := "172.18.0.0/16"
+		sp := ""
+		if v, ok := msg["Pool"]; ok && v.(string) != "" {
+			pl = v.(string)
+		}
+		if v, ok := msg["SubPool"]; ok && v.(string) != "" {
+			sp = v.(string)
+		}
+		pid := fmt.Sprintf("%s/%s", as, pl)
+		if sp != "" {
+			pid = fmt.Sprintf("%s/%s", pid, sp)
+		}
+		return map[string]interface{}{
+			"PoolID": pid,
+			"Pool":   pl,
+			"Data":   map[string]string{"DNS": "8.8.8.8"},
+		}
+	})
+
+	handle(t, mux, "ReleasePool", func(msg map[string]interface{}) interface{} {
+		if _, ok := msg["PoolID"]; !ok {
+			t.Fatal("Missing PoolID in Release request")
+		}
+		return map[string]interface{}{}
+	})
+
+	handle(t, mux, "RequestAddress", func(msg map[string]interface{}) interface{} {
+		if _, ok := msg["PoolID"]; !ok {
+			t.Fatal("Missing PoolID in address request")
+		}
+		prefAddr := ""
+		if v, ok := msg["Address"]; ok {
+			prefAddr = v.(string)
+		}
+		ip := prefAddr
+		if ip == "" {
+			ip = "172.20.0.34"
+		}
+		ip = fmt.Sprintf("%s/16", ip)
+		return map[string]interface{}{
+			"Address": ip,
+		}
+	})
+
+	handle(t, mux, "ReleaseAddress", func(msg map[string]interface{}) interface{} {
+		if _, ok := msg["PoolID"]; !ok {
+			t.Fatal("Missing PoolID in address request")
+		}
+		if _, ok := msg["Address"]; !ok {
+			t.Fatal("Missing Address in release address request")
+		}
+		return map[string]interface{}{}
+	})
+
+	p, err := plugins.Get(plugin, ipamapi.PluginEndpointType)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := getPluginClient(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	d := newAllocator(plugin, client)
+
+	l, g, err := d.(*allocator).GetDefaultAddressSpaces()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if l != "white" || g != "blue" {
+		t.Fatalf("Unexpected default local/global address spaces: %s, %s", l, g)
+	}
+
+	// Request any pool
+	poolID, pool, _, err := d.RequestPool("white", "", "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if poolID != "white/172.18.0.0/16" {
+		t.Fatalf("Unexpected pool id: %s", poolID)
+	}
+	if pool == nil || pool.String() != "172.18.0.0/16" {
+		t.Fatalf("Unexpected pool: %s", pool)
+	}
+
+	// Request specific pool
+	poolID2, pool2, ops, err := d.RequestPool("white", "172.20.0.0/16", "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if poolID2 != "white/172.20.0.0/16" {
+		t.Fatalf("Unexpected pool id: %s", poolID2)
+	}
+	if pool2 == nil || pool2.String() != "172.20.0.0/16" {
+		t.Fatalf("Unexpected pool: %s", pool2)
+	}
+	if dns, ok := ops["DNS"]; !ok || dns != "8.8.8.8" {
+		t.Fatal("Missing options")
+	}
+
+	// Request specific pool and subpool
+	poolID3, pool3, _, err := d.RequestPool("white", "172.20.0.0/16", "172.20.3.0/24" /*nil*/, map[string]string{"culo": "yes"}, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if poolID3 != "white/172.20.0.0/16/172.20.3.0/24" {
+		t.Fatalf("Unexpected pool id: %s", poolID3)
+	}
+	if pool3 == nil || pool3.String() != "172.20.0.0/16" {
+		t.Fatalf("Unexpected pool: %s", pool3)
+	}
+
+	// Request any address
+	addr, _, err := d.RequestAddress(poolID2, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if addr == nil || addr.String() != "172.20.0.34/16" {
+		t.Fatalf("Unexpected address: %s", addr)
+	}
+
+	// Request specific address
+	addr2, _, err := d.RequestAddress(poolID2, net.ParseIP("172.20.1.45"), nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if addr2 == nil || addr2.String() != "172.20.1.45/16" {
+		t.Fatalf("Unexpected address: %s", addr2)
+	}
+
+	// Release address
+	err = d.ReleaseAddress(poolID, net.ParseIP("172.18.1.45"))
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/ipams/windowsipam/windowsipam.go b/libnetwork/ipams/windowsipam/windowsipam.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/ipams/windowsipam/windowsipam.go
rename to libnetwork/ipams/windowsipam/windowsipam.go
index 5c7b1f5411da0..cdca9450269e9 100644
--- a/vendor/github.com/docker/libnetwork/ipams/windowsipam/windowsipam.go
+++ b/libnetwork/ipams/windowsipam/windowsipam.go
@@ -3,9 +3,9 @@ package windowsipam
 import (
 	"net"
 
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
diff --git a/libnetwork/ipams/windowsipam/windowsipam_test.go b/libnetwork/ipams/windowsipam/windowsipam_test.go
new file mode 100644
index 0000000000000..f09cdbd9436b3
--- /dev/null
+++ b/libnetwork/ipams/windowsipam/windowsipam_test.go
@@ -0,0 +1,83 @@
+package windowsipam
+
+import (
+	"net"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/types"
+)
+
+func TestWindowsIPAM(t *testing.T) {
+	a := &allocator{}
+	requestPool, _ := types.ParseCIDR("192.168.0.0/16")
+	requestAddress := net.ParseIP("192.168.1.1")
+
+	pid, pool, _, err := a.RequestPool(localAddressSpace, "", "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !types.CompareIPNet(defaultPool, pool) ||
+		pid != pool.String() {
+		t.Fatalf("Unexpected data returned. Expected %v : %s. Got: %v : %s", defaultPool, pid, pool, pool.String())
+	}
+
+	pid, pool, _, err = a.RequestPool(localAddressSpace, requestPool.String(), "", nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !types.CompareIPNet(requestPool, pool) ||
+		pid != requestPool.String() {
+		t.Fatalf("Unexpected data returned. Expected %v : %s. Got: %v : %s", requestPool, requestPool.String(), pool, pool.String())
+	}
+
+	_, _, _, err = a.RequestPool(localAddressSpace, requestPool.String(), requestPool.String(), nil, false)
+	if err == nil {
+		t.Fatal("Unexpected success for subpool request")
+	}
+
+	_, _, _, err = a.RequestPool(localAddressSpace, requestPool.String(), "", nil, true)
+	if err == nil {
+		t.Fatal("Unexpected success for v6 request")
+	}
+
+	err = a.ReleasePool(requestPool.String())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ip, _, err := a.RequestAddress(requestPool.String(), nil, map[string]string{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if ip != nil {
+		t.Fatalf("Unexpected data returned. Expected %v . Got: %v ", requestPool, ip)
+	}
+
+	ip, _, err = a.RequestAddress(requestPool.String(), requestAddress, map[string]string{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !ip.IP.Equal(requestAddress) {
+		t.Fatalf("Unexpected data returned. Expected %v . Got: %v ", requestAddress, ip.IP)
+	}
+
+	requestOptions := map[string]string{}
+	requestOptions[ipamapi.RequestAddressType] = netlabel.Gateway
+	ip, _, err = a.RequestAddress(requestPool.String(), requestAddress, requestOptions)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !ip.IP.Equal(requestAddress) {
+		t.Fatalf("Unexpected data returned. Expected %v . Got: %v ", requestAddress, ip.IP)
+	}
+
+	err = a.ReleaseAddress(requestPool.String(), requestAddress)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/ipamutils/utils.go b/libnetwork/ipamutils/utils.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/ipamutils/utils.go
rename to libnetwork/ipamutils/utils.go
diff --git a/libnetwork/ipamutils/utils_test.go b/libnetwork/ipamutils/utils_test.go
new file mode 100644
index 0000000000000..658e5f2cdb127
--- /dev/null
+++ b/libnetwork/ipamutils/utils_test.go
@@ -0,0 +1,117 @@
+package ipamutils
+
+import (
+	"net"
+	"testing"
+
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+func initBroadPredefinedNetworks() []*net.IPNet {
+	pl := make([]*net.IPNet, 0, 31)
+	mask := []byte{255, 255, 0, 0}
+	for i := 17; i < 32; i++ {
+		pl = append(pl, &net.IPNet{IP: []byte{172, byte(i), 0, 0}, Mask: mask})
+	}
+	mask20 := []byte{255, 255, 240, 0}
+	for i := 0; i < 16; i++ {
+		pl = append(pl, &net.IPNet{IP: []byte{192, 168, byte(i << 4), 0}, Mask: mask20})
+	}
+	return pl
+}
+
+func initGranularPredefinedNetworks() []*net.IPNet {
+	pl := make([]*net.IPNet, 0, 256*256)
+	mask := []byte{255, 255, 255, 0}
+	for i := 0; i < 256; i++ {
+		for j := 0; j < 256; j++ {
+			pl = append(pl, &net.IPNet{IP: []byte{10, byte(i), byte(j), 0}, Mask: mask})
+		}
+	}
+	return pl
+}
+
+func initGlobalScopeNetworks() []*net.IPNet {
+	pl := make([]*net.IPNet, 0, 256*256)
+	mask := []byte{255, 255, 255, 0}
+	for i := 0; i < 256; i++ {
+		for j := 0; j < 256; j++ {
+			pl = append(pl, &net.IPNet{IP: []byte{30, byte(i), byte(j), 0}, Mask: mask})
+		}
+	}
+	return pl
+}
+
+func TestDefaultNetwork(t *testing.T) {
+	for _, nw := range PredefinedGlobalScopeDefaultNetworks {
+		if ones, bits := nw.Mask.Size(); bits != 32 || ones != 24 {
+			t.Fatalf("Unexpected size for network in granular list: %v", nw)
+		}
+	}
+
+	for _, nw := range PredefinedLocalScopeDefaultNetworks {
+		if ones, bits := nw.Mask.Size(); bits != 32 || (ones != 20 && ones != 16) {
+			t.Fatalf("Unexpected size for network in broad list: %v", nw)
+		}
+	}
+
+	originalBroadNets := initBroadPredefinedNetworks()
+	m := make(map[string]bool)
+	for _, v := range originalBroadNets {
+		m[v.String()] = true
+	}
+	for _, nw := range PredefinedLocalScopeDefaultNetworks {
+		_, ok := m[nw.String()]
+		assert.Check(t, ok)
+		delete(m, nw.String())
+	}
+
+	assert.Check(t, is.Len(m, 0))
+
+	originalGranularNets := initGranularPredefinedNetworks()
+
+	m = make(map[string]bool)
+	for _, v := range originalGranularNets {
+		m[v.String()] = true
+	}
+	for _, nw := range PredefinedGlobalScopeDefaultNetworks {
+		_, ok := m[nw.String()]
+		assert.Check(t, ok)
+		delete(m, nw.String())
+	}
+
+	assert.Check(t, is.Len(m, 0))
+}
+
+func TestConfigGlobalScopeDefaultNetworks(t *testing.T) {
+	err := ConfigGlobalScopeDefaultNetworks([]*NetworkToSplit{{"30.0.0.0/8", 24}})
+	assert.NilError(t, err)
+
+	originalGlobalScopeNetworks := initGlobalScopeNetworks()
+	m := make(map[string]bool)
+	for _, v := range originalGlobalScopeNetworks {
+		m[v.String()] = true
+	}
+	for _, nw := range PredefinedGlobalScopeDefaultNetworks {
+		_, ok := m[nw.String()]
+		assert.Check(t, ok)
+		delete(m, nw.String())
+	}
+
+	assert.Check(t, is.Len(m, 0))
+}
+
+func TestInitAddressPools(t *testing.T) {
+	err := ConfigLocalScopeDefaultNetworks([]*NetworkToSplit{{"172.80.0.0/16", 24}, {"172.90.0.0/16", 24}})
+	assert.NilError(t, err)
+
+	// Check for Random IPAddresses in PredefinedLocalScopeDefaultNetworks  ex: first , last and middle
+	assert.Check(t, is.Len(PredefinedLocalScopeDefaultNetworks, 512), "Failed to find PredefinedLocalScopeDefaultNetworks")
+	assert.Check(t, is.Equal(PredefinedLocalScopeDefaultNetworks[0].String(), "172.80.0.0/24"))
+	assert.Check(t, is.Equal(PredefinedLocalScopeDefaultNetworks[127].String(), "172.80.127.0/24"))
+	assert.Check(t, is.Equal(PredefinedLocalScopeDefaultNetworks[255].String(), "172.80.255.0/24"))
+	assert.Check(t, is.Equal(PredefinedLocalScopeDefaultNetworks[256].String(), "172.90.0.0/24"))
+	assert.Check(t, is.Equal(PredefinedLocalScopeDefaultNetworks[383].String(), "172.90.127.0/24"))
+	assert.Check(t, is.Equal(PredefinedLocalScopeDefaultNetworks[511].String(), "172.90.255.0/24"))
+}
diff --git a/vendor/github.com/docker/libnetwork/iptables/conntrack.go b/libnetwork/iptables/conntrack.go
similarity index 94%
rename from vendor/github.com/docker/libnetwork/iptables/conntrack.go
rename to libnetwork/iptables/conntrack.go
index 08317c33eeddd..5abae4eede2d6 100644
--- a/vendor/github.com/docker/libnetwork/iptables/conntrack.go
+++ b/libnetwork/iptables/conntrack.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
 package iptables
 
 import (
@@ -54,6 +57,8 @@ func purgeConntrackState(nlh *netlink.Handle, family netlink.InetFamily, ipAddre
 	filter := &netlink.ConntrackFilter{}
 	// NOTE: doing the flush using the ipAddress is safe because today there cannot be multiple networks with the same subnet
 	// so it will not be possible to flush flows that are of other containers
-	filter.AddIP(netlink.ConntrackNatAnyIP, ipAddress)
+	if err := filter.AddIP(netlink.ConntrackNatAnyIP, ipAddress); err != nil {
+		return 0, err
+	}
 	return nlh.ConntrackDeleteFilter(netlink.ConntrackTable, family, filter)
 }
diff --git a/libnetwork/iptables/firewalld.go b/libnetwork/iptables/firewalld.go
new file mode 100644
index 0000000000000..3cc5422d4a1b0
--- /dev/null
+++ b/libnetwork/iptables/firewalld.go
@@ -0,0 +1,306 @@
+//go:build linux
+// +build linux
+
+package iptables
+
+import (
+	"fmt"
+	"strings"
+
+	dbus "github.com/godbus/dbus/v5"
+	"github.com/sirupsen/logrus"
+)
+
+// IPV defines the table string
+type IPV string
+
+const (
+	// Iptables point ipv4 table
+	Iptables IPV = "ipv4"
+	// IP6Tables point to ipv6 table
+	IP6Tables IPV = "ipv6"
+	// Ebtables point to bridge table
+	Ebtables IPV = "eb"
+)
+
+const (
+	dbusInterface  = "org.fedoraproject.FirewallD1"
+	dbusPath       = "/org/fedoraproject/FirewallD1"
+	dbusConfigPath = "/org/fedoraproject/FirewallD1/config"
+	dockerZone     = "docker"
+)
+
+// Conn is a connection to firewalld dbus endpoint.
+type Conn struct {
+	sysconn    *dbus.Conn
+	sysObj     dbus.BusObject
+	sysConfObj dbus.BusObject
+	signal     chan *dbus.Signal
+}
+
+// ZoneSettings holds the firewalld zone settings, documented in
+// https://firewalld.org/documentation/man-pages/firewalld.dbus.html
+type ZoneSettings struct {
+	version            string
+	name               string
+	description        string
+	unused             bool
+	target             string
+	services           []string
+	ports              [][]interface{}
+	icmpBlocks         []string
+	masquerade         bool
+	forwardPorts       [][]interface{}
+	interfaces         []string
+	sourceAddresses    []string
+	richRules          []string
+	protocols          []string
+	sourcePorts        [][]interface{}
+	icmpBlockInversion bool
+}
+
+var (
+	connection *Conn
+
+	firewalldRunning bool      // is Firewalld service running
+	onReloaded       []*func() // callbacks when Firewalld has been reloaded
+)
+
+// FirewalldInit initializes firewalld management code.
+func FirewalldInit() error {
+	var err error
+
+	if connection, err = newConnection(); err != nil {
+		return fmt.Errorf("Failed to connect to D-Bus system bus: %v", err)
+	}
+	firewalldRunning = checkRunning()
+	if !firewalldRunning {
+		connection.sysconn.Close()
+		connection = nil
+	}
+	if connection != nil {
+		go signalHandler()
+		if err := setupDockerZone(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// New() establishes a connection to the system bus.
+func newConnection() (*Conn, error) {
+	c := new(Conn)
+	if err := c.initConnection(); err != nil {
+		return nil, err
+	}
+
+	return c, nil
+}
+
+// Initialize D-Bus connection.
+func (c *Conn) initConnection() error {
+	var err error
+
+	c.sysconn, err = dbus.SystemBus()
+	if err != nil {
+		return err
+	}
+
+	// This never fails, even if the service is not running atm.
+	c.sysObj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusPath))
+	c.sysConfObj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusConfigPath))
+	rule := fmt.Sprintf("type='signal',path='%s',interface='%s',sender='%s',member='Reloaded'",
+		dbusPath, dbusInterface, dbusInterface)
+	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, rule)
+
+	rule = fmt.Sprintf("type='signal',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus',sender='org.freedesktop.DBus',arg0='%s'",
+		dbusInterface)
+	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, rule)
+
+	c.signal = make(chan *dbus.Signal, 10)
+	c.sysconn.Signal(c.signal)
+
+	return nil
+}
+
+func signalHandler() {
+	for signal := range connection.signal {
+		if strings.Contains(signal.Name, "NameOwnerChanged") {
+			firewalldRunning = checkRunning()
+			dbusConnectionChanged(signal.Body)
+		} else if strings.Contains(signal.Name, "Reloaded") {
+			reloaded()
+		}
+	}
+}
+
+func dbusConnectionChanged(args []interface{}) {
+	name := args[0].(string)
+	oldOwner := args[1].(string)
+	newOwner := args[2].(string)
+
+	if name != dbusInterface {
+		return
+	}
+
+	if len(newOwner) > 0 {
+		connectionEstablished()
+	} else if len(oldOwner) > 0 {
+		connectionLost()
+	}
+}
+
+func connectionEstablished() {
+	reloaded()
+}
+
+func connectionLost() {
+	// Doesn't do anything for now. Libvirt also doesn't react to this.
+}
+
+// call all callbacks
+func reloaded() {
+	for _, pf := range onReloaded {
+		(*pf)()
+	}
+}
+
+// OnReloaded add callback
+func OnReloaded(callback func()) {
+	for _, pf := range onReloaded {
+		if pf == &callback {
+			return
+		}
+	}
+	onReloaded = append(onReloaded, &callback)
+}
+
+// Call some remote method to see whether the service is actually running.
+func checkRunning() bool {
+	var zone string
+	var err error
+
+	if connection != nil {
+		err = connection.sysObj.Call(dbusInterface+".getDefaultZone", 0).Store(&zone)
+		return err == nil
+	}
+	return false
+}
+
+// Passthrough method simply passes args through to iptables/ip6tables
+func Passthrough(ipv IPV, args ...string) ([]byte, error) {
+	var output string
+	logrus.Debugf("Firewalld passthrough: %s, %s", ipv, args)
+	if err := connection.sysObj.Call(dbusInterface+".direct.passthrough", 0, ipv, args).Store(&output); err != nil {
+		return nil, err
+	}
+	return []byte(output), nil
+}
+
+// getDockerZoneSettings converts the ZoneSettings struct into a interface slice
+func getDockerZoneSettings() []interface{} {
+	settings := ZoneSettings{
+		version:     "1.0",
+		name:        dockerZone,
+		description: "zone for docker bridge network interfaces",
+		target:      "ACCEPT",
+	}
+	slice := []interface{}{
+		settings.version,
+		settings.name,
+		settings.description,
+		settings.unused,
+		settings.target,
+		settings.services,
+		settings.ports,
+		settings.icmpBlocks,
+		settings.masquerade,
+		settings.forwardPorts,
+		settings.interfaces,
+		settings.sourceAddresses,
+		settings.richRules,
+		settings.protocols,
+		settings.sourcePorts,
+		settings.icmpBlockInversion,
+	}
+	return slice
+
+}
+
+// setupDockerZone creates a zone called docker in firewalld which includes docker interfaces to allow
+// container networking
+func setupDockerZone() error {
+	var zones []string
+	// Check if zone exists
+	if err := connection.sysObj.Call(dbusInterface+".zone.getZones", 0).Store(&zones); err != nil {
+		return err
+	}
+	if contains(zones, dockerZone) {
+		logrus.Infof("Firewalld: %s zone already exists, returning", dockerZone)
+		return nil
+	}
+	logrus.Debugf("Firewalld: creating %s zone", dockerZone)
+
+	settings := getDockerZoneSettings()
+	// Permanent
+	if err := connection.sysConfObj.Call(dbusInterface+".config.addZone", 0, dockerZone, settings).Err; err != nil {
+		return err
+	}
+	// Reload for change to take effect
+	if err := connection.sysObj.Call(dbusInterface+".reload", 0).Err; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// AddInterfaceFirewalld adds the interface to the trusted zone
+func AddInterfaceFirewalld(intf string) error {
+	var intfs []string
+	// Check if interface is already added to the zone
+	if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
+		return err
+	}
+	// Return if interface is already part of the zone
+	if contains(intfs, intf) {
+		logrus.Infof("Firewalld: interface %s already part of %s zone, returning", intf, dockerZone)
+		return nil
+	}
+
+	logrus.Debugf("Firewalld: adding %s interface to %s zone", intf, dockerZone)
+	// Runtime
+	if err := connection.sysObj.Call(dbusInterface+".zone.addInterface", 0, dockerZone, intf).Err; err != nil {
+		return err
+	}
+	return nil
+}
+
+// DelInterfaceFirewalld removes the interface from the trusted zone
+func DelInterfaceFirewalld(intf string) error {
+	var intfs []string
+	// Check if interface is part of the zone
+	if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
+		return err
+	}
+	// Remove interface if it exists
+	if !contains(intfs, intf) {
+		return fmt.Errorf("Firewalld: unable to find interface %s in %s zone", intf, dockerZone)
+	}
+
+	logrus.Debugf("Firewalld: removing %s interface from %s zone", intf, dockerZone)
+	// Runtime
+	if err := connection.sysObj.Call(dbusInterface+".zone.removeInterface", 0, dockerZone, intf).Err; err != nil {
+		return err
+	}
+	return nil
+}
+
+func contains(list []string, val string) bool {
+	for _, v := range list {
+		if v == val {
+			return true
+		}
+	}
+	return false
+}
diff --git a/libnetwork/iptables/firewalld_test.go b/libnetwork/iptables/firewalld_test.go
new file mode 100644
index 0000000000000..1b47221196988
--- /dev/null
+++ b/libnetwork/iptables/firewalld_test.go
@@ -0,0 +1,94 @@
+//go:build linux
+// +build linux
+
+package iptables
+
+import (
+	"net"
+	"strconv"
+	"testing"
+)
+
+func TestFirewalldInit(t *testing.T) {
+	if !checkRunning() {
+		t.Skip("firewalld is not running")
+	}
+	if err := FirewalldInit(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestReloaded(t *testing.T) {
+	var err error
+	var fwdChain *ChainInfo
+
+	iptable := GetIptable(IPv4)
+	fwdChain, err = iptable.NewChain("FWD", Filter, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	bridgeName := "lo"
+
+	err = iptable.ProgramChain(fwdChain, bridgeName, false, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer fwdChain.Remove()
+
+	// copy-pasted from iptables_test:TestLink
+	ip1 := net.ParseIP("192.168.1.1")
+	ip2 := net.ParseIP("192.168.1.2")
+	port := 1234
+	proto := "tcp"
+
+	err = fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName)
+	if err != nil {
+		t.Fatal(err)
+	} else {
+		// to be re-called again later
+		OnReloaded(func() { fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName) })
+	}
+
+	rule1 := []string{
+		"-i", bridgeName,
+		"-o", bridgeName,
+		"-p", proto,
+		"-s", ip1.String(),
+		"-d", ip2.String(),
+		"--dport", strconv.Itoa(port),
+		"-j", "ACCEPT"}
+
+	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
+		t.Fatal("rule1 does not exist")
+	}
+
+	// flush all rules
+	fwdChain.Remove()
+
+	reloaded()
+
+	// make sure the rules have been recreated
+	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
+		t.Fatal("rule1 hasn't been recreated")
+	}
+}
+
+func TestPassthrough(t *testing.T) {
+	rule1 := []string{
+		"-i", "lo",
+		"-p", "udp",
+		"--dport", "123",
+		"-j", "ACCEPT"}
+
+	iptable := GetIptable(IPv4)
+	if firewalldRunning {
+		_, err := Passthrough(Iptables, append([]string{"-A"}, rule1...)...)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !iptable.Exists(Filter, "INPUT", rule1...) {
+			t.Fatal("rule1 does not exist")
+		}
+	}
+
+}
diff --git a/libnetwork/iptables/iptables.go b/libnetwork/iptables/iptables.go
new file mode 100644
index 0000000000000..51a3e2bdc22a1
--- /dev/null
+++ b/libnetwork/iptables/iptables.go
@@ -0,0 +1,657 @@
+//go:build linux
+// +build linux
+
+package iptables
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"os/exec"
+	"regexp"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/sirupsen/logrus"
+)
+
+// Action signifies the iptable action.
+type Action string
+
+// Policy is the default iptable policies
+type Policy string
+
+// Table refers to Nat, Filter or Mangle.
+type Table string
+
+// IPVersion refers to IP version, v4 or v6
+type IPVersion string
+
+const (
+	// Append appends the rule at the end of the chain.
+	Append Action = "-A"
+	// Delete deletes the rule from the chain.
+	Delete Action = "-D"
+	// Insert inserts the rule at the top of the chain.
+	Insert Action = "-I"
+	// Nat table is used for nat translation rules.
+	Nat Table = "nat"
+	// Filter table is used for filter rules.
+	Filter Table = "filter"
+	// Mangle table is used for mangling the packet.
+	Mangle Table = "mangle"
+	// Drop is the default iptables DROP policy
+	Drop Policy = "DROP"
+	// Accept is the default iptables ACCEPT policy
+	Accept Policy = "ACCEPT"
+	// IPv4 is version 4
+	IPv4 IPVersion = "IPV4"
+	// IPv6 is version 6
+	IPv6 IPVersion = "IPV6"
+)
+
+var (
+	iptablesPath  string
+	ip6tablesPath string
+	supportsXlock = false
+	supportsCOpt  = false
+	xLockWaitMsg  = "Another app is currently holding the xtables lock"
+	// used to lock iptables commands if xtables lock is not supported
+	bestEffortLock sync.Mutex
+	// ErrIptablesNotFound is returned when the rule is not found.
+	ErrIptablesNotFound = errors.New("Iptables not found")
+	initOnce            sync.Once
+)
+
+// IPTable defines struct with IPVersion
+type IPTable struct {
+	Version IPVersion
+}
+
+// ChainInfo defines the iptables chain.
+type ChainInfo struct {
+	Name        string
+	Table       Table
+	HairpinMode bool
+	IPTable     IPTable
+}
+
+// ChainError is returned to represent errors during ip table operation.
+type ChainError struct {
+	Chain  string
+	Output []byte
+}
+
+func (e ChainError) Error() string {
+	return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output))
+}
+
+func probe() {
+	path, err := exec.LookPath("iptables")
+	if err != nil {
+		logrus.Warnf("Failed to find iptables: %v", err)
+		return
+	}
+	if out, err := exec.Command(path, "--wait", "-t", "nat", "-L", "-n").CombinedOutput(); err != nil {
+		logrus.Warnf("Running iptables --wait -t nat -L -n failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+	}
+	_, err = exec.LookPath("ip6tables")
+	if err != nil {
+		logrus.Warnf("Failed to find ip6tables: %v", err)
+		return
+	}
+}
+
+func initFirewalld() {
+	if err := FirewalldInit(); err != nil {
+		logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)
+	}
+}
+
+func detectIptables() {
+	path, err := exec.LookPath("iptables")
+	if err != nil {
+		return
+	}
+	iptablesPath = path
+	path, err = exec.LookPath("ip6tables")
+	if err != nil {
+		return
+	}
+	ip6tablesPath = path
+	supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
+	mj, mn, mc, err := GetVersion()
+	if err != nil {
+		logrus.Warnf("Failed to read iptables version: %v", err)
+		return
+	}
+	supportsCOpt = supportsCOption(mj, mn, mc)
+}
+
+func initDependencies() {
+	probe()
+	initFirewalld()
+	detectIptables()
+}
+
+func initCheck() error {
+	initOnce.Do(initDependencies)
+
+	if iptablesPath == "" {
+		return ErrIptablesNotFound
+	}
+	return nil
+}
+
+// GetIptable returns an instance of IPTable with specified version
+func GetIptable(version IPVersion) *IPTable {
+	return &IPTable{Version: version}
+}
+
+// NewChain adds a new chain to ip table.
+func (iptable IPTable) NewChain(name string, table Table, hairpinMode bool) (*ChainInfo, error) {
+	c := &ChainInfo{
+		Name:        name,
+		Table:       table,
+		HairpinMode: hairpinMode,
+		IPTable:     iptable,
+	}
+	if string(c.Table) == "" {
+		c.Table = Filter
+	}
+
+	// Add chain if it doesn't exist
+	if _, err := iptable.Raw("-t", string(c.Table), "-n", "-L", c.Name); err != nil {
+		if output, err := iptable.Raw("-t", string(c.Table), "-N", c.Name); err != nil {
+			return nil, err
+		} else if len(output) != 0 {
+			return nil, fmt.Errorf("Could not create %s/%s chain: %s", c.Table, c.Name, output)
+		}
+	}
+	return c, nil
+}
+
+// LoopbackByVersion returns loopback address by version
+func (iptable IPTable) LoopbackByVersion() string {
+	if iptable.Version == IPv6 {
+		return "::1/128"
+	}
+	return "127.0.0.0/8"
+}
+
+// ProgramChain is used to add rules to a chain
+func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) error {
+	if c.Name == "" {
+		return errors.New("Could not program chain, missing chain name")
+	}
+
+	// Either add or remove the interface from the firewalld zone
+	if firewalldRunning {
+		if enable {
+			if err := AddInterfaceFirewalld(bridgeName); err != nil {
+				return err
+			}
+		} else {
+			if err := DelInterfaceFirewalld(bridgeName); err != nil {
+				return err
+			}
+		}
+	}
+
+	switch c.Table {
+	case Nat:
+		preroute := []string{
+			"-m", "addrtype",
+			"--dst-type", "LOCAL",
+			"-j", c.Name}
+		if !iptable.Exists(Nat, "PREROUTING", preroute...) && enable {
+			if err := c.Prerouting(Append, preroute...); err != nil {
+				return fmt.Errorf("Failed to inject %s in PREROUTING chain: %s", c.Name, err)
+			}
+		} else if iptable.Exists(Nat, "PREROUTING", preroute...) && !enable {
+			if err := c.Prerouting(Delete, preroute...); err != nil {
+				return fmt.Errorf("Failed to remove %s in PREROUTING chain: %s", c.Name, err)
+			}
+		}
+		output := []string{
+			"-m", "addrtype",
+			"--dst-type", "LOCAL",
+			"-j", c.Name}
+		if !hairpinMode {
+			output = append(output, "!", "--dst", iptable.LoopbackByVersion())
+		}
+		if !iptable.Exists(Nat, "OUTPUT", output...) && enable {
+			if err := c.Output(Append, output...); err != nil {
+				return fmt.Errorf("Failed to inject %s in OUTPUT chain: %s", c.Name, err)
+			}
+		} else if iptable.Exists(Nat, "OUTPUT", output...) && !enable {
+			if err := c.Output(Delete, output...); err != nil {
+				return fmt.Errorf("Failed to inject %s in OUTPUT chain: %s", c.Name, err)
+			}
+		}
+	case Filter:
+		if bridgeName == "" {
+			return fmt.Errorf("Could not program chain %s/%s, missing bridge name",
+				c.Table, c.Name)
+		}
+		link := []string{
+			"-o", bridgeName,
+			"-j", c.Name}
+		if !iptable.Exists(Filter, "FORWARD", link...) && enable {
+			insert := append([]string{string(Insert), "FORWARD"}, link...)
+			if output, err := iptable.Raw(insert...); err != nil {
+				return err
+			} else if len(output) != 0 {
+				return fmt.Errorf("Could not create linking rule to %s/%s: %s", c.Table, c.Name, output)
+			}
+		} else if iptable.Exists(Filter, "FORWARD", link...) && !enable {
+			del := append([]string{string(Delete), "FORWARD"}, link...)
+			if output, err := iptable.Raw(del...); err != nil {
+				return err
+			} else if len(output) != 0 {
+				return fmt.Errorf("Could not delete linking rule from %s/%s: %s", c.Table, c.Name, output)
+			}
+
+		}
+		establish := []string{
+			"-o", bridgeName,
+			"-m", "conntrack",
+			"--ctstate", "RELATED,ESTABLISHED",
+			"-j", "ACCEPT"}
+		if !iptable.Exists(Filter, "FORWARD", establish...) && enable {
+			insert := append([]string{string(Insert), "FORWARD"}, establish...)
+			if output, err := iptable.Raw(insert...); err != nil {
+				return err
+			} else if len(output) != 0 {
+				return fmt.Errorf("Could not create establish rule to %s: %s", c.Table, output)
+			}
+		} else if iptable.Exists(Filter, "FORWARD", establish...) && !enable {
+			del := append([]string{string(Delete), "FORWARD"}, establish...)
+			if output, err := iptable.Raw(del...); err != nil {
+				return err
+			} else if len(output) != 0 {
+				return fmt.Errorf("Could not delete establish rule from %s: %s", c.Table, output)
+			}
+		}
+	}
+	return nil
+}
+
+// RemoveExistingChain removes existing chain from the table.
+func (iptable IPTable) RemoveExistingChain(name string, table Table) error {
+	c := &ChainInfo{
+		Name:    name,
+		Table:   table,
+		IPTable: iptable,
+	}
+	if string(c.Table) == "" {
+		c.Table = Filter
+	}
+	return c.Remove()
+}
+
+// Forward adds forwarding rule to 'filter' table and corresponding nat rule to 'nat' table.
+func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr string, destPort int, bridgeName string) error {
+
+	iptable := GetIptable(c.IPTable.Version)
+	daddr := ip.String()
+	if ip.IsUnspecified() {
+		// iptables interprets "0.0.0.0" as "0.0.0.0/32", whereas we
+		// want "0.0.0.0/0". "0/0" is correctly interpreted as "any
+		// value" by both iptables and ip6tables.
+		daddr = "0/0"
+	}
+
+	args := []string{
+		"-p", proto,
+		"-d", daddr,
+		"--dport", strconv.Itoa(port),
+		"-j", "DNAT",
+		"--to-destination", net.JoinHostPort(destAddr, strconv.Itoa(destPort))}
+
+	if !c.HairpinMode {
+		args = append(args, "!", "-i", bridgeName)
+	}
+	if err := iptable.ProgramRule(Nat, c.Name, action, args); err != nil {
+		return err
+	}
+
+	args = []string{
+		"!", "-i", bridgeName,
+		"-o", bridgeName,
+		"-p", proto,
+		"-d", destAddr,
+		"--dport", strconv.Itoa(destPort),
+		"-j", "ACCEPT",
+	}
+	if err := iptable.ProgramRule(Filter, c.Name, action, args); err != nil {
+		return err
+	}
+
+	args = []string{
+		"-p", proto,
+		"-s", destAddr,
+		"-d", destAddr,
+		"--dport", strconv.Itoa(destPort),
+		"-j", "MASQUERADE",
+	}
+
+	if err := iptable.ProgramRule(Nat, "POSTROUTING", action, args); err != nil {
+		return err
+	}
+
+	if proto == "sctp" {
+		// Linux kernel v4.9 and below enables NETIF_F_SCTP_CRC for veth by
+		// the following commit.
+		// This introduces a problem when conbined with a physical NIC without
+		// NETIF_F_SCTP_CRC. As for a workaround, here we add an iptables entry
+		// to fill the checksum.
+		//
+		// https://github.com/torvalds/linux/commit/c80fafbbb59ef9924962f83aac85531039395b18
+		args = []string{
+			"-p", proto,
+			"--sport", strconv.Itoa(destPort),
+			"-j", "CHECKSUM",
+			"--checksum-fill",
+		}
+		if err := iptable.ProgramRule(Mangle, "POSTROUTING", action, args); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Link adds reciprocal ACCEPT rule for two supplied IP addresses.
+// Traffic is allowed from ip1 to ip2 and vice-versa
+func (c *ChainInfo) Link(action Action, ip1, ip2 net.IP, port int, proto string, bridgeName string) error {
+	iptable := GetIptable(c.IPTable.Version)
+	// forward
+	args := []string{
+		"-i", bridgeName, "-o", bridgeName,
+		"-p", proto,
+		"-s", ip1.String(),
+		"-d", ip2.String(),
+		"--dport", strconv.Itoa(port),
+		"-j", "ACCEPT",
+	}
+
+	if err := iptable.ProgramRule(Filter, c.Name, action, args); err != nil {
+		return err
+	}
+	// reverse
+	args[7], args[9] = args[9], args[7]
+	args[10] = "--sport"
+	return iptable.ProgramRule(Filter, c.Name, action, args)
+}
+
+// ProgramRule adds the rule specified by args only if the
+// rule is not already present in the chain. Reciprocally,
+// it removes the rule only if present.
+func (iptable IPTable) ProgramRule(table Table, chain string, action Action, args []string) error {
+	if iptable.Exists(table, chain, args...) != (action == Delete) {
+		return nil
+	}
+	return iptable.RawCombinedOutput(append([]string{"-t", string(table), string(action), chain}, args...)...)
+}
+
+// Prerouting adds linking rule to nat/PREROUTING chain.
+func (c *ChainInfo) Prerouting(action Action, args ...string) error {
+	iptable := GetIptable(c.IPTable.Version)
+	a := []string{"-t", string(Nat), string(action), "PREROUTING"}
+	if len(args) > 0 {
+		a = append(a, args...)
+	}
+	if output, err := iptable.Raw(a...); err != nil {
+		return err
+	} else if len(output) != 0 {
+		return ChainError{Chain: "PREROUTING", Output: output}
+	}
+	return nil
+}
+
+// Output adds linking rule to an OUTPUT chain.
+func (c *ChainInfo) Output(action Action, args ...string) error {
+	iptable := GetIptable(c.IPTable.Version)
+	a := []string{"-t", string(c.Table), string(action), "OUTPUT"}
+	if len(args) > 0 {
+		a = append(a, args...)
+	}
+	if output, err := iptable.Raw(a...); err != nil {
+		return err
+	} else if len(output) != 0 {
+		return ChainError{Chain: "OUTPUT", Output: output}
+	}
+	return nil
+}
+
+// Remove removes the chain.
+func (c *ChainInfo) Remove() error {
+	iptable := GetIptable(c.IPTable.Version)
+	// Ignore errors - This could mean the chains were never set up
+	if c.Table == Nat {
+		c.Prerouting(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name)
+		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "!", "--dst", iptable.LoopbackByVersion(), "-j", c.Name)
+		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name) // Created in versions <= 0.1.6
+
+		c.Prerouting(Delete)
+		c.Output(Delete)
+	}
+	iptable.Raw("-t", string(c.Table), "-F", c.Name)
+	iptable.Raw("-t", string(c.Table), "-X", c.Name)
+	return nil
+}
+
+// Exists checks if a rule exists
+func (iptable IPTable) Exists(table Table, chain string, rule ...string) bool {
+	return iptable.exists(false, table, chain, rule...)
+}
+
+// ExistsNative behaves as Exists with the difference it
+// will always invoke `iptables` binary.
+func (iptable IPTable) ExistsNative(table Table, chain string, rule ...string) bool {
+	return iptable.exists(true, table, chain, rule...)
+}
+
+func (iptable IPTable) exists(native bool, table Table, chain string, rule ...string) bool {
+	f := iptable.Raw
+	if native {
+		f = iptable.raw
+	}
+
+	if string(table) == "" {
+		table = Filter
+	}
+
+	if err := initCheck(); err != nil {
+		// The exists() signature does not allow us to return an error, but at least
+		// we can skip the (likely invalid) exec invocation.
+		return false
+	}
+
+	if supportsCOpt {
+		// if exit status is 0 then return true, the rule exists
+		_, err := f(append([]string{"-t", string(table), "-C", chain}, rule...)...)
+		return err == nil
+	}
+
+	// parse "iptables -S" for the rule (it checks rules in a specific chain
+	// in a specific table and it is very unreliable)
+	return iptable.existsRaw(table, chain, rule...)
+}
+
+func (iptable IPTable) existsRaw(table Table, chain string, rule ...string) bool {
+	path := iptablesPath
+	if iptable.Version == IPv6 {
+		path = ip6tablesPath
+	}
+	ruleString := fmt.Sprintf("%s %s\n", chain, strings.Join(rule, " "))
+	existingRules, _ := exec.Command(path, "-t", string(table), "-S", chain).Output()
+
+	return strings.Contains(string(existingRules), ruleString)
+}
+
+// Maximum duration that an iptables operation can take
+// before flagging a warning.
+const opWarnTime = 2 * time.Second
+
+func filterOutput(start time.Time, output []byte, args ...string) []byte {
+	// Flag operations that have taken a long time to complete
+	opTime := time.Since(start)
+	if opTime > opWarnTime {
+		logrus.Warnf("xtables contention detected while running [%s]: Waited for %.2f seconds and received %q", strings.Join(args, " "), float64(opTime)/float64(time.Second), string(output))
+	}
+	// ignore iptables' message about xtables lock:
+	// it is a warning, not an error.
+	if strings.Contains(string(output), xLockWaitMsg) {
+		output = []byte("")
+	}
+	// Put further filters here if desired
+	return output
+}
+
+// Raw calls 'iptables' system command, passing supplied arguments.
+func (iptable IPTable) Raw(args ...string) ([]byte, error) {
+	if firewalldRunning {
+		// select correct IP version for firewalld
+		ipv := Iptables
+		if iptable.Version == IPv6 {
+			ipv = IP6Tables
+		}
+
+		startTime := time.Now()
+		output, err := Passthrough(ipv, args...)
+		if err == nil || !strings.Contains(err.Error(), "was not provided by any .service files") {
+			return filterOutput(startTime, output, args...), err
+		}
+	}
+	return iptable.raw(args...)
+}
+
+func (iptable IPTable) raw(args ...string) ([]byte, error) {
+	if err := initCheck(); err != nil {
+		return nil, err
+	}
+	if supportsXlock {
+		args = append([]string{"--wait"}, args...)
+	} else {
+		bestEffortLock.Lock()
+		defer bestEffortLock.Unlock()
+	}
+
+	path := iptablesPath
+	commandName := "iptables"
+	if iptable.Version == IPv6 {
+		path = ip6tablesPath
+		commandName = "ip6tables"
+	}
+
+	logrus.Debugf("%s, %v", path, args)
+
+	startTime := time.Now()
+	output, err := exec.Command(path, args...).CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf("iptables failed: %s %v: %s (%s)", commandName, strings.Join(args, " "), output, err)
+	}
+
+	return filterOutput(startTime, output, args...), err
+}
+
+// RawCombinedOutput internally calls the Raw function and returns a non nil
+// error if Raw returned a non nil error or a non empty output
+func (iptable IPTable) RawCombinedOutput(args ...string) error {
+	if output, err := iptable.Raw(args...); err != nil || len(output) != 0 {
+		return fmt.Errorf("%s (%v)", string(output), err)
+	}
+	return nil
+}
+
+// RawCombinedOutputNative behave as RawCombinedOutput with the difference it
+// will always invoke `iptables` binary
+func (iptable IPTable) RawCombinedOutputNative(args ...string) error {
+	if output, err := iptable.raw(args...); err != nil || len(output) != 0 {
+		return fmt.Errorf("%s (%v)", string(output), err)
+	}
+	return nil
+}
+
+// ExistChain checks if a chain exists
+func (iptable IPTable) ExistChain(chain string, table Table) bool {
+	if _, err := iptable.Raw("-t", string(table), "-nL", chain); err == nil {
+		return true
+	}
+	return false
+}
+
+// GetVersion reads the iptables version numbers during initialization
+func GetVersion() (major, minor, micro int, err error) {
+	out, err := exec.Command(iptablesPath, "--version").CombinedOutput()
+	if err == nil {
+		major, minor, micro = parseVersionNumbers(string(out))
+	}
+	return
+}
+
+// SetDefaultPolicy sets the passed default policy for the table/chain
+func (iptable IPTable) SetDefaultPolicy(table Table, chain string, policy Policy) error {
+	if err := iptable.RawCombinedOutput("-t", string(table), "-P", chain, string(policy)); err != nil {
+		return fmt.Errorf("setting default policy to %v in %v chain failed: %v", policy, chain, err)
+	}
+	return nil
+}
+
+func parseVersionNumbers(input string) (major, minor, micro int) {
+	re := regexp.MustCompile(`v\d*.\d*.\d*`)
+	line := re.FindString(input)
+	fmt.Sscanf(line, "v%d.%d.%d", &major, &minor, &micro)
+	return
+}
+
+// iptables -C, --check option was added in v.1.4.11
+// http://ftp.netfilter.org/pub/iptables/changes-iptables-1.4.11.txt
+func supportsCOption(mj, mn, mc int) bool {
+	return mj > 1 || (mj == 1 && (mn > 4 || (mn == 4 && mc >= 11)))
+}
+
+// AddReturnRule adds a return rule for the chain in the filter table
+func (iptable IPTable) AddReturnRule(chain string) error {
+	var (
+		table = Filter
+		args  = []string{"-j", "RETURN"}
+	)
+
+	if iptable.Exists(table, chain, args...) {
+		return nil
+	}
+
+	err := iptable.RawCombinedOutput(append([]string{"-A", chain}, args...)...)
+	if err != nil {
+		return fmt.Errorf("unable to add return rule in %s chain: %s", chain, err.Error())
+	}
+
+	return nil
+}
+
+// EnsureJumpRule ensures the jump rule is on top
+func (iptable IPTable) EnsureJumpRule(fromChain, toChain string) error {
+	var (
+		table = Filter
+		args  = []string{"-j", toChain}
+	)
+
+	if iptable.Exists(table, fromChain, args...) {
+		err := iptable.RawCombinedOutput(append([]string{"-D", fromChain}, args...)...)
+		if err != nil {
+			return fmt.Errorf("unable to remove jump to %s rule in %s chain: %s", toChain, fromChain, err.Error())
+		}
+	}
+
+	err := iptable.RawCombinedOutput(append([]string{"-I", fromChain}, args...)...)
+	if err != nil {
+		return fmt.Errorf("unable to insert jump to %s rule in %s chain: %s", toChain, fromChain, err.Error())
+	}
+
+	return nil
+}
diff --git a/libnetwork/iptables/iptables_test.go b/libnetwork/iptables/iptables_test.go
new file mode 100644
index 0000000000000..d46e5153cc36a
--- /dev/null
+++ b/libnetwork/iptables/iptables_test.go
@@ -0,0 +1,327 @@
+//go:build linux
+// +build linux
+
+package iptables
+
+import (
+	"net"
+	"os/exec"
+	"strconv"
+	"strings"
+	"testing"
+
+	"golang.org/x/sync/errgroup"
+)
+
+const chainName = "DOCKEREST"
+
+var natChain *ChainInfo
+var filterChain *ChainInfo
+var bridgeName string
+
+func TestNewChain(t *testing.T) {
+	var err error
+
+	bridgeName = "lo"
+	iptable := GetIptable(IPv4)
+
+	natChain, err = iptable.NewChain(chainName, Nat, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = iptable.ProgramChain(natChain, bridgeName, false, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	filterChain, err = iptable.NewChain(chainName, Filter, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = iptable.ProgramChain(filterChain, bridgeName, false, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestForward(t *testing.T) {
+	ip := net.ParseIP("192.168.1.1")
+	port := 1234
+	dstAddr := "172.17.0.1"
+	dstPort := 4321
+	proto := "tcp"
+
+	bridgeName := "lo"
+	iptable := GetIptable(IPv4)
+
+	err := natChain.Forward(Insert, ip, port, proto, dstAddr, dstPort, bridgeName)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	dnatRule := []string{
+		"-d", ip.String(),
+		"-p", proto,
+		"--dport", strconv.Itoa(port),
+		"-j", "DNAT",
+		"--to-destination", dstAddr + ":" + strconv.Itoa(dstPort),
+		"!", "-i", bridgeName,
+	}
+
+	if !iptable.Exists(natChain.Table, natChain.Name, dnatRule...) {
+		t.Fatal("DNAT rule does not exist")
+	}
+
+	filterRule := []string{
+		"!", "-i", bridgeName,
+		"-o", bridgeName,
+		"-d", dstAddr,
+		"-p", proto,
+		"--dport", strconv.Itoa(dstPort),
+		"-j", "ACCEPT",
+	}
+
+	if !iptable.Exists(filterChain.Table, filterChain.Name, filterRule...) {
+		t.Fatal("filter rule does not exist")
+	}
+
+	masqRule := []string{
+		"-d", dstAddr,
+		"-s", dstAddr,
+		"-p", proto,
+		"--dport", strconv.Itoa(dstPort),
+		"-j", "MASQUERADE",
+	}
+
+	if !iptable.Exists(natChain.Table, "POSTROUTING", masqRule...) {
+		t.Fatal("MASQUERADE rule does not exist")
+	}
+}
+
+func TestLink(t *testing.T) {
+	var err error
+
+	bridgeName := "lo"
+	iptable := GetIptable(IPv4)
+	ip1 := net.ParseIP("192.168.1.1")
+	ip2 := net.ParseIP("192.168.1.2")
+	port := 1234
+	proto := "tcp"
+
+	err = filterChain.Link(Append, ip1, ip2, port, proto, bridgeName)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rule1 := []string{
+		"-i", bridgeName,
+		"-o", bridgeName,
+		"-p", proto,
+		"-s", ip1.String(),
+		"-d", ip2.String(),
+		"--dport", strconv.Itoa(port),
+		"-j", "ACCEPT"}
+
+	if !iptable.Exists(filterChain.Table, filterChain.Name, rule1...) {
+		t.Fatal("rule1 does not exist")
+	}
+
+	rule2 := []string{
+		"-i", bridgeName,
+		"-o", bridgeName,
+		"-p", proto,
+		"-s", ip2.String(),
+		"-d", ip1.String(),
+		"--sport", strconv.Itoa(port),
+		"-j", "ACCEPT"}
+
+	if !iptable.Exists(filterChain.Table, filterChain.Name, rule2...) {
+		t.Fatal("rule2 does not exist")
+	}
+}
+
+func TestPrerouting(t *testing.T) {
+	args := []string{
+		"-i", "lo",
+		"-d", "192.168.1.1"}
+	iptable := GetIptable(IPv4)
+
+	err := natChain.Prerouting(Insert, args...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !iptable.Exists(natChain.Table, "PREROUTING", args...) {
+		t.Fatal("rule does not exist")
+	}
+
+	delRule := append([]string{"-D", "PREROUTING", "-t", string(Nat)}, args...)
+	if _, err = iptable.Raw(delRule...); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestOutput(t *testing.T) {
+	args := []string{
+		"-o", "lo",
+		"-d", "192.168.1.1"}
+	iptable := GetIptable(IPv4)
+
+	err := natChain.Output(Insert, args...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !iptable.Exists(natChain.Table, "OUTPUT", args...) {
+		t.Fatal("rule does not exist")
+	}
+
+	delRule := append([]string{"-D", "OUTPUT", "-t",
+		string(natChain.Table)}, args...)
+	if _, err = iptable.Raw(delRule...); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestConcurrencyWithWait(t *testing.T) {
+	RunConcurrencyTest(t, true)
+}
+
+func TestConcurrencyNoWait(t *testing.T) {
+	RunConcurrencyTest(t, false)
+}
+
+// Runs 10 concurrent rule additions. This will fail if iptables
+// is actually invoked simultaneously without --wait.
+// Note that if iptables does not support the xtable lock on this
+// system, then allowXlock has no effect -- it will always be off.
+func RunConcurrencyTest(t *testing.T, allowXlock bool) {
+	if !allowXlock && supportsXlock {
+		supportsXlock = false
+		defer func() { supportsXlock = true }()
+	}
+
+	ip := net.ParseIP("192.168.1.1")
+	port := 1234
+	dstAddr := "172.17.0.1"
+	dstPort := 4321
+	proto := "tcp"
+
+	group := new(errgroup.Group)
+	for i := 0; i < 10; i++ {
+		group.Go(func() error {
+			return natChain.Forward(Append, ip, port, proto, dstAddr, dstPort, "lo")
+		})
+	}
+	if err := group.Wait(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestCleanup(t *testing.T) {
+	var err error
+	var rules []byte
+
+	// Cleanup filter/FORWARD first otherwise output of iptables-save is dirty
+	link := []string{"-t", string(filterChain.Table),
+		string(Delete), "FORWARD",
+		"-o", bridgeName,
+		"-j", filterChain.Name}
+	iptable := GetIptable(IPv4)
+
+	if _, err = iptable.Raw(link...); err != nil {
+		t.Fatal(err)
+	}
+	filterChain.Remove()
+
+	err = iptable.RemoveExistingChain(chainName, Nat)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rules, err = exec.Command("iptables-save").Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if strings.Contains(string(rules), chainName) {
+		t.Fatalf("Removing chain failed. %s found in iptables-save", chainName)
+	}
+}
+
+func TestExistsRaw(t *testing.T) {
+	testChain1 := "ABCD"
+	testChain2 := "EFGH"
+
+	iptable := GetIptable(IPv4)
+
+	_, err := iptable.NewChain(testChain1, Filter, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		iptable.RemoveExistingChain(testChain1, Filter)
+	}()
+
+	_, err = iptable.NewChain(testChain2, Filter, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		iptable.RemoveExistingChain(testChain2, Filter)
+	}()
+
+	// Test detection over full and truncated rule string
+	input := []struct{ rule []string }{
+		{[]string{"-s", "172.8.9.9/32", "-j", "ACCEPT"}},
+		{[]string{"-d", "172.8.9.0/24", "-j", "DROP"}},
+		{[]string{"-s", "172.0.3.0/24", "-d", "172.17.0.0/24", "-p", "tcp", "-m", "tcp", "--dport", "80", "-j", testChain2}},
+		{[]string{"-j", "RETURN"}},
+	}
+
+	for i, r := range input {
+		ruleAdd := append([]string{"-t", string(Filter), "-A", testChain1}, r.rule...)
+		err = iptable.RawCombinedOutput(ruleAdd...)
+		if err != nil {
+			t.Fatalf("i=%d, err: %v", i, err)
+		}
+		if !iptable.existsRaw(Filter, testChain1, r.rule...) {
+			t.Fatalf("Failed to detect rule. i=%d", i)
+		}
+		// Truncate the rule
+		trg := r.rule[len(r.rule)-1]
+		trg = trg[:len(trg)-2]
+		r.rule[len(r.rule)-1] = trg
+		if iptable.existsRaw(Filter, testChain1, r.rule...) {
+			t.Fatalf("Invalid detection. i=%d", i)
+		}
+	}
+}
+
+func TestGetVersion(t *testing.T) {
+	mj, mn, mc := parseVersionNumbers("iptables v1.4.19.1-alpha")
+	if mj != 1 || mn != 4 || mc != 19 {
+		t.Fatal("Failed to parse version numbers")
+	}
+}
+
+func TestSupportsCOption(t *testing.T) {
+	input := []struct {
+		mj int
+		mn int
+		mc int
+		ok bool
+	}{
+		{1, 4, 11, true},
+		{1, 4, 12, true},
+		{1, 5, 0, true},
+		{0, 4, 11, false},
+		{0, 5, 12, false},
+		{1, 3, 12, false},
+		{1, 4, 10, false},
+	}
+	for ind, inp := range input {
+		if inp.ok != supportsCOption(inp.mj, inp.mn, inp.mc) {
+			t.Fatalf("Incorrect check: %d", ind)
+		}
+	}
+}
diff --git a/libnetwork/libnetwork_internal_test.go b/libnetwork/libnetwork_internal_test.go
new file mode 100644
index 0000000000000..2992ca57ee21a
--- /dev/null
+++ b/libnetwork/libnetwork_internal_test.go
@@ -0,0 +1,709 @@
+package libnetwork
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+	"runtime"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/discoverapi"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/internal/setmatrix"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/docker/docker/libnetwork/types"
+	"gotest.tools/v3/skip"
+)
+
+func TestNetworkMarshalling(t *testing.T) {
+	n := &network{
+		name:        "Miao",
+		id:          "abccba",
+		ipamType:    "default",
+		addrSpace:   "viola",
+		networkType: "bridge",
+		enableIPv6:  true,
+		persist:     true,
+		configOnly:  true,
+		configFrom:  "configOnlyX",
+		ipamOptions: map[string]string{
+			netlabel.MacAddress: "a:b:c:d:e:f",
+			"primary":           "",
+		},
+		ipamV4Config: []*IpamConf{
+			{
+				PreferredPool: "10.2.0.0/16",
+				SubPool:       "10.2.0.0/24",
+				Gateway:       "",
+				AuxAddresses:  nil,
+			},
+			{
+				PreferredPool: "10.2.0.0/16",
+				SubPool:       "10.2.1.0/24",
+				Gateway:       "10.2.1.254",
+			},
+		},
+		ipamV6Config: []*IpamConf{
+			{
+				PreferredPool: "abcd::/64",
+				SubPool:       "abcd:abcd:abcd:abcd:abcd::/80",
+				Gateway:       "abcd::29/64",
+				AuxAddresses:  nil,
+			},
+		},
+		ipamV4Info: []*IpamInfo{
+			{
+				PoolID: "ipoolverde123",
+				Meta: map[string]string{
+					netlabel.Gateway: "10.2.1.255/16",
+				},
+				IPAMData: driverapi.IPAMData{
+					AddressSpace: "viola",
+					Pool: &net.IPNet{
+						IP:   net.IP{10, 2, 0, 0},
+						Mask: net.IPMask{255, 255, 255, 0},
+					},
+					Gateway:      nil,
+					AuxAddresses: nil,
+				},
+			},
+			{
+				PoolID: "ipoolblue345",
+				Meta: map[string]string{
+					netlabel.Gateway: "10.2.1.255/16",
+				},
+				IPAMData: driverapi.IPAMData{
+					AddressSpace: "viola",
+					Pool: &net.IPNet{
+						IP:   net.IP{10, 2, 1, 0},
+						Mask: net.IPMask{255, 255, 255, 0},
+					},
+					Gateway: &net.IPNet{IP: net.IP{10, 2, 1, 254}, Mask: net.IPMask{255, 255, 255, 0}},
+					AuxAddresses: map[string]*net.IPNet{
+						"ip3": {IP: net.IP{10, 2, 1, 3}, Mask: net.IPMask{255, 255, 255, 0}},
+						"ip5": {IP: net.IP{10, 2, 1, 55}, Mask: net.IPMask{255, 255, 255, 0}},
+					},
+				},
+			},
+			{
+				PoolID: "weirdinfo",
+				IPAMData: driverapi.IPAMData{
+					Gateway: &net.IPNet{
+						IP:   net.IP{11, 2, 1, 255},
+						Mask: net.IPMask{255, 0, 0, 0},
+					},
+				},
+			},
+		},
+		ipamV6Info: []*IpamInfo{
+			{
+				PoolID: "ipoolv6",
+				IPAMData: driverapi.IPAMData{
+					AddressSpace: "viola",
+					Pool: &net.IPNet{
+						IP:   net.IP{0xab, 0xcd, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+						Mask: net.IPMask{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 0, 0, 0, 0, 0, 0},
+					},
+					Gateway: &net.IPNet{
+						IP:   net.IP{0xab, 0xcd, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 29},
+						Mask: net.IPMask{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 0, 0, 0, 0, 0, 0},
+					},
+					AuxAddresses: nil,
+				},
+			},
+		},
+		labels: map[string]string{
+			"color":        "blue",
+			"superimposed": "",
+		},
+		created: time.Now(),
+	}
+
+	b, err := json.Marshal(n)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	nn := &network{}
+	err = json.Unmarshal(b, nn)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n.name != nn.name || n.id != nn.id || n.networkType != nn.networkType || n.ipamType != nn.ipamType ||
+		n.addrSpace != nn.addrSpace || n.enableIPv6 != nn.enableIPv6 ||
+		n.persist != nn.persist || !compareIpamConfList(n.ipamV4Config, nn.ipamV4Config) ||
+		!compareIpamInfoList(n.ipamV4Info, nn.ipamV4Info) || !compareIpamConfList(n.ipamV6Config, nn.ipamV6Config) ||
+		!compareIpamInfoList(n.ipamV6Info, nn.ipamV6Info) ||
+		!compareStringMaps(n.ipamOptions, nn.ipamOptions) ||
+		!compareStringMaps(n.labels, nn.labels) ||
+		!n.created.Equal(nn.created) ||
+		n.configOnly != nn.configOnly || n.configFrom != nn.configFrom {
+		t.Fatalf("JSON marsh/unmarsh failed."+
+			"\nOriginal:\n%#v\nDecoded:\n%#v"+
+			"\nOriginal ipamV4Conf: %#v\n\nDecoded ipamV4Conf: %#v"+
+			"\nOriginal ipamV4Info: %s\n\nDecoded ipamV4Info: %s"+
+			"\nOriginal ipamV6Conf: %#v\n\nDecoded ipamV6Conf: %#v"+
+			"\nOriginal ipamV6Info: %s\n\nDecoded ipamV6Info: %s",
+			n, nn, printIpamConf(n.ipamV4Config), printIpamConf(nn.ipamV4Config),
+			printIpamInfo(n.ipamV4Info), printIpamInfo(nn.ipamV4Info),
+			printIpamConf(n.ipamV6Config), printIpamConf(nn.ipamV6Config),
+			printIpamInfo(n.ipamV6Info), printIpamInfo(nn.ipamV6Info))
+	}
+}
+
+func printIpamConf(list []*IpamConf) string {
+	s := "\n[]*IpamConfig{"
+	for _, i := range list {
+		s = fmt.Sprintf("%s %v,", s, i)
+	}
+	s = fmt.Sprintf("%s}", s)
+	return s
+}
+
+func printIpamInfo(list []*IpamInfo) string {
+	s := "\n[]*IpamInfo{"
+	for _, i := range list {
+		s = fmt.Sprintf("%s\n{\n%s\n}", s, i)
+	}
+	s = fmt.Sprintf("%s\n}", s)
+	return s
+}
+
+func TestEndpointMarshalling(t *testing.T) {
+	ip, nw6, err := net.ParseCIDR("2001:db8:4003::122/64")
+	if err != nil {
+		t.Fatal(err)
+	}
+	nw6.IP = ip
+
+	var lla []*net.IPNet
+	for _, nw := range []string{"169.254.0.1/16", "169.254.1.1/16", "169.254.2.2/16"} {
+		ll, _ := types.ParseCIDR(nw)
+		lla = append(lla, ll)
+	}
+
+	e := &endpoint{
+		name:      "Bau",
+		id:        "efghijklmno",
+		sandboxID: "ambarabaciccicocco",
+		anonymous: true,
+		iface: &endpointInterface{
+			mac: []byte{11, 12, 13, 14, 15, 16},
+			addr: &net.IPNet{
+				IP:   net.IP{10, 0, 1, 23},
+				Mask: net.IPMask{255, 255, 255, 0},
+			},
+			addrv6:    nw6,
+			srcName:   "veth12ab1314",
+			dstPrefix: "eth",
+			v4PoolID:  "poolpool",
+			v6PoolID:  "poolv6",
+			llAddrs:   lla,
+		},
+	}
+
+	b, err := json.Marshal(e)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ee := &endpoint{}
+	err = json.Unmarshal(b, ee)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if e.name != ee.name || e.id != ee.id || e.sandboxID != ee.sandboxID || !compareEndpointInterface(e.iface, ee.iface) || e.anonymous != ee.anonymous {
+		t.Fatalf("JSON marsh/unmarsh failed.\nOriginal:\n%#v\nDecoded:\n%#v\nOriginal iface: %#v\nDecodediface:\n%#v", e, ee, e.iface, ee.iface)
+	}
+}
+
+func compareEndpointInterface(a, b *endpointInterface) bool {
+	if a == b {
+		return true
+	}
+	if a == nil || b == nil {
+		return false
+	}
+	return a.srcName == b.srcName && a.dstPrefix == b.dstPrefix && a.v4PoolID == b.v4PoolID && a.v6PoolID == b.v6PoolID &&
+		types.CompareIPNet(a.addr, b.addr) && types.CompareIPNet(a.addrv6, b.addrv6) && compareNwLists(a.llAddrs, b.llAddrs)
+}
+
+func compareIpamConfList(listA, listB []*IpamConf) bool {
+	var a, b *IpamConf
+	if len(listA) != len(listB) {
+		return false
+	}
+	for i := 0; i < len(listA); i++ {
+		a = listA[i]
+		b = listB[i]
+		if a.PreferredPool != b.PreferredPool ||
+			a.SubPool != b.SubPool ||
+			a.Gateway != b.Gateway || !compareStringMaps(a.AuxAddresses, b.AuxAddresses) {
+			return false
+		}
+	}
+	return true
+}
+
+func compareIpamInfoList(listA, listB []*IpamInfo) bool {
+	var a, b *IpamInfo
+	if len(listA) != len(listB) {
+		return false
+	}
+	for i := 0; i < len(listA); i++ {
+		a = listA[i]
+		b = listB[i]
+		if a.PoolID != b.PoolID || !compareStringMaps(a.Meta, b.Meta) ||
+			!types.CompareIPNet(a.Gateway, b.Gateway) ||
+			a.AddressSpace != b.AddressSpace ||
+			!types.CompareIPNet(a.Pool, b.Pool) ||
+			!compareAddresses(a.AuxAddresses, b.AuxAddresses) {
+			return false
+		}
+	}
+	return true
+}
+
+func compareStringMaps(a, b map[string]string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	if len(a) > 0 {
+		for k := range a {
+			if a[k] != b[k] {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func compareAddresses(a, b map[string]*net.IPNet) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	if len(a) > 0 {
+		for k := range a {
+			if !types.CompareIPNet(a[k], b[k]) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func compareNwLists(a, b []*net.IPNet) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	for k := range a {
+		if !types.CompareIPNet(a[k], b[k]) {
+			return false
+		}
+	}
+	return true
+}
+
+func TestAuxAddresses(t *testing.T) {
+	c, err := New()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer c.Stop()
+
+	n := &network{ipamType: ipamapi.DefaultIPAM, networkType: "bridge", ctrlr: c.(*controller)}
+
+	input := []struct {
+		masterPool   string
+		subPool      string
+		auxAddresses map[string]string
+		good         bool
+	}{
+		{"192.168.0.0/16", "", map[string]string{"goodOne": "192.168.2.2"}, true},
+		{"192.168.0.0/16", "", map[string]string{"badOne": "192.169.2.3"}, false},
+		{"192.168.0.0/16", "192.168.1.0/24", map[string]string{"goodOne": "192.168.1.2"}, true},
+		{"192.168.0.0/16", "192.168.1.0/24", map[string]string{"stillGood": "192.168.2.4"}, true},
+		{"192.168.0.0/16", "192.168.1.0/24", map[string]string{"badOne": "192.169.2.4"}, false},
+	}
+
+	for _, i := range input {
+
+		n.ipamV4Config = []*IpamConf{{PreferredPool: i.masterPool, SubPool: i.subPool, AuxAddresses: i.auxAddresses}}
+
+		err = n.ipamAllocate()
+
+		if i.good != (err == nil) {
+			t.Fatalf("Unexpected result for %v: %v", i, err)
+		}
+
+		n.ipamRelease()
+	}
+}
+
+func TestSRVServiceQuery(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
+	c, err := New()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer c.Stop()
+
+	n, err := c.NewNetwork("bridge", "net1", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("testep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sb, err := c.NewSandbox("c1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sr := svcInfo{
+		svcMap:     setmatrix.NewSetMatrix(),
+		svcIPv6Map: setmatrix.NewSetMatrix(),
+		ipMap:      setmatrix.NewSetMatrix(),
+		service:    make(map[string][]servicePorts),
+	}
+	// backing container for the service
+	cTarget := serviceTarget{
+		name: "task1.web.swarm",
+		ip:   net.ParseIP("192.168.10.2"),
+		port: 80,
+	}
+	// backing host for the service
+	hTarget := serviceTarget{
+		name: "node1.docker-cluster",
+		ip:   net.ParseIP("10.10.10.2"),
+		port: 45321,
+	}
+	httpPort := servicePorts{
+		portName: "_http",
+		proto:    "_tcp",
+		target:   []serviceTarget{cTarget},
+	}
+
+	extHTTPPort := servicePorts{
+		portName: "_host_http",
+		proto:    "_tcp",
+		target:   []serviceTarget{hTarget},
+	}
+	sr.service["web.swarm"] = append(sr.service["web.swarm"], httpPort)
+	sr.service["web.swarm"] = append(sr.service["web.swarm"], extHTTPPort)
+
+	c.(*controller).svcRecords[n.ID()] = sr
+
+	_, ip := ep.Info().Sandbox().ResolveService("_http._tcp.web.swarm")
+
+	if len(ip) == 0 {
+		t.Fatal(err)
+	}
+	if ip[0].String() != "192.168.10.2" {
+		t.Fatal(err)
+	}
+
+	_, ip = ep.Info().Sandbox().ResolveService("_host_http._tcp.web.swarm")
+
+	if len(ip) == 0 {
+		t.Fatal(err)
+	}
+	if ip[0].String() != "10.10.10.2" {
+		t.Fatal(err)
+	}
+
+	// Service name with invalid protocol name. Should fail without error
+	_, ip = ep.Info().Sandbox().ResolveService("_http._icmp.web.swarm")
+	if len(ip) != 0 {
+		t.Fatal("Valid response for invalid service name")
+	}
+}
+
+func TestServiceVIPReuse(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
+	c, err := New()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer c.Stop()
+
+	n, err := c.NewNetwork("bridge", "net1", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("testep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sb, err := c.NewSandbox("c1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Add 2 services with same name but different service ID to share the same VIP
+	n.(*network).addSvcRecords("ep1", "service_test", "serviceID1", net.ParseIP("192.168.0.1"), net.IP{}, true, "test")
+	n.(*network).addSvcRecords("ep2", "service_test", "serviceID2", net.ParseIP("192.168.0.1"), net.IP{}, true, "test")
+
+	ipToResolve := netutils.ReverseIP("192.168.0.1")
+
+	ipList, _ := n.(*network).ResolveName("service_test", types.IPv4)
+	if len(ipList) == 0 {
+		t.Fatal("There must be the VIP")
+	}
+	if len(ipList) != 1 {
+		t.Fatal("It must return only 1 VIP")
+	}
+	if ipList[0].String() != "192.168.0.1" {
+		t.Fatal("The service VIP is 192.168.0.1")
+	}
+	name := n.(*network).ResolveIP(ipToResolve)
+	if name == "" {
+		t.Fatal("It must return a name")
+	}
+	if name != "service_test.net1" {
+		t.Fatalf("It must return the service_test.net1 != %s", name)
+	}
+
+	// Delete service record for one of the services, the IP should remain because one service is still associated with it
+	n.(*network).deleteSvcRecords("ep1", "service_test", "serviceID1", net.ParseIP("192.168.0.1"), net.IP{}, true, "test")
+	ipList, _ = n.(*network).ResolveName("service_test", types.IPv4)
+	if len(ipList) == 0 {
+		t.Fatal("There must be the VIP")
+	}
+	if len(ipList) != 1 {
+		t.Fatal("It must return only 1 VIP")
+	}
+	if ipList[0].String() != "192.168.0.1" {
+		t.Fatal("The service VIP is 192.168.0.1")
+	}
+	name = n.(*network).ResolveIP(ipToResolve)
+	if name == "" {
+		t.Fatal("It must return a name")
+	}
+	if name != "service_test.net1" {
+		t.Fatalf("It must return the service_test.net1 != %s", name)
+	}
+
+	// Delete again the service using the previous service ID, nothing should happen
+	n.(*network).deleteSvcRecords("ep2", "service_test", "serviceID1", net.ParseIP("192.168.0.1"), net.IP{}, true, "test")
+	ipList, _ = n.(*network).ResolveName("service_test", types.IPv4)
+	if len(ipList) == 0 {
+		t.Fatal("There must be the VIP")
+	}
+	if len(ipList) != 1 {
+		t.Fatal("It must return only 1 VIP")
+	}
+	if ipList[0].String() != "192.168.0.1" {
+		t.Fatal("The service VIP is 192.168.0.1")
+	}
+	name = n.(*network).ResolveIP(ipToResolve)
+	if name == "" {
+		t.Fatal("It must return a name")
+	}
+	if name != "service_test.net1" {
+		t.Fatalf("It must return the service_test.net1 != %s", name)
+	}
+
+	// Delete now using the second service ID, now all the entries should be gone
+	n.(*network).deleteSvcRecords("ep2", "service_test", "serviceID2", net.ParseIP("192.168.0.1"), net.IP{}, true, "test")
+	ipList, _ = n.(*network).ResolveName("service_test", types.IPv4)
+	if len(ipList) != 0 {
+		t.Fatal("All the VIPs should be gone now")
+	}
+	name = n.(*network).ResolveIP(ipToResolve)
+	if name != "" {
+		t.Fatalf("It must return empty no more services associated, instead:%s", name)
+	}
+}
+
+func TestIpamReleaseOnNetDriverFailures(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	cfgOptions, err := OptionBoltdbWithRandomDBFile()
+	if err != nil {
+		t.Fatal(err)
+	}
+	c, err := New(cfgOptions...)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer c.Stop()
+
+	cc := c.(*controller)
+
+	if err := cc.drvRegistry.AddDriver(badDriverName, badDriverInit, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	// Test whether ipam state release is invoked  on network create failure from net driver
+	// by checking whether subsequent network creation requesting same gateway IP succeeds
+	ipamOpt := NetworkOptionIpam(ipamapi.DefaultIPAM, "", []*IpamConf{{PreferredPool: "10.34.0.0/16", Gateway: "10.34.255.254"}}, nil, nil)
+	if _, err := c.NewNetwork(badDriverName, "badnet1", "", ipamOpt); err == nil {
+		t.Fatalf("bad network driver should have failed network creation")
+	}
+
+	gnw, err := c.NewNetwork("bridge", "goodnet1", "", ipamOpt)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := gnw.Delete(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Now check whether ipam release works on endpoint creation failure
+	bd.failNetworkCreation = false
+	bnw, err := c.NewNetwork(badDriverName, "badnet2", "", ipamOpt)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := bnw.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if _, err := bnw.CreateEndpoint("ep0"); err == nil {
+		t.Fatalf("bad network driver should have failed endpoint creation")
+	}
+
+	// Now create good bridge network with different gateway
+	ipamOpt2 := NetworkOptionIpam(ipamapi.DefaultIPAM, "", []*IpamConf{{PreferredPool: "10.35.0.0/16", Gateway: "10.35.255.253"}}, nil, nil)
+	gnw, err = c.NewNetwork("bridge", "goodnet2", "", ipamOpt2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := gnw.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := gnw.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer ep.Delete(false) // nolint:errcheck
+
+	expectedIP, _ := types.ParseCIDR("10.35.0.1/16")
+	if !types.CompareIPNet(ep.Info().Iface().Address(), expectedIP) {
+		t.Fatalf("Ipam release must have failed, endpoint has unexpected address: %v", ep.Info().Iface().Address())
+	}
+}
+
+var badDriverName = "bad network driver"
+
+type badDriver struct {
+	failNetworkCreation bool
+}
+
+var bd = badDriver{failNetworkCreation: true}
+
+func badDriverInit(reg driverapi.DriverCallback, opt map[string]interface{}) error {
+	return reg.RegisterDriver(badDriverName, &bd, driverapi.Capability{DataScope: datastore.LocalScope})
+}
+
+func (b *badDriver) CreateNetwork(nid string, options map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
+	if b.failNetworkCreation {
+		return fmt.Errorf("I will not create any network")
+	}
+	return nil
+}
+func (b *badDriver) DeleteNetwork(nid string) error {
+	return nil
+}
+func (b *badDriver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, options map[string]interface{}) error {
+	return fmt.Errorf("I will not create any endpoint")
+}
+func (b *badDriver) DeleteEndpoint(nid, eid string) error {
+	return nil
+}
+func (b *badDriver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
+	return nil, nil
+}
+func (b *badDriver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
+	return fmt.Errorf("I will not allow any join")
+}
+func (b *badDriver) Leave(nid, eid string) error {
+	return nil
+}
+func (b *badDriver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+func (b *badDriver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
+	return nil
+}
+func (b *badDriver) Type() string {
+	return badDriverName
+}
+func (b *badDriver) IsBuiltIn() bool {
+	return false
+}
+func (b *badDriver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
+	return nil
+}
+func (b *badDriver) RevokeExternalConnectivity(nid, eid string) error {
+	return nil
+}
+
+func (b *badDriver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
+	return nil, types.NotImplementedErrorf("not implemented")
+}
+
+func (b *badDriver) NetworkFree(id string) error {
+	return types.NotImplementedErrorf("not implemented")
+}
+
+func (b *badDriver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
+}
+
+func (b *badDriver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
+	return "", nil
+}
diff --git a/libnetwork/libnetwork_linux_test.go b/libnetwork/libnetwork_linux_test.go
new file mode 100644
index 0000000000000..b243017d82844
--- /dev/null
+++ b/libnetwork/libnetwork_linux_test.go
@@ -0,0 +1,1174 @@
+package libnetwork_test
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"net"
+	"os"
+	"os/exec"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+	"testing"
+
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/sirupsen/logrus"
+	"github.com/vishvananda/netlink"
+	"github.com/vishvananda/netns"
+)
+
+const (
+	bridgeNetType = "bridge"
+)
+
+var (
+	origins = netns.None()
+	testns  = netns.None()
+)
+
+func createGlobalInstance(t *testing.T) {
+	var err error
+	defer close(start)
+
+	origins, err = netns.Get()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if testutils.IsRunningInContainer() {
+		testns = origins
+	} else {
+		testns, err = netns.New()
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "network",
+		},
+	}
+
+	net1, err := controller.NetworkByName("testhost")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	net2, err := createTestNetwork("bridge", "network2", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = net1.CreateEndpoint("pep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = net2.CreateEndpoint("pep2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = net2.CreateEndpoint("pep3")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if sboxes[first-1], err = controller.NewSandbox(fmt.Sprintf("%drace", first), libnetwork.OptionUseDefaultSandbox()); err != nil {
+		t.Fatal(err)
+	}
+	for thd := first + 1; thd <= last; thd++ {
+		if sboxes[thd-1], err = controller.NewSandbox(fmt.Sprintf("%drace", thd)); err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+func TestHost(t *testing.T) {
+	sbx1, err := controller.NewSandbox("host_c1",
+		libnetwork.OptionHostname("test1"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"),
+		libnetwork.OptionUseDefaultSandbox())
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sbx1.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	sbx2, err := controller.NewSandbox("host_c2",
+		libnetwork.OptionHostname("test2"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"),
+		libnetwork.OptionUseDefaultSandbox())
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sbx2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	network, err := createTestNetwork("host", "testhost", options.Generic{}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ep1, err := network.CreateEndpoint("testep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep1.Join(sbx1); err != nil {
+		t.Fatal(err)
+	}
+
+	ep2, err := network.CreateEndpoint("testep2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep2.Join(sbx2); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep1.Leave(sbx1); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep2.Leave(sbx2); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep1.Delete(false); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep2.Delete(false); err != nil {
+		t.Fatal(err)
+	}
+
+	// Try to create another host endpoint and join/leave that.
+	cnt3, err := controller.NewSandbox("host_c3",
+		libnetwork.OptionHostname("test3"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"),
+		libnetwork.OptionUseDefaultSandbox())
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := cnt3.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep3, err := network.CreateEndpoint("testep3")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep3.Join(sbx2); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep3.Leave(sbx2); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep3.Delete(false); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Testing IPV6 from MAC address
+func TestBridgeIpv6FromMac(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName":         "testipv6mac",
+			"EnableICC":          true,
+			"EnableIPMasquerade": true,
+		},
+	}
+	ipamV4ConfList := []*libnetwork.IpamConf{{PreferredPool: "192.168.100.0/24", Gateway: "192.168.100.1"}}
+	ipamV6ConfList := []*libnetwork.IpamConf{{PreferredPool: "fe90::/64", Gateway: "fe90::22"}}
+
+	network, err := controller.NewNetwork(bridgeNetType, "testipv6mac", "",
+		libnetwork.NetworkOptionGeneric(netOption),
+		libnetwork.NetworkOptionEnableIPv6(true),
+		libnetwork.NetworkOptionIpam(ipamapi.DefaultIPAM, "", ipamV4ConfList, ipamV6ConfList, nil),
+		libnetwork.NetworkOptionDeferIPv6Alloc(true))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	mac := net.HardwareAddr{0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}
+	epOption := options.Generic{netlabel.MacAddress: mac}
+
+	ep, err := network.CreateEndpoint("testep", libnetwork.EndpointOptionGeneric(epOption))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	iface := ep.Info().Iface()
+	if !bytes.Equal(iface.MacAddress(), mac) {
+		t.Fatalf("Unexpected mac address: %v", iface.MacAddress())
+	}
+
+	ip, expIP, _ := net.ParseCIDR("fe90::aabb:ccdd:eeff/64")
+	expIP.IP = ip
+	if !types.CompareIPNet(expIP, iface.AddressIPv6()) {
+		t.Fatalf("Expected %v. Got: %v", expIP, iface.AddressIPv6())
+	}
+
+	if err := ep.Delete(false); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := network.Delete(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func checkSandbox(t *testing.T, info libnetwork.EndpointInfo) {
+	key := info.Sandbox().Key()
+	sbNs, err := netns.GetFromPath(key)
+	if err != nil {
+		t.Fatalf("Failed to get network namespace path %q: %v", key, err)
+	}
+	defer sbNs.Close()
+
+	nh, err := netlink.NewHandleAt(sbNs)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = nh.LinkByName("eth0")
+	if err != nil {
+		t.Fatalf("Could not find the interface eth0 inside the sandbox: %v", err)
+	}
+
+	_, err = nh.LinkByName("eth1")
+	if err != nil {
+		t.Fatalf("Could not find the interface eth1 inside the sandbox: %v", err)
+	}
+}
+
+func TestEndpointJoin(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	// Create network 1 and add 2 endpoint: ep11, ep12
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName":         "testnetwork1",
+			"EnableICC":          true,
+			"EnableIPMasquerade": true,
+		},
+	}
+	ipamV6ConfList := []*libnetwork.IpamConf{{PreferredPool: "fe90::/64", Gateway: "fe90::22"}}
+	n1, err := controller.NewNetwork(bridgeNetType, "testnetwork1", "",
+		libnetwork.NetworkOptionGeneric(netOption),
+		libnetwork.NetworkOptionEnableIPv6(true),
+		libnetwork.NetworkOptionIpam(ipamapi.DefaultIPAM, "", nil, ipamV6ConfList, nil),
+		libnetwork.NetworkOptionDeferIPv6Alloc(true))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n1.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep1, err := n1.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep1.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// Validate if ep.Info() only gives me IP address info and not names and gateway during CreateEndpoint()
+	info := ep1.Info()
+	iface := info.Iface()
+	if iface.Address() != nil && iface.Address().IP.To4() == nil {
+		t.Fatalf("Invalid IP address returned: %v", iface.Address())
+	}
+	if iface.AddressIPv6() != nil && iface.AddressIPv6().IP == nil {
+		t.Fatalf("Invalid IPv6 address returned: %v", iface.Address())
+	}
+
+	if len(info.Gateway()) != 0 {
+		t.Fatalf("Expected empty gateway for an empty endpoint. Instead found a gateway: %v", info.Gateway())
+	}
+	if len(info.GatewayIPv6()) != 0 {
+		t.Fatalf("Expected empty gateway for an empty ipv6 endpoint. Instead found a gateway: %v", info.GatewayIPv6())
+	}
+
+	if info.Sandbox() != nil {
+		t.Fatalf("Expected an empty sandbox key for an empty endpoint. Instead found a non-empty sandbox key: %s", info.Sandbox().Key())
+	}
+
+	// test invalid joins
+	err = ep1.Join(nil)
+	if err == nil {
+		t.Fatalf("Expected to fail join with nil Sandbox")
+	}
+	if _, ok := err.(types.BadRequestError); !ok {
+		t.Fatalf("Unexpected error type returned: %T", err)
+	}
+
+	fsbx := &fakeSandbox{}
+	if err = ep1.Join(fsbx); err == nil {
+		t.Fatalf("Expected to fail join with invalid Sandbox")
+	}
+	if _, ok := err.(types.BadRequestError); !ok {
+		t.Fatalf("Unexpected error type returned: %T", err)
+	}
+
+	sb, err := controller.NewSandbox(containerID,
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep1.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep1.Leave(sb)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// Validate if ep.Info() only gives valid gateway and sandbox key after has container has joined.
+	info = ep1.Info()
+	if len(info.Gateway()) == 0 {
+		t.Fatalf("Expected a valid gateway for a joined endpoint. Instead found an invalid gateway: %v", info.Gateway())
+	}
+	if len(info.GatewayIPv6()) == 0 {
+		t.Fatalf("Expected a valid ipv6 gateway for a joined endpoint. Instead found an invalid gateway: %v", info.GatewayIPv6())
+	}
+
+	if info.Sandbox() == nil {
+		t.Fatalf("Expected an non-empty sandbox key for a joined endpoint. Instead found an empty sandbox key")
+	}
+
+	// Check endpoint provided container information
+	if ep1.Info().Sandbox().Key() != sb.Key() {
+		t.Fatalf("Endpoint Info returned unexpected sandbox key: %s", sb.Key())
+	}
+
+	// Attempt retrieval of endpoint interfaces statistics
+	stats, err := sb.Statistics()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, ok := stats["eth0"]; !ok {
+		t.Fatalf("Did not find eth0 statistics")
+	}
+
+	// Now test the container joining another network
+	n2, err := createTestNetwork(bridgeNetType, "testnetwork2",
+		options.Generic{
+			netlabel.GenericData: options.Generic{
+				"BridgeName": "testnetwork2",
+			},
+		}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep2, err := n2.CreateEndpoint("ep2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep2.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep2.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep2.Leave(sb)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if ep1.Info().Sandbox().Key() != ep2.Info().Sandbox().Key() {
+		t.Fatalf("ep1 and ep2 returned different container sandbox key")
+	}
+
+	checkSandbox(t, info)
+}
+
+func TestExternalKey(t *testing.T) {
+	externalKeyTest(t, false)
+}
+
+func externalKeyTest(t *testing.T, reexec bool) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	n2, err := createTestNetwork(bridgeNetType, "testnetwork2", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork2",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep.Delete(false)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep2, err := n2.CreateEndpoint("ep2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep2.Delete(false)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	cnt, err := controller.NewSandbox(containerID,
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionUseExternalKey(),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"))
+	defer func() {
+		if err := cnt.Delete(); err != nil {
+			t.Fatal(err)
+		}
+		osl.GC()
+	}()
+
+	// Join endpoint to sandbox before SetKey
+	err = ep.Join(cnt)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep.Leave(cnt)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	sbox := ep.Info().Sandbox()
+	if sbox == nil {
+		t.Fatalf("Expected to have a valid Sandbox")
+	}
+
+	if reexec {
+		err := reexecSetKey("this-must-fail", containerID, controller.ID())
+		if err == nil {
+			t.Fatalf("SetExternalKey must fail if the corresponding namespace is not created")
+		}
+	} else {
+		// Setting an non-existing key (namespace) must fail
+		if err := sbox.SetKey("this-must-fail"); err == nil {
+			t.Fatalf("Setkey must fail if the corresponding namespace is not created")
+		}
+	}
+
+	// Create a new OS sandbox using the osl API before using it in SetKey
+	if extOsBox, err := osl.NewSandbox("ValidKey", true, false); err != nil {
+		t.Fatalf("Failed to create new osl sandbox")
+	} else {
+		defer func() {
+			if err := extOsBox.Destroy(); err != nil {
+				logrus.Warnf("Failed to remove os sandbox: %v", err)
+			}
+		}()
+	}
+
+	if reexec {
+		err := reexecSetKey("ValidKey", containerID, controller.ID())
+		if err != nil {
+			t.Fatalf("SetExternalKey failed with %v", err)
+		}
+	} else {
+		if err := sbox.SetKey("ValidKey"); err != nil {
+			t.Fatalf("Setkey failed with %v", err)
+		}
+	}
+
+	// Join endpoint to sandbox after SetKey
+	err = ep2.Join(sbox)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep2.Leave(sbox)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if ep.Info().Sandbox().Key() != ep2.Info().Sandbox().Key() {
+		t.Fatalf("ep1 and ep2 returned different container sandbox key")
+	}
+
+	checkSandbox(t, ep.Info())
+}
+
+func reexecSetKey(key string, containerID string, controllerID string) error {
+	type libcontainerState struct {
+		NamespacePaths map[string]string
+	}
+	var (
+		state libcontainerState
+		b     []byte
+		err   error
+	)
+
+	state.NamespacePaths = make(map[string]string)
+	state.NamespacePaths["NEWNET"] = key
+	if b, err = json.Marshal(state); err != nil {
+		return err
+	}
+	cmd := &exec.Cmd{
+		Path:   reexec.Self(),
+		Args:   append([]string{"libnetwork-setkey"}, containerID, controllerID),
+		Stdin:  strings.NewReader(string(b)),
+		Stdout: os.Stdout,
+		Stderr: os.Stderr,
+	}
+	return cmd.Run()
+}
+
+func TestEnableIPv6(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	tmpResolvConf := []byte("search pommesfrites.fr\nnameserver 12.34.56.78\nnameserver 2001:4860:4860::8888\n")
+	expectedResolvConf := []byte("search pommesfrites.fr\nnameserver 127.0.0.11\nnameserver 2001:4860:4860::8888\noptions ndots:0\n")
+	//take a copy of resolv.conf for restoring after test completes
+	resolvConfSystem, err := os.ReadFile("/etc/resolv.conf")
+	if err != nil {
+		t.Fatal(err)
+	}
+	//cleanup
+	defer func() {
+		if err := os.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	netOption := options.Generic{
+		netlabel.EnableIPv6: true,
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}
+	ipamV6ConfList := []*libnetwork.IpamConf{{PreferredPool: "fe99::/64", Gateway: "fe99::9"}}
+
+	n, err := createTestNetwork("bridge", "testnetwork", netOption, nil, ipamV6ConfList)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep1, err := n.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	resolvConfPath := "/tmp/libnetwork_test/resolv.conf"
+	defer os.Remove(resolvConfPath)
+
+	sb, err := controller.NewSandbox(containerID, libnetwork.OptionResolvConfPath(resolvConfPath))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep1.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(resolvConfPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(content, expectedResolvConf) {
+		t.Fatalf("Expected:\n%s\nGot:\n%s", string(expectedResolvConf), string(content))
+	}
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestResolvConfHost(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	tmpResolvConf := []byte("search localhost.net\nnameserver 127.0.0.1\nnameserver 2001:4860:4860::8888\n")
+
+	//take a copy of resolv.conf for restoring after test completes
+	resolvConfSystem, err := os.ReadFile("/etc/resolv.conf")
+	if err != nil {
+		t.Fatal(err)
+	}
+	//cleanup
+	defer func() {
+		if err := os.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	n, err := controller.NetworkByName("testhost")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ep1, err := n.CreateEndpoint("ep1", libnetwork.CreateOptionDisableResolution())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	resolvConfPath := "/tmp/libnetwork_test/resolv.conf"
+	defer os.Remove(resolvConfPath)
+
+	sb, err := controller.NewSandbox(containerID,
+		libnetwork.OptionUseDefaultSandbox(),
+		libnetwork.OptionResolvConfPath(resolvConfPath),
+		libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep1.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep1.Leave(sb)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	finfo, err := os.Stat(resolvConfPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fmode := (os.FileMode)(0644)
+	if finfo.Mode() != fmode {
+		t.Fatalf("Expected file mode %s, got %s", fmode.String(), finfo.Mode().String())
+	}
+
+	content, err := os.ReadFile(resolvConfPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(content, tmpResolvConf) {
+		t.Fatalf("Expected:\n%s\nGot:\n%s", string(tmpResolvConf), string(content))
+	}
+}
+
+func TestResolvConf(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	tmpResolvConf1 := []byte("search pommesfrites.fr\nnameserver 12.34.56.78\nnameserver 2001:4860:4860::8888\n")
+	tmpResolvConf2 := []byte("search pommesfrites.fr\nnameserver 112.34.56.78\nnameserver 2001:4860:4860::8888\n")
+	expectedResolvConf1 := []byte("search pommesfrites.fr\nnameserver 127.0.0.11\noptions ndots:0\n")
+	tmpResolvConf3 := []byte("search pommesfrites.fr\nnameserver 113.34.56.78\n")
+
+	//take a copy of resolv.conf for restoring after test completes
+	resolvConfSystem, err := os.ReadFile("/etc/resolv.conf")
+	if err != nil {
+		t.Fatal(err)
+	}
+	//cleanup
+	defer func() {
+		if err := os.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}
+	n, err := createTestNetwork("bridge", "testnetwork", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("ep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.WriteFile("/etc/resolv.conf", tmpResolvConf1, 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	resolvConfPath := "/tmp/libnetwork_test/resolv.conf"
+	defer os.Remove(resolvConfPath)
+
+	sb1, err := controller.NewSandbox(containerID, libnetwork.OptionResolvConfPath(resolvConfPath))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sb1.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(sb1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	finfo, err := os.Stat(resolvConfPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fmode := (os.FileMode)(0644)
+	if finfo.Mode() != fmode {
+		t.Fatalf("Expected file mode %s, got %s", fmode.String(), finfo.Mode().String())
+	}
+
+	content, err := os.ReadFile(resolvConfPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(content, expectedResolvConf1) {
+		fmt.Printf("\n%v\n%v\n", expectedResolvConf1, content)
+		t.Fatalf("Expected:\n%s\nGot:\n%s", string(expectedResolvConf1), string(content))
+	}
+
+	err = ep.Leave(sb1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.WriteFile("/etc/resolv.conf", tmpResolvConf2, 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	sb2, err := controller.NewSandbox(containerID+"_2", libnetwork.OptionResolvConfPath(resolvConfPath))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sb2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(sb2)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err = os.ReadFile(resolvConfPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(content, expectedResolvConf1) {
+		t.Fatalf("Expected:\n%s\nGot:\n%s", string(expectedResolvConf1), string(content))
+	}
+
+	if err := os.WriteFile(resolvConfPath, tmpResolvConf3, 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	err = ep.Leave(sb2)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ep.Join(sb2)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err = os.ReadFile(resolvConfPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(content, tmpResolvConf3) {
+		t.Fatalf("Expected:\n%s\nGot:\n%s", string(tmpResolvConf3), string(content))
+	}
+}
+
+func parallelJoin(t *testing.T, rc libnetwork.Sandbox, ep libnetwork.Endpoint, thrNumber int) {
+	debugf("J%d.", thrNumber)
+	var err error
+
+	sb := sboxes[thrNumber-1]
+	err = ep.Join(sb)
+
+	runtime.LockOSThread()
+	if err != nil {
+		if _, ok := err.(types.ForbiddenError); !ok {
+			t.Fatalf("thread %d: %v", thrNumber, err)
+		}
+		debugf("JE%d(%v).", thrNumber, err)
+	}
+	debugf("JD%d.", thrNumber)
+}
+
+func parallelLeave(t *testing.T, rc libnetwork.Sandbox, ep libnetwork.Endpoint, thrNumber int) {
+	debugf("L%d.", thrNumber)
+	var err error
+
+	sb := sboxes[thrNumber-1]
+
+	err = ep.Leave(sb)
+	runtime.LockOSThread()
+	if err != nil {
+		if _, ok := err.(types.ForbiddenError); !ok {
+			t.Fatalf("thread %d: %v", thrNumber, err)
+		}
+		debugf("LE%d(%v).", thrNumber, err)
+	}
+	debugf("LD%d.", thrNumber)
+}
+
+func runParallelTests(t *testing.T, thrNumber int) {
+	var (
+		ep  libnetwork.Endpoint
+		sb  libnetwork.Sandbox
+		err error
+	)
+
+	t.Parallel()
+
+	pTest := flag.Lookup("test.parallel")
+	if pTest == nil {
+		t.Skip("Skipped because test.parallel flag not set;")
+	}
+	numParallel, err := strconv.Atoi(pTest.Value.String())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if numParallel < numThreads {
+		t.Skip("Skipped because t.parallel was less than ", numThreads)
+	}
+
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	if thrNumber == first {
+		createGlobalInstance(t)
+	}
+
+	if thrNumber != first {
+		<-start
+
+		thrdone := make(chan struct{})
+		done <- thrdone
+		defer close(thrdone)
+
+		if thrNumber == last {
+			defer close(done)
+		}
+
+		err = netns.Set(testns)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+	defer func() {
+		if err := netns.Set(origins); err != nil {
+			// NOTE(@cpuguy83): This...
+			// I touched this code because the linter found that we weren't checking the error...
+			// It returns an error because "origins" is a closed file handle *unless* createGlobalInstance is called.
+			// Which... this test is run in parallel and `createGlobalInstance` modifies `origins` without synchronization.
+			// I'm not sure what exactly the *intent* of this code was, but it looks very broken.
+			// Anyway that's why I'm only logging the error and not failing the test.
+			t.Log(err)
+		}
+	}()
+
+	net1, err := controller.NetworkByName("testhost")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if net1 == nil {
+		t.Fatal("Could not find testhost")
+	}
+
+	net2, err := controller.NetworkByName("network2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if net2 == nil {
+		t.Fatal("Could not find network2")
+	}
+
+	epName := fmt.Sprintf("pep%d", thrNumber)
+
+	if thrNumber == first {
+		ep, err = net1.EndpointByName(epName)
+	} else {
+		ep, err = net2.EndpointByName(epName)
+	}
+
+	if err != nil {
+		t.Fatal(err)
+	}
+	if ep == nil {
+		t.Fatal("Got nil ep with no error")
+	}
+
+	cid := fmt.Sprintf("%drace", thrNumber)
+	controller.WalkSandboxes(libnetwork.SandboxContainerWalker(&sb, cid))
+	if sb == nil {
+		t.Fatalf("Got nil sandbox for container: %s", cid)
+	}
+
+	for i := 0; i < iterCnt; i++ {
+		parallelJoin(t, sb, ep, thrNumber)
+		parallelLeave(t, sb, ep, thrNumber)
+	}
+
+	debugf("\n")
+
+	err = sb.Delete()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if thrNumber == first {
+		for thrdone := range done {
+			<-thrdone
+		}
+
+		testns.Close()
+		if err := net2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	} else {
+		err = ep.Delete(false)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+func TestParallel1(t *testing.T) {
+	runParallelTests(t, 1)
+}
+
+func TestParallel2(t *testing.T) {
+	runParallelTests(t, 2)
+}
+
+func TestBridge(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		netlabel.EnableIPv6: true,
+		netlabel.GenericData: options.Generic{
+			"BridgeName":         "testnetwork",
+			"EnableICC":          true,
+			"EnableIPMasquerade": true,
+		},
+	}
+	ipamV4ConfList := []*libnetwork.IpamConf{{PreferredPool: "192.168.100.0/24", Gateway: "192.168.100.1"}}
+	ipamV6ConfList := []*libnetwork.IpamConf{{PreferredPool: "fe90::/64", Gateway: "fe90::22"}}
+
+	network, err := createTestNetwork(bridgeNetType, "testnetwork", netOption, ipamV4ConfList, ipamV6ConfList)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := network.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := network.CreateEndpoint("testep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sb, err := controller.NewSandbox(containerID, libnetwork.OptionPortMapping(getPortMapping()))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	epInfo, err := ep.DriverInfo()
+	if err != nil {
+		t.Fatal(err)
+	}
+	pmd, ok := epInfo[netlabel.PortMap]
+	if !ok {
+		t.Fatalf("Could not find expected info in endpoint data")
+	}
+	pm, ok := pmd.([]types.PortBinding)
+	if !ok {
+		t.Fatalf("Unexpected format for port mapping in endpoint operational data")
+	}
+	expectedLen := 10
+	if !isV6Listenable() {
+		expectedLen = 5
+	}
+	if len(pm) != expectedLen {
+		t.Fatalf("Incomplete data for port mapping in endpoint operational data: %d", len(pm))
+	}
+}
+
+var (
+	v6ListenableCached bool
+	v6ListenableOnce   sync.Once
+)
+
+// This is copied from the bridge driver package b/c the bridge driver is not platform agnostic.
+func isV6Listenable() bool {
+	v6ListenableOnce.Do(func() {
+		ln, err := net.Listen("tcp6", "[::1]:0")
+		if err != nil {
+			// When the kernel was booted with `ipv6.disable=1`,
+			// we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
+			// https://github.com/moby/moby/issues/42288
+			logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
+		} else {
+			v6ListenableCached = true
+			ln.Close()
+		}
+	})
+	return v6ListenableCached
+}
+
+func TestParallel3(t *testing.T) {
+	runParallelTests(t, 3)
+}
+
+func TestNullIpam(t *testing.T) {
+	_, err := controller.NewNetwork(bridgeNetType, "testnetworkinternal", "", libnetwork.NetworkOptionIpam(ipamapi.NullIPAM, "", nil, nil, nil))
+	if err == nil || err.Error() != "ipv4 pool is empty" {
+		t.Fatal("bridge network should complain empty pool")
+	}
+}
diff --git a/libnetwork/libnetwork_test.go b/libnetwork/libnetwork_test.go
new file mode 100644
index 0000000000000..e64f957d748fd
--- /dev/null
+++ b/libnetwork/libnetwork_test.go
@@ -0,0 +1,1366 @@
+//go:build linux
+// +build linux
+
+package libnetwork_test
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+
+	"github.com/docker/docker/libnetwork"
+	"github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/sirupsen/logrus"
+)
+
+var controller libnetwork.NetworkController
+
+func TestMain(m *testing.M) {
+	if runtime.GOOS == "windows" {
+		logrus.Info("Test suite does not currently support windows")
+		os.Exit(0)
+	}
+	if reexec.Init() {
+		return
+	}
+
+	if err := createController(); err != nil {
+		logrus.Errorf("Error creating controller: %v", err)
+		os.Exit(1)
+	}
+
+	x := m.Run()
+	controller.Stop()
+	os.Exit(x)
+}
+
+func createController() error {
+	var err error
+
+	// Cleanup local datastore file
+	os.Remove(datastore.DefaultScopes("")[datastore.LocalScope].Client.Address)
+
+	option := options.Generic{
+		"EnableIPForwarding": true,
+	}
+
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = option
+
+	cfgOptions, err := libnetwork.OptionBoltdbWithRandomDBFile()
+	if err != nil {
+		return err
+	}
+	controller, err = libnetwork.New(append(cfgOptions, config.OptionDriverConfig(bridgeNetType, genericOption))...)
+	return err
+}
+
+func createTestNetwork(networkType, networkName string, netOption options.Generic, ipamV4Configs, ipamV6Configs []*libnetwork.IpamConf) (libnetwork.Network, error) {
+	return controller.NewNetwork(networkType, networkName, "",
+		libnetwork.NetworkOptionGeneric(netOption),
+		libnetwork.NetworkOptionIpam(ipamapi.DefaultIPAM, "", ipamV4Configs, ipamV6Configs, nil))
+}
+
+func getEmptyGenericOption() map[string]interface{} {
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = map[string]string{}
+	return genericOption
+}
+
+func getPortMapping() []types.PortBinding {
+	return []types.PortBinding{
+		{Proto: types.TCP, Port: uint16(230), HostPort: uint16(23000)},
+		{Proto: types.UDP, Port: uint16(200), HostPort: uint16(22000)},
+		{Proto: types.TCP, Port: uint16(120), HostPort: uint16(12000)},
+		{Proto: types.TCP, Port: uint16(320), HostPort: uint16(32000), HostPortEnd: uint16(32999)},
+		{Proto: types.UDP, Port: uint16(420), HostPort: uint16(42000), HostPortEnd: uint16(42001)},
+	}
+}
+
+func isNotFound(err error) bool {
+	_, ok := (err).(types.NotFoundError)
+	return ok
+}
+
+func TestNull(t *testing.T) {
+	cnt, err := controller.NewSandbox("null_container",
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	network, err := createTestNetwork("null", "testnull", options.Generic{}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ep, err := network.CreateEndpoint("testep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ep.Join(cnt)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ep.Leave(cnt)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep.Delete(false); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := cnt.Delete(); err != nil {
+		t.Fatal(err)
+	}
+
+	// host type is special network. Cannot be removed.
+	err = network.Delete()
+	if err == nil {
+		t.Fatal(err)
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("Unexpected error type")
+	}
+}
+
+func TestUnknownDriver(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	_, err := createTestNetwork("unknowndriver", "testnetwork", options.Generic{}, nil, nil)
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if !isNotFound(err) {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+}
+
+func TestNilRemoteDriver(t *testing.T) {
+	_, err := controller.NewNetwork("framerelay", "dummy", "",
+		libnetwork.NetworkOptionGeneric(getEmptyGenericOption()))
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if !isNotFound(err) {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+}
+
+func TestNetworkName(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}
+
+	_, err := createTestNetwork(bridgeNetType, "", netOption, nil, nil)
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if _, ok := err.(libnetwork.ErrInvalidName); !ok {
+		t.Fatalf("Expected to fail with ErrInvalidName error. Got %v", err)
+	}
+
+	networkName := "testnetwork"
+	n, err := createTestNetwork(bridgeNetType, networkName, netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if n.Name() != networkName {
+		t.Fatalf("Expected network name %s, got %s", networkName, n.Name())
+	}
+}
+
+func TestNetworkType(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}
+
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if n.Type() != bridgeNetType {
+		t.Fatalf("Expected network type %s, got %s", bridgeNetType, n.Type())
+	}
+}
+
+func TestNetworkID(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}
+
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if n.ID() == "" {
+		t.Fatal("Expected non-empty network id")
+	}
+}
+
+func TestDeleteNetworkWithActiveEndpoints(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		"BridgeName": "testnetwork",
+	}
+	option := options.Generic{
+		netlabel.GenericData: netOption,
+	}
+
+	network, err := createTestNetwork(bridgeNetType, "testnetwork", option, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ep, err := network.CreateEndpoint("testep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = network.Delete()
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if _, ok := err.(*libnetwork.ActiveEndpointsError); !ok {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+
+	// Done testing. Now cleanup.
+	if err := ep.Delete(false); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := network.Delete(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestNetworkConfig(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	// Verify config network cannot inherit another config network
+	_, err := controller.NewNetwork("bridge", "config_network0", "",
+		libnetwork.NetworkOptionConfigOnly(),
+		libnetwork.NetworkOptionConfigFrom("anotherConfigNw"))
+
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+
+	// Create supported config network
+	netOption := options.Generic{
+		"EnableICC": false,
+	}
+	option := options.Generic{
+		netlabel.GenericData: netOption,
+	}
+	ipamV4ConfList := []*libnetwork.IpamConf{{PreferredPool: "192.168.100.0/24", SubPool: "192.168.100.128/25", Gateway: "192.168.100.1"}}
+	ipamV6ConfList := []*libnetwork.IpamConf{{PreferredPool: "2001:db8:abcd::/64", SubPool: "2001:db8:abcd::ef99/80", Gateway: "2001:db8:abcd::22"}}
+
+	netOptions := []libnetwork.NetworkOption{
+		libnetwork.NetworkOptionConfigOnly(),
+		libnetwork.NetworkOptionEnableIPv6(true),
+		libnetwork.NetworkOptionGeneric(option),
+		libnetwork.NetworkOptionIpam("default", "", ipamV4ConfList, ipamV6ConfList, nil),
+	}
+
+	configNetwork, err := controller.NewNetwork(bridgeNetType, "config_network0", "", netOptions...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Verify a config-only network cannot be created with network operator configurations
+	for i, opt := range []libnetwork.NetworkOption{
+		libnetwork.NetworkOptionInternalNetwork(),
+		libnetwork.NetworkOptionAttachable(true),
+		libnetwork.NetworkOptionIngress(true),
+	} {
+		_, err = controller.NewNetwork(bridgeNetType, "testBR", "",
+			libnetwork.NetworkOptionConfigOnly(), opt)
+		if err == nil {
+			t.Fatalf("Expected to fail. But instead succeeded for option: %d", i)
+		}
+		if _, ok := err.(types.ForbiddenError); !ok {
+			t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+		}
+	}
+
+	// Verify a network cannot be created with both config-from and network specific configurations
+	for i, opt := range []libnetwork.NetworkOption{
+		libnetwork.NetworkOptionEnableIPv6(true),
+		libnetwork.NetworkOptionIpam("my-ipam", "", nil, nil, nil),
+		libnetwork.NetworkOptionIpam("", "", ipamV4ConfList, nil, nil),
+		libnetwork.NetworkOptionIpam("", "", nil, ipamV6ConfList, nil),
+		libnetwork.NetworkOptionLabels(map[string]string{"number": "two"}),
+		libnetwork.NetworkOptionDriverOpts(map[string]string{"com.docker.network.driver.mtu": "1600"}),
+	} {
+		_, err = controller.NewNetwork(bridgeNetType, "testBR", "",
+			libnetwork.NetworkOptionConfigFrom("config_network0"), opt)
+		if err == nil {
+			t.Fatalf("Expected to fail. But instead succeeded for option: %d", i)
+		}
+		if _, ok := err.(types.ForbiddenError); !ok {
+			t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+		}
+	}
+
+	// Create a valid network
+	network, err := controller.NewNetwork(bridgeNetType, "testBR", "",
+		libnetwork.NetworkOptionConfigFrom("config_network0"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Verify the config network cannot be removed
+	err = configNetwork.Delete()
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+
+	// Delete network
+	if err := network.Delete(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Verify the config network can now be removed
+	if err := configNetwork.Delete(); err != nil {
+		t.Fatal(err)
+	}
+
+}
+
+func TestUnknownNetwork(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		"BridgeName": "testnetwork",
+	}
+	option := options.Generic{
+		netlabel.GenericData: netOption,
+	}
+
+	network, err := createTestNetwork(bridgeNetType, "testnetwork", option, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = network.Delete()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = network.Delete()
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if _, ok := err.(*libnetwork.UnknownNetworkError); !ok {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+}
+
+func TestUnknownEndpoint(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		"BridgeName": "testnetwork",
+	}
+	option := options.Generic{
+		netlabel.GenericData: netOption,
+	}
+	ipamV4ConfList := []*libnetwork.IpamConf{{PreferredPool: "192.168.100.0/24"}}
+
+	network, err := createTestNetwork(bridgeNetType, "testnetwork", option, ipamV4ConfList, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = network.CreateEndpoint("")
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+	if _, ok := err.(libnetwork.ErrInvalidName); !ok {
+		t.Fatalf("Expected to fail with ErrInvalidName error. Actual error: %v", err)
+	}
+
+	ep, err := network.CreateEndpoint("testep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ep.Delete(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Done testing. Now cleanup
+	if err := network.Delete(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestNetworkEndpointsWalkers(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	// Create network 1 and add 2 endpoint: ep11, ep12
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "network1",
+		},
+	}
+
+	net1, err := createTestNetwork(bridgeNetType, "network1", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := net1.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep11, err := net1.CreateEndpoint("ep11")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep11.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep12, err := net1.CreateEndpoint("ep12")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep12.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// Test list methods on net1
+	epList1 := net1.Endpoints()
+	if len(epList1) != 2 {
+		t.Fatalf("Endpoints() returned wrong number of elements: %d instead of 2", len(epList1))
+	}
+	// endpoint order is not guaranteed
+	for _, e := range epList1 {
+		if e != ep11 && e != ep12 {
+			t.Fatal("Endpoints() did not return all the expected elements")
+		}
+	}
+
+	// Test Endpoint Walk method
+	var epName string
+	var epWanted libnetwork.Endpoint
+	wlk := func(ep libnetwork.Endpoint) bool {
+		if ep.Name() == epName {
+			epWanted = ep
+			return true
+		}
+		return false
+	}
+
+	// Look for ep1 on network1
+	epName = "ep11"
+	net1.WalkEndpoints(wlk)
+	if epWanted == nil {
+		t.Fatal(err)
+	}
+	if ep11 != epWanted {
+		t.Fatal(err)
+	}
+
+	current := len(controller.Networks())
+
+	// Create network 2
+	netOption = options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "network2",
+		},
+	}
+
+	net2, err := createTestNetwork(bridgeNetType, "network2", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := net2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// Test Networks method
+	if len(controller.Networks()) != current+1 {
+		t.Fatalf("Did not find the expected number of networks")
+	}
+
+	// Test Network Walk method
+	var netName string
+	var netWanted libnetwork.Network
+	nwWlk := func(nw libnetwork.Network) bool {
+		if nw.Name() == netName {
+			netWanted = nw
+			return true
+		}
+		return false
+	}
+
+	// Look for network named "network1" and "network2"
+	netName = "network1"
+	controller.WalkNetworks(nwWlk)
+	if netWanted == nil {
+		t.Fatal(err)
+	}
+	if net1.ID() != netWanted.ID() {
+		t.Fatal(err)
+	}
+
+	netName = "network2"
+	controller.WalkNetworks(nwWlk)
+	if netWanted == nil {
+		t.Fatal(err)
+	}
+	if net2.ID() != netWanted.ID() {
+		t.Fatal(err)
+	}
+}
+
+func TestDuplicateEndpoint(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep2, err := n.CreateEndpoint("ep1")
+	defer func() {
+		// Cleanup ep2 as well, else network cleanup might fail for failure cases
+		if ep2 != nil {
+			if err := ep2.Delete(false); err != nil {
+				t.Fatal(err)
+			}
+		}
+	}()
+
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+}
+
+func TestControllerQuery(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	// Create network 1
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "network1",
+		},
+	}
+	net1, err := createTestNetwork(bridgeNetType, "network1", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := net1.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// Create network 2
+	netOption = options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "network2",
+		},
+	}
+	net2, err := createTestNetwork(bridgeNetType, "network2", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := net2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	_, err = controller.NetworkByName("")
+	if err == nil {
+		t.Fatalf("NetworkByName() succeeded with invalid target name")
+	}
+	if _, ok := err.(libnetwork.ErrInvalidName); !ok {
+		t.Fatalf("Expected NetworkByName() to fail with ErrInvalidName error. Got: %v", err)
+	}
+
+	_, err = controller.NetworkByID("")
+	if err == nil {
+		t.Fatalf("NetworkByID() succeeded with invalid target id")
+	}
+	if _, ok := err.(libnetwork.ErrInvalidID); !ok {
+		t.Fatalf("NetworkByID() failed with unexpected error: %v", err)
+	}
+
+	g, err := controller.NetworkByID("network1")
+	if err == nil {
+		t.Fatalf("Unexpected success for NetworkByID(): %v", g)
+	}
+	if _, ok := err.(libnetwork.ErrNoSuchNetwork); !ok {
+		t.Fatalf("NetworkByID() failed with unexpected error: %v", err)
+	}
+
+	g, err = controller.NetworkByName("network1")
+	if err != nil {
+		t.Fatalf("Unexpected failure for NetworkByName(): %v", err)
+	}
+	if g == nil {
+		t.Fatalf("NetworkByName() did not find the network")
+	}
+
+	if g != net1 {
+		t.Fatalf("NetworkByName() returned the wrong network")
+	}
+
+	g, err = controller.NetworkByID(net1.ID())
+	if err != nil {
+		t.Fatalf("Unexpected failure for NetworkByID(): %v", err)
+	}
+	if net1.ID() != g.ID() {
+		t.Fatalf("NetworkByID() returned unexpected element: %v", g)
+	}
+
+	g, err = controller.NetworkByName("network2")
+	if err != nil {
+		t.Fatalf("Unexpected failure for NetworkByName(): %v", err)
+	}
+	if g == nil {
+		t.Fatalf("NetworkByName() did not find the network")
+	}
+
+	if g != net2 {
+		t.Fatalf("NetworkByName() returned the wrong network")
+	}
+
+	g, err = controller.NetworkByID(net2.ID())
+	if err != nil {
+		t.Fatalf("Unexpected failure for NetworkByID(): %v", err)
+	}
+	if net2.ID() != g.ID() {
+		t.Fatalf("NetworkByID() returned unexpected element: %v", g)
+	}
+}
+
+func TestNetworkQuery(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	// Create network 1 and add 2 endpoint: ep11, ep12
+	netOption := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "network1",
+		},
+	}
+	net1, err := createTestNetwork(bridgeNetType, "network1", netOption, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := net1.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep11, err := net1.CreateEndpoint("ep11")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep11.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep12, err := net1.CreateEndpoint("ep12")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep12.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	e, err := net1.EndpointByName("ep11")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if ep11 != e {
+		t.Fatalf("EndpointByName() returned %v instead of %v", e, ep11)
+	}
+
+	_, err = net1.EndpointByName("")
+	if err == nil {
+		t.Fatalf("EndpointByName() succeeded with invalid target name")
+	}
+	if _, ok := err.(libnetwork.ErrInvalidName); !ok {
+		t.Fatalf("Expected EndpointByName() to fail with ErrInvalidName error. Got: %v", err)
+	}
+
+	e, err = net1.EndpointByName("IamNotAnEndpoint")
+	if err == nil {
+		t.Fatalf("EndpointByName() succeeded with unknown target name")
+	}
+	if _, ok := err.(libnetwork.ErrNoSuchEndpoint); !ok {
+		t.Fatal(err)
+	}
+	if e != nil {
+		t.Fatalf("EndpointByName(): expected nil, got %v", e)
+	}
+
+	e, err = net1.EndpointByID(ep12.ID())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if ep12.ID() != e.ID() {
+		t.Fatalf("EndpointByID() returned %v instead of %v", e, ep12)
+	}
+
+	_, err = net1.EndpointByID("")
+	if err == nil {
+		t.Fatalf("EndpointByID() succeeded with invalid target id")
+	}
+	if _, ok := err.(libnetwork.ErrInvalidID); !ok {
+		t.Fatalf("EndpointByID() failed with unexpected error: %v", err)
+	}
+}
+
+const containerID = "valid_c"
+
+type fakeSandbox struct{}
+
+func (f *fakeSandbox) ID() string {
+	return "fake sandbox"
+}
+
+func (f *fakeSandbox) ContainerID() string {
+	return ""
+}
+
+func (f *fakeSandbox) Key() string {
+	return "fake key"
+}
+
+func (f *fakeSandbox) Labels() map[string]interface{} {
+	return nil
+}
+
+func (f *fakeSandbox) Statistics() (map[string]*types.InterfaceStatistics, error) {
+	return nil, nil
+}
+
+func (f *fakeSandbox) Refresh(opts ...libnetwork.SandboxOption) error {
+	return nil
+}
+
+func (f *fakeSandbox) Delete() error {
+	return nil
+}
+
+func (f *fakeSandbox) Rename(name string) error {
+	return nil
+}
+
+func (f *fakeSandbox) SetKey(key string) error {
+	return nil
+}
+
+func (f *fakeSandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
+	return nil, false
+}
+
+func (f *fakeSandbox) ResolveIP(ip string) string {
+	return ""
+}
+
+func (f *fakeSandbox) ResolveService(name string) ([]*net.SRV, []net.IP) {
+	return nil, nil
+}
+
+func (f *fakeSandbox) Endpoints() []libnetwork.Endpoint {
+	return nil
+}
+
+func (f *fakeSandbox) EnableService() error {
+	return nil
+}
+
+func (f *fakeSandbox) DisableService() error {
+	return nil
+}
+
+func TestEndpointDeleteWithActiveContainer(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	n2, err := createTestNetwork(bridgeNetType, "testnetwork2", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork2",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep.Delete(false)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	cnt, err := controller.NewSandbox(containerID,
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"))
+	defer func() {
+		if err := cnt.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(cnt)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep.Leave(cnt)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Delete(false)
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if _, ok := err.(*libnetwork.ActiveContainerError); !ok {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+}
+
+func TestEndpointMultipleJoins(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	n, err := createTestNetwork(bridgeNetType, "testmultiple", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testmultiple",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	sbx1, err := controller.NewSandbox(containerID,
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"))
+	defer func() {
+		if err := sbx1.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	sbx2, err := controller.NewSandbox("c2")
+	defer func() {
+		if err := sbx2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(sbx1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err = ep.Leave(sbx1)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Join(sbx2)
+	if err == nil {
+		t.Fatal("Expected to fail multiple joins for the same endpoint")
+	}
+
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("Failed with unexpected error type: %T. Desc: %s", err, err.Error())
+	}
+
+}
+
+func TestLeaveAll(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		// If this goes through, it means cnt.Delete() effectively detached from all the endpoints
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	n2, err := createTestNetwork(bridgeNetType, "testnetwork2", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork2",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep1, err := n.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ep2, err := n2.CreateEndpoint("ep2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cnt, err := controller.NewSandbox("leaveall")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ep1.Join(cnt)
+	if err != nil {
+		t.Fatalf("Failed to join ep1: %v", err)
+	}
+
+	err = ep2.Join(cnt)
+	if err != nil {
+		t.Fatalf("Failed to join ep2: %v", err)
+	}
+
+	err = cnt.Delete()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestContainerInvalidLeave(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := ep.Delete(false); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	cnt, err := controller.NewSandbox(containerID,
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := cnt.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep.Leave(cnt)
+	if err == nil {
+		t.Fatal("Expected to fail leave from an endpoint which has no active join")
+	}
+	if _, ok := err.(types.ForbiddenError); !ok {
+		t.Fatalf("Failed with unexpected error type: %T. Desc: %s", err, err.Error())
+	}
+
+	if err = ep.Leave(nil); err == nil {
+		t.Fatalf("Expected to fail leave nil Sandbox")
+	}
+	if _, ok := err.(types.BadRequestError); !ok {
+		t.Fatalf("Unexpected error type returned: %T. Desc: %s", err, err.Error())
+	}
+
+	fsbx := &fakeSandbox{}
+	if err = ep.Leave(fsbx); err == nil {
+		t.Fatalf("Expected to fail leave with invalid Sandbox")
+	}
+	if _, ok := err.(types.BadRequestError); !ok {
+		t.Fatalf("Unexpected error type returned: %T. Desc: %s", err, err.Error())
+	}
+}
+
+func TestEndpointUpdateParent(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	n, err := createTestNetwork(bridgeNetType, "testnetwork", options.Generic{
+		netlabel.GenericData: options.Generic{
+			"BridgeName": "testnetwork",
+		},
+	}, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep1, err := n.CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ep2, err := n.CreateEndpoint("ep2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sbx1, err := controller.NewSandbox(containerID,
+		libnetwork.OptionHostname("test"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionExtraHost("web", "192.168.0.1"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sbx1.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	sbx2, err := controller.NewSandbox("c2",
+		libnetwork.OptionHostname("test2"),
+		libnetwork.OptionDomainname("docker.io"),
+		libnetwork.OptionHostsPath("/var/lib/docker/test_network/container2/hosts"),
+		libnetwork.OptionExtraHost("web", "192.168.0.2"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := sbx2.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	err = ep1.Join(sbx1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ep2.Join(sbx2)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestInvalidRemoteDriver(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	if server == nil {
+		t.Fatal("Failed to start an HTTP Server")
+	}
+	defer server.Close()
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintln(w, `{"Implements": ["InvalidDriver"]}`)
+	})
+
+	if err := os.MkdirAll(specPath, 0755); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := os.RemoveAll(specPath); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if err := os.WriteFile(filepath.Join(specPath, "invalid-network-driver.spec"), []byte(server.URL), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	ctrlr, err := libnetwork.New()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer ctrlr.Stop()
+
+	_, err = ctrlr.NewNetwork("invalid-network-driver", "dummy", "",
+		libnetwork.NetworkOptionGeneric(getEmptyGenericOption()))
+	if err == nil {
+		t.Fatal("Expected to fail. But instead succeeded")
+	}
+
+	if !errors.Is(err, plugins.ErrNotImplements) {
+		t.Fatalf("Did not fail with expected error. Actual error: %v", err)
+	}
+}
+
+func TestValidRemoteDriver(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	if server == nil {
+		t.Fatal("Failed to start an HTTP Server")
+	}
+	defer server.Close()
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Implements": ["%s"]}`, driverapi.NetworkPluginEndpointType)
+	})
+	mux.HandleFunc(fmt.Sprintf("/%s.GetCapabilities", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Scope":"local"}`)
+	})
+	mux.HandleFunc(fmt.Sprintf("/%s.CreateNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+	mux.HandleFunc(fmt.Sprintf("/%s.DeleteNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	if err := os.MkdirAll(specPath, 0755); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := os.RemoveAll(specPath); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if err := os.WriteFile(filepath.Join(specPath, "valid-network-driver.spec"), []byte(server.URL), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	n, err := controller.NewNetwork("valid-network-driver", "dummy", "",
+		libnetwork.NetworkOptionGeneric(getEmptyGenericOption()))
+	if err != nil {
+		// Only fail if we could not find the plugin driver
+		if isNotFound(err) {
+			t.Fatal(err)
+		}
+		return
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+}
+
+var (
+	start  = make(chan struct{})
+	done   = make(chan chan struct{}, numThreads-1)
+	sboxes = make([]libnetwork.Sandbox, numThreads)
+)
+
+const (
+	iterCnt    = 25
+	numThreads = 3
+	first      = 1
+	last       = numThreads
+	debug      = false
+)
+
+func debugf(format string, a ...interface{}) {
+	if debug {
+		fmt.Printf(format, a...)
+	}
+}
diff --git a/libnetwork/libnetwork_unix_test.go b/libnetwork/libnetwork_unix_test.go
new file mode 100644
index 0000000000000..e039fa9065613
--- /dev/null
+++ b/libnetwork/libnetwork_unix_test.go
@@ -0,0 +1,6 @@
+//go:build !windows
+// +build !windows
+
+package libnetwork_test
+
+var specPath = "/etc/docker/plugins"
diff --git a/libnetwork/libnetwork_windows_test.go b/libnetwork/libnetwork_windows_test.go
new file mode 100644
index 0000000000000..b1a1fa667bc7a
--- /dev/null
+++ b/libnetwork/libnetwork_windows_test.go
@@ -0,0 +1,12 @@
+package libnetwork_test
+
+import (
+	"os"
+	"path/filepath"
+)
+
+const bridgeNetType = "nat"
+
+var (
+	specPath = filepath.Join(os.Getenv("programdata"), "docker", "plugins")
+)
diff --git a/libnetwork/netlabel/labels.go b/libnetwork/netlabel/labels.go
new file mode 100644
index 0000000000000..f5075a6c34909
--- /dev/null
+++ b/libnetwork/netlabel/labels.go
@@ -0,0 +1,132 @@
+package netlabel
+
+import (
+	"strings"
+)
+
+const (
+	// Prefix constant marks the reserved label space for libnetwork
+	Prefix = "com.docker.network"
+
+	// DriverPrefix constant marks the reserved label space for libnetwork drivers
+	DriverPrefix = Prefix + ".driver"
+
+	// DriverPrivatePrefix constant marks the reserved label space
+	// for internal libnetwork drivers
+	DriverPrivatePrefix = DriverPrefix + ".private"
+
+	// GenericData constant that helps to identify an option as a Generic constant
+	GenericData = Prefix + ".generic"
+
+	// PortMap constant represents Port Mapping
+	PortMap = Prefix + ".portmap"
+
+	// MacAddress constant represents Mac Address config of a Container
+	MacAddress = Prefix + ".endpoint.macaddress"
+
+	// ExposedPorts constant represents the container's Exposed Ports
+	ExposedPorts = Prefix + ".endpoint.exposedports"
+
+	// DNSServers A list of DNS servers associated with the endpoint
+	DNSServers = Prefix + ".endpoint.dnsservers"
+
+	//EnableIPv6 constant represents enabling IPV6 at network level
+	EnableIPv6 = Prefix + ".enable_ipv6"
+
+	// DriverMTU constant represents the MTU size for the network driver
+	DriverMTU = DriverPrefix + ".mtu"
+
+	// OverlayBindInterface constant represents overlay driver bind interface
+	OverlayBindInterface = DriverPrefix + ".overlay.bind_interface"
+
+	// OverlayNeighborIP constant represents overlay driver neighbor IP
+	OverlayNeighborIP = DriverPrefix + ".overlay.neighbor_ip"
+
+	// OverlayVxlanIDList constant represents a list of VXLAN Ids as csv
+	OverlayVxlanIDList = DriverPrefix + ".overlay.vxlanid_list"
+
+	// Gateway represents the gateway for the network
+	Gateway = Prefix + ".gateway"
+
+	// Internal constant represents that the network is internal which disables default gateway service
+	Internal = Prefix + ".internal"
+
+	// ContainerIfacePrefix can be used to override the interface prefix used inside the container
+	ContainerIfacePrefix = Prefix + ".container_iface_prefix"
+
+	// HostIP is the Source-IP Address used to SNAT container traffic
+	HostIP = Prefix + ".host_ipv4"
+)
+
+var (
+	// GlobalKVProvider constant represents the KV provider backend
+	GlobalKVProvider = MakeKVProvider("global")
+
+	// GlobalKVProviderURL constant represents the KV provider URL
+	GlobalKVProviderURL = MakeKVProviderURL("global")
+
+	// GlobalKVProviderConfig constant represents the KV provider Config
+	GlobalKVProviderConfig = MakeKVProviderConfig("global")
+
+	// GlobalKVClient constants represents the global kv store client
+	GlobalKVClient = MakeKVClient("global")
+
+	// LocalKVProvider constant represents the KV provider backend
+	LocalKVProvider = MakeKVProvider("local")
+
+	// LocalKVProviderURL constant represents the KV provider URL
+	LocalKVProviderURL = MakeKVProviderURL("local")
+
+	// LocalKVProviderConfig constant represents the KV provider Config
+	LocalKVProviderConfig = MakeKVProviderConfig("local")
+
+	// LocalKVClient constants represents the local kv store client
+	LocalKVClient = MakeKVClient("local")
+)
+
+// MakeKVProvider returns the kvprovider label for the scope
+func MakeKVProvider(scope string) string {
+	return DriverPrivatePrefix + scope + "kv_provider"
+}
+
+// MakeKVProviderURL returns the kvprovider url label for the scope
+func MakeKVProviderURL(scope string) string {
+	return DriverPrivatePrefix + scope + "kv_provider_url"
+}
+
+// MakeKVProviderConfig returns the kvprovider config label for the scope
+func MakeKVProviderConfig(scope string) string {
+	return DriverPrivatePrefix + scope + "kv_provider_config"
+}
+
+// MakeKVClient returns the kv client label for the scope
+func MakeKVClient(scope string) string {
+	return DriverPrivatePrefix + scope + "kv_client"
+}
+
+// Key extracts the key portion of the label
+func Key(label string) (key string) {
+	if kv := strings.SplitN(label, "=", 2); len(kv) > 0 {
+		key = kv[0]
+	}
+	return
+}
+
+// Value extracts the value portion of the label
+func Value(label string) (value string) {
+	if kv := strings.SplitN(label, "=", 2); len(kv) > 1 {
+		value = kv[1]
+	}
+	return
+}
+
+// KeyValue decomposes the label in the (key,value) pair
+func KeyValue(label string) (key string, value string) {
+	if kv := strings.SplitN(label, "=", 2); len(kv) > 0 {
+		key = kv[0]
+		if len(kv) > 1 {
+			value = kv[1]
+		}
+	}
+	return
+}
diff --git a/libnetwork/netlabel/labels_test.go b/libnetwork/netlabel/labels_test.go
new file mode 100644
index 0000000000000..01a660bc73bb6
--- /dev/null
+++ b/libnetwork/netlabel/labels_test.go
@@ -0,0 +1,28 @@
+package netlabel
+
+import (
+	"testing"
+)
+
+var input = []struct {
+	label string
+	key   string
+	value string
+}{
+	{"com.directory.person.name=joe", "com.directory.person.name", "joe"},
+	{"com.directory.person.age=24", "com.directory.person.age", "24"},
+	{"com.directory.person.address=1234 First st.", "com.directory.person.address", "1234 First st."},
+	{"com.directory.person.friends=", "com.directory.person.friends", ""},
+	{"com.directory.person.nickname=o=u=8", "com.directory.person.nickname", "o=u=8"},
+	{"", "", ""},
+	{"com.directory.person.student", "com.directory.person.student", ""},
+}
+
+func TestKeyValue(t *testing.T) {
+	for _, i := range input {
+		k, v := KeyValue(i.label)
+		if k != i.key || v != i.value {
+			t.Fatalf("unexpected: %s, %s", k, v)
+		}
+	}
+}
diff --git a/libnetwork/netutils/utils.go b/libnetwork/netutils/utils.go
new file mode 100644
index 0000000000000..76b2478cb7b13
--- /dev/null
+++ b/libnetwork/netutils/utils.go
@@ -0,0 +1,191 @@
+// Network utility functions.
+
+package netutils
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"strings"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+var (
+	// ErrNetworkOverlapsWithNameservers preformatted error
+	ErrNetworkOverlapsWithNameservers = errors.New("requested network overlaps with nameserver")
+	// ErrNetworkOverlaps preformatted error
+	ErrNetworkOverlaps = errors.New("requested network overlaps with existing network")
+)
+
+// CheckNameserverOverlaps checks whether the passed network overlaps with any of the nameservers
+func CheckNameserverOverlaps(nameservers []string, toCheck *net.IPNet) error {
+	if len(nameservers) > 0 {
+		for _, ns := range nameservers {
+			_, nsNetwork, err := net.ParseCIDR(ns)
+			if err != nil {
+				return err
+			}
+			if NetworkOverlaps(toCheck, nsNetwork) {
+				return ErrNetworkOverlapsWithNameservers
+			}
+		}
+	}
+	return nil
+}
+
+// NetworkOverlaps detects overlap between one IPNet and another
+func NetworkOverlaps(netX *net.IPNet, netY *net.IPNet) bool {
+	return netX.Contains(netY.IP) || netY.Contains(netX.IP)
+}
+
+// NetworkRange calculates the first and last IP addresses in an IPNet
+func NetworkRange(network *net.IPNet) (net.IP, net.IP) {
+	if network == nil {
+		return nil, nil
+	}
+
+	firstIP := network.IP.Mask(network.Mask)
+	lastIP := types.GetIPCopy(firstIP)
+	for i := 0; i < len(firstIP); i++ {
+		lastIP[i] = firstIP[i] | ^network.Mask[i]
+	}
+
+	if network.IP.To4() != nil {
+		firstIP = firstIP.To4()
+		lastIP = lastIP.To4()
+	}
+
+	return firstIP, lastIP
+}
+
+// GetIfaceAddr returns the first IPv4 address and slice of IPv6 addresses for the specified network interface
+func GetIfaceAddr(name string) (net.Addr, []net.Addr, error) {
+	iface, err := net.InterfaceByName(name)
+	if err != nil {
+		return nil, nil, err
+	}
+	addrs, err := iface.Addrs()
+	if err != nil {
+		return nil, nil, err
+	}
+	var addrs4, addrs6 []net.Addr
+	for _, addr := range addrs {
+		ip := (addr.(*net.IPNet)).IP
+		if ip4 := ip.To4(); ip4 != nil {
+			addrs4 = append(addrs4, addr)
+		} else if ip6 := ip.To16(); len(ip6) == net.IPv6len {
+			addrs6 = append(addrs6, addr)
+		}
+	}
+	switch {
+	case len(addrs4) == 0:
+		return nil, nil, fmt.Errorf("interface %v has no IPv4 addresses", name)
+	case len(addrs4) > 1:
+		fmt.Printf("Interface %v has more than 1 IPv4 address. Defaulting to using %v\n",
+			name, (addrs4[0].(*net.IPNet)).IP)
+	}
+	return addrs4[0], addrs6, nil
+}
+
+func genMAC(ip net.IP) net.HardwareAddr {
+	hw := make(net.HardwareAddr, 6)
+	// The first byte of the MAC address has to comply with these rules:
+	// 1. Unicast: Set the least-significant bit to 0.
+	// 2. Address is locally administered: Set the second-least-significant bit (U/L) to 1.
+	hw[0] = 0x02
+	// The first 24 bits of the MAC represent the Organizationally Unique Identifier (OUI).
+	// Since this address is locally administered, we can do whatever we want as long as
+	// it doesn't conflict with other addresses.
+	hw[1] = 0x42
+	// Fill the remaining 4 bytes based on the input
+	if ip == nil {
+		rand.Read(hw[2:])
+	} else {
+		copy(hw[2:], ip.To4())
+	}
+	return hw
+}
+
+// GenerateRandomMAC returns a new 6-byte(48-bit) hardware address (MAC)
+func GenerateRandomMAC() net.HardwareAddr {
+	return genMAC(nil)
+}
+
+// GenerateMACFromIP returns a locally administered MAC address where the 4 least
+// significant bytes are derived from the IPv4 address.
+func GenerateMACFromIP(ip net.IP) net.HardwareAddr {
+	return genMAC(ip)
+}
+
+// GenerateRandomName returns a new name joined with a prefix.  This size
+// specified is used to truncate the randomly generated value
+func GenerateRandomName(prefix string, size int) (string, error) {
+	id := make([]byte, 32)
+	if _, err := io.ReadFull(rand.Reader, id); err != nil {
+		return "", err
+	}
+	return prefix + hex.EncodeToString(id)[:size], nil
+}
+
+// ReverseIP accepts a V4 or V6 IP string in the canonical form and returns a reversed IP in
+// the dotted decimal form . This is used to setup the IP to service name mapping in the optimal
+// way for the DNS PTR queries.
+func ReverseIP(IP string) string {
+	var reverseIP []string
+
+	if net.ParseIP(IP).To4() != nil {
+		reverseIP = strings.Split(IP, ".")
+		l := len(reverseIP)
+		for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 {
+			reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i]
+		}
+	} else {
+		reverseIP = strings.Split(IP, ":")
+
+		// Reversed IPv6 is represented in dotted decimal instead of the typical
+		// colon hex notation
+		for key := range reverseIP {
+			if len(reverseIP[key]) == 0 { // expand the compressed 0s
+				reverseIP[key] = strings.Repeat("0000", 8-strings.Count(IP, ":"))
+			} else if len(reverseIP[key]) < 4 { // 0-padding needed
+				reverseIP[key] = strings.Repeat("0", 4-len(reverseIP[key])) + reverseIP[key]
+			}
+		}
+
+		reverseIP = strings.Split(strings.Join(reverseIP, ""), "")
+
+		l := len(reverseIP)
+		for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 {
+			reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i]
+		}
+	}
+
+	return strings.Join(reverseIP, ".")
+}
+
+// ParseAlias parses and validates the specified string as an alias format (name:alias)
+func ParseAlias(val string) (string, string, error) {
+	if val == "" {
+		return "", "", errors.New("empty string specified for alias")
+	}
+	arr := strings.SplitN(val, ":", 3)
+	if len(arr) > 2 {
+		return "", "", errors.New("bad format for alias: " + val)
+	}
+	if len(arr) == 1 {
+		return val, val, nil
+	}
+	return arr[0], arr[1], nil
+}
+
+// ValidateAlias validates that the specified string has a valid alias format (containerName:alias).
+func ValidateAlias(val string) (string, error) {
+	if _, _, err := ParseAlias(val); err != nil {
+		return val, err
+	}
+	return val, nil
+}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go b/libnetwork/netutils/utils_freebsd.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go
rename to libnetwork/netutils/utils_freebsd.go
index 02bcd32aa8e23..b703d73b17340 100644
--- a/vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go
+++ b/libnetwork/netutils/utils_freebsd.go
@@ -3,7 +3,7 @@ package netutils
 import (
 	"net"
 
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 // ElectInterfaceAddresses looks for an interface on the OS with the specified name
diff --git a/libnetwork/netutils/utils_linux.go b/libnetwork/netutils/utils_linux.go
new file mode 100644
index 0000000000000..a418c64044401
--- /dev/null
+++ b/libnetwork/netutils/utils_linux.go
@@ -0,0 +1,127 @@
+//go:build linux
+// +build linux
+
+// Network utility functions.
+
+package netutils
+
+import (
+	"fmt"
+	"net"
+	"strings"
+
+	"github.com/docker/docker/libnetwork/ipamutils"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/resolvconf"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/pkg/errors"
+	"github.com/vishvananda/netlink"
+)
+
+var (
+	networkGetRoutesFct func(netlink.Link, int) ([]netlink.Route, error)
+)
+
+// CheckRouteOverlaps checks whether the passed network overlaps with any existing routes
+func CheckRouteOverlaps(toCheck *net.IPNet) error {
+	if networkGetRoutesFct == nil {
+		networkGetRoutesFct = ns.NlHandle().RouteList
+	}
+	networks, err := networkGetRoutesFct(nil, netlink.FAMILY_V4)
+	if err != nil {
+		return err
+	}
+	for _, network := range networks {
+		if network.Dst != nil && network.Scope == netlink.SCOPE_LINK && NetworkOverlaps(toCheck, network.Dst) {
+			return ErrNetworkOverlaps
+		}
+	}
+	return nil
+}
+
+// GenerateIfaceName returns an interface name using the passed in
+// prefix and the length of random bytes. The api ensures that the
+// there are is no interface which exists with that name.
+func GenerateIfaceName(nlh *netlink.Handle, prefix string, len int) (string, error) {
+	linkByName := netlink.LinkByName
+	if nlh != nil {
+		linkByName = nlh.LinkByName
+	}
+	for i := 0; i < 3; i++ {
+		name, err := GenerateRandomName(prefix, len)
+		if err != nil {
+			continue
+		}
+		_, err = linkByName(name)
+		if err != nil {
+			if strings.Contains(err.Error(), "not found") {
+				return name, nil
+			}
+			return "", err
+		}
+	}
+	return "", types.InternalErrorf("could not generate interface name")
+}
+
+// ElectInterfaceAddresses looks for an interface on the OS with the
+// specified name and returns returns all its IPv4 and IPv6 addresses in CIDR notation.
+// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned.
+// If the interface does not exist, it chooses from a predefined
+// list the first IPv4 address which does not conflict with other
+// interfaces on the system.
+func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) {
+	var v4Nets, v6Nets []*net.IPNet
+
+	defer osl.InitOSContext()()
+
+	link, _ := ns.NlHandle().LinkByName(name)
+	if link != nil {
+		v4addr, err := ns.NlHandle().AddrList(link, netlink.FAMILY_V4)
+		if err != nil {
+			return nil, nil, err
+		}
+		v6addr, err := ns.NlHandle().AddrList(link, netlink.FAMILY_V6)
+		if err != nil {
+			return nil, nil, err
+		}
+		for _, nlAddr := range v4addr {
+			v4Nets = append(v4Nets, nlAddr.IPNet)
+		}
+		for _, nlAddr := range v6addr {
+			v6Nets = append(v6Nets, nlAddr.IPNet)
+		}
+	}
+
+	if link == nil || len(v4Nets) == 0 {
+		// Choose from predefined local scope networks
+		v4Net, err := FindAvailableNetwork(ipamutils.PredefinedLocalScopeDefaultNetworks)
+		if err != nil {
+			return nil, nil, errors.Wrapf(err, "PredefinedLocalScopeDefaultNetworks List: %+v",
+				ipamutils.PredefinedLocalScopeDefaultNetworks)
+		}
+		v4Nets = append(v4Nets, v4Net)
+	}
+
+	return v4Nets, v6Nets, nil
+}
+
+// FindAvailableNetwork returns a network from the passed list which does not
+// overlap with existing interfaces in the system
+func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) {
+	// We don't check for an error here, because we don't really care if we
+	// can't read /etc/resolv.conf. So instead we skip the append if resolvConf
+	// is nil. It either doesn't exist, or we can't read it for some reason.
+	var nameservers []string
+	if rc, err := resolvconf.Get(); err == nil {
+		nameservers = resolvconf.GetNameserversAsCIDR(rc.Content)
+	}
+	for _, nw := range list {
+		if err := CheckNameserverOverlaps(nameservers, nw); err == nil {
+			if err := CheckRouteOverlaps(nw); err == nil {
+				return nw, nil
+			}
+		}
+	}
+	return nil, fmt.Errorf("no available network")
+}
diff --git a/libnetwork/netutils/utils_linux_test.go b/libnetwork/netutils/utils_linux_test.go
new file mode 100644
index 0000000000000..ae9c42bc8a042
--- /dev/null
+++ b/libnetwork/netutils/utils_linux_test.go
@@ -0,0 +1,360 @@
+package netutils
+
+import (
+	"bytes"
+	"net"
+	"sort"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/ipamutils"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/vishvananda/netlink"
+)
+
+func TestNonOverlappingNameservers(t *testing.T) {
+	network := &net.IPNet{
+		IP:   []byte{192, 168, 0, 1},
+		Mask: []byte{255, 255, 255, 0},
+	}
+	nameservers := []string{
+		"127.0.0.1/32",
+	}
+
+	if err := CheckNameserverOverlaps(nameservers, network); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestOverlappingNameservers(t *testing.T) {
+	network := &net.IPNet{
+		IP:   []byte{192, 168, 0, 1},
+		Mask: []byte{255, 255, 255, 0},
+	}
+	nameservers := []string{
+		"192.168.0.1/32",
+	}
+
+	if err := CheckNameserverOverlaps(nameservers, network); err == nil {
+		t.Fatalf("Expected error %s got %s", ErrNetworkOverlapsWithNameservers, err)
+	}
+}
+
+func TestCheckRouteOverlaps(t *testing.T) {
+	networkGetRoutesFct = func(netlink.Link, int) ([]netlink.Route, error) {
+		routesData := []string{"10.0.2.0/32", "10.0.3.0/24", "10.0.42.0/24", "172.16.42.0/24", "192.168.142.0/24"}
+		routes := []netlink.Route{}
+		for _, addr := range routesData {
+			_, netX, _ := net.ParseCIDR(addr)
+			routes = append(routes, netlink.Route{Dst: netX, Scope: netlink.SCOPE_LINK})
+		}
+		// Add a route with a scope which should not overlap
+		_, netX, _ := net.ParseCIDR("10.0.5.0/24")
+		routes = append(routes, netlink.Route{Dst: netX, Scope: netlink.SCOPE_UNIVERSE})
+		return routes, nil
+	}
+	defer func() { networkGetRoutesFct = nil }()
+
+	_, netX, _ := net.ParseCIDR("172.16.0.1/24")
+	if err := CheckRouteOverlaps(netX); err != nil {
+		t.Fatal(err)
+	}
+
+	_, netX, _ = net.ParseCIDR("10.0.2.0/24")
+	if err := CheckRouteOverlaps(netX); err == nil {
+		t.Fatal("10.0.2.0/24 and 10.0.2.0 should overlap but it doesn't")
+	}
+
+	_, netX, _ = net.ParseCIDR("10.0.5.0/24")
+	if err := CheckRouteOverlaps(netX); err != nil {
+		t.Fatal("10.0.5.0/24 and 10.0.5.0 with scope UNIVERSE should not overlap but it does")
+	}
+}
+
+func TestCheckNameserverOverlaps(t *testing.T) {
+	nameservers := []string{"10.0.2.3/32", "192.168.102.1/32"}
+
+	_, netX, _ := net.ParseCIDR("10.0.2.3/32")
+
+	if err := CheckNameserverOverlaps(nameservers, netX); err == nil {
+		t.Fatalf("%s should overlap 10.0.2.3/32 but doesn't", netX)
+	}
+
+	_, netX, _ = net.ParseCIDR("192.168.102.2/32")
+
+	if err := CheckNameserverOverlaps(nameservers, netX); err != nil {
+		t.Fatalf("%s should not overlap %v but it does", netX, nameservers)
+	}
+}
+
+func AssertOverlap(CIDRx string, CIDRy string, t *testing.T) {
+	_, netX, _ := net.ParseCIDR(CIDRx)
+	_, netY, _ := net.ParseCIDR(CIDRy)
+	if !NetworkOverlaps(netX, netY) {
+		t.Errorf("%v and %v should overlap", netX, netY)
+	}
+}
+
+func AssertNoOverlap(CIDRx string, CIDRy string, t *testing.T) {
+	_, netX, _ := net.ParseCIDR(CIDRx)
+	_, netY, _ := net.ParseCIDR(CIDRy)
+	if NetworkOverlaps(netX, netY) {
+		t.Errorf("%v and %v should not overlap", netX, netY)
+	}
+}
+
+func TestNetworkOverlaps(t *testing.T) {
+	//netY starts at same IP and ends within netX
+	AssertOverlap("172.16.0.1/24", "172.16.0.1/25", t)
+	//netY starts within netX and ends at same IP
+	AssertOverlap("172.16.0.1/24", "172.16.0.128/25", t)
+	//netY starts and ends within netX
+	AssertOverlap("172.16.0.1/24", "172.16.0.64/25", t)
+	//netY starts at same IP and ends outside of netX
+	AssertOverlap("172.16.0.1/24", "172.16.0.1/23", t)
+	//netY starts before and ends at same IP of netX
+	AssertOverlap("172.16.1.1/24", "172.16.0.1/23", t)
+	//netY starts before and ends outside of netX
+	AssertOverlap("172.16.1.1/24", "172.16.0.1/22", t)
+	//netY starts and ends before netX
+	AssertNoOverlap("172.16.1.1/25", "172.16.0.1/24", t)
+	//netX starts and ends before netY
+	AssertNoOverlap("172.16.1.1/25", "172.16.2.1/24", t)
+}
+
+func TestNetworkRange(t *testing.T) {
+	// Simple class C test
+	_, network, _ := net.ParseCIDR("192.168.0.1/24")
+	first, last := NetworkRange(network)
+	if !first.Equal(net.ParseIP("192.168.0.0")) {
+		t.Error(first.String())
+	}
+	if !last.Equal(net.ParseIP("192.168.0.255")) {
+		t.Error(last.String())
+	}
+
+	// Class A test
+	_, network, _ = net.ParseCIDR("10.0.0.1/8")
+	first, last = NetworkRange(network)
+	if !first.Equal(net.ParseIP("10.0.0.0")) {
+		t.Error(first.String())
+	}
+	if !last.Equal(net.ParseIP("10.255.255.255")) {
+		t.Error(last.String())
+	}
+
+	// Class A, random IP address
+	_, network, _ = net.ParseCIDR("10.1.2.3/8")
+	first, last = NetworkRange(network)
+	if !first.Equal(net.ParseIP("10.0.0.0")) {
+		t.Error(first.String())
+	}
+	if !last.Equal(net.ParseIP("10.255.255.255")) {
+		t.Error(last.String())
+	}
+
+	// 32bit mask
+	_, network, _ = net.ParseCIDR("10.1.2.3/32")
+	first, last = NetworkRange(network)
+	if !first.Equal(net.ParseIP("10.1.2.3")) {
+		t.Error(first.String())
+	}
+	if !last.Equal(net.ParseIP("10.1.2.3")) {
+		t.Error(last.String())
+	}
+
+	// 31bit mask
+	_, network, _ = net.ParseCIDR("10.1.2.3/31")
+	first, last = NetworkRange(network)
+	if !first.Equal(net.ParseIP("10.1.2.2")) {
+		t.Error(first.String())
+	}
+	if !last.Equal(net.ParseIP("10.1.2.3")) {
+		t.Error(last.String())
+	}
+
+	// 26bit mask
+	_, network, _ = net.ParseCIDR("10.1.2.3/26")
+	first, last = NetworkRange(network)
+	if !first.Equal(net.ParseIP("10.1.2.0")) {
+		t.Error(first.String())
+	}
+	if !last.Equal(net.ParseIP("10.1.2.63")) {
+		t.Error(last.String())
+	}
+}
+
+// Test veth name generation "veth"+rand (e.g.veth0f60e2c)
+func TestGenerateRandomName(t *testing.T) {
+	name1, err := GenerateRandomName("veth", 7)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// veth plus generated append equals a len of 11
+	if len(name1) != 11 {
+		t.Fatalf("Expected 11 characters, instead received %d characters", len(name1))
+	}
+	name2, err := GenerateRandomName("veth", 7)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// Fail if the random generated names equal one another
+	if name1 == name2 {
+		t.Fatalf("Expected differing values but received %s and %s", name1, name2)
+	}
+}
+
+// Test mac generation.
+func TestUtilGenerateRandomMAC(t *testing.T) {
+	mac1 := GenerateRandomMAC()
+	mac2 := GenerateRandomMAC()
+	// ensure bytes are unique
+	if bytes.Equal(mac1, mac2) {
+		t.Fatalf("mac1 %s should not equal mac2 %s", mac1, mac2)
+	}
+	// existing tests check string functionality so keeping the pattern
+	if mac1.String() == mac2.String() {
+		t.Fatalf("mac1 %s should not equal mac2 %s", mac1, mac2)
+	}
+}
+
+func TestNetworkRequest(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nw, err := FindAvailableNetwork(ipamutils.PredefinedLocalScopeDefaultNetworks)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var found bool
+	for _, exp := range ipamutils.PredefinedLocalScopeDefaultNetworks {
+		if types.CompareIPNet(exp, nw) {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		t.Fatalf("Found unexpected broad network %s", nw)
+	}
+
+	nw, err = FindAvailableNetwork(ipamutils.PredefinedGlobalScopeDefaultNetworks)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	found = false
+	for _, exp := range ipamutils.PredefinedGlobalScopeDefaultNetworks {
+		if types.CompareIPNet(exp, nw) {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		t.Fatalf("Found unexpected granular network %s", nw)
+	}
+
+	// Add iface and ssert returned address on request
+	createInterface(t, "test", "172.17.42.1/16")
+
+	_, exp, err := net.ParseCIDR("172.18.0.0/16")
+	if err != nil {
+		t.Fatal(err)
+	}
+	nw, err = FindAvailableNetwork(ipamutils.PredefinedLocalScopeDefaultNetworks)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !types.CompareIPNet(exp, nw) {
+		t.Fatalf("expected %s. got %s", exp, nw)
+	}
+}
+
+func TestElectInterfaceAddressMultipleAddresses(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nws := []string{"172.101.202.254/16", "172.102.202.254/16"}
+	createInterface(t, "test", nws...)
+
+	ipv4NwList, ipv6NwList, err := ElectInterfaceAddresses("test")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(ipv4NwList) == 0 {
+		t.Fatal("unexpected empty ipv4 network addresses")
+	}
+
+	if len(ipv6NwList) == 0 {
+		t.Fatal("unexpected empty ipv6 network addresses")
+	}
+
+	nwList := []string{}
+	for _, ipv4Nw := range ipv4NwList {
+		nwList = append(nwList, ipv4Nw.String())
+	}
+	sort.Strings(nws)
+	sort.Strings(nwList)
+
+	if len(nws) != len(nwList) {
+		t.Fatalf("expected %v. got %v", nws, nwList)
+	}
+	for i, nw := range nws {
+		if nw != nwList[i] {
+			t.Fatalf("expected %v. got %v", nw, nwList[i])
+		}
+	}
+}
+
+func TestElectInterfaceAddress(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	nws := "172.101.202.254/16"
+	createInterface(t, "test", nws)
+
+	ipv4Nw, ipv6Nw, err := ElectInterfaceAddresses("test")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(ipv4Nw) == 0 {
+		t.Fatal("unexpected empty ipv4 network addresses")
+	}
+
+	if len(ipv6Nw) == 0 {
+		t.Fatal("unexpected empty ipv6 network addresses")
+	}
+
+	if nws != ipv4Nw[0].String() {
+		t.Fatalf("expected %s. got %s", nws, ipv4Nw[0])
+	}
+}
+
+func createInterface(t *testing.T, name string, nws ...string) {
+	// Add interface
+	link := &netlink.Bridge{
+		LinkAttrs: netlink.LinkAttrs{
+			Name: "test",
+		},
+	}
+	bips := []*net.IPNet{}
+	for _, nw := range nws {
+		bip, err := types.ParseCIDR(nw)
+		if err != nil {
+			t.Fatal(err)
+		}
+		bips = append(bips, bip)
+	}
+	if err := netlink.LinkAdd(link); err != nil {
+		t.Fatalf("Failed to create interface via netlink: %v", err)
+	}
+	for _, bip := range bips {
+		if err := netlink.AddrAdd(link, &netlink.Addr{IPNet: bip}); err != nil {
+			t.Fatal(err)
+		}
+	}
+	if err := netlink.LinkSetUp(link); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/libnetwork/netutils/utils_windows.go b/libnetwork/netutils/utils_windows.go
new file mode 100644
index 0000000000000..0773799029bd1
--- /dev/null
+++ b/libnetwork/netutils/utils_windows.go
@@ -0,0 +1,25 @@
+package netutils
+
+import (
+	"net"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+// ElectInterfaceAddresses looks for an interface on the OS with the specified name
+// and returns returns all its IPv4 and IPv6 addresses in CIDR notation.
+// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned.
+// If the interface does not exist, it chooses from a predefined
+// list the first IPv4 address which does not conflict with other
+// interfaces on the system.
+func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) {
+	return nil, nil, types.NotImplementedErrorf("not supported on windows")
+}
+
+// FindAvailableNetwork returns a network from the passed list which does not
+// overlap with existing interfaces in the system
+
+// TODO : Use appropriate windows APIs to identify non-overlapping subnets
+func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/docker/libnetwork/network.go b/libnetwork/network.go
similarity index 92%
rename from vendor/github.com/docker/libnetwork/network.go
rename to libnetwork/network.go
index 0a4a2277b018f..207138f674adb 100644
--- a/vendor/github.com/docker/libnetwork/network.go
+++ b/libnetwork/network.go
@@ -8,34 +8,34 @@ import (
 	"sync"
 	"time"
 
+	"github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/etchosts"
+	"github.com/docker/docker/libnetwork/internal/setmatrix"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/netutils"
+	"github.com/docker/docker/libnetwork/networkdb"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/libnetwork/config"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/etchosts"
-	"github.com/docker/libnetwork/internal/setmatrix"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/networkdb"
-	"github.com/docker/libnetwork/options"
-	"github.com/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
 // A Network represents a logical connectivity zone that containers may
 // join using the Link method. A Network is managed by a specific driver.
 type Network interface {
-	// A user chosen name for this network.
+	// Name returns a user chosen name for this network.
 	Name() string
 
-	// A system generated id for this network.
+	// ID returns a system generated id for this network.
 	ID() string
 
-	// The type of network, which corresponds to its managing driver.
+	// Type returns the type of network, which corresponds to its managing driver.
 	Type() string
 
-	// Create a new endpoint to this network symbolically identified by the
+	// CreateEndpoint creates a new endpoint to this network symbolically identified by the
 	// specified unique name. The options parameter carries driver specific options.
 	CreateEndpoint(name string, options ...EndpointOption) (Endpoint, error)
 
@@ -45,7 +45,7 @@ type Network interface {
 	// Endpoints returns the list of Endpoint(s) in this network.
 	Endpoints() []Endpoint
 
-	// WalkEndpoints uses the provided function to walk the Endpoints
+	// WalkEndpoints uses the provided function to walk the Endpoints.
 	WalkEndpoints(walker EndpointWalker)
 
 	// EndpointByName returns the Endpoint which has the passed name. If not found, the error ErrNoSuchEndpoint is returned.
@@ -54,7 +54,7 @@ type Network interface {
 	// EndpointByID returns the Endpoint which has the passed id. If not found, the error ErrNoSuchEndpoint is returned.
 	EndpointByID(id string) (Endpoint, error)
 
-	// Return certain operational data belonging to this network
+	// Info returns certain operational data belonging to this network.
 	Info() NetworkInfo
 }
 
@@ -78,8 +78,8 @@ type NetworkInfo interface {
 	// gossip cluster. For non-dynamic overlay networks and bridge networks it returns an
 	// empty slice
 	Peers() []networkdb.PeerInfo
-	//Services returns a map of services keyed by the service name with the details
-	//of all the tasks that belong to the service. Applicable only in swarm mode.
+	// Services returns a map of services keyed by the service name with the details
+	// of all the tasks that belong to the service. Applicable only in swarm mode.
 	Services() map[string]ServiceInfo
 }
 
@@ -89,7 +89,7 @@ type EndpointWalker func(ep Endpoint) bool
 
 // ipInfo is the reverse mapping from IP to service name to serve the PTR query.
 // extResolver is set if an external server resolves a service name to this IP.
-// Its an indication to defer PTR queries also to that external server.
+// It's an indication to defer PTR queries also to that external server.
 type ipInfo struct {
 	name        string
 	serviceID   string
@@ -130,15 +130,15 @@ type networkDBTable struct {
 
 // IpamConf contains all the ipam related configurations for a network
 type IpamConf struct {
-	// The master address pool for containers and network interfaces
+	// PreferredPool is the master address pool for containers and network interfaces.
 	PreferredPool string
-	// A subset of the master pool. If specified,
-	// this becomes the container pool
+	// SubPool is a subset of the master pool. If specified,
+	// this becomes the container pool.
 	SubPool string
-	// Preferred Network Gateway address (optional)
+	// Gateway is the preferred Network Gateway address (optional).
 	Gateway string
-	// Auxiliary addresses for network driver. Must be within the master pool.
-	// libnetwork will reserve them if they fall into the container pool
+	// AuxAddresses contains auxiliary addresses for network driver. Must be within the master pool.
+	// libnetwork will reserve them if they fall into the container pool.
 	AuxAddresses map[string]string
 }
 
@@ -220,7 +220,6 @@ type network struct {
 	dbIndex          uint64
 	dbExists         bool
 	persist          bool
-	stopWatchCh      chan struct{}
 	drvOnce          *sync.Once
 	resolverOnce     sync.Once
 	resolver         []Resolver
@@ -396,11 +395,9 @@ func (n *network) validateConfiguration() error {
 					driverOptions map[string]string
 					opts          interface{}
 				)
-				switch data.(type) {
-				case map[string]interface{}:
-					opts = data.(map[string]interface{})
-				case map[string]string:
-					opts = data.(map[string]string)
+				switch t := data.(type) {
+				case map[string]interface{}, map[string]string:
+					opts = t
 				}
 				ba, err := json.Marshal(opts)
 				if err != nil {
@@ -418,7 +415,7 @@ func (n *network) validateConfiguration() error {
 	return nil
 }
 
-// Applies network specific configurations
+// applyConfigurationTo applies network specific configurations.
 func (n *network) applyConfigurationTo(to *network) error {
 	to.enableIPv6 = n.enableIPv6
 	if len(n.labels) > 0 {
@@ -501,25 +498,33 @@ func (n *network) CopyTo(o datastore.KVObject) error {
 
 	for _, v4conf := range n.ipamV4Config {
 		dstV4Conf := &IpamConf{}
-		v4conf.CopyTo(dstV4Conf)
+		if err := v4conf.CopyTo(dstV4Conf); err != nil {
+			return err
+		}
 		dstN.ipamV4Config = append(dstN.ipamV4Config, dstV4Conf)
 	}
 
 	for _, v4info := range n.ipamV4Info {
 		dstV4Info := &IpamInfo{}
-		v4info.CopyTo(dstV4Info)
+		if err := v4info.CopyTo(dstV4Info); err != nil {
+			return err
+		}
 		dstN.ipamV4Info = append(dstN.ipamV4Info, dstV4Info)
 	}
 
 	for _, v6conf := range n.ipamV6Config {
 		dstV6Conf := &IpamConf{}
-		v6conf.CopyTo(dstV6Conf)
+		if err := v6conf.CopyTo(dstV6Conf); err != nil {
+			return err
+		}
 		dstN.ipamV6Config = append(dstN.ipamV6Config, dstV6Conf)
 	}
 
 	for _, v6info := range n.ipamV6Info {
 		dstV6Info := &IpamInfo{}
-		v6info.CopyTo(dstV6Info)
+		if err := v6info.CopyTo(dstV6Info); err != nil {
+			return err
+		}
 		dstN.ipamV6Info = append(dstN.ipamV6Info, dstV6Info)
 	}
 
@@ -935,16 +940,6 @@ func (n *network) resolveDriver(name string, load bool) (driverapi.Driver, *driv
 	return d, cap, nil
 }
 
-func (n *network) driverScope() string {
-	_, cap, err := n.resolveDriver(n.networkType, true)
-	if err != nil {
-		// If driver could not be resolved simply return an empty string
-		return ""
-	}
-
-	return cap.DataScope
-}
-
 func (n *network) driverIsMultihost() bool {
 	_, cap, err := n.resolveDriver(n.networkType, true)
 	if err != nil {
@@ -997,7 +992,7 @@ func (n *network) delete(force bool, rmLBEndpoint bool) error {
 	n.Unlock()
 
 	c.networkLocker.Lock(id)
-	defer c.networkLocker.Unlock(id)
+	defer c.networkLocker.Unlock(id) // nolint:errcheck
 
 	n, err := c.getNetworkFromStore(id)
 	if err != nil {
@@ -1056,7 +1051,7 @@ func (n *network) delete(force bool, rmLBEndpoint bool) error {
 					t.Name(), n.Name(), err)
 			}
 		} else {
-			logrus.Warnf("Could not find configuration network %q during removal of network %q", n.configOnly, n.Name())
+			logrus.Warnf("Could not find configuration network %q during removal of network %q", n.configFrom, n.Name())
 		}
 	}
 
@@ -1090,6 +1085,10 @@ func (n *network) delete(force bool, rmLBEndpoint bool) error {
 	// Cleanup the service discovery for this network
 	c.cleanupServiceDiscovery(n.ID())
 
+	// Cleanup the load balancer. On Windows this call is required
+	// to remove remote loadbalancers in VFP.
+	c.cleanupServiceBindings(n.ID())
+
 removeFromStore:
 	// deleteFromStore performs an atomic delete operation and the
 	// network.epCnt will help prevent any possible
@@ -1161,7 +1160,7 @@ func (n *network) CreateEndpoint(name string, options ...EndpointOption) (Endpoi
 	}
 
 	n.ctrlr.networkLocker.Lock(n.id)
-	defer n.ctrlr.networkLocker.Unlock(n.id)
+	defer n.ctrlr.networkLocker.Unlock(n.id) // nolint:errcheck
 
 	return n.createEndpoint(name, options...)
 
@@ -1179,7 +1178,8 @@ func (n *network) createEndpoint(name string, options ...EndpointOption) (Endpoi
 	ep.locator = n.getController().clusterHostID()
 	ep.network, err = ep.getNetworkFromStore()
 	if err != nil {
-		return nil, fmt.Errorf("failed to get network during CreateEndpoint: %v", err)
+		logrus.Errorf("failed to get network during CreateEndpoint: %v", err)
+		return nil, err
 	}
 	n = ep.network
 
@@ -1197,12 +1197,12 @@ func (n *network) createEndpoint(name string, options ...EndpointOption) (Endpoi
 		}
 	}
 
-	ipam, cap, err := n.getController().getIPAMDriver(n.ipamType)
+	ipam, capability, err := n.getController().getIPAMDriver(n.ipamType)
 	if err != nil {
 		return nil, err
 	}
 
-	if cap.RequiresMACAddress {
+	if capability.RequiresMACAddress {
 		if ep.iface.mac == nil {
 			ep.iface.mac = netutils.GenerateRandomMAC()
 		}
@@ -1327,7 +1327,7 @@ func (n *network) EndpointByID(id string) (Endpoint, error) {
 func (n *network) updateSvcRecord(ep *endpoint, localEps []*endpoint, isAdd bool) {
 	var ipv6 net.IP
 	epName := ep.Name()
-	if iface := ep.Iface(); iface.Address() != nil {
+	if iface := ep.Iface(); iface != nil && iface.Address() != nil {
 		myAliases := ep.MyAliases()
 		if iface.AddressIPv6() != nil {
 			ipv6 = iface.AddressIPv6().IP
@@ -1383,14 +1383,18 @@ func delIPToName(ipMap setmatrix.SetMatrix, name, serviceID string, ip net.IP) {
 }
 
 func addNameToIP(svcMap setmatrix.SetMatrix, name, serviceID string, epIP net.IP) {
-	svcMap.Insert(name, svcMapEntry{
+	// Since DNS name resolution is case-insensitive, Use the lower-case form
+	// of the name as the key into svcMap
+	lowerCaseName := strings.ToLower(name)
+	svcMap.Insert(lowerCaseName, svcMapEntry{
 		ip:        epIP.String(),
 		serviceID: serviceID,
 	})
 }
 
 func delNameToIP(svcMap setmatrix.SetMatrix, name, serviceID string, epIP net.IP) {
-	svcMap.Remove(name, svcMapEntry{
+	lowerCaseName := strings.ToLower(name)
+	svcMap.Remove(lowerCaseName, svcMapEntry{
 		ip:        epIP.String(),
 		serviceID: serviceID,
 	})
@@ -1402,21 +1406,21 @@ func (n *network) addSvcRecords(eID, name, serviceID string, epIP, epIPv6 net.IP
 	if n.ingress {
 		return
 	}
-
-	logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID)
+	networkID := n.ID()
+	logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID)
 
 	c := n.getController()
 	c.Lock()
 	defer c.Unlock()
 
-	sr, ok := c.svcRecords[n.ID()]
+	sr, ok := c.svcRecords[networkID]
 	if !ok {
 		sr = svcInfo{
 			svcMap:     setmatrix.NewSetMatrix(),
 			svcIPv6Map: setmatrix.NewSetMatrix(),
 			ipMap:      setmatrix.NewSetMatrix(),
 		}
-		c.svcRecords[n.ID()] = sr
+		c.svcRecords[networkID] = sr
 	}
 
 	if ipMapUpdate {
@@ -1438,14 +1442,14 @@ func (n *network) deleteSvcRecords(eID, name, serviceID string, epIP net.IP, epI
 	if n.ingress {
 		return
 	}
-
-	logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID)
+	networkID := n.ID()
+	logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID)
 
 	c := n.getController()
 	c.Lock()
 	defer c.Unlock()
 
-	sr, ok := c.svcRecords[n.ID()]
+	sr, ok := c.svcRecords[networkID]
 	if !ok {
 		return
 	}
@@ -1825,13 +1829,17 @@ func (n *network) IpamConfig() (string, map[string]string, []*IpamConf, []*IpamC
 
 	for i, c := range n.ipamV4Config {
 		cc := &IpamConf{}
-		c.CopyTo(cc)
+		if err := c.CopyTo(cc); err != nil {
+			logrus.WithError(err).Error("Error copying ipam ipv4 config")
+		}
 		v4L[i] = cc
 	}
 
 	for i, c := range n.ipamV6Config {
 		cc := &IpamConf{}
-		c.CopyTo(cc)
+		if err := c.CopyTo(cc); err != nil {
+			logrus.WithError(err).Debug("Error copying ipam ipv6 config")
+		}
 		v6L[i] = cc
 	}
 
@@ -1847,13 +1855,17 @@ func (n *network) IpamInfo() ([]*IpamInfo, []*IpamInfo) {
 
 	for i, info := range n.ipamV4Info {
 		ic := &IpamInfo{}
-		info.CopyTo(ic)
+		if err := info.CopyTo(ic); err != nil {
+			logrus.WithError(err).Error("Error copying ipv4 ipam config")
+		}
 		v4Info[i] = ic
 	}
 
 	for i, info := range n.ipamV6Info {
 		ic := &IpamInfo{}
-		info.CopyTo(ic)
+		if err := info.CopyTo(ic); err != nil {
+			logrus.WithError(err).Error("Error copying ipv6 ipam config")
+		}
 		v6Info[i] = ic
 	}
 
@@ -1936,6 +1948,22 @@ func (n *network) TableEventRegister(tableName string, objType driverapi.ObjectT
 	return nil
 }
 
+func (n *network) UpdateIpamConfig(ipV4Data []driverapi.IPAMData) {
+
+	ipamV4Config := make([]*IpamConf, len(ipV4Data))
+
+	for i, data := range ipV4Data {
+		ic := &IpamConf{}
+		ic.PreferredPool = data.Pool.String()
+		ic.Gateway = data.Gateway.IP.String()
+		ipamV4Config[i] = ic
+	}
+
+	n.Lock()
+	defer n.Unlock()
+	n.ipamV4Config = ipamV4Config
+}
+
 // Special drivers are ones which do not need to perform any network plumbing
 func (n *network) hasSpecialDriver() bool {
 	return n.Type() == "host" || n.Type() == "null"
@@ -1949,15 +1977,17 @@ func (n *network) ResolveName(req string, ipType int) ([]net.IP, bool) {
 	var ipv6Miss bool
 
 	c := n.getController()
+	networkID := n.ID()
 	c.Lock()
 	defer c.Unlock()
-	sr, ok := c.svcRecords[n.ID()]
+	sr, ok := c.svcRecords[networkID]
 
 	if !ok {
 		return nil, false
 	}
 
 	req = strings.TrimSuffix(req, ".")
+	req = strings.ToLower(req)
 	ipSet, ok := sr.svcMap.Get(req)
 
 	if ipType == types.IPv6 {
@@ -1988,10 +2018,11 @@ func (n *network) ResolveName(req string, ipType int) ([]net.IP, bool) {
 }
 
 func (n *network) HandleQueryResp(name string, ip net.IP) {
+	networkID := n.ID()
 	c := n.getController()
 	c.Lock()
 	defer c.Unlock()
-	sr, ok := c.svcRecords[n.ID()]
+	sr, ok := c.svcRecords[networkID]
 
 	if !ok {
 		return
@@ -2007,10 +2038,11 @@ func (n *network) HandleQueryResp(name string, ip net.IP) {
 }
 
 func (n *network) ResolveIP(ip string) string {
+	networkID := n.ID()
 	c := n.getController()
 	c.Lock()
 	defer c.Unlock()
-	sr, ok := c.svcRecords[n.ID()]
+	sr, ok := c.svcRecords[networkID]
 
 	if !ok {
 		return ""
@@ -2061,9 +2093,10 @@ func (n *network) ResolveService(name string) ([]*net.SRV, []net.IP) {
 	proto := parts[1]
 	svcName := strings.Join(parts[2:], ".")
 
+	networkID := n.ID()
 	c.Lock()
 	defer c.Unlock()
-	sr, ok := c.svcRecords[n.ID()]
+	sr, ok := c.svcRecords[networkID]
 
 	if !ok {
 		return nil, nil
@@ -2203,14 +2236,14 @@ func (n *network) deleteLoadBalancerSandbox() error {
 			if sb != nil {
 				if err := sb.DisableService(); err != nil {
 					logrus.Warnf("Failed to disable service on sandbox %s: %v", sandboxName, err)
-					//Ignore error and attempt to delete the load balancer endpoint
+					// Ignore error and attempt to delete the load balancer endpoint
 				}
 			}
 		}
 
 		if err := endpoint.Delete(true); err != nil {
 			logrus.Warnf("Failed to delete endpoint %s (%s) in %s: %v", endpoint.Name(), endpoint.ID(), sandboxName, err)
-			//Ignore error and attempt to delete the sandbox.
+			// Ignore error and attempt to delete the sandbox.
 		}
 	}
 
diff --git a/vendor/github.com/docker/libnetwork/network_unix.go b/libnetwork/network_unix.go
similarity index 75%
rename from vendor/github.com/docker/libnetwork/network_unix.go
rename to libnetwork/network_unix.go
index 585261ece0db6..8b529b864468e 100644
--- a/vendor/github.com/docker/libnetwork/network_unix.go
+++ b/libnetwork/network_unix.go
@@ -1,8 +1,9 @@
+//go:build !windows
 // +build !windows
 
 package libnetwork
 
-import "github.com/docker/libnetwork/ipamapi"
+import "github.com/docker/docker/libnetwork/ipamapi"
 
 // Stub implementations for DNS related functions
 
diff --git a/libnetwork/network_windows.go b/libnetwork/network_windows.go
new file mode 100644
index 0000000000000..fda8e436d9be6
--- /dev/null
+++ b/libnetwork/network_windows.go
@@ -0,0 +1,76 @@
+//go:build windows
+// +build windows
+
+package libnetwork
+
+import (
+	"runtime"
+	"time"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/docker/docker/libnetwork/drivers/windows"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/ipams/windowsipam"
+	"github.com/sirupsen/logrus"
+)
+
+func executeInCompartment(compartmentID uint32, x func()) {
+	runtime.LockOSThread()
+
+	if err := hcsshim.SetCurrentThreadCompartmentId(compartmentID); err != nil {
+		logrus.Error(err)
+	}
+	defer func() {
+		hcsshim.SetCurrentThreadCompartmentId(0)
+		runtime.UnlockOSThread()
+	}()
+
+	x()
+}
+
+func (n *network) startResolver() {
+	if n.networkType == "ics" {
+		return
+	}
+	n.resolverOnce.Do(func() {
+		logrus.Debugf("Launching DNS server for network %q", n.Name())
+		options := n.Info().DriverOptions()
+		hnsid := options[windows.HNSID]
+
+		if hnsid == "" {
+			return
+		}
+
+		hnsresponse, err := hcsshim.HNSNetworkRequest("GET", hnsid, "")
+		if err != nil {
+			logrus.Errorf("Resolver Setup/Start failed for container %s, %q", n.Name(), err)
+			return
+		}
+
+		for _, subnet := range hnsresponse.Subnets {
+			if subnet.GatewayAddress != "" {
+				for i := 0; i < 3; i++ {
+					resolver := NewResolver(subnet.GatewayAddress, false, "", n)
+					logrus.Debugf("Binding a resolver on network %s gateway %s", n.Name(), subnet.GatewayAddress)
+					executeInCompartment(hnsresponse.DNSServerCompartment, resolver.SetupFunc(53))
+
+					if err = resolver.Start(); err != nil {
+						logrus.Errorf("Resolver Setup/Start failed for container %s, %q", n.Name(), err)
+						time.Sleep(1 * time.Second)
+					} else {
+						logrus.Debugf("Resolver bound successfully for network %s", n.Name())
+						n.resolver = append(n.resolver, resolver)
+						break
+					}
+				}
+			}
+		}
+	})
+}
+
+func defaultIpamForNetworkType(networkType string) string {
+	if windows.IsBuiltinLocalDriver(networkType) {
+		return windowsipam.DefaultIPAM
+	}
+	return ipamapi.DefaultIPAM
+}
diff --git a/vendor/github.com/docker/libnetwork/networkdb/broadcast.go b/libnetwork/networkdb/broadcast.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/networkdb/broadcast.go
rename to libnetwork/networkdb/broadcast.go
diff --git a/vendor/github.com/docker/libnetwork/networkdb/cluster.go b/libnetwork/networkdb/cluster.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/networkdb/cluster.go
rename to libnetwork/networkdb/cluster.go
index c9895708483b3..ce9ad35932f55 100644
--- a/vendor/github.com/docker/libnetwork/networkdb/cluster.go
+++ b/libnetwork/networkdb/cluster.go
@@ -18,12 +18,10 @@ import (
 )
 
 const (
-	reapPeriod            = 5 * time.Second
-	rejoinClusterDuration = 10 * time.Second
-	rejoinInterval        = 60 * time.Second
-	retryInterval         = 1 * time.Second
-	nodeReapInterval      = 24 * time.Hour
-	nodeReapPeriod        = 2 * time.Hour
+	reapPeriod       = 5 * time.Second
+	retryInterval    = 1 * time.Second
+	nodeReapInterval = 24 * time.Hour
+	nodeReapPeriod   = 2 * time.Hour
 	// considering a cluster with > 20 nodes and a drain speed of 100 msg/s
 	// the following is roughly 1 minute
 	maxQueueLenBroadcastOnSync = 500
@@ -172,7 +170,7 @@ func (nDB *NetworkDB) clusterInit() error {
 		{config.PushPullInterval, nDB.bulkSyncTables},
 		{retryInterval, nDB.reconnectNode},
 		{nodeReapPeriod, nDB.reapDeadNode},
-		{rejoinInterval, nDB.rejoinClusterBootStrap},
+		{nDB.config.rejoinClusterInterval, nDB.rejoinClusterBootStrap},
 	} {
 		t := time.NewTicker(trigger.interval)
 		go nDB.triggerFunc(trigger.interval, t.C, trigger.fn)
@@ -210,7 +208,8 @@ func (nDB *NetworkDB) clusterJoin(members []string) error {
 
 	if _, err := mlist.Join(members); err != nil {
 		// In case of failure, we no longer need to explicitly call retryJoin.
-		// rejoinClusterBootStrap, which runs every minute, will retryJoin for 10sec
+		// rejoinClusterBootStrap, which runs every nDB.config.rejoinClusterInterval,
+		// will retryJoin for nDB.config.rejoinClusterDuration.
 		return fmt.Errorf("could not join node to memberlist: %v", err)
 	}
 
@@ -244,7 +243,7 @@ func (nDB *NetworkDB) clusterLeave() error {
 
 func (nDB *NetworkDB) triggerFunc(stagger time.Duration, C <-chan time.Time, f func()) {
 	// Use a random stagger to avoid synchronizing
-	randStagger := time.Duration(uint64(rnd.Int63()) % uint64(stagger))
+	randStagger := time.Duration(uint64(rnd.Int63()) % uint64(stagger)) //nolint:gosec // gosec complains about the use of rand here. It should be fine.
 	select {
 	case <-time.After(randStagger):
 	case <-nDB.ctx.Done():
@@ -288,7 +287,12 @@ func (nDB *NetworkDB) rejoinClusterBootStrap() {
 		return
 	}
 
-	myself, _ := nDB.nodes[nDB.config.NodeID]
+	myself, ok := nDB.nodes[nDB.config.NodeID]
+	if !ok {
+		nDB.RUnlock()
+		logrus.Warnf("rejoinClusterBootstrap unable to find local node info using ID:%v", nDB.config.NodeID)
+		return
+	}
 	bootStrapIPs := make([]string, 0, len(nDB.bootStrapIP))
 	for _, bootIP := range nDB.bootStrapIP {
 		// botostrap IPs are usually IP:port from the Join
@@ -319,7 +323,7 @@ func (nDB *NetworkDB) rejoinClusterBootStrap() {
 	}
 	// None of the bootStrap nodes are in the cluster, call memberlist join
 	logrus.Debugf("rejoinClusterBootStrap, calling cluster join with bootStrap %v", bootStrapIPs)
-	ctx, cancel := context.WithTimeout(nDB.ctx, rejoinClusterDuration)
+	ctx, cancel := context.WithTimeout(nDB.ctx, nDB.config.rejoinClusterDuration)
 	defer cancel()
 	nDB.retryJoin(ctx, bootStrapIPs)
 }
@@ -352,7 +356,7 @@ func (nDB *NetworkDB) reconnectNode() {
 	nDB.bulkSync([]string{node.Name}, true)
 }
 
-// For timing the entry deletion in the repaer APIs that doesn't use monotonic clock
+// For timing the entry deletion in the reaper APIs that doesn't use monotonic clock
 // source (time.Now, Sub etc.) should be avoided. Hence we use reapTime in every
 // entry which is set initially to reapInterval and decremented by reapPeriod every time
 // the reaper runs. NOTE nDB.reapTableEntries updates the reapTime with a readlock. This
@@ -415,10 +419,10 @@ func (nDB *NetworkDB) reapTableEntries() {
 
 			okTable, okNetwork := nDB.deleteEntry(nid, tname, key)
 			if !okTable {
-				logrus.Errorf("Table tree delete failed, entry with key:%s does not exists in the table:%s network:%s", key, tname, nid)
+				logrus.Errorf("Table tree delete failed, entry with key:%s does not exist in the table:%s network:%s", key, tname, nid)
 			}
 			if !okNetwork {
-				logrus.Errorf("Network tree delete failed, entry with key:%s does not exists in the network:%s table:%s", key, nid, tname)
+				logrus.Errorf("Network tree delete failed, entry with key:%s does not exist in the network:%s table:%s", key, nid, tname)
 			}
 
 			return false
diff --git a/vendor/github.com/docker/libnetwork/networkdb/delegate.go b/libnetwork/networkdb/delegate.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/networkdb/delegate.go
rename to libnetwork/networkdb/delegate.go
diff --git a/vendor/github.com/docker/libnetwork/networkdb/event_delegate.go b/libnetwork/networkdb/event_delegate.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/networkdb/event_delegate.go
rename to libnetwork/networkdb/event_delegate.go
diff --git a/vendor/github.com/docker/libnetwork/networkdb/message.go b/libnetwork/networkdb/message.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/networkdb/message.go
rename to libnetwork/networkdb/message.go
diff --git a/vendor/github.com/docker/libnetwork/networkdb/networkdb.go b/libnetwork/networkdb/networkdb.go
similarity index 96%
rename from vendor/github.com/docker/libnetwork/networkdb/networkdb.go
rename to libnetwork/networkdb/networkdb.go
index d8c3107baacb4..bc78e480ae80f 100644
--- a/vendor/github.com/docker/libnetwork/networkdb/networkdb.go
+++ b/libnetwork/networkdb/networkdb.go
@@ -1,6 +1,6 @@
 package networkdb
 
-//go:generate protoc -I.:../vendor/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/networkdb,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. networkdb.proto
+//go:generate protoc -I.:../vendor/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/docker/libnetwork/networkdb,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. networkdb.proto
 
 import (
 	"context"
@@ -11,9 +11,9 @@ import (
 	"time"
 
 	"github.com/armon/go-radix"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/go-events"
-	"github.com/docker/libnetwork/types"
 	"github.com/hashicorp/memberlist"
 	"github.com/hashicorp/serf/serf"
 	"github.com/sirupsen/logrus"
@@ -192,6 +192,14 @@ type Config struct {
 	// NOTE this MUST always be higher than reapEntryInterval
 	reapNetworkInterval time.Duration
 
+	// rejoinClusterDuration represents retryJoin timeout used by rejoinClusterBootStrap.
+	// Default is 10sec.
+	rejoinClusterDuration time.Duration
+
+	// rejoinClusterInterval represents interval on which rejoinClusterBootStrap runs.
+	// Default is 60sec.
+	rejoinClusterInterval time.Duration
+
 	// StatsPrintPeriod the period to use to print queue stats
 	// Default is 5min
 	StatsPrintPeriod time.Duration
@@ -225,13 +233,15 @@ type entry struct {
 func DefaultConfig() *Config {
 	hostname, _ := os.Hostname()
 	return &Config{
-		NodeID:            stringid.TruncateID(stringid.GenerateRandomID()),
-		Hostname:          hostname,
-		BindAddr:          "0.0.0.0",
-		PacketBufferSize:  1400,
-		StatsPrintPeriod:  5 * time.Minute,
-		HealthPrintPeriod: 1 * time.Minute,
-		reapEntryInterval: 30 * time.Minute,
+		NodeID:                stringid.TruncateID(stringid.GenerateRandomID()),
+		Hostname:              hostname,
+		BindAddr:              "0.0.0.0",
+		PacketBufferSize:      1400,
+		StatsPrintPeriod:      5 * time.Minute,
+		HealthPrintPeriod:     1 * time.Minute,
+		reapEntryInterval:     30 * time.Minute,
+		rejoinClusterDuration: 10 * time.Second,
+		rejoinClusterInterval: 60 * time.Second,
 	}
 }
 
diff --git a/vendor/github.com/docker/libnetwork/networkdb/networkdb.pb.go b/libnetwork/networkdb/networkdb.pb.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/networkdb/networkdb.pb.go
rename to libnetwork/networkdb/networkdb.pb.go
index 971e868aa4a47..58faed98160bc 100644
--- a/vendor/github.com/docker/libnetwork/networkdb/networkdb.pb.go
+++ b/libnetwork/networkdb/networkdb.pb.go
@@ -145,7 +145,9 @@ var NetworkEvent_Type_value = map[string]int32{
 func (x NetworkEvent_Type) String() string {
 	return proto.EnumName(NetworkEvent_Type_name, int32(x))
 }
-func (NetworkEvent_Type) EnumDescriptor() ([]byte, []int) { return fileDescriptorNetworkdb, []int{2, 0} }
+func (NetworkEvent_Type) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptorNetworkdb, []int{2, 0}
+}
 
 type TableEvent_Type int32
 
@@ -476,7 +478,7 @@ func (m *CompoundMessage) GetMessages() []*CompoundMessage_SimpleMessage {
 type CompoundMessage_SimpleMessage struct {
 	// Bytestring payload of a message constructed using
 	// other message type definitions.
-	Payload []byte `protobuf:"bytes,1,opt,name=Payload,json=payload,proto3" json:"Payload,omitempty"`
+	Payload []byte `protobuf:"bytes,1,opt,name=Payload,proto3" json:"Payload,omitempty"`
 }
 
 func (m *CompoundMessage_SimpleMessage) Reset()      { *m = CompoundMessage_SimpleMessage{} }
@@ -2651,7 +2653,7 @@ var (
 func init() { proto.RegisterFile("networkdb/networkdb.proto", fileDescriptorNetworkdb) }
 
 var fileDescriptorNetworkdb = []byte{
-	// 955 bytes of a gzipped FileDescriptorProto
+	// 956 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x96, 0xcd, 0x6e, 0xe3, 0x54,
 	0x14, 0xc7, 0x7b, 0xf3, 0xd1, 0x26, 0xa7, 0x29, 0x35, 0x77, 0x3a, 0x53, 0xd7, 0x03, 0x89, 0x31,
 	0x33, 0x55, 0xa6, 0x82, 0x14, 0x75, 0x9e, 0xa0, 0x49, 0x2c, 0xc8, 0x4c, 0xc6, 0x89, 0xdc, 0xa4,
@@ -2700,16 +2702,16 @@ var fileDescriptorNetworkdb = []byte{
 	0x11, 0xb6, 0x5c, 0x32, 0xb6, 0x1c, 0x62, 0xb0, 0x57, 0x5e, 0xd0, 0x93, 0xa9, 0xf2, 0x2d, 0x82,
 	0xdd, 0x9a, 0x33, 0x70, 0x9d, 0xa1, 0x6d, 0x24, 0x35, 0xd5, 0x21, 0x37, 0x88, 0x86, 0xbe, 0x88,
 	0x58, 0x63, 0x95, 0x39, 0xb7, 0xaf, 0xd1, 0x95, 0x33, 0x73, 0xe0, 0x5a, 0x34, 0x9e, 0xe9, 0x8b,
-	0x5f, 0x4a, 0x4f, 0x60, 0x67, 0x65, 0x2b, 0x4c, 0xa2, 0x1d, 0x27, 0x81, 0x56, 0x92, 0x38, 0xfa,
-	0x39, 0x05, 0xdb, 0xdc, 0x5d, 0x8d, 0x3f, 0xe4, 0x0d, 0xc1, 0xae, 0x27, 0x6e, 0x37, 0x71, 0x43,
-	0x05, 0x76, 0x34, 0xb5, 0xf3, 0x79, 0x4b, 0x7f, 0xde, 0x53, 0xcf, 0x55, 0xad, 0x23, 0xa0, 0xe8,
-	0xd0, 0xe6, 0xd0, 0x95, 0xfb, 0xea, 0x08, 0xb6, 0x3b, 0xa7, 0xd5, 0xa6, 0x1a, 0xd3, 0xf1, 0xb1,
-	0xcc, 0xd1, 0x5c, 0xaf, 0x1f, 0x42, 0xbe, 0xdd, 0x3d, 0xfb, 0xac, 0xd7, 0xee, 0x36, 0x9b, 0x42,
-	0x5a, 0xda, 0x9f, 0x4c, 0xe5, 0x7b, 0x1c, 0xb9, 0x38, 0xcd, 0x0e, 0x21, 0x5f, 0xed, 0x36, 0x9f,
-	0xf7, 0xce, 0xbe, 0xd0, 0x6a, 0x42, 0xe6, 0x16, 0x97, 0x98, 0x05, 0x3f, 0x86, 0x5c, 0xad, 0xf5,
-	0xa2, 0xdd, 0xea, 0x6a, 0x75, 0x21, 0x7b, 0x0b, 0x4b, 0x14, 0xc5, 0x65, 0x00, 0xad, 0x55, 0x4f,
-	0x32, 0xdc, 0x8c, 0x8c, 0xc9, 0xd7, 0x93, 0x5c, 0xd2, 0xd2, 0xbd, 0xd8, 0x98, 0xbc, 0x6c, 0x55,
-	0xf1, 0xf7, 0x9b, 0xe2, 0xc6, 0x5f, 0x37, 0x45, 0xf4, 0xcd, 0xbc, 0x88, 0x5e, 0xcf, 0x8b, 0xe8,
-	0xd7, 0x79, 0x11, 0xfd, 0x39, 0x2f, 0xa2, 0x8b, 0x4d, 0xf6, 0xd7, 0xe9, 0xe9, 0xdf, 0x01, 0x00,
-	0x00, 0xff, 0xff, 0x02, 0x9d, 0x53, 0x72, 0x78, 0x09, 0x00, 0x00,
+	0x5f, 0x4a, 0x4f, 0x60, 0x67, 0x65, 0x2b, 0x4c, 0xa2, 0x1d, 0x27, 0x81, 0xa2, 0x24, 0xe2, 0xe9,
+	0xd1, 0xcf, 0x29, 0xd8, 0xe6, 0xee, 0x6a, 0xfc, 0x21, 0x6f, 0x08, 0x76, 0x3d, 0x71, 0xbb, 0x89,
+	0x1b, 0x2a, 0xb0, 0xa3, 0xa9, 0x9d, 0xcf, 0x5b, 0xfa, 0xf3, 0x9e, 0x7a, 0xae, 0x6a, 0x1d, 0x01,
+	0x45, 0x87, 0x36, 0x87, 0xae, 0xdc, 0x57, 0x47, 0xb0, 0xdd, 0x39, 0xad, 0x36, 0xd5, 0x98, 0x8e,
+	0x8f, 0x65, 0x8e, 0xe6, 0x7a, 0xfd, 0x10, 0xf2, 0xed, 0xee, 0xd9, 0x67, 0xbd, 0x76, 0xb7, 0xd9,
+	0x14, 0xd2, 0xd2, 0xfe, 0x64, 0x2a, 0xdf, 0xe3, 0xc8, 0xc5, 0x69, 0x76, 0x08, 0xf9, 0x6a, 0xb7,
+	0xf9, 0xbc, 0x77, 0xf6, 0x85, 0x56, 0x13, 0x32, 0xb7, 0xb8, 0xc4, 0x2c, 0xf8, 0x31, 0xe4, 0x6a,
+	0xad, 0x17, 0xed, 0x56, 0x57, 0xab, 0x0b, 0xd9, 0x5b, 0x58, 0xa2, 0x28, 0x2e, 0x03, 0x68, 0xad,
+	0x7a, 0x92, 0xe1, 0x66, 0x64, 0x4c, 0xbe, 0x9e, 0xe4, 0x92, 0x96, 0xee, 0xc5, 0xc6, 0xe4, 0x65,
+	0xab, 0x8a, 0xbf, 0xdf, 0x14, 0x37, 0xfe, 0xba, 0x29, 0xa2, 0x6f, 0xe6, 0x45, 0xf4, 0x7a, 0x5e,
+	0x44, 0xbf, 0xce, 0x8b, 0xe8, 0xcf, 0x79, 0x11, 0x5d, 0x6c, 0xb2, 0xbf, 0x4e, 0x4f, 0xff, 0x0e,
+	0x00, 0x00, 0xff, 0xff, 0x0b, 0x8d, 0x70, 0xa7, 0x78, 0x09, 0x00, 0x00,
 }
diff --git a/vendor/github.com/docker/libnetwork/networkdb/networkdb.proto b/libnetwork/networkdb/networkdb.proto
similarity index 100%
rename from vendor/github.com/docker/libnetwork/networkdb/networkdb.proto
rename to libnetwork/networkdb/networkdb.proto
diff --git a/libnetwork/networkdb/networkdb_test.go b/libnetwork/networkdb/networkdb_test.go
new file mode 100644
index 0000000000000..682d9fd53ceee
--- /dev/null
+++ b/libnetwork/networkdb/networkdb_test.go
@@ -0,0 +1,914 @@
+package networkdb
+
+import (
+	"fmt"
+	"log"
+	"net"
+	"os"
+	"strconv"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/go-events"
+	"github.com/hashicorp/memberlist"
+	"github.com/sirupsen/logrus"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/poll"
+)
+
+var dbPort int32 = 10000
+
+func TestMain(m *testing.M) {
+	os.WriteFile("/proc/sys/net/ipv6/conf/lo/disable_ipv6", []byte{'0', '\n'}, 0644)
+	logrus.SetLevel(logrus.ErrorLevel)
+	os.Exit(m.Run())
+}
+
+func launchNode(t *testing.T, conf Config) *NetworkDB {
+	t.Helper()
+	db, err := New(&conf)
+	assert.NilError(t, err)
+	return db
+}
+
+func createNetworkDBInstances(t *testing.T, num int, namePrefix string, conf *Config) []*NetworkDB {
+	t.Helper()
+	var dbs []*NetworkDB
+	for i := 0; i < num; i++ {
+		localConfig := *conf
+		localConfig.Hostname = fmt.Sprintf("%s%d", namePrefix, i+1)
+		localConfig.NodeID = stringid.TruncateID(stringid.GenerateRandomID())
+		localConfig.BindPort = int(atomic.AddInt32(&dbPort, 1))
+		db := launchNode(t, localConfig)
+		if i != 0 {
+			assert.Check(t, db.Join([]string{fmt.Sprintf("localhost:%d", db.config.BindPort-1)}))
+		}
+
+		dbs = append(dbs, db)
+	}
+
+	// Wait till the cluster creation is successful
+	check := func(t poll.LogT) poll.Result {
+		// Check that the cluster is properly created
+		for i := 0; i < num; i++ {
+			if num != len(dbs[i].ClusterPeers()) {
+				return poll.Continue("%s:Waiting for cluser peers to be established", dbs[i].config.Hostname)
+			}
+		}
+		return poll.Success()
+	}
+	poll.WaitOn(t, check, poll.WithDelay(2*time.Second), poll.WithTimeout(20*time.Second))
+
+	return dbs
+}
+
+func closeNetworkDBInstances(t *testing.T, dbs []*NetworkDB) {
+	t.Helper()
+	log.Print("Closing DB instances...")
+	for _, db := range dbs {
+		db.Close()
+	}
+}
+
+func (db *NetworkDB) verifyNodeExistence(t *testing.T, node string, present bool) {
+	t.Helper()
+	for i := 0; i < 80; i++ {
+		db.RLock()
+		_, ok := db.nodes[node]
+		db.RUnlock()
+		if present && ok {
+			return
+		}
+
+		if !present && !ok {
+			return
+		}
+
+		time.Sleep(50 * time.Millisecond)
+	}
+
+	t.Errorf("%v(%v): Node existence verification for node %s failed", db.config.Hostname, db.config.NodeID, node)
+}
+
+func (db *NetworkDB) verifyNetworkExistence(t *testing.T, node string, id string, present bool) {
+	t.Helper()
+
+	const sleepInterval = 50 * time.Millisecond
+	var maxRetries int64
+	if dl, ok := t.Deadline(); ok {
+		maxRetries = int64(time.Until(dl) / sleepInterval)
+	} else {
+		maxRetries = 80
+	}
+	for i := int64(0); i < maxRetries; i++ {
+		db.RLock()
+		nn, nnok := db.networks[node]
+		db.RUnlock()
+		if nnok {
+			n, ok := nn[id]
+			if present && ok {
+				return
+			}
+
+			if !present &&
+				((ok && n.leaving) ||
+					!ok) {
+				return
+			}
+		}
+
+		time.Sleep(sleepInterval)
+	}
+
+	t.Error("Network existence verification failed")
+}
+
+func (db *NetworkDB) verifyEntryExistence(t *testing.T, tname, nid, key, value string, present bool) {
+	t.Helper()
+	n := 80
+	for i := 0; i < n; i++ {
+		entry, err := db.getEntry(tname, nid, key)
+		if present && err == nil && string(entry.value) == value {
+			return
+		}
+
+		if !present &&
+			((err == nil && entry.deleting) ||
+				(err != nil)) {
+			return
+		}
+
+		if i == n-1 && !present && err != nil {
+			return
+		}
+
+		time.Sleep(50 * time.Millisecond)
+	}
+
+	t.Errorf("Entry existence verification test failed for %v(%v)", db.config.Hostname, db.config.NodeID)
+}
+
+func testWatch(t *testing.T, ch chan events.Event, ev interface{}, tname, nid, key, value string) {
+	t.Helper()
+	select {
+	case rcvdEv := <-ch:
+		assert.Check(t, is.Equal(fmt.Sprintf("%T", rcvdEv), fmt.Sprintf("%T", ev)))
+		switch typ := rcvdEv.(type) {
+		case CreateEvent:
+			assert.Check(t, is.Equal(tname, typ.Table))
+			assert.Check(t, is.Equal(nid, typ.NetworkID))
+			assert.Check(t, is.Equal(key, typ.Key))
+			assert.Check(t, is.Equal(value, string(typ.Value)))
+		case UpdateEvent:
+			assert.Check(t, is.Equal(tname, typ.Table))
+			assert.Check(t, is.Equal(nid, typ.NetworkID))
+			assert.Check(t, is.Equal(key, typ.Key))
+			assert.Check(t, is.Equal(value, string(typ.Value)))
+		case DeleteEvent:
+			assert.Check(t, is.Equal(tname, typ.Table))
+			assert.Check(t, is.Equal(nid, typ.NetworkID))
+			assert.Check(t, is.Equal(key, typ.Key))
+		}
+	case <-time.After(time.Second):
+		t.Fail()
+		return
+	}
+}
+
+func TestNetworkDBSimple(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 2, "node", DefaultConfig())
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBJoinLeaveNetwork(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 2, "node", DefaultConfig())
+
+	err := dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, "network1", true)
+
+	err = dbs[0].LeaveNetwork("network1")
+	assert.NilError(t, err)
+
+	dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, "network1", false)
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBJoinLeaveNetworks(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 2, "node", DefaultConfig())
+
+	n := 10
+	for i := 1; i <= n; i++ {
+		err := dbs[0].JoinNetwork(fmt.Sprintf("network0%d", i))
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		err := dbs[1].JoinNetwork(fmt.Sprintf("network1%d", i))
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, fmt.Sprintf("network0%d", i), true)
+	}
+
+	for i := 1; i <= n; i++ {
+		dbs[0].verifyNetworkExistence(t, dbs[1].config.NodeID, fmt.Sprintf("network1%d", i), true)
+	}
+
+	for i := 1; i <= n; i++ {
+		err := dbs[0].LeaveNetwork(fmt.Sprintf("network0%d", i))
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		err := dbs[1].LeaveNetwork(fmt.Sprintf("network1%d", i))
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, fmt.Sprintf("network0%d", i), false)
+	}
+
+	for i := 1; i <= n; i++ {
+		dbs[0].verifyNetworkExistence(t, dbs[1].config.NodeID, fmt.Sprintf("network1%d", i), false)
+	}
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBCRUDTableEntry(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 3, "node", DefaultConfig())
+
+	err := dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, "network1", true)
+
+	err = dbs[1].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	err = dbs[0].CreateEntry("test_table", "network1", "test_key", []byte("test_value"))
+	assert.NilError(t, err)
+
+	dbs[1].verifyEntryExistence(t, "test_table", "network1", "test_key", "test_value", true)
+	dbs[2].verifyEntryExistence(t, "test_table", "network1", "test_key", "test_value", false)
+
+	err = dbs[0].UpdateEntry("test_table", "network1", "test_key", []byte("test_updated_value"))
+	assert.NilError(t, err)
+
+	dbs[1].verifyEntryExistence(t, "test_table", "network1", "test_key", "test_updated_value", true)
+
+	err = dbs[0].DeleteEntry("test_table", "network1", "test_key")
+	assert.NilError(t, err)
+
+	dbs[1].verifyEntryExistence(t, "test_table", "network1", "test_key", "", false)
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBCRUDTableEntries(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 2, "node", DefaultConfig())
+
+	err := dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, "network1", true)
+
+	err = dbs[1].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	dbs[0].verifyNetworkExistence(t, dbs[1].config.NodeID, "network1", true)
+
+	n := 10
+	for i := 1; i <= n; i++ {
+		err = dbs[0].CreateEntry("test_table", "network1",
+			fmt.Sprintf("test_key0%d", i),
+			[]byte(fmt.Sprintf("test_value0%d", i)))
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		err = dbs[1].CreateEntry("test_table", "network1",
+			fmt.Sprintf("test_key1%d", i),
+			[]byte(fmt.Sprintf("test_value1%d", i)))
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		dbs[0].verifyEntryExistence(t, "test_table", "network1",
+			fmt.Sprintf("test_key1%d", i),
+			fmt.Sprintf("test_value1%d", i), true)
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		dbs[1].verifyEntryExistence(t, "test_table", "network1",
+			fmt.Sprintf("test_key0%d", i),
+			fmt.Sprintf("test_value0%d", i), true)
+		assert.NilError(t, err)
+	}
+
+	// Verify deletes
+	for i := 1; i <= n; i++ {
+		err = dbs[0].DeleteEntry("test_table", "network1",
+			fmt.Sprintf("test_key0%d", i))
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		err = dbs[1].DeleteEntry("test_table", "network1",
+			fmt.Sprintf("test_key1%d", i))
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		dbs[0].verifyEntryExistence(t, "test_table", "network1",
+			fmt.Sprintf("test_key1%d", i), "", false)
+		assert.NilError(t, err)
+	}
+
+	for i := 1; i <= n; i++ {
+		dbs[1].verifyEntryExistence(t, "test_table", "network1",
+			fmt.Sprintf("test_key0%d", i), "", false)
+		assert.NilError(t, err)
+	}
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBNodeLeave(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 2, "node", DefaultConfig())
+
+	err := dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	err = dbs[1].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	err = dbs[0].CreateEntry("test_table", "network1", "test_key", []byte("test_value"))
+	assert.NilError(t, err)
+
+	dbs[1].verifyEntryExistence(t, "test_table", "network1", "test_key", "test_value", true)
+
+	dbs[0].Close()
+	dbs[1].verifyEntryExistence(t, "test_table", "network1", "test_key", "test_value", false)
+	dbs[1].Close()
+}
+
+func TestNetworkDBWatch(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 2, "node", DefaultConfig())
+	err := dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	err = dbs[1].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	ch, cancel := dbs[1].Watch("", "", "")
+
+	err = dbs[0].CreateEntry("test_table", "network1", "test_key", []byte("test_value"))
+	assert.NilError(t, err)
+
+	testWatch(t, ch.C, CreateEvent{}, "test_table", "network1", "test_key", "test_value")
+
+	err = dbs[0].UpdateEntry("test_table", "network1", "test_key", []byte("test_updated_value"))
+	assert.NilError(t, err)
+
+	testWatch(t, ch.C, UpdateEvent{}, "test_table", "network1", "test_key", "test_updated_value")
+
+	err = dbs[0].DeleteEntry("test_table", "network1", "test_key")
+	assert.NilError(t, err)
+
+	testWatch(t, ch.C, DeleteEvent{}, "test_table", "network1", "test_key", "")
+
+	cancel()
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBBulkSync(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 2, "node", DefaultConfig())
+
+	err := dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, "network1", true)
+
+	n := 1000
+	for i := 1; i <= n; i++ {
+		err = dbs[0].CreateEntry("test_table", "network1",
+			fmt.Sprintf("test_key0%d", i),
+			[]byte(fmt.Sprintf("test_value0%d", i)))
+		assert.NilError(t, err)
+	}
+
+	err = dbs[1].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	dbs[0].verifyNetworkExistence(t, dbs[1].config.NodeID, "network1", true)
+
+	for i := 1; i <= n; i++ {
+		dbs[1].verifyEntryExistence(t, "test_table", "network1",
+			fmt.Sprintf("test_key0%d", i),
+			fmt.Sprintf("test_value0%d", i), true)
+		assert.NilError(t, err)
+	}
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBCRUDMediumCluster(t *testing.T) {
+	n := 5
+
+	dbs := createNetworkDBInstances(t, n, "node", DefaultConfig())
+
+	for i := 0; i < n; i++ {
+		for j := 0; j < n; j++ {
+			if i == j {
+				continue
+			}
+
+			dbs[i].verifyNodeExistence(t, dbs[j].config.NodeID, true)
+		}
+	}
+
+	for i := 0; i < n; i++ {
+		err := dbs[i].JoinNetwork("network1")
+		assert.NilError(t, err)
+	}
+
+	for i := 0; i < n; i++ {
+		for j := 0; j < n; j++ {
+			dbs[i].verifyNetworkExistence(t, dbs[j].config.NodeID, "network1", true)
+		}
+	}
+
+	err := dbs[0].CreateEntry("test_table", "network1", "test_key", []byte("test_value"))
+	assert.NilError(t, err)
+
+	for i := 1; i < n; i++ {
+		dbs[i].verifyEntryExistence(t, "test_table", "network1", "test_key", "test_value", true)
+	}
+
+	err = dbs[0].UpdateEntry("test_table", "network1", "test_key", []byte("test_updated_value"))
+	assert.NilError(t, err)
+
+	for i := 1; i < n; i++ {
+		dbs[i].verifyEntryExistence(t, "test_table", "network1", "test_key", "test_updated_value", true)
+	}
+
+	err = dbs[0].DeleteEntry("test_table", "network1", "test_key")
+	assert.NilError(t, err)
+
+	for i := 1; i < n; i++ {
+		dbs[i].verifyEntryExistence(t, "test_table", "network1", "test_key", "", false)
+	}
+
+	for i := 1; i < n; i++ {
+		_, err = dbs[i].GetEntry("test_table", "network1", "test_key")
+		assert.Check(t, is.ErrorContains(err, ""))
+		assert.Check(t, is.Contains(err.Error(), "deleted and pending garbage collection"), err)
+	}
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBNodeJoinLeaveIteration(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 2, "node", DefaultConfig())
+
+	// Single node Join/Leave
+	err := dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	if len(dbs[0].networkNodes["network1"]) != 1 {
+		t.Fatalf("The networkNodes list has to have be 1 instead of %d", len(dbs[0].networkNodes["network1"]))
+	}
+
+	err = dbs[0].LeaveNetwork("network1")
+	assert.NilError(t, err)
+
+	if len(dbs[0].networkNodes["network1"]) != 0 {
+		t.Fatalf("The networkNodes list has to have be 0 instead of %d", len(dbs[0].networkNodes["network1"]))
+	}
+
+	// Multiple nodes Join/Leave
+	err = dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	err = dbs[1].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	// Wait for the propagation on db[0]
+	dbs[0].verifyNetworkExistence(t, dbs[1].config.NodeID, "network1", true)
+	if len(dbs[0].networkNodes["network1"]) != 2 {
+		t.Fatalf("The networkNodes list has to have be 2 instead of %d - %v", len(dbs[0].networkNodes["network1"]), dbs[0].networkNodes["network1"])
+	}
+	if n, ok := dbs[0].networks[dbs[0].config.NodeID]["network1"]; !ok || n.leaving {
+		t.Fatalf("The network should not be marked as leaving:%t", n.leaving)
+	}
+
+	// Wait for the propagation on db[1]
+	dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, "network1", true)
+	if len(dbs[1].networkNodes["network1"]) != 2 {
+		t.Fatalf("The networkNodes list has to have be 2 instead of %d - %v", len(dbs[1].networkNodes["network1"]), dbs[1].networkNodes["network1"])
+	}
+	if n, ok := dbs[1].networks[dbs[1].config.NodeID]["network1"]; !ok || n.leaving {
+		t.Fatalf("The network should not be marked as leaving:%t", n.leaving)
+	}
+
+	// Try a quick leave/join
+	err = dbs[0].LeaveNetwork("network1")
+	assert.NilError(t, err)
+	err = dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	dbs[0].verifyNetworkExistence(t, dbs[1].config.NodeID, "network1", true)
+	if len(dbs[0].networkNodes["network1"]) != 2 {
+		t.Fatalf("The networkNodes list has to have be 2 instead of %d - %v", len(dbs[0].networkNodes["network1"]), dbs[0].networkNodes["network1"])
+	}
+
+	dbs[1].verifyNetworkExistence(t, dbs[0].config.NodeID, "network1", true)
+	if len(dbs[1].networkNodes["network1"]) != 2 {
+		t.Fatalf("The networkNodes list has to have be 2 instead of %d - %v", len(dbs[1].networkNodes["network1"]), dbs[1].networkNodes["network1"])
+	}
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBGarbageCollection(t *testing.T) {
+	keysWriteDelete := 5
+	config := DefaultConfig()
+	config.reapEntryInterval = 30 * time.Second
+	config.StatsPrintPeriod = 15 * time.Second
+
+	dbs := createNetworkDBInstances(t, 3, "node", config)
+
+	// 2 Nodes join network
+	err := dbs[0].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	err = dbs[1].JoinNetwork("network1")
+	assert.NilError(t, err)
+
+	for i := 0; i < keysWriteDelete; i++ {
+		err = dbs[i%2].CreateEntry("testTable", "network1", "key-"+strconv.Itoa(i), []byte("value"))
+		assert.NilError(t, err)
+	}
+	time.Sleep(time.Second)
+	for i := 0; i < keysWriteDelete; i++ {
+		err = dbs[i%2].DeleteEntry("testTable", "network1", "key-"+strconv.Itoa(i))
+		assert.NilError(t, err)
+	}
+	for i := 0; i < 2; i++ {
+		assert.Check(t, is.Equal(keysWriteDelete, dbs[i].networks[dbs[i].config.NodeID]["network1"].entriesNumber), "entries number should match")
+	}
+
+	// from this point the timer for the garbage collection started, wait 5 seconds and then join a new node
+	time.Sleep(5 * time.Second)
+
+	err = dbs[2].JoinNetwork("network1")
+	assert.NilError(t, err)
+	for i := 0; i < 3; i++ {
+		assert.Check(t, is.Equal(keysWriteDelete, dbs[i].networks[dbs[i].config.NodeID]["network1"].entriesNumber), "entries number should match")
+	}
+	// at this point the entries should had been all deleted
+	time.Sleep(30 * time.Second)
+	for i := 0; i < 3; i++ {
+		assert.Check(t, is.Equal(0, dbs[i].networks[dbs[i].config.NodeID]["network1"].entriesNumber), "entries should had been garbage collected")
+	}
+
+	// make sure that entries are not coming back
+	time.Sleep(15 * time.Second)
+	for i := 0; i < 3; i++ {
+		assert.Check(t, is.Equal(0, dbs[i].networks[dbs[i].config.NodeID]["network1"].entriesNumber), "entries should had been garbage collected")
+	}
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestFindNode(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 1, "node", DefaultConfig())
+
+	dbs[0].nodes["active"] = &node{Node: memberlist.Node{Name: "active"}}
+	dbs[0].failedNodes["failed"] = &node{Node: memberlist.Node{Name: "failed"}}
+	dbs[0].leftNodes["left"] = &node{Node: memberlist.Node{Name: "left"}}
+
+	// active nodes is 2 because the testing node is in the list
+	assert.Check(t, is.Len(dbs[0].nodes, 2))
+	assert.Check(t, is.Len(dbs[0].failedNodes, 1))
+	assert.Check(t, is.Len(dbs[0].leftNodes, 1))
+
+	n, currState, m := dbs[0].findNode("active")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal("active", n.Name))
+	assert.Check(t, is.Equal(nodeActiveState, currState))
+	assert.Check(t, m != nil)
+	// delete the entry manually
+	delete(m, "active")
+
+	// test if can be still find
+	n, currState, m = dbs[0].findNode("active")
+	assert.Check(t, is.Nil(n))
+	assert.Check(t, is.Equal(nodeNotFound, currState))
+	assert.Check(t, is.Nil(m))
+
+	n, currState, m = dbs[0].findNode("failed")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal("failed", n.Name))
+	assert.Check(t, is.Equal(nodeFailedState, currState))
+	assert.Check(t, m != nil)
+
+	// find and remove
+	n, currState, m = dbs[0].findNode("left")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal("left", n.Name))
+	assert.Check(t, is.Equal(nodeLeftState, currState))
+	assert.Check(t, m != nil)
+	delete(m, "left")
+
+	n, currState, m = dbs[0].findNode("left")
+	assert.Check(t, is.Nil(n))
+	assert.Check(t, is.Equal(nodeNotFound, currState))
+	assert.Check(t, is.Nil(m))
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestChangeNodeState(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 1, "node", DefaultConfig())
+
+	dbs[0].nodes["node1"] = &node{Node: memberlist.Node{Name: "node1"}}
+	dbs[0].nodes["node2"] = &node{Node: memberlist.Node{Name: "node2"}}
+	dbs[0].nodes["node3"] = &node{Node: memberlist.Node{Name: "node3"}}
+
+	// active nodes is 4 because the testing node is in the list
+	assert.Check(t, is.Len(dbs[0].nodes, 4))
+
+	n, currState, m := dbs[0].findNode("node1")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal(nodeActiveState, currState))
+	assert.Check(t, is.Equal("node1", n.Name))
+	assert.Check(t, m != nil)
+
+	// node1 to failed
+	dbs[0].changeNodeState("node1", nodeFailedState)
+
+	n, currState, m = dbs[0].findNode("node1")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal(nodeFailedState, currState))
+	assert.Check(t, is.Equal("node1", n.Name))
+	assert.Check(t, m != nil)
+	assert.Check(t, time.Duration(0) != n.reapTime)
+
+	// node1 back to active
+	dbs[0].changeNodeState("node1", nodeActiveState)
+
+	n, currState, m = dbs[0].findNode("node1")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal(nodeActiveState, currState))
+	assert.Check(t, is.Equal("node1", n.Name))
+	assert.Check(t, m != nil)
+	assert.Check(t, is.Equal(time.Duration(0), n.reapTime))
+
+	// node1 to left
+	dbs[0].changeNodeState("node1", nodeLeftState)
+	dbs[0].changeNodeState("node2", nodeLeftState)
+	dbs[0].changeNodeState("node3", nodeLeftState)
+
+	n, currState, m = dbs[0].findNode("node1")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal(nodeLeftState, currState))
+	assert.Check(t, is.Equal("node1", n.Name))
+	assert.Check(t, m != nil)
+	assert.Check(t, time.Duration(0) != n.reapTime)
+
+	n, currState, m = dbs[0].findNode("node2")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal(nodeLeftState, currState))
+	assert.Check(t, is.Equal("node2", n.Name))
+	assert.Check(t, m != nil)
+	assert.Check(t, time.Duration(0) != n.reapTime)
+
+	n, currState, m = dbs[0].findNode("node3")
+	assert.Check(t, n != nil)
+	assert.Check(t, is.Equal(nodeLeftState, currState))
+	assert.Check(t, is.Equal("node3", n.Name))
+	assert.Check(t, m != nil)
+	assert.Check(t, time.Duration(0) != n.reapTime)
+
+	// active nodes is 1 because the testing node is in the list
+	assert.Check(t, is.Len(dbs[0].nodes, 1))
+	assert.Check(t, is.Len(dbs[0].failedNodes, 0))
+	assert.Check(t, is.Len(dbs[0].leftNodes, 3))
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNodeReincarnation(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 1, "node", DefaultConfig())
+
+	dbs[0].nodes["node1"] = &node{Node: memberlist.Node{Name: "node1", Addr: net.ParseIP("192.168.1.1")}}
+	dbs[0].leftNodes["node2"] = &node{Node: memberlist.Node{Name: "node2", Addr: net.ParseIP("192.168.1.2")}}
+	dbs[0].failedNodes["node3"] = &node{Node: memberlist.Node{Name: "node3", Addr: net.ParseIP("192.168.1.3")}}
+
+	// active nodes is 2 because the testing node is in the list
+	assert.Check(t, is.Len(dbs[0].nodes, 2))
+	assert.Check(t, is.Len(dbs[0].failedNodes, 1))
+	assert.Check(t, is.Len(dbs[0].leftNodes, 1))
+
+	b := dbs[0].purgeReincarnation(&memberlist.Node{Name: "node4", Addr: net.ParseIP("192.168.1.1")})
+	assert.Check(t, b)
+	dbs[0].nodes["node4"] = &node{Node: memberlist.Node{Name: "node4", Addr: net.ParseIP("192.168.1.1")}}
+
+	b = dbs[0].purgeReincarnation(&memberlist.Node{Name: "node5", Addr: net.ParseIP("192.168.1.2")})
+	assert.Check(t, b)
+	dbs[0].nodes["node5"] = &node{Node: memberlist.Node{Name: "node5", Addr: net.ParseIP("192.168.1.1")}}
+
+	b = dbs[0].purgeReincarnation(&memberlist.Node{Name: "node6", Addr: net.ParseIP("192.168.1.3")})
+	assert.Check(t, b)
+	dbs[0].nodes["node6"] = &node{Node: memberlist.Node{Name: "node6", Addr: net.ParseIP("192.168.1.1")}}
+
+	b = dbs[0].purgeReincarnation(&memberlist.Node{Name: "node6", Addr: net.ParseIP("192.168.1.10")})
+	assert.Check(t, !b)
+
+	// active nodes is 1 because the testing node is in the list
+	assert.Check(t, is.Len(dbs[0].nodes, 4))
+	assert.Check(t, is.Len(dbs[0].failedNodes, 0))
+	assert.Check(t, is.Len(dbs[0].leftNodes, 3))
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestParallelCreate(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 1, "node", DefaultConfig())
+
+	startCh := make(chan int)
+	doneCh := make(chan error)
+	var success int32
+	for i := 0; i < 20; i++ {
+		go func() {
+			<-startCh
+			err := dbs[0].CreateEntry("testTable", "testNetwork", "key", []byte("value"))
+			if err == nil {
+				atomic.AddInt32(&success, 1)
+			}
+			doneCh <- err
+		}()
+	}
+
+	close(startCh)
+
+	for i := 0; i < 20; i++ {
+		<-doneCh
+	}
+	close(doneCh)
+	// Only 1 write should have succeeded
+	assert.Check(t, is.Equal(int32(1), success))
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestParallelDelete(t *testing.T) {
+	dbs := createNetworkDBInstances(t, 1, "node", DefaultConfig())
+
+	err := dbs[0].CreateEntry("testTable", "testNetwork", "key", []byte("value"))
+	assert.NilError(t, err)
+
+	startCh := make(chan int)
+	doneCh := make(chan error)
+	var success int32
+	for i := 0; i < 20; i++ {
+		go func() {
+			<-startCh
+			err := dbs[0].DeleteEntry("testTable", "testNetwork", "key")
+			if err == nil {
+				atomic.AddInt32(&success, 1)
+			}
+			doneCh <- err
+		}()
+	}
+
+	close(startCh)
+
+	for i := 0; i < 20; i++ {
+		<-doneCh
+	}
+	close(doneCh)
+	// Only 1 write should have succeeded
+	assert.Check(t, is.Equal(int32(1), success))
+
+	closeNetworkDBInstances(t, dbs)
+}
+
+func TestNetworkDBIslands(t *testing.T) {
+	pollTimeout := func() time.Duration {
+		const defaultTimeout = 120 * time.Second
+		dl, ok := t.Deadline()
+		if !ok {
+			return defaultTimeout
+		}
+		if d := time.Until(dl); d <= defaultTimeout {
+			return d
+		}
+		return defaultTimeout
+	}
+
+	logrus.SetLevel(logrus.DebugLevel)
+	conf := DefaultConfig()
+	// Shorten durations to speed up test execution.
+	conf.rejoinClusterDuration = conf.rejoinClusterDuration / 10
+	conf.rejoinClusterInterval = conf.rejoinClusterInterval / 10
+	dbs := createNetworkDBInstances(t, 5, "node", conf)
+
+	// Get the node IP used currently
+	node := dbs[0].nodes[dbs[0].config.NodeID]
+	baseIPStr := node.Addr.String()
+	// Node 0,1,2 are going to be the 3 bootstrap nodes
+	members := []string{fmt.Sprintf("%s:%d", baseIPStr, dbs[0].config.BindPort),
+		fmt.Sprintf("%s:%d", baseIPStr, dbs[1].config.BindPort),
+		fmt.Sprintf("%s:%d", baseIPStr, dbs[2].config.BindPort)}
+	// Rejoining will update the list of the bootstrap members
+	for i := 3; i < 5; i++ {
+		t.Logf("Re-joining: %d", i)
+		assert.Check(t, dbs[i].Join(members))
+	}
+
+	// Now the 3 bootstrap nodes will cleanly leave, and will be properly removed from the other 2 nodes
+	for i := 0; i < 3; i++ {
+		logrus.Infof("node %d leaving", i)
+		dbs[i].Close()
+	}
+
+	checkDBs := make(map[string]*NetworkDB)
+	for i := 3; i < 5; i++ {
+		db := dbs[i]
+		checkDBs[db.config.Hostname] = db
+	}
+
+	// Give some time to let the system propagate the messages and free up the ports
+	check := func(t poll.LogT) poll.Result {
+		// Verify that the nodes are actually all gone and marked appropiately
+		for name, db := range checkDBs {
+			db.RLock()
+			if (len(db.leftNodes) != 3) || (len(db.failedNodes) != 0) {
+				for name := range db.leftNodes {
+					t.Logf("%s: Node %s left", db.config.Hostname, name)
+				}
+				for name := range db.failedNodes {
+					t.Logf("%s: Node %s failed", db.config.Hostname, name)
+				}
+				db.RUnlock()
+				return poll.Continue("%s:Waiting for all nodes to cleanly leave, left: %d, failed nodes: %d", name, len(db.leftNodes), len(db.failedNodes))
+			}
+			db.RUnlock()
+			t.Logf("%s: OK", name)
+			delete(checkDBs, name)
+		}
+		return poll.Success()
+	}
+	poll.WaitOn(t, check, poll.WithDelay(time.Second), poll.WithTimeout(pollTimeout()))
+
+	// Spawn again the first 3 nodes with different names but same IP:port
+	for i := 0; i < 3; i++ {
+		logrus.Infof("node %d coming back", i)
+		dbs[i].config.NodeID = stringid.TruncateID(stringid.GenerateRandomID())
+		dbs[i] = launchNode(t, *dbs[i].config)
+	}
+
+	// Give some time for the reconnect routine to run, it runs every 6s.
+	check = func(t poll.LogT) poll.Result {
+		// Verify that the cluster is again all connected. Note that the 3 previous node did not do any join
+		for i := 0; i < 5; i++ {
+			db := dbs[i]
+			db.RLock()
+			if len(db.nodes) != 5 {
+				db.RUnlock()
+				return poll.Continue("%s:Waiting to connect to all nodes", dbs[i].config.Hostname)
+			}
+			if len(db.failedNodes) != 0 {
+				db.RUnlock()
+				return poll.Continue("%s:Waiting for 0 failedNodes", dbs[i].config.Hostname)
+			}
+			if i < 3 {
+				// nodes from 0 to 3 has no left nodes
+				if len(db.leftNodes) != 0 {
+					db.RUnlock()
+					return poll.Continue("%s:Waiting to have no leftNodes", dbs[i].config.Hostname)
+				}
+			} else {
+				// nodes from 4 to 5 has the 3 previous left nodes
+				if len(db.leftNodes) != 3 {
+					db.RUnlock()
+					return poll.Continue("%s:Waiting to have 3 leftNodes", dbs[i].config.Hostname)
+				}
+			}
+			db.RUnlock()
+		}
+		return poll.Success()
+	}
+	poll.WaitOn(t, check, poll.WithDelay(time.Second), poll.WithTimeout(pollTimeout()))
+	closeNetworkDBInstances(t, dbs)
+}
diff --git a/vendor/github.com/docker/libnetwork/networkdb/networkdbdiagnostic.go b/libnetwork/networkdb/networkdbdiagnostic.go
similarity index 99%
rename from vendor/github.com/docker/libnetwork/networkdb/networkdbdiagnostic.go
rename to libnetwork/networkdb/networkdbdiagnostic.go
index ea90c5a0e8df9..f7299303149a1 100644
--- a/vendor/github.com/docker/libnetwork/networkdb/networkdbdiagnostic.go
+++ b/libnetwork/networkdb/networkdbdiagnostic.go
@@ -6,8 +6,8 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/docker/libnetwork/diagnostic"
-	"github.com/docker/libnetwork/internal/caller"
+	"github.com/docker/docker/libnetwork/diagnostic"
+	"github.com/docker/docker/libnetwork/internal/caller"
 	"github.com/sirupsen/logrus"
 )
 
diff --git a/vendor/github.com/docker/libnetwork/networkdb/nodemgmt.go b/libnetwork/networkdb/nodemgmt.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/networkdb/nodemgmt.go
rename to libnetwork/networkdb/nodemgmt.go
diff --git a/vendor/github.com/docker/libnetwork/networkdb/watch.go b/libnetwork/networkdb/watch.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/networkdb/watch.go
rename to libnetwork/networkdb/watch.go
diff --git a/vendor/github.com/docker/libnetwork/ns/init_linux.go b/libnetwork/ns/init_linux.go
similarity index 82%
rename from vendor/github.com/docker/libnetwork/ns/init_linux.go
rename to libnetwork/ns/init_linux.go
index 567a6242ac197..1d08a02f52991 100644
--- a/vendor/github.com/docker/libnetwork/ns/init_linux.go
+++ b/libnetwork/ns/init_linux.go
@@ -76,12 +76,8 @@ func NlHandle() *netlink.Handle {
 func getSupportedNlFamilies() []int {
 	fams := []int{syscall.NETLINK_ROUTE}
 	// NETLINK_XFRM test
-	if err := loadXfrmModules(); err != nil {
-		if checkXfrmSocket() != nil {
-			logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
-		} else {
-			fams = append(fams, syscall.NETLINK_XFRM)
-		}
+	if err := checkXfrmSocket(); err != nil {
+		logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
 	} else {
 		fams = append(fams, syscall.NETLINK_XFRM)
 	}
@@ -99,16 +95,6 @@ func getSupportedNlFamilies() []int {
 	return fams
 }
 
-func loadXfrmModules() error {
-	if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil {
-		return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
-	}
-	if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil {
-		return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
-	}
-	return nil
-}
-
 // API check on required xfrm modules (xfrm_user, xfrm_algo)
 func checkXfrmSocket() error {
 	fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM)
diff --git a/vendor/github.com/docker/libnetwork/ns/init_windows.go b/libnetwork/ns/init_windows.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/ns/init_windows.go
rename to libnetwork/ns/init_windows.go
diff --git a/vendor/github.com/docker/libnetwork/options/options.go b/libnetwork/options/options.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/options/options.go
rename to libnetwork/options/options.go
diff --git a/libnetwork/options/options_test.go b/libnetwork/options/options_test.go
new file mode 100644
index 0000000000000..bff0c023e906a
--- /dev/null
+++ b/libnetwork/options/options_test.go
@@ -0,0 +1,106 @@
+package options
+
+import (
+	"reflect"
+	"strings"
+	"testing"
+)
+
+func TestGenerate(t *testing.T) {
+	gen := NewGeneric()
+	gen["Int"] = 1
+	gen["Rune"] = 'b'
+	gen["Float64"] = 2.0
+
+	type Model struct {
+		Int     int
+		Rune    rune
+		Float64 float64
+	}
+
+	result, err := GenerateFromModel(gen, Model{})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cast, ok := result.(Model)
+	if !ok {
+		t.Fatalf("result has unexpected type %s", reflect.TypeOf(result))
+	}
+	if expected := 1; cast.Int != expected {
+		t.Fatalf("wrong value for field Int: expected %v, got %v", expected, cast.Int)
+	}
+	if expected := 'b'; cast.Rune != expected {
+		t.Fatalf("wrong value for field Rune: expected %v, got %v", expected, cast.Rune)
+	}
+	if expected := 2.0; cast.Float64 != expected {
+		t.Fatalf("wrong value for field Int: expected %v, got %v", expected, cast.Float64)
+	}
+}
+
+func TestGeneratePtr(t *testing.T) {
+	gen := NewGeneric()
+	gen["Int"] = 1
+	gen["Rune"] = 'b'
+	gen["Float64"] = 2.0
+
+	type Model struct {
+		Int     int
+		Rune    rune
+		Float64 float64
+	}
+
+	result, err := GenerateFromModel(gen, &Model{})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cast, ok := result.(*Model)
+	if !ok {
+		t.Fatalf("result has unexpected type %s", reflect.TypeOf(result))
+	}
+	if expected := 1; cast.Int != expected {
+		t.Fatalf("wrong value for field Int: expected %v, got %v", expected, cast.Int)
+	}
+	if expected := 'b'; cast.Rune != expected {
+		t.Fatalf("wrong value for field Rune: expected %v, got %v", expected, cast.Rune)
+	}
+	if expected := 2.0; cast.Float64 != expected {
+		t.Fatalf("wrong value for field Int: expected %v, got %v", expected, cast.Float64)
+	}
+}
+
+func TestGenerateMissingField(t *testing.T) {
+	type Model struct{}
+	_, err := GenerateFromModel(Generic{"foo": "bar"}, Model{})
+
+	if _, ok := err.(NoSuchFieldError); !ok {
+		t.Fatalf("expected NoSuchFieldError, got %#v", err)
+	} else if expected := "no field"; !strings.Contains(err.Error(), expected) {
+		t.Fatalf("expected %q in error message, got %s", expected, err.Error())
+	}
+}
+
+func TestFieldCannotBeSet(t *testing.T) {
+	type Model struct{ foo int } // nolint:structcheck
+	_, err := GenerateFromModel(Generic{"foo": "bar"}, Model{})
+
+	if _, ok := err.(CannotSetFieldError); !ok {
+		t.Fatalf("expected CannotSetFieldError, got %#v", err)
+	} else if expected := "cannot set field"; !strings.Contains(err.Error(), expected) {
+		t.Fatalf("expected %q in error message, got %s", expected, err.Error())
+	}
+}
+
+func TestTypeMismatchError(t *testing.T) {
+	type Model struct{ Foo int }
+	_, err := GenerateFromModel(Generic{"Foo": "bar"}, Model{})
+
+	if _, ok := err.(TypeMismatchError); !ok {
+		t.Fatalf("expected TypeMismatchError, got %#v", err)
+	} else if expected := "type mismatch"; !strings.Contains(err.Error(), expected) {
+		t.Fatalf("expected %q in error message, got %s", expected, err.Error())
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/osl/interface_freebsd.go b/libnetwork/osl/interface_freebsd.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/osl/interface_freebsd.go
rename to libnetwork/osl/interface_freebsd.go
diff --git a/vendor/github.com/docker/libnetwork/osl/interface_linux.go b/libnetwork/osl/interface_linux.go
similarity index 96%
rename from vendor/github.com/docker/libnetwork/osl/interface_linux.go
rename to libnetwork/osl/interface_linux.go
index 4f8ff3d639108..1cfe83c57c630 100644
--- a/vendor/github.com/docker/libnetwork/osl/interface_linux.go
+++ b/libnetwork/osl/interface_linux.go
@@ -8,8 +8,8 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 	"github.com/vishvananda/netns"
@@ -193,12 +193,12 @@ func (i *nwIface) Statistics() (*types.InterfaceStatistics, error) {
 	}
 
 	return &types.InterfaceStatistics{
-		RxBytes:   uint64(stats.RxBytes),
-		TxBytes:   uint64(stats.TxBytes),
-		RxPackets: uint64(stats.RxPackets),
-		TxPackets: uint64(stats.TxPackets),
-		RxDropped: uint64(stats.RxDropped),
-		TxDropped: uint64(stats.TxDropped),
+		RxBytes:   stats.RxBytes,
+		TxBytes:   stats.TxBytes,
+		RxPackets: stats.RxPackets,
+		TxPackets: stats.TxPackets,
+		RxDropped: stats.RxDropped,
+		TxDropped: stats.TxDropped,
 	}, nil
 }
 
@@ -422,8 +422,7 @@ func setInterfaceRoutes(nlh *netlink.Handle, iface netlink.Link, i *nwIface) err
 // we cannot gather the statistics from /sys/class/net/<dev>/statistics/<counter> files. Per-netns stats
 // are naturally found in /proc/net/dev in kernels which support netns (ifconfig relies on that).
 const (
-	netStatsFile = "/proc/net/dev"
-	base         = "[ ]*%s:([ ]+[0-9]+){16}"
+	base = "[ ]*%s:([ ]+[0-9]+){16}"
 )
 
 func scanInterfaceStats(data, ifName string, i *types.InterfaceStatistics) error {
diff --git a/vendor/github.com/docker/libnetwork/osl/interface_windows.go b/libnetwork/osl/interface_windows.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/osl/interface_windows.go
rename to libnetwork/osl/interface_windows.go
diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs.go b/libnetwork/osl/kernel/knobs.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/osl/kernel/knobs.go
rename to libnetwork/osl/kernel/knobs.go
diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go b/libnetwork/osl/kernel/knobs_linux.go
similarity index 89%
rename from vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go
rename to libnetwork/osl/kernel/knobs_linux.go
index 964280650c580..163dad746e1a2 100644
--- a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go
+++ b/libnetwork/osl/kernel/knobs_linux.go
@@ -1,7 +1,7 @@
 package kernel
 
 import (
-	"io/ioutil"
+	"os"
 	"path"
 	"strings"
 
@@ -12,13 +12,13 @@ import (
 // For e.g. net.ipv4.ip_forward translated to /proc/sys/net/ipv4/ip_forward.
 func writeSystemProperty(key, value string) error {
 	keyPath := strings.Replace(key, ".", "/", -1)
-	return ioutil.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0644)
+	return os.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0644)
 }
 
 // readSystemProperty reads the value from the path under /proc/sys and returns it
 func readSystemProperty(key string) (string, error) {
 	keyPath := strings.Replace(key, ".", "/", -1)
-	value, err := ioutil.ReadFile(path.Join("/proc/sys", keyPath))
+	value, err := os.ReadFile(path.Join("/proc/sys", keyPath))
 	if err != nil {
 		return "", err
 	}
diff --git a/libnetwork/osl/kernel/knobs_linux_test.go b/libnetwork/osl/kernel/knobs_linux_test.go
new file mode 100644
index 0000000000000..b6b5d856f8726
--- /dev/null
+++ b/libnetwork/osl/kernel/knobs_linux_test.go
@@ -0,0 +1,32 @@
+package kernel
+
+import (
+	"testing"
+
+	"github.com/sirupsen/logrus"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+func TestReadWriteKnobs(t *testing.T) {
+	for _, k := range []string{
+		"net.ipv4.neigh.default.gc_thresh1",
+		"net.ipv4.neigh.default.gc_thresh2",
+		"net.ipv4.neigh.default.gc_thresh3",
+	} {
+		// Check if the test is able to read the value
+		v, err := readSystemProperty(k)
+		if err != nil {
+			logrus.WithError(err).Warnf("Path %v not readable", k)
+			// the path is not there, skip this key
+			continue
+		}
+		// Test the write
+		assert.Check(t, writeSystemProperty(k, "10000"))
+		newV, err := readSystemProperty(k)
+		assert.NilError(t, err)
+		assert.Check(t, is.Equal(newV, "10000"))
+		// Restore value
+		assert.Check(t, writeSystemProperty(k, v))
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go b/libnetwork/osl/kernel/knobs_unsupported.go
similarity index 89%
rename from vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go
rename to libnetwork/osl/kernel/knobs_unsupported.go
index 32f258f41625d..f0403b7ce0698 100644
--- a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go
+++ b/libnetwork/osl/kernel/knobs_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package kernel
diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go b/libnetwork/osl/namespace_linux.go
similarity index 93%
rename from vendor/github.com/docker/libnetwork/osl/namespace_linux.go
rename to libnetwork/osl/namespace_linux.go
index 3879b03444a61..1a8eeaec97493 100644
--- a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go
+++ b/libnetwork/osl/namespace_linux.go
@@ -1,8 +1,8 @@
 package osl
 
 import (
+	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@@ -14,13 +14,14 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/osl/kernel"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/pkg/reexec"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/osl/kernel"
-	"github.com/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 const defaultPrefix = "/var/run/docker"
@@ -38,9 +39,15 @@ var (
 	gpmChan            = make(chan chan struct{})
 	prefix             = defaultPrefix
 	loadBalancerConfig = map[string]*kernel.OSValue{
+		// disables any special handling on port reuse of existing IPVS connection table entries
+		// more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L25:1
+		"net.ipv4.vs.conn_reuse_mode": {Value: "0", CheckFn: nil},
 		// expires connection from the IPVS connection table when the backend is not available
 		// more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L126:1
-		"net.ipv4.vs.expire_nodest_conn": {"1", nil},
+		"net.ipv4.vs.expire_nodest_conn": {Value: "1", CheckFn: nil},
+		// expires persistent connections to destination servers with weights set to 0
+		// more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L144:1
+		"net.ipv4.vs.expire_quiescent_template": {Value: "1", CheckFn: nil},
 	}
 )
 
@@ -164,7 +171,7 @@ func GenerateKey(containerID string) string {
 			indexStr string
 			tmpkey   string
 		)
-		dir, err := ioutil.ReadDir(basePath())
+		dir, err := os.ReadDir(basePath())
 		if err != nil {
 			return ""
 		}
@@ -331,7 +338,9 @@ func createNetworkNamespace(path string, osCreate bool) error {
 
 func unmountNamespaceFile(path string) {
 	if _, err := os.Stat(path); err == nil {
-		syscall.Unmount(path, syscall.MNT_DETACH)
+		if err := syscall.Unmount(path, syscall.MNT_DETACH); err != nil && !errors.Is(err, unix.EINVAL) {
+			logrus.WithError(err).Error("Error unmounting namespace file")
+		}
 	}
 }
 
@@ -398,12 +407,12 @@ func (n *networkNamespace) DisableARPForVIP(srcName string) (Err error) {
 
 	err := n.InvokeFunc(func() {
 		path := filepath.Join("/proc/sys/net/ipv4/conf", dstName, "arp_ignore")
-		if err := ioutil.WriteFile(path, []byte{'1', '\n'}, 0644); err != nil {
+		if err := os.WriteFile(path, []byte{'1', '\n'}, 0644); err != nil {
 			Err = fmt.Errorf("Failed to set %s to 1: %v", path, err)
 			return
 		}
 		path = filepath.Join("/proc/sys/net/ipv4/conf", dstName, "arp_announce")
-		if err := ioutil.WriteFile(path, []byte{'2', '\n'}, 0644); err != nil {
+		if err := os.WriteFile(path, []byte{'2', '\n'}, 0644); err != nil {
 			Err = fmt.Errorf("Failed to set %s to 2: %v", path, err)
 			return
 		}
@@ -655,7 +664,7 @@ func reexecSetIPv6() {
 		os.Exit(5)
 	}
 
-	if err = ioutil.WriteFile(path, []byte{value, '\n'}, 0644); err != nil {
+	if err = os.WriteFile(path, []byte{value, '\n'}, 0644); err != nil {
 		logrus.Errorf("failed to %s IPv6 forwarding for container's interface %s: %v", action, os.Args[2], err)
 		os.Exit(4)
 	}
diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go b/libnetwork/osl/namespace_unsupported.go
similarity index 90%
rename from vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go
rename to libnetwork/osl/namespace_unsupported.go
index 74372e2492e5f..4179459c136bd 100644
--- a/vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go
+++ b/libnetwork/osl/namespace_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows && !freebsd
 // +build !linux,!windows,!freebsd
 
 package osl
diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_windows.go b/libnetwork/osl/namespace_windows.go
similarity index 81%
rename from vendor/github.com/docker/libnetwork/osl/namespace_windows.go
rename to libnetwork/osl/namespace_windows.go
index 49503c00ffd23..2c30fa4110a73 100644
--- a/vendor/github.com/docker/libnetwork/osl/namespace_windows.go
+++ b/libnetwork/osl/namespace_windows.go
@@ -1,7 +1,5 @@
 package osl
 
-import "testing"
-
 // GenerateKey generates a sandbox key based on the passed
 // container id.
 func GenerateKey(containerID string) string {
@@ -28,11 +26,6 @@ func InitOSContext() func() {
 	return func() {}
 }
 
-// SetupTestOSContext sets up a separate test  OS context in which tests will be executed.
-func SetupTestOSContext(t *testing.T) func() {
-	return func() {}
-}
-
 // SetBasePath sets the base url prefix for the ns path
 func SetBasePath(path string) {
 }
diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go b/libnetwork/osl/neigh_freebsd.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go
rename to libnetwork/osl/neigh_freebsd.go
diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_linux.go b/libnetwork/osl/neigh_linux.go
similarity index 97%
rename from vendor/github.com/docker/libnetwork/osl/neigh_linux.go
rename to libnetwork/osl/neigh_linux.go
index 6bf1c16dc5acc..7105bf6ddea0d 100644
--- a/vendor/github.com/docker/libnetwork/osl/neigh_linux.go
+++ b/libnetwork/osl/neigh_linux.go
@@ -102,7 +102,9 @@ func (n *networkNamespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr,
 			if nh.linkDst != "" {
 				nlnh.LinkIndex = iface.Attrs().Index
 			}
-			nlh.NeighDel(nlnh)
+			if err := nlh.NeighDel(nlnh); err != nil {
+				logrus.WithError(err).Warn("error while deleting neighbor entry")
+			}
 		}
 	}
 
diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_windows.go b/libnetwork/osl/neigh_windows.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/osl/neigh_windows.go
rename to libnetwork/osl/neigh_windows.go
diff --git a/vendor/github.com/docker/libnetwork/osl/options_linux.go b/libnetwork/osl/options_linux.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/osl/options_linux.go
rename to libnetwork/osl/options_linux.go
diff --git a/vendor/github.com/docker/libnetwork/osl/route_linux.go b/libnetwork/osl/route_linux.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/osl/route_linux.go
rename to libnetwork/osl/route_linux.go
index a9ff191b373d0..c1cc543b2df57 100644
--- a/vendor/github.com/docker/libnetwork/osl/route_linux.go
+++ b/libnetwork/osl/route_linux.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/vishvananda/netlink"
 )
 
diff --git a/libnetwork/osl/sandbox.go b/libnetwork/osl/sandbox.go
new file mode 100644
index 0000000000000..e738231d361d6
--- /dev/null
+++ b/libnetwork/osl/sandbox.go
@@ -0,0 +1,191 @@
+// Package osl describes structures and interfaces which abstract os entities
+package osl
+
+import (
+	"net"
+
+	"github.com/docker/docker/libnetwork/types"
+)
+
+// SandboxType specify the time of the sandbox, this can be used to apply special configs
+type SandboxType int
+
+const (
+	// SandboxTypeIngress indicates that the sandbox is for the ingress
+	SandboxTypeIngress = iota
+	// SandboxTypeLoadBalancer indicates that the sandbox is a load balancer
+	SandboxTypeLoadBalancer = iota
+)
+
+// Sandbox represents a network sandbox, identified by a specific key.  It
+// holds a list of Interfaces, routes etc, and more can be added dynamically.
+type Sandbox interface {
+	// The path where the network namespace is mounted.
+	Key() string
+
+	// Add an existing Interface to this sandbox. The operation will rename
+	// from the Interface SrcName to DstName as it moves, and reconfigure the
+	// interface according to the specified settings. The caller is expected
+	// to only provide a prefix for DstName. The AddInterface api will auto-generate
+	// an appropriate suffix for the DstName to disambiguate.
+	AddInterface(SrcName string, DstPrefix string, options ...IfaceOption) error
+
+	// Set default IPv4 gateway for the sandbox
+	SetGateway(gw net.IP) error
+
+	// Set default IPv6 gateway for the sandbox
+	SetGatewayIPv6(gw net.IP) error
+
+	// Unset the previously set default IPv4 gateway in the sandbox
+	UnsetGateway() error
+
+	// Unset the previously set default IPv6 gateway in the sandbox
+	UnsetGatewayIPv6() error
+
+	// GetLoopbackIfaceName returns the name of the loopback interface
+	GetLoopbackIfaceName() string
+
+	// AddAliasIP adds the passed IP address to the named interface
+	AddAliasIP(ifName string, ip *net.IPNet) error
+
+	// RemoveAliasIP removes the passed IP address from the named interface
+	RemoveAliasIP(ifName string, ip *net.IPNet) error
+
+	// DisableARPForVIP disables ARP replies and requests for VIP addresses
+	// on a particular interface
+	DisableARPForVIP(ifName string) error
+
+	// Add a static route to the sandbox.
+	AddStaticRoute(*types.StaticRoute) error
+
+	// Remove a static route from the sandbox.
+	RemoveStaticRoute(*types.StaticRoute) error
+
+	// AddNeighbor adds a neighbor entry into the sandbox.
+	AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, option ...NeighOption) error
+
+	// DeleteNeighbor deletes neighbor entry from the sandbox.
+	DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error
+
+	// Returns an interface with methods to set neighbor options.
+	NeighborOptions() NeighborOptionSetter
+
+	// Returns an interface with methods to set interface options.
+	InterfaceOptions() IfaceOptionSetter
+
+	//Invoke
+	InvokeFunc(func()) error
+
+	// Returns an interface with methods to get sandbox state.
+	Info() Info
+
+	// Destroy the sandbox
+	Destroy() error
+
+	// restore sandbox
+	Restore(ifsopt map[string][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error
+
+	// ApplyOSTweaks applies operating system specific knobs on the sandbox
+	ApplyOSTweaks([]SandboxType)
+}
+
+// NeighborOptionSetter interface defines the option setter methods for interface options
+type NeighborOptionSetter interface {
+	// LinkName returns an option setter to set the srcName of the link that should
+	// be used in the neighbor entry
+	LinkName(string) NeighOption
+
+	// Family returns an option setter to set the address family for the neighbor
+	// entry. eg. AF_BRIDGE
+	Family(int) NeighOption
+}
+
+// IfaceOptionSetter interface defines the option setter methods for interface options.
+type IfaceOptionSetter interface {
+	// Bridge returns an option setter to set if the interface is a bridge.
+	Bridge(bool) IfaceOption
+
+	// MacAddress returns an option setter to set the MAC address.
+	MacAddress(net.HardwareAddr) IfaceOption
+
+	// Address returns an option setter to set IPv4 address.
+	Address(*net.IPNet) IfaceOption
+
+	// Address returns an option setter to set IPv6 address.
+	AddressIPv6(*net.IPNet) IfaceOption
+
+	// LinkLocalAddresses returns an option setter to set the link-local IP addresses.
+	LinkLocalAddresses([]*net.IPNet) IfaceOption
+
+	// Master returns an option setter to set the master interface if any for this
+	// interface. The master interface name should refer to the srcname of a
+	// previously added interface of type bridge.
+	Master(string) IfaceOption
+
+	// Address returns an option setter to set interface routes.
+	Routes([]*net.IPNet) IfaceOption
+}
+
+// Info represents all possible information that
+// the driver wants to place in the sandbox which includes
+// interfaces, routes and gateway
+type Info interface {
+	// The collection of Interface previously added with the AddInterface
+	// method. Note that this doesn't include network interfaces added in any
+	// other way (such as the default loopback interface which is automatically
+	// created on creation of a sandbox).
+	Interfaces() []Interface
+
+	// IPv4 gateway for the sandbox.
+	Gateway() net.IP
+
+	// IPv6 gateway for the sandbox.
+	GatewayIPv6() net.IP
+
+	// Additional static routes for the sandbox.  (Note that directly
+	// connected routes are stored on the particular interface they refer to.)
+	StaticRoutes() []*types.StaticRoute
+
+	// TODO: Add ip tables etc.
+}
+
+// Interface represents the settings and identity of a network device. It is
+// used as a return type for Network.Link, and it is common practice for the
+// caller to use this information when moving interface SrcName from host
+// namespace to DstName in a different net namespace with the appropriate
+// network settings.
+type Interface interface {
+	// The name of the interface in the origin network namespace.
+	SrcName() string
+
+	// The name that will be assigned to the interface once moves inside a
+	// network namespace. When the caller passes in a DstName, it is only
+	// expected to pass a prefix. The name will modified with an appropriately
+	// auto-generated suffix.
+	DstName() string
+
+	// IPv4 address for the interface.
+	Address() *net.IPNet
+
+	// IPv6 address for the interface.
+	AddressIPv6() *net.IPNet
+
+	// LinkLocalAddresses returns the link-local IP addresses assigned to the interface.
+	LinkLocalAddresses() []*net.IPNet
+
+	// IP routes for the interface.
+	Routes() []*net.IPNet
+
+	// Bridge returns true if the interface is a bridge
+	Bridge() bool
+
+	// Master returns the srcname of the master interface for this interface.
+	Master() string
+
+	// Remove an interface from the sandbox by renaming to original name
+	// and moving it out of the sandbox.
+	Remove() error
+
+	// Statistics returns the statistics for this interface
+	Statistics() (*types.InterfaceStatistics, error)
+}
diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go b/libnetwork/osl/sandbox_freebsd.go
similarity index 84%
rename from vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go
rename to libnetwork/osl/sandbox_freebsd.go
index e5bc6278ee90c..c09b388a07d9e 100644
--- a/vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go
+++ b/libnetwork/osl/sandbox_freebsd.go
@@ -1,7 +1,5 @@
 package osl
 
-import "testing"
-
 // GenerateKey generates a sandbox key based on the passed
 // container id.
 func GenerateKey(containerID string) string {
@@ -34,11 +32,6 @@ func InitOSContext() func() {
 	return func() {}
 }
 
-// SetupTestOSContext sets up a separate test  OS context in which tests will be executed.
-func SetupTestOSContext(t *testing.T) func() {
-	return func() {}
-}
-
 // SetBasePath sets the base url prefix for the ns path
 func SetBasePath(path string) {
 }
diff --git a/libnetwork/osl/sandbox_linux_test.go b/libnetwork/osl/sandbox_linux_test.go
new file mode 100644
index 0000000000000..ed800828a7eb3
--- /dev/null
+++ b/libnetwork/osl/sandbox_linux_test.go
@@ -0,0 +1,583 @@
+package osl
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"io"
+	"net"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"syscall"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/libnetwork/ns"
+	"github.com/docker/docker/libnetwork/testutils"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/vishvananda/netlink"
+	"github.com/vishvananda/netlink/nl"
+	"github.com/vishvananda/netns"
+)
+
+const (
+	vethName1     = "wierdlongname1"
+	vethName2     = "wierdlongname2"
+	vethName3     = "wierdlongname3"
+	vethName4     = "wierdlongname4"
+	sboxIfaceName = "containername"
+)
+
+func generateRandomName(prefix string, size int) (string, error) {
+	id := make([]byte, 32)
+	if _, err := io.ReadFull(rand.Reader, id); err != nil {
+		return "", err
+	}
+	return prefix + hex.EncodeToString(id)[:size], nil
+}
+
+func newKey(t *testing.T) (string, error) {
+	name, err := generateRandomName("netns", 12)
+	if err != nil {
+		return "", err
+	}
+
+	name = filepath.Join("/tmp", name)
+	if _, err := os.Create(name); err != nil {
+		return "", err
+	}
+
+	// Set the rpmCleanupPeriod to be low to make the test run quicker
+	gpmLock.Lock()
+	gpmCleanupPeriod = 2 * time.Second
+	gpmLock.Unlock()
+
+	return name, nil
+}
+
+func newInfo(hnd *netlink.Handle, t *testing.T) (Sandbox, error) {
+	veth := &netlink.Veth{
+		LinkAttrs: netlink.LinkAttrs{Name: vethName1, TxQLen: 0},
+		PeerName:  vethName2}
+	if err := hnd.LinkAdd(veth); err != nil {
+		return nil, err
+	}
+
+	// Store the sandbox side pipe interface
+	// This is needed for cleanup on DeleteEndpoint()
+	intf1 := &nwIface{}
+	intf1.srcName = vethName2
+	intf1.dstName = sboxIfaceName
+
+	ip4, addr, err := net.ParseCIDR("192.168.1.100/24")
+	if err != nil {
+		return nil, err
+	}
+	intf1.address = addr
+	intf1.address.IP = ip4
+
+	ip6, addrv6, err := net.ParseCIDR("fe80::2/64")
+	if err != nil {
+		return nil, err
+	}
+	intf1.addressIPv6 = addrv6
+	intf1.addressIPv6.IP = ip6
+
+	_, route, err := net.ParseCIDR("192.168.2.1/32")
+	if err != nil {
+		return nil, err
+	}
+
+	intf1.routes = []*net.IPNet{route}
+
+	intf2 := &nwIface{}
+	intf2.srcName = "testbridge"
+	intf2.dstName = sboxIfaceName
+	intf2.bridge = true
+
+	veth = &netlink.Veth{
+		LinkAttrs: netlink.LinkAttrs{Name: vethName3, TxQLen: 0},
+		PeerName:  vethName4}
+
+	if err := hnd.LinkAdd(veth); err != nil {
+		return nil, err
+	}
+
+	intf3 := &nwIface{}
+	intf3.srcName = vethName4
+	intf3.dstName = sboxIfaceName
+	intf3.master = "testbridge"
+
+	info := &networkNamespace{iFaces: []*nwIface{intf1, intf2, intf3}}
+
+	info.gw = net.ParseIP("192.168.1.1")
+	info.gwv6 = net.ParseIP("fe80::1")
+
+	return info, nil
+}
+
+func verifySandbox(t *testing.T, s Sandbox, ifaceSuffixes []string) {
+	_, ok := s.(*networkNamespace)
+	if !ok {
+		t.Fatalf("The sandbox interface returned is not of type networkNamespace")
+	}
+
+	sbNs, err := netns.GetFromPath(s.Key())
+	if err != nil {
+		t.Fatalf("Failed top open network namespace path %q: %v", s.Key(), err)
+	}
+	defer sbNs.Close()
+
+	nh, err := netlink.NewHandleAt(sbNs)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nh.Delete()
+
+	for _, suffix := range ifaceSuffixes {
+		_, err = nh.LinkByName(sboxIfaceName + suffix)
+		if err != nil {
+			t.Fatalf("Could not find the interface %s inside the sandbox: %v",
+				sboxIfaceName+suffix, err)
+		}
+	}
+}
+
+func verifyCleanup(t *testing.T, s Sandbox, wait bool) {
+	if wait {
+		time.Sleep(gpmCleanupPeriod * 2)
+	}
+
+	if _, err := os.Stat(s.Key()); err == nil {
+		if wait {
+			t.Fatalf("The sandbox path %s is not getting cleaned up even after twice the cleanup period", s.Key())
+		} else {
+			t.Fatalf("The sandbox path %s is not cleaned up after running gc", s.Key())
+		}
+	}
+}
+
+func TestScanStatistics(t *testing.T) {
+	data :=
+		"Inter-|   Receive                                                |  Transmit\n" +
+			"	face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed\n" +
+			"  eth0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0\n" +
+			" wlan0: 7787685   11141    0    0    0     0          0         0  1681390    7220    0    0    0     0       0          0\n" +
+			"    lo:  783782    1853    0    0    0     0          0         0   783782    1853    0    0    0     0       0          0\n" +
+			"lxcbr0:       0       0    0    0    0     0          0         0     9006      61    0    0    0     0       0          0\n"
+
+	i := &types.InterfaceStatistics{}
+
+	if err := scanInterfaceStats(data, "wlan0", i); err != nil {
+		t.Fatal(err)
+	}
+	if i.TxBytes != 1681390 || i.TxPackets != 7220 || i.RxBytes != 7787685 || i.RxPackets != 11141 {
+		t.Fatalf("Error scanning the statistics")
+	}
+
+	if err := scanInterfaceStats(data, "lxcbr0", i); err != nil {
+		t.Fatal(err)
+	}
+	if i.TxBytes != 9006 || i.TxPackets != 61 || i.RxBytes != 0 || i.RxPackets != 0 {
+		t.Fatalf("Error scanning the statistics")
+	}
+}
+
+func TestDisableIPv6DAD(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	key, err := newKey(t)
+	if err != nil {
+		t.Fatalf("Failed to obtain a key: %v", err)
+	}
+
+	s, err := NewSandbox(key, true, false)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+	runtime.LockOSThread()
+	defer destroyTest(t, s)
+
+	n, ok := s.(*networkNamespace)
+	if !ok {
+		t.Fatal(ok)
+	}
+	nlh := n.nlHandle
+
+	ipv6, _ := types.ParseCIDR("2001:db8::44/64")
+	iface := &nwIface{addressIPv6: ipv6, ns: n, dstName: "sideA"}
+
+	veth := &netlink.Veth{
+		LinkAttrs: netlink.LinkAttrs{Name: "sideA"},
+		PeerName:  "sideB",
+	}
+
+	err = nlh.LinkAdd(veth)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	link, err := nlh.LinkByName("sideA")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = setInterfaceIPv6(nlh, link, iface)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	addrList, err := nlh.AddrList(link, nl.FAMILY_V6)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if addrList[0].Flags&syscall.IFA_F_NODAD == 0 {
+		t.Fatalf("Unexpected interface flags: 0x%x. Expected to contain 0x%x", addrList[0].Flags, syscall.IFA_F_NODAD)
+	}
+}
+
+func destroyTest(t *testing.T, s Sandbox) {
+	if err := s.Destroy(); err != nil {
+		t.Log(err)
+	}
+}
+
+func TestSetInterfaceIP(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	key, err := newKey(t)
+	if err != nil {
+		t.Fatalf("Failed to obtain a key: %v", err)
+	}
+
+	s, err := NewSandbox(key, true, false)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+	runtime.LockOSThread()
+	defer destroyTest(t, s)
+
+	n, ok := s.(*networkNamespace)
+	if !ok {
+		t.Fatal(ok)
+	}
+	nlh := n.nlHandle
+
+	ipv4, _ := types.ParseCIDR("172.30.0.33/24")
+	ipv6, _ := types.ParseCIDR("2001:db8::44/64")
+	iface := &nwIface{address: ipv4, addressIPv6: ipv6, ns: n, dstName: "sideA"}
+
+	if err := nlh.LinkAdd(&netlink.Veth{
+		LinkAttrs: netlink.LinkAttrs{Name: "sideA"},
+		PeerName:  "sideB",
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	linkA, err := nlh.LinkByName("sideA")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	linkB, err := nlh.LinkByName("sideB")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := nlh.LinkSetUp(linkA); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := nlh.LinkSetUp(linkB); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := setInterfaceIP(nlh, linkA, iface); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := setInterfaceIPv6(nlh, linkA, iface); err != nil {
+		t.Fatal(err)
+	}
+
+	err = setInterfaceIP(nlh, linkB, iface)
+	if err == nil {
+		t.Fatalf("Expected route conflict error, but succeeded")
+	}
+	if !strings.Contains(err.Error(), "conflicts with existing route") {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+
+	err = setInterfaceIPv6(nlh, linkB, iface)
+	if err == nil {
+		t.Fatalf("Expected route conflict error, but succeeded")
+	}
+	if !strings.Contains(err.Error(), "conflicts with existing route") {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+}
+
+func TestLiveRestore(t *testing.T) {
+
+	defer testutils.SetupTestOSContext(t)()
+
+	key, err := newKey(t)
+	if err != nil {
+		t.Fatalf("Failed to obtain a key: %v", err)
+	}
+
+	s, err := NewSandbox(key, true, false)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+	runtime.LockOSThread()
+	defer destroyTest(t, s)
+
+	n, ok := s.(*networkNamespace)
+	if !ok {
+		t.Fatal(ok)
+	}
+	nlh := n.nlHandle
+
+	ipv4, _ := types.ParseCIDR("172.30.0.33/24")
+	ipv6, _ := types.ParseCIDR("2001:db8::44/64")
+	iface := &nwIface{address: ipv4, addressIPv6: ipv6, ns: n, dstName: "sideA"}
+
+	if err := nlh.LinkAdd(&netlink.Veth{
+		LinkAttrs: netlink.LinkAttrs{Name: "sideA"},
+		PeerName:  "sideB",
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	linkA, err := nlh.LinkByName("sideA")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	linkB, err := nlh.LinkByName("sideB")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := nlh.LinkSetUp(linkA); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := nlh.LinkSetUp(linkB); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := setInterfaceIP(nlh, linkA, iface); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := setInterfaceIPv6(nlh, linkA, iface); err != nil {
+		t.Fatal(err)
+	}
+
+	err = setInterfaceIP(nlh, linkB, iface)
+	if err == nil {
+		t.Fatalf("Expected route conflict error, but succeeded")
+	}
+	if !strings.Contains(err.Error(), "conflicts with existing route") {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+
+	err = setInterfaceIPv6(nlh, linkB, iface)
+	if err == nil {
+		t.Fatalf("Expected route conflict error, but succeeded")
+	}
+	if !strings.Contains(err.Error(), "conflicts with existing route") {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+
+	// Create newsandbox with Restore - TRUE
+	s, err = NewSandbox(key, true, true)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+	defer destroyTest(t, s)
+
+	// Check if the IPV4 & IPV6 entry present
+	// If present , we should get error in below call
+	// It shows us , we don't delete any config in live-restore case
+	if err := setInterfaceIPv6(nlh, linkA, iface); err == nil {
+		t.Fatalf("Expected route conflict error, but succeeded for IPV6 ")
+	}
+	if err := setInterfaceIP(nlh, linkA, iface); err == nil {
+		t.Fatalf("Expected route conflict error, but succeeded for IPV4 ")
+	}
+}
+
+func TestMain(m *testing.M) {
+	if reexec.Init() {
+		return
+	}
+	os.Exit(m.Run())
+}
+
+func TestSandboxCreate(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	key, err := newKey(t)
+	if err != nil {
+		t.Fatalf("Failed to obtain a key: %v", err)
+	}
+
+	s, err := NewSandbox(key, true, false)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+
+	if s.Key() != key {
+		t.Fatalf("s.Key() returned %s. Expected %s", s.Key(), key)
+	}
+
+	tbox, err := newInfo(ns.NlHandle(), t)
+	if err != nil {
+		t.Fatalf("Failed to generate new sandbox info: %v", err)
+	}
+
+	for _, i := range tbox.Info().Interfaces() {
+		err = s.AddInterface(i.SrcName(), i.DstName(),
+			tbox.InterfaceOptions().Bridge(i.Bridge()),
+			tbox.InterfaceOptions().Address(i.Address()),
+			tbox.InterfaceOptions().AddressIPv6(i.AddressIPv6()))
+		if err != nil {
+			t.Fatalf("Failed to add interfaces to sandbox: %v", err)
+		}
+	}
+
+	err = s.SetGateway(tbox.Info().Gateway())
+	if err != nil {
+		t.Fatalf("Failed to set gateway to sandbox: %v", err)
+	}
+
+	err = s.SetGatewayIPv6(tbox.Info().GatewayIPv6())
+	if err != nil {
+		t.Fatalf("Failed to set ipv6 gateway to sandbox: %v", err)
+	}
+
+	verifySandbox(t, s, []string{"0", "1", "2"})
+
+	err = s.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+	verifyCleanup(t, s, true)
+}
+
+func TestSandboxCreateTwice(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	key, err := newKey(t)
+	if err != nil {
+		t.Fatalf("Failed to obtain a key: %v", err)
+	}
+
+	_, err = NewSandbox(key, true, false)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+	runtime.LockOSThread()
+
+	// Create another sandbox with the same key to see if we handle it
+	// gracefully.
+	s, err := NewSandbox(key, true, false)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+	runtime.LockOSThread()
+
+	err = s.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+	GC()
+	verifyCleanup(t, s, false)
+}
+
+func TestSandboxGC(t *testing.T) {
+	key, err := newKey(t)
+	if err != nil {
+		t.Fatalf("Failed to obtain a key: %v", err)
+	}
+
+	s, err := NewSandbox(key, true, false)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+
+	err = s.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	GC()
+	verifyCleanup(t, s, false)
+}
+
+func TestAddRemoveInterface(t *testing.T) {
+	defer testutils.SetupTestOSContext(t)()
+
+	key, err := newKey(t)
+	if err != nil {
+		t.Fatalf("Failed to obtain a key: %v", err)
+	}
+
+	s, err := NewSandbox(key, true, false)
+	if err != nil {
+		t.Fatalf("Failed to create a new sandbox: %v", err)
+	}
+	runtime.LockOSThread()
+
+	if s.Key() != key {
+		t.Fatalf("s.Key() returned %s. Expected %s", s.Key(), key)
+	}
+
+	tbox, err := newInfo(ns.NlHandle(), t)
+	if err != nil {
+		t.Fatalf("Failed to generate new sandbox info: %v", err)
+	}
+
+	for _, i := range tbox.Info().Interfaces() {
+		err = s.AddInterface(i.SrcName(), i.DstName(),
+			tbox.InterfaceOptions().Bridge(i.Bridge()),
+			tbox.InterfaceOptions().Address(i.Address()),
+			tbox.InterfaceOptions().AddressIPv6(i.AddressIPv6()))
+		if err != nil {
+			t.Fatalf("Failed to add interfaces to sandbox: %v", err)
+		}
+	}
+
+	verifySandbox(t, s, []string{"0", "1", "2"})
+
+	interfaces := s.Info().Interfaces()
+	if err := interfaces[0].Remove(); err != nil {
+		t.Fatalf("Failed to remove interfaces from sandbox: %v", err)
+	}
+
+	verifySandbox(t, s, []string{"1", "2"})
+
+	i := tbox.Info().Interfaces()[0]
+	if err := s.AddInterface(i.SrcName(), i.DstName(),
+		tbox.InterfaceOptions().Bridge(i.Bridge()),
+		tbox.InterfaceOptions().Address(i.Address()),
+		tbox.InterfaceOptions().AddressIPv6(i.AddressIPv6())); err != nil {
+		t.Fatalf("Failed to add interfaces to sandbox: %v", err)
+	}
+
+	verifySandbox(t, s, []string{"1", "2", "3"})
+
+	err = s.Destroy()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	GC()
+	verifyCleanup(t, s, false)
+}
diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go b/libnetwork/osl/sandbox_unsupported.go
similarity index 93%
rename from vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go
rename to libnetwork/osl/sandbox_unsupported.go
index 51a656c806fdd..8e811a4617dbc 100644
--- a/vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go
+++ b/libnetwork/osl/sandbox_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows && !freebsd
 // +build !linux,!windows,!freebsd
 
 package osl
diff --git a/libnetwork/osl/sandbox_unsupported_test.go b/libnetwork/osl/sandbox_unsupported_test.go
new file mode 100644
index 0000000000000..32b4657f2b529
--- /dev/null
+++ b/libnetwork/osl/sandbox_unsupported_test.go
@@ -0,0 +1,19 @@
+//go:build !linux
+// +build !linux
+
+package osl
+
+import (
+	"errors"
+	"testing"
+)
+
+var ErrNotImplemented = errors.New("not implemented")
+
+func newKey(t *testing.T) (string, error) {
+	return "", ErrNotImplemented
+}
+
+func verifySandbox(t *testing.T, s Sandbox) {
+	return
+}
diff --git a/vendor/github.com/docker/libnetwork/portallocator/portallocator.go b/libnetwork/portallocator/portallocator.go
similarity index 77%
rename from vendor/github.com/docker/libnetwork/portallocator/portallocator.go
rename to libnetwork/portallocator/portallocator.go
index 191b478ccd40f..1dc935cbd744d 100644
--- a/vendor/github.com/docker/libnetwork/portallocator/portallocator.go
+++ b/libnetwork/portallocator/portallocator.go
@@ -1,5 +1,3 @@
-// +build !windows
-
 package portallocator
 
 import (
@@ -7,15 +5,26 @@ import (
 	"fmt"
 	"net"
 	"sync"
-)
 
-const (
-	// DefaultPortRangeStart indicates the first port in port range
-	DefaultPortRangeStart = 49153
-	// DefaultPortRangeEnd indicates the last port in port range
-	DefaultPortRangeEnd = 65535
+	"github.com/sirupsen/logrus"
 )
 
+func sanitizePortRange(start int, end int) (newStart, newEnd int, err error) {
+	if start > defaultPortRangeEnd || end < defaultPortRangeStart || start > end {
+		return 0, 0, fmt.Errorf("Request out allowed range [%v, %v]",
+			defaultPortRangeStart, defaultPortRangeEnd)
+	}
+	err = nil
+	newStart, newEnd = start, end
+	if start < defaultPortRangeStart {
+		newStart = defaultPortRangeStart
+	}
+	if end > defaultPortRangeEnd {
+		newEnd = defaultPortRangeEnd
+	}
+	return
+}
+
 type ipMapping map[string]protoMap
 
 var (
@@ -26,7 +35,6 @@ var (
 	defaultIP          = net.ParseIP("0.0.0.0")
 	once               sync.Once
 	instance           *PortAllocator
-	createInstance     = func() { instance = newInstance() }
 )
 
 // ErrPortAlreadyAllocated is the returned error information when a requested port is already being used
@@ -90,15 +98,26 @@ func Get() *PortAllocator {
 	// the OS so that it can have up to date view of the OS port allocation.
 	// When this happens singleton behavior will be removed. Clients do not
 	// need to worry about this, they will not see a change in behavior.
-	once.Do(createInstance)
+	once.Do(func() {
+		instance = newInstance()
+	})
 	return instance
 }
 
-func newInstance() *PortAllocator {
+func getDefaultPortRange() (int, int) {
 	start, end, err := getDynamicPortRange()
+	if err == nil {
+		start, end, err = sanitizePortRange(start, end)
+	}
 	if err != nil {
-		start, end = DefaultPortRangeStart, DefaultPortRangeEnd
+		logrus.WithError(err).Infof("falling back to default port range %d-%d", defaultPortRangeStart, defaultPortRangeEnd)
+		start, end = defaultPortRangeStart, defaultPortRangeEnd
 	}
+	return start, end
+}
+
+func newInstance() *PortAllocator {
+	start, end := getDefaultPortRange()
 	return &PortAllocator{
 		ipMap: ipMapping{},
 		Begin: start,
@@ -172,6 +191,30 @@ func (p *PortAllocator) ReleasePort(ip net.IP, proto string, port int) error {
 	return nil
 }
 
+// SetPortRange sets dynamic port allocation range.
+// if both portBegin and portEnd are 0, the port range reverts to default
+// value. Otherwise they are sanitized against the default values to
+// ensure their validity.
+func (p *PortAllocator) SetPortRange(portBegin, portEnd int) error {
+	// if begin and end is zero, revert to default values
+	var begin, end int
+	var err error
+	if portBegin == 0 && portEnd == 0 {
+		begin, end = getDefaultPortRange()
+	} else if begin, end, err = sanitizePortRange(portBegin, portEnd); err != nil {
+		return err
+	}
+	logrus.Debugf("Setting up port allocator to range %v-%v, current %v-%v", begin, end, p.Begin, p.End)
+	p.mutex.Lock()
+	defer p.mutex.Unlock()
+	if p.Begin == begin && p.End == end {
+		return nil
+	}
+	p.ipMap = ipMapping{}
+	p.Begin, p.End = begin, end
+	return nil
+}
+
 func (p *PortAllocator) newPortMap() *portMap {
 	defaultKey := getRangeKey(p.Begin, p.End)
 	pm := &portMap{
diff --git a/libnetwork/portallocator/portallocator_freebsd.go b/libnetwork/portallocator/portallocator_freebsd.go
new file mode 100644
index 0000000000000..c23912b6fc5f0
--- /dev/null
+++ b/libnetwork/portallocator/portallocator_freebsd.go
@@ -0,0 +1,41 @@
+package portallocator
+
+import (
+	"bytes"
+	"fmt"
+	"os/exec"
+)
+
+func getDynamicPortRange() (start int, end int, err error) {
+	portRangeKernelSysctl := []string{"net.inet.ip.portrange.hifirst", "net.ip.portrange.hilast"}
+	portRangeLowCmd := exec.Command("/sbin/sysctl", portRangeKernelSysctl[0])
+	var portRangeLowOut bytes.Buffer
+	portRangeLowCmd.Stdout = &portRangeLowOut
+	cmdErr := portRangeLowCmd.Run()
+	if cmdErr != nil {
+		return 0, 0, fmt.Errorf("port allocator - sysctl net.inet.ip.portrange.hifirst failed: %v", err)
+	}
+	n, err := fmt.Sscanf(portRangeLowOut.String(), "%d", &start)
+	if n != 1 || err != nil {
+		if err == nil {
+			err = fmt.Errorf("unexpected count of parsed numbers (%d)", n)
+		}
+		return 0, 0, fmt.Errorf("port allocator - failed to parse system ephemeral port range start from %s: %v", portRangeLowOut.String(), err)
+	}
+
+	portRangeHighCmd := exec.Command("/sbin/sysctl", portRangeKernelSysctl[1])
+	var portRangeHighOut bytes.Buffer
+	portRangeHighCmd.Stdout = &portRangeHighOut
+	cmdErr = portRangeHighCmd.Run()
+	if cmdErr != nil {
+		return 0, 0, fmt.Errorf("port allocator - sysctl net.inet.ip.portrange.hilast failed: %v", err)
+	}
+	n, err = fmt.Sscanf(portRangeHighOut.String(), "%d", &end)
+	if n != 1 || err != nil {
+		if err == nil {
+			err = fmt.Errorf("unexpected count of parsed numbers (%d)", n)
+		}
+		return 0, 0, fmt.Errorf("port allocator - failed to parse system ephemeral port range end from %s: %v", portRangeHighOut.String(), err)
+	}
+	return start, end, nil
+}
diff --git a/libnetwork/portallocator/portallocator_linux.go b/libnetwork/portallocator/portallocator_linux.go
new file mode 100644
index 0000000000000..ea991fad98cb2
--- /dev/null
+++ b/libnetwork/portallocator/portallocator_linux.go
@@ -0,0 +1,25 @@
+package portallocator
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+)
+
+func getDynamicPortRange() (start int, end int, err error) {
+	const portRangeKernelParam = "/proc/sys/net/ipv4/ip_local_port_range"
+	file, err := os.Open(portRangeKernelParam)
+	if err != nil {
+		return 0, 0, err
+	}
+	defer file.Close()
+
+	n, err := fmt.Fscanf(bufio.NewReader(file), "%d\t%d", &start, &end)
+	if n != 2 || err != nil {
+		if err == nil {
+			err = fmt.Errorf("unexpected count of parsed numbers (%d)", n)
+		}
+		return 0, 0, fmt.Errorf("port allocator - failed to parse system ephemeral port range from %s: %v", portRangeKernelParam, err)
+	}
+	return start, end, nil
+}
diff --git a/libnetwork/portallocator/portallocator_test.go b/libnetwork/portallocator/portallocator_test.go
new file mode 100644
index 0000000000000..8a34c3cbbbd48
--- /dev/null
+++ b/libnetwork/portallocator/portallocator_test.go
@@ -0,0 +1,368 @@
+package portallocator
+
+import (
+	"fmt"
+	"net"
+	"testing"
+)
+
+func resetPortAllocator() {
+	instance = newInstance()
+}
+
+func TestRequestNewPort(t *testing.T) {
+	p := Get()
+	defer resetPortAllocator()
+
+	port, err := p.RequestPort(defaultIP, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := p.Begin; port != expected {
+		t.Fatalf("Expected port %d got %d", expected, port)
+	}
+}
+
+func TestRequestSpecificPort(t *testing.T) {
+	p := Get()
+	defer resetPortAllocator()
+
+	port, err := p.RequestPort(defaultIP, "tcp", 5000)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if port != 5000 {
+		t.Fatalf("Expected port 5000 got %d", port)
+	}
+}
+
+func TestReleasePort(t *testing.T) {
+	p := Get()
+
+	port, err := p.RequestPort(defaultIP, "tcp", 5000)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port != 5000 {
+		t.Fatalf("Expected port 5000 got %d", port)
+	}
+
+	if err := p.ReleasePort(defaultIP, "tcp", 5000); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestReuseReleasedPort(t *testing.T) {
+	p := Get()
+	defer resetPortAllocator()
+
+	port, err := p.RequestPort(defaultIP, "tcp", 5000)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port != 5000 {
+		t.Fatalf("Expected port 5000 got %d", port)
+	}
+
+	if err := p.ReleasePort(defaultIP, "tcp", 5000); err != nil {
+		t.Fatal(err)
+	}
+
+	port, err = p.RequestPort(defaultIP, "tcp", 5000)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port != 5000 {
+		t.Fatalf("Expected port 5000 got %d", port)
+	}
+}
+
+func TestReleaseUnreadledPort(t *testing.T) {
+	p := Get()
+	defer resetPortAllocator()
+
+	port, err := p.RequestPort(defaultIP, "tcp", 5000)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port != 5000 {
+		t.Fatalf("Expected port 5000 got %d", port)
+	}
+
+	_, err = p.RequestPort(defaultIP, "tcp", 5000)
+
+	switch err.(type) {
+	case ErrPortAlreadyAllocated:
+	default:
+		t.Fatalf("Expected port allocation error got %s", err)
+	}
+}
+
+func TestUnknowProtocol(t *testing.T) {
+	if _, err := Get().RequestPort(defaultIP, "tcpp", 0); err != ErrUnknownProtocol {
+		t.Fatalf("Expected error %s got %s", ErrUnknownProtocol, err)
+	}
+}
+
+func TestAllocateAllPorts(t *testing.T) {
+	p := Get()
+	defer resetPortAllocator()
+
+	for i := 0; i <= p.End-p.Begin; i++ {
+		port, err := p.RequestPort(defaultIP, "tcp", 0)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if expected := p.Begin + i; port != expected {
+			t.Fatalf("Expected port %d got %d", expected, port)
+		}
+	}
+
+	if _, err := p.RequestPort(defaultIP, "tcp", 0); err != ErrAllPortsAllocated {
+		t.Fatalf("Expected error %s got %s", ErrAllPortsAllocated, err)
+	}
+
+	_, err := p.RequestPort(defaultIP, "udp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// release a port in the middle and ensure we get another tcp port
+	port := p.Begin + 5
+	if err := p.ReleasePort(defaultIP, "tcp", port); err != nil {
+		t.Fatal(err)
+	}
+	newPort, err := p.RequestPort(defaultIP, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if newPort != port {
+		t.Fatalf("Expected port %d got %d", port, newPort)
+	}
+
+	// now pm.last == newPort, release it so that it's the only free port of
+	// the range, and ensure we get it back
+	if err := p.ReleasePort(defaultIP, "tcp", newPort); err != nil {
+		t.Fatal(err)
+	}
+	port, err = p.RequestPort(defaultIP, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if newPort != port {
+		t.Fatalf("Expected port %d got %d", newPort, port)
+	}
+}
+
+func BenchmarkAllocatePorts(b *testing.B) {
+	p := Get()
+	defer resetPortAllocator()
+
+	for i := 0; i < b.N; i++ {
+		for i := 0; i <= p.End-p.Begin; i++ {
+			port, err := p.RequestPort(defaultIP, "tcp", 0)
+			if err != nil {
+				b.Fatal(err)
+			}
+
+			if expected := p.Begin + i; port != expected {
+				b.Fatalf("Expected port %d got %d", expected, port)
+			}
+		}
+		if err := p.ReleaseAll(); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func TestPortAllocation(t *testing.T) {
+	p := Get()
+	defer resetPortAllocator()
+
+	ip := net.ParseIP("192.168.0.1")
+	ip2 := net.ParseIP("192.168.0.2")
+	if port, err := p.RequestPort(ip, "tcp", 80); err != nil {
+		t.Fatal(err)
+	} else if port != 80 {
+		t.Fatalf("Acquire(80) should return 80, not %d", port)
+	}
+	port, err := p.RequestPort(ip, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port <= 0 {
+		t.Fatalf("Acquire(0) should return a non-zero port")
+	}
+
+	if _, err := p.RequestPort(ip, "tcp", port); err == nil {
+		t.Fatalf("Acquiring a port already in use should return an error")
+	}
+
+	if newPort, err := p.RequestPort(ip, "tcp", 0); err != nil {
+		t.Fatal(err)
+	} else if newPort == port {
+		t.Fatalf("Acquire(0) allocated the same port twice: %d", port)
+	}
+
+	if _, err := p.RequestPort(ip, "tcp", 80); err == nil {
+		t.Fatalf("Acquiring a port already in use should return an error")
+	}
+	if _, err := p.RequestPort(ip2, "tcp", 80); err != nil {
+		t.Fatalf("It should be possible to allocate the same port on a different interface")
+	}
+	if _, err := p.RequestPort(ip2, "tcp", 80); err == nil {
+		t.Fatalf("Acquiring a port already in use should return an error")
+	}
+	if err := p.ReleasePort(ip, "tcp", 80); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := p.RequestPort(ip, "tcp", 80); err != nil {
+		t.Fatal(err)
+	}
+
+	port, err = p.RequestPort(ip, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	port2, err := p.RequestPort(ip, "tcp", port+1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	port3, err := p.RequestPort(ip, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port3 == port2 {
+		t.Fatal("Requesting a dynamic port should never allocate a used port")
+	}
+}
+
+func TestPortAllocationWithCustomRange(t *testing.T) {
+	p := Get()
+	defer resetPortAllocator()
+
+	start, end := 8081, 8082
+	specificPort := 8000
+
+	//get an ephemeral port.
+	port1, err := p.RequestPortInRange(defaultIP, "tcp", 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	//request invalid ranges
+	if _, err := p.RequestPortInRange(defaultIP, "tcp", 0, end); err == nil {
+		t.Fatalf("Expected error for invalid range %d-%d", 0, end)
+	}
+	if _, err := p.RequestPortInRange(defaultIP, "tcp", start, 0); err == nil {
+		t.Fatalf("Expected error for invalid range %d-%d", 0, end)
+	}
+	if _, err := p.RequestPortInRange(defaultIP, "tcp", 8081, 8080); err == nil {
+		t.Fatalf("Expected error for invalid range %d-%d", 0, end)
+	}
+
+	//request a single port
+	port, err := p.RequestPortInRange(defaultIP, "tcp", specificPort, specificPort)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port != specificPort {
+		t.Fatalf("Expected port %d, got %d", specificPort, port)
+	}
+
+	//get a port from the range
+	port2, err := p.RequestPortInRange(defaultIP, "tcp", start, end)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port2 < start || port2 > end {
+		t.Fatalf("Expected a port between %d and %d, got %d", start, end, port2)
+	}
+	//get another ephemeral port (should be > port1)
+	port3, err := p.RequestPortInRange(defaultIP, "tcp", 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port3 < port1 {
+		t.Fatalf("Expected new port > %d in the ephemeral range, got %d", port1, port3)
+	}
+	//get another (and in this case the only other) port from the range
+	port4, err := p.RequestPortInRange(defaultIP, "tcp", start, end)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if port4 < start || port4 > end {
+		t.Fatalf("Expected a port between %d and %d, got %d", start, end, port4)
+	}
+	if port4 == port2 {
+		t.Fatal("Allocated the same port from a custom range")
+	}
+	//request 3rd port from the range of 2
+	if _, err := p.RequestPortInRange(defaultIP, "tcp", start, end); err != ErrAllPortsAllocated {
+		t.Fatalf("Expected error %s got %s", ErrAllPortsAllocated, err)
+	}
+}
+
+func TestNoDuplicateBPR(t *testing.T) {
+	p := Get()
+	defer resetPortAllocator()
+
+	if port, err := p.RequestPort(defaultIP, "tcp", p.Begin); err != nil {
+		t.Fatal(err)
+	} else if port != p.Begin {
+		t.Fatalf("Expected port %d got %d", p.Begin, port)
+	}
+
+	if port, err := p.RequestPort(defaultIP, "tcp", 0); err != nil {
+		t.Fatal(err)
+	} else if port == p.Begin {
+		t.Fatalf("Acquire(0) allocated the same port twice: %d", port)
+	}
+}
+
+func TestChangePortRange(t *testing.T) {
+	var tests = []struct {
+		begin  int
+		end    int
+		setErr error
+		reqRlt int
+	}{
+		{defaultPortRangeEnd + 1, defaultPortRangeEnd + 10, fmt.Errorf("begin out of range"), 0},
+		{defaultPortRangeStart - 10, defaultPortRangeStart - 1, fmt.Errorf("end out of range"), 0},
+		{defaultPortRangeEnd, defaultPortRangeStart, fmt.Errorf("out of order"), 0},
+		{defaultPortRangeStart + 100, defaultPortRangeEnd + 10, nil, defaultPortRangeStart + 100},
+		{0, 0, nil, defaultPortRangeStart}, // revert to default if no value given
+		{defaultPortRangeStart - 100, defaultPortRangeEnd, nil, defaultPortRangeStart + 1},
+	}
+	p := Get()
+	port := 0
+	for _, c := range tests {
+		t.Logf("test: port allocate range %v-%v, setErr=%v, reqPort=%v",
+			c.begin, c.end, c.setErr, c.reqRlt)
+		err := p.SetPortRange(c.begin, c.end)
+		if (c.setErr == nil && c.setErr != err) ||
+			(c.setErr != nil && err == nil) {
+			t.Fatalf("Unexpected set range result, expected=%v, actual=%v", c.setErr, err)
+		}
+		if err != nil {
+			continue
+		}
+		if port > 0 {
+			err := p.ReleasePort(defaultIP, "tcp", port)
+			if err != nil {
+				t.Fatalf("Releasing port %v failed, err=%v", port, err)
+			}
+		}
+
+		port, err = p.RequestPort(defaultIP, "tcp", 0)
+		if err != nil {
+			t.Fatalf("Request failed, err %v", err)
+		}
+		if port != c.reqRlt {
+			t.Fatalf("Incorrect port returned, expected=%v, actual=%v", c.reqRlt, port)
+		}
+	}
+}
diff --git a/libnetwork/portallocator/portallocator_unix.go b/libnetwork/portallocator/portallocator_unix.go
new file mode 100644
index 0000000000000..21adb62e0c890
--- /dev/null
+++ b/libnetwork/portallocator/portallocator_unix.go
@@ -0,0 +1,13 @@
+//go:build !windows
+// +build !windows
+
+package portallocator
+
+const (
+	// defaultPortRangeStart indicates the first port in port range
+	defaultPortRangeStart = 49153
+	// defaultPortRangeEnd indicates the last port in port range
+	// consistent with default /proc/sys/net/ipv4/ip_local_port_range
+	// upper bound on linux
+	defaultPortRangeEnd = 60999
+)
diff --git a/libnetwork/portallocator/portallocator_windows.go b/libnetwork/portallocator/portallocator_windows.go
new file mode 100644
index 0000000000000..07c4411eae9c6
--- /dev/null
+++ b/libnetwork/portallocator/portallocator_windows.go
@@ -0,0 +1,12 @@
+package portallocator
+
+const (
+	// defaultPortRangeStart indicates the first port in port range
+	defaultPortRangeStart = 60000
+	// defaultPortRangeEnd indicates the last port in port range
+	defaultPortRangeEnd = 65000
+)
+
+func getDynamicPortRange() (start int, end int, err error) {
+	return defaultPortRangeStart, defaultPortRangeEnd, nil
+}
diff --git a/libnetwork/portmapper/mapper.go b/libnetwork/portmapper/mapper.go
new file mode 100644
index 0000000000000..3315158c97437
--- /dev/null
+++ b/libnetwork/portmapper/mapper.go
@@ -0,0 +1,262 @@
+package portmapper
+
+import (
+	"errors"
+	"fmt"
+	"net"
+
+	"github.com/docker/docker/libnetwork/portallocator"
+	"github.com/ishidawataru/sctp"
+	"github.com/sirupsen/logrus"
+)
+
+type mapping struct {
+	proto         string
+	userlandProxy userlandProxy
+	host          net.Addr
+	container     net.Addr
+}
+
+// newProxy is used to mock out the proxy server in tests
+var newProxy = newProxyCommand
+
+var (
+	// ErrUnknownBackendAddressType refers to an unknown container or unsupported address type
+	ErrUnknownBackendAddressType = errors.New("unknown container address type not supported")
+	// ErrPortMappedForIP refers to a port already mapped to an ip address
+	ErrPortMappedForIP = errors.New("port is already mapped to ip")
+	// ErrPortNotMapped refers to an unmapped port
+	ErrPortNotMapped = errors.New("port is not mapped")
+	// ErrSCTPAddrNoIP refers to a SCTP address without IP address.
+	ErrSCTPAddrNoIP = errors.New("sctp address does not contain any IP address")
+)
+
+// New returns a new instance of PortMapper
+func New(proxyPath string) *PortMapper {
+	return NewWithPortAllocator(portallocator.Get(), proxyPath)
+}
+
+// NewWithPortAllocator returns a new instance of PortMapper which will use the specified PortAllocator
+func NewWithPortAllocator(allocator *portallocator.PortAllocator, proxyPath string) *PortMapper {
+	return &PortMapper{
+		currentMappings: make(map[string]*mapping),
+		Allocator:       allocator,
+		proxyPath:       proxyPath,
+	}
+}
+
+// Map maps the specified container transport address to the host's network address and transport port
+func (pm *PortMapper) Map(container net.Addr, hostIP net.IP, hostPort int, useProxy bool) (host net.Addr, err error) {
+	return pm.MapRange(container, hostIP, hostPort, hostPort, useProxy)
+}
+
+// MapRange maps the specified container transport address to the host's network address and transport port range
+func (pm *PortMapper) MapRange(container net.Addr, hostIP net.IP, hostPortStart, hostPortEnd int, useProxy bool) (host net.Addr, err error) {
+	pm.lock.Lock()
+	defer pm.lock.Unlock()
+
+	var (
+		m                 *mapping
+		proto             string
+		allocatedHostPort int
+	)
+
+	switch t := container.(type) {
+	case *net.TCPAddr:
+		proto = "tcp"
+		if allocatedHostPort, err = pm.Allocator.RequestPortInRange(hostIP, proto, hostPortStart, hostPortEnd); err != nil {
+			return nil, err
+		}
+
+		m = &mapping{
+			proto:     proto,
+			host:      &net.TCPAddr{IP: hostIP, Port: allocatedHostPort},
+			container: container,
+		}
+
+		if useProxy {
+			m.userlandProxy, err = newProxy(proto, hostIP, allocatedHostPort, t.IP, t.Port, pm.proxyPath)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			m.userlandProxy, err = newDummyProxy(proto, hostIP, allocatedHostPort)
+			if err != nil {
+				return nil, err
+			}
+		}
+	case *net.UDPAddr:
+		proto = "udp"
+		if allocatedHostPort, err = pm.Allocator.RequestPortInRange(hostIP, proto, hostPortStart, hostPortEnd); err != nil {
+			return nil, err
+		}
+
+		m = &mapping{
+			proto:     proto,
+			host:      &net.UDPAddr{IP: hostIP, Port: allocatedHostPort},
+			container: container,
+		}
+
+		if useProxy {
+			m.userlandProxy, err = newProxy(proto, hostIP, allocatedHostPort, t.IP, t.Port, pm.proxyPath)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			m.userlandProxy, err = newDummyProxy(proto, hostIP, allocatedHostPort)
+			if err != nil {
+				return nil, err
+			}
+		}
+	case *sctp.SCTPAddr:
+		proto = "sctp"
+		if allocatedHostPort, err = pm.Allocator.RequestPortInRange(hostIP, proto, hostPortStart, hostPortEnd); err != nil {
+			return nil, err
+		}
+
+		m = &mapping{
+			proto:     proto,
+			host:      &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: hostIP}}, Port: allocatedHostPort},
+			container: container,
+		}
+
+		if useProxy {
+			sctpAddr := container.(*sctp.SCTPAddr)
+			if len(sctpAddr.IPAddrs) == 0 {
+				return nil, ErrSCTPAddrNoIP
+			}
+			m.userlandProxy, err = newProxy(proto, hostIP, allocatedHostPort, sctpAddr.IPAddrs[0].IP, sctpAddr.Port, pm.proxyPath)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			m.userlandProxy, err = newDummyProxy(proto, hostIP, allocatedHostPort)
+			if err != nil {
+				return nil, err
+			}
+		}
+	default:
+		return nil, ErrUnknownBackendAddressType
+	}
+
+	// release the allocated port on any further error during return.
+	defer func() {
+		if err != nil {
+			pm.Allocator.ReleasePort(hostIP, proto, allocatedHostPort)
+		}
+	}()
+
+	key := getKey(m.host)
+	if _, exists := pm.currentMappings[key]; exists {
+		return nil, ErrPortMappedForIP
+	}
+
+	containerIP, containerPort := getIPAndPort(m.container)
+	if err := pm.AppendForwardingTableEntry(m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort); err != nil {
+		return nil, err
+	}
+
+	cleanup := func() error {
+		// need to undo the iptables rules before we return
+		m.userlandProxy.Stop()
+		pm.DeleteForwardingTableEntry(m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort)
+		if err := pm.Allocator.ReleasePort(hostIP, m.proto, allocatedHostPort); err != nil {
+			return err
+		}
+
+		return nil
+	}
+
+	if err := m.userlandProxy.Start(); err != nil {
+		if err := cleanup(); err != nil {
+			return nil, fmt.Errorf("Error during port allocation cleanup: %v", err)
+		}
+		return nil, err
+	}
+
+	pm.currentMappings[key] = m
+	return m.host, nil
+}
+
+// Unmap removes stored mapping for the specified host transport address
+func (pm *PortMapper) Unmap(host net.Addr) error {
+	pm.lock.Lock()
+	defer pm.lock.Unlock()
+
+	key := getKey(host)
+	data, exists := pm.currentMappings[key]
+	if !exists {
+		return ErrPortNotMapped
+	}
+
+	if data.userlandProxy != nil {
+		data.userlandProxy.Stop()
+	}
+
+	delete(pm.currentMappings, key)
+
+	containerIP, containerPort := getIPAndPort(data.container)
+	hostIP, hostPort := getIPAndPort(data.host)
+	if err := pm.DeleteForwardingTableEntry(data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
+		logrus.Errorf("Error on iptables delete: %s", err)
+	}
+
+	switch a := host.(type) {
+	case *net.TCPAddr:
+		return pm.Allocator.ReleasePort(a.IP, "tcp", a.Port)
+	case *net.UDPAddr:
+		return pm.Allocator.ReleasePort(a.IP, "udp", a.Port)
+	case *sctp.SCTPAddr:
+		if len(a.IPAddrs) == 0 {
+			return ErrSCTPAddrNoIP
+		}
+		return pm.Allocator.ReleasePort(a.IPAddrs[0].IP, "sctp", a.Port)
+	}
+	return ErrUnknownBackendAddressType
+}
+
+// ReMapAll re-applies all port mappings
+func (pm *PortMapper) ReMapAll() {
+	pm.lock.Lock()
+	defer pm.lock.Unlock()
+	logrus.Debugln("Re-applying all port mappings.")
+	for _, data := range pm.currentMappings {
+		containerIP, containerPort := getIPAndPort(data.container)
+		hostIP, hostPort := getIPAndPort(data.host)
+		if err := pm.AppendForwardingTableEntry(data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
+			logrus.Errorf("Error on iptables add: %s", err)
+		}
+	}
+}
+
+func getKey(a net.Addr) string {
+	switch t := a.(type) {
+	case *net.TCPAddr:
+		return fmt.Sprintf("%s:%d/%s", t.IP.String(), t.Port, "tcp")
+	case *net.UDPAddr:
+		return fmt.Sprintf("%s:%d/%s", t.IP.String(), t.Port, "udp")
+	case *sctp.SCTPAddr:
+		if len(t.IPAddrs) == 0 {
+			logrus.Error(ErrSCTPAddrNoIP)
+			return ""
+		}
+		return fmt.Sprintf("%s:%d/%s", t.IPAddrs[0].IP.String(), t.Port, "sctp")
+	}
+	return ""
+}
+
+func getIPAndPort(a net.Addr) (net.IP, int) {
+	switch t := a.(type) {
+	case *net.TCPAddr:
+		return t.IP, t.Port
+	case *net.UDPAddr:
+		return t.IP, t.Port
+	case *sctp.SCTPAddr:
+		if len(t.IPAddrs) == 0 {
+			logrus.Error(ErrSCTPAddrNoIP)
+			return nil, 0
+		}
+		return t.IPAddrs[0].IP, t.Port
+	}
+	return nil, 0
+}
diff --git a/libnetwork/portmapper/mapper_linux.go b/libnetwork/portmapper/mapper_linux.go
new file mode 100644
index 0000000000000..1d537cbd9cb60
--- /dev/null
+++ b/libnetwork/portmapper/mapper_linux.go
@@ -0,0 +1,46 @@
+package portmapper
+
+import (
+	"net"
+	"sync"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/portallocator"
+)
+
+// PortMapper manages the network address translation
+type PortMapper struct {
+	bridgeName string
+
+	// udp:ip:port
+	currentMappings map[string]*mapping
+	lock            sync.Mutex
+
+	proxyPath string
+
+	Allocator *portallocator.PortAllocator
+	chain     *iptables.ChainInfo
+}
+
+// SetIptablesChain sets the specified chain into portmapper
+func (pm *PortMapper) SetIptablesChain(c *iptables.ChainInfo, bridgeName string) {
+	pm.chain = c
+	pm.bridgeName = bridgeName
+}
+
+// AppendForwardingTableEntry adds a port mapping to the forwarding table
+func (pm *PortMapper) AppendForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+	return pm.forward(iptables.Append, proto, sourceIP, sourcePort, containerIP, containerPort)
+}
+
+// DeleteForwardingTableEntry removes a port mapping from the forwarding table
+func (pm *PortMapper) DeleteForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+	return pm.forward(iptables.Delete, proto, sourceIP, sourcePort, containerIP, containerPort)
+}
+
+func (pm *PortMapper) forward(action iptables.Action, proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+	if pm.chain == nil {
+		return nil
+	}
+	return pm.chain.Forward(action, sourceIP, sourcePort, proto, containerIP, containerPort, pm.bridgeName)
+}
diff --git a/libnetwork/portmapper/mapper_linux_test.go b/libnetwork/portmapper/mapper_linux_test.go
new file mode 100644
index 0000000000000..b39376749f2d9
--- /dev/null
+++ b/libnetwork/portmapper/mapper_linux_test.go
@@ -0,0 +1,269 @@
+package portmapper
+
+import (
+	"net"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/iptables"
+)
+
+func init() {
+	// override this func to mock out the proxy server
+	newProxy = newMockProxyCommand
+}
+
+func TestSetIptablesChain(t *testing.T) {
+	pm := New("")
+
+	c := &iptables.ChainInfo{
+		Name: "TEST",
+	}
+
+	if pm.chain != nil {
+		t.Fatal("chain should be nil at init")
+	}
+
+	pm.SetIptablesChain(c, "lo")
+	if pm.chain == nil {
+		t.Fatal("chain should not be nil after set")
+	}
+}
+
+func TestMapTCPPorts(t *testing.T) {
+	pm := New("")
+	dstIP1 := net.ParseIP("192.168.0.1")
+	dstIP2 := net.ParseIP("192.168.0.2")
+	dstAddr1 := &net.TCPAddr{IP: dstIP1, Port: 80}
+	dstAddr2 := &net.TCPAddr{IP: dstIP2, Port: 80}
+
+	srcAddr1 := &net.TCPAddr{Port: 1080, IP: net.ParseIP("172.16.0.1")}
+	srcAddr2 := &net.TCPAddr{Port: 1080, IP: net.ParseIP("172.16.0.2")}
+
+	addrEqual := func(addr1, addr2 net.Addr) bool {
+		return (addr1.Network() == addr2.Network()) && (addr1.String() == addr2.String())
+	}
+
+	if host, err := pm.Map(srcAddr1, dstIP1, 80, true); err != nil {
+		t.Fatalf("Failed to allocate port: %s", err)
+	} else if !addrEqual(dstAddr1, host) {
+		t.Fatalf("Incorrect mapping result: expected %s:%s, got %s:%s",
+			dstAddr1.String(), dstAddr1.Network(), host.String(), host.Network())
+	}
+
+	if _, err := pm.Map(srcAddr1, dstIP1, 80, true); err == nil {
+		t.Fatalf("Port is in use - mapping should have failed")
+	}
+
+	if _, err := pm.Map(srcAddr2, dstIP1, 80, true); err == nil {
+		t.Fatalf("Port is in use - mapping should have failed")
+	}
+
+	if _, err := pm.Map(srcAddr2, dstIP2, 80, true); err != nil {
+		t.Fatalf("Failed to allocate port: %s", err)
+	}
+
+	if pm.Unmap(dstAddr1) != nil {
+		t.Fatalf("Failed to release port")
+	}
+
+	if pm.Unmap(dstAddr2) != nil {
+		t.Fatalf("Failed to release port")
+	}
+
+	if pm.Unmap(dstAddr2) == nil {
+		t.Fatalf("Port already released, but no error reported")
+	}
+}
+
+func TestGetUDPKey(t *testing.T) {
+	addr := &net.UDPAddr{IP: net.ParseIP("192.168.1.5"), Port: 53}
+
+	key := getKey(addr)
+
+	if expected := "192.168.1.5:53/udp"; key != expected {
+		t.Fatalf("expected key %s got %s", expected, key)
+	}
+}
+
+func TestGetTCPKey(t *testing.T) {
+	addr := &net.TCPAddr{IP: net.ParseIP("192.168.1.5"), Port: 80}
+
+	key := getKey(addr)
+
+	if expected := "192.168.1.5:80/tcp"; key != expected {
+		t.Fatalf("expected key %s got %s", expected, key)
+	}
+}
+
+func TestGetUDPIPAndPort(t *testing.T) {
+	addr := &net.UDPAddr{IP: net.ParseIP("192.168.1.5"), Port: 53}
+
+	ip, port := getIPAndPort(addr)
+	if expected := "192.168.1.5"; ip.String() != expected {
+		t.Fatalf("expected ip %s got %s", expected, ip)
+	}
+
+	if ep := 53; port != ep {
+		t.Fatalf("expected port %d got %d", ep, port)
+	}
+}
+
+func TestMapUDPPorts(t *testing.T) {
+	pm := New("")
+	dstIP1 := net.ParseIP("192.168.0.1")
+	dstIP2 := net.ParseIP("192.168.0.2")
+	dstAddr1 := &net.UDPAddr{IP: dstIP1, Port: 80}
+	dstAddr2 := &net.UDPAddr{IP: dstIP2, Port: 80}
+
+	srcAddr1 := &net.UDPAddr{Port: 1080, IP: net.ParseIP("172.16.0.1")}
+	srcAddr2 := &net.UDPAddr{Port: 1080, IP: net.ParseIP("172.16.0.2")}
+
+	addrEqual := func(addr1, addr2 net.Addr) bool {
+		return (addr1.Network() == addr2.Network()) && (addr1.String() == addr2.String())
+	}
+
+	if host, err := pm.Map(srcAddr1, dstIP1, 80, true); err != nil {
+		t.Fatalf("Failed to allocate port: %s", err)
+	} else if !addrEqual(dstAddr1, host) {
+		t.Fatalf("Incorrect mapping result: expected %s:%s, got %s:%s",
+			dstAddr1.String(), dstAddr1.Network(), host.String(), host.Network())
+	}
+
+	if _, err := pm.Map(srcAddr1, dstIP1, 80, true); err == nil {
+		t.Fatalf("Port is in use - mapping should have failed")
+	}
+
+	if _, err := pm.Map(srcAddr2, dstIP1, 80, true); err == nil {
+		t.Fatalf("Port is in use - mapping should have failed")
+	}
+
+	if _, err := pm.Map(srcAddr2, dstIP2, 80, true); err != nil {
+		t.Fatalf("Failed to allocate port: %s", err)
+	}
+
+	if pm.Unmap(dstAddr1) != nil {
+		t.Fatalf("Failed to release port")
+	}
+
+	if pm.Unmap(dstAddr2) != nil {
+		t.Fatalf("Failed to release port")
+	}
+
+	if pm.Unmap(dstAddr2) == nil {
+		t.Fatalf("Port already released, but no error reported")
+	}
+}
+
+func TestMapAllPortsSingleInterface(t *testing.T) {
+	pm := New("")
+	dstIP1 := net.ParseIP("0.0.0.0")
+	srcAddr1 := &net.TCPAddr{Port: 1080, IP: net.ParseIP("172.16.0.1")}
+
+	hosts := []net.Addr{}
+	var host net.Addr
+	var err error
+
+	defer func() {
+		for _, val := range hosts {
+			pm.Unmap(val)
+		}
+	}()
+
+	for i := 0; i < 10; i++ {
+		start, end := pm.Allocator.Begin, pm.Allocator.End
+		for i := start; i < end; i++ {
+			if host, err = pm.Map(srcAddr1, dstIP1, 0, true); err != nil {
+				t.Fatal(err)
+			}
+
+			hosts = append(hosts, host)
+		}
+
+		if _, err := pm.Map(srcAddr1, dstIP1, start, true); err == nil {
+			t.Fatalf("Port %d should be bound but is not", start)
+		}
+
+		for _, val := range hosts {
+			if err := pm.Unmap(val); err != nil {
+				t.Fatal(err)
+			}
+		}
+
+		hosts = []net.Addr{}
+	}
+}
+
+func TestMapTCPDummyListen(t *testing.T) {
+	pm := New("")
+	dstIP := net.ParseIP("0.0.0.0")
+	dstAddr := &net.TCPAddr{IP: dstIP, Port: 80}
+
+	// no-op for dummy
+	srcAddr := &net.TCPAddr{Port: 1080, IP: net.ParseIP("172.16.0.1")}
+
+	addrEqual := func(addr1, addr2 net.Addr) bool {
+		return (addr1.Network() == addr2.Network()) && (addr1.String() == addr2.String())
+	}
+
+	if host, err := pm.Map(srcAddr, dstIP, 80, false); err != nil {
+		t.Fatalf("Failed to allocate port: %s", err)
+	} else if !addrEqual(dstAddr, host) {
+		t.Fatalf("Incorrect mapping result: expected %s:%s, got %s:%s",
+			dstAddr.String(), dstAddr.Network(), host.String(), host.Network())
+	}
+	if _, err := net.Listen("tcp", "0.0.0.0:80"); err == nil {
+		t.Fatal("Listen on mapped port without proxy should fail")
+	} else {
+		if !strings.Contains(err.Error(), "address already in use") {
+			t.Fatalf("Error should be about address already in use, got %v", err)
+		}
+	}
+	if _, err := net.Listen("tcp", "0.0.0.0:81"); err != nil {
+		t.Fatal(err)
+	}
+	if host, err := pm.Map(srcAddr, dstIP, 81, false); err == nil {
+		t.Fatalf("Bound port shouldn't be allocated, but it was on: %v", host)
+	} else {
+		if !strings.Contains(err.Error(), "address already in use") {
+			t.Fatalf("Error should be about address already in use, got %v", err)
+		}
+	}
+}
+
+func TestMapUDPDummyListen(t *testing.T) {
+	pm := New("")
+	dstIP := net.ParseIP("0.0.0.0")
+	dstAddr := &net.UDPAddr{IP: dstIP, Port: 80}
+
+	// no-op for dummy
+	srcAddr := &net.UDPAddr{Port: 1080, IP: net.ParseIP("172.16.0.1")}
+
+	addrEqual := func(addr1, addr2 net.Addr) bool {
+		return (addr1.Network() == addr2.Network()) && (addr1.String() == addr2.String())
+	}
+
+	if host, err := pm.Map(srcAddr, dstIP, 80, false); err != nil {
+		t.Fatalf("Failed to allocate port: %s", err)
+	} else if !addrEqual(dstAddr, host) {
+		t.Fatalf("Incorrect mapping result: expected %s:%s, got %s:%s",
+			dstAddr.String(), dstAddr.Network(), host.String(), host.Network())
+	}
+	if _, err := net.ListenUDP("udp", &net.UDPAddr{IP: dstIP, Port: 80}); err == nil {
+		t.Fatal("Listen on mapped port without proxy should fail")
+	} else {
+		if !strings.Contains(err.Error(), "address already in use") {
+			t.Fatalf("Error should be about address already in use, got %v", err)
+		}
+	}
+	if _, err := net.ListenUDP("udp", &net.UDPAddr{IP: dstIP, Port: 81}); err != nil {
+		t.Fatal(err)
+	}
+	if host, err := pm.Map(srcAddr, dstIP, 81, false); err == nil {
+		t.Fatalf("Bound port shouldn't be allocated, but it was on: %v", host)
+	} else {
+		if !strings.Contains(err.Error(), "address already in use") {
+			t.Fatalf("Error should be about address already in use, got %v", err)
+		}
+	}
+}
diff --git a/libnetwork/portmapper/mapper_windows.go b/libnetwork/portmapper/mapper_windows.go
new file mode 100644
index 0000000000000..7be0eb12e6fc1
--- /dev/null
+++ b/libnetwork/portmapper/mapper_windows.go
@@ -0,0 +1,37 @@
+package portmapper
+
+import (
+	"net"
+	"sync"
+
+	"github.com/docker/docker/libnetwork/portallocator"
+)
+
+// PortMapper manages the network address translation
+type PortMapper struct {
+	bridgeName string
+
+	// udp:ip:port
+	currentMappings map[string]*mapping
+	lock            sync.Mutex
+
+	proxyPath string
+
+	Allocator *portallocator.PortAllocator
+}
+
+// AppendForwardingTableEntry adds a port mapping to the forwarding table
+func (pm *PortMapper) AppendForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+	return nil
+}
+
+// DeleteForwardingTableEntry removes a port mapping from the forwarding table
+func (pm *PortMapper) DeleteForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+	return nil
+}
+
+// checkIP checks if IP is valid and matching to chain version
+func (pm *PortMapper) checkIP(ip net.IP) bool {
+	// no IPv6 for port mapper on windows -> only IPv4 valid
+	return ip.To4() != nil
+}
diff --git a/vendor/github.com/docker/libnetwork/portmapper/mock_proxy.go b/libnetwork/portmapper/mock_proxy_test.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/portmapper/mock_proxy.go
rename to libnetwork/portmapper/mock_proxy_test.go
diff --git a/libnetwork/portmapper/proxy.go b/libnetwork/portmapper/proxy.go
new file mode 100644
index 0000000000000..9ab70ffa0e488
--- /dev/null
+++ b/libnetwork/portmapper/proxy.go
@@ -0,0 +1,87 @@
+package portmapper
+
+import (
+	"fmt"
+	"io"
+	"net"
+
+	"github.com/ishidawataru/sctp"
+)
+
+type userlandProxy interface {
+	Start() error
+	Stop() error
+}
+
+// ipVersion refers to IP version - v4 or v6
+type ipVersion string
+
+const (
+	// IPv4 is version 4
+	ipv4 ipVersion = "4"
+	// IPv4 is version 6
+	ipv6 ipVersion = "6"
+)
+
+// dummyProxy just listen on some port, it is needed to prevent accidental
+// port allocations on bound port, because without userland proxy we using
+// iptables rules and not net.Listen
+type dummyProxy struct {
+	listener  io.Closer
+	addr      net.Addr
+	ipVersion ipVersion
+}
+
+func newDummyProxy(proto string, hostIP net.IP, hostPort int) (userlandProxy, error) {
+	// detect version of hostIP to bind only to correct version
+	version := ipv4
+	if hostIP.To4() == nil {
+		version = ipv6
+	}
+	switch proto {
+	case "tcp":
+		addr := &net.TCPAddr{IP: hostIP, Port: hostPort}
+		return &dummyProxy{addr: addr, ipVersion: version}, nil
+	case "udp":
+		addr := &net.UDPAddr{IP: hostIP, Port: hostPort}
+		return &dummyProxy{addr: addr, ipVersion: version}, nil
+	case "sctp":
+		addr := &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: hostIP}}, Port: hostPort}
+		return &dummyProxy{addr: addr, ipVersion: version}, nil
+	default:
+		return nil, fmt.Errorf("Unknown addr type: %s", proto)
+	}
+}
+
+func (p *dummyProxy) Start() error {
+	switch addr := p.addr.(type) {
+	case *net.TCPAddr:
+		l, err := net.ListenTCP("tcp"+string(p.ipVersion), addr)
+		if err != nil {
+			return err
+		}
+		p.listener = l
+	case *net.UDPAddr:
+		l, err := net.ListenUDP("udp"+string(p.ipVersion), addr)
+		if err != nil {
+			return err
+		}
+		p.listener = l
+	case *sctp.SCTPAddr:
+		l, err := sctp.ListenSCTP("sctp"+string(p.ipVersion), addr)
+		if err != nil {
+			return err
+		}
+		p.listener = l
+	default:
+		return fmt.Errorf("Unknown addr type: %T", p.addr)
+	}
+	return nil
+}
+
+func (p *dummyProxy) Stop() error {
+	if p.listener != nil {
+		return p.listener.Close()
+	}
+	return nil
+}
diff --git a/libnetwork/portmapper/proxy_linux.go b/libnetwork/portmapper/proxy_linux.go
new file mode 100644
index 0000000000000..fa0d11f88456b
--- /dev/null
+++ b/libnetwork/portmapper/proxy_linux.go
@@ -0,0 +1,98 @@
+package portmapper
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"os/exec"
+	"strconv"
+	"syscall"
+	"time"
+)
+
+const userlandProxyCommandName = "docker-proxy"
+
+func newProxyCommand(proto string, hostIP net.IP, hostPort int, containerIP net.IP, containerPort int, proxyPath string) (userlandProxy, error) {
+	path := proxyPath
+	if proxyPath == "" {
+		cmd, err := exec.LookPath(userlandProxyCommandName)
+		if err != nil {
+			return nil, err
+		}
+		path = cmd
+	}
+
+	args := []string{
+		path,
+		"-proto", proto,
+		"-host-ip", hostIP.String(),
+		"-host-port", strconv.Itoa(hostPort),
+		"-container-ip", containerIP.String(),
+		"-container-port", strconv.Itoa(containerPort),
+	}
+
+	return &proxyCommand{
+		cmd: &exec.Cmd{
+			Path: path,
+			Args: args,
+			SysProcAttr: &syscall.SysProcAttr{
+				Pdeathsig: syscall.SIGTERM, // send a sigterm to the proxy if the daemon process dies
+			},
+		},
+	}, nil
+}
+
+// proxyCommand wraps an exec.Cmd to run the userland TCP and UDP
+// proxies as separate processes.
+type proxyCommand struct {
+	cmd *exec.Cmd
+}
+
+func (p *proxyCommand) Start() error {
+	r, w, err := os.Pipe()
+	if err != nil {
+		return fmt.Errorf("proxy unable to open os.Pipe %s", err)
+	}
+	defer r.Close()
+	p.cmd.ExtraFiles = []*os.File{w}
+	if err := p.cmd.Start(); err != nil {
+		return err
+	}
+	w.Close()
+
+	errchan := make(chan error, 1)
+	go func() {
+		buf := make([]byte, 2)
+		r.Read(buf)
+
+		if string(buf) != "0\n" {
+			errStr, err := io.ReadAll(r)
+			if err != nil {
+				errchan <- fmt.Errorf("Error reading exit status from userland proxy: %v", err)
+				return
+			}
+
+			errchan <- fmt.Errorf("Error starting userland proxy: %s", errStr)
+			return
+		}
+		errchan <- nil
+	}()
+
+	select {
+	case err := <-errchan:
+		return err
+	case <-time.After(16 * time.Second):
+		return fmt.Errorf("Timed out proxy starting the userland proxy")
+	}
+}
+
+func (p *proxyCommand) Stop() error {
+	if p.cmd.Process != nil {
+		if err := p.cmd.Process.Signal(os.Interrupt); err != nil {
+			return err
+		}
+		return p.cmd.Wait()
+	}
+	return nil
+}
diff --git a/libnetwork/portmapper/proxy_windows.go b/libnetwork/portmapper/proxy_windows.go
new file mode 100644
index 0000000000000..06a9e2462cc62
--- /dev/null
+++ b/libnetwork/portmapper/proxy_windows.go
@@ -0,0 +1,10 @@
+package portmapper
+
+import (
+	"errors"
+	"net"
+)
+
+func newProxyCommand(proto string, hostIP net.IP, hostPort int, containerIP net.IP, containerPort int, proxyPath string) (userlandProxy, error) {
+	return nil, errors.New("proxy is unsupported on windows")
+}
diff --git a/libnetwork/resolvconf/resolvconf.go b/libnetwork/resolvconf/resolvconf.go
new file mode 100644
index 0000000000000..a9d8027886d55
--- /dev/null
+++ b/libnetwork/resolvconf/resolvconf.go
@@ -0,0 +1,295 @@
+// Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf
+package resolvconf
+
+import (
+	"bytes"
+	"os"
+	"regexp"
+	"strings"
+	"sync"
+
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	// defaultPath is the default path to the resolv.conf that contains information to resolve DNS. See Path().
+	defaultPath = "/etc/resolv.conf"
+	// alternatePath is a path different from defaultPath, that may be used to resolve DNS. See Path().
+	alternatePath = "/run/systemd/resolve/resolv.conf"
+)
+
+// constants for the IP address type
+const (
+	IP = iota // IPv4 and IPv6
+	IPv4
+	IPv6
+)
+
+var (
+	detectSystemdResolvConfOnce sync.Once
+	pathAfterSystemdDetection   = defaultPath
+)
+
+// Path returns the path to the resolv.conf file that libnetwork should use.
+//
+// When /etc/resolv.conf contains 127.0.0.53 as the only nameserver, then
+// it is assumed systemd-resolved manages DNS. Because inside the container 127.0.0.53
+// is not a valid DNS server, Path() returns /run/systemd/resolve/resolv.conf
+// which is the resolv.conf that systemd-resolved generates and manages.
+// Otherwise Path() returns /etc/resolv.conf.
+//
+// Errors are silenced as they will inevitably resurface at future open/read calls.
+//
+// More information at https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html#/etc/resolv.conf
+func Path() string {
+	detectSystemdResolvConfOnce.Do(func() {
+		candidateResolvConf, err := os.ReadFile(defaultPath)
+		if err != nil {
+			// silencing error as it will resurface at next calls trying to read defaultPath
+			return
+		}
+		ns := GetNameservers(candidateResolvConf, IP)
+		if len(ns) == 1 && ns[0] == "127.0.0.53" {
+			pathAfterSystemdDetection = alternatePath
+			logrus.Infof("detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: %s", alternatePath)
+		}
+	})
+	return pathAfterSystemdDetection
+}
+
+const (
+	// ipLocalhost is a regex pattern for IPv4 or IPv6 loopback range.
+	ipLocalhost  = `((127\.([0-9]{1,3}\.){2}[0-9]{1,3})|(::1)$)`
+	ipv4NumBlock = `(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)`
+	ipv4Address  = `(` + ipv4NumBlock + `\.){3}` + ipv4NumBlock
+
+	// This is not an IPv6 address verifier as it will accept a super-set of IPv6, and also
+	// will *not match* IPv4-Embedded IPv6 Addresses (RFC6052), but that and other variants
+	// -- e.g. other link-local types -- either won't work in containers or are unnecessary.
+	// For readability and sufficiency for Docker purposes this seemed more reasonable than a
+	// 1000+ character regexp with exact and complete IPv6 validation
+	ipv6Address = `([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{0,4})(%\w+)?`
+)
+
+var (
+	// Note: the default IPv4 & IPv6 resolvers are set to Google's Public DNS
+	defaultIPv4Dns = []string{"nameserver 8.8.8.8", "nameserver 8.8.4.4"}
+	defaultIPv6Dns = []string{"nameserver 2001:4860:4860::8888", "nameserver 2001:4860:4860::8844"}
+
+	localhostNSRegexp = regexp.MustCompile(`(?m)^nameserver\s+` + ipLocalhost + `\s*\n*`)
+	nsIPv6Regexp      = regexp.MustCompile(`(?m)^nameserver\s+` + ipv6Address + `\s*\n*`)
+	nsRegexp          = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `)|(` + ipv6Address + `))\s*$`)
+	nsIPv6Regexpmatch = regexp.MustCompile(`^\s*nameserver\s*((` + ipv6Address + `))\s*$`)
+	nsIPv4Regexpmatch = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `))\s*$`)
+	searchRegexp      = regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`)
+	optionsRegexp     = regexp.MustCompile(`^\s*options\s*(([^\s]+\s*)*)$`)
+)
+
+var lastModified struct {
+	sync.Mutex
+	sha256   string
+	contents []byte
+}
+
+// File contains the resolv.conf content and its hash
+type File struct {
+	Content []byte
+	Hash    string
+}
+
+// Get returns the contents of /etc/resolv.conf and its hash
+func Get() (*File, error) {
+	return GetSpecific(Path())
+}
+
+// GetSpecific returns the contents of the user specified resolv.conf file and its hash
+func GetSpecific(path string) (*File, error) {
+	resolv, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+	hash, err := hashData(bytes.NewReader(resolv))
+	if err != nil {
+		return nil, err
+	}
+	return &File{Content: resolv, Hash: hash}, nil
+}
+
+// GetIfChanged retrieves the host /etc/resolv.conf file, checks against the last hash
+// and, if modified since last check, returns the bytes and new hash.
+// This feature is used by the resolv.conf updater for containers
+func GetIfChanged() (*File, error) {
+	lastModified.Lock()
+	defer lastModified.Unlock()
+
+	resolv, err := os.ReadFile(Path())
+	if err != nil {
+		return nil, err
+	}
+	newHash, err := hashData(bytes.NewReader(resolv))
+	if err != nil {
+		return nil, err
+	}
+	if lastModified.sha256 != newHash {
+		lastModified.sha256 = newHash
+		lastModified.contents = resolv
+		return &File{Content: resolv, Hash: newHash}, nil
+	}
+	// nothing changed, so return no data
+	return nil, nil
+}
+
+// GetLastModified retrieves the last used contents and hash of the host resolv.conf.
+// Used by containers updating on restart
+func GetLastModified() *File {
+	lastModified.Lock()
+	defer lastModified.Unlock()
+
+	return &File{Content: lastModified.contents, Hash: lastModified.sha256}
+}
+
+// FilterResolvDNS cleans up the config in resolvConf.  It has two main jobs:
+// 1. It looks for localhost (127.*|::1) entries in the provided
+//    resolv.conf, removing local nameserver entries, and, if the resulting
+//    cleaned config has no defined nameservers left, adds default DNS entries
+// 2. Given the caller provides the enable/disable state of IPv6, the filter
+//    code will remove all IPv6 nameservers if it is not enabled for containers
+//
+func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool) (*File, error) {
+	cleanedResolvConf := localhostNSRegexp.ReplaceAll(resolvConf, []byte{})
+	// if IPv6 is not enabled, also clean out any IPv6 address nameserver
+	if !ipv6Enabled {
+		cleanedResolvConf = nsIPv6Regexp.ReplaceAll(cleanedResolvConf, []byte{})
+	}
+	// if the resulting resolvConf has no more nameservers defined, add appropriate
+	// default DNS servers for IPv4 and (optionally) IPv6
+	if len(GetNameservers(cleanedResolvConf, IP)) == 0 {
+		logrus.Infof("No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: %v", defaultIPv4Dns)
+		dns := defaultIPv4Dns
+		if ipv6Enabled {
+			logrus.Infof("IPv6 enabled; Adding default IPv6 external servers: %v", defaultIPv6Dns)
+			dns = append(dns, defaultIPv6Dns...)
+		}
+		cleanedResolvConf = append(cleanedResolvConf, []byte("\n"+strings.Join(dns, "\n"))...)
+	}
+	hash, err := hashData(bytes.NewReader(cleanedResolvConf))
+	if err != nil {
+		return nil, err
+	}
+	return &File{Content: cleanedResolvConf, Hash: hash}, nil
+}
+
+// getLines parses input into lines and strips away comments.
+func getLines(input []byte, commentMarker []byte) [][]byte {
+	lines := bytes.Split(input, []byte("\n"))
+	var output [][]byte
+	for _, currentLine := range lines {
+		var commentIndex = bytes.Index(currentLine, commentMarker)
+		if commentIndex == -1 {
+			output = append(output, currentLine)
+		} else {
+			output = append(output, currentLine[:commentIndex])
+		}
+	}
+	return output
+}
+
+// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf
+func GetNameservers(resolvConf []byte, kind int) []string {
+	nameservers := []string{}
+	for _, line := range getLines(resolvConf, []byte("#")) {
+		var ns [][]byte
+		if kind == IP {
+			ns = nsRegexp.FindSubmatch(line)
+		} else if kind == IPv4 {
+			ns = nsIPv4Regexpmatch.FindSubmatch(line)
+		} else if kind == IPv6 {
+			ns = nsIPv6Regexpmatch.FindSubmatch(line)
+		}
+		if len(ns) > 0 {
+			nameservers = append(nameservers, string(ns[1]))
+		}
+	}
+	return nameservers
+}
+
+// GetNameserversAsCIDR returns nameservers (if any) listed in
+// /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32")
+// This function's output is intended for net.ParseCIDR
+func GetNameserversAsCIDR(resolvConf []byte) []string {
+	nameservers := []string{}
+	for _, nameserver := range GetNameservers(resolvConf, IP) {
+		var address string
+		// If IPv6, strip zone if present
+		if strings.Contains(nameserver, ":") {
+			address = strings.Split(nameserver, "%")[0] + "/128"
+		} else {
+			address = nameserver + "/32"
+		}
+		nameservers = append(nameservers, address)
+	}
+	return nameservers
+}
+
+// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf
+// If more than one search line is encountered, only the contents of the last
+// one is returned.
+func GetSearchDomains(resolvConf []byte) []string {
+	domains := []string{}
+	for _, line := range getLines(resolvConf, []byte("#")) {
+		match := searchRegexp.FindSubmatch(line)
+		if match == nil {
+			continue
+		}
+		domains = strings.Fields(string(match[1]))
+	}
+	return domains
+}
+
+// GetOptions returns options (if any) listed in /etc/resolv.conf
+// If more than one options line is encountered, only the contents of the last
+// one is returned.
+func GetOptions(resolvConf []byte) []string {
+	options := []string{}
+	for _, line := range getLines(resolvConf, []byte("#")) {
+		match := optionsRegexp.FindSubmatch(line)
+		if match == nil {
+			continue
+		}
+		options = strings.Fields(string(match[1]))
+	}
+	return options
+}
+
+// Build writes a configuration file to path containing a "nameserver" entry
+// for every element in dns, a "search" entry for every element in
+// dnsSearch, and an "options" entry for every element in dnsOptions.
+func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
+	content := bytes.NewBuffer(nil)
+	if len(dnsSearch) > 0 {
+		if searchString := strings.Join(dnsSearch, " "); strings.Trim(searchString, " ") != "." {
+			if _, err := content.WriteString("search " + searchString + "\n"); err != nil {
+				return nil, err
+			}
+		}
+	}
+	for _, dns := range dns {
+		if _, err := content.WriteString("nameserver " + dns + "\n"); err != nil {
+			return nil, err
+		}
+	}
+	if len(dnsOptions) > 0 {
+		if optsString := strings.Join(dnsOptions, " "); strings.Trim(optsString, " ") != "" {
+			if _, err := content.WriteString("options " + optsString + "\n"); err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	hash, err := hashData(bytes.NewReader(content.Bytes()))
+	if err != nil {
+		return nil, err
+	}
+
+	return &File{Content: content.Bytes(), Hash: hash}, os.WriteFile(path, content.Bytes(), 0644)
+}
diff --git a/libnetwork/resolvconf/resolvconf_linux_test.go b/libnetwork/resolvconf/resolvconf_linux_test.go
new file mode 100644
index 0000000000000..1d7b9a86eddd5
--- /dev/null
+++ b/libnetwork/resolvconf/resolvconf_linux_test.go
@@ -0,0 +1,303 @@
+package resolvconf
+
+import (
+	"bytes"
+	"os"
+	"testing"
+)
+
+func TestGet(t *testing.T) {
+	resolvConfUtils, err := Get()
+	if err != nil {
+		t.Fatal(err)
+	}
+	resolvConfSystem, err := os.ReadFile("/etc/resolv.conf")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(resolvConfUtils.Content) != string(resolvConfSystem) {
+		t.Fatalf("/etc/resolv.conf and GetResolvConf have different content.")
+	}
+	hashSystem, err := hashData(bytes.NewReader(resolvConfSystem))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if resolvConfUtils.Hash != hashSystem {
+		t.Fatalf("/etc/resolv.conf and GetResolvConf have different hashes.")
+	}
+}
+
+func TestGetNameservers(t *testing.T) {
+	for resolv, result := range map[string][]string{`
+nameserver 1.2.3.4
+nameserver 40.3.200.10
+search example.com`: {"1.2.3.4", "40.3.200.10"},
+		`search example.com`: {},
+		`nameserver 1.2.3.4
+search example.com
+nameserver 4.30.20.100`: {"1.2.3.4", "4.30.20.100"},
+		``:                        {},
+		`  nameserver 1.2.3.4   `: {"1.2.3.4"},
+		`search example.com
+nameserver 1.2.3.4
+#nameserver 4.3.2.1`: {"1.2.3.4"},
+		`search example.com
+nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4"},
+	} {
+		test := GetNameservers([]byte(resolv), IP)
+		if !strSlicesEqual(test, result) {
+			t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv)
+		}
+	}
+}
+
+func TestGetNameserversAsCIDR(t *testing.T) {
+	for resolv, result := range map[string][]string{`
+nameserver 1.2.3.4
+nameserver 40.3.200.10
+search example.com`: {"1.2.3.4/32", "40.3.200.10/32"},
+		`search example.com`: {},
+		`nameserver 1.2.3.4
+search example.com
+nameserver 4.30.20.100`: {"1.2.3.4/32", "4.30.20.100/32"},
+		``:                        {},
+		`  nameserver 1.2.3.4   `: {"1.2.3.4/32"},
+		`search example.com
+nameserver 1.2.3.4
+#nameserver 4.3.2.1`: {"1.2.3.4/32"},
+		`search example.com
+nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4/32"},
+	} {
+		test := GetNameserversAsCIDR([]byte(resolv))
+		if !strSlicesEqual(test, result) {
+			t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv)
+		}
+	}
+}
+
+func TestGetSearchDomains(t *testing.T) {
+	for resolv, result := range map[string][]string{
+		`search example.com`:           {"example.com"},
+		`search example.com # ignored`: {"example.com"},
+		`	  search	 example.com	  `: {"example.com"},
+		`	  search	 example.com	  # ignored`: {"example.com"},
+		`search foo.example.com example.com`: {"foo.example.com", "example.com"},
+		`	   search	   foo.example.com	 example.com	`: {"foo.example.com", "example.com"},
+		`	   search	   foo.example.com	 example.com	# ignored`: {"foo.example.com", "example.com"},
+		``:          {},
+		`# ignored`: {},
+		`nameserver 1.2.3.4
+search foo.example.com example.com`: {"foo.example.com", "example.com"},
+		`nameserver 1.2.3.4
+search dup1.example.com dup2.example.com
+search foo.example.com example.com`: {"foo.example.com", "example.com"},
+		`nameserver 1.2.3.4
+search foo.example.com example.com
+nameserver 4.30.20.100`: {"foo.example.com", "example.com"},
+	} {
+		test := GetSearchDomains([]byte(resolv))
+		if !strSlicesEqual(test, result) {
+			t.Fatalf("Wrong search domain string {%s} should be %v. Input: %s", test, result, resolv)
+		}
+	}
+}
+
+func TestGetOptions(t *testing.T) {
+	for resolv, result := range map[string][]string{
+		`options opt1`:           {"opt1"},
+		`options opt1 # ignored`: {"opt1"},
+		`	  options	 opt1	  `: {"opt1"},
+		`	  options	 opt1	  # ignored`: {"opt1"},
+		`options opt1 opt2 opt3`:           {"opt1", "opt2", "opt3"},
+		`options opt1 opt2 opt3 # ignored`: {"opt1", "opt2", "opt3"},
+		`	   options	 opt1	 opt2	 opt3	`: {"opt1", "opt2", "opt3"},
+		`	   options	 opt1	 opt2	 opt3	# ignored`: {"opt1", "opt2", "opt3"},
+		``:                   {},
+		`# ignored`:          {},
+		`nameserver 1.2.3.4`: {},
+		`nameserver 1.2.3.4
+options opt1 opt2 opt3`: {"opt1", "opt2", "opt3"},
+		`nameserver 1.2.3.4
+options opt1 opt2
+options opt3 opt4`: {"opt3", "opt4"},
+	} {
+		test := GetOptions([]byte(resolv))
+		if !strSlicesEqual(test, result) {
+			t.Fatalf("Wrong options string {%s} should be %v. Input: %s", test, result, resolv)
+		}
+	}
+}
+
+func strSlicesEqual(a, b []string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+
+	for i, v := range a {
+		if v != b[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+func TestBuild(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	_, err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"search1"}, []string{"opt1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "search search1\nnameserver ns1\nnameserver ns2\nnameserver ns3\noptions opt1\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestBuildWithZeroLengthDomainSearch(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	_, err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"."}, []string{"opt1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "nameserver ns1\nnameserver ns2\nnameserver ns3\noptions opt1\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+	if notExpected := "search ."; bytes.Contains(content, []byte(notExpected)) {
+		t.Fatalf("Expected to not find '%s' got '%s'", notExpected, content)
+	}
+}
+
+func TestBuildWithNoOptions(t *testing.T) {
+	file, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	_, err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"search1"}, []string{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "search search1\nnameserver ns1\nnameserver ns2\nnameserver ns3\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+	if notExpected := "search ."; bytes.Contains(content, []byte(notExpected)) {
+		t.Fatalf("Expected to not find '%s' got '%s'", notExpected, content)
+	}
+}
+
+func TestFilterResolvDns(t *testing.T) {
+	ns0 := "nameserver 10.16.60.14\nnameserver 10.16.60.21\n"
+
+	if result, _ := FilterResolvDNS([]byte(ns0), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed No Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 := "nameserver 10.16.60.14\nnameserver 10.16.60.21\nnameserver 127.0.0.1\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 = "nameserver 10.16.60.14\nnameserver 127.0.0.1\nnameserver 10.16.60.21\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 = "nameserver 127.0.1.1\nnameserver 10.16.60.14\nnameserver 10.16.60.21\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 = "nameserver ::1\nnameserver 10.16.60.14\nnameserver 127.0.2.1\nnameserver 10.16.60.21\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 = "nameserver 10.16.60.14\nnameserver ::1\nnameserver 10.16.60.21\nnameserver ::1"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 disabled (false param), the IPv6 nameserver should be removed
+	ns1 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\nnameserver ::1"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed Localhost+IPv6 off: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 disabled (false param), the IPv6 link-local nameserver with zone ID should be removed
+	ns1 = "nameserver 10.16.60.14\nnameserver FE80::BB1%1\nnameserver FE80::BB1%eth0\nnameserver 10.16.60.21\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed Localhost+IPv6 off: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 enabled, the IPv6 nameserver should be preserved
+	ns0 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\n"
+	ns1 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\nnameserver ::1"
+	if result, _ := FilterResolvDNS([]byte(ns1), true); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed Localhost+IPv6 on: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 enabled, and no non-localhost servers, Google defaults (both IPv4+IPv6) should be added
+	ns0 = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\nnameserver 2001:4860:4860::8888\nnameserver 2001:4860:4860::8844"
+	ns1 = "nameserver 127.0.0.1\nnameserver ::1\nnameserver 127.0.2.1"
+	if result, _ := FilterResolvDNS([]byte(ns1), true); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed no Localhost+IPv6 enabled: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 disabled, and no non-localhost servers, Google defaults (only IPv4) should be added
+	ns0 = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4"
+	ns1 = "nameserver 127.0.0.1\nnameserver ::1\nnameserver 127.0.2.1"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Fatalf("Failed no Localhost+IPv6 enabled: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+}
diff --git a/libnetwork/resolvconf/utils.go b/libnetwork/resolvconf/utils.go
new file mode 100644
index 0000000000000..7d4d095793dde
--- /dev/null
+++ b/libnetwork/resolvconf/utils.go
@@ -0,0 +1,16 @@
+package resolvconf
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"io"
+)
+
+// hashData returns the sha256 sum of src.
+func hashData(src io.Reader) (string, error) {
+	h := sha256.New()
+	if _, err := io.Copy(h, src); err != nil {
+		return "", err
+	}
+	return "sha256:" + hex.EncodeToString(h.Sum(nil)), nil
+}
diff --git a/libnetwork/resolvconf/utils_test.go b/libnetwork/resolvconf/utils_test.go
new file mode 100644
index 0000000000000..fa57a1d33df68
--- /dev/null
+++ b/libnetwork/resolvconf/utils_test.go
@@ -0,0 +1,18 @@
+package resolvconf
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestHashData(t *testing.T) {
+	reader := strings.NewReader("hash-me")
+	actual, err := hashData(reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expected := "sha256:4d11186aed035cc624d553e10db358492c84a7cd6b9670d92123c144930450aa"
+	if actual != expected {
+		t.Fatalf("Expecting %s, got %s", expected, actual)
+	}
+}
diff --git a/vendor/github.com/docker/libnetwork/resolver.go b/libnetwork/resolver.go
similarity index 82%
rename from vendor/github.com/docker/libnetwork/resolver.go
rename to libnetwork/resolver.go
index 4f5f71897cd06..5530bbff900a2 100644
--- a/vendor/github.com/docker/libnetwork/resolver.go
+++ b/libnetwork/resolver.go
@@ -8,7 +8,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/miekg/dns"
 	"github.com/sirupsen/logrus"
 )
@@ -21,10 +21,10 @@ type Resolver interface {
 	// Stop stops the name server for the container. Stopped resolver
 	// can be reused after running the SetupFunc again.
 	Stop()
-	// SetupFunc() provides the setup function that should be run
+	// SetupFunc provides the setup function that should be run
 	// in the container's network namespace.
 	SetupFunc(int) func()
-	// NameServer() returns the IP of the DNS resolver for the
+	// NameServer returns the IP of the DNS resolver for the
 	// containers.
 	NameServer() string
 	// SetExtServers configures the external nameservers the resolver
@@ -52,7 +52,7 @@ type DNSBackend interface {
 	// ExecFunc allows a function to be executed in the context of the backend
 	// on behalf of the resolver.
 	ExecFunc(f func()) error
-	//NdotsSet queries the backends ndots dns option settings
+	// NdotsSet queries the backends ndots dns option settings
 	NdotsSet() bool
 	// HandleQueryResp passes the name & IP from a response to the backend. backend
 	// can use it to maintain any required state about the resolution
@@ -157,13 +157,17 @@ func (r *resolver) Start() error {
 	s := &dns.Server{Handler: r, PacketConn: r.conn}
 	r.server = s
 	go func() {
-		s.ActivateAndServe()
+		if err := s.ActivateAndServe(); err != nil {
+			logrus.WithError(err).Error("[resolver] failed to start PacketConn DNS server")
+		}
 	}()
 
 	tcpServer := &dns.Server{Handler: r, Listener: r.tcpListen}
 	r.tcpServer = tcpServer
 	go func() {
-		tcpServer.ActivateAndServe()
+		if err := tcpServer.ActivateAndServe(); err != nil {
+			logrus.WithError(err).Error("[resolver] failed to start TCP DNS server")
+		}
 	}()
 	return nil
 }
@@ -173,10 +177,10 @@ func (r *resolver) Stop() {
 	defer func() { <-r.startCh }()
 
 	if r.server != nil {
-		r.server.Shutdown()
+		r.server.Shutdown() // nolint:errcheck
 	}
 	if r.tcpServer != nil {
-		r.tcpServer.Shutdown()
+		r.tcpServer.Shutdown() // nolint:errcheck
 	}
 	r.conn = nil
 	r.tcpServer = nil
@@ -210,7 +214,7 @@ func setCommonFlags(msg *dns.Msg) {
 
 func shuffleAddr(addr []net.IP) []net.IP {
 	for i := len(addr) - 1; i > 0; i-- {
-		r := rand.Intn(i + 1)
+		r := rand.Intn(i + 1) // nolint:gosec // gosec complains about the use of rand here. It should be fine.
 		addr[i], addr[r] = addr[r], addr[i]
 	}
 	return addr
@@ -224,7 +228,8 @@ func createRespMsg(query *dns.Msg) *dns.Msg {
 	return resp
 }
 
-func (r *resolver) handleMXQuery(name string, query *dns.Msg) (*dns.Msg, error) {
+func (r *resolver) handleMXQuery(query *dns.Msg) (*dns.Msg, error) {
+	name := query.Question[0].Name
 	addrv4, _ := r.backend.ResolveName(name, types.IPv4)
 	addrv6, _ := r.backend.ResolveName(name, types.IPv6)
 
@@ -240,9 +245,12 @@ func (r *resolver) handleMXQuery(name string, query *dns.Msg) (*dns.Msg, error)
 	return resp, nil
 }
 
-func (r *resolver) handleIPQuery(name string, query *dns.Msg, ipType int) (*dns.Msg, error) {
-	var addr []net.IP
-	var ipv6Miss bool
+func (r *resolver) handleIPQuery(query *dns.Msg, ipType int) (*dns.Msg, error) {
+	var (
+		addr     []net.IP
+		ipv6Miss bool
+		name     = query.Question[0].Name
+	)
 	addr, ipv6Miss = r.backend.ResolveName(name, ipType)
 
 	if addr == nil && ipv6Miss {
@@ -279,8 +287,11 @@ func (r *resolver) handleIPQuery(name string, query *dns.Msg, ipType int) (*dns.
 	return resp, nil
 }
 
-func (r *resolver) handlePTRQuery(ptr string, query *dns.Msg) (*dns.Msg, error) {
-	var parts []string
+func (r *resolver) handlePTRQuery(query *dns.Msg) (*dns.Msg, error) {
+	var (
+		parts []string
+		ptr   = query.Question[0].Name
+	)
 
 	if strings.HasSuffix(ptr, ptrIPv4domain) {
 		parts = strings.Split(ptr, ptrIPv4domain)
@@ -310,8 +321,8 @@ func (r *resolver) handlePTRQuery(ptr string, query *dns.Msg) (*dns.Msg, error)
 	return resp, nil
 }
 
-func (r *resolver) handleSRVQuery(svc string, query *dns.Msg) (*dns.Msg, error) {
-
+func (r *resolver) handleSRVQuery(query *dns.Msg) (*dns.Msg, error) {
+	svc := query.Question[0].Name
 	srv, ip := r.backend.ResolveService(svc)
 
 	if len(srv) == 0 {
@@ -366,23 +377,27 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 	if query == nil || len(query.Question) == 0 {
 		return
 	}
-	name := query.Question[0].Name
 
-	switch query.Question[0].Qtype {
+	queryName := query.Question[0].Name
+	queryType := query.Question[0].Qtype
+
+	switch queryType {
 	case dns.TypeA:
-		resp, err = r.handleIPQuery(name, query, types.IPv4)
+		resp, err = r.handleIPQuery(query, types.IPv4)
 	case dns.TypeAAAA:
-		resp, err = r.handleIPQuery(name, query, types.IPv6)
+		resp, err = r.handleIPQuery(query, types.IPv6)
 	case dns.TypeMX:
-		resp, err = r.handleMXQuery(name, query)
+		resp, err = r.handleMXQuery(query)
 	case dns.TypePTR:
-		resp, err = r.handlePTRQuery(name, query)
+		resp, err = r.handlePTRQuery(query)
 	case dns.TypeSRV:
-		resp, err = r.handleSRVQuery(name, query)
+		resp, err = r.handleSRVQuery(query)
+	default:
+		logrus.Debugf("[resolver] query type %s is not supported by the embedded DNS and will be forwarded to external DNS", dns.TypeToString[queryType])
 	}
 
 	if err != nil {
-		logrus.Error(err)
+		logrus.WithError(err).Errorf("[resolver] failed to handle query: %s (%s) from %s", queryName, dns.TypeToString[queryType], extConn.LocalAddr().String())
 		return
 	}
 
@@ -392,7 +407,9 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 		if !r.proxyDNS {
 			resp = new(dns.Msg)
 			resp.SetRcode(query, dns.RcodeServerFailure)
-			w.WriteMsg(resp)
+			if err := w.WriteMsg(resp); err != nil {
+				logrus.WithError(err).Error("[resolver] error writing dns response")
+			}
 			return
 		}
 
@@ -400,11 +417,9 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 		// in the root domain don't forward it out. We will return
 		// failure and let the client retry with the search domain
 		// attached
-		switch query.Question[0].Qtype {
-		case dns.TypeA:
-			fallthrough
-		case dns.TypeAAAA:
-			if r.backend.NdotsSet() && !strings.Contains(strings.TrimSuffix(name, "."), ".") {
+		switch queryType {
+		case dns.TypeA, dns.TypeAAAA:
+			if r.backend.NdotsSet() && !strings.Contains(strings.TrimSuffix(queryName, "."), ".") {
 				resp = createRespMsg(query)
 			}
 		}
@@ -449,15 +464,16 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 				}
 			}
 			if err != nil {
-				logrus.Warnf("[resolver] connect failed: %s", err)
+				logrus.WithField("retries", i).Warnf("[resolver] connect failed: %s", err)
 				continue
 			}
-			queryType := dns.TypeToString[query.Question[0].Qtype]
-			logrus.Debugf("[resolver] query %s (%s) from %s, forwarding to %s:%s", name, queryType,
+			logrus.Debugf("[resolver] query %s (%s) from %s, forwarding to %s:%s", queryName, dns.TypeToString[queryType],
 				extConn.LocalAddr().String(), proto, extDNS.IPStr)
 
 			// Timeout has to be set for every IO operation.
-			extConn.SetDeadline(time.Now().Add(extIOTimeout))
+			if err := extConn.SetDeadline(time.Now().Add(extIOTimeout)); err != nil {
+				logrus.WithError(err).Error("[resolver] error setting conn deadline")
+			}
 			co := &dns.Conn{
 				Conn:    extConn,
 				UDPSize: uint16(maxSize),
@@ -484,26 +500,26 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 			resp, err = co.ReadMsg()
 			// Truncated DNS replies should be sent to the client so that the
 			// client can retry over TCP
-			if err != nil && err != dns.ErrTruncated {
+			if err != nil && (resp == nil || !resp.Truncated) {
 				r.forwardQueryEnd()
-				logrus.Debugf("[resolver] read from DNS server failed, %s", err)
+				logrus.WithError(err).Debugf("[resolver] failed to read from DNS server")
 				continue
 			}
 			r.forwardQueryEnd()
 
 			if resp == nil {
-				logrus.Debugf("[resolver] external DNS %s:%s returned empty response for %q", proto, extDNS.IPStr, name)
+				logrus.Debugf("[resolver] external DNS %s:%s returned empty response for %q", proto, extDNS.IPStr, queryName)
 				break
 			}
 			switch resp.Rcode {
 			case dns.RcodeServerFailure, dns.RcodeRefused:
 				// Server returned FAILURE: continue with the next external DNS server
 				// Server returned REFUSED: this can be a transitional status, so continue with the next external DNS server
-				logrus.Debugf("[resolver] external DNS %s:%s responded with %s for %q", proto, extDNS.IPStr, statusString(resp.Rcode), name)
+				logrus.Debugf("[resolver] external DNS %s:%s responded with %s for %q", proto, extDNS.IPStr, statusString(resp.Rcode), queryName)
 				continue
 			case dns.RcodeNameError:
 				// Server returned NXDOMAIN. Stop resolution if it's an authoritative answer (see RFC 8020: https://tools.ietf.org/html/rfc8020#section-2)
-				logrus.Debugf("[resolver] external DNS %s:%s responded with %s for %q", proto, extDNS.IPStr, statusString(resp.Rcode), name)
+				logrus.Debugf("[resolver] external DNS %s:%s responded with %s for %q", proto, extDNS.IPStr, statusString(resp.Rcode), queryName)
 				if resp.Authoritative {
 					break
 				}
@@ -512,7 +528,7 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 				// All is well
 			default:
 				// Server gave some error. Log the error, and continue with the next external DNS server
-				logrus.Debugf("[resolver] external DNS %s:%s responded with %s (code %d) for %q", proto, extDNS.IPStr, statusString(resp.Rcode), resp.Rcode, name)
+				logrus.Debugf("[resolver] external DNS %s:%s responded with %s (code %d) for %q", proto, extDNS.IPStr, statusString(resp.Rcode), resp.Rcode, queryName)
 				continue
 			}
 			answers := 0
@@ -532,7 +548,7 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 				}
 			}
 			if resp.Answer == nil || answers == 0 {
-				logrus.Debugf("[resolver] external DNS %s:%s did not return any %s records for %q", proto, extDNS.IPStr, queryType, name)
+				logrus.Debugf("[resolver] external DNS %s:%s did not return any %s records for %q", proto, extDNS.IPStr, dns.TypeToString[queryType], queryName)
 			}
 			resp.Compress = true
 			break
@@ -543,7 +559,7 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 	}
 
 	if err = w.WriteMsg(resp); err != nil {
-		logrus.Errorf("[resolver] error writing resolver resp, %s", err)
+		logrus.WithError(err).Errorf("[resolver] failed to write response")
 	}
 }
 
diff --git a/libnetwork/resolver_test.go b/libnetwork/resolver_test.go
new file mode 100644
index 0000000000000..f6911b009f41b
--- /dev/null
+++ b/libnetwork/resolver_test.go
@@ -0,0 +1,283 @@
+package libnetwork
+
+import (
+	"net"
+	"runtime"
+	"syscall"
+	"testing"
+	"time"
+
+	"github.com/miekg/dns"
+	"github.com/sirupsen/logrus"
+	"gotest.tools/v3/skip"
+)
+
+// a simple/null address type that will be used to fake a local address for unit testing
+type tstaddr struct {
+}
+
+func (a *tstaddr) Network() string { return "tcp" }
+
+func (a *tstaddr) String() string { return "127.0.0.1" }
+
+// a simple writer that implements dns.ResponseWriter for unit testing purposes
+type tstwriter struct {
+	msg *dns.Msg
+}
+
+func (w *tstwriter) WriteMsg(m *dns.Msg) (err error) {
+	w.msg = m
+	return nil
+}
+
+func (w *tstwriter) Write(m []byte) (int, error) { return 0, nil }
+
+func (w *tstwriter) LocalAddr() net.Addr { return new(tstaddr) }
+
+func (w *tstwriter) RemoteAddr() net.Addr { return new(tstaddr) }
+
+func (w *tstwriter) TsigStatus() error { return nil }
+
+func (w *tstwriter) TsigTimersOnly(b bool) {}
+
+func (w *tstwriter) Hijack() {}
+
+func (w *tstwriter) Close() error { return nil }
+
+func (w *tstwriter) GetResponse() *dns.Msg { return w.msg }
+
+func (w *tstwriter) ClearResponse() { w.msg = nil }
+
+func checkNonNullResponse(t *testing.T, m *dns.Msg) {
+	if m == nil {
+		t.Fatal("Null DNS response found. Non Null response msg expected.")
+	}
+}
+
+func checkDNSAnswersCount(t *testing.T, m *dns.Msg, expected int) {
+	answers := len(m.Answer)
+	if answers != expected {
+		t.Fatalf("Expected number of answers in response: %d. Found: %d", expected, answers)
+	}
+}
+
+func checkDNSResponseCode(t *testing.T, m *dns.Msg, expected int) {
+	if m.MsgHdr.Rcode != expected {
+		t.Fatalf("Expected DNS response code: %d. Found: %d", expected, m.MsgHdr.Rcode)
+	}
+}
+
+func checkDNSRRType(t *testing.T, actual, expected uint16) {
+	if actual != expected {
+		t.Fatalf("Expected DNS Rrtype: %d. Found: %d", expected, actual)
+	}
+}
+
+func TestDNSIPQuery(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
+	c, err := New()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer c.Stop()
+
+	n, err := c.NewNetwork("bridge", "dtnet1", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	ep, err := n.CreateEndpoint("testep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sb, err := c.NewSandbox("c1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// we need the endpoint only to populate ep_list for the sandbox as part of resolve_name
+	// it is not set as a target for name resolution and does not serve any other purpose
+	err = ep.Join(sb)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// add service records which are used to resolve names. These are the real targets for the DNS querries
+	n.(*network).addSvcRecords("ep1", "name1", "svc1", net.ParseIP("192.168.0.1"), net.IP{}, true, "test")
+
+	w := new(tstwriter)
+	// the unit tests right now will focus on non-proxyed DNS requests
+	r := NewResolver(resolverIPSandbox, false, sb.Key(), sb.(*sandbox))
+
+	// test name1's IP is resolved correctly with the default A type query
+	// Also make sure DNS lookups are case insensitive
+	names := []string{"name1", "NaMe1"}
+	for _, name := range names {
+		q := new(dns.Msg)
+		q.SetQuestion(name, dns.TypeA)
+		r.(*resolver).ServeDNS(w, q)
+		resp := w.GetResponse()
+		checkNonNullResponse(t, resp)
+		t.Log("Response: ", resp.String())
+		checkDNSResponseCode(t, resp, dns.RcodeSuccess)
+		checkDNSAnswersCount(t, resp, 1)
+		checkDNSRRType(t, resp.Answer[0].Header().Rrtype, dns.TypeA)
+		if answer, ok := resp.Answer[0].(*dns.A); ok {
+			if !answer.A.Equal(net.ParseIP("192.168.0.1")) {
+				t.Fatalf("IP response in Answer %v does not match 192.168.0.1", answer.A)
+			}
+		} else {
+			t.Fatal("Answer of type A not found")
+		}
+		w.ClearResponse()
+	}
+
+	// test MX query with name1 results in Success response with 0 answer records
+	q := new(dns.Msg)
+	q.SetQuestion("name1", dns.TypeMX)
+	r.(*resolver).ServeDNS(w, q)
+	resp := w.GetResponse()
+	checkNonNullResponse(t, resp)
+	t.Log("Response: ", resp.String())
+	checkDNSResponseCode(t, resp, dns.RcodeSuccess)
+	checkDNSAnswersCount(t, resp, 0)
+	w.ClearResponse()
+
+	// test MX query with non existent name results in ServFail response with 0 answer records
+	// since this is a unit test env, we disable proxying DNS above which results in ServFail rather than NXDOMAIN
+	q = new(dns.Msg)
+	q.SetQuestion("nonexistent", dns.TypeMX)
+	r.(*resolver).ServeDNS(w, q)
+	resp = w.GetResponse()
+	checkNonNullResponse(t, resp)
+	t.Log("Response: ", resp.String())
+	checkDNSResponseCode(t, resp, dns.RcodeServerFailure)
+	w.ClearResponse()
+
+}
+
+func newDNSHandlerServFailOnce(requests *int) func(w dns.ResponseWriter, r *dns.Msg) {
+	return func(w dns.ResponseWriter, r *dns.Msg) {
+		m := new(dns.Msg)
+		m.SetReply(r)
+		m.Compress = false
+		if *requests == 0 {
+			m.SetRcode(r, dns.RcodeServerFailure)
+		}
+		*requests = *requests + 1
+		if err := w.WriteMsg(m); err != nil {
+			logrus.WithError(err).Error("Error writing dns response")
+		}
+	}
+}
+
+func waitForLocalDNSServer(t *testing.T) {
+	retries := 0
+	maxRetries := 10
+
+	for retries < maxRetries {
+		t.Log("Try connecting to DNS server ...")
+		// this test and retry mechanism only works for TCP. With UDP there is no
+		// connection and the test becomes inaccurate leading to unpredictable results
+		tconn, err := net.DialTimeout("tcp", "127.0.0.1:53", 10*time.Second)
+		retries = retries + 1
+		if err != nil {
+			if oerr, ok := err.(*net.OpError); ok {
+				// server is probably initializing
+				if oerr.Err == syscall.ECONNREFUSED {
+					continue
+				}
+			} else {
+				// something is wrong: we should stop for analysis
+				t.Fatal(err)
+			}
+		}
+		if tconn != nil {
+			tconn.Close()
+			break
+		}
+	}
+}
+
+func TestDNSProxyServFail(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
+	c, err := New()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer c.Stop()
+
+	n, err := c.NewNetwork("bridge", "dtnet2", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := n.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	sb, err := c.NewSandbox("c1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if err := sb.Delete(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	var nRequests int
+	// initialize a local DNS server and configure it to fail the first query
+	dns.HandleFunc(".", newDNSHandlerServFailOnce(&nRequests))
+	// use TCP for predictable results. Connection tests (to figure out DNS server initialization) don't work with UDP
+	server := &dns.Server{Addr: "127.0.0.1:53", Net: "tcp"}
+	srvErrCh := make(chan error, 1)
+	go func() {
+		srvErrCh <- server.ListenAndServe()
+	}()
+	defer func() {
+		server.Shutdown() // nolint:errcheck
+		if err := <-srvErrCh; err != nil {
+			t.Error(err)
+		}
+	}()
+
+	waitForLocalDNSServer(t)
+	t.Log("DNS Server can be reached")
+
+	w := new(tstwriter)
+	r := NewResolver(resolverIPSandbox, true, sb.Key(), sb.(*sandbox))
+	q := new(dns.Msg)
+	q.SetQuestion("name1.", dns.TypeA)
+
+	var localDNSEntries []extDNSEntry
+	extTestDNSEntry := extDNSEntry{IPStr: "127.0.0.1", HostLoopback: true}
+
+	// configure two external DNS entries and point both to local DNS server thread
+	localDNSEntries = append(localDNSEntries, extTestDNSEntry)
+	localDNSEntries = append(localDNSEntries, extTestDNSEntry)
+
+	// this should generate two requests: the first will fail leading to a retry
+	r.(*resolver).SetExtServers(localDNSEntries)
+	r.(*resolver).ServeDNS(w, q)
+	if nRequests != 2 {
+		t.Fatalf("Expected 2 DNS querries. Found: %d", nRequests)
+	}
+	t.Logf("Expected number of DNS requests generated")
+}
diff --git a/libnetwork/resolver_unix.go b/libnetwork/resolver_unix.go
new file mode 100644
index 0000000000000..ff00f3af6bb87
--- /dev/null
+++ b/libnetwork/resolver_unix.go
@@ -0,0 +1,105 @@
+//go:build !windows
+// +build !windows
+
+package libnetwork
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"os/exec"
+	"runtime"
+
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/sirupsen/logrus"
+	"github.com/vishvananda/netns"
+)
+
+func init() {
+	reexec.Register("setup-resolver", reexecSetupResolver)
+}
+
+const (
+	// outputChain used for docker embed dns
+	outputChain = "DOCKER_OUTPUT"
+	//postroutingchain used for docker embed dns
+	postroutingchain = "DOCKER_POSTROUTING"
+)
+
+func reexecSetupResolver() {
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	if len(os.Args) < 4 {
+		logrus.Error("invalid number of arguments..")
+		os.Exit(1)
+	}
+
+	resolverIP, ipPort, _ := net.SplitHostPort(os.Args[2])
+	_, tcpPort, _ := net.SplitHostPort(os.Args[3])
+	rules := [][]string{
+		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", os.Args[2]},
+		{"-t", "nat", "-I", postroutingchain, "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
+		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", os.Args[3]},
+		{"-t", "nat", "-I", postroutingchain, "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
+	}
+
+	f, err := os.OpenFile(os.Args[1], os.O_RDONLY, 0)
+	if err != nil {
+		logrus.Errorf("failed get network namespace %q: %v", os.Args[1], err)
+		os.Exit(2)
+	}
+	defer f.Close() //nolint:gosec
+
+	nsFD := f.Fd()
+	if err = netns.Set(netns.NsHandle(nsFD)); err != nil {
+		logrus.Errorf("setting into container net ns %v failed, %v", os.Args[1], err)
+		os.Exit(3)
+	}
+
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+
+	// insert outputChain and postroutingchain
+	err = iptable.RawCombinedOutputNative("-t", "nat", "-C", "OUTPUT", "-d", resolverIP, "-j", outputChain)
+	if err == nil {
+		iptable.RawCombinedOutputNative("-t", "nat", "-F", outputChain)
+	} else {
+		iptable.RawCombinedOutputNative("-t", "nat", "-N", outputChain)
+		iptable.RawCombinedOutputNative("-t", "nat", "-I", "OUTPUT", "-d", resolverIP, "-j", outputChain)
+	}
+
+	err = iptable.RawCombinedOutputNative("-t", "nat", "-C", "POSTROUTING", "-d", resolverIP, "-j", postroutingchain)
+	if err == nil {
+		iptable.RawCombinedOutputNative("-t", "nat", "-F", postroutingchain)
+	} else {
+		iptable.RawCombinedOutputNative("-t", "nat", "-N", postroutingchain)
+		iptable.RawCombinedOutputNative("-t", "nat", "-I", "POSTROUTING", "-d", resolverIP, "-j", postroutingchain)
+	}
+
+	for _, rule := range rules {
+		if iptable.RawCombinedOutputNative(rule...) != nil {
+			logrus.Errorf("set up rule failed, %v", rule)
+		}
+	}
+}
+
+func (r *resolver) setupIPTable() error {
+	if r.err != nil {
+		return r.err
+	}
+	laddr := r.conn.LocalAddr().String()
+	ltcpaddr := r.tcpListen.Addr().String()
+
+	cmd := &exec.Cmd{
+		Path:   reexec.Self(),
+		Args:   append([]string{"setup-resolver"}, r.resolverKey, laddr, ltcpaddr),
+		Stdout: os.Stdout,
+		Stderr: os.Stderr,
+	}
+	if err := cmd.Run(); err != nil {
+		return fmt.Errorf("reexec failed: %v", err)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/libnetwork/resolver_windows.go b/libnetwork/resolver_windows.go
similarity index 83%
rename from vendor/github.com/docker/libnetwork/resolver_windows.go
rename to libnetwork/resolver_windows.go
index aa33b1a2ec75f..3d422fcd06ff3 100644
--- a/vendor/github.com/docker/libnetwork/resolver_windows.go
+++ b/libnetwork/resolver_windows.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package libnetwork
diff --git a/libnetwork/sandbox.go b/libnetwork/sandbox.go
new file mode 100644
index 0000000000000..31de696c25ed3
--- /dev/null
+++ b/libnetwork/sandbox.go
@@ -0,0 +1,1265 @@
+package libnetwork
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/libnetwork/etchosts"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/sirupsen/logrus"
+)
+
+// Sandbox provides the control over the network container entity. It is a one to one mapping with the container.
+type Sandbox interface {
+	// ID returns the ID of the sandbox
+	ID() string
+	// Key returns the sandbox's key
+	Key() string
+	// ContainerID returns the container id associated to this sandbox
+	ContainerID() string
+	// Labels returns the sandbox's labels
+	Labels() map[string]interface{}
+	// Statistics retrieves the interfaces' statistics for the sandbox
+	Statistics() (map[string]*types.InterfaceStatistics, error)
+	// Refresh leaves all the endpoints, resets and re-applies the options,
+	// re-joins all the endpoints without destroying the osl sandbox
+	Refresh(options ...SandboxOption) error
+	// SetKey updates the Sandbox Key
+	SetKey(key string) error
+	// Rename changes the name of all attached Endpoints
+	Rename(name string) error
+	// Delete destroys this container after detaching it from all connected endpoints.
+	Delete() error
+	// Endpoints returns all the endpoints connected to the sandbox
+	Endpoints() []Endpoint
+	// ResolveService returns all the backend details about the containers or hosts
+	// backing a service. Its purpose is to satisfy an SRV query
+	ResolveService(name string) ([]*net.SRV, []net.IP)
+	// EnableService  makes a managed container's service available by adding the
+	// endpoint to the service load balancer and service discovery
+	EnableService() error
+	// DisableService removes a managed container's endpoints from the load balancer
+	// and service discovery
+	DisableService() error
+}
+
+// SandboxOption is an option setter function type used to pass various options to
+// NewNetContainer method. The various setter functions of type SandboxOption are
+// provided by libnetwork, they look like ContainerOptionXXXX(...)
+type SandboxOption func(sb *sandbox)
+
+func (sb *sandbox) processOptions(options ...SandboxOption) {
+	for _, opt := range options {
+		if opt != nil {
+			opt(sb)
+		}
+	}
+}
+
+type sandbox struct {
+	id                 string
+	containerID        string
+	config             containerConfig
+	extDNS             []extDNSEntry
+	osSbox             osl.Sandbox
+	controller         *controller
+	resolver           Resolver
+	resolverOnce       sync.Once
+	endpoints          []*endpoint
+	epPriority         map[string]int
+	populatedEndpoints map[string]struct{}
+	joinLeaveDone      chan struct{}
+	dbIndex            uint64
+	dbExists           bool
+	isStub             bool
+	inDelete           bool
+	ingress            bool
+	ndotsSet           bool
+	oslTypes           []osl.SandboxType // slice of properties of this sandbox
+	loadBalancerNID    string            // NID that this SB is a load balancer for
+	sync.Mutex
+	// This mutex is used to serialize service related operation for an endpoint
+	// The lock is here because the endpoint is saved into the store so is not unique
+	Service sync.Mutex
+}
+
+// These are the container configs used to customize container /etc/hosts file.
+type hostsPathConfig struct {
+	// Note(cpuguy83): The linter is drunk and says none of these fields are used while they are
+	hostName        string         // nolint:structcheck
+	domainName      string         // nolint:structcheck
+	hostsPath       string         // nolint:structcheck
+	originHostsPath string         // nolint:structcheck
+	extraHosts      []extraHost    // nolint:structcheck
+	parentUpdates   []parentUpdate // nolint:structcheck
+}
+
+type parentUpdate struct {
+	cid  string
+	name string
+	ip   string
+}
+
+type extraHost struct {
+	name string
+	IP   string
+}
+
+// These are the container configs used to customize container /etc/resolv.conf file.
+type resolvConfPathConfig struct {
+	// Note(cpuguy83): The linter is drunk and says none of these fields are used while they are
+	resolvConfPath       string   // nolint:structcheck
+	originResolvConfPath string   // nolint:structcheck
+	resolvConfHashFile   string   // nolint:structcheck
+	dnsList              []string // nolint:structcheck
+	dnsSearchList        []string // nolint:structcheck
+	dnsOptionsList       []string // nolint:structcheck
+}
+
+type containerConfig struct {
+	hostsPathConfig
+	resolvConfPathConfig
+	generic           map[string]interface{}
+	useDefaultSandBox bool
+	useExternalKey    bool
+	exposedPorts      []types.TransportPort
+}
+
+const (
+	resolverIPSandbox = "127.0.0.11"
+)
+
+func (sb *sandbox) ID() string {
+	return sb.id
+}
+
+func (sb *sandbox) ContainerID() string {
+	return sb.containerID
+}
+
+func (sb *sandbox) Key() string {
+	if sb.config.useDefaultSandBox {
+		return osl.GenerateKey("default")
+	}
+	return osl.GenerateKey(sb.id)
+}
+
+func (sb *sandbox) Labels() map[string]interface{} {
+	sb.Lock()
+	defer sb.Unlock()
+	opts := make(map[string]interface{}, len(sb.config.generic))
+	for k, v := range sb.config.generic {
+		opts[k] = v
+	}
+	return opts
+}
+
+func (sb *sandbox) Statistics() (map[string]*types.InterfaceStatistics, error) {
+	m := make(map[string]*types.InterfaceStatistics)
+
+	sb.Lock()
+	osb := sb.osSbox
+	sb.Unlock()
+	if osb == nil {
+		return m, nil
+	}
+
+	var err error
+	for _, i := range osb.Info().Interfaces() {
+		if m[i.DstName()], err = i.Statistics(); err != nil {
+			return m, err
+		}
+	}
+
+	return m, nil
+}
+
+func (sb *sandbox) Delete() error {
+	return sb.delete(false)
+}
+
+func (sb *sandbox) delete(force bool) error {
+	sb.Lock()
+	if sb.inDelete {
+		sb.Unlock()
+		return types.ForbiddenErrorf("another sandbox delete in progress")
+	}
+	// Set the inDelete flag. This will ensure that we don't
+	// update the store until we have completed all the endpoint
+	// leaves and deletes. And when endpoint leaves and deletes
+	// are completed then we can finally delete the sandbox object
+	// altogether from the data store. If the daemon exits
+	// ungracefully in the middle of a sandbox delete this way we
+	// will have all the references to the endpoints in the
+	// sandbox so that we can clean them up when we restart
+	sb.inDelete = true
+	sb.Unlock()
+
+	c := sb.controller
+
+	// Detach from all endpoints
+	retain := false
+	for _, ep := range sb.getConnectedEndpoints() {
+		// gw network endpoint detach and removal are automatic
+		if ep.endpointInGWNetwork() && !force {
+			continue
+		}
+		// Retain the sanbdox if we can't obtain the network from store.
+		if _, err := c.getNetworkFromStore(ep.getNetwork().ID()); err != nil {
+			if c.isDistributedControl() {
+				retain = true
+			}
+			logrus.Warnf("Failed getting network for ep %s during sandbox %s delete: %v", ep.ID(), sb.ID(), err)
+			continue
+		}
+
+		if !force {
+			if err := ep.Leave(sb); err != nil {
+				logrus.Warnf("Failed detaching sandbox %s from endpoint %s: %v\n", sb.ID(), ep.ID(), err)
+			}
+		}
+
+		if err := ep.Delete(force); err != nil {
+			logrus.Warnf("Failed deleting endpoint %s: %v\n", ep.ID(), err)
+		}
+	}
+
+	if retain {
+		sb.Lock()
+		sb.inDelete = false
+		sb.Unlock()
+		return fmt.Errorf("could not cleanup all the endpoints in container %s / sandbox %s", sb.containerID, sb.id)
+	}
+	// Container is going away. Path cache in etchosts is most
+	// likely not required any more. Drop it.
+	etchosts.Drop(sb.config.hostsPath)
+
+	if sb.resolver != nil {
+		sb.resolver.Stop()
+	}
+
+	if sb.osSbox != nil && !sb.config.useDefaultSandBox {
+		if err := sb.osSbox.Destroy(); err != nil {
+			logrus.WithError(err).Warn("error destroying network sandbox")
+		}
+	}
+
+	if err := sb.storeDelete(); err != nil {
+		logrus.Warnf("Failed to delete sandbox %s from store: %v", sb.ID(), err)
+	}
+
+	c.Lock()
+	if sb.ingress {
+		c.ingressSandbox = nil
+	}
+	delete(c.sandboxes, sb.ID())
+	c.Unlock()
+
+	return nil
+}
+
+func (sb *sandbox) Rename(name string) error {
+	var err error
+
+	for _, ep := range sb.getConnectedEndpoints() {
+		if ep.endpointInGWNetwork() {
+			continue
+		}
+
+		oldName := ep.Name()
+		lEp := ep
+		if err = ep.rename(name); err != nil {
+			break
+		}
+
+		defer func() {
+			if err != nil {
+				if err2 := lEp.rename(oldName); err2 != nil {
+					logrus.WithField("old", oldName).WithField("origError", err).WithError(err2).Error("error renaming sandbox")
+				}
+			}
+		}()
+	}
+
+	return err
+}
+
+func (sb *sandbox) Refresh(options ...SandboxOption) error {
+	// Store connected endpoints
+	epList := sb.getConnectedEndpoints()
+
+	// Detach from all endpoints
+	for _, ep := range epList {
+		if err := ep.Leave(sb); err != nil {
+			logrus.Warnf("Failed detaching sandbox %s from endpoint %s: %v\n", sb.ID(), ep.ID(), err)
+		}
+	}
+
+	// Re-apply options
+	sb.config = containerConfig{}
+	sb.processOptions(options...)
+
+	// Setup discovery files
+	if err := sb.setupResolutionFiles(); err != nil {
+		return err
+	}
+
+	// Re-connect to all endpoints
+	for _, ep := range epList {
+		if err := ep.Join(sb); err != nil {
+			logrus.Warnf("Failed attach sandbox %s to endpoint %s: %v\n", sb.ID(), ep.ID(), err)
+		}
+	}
+
+	return nil
+}
+
+func (sb *sandbox) MarshalJSON() ([]byte, error) {
+	sb.Lock()
+	defer sb.Unlock()
+
+	// We are just interested in the container ID. This can be expanded to include all of containerInfo if there is a need
+	return json.Marshal(sb.id)
+}
+
+func (sb *sandbox) UnmarshalJSON(b []byte) (err error) {
+	sb.Lock()
+	defer sb.Unlock()
+
+	var id string
+	if err := json.Unmarshal(b, &id); err != nil {
+		return err
+	}
+	sb.id = id
+	return nil
+}
+
+func (sb *sandbox) Endpoints() []Endpoint {
+	sb.Lock()
+	defer sb.Unlock()
+
+	endpoints := make([]Endpoint, len(sb.endpoints))
+	for i, ep := range sb.endpoints {
+		endpoints[i] = ep
+	}
+	return endpoints
+}
+
+func (sb *sandbox) getConnectedEndpoints() []*endpoint {
+	sb.Lock()
+	defer sb.Unlock()
+
+	eps := make([]*endpoint, len(sb.endpoints))
+	copy(eps, sb.endpoints)
+
+	return eps
+}
+
+func (sb *sandbox) addEndpoint(ep *endpoint) {
+	sb.Lock()
+	defer sb.Unlock()
+
+	l := len(sb.endpoints)
+	i := sort.Search(l, func(j int) bool {
+		return ep.Less(sb.endpoints[j])
+	})
+
+	sb.endpoints = append(sb.endpoints, nil)
+	copy(sb.endpoints[i+1:], sb.endpoints[i:])
+	sb.endpoints[i] = ep
+}
+
+func (sb *sandbox) removeEndpoint(ep *endpoint) {
+	sb.Lock()
+	defer sb.Unlock()
+
+	sb.removeEndpointRaw(ep)
+}
+
+func (sb *sandbox) removeEndpointRaw(ep *endpoint) {
+	for i, e := range sb.endpoints {
+		if e == ep {
+			sb.endpoints = append(sb.endpoints[:i], sb.endpoints[i+1:]...)
+			return
+		}
+	}
+}
+
+func (sb *sandbox) getEndpoint(id string) *endpoint {
+	sb.Lock()
+	defer sb.Unlock()
+
+	for _, ep := range sb.endpoints {
+		if ep.id == id {
+			return ep
+		}
+	}
+
+	return nil
+}
+
+func (sb *sandbox) updateGateway(ep *endpoint) error {
+	sb.Lock()
+	osSbox := sb.osSbox
+	sb.Unlock()
+	if osSbox == nil {
+		return nil
+	}
+	osSbox.UnsetGateway()     // nolint:errcheck
+	osSbox.UnsetGatewayIPv6() // nolint:errcheck
+
+	if ep == nil {
+		return nil
+	}
+
+	ep.Lock()
+	joinInfo := ep.joinInfo
+	ep.Unlock()
+
+	if err := osSbox.SetGateway(joinInfo.gw); err != nil {
+		return fmt.Errorf("failed to set gateway while updating gateway: %v", err)
+	}
+
+	if err := osSbox.SetGatewayIPv6(joinInfo.gw6); err != nil {
+		return fmt.Errorf("failed to set IPv6 gateway while updating gateway: %v", err)
+	}
+
+	return nil
+}
+
+func (sb *sandbox) HandleQueryResp(name string, ip net.IP) {
+	for _, ep := range sb.getConnectedEndpoints() {
+		n := ep.getNetwork()
+		n.HandleQueryResp(name, ip)
+	}
+}
+
+func (sb *sandbox) ResolveIP(ip string) string {
+	var svc string
+	logrus.Debugf("IP To resolve %v", ip)
+
+	for _, ep := range sb.getConnectedEndpoints() {
+		n := ep.getNetwork()
+		svc = n.ResolveIP(ip)
+		if len(svc) != 0 {
+			return svc
+		}
+	}
+
+	return svc
+}
+
+func (sb *sandbox) ExecFunc(f func()) error {
+	sb.Lock()
+	osSbox := sb.osSbox
+	sb.Unlock()
+	if osSbox != nil {
+		return osSbox.InvokeFunc(f)
+	}
+	return fmt.Errorf("osl sandbox unavailable in ExecFunc for %v", sb.ContainerID())
+}
+
+func (sb *sandbox) ResolveService(name string) ([]*net.SRV, []net.IP) {
+	srv := []*net.SRV{}
+	ip := []net.IP{}
+
+	logrus.Debugf("Service name To resolve: %v", name)
+
+	// There are DNS implementations that allow SRV queries for names not in
+	// the format defined by RFC 2782. Hence specific validations checks are
+	// not done
+	parts := strings.Split(name, ".")
+	if len(parts) < 3 {
+		return nil, nil
+	}
+
+	for _, ep := range sb.getConnectedEndpoints() {
+		n := ep.getNetwork()
+
+		srv, ip = n.ResolveService(name)
+		if len(srv) > 0 {
+			break
+		}
+	}
+	return srv, ip
+}
+
+func getDynamicNwEndpoints(epList []*endpoint) []*endpoint {
+	eps := []*endpoint{}
+	for _, ep := range epList {
+		n := ep.getNetwork()
+		if n.dynamic && !n.ingress {
+			eps = append(eps, ep)
+		}
+	}
+	return eps
+}
+
+func getIngressNwEndpoint(epList []*endpoint) *endpoint {
+	for _, ep := range epList {
+		n := ep.getNetwork()
+		if n.ingress {
+			return ep
+		}
+	}
+	return nil
+}
+
+func getLocalNwEndpoints(epList []*endpoint) []*endpoint {
+	eps := []*endpoint{}
+	for _, ep := range epList {
+		n := ep.getNetwork()
+		if !n.dynamic && !n.ingress {
+			eps = append(eps, ep)
+		}
+	}
+	return eps
+}
+
+func (sb *sandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
+	// Embedded server owns the docker network domain. Resolution should work
+	// for both container_name and container_name.network_name
+	// We allow '.' in service name and network name. For a name a.b.c.d the
+	// following have to tried;
+	// {a.b.c.d in the networks container is connected to}
+	// {a.b.c in network d},
+	// {a.b in network c.d},
+	// {a in network b.c.d},
+
+	logrus.Debugf("Name To resolve: %v", name)
+	name = strings.TrimSuffix(name, ".")
+	reqName := []string{name}
+	networkName := []string{""}
+
+	if strings.Contains(name, ".") {
+		var i int
+		dup := name
+		for {
+			if i = strings.LastIndex(dup, "."); i == -1 {
+				break
+			}
+			networkName = append(networkName, name[i+1:])
+			reqName = append(reqName, name[:i])
+
+			dup = dup[:i]
+		}
+	}
+
+	epList := sb.getConnectedEndpoints()
+
+	// In swarm mode services with exposed ports are connected to user overlay
+	// network, ingress network and docker_gwbridge network. Name resolution
+	// should prioritize returning the VIP/IPs on user overlay network.
+	newList := []*endpoint{}
+	if !sb.controller.isDistributedControl() {
+		newList = append(newList, getDynamicNwEndpoints(epList)...)
+		ingressEP := getIngressNwEndpoint(epList)
+		if ingressEP != nil {
+			newList = append(newList, ingressEP)
+		}
+		newList = append(newList, getLocalNwEndpoints(epList)...)
+		epList = newList
+	}
+
+	for i := 0; i < len(reqName); i++ {
+
+		// First check for local container alias
+		ip, ipv6Miss := sb.resolveName(reqName[i], networkName[i], epList, true, ipType)
+		if ip != nil {
+			return ip, false
+		}
+		if ipv6Miss {
+			return ip, ipv6Miss
+		}
+
+		// Resolve the actual container name
+		ip, ipv6Miss = sb.resolveName(reqName[i], networkName[i], epList, false, ipType)
+		if ip != nil {
+			return ip, false
+		}
+		if ipv6Miss {
+			return ip, ipv6Miss
+		}
+	}
+	return nil, false
+}
+
+func (sb *sandbox) resolveName(req string, networkName string, epList []*endpoint, alias bool, ipType int) ([]net.IP, bool) {
+	var ipv6Miss bool
+
+	for _, ep := range epList {
+		name := req
+		n := ep.getNetwork()
+
+		if networkName != "" && networkName != n.Name() {
+			continue
+		}
+
+		if alias {
+			if ep.aliases == nil {
+				continue
+			}
+
+			var ok bool
+			ep.Lock()
+			name, ok = ep.aliases[req]
+			ep.Unlock()
+			if !ok {
+				continue
+			}
+		} else {
+			// If it is a regular lookup and if the requested name is an alias
+			// don't perform a svc lookup for this endpoint.
+			ep.Lock()
+			if _, ok := ep.aliases[req]; ok {
+				ep.Unlock()
+				continue
+			}
+			ep.Unlock()
+		}
+
+		ip, miss := n.ResolveName(name, ipType)
+
+		if ip != nil {
+			return ip, false
+		}
+
+		if miss {
+			ipv6Miss = miss
+		}
+	}
+	return nil, ipv6Miss
+}
+
+func (sb *sandbox) SetKey(basePath string) error {
+	start := time.Now()
+	defer func() {
+		logrus.Debugf("sandbox set key processing took %s for container %s", time.Since(start), sb.ContainerID())
+	}()
+
+	if basePath == "" {
+		return types.BadRequestErrorf("invalid sandbox key")
+	}
+
+	sb.Lock()
+	if sb.inDelete {
+		sb.Unlock()
+		return types.ForbiddenErrorf("failed to SetKey: sandbox %q delete in progress", sb.id)
+	}
+	oldosSbox := sb.osSbox
+	sb.Unlock()
+
+	if oldosSbox != nil {
+		// If we already have an OS sandbox, release the network resources from that
+		// and destroy the OS snab. We are moving into a new home further down. Note that none
+		// of the network resources gets destroyed during the move.
+		sb.releaseOSSbox()
+	}
+
+	osSbox, err := osl.GetSandboxForExternalKey(basePath, sb.Key())
+	if err != nil {
+		return err
+	}
+
+	sb.Lock()
+	sb.osSbox = osSbox
+	sb.Unlock()
+
+	// If the resolver was setup before stop it and set it up in the
+	// new osl sandbox.
+	if oldosSbox != nil && sb.resolver != nil {
+		sb.resolver.Stop()
+
+		if err := sb.osSbox.InvokeFunc(sb.resolver.SetupFunc(0)); err == nil {
+			if err := sb.resolver.Start(); err != nil {
+				logrus.Errorf("Resolver Start failed for container %s, %q", sb.ContainerID(), err)
+			}
+		} else {
+			logrus.Errorf("Resolver Setup Function failed for container %s, %q", sb.ContainerID(), err)
+		}
+	}
+
+	for _, ep := range sb.getConnectedEndpoints() {
+		if err = sb.populateNetworkResources(ep); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (sb *sandbox) EnableService() (err error) {
+	logrus.Debugf("EnableService %s START", sb.containerID)
+	defer func() {
+		if err != nil {
+			if err2 := sb.DisableService(); err2 != nil {
+				logrus.WithError(err2).WithField("origError", err).Error("Error while disabling service after original error")
+			}
+		}
+	}()
+	for _, ep := range sb.getConnectedEndpoints() {
+		if !ep.isServiceEnabled() {
+			if err := ep.addServiceInfoToCluster(sb); err != nil {
+				return fmt.Errorf("could not update state for endpoint %s into cluster: %v", ep.Name(), err)
+			}
+			ep.enableService()
+		}
+	}
+	logrus.Debugf("EnableService %s DONE", sb.containerID)
+	return nil
+}
+
+func (sb *sandbox) DisableService() (err error) {
+	logrus.Debugf("DisableService %s START", sb.containerID)
+	failedEps := []string{}
+	defer func() {
+		if len(failedEps) > 0 {
+			err = fmt.Errorf("failed to disable service on sandbox:%s, for endpoints %s", sb.ID(), strings.Join(failedEps, ","))
+		}
+	}()
+	for _, ep := range sb.getConnectedEndpoints() {
+		if ep.isServiceEnabled() {
+			if err := ep.deleteServiceInfoFromCluster(sb, false, "DisableService"); err != nil {
+				failedEps = append(failedEps, ep.Name())
+				logrus.Warnf("failed update state for endpoint %s into cluster: %v", ep.Name(), err)
+			}
+			ep.disableService()
+		}
+	}
+	logrus.Debugf("DisableService %s DONE", sb.containerID)
+	return nil
+}
+
+func releaseOSSboxResources(osSbox osl.Sandbox, ep *endpoint) {
+	for _, i := range osSbox.Info().Interfaces() {
+		// Only remove the interfaces owned by this endpoint from the sandbox.
+		if ep.hasInterface(i.SrcName()) {
+			if err := i.Remove(); err != nil {
+				logrus.Debugf("Remove interface %s failed: %v", i.SrcName(), err)
+			}
+		}
+	}
+
+	ep.Lock()
+	joinInfo := ep.joinInfo
+	vip := ep.virtualIP
+	lbModeIsDSR := ep.network.loadBalancerMode == loadBalancerModeDSR
+	ep.Unlock()
+
+	if len(vip) > 0 && lbModeIsDSR {
+		ipNet := &net.IPNet{IP: vip, Mask: net.CIDRMask(32, 32)}
+		if err := osSbox.RemoveAliasIP(osSbox.GetLoopbackIfaceName(), ipNet); err != nil {
+			logrus.WithError(err).Debugf("failed to remove virtual ip %v to loopback", ipNet)
+		}
+	}
+
+	if joinInfo == nil {
+		return
+	}
+
+	// Remove non-interface routes.
+	for _, r := range joinInfo.StaticRoutes {
+		if err := osSbox.RemoveStaticRoute(r); err != nil {
+			logrus.Debugf("Remove route failed: %v", err)
+		}
+	}
+}
+
+func (sb *sandbox) releaseOSSbox() {
+	sb.Lock()
+	osSbox := sb.osSbox
+	sb.osSbox = nil
+	sb.Unlock()
+
+	if osSbox == nil {
+		return
+	}
+
+	for _, ep := range sb.getConnectedEndpoints() {
+		releaseOSSboxResources(osSbox, ep)
+	}
+
+	if err := osSbox.Destroy(); err != nil {
+		logrus.WithError(err).Error("Error destroying os sandbox")
+	}
+}
+
+func (sb *sandbox) restoreOslSandbox() error {
+	var routes []*types.StaticRoute
+
+	// restore osl sandbox
+	Ifaces := make(map[string][]osl.IfaceOption)
+	for _, ep := range sb.endpoints {
+		var ifaceOptions []osl.IfaceOption
+		ep.Lock()
+		joinInfo := ep.joinInfo
+		i := ep.iface
+		ep.Unlock()
+
+		if i == nil {
+			logrus.Errorf("error restoring endpoint %s for container %s", ep.Name(), sb.ContainerID())
+			continue
+		}
+
+		ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().Address(i.addr), sb.osSbox.InterfaceOptions().Routes(i.routes))
+		if i.addrv6 != nil && i.addrv6.IP.To16() != nil {
+			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().AddressIPv6(i.addrv6))
+		}
+		if i.mac != nil {
+			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().MacAddress(i.mac))
+		}
+		if len(i.llAddrs) != 0 {
+			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().LinkLocalAddresses(i.llAddrs))
+		}
+		Ifaces[fmt.Sprintf("%s+%s", i.srcName, i.dstPrefix)] = ifaceOptions
+		if joinInfo != nil {
+			routes = append(routes, joinInfo.StaticRoutes...)
+		}
+		if ep.needResolver() {
+			sb.startResolver(true)
+		}
+	}
+
+	gwep := sb.getGatewayEndpoint()
+	if gwep == nil {
+		return nil
+	}
+
+	// restore osl sandbox
+	err := sb.osSbox.Restore(Ifaces, routes, gwep.joinInfo.gw, gwep.joinInfo.gw6)
+	return err
+}
+
+func (sb *sandbox) populateNetworkResources(ep *endpoint) error {
+	sb.Lock()
+	if sb.osSbox == nil {
+		sb.Unlock()
+		return nil
+	}
+	inDelete := sb.inDelete
+	sb.Unlock()
+
+	ep.Lock()
+	joinInfo := ep.joinInfo
+	i := ep.iface
+	lbModeIsDSR := ep.network.loadBalancerMode == loadBalancerModeDSR
+	ep.Unlock()
+
+	if ep.needResolver() {
+		sb.startResolver(false)
+	}
+
+	if i != nil && i.srcName != "" {
+		var ifaceOptions []osl.IfaceOption
+
+		ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().Address(i.addr), sb.osSbox.InterfaceOptions().Routes(i.routes))
+		if i.addrv6 != nil && i.addrv6.IP.To16() != nil {
+			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().AddressIPv6(i.addrv6))
+		}
+		if len(i.llAddrs) != 0 {
+			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().LinkLocalAddresses(i.llAddrs))
+		}
+		if i.mac != nil {
+			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().MacAddress(i.mac))
+		}
+
+		if err := sb.osSbox.AddInterface(i.srcName, i.dstPrefix, ifaceOptions...); err != nil {
+			return fmt.Errorf("failed to add interface %s to sandbox: %v", i.srcName, err)
+		}
+
+		if len(ep.virtualIP) > 0 && lbModeIsDSR {
+			if sb.loadBalancerNID == "" {
+				if err := sb.osSbox.DisableARPForVIP(i.srcName); err != nil {
+					return fmt.Errorf("failed disable ARP for VIP: %v", err)
+				}
+			}
+			ipNet := &net.IPNet{IP: ep.virtualIP, Mask: net.CIDRMask(32, 32)}
+			if err := sb.osSbox.AddAliasIP(sb.osSbox.GetLoopbackIfaceName(), ipNet); err != nil {
+				return fmt.Errorf("failed to add virtual ip %v to loopback: %v", ipNet, err)
+			}
+		}
+	}
+
+	if joinInfo != nil {
+		// Set up non-interface routes.
+		for _, r := range joinInfo.StaticRoutes {
+			if err := sb.osSbox.AddStaticRoute(r); err != nil {
+				return fmt.Errorf("failed to add static route %s: %v", r.Destination.String(), err)
+			}
+		}
+	}
+
+	if ep == sb.getGatewayEndpoint() {
+		if err := sb.updateGateway(ep); err != nil {
+			return err
+		}
+	}
+
+	// Make sure to add the endpoint to the populated endpoint set
+	// before populating loadbalancers.
+	sb.Lock()
+	sb.populatedEndpoints[ep.ID()] = struct{}{}
+	sb.Unlock()
+
+	// Populate load balancer only after updating all the other
+	// information including gateway and other routes so that
+	// loadbalancers are populated all the network state is in
+	// place in the sandbox.
+	sb.populateLoadBalancers(ep)
+
+	// Only update the store if we did not come here as part of
+	// sandbox delete. If we came here as part of delete then do
+	// not bother updating the store. The sandbox object will be
+	// deleted anyway
+	if !inDelete {
+		return sb.storeUpdate()
+	}
+
+	return nil
+}
+
+func (sb *sandbox) clearNetworkResources(origEp *endpoint) error {
+	ep := sb.getEndpoint(origEp.id)
+	if ep == nil {
+		return fmt.Errorf("could not find the sandbox endpoint data for endpoint %s",
+			origEp.id)
+	}
+
+	sb.Lock()
+	osSbox := sb.osSbox
+	inDelete := sb.inDelete
+	sb.Unlock()
+	if osSbox != nil {
+		releaseOSSboxResources(osSbox, ep)
+	}
+
+	sb.Lock()
+	delete(sb.populatedEndpoints, ep.ID())
+
+	if len(sb.endpoints) == 0 {
+		// sb.endpoints should never be empty and this is unexpected error condition
+		// We log an error message to note this down for debugging purposes.
+		logrus.Errorf("No endpoints in sandbox while trying to remove endpoint %s", ep.Name())
+		sb.Unlock()
+		return nil
+	}
+
+	var (
+		gwepBefore, gwepAfter *endpoint
+		index                 = -1
+	)
+	for i, e := range sb.endpoints {
+		if e == ep {
+			index = i
+		}
+		if len(e.Gateway()) > 0 && gwepBefore == nil {
+			gwepBefore = e
+		}
+		if index != -1 && gwepBefore != nil {
+			break
+		}
+	}
+
+	if index == -1 {
+		logrus.Warnf("Endpoint %s has already been deleted", ep.Name())
+		sb.Unlock()
+		return nil
+	}
+
+	sb.removeEndpointRaw(ep)
+	for _, e := range sb.endpoints {
+		if len(e.Gateway()) > 0 {
+			gwepAfter = e
+			break
+		}
+	}
+	delete(sb.epPriority, ep.ID())
+	sb.Unlock()
+
+	if gwepAfter != nil && gwepBefore != gwepAfter {
+		if err := sb.updateGateway(gwepAfter); err != nil {
+			return err
+		}
+	}
+
+	// Only update the store if we did not come here as part of
+	// sandbox delete. If we came here as part of delete then do
+	// not bother updating the store. The sandbox object will be
+	// deleted anyway
+	if !inDelete {
+		return sb.storeUpdate()
+	}
+
+	return nil
+}
+
+// joinLeaveStart waits to ensure there are no joins or leaves in progress and
+// marks this join/leave in progress without race
+func (sb *sandbox) joinLeaveStart() {
+	sb.Lock()
+	defer sb.Unlock()
+
+	for sb.joinLeaveDone != nil {
+		joinLeaveDone := sb.joinLeaveDone
+		sb.Unlock()
+
+		<-joinLeaveDone
+
+		sb.Lock()
+	}
+
+	sb.joinLeaveDone = make(chan struct{})
+}
+
+// joinLeaveEnd marks the end of this join/leave operation and
+// signals the same without race to other join and leave waiters
+func (sb *sandbox) joinLeaveEnd() {
+	sb.Lock()
+	defer sb.Unlock()
+
+	if sb.joinLeaveDone != nil {
+		close(sb.joinLeaveDone)
+		sb.joinLeaveDone = nil
+	}
+}
+
+// OptionHostname function returns an option setter for hostname option to
+// be passed to NewSandbox method.
+func OptionHostname(name string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.hostName = name
+	}
+}
+
+// OptionDomainname function returns an option setter for domainname option to
+// be passed to NewSandbox method.
+func OptionDomainname(name string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.domainName = name
+	}
+}
+
+// OptionHostsPath function returns an option setter for hostspath option to
+// be passed to NewSandbox method.
+func OptionHostsPath(path string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.hostsPath = path
+	}
+}
+
+// OptionOriginHostsPath function returns an option setter for origin hosts file path
+// to be passed to NewSandbox method.
+func OptionOriginHostsPath(path string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.originHostsPath = path
+	}
+}
+
+// OptionExtraHost function returns an option setter for extra /etc/hosts options
+// which is a name and IP as strings.
+func OptionExtraHost(name string, IP string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.extraHosts = append(sb.config.extraHosts, extraHost{name: name, IP: IP})
+	}
+}
+
+// OptionParentUpdate function returns an option setter for parent container
+// which needs to update the IP address for the linked container.
+func OptionParentUpdate(cid string, name, ip string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.parentUpdates = append(sb.config.parentUpdates, parentUpdate{cid: cid, name: name, ip: ip})
+	}
+}
+
+// OptionResolvConfPath function returns an option setter for resolvconfpath option to
+// be passed to net container methods.
+func OptionResolvConfPath(path string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.resolvConfPath = path
+	}
+}
+
+// OptionOriginResolvConfPath function returns an option setter to set the path to the
+// origin resolv.conf file to be passed to net container methods.
+func OptionOriginResolvConfPath(path string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.originResolvConfPath = path
+	}
+}
+
+// OptionDNS function returns an option setter for dns entry option to
+// be passed to container Create method.
+func OptionDNS(dns string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.dnsList = append(sb.config.dnsList, dns)
+	}
+}
+
+// OptionDNSSearch function returns an option setter for dns search entry option to
+// be passed to container Create method.
+func OptionDNSSearch(search string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.dnsSearchList = append(sb.config.dnsSearchList, search)
+	}
+}
+
+// OptionDNSOptions function returns an option setter for dns options entry option to
+// be passed to container Create method.
+func OptionDNSOptions(options string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.dnsOptionsList = append(sb.config.dnsOptionsList, options)
+	}
+}
+
+// OptionUseDefaultSandbox function returns an option setter for using default sandbox
+// (host namespace) to be passed to container Create method.
+func OptionUseDefaultSandbox() SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.useDefaultSandBox = true
+	}
+}
+
+// OptionUseExternalKey function returns an option setter for using provided namespace
+// instead of creating one.
+func OptionUseExternalKey() SandboxOption {
+	return func(sb *sandbox) {
+		sb.config.useExternalKey = true
+	}
+}
+
+// OptionGeneric function returns an option setter for Generic configuration
+// that is not managed by libNetwork but can be used by the Drivers during the call to
+// net container creation method. Container Labels are a good example.
+func OptionGeneric(generic map[string]interface{}) SandboxOption {
+	return func(sb *sandbox) {
+		if sb.config.generic == nil {
+			sb.config.generic = make(map[string]interface{}, len(generic))
+		}
+		for k, v := range generic {
+			sb.config.generic[k] = v
+		}
+	}
+}
+
+// OptionExposedPorts function returns an option setter for the container exposed
+// ports option to be passed to container Create method.
+func OptionExposedPorts(exposedPorts []types.TransportPort) SandboxOption {
+	return func(sb *sandbox) {
+		if sb.config.generic == nil {
+			sb.config.generic = make(map[string]interface{})
+		}
+		// Defensive copy
+		eps := make([]types.TransportPort, len(exposedPorts))
+		copy(eps, exposedPorts)
+		// Store endpoint label and in generic because driver needs it
+		sb.config.exposedPorts = eps
+		sb.config.generic[netlabel.ExposedPorts] = eps
+	}
+}
+
+// OptionPortMapping function returns an option setter for the mapping
+// ports option to be passed to container Create method.
+func OptionPortMapping(portBindings []types.PortBinding) SandboxOption {
+	return func(sb *sandbox) {
+		if sb.config.generic == nil {
+			sb.config.generic = make(map[string]interface{})
+		}
+		// Store a copy of the bindings as generic data to pass to the driver
+		pbs := make([]types.PortBinding, len(portBindings))
+		copy(pbs, portBindings)
+		sb.config.generic[netlabel.PortMap] = pbs
+	}
+}
+
+// OptionIngress function returns an option setter for marking a
+// sandbox as the controller's ingress sandbox.
+func OptionIngress() SandboxOption {
+	return func(sb *sandbox) {
+		sb.ingress = true
+		sb.oslTypes = append(sb.oslTypes, osl.SandboxTypeIngress)
+	}
+}
+
+// OptionLoadBalancer function returns an option setter for marking a
+// sandbox as a load balancer sandbox.
+func OptionLoadBalancer(nid string) SandboxOption {
+	return func(sb *sandbox) {
+		sb.loadBalancerNID = nid
+		sb.oslTypes = append(sb.oslTypes, osl.SandboxTypeLoadBalancer)
+	}
+}
+
+// <=> Returns true if a < b, false if a > b and advances to next level if a == b
+// epi.prio <=> epj.prio           # 2 < 1
+// epi.gw <=> epj.gw               # non-gw < gw
+// epi.internal <=> epj.internal   # non-internal < internal
+// epi.joininfo <=> epj.joininfo   # ipv6 < ipv4
+// epi.name <=> epj.name           # bar < foo
+func (epi *endpoint) Less(epj *endpoint) bool {
+	var (
+		prioi, prioj int
+	)
+
+	sbi, _ := epi.getSandbox()
+	sbj, _ := epj.getSandbox()
+
+	// Prio defaults to 0
+	if sbi != nil {
+		prioi = sbi.epPriority[epi.ID()]
+	}
+	if sbj != nil {
+		prioj = sbj.epPriority[epj.ID()]
+	}
+
+	if prioi != prioj {
+		return prioi > prioj
+	}
+
+	gwi := epi.endpointInGWNetwork()
+	gwj := epj.endpointInGWNetwork()
+	if gwi != gwj {
+		return gwj
+	}
+
+	inti := epi.getNetwork().Internal()
+	intj := epj.getNetwork().Internal()
+	if inti != intj {
+		return intj
+	}
+
+	jii := 0
+	if epi.joinInfo != nil {
+		if epi.joinInfo.gw != nil {
+			jii = jii + 1
+		}
+		if epi.joinInfo.gw6 != nil {
+			jii = jii + 2
+		}
+	}
+
+	jij := 0
+	if epj.joinInfo != nil {
+		if epj.joinInfo.gw != nil {
+			jij = jij + 1
+		}
+		if epj.joinInfo.gw6 != nil {
+			jij = jij + 2
+		}
+	}
+
+	if jii != jij {
+		return jii > jij
+	}
+
+	return epi.network.Name() < epj.network.Name()
+}
+
+func (sb *sandbox) NdotsSet() bool {
+	return sb.ndotsSet
+}
diff --git a/vendor/github.com/docker/libnetwork/sandbox_dns_unix.go b/libnetwork/sandbox_dns_unix.go
similarity index 87%
rename from vendor/github.com/docker/libnetwork/sandbox_dns_unix.go
rename to libnetwork/sandbox_dns_unix.go
index db1b66b190dc8..ae67ab08c83b0 100644
--- a/vendor/github.com/docker/libnetwork/sandbox_dns_unix.go
+++ b/libnetwork/sandbox_dns_unix.go
@@ -1,20 +1,20 @@
+//go:build !windows
 // +build !windows
 
 package libnetwork
 
 import (
 	"fmt"
-	"io/ioutil"
+	"net"
 	"os"
 	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
 
-	"github.com/docker/libnetwork/etchosts"
-	"github.com/docker/libnetwork/resolvconf"
-	"github.com/docker/libnetwork/resolvconf/dns"
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/etchosts"
+	"github.com/docker/docker/libnetwork/resolvconf"
+	"github.com/docker/docker/libnetwork/types"
 	"github.com/sirupsen/logrus"
 )
 
@@ -98,8 +98,8 @@ func (sb *sandbox) buildHostsFile() error {
 	return etchosts.Build(sb.config.hostsPath, "", sb.config.hostName, sb.config.domainName, extraContent)
 }
 
-func (sb *sandbox) updateHostsFile(ifaceIP string) error {
-	if ifaceIP == "" {
+func (sb *sandbox) updateHostsFile(ifaceIPs []string) error {
+	if len(ifaceIPs) == 0 {
 		return nil
 	}
 
@@ -120,7 +120,10 @@ func (sb *sandbox) updateHostsFile(ifaceIP string) error {
 		mhost = fmt.Sprintf("%s %s", fqdn, parts[0])
 	}
 
-	extraContent := []etchosts.Record{{Hosts: mhost, IP: ifaceIP}}
+	var extraContent []etchosts.Record
+	for _, ip := range ifaceIPs {
+		extraContent = append(extraContent, etchosts.Record{Hosts: mhost, IP: ip})
+	}
 
 	sb.addHostsEntries(extraContent)
 	return nil
@@ -168,8 +171,8 @@ func (sb *sandbox) setExternalResolvers(content []byte, addrType int, checkLoopb
 	servers := resolvconf.GetNameservers(content, addrType)
 	for _, ip := range servers {
 		hostLoopback := false
-		if checkLoopback {
-			hostLoopback = dns.IsIPv4Localhost(ip)
+		if checkLoopback && isIPv4Loopback(ip) {
+			hostLoopback = true
 		}
 		sb.extDNS = append(sb.extDNS, extDNSEntry{
 			IPStr:        ip,
@@ -178,6 +181,18 @@ func (sb *sandbox) setExternalResolvers(content []byte, addrType int, checkLoopb
 	}
 }
 
+// isIPv4Loopback checks if the given IP address is an IPv4 loopback address.
+// It's based on the logic in Go's net.IP.IsLoopback(), but only the IPv4 part:
+// https://github.com/golang/go/blob/go1.16.6/src/net/ip.go#L120-L126
+func isIPv4Loopback(ipAddress string) bool {
+	if ip := net.ParseIP(ipAddress); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			return ip4[0] == 127
+		}
+	}
+	return false
+}
+
 func (sb *sandbox) setupDNS() error {
 	var newRC *resolvconf.File
 
@@ -213,8 +228,8 @@ func (sb *sandbox) setupDNS() error {
 
 	originResolvConfPath := sb.config.originResolvConfPath
 	if originResolvConfPath == "" {
-		// if not specified fallback to default /etc/resolv.conf
-		originResolvConfPath = resolvconf.DefaultResolvConf
+		// fallback if not specified
+		originResolvConfPath = resolvconf.Path()
 	}
 	currRC, err := resolvconf.GetSpecific(originResolvConfPath)
 	if err != nil {
@@ -230,7 +245,7 @@ func (sb *sandbox) setupDNS() error {
 	if len(sb.config.dnsList) > 0 || len(sb.config.dnsSearchList) > 0 || len(sb.config.dnsOptionsList) > 0 {
 		var (
 			err            error
-			dnsList        = resolvconf.GetNameservers(currRC.Content, types.IP)
+			dnsList        = resolvconf.GetNameservers(currRC.Content, resolvconf.IP)
 			dnsSearchList  = resolvconf.GetSearchDomains(currRC.Content)
 			dnsOptionsList = resolvconf.GetOptions(currRC.Content)
 		)
@@ -250,26 +265,26 @@ func (sb *sandbox) setupDNS() error {
 		// After building the resolv.conf from the user config save the
 		// external resolvers in the sandbox. Note that --dns 127.0.0.x
 		// config refers to the loopback in the container namespace
-		sb.setExternalResolvers(newRC.Content, types.IPv4, false)
+		sb.setExternalResolvers(newRC.Content, resolvconf.IPv4, false)
 	} else {
 		// If the host resolv.conf file has 127.0.0.x container should
 		// use the host resolver for queries. This is supported by the
 		// docker embedded DNS server. Hence save the external resolvers
 		// before filtering it out.
-		sb.setExternalResolvers(currRC.Content, types.IPv4, true)
+		sb.setExternalResolvers(currRC.Content, resolvconf.IPv4, true)
 
 		// Replace any localhost/127.* (at this point we have no info about ipv6, pass it as true)
 		if newRC, err = resolvconf.FilterResolvDNS(currRC.Content, true); err != nil {
 			return err
 		}
 		// No contention on container resolv.conf file at sandbox creation
-		if err := ioutil.WriteFile(sb.config.resolvConfPath, newRC.Content, filePerm); err != nil {
+		if err := os.WriteFile(sb.config.resolvConfPath, newRC.Content, filePerm); err != nil {
 			return types.InternalErrorf("failed to write unhaltered resolv.conf file content when setting up dns for sandbox %s: %v", sb.ID(), err)
 		}
 	}
 
 	// Write hash
-	if err := ioutil.WriteFile(sb.config.resolvConfHashFile, []byte(newRC.Hash), filePerm); err != nil {
+	if err := os.WriteFile(sb.config.resolvConfHashFile, []byte(newRC.Hash), filePerm); err != nil {
 		return types.InternalErrorf("failed to write resolv.conf hash file when setting up dns for sandbox %s: %v", sb.ID(), err)
 	}
 
@@ -297,7 +312,7 @@ func (sb *sandbox) updateDNS(ipv6Enabled bool) error {
 			return err
 		}
 	} else {
-		h, err := ioutil.ReadFile(hashFile)
+		h, err := os.ReadFile(hashFile)
 		if err != nil {
 			if !os.IsNotExist(err) {
 				return err
@@ -319,14 +334,14 @@ func (sb *sandbox) updateDNS(ipv6Enabled bool) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(sb.config.resolvConfPath, newRC.Content, 0644)
+	err = os.WriteFile(sb.config.resolvConfPath, newRC.Content, 0644) //nolint:gosec // gosec complains about perms here, which must be 0644 in this case
 	if err != nil {
 		return err
 	}
 
 	// write the new hash in a temp file and rename it to make the update atomic
 	dir := path.Dir(sb.config.resolvConfPath)
-	tmpHashFile, err := ioutil.TempFile(dir, "hash")
+	tmpHashFile, err := os.CreateTemp(dir, "hash")
 	if err != nil {
 		return err
 	}
@@ -355,7 +370,7 @@ func (sb *sandbox) rebuildDNS() error {
 	}
 
 	if len(sb.extDNS) == 0 {
-		sb.setExternalResolvers(currRC.Content, types.IPv4, false)
+		sb.setExternalResolvers(currRC.Content, resolvconf.IPv4, false)
 	}
 	var (
 		dnsList        = []string{sb.resolver.NameServer()}
@@ -364,7 +379,7 @@ func (sb *sandbox) rebuildDNS() error {
 	)
 
 	// external v6 DNS servers has to be listed in resolv.conf
-	dnsList = append(dnsList, resolvconf.GetNameservers(currRC.Content, types.IPv6)...)
+	dnsList = append(dnsList, resolvconf.GetNameservers(currRC.Content, resolvconf.IPv6)...)
 
 	// If the user config and embedded DNS server both have ndots option set,
 	// remember the user's config so that unqualified names not in the docker
@@ -426,9 +441,9 @@ func createFile(path string) error {
 }
 
 func copyFile(src, dst string) error {
-	sBytes, err := ioutil.ReadFile(src)
+	sBytes, err := os.ReadFile(src)
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile(dst, sBytes, filePerm)
+	return os.WriteFile(dst, sBytes, filePerm)
 }
diff --git a/libnetwork/sandbox_dns_windows.go b/libnetwork/sandbox_dns_windows.go
new file mode 100644
index 0000000000000..62af20b6bf039
--- /dev/null
+++ b/libnetwork/sandbox_dns_windows.go
@@ -0,0 +1,44 @@
+//go:build windows
+// +build windows
+
+package libnetwork
+
+import (
+	"github.com/docker/docker/libnetwork/etchosts"
+)
+
+// Stub implementations for DNS related functions
+
+func (sb *sandbox) startResolver(bool) {
+}
+
+func (sb *sandbox) setupResolutionFiles() error {
+	return nil
+}
+
+func (sb *sandbox) restorePath() {
+}
+
+func (sb *sandbox) updateHostsFile(ifaceIP []string) error {
+	return nil
+}
+
+func (sb *sandbox) addHostsEntries(recs []etchosts.Record) {
+
+}
+
+func (sb *sandbox) deleteHostsEntries(recs []etchosts.Record) {
+
+}
+
+func (sb *sandbox) updateDNS(ipv6Enabled bool) error {
+	return nil
+}
+
+func (sb *sandbox) setupDNS() error {
+	return nil
+}
+
+func (sb *sandbox) rebuildDNS() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/libnetwork/sandbox_externalkey.go b/libnetwork/sandbox_externalkey.go
similarity index 100%
rename from vendor/github.com/docker/libnetwork/sandbox_externalkey.go
rename to libnetwork/sandbox_externalkey.go
diff --git a/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go b/libnetwork/sandbox_externalkey_unix.go
similarity index 82%
rename from vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go
rename to libnetwork/sandbox_externalkey_unix.go
index 7601db9049b8a..963deecb817c0 100644
--- a/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go
+++ b/libnetwork/sandbox_externalkey_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package libnetwork
@@ -7,13 +8,13 @@ import (
 	"flag"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
 
-	"github.com/docker/libnetwork/types"
-	"github.com/opencontainers/runc/libcontainer/configs"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
 
@@ -24,8 +25,8 @@ const (
 )
 
 // processSetKeyReexec is a private function that must be called only on an reexec path
-// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <controller-id> }
-// It also expects configs.HookState as a json string in <stdin>
+// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <short-controller-id> }
+// It also expects specs.State as a json string in <stdin>
 // Refer to https://github.com/opencontainers/runc/pull/160/ for more information
 // The docker exec-root can be specified as "-exec-root" flag. The default value is "/run/docker".
 func processSetKeyReexec() {
@@ -41,35 +42,35 @@ func processSetKeyReexec() {
 	execRoot := flag.String("exec-root", defaultExecRoot, "docker exec root")
 	flag.Parse()
 
-	// expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<controller-id> }
+	// expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<short-controller-id> }
 	// (i.e. expecting 2 flag.Args())
 	args := flag.Args()
 	if len(args) < 2 {
 		err = fmt.Errorf("Re-exec expects 2 args (after parsing flags), received : %d", len(args))
 		return
 	}
-	containerID, controllerID := args[0], args[1]
+	containerID, shortCtlrID := args[0], args[1]
 
-	// We expect configs.HookState as a json string in <stdin>
-	stateBuf, err := ioutil.ReadAll(os.Stdin)
+	// We expect specs.State as a json string in <stdin>
+	stateBuf, err := io.ReadAll(os.Stdin)
 	if err != nil {
 		return
 	}
-	var state configs.HookState
+	var state specs.State
 	if err = json.Unmarshal(stateBuf, &state); err != nil {
 		return
 	}
 
-	err = SetExternalKey(controllerID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
+	err = SetExternalKey(shortCtlrID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
 }
 
 // SetExternalKey provides a convenient way to set an External key to a sandbox
-func SetExternalKey(controllerID string, containerID string, key string, execRoot string) error {
+func SetExternalKey(shortCtlrID string, containerID string, key string, execRoot string) error {
 	keyData := setKeyData{
 		ContainerID: containerID,
 		Key:         key}
 
-	uds := filepath.Join(execRoot, execSubdir, controllerID+".sock")
+	uds := filepath.Join(execRoot, execSubdir, shortCtlrID+".sock")
 	c, err := net.Dial("unix", uds)
 	if err != nil {
 		return err
@@ -120,7 +121,8 @@ func (c *controller) startExternalKeyListener() error {
 	if err := os.MkdirAll(udsBase, 0600); err != nil {
 		return err
 	}
-	uds := filepath.Join(udsBase, c.id+".sock")
+	shortCtlrID := stringid.TruncateID(c.id)
+	uds := filepath.Join(udsBase, shortCtlrID+".sock")
 	l, err := net.Listen("unix", uds)
 	if err != nil {
 		return err
diff --git a/vendor/github.com/docker/libnetwork/sandbox_externalkey_windows.go b/libnetwork/sandbox_externalkey_windows.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/sandbox_externalkey_windows.go
rename to libnetwork/sandbox_externalkey_windows.go
index 340cd1735fba9..c866942abb58a 100644
--- a/vendor/github.com/docker/libnetwork/sandbox_externalkey_windows.go
+++ b/libnetwork/sandbox_externalkey_windows.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package libnetwork
@@ -6,7 +7,7 @@ import (
 	"io"
 	"net"
 
-	"github.com/docker/libnetwork/types"
+	"github.com/docker/docker/libnetwork/types"
 )
 
 // processSetKeyReexec is a private function that must be called only on an reexec path
diff --git a/vendor/github.com/docker/libnetwork/sandbox_store.go b/libnetwork/sandbox_store.go
similarity index 98%
rename from vendor/github.com/docker/libnetwork/sandbox_store.go
rename to libnetwork/sandbox_store.go
index 1e53815aeea77..31cce58db71b8 100644
--- a/vendor/github.com/docker/libnetwork/sandbox_store.go
+++ b/libnetwork/sandbox_store.go
@@ -4,8 +4,8 @@ import (
 	"encoding/json"
 	"sync"
 
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/osl"
 	"github.com/sirupsen/logrus"
 )
 
diff --git a/libnetwork/sandbox_test.go b/libnetwork/sandbox_test.go
new file mode 100644
index 0000000000000..0da6766d24abd
--- /dev/null
+++ b/libnetwork/sandbox_test.go
@@ -0,0 +1,265 @@
+package libnetwork
+
+import (
+	"fmt"
+	"runtime"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/docker/libnetwork/osl"
+	"github.com/docker/docker/libnetwork/testutils"
+	"gotest.tools/v3/skip"
+)
+
+func getTestEnv(t *testing.T, opts ...[]NetworkOption) (NetworkController, []Network) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
+	netType := "bridge"
+
+	option := options.Generic{
+		"EnableIPForwarding": true,
+	}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = option
+
+	cfgOptions, err := OptionBoltdbWithRandomDBFile()
+	if err != nil {
+		t.Fatal(err)
+	}
+	c, err := New(append(cfgOptions, config.OptionDriverConfig(netType, genericOption))...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(opts) == 0 {
+		return c, nil
+	}
+
+	nwList := make([]Network, 0, len(opts))
+	for i, opt := range opts {
+		name := fmt.Sprintf("test_nw_%d", i)
+		netOption := options.Generic{
+			netlabel.GenericData: options.Generic{
+				"BridgeName": name,
+			},
+		}
+		newOptions := make([]NetworkOption, 1, len(opt)+1)
+		newOptions[0] = NetworkOptionGeneric(netOption)
+		newOptions = append(newOptions, opt...)
+		n, err := c.NewNetwork(netType, name, "", newOptions...)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		nwList = append(nwList, n)
+	}
+
+	return c, nwList
+}
+
+func TestSandboxAddEmpty(t *testing.T) {
+	c, _ := getTestEnv(t)
+	ctrlr := c.(*controller)
+
+	sbx, err := ctrlr.NewSandbox("sandbox0")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := sbx.Delete(); err != nil {
+		t.Fatal(err)
+	}
+
+	if len(ctrlr.sandboxes) != 0 {
+		t.Fatalf("controller sandboxes is not empty. len = %d", len(ctrlr.sandboxes))
+	}
+
+	osl.GC()
+}
+
+// // If different priorities are specified, internal option and ipv6 addresses mustn't influence endpoint order
+func TestSandboxAddMultiPrio(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	opts := [][]NetworkOption{
+		{NetworkOptionEnableIPv6(true), NetworkOptionIpam(ipamapi.DefaultIPAM, "", nil, []*IpamConf{{PreferredPool: "fe90::/64"}}, nil)},
+		{NetworkOptionInternalNetwork()},
+		{},
+	}
+
+	c, nws := getTestEnv(t, opts...)
+	ctrlr := c.(*controller)
+
+	sbx, err := ctrlr.NewSandbox("sandbox1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	sid := sbx.ID()
+
+	ep1, err := nws[0].CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	ep2, err := nws[1].CreateEndpoint("ep2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	ep3, err := nws[2].CreateEndpoint("ep3")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep1.Join(sbx, JoinOptionPriority(1)); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep2.Join(sbx, JoinOptionPriority(2)); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ep3.Join(sbx, JoinOptionPriority(3)); err != nil {
+		t.Fatal(err)
+	}
+
+	if ctrlr.sandboxes[sid].endpoints[0].ID() != ep3.ID() {
+		t.Fatal("Expected ep3 to be at the top of the heap. But did not find ep3 at the top of the heap")
+	}
+
+	if len(sbx.Endpoints()) != 3 {
+		t.Fatal("Expected 3 endpoints to be connected to the sandbox.")
+	}
+
+	if err := ep3.Leave(sbx); err != nil {
+		t.Fatal(err)
+	}
+	if ctrlr.sandboxes[sid].endpoints[0].ID() != ep2.ID() {
+		t.Fatal("Expected ep2 to be at the top of the heap after removing ep3. But did not find ep2 at the top of the heap")
+	}
+
+	if err := ep2.Leave(sbx); err != nil {
+		t.Fatal(err)
+	}
+	if ctrlr.sandboxes[sid].endpoints[0].ID() != ep1.ID() {
+		t.Fatal("Expected ep1 to be at the top of the heap after removing ep2. But did not find ep1 at the top of the heap")
+	}
+
+	// Re-add ep3 back
+	if err := ep3.Join(sbx, JoinOptionPriority(3)); err != nil {
+		t.Fatal(err)
+	}
+
+	if ctrlr.sandboxes[sid].endpoints[0].ID() != ep3.ID() {
+		t.Fatal("Expected ep3 to be at the top of the heap after adding ep3 back. But did not find ep3 at the top of the heap")
+	}
+
+	if err := sbx.Delete(); err != nil {
+		t.Fatal(err)
+	}
+
+	if len(ctrlr.sandboxes) != 0 {
+		t.Fatalf("controller sandboxes is not empty. len = %d", len(ctrlr.sandboxes))
+	}
+
+	osl.GC()
+}
+
+func TestSandboxAddSamePrio(t *testing.T) {
+	if !testutils.IsRunningInContainer() {
+		defer testutils.SetupTestOSContext(t)()
+	}
+
+	opts := [][]NetworkOption{
+		{},
+		{},
+		{NetworkOptionEnableIPv6(true), NetworkOptionIpam(ipamapi.DefaultIPAM, "", nil, []*IpamConf{{PreferredPool: "fe90::/64"}}, nil)},
+		{NetworkOptionInternalNetwork()},
+	}
+
+	c, nws := getTestEnv(t, opts...)
+
+	ctrlr := c.(*controller)
+
+	sbx, err := ctrlr.NewSandbox("sandbox1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	sid := sbx.ID()
+
+	epNw1, err := nws[1].CreateEndpoint("ep1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	epIPv6, err := nws[2].CreateEndpoint("ep2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	epInternal, err := nws[3].CreateEndpoint("ep3")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	epNw0, err := nws[0].CreateEndpoint("ep4")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := epNw1.Join(sbx); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := epIPv6.Join(sbx); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := epInternal.Join(sbx); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := epNw0.Join(sbx); err != nil {
+		t.Fatal(err)
+	}
+
+	// order should now be: epIPv6, epNw0, epNw1, epInternal
+	if len(sbx.Endpoints()) != 4 {
+		t.Fatal("Expected 4 endpoints to be connected to the sandbox.")
+	}
+
+	// IPv6 has precedence over IPv4
+	if ctrlr.sandboxes[sid].endpoints[0].ID() != epIPv6.ID() {
+		t.Fatal("Expected epIPv6 to be at the top of the heap. But did not find epIPv6 at the top of the heap")
+	}
+
+	// internal network has lowest precedence
+	if ctrlr.sandboxes[sid].endpoints[3].ID() != epInternal.ID() {
+		t.Fatal("Expected epInternal to be at the bottom of the heap. But did not find epInternal at the bottom of the heap")
+	}
+
+	if err := epIPv6.Leave(sbx); err != nil {
+		t.Fatal(err)
+	}
+
+	// 'test_nw_0' has precedence over 'test_nw_1'
+	if ctrlr.sandboxes[sid].endpoints[0].ID() != epNw0.ID() {
+		t.Fatal("Expected epNw0 to be at the top of the heap after removing epIPv6. But did not find epNw0 at the top of the heap")
+	}
+
+	if err := epNw1.Leave(sbx); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := sbx.Delete(); err != nil {
+		t.Fatal(err)
+	}
+
+	if len(ctrlr.sandboxes) != 0 {
+		t.Fatalf("controller containers is not empty. len = %d", len(ctrlr.sandboxes))
+	}
+
+	osl.GC()
+}
diff --git a/libnetwork/service.go b/libnetwork/service.go
new file mode 100644
index 0000000000000..abe80204220ab
--- /dev/null
+++ b/libnetwork/service.go
@@ -0,0 +1,98 @@
+package libnetwork
+
+import (
+	"fmt"
+	"net"
+	"sync"
+
+	"github.com/docker/docker/libnetwork/internal/setmatrix"
+)
+
+var (
+	// A global monotonic counter to assign firewall marks to
+	// services.
+	fwMarkCtr   uint32 = 256
+	fwMarkCtrMu sync.Mutex
+)
+
+type portConfigs []*PortConfig
+
+func (p portConfigs) String() string {
+	if len(p) == 0 {
+		return ""
+	}
+
+	pc := p[0]
+	str := fmt.Sprintf("%d:%d/%s", pc.PublishedPort, pc.TargetPort, PortConfig_Protocol_name[int32(pc.Protocol)])
+	for _, pc := range p[1:] {
+		str = str + fmt.Sprintf(",%d:%d/%s", pc.PublishedPort, pc.TargetPort, PortConfig_Protocol_name[int32(pc.Protocol)])
+	}
+
+	return str
+}
+
+type serviceKey struct {
+	id    string
+	ports string
+}
+
+type service struct {
+	name string // Service Name
+	id   string // Service ID
+
+	// Map of loadbalancers for the service one-per attached
+	// network. It is keyed with network ID.
+	loadBalancers map[string]*loadBalancer
+
+	// List of ingress ports exposed by the service
+	ingressPorts portConfigs
+
+	// Service aliases
+	aliases []string
+
+	// This maps tracks for each IP address the list of endpoints ID
+	// associated with it. At stable state the endpoint ID expected is 1
+	// but during transition and service change it is possible to have
+	// temporary more than 1
+	ipToEndpoint setmatrix.SetMatrix
+
+	deleted bool
+
+	sync.Mutex
+}
+
+// assignIPToEndpoint inserts the mapping between the IP and the endpoint identifier
+// returns true if the mapping was not present, false otherwise
+// returns also the number of endpoints associated to the IP
+func (s *service) assignIPToEndpoint(ip, eID string) (bool, int) {
+	return s.ipToEndpoint.Insert(ip, eID)
+}
+
+// removeIPToEndpoint removes the mapping between the IP and the endpoint identifier
+// returns true if the mapping was deleted, false otherwise
+// returns also the number of endpoints associated to the IP
+func (s *service) removeIPToEndpoint(ip, eID string) (bool, int) {
+	return s.ipToEndpoint.Remove(ip, eID)
+}
+
+func (s *service) printIPToEndpoint(ip string) (string, bool) {
+	return s.ipToEndpoint.String(ip)
+}
+
+type lbBackend struct {
+	ip       net.IP
+	disabled bool
+}
+
+type loadBalancer struct {
+	vip    net.IP
+	fwMark uint32
+
+	// Map of backend IPs backing this loadbalancer on this
+	// network. It is keyed with endpoint ID.
+	backEnds map[string]*lbBackend
+
+	// Back pointer to service to which the loadbalancer belongs.
+	service *service
+	sync.Mutex
+}
diff --git a/vendor/github.com/docker/libnetwork/service_common.go b/libnetwork/service_common.go
similarity index 90%
rename from vendor/github.com/docker/libnetwork/service_common.go
rename to libnetwork/service_common.go
index 78986c5424f4f..a2973d7e398cd 100644
--- a/vendor/github.com/docker/libnetwork/service_common.go
+++ b/libnetwork/service_common.go
@@ -1,3 +1,4 @@
+//go:build linux || windows
 // +build linux windows
 
 package libnetwork
@@ -5,7 +6,7 @@ package libnetwork
 import (
 	"net"
 
-	"github.com/docker/libnetwork/internal/setmatrix"
+	"github.com/docker/docker/libnetwork/internal/setmatrix"
 	"github.com/sirupsen/logrus"
 )
 
@@ -20,7 +21,9 @@ func (c *controller) addEndpointNameResolution(svcName, svcID, nID, eID, contain
 	logrus.Debugf("addEndpointNameResolution %s %s add_service:%t sAliases:%v tAliases:%v", eID, svcName, addService, serviceAliases, taskAliases)
 
 	// Add container resolution mappings
-	c.addContainerNameResolution(nID, eID, containerName, taskAliases, ip, method)
+	if err := c.addContainerNameResolution(nID, eID, containerName, taskAliases, ip, method); err != nil {
+		return err
+	}
 
 	serviceID := svcID
 	if serviceID == "" {
@@ -64,7 +67,7 @@ func (c *controller) addContainerNameResolution(nID, eID, containerName string,
 
 	// Add resolution for taskaliases
 	for _, alias := range taskAliases {
-		n.(*network).addSvcRecords(eID, alias, eID, ip, nil, true, method)
+		n.(*network).addSvcRecords(eID, alias, eID, ip, nil, false, method)
 	}
 
 	return nil
@@ -79,7 +82,9 @@ func (c *controller) deleteEndpointNameResolution(svcName, svcID, nID, eID, cont
 	logrus.Debugf("deleteEndpointNameResolution %s %s rm_service:%t suppress:%t sAliases:%v tAliases:%v", eID, svcName, rmService, multipleEntries, serviceAliases, taskAliases)
 
 	// Delete container resolution mappings
-	c.delContainerNameResolution(nID, eID, containerName, taskAliases, ip, method)
+	if err := c.delContainerNameResolution(nID, eID, containerName, taskAliases, ip, method); err != nil {
+		logrus.WithError(err).Warn("Error delting container from resolver")
+	}
 
 	serviceID := svcID
 	if serviceID == "" {
@@ -230,7 +235,7 @@ func (c *controller) addServiceBinding(svcName, svcID, nID, eID, containerName s
 	// state in the c.serviceBindings map and it's sub-maps. Also,
 	// always lock network ID before services to avoid deadlock.
 	c.networkLocker.Lock(nID)
-	defer c.networkLocker.Unlock(nID)
+	defer c.networkLocker.Unlock(nID) // nolint:errcheck
 
 	n, err := c.NetworkByID(nID)
 	if err != nil {
@@ -300,7 +305,9 @@ func (c *controller) addServiceBinding(svcName, svcID, nID, eID, containerName s
 	n.(*network).addLBBackend(ip, lb)
 
 	// Add the appropriate name resolutions
-	c.addEndpointNameResolution(svcName, svcID, nID, eID, containerName, vip, serviceAliases, taskAliases, ip, addService, "addServiceBinding")
+	if err := c.addEndpointNameResolution(svcName, svcID, nID, eID, containerName, vip, serviceAliases, taskAliases, ip, addService, "addServiceBinding"); err != nil {
+		return err
+	}
 
 	logrus.Debugf("addServiceBinding from %s END for %s %s", method, svcName, eID)
 
@@ -369,9 +376,11 @@ func (c *controller) rmServiceBinding(svcName, svcID, nID, eID, containerName st
 	// sandboxes in the network only if the vip is valid.
 	if entries == 0 {
 		// The network may well have been deleted before the last
-		// of the service bindings.  That's ok, because removing
-		// the network sandbox implicitly removes the backend
-		// service bindings.
+		// of the service bindings.  That's ok on Linux because
+		// removing the network sandbox implicitly removes the
+		// backend service bindings.  Windows VFP cleanup requires
+		// calling cleanupServiceBindings on the network prior to
+		// deleting the network, performed by network.delete.
 		n, err := c.NetworkByID(nID)
 		if err == nil {
 			n.(*network).rmLBBackend(ip, lb, rmService, fullRemove)
@@ -380,7 +389,9 @@ func (c *controller) rmServiceBinding(svcName, svcID, nID, eID, containerName st
 
 	// Delete the name resolutions
 	if deleteSvcRecords {
-		c.deleteEndpointNameResolution(svcName, svcID, nID, eID, containerName, vip, serviceAliases, taskAliases, ip, rmService, entries > 0, "rmServiceBinding")
+		if err := c.deleteEndpointNameResolution(svcName, svcID, nID, eID, containerName, vip, serviceAliases, taskAliases, ip, rmService, entries > 0, "rmServiceBinding"); err != nil {
+			return err
+		}
 	}
 
 	if len(s.loadBalancers) == 0 {
diff --git a/libnetwork/service_common_test.go b/libnetwork/service_common_test.go
new file mode 100644
index 0000000000000..1b3d7cf42efa8
--- /dev/null
+++ b/libnetwork/service_common_test.go
@@ -0,0 +1,130 @@
+package libnetwork
+
+import (
+	"net"
+	"runtime"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/resolvconf"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
+)
+
+func TestCleanupServiceDiscovery(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
+	c, err := New()
+	assert.NilError(t, err)
+	defer c.Stop()
+
+	cleanup := func(n Network) {
+		if err := n.Delete(); err != nil {
+			t.Error(err)
+		}
+	}
+	n1, err := c.NewNetwork("bridge", "net1", "", nil)
+	assert.NilError(t, err)
+	defer cleanup(n1)
+
+	n2, err := c.NewNetwork("bridge", "net2", "", nil)
+	assert.NilError(t, err)
+	defer cleanup(n2)
+
+	n1.(*network).addSvcRecords("N1ep1", "service_test", "serviceID1", net.ParseIP("192.168.0.1"), net.IP{}, true, "test")
+	n1.(*network).addSvcRecords("N2ep2", "service_test", "serviceID2", net.ParseIP("192.168.0.2"), net.IP{}, true, "test")
+
+	n2.(*network).addSvcRecords("N2ep1", "service_test", "serviceID1", net.ParseIP("192.168.1.1"), net.IP{}, true, "test")
+	n2.(*network).addSvcRecords("N2ep2", "service_test", "serviceID2", net.ParseIP("192.168.1.2"), net.IP{}, true, "test")
+
+	if len(c.(*controller).svcRecords) != 2 {
+		t.Fatalf("Service record not added correctly:%v", c.(*controller).svcRecords)
+	}
+
+	// cleanup net1
+	c.(*controller).cleanupServiceDiscovery(n1.ID())
+
+	if len(c.(*controller).svcRecords) != 1 {
+		t.Fatalf("Service record not cleaned correctly:%v", c.(*controller).svcRecords)
+	}
+
+	c.(*controller).cleanupServiceDiscovery("")
+
+	if len(c.(*controller).svcRecords) != 0 {
+		t.Fatalf("Service record not cleaned correctly:%v", c.(*controller).svcRecords)
+	}
+}
+
+func TestDNSOptions(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "test only works on linux")
+
+	c, err := New()
+	assert.NilError(t, err)
+
+	sb, err := c.(*controller).NewSandbox("cnt1", nil)
+	assert.NilError(t, err)
+
+	cleanup := func(s Sandbox) {
+		if err := s.Delete(); err != nil {
+			t.Error(err)
+		}
+	}
+
+	defer cleanup(sb)
+	sb.(*sandbox).startResolver(false)
+
+	err = sb.(*sandbox).setupDNS()
+	assert.NilError(t, err)
+	err = sb.(*sandbox).rebuildDNS()
+	assert.NilError(t, err)
+	currRC, err := resolvconf.GetSpecific(sb.(*sandbox).config.resolvConfPath)
+	assert.NilError(t, err)
+	dnsOptionsList := resolvconf.GetOptions(currRC.Content)
+	assert.Check(t, is.Len(dnsOptionsList, 1))
+	assert.Check(t, is.Equal("ndots:0", dnsOptionsList[0]))
+
+	sb.(*sandbox).config.dnsOptionsList = []string{"ndots:5"}
+	err = sb.(*sandbox).setupDNS()
+	assert.NilError(t, err)
+	currRC, err = resolvconf.GetSpecific(sb.(*sandbox).config.resolvConfPath)
+	assert.NilError(t, err)
+	dnsOptionsList = resolvconf.GetOptions(currRC.Content)
+	assert.Check(t, is.Len(dnsOptionsList, 1))
+	assert.Check(t, is.Equal("ndots:5", dnsOptionsList[0]))
+
+	err = sb.(*sandbox).rebuildDNS()
+	assert.NilError(t, err)
+	currRC, err = resolvconf.GetSpecific(sb.(*sandbox).config.resolvConfPath)
+	assert.NilError(t, err)
+	dnsOptionsList = resolvconf.GetOptions(currRC.Content)
+	assert.Check(t, is.Len(dnsOptionsList, 1))
+	assert.Check(t, is.Equal("ndots:5", dnsOptionsList[0]))
+
+	sb2, err := c.(*controller).NewSandbox("cnt2", nil)
+	assert.NilError(t, err)
+	defer cleanup(sb2)
+	sb2.(*sandbox).startResolver(false)
+
+	sb2.(*sandbox).config.dnsOptionsList = []string{"ndots:0"}
+	err = sb2.(*sandbox).setupDNS()
+	assert.NilError(t, err)
+	err = sb2.(*sandbox).rebuildDNS()
+	assert.NilError(t, err)
+	currRC, err = resolvconf.GetSpecific(sb2.(*sandbox).config.resolvConfPath)
+	assert.NilError(t, err)
+	dnsOptionsList = resolvconf.GetOptions(currRC.Content)
+	assert.Check(t, is.Len(dnsOptionsList, 1))
+	assert.Check(t, is.Equal("ndots:0", dnsOptionsList[0]))
+
+	sb2.(*sandbox).config.dnsOptionsList = []string{"ndots:foobar"}
+	err = sb2.(*sandbox).setupDNS()
+	assert.NilError(t, err)
+	err = sb2.(*sandbox).rebuildDNS()
+	assert.Error(t, err, "invalid number for ndots option: foobar")
+
+	sb2.(*sandbox).config.dnsOptionsList = []string{"ndots:-1"}
+	err = sb2.(*sandbox).setupDNS()
+	assert.NilError(t, err)
+	err = sb2.(*sandbox).rebuildDNS()
+	assert.Error(t, err, "invalid number for ndots option: -1")
+}
diff --git a/vendor/github.com/docker/libnetwork/service_linux.go b/libnetwork/service_linux.go
similarity index 86%
rename from vendor/github.com/docker/libnetwork/service_linux.go
rename to libnetwork/service_linux.go
index 451f760b6117c..2954d04ae990d 100644
--- a/vendor/github.com/docker/libnetwork/service_linux.go
+++ b/libnetwork/service_linux.go
@@ -3,7 +3,6 @@ package libnetwork
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@@ -14,12 +13,12 @@ import (
 	"sync"
 	"syscall"
 
+	"github.com/docker/docker/libnetwork/iptables"
+	"github.com/docker/docker/libnetwork/ns"
 	"github.com/docker/docker/pkg/reexec"
-	"github.com/docker/libnetwork/iptables"
-	"github.com/docker/libnetwork/ipvs"
-	"github.com/docker/libnetwork/ns"
 	"github.com/gogo/protobuf/proto"
 	"github.com/ishidawataru/sctp"
+	"github.com/moby/ipvs"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink/nl"
 	"github.com/vishvananda/netns"
@@ -67,11 +66,11 @@ func (n *network) findLBEndpointSandbox() (*endpoint, *sandbox, error) {
 	if !ok {
 		return nil, nil, fmt.Errorf("Unable to get sandbox for %s(%s) in for %s", ep.Name(), ep.ID(), n.ID())
 	}
-	ep = sb.getEndpoint(ep.ID())
-	if ep == nil {
+	sep := sb.getEndpoint(ep.ID())
+	if sep == nil {
 		return nil, nil, fmt.Errorf("Load balancing endpoint %s(%s) removed from %s", ep.Name(), ep.ID(), n.ID())
 	}
-	return ep, sb, nil
+	return sep, sb, nil
 }
 
 // Searches the OS sandbox for the name of the endpoint interface
@@ -302,6 +301,9 @@ func filterPortConfigs(ingressPorts []*PortConfig, isDelete bool) []*PortConfig
 }
 
 func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) error {
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+
 	addDelOpt := "-I"
 	rollbackAddDelOpt := "-D"
 	if isDelete {
@@ -312,19 +314,19 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 	ingressMu.Lock()
 	defer ingressMu.Unlock()
 
-	chainExists := iptables.ExistChain(ingressChain, iptables.Nat)
-	filterChainExists := iptables.ExistChain(ingressChain, iptables.Filter)
+	chainExists := iptable.ExistChain(ingressChain, iptables.Nat)
+	filterChainExists := iptable.ExistChain(ingressChain, iptables.Filter)
 
 	ingressOnce.Do(func() {
 		// Flush nat table and filter table ingress chain rules during init if it
 		// exists. It might contain stale rules from previous life.
 		if chainExists {
-			if err := iptables.RawCombinedOutput("-t", "nat", "-F", ingressChain); err != nil {
+			if err := iptable.RawCombinedOutput("-t", "nat", "-F", ingressChain); err != nil {
 				logrus.Errorf("Could not flush nat table ingress chain rules during init: %v", err)
 			}
 		}
 		if filterChainExists {
-			if err := iptables.RawCombinedOutput("-F", ingressChain); err != nil {
+			if err := iptable.RawCombinedOutput("-F", ingressChain); err != nil {
 				logrus.Errorf("Could not flush filter table ingress chain rules during init: %v", err)
 			}
 		}
@@ -332,38 +334,38 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 
 	if !isDelete {
 		if !chainExists {
-			if err := iptables.RawCombinedOutput("-t", "nat", "-N", ingressChain); err != nil {
+			if err := iptable.RawCombinedOutput("-t", "nat", "-N", ingressChain); err != nil {
 				return fmt.Errorf("failed to create ingress chain: %v", err)
 			}
 		}
 		if !filterChainExists {
-			if err := iptables.RawCombinedOutput("-N", ingressChain); err != nil {
+			if err := iptable.RawCombinedOutput("-N", ingressChain); err != nil {
 				return fmt.Errorf("failed to create filter table ingress chain: %v", err)
 			}
 		}
 
-		if !iptables.Exists(iptables.Nat, ingressChain, "-j", "RETURN") {
-			if err := iptables.RawCombinedOutput("-t", "nat", "-A", ingressChain, "-j", "RETURN"); err != nil {
+		if !iptable.Exists(iptables.Nat, ingressChain, "-j", "RETURN") {
+			if err := iptable.RawCombinedOutput("-t", "nat", "-A", ingressChain, "-j", "RETURN"); err != nil {
 				return fmt.Errorf("failed to add return rule in nat table ingress chain: %v", err)
 			}
 		}
 
-		if !iptables.Exists(iptables.Filter, ingressChain, "-j", "RETURN") {
-			if err := iptables.RawCombinedOutput("-A", ingressChain, "-j", "RETURN"); err != nil {
+		if !iptable.Exists(iptables.Filter, ingressChain, "-j", "RETURN") {
+			if err := iptable.RawCombinedOutput("-A", ingressChain, "-j", "RETURN"); err != nil {
 				return fmt.Errorf("failed to add return rule to filter table ingress chain: %v", err)
 			}
 		}
 
 		for _, chain := range []string{"OUTPUT", "PREROUTING"} {
-			if !iptables.Exists(iptables.Nat, chain, "-m", "addrtype", "--dst-type", "LOCAL", "-j", ingressChain) {
-				if err := iptables.RawCombinedOutput("-t", "nat", "-I", chain, "-m", "addrtype", "--dst-type", "LOCAL", "-j", ingressChain); err != nil {
+			if !iptable.Exists(iptables.Nat, chain, "-m", "addrtype", "--dst-type", "LOCAL", "-j", ingressChain) {
+				if err := iptable.RawCombinedOutput("-t", "nat", "-I", chain, "-m", "addrtype", "--dst-type", "LOCAL", "-j", ingressChain); err != nil {
 					return fmt.Errorf("failed to add jump rule in %s to ingress chain: %v", chain, err)
 				}
 			}
 		}
 
-		if !iptables.Exists(iptables.Filter, "FORWARD", "-j", ingressChain) {
-			if err := iptables.RawCombinedOutput("-I", "FORWARD", "-j", ingressChain); err != nil {
+		if !iptable.Exists(iptables.Filter, "FORWARD", "-j", ingressChain) {
+			if err := iptable.RawCombinedOutput("-I", "FORWARD", "-j", ingressChain); err != nil {
 				return fmt.Errorf("failed to add jump rule to %s in filter table forward chain: %v", ingressChain, err)
 			}
 			arrangeUserFilterRule()
@@ -375,13 +377,13 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 		}
 
 		path := filepath.Join("/proc/sys/net/ipv4/conf", oifName, "route_localnet")
-		if err := ioutil.WriteFile(path, []byte{'1', '\n'}, 0644); err != nil {
+		if err := os.WriteFile(path, []byte{'1', '\n'}, 0644); err != nil { //nolint:gosec // gosec complains about perms here, which must be 0644 in this case
 			return fmt.Errorf("could not write to %s: %v", path, err)
 		}
 
 		ruleArgs := strings.Fields(fmt.Sprintf("-m addrtype --src-type LOCAL -o %s -j MASQUERADE", oifName))
-		if !iptables.Exists(iptables.Nat, "POSTROUTING", ruleArgs...) {
-			if err := iptables.RawCombinedOutput(append([]string{"-t", "nat", "-I", "POSTROUTING"}, ruleArgs...)...); err != nil {
+		if !iptable.Exists(iptables.Nat, "POSTROUTING", ruleArgs...) {
+			if err := iptable.RawCombinedOutput(append([]string{"-t", "nat", "-I", "POSTROUTING"}, ruleArgs...)...); err != nil {
 				return fmt.Errorf("failed to add ingress localhost POSTROUTING rule for %s: %v", oifName, err)
 			}
 		}
@@ -395,7 +397,7 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 		if portErr != nil && !isDelete {
 			filterPortConfigs(filteredPorts, !isDelete)
 			for _, rule := range rollbackRules {
-				if err := iptables.RawCombinedOutput(rule...); err != nil {
+				if err := iptable.RawCombinedOutput(rule...); err != nil {
 					logrus.Warnf("roll back rule failed, %v: %v", rule, err)
 				}
 			}
@@ -403,10 +405,10 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 	}()
 
 	for _, iPort := range filteredPorts {
-		if iptables.ExistChain(ingressChain, iptables.Nat) {
+		if iptable.ExistChain(ingressChain, iptables.Nat) {
 			rule := strings.Fields(fmt.Sprintf("-t nat %s %s -p %s --dport %d -j DNAT --to-destination %s:%d",
 				addDelOpt, ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort, gwIP, iPort.PublishedPort))
-			if portErr = iptables.RawCombinedOutput(rule...); portErr != nil {
+			if portErr = iptable.RawCombinedOutput(rule...); portErr != nil {
 				errStr := fmt.Sprintf("set up rule failed, %v: %v", rule, portErr)
 				if !isDelete {
 					return fmt.Errorf("%s", errStr)
@@ -423,7 +425,7 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 		// 2) unmanaged containers on bridge networks
 		rule := strings.Fields(fmt.Sprintf("%s %s -m state -p %s --sport %d --state ESTABLISHED,RELATED -j ACCEPT",
 			addDelOpt, ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort))
-		if portErr = iptables.RawCombinedOutput(rule...); portErr != nil {
+		if portErr = iptable.RawCombinedOutput(rule...); portErr != nil {
 			errStr := fmt.Sprintf("set up rule failed, %v: %v", rule, portErr)
 			if !isDelete {
 				return fmt.Errorf("%s", errStr)
@@ -436,7 +438,7 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 
 		rule = strings.Fields(fmt.Sprintf("%s %s -p %s --dport %d -j ACCEPT",
 			addDelOpt, ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort))
-		if portErr = iptables.RawCombinedOutput(rule...); portErr != nil {
+		if portErr = iptable.RawCombinedOutput(rule...); portErr != nil {
 			errStr := fmt.Sprintf("set up rule failed, %v: %v", rule, portErr)
 			if !isDelete {
 				return fmt.Errorf("%s", errStr)
@@ -461,13 +463,15 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 // This chain has the rules to allow access to the published ports for swarm tasks
 // from local bridge networks and docker_gwbridge (ie:taks on other swarm networks)
 func arrangeIngressFilterRule() {
-	if iptables.ExistChain(ingressChain, iptables.Filter) {
-		if iptables.Exists(iptables.Filter, "FORWARD", "-j", ingressChain) {
-			if err := iptables.RawCombinedOutput("-D", "FORWARD", "-j", ingressChain); err != nil {
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
+	if iptable.ExistChain(ingressChain, iptables.Filter) {
+		if iptable.Exists(iptables.Filter, "FORWARD", "-j", ingressChain) {
+			if err := iptable.RawCombinedOutput("-D", "FORWARD", "-j", ingressChain); err != nil {
 				logrus.Warnf("failed to delete jump rule to ingressChain in filter table: %v", err)
 			}
 		}
-		if err := iptables.RawCombinedOutput("-I", "FORWARD", "-j", ingressChain); err != nil {
+		if err := iptable.RawCombinedOutput("-I", "FORWARD", "-j", ingressChain); err != nil {
 			logrus.Warnf("failed to add jump rule to ingressChain in filter table: %v", err)
 		}
 	}
@@ -533,11 +537,11 @@ func plumbProxy(iPort *PortConfig, isDelete bool) error {
 }
 
 func writePortsToFile(ports []*PortConfig) (string, error) {
-	f, err := ioutil.TempFile("", "port_configs")
+	f, err := os.CreateTemp("", "port_configs")
 	if err != nil {
 		return "", err
 	}
-	defer f.Close()
+	defer f.Close() //nolint:gosec
 
 	buf, _ := proto.Marshal(&EndpointRecord{
 		IngressPorts: ports,
@@ -556,7 +560,7 @@ func writePortsToFile(ports []*PortConfig) (string, error) {
 }
 
 func readPortsFromFile(fileName string) ([]*PortConfig, error) {
-	buf, err := ioutil.ReadFile(fileName)
+	buf, err := os.ReadFile(fileName)
 	if err != nil {
 		return nil, err
 	}
@@ -606,6 +610,8 @@ func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*Port
 
 // Firewall marker reexec function.
 func fwMarker() {
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
 
@@ -660,11 +666,11 @@ func fwMarker() {
 		}
 
 		ruleParams := strings.Fields(fmt.Sprintf("-m ipvs --ipvs -d %s -j SNAT --to-source %s", subnet, eIP))
-		if !iptables.Exists("nat", "POSTROUTING", ruleParams...) {
+		if !iptable.Exists("nat", "POSTROUTING", ruleParams...) {
 			rule := append(strings.Fields("-t nat -A POSTROUTING"), ruleParams...)
 			rules = append(rules, rule)
 
-			err := ioutil.WriteFile("/proc/sys/net/ipv4/vs/conntrack", []byte{'1', '\n'}, 0644)
+			err := os.WriteFile("/proc/sys/net/ipv4/vs/conntrack", []byte{'1', '\n'}, 0644)
 			if err != nil {
 				logrus.Errorf("Failed to write to /proc/sys/net/ipv4/vs/conntrack: %v", err)
 				os.Exit(7)
@@ -676,7 +682,7 @@ func fwMarker() {
 	rules = append(rules, rule)
 
 	for _, rule := range rules {
-		if err := iptables.RawCombinedOutputNative(rule...); err != nil {
+		if err := iptable.RawCombinedOutputNative(rule...); err != nil {
 			logrus.Errorf("set up rule failed, %v: %v", rule, err)
 			os.Exit(8)
 		}
@@ -711,6 +717,8 @@ func addRedirectRules(path string, eIP *net.IPNet, ingressPorts []*PortConfig) e
 
 // Redirector reexec function.
 func redirector() {
+	// TODO IPv6 support
+	iptable := iptables.GetIptable(iptables.IPv4)
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
 
@@ -763,7 +771,7 @@ func redirector() {
 	}
 
 	for _, rule := range rules {
-		if err := iptables.RawCombinedOutputNative(rule...); err != nil {
+		if err := iptable.RawCombinedOutputNative(rule...); err != nil {
 			logrus.Errorf("set up rule failed, %v: %v", rule, err)
 			os.Exit(6)
 		}
@@ -779,15 +787,15 @@ func redirector() {
 		{"-d", eIP.String(), "-p", "udp", "-j", "DROP"},
 		{"-d", eIP.String(), "-p", "tcp", "-j", "DROP"},
 	} {
-		if !iptables.ExistsNative(iptables.Filter, "INPUT", rule...) {
-			if err := iptables.RawCombinedOutputNative(append([]string{"-A", "INPUT"}, rule...)...); err != nil {
+		if !iptable.ExistsNative(iptables.Filter, "INPUT", rule...) {
+			if err := iptable.RawCombinedOutputNative(append([]string{"-A", "INPUT"}, rule...)...); err != nil {
 				logrus.Errorf("set up rule failed, %v: %v", rule, err)
 				os.Exit(7)
 			}
 		}
 		rule[0] = "-s"
-		if !iptables.ExistsNative(iptables.Filter, "OUTPUT", rule...) {
-			if err := iptables.RawCombinedOutputNative(append([]string{"-A", "OUTPUT"}, rule...)...); err != nil {
+		if !iptable.ExistsNative(iptables.Filter, "OUTPUT", rule...) {
+			if err := iptable.RawCombinedOutputNative(append([]string{"-A", "OUTPUT"}, rule...)...); err != nil {
 				logrus.Errorf("set up rule failed, %v: %v", rule, err)
 				os.Exit(8)
 			}
diff --git a/vendor/github.com/docker/libnetwork/service_unsupported.go b/libnetwork/service_unsupported.go
similarity index 95%
rename from vendor/github.com/docker/libnetwork/service_unsupported.go
rename to libnetwork/service_unsupported.go
index ee9750600c05b..a2ca3ea769125 100644
--- a/vendor/github.com/docker/libnetwork/service_unsupported.go
+++ b/libnetwork/service_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package libnetwork
diff --git a/vendor/github.com/docker/libnetwork/service_windows.go b/libnetwork/service_windows.go
similarity index 94%
rename from vendor/github.com/docker/libnetwork/service_windows.go
rename to libnetwork/service_windows.go
index 944f3d30cae92..d8b86331e7415 100644
--- a/vendor/github.com/docker/libnetwork/service_windows.go
+++ b/libnetwork/service_windows.go
@@ -4,7 +4,7 @@ import (
 	"net"
 
 	"github.com/Microsoft/hcsshim"
-	"github.com/docker/docker/pkg/system"
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/sirupsen/logrus"
 )
 
@@ -13,11 +13,7 @@ type policyLists struct {
 	elb *hcsshim.PolicyList
 }
 
-var lbPolicylistMap map[*loadBalancer]*policyLists
-
-func init() {
-	lbPolicylistMap = make(map[*loadBalancer]*policyLists)
-}
+var lbPolicylistMap = make(map[*loadBalancer]*policyLists)
 
 func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) {
 	if len(lb.vip) == 0 {
@@ -27,7 +23,7 @@ func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) {
 	vip := lb.vip
 	ingressPorts := lb.service.ingressPorts
 
-	if system.GetOSVersion().Build > 16236 {
+	if osversion.Build() > 16236 {
 		lb.Lock()
 		defer lb.Unlock()
 		//find the load balancer IP for the network.
@@ -128,7 +124,7 @@ func (n *network) rmLBBackend(ip net.IP, lb *loadBalancer, rmService bool, fullR
 		return
 	}
 
-	if system.GetOSVersion().Build > 16236 {
+	if osversion.Build() > 16236 {
 		if numEnabledBackends(lb) > 0 {
 			//Reprogram HNS (actually VFP) with the existing backends.
 			n.addLBBackend(ip, lb)
diff --git a/libnetwork/store.go b/libnetwork/store.go
new file mode 100644
index 0000000000000..e8d4c078e32cd
--- /dev/null
+++ b/libnetwork/store.go
@@ -0,0 +1,474 @@
+package libnetwork
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/libkv/store/boltdb"
+	"github.com/docker/libkv/store/consul"
+	"github.com/docker/libkv/store/etcd"
+	"github.com/docker/libkv/store/zookeeper"
+	"github.com/sirupsen/logrus"
+)
+
+func registerKVStores() {
+	consul.Register()
+	zookeeper.Register()
+	etcd.Register()
+	boltdb.Register()
+}
+
+func (c *controller) initScopedStore(scope string, scfg *datastore.ScopeCfg) error {
+	store, err := datastore.NewDataStore(scope, scfg)
+	if err != nil {
+		return err
+	}
+	c.Lock()
+	c.stores = append(c.stores, store)
+	c.Unlock()
+
+	return nil
+}
+
+func (c *controller) initStores() error {
+	registerKVStores()
+
+	c.Lock()
+	if c.cfg == nil {
+		c.Unlock()
+		return nil
+	}
+	scopeConfigs := c.cfg.Scopes
+	c.stores = nil
+	c.Unlock()
+
+	for scope, scfg := range scopeConfigs {
+		if err := c.initScopedStore(scope, scfg); err != nil {
+			return err
+		}
+	}
+
+	c.startWatch()
+	return nil
+}
+
+func (c *controller) closeStores() {
+	for _, store := range c.getStores() {
+		store.Close()
+	}
+}
+
+func (c *controller) getStore(scope string) datastore.DataStore {
+	c.Lock()
+	defer c.Unlock()
+
+	for _, store := range c.stores {
+		if store.Scope() == scope {
+			return store
+		}
+	}
+
+	return nil
+}
+
+func (c *controller) getStores() []datastore.DataStore {
+	c.Lock()
+	defer c.Unlock()
+
+	return c.stores
+}
+
+func (c *controller) getNetworkFromStore(nid string) (*network, error) {
+	for _, n := range c.getNetworksFromStore() {
+		if n.id == nid {
+			return n, nil
+		}
+	}
+	return nil, ErrNoSuchNetwork(nid)
+}
+
+func (c *controller) getNetworksForScope(scope string) ([]*network, error) {
+	var nl []*network
+
+	store := c.getStore(scope)
+	if store == nil {
+		return nil, nil
+	}
+
+	kvol, err := store.List(datastore.Key(datastore.NetworkKeyPrefix),
+		&network{ctrlr: c})
+	if err != nil && err != datastore.ErrKeyNotFound {
+		return nil, fmt.Errorf("failed to get networks for scope %s: %v",
+			scope, err)
+	}
+
+	for _, kvo := range kvol {
+		n := kvo.(*network)
+		n.ctrlr = c
+
+		ec := &endpointCnt{n: n}
+		err = store.GetObject(datastore.Key(ec.Key()...), ec)
+		if err != nil && !n.inDelete {
+			logrus.Warnf("Could not find endpoint count key %s for network %s while listing: %v", datastore.Key(ec.Key()...), n.Name(), err)
+			continue
+		}
+
+		n.epCnt = ec
+		if n.scope == "" {
+			n.scope = scope
+		}
+		nl = append(nl, n)
+	}
+
+	return nl, nil
+}
+
+func (c *controller) getNetworksFromStore() []*network {
+	var nl []*network
+
+	for _, store := range c.getStores() {
+		kvol, err := store.List(datastore.Key(datastore.NetworkKeyPrefix), &network{ctrlr: c})
+		// Continue searching in the next store if no keys found in this store
+		if err != nil {
+			if err != datastore.ErrKeyNotFound {
+				logrus.Debugf("failed to get networks for scope %s: %v", store.Scope(), err)
+			}
+			continue
+		}
+
+		kvep, err := store.Map(datastore.Key(epCntKeyPrefix), &endpointCnt{})
+		if err != nil && err != datastore.ErrKeyNotFound {
+			logrus.Warnf("failed to get endpoint_count map for scope %s: %v", store.Scope(), err)
+		}
+
+		for _, kvo := range kvol {
+			n := kvo.(*network)
+			n.Lock()
+			n.ctrlr = c
+			ec := &endpointCnt{n: n}
+			// Trim the leading & trailing "/" to make it consistent across all stores
+			if val, ok := kvep[strings.Trim(datastore.Key(ec.Key()...), "/")]; ok {
+				ec = val.(*endpointCnt)
+				ec.n = n
+				n.epCnt = ec
+			}
+			if n.scope == "" {
+				n.scope = store.Scope()
+			}
+			n.Unlock()
+			nl = append(nl, n)
+		}
+	}
+
+	return nl
+}
+
+func (n *network) getEndpointFromStore(eid string) (*endpoint, error) {
+	var errors []string
+	for _, store := range n.ctrlr.getStores() {
+		ep := &endpoint{id: eid, network: n}
+		err := store.GetObject(datastore.Key(ep.Key()...), ep)
+		// Continue searching in the next store if the key is not found in this store
+		if err != nil {
+			if err != datastore.ErrKeyNotFound {
+				errors = append(errors, fmt.Sprintf("{%s:%v}, ", store.Scope(), err))
+				logrus.Debugf("could not find endpoint %s in %s: %v", eid, store.Scope(), err)
+			}
+			continue
+		}
+		return ep, nil
+	}
+	return nil, fmt.Errorf("could not find endpoint %s: %v", eid, errors)
+}
+
+func (n *network) getEndpointsFromStore() ([]*endpoint, error) {
+	var epl []*endpoint
+
+	tmp := endpoint{network: n}
+	for _, store := range n.getController().getStores() {
+		kvol, err := store.List(datastore.Key(tmp.KeyPrefix()...), &endpoint{network: n})
+		// Continue searching in the next store if no keys found in this store
+		if err != nil {
+			if err != datastore.ErrKeyNotFound {
+				logrus.Debugf("failed to get endpoints for network %s scope %s: %v",
+					n.Name(), store.Scope(), err)
+			}
+			continue
+		}
+
+		for _, kvo := range kvol {
+			ep := kvo.(*endpoint)
+			epl = append(epl, ep)
+		}
+	}
+
+	return epl, nil
+}
+
+func (c *controller) updateToStore(kvObject datastore.KVObject) error {
+	cs := c.getStore(kvObject.DataScope())
+	if cs == nil {
+		return ErrDataStoreNotInitialized(kvObject.DataScope())
+	}
+
+	if err := cs.PutObjectAtomic(kvObject); err != nil {
+		if err == datastore.ErrKeyModified {
+			return err
+		}
+		return fmt.Errorf("failed to update store for object type %T: %v", kvObject, err)
+	}
+
+	return nil
+}
+
+func (c *controller) deleteFromStore(kvObject datastore.KVObject) error {
+	cs := c.getStore(kvObject.DataScope())
+	if cs == nil {
+		return ErrDataStoreNotInitialized(kvObject.DataScope())
+	}
+
+retry:
+	if err := cs.DeleteObjectAtomic(kvObject); err != nil {
+		if err == datastore.ErrKeyModified {
+			if err := cs.GetObject(datastore.Key(kvObject.Key()...), kvObject); err != nil {
+				return fmt.Errorf("could not update the kvobject to latest when trying to delete: %v", err)
+			}
+			logrus.Warnf("Error (%v) deleting object %v, retrying....", err, kvObject.Key())
+			goto retry
+		}
+		return err
+	}
+
+	return nil
+}
+
+type netWatch struct {
+	localEps  map[string]*endpoint
+	remoteEps map[string]*endpoint
+	stopCh    chan struct{}
+}
+
+func (c *controller) getLocalEps(nw *netWatch) []*endpoint {
+	c.Lock()
+	defer c.Unlock()
+
+	var epl []*endpoint
+	for _, ep := range nw.localEps {
+		epl = append(epl, ep)
+	}
+
+	return epl
+}
+
+func (c *controller) watchSvcRecord(ep *endpoint) {
+	c.watchCh <- ep
+}
+
+func (c *controller) unWatchSvcRecord(ep *endpoint) {
+	c.unWatchCh <- ep
+}
+
+func (c *controller) networkWatchLoop(nw *netWatch, ep *endpoint, ecCh <-chan datastore.KVObject) {
+	for {
+		select {
+		case <-nw.stopCh:
+			return
+		case o := <-ecCh:
+			ec := o.(*endpointCnt)
+
+			epl, err := ec.n.getEndpointsFromStore()
+			if err != nil {
+				break
+			}
+
+			c.Lock()
+			var addEp []*endpoint
+
+			delEpMap := make(map[string]*endpoint)
+			renameEpMap := make(map[string]bool)
+			for k, v := range nw.remoteEps {
+				delEpMap[k] = v
+			}
+
+			for _, lEp := range epl {
+				if _, ok := nw.localEps[lEp.ID()]; ok {
+					continue
+				}
+
+				if ep, ok := nw.remoteEps[lEp.ID()]; ok {
+					// On a container rename EP ID will remain
+					// the same but the name will change. service
+					// records should reflect the change.
+					// Keep old EP entry in the delEpMap and add
+					// EP from the store (which has the new name)
+					// into the new list
+					if lEp.name == ep.name {
+						delete(delEpMap, lEp.ID())
+						continue
+					}
+					renameEpMap[lEp.ID()] = true
+				}
+				nw.remoteEps[lEp.ID()] = lEp
+				addEp = append(addEp, lEp)
+			}
+
+			// EPs whose name are to be deleted from the svc records
+			// should also be removed from nw's remote EP list, except
+			// the ones that are getting renamed.
+			for _, lEp := range delEpMap {
+				if !renameEpMap[lEp.ID()] {
+					delete(nw.remoteEps, lEp.ID())
+				}
+			}
+			c.Unlock()
+
+			for _, lEp := range delEpMap {
+				ep.getNetwork().updateSvcRecord(lEp, c.getLocalEps(nw), false)
+
+			}
+			for _, lEp := range addEp {
+				ep.getNetwork().updateSvcRecord(lEp, c.getLocalEps(nw), true)
+			}
+		}
+	}
+}
+
+func (c *controller) processEndpointCreate(nmap map[string]*netWatch, ep *endpoint) {
+	n := ep.getNetwork()
+	if !c.isDistributedControl() && n.Scope() == datastore.SwarmScope && n.driverIsMultihost() {
+		return
+	}
+
+	networkID := n.ID()
+	endpointID := ep.ID()
+
+	c.Lock()
+	nw, ok := nmap[networkID]
+	c.Unlock()
+
+	if ok {
+		// Update the svc db for the local endpoint join right away
+		n.updateSvcRecord(ep, c.getLocalEps(nw), true)
+
+		c.Lock()
+		nw.localEps[endpointID] = ep
+
+		// If we had learned that from the kv store remove it
+		// from remote ep list now that we know that this is
+		// indeed a local endpoint
+		delete(nw.remoteEps, endpointID)
+		c.Unlock()
+		return
+	}
+
+	nw = &netWatch{
+		localEps:  make(map[string]*endpoint),
+		remoteEps: make(map[string]*endpoint),
+	}
+
+	// Update the svc db for the local endpoint join right away
+	// Do this before adding this ep to localEps so that we don't
+	// try to update this ep's container's svc records
+	n.updateSvcRecord(ep, c.getLocalEps(nw), true)
+
+	c.Lock()
+	nw.localEps[endpointID] = ep
+	nmap[networkID] = nw
+	nw.stopCh = make(chan struct{})
+	c.Unlock()
+
+	store := c.getStore(n.DataScope())
+	if store == nil {
+		return
+	}
+
+	if !store.Watchable() {
+		return
+	}
+
+	ch, err := store.Watch(n.getEpCnt(), nw.stopCh)
+	if err != nil {
+		logrus.Warnf("Error creating watch for network: %v", err)
+		return
+	}
+
+	go c.networkWatchLoop(nw, ep, ch)
+}
+
+func (c *controller) processEndpointDelete(nmap map[string]*netWatch, ep *endpoint) {
+	n := ep.getNetwork()
+	if !c.isDistributedControl() && n.Scope() == datastore.SwarmScope && n.driverIsMultihost() {
+		return
+	}
+
+	networkID := n.ID()
+	endpointID := ep.ID()
+
+	c.Lock()
+	nw, ok := nmap[networkID]
+
+	if ok {
+		delete(nw.localEps, endpointID)
+		c.Unlock()
+
+		// Update the svc db about local endpoint leave right away
+		// Do this after we remove this ep from localEps so that we
+		// don't try to remove this svc record from this ep's container.
+		n.updateSvcRecord(ep, c.getLocalEps(nw), false)
+
+		c.Lock()
+		if len(nw.localEps) == 0 {
+			close(nw.stopCh)
+
+			// This is the last container going away for the network. Destroy
+			// this network's svc db entry
+			delete(c.svcRecords, networkID)
+
+			delete(nmap, networkID)
+		}
+	}
+	c.Unlock()
+}
+
+func (c *controller) watchLoop() {
+	for {
+		select {
+		case ep := <-c.watchCh:
+			c.processEndpointCreate(c.nmap, ep)
+		case ep := <-c.unWatchCh:
+			c.processEndpointDelete(c.nmap, ep)
+		}
+	}
+}
+
+func (c *controller) startWatch() {
+	if c.watchCh != nil {
+		return
+	}
+	c.watchCh = make(chan *endpoint)
+	c.unWatchCh = make(chan *endpoint)
+	c.nmap = make(map[string]*netWatch)
+
+	go c.watchLoop()
+}
+
+func (c *controller) networkCleanup() {
+	for _, n := range c.getNetworksFromStore() {
+		if n.inDelete {
+			logrus.Infof("Removing stale network %s (%s)", n.Name(), n.ID())
+			if err := n.delete(true, true); err != nil {
+				logrus.Debugf("Error while removing stale network: %v", err)
+			}
+		}
+	}
+}
+
+var populateSpecial NetworkWalker = func(nw Network) bool {
+	if n := nw.(*network); n.hasSpecialDriver() && !n.ConfigOnly() {
+		if err := n.getController().addNetwork(n); err != nil {
+			logrus.Warnf("Failed to populate network %q with driver %q", nw.Name(), nw.Type())
+		}
+	}
+	return false
+}
diff --git a/libnetwork/store_linux_test.go b/libnetwork/store_linux_test.go
new file mode 100644
index 0000000000000..b11a0fbb606f4
--- /dev/null
+++ b/libnetwork/store_linux_test.go
@@ -0,0 +1,45 @@
+package libnetwork
+
+import (
+	"os"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/libkv/store"
+)
+
+func TestBoltdbBackend(t *testing.T) {
+	defer os.Remove(datastore.DefaultScopes("")[datastore.LocalScope].Client.Address)
+	testLocalBackend(t, "", "", nil)
+	defer os.Remove("/tmp/boltdb.db")
+	config := &store.Config{Bucket: "testBackend"}
+	testLocalBackend(t, "boltdb", "/tmp/boltdb.db", config)
+
+}
+
+func TestNoPersist(t *testing.T) {
+	cfgOptions, err := OptionBoltdbWithRandomDBFile()
+	if err != nil {
+		t.Fatalf("Error creating random boltdb file : %v", err)
+	}
+	ctrl, err := New(cfgOptions...)
+	if err != nil {
+		t.Fatalf("Error new controller: %v", err)
+	}
+	nw, err := ctrl.NewNetwork("host", "host", "", NetworkOptionPersist(false))
+	if err != nil {
+		t.Fatalf("Error creating default \"host\" network: %v", err)
+	}
+	ep, err := nw.CreateEndpoint("newendpoint", []EndpointOption{}...)
+	if err != nil {
+		t.Fatalf("Error creating endpoint: %v", err)
+	}
+	store := ctrl.(*controller).getStore(datastore.LocalScope).KVStore()
+	if exists, _ := store.Exists(datastore.Key(datastore.NetworkKeyPrefix, nw.ID())); exists {
+		t.Fatalf("Network with persist=false should not be stored in KV Store")
+	}
+	if exists, _ := store.Exists(datastore.Key([]string{datastore.EndpointKeyPrefix, nw.ID(), ep.ID()}...)); exists {
+		t.Fatalf("Endpoint in Network with persist=false should not be stored in KV Store")
+	}
+	store.Close()
+}
diff --git a/libnetwork/store_test.go b/libnetwork/store_test.go
new file mode 100644
index 0000000000000..668662ffcb773
--- /dev/null
+++ b/libnetwork/store_test.go
@@ -0,0 +1,89 @@
+package libnetwork
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/netlabel"
+	"github.com/docker/docker/libnetwork/options"
+	"github.com/docker/libkv/store"
+)
+
+func testLocalBackend(t *testing.T, provider, url string, storeConfig *store.Config) {
+	cfgOptions := []config.Option{}
+	cfgOptions = append(cfgOptions, config.OptionLocalKVProvider(provider))
+	cfgOptions = append(cfgOptions, config.OptionLocalKVProviderURL(url))
+	cfgOptions = append(cfgOptions, config.OptionLocalKVProviderConfig(storeConfig))
+
+	driverOptions := options.Generic{}
+	genericOption := make(map[string]interface{})
+	genericOption[netlabel.GenericData] = driverOptions
+	cfgOptions = append(cfgOptions, config.OptionDriverConfig("host", genericOption))
+
+	ctrl, err := New(cfgOptions...)
+	if err != nil {
+		t.Fatalf("Error new controller: %v", err)
+	}
+	nw, err := ctrl.NewNetwork("host", "host", "")
+	if err != nil {
+		t.Fatalf("Error creating default \"host\" network: %v", err)
+	}
+	ep, err := nw.CreateEndpoint("newendpoint", []EndpointOption{}...)
+	if err != nil {
+		t.Fatalf("Error creating endpoint: %v", err)
+	}
+	store := ctrl.(*controller).getStore(datastore.LocalScope).KVStore()
+	if exists, err := store.Exists(datastore.Key(datastore.NetworkKeyPrefix, nw.ID())); !exists || err != nil {
+		t.Fatalf("Network key should have been created.")
+	}
+	if exists, err := store.Exists(datastore.Key([]string{datastore.EndpointKeyPrefix, nw.ID(), ep.ID()}...)); !exists || err != nil {
+		t.Fatalf("Endpoint key should have been created.")
+	}
+	store.Close()
+
+	// test restore of local store
+	ctrl, err = New(cfgOptions...)
+	if err != nil {
+		t.Fatalf("Error creating controller: %v", err)
+	}
+	if _, err = ctrl.NetworkByID(nw.ID()); err != nil {
+		t.Fatalf("Error getting network %v", err)
+	}
+}
+
+// OptionBoltdbWithRandomDBFile function returns a random dir for local store backend
+func OptionBoltdbWithRandomDBFile() ([]config.Option, error) {
+	tmp, err := os.CreateTemp("", "libnetwork-")
+	if err != nil {
+		return nil, fmt.Errorf("Error creating temp file: %v", err)
+	}
+	if err := tmp.Close(); err != nil {
+		return nil, fmt.Errorf("Error closing temp file: %v", err)
+	}
+	cfgOptions := []config.Option{}
+	cfgOptions = append(cfgOptions, config.OptionLocalKVProvider("boltdb"))
+	cfgOptions = append(cfgOptions, config.OptionLocalKVProviderURL(tmp.Name()))
+	sCfg := &store.Config{Bucket: "testBackend"}
+	cfgOptions = append(cfgOptions, config.OptionLocalKVProviderConfig(sCfg))
+	return cfgOptions, nil
+}
+
+func TestMultipleControllersWithSameStore(t *testing.T) {
+	cfgOptions, err := OptionBoltdbWithRandomDBFile()
+	if err != nil {
+		t.Fatalf("Error getting random boltdb configs %v", err)
+	}
+	ctrl1, err := New(cfgOptions...)
+	if err != nil {
+		t.Fatalf("Error new controller: %v", err)
+	}
+	defer ctrl1.Stop()
+	// Use the same boltdb file without closing the previous controller
+	_, err = New(cfgOptions...)
+	if err != nil {
+		t.Fatalf("Local store must support concurrent controllers")
+	}
+}
diff --git a/libnetwork/support/Dockerfile b/libnetwork/support/Dockerfile
new file mode 100644
index 0000000000000..e70d529edb6a6
--- /dev/null
+++ b/libnetwork/support/Dockerfile
@@ -0,0 +1,20 @@
+FROM docker:18-dind
+
+RUN set -ex \
+    && echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories \
+    && echo "http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
+RUN apk add --no-cache \
+    util-linux \
+    bridge-utils \
+    iptables \
+    iputils \
+    iproute2 \
+    ipvsadm \
+    conntrack-tools \
+    jq \
+    bash
+
+WORKDIR /bin
+COPY *.sh /bin/
+
+CMD /bin/run.sh
diff --git a/libnetwork/support/README b/libnetwork/support/README
new file mode 100644
index 0000000000000..225df3a8b8fc2
--- /dev/null
+++ b/libnetwork/support/README
@@ -0,0 +1 @@
+Usage: docker run -v /var/run:/var/run  --network host --privileged dockereng/network-diagnostic:support.sh
diff --git a/libnetwork/support/run.sh b/libnetwork/support/run.sh
new file mode 100755
index 0000000000000..fa460eeb3d37a
--- /dev/null
+++ b/libnetwork/support/run.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# try to fetch the latest version from github
+wget -O support.sh.new https://raw.githubusercontent.com/docker/libnetwork/master/support/support.sh
+
+if [ "$?" -eq "0" ]; then
+	mv support.sh.new support.sh
+	chmod +x support.sh
+else
+	echo "issue fetching the latest support.sh, will use the container version"
+fi
+
+echo "run the support script"
+./support.sh
diff --git a/libnetwork/support/support.sh b/libnetwork/support/support.sh
new file mode 100755
index 0000000000000..fdd1ff6e7dd85
--- /dev/null
+++ b/libnetwork/support/support.sh
@@ -0,0 +1,141 @@
+#!/usr/bin/env bash
+
+while getopts ":s" opt; do
+	case $opt in
+		s)
+			SSD="true"
+			;;
+	esac
+done
+
+SSD="${SSD:-false}"
+
+# Required tools
+DOCKER="${DOCKER:-docker}"
+NSENTER="${NSENTER:-nsenter}"
+BRIDGE="${BRIDGE:-bridge}"
+IPTABLES="${IPTABLES:-iptables}"
+IPVSADM="${IPVSADM:-ipvsadm}"
+IP="${IP:-ip}"
+SSDBIN="${SSDBIN:-ssd}"
+JQ="${JQ:-jq}"
+
+networks=0
+containers=0
+ip_overlap=0
+
+NSDIR=/var/run/docker/netns
+
+function die() {
+	echo $*
+	exit 1
+}
+
+function echo_and_run() {
+	echo "#" "$@"
+	eval $(printf '%q ' "$@") < /dev/stdout
+}
+
+function check_ip_overlap() {
+	inspect=$1
+	overlap=$(echo "$inspect_output" | grep "EndpointIP\|VIP" | cut -d':' -f2 | sort | uniq -c | grep -v "1 ")
+	if [ ! -z "$overlap" ]; then
+		echo -e "\n\n*** OVERLAP on Network ${networkID} ***"
+		echo -e "${overlap} \n\n"
+		((ip_overlap++))
+	else
+		echo "No overlap"
+	fi
+}
+
+type -P ${DOCKER} > /dev/null || echo "This tool requires the docker binary"
+type -P ${NSENTER} > /dev/null || echo "This tool requires nsenter"
+type -P ${BRIDGE} > /dev/null || echo "This tool requires bridge"
+type -P ${IPTABLES} > /dev/null || echo "This tool requires iptables"
+type -P ${IPVSADM} > /dev/null || echo "This tool requires ipvsadm"
+type -P ${IP} > /dev/null || echo "This tool requires ip"
+type -P ${JQ} > /dev/null || echo "This tool requires jq"
+
+if ${DOCKER} network inspect --help | grep -q -- --verbose; then
+	NETINSPECT_VERBOSE_SUPPORT="--verbose"
+else
+	NETINSPECT_VERBOSE_SUPPORT=""
+fi
+
+echo "Host iptables"
+echo_and_run ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
+echo_and_run ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
+echo_and_run ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
+printf "\n"
+
+echo "Host links addresses and routes"
+echo_and_run ${IP} -o link show
+echo_and_run ${IP} -o -4 address show
+echo_and_run ${IP} -4 route show
+printf "\n"
+
+echo "Overlay network configuration"
+for networkID in $(${DOCKER} network ls --no-trunc --filter driver=overlay -q) "ingress_sbox"; do
+	echo "nnn Network ${networkID}"
+	if [ "${networkID}" != "ingress_sbox" ]; then
+		nspath=($(ls ${NSDIR}/*${networkID:0:9}*))
+		inspect_output=$(${DOCKER} network inspect ${NETINSPECT_VERBOSE_SUPPORT} ${networkID})
+		echo "$inspect_output"
+		check_ip_overlap $inspect_output
+	else
+		nspath=(${NSDIR}/${networkID})
+	fi
+
+	for i in "${nspath[@]}"; do
+		echo_and_run ${NSENTER} --net=${i} ${IP} -o -4 address show
+		echo_and_run ${NSENTER} --net=${i} ${IP} -4 route show
+		echo_and_run ${NSENTER} --net=${i} ${IP} -4 neigh show
+		bridges=$(${NSENTER} --net=${i} ${IP} -j link show type bridge | ${JQ} -r '.[].ifname')
+		# break string to array
+		bridges=(${bridges})
+		for b in "${bridges[@]}"; do
+			if [ -z ${b} ] || [ ${b} == "null" ]; then
+				continue
+			fi
+			echo_and_run ${NSENTER} --net=${i} ${BRIDGE} fdb show br ${b}
+		done
+		echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
+		echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
+		echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
+		echo_and_run ${NSENTER} --net=${i} ${IPVSADM} -l -n
+		printf "\n"
+		((networks++))
+	done
+done
+
+echo "Container network configuration"
+while read containerID status; do
+	echo "ccc Container ${containerID} state: ${status}"
+	${DOCKER} container inspect ${containerID} --format 'Name:{{json .Name | printf "%s\n"}}Id:{{json .Id | printf "%s\n"}}Hostname:{{json .Config.Hostname | printf "%s\n"}}CreatedAt:{{json .Created | printf "%s\n"}}State:{{json .State|printf "%s\n"}}RestartCount:{{json .RestartCount | printf "%s\n" }}Labels:{{json .Config.Labels | printf "%s\n"}}NetworkSettings:{{json .NetworkSettings}}' | sed '/^State:/ {s/\\"/QUOTE/g; s/,"Output":"[^"]*"//g;}'
+	if [ ${status} = "Up" ]; then
+		nspath=$(docker container inspect --format {{.NetworkSettings.SandboxKey}} ${containerID})
+		echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -o -4 address show
+		echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 route show
+		echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 neigh show
+		echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
+		echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
+		echo_and_run ${NSENTER} --net=${nspath[0]} ${IPVSADM} -l -n
+		((containers++))
+	fi
+	printf "\n"
+done < <(${DOCKER} container ls -a --format '{{.ID}} {{.Status}}' | cut -d' ' -f1,2)
+
+if [ "true" == ${SSD} ]; then
+	echo ""
+	echo "#### SSD control-plane and datapath consistency check on a node ####"
+	for netName in $(docker network ls -f driver=overlay --format "{{.Name}}"); do
+		echo "## $netName ##"
+		${SSDBIN} $netName
+		echo ""
+	done
+fi
+
+echo -e "\n\n==SUMMARY=="
+echo -e "\t Processed $networks networks"
+echo -e "\t IP overlap found: $ip_overlap"
+echo -e "\t Processed $containers running containers"
diff --git a/libnetwork/test/integration/README.md b/libnetwork/test/integration/README.md
new file mode 100644
index 0000000000000..777b1cfa46523
--- /dev/null
+++ b/libnetwork/test/integration/README.md
@@ -0,0 +1,34 @@
+# LibNetwork Integration Tests
+
+Integration tests provide end-to-end testing of LibNetwork and Drivers.
+
+While unit tests verify the code is working as expected by relying on mocks and
+artificially created fixtures, integration tests actually use real docker
+engines and communicate to it through the CLI.
+
+Note that integration tests do **not** replace unit tests and Docker is used as a good use-case.
+
+As a rule of thumb, code should be tested thoroughly with unit tests.
+Integration tests on the other hand are meant to test a specific feature end to end.
+
+Integration tests are written in *bash* using the
+[bats](https://github.com/sstephenson/bats) framework.
+
+## Pre-Requisites
+
+1. Bats (https://github.com/sstephenson/bats#installing-bats-from-source)
+2. Docker Machine (https://github.com/docker/machine)
+3. Virtualbox (as a Docker machine driver)
+
+## Running integration tests
+
+* Start by [installing] (https://github.com/sstephenson/bats#installing-bats-from-source) *bats* on your system.
+* If not done already, [install](https://docs.docker.com/machine/) *docker-machine* into /usr/bin
+* Make sure Virtualbox is installed as well, which will be used by docker-machine as a driver to launch VMs
+
+In order to run all integration tests, pass *bats* the test path:
+```
+$ bats test/integration/daemon-configs.bats
+```
+
+
diff --git a/libnetwork/test/integration/daemon-configs.bats b/libnetwork/test/integration/daemon-configs.bats
new file mode 100644
index 0000000000000..fd48fbe199e7e
--- /dev/null
+++ b/libnetwork/test/integration/daemon-configs.bats
@@ -0,0 +1,104 @@
+#!/usr/bin/env bats
+
+load helpers
+
+export DRIVER=virtualbox
+export NAME="bats-$DRIVER-daemon-configs"
+export MACHINE_STORAGE_PATH=/tmp/machine-bats-daemon-test-$DRIVER
+# Default memsize is 1024MB and disksize is 20000MB
+# These values are defined in drivers/virtualbox/virtualbox.go
+export DEFAULT_MEMSIZE=1024
+export DEFAULT_DISKSIZE=20000
+export CUSTOM_MEMSIZE=1536
+export CUSTOM_DISKSIZE=10000
+export CUSTOM_CPUCOUNT=1
+export BAD_URL="http://dev.null:9111/bad.iso"
+
+function setup() {
+  # add sleep because vbox; ugh
+  sleep 1
+}
+
+findDiskSize() {
+  # SATA-0-0 is usually the boot2disk.iso image
+  # We assume that SATA 1-0 is root disk VMDK and grab this UUID
+  # e.g. "SATA-ImageUUID-1-0"="fb5f33a7-e4e3-4cb9-877c-f9415ae2adea"
+  # TODO(slashk): does this work on Windows ?
+  run bash -c "VBoxManage showvminfo --machinereadable $NAME | grep SATA-ImageUUID-1-0 | cut -d'=' -f2"
+  run bash -c "VBoxManage showhdinfo $output | grep "Capacity:" | awk -F' ' '{ print $2 }'"
+}
+
+findMemorySize() {
+  run bash -c "VBoxManage showvminfo --machinereadable $NAME | grep memory= | cut -d'=' -f2"
+}
+
+findCPUCount() {
+  run bash -c "VBoxManage showvminfo --machinereadable $NAME | grep cpus= | cut -d'=' -f2"
+}
+
+buildMachineWithOldIsoCheckUpgrade() {
+  run wget https://github.com/boot2docker/boot2docker/releases/download/v1.4.1/boot2docker.iso -O $MACHINE_STORAGE_PATH/cache/boot2docker.iso
+  run machine create -d virtualbox $NAME
+  run machine upgrade $NAME
+}
+
+@test "$DRIVER: machine should not exist" {
+  run machine active $NAME
+  [ "$status" -eq 1  ]
+}
+
+@test "$DRIVER: VM should not exist" {
+  run VBoxManage showvminfo $NAME
+  [ "$status" -eq 1  ]
+}
+
+@test "$DRIVER: create" {
+  run machine create -d $DRIVER $NAME
+  [ "$status" -eq 0  ]
+}
+
+@test "$DRIVER: active" {
+  run machine active $NAME
+  [ "$status" -eq 0  ]
+}
+
+@test "$DRIVER: check default machine memory size" {
+  findMemorySize
+  [[ ${output} == "${DEFAULT_MEMSIZE}"  ]]
+}
+
+@test "$DRIVER: check default machine disksize" {
+  findDiskSize
+  [[ ${output} == *"$DEFAULT_DISKSIZE"* ]]
+}
+
+@test "$DRIVER: test bridge-ip" {
+  run machine ssh $NAME sudo /etc/init.d/docker stop
+  run machine ssh $NAME sudo ifconfig docker0 down
+  run machine ssh $NAME sudo ip link delete docker0
+  BIP='--bip=172.168.45.1/24'
+  set_extra_config $BIP
+  cat ${TMP_EXTRA_ARGS_FILE} | machine ssh $NAME sudo tee /var/lib/boot2docker/profile
+  cat ${DAEMON_CFG_FILE} | machine ssh $NAME "sudo tee -a /var/lib/boot2docker/profile"
+  run machine ssh $NAME sudo /etc/init.d/docker start
+  run machine ssh $NAME ifconfig docker0
+  [ "$status" -eq 0  ]
+  [[ ${lines[1]} =~ "172.168.45.1"  ]]
+}
+
+@test "$DRIVER: run busybox container" {
+  run machine ssh $NAME sudo cat /var/lib/boot2docker/profile
+  run docker $(machine config $NAME) run busybox echo hello world
+  [ "$status" -eq 0  ]
+}
+
+@test "$DRIVER: remove machine" {
+  run machine rm -f $NAME
+}
+
+# Cleanup of machine store should always be the last 'test'
+@test "$DRIVER: cleanup" {
+  run rm -rf $MACHINE_STORAGE_PATH
+  [ "$status" -eq 0  ]
+}
+
diff --git a/libnetwork/test/integration/daemon.cfg b/libnetwork/test/integration/daemon.cfg
new file mode 100644
index 0000000000000..fc93dbd6041be
--- /dev/null
+++ b/libnetwork/test/integration/daemon.cfg
@@ -0,0 +1,4 @@
+CACERT=/var/lib/boot2docker/ca.pem
+SERVERCERT=/var/lib/boot2docker/server-key.pem
+SERVERKEY=/var/lib/boot2docker/server.pem
+DOCKER_TLS=no
diff --git a/libnetwork/test/integration/dnet/bridge.bats b/libnetwork/test/integration/dnet/bridge.bats
new file mode 100644
index 0000000000000..e0648b526a5d2
--- /dev/null
+++ b/libnetwork/test/integration/dnet/bridge.bats
@@ -0,0 +1,287 @@
+# -*- mode: sh -*-
+#!/usr/bin/env bats
+
+load helpers
+
+function test_single_network_connectivity() {
+    local nw_name start end
+
+    nw_name=${1}
+    start=1
+    end=${2}
+
+    # Create containers and connect them to the network
+    for i in `seq ${start} ${end}`;
+    do
+	dnet_cmd $(inst_id2port 1) container create container_${i}
+	net_connect 1 container_${i} ${nw_name}
+    done
+
+    # Now test connectivity between all the containers using service names
+    for i in `seq ${start} ${end}`;
+    do
+    if [ "${nw_name}" != "internal" ]; then
+		runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_${i}) \
+		     "ping -c 1 www.google.com"
+    fi
+	for j in `seq ${start} ${end}`;
+	do
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+	    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_${i}) \
+		 "ping -c 1 container_${j}"
+	done
+    done
+
+    if [ -n "$3" ]; then
+	return
+    fi
+
+    # Teardown the container connections and the network
+    for i in `seq ${start} ${end}`;
+    do
+	net_disconnect 1 container_${i} ${nw_name}
+	dnet_cmd $(inst_id2port 1) container rm container_${i}
+    done
+}
+
+@test "Test default bridge network" {
+    echo $(docker ps)
+    test_single_network_connectivity bridge 3
+}
+
+
+@test "Test default network dnet restart" {
+    echo $(docker ps)
+
+    for iter in `seq 1 2`;
+    do
+	test_single_network_connectivity bridge 3
+	if [ "$iter" -eq 1 ]; then
+	    docker restart dnet-1-bridge
+	    wait_for_dnet $(inst_id2port 1) dnet-1-bridge
+	fi
+    done
+}
+
+@test "Test default network dnet ungraceful restart" {
+    echo $(docker ps)
+
+    for iter in `seq 1 2`;
+    do
+	if [ "$iter" -eq 1 ]; then
+	    test_single_network_connectivity bridge 3 skip
+	    docker restart dnet-1-bridge
+	    wait_for_dnet $(inst_id2port 1) dnet-1-bridge
+	else
+	    test_single_network_connectivity bridge 3
+	fi
+    done
+}
+
+@test "Test bridge network" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 1) network create -d bridge singlehost
+    test_single_network_connectivity singlehost 3
+    dnet_cmd $(inst_id2port 1) network rm singlehost
+}
+
+@test "Test bridge network dnet restart" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 1) network create -d bridge singlehost
+
+    for iter in `seq 1 2`;
+    do
+	test_single_network_connectivity singlehost 3
+	if [ "$iter" -eq 1 ]; then
+	    docker restart dnet-1-bridge
+	    wait_for_dnet $(inst_id2port 1) dnet-1-bridge
+	fi
+    done
+
+    dnet_cmd $(inst_id2port 1) network rm singlehost
+}
+
+@test "Test bridge network dnet ungraceful restart" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 1) network create -d bridge singlehost
+
+    for iter in `seq 1 2`;
+    do
+	if [ "$iter" -eq 1 ]; then
+	    test_single_network_connectivity singlehost 3 skip
+	    docker restart dnet-1-bridge
+	    wait_for_dnet $(inst_id2port 1) dnet-1-bridge
+	else
+	    test_single_network_connectivity singlehost 3
+	fi
+    done
+
+    dnet_cmd $(inst_id2port 1) network rm singlehost
+}
+
+@test "Test multiple bridge networks" {
+    echo $(docker ps)
+
+    start=1
+    end=3
+
+    for i in `seq ${start} ${end}`;
+    do
+	dnet_cmd $(inst_id2port 1) container create container_${i}
+	for j in `seq ${start} ${end}`;
+	do
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+
+	    if [ "$i" -lt "$j" ]; then
+		dnet_cmd $(inst_id2port 1) network create -d bridge sh${i}${j}
+		nw=sh${i}${j}
+	    else
+		nw=sh${j}${i}
+	    fi
+
+	    osvc="svc${i}${j}"
+	    dnet_cmd $(inst_id2port 1) service publish ${osvc}.${nw}
+	    dnet_cmd $(inst_id2port 1) service attach container_${i} ${osvc}.${nw}
+	done
+    done
+
+    for i in `seq ${start} ${end}`;
+    do
+	echo ${i1}
+	for j in `seq ${start} ${end}`;
+	do
+	    echo ${j1}
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+
+	    osvc="svc${j}${i}"
+	    echo "pinging ${osvc}"
+	    dnet_cmd $(inst_id2port 1) service ls
+	    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_${i}) "cat /etc/hosts"
+	    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_${i}) "ping -c 1 ${osvc}"
+	done
+    done
+
+    svcs=(
+	0,0
+	2,3
+	1,3
+	1,2
+    )
+
+    echo "Test connectivity failure"
+    for i in `seq ${start} ${end}`;
+    do
+	IFS=, read a b <<<"${svcs[$i]}"
+	osvc="svc${a}${b}"
+	echo "pinging ${osvc}"
+	runc_nofail $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_${i}) "ping -c 1 ${osvc}"
+	[ "${status}" -ne 0 ]
+    done
+
+    for i in `seq ${start} ${end}`;
+    do
+	for j in `seq ${start} ${end}`;
+	do
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+
+	    if [ "$i" -lt "$j" ]; then
+		nw=sh${i}${j}
+	    else
+		nw=sh${j}${i}
+	    fi
+
+	    osvc="svc${i}${j}"
+	    dnet_cmd $(inst_id2port 1) service detach container_${i} ${osvc}.${nw}
+	    dnet_cmd $(inst_id2port 1) service unpublish ${osvc}.${nw}
+
+	done
+	dnet_cmd $(inst_id2port 1) container rm container_${i}
+    done
+
+    for i in `seq ${start} ${end}`;
+    do
+	for j in `seq ${start} ${end}`;
+	do
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+
+	    if [ "$i" -lt "$j" ]; then
+		dnet_cmd $(inst_id2port 1) network rm sh${i}${j}
+	    fi
+	done
+    done
+
+}
+
+@test "Test bridge network alias support" {
+    dnet_cmd $(inst_id2port 1) network create -d bridge br1
+    dnet_cmd $(inst_id2port 1) container create container_1
+    net_connect 1 container_1 br1 container_2:c2 
+    dnet_cmd $(inst_id2port 1) container create container_2
+    net_connect 1 container_2 br1
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_1) "ping -c 1 container_2"
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_1) "ping -c 1 c2"
+    net_disconnect 1 container_1 br1
+    net_disconnect 1 container_2 br1
+    dnet_cmd $(inst_id2port 1) container rm container_1
+    dnet_cmd $(inst_id2port 1) container rm container_2
+    dnet_cmd $(inst_id2port 1) network rm br1
+}
+
+
+@test "Test bridge network global alias support" {
+    dnet_cmd $(inst_id2port 1) network create -d bridge br1
+    dnet_cmd $(inst_id2port 1) network create -d bridge br2
+    dnet_cmd $(inst_id2port 1) container create container_1
+    net_connect 1 container_1 br1 : c1
+    dnet_cmd $(inst_id2port 1) container create container_2
+    net_connect 1 container_2 br1 : shared
+    dnet_cmd $(inst_id2port 1) container create container_3
+    net_connect 1 container_3 br1 : shared
+
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_2) "ping -c 1 container_1"
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_2) "ping -c 1 c1"
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_1) "ping -c 1 container_2"
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_1) "ping -c 1 shared"
+
+    net_disconnect 1 container_2 br1
+    dnet_cmd $(inst_id2port 1) container rm container_2
+
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_1) "ping -c 1 container_3"
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_1) "ping -c 1 shared"
+
+    net_disconnect 1 container_1 br1
+    dnet_cmd $(inst_id2port 1) container rm container_1
+    net_disconnect 1 container_3 br1
+    dnet_cmd $(inst_id2port 1) container rm container_3
+
+    dnet_cmd $(inst_id2port 1) network rm br1
+}
+
+@test "Test bridge network internal network" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 1) network create -d bridge --internal internal
+    dnet_cmd $(inst_id2port 1) container create container_1
+    # connects to internal network, confirm it can't communicate with outside world
+    net_connect 1 container_1 internal
+    run runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_1) "ping -c 1 8.8.8.8"
+    [[ "$output" == *"1 packets transmitted, 0 packets received, 100% packet loss"* ]]
+    net_disconnect 1 container_1 internal
+    # connects to bridge network, confirm it can communicate with outside world
+    net_connect 1 container_1 bridge
+    runc $(dnet_container_name 1 bridge) $(get_sbox_id 1 container_1) "ping -c 1 8.8.8.8"
+    net_disconnect 1 container_1 bridge
+    dnet_cmd $(inst_id2port 1) container rm container_1
+    # test communications within internal network
+    test_single_network_connectivity internal 3
+    dnet_cmd $(inst_id2port 1) network rm internal
+}
diff --git a/libnetwork/test/integration/dnet/dnet.bats b/libnetwork/test/integration/dnet/dnet.bats
new file mode 100644
index 0000000000000..cf73eab5bb0e5
--- /dev/null
+++ b/libnetwork/test/integration/dnet/dnet.bats
@@ -0,0 +1,31 @@
+#!/usr/bin/env bats
+
+load helpers
+
+@test "Test dnet custom port" {
+    start_dnet 1 a 4567
+    dnet_cmd 4567 network ls
+    stop_dnet 1 a
+}
+
+@test "Test dnet invalid custom port" {
+    start_dnet 1 b 4567
+    run dnet_cmd 4568 network ls
+    echo ${output}
+    [ "$status" -ne 0 ]
+    stop_dnet 1 b
+}
+
+@test "Test dnet invalid params" {
+    start_dnet 1 c
+    run dnet_cmd 8080 network ls
+    echo ${output}
+    [ "$status" -ne 0 ]
+    run ./bin/dnet -H=unix://var/run/dnet.sock network ls
+    echo ${output}
+    [ "$status" -ne 0 ]
+    run ./bin/dnet -H= -l=invalid network ls
+    echo ${output}
+    [ "$status" -ne 0 ]
+    stop_dnet 1 c
+}
diff --git a/libnetwork/test/integration/dnet/helpers.bash b/libnetwork/test/integration/dnet/helpers.bash
new file mode 100644
index 0000000000000..274473ecdf7ec
--- /dev/null
+++ b/libnetwork/test/integration/dnet/helpers.bash
@@ -0,0 +1,535 @@
+function get_docker_bridge_ip() {
+    echo $(docker run --rm -it busybox ip route show | grep default | cut -d" " -f3)
+}
+
+function inst_id2port() {
+    echo $((41000+${1}-1))
+}
+
+function dnet_container_name() {
+    echo dnet-$1-$2
+}
+
+function dnet_container_ip() {
+    docker inspect --format '{{.NetworkSettings.IPAddress}}' dnet-$1-$2
+}
+
+function get_sbox_id() {
+    local line
+
+    line=$(dnet_cmd $(inst_id2port ${1}) service ls | grep ${2})
+    echo ${line} | cut -d" " -f5
+}
+
+function net_connect() {
+	local al gl
+	if [ -n "$4" ]; then
+	    if [ "${4}" != ":" ]; then
+		al="--alias=${4}"
+	    fi
+	fi
+	if [ -n "$5" ]; then
+	    gl="--alias=${5}"
+	fi
+	dnet_cmd $(inst_id2port ${1}) service publish $gl ${2}.${3}
+	dnet_cmd $(inst_id2port ${1}) service attach $al ${2} ${2}.${3}
+}
+
+function net_disconnect() {
+	dnet_cmd $(inst_id2port ${1}) service detach ${2} ${2}.${3}
+	dnet_cmd $(inst_id2port ${1}) service unpublish ${2}.${3}
+}
+
+function start_consul() {
+    stop_consul
+    docker run -d \
+	   --name=pr_consul \
+	   -p 8500:8500 \
+	   -p 8300-8302:8300-8302/tcp \
+	   -p 8300-8302:8300-8302/udp \
+	   -h consul \
+	   progrium/consul -server -bootstrap
+    sleep 2
+}
+
+function stop_consul() {
+    echo "consul started"
+    docker rm -f pr_consul || true
+}
+
+hrun() {
+    local e E T oldIFS
+    [[ ! "$-" =~ e ]] || e=1
+    [[ ! "$-" =~ E ]] || E=1
+    [[ ! "$-" =~ T ]] || T=1
+    set +e
+    set +E
+    set +T
+    output="$("$@" 2>&1)"
+    status="$?"
+    oldIFS=$IFS
+    IFS=$'\n' lines=($output)
+    [ -z "$e" ] || set -e
+    [ -z "$E" ] || set -E
+    [ -z "$T" ] || set -T
+    IFS=$oldIFS
+}
+
+function wait_for_dnet() {
+    local hport
+
+    hport=$1
+    echo "waiting on dnet to come up ..."
+    for i in `seq 1 10`;
+    do
+	hrun ./bin/dnet -H tcp://127.0.0.1:${hport} network ls
+	echo ${output}
+	if [ "$status" -eq 0 ]; then
+	    return
+	fi
+
+	if [[ "${lines[1]}" =~ .*EOF.* ]]
+	then
+	    docker logs ${2}
+	fi
+	echo "still waiting after ${i} seconds"
+	sleep 1
+    done
+}
+
+function parse_discovery_str() {
+    local d provider address
+    discovery=$1
+    provider=$(echo ${discovery} | cut -d":" -f1)
+    address=$(echo ${discovery} | cut -d":" -f2):$(echo ${discovery} | cut -d":" -f3)
+    address=${address:2}
+    echo "${discovery} ${provider} ${address}"
+}
+
+function start_dnet() {
+    local inst suffix name hport cport hopt store bridge_ip labels tomlfile nip
+    local discovery provider address
+
+    inst=$1
+    shift
+    suffix=$1
+    shift
+
+    store=$(echo $suffix | cut -d":" -f1)
+    nip=$(echo $suffix | cut -s -d":" -f2)
+
+
+    stop_dnet ${inst} ${store}
+    name=$(dnet_container_name ${inst} ${store})
+
+    hport=$((41000+${inst}-1))
+    cport=2385
+    hopt=""
+
+    while [ -n "$1" ]
+    do
+	if [[ "$1" =~ ^[0-9]+$ ]]
+	then
+	    hport=$1
+	    cport=$1
+	    hopt="-H tcp://0.0.0.0:${cport}"
+	else
+	    store=$1
+	fi
+	shift
+    done
+
+    bridge_ip=$(get_docker_bridge_ip)
+
+    echo "start_dnet parsed values: " ${inst} ${suffix} ${name} ${hport} ${cport} ${hopt} ${store}
+
+    mkdir -p /tmp/dnet/${name}
+    tomlfile="/tmp/dnet/${name}/libnetwork.toml"
+
+    # Try discovery URLs with or without path
+    neigh_ip=""
+    neighbors=""
+    if [ "$store" = "zookeeper" ]; then
+	read discovery provider address < <(parse_discovery_str zk://${bridge_ip}:2182)
+    elif [ "$store" = "etcd" ]; then
+	read discovery provider address < <(parse_discovery_str etcd://${bridge_ip}:42000/custom_prefix)
+    elif [ "$store" = "consul" ]; then
+	read discovery provider address < <(parse_discovery_str consul://${bridge_ip}:8500/custom_prefix)
+    else
+	if [ "$nip" != "" ]; then
+	    neighbors=${nip}
+	fi
+
+	discovery=""
+	provider=""
+	address=""
+    fi
+
+    if [ "$discovery" != "" ]; then
+	cat > ${tomlfile} <<EOF
+title = "LibNetwork Configuration file for ${name}"
+
+[daemon]
+  debug = false
+[cluster]
+  discovery = "${discovery}"
+  Heartbeat = 10
+[scopes]
+  [scopes.global]
+    [scopes.global.client]
+      provider = "${provider}"
+      address = "${address}"
+EOF
+    else
+	cat > ${tomlfile} <<EOF
+title = "LibNetwork Configuration file for ${name}"
+
+[daemon]
+  debug = false
+[orchestration]
+  agent = true
+  bind = "eth0"
+  peer = "${neighbors}"
+EOF
+    fi
+
+    cat ${tomlfile}
+    docker run \
+	   -d \
+	   --hostname=$(echo ${name} | sed s/_/-/g) \
+	   --name=${name}  \
+	   --privileged \
+	   -p ${hport}:${cport} \
+	   -e _OVERLAY_HOST_MODE \
+	   -v $(pwd)/:/go/src/github.com/docker/libnetwork \
+	   -v /tmp:/tmp \
+	   -v $(pwd)/${TMPC_ROOT}:/scratch \
+	   -v /usr/local/bin/runc:/usr/local/bin/runc \
+	   -w /go/src/github.com/docker/libnetwork \
+	   mrjana/golang ./bin/dnet -d -D ${hopt} -c ${tomlfile}
+
+    wait_for_dnet $(inst_id2port ${inst}) ${name}
+}
+
+function start_ovrouter() {
+    local name=${1}
+    local parent=${2}
+
+    docker run \
+	   -d \
+	   --name=${name} \
+	   --net=container:${parent} \
+	   --volumes-from ${parent} \
+	   -w /go/src/github.com/docker/libnetwork \
+	   mrjana/golang ./cmd/ovrouter/ovrouter eth0
+}
+
+function stop_dnet() {
+    local name
+
+    name=$(dnet_container_name $1 $2)
+    rm -rf /tmp/dnet/${name} || true
+    docker rm -f ${name} || true
+}
+
+function dnet_cmd() {
+    local hport
+
+    hport=$1
+    shift
+    ./bin/dnet -H tcp://127.0.0.1:${hport} $*
+}
+
+function dnet_exec() {
+    docker exec -it ${1} bash -c "trap \"echo SIGHUP\" SIGHUP; $2"
+}
+
+function runc() {
+    local dnet
+
+    dnet=${1}
+    shift
+    dnet_exec ${dnet} "cp /var/lib/docker/network/files/${1}*/* /scratch/rootfs/etc"
+    dnet_exec ${dnet} "mkdir -p /var/run/netns"
+    dnet_exec ${dnet} "touch /var/run/netns/c && mount -o bind /var/run/docker/netns/${1} /var/run/netns/c"
+    dnet_exec ${dnet} "ip netns exec c unshare -fmuip --mount-proc chroot \"/scratch/rootfs\" /bin/sh -c \"/bin/mount -t proc proc /proc && ${2}\""
+    dnet_exec ${dnet} "umount /var/run/netns/c && rm /var/run/netns/c"
+}
+
+function runc_nofail() {
+    local dnet
+
+    dnet=${1}
+    shift
+    dnet_exec ${dnet} "cp /var/lib/docker/network/files/${1}*/* /scratch/rootfs/etc"
+    dnet_exec ${dnet} "mkdir -p /var/run/netns"
+    dnet_exec ${dnet} "touch /var/run/netns/c && mount -o bind /var/run/docker/netns/${1} /var/run/netns/c"
+    set +e
+    dnet_exec ${dnet} "ip netns exec c unshare -fmuip --mount-proc chroot \"/scratch/rootfs\" /bin/sh -c \"/bin/mount -t proc proc /proc && ${2}\""
+    status="$?"
+    set -e
+    dnet_exec ${dnet} "umount /var/run/netns/c && rm /var/run/netns/c"
+}
+
+function start_etcd() {
+    local bridge_ip
+    stop_etcd
+
+    bridge_ip=$(get_docker_bridge_ip)
+    docker run -d \
+	   --net=host \
+	   --name=dn_etcd \
+	   mrjana/etcd --listen-client-urls http://0.0.0.0:42000 \
+	   --advertise-client-urls http://${bridge_ip}:42000
+    sleep 2
+}
+
+function stop_etcd() {
+    docker rm -f dn_etcd || true
+}
+
+function start_zookeeper() {
+    stop_zookeeper
+    docker run -d \
+	   --name=zookeeper_server \
+	   -p 2182:2181 \
+	   -h zookeeper \
+	   dnephin/docker-zookeeper:3.4.6
+    sleep 2
+}
+
+function stop_zookeeper() {
+    echo "zookeeper started"
+    docker rm -f zookeeper_server || true
+}
+
+function test_overlay() {
+    dnet_suffix=$1
+
+    echo $(docker ps)
+
+    start=1
+    end=3
+    # Setup overlay network and connect containers to it
+    if [ -z "${2}" -o "${2}" != "skip_add" ]; then
+	if [ -z "${2}" -o "${2}" != "internal" ]; then
+	    dnet_cmd $(inst_id2port 1) network create -d overlay multihost
+	else
+	    dnet_cmd $(inst_id2port 1) network create -d overlay --internal multihost
+	fi
+    fi
+
+    for i in `seq ${start} ${end}`;
+    do
+	dnet_cmd $(inst_id2port $i) container create container_${i}
+	net_connect ${i} container_${i} multihost
+    done
+
+    # Now test connectivity between all the containers using service names
+    for i in `seq ${start} ${end}`;
+    do
+	if [ -z "${2}" -o "${2}" != "internal" ]; then
+	    runc $(dnet_container_name $i $dnet_suffix) $(get_sbox_id ${i} container_${i}) \
+		"ping -c 1 www.google.com"
+	else
+	    default_route=`runc $(dnet_container_name $i $dnet_suffix) $(get_sbox_id ${i} container_${i}) "ip route | grep default"`
+	    [ "$default_route" = "" ]
+	fi
+	for j in `seq ${start} ${end}`;
+	do
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+	    runc $(dnet_container_name $i $dnet_suffix) $(get_sbox_id ${i} container_${i}) \
+		 "ping -c 1 container_$j"
+	done
+    done
+
+    # Setup bridge network and connect containers to it
+    if [ -z "${2}" -o "${2}" != "skip_add" ]; then
+	if [ -z "${2}" -o "${2}" != "internal" ]; then
+	    dnet_cmd $(inst_id2port 1) network create -d bridge br1
+	    dnet_cmd $(inst_id2port 1) network create -d bridge br2
+	    net_connect ${start} container_${start} br1
+	    net_connect ${start} container_${start} br2
+
+	    # Make sure external connectivity works
+	    runc $(dnet_container_name ${start} $dnet_suffix) $(get_sbox_id ${start} container_${start}) \
+		"ping -c 1 www.google.com"
+	    net_disconnect ${start} container_${start} br1
+	    net_disconnect ${start} container_${start} br2
+
+	    # Make sure external connectivity works
+	    runc $(dnet_container_name ${start} $dnet_suffix) $(get_sbox_id ${start} container_${start}) \
+		"ping -c 1 www.google.com"
+	    dnet_cmd $(inst_id2port 1) network rm br1
+	    dnet_cmd $(inst_id2port 1) network rm br2
+
+	    # Disconnect from overlay network
+	    net_disconnect ${start} container_${start} multihost
+
+	    # Connect to overlay network again
+	    net_connect ${start} container_${start} multihost
+
+	    # Make sure external connectivity still works
+	    runc $(dnet_container_name ${start} $dnet_suffix) $(get_sbox_id ${start} container_${start}) \
+		"ping -c 1 www.google.com"
+	fi
+    fi
+
+    # Teardown the container connections and the network
+    for i in `seq ${start} ${end}`;
+    do
+	net_disconnect ${i} container_${i} multihost
+	dnet_cmd $(inst_id2port $i) container rm container_${i}
+    done
+
+    if [ -z "${2}" -o "${2}" != "skip_rm" ]; then
+	dnet_cmd $(inst_id2port 2) network rm multihost
+    fi
+}
+
+function check_etchosts() {
+    local dnet sbid retval
+    dnet=${1}
+    shift
+    sbid=${1}
+    shift
+
+    retval="true"
+
+    for i in $*;
+    do
+	run runc ${dnet} ${sbid} "cat /etc/hosts"
+	if [ "$status" -ne 0 ]; then
+	    retval="${output}"
+	    break
+	fi
+
+	line=$(echo ${output} | grep ${i})
+	if [ "${line}" == "" ]; then
+	    retval="false"
+	fi
+    done
+
+    echo ${retval}
+}
+
+function test_overlay_singlehost() {
+    dnet_suffix=$1
+    shift
+
+    echo $(docker ps)
+
+    start=1
+    end=3
+    # Setup overlay network and connect containers to it
+    dnet_cmd $(inst_id2port 1) network create -d overlay multihost
+    for i in `seq ${start} ${end}`;
+    do
+	dnet_cmd $(inst_id2port 1) container create container_${i}
+	net_connect 1 container_${i} multihost
+    done
+
+    # Now test connectivity between all the containers using service names
+    for i in `seq ${start} ${end}`;
+    do
+	for j in `seq ${start} ${end}`;
+	do
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+	    runc $(dnet_container_name 1 $dnet_suffix) $(get_sbox_id 1 container_${i}) \
+		 "ping -c 1 container_$j"
+	done
+    done
+
+    # Teardown the container connections and the network
+    for i in `seq ${start} ${end}`;
+    do
+	net_disconnect 1 container_${i} multihost
+	dnet_cmd $(inst_id2port 1) container rm container_${i}
+    done
+
+    dnet_cmd $(inst_id2port 1) network rm multihost
+}
+
+function test_overlay_hostmode() {
+    dnet_suffix=$1
+    shift
+
+    echo $(docker ps)
+
+    start=1
+    end=2
+    # Setup overlay network and connect containers to it
+    dnet_cmd $(inst_id2port 1) network create -d overlay multihost1
+    dnet_cmd $(inst_id2port 1) network create -d overlay multihost2
+    dnet_cmd $(inst_id2port 1) network ls
+
+    for i in `seq ${start} ${end}`;
+    do
+	dnet_cmd $(inst_id2port 1) container create mh1_${i}
+	net_connect 1 mh1_${i} multihost1
+    done
+
+    for i in `seq ${start} ${end}`;
+    do
+	dnet_cmd $(inst_id2port 1) container create mh2_${i}
+	net_connect 1 mh2_${i} multihost2
+    done
+
+    # Now test connectivity between all the containers using service names
+    for i in `seq ${start} ${end}`;
+    do
+	for j in `seq ${start} ${end}`;
+	do
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+
+	    # Find the IP addresses of the j containers on both networks
+	    hrun runc $(dnet_container_name 1 $dnet_suffix) $(get_sbox_id 1 mh1_${i}) "nslookup mh1_$j"
+	    mh1_j_ip=$(echo ${output} | awk '{print $11}')
+
+	    hrun runc $(dnet_container_name 1 $dnet_suffix) $(get_sbox_id 1 mh2_${i}) "nslookup mh2_$j"
+	    mh2_j_ip=$(echo ${output} | awk '{print $11}')
+
+	    # Ping the j containers in the same network and ensure they are successful
+	    runc $(dnet_container_name 1 $dnet_suffix) $(get_sbox_id 1 mh1_${i}) \
+		 "ping -c 1 mh1_$j"
+	    runc $(dnet_container_name 1 $dnet_suffix) $(get_sbox_id 1 mh2_${i}) \
+		 "ping -c 1 mh2_$j"
+
+	    # Try pinging j container IPs from the container in the other network and make sure that they are not successful
+	    runc_nofail $(dnet_container_name 1 $dnet_suffix) $(get_sbox_id 1 mh1_${i}) "ping -c 1 ${mh2_j_ip}"
+	    [ "${status}" -ne 0 ]
+
+	    runc_nofail $(dnet_container_name 1 $dnet_suffix) $(get_sbox_id 1 mh2_${i}) "ping -c 1 ${mh1_j_ip}"
+	    [ "${status}" -ne 0 ]
+
+	    # Try pinging the j container IPS from the host(dnet container in this case) and make syre that they are not successful
+	    hrun docker exec -it $(dnet_container_name 1 $dnet_suffix) "ping -c 1 ${mh1_j_ip}"
+	    [ "${status}" -ne 0 ]
+
+	    hrun docker exec -it $(dnet_container_name 1 $dnet_suffix) "ping -c 1 ${mh2_j_ip}"
+	    [ "${status}" -ne 0 ]
+	done
+    done
+
+    # Teardown the container connections and the network
+    for i in `seq ${start} ${end}`;
+    do
+	net_disconnect 1 mh1_${i} multihost1
+	dnet_cmd $(inst_id2port 1) container rm mh1_${i}
+    done
+
+    for i in `seq ${start} ${end}`;
+    do
+	net_disconnect 1 mh2_${i} multihost2
+	dnet_cmd $(inst_id2port 1) container rm mh2_${i}
+    done
+
+    dnet_cmd $(inst_id2port 1) network rm multihost1
+    dnet_cmd $(inst_id2port 1) network rm multihost2
+}
diff --git a/libnetwork/test/integration/dnet/multi.bats b/libnetwork/test/integration/dnet/multi.bats
new file mode 100644
index 0000000000000..28cac6de3d500
--- /dev/null
+++ b/libnetwork/test/integration/dnet/multi.bats
@@ -0,0 +1,130 @@
+# -*- mode: sh -*-
+#!/usr/bin/env bats
+
+load helpers
+
+function is_network_exist() {
+    line=$(dnet_cmd $(inst_id2port $1) network ls | grep ${2})
+    name=$(echo ${line} | cut -d" " -f2)
+    driver=$(echo ${line} | cut -d" " -f3)
+    if [ "$name" == "$2"  -a  "$driver" == "$3" ]; then
+	echo "true"
+    else
+	echo "false"
+    fi
+}
+
+@test "Test multinode network create" {
+    echo $(docker ps)
+    for i in `seq 1 3`;
+    do
+	oname="mh$i"
+	run dnet_cmd $(inst_id2port $i) network create -d test ${oname}
+	echo ${output}
+	[ "$status" -eq 0 ]
+
+	for j in `seq 1 3`;
+	do
+	    result=$(is_network_exist $j ${oname} test)
+	    [ "$result" = "true" ]
+	done
+
+	# Always try to remove the network from the second node
+	dnet_cmd $(inst_id2port 2) network rm ${oname}
+	echo "delete ${oname}"
+	nresult=$(is_network_exist 1 ${oname} test)
+	echo ${nresult}
+	dnet_cmd $(inst_id2port 1) network ls
+	[ "$nresult" = "false" ]
+    done
+}
+
+@test "Test multinode service create" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 1) network create -d test multihost
+    for i in `seq 1 3`;
+    do
+	oname="svc$i"
+	run dnet_cmd $(inst_id2port $i) service publish ${oname}.multihost
+	echo ${output}
+	[ "$status" -eq 0 ]
+
+	for j in `seq 1 3`;
+	do
+	    run dnet_cmd $(inst_id2port $j) service ls
+	    [ "$status" -eq 0 ]
+	    echo ${output}
+	    echo ${lines[1]}
+	    svc=$(echo ${lines[1]} | cut -d" " -f2)
+	    network=$(echo ${lines[1]} | cut -d" " -f3)
+	    echo ${svc} ${network}
+	    [ "$network" = "multihost" ]
+	    [ "$svc" = "${oname}" ]
+	done
+	dnet_cmd $(inst_id2port 2) service unpublish ${oname}.multihost
+    done
+    dnet_cmd $(inst_id2port 3) network rm multihost
+}
+
+@test "Test multinode service attach" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 2) network create -d test multihost
+    dnet_cmd $(inst_id2port 3) service publish svc.multihost
+    for i in `seq 1 3`;
+    do
+	dnet_cmd $(inst_id2port $i) container create container_${i}
+	dnet_cmd $(inst_id2port $i) service attach container_${i} svc.multihost
+	run dnet_cmd $(inst_id2port $i) service ls
+	[ "$status" -eq 0 ]
+	echo ${output}
+	echo ${lines[1]}
+	container=$(echo ${lines[1]} | cut -d" " -f4)
+	[ "$container" = "container_$i" ]
+	for j in `seq 1 3`;
+	do
+	    if [ "$j" = "$i" ]; then
+		continue
+	    fi
+	    dnet_cmd $(inst_id2port $j) container create container_${j}
+	    run dnet_cmd $(inst_id2port $j) service attach container_${j} svc.multihost
+	    echo ${output}
+	    [ "$status" -ne 0 ]
+	    dnet_cmd $(inst_id2port $j) container rm container_${j}
+	done
+	dnet_cmd $(inst_id2port $i) service detach container_${i} svc.multihost
+	dnet_cmd $(inst_id2port $i) container rm container_${i}
+    done
+    dnet_cmd $(inst_id2port 1) service unpublish svc.multihost
+    dnet_cmd $(inst_id2port 3) network rm multihost
+}
+
+@test "Test multinode network and service delete" {
+    echo $(docker ps)
+    for i in `seq 1 3`;
+    do
+	oname="mh$i"
+	osvc="svc$i"
+	dnet_cmd $(inst_id2port $i) network create -d test ${oname}
+	dnet_cmd $(inst_id2port $i) service publish ${osvc}.${oname}
+	dnet_cmd $(inst_id2port $i) container create container_${i}
+	dnet_cmd $(inst_id2port $i) network ls
+	dnet_cmd $(inst_id2port $i) service attach container_${i} ${osvc}.${oname}
+
+	for j in `seq 1 3`;
+	do
+	    run dnet_cmd $(inst_id2port $i) service unpublish ${osvc}.${oname}
+	    echo ${output}
+	    [ "$status" -ne 0 ]
+	    run dnet_cmd $(inst_id2port $j) network rm ${oname}
+	    echo ${output}
+	    [ "$status" -ne 0 ]
+	done
+
+	dnet_cmd $(inst_id2port $i) service detach container_${i} ${osvc}.${oname}
+	dnet_cmd $(inst_id2port $i) container rm container_${i}
+
+	# Always try to remove the service from different nodes
+	dnet_cmd $(inst_id2port 2) service unpublish ${osvc}.${oname}
+	dnet_cmd $(inst_id2port 3) network rm ${oname}
+    done
+}
diff --git a/libnetwork/test/integration/dnet/overlay-consul-host.bats b/libnetwork/test/integration/dnet/overlay-consul-host.bats
new file mode 100644
index 0000000000000..9006e93c038eb
--- /dev/null
+++ b/libnetwork/test/integration/dnet/overlay-consul-host.bats
@@ -0,0 +1,8 @@
+# -*- mode: sh -*-
+#!/usr/bin/env bats
+
+load helpers
+
+@test "Test overlay network hostmode with consul" {
+    test_overlay_hostmode consul
+}
diff --git a/libnetwork/test/integration/dnet/overlay-consul.bats b/libnetwork/test/integration/dnet/overlay-consul.bats
new file mode 100644
index 0000000000000..11e4ccf5c3817
--- /dev/null
+++ b/libnetwork/test/integration/dnet/overlay-consul.bats
@@ -0,0 +1,56 @@
+# -*- mode: sh -*-
+#!/usr/bin/env bats
+
+load helpers
+
+@test "Test overlay network with consul" {
+    test_overlay consul
+}
+
+@test "Test overlay network singlehost with consul" {
+    test_overlay_singlehost consul
+}
+
+@test "Test overlay network with dnet restart" {
+    test_overlay consul skip_rm
+    docker restart dnet-1-consul
+    wait_for_dnet $(inst_id2port 1) dnet-1-consul
+    docker restart dnet-2-consul
+    wait_for_dnet $(inst_id2port 2) dnet-2-consul
+    docker restart dnet-3-consul
+    wait_for_dnet $(inst_id2port 3) dnet-3-consul
+    test_overlay consul skip_add
+}
+
+@test "Test overlay network internal network with consul" {
+    test_overlay consul internal
+}
+
+@test "Test overlay network with dnet ungraceful shutdown" {
+    dnet_cmd $(inst_id2port 1) network create -d overlay multihost
+    start=1
+    end=3
+    for i in `seq ${start} ${end}`;
+    do
+	dnet_cmd $(inst_id2port $i) container create container_${i}
+	net_connect ${i} container_${i} multihost
+    done
+
+    hrun runc $(dnet_container_name 1 consul) $(get_sbox_id 1 container_1) "ifconfig eth0"
+    container_1_ip=$(echo ${output} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
+
+    # ungracefully kill dnet-1-consul container
+    docker rm -f dnet-1-consul
+
+    # forcefully unpublish the service from dnet2 when dnet1 is dead.
+    dnet_cmd $(inst_id2port 2) service unpublish -f container_1.multihost
+    dnet_cmd $(inst_id2port 2) container create container_1
+    net_connect 2 container_1 multihost
+
+    hrun runc $(dnet_container_name 2 consul) $(get_sbox_id 2 container_1) "ifconfig eth0"
+    container_1_new_ip=$(echo ${output} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
+
+    if [ "$container_1_ip" != "$container_1_new_ip" ]; then
+	exit 1
+    fi
+}
diff --git a/libnetwork/test/integration/dnet/overlay-etcd.bats b/libnetwork/test/integration/dnet/overlay-etcd.bats
new file mode 100644
index 0000000000000..5598442429d3d
--- /dev/null
+++ b/libnetwork/test/integration/dnet/overlay-etcd.bats
@@ -0,0 +1,8 @@
+# -*- mode: sh -*-
+#!/usr/bin/env bats
+
+load helpers
+
+@test "Test overlay network with etcd" {
+    test_overlay etcd
+}
diff --git a/libnetwork/test/integration/dnet/overlay-local.bats b/libnetwork/test/integration/dnet/overlay-local.bats
new file mode 100644
index 0000000000000..c21d8c337cf3d
--- /dev/null
+++ b/libnetwork/test/integration/dnet/overlay-local.bats
@@ -0,0 +1,57 @@
+# -*- mode: sh -*-
+#!/usr/bin/env bats
+
+load helpers
+
+function test_overlay_local() {
+    dnet_suffix=$1
+
+    echo $(docker ps)
+
+    start=1
+    end=3
+    for i in `seq ${start} ${end}`;
+    do
+	echo "iteration count ${i}"
+	dnet_cmd $(inst_id2port $i) network create -d overlay --id=mhid --subnet=10.1.0.0/16 --ip-range=10.1.${i}.0/24 --opt=com.docker.network.driver.overlay.vxlanid_list=1024 multihost
+	dnet_cmd $(inst_id2port $i) container create container_${i}
+	net_connect ${i} container_${i} multihost
+    done
+
+    # Now test connectivity between all the containers using service names
+    for i in `seq ${start} ${end}`;
+    do
+	if [ -z "${2}" -o "${2}" != "internal" ]; then
+	    runc $(dnet_container_name $i $dnet_suffix) $(get_sbox_id ${i} container_${i}) \
+		"ping -c 1 www.google.com"
+	else
+	    default_route=`runc $(dnet_container_name $i $dnet_suffix) $(get_sbox_id ${i} container_${i}) "ip route | grep default"`
+	    [ "$default_route" = "" ]
+	fi
+	for j in `seq ${start} ${end}`;
+	do
+	    if [ "$i" -eq "$j" ]; then
+		continue
+	    fi
+	    #runc $(dnet_container_name $i $dnet_suffix) $(get_sbox_id ${i} container_${i}) "ping -c 1 10.1.${j}.1"
+	    runc $(dnet_container_name $i $dnet_suffix) $(get_sbox_id ${i} container_${i}) "ping -c 1 container_${j}"
+	done
+    done
+
+    # Teardown the container connections and the network
+    for i in `seq ${start} ${end}`;
+    do
+	net_disconnect ${i} container_${i} multihost
+	dnet_cmd $(inst_id2port $i) container rm container_${i}
+    done
+
+    if [ -z "${2}" -o "${2}" != "skip_rm" ]; then
+	dnet_cmd $(inst_id2port 2) network rm multihost
+    fi
+}
+
+@test "Test overlay network in local scope" {
+    test_overlay_local local
+}
+
+#"ping -c 1 10.1.${j}.1"
diff --git a/libnetwork/test/integration/dnet/overlay-zookeeper.bats b/libnetwork/test/integration/dnet/overlay-zookeeper.bats
new file mode 100644
index 0000000000000..45d0ce86fb5f4
--- /dev/null
+++ b/libnetwork/test/integration/dnet/overlay-zookeeper.bats
@@ -0,0 +1,8 @@
+# -*- mode: sh -*-
+#!/usr/bin/env bats
+
+load helpers
+
+@test "Test overlay network with zookeeper" {
+    test_overlay zookeeper
+}
diff --git a/libnetwork/test/integration/dnet/run-integration-tests.sh b/libnetwork/test/integration/dnet/run-integration-tests.sh
new file mode 100755
index 0000000000000..9c9b4eec1144a
--- /dev/null
+++ b/libnetwork/test/integration/dnet/run-integration-tests.sh
@@ -0,0 +1,253 @@
+#!/usr/bin/env bash
+
+set -e
+
+export INTEGRATION_ROOT=./integration-tmp
+export TMPC_ROOT=./integration-tmp/tmpc
+
+declare -A cmap
+
+trap "cleanup_containers" EXIT SIGINT
+
+function cleanup_containers() {
+	for c in "${!cmap[@]}"; do
+		docker rm -f $c 1>> ${INTEGRATION_ROOT}/test.log 2>&1 || true
+	done
+
+	unset cmap
+}
+
+function run_bridge_tests() {
+	## Setup
+	start_dnet 1 bridge 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - bridge]=dnet-1-bridge
+
+	## Run the test cases
+	./integration-tmp/bin/bats ./test/integration/dnet/bridge.bats
+
+	## Teardown
+	stop_dnet 1 bridge 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-bridge]
+}
+
+function run_overlay_local_tests() {
+	## Test overlay network in local scope
+	## Setup
+	start_dnet 1 local 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - local]=dnet-1-local
+	start_dnet 2 local:$(dnet_container_ip 1 local) 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 2 - local]=dnet-2-local
+	start_dnet 3 local:$(dnet_container_ip 1 local) 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 3 - local]=dnet-3-local
+
+	## Run the test cases
+	./integration-tmp/bin/bats ./test/integration/dnet/overlay-local.bats
+
+	## Teardown
+	stop_dnet 1 local 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-local]
+	stop_dnet 2 local 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-2-local]
+	stop_dnet 3 local 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-3-local]
+}
+
+function run_overlay_consul_tests() {
+	## Test overlay network with consul
+	## Setup
+	start_dnet 1 consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - consul]=dnet-1-consul
+	start_dnet 2 consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 2 - consul]=dnet-2-consul
+	start_dnet 3 consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 3 - consul]=dnet-3-consul
+
+	## Run the test cases
+	./integration-tmp/bin/bats ./test/integration/dnet/overlay-consul.bats
+
+	## Teardown
+	stop_dnet 1 consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-consul]
+	stop_dnet 2 consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-2-consul]
+	stop_dnet 3 consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-3-consul]
+}
+
+function run_overlay_consul_host_tests() {
+	export _OVERLAY_HOST_MODE="true"
+	## Setup
+	start_dnet 1 consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - consul]=dnet-1-consul
+
+	## Run the test cases
+	./integration-tmp/bin/bats ./test/integration/dnet/overlay-consul-host.bats
+
+	## Teardown
+	stop_dnet 1 consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-consul]
+	unset _OVERLAY_HOST_MODE
+}
+
+function run_overlay_zk_tests() {
+	## Test overlay network with zookeeper
+	start_dnet 1 zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - zookeeper]=dnet-1-zookeeper
+	start_dnet 2 zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 2 - zookeeper]=dnet-2-zookeeper
+	start_dnet 3 zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 3 - zookeeper]=dnet-3-zookeeper
+
+	./integration-tmp/bin/bats ./test/integration/dnet/overlay-zookeeper.bats
+
+	stop_dnet 1 zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-zookeeper]
+	stop_dnet 2 zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-2-zookeeper]
+	stop_dnet 3 zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-3-zookeeper]
+}
+
+function run_overlay_etcd_tests() {
+	## Test overlay network with etcd
+	start_dnet 1 etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - etcd]=dnet-1-etcd
+	start_dnet 2 etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 2 - etcd]=dnet-2-etcd
+	start_dnet 3 etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 3 - etcd]=dnet-3-etcd
+
+	./integration-tmp/bin/bats ./test/integration/dnet/overlay-etcd.bats
+
+	stop_dnet 1 etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-etcd]
+	stop_dnet 2 etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-2-etcd]
+	stop_dnet 3 etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-3-etcd]
+}
+
+function run_dnet_tests() {
+	# Test dnet configuration options
+	./integration-tmp/bin/bats ./test/integration/dnet/dnet.bats
+}
+
+function run_multi_consul_tests() {
+	# Test multi node configuration with a global scope test driver backed by consul
+
+	## Setup
+	start_dnet 1 multi_consul consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - multi_consul]=dnet-1-multi_consul
+	start_dnet 2 multi_consul consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 2 - multi_consul]=dnet-2-multi_consul
+	start_dnet 3 multi_consul consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 3 - multi_consul]=dnet-3-multi_consul
+
+	## Run the test cases
+	./integration-tmp/bin/bats ./test/integration/dnet/multi.bats
+
+	## Teardown
+	stop_dnet 1 multi_consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-multi_consul]
+	stop_dnet 2 multi_consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-2-multi_consul]
+	stop_dnet 3 multi_consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-3-multi_consul]
+}
+
+function run_multi_zk_tests() {
+	# Test multi node configuration with a global scope test driver backed by zookeeper
+
+	## Setup
+	start_dnet 1 multi_zk zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - multi_zk]=dnet-1-multi_zk
+	start_dnet 2 multi_zk zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 2 - multi_zk]=dnet-2-multi_zk
+	start_dnet 3 multi_zk zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 3 - multi_zk]=dnet-3-multi_zk
+
+	## Run the test cases
+	./integration-tmp/bin/bats ./test/integration/dnet/multi.bats
+
+	## Teardown
+	stop_dnet 1 multi_zk 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-multi_zk]
+	stop_dnet 2 multi_zk 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-2-multi_zk]
+	stop_dnet 3 multi_zk 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-3-multi_zk]
+}
+
+function run_multi_etcd_tests() {
+	# Test multi node configuration with a global scope test driver backed by etcd
+
+	## Setup
+	start_dnet 1 multi_etcd etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 1 - multi_etcd]=dnet-1-multi_etcd
+	start_dnet 2 multi_etcd etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 2 - multi_etcd]=dnet-2-multi_etcd
+	start_dnet 3 multi_etcd etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dnet - 3 - multi_etcd]=dnet-3-multi_etcd
+
+	## Run the test cases
+	./integration-tmp/bin/bats ./test/integration/dnet/multi.bats
+
+	## Teardown
+	stop_dnet 1 multi_etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-1-multi_etcd]
+	stop_dnet 2 multi_etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-2-multi_etcd]
+	stop_dnet 3 multi_etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	unset cmap[dnet-3-multi_etcd]
+}
+
+source ./test/integration/dnet/helpers.bash
+
+if [ ! -d ${INTEGRATION_ROOT} ]; then
+	mkdir -p ${INTEGRATION_ROOT}
+	git clone https://github.com/sstephenson/bats.git ${INTEGRATION_ROOT}/bats
+	./integration-tmp/bats/install.sh ./integration-tmp
+fi
+
+if [ ! -d ${TMPC_ROOT} ]; then
+	mkdir -p ${TMPC_ROOT}
+	docker pull busybox:ubuntu
+	docker export $(docker create busybox:ubuntu) > ${TMPC_ROOT}/busybox.tar
+	mkdir -p ${TMPC_ROOT}/rootfs
+	tar -C ${TMPC_ROOT}/rootfs -xf ${TMPC_ROOT}/busybox.tar
+fi
+
+# Suite setup
+
+if [ -z "$SUITES" ]; then
+	suites="dnet multi_consul multi_zk multi_etcd  bridge overlay_consul overlay_consul_host overlay_zk overlay_etcd"
+else
+	suites="$SUITES"
+fi
+
+if [[ ("$suites" =~ .*consul.*) || ("$suites" =~ .*bridge.*) ]]; then
+	echo "Starting consul ..."
+	start_consul 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[pr_consul]=pr_consul
+fi
+
+if [[ "$suites" =~ .*zk.* ]]; then
+	echo "Starting zookeeper ..."
+	start_zookeeper 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[zookeeper_server]=zookeeper_server
+fi
+
+if [[ "$suites" =~ .*etcd.* ]]; then
+	echo "Starting etcd ..."
+	start_etcd 1>> ${INTEGRATION_ROOT}/test.log 2>&1
+	cmap[dn_etcd]=dn_etcd
+fi
+
+echo ""
+
+for suite in ${suites}; do
+	suite_func=run_${suite}_tests
+	echo "Running ${suite}_tests ..."
+	declare -F $suite_func > /dev/null && $suite_func
+	echo ""
+done
diff --git a/libnetwork/test/integration/dnet/simple.bats b/libnetwork/test/integration/dnet/simple.bats
new file mode 100644
index 0000000000000..96365eaae3b2d
--- /dev/null
+++ b/libnetwork/test/integration/dnet/simple.bats
@@ -0,0 +1,80 @@
+#!/usr/bin/env bats
+
+load helpers
+
+@test "Test network create" {
+    echo $(docker ps)
+    run dnet_cmd $(inst_id2port 1) network create -d test mh1
+    echo ${output}
+    [ "$status" -eq 0 ]
+    run dnet_cmd $(inst_id2port 1) network ls
+    echo ${output}
+    line=$(dnet_cmd $(inst_id2port 1) network ls | grep mh1)
+    echo ${line}
+    name=$(echo ${line} | cut -d" " -f2)
+    driver=$(echo ${line} | cut -d" " -f3)
+    echo ${name} ${driver}
+    [ "$name" = "mh1" ]
+    [ "$driver" = "test" ]
+    dnet_cmd $(inst_id2port 1) network rm mh1
+}
+
+@test "Test network delete with id" {
+    echo $(docker ps)
+    run dnet_cmd $(inst_id2port 1) network create -d test mh1
+    [ "$status" -eq 0 ]
+    echo ${output}
+    dnet_cmd $(inst_id2port 1) network rm ${output}
+}
+
+@test "Test service create" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 1) network create -d test multihost
+    run dnet_cmd $(inst_id2port 1) service publish svc1.multihost
+    echo ${output}
+    [ "$status" -eq 0 ]
+    run dnet_cmd $(inst_id2port 1) service ls
+    echo ${output}
+    echo ${lines[1]}
+    [ "$status" -eq 0 ]
+    svc=$(echo ${lines[1]} | cut -d" " -f2)
+    network=$(echo ${lines[1]} | cut -d" " -f3)
+    echo ${svc} ${network}
+    [ "$network" = "multihost" ]
+    [ "$svc" = "svc1" ]
+    dnet_cmd $(inst_id2port 1) service unpublish svc1.multihost
+    dnet_cmd $(inst_id2port 1) network rm multihost
+}
+
+@test "Test service delete with id" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 1) network create -d test multihost
+    run dnet_cmd $(inst_id2port 1) service publish svc1.multihost
+    [ "$status" -eq 0 ]
+    echo ${output}
+    run dnet_cmd $(inst_id2port 1) service ls
+    [ "$status" -eq 0 ]
+    echo ${output}
+    echo ${lines[1]}
+    id=$(echo ${lines[1]} | cut -d" " -f1)
+    dnet_cmd $(inst_id2port 1) service unpublish ${id}.multihost
+    dnet_cmd $(inst_id2port 1) network rm multihost
+}
+
+@test "Test service attach" {
+    echo $(docker ps)
+    dnet_cmd $(inst_id2port 1) network create -d test multihost
+    dnet_cmd $(inst_id2port 1) service publish svc1.multihost
+    dnet_cmd $(inst_id2port 1) container create container_1
+    dnet_cmd $(inst_id2port 1) service attach container_1 svc1.multihost
+    run dnet_cmd $(inst_id2port 1) service ls
+    [ "$status" -eq 0 ]
+    echo ${output}
+    echo ${lines[1]}
+    container=$(echo ${lines[1]} | cut -d" " -f4)
+    [ "$container" = "container_1" ]
+    dnet_cmd $(inst_id2port 1) service detach container_1 svc1.multihost
+    dnet_cmd $(inst_id2port 1) container rm container_1
+    dnet_cmd $(inst_id2port 1) service unpublish svc1.multihost
+    dnet_cmd $(inst_id2port 1) network rm multihost
+}
diff --git a/libnetwork/test/integration/helpers.bash b/libnetwork/test/integration/helpers.bash
new file mode 100644
index 0000000000000..8ca3a3c635300
--- /dev/null
+++ b/libnetwork/test/integration/helpers.bash
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Root directory of the repository.
+MACHINE_ROOT=/usr/bin
+
+PLATFORM=$(uname -s | tr '[:upper:]' '[:lower:]')
+ARCH=$(uname -m)
+
+if [ "$ARCH" = "x86_64" ]; then
+	ARCH="amd64"
+else
+	ARCH="386"
+fi
+MACHINE_BIN_NAME=docker-machine_$PLATFORM-$ARCH
+BATS_LOG=/tmp/bats.log
+
+touch ${BATS_LOG}
+rm ${BATS_LOG}
+
+teardown() {
+	echo "$BATS_TEST_NAME
+----------
+$output
+----------
+
+" >> ${BATS_LOG}
+}
+
+EXTRA_ARGS_CFG='EXTRA_ARGS'
+EXTRA_ARGS='--tlsverify --tlscacert=/var/lib/boot2docker/ca.pem --tlskey=/var/lib/boot2docker/server-key.pem --tlscert=/var/lib/boot2docker/server.pem --label=provider=virtualbox -H tcp://0.0.0.0:2376'
+TMP_EXTRA_ARGS_FILE=/tmp/tmp_extra_args
+DAEMON_CFG_FILE=${BATS_TEST_DIRNAME}/daemon.cfg
+set_extra_config() {
+	if [ -f ${TMP_EXTRA_ARGS_FILE} ]; then
+		rm ${TMP_EXTRA_ARGS_FILE}
+	fi
+	echo -n "${EXTRA_ARGS_CFG}='" > ${TMP_EXTRA_ARGS_FILE}
+	echo -n "$1 " >> ${TMP_EXTRA_ARGS_FILE}
+	echo "${EXTRA_ARGS}'" >> ${TMP_EXTRA_ARGS_FILE}
+}
+
+if [ ! -e $MACHINE_ROOT/$MACHINE_BIN_NAME ]; then
+	echo "${MACHINE_ROOT}/${MACHINE_BIN_NAME} not found"
+	exit 1
+fi
+
+function machine() {
+	${MACHINE_ROOT}/$MACHINE_BIN_NAME "$@"
+}
diff --git a/libnetwork/testutils/context_unix.go b/libnetwork/testutils/context_unix.go
new file mode 100644
index 0000000000000..601c00f91dcd4
--- /dev/null
+++ b/libnetwork/testutils/context_unix.go
@@ -0,0 +1,44 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package testutils
+
+import (
+	"runtime"
+	"syscall"
+	"testing"
+
+	"github.com/docker/docker/libnetwork/ns"
+)
+
+// SetupTestOSContext joins a new network namespace, and returns its associated
+// teardown function.
+//
+// Example usage:
+//
+//     defer SetupTestOSContext(t)()
+//
+func SetupTestOSContext(t *testing.T) func() {
+	runtime.LockOSThread()
+	if err := syscall.Unshare(syscall.CLONE_NEWNET); err != nil {
+		t.Fatalf("Failed to enter netns: %v", err)
+	}
+
+	fd, err := syscall.Open("/proc/self/ns/net", syscall.O_RDONLY, 0)
+	if err != nil {
+		t.Fatal("Failed to open netns file")
+	}
+
+	// Since we are switching to a new test namespace make
+	// sure to re-initialize initNs context
+	ns.Init()
+
+	runtime.LockOSThread()
+
+	return func() {
+		if err := syscall.Close(fd); err != nil {
+			t.Logf("Warning: netns closing failed (%v)", err)
+		}
+		runtime.UnlockOSThread()
+	}
+}
diff --git a/libnetwork/testutils/context_windows.go b/libnetwork/testutils/context_windows.go
new file mode 100644
index 0000000000000..a770596f3ec4e
--- /dev/null
+++ b/libnetwork/testutils/context_windows.go
@@ -0,0 +1,14 @@
+package testutils
+
+import "testing"
+
+// SetupTestOSContext joins a new network namespace, and returns its associated
+// teardown function.
+//
+// Example usage:
+//
+//     defer SetupTestOSContext(t)()
+//
+func SetupTestOSContext(t *testing.T) func() {
+	return func() {}
+}
diff --git a/libnetwork/testutils/net.go b/libnetwork/testutils/net.go
new file mode 100644
index 0000000000000..65572ce2eb6da
--- /dev/null
+++ b/libnetwork/testutils/net.go
@@ -0,0 +1,11 @@
+package testutils
+
+import (
+	"os"
+)
+
+// IsRunningInContainer returns whether the test is running inside a container.
+func IsRunningInContainer() bool {
+	_, err := os.Stat("/.dockerenv")
+	return err == nil
+}
diff --git a/libnetwork/types/types.go b/libnetwork/types/types.go
new file mode 100644
index 0000000000000..e4ade05902f74
--- /dev/null
+++ b/libnetwork/types/types.go
@@ -0,0 +1,576 @@
+// Package types contains types that are common across libnetwork project
+package types
+
+import (
+	"bytes"
+	"fmt"
+	"net"
+	"strings"
+
+	"github.com/ishidawataru/sctp"
+)
+
+// constants for the IP address type
+// Deprecated: use the consts defined in github.com/docker/docker/libnetwork/resolvconf
+const (
+	IP = iota // IPv4 and IPv6
+	IPv4
+	IPv6
+)
+
+// EncryptionKey is the libnetwork representation of the key distributed by the lead
+// manager.
+type EncryptionKey struct {
+	Subsystem   string
+	Algorithm   int32
+	Key         []byte
+	LamportTime uint64
+}
+
+// UUID represents a globally unique ID of various resources like network and endpoint
+type UUID string
+
+// QosPolicy represents a quality of service policy on an endpoint
+type QosPolicy struct {
+	MaxEgressBandwidth uint64
+}
+
+// TransportPort represents a local Layer 4 endpoint
+type TransportPort struct {
+	Proto Protocol
+	Port  uint16
+}
+
+// Equal checks if this instance of Transportport is equal to the passed one
+func (t *TransportPort) Equal(o *TransportPort) bool {
+	if t == o {
+		return true
+	}
+
+	if o == nil {
+		return false
+	}
+
+	if t.Proto != o.Proto || t.Port != o.Port {
+		return false
+	}
+
+	return true
+}
+
+// GetCopy returns a copy of this TransportPort structure instance
+func (t *TransportPort) GetCopy() TransportPort {
+	return TransportPort{Proto: t.Proto, Port: t.Port}
+}
+
+// String returns the TransportPort structure in string form
+func (t *TransportPort) String() string {
+	return fmt.Sprintf("%s/%d", t.Proto.String(), t.Port)
+}
+
+// PortBinding represents a port binding between the container and the host
+type PortBinding struct {
+	Proto       Protocol
+	IP          net.IP
+	Port        uint16
+	HostIP      net.IP
+	HostPort    uint16
+	HostPortEnd uint16
+}
+
+// HostAddr returns the host side transport address
+func (p PortBinding) HostAddr() (net.Addr, error) {
+	switch p.Proto {
+	case UDP:
+		return &net.UDPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil
+	case TCP:
+		return &net.TCPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil
+	case SCTP:
+		return &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: p.HostIP}}, Port: int(p.HostPort)}, nil
+	default:
+		return nil, ErrInvalidProtocolBinding(p.Proto.String())
+	}
+}
+
+// ContainerAddr returns the container side transport address
+func (p PortBinding) ContainerAddr() (net.Addr, error) {
+	switch p.Proto {
+	case UDP:
+		return &net.UDPAddr{IP: p.IP, Port: int(p.Port)}, nil
+	case TCP:
+		return &net.TCPAddr{IP: p.IP, Port: int(p.Port)}, nil
+	case SCTP:
+		return &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: p.IP}}, Port: int(p.Port)}, nil
+	default:
+		return nil, ErrInvalidProtocolBinding(p.Proto.String())
+	}
+}
+
+// GetCopy returns a copy of this PortBinding structure instance
+func (p *PortBinding) GetCopy() PortBinding {
+	return PortBinding{
+		Proto:       p.Proto,
+		IP:          GetIPCopy(p.IP),
+		Port:        p.Port,
+		HostIP:      GetIPCopy(p.HostIP),
+		HostPort:    p.HostPort,
+		HostPortEnd: p.HostPortEnd,
+	}
+}
+
+// String returns the PortBinding structure in string form
+func (p *PortBinding) String() string {
+	ret := fmt.Sprintf("%s/", p.Proto)
+	if p.IP != nil {
+		ret += p.IP.String()
+	}
+	ret = fmt.Sprintf("%s:%d/", ret, p.Port)
+	if p.HostIP != nil {
+		ret += p.HostIP.String()
+	}
+	ret = fmt.Sprintf("%s:%d", ret, p.HostPort)
+	return ret
+}
+
+// Equal checks if this instance of PortBinding is equal to the passed one
+func (p *PortBinding) Equal(o *PortBinding) bool {
+	if p == o {
+		return true
+	}
+
+	if o == nil {
+		return false
+	}
+
+	if p.Proto != o.Proto || p.Port != o.Port ||
+		p.HostPort != o.HostPort || p.HostPortEnd != o.HostPortEnd {
+		return false
+	}
+
+	if p.IP != nil {
+		if !p.IP.Equal(o.IP) {
+			return false
+		}
+	} else {
+		if o.IP != nil {
+			return false
+		}
+	}
+
+	if p.HostIP != nil {
+		if !p.HostIP.Equal(o.HostIP) {
+			return false
+		}
+	} else {
+		if o.HostIP != nil {
+			return false
+		}
+	}
+
+	return true
+}
+
+// ErrInvalidProtocolBinding is returned when the port binding protocol is not valid.
+type ErrInvalidProtocolBinding string
+
+func (ipb ErrInvalidProtocolBinding) Error() string {
+	return fmt.Sprintf("invalid transport protocol: %s", string(ipb))
+}
+
+const (
+	// ICMP is for the ICMP ip protocol
+	ICMP = 1
+	// TCP is for the TCP ip protocol
+	TCP = 6
+	// UDP is for the UDP ip protocol
+	UDP = 17
+	// SCTP is for the SCTP ip protocol
+	SCTP = 132
+)
+
+// Protocol represents an IP protocol number
+type Protocol uint8
+
+func (p Protocol) String() string {
+	switch p {
+	case ICMP:
+		return "icmp"
+	case TCP:
+		return "tcp"
+	case UDP:
+		return "udp"
+	case SCTP:
+		return "sctp"
+	default:
+		return fmt.Sprintf("%d", p)
+	}
+}
+
+// ParseProtocol returns the respective Protocol type for the passed string
+func ParseProtocol(s string) Protocol {
+	switch strings.ToLower(s) {
+	case "icmp":
+		return ICMP
+	case "udp":
+		return UDP
+	case "tcp":
+		return TCP
+	case "sctp":
+		return SCTP
+	default:
+		return 0
+	}
+}
+
+// GetMacCopy returns a copy of the passed MAC address
+func GetMacCopy(from net.HardwareAddr) net.HardwareAddr {
+	if from == nil {
+		return nil
+	}
+	to := make(net.HardwareAddr, len(from))
+	copy(to, from)
+	return to
+}
+
+// GetIPCopy returns a copy of the passed IP address
+func GetIPCopy(from net.IP) net.IP {
+	if from == nil {
+		return nil
+	}
+	to := make(net.IP, len(from))
+	copy(to, from)
+	return to
+}
+
+// GetIPNetCopy returns a copy of the passed IP Network
+func GetIPNetCopy(from *net.IPNet) *net.IPNet {
+	if from == nil {
+		return nil
+	}
+	bm := make(net.IPMask, len(from.Mask))
+	copy(bm, from.Mask)
+	return &net.IPNet{IP: GetIPCopy(from.IP), Mask: bm}
+}
+
+// GetIPNetCanonical returns the canonical form for the passed network
+func GetIPNetCanonical(nw *net.IPNet) *net.IPNet {
+	if nw == nil {
+		return nil
+	}
+	c := GetIPNetCopy(nw)
+	c.IP = c.IP.Mask(nw.Mask)
+	return c
+}
+
+// CompareIPNet returns equal if the two IP Networks are equal
+func CompareIPNet(a, b *net.IPNet) bool {
+	if a == b {
+		return true
+	}
+	if a == nil || b == nil {
+		return false
+	}
+	return a.IP.Equal(b.IP) && bytes.Equal(a.Mask, b.Mask)
+}
+
+// GetMinimalIP returns the address in its shortest form
+// If ip contains an IPv4-mapped IPv6 address, the 4-octet form of the IPv4 address will be returned.
+// Otherwise ip is returned unchanged.
+func GetMinimalIP(ip net.IP) net.IP {
+	if ip != nil && ip.To4() != nil {
+		return ip.To4()
+	}
+	return ip
+}
+
+// IsIPNetValid returns true if the ipnet is a valid network/mask
+// combination. Otherwise returns false.
+func IsIPNetValid(nw *net.IPNet) bool {
+	return nw.String() != "0.0.0.0/0"
+}
+
+var v4inV6MaskPrefix = []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
+
+// compareIPMask checks if the passed ip and mask are semantically compatible.
+// It returns the byte indexes for the address and mask so that caller can
+// do bitwise operations without modifying address representation.
+func compareIPMask(ip net.IP, mask net.IPMask) (is int, ms int, err error) {
+	// Find the effective starting of address and mask
+	if len(ip) == net.IPv6len && ip.To4() != nil {
+		is = 12
+	}
+	if len(ip[is:]) == net.IPv4len && len(mask) == net.IPv6len && bytes.Equal(mask[:12], v4inV6MaskPrefix) {
+		ms = 12
+	}
+	// Check if address and mask are semantically compatible
+	if len(ip[is:]) != len(mask[ms:]) {
+		err = fmt.Errorf("ip and mask are not compatible: (%#v, %#v)", ip, mask)
+	}
+	return
+}
+
+// GetHostPartIP returns the host portion of the ip address identified by the mask.
+// IP address representation is not modified. If address and mask are not compatible
+// an error is returned.
+func GetHostPartIP(ip net.IP, mask net.IPMask) (net.IP, error) {
+	// Find the effective starting of address and mask
+	is, ms, err := compareIPMask(ip, mask)
+	if err != nil {
+		return nil, fmt.Errorf("cannot compute host portion ip address because %s", err)
+	}
+
+	// Compute host portion
+	out := GetIPCopy(ip)
+	for i := 0; i < len(mask[ms:]); i++ {
+		out[is+i] &= ^mask[ms+i]
+	}
+
+	return out, nil
+}
+
+// GetBroadcastIP returns the broadcast ip address for the passed network (ip and mask).
+// IP address representation is not modified. If address and mask are not compatible
+// an error is returned.
+func GetBroadcastIP(ip net.IP, mask net.IPMask) (net.IP, error) {
+	// Find the effective starting of address and mask
+	is, ms, err := compareIPMask(ip, mask)
+	if err != nil {
+		return nil, fmt.Errorf("cannot compute broadcast ip address because %s", err)
+	}
+
+	// Compute broadcast address
+	out := GetIPCopy(ip)
+	for i := 0; i < len(mask[ms:]); i++ {
+		out[is+i] |= ^mask[ms+i]
+	}
+
+	return out, nil
+}
+
+// ParseCIDR returns the *net.IPNet represented by the passed CIDR notation
+func ParseCIDR(cidr string) (n *net.IPNet, e error) {
+	var i net.IP
+	if i, n, e = net.ParseCIDR(cidr); e == nil {
+		n.IP = i
+	}
+	return
+}
+
+const (
+	// NEXTHOP indicates a StaticRoute with an IP next hop.
+	NEXTHOP = iota
+
+	// CONNECTED indicates a StaticRoute with an interface for directly connected peers.
+	CONNECTED
+)
+
+// StaticRoute is a statically-provisioned IP route.
+type StaticRoute struct {
+	Destination *net.IPNet
+
+	RouteType int // NEXT_HOP or CONNECTED
+
+	// NextHop will be resolved by the kernel (i.e. as a loose hop).
+	NextHop net.IP
+}
+
+// GetCopy returns a copy of this StaticRoute structure
+func (r *StaticRoute) GetCopy() *StaticRoute {
+	d := GetIPNetCopy(r.Destination)
+	nh := GetIPCopy(r.NextHop)
+	return &StaticRoute{Destination: d,
+		RouteType: r.RouteType,
+		NextHop:   nh,
+	}
+}
+
+// InterfaceStatistics represents the interface's statistics
+type InterfaceStatistics struct {
+	RxBytes   uint64
+	RxPackets uint64
+	RxErrors  uint64
+	RxDropped uint64
+	TxBytes   uint64
+	TxPackets uint64
+	TxErrors  uint64
+	TxDropped uint64
+}
+
+func (is *InterfaceStatistics) String() string {
+	return fmt.Sprintf("\nRxBytes: %d, RxPackets: %d, RxErrors: %d, RxDropped: %d, TxBytes: %d, TxPackets: %d, TxErrors: %d, TxDropped: %d",
+		is.RxBytes, is.RxPackets, is.RxErrors, is.RxDropped, is.TxBytes, is.TxPackets, is.TxErrors, is.TxDropped)
+}
+
+/******************************
+ * Well-known Error Interfaces
+ ******************************/
+
+// MaskableError is an interface for errors which can be ignored by caller
+type MaskableError interface {
+	// Maskable makes implementer into MaskableError type
+	Maskable()
+}
+
+// RetryError is an interface for errors which might get resolved through retry
+type RetryError interface {
+	// Retry makes implementer into RetryError type
+	Retry()
+}
+
+// BadRequestError is an interface for errors originated by a bad request
+type BadRequestError interface {
+	// BadRequest makes implementer into BadRequestError type
+	BadRequest()
+}
+
+// NotFoundError is an interface for errors raised because a needed resource is not available
+type NotFoundError interface {
+	// NotFound makes implementer into NotFoundError type
+	NotFound()
+}
+
+// ForbiddenError is an interface for errors which denote a valid request that cannot be honored
+type ForbiddenError interface {
+	// Forbidden makes implementer into ForbiddenError type
+	Forbidden()
+}
+
+// NoServiceError is an interface for errors returned when the required service is not available
+type NoServiceError interface {
+	// NoService makes implementer into NoServiceError type
+	NoService()
+}
+
+// TimeoutError is an interface for errors raised because of timeout
+type TimeoutError interface {
+	// Timeout makes implementer into TimeoutError type
+	Timeout()
+}
+
+// NotImplementedError is an interface for errors raised because of requested functionality is not yet implemented
+type NotImplementedError interface {
+	// NotImplemented makes implementer into NotImplementedError type
+	NotImplemented()
+}
+
+// InternalError is an interface for errors raised because of an internal error
+type InternalError interface {
+	// Internal makes implementer into InternalError type
+	Internal()
+}
+
+/******************************
+ * Well-known Error Formatters
+ ******************************/
+
+// BadRequestErrorf creates an instance of BadRequestError
+func BadRequestErrorf(format string, params ...interface{}) error {
+	return badRequest(fmt.Sprintf(format, params...))
+}
+
+// NotFoundErrorf creates an instance of NotFoundError
+func NotFoundErrorf(format string, params ...interface{}) error {
+	return notFound(fmt.Sprintf(format, params...))
+}
+
+// ForbiddenErrorf creates an instance of ForbiddenError
+func ForbiddenErrorf(format string, params ...interface{}) error {
+	return forbidden(fmt.Sprintf(format, params...))
+}
+
+// NoServiceErrorf creates an instance of NoServiceError
+func NoServiceErrorf(format string, params ...interface{}) error {
+	return noService(fmt.Sprintf(format, params...))
+}
+
+// NotImplementedErrorf creates an instance of NotImplementedError
+func NotImplementedErrorf(format string, params ...interface{}) error {
+	return notImpl(fmt.Sprintf(format, params...))
+}
+
+// TimeoutErrorf creates an instance of TimeoutError
+func TimeoutErrorf(format string, params ...interface{}) error {
+	return timeout(fmt.Sprintf(format, params...))
+}
+
+// InternalErrorf creates an instance of InternalError
+func InternalErrorf(format string, params ...interface{}) error {
+	return internal(fmt.Sprintf(format, params...))
+}
+
+// InternalMaskableErrorf creates an instance of InternalError and MaskableError
+func InternalMaskableErrorf(format string, params ...interface{}) error {
+	return maskInternal(fmt.Sprintf(format, params...))
+}
+
+// RetryErrorf creates an instance of RetryError
+func RetryErrorf(format string, params ...interface{}) error {
+	return retry(fmt.Sprintf(format, params...))
+}
+
+/***********************
+ * Internal Error Types
+ ***********************/
+type badRequest string
+
+func (br badRequest) Error() string {
+	return string(br)
+}
+func (br badRequest) BadRequest() {}
+
+type notFound string
+
+func (nf notFound) Error() string {
+	return string(nf)
+}
+func (nf notFound) NotFound() {}
+
+type forbidden string
+
+func (frb forbidden) Error() string {
+	return string(frb)
+}
+func (frb forbidden) Forbidden() {}
+
+type noService string
+
+func (ns noService) Error() string {
+	return string(ns)
+}
+func (ns noService) NoService() {}
+
+type timeout string
+
+func (to timeout) Error() string {
+	return string(to)
+}
+func (to timeout) Timeout() {}
+
+type notImpl string
+
+func (ni notImpl) Error() string {
+	return string(ni)
+}
+func (ni notImpl) NotImplemented() {}
+
+type internal string
+
+func (nt internal) Error() string {
+	return string(nt)
+}
+func (nt internal) Internal() {}
+
+type maskInternal string
+
+func (mnt maskInternal) Error() string {
+	return string(mnt)
+}
+func (mnt maskInternal) Internal() {}
+func (mnt maskInternal) Maskable() {}
+
+type retry string
+
+func (r retry) Error() string {
+	return string(r)
+}
+func (r retry) Retry() {}
diff --git a/libnetwork/types/types_test.go b/libnetwork/types/types_test.go
new file mode 100644
index 0000000000000..b32a0007dde09
--- /dev/null
+++ b/libnetwork/types/types_test.go
@@ -0,0 +1,339 @@
+package types
+
+import (
+	"net"
+	"testing"
+)
+
+func TestErrorConstructors(t *testing.T) {
+	var err error
+
+	err = BadRequestErrorf("Io ho %d uccello", 1)
+	if err.Error() != "Io ho 1 uccello" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(BadRequestError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); ok {
+		t.Fatal(err)
+	}
+
+	err = RetryErrorf("Incy wincy %s went up the spout again", "spider")
+	if err.Error() != "Incy wincy spider went up the spout again" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(RetryError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); ok {
+		t.Fatal(err)
+	}
+
+	err = NotFoundErrorf("Can't find the %s", "keys")
+	if err.Error() != "Can't find the keys" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(NotFoundError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); ok {
+		t.Fatal(err)
+	}
+
+	err = ForbiddenErrorf("Can't open door %d", 2)
+	if err.Error() != "Can't open door 2" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(ForbiddenError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); ok {
+		t.Fatal(err)
+	}
+
+	err = NotImplementedErrorf("Functionality %s is not implemented", "x")
+	if err.Error() != "Functionality x is not implemented" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(NotImplementedError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); ok {
+		t.Fatal(err)
+	}
+
+	err = TimeoutErrorf("Process %s timed out", "abc")
+	if err.Error() != "Process abc timed out" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(TimeoutError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); ok {
+		t.Fatal(err)
+	}
+
+	err = NoServiceErrorf("Driver %s is not available", "mh")
+	if err.Error() != "Driver mh is not available" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(NoServiceError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); ok {
+		t.Fatal(err)
+	}
+
+	err = InternalErrorf("Not sure what happened")
+	if err.Error() != "Not sure what happened" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(InternalError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); ok {
+		t.Fatal(err)
+	}
+
+	err = InternalMaskableErrorf("Minor issue, it can be ignored")
+	if err.Error() != "Minor issue, it can be ignored" {
+		t.Fatal(err)
+	}
+	if _, ok := err.(InternalError); !ok {
+		t.Fatal(err)
+	}
+	if _, ok := err.(MaskableError); !ok {
+		t.Fatal(err)
+	}
+}
+
+func TestCompareIPMask(t *testing.T) {
+	input := []struct {
+		ip    net.IP
+		mask  net.IPMask
+		is    int
+		ms    int
+		isErr bool
+	}{
+		{ // ip in v4Inv6 representation, mask in v4 representation
+			ip:   net.IPv4(172, 28, 30, 1),
+			mask: []byte{0xff, 0xff, 0xff, 0},
+			is:   12,
+			ms:   0,
+		},
+		{ // ip and mask in v4Inv6 representation
+			ip:   net.IPv4(172, 28, 30, 2),
+			mask: []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0},
+			is:   12,
+			ms:   12,
+		},
+		{ // ip in v4 representation, mask in v4Inv6 representation
+			ip:   net.IPv4(172, 28, 30, 3)[12:],
+			mask: []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0},
+			is:   0,
+			ms:   12,
+		},
+		{ // ip and mask in v4 representation
+			ip:   net.IPv4(172, 28, 30, 4)[12:],
+			mask: []byte{0xff, 0xff, 0xff, 0},
+			is:   0,
+			ms:   0,
+		},
+		{ // ip and mask as v6
+			ip:   net.ParseIP("2001:DB8:2002:2001:FFFF:ABCD:EEAB:00CD"),
+			mask: []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0, 0},
+			is:   0,
+			ms:   0,
+		},
+		{
+			ip:    net.ParseIP("2001:DB8:2002:2001:FFFF:ABCD:EEAB:00CD"),
+			mask:  []byte{0xff, 0xff, 0xff, 0},
+			isErr: true,
+		},
+		{
+			ip:    net.ParseIP("173.32.4.5"),
+			mask:  []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0},
+			isErr: true,
+		},
+		{
+			ip:    net.ParseIP("173.32.4.5"),
+			mask:  []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0xff, 0},
+			isErr: true,
+		},
+	}
+
+	for ind, i := range input {
+		is, ms, err := compareIPMask(i.ip, i.mask)
+		if i.isErr {
+			if err == nil {
+				t.Fatalf("Incorrect error condition for element %d. is: %d, ms: %d, err: %v", ind, is, ms, err)
+			}
+		} else {
+			if i.is != is || i.ms != ms {
+				t.Fatalf("expected is: %d, ms: %d. Got is: %d, ms: %d for element %d", i.is, i.ms, is, ms, ind)
+			}
+		}
+	}
+}
+
+func TestUtilGetHostPartIP(t *testing.T) {
+	input := []struct {
+		ip   net.IP
+		mask net.IPMask
+		host net.IP
+		err  error
+	}{
+		{ // ip in v4Inv6 representation, mask in v4 representation
+			ip:   net.IPv4(172, 28, 30, 1),
+			mask: []byte{0xff, 0xff, 0xff, 0},
+			host: net.IPv4(0, 0, 0, 1),
+		},
+		{ // ip and mask in v4Inv6 representation
+			ip:   net.IPv4(172, 28, 30, 2),
+			mask: []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0},
+			host: net.IPv4(0, 0, 0, 2),
+		},
+		{ // ip in v4 representation, mask in v4Inv6 representation
+			ip:   net.IPv4(172, 28, 30, 3)[12:],
+			mask: []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0},
+			host: net.IPv4(0, 0, 0, 3)[12:],
+		},
+		{ // ip and mask in v4 representation
+			ip:   net.IPv4(172, 28, 30, 4)[12:],
+			mask: []byte{0xff, 0xff, 0xff, 0},
+			host: net.IPv4(0, 0, 0, 4)[12:],
+		},
+		{ // ip and mask as v6
+			ip:   net.ParseIP("2001:DB8:2002:2001:FFFF:ABCD:EEAB:00CD"),
+			mask: []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0, 0},
+			host: net.ParseIP("0::AB:00CD"),
+		},
+	}
+
+	for _, i := range input {
+		h, err := GetHostPartIP(i.ip, i.mask)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !i.host.Equal(h) {
+			t.Fatalf("Failed to return expected host ip. Expected: %s. Got: %s", i.host, h)
+		}
+	}
+
+	// ip as v6 and mask as v4 are not compatible
+	if _, err := GetHostPartIP(net.ParseIP("2001:DB8:2002:2001:FFFF:ABCD:EEAB:00CD"), []byte{0xff, 0xff, 0xff, 0}); err == nil {
+		t.Fatalf("Unexpected success")
+	}
+	// ip as v4 and non conventional mask
+	if _, err := GetHostPartIP(net.ParseIP("173.32.4.5"), []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0}); err == nil {
+		t.Fatalf("Unexpected success")
+	}
+	// ip as v4 and non conventional mask
+	if _, err := GetHostPartIP(net.ParseIP("173.32.4.5"), []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0xff, 0}); err == nil {
+		t.Fatalf("Unexpected success")
+	}
+}
+
+func TestUtilGetBroadcastIP(t *testing.T) {
+	input := []struct {
+		ip    net.IP
+		mask  net.IPMask
+		bcast net.IP
+		err   error
+	}{
+		// ip in v4Inv6 representation, mask in v4 representation
+		{
+			ip:    net.IPv4(172, 28, 30, 1),
+			mask:  []byte{0xff, 0xff, 0xff, 0},
+			bcast: net.IPv4(172, 28, 30, 255),
+		},
+		{
+			ip:    net.IPv4(10, 28, 30, 1),
+			mask:  []byte{0xff, 0, 0, 0},
+			bcast: net.IPv4(10, 255, 255, 255),
+		},
+		// ip and mask in v4Inv6 representation
+		{
+			ip:    net.IPv4(172, 28, 30, 2),
+			mask:  []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0},
+			bcast: net.IPv4(172, 28, 30, 255),
+		},
+		{
+			ip:    net.IPv4(172, 28, 30, 2),
+			mask:  []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0},
+			bcast: net.IPv4(172, 28, 255, 255),
+		},
+		// ip in v4 representation, mask in v4Inv6 representation
+		{
+			ip:    net.IPv4(172, 28, 30, 3)[12:],
+			mask:  []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0},
+			bcast: net.IPv4(172, 28, 30, 255)[12:],
+		},
+		{
+			ip:    net.IPv4(172, 28, 30, 3)[12:],
+			mask:  []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0, 0},
+			bcast: net.IPv4(172, 255, 255, 255)[12:],
+		},
+		// ip and mask in v4 representation
+		{
+			ip:    net.IPv4(172, 28, 30, 4)[12:],
+			mask:  []byte{0xff, 0xff, 0xff, 0},
+			bcast: net.IPv4(172, 28, 30, 255)[12:],
+		},
+		{
+			ip:    net.IPv4(172, 28, 30, 4)[12:],
+			mask:  []byte{0xff, 0xff, 0, 0},
+			bcast: net.IPv4(172, 28, 255, 255)[12:],
+		},
+		{ // ip and mask as v6
+			ip:    net.ParseIP("2001:DB8:2002:2001:FFFF:ABCD:EEAB:00CD"),
+			mask:  []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0, 0},
+			bcast: net.ParseIP("2001:DB8:2002:2001:FFFF:ABCD:EEFF:FFFF"),
+		},
+	}
+
+	for _, i := range input {
+		h, err := GetBroadcastIP(i.ip, i.mask)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !i.bcast.Equal(h) {
+			t.Fatalf("Failed to return expected host ip. Expected: %s. Got: %s", i.bcast, h)
+		}
+	}
+
+	// ip as v6 and mask as v4 are not compatible
+	if _, err := GetBroadcastIP(net.ParseIP("2001:DB8:2002:2001:FFFF:ABCD:EEAB:00CD"), []byte{0xff, 0xff, 0xff, 0}); err == nil {
+		t.Fatalf("Unexpected success")
+	}
+	// ip as v4 and non conventional mask
+	if _, err := GetBroadcastIP(net.ParseIP("173.32.4.5"), []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0}); err == nil {
+		t.Fatalf("Unexpected success")
+	}
+	// ip as v4 and non conventional mask
+	if _, err := GetBroadcastIP(net.ParseIP("173.32.4.5"), []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0xff, 0}); err == nil {
+		t.Fatalf("Unexpected success")
+	}
+}
+
+func TestParseCIDR(t *testing.T) {
+	input := []struct {
+		cidr string
+		ipnw *net.IPNet
+	}{
+		{"192.168.22.44/16", &net.IPNet{IP: net.IP{192, 168, 22, 44}, Mask: net.IPMask{255, 255, 0, 0}}},
+		{"10.10.2.0/24", &net.IPNet{IP: net.IP{10, 10, 2, 0}, Mask: net.IPMask{255, 255, 255, 0}}},
+		{"10.0.0.100/17", &net.IPNet{IP: net.IP{10, 0, 0, 100}, Mask: net.IPMask{255, 255, 128, 0}}},
+	}
+
+	for _, i := range input {
+		nw, err := ParseCIDR(i.cidr)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !CompareIPNet(nw, i.ipnw) {
+			t.Fatalf("network differ. Expected %v. Got: %v", i.ipnw, nw)
+		}
+	}
+}
diff --git a/migrate/v1/migratev1.go b/migrate/v1/migratev1.go
deleted file mode 100644
index 9cd759a3b8e6a..0000000000000
--- a/migrate/v1/migratev1.go
+++ /dev/null
@@ -1,501 +0,0 @@
-package v1 // import "github.com/docker/docker/migrate/v1"
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strconv"
-	"sync"
-	"time"
-
-	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/distribution/metadata"
-	"github.com/docker/docker/image"
-	imagev1 "github.com/docker/docker/image/v1"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/pkg/ioutils"
-	refstore "github.com/docker/docker/reference"
-	"github.com/opencontainers/go-digest"
-	"github.com/sirupsen/logrus"
-)
-
-type graphIDRegistrar interface {
-	RegisterByGraphID(string, layer.ChainID, layer.DiffID, string, int64) (layer.Layer, error)
-	Release(layer.Layer) ([]layer.Metadata, error)
-}
-
-type graphIDMounter interface {
-	CreateRWLayerByGraphID(string, string, layer.ChainID) error
-}
-
-type checksumCalculator interface {
-	ChecksumForGraphID(id, parent, oldTarDataPath, newTarDataPath string) (diffID layer.DiffID, size int64, err error)
-}
-
-const (
-	graphDirName                 = "graph"
-	tarDataFileName              = "tar-data.json.gz"
-	migrationFileName            = ".migration-v1-images.json"
-	migrationTagsFileName        = ".migration-v1-tags"
-	migrationDiffIDFileName      = ".migration-diffid"
-	migrationSizeFileName        = ".migration-size"
-	migrationTarDataFileName     = ".migration-tardata"
-	containersDirName            = "containers"
-	configFileNameLegacy         = "config.json"
-	configFileName               = "config.v2.json"
-	repositoriesFilePrefixLegacy = "repositories-"
-)
-
-var (
-	errUnsupported = errors.New("migration is not supported")
-)
-
-// Migrate takes an old graph directory and transforms the metadata into the
-// new format.
-func Migrate(root, driverName string, ls layer.Store, is image.Store, rs refstore.Store, ms metadata.Store) error {
-	graphDir := filepath.Join(root, graphDirName)
-	if _, err := os.Lstat(graphDir); os.IsNotExist(err) {
-		return nil
-	}
-
-	mappings, err := restoreMappings(root)
-	if err != nil {
-		return err
-	}
-
-	if cc, ok := ls.(checksumCalculator); ok {
-		CalculateLayerChecksums(root, cc, mappings)
-	}
-
-	if registrar, ok := ls.(graphIDRegistrar); !ok {
-		return errUnsupported
-	} else if err := migrateImages(root, registrar, is, ms, mappings); err != nil {
-		return err
-	}
-
-	err = saveMappings(root, mappings)
-	if err != nil {
-		return err
-	}
-
-	if mounter, ok := ls.(graphIDMounter); !ok {
-		return errUnsupported
-	} else if err := migrateContainers(root, mounter, is, mappings); err != nil {
-		return err
-	}
-
-	return migrateRefs(root, driverName, rs, mappings)
-}
-
-// CalculateLayerChecksums walks an old graph directory and calculates checksums
-// for each layer. These checksums are later used for migration.
-func CalculateLayerChecksums(root string, ls checksumCalculator, mappings map[string]image.ID) {
-	graphDir := filepath.Join(root, graphDirName)
-	// spawn some extra workers also for maximum performance because the process is bounded by both cpu and io
-	workers := runtime.NumCPU() * 3
-	workQueue := make(chan string, workers)
-
-	wg := sync.WaitGroup{}
-
-	for i := 0; i < workers; i++ {
-		wg.Add(1)
-		go func() {
-			for id := range workQueue {
-				start := time.Now()
-				if err := calculateLayerChecksum(graphDir, id, ls); err != nil {
-					logrus.Errorf("could not calculate checksum for %q, %q", id, err)
-				}
-				elapsed := time.Since(start)
-				logrus.Debugf("layer %s took %.2f seconds", id, elapsed.Seconds())
-			}
-			wg.Done()
-		}()
-	}
-
-	dir, err := ioutil.ReadDir(graphDir)
-	if err != nil {
-		logrus.Errorf("could not read directory %q", graphDir)
-		return
-	}
-	for _, v := range dir {
-		v1ID := v.Name()
-		if err := imagev1.ValidateID(v1ID); err != nil {
-			continue
-		}
-		if _, ok := mappings[v1ID]; ok { // support old migrations without helper files
-			continue
-		}
-		workQueue <- v1ID
-	}
-	close(workQueue)
-	wg.Wait()
-}
-
-func calculateLayerChecksum(graphDir, id string, ls checksumCalculator) error {
-	diffIDFile := filepath.Join(graphDir, id, migrationDiffIDFileName)
-	if _, err := os.Lstat(diffIDFile); err == nil {
-		return nil
-	} else if !os.IsNotExist(err) {
-		return err
-	}
-
-	parent, err := getParent(filepath.Join(graphDir, id))
-	if err != nil {
-		return err
-	}
-
-	diffID, size, err := ls.ChecksumForGraphID(id, parent, filepath.Join(graphDir, id, tarDataFileName), filepath.Join(graphDir, id, migrationTarDataFileName))
-	if err != nil {
-		return err
-	}
-
-	if err := ioutil.WriteFile(filepath.Join(graphDir, id, migrationSizeFileName), []byte(strconv.Itoa(int(size))), 0600); err != nil {
-		return err
-	}
-
-	if err := ioutils.AtomicWriteFile(filepath.Join(graphDir, id, migrationDiffIDFileName), []byte(diffID), 0600); err != nil {
-		return err
-	}
-
-	logrus.Infof("calculated checksum for layer %s: %s", id, diffID)
-	return nil
-}
-
-func restoreMappings(root string) (map[string]image.ID, error) {
-	mappings := make(map[string]image.ID)
-
-	mfile := filepath.Join(root, migrationFileName)
-	f, err := os.Open(mfile)
-	if err != nil && !os.IsNotExist(err) {
-		return nil, err
-	} else if err == nil {
-		err := json.NewDecoder(f).Decode(&mappings)
-		if err != nil {
-			f.Close()
-			return nil, err
-		}
-		f.Close()
-	}
-
-	return mappings, nil
-}
-
-func saveMappings(root string, mappings map[string]image.ID) error {
-	mfile := filepath.Join(root, migrationFileName)
-	f, err := os.OpenFile(mfile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	return json.NewEncoder(f).Encode(mappings)
-}
-
-func migrateImages(root string, ls graphIDRegistrar, is image.Store, ms metadata.Store, mappings map[string]image.ID) error {
-	graphDir := filepath.Join(root, graphDirName)
-
-	dir, err := ioutil.ReadDir(graphDir)
-	if err != nil {
-		return err
-	}
-	for _, v := range dir {
-		v1ID := v.Name()
-		if err := imagev1.ValidateID(v1ID); err != nil {
-			continue
-		}
-		if _, exists := mappings[v1ID]; exists {
-			continue
-		}
-		if err := migrateImage(v1ID, root, ls, is, ms, mappings); err != nil {
-			continue
-		}
-	}
-
-	return nil
-}
-
-func migrateContainers(root string, ls graphIDMounter, is image.Store, imageMappings map[string]image.ID) error {
-	containersDir := filepath.Join(root, containersDirName)
-	dir, err := ioutil.ReadDir(containersDir)
-	if err != nil {
-		return err
-	}
-	for _, v := range dir {
-		id := v.Name()
-
-		if _, err := os.Stat(filepath.Join(containersDir, id, configFileName)); err == nil {
-			continue
-		}
-
-		containerJSON, err := ioutil.ReadFile(filepath.Join(containersDir, id, configFileNameLegacy))
-		if err != nil {
-			logrus.Errorf("migrate container error: %v", err)
-			continue
-		}
-
-		var c map[string]*json.RawMessage
-		if err := json.Unmarshal(containerJSON, &c); err != nil {
-			logrus.Errorf("migrate container error: %v", err)
-			continue
-		}
-
-		imageStrJSON, ok := c["Image"]
-		if !ok {
-			return fmt.Errorf("invalid container configuration for %v", id)
-		}
-
-		var image string
-		if err := json.Unmarshal([]byte(*imageStrJSON), &image); err != nil {
-			logrus.Errorf("migrate container error: %v", err)
-			continue
-		}
-
-		imageID, ok := imageMappings[image]
-		if !ok {
-			logrus.Errorf("image not migrated %v", imageID) // non-fatal error
-			continue
-		}
-
-		c["Image"] = rawJSON(imageID)
-
-		containerJSON, err = json.Marshal(c)
-		if err != nil {
-			return err
-		}
-
-		if err := ioutil.WriteFile(filepath.Join(containersDir, id, configFileName), containerJSON, 0600); err != nil {
-			return err
-		}
-
-		img, err := is.Get(imageID)
-		if err != nil {
-			return err
-		}
-
-		if err := ls.CreateRWLayerByGraphID(id, id, img.RootFS.ChainID()); err != nil {
-			logrus.Errorf("migrate container error: %v", err)
-			continue
-		}
-
-		logrus.Infof("migrated container %s to point to %s", id, imageID)
-
-	}
-	return nil
-}
-
-type refAdder interface {
-	AddTag(ref reference.Named, id digest.Digest, force bool) error
-	AddDigest(ref reference.Canonical, id digest.Digest, force bool) error
-}
-
-func migrateRefs(root, driverName string, rs refAdder, mappings map[string]image.ID) error {
-	migrationFile := filepath.Join(root, migrationTagsFileName)
-	if _, err := os.Lstat(migrationFile); !os.IsNotExist(err) {
-		return err
-	}
-
-	type repositories struct {
-		Repositories map[string]map[string]string
-	}
-
-	var repos repositories
-
-	f, err := os.Open(filepath.Join(root, repositoriesFilePrefixLegacy+driverName))
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-	defer f.Close()
-	if err := json.NewDecoder(f).Decode(&repos); err != nil {
-		return err
-	}
-
-	for name, repo := range repos.Repositories {
-		for tag, id := range repo {
-			if strongID, exists := mappings[id]; exists {
-				ref, err := reference.ParseNormalizedNamed(name)
-				if err != nil {
-					logrus.Errorf("migrate tags: invalid name %q, %q", name, err)
-					continue
-				}
-				if !reference.IsNameOnly(ref) {
-					logrus.Errorf("migrate tags: invalid name %q, unexpected tag or digest", name)
-					continue
-				}
-				if dgst, err := digest.Parse(tag); err == nil {
-					canonical, err := reference.WithDigest(reference.TrimNamed(ref), dgst)
-					if err != nil {
-						logrus.Errorf("migrate tags: invalid digest %q, %q", dgst, err)
-						continue
-					}
-					if err := rs.AddDigest(canonical, strongID.Digest(), false); err != nil {
-						logrus.Errorf("can't migrate digest %q for %q, err: %q", reference.FamiliarString(ref), strongID, err)
-					}
-				} else {
-					tagRef, err := reference.WithTag(ref, tag)
-					if err != nil {
-						logrus.Errorf("migrate tags: invalid tag %q, %q", tag, err)
-						continue
-					}
-					if err := rs.AddTag(tagRef, strongID.Digest(), false); err != nil {
-						logrus.Errorf("can't migrate tag %q for %q, err: %q", reference.FamiliarString(ref), strongID, err)
-					}
-				}
-				logrus.Infof("migrated tag %s:%s to point to %s", name, tag, strongID)
-			}
-		}
-	}
-
-	mf, err := os.Create(migrationFile)
-	if err != nil {
-		return err
-	}
-	mf.Close()
-
-	return nil
-}
-
-func getParent(confDir string) (string, error) {
-	jsonFile := filepath.Join(confDir, "json")
-	imageJSON, err := ioutil.ReadFile(jsonFile)
-	if err != nil {
-		return "", err
-	}
-	var parent struct {
-		Parent   string
-		ParentID digest.Digest `json:"parent_id"`
-	}
-	if err := json.Unmarshal(imageJSON, &parent); err != nil {
-		return "", err
-	}
-	if parent.Parent == "" && parent.ParentID != "" { // v1.9
-		parent.Parent = parent.ParentID.Hex()
-	}
-	// compatibilityID for parent
-	parentCompatibilityID, err := ioutil.ReadFile(filepath.Join(confDir, "parent"))
-	if err == nil && len(parentCompatibilityID) > 0 {
-		parent.Parent = string(parentCompatibilityID)
-	}
-	return parent.Parent, nil
-}
-
-func migrateImage(id, root string, ls graphIDRegistrar, is image.Store, ms metadata.Store, mappings map[string]image.ID) (err error) {
-	defer func() {
-		if err != nil {
-			logrus.Errorf("migration failed for %v, err: %v", id, err)
-		}
-	}()
-
-	parent, err := getParent(filepath.Join(root, graphDirName, id))
-	if err != nil {
-		return err
-	}
-
-	var parentID image.ID
-	if parent != "" {
-		var exists bool
-		if parentID, exists = mappings[parent]; !exists {
-			if err := migrateImage(parent, root, ls, is, ms, mappings); err != nil {
-				// todo: fail or allow broken chains?
-				return err
-			}
-			parentID = mappings[parent]
-		}
-	}
-
-	rootFS := image.NewRootFS()
-	var history []image.History
-
-	if parentID != "" {
-		parentImg, err := is.Get(parentID)
-		if err != nil {
-			return err
-		}
-
-		rootFS = parentImg.RootFS
-		history = parentImg.History
-	}
-
-	diffIDData, err := ioutil.ReadFile(filepath.Join(root, graphDirName, id, migrationDiffIDFileName))
-	if err != nil {
-		return err
-	}
-	diffID, err := digest.Parse(string(diffIDData))
-	if err != nil {
-		return err
-	}
-
-	sizeStr, err := ioutil.ReadFile(filepath.Join(root, graphDirName, id, migrationSizeFileName))
-	if err != nil {
-		return err
-	}
-	size, err := strconv.ParseInt(string(sizeStr), 10, 64)
-	if err != nil {
-		return err
-	}
-
-	layer, err := ls.RegisterByGraphID(id, rootFS.ChainID(), layer.DiffID(diffID), filepath.Join(root, graphDirName, id, migrationTarDataFileName), size)
-	if err != nil {
-		return err
-	}
-	logrus.Infof("migrated layer %s to %s", id, layer.DiffID())
-
-	jsonFile := filepath.Join(root, graphDirName, id, "json")
-	imageJSON, err := ioutil.ReadFile(jsonFile)
-	if err != nil {
-		return err
-	}
-
-	h, err := imagev1.HistoryFromConfig(imageJSON, false)
-	if err != nil {
-		return err
-	}
-	history = append(history, h)
-
-	rootFS.Append(layer.DiffID())
-
-	config, err := imagev1.MakeConfigFromV1Config(imageJSON, rootFS, history)
-	if err != nil {
-		return err
-	}
-	strongID, err := is.Create(config)
-	if err != nil {
-		return err
-	}
-	logrus.Infof("migrated image %s to %s", id, strongID)
-
-	if parentID != "" {
-		if err := is.SetParent(strongID, parentID); err != nil {
-			return err
-		}
-	}
-
-	checksum, err := ioutil.ReadFile(filepath.Join(root, graphDirName, id, "checksum"))
-	if err == nil { // best effort
-		dgst, err := digest.Parse(string(checksum))
-		if err == nil {
-			V2MetadataService := metadata.NewV2MetadataService(ms)
-			V2MetadataService.Add(layer.DiffID(), metadata.V2Metadata{Digest: dgst})
-		}
-	}
-	_, err = ls.Release(layer)
-	if err != nil {
-		return err
-	}
-
-	mappings[id] = strongID
-	return
-}
-
-func rawJSON(value interface{}) *json.RawMessage {
-	jsonval, err := json.Marshal(value)
-	if err != nil {
-		return nil
-	}
-	return (*json.RawMessage)(&jsonval)
-}
diff --git a/migrate/v1/migratev1_test.go b/migrate/v1/migratev1_test.go
deleted file mode 100644
index ef601d0882349..0000000000000
--- a/migrate/v1/migratev1_test.go
+++ /dev/null
@@ -1,437 +0,0 @@
-package v1 // import "github.com/docker/docker/migrate/v1"
-
-import (
-	"crypto/rand"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"reflect"
-	"runtime"
-	"testing"
-
-	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/distribution/metadata"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
-	"github.com/opencontainers/go-digest"
-)
-
-func TestMigrateRefs(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "migrate-tags")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	ioutil.WriteFile(filepath.Join(tmpdir, "repositories-generic"), []byte(`{"Repositories":{"busybox":{"latest":"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108","sha256:16a2a52884c2a9481ed267c2d46483eac7693b813a63132368ab098a71303f8a":"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108"},"registry":{"2":"5d165b8e4b203685301c815e95663231691d383fd5e3d3185d1ce3f8dddead3d","latest":"8d5547a9f329b1d3f93198cd661fb5117e5a96b721c5cf9a2c389e7dd4877128"}}}`), 0600)
-
-	ta := &mockTagAdder{}
-	err = migrateRefs(tmpdir, "generic", ta, map[string]image.ID{
-		"5d165b8e4b203685301c815e95663231691d383fd5e3d3185d1ce3f8dddead3d": image.ID("sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"),
-		"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108": image.ID("sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"),
-		"abcdef3434c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108": image.ID("sha256:56434342345ae68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"),
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expected := map[string]string{
-		"docker.io/library/busybox:latest": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
-		"docker.io/library/busybox@sha256:16a2a52884c2a9481ed267c2d46483eac7693b813a63132368ab098a71303f8a": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
-		"docker.io/library/registry:2": "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
-	}
-
-	if !reflect.DeepEqual(expected, ta.refs) {
-		t.Fatalf("Invalid migrated tags: expected %q, got %q", expected, ta.refs)
-	}
-
-	// second migration is no-op
-	ioutil.WriteFile(filepath.Join(tmpdir, "repositories-generic"), []byte(`{"Repositories":{"busybox":{"latest":"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108"`), 0600)
-	err = migrateRefs(tmpdir, "generic", ta, map[string]image.ID{
-		"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108": image.ID("sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"),
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !reflect.DeepEqual(expected, ta.refs) {
-		t.Fatalf("Invalid migrated tags: expected %q, got %q", expected, ta.refs)
-	}
-}
-
-func TestMigrateContainers(t *testing.T) {
-	// TODO Windows: Figure out why this is failing
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
-	}
-	if runtime.GOARCH != "amd64" {
-		t.Skip("Test tailored to amd64 architecture")
-	}
-	tmpdir, err := ioutil.TempDir("", "migrate-containers")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	err = addContainer(tmpdir, `{"State":{"Running":false,"Paused":false,"Restarting":false,"OOMKilled":false,"Dead":false,"Pid":0,"ExitCode":0,"Error":"","StartedAt":"2015-11-10T21:42:40.604267436Z","FinishedAt":"2015-11-10T21:42:41.869265487Z"},"ID":"f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c","Created":"2015-11-10T21:42:40.433831551Z","Path":"sh","Args":[],"Config":{"Hostname":"f780ee3f80e6","Domainname":"","User":"","AttachStdin":true,"AttachStdout":true,"AttachStderr":true,"Tty":true,"OpenStdin":true,"StdinOnce":true,"Env":null,"Cmd":["sh"],"Image":"busybox","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"Image":"2c5ac3f849df8627fcf2822727f87c57f38b7129d3604fbc11d861fe856ff093","NetworkSettings":{"Bridge":"","EndpointID":"","Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"HairpinMode":false,"IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","LinkLocalIPv6Address":"","LinkLocalIPv6PrefixLen":0,"MacAddress":"","NetworkID":"","PortMapping":null,"Ports":null,"SandboxKey":"","SecondaryIPAddresses":null,"SecondaryIPv6Addresses":null},"ResolvConfPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/resolv.conf","HostnamePath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/hostname","HostsPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/hosts","LogPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c-json.log","Name":"/determined_euclid","Driver":"overlay","ExecDriver":"native-0.2","MountLabel":"","ProcessLabel":"","RestartCount":0,"UpdateDns":false,"HasBeenStartedBefore":false,"MountPoints":{},"Volumes":{},"VolumesRW":{},"AppArmorProfile":""}`)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// container with invalid image
-	err = addContainer(tmpdir, `{"State":{"Running":false,"Paused":false,"Restarting":false,"OOMKilled":false,"Dead":false,"Pid":0,"ExitCode":0,"Error":"","StartedAt":"2015-11-10T21:42:40.604267436Z","FinishedAt":"2015-11-10T21:42:41.869265487Z"},"ID":"e780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c","Created":"2015-11-10T21:42:40.433831551Z","Path":"sh","Args":[],"Config":{"Hostname":"f780ee3f80e6","Domainname":"","User":"","AttachStdin":true,"AttachStdout":true,"AttachStderr":true,"Tty":true,"OpenStdin":true,"StdinOnce":true,"Env":null,"Cmd":["sh"],"Image":"busybox","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"Image":"4c5ac3f849df8627fcf2822727f87c57f38b7129d3604fbc11d861fe856ff093","NetworkSettings":{"Bridge":"","EndpointID":"","Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"HairpinMode":false,"IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","LinkLocalIPv6Address":"","LinkLocalIPv6PrefixLen":0,"MacAddress":"","NetworkID":"","PortMapping":null,"Ports":null,"SandboxKey":"","SecondaryIPAddresses":null,"SecondaryIPv6Addresses":null},"ResolvConfPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/resolv.conf","HostnamePath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/hostname","HostsPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/hosts","LogPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c-json.log","Name":"/determined_euclid","Driver":"overlay","ExecDriver":"native-0.2","MountLabel":"","ProcessLabel":"","RestartCount":0,"UpdateDns":false,"HasBeenStartedBefore":false,"MountPoints":{},"Volumes":{},"VolumesRW":{},"AppArmorProfile":""}`)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	ifs, err := image.NewFSStoreBackend(filepath.Join(tmpdir, "imagedb"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	ls := &mockMounter{}
-	mmMap := make(map[string]image.LayerGetReleaser)
-	mmMap[runtime.GOOS] = ls
-	is, err := image.NewImageStore(ifs, mmMap)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	imgID, err := is.Create([]byte(`{"architecture":"amd64","config":{"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Cmd":["sh"],"Entrypoint":null,"Env":null,"Hostname":"23304fc829f9","Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Labels":null,"OnBuild":null,"OpenStdin":false,"StdinOnce":false,"Tty":false,"Volumes":null,"WorkingDir":"","Domainname":"","User":""},"container":"349b014153779e30093d94f6df2a43c7a0a164e05aa207389917b540add39b51","container_config":{"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Entrypoint":null,"Env":null,"Hostname":"23304fc829f9","Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Labels":null,"OnBuild":null,"OpenStdin":false,"StdinOnce":false,"Tty":false,"Volumes":null,"WorkingDir":"","Domainname":"","User":""},"created":"2015-10-31T22:22:55.613815829Z","docker_version":"1.8.2","history":[{"created":"2015-10-31T22:22:54.690851953Z","created_by":"/bin/sh -c #(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"},{"created":"2015-10-31T22:22:55.613815829Z","created_by":"/bin/sh -c #(nop) CMD [\"sh\"]"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:c6f988f4874bb0add23a778f753c65efe992244e148a1d2ec2a8b664fb66bbd1","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"]}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = migrateContainers(tmpdir, ls, is, map[string]image.ID{
-		"2c5ac3f849df8627fcf2822727f87c57f38b7129d3604fbc11d861fe856ff093": imgID,
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expected := []mountInfo{{
-		"f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c",
-		"f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c",
-		"sha256:c3191d32a37d7159b2e30830937d2e30268ad6c375a773a8994911a3aba9b93f",
-	}}
-	if !reflect.DeepEqual(expected, ls.mounts) {
-		t.Fatalf("invalid mounts: expected %q, got %q", expected, ls.mounts)
-	}
-
-	if actual, expected := ls.count, 0; actual != expected {
-		t.Fatalf("invalid active mounts: expected %d, got %d", expected, actual)
-	}
-
-	config2, err := ioutil.ReadFile(filepath.Join(tmpdir, "containers", "f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c", "config.v2.json"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	var config struct{ Image string }
-	err = json.Unmarshal(config2, &config)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if actual, expected := config.Image, string(imgID); actual != expected {
-		t.Fatalf("invalid image pointer in migrated config: expected %q, got %q", expected, actual)
-	}
-
-}
-
-func TestMigrateImages(t *testing.T) {
-	// TODO Windows: Figure out why this is failing
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
-	}
-	if runtime.GOARCH != "amd64" {
-		t.Skip("Test tailored to amd64 architecture")
-	}
-	tmpdir, err := ioutil.TempDir("", "migrate-images")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	// busybox from 1.9
-	id1, err := addImage(tmpdir, `{"architecture":"amd64","config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"container":"23304fc829f9b9349416f6eb1afec162907eba3a328f51d53a17f8986f865d65","container_config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"],"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"created":"2015-10-31T22:22:54.690851953Z","docker_version":"1.8.2","layer_id":"sha256:55dc925c23d1ed82551fd018c27ac3ee731377b6bad3963a2a4e76e753d70e57","os":"linux"}`, "", "")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	id2, err := addImage(tmpdir, `{"architecture":"amd64","config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"container":"349b014153779e30093d94f6df2a43c7a0a164e05aa207389917b540add39b51","container_config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"created":"2015-10-31T22:22:55.613815829Z","docker_version":"1.8.2","layer_id":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4","os":"linux","parent_id":"sha256:039b63dd2cbaa10d6015ea574392530571ed8d7b174090f032211285a71881d0"}`, id1, "")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	ifs, err := image.NewFSStoreBackend(filepath.Join(tmpdir, "imagedb"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	ls := &mockRegistrar{}
-	mrMap := make(map[string]image.LayerGetReleaser)
-	mrMap[runtime.GOOS] = ls
-	is, err := image.NewImageStore(ifs, mrMap)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	ms, err := metadata.NewFSMetadataStore(filepath.Join(tmpdir, "distribution"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	mappings := make(map[string]image.ID)
-
-	err = migrateImages(tmpdir, ls, is, ms, mappings)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expected := map[string]image.ID{
-		id1: image.ID("sha256:ca406eaf9c26898414ff5b7b3a023c33310759d6203be0663dbf1b3a712f432d"),
-		id2: image.ID("sha256:a488bec94bb96b26a968f913d25ef7d8d204d727ca328b52b4b059c7d03260b6"),
-	}
-
-	if !reflect.DeepEqual(mappings, expected) {
-		t.Fatalf("invalid image mappings: expected %q, got %q", expected, mappings)
-	}
-
-	if actual, expected := ls.count, 2; actual != expected {
-		t.Fatalf("invalid register count: expected %q, got %q", expected, actual)
-	}
-	ls.count = 0
-
-	// next images are busybox from 1.8.2
-	_, err = addImage(tmpdir, `{"id":"17583c7dd0dae6244203b8029733bdb7d17fccbb2b5d93e2b24cf48b8bfd06e2","parent":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","created":"2015-10-31T22:22:55.613815829Z","container":"349b014153779e30093d94f6df2a43c7a0a164e05aa207389917b540add39b51","container_config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"PublishService":"","Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Volumes":null,"VolumeDriver":"","WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":null},"docker_version":"1.8.2","config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"PublishService":"","Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Volumes":null,"VolumeDriver":"","WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":null},"architecture":"amd64","os":"linux","Size":0}`, "", "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = addImage(tmpdir, `{"id":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","created":"2015-10-31T22:22:54.690851953Z","container":"23304fc829f9b9349416f6eb1afec162907eba3a328f51d53a17f8986f865d65","container_config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"PublishService":"","Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"],"Image":"","Volumes":null,"VolumeDriver":"","WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":null},"docker_version":"1.8.2","config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"PublishService":"","Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"VolumeDriver":"","WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":null},"architecture":"amd64","os":"linux","Size":1108935}`, "", "sha256:55dc925c23d1ed82551fd018c27ac3ee731377b6bad3963a2a4e76e753d70e57")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = migrateImages(tmpdir, ls, is, ms, mappings)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expected["d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498"] = image.ID("sha256:c091bb33854e57e6902b74c08719856d30b5593c7db6143b2b48376b8a588395")
-	expected["17583c7dd0dae6244203b8029733bdb7d17fccbb2b5d93e2b24cf48b8bfd06e2"] = image.ID("sha256:d963020e755ff2715b936065949472c1f8a6300144b922992a1a421999e71f07")
-
-	if actual, expected := ls.count, 2; actual != expected {
-		t.Fatalf("invalid register count: expected %q, got %q", expected, actual)
-	}
-
-	v2MetadataService := metadata.NewV2MetadataService(ms)
-	receivedMetadata, err := v2MetadataService.GetMetadata(layer.EmptyLayer.DiffID())
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expectedMetadata := []metadata.V2Metadata{
-		{Digest: digest.Digest("sha256:55dc925c23d1ed82551fd018c27ac3ee731377b6bad3963a2a4e76e753d70e57")},
-		{Digest: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
-	}
-
-	if !reflect.DeepEqual(expectedMetadata, receivedMetadata) {
-		t.Fatalf("invalid metadata: expected %q, got %q", expectedMetadata, receivedMetadata)
-	}
-
-}
-
-func TestMigrateUnsupported(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "migrate-empty")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	err = os.MkdirAll(filepath.Join(tmpdir, "graph"), 0700)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = Migrate(tmpdir, "generic", nil, nil, nil, nil)
-	if err != errUnsupported {
-		t.Fatalf("expected unsupported error, got %q", err)
-	}
-}
-
-func TestMigrateEmptyDir(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "migrate-empty")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	err = Migrate(tmpdir, "generic", nil, nil, nil, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func addImage(dest, jsonConfig, parent, checksum string) (string, error) {
-	var config struct{ ID string }
-	if err := json.Unmarshal([]byte(jsonConfig), &config); err != nil {
-		return "", err
-	}
-	if config.ID == "" {
-		b := make([]byte, 32)
-		rand.Read(b)
-		config.ID = hex.EncodeToString(b)
-	}
-	contDir := filepath.Join(dest, "graph", config.ID)
-	if err := os.MkdirAll(contDir, 0700); err != nil {
-		return "", err
-	}
-	if err := ioutil.WriteFile(filepath.Join(contDir, "json"), []byte(jsonConfig), 0600); err != nil {
-		return "", err
-	}
-	if checksum != "" {
-		if err := ioutil.WriteFile(filepath.Join(contDir, "checksum"), []byte(checksum), 0600); err != nil {
-			return "", err
-		}
-	}
-	if err := ioutil.WriteFile(filepath.Join(contDir, ".migration-diffid"), []byte(layer.EmptyLayer.DiffID()), 0600); err != nil {
-		return "", err
-	}
-	if err := ioutil.WriteFile(filepath.Join(contDir, ".migration-size"), []byte("0"), 0600); err != nil {
-		return "", err
-	}
-	if parent != "" {
-		if err := ioutil.WriteFile(filepath.Join(contDir, "parent"), []byte(parent), 0600); err != nil {
-			return "", err
-		}
-	}
-	if checksum != "" {
-		if err := ioutil.WriteFile(filepath.Join(contDir, "checksum"), []byte(checksum), 0600); err != nil {
-			return "", err
-		}
-	}
-	return config.ID, nil
-}
-
-func addContainer(dest, jsonConfig string) error {
-	var config struct{ ID string }
-	if err := json.Unmarshal([]byte(jsonConfig), &config); err != nil {
-		return err
-	}
-	contDir := filepath.Join(dest, "containers", config.ID)
-	if err := os.MkdirAll(contDir, 0700); err != nil {
-		return err
-	}
-	return ioutil.WriteFile(filepath.Join(contDir, "config.json"), []byte(jsonConfig), 0600)
-}
-
-type mockTagAdder struct {
-	refs map[string]string
-}
-
-func (t *mockTagAdder) AddTag(ref reference.Named, id digest.Digest, force bool) error {
-	if t.refs == nil {
-		t.refs = make(map[string]string)
-	}
-	t.refs[ref.String()] = id.String()
-	return nil
-}
-func (t *mockTagAdder) AddDigest(ref reference.Canonical, id digest.Digest, force bool) error {
-	return t.AddTag(ref, id, force)
-}
-
-type mockRegistrar struct {
-	layers map[layer.ChainID]*mockLayer
-	count  int
-}
-
-func (r *mockRegistrar) RegisterByGraphID(graphID string, parent layer.ChainID, diffID layer.DiffID, tarDataFile string, size int64) (layer.Layer, error) {
-	r.count++
-	l := &mockLayer{}
-	if parent != "" {
-		p, exists := r.layers[parent]
-		if !exists {
-			return nil, fmt.Errorf("invalid parent %q", parent)
-		}
-		l.parent = p
-		l.diffIDs = append(l.diffIDs, p.diffIDs...)
-	}
-	l.diffIDs = append(l.diffIDs, diffID)
-	if r.layers == nil {
-		r.layers = make(map[layer.ChainID]*mockLayer)
-	}
-	r.layers[l.ChainID()] = l
-	return l, nil
-}
-func (r *mockRegistrar) Release(l layer.Layer) ([]layer.Metadata, error) {
-	return nil, nil
-}
-func (r *mockRegistrar) Get(layer.ChainID) (layer.Layer, error) {
-	return nil, nil
-}
-
-type mountInfo struct {
-	name, graphID, parent string
-}
-type mockMounter struct {
-	mounts []mountInfo
-	count  int
-}
-
-func (r *mockMounter) CreateRWLayerByGraphID(name string, graphID string, parent layer.ChainID) error {
-	r.mounts = append(r.mounts, mountInfo{name, graphID, string(parent)})
-	return nil
-}
-func (r *mockMounter) Unmount(string) error {
-	r.count--
-	return nil
-}
-func (r *mockMounter) Get(layer.ChainID) (layer.Layer, error) {
-	return nil, nil
-}
-
-func (r *mockMounter) Release(layer.Layer) ([]layer.Metadata, error) {
-	return nil, nil
-}
-
-type mockLayer struct {
-	diffIDs []layer.DiffID
-	parent  *mockLayer
-}
-
-func (l *mockLayer) TarStream() (io.ReadCloser, error) {
-	return nil, nil
-}
-func (l *mockLayer) TarStreamFrom(layer.ChainID) (io.ReadCloser, error) {
-	return nil, nil
-}
-
-func (l *mockLayer) ChainID() layer.ChainID {
-	return layer.CreateChainID(l.diffIDs)
-}
-
-func (l *mockLayer) DiffID() layer.DiffID {
-	return l.diffIDs[len(l.diffIDs)-1]
-}
-
-func (l *mockLayer) Parent() layer.Layer {
-	if l.parent == nil {
-		return nil
-	}
-	return l.parent
-}
-
-func (l *mockLayer) Size() (int64, error) {
-	return 0, nil
-}
-
-func (l *mockLayer) DiffSize() (int64, error) {
-	return 0, nil
-}
-
-func (l *mockLayer) Metadata() (map[string]string, error) {
-	return nil, nil
-}
diff --git a/oci/caps/defaults.go b/oci/caps/defaults.go
new file mode 100644
index 0000000000000..242ee5811d2ac
--- /dev/null
+++ b/oci/caps/defaults.go
@@ -0,0 +1,21 @@
+package caps // import "github.com/docker/docker/oci/caps"
+
+// DefaultCapabilities returns a Linux kernel default capabilities
+func DefaultCapabilities() []string {
+	return []string{
+		"CAP_CHOWN",
+		"CAP_DAC_OVERRIDE",
+		"CAP_FSETID",
+		"CAP_FOWNER",
+		"CAP_MKNOD",
+		"CAP_NET_RAW",
+		"CAP_SETGID",
+		"CAP_SETUID",
+		"CAP_SETFCAP",
+		"CAP_SETPCAP",
+		"CAP_NET_BIND_SERVICE",
+		"CAP_SYS_CHROOT",
+		"CAP_KILL",
+		"CAP_AUDIT_WRITE",
+	}
+}
diff --git a/oci/caps/utils.go b/oci/caps/utils.go
new file mode 100644
index 0000000000000..c61f6b49e93e5
--- /dev/null
+++ b/oci/caps/utils.go
@@ -0,0 +1,126 @@
+package caps // import "github.com/docker/docker/oci/caps"
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/errdefs"
+)
+
+var (
+	allCaps []string
+
+	// knownCapabilities is a map of all known capabilities, using capability
+	// name as index. Nil values indicate that the capability is known, but either
+	// not supported by the Kernel, or not available in the current environment,
+	// for example, when running Docker-in-Docker with restricted capabilities.
+	//
+	// Capabilities are one of the security systems in Linux Security Module (LSM)
+	// framework provided by the kernel.
+	// For more details on capabilities, see http://man7.org/linux/man-pages/man7/capabilities.7.html
+	knownCaps map[string]*struct{}
+)
+
+// GetAllCapabilities returns all capabilities that are availeble in the current
+// environment.
+func GetAllCapabilities() []string {
+	initCaps()
+	return allCaps
+}
+
+// knownCapabilities returns a map of all known capabilities, using capability
+// name as index. Nil values indicate that the capability is known, but either
+// not supported by the Kernel, or not available in the current environment, for
+// example, when running Docker-in-Docker with restricted capabilities.
+func knownCapabilities() map[string]*struct{} {
+	initCaps()
+	return knownCaps
+}
+
+// inSlice tests whether a string is contained in a slice of strings or not.
+func inSlice(slice []string, s string) bool {
+	for _, ss := range slice {
+		if s == ss {
+			return true
+		}
+	}
+	return false
+}
+
+const allCapabilities = "ALL"
+
+// NormalizeLegacyCapabilities normalizes, and validates CapAdd/CapDrop capabilities
+// by upper-casing them, and adding a CAP_ prefix (if not yet present).
+//
+// This function also accepts the "ALL" magic-value, that's used by CapAdd/CapDrop.
+func NormalizeLegacyCapabilities(caps []string) ([]string, error) {
+	var (
+		normalized     []string
+		capabilityList = knownCapabilities()
+	)
+
+	for _, c := range caps {
+		c = strings.ToUpper(c)
+		if c == allCapabilities {
+			normalized = append(normalized, c)
+			continue
+		}
+		if !strings.HasPrefix(c, "CAP_") {
+			c = "CAP_" + c
+		}
+		if v, ok := capabilityList[c]; !ok {
+			return nil, errdefs.InvalidParameter(fmt.Errorf("unknown capability: %q", c))
+		} else if v == nil {
+			return nil, errdefs.InvalidParameter(fmt.Errorf("capability not supported by your kernel or not available in the current environment: %q", c))
+		}
+		normalized = append(normalized, c)
+	}
+	return normalized, nil
+}
+
+// TweakCapabilities tweaks capabilities by adding, dropping, or overriding
+// capabilities in the basics capabilities list.
+func TweakCapabilities(basics, adds, drops []string, privileged bool) ([]string, error) {
+	switch {
+	case privileged:
+		// Privileged containers get all capabilities
+		return GetAllCapabilities(), nil
+	case len(adds) == 0 && len(drops) == 0:
+		// Nothing to tweak; we're done
+		return basics, nil
+	}
+
+	capDrop, err := NormalizeLegacyCapabilities(drops)
+	if err != nil {
+		return nil, err
+	}
+	capAdd, err := NormalizeLegacyCapabilities(adds)
+	if err != nil {
+		return nil, err
+	}
+
+	var caps []string
+
+	switch {
+	case inSlice(capAdd, allCapabilities):
+		// Add all capabilities except ones on capDrop
+		for _, c := range GetAllCapabilities() {
+			if !inSlice(capDrop, c) {
+				caps = append(caps, c)
+			}
+		}
+	case inSlice(capDrop, allCapabilities):
+		// "Drop" all capabilities; use what's in capAdd instead
+		caps = capAdd
+	default:
+		// First drop some capabilities
+		for _, c := range basics {
+			if !inSlice(capDrop, c) {
+				caps = append(caps, c)
+			}
+		}
+		// Then add the list of capabilities from capAdd
+		caps = append(caps, capAdd...)
+	}
+	return caps, nil
+}
diff --git a/oci/caps/utils_linux.go b/oci/caps/utils_linux.go
new file mode 100644
index 0000000000000..06dc3410fc772
--- /dev/null
+++ b/oci/caps/utils_linux.go
@@ -0,0 +1,35 @@
+package caps // import "github.com/docker/docker/oci/caps"
+import (
+	"sync"
+
+	ccaps "github.com/containerd/containerd/pkg/cap"
+	"github.com/sirupsen/logrus"
+)
+
+var initCapsOnce sync.Once
+
+func initCaps() {
+	initCapsOnce.Do(func() {
+		rawCaps := ccaps.Known()
+		curCaps, err := ccaps.Current()
+		if err != nil {
+			logrus.WithError(err).Error("failed to get capabilities from current environment")
+			allCaps = rawCaps
+		} else {
+			allCaps = curCaps
+		}
+		knownCaps = make(map[string]*struct{}, len(rawCaps))
+		for _, capName := range rawCaps {
+			// For now, we assume the capability is available if we failed to
+			// get the capabilities from the current environment. This keeps the
+			// old (pre-detection) behavior, and prevents creating containers with
+			// no capabilities. The OCI runtime or kernel may still refuse capa-
+			// bilities that are not available, and produce an error in that case.
+			if len(curCaps) > 0 && !inSlice(curCaps, capName) {
+				knownCaps[capName] = nil
+				continue
+			}
+			knownCaps[capName] = &struct{}{}
+		}
+	})
+}
diff --git a/oci/caps/utils_other.go b/oci/caps/utils_other.go
new file mode 100644
index 0000000000000..5634a65720398
--- /dev/null
+++ b/oci/caps/utils_other.go
@@ -0,0 +1,8 @@
+//go:build !linux
+// +build !linux
+
+package caps // import "github.com/docker/docker/oci/caps"
+
+func initCaps() {
+	// no capabilities on Windows
+}
diff --git a/oci/defaults.go b/oci/defaults.go
index 992157b0f5771..55a1d7a99ef6b 100644
--- a/oci/defaults.go
+++ b/oci/defaults.go
@@ -4,40 +4,17 @@ import (
 	"os"
 	"runtime"
 
-	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/docker/docker/oci/caps"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 func iPtr(i int64) *int64        { return &i }
 func u32Ptr(i int64) *uint32     { u := uint32(i); return &u }
 func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm }
 
-func defaultCapabilities() []string {
-	return []string{
-		"CAP_CHOWN",
-		"CAP_DAC_OVERRIDE",
-		"CAP_FSETID",
-		"CAP_FOWNER",
-		"CAP_MKNOD",
-		"CAP_NET_RAW",
-		"CAP_SETGID",
-		"CAP_SETUID",
-		"CAP_SETFCAP",
-		"CAP_SETPCAP",
-		"CAP_NET_BIND_SERVICE",
-		"CAP_SYS_CHROOT",
-		"CAP_KILL",
-		"CAP_AUDIT_WRITE",
-	}
-}
-
 // DefaultSpec returns the default spec used by docker for the current Platform
 func DefaultSpec() specs.Spec {
-	return DefaultOSSpec(runtime.GOOS)
-}
-
-// DefaultOSSpec returns the spec for a given OS
-func DefaultOSSpec(osName string) specs.Spec {
-	if osName == "windows" {
+	if runtime.GOOS == "windows" {
 		return DefaultWindowsSpec()
 	}
 	return DefaultLinuxSpec()
@@ -55,158 +32,150 @@ func DefaultWindowsSpec() specs.Spec {
 
 // DefaultLinuxSpec create a default spec for running Linux containers
 func DefaultLinuxSpec() specs.Spec {
-	s := specs.Spec{
+	return specs.Spec{
 		Version: specs.Version,
 		Process: &specs.Process{
 			Capabilities: &specs.LinuxCapabilities{
-				Bounding:    defaultCapabilities(),
-				Permitted:   defaultCapabilities(),
-				Inheritable: defaultCapabilities(),
-				Effective:   defaultCapabilities(),
+				Bounding:    caps.DefaultCapabilities(),
+				Permitted:   caps.DefaultCapabilities(),
+				Inheritable: caps.DefaultCapabilities(),
+				Effective:   caps.DefaultCapabilities(),
 			},
 		},
 		Root: &specs.Root{},
-	}
-	s.Mounts = []specs.Mount{
-		{
-			Destination: "/proc",
-			Type:        "proc",
-			Source:      "proc",
-			Options:     []string{"nosuid", "noexec", "nodev"},
-		},
-		{
-			Destination: "/dev",
-			Type:        "tmpfs",
-			Source:      "tmpfs",
-			Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
-		},
-		{
-			Destination: "/dev/pts",
-			Type:        "devpts",
-			Source:      "devpts",
-			Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
-		},
-		{
-			Destination: "/sys",
-			Type:        "sysfs",
-			Source:      "sysfs",
-			Options:     []string{"nosuid", "noexec", "nodev", "ro"},
-		},
-		{
-			Destination: "/sys/fs/cgroup",
-			Type:        "cgroup",
-			Source:      "cgroup",
-			Options:     []string{"ro", "nosuid", "noexec", "nodev"},
-		},
-		{
-			Destination: "/dev/mqueue",
-			Type:        "mqueue",
-			Source:      "mqueue",
-			Options:     []string{"nosuid", "noexec", "nodev"},
-		},
-		{
-			Destination: "/dev/shm",
-			Type:        "tmpfs",
-			Source:      "shm",
-			Options:     []string{"nosuid", "noexec", "nodev", "mode=1777"},
-		},
-	}
-
-	s.Linux = &specs.Linux{
-		MaskedPaths: []string{
-			"/proc/acpi",
-			"/proc/kcore",
-			"/proc/keys",
-			"/proc/latency_stats",
-			"/proc/timer_list",
-			"/proc/timer_stats",
-			"/proc/sched_debug",
-			"/proc/scsi",
-			"/sys/firmware",
-		},
-		ReadonlyPaths: []string{
-			"/proc/asound",
-			"/proc/bus",
-			"/proc/fs",
-			"/proc/irq",
-			"/proc/sys",
-			"/proc/sysrq-trigger",
-		},
-		Namespaces: []specs.LinuxNamespace{
-			{Type: "mount"},
-			{Type: "network"},
-			{Type: "uts"},
-			{Type: "pid"},
-			{Type: "ipc"},
+		Mounts: []specs.Mount{
+			{
+				Destination: "/proc",
+				Type:        "proc",
+				Source:      "proc",
+				Options:     []string{"nosuid", "noexec", "nodev"},
+			},
+			{
+				Destination: "/dev",
+				Type:        "tmpfs",
+				Source:      "tmpfs",
+				Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
+			},
+			{
+				Destination: "/dev/pts",
+				Type:        "devpts",
+				Source:      "devpts",
+				Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
+			},
+			{
+				Destination: "/sys",
+				Type:        "sysfs",
+				Source:      "sysfs",
+				Options:     []string{"nosuid", "noexec", "nodev", "ro"},
+			},
+			{
+				Destination: "/sys/fs/cgroup",
+				Type:        "cgroup",
+				Source:      "cgroup",
+				Options:     []string{"ro", "nosuid", "noexec", "nodev"},
+			},
+			{
+				Destination: "/dev/mqueue",
+				Type:        "mqueue",
+				Source:      "mqueue",
+				Options:     []string{"nosuid", "noexec", "nodev"},
+			},
+			{
+				Destination: "/dev/shm",
+				Type:        "tmpfs",
+				Source:      "shm",
+				Options:     []string{"nosuid", "noexec", "nodev", "mode=1777"},
+			},
 		},
-		// Devices implicitly contains the following devices:
-		// null, zero, full, random, urandom, tty, console, and ptmx.
-		// ptmx is a bind mount or symlink of the container's ptmx.
-		// See also: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices
-		Devices: []specs.LinuxDevice{},
-		Resources: &specs.LinuxResources{
-			Devices: []specs.LinuxDeviceCgroup{
-				{
-					Allow:  false,
-					Access: "rwm",
-				},
-				{
-					Allow:  true,
-					Type:   "c",
-					Major:  iPtr(1),
-					Minor:  iPtr(5),
-					Access: "rwm",
-				},
-				{
-					Allow:  true,
-					Type:   "c",
-					Major:  iPtr(1),
-					Minor:  iPtr(3),
-					Access: "rwm",
-				},
-				{
-					Allow:  true,
-					Type:   "c",
-					Major:  iPtr(1),
-					Minor:  iPtr(9),
-					Access: "rwm",
-				},
-				{
-					Allow:  true,
-					Type:   "c",
-					Major:  iPtr(1),
-					Minor:  iPtr(8),
-					Access: "rwm",
-				},
-				{
-					Allow:  true,
-					Type:   "c",
-					Major:  iPtr(5),
-					Minor:  iPtr(0),
-					Access: "rwm",
-				},
-				{
-					Allow:  true,
-					Type:   "c",
-					Major:  iPtr(5),
-					Minor:  iPtr(1),
-					Access: "rwm",
-				},
-				{
-					Allow:  false,
-					Type:   "c",
-					Major:  iPtr(10),
-					Minor:  iPtr(229),
-					Access: "rwm",
+		Linux: &specs.Linux{
+			MaskedPaths: []string{
+				"/proc/asound",
+				"/proc/acpi",
+				"/proc/kcore",
+				"/proc/keys",
+				"/proc/latency_stats",
+				"/proc/timer_list",
+				"/proc/timer_stats",
+				"/proc/sched_debug",
+				"/proc/scsi",
+				"/sys/firmware",
+			},
+			ReadonlyPaths: []string{
+				"/proc/bus",
+				"/proc/fs",
+				"/proc/irq",
+				"/proc/sys",
+				"/proc/sysrq-trigger",
+			},
+			Namespaces: []specs.LinuxNamespace{
+				{Type: "mount"},
+				{Type: "network"},
+				{Type: "uts"},
+				{Type: "pid"},
+				{Type: "ipc"},
+			},
+			// Devices implicitly contains the following devices:
+			// null, zero, full, random, urandom, tty, console, and ptmx.
+			// ptmx is a bind mount or symlink of the container's ptmx.
+			// See also: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices
+			Devices: []specs.LinuxDevice{},
+			Resources: &specs.LinuxResources{
+				Devices: []specs.LinuxDeviceCgroup{
+					{
+						Allow:  false,
+						Access: "rwm",
+					},
+					{
+						Allow:  true,
+						Type:   "c",
+						Major:  iPtr(1),
+						Minor:  iPtr(5),
+						Access: "rwm",
+					},
+					{
+						Allow:  true,
+						Type:   "c",
+						Major:  iPtr(1),
+						Minor:  iPtr(3),
+						Access: "rwm",
+					},
+					{
+						Allow:  true,
+						Type:   "c",
+						Major:  iPtr(1),
+						Minor:  iPtr(9),
+						Access: "rwm",
+					},
+					{
+						Allow:  true,
+						Type:   "c",
+						Major:  iPtr(1),
+						Minor:  iPtr(8),
+						Access: "rwm",
+					},
+					{
+						Allow:  true,
+						Type:   "c",
+						Major:  iPtr(5),
+						Minor:  iPtr(0),
+						Access: "rwm",
+					},
+					{
+						Allow:  true,
+						Type:   "c",
+						Major:  iPtr(5),
+						Minor:  iPtr(1),
+						Access: "rwm",
+					},
+					{
+						Allow:  false,
+						Type:   "c",
+						Major:  iPtr(10),
+						Minor:  iPtr(229),
+						Access: "rwm",
+					},
 				},
 			},
 		},
 	}
-
-	// For LCOW support, populate a blank Windows spec
-	if runtime.GOOS == "windows" {
-		s.Windows = &specs.Windows{}
-	}
-
-	return s
 }
diff --git a/oci/devices_linux.go b/oci/devices_linux.go
index 46d4e1d32d43d..ca1c4886b9678 100644
--- a/oci/devices_linux.go
+++ b/oci/devices_linux.go
@@ -6,32 +6,31 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/devices"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"golang.org/x/sys/unix"
 )
 
-// Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.
-func Device(d *configs.Device) specs.LinuxDevice {
+// Device transforms a libcontainer devices.Device to a specs.LinuxDevice object.
+func Device(d *devices.Device) specs.LinuxDevice {
 	return specs.LinuxDevice{
 		Type:     string(d.Type),
 		Path:     d.Path,
 		Major:    d.Major,
 		Minor:    d.Minor,
-		FileMode: fmPtr(int64(d.FileMode)),
+		FileMode: fmPtr(int64(d.FileMode &^ unix.S_IFMT)), // strip file type, as OCI spec only expects file-mode to be included
 		UID:      u32Ptr(int64(d.Uid)),
 		GID:      u32Ptr(int64(d.Gid)),
 	}
 }
 
-func deviceCgroup(d *configs.Device) specs.LinuxDeviceCgroup {
-	t := string(d.Type)
+func deviceCgroup(d *devices.Device) specs.LinuxDeviceCgroup {
 	return specs.LinuxDeviceCgroup{
 		Allow:  true,
-		Type:   t,
+		Type:   string(d.Type),
 		Major:  &d.Major,
 		Minor:  &d.Minor,
-		Access: d.Permissions,
+		Access: string(d.Permissions),
 	}
 }
 
@@ -61,7 +60,8 @@ func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (dev
 		if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() {
 
 			// mount the internal devices recursively
-			filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, e error) error {
+			// TODO check if additional errors should be handled or logged
+			_ = filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, _ error) error {
 				childDevice, e := devices.DeviceFromPath(dpath, cgroupPermissions)
 				if e != nil {
 					// ignore the device
diff --git a/oci/devices_linux_test.go b/oci/devices_linux_test.go
new file mode 100644
index 0000000000000..42ef2a6151018
--- /dev/null
+++ b/oci/devices_linux_test.go
@@ -0,0 +1,31 @@
+package oci
+
+import (
+	"os"
+	"testing"
+
+	"github.com/opencontainers/runc/libcontainer/devices"
+	"golang.org/x/sys/unix"
+	"gotest.tools/v3/assert"
+)
+
+func TestDeviceMode(t *testing.T) {
+	tests := []struct {
+		name string
+		in   os.FileMode
+		out  os.FileMode
+	}{
+		{name: "regular permissions", in: 0777, out: 0777},
+		{name: "block device", in: 0777 | unix.S_IFBLK, out: 0777},
+		{name: "character device", in: 0777 | unix.S_IFCHR, out: 0777},
+		{name: "fifo device", in: 0777 | unix.S_IFIFO, out: 0777},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			d := Device(&devices.Device{FileMode: tc.in})
+			assert.Equal(t, *d.FileMode, tc.out)
+		})
+	}
+}
diff --git a/oci/devices_unsupported.go b/oci/devices_unsupported.go
deleted file mode 100644
index af6dd3bda27b2..0000000000000
--- a/oci/devices_unsupported.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// +build !linux
-
-package oci // import "github.com/docker/docker/oci"
-
-import (
-	"errors"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// Device transforms a libcontainer configs.Device to a specs.Device object.
-// Not implemented
-func Device(d *configs.Device) specs.LinuxDevice { return specs.LinuxDevice{} }
-
-// DevicesFromPath computes a list of devices and device permissions from paths (pathOnHost and pathInContainer) and cgroup permissions.
-// Not implemented
-func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.LinuxDevice, devPermissions []specs.LinuxDeviceCgroup, err error) {
-	return nil, nil, errors.New("oci/devices: unsupported platform")
-}
diff --git a/oci/fixtures/default-old-format.json b/oci/fixtures/default-old-format.json
new file mode 100644
index 0000000000000..0e52bf95ec346
--- /dev/null
+++ b/oci/fixtures/default-old-format.json
@@ -0,0 +1,1593 @@
+{
+  "defaultAction": "SCMP_ACT_ERRNO",
+  "architectures": [
+    "SCMP_ARCH_X86_64",
+    "SCMP_ARCH_X86",
+    "SCMP_ARCH_X32"
+  ],
+  "syscalls": [
+    {
+      "name": "accept",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "accept4",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "access",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "alarm",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "bind",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "brk",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "capget",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "capset",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chdir",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chmod",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chown",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chown32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "clock_getres",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "clock_gettime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "clock_nanosleep",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "close",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "connect",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "copy_file_range",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "creat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "dup",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "dup2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "dup3",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_create",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_create1",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_ctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_ctl_old",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_pwait",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_wait",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_wait_old",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "eventfd",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "eventfd2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "execve",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "execveat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "exit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "exit_group",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "faccessat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fadvise64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fadvise64_64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fallocate",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fanotify_mark",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchdir",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchmod",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchmodat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchown",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchown32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchownat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fcntl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fcntl64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fdatasync",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fgetxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "flistxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "flock",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fork",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fremovexattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fsetxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstat64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstatat64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstatfs",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstatfs64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fsync",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ftruncate",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ftruncate64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "futex",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "futimesat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getcpu",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getcwd",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getdents",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getdents64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getegid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getegid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "geteuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "geteuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getgroups",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getgroups32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getitimer",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpeername",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpgrp",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getppid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpriority",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getrandom",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getresgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getresgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getresuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getresuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getrlimit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "get_robust_list",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getrusage",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getsid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getsockname",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getsockopt",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "get_thread_area",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "gettid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "gettimeofday",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "inotify_add_watch",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "inotify_init",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "inotify_init1",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "inotify_rm_watch",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_cancel",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ioctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_destroy",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_getevents",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ioprio_get",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ioprio_set",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_setup",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_submit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ipc",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "kill",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lchown",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lchown32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lgetxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "link",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "linkat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "listen",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "listxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "llistxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "_llseek",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lremovexattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lseek",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lsetxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lstat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lstat64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "madvise",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "memfd_create",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mincore",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mkdir",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mkdirat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mknod",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mknodat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mlock",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mlock2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mlockall",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mmap",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mmap2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mprotect",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_getsetattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_notify",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_open",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_timedreceive",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_timedsend",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_unlink",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mremap",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msgctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msgget",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msgrcv",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msgsnd",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msync",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "munlock",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "munlockall",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "munmap",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "nanosleep",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "newfstatat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "_newselect",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "open",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "openat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pause",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "personality",
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 0,
+          "valueTwo": 0,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "name": "personality",
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 8,
+          "valueTwo": 0,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "name": "personality",
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 4294967295,
+          "valueTwo": 0,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "name": "pipe",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pipe2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "poll",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ppoll",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "prctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pread64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "preadv",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "prlimit64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pselect6",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pwrite64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pwritev",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "read",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "readahead",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "readlink",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "readlinkat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "readv",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "recv",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "recvfrom",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "recvmmsg",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "recvmsg",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "remap_file_pages",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "removexattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rename",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "renameat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "renameat2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "restart_syscall",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rmdir",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigaction",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigpending",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigprocmask",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigqueueinfo",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigreturn",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigsuspend",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigtimedwait",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_tgsigqueueinfo",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_getaffinity",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_getattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_getparam",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_get_priority_max",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_get_priority_min",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_getscheduler",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_rr_get_interval",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_setaffinity",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_setattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_setparam",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_setscheduler",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_yield",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "seccomp",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "select",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "semctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "semget",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "semop",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "semtimedop",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "send",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendfile",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendfile64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendmmsg",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendmsg",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendto",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setfsgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setfsgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setfsuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setfsuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setgroups",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setgroups32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setitimer",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setpgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setpriority",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setregid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setregid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setresgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setresgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setresuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setresuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setreuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setreuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setrlimit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "set_robust_list",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setsid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setsockopt",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "set_thread_area",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "set_tid_address",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shmat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shmctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shmdt",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shmget",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shutdown",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sigaltstack",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "signalfd",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "signalfd4",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sigreturn",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "socket",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "socketcall",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "socketpair",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "splice",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "stat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "stat64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "statfs",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "statfs64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "symlink",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "symlinkat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sync",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sync_file_range",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "syncfs",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sysinfo",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "syslog",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "tee",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "tgkill",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "time",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_create",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_delete",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timerfd_create",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timerfd_gettime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timerfd_settime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_getoverrun",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_gettime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_settime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "times",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "tkill",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "truncate",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "truncate64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ugetrlimit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "umask",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "uname",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "unlink",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "unlinkat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "utime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "utimensat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "utimes",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "vfork",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "vmsplice",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "wait4",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "waitid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "waitpid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "write",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "writev",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "arch_prctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "modify_ldt",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chroot",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "clone",
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 2080505856,
+          "valueTwo": 0,
+          "op": "SCMP_CMP_MASKED_EQ"
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/oci/fixtures/default.json b/oci/fixtures/default.json
new file mode 100644
index 0000000000000..8d4d21145eef2
--- /dev/null
+++ b/oci/fixtures/default.json
@@ -0,0 +1,813 @@
+{
+	"defaultAction": "SCMP_ACT_ERRNO",
+	"archMap": [
+		{
+			"architecture": "SCMP_ARCH_X86_64",
+			"subArchitectures": [
+				"SCMP_ARCH_X86",
+				"SCMP_ARCH_X32"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_AARCH64",
+			"subArchitectures": [
+				"SCMP_ARCH_ARM"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_MIPS64",
+			"subArchitectures": [
+				"SCMP_ARCH_MIPS",
+				"SCMP_ARCH_MIPS64N32"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_MIPS64N32",
+			"subArchitectures": [
+				"SCMP_ARCH_MIPS",
+				"SCMP_ARCH_MIPS64"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_MIPSEL64",
+			"subArchitectures": [
+				"SCMP_ARCH_MIPSEL",
+				"SCMP_ARCH_MIPSEL64N32"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_MIPSEL64N32",
+			"subArchitectures": [
+				"SCMP_ARCH_MIPSEL",
+				"SCMP_ARCH_MIPSEL64"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_S390X",
+			"subArchitectures": [
+				"SCMP_ARCH_S390"
+			]
+		}
+	],
+	"syscalls": [
+		{
+			"names": [
+				"accept",
+				"accept4",
+				"access",
+				"adjtimex",
+				"alarm",
+				"bind",
+				"brk",
+				"capget",
+				"capset",
+				"chdir",
+				"chmod",
+				"chown",
+				"chown32",
+				"clock_getres",
+				"clock_getres_time64",
+				"clock_gettime",
+				"clock_gettime64",
+				"clock_nanosleep",
+				"clock_nanosleep_time64",
+				"close",
+				"connect",
+				"copy_file_range",
+				"creat",
+				"dup",
+				"dup2",
+				"dup3",
+				"epoll_create",
+				"epoll_create1",
+				"epoll_ctl",
+				"epoll_ctl_old",
+				"epoll_pwait",
+				"epoll_wait",
+				"epoll_wait_old",
+				"eventfd",
+				"eventfd2",
+				"execve",
+				"execveat",
+				"exit",
+				"exit_group",
+				"faccessat",
+				"fadvise64",
+				"fadvise64_64",
+				"fallocate",
+				"fanotify_mark",
+				"fchdir",
+				"fchmod",
+				"fchmodat",
+				"fchown",
+				"fchown32",
+				"fchownat",
+				"fcntl",
+				"fcntl64",
+				"fdatasync",
+				"fgetxattr",
+				"flistxattr",
+				"flock",
+				"fork",
+				"fremovexattr",
+				"fsetxattr",
+				"fstat",
+				"fstat64",
+				"fstatat64",
+				"fstatfs",
+				"fstatfs64",
+				"fsync",
+				"ftruncate",
+				"ftruncate64",
+				"futex",
+				"futex_time64",
+				"futimesat",
+				"getcpu",
+				"getcwd",
+				"getdents",
+				"getdents64",
+				"getegid",
+				"getegid32",
+				"geteuid",
+				"geteuid32",
+				"getgid",
+				"getgid32",
+				"getgroups",
+				"getgroups32",
+				"getitimer",
+				"getpeername",
+				"getpgid",
+				"getpgrp",
+				"getpid",
+				"getppid",
+				"getpriority",
+				"getrandom",
+				"getresgid",
+				"getresgid32",
+				"getresuid",
+				"getresuid32",
+				"getrlimit",
+				"get_robust_list",
+				"getrusage",
+				"getsid",
+				"getsockname",
+				"getsockopt",
+				"get_thread_area",
+				"gettid",
+				"gettimeofday",
+				"getuid",
+				"getuid32",
+				"getxattr",
+				"inotify_add_watch",
+				"inotify_init",
+				"inotify_init1",
+				"inotify_rm_watch",
+				"io_cancel",
+				"ioctl",
+				"io_destroy",
+				"io_getevents",
+				"io_pgetevents",
+				"io_pgetevents_time64",
+				"ioprio_get",
+				"ioprio_set",
+				"io_setup",
+				"io_submit",
+				"ipc",
+				"kill",
+				"lchown",
+				"lchown32",
+				"lgetxattr",
+				"link",
+				"linkat",
+				"listen",
+				"listxattr",
+				"llistxattr",
+				"_llseek",
+				"lremovexattr",
+				"lseek",
+				"lsetxattr",
+				"lstat",
+				"lstat64",
+				"madvise",
+				"memfd_create",
+				"mincore",
+				"mkdir",
+				"mkdirat",
+				"mknod",
+				"mknodat",
+				"mlock",
+				"mlock2",
+				"mlockall",
+				"mmap",
+				"mmap2",
+				"mprotect",
+				"mq_getsetattr",
+				"mq_notify",
+				"mq_open",
+				"mq_timedreceive",
+				"mq_timedreceive_time64",
+				"mq_timedsend",
+				"mq_timedsend_time64",
+				"mq_unlink",
+				"mremap",
+				"msgctl",
+				"msgget",
+				"msgrcv",
+				"msgsnd",
+				"msync",
+				"munlock",
+				"munlockall",
+				"munmap",
+				"nanosleep",
+				"newfstatat",
+				"_newselect",
+				"open",
+				"openat",
+				"pause",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"ppoll_time64",
+				"prctl",
+				"pread64",
+				"preadv",
+				"preadv2",
+				"prlimit64",
+				"pselect6",
+				"pselect6_time64",
+				"pwrite64",
+				"pwritev",
+				"pwritev2",
+				"read",
+				"readahead",
+				"readlink",
+				"readlinkat",
+				"readv",
+				"recv",
+				"recvfrom",
+				"recvmmsg",
+				"recvmmsg_time64",
+				"recvmsg",
+				"remap_file_pages",
+				"removexattr",
+				"rename",
+				"renameat",
+				"renameat2",
+				"restart_syscall",
+				"rmdir",
+				"rt_sigaction",
+				"rt_sigpending",
+				"rt_sigprocmask",
+				"rt_sigqueueinfo",
+				"rt_sigreturn",
+				"rt_sigsuspend",
+				"rt_sigtimedwait",
+				"rt_sigtimedwait_time64",
+				"rt_tgsigqueueinfo",
+				"sched_getaffinity",
+				"sched_getattr",
+				"sched_getparam",
+				"sched_get_priority_max",
+				"sched_get_priority_min",
+				"sched_getscheduler",
+				"sched_rr_get_interval",
+				"sched_rr_get_interval_time64",
+				"sched_setaffinity",
+				"sched_setattr",
+				"sched_setparam",
+				"sched_setscheduler",
+				"sched_yield",
+				"seccomp",
+				"select",
+				"semctl",
+				"semget",
+				"semop",
+				"semtimedop",
+				"semtimedop_time64",
+				"send",
+				"sendfile",
+				"sendfile64",
+				"sendmmsg",
+				"sendmsg",
+				"sendto",
+				"setfsgid",
+				"setfsgid32",
+				"setfsuid",
+				"setfsuid32",
+				"setgid",
+				"setgid32",
+				"setgroups",
+				"setgroups32",
+				"setitimer",
+				"setpgid",
+				"setpriority",
+				"setregid",
+				"setregid32",
+				"setresgid",
+				"setresgid32",
+				"setresuid",
+				"setresuid32",
+				"setreuid",
+				"setreuid32",
+				"setrlimit",
+				"set_robust_list",
+				"setsid",
+				"setsockopt",
+				"set_thread_area",
+				"set_tid_address",
+				"setuid",
+				"setuid32",
+				"setxattr",
+				"shmat",
+				"shmctl",
+				"shmdt",
+				"shmget",
+				"shutdown",
+				"sigaltstack",
+				"signalfd",
+				"signalfd4",
+				"sigprocmask",
+				"sigreturn",
+				"socket",
+				"socketcall",
+				"socketpair",
+				"splice",
+				"stat",
+				"stat64",
+				"statfs",
+				"statfs64",
+				"statx",
+				"symlink",
+				"symlinkat",
+				"sync",
+				"sync_file_range",
+				"syncfs",
+				"sysinfo",
+				"tee",
+				"tgkill",
+				"time",
+				"timer_create",
+				"timer_delete",
+				"timer_getoverrun",
+				"timer_gettime",
+				"timer_gettime64",
+				"timer_settime",
+				"timer_settime64",
+				"timerfd_create",
+				"timerfd_gettime",
+				"timerfd_gettime64",
+				"timerfd_settime",
+				"timerfd_settime64",
+				"times",
+				"tkill",
+				"truncate",
+				"truncate64",
+				"ugetrlimit",
+				"umask",
+				"uname",
+				"unlink",
+				"unlinkat",
+				"utime",
+				"utimensat",
+				"utimensat_time64",
+				"utimes",
+				"vfork",
+				"vmsplice",
+				"wait4",
+				"waitid",
+				"waitpid",
+				"write",
+				"writev"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"ptrace"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": null,
+			"comment": "",
+			"includes": {
+				"minKernel": "4.8"
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 0,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 8,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 131072,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 131080,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 4294967295,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"sync_file_range2"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"ppc64le"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"arm_fadvise64_64",
+				"arm_sync_file_range",
+				"sync_file_range2",
+				"breakpoint",
+				"cacheflush",
+				"set_tls"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"arm",
+					"arm64"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"arch_prctl"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"amd64",
+					"x32"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"modify_ldt"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"amd64",
+					"x32",
+					"x86"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"s390_pci_mmio_read",
+				"s390_pci_mmio_write",
+				"s390_runtime_instr"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"s390",
+					"s390x"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"open_by_handle_at"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_DAC_READ_SEARCH"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"bpf",
+				"clone",
+				"fanotify_init",
+				"lookup_dcookie",
+				"mount",
+				"name_to_handle_at",
+				"perf_event_open",
+				"quotactl",
+				"setdomainname",
+				"sethostname",
+				"setns",
+				"syslog",
+				"umount",
+				"umount2",
+				"unshare"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_ADMIN"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"clone"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 2080505856,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_MASKED_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {
+				"caps": [
+					"CAP_SYS_ADMIN"
+				],
+				"arches": [
+					"s390",
+					"s390x"
+				]
+			}
+		},
+		{
+			"names": [
+				"clone"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 1,
+					"value": 2080505856,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_MASKED_EQ"
+				}
+			],
+			"comment": "s390 parameter ordering for clone is different",
+			"includes": {
+				"arches": [
+					"s390",
+					"s390x"
+				]
+			},
+			"excludes": {
+				"caps": [
+					"CAP_SYS_ADMIN"
+				]
+			}
+		},
+		{
+			"names": [
+				"reboot"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_BOOT"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"chroot"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_CHROOT"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"delete_module",
+				"init_module",
+				"finit_module",
+				"query_module"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_MODULE"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"acct"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_PACCT"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"kcmp",
+				"process_vm_readv",
+				"process_vm_writev",
+				"ptrace"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_PTRACE"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"iopl",
+				"ioperm"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_RAWIO"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"settimeofday",
+				"stime",
+				"clock_settime"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_TIME"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"vhangup"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_TTY_CONFIG"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"get_mempolicy",
+				"mbind",
+				"set_mempolicy"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_NICE"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"syslog"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYSLOG"
+				]
+			},
+			"excludes": {}
+		}
+	]
+}
\ No newline at end of file
diff --git a/oci/fixtures/example.json b/oci/fixtures/example.json
new file mode 100644
index 0000000000000..674ca50fd9734
--- /dev/null
+++ b/oci/fixtures/example.json
@@ -0,0 +1,27 @@
+{
+    "defaultAction": "SCMP_ACT_ERRNO",
+    "syscalls": [
+        {
+            "name": "clone",
+            "action": "SCMP_ACT_ALLOW",
+            "args": [
+                {
+                    "index": 0,
+                    "value": 2080505856,
+                    "valueTwo": 0,
+                    "op": "SCMP_CMP_MASKED_EQ"
+                }
+            ]
+        },
+        {
+            "name": "open",
+            "action": "SCMP_ACT_ALLOW",
+            "args": []
+        },
+        {
+            "name": "close",
+            "action": "SCMP_ACT_ALLOW",
+            "args": []
+        }
+    ]
+}
diff --git a/oci/namespaces.go b/oci/namespaces.go
index 5a2d8f2087362..f32e489b4a27f 100644
--- a/oci/namespaces.go
+++ b/oci/namespaces.go
@@ -1,6 +1,6 @@
 package oci // import "github.com/docker/docker/oci"
 
-import "github.com/opencontainers/runtime-spec/specs-go"
+import specs "github.com/opencontainers/runtime-spec/specs-go"
 
 // RemoveNamespace removes the `nsType` namespace from OCI spec `s`
 func RemoveNamespace(s *specs.Spec, nsType specs.LinuxNamespaceType) {
diff --git a/oci/oci.go b/oci/oci.go
new file mode 100644
index 0000000000000..2a4c0d79aa3b1
--- /dev/null
+++ b/oci/oci.go
@@ -0,0 +1,72 @@
+package oci // import "github.com/docker/docker/oci"
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// TODO verify if this regex is correct for "a" (all); the docs (https://github.com/torvalds/linux/blob/v5.10/Documentation/admin-guide/cgroup-v1/devices.rst) describe:
+//      "'all' means it applies to all types and all major and minor numbers", and shows an example
+//      that *only* passes `a` as value: `echo a > /sys/fs/cgroup/1/devices.allow, which would be
+//      the "implicit" equivalent of "a *:* rwm". Source-code also looks to confirm this, and returns
+//      early for "a" (all); https://github.com/torvalds/linux/blob/v5.10/security/device_cgroup.c#L614-L642
+//nolint: gosimple
+var deviceCgroupRuleRegex = regexp.MustCompile("^([acb]) ([0-9]+|\\*):([0-9]+|\\*) ([rwm]{1,3})$")
+
+// SetCapabilities sets the provided capabilities on the spec
+// All capabilities are added if privileged is true
+func SetCapabilities(s *specs.Spec, caplist []string) error {
+	s.Process.Capabilities.Effective = caplist
+	s.Process.Capabilities.Bounding = caplist
+	s.Process.Capabilities.Permitted = caplist
+	s.Process.Capabilities.Inheritable = caplist
+	// setUser has already been executed here
+	// if non root drop capabilities in the way execve does
+	if s.Process.User.UID != 0 {
+		s.Process.Capabilities.Effective = []string{}
+		s.Process.Capabilities.Permitted = []string{}
+	}
+	return nil
+}
+
+// AppendDevicePermissionsFromCgroupRules takes rules for the devices cgroup to append to the default set
+func AppendDevicePermissionsFromCgroupRules(devPermissions []specs.LinuxDeviceCgroup, rules []string) ([]specs.LinuxDeviceCgroup, error) {
+	for _, deviceCgroupRule := range rules {
+		ss := deviceCgroupRuleRegex.FindAllStringSubmatch(deviceCgroupRule, -1)
+		if len(ss) == 0 || len(ss[0]) != 5 {
+			return nil, fmt.Errorf("invalid device cgroup rule format: '%s'", deviceCgroupRule)
+		}
+		matches := ss[0]
+
+		dPermissions := specs.LinuxDeviceCgroup{
+			Allow:  true,
+			Type:   matches[1],
+			Access: matches[4],
+		}
+		if matches[2] == "*" {
+			major := int64(-1)
+			dPermissions.Major = &major
+		} else {
+			major, err := strconv.ParseInt(matches[2], 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf("invalid major value in device cgroup rule format: '%s'", deviceCgroupRule)
+			}
+			dPermissions.Major = &major
+		}
+		if matches[3] == "*" {
+			minor := int64(-1)
+			dPermissions.Minor = &minor
+		} else {
+			minor, err := strconv.ParseInt(matches[3], 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf("invalid minor value in device cgroup rule format: '%s'", deviceCgroupRule)
+			}
+			dPermissions.Minor = &minor
+		}
+		devPermissions = append(devPermissions, dPermissions)
+	}
+	return devPermissions, nil
+}
diff --git a/oci/oci_test.go b/oci/oci_test.go
new file mode 100644
index 0000000000000..37bc7c202eb62
--- /dev/null
+++ b/oci/oci_test.go
@@ -0,0 +1,168 @@
+package oci
+
+import (
+	"testing"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"gotest.tools/v3/assert"
+)
+
+func TestAppendDevicePermissionsFromCgroupRules(t *testing.T) {
+	ptr := func(i int64) *int64 { return &i }
+
+	tests := []struct {
+		doc         string
+		rule        string
+		expected    specs.LinuxDeviceCgroup
+		expectedErr string
+	}{
+		{
+			doc:         "empty rule",
+			rule:        "",
+			expectedErr: `invalid device cgroup rule format: ''`,
+		},
+		{
+			doc:         "multiple spaces after first column",
+			rule:        "c 1:1  rwm",
+			expectedErr: `invalid device cgroup rule format: 'c 1:1  rwm'`,
+		},
+		{
+			doc:         "multiple spaces after second column",
+			rule:        "c  1:1 rwm",
+			expectedErr: `invalid device cgroup rule format: 'c  1:1 rwm'`,
+		},
+		{
+			doc:         "leading spaces",
+			rule:        " c 1:1 rwm",
+			expectedErr: `invalid device cgroup rule format: ' c 1:1 rwm'`,
+		},
+		{
+			doc:         "trailing spaces",
+			rule:        "c 1:1 rwm ",
+			expectedErr: `invalid device cgroup rule format: 'c 1:1 rwm '`,
+		},
+		{
+			doc:         "unknown device type",
+			rule:        "z 1:1 rwm",
+			expectedErr: `invalid device cgroup rule format: 'z 1:1 rwm'`,
+		},
+		{
+			doc:         "invalid device type",
+			rule:        "zz  1:1 rwm",
+			expectedErr: `invalid device cgroup rule format: 'zz  1:1 rwm'`,
+		},
+		{
+			doc:         "missing colon",
+			rule:        "c 11 rwm",
+			expectedErr: `invalid device cgroup rule format: 'c 11 rwm'`,
+		},
+		{
+			doc:         "invalid device major-minor",
+			rule:        "c a:a rwm",
+			expectedErr: `invalid device cgroup rule format: 'c a:a rwm'`,
+		},
+		{
+			doc:         "negative major device",
+			rule:        "c -1:1 rwm",
+			expectedErr: `invalid device cgroup rule format: 'c -1:1 rwm'`,
+		},
+		{
+			doc:         "negative minor device",
+			rule:        "c 1:-1 rwm",
+			expectedErr: `invalid device cgroup rule format: 'c 1:-1 rwm'`,
+		},
+		{
+			doc:         "missing permissions",
+			rule:        "c 1:1",
+			expectedErr: `invalid device cgroup rule format: 'c 1:1'`,
+		},
+		{
+			doc:         "invalid permissions",
+			rule:        "c 1:1 x",
+			expectedErr: `invalid device cgroup rule format: 'c 1:1 x'`,
+		},
+		{
+			doc:         "too many permissions",
+			rule:        "c 1:1 rwmrwm",
+			expectedErr: `invalid device cgroup rule format: 'c 1:1 rwmrwm'`,
+		},
+		{
+			doc:         "major out of range",
+			rule:        "c 18446744073709551616:1 rwm",
+			expectedErr: `invalid major value in device cgroup rule format: 'c 18446744073709551616:1 rwm'`,
+		},
+		{
+			doc:         "minor out of range",
+			rule:        "c 1:18446744073709551616 rwm",
+			expectedErr: `invalid minor value in device cgroup rule format: 'c 1:18446744073709551616 rwm'`,
+		},
+		{
+			doc:      "all (a) devices",
+			rule:     "a 1:1 rwm",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "a", Major: ptr(1), Minor: ptr(1), Access: "rwm"},
+		},
+		{
+			doc:      "char (c) devices",
+			rule:     "c 1:1 rwm",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "rwm"},
+		},
+		{
+			doc:      "block (b) devices",
+			rule:     "b 1:1 rwm",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "b", Major: ptr(1), Minor: ptr(1), Access: "rwm"},
+		},
+		{
+			doc:      "char device with rwm permissions",
+			rule:     "c 7:128 rwm",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(7), Minor: ptr(128), Access: "rwm"},
+		},
+		{
+			doc:      "wildcard major",
+			rule:     "c *:1 rwm",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(-1), Minor: ptr(1), Access: "rwm"},
+		},
+		{
+			doc:      "wildcard minor",
+			rule:     "c 1:* rwm",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(-1), Access: "rwm"},
+		},
+		{
+			doc:      "wildcard major and minor",
+			rule:     "c *:* rwm",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(-1), Minor: ptr(-1), Access: "rwm"},
+		},
+		{
+			doc:      "read (r) permission",
+			rule:     "c 1:1 r",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "r"},
+		},
+		{
+			doc:      "write (w) permission",
+			rule:     "c 1:1 w",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "w"},
+		},
+		{
+			doc:      "mknod (m) permission",
+			rule:     "c 1:1 m",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "m"},
+		},
+		{
+			doc:      "mknod (m) and read (r) permission",
+			rule:     "c 1:1 mr",
+			expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "mr"},
+		},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.doc, func(t *testing.T) {
+			out, err := AppendDevicePermissionsFromCgroupRules([]specs.LinuxDeviceCgroup{}, []string{tc.rule})
+			if tc.expectedErr != "" {
+				assert.Error(t, err, tc.expectedErr)
+				return
+			}
+			assert.NilError(t, err)
+			assert.DeepEqual(t, out, []specs.LinuxDeviceCgroup{tc.expected})
+		})
+	}
+}
diff --git a/oci/seccomp_test.go b/oci/seccomp_test.go
new file mode 100644
index 0000000000000..814cdaa7c0e32
--- /dev/null
+++ b/oci/seccomp_test.go
@@ -0,0 +1,40 @@
+//go:build linux
+// +build linux
+
+package oci
+
+import (
+	"encoding/json"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/profiles/seccomp"
+)
+
+func TestSeccompLoadProfile(t *testing.T) {
+	profiles := []string{"default.json", "default-old-format.json", "example.json"}
+
+	for _, p := range profiles {
+		t.Run(p, func(t *testing.T) {
+			f, err := os.ReadFile("fixtures/" + p)
+			if err != nil {
+				t.Fatal(err)
+			}
+			rs := DefaultLinuxSpec()
+			if _, err := seccomp.LoadProfile(string(f), &rs); err != nil {
+				t.Fatal(err)
+			}
+		})
+	}
+}
+
+func TestSeccompLoadDefaultProfile(t *testing.T) {
+	b, err := json.Marshal(seccomp.DefaultProfile())
+	if err != nil {
+		t.Fatal(err)
+	}
+	rs := DefaultLinuxSpec()
+	if _, err := seccomp.LoadProfile(string(b), &rs); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/opts/address_pools.go b/opts/address_pools.go
index 9b27a62853c68..6274b35a871d3 100644
--- a/opts/address_pools.go
+++ b/opts/address_pools.go
@@ -7,17 +7,17 @@ import (
 	"strconv"
 	"strings"
 
-	types "github.com/docker/libnetwork/ipamutils"
+	types "github.com/docker/docker/libnetwork/ipamutils"
 )
 
 // PoolsOpt is a Value type for parsing the default address pools definitions
 type PoolsOpt struct {
-	values []*types.NetworkToSplit
+	Values []*types.NetworkToSplit
 }
 
 // UnmarshalJSON fills values structure  info from JSON input
 func (p *PoolsOpt) UnmarshalJSON(raw []byte) error {
-	return json.Unmarshal(raw, &(p.values))
+	return json.Unmarshal(raw, &(p.Values))
 }
 
 // Set predefined pools
@@ -53,7 +53,7 @@ func (p *PoolsOpt) Set(value string) error {
 		}
 	}
 
-	p.values = append(p.values, &poolsDef)
+	p.Values = append(p.Values, &poolsDef)
 
 	return nil
 }
@@ -66,7 +66,7 @@ func (p *PoolsOpt) Type() string {
 // String returns a string repr of this option
 func (p *PoolsOpt) String() string {
 	var pools []string
-	for _, pool := range p.values {
+	for _, pool := range p.Values {
 		repr := fmt.Sprintf("%s %d", pool.Base, pool.Size)
 		pools = append(pools, repr)
 	}
@@ -75,7 +75,7 @@ func (p *PoolsOpt) String() string {
 
 // Value returns the mounts
 func (p *PoolsOpt) Value() []*types.NetworkToSplit {
-	return p.values
+	return p.Values
 }
 
 // Name returns the flag name of this option
diff --git a/opts/env.go b/opts/env.go
index f6e5e9074d670..97e1a8c8a26d8 100644
--- a/opts/env.go
+++ b/opts/env.go
@@ -1,48 +1,30 @@
 package opts // import "github.com/docker/docker/opts"
 
 import (
-	"fmt"
 	"os"
-	"runtime"
 	"strings"
 
 	"github.com/pkg/errors"
 )
 
 // ValidateEnv validates an environment variable and returns it.
-// If no value is specified, it returns the current value using os.Getenv.
+// If no value is specified, it obtains its value from the current environment
 //
 // As on ParseEnvFile and related to #16585, environment variable names
-// are not validate what so ever, it's up to application inside docker
+// are not validate whatsoever, it's up to application inside docker
 // to validate them or not.
 //
 // The only validation here is to check if name is empty, per #25099
 func ValidateEnv(val string) (string, error) {
-	arr := strings.Split(val, "=")
+	arr := strings.SplitN(val, "=", 2)
 	if arr[0] == "" {
-		return "", errors.Errorf("invalid environment variable: %s", val)
+		return "", errors.New("invalid environment variable: " + val)
 	}
 	if len(arr) > 1 {
 		return val, nil
 	}
-	if !doesEnvExist(val) {
-		return val, nil
-	}
-	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil
-}
-
-func doesEnvExist(name string) bool {
-	for _, entry := range os.Environ() {
-		parts := strings.SplitN(entry, "=", 2)
-		if runtime.GOOS == "windows" {
-			// Environment variable are case-insensitive on Windows. PaTh, path and PATH are equivalent.
-			if strings.EqualFold(parts[0], name) {
-				return true
-			}
-		}
-		if parts[0] == name {
-			return true
-		}
+	if envVal, ok := os.LookupEnv(arr[0]); ok {
+		return arr[0] + "=" + envVal, nil
 	}
-	return false
+	return val, nil
 }
diff --git a/opts/env_test.go b/opts/env_test.go
index 1ecf1e2b945d6..df60408cc42a0 100644
--- a/opts/env_test.go
+++ b/opts/env_test.go
@@ -5,14 +5,17 @@ import (
 	"os"
 	"runtime"
 	"testing"
+
+	"gotest.tools/v3/assert"
 )
 
 func TestValidateEnv(t *testing.T) {
-	testcase := []struct {
+	type testCase struct {
 		value    string
 		expected string
 		err      error
-	}{
+	}
+	tests := []testCase{
 		{
 			value:    "a",
 			expected: "a",
@@ -51,7 +54,11 @@ func TestValidateEnv(t *testing.T) {
 		},
 		{
 			value: "=a",
-			err:   fmt.Errorf(fmt.Sprintf("invalid environment variable: %s", "=a")),
+			err:   fmt.Errorf("invalid environment variable: =a"),
+		},
+		{
+			value:    "PATH=",
+			expected: "PATH=",
 		},
 		{
 			value:    "PATH=something",
@@ -83,42 +90,30 @@ func TestValidateEnv(t *testing.T) {
 		},
 		{
 			value: "=",
-			err:   fmt.Errorf(fmt.Sprintf("invalid environment variable: %s", "=")),
+			err:   fmt.Errorf("invalid environment variable: ="),
 		},
 	}
 
-	// Environment variables are case in-sensitive on Windows
 	if runtime.GOOS == "windows" {
-		tmp := struct {
-			value    string
-			expected string
-			err      error
-		}{
+		// Environment variables are case in-sensitive on Windows
+		tests = append(tests, testCase{
 			value:    "PaTh",
 			expected: fmt.Sprintf("PaTh=%v", os.Getenv("PATH")),
-		}
-		testcase = append(testcase, tmp)
-
+			err:      nil,
+		})
 	}
 
-	for _, r := range testcase {
-		actual, err := ValidateEnv(r.value)
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.value, func(t *testing.T) {
+			actual, err := ValidateEnv(tc.value)
 
-		if err != nil {
-			if r.err == nil {
-				t.Fatalf("Expected err is nil, got err[%v]", err)
-			}
-			if err.Error() != r.err.Error() {
-				t.Fatalf("Expected err[%v], got err[%v]", r.err, err)
+			if tc.err == nil {
+				assert.NilError(t, err)
+			} else {
+				assert.Error(t, err, tc.err.Error())
 			}
-		}
-
-		if err == nil && r.err != nil {
-			t.Fatalf("Expected err[%v], but err is nil", r.err)
-		}
-
-		if actual != r.expected {
-			t.Fatalf("Expected [%v], got [%v]", r.expected, actual)
-		}
+			assert.Equal(t, actual, tc.expected)
+		})
 	}
 }
diff --git a/opts/hosts.go b/opts/hosts.go
index 2adf4211d5716..a3123adefe705 100644
--- a/opts/hosts.go
+++ b/opts/hosts.go
@@ -4,11 +4,14 @@ import (
 	"fmt"
 	"net"
 	"net/url"
+	"path/filepath"
 	"strconv"
 	"strings"
+
+	"github.com/docker/docker/pkg/homedir"
 )
 
-var (
+const (
 	// DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. dockerd -H tcp://
 	// These are the IANA registered port numbers for use with Docker
 	// see http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker
@@ -19,11 +22,15 @@ var (
 	// Docker daemon by default always listens on the default unix socket
 	DefaultUnixSocket = "/var/run/docker.sock"
 	// DefaultTCPHost constant defines the default host string used by docker on Windows
-	DefaultTCPHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultHTTPPort)
+	DefaultTCPHost = "tcp://" + DefaultHTTPHost + ":2375"
 	// DefaultTLSHost constant defines the default host string used by docker for TLS sockets
-	DefaultTLSHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultTLSHTTPPort)
+	DefaultTLSHost = "tcp://" + DefaultHTTPHost + ":2376"
 	// DefaultNamedPipe defines the default named pipe used by docker on Windows
 	DefaultNamedPipe = `//./pipe/docker_engine`
+	// HostGatewayName is the string value that can be passed
+	// to the IPAddr section in --add-host that is replaced by
+	// the value of HostGatewayIP daemon config value
+	HostGatewayName = "host-gateway"
 )
 
 // ValidateHost validates that the specified string is a valid host and returns it.
@@ -41,12 +48,20 @@ func ValidateHost(val string) (string, error) {
 	return val, nil
 }
 
-// ParseHost and set defaults for a Daemon host string
-func ParseHost(defaultToTLS bool, val string) (string, error) {
+// ParseHost and set defaults for a Daemon host string.
+// defaultToTLS is preferred over defaultToUnixXDG.
+func ParseHost(defaultToTLS, defaultToUnixXDG bool, val string) (string, error) {
 	host := strings.TrimSpace(val)
 	if host == "" {
 		if defaultToTLS {
 			host = DefaultTLSHost
+		} else if defaultToUnixXDG {
+			runtimeDir, err := homedir.GetRuntimeDir()
+			if err != nil {
+				return "", err
+			}
+			socket := filepath.Join(runtimeDir, "docker.sock")
+			host = "unix://" + socket
 		} else {
 			host = DefaultHost
 		}
@@ -158,8 +173,11 @@ func ValidateExtraHost(val string) (string, error) {
 	if len(arr) != 2 || len(arr[0]) == 0 {
 		return "", fmt.Errorf("bad format for add-host: %q", val)
 	}
-	if _, err := ValidateIPAddress(arr[1]); err != nil {
-		return "", fmt.Errorf("invalid IP address in add-host: %q", arr[1])
+	// Skip IPaddr validation for special "host-gateway" string
+	if arr[1] != HostGatewayName {
+		if _, err := ValidateIPAddress(arr[1]); err != nil {
+			return "", fmt.Errorf("invalid IP address in add-host: %q", arr[1])
+		}
 	}
 	return val, nil
 }
diff --git a/opts/hosts_test.go b/opts/hosts_test.go
index e46326a5be3a8..7a0a943adf3cb 100644
--- a/opts/hosts_test.go
+++ b/opts/hosts_test.go
@@ -38,13 +38,13 @@ func TestParseHost(t *testing.T) {
 	}
 
 	for _, value := range invalid {
-		if _, err := ParseHost(false, value); err == nil {
+		if _, err := ParseHost(false, false, value); err == nil {
 			t.Errorf("Expected an error for %v, got [nil]", value)
 		}
 	}
 
 	for value, expected := range valid {
-		if actual, err := ParseHost(false, value); err != nil || actual != expected {
+		if actual, err := ParseHost(false, false, value); err != nil || actual != expected {
 			t.Errorf("Expected for %v [%v], got [%v, %v]", value, expected, actual, err)
 		}
 	}
@@ -53,8 +53,8 @@ func TestParseHost(t *testing.T) {
 func TestParseDockerDaemonHost(t *testing.T) {
 	invalids := map[string]string{
 
-		"tcp:a.b.c.d":                   "Invalid bind address format: tcp:a.b.c.d",
-		"tcp:a.b.c.d/path":              "Invalid bind address format: tcp:a.b.c.d/path",
+		"tcp:a.b.c.d":                   "",
+		"tcp:a.b.c.d/path":              "",
 		"udp://127.0.0.1":               "Invalid bind address format: udp://127.0.0.1",
 		"udp://127.0.0.1:2375":          "Invalid bind address format: udp://127.0.0.1:2375",
 		"tcp://unix:///run/docker.sock": "Invalid proto, expected tcp: unix:///run/docker.sock",
@@ -83,7 +83,7 @@ func TestParseDockerDaemonHost(t *testing.T) {
 		"localhost:5555/path":         "tcp://localhost:5555/path",
 	}
 	for invalidAddr, expectedError := range invalids {
-		if addr, err := parseDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {
+		if addr, err := parseDaemonHost(invalidAddr); err == nil || expectedError != "" && err.Error() != expectedError {
 			t.Errorf("tcp %v address expected error %q return, got %q and addr %v", invalidAddr, expectedError, err, addr)
 		}
 	}
@@ -99,8 +99,8 @@ func TestParseTCP(t *testing.T) {
 		defaultHTTPHost = "tcp://127.0.0.1:2376"
 	)
 	invalids := map[string]string{
-		"tcp:a.b.c.d":          "Invalid bind address format: tcp:a.b.c.d",
-		"tcp:a.b.c.d/path":     "Invalid bind address format: tcp:a.b.c.d/path",
+		"tcp:a.b.c.d":          "",
+		"tcp:a.b.c.d/path":     "",
 		"udp://127.0.0.1":      "Invalid proto, expected tcp: udp://127.0.0.1",
 		"udp://127.0.0.1:2375": "Invalid proto, expected tcp: udp://127.0.0.1:2375",
 	}
@@ -125,7 +125,7 @@ func TestParseTCP(t *testing.T) {
 		"localhost:5555/path":         "tcp://localhost:5555/path",
 	}
 	for invalidAddr, expectedError := range invalids {
-		if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || err.Error() != expectedError {
+		if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || expectedError != "" && err.Error() != expectedError {
 			t.Errorf("tcp %v address expected error %v return, got %s and addr %v", invalidAddr, expectedError, err, addr)
 		}
 	}
diff --git a/opts/hosts_unix.go b/opts/hosts_unix.go
index 9d5bb64565e5b..4b1c8512e238a 100644
--- a/opts/hosts_unix.go
+++ b/opts/hosts_unix.go
@@ -1,8 +1,12 @@
+//go:build !windows
 // +build !windows
 
 package opts // import "github.com/docker/docker/opts"
 
-import "fmt"
+const (
+	// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
+	DefaultHTTPHost = "localhost"
 
-// DefaultHost constant defines the default host string used by docker on other hosts than Windows
-var DefaultHost = fmt.Sprintf("unix://%s", DefaultUnixSocket)
+	// DefaultHost constant defines the default host string used by docker on other hosts than Windows
+	DefaultHost = "unix://" + DefaultUnixSocket
+)
diff --git a/opts/hosts_windows.go b/opts/hosts_windows.go
index 906eba53ee2a7..576236ba42b0e 100644
--- a/opts/hosts_windows.go
+++ b/opts/hosts_windows.go
@@ -1,4 +1,60 @@
 package opts // import "github.com/docker/docker/opts"
 
-// DefaultHost constant defines the default host string used by docker on Windows
-var DefaultHost = "npipe://" + DefaultNamedPipe
+const (
+	// TODO Windows. Identify bug in GOLang 1.5.1+ and/or Windows Server 2016 TP5.
+	//
+	// On Windows, this mitigates a problem with the default options of running
+	// a docker client against a local docker daemon on TP5.
+	//
+	// What was found that if the default host is "localhost", even if the client
+	// (and daemon as this is local) is not physically on a network, and the DNS
+	// cache is flushed (ipconfig /flushdns), then the client will pause for
+	// exactly one second when connecting to the daemon for calls. For example
+	// using docker run windowsservercore cmd, the CLI will send a create followed
+	// by an attach. You see the delay between the attach finishing and the attach
+	// being seen by the daemon.
+	//
+	// Here's some daemon debug logs with additional debug spew put in. The
+	// AfterWriteJSON log is the very last thing the daemon does as part of the
+	// create call. The POST /attach is the second CLI call. Notice the second
+	// time gap.
+	//
+	// time="2015-11-06T13:38:37.259627400-08:00" level=debug msg="After createRootfs"
+	// time="2015-11-06T13:38:37.263626300-08:00" level=debug msg="After setHostConfig"
+	// time="2015-11-06T13:38:37.267631200-08:00" level=debug msg="before createContainerPl...."
+	// time="2015-11-06T13:38:37.271629500-08:00" level=debug msg=ToDiskLocking....
+	// time="2015-11-06T13:38:37.275643200-08:00" level=debug msg="loggin event...."
+	// time="2015-11-06T13:38:37.277627600-08:00" level=debug msg="logged event...."
+	// time="2015-11-06T13:38:37.279631800-08:00" level=debug msg="In defer func"
+	// time="2015-11-06T13:38:37.282628100-08:00" level=debug msg="After daemon.create"
+	// time="2015-11-06T13:38:37.286651700-08:00" level=debug msg="return 2"
+	// time="2015-11-06T13:38:37.289629500-08:00" level=debug msg="Returned from daemon.ContainerCreate"
+	// time="2015-11-06T13:38:37.311629100-08:00" level=debug msg="After WriteJSON"
+	// ... 1 second gap here....
+	// time="2015-11-06T13:38:38.317866200-08:00" level=debug msg="Calling POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach"
+	// time="2015-11-06T13:38:38.326882500-08:00" level=info msg="POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach?stderr=1&stdin=1&stdout=1&stream=1"
+	//
+	// We suspect this is either a bug introduced in GOLang 1.5.1, or that a change
+	// in GOLang 1.5.1 (from 1.4.3) is exposing a bug in Windows. In theory,
+	// the Windows networking stack is supposed to resolve "localhost" internally,
+	// without hitting DNS, or even reading the hosts file (which is why localhost
+	// is commented out in the hosts file on Windows).
+	//
+	// We have validated that working around this using the actual IPv4 localhost
+	// address does not cause the delay.
+	//
+	// This does not occur with the docker client built with 1.4.3 on the same
+	// Windows build, regardless of whether the daemon is built using 1.5.1
+	// or 1.4.3. It does not occur on Linux. We also verified we see the same thing
+	// on a cross-compiled Windows binary (from Linux).
+	//
+	// Final note: This is a mitigation, not a 'real' fix. It is still susceptible
+	// to the delay if a user were to do 'docker run -H=tcp://localhost:2375...'
+	// explicitly.
+
+	// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
+	DefaultHTTPHost = "127.0.0.1"
+
+	// DefaultHost constant defines the default host string used by docker on Windows
+	DefaultHost = "npipe://" + DefaultNamedPipe
+)
diff --git a/opts/opts.go b/opts/opts.go
index de8aacb806d7a..60a093f28c9e0 100644
--- a/opts/opts.go
+++ b/opts/opts.go
@@ -7,7 +7,7 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
 var (
@@ -254,12 +254,23 @@ func validateDomain(val string) (string, error) {
 	return "", fmt.Errorf("%s is not a valid domain", val)
 }
 
-// ValidateLabel validates that the specified string is a valid label, and returns it.
+// ValidateLabel validates that the specified string is a valid label,
+// it does not use the reserved namespaces com.docker.*, io.docker.*, org.dockerproject.*
+// and returns it.
 // Labels are in the form on key=value.
 func ValidateLabel(val string) (string, error) {
 	if strings.Count(val, "=") < 1 {
 		return "", fmt.Errorf("bad attribute format: %s", val)
 	}
+
+	lowered := strings.ToLower(val)
+	if strings.HasPrefix(lowered, "com.docker.") || strings.HasPrefix(lowered, "io.docker.") ||
+		strings.HasPrefix(lowered, "org.dockerproject.") {
+		return "", fmt.Errorf(
+			"label %s is not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for internal use",
+			val)
+	}
+
 	return val, nil
 }
 
diff --git a/opts/opts_test.go b/opts/opts_test.go
index 577395edcb31a..2249cc10546a0 100644
--- a/opts/opts_test.go
+++ b/opts/opts_test.go
@@ -4,6 +4,9 @@ import (
 	"fmt"
 	"strings"
 	"testing"
+
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestValidateIPAddress(t *testing.T) {
@@ -174,19 +177,94 @@ func TestValidateDNSSearch(t *testing.T) {
 }
 
 func TestValidateLabel(t *testing.T) {
-	if _, err := ValidateLabel("label"); err == nil || err.Error() != "bad attribute format: label" {
-		t.Fatalf("Expected an error [bad attribute format: label], go %v", err)
-	}
-	if actual, err := ValidateLabel("key1=value1"); err != nil || actual != "key1=value1" {
-		t.Fatalf("Expected [key1=value1], got [%v,%v]", actual, err)
-	}
-	// Validate it's working with more than one =
-	if actual, err := ValidateLabel("key1=value1=value2"); err != nil {
-		t.Fatalf("Expected [key1=value1=value2], got [%v,%v]", actual, err)
+	testCases := []struct {
+		name           string
+		label          string
+		expectedResult string
+		expectedErr    string
+	}{
+		{
+			name:        "lable with bad attribute format",
+			label:       "label",
+			expectedErr: "bad attribute format: label",
+		},
+		{
+			name:           "label with general format",
+			label:          "key1=value1",
+			expectedResult: "key1=value1",
+		},
+		{
+			name:           "label with more than one =",
+			label:          "key1=value1=value2",
+			expectedResult: "key1=value1=value2",
+		},
+		{
+			name:           "label with one more",
+			label:          "key1=value1=value2=value3",
+			expectedResult: "key1=value1=value2=value3",
+		},
+		{
+			name:           "label with no reserved com.docker.*",
+			label:          "com.dockerpsychnotreserved.label=value",
+			expectedResult: "com.dockerpsychnotreserved.label=value",
+		},
+		{
+			name:           "label with no reserved io.docker.*",
+			label:          "io.dockerproject.not=reserved",
+			expectedResult: "io.dockerproject.not=reserved",
+		},
+		{
+			name:           "label with no reserved org.dockerproject.*",
+			label:          "org.docker.not=reserved",
+			expectedResult: "org.docker.not=reserved",
+		},
+		{
+			name:        "label with reserved com.docker.*",
+			label:       "com.docker.feature=enabled",
+			expectedErr: "label com.docker.feature=enabled is not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for internal use",
+		},
+		{
+			name:        "label with reserved upcase com.docker.* ",
+			label:       "COM.docker.feature=enabled",
+			expectedErr: "label COM.docker.feature=enabled is not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for internal use",
+		},
+		{
+			name:        "label with reserved io.docker.*",
+			label:       "io.docker.configuration=0",
+			expectedErr: "label io.docker.configuration=0 is not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for internal use",
+		},
+		{
+			name:        "label with reserved upcase io.docker.*",
+			label:       "io.DOCKER.CONFIGURATion=0",
+			expectedErr: "label io.DOCKER.CONFIGURATion=0 is not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for internal use",
+		},
+		{
+			name:        "label with reserved org.dockerproject.*",
+			label:       "org.dockerproject.setting=on",
+			expectedErr: "label org.dockerproject.setting=on is not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for internal use",
+		},
+		{
+			name:        "label with reserved upcase org.dockerproject.*",
+			label:       "Org.Dockerproject.Setting=on",
+			expectedErr: "label Org.Dockerproject.Setting=on is not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for internal use",
+		},
 	}
-	// Validate it's working with one more
-	if actual, err := ValidateLabel("key1=value1=value2=value3"); err != nil {
-		t.Fatalf("Expected [key1=value1=value2=value2], got [%v,%v]", actual, err)
+
+	for _, testCase := range testCases {
+		testCase := testCase
+		t.Run(testCase.name, func(t *testing.T) {
+			result, err := ValidateLabel(testCase.label)
+
+			if testCase.expectedErr != "" {
+				assert.Error(t, err, testCase.expectedErr)
+			} else {
+				assert.NilError(t, err)
+			}
+			if testCase.expectedResult != "" {
+				assert.Check(t, is.Equal(result, testCase.expectedResult))
+			}
+		})
+
 	}
 }
 
diff --git a/opts/opts_unix.go b/opts/opts_unix.go
deleted file mode 100644
index 0c32367cb22d7..0000000000000
--- a/opts/opts_unix.go
+++ /dev/null
@@ -1,6 +0,0 @@
-// +build !windows
-
-package opts // import "github.com/docker/docker/opts"
-
-// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
-const DefaultHTTPHost = "localhost"
diff --git a/opts/opts_windows.go b/opts/opts_windows.go
deleted file mode 100644
index 0e1b6c6d18e80..0000000000000
--- a/opts/opts_windows.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-// TODO Windows. Identify bug in GOLang 1.5.1+ and/or Windows Server 2016 TP5.
-// @jhowardmsft, @swernli.
-//
-// On Windows, this mitigates a problem with the default options of running
-// a docker client against a local docker daemon on TP5.
-//
-// What was found that if the default host is "localhost", even if the client
-// (and daemon as this is local) is not physically on a network, and the DNS
-// cache is flushed (ipconfig /flushdns), then the client will pause for
-// exactly one second when connecting to the daemon for calls. For example
-// using docker run windowsservercore cmd, the CLI will send a create followed
-// by an attach. You see the delay between the attach finishing and the attach
-// being seen by the daemon.
-//
-// Here's some daemon debug logs with additional debug spew put in. The
-// AfterWriteJSON log is the very last thing the daemon does as part of the
-// create call. The POST /attach is the second CLI call. Notice the second
-// time gap.
-//
-// time="2015-11-06T13:38:37.259627400-08:00" level=debug msg="After createRootfs"
-// time="2015-11-06T13:38:37.263626300-08:00" level=debug msg="After setHostConfig"
-// time="2015-11-06T13:38:37.267631200-08:00" level=debug msg="before createContainerPl...."
-// time="2015-11-06T13:38:37.271629500-08:00" level=debug msg=ToDiskLocking....
-// time="2015-11-06T13:38:37.275643200-08:00" level=debug msg="loggin event...."
-// time="2015-11-06T13:38:37.277627600-08:00" level=debug msg="logged event...."
-// time="2015-11-06T13:38:37.279631800-08:00" level=debug msg="In defer func"
-// time="2015-11-06T13:38:37.282628100-08:00" level=debug msg="After daemon.create"
-// time="2015-11-06T13:38:37.286651700-08:00" level=debug msg="return 2"
-// time="2015-11-06T13:38:37.289629500-08:00" level=debug msg="Returned from daemon.ContainerCreate"
-// time="2015-11-06T13:38:37.311629100-08:00" level=debug msg="After WriteJSON"
-// ... 1 second gap here....
-// time="2015-11-06T13:38:38.317866200-08:00" level=debug msg="Calling POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach"
-// time="2015-11-06T13:38:38.326882500-08:00" level=info msg="POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach?stderr=1&stdin=1&stdout=1&stream=1"
-//
-// We suspect this is either a bug introduced in GOLang 1.5.1, or that a change
-// in GOLang 1.5.1 (from 1.4.3) is exposing a bug in Windows. In theory,
-// the Windows networking stack is supposed to resolve "localhost" internally,
-// without hitting DNS, or even reading the hosts file (which is why localhost
-// is commented out in the hosts file on Windows).
-//
-// We have validated that working around this using the actual IPv4 localhost
-// address does not cause the delay.
-//
-// This does not occur with the docker client built with 1.4.3 on the same
-// Windows build, regardless of whether the daemon is built using 1.5.1
-// or 1.4.3. It does not occur on Linux. We also verified we see the same thing
-// on a cross-compiled Windows binary (from Linux).
-//
-// Final note: This is a mitigation, not a 'real' fix. It is still susceptible
-// to the delay if a user were to do 'docker run -H=tcp://localhost:2375...'
-// explicitly.
-
-// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
-const DefaultHTTPHost = "127.0.0.1"
diff --git a/opts/quotedstring_test.go b/opts/quotedstring_test.go
index 89fed6cfa6ac3..8ee603adace29 100644
--- a/opts/quotedstring_test.go
+++ b/opts/quotedstring_test.go
@@ -3,8 +3,8 @@ package opts // import "github.com/docker/docker/opts"
 import (
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestQuotedStringSetWithQuotes(t *testing.T) {
diff --git a/opts/ulimit.go b/opts/ulimit.go
index 0e2a36236c1bf..61cc58d4d3293 100644
--- a/opts/ulimit.go
+++ b/opts/ulimit.go
@@ -3,7 +3,7 @@ package opts // import "github.com/docker/docker/opts"
 import (
 	"fmt"
 
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
 // UlimitOpt defines a map of Ulimits
diff --git a/opts/ulimit_test.go b/opts/ulimit_test.go
index 41e12627c8a3d..90b15d61e87b0 100644
--- a/opts/ulimit_test.go
+++ b/opts/ulimit_test.go
@@ -3,12 +3,12 @@ package opts // import "github.com/docker/docker/opts"
 import (
 	"testing"
 
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
 func TestUlimitOpt(t *testing.T) {
 	ulimitMap := map[string]*units.Ulimit{
-		"nofile": {"nofile", 1024, 512},
+		"nofile": {Name: "nofile", Hard: 1024, Soft: 512},
 	}
 
 	ulimitOpt := NewUlimitOpt(&ulimitMap)
diff --git a/patches/0001-archive-tar-do-not-populate-user-group-names.patch b/patches/0001-archive-tar-do-not-populate-user-group-names.patch
new file mode 100644
index 0000000000000..c5599b6102d66
--- /dev/null
+++ b/patches/0001-archive-tar-do-not-populate-user-group-names.patch
@@ -0,0 +1,75 @@
+From bc0de86b495ae014b209431ed7cb90fc3d5e4d1f Mon Sep 17 00:00:00 2001
+From: Kir Kolyshkin <kolyshkin@gmail.com>
+Date: Mon, 9 Apr 2018 15:58:40 -0700
+Subject: [PATCH] archive/tar: do not populate user/group names
+
+This reverts part of commit 29a18899379c ("archive/tar: populate
+uname/gname/devmajor/devminor in FileInfoHeader"). The reason is
+using os/user functions to resolved uids/gids to names breaks
+the static build for Linux/glibc case (the resulting binary panics
+on NULL pointer dereference).
+
+For much more details, see https://github.com/golang/go/issues/23265
+
+Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
+---
+ src/archive/tar/stat_unix.go | 26 +++-----------------------
+ 1 file changed, 3 insertions(+), 23 deletions(-)
+
+diff --git a/src/archive/tar/stat_unix.go b/src/archive/tar/stat_unix.go
+index 868105f338..9640ed4bab 100644
+--- a/src/archive/tar/stat_unix.go
++++ b/src/archive/tar/stat_unix.go
+@@ -8,10 +8,7 @@ package tar
+ 
+ import (
+	"io/fs"
+-	"os/user"
+ 	"runtime"
+-	"strconv"
+-	"sync"
+ 	"syscall"
+ )
+ 
+@@ -19,10 +16,6 @@ func init() {
+ 	sysStat = statUnix
+ }
+ 
+-// userMap and groupMap caches UID and GID lookups for performance reasons.
+-// The downside is that renaming uname or gname by the OS never takes effect.
+-var userMap, groupMap sync.Map // map[int]string
+-
+ func statUnix(fi fs.FileInfo, h *Header) error {
+ 	sys, ok := fi.Sys().(*syscall.Stat_t)
+ 	if !ok {
+@@ -31,22 +24,9 @@ func statUnix(fi os.FileInfo, h *Header) error {
+ 	h.Uid = int(sys.Uid)
+ 	h.Gid = int(sys.Gid)
+ 
+-	// Best effort at populating Uname and Gname.
+-	// The os/user functions may fail for any number of reasons
+-	// (not implemented on that platform, cgo not enabled, etc).
+-	if u, ok := userMap.Load(h.Uid); ok {
+-		h.Uname = u.(string)
+-	} else if u, err := user.LookupId(strconv.Itoa(h.Uid)); err == nil {
+-		h.Uname = u.Username
+-		userMap.Store(h.Uid, h.Uname)
+-	}
+-	if g, ok := groupMap.Load(h.Gid); ok {
+-		h.Gname = g.(string)
+-	} else if g, err := user.LookupGroupId(strconv.Itoa(h.Gid)); err == nil {
+-		h.Gname = g.Name
+-		groupMap.Store(h.Gid, h.Gname)
+-	}
+-
++	// TODO(bradfitz): populate username & group.  os/user
++	// doesn't cache LookupId lookups, and lacks group
++	// lookup functions.
+ 	h.AccessTime = statAtime(sys)
+ 	h.ChangeTime = statCtime(sys)
+ 
+
+base-commit: 4af1337d1e9eb9e7b766c9deb787c78413bb25c4
+-- 
+2.24.1
+
diff --git a/pkg/aaparser/aaparser.go b/pkg/aaparser/aaparser.go
index 9c12e8db8d20d..2b5a2605f9c12 100644
--- a/pkg/aaparser/aaparser.go
+++ b/pkg/aaparser/aaparser.go
@@ -56,6 +56,11 @@ func parseVersion(output string) (int, error) {
 	words := strings.Split(lines[0], " ")
 	version := words[len(words)-1]
 
+	// trim "-beta1" suffix from version="3.0.0-beta1" if exists
+	version = strings.SplitN(version, "-", 2)[0]
+	// also trim "~..." suffix used historically (https://gitlab.com/apparmor/apparmor/-/commit/bca67d3d27d219d11ce8c9cc70612bd637f88c10)
+	version = strings.SplitN(version, "~", 2)[0]
+
 	// split by major minor version
 	v := strings.Split(version, ".")
 	if len(v) == 0 || len(v) > 3 {
diff --git a/pkg/aaparser/aaparser_test.go b/pkg/aaparser/aaparser_test.go
index 6d1f737702f4b..cf9280f5f56e1 100644
--- a/pkg/aaparser/aaparser_test.go
+++ b/pkg/aaparser/aaparser_test.go
@@ -43,6 +43,14 @@ Copyright 2009-2012 Canonical Ltd.
 `,
 			version: 205000,
 		},
+		{
+			output: `AppArmor parser version 2.2.0~rc2
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2012 Canonical Ltd.
+
+`,
+			version: 202000,
+		},
 		{
 			output: `AppArmor parser version 2.9.95
 Copyright (C) 1999-2008 Novell Inc.
@@ -59,6 +67,20 @@ Copyright 2009-2012 Canonical Ltd.
 `,
 			version: 314159,
 		},
+		{
+			output: `AppArmor parser version 3.0.0-beta1
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2018 Canonical Ltd.
+`,
+			version: 300000,
+		},
+		{
+			output: `AppArmor parser version 3.0.0-beta1-foo-bar
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2018 Canonical Ltd.
+`,
+			version: 300000,
+		},
 	}
 
 	for _, v := range versions {
diff --git a/pkg/archive/archive.go b/pkg/archive/archive.go
index 32132fcfed816..bf63d1727cf4d 100644
--- a/pkg/archive/archive.go
+++ b/pkg/archive/archive.go
@@ -7,11 +7,10 @@ import (
 	"compress/bzip2"
 	"compress/gzip"
 	"context"
+	"encoding/binary"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strconv"
@@ -24,20 +23,11 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/system"
+	"github.com/klauspost/compress/zstd"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 )
 
-var unpigzPath string
-
-func init() {
-	if path, err := exec.LookPath("unpigz"); err != nil {
-		logrus.Debug("unpigz binary not found in PATH, falling back to go gzip library")
-	} else {
-		logrus.Debugf("Using unpigz binary found at path %s", path)
-		unpigzPath = path
-	}
-}
-
 type (
 	// Compression is the state represents if compressed or not.
 	Compression int
@@ -95,6 +85,8 @@ const (
 	Gzip
 	// Xz is xz compression algorithm.
 	Xz
+	// Zstd is zstd compression algorithm.
+	Zstd
 )
 
 const (
@@ -133,18 +125,59 @@ func IsArchivePath(path string) bool {
 	return err == nil
 }
 
+const (
+	zstdMagicSkippableStart = 0x184D2A50
+	zstdMagicSkippableMask  = 0xFFFFFFF0
+)
+
+var (
+	bzip2Magic = []byte{0x42, 0x5A, 0x68}
+	gzipMagic  = []byte{0x1F, 0x8B, 0x08}
+	xzMagic    = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00}
+	zstdMagic  = []byte{0x28, 0xb5, 0x2f, 0xfd}
+)
+
+type matcher = func([]byte) bool
+
+func magicNumberMatcher(m []byte) matcher {
+	return func(source []byte) bool {
+		return bytes.HasPrefix(source, m)
+	}
+}
+
+// zstdMatcher detects zstd compression algorithm.
+// Zstandard compressed data is made of one or more frames.
+// There are two frame formats defined by Zstandard: Zstandard frames and Skippable frames.
+// See https://tools.ietf.org/id/draft-kucherawy-dispatch-zstd-00.html#rfc.section.2 for more details.
+func zstdMatcher() matcher {
+	return func(source []byte) bool {
+		if bytes.HasPrefix(source, zstdMagic) {
+			// Zstandard frame
+			return true
+		}
+		// skippable frame
+		if len(source) < 8 {
+			return false
+		}
+		// magic number from 0x184D2A50 to 0x184D2A5F.
+		if binary.LittleEndian.Uint32(source[:4])&zstdMagicSkippableMask == zstdMagicSkippableStart {
+			return true
+		}
+		return false
+	}
+}
+
 // DetectCompression detects the compression algorithm of the source.
 func DetectCompression(source []byte) Compression {
-	for compression, m := range map[Compression][]byte{
-		Bzip2: {0x42, 0x5A, 0x68},
-		Gzip:  {0x1F, 0x8B, 0x08},
-		Xz:    {0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00},
-	} {
-		if len(source) < len(m) {
-			logrus.Debug("Len too short")
-			continue
-		}
-		if bytes.Equal(m, source[:len(m)]) {
+	compressionMap := map[Compression]matcher{
+		Bzip2: magicNumberMatcher(bzip2Magic),
+		Gzip:  magicNumberMatcher(gzipMagic),
+		Xz:    magicNumberMatcher(xzMagic),
+		Zstd:  zstdMatcher(),
+	}
+	for _, compression := range []Compression{Bzip2, Gzip, Xz, Zstd} {
+		fn := compressionMap[compression]
+		if fn(source) {
 			return compression
 		}
 	}
@@ -158,19 +191,25 @@ func xzDecompress(ctx context.Context, archive io.Reader) (io.ReadCloser, error)
 }
 
 func gzDecompress(ctx context.Context, buf io.Reader) (io.ReadCloser, error) {
-	if unpigzPath == "" {
-		return gzip.NewReader(buf)
-	}
-
-	disablePigzEnv := os.Getenv("MOBY_DISABLE_PIGZ")
-	if disablePigzEnv != "" {
-		if disablePigz, err := strconv.ParseBool(disablePigzEnv); err != nil {
-			return nil, err
-		} else if disablePigz {
+	if noPigzEnv := os.Getenv("MOBY_DISABLE_PIGZ"); noPigzEnv != "" {
+		noPigz, err := strconv.ParseBool(noPigzEnv)
+		if err != nil {
+			logrus.WithError(err).Warn("invalid value in MOBY_DISABLE_PIGZ env var")
+		}
+		if noPigz {
+			logrus.Debugf("Use of pigz is disabled due to MOBY_DISABLE_PIGZ=%s", noPigzEnv)
 			return gzip.NewReader(buf)
 		}
 	}
 
+	unpigzPath, err := exec.LookPath("unpigz")
+	if err != nil {
+		logrus.Debugf("unpigz binary not found, falling back to go gzip library")
+		return gzip.NewReader(buf)
+	}
+
+	logrus.Debugf("Using %s to decompress", unpigzPath)
+
 	return cmdStream(exec.CommandContext(ctx, unpigzPath, "-d", "-c"), buf)
 }
 
@@ -225,6 +264,13 @@ func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
 		}
 		readBufWrapper := p.NewReadCloserWrapper(buf, xzReader)
 		return wrapReadCloser(readBufWrapper, cancel), nil
+	case Zstd:
+		zstdReader, err := zstd.NewReader(buf)
+		if err != nil {
+			return nil, err
+		}
+		readBufWrapper := p.NewReadCloserWrapper(buf, zstdReader)
+		return readBufWrapper, nil
 	default:
 		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())
 	}
@@ -278,7 +324,9 @@ func ReplaceFileTarWrapper(inputTarStream io.ReadCloser, mods map[string]TarModi
 				return nil
 			}
 
-			header.Name = name
+			if header.Name == "" {
+				header.Name = name
+			}
 			header.Size = int64(len(data))
 			if err := tarWriter.WriteHeader(header); err != nil {
 				return err
@@ -349,6 +397,8 @@ func (compression *Compression) Extension() string {
 		return "tar.gz"
 	case Xz:
 		return "tar.xz"
+	case Zstd:
+		return "tar.zst"
 	}
 	return ""
 }
@@ -402,10 +452,24 @@ func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 {
 // ReadSecurityXattrToTarHeader reads security.capability xattr from filesystem
 // to a tar header
 func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+	const (
+		// Values based on linux/include/uapi/linux/capability.h
+		xattrCapsSz2    = 20
+		versionOffset   = 3
+		vfsCapRevision2 = 2
+		vfsCapRevision3 = 3
+	)
 	capability, _ := system.Lgetxattr(path, "security.capability")
 	if capability != nil {
+		length := len(capability)
+		if capability[versionOffset] == vfsCapRevision3 {
+			// Convert VFS_CAP_REVISION_3 to VFS_CAP_REVISION_2 as root UID makes no
+			// sense outside the user namespace the archive is built in.
+			capability[versionOffset] = vfsCapRevision2
+			length = xattrCapsSz2
+		}
 		hdr.Xattrs = make(map[string]string)
-		hdr.Xattrs["security.capability"] = string(capability)
+		hdr.Xattrs["security.capability"] = string(capability[:length])
 	}
 	return nil
 }
@@ -442,7 +506,7 @@ func newTarAppender(idMapping *idtools.IdentityMapping, writer io.Writer, chownO
 }
 
 // canonicalTarName provides a platform-independent and consistent posix-style
-//path for files and directories to be archived regardless of the platform.
+// path for files and directories to be archived regardless of the platform.
 func canonicalTarName(name string, isDir bool) string {
 	name = CanonicalTarNameForPath(name)
 
@@ -495,13 +559,13 @@ func (ta *tarAppender) addTarFile(path, name string) error {
 		}
 	}
 
-	//check whether the file is overlayfs whiteout
-	//if yes, skip re-mapping container ID mappings.
+	// check whether the file is overlayfs whiteout
+	// if yes, skip re-mapping container ID mappings.
 	isOverlayWhiteout := fi.Mode()&os.ModeCharDevice != 0 && hdr.Devmajor == 0 && hdr.Devminor == 0
 
-	//handle re-mapping container ID mappings back to host ID mappings before
-	//writing tar headers/files. We skip whiteout files because they were written
-	//by the kernel and already have proper ownership relative to the host
+	// handle re-mapping container ID mappings back to host ID mappings before
+	// writing tar headers/files. We skip whiteout files because they were written
+	// by the kernel and already have proper ownership relative to the host
 	if !isOverlayWhiteout && !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && !ta.IdentityMapping.Empty() {
 		fileIDPair, err := getFileUIDGID(fi.Sys())
 		if err != nil {
@@ -739,13 +803,18 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 		return nil, err
 	}
 
+	whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS)
+	if err != nil {
+		return nil, err
+	}
+
 	go func() {
 		ta := newTarAppender(
 			idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps),
 			compressWriter,
 			options.ChownOpts,
 		)
-		ta.WhiteoutConverter = getWhiteoutConverter(options.WhiteoutFormat)
+		ta.WhiteoutConverter = whiteoutConverter
 
 		defer func() {
 			// Make sure to check the error on Close.
@@ -796,6 +865,11 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 		for _, include := range options.IncludeFiles {
 			rebaseName := options.RebaseNames[include]
 
+			var (
+				parentMatchInfo []fileutils.MatchInfo
+				parentDirs      []string
+			)
+
 			walkRoot := getWalkRoot(srcPath, include)
 			filepath.Walk(walkRoot, func(filePath string, f os.FileInfo, err error) error {
 				if err != nil {
@@ -822,11 +896,30 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 				// is asking for that file no matter what - which is true
 				// for some files, like .dockerignore and Dockerfile (sometimes)
 				if include != relFilePath {
-					skip, err = pm.Matches(relFilePath)
+					for len(parentDirs) != 0 {
+						lastParentDir := parentDirs[len(parentDirs)-1]
+						if strings.HasPrefix(relFilePath, lastParentDir+string(os.PathSeparator)) {
+							break
+						}
+						parentDirs = parentDirs[:len(parentDirs)-1]
+						parentMatchInfo = parentMatchInfo[:len(parentMatchInfo)-1]
+					}
+
+					var matchInfo fileutils.MatchInfo
+					if len(parentMatchInfo) != 0 {
+						skip, matchInfo, err = pm.MatchesUsingParentResults(relFilePath, parentMatchInfo[len(parentMatchInfo)-1])
+					} else {
+						skip, matchInfo, err = pm.MatchesUsingParentResults(relFilePath, fileutils.MatchInfo{})
+					}
 					if err != nil {
 						logrus.Errorf("Error matching %s: %v", relFilePath, err)
 						return err
 					}
+
+					if f.IsDir() {
+						parentDirs = append(parentDirs, relFilePath)
+						parentMatchInfo = append(parentMatchInfo, matchInfo)
+					}
 				}
 
 				if skip {
@@ -903,7 +996,10 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err
 	var dirs []*tar.Header
 	idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
 	rootIDs := idMapping.RootPair()
-	whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat)
+	whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS)
+	if err != nil {
+		return err
+	}
 
 	// Iterate through the files in the archive.
 loop:
@@ -917,6 +1013,12 @@ loop:
 			return err
 		}
 
+		// ignore XGlobalHeader early to avoid creating parent directories for them
+		if hdr.Typeflag == tar.TypeXGlobalHeader {
+			logrus.Debugf("PAX Global Extended Headers found for %s and ignored", hdr.Name)
+			continue
+		}
+
 		// Normalize name, for safety and for a simple is-root check
 		// This keeps "../" as-is, but normalizes "/../" to "/". Or Windows:
 		// This keeps "..\" as-is, but normalizes "\..\" to "\".
@@ -936,7 +1038,7 @@ loop:
 			parent := filepath.Dir(hdr.Name)
 			parentPath := filepath.Join(dest, parent)
 			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = idtools.MkdirAllAndChownNew(parentPath, 0777, rootIDs)
+				err = idtools.MkdirAllAndChownNew(parentPath, 0755, rootIDs)
 				if err != nil {
 					return err
 				}
@@ -1061,7 +1163,6 @@ func untarHandler(tarArchive io.Reader, dest string, options *TarOptions, decomp
 // TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other.
 // If either Tar or Untar fails, TarUntar aborts and returns the error.
 func (archiver *Archiver) TarUntar(src, dst string) error {
-	logrus.Debugf("TarUntar(%s %s)", src, dst)
 	archive, err := TarWithOptions(src, &TarOptions{Compression: Uncompressed})
 	if err != nil {
 		return err
@@ -1106,11 +1207,9 @@ func (archiver *Archiver) CopyWithTar(src, dst string) error {
 	// as owner
 	rootIDs := archiver.IDMapping.RootPair()
 	// Create dst, copy src's content into it
-	logrus.Debugf("Creating dest directory: %s", dst)
 	if err := idtools.MkdirAllAndChownNew(dst, 0755, rootIDs); err != nil {
 		return err
 	}
-	logrus.Debugf("Calling TarUntar(%s, %s)", src, dst)
 	return archiver.TarUntar(src, dst)
 }
 
@@ -1118,7 +1217,6 @@ func (archiver *Archiver) CopyWithTar(src, dst string) error {
 // for a single file. It copies a regular file from path `src` to
 // path `dst`, and preserves all its metadata.
 func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
-	logrus.Debugf("CopyFileWithTar(%s, %s)", src, dst)
 	srcSt, err := os.Stat(src)
 	if err != nil {
 		return err
@@ -1134,7 +1232,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
 		dst = filepath.Join(dst, filepath.Base(src))
 	}
 	// Create the holding directory if necessary
-	if err := system.MkdirAll(filepath.Dir(dst), 0700, ""); err != nil {
+	if err := system.MkdirAll(filepath.Dir(dst), 0700); err != nil {
 		return err
 	}
 
@@ -1218,6 +1316,9 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) {
 		return nil, err
 	}
 
+	// Ensure the command has exited before we clean anything up
+	done := make(chan struct{})
+
 	// Copy stdout to the returned pipe
 	go func() {
 		if err := cmd.Wait(); err != nil {
@@ -1225,16 +1326,23 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) {
 		} else {
 			pipeW.Close()
 		}
+		close(done)
 	}()
 
-	return pipeR, nil
+	return ioutils.NewReadCloserWrapper(pipeR, func() error {
+		// Close pipeR, and then wait for the command to complete before returning. We have to close pipeR first, as
+		// cmd.Wait waits for any non-file stdout/stderr/stdin to close.
+		err := pipeR.Close()
+		<-done
+		return err
+	}), nil
 }
 
 // NewTempArchive reads the content of src into a temporary file, and returns the contents
 // of that file as an archive. The archive can only be read once - as soon as reading completes,
 // the file will be deleted.
 func NewTempArchive(src io.Reader, dir string) (*TempArchive, error) {
-	f, err := ioutil.TempFile(dir, "")
+	f, err := os.CreateTemp(dir, "")
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/archive/archive_linux.go b/pkg/archive/archive_linux.go
index 970d4d06800d9..0a3cc1f92bcc2 100644
--- a/pkg/archive/archive_linux.go
+++ b/pkg/archive/archive_linux.go
@@ -7,17 +7,22 @@ import (
 	"strings"
 
 	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
 
-func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
+func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) (tarWhiteoutConverter, error) {
 	if format == OverlayWhiteoutFormat {
-		return overlayWhiteoutConverter{}
+		if inUserNS {
+			return nil, errors.New("specifying OverlayWhiteoutFormat is not allowed in userns")
+		}
+		return overlayWhiteoutConverter{}, nil
 	}
-	return nil
+	return nil, nil
 }
 
-type overlayWhiteoutConverter struct{}
+type overlayWhiteoutConverter struct {
+}
 
 func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os.FileInfo) (wo *tar.Header, err error) {
 	// convert whiteouts to AUFS format
@@ -61,13 +66,16 @@ func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os
 	return
 }
 
-func (overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (bool, error) {
+func (c overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (bool, error) {
 	base := filepath.Base(path)
 	dir := filepath.Dir(path)
 
 	// if a directory is marked as opaque by the AUFS special file, we need to translate that to overlay
 	if base == WhiteoutOpaqueDir {
 		err := unix.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0)
+		if err != nil {
+			return false, errors.Wrapf(err, "setxattr(%q, trusted.overlay.opaque=y)", dir)
+		}
 		// don't write the file itself
 		return false, err
 	}
@@ -78,7 +86,7 @@ func (overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (bool,
 		originalPath := filepath.Join(dir, originalBase)
 
 		if err := unix.Mknod(originalPath, unix.S_IFCHR, 0); err != nil {
-			return false, err
+			return false, errors.Wrapf(err, "failed to mknod(%q, S_IFCHR, 0)", originalPath)
 		}
 		if err := os.Chown(originalPath, hdr.Uid, hdr.Gid); err != nil {
 			return false, err
diff --git a/pkg/archive/archive_linux_test.go b/pkg/archive/archive_linux_test.go
index 9422269dffe71..51a9a0f6d4393 100644
--- a/pkg/archive/archive_linux_test.go
+++ b/pkg/archive/archive_linux_test.go
@@ -1,16 +1,16 @@
 package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"syscall"
 	"testing"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/pkg/system"
 	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 // setupOverlayTestDir creates files in a directory with overlay whiteouts
@@ -24,6 +24,7 @@ import (
 //     └── f1 # whiteout, 0644
 func setupOverlayTestDir(t *testing.T, src string) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	skip.If(t, userns.RunningInUserNS(), "skipping test that requires initial userns (trusted.overlay.opaque xattr cannot be set in userns, even with Ubuntu kernel)")
 	// Create opaque directory containing single file and permission 0700
 	err := os.Mkdir(filepath.Join(src, "d1"), 0700)
 	assert.NilError(t, err)
@@ -31,7 +32,7 @@ func setupOverlayTestDir(t *testing.T, src string) {
 	err = system.Lsetxattr(filepath.Join(src, "d1"), "trusted.overlay.opaque", []byte("y"), 0)
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(src, "d1", "f1"), []byte{}, 0600)
+	err = os.WriteFile(filepath.Join(src, "d1", "f1"), []byte{}, 0600)
 	assert.NilError(t, err)
 
 	// Create another opaque directory containing single file but with permission 0750
@@ -41,7 +42,7 @@ func setupOverlayTestDir(t *testing.T, src string) {
 	err = system.Lsetxattr(filepath.Join(src, "d2"), "trusted.overlay.opaque", []byte("y"), 0)
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(src, "d2", "f1"), []byte{}, 0660)
+	err = os.WriteFile(filepath.Join(src, "d2", "f1"), []byte{}, 0660)
 	assert.NilError(t, err)
 
 	// Create regular directory with deleted file
@@ -89,13 +90,13 @@ func TestOverlayTarUntar(t *testing.T) {
 	assert.NilError(t, err)
 	defer system.Umask(oldmask)
 
-	src, err := ioutil.TempDir("", "docker-test-overlay-tar-src")
+	src, err := os.MkdirTemp("", "docker-test-overlay-tar-src")
 	assert.NilError(t, err)
 	defer os.RemoveAll(src)
 
 	setupOverlayTestDir(t, src)
 
-	dst, err := ioutil.TempDir("", "docker-test-overlay-tar-dst")
+	dst, err := os.MkdirTemp("", "docker-test-overlay-tar-dst")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dst)
 
@@ -128,13 +129,13 @@ func TestOverlayTarAUFSUntar(t *testing.T) {
 	assert.NilError(t, err)
 	defer system.Umask(oldmask)
 
-	src, err := ioutil.TempDir("", "docker-test-overlay-tar-src")
+	src, err := os.MkdirTemp("", "docker-test-overlay-tar-src")
 	assert.NilError(t, err)
 	defer os.RemoveAll(src)
 
 	setupOverlayTestDir(t, src)
 
-	dst, err := ioutil.TempDir("", "docker-test-overlay-tar-dst")
+	dst, err := os.MkdirTemp("", "docker-test-overlay-tar-dst")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dst)
 
diff --git a/pkg/archive/archive_other.go b/pkg/archive/archive_other.go
index 462dfc6323254..28ae2769c5a8a 100644
--- a/pkg/archive/archive_other.go
+++ b/pkg/archive/archive_other.go
@@ -1,7 +1,8 @@
+//go:build !linux
 // +build !linux
 
 package archive // import "github.com/docker/docker/pkg/archive"
 
-func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
-	return nil
+func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) (tarWhiteoutConverter, error) {
+	return nil, nil
 }
diff --git a/pkg/archive/archive_test.go b/pkg/archive/archive_test.go
index b448bac49a197..a1b894be3c643 100644
--- a/pkg/archive/archive_test.go
+++ b/pkg/archive/archive_test.go
@@ -4,9 +4,9 @@ import (
 	"archive/tar"
 	"bytes"
 	"compress/gzip"
+	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -16,11 +16,12 @@ import (
 	"testing"
 	"time"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/ioutils"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 var tmp string
@@ -109,7 +110,7 @@ func testDecompressStream(t *testing.T, ext, compressCommand string) io.Reader {
 	if err != nil {
 		t.Fatalf("Failed to decompress %s: %v", filename, err)
 	}
-	if _, err = ioutil.ReadAll(r); err != nil {
+	if _, err = io.ReadAll(r); err != nil {
 		t.Fatalf("Failed to read the decompressed stream: %v ", err)
 	}
 	if err = r.Close(); err != nil {
@@ -134,6 +135,13 @@ func TestDecompressStreamXz(t *testing.T) {
 	testDecompressStream(t, "xz", "xz -f")
 }
 
+func TestDecompressStreamZstd(t *testing.T) {
+	if _, err := exec.LookPath("zstd"); err != nil {
+		t.Skip("zstd not installed")
+	}
+	testDecompressStream(t, "zst", "zstd -f")
+}
+
 func TestCompressStreamXzUnsupported(t *testing.T) {
 	dest, err := os.Create(tmp + "dest")
 	if err != nil {
@@ -209,6 +217,13 @@ func TestExtensionXz(t *testing.T) {
 		t.Fatalf("The extension of a xz archive should be 'tar.xz'")
 	}
 }
+func TestExtensionZstd(t *testing.T) {
+	compression := Zstd
+	output := compression.Extension()
+	if output != "tar.zst" {
+		t.Fatalf("The extension of a zstd archive should be 'tar.zst'")
+	}
+}
 
 func TestCmdStreamLargeStderr(t *testing.T) {
 	cmd := exec.Command("sh", "-c", "dd if=/dev/zero bs=1k count=1000 of=/dev/stderr; echo hello")
@@ -216,9 +231,9 @@ func TestCmdStreamLargeStderr(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Failed to start command: %s", err)
 	}
-	errCh := make(chan error)
+	errCh := make(chan error, 1)
 	go func() {
-		_, err := io.Copy(ioutil.Discard, out)
+		_, err := io.Copy(io.Discard, out)
 		errCh <- err
 	}()
 	select {
@@ -241,7 +256,7 @@ func TestCmdStreamBad(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Failed to start command: %s", err)
 	}
-	if output, err := ioutil.ReadAll(out); err == nil {
+	if output, err := io.ReadAll(out); err == nil {
 		t.Fatalf("Command should have failed")
 	} else if err.Error() != "exit status 1: error couldn't reverse the phase pulser\n" {
 		t.Fatalf("Wrong error value (%s)", err)
@@ -256,7 +271,7 @@ func TestCmdStreamGood(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if output, err := ioutil.ReadAll(out); err != nil {
+	if output, err := io.ReadAll(out); err != nil {
 		t.Fatalf("Command should not have failed (err=%s)", err)
 	} else if s := string(output); s != "hello\n" {
 		t.Fatalf("Command output should be '%s', not '%s'", "hello\\n", output)
@@ -264,7 +279,7 @@ func TestCmdStreamGood(t *testing.T) {
 }
 
 func TestUntarPathWithInvalidDest(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	tempFolder, err := os.MkdirTemp("", "docker-archive-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tempFolder)
 	invalidDestFolder := filepath.Join(tempFolder, "invalidDest")
@@ -293,7 +308,7 @@ func TestUntarPathWithInvalidDest(t *testing.T) {
 }
 
 func TestUntarPathWithInvalidSrc(t *testing.T) {
-	dest, err := ioutil.TempDir("", "docker-archive-test")
+	dest, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatalf("Fail to create the destination file")
 	}
@@ -305,8 +320,8 @@ func TestUntarPathWithInvalidSrc(t *testing.T) {
 }
 
 func TestUntarPath(t *testing.T) {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpFolder, err := ioutil.TempDir("", "docker-archive-test")
+	skip.If(t, runtime.GOOS != "windows" && os.Getuid() != 0, "skipping test that requires root")
+	tmpFolder, err := os.MkdirTemp("", "docker-archive-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tmpFolder)
 	srcFile := filepath.Join(tmpFolder, "src")
@@ -343,7 +358,7 @@ func TestUntarPath(t *testing.T) {
 
 // Do the same test as above but with the destination as file, it should fail
 func TestUntarPathWithDestinationFile(t *testing.T) {
-	tmpFolder, err := ioutil.TempDir("", "docker-archive-test")
+	tmpFolder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -379,7 +394,7 @@ func TestUntarPathWithDestinationFile(t *testing.T) {
 // and the destination file is a directory
 // It's working, see https://github.com/docker/docker/issues/10040
 func TestUntarPathWithDestinationSrcFileAsFolder(t *testing.T) {
-	tmpFolder, err := ioutil.TempDir("", "docker-archive-test")
+	tmpFolder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -419,7 +434,7 @@ func TestUntarPathWithDestinationSrcFileAsFolder(t *testing.T) {
 }
 
 func TestCopyWithTarInvalidSrc(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	tempFolder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(nil)
 	}
@@ -436,8 +451,8 @@ func TestCopyWithTarInvalidSrc(t *testing.T) {
 }
 
 func TestCopyWithTarInexistentDestWillCreateIt(t *testing.T) {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	skip.If(t, runtime.GOOS != "windows" && os.Getuid() != 0, "skipping test that requires root")
+	tempFolder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(nil)
 	}
@@ -459,7 +474,7 @@ func TestCopyWithTarInexistentDestWillCreateIt(t *testing.T) {
 
 // Test CopyWithTar with a file as src
 func TestCopyWithTarSrcFile(t *testing.T) {
-	folder, err := ioutil.TempDir("", "docker-archive-test")
+	folder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -475,7 +490,7 @@ func TestCopyWithTarSrcFile(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ioutil.WriteFile(src, []byte("content"), 0777)
+	os.WriteFile(src, []byte("content"), 0777)
 	err = defaultCopyWithTar(src, dest)
 	if err != nil {
 		t.Fatalf("archiver.CopyWithTar shouldn't throw an error, %s.", err)
@@ -489,7 +504,7 @@ func TestCopyWithTarSrcFile(t *testing.T) {
 
 // Test CopyWithTar with a folder as src
 func TestCopyWithTarSrcFolder(t *testing.T) {
-	folder, err := ioutil.TempDir("", "docker-archive-test")
+	folder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -504,7 +519,7 @@ func TestCopyWithTarSrcFolder(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ioutil.WriteFile(filepath.Join(src, "file"), []byte("content"), 0777)
+	os.WriteFile(filepath.Join(src, "file"), []byte("content"), 0777)
 	err = defaultCopyWithTar(src, dest)
 	if err != nil {
 		t.Fatalf("archiver.CopyWithTar shouldn't throw an error, %s.", err)
@@ -517,7 +532,7 @@ func TestCopyWithTarSrcFolder(t *testing.T) {
 }
 
 func TestCopyFileWithTarInvalidSrc(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	tempFolder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -535,7 +550,7 @@ func TestCopyFileWithTarInvalidSrc(t *testing.T) {
 }
 
 func TestCopyFileWithTarInexistentDestWillCreateIt(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	tempFolder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(nil)
 	}
@@ -558,7 +573,7 @@ func TestCopyFileWithTarInexistentDestWillCreateIt(t *testing.T) {
 }
 
 func TestCopyFileWithTarSrcFolder(t *testing.T) {
-	folder, err := ioutil.TempDir("", "docker-archive-copyfilewithtar-test")
+	folder, err := os.MkdirTemp("", "docker-archive-copyfilewithtar-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -580,7 +595,7 @@ func TestCopyFileWithTarSrcFolder(t *testing.T) {
 }
 
 func TestCopyFileWithTarSrcFile(t *testing.T) {
-	folder, err := ioutil.TempDir("", "docker-archive-test")
+	folder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -596,7 +611,7 @@ func TestCopyFileWithTarSrcFile(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ioutil.WriteFile(src, []byte("content"), 0777)
+	os.WriteFile(src, []byte("content"), 0777)
 	err = defaultCopyWithTar(src, dest+"/")
 	if err != nil {
 		t.Fatalf("archiver.CopyFileWithTar shouldn't throw an error, %s.", err)
@@ -608,10 +623,6 @@ func TestCopyFileWithTarSrcFile(t *testing.T) {
 }
 
 func TestTarFiles(t *testing.T) {
-	// TODO Windows: Figure out how to port this test.
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
-	}
 	// try without hardlinks
 	if err := checkNoChanges(1000, false); err != nil {
 		t.Fatal(err)
@@ -623,13 +634,13 @@ func TestTarFiles(t *testing.T) {
 }
 
 func checkNoChanges(fileNum int, hardlinks bool) error {
-	srcDir, err := ioutil.TempDir("", "docker-test-srcDir")
+	srcDir, err := os.MkdirTemp("", "docker-test-srcDir")
 	if err != nil {
 		return err
 	}
 	defer os.RemoveAll(srcDir)
 
-	destDir, err := ioutil.TempDir("", "docker-test-destDir")
+	destDir, err := os.MkdirTemp("", "docker-test-destDir")
 	if err != nil {
 		return err
 	}
@@ -674,7 +685,7 @@ func tarUntar(t *testing.T, origin string, options *TarOptions) ([]Change, error
 		return nil, fmt.Errorf("Wrong compression detected. Actual compression: %s, found %s", compression.Extension(), detectedCompression.Extension())
 	}
 
-	tmp, err := ioutil.TempDir("", "docker-test-untar")
+	tmp, err := os.MkdirTemp("", "docker-test-untar")
 	if err != nil {
 		return nil, err
 	}
@@ -689,23 +700,47 @@ func tarUntar(t *testing.T, origin string, options *TarOptions) ([]Change, error
 	return ChangesDirs(origin, tmp)
 }
 
-func TestTarUntar(t *testing.T) {
-	// TODO Windows: Figure out how to fix this test.
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
+func TestDetectCompressionZstd(t *testing.T) {
+	// test zstd compression without skippable frames.
+	compressedData := []byte{
+		0x28, 0xb5, 0x2f, 0xfd, // magic number of Zstandard frame: 0xFD2FB528
+		0x04, 0x00, 0x31, 0x00, 0x00, // frame header
+		0x64, 0x6f, 0x63, 0x6b, 0x65, 0x72, // data block "docker"
+		0x16, 0x0e, 0x21, 0xc3, // content checksum
+	}
+	compression := DetectCompression(compressedData)
+	if compression != Zstd {
+		t.Fatal("Unexpected compression")
+	}
+	// test zstd compression with skippable frames.
+	hex := []byte{
+		0x50, 0x2a, 0x4d, 0x18, // magic number of skippable frame: 0x184D2A50 to 0x184D2A5F
+		0x04, 0x00, 0x00, 0x00, // frame size
+		0x5d, 0x00, 0x00, 0x00, // user data
+		0x28, 0xb5, 0x2f, 0xfd, // magic number of Zstandard frame: 0xFD2FB528
+		0x04, 0x00, 0x31, 0x00, 0x00, // frame header
+		0x64, 0x6f, 0x63, 0x6b, 0x65, 0x72, // data block "docker"
+		0x16, 0x0e, 0x21, 0xc3, // content checksum
+	}
+	compression = DetectCompression(hex)
+	if compression != Zstd {
+		t.Fatal("Unexpected compression")
 	}
-	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+}
+
+func TestTarUntar(t *testing.T) {
+	origin, err := os.MkdirTemp("", "docker-test-untar-origin")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(origin)
-	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+	if err := os.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
+	if err := os.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700); err != nil {
+	if err := os.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700); err != nil {
 		t.Fatal(err)
 	}
 
@@ -722,19 +757,19 @@ func TestTarUntar(t *testing.T) {
 			t.Fatalf("Error tar/untar for compression %s: %s", c.Extension(), err)
 		}
 
-		if len(changes) != 1 || changes[0].Path != "/3" {
+		if len(changes) != 1 || changes[0].Path != string(filepath.Separator)+"3" {
 			t.Fatalf("Unexpected differences after tarUntar: %v", changes)
 		}
 	}
 }
 
 func TestTarWithOptionsChownOptsAlwaysOverridesIdPair(t *testing.T) {
-	origin, err := ioutil.TempDir("", "docker-test-tar-chown-opt")
+	origin, err := os.MkdirTemp("", "docker-test-tar-chown-opt")
 	assert.NilError(t, err)
 
 	defer os.RemoveAll(origin)
 	filePath := filepath.Join(origin, "1")
-	err = ioutil.WriteFile(filePath, []byte("hello world"), 0700)
+	err = os.WriteFile(filePath, []byte("hello world"), 0700)
 	assert.NilError(t, err)
 
 	idMaps := []idtools.IDMap{
@@ -780,22 +815,18 @@ func TestTarWithOptionsChownOptsAlwaysOverridesIdPair(t *testing.T) {
 }
 
 func TestTarWithOptions(t *testing.T) {
-	// TODO Windows: Figure out how to fix this test.
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
-	}
-	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	origin, err := os.MkdirTemp("", "docker-test-untar-origin")
 	if err != nil {
 		t.Fatal(err)
 	}
-	if _, err := ioutil.TempDir(origin, "folder"); err != nil {
+	if _, err := os.MkdirTemp(origin, "folder"); err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(origin)
-	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+	if err := os.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
+	if err := os.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
 		t.Fatal(err)
 	}
 
@@ -826,7 +857,7 @@ func TestTarWithOptions(t *testing.T) {
 // Failing prevents the archives from being uncompressed during ADD
 func TestTypeXGlobalHeaderDoesNotFail(t *testing.T) {
 	hdr := tar.Header{Typeflag: tar.TypeXGlobalHeader}
-	tmpDir, err := ioutil.TempDir("", "docker-test-archive-pax-test")
+	tmpDir, err := os.MkdirTemp("", "docker-test-archive-pax-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -872,7 +903,7 @@ func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks
 	fileData := []byte("fooo")
 	for n := 0; n < numberOfFiles; n++ {
 		fileName := fmt.Sprintf("file-%d", n)
-		if err := ioutil.WriteFile(filepath.Join(targetPath, fileName), fileData, 0700); err != nil {
+		if err := os.WriteFile(filepath.Join(targetPath, fileName), fileData, 0700); err != nil {
 			return 0, err
 		}
 		if makeLinks {
@@ -886,11 +917,11 @@ func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks
 }
 
 func BenchmarkTarUntar(b *testing.B) {
-	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	origin, err := os.MkdirTemp("", "docker-test-untar-origin")
 	if err != nil {
 		b.Fatal(err)
 	}
-	tempDir, err := ioutil.TempDir("", "docker-test-untar-destination")
+	tempDir, err := os.MkdirTemp("", "docker-test-untar-destination")
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -914,11 +945,11 @@ func BenchmarkTarUntar(b *testing.B) {
 }
 
 func BenchmarkTarUntarWithLinks(b *testing.B) {
-	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	origin, err := os.MkdirTemp("", "docker-test-untar-origin")
 	if err != nil {
 		b.Fatal(err)
 	}
-	tempDir, err := ioutil.TempDir("", "docker-test-untar-destination")
+	tempDir, err := os.MkdirTemp("", "docker-test-untar-destination")
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -942,10 +973,6 @@ func BenchmarkTarUntarWithLinks(b *testing.B) {
 }
 
 func TestUntarInvalidFilenames(t *testing.T) {
-	// TODO Windows: Figure out how to fix this test.
-	if runtime.GOOS == "windows" {
-		t.Skip("Passes but hits breakoutError: platform and architecture is not supported")
-	}
 	for i, headers := range [][]*tar.Header{
 		{
 			{
@@ -970,9 +997,7 @@ func TestUntarInvalidFilenames(t *testing.T) {
 }
 
 func TestUntarHardlinkToSymlink(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	skip.If(t, runtime.GOOS == "windows", "hardlinks on Windows")
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	skip.If(t, runtime.GOOS != "windows" && os.Getuid() != 0, "skipping test that requires root")
 	for i, headers := range [][]*tar.Header{
 		{
 			{
@@ -1001,10 +1026,6 @@ func TestUntarHardlinkToSymlink(t *testing.T) {
 }
 
 func TestUntarInvalidHardlink(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	if runtime.GOOS == "windows" {
-		t.Skip("hardlinks on Windows")
-	}
 	for i, headers := range [][]*tar.Header{
 		{ // try reading victim/hello (../)
 			{
@@ -1085,10 +1106,6 @@ func TestUntarInvalidHardlink(t *testing.T) {
 }
 
 func TestUntarInvalidSymlink(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	if runtime.GOOS == "windows" {
-		t.Skip("hardlinks on Windows")
-	}
 	for i, headers := range [][]*tar.Header{
 		{ // try reading victim/hello (../)
 			{
@@ -1183,7 +1200,7 @@ func TestUntarInvalidSymlink(t *testing.T) {
 }
 
 func TestTempArchiveCloseMultipleTimes(t *testing.T) {
-	reader := ioutil.NopCloser(strings.NewReader("hello"))
+	reader := io.NopCloser(strings.NewReader("hello"))
 	tempArchive, err := NewTempArchive(reader, "")
 	assert.NilError(t, err)
 	buf := make([]byte, 10)
@@ -1199,6 +1216,26 @@ func TestTempArchiveCloseMultipleTimes(t *testing.T) {
 	}
 }
 
+// TestXGlobalNoParent is a regression test to check parent directories are not crated for PAX headers
+func TestXGlobalNoParent(t *testing.T) {
+	buf := &bytes.Buffer{}
+	w := tar.NewWriter(buf)
+	err := w.WriteHeader(&tar.Header{
+		Name:     "foo/bar",
+		Typeflag: tar.TypeXGlobalHeader,
+	})
+	assert.NilError(t, err)
+	tmpDir, err := os.MkdirTemp("", "pax-test")
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmpDir)
+	err = Untar(buf, tmpDir, nil)
+	assert.NilError(t, err)
+
+	_, err = os.Lstat(filepath.Join(tmpDir, "foo"))
+	assert.Check(t, err != nil)
+	assert.Check(t, errors.Is(err, os.ErrNotExist))
+}
+
 func TestReplaceFileTarWrapper(t *testing.T) {
 	filesInArchive := 20
 	testcases := []struct {
@@ -1254,11 +1291,12 @@ func TestReplaceFileTarWrapper(t *testing.T) {
 // TestPrefixHeaderReadable tests that files that could be created with the
 // version of this package that was built with <=go17 are still readable.
 func TestPrefixHeaderReadable(t *testing.T) {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	skip.If(t, runtime.GOOS != "windows" && os.Getuid() != 0, "skipping test that requires root")
+	skip.If(t, userns.RunningInUserNS(), "skipping test that requires more than 010000000 UIDs, which is unlikely to be satisfied when running in userns")
 	// https://gist.github.com/stevvooe/e2a790ad4e97425896206c0816e1a882#file-out-go
 	var testFile = []byte("\x1f\x8b\x08\x08\x44\x21\x68\x59\x00\x03\x74\x2e\x74\x61\x72\x00\x4b\xcb\xcf\x67\xa0\x35\x30\x80\x00\x86\x06\x10\x47\x01\xc1\x37\x40\x00\x54\xb6\xb1\xa1\xa9\x99\x09\x48\x25\x1d\x40\x69\x71\x49\x62\x91\x02\xe5\x76\xa1\x79\x84\x21\x91\xd6\x80\x72\xaf\x8f\x82\x51\x30\x0a\x46\x36\x00\x00\xf0\x1c\x1e\x95\x00\x06\x00\x00")
 
-	tmpDir, err := ioutil.TempDir("", "prefix-test")
+	tmpDir, err := os.MkdirTemp("", "prefix-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tmpDir)
 	err = Untar(bytes.NewReader(testFile), tmpDir, nil)
@@ -1272,7 +1310,7 @@ func TestPrefixHeaderReadable(t *testing.T) {
 }
 
 func buildSourceArchive(t *testing.T, numberOfFiles int) (io.ReadCloser, func()) {
-	srcDir, err := ioutil.TempDir("", "docker-test-srcDir")
+	srcDir, err := os.MkdirTemp("", "docker-test-srcDir")
 	assert.NilError(t, err)
 
 	_, err = prepareUntarSourceDirectory(numberOfFiles, srcDir, false)
@@ -1312,18 +1350,18 @@ func appendModifier(path string, header *tar.Header, content io.Reader) (*tar.He
 }
 
 func readFileFromArchive(t *testing.T, archive io.ReadCloser, name string, expectedCount int, doc string) string {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	destDir, err := ioutil.TempDir("", "docker-test-destDir")
+	skip.If(t, runtime.GOOS != "windows" && os.Getuid() != 0, "skipping test that requires root")
+	destDir, err := os.MkdirTemp("", "docker-test-destDir")
 	assert.NilError(t, err)
 	defer os.RemoveAll(destDir)
 
 	err = Untar(archive, destDir, nil)
 	assert.NilError(t, err)
 
-	files, _ := ioutil.ReadDir(destDir)
+	files, _ := os.ReadDir(destDir)
 	assert.Check(t, is.Len(files, expectedCount), doc)
 
-	content, err := ioutil.ReadFile(filepath.Join(destDir, name))
+	content, err := os.ReadFile(filepath.Join(destDir, name))
 	assert.Check(t, err)
 	return string(content)
 }
@@ -1356,7 +1394,9 @@ func TestPigz(t *testing.T) {
 	_, err := exec.LookPath("unpigz")
 	if err == nil {
 		t.Log("Tested whether Pigz is used, as it installed")
-		assert.Equal(t, reflect.TypeOf(contextReaderCloserWrapper.Reader), reflect.TypeOf(&io.PipeReader{}))
+		// For the command wait wrapper
+		cmdWaitCloserWrapper := contextReaderCloserWrapper.Reader.(*ioutils.ReadCloserWrapper)
+		assert.Equal(t, reflect.TypeOf(cmdWaitCloserWrapper.Reader), reflect.TypeOf(&io.PipeReader{}))
 	} else {
 		t.Log("Tested whether Pigz is not used, as it not installed")
 		assert.Equal(t, reflect.TypeOf(contextReaderCloserWrapper.Reader), reflect.TypeOf(&gzip.Reader{}))
diff --git a/pkg/archive/archive_unix.go b/pkg/archive/archive_unix.go
index 1eec912b7b0b6..e3e4a5dcb5795 100644
--- a/pkg/archive/archive_unix.go
+++ b/pkg/archive/archive_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package archive // import "github.com/docker/docker/pkg/archive"
@@ -7,11 +8,12 @@ import (
 	"errors"
 	"os"
 	"path/filepath"
+	"strings"
 	"syscall"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/system"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
 	"golang.org/x/sys/unix"
 )
 
@@ -26,7 +28,7 @@ func fixVolumePathPrefix(srcPath string) string {
 // can't use filepath.Join(srcPath,include) because this will clean away
 // a trailing "." or "/" which may be important.
 func getWalkRoot(srcPath string, include string) string {
-	return srcPath + string(filepath.Separator) + include
+	return strings.TrimSuffix(srcPath, string(filepath.Separator)) + string(filepath.Separator) + include
 }
 
 // CanonicalTarNameForPath returns platform-specific filepath
@@ -50,8 +52,8 @@ func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) (
 		// Currently go does not fill in the major/minors
 		if s.Mode&unix.S_IFBLK != 0 ||
 			s.Mode&unix.S_IFCHR != 0 {
-			hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) // nolint: unconvert
-			hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) // nolint: unconvert
+			hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) //nolint: unconvert
+			hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) //nolint: unconvert
 		}
 	}
 
@@ -80,11 +82,6 @@ func getFileUIDGID(stat interface{}) (idtools.Identity, error) {
 // handleTarTypeBlockCharFifo is an OS-specific helper function used by
 // createTarFile to handle the following types of header: Block; Char; Fifo
 func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
-	if rsystem.RunningInUserNS() {
-		// cannot create a device if running in user namespace
-		return nil
-	}
-
 	mode := uint32(hdr.Mode & 07777)
 	switch hdr.Typeflag {
 	case tar.TypeBlock:
@@ -95,7 +92,12 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
 		mode |= unix.S_IFIFO
 	}
 
-	return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
+	err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
+	if errors.Is(err, syscall.EPERM) && userns.RunningInUserNS() {
+		// In most cases, cannot create a device if running in user namespace
+		err = nil
+	}
+	return err
 }
 
 func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
diff --git a/pkg/archive/archive_unix_test.go b/pkg/archive/archive_unix_test.go
index 83deab0840725..ac3833fd55b0f 100644
--- a/pkg/archive/archive_unix_test.go
+++ b/pkg/archive/archive_unix_test.go
@@ -1,22 +1,26 @@
+//go:build !windows
 // +build !windows
 
 package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
+	"archive/tar"
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 	"syscall"
 	"testing"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/pkg/system"
 	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 func TestCanonicalTarNameForPath(t *testing.T) {
@@ -68,11 +72,11 @@ func TestChmodTarEntry(t *testing.T) {
 }
 
 func TestTarWithHardLink(t *testing.T) {
-	origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
+	origin, err := os.MkdirTemp("", "docker-test-tar-hardlink")
 	assert.NilError(t, err)
 	defer os.RemoveAll(origin)
 
-	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
+	err = os.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
 	assert.NilError(t, err)
 
 	err = os.Link(filepath.Join(origin, "1"), filepath.Join(origin, "2"))
@@ -87,7 +91,7 @@ func TestTarWithHardLink(t *testing.T) {
 		t.Skipf("skipping since hardlinks don't work here; expected 2 links, got %d", i1)
 	}
 
-	dest, err := ioutil.TempDir("", "docker-test-tar-hardlink-dest")
+	dest, err := os.MkdirTemp("", "docker-test-tar-hardlink-dest")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dest)
 
@@ -96,7 +100,7 @@ func TestTarWithHardLink(t *testing.T) {
 	assert.NilError(t, err)
 
 	// ensure we can read the whole thing with no error, before writing back out
-	buf, err := ioutil.ReadAll(fh)
+	buf, err := io.ReadAll(fh)
 	assert.NilError(t, err)
 
 	bRdr := bytes.NewReader(buf)
@@ -113,7 +117,7 @@ func TestTarWithHardLink(t *testing.T) {
 }
 
 func TestTarWithHardLinkAndRebase(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "docker-test-tar-hardlink-rebase")
+	tmpDir, err := os.MkdirTemp("", "docker-test-tar-hardlink-rebase")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tmpDir)
 
@@ -121,7 +125,7 @@ func TestTarWithHardLinkAndRebase(t *testing.T) {
 	err = os.Mkdir(origin, 0700)
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
+	err = os.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
 	assert.NilError(t, err)
 
 	err = os.Link(filepath.Join(origin, "1"), filepath.Join(origin, "2"))
@@ -154,6 +158,25 @@ func TestTarWithHardLinkAndRebase(t *testing.T) {
 	assert.Check(t, is.Equal(i1, i2))
 }
 
+// TestUntarParentPathPermissions is a regression test to check that missing
+// parent directories are created with the expected permissions
+func TestUntarParentPathPermissions(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	buf := &bytes.Buffer{}
+	w := tar.NewWriter(buf)
+	err := w.WriteHeader(&tar.Header{Name: "foo/bar"})
+	assert.NilError(t, err)
+	tmpDir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmpDir)
+	err = Untar(buf, tmpDir, nil)
+	assert.NilError(t, err)
+
+	fi, err := os.Lstat(filepath.Join(tmpDir, "foo"))
+	assert.NilError(t, err)
+	assert.Equal(t, fi.Mode(), 0755|os.ModeDir)
+}
+
 func getNlink(path string) (uint64, error) {
 	stat, err := os.Stat(path)
 	if err != nil {
@@ -164,6 +187,7 @@ func getNlink(path string) (uint64, error) {
 		return 0, fmt.Errorf("expected type *syscall.Stat_t, got %t", stat.Sys())
 	}
 	// We need this conversion on ARM64
+	//nolint: unconvert
 	return uint64(statT.Nlink), nil
 }
 
@@ -181,11 +205,12 @@ func getInode(path string) (uint64, error) {
 
 func TestTarWithBlockCharFifo(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
+	skip.If(t, userns.RunningInUserNS(), "skipping test that requires initial userns")
+	origin, err := os.MkdirTemp("", "docker-test-tar-hardlink")
 	assert.NilError(t, err)
 
 	defer os.RemoveAll(origin)
-	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
+	err = os.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
 	assert.NilError(t, err)
 
 	err = system.Mknod(filepath.Join(origin, "2"), unix.S_IFBLK, int(system.Mkdev(int64(12), int64(5))))
@@ -195,7 +220,7 @@ func TestTarWithBlockCharFifo(t *testing.T) {
 	err = system.Mknod(filepath.Join(origin, "4"), unix.S_IFIFO, int(system.Mkdev(int64(12), int64(5))))
 	assert.NilError(t, err)
 
-	dest, err := ioutil.TempDir("", "docker-test-tar-hardlink-dest")
+	dest, err := os.MkdirTemp("", "docker-test-tar-hardlink-dest")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dest)
 
@@ -204,7 +229,7 @@ func TestTarWithBlockCharFifo(t *testing.T) {
 	assert.NilError(t, err)
 
 	// ensure we can read the whole thing with no error, before writing back out
-	buf, err := ioutil.ReadAll(fh)
+	buf, err := io.ReadAll(fh)
 	assert.NilError(t, err)
 
 	bRdr := bytes.NewReader(buf)
@@ -222,18 +247,26 @@ func TestTarWithBlockCharFifo(t *testing.T) {
 // TestTarUntarWithXattr is Unix as Lsetxattr is not supported on Windows
 func TestTarUntarWithXattr(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if _, err := exec.LookPath("setcap"); err != nil {
+		t.Skip("setcap not installed")
+	}
+	if _, err := exec.LookPath("getcap"); err != nil {
+		t.Skip("getcap not installed")
+	}
+
+	origin, err := os.MkdirTemp("", "docker-test-untar-origin")
 	assert.NilError(t, err)
 	defer os.RemoveAll(origin)
-	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
+	err = os.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700)
-	assert.NilError(t, err)
-	err = ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
+	err = os.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700)
 	assert.NilError(t, err)
-	err = system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0)
+	err = os.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
 	assert.NilError(t, err)
+	// there is no known Go implementation of setcap/getcap with support for v3 file capability
+	out, err := exec.Command("setcap", "cap_block_suspend+ep", filepath.Join(origin, "2")).CombinedOutput()
+	assert.NilError(t, err, string(out))
 
 	for _, c := range []Compression{
 		Uncompressed,
@@ -251,10 +284,9 @@ func TestTarUntarWithXattr(t *testing.T) {
 		if len(changes) != 1 || changes[0].Path != "/3" {
 			t.Fatalf("Unexpected differences after tarUntar: %v", changes)
 		}
-		capability, _ := system.Lgetxattr(filepath.Join(origin, "2"), "security.capability")
-		if capability == nil && capability[0] != 0x00 {
-			t.Fatalf("Untar should have kept the 'security.capability' xattr.")
-		}
+		out, err := exec.Command("getcap", filepath.Join(origin, "2")).CombinedOutput()
+		assert.NilError(t, err, string(out))
+		assert.Check(t, is.Contains(string(out), "cap_block_suspend=ep"), "untar should have kept the 'security.capability' xattr")
 	}
 }
 
@@ -271,31 +303,31 @@ func TestCopyInfoDestinationPathSymlink(t *testing.T) {
 	}
 
 	testData := []FileTestData{
-		//Create a directory: /tmp/archive-copy-test*/dir1
-		//Test will "copy" file1 to dir1
+		// Create a directory: /tmp/archive-copy-test*/dir1
+		// Test will "copy" file1 to dir1
 		{resource: FileData{filetype: Dir, path: "dir1", permissions: 0740}, file: "file1", expected: CopyInfo{Path: root + "dir1/file1", Exists: false, IsDir: false}},
 
-		//Create a symlink directory to dir1: /tmp/archive-copy-test*/dirSymlink -> dir1
-		//Test will "copy" file2 to dirSymlink
+		// Create a symlink directory to dir1: /tmp/archive-copy-test*/dirSymlink -> dir1
+		// Test will "copy" file2 to dirSymlink
 		{resource: FileData{filetype: Symlink, path: "dirSymlink", contents: root + "dir1", permissions: 0600}, file: "file2", expected: CopyInfo{Path: root + "dirSymlink/file2", Exists: false, IsDir: false}},
 
-		//Create a file in tmp directory: /tmp/archive-copy-test*/file1
-		//Test to cover when the full file path already exists.
+		// Create a file in tmp directory: /tmp/archive-copy-test*/file1
+		// Test to cover when the full file path already exists.
 		{resource: FileData{filetype: Regular, path: "file1", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "file1", Exists: true}},
 
-		//Create a directory: /tmp/archive-copy*/dir2
-		//Test to cover when the full directory path already exists
+		// Create a directory: /tmp/archive-copy*/dir2
+		// Test to cover when the full directory path already exists
 		{resource: FileData{filetype: Dir, path: "dir2", permissions: 0740}, file: "", expected: CopyInfo{Path: root + "dir2", Exists: true, IsDir: true}},
 
-		//Create a symlink to a non-existent target: /tmp/archive-copy*/symlink1 -> noSuchTarget
-		//Negative test to cover symlinking to a target that does not exit
+		// Create a symlink to a non-existent target: /tmp/archive-copy*/symlink1 -> noSuchTarget
+		// Negative test to cover symlinking to a target that does not exit
 		{resource: FileData{filetype: Symlink, path: "symlink1", contents: "noSuchTarget", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "noSuchTarget", Exists: false}},
 
-		//Create a file in tmp directory for next test: /tmp/existingfile
+		// Create a file in tmp directory for next test: /tmp/existingfile
 		{resource: FileData{filetype: Regular, path: "existingfile", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "existingfile", Exists: true}},
 
-		//Create a symlink to an existing file: /tmp/archive-copy*/symlink2 -> /tmp/existingfile
-		//Test to cover when the parent directory of a new file is a symlink
+		// Create a symlink to an existing file: /tmp/archive-copy*/symlink2 -> /tmp/existingfile
+		// Test to cover when the parent directory of a new file is a symlink
 		{resource: FileData{filetype: Symlink, path: "symlink2", contents: "existingfile", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "existingfile", Exists: true}},
 	}
 
diff --git a/pkg/archive/archive_windows.go b/pkg/archive/archive_windows.go
index ae6b89fd719c4..7260174bfbb73 100644
--- a/pkg/archive/archive_windows.go
+++ b/pkg/archive/archive_windows.go
@@ -31,7 +31,7 @@ func CanonicalTarNameForPath(p string) string {
 // chmodTarEntry is used to adjust the file permissions used in tar header based
 // on the platform the archival is done.
 func chmodTarEntry(perm os.FileMode) os.FileMode {
-	//perm &= 0755 // this 0-ed out tar flags (like link, regular file, directory marker etc.)
+	// perm &= 0755 // this 0-ed out tar flags (like link, regular file, directory marker etc.)
 	permPart := perm & os.ModePerm
 	noPermPart := perm &^ os.ModePerm
 	// Add the x bit: make everything +x from windows
diff --git a/pkg/archive/archive_windows_test.go b/pkg/archive/archive_windows_test.go
index 6f0e25ccac534..f03b1e2d827d1 100644
--- a/pkg/archive/archive_windows_test.go
+++ b/pkg/archive/archive_windows_test.go
@@ -1,9 +1,9 @@
+//go:build windows
 // +build windows
 
 package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -14,7 +14,7 @@ func TestCopyFileWithInvalidDest(t *testing.T) {
 	// recently changed in CopyWithTar as used to pass. Further investigation
 	// is required.
 	t.Skip("Currently fails")
-	folder, err := ioutil.TempDir("", "docker-archive-test")
+	folder, err := os.MkdirTemp("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -26,7 +26,7 @@ func TestCopyFileWithInvalidDest(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ioutil.WriteFile(src, []byte("content"), 0777)
+	os.WriteFile(src, []byte("content"), 0777)
 	err = defaultCopyWithTar(src, dest)
 	if err == nil {
 		t.Fatalf("archiver.CopyWithTar should throw an error on invalid dest.")
diff --git a/pkg/archive/changes.go b/pkg/archive/changes.go
index 43734db5b117f..a0f25942c14f1 100644
--- a/pkg/archive/changes.go
+++ b/pkg/archive/changes.go
@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sort"
@@ -63,12 +62,16 @@ func (c changesByPath) Less(i, j int) bool { return c[i].Path < c[j].Path }
 func (c changesByPath) Len() int           { return len(c) }
 func (c changesByPath) Swap(i, j int)      { c[j], c[i] = c[i], c[j] }
 
-// Gnu tar and the go tar writer don't have sub-second mtime
-// precision, which is problematic when we apply changes via tar
-// files, we handle this by comparing for exact times, *or* same
+// Gnu tar doesn't have sub-second mtime precision. The go tar
+// writer (1.10+) does when using PAX format, but we round times to seconds
+// to ensure archives have the same hashes for backwards compatibility.
+// See https://github.com/moby/moby/pull/35739/commits/fb170206ba12752214630b269a40ac7be6115ed4.
+//
+// Non-sub-second is problematic when we apply changes via tar
+// files. We handle this by comparing for exact times, *or* same
 // second count and either a or b having exactly 0 nanoseconds
 func sameFsTime(a, b time.Time) bool {
-	return a == b ||
+	return a.Equal(b) ||
 		(a.Unix() == b.Unix() &&
 			(a.Nanosecond() == 0 || b.Nanosecond() == 0))
 }
@@ -344,7 +347,7 @@ func ChangesDirs(newDir, oldDir string) ([]Change, error) {
 		oldRoot, newRoot *FileInfo
 	)
 	if oldDir == "" {
-		emptyDir, err := ioutil.TempDir("", "empty")
+		emptyDir, err := os.MkdirTemp("", "empty")
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/archive/changes_other.go b/pkg/archive/changes_other.go
index ba744741cd02b..0e4399a43b26e 100644
--- a/pkg/archive/changes_other.go
+++ b/pkg/archive/changes_other.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package archive // import "github.com/docker/docker/pkg/archive"
diff --git a/pkg/archive/changes_posix_test.go b/pkg/archive/changes_posix_test.go
index 019a0250f3b8f..4c71cb2575d4b 100644
--- a/pkg/archive/changes_posix_test.go
+++ b/pkg/archive/changes_posix_test.go
@@ -4,7 +4,6 @@ import (
 	"archive/tar"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"sort"
@@ -16,7 +15,7 @@ func TestHardLinkOrder(t *testing.T) {
 	msg := []byte("Hey y'all")
 
 	// Create dir
-	src, err := ioutil.TempDir("", "docker-hardlink-test-src-")
+	src, err := os.MkdirTemp("", "docker-hardlink-test-src-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -34,7 +33,7 @@ func TestHardLinkOrder(t *testing.T) {
 		}()
 	}
 	// Create dest, with changes that includes hardlinks
-	dest, err := ioutil.TempDir("", "docker-hardlink-test-dest-")
+	dest, err := os.MkdirTemp("", "docker-hardlink-test-dest-")
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/pkg/archive/changes_test.go b/pkg/archive/changes_test.go
index f2527cd93650f..81b87aa12b01f 100644
--- a/pkg/archive/changes_test.go
+++ b/pkg/archive/changes_test.go
@@ -1,18 +1,23 @@
 package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
+	"path/filepath"
 	"runtime"
 	"sort"
+	"strconv"
+	"strings"
+	"syscall"
 	"testing"
 	"time"
 
+	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/system"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 func max(x, y int) int {
@@ -23,7 +28,24 @@ func max(x, y int) int {
 }
 
 func copyDir(src, dst string) error {
-	return exec.Command("cp", "-a", src, dst).Run()
+	if runtime.GOOS != "windows" {
+		return exec.Command("cp", "-a", src, dst).Run()
+	}
+
+	// Could have used xcopy src dst /E /I /H /Y /B. However, xcopy has the
+	// unfortunate side effect of not preserving timestamps of newly created
+	// directories in the target directory, so we don't get accurate changes.
+	// Use robocopy instead. Note this isn't available in microsoft/nanoserver.
+	// But it has gotchas. See https://weblogs.sqlteam.com/robv/archive/2010/02/17/61106.aspx
+	err := exec.Command("robocopy", filepath.FromSlash(src), filepath.FromSlash(dst), "/SL", "/COPYALL", "/MIR").Run()
+	if exiterr, ok := err.(*exec.ExitError); ok {
+		if status, ok := exiterr.Sys().(syscall.WaitStatus); ok {
+			if status.ExitStatus()&24 == 0 {
+				return nil
+			}
+		}
+	}
+	return err
 }
 
 type FileType uint32
@@ -79,7 +101,7 @@ func provisionSampleDir(t *testing.T, root string, files []FileData) {
 			err := os.MkdirAll(p, info.permissions)
 			assert.NilError(t, err)
 		} else if info.filetype == Regular {
-			err := ioutil.WriteFile(p, []byte(info.contents), info.permissions)
+			err := os.WriteFile(p, []byte(info.contents), info.permissions)
 			assert.NilError(t, err)
 		} else if info.filetype == Symlink {
 			err := os.Symlink(info.contents, p)
@@ -113,15 +135,10 @@ func TestChangeString(t *testing.T) {
 }
 
 func TestChangesWithNoChanges(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	// as createSampleDir uses symlinks.
-	if runtime.GOOS == "windows" {
-		t.Skip("symlinks on Windows")
-	}
-	rwLayer, err := ioutil.TempDir("", "docker-changes-test")
+	rwLayer, err := os.MkdirTemp("", "docker-changes-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(rwLayer)
-	layer, err := ioutil.TempDir("", "docker-changes-test-layer")
+	layer, err := os.MkdirTemp("", "docker-changes-test-layer")
 	assert.NilError(t, err)
 	defer os.RemoveAll(layer)
 	createSampleDir(t, layer)
@@ -133,20 +150,15 @@ func TestChangesWithNoChanges(t *testing.T) {
 }
 
 func TestChangesWithChanges(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	// as createSampleDir uses symlinks.
-	if runtime.GOOS == "windows" {
-		t.Skip("symlinks on Windows")
-	}
 	// Mock the readonly layer
-	layer, err := ioutil.TempDir("", "docker-changes-test-layer")
+	layer, err := os.MkdirTemp("", "docker-changes-test-layer")
 	assert.NilError(t, err)
 	defer os.RemoveAll(layer)
 	createSampleDir(t, layer)
 	os.MkdirAll(path.Join(layer, "dir1/subfolder"), 0740)
 
 	// Mock the RW layer
-	rwLayer, err := ioutil.TempDir("", "docker-changes-test")
+	rwLayer, err := os.MkdirTemp("", "docker-changes-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(rwLayer)
 
@@ -154,36 +166,35 @@ func TestChangesWithChanges(t *testing.T) {
 	dir1 := path.Join(rwLayer, "dir1")
 	os.MkdirAll(dir1, 0740)
 	deletedFile := path.Join(dir1, ".wh.file1-2")
-	ioutil.WriteFile(deletedFile, []byte{}, 0600)
+	os.WriteFile(deletedFile, []byte{}, 0600)
 	modifiedFile := path.Join(dir1, "file1-1")
-	ioutil.WriteFile(modifiedFile, []byte{0x00}, 01444)
+	os.WriteFile(modifiedFile, []byte{0x00}, 01444)
 	// Let's add a subfolder for a newFile
 	subfolder := path.Join(dir1, "subfolder")
 	os.MkdirAll(subfolder, 0740)
 	newFile := path.Join(subfolder, "newFile")
-	ioutil.WriteFile(newFile, []byte{}, 0740)
+	os.WriteFile(newFile, []byte{}, 0740)
 
 	changes, err := Changes([]string{layer}, rwLayer)
 	assert.NilError(t, err)
 
 	expectedChanges := []Change{
-		{"/dir1", ChangeModify},
-		{"/dir1/file1-1", ChangeModify},
-		{"/dir1/file1-2", ChangeDelete},
-		{"/dir1/subfolder", ChangeModify},
-		{"/dir1/subfolder/newFile", ChangeAdd},
+		{filepath.FromSlash("/dir1"), ChangeModify},
+		{filepath.FromSlash("/dir1/file1-1"), ChangeModify},
+		{filepath.FromSlash("/dir1/file1-2"), ChangeDelete},
+		{filepath.FromSlash("/dir1/subfolder"), ChangeModify},
+		{filepath.FromSlash("/dir1/subfolder/newFile"), ChangeAdd},
 	}
 	checkChanges(expectedChanges, changes, t)
 }
 
 // See https://github.com/docker/docker/pull/13590
 func TestChangesWithChangesGH13590(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	// as createSampleDir uses symlinks.
+	// TODO Windows. Needs further investigation to identify the failure
 	if runtime.GOOS == "windows" {
-		t.Skip("symlinks on Windows")
+		t.Skip("needs more investigation")
 	}
-	baseLayer, err := ioutil.TempDir("", "docker-changes-test.")
+	baseLayer, err := os.MkdirTemp("", "docker-changes-test.")
 	assert.NilError(t, err)
 	defer os.RemoveAll(baseLayer)
 
@@ -191,9 +202,9 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 	os.MkdirAll(dir3, 07400)
 
 	file := path.Join(dir3, "file.txt")
-	ioutil.WriteFile(file, []byte("hello"), 0666)
+	os.WriteFile(file, []byte("hello"), 0666)
 
-	layer, err := ioutil.TempDir("", "docker-changes-test2.")
+	layer, err := os.MkdirTemp("", "docker-changes-test2.")
 	assert.NilError(t, err)
 	defer os.RemoveAll(layer)
 
@@ -204,7 +215,7 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 
 	os.Remove(path.Join(layer, "dir1/dir2/dir3/file.txt"))
 	file = path.Join(layer, "dir1/dir2/dir3/file1.txt")
-	ioutil.WriteFile(file, []byte("bye"), 0666)
+	os.WriteFile(file, []byte("bye"), 0666)
 
 	changes, err := Changes([]string{baseLayer}, layer)
 	assert.NilError(t, err)
@@ -216,7 +227,7 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 	checkChanges(expectedChanges, changes, t)
 
 	// Now test changing a file
-	layer, err = ioutil.TempDir("", "docker-changes-test3.")
+	layer, err = os.MkdirTemp("", "docker-changes-test3.")
 	assert.NilError(t, err)
 	defer os.RemoveAll(layer)
 
@@ -225,7 +236,7 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 	}
 
 	file = path.Join(layer, "dir1/dir2/dir3/file.txt")
-	ioutil.WriteFile(file, []byte("bye"), 0666)
+	os.WriteFile(file, []byte("bye"), 0666)
 
 	changes, err = Changes([]string{baseLayer}, layer)
 	assert.NilError(t, err)
@@ -238,12 +249,19 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 
 // Create a directory, copy it, make sure we report no changes between the two
 func TestChangesDirsEmpty(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	// as createSampleDir uses symlinks.
+	// Note we parse kernel.GetKernelVersion rather than system.GetOSVersion
+	// as test binaries aren't manifested, so would otherwise report the wrong
+	// build number.
 	if runtime.GOOS == "windows" {
-		t.Skip("symlinks on Windows")
+		v, err := kernel.GetKernelVersion()
+		assert.NilError(t, err)
+		build, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
+		if build >= osversion.V19H1 {
+			t.Skip("FIXME: broken on Windows 1903 and up; see #39846")
+		}
 	}
-	src, err := ioutil.TempDir("", "docker-changes-test")
+
+	src, err := os.MkdirTemp("", "docker-changes-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(src)
 	createSampleDir(t, src)
@@ -275,13 +293,13 @@ func mutateSampleDir(t *testing.T, root string) {
 	assert.NilError(t, err)
 
 	// Rewrite a file
-	err = ioutil.WriteFile(path.Join(root, "file2"), []byte("fileNN\n"), 0777)
+	err = os.WriteFile(path.Join(root, "file2"), []byte("fileNN\n"), 0777)
 	assert.NilError(t, err)
 
 	// Replace a file
 	err = os.RemoveAll(path.Join(root, "file3"))
 	assert.NilError(t, err)
-	err = ioutil.WriteFile(path.Join(root, "file3"), []byte("fileMM\n"), 0404)
+	err = os.WriteFile(path.Join(root, "file3"), []byte("fileMM\n"), 0404)
 	assert.NilError(t, err)
 
 	// Touch file
@@ -295,7 +313,7 @@ func mutateSampleDir(t *testing.T, root string) {
 	assert.NilError(t, err)
 
 	// Create new file
-	err = ioutil.WriteFile(path.Join(root, "filenew"), []byte("filenew\n"), 0777)
+	err = os.WriteFile(path.Join(root, "filenew"), []byte("filenew\n"), 0777)
 	assert.NilError(t, err)
 
 	// Create new dir
@@ -316,7 +334,7 @@ func mutateSampleDir(t *testing.T, root string) {
 	// Replace dir with file
 	err = os.RemoveAll(path.Join(root, "dir2"))
 	assert.NilError(t, err)
-	err = ioutil.WriteFile(path.Join(root, "dir2"), []byte("dir2\n"), 0777)
+	err = os.WriteFile(path.Join(root, "dir2"), []byte("dir2\n"), 0777)
 	assert.NilError(t, err)
 
 	// Touch dir
@@ -325,12 +343,19 @@ func mutateSampleDir(t *testing.T, root string) {
 }
 
 func TestChangesDirsMutated(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	// as createSampleDir uses symlinks.
+	// Note we parse kernel.GetKernelVersion rather than system.GetOSVersion
+	// as test binaries aren't manifested, so would otherwise report the wrong
+	// build number.
 	if runtime.GOOS == "windows" {
-		t.Skip("symlinks on Windows")
+		v, err := kernel.GetKernelVersion()
+		assert.NilError(t, err)
+		build, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
+		if build >= osversion.V19H1 {
+			t.Skip("FIXME: broken on Windows 1903 and up; see #39846")
+		}
 	}
-	src, err := ioutil.TempDir("", "docker-changes-test")
+
+	src, err := os.MkdirTemp("", "docker-changes-test")
 	assert.NilError(t, err)
 	createSampleDir(t, src)
 	dst := src + "-copy"
@@ -347,20 +372,37 @@ func TestChangesDirsMutated(t *testing.T) {
 	sort.Sort(changesByPath(changes))
 
 	expectedChanges := []Change{
-		{"/dir1", ChangeDelete},
-		{"/dir2", ChangeModify},
-		{"/dirnew", ChangeAdd},
-		{"/file1", ChangeDelete},
-		{"/file2", ChangeModify},
-		{"/file3", ChangeModify},
-		{"/file4", ChangeModify},
-		{"/file5", ChangeModify},
-		{"/filenew", ChangeAdd},
-		{"/symlink1", ChangeDelete},
-		{"/symlink2", ChangeModify},
-		{"/symlinknew", ChangeAdd},
+		{filepath.FromSlash("/dir1"), ChangeDelete},
+		{filepath.FromSlash("/dir2"), ChangeModify},
 	}
 
+	// Note there is slight difference between the Linux and Windows
+	// implementations here. Due to https://github.com/moby/moby/issues/9874,
+	// and the fix at https://github.com/moby/moby/pull/11422, Linux does not
+	// consider a change to the directory time as a change. Windows on NTFS
+	// does. See https://github.com/moby/moby/pull/37982 for more information.
+	//
+	// Note also: https://github.com/moby/moby/pull/37982#discussion_r223523114
+	// that differences are ordered in the way the test is currently written, hence
+	// this is in the middle of the list of changes rather than at the start or
+	// end. Potentially can be addressed later.
+	if runtime.GOOS == "windows" {
+		expectedChanges = append(expectedChanges, Change{filepath.FromSlash("/dir3"), ChangeModify})
+	}
+
+	expectedChanges = append(expectedChanges, []Change{
+		{filepath.FromSlash("/dirnew"), ChangeAdd},
+		{filepath.FromSlash("/file1"), ChangeDelete},
+		{filepath.FromSlash("/file2"), ChangeModify},
+		{filepath.FromSlash("/file3"), ChangeModify},
+		{filepath.FromSlash("/file4"), ChangeModify},
+		{filepath.FromSlash("/file5"), ChangeModify},
+		{filepath.FromSlash("/filenew"), ChangeAdd},
+		{filepath.FromSlash("/symlink1"), ChangeDelete},
+		{filepath.FromSlash("/symlink2"), ChangeModify},
+		{filepath.FromSlash("/symlinknew"), ChangeAdd},
+	}...)
+
 	for i := 0; i < max(len(changes), len(expectedChanges)); i++ {
 		if i >= len(expectedChanges) {
 			t.Fatalf("unexpected change %s\n", changes[i].String())
@@ -373,7 +415,7 @@ func TestChangesDirsMutated(t *testing.T) {
 				t.Fatalf("Wrong change for %s, expected %s, got %s\n", changes[i].Path, changes[i].String(), expectedChanges[i].String())
 			}
 		} else if changes[i].Path < expectedChanges[i].Path {
-			t.Fatalf("unexpected change %s\n", changes[i].String())
+			t.Fatalf("unexpected change %q %q\n", changes[i].String(), expectedChanges[i].Path)
 		} else {
 			t.Fatalf("no change for expected change %s != %s\n", expectedChanges[i].String(), changes[i].String())
 		}
@@ -381,12 +423,15 @@ func TestChangesDirsMutated(t *testing.T) {
 }
 
 func TestApplyLayer(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	// as createSampleDir uses symlinks.
+	// TODO Windows. This is very close to working, but it fails with changes
+	// to \symlinknew and \symlink2. The destination has an updated
+	// Access/Modify/Change/Birth date to the source (~3/100th sec different).
+	// Needs further investigation as to why, but I currently believe this is
+	// just the way NTFS works. I don't think it's a bug in this test or archive.
 	if runtime.GOOS == "windows" {
-		t.Skip("symlinks on Windows")
+		t.Skip("needs further investigation")
 	}
-	src, err := ioutil.TempDir("", "docker-changes-test")
+	src, err := os.MkdirTemp("", "docker-changes-test")
 	assert.NilError(t, err)
 	createSampleDir(t, src)
 	defer os.RemoveAll(src)
@@ -417,16 +462,16 @@ func TestApplyLayer(t *testing.T) {
 }
 
 func TestChangesSizeWithHardlinks(t *testing.T) {
-	// TODO Windows. There may be a way of running this, but turning off for now
-	// as createSampleDir uses symlinks.
+	// TODO Windows. Needs further investigation. Likely in ChangeSizes not
+	// coping correctly with hardlinks on Windows.
 	if runtime.GOOS == "windows" {
-		t.Skip("hardlinks on Windows")
+		t.Skip("needs further investigation")
 	}
-	srcDir, err := ioutil.TempDir("", "docker-test-srcDir")
+	srcDir, err := os.MkdirTemp("", "docker-test-srcDir")
 	assert.NilError(t, err)
 	defer os.RemoveAll(srcDir)
 
-	destDir, err := ioutil.TempDir("", "docker-test-destDir")
+	destDir, err := os.MkdirTemp("", "docker-test-destDir")
 	assert.NilError(t, err)
 	defer os.RemoveAll(destDir)
 
@@ -460,14 +505,14 @@ func TestChangesSizeWithOnlyDeleteChanges(t *testing.T) {
 }
 
 func TestChangesSize(t *testing.T) {
-	parentPath, err := ioutil.TempDir("", "docker-changes-test")
+	parentPath, err := os.MkdirTemp("", "docker-changes-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(parentPath)
 	addition := path.Join(parentPath, "addition")
-	err = ioutil.WriteFile(addition, []byte{0x01, 0x01, 0x01}, 0744)
+	err = os.WriteFile(addition, []byte{0x01, 0x01, 0x01}, 0744)
 	assert.NilError(t, err)
 	modification := path.Join(parentPath, "modification")
-	err = ioutil.WriteFile(modification, []byte{0x01, 0x01, 0x01}, 0744)
+	err = os.WriteFile(modification, []byte{0x01, 0x01, 0x01}, 0744)
 	assert.NilError(t, err)
 
 	changes := []Change{
@@ -481,7 +526,7 @@ func TestChangesSize(t *testing.T) {
 }
 
 func checkChanges(expectedChanges, changes []Change, t *testing.T) {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	skip.If(t, runtime.GOOS != "windows" && os.Getuid() != 0, "skipping test that requires root")
 	sort.Sort(changesByPath(expectedChanges))
 	sort.Sort(changesByPath(changes))
 	for i := 0; i < max(len(changes), len(expectedChanges)); i++ {
diff --git a/pkg/archive/changes_unix.go b/pkg/archive/changes_unix.go
index c06a209d8ed10..54aace970ed03 100644
--- a/pkg/archive/changes_unix.go
+++ b/pkg/archive/changes_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package archive // import "github.com/docker/docker/pkg/archive"
@@ -16,7 +17,13 @@ func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
 		oldStat.UID() != newStat.UID() ||
 		oldStat.GID() != newStat.GID() ||
 		oldStat.Rdev() != newStat.Rdev() ||
-		// Don't look at size for dirs, its not a good measure of change
+		// Don't look at size or modification time for dirs, its not a good
+		// measure of change. See https://github.com/moby/moby/issues/9874
+		// for a description of the issue with modification time, and
+		// https://github.com/moby/moby/pull/11422 for the change.
+		// (Note that in the Windows implementation of this function,
+		// modification time IS taken as a change). See
+		// https://github.com/moby/moby/pull/37982 for more information.
 		(oldStat.Mode()&unix.S_IFDIR != unix.S_IFDIR &&
 			(!sameFsTimeSpec(oldStat.Mtim(), newStat.Mtim()) || (oldStat.Size() != newStat.Size()))) {
 		return true
diff --git a/pkg/archive/changes_windows.go b/pkg/archive/changes_windows.go
index 6555c01368c68..9906685e4b0ea 100644
--- a/pkg/archive/changes_windows.go
+++ b/pkg/archive/changes_windows.go
@@ -7,9 +7,13 @@ import (
 )
 
 func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
+	// Note there is slight difference between the Linux and Windows
+	// implementations here. Due to https://github.com/moby/moby/issues/9874,
+	// and the fix at https://github.com/moby/moby/pull/11422, Linux does not
+	// consider a change to the directory time as a change. Windows on NTFS
+	// does. See https://github.com/moby/moby/pull/37982 for more information.
 
-	// Don't look at size for dirs, its not a good measure of change
-	if oldStat.Mtim() != newStat.Mtim() ||
+	if !sameFsTime(oldStat.Mtim(), newStat.Mtim()) ||
 		oldStat.Mode() != newStat.Mode() ||
 		oldStat.Size() != newStat.Size() && !oldStat.Mode().IsDir() {
 		return true
diff --git a/pkg/archive/copy.go b/pkg/archive/copy.go
index d0f13ca79beb3..801b844b786cb 100644
--- a/pkg/archive/copy.go
+++ b/pkg/archive/copy.go
@@ -4,7 +4,6 @@ import (
 	"archive/tar"
 	"errors"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -261,7 +260,7 @@ func PrepareArchiveCopy(srcContent io.Reader, srcInfo, dstInfo CopyInfo) (dstDir
 		// The destination exists as a directory. No alteration
 		// to srcContent is needed as its contents can be
 		// simply extracted to the destination directory.
-		return dstInfo.Path, ioutil.NopCloser(srcContent), nil
+		return dstInfo.Path, io.NopCloser(srcContent), nil
 	case dstInfo.Exists && srcInfo.IsDir:
 		// The destination exists as some type of file and the source
 		// content is a directory. This is an error condition since
@@ -336,6 +335,14 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read
 				return
 			}
 
+			// srcContent tar stream, as served by TarWithOptions(), is
+			// definitely in PAX format, but tar.Next() mistakenly guesses it
+			// as USTAR, which creates a problem: if the newBase is >100
+			// characters long, WriteHeader() returns an error like
+			// "archive/tar: cannot encode header: Format specifies USTAR; and USTAR cannot encode Name=...".
+			//
+			// To fix, set the format to PAX here. See docker/for-linux issue #484.
+			hdr.Format = tar.FormatPAX
 			hdr.Name = strings.Replace(hdr.Name, oldBase, newBase, 1)
 			if hdr.Typeflag == tar.TypeLink {
 				hdr.Linkname = strings.Replace(hdr.Linkname, oldBase, newBase, 1)
@@ -346,6 +353,16 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read
 				return
 			}
 
+			// Ignoring GoSec G110. See https://github.com/securego/gosec/pull/433
+			// and https://cure53.de/pentest-report_opa.pdf, which recommends to
+			// replace io.Copy with io.CopyN7. The latter allows to specify the
+			// maximum number of bytes that should be read. By properly defining
+			// the limit, it can be assured that a GZip compression bomb cannot
+			// easily cause a Denial-of-Service.
+			// After reviewing with @tonistiigi and @cpuguy83, this should not
+			// affect us, because here we do not read into memory, hence should
+			// not be vulnerable to this code consuming memory.
+			//nolint:gosec // G110: Potential DoS vulnerability via decompression bomb (gosec)
 			if _, err = io.Copy(rebasedTar, srcTar); err != nil {
 				w.CloseWithError(err)
 				return
@@ -356,9 +373,6 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read
 	return rebased
 }
 
-// TODO @gupta-ak. These might have to be changed in the future to be
-// continuity driver aware as well to support LCOW.
-
 // CopyResource performs an archive copy from the given source path to the
 // given destination path. The source path MUST exist and the destination
 // path's parent directory must exist.
diff --git a/pkg/archive/copy_unix.go b/pkg/archive/copy_unix.go
index 3958364f5ba07..2ac7729f4cf59 100644
--- a/pkg/archive/copy_unix.go
+++ b/pkg/archive/copy_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package archive // import "github.com/docker/docker/pkg/archive"
diff --git a/pkg/archive/copy_unix_test.go b/pkg/archive/copy_unix_test.go
index 739ad0e3eff4e..efb20e225d115 100644
--- a/pkg/archive/copy_unix_test.go
+++ b/pkg/archive/copy_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 // TODO Windows: Some of these tests may be salvageable and portable to Windows.
@@ -10,13 +11,12 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func removeAllPaths(paths ...string) {
@@ -28,10 +28,10 @@ func removeAllPaths(paths ...string) {
 func getTestTempDirs(t *testing.T) (tmpDirA, tmpDirB string) {
 	var err error
 
-	tmpDirA, err = ioutil.TempDir("", "archive-copy-test")
+	tmpDirA, err = os.MkdirTemp("", "archive-copy-test")
 	assert.NilError(t, err)
 
-	tmpDirB, err = ioutil.TempDir("", "archive-copy-test")
+	tmpDirB, err = os.MkdirTemp("", "archive-copy-test")
 	assert.NilError(t, err)
 
 	return
@@ -257,6 +257,30 @@ func TestCopyErrDstNotDir(t *testing.T) {
 	}
 }
 
+// Test to check if CopyTo works with a long (>100 characters) destination file name.
+// This is a regression (see https://github.com/docker/for-linux/issues/484).
+func TestCopyLongDstFilename(t *testing.T) {
+	const longName = "a_very_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_long_filename_that_is_101_characters"
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	srcInfo := CopyInfo{Path: filepath.Join(tmpDirA, "file1"), Exists: true, IsDir: false}
+
+	content, err := TarResource(srcInfo)
+	if err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+	defer content.Close()
+
+	err = CopyTo(content, srcInfo, filepath.Join(tmpDirB, longName))
+	if err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+}
+
 // Possibilities are reduced to the remaining 10 cases:
 //
 //  case | srcIsDir | onlyDirContents | dstExists | dstIsDir | dstTrSep | action
diff --git a/pkg/archive/diff.go b/pkg/archive/diff.go
index 6883ba13269cd..e095104bd96c4 100644
--- a/pkg/archive/diff.go
+++ b/pkg/archive/diff.go
@@ -4,7 +4,6 @@ import (
 	"archive/tar"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -84,7 +83,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
 			parentPath := filepath.Join(dest, parent)
 
 			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = system.MkdirAll(parentPath, 0600, "")
+				err = system.MkdirAll(parentPath, 0600)
 				if err != nil {
 					return 0, err
 				}
@@ -100,7 +99,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
 				basename := filepath.Base(hdr.Name)
 				aufsHardlinks[basename] = hdr
 				if aufsTempdir == "" {
-					if aufsTempdir, err = ioutil.TempDir("", "dockerplnk"); err != nil {
+					if aufsTempdir, err = os.MkdirTemp("", "dockerplnk"); err != nil {
 						return 0, err
 					}
 					defer os.RemoveAll(aufsTempdir)
@@ -196,7 +195,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
 				return 0, err
 			}
 
-			if err := createTarFile(path, dest, srcHdr, srcData, true, nil, options.InUserNS); err != nil {
+			if err := createTarFile(path, dest, srcHdr, srcData, !options.NoLchown, nil, options.InUserNS); err != nil {
 				return 0, err
 			}
 
@@ -240,11 +239,13 @@ func applyLayerHandler(dest string, layer io.Reader, options *TarOptions, decomp
 	dest = filepath.Clean(dest)
 
 	// We need to be able to set any perms
-	oldmask, err := system.Umask(0)
-	if err != nil {
-		return 0, err
+	if runtime.GOOS != "windows" {
+		oldmask, err := system.Umask(0)
+		if err != nil {
+			return 0, err
+		}
+		defer system.Umask(oldmask)
 	}
-	defer system.Umask(oldmask) // ignore err, ErrNotSupportedPlatform
 
 	if decompress {
 		decompLayer, err := DecompressStream(layer)
diff --git a/pkg/archive/diff_test.go b/pkg/archive/diff_test.go
index 19f2555e1ab5b..aac7b7c34087f 100644
--- a/pkg/archive/diff_test.go
+++ b/pkg/archive/diff_test.go
@@ -3,21 +3,15 @@ package archive // import "github.com/docker/docker/pkg/archive"
 import (
 	"archive/tar"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
-	"runtime"
 	"testing"
 
 	"github.com/docker/docker/pkg/ioutils"
 )
 
 func TestApplyLayerInvalidFilenames(t *testing.T) {
-	// TODO Windows: Figure out how to fix this test.
-	if runtime.GOOS == "windows" {
-		t.Skip("Passes but hits breakoutError: platform and architecture is not supported")
-	}
 	for i, headers := range [][]*tar.Header{
 		{
 			{
@@ -42,9 +36,6 @@ func TestApplyLayerInvalidFilenames(t *testing.T) {
 }
 
 func TestApplyLayerInvalidHardlink(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip("TypeLink support on Windows")
-	}
 	for i, headers := range [][]*tar.Header{
 		{ // try reading victim/hello (../)
 			{
@@ -125,9 +116,6 @@ func TestApplyLayerInvalidHardlink(t *testing.T) {
 }
 
 func TestApplyLayerInvalidSymlink(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip("TypeSymLink support on Windows")
-	}
 	for i, headers := range [][]*tar.Header{
 		{ // try reading victim/hello (../)
 			{
@@ -208,12 +196,7 @@ func TestApplyLayerInvalidSymlink(t *testing.T) {
 }
 
 func TestApplyLayerWhiteouts(t *testing.T) {
-	// TODO Windows: Figure out why this test fails
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
-	}
-
-	wd, err := ioutil.TempDir("", "graphdriver-test-whiteouts")
+	wd, err := os.MkdirTemp("", "graphdriver-test-whiteouts")
 	if err != nil {
 		return
 	}
@@ -329,7 +312,7 @@ func TestApplyLayerWhiteouts(t *testing.T) {
 }
 
 func makeTestLayer(paths []string) (rc io.ReadCloser, err error) {
-	tmpDir, err := ioutil.TempDir("", "graphdriver-test-mklayer")
+	tmpDir, err := os.MkdirTemp("", "graphdriver-test-mklayer")
 	if err != nil {
 		return
 	}
@@ -339,12 +322,14 @@ func makeTestLayer(paths []string) (rc io.ReadCloser, err error) {
 		}
 	}()
 	for _, p := range paths {
-		if p[len(p)-1] == filepath.Separator {
+		// Source files are always in Unix format. But we use filepath on
+		// creation to be platform agnostic.
+		if p[len(p)-1] == '/' {
 			if err = os.MkdirAll(filepath.Join(tmpDir, p), 0700); err != nil {
 				return
 			}
 		} else {
-			if err = ioutil.WriteFile(filepath.Join(tmpDir, p), nil, 0600); err != nil {
+			if err = os.WriteFile(filepath.Join(tmpDir, p), nil, 0600); err != nil {
 				return
 			}
 		}
@@ -374,9 +359,10 @@ func readDirContents(root string) ([]string, error) {
 			return err
 		}
 		if info.IsDir() {
-			rel = rel + "/"
+			rel = rel + string(filepath.Separator)
 		}
-		files = append(files, rel)
+		// Append in Unix semantics
+		files = append(files, filepath.ToSlash(rel))
 		return nil
 	})
 	if err != nil {
diff --git a/pkg/archive/example_changes.go b/pkg/archive/example_changes.go
index 495db809e9f69..36cb6c3cb5bd2 100644
--- a/pkg/archive/example_changes.go
+++ b/pkg/archive/example_changes.go
@@ -1,3 +1,4 @@
+//go:build ignore
 // +build ignore
 
 // Simple tool to create an archive stream from an old and new directory
@@ -9,7 +10,6 @@ import (
 	"flag"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 
@@ -39,7 +39,7 @@ func main() {
 
 	if len(*flNewDir) == 0 {
 		var err error
-		newDir, err = ioutil.TempDir("", "docker-test-newDir")
+		newDir, err = os.MkdirTemp("", "docker-test-newDir")
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -52,7 +52,7 @@ func main() {
 	}
 
 	if len(*flOldDir) == 0 {
-		oldDir, err := ioutil.TempDir("", "docker-test-oldDir")
+		oldDir, err := os.MkdirTemp("", "docker-test-oldDir")
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -83,7 +83,7 @@ func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks
 	fileData := []byte("fooo")
 	for n := 0; n < numberOfFiles; n++ {
 		fileName := fmt.Sprintf("file-%d", n)
-		if err := ioutil.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil {
+		if err := os.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil {
 			return 0, err
 		}
 		if makeLinks {
diff --git a/pkg/archive/time_unsupported.go b/pkg/archive/time_unsupported.go
index f58bf227fd33f..d0877968617e2 100644
--- a/pkg/archive/time_unsupported.go
+++ b/pkg/archive/time_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package archive // import "github.com/docker/docker/pkg/archive"
diff --git a/pkg/archive/utils_test.go b/pkg/archive/utils_test.go
index a20f58ddabb4a..a00ae680c0ebf 100644
--- a/pkg/archive/utils_test.go
+++ b/pkg/archive/utils_test.go
@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"time"
@@ -34,7 +33,7 @@ var testUntarFns = map[string]func(string, io.Reader) error{
 //
 // When using testBreakout make sure you cover one of the scenarios listed above.
 func testBreakout(untarFn string, tmpdir string, headers []*tar.Header) error {
-	tmpdir, err := ioutil.TempDir("", tmpdir)
+	tmpdir, err := os.MkdirTemp("", tmpdir)
 	if err != nil {
 		return err
 	}
@@ -54,7 +53,7 @@ func testBreakout(untarFn string, tmpdir string, headers []*tar.Header) error {
 	if err != nil {
 		return err
 	}
-	if err := ioutil.WriteFile(hello, helloData, 0644); err != nil {
+	if err := os.WriteFile(hello, helloData, 0644); err != nil {
 		return err
 	}
 	helloStat, err := os.Stat(hello)
@@ -119,7 +118,7 @@ func testBreakout(untarFn string, tmpdir string, headers []*tar.Header) error {
 		return fmt.Errorf("archive breakout: could not lstat %q: %v", hello, err)
 	}
 	defer f.Close()
-	b, err := ioutil.ReadAll(f)
+	b, err := io.ReadAll(f)
 	if err != nil {
 		return err
 	}
@@ -153,7 +152,7 @@ func testBreakout(untarFn string, tmpdir string, headers []*tar.Header) error {
 			// skip file if error
 			return nil
 		}
-		b, err := ioutil.ReadFile(path)
+		b, err := os.ReadFile(path)
 		if err != nil {
 			// Houston, we have a problem. Aborting (space)walk.
 			return err
diff --git a/pkg/archive/wrap_test.go b/pkg/archive/wrap_test.go
index 1faa7aed75393..764ef304d1cb0 100644
--- a/pkg/archive/wrap_test.go
+++ b/pkg/archive/wrap_test.go
@@ -6,7 +6,7 @@ import (
 	"io"
 	"testing"
 
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestGenerateEmptyFile(t *testing.T) {
diff --git a/pkg/authorization/api_test.go b/pkg/authorization/api_test.go
index 9d51e9e66ecbc..8e05c917d1688 100644
--- a/pkg/authorization/api_test.go
+++ b/pkg/authorization/api_test.go
@@ -11,8 +11,8 @@ import (
 	"testing"
 	"time"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestPeerCertificateMarshalJSON(t *testing.T) {
@@ -46,7 +46,7 @@ func TestPeerCertificateMarshalJSON(t *testing.T) {
 
 	var certs = []*x509.Certificate{cert}
 	addr := "www.authz.com/auth"
-	req, err := http.NewRequest("GET", addr, nil)
+	req, err := http.NewRequest(http.MethodGet, addr, nil)
 	assert.NilError(t, err)
 
 	req.RequestURI = addr
diff --git a/pkg/authorization/authz.go b/pkg/authorization/authz.go
index a1edbcd89d51d..590ac8dddd883 100644
--- a/pkg/authorization/authz.go
+++ b/pkg/authorization/authz.go
@@ -21,7 +21,7 @@ const maxBodySize = 1048576 // 1MB
 // Authenticate Request:
 // Call authZ plugins with current REST request and AuthN response
 // Request contains full HTTP packet sent to the docker daemon
-// https://docs.docker.com/engine/reference/api/
+// https://docs.docker.com/engine/api/
 //
 // Authenticate Response:
 // Call authZ plugins with full info about current REST request, REST response and AuthN response
diff --git a/pkg/authorization/authz_unix_test.go b/pkg/authorization/authz_unix_test.go
index c38b5e156667c..835cb703839be 100644
--- a/pkg/authorization/authz_unix_test.go
+++ b/pkg/authorization/authz_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 // TODO Windows: This uses a Unix socket for testing. This might be possible
@@ -8,7 +9,7 @@ package authorization // import "github.com/docker/docker/pkg/authorization"
 import (
 	"bytes"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"net/http/httptest"
@@ -32,13 +33,13 @@ func TestAuthZRequestPluginError(t *testing.T) {
 	server.start()
 	defer server.stop()
 
-	authZPlugin := createTestPlugin(t)
+	authZPlugin := createTestPlugin(t, server.socketAddress())
 
 	request := Request{
 		User:           "user",
 		RequestBody:    []byte("sample body"),
 		RequestURI:     "www.authz.com/auth",
-		RequestMethod:  "GET",
+		RequestMethod:  http.MethodGet,
 		RequestHeaders: map[string]string{"header": "value"},
 	}
 	server.replayResponse = Response{
@@ -63,13 +64,13 @@ func TestAuthZRequestPlugin(t *testing.T) {
 	server.start()
 	defer server.stop()
 
-	authZPlugin := createTestPlugin(t)
+	authZPlugin := createTestPlugin(t, server.socketAddress())
 
 	request := Request{
 		User:           "user",
 		RequestBody:    []byte("sample body"),
 		RequestURI:     "www.authz.com/auth",
-		RequestMethod:  "GET",
+		RequestMethod:  http.MethodGet,
 		RequestHeaders: map[string]string{"header": "value"},
 	}
 	server.replayResponse = Response{
@@ -95,7 +96,7 @@ func TestAuthZResponsePlugin(t *testing.T) {
 	server.start()
 	defer server.stop()
 
-	authZPlugin := createTestPlugin(t)
+	authZPlugin := createTestPlugin(t, server.socketAddress())
 
 	request := Request{
 		User:        "user",
@@ -152,7 +153,7 @@ func TestDrainBody(t *testing.T) {
 
 	for _, test := range tests {
 		msg := strings.Repeat("a", test.length)
-		body, closer, err := drainBody(ioutil.NopCloser(bytes.NewReader([]byte(msg))))
+		body, closer, err := drainBody(io.NopCloser(bytes.NewReader([]byte(msg))))
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -162,7 +163,7 @@ func TestDrainBody(t *testing.T) {
 		if closer == nil {
 			t.Fatal("Closer must not be nil")
 		}
-		modified, err := ioutil.ReadAll(closer)
+		modified, err := io.ReadAll(closer)
 		if err != nil {
 			t.Fatalf("Error must not be nil: '%v'", err)
 		}
@@ -262,13 +263,8 @@ func TestResponseModifierOverride(t *testing.T) {
 }
 
 // createTestPlugin creates a new sample authorization plugin
-func createTestPlugin(t *testing.T) *authorizationPlugin {
-	pwd, err := os.Getwd()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	client, err := plugins.NewClient("unix:///"+path.Join(pwd, pluginAddress), &tlsconfig.Options{InsecureSkipVerify: true})
+func createTestPlugin(t *testing.T, socketAddress string) *authorizationPlugin {
+	client, err := plugins.NewClient("unix:///"+socketAddress, &tlsconfig.Options{InsecureSkipVerify: true})
 	if err != nil {
 		t.Fatalf("Failed to create client %v", err)
 	}
@@ -285,12 +281,23 @@ type authZPluginTestServer struct {
 	// response stores the response sent from the plugin to the daemon
 	replayResponse Response
 	server         *httptest.Server
+	tmpDir         string
+}
+
+func (t *authZPluginTestServer) socketAddress() string {
+	return path.Join(t.tmpDir, pluginAddress)
 }
 
 // start starts the test server that implements the plugin
 func (t *authZPluginTestServer) start() {
+	var err error
+	t.tmpDir, err = os.MkdirTemp("", "authz")
+	if err != nil {
+		t.t.Fatal(err)
+	}
+
 	r := mux.NewRouter()
-	l, err := net.Listen("unix", pluginAddress)
+	l, err := net.Listen("unix", t.socketAddress())
 	if err != nil {
 		t.t.Fatal(err)
 	}
@@ -311,7 +318,7 @@ func (t *authZPluginTestServer) start() {
 // stop stops the test server that implements the plugin
 func (t *authZPluginTestServer) stop() {
 	t.server.Close()
-	os.Remove(pluginAddress)
+	_ = os.RemoveAll(t.tmpDir)
 	if t.listener != nil {
 		t.listener.Close()
 	}
@@ -320,7 +327,7 @@ func (t *authZPluginTestServer) stop() {
 // auth is a used to record/replay the authentication api messages
 func (t *authZPluginTestServer) auth(w http.ResponseWriter, r *http.Request) {
 	t.recordedRequest = Request{}
-	body, err := ioutil.ReadAll(r.Body)
+	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		t.t.Fatal(err)
 	}
diff --git a/pkg/authorization/middleware_test.go b/pkg/authorization/middleware_test.go
index 6afafe082d3ba..c7597d35c6497 100644
--- a/pkg/authorization/middleware_test.go
+++ b/pkg/authorization/middleware_test.go
@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/pkg/plugingetter"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestMiddleware(t *testing.T) {
diff --git a/pkg/authorization/middleware_unix_test.go b/pkg/authorization/middleware_unix_test.go
index 450e7fbbb7375..2587f9dc2a3de 100644
--- a/pkg/authorization/middleware_unix_test.go
+++ b/pkg/authorization/middleware_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package authorization // import "github.com/docker/docker/pkg/authorization"
@@ -9,8 +10,8 @@ import (
 	"testing"
 
 	"github.com/docker/docker/pkg/plugingetter"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestMiddlewareWrapHandler(t *testing.T) {
@@ -18,7 +19,7 @@ func TestMiddlewareWrapHandler(t *testing.T) {
 	server.start()
 	defer server.stop()
 
-	authZPlugin := createTestPlugin(t)
+	authZPlugin := createTestPlugin(t, server.socketAddress())
 	pluginNames := []string{authZPlugin.name}
 
 	var pluginGetter plugingetter.PluginGetter
@@ -34,7 +35,7 @@ func TestMiddlewareWrapHandler(t *testing.T) {
 	assert.Assert(t, mdHandler != nil)
 
 	addr := "www.example.com/auth"
-	req, _ := http.NewRequest("GET", addr, nil)
+	req, _ := http.NewRequest(http.MethodGet, addr, nil)
 	req.RequestURI = addr
 	req.Header.Add("header", "value")
 
diff --git a/pkg/authorization/response.go b/pkg/authorization/response.go
index 6b674bc29555f..82beb5be800d5 100644
--- a/pkg/authorization/response.go
+++ b/pkg/authorization/response.go
@@ -15,7 +15,6 @@ import (
 type ResponseModifier interface {
 	http.ResponseWriter
 	http.Flusher
-	http.CloseNotifier
 
 	// RawBody returns the current http content
 	RawBody() []byte
@@ -155,16 +154,6 @@ func (rm *responseModifier) Hijack() (net.Conn, *bufio.ReadWriter, error) {
 	return hijacker.Hijack()
 }
 
-// CloseNotify uses the internal close notify API of the wrapped http.ResponseWriter
-func (rm *responseModifier) CloseNotify() <-chan bool {
-	closeNotifier, ok := rm.rw.(http.CloseNotifier)
-	if !ok {
-		logrus.Error("Internal response writer doesn't support the CloseNotifier interface")
-		return nil
-	}
-	return closeNotifier.CloseNotify()
-}
-
 // Flush uses the internal flush API of the wrapped http.ResponseWriter
 func (rm *responseModifier) Flush() {
 	flusher, ok := rm.rw.(http.Flusher)
diff --git a/pkg/capabilities/caps.go b/pkg/capabilities/caps.go
new file mode 100644
index 0000000000000..a35d4204b0cdc
--- /dev/null
+++ b/pkg/capabilities/caps.go
@@ -0,0 +1,24 @@
+// Package capabilities allows to generically handle capabilities.
+package capabilities // import "github.com/docker/docker/pkg/capabilities"
+
+// Set represents a set of capabilities.
+type Set map[string]struct{}
+
+// Match tries to match set with caps, which is an OR list of AND lists of capabilities.
+// The matched AND list of capabilities is returned; or nil if none are matched.
+func (set Set) Match(caps [][]string) []string {
+	if set == nil {
+		return nil
+	}
+anyof:
+	for _, andList := range caps {
+		for _, cap := range andList {
+			if _, ok := set[cap]; !ok {
+				continue anyof
+			}
+		}
+		return andList
+	}
+	// match anything
+	return nil
+}
diff --git a/pkg/capabilities/caps_test.go b/pkg/capabilities/caps_test.go
new file mode 100644
index 0000000000000..072f230369cdc
--- /dev/null
+++ b/pkg/capabilities/caps_test.go
@@ -0,0 +1,72 @@
+package capabilities // import "github.com/docker/docker/pkg/capabilities"
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestMatch(t *testing.T) {
+	set := Set{
+		"foo": struct{}{},
+		"bar": struct{}{},
+	}
+	type testcase struct {
+		caps     [][]string
+		expected []string
+	}
+	var testcases = []testcase{
+		// matches
+		{
+			caps:     [][]string{{}},
+			expected: []string{},
+		},
+		{
+			caps:     [][]string{{"foo"}},
+			expected: []string{"foo"},
+		},
+		{
+			caps:     [][]string{{"bar"}, {"foo"}},
+			expected: []string{"bar"},
+		},
+		{
+			caps:     [][]string{{"foo", "bar"}},
+			expected: []string{"foo", "bar"},
+		},
+		{
+			caps:     [][]string{{"qux"}, {"foo"}},
+			expected: []string{"foo"},
+		},
+		{
+			caps:     [][]string{{"foo", "bar"}, {"baz"}, {"bar"}},
+			expected: []string{"foo", "bar"},
+		},
+
+		// non matches
+		{caps: nil},
+		{caps: [][]string{}},
+		{caps: [][]string{{"qux"}}},
+		{caps: [][]string{{"foo", "bar", "qux"}}},
+		{caps: [][]string{{"qux"}, {"baz"}}},
+		{caps: [][]string{{"foo", "baz"}}},
+	}
+
+	for _, m := range testcases {
+		t.Run(fmt.Sprintf("%v", m.caps), func(t *testing.T) {
+			selected := set.Match(m.caps)
+			if m.expected == nil || selected == nil {
+				if m.expected == nil && selected == nil {
+					return
+				}
+				t.Fatalf("selected = %v, expected = %v", selected, m.expected)
+			}
+			if len(selected) != len(m.expected) {
+				t.Fatalf("len(selected) = %d, len(expected) = %d", len(selected), len(m.expected))
+			}
+			for i, s := range selected {
+				if m.expected[i] != s {
+					t.Fatalf("selected[%d] = %s, expected[%d] = %s", i, s, i, m.expected[i])
+				}
+			}
+		})
+	}
+}
diff --git a/pkg/chrootarchive/archive.go b/pkg/chrootarchive/archive.go
index 2d9d662830b7b..427abee7e82f6 100644
--- a/pkg/chrootarchive/archive.go
+++ b/pkg/chrootarchive/archive.go
@@ -3,14 +3,22 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
+	"net"
 	"os"
+	"os/user"
 	"path/filepath"
 
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/idtools"
 )
 
+func init() {
+	// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
+	// environment not in the chroot from untrusted files.
+	_, _ = user.Lookup("docker")
+	_, _ = net.LookupHost("localhost")
+}
+
 // NewArchiver returns a new Archiver which uses chrootarchive.Untar
 func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver {
 	if idMapping == nil {
@@ -27,18 +35,34 @@ func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver {
 // The archive may be compressed with one of the following algorithms:
 //  identity (uncompressed), gzip, bzip2, xz.
 func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
-	return untarHandler(tarArchive, dest, options, true)
+	return untarHandler(tarArchive, dest, options, true, dest)
+}
+
+// UntarWithRoot is the same as `Untar`, but allows you to pass in a root directory
+// The root directory is the directory that will be chrooted to.
+// `dest` must be a path within `root`, if it is not an error will be returned.
+//
+// `root` should set to a directory which is not controlled by any potentially
+// malicious process.
+//
+// This should be used to prevent a potential attacker from manipulating `dest`
+// such that it would provide access to files outside of `dest` through things
+// like symlinks. Normally `ResolveSymlinksInScope` would handle this, however
+// sanitizing symlinks in this manner is inherrently racey:
+// ref: CVE-2018-15664
+func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error {
+	return untarHandler(tarArchive, dest, options, true, root)
 }
 
 // UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive,
 // and unpacks it into the directory at `dest`.
 // The archive must be an uncompressed stream.
 func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
-	return untarHandler(tarArchive, dest, options, false)
+	return untarHandler(tarArchive, dest, options, false, dest)
 }
 
 // Handler for teasing out the automatic decompression
-func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions, decompress bool) error {
+func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions, decompress bool, root string) error {
 	if tarArchive == nil {
 		return fmt.Errorf("Empty archive")
 	}
@@ -49,17 +73,21 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
 		options.ExcludePatterns = []string{}
 	}
 
-	idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
-	rootIDs := idMapping.RootPair()
+	// If dest is inside a root then directory is created within chroot by extractor.
+	// This case is only currently used by cp.
+	if dest == root {
+		idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
+		rootIDs := idMapping.RootPair()
 
-	dest = filepath.Clean(dest)
-	if _, err := os.Stat(dest); os.IsNotExist(err) {
-		if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
-			return err
+		dest = filepath.Clean(dest)
+		if _, err := os.Stat(dest); os.IsNotExist(err) {
+			if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
+				return err
+			}
 		}
 	}
 
-	r := ioutil.NopCloser(tarArchive)
+	r := io.NopCloser(tarArchive)
 	if decompress {
 		decompressedArchive, err := archive.DecompressStream(tarArchive)
 		if err != nil {
@@ -69,5 +97,13 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
 		r = decompressedArchive
 	}
 
-	return invokeUnpack(r, dest, options)
+	return invokeUnpack(r, dest, options, root)
+}
+
+// Tar tars the requested path while chrooted to the specified root.
+func Tar(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) {
+	if options == nil {
+		options = &archive.TarOptions{}
+	}
+	return invokePack(srcPath, options, root)
 }
diff --git a/pkg/chrootarchive/archive_test.go b/pkg/chrootarchive/archive_test.go
index 5911a36158bf6..c96c83b072f32 100644
--- a/pkg/chrootarchive/archive_test.go
+++ b/pkg/chrootarchive/archive_test.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"hash/crc32"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -16,7 +15,7 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/docker/docker/pkg/system"
-	"gotest.tools/skip"
+	"gotest.tools/v3/skip"
 )
 
 func init() {
@@ -43,19 +42,19 @@ func CopyWithTar(src, dst string) error {
 
 func TestChrootTarUntar(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootTarUntar")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootTarUntar")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700, ""); err != nil {
+	if err := system.MkdirAll(src, 0700); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(filepath.Join(src, "toto"), []byte("hello toto"), 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(src, "toto"), []byte("hello toto"), 0644); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(filepath.Join(src, "lolo"), []byte("hello lolo"), 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(src, "lolo"), []byte("hello lolo"), 0644); err != nil {
 		t.Fatal(err)
 	}
 	stream, err := archive.Tar(src, archive.Uncompressed)
@@ -63,7 +62,7 @@ func TestChrootTarUntar(t *testing.T) {
 		t.Fatal(err)
 	}
 	dest := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(dest, 0700, ""); err != nil {
+	if err := system.MkdirAll(dest, 0700); err != nil {
 		t.Fatal(err)
 	}
 	if err := Untar(stream, dest, &archive.TarOptions{ExcludePatterns: []string{"lolo"}}); err != nil {
@@ -75,16 +74,16 @@ func TestChrootTarUntar(t *testing.T) {
 // local images)
 func TestChrootUntarWithHugeExcludesList(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarHugeExcludes")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootUntarHugeExcludes")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700, ""); err != nil {
+	if err := system.MkdirAll(src, 0700); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(filepath.Join(src, "toto"), []byte("hello toto"), 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(src, "toto"), []byte("hello toto"), 0644); err != nil {
 		t.Fatal(err)
 	}
 	stream, err := archive.Tar(src, archive.Uncompressed)
@@ -92,14 +91,15 @@ func TestChrootUntarWithHugeExcludesList(t *testing.T) {
 		t.Fatal(err)
 	}
 	dest := filepath.Join(tmpdir, "dest")
-	if err := system.MkdirAll(dest, 0700, ""); err != nil {
+	if err := system.MkdirAll(dest, 0700); err != nil {
 		t.Fatal(err)
 	}
 	options := &archive.TarOptions{}
-	//65534 entries of 64-byte strings ~= 4MB of environment space which should overflow
-	//on most systems when passed via environment or command line arguments
+	// 65534 entries of 64-byte strings ~= 4MB of environment space which should overflow
+	// on most systems when passed via environment or command line arguments
 	excludes := make([]string, 65534)
-	for i := 0; i < 65534; i++ {
+	var i rune
+	for i = 0; i < 65534; i++ {
 		excludes[i] = strings.Repeat(string(i), 64)
 	}
 	options.ExcludePatterns = excludes
@@ -109,7 +109,7 @@ func TestChrootUntarWithHugeExcludesList(t *testing.T) {
 }
 
 func TestChrootUntarEmptyArchive(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarEmptyArchive")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootUntarEmptyArchive")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -123,7 +123,7 @@ func prepareSourceDirectory(numberOfFiles int, targetPath string, makeSymLinks b
 	fileData := []byte("fooo")
 	for n := 0; n < numberOfFiles; n++ {
 		fileName := fmt.Sprintf("file-%d", n)
-		if err := ioutil.WriteFile(filepath.Join(targetPath, fileName), fileData, 0700); err != nil {
+		if err := os.WriteFile(filepath.Join(targetPath, fileName), fileData, 0700); err != nil {
 			return 0, err
 		}
 		if makeSymLinks {
@@ -137,7 +137,7 @@ func prepareSourceDirectory(numberOfFiles int, targetPath string, makeSymLinks b
 }
 
 func getHash(filename string) (uint32, error) {
-	stream, err := ioutil.ReadFile(filename)
+	stream, err := os.ReadFile(filename)
 	if err != nil {
 		return 0, err
 	}
@@ -175,13 +175,13 @@ func compareFiles(src string, dest string) error {
 func TestChrootTarUntarWithSymlink(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows", "FIXME: figure out why this is failing")
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootTarUntarWithSymlink")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootTarUntarWithSymlink")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700, ""); err != nil {
+	if err := system.MkdirAll(src, 0700); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := prepareSourceDirectory(10, src, false); err != nil {
@@ -199,13 +199,13 @@ func TestChrootTarUntarWithSymlink(t *testing.T) {
 func TestChrootCopyWithTar(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows", "FIXME: figure out why this is failing")
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootCopyWithTar")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootCopyWithTar")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700, ""); err != nil {
+	if err := system.MkdirAll(src, 0700); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := prepareSourceDirectory(10, src, true); err != nil {
@@ -246,13 +246,13 @@ func TestChrootCopyWithTar(t *testing.T) {
 
 func TestChrootCopyFileWithTar(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootCopyFileWithTar")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootCopyFileWithTar")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700, ""); err != nil {
+	if err := system.MkdirAll(src, 0700); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := prepareSourceDirectory(10, src, true); err != nil {
@@ -291,13 +291,13 @@ func TestChrootCopyFileWithTar(t *testing.T) {
 func TestChrootUntarPath(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows", "FIXME: figure out why this is failing")
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarPath")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootUntarPath")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700, ""); err != nil {
+	if err := system.MkdirAll(src, 0700); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := prepareSourceDirectory(10, src, false); err != nil {
@@ -317,7 +317,7 @@ func TestChrootUntarPath(t *testing.T) {
 	buf := new(bytes.Buffer)
 	buf.ReadFrom(stream)
 	tarfile := filepath.Join(tmpdir, "src.tar")
-	if err := ioutil.WriteFile(tarfile, buf.Bytes(), 0644); err != nil {
+	if err := os.WriteFile(tarfile, buf.Bytes(), 0644); err != nil {
 		t.Fatal(err)
 	}
 	if err := UntarPath(tarfile, dest); err != nil {
@@ -353,13 +353,13 @@ func (s *slowEmptyTarReader) Read(p []byte) (int, error) {
 
 func TestChrootUntarEmptyArchiveFromSlowReader(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarEmptyArchiveFromSlowReader")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootUntarEmptyArchiveFromSlowReader")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	dest := filepath.Join(tmpdir, "dest")
-	if err := system.MkdirAll(dest, 0700, ""); err != nil {
+	if err := system.MkdirAll(dest, 0700); err != nil {
 		t.Fatal(err)
 	}
 	stream := &slowEmptyTarReader{size: 10240, chunkSize: 1024}
@@ -370,13 +370,13 @@ func TestChrootUntarEmptyArchiveFromSlowReader(t *testing.T) {
 
 func TestChrootApplyEmptyArchiveFromSlowReader(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootApplyEmptyArchiveFromSlowReader")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootApplyEmptyArchiveFromSlowReader")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	dest := filepath.Join(tmpdir, "dest")
-	if err := system.MkdirAll(dest, 0700, ""); err != nil {
+	if err := system.MkdirAll(dest, 0700); err != nil {
 		t.Fatal(err)
 	}
 	stream := &slowEmptyTarReader{size: 10240, chunkSize: 1024}
@@ -387,16 +387,16 @@ func TestChrootApplyEmptyArchiveFromSlowReader(t *testing.T) {
 
 func TestChrootApplyDotDotFile(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	tmpdir, err := ioutil.TempDir("", "docker-TestChrootApplyDotDotFile")
+	tmpdir, err := os.MkdirTemp("", "docker-TestChrootApplyDotDotFile")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700, ""); err != nil {
+	if err := system.MkdirAll(src, 0700); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(filepath.Join(src, "..gitme"), []byte(""), 0644); err != nil {
+	if err := os.WriteFile(filepath.Join(src, "..gitme"), []byte(""), 0644); err != nil {
 		t.Fatal(err)
 	}
 	stream, err := archive.Tar(src, archive.Uncompressed)
@@ -404,7 +404,7 @@ func TestChrootApplyDotDotFile(t *testing.T) {
 		t.Fatal(err)
 	}
 	dest := filepath.Join(tmpdir, "dest")
-	if err := system.MkdirAll(dest, 0700, ""); err != nil {
+	if err := system.MkdirAll(dest, 0700); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := ApplyLayer(dest, stream); err != nil {
diff --git a/pkg/chrootarchive/archive_unix.go b/pkg/chrootarchive/archive_unix.go
index 5df8afd662055..b3a8ae1135ab4 100644
--- a/pkg/chrootarchive/archive_unix.go
+++ b/pkg/chrootarchive/archive_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
@@ -8,12 +9,14 @@ import (
 	"flag"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
+	"path/filepath"
 	"runtime"
+	"strings"
 
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
+	"github.com/pkg/errors"
 )
 
 // untar is the entry-point for docker-untar on re-exec. This is not used on
@@ -23,18 +26,28 @@ func untar() {
 	runtime.LockOSThread()
 	flag.Parse()
 
-	var options *archive.TarOptions
+	var options archive.TarOptions
 
-	//read the options from the pipe "ExtraFiles"
+	// read the options from the pipe "ExtraFiles"
 	if err := json.NewDecoder(os.NewFile(3, "options")).Decode(&options); err != nil {
 		fatal(err)
 	}
 
-	if err := chroot(flag.Arg(0)); err != nil {
+	dst := flag.Arg(0)
+	var root string
+	if len(flag.Args()) > 1 {
+		root = flag.Arg(1)
+	}
+
+	if root == "" {
+		root = dst
+	}
+
+	if err := chroot(root); err != nil {
 		fatal(err)
 	}
 
-	if err := archive.Unpack(os.Stdin, "/", options); err != nil {
+	if err := archive.Unpack(os.Stdin, dst, &options); err != nil {
 		fatal(err)
 	}
 	// fully consume stdin in case it is zero padded
@@ -45,7 +58,10 @@ func untar() {
 	os.Exit(0)
 }
 
-func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions) error {
+func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions, root string) error {
+	if root == "" {
+		return errors.New("must specify a root to chroot to")
+	}
 
 	// We can't pass a potentially large exclude list directly via cmd line
 	// because we easily overrun the kernel's max argument/environment size
@@ -57,7 +73,21 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T
 		return fmt.Errorf("Untar pipe failure: %v", err)
 	}
 
-	cmd := reexec.Command("docker-untar", dest)
+	if root != "" {
+		relDest, err := filepath.Rel(root, dest)
+		if err != nil {
+			return err
+		}
+		if relDest == "." {
+			relDest = "/"
+		}
+		if relDest[0] != '/' {
+			relDest = "/" + relDest
+		}
+		dest = relDest
+	}
+
+	cmd := reexec.Command("docker-untar", dest, root)
 	cmd.Stdin = decompressedArchive
 
 	cmd.ExtraFiles = append(cmd.ExtraFiles, r)
@@ -69,7 +99,8 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T
 		w.Close()
 		return fmt.Errorf("Untar error on re-exec cmd: %v", err)
 	}
-	//write the options to the pipe for the untar exec to read
+
+	// write the options to the pipe for the untar exec to read
 	if err := json.NewEncoder(w).Encode(options); err != nil {
 		w.Close()
 		return fmt.Errorf("Untar json encode to pipe failed: %v", err)
@@ -80,9 +111,98 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T
 		// when `xz -d -c -q | docker-untar ...` failed on docker-untar side,
 		// we need to exhaust `xz`'s output, otherwise the `xz` side will be
 		// pending on write pipe forever
-		io.Copy(ioutil.Discard, decompressedArchive)
+		io.Copy(io.Discard, decompressedArchive)
 
 		return fmt.Errorf("Error processing tar file(%v): %s", err, output)
 	}
 	return nil
 }
+
+func tar() {
+	runtime.LockOSThread()
+	flag.Parse()
+
+	src := flag.Arg(0)
+	var root string
+	if len(flag.Args()) > 1 {
+		root = flag.Arg(1)
+	}
+
+	if root == "" {
+		root = src
+	}
+
+	if err := realChroot(root); err != nil {
+		fatal(err)
+	}
+
+	var options archive.TarOptions
+	if err := json.NewDecoder(os.Stdin).Decode(&options); err != nil {
+		fatal(err)
+	}
+
+	rdr, err := archive.TarWithOptions(src, &options)
+	if err != nil {
+		fatal(err)
+	}
+	defer rdr.Close()
+
+	if _, err := io.Copy(os.Stdout, rdr); err != nil {
+		fatal(err)
+	}
+
+	os.Exit(0)
+}
+
+func invokePack(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) {
+	if root == "" {
+		return nil, errors.New("root path must not be empty")
+	}
+
+	relSrc, err := filepath.Rel(root, srcPath)
+	if err != nil {
+		return nil, err
+	}
+	if relSrc == "." {
+		relSrc = "/"
+	}
+	if relSrc[0] != '/' {
+		relSrc = "/" + relSrc
+	}
+
+	// make sure we didn't trim a trailing slash with the call to `Rel`
+	if strings.HasSuffix(srcPath, "/") && !strings.HasSuffix(relSrc, "/") {
+		relSrc += "/"
+	}
+
+	cmd := reexec.Command("docker-tar", relSrc, root)
+
+	errBuff := bytes.NewBuffer(nil)
+	cmd.Stderr = errBuff
+
+	tarR, tarW := io.Pipe()
+	cmd.Stdout = tarW
+
+	stdin, err := cmd.StdinPipe()
+	if err != nil {
+		return nil, errors.Wrap(err, "error getting options pipe for tar process")
+	}
+
+	if err := cmd.Start(); err != nil {
+		return nil, errors.Wrap(err, "tar error on re-exec cmd")
+	}
+
+	go func() {
+		err := cmd.Wait()
+		err = errors.Wrapf(err, "error processing tar file: %s", errBuff)
+		tarW.CloseWithError(err)
+	}()
+
+	if err := json.NewEncoder(stdin).Encode(options); err != nil {
+		stdin.Close()
+		return nil, errors.Wrap(err, "tar json encode to pipe failed")
+	}
+	stdin.Close()
+
+	return tarR, nil
+}
diff --git a/pkg/chrootarchive/archive_unix_test.go b/pkg/chrootarchive/archive_unix_test.go
new file mode 100644
index 0000000000000..cd557bc5cf99a
--- /dev/null
+++ b/pkg/chrootarchive/archive_unix_test.go
@@ -0,0 +1,174 @@
+//go:build !windows
+// +build !windows
+
+package chrootarchive
+
+import (
+	gotar "archive/tar"
+	"bytes"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/archive"
+	"golang.org/x/sys/unix"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
+)
+
+// Test for CVE-2018-15664
+// Assures that in the case where an "attacker" controlled path is a symlink to
+// some path outside of a container's rootfs that we do not copy data to a
+// container path that will actually overwrite data on the host
+func TestUntarWithMaliciousSymlinks(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+	defer os.RemoveAll(dir)
+
+	root := filepath.Join(dir, "root")
+
+	err = os.MkdirAll(root, 0755)
+	assert.NilError(t, err)
+
+	// Add a file into a directory above root
+	// Ensure that we can't access this file while tarring.
+	err = os.WriteFile(filepath.Join(dir, "host-file"), []byte("I am a host file"), 0644)
+	assert.NilError(t, err)
+
+	// Create some data which which will be copied into the "container" root into
+	// the symlinked path.
+	// Before this change, the copy would overwrite the "host" content.
+	// With this change it should not.
+	data := filepath.Join(dir, "data")
+	err = os.MkdirAll(data, 0755)
+	assert.NilError(t, err)
+	err = os.WriteFile(filepath.Join(data, "local-file"), []byte("pwn3d"), 0644)
+	assert.NilError(t, err)
+
+	safe := filepath.Join(root, "safe")
+	err = unix.Symlink(dir, safe)
+	assert.NilError(t, err)
+
+	rdr, err := archive.TarWithOptions(data, &archive.TarOptions{IncludeFiles: []string{"local-file"}, RebaseNames: map[string]string{"local-file": "host-file"}})
+	assert.NilError(t, err)
+
+	// Use tee to test both the good case and the bad case w/o recreating the archive
+	bufRdr := bytes.NewBuffer(nil)
+	tee := io.TeeReader(rdr, bufRdr)
+
+	err = UntarWithRoot(tee, safe, nil, root)
+	assert.Assert(t, err != nil)
+	assert.ErrorContains(t, err, "open /safe/host-file: no such file or directory")
+
+	// Make sure the "host" file is still in tact
+	// Before the fix the host file would be overwritten
+	hostData, err := os.ReadFile(filepath.Join(dir, "host-file"))
+	assert.NilError(t, err)
+	assert.Equal(t, string(hostData), "I am a host file")
+
+	// Now test by chrooting to an attacker controlled path
+	// This should succeed as is and overwrite a "host" file
+	// Note that this would be a mis-use of this function.
+	err = UntarWithRoot(bufRdr, safe, nil, safe)
+	assert.NilError(t, err)
+
+	hostData, err = os.ReadFile(filepath.Join(dir, "host-file"))
+	assert.NilError(t, err)
+	assert.Equal(t, string(hostData), "pwn3d")
+}
+
+// Test for CVE-2018-15664
+// Assures that in the case where an "attacker" controlled path is a symlink to
+// some path outside of a container's rootfs that we do not unwittingly leak
+// host data into the archive.
+func TestTarWithMaliciousSymlinks(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
+	// defer os.RemoveAll(dir)
+	t.Log(dir)
+
+	root := filepath.Join(dir, "root")
+
+	err = os.MkdirAll(root, 0755)
+	assert.NilError(t, err)
+
+	hostFileData := []byte("I am a host file")
+
+	// Add a file into a directory above root
+	// Ensure that we can't access this file while tarring.
+	err = os.WriteFile(filepath.Join(dir, "host-file"), hostFileData, 0644)
+	assert.NilError(t, err)
+
+	safe := filepath.Join(root, "safe")
+	err = unix.Symlink(dir, safe)
+	assert.NilError(t, err)
+
+	data := filepath.Join(dir, "data")
+	err = os.MkdirAll(data, 0755)
+	assert.NilError(t, err)
+
+	type testCase struct {
+		p        string
+		includes []string
+	}
+
+	cases := []testCase{
+		{p: safe, includes: []string{"host-file"}},
+		{p: safe + "/", includes: []string{"host-file"}},
+		{p: safe, includes: nil},
+		{p: safe + "/", includes: nil},
+		{p: root, includes: []string{"safe/host-file"}},
+		{p: root, includes: []string{"/safe/host-file"}},
+		{p: root, includes: nil},
+	}
+
+	maxBytes := len(hostFileData)
+
+	for _, tc := range cases {
+		t.Run(path.Join(tc.p+"_"+strings.Join(tc.includes, "_")), func(t *testing.T) {
+			// Here if we use archive.TarWithOptions directly or change the "root" parameter
+			// to be the same as "safe", data from the host will be leaked into the archive
+			var opts *archive.TarOptions
+			if tc.includes != nil {
+				opts = &archive.TarOptions{
+					IncludeFiles: tc.includes,
+				}
+			}
+			rdr, err := Tar(tc.p, opts, root)
+			assert.NilError(t, err)
+			defer rdr.Close()
+
+			tr := gotar.NewReader(rdr)
+			assert.Assert(t, !isDataInTar(t, tr, hostFileData, int64(maxBytes)), "host data leaked to archive")
+		})
+	}
+}
+
+func isDataInTar(t *testing.T, tr *gotar.Reader, compare []byte, maxBytes int64) bool {
+	for {
+		h, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		assert.NilError(t, err)
+
+		if h.Size == 0 {
+			continue
+		}
+		assert.Assert(t, h.Size <= maxBytes, "%s: file size exceeds max expected size %d: %d", h.Name, maxBytes, h.Size)
+
+		data := make([]byte, int(h.Size))
+		_, err = io.ReadFull(tr, data)
+		assert.NilError(t, err)
+		if bytes.Contains(data, compare) {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/pkg/chrootarchive/archive_windows.go b/pkg/chrootarchive/archive_windows.go
index f2973132a3916..de87113e95448 100644
--- a/pkg/chrootarchive/archive_windows.go
+++ b/pkg/chrootarchive/archive_windows.go
@@ -14,9 +14,16 @@ func chroot(path string) error {
 
 func invokeUnpack(decompressedArchive io.ReadCloser,
 	dest string,
-	options *archive.TarOptions) error {
+	options *archive.TarOptions, root string) error {
 	// Windows is different to Linux here because Windows does not support
 	// chroot. Hence there is no point sandboxing a chrooted process to
 	// do the unpack. We call inline instead within the daemon process.
 	return archive.Unpack(decompressedArchive, longpath.AddPrefix(dest), options)
 }
+
+func invokePack(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) {
+	// Windows is different to Linux here because Windows does not support
+	// chroot. Hence there is no point sandboxing a chrooted process to
+	// do the pack. We call inline instead within the daemon process.
+	return archive.TarWithOptions(srcPath, options)
+}
diff --git a/pkg/chrootarchive/chroot_linux.go b/pkg/chrootarchive/chroot_linux.go
index 9802fad5145fc..85c291cdb2e91 100644
--- a/pkg/chrootarchive/chroot_linux.go
+++ b/pkg/chrootarchive/chroot_linux.go
@@ -2,12 +2,12 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
-	"github.com/docker/docker/pkg/mount"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"github.com/containerd/containerd/pkg/userns"
+	"github.com/moby/sys/mount"
+	"github.com/moby/sys/mountinfo"
 	"golang.org/x/sys/unix"
 )
 
@@ -19,7 +19,7 @@ import (
 // This is similar to how libcontainer sets up a container's rootfs
 func chroot(path string) (err error) {
 	// if the engine is running in a user namespace we need to use actual chroot
-	if rsystem.RunningInUserNS() {
+	if userns.RunningInUserNS() {
 		return realChroot(path)
 	}
 	if err := unix.Unshare(unix.CLONE_NEWNS); err != nil {
@@ -36,14 +36,14 @@ func chroot(path string) (err error) {
 		return err
 	}
 
-	if mounted, _ := mount.Mounted(path); !mounted {
+	if mounted, _ := mountinfo.Mounted(path); !mounted {
 		if err := mount.Mount(path, path, "bind", "rbind,rw"); err != nil {
 			return realChroot(path)
 		}
 	}
 
 	// setup oldRoot for pivot_root
-	pivotDir, err := ioutil.TempDir(path, ".pivot_root")
+	pivotDir, err := os.MkdirTemp(path, ".pivot_root")
 	if err != nil {
 		return fmt.Errorf("Error setting up pivot dir: %v", err)
 	}
diff --git a/pkg/chrootarchive/chroot_unix.go b/pkg/chrootarchive/chroot_unix.go
index 9a1ee58754900..c35aa9166930c 100644
--- a/pkg/chrootarchive/chroot_unix.go
+++ b/pkg/chrootarchive/chroot_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows && !linux
 // +build !windows,!linux
 
 package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
@@ -10,3 +11,7 @@ func chroot(path string) error {
 	}
 	return unix.Chdir("/")
 }
+
+func realChroot(path string) error {
+	return chroot(path)
+}
diff --git a/pkg/chrootarchive/diff_unix.go b/pkg/chrootarchive/diff_unix.go
index d96a09f8fa7ac..e1bf74d1d5edd 100644
--- a/pkg/chrootarchive/diff_unix.go
+++ b/pkg/chrootarchive/diff_unix.go
@@ -1,4 +1,5 @@
-//+build !windows
+//go:build !windows
+// +build !windows
 
 package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
@@ -8,15 +9,14 @@ import (
 	"flag"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
 
+	"github.com/containerd/containerd/pkg/userns"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/docker/docker/pkg/system"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
 )
 
 type applyLayerResponse struct {
@@ -36,7 +36,7 @@ func applyLayer() {
 	runtime.LockOSThread()
 	flag.Parse()
 
-	inUserns := rsystem.RunningInUserNS()
+	inUserns := userns.RunningInUserNS()
 	if err := chroot(flag.Arg(0)); err != nil {
 		fatal(err)
 	}
@@ -56,7 +56,7 @@ func applyLayer() {
 		options.InUserNS = true
 	}
 
-	if tmpDir, err = ioutil.TempDir("/", "temp-docker-extract"); err != nil {
+	if tmpDir, err = os.MkdirTemp("/", "temp-docker-extract"); err != nil {
 		fatal(err)
 	}
 
@@ -95,7 +95,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions
 	}
 	if options == nil {
 		options = &archive.TarOptions{}
-		if rsystem.RunningInUserNS() {
+		if userns.RunningInUserNS() {
 			options.InUserNS = true
 		}
 	}
diff --git a/pkg/chrootarchive/diff_windows.go b/pkg/chrootarchive/diff_windows.go
index 8f3f3a4a8aae8..f423419d3c8e1 100644
--- a/pkg/chrootarchive/diff_windows.go
+++ b/pkg/chrootarchive/diff_windows.go
@@ -3,7 +3,6 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -30,7 +29,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions
 		layer = decompressed
 	}
 
-	tmpDir, err := ioutil.TempDir(os.Getenv("temp"), "temp-docker-extract")
+	tmpDir, err := os.MkdirTemp(os.Getenv("temp"), "temp-docker-extract")
 	if err != nil {
 		return 0, fmt.Errorf("ApplyLayer failed to create temp-docker-extract under %s. %s", dest, err)
 	}
diff --git a/pkg/chrootarchive/init_unix.go b/pkg/chrootarchive/init_unix.go
index a15e4bb83c40e..0746c1cb97376 100644
--- a/pkg/chrootarchive/init_unix.go
+++ b/pkg/chrootarchive/init_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
@@ -5,7 +6,6 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 
 	"github.com/docker/docker/pkg/reexec"
@@ -14,6 +14,7 @@ import (
 func init() {
 	reexec.Register("docker-applyLayer", applyLayer)
 	reexec.Register("docker-untar", untar)
+	reexec.Register("docker-tar", tar)
 }
 
 func fatal(err error) {
@@ -24,5 +25,5 @@ func fatal(err error) {
 // flush consumes all the bytes from the reader discarding
 // any errors
 func flush(r io.Reader) (bytes int64, err error) {
-	return io.Copy(ioutil.Discard, r)
+	return io.Copy(io.Discard, r)
 }
diff --git a/pkg/containerfs/archiver.go b/pkg/containerfs/archiver.go
index fed0a07d7b9f8..308e2b88d3af1 100644
--- a/pkg/containerfs/archiver.go
+++ b/pkg/containerfs/archiver.go
@@ -89,14 +89,14 @@ func (archiver *Archiver) CopyWithTar(src, dst string) error {
 // CopyFileWithTar emulates the behavior of the 'cp' command-line
 // for a single file. It copies a regular file from path `src` to
 // path `dst`, and preserves all its metadata.
-func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
+func (archiver *Archiver) CopyFileWithTar(src, dst string) (retErr error) {
 	logrus.Debugf("CopyFileWithTar(%s, %s)", src, dst)
 	srcDriver := archiver.SrcDriver
 	dstDriver := archiver.DstDriver
 
-	srcSt, err := srcDriver.Stat(src)
-	if err != nil {
-		return err
+	srcSt, retErr := srcDriver.Stat(src)
+	if retErr != nil {
+		return retErr
 	}
 
 	if srcSt.IsDir() {
@@ -113,7 +113,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
 	// os.MkdirAll on not-Windows and changed for Windows.
 	if dstDriver.OS() == "windows" {
 		// Now we are WCOW
-		if err := system.MkdirAll(filepath.Dir(dst), 0700, ""); err != nil {
+		if err := system.MkdirAll(filepath.Dir(dst), 0700); err != nil {
 			return err
 		}
 	} else {
@@ -168,16 +168,16 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
 		}()
 	}()
 	defer func() {
-		if er := <-errC; err == nil && er != nil {
-			err = er
+		if err := <-errC; retErr == nil && err != nil {
+			retErr = err
 		}
 	}()
 
-	err = archiver.Untar(r, dstDriver.Dir(dst), nil)
-	if err != nil {
-		r.CloseWithError(err)
+	retErr = archiver.Untar(r, dstDriver.Dir(dst), nil)
+	if retErr != nil {
+		r.CloseWithError(retErr)
 	}
-	return err
+	return retErr
 }
 
 // IdentityMapping returns the IdentityMapping of the archiver.
@@ -194,7 +194,7 @@ func remapIDs(idMapping *idtools.IdentityMapping, hdr *tar.Header) error {
 // chmodTarEntry is used to adjust the file permissions used in tar header based
 // on the platform the archival is done.
 func chmodTarEntry(perm os.FileMode) os.FileMode {
-	//perm &= 0755 // this 0-ed out tar flags (like link, regular file, directory marker etc.)
+	// perm &= 0755 // this 0-ed out tar flags (like link, regular file, directory marker etc.)
 	permPart := perm & os.ModePerm
 	noPermPart := perm &^ os.ModePerm
 	// Add the x bit: make everything +x from windows
diff --git a/pkg/containerfs/containerfs.go b/pkg/containerfs/containerfs.go
index 7bb1d8c3697f8..cf2d39c82ea7a 100644
--- a/pkg/containerfs/containerfs.go
+++ b/pkg/containerfs/containerfs.go
@@ -6,7 +6,7 @@ import (
 
 	"github.com/containerd/continuity/driver"
 	"github.com/containerd/continuity/pathdriver"
-	"github.com/docker/docker/pkg/symlink"
+	"github.com/moby/sys/symlink"
 )
 
 // ContainerFS is that represents a root file system
@@ -28,8 +28,7 @@ type ContainerFS interface {
 // Driver combines both continuity's Driver and PathDriver interfaces with a Platform
 // field to determine the OS.
 type Driver interface {
-	// OS returns the OS where the rootfs is located. Essentially,
-	// runtime.GOOS for everything aside from LCOW, which is "linux"
+	// OS returns the OS where the rootfs is located. Essentially, runtime.GOOS.
 	OS() string
 
 	// Architecture returns the hardware architecture where the
diff --git a/pkg/containerfs/containerfs_unix.go b/pkg/containerfs/containerfs_unix.go
index 6a99459517dd8..5a7ab97e58c3f 100644
--- a/pkg/containerfs/containerfs_unix.go
+++ b/pkg/containerfs/containerfs_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package containerfs // import "github.com/docker/docker/pkg/containerfs"
diff --git a/pkg/devicemapper/devmapper.go b/pkg/devicemapper/devmapper.go
index 63243637a77ca..05456c67eeac4 100644
--- a/pkg/devicemapper/devmapper.go
+++ b/pkg/devicemapper/devmapper.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo
 // +build linux,cgo
 
 package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
@@ -14,7 +15,7 @@ import (
 )
 
 // Same as DM_DEVICE_* enum values from libdevmapper.h
-// nolint: deadcode
+//nolint: deadcode,unused,varcheck
 const (
 	deviceCreate TaskType = iota
 	deviceReload
@@ -48,7 +49,6 @@ var (
 	ErrTaskSetName          = errors.New("dm_task_set_name failed")
 	ErrTaskSetMessage       = errors.New("dm_task_set_message failed")
 	ErrTaskSetAddNode       = errors.New("dm_task_set_add_node failed")
-	ErrTaskSetRo            = errors.New("dm_task_set_ro failed")
 	ErrTaskAddTarget        = errors.New("dm_task_add_target failed")
 	ErrTaskSetSector        = errors.New("dm_task_set_sector failed")
 	ErrTaskGetDeps          = errors.New("dm_task_get_deps failed")
@@ -61,13 +61,10 @@ var (
 	ErrUdevWait             = errors.New("wait on udev cookie failed")
 	ErrSetDevDir            = errors.New("dm_set_dev_dir failed")
 	ErrGetLibraryVersion    = errors.New("dm_get_library_version failed")
-	ErrCreateRemoveTask     = errors.New("Can't create task of type deviceRemove")
-	ErrRunRemoveDevice      = errors.New("running RemoveDevice failed")
 	ErrInvalidAddNode       = errors.New("Invalid AddNode type")
 	ErrBusy                 = errors.New("Device is Busy")
 	ErrDeviceIDExists       = errors.New("Device Id Exists")
 	ErrEnxio                = errors.New("No such device or address")
-	ErrEnoData              = errors.New("No data available")
 )
 
 var (
@@ -199,13 +196,6 @@ func (t *Task) setAddNode(addNode AddNodeType) error {
 	return nil
 }
 
-func (t *Task) setRo() error {
-	if res := DmTaskSetRo(t.unmanaged); res != 1 {
-		return ErrTaskSetRo
-	}
-	return nil
-}
-
 func (t *Task) addTarget(start, size uint64, ttype, params string) error {
 	if res := DmTaskAddTarget(t.unmanaged, start, size,
 		ttype, params); res != 1 {
@@ -391,7 +381,7 @@ func CancelDeferredRemove(deviceName string) error {
 		return fmt.Errorf("devicemapper: Can't set sector %s", err)
 	}
 
-	if err := task.setMessage(fmt.Sprintf("@cancel_deferred_remove")); err != nil {
+	if err := task.setMessage("@cancel_deferred_remove"); err != nil {
 		return fmt.Errorf("devicemapper: Can't set message %s", err)
 	}
 
diff --git a/pkg/devicemapper/devmapper_log.go b/pkg/devicemapper/devmapper_log.go
index 5a5773d44f71b..aa47368258dcf 100644
--- a/pkg/devicemapper/devmapper_log.go
+++ b/pkg/devicemapper/devmapper_log.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo
 // +build linux,cgo
 
 package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
diff --git a/pkg/devicemapper/devmapper_wrapper.go b/pkg/devicemapper/devmapper_wrapper.go
index 0b88f49695cab..103d54e7d56ff 100644
--- a/pkg/devicemapper/devmapper_wrapper.go
+++ b/pkg/devicemapper/devmapper_wrapper.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo
 // +build linux,cgo
 
 package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
@@ -74,7 +75,6 @@ var (
 	DmTaskSetCookie           = dmTaskSetCookieFct
 	DmTaskSetMessage          = dmTaskSetMessageFct
 	DmTaskSetName             = dmTaskSetNameFct
-	DmTaskSetRo               = dmTaskSetRoFct
 	DmTaskSetSector           = dmTaskSetSectorFct
 	DmUdevWait                = dmUdevWaitFct
 	DmUdevSetSyncSupport      = dmUdevSetSyncSupportFct
@@ -132,10 +132,6 @@ func dmTaskSetAddNodeFct(task *cdmTask, addNode AddNodeType) int {
 	return int(C.dm_task_set_add_node((*C.struct_dm_task)(task), C.dm_add_node_t(addNode)))
 }
 
-func dmTaskSetRoFct(task *cdmTask) int {
-	return int(C.dm_task_set_ro((*C.struct_dm_task)(task)))
-}
-
 func dmTaskAddTargetFct(task *cdmTask,
 	start, size uint64, ttype, params string) int {
 
@@ -155,12 +151,11 @@ func dmTaskGetDepsFct(task *cdmTask) *Deps {
 	}
 
 	// golang issue: https://github.com/golang/go/issues/11925
-	hdr := reflect.SliceHeader{
-		Data: uintptr(unsafe.Pointer(uintptr(unsafe.Pointer(Cdeps)) + unsafe.Sizeof(*Cdeps))),
-		Len:  int(Cdeps.count),
-		Cap:  int(Cdeps.count),
-	}
-	devices := *(*[]C.uint64_t)(unsafe.Pointer(&hdr))
+	var devices []C.uint64_t
+	devicesHdr := (*reflect.SliceHeader)(unsafe.Pointer(&devices))
+	devicesHdr.Data = uintptr(unsafe.Pointer(uintptr(unsafe.Pointer(Cdeps)) + unsafe.Sizeof(*Cdeps)))
+	devicesHdr.Len = int(Cdeps.count)
+	devicesHdr.Cap = int(Cdeps.count)
 
 	deps := &Deps{
 		Count:  uint32(Cdeps.count),
@@ -211,6 +206,7 @@ func dmGetNextTargetFct(task *cdmTask, next unsafe.Pointer, start, length *uint6
 		*params = C.GoString(Cparams)
 	}()
 
+	//lint:ignore SA4000 false positive on (identical expressions on the left and right side of the '==' operator) (staticcheck)
 	nextp := C.dm_get_next_target((*C.struct_dm_task)(task), next, &Cstart, &Clength, &CtargetType, &Cparams)
 	return nextp
 }
diff --git a/pkg/devicemapper/devmapper_wrapper_dynamic.go b/pkg/devicemapper/devmapper_wrapper_dynamic.go
index 8a1098f7d5861..a702cd540ae35 100644
--- a/pkg/devicemapper/devmapper_wrapper_dynamic.go
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo && !static_build
 // +build linux,cgo,!static_build
 
 package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
diff --git a/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
index 3d3021c4e119a..4bfbd01aa8037 100644
--- a/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
@@ -1,5 +1,5 @@
-// +build linux,cgo,!static_build
-// +build !libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
+//go:build linux && cgo && !static_build && !libdm_dlsym_deferred_remove && !libdm_no_deferred_remove
+// +build linux,cgo,!static_build,!libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
 
 package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
diff --git a/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
index 5dfb369f1ff85..6db3388c5c2ae 100644
--- a/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
@@ -1,5 +1,5 @@
-// +build linux,cgo,!static_build
-// +build libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
+//go:build linux && cgo && !static_build && libdm_dlsym_deferred_remove && !libdm_no_deferred_remove
+// +build linux,cgo,!static_build,libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
 
 package devicemapper
 
diff --git a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
index 8889f0f46fe43..f1aee1abccebd 100644
--- a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
+++ b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
@@ -1,5 +1,5 @@
-// +build linux,cgo
-// +build !libdm_dlsym_deferred_remove,libdm_no_deferred_remove
+//go:build linux && cgo && !libdm_dlsym_deferred_remove && libdm_no_deferred_remove
+// +build linux,cgo,!libdm_dlsym_deferred_remove,libdm_no_deferred_remove
 
 package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
diff --git a/pkg/devicemapper/ioctl.go b/pkg/devicemapper/ioctl.go
index ec5a0b33bacd3..508f477d05c52 100644
--- a/pkg/devicemapper/ioctl.go
+++ b/pkg/devicemapper/ioctl.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo
 // +build linux,cgo
 
 package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
diff --git a/pkg/directory/directory.go b/pkg/directory/directory.go
index 51d4a6ea2266f..71e8cfee773e0 100644
--- a/pkg/directory/directory.go
+++ b/pkg/directory/directory.go
@@ -1,7 +1,6 @@
 package directory // import "github.com/docker/docker/pkg/directory"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 )
@@ -9,7 +8,7 @@ import (
 // MoveToSubdir moves all contents of a directory to a subdirectory underneath the original path
 func MoveToSubdir(oldpath, subdir string) error {
 
-	infos, err := ioutil.ReadDir(oldpath)
+	infos, err := os.ReadDir(oldpath)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/directory/directory_test.go b/pkg/directory/directory_test.go
index ea62bdf2363e5..8477a202fecb7 100644
--- a/pkg/directory/directory_test.go
+++ b/pkg/directory/directory_test.go
@@ -2,7 +2,6 @@ package directory // import "github.com/docker/docker/pkg/directory"
 
 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -14,7 +13,7 @@ import (
 func TestSizeEmpty(t *testing.T) {
 	var dir string
 	var err error
-	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeEmptyDirectory"); err != nil {
+	if dir, err = os.MkdirTemp(os.TempDir(), "testSizeEmptyDirectory"); err != nil {
 		t.Fatalf("failed to create directory: %s", err)
 	}
 
@@ -28,12 +27,12 @@ func TestSizeEmpty(t *testing.T) {
 func TestSizeEmptyFile(t *testing.T) {
 	var dir string
 	var err error
-	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeEmptyFile"); err != nil {
+	if dir, err = os.MkdirTemp(os.TempDir(), "testSizeEmptyFile"); err != nil {
 		t.Fatalf("failed to create directory: %s", err)
 	}
 
 	var file *os.File
-	if file, err = ioutil.TempFile(dir, "file"); err != nil {
+	if file, err = os.CreateTemp(dir, "file"); err != nil {
 		t.Fatalf("failed to create file: %s", err)
 	}
 
@@ -47,12 +46,12 @@ func TestSizeEmptyFile(t *testing.T) {
 func TestSizeNonemptyFile(t *testing.T) {
 	var dir string
 	var err error
-	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeNonemptyFile"); err != nil {
+	if dir, err = os.MkdirTemp(os.TempDir(), "testSizeNonemptyFile"); err != nil {
 		t.Fatalf("failed to create directory: %s", err)
 	}
 
 	var file *os.File
-	if file, err = ioutil.TempFile(dir, "file"); err != nil {
+	if file, err = os.CreateTemp(dir, "file"); err != nil {
 		t.Fatalf("failed to create file: %s", err)
 	}
 
@@ -69,10 +68,10 @@ func TestSizeNonemptyFile(t *testing.T) {
 func TestSizeNestedDirectoryEmpty(t *testing.T) {
 	var dir string
 	var err error
-	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeNestedDirectoryEmpty"); err != nil {
+	if dir, err = os.MkdirTemp(os.TempDir(), "testSizeNestedDirectoryEmpty"); err != nil {
 		t.Fatalf("failed to create directory: %s", err)
 	}
-	if dir, err = ioutil.TempDir(dir, "nested"); err != nil {
+	if dir, err = os.MkdirTemp(dir, "nested"); err != nil {
 		t.Fatalf("failed to create nested directory: %s", err)
 	}
 
@@ -86,15 +85,15 @@ func TestSizeNestedDirectoryEmpty(t *testing.T) {
 func TestSizeFileAndNestedDirectoryEmpty(t *testing.T) {
 	var dir string
 	var err error
-	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeFileAndNestedDirectoryEmpty"); err != nil {
+	if dir, err = os.MkdirTemp(os.TempDir(), "testSizeFileAndNestedDirectoryEmpty"); err != nil {
 		t.Fatalf("failed to create directory: %s", err)
 	}
-	if dir, err = ioutil.TempDir(dir, "nested"); err != nil {
+	if dir, err = os.MkdirTemp(dir, "nested"); err != nil {
 		t.Fatalf("failed to create nested directory: %s", err)
 	}
 
 	var file *os.File
-	if file, err = ioutil.TempFile(dir, "file"); err != nil {
+	if file, err = os.CreateTemp(dir, "file"); err != nil {
 		t.Fatalf("failed to create file: %s", err)
 	}
 
@@ -111,15 +110,15 @@ func TestSizeFileAndNestedDirectoryEmpty(t *testing.T) {
 func TestSizeFileAndNestedDirectoryNonempty(t *testing.T) {
 	var dir, dirNested string
 	var err error
-	if dir, err = ioutil.TempDir(os.TempDir(), "TestSizeFileAndNestedDirectoryNonempty"); err != nil {
+	if dir, err = os.MkdirTemp(os.TempDir(), "TestSizeFileAndNestedDirectoryNonempty"); err != nil {
 		t.Fatalf("failed to create directory: %s", err)
 	}
-	if dirNested, err = ioutil.TempDir(dir, "nested"); err != nil {
+	if dirNested, err = os.MkdirTemp(dir, "nested"); err != nil {
 		t.Fatalf("failed to create nested directory: %s", err)
 	}
 
 	var file *os.File
-	if file, err = ioutil.TempFile(dir, "file"); err != nil {
+	if file, err = os.CreateTemp(dir, "file"); err != nil {
 		t.Fatalf("failed to create file: %s", err)
 	}
 
@@ -127,7 +126,7 @@ func TestSizeFileAndNestedDirectoryNonempty(t *testing.T) {
 	file.Write(data)
 
 	var nestedFile *os.File
-	if nestedFile, err = ioutil.TempFile(dirNested, "file"); err != nil {
+	if nestedFile, err = os.CreateTemp(dirNested, "file"); err != nil {
 		t.Fatalf("failed to create file in nested directory: %s", err)
 	}
 
@@ -145,11 +144,11 @@ func TestMoveToSubdir(t *testing.T) {
 	var outerDir, subDir string
 	var err error
 
-	if outerDir, err = ioutil.TempDir(os.TempDir(), "TestMoveToSubdir"); err != nil {
+	if outerDir, err = os.MkdirTemp(os.TempDir(), "TestMoveToSubdir"); err != nil {
 		t.Fatalf("failed to create directory: %v", err)
 	}
 
-	if subDir, err = ioutil.TempDir(outerDir, "testSub"); err != nil {
+	if subDir, err = os.MkdirTemp(outerDir, "testSub"); err != nil {
 		t.Fatalf("failed to create subdirectory: %v", err)
 	}
 
@@ -168,7 +167,7 @@ func TestMoveToSubdir(t *testing.T) {
 		t.Fatalf("Error during migration of content to subdirectory: %v", err)
 	}
 	// validate that the files were moved to the subdirectory
-	infos, err := ioutil.ReadDir(subDir)
+	infos, err := os.ReadDir(subDir)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -179,7 +178,7 @@ func TestMoveToSubdir(t *testing.T) {
 	for _, info := range infos {
 		results = append(results, info.Name())
 	}
-	sort.Sort(sort.StringSlice(results))
+	sort.Strings(results)
 	if !reflect.DeepEqual(filesList, results) {
 		t.Fatalf("Results after migration do not equal list of files: expected: %v, got: %v", filesList, results)
 	}
diff --git a/pkg/directory/directory_unix.go b/pkg/directory/directory_unix.go
index f56dd7a8f9dc5..eeedff18a4655 100644
--- a/pkg/directory/directory_unix.go
+++ b/pkg/directory/directory_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd || darwin
 // +build linux freebsd darwin
 
 package directory // import "github.com/docker/docker/pkg/directory"
diff --git a/pkg/discovery/discovery_test.go b/pkg/discovery/discovery_test.go
index ffe8cb9122fa6..ffd9b29352c6b 100644
--- a/pkg/discovery/discovery_test.go
+++ b/pkg/discovery/discovery_test.go
@@ -3,109 +3,107 @@ package discovery // import "github.com/docker/docker/pkg/discovery"
 import (
 	"testing"
 
-	"github.com/go-check/check"
+	"github.com/docker/docker/internal/test/suite"
+	"gotest.tools/v3/assert"
 )
 
 // Hook up gocheck into the "go test" runner.
-func Test(t *testing.T) { check.TestingT(t) }
+func Test(t *testing.T) {
+	suite.Run(t, &DiscoverySuite{})
+}
 
 type DiscoverySuite struct{}
 
-var _ = check.Suite(&DiscoverySuite{})
-
-func (s *DiscoverySuite) TestNewEntry(c *check.C) {
+func (s *DiscoverySuite) TestNewEntry(c *testing.T) {
 	entry, err := NewEntry("127.0.0.1:2375")
-	c.Assert(err, check.IsNil)
-	c.Assert(entry.Equals(&Entry{Host: "127.0.0.1", Port: "2375"}), check.Equals, true)
-	c.Assert(entry.String(), check.Equals, "127.0.0.1:2375")
+	assert.Assert(c, err == nil)
+	assert.Equal(c, entry.Equals(&Entry{Host: "127.0.0.1", Port: "2375"}), true)
+	assert.Equal(c, entry.String(), "127.0.0.1:2375")
 
 	entry, err = NewEntry("[2001:db8:0:f101::2]:2375")
-	c.Assert(err, check.IsNil)
-	c.Assert(entry.Equals(&Entry{Host: "2001:db8:0:f101::2", Port: "2375"}), check.Equals, true)
-	c.Assert(entry.String(), check.Equals, "[2001:db8:0:f101::2]:2375")
+	assert.Assert(c, err == nil)
+	assert.Equal(c, entry.Equals(&Entry{Host: "2001:db8:0:f101::2", Port: "2375"}), true)
+	assert.Equal(c, entry.String(), "[2001:db8:0:f101::2]:2375")
 
 	_, err = NewEntry("127.0.0.1")
-	c.Assert(err, check.NotNil)
+	assert.Assert(c, err != nil)
 }
 
-func (s *DiscoverySuite) TestParse(c *check.C) {
+func (s *DiscoverySuite) TestParse(c *testing.T) {
 	scheme, uri := parse("127.0.0.1:2375")
-	c.Assert(scheme, check.Equals, "nodes")
-	c.Assert(uri, check.Equals, "127.0.0.1:2375")
+	assert.Equal(c, scheme, "nodes")
+	assert.Equal(c, uri, "127.0.0.1:2375")
 
 	scheme, uri = parse("localhost:2375")
-	c.Assert(scheme, check.Equals, "nodes")
-	c.Assert(uri, check.Equals, "localhost:2375")
+	assert.Equal(c, scheme, "nodes")
+	assert.Equal(c, uri, "localhost:2375")
 
 	scheme, uri = parse("scheme://127.0.0.1:2375")
-	c.Assert(scheme, check.Equals, "scheme")
-	c.Assert(uri, check.Equals, "127.0.0.1:2375")
+	assert.Equal(c, scheme, "scheme")
+	assert.Equal(c, uri, "127.0.0.1:2375")
 
 	scheme, uri = parse("scheme://localhost:2375")
-	c.Assert(scheme, check.Equals, "scheme")
-	c.Assert(uri, check.Equals, "localhost:2375")
+	assert.Equal(c, scheme, "scheme")
+	assert.Equal(c, uri, "localhost:2375")
 
 	scheme, uri = parse("")
-	c.Assert(scheme, check.Equals, "nodes")
-	c.Assert(uri, check.Equals, "")
+	assert.Equal(c, scheme, "nodes")
+	assert.Equal(c, uri, "")
 }
 
-func (s *DiscoverySuite) TestCreateEntries(c *check.C) {
+func (s *DiscoverySuite) TestCreateEntries(c *testing.T) {
 	entries, err := CreateEntries(nil)
-	c.Assert(entries, check.DeepEquals, Entries{})
-	c.Assert(err, check.IsNil)
+	assert.DeepEqual(c, entries, Entries{})
+	assert.Assert(c, err == nil)
 
 	entries, err = CreateEntries([]string{"127.0.0.1:2375", "127.0.0.2:2375", "[2001:db8:0:f101::2]:2375", ""})
-	c.Assert(err, check.IsNil)
+	assert.Assert(c, err == nil)
 	expected := Entries{
 		&Entry{Host: "127.0.0.1", Port: "2375"},
 		&Entry{Host: "127.0.0.2", Port: "2375"},
 		&Entry{Host: "2001:db8:0:f101::2", Port: "2375"},
 	}
-	c.Assert(entries.Equals(expected), check.Equals, true)
+	assert.Equal(c, entries.Equals(expected), true)
 
 	_, err = CreateEntries([]string{"127.0.0.1", "127.0.0.2"})
-	c.Assert(err, check.NotNil)
+	assert.Assert(c, err != nil)
 }
 
-func (s *DiscoverySuite) TestContainsEntry(c *check.C) {
+func (s *DiscoverySuite) TestContainsEntry(c *testing.T) {
 	entries, err := CreateEntries([]string{"127.0.0.1:2375", "127.0.0.2:2375", ""})
-	c.Assert(err, check.IsNil)
-	c.Assert(entries.Contains(&Entry{Host: "127.0.0.1", Port: "2375"}), check.Equals, true)
-	c.Assert(entries.Contains(&Entry{Host: "127.0.0.3", Port: "2375"}), check.Equals, false)
+	assert.Assert(c, err == nil)
+	assert.Equal(c, entries.Contains(&Entry{Host: "127.0.0.1", Port: "2375"}), true)
+	assert.Equal(c, entries.Contains(&Entry{Host: "127.0.0.3", Port: "2375"}), false)
 }
 
-func (s *DiscoverySuite) TestEntriesEquality(c *check.C) {
+func (s *DiscoverySuite) TestEntriesEquality(c *testing.T) {
 	entries := Entries{
 		&Entry{Host: "127.0.0.1", Port: "2375"},
 		&Entry{Host: "127.0.0.2", Port: "2375"},
 	}
 
 	// Same
-	c.Assert(entries.Equals(Entries{
+	assert.Assert(c, entries.Equals(Entries{
 		&Entry{Host: "127.0.0.1", Port: "2375"},
 		&Entry{Host: "127.0.0.2", Port: "2375"},
-	}), check.
-		Equals, true)
+	}))
 
 	// Different size
-	c.Assert(entries.Equals(Entries{
+	assert.Assert(c, !entries.Equals(Entries{
 		&Entry{Host: "127.0.0.1", Port: "2375"},
 		&Entry{Host: "127.0.0.2", Port: "2375"},
 		&Entry{Host: "127.0.0.3", Port: "2375"},
-	}), check.
-		Equals, false)
+	}))
 
 	// Different content
-	c.Assert(entries.Equals(Entries{
+	assert.Assert(c, !entries.Equals(Entries{
 		&Entry{Host: "127.0.0.1", Port: "2375"},
 		&Entry{Host: "127.0.0.42", Port: "2375"},
-	}), check.
-		Equals, false)
+	}))
 
 }
 
-func (s *DiscoverySuite) TestEntriesDiff(c *check.C) {
+func (s *DiscoverySuite) TestEntriesDiff(c *testing.T) {
 	entry1 := &Entry{Host: "1.1.1.1", Port: "1111"}
 	entry2 := &Entry{Host: "2.2.2.2", Port: "2222"}
 	entry3 := &Entry{Host: "3.3.3.3", Port: "3333"}
@@ -113,25 +111,25 @@ func (s *DiscoverySuite) TestEntriesDiff(c *check.C) {
 
 	// No diff
 	added, removed := entries.Diff(Entries{entry2, entry1})
-	c.Assert(added, check.HasLen, 0)
-	c.Assert(removed, check.HasLen, 0)
+	assert.Equal(c, len(added), 0)
+	assert.Equal(c, len(removed), 0)
 
 	// Add
 	added, removed = entries.Diff(Entries{entry2, entry3, entry1})
-	c.Assert(added, check.HasLen, 1)
-	c.Assert(added.Contains(entry3), check.Equals, true)
-	c.Assert(removed, check.HasLen, 0)
+	assert.Equal(c, len(added), 1)
+	assert.Equal(c, added.Contains(entry3), true)
+	assert.Equal(c, len(removed), 0)
 
 	// Remove
 	added, removed = entries.Diff(Entries{entry2})
-	c.Assert(added, check.HasLen, 0)
-	c.Assert(removed, check.HasLen, 1)
-	c.Assert(removed.Contains(entry1), check.Equals, true)
+	assert.Equal(c, len(added), 0)
+	assert.Equal(c, len(removed), 1)
+	assert.Equal(c, removed.Contains(entry1), true)
 
 	// Add and remove
 	added, removed = entries.Diff(Entries{entry1, entry3})
-	c.Assert(added, check.HasLen, 1)
-	c.Assert(added.Contains(entry3), check.Equals, true)
-	c.Assert(removed, check.HasLen, 1)
-	c.Assert(removed.Contains(entry2), check.Equals, true)
+	assert.Equal(c, len(added), 1)
+	assert.Equal(c, added.Contains(entry3), true)
+	assert.Equal(c, len(removed), 1)
+	assert.Equal(c, removed.Contains(entry2), true)
 }
diff --git a/pkg/discovery/file/file.go b/pkg/discovery/file/file.go
index 1494af485fe19..49662d15fe5cf 100644
--- a/pkg/discovery/file/file.go
+++ b/pkg/discovery/file/file.go
@@ -2,7 +2,7 @@ package file // import "github.com/docker/docker/pkg/discovery/file"
 
 import (
 	"fmt"
-	"io/ioutil"
+	"os"
 	"strings"
 	"time"
 
@@ -51,7 +51,7 @@ func parseFileContent(content []byte) []string {
 }
 
 func (s *Discovery) fetch() (discovery.Entries, error) {
-	fileContent, err := ioutil.ReadFile(s.path)
+	fileContent, err := os.ReadFile(s.path)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read '%s': %v", s.path, err)
 	}
@@ -60,8 +60,8 @@ func (s *Discovery) fetch() (discovery.Entries, error) {
 
 // Watch is exported
 func (s *Discovery) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
-	ch := make(chan discovery.Entries)
-	errCh := make(chan error)
+	ch := make(chan discovery.Entries, 1)
+	errCh := make(chan error, 1)
 	ticker := time.NewTicker(s.heartbeat)
 
 	go func() {
diff --git a/pkg/discovery/file/file_test.go b/pkg/discovery/file/file_test.go
index 010e941c2ac3f..fdd5715a51ab8 100644
--- a/pkg/discovery/file/file_test.go
+++ b/pkg/discovery/file/file_test.go
@@ -1,54 +1,53 @@
 package file // import "github.com/docker/docker/pkg/discovery/file"
 
 import (
-	"io/ioutil"
 	"os"
 	"testing"
 
+	"github.com/docker/docker/internal/test/suite"
 	"github.com/docker/docker/pkg/discovery"
-
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // Hook up gocheck into the "go test" runner.
-func Test(t *testing.T) { check.TestingT(t) }
+func Test(t *testing.T) {
+	suite.Run(t, &DiscoverySuite{})
+}
 
 type DiscoverySuite struct{}
 
-var _ = check.Suite(&DiscoverySuite{})
-
-func (s *DiscoverySuite) TestInitialize(c *check.C) {
+func (s *DiscoverySuite) TestInitialize(c *testing.T) {
 	d := &Discovery{}
 	d.Initialize("/path/to/file", 1000, 0, nil)
-	c.Assert(d.path, check.Equals, "/path/to/file")
+	assert.Equal(c, d.path, "/path/to/file")
 }
 
-func (s *DiscoverySuite) TestNew(c *check.C) {
+func (s *DiscoverySuite) TestNew(c *testing.T) {
 	d, err := discovery.New("file:///path/to/file", 0, 0, nil)
-	c.Assert(err, check.IsNil)
-	c.Assert(d.(*Discovery).path, check.Equals, "/path/to/file")
+	assert.Assert(c, err == nil)
+	assert.Equal(c, d.(*Discovery).path, "/path/to/file")
 }
 
-func (s *DiscoverySuite) TestContent(c *check.C) {
+func (s *DiscoverySuite) TestContent(c *testing.T) {
 	data := `
 1.1.1.[1:2]:1111
 2.2.2.[2:4]:2222
 `
 	ips := parseFileContent([]byte(data))
-	c.Assert(ips, check.HasLen, 5)
-	c.Assert(ips[0], check.Equals, "1.1.1.1:1111")
-	c.Assert(ips[1], check.Equals, "1.1.1.2:1111")
-	c.Assert(ips[2], check.Equals, "2.2.2.2:2222")
-	c.Assert(ips[3], check.Equals, "2.2.2.3:2222")
-	c.Assert(ips[4], check.Equals, "2.2.2.4:2222")
+	assert.Equal(c, len(ips), 5)
+	assert.Equal(c, ips[0], "1.1.1.1:1111")
+	assert.Equal(c, ips[1], "1.1.1.2:1111")
+	assert.Equal(c, ips[2], "2.2.2.2:2222")
+	assert.Equal(c, ips[3], "2.2.2.3:2222")
+	assert.Equal(c, ips[4], "2.2.2.4:2222")
 }
 
-func (s *DiscoverySuite) TestRegister(c *check.C) {
+func (s *DiscoverySuite) TestRegister(c *testing.T) {
 	discovery := &Discovery{path: "/path/to/file"}
-	c.Assert(discovery.Register("0.0.0.0"), check.NotNil)
+	assert.Assert(c, discovery.Register("0.0.0.0") != nil)
 }
 
-func (s *DiscoverySuite) TestParsingContentsWithComments(c *check.C) {
+func (s *DiscoverySuite) TestParsingContentsWithComments(c *testing.T) {
 	data := `
 ### test ###
 1.1.1.1:1111 # inline comment
@@ -58,12 +57,12 @@ func (s *DiscoverySuite) TestParsingContentsWithComments(c *check.C) {
 ### test ###
 `
 	ips := parseFileContent([]byte(data))
-	c.Assert(ips, check.HasLen, 2)
-	c.Assert("1.1.1.1:1111", check.Equals, ips[0])
-	c.Assert("3.3.3.3:3333", check.Equals, ips[1])
+	assert.Equal(c, len(ips), 2)
+	assert.Equal(c, "1.1.1.1:1111", ips[0])
+	assert.Equal(c, "3.3.3.3:3333", ips[1])
 }
 
-func (s *DiscoverySuite) TestWatch(c *check.C) {
+func (s *DiscoverySuite) TestWatch(c *testing.T) {
 	data := `
 1.1.1.1:1111
 2.2.2.2:2222
@@ -74,10 +73,10 @@ func (s *DiscoverySuite) TestWatch(c *check.C) {
 	}
 
 	// Create a temporary file and remove it.
-	tmp, err := ioutil.TempFile(os.TempDir(), "discovery-file-test")
-	c.Assert(err, check.IsNil)
-	c.Assert(tmp.Close(), check.IsNil)
-	c.Assert(os.Remove(tmp.Name()), check.IsNil)
+	tmp, err := os.CreateTemp(os.TempDir(), "discovery-file-test")
+	assert.Assert(c, err == nil)
+	assert.Assert(c, tmp.Close() == nil)
+	assert.Assert(c, os.Remove(tmp.Name()) == nil)
 
 	// Set up file discovery.
 	d := &Discovery{}
@@ -86,7 +85,7 @@ func (s *DiscoverySuite) TestWatch(c *check.C) {
 	ch, errCh := d.Watch(stopCh)
 
 	// Make sure it fires errors since the file doesn't exist.
-	c.Assert(<-errCh, check.NotNil)
+	assert.Assert(c, <-errCh != nil)
 	// We have to drain the error channel otherwise Watch will get stuck.
 	go func() {
 		for range errCh {
@@ -94,21 +93,21 @@ func (s *DiscoverySuite) TestWatch(c *check.C) {
 	}()
 
 	// Write the file and make sure we get the expected value back.
-	c.Assert(ioutil.WriteFile(tmp.Name(), []byte(data), 0600), check.IsNil)
-	c.Assert(<-ch, check.DeepEquals, expected)
+	assert.Assert(c, os.WriteFile(tmp.Name(), []byte(data), 0600) == nil)
+	assert.DeepEqual(c, <-ch, expected)
 
 	// Add a new entry and look it up.
 	expected = append(expected, &discovery.Entry{Host: "3.3.3.3", Port: "3333"})
 	f, err := os.OpenFile(tmp.Name(), os.O_APPEND|os.O_WRONLY, 0600)
-	c.Assert(err, check.IsNil)
-	c.Assert(f, check.NotNil)
+	assert.Assert(c, err == nil)
+	assert.Assert(c, f != nil)
 	_, err = f.WriteString("\n3.3.3.3:3333\n")
-	c.Assert(err, check.IsNil)
+	assert.Assert(c, err == nil)
 	f.Close()
-	c.Assert(<-ch, check.DeepEquals, expected)
+	assert.DeepEqual(c, <-ch, expected)
 
 	// Stop and make sure it closes all channels.
 	close(stopCh)
-	c.Assert(<-ch, check.IsNil)
-	c.Assert(<-errCh, check.IsNil)
+	assert.Assert(c, <-ch == nil)
+	assert.Assert(c, <-errCh == nil)
 }
diff --git a/pkg/discovery/generator_test.go b/pkg/discovery/generator_test.go
index 5126df576e8a4..e4d79629a16a9 100644
--- a/pkg/discovery/generator_test.go
+++ b/pkg/discovery/generator_test.go
@@ -1,53 +1,54 @@
 package discovery // import "github.com/docker/docker/pkg/discovery"
-
 import (
-	"github.com/go-check/check"
+	"testing"
+
+	"gotest.tools/v3/assert"
 )
 
-func (s *DiscoverySuite) TestGeneratorNotGenerate(c *check.C) {
+func (s *DiscoverySuite) TestGeneratorNotGenerate(c *testing.T) {
 	ips := Generate("127.0.0.1")
-	c.Assert(len(ips), check.Equals, 1)
-	c.Assert(ips[0], check.Equals, "127.0.0.1")
+	assert.Equal(c, len(ips), 1)
+	assert.Equal(c, ips[0], "127.0.0.1")
 }
 
-func (s *DiscoverySuite) TestGeneratorWithPortNotGenerate(c *check.C) {
+func (s *DiscoverySuite) TestGeneratorWithPortNotGenerate(c *testing.T) {
 	ips := Generate("127.0.0.1:8080")
-	c.Assert(len(ips), check.Equals, 1)
-	c.Assert(ips[0], check.Equals, "127.0.0.1:8080")
+	assert.Equal(c, len(ips), 1)
+	assert.Equal(c, ips[0], "127.0.0.1:8080")
 }
 
-func (s *DiscoverySuite) TestGeneratorMatchFailedNotGenerate(c *check.C) {
+func (s *DiscoverySuite) TestGeneratorMatchFailedNotGenerate(c *testing.T) {
 	ips := Generate("127.0.0.[1]")
-	c.Assert(len(ips), check.Equals, 1)
-	c.Assert(ips[0], check.Equals, "127.0.0.[1]")
+	assert.Equal(c, len(ips), 1)
+	assert.Equal(c, ips[0], "127.0.0.[1]")
 }
 
-func (s *DiscoverySuite) TestGeneratorWithPort(c *check.C) {
+func (s *DiscoverySuite) TestGeneratorWithPort(c *testing.T) {
 	ips := Generate("127.0.0.[1:11]:2375")
-	c.Assert(len(ips), check.Equals, 11)
-	c.Assert(ips[0], check.Equals, "127.0.0.1:2375")
-	c.Assert(ips[1], check.Equals, "127.0.0.2:2375")
-	c.Assert(ips[2], check.Equals, "127.0.0.3:2375")
-	c.Assert(ips[3], check.Equals, "127.0.0.4:2375")
-	c.Assert(ips[4], check.Equals, "127.0.0.5:2375")
-	c.Assert(ips[5], check.Equals, "127.0.0.6:2375")
-	c.Assert(ips[6], check.Equals, "127.0.0.7:2375")
-	c.Assert(ips[7], check.Equals, "127.0.0.8:2375")
-	c.Assert(ips[8], check.Equals, "127.0.0.9:2375")
-	c.Assert(ips[9], check.Equals, "127.0.0.10:2375")
-	c.Assert(ips[10], check.Equals, "127.0.0.11:2375")
+	assert.Equal(c, len(ips), 11)
+	assert.Equal(c, ips[0], "127.0.0.1:2375")
+	assert.Equal(c, ips[1], "127.0.0.2:2375")
+	assert.Equal(c, ips[2], "127.0.0.3:2375")
+	assert.Equal(c, ips[3], "127.0.0.4:2375")
+	assert.Equal(c, ips[4], "127.0.0.5:2375")
+	assert.Equal(c, ips[5], "127.0.0.6:2375")
+	assert.Equal(c, ips[6], "127.0.0.7:2375")
+	assert.Equal(c, ips[7], "127.0.0.8:2375")
+	assert.Equal(c, ips[8], "127.0.0.9:2375")
+	assert.Equal(c, ips[9], "127.0.0.10:2375")
+	assert.Equal(c, ips[10], "127.0.0.11:2375")
 }
 
-func (s *DiscoverySuite) TestGenerateWithMalformedInputAtRangeStart(c *check.C) {
+func (s *DiscoverySuite) TestGenerateWithMalformedInputAtRangeStart(c *testing.T) {
 	malformedInput := "127.0.0.[x:11]:2375"
 	ips := Generate(malformedInput)
-	c.Assert(len(ips), check.Equals, 1)
-	c.Assert(ips[0], check.Equals, malformedInput)
+	assert.Equal(c, len(ips), 1)
+	assert.Equal(c, ips[0], malformedInput)
 }
 
-func (s *DiscoverySuite) TestGenerateWithMalformedInputAtRangeEnd(c *check.C) {
+func (s *DiscoverySuite) TestGenerateWithMalformedInputAtRangeEnd(c *testing.T) {
 	malformedInput := "127.0.0.[1:x]:2375"
 	ips := Generate(malformedInput)
-	c.Assert(len(ips), check.Equals, 1)
-	c.Assert(ips[0], check.Equals, malformedInput)
+	assert.Equal(c, len(ips), 1)
+	assert.Equal(c, ips[0], malformedInput)
 }
diff --git a/pkg/discovery/kv/kv_test.go b/pkg/discovery/kv/kv_test.go
index 79fd91c61fb7f..a944e3cf3c7a7 100644
--- a/pkg/discovery/kv/kv_test.go
+++ b/pkg/discovery/kv/kv_test.go
@@ -2,26 +2,26 @@ package kv // import "github.com/docker/docker/pkg/discovery/kv"
 
 import (
 	"errors"
-	"io/ioutil"
 	"os"
 	"path"
 	"testing"
 	"time"
 
+	"github.com/docker/docker/internal/test/suite"
 	"github.com/docker/docker/pkg/discovery"
 	"github.com/docker/libkv"
 	"github.com/docker/libkv/store"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // Hook up gocheck into the "go test" runner.
-func Test(t *testing.T) { check.TestingT(t) }
+func Test(t *testing.T) {
+	suite.Run(t, &DiscoverySuite{})
+}
 
 type DiscoverySuite struct{}
 
-var _ = check.Suite(&DiscoverySuite{})
-
-func (ds *DiscoverySuite) TestInitialize(c *check.C) {
+func (ds *DiscoverySuite) TestInitialize(c *testing.T) {
 	storeMock := &FakeStore{
 		Endpoints: []string{"127.0.0.1"},
 	}
@@ -30,9 +30,9 @@ func (ds *DiscoverySuite) TestInitialize(c *check.C) {
 	d.store = storeMock
 
 	s := d.store.(*FakeStore)
-	c.Assert(s.Endpoints, check.HasLen, 1)
-	c.Assert(s.Endpoints[0], check.Equals, "127.0.0.1")
-	c.Assert(d.path, check.Equals, defaultDiscoveryPath)
+	assert.Equal(c, len(s.Endpoints), 1)
+	assert.Equal(c, s.Endpoints[0], "127.0.0.1")
+	assert.Equal(c, d.path, defaultDiscoveryPath)
 
 	storeMock = &FakeStore{
 		Endpoints: []string{"127.0.0.1:1234"},
@@ -42,9 +42,9 @@ func (ds *DiscoverySuite) TestInitialize(c *check.C) {
 	d.store = storeMock
 
 	s = d.store.(*FakeStore)
-	c.Assert(s.Endpoints, check.HasLen, 1)
-	c.Assert(s.Endpoints[0], check.Equals, "127.0.0.1:1234")
-	c.Assert(d.path, check.Equals, "path/"+defaultDiscoveryPath)
+	assert.Equal(c, len(s.Endpoints), 1)
+	assert.Equal(c, s.Endpoints[0], "127.0.0.1:1234")
+	assert.Equal(c, d.path, "path/"+defaultDiscoveryPath)
 
 	storeMock = &FakeStore{
 		Endpoints: []string{"127.0.0.1:1234", "127.0.0.2:1234", "127.0.0.3:1234"},
@@ -54,12 +54,12 @@ func (ds *DiscoverySuite) TestInitialize(c *check.C) {
 	d.store = storeMock
 
 	s = d.store.(*FakeStore)
-	c.Assert(s.Endpoints, check.HasLen, 3)
-	c.Assert(s.Endpoints[0], check.Equals, "127.0.0.1:1234")
-	c.Assert(s.Endpoints[1], check.Equals, "127.0.0.2:1234")
-	c.Assert(s.Endpoints[2], check.Equals, "127.0.0.3:1234")
+	assert.Equal(c, len(s.Endpoints), 3)
+	assert.Equal(c, s.Endpoints[0], "127.0.0.1:1234")
+	assert.Equal(c, s.Endpoints[1], "127.0.0.2:1234")
+	assert.Equal(c, s.Endpoints[2], "127.0.0.3:1234")
 
-	c.Assert(d.path, check.Equals, "path/"+defaultDiscoveryPath)
+	assert.Equal(c, d.path, "path/"+defaultDiscoveryPath)
 }
 
 // Extremely limited mock store so we can test initialization
@@ -131,7 +131,7 @@ func (s *Mock) AtomicDelete(key string, previous *store.KVPair) (bool, error) {
 func (s *Mock) Close() {
 }
 
-func (ds *DiscoverySuite) TestInitializeWithCerts(c *check.C) {
+func (ds *DiscoverySuite) TestInitializeWithCerts(c *testing.T) {
 	cert := `-----BEGIN CERTIFICATE-----
 MIIDCDCCAfKgAwIBAgIICifG7YeiQOEwCwYJKoZIhvcNAQELMBIxEDAOBgNVBAMT
 B1Rlc3QgQ0EwHhcNMTUxMDAxMjMwMDAwWhcNMjAwOTI5MjMwMDAwWjASMRAwDgYD
@@ -180,13 +180,13 @@ dyT7ut01PL6RaW4SeQWtrJIVQaM6vF3pprMKqlc5XihOGAmVqH7rQx9rtQB5TicL
 BFrwkQE4HQtQBV60hYQUzzlSk44VFDz+jxIEtacRHaomDRh2FtOTz+I=
 -----END RSA PRIVATE KEY-----
 `
-	certFile, err := ioutil.TempFile("", "cert")
-	c.Assert(err, check.IsNil)
+	certFile, err := os.CreateTemp("", "cert")
+	assert.Assert(c, err == nil)
 	defer os.Remove(certFile.Name())
 	certFile.Write([]byte(cert))
 	certFile.Close()
-	keyFile, err := ioutil.TempFile("", "key")
-	c.Assert(err, check.IsNil)
+	keyFile, err := os.CreateTemp("", "key")
+	assert.Assert(c, err == nil)
 	defer os.Remove(keyFile.Name())
 	keyFile.Write([]byte(key))
 	keyFile.Close()
@@ -198,14 +198,14 @@ BFrwkQE4HQtQBV60hYQUzzlSk44VFDz+jxIEtacRHaomDRh2FtOTz+I=
 		"kv.certfile":   certFile.Name(),
 		"kv.keyfile":    keyFile.Name(),
 	})
-	c.Assert(err, check.IsNil)
+	assert.Assert(c, err == nil)
 	s := d.store.(*Mock)
-	c.Assert(s.Options.TLS, check.NotNil)
-	c.Assert(s.Options.TLS.RootCAs, check.NotNil)
-	c.Assert(s.Options.TLS.Certificates, check.HasLen, 1)
+	assert.Assert(c, s.Options.TLS != nil)
+	assert.Assert(c, s.Options.TLS.RootCAs != nil)
+	assert.Equal(c, len(s.Options.TLS.Certificates), 1)
 }
 
-func (ds *DiscoverySuite) TestWatch(c *check.C) {
+func (ds *DiscoverySuite) TestWatch(c *testing.T) {
 	mockCh := make(chan []*store.KVPair)
 
 	storeMock := &FakeStore{
@@ -230,7 +230,7 @@ func (ds *DiscoverySuite) TestWatch(c *check.C) {
 	ch, errCh := d.Watch(stopCh)
 
 	// It should fire an error since the first WatchTree call failed.
-	c.Assert(<-errCh, check.ErrorMatches, "test error")
+	assert.ErrorContains(c, <-errCh, "test error")
 	// We have to drain the error channel otherwise Watch will get stuck.
 	go func() {
 		for range errCh {
@@ -239,13 +239,13 @@ func (ds *DiscoverySuite) TestWatch(c *check.C) {
 
 	// Push the entries into the store channel and make sure discovery emits.
 	mockCh <- kvs
-	c.Assert(<-ch, check.DeepEquals, expected)
+	assert.DeepEqual(c, <-ch, expected)
 
 	// Add a new entry.
 	expected = append(expected, &discovery.Entry{Host: "3.3.3.3", Port: "3333"})
 	kvs = append(kvs, &store.KVPair{Key: path.Join("path", defaultDiscoveryPath, "3.3.3.3"), Value: []byte("3.3.3.3:3333")})
 	mockCh <- kvs
-	c.Assert(<-ch, check.DeepEquals, expected)
+	assert.DeepEqual(c, <-ch, expected)
 
 	close(mockCh)
 	// Give it enough time to call WatchTree.
@@ -253,8 +253,8 @@ func (ds *DiscoverySuite) TestWatch(c *check.C) {
 
 	// Stop and make sure it closes all channels.
 	close(stopCh)
-	c.Assert(<-ch, check.IsNil)
-	c.Assert(<-errCh, check.IsNil)
+	assert.Assert(c, <-ch == nil)
+	assert.Assert(c, <-errCh == nil)
 }
 
 // FakeStore implements store.Store methods. It mocks all store
diff --git a/pkg/discovery/memory/memory.go b/pkg/discovery/memory/memory.go
index 81f973e285a3e..08b2ef1c342f4 100644
--- a/pkg/discovery/memory/memory.go
+++ b/pkg/discovery/memory/memory.go
@@ -33,8 +33,8 @@ func (s *Discovery) Initialize(_ string, heartbeat time.Duration, _ time.Duratio
 
 // Watch sends periodic discovery updates to a channel.
 func (s *Discovery) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
-	ch := make(chan discovery.Entries)
-	errCh := make(chan error)
+	ch := make(chan discovery.Entries, 1)
+	errCh := make(chan error, 1)
 	ticker := time.NewTicker(s.heartbeat)
 
 	go func() {
diff --git a/pkg/discovery/memory/memory_test.go b/pkg/discovery/memory/memory_test.go
index 1d937f01607d3..9907505dcc24e 100644
--- a/pkg/discovery/memory/memory_test.go
+++ b/pkg/discovery/memory/memory_test.go
@@ -3,18 +3,19 @@ package memory // import "github.com/docker/docker/pkg/discovery/memory"
 import (
 	"testing"
 
+	"github.com/docker/docker/internal/test/suite"
 	"github.com/docker/docker/pkg/discovery"
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // Hook up gocheck into the "go test" runner.
-func Test(t *testing.T) { check.TestingT(t) }
+func Test(t *testing.T) {
+	suite.Run(t, &discoverySuite{})
+}
 
 type discoverySuite struct{}
 
-var _ = check.Suite(&discoverySuite{})
-
-func (s *discoverySuite) TestWatch(c *check.C) {
+func (s *discoverySuite) TestWatch(c *testing.T) {
 	d := &Discovery{}
 	d.Initialize("foo", 1000, 0, nil)
 	stopCh := make(chan struct{})
@@ -30,19 +31,19 @@ func (s *discoverySuite) TestWatch(c *check.C) {
 		&discovery.Entry{Host: "1.1.1.1", Port: "1111"},
 	}
 
-	c.Assert(d.Register("1.1.1.1:1111"), check.IsNil)
-	c.Assert(<-ch, check.DeepEquals, expected)
+	assert.Assert(c, d.Register("1.1.1.1:1111") == nil)
+	assert.DeepEqual(c, <-ch, expected)
 
 	expected = discovery.Entries{
 		&discovery.Entry{Host: "1.1.1.1", Port: "1111"},
 		&discovery.Entry{Host: "2.2.2.2", Port: "2222"},
 	}
 
-	c.Assert(d.Register("2.2.2.2:2222"), check.IsNil)
-	c.Assert(<-ch, check.DeepEquals, expected)
+	assert.Assert(c, d.Register("2.2.2.2:2222") == nil)
+	assert.DeepEqual(c, <-ch, expected)
 
 	// Stop and make sure it closes all channels.
 	close(stopCh)
-	c.Assert(<-ch, check.IsNil)
-	c.Assert(<-errCh, check.IsNil)
+	assert.Assert(c, <-ch == nil)
+	assert.Assert(c, <-errCh == nil)
 }
diff --git a/pkg/discovery/nodes/nodes.go b/pkg/discovery/nodes/nodes.go
index b1d45aa2e6c41..299ca46f2eb6e 100644
--- a/pkg/discovery/nodes/nodes.go
+++ b/pkg/discovery/nodes/nodes.go
@@ -39,7 +39,7 @@ func (s *Discovery) Initialize(uris string, _ time.Duration, _ time.Duration, _
 
 // Watch is exported
 func (s *Discovery) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
-	ch := make(chan discovery.Entries)
+	ch := make(chan discovery.Entries, 1)
 	go func() {
 		defer close(ch)
 		ch <- s.entries
diff --git a/pkg/discovery/nodes/nodes_test.go b/pkg/discovery/nodes/nodes_test.go
index f9b43ab00bb44..a5846e0111155 100644
--- a/pkg/discovery/nodes/nodes_test.go
+++ b/pkg/discovery/nodes/nodes_test.go
@@ -3,38 +3,38 @@ package nodes // import "github.com/docker/docker/pkg/discovery/nodes"
 import (
 	"testing"
 
+	"github.com/docker/docker/internal/test/suite"
 	"github.com/docker/docker/pkg/discovery"
-
-	"github.com/go-check/check"
+	"gotest.tools/v3/assert"
 )
 
 // Hook up gocheck into the "go test" runner.
-func Test(t *testing.T) { check.TestingT(t) }
+func Test(t *testing.T) {
+	suite.Run(t, &DiscoverySuite{})
+}
 
 type DiscoverySuite struct{}
 
-var _ = check.Suite(&DiscoverySuite{})
-
-func (s *DiscoverySuite) TestInitialize(c *check.C) {
+func (s *DiscoverySuite) TestInitialize(c *testing.T) {
 	d := &Discovery{}
 	d.Initialize("1.1.1.1:1111,2.2.2.2:2222", 0, 0, nil)
-	c.Assert(len(d.entries), check.Equals, 2)
-	c.Assert(d.entries[0].String(), check.Equals, "1.1.1.1:1111")
-	c.Assert(d.entries[1].String(), check.Equals, "2.2.2.2:2222")
+	assert.Equal(c, len(d.entries), 2)
+	assert.Equal(c, d.entries[0].String(), "1.1.1.1:1111")
+	assert.Equal(c, d.entries[1].String(), "2.2.2.2:2222")
 }
 
-func (s *DiscoverySuite) TestInitializeWithPattern(c *check.C) {
+func (s *DiscoverySuite) TestInitializeWithPattern(c *testing.T) {
 	d := &Discovery{}
 	d.Initialize("1.1.1.[1:2]:1111,2.2.2.[2:4]:2222", 0, 0, nil)
-	c.Assert(len(d.entries), check.Equals, 5)
-	c.Assert(d.entries[0].String(), check.Equals, "1.1.1.1:1111")
-	c.Assert(d.entries[1].String(), check.Equals, "1.1.1.2:1111")
-	c.Assert(d.entries[2].String(), check.Equals, "2.2.2.2:2222")
-	c.Assert(d.entries[3].String(), check.Equals, "2.2.2.3:2222")
-	c.Assert(d.entries[4].String(), check.Equals, "2.2.2.4:2222")
+	assert.Equal(c, len(d.entries), 5)
+	assert.Equal(c, d.entries[0].String(), "1.1.1.1:1111")
+	assert.Equal(c, d.entries[1].String(), "1.1.1.2:1111")
+	assert.Equal(c, d.entries[2].String(), "2.2.2.2:2222")
+	assert.Equal(c, d.entries[3].String(), "2.2.2.3:2222")
+	assert.Equal(c, d.entries[4].String(), "2.2.2.4:2222")
 }
 
-func (s *DiscoverySuite) TestWatch(c *check.C) {
+func (s *DiscoverySuite) TestWatch(c *testing.T) {
 	d := &Discovery{}
 	d.Initialize("1.1.1.1:1111,2.2.2.2:2222", 0, 0, nil)
 	expected := discovery.Entries{
@@ -42,10 +42,10 @@ func (s *DiscoverySuite) TestWatch(c *check.C) {
 		&discovery.Entry{Host: "2.2.2.2", Port: "2222"},
 	}
 	ch, _ := d.Watch(nil)
-	c.Assert(expected.Equals(<-ch), check.Equals, true)
+	assert.Equal(c, expected.Equals(<-ch), true)
 }
 
-func (s *DiscoverySuite) TestRegister(c *check.C) {
+func (s *DiscoverySuite) TestRegister(c *testing.T) {
 	d := &Discovery{}
-	c.Assert(d.Register("0.0.0.0"), check.NotNil)
+	assert.Assert(c, d.Register("0.0.0.0") != nil)
 }
diff --git a/pkg/dmesg/dmesg_linux.go b/pkg/dmesg/dmesg_linux.go
index bc71b5b31fba6..524c35a883b5d 100644
--- a/pkg/dmesg/dmesg_linux.go
+++ b/pkg/dmesg/dmesg_linux.go
@@ -1,17 +1,15 @@
 package dmesg // import "github.com/docker/docker/pkg/dmesg"
 
 import (
-	"unsafe"
-
 	"golang.org/x/sys/unix"
 )
 
 // Dmesg returns last messages from the kernel log, up to size bytes
 func Dmesg(size int) []byte {
-	t := uintptr(3) // SYSLOG_ACTION_READ_ALL
+	t := 3 // SYSLOG_ACTION_READ_ALL
 	b := make([]byte, size)
-	amt, _, err := unix.Syscall(unix.SYS_SYSLOG, t, uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)))
-	if err != 0 {
+	amt, err := unix.Klogctl(t, b)
+	if err != nil {
 		return []byte{}
 	}
 	return b[:amt]
diff --git a/pkg/filenotify/poller.go b/pkg/filenotify/poller.go
index 6161d4ab73a89..01ef057981f02 100644
--- a/pkg/filenotify/poller.go
+++ b/pkg/filenotify/poller.go
@@ -146,9 +146,18 @@ func (w *filePoller) sendErr(e error, chClose <-chan struct{}) error {
 // upon finding changes to a file or errors, sendEvent/sendErr is called
 func (w *filePoller) watch(f *os.File, lastFi os.FileInfo, chClose chan struct{}) {
 	defer f.Close()
+
+	timer := time.NewTimer(watchWaitTime)
+	if !timer.Stop() {
+		<-timer.C
+	}
+	defer timer.Stop()
+
 	for {
+		timer.Reset(watchWaitTime)
+
 		select {
-		case <-time.After(watchWaitTime):
+		case <-timer.C:
 		case <-chClose:
 			logrus.Debugf("watch for %s closed", f.Name())
 			return
diff --git a/pkg/filenotify/poller_test.go b/pkg/filenotify/poller_test.go
index a46b60d94f8ce..53ec7b85084cf 100644
--- a/pkg/filenotify/poller_test.go
+++ b/pkg/filenotify/poller_test.go
@@ -2,7 +2,6 @@ package filenotify // import "github.com/docker/docker/pkg/filenotify"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"runtime"
 	"testing"
@@ -21,7 +20,7 @@ func TestPollerAddRemove(t *testing.T) {
 		t.Fatal("should have gotten error when removing non-existent watch")
 	}
 
-	f, err := ioutil.TempFile("", "asdf")
+	f, err := os.CreateTemp("", "asdf")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -42,7 +41,7 @@ func TestPollerEvent(t *testing.T) {
 	}
 	w := NewPollingWatcher()
 
-	f, err := ioutil.TempFile("", "test-poller")
+	f, err := os.CreateTemp("", "test-poller")
 	if err != nil {
 		t.Fatal("error creating temp file")
 	}
@@ -61,16 +60,18 @@ func TestPollerEvent(t *testing.T) {
 	default:
 	}
 
-	if err := ioutil.WriteFile(f.Name(), []byte("hello"), 0644); err != nil {
+	if err := os.WriteFile(f.Name(), []byte("hello"), 0600); err != nil {
 		t.Fatal(err)
 	}
+	assertFileMode(t, f.Name(), 0600)
 	if err := assertEvent(w, fsnotify.Write); err != nil {
 		t.Fatal(err)
 	}
 
-	if err := os.Chmod(f.Name(), 600); err != nil {
+	if err := os.Chmod(f.Name(), 0644); err != nil {
 		t.Fatal(err)
 	}
+	assertFileMode(t, f.Name(), 0644)
 	if err := assertEvent(w, fsnotify.Chmod); err != nil {
 		t.Fatal(err)
 	}
@@ -93,7 +94,7 @@ func TestPollerClose(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	f, err := ioutil.TempFile("", "asdf")
+	f, err := os.CreateTemp("", "asdf")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -103,6 +104,17 @@ func TestPollerClose(t *testing.T) {
 	}
 }
 
+func assertFileMode(t *testing.T, fileName string, mode uint32) {
+	t.Helper()
+	f, err := os.Stat(fileName)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if f.Mode() != os.FileMode(mode) {
+		t.Fatalf("expected file %s to have mode %#o, but got %#o", fileName, mode, f.Mode())
+	}
+}
+
 func assertEvent(w FileWatcher, eType fsnotify.Op) error {
 	var err error
 	select {
diff --git a/pkg/fileutils/fileutils.go b/pkg/fileutils/fileutils.go
index 34f1c726fb5a9..77152a6678edb 100644
--- a/pkg/fileutils/fileutils.go
+++ b/pkg/fileutils/fileutils.go
@@ -9,10 +9,30 @@ import (
 	"regexp"
 	"strings"
 	"text/scanner"
-
-	"github.com/sirupsen/logrus"
+	"unicode/utf8"
 )
 
+// escapeBytes is a bitmap used to check whether a character should be escaped when creating the regex.
+var escapeBytes [8]byte
+
+// shouldEscape reports whether a rune should be escaped as part of the regex.
+//
+// This only includes characters that require escaping in regex but are also NOT valid filepath pattern characters.
+// Additionally, '\' is not excluded because there is specific logic to properly handle this, as it's a path separator
+// on Windows.
+//
+// Adapted from regexp::QuoteMeta in go stdlib.
+// See https://cs.opensource.google/go/go/+/refs/tags/go1.17.2:src/regexp/regexp.go;l=703-715;drc=refs%2Ftags%2Fgo1.17.2
+func shouldEscape(b rune) bool {
+	return b < utf8.RuneSelf && escapeBytes[b%8]&(1<<(b/8)) != 0
+}
+
+func init() {
+	for _, b := range []byte(`.+()|{}$`) {
+		escapeBytes[b%8] |= 1 << (b / 8)
+	}
+}
+
 // PatternMatcher allows checking paths against a list of patterns
 type PatternMatcher struct {
 	patterns   []*Pattern
@@ -57,8 +77,16 @@ func NewPatternMatcher(patterns []string) (*PatternMatcher, error) {
 	return pm, nil
 }
 
-// Matches matches path against all the patterns. Matches is not safe to be
-// called concurrently
+// Matches returns true if "file" matches any of the patterns
+// and isn't excluded by any of the subsequent patterns.
+//
+// The "file" argument should be a slash-delimited path.
+//
+// Matches is not safe to call concurrently.
+//
+// Deprecated: This implementation is buggy (it only checks a single parent dir
+// against the pattern) and will be removed soon. Use either
+// MatchesOrParentMatches or MatchesUsingParentResults instead.
 func (pm *PatternMatcher) Matches(file string) (bool, error) {
 	matched := false
 	file = filepath.FromSlash(file)
@@ -66,10 +94,11 @@ func (pm *PatternMatcher) Matches(file string) (bool, error) {
 	parentPathDirs := strings.Split(parentPath, string(os.PathSeparator))
 
 	for _, pattern := range pm.patterns {
-		negative := false
-
-		if pattern.exclusion {
-			negative = true
+		// Skip evaluation if this is an inclusion and the filename
+		// already matched the pattern, or it's an exclusion and it has
+		// not matched the pattern yet.
+		if pattern.exclusion != matched {
+			continue
 		}
 
 		match, err := pattern.match(file)
@@ -85,17 +114,165 @@ func (pm *PatternMatcher) Matches(file string) (bool, error) {
 		}
 
 		if match {
-			matched = !negative
+			matched = !pattern.exclusion
 		}
 	}
 
-	if matched {
-		logrus.Debugf("Skipping excluded path: %s", file)
+	return matched, nil
+}
+
+// MatchesOrParentMatches returns true if "file" matches any of the patterns
+// and isn't excluded by any of the subsequent patterns.
+//
+// The "file" argument should be a slash-delimited path.
+//
+// Matches is not safe to call concurrently.
+func (pm *PatternMatcher) MatchesOrParentMatches(file string) (bool, error) {
+	matched := false
+	file = filepath.FromSlash(file)
+	parentPath := filepath.Dir(file)
+	parentPathDirs := strings.Split(parentPath, string(os.PathSeparator))
+
+	for _, pattern := range pm.patterns {
+		// Skip evaluation if this is an inclusion and the filename
+		// already matched the pattern, or it's an exclusion and it has
+		// not matched the pattern yet.
+		if pattern.exclusion != matched {
+			continue
+		}
+
+		match, err := pattern.match(file)
+		if err != nil {
+			return false, err
+		}
+
+		if !match && parentPath != "." {
+			// Check to see if the pattern matches one of our parent dirs.
+			for i := range parentPathDirs {
+				match, _ = pattern.match(strings.Join(parentPathDirs[:i+1], string(os.PathSeparator)))
+				if match {
+					break
+				}
+			}
+		}
+
+		if match {
+			matched = !pattern.exclusion
+		}
 	}
 
 	return matched, nil
 }
 
+// MatchesUsingParentResult returns true if "file" matches any of the patterns
+// and isn't excluded by any of the subsequent patterns. The functionality is
+// the same as Matches, but as an optimization, the caller keeps track of
+// whether the parent directory matched.
+//
+// The "file" argument should be a slash-delimited path.
+//
+// MatchesUsingParentResult is not safe to call concurrently.
+//
+// Deprecated: this function does behave correctly in some cases (see
+// https://github.com/docker/buildx/issues/850).
+//
+// Use MatchesUsingParentResults instead.
+func (pm *PatternMatcher) MatchesUsingParentResult(file string, parentMatched bool) (bool, error) {
+	matched := parentMatched
+	file = filepath.FromSlash(file)
+
+	for _, pattern := range pm.patterns {
+		// Skip evaluation if this is an inclusion and the filename
+		// already matched the pattern, or it's an exclusion and it has
+		// not matched the pattern yet.
+		if pattern.exclusion != matched {
+			continue
+		}
+
+		match, err := pattern.match(file)
+		if err != nil {
+			return false, err
+		}
+
+		if match {
+			matched = !pattern.exclusion
+		}
+	}
+	return matched, nil
+}
+
+// MatchInfo tracks information about parent dir matches while traversing a
+// filesystem.
+type MatchInfo struct {
+	parentMatched []bool
+}
+
+// MatchesUsingParentResults returns true if "file" matches any of the patterns
+// and isn't excluded by any of the subsequent patterns. The functionality is
+// the same as Matches, but as an optimization, the caller passes in
+// intermediate results from matching the parent directory.
+//
+// The "file" argument should be a slash-delimited path.
+//
+// MatchesUsingParentResults is not safe to call concurrently.
+func (pm *PatternMatcher) MatchesUsingParentResults(file string, parentMatchInfo MatchInfo) (bool, MatchInfo, error) {
+	parentMatched := parentMatchInfo.parentMatched
+	if len(parentMatched) != 0 && len(parentMatched) != len(pm.patterns) {
+		return false, MatchInfo{}, errors.New("wrong number of values in parentMatched")
+	}
+
+	file = filepath.FromSlash(file)
+	matched := false
+
+	matchInfo := MatchInfo{
+		parentMatched: make([]bool, len(pm.patterns)),
+	}
+	for i, pattern := range pm.patterns {
+		match := false
+		// If the parent matched this pattern, we don't need to recheck.
+		if len(parentMatched) != 0 {
+			match = parentMatched[i]
+		}
+
+		if !match {
+			// Skip evaluation if this is an inclusion and the filename
+			// already matched the pattern, or it's an exclusion and it has
+			// not matched the pattern yet.
+			if pattern.exclusion != matched {
+				continue
+			}
+
+			var err error
+			match, err = pattern.match(file)
+			if err != nil {
+				return false, matchInfo, err
+			}
+
+			// If the zero value of MatchInfo was passed in, we don't have
+			// any information about the parent dir's match results, and we
+			// apply the same logic as MatchesOrParentMatches.
+			if !match && len(parentMatched) == 0 {
+				if parentPath := filepath.Dir(file); parentPath != "." {
+					parentPathDirs := strings.Split(parentPath, string(os.PathSeparator))
+					// Check to see if the pattern matches one of our parent dirs.
+					for i := range parentPathDirs {
+						match, _ = pattern.match(strings.Join(parentPathDirs[:i+1], string(os.PathSeparator)))
+						if match {
+							break
+						}
+					}
+				}
+			}
+		}
+		matchInfo.parentMatched[i] = match
+
+		if match {
+			matched = !pattern.exclusion
+		}
+	}
+	return matched, matchInfo, nil
+}
+
 // Exclusions returns true if any of the patterns define exclusions
 func (pm *PatternMatcher) Exclusions() bool {
 	return pm.exclusions
@@ -124,7 +301,6 @@ func (p *Pattern) Exclusion() bool {
 }
 
 func (p *Pattern) match(path string) (bool, error) {
-
 	if p.regexp == nil {
 		if err := p.compile(); err != nil {
 			return false, filepath.ErrBadPattern
@@ -179,7 +355,7 @@ func (p *Pattern) compile() error {
 		} else if ch == '?' {
 			// "?" is any char except "/"
 			regStr += "[^" + escSL + "]"
-		} else if ch == '.' || ch == '$' {
+		} else if shouldEscape(ch) {
 			// Escape some regexp special chars that have no meaning
 			// in golang's filepath.Match
 			regStr += `\` + string(ch)
@@ -216,6 +392,9 @@ func (p *Pattern) compile() error {
 
 // Matches returns true if file matches any of the patterns
 // and isn't excluded by any of the subsequent patterns.
+//
+// This implementation is buggy (it only checks a single parent dir against the
+// pattern) and will be removed soon. Use MatchesOrParentMatches instead.
 func Matches(file string, patterns []string) (bool, error) {
 	pm, err := NewPatternMatcher(patterns)
 	if err != nil {
@@ -231,6 +410,23 @@ func Matches(file string, patterns []string) (bool, error) {
 	return pm.Matches(file)
 }
 
+// MatchesOrParentMatches returns true if file matches any of the patterns
+// and isn't excluded by any of the subsequent patterns.
+func MatchesOrParentMatches(file string, patterns []string) (bool, error) {
+	pm, err := NewPatternMatcher(patterns)
+	if err != nil {
+		return false, err
+	}
+	file = filepath.Clean(file)
+
+	if file == "." {
+		// Don't let them exclude everything, kind of silly.
+		return false, nil
+	}
+
+	return pm.MatchesOrParentMatches(file)
+}
+
 // CopyFile copies from src to dst until either EOF is reached
 // on src or an error occurs. It verifies src exists and removes
 // the dst if it exists.
diff --git a/pkg/fileutils/fileutils_test.go b/pkg/fileutils/fileutils_test.go
index 4b5f129a50afd..b24d82ebd28f3 100644
--- a/pkg/fileutils/fileutils_test.go
+++ b/pkg/fileutils/fileutils_test.go
@@ -2,7 +2,6 @@ package fileutils // import "github.com/docker/docker/pkg/fileutils"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -10,13 +9,13 @@ import (
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // CopyFile with invalid src
 func TestCopyFileWithInvalidSrc(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	tempFolder, err := os.MkdirTemp("", "docker-fileutils-test") // #nosec G303
 	defer os.RemoveAll(tempFolder)
 	if err != nil {
 		t.Fatal(err)
@@ -33,13 +32,13 @@ func TestCopyFileWithInvalidSrc(t *testing.T) {
 
 // CopyFile with invalid dest
 func TestCopyFileWithInvalidDest(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	tempFolder, err := os.MkdirTemp("", "docker-fileutils-test")
 	defer os.RemoveAll(tempFolder)
 	if err != nil {
 		t.Fatal(err)
 	}
 	src := path.Join(tempFolder, "file")
-	err = ioutil.WriteFile(src, []byte("content"), 0740)
+	err = os.WriteFile(src, []byte("content"), 0740)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -55,13 +54,13 @@ func TestCopyFileWithInvalidDest(t *testing.T) {
 
 // CopyFile with same src and dest
 func TestCopyFileWithSameSrcAndDest(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	tempFolder, err := os.MkdirTemp("", "docker-fileutils-test")
 	defer os.RemoveAll(tempFolder)
 	if err != nil {
 		t.Fatal(err)
 	}
 	file := path.Join(tempFolder, "file")
-	err = ioutil.WriteFile(file, []byte("content"), 0740)
+	err = os.WriteFile(file, []byte("content"), 0740)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -76,7 +75,7 @@ func TestCopyFileWithSameSrcAndDest(t *testing.T) {
 
 // CopyFile with same src and dest but path is different and not clean
 func TestCopyFileWithSameSrcAndDestWithPathNameDifferent(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	tempFolder, err := os.MkdirTemp("", "docker-fileutils-test")
 	defer os.RemoveAll(tempFolder)
 	if err != nil {
 		t.Fatal(err)
@@ -88,7 +87,7 @@ func TestCopyFileWithSameSrcAndDestWithPathNameDifferent(t *testing.T) {
 	}
 	file := path.Join(testFolder, "file")
 	sameFile := testFolder + "/../test/file"
-	err = ioutil.WriteFile(file, []byte("content"), 0740)
+	err = os.WriteFile(file, []byte("content"), 0740)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -102,15 +101,15 @@ func TestCopyFileWithSameSrcAndDestWithPathNameDifferent(t *testing.T) {
 }
 
 func TestCopyFile(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	tempFolder, err := os.MkdirTemp("", "docker-fileutils-test")
 	defer os.RemoveAll(tempFolder)
 	if err != nil {
 		t.Fatal(err)
 	}
 	src := path.Join(tempFolder, "src")
 	dest := path.Join(tempFolder, "dest")
-	ioutil.WriteFile(src, []byte("content"), 0777)
-	ioutil.WriteFile(dest, []byte("destContent"), 0777)
+	os.WriteFile(src, []byte("content"), 0777)
+	os.WriteFile(dest, []byte("destContent"), 0777)
 	bytes, err := CopyFile(src, dest)
 	if err != nil {
 		t.Fatal(err)
@@ -118,7 +117,7 @@ func TestCopyFile(t *testing.T) {
 	if bytes != 7 {
 		t.Fatalf("Should have written %d bytes but wrote %d", 7, bytes)
 	}
-	actual, err := ioutil.ReadFile(dest)
+	actual, err := os.ReadFile(dest)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -182,6 +181,7 @@ func TestReadSymlinkedDirectoryToFile(t *testing.T) {
 	var err error
 	var file *os.File
 
+	// #nosec G303
 	if file, err = os.Create("/tmp/testReadSymlinkToFile"); err != nil {
 		t.Fatalf("failed to create file: %s", err)
 	}
@@ -309,6 +309,12 @@ type matchesTestCase struct {
 	pass    bool
 }
 
+type multiPatternTestCase struct {
+	patterns []string
+	text     string
+	pass     bool
+}
+
 func TestMatches(t *testing.T) {
 	tests := []matchesTestCase{
 		{"**", "file", true},
@@ -327,6 +333,8 @@ func TestMatches(t *testing.T) {
 		{"dir/**", "dir/file/", true},
 		{"dir/**", "dir/dir2/file", true},
 		{"dir/**", "dir/dir2/file/", true},
+		{"**/dir", "dir", true},
+		{"**/dir", "dir/file", true},
 		{"**/dir2/*", "dir/dir2/file", true},
 		{"**/dir2/*", "dir/dir2/file/", true},
 		{"**/dir2/**", "dir/dir2/dir3/file", true},
@@ -371,23 +379,116 @@ func TestMatches(t *testing.T) {
 		{"abc/**", "abc/def/ghi", true},
 		{"**/.foo", ".foo", true},
 		{"**/.foo", "bar.foo", false},
+		{"a(b)c/def", "a(b)c/def", true},
+		{"a(b)c/def", "a(b)c/xyz", false},
+		{"a.|)$(}+{bc", "a.|)$(}+{bc", true},
+	}
+	multiPatternTests := []multiPatternTestCase{
+		{[]string{"**", "!util/docker/web"}, "util/docker/web/foo", false},
+		{[]string{"**", "!util/docker/web", "util/docker/web/foo"}, "util/docker/web/foo", true},
 	}
 
 	if runtime.GOOS != "windows" {
 		tests = append(tests, []matchesTestCase{
 			{"a\\*b", "a*b", true},
-			{"a\\", "a", false},
-			{"a\\", "a\\", false},
 		}...)
 	}
 
-	for _, test := range tests {
-		desc := fmt.Sprintf("pattern=%q text=%q", test.pattern, test.text)
-		pm, err := NewPatternMatcher([]string{test.pattern})
-		assert.NilError(t, err, desc)
-		res, _ := pm.Matches(test.text)
-		assert.Check(t, is.Equal(test.pass, res), desc)
-	}
+	t.Run("MatchesOrParentMatches", func(t *testing.T) {
+		for _, test := range tests {
+			desc := fmt.Sprintf("pattern=%q text=%q", test.pattern, test.text)
+			pm, err := NewPatternMatcher([]string{test.pattern})
+			assert.NilError(t, err, desc)
+			res, _ := pm.MatchesOrParentMatches(test.text)
+			assert.Check(t, is.Equal(test.pass, res), desc)
+		}
+
+		for _, test := range multiPatternTests {
+			desc := fmt.Sprintf("patterns=%q text=%q", test.patterns, test.text)
+			pm, err := NewPatternMatcher(test.patterns)
+			assert.NilError(t, err, desc)
+			res, _ := pm.MatchesOrParentMatches(test.text)
+			assert.Check(t, is.Equal(test.pass, res), desc)
+		}
+	})
+
+	t.Run("MatchesUsingParentResult", func(t *testing.T) {
+		for _, test := range tests {
+			desc := fmt.Sprintf("pattern=%q text=%q", test.pattern, test.text)
+			pm, err := NewPatternMatcher([]string{test.pattern})
+			assert.NilError(t, err, desc)
+
+			parentPath := filepath.Dir(filepath.FromSlash(test.text))
+			parentPathDirs := strings.Split(parentPath, string(os.PathSeparator))
+
+			parentMatched := false
+			if parentPath != "." {
+				for i := range parentPathDirs {
+					parentMatched, _ = pm.MatchesUsingParentResult(strings.Join(parentPathDirs[:i+1], "/"), parentMatched)
+				}
+			}
+
+			res, _ := pm.MatchesUsingParentResult(test.text, parentMatched)
+			assert.Check(t, is.Equal(test.pass, res), desc)
+		}
+	})
+
+	t.Run("MatchesUsingParentResults", func(t *testing.T) {
+		check := func(pm *PatternMatcher, text string, pass bool, desc string) {
+			parentPath := filepath.Dir(filepath.FromSlash(text))
+			parentPathDirs := strings.Split(parentPath, string(os.PathSeparator))
+
+			parentMatchInfo := MatchInfo{}
+			if parentPath != "." {
+				for i := range parentPathDirs {
+					_, parentMatchInfo, _ = pm.MatchesUsingParentResults(strings.Join(parentPathDirs[:i+1], "/"), parentMatchInfo)
+				}
+			}
+
+			res, _, _ := pm.MatchesUsingParentResults(text, parentMatchInfo)
+			assert.Check(t, is.Equal(pass, res), desc)
+		}
+
+		for _, test := range tests {
+			desc := fmt.Sprintf("pattern=%q text=%q", test.pattern, test.text)
+			pm, err := NewPatternMatcher([]string{test.pattern})
+			assert.NilError(t, err, desc)
+
+			check(pm, test.text, test.pass, desc)
+		}
+
+		for _, test := range multiPatternTests {
+			desc := fmt.Sprintf("pattern=%q text=%q", test.patterns, test.text)
+			pm, err := NewPatternMatcher(test.patterns)
+			assert.NilError(t, err, desc)
+
+			check(pm, test.text, test.pass, desc)
+		}
+	})
+
+	t.Run("MatchesUsingParentResultsNoContext", func(t *testing.T) {
+		check := func(pm *PatternMatcher, text string, pass bool, desc string) {
+			res, _, _ := pm.MatchesUsingParentResults(text, MatchInfo{})
+			assert.Check(t, is.Equal(pass, res), desc)
+		}
+
+		for _, test := range tests {
+			desc := fmt.Sprintf("pattern=%q text=%q", test.pattern, test.text)
+			pm, err := NewPatternMatcher([]string{test.pattern})
+			assert.NilError(t, err, desc)
+
+			check(pm, test.text, test.pass, desc)
+		}
+
+		for _, test := range multiPatternTests {
+			desc := fmt.Sprintf("pattern=%q text=%q", test.patterns, test.text)
+			pm, err := NewPatternMatcher(test.patterns)
+			assert.NilError(t, err, desc)
+
+			check(pm, test.text, test.pass, desc)
+		}
+	})
+
 }
 
 func TestCleanPatterns(t *testing.T) {
@@ -456,7 +557,7 @@ func TestCleanPatternsErrorSingleException(t *testing.T) {
 }
 
 func TestCreateIfNotExistsDir(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	tempFolder, err := os.MkdirTemp("", "docker-fileutils-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -478,7 +579,7 @@ func TestCreateIfNotExistsDir(t *testing.T) {
 }
 
 func TestCreateIfNotExistsFile(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	tempFolder, err := os.MkdirTemp("", "docker-fileutils-test")
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/pkg/fileutils/fileutils_unix.go b/pkg/fileutils/fileutils_unix.go
index 565396f1c7f42..f782b4266aada 100644
--- a/pkg/fileutils/fileutils_unix.go
+++ b/pkg/fileutils/fileutils_unix.go
@@ -1,10 +1,10 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package fileutils // import "github.com/docker/docker/pkg/fileutils"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 
 	"github.com/sirupsen/logrus"
@@ -13,7 +13,7 @@ import (
 // GetTotalUsedFds Returns the number of used File Descriptors by
 // reading it via /proc filesystem.
 func GetTotalUsedFds() int {
-	if fds, err := ioutil.ReadDir(fmt.Sprintf("/proc/%d/fd", os.Getpid())); err != nil {
+	if fds, err := os.ReadDir(fmt.Sprintf("/proc/%d/fd", os.Getpid())); err != nil {
 		logrus.Errorf("Error opening /proc/%d/fd: %s", os.Getpid(), err)
 	} else {
 		return len(fds)
diff --git a/pkg/fsutils/fsutils_linux.go b/pkg/fsutils/fsutils_linux.go
index 104211adea7e2..d9a7760963130 100644
--- a/pkg/fsutils/fsutils_linux.go
+++ b/pkg/fsutils/fsutils_linux.go
@@ -2,7 +2,6 @@ package fsutils // import "github.com/docker/docker/pkg/fsutils"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"unsafe"
 
@@ -10,14 +9,14 @@ import (
 )
 
 func locateDummyIfEmpty(path string) (string, error) {
-	children, err := ioutil.ReadDir(path)
+	children, err := os.ReadDir(path)
 	if err != nil {
 		return "", err
 	}
 	if len(children) != 0 {
 		return "", nil
 	}
-	dummyFile, err := ioutil.TempFile(path, "fsutils-dummy")
+	dummyFile, err := os.CreateTemp(path, "fsutils-dummy")
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/fsutils/fsutils_linux_test.go b/pkg/fsutils/fsutils_linux_test.go
index 4e5a78b519089..f7af8e8677aed 100644
--- a/pkg/fsutils/fsutils_linux_test.go
+++ b/pkg/fsutils/fsutils_linux_test.go
@@ -1,9 +1,9 @@
+//go:build linux
 // +build linux
 
 package fsutils // import "github.com/docker/docker/pkg/fsutils"
 
 import (
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"testing"
@@ -19,7 +19,7 @@ func testSupportsDType(t *testing.T, expected bool, mkfsCommand string, mkfsArg
 
 	// create a sparse image
 	imageSize := int64(32 * 1024 * 1024)
-	imageFile, err := ioutil.TempFile("", "fsutils-image")
+	imageFile, err := os.CreateTemp("", "fsutils-image")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -36,7 +36,7 @@ func testSupportsDType(t *testing.T, expected bool, mkfsCommand string, mkfsArg
 	}
 
 	// create a mountpoint
-	mountpoint, err := ioutil.TempDir("", "fsutils-mountpoint")
+	mountpoint, err := os.MkdirTemp("", "fsutils-mountpoint")
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/pkg/homedir/homedir_linux.go b/pkg/homedir/homedir_linux.go
index ee15ed52b1645..5e6310fdcd6bb 100644
--- a/pkg/homedir/homedir_linux.go
+++ b/pkg/homedir/homedir_linux.go
@@ -1,21 +1,93 @@
 package homedir // import "github.com/docker/docker/pkg/homedir"
 
 import (
+	"errors"
 	"os"
-
-	"github.com/docker/docker/pkg/idtools"
+	"path/filepath"
+	"strings"
 )
 
-// GetStatic returns the home directory for the current user without calling
-// os/user.Current(). This is useful for static-linked binary on glibc-based
-// system, because a call to os/user.Current() in a static binary leads to
-// segfault due to a glibc issue that won't be fixed in a short term.
-// (#29344, golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341)
-func GetStatic() (string, error) {
-	uid := os.Getuid()
-	usr, err := idtools.LookupUID(uid)
+// GetRuntimeDir returns XDG_RUNTIME_DIR.
+// XDG_RUNTIME_DIR is typically configured via pam_systemd.
+// GetRuntimeDir returns non-nil error if XDG_RUNTIME_DIR is not set.
+//
+// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
+func GetRuntimeDir() (string, error) {
+	if xdgRuntimeDir := os.Getenv("XDG_RUNTIME_DIR"); xdgRuntimeDir != "" {
+		return xdgRuntimeDir, nil
+	}
+	return "", errors.New("could not get XDG_RUNTIME_DIR")
+}
+
+// StickRuntimeDirContents sets the sticky bit on files that are under
+// XDG_RUNTIME_DIR, so that the files won't be periodically removed by the system.
+//
+// StickyRuntimeDir returns slice of sticked files.
+// StickyRuntimeDir returns nil error if XDG_RUNTIME_DIR is not set.
+//
+// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
+func StickRuntimeDirContents(files []string) ([]string, error) {
+	runtimeDir, err := GetRuntimeDir()
+	if err != nil {
+		// ignore error if runtimeDir is empty
+		return nil, nil
+	}
+	runtimeDir, err = filepath.Abs(runtimeDir)
 	if err != nil {
-		return "", err
+		return nil, err
+	}
+	var sticked []string
+	for _, f := range files {
+		f, err = filepath.Abs(f)
+		if err != nil {
+			return sticked, err
+		}
+		if strings.HasPrefix(f, runtimeDir+"/") {
+			if err = stick(f); err != nil {
+				return sticked, err
+			}
+			sticked = append(sticked, f)
+		}
+	}
+	return sticked, nil
+}
+
+func stick(f string) error {
+	st, err := os.Stat(f)
+	if err != nil {
+		return err
+	}
+	m := st.Mode()
+	m |= os.ModeSticky
+	return os.Chmod(f, m)
+}
+
+// GetDataHome returns XDG_DATA_HOME.
+// GetDataHome returns $HOME/.local/share and nil error if XDG_DATA_HOME is not set.
+//
+// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
+func GetDataHome() (string, error) {
+	if xdgDataHome := os.Getenv("XDG_DATA_HOME"); xdgDataHome != "" {
+		return xdgDataHome, nil
+	}
+	home := os.Getenv("HOME")
+	if home == "" {
+		return "", errors.New("could not get either XDG_DATA_HOME or HOME")
+	}
+	return filepath.Join(home, ".local", "share"), nil
+}
+
+// GetConfigHome returns XDG_CONFIG_HOME.
+// GetConfigHome returns $HOME/.config and nil error if XDG_CONFIG_HOME is not set.
+//
+// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
+func GetConfigHome() (string, error) {
+	if xdgConfigHome := os.Getenv("XDG_CONFIG_HOME"); xdgConfigHome != "" {
+		return xdgConfigHome, nil
+	}
+	home := os.Getenv("HOME")
+	if home == "" {
+		return "", errors.New("could not get either XDG_CONFIG_HOME or HOME")
 	}
-	return usr.Home, nil
+	return filepath.Join(home, ".config"), nil
 }
diff --git a/pkg/homedir/homedir_others.go b/pkg/homedir/homedir_others.go
index 75ada2fe54607..fc48e674c11d7 100644
--- a/pkg/homedir/homedir_others.go
+++ b/pkg/homedir/homedir_others.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package homedir // import "github.com/docker/docker/pkg/homedir"
@@ -6,8 +7,22 @@ import (
 	"errors"
 )
 
-// GetStatic is not needed for non-linux systems.
-// (Precisely, it is needed only for glibc-based linux systems.)
-func GetStatic() (string, error) {
-	return "", errors.New("homedir.GetStatic() is not supported on this system")
+// GetRuntimeDir is unsupported on non-linux system.
+func GetRuntimeDir() (string, error) {
+	return "", errors.New("homedir.GetRuntimeDir() is not supported on this system")
+}
+
+// StickRuntimeDirContents is unsupported on non-linux system.
+func StickRuntimeDirContents(files []string) ([]string, error) {
+	return nil, errors.New("homedir.StickRuntimeDirContents() is not supported on this system")
+}
+
+// GetDataHome is unsupported on non-linux system.
+func GetDataHome() (string, error) {
+	return "", errors.New("homedir.GetDataHome() is not supported on this system")
+}
+
+// GetConfigHome is unsupported on non-linux system.
+func GetConfigHome() (string, error) {
+	return "", errors.New("homedir.GetConfigHome() is not supported on this system")
 }
diff --git a/pkg/homedir/homedir_unix.go b/pkg/homedir/homedir_unix.go
index d85e124488407..d1732dee52f21 100644
--- a/pkg/homedir/homedir_unix.go
+++ b/pkg/homedir/homedir_unix.go
@@ -1,11 +1,11 @@
+//go:build !windows
 // +build !windows
 
 package homedir // import "github.com/docker/docker/pkg/homedir"
 
 import (
 	"os"
-
-	"github.com/opencontainers/runc/libcontainer/user"
+	"os/user"
 )
 
 // Key returns the env var name for the user's home dir based on
@@ -17,11 +17,16 @@ func Key() string {
 // Get returns the home directory of the current user with the help of
 // environment variables depending on the target operating system.
 // Returned path should be used with "path/filepath" to form new paths.
+//
+// If linking statically with cgo enabled against glibc, ensure the
+// osusergo build tag is used.
+//
+// If needing to do nss lookups, do not disable cgo or set osusergo.
 func Get() string {
 	home := os.Getenv(Key())
 	if home == "" {
-		if u, err := user.CurrentUser(); err == nil {
-			return u.Home
+		if u, err := user.Current(); err == nil {
+			return u.HomeDir
 		}
 	}
 	return home
diff --git a/pkg/idtools/idtools.go b/pkg/idtools/idtools.go
index 230422eac827f..25a57b231e011 100644
--- a/pkg/idtools/idtools.go
+++ b/pkg/idtools/idtools.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"fmt"
 	"os"
-	"sort"
 	"strconv"
 	"strings"
 )
@@ -36,13 +35,13 @@ const (
 
 // MkdirAllAndChown creates a directory (include any along the path) and then modifies
 // ownership to the requested uid/gid.  If the directory already exists, this
-// function will still change ownership to the requested uid/gid pair.
+// function will still change ownership and permissions.
 func MkdirAllAndChown(path string, mode os.FileMode, owner Identity) error {
 	return mkdirAs(path, mode, owner, true, true)
 }
 
 // MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid.
-// If the directory already exists, this function still changes ownership.
+// If the directory already exists, this function still changes ownership and permissions.
 // Note that unlike os.Mkdir(), this function does not return IsExist error
 // in case path already exists.
 func MkdirAndChown(path string, mode os.FileMode, owner Identity) error {
@@ -51,7 +50,7 @@ func MkdirAndChown(path string, mode os.FileMode, owner Identity) error {
 
 // MkdirAllAndChownNew creates a directory (include any along the path) and then modifies
 // ownership ONLY of newly created directories to the requested uid/gid. If the
-// directories along the path exist, no change of ownership will be performed
+// directories along the path exist, no change of ownership or permissions will be performed
 func MkdirAllAndChownNew(path string, mode os.FileMode, owner Identity) error {
 	return mkdirAs(path, mode, owner, true, false)
 }
@@ -115,31 +114,6 @@ type IdentityMapping struct {
 	gids []IDMap
 }
 
-// NewIdentityMapping takes a requested user and group name and
-// using the data from /etc/sub{uid,gid} ranges, creates the
-// proper uid and gid remapping ranges for that user/group pair
-func NewIdentityMapping(username, groupname string) (*IdentityMapping, error) {
-	subuidRanges, err := parseSubuid(username)
-	if err != nil {
-		return nil, err
-	}
-	subgidRanges, err := parseSubgid(groupname)
-	if err != nil {
-		return nil, err
-	}
-	if len(subuidRanges) == 0 {
-		return nil, fmt.Errorf("No subuid ranges found for user %q", username)
-	}
-	if len(subgidRanges) == 0 {
-		return nil, fmt.Errorf("No subgid ranges found for group %q", groupname)
-	}
-
-	return &IdentityMapping{
-		uids: createIDMap(subuidRanges),
-		gids: createIDMap(subgidRanges),
-	}, nil
-}
-
 // NewIDMappingsFromMaps creates a new mapping from two slices
 // Deprecated: this is a temporary shim while transitioning to IDMapping
 func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IdentityMapping {
@@ -203,8 +177,6 @@ func (i *IdentityMapping) GIDs() []IDMap {
 func createIDMap(subidRanges ranges) []IDMap {
 	idMap := []IDMap{}
 
-	// sort the ranges by lowest ID first
-	sort.Sort(subidRanges)
 	containerID := 0
 	for _, idrange := range subidRanges {
 		idMap = append(idMap, IDMap{
@@ -239,10 +211,6 @@ func parseSubidFile(path, username string) (ranges, error) {
 
 	s := bufio.NewScanner(subidFile)
 	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return rangeList, err
-		}
-
 		text := strings.TrimSpace(s.Text())
 		if text == "" || strings.HasPrefix(text, "#") {
 			continue
@@ -263,5 +231,11 @@ func parseSubidFile(path, username string) (ranges, error) {
 			rangeList = append(rangeList, subIDRange{startid, length})
 		}
 	}
-	return rangeList, nil
+
+	return rangeList, s.Err()
+}
+
+// CurrentIdentity returns the identity of the current process
+func CurrentIdentity() Identity {
+	return Identity{UID: os.Getuid(), GID: os.Getegid()}
 }
diff --git a/pkg/idtools/idtools_test.go b/pkg/idtools/idtools_test.go
new file mode 100644
index 0000000000000..34b57b6bcdd4f
--- /dev/null
+++ b/pkg/idtools/idtools_test.go
@@ -0,0 +1,28 @@
+package idtools // import "github.com/docker/docker/pkg/idtools"
+
+import (
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestCreateIDMapOrder(t *testing.T) {
+	subidRanges := ranges{
+		{100000, 1000},
+		{1000, 1},
+	}
+
+	idMap := createIDMap(subidRanges)
+	assert.DeepEqual(t, idMap, []IDMap{
+		{
+			ContainerID: 0,
+			HostID:      100000,
+			Size:        1000,
+		},
+		{
+			ContainerID: 1000,
+			HostID:      1000,
+			Size:        1,
+		},
+	})
+}
diff --git a/pkg/idtools/idtools_unix.go b/pkg/idtools/idtools_unix.go
index fb239743a01a4..ceec0339b5675 100644
--- a/pkg/idtools/idtools_unix.go
+++ b/pkg/idtools/idtools_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package idtools // import "github.com/docker/docker/pkg/idtools"
@@ -8,12 +9,13 @@ import (
 	"io"
 	"os"
 	"path/filepath"
-	"strings"
+	"strconv"
 	"sync"
 	"syscall"
 
 	"github.com/docker/docker/pkg/system"
 	"github.com/opencontainers/runc/libcontainer/user"
+	"github.com/pkg/errors"
 )
 
 var (
@@ -39,7 +41,7 @@ func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting
 		}
 
 		// short-circuit--we were called with an existing directory and chown was requested
-		return lazyChown(path, owner.UID, owner.GID, stat)
+		return setPermissions(path, mode, owner.UID, owner.GID, stat)
 	}
 
 	if os.IsNotExist(err) {
@@ -59,7 +61,7 @@ func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting
 				paths = append(paths, dirPath)
 			}
 		}
-		if err := system.MkdirAll(path, mode, ""); err != nil {
+		if err := system.MkdirAll(path, mode); err != nil {
 			return err
 		}
 	} else {
@@ -70,7 +72,7 @@ func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting
 	// even if it existed, we will chown the requested path + any subpaths that
 	// didn't exist when we called MkdirAll
 	for _, pathComponent := range paths {
-		if err := lazyChown(pathComponent, owner.UID, owner.GID, nil); err != nil {
+		if err := setPermissions(pathComponent, mode, owner.UID, owner.GID, nil); err != nil {
 			return err
 		}
 	}
@@ -105,14 +107,14 @@ func accessible(isOwner, isGroup bool, perms os.FileMode) bool {
 
 // LookupUser uses traditional local system files lookup (from libcontainer/user) on a username,
 // followed by a call to `getent` for supporting host configured non-files passwd and group dbs
-func LookupUser(username string) (user.User, error) {
+func LookupUser(name string) (user.User, error) {
 	// first try a local system files lookup using existing capabilities
-	usr, err := user.LookupUser(username)
+	usr, err := user.LookupUser(name)
 	if err == nil {
 		return usr, nil
 	}
 	// local files lookup failed; attempt to call `getent` to query configured passwd dbs
-	usr, err = getentUser(fmt.Sprintf("%s %s", "passwd", username))
+	usr, err = getentUser(name)
 	if err != nil {
 		return user.User{}, err
 	}
@@ -128,11 +130,11 @@ func LookupUID(uid int) (user.User, error) {
 		return usr, nil
 	}
 	// local files lookup failed; attempt to call `getent` to query configured passwd dbs
-	return getentUser(fmt.Sprintf("%s %d", "passwd", uid))
+	return getentUser(strconv.Itoa(uid))
 }
 
-func getentUser(args string) (user.User, error) {
-	reader, err := callGetent(args)
+func getentUser(name string) (user.User, error) {
+	reader, err := callGetent("passwd", name)
 	if err != nil {
 		return user.User{}, err
 	}
@@ -141,21 +143,21 @@ func getentUser(args string) (user.User, error) {
 		return user.User{}, err
 	}
 	if len(users) == 0 {
-		return user.User{}, fmt.Errorf("getent failed to find passwd entry for %q", strings.Split(args, " ")[1])
+		return user.User{}, fmt.Errorf("getent failed to find passwd entry for %q", name)
 	}
 	return users[0], nil
 }
 
 // LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name,
 // followed by a call to `getent` for supporting host configured non-files passwd and group dbs
-func LookupGroup(groupname string) (user.Group, error) {
+func LookupGroup(name string) (user.Group, error) {
 	// first try a local system files lookup using existing capabilities
-	group, err := user.LookupGroup(groupname)
+	group, err := user.LookupGroup(name)
 	if err == nil {
 		return group, nil
 	}
 	// local files lookup failed; attempt to call `getent` to query configured group dbs
-	return getentGroup(fmt.Sprintf("%s %s", "group", groupname))
+	return getentGroup(name)
 }
 
 // LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID,
@@ -167,11 +169,11 @@ func LookupGID(gid int) (user.Group, error) {
 		return group, nil
 	}
 	// local files lookup failed; attempt to call `getent` to query configured group dbs
-	return getentGroup(fmt.Sprintf("%s %d", "group", gid))
+	return getentGroup(strconv.Itoa(gid))
 }
 
-func getentGroup(args string) (user.Group, error) {
-	reader, err := callGetent(args)
+func getentGroup(name string) (user.Group, error) {
+	reader, err := callGetent("group", name)
 	if err != nil {
 		return user.Group{}, err
 	}
@@ -180,18 +182,18 @@ func getentGroup(args string) (user.Group, error) {
 		return user.Group{}, err
 	}
 	if len(groups) == 0 {
-		return user.Group{}, fmt.Errorf("getent failed to find groups entry for %q", strings.Split(args, " ")[1])
+		return user.Group{}, fmt.Errorf("getent failed to find groups entry for %q", name)
 	}
 	return groups[0], nil
 }
 
-func callGetent(args string) (io.Reader, error) {
+func callGetent(database, key string) (io.Reader, error) {
 	entOnce.Do(func() { getentCmd, _ = resolveBinary("getent") })
 	// if no `getent` command on host, can't do anything else
 	if getentCmd == "" {
-		return nil, fmt.Errorf("")
+		return nil, fmt.Errorf("unable to find getent command")
 	}
-	out, err := execCmd(getentCmd, args)
+	out, err := execCmd(getentCmd, database, key)
 	if err != nil {
 		exitCode, errC := system.GetExitCode(err)
 		if errC != nil {
@@ -201,8 +203,7 @@ func callGetent(args string) (io.Reader, error) {
 		case 1:
 			return nil, fmt.Errorf("getent reported invalid parameters/database unknown")
 		case 2:
-			terms := strings.Split(args, " ")
-			return nil, fmt.Errorf("getent unable to find entry %q in %s database", terms[1], terms[0])
+			return nil, fmt.Errorf("getent unable to find entry %q in %s database", key, database)
 		case 3:
 			return nil, fmt.Errorf("getent database doesn't support enumeration")
 		default:
@@ -213,10 +214,11 @@ func callGetent(args string) (io.Reader, error) {
 	return bytes.NewReader(out), nil
 }
 
-// lazyChown performs a chown only if the uid/gid don't match what's requested
+// setPermissions performs a chown/chmod only if the uid/gid don't match what's requested
 // Normally a Chown is a no-op if uid/gid match, but in some cases this can still cause an error, e.g. if the
 // dir is on an NFS share, so don't call chown unless we absolutely must.
-func lazyChown(p string, uid, gid int, stat *system.StatT) error {
+// Likewise for setting permissions.
+func setPermissions(p string, mode os.FileMode, uid, gid int, stat *system.StatT) error {
 	if stat == nil {
 		var err error
 		stat, err = system.Stat(p)
@@ -224,8 +226,71 @@ func lazyChown(p string, uid, gid int, stat *system.StatT) error {
 			return err
 		}
 	}
+	if os.FileMode(stat.Mode()).Perm() != mode.Perm() {
+		if err := os.Chmod(p, mode.Perm()); err != nil {
+			return err
+		}
+	}
 	if stat.UID() == uint32(uid) && stat.GID() == uint32(gid) {
 		return nil
 	}
 	return os.Chown(p, uid, gid)
 }
+
+// NewIdentityMapping takes a requested username and
+// using the data from /etc/sub{uid,gid} ranges, creates the
+// proper uid and gid remapping ranges for that user/group pair
+func NewIdentityMapping(name string) (*IdentityMapping, error) {
+	usr, err := LookupUser(name)
+	if err != nil {
+		return nil, fmt.Errorf("Could not get user for username %s: %v", name, err)
+	}
+
+	subuidRanges, err := lookupSubUIDRanges(usr)
+	if err != nil {
+		return nil, err
+	}
+	subgidRanges, err := lookupSubGIDRanges(usr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IdentityMapping{
+		uids: subuidRanges,
+		gids: subgidRanges,
+	}, nil
+}
+
+func lookupSubUIDRanges(usr user.User) ([]IDMap, error) {
+	rangeList, err := parseSubuid(strconv.Itoa(usr.Uid))
+	if err != nil {
+		return nil, err
+	}
+	if len(rangeList) == 0 {
+		rangeList, err = parseSubuid(usr.Name)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if len(rangeList) == 0 {
+		return nil, errors.Errorf("no subuid ranges found for user %q", usr.Name)
+	}
+	return createIDMap(rangeList), nil
+}
+
+func lookupSubGIDRanges(usr user.User) ([]IDMap, error) {
+	rangeList, err := parseSubgid(strconv.Itoa(usr.Uid))
+	if err != nil {
+		return nil, err
+	}
+	if len(rangeList) == 0 {
+		rangeList, err = parseSubgid(usr.Name)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if len(rangeList) == 0 {
+		return nil, errors.Errorf("no subgid ranges found for user %q", usr.Name)
+	}
+	return createIDMap(rangeList), nil
+}
diff --git a/pkg/idtools/idtools_unix_test.go b/pkg/idtools/idtools_unix_test.go
index be5d60262247f..c43ed6fc8dd97 100644
--- a/pkg/idtools/idtools_unix_test.go
+++ b/pkg/idtools/idtools_unix_test.go
@@ -1,19 +1,19 @@
+//go:build !windows
 // +build !windows
 
 package idtools // import "github.com/docker/docker/pkg/idtools"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/user"
 	"path/filepath"
 	"testing"
 
 	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )
 
 const (
@@ -27,7 +27,7 @@ type node struct {
 
 func TestMkdirAllAndChown(t *testing.T) {
 	RequiresRoot(t)
-	dirName, err := ioutil.TempDir("", "mkdirall")
+	dirName, err := os.MkdirTemp("", "mkdirall")
 	if err != nil {
 		t.Fatalf("Couldn't create temp dir: %v", err)
 	}
@@ -88,7 +88,7 @@ func TestMkdirAllAndChown(t *testing.T) {
 
 func TestMkdirAllAndChownNew(t *testing.T) {
 	RequiresRoot(t)
-	dirName, err := ioutil.TempDir("", "mkdirnew")
+	dirName, err := os.MkdirTemp("", "mkdirnew")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dirName)
 
@@ -129,7 +129,7 @@ func TestMkdirAllAndChownNew(t *testing.T) {
 
 func TestMkdirAndChown(t *testing.T) {
 	RequiresRoot(t)
-	dirName, err := ioutil.TempDir("", "mkdir")
+	dirName, err := os.MkdirTemp("", "mkdir")
 	if err != nil {
 		t.Fatalf("Couldn't create temp dir: %v", err)
 	}
@@ -190,7 +190,7 @@ func buildTree(base string, tree map[string]node) error {
 func readTree(base, root string) (map[string]node, error) {
 	tree := make(map[string]node)
 
-	dirInfos, err := ioutil.ReadDir(base)
+	dirInfos, err := os.ReadDir(base)
 	if err != nil {
 		return nil, fmt.Errorf("Couldn't read directory entries for %q: %v", base, err)
 	}
@@ -239,7 +239,7 @@ func delUser(t *testing.T, name string) {
 }
 
 func TestParseSubidFileWithNewlinesAndComments(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "parsesubid")
+	tmpDir, err := os.MkdirTemp("", "parsesubid")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -248,7 +248,7 @@ func TestParseSubidFileWithNewlinesAndComments(t *testing.T) {
 # empty default subuid/subgid file
 
 dockremap:231072:65536`
-	if err := ioutil.WriteFile(fnamePath, []byte(fcontent), 0644); err != nil {
+	if err := os.WriteFile(fnamePath, []byte(fcontent), 0644); err != nil {
 		t.Fatal(err)
 	}
 	ranges, err := parseSubidFile(fnamePath, "dockremap")
@@ -321,18 +321,13 @@ func TestNewIDMappings(t *testing.T) {
 	tempUser, err := user.Lookup(tempUser)
 	assert.Check(t, err)
 
-	gids, err := tempUser.GroupIds()
-	assert.Check(t, err)
-	group, err := user.LookupGroupId(string(gids[0]))
-	assert.Check(t, err)
-
-	idMapping, err := NewIdentityMapping(tempUser.Username, group.Name)
+	idMapping, err := NewIdentityMapping(tempUser.Username)
 	assert.Check(t, err)
 
 	rootUID, rootGID, err := GetRootUIDGID(idMapping.UIDs(), idMapping.GIDs())
 	assert.Check(t, err)
 
-	dirName, err := ioutil.TempDir("", "mkdirall")
+	dirName, err := os.MkdirTemp("", "mkdirall")
 	assert.Check(t, err, "Couldn't create temp directory")
 	defer os.RemoveAll(dirName)
 
@@ -382,7 +377,7 @@ func TestLookupUserAndGroupThatDoesNotExist(t *testing.T) {
 // returns a correct error in case a directory which it is about to create
 // already exists but is a file (rather than a directory).
 func TestMkdirIsNotDir(t *testing.T) {
-	file, err := ioutil.TempFile("", t.Name())
+	file, err := os.CreateTemp("", t.Name())
 	if err != nil {
 		t.Fatalf("Couldn't create temp dir: %v", err)
 	}
diff --git a/pkg/idtools/idtools_windows.go b/pkg/idtools/idtools_windows.go
index 4ae38a1b17bb0..0f5aadd4961c4 100644
--- a/pkg/idtools/idtools_windows.go
+++ b/pkg/idtools/idtools_windows.go
@@ -6,12 +6,21 @@ import (
 	"github.com/docker/docker/pkg/system"
 )
 
+const (
+	SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
+)
+
+const (
+	ContainerAdministratorSidString = "S-1-5-93-2-1"
+	ContainerUserSidString          = "S-1-5-93-2-2"
+)
+
 // This is currently a wrapper around MkdirAll, however, since currently
 // permissions aren't set through this path, the identity isn't utilized.
 // Ownership is handled elsewhere, but in the future could be support here
 // too.
 func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting bool) error {
-	if err := system.MkdirAll(path, mode, ""); err != nil {
+	if err := system.MkdirAll(path, mode); err != nil {
 		return err
 	}
 	return nil
diff --git a/pkg/idtools/usergroupadd_linux.go b/pkg/idtools/usergroupadd_linux.go
index 6272c5a404710..bf7ae0564ba55 100644
--- a/pkg/idtools/usergroupadd_linux.go
+++ b/pkg/idtools/usergroupadd_linux.go
@@ -17,18 +17,13 @@ import (
 var (
 	once        sync.Once
 	userCommand string
-
-	cmdTemplates = map[string]string{
-		"adduser": "--system --shell /bin/false --no-create-home --disabled-login --disabled-password --group %s",
-		"useradd": "-r -s /bin/false %s",
-		"usermod": "-%s %d-%d %s",
-	}
-
 	idOutRegexp = regexp.MustCompile(`uid=([0-9]+).*gid=([0-9]+)`)
+)
+
+const (
 	// default length for a UID/GID subordinate range
 	defaultRangeLen   = 65536
 	defaultRangeStart = 100000
-	userMod           = "usermod"
 )
 
 // AddNamespaceRangesUser takes a username and uses the standard system
@@ -67,7 +62,7 @@ func AddNamespaceRangesUser(name string) (int, int, error) {
 	return uid, gid, nil
 }
 
-func addUser(userName string) error {
+func addUser(name string) error {
 	once.Do(func() {
 		// set up which commands are used for adding users/groups dependent on distro
 		if _, err := resolveBinary("adduser"); err == nil {
@@ -76,13 +71,18 @@ func addUser(userName string) error {
 			userCommand = "useradd"
 		}
 	})
-	if userCommand == "" {
-		return fmt.Errorf("Cannot add user; no useradd/adduser binary found")
+	var args []string
+	switch userCommand {
+	case "adduser":
+		args = []string{"--system", "--shell", "/bin/false", "--no-create-home", "--disabled-login", "--disabled-password", "--group", name}
+	case "useradd":
+		args = []string{"-r", "-s", "/bin/false", name}
+	default:
+		return fmt.Errorf("cannot add user; no useradd/adduser binary found")
 	}
-	args := fmt.Sprintf(cmdTemplates[userCommand], userName)
-	out, err := execCmd(userCommand, args)
-	if err != nil {
-		return fmt.Errorf("Failed to add user with error: %v; output: %q", err, string(out))
+
+	if out, err := execCmd(userCommand, args...); err != nil {
+		return fmt.Errorf("failed to add user with error: %v; output: %q", err, string(out))
 	}
 	return nil
 }
@@ -101,7 +101,7 @@ func createSubordinateRanges(name string) error {
 		if err != nil {
 			return fmt.Errorf("Can't find available subuid range: %v", err)
 		}
-		out, err := execCmd(userMod, fmt.Sprintf(cmdTemplates[userMod], "v", startID, startID+defaultRangeLen-1, name))
+		out, err := execCmd("usermod", "-v", fmt.Sprintf("%d-%d", startID, startID+defaultRangeLen-1), name)
 		if err != nil {
 			return fmt.Errorf("Unable to add subuid range to user: %q; output: %s, err: %v", name, out, err)
 		}
@@ -117,7 +117,7 @@ func createSubordinateRanges(name string) error {
 		if err != nil {
 			return fmt.Errorf("Can't find available subgid range: %v", err)
 		}
-		out, err := execCmd(userMod, fmt.Sprintf(cmdTemplates[userMod], "w", startID, startID+defaultRangeLen-1, name))
+		out, err := execCmd("usermod", "-w", fmt.Sprintf("%d-%d", startID, startID+defaultRangeLen-1), name)
 		if err != nil {
 			return fmt.Errorf("Unable to add subgid range to user: %q; output: %s, err: %v", name, out, err)
 		}
diff --git a/pkg/idtools/usergroupadd_unsupported.go b/pkg/idtools/usergroupadd_unsupported.go
index e7c4d63118c35..5e24577e2c26e 100644
--- a/pkg/idtools/usergroupadd_unsupported.go
+++ b/pkg/idtools/usergroupadd_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package idtools // import "github.com/docker/docker/pkg/idtools"
diff --git a/pkg/idtools/utils_unix.go b/pkg/idtools/utils_unix.go
index 903ac4501b4bd..540672af5aff4 100644
--- a/pkg/idtools/utils_unix.go
+++ b/pkg/idtools/utils_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package idtools // import "github.com/docker/docker/pkg/idtools"
@@ -6,7 +7,6 @@ import (
 	"fmt"
 	"os/exec"
 	"path/filepath"
-	"strings"
 )
 
 func resolveBinary(binname string) (string, error) {
@@ -18,15 +18,15 @@ func resolveBinary(binname string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	//only return no error if the final resolved binary basename
-	//matches what was searched for
+	// only return no error if the final resolved binary basename
+	// matches what was searched for
 	if filepath.Base(resolvedPath) == binname {
 		return resolvedPath, nil
 	}
 	return "", fmt.Errorf("Binary %q does not resolve to a binary of that name in $PATH (%q)", binname, resolvedPath)
 }
 
-func execCmd(cmd, args string) ([]byte, error) {
-	execCmd := exec.Command(cmd, strings.Split(args, " ")...)
+func execCmd(cmd string, arg ...string) ([]byte, error) {
+	execCmd := exec.Command(cmd, arg...)
 	return execCmd.CombinedOutput()
 }
diff --git a/pkg/ioutils/bytespipe.go b/pkg/ioutils/bytespipe.go
index d4bbf3c9dcaf6..d1dfdae0cc2ef 100644
--- a/pkg/ioutils/bytespipe.go
+++ b/pkg/ioutils/bytespipe.go
@@ -50,12 +50,12 @@ func NewBytesPipe() *BytesPipe {
 // It can allocate new []byte slices in a process of writing.
 func (bp *BytesPipe) Write(p []byte) (int, error) {
 	bp.mu.Lock()
+	defer bp.mu.Unlock()
 
 	written := 0
 loop0:
 	for {
 		if bp.closeErr != nil {
-			bp.mu.Unlock()
 			return written, ErrClosed
 		}
 
@@ -72,7 +72,6 @@ loop0:
 		// errBufferFull is an error we expect to get if the buffer is full
 		if err != nil && err != errBufferFull {
 			bp.wait.Broadcast()
-			bp.mu.Unlock()
 			return written, err
 		}
 
@@ -100,7 +99,6 @@ loop0:
 		bp.buf = append(bp.buf, getBuffer(nextCap))
 	}
 	bp.wait.Broadcast()
-	bp.mu.Unlock()
 	return written, nil
 }
 
@@ -126,16 +124,14 @@ func (bp *BytesPipe) Close() error {
 // Data could be read only once.
 func (bp *BytesPipe) Read(p []byte) (n int, err error) {
 	bp.mu.Lock()
+	defer bp.mu.Unlock()
 	if bp.bufLen == 0 {
 		if bp.closeErr != nil {
-			bp.mu.Unlock()
 			return 0, bp.closeErr
 		}
 		bp.wait.Wait()
 		if bp.bufLen == 0 && bp.closeErr != nil {
-			err := bp.closeErr
-			bp.mu.Unlock()
-			return 0, err
+			return 0, bp.closeErr
 		}
 	}
 
@@ -160,7 +156,6 @@ func (bp *BytesPipe) Read(p []byte) (n int, err error) {
 	}
 
 	bp.wait.Broadcast()
-	bp.mu.Unlock()
 	return
 }
 
diff --git a/pkg/ioutils/bytespipe_test.go b/pkg/ioutils/bytespipe_test.go
index 9101f20a21aa9..5e361874821da 100644
--- a/pkg/ioutils/bytespipe_test.go
+++ b/pkg/ioutils/bytespipe_test.go
@@ -1,7 +1,7 @@
 package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
-	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/hex"
 	"math/rand"
 	"testing"
@@ -77,7 +77,7 @@ func TestBytesPipeWriteRandomChunks(t *testing.T) {
 
 	for _, c := range cases {
 		// first pass: write directly to hash
-		hash := sha1.New()
+		hash := sha256.New()
 		for i := 0; i < c.iterations*c.writesPerLoop; i++ {
 			if _, err := hash.Write(testMessage[:writeChunks[i%len(writeChunks)]]); err != nil {
 				t.Fatal(err)
diff --git a/pkg/ioutils/fswriters.go b/pkg/ioutils/fswriters.go
index 534d66ac268a0..82671d8cd55c5 100644
--- a/pkg/ioutils/fswriters.go
+++ b/pkg/ioutils/fswriters.go
@@ -2,7 +2,6 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 )
@@ -11,7 +10,7 @@ import (
 // temporary file and closing it atomically changes the temporary file to
 // destination path. Writing and closing concurrently is not allowed.
 func NewAtomicFileWriter(filename string, perm os.FileMode) (io.WriteCloser, error) {
-	f, err := ioutil.TempFile(filepath.Dir(filename), ".tmp-"+filepath.Base(filename))
+	f, err := os.CreateTemp(filepath.Dir(filename), ".tmp-"+filepath.Base(filename))
 	if err != nil {
 		return nil, err
 	}
@@ -94,7 +93,7 @@ type AtomicWriteSet struct {
 // commit. If no temporary directory is given the system
 // default is used.
 func NewAtomicWriteSet(tmpDir string) (*AtomicWriteSet, error) {
-	td, err := ioutil.TempDir(tmpDir, "write-set-")
+	td, err := os.MkdirTemp(tmpDir, "write-set-")
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/ioutils/fswriters_test.go b/pkg/ioutils/fswriters_test.go
index b283045de5b3d..d63556138850d 100644
--- a/pkg/ioutils/fswriters_test.go
+++ b/pkg/ioutils/fswriters_test.go
@@ -2,7 +2,6 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"bytes"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -21,7 +20,7 @@ func init() {
 }
 
 func TestAtomicWriteToFile(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "atomic-writers-test")
+	tmpDir, err := os.MkdirTemp("", "atomic-writers-test")
 	if err != nil {
 		t.Fatalf("Error when creating temporary directory: %s", err)
 	}
@@ -32,7 +31,7 @@ func TestAtomicWriteToFile(t *testing.T) {
 		t.Fatalf("Error writing to file: %v", err)
 	}
 
-	actual, err := ioutil.ReadFile(filepath.Join(tmpDir, "foo"))
+	actual, err := os.ReadFile(filepath.Join(tmpDir, "foo"))
 	if err != nil {
 		t.Fatalf("Error reading from file: %v", err)
 	}
@@ -45,13 +44,13 @@ func TestAtomicWriteToFile(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Error statting file: %v", err)
 	}
-	if expected := os.FileMode(testMode); st.Mode() != expected {
+	if expected := testMode; st.Mode() != expected {
 		t.Fatalf("Mode mismatched, expected %o, got %o", expected, st.Mode())
 	}
 }
 
 func TestAtomicWriteSetCommit(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "atomic-writerset-test")
+	tmpDir, err := os.MkdirTemp("", "atomic-writerset-test")
 	if err != nil {
 		t.Fatalf("Error when creating temporary directory: %s", err)
 	}
@@ -72,7 +71,7 @@ func TestAtomicWriteSetCommit(t *testing.T) {
 		t.Fatalf("Error writing to file: %v", err)
 	}
 
-	if _, err := ioutil.ReadFile(filepath.Join(targetDir, "foo")); err == nil {
+	if _, err := os.ReadFile(filepath.Join(targetDir, "foo")); err == nil {
 		t.Fatalf("Expected error reading file where should not exist")
 	}
 
@@ -80,7 +79,7 @@ func TestAtomicWriteSetCommit(t *testing.T) {
 		t.Fatalf("Error committing file: %s", err)
 	}
 
-	actual, err := ioutil.ReadFile(filepath.Join(targetDir, "foo"))
+	actual, err := os.ReadFile(filepath.Join(targetDir, "foo"))
 	if err != nil {
 		t.Fatalf("Error reading from file: %v", err)
 	}
@@ -93,14 +92,14 @@ func TestAtomicWriteSetCommit(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Error statting file: %v", err)
 	}
-	if expected := os.FileMode(testMode); st.Mode() != expected {
+	if expected := testMode; st.Mode() != expected {
 		t.Fatalf("Mode mismatched, expected %o, got %o", expected, st.Mode())
 	}
 
 }
 
 func TestAtomicWriteSetCancel(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "atomic-writerset-test")
+	tmpDir, err := os.MkdirTemp("", "atomic-writerset-test")
 	if err != nil {
 		t.Fatalf("Error when creating temporary directory: %s", err)
 	}
@@ -124,7 +123,7 @@ func TestAtomicWriteSetCancel(t *testing.T) {
 		t.Fatalf("Error committing file: %s", err)
 	}
 
-	if _, err := ioutil.ReadFile(filepath.Join(tmpDir, "target", "foo")); err == nil {
+	if _, err := os.ReadFile(filepath.Join(tmpDir, "target", "foo")); err == nil {
 		t.Fatalf("Expected error reading file where should not exist")
 	} else if !os.IsNotExist(err) {
 		t.Fatalf("Unexpected error reading file: %s", err)
diff --git a/pkg/ioutils/readers.go b/pkg/ioutils/readers.go
index 1f657bd3dcaa9..de00b95e3f64c 100644
--- a/pkg/ioutils/readers.go
+++ b/pkg/ioutils/readers.go
@@ -2,9 +2,12 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"context"
-	"crypto/sha256"
-	"encoding/hex"
 	"io"
+
+	// make sure crypto.SHA256, crypto.sha512 and crypto.SHA384 are registered
+	// TODO remove once https://github.com/opencontainers/go-digest/pull/64 is merged.
+	_ "crypto/sha256"
+	_ "crypto/sha512"
 )
 
 // ReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
@@ -49,15 +52,6 @@ func NewReaderErrWrapper(r io.Reader, closer func()) io.Reader {
 	}
 }
 
-// HashData returns the sha256 sum of src.
-func HashData(src io.Reader) (string, error) {
-	h := sha256.New()
-	if _, err := io.Copy(h, src); err != nil {
-		return "", err
-	}
-	return "sha256:" + hex.EncodeToString(h.Sum(nil)), nil
-}
-
 // OnEOFReader wraps an io.ReadCloser and a function
 // the function will run at the end of file or close the file.
 type OnEOFReader struct {
diff --git a/pkg/ioutils/readers_test.go b/pkg/ioutils/readers_test.go
index e645c78d83b1c..854df4c8ebbd5 100644
--- a/pkg/ioutils/readers_test.go
+++ b/pkg/ioutils/readers_test.go
@@ -3,13 +3,13 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils"
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"strings"
 	"testing"
 	"time"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 // Implement io.Reader
@@ -58,18 +58,6 @@ func TestReaderErrWrapperRead(t *testing.T) {
 	}
 }
 
-func TestHashData(t *testing.T) {
-	reader := strings.NewReader("hash-me")
-	actual, err := HashData(reader)
-	if err != nil {
-		t.Fatal(err)
-	}
-	expected := "sha256:4d11186aed035cc624d553e10db358492c84a7cd6b9670d92123c144930450aa"
-	if actual != expected {
-		t.Fatalf("Expecting %s, got %s", expected, actual)
-	}
-}
-
 type perpetualReader struct{}
 
 func (p *perpetualReader) Read(buf []byte) (n int, err error) {
@@ -82,7 +70,7 @@ func (p *perpetualReader) Read(buf []byte) (n int, err error) {
 func TestCancelReadCloser(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
 	defer cancel()
-	cancelReadCloser := NewCancelReadCloser(ctx, ioutil.NopCloser(&perpetualReader{}))
+	cancelReadCloser := NewCancelReadCloser(ctx, io.NopCloser(&perpetualReader{}))
 	for {
 		var buf [128]byte
 		_, err := cancelReadCloser.Read(buf[:])
diff --git a/pkg/ioutils/temp_unix.go b/pkg/ioutils/temp_unix.go
index dc894f91314ee..7489122309824 100644
--- a/pkg/ioutils/temp_unix.go
+++ b/pkg/ioutils/temp_unix.go
@@ -1,10 +1,11 @@
+//go:build !windows
 // +build !windows
 
 package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
-import "io/ioutil"
+import "os"
 
-// TempDir on Unix systems is equivalent to ioutil.TempDir.
+// TempDir on Unix systems is equivalent to os.MkdirTemp.
 func TempDir(dir, prefix string) (string, error) {
-	return ioutil.TempDir(dir, prefix)
+	return os.MkdirTemp(dir, prefix)
 }
diff --git a/pkg/ioutils/temp_windows.go b/pkg/ioutils/temp_windows.go
index ecaba2e36d261..a57fd9af6a874 100644
--- a/pkg/ioutils/temp_windows.go
+++ b/pkg/ioutils/temp_windows.go
@@ -1,14 +1,14 @@
 package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
-	"io/ioutil"
+	"os"
 
 	"github.com/docker/docker/pkg/longpath"
 )
 
-// TempDir is the equivalent of ioutil.TempDir, except that the result is in Windows longpath format.
+// TempDir is the equivalent of os.MkdirTemp, except that the result is in Windows longpath format.
 func TempDir(dir, prefix string) (string, error) {
-	tempDir, err := ioutil.TempDir(dir, prefix)
+	tempDir, err := os.MkdirTemp(dir, prefix)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/jsonmessage/jsonmessage.go b/pkg/jsonmessage/jsonmessage.go
index dd95f367041ec..cf8d04b1b2019 100644
--- a/pkg/jsonmessage/jsonmessage.go
+++ b/pkg/jsonmessage/jsonmessage.go
@@ -4,13 +4,12 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"os"
 	"strings"
 	"time"
 
-	"github.com/Nvveen/Gotty"
-	"github.com/docker/docker/pkg/term"
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
+	"github.com/moby/term"
+	"github.com/morikuni/aec"
 )
 
 // RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to
@@ -140,71 +139,34 @@ type JSONMessage struct {
 	Stream          string        `json:"stream,omitempty"`
 	Status          string        `json:"status,omitempty"`
 	Progress        *JSONProgress `json:"progressDetail,omitempty"`
-	ProgressMessage string        `json:"progress,omitempty"` //deprecated
+	ProgressMessage string        `json:"progress,omitempty"` // deprecated
 	ID              string        `json:"id,omitempty"`
 	From            string        `json:"from,omitempty"`
 	Time            int64         `json:"time,omitempty"`
 	TimeNano        int64         `json:"timeNano,omitempty"`
 	Error           *JSONError    `json:"errorDetail,omitempty"`
-	ErrorMessage    string        `json:"error,omitempty"` //deprecated
+	ErrorMessage    string        `json:"error,omitempty"` // deprecated
 	// Aux contains out-of-band data, such as digests for push signing and image id after building.
 	Aux *json.RawMessage `json:"aux,omitempty"`
 }
 
-/* Satisfied by gotty.TermInfo as well as noTermInfo from below */
-type termInfo interface {
-	Parse(attr string, params ...interface{}) (string, error)
+func clearLine(out io.Writer) {
+	eraseMode := aec.EraseModes.All
+	cl := aec.EraseLine(eraseMode)
+	fmt.Fprint(out, cl)
 }
 
-type noTermInfo struct{} // canary used when no terminfo.
-
-func (ti *noTermInfo) Parse(attr string, params ...interface{}) (string, error) {
-	return "", fmt.Errorf("noTermInfo")
-}
-
-func clearLine(out io.Writer, ti termInfo) {
-	// el2 (clear whole line) is not exposed by terminfo.
-
-	// First clear line from beginning to cursor
-	if attr, err := ti.Parse("el1"); err == nil {
-		fmt.Fprintf(out, "%s", attr)
-	} else {
-		fmt.Fprintf(out, "\x1b[1K")
-	}
-	// Then clear line from cursor to end
-	if attr, err := ti.Parse("el"); err == nil {
-		fmt.Fprintf(out, "%s", attr)
-	} else {
-		fmt.Fprintf(out, "\x1b[K")
-	}
-}
-
-func cursorUp(out io.Writer, ti termInfo, l int) {
-	if l == 0 { // Should never be the case, but be tolerant
-		return
-	}
-	if attr, err := ti.Parse("cuu", l); err == nil {
-		fmt.Fprintf(out, "%s", attr)
-	} else {
-		fmt.Fprintf(out, "\x1b[%dA", l)
-	}
+func cursorUp(out io.Writer, l uint) {
+	fmt.Fprint(out, aec.Up(l))
 }
 
-func cursorDown(out io.Writer, ti termInfo, l int) {
-	if l == 0 { // Should never be the case, but be tolerant
-		return
-	}
-	if attr, err := ti.Parse("cud", l); err == nil {
-		fmt.Fprintf(out, "%s", attr)
-	} else {
-		fmt.Fprintf(out, "\x1b[%dB", l)
-	}
+func cursorDown(out io.Writer, l uint) {
+	fmt.Fprint(out, aec.Down(l))
 }
 
-// Display displays the JSONMessage to `out`. `termInfo` is non-nil if `out`
-// is a terminal. If this is the case, it will erase the entire current line
-// when displaying the progressbar.
-func (jm *JSONMessage) Display(out io.Writer, termInfo termInfo) error {
+// Display displays the JSONMessage to `out`. If `isTerminal` is true, it will erase the
+// entire current line when displaying the progressbar.
+func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
 	if jm.Error != nil {
 		if jm.Error.Code == 401 {
 			return fmt.Errorf("authentication is required")
@@ -212,11 +174,11 @@ func (jm *JSONMessage) Display(out io.Writer, termInfo termInfo) error {
 		return jm.Error
 	}
 	var endl string
-	if termInfo != nil && jm.Stream == "" && jm.Progress != nil {
-		clearLine(out, termInfo)
+	if isTerminal && jm.Stream == "" && jm.Progress != nil {
+		clearLine(out)
 		endl = "\r"
-		fmt.Fprintf(out, endl)
-	} else if jm.Progress != nil && jm.Progress.String() != "" { //disable progressbar in non-terminal
+		fmt.Fprint(out, endl)
+	} else if jm.Progress != nil && jm.Progress.String() != "" { // disable progressbar in non-terminal
 		return nil
 	}
 	if jm.TimeNano != 0 {
@@ -230,9 +192,9 @@ func (jm *JSONMessage) Display(out io.Writer, termInfo termInfo) error {
 	if jm.From != "" {
 		fmt.Fprintf(out, "(from %s) ", jm.From)
 	}
-	if jm.Progress != nil && termInfo != nil {
+	if jm.Progress != nil && isTerminal {
 		fmt.Fprintf(out, "%s %s%s", jm.Status, jm.Progress.String(), endl)
-	} else if jm.ProgressMessage != "" { //deprecated
+	} else if jm.ProgressMessage != "" { // deprecated
 		fmt.Fprintf(out, "%s %s%s", jm.Status, jm.ProgressMessage, endl)
 	} else if jm.Stream != "" {
 		fmt.Fprintf(out, "%s%s", jm.Stream, endl)
@@ -248,25 +210,11 @@ func (jm *JSONMessage) Display(out io.Writer, termInfo termInfo) error {
 func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr, isTerminal bool, auxCallback func(JSONMessage)) error {
 	var (
 		dec = json.NewDecoder(in)
-		ids = make(map[string]int)
+		ids = make(map[string]uint)
 	)
 
-	var termInfo termInfo
-
-	if isTerminal {
-		term := os.Getenv("TERM")
-		if term == "" {
-			term = "vt102"
-		}
-
-		var err error
-		if termInfo, err = gotty.OpenTermInfo(term); err != nil {
-			termInfo = &noTermInfo{}
-		}
-	}
-
 	for {
-		diff := 0
+		var diff uint
 		var jm JSONMessage
 		if err := dec.Decode(&jm); err != nil {
 			if err == io.EOF {
@@ -294,15 +242,15 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
 				// when we output something that's not
 				// accounted for in the map, such as a line
 				// with no ID.
-				line = len(ids)
+				line = uint(len(ids))
 				ids[jm.ID] = line
-				if termInfo != nil {
+				if isTerminal {
 					fmt.Fprintf(out, "\n")
 				}
 			}
-			diff = len(ids) - line
-			if termInfo != nil {
-				cursorUp(out, termInfo, diff)
+			diff = uint(len(ids)) - line
+			if isTerminal {
+				cursorUp(out, diff)
 			}
 		} else {
 			// When outputting something that isn't progress
@@ -310,11 +258,11 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
 			// don't want progress entries from some previous
 			// operation to be updated (for example, pull -a
 			// with multiple tags).
-			ids = make(map[string]int)
+			ids = make(map[string]uint)
 		}
-		err := jm.Display(out, termInfo)
-		if jm.ID != "" && termInfo != nil {
-			cursorDown(out, termInfo, diff)
+		err := jm.Display(out, isTerminal)
+		if jm.ID != "" && isTerminal {
+			cursorDown(out, diff)
 		}
 		if err != nil {
 			return err
diff --git a/pkg/jsonmessage/jsonmessage_test.go b/pkg/jsonmessage/jsonmessage_test.go
index 223d9c7f5a821..f1a7be2a7b5e3 100644
--- a/pkg/jsonmessage/jsonmessage_test.go
+++ b/pkg/jsonmessage/jsonmessage_test.go
@@ -8,9 +8,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/docker/docker/pkg/term"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/moby/term"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestError(t *testing.T) {
@@ -180,7 +180,7 @@ func TestJSONMessageDisplay(t *testing.T) {
 			Progress: &JSONProgress{Current: 1},
 		}: {
 			"",
-			fmt.Sprintf("%c[1K%c[K\rstatus       1B\r", 27, 27),
+			fmt.Sprintf("%c[2K\rstatus       1B\r", 27),
 		},
 	}
 
@@ -188,7 +188,7 @@ func TestJSONMessageDisplay(t *testing.T) {
 	for jsonMessage, expectedMessages := range messages {
 		// Without terminal
 		data := bytes.NewBuffer([]byte{})
-		if err := jsonMessage.Display(data, nil); err != nil {
+		if err := jsonMessage.Display(data, false); err != nil {
 			t.Fatal(err)
 		}
 		if data.String() != expectedMessages[0] {
@@ -196,7 +196,7 @@ func TestJSONMessageDisplay(t *testing.T) {
 		}
 		// With terminal
 		data = bytes.NewBuffer([]byte{})
-		if err := jsonMessage.Display(data, &noTermInfo{}); err != nil {
+		if err := jsonMessage.Display(data, true); err != nil {
 			t.Fatal(err)
 		}
 		if data.String() != expectedMessages[1] {
@@ -210,13 +210,13 @@ func TestJSONMessageDisplayWithJSONError(t *testing.T) {
 	data := bytes.NewBuffer([]byte{})
 	jsonMessage := JSONMessage{Error: &JSONError{404, "Can't find it"}}
 
-	err := jsonMessage.Display(data, &noTermInfo{})
+	err := jsonMessage.Display(data, true)
 	if err == nil || err.Error() != "Can't find it" {
 		t.Fatalf("Expected a JSONError 404, got %q", err)
 	}
 
 	jsonMessage = JSONMessage{Error: &JSONError{401, "Anything"}}
-	err = jsonMessage.Display(data, &noTermInfo{})
+	err = jsonMessage.Display(data, true)
 	assert.Check(t, is.Error(err, "authentication is required"))
 }
 
@@ -228,8 +228,9 @@ func TestDisplayJSONMessagesStreamInvalidJSON(t *testing.T) {
 	reader := strings.NewReader("This is not a 'valid' JSON []")
 	inFd, _ = term.GetFdInfo(reader)
 
-	if err := DisplayJSONMessagesStream(reader, data, inFd, false, nil); err == nil && err.Error()[:17] != "invalid character" {
-		t.Fatalf("Should have thrown an error (invalid character in ..), got %q", err)
+	exp := "invalid character "
+	if err := DisplayJSONMessagesStream(reader, data, inFd, false, nil); err == nil || !strings.HasPrefix(err.Error(), exp) {
+		t.Fatalf("Expected error (%s...), got %q", exp, err)
 	}
 }
 
@@ -251,7 +252,7 @@ func TestDisplayJSONMessagesStream(t *testing.T) {
 		// Without progress, with ID
 		"{ \"id\": \"ID\",\"status\": \"status\" }": {
 			"ID: status\n",
-			fmt.Sprintf("ID: status\n"),
+			"ID: status\n",
 		},
 		// With progress
 		"{ \"id\": \"ID\", \"status\": \"status\", \"progress\": \"ProgressMessage\" }": {
@@ -261,7 +262,7 @@ func TestDisplayJSONMessagesStream(t *testing.T) {
 		// With progressDetail
 		"{ \"id\": \"ID\", \"status\": \"status\", \"progressDetail\": { \"Current\": 1} }": {
 			"", // progressbar is disabled in non-terminal
-			fmt.Sprintf("\n%c[%dA%c[1K%c[K\rID: status       1B\r%c[%dB", 27, 1, 27, 27, 27, 1),
+			fmt.Sprintf("\n%c[%dA%c[2K\rID: status       1B\r%c[%dB", 27, 1, 27, 27, 1),
 		},
 	}
 
diff --git a/pkg/locker/README.md b/pkg/locker/README.md
deleted file mode 100644
index ce787aefb3551..0000000000000
--- a/pkg/locker/README.md
+++ /dev/null
@@ -1,65 +0,0 @@
-Locker
-=====
-
-locker provides a mechanism for creating finer-grained locking to help
-free up more global locks to handle other tasks.
-
-The implementation looks close to a sync.Mutex, however, the user must provide a
-reference to use to refer to the underlying lock when locking and unlocking,
-and unlock may generate an error.
-
-If a lock with a given name does not exist when `Lock` is called, one is
-created.
-Lock references are automatically cleaned up on `Unlock` if nothing else is
-waiting for the lock.
-
-
-## Usage
-
-```go
-package important
-
-import (
-	"sync"
-	"time"
-
-	"github.com/docker/docker/pkg/locker"
-)
-
-type important struct {
-	locks *locker.Locker
-	data  map[string]interface{}
-	mu    sync.Mutex
-}
-
-func (i *important) Get(name string) interface{} {
-	i.locks.Lock(name)
-	defer i.locks.Unlock(name)
-	return i.data[name]
-}
-
-func (i *important) Create(name string, data interface{}) {
-	i.locks.Lock(name)
-	defer i.locks.Unlock(name)
-
-	i.createImportant(data)
-
-	i.mu.Lock()
-	i.data[name] = data
-	i.mu.Unlock()
-}
-
-func (i *important) createImportant(data interface{}) {
-	time.Sleep(10 * time.Second)
-}
-```
-
-For functions dealing with a given name, always lock at the beginning of the
-function (or before doing anything with the underlying state), this ensures any
-other function that is dealing with the same name will block.
-
-When needing to modify the underlying data, use the global lock to ensure nothing
-else is modifying it at the same time.
-Since name lock is already in place, no reads will occur while the modification
-is being performed.
-
diff --git a/pkg/locker/locker.go b/pkg/locker/locker.go
index dbd47fc46558f..4d250ad542a90 100644
--- a/pkg/locker/locker.go
+++ b/pkg/locker/locker.go
@@ -14,99 +14,17 @@ waiting for the lock.
 package locker // import "github.com/docker/docker/pkg/locker"
 
 import (
-	"errors"
-	"sync"
-	"sync/atomic"
+	"github.com/moby/locker"
 )
 
 // ErrNoSuchLock is returned when the requested lock does not exist
-var ErrNoSuchLock = errors.New("no such lock")
+// Deprecated: use github.com/moby/locker.ErrNoSuchLock
+var ErrNoSuchLock = locker.ErrNoSuchLock
 
 // Locker provides a locking mechanism based on the passed in reference name
-type Locker struct {
-	mu    sync.Mutex
-	locks map[string]*lockCtr
-}
-
-// lockCtr is used by Locker to represent a lock with a given name.
-type lockCtr struct {
-	mu sync.Mutex
-	// waiters is the number of waiters waiting to acquire the lock
-	// this is int32 instead of uint32 so we can add `-1` in `dec()`
-	waiters int32
-}
-
-// inc increments the number of waiters waiting for the lock
-func (l *lockCtr) inc() {
-	atomic.AddInt32(&l.waiters, 1)
-}
-
-// dec decrements the number of waiters waiting on the lock
-func (l *lockCtr) dec() {
-	atomic.AddInt32(&l.waiters, -1)
-}
-
-// count gets the current number of waiters
-func (l *lockCtr) count() int32 {
-	return atomic.LoadInt32(&l.waiters)
-}
-
-// Lock locks the mutex
-func (l *lockCtr) Lock() {
-	l.mu.Lock()
-}
-
-// Unlock unlocks the mutex
-func (l *lockCtr) Unlock() {
-	l.mu.Unlock()
-}
+// Deprecated: use github.com/moby/locker.Locker
+type Locker = locker.Locker
 
 // New creates a new Locker
-func New() *Locker {
-	return &Locker{
-		locks: make(map[string]*lockCtr),
-	}
-}
-
-// Lock locks a mutex with the given name. If it doesn't exist, one is created
-func (l *Locker) Lock(name string) {
-	l.mu.Lock()
-	if l.locks == nil {
-		l.locks = make(map[string]*lockCtr)
-	}
-
-	nameLock, exists := l.locks[name]
-	if !exists {
-		nameLock = &lockCtr{}
-		l.locks[name] = nameLock
-	}
-
-	// increment the nameLock waiters while inside the main mutex
-	// this makes sure that the lock isn't deleted if `Lock` and `Unlock` are called concurrently
-	nameLock.inc()
-	l.mu.Unlock()
-
-	// Lock the nameLock outside the main mutex so we don't block other operations
-	// once locked then we can decrement the number of waiters for this lock
-	nameLock.Lock()
-	nameLock.dec()
-}
-
-// Unlock unlocks the mutex with the given name
-// If the given lock is not being waited on by any other callers, it is deleted
-func (l *Locker) Unlock(name string) error {
-	l.mu.Lock()
-	nameLock, exists := l.locks[name]
-	if !exists {
-		l.mu.Unlock()
-		return ErrNoSuchLock
-	}
-
-	if nameLock.count() == 0 {
-		delete(l.locks, name)
-	}
-	nameLock.Unlock()
-
-	l.mu.Unlock()
-	return nil
-}
+// Deprecated: use github.com/moby/locker.New
+var New = locker.New
diff --git a/pkg/locker/locker_test.go b/pkg/locker/locker_test.go
deleted file mode 100644
index 2b0a8a55d6df6..0000000000000
--- a/pkg/locker/locker_test.go
+++ /dev/null
@@ -1,161 +0,0 @@
-package locker // import "github.com/docker/docker/pkg/locker"
-
-import (
-	"math/rand"
-	"strconv"
-	"sync"
-	"testing"
-	"time"
-)
-
-func TestLockCounter(t *testing.T) {
-	l := &lockCtr{}
-	l.inc()
-
-	if l.waiters != 1 {
-		t.Fatal("counter inc failed")
-	}
-
-	l.dec()
-	if l.waiters != 0 {
-		t.Fatal("counter dec failed")
-	}
-}
-
-func TestLockerLock(t *testing.T) {
-	l := New()
-	l.Lock("test")
-	ctr := l.locks["test"]
-
-	if ctr.count() != 0 {
-		t.Fatalf("expected waiters to be 0, got :%d", ctr.waiters)
-	}
-
-	chDone := make(chan struct{})
-	go func() {
-		l.Lock("test")
-		close(chDone)
-	}()
-
-	chWaiting := make(chan struct{})
-	go func() {
-		for range time.Tick(1 * time.Millisecond) {
-			if ctr.count() == 1 {
-				close(chWaiting)
-				break
-			}
-		}
-	}()
-
-	select {
-	case <-chWaiting:
-	case <-time.After(3 * time.Second):
-		t.Fatal("timed out waiting for lock waiters to be incremented")
-	}
-
-	select {
-	case <-chDone:
-		t.Fatal("lock should not have returned while it was still held")
-	default:
-	}
-
-	if err := l.Unlock("test"); err != nil {
-		t.Fatal(err)
-	}
-
-	select {
-	case <-chDone:
-	case <-time.After(3 * time.Second):
-		t.Fatalf("lock should have completed")
-	}
-
-	if ctr.count() != 0 {
-		t.Fatalf("expected waiters to be 0, got: %d", ctr.count())
-	}
-}
-
-func TestLockerUnlock(t *testing.T) {
-	l := New()
-
-	l.Lock("test")
-	l.Unlock("test")
-
-	chDone := make(chan struct{})
-	go func() {
-		l.Lock("test")
-		close(chDone)
-	}()
-
-	select {
-	case <-chDone:
-	case <-time.After(3 * time.Second):
-		t.Fatalf("lock should not be blocked")
-	}
-}
-
-func TestLockerConcurrency(t *testing.T) {
-	l := New()
-
-	var wg sync.WaitGroup
-	for i := 0; i <= 10000; i++ {
-		wg.Add(1)
-		go func() {
-			l.Lock("test")
-			// if there is a concurrency issue, will very likely panic here
-			l.Unlock("test")
-			wg.Done()
-		}()
-	}
-
-	chDone := make(chan struct{})
-	go func() {
-		wg.Wait()
-		close(chDone)
-	}()
-
-	select {
-	case <-chDone:
-	case <-time.After(10 * time.Second):
-		t.Fatal("timeout waiting for locks to complete")
-	}
-
-	// Since everything has unlocked this should not exist anymore
-	if ctr, exists := l.locks["test"]; exists {
-		t.Fatalf("lock should not exist: %v", ctr)
-	}
-}
-
-func BenchmarkLocker(b *testing.B) {
-	l := New()
-	for i := 0; i < b.N; i++ {
-		l.Lock("test")
-		l.Unlock("test")
-	}
-}
-
-func BenchmarkLockerParallel(b *testing.B) {
-	l := New()
-	b.SetParallelism(128)
-	b.RunParallel(func(pb *testing.PB) {
-		for pb.Next() {
-			l.Lock("test")
-			l.Unlock("test")
-		}
-	})
-}
-
-func BenchmarkLockerMoreKeys(b *testing.B) {
-	l := New()
-	var keys []string
-	for i := 0; i < 64; i++ {
-		keys = append(keys, strconv.Itoa(i))
-	}
-	b.SetParallelism(128)
-	b.RunParallel(func(pb *testing.PB) {
-		for pb.Next() {
-			k := keys[rand.Intn(len(keys))]
-			l.Lock(k)
-			l.Unlock(k)
-		}
-	})
-}
diff --git a/pkg/loopback/attach_loopback.go b/pkg/loopback/attach_loopback.go
index 94feb8fc7d42a..68135d87a82fc 100644
--- a/pkg/loopback/attach_loopback.go
+++ b/pkg/loopback/attach_loopback.go
@@ -1,4 +1,5 @@
-// +build linux,cgo
+//go:build linux
+// +build linux
 
 package loopback // import "github.com/docker/docker/pkg/loopback"
 
@@ -116,10 +117,10 @@ func AttachLoopDevice(sparseName string) (loop *os.File, err error) {
 	}
 
 	// Set the status of the loopback device
-	loopInfo := &loopInfo64{
-		loFileName: stringToLoopName(loopFile.Name()),
-		loOffset:   0,
-		loFlags:    LoFlagsAutoClear,
+	loopInfo := &unix.LoopInfo64{
+		File_name: stringToLoopName(loopFile.Name()),
+		Offset:    0,
+		Flags:     LoFlagsAutoClear,
 	}
 
 	if err := ioctlLoopSetStatus64(loopFile.Fd(), loopInfo); err != nil {
diff --git a/pkg/loopback/ioctl.go b/pkg/loopback/ioctl.go
index 612fd00abee94..8087b187cd616 100644
--- a/pkg/loopback/ioctl.go
+++ b/pkg/loopback/ioctl.go
@@ -1,4 +1,5 @@
-// +build linux,cgo
+//go:build linux
+// +build linux
 
 package loopback // import "github.com/docker/docker/pkg/loopback"
 
@@ -9,40 +10,44 @@ import (
 )
 
 func ioctlLoopCtlGetFree(fd uintptr) (int, error) {
-	index, err := unix.IoctlGetInt(int(fd), LoopCtlGetFree)
-	if err != nil {
+	// The ioctl interface for /dev/loop-control (since Linux 3.1) is a bit
+	// off compared to what you'd expect: instead of writing an integer to a
+	// parameter pointer like unix.IoctlGetInt() expects, it returns the first
+	// available loop device index directly.
+	ioctlReturn, _, err := unix.Syscall(unix.SYS_IOCTL, fd, LoopCtlGetFree, 0)
+	if err != 0 {
 		return 0, err
 	}
-	return index, nil
+	return int(ioctlReturn), nil
 }
 
 func ioctlLoopSetFd(loopFd, sparseFd uintptr) error {
-	return unix.IoctlSetInt(int(loopFd), LoopSetFd, int(sparseFd))
+	return unix.IoctlSetInt(int(loopFd), unix.LOOP_SET_FD, int(sparseFd))
 }
 
-func ioctlLoopSetStatus64(loopFd uintptr, loopInfo *loopInfo64) error {
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, LoopSetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
+func ioctlLoopSetStatus64(loopFd uintptr, loopInfo *unix.LoopInfo64) error {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, unix.LOOP_SET_STATUS64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
 		return err
 	}
 	return nil
 }
 
 func ioctlLoopClrFd(loopFd uintptr) error {
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, LoopClrFd, 0); err != 0 {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, unix.LOOP_CLR_FD, 0); err != 0 {
 		return err
 	}
 	return nil
 }
 
-func ioctlLoopGetStatus64(loopFd uintptr) (*loopInfo64, error) {
-	loopInfo := &loopInfo64{}
+func ioctlLoopGetStatus64(loopFd uintptr) (*unix.LoopInfo64, error) {
+	loopInfo := &unix.LoopInfo64{}
 
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, LoopGetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, unix.LOOP_GET_STATUS64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
 		return nil, err
 	}
 	return loopInfo, nil
 }
 
 func ioctlLoopSetCapacity(loopFd uintptr, value int) error {
-	return unix.IoctlSetInt(int(loopFd), LoopSetCapacity, value)
+	return unix.IoctlSetInt(int(loopFd), unix.LOOP_SET_CAPACITY, value)
 }
diff --git a/pkg/loopback/loop_wrapper.go b/pkg/loopback/loop_wrapper.go
index 7206bfb95080a..10ef1985e8201 100644
--- a/pkg/loopback/loop_wrapper.go
+++ b/pkg/loopback/loop_wrapper.go
@@ -1,52 +1,25 @@
-// +build linux,cgo
+//go:build linux
+// +build linux
 
 package loopback // import "github.com/docker/docker/pkg/loopback"
 
-/*
-#include <linux/loop.h> // FIXME: present only for defines, maybe we can remove it?
-
-#ifndef LOOP_CTL_GET_FREE
-  #define LOOP_CTL_GET_FREE 0x4C82
-#endif
-
-#ifndef LO_FLAGS_PARTSCAN
-  #define LO_FLAGS_PARTSCAN 8
-#endif
-
-*/
-import "C"
-
-type loopInfo64 struct {
-	loDevice         uint64 /* ioctl r/o */
-	loInode          uint64 /* ioctl r/o */
-	loRdevice        uint64 /* ioctl r/o */
-	loOffset         uint64
-	loSizelimit      uint64 /* bytes, 0 == max available */
-	loNumber         uint32 /* ioctl r/o */
-	loEncryptType    uint32
-	loEncryptKeySize uint32 /* ioctl w/o */
-	loFlags          uint32 /* ioctl r/o */
-	loFileName       [LoNameSize]uint8
-	loCryptName      [LoNameSize]uint8
-	loEncryptKey     [LoKeySize]uint8 /* ioctl w/o */
-	loInit           [2]uint64
-}
+import "golang.org/x/sys/unix"
 
 // IOCTL consts
 const (
-	LoopSetFd       = C.LOOP_SET_FD
-	LoopCtlGetFree  = C.LOOP_CTL_GET_FREE
-	LoopGetStatus64 = C.LOOP_GET_STATUS64
-	LoopSetStatus64 = C.LOOP_SET_STATUS64
-	LoopClrFd       = C.LOOP_CLR_FD
-	LoopSetCapacity = C.LOOP_SET_CAPACITY
+	LoopSetFd       = unix.LOOP_SET_FD
+	LoopCtlGetFree  = unix.LOOP_CTL_GET_FREE
+	LoopGetStatus64 = unix.LOOP_GET_STATUS64
+	LoopSetStatus64 = unix.LOOP_SET_STATUS64
+	LoopClrFd       = unix.LOOP_CLR_FD
+	LoopSetCapacity = unix.LOOP_SET_CAPACITY
 )
 
 // LOOP consts.
 const (
-	LoFlagsAutoClear = C.LO_FLAGS_AUTOCLEAR
-	LoFlagsReadOnly  = C.LO_FLAGS_READ_ONLY
-	LoFlagsPartScan  = C.LO_FLAGS_PARTSCAN
-	LoKeySize        = C.LO_KEY_SIZE
-	LoNameSize       = C.LO_NAME_SIZE
+	LoFlagsAutoClear = unix.LO_FLAGS_AUTOCLEAR
+	LoFlagsReadOnly  = unix.LO_FLAGS_READ_ONLY
+	LoFlagsPartScan  = unix.LO_FLAGS_PARTSCAN
+	LoKeySize        = unix.LO_KEY_SIZE
+	LoNameSize       = unix.LO_NAME_SIZE
 )
diff --git a/pkg/loopback/loopback.go b/pkg/loopback/loopback.go
index 086655bc1a77f..ecdb398727147 100644
--- a/pkg/loopback/loopback.go
+++ b/pkg/loopback/loopback.go
@@ -1,3 +1,4 @@
+//go:build linux && cgo
 // +build linux,cgo
 
 package loopback // import "github.com/docker/docker/pkg/loopback"
@@ -16,7 +17,7 @@ func getLoopbackBackingFile(file *os.File) (uint64, uint64, error) {
 		logrus.Errorf("Error get loopback backing file: %s", err)
 		return 0, 0, ErrGetLoopbackBackingFile
 	}
-	return loopInfo.loDevice, loopInfo.loInode, nil
+	return loopInfo.Device, loopInfo.Inode, nil
 }
 
 // SetCapacity reloads the size for the loopback device.
@@ -37,7 +38,8 @@ func FindLoopDeviceFor(file *os.File) *os.File {
 		return nil
 	}
 	targetInode := stat.Ino
-	targetDevice := stat.Dev
+	// the type is 32bit on mips
+	targetDevice := uint64(stat.Dev) //nolint: unconvert
 
 	for i := 0; true; i++ {
 		path := fmt.Sprintf("/dev/loop%d", i)
diff --git a/pkg/mount/deprecated.go b/pkg/mount/deprecated.go
new file mode 100644
index 0000000000000..16c8e5952d6c2
--- /dev/null
+++ b/pkg/mount/deprecated.go
@@ -0,0 +1,67 @@
+package mount // import "github.com/docker/docker/pkg/mount"
+
+// Deprecated: this package is not maintained and will be removed.
+// Use github.com/moby/sys/mount and github.com/moby/sys/mountinfo instead.
+
+import (
+	"github.com/moby/sys/mountinfo"
+)
+
+//nolint:golint
+type (
+	// FilterFunc is a type.
+	// Deprecated: use github.com/moby/sys/mountinfo instead.
+	FilterFunc = func(*Info) (skip, stop bool)
+
+	// Info is a type
+	// Deprecated: use github.com/moby/sys/mountinfo instead.
+	Info struct {
+		ID, Parent, Major, Minor                                  int
+		Root, Mountpoint, Opts, Optional, Fstype, Source, VfsOpts string
+	}
+)
+
+// Deprecated: use github.com/moby/sys/mountinfo instead.
+//nolint:golint
+var (
+	Mounted           = mountinfo.Mounted
+	PrefixFilter      = mountinfo.PrefixFilter
+	SingleEntryFilter = mountinfo.SingleEntryFilter
+	ParentsFilter     = mountinfo.ParentsFilter
+	FstypeFilter      = mountinfo.FSTypeFilter
+)
+
+// GetMounts is a function.
+//
+// Deprecated: use github.com/moby/sys/mountinfo.GetMounts() instead.
+//nolint:golint
+func GetMounts(f FilterFunc) ([]*Info, error) {
+	fi := func(i *mountinfo.Info) (skip, stop bool) {
+		return f(toLegacyInfo(i))
+	}
+
+	mounts, err := mountinfo.GetMounts(fi)
+	if err != nil {
+		return nil, err
+	}
+	mi := make([]*Info, len(mounts))
+	for i, m := range mounts {
+		mi[i] = toLegacyInfo(m)
+	}
+	return mi, nil
+}
+
+func toLegacyInfo(m *mountinfo.Info) *Info {
+	return &Info{
+		ID:         m.ID,
+		Parent:     m.Parent,
+		Major:      m.Major,
+		Minor:      m.Minor,
+		Root:       m.Root,
+		Mountpoint: m.Mountpoint,
+		Opts:       m.Options,
+		Fstype:     m.FSType,
+		Source:     m.Source,
+		VfsOpts:    m.VFSOptions,
+	}
+}
diff --git a/pkg/mount/deprecated_linux.go b/pkg/mount/deprecated_linux.go
new file mode 100644
index 0000000000000..e4a4407a3254a
--- /dev/null
+++ b/pkg/mount/deprecated_linux.go
@@ -0,0 +1,19 @@
+package mount // import "github.com/docker/docker/pkg/mount"
+
+import (
+	sysmount "github.com/moby/sys/mount"
+)
+
+// Deprecated: use github.com/moby/sys/mount instead.
+//nolint:golint
+var (
+	MakeMount       = sysmount.MakeMount
+	MakeShared      = sysmount.MakeShared
+	MakeRShared     = sysmount.MakeRShared
+	MakePrivate     = sysmount.MakePrivate
+	MakeRPrivate    = sysmount.MakeRPrivate
+	MakeSlave       = sysmount.MakeSlave
+	MakeRSlave      = sysmount.MakeRSlave
+	MakeUnbindable  = sysmount.MakeUnbindable
+	MakeRUnbindable = sysmount.MakeRUnbindable
+)
diff --git a/pkg/mount/deprecated_unix.go b/pkg/mount/deprecated_unix.go
new file mode 100644
index 0000000000000..6c79c20bf06f4
--- /dev/null
+++ b/pkg/mount/deprecated_unix.go
@@ -0,0 +1,53 @@
+//go:build !darwin && !windows
+// +build !darwin,!windows
+
+package mount // import "github.com/docker/docker/pkg/mount"
+
+// Deprecated: this package is not maintained and will be removed.
+// Use github.com/moby/sys/mount and github.com/moby/sys/mountinfo instead.
+
+import (
+	sysmount "github.com/moby/sys/mount"
+)
+
+// Deprecated: use github.com/moby/sys/mount instead.
+//nolint:golint
+var (
+	Mount            = sysmount.Mount
+	ForceMount       = sysmount.Mount // a deprecated synonym
+	Unmount          = sysmount.Unmount
+	RecursiveUnmount = sysmount.RecursiveUnmount
+)
+
+// Deprecated: use github.com/moby/sys/mount instead.
+//nolint:golint
+const (
+	RDONLY      = sysmount.RDONLY
+	NOSUID      = sysmount.NOSUID
+	NOEXEC      = sysmount.NOEXEC
+	SYNCHRONOUS = sysmount.SYNCHRONOUS
+	NOATIME     = sysmount.NOATIME
+	BIND        = sysmount.BIND
+	DIRSYNC     = sysmount.DIRSYNC
+	MANDLOCK    = sysmount.MANDLOCK
+	NODEV       = sysmount.NODEV
+	NODIRATIME  = sysmount.NODIRATIME
+	UNBINDABLE  = sysmount.UNBINDABLE
+	RUNBINDABLE = sysmount.RUNBINDABLE
+	PRIVATE     = sysmount.PRIVATE
+	RPRIVATE    = sysmount.RPRIVATE
+	SHARED      = sysmount.SHARED
+	RSHARED     = sysmount.RSHARED
+	SLAVE       = sysmount.SLAVE
+	RSLAVE      = sysmount.RSLAVE
+	RBIND       = sysmount.RBIND
+	RELATIME    = sysmount.RELATIME
+	REMOUNT     = sysmount.REMOUNT
+	STRICTATIME = sysmount.STRICTATIME
+)
+
+// Deprecated: use github.com/moby/sys/mount instead.
+//nolint:golint
+var (
+	MergeTmpfsOptions = sysmount.MergeTmpfsOptions
+)
diff --git a/pkg/mount/flags.go b/pkg/mount/flags.go
deleted file mode 100644
index 272363b68540a..0000000000000
--- a/pkg/mount/flags.go
+++ /dev/null
@@ -1,149 +0,0 @@
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"fmt"
-	"strings"
-)
-
-var flags = map[string]struct {
-	clear bool
-	flag  int
-}{
-	"defaults":      {false, 0},
-	"ro":            {false, RDONLY},
-	"rw":            {true, RDONLY},
-	"suid":          {true, NOSUID},
-	"nosuid":        {false, NOSUID},
-	"dev":           {true, NODEV},
-	"nodev":         {false, NODEV},
-	"exec":          {true, NOEXEC},
-	"noexec":        {false, NOEXEC},
-	"sync":          {false, SYNCHRONOUS},
-	"async":         {true, SYNCHRONOUS},
-	"dirsync":       {false, DIRSYNC},
-	"remount":       {false, REMOUNT},
-	"mand":          {false, MANDLOCK},
-	"nomand":        {true, MANDLOCK},
-	"atime":         {true, NOATIME},
-	"noatime":       {false, NOATIME},
-	"diratime":      {true, NODIRATIME},
-	"nodiratime":    {false, NODIRATIME},
-	"bind":          {false, BIND},
-	"rbind":         {false, RBIND},
-	"unbindable":    {false, UNBINDABLE},
-	"runbindable":   {false, RUNBINDABLE},
-	"private":       {false, PRIVATE},
-	"rprivate":      {false, RPRIVATE},
-	"shared":        {false, SHARED},
-	"rshared":       {false, RSHARED},
-	"slave":         {false, SLAVE},
-	"rslave":        {false, RSLAVE},
-	"relatime":      {false, RELATIME},
-	"norelatime":    {true, RELATIME},
-	"strictatime":   {false, STRICTATIME},
-	"nostrictatime": {true, STRICTATIME},
-}
-
-var validFlags = map[string]bool{
-	"":          true,
-	"size":      true,
-	"mode":      true,
-	"uid":       true,
-	"gid":       true,
-	"nr_inodes": true,
-	"nr_blocks": true,
-	"mpol":      true,
-}
-
-var propagationFlags = map[string]bool{
-	"bind":        true,
-	"rbind":       true,
-	"unbindable":  true,
-	"runbindable": true,
-	"private":     true,
-	"rprivate":    true,
-	"shared":      true,
-	"rshared":     true,
-	"slave":       true,
-	"rslave":      true,
-}
-
-// MergeTmpfsOptions merge mount options to make sure there is no duplicate.
-func MergeTmpfsOptions(options []string) ([]string, error) {
-	// We use collisions maps to remove duplicates.
-	// For flag, the key is the flag value (the key for propagation flag is -1)
-	// For data=value, the key is the data
-	flagCollisions := map[int]bool{}
-	dataCollisions := map[string]bool{}
-
-	var newOptions []string
-	// We process in reverse order
-	for i := len(options) - 1; i >= 0; i-- {
-		option := options[i]
-		if option == "defaults" {
-			continue
-		}
-		if f, ok := flags[option]; ok && f.flag != 0 {
-			// There is only one propagation mode
-			key := f.flag
-			if propagationFlags[option] {
-				key = -1
-			}
-			// Check to see if there is collision for flag
-			if !flagCollisions[key] {
-				// We prepend the option and add to collision map
-				newOptions = append([]string{option}, newOptions...)
-				flagCollisions[key] = true
-			}
-			continue
-		}
-		opt := strings.SplitN(option, "=", 2)
-		if len(opt) != 2 || !validFlags[opt[0]] {
-			return nil, fmt.Errorf("Invalid tmpfs option %q", opt)
-		}
-		if !dataCollisions[opt[0]] {
-			// We prepend the option and add to collision map
-			newOptions = append([]string{option}, newOptions...)
-			dataCollisions[opt[0]] = true
-		}
-	}
-
-	return newOptions, nil
-}
-
-// Parse fstab type mount options into mount() flags
-// and device specific data
-func parseOptions(options string) (int, string) {
-	var (
-		flag int
-		data []string
-	)
-
-	for _, o := range strings.Split(options, ",") {
-		// If the option does not exist in the flags table or the flag
-		// is not supported on the platform,
-		// then it is a data value for a specific fs type
-		if f, exists := flags[o]; exists && f.flag != 0 {
-			if f.clear {
-				flag &= ^f.flag
-			} else {
-				flag |= f.flag
-			}
-		} else {
-			data = append(data, o)
-		}
-	}
-	return flag, strings.Join(data, ",")
-}
-
-// ParseTmpfsOptions parse fstab type mount options into flags and data
-func ParseTmpfsOptions(options string) (int, string, error) {
-	flags, data := parseOptions(options)
-	for _, o := range strings.Split(data, ",") {
-		opt := strings.SplitN(o, "=", 2)
-		if !validFlags[opt[0]] {
-			return 0, "", fmt.Errorf("Invalid tmpfs option %q", opt)
-		}
-	}
-	return flags, data, nil
-}
diff --git a/pkg/mount/flags_freebsd.go b/pkg/mount/flags_freebsd.go
deleted file mode 100644
index ef35ef90591ae..0000000000000
--- a/pkg/mount/flags_freebsd.go
+++ /dev/null
@@ -1,49 +0,0 @@
-// +build freebsd,cgo
-
-package mount // import "github.com/docker/docker/pkg/mount"
-
-/*
-#include <sys/mount.h>
-*/
-import "C"
-
-const (
-	// RDONLY will mount the filesystem as read-only.
-	RDONLY = C.MNT_RDONLY
-
-	// NOSUID will not allow set-user-identifier or set-group-identifier bits to
-	// take effect.
-	NOSUID = C.MNT_NOSUID
-
-	// NOEXEC will not allow execution of any binaries on the mounted file system.
-	NOEXEC = C.MNT_NOEXEC
-
-	// SYNCHRONOUS will allow any I/O to the file system to be done synchronously.
-	SYNCHRONOUS = C.MNT_SYNCHRONOUS
-
-	// NOATIME will not update the file access time when reading from a file.
-	NOATIME = C.MNT_NOATIME
-)
-
-// These flags are unsupported.
-const (
-	BIND        = 0
-	DIRSYNC     = 0
-	MANDLOCK    = 0
-	NODEV       = 0
-	NODIRATIME  = 0
-	UNBINDABLE  = 0
-	RUNBINDABLE = 0
-	PRIVATE     = 0
-	RPRIVATE    = 0
-	SHARED      = 0
-	RSHARED     = 0
-	SLAVE       = 0
-	RSLAVE      = 0
-	RBIND       = 0
-	RELATIVE    = 0
-	RELATIME    = 0
-	REMOUNT     = 0
-	STRICTATIME = 0
-	mntDetach   = 0
-)
diff --git a/pkg/mount/flags_unsupported.go b/pkg/mount/flags_unsupported.go
deleted file mode 100644
index cc6c4759083ad..0000000000000
--- a/pkg/mount/flags_unsupported.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// +build !linux,!freebsd freebsd,!cgo
-
-package mount // import "github.com/docker/docker/pkg/mount"
-
-// These flags are unsupported.
-const (
-	BIND        = 0
-	DIRSYNC     = 0
-	MANDLOCK    = 0
-	NOATIME     = 0
-	NODEV       = 0
-	NODIRATIME  = 0
-	NOEXEC      = 0
-	NOSUID      = 0
-	UNBINDABLE  = 0
-	RUNBINDABLE = 0
-	PRIVATE     = 0
-	RPRIVATE    = 0
-	SHARED      = 0
-	RSHARED     = 0
-	SLAVE       = 0
-	RSLAVE      = 0
-	RBIND       = 0
-	RELATIME    = 0
-	RELATIVE    = 0
-	REMOUNT     = 0
-	STRICTATIME = 0
-	SYNCHRONOUS = 0
-	RDONLY      = 0
-	mntDetach   = 0
-)
diff --git a/pkg/mount/mount.go b/pkg/mount/mount.go
deleted file mode 100644
index 874aff6545cc5..0000000000000
--- a/pkg/mount/mount.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"sort"
-	"strings"
-	"syscall"
-
-	"github.com/sirupsen/logrus"
-)
-
-// FilterFunc is a type defining a callback function
-// to filter out unwanted entries. It takes a pointer
-// to an Info struct (not fully populated, currently
-// only Mountpoint is filled in), and returns two booleans:
-//  - skip: true if the entry should be skipped
-//  - stop: true if parsing should be stopped after the entry
-type FilterFunc func(*Info) (skip, stop bool)
-
-// PrefixFilter discards all entries whose mount points
-// do not start with a prefix specified
-func PrefixFilter(prefix string) FilterFunc {
-	return func(m *Info) (bool, bool) {
-		skip := !strings.HasPrefix(m.Mountpoint, prefix)
-		return skip, false
-	}
-}
-
-// SingleEntryFilter looks for a specific entry
-func SingleEntryFilter(mp string) FilterFunc {
-	return func(m *Info) (bool, bool) {
-		if m.Mountpoint == mp {
-			return false, true // don't skip, stop now
-		}
-		return true, false // skip, keep going
-	}
-}
-
-// ParentsFilter returns all entries whose mount points
-// can be parents of a path specified, discarding others.
-// For example, given `/var/lib/docker/something`, entries
-// like `/var/lib/docker`, `/var` and `/` are returned.
-func ParentsFilter(path string) FilterFunc {
-	return func(m *Info) (bool, bool) {
-		skip := !strings.HasPrefix(path, m.Mountpoint)
-		return skip, false
-	}
-}
-
-// GetMounts retrieves a list of mounts for the current running process,
-// with an optional filter applied (use nil for no filter).
-func GetMounts(f FilterFunc) ([]*Info, error) {
-	return parseMountTable(f)
-}
-
-// Mounted determines if a specified mountpoint has been mounted.
-// On Linux it looks at /proc/self/mountinfo.
-func Mounted(mountpoint string) (bool, error) {
-	entries, err := GetMounts(SingleEntryFilter(mountpoint))
-	if err != nil {
-		return false, err
-	}
-
-	return len(entries) > 0, nil
-}
-
-// Mount will mount filesystem according to the specified configuration, on the
-// condition that the target path is *not* already mounted. Options must be
-// specified like the mount or fstab unix commands: "opt1=val1,opt2=val2". See
-// flags.go for supported option flags.
-func Mount(device, target, mType, options string) error {
-	flag, _ := parseOptions(options)
-	if flag&REMOUNT != REMOUNT {
-		if mounted, err := Mounted(target); err != nil || mounted {
-			return err
-		}
-	}
-	return ForceMount(device, target, mType, options)
-}
-
-// ForceMount will mount a filesystem according to the specified configuration,
-// *regardless* if the target path is not already mounted. Options must be
-// specified like the mount or fstab unix commands: "opt1=val1,opt2=val2". See
-// flags.go for supported option flags.
-func ForceMount(device, target, mType, options string) error {
-	flag, data := parseOptions(options)
-	return mount(device, target, mType, uintptr(flag), data)
-}
-
-// Unmount lazily unmounts a filesystem on supported platforms, otherwise
-// does a normal unmount.
-func Unmount(target string) error {
-	err := unmount(target, mntDetach)
-	if err == syscall.EINVAL {
-		// ignore "not mounted" error
-		err = nil
-	}
-	return err
-}
-
-// RecursiveUnmount unmounts the target and all mounts underneath, starting with
-// the deepsest mount first.
-func RecursiveUnmount(target string) error {
-	mounts, err := parseMountTable(PrefixFilter(target))
-	if err != nil {
-		return err
-	}
-
-	// Make the deepest mount be first
-	sort.Slice(mounts, func(i, j int) bool {
-		return len(mounts[i].Mountpoint) > len(mounts[j].Mountpoint)
-	})
-
-	for i, m := range mounts {
-		logrus.Debugf("Trying to unmount %s", m.Mountpoint)
-		err = unmount(m.Mountpoint, mntDetach)
-		if err != nil {
-			// If the error is EINVAL either this whole package is wrong (invalid flags passed to unmount(2)) or this is
-			// not a mountpoint (which is ok in this case).
-			// Meanwhile calling `Mounted()` is very expensive.
-			//
-			// We've purposefully used `syscall.EINVAL` here instead of `unix.EINVAL` to avoid platform branching
-			// Since `EINVAL` is defined for both Windows and Linux in the `syscall` package (and other platforms),
-			//   this is nicer than defining a custom value that we can refer to in each platform file.
-			if err == syscall.EINVAL {
-				continue
-			}
-			if i == len(mounts)-1 {
-				if mounted, e := Mounted(m.Mountpoint); e != nil || mounted {
-					return err
-				}
-				continue
-			}
-			// This is some submount, we can ignore this error for now, the final unmount will fail if this is a real problem
-			logrus.WithError(err).Warnf("Failed to unmount submount %s", m.Mountpoint)
-			continue
-		}
-
-		logrus.Debugf("Unmounted %s", m.Mountpoint)
-	}
-	return nil
-}
diff --git a/pkg/mount/mount_unix_test.go b/pkg/mount/mount_unix_test.go
deleted file mode 100644
index befff9d50c570..0000000000000
--- a/pkg/mount/mount_unix_test.go
+++ /dev/null
@@ -1,170 +0,0 @@
-// +build !windows
-
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"os"
-	"path"
-	"testing"
-)
-
-func TestMountOptionsParsing(t *testing.T) {
-	options := "noatime,ro,size=10k"
-
-	flag, data := parseOptions(options)
-
-	if data != "size=10k" {
-		t.Fatalf("Expected size=10 got %s", data)
-	}
-
-	expectedFlag := NOATIME | RDONLY
-
-	if flag != expectedFlag {
-		t.Fatalf("Expected %d got %d", expectedFlag, flag)
-	}
-}
-
-func TestMounted(t *testing.T) {
-	if os.Getuid() != 0 {
-		t.Skip("root required")
-	}
-
-	tmp := path.Join(os.TempDir(), "mount-tests")
-	if err := os.MkdirAll(tmp, 0777); err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmp)
-
-	var (
-		sourceDir  = path.Join(tmp, "source")
-		targetDir  = path.Join(tmp, "target")
-		sourcePath = path.Join(sourceDir, "file.txt")
-		targetPath = path.Join(targetDir, "file.txt")
-	)
-
-	os.Mkdir(sourceDir, 0777)
-	os.Mkdir(targetDir, 0777)
-
-	f, err := os.Create(sourcePath)
-	if err != nil {
-		t.Fatal(err)
-	}
-	f.WriteString("hello")
-	f.Close()
-
-	f, err = os.Create(targetPath)
-	if err != nil {
-		t.Fatal(err)
-	}
-	f.Close()
-
-	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(targetDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	mounted, err := Mounted(targetDir)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !mounted {
-		t.Fatalf("Expected %s to be mounted", targetDir)
-	}
-	if _, err := os.Stat(targetDir); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestMountReadonly(t *testing.T) {
-	if os.Getuid() != 0 {
-		t.Skip("root required")
-	}
-
-	tmp := path.Join(os.TempDir(), "mount-tests")
-	if err := os.MkdirAll(tmp, 0777); err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmp)
-
-	var (
-		sourceDir  = path.Join(tmp, "source")
-		targetDir  = path.Join(tmp, "target")
-		sourcePath = path.Join(sourceDir, "file.txt")
-		targetPath = path.Join(targetDir, "file.txt")
-	)
-
-	os.Mkdir(sourceDir, 0777)
-	os.Mkdir(targetDir, 0777)
-
-	f, err := os.Create(sourcePath)
-	if err != nil {
-		t.Fatal(err)
-	}
-	f.WriteString("hello")
-	f.Close()
-
-	f, err = os.Create(targetPath)
-	if err != nil {
-		t.Fatal(err)
-	}
-	f.Close()
-
-	if err := Mount(sourceDir, targetDir, "none", "bind,ro"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(targetDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	f, err = os.OpenFile(targetPath, os.O_RDWR, 0777)
-	if err == nil {
-		t.Fatal("Should not be able to open a ro file as rw")
-	}
-}
-
-func TestGetMounts(t *testing.T) {
-	mounts, err := GetMounts(nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	root := false
-	for _, entry := range mounts {
-		if entry.Mountpoint == "/" {
-			root = true
-		}
-	}
-
-	if !root {
-		t.Fatal("/ should be mounted at least")
-	}
-}
-
-func TestMergeTmpfsOptions(t *testing.T) {
-	options := []string{"noatime", "ro", "size=10k", "defaults", "atime", "defaults", "rw", "rprivate", "size=1024k", "slave"}
-	expected := []string{"atime", "rw", "size=1024k", "slave"}
-	merged, err := MergeTmpfsOptions(options)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(expected) != len(merged) {
-		t.Fatalf("Expected %s got %s", expected, merged)
-	}
-	for index := range merged {
-		if merged[index] != expected[index] {
-			t.Fatalf("Expected %s for the %dth option, got %s", expected, index, merged)
-		}
-	}
-
-	options = []string{"noatime", "ro", "size=10k", "atime", "rw", "rprivate", "size=1024k", "slave", "size"}
-	_, err = MergeTmpfsOptions(options)
-	if err == nil {
-		t.Fatal("Expected error got nil")
-	}
-}
diff --git a/pkg/mount/mounter_linux.go b/pkg/mount/mounter_linux.go
deleted file mode 100644
index 631daf10a5ab6..0000000000000
--- a/pkg/mount/mounter_linux.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-const (
-	// ptypes is the set propagation types.
-	ptypes = unix.MS_SHARED | unix.MS_PRIVATE | unix.MS_SLAVE | unix.MS_UNBINDABLE
-
-	// pflags is the full set valid flags for a change propagation call.
-	pflags = ptypes | unix.MS_REC | unix.MS_SILENT
-
-	// broflags is the combination of bind and read only
-	broflags = unix.MS_BIND | unix.MS_RDONLY
-)
-
-// isremount returns true if either device name or flags identify a remount request, false otherwise.
-func isremount(device string, flags uintptr) bool {
-	switch {
-	// We treat device "" and "none" as a remount request to provide compatibility with
-	// requests that don't explicitly set MS_REMOUNT such as those manipulating bind mounts.
-	case flags&unix.MS_REMOUNT != 0, device == "", device == "none":
-		return true
-	default:
-		return false
-	}
-}
-
-func mount(device, target, mType string, flags uintptr, data string) error {
-	oflags := flags &^ ptypes
-	if !isremount(device, flags) || data != "" {
-		// Initial call applying all non-propagation flags for mount
-		// or remount with changed data
-		if err := unix.Mount(device, target, mType, oflags, data); err != nil {
-			return err
-		}
-	}
-
-	if flags&ptypes != 0 {
-		// Change the propagation type.
-		if err := unix.Mount("", target, "", flags&pflags, ""); err != nil {
-			return err
-		}
-	}
-
-	if oflags&broflags == broflags {
-		// Remount the bind to apply read only.
-		return unix.Mount("", target, "", oflags|unix.MS_REMOUNT, "")
-	}
-
-	return nil
-}
-
-func unmount(target string, flag int) error {
-	return unix.Unmount(target, flag)
-}
diff --git a/pkg/mount/mounter_linux_test.go b/pkg/mount/mounter_linux_test.go
deleted file mode 100644
index 336f3d5cdc159..0000000000000
--- a/pkg/mount/mounter_linux_test.go
+++ /dev/null
@@ -1,228 +0,0 @@
-// +build linux
-
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"strings"
-	"testing"
-)
-
-func TestMount(t *testing.T) {
-	if os.Getuid() != 0 {
-		t.Skip("root required")
-	}
-
-	source, err := ioutil.TempDir("", "mount-test-source-")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(source)
-
-	// Ensure we have a known start point by mounting tmpfs with given options
-	if err := Mount("tmpfs", source, "tmpfs", "private"); err != nil {
-		t.Fatal(err)
-	}
-	defer ensureUnmount(t, source)
-	validateMount(t, source, "", "", "")
-	if t.Failed() {
-		t.FailNow()
-	}
-
-	target, err := ioutil.TempDir("", "mount-test-target-")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(target)
-
-	tests := []struct {
-		source           string
-		ftype            string
-		options          string
-		expectedOpts     string
-		expectedOptional string
-		expectedVFS      string
-	}{
-		// No options
-		{"tmpfs", "tmpfs", "", "", "", ""},
-		// Default rw / ro test
-		{source, "", "bind", "", "", ""},
-		{source, "", "bind,private", "", "", ""},
-		{source, "", "bind,shared", "", "shared", ""},
-		{source, "", "bind,slave", "", "master", ""},
-		{source, "", "bind,unbindable", "", "unbindable", ""},
-		// Read Write tests
-		{source, "", "bind,rw", "rw", "", ""},
-		{source, "", "bind,rw,private", "rw", "", ""},
-		{source, "", "bind,rw,shared", "rw", "shared", ""},
-		{source, "", "bind,rw,slave", "rw", "master", ""},
-		{source, "", "bind,rw,unbindable", "rw", "unbindable", ""},
-		// Read Only tests
-		{source, "", "bind,ro", "ro", "", ""},
-		{source, "", "bind,ro,private", "ro", "", ""},
-		{source, "", "bind,ro,shared", "ro", "shared", ""},
-		{source, "", "bind,ro,slave", "ro", "master", ""},
-		{source, "", "bind,ro,unbindable", "ro", "unbindable", ""},
-		// Remount tests to change per filesystem options
-		{"", "", "remount,size=128k", "rw", "", "rw,size=128k"},
-		{"", "", "remount,ro,size=128k", "ro", "", "ro,size=128k"},
-	}
-
-	for _, tc := range tests {
-		ftype, options := tc.ftype, tc.options
-		if tc.ftype == "" {
-			ftype = "none"
-		}
-		if tc.options == "" {
-			options = "none"
-		}
-
-		t.Run(fmt.Sprintf("%v-%v", ftype, options), func(t *testing.T) {
-			if strings.Contains(tc.options, "slave") {
-				// Slave requires a shared source
-				if err := MakeShared(source); err != nil {
-					t.Fatal(err)
-				}
-				defer func() {
-					if err := MakePrivate(source); err != nil {
-						t.Fatal(err)
-					}
-				}()
-			}
-			if strings.Contains(tc.options, "remount") {
-				// create a new mount to remount first
-				if err := Mount("tmpfs", target, "tmpfs", ""); err != nil {
-					t.Fatal(err)
-				}
-			}
-			if err := Mount(tc.source, target, tc.ftype, tc.options); err != nil {
-				t.Fatal(err)
-			}
-			defer ensureUnmount(t, target)
-			validateMount(t, target, tc.expectedOpts, tc.expectedOptional, tc.expectedVFS)
-		})
-	}
-}
-
-// ensureUnmount umounts mnt checking for errors
-func ensureUnmount(t *testing.T, mnt string) {
-	if err := Unmount(mnt); err != nil {
-		t.Error(err)
-	}
-}
-
-// validateMount checks that mnt has the given options
-func validateMount(t *testing.T, mnt string, opts, optional, vfs string) {
-	info, err := GetMounts(nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	wantedOpts := make(map[string]struct{})
-	if opts != "" {
-		for _, opt := range strings.Split(opts, ",") {
-			wantedOpts[opt] = struct{}{}
-		}
-	}
-
-	wantedOptional := make(map[string]struct{})
-	if optional != "" {
-		for _, opt := range strings.Split(optional, ",") {
-			wantedOptional[opt] = struct{}{}
-		}
-	}
-
-	wantedVFS := make(map[string]struct{})
-	if vfs != "" {
-		for _, opt := range strings.Split(vfs, ",") {
-			wantedVFS[opt] = struct{}{}
-		}
-	}
-
-	mnts := make(map[int]*Info, len(info))
-	for _, mi := range info {
-		mnts[mi.ID] = mi
-	}
-
-	for _, mi := range info {
-		if mi.Mountpoint != mnt {
-			continue
-		}
-
-		// Use parent info as the defaults
-		p := mnts[mi.Parent]
-		pOpts := make(map[string]struct{})
-		if p.Opts != "" {
-			for _, opt := range strings.Split(p.Opts, ",") {
-				pOpts[clean(opt)] = struct{}{}
-			}
-		}
-		pOptional := make(map[string]struct{})
-		if p.Optional != "" {
-			for _, field := range strings.Split(p.Optional, ",") {
-				pOptional[clean(field)] = struct{}{}
-			}
-		}
-
-		// Validate Opts
-		if mi.Opts != "" {
-			for _, opt := range strings.Split(mi.Opts, ",") {
-				opt = clean(opt)
-				if !has(wantedOpts, opt) && !has(pOpts, opt) {
-					t.Errorf("unexpected mount option %q, expected %q", opt, opts)
-				}
-				delete(wantedOpts, opt)
-			}
-		}
-		for opt := range wantedOpts {
-			t.Errorf("missing mount option %q, found %q", opt, mi.Opts)
-		}
-
-		// Validate Optional
-		if mi.Optional != "" {
-			for _, field := range strings.Split(mi.Optional, ",") {
-				field = clean(field)
-				if !has(wantedOptional, field) && !has(pOptional, field) {
-					t.Errorf("unexpected optional field %q, expected %q", field, optional)
-				}
-				delete(wantedOptional, field)
-			}
-		}
-		for field := range wantedOptional {
-			t.Errorf("missing optional field %q, found %q", field, mi.Optional)
-		}
-
-		// Validate VFS if set
-		if vfs != "" {
-			if mi.VfsOpts != "" {
-				for _, opt := range strings.Split(mi.VfsOpts, ",") {
-					opt = clean(opt)
-					if !has(wantedVFS, opt) && opt != "seclabel" { // can be added by selinux
-						t.Errorf("unexpected vfs option %q, expected %q", opt, vfs)
-					}
-					delete(wantedVFS, opt)
-				}
-			}
-			for opt := range wantedVFS {
-				t.Errorf("missing vfs option %q, found %q", opt, mi.VfsOpts)
-			}
-		}
-
-		return
-	}
-
-	t.Errorf("failed to find mount %q", mnt)
-}
-
-// clean strips off any value param after the colon
-func clean(v string) string {
-	return strings.SplitN(v, ":", 2)[0]
-}
-
-// has returns true if key is a member of m
-func has(m map[string]struct{}, key string) bool {
-	_, ok := m[key]
-	return ok
-}
diff --git a/pkg/mount/mounter_unsupported.go b/pkg/mount/mounter_unsupported.go
deleted file mode 100644
index 1428dffa52962..0000000000000
--- a/pkg/mount/mounter_unsupported.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build !linux,!freebsd freebsd,!cgo
-
-package mount // import "github.com/docker/docker/pkg/mount"
-
-func mount(device, target, mType string, flag uintptr, data string) error {
-	panic("Not implemented")
-}
-
-func unmount(target string, flag int) error {
-	panic("Not implemented")
-}
diff --git a/pkg/mount/mountinfo.go b/pkg/mount/mountinfo.go
deleted file mode 100644
index ecd03fc022149..0000000000000
--- a/pkg/mount/mountinfo.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package mount // import "github.com/docker/docker/pkg/mount"
-
-// Info reveals information about a particular mounted filesystem. This
-// struct is populated from the content in the /proc/<pid>/mountinfo file.
-type Info struct {
-	// ID is a unique identifier of the mount (may be reused after umount).
-	ID int
-
-	// Parent indicates the ID of the mount parent (or of self for the top of the
-	// mount tree).
-	Parent int
-
-	// Major indicates one half of the device ID which identifies the device class.
-	Major int
-
-	// Minor indicates one half of the device ID which identifies a specific
-	// instance of device.
-	Minor int
-
-	// Root of the mount within the filesystem.
-	Root string
-
-	// Mountpoint indicates the mount point relative to the process's root.
-	Mountpoint string
-
-	// Opts represents mount-specific options.
-	Opts string
-
-	// Optional represents optional fields.
-	Optional string
-
-	// Fstype indicates the type of filesystem, such as EXT3.
-	Fstype string
-
-	// Source indicates filesystem specific information or "none".
-	Source string
-
-	// VfsOpts represents per super block options.
-	VfsOpts string
-}
diff --git a/pkg/mount/mountinfo_freebsd.go b/pkg/mount/mountinfo_freebsd.go
deleted file mode 100644
index 36c89dc1a2408..0000000000000
--- a/pkg/mount/mountinfo_freebsd.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package mount // import "github.com/docker/docker/pkg/mount"
-
-/*
-#include <sys/param.h>
-#include <sys/ucred.h>
-#include <sys/mount.h>
-*/
-import "C"
-
-import (
-	"fmt"
-	"reflect"
-	"unsafe"
-)
-
-// Parse /proc/self/mountinfo because comparing Dev and ino does not work from
-// bind mounts.
-func parseMountTable(filter FilterFunc) ([]*Info, error) {
-	var rawEntries *C.struct_statfs
-
-	count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT))
-	if count == 0 {
-		return nil, fmt.Errorf("Failed to call getmntinfo")
-	}
-
-	var entries []C.struct_statfs
-	header := (*reflect.SliceHeader)(unsafe.Pointer(&entries))
-	header.Cap = count
-	header.Len = count
-	header.Data = uintptr(unsafe.Pointer(rawEntries))
-
-	var out []*Info
-	for _, entry := range entries {
-		var mountinfo Info
-		var skip, stop bool
-		mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0])
-
-		if filter != nil {
-			// filter out entries we're not interested in
-			skip, stop = filter(p)
-			if skip {
-				continue
-			}
-		}
-
-		mountinfo.Source = C.GoString(&entry.f_mntfromname[0])
-		mountinfo.Fstype = C.GoString(&entry.f_fstypename[0])
-
-		out = append(out, &mountinfo)
-		if stop {
-			break
-		}
-	}
-	return out, nil
-}
diff --git a/pkg/mount/mountinfo_linux.go b/pkg/mount/mountinfo_linux.go
deleted file mode 100644
index c1dba01fc31c8..0000000000000
--- a/pkg/mount/mountinfo_linux.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"strconv"
-	"strings"
-)
-
-func parseInfoFile(r io.Reader, filter FilterFunc) ([]*Info, error) {
-	s := bufio.NewScanner(r)
-	out := []*Info{}
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
-		/*
-		   36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
-		   (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
-
-		   (1) mount ID:  unique identifier of the mount (may be reused after umount)
-		   (2) parent ID:  ID of parent (or of self for the top of the mount tree)
-		   (3) major:minor:  value of st_dev for files on filesystem
-		   (4) root:  root of the mount within the filesystem
-		   (5) mount point:  mount point relative to the process's root
-		   (6) mount options:  per mount options
-		   (7) optional fields:  zero or more fields of the form "tag[:value]"
-		   (8) separator:  marks the end of the optional fields
-		   (9) filesystem type:  name of filesystem of the form "type[.subtype]"
-		   (10) mount source:  filesystem specific information or "none"
-		   (11) super options:  per super block options
-		*/
-
-		text := s.Text()
-		fields := strings.Split(text, " ")
-		numFields := len(fields)
-		if numFields < 10 {
-			// should be at least 10 fields
-			return nil, fmt.Errorf("Parsing '%s' failed: not enough fields (%d)", text, numFields)
-		}
-
-		p := &Info{}
-		// ignore any numbers parsing errors, as there should not be any
-		p.ID, _ = strconv.Atoi(fields[0])
-		p.Parent, _ = strconv.Atoi(fields[1])
-		mm := strings.Split(fields[2], ":")
-		if len(mm) != 2 {
-			return nil, fmt.Errorf("Parsing '%s' failed: unexpected minor:major pair %s", text, mm)
-		}
-		p.Major, _ = strconv.Atoi(mm[0])
-		p.Minor, _ = strconv.Atoi(mm[1])
-
-		p.Root = fields[3]
-		p.Mountpoint = fields[4]
-		p.Opts = fields[5]
-
-		var skip, stop bool
-		if filter != nil {
-			// filter out entries we're not interested in
-			skip, stop = filter(p)
-			if skip {
-				continue
-			}
-		}
-
-		// one or more optional fields, when a separator (-)
-		i := 6
-		for ; i < numFields && fields[i] != "-"; i++ {
-			switch i {
-			case 6:
-				p.Optional = fields[6]
-			default:
-				/* NOTE there might be more optional fields before the such as
-				   fields[7]...fields[N] (where N < sepIndex), although
-				   as of Linux kernel 4.15 the only known ones are
-				   mount propagation flags in fields[6]. The correct
-				   behavior is to ignore any unknown optional fields.
-				*/
-				break
-			}
-		}
-		if i == numFields {
-			return nil, fmt.Errorf("Parsing '%s' failed: missing separator ('-')", text)
-		}
-
-		// There should be 3 fields after the separator...
-		if i+4 > numFields {
-			return nil, fmt.Errorf("Parsing '%s' failed: not enough fields after a separator", text)
-		}
-		// ... but in Linux <= 3.9 mounting a cifs with spaces in a share name
-		// (like "//serv/My Documents") _may_ end up having a space in the last field
-		// of mountinfo (like "unc=//serv/My Documents"). Since kernel 3.10-rc1, cifs
-		// option unc= is ignored,  so a space should not appear. In here we ignore
-		// those "extra" fields caused by extra spaces.
-		p.Fstype = fields[i+1]
-		p.Source = fields[i+2]
-		p.VfsOpts = fields[i+3]
-
-		out = append(out, p)
-		if stop {
-			break
-		}
-	}
-	return out, nil
-}
-
-// Parse /proc/self/mountinfo because comparing Dev and ino does not work from
-// bind mounts
-func parseMountTable(filter FilterFunc) ([]*Info, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	return parseInfoFile(f, filter)
-}
-
-// PidMountInfo collects the mounts for a specific process ID. If the process
-// ID is unknown, it is better to use `GetMounts` which will inspect
-// "/proc/self/mountinfo" instead.
-func PidMountInfo(pid int) ([]*Info, error) {
-	f, err := os.Open(fmt.Sprintf("/proc/%d/mountinfo", pid))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	return parseInfoFile(f, nil)
-}
diff --git a/pkg/mount/mountinfo_linux_test.go b/pkg/mount/mountinfo_linux_test.go
deleted file mode 100644
index 64411ccaef1df..0000000000000
--- a/pkg/mount/mountinfo_linux_test.go
+++ /dev/null
@@ -1,508 +0,0 @@
-// +build linux
-
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"bytes"
-	"testing"
-
-	"gotest.tools/assert"
-)
-
-const (
-	fedoraMountinfo = `15 35 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
-16 35 0:14 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
-17 35 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=8056484k,nr_inodes=2014121,mode=755
-18 16 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
-19 16 0:13 / /sys/fs/selinux rw,relatime shared:8 - selinuxfs selinuxfs rw
-20 17 0:16 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
-21 17 0:10 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
-22 35 0:17 / /run rw,nosuid,nodev shared:21 - tmpfs tmpfs rw,seclabel,mode=755
-23 16 0:18 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:9 - tmpfs tmpfs rw,seclabel,mode=755
-24 23 0:19 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
-25 16 0:20 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw
-26 23 0:21 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuset,clone_children
-27 23 0:22 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuacct,cpu,clone_children
-28 23 0:23 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory,clone_children
-29 23 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,devices,clone_children
-30 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,freezer,clone_children
-31 23 0:26 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,net_cls,clone_children
-32 23 0:27 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,blkio,clone_children
-33 23 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,perf_event,clone_children
-34 23 0:29 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,hugetlb,clone_children
-35 1 253:2 / / rw,relatime shared:1 - ext4 /dev/mapper/ssd-root--f20 rw,seclabel,data=ordered
-36 15 0:30 / /proc/sys/fs/binfmt_misc rw,relatime shared:22 - autofs systemd-1 rw,fd=38,pgrp=1,timeout=300,minproto=5,maxproto=5,direct
-37 17 0:12 / /dev/mqueue rw,relatime shared:23 - mqueue mqueue rw,seclabel
-38 35 0:31 / /tmp rw shared:24 - tmpfs tmpfs rw,seclabel
-39 17 0:32 / /dev/hugepages rw,relatime shared:25 - hugetlbfs hugetlbfs rw,seclabel
-40 16 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw
-41 16 0:33 / /sys/kernel/config rw,relatime shared:27 - configfs configfs rw
-42 35 0:34 / /var/lib/nfs/rpc_pipefs rw,relatime shared:28 - rpc_pipefs sunrpc rw
-43 15 0:35 / /proc/fs/nfsd rw,relatime shared:29 - nfsd sunrpc rw
-45 35 8:17 / /boot rw,relatime shared:30 - ext4 /dev/sdb1 rw,seclabel,data=ordered
-46 35 253:4 / /home rw,relatime shared:31 - ext4 /dev/mapper/ssd-home rw,seclabel,data=ordered
-47 35 253:5 / /var/lib/libvirt/images rw,noatime,nodiratime shared:32 - ext4 /dev/mapper/ssd-virt rw,seclabel,discard,data=ordered
-48 35 253:12 / /mnt/old rw,relatime shared:33 - ext4 /dev/mapper/HelpDeskRHEL6-FedoraRoot rw,seclabel,data=ordered
-121 22 0:36 / /run/user/1000/gvfs rw,nosuid,nodev,relatime shared:104 - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1000,group_id=1000
-124 16 0:37 / /sys/fs/fuse/connections rw,relatime shared:107 - fusectl fusectl rw
-165 38 253:3 / /tmp/mnt rw,relatime shared:147 - ext4 /dev/mapper/ssd-root rw,seclabel,data=ordered
-167 35 253:15 / /var/lib/docker/devicemapper/mnt/aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,relatime shared:149 - ext4 /dev/mapper/docker-253:2-425882-aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,seclabel,discard,stripe=16,data=ordered
-171 35 253:16 / /var/lib/docker/devicemapper/mnt/c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,relatime shared:153 - ext4 /dev/mapper/docker-253:2-425882-c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,seclabel,discard,stripe=16,data=ordered
-175 35 253:17 / /var/lib/docker/devicemapper/mnt/1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,relatime shared:157 - ext4 /dev/mapper/docker-253:2-425882-1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,seclabel,discard,stripe=16,data=ordered
-179 35 253:18 / /var/lib/docker/devicemapper/mnt/d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,relatime shared:161 - ext4 /dev/mapper/docker-253:2-425882-d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,seclabel,discard,stripe=16,data=ordered
-183 35 253:19 / /var/lib/docker/devicemapper/mnt/6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,relatime shared:165 - ext4 /dev/mapper/docker-253:2-425882-6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,seclabel,discard,stripe=16,data=ordered
-187 35 253:20 / /var/lib/docker/devicemapper/mnt/8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,relatime shared:169 - ext4 /dev/mapper/docker-253:2-425882-8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,seclabel,discard,stripe=16,data=ordered
-191 35 253:21 / /var/lib/docker/devicemapper/mnt/c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,relatime shared:173 - ext4 /dev/mapper/docker-253:2-425882-c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,seclabel,discard,stripe=16,data=ordered
-195 35 253:22 / /var/lib/docker/devicemapper/mnt/2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,relatime shared:177 - ext4 /dev/mapper/docker-253:2-425882-2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,seclabel,discard,stripe=16,data=ordered
-199 35 253:23 / /var/lib/docker/devicemapper/mnt/37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,relatime shared:181 - ext4 /dev/mapper/docker-253:2-425882-37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,seclabel,discard,stripe=16,data=ordered
-203 35 253:24 / /var/lib/docker/devicemapper/mnt/aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,relatime shared:185 - ext4 /dev/mapper/docker-253:2-425882-aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,seclabel,discard,stripe=16,data=ordered
-207 35 253:25 / /var/lib/docker/devicemapper/mnt/928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,relatime shared:189 - ext4 /dev/mapper/docker-253:2-425882-928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,seclabel,discard,stripe=16,data=ordered
-211 35 253:26 / /var/lib/docker/devicemapper/mnt/0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,relatime shared:193 - ext4 /dev/mapper/docker-253:2-425882-0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,seclabel,discard,stripe=16,data=ordered
-215 35 253:27 / /var/lib/docker/devicemapper/mnt/d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,relatime shared:197 - ext4 /dev/mapper/docker-253:2-425882-d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,seclabel,discard,stripe=16,data=ordered
-219 35 253:28 / /var/lib/docker/devicemapper/mnt/bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,relatime shared:201 - ext4 /dev/mapper/docker-253:2-425882-bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,seclabel,discard,stripe=16,data=ordered
-223 35 253:29 / /var/lib/docker/devicemapper/mnt/7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,relatime shared:205 - ext4 /dev/mapper/docker-253:2-425882-7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,seclabel,discard,stripe=16,data=ordered
-227 35 253:30 / /var/lib/docker/devicemapper/mnt/c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,relatime shared:209 - ext4 /dev/mapper/docker-253:2-425882-c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,seclabel,discard,stripe=16,data=ordered
-231 35 253:31 / /var/lib/docker/devicemapper/mnt/8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,relatime shared:213 - ext4 /dev/mapper/docker-253:2-425882-8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,seclabel,discard,stripe=16,data=ordered
-235 35 253:32 / /var/lib/docker/devicemapper/mnt/1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,relatime shared:217 - ext4 /dev/mapper/docker-253:2-425882-1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,seclabel,discard,stripe=16,data=ordered
-239 35 253:33 / /var/lib/docker/devicemapper/mnt/e9aa60c60128cad1 rw,relatime shared:221 - ext4 /dev/mapper/docker-253:2-425882-e9aa60c60128cad1 rw,seclabel,discard,stripe=16,data=ordered
-243 35 253:34 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,relatime shared:225 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,seclabel,discard,stripe=16,data=ordered
-247 35 253:35 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,relatime shared:229 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,seclabel,discard,stripe=16,data=ordered
-31 21 0:23 / /DATA/foo_bla_bla rw,relatime - cifs //foo/BLA\040BLA\040BLA/ rw,sec=ntlm,cache=loose,unc=\\foo\BLA BLA BLA,username=my_login,domain=mydomain.com,uid=12345678,forceuid,gid=12345678,forcegid,addr=10.1.30.10,file_mode=0755,dir_mode=0755,nounix,rsize=61440,wsize=65536,actimeo=1`
-
-	ubuntuMountInfo = `15 20 0:14 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
-16 20 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
-17 20 0:5 / /dev rw,relatime - devtmpfs udev rw,size=1015140k,nr_inodes=253785,mode=755
-18 17 0:11 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000
-19 20 0:15 / /run rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=205044k,mode=755
-20 1 253:0 / / rw,relatime - ext4 /dev/disk/by-label/DOROOT rw,errors=remount-ro,data=ordered
-21 15 0:16 / /sys/fs/cgroup rw,relatime - tmpfs none rw,size=4k,mode=755
-22 15 0:17 / /sys/fs/fuse/connections rw,relatime - fusectl none rw
-23 15 0:6 / /sys/kernel/debug rw,relatime - debugfs none rw
-24 15 0:10 / /sys/kernel/security rw,relatime - securityfs none rw
-25 19 0:18 / /run/lock rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=5120k
-26 21 0:19 / /sys/fs/cgroup/cpuset rw,relatime - cgroup cgroup rw,cpuset,clone_children
-27 19 0:20 / /run/shm rw,nosuid,nodev,relatime - tmpfs none rw
-28 21 0:21 / /sys/fs/cgroup/cpu rw,relatime - cgroup cgroup rw,cpu
-29 19 0:22 / /run/user rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=102400k,mode=755
-30 15 0:23 / /sys/fs/pstore rw,relatime - pstore none rw
-31 21 0:24 / /sys/fs/cgroup/cpuacct rw,relatime - cgroup cgroup rw,cpuacct
-32 21 0:25 / /sys/fs/cgroup/memory rw,relatime - cgroup cgroup rw,memory
-33 21 0:26 / /sys/fs/cgroup/devices rw,relatime - cgroup cgroup rw,devices
-34 21 0:27 / /sys/fs/cgroup/freezer rw,relatime - cgroup cgroup rw,freezer
-35 21 0:28 / /sys/fs/cgroup/blkio rw,relatime - cgroup cgroup rw,blkio
-36 21 0:29 / /sys/fs/cgroup/perf_event rw,relatime - cgroup cgroup rw,perf_event
-37 21 0:30 / /sys/fs/cgroup/hugetlb rw,relatime - cgroup cgroup rw,hugetlb
-38 21 0:31 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime - cgroup systemd rw,name=systemd
-39 20 0:32 / /var/lib/docker/aufs/mnt/b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc rw,relatime - aufs none rw,si=caafa54fdc06525
-40 20 0:33 / /var/lib/docker/aufs/mnt/2eed44ac7ce7c75af04f088ed6cb4ce9d164801e91d78c6db65d7ef6d572bba8-init rw,relatime - aufs none rw,si=caafa54f882b525
-41 20 0:34 / /var/lib/docker/aufs/mnt/2eed44ac7ce7c75af04f088ed6cb4ce9d164801e91d78c6db65d7ef6d572bba8 rw,relatime - aufs none rw,si=caafa54f8829525
-42 20 0:35 / /var/lib/docker/aufs/mnt/16f4d7e96dd612903f425bfe856762f291ff2e36a8ecd55a2209b7d7cd81c30b rw,relatime - aufs none rw,si=caafa54f882d525
-43 20 0:36 / /var/lib/docker/aufs/mnt/63ca08b75d7438a9469a5954e003f48ffede73541f6286ce1cb4d7dd4811da7e-init rw,relatime - aufs none rw,si=caafa54f882f525
-44 20 0:37 / /var/lib/docker/aufs/mnt/63ca08b75d7438a9469a5954e003f48ffede73541f6286ce1cb4d7dd4811da7e rw,relatime - aufs none rw,si=caafa54f88ba525
-45 20 0:38 / /var/lib/docker/aufs/mnt/283f35a910233c756409313be71ecd8fcfef0df57108b8d740b61b3e88860452 rw,relatime - aufs none rw,si=caafa54f88b8525
-46 20 0:39 / /var/lib/docker/aufs/mnt/2c6c7253d4090faa3886871fb21bd660609daeb0206588c0602007f7d0f254b1-init rw,relatime - aufs none rw,si=caafa54f88be525
-47 20 0:40 / /var/lib/docker/aufs/mnt/2c6c7253d4090faa3886871fb21bd660609daeb0206588c0602007f7d0f254b1 rw,relatime - aufs none rw,si=caafa54f882c525
-48 20 0:41 / /var/lib/docker/aufs/mnt/de2b538c97d6366cc80e8658547c923ea1d042f85580df379846f36a4df7049d rw,relatime - aufs none rw,si=caafa54f85bb525
-49 20 0:42 / /var/lib/docker/aufs/mnt/94a3d8ed7c27e5b0aa71eba46c736bfb2742afda038e74f2dd6035fb28415b49-init rw,relatime - aufs none rw,si=caafa54fdc00525
-50 20 0:43 / /var/lib/docker/aufs/mnt/94a3d8ed7c27e5b0aa71eba46c736bfb2742afda038e74f2dd6035fb28415b49 rw,relatime - aufs none rw,si=caafa54fbaec525
-51 20 0:44 / /var/lib/docker/aufs/mnt/6ac1cace985c9fc9bea32234de8b36dba49bdd5e29a2972b327ff939d78a6274 rw,relatime - aufs none rw,si=caafa54f8e1a525
-52 20 0:45 / /var/lib/docker/aufs/mnt/dff147033e3a0ef061e1de1ad34256b523d4a8c1fa6bba71a0ab538e8628ff0b-init rw,relatime - aufs none rw,si=caafa54f8e1d525
-53 20 0:46 / /var/lib/docker/aufs/mnt/dff147033e3a0ef061e1de1ad34256b523d4a8c1fa6bba71a0ab538e8628ff0b rw,relatime - aufs none rw,si=caafa54f8e1b525
-54 20 0:47 / /var/lib/docker/aufs/mnt/cabb117d997f0f93519185aea58389a9762770b7496ed0b74a3e4a083fa45902 rw,relatime - aufs none rw,si=caafa54f810a525
-55 20 0:48 / /var/lib/docker/aufs/mnt/e1c8a94ffaa9d532bbbdc6ef771ce8a6c2c06757806ecaf8b68e9108fec65f33-init rw,relatime - aufs none rw,si=caafa54f8529525
-56 20 0:49 / /var/lib/docker/aufs/mnt/e1c8a94ffaa9d532bbbdc6ef771ce8a6c2c06757806ecaf8b68e9108fec65f33 rw,relatime - aufs none rw,si=caafa54f852f525
-57 20 0:50 / /var/lib/docker/aufs/mnt/16a1526fa445b84ce84f89506d219e87fa488a814063baf045d88b02f21166b3 rw,relatime - aufs none rw,si=caafa54f9e1d525
-58 20 0:51 / /var/lib/docker/aufs/mnt/57b9c92e1e368fa7dbe5079f7462e917777829caae732828b003c355fe49da9f-init rw,relatime - aufs none rw,si=caafa54f854d525
-59 20 0:52 / /var/lib/docker/aufs/mnt/57b9c92e1e368fa7dbe5079f7462e917777829caae732828b003c355fe49da9f rw,relatime - aufs none rw,si=caafa54f854e525
-60 20 0:53 / /var/lib/docker/aufs/mnt/e370c3e286bea027917baa0e4d251262681a472a87056e880dfd0513516dffd9 rw,relatime - aufs none rw,si=caafa54f840a525
-61 20 0:54 / /var/lib/docker/aufs/mnt/6b00d3b4f32b41997ec07412b5e18204f82fbe643e7122251cdeb3582abd424e-init rw,relatime - aufs none rw,si=caafa54f8408525
-62 20 0:55 / /var/lib/docker/aufs/mnt/6b00d3b4f32b41997ec07412b5e18204f82fbe643e7122251cdeb3582abd424e rw,relatime - aufs none rw,si=caafa54f8409525
-63 20 0:56 / /var/lib/docker/aufs/mnt/abd0b5ea5d355a67f911475e271924a5388ee60c27185fcd60d095afc4a09dc7 rw,relatime - aufs none rw,si=caafa54f9eb1525
-64 20 0:57 / /var/lib/docker/aufs/mnt/336222effc3f7b89867bb39ff7792ae5412c35c749f127c29159d046b6feedd2-init rw,relatime - aufs none rw,si=caafa54f85bf525
-65 20 0:58 / /var/lib/docker/aufs/mnt/336222effc3f7b89867bb39ff7792ae5412c35c749f127c29159d046b6feedd2 rw,relatime - aufs none rw,si=caafa54f85b8525
-66 20 0:59 / /var/lib/docker/aufs/mnt/912e1bf28b80a09644503924a8a1a4fb8ed10b808ca847bda27a369919aa52fa rw,relatime - aufs none rw,si=caafa54fbaea525
-67 20 0:60 / /var/lib/docker/aufs/mnt/386f722875013b4a875118367abc783fc6617a3cb7cf08b2b4dcf550b4b9c576-init rw,relatime - aufs none rw,si=caafa54f8472525
-68 20 0:61 / /var/lib/docker/aufs/mnt/386f722875013b4a875118367abc783fc6617a3cb7cf08b2b4dcf550b4b9c576 rw,relatime - aufs none rw,si=caafa54f8474525
-69 20 0:62 / /var/lib/docker/aufs/mnt/5aaebb79ef3097dfca377889aeb61a0c9d5e3795117d2b08d0751473c671dfb2 rw,relatime - aufs none rw,si=caafa54f8c5e525
-70 20 0:63 / /var/lib/docker/aufs/mnt/5ba3e493279d01277d583600b81c7c079e691b73c3a2bdea8e4b12a35a418be2-init rw,relatime - aufs none rw,si=caafa54f8c3b525
-71 20 0:64 / /var/lib/docker/aufs/mnt/5ba3e493279d01277d583600b81c7c079e691b73c3a2bdea8e4b12a35a418be2 rw,relatime - aufs none rw,si=caafa54f8c3d525
-72 20 0:65 / /var/lib/docker/aufs/mnt/2777f0763da4de93f8bebbe1595cc77f739806a158657b033eca06f827b6028a rw,relatime - aufs none rw,si=caafa54f8c3e525
-73 20 0:66 / /var/lib/docker/aufs/mnt/5d7445562acf73c6f0ae34c3dd0921d7457de1ba92a587d9e06a44fa209eeb3e-init rw,relatime - aufs none rw,si=caafa54f8c39525
-74 20 0:67 / /var/lib/docker/aufs/mnt/5d7445562acf73c6f0ae34c3dd0921d7457de1ba92a587d9e06a44fa209eeb3e rw,relatime - aufs none rw,si=caafa54f854f525
-75 20 0:68 / /var/lib/docker/aufs/mnt/06400b526ec18b66639c96efc41a84f4ae0b117cb28dafd56be420651b4084a0 rw,relatime - aufs none rw,si=caafa54f840b525
-76 20 0:69 / /var/lib/docker/aufs/mnt/e051d45ec42d8e3e1cc57bb39871a40de486dc123522e9c067fbf2ca6a357785-init rw,relatime - aufs none rw,si=caafa54fdddf525
-77 20 0:70 / /var/lib/docker/aufs/mnt/e051d45ec42d8e3e1cc57bb39871a40de486dc123522e9c067fbf2ca6a357785 rw,relatime - aufs none rw,si=caafa54f854b525
-78 20 0:71 / /var/lib/docker/aufs/mnt/1ff414fa93fd61ec81b0ab7b365a841ff6545accae03cceac702833aaeaf718f rw,relatime - aufs none rw,si=caafa54f8d85525
-79 20 0:72 / /var/lib/docker/aufs/mnt/c661b2f871dd5360e46a2aebf8f970f6d39a2ff64e06979aa0361227c88128b8-init rw,relatime - aufs none rw,si=caafa54f8da3525
-80 20 0:73 / /var/lib/docker/aufs/mnt/c661b2f871dd5360e46a2aebf8f970f6d39a2ff64e06979aa0361227c88128b8 rw,relatime - aufs none rw,si=caafa54f8da2525
-81 20 0:74 / /var/lib/docker/aufs/mnt/b68b1d4fe4d30016c552398e78b379a39f651661d8e1fa5f2460c24a5e723420 rw,relatime - aufs none rw,si=caafa54f8d81525
-82 20 0:75 / /var/lib/docker/aufs/mnt/c5c5979c936cd0153a4c626fa9d69ce4fce7d924cc74fa68b025d2f585031739-init rw,relatime - aufs none rw,si=caafa54f8da1525
-83 20 0:76 / /var/lib/docker/aufs/mnt/c5c5979c936cd0153a4c626fa9d69ce4fce7d924cc74fa68b025d2f585031739 rw,relatime - aufs none rw,si=caafa54f8da0525
-84 20 0:77 / /var/lib/docker/aufs/mnt/53e10b0329afc0e0d3322d31efaed4064139dc7027fe6ae445cffd7104bcc94f rw,relatime - aufs none rw,si=caafa54f8c35525
-85 20 0:78 / /var/lib/docker/aufs/mnt/3bfafd09ff2603e2165efacc2215c1f51afabba6c42d04a68cc2df0e8cc31494-init rw,relatime - aufs none rw,si=caafa54f8db8525
-86 20 0:79 / /var/lib/docker/aufs/mnt/3bfafd09ff2603e2165efacc2215c1f51afabba6c42d04a68cc2df0e8cc31494 rw,relatime - aufs none rw,si=caafa54f8dba525
-87 20 0:80 / /var/lib/docker/aufs/mnt/90fdd2c03eeaf65311f88f4200e18aef6d2772482712d9aea01cd793c64781b5 rw,relatime - aufs none rw,si=caafa54f8315525
-88 20 0:81 / /var/lib/docker/aufs/mnt/7bdf2591c06c154ceb23f5e74b1d03b18fbf6fe96e35fbf539b82d446922442f-init rw,relatime - aufs none rw,si=caafa54f8fc6525
-89 20 0:82 / /var/lib/docker/aufs/mnt/7bdf2591c06c154ceb23f5e74b1d03b18fbf6fe96e35fbf539b82d446922442f rw,relatime - aufs none rw,si=caafa54f8468525
-90 20 0:83 / /var/lib/docker/aufs/mnt/8cf9a993f50f3305abad3da268c0fc44ff78a1e7bba595ef9de963497496c3f9 rw,relatime - aufs none rw,si=caafa54f8c59525
-91 20 0:84 / /var/lib/docker/aufs/mnt/ecc896fd74b21840a8d35e8316b92a08b1b9c83d722a12acff847e9f0ff17173-init rw,relatime - aufs none rw,si=caafa54f846a525
-92 20 0:85 / /var/lib/docker/aufs/mnt/ecc896fd74b21840a8d35e8316b92a08b1b9c83d722a12acff847e9f0ff17173 rw,relatime - aufs none rw,si=caafa54f846b525
-93 20 0:86 / /var/lib/docker/aufs/mnt/d8c8288ec920439a48b5796bab5883ee47a019240da65e8d8f33400c31bac5df rw,relatime - aufs none rw,si=caafa54f8dbf525
-94 20 0:87 / /var/lib/docker/aufs/mnt/ecba66710bcd03199b9398e46c005cd6b68d0266ec81dc8b722a29cc417997c6-init rw,relatime - aufs none rw,si=caafa54f810f525
-95 20 0:88 / /var/lib/docker/aufs/mnt/ecba66710bcd03199b9398e46c005cd6b68d0266ec81dc8b722a29cc417997c6 rw,relatime - aufs none rw,si=caafa54fbae9525
-96 20 0:89 / /var/lib/docker/aufs/mnt/befc1c67600df449dddbe796c0d06da7caff1d2bbff64cde1f0ba82d224996b5 rw,relatime - aufs none rw,si=caafa54f8dab525
-97 20 0:90 / /var/lib/docker/aufs/mnt/c9f470e73d2742629cdc4084a1b2c1a8302914f2aa0d0ec4542371df9a050562-init rw,relatime - aufs none rw,si=caafa54fdc02525
-98 20 0:91 / /var/lib/docker/aufs/mnt/c9f470e73d2742629cdc4084a1b2c1a8302914f2aa0d0ec4542371df9a050562 rw,relatime - aufs none rw,si=caafa54f9eb0525
-99 20 0:92 / /var/lib/docker/aufs/mnt/2a31f10029f04ff9d4381167a9b739609853d7220d55a56cb654779a700ee246 rw,relatime - aufs none rw,si=caafa54f8c37525
-100 20 0:93 / /var/lib/docker/aufs/mnt/8c4261b8e3e4b21ebba60389bd64b6261217e7e6b9fd09e201d5a7f6760f6927-init rw,relatime - aufs none rw,si=caafa54fd173525
-101 20 0:94 / /var/lib/docker/aufs/mnt/8c4261b8e3e4b21ebba60389bd64b6261217e7e6b9fd09e201d5a7f6760f6927 rw,relatime - aufs none rw,si=caafa54f8108525
-102 20 0:95 / /var/lib/docker/aufs/mnt/eaa0f57403a3dc685268f91df3fbcd7a8423cee50e1a9ee5c3e1688d9d676bb4 rw,relatime - aufs none rw,si=caafa54f852d525
-103 20 0:96 / /var/lib/docker/aufs/mnt/9cfe69a2cbffd9bfc7f396d4754f6fe5cc457ef417b277797be3762dfe955a6b-init rw,relatime - aufs none rw,si=caafa54f8d80525
-104 20 0:97 / /var/lib/docker/aufs/mnt/9cfe69a2cbffd9bfc7f396d4754f6fe5cc457ef417b277797be3762dfe955a6b rw,relatime - aufs none rw,si=caafa54f8fc3525
-105 20 0:98 / /var/lib/docker/aufs/mnt/d1b322ae17613c6adee84e709641a9244ac56675244a89a64dc0075075fcbb83 rw,relatime - aufs none rw,si=caafa54f8c58525
-106 20 0:99 / /var/lib/docker/aufs/mnt/d46c2a8e9da7e91ab34fd9c192851c246a4e770a46720bda09e55c7554b9dbbd-init rw,relatime - aufs none rw,si=caafa54f8c63525
-107 20 0:100 / /var/lib/docker/aufs/mnt/d46c2a8e9da7e91ab34fd9c192851c246a4e770a46720bda09e55c7554b9dbbd rw,relatime - aufs none rw,si=caafa54f8c67525
-108 20 0:101 / /var/lib/docker/aufs/mnt/bc9d2a264158f83a617a069bf17cbbf2a2ba453db7d3951d9dc63cc1558b1c2b rw,relatime - aufs none rw,si=caafa54f8dbe525
-109 20 0:102 / /var/lib/docker/aufs/mnt/9e6abb8d72bbeb4d5cf24b96018528015ba830ce42b4859965bd482cbd034e99-init rw,relatime - aufs none rw,si=caafa54f9e0d525
-110 20 0:103 / /var/lib/docker/aufs/mnt/9e6abb8d72bbeb4d5cf24b96018528015ba830ce42b4859965bd482cbd034e99 rw,relatime - aufs none rw,si=caafa54f9e1b525
-111 20 0:104 / /var/lib/docker/aufs/mnt/d4dca7b02569c732e740071e1c654d4ad282de5c41edb619af1f0aafa618be26 rw,relatime - aufs none rw,si=caafa54f8dae525
-112 20 0:105 / /var/lib/docker/aufs/mnt/fea63da40fa1c5ffbad430dde0bc64a8fc2edab09a051fff55b673c40a08f6b7-init rw,relatime - aufs none rw,si=caafa54f8c5c525
-113 20 0:106 / /var/lib/docker/aufs/mnt/fea63da40fa1c5ffbad430dde0bc64a8fc2edab09a051fff55b673c40a08f6b7 rw,relatime - aufs none rw,si=caafa54fd172525
-114 20 0:107 / /var/lib/docker/aufs/mnt/e60c57499c0b198a6734f77f660cdbbd950a5b78aa23f470ca4f0cfcc376abef rw,relatime - aufs none rw,si=caafa54909c4525
-115 20 0:108 / /var/lib/docker/aufs/mnt/099c78e7ccd9c8717471bb1bbfff838c0a9913321ba2f214fbeaf92c678e5b35-init rw,relatime - aufs none rw,si=caafa54909c3525
-116 20 0:109 / /var/lib/docker/aufs/mnt/099c78e7ccd9c8717471bb1bbfff838c0a9913321ba2f214fbeaf92c678e5b35 rw,relatime - aufs none rw,si=caafa54909c7525
-117 20 0:110 / /var/lib/docker/aufs/mnt/2997be666d58b9e71469759bcb8bd9608dad0e533a1a7570a896919ba3388825 rw,relatime - aufs none rw,si=caafa54f8557525
-118 20 0:111 / /var/lib/docker/aufs/mnt/730694eff438ef20569df38dfb38a920969d7ff2170cc9aa7cb32a7ed8147a93-init rw,relatime - aufs none rw,si=caafa54c6e88525
-119 20 0:112 / /var/lib/docker/aufs/mnt/730694eff438ef20569df38dfb38a920969d7ff2170cc9aa7cb32a7ed8147a93 rw,relatime - aufs none rw,si=caafa54c6e8e525
-120 20 0:113 / /var/lib/docker/aufs/mnt/a672a1e2f2f051f6e19ed1dfbe80860a2d774174c49f7c476695f5dd1d5b2f67 rw,relatime - aufs none rw,si=caafa54c6e15525
-121 20 0:114 / /var/lib/docker/aufs/mnt/aba3570e17859f76cf29d282d0d150659c6bd80780fdc52a465ba05245c2a420-init rw,relatime - aufs none rw,si=caafa54f8dad525
-122 20 0:115 / /var/lib/docker/aufs/mnt/aba3570e17859f76cf29d282d0d150659c6bd80780fdc52a465ba05245c2a420 rw,relatime - aufs none rw,si=caafa54f8d84525
-123 20 0:116 / /var/lib/docker/aufs/mnt/2abc86007aca46fb4a817a033e2a05ccacae40b78ea4b03f8ea616b9ada40e2e rw,relatime - aufs none rw,si=caafa54c6e8b525
-124 20 0:117 / /var/lib/docker/aufs/mnt/36352f27f7878e648367a135bd1ec3ed497adcb8ac13577ee892a0bd921d2374-init rw,relatime - aufs none rw,si=caafa54c6e8d525
-125 20 0:118 / /var/lib/docker/aufs/mnt/36352f27f7878e648367a135bd1ec3ed497adcb8ac13577ee892a0bd921d2374 rw,relatime - aufs none rw,si=caafa54f8c34525
-126 20 0:119 / /var/lib/docker/aufs/mnt/2f95ca1a629cea8363b829faa727dd52896d5561f2c96ddee4f697ea2fc872c2 rw,relatime - aufs none rw,si=caafa54c6e8a525
-127 20 0:120 / /var/lib/docker/aufs/mnt/f108c8291654f179ef143a3e07de2b5a34adbc0b28194a0ab17742b6db9a7fb2-init rw,relatime - aufs none rw,si=caafa54f8e19525
-128 20 0:121 / /var/lib/docker/aufs/mnt/f108c8291654f179ef143a3e07de2b5a34adbc0b28194a0ab17742b6db9a7fb2 rw,relatime - aufs none rw,si=caafa54fa8c6525
-129 20 0:122 / /var/lib/docker/aufs/mnt/c1d04dfdf8cccb3676d5a91e84e9b0781ce40623d127d038bcfbe4c761b27401 rw,relatime - aufs none rw,si=caafa54f8c30525
-130 20 0:123 / /var/lib/docker/aufs/mnt/3f4898ffd0e1239aeebf1d1412590cdb7254207fa3883663e2c40cf772e5f05a-init rw,relatime - aufs none rw,si=caafa54c6e1a525
-131 20 0:124 / /var/lib/docker/aufs/mnt/3f4898ffd0e1239aeebf1d1412590cdb7254207fa3883663e2c40cf772e5f05a rw,relatime - aufs none rw,si=caafa54c6e1c525
-132 20 0:125 / /var/lib/docker/aufs/mnt/5ae3b6fccb1539fc02d420e86f3e9637bef5b711fed2ca31a2f426c8f5deddbf rw,relatime - aufs none rw,si=caafa54c4fea525
-133 20 0:126 / /var/lib/docker/aufs/mnt/310bfaf80d57020f2e73b06aeffb0b9b0ca2f54895f88bf5e4d1529ccac58fe0-init rw,relatime - aufs none rw,si=caafa54c6e1e525
-134 20 0:127 / /var/lib/docker/aufs/mnt/310bfaf80d57020f2e73b06aeffb0b9b0ca2f54895f88bf5e4d1529ccac58fe0 rw,relatime - aufs none rw,si=caafa54fa8c0525
-135 20 0:128 / /var/lib/docker/aufs/mnt/f382bd5aaccaf2d04a59089ac7cb12ec87efd769fd0c14d623358fbfd2a3f896 rw,relatime - aufs none rw,si=caafa54c4fec525
-136 20 0:129 / /var/lib/docker/aufs/mnt/50d45e9bb2d779bc6362824085564c7578c231af5ae3b3da116acf7e17d00735-init rw,relatime - aufs none rw,si=caafa54c4fef525
-137 20 0:130 / /var/lib/docker/aufs/mnt/50d45e9bb2d779bc6362824085564c7578c231af5ae3b3da116acf7e17d00735 rw,relatime - aufs none rw,si=caafa54c4feb525
-138 20 0:131 / /var/lib/docker/aufs/mnt/a9c5ee0854dc083b6bf62b7eb1e5291aefbb10702289a446471ce73aba0d5d7d rw,relatime - aufs none rw,si=caafa54909c6525
-139 20 0:134 / /var/lib/docker/aufs/mnt/03a613e7bd5078819d1fd92df4e671c0127559a5e0b5a885cc8d5616875162f0-init rw,relatime - aufs none rw,si=caafa54804fe525
-140 20 0:135 / /var/lib/docker/aufs/mnt/03a613e7bd5078819d1fd92df4e671c0127559a5e0b5a885cc8d5616875162f0 rw,relatime - aufs none rw,si=caafa54804fa525
-141 20 0:136 / /var/lib/docker/aufs/mnt/7ec3277e5c04c907051caf9c9c35889f5fcd6463e5485971b25404566830bb70 rw,relatime - aufs none rw,si=caafa54804f9525
-142 20 0:139 / /var/lib/docker/aufs/mnt/26b5b5d71d79a5b2bfcf8bc4b2280ee829f261eb886745dd90997ed410f7e8b8-init rw,relatime - aufs none rw,si=caafa54c6ef6525
-143 20 0:140 / /var/lib/docker/aufs/mnt/26b5b5d71d79a5b2bfcf8bc4b2280ee829f261eb886745dd90997ed410f7e8b8 rw,relatime - aufs none rw,si=caafa54c6ef5525
-144 20 0:356 / /var/lib/docker/aufs/mnt/e6ecde9e2c18cd3c75f424c67b6d89685cfee0fc67abf2cb6bdc0867eb998026 rw,relatime - aufs none rw,si=caafa548068e525`
-
-	gentooMountinfo = `15 1 8:6 / / rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
-16 15 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
-17 15 0:14 / /run rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=3292172k,mode=755
-18 15 0:5 / /dev rw,nosuid,relatime - devtmpfs udev rw,size=10240k,nr_inodes=4106451,mode=755
-19 18 0:12 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
-20 18 0:10 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000
-21 18 0:15 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw
-22 15 0:16 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
-23 22 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime - debugfs debugfs rw
-24 22 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs cgroup_root rw,size=10240k,mode=755
-25 24 0:18 / /sys/fs/cgroup/openrc rw,nosuid,nodev,noexec,relatime - cgroup openrc rw,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc
-26 24 0:19 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cpuset rw,cpuset,clone_children
-27 24 0:20 / /sys/fs/cgroup/cpu rw,nosuid,nodev,noexec,relatime - cgroup cpu rw,cpu,clone_children
-28 24 0:21 / /sys/fs/cgroup/cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cpuacct rw,cpuacct,clone_children
-29 24 0:22 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime - cgroup memory rw,memory,clone_children
-30 24 0:23 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime - cgroup devices rw,devices,clone_children
-31 24 0:24 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup freezer rw,freezer,clone_children
-32 24 0:25 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime - cgroup blkio rw,blkio,clone_children
-33 15 8:1 / /boot rw,noatime,nodiratime - vfat /dev/sda1 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro
-34 15 8:18 / /mnt/xfs rw,noatime,nodiratime - xfs /dev/sdb2 rw,attr2,inode64,noquota
-35 15 0:26 / /tmp rw,relatime - tmpfs tmpfs rw
-36 16 0:27 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime - binfmt_misc binfmt_misc rw
-42 15 0:33 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs rpc_pipefs rw
-43 16 0:34 / /proc/fs/nfsd rw,nosuid,nodev,noexec,relatime - nfsd nfsd rw
-44 15 0:35 / /home/tianon/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=1000,group_id=1000
-68 15 0:3336 / /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd rw,relatime - aufs none rw,si=9b4a7640128db39c
-86 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/config.env /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerenv rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
-87 68 8:6 /etc/resolv.conf /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/resolv.conf rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
-88 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hostname /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hostname rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
-89 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hosts /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hosts rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
-38 15 0:3384 / /var/lib/docker/aufs/mnt/0292005a9292401bb5197657f2b682d97d8edcb3b72b5e390d2a680139985b55 rw,relatime - aufs none rw,si=9b4a7642b584939c
-39 15 0:3385 / /var/lib/docker/aufs/mnt/59db98c889de5f71b70cfb82c40cbe47b64332f0f56042a2987a9e5df6e5e3aa rw,relatime - aufs none rw,si=9b4a7642b584e39c
-40 15 0:3386 / /var/lib/docker/aufs/mnt/0545f0f2b6548eb9601d08f35a08f5a0a385407d36027a28f58e06e9f61e0278 rw,relatime - aufs none rw,si=9b4a7642b584b39c
-41 15 0:3387 / /var/lib/docker/aufs/mnt/d882cfa16d1aa8fe0331a36e79be3d80b151e49f24fc39a39c3fed1735d5feb5 rw,relatime - aufs none rw,si=9b4a76453040039c
-45 15 0:3388 / /var/lib/docker/aufs/mnt/055ca3befcb1626e74f5344b3398724ff05c0de0e20021683d04305c9e70a3f6 rw,relatime - aufs none rw,si=9b4a76453040739c
-46 15 0:3389 / /var/lib/docker/aufs/mnt/b899e4567a351745d4285e7f1c18fdece75d877deb3041981cd290be348b7aa6 rw,relatime - aufs none rw,si=9b4a7647def4039c
-47 15 0:3390 / /var/lib/docker/aufs/mnt/067ca040292c58954c5129f953219accfae0d40faca26b4d05e76ca76a998f16 rw,relatime - aufs none rw,si=9b4a7647def4239c
-48 15 0:3391 / /var/lib/docker/aufs/mnt/8c995e7cb6e5082742daeea720e340b021d288d25d92e0412c03d200df308a11 rw,relatime - aufs none rw,si=9b4a764479c1639c
-49 15 0:3392 / /var/lib/docker/aufs/mnt/07cc54dfae5b45300efdacdd53cc72c01b9044956a86ce7bff42d087e426096d rw,relatime - aufs none rw,si=9b4a764479c1739c
-50 15 0:3393 / /var/lib/docker/aufs/mnt/0a9c95cf4c589c05b06baa79150b0cc1d8e7102759fe3ce4afaabb8247ca4f85 rw,relatime - aufs none rw,si=9b4a7644059c839c
-51 15 0:3394 / /var/lib/docker/aufs/mnt/468fa98cececcf4e226e8370f18f4f848d63faf287fb8321a07f73086441a3a0 rw,relatime - aufs none rw,si=9b4a7644059ca39c
-52 15 0:3395 / /var/lib/docker/aufs/mnt/0b826192231c5ce066fffb5beff4397337b5fc19a377aa7c6282c7c0ce7f111f rw,relatime - aufs none rw,si=9b4a764479c1339c
-53 15 0:3396 / /var/lib/docker/aufs/mnt/93b8ba1b772fbe79709b909c43ea4b2c30d712e53548f467db1ffdc7a384f196 rw,relatime - aufs none rw,si=9b4a7640798a739c
-54 15 0:3397 / /var/lib/docker/aufs/mnt/0c0d0acfb506859b12ef18cdfef9ebed0b43a611482403564224bde9149d373c rw,relatime - aufs none rw,si=9b4a7640798a039c
-55 15 0:3398 / /var/lib/docker/aufs/mnt/33648c39ab6c7c74af0243d6d6a81b052e9e25ad1e04b19892eb2dde013e358b rw,relatime - aufs none rw,si=9b4a7644b439b39c
-56 15 0:3399 / /var/lib/docker/aufs/mnt/0c12bea97a1c958a3c739fb148536c1c89351d48e885ecda8f0499b5cc44407e rw,relatime - aufs none rw,si=9b4a7640798a239c
-57 15 0:3400 / /var/lib/docker/aufs/mnt/ed443988ce125f172d7512e84a4de2627405990fd767a16adefa8ce700c19ce8 rw,relatime - aufs none rw,si=9b4a7644c8ed339c
-59 15 0:3402 / /var/lib/docker/aufs/mnt/f61612c324ff3c924d3f7a82fb00a0f8d8f73c248c41897061949e9f5ab7e3b1 rw,relatime - aufs none rw,si=9b4a76442810c39c
-60 15 0:3403 / /var/lib/docker/aufs/mnt/0f1ee55c6c4e25027b80de8e64b8b6fb542b3b41aa0caab9261da75752e22bfd rw,relatime - aufs none rw,si=9b4a76442810e39c
-61 15 0:3404 / /var/lib/docker/aufs/mnt/956f6cc4af5785cb3ee6963dcbca668219437d9b28f513290b1453ac64a34f97 rw,relatime - aufs none rw,si=9b4a7644303ec39c
-62 15 0:3405 / /var/lib/docker/aufs/mnt/1099769158c4b4773e2569e38024e8717e400f87a002c41d8cf47cb81b051ba6 rw,relatime - aufs none rw,si=9b4a7644303ee39c
-63 15 0:3406 / /var/lib/docker/aufs/mnt/11890ceb98d4442595b676085cd7b21550ab85c5df841e0fba997ff54e3d522d rw,relatime - aufs none rw,si=9b4a7644303ed39c
-64 15 0:3407 / /var/lib/docker/aufs/mnt/acdb90dc378e8ed2420b43a6d291f1c789a081cd1904018780cc038fcd7aae53 rw,relatime - aufs none rw,si=9b4a76434be2139c
-65 15 0:3408 / /var/lib/docker/aufs/mnt/120e716f19d4714fbe63cc1ed246204f2c1106eefebc6537ba2587d7e7711959 rw,relatime - aufs none rw,si=9b4a76434be2339c
-66 15 0:3409 / /var/lib/docker/aufs/mnt/b197b7fffb61d89e0ba1c40de9a9fc0d912e778b3c1bd828cf981ff37c1963bc rw,relatime - aufs none rw,si=9b4a76434be2039c
-70 15 0:3412 / /var/lib/docker/aufs/mnt/1434b69d2e1bb18a9f0b96b9cdac30132b2688f5d1379f68a39a5e120c2f93eb rw,relatime - aufs none rw,si=9b4a76434be2639c
-71 15 0:3413 / /var/lib/docker/aufs/mnt/16006e83caf33ab5eb0cd6afc92ea2ee8edeff897496b0bb3ec3a75b767374b3 rw,relatime - aufs none rw,si=9b4a7644d790439c
-72 15 0:3414 / /var/lib/docker/aufs/mnt/55bfa5f44e94d27f91f79ba901b118b15098449165c87abf1b53ffff147ff164 rw,relatime - aufs none rw,si=9b4a7644d790239c
-73 15 0:3415 / /var/lib/docker/aufs/mnt/1912b97a07ab21ccd98a2a27bc779bf3cf364a3138afa3c3e6f7f169a3c3eab5 rw,relatime - aufs none rw,si=9b4a76441822739c
-76 15 0:3418 / /var/lib/docker/aufs/mnt/1a7c3292e8879bd91ffd9282e954f643b1db5683093574c248ff14a9609f2f56 rw,relatime - aufs none rw,si=9b4a76438cb7239c
-77 15 0:3419 / /var/lib/docker/aufs/mnt/bb1faaf0d076ddba82c2318305a85f490dafa4e8a8640a8db8ed657c439120cc rw,relatime - aufs none rw,si=9b4a76438cb7339c
-78 15 0:3420 / /var/lib/docker/aufs/mnt/1ab869f21d2241a73ac840c7f988490313f909ac642eba71d092204fec66dd7c rw,relatime - aufs none rw,si=9b4a76438cb7639c
-79 15 0:3421 / /var/lib/docker/aufs/mnt/fd7245b2cfe3890fa5f5b452260e4edf9e7fb7746532ed9d83f7a0d7dbaa610e rw,relatime - aufs none rw,si=9b4a7644bdc0139c
-80 15 0:3422 / /var/lib/docker/aufs/mnt/1e5686c5301f26b9b3cd24e322c608913465cc6c5d0dcd7c5e498d1314747d61 rw,relatime - aufs none rw,si=9b4a7644bdc0639c
-81 15 0:3423 / /var/lib/docker/aufs/mnt/52edf6ee6e40bfec1e9301a4d4a92ab83d144e2ae4ce5099e99df6138cb844bf rw,relatime - aufs none rw,si=9b4a7644bdc0239c
-82 15 0:3424 / /var/lib/docker/aufs/mnt/1ea10fb7085d28cda4904657dff0454e52598d28e1d77e4f2965bbc3666e808f rw,relatime - aufs none rw,si=9b4a76438cb7139c
-83 15 0:3425 / /var/lib/docker/aufs/mnt/9c03e98c3593946dbd4087f8d83f9ca262f4a2efdc952ce60690838b9ba6c526 rw,relatime - aufs none rw,si=9b4a76443020639c
-84 15 0:3426 / /var/lib/docker/aufs/mnt/220a2344d67437602c6d2cee9a98c46be13f82c2a8063919dd2fad52bf2fb7dd rw,relatime - aufs none rw,si=9b4a76434bff339c
-94 15 0:3427 / /var/lib/docker/aufs/mnt/3b32876c5b200312c50baa476ff342248e88c8ea96e6a1032cd53a88738a1cf2 rw,relatime - aufs none rw,si=9b4a76434bff139c
-95 15 0:3428 / /var/lib/docker/aufs/mnt/23ee2b8b0d4ae8db6f6d1e168e2c6f79f8a18f953b09f65e0d22cc1e67a3a6fa rw,relatime - aufs none rw,si=9b4a7646c305c39c
-96 15 0:3429 / /var/lib/docker/aufs/mnt/e86e6daa70b61b57945fa178222615f3c3d6bcef12c9f28e9f8623d44dc2d429 rw,relatime - aufs none rw,si=9b4a7646c305f39c
-97 15 0:3430 / /var/lib/docker/aufs/mnt/2413d07623e80860bb2e9e306fbdee699afd07525785c025c591231e864aa162 rw,relatime - aufs none rw,si=9b4a76434bff039c
-98 15 0:3431 / /var/lib/docker/aufs/mnt/adfd622eb22340fc80b429e5564b125668e260bf9068096c46dd59f1386a4b7d rw,relatime - aufs none rw,si=9b4a7646a7a1039c
-102 15 0:3435 / /var/lib/docker/aufs/mnt/27cd92e7a91d02e2d6b44d16679a00fb6d169b19b88822891084e7fd1a84882d rw,relatime - aufs none rw,si=9b4a7646f25ec39c
-103 15 0:3436 / /var/lib/docker/aufs/mnt/27dfdaf94cfbf45055c748293c37dd68d9140240bff4c646cb09216015914a88 rw,relatime - aufs none rw,si=9b4a7646732f939c
-104 15 0:3437 / /var/lib/docker/aufs/mnt/5ed7524aff68dfbf0fc601cbaeac01bab14391850a973dabf3653282a627920f rw,relatime - aufs none rw,si=9b4a7646732f839c
-105 15 0:3438 / /var/lib/docker/aufs/mnt/2a0d4767e536beb5785b60e071e3ac8e5e812613ab143a9627bee77d0c9ab062 rw,relatime - aufs none rw,si=9b4a7646732fe39c
-106 15 0:3439 / /var/lib/docker/aufs/mnt/dea3fc045d9f4ae51ba952450b948a822cf85c39411489ca5224f6d9a8d02bad rw,relatime - aufs none rw,si=9b4a764012ad839c
-107 15 0:3440 / /var/lib/docker/aufs/mnt/2d140a787160798da60cb67c21b1210054ad4dafecdcf832f015995b9aa99cfd rw,relatime - aufs none rw,si=9b4a764012add39c
-108 15 0:3441 / /var/lib/docker/aufs/mnt/cb190b2a8e984475914430fbad2382e0d20b9b659f8ef83ae8d170cc672e519c rw,relatime - aufs none rw,si=9b4a76454d9c239c
-109 15 0:3442 / /var/lib/docker/aufs/mnt/2f4a012d5a7ffd90256a6e9aa479054b3dddbc3c6a343f26dafbf3196890223b rw,relatime - aufs none rw,si=9b4a76454d9c439c
-110 15 0:3443 / /var/lib/docker/aufs/mnt/63cc77904b80c4ffbf49cb974c5d8733dc52ad7640d3ae87554b325d7312d87f rw,relatime - aufs none rw,si=9b4a76454d9c339c
-111 15 0:3444 / /var/lib/docker/aufs/mnt/30333e872c451482ea2d235ff2192e875bd234006b238ae2bdde3b91a86d7522 rw,relatime - aufs none rw,si=9b4a76422cebf39c
-112 15 0:3445 / /var/lib/docker/aufs/mnt/6c54fc1125da3925cae65b5c9a98f3be55b0a2c2666082e5094a4ba71beb5bff rw,relatime - aufs none rw,si=9b4a7646dd5a439c
-113 15 0:3446 / /var/lib/docker/aufs/mnt/3087d48cb01cda9d0a83a9ca301e6ea40e8593d18c4921be4794c91a420ab9a3 rw,relatime - aufs none rw,si=9b4a7646dd5a739c
-114 15 0:3447 / /var/lib/docker/aufs/mnt/cc2607462a8f55b179a749b144c3fdbb50678e1a4f3065ea04e283e9b1f1d8e2 rw,relatime - aufs none rw,si=9b4a7646dd5a239c
-117 15 0:3450 / /var/lib/docker/aufs/mnt/310c5e8392b29e8658a22e08d96d63936633b7e2c38e8d220047928b00a03d24 rw,relatime - aufs none rw,si=9b4a7647932d739c
-118 15 0:3451 / /var/lib/docker/aufs/mnt/38a1f0029406ba9c3b6058f2f406d8a1d23c855046cf355c91d87d446fcc1460 rw,relatime - aufs none rw,si=9b4a76445abc939c
-119 15 0:3452 / /var/lib/docker/aufs/mnt/42e109ab7914ae997a11ccd860fd18e4d488c50c044c3240423ce15774b8b62e rw,relatime - aufs none rw,si=9b4a76445abca39c
-120 15 0:3453 / /var/lib/docker/aufs/mnt/365d832af0402d052b389c1e9c0d353b48487533d20cd4351df8e24ec4e4f9d8 rw,relatime - aufs none rw,si=9b4a7644066aa39c
-121 15 0:3454 / /var/lib/docker/aufs/mnt/d3fa8a24d695b6cda9b64f96188f701963d28bef0473343f8b212df1a2cf1d2b rw,relatime - aufs none rw,si=9b4a7644066af39c
-122 15 0:3455 / /var/lib/docker/aufs/mnt/37d4f491919abc49a15d0c7a7cc8383f087573525d7d288accd14f0b4af9eae0 rw,relatime - aufs none rw,si=9b4a7644066ad39c
-123 15 0:3456 / /var/lib/docker/aufs/mnt/93902707fe12cbdd0068ce73f2baad4b3a299189b1b19cb5f8a2025e106ae3f5 rw,relatime - aufs none rw,si=9b4a76444445f39c
-126 15 0:3459 / /var/lib/docker/aufs/mnt/3b49291670a625b9bbb329ffba99bf7fa7abff80cefef040f8b89e2b3aad4f9f rw,relatime - aufs none rw,si=9b4a7640798a339c
-127 15 0:3460 / /var/lib/docker/aufs/mnt/8d9c7b943cc8f854f4d0d4ec19f7c16c13b0cc4f67a41472a072648610cecb59 rw,relatime - aufs none rw,si=9b4a76427383039c
-128 15 0:3461 / /var/lib/docker/aufs/mnt/3b6c90036526c376307df71d49c9f5fce334c01b926faa6a78186842de74beac rw,relatime - aufs none rw,si=9b4a7644badd439c
-130 15 0:3463 / /var/lib/docker/aufs/mnt/7b24158eeddfb5d31b7e932e406ea4899fd728344335ff8e0765e89ddeb351dd rw,relatime - aufs none rw,si=9b4a7644badd539c
-131 15 0:3464 / /var/lib/docker/aufs/mnt/3ead6dd5773765c74850cf6c769f21fe65c29d622ffa712664f9f5b80364ce27 rw,relatime - aufs none rw,si=9b4a7642f469939c
-132 15 0:3465 / /var/lib/docker/aufs/mnt/3f825573b29547744a37b65597a9d6d15a8350be4429b7038d126a4c9a8e178f rw,relatime - aufs none rw,si=9b4a7642f469c39c
-133 15 0:3466 / /var/lib/docker/aufs/mnt/f67aaaeb3681e5dcb99a41f847087370bd1c206680cb8c7b6a9819fd6c97a331 rw,relatime - aufs none rw,si=9b4a7647cc25939c
-134 15 0:3467 / /var/lib/docker/aufs/mnt/41afe6cfb3c1fc2280b869db07699da88552786e28793f0bc048a265c01bd942 rw,relatime - aufs none rw,si=9b4a7647cc25c39c
-135 15 0:3468 / /var/lib/docker/aufs/mnt/b8092ea59da34a40b120e8718c3ae9fa8436996edc4fc50e4b99c72dfd81e1af rw,relatime - aufs none rw,si=9b4a76445abc439c
-136 15 0:3469 / /var/lib/docker/aufs/mnt/42c69d2cc179e2684458bb8596a9da6dad182c08eae9b74d5f0e615b399f75a5 rw,relatime - aufs none rw,si=9b4a76455ddbe39c
-137 15 0:3470 / /var/lib/docker/aufs/mnt/ea0871954acd2d62a211ac60e05969622044d4c74597870c4f818fbb0c56b09b rw,relatime - aufs none rw,si=9b4a76455ddbf39c
-138 15 0:3471 / /var/lib/docker/aufs/mnt/4307906b275ab3fc971786b3841ae3217ac85b6756ddeb7ad4ba09cd044c2597 rw,relatime - aufs none rw,si=9b4a76455ddb839c
-139 15 0:3472 / /var/lib/docker/aufs/mnt/4390b872928c53500a5035634f3421622ed6299dc1472b631fc45de9f56dc180 rw,relatime - aufs none rw,si=9b4a76402f2fd39c
-140 15 0:3473 / /var/lib/docker/aufs/mnt/6bb41e78863b85e4aa7da89455314855c8c3bda64e52a583bab15dc1fa2e80c2 rw,relatime - aufs none rw,si=9b4a76402f2fa39c
-141 15 0:3474 / /var/lib/docker/aufs/mnt/4444f583c2a79c66608f4673a32c9c812154f027045fbd558c2d69920c53f835 rw,relatime - aufs none rw,si=9b4a764479dbd39c
-142 15 0:3475 / /var/lib/docker/aufs/mnt/6f11883af4a05ea362e0c54df89058da4859f977efd07b6f539e1f55c1d2a668 rw,relatime - aufs none rw,si=9b4a76402f30b39c
-143 15 0:3476 / /var/lib/docker/aufs/mnt/453490dd32e7c2e9ef906f995d8fb3c2753923d1a5e0ba3fd3296e2e4dc238e7 rw,relatime - aufs none rw,si=9b4a76402f30c39c
-144 15 0:3477 / /var/lib/docker/aufs/mnt/45e5945735ee102b5e891c91650c57ec4b52bb53017d68f02d50ea8a6e230610 rw,relatime - aufs none rw,si=9b4a76423260739c
-147 15 0:3480 / /var/lib/docker/aufs/mnt/4727a64a5553a1125f315b96bed10d3073d6988225a292cce732617c925b56ab rw,relatime - aufs none rw,si=9b4a76443030339c
-150 15 0:3483 / /var/lib/docker/aufs/mnt/4e348b5187b9a567059306afc72d42e0ec5c893b0d4abd547526d5f9b6fb4590 rw,relatime - aufs none rw,si=9b4a7644f5d8c39c
-151 15 0:3484 / /var/lib/docker/aufs/mnt/4efc616bfbc3f906718b052da22e4335f8e9f91ee9b15866ed3a8029645189ef rw,relatime - aufs none rw,si=9b4a7644f5d8939c
-152 15 0:3485 / /var/lib/docker/aufs/mnt/83e730ae9754d5adb853b64735472d98dfa17136b8812ac9cfcd1eba7f4e7d2d rw,relatime - aufs none rw,si=9b4a76469aa7139c
-153 15 0:3486 / /var/lib/docker/aufs/mnt/4fc5ba8a5b333be2b7eefacccb626772eeec0ae8a6975112b56c9fb36c0d342f rw,relatime - aufs none rw,si=9b4a7640128dc39c
-154 15 0:3487 / /var/lib/docker/aufs/mnt/50200d5edff5dfe8d1ef3c78b0bbd709793ac6e936aa16d74ff66f7ea577b6f9 rw,relatime - aufs none rw,si=9b4a7640128da39c
-155 15 0:3488 / /var/lib/docker/aufs/mnt/51e5e51604361448f0b9777f38329f414bc5ba9cf238f26d465ff479bd574b61 rw,relatime - aufs none rw,si=9b4a76444f68939c
-156 15 0:3489 / /var/lib/docker/aufs/mnt/52a142149aa98bba83df8766bbb1c629a97b9799944ead90dd206c4bdf0b8385 rw,relatime - aufs none rw,si=9b4a76444f68b39c
-157 15 0:3490 / /var/lib/docker/aufs/mnt/52dd21a94a00f58a1ed489312fcfffb91578089c76c5650364476f1d5de031bc rw,relatime - aufs none rw,si=9b4a76444f68f39c
-158 15 0:3491 / /var/lib/docker/aufs/mnt/ee562415ddaad353ed22c88d0ca768a0c74bfba6333b6e25c46849ee22d990da rw,relatime - aufs none rw,si=9b4a7640128d839c
-159 15 0:3492 / /var/lib/docker/aufs/mnt/db47a9e87173f7554f550c8a01891de79cf12acdd32e01f95c1a527a08bdfb2c rw,relatime - aufs none rw,si=9b4a764405a1d39c
-160 15 0:3493 / /var/lib/docker/aufs/mnt/55e827bf6d44d930ec0b827c98356eb8b68c3301e2d60d1429aa72e05b4c17df rw,relatime - aufs none rw,si=9b4a764405a1a39c
-162 15 0:3495 / /var/lib/docker/aufs/mnt/578dc4e0a87fc37ec081ca098430499a59639c09f6f12a8f48de29828a091aa6 rw,relatime - aufs none rw,si=9b4a76406d7d439c
-163 15 0:3496 / /var/lib/docker/aufs/mnt/728cc1cb04fa4bc6f7bf7a90980beda6d8fc0beb71630874c0747b994efb0798 rw,relatime - aufs none rw,si=9b4a76444f20e39c
-164 15 0:3497 / /var/lib/docker/aufs/mnt/5850cc4bd9b55aea46c7ad598f1785117607974084ea643580f58ce3222e683a rw,relatime - aufs none rw,si=9b4a7644a824239c
-165 15 0:3498 / /var/lib/docker/aufs/mnt/89443b3f766d5a37bc8b84e29da8b84e6a3ea8486d3cf154e2aae1816516e4a8 rw,relatime - aufs none rw,si=9b4a7644a824139c
-166 15 0:3499 / /var/lib/docker/aufs/mnt/f5ae8fd5a41a337907d16515bc3162525154b59c32314c695ecd092c3b47943d rw,relatime - aufs none rw,si=9b4a7644a824439c
-167 15 0:3500 / /var/lib/docker/aufs/mnt/5a430854f2a03a9e5f7cbc9f3fb46a8ebca526a5b3f435236d8295e5998798f5 rw,relatime - aufs none rw,si=9b4a7647fc82439c
-168 15 0:3501 / /var/lib/docker/aufs/mnt/eda16901ae4cead35070c39845cbf1e10bd6b8cb0ffa7879ae2d8a186e460f91 rw,relatime - aufs none rw,si=9b4a76441e0df39c
-169 15 0:3502 / /var/lib/docker/aufs/mnt/5a593721430c2a51b119ff86a7e06ea2b37e3b4131f8f1344d402b61b0c8d868 rw,relatime - aufs none rw,si=9b4a764248bad39c
-170 15 0:3503 / /var/lib/docker/aufs/mnt/d662ad0a30fbfa902e0962108685b9330597e1ee2abb16dc9462eb5a67fdd23f rw,relatime - aufs none rw,si=9b4a764248bae39c
-171 15 0:3504 / /var/lib/docker/aufs/mnt/5bc9de5c79812843fb36eee96bef1ddba812407861f572e33242f4ee10da2c15 rw,relatime - aufs none rw,si=9b4a764248ba839c
-172 15 0:3505 / /var/lib/docker/aufs/mnt/5e763de8e9b0f7d58d2e12a341e029ab4efb3b99788b175090d8209e971156c1 rw,relatime - aufs none rw,si=9b4a764248baa39c
-173 15 0:3506 / /var/lib/docker/aufs/mnt/b4431dc2739936f1df6387e337f5a0c99cf051900c896bd7fd46a870ce61c873 rw,relatime - aufs none rw,si=9b4a76401263539c
-174 15 0:3507 / /var/lib/docker/aufs/mnt/5f37830e5a02561ab8c67ea3113137ba69f67a60e41c05cb0e7a0edaa1925b24 rw,relatime - aufs none rw,si=9b4a76401263639c
-184 15 0:3508 / /var/lib/docker/aufs/mnt/62ea10b957e6533538a4633a1e1d678502f50ddcdd354b2ca275c54dd7a7793a rw,relatime - aufs none rw,si=9b4a76401263039c
-187 15 0:3509 / /var/lib/docker/aufs/mnt/d56ee9d44195fe390e042fda75ec15af5132adb6d5c69468fa8792f4e54a6953 rw,relatime - aufs none rw,si=9b4a76401263239c
-188 15 0:3510 / /var/lib/docker/aufs/mnt/6a300930673174549c2b62f36c933f0332a20735978c007c805a301f897146c5 rw,relatime - aufs none rw,si=9b4a76455d4c539c
-189 15 0:3511 / /var/lib/docker/aufs/mnt/64496c45c84d348c24d410015456d101601c30cab4d1998c395591caf7e57a70 rw,relatime - aufs none rw,si=9b4a76455d4c639c
-190 15 0:3512 / /var/lib/docker/aufs/mnt/65a6a645883fe97a7422cd5e71ebe0bc17c8e6302a5361edf52e89747387e908 rw,relatime - aufs none rw,si=9b4a76455d4c039c
-191 15 0:3513 / /var/lib/docker/aufs/mnt/672be40695f7b6e13b0a3ed9fc996c73727dede3481f58155950fcfad57ed616 rw,relatime - aufs none rw,si=9b4a76455d4c239c
-192 15 0:3514 / /var/lib/docker/aufs/mnt/d42438acb2bfb2169e1c0d8e917fc824f7c85d336dadb0b0af36dfe0f001b3ba rw,relatime - aufs none rw,si=9b4a7642bfded39c
-193 15 0:3515 / /var/lib/docker/aufs/mnt/b48a54abf26d01cb2ddd908b1ed6034d17397c1341bf0eb2b251a3e5b79be854 rw,relatime - aufs none rw,si=9b4a7642bfdee39c
-194 15 0:3516 / /var/lib/docker/aufs/mnt/76f27134491f052bfb87f59092126e53ef875d6851990e59195a9da16a9412f8 rw,relatime - aufs none rw,si=9b4a7642bfde839c
-195 15 0:3517 / /var/lib/docker/aufs/mnt/6bd626a5462b4f8a8e1cc7d10351326dca97a59b2758e5ea549a4f6350ce8a90 rw,relatime - aufs none rw,si=9b4a7642bfdea39c
-196 15 0:3518 / /var/lib/docker/aufs/mnt/f1fe3549dbd6f5ca615e9139d9b53f0c83a3b825565df37628eacc13e70cbd6d rw,relatime - aufs none rw,si=9b4a7642bfdf539c
-197 15 0:3519 / /var/lib/docker/aufs/mnt/6d0458c8426a9e93d58d0625737e6122e725c9408488ed9e3e649a9984e15c34 rw,relatime - aufs none rw,si=9b4a7642bfdf639c
-198 15 0:3520 / /var/lib/docker/aufs/mnt/6e4c97db83aa82145c9cf2bafc20d500c0b5389643b689e3ae84188c270a48c5 rw,relatime - aufs none rw,si=9b4a7642bfdf039c
-199 15 0:3521 / /var/lib/docker/aufs/mnt/eb94d6498f2c5969eaa9fa11ac2934f1ab90ef88e2d002258dca08e5ba74ea27 rw,relatime - aufs none rw,si=9b4a7642bfdf239c
-200 15 0:3522 / /var/lib/docker/aufs/mnt/fe3f88f0c511608a2eec5f13a98703aa16e55dbf930309723d8a37101f539fe1 rw,relatime - aufs none rw,si=9b4a7642bfc3539c
-201 15 0:3523 / /var/lib/docker/aufs/mnt/6f40c229fb9cad85fabf4b64a2640a5403ec03fe5ac1a57d0609fb8b606b9c83 rw,relatime - aufs none rw,si=9b4a7642bfc3639c
-202 15 0:3524 / /var/lib/docker/aufs/mnt/7513e9131f7a8acf58ff15248237feb767c78732ca46e159f4d791e6ef031dbc rw,relatime - aufs none rw,si=9b4a7642bfc3039c
-203 15 0:3525 / /var/lib/docker/aufs/mnt/79f48b00aa713cdf809c6bb7c7cb911b66e9a8076c81d6c9d2504139984ea2da rw,relatime - aufs none rw,si=9b4a7642bfc3239c
-204 15 0:3526 / /var/lib/docker/aufs/mnt/c3680418350d11358f0a96c676bc5aa74fa00a7c89e629ef5909d3557b060300 rw,relatime - aufs none rw,si=9b4a7642f47cd39c
-205 15 0:3527 / /var/lib/docker/aufs/mnt/7a1744dd350d7fcc0cccb6f1757ca4cbe5453f203a5888b0f1014d96ad5a5ef9 rw,relatime - aufs none rw,si=9b4a7642f47ce39c
-206 15 0:3528 / /var/lib/docker/aufs/mnt/7fa99662db046be9f03c33c35251afda9ccdc0085636bbba1d90592cec3ff68d rw,relatime - aufs none rw,si=9b4a7642f47c839c
-207 15 0:3529 / /var/lib/docker/aufs/mnt/f815021ef20da9c9b056bd1d52d8aaf6e2c0c19f11122fc793eb2b04eb995e35 rw,relatime - aufs none rw,si=9b4a7642f47ca39c
-208 15 0:3530 / /var/lib/docker/aufs/mnt/801086ae3110192d601dfcebdba2db92e86ce6b6a9dba6678ea04488e4513669 rw,relatime - aufs none rw,si=9b4a7642dc6dd39c
-209 15 0:3531 / /var/lib/docker/aufs/mnt/822ba7db69f21daddda87c01cfbfbf73013fc03a879daf96d16cdde6f9b1fbd6 rw,relatime - aufs none rw,si=9b4a7642dc6de39c
-210 15 0:3532 / /var/lib/docker/aufs/mnt/834227c1a950fef8cae3827489129d0dd220541e60c6b731caaa765bf2e6a199 rw,relatime - aufs none rw,si=9b4a7642dc6d839c
-211 15 0:3533 / /var/lib/docker/aufs/mnt/83dccbc385299bd1c7cf19326e791b33a544eea7b4cdfb6db70ea94eed4389fb rw,relatime - aufs none rw,si=9b4a7642dc6da39c
-212 15 0:3534 / /var/lib/docker/aufs/mnt/f1b8e6f0e7c8928b5dcdab944db89306ebcae3e0b32f9ff40d2daa8329f21600 rw,relatime - aufs none rw,si=9b4a7645a126039c
-213 15 0:3535 / /var/lib/docker/aufs/mnt/970efb262c7a020c2404cbcc5b3259efba0d110a786079faeef05bc2952abf3a rw,relatime - aufs none rw,si=9b4a7644c8ed139c
-214 15 0:3536 / /var/lib/docker/aufs/mnt/84b6d73af7450f3117a77e15a5ca1255871fea6182cd8e8a7be6bc744be18c2c rw,relatime - aufs none rw,si=9b4a76406559139c
-215 15 0:3537 / /var/lib/docker/aufs/mnt/88be2716e026bc681b5e63fe7942068773efbd0b6e901ca7ba441412006a96b6 rw,relatime - aufs none rw,si=9b4a76406559339c
-216 15 0:3538 / /var/lib/docker/aufs/mnt/c81939aa166ce50cd8bca5cfbbcc420a78e0318dd5cd7c755209b9166a00a752 rw,relatime - aufs none rw,si=9b4a76406559239c
-217 15 0:3539 / /var/lib/docker/aufs/mnt/e0f241645d64b7dc5ff6a8414087cca226be08fb54ce987d1d1f6350c57083aa rw,relatime - aufs none rw,si=9b4a7647cfc0f39c
-218 15 0:3540 / /var/lib/docker/aufs/mnt/e10e2bf75234ed51d8a6a4bb39e465404fecbe318e54400d3879cdb2b0679c78 rw,relatime - aufs none rw,si=9b4a7647cfc0939c
-219 15 0:3541 / /var/lib/docker/aufs/mnt/8f71d74c8cfc3228b82564aa9f09b2e576cff0083ddfb6aa5cb350346063f080 rw,relatime - aufs none rw,si=9b4a7647cfc0a39c
-220 15 0:3542 / /var/lib/docker/aufs/mnt/9159f1eba2aef7f5205cc18d015cda7f5933cd29bba3b1b8aed5ccb5824c69ee rw,relatime - aufs none rw,si=9b4a76468cedd39c
-221 15 0:3543 / /var/lib/docker/aufs/mnt/932cad71e652e048e500d9fbb5b8ea4fc9a269d42a3134ce527ceef42a2be56b rw,relatime - aufs none rw,si=9b4a76468cede39c
-222 15 0:3544 / /var/lib/docker/aufs/mnt/bf1e1b5f529e8943cc0144ee86dbaaa37885c1ddffcef29537e0078ee7dd316a rw,relatime - aufs none rw,si=9b4a76468ced839c
-223 15 0:3545 / /var/lib/docker/aufs/mnt/949d93ecf3322e09f858ce81d5f4b434068ec44ff84c375de03104f7b45ee955 rw,relatime - aufs none rw,si=9b4a76468ceda39c
-224 15 0:3546 / /var/lib/docker/aufs/mnt/d65c6087f92dc2a3841b5251d2fe9ca07d4c6e5b021597692479740816e4e2a1 rw,relatime - aufs none rw,si=9b4a7645a126239c
-225 15 0:3547 / /var/lib/docker/aufs/mnt/98a0153119d0651c193d053d254f6e16a68345a141baa80c87ae487e9d33f290 rw,relatime - aufs none rw,si=9b4a7640787cf39c
-226 15 0:3548 / /var/lib/docker/aufs/mnt/99daf7fe5847c017392f6e59aa9706b3dfdd9e6d1ba11dae0f7fffde0a60b5e5 rw,relatime - aufs none rw,si=9b4a7640787c839c
-227 15 0:3549 / /var/lib/docker/aufs/mnt/9ad1f2fe8a5599d4e10c5a6effa7f03d932d4e92ee13149031a372087a359079 rw,relatime - aufs none rw,si=9b4a7640787ca39c
-228 15 0:3550 / /var/lib/docker/aufs/mnt/c26d64494da782ddac26f8370d86ac93e7c1666d88a7b99110fc86b35ea6a85d rw,relatime - aufs none rw,si=9b4a7642fc6b539c
-229 15 0:3551 / /var/lib/docker/aufs/mnt/a49e4a8275133c230ec640997f35f172312eb0ea5bd2bbe10abf34aae98f30eb rw,relatime - aufs none rw,si=9b4a7642fc6b639c
-230 15 0:3552 / /var/lib/docker/aufs/mnt/b5e2740c867ed843025f49d84e8d769de9e8e6039b3c8cb0735b5bf358994bc7 rw,relatime - aufs none rw,si=9b4a7642fc6b039c
-231 15 0:3553 / /var/lib/docker/aufs/mnt/a826fdcf3a7039b30570054579b65763db605a314275d7aef31b872c13311b4b rw,relatime - aufs none rw,si=9b4a7642fc6b239c
-232 15 0:3554 / /var/lib/docker/aufs/mnt/addf3025babf5e43b5a3f4a0da7ad863dda3c01fb8365c58fd8d28bb61dc11bc rw,relatime - aufs none rw,si=9b4a76407871d39c
-233 15 0:3555 / /var/lib/docker/aufs/mnt/c5b6c6813ab3e5ebdc6d22cb2a3d3106a62095f2c298be52b07a3b0fa20ff690 rw,relatime - aufs none rw,si=9b4a76407871e39c
-234 15 0:3556 / /var/lib/docker/aufs/mnt/af0609eaaf64e2392060cb46f5a9f3d681a219bb4c651d4f015bf573fbe6c4cf rw,relatime - aufs none rw,si=9b4a76407871839c
-235 15 0:3557 / /var/lib/docker/aufs/mnt/e7f20e3c37ecad39cd90a97cd3549466d0d106ce4f0a930b8495442634fa4a1f rw,relatime - aufs none rw,si=9b4a76407871a39c
-237 15 0:3559 / /var/lib/docker/aufs/mnt/b57a53d440ffd0c1295804fa68cdde35d2fed5409484627e71b9c37e4249fd5c rw,relatime - aufs none rw,si=9b4a76444445a39c
-238 15 0:3560 / /var/lib/docker/aufs/mnt/b5e7d7b8f35e47efbba3d80c5d722f5e7bd43e54c824e54b4a4b351714d36d42 rw,relatime - aufs none rw,si=9b4a7647932d439c
-239 15 0:3561 / /var/lib/docker/aufs/mnt/f1b136def157e9465640658f277f3347de593c6ae76412a2e79f7002f091cae2 rw,relatime - aufs none rw,si=9b4a76445abcd39c
-240 15 0:3562 / /var/lib/docker/aufs/mnt/b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc rw,relatime - aufs none rw,si=9b4a7644403b339c
-241 15 0:3563 / /var/lib/docker/aufs/mnt/b89b140cdbc95063761864e0a23346207fa27ee4c5c63a1ae85c9069a9d9cf1d rw,relatime - aufs none rw,si=9b4a7644aa19739c
-242 15 0:3564 / /var/lib/docker/aufs/mnt/bc6a69ed51c07f5228f6b4f161c892e6a949c0e7e86a9c3432049d4c0e5cd298 rw,relatime - aufs none rw,si=9b4a7644aa19139c
-243 15 0:3565 / /var/lib/docker/aufs/mnt/be4e2ba3f136933e239f7cf3d136f484fb9004f1fbdfee24a62a2c7b0ab30670 rw,relatime - aufs none rw,si=9b4a7644aa19339c
-244 15 0:3566 / /var/lib/docker/aufs/mnt/e04ca1a4a5171e30d20f0c92f90a50b8b6f8600af5459c4b4fb25e42e864dfe1 rw,relatime - aufs none rw,si=9b4a7647932d139c
-245 15 0:3567 / /var/lib/docker/aufs/mnt/be61576b31db893129aaffcd3dcb5ce35e49c4b71b30c392a78609a45c7323d8 rw,relatime - aufs none rw,si=9b4a7642d85f739c
-246 15 0:3568 / /var/lib/docker/aufs/mnt/dda42c191e56becf672327658ab84fcb563322db3764b91c2fefe4aaef04c624 rw,relatime - aufs none rw,si=9b4a7642d85f139c
-247 15 0:3569 / /var/lib/docker/aufs/mnt/c0a7995053330f3d88969247a2e72b07e2dd692133f5668a4a35ea3905561072 rw,relatime - aufs none rw,si=9b4a7642d85f339c
-249 15 0:3571 / /var/lib/docker/aufs/mnt/c3594b2e5f08c59ff5ed338a1ba1eceeeb1f7fc5d180068338110c00b1eb8502 rw,relatime - aufs none rw,si=9b4a7642738c739c
-250 15 0:3572 / /var/lib/docker/aufs/mnt/c58dce03a0ab0a7588393880379dc3bce9f96ec08ed3f99cf1555260ff0031e8 rw,relatime - aufs none rw,si=9b4a7642738c139c
-251 15 0:3573 / /var/lib/docker/aufs/mnt/c73e9f1d109c9d14cb36e1c7489df85649be3911116d76c2fd3648ec8fd94e23 rw,relatime - aufs none rw,si=9b4a7642738c339c
-252 15 0:3574 / /var/lib/docker/aufs/mnt/c9eef28c344877cd68aa09e543c0710ab2b305a0ff96dbb859bfa7808c3e8d01 rw,relatime - aufs none rw,si=9b4a7642d85f439c
-253 15 0:3575 / /var/lib/docker/aufs/mnt/feb67148f548d70cb7484f2aaad2a86051cd6867a561741a2f13b552457d666e rw,relatime - aufs none rw,si=9b4a76468c55739c
-254 15 0:3576 / /var/lib/docker/aufs/mnt/cdf1f96c36d35a96041a896bf398ec0f7dc3b0fb0643612a0f4b6ff96e04e1bb rw,relatime - aufs none rw,si=9b4a76468c55139c
-255 15 0:3577 / /var/lib/docker/aufs/mnt/ec6e505872353268451ac4bc034c1df00f3bae4a3ea2261c6e48f7bd5417c1b3 rw,relatime - aufs none rw,si=9b4a76468c55339c
-256 15 0:3578 / /var/lib/docker/aufs/mnt/d6dc8aca64efd90e0bc10274001882d0efb310d42ccbf5712b99b169053b8b1a rw,relatime - aufs none rw,si=9b4a7642738c439c
-257 15 0:3579 / /var/lib/docker/aufs/mnt/d712594e2ff6eaeb895bfd150d694bd1305fb927e7a186b2dab7df2ea95f8f81 rw,relatime - aufs none rw,si=9b4a76401268f39c
-259 15 0:3581 / /var/lib/docker/aufs/mnt/dbfa1174cd78cde2d7410eae442af0b416c4a0e6f87ed4ff1e9f169a0029abc0 rw,relatime - aufs none rw,si=9b4a76401268b39c
-260 15 0:3582 / /var/lib/docker/aufs/mnt/e883f5a82316d7856fbe93ee8c0af5a920b7079619dd95c4ffd88bbd309d28dd rw,relatime - aufs none rw,si=9b4a76468c55439c
-261 15 0:3583 / /var/lib/docker/aufs/mnt/fdec3eff581c4fc2b09f87befa2fa021f3f2d373bea636a87f1fb5b367d6347a rw,relatime - aufs none rw,si=9b4a7644aa1af39c
-262 15 0:3584 / /var/lib/docker/aufs/mnt/ef764e26712184653067ecf7afea18a80854c41331ca0f0ef03e1bacf90a6ffc rw,relatime - aufs none rw,si=9b4a7644aa1a939c
-263 15 0:3585 / /var/lib/docker/aufs/mnt/f3176b40c41fce8ce6942936359a2001a6f1b5c1bb40ee224186db0789ec2f76 rw,relatime - aufs none rw,si=9b4a7644aa1ab39c
-264 15 0:3586 / /var/lib/docker/aufs/mnt/f5daf06785d3565c6dd18ea7d953d9a8b9606107781e63270fe0514508736e6a rw,relatime - aufs none rw,si=9b4a76401268c39c
-58 15 0:3587 / /var/lib/docker/aufs/mnt/cde8c40f6524b7361af4f5ad05bb857dc9ee247c20852ba666195c0739e3a2b8-init rw,relatime - aufs none rw,si=9b4a76444445839c
-67 15 0:3588 / /var/lib/docker/aufs/mnt/cde8c40f6524b7361af4f5ad05bb857dc9ee247c20852ba666195c0739e3a2b8 rw,relatime - aufs none rw,si=9b4a7644badd339c
-265 15 0:3610 / /var/lib/docker/aufs/mnt/e812472cd2c8c4748d1ef71fac4e77e50d661b9349abe66ce3e23511ed44f414 rw,relatime - aufs none rw,si=9b4a76427937d39c
-270 15 0:3615 / /var/lib/docker/aufs/mnt/997636e7c5c9d0d1376a217e295c14c205350b62bc12052804fb5f90abe6f183 rw,relatime - aufs none rw,si=9b4a76406540739c
-273 15 0:3618 / /var/lib/docker/aufs/mnt/d5794d080417b6e52e69227c3873e0e4c1ff0d5a845ebe3860ec2f89a47a2a1e rw,relatime - aufs none rw,si=9b4a76454814039c
-278 15 0:3623 / /var/lib/docker/aufs/mnt/586bdd48baced671bb19bc4d294ec325f26c55545ae267db426424f157d59c48 rw,relatime - aufs none rw,si=9b4a7644b439f39c
-281 15 0:3626 / /var/lib/docker/aufs/mnt/69739d022f89f8586908bbd5edbbdd95ea5256356f177f9ffcc6ef9c0ea752d2 rw,relatime - aufs none rw,si=9b4a7644a0f1b39c
-286 15 0:3631 / /var/lib/docker/aufs/mnt/ff28c27d5f894363993622de26d5dd352dba072f219e4691d6498c19bbbc15a9 rw,relatime - aufs none rw,si=9b4a7642265b339c
-289 15 0:3634 / /var/lib/docker/aufs/mnt/aa128fe0e64fdede333aa48fd9de39530c91a9244a0f0649a3c411c61e372daa rw,relatime - aufs none rw,si=9b4a764012ada39c
-99 15 8:33 / /media/REMOVE\040ME rw,nosuid,nodev,relatime - fuseblk /dev/sdc1 rw,user_id=0,group_id=0,allow_other,blksize=4096`
-)
-
-func TestParseFedoraMountinfo(t *testing.T) {
-	r := bytes.NewBuffer([]byte(fedoraMountinfo))
-	_, err := parseInfoFile(r, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestParseUbuntuMountinfo(t *testing.T) {
-	r := bytes.NewBuffer([]byte(ubuntuMountInfo))
-	_, err := parseInfoFile(r, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestParseGentooMountinfo(t *testing.T) {
-	r := bytes.NewBuffer([]byte(gentooMountinfo))
-	_, err := parseInfoFile(r, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestParseFedoraMountinfoFields(t *testing.T) {
-	r := bytes.NewBuffer([]byte(fedoraMountinfo))
-	infos, err := parseInfoFile(r, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	expectedLength := 58
-	if len(infos) != expectedLength {
-		t.Fatalf("Expected %d entries, got %d", expectedLength, len(infos))
-	}
-	mi := Info{
-		ID:         15,
-		Parent:     35,
-		Major:      0,
-		Minor:      3,
-		Root:       "/",
-		Mountpoint: "/proc",
-		Opts:       "rw,nosuid,nodev,noexec,relatime",
-		Optional:   "shared:5",
-		Fstype:     "proc",
-		Source:     "proc",
-		VfsOpts:    "rw",
-	}
-
-	if *infos[0] != mi {
-		t.Fatalf("expected %#v, got %#v", mi, infos[0])
-	}
-}
-
-func TestParseMountinfoFilters(t *testing.T) {
-	r := bytes.NewReader([]byte(fedoraMountinfo))
-
-	infos, err := parseInfoFile(r, SingleEntryFilter("/sys/fs/cgroup"))
-	assert.NilError(t, err)
-	assert.Equal(t, 1, len(infos))
-
-	r.Reset([]byte(fedoraMountinfo))
-	infos, err = parseInfoFile(r, SingleEntryFilter("nonexistent"))
-	assert.NilError(t, err)
-	assert.Equal(t, 0, len(infos))
-
-	r.Reset([]byte(fedoraMountinfo))
-	infos, err = parseInfoFile(r, PrefixFilter("/sys"))
-	assert.NilError(t, err)
-	// there are 18 entries starting with /sys in fedoraMountinfo
-	assert.Equal(t, 18, len(infos))
-
-	r.Reset([]byte(fedoraMountinfo))
-	infos, err = parseInfoFile(r, PrefixFilter("nonexistent"))
-	assert.NilError(t, err)
-	assert.Equal(t, 0, len(infos))
-
-	r.Reset([]byte(fedoraMountinfo))
-	infos, err = parseInfoFile(r, ParentsFilter("/sys/fs/cgroup/cpu,cpuacct"))
-	assert.NilError(t, err)
-	// there should be 4 results returned: /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup /sys /
-	assert.Equal(t, 4, len(infos))
-}
diff --git a/pkg/mount/mountinfo_unsupported.go b/pkg/mount/mountinfo_unsupported.go
deleted file mode 100644
index fd16d3ed698c0..0000000000000
--- a/pkg/mount/mountinfo_unsupported.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// +build !windows,!linux,!freebsd freebsd,!cgo
-
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"fmt"
-	"runtime"
-)
-
-func parseMountTable(f FilterFunc) ([]*Info, error) {
-	return nil, fmt.Errorf("mount.parseMountTable is not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
diff --git a/pkg/mount/mountinfo_windows.go b/pkg/mount/mountinfo_windows.go
deleted file mode 100644
index 27e0f6976ec66..0000000000000
--- a/pkg/mount/mountinfo_windows.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package mount // import "github.com/docker/docker/pkg/mount"
-
-func parseMountTable(f FilterFunc) ([]*Info, error) {
-	// Do NOT return an error!
-	return nil, nil
-}
diff --git a/pkg/mount/sharedsubtree_linux.go b/pkg/mount/sharedsubtree_linux.go
deleted file mode 100644
index 8a100f0bc85a3..0000000000000
--- a/pkg/mount/sharedsubtree_linux.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package mount // import "github.com/docker/docker/pkg/mount"
-
-// MakeShared ensures a mounted filesystem has the SHARED mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeShared(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "shared")
-}
-
-// MakeRShared ensures a mounted filesystem has the RSHARED mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeRShared(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rshared")
-}
-
-// MakePrivate ensures a mounted filesystem has the PRIVATE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakePrivate(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "private")
-}
-
-// MakeRPrivate ensures a mounted filesystem has the RPRIVATE mount option
-// enabled. See the supported options in flags.go for further reference.
-func MakeRPrivate(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rprivate")
-}
-
-// MakeSlave ensures a mounted filesystem has the SLAVE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeSlave(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "slave")
-}
-
-// MakeRSlave ensures a mounted filesystem has the RSLAVE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeRSlave(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rslave")
-}
-
-// MakeUnbindable ensures a mounted filesystem has the UNBINDABLE mount option
-// enabled. See the supported options in flags.go for further reference.
-func MakeUnbindable(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "unbindable")
-}
-
-// MakeRUnbindable ensures a mounted filesystem has the RUNBINDABLE mount
-// option enabled. See the supported options in flags.go for further reference.
-func MakeRUnbindable(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "runbindable")
-}
-
-// MakeMount ensures that the file or directory given is a mount point,
-// bind mounting it to itself it case it is not.
-func MakeMount(mnt string) error {
-	mounted, err := Mounted(mnt)
-	if err != nil {
-		return err
-	}
-	if mounted {
-		return nil
-	}
-
-	return Mount(mnt, mnt, "none", "bind")
-}
-
-func ensureMountedAs(mountPoint, options string) error {
-	if err := MakeMount(mountPoint); err != nil {
-		return err
-	}
-
-	return ForceMount("", mountPoint, "none", options)
-}
diff --git a/pkg/mount/sharedsubtree_linux_test.go b/pkg/mount/sharedsubtree_linux_test.go
deleted file mode 100644
index 019514491f902..0000000000000
--- a/pkg/mount/sharedsubtree_linux_test.go
+++ /dev/null
@@ -1,348 +0,0 @@
-// +build linux
-
-package mount // import "github.com/docker/docker/pkg/mount"
-
-import (
-	"os"
-	"path"
-	"testing"
-
-	"golang.org/x/sys/unix"
-)
-
-// nothing is propagated in or out
-func TestSubtreePrivate(t *testing.T) {
-	if os.Getuid() != 0 {
-		t.Skip("root required")
-	}
-
-	tmp := path.Join(os.TempDir(), "mount-tests")
-	if err := os.MkdirAll(tmp, 0777); err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmp)
-
-	var (
-		sourceDir   = path.Join(tmp, "source")
-		targetDir   = path.Join(tmp, "target")
-		outside1Dir = path.Join(tmp, "outside1")
-		outside2Dir = path.Join(tmp, "outside2")
-
-		outside1Path      = path.Join(outside1Dir, "file.txt")
-		outside2Path      = path.Join(outside2Dir, "file.txt")
-		outside1CheckPath = path.Join(targetDir, "a", "file.txt")
-		outside2CheckPath = path.Join(sourceDir, "b", "file.txt")
-	)
-	if err := os.MkdirAll(path.Join(sourceDir, "a"), 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.MkdirAll(path.Join(sourceDir, "b"), 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Mkdir(targetDir, 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Mkdir(outside1Dir, 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Mkdir(outside2Dir, 0777); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := createFile(outside1Path); err != nil {
-		t.Fatal(err)
-	}
-	if err := createFile(outside2Path); err != nil {
-		t.Fatal(err)
-	}
-
-	// mount the shared directory to a target
-	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(targetDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// next, make the target private
-	if err := MakePrivate(targetDir); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(targetDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// mount in an outside path to a mounted path inside the _source_
-	if err := Mount(outside1Dir, path.Join(sourceDir, "a"), "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(path.Join(sourceDir, "a")); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// check that this file _does_not_ show in the _target_
-	if _, err := os.Stat(outside1CheckPath); err != nil && !os.IsNotExist(err) {
-		t.Fatal(err)
-	} else if err == nil {
-		t.Fatalf("%q should not be visible, but is", outside1CheckPath)
-	}
-
-	// next mount outside2Dir into the _target_
-	if err := Mount(outside2Dir, path.Join(targetDir, "b"), "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(path.Join(targetDir, "b")); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// check that this file _does_not_ show in the _source_
-	if _, err := os.Stat(outside2CheckPath); err != nil && !os.IsNotExist(err) {
-		t.Fatal(err)
-	} else if err == nil {
-		t.Fatalf("%q should not be visible, but is", outside2CheckPath)
-	}
-}
-
-// Testing that when a target is a shared mount,
-// then child mounts propagate to the source
-func TestSubtreeShared(t *testing.T) {
-	if os.Getuid() != 0 {
-		t.Skip("root required")
-	}
-
-	tmp := path.Join(os.TempDir(), "mount-tests")
-	if err := os.MkdirAll(tmp, 0777); err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmp)
-
-	var (
-		sourceDir  = path.Join(tmp, "source")
-		targetDir  = path.Join(tmp, "target")
-		outsideDir = path.Join(tmp, "outside")
-
-		outsidePath     = path.Join(outsideDir, "file.txt")
-		sourceCheckPath = path.Join(sourceDir, "a", "file.txt")
-	)
-
-	if err := os.MkdirAll(path.Join(sourceDir, "a"), 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Mkdir(targetDir, 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Mkdir(outsideDir, 0777); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := createFile(outsidePath); err != nil {
-		t.Fatal(err)
-	}
-
-	// mount the source as shared
-	if err := MakeShared(sourceDir); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(sourceDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// mount the shared directory to a target
-	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(targetDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// mount in an outside path to a mounted path inside the target
-	if err := Mount(outsideDir, path.Join(targetDir, "a"), "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(path.Join(targetDir, "a")); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// NOW, check that the file from the outside directory is available in the source directory
-	if _, err := os.Stat(sourceCheckPath); err != nil {
-		t.Fatal(err)
-	}
-}
-
-// testing that mounts to a shared source show up in the slave target,
-// and that mounts into a slave target do _not_ show up in the shared source
-func TestSubtreeSharedSlave(t *testing.T) {
-	if os.Getuid() != 0 {
-		t.Skip("root required")
-	}
-
-	tmp := path.Join(os.TempDir(), "mount-tests")
-	if err := os.MkdirAll(tmp, 0777); err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmp)
-
-	var (
-		sourceDir   = path.Join(tmp, "source")
-		targetDir   = path.Join(tmp, "target")
-		outside1Dir = path.Join(tmp, "outside1")
-		outside2Dir = path.Join(tmp, "outside2")
-
-		outside1Path      = path.Join(outside1Dir, "file.txt")
-		outside2Path      = path.Join(outside2Dir, "file.txt")
-		outside1CheckPath = path.Join(targetDir, "a", "file.txt")
-		outside2CheckPath = path.Join(sourceDir, "b", "file.txt")
-	)
-	if err := os.MkdirAll(path.Join(sourceDir, "a"), 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.MkdirAll(path.Join(sourceDir, "b"), 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Mkdir(targetDir, 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Mkdir(outside1Dir, 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Mkdir(outside2Dir, 0777); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := createFile(outside1Path); err != nil {
-		t.Fatal(err)
-	}
-	if err := createFile(outside2Path); err != nil {
-		t.Fatal(err)
-	}
-
-	// mount the source as shared
-	if err := MakeShared(sourceDir); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(sourceDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// mount the shared directory to a target
-	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(targetDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// next, make the target slave
-	if err := MakeSlave(targetDir); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(targetDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// mount in an outside path to a mounted path inside the _source_
-	if err := Mount(outside1Dir, path.Join(sourceDir, "a"), "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(path.Join(sourceDir, "a")); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// check that this file _does_ show in the _target_
-	if _, err := os.Stat(outside1CheckPath); err != nil {
-		t.Fatal(err)
-	}
-
-	// next mount outside2Dir into the _target_
-	if err := Mount(outside2Dir, path.Join(targetDir, "b"), "none", "bind,rw"); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(path.Join(targetDir, "b")); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// check that this file _does_not_ show in the _source_
-	if _, err := os.Stat(outside2CheckPath); err != nil && !os.IsNotExist(err) {
-		t.Fatal(err)
-	} else if err == nil {
-		t.Fatalf("%q should not be visible, but is", outside2CheckPath)
-	}
-}
-
-func TestSubtreeUnbindable(t *testing.T) {
-	if os.Getuid() != 0 {
-		t.Skip("root required")
-	}
-
-	tmp := path.Join(os.TempDir(), "mount-tests")
-	if err := os.MkdirAll(tmp, 0777); err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmp)
-
-	var (
-		sourceDir = path.Join(tmp, "source")
-		targetDir = path.Join(tmp, "target")
-	)
-	if err := os.MkdirAll(sourceDir, 0777); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.MkdirAll(targetDir, 0777); err != nil {
-		t.Fatal(err)
-	}
-
-	// next, make the source unbindable
-	if err := MakeUnbindable(sourceDir); err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		if err := Unmount(sourceDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// then attempt to mount it to target. It should fail
-	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil && err != unix.EINVAL {
-		t.Fatal(err)
-	} else if err == nil {
-		t.Fatalf("%q should not have been bindable", sourceDir)
-	}
-	defer func() {
-		if err := Unmount(targetDir); err != nil {
-			t.Fatal(err)
-		}
-	}()
-}
-
-func createFile(path string) error {
-	f, err := os.Create(path)
-	if err != nil {
-		return err
-	}
-	f.WriteString("hello world!")
-	return f.Close()
-}
diff --git a/pkg/namesgenerator/names-generator.go b/pkg/namesgenerator/names-generator.go
index 15561805d3a43..93c0d75719a86 100644
--- a/pkg/namesgenerator/names-generator.go
+++ b/pkg/namesgenerator/names-generator.go
@@ -1,8 +1,8 @@
 package namesgenerator // import "github.com/docker/docker/pkg/namesgenerator"
 
 import (
-	"fmt"
 	"math/rand"
+	"strconv"
 )
 
 var (
@@ -14,13 +14,14 @@ var (
 		"amazing",
 		"angry",
 		"awesome",
+		"beautiful",
 		"blissful",
 		"bold",
 		"boring",
 		"brave",
+		"busy",
 		"charming",
 		"clever",
-		"cocky",
 		"cool",
 		"compassionate",
 		"competent",
@@ -39,16 +40,19 @@ var (
 		"elegant",
 		"eloquent",
 		"epic",
+		"exciting",
 		"fervent",
 		"festive",
 		"flamboyant",
 		"focused",
 		"friendly",
 		"frosty",
+		"funny",
 		"gallant",
 		"gifted",
 		"goofy",
 		"gracious",
+		"great",
 		"happy",
 		"hardcore",
 		"heuristic",
@@ -56,6 +60,8 @@ var (
 		"hungry",
 		"infallible",
 		"inspiring",
+		"interesting",
+		"intelligent",
 		"jolly",
 		"jovial",
 		"keen",
@@ -69,6 +75,7 @@ var (
 		"musing",
 		"naughty",
 		"nervous",
+		"nice",
 		"nifty",
 		"nostalgic",
 		"objective",
@@ -90,6 +97,7 @@ var (
 		"silly",
 		"sleepy",
 		"stoic",
+		"strange",
 		"stupefied",
 		"suspicious",
 		"sweet",
@@ -112,6 +120,9 @@ var (
 	// Docker, starting from 0.7.x, generates names from notable scientists and hackers.
 	// Please, for any amazing man that you add to the list, consider adding an equally amazing woman to it, and vice versa.
 	right = [...]string{
+		// Maria Gaetana Agnesi - Italian mathematician, philosopher, theologian and humanitarian. She was the first woman to write a mathematics handbook and the first woman appointed as a Mathematics Professor at a University. https://en.wikipedia.org/wiki/Maria_Gaetana_Agnesi
+		"agnesi",
+
 		// Muhammad ibn Jābir al-Ḥarrānī al-Battānī was a founding father of astronomy. https://en.wikipedia.org/wiki/Mu%E1%B8%A5ammad_ibn_J%C4%81bir_al-%E1%B8%A4arr%C4%81n%C4%AB_al-Batt%C4%81n%C4%AB
 		"albattani",
 
@@ -124,9 +135,6 @@ var (
 		// Kathleen Antonelli, American computer programmer and one of the six original programmers of the ENIAC - https://en.wikipedia.org/wiki/Kathleen_Antonelli
 		"antonelli",
 
-		// Maria Gaetana Agnesi - Italian mathematician, philosopher, theologian and humanitarian. She was the first woman to write a mathematics handbook and the first woman appointed as a Mathematics Professor at a University. https://en.wikipedia.org/wiki/Maria_Gaetana_Agnesi
-		"agnesi",
-
 		// Archimedes was a physicist, engineer and mathematician who invented too many things to list them here. https://en.wikipedia.org/wiki/Archimedes
 		"archimedes",
 
@@ -145,7 +153,7 @@ var (
 		// Stefan Banach - Polish mathematician, was one of the founders of modern functional analysis. https://en.wikipedia.org/wiki/Stefan_Banach
 		"banach",
 
-		// Buckaroo Banzai and his mentor Dr. Hikita perfectd the "oscillation overthruster", a device that allows one to pass through solid matter. - https://en.wikipedia.org/wiki/The_Adventures_of_Buckaroo_Banzai_Across_the_8th_Dimension
+		// Buckaroo Banzai and his mentor Dr. Hikita perfected the "oscillation overthruster", a device that allows one to pass through solid matter. - https://en.wikipedia.org/wiki/The_Adventures_of_Buckaroo_Banzai_Across_the_8th_Dimension
 		"banzai",
 
 		// John Bardeen co-invented the transistor - https://en.wikipedia.org/wiki/John_Bardeen
@@ -193,6 +201,9 @@ var (
 		// Satyendra Nath Bose - He provided the foundation for Bose–Einstein statistics and the theory of the Bose–Einstein condensate. - https://en.wikipedia.org/wiki/Satyendra_Nath_Bose
 		"bose",
 
+		// Katherine Louise Bouman is an imaging scientist and Assistant Professor of Computer Science at the California Institute of Technology. She researches computational methods for imaging, and developed an algorithm that made possible the picture first visualization of a black hole using the Event Horizon Telescope. - https://en.wikipedia.org/wiki/Katie_Bouman
+		"bouman",
+
 		// Evelyn Boyd Granville - She was one of the first African-American woman to receive a Ph.D. in mathematics; she earned it in 1949 from Yale University. https://en.wikipedia.org/wiki/Evelyn_Boyd_Granville
 		"boyd",
 
@@ -205,9 +216,6 @@ var (
 		// Emmett Brown invented time travel. https://en.wikipedia.org/wiki/Emmett_Brown (thanks Brian Goff)
 		"brown",
 
-		// Dame Susan Jocelyn Bell Burnell - discoverer of pulsars while a graduate student, "one of the most significant scientific achievements of the 20th Century". - https://en.wikipedia.org/wiki/Jocelyn_Bell_Burnell
-		"burnell",
-
 		// Linda Brown Buck - American biologist and Nobel laureate best known for her genetic and molecular analyses of the mechanisms of smell. https://en.wikipedia.org/wiki/Linda_B._Buck
 		"buck",
 
@@ -223,6 +231,12 @@ var (
 		// Dame Mary Lucy Cartwright - British mathematician who was one of the first to study what is now known as chaos theory. Also known for Cartwright's theorem which finds applications in signal processing. https://en.wikipedia.org/wiki/Mary_Cartwright
 		"cartwright",
 
+		// George Washington Carver - American agricultural scientist and inventor. He was the most prominent black scientist of the early 20th century. https://en.wikipedia.org/wiki/George_Washington_Carver
+		"carver",
+
+		// Vinton Gray Cerf - American Internet pioneer, recognised as one of "the fathers of the Internet". With Robert Elliot Kahn, he designed TCP and IP, the primary data communication protocols of the Internet and other computer networks. https://en.wikipedia.org/wiki/Vint_Cerf
+		"cerf",
+
 		// Subrahmanyan Chandrasekhar - Astrophysicist known for his mathematical theory on different stages and evolution in structures of the stars. He has won nobel prize for physics - https://en.wikipedia.org/wiki/Subrahmanyan_Chandrasekhar
 		"chandrasekhar",
 
@@ -235,21 +249,18 @@ var (
 		// Asima Chatterjee was an Indian organic chemist noted for her research on vinca alkaloids, development of drugs for treatment of epilepsy and malaria - https://en.wikipedia.org/wiki/Asima_Chatterjee
 		"chatterjee",
 
+		// David Lee Chaum - American computer scientist and cryptographer. Known for his seminal contributions in the field of anonymous communication. https://en.wikipedia.org/wiki/David_Chaum
+		"chaum",
+
 		// Pafnuty Chebyshev - Russian mathematician. He is known fo his works on probability, statistics, mechanics, analytical geometry and number theory https://en.wikipedia.org/wiki/Pafnuty_Chebyshev
 		"chebyshev",
 
-		// Clifford Christopher Cocks - British mathematician and cryptographer employed by the GCHQ. Invented in 1973 an equivalent of what is now known as the RSA public-key cryptosystem (Rivest, Shamir and Adleman first publicly described RSA in 1978). https://en.wikipedia.org/wiki/Clifford_Cocks
-		"cocks",
+		// Joan Clarke - Bletchley Park code breaker during the Second World War who pioneered techniques that remained top secret for decades. Also an accomplished numismatist https://en.wikipedia.org/wiki/Joan_Clarke
+		"clarke",
 
 		// Bram Cohen - American computer programmer and author of the BitTorrent peer-to-peer protocol. https://en.wikipedia.org/wiki/Bram_Cohen
 		"cohen",
 
-		// David Lee Chaum - American computer scientist and cryptographer. Known for his seminal contributions in the field of anonymous communication. https://en.wikipedia.org/wiki/David_Chaum
-		"chaum",
-
-		// Joan Clarke - Bletchley Park code breaker during the Second World War who pioneered techniques that remained top secret for decades. Also an accomplished numismatist https://en.wikipedia.org/wiki/Joan_Clarke
-		"clarke",
-
 		// Jane Colden - American botanist widely considered the first female American botanist - https://en.wikipedia.org/wiki/Jane_Colden
 		"colden",
 
@@ -444,6 +455,9 @@ var (
 		// Yeong-Sil Jang was a Korean scientist and astronomer during the Joseon Dynasty; he invented the first metal printing press and water gauge. https://en.wikipedia.org/wiki/Jang_Yeong-sil
 		"jang",
 
+		// Mae Carol Jemison -  is an American engineer, physician, and former NASA astronaut. She became the first black woman to travel in space when she served as a mission specialist aboard the Space Shuttle Endeavour - https://en.wikipedia.org/wiki/Mae_Jemison
+		"jemison",
+
 		// Betty Jennings - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Jean_Bartik
 		"jennings",
 
@@ -483,7 +497,7 @@ var (
 		// Har Gobind Khorana - Indian-American biochemist who shared the 1968 Nobel Prize for Physiology - https://en.wikipedia.org/wiki/Har_Gobind_Khorana
 		"khorana",
 
-		// Jack Kilby invented silicone integrated circuits and gave Silicon Valley its name. - https://en.wikipedia.org/wiki/Jack_Kilby
+		// Jack Kilby invented silicon integrated circuits and gave Silicon Valley its name. - https://en.wikipedia.org/wiki/Jack_Kilby
 		"kilby",
 
 		// Maria Kirch - German astronomer and first woman to discover a comet - https://en.wikipedia.org/wiki/Maria_Margarethe_Kirch
@@ -579,12 +593,12 @@ var (
 		// Johanna Mestorf - German prehistoric archaeologist and first female museum director in Germany - https://en.wikipedia.org/wiki/Johanna_Mestorf
 		"mestorf",
 
-		// Marvin Minsky - Pioneer in Artificial Intelligence, co-founder of the MIT's AI Lab, won the Turing Award in 1969. https://en.wikipedia.org/wiki/Marvin_Minsky
-		"minsky",
-
 		// Maryam Mirzakhani - an Iranian mathematician and the first woman to win the Fields Medal. https://en.wikipedia.org/wiki/Maryam_Mirzakhani
 		"mirzakhani",
 
+		// Rita Levi-Montalcini - Won Nobel Prize in Physiology or Medicine jointly with colleague Stanley Cohen for the discovery of nerve growth factor (https://en.wikipedia.org/wiki/Rita_Levi-Montalcini)
+		"montalcini",
+
 		// Gordon Earle Moore - American engineer, Silicon Valley founding father, author of Moore's law. https://en.wikipedia.org/wiki/Gordon_Moore
 		"moore",
 
@@ -621,7 +635,7 @@ var (
 		// Poppy Northcutt. Poppy Northcutt was the first woman to work as part of NASA’s Mission Control. http://www.businessinsider.com/poppy-northcutt-helped-apollo-astronauts-2014-12?op=1
 		"northcutt",
 
-		// Robert Noyce invented silicone integrated circuits and gave Silicon Valley its name. - https://en.wikipedia.org/wiki/Robert_Noyce
+		// Robert Noyce invented silicon integrated circuits and gave Silicon Valley its name. - https://en.wikipedia.org/wiki/Robert_Noyce
 		"noyce",
 
 		// Panini - Ancient Indian linguist and grammarian from 4th century CE who worked on the world's first formal system - https://en.wikipedia.org/wiki/P%C4%81%E1%B9%87ini#Comparison_with_modern_formal_systems
@@ -666,9 +680,6 @@ var (
 		// Sally Kristen Ride was an American physicist and astronaut. She was the first American woman in space, and the youngest American astronaut. https://en.wikipedia.org/wiki/Sally_Ride
 		"ride",
 
-		// Rita Levi-Montalcini - Won Nobel Prize in Physiology or Medicine jointly with colleague Stanley Cohen for the discovery of nerve growth factor (https://en.wikipedia.org/wiki/Rita_Levi-Montalcini)
-		"montalcini",
-
 		// Dennis Ritchie - co-creator of UNIX and the C programming language. - https://en.wikipedia.org/wiki/Dennis_Ritchie
 		"ritchie",
 
@@ -696,6 +707,12 @@ var (
 		// Mildred Sanderson - American mathematician best known for Sanderson's theorem concerning modular invariants. https://en.wikipedia.org/wiki/Mildred_Sanderson
 		"sanderson",
 
+		// Satoshi Nakamoto is the name used by the unknown person or group of people who developed bitcoin, authored the bitcoin white paper, and created and deployed bitcoin's original reference implementation. https://en.wikipedia.org/wiki/Satoshi_Nakamoto
+		"satoshi",
+
+		// Adi Shamir - Israeli cryptographer whose numerous inventions and contributions to cryptography include the Ferge Fiat Shamir identification scheme, the Rivest Shamir Adleman (RSA) public-key cryptosystem, the Shamir's secret sharing scheme, the breaking of the Merkle-Hellman cryptosystem, the TWINKLE and TWIRL factoring devices and the discovery of differential cryptanalysis (with Eli Biham). https://en.wikipedia.org/wiki/Adi_Shamir
+		"shamir",
+
 		// Claude Shannon - The father of information theory and founder of digital circuit design theory. (https://en.wikipedia.org/wiki/Claude_Shannon)
 		"shannon",
 
@@ -723,15 +740,12 @@ var (
 		// Frances Spence - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Frances_Spence
 		"spence",
 
-		// Ivan Edward Sutherland - American computer scientist and Internet pioneer, widely regarded as the father of computer graphics. https://en.wikipedia.org/wiki/Ivan_Sutherland
-		"sutherland",
-
-		// Richard Matthew Stallman - the founder of the Free Software movement, the GNU project, the Free Software Foundation, and the League for Programming Freedom. He also invented the concept of copyleft to protect the ideals of this movement, and enshrined this concept in the widely-used GPL (General Public License) for software. https://en.wikiquote.org/wiki/Richard_Stallman
-		"stallman",
-
 		// Michael Stonebraker is a database research pioneer and architect of Ingres, Postgres, VoltDB and SciDB. Winner of 2014 ACM Turing Award. https://en.wikipedia.org/wiki/Michael_Stonebraker
 		"stonebraker",
 
+		// Ivan Edward Sutherland - American computer scientist and Internet pioneer, widely regarded as the father of computer graphics. https://en.wikipedia.org/wiki/Ivan_Sutherland
+		"sutherland",
+
 		// Janese Swanson (with others) developed the first of the Carmen Sandiego games. She went on to found Girl Tech. https://en.wikipedia.org/wiki/Janese_Swanson
 		"swanson",
 
@@ -771,18 +785,21 @@ var (
 		// Dorothy Vaughan was a NASA mathematician and computer programmer on the SCOUT launch vehicle program that put America's first satellites into space - https://en.wikipedia.org/wiki/Dorothy_Vaughan
 		"vaughan",
 
+		// Cédric Villani - French mathematician, won Fields Medal, Fermat Prize and Poincaré Price for his work in differential geometry and statistical mechanics. https://en.wikipedia.org/wiki/C%C3%A9dric_Villani
+		"villani",
+
 		// Sir Mokshagundam Visvesvaraya - is a notable Indian engineer.  He is a recipient of the Indian Republic's highest honour, the Bharat Ratna, in 1955. On his birthday, 15 September is celebrated as Engineer's Day in India in his memory - https://en.wikipedia.org/wiki/Visvesvaraya
 		"visvesvaraya",
 
 		// Christiane Nüsslein-Volhard - German biologist, won Nobel Prize in Physiology or Medicine in 1995 for research on the genetic control of embryonic development. https://en.wikipedia.org/wiki/Christiane_N%C3%BCsslein-Volhard
 		"volhard",
 
-		// Cédric Villani - French mathematician, won Fields Medal, Fermat Prize and Poincaré Price for his work in differential geometry and statistical mechanics. https://en.wikipedia.org/wiki/C%C3%A9dric_Villani
-		"villani",
-
 		// Marlyn Wescoff - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Marlyn_Meltzer
 		"wescoff",
 
+		// Sylvia B. Wilbur - British computer scientist who helped develop the ARPANET, was one of the first to exchange email in the UK and a leading researcher in computer-supported collaborative work. https://en.wikipedia.org/wiki/Sylvia_Wilbur
+		"wilbur",
+
 		// Andrew Wiles - Notable British mathematician who proved the enigmatic Fermat's Last Theorem - https://en.wikipedia.org/wiki/Andrew_Wiles
 		"wiles",
 
@@ -823,13 +840,13 @@ var (
 // integer between 0 and 10 will be added to the end of the name, e.g `focused_turing3`
 func GetRandomName(retry int) string {
 begin:
-	name := fmt.Sprintf("%s_%s", left[rand.Intn(len(left))], right[rand.Intn(len(right))])
+	name := left[rand.Intn(len(left))] + "_" + right[rand.Intn(len(right))] //nolint:gosec // G404: Use of weak random number generator (math/rand instead of crypto/rand)
 	if name == "boring_wozniak" /* Steve Wozniak is not boring */ {
 		goto begin
 	}
 
 	if retry > 0 {
-		name = fmt.Sprintf("%s%d", name, rand.Intn(10))
+		name += strconv.Itoa(rand.Intn(10)) //nolint:gosec // G404: Use of weak random number generator (math/rand instead of crypto/rand)
 	}
 	return name
 }
diff --git a/pkg/namesgenerator/names-generator_test.go b/pkg/namesgenerator/names-generator_test.go
index 6ee31e9c33e2c..8702697745521 100644
--- a/pkg/namesgenerator/names-generator_test.go
+++ b/pkg/namesgenerator/names-generator_test.go
@@ -25,3 +25,12 @@ func TestNameRetries(t *testing.T) {
 	}
 
 }
+
+func BenchmarkGetRandomName(b *testing.B) {
+	b.ReportAllocs()
+	var out string
+	for n := 0; n < b.N; n++ {
+		out = GetRandomName(5)
+	}
+	b.Log("Last result:", out)
+}
diff --git a/pkg/parsers/kernel/kernel.go b/pkg/parsers/kernel/kernel.go
index 94780ef610014..3245b7416603e 100644
--- a/pkg/parsers/kernel/kernel.go
+++ b/pkg/parsers/kernel/kernel.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 // Package kernel provides helper function to get, parse and compare kernel
diff --git a/pkg/parsers/kernel/kernel_darwin.go b/pkg/parsers/kernel/kernel_darwin.go
index 6e599eebcc21a..afb5b2e98e3ff 100644
--- a/pkg/parsers/kernel/kernel_darwin.go
+++ b/pkg/parsers/kernel/kernel_darwin.go
@@ -1,3 +1,4 @@
+//go:build darwin
 // +build darwin
 
 // Package kernel provides helper function to get, parse and compare kernel
@@ -8,49 +9,51 @@ import (
 	"fmt"
 	"os/exec"
 	"strings"
-
-	"github.com/mattn/go-shellwords"
 )
 
 // GetKernelVersion gets the current kernel version.
 func GetKernelVersion() (*VersionInfo, error) {
-	release, err := getRelease()
+	osName, err := getSPSoftwareDataType()
+	if err != nil {
+		return nil, err
+	}
+	release, err := getRelease(osName)
 	if err != nil {
 		return nil, err
 	}
-
 	return ParseRelease(release)
 }
 
 // getRelease uses `system_profiler SPSoftwareDataType` to get OSX kernel version
-func getRelease() (string, error) {
-	cmd := exec.Command("system_profiler", "SPSoftwareDataType")
-	osName, err := cmd.Output()
-	if err != nil {
-		return "", err
-	}
-
+func getRelease(osName string) (string, error) {
 	var release string
-	data := strings.Split(string(osName), "\n")
+	data := strings.Split(osName, "\n")
 	for _, line := range data {
-		if strings.Contains(line, "Kernel Version") {
-			// It has the format like '      Kernel Version: Darwin 14.5.0'
-			content := strings.SplitN(line, ":", 2)
-			if len(content) != 2 {
-				return "", fmt.Errorf("Kernel Version is invalid")
-			}
-
-			prettyNames, err := shellwords.Parse(content[1])
-			if err != nil {
-				return "", fmt.Errorf("Kernel Version is invalid: %s", err.Error())
-			}
-
-			if len(prettyNames) != 2 {
-				return "", fmt.Errorf("Kernel Version needs to be 'Darwin x.x.x' ")
-			}
-			release = prettyNames[1]
+		if !strings.Contains(line, "Kernel Version") {
+			continue
 		}
+		// It has the format like '      Kernel Version: Darwin 14.5.0'
+		content := strings.SplitN(line, ":", 2)
+		if len(content) != 2 {
+			return "", fmt.Errorf("Kernel Version is invalid")
+		}
+
+		prettyNames := strings.SplitN(strings.TrimSpace(content[1]), " ", 2)
+
+		if len(prettyNames) != 2 {
+			return "", fmt.Errorf("Kernel Version needs to be 'Darwin x.x.x' ")
+		}
+		release = prettyNames[1]
 	}
 
 	return release, nil
 }
+
+func getSPSoftwareDataType() (string, error) {
+	cmd := exec.Command("system_profiler", "SPSoftwareDataType")
+	osName, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+	return string(osName), nil
+}
diff --git a/pkg/parsers/kernel/kernel_darwin_test.go b/pkg/parsers/kernel/kernel_darwin_test.go
new file mode 100644
index 0000000000000..8fe58642e9cd6
--- /dev/null
+++ b/pkg/parsers/kernel/kernel_darwin_test.go
@@ -0,0 +1,28 @@
+package kernel
+
+import (
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestGetRelease(t *testing.T) {
+	// example output of "system_profiler SPSoftwareDataType"
+	const spSoftwareDataType = `Software:
+
+    System Software Overview:
+
+      System Version: macOS 10.14.6 (18G4032)
+      Kernel Version: Darwin 18.7.0
+      Boot Volume: fastfood
+      Boot Mode: Normal
+      Computer Name: Macintosh
+      User Name: Foobar (foobar)
+      Secure Virtual Memory: Enabled
+      System Integrity Protection: Enabled
+      Time since boot: 6 days 23:16
+`
+	release, err := getRelease(spSoftwareDataType)
+	assert.NilError(t, err)
+	assert.Equal(t, release, "18.7.0")
+}
diff --git a/pkg/parsers/kernel/kernel_unix.go b/pkg/parsers/kernel/kernel_unix.go
index 8a9aa31225529..b9508d376cd3b 100644
--- a/pkg/parsers/kernel/kernel_unix.go
+++ b/pkg/parsers/kernel/kernel_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd || openbsd
 // +build linux freebsd openbsd
 
 // Package kernel provides helper function to get, parse and compare kernel
diff --git a/pkg/parsers/kernel/kernel_unix_test.go b/pkg/parsers/kernel/kernel_unix_test.go
index 2f36490c53701..1ab3435fa8407 100644
--- a/pkg/parsers/kernel/kernel_unix_test.go
+++ b/pkg/parsers/kernel/kernel_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
@@ -27,6 +28,7 @@ func TestParseRelease(t *testing.T) {
 	assertParseRelease(t, "3.4.54.longterm-1", &VersionInfo{Kernel: 3, Major: 4, Minor: 54, Flavor: ".longterm-1"}, 0)
 	assertParseRelease(t, "3.4.54.longterm-1", &VersionInfo{Kernel: 3, Major: 4, Minor: 54, Flavor: ".longterm-1"}, 0)
 	assertParseRelease(t, "3.8.0-19-generic", &VersionInfo{Kernel: 3, Major: 8, Minor: 0, Flavor: "-19-generic"}, 0)
+	assertParseRelease(t, "3.10.0-862.2.3.el7.x86_64", &VersionInfo{Kernel: 3, Major: 10, Minor: 0, Flavor: "-862.2.3.el7.x86_64"}, 0)
 	assertParseRelease(t, "3.12.8tag", &VersionInfo{Kernel: 3, Major: 12, Minor: 8, Flavor: "tag"}, 0)
 	assertParseRelease(t, "3.12-1-amd64", &VersionInfo{Kernel: 3, Major: 12, Minor: 0, Flavor: "-1-amd64"}, 0)
 	assertParseRelease(t, "3.8.0", &VersionInfo{Kernel: 4, Major: 8, Minor: 0}, -1)
@@ -40,7 +42,10 @@ func TestParseRelease(t *testing.T) {
 	for _, invalid := range invalids {
 		expectedMessage := fmt.Sprintf("Can't parse kernel version %v", invalid)
 		if _, err := ParseRelease(invalid); err == nil || err.Error() != expectedMessage {
-
+			if err == nil {
+				t.Fatalf("Expected %q, got nil", expectedMessage)
+			}
+			t.Fatalf("Expected %q, got %q", expectedMessage, err.Error())
 		}
 	}
 }
diff --git a/pkg/parsers/kernel/kernel_windows.go b/pkg/parsers/kernel/kernel_windows.go
index b7b15a1fd2135..a04763872aed7 100644
--- a/pkg/parsers/kernel/kernel_windows.go
+++ b/pkg/parsers/kernel/kernel_windows.go
@@ -36,7 +36,7 @@ func GetKernelVersion() (*VersionInfo, error) {
 	}
 	KVI.kvi = blex
 
-	// Important - docker.exe MUST be manifested for this API to return
+	// Important - dockerd.exe MUST be manifested for this API to return
 	// the correct information.
 	dwVersion, err := windows.GetVersion()
 	if err != nil {
@@ -44,7 +44,7 @@ func GetKernelVersion() (*VersionInfo, error) {
 	}
 
 	KVI.major = int(dwVersion & 0xFF)
-	KVI.minor = int((dwVersion & 0XFF00) >> 8)
+	KVI.minor = int((dwVersion & 0xFF00) >> 8)
 	KVI.build = int((dwVersion & 0xFFFF0000) >> 16)
 
 	return KVI, nil
diff --git a/pkg/parsers/kernel/uname_solaris.go b/pkg/parsers/kernel/uname_solaris.go
deleted file mode 100644
index b2139b60e8a36..0000000000000
--- a/pkg/parsers/kernel/uname_solaris.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-func uname() (*unix.Utsname, error) {
-	uts := &unix.Utsname{}
-
-	if err := unix.Uname(uts); err != nil {
-		return nil, err
-	}
-	return uts, nil
-}
diff --git a/pkg/parsers/kernel/uname_unsupported.go b/pkg/parsers/kernel/uname_unsupported.go
index 97906e4cd79c7..ed356310c4520 100644
--- a/pkg/parsers/kernel/uname_unsupported.go
+++ b/pkg/parsers/kernel/uname_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
diff --git a/pkg/parsers/operatingsystem/operatingsystem_linux.go b/pkg/parsers/operatingsystem/operatingsystem_linux.go
index b251d6aed6f50..1abddad9f4860 100644
--- a/pkg/parsers/operatingsystem/operatingsystem_linux.go
+++ b/pkg/parsers/operatingsystem/operatingsystem_linux.go
@@ -6,11 +6,8 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"strings"
-
-	"github.com/mattn/go-shellwords"
 )
 
 var (
@@ -26,6 +23,24 @@ var (
 
 // GetOperatingSystem gets the name of the current operating system.
 func GetOperatingSystem() (string, error) {
+	if prettyName, err := getValueFromOsRelease("PRETTY_NAME"); err != nil {
+		return "", err
+	} else if prettyName != "" {
+		return prettyName, nil
+	}
+
+	// If not set, defaults to PRETTY_NAME="Linux"
+	// c.f. http://www.freedesktop.org/software/systemd/man/os-release.html
+	return "Linux", nil
+}
+
+// GetOperatingSystemVersion gets the version of the current operating system, as a string.
+func GetOperatingSystemVersion() (string, error) {
+	return getValueFromOsRelease("VERSION_ID")
+}
+
+// parses the os-release file and returns the value associated with `key`
+func getValueFromOsRelease(key string) (string, error) {
 	osReleaseFile, err := os.Open(etcOsRelease)
 	if err != nil {
 		if !os.IsNotExist(err) {
@@ -38,38 +53,28 @@ func GetOperatingSystem() (string, error) {
 	}
 	defer osReleaseFile.Close()
 
-	var prettyName string
+	var value string
+	keyWithTrailingEqual := key + "="
 	scanner := bufio.NewScanner(osReleaseFile)
 	for scanner.Scan() {
 		line := scanner.Text()
-		if strings.HasPrefix(line, "PRETTY_NAME=") {
+		if strings.HasPrefix(line, keyWithTrailingEqual) {
 			data := strings.SplitN(line, "=", 2)
-			prettyNames, err := shellwords.Parse(data[1])
-			if err != nil {
-				return "", fmt.Errorf("PRETTY_NAME is invalid: %s", err.Error())
-			}
-			if len(prettyNames) != 1 {
-				return "", fmt.Errorf("PRETTY_NAME needs to be enclosed by quotes if they have spaces: %s", data[1])
-			}
-			prettyName = prettyNames[0]
+			value = strings.Trim(data[1], `"' `) // remove leading/trailing quotes and whitespace
 		}
 	}
-	if prettyName != "" {
-		return prettyName, nil
-	}
-	// If not set, defaults to PRETTY_NAME="Linux"
-	// c.f. http://www.freedesktop.org/software/systemd/man/os-release.html
-	return "Linux", nil
+
+	return value, nil
 }
 
 // IsContainerized returns true if we are running inside a container.
 func IsContainerized() (bool, error) {
-	b, err := ioutil.ReadFile(proc1Cgroup)
+	b, err := os.ReadFile(proc1Cgroup)
 	if err != nil {
 		return false, err
 	}
 	for _, line := range bytes.Split(b, []byte{'\n'}) {
-		if len(line) > 0 && !bytes.HasSuffix(line, []byte{'/'}) && !bytes.HasSuffix(line, []byte("init.scope")) {
+		if len(line) > 0 && !bytes.HasSuffix(line, []byte(":/")) && !bytes.HasSuffix(line, []byte(":/init.scope")) {
 			return true, nil
 		}
 	}
diff --git a/pkg/parsers/operatingsystem/operatingsystem_linux_test.go b/pkg/parsers/operatingsystem/operatingsystem_linux_test.go
new file mode 100644
index 0000000000000..d0ca93e97124c
--- /dev/null
+++ b/pkg/parsers/operatingsystem/operatingsystem_linux_test.go
@@ -0,0 +1,277 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package operatingsystem // import "github.com/docker/docker/pkg/parsers/operatingsystem"
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+type EtcReleaseParsingTest struct {
+	name        string
+	content     string
+	expected    string
+	expectedErr string
+}
+
+func TestGetOperatingSystem(t *testing.T) {
+	tests := []EtcReleaseParsingTest{
+		{
+			content: `NAME="Ubuntu"
+PRETTY_NAME_AGAIN="Ubuntu 14.04.LTS"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
+			expected: "Linux",
+		},
+		{
+			content: `NAME="Ubuntu"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
+			expected: "Linux",
+		},
+		{
+			content: `NAME=Gentoo
+ID=gentoo
+PRETTY_NAME="Gentoo/Linux"
+ANSI_COLOR="1;32"
+HOME_URL="http://www.gentoo.org/"
+SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
+BUG_REPORT_URL="https://bugs.gentoo.org/"
+`,
+			expected: "Gentoo/Linux",
+		},
+		{
+			content: `NAME="Ubuntu"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME="Ubuntu 14.04 LTS"
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
+			expected: "Ubuntu 14.04 LTS",
+		},
+		{
+			content: `NAME="Ubuntu"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME='Ubuntu 14.04 LTS'`,
+			expected: "Ubuntu 14.04 LTS",
+		},
+		{
+			content: `PRETTY_NAME=Source
+NAME="Source Mage"`,
+			expected: "Source",
+		},
+		{
+			content: `PRETTY_NAME=Source
+PRETTY_NAME="Source Mage"`,
+			expected: "Source Mage",
+		},
+	}
+
+	runEtcReleaseParsingTests(t, tests, GetOperatingSystem)
+}
+
+func TestGetOperatingSystemVersion(t *testing.T) {
+	tests := []EtcReleaseParsingTest{
+		{
+			name: "ubuntu 14.04",
+			content: `NAME="Ubuntu"
+PRETTY_NAME="Ubuntu 14.04.LTS"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
+			expected: "14.04",
+		},
+		{
+			name: "gentoo",
+			content: `NAME=Gentoo
+ID=gentoo
+PRETTY_NAME="Gentoo/Linux"
+ANSI_COLOR="1;32"
+HOME_URL="http://www.gentoo.org/"
+SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
+BUG_REPORT_URL="https://bugs.gentoo.org/"
+`,
+		},
+		{
+			name: "dual version id",
+			content: `VERSION_ID="14.04"
+VERSION_ID=18.04`,
+			expected: "18.04",
+		},
+	}
+
+	runEtcReleaseParsingTests(t, tests, GetOperatingSystemVersion)
+}
+
+func runEtcReleaseParsingTests(t *testing.T, tests []EtcReleaseParsingTest, parsingFunc func() (string, error)) {
+	var backup = etcOsRelease
+
+	dir := os.TempDir()
+	etcOsRelease = filepath.Join(dir, "etcOsRelease")
+
+	defer func() {
+		os.Remove(etcOsRelease)
+		etcOsRelease = backup
+	}()
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if err := os.WriteFile(etcOsRelease, []byte(test.content), 0600); err != nil {
+				t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
+			}
+			s, err := parsingFunc()
+			if test.expectedErr == "" {
+				assert.NilError(t, err)
+			} else {
+				assert.Error(t, err, test.expectedErr)
+			}
+			assert.Equal(t, s, test.expected)
+		})
+	}
+}
+
+func TestIsContainerized(t *testing.T) {
+	var (
+		backup                                = proc1Cgroup
+		nonContainerizedProc1Cgroupsystemd226 = []byte(`9:memory:/init.scope
+8:net_cls,net_prio:/
+7:cpuset:/
+6:freezer:/
+5:devices:/init.scope
+4:blkio:/init.scope
+3:cpu,cpuacct:/init.scope
+2:perf_event:/
+1:name=systemd:/init.scope
+`)
+		nonContainerizedProc1Cgroup = []byte(`14:name=systemd:/
+13:hugetlb:/
+12:net_prio:/
+11:perf_event:/
+10:bfqio:/
+9:blkio:/
+8:net_cls:/
+7:freezer:/
+6:devices:/
+5:memory:/
+4:cpuacct:/
+3:cpu:/
+2:cpuset:/
+`)
+		containerizedProc1Cgroup = []byte(`9:perf_event:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+8:blkio:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+7:net_cls:/
+6:freezer:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+5:devices:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+4:memory:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+3:cpuacct:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+2:cpu:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+1:cpuset:/`)
+		nonContainerizedProc1CgroupNotSystemd = []byte(`9:memory:/not/init.scope
+	1:name=not_systemd:/not.init.scope
+`)
+	)
+
+	dir := os.TempDir()
+	proc1Cgroup = filepath.Join(dir, "proc1Cgroup")
+
+	defer func() {
+		os.Remove(proc1Cgroup)
+		proc1Cgroup = backup
+	}()
+
+	if err := os.WriteFile(proc1Cgroup, nonContainerizedProc1Cgroup, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err := IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if inContainer {
+		t.Fatal("Wrongly assuming containerized")
+	}
+
+	if err := os.WriteFile(proc1Cgroup, nonContainerizedProc1Cgroupsystemd226, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err = IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if inContainer {
+		t.Fatal("Wrongly assuming containerized for systemd /init.scope cgroup layout")
+	}
+
+	if err := os.WriteFile(proc1Cgroup, nonContainerizedProc1CgroupNotSystemd, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err = IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !inContainer {
+		t.Fatal("Wrongly assuming non-containerized")
+	}
+
+	if err := os.WriteFile(proc1Cgroup, containerizedProc1Cgroup, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err = IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !inContainer {
+		t.Fatal("Wrongly assuming non-containerized")
+	}
+}
+
+func TestOsReleaseFallback(t *testing.T) {
+	var backup = etcOsRelease
+	var altBackup = altOsRelease
+	dir := os.TempDir()
+	etcOsRelease = filepath.Join(dir, "etcOsRelease")
+	altOsRelease = filepath.Join(dir, "altOsRelease")
+
+	defer func() {
+		os.Remove(dir)
+		etcOsRelease = backup
+		altOsRelease = altBackup
+	}()
+	content := `NAME=Gentoo
+ID=gentoo
+PRETTY_NAME="Gentoo/Linux"
+ANSI_COLOR="1;32"
+HOME_URL="http://www.gentoo.org/"
+SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
+BUG_REPORT_URL="https://bugs.gentoo.org/"
+`
+	if err := os.WriteFile(altOsRelease, []byte(content), 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
+	}
+	s, err := GetOperatingSystem()
+	if err != nil || s != "Gentoo/Linux" {
+		t.Fatalf("Expected %q, got %q (err: %v)", "Gentoo/Linux", s, err)
+	}
+}
diff --git a/pkg/parsers/operatingsystem/operatingsystem_unix.go b/pkg/parsers/operatingsystem/operatingsystem_unix.go
index f4792d37d5fb2..951f1b4e427b7 100644
--- a/pkg/parsers/operatingsystem/operatingsystem_unix.go
+++ b/pkg/parsers/operatingsystem/operatingsystem_unix.go
@@ -1,20 +1,28 @@
+//go:build freebsd || darwin
 // +build freebsd darwin
 
 package operatingsystem // import "github.com/docker/docker/pkg/parsers/operatingsystem"
 
 import (
+	"bytes"
 	"errors"
-	"os/exec"
+
+	"golang.org/x/sys/unix"
 )
 
 // GetOperatingSystem gets the name of the current operating system.
 func GetOperatingSystem() (string, error) {
-	cmd := exec.Command("uname", "-s")
-	osName, err := cmd.Output()
-	if err != nil {
+	utsname := &unix.Utsname{}
+	if err := unix.Uname(utsname); err != nil {
 		return "", err
 	}
-	return string(osName), nil
+	return string(utsname.Machine[:bytes.IndexByte(utsname.Sysname[:], 0)]), nil
+}
+
+// GetOperatingSystemVersion gets the version of the current operating system, as a string.
+func GetOperatingSystemVersion() (string, error) {
+	// there's no standard unix way of getting this, sadly...
+	return "", errors.New("Unsupported on generic unix")
 }
 
 // IsContainerized returns true if we are running inside a container.
diff --git a/pkg/parsers/operatingsystem/operatingsystem_unix_test.go b/pkg/parsers/operatingsystem/operatingsystem_unix_test.go
deleted file mode 100644
index d10ed4cdcd532..0000000000000
--- a/pkg/parsers/operatingsystem/operatingsystem_unix_test.go
+++ /dev/null
@@ -1,247 +0,0 @@
-// +build linux freebsd
-
-package operatingsystem // import "github.com/docker/docker/pkg/parsers/operatingsystem"
-
-import (
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestGetOperatingSystem(t *testing.T) {
-	var backup = etcOsRelease
-
-	invalids := []struct {
-		content       string
-		errorExpected string
-	}{
-		{
-			`PRETTY_NAME=Source Mage GNU/Linux
-PRETTY_NAME=Ubuntu 14.04.LTS`,
-			"PRETTY_NAME needs to be enclosed by quotes if they have spaces: Source Mage GNU/Linux",
-		},
-		{
-			`PRETTY_NAME="Ubuntu Linux
-PRETTY_NAME=Ubuntu 14.04.LTS`,
-			"PRETTY_NAME is invalid: invalid command line string",
-		},
-		{
-			`PRETTY_NAME=Ubuntu'
-PRETTY_NAME=Ubuntu 14.04.LTS`,
-			"PRETTY_NAME is invalid: invalid command line string",
-		},
-		{
-			`PRETTY_NAME'
-PRETTY_NAME=Ubuntu 14.04.LTS`,
-			"PRETTY_NAME needs to be enclosed by quotes if they have spaces: Ubuntu 14.04.LTS",
-		},
-	}
-
-	valids := []struct {
-		content  string
-		expected string
-	}{
-		{
-			`NAME="Ubuntu"
-PRETTY_NAME_AGAIN="Ubuntu 14.04.LTS"
-VERSION="14.04, Trusty Tahr"
-ID=ubuntu
-ID_LIKE=debian
-VERSION_ID="14.04"
-HOME_URL="http://www.ubuntu.com/"
-SUPPORT_URL="http://help.ubuntu.com/"
-BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
-			"Linux",
-		},
-		{
-			`NAME="Ubuntu"
-VERSION="14.04, Trusty Tahr"
-ID=ubuntu
-ID_LIKE=debian
-VERSION_ID="14.04"
-HOME_URL="http://www.ubuntu.com/"
-SUPPORT_URL="http://help.ubuntu.com/"
-BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
-			"Linux",
-		},
-		{
-			`NAME=Gentoo
-ID=gentoo
-PRETTY_NAME="Gentoo/Linux"
-ANSI_COLOR="1;32"
-HOME_URL="http://www.gentoo.org/"
-SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
-BUG_REPORT_URL="https://bugs.gentoo.org/"
-`,
-			"Gentoo/Linux",
-		},
-		{
-			`NAME="Ubuntu"
-VERSION="14.04, Trusty Tahr"
-ID=ubuntu
-ID_LIKE=debian
-PRETTY_NAME="Ubuntu 14.04 LTS"
-VERSION_ID="14.04"
-HOME_URL="http://www.ubuntu.com/"
-SUPPORT_URL="http://help.ubuntu.com/"
-BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
-			"Ubuntu 14.04 LTS",
-		},
-		{
-			`NAME="Ubuntu"
-VERSION="14.04, Trusty Tahr"
-ID=ubuntu
-ID_LIKE=debian
-PRETTY_NAME='Ubuntu 14.04 LTS'`,
-			"Ubuntu 14.04 LTS",
-		},
-		{
-			`PRETTY_NAME=Source
-NAME="Source Mage"`,
-			"Source",
-		},
-		{
-			`PRETTY_NAME=Source
-PRETTY_NAME="Source Mage"`,
-			"Source Mage",
-		},
-	}
-
-	dir := os.TempDir()
-	etcOsRelease = filepath.Join(dir, "etcOsRelease")
-
-	defer func() {
-		os.Remove(etcOsRelease)
-		etcOsRelease = backup
-	}()
-
-	for _, elt := range invalids {
-		if err := ioutil.WriteFile(etcOsRelease, []byte(elt.content), 0600); err != nil {
-			t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
-		}
-		s, err := GetOperatingSystem()
-		if err == nil || err.Error() != elt.errorExpected {
-			t.Fatalf("Expected an error %q, got %q (err: %v)", elt.errorExpected, s, err)
-		}
-	}
-
-	for _, elt := range valids {
-		if err := ioutil.WriteFile(etcOsRelease, []byte(elt.content), 0600); err != nil {
-			t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
-		}
-		s, err := GetOperatingSystem()
-		if err != nil || s != elt.expected {
-			t.Fatalf("Expected %q, got %q (err: %v)", elt.expected, s, err)
-		}
-	}
-}
-
-func TestIsContainerized(t *testing.T) {
-	var (
-		backup                                = proc1Cgroup
-		nonContainerizedProc1Cgroupsystemd226 = []byte(`9:memory:/init.scope
-8:net_cls,net_prio:/
-7:cpuset:/
-6:freezer:/
-5:devices:/init.scope
-4:blkio:/init.scope
-3:cpu,cpuacct:/init.scope
-2:perf_event:/
-1:name=systemd:/init.scope
-`)
-		nonContainerizedProc1Cgroup = []byte(`14:name=systemd:/
-13:hugetlb:/
-12:net_prio:/
-11:perf_event:/
-10:bfqio:/
-9:blkio:/
-8:net_cls:/
-7:freezer:/
-6:devices:/
-5:memory:/
-4:cpuacct:/
-3:cpu:/
-2:cpuset:/
-`)
-		containerizedProc1Cgroup = []byte(`9:perf_event:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
-8:blkio:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
-7:net_cls:/
-6:freezer:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
-5:devices:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
-4:memory:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
-3:cpuacct:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
-2:cpu:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
-1:cpuset:/`)
-	)
-
-	dir := os.TempDir()
-	proc1Cgroup = filepath.Join(dir, "proc1Cgroup")
-
-	defer func() {
-		os.Remove(proc1Cgroup)
-		proc1Cgroup = backup
-	}()
-
-	if err := ioutil.WriteFile(proc1Cgroup, nonContainerizedProc1Cgroup, 0600); err != nil {
-		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
-	}
-	inContainer, err := IsContainerized()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if inContainer {
-		t.Fatal("Wrongly assuming containerized")
-	}
-
-	if err := ioutil.WriteFile(proc1Cgroup, nonContainerizedProc1Cgroupsystemd226, 0600); err != nil {
-		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
-	}
-	inContainer, err = IsContainerized()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if inContainer {
-		t.Fatal("Wrongly assuming containerized for systemd /init.scope cgroup layout")
-	}
-
-	if err := ioutil.WriteFile(proc1Cgroup, containerizedProc1Cgroup, 0600); err != nil {
-		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
-	}
-	inContainer, err = IsContainerized()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !inContainer {
-		t.Fatal("Wrongly assuming non-containerized")
-	}
-}
-
-func TestOsReleaseFallback(t *testing.T) {
-	var backup = etcOsRelease
-	var altBackup = altOsRelease
-	dir := os.TempDir()
-	etcOsRelease = filepath.Join(dir, "etcOsRelease")
-	altOsRelease = filepath.Join(dir, "altOsRelease")
-
-	defer func() {
-		os.Remove(dir)
-		etcOsRelease = backup
-		altOsRelease = altBackup
-	}()
-	content := `NAME=Gentoo
-ID=gentoo
-PRETTY_NAME="Gentoo/Linux"
-ANSI_COLOR="1;32"
-HOME_URL="http://www.gentoo.org/"
-SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
-BUG_REPORT_URL="https://bugs.gentoo.org/"
-`
-	if err := ioutil.WriteFile(altOsRelease, []byte(content), 0600); err != nil {
-		t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
-	}
-	s, err := GetOperatingSystem()
-	if err != nil || s != "Gentoo/Linux" {
-		t.Fatalf("Expected %q, got %q (err: %v)", "Gentoo/Linux", s, err)
-	}
-}
diff --git a/pkg/parsers/operatingsystem/operatingsystem_windows.go b/pkg/parsers/operatingsystem/operatingsystem_windows.go
index 372de5146963b..5d58eca4d8b39 100644
--- a/pkg/parsers/operatingsystem/operatingsystem_windows.go
+++ b/pkg/parsers/operatingsystem/operatingsystem_windows.go
@@ -3,45 +3,57 @@ package operatingsystem // import "github.com/docker/docker/pkg/parsers/operatin
 import (
 	"fmt"
 
+	"github.com/Microsoft/hcsshim/osversion"
 	"golang.org/x/sys/windows/registry"
 )
 
 // GetOperatingSystem gets the name of the current operating system.
 func GetOperatingSystem() (string, error) {
-
-	// Default return value
-	ret := "Unknown Operating System"
-
-	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
-	if err != nil {
-		return ret, err
+	os, err := withCurrentVersionRegistryKey(func(key registry.Key) (os string, err error) {
+		if os, _, err = key.GetStringValue("ProductName"); err != nil {
+			return "", err
+		}
+
+		releaseId, _, err := key.GetStringValue("ReleaseId")
+		if err != nil {
+			return
+		}
+		os = fmt.Sprintf("%s Version %s", os, releaseId)
+
+		buildNumber, _, err := key.GetStringValue("CurrentBuildNumber")
+		if err != nil {
+			return
+		}
+		ubr, _, err := key.GetIntegerValue("UBR")
+		if err != nil {
+			return
+		}
+		os = fmt.Sprintf("%s (OS Build %s.%d)", os, buildNumber, ubr)
+
+		return
+	})
+
+	if os == "" {
+		// Default return value
+		os = "Unknown Operating System"
 	}
-	defer k.Close()
 
-	pn, _, err := k.GetStringValue("ProductName")
-	if err != nil {
-		return ret, err
-	}
-	ret = pn
-
-	ri, _, err := k.GetStringValue("ReleaseId")
-	if err != nil {
-		return ret, err
-	}
-	ret = fmt.Sprintf("%s Version %s", ret, ri)
-
-	cbn, _, err := k.GetStringValue("CurrentBuildNumber")
-	if err != nil {
-		return ret, err
-	}
+	return os, err
+}
 
-	ubr, _, err := k.GetIntegerValue("UBR")
+func withCurrentVersionRegistryKey(f func(registry.Key) (string, error)) (string, error) {
+	key, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
 	if err != nil {
-		return ret, err
+		return "", err
 	}
-	ret = fmt.Sprintf("%s (OS Build %s.%d)", ret, cbn, ubr)
+	defer key.Close()
+	return f(key)
+}
 
-	return ret, nil
+// GetOperatingSystemVersion gets the version of the current operating system, as a string.
+func GetOperatingSystemVersion() (string, error) {
+	version := osversion.Get()
+	return fmt.Sprintf("%d.%d.%d", version.MajorVersion, version.MinorVersion, version.Build), nil
 }
 
 // IsContainerized returns true if we are running inside a container.
diff --git a/pkg/pidfile/pidfile.go b/pkg/pidfile/pidfile.go
index 0617a89e5ff35..a4dac5d02589b 100644
--- a/pkg/pidfile/pidfile.go
+++ b/pkg/pidfile/pidfile.go
@@ -5,7 +5,6 @@ package pidfile // import "github.com/docker/docker/pkg/pidfile"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -20,7 +19,7 @@ type PIDFile struct {
 }
 
 func checkPIDFileAlreadyExists(path string) error {
-	if pidByte, err := ioutil.ReadFile(path); err == nil {
+	if pidByte, err := os.ReadFile(path); err == nil {
 		pidString := strings.TrimSpace(string(pidByte))
 		if pid, err := strconv.Atoi(pidString); err == nil {
 			if processExists(pid) {
@@ -37,10 +36,10 @@ func New(path string) (*PIDFile, error) {
 		return nil, err
 	}
 	// Note MkdirAll returns nil if a directory already exists
-	if err := system.MkdirAll(filepath.Dir(path), os.FileMode(0755), ""); err != nil {
+	if err := system.MkdirAll(filepath.Dir(path), os.FileMode(0755)); err != nil {
 		return nil, err
 	}
-	if err := ioutil.WriteFile(path, []byte(fmt.Sprintf("%d", os.Getpid())), 0644); err != nil {
+	if err := os.WriteFile(path, []byte(fmt.Sprintf("%d", os.Getpid())), 0644); err != nil {
 		return nil, err
 	}
 
diff --git a/pkg/pidfile/pidfile_darwin.go b/pkg/pidfile/pidfile_darwin.go
index 92746aa7bff25..943183d682096 100644
--- a/pkg/pidfile/pidfile_darwin.go
+++ b/pkg/pidfile/pidfile_darwin.go
@@ -1,3 +1,4 @@
+//go:build darwin
 // +build darwin
 
 package pidfile // import "github.com/docker/docker/pkg/pidfile"
diff --git a/pkg/pidfile/pidfile_test.go b/pkg/pidfile/pidfile_test.go
index cd9878e1e4309..59860350a7446 100644
--- a/pkg/pidfile/pidfile_test.go
+++ b/pkg/pidfile/pidfile_test.go
@@ -1,14 +1,13 @@
 package pidfile // import "github.com/docker/docker/pkg/pidfile"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 )
 
 func TestNewAndRemove(t *testing.T) {
-	dir, err := ioutil.TempDir(os.TempDir(), "test-pidfile")
+	dir, err := os.MkdirTemp(os.TempDir(), "test-pidfile")
 	if err != nil {
 		t.Fatal("Could not create test directory")
 	}
diff --git a/pkg/pidfile/pidfile_unix.go b/pkg/pidfile/pidfile_unix.go
index cc6696d211c1c..bcf9ebcac2cd0 100644
--- a/pkg/pidfile/pidfile_unix.go
+++ b/pkg/pidfile/pidfile_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows && !darwin
 // +build !windows,!darwin
 
 package pidfile // import "github.com/docker/docker/pkg/pidfile"
diff --git a/pkg/platform/architecture_linux.go b/pkg/platform/architecture_linux.go
deleted file mode 100644
index a260a23f4faff..0000000000000
--- a/pkg/platform/architecture_linux.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Package platform provides helper function to get the runtime architecture
-// for different platforms.
-package platform // import "github.com/docker/docker/pkg/platform"
-
-import (
-	"bytes"
-
-	"golang.org/x/sys/unix"
-)
-
-// runtimeArchitecture gets the name of the current architecture (x86, x86_64, …)
-func runtimeArchitecture() (string, error) {
-	utsname := &unix.Utsname{}
-	if err := unix.Uname(utsname); err != nil {
-		return "", err
-	}
-	return string(utsname.Machine[:bytes.IndexByte(utsname.Machine[:], 0)]), nil
-}
diff --git a/pkg/platform/architecture_unix.go b/pkg/platform/architecture_unix.go
index d51f68698f364..2585e0620f562 100644
--- a/pkg/platform/architecture_unix.go
+++ b/pkg/platform/architecture_unix.go
@@ -1,20 +1,21 @@
-// +build freebsd darwin
+//go:build !windows
+// +build !windows
 
 // Package platform provides helper function to get the runtime architecture
 // for different platforms.
 package platform // import "github.com/docker/docker/pkg/platform"
 
 import (
-	"os/exec"
-	"strings"
+	"bytes"
+
+	"golang.org/x/sys/unix"
 )
 
 // runtimeArchitecture gets the name of the current architecture (x86, x86_64, i86pc, sun4v, ...)
 func runtimeArchitecture() (string, error) {
-	cmd := exec.Command("/usr/bin/uname", "-m")
-	machine, err := cmd.Output()
-	if err != nil {
+	utsname := &unix.Utsname{}
+	if err := unix.Uname(utsname); err != nil {
 		return "", err
 	}
-	return strings.TrimSpace(string(machine)), nil
+	return string(utsname.Machine[:bytes.IndexByte(utsname.Machine[:], 0)]), nil
 }
diff --git a/pkg/plugins/client.go b/pkg/plugins/client.go
index 0353305358fa2..752fecd0ae471 100644
--- a/pkg/plugins/client.go
+++ b/pkg/plugins/client.go
@@ -5,7 +5,6 @@ import (
 	"context"
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"time"
@@ -187,7 +186,7 @@ func (c *Client) callWithRetry(serviceMethod string, data io.Reader, retry bool,
 		}
 
 		if resp.StatusCode != http.StatusOK {
-			b, err := ioutil.ReadAll(resp.Body)
+			b, err := io.ReadAll(resp.Body)
 			resp.Body.Close()
 			cancelRequest()
 			if err != nil {
diff --git a/pkg/plugins/client_test.go b/pkg/plugins/client_test.go
index c3a4892272cd0..f93734d367207 100644
--- a/pkg/plugins/client_test.go
+++ b/pkg/plugins/client_test.go
@@ -2,7 +2,6 @@ package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"bytes"
-	"context"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -15,8 +14,8 @@ import (
 	"github.com/docker/docker/pkg/plugins/transport"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 var (
@@ -71,7 +70,7 @@ func TestEchoInputOutput(t *testing.T) {
 	m := Manifest{[]string{"VolumeDriver", "NetworkDriver"}}
 
 	mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != "POST" {
+		if r.Method != http.MethodPost {
 			t.Fatalf("Expected POST, got %s\n", r.Method)
 		}
 
@@ -186,7 +185,7 @@ func TestClientStream(t *testing.T) {
 	var output Manifest
 
 	mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != "POST" {
+		if r.Method != http.MethodPost {
 			t.Fatalf("Expected POST, got %s", r.Method)
 		}
 
@@ -219,7 +218,7 @@ func TestClientSendFile(t *testing.T) {
 		t.Fatal(err)
 	}
 	mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != "POST" {
+		if r.Method != http.MethodPost {
 			t.Fatalf("Expected POST, got %s\n", r.Method)
 		}
 
@@ -237,9 +236,13 @@ func TestClientSendFile(t *testing.T) {
 }
 
 func TestClientWithRequestTimeout(t *testing.T) {
+	type timeoutError interface {
+		Timeout() bool
+	}
+
 	timeout := 1 * time.Millisecond
 	testHandler := func(w http.ResponseWriter, r *http.Request) {
-		time.Sleep(timeout + 1*time.Millisecond)
+		time.Sleep(timeout + 10*time.Millisecond)
 		w.WriteHeader(http.StatusOK)
 	}
 
@@ -250,13 +253,9 @@ func TestClientWithRequestTimeout(t *testing.T) {
 	_, err := client.callWithRetry("/Plugin.Hello", nil, false, WithRequestTimeout(timeout))
 	assert.Assert(t, is.ErrorContains(err, ""), "expected error")
 
-	err = errors.Cause(err)
-
-	switch e := err.(type) {
-	case *url.Error:
-		err = e.Err
-	}
-	assert.DeepEqual(t, context.DeadlineExceeded, err)
+	var tErr timeoutError
+	assert.Assert(t, errors.As(err, &tErr))
+	assert.Assert(t, tErr.Timeout())
 }
 
 type testRequestWrapper struct {
@@ -264,7 +263,7 @@ type testRequestWrapper struct {
 }
 
 func (w *testRequestWrapper) NewRequest(path string, data io.Reader) (*http.Request, error) {
-	req, err := http.NewRequest("POST", path, data)
+	req, err := http.NewRequest(http.MethodPost, path, data)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/plugins/discovery.go b/pkg/plugins/discovery.go
index 4b79bd29ad298..f24673ed87c5f 100644
--- a/pkg/plugins/discovery.go
+++ b/pkg/plugins/discovery.go
@@ -3,7 +3,6 @@ package plugins // import "github.com/docker/docker/pkg/plugins"
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"path/filepath"
@@ -29,33 +28,35 @@ func newLocalRegistry() localRegistry {
 // Scan scans all the plugin paths and returns all the names it found
 func Scan() ([]string, error) {
 	var names []string
-	dirEntries, err := ioutil.ReadDir(socketsPath)
+	dirEntries, err := os.ReadDir(socketsPath)
 	if err != nil && !os.IsNotExist(err) {
 		return nil, errors.Wrap(err, "error reading dir entries")
 	}
 
-	for _, fi := range dirEntries {
-		if fi.IsDir() {
-			fi, err = os.Stat(filepath.Join(socketsPath, fi.Name(), fi.Name()+".sock"))
+	for _, entry := range dirEntries {
+		if entry.IsDir() {
+			fi, err := os.Stat(filepath.Join(socketsPath, entry.Name(), entry.Name()+".sock"))
 			if err != nil {
 				continue
 			}
+
+			entry = fileInfoToDirEntry(fi)
 		}
 
-		if fi.Mode()&os.ModeSocket != 0 {
-			names = append(names, strings.TrimSuffix(filepath.Base(fi.Name()), filepath.Ext(fi.Name())))
+		if entry.Type()&os.ModeSocket != 0 {
+			names = append(names, strings.TrimSuffix(filepath.Base(entry.Name()), filepath.Ext(entry.Name())))
 		}
 	}
 
 	for _, p := range specsPaths {
-		dirEntries, err := ioutil.ReadDir(p)
+		dirEntries, err := os.ReadDir(p)
 		if err != nil && !os.IsNotExist(err) {
 			return nil, errors.Wrap(err, "error reading dir entries")
 		}
 
 		for _, fi := range dirEntries {
 			if fi.IsDir() {
-				infos, err := ioutil.ReadDir(filepath.Join(p, fi.Name()))
+				infos, err := os.ReadDir(filepath.Join(p, fi.Name()))
 				if err != nil {
 					continue
 				}
@@ -108,7 +109,7 @@ func (l *localRegistry) Plugin(name string) (*Plugin, error) {
 }
 
 func readPluginInfo(name, path string) (*Plugin, error) {
-	content, err := ioutil.ReadFile(path)
+	content, err := os.ReadFile(path)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/plugins/discovery_test.go b/pkg/plugins/discovery_test.go
index 28fda41bad2f1..f162fe662a1d2 100644
--- a/pkg/plugins/discovery_test.go
+++ b/pkg/plugins/discovery_test.go
@@ -1,14 +1,13 @@
 package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 )
 
 func Setup(t *testing.T) (string, func()) {
-	tmpdir, err := ioutil.TempDir("", "docker-test")
+	tmpdir, err := os.MkdirTemp("", "docker-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -44,7 +43,7 @@ func TestFileSpecPlugin(t *testing.T) {
 		if err := os.MkdirAll(filepath.Dir(c.path), 0755); err != nil {
 			t.Fatal(err)
 		}
-		if err := ioutil.WriteFile(c.path, []byte(c.addr), 0644); err != nil {
+		if err := os.WriteFile(c.path, []byte(c.addr), 0644); err != nil {
 			t.Fatal(err)
 		}
 
@@ -87,7 +86,7 @@ func TestFileJSONSpecPlugin(t *testing.T) {
 	}
 }`
 
-	if err := ioutil.WriteFile(p, []byte(spec), 0644); err != nil {
+	if err := os.WriteFile(p, []byte(spec), 0644); err != nil {
 		t.Fatal(err)
 	}
 
@@ -128,7 +127,7 @@ func TestFileJSONSpecPluginWithoutTLSConfig(t *testing.T) {
   "Addr": "https://example.com/docker/plugin"
 }`
 
-	if err := ioutil.WriteFile(p, []byte(spec), 0644); err != nil {
+	if err := os.WriteFile(p, []byte(spec), 0644); err != nil {
 		t.Fatal(err)
 	}
 
diff --git a/pkg/plugins/discovery_unix.go b/pkg/plugins/discovery_unix.go
index 58058f2828685..d645da8ce4219 100644
--- a/pkg/plugins/discovery_unix.go
+++ b/pkg/plugins/discovery_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package plugins // import "github.com/docker/docker/pkg/plugins"
diff --git a/pkg/plugins/discovery_unix_test.go b/pkg/plugins/discovery_unix_test.go
index b4aefc83e488a..cb1f204f9156b 100644
--- a/pkg/plugins/discovery_unix_test.go
+++ b/pkg/plugins/discovery_unix_test.go
@@ -1,17 +1,17 @@
+//go:build !windows
 // +build !windows
 
 package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
 	"reflect"
 	"testing"
 
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestLocalSocket(t *testing.T) {
@@ -84,7 +84,7 @@ func TestScan(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	err = ioutil.WriteFile(path, []byte(addr), 0644)
+	err = os.WriteFile(path, []byte(addr), 0644)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/pkg/plugins/plugin_test.go b/pkg/plugins/plugin_test.go
index ce98078f87c17..1252dd17b2228 100644
--- a/pkg/plugins/plugin_test.go
+++ b/pkg/plugins/plugin_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"net/http"
+	"os"
 	"path/filepath"
 	"runtime"
 	"sync"
@@ -15,7 +15,7 @@ import (
 	"github.com/docker/docker/pkg/plugins/transport"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 const (
@@ -77,11 +77,11 @@ func TestGet(t *testing.T) {
 
 	// check negative case where plugin fruit doesn't implement banana
 	_, err = Get("fruit", "banana")
-	assert.Equal(t, errors.Cause(err), ErrNotImplements)
+	assert.Assert(t, errors.Is(err, ErrNotImplements))
 
 	// check negative case where plugin vegetable doesn't exist
 	_, err = Get("vegetable", "potato")
-	assert.Equal(t, errors.Cause(err), ErrNotFound)
+	assert.Assert(t, errors.Is(err, ErrNotFound))
 }
 
 func TestPluginWithNoManifest(t *testing.T) {
@@ -95,7 +95,7 @@ func TestPluginWithNoManifest(t *testing.T) {
 	}
 
 	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != "POST" {
+		if r.Method != http.MethodPost {
 			t.Fatalf("Expected POST, got %s\n", r.Method)
 		}
 
@@ -132,7 +132,7 @@ func TestGetAll(t *testing.T) {
 	"Addr": "https://example.com/docker/plugin"
 }`
 
-	if err := ioutil.WriteFile(p, []byte(spec), 0644); err != nil {
+	if err := os.WriteFile(p, []byte(spec), 0644); err != nil {
 		t.Fatal(err)
 	}
 
diff --git a/pkg/plugins/pluginrpc-gen/main.go b/pkg/plugins/pluginrpc-gen/main.go
index e77a7d45ff7ce..cd39588340694 100644
--- a/pkg/plugins/pluginrpc-gen/main.go
+++ b/pkg/plugins/pluginrpc-gen/main.go
@@ -5,7 +5,6 @@ import (
 	"flag"
 	"fmt"
 	"go/format"
-	"io/ioutil"
 	"os"
 	"unicode"
 	"unicode/utf8"
@@ -79,7 +78,7 @@ func main() {
 	errorOut("parser error", generatedTempl.Execute(&buf, analysis))
 	src, err := format.Source(buf.Bytes())
 	errorOut("error formatting generated source:\n"+buf.String(), err)
-	errorOut("error writing file", ioutil.WriteFile(*outputFile, src, 0644))
+	errorOut("error writing file", os.WriteFile(*outputFile, src, 0644))
 }
 
 func toLower(s string) string {
diff --git a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go
index 28c06ff6930e2..86023046faa04 100644
--- a/pkg/plugins/plugins.go
+++ b/pkg/plugins/plugins.go
@@ -24,6 +24,7 @@ package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"errors"
+	"fmt"
 	"sync"
 	"time"
 
@@ -254,6 +255,9 @@ func get(name string) (*Plugin, error) {
 
 // Get returns the plugin given the specified name and requested implementation.
 func Get(name, imp string) (*Plugin, error) {
+	if name == "" {
+		return nil, errors.New("Unable to find plugin without name")
+	}
 	pl, err := get(name)
 	if err != nil {
 		return nil, err
@@ -262,7 +266,7 @@ func Get(name, imp string) (*Plugin, error) {
 		logrus.Debugf("%s implements: %s", name, imp)
 		return pl, nil
 	}
-	return nil, ErrNotImplements
+	return nil, fmt.Errorf("%w: plugin=%q, requested implementation=%q", ErrNotImplements, name, imp)
 }
 
 // Handle adds the specified function to the extpointHandlers.
diff --git a/pkg/plugins/plugins_unix.go b/pkg/plugins/plugins_unix.go
index cdfbe9345827a..23e9d5715a58b 100644
--- a/pkg/plugins/plugins_unix.go
+++ b/pkg/plugins/plugins_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package plugins // import "github.com/docker/docker/pkg/plugins"
diff --git a/pkg/plugins/transport/http_test.go b/pkg/plugins/transport/http_test.go
index 78ab23724b88d..2435fbb01d801 100644
--- a/pkg/plugins/transport/http_test.go
+++ b/pkg/plugins/transport/http_test.go
@@ -5,8 +5,8 @@ import (
 	"net/http"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestHTTPTransport(t *testing.T) {
@@ -17,5 +17,5 @@ func TestHTTPTransport(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	assert.Check(t, is.Equal("POST", request.Method))
+	assert.Check(t, is.Equal(http.MethodPost, request.Method))
 }
diff --git a/pkg/plugins/transport/transport.go b/pkg/plugins/transport/transport.go
index 9cb13335a8b80..6c66cad66221d 100644
--- a/pkg/plugins/transport/transport.go
+++ b/pkg/plugins/transport/transport.go
@@ -27,7 +27,7 @@ func newHTTPRequest(path string, data io.Reader) (*http.Request, error) {
 	if !strings.HasPrefix(path, "/") {
 		path = "/" + path
 	}
-	req, err := http.NewRequest("POST", path, data)
+	req, err := http.NewRequest(http.MethodPost, path, data)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/plugins/utils.go b/pkg/plugins/utils.go
new file mode 100644
index 0000000000000..bd2344ff2016f
--- /dev/null
+++ b/pkg/plugins/utils.go
@@ -0,0 +1,8 @@
+//go:build go1.17
+// +build go1.17
+
+package plugins
+
+import "io/fs"
+
+var fileInfoToDirEntry = fs.FileInfoToDirEntry
diff --git a/pkg/plugins/utils_go1.16.go b/pkg/plugins/utils_go1.16.go
new file mode 100644
index 0000000000000..ce8c21a039968
--- /dev/null
+++ b/pkg/plugins/utils_go1.16.go
@@ -0,0 +1,47 @@
+//go:build !go1.17
+// +build !go1.17
+
+// This code is taken from https://github.com/golang/go/blob/go1.17/src/io/fs/readdir.go#L49-L77
+// and provides the io/fs.FileInfoToDirEntry() utility for go1.16. Go 1.16 and up
+// provide a new implementation of ioutil.ReadDir() (in os.ReadDir()) that returns
+// an os.DirEntry instead of fs.FileInfo. go1.17 added the io/fs.FileInfoToDirEntry()
+// utility to allow existing uses of ReadDir() to get the old type. This utility
+// is not available in go1.16, so we copied it to assist the migration to os.ReadDir().
+
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package plugins
+
+import "os"
+
+// dirInfo is a DirEntry based on a FileInfo.
+type dirInfo struct {
+	fileInfo os.FileInfo
+}
+
+func (di dirInfo) IsDir() bool {
+	return di.fileInfo.IsDir()
+}
+
+func (di dirInfo) Type() os.FileMode {
+	return di.fileInfo.Mode().Type()
+}
+
+func (di dirInfo) Info() (os.FileInfo, error) {
+	return di.fileInfo, nil
+}
+
+func (di dirInfo) Name() string {
+	return di.fileInfo.Name()
+}
+
+// fileInfoToDirEntry returns a DirEntry that returns information from info.
+// If info is nil, fileInfoToDirEntry returns nil.
+func fileInfoToDirEntry(info os.FileInfo) os.DirEntry {
+	if info == nil {
+		return nil
+	}
+	return dirInfo{fileInfo: info}
+}
diff --git a/pkg/pools/pools.go b/pkg/pools/pools.go
index 46339c282f115..3792c67a9e454 100644
--- a/pkg/pools/pools.go
+++ b/pkg/pools/pools.go
@@ -62,23 +62,23 @@ type bufferPool struct {
 func newBufferPoolWithSize(size int) *bufferPool {
 	return &bufferPool{
 		pool: sync.Pool{
-			New: func() interface{} { return make([]byte, size) },
+			New: func() interface{} { s := make([]byte, size); return &s },
 		},
 	}
 }
 
-func (bp *bufferPool) Get() []byte {
-	return bp.pool.Get().([]byte)
+func (bp *bufferPool) Get() *[]byte {
+	return bp.pool.Get().(*[]byte)
 }
 
-func (bp *bufferPool) Put(b []byte) {
+func (bp *bufferPool) Put(b *[]byte) {
 	bp.pool.Put(b)
 }
 
 // Copy is a convenience wrapper which uses a buffer to avoid allocation in io.Copy.
 func Copy(dst io.Writer, src io.Reader) (written int64, err error) {
 	buf := buffer32KPool.Get()
-	written, err = io.CopyBuffer(dst, src, buf)
+	written, err = io.CopyBuffer(dst, src, *buf)
 	buffer32KPool.Put(buf)
 	return
 }
diff --git a/pkg/pools/pools_test.go b/pkg/pools/pools_test.go
index 7ff01ce3d5c85..6d1ca0598a1ea 100644
--- a/pkg/pools/pools_test.go
+++ b/pkg/pools/pools_test.go
@@ -7,8 +7,8 @@ import (
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestBufioReaderPoolGetWithNoReaderShouldCreateOne(t *testing.T) {
diff --git a/pkg/progress/progressreader.go b/pkg/progress/progressreader.go
index 7ca07dc640af3..07450a2d7084b 100644
--- a/pkg/progress/progressreader.go
+++ b/pkg/progress/progressreader.go
@@ -34,7 +34,7 @@ func NewProgressReader(in io.ReadCloser, out Output, size int64, id, action stri
 func (p *Reader) Read(buf []byte) (n int, err error) {
 	read, err := p.in.Read(buf)
 	p.current += int64(read)
-	updateEvery := int64(1024 * 512) //512kB
+	updateEvery := int64(1024 * 512) // 512kB
 	if p.size > 0 {
 		// Update progress for every 1% read if 1% < 512kB
 		if increment := int64(0.01 * float64(p.size)); increment < updateEvery {
diff --git a/pkg/progress/progressreader_test.go b/pkg/progress/progressreader_test.go
index e7081cc1f4400..0aaf398ed08d1 100644
--- a/pkg/progress/progressreader_test.go
+++ b/pkg/progress/progressreader_test.go
@@ -3,13 +3,12 @@ package progress // import "github.com/docker/docker/pkg/progress"
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 	"testing"
 )
 
 func TestOutputOnPrematureClose(t *testing.T) {
 	content := []byte("TESTING")
-	reader := ioutil.NopCloser(bytes.NewReader(content))
+	reader := io.NopCloser(bytes.NewReader(content))
 	progressChan := make(chan Progress, 10)
 
 	pr := NewProgressReader(reader, ChanOutput(progressChan), int64(len(content)), "Test", "Read")
@@ -41,12 +40,12 @@ drainLoop:
 
 func TestCompleteSilently(t *testing.T) {
 	content := []byte("TESTING")
-	reader := ioutil.NopCloser(bytes.NewReader(content))
+	reader := io.NopCloser(bytes.NewReader(content))
 	progressChan := make(chan Progress, 10)
 
 	pr := NewProgressReader(reader, ChanOutput(progressChan), int64(len(content)), "Test", "Read")
 
-	out, err := ioutil.ReadAll(pr)
+	out, err := io.ReadAll(pr)
 	if err != nil {
 		pr.Close()
 		t.Fatal(err)
diff --git a/pkg/pubsub/publisher.go b/pkg/pubsub/publisher.go
index 76033ed9e47a9..e53d17d515ae1 100644
--- a/pkg/pubsub/publisher.go
+++ b/pkg/pubsub/publisher.go
@@ -66,8 +66,11 @@ func (p *Publisher) SubscribeTopicWithBuffer(topic topicFunc, buffer int) chan i
 // Evict removes the specified subscriber from receiving any more messages.
 func (p *Publisher) Evict(sub chan interface{}) {
 	p.m.Lock()
-	delete(p.subscribers, sub)
-	close(sub)
+	_, exists := p.subscribers[sub]
+	if exists {
+		delete(p.subscribers, sub)
+		close(sub)
+	}
 	p.m.Unlock()
 }
 
@@ -107,9 +110,12 @@ func (p *Publisher) sendTopic(sub subscriber, topic topicFunc, v interface{}, wg
 
 	// send under a select as to not block if the receiver is unavailable
 	if p.timeout > 0 {
+		timeout := time.NewTimer(p.timeout)
+		defer timeout.Stop()
+
 		select {
 		case sub <- v:
-		case <-time.After(p.timeout):
+		case <-timeout.C:
 		}
 		return
 	}
diff --git a/pkg/reexec/command_unix.go b/pkg/reexec/command_unix.go
index ceaabbdeee913..b90043052e330 100644
--- a/pkg/reexec/command_unix.go
+++ b/pkg/reexec/command_unix.go
@@ -1,3 +1,4 @@
+//go:build freebsd || darwin
 // +build freebsd darwin
 
 package reexec // import "github.com/docker/docker/pkg/reexec"
diff --git a/pkg/reexec/command_unsupported.go b/pkg/reexec/command_unsupported.go
index e7eed24240c63..7175853a55520 100644
--- a/pkg/reexec/command_unsupported.go
+++ b/pkg/reexec/command_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows && !freebsd && !darwin
 // +build !linux,!windows,!freebsd,!darwin
 
 package reexec // import "github.com/docker/docker/pkg/reexec"
diff --git a/pkg/reexec/reexec_test.go b/pkg/reexec/reexec_test.go
index 44675e7b6378b..8aea0431e31ec 100644
--- a/pkg/reexec/reexec_test.go
+++ b/pkg/reexec/reexec_test.go
@@ -5,7 +5,7 @@ import (
 	"os/exec"
 	"testing"
 
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func init() {
diff --git a/pkg/signal/README.md b/pkg/signal/README.md
deleted file mode 100644
index 2b237a5942e4b..0000000000000
--- a/pkg/signal/README.md
+++ /dev/null
@@ -1 +0,0 @@
-This package provides helper functions for dealing with signals across various operating systems
\ No newline at end of file
diff --git a/pkg/signal/signal.go b/pkg/signal/signal.go
deleted file mode 100644
index 88ef7b5ea2653..0000000000000
--- a/pkg/signal/signal.go
+++ /dev/null
@@ -1,54 +0,0 @@
-// Package signal provides helper functions for dealing with signals across
-// various operating systems.
-package signal // import "github.com/docker/docker/pkg/signal"
-
-import (
-	"fmt"
-	"os"
-	"os/signal"
-	"strconv"
-	"strings"
-	"syscall"
-)
-
-// CatchAll catches all signals and relays them to the specified channel.
-func CatchAll(sigc chan os.Signal) {
-	var handledSigs []os.Signal
-	for _, s := range SignalMap {
-		handledSigs = append(handledSigs, s)
-	}
-	signal.Notify(sigc, handledSigs...)
-}
-
-// StopCatch stops catching the signals and closes the specified channel.
-func StopCatch(sigc chan os.Signal) {
-	signal.Stop(sigc)
-	close(sigc)
-}
-
-// ParseSignal translates a string to a valid syscall signal.
-// It returns an error if the signal map doesn't include the given signal.
-func ParseSignal(rawSignal string) (syscall.Signal, error) {
-	s, err := strconv.Atoi(rawSignal)
-	if err == nil {
-		if s == 0 {
-			return -1, fmt.Errorf("Invalid signal: %s", rawSignal)
-		}
-		return syscall.Signal(s), nil
-	}
-	signal, ok := SignalMap[strings.TrimPrefix(strings.ToUpper(rawSignal), "SIG")]
-	if !ok {
-		return -1, fmt.Errorf("Invalid signal: %s", rawSignal)
-	}
-	return signal, nil
-}
-
-// ValidSignalForPlatform returns true if a signal is valid on the platform
-func ValidSignalForPlatform(sig syscall.Signal) bool {
-	for _, v := range SignalMap {
-		if v == sig {
-			return true
-		}
-	}
-	return false
-}
diff --git a/pkg/signal/signal_deprecated.go b/pkg/signal/signal_deprecated.go
new file mode 100644
index 0000000000000..9977cad94ba8e
--- /dev/null
+++ b/pkg/signal/signal_deprecated.go
@@ -0,0 +1,55 @@
+// Package signal provides helper functions for dealing with signals across
+// various operating systems.
+package signal // import "github.com/docker/docker/pkg/signal"
+
+import (
+	"github.com/docker/docker/pkg/stack"
+	msignal "github.com/moby/sys/signal"
+)
+
+var (
+	// DumpStacks appends the runtime stack into file in dir and returns full path
+	// to that file.
+	// Deprecated: use github.com/docker/docker/pkg/stack.Dump instead.
+	DumpStacks = stack.DumpToFile
+
+	// CatchAll catches all signals and relays them to the specified channel.
+	// SIGURG is not handled, as it's used by the Go runtime to support
+	// preemptable system calls.
+	// Deprecated: use github.com/moby/sys/signal.CatchAll instead
+	CatchAll = msignal.CatchAll
+
+	// StopCatch stops catching the signals and closes the specified channel.
+	// Deprecated: use github.com/moby/sys/signal.StopCatch instead
+	StopCatch = msignal.StopCatch
+
+	// ParseSignal translates a string to a valid syscall signal.
+	// It returns an error if the signal map doesn't include the given signal.
+	// Deprecated: use github.com/moby/sys/signal.ParseSignal instead
+	ParseSignal = msignal.ParseSignal
+
+	// ValidSignalForPlatform returns true if a signal is valid on the platform
+	// Deprecated: use github.com/moby/sys/signal.ValidSignalForPlatform instead
+	ValidSignalForPlatform = msignal.ValidSignalForPlatform
+
+	// SignalMap is a map of signals for the current platform.
+	// Deprecated: use github.com/moby/sys/signal.SignalMap instead
+	SignalMap = msignal.SignalMap
+)
+
+// Signals used in cli/command
+const (
+	// SIGCHLD is a signal sent to a process when a child process terminates, is interrupted, or resumes after being interrupted.
+	// Deprecated: use github.com/moby/sys/signal.SIGCHLD instead
+	SIGCHLD = msignal.SIGCHLD
+	// SIGWINCH is a signal sent to a process when its controlling terminal changes its size
+	// Deprecated: use github.com/moby/sys/signal.SIGWINCH instead
+	SIGWINCH = msignal.SIGWINCH
+	// SIGPIPE is a signal sent to a process when a pipe is written to before the other end is open for reading
+	// Deprecated: use github.com/moby/sys/signal.SIGPIPE instead
+	SIGPIPE = msignal.SIGPIPE
+
+	// DefaultStopSignal has been deprecated and removed. The default value is
+	// now defined in github.com/docker/docker/container. Clients should omit
+	// the container's stop-signal field if the default should be used.
+)
diff --git a/pkg/signal/signal_linux_test.go b/pkg/signal/signal_linux_test.go
deleted file mode 100644
index 9a021e2164319..0000000000000
--- a/pkg/signal/signal_linux_test.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// +build darwin linux
-
-package signal // import "github.com/docker/docker/pkg/signal"
-
-import (
-	"os"
-	"syscall"
-	"testing"
-	"time"
-
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-)
-
-func TestCatchAll(t *testing.T) {
-	sigs := make(chan os.Signal, 1)
-	CatchAll(sigs)
-	defer StopCatch(sigs)
-
-	listOfSignals := map[string]string{
-		"CONT": syscall.SIGCONT.String(),
-		"HUP":  syscall.SIGHUP.String(),
-		"CHLD": syscall.SIGCHLD.String(),
-		"ILL":  syscall.SIGILL.String(),
-		"FPE":  syscall.SIGFPE.String(),
-		"CLD":  syscall.SIGCLD.String(),
-	}
-
-	for sigStr := range listOfSignals {
-		signal, ok := SignalMap[sigStr]
-		if ok {
-			go func() {
-				time.Sleep(1 * time.Millisecond)
-				syscall.Kill(syscall.Getpid(), signal)
-			}()
-
-			s := <-sigs
-			assert.Check(t, is.Equal(s.String(), signal.String()))
-		}
-
-	}
-}
-
-func TestStopCatch(t *testing.T) {
-	signal := SignalMap["HUP"]
-	channel := make(chan os.Signal, 1)
-	CatchAll(channel)
-	go func() {
-
-		time.Sleep(1 * time.Millisecond)
-		syscall.Kill(syscall.Getpid(), signal)
-	}()
-	signalString := <-channel
-	assert.Check(t, is.Equal(signalString.String(), signal.String()))
-
-	StopCatch(channel)
-	_, ok := <-channel
-	assert.Check(t, is.Equal(ok, false))
-}
diff --git a/pkg/signal/signal_test.go b/pkg/signal/signal_test.go
deleted file mode 100644
index 0bfcf6ce448dd..0000000000000
--- a/pkg/signal/signal_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package signal // import "github.com/docker/docker/pkg/signal"
-
-import (
-	"syscall"
-	"testing"
-
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-)
-
-func TestParseSignal(t *testing.T) {
-	_, checkAtoiError := ParseSignal("0")
-	assert.Check(t, is.Error(checkAtoiError, "Invalid signal: 0"))
-
-	_, error := ParseSignal("SIG")
-	assert.Check(t, is.Error(error, "Invalid signal: SIG"))
-
-	for sigStr := range SignalMap {
-		responseSignal, error := ParseSignal(sigStr)
-		assert.Check(t, error)
-		signal := SignalMap[sigStr]
-		assert.Check(t, is.DeepEqual(signal, responseSignal))
-	}
-}
-
-func TestValidSignalForPlatform(t *testing.T) {
-	isValidSignal := ValidSignalForPlatform(syscall.Signal(0))
-	assert.Check(t, is.Equal(false, isValidSignal))
-
-	for _, sigN := range SignalMap {
-		isValidSignal = ValidSignalForPlatform(syscall.Signal(sigN))
-		assert.Check(t, is.Equal(true, isValidSignal))
-	}
-}
diff --git a/pkg/signal/signal_unsupported.go b/pkg/signal/signal_unsupported.go
deleted file mode 100644
index 1fd25a83c6334..0000000000000
--- a/pkg/signal/signal_unsupported.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// +build !linux,!darwin,!freebsd,!windows
-
-package signal // import "github.com/docker/docker/pkg/signal"
-
-import (
-	"syscall"
-)
-
-// SignalMap is an empty map of signals for unsupported platform.
-var SignalMap = map[string]syscall.Signal{}
diff --git a/pkg/signal/signal_windows.go b/pkg/signal/signal_windows.go
deleted file mode 100644
index 65752f24aaef8..0000000000000
--- a/pkg/signal/signal_windows.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package signal // import "github.com/docker/docker/pkg/signal"
-
-import (
-	"syscall"
-)
-
-// Signals used in cli/command (no windows equivalent, use
-// invalid signals so they don't get handled)
-const (
-	SIGCHLD  = syscall.Signal(0xff)
-	SIGWINCH = syscall.Signal(0xff)
-	SIGPIPE  = syscall.Signal(0xff)
-	// DefaultStopSignal is the syscall signal used to stop a container in windows systems.
-	DefaultStopSignal = "15"
-)
-
-// SignalMap is a map of "supported" signals. As per the comment in GOLang's
-// ztypes_windows.go: "More invented values for signals". Windows doesn't
-// really support signals in any way, shape or form that Unix does.
-//
-// We have these so that docker kill can be used to gracefully (TERM) and
-// forcibly (KILL) terminate a container on Windows.
-var SignalMap = map[string]syscall.Signal{
-	"KILL": syscall.SIGKILL,
-	"TERM": syscall.SIGTERM,
-}
diff --git a/pkg/signal/testfiles/main.go b/pkg/signal/testfiles/main.go
deleted file mode 100644
index e56854c7c3bcc..0000000000000
--- a/pkg/signal/testfiles/main.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package main
-
-import (
-	"os"
-	"syscall"
-	"time"
-
-	"github.com/docker/docker/pkg/signal"
-	"github.com/sirupsen/logrus"
-)
-
-func main() {
-	sigmap := map[string]os.Signal{
-		"TERM": syscall.SIGTERM,
-		"QUIT": syscall.SIGQUIT,
-		"INT":  os.Interrupt,
-	}
-	signal.Trap(func() {
-		time.Sleep(time.Second)
-		os.Exit(99)
-	}, logrus.StandardLogger())
-	go func() {
-		p, err := os.FindProcess(os.Getpid())
-		if err != nil {
-			panic(err)
-		}
-		s := os.Getenv("SIGNAL_TYPE")
-		multiple := os.Getenv("IF_MULTIPLE")
-		switch s {
-		case "TERM", "INT":
-			if multiple == "1" {
-				for {
-					p.Signal(sigmap[s])
-				}
-			} else {
-				p.Signal(sigmap[s])
-			}
-		case "QUIT":
-			p.Signal(sigmap[s])
-		}
-	}()
-	time.Sleep(2 * time.Second)
-}
diff --git a/pkg/signal/trap.go b/pkg/signal/trap.go
deleted file mode 100644
index 2a6e69fb50773..0000000000000
--- a/pkg/signal/trap.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package signal // import "github.com/docker/docker/pkg/signal"
-
-import (
-	"fmt"
-	"os"
-	gosignal "os/signal"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"sync/atomic"
-	"syscall"
-	"time"
-
-	"github.com/pkg/errors"
-)
-
-// Trap sets up a simplified signal "trap", appropriate for common
-// behavior expected from a vanilla unix command-line tool in general
-// (and the Docker engine in particular).
-//
-// * If SIGINT or SIGTERM are received, `cleanup` is called, then the process is terminated.
-// * If SIGINT or SIGTERM are received 3 times before cleanup is complete, then cleanup is
-//   skipped and the process is terminated immediately (allows force quit of stuck daemon)
-// * A SIGQUIT always causes an exit without cleanup, with a goroutine dump preceding exit.
-// * Ignore SIGPIPE events. These are generated by systemd when journald is restarted while
-//   the docker daemon is not restarted and also running under systemd.
-//   Fixes https://github.com/docker/docker/issues/19728
-//
-func Trap(cleanup func(), logger interface {
-	Info(args ...interface{})
-}) {
-	c := make(chan os.Signal, 1)
-	// we will handle INT, TERM, QUIT, SIGPIPE here
-	signals := []os.Signal{os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT, syscall.SIGPIPE}
-	gosignal.Notify(c, signals...)
-	go func() {
-		interruptCount := uint32(0)
-		for sig := range c {
-			if sig == syscall.SIGPIPE {
-				continue
-			}
-
-			go func(sig os.Signal) {
-				logger.Info(fmt.Sprintf("Processing signal '%v'", sig))
-				switch sig {
-				case os.Interrupt, syscall.SIGTERM:
-					if atomic.LoadUint32(&interruptCount) < 3 {
-						// Initiate the cleanup only once
-						if atomic.AddUint32(&interruptCount, 1) == 1 {
-							// Call the provided cleanup handler
-							cleanup()
-							os.Exit(0)
-						} else {
-							return
-						}
-					} else {
-						// 3 SIGTERM/INT signals received; force exit without cleanup
-						logger.Info("Forcing docker daemon shutdown without cleanup; 3 interrupts received")
-					}
-				case syscall.SIGQUIT:
-					DumpStacks("")
-					logger.Info("Forcing docker daemon shutdown without cleanup on SIGQUIT")
-				}
-				//for the SIGINT/TERM, and SIGQUIT non-clean shutdown case, exit with 128 + signal #
-				os.Exit(128 + int(sig.(syscall.Signal)))
-			}(sig)
-		}
-	}()
-}
-
-const stacksLogNameTemplate = "goroutine-stacks-%s.log"
-
-// DumpStacks appends the runtime stack into file in dir and returns full path
-// to that file.
-func DumpStacks(dir string) (string, error) {
-	var (
-		buf       []byte
-		stackSize int
-	)
-	bufferLen := 16384
-	for stackSize == len(buf) {
-		buf = make([]byte, bufferLen)
-		stackSize = runtime.Stack(buf, true)
-		bufferLen *= 2
-	}
-	buf = buf[:stackSize]
-	var f *os.File
-	if dir != "" {
-		path := filepath.Join(dir, fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)))
-		var err error
-		f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0666)
-		if err != nil {
-			return "", errors.Wrap(err, "failed to open file to write the goroutine stacks")
-		}
-		defer f.Close()
-		defer f.Sync()
-	} else {
-		f = os.Stderr
-	}
-	if _, err := f.Write(buf); err != nil {
-		return "", errors.Wrap(err, "failed to write goroutine stacks")
-	}
-	return f.Name(), nil
-}
diff --git a/pkg/signal/trap_linux_test.go b/pkg/signal/trap_linux_test.go
deleted file mode 100644
index 14d1543117b15..0000000000000
--- a/pkg/signal/trap_linux_test.go
+++ /dev/null
@@ -1,82 +0,0 @@
-// +build linux
-
-package signal // import "github.com/docker/docker/pkg/signal"
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"syscall"
-	"testing"
-
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-)
-
-func buildTestBinary(t *testing.T, tmpdir string, prefix string) (string, string) {
-	tmpDir, err := ioutil.TempDir(tmpdir, prefix)
-	assert.NilError(t, err)
-	exePath := tmpDir + "/" + prefix
-	wd, _ := os.Getwd()
-	testHelperCode := wd + "/testfiles/main.go"
-	cmd := exec.Command("go", "build", "-o", exePath, testHelperCode)
-	err = cmd.Run()
-	assert.NilError(t, err)
-	return exePath, tmpDir
-}
-
-func TestTrap(t *testing.T) {
-	var sigmap = []struct {
-		name     string
-		signal   os.Signal
-		multiple bool
-	}{
-		{"TERM", syscall.SIGTERM, false},
-		{"QUIT", syscall.SIGQUIT, true},
-		{"INT", os.Interrupt, false},
-		{"TERM", syscall.SIGTERM, true},
-		{"INT", os.Interrupt, true},
-	}
-	exePath, tmpDir := buildTestBinary(t, "", "main")
-	defer os.RemoveAll(tmpDir)
-
-	for _, v := range sigmap {
-		cmd := exec.Command(exePath)
-		cmd.Env = append(os.Environ(), fmt.Sprintf("SIGNAL_TYPE=%s", v.name))
-		if v.multiple {
-			cmd.Env = append(cmd.Env, "IF_MULTIPLE=1")
-		}
-		err := cmd.Start()
-		assert.NilError(t, err)
-		err = cmd.Wait()
-		if e, ok := err.(*exec.ExitError); ok {
-			code := e.Sys().(syscall.WaitStatus).ExitStatus()
-			if v.multiple {
-				assert.Check(t, is.DeepEqual(128+int(v.signal.(syscall.Signal)), code))
-			} else {
-				assert.Check(t, is.Equal(99, code))
-			}
-			continue
-		}
-		t.Fatal("process didn't end with any error")
-	}
-
-}
-
-func TestDumpStacks(t *testing.T) {
-	directory, err := ioutil.TempDir("", "test-dump-tasks")
-	assert.Check(t, err)
-	defer os.RemoveAll(directory)
-	dumpPath, err := DumpStacks(directory)
-	assert.Check(t, err)
-	readFile, _ := ioutil.ReadFile(dumpPath)
-	fileData := string(readFile)
-	assert.Check(t, is.Contains(fileData, "goroutine"))
-}
-
-func TestDumpStacksWithEmptyInput(t *testing.T) {
-	path, err := DumpStacks("")
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(os.Stderr.Name(), path))
-}
diff --git a/pkg/stack/stackdump.go b/pkg/stack/stackdump.go
new file mode 100644
index 0000000000000..f65c186c1421f
--- /dev/null
+++ b/pkg/stack/stackdump.go
@@ -0,0 +1,57 @@
+package stack // import "github.com/docker/docker/pkg/stack"
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/pkg/errors"
+)
+
+const stacksLogNameTemplate = "goroutine-stacks-%s.log"
+
+// Dump outputs the runtime stack to os.StdErr.
+func Dump() {
+	_ = dump(os.Stderr)
+}
+
+// DumpToFile appends the runtime stack into a file named "goroutine-stacks-<timestamp>.log"
+// in dir and returns the full path to that file. If no directory name is
+// provided, it outputs to os.Stderr.
+func DumpToFile(dir string) (string, error) {
+	var f *os.File
+	if dir != "" {
+		path := filepath.Join(dir, fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)))
+		var err error
+		f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0666)
+		if err != nil {
+			return "", errors.Wrap(err, "failed to open file to write the goroutine stacks")
+		}
+		defer f.Close()
+		defer f.Sync()
+	} else {
+		f = os.Stderr
+	}
+	return f.Name(), dump(f)
+}
+
+func dump(f *os.File) error {
+	var (
+		buf       []byte
+		stackSize int
+	)
+	bufferLen := 16384
+	for stackSize == len(buf) {
+		buf = make([]byte, bufferLen)
+		stackSize = runtime.Stack(buf, true)
+		bufferLen *= 2
+	}
+	buf = buf[:stackSize]
+	if _, err := f.Write(buf); err != nil {
+		return errors.Wrap(err, "failed to write goroutine stacks")
+	}
+	return nil
+}
diff --git a/pkg/stack/stackdump_test.go b/pkg/stack/stackdump_test.go
new file mode 100644
index 0000000000000..b40c560e7e8e2
--- /dev/null
+++ b/pkg/stack/stackdump_test.go
@@ -0,0 +1,30 @@
+package stack // import "github.com/docker/docker/pkg/stack"
+
+import (
+	"os"
+	"testing"
+
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+func TestDump(t *testing.T) {
+	Dump()
+}
+
+func TestDumpToFile(t *testing.T) {
+	directory, err := os.MkdirTemp("", "test-dump-tasks")
+	assert.Check(t, err)
+	defer os.RemoveAll(directory)
+	dumpPath, err := DumpToFile(directory)
+	assert.Check(t, err)
+	readFile, _ := os.ReadFile(dumpPath)
+	fileData := string(readFile)
+	assert.Check(t, is.Contains(fileData, "goroutine"))
+}
+
+func TestDumpToFileWithEmptyInput(t *testing.T) {
+	path, err := DumpToFile("")
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(os.Stderr.Name(), path))
+}
diff --git a/pkg/stdcopy/stdcopy_test.go b/pkg/stdcopy/stdcopy_test.go
index 63edb855e5779..1fe8e83fdfaf7 100644
--- a/pkg/stdcopy/stdcopy_test.go
+++ b/pkg/stdcopy/stdcopy_test.go
@@ -4,13 +4,12 @@ import (
 	"bytes"
 	"errors"
 	"io"
-	"io/ioutil"
 	"strings"
 	"testing"
 )
 
 func TestNewStdWriter(t *testing.T) {
-	writer := NewStdWriter(ioutil.Discard, Stdout)
+	writer := NewStdWriter(io.Discard, Stdout)
 	if writer == nil {
 		t.Fatalf("NewStdWriter with an invalid StdType should not return nil.")
 	}
@@ -28,7 +27,7 @@ func TestWriteWithUninitializedStdWriter(t *testing.T) {
 }
 
 func TestWriteWithNilBytes(t *testing.T) {
-	writer := NewStdWriter(ioutil.Discard, Stdout)
+	writer := NewStdWriter(io.Discard, Stdout)
 	n, err := writer.Write(nil)
 	if err != nil {
 		t.Fatalf("Shouldn't have fail when given no data")
@@ -39,7 +38,7 @@ func TestWriteWithNilBytes(t *testing.T) {
 }
 
 func TestWrite(t *testing.T) {
-	writer := NewStdWriter(ioutil.Discard, Stdout)
+	writer := NewStdWriter(io.Discard, Stdout)
 	data := []byte("Test StdWrite.Write")
 	n, err := writer.Write(data)
 	if err != nil {
@@ -104,7 +103,7 @@ func TestStdCopyWriteAndRead(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	written, err := StdCopy(ioutil.Discard, ioutil.Discard, buffer)
+	written, err := StdCopy(io.Discard, io.Discard, buffer)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -134,7 +133,7 @@ func TestStdCopyReturnsErrorReadingHeader(t *testing.T) {
 	expectedError := errors.New("error")
 	reader := &customReader{
 		err: expectedError}
-	written, err := StdCopy(ioutil.Discard, ioutil.Discard, reader)
+	written, err := StdCopy(io.Discard, io.Discard, reader)
 	if written != 0 {
 		t.Fatalf("Expected 0 bytes read, got %d", written)
 	}
@@ -156,7 +155,7 @@ func TestStdCopyReturnsErrorReadingFrame(t *testing.T) {
 		n:            stdWriterPrefixLen + 1,
 		err:          expectedError,
 		src:          buffer}
-	written, err := StdCopy(ioutil.Discard, ioutil.Discard, reader)
+	written, err := StdCopy(io.Discard, io.Discard, reader)
 	if written != 0 {
 		t.Fatalf("Expected 0 bytes read, got %d", written)
 	}
@@ -177,7 +176,7 @@ func TestStdCopyDetectsCorruptedFrame(t *testing.T) {
 		n:            stdWriterPrefixLen + 1,
 		err:          io.EOF,
 		src:          buffer}
-	written, err := StdCopy(ioutil.Discard, ioutil.Discard, reader)
+	written, err := StdCopy(io.Discard, io.Discard, reader)
 	if written != startingBufLen {
 		t.Fatalf("Expected %d bytes read, got %d", startingBufLen, written)
 	}
@@ -187,8 +186,8 @@ func TestStdCopyDetectsCorruptedFrame(t *testing.T) {
 }
 
 func TestStdCopyWithInvalidInputHeader(t *testing.T) {
-	dstOut := NewStdWriter(ioutil.Discard, Stdout)
-	dstErr := NewStdWriter(ioutil.Discard, Stderr)
+	dstOut := NewStdWriter(io.Discard, Stdout)
+	dstErr := NewStdWriter(io.Discard, Stderr)
 	src := strings.NewReader("Invalid input")
 	_, err := StdCopy(dstOut, dstErr, src)
 	if err == nil {
@@ -219,7 +218,7 @@ func TestStdCopyReturnsWriteErrors(t *testing.T) {
 
 	dstOut := &errWriter{err: expectedError}
 
-	written, err := StdCopy(dstOut, ioutil.Discard, buffer)
+	written, err := StdCopy(dstOut, io.Discard, buffer)
 	if written != 0 {
 		t.Fatalf("StdCopy should have written 0, but has written %d", written)
 	}
@@ -237,7 +236,7 @@ func TestStdCopyDetectsNotFullyWrittenFrames(t *testing.T) {
 	}
 	dstOut := &errWriter{n: startingBufLen - 10}
 
-	written, err := StdCopy(dstOut, ioutil.Discard, buffer)
+	written, err := StdCopy(dstOut, io.Discard, buffer)
 	if written != 0 {
 		t.Fatalf("StdCopy should have return 0 written bytes, but returned %d", written)
 	}
@@ -266,7 +265,7 @@ func TestStdCopyReturnsErrorFromSystem(t *testing.T) {
 
 	// now copy and demux. we should expect an error containing the string we
 	// wrote out
-	_, err = StdCopy(ioutil.Discard, ioutil.Discard, buffer)
+	_, err = StdCopy(io.Discard, io.Discard, buffer)
 	if err == nil {
 		t.Fatal("expected error, got none")
 	}
@@ -276,7 +275,7 @@ func TestStdCopyReturnsErrorFromSystem(t *testing.T) {
 }
 
 func BenchmarkWrite(b *testing.B) {
-	w := NewStdWriter(ioutil.Discard, Stdout)
+	w := NewStdWriter(io.Discard, Stdout)
 	data := []byte("Test line for testing stdwriter performance\n")
 	data = bytes.Repeat(data, 100)
 	b.SetBytes(int64(len(data)))
diff --git a/pkg/streamformatter/streamformatter_test.go b/pkg/streamformatter/streamformatter_test.go
index f630699d73e11..85a80c61ceb13 100644
--- a/pkg/streamformatter/streamformatter_test.go
+++ b/pkg/streamformatter/streamformatter_test.go
@@ -10,8 +10,8 @@ import (
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestRawProgressFormatterFormatStatus(t *testing.T) {
diff --git a/pkg/streamformatter/streamwriter_test.go b/pkg/streamformatter/streamwriter_test.go
index 5b679f2cf4822..f8a37c25ae43b 100644
--- a/pkg/streamformatter/streamwriter_test.go
+++ b/pkg/streamformatter/streamwriter_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestStreamWriterStdout(t *testing.T) {
diff --git a/pkg/stringid/stringid.go b/pkg/stringid/stringid.go
index fa7d9166eb3e6..5fe071d6284ef 100644
--- a/pkg/stringid/stringid.go
+++ b/pkg/stringid/stringid.go
@@ -2,17 +2,12 @@
 package stringid // import "github.com/docker/docker/pkg/stringid"
 
 import (
-	cryptorand "crypto/rand"
+	"crypto/rand"
 	"encoding/hex"
 	"fmt"
-	"io"
-	"math"
-	"math/big"
-	"math/rand"
 	"regexp"
 	"strconv"
 	"strings"
-	"time"
 )
 
 const shortLen = 12
@@ -41,10 +36,11 @@ func TruncateID(id string) string {
 	return id
 }
 
-func generateID(r io.Reader) string {
+// GenerateRandomID returns a unique id.
+func GenerateRandomID() string {
 	b := make([]byte, 32)
 	for {
-		if _, err := io.ReadFull(r, b); err != nil {
+		if _, err := rand.Read(b); err != nil {
 			panic(err) // This shouldn't happen
 		}
 		id := hex.EncodeToString(b)
@@ -58,18 +54,6 @@ func generateID(r io.Reader) string {
 	}
 }
 
-// GenerateRandomID returns a unique id.
-func GenerateRandomID() string {
-	return generateID(cryptorand.Reader)
-}
-
-// GenerateNonCryptoID generates unique id without using cryptographically
-// secure sources of random.
-// It helps you to save entropy.
-func GenerateNonCryptoID() string {
-	return generateID(readerFunc(rand.Read))
-}
-
 // ValidateID checks whether an ID string is a valid image ID.
 func ValidateID(id string) error {
 	if ok := validHex.MatchString(id); !ok {
@@ -77,23 +61,3 @@ func ValidateID(id string) error {
 	}
 	return nil
 }
-
-func init() {
-	// safely set the seed globally so we generate random ids. Tries to use a
-	// crypto seed before falling back to time.
-	var seed int64
-	if cryptoseed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)); err != nil {
-		// This should not happen, but worst-case fallback to time-based seed.
-		seed = time.Now().UnixNano()
-	} else {
-		seed = cryptoseed.Int64()
-	}
-
-	rand.Seed(seed)
-}
-
-type readerFunc func(p []byte) (int, error)
-
-func (fn readerFunc) Read(p []byte) (int, error) {
-	return fn(p)
-}
diff --git a/pkg/stringid/stringid_test.go b/pkg/stringid/stringid_test.go
index a7ccd5faaef20..2660d2e65f4c0 100644
--- a/pkg/stringid/stringid_test.go
+++ b/pkg/stringid/stringid_test.go
@@ -13,14 +13,6 @@ func TestGenerateRandomID(t *testing.T) {
 	}
 }
 
-func TestGenerateNonCryptoID(t *testing.T) {
-	id := GenerateNonCryptoID()
-
-	if len(id) != 64 {
-		t.Fatalf("Id returned is incorrect: %s", id)
-	}
-}
-
 func TestShortenId(t *testing.T) {
 	id := "90435eec5c4e124e741ef731e118be2fc799a68aba0466ec17717f24ce2ae6a2"
 	truncID := TruncateID(id)
diff --git a/pkg/symlink/deprecated.go b/pkg/symlink/deprecated.go
new file mode 100644
index 0000000000000..c4f12ef2181e4
--- /dev/null
+++ b/pkg/symlink/deprecated.go
@@ -0,0 +1,12 @@
+package symlink // import "github.com/docker/docker/pkg/symlink"
+
+import "github.com/moby/sys/symlink"
+
+var (
+	// EvalSymlinks is deprecated and moved to github.com/moby/sys/symlink
+	// Deprecated: use github.com/moby/sys/symlink.EvalSymlinks instead
+	EvalSymlinks = symlink.EvalSymlinks
+	// FollowSymlinkInScope is deprecated and moved to github.com/moby/sys/symlink
+	// Deprecated: use github.com/moby/sys/symlink.FollowSymlinkInScope instead
+	FollowSymlinkInScope = symlink.FollowSymlinkInScope
+)
diff --git a/pkg/symlink/fs.go b/pkg/symlink/fs.go
deleted file mode 100644
index 7b894cde73274..0000000000000
--- a/pkg/symlink/fs.go
+++ /dev/null
@@ -1,144 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE.BSD file.
-
-// This code is a modified version of path/filepath/symlink.go from the Go standard library.
-
-package symlink // import "github.com/docker/docker/pkg/symlink"
-
-import (
-	"bytes"
-	"errors"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/docker/docker/pkg/system"
-)
-
-// FollowSymlinkInScope is a wrapper around evalSymlinksInScope that returns an
-// absolute path. This function handles paths in a platform-agnostic manner.
-func FollowSymlinkInScope(path, root string) (string, error) {
-	path, err := filepath.Abs(filepath.FromSlash(path))
-	if err != nil {
-		return "", err
-	}
-	root, err = filepath.Abs(filepath.FromSlash(root))
-	if err != nil {
-		return "", err
-	}
-	return evalSymlinksInScope(path, root)
-}
-
-// evalSymlinksInScope will evaluate symlinks in `path` within a scope `root` and return
-// a result guaranteed to be contained within the scope `root`, at the time of the call.
-// Symlinks in `root` are not evaluated and left as-is.
-// Errors encountered while attempting to evaluate symlinks in path will be returned.
-// Non-existing paths are valid and do not constitute an error.
-// `path` has to contain `root` as a prefix, or else an error will be returned.
-// Trying to break out from `root` does not constitute an error.
-//
-// Example:
-//   If /foo/bar -> /outside,
-//   FollowSymlinkInScope("/foo/bar", "/foo") == "/foo/outside" instead of "/outside"
-//
-// IMPORTANT: it is the caller's responsibility to call evalSymlinksInScope *after* relevant symlinks
-// are created and not to create subsequently, additional symlinks that could potentially make a
-// previously-safe path, unsafe. Example: if /foo/bar does not exist, evalSymlinksInScope("/foo/bar", "/foo")
-// would return "/foo/bar". If one makes /foo/bar a symlink to /baz subsequently, then "/foo/bar" should
-// no longer be considered safely contained in "/foo".
-func evalSymlinksInScope(path, root string) (string, error) {
-	root = filepath.Clean(root)
-	if path == root {
-		return path, nil
-	}
-	if !strings.HasPrefix(path, root) {
-		return "", errors.New("evalSymlinksInScope: " + path + " is not in " + root)
-	}
-	const maxIter = 255
-	originalPath := path
-	// given root of "/a" and path of "/a/b/../../c" we want path to be "/b/../../c"
-	path = path[len(root):]
-	if root == string(filepath.Separator) {
-		path = string(filepath.Separator) + path
-	}
-	if !strings.HasPrefix(path, string(filepath.Separator)) {
-		return "", errors.New("evalSymlinksInScope: " + path + " is not in " + root)
-	}
-	path = filepath.Clean(path)
-	// consume path by taking each frontmost path element,
-	// expanding it if it's a symlink, and appending it to b
-	var b bytes.Buffer
-	// b here will always be considered to be the "current absolute path inside
-	// root" when we append paths to it, we also append a slash and use
-	// filepath.Clean after the loop to trim the trailing slash
-	for n := 0; path != ""; n++ {
-		if n > maxIter {
-			return "", errors.New("evalSymlinksInScope: too many links in " + originalPath)
-		}
-
-		// find next path component, p
-		i := strings.IndexRune(path, filepath.Separator)
-		var p string
-		if i == -1 {
-			p, path = path, ""
-		} else {
-			p, path = path[:i], path[i+1:]
-		}
-
-		if p == "" {
-			continue
-		}
-
-		// this takes a b.String() like "b/../" and a p like "c" and turns it
-		// into "/b/../c" which then gets filepath.Cleaned into "/c" and then
-		// root gets prepended and we Clean again (to remove any trailing slash
-		// if the first Clean gave us just "/")
-		cleanP := filepath.Clean(string(filepath.Separator) + b.String() + p)
-		if isDriveOrRoot(cleanP) {
-			// never Lstat "/" itself, or drive letters on Windows
-			b.Reset()
-			continue
-		}
-		fullP := filepath.Clean(root + cleanP)
-
-		fi, err := os.Lstat(fullP)
-		if os.IsNotExist(err) {
-			// if p does not exist, accept it
-			b.WriteString(p)
-			b.WriteRune(filepath.Separator)
-			continue
-		}
-		if err != nil {
-			return "", err
-		}
-		if fi.Mode()&os.ModeSymlink == 0 {
-			b.WriteString(p)
-			b.WriteRune(filepath.Separator)
-			continue
-		}
-
-		// it's a symlink, put it at the front of path
-		dest, err := os.Readlink(fullP)
-		if err != nil {
-			return "", err
-		}
-		if system.IsAbs(dest) {
-			b.Reset()
-		}
-		path = dest + string(filepath.Separator) + path
-	}
-
-	// see note above on "fullP := ..." for why this is double-cleaned and
-	// what's happening here
-	return filepath.Clean(root + filepath.Clean(string(filepath.Separator)+b.String())), nil
-}
-
-// EvalSymlinks returns the path name after the evaluation of any symbolic
-// links.
-// If path is relative the result will be relative to the current directory,
-// unless one of the components is an absolute symbolic link.
-// This version has been updated to support long paths prepended with `\\?\`.
-func EvalSymlinks(path string) (string, error) {
-	return evalSymlinks(path)
-}
diff --git a/pkg/symlink/fs_unix_test.go b/pkg/symlink/fs_unix_test.go
deleted file mode 100644
index 9ed1dd70db262..0000000000000
--- a/pkg/symlink/fs_unix_test.go
+++ /dev/null
@@ -1,407 +0,0 @@
-// +build !windows
-
-// Licensed under the Apache License, Version 2.0; See LICENSE.APACHE
-
-package symlink // import "github.com/docker/docker/pkg/symlink"
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-// TODO Windows: This needs some serious work to port to Windows. For now,
-// turning off testing in this package.
-
-type dirOrLink struct {
-	path   string
-	target string
-}
-
-func makeFs(tmpdir string, fs []dirOrLink) error {
-	for _, s := range fs {
-		s.path = filepath.Join(tmpdir, s.path)
-		if s.target == "" {
-			os.MkdirAll(s.path, 0755)
-			continue
-		}
-		if err := os.MkdirAll(filepath.Dir(s.path), 0755); err != nil {
-			return err
-		}
-		if err := os.Symlink(s.target, s.path); err != nil && !os.IsExist(err) {
-			return err
-		}
-	}
-	return nil
-}
-
-func testSymlink(tmpdir, path, expected, scope string) error {
-	rewrite, err := FollowSymlinkInScope(filepath.Join(tmpdir, path), filepath.Join(tmpdir, scope))
-	if err != nil {
-		return err
-	}
-	expected, err = filepath.Abs(filepath.Join(tmpdir, expected))
-	if err != nil {
-		return err
-	}
-	if expected != rewrite {
-		return fmt.Errorf("Expected %q got %q", expected, rewrite)
-	}
-	return nil
-}
-
-func TestFollowSymlinkAbsolute(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkAbsolute")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/a/d", target: "/b"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "testdata/fs/a/d/c/data", "testdata/b/c/data", "testdata"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkRelativePath(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRelativePath")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/i", target: "a"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "testdata/fs/i", "testdata/fs/a", "testdata"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkSkipSymlinksOutsideScope(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkSkipSymlinksOutsideScope")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	if err := makeFs(tmpdir, []dirOrLink{
-		{path: "linkdir", target: "realdir"},
-		{path: "linkdir/foo/bar"},
-	}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "linkdir/foo/bar", "linkdir/foo/bar", "linkdir/foo"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkInvalidScopePathPair(t *testing.T) {
-	if _, err := FollowSymlinkInScope("toto", "testdata"); err == nil {
-		t.Fatal("expected an error")
-	}
-}
-
-func TestFollowSymlinkLastLink(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkLastLink")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/a/d", target: "/b"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "testdata/fs/a/d", "testdata/b", "testdata"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkRelativeLinkChangeScope(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRelativeLinkChangeScope")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/a/e", target: "../b"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "testdata/fs/a/e/c/data", "testdata/fs/b/c/data", "testdata"); err != nil {
-		t.Fatal(err)
-	}
-	// avoid letting allowing symlink e lead us to ../b
-	// normalize to the "testdata/fs/a"
-	if err := testSymlink(tmpdir, "testdata/fs/a/e", "testdata/fs/a/b", "testdata/fs/a"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkDeepRelativeLinkChangeScope(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkDeepRelativeLinkChangeScope")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/a/f", target: "../../../../test"}}); err != nil {
-		t.Fatal(err)
-	}
-	// avoid letting symlink f lead us out of the "testdata" scope
-	// we don't normalize because symlink f is in scope and there is no
-	// information leak
-	if err := testSymlink(tmpdir, "testdata/fs/a/f", "testdata/test", "testdata"); err != nil {
-		t.Fatal(err)
-	}
-	// avoid letting symlink f lead us out of the "testdata/fs" scope
-	// we don't normalize because symlink f is in scope and there is no
-	// information leak
-	if err := testSymlink(tmpdir, "testdata/fs/a/f", "testdata/fs/test", "testdata/fs"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkRelativeLinkChain(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRelativeLinkChain")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	// avoid letting symlink g (pointed at by symlink h) take out of scope
-	// TODO: we should probably normalize to scope here because ../[....]/root
-	// is out of scope and we leak information
-	if err := makeFs(tmpdir, []dirOrLink{
-		{path: "testdata/fs/b/h", target: "../g"},
-		{path: "testdata/fs/g", target: "../../../../../../../../../../../../root"},
-	}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "testdata/fs/b/h", "testdata/root", "testdata"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkBreakoutPath(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkBreakoutPath")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	// avoid letting symlink -> ../directory/file escape from scope
-	// normalize to "testdata/fs/j"
-	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/j/k", target: "../i/a"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "testdata/fs/j/k", "testdata/fs/j/i/a", "testdata/fs/j"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkToRoot(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkToRoot")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	// make sure we don't allow escaping to /
-	// normalize to dir
-	if err := makeFs(tmpdir, []dirOrLink{{path: "foo", target: "/"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "foo", "", ""); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkSlashDotdot(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkSlashDotdot")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	tmpdir = filepath.Join(tmpdir, "dir", "subdir")
-
-	// make sure we don't allow escaping to /
-	// normalize to dir
-	if err := makeFs(tmpdir, []dirOrLink{{path: "foo", target: "/../../"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "foo", "", ""); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkDotdot(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkDotdot")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	tmpdir = filepath.Join(tmpdir, "dir", "subdir")
-
-	// make sure we stay in scope without leaking information
-	// this also checks for escaping to /
-	// normalize to dir
-	if err := makeFs(tmpdir, []dirOrLink{{path: "foo", target: "../../"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "foo", "", ""); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkRelativePath2(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRelativePath2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	if err := makeFs(tmpdir, []dirOrLink{{path: "bar/foo", target: "baz/target"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "bar/foo", "bar/baz/target", ""); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkScopeLink(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkScopeLink")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	if err := makeFs(tmpdir, []dirOrLink{
-		{path: "root2"},
-		{path: "root", target: "root2"},
-		{path: "root2/foo", target: "../bar"},
-	}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "root/foo", "root/bar", "root"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkRootScope(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRootScope")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	expected, err := filepath.EvalSymlinks(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
-	rewrite, err := FollowSymlinkInScope(tmpdir, "/")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if rewrite != expected {
-		t.Fatalf("expected %q got %q", expected, rewrite)
-	}
-}
-
-func TestFollowSymlinkEmpty(t *testing.T) {
-	res, err := FollowSymlinkInScope("", "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	wd, err := os.Getwd()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if res != wd {
-		t.Fatalf("expected %q got %q", wd, res)
-	}
-}
-
-func TestFollowSymlinkCircular(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkCircular")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	if err := makeFs(tmpdir, []dirOrLink{{path: "root/foo", target: "foo"}}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "root/foo", "", "root"); err == nil {
-		t.Fatal("expected an error for foo -> foo")
-	}
-
-	if err := makeFs(tmpdir, []dirOrLink{
-		{path: "root/bar", target: "baz"},
-		{path: "root/baz", target: "../bak"},
-		{path: "root/bak", target: "/bar"},
-	}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "root/foo", "", "root"); err == nil {
-		t.Fatal("expected an error for bar -> baz -> bak -> bar")
-	}
-}
-
-func TestFollowSymlinkComplexChainWithTargetPathsContainingLinks(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkComplexChainWithTargetPathsContainingLinks")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	if err := makeFs(tmpdir, []dirOrLink{
-		{path: "root2"},
-		{path: "root", target: "root2"},
-		{path: "root/a", target: "r/s"},
-		{path: "root/r", target: "../root/t"},
-		{path: "root/root/t/s/b", target: "/../u"},
-		{path: "root/u/c", target: "."},
-		{path: "root/u/x/y", target: "../v"},
-		{path: "root/u/v", target: "/../w"},
-	}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "root/a/b/c/x/y/z", "root/w/z", "root"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkBreakoutNonExistent(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkBreakoutNonExistent")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	if err := makeFs(tmpdir, []dirOrLink{
-		{path: "root/slash", target: "/"},
-		{path: "root/sym", target: "/idontexist/../slash"},
-	}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "root/sym/file", "root/file", "root"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFollowSymlinkNoLexicalCleaning(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkNoLexicalCleaning")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-
-	if err := makeFs(tmpdir, []dirOrLink{
-		{path: "root/sym", target: "/foo/bar"},
-		{path: "root/hello", target: "/sym/../baz"},
-	}); err != nil {
-		t.Fatal(err)
-	}
-	if err := testSymlink(tmpdir, "root/hello", "root/foo/baz", "root"); err != nil {
-		t.Fatal(err)
-	}
-}
diff --git a/pkg/sysinfo/cgroup2_linux.go b/pkg/sysinfo/cgroup2_linux.go
new file mode 100644
index 0000000000000..1b8a7443efc6a
--- /dev/null
+++ b/pkg/sysinfo/cgroup2_linux.go
@@ -0,0 +1,145 @@
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
+
+import (
+	"os"
+	"path"
+	"strings"
+
+	cgroupsV2 "github.com/containerd/cgroups/v2"
+	"github.com/containerd/containerd/pkg/userns"
+	"github.com/opencontainers/runc/libcontainer/cgroups"
+	"github.com/sirupsen/logrus"
+)
+
+func newV2(options ...Opt) *SysInfo {
+	sysInfo := &SysInfo{
+		CgroupUnified: true,
+		cg2GroupPath:  "/",
+	}
+	for _, o := range options {
+		o(sysInfo)
+	}
+
+	ops := []infoCollector{
+		applyNetworkingInfo,
+		applyAppArmorInfo,
+		applySeccompInfo,
+		applyCgroupNsInfo,
+	}
+
+	m, err := cgroupsV2.LoadManager("/sys/fs/cgroup", sysInfo.cg2GroupPath)
+	if err != nil {
+		logrus.Warn(err)
+	} else {
+		sysInfo.cg2Controllers = make(map[string]struct{})
+		controllers, err := m.Controllers()
+		if err != nil {
+			logrus.Warn(err)
+		}
+		for _, c := range controllers {
+			sysInfo.cg2Controllers[c] = struct{}{}
+		}
+		ops = append(ops,
+			applyMemoryCgroupInfoV2,
+			applyCPUCgroupInfoV2,
+			applyIOCgroupInfoV2,
+			applyCPUSetCgroupInfoV2,
+			applyPIDSCgroupInfoV2,
+			applyDevicesCgroupInfoV2,
+		)
+	}
+
+	for _, o := range ops {
+		o(sysInfo)
+	}
+	return sysInfo
+}
+
+func getSwapLimitV2() bool {
+	groups, err := cgroups.ParseCgroupFile("/proc/self/cgroup")
+	if err != nil {
+		return false
+	}
+
+	g := groups[""]
+	if g == "" {
+		return false
+	}
+
+	cGroupPath := path.Join("/sys/fs/cgroup", g, "memory.swap.max")
+	if _, err = os.Stat(cGroupPath); os.IsNotExist(err) {
+		return false
+	}
+	return true
+}
+
+func applyMemoryCgroupInfoV2(info *SysInfo) {
+	if _, ok := info.cg2Controllers["memory"]; !ok {
+		info.Warnings = append(info.Warnings, "Unable to find memory controller")
+		return
+	}
+
+	info.MemoryLimit = true
+	info.SwapLimit = getSwapLimitV2()
+	info.MemoryReservation = true
+	info.OomKillDisable = false
+	info.MemorySwappiness = false
+	info.KernelMemory = false
+	info.KernelMemoryTCP = false
+}
+
+func applyCPUCgroupInfoV2(info *SysInfo) {
+	if _, ok := info.cg2Controllers["cpu"]; !ok {
+		info.Warnings = append(info.Warnings, "Unable to find cpu controller")
+		return
+	}
+	info.CPUShares = true
+	info.CPUCfs = true
+	info.CPURealtime = false
+}
+
+func applyIOCgroupInfoV2(info *SysInfo) {
+	if _, ok := info.cg2Controllers["io"]; !ok {
+		info.Warnings = append(info.Warnings, "Unable to find io controller")
+		return
+	}
+
+	info.BlkioWeight = true
+	info.BlkioWeightDevice = true
+	info.BlkioReadBpsDevice = true
+	info.BlkioWriteBpsDevice = true
+	info.BlkioReadIOpsDevice = true
+	info.BlkioWriteIOpsDevice = true
+}
+
+func applyCPUSetCgroupInfoV2(info *SysInfo) {
+	if _, ok := info.cg2Controllers["cpuset"]; !ok {
+		info.Warnings = append(info.Warnings, "Unable to find cpuset controller")
+		return
+	}
+	info.Cpuset = true
+
+	cpus, err := os.ReadFile(path.Join("/sys/fs/cgroup", info.cg2GroupPath, "cpuset.cpus.effective"))
+	if err != nil {
+		return
+	}
+	info.Cpus = strings.TrimSpace(string(cpus))
+
+	mems, err := os.ReadFile(path.Join("/sys/fs/cgroup", info.cg2GroupPath, "cpuset.mems.effective"))
+	if err != nil {
+		return
+	}
+	info.Mems = strings.TrimSpace(string(mems))
+}
+
+func applyPIDSCgroupInfoV2(info *SysInfo) {
+	if _, ok := info.cg2Controllers["pids"]; !ok {
+		info.Warnings = append(info.Warnings, "Unable to find pids controller")
+		return
+	}
+	info.PidsLimit = true
+}
+
+func applyDevicesCgroupInfoV2(info *SysInfo) {
+	info.CgroupDevicesEnabled = !userns.RunningInUserNS()
+}
diff --git a/pkg/sysinfo/numcpu.go b/pkg/sysinfo/numcpu.go
index eea2d25bf94b1..5b5921dff41e3 100644
--- a/pkg/sysinfo/numcpu.go
+++ b/pkg/sysinfo/numcpu.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
diff --git a/pkg/sysinfo/numcpu_linux.go b/pkg/sysinfo/numcpu_linux.go
index 5f6c6df8c4837..3d9d4cceb3101 100644
--- a/pkg/sysinfo/numcpu_linux.go
+++ b/pkg/sysinfo/numcpu_linux.go
@@ -2,7 +2,6 @@ package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import (
 	"runtime"
-	"unsafe"
 
 	"golang.org/x/sys/unix"
 )
@@ -14,23 +13,15 @@ import (
 // Returns 0 on errors. Use |runtime.NumCPU| in that case.
 func numCPU() int {
 	// Gets the affinity mask for a process: The very one invoking this function.
-	pid, _, _ := unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0)
+	pid := unix.Getpid()
 
-	var mask [1024 / 64]uintptr
-	_, _, err := unix.RawSyscall(unix.SYS_SCHED_GETAFFINITY, pid, uintptr(len(mask)*8), uintptr(unsafe.Pointer(&mask[0])))
-	if err != 0 {
+	var mask unix.CPUSet
+	err := unix.SchedGetaffinity(pid, &mask)
+	if err != nil {
 		return 0
 	}
 
-	// For every available thread a bit is set in the mask.
-	ncpu := 0
-	for _, e := range mask {
-		if e == 0 {
-			continue
-		}
-		ncpu += int(popcnt(uint64(e)))
-	}
-	return ncpu
+	return mask.Count()
 }
 
 // NumCPU returns the number of CPUs which are currently online
diff --git a/pkg/sysinfo/numcpu_windows.go b/pkg/sysinfo/numcpu_windows.go
index 13523f671f13c..4135c2a2c38cd 100644
--- a/pkg/sysinfo/numcpu_windows.go
+++ b/pkg/sysinfo/numcpu_windows.go
@@ -13,6 +13,16 @@ var (
 	getProcessAffinityMask = kernel32.NewProc("GetProcessAffinityMask")
 )
 
+// Returns bit count of 1, used by NumCPU
+func popcnt(x uint64) (n byte) {
+	x -= (x >> 1) & 0x5555555555555555
+	x = (x>>2)&0x3333333333333333 + x&0x3333333333333333
+	x += x >> 4
+	x &= 0x0f0f0f0f0f0f0f0f
+	x *= 0x0101010101010101
+	return byte(x >> 56)
+}
+
 func numCPU() int {
 	// Gets the affinity mask for a process
 	var mask, sysmask uintptr
diff --git a/pkg/sysinfo/sysinfo.go b/pkg/sysinfo/sysinfo.go
index 0f327d5068efe..ac8a41758136c 100644
--- a/pkg/sysinfo/sysinfo.go
+++ b/pkg/sysinfo/sysinfo.go
@@ -2,6 +2,9 @@ package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import "github.com/docker/docker/pkg/parsers"
 
+// Opt for New().
+type Opt func(info *SysInfo)
+
 // SysInfo stores information about which features a kernel supports.
 // TODO Windows: Factor out platform specific capabilities.
 type SysInfo struct {
@@ -16,6 +19,9 @@ type SysInfo struct {
 	cgroupCpusetInfo
 	cgroupPids
 
+	// Whether the kernel supports cgroup namespaces or not
+	CgroupNamespaces bool
+
 	// Whether IPv4 forwarding is supported or not, if this was disabled, networking will not work
 	IPv4ForwardingDisabled bool
 
@@ -27,6 +33,26 @@ type SysInfo struct {
 
 	// Whether the cgroup has the mountpoint of "devices" or not
 	CgroupDevicesEnabled bool
+
+	// Whether the cgroup is in unified mode (v2).
+	CgroupUnified bool
+
+	// Warnings contains a slice of warnings that occurred  while collecting
+	// system information. These warnings are intended to be informational
+	// messages for the user, and can either be logged or returned to the
+	// client; they are not intended to be parsed / used for other purposes,
+	// and do not have a fixed format.
+	Warnings []string
+
+	// cgMounts is the list of cgroup v1 mount paths, indexed by subsystem, to
+	// inspect availability of subsystems.
+	cgMounts map[string]string
+
+	// cg2GroupPath is the cgroup v2 group path to inspect availability of the controllers.
+	cg2GroupPath string
+
+	// cg2Controllers is an index of available cgroup v2 controllers.
+	cg2Controllers map[string]struct{}
 }
 
 type cgroupMemInfo struct {
@@ -47,23 +73,20 @@ type cgroupMemInfo struct {
 
 	// Whether kernel memory limit is supported or not
 	KernelMemory bool
+
+	// Whether kernel memory TCP limit is supported or not
+	KernelMemoryTCP bool
 }
 
 type cgroupCPUInfo struct {
 	// Whether CPU shares is supported or not
 	CPUShares bool
 
-	// Whether CPU CFS(Completely Fair Scheduler) period is supported or not
-	CPUCfsPeriod bool
-
-	// Whether CPU CFS(Completely Fair Scheduler) quota is supported or not
-	CPUCfsQuota bool
+	// Whether CPU CFS (Completely Fair Scheduler) is supported
+	CPUCfs bool
 
-	// Whether CPU real-time period is supported or not
-	CPURealtimePeriod bool
-
-	// Whether CPU real-time runtime is supported or not
-	CPURealtimeRuntime bool
+	// Whether CPU real-time scheduler is supported
+	CPURealtime bool
 }
 
 type cgroupBlkioInfo struct {
@@ -140,13 +163,3 @@ func isCpusetListAvailable(provided, available string) (bool, error) {
 	}
 	return true, nil
 }
-
-// Returns bit count of 1, used by NumCPU
-func popcnt(x uint64) (n byte) {
-	x -= (x >> 1) & 0x5555555555555555
-	x = (x>>2)&0x3333333333333333 + x&0x3333333333333333
-	x += x >> 4
-	x &= 0x0f0f0f0f0f0f0f0f
-	x *= 0x0101010101010101
-	return byte(x >> 56)
-}
diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go
index dde5be19bc67a..5a79075cd4bfc 100644
--- a/pkg/sysinfo/sysinfo_linux.go
+++ b/pkg/sysinfo/sysinfo_linux.go
@@ -2,14 +2,14 @@ package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"strings"
 
+	cdcgroups "github.com/containerd/cgroups"
+	cdseccomp "github.com/containerd/containerd/pkg/seccomp"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
 )
 
 func findCgroupMountpoints() (map[string]string, error) {
@@ -26,227 +26,236 @@ func findCgroupMountpoints() (map[string]string, error) {
 	return mps, nil
 }
 
-// New returns a new SysInfo, using the filesystem to detect which features
-// the kernel supports. If `quiet` is `false` warnings are printed in logs
-// whenever an error occurs or misconfigurations are present.
-func New(quiet bool) *SysInfo {
-	sysInfo := &SysInfo{}
-	cgMounts, err := findCgroupMountpoints()
-	if err != nil {
-		logrus.Warnf("Failed to parse cgroup information: %v", err)
-	} else {
-		sysInfo.cgroupMemInfo = checkCgroupMem(cgMounts, quiet)
-		sysInfo.cgroupCPUInfo = checkCgroupCPU(cgMounts, quiet)
-		sysInfo.cgroupBlkioInfo = checkCgroupBlkioInfo(cgMounts, quiet)
-		sysInfo.cgroupCpusetInfo = checkCgroupCpusetInfo(cgMounts, quiet)
-		sysInfo.cgroupPids = checkCgroupPids(quiet)
+type infoCollector func(info *SysInfo)
+
+// WithCgroup2GroupPath specifies the cgroup v2 group path to inspect availability
+// of the controllers.
+//
+// WithCgroup2GroupPath is expected to be used for rootless mode with systemd driver.
+//
+// e.g. g = "/user.slice/user-1000.slice/user@1000.service"
+func WithCgroup2GroupPath(g string) Opt {
+	return func(o *SysInfo) {
+		if p := path.Clean(g); p != "" {
+			o.cg2GroupPath = p
+		}
 	}
+}
 
-	_, ok := cgMounts["devices"]
-	sysInfo.CgroupDevicesEnabled = ok
+// New returns a new SysInfo, using the filesystem to detect which features
+// the kernel supports.
+func New(options ...Opt) *SysInfo {
+	if cdcgroups.Mode() == cdcgroups.Unified {
+		return newV2(options...)
+	}
+	return newV1()
+}
 
-	sysInfo.IPv4ForwardingDisabled = !readProcBool("/proc/sys/net/ipv4/ip_forward")
-	sysInfo.BridgeNFCallIPTablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-iptables")
-	sysInfo.BridgeNFCallIP6TablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-ip6tables")
+func newV1() *SysInfo {
+	var (
+		err     error
+		sysInfo = &SysInfo{}
+	)
 
-	// Check if AppArmor is supported.
-	if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) {
-		sysInfo.AppArmor = true
+	ops := []infoCollector{
+		applyNetworkingInfo,
+		applyAppArmorInfo,
+		applySeccompInfo,
+		applyCgroupNsInfo,
 	}
 
-	// Check if Seccomp is supported, via CONFIG_SECCOMP.
-	if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
-		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
-		if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
-			sysInfo.Seccomp = true
-		}
+	sysInfo.cgMounts, err = findCgroupMountpoints()
+	if err != nil {
+		logrus.Warn(err)
+	} else {
+		ops = append(ops,
+			applyMemoryCgroupInfo,
+			applyCPUCgroupInfo,
+			applyBlkioCgroupInfo,
+			applyCPUSetCgroupInfo,
+			applyPIDSCgroupInfo,
+			applyDevicesCgroupInfo,
+		)
 	}
 
+	for _, o := range ops {
+		o(sysInfo)
+	}
 	return sysInfo
 }
 
-// checkCgroupMem reads the memory information from the memory cgroup mount point.
-func checkCgroupMem(cgMounts map[string]string, quiet bool) cgroupMemInfo {
-	mountPoint, ok := cgMounts["memory"]
+// applyMemoryCgroupInfo adds the memory cgroup controller information to the info.
+func applyMemoryCgroupInfo(info *SysInfo) {
+	mountPoint, ok := info.cgMounts["memory"]
 	if !ok {
-		if !quiet {
-			logrus.Warn("Your kernel does not support cgroup memory limit")
-		}
-		return cgroupMemInfo{}
+		info.Warnings = append(info.Warnings, "Your kernel does not support cgroup memory limit")
+		return
 	}
+	info.MemoryLimit = ok
 
-	swapLimit := cgroupEnabled(mountPoint, "memory.memsw.limit_in_bytes")
-	if !quiet && !swapLimit {
-		logrus.Warn("Your kernel does not support swap memory limit")
+	info.SwapLimit = cgroupEnabled(mountPoint, "memory.memsw.limit_in_bytes")
+	if !info.SwapLimit {
+		info.Warnings = append(info.Warnings, "Your kernel does not support swap memory limit")
 	}
-	memoryReservation := cgroupEnabled(mountPoint, "memory.soft_limit_in_bytes")
-	if !quiet && !memoryReservation {
-		logrus.Warn("Your kernel does not support memory reservation")
+	info.MemoryReservation = cgroupEnabled(mountPoint, "memory.soft_limit_in_bytes")
+	if !info.MemoryReservation {
+		info.Warnings = append(info.Warnings, "Your kernel does not support memory reservation")
 	}
-	oomKillDisable := cgroupEnabled(mountPoint, "memory.oom_control")
-	if !quiet && !oomKillDisable {
-		logrus.Warn("Your kernel does not support oom control")
+	info.OomKillDisable = cgroupEnabled(mountPoint, "memory.oom_control")
+	if !info.OomKillDisable {
+		info.Warnings = append(info.Warnings, "Your kernel does not support oom control")
 	}
-	memorySwappiness := cgroupEnabled(mountPoint, "memory.swappiness")
-	if !quiet && !memorySwappiness {
-		logrus.Warn("Your kernel does not support memory swappiness")
+	info.MemorySwappiness = cgroupEnabled(mountPoint, "memory.swappiness")
+	if !info.MemorySwappiness {
+		info.Warnings = append(info.Warnings, "Your kernel does not support memory swappiness")
 	}
-	kernelMemory := cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes")
-	if !quiet && !kernelMemory {
-		logrus.Warn("Your kernel does not support kernel memory limit")
+	info.KernelMemory = cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes")
+	if !info.KernelMemory {
+		info.Warnings = append(info.Warnings, "Your kernel does not support kernel memory limit")
 	}
-
-	return cgroupMemInfo{
-		MemoryLimit:       true,
-		SwapLimit:         swapLimit,
-		MemoryReservation: memoryReservation,
-		OomKillDisable:    oomKillDisable,
-		MemorySwappiness:  memorySwappiness,
-		KernelMemory:      kernelMemory,
+	info.KernelMemoryTCP = cgroupEnabled(mountPoint, "memory.kmem.tcp.limit_in_bytes")
+	if !info.KernelMemoryTCP {
+		info.Warnings = append(info.Warnings, "Your kernel does not support kernel memory TCP limit")
 	}
 }
 
-// checkCgroupCPU reads the cpu information from the cpu cgroup mount point.
-func checkCgroupCPU(cgMounts map[string]string, quiet bool) cgroupCPUInfo {
-	mountPoint, ok := cgMounts["cpu"]
+// applyCPUCgroupInfo adds the cpu cgroup controller information to the info.
+func applyCPUCgroupInfo(info *SysInfo) {
+	mountPoint, ok := info.cgMounts["cpu"]
 	if !ok {
-		if !quiet {
-			logrus.Warn("Unable to find cpu cgroup in mounts")
-		}
-		return cgroupCPUInfo{}
-	}
-
-	cpuShares := cgroupEnabled(mountPoint, "cpu.shares")
-	if !quiet && !cpuShares {
-		logrus.Warn("Your kernel does not support cgroup cpu shares")
+		info.Warnings = append(info.Warnings, "Unable to find cpu cgroup in mounts")
+		return
 	}
 
-	cpuCfsPeriod := cgroupEnabled(mountPoint, "cpu.cfs_period_us")
-	if !quiet && !cpuCfsPeriod {
-		logrus.Warn("Your kernel does not support cgroup cfs period")
+	info.CPUShares = cgroupEnabled(mountPoint, "cpu.shares")
+	if !info.CPUShares {
+		info.Warnings = append(info.Warnings, "Your kernel does not support CPU shares")
 	}
 
-	cpuCfsQuota := cgroupEnabled(mountPoint, "cpu.cfs_quota_us")
-	if !quiet && !cpuCfsQuota {
-		logrus.Warn("Your kernel does not support cgroup cfs quotas")
+	info.CPUCfs = cgroupEnabled(mountPoint, "cpu.cfs_quota_us")
+	if !info.CPUCfs {
+		info.Warnings = append(info.Warnings, "Your kernel does not support CPU CFS scheduler")
 	}
 
-	cpuRealtimePeriod := cgroupEnabled(mountPoint, "cpu.rt_period_us")
-	if !quiet && !cpuRealtimePeriod {
-		logrus.Warn("Your kernel does not support cgroup rt period")
-	}
-
-	cpuRealtimeRuntime := cgroupEnabled(mountPoint, "cpu.rt_runtime_us")
-	if !quiet && !cpuRealtimeRuntime {
-		logrus.Warn("Your kernel does not support cgroup rt runtime")
-	}
-
-	return cgroupCPUInfo{
-		CPUShares:          cpuShares,
-		CPUCfsPeriod:       cpuCfsPeriod,
-		CPUCfsQuota:        cpuCfsQuota,
-		CPURealtimePeriod:  cpuRealtimePeriod,
-		CPURealtimeRuntime: cpuRealtimeRuntime,
+	info.CPURealtime = cgroupEnabled(mountPoint, "cpu.rt_period_us")
+	if !info.CPURealtime {
+		info.Warnings = append(info.Warnings, "Your kernel does not support CPU realtime scheduler")
 	}
 }
 
-// checkCgroupBlkioInfo reads the blkio information from the blkio cgroup mount point.
-func checkCgroupBlkioInfo(cgMounts map[string]string, quiet bool) cgroupBlkioInfo {
-	mountPoint, ok := cgMounts["blkio"]
+// applyBlkioCgroupInfo adds the blkio cgroup controller information to the info.
+func applyBlkioCgroupInfo(info *SysInfo) {
+	mountPoint, ok := info.cgMounts["blkio"]
 	if !ok {
-		if !quiet {
-			logrus.Warn("Unable to find blkio cgroup in mounts")
-		}
-		return cgroupBlkioInfo{}
+		info.Warnings = append(info.Warnings, "Unable to find blkio cgroup in mounts")
+		return
 	}
 
-	weight := cgroupEnabled(mountPoint, "blkio.weight")
-	if !quiet && !weight {
-		logrus.Warn("Your kernel does not support cgroup blkio weight")
+	info.BlkioWeight = cgroupEnabled(mountPoint, "blkio.weight")
+	if !info.BlkioWeight {
+		info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio weight")
 	}
 
-	weightDevice := cgroupEnabled(mountPoint, "blkio.weight_device")
-	if !quiet && !weightDevice {
-		logrus.Warn("Your kernel does not support cgroup blkio weight_device")
+	info.BlkioWeightDevice = cgroupEnabled(mountPoint, "blkio.weight_device")
+	if !info.BlkioWeightDevice {
+		info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio weight_device")
 	}
 
-	readBpsDevice := cgroupEnabled(mountPoint, "blkio.throttle.read_bps_device")
-	if !quiet && !readBpsDevice {
-		logrus.Warn("Your kernel does not support cgroup blkio throttle.read_bps_device")
+	info.BlkioReadBpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.read_bps_device")
+	if !info.BlkioReadBpsDevice {
+		info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.read_bps_device")
 	}
 
-	writeBpsDevice := cgroupEnabled(mountPoint, "blkio.throttle.write_bps_device")
-	if !quiet && !writeBpsDevice {
-		logrus.Warn("Your kernel does not support cgroup blkio throttle.write_bps_device")
+	info.BlkioWriteBpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.write_bps_device")
+	if !info.BlkioWriteBpsDevice {
+		info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.write_bps_device")
 	}
-	readIOpsDevice := cgroupEnabled(mountPoint, "blkio.throttle.read_iops_device")
-	if !quiet && !readIOpsDevice {
-		logrus.Warn("Your kernel does not support cgroup blkio throttle.read_iops_device")
+	info.BlkioReadIOpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.read_iops_device")
+	if !info.BlkioReadIOpsDevice {
+		info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.read_iops_device")
 	}
 
-	writeIOpsDevice := cgroupEnabled(mountPoint, "blkio.throttle.write_iops_device")
-	if !quiet && !writeIOpsDevice {
-		logrus.Warn("Your kernel does not support cgroup blkio throttle.write_iops_device")
-	}
-	return cgroupBlkioInfo{
-		BlkioWeight:          weight,
-		BlkioWeightDevice:    weightDevice,
-		BlkioReadBpsDevice:   readBpsDevice,
-		BlkioWriteBpsDevice:  writeBpsDevice,
-		BlkioReadIOpsDevice:  readIOpsDevice,
-		BlkioWriteIOpsDevice: writeIOpsDevice,
+	info.BlkioWriteIOpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.write_iops_device")
+	if !info.BlkioWriteIOpsDevice {
+		info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.write_iops_device")
 	}
 }
 
-// checkCgroupCpusetInfo reads the cpuset information from the cpuset cgroup mount point.
-func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetInfo {
-	mountPoint, ok := cgMounts["cpuset"]
+// applyCPUSetCgroupInfo adds the cpuset cgroup controller information to the info.
+func applyCPUSetCgroupInfo(info *SysInfo) {
+	mountPoint, ok := info.cgMounts["cpuset"]
 	if !ok {
-		if !quiet {
-			logrus.Warn("Unable to find cpuset cgroup in mounts")
-		}
-		return cgroupCpusetInfo{}
+		info.Warnings = append(info.Warnings, "Unable to find cpuset cgroup in mounts")
+		return
 	}
+	info.Cpuset = ok
+
+	var err error
 
-	cpus, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.cpus"))
+	cpus, err := os.ReadFile(path.Join(mountPoint, "cpuset.cpus"))
 	if err != nil {
-		return cgroupCpusetInfo{}
+		return
 	}
+	info.Cpus = strings.TrimSpace(string(cpus))
 
-	mems, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.mems"))
+	mems, err := os.ReadFile(path.Join(mountPoint, "cpuset.mems"))
 	if err != nil {
-		return cgroupCpusetInfo{}
+		return
 	}
+	info.Mems = strings.TrimSpace(string(mems))
+}
 
-	return cgroupCpusetInfo{
-		Cpuset: true,
-		Cpus:   strings.TrimSpace(string(cpus)),
-		Mems:   strings.TrimSpace(string(mems)),
+// applyPIDSCgroupInfo adds whether the pids cgroup controller is available to the info.
+func applyPIDSCgroupInfo(info *SysInfo) {
+	_, ok := info.cgMounts["pids"]
+	if !ok {
+		info.Warnings = append(info.Warnings, "Unable to find pids cgroup in mounts")
+		return
 	}
+	info.PidsLimit = true
 }
 
-// checkCgroupPids reads the pids information from the pids cgroup mount point.
-func checkCgroupPids(quiet bool) cgroupPids {
-	_, err := cgroups.FindCgroupMountpoint("pids")
-	if err != nil {
-		if !quiet {
-			logrus.Warn(err)
+// applyDevicesCgroupInfo adds whether the devices cgroup controller is available to the info.
+func applyDevicesCgroupInfo(info *SysInfo) {
+	_, ok := info.cgMounts["devices"]
+	info.CgroupDevicesEnabled = ok
+}
+
+// applyNetworkingInfo adds networking information to the info.
+func applyNetworkingInfo(info *SysInfo) {
+	info.IPv4ForwardingDisabled = !readProcBool("/proc/sys/net/ipv4/ip_forward")
+	info.BridgeNFCallIPTablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-iptables")
+	info.BridgeNFCallIP6TablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-ip6tables")
+}
+
+// applyAppArmorInfo adds whether AppArmor is enabled to the info.
+func applyAppArmorInfo(info *SysInfo) {
+	if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) {
+		if _, err := os.ReadFile("/sys/kernel/security/apparmor/profiles"); err == nil {
+			info.AppArmor = true
 		}
-		return cgroupPids{}
 	}
+}
 
-	return cgroupPids{
-		PidsLimit: true,
+// applyCgroupNsInfo adds whether cgroupns is enabled to the info.
+func applyCgroupNsInfo(info *SysInfo) {
+	if _, err := os.Stat("/proc/self/ns/cgroup"); !os.IsNotExist(err) {
+		info.CgroupNamespaces = true
 	}
 }
 
+// applySeccompInfo checks if Seccomp is supported, via CONFIG_SECCOMP.
+func applySeccompInfo(info *SysInfo) {
+	info.Seccomp = cdseccomp.IsEnabled()
+}
+
 func cgroupEnabled(mountPoint, name string) bool {
 	_, err := os.Stat(path.Join(mountPoint, name))
 	return err == nil
 }
 
 func readProcBool(path string) bool {
-	val, err := ioutil.ReadFile(path)
+	val, err := os.ReadFile(path)
 	if err != nil {
 		return false
 	}
diff --git a/pkg/sysinfo/sysinfo_linux_test.go b/pkg/sysinfo/sysinfo_linux_test.go
index 13a07fbce93cf..f84b416297f52 100644
--- a/pkg/sysinfo/sysinfo_linux_test.go
+++ b/pkg/sysinfo/sysinfo_linux_test.go
@@ -1,30 +1,29 @@
 package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import (
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
 	"testing"
 
 	"golang.org/x/sys/unix"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestReadProcBool(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "test-sysinfo-proc")
+	tmpDir, err := os.MkdirTemp("", "test-sysinfo-proc")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tmpDir)
 
 	procFile := filepath.Join(tmpDir, "read-proc-bool")
-	err = ioutil.WriteFile(procFile, []byte("1"), 0644)
+	err = os.WriteFile(procFile, []byte("1"), 0644)
 	assert.NilError(t, err)
 
 	if !readProcBool(procFile) {
 		t.Fatal("expected proc bool to be true, got false")
 	}
 
-	if err := ioutil.WriteFile(procFile, []byte("0"), 0644); err != nil {
+	if err := os.WriteFile(procFile, []byte("0"), 0644); err != nil {
 		t.Fatal(err)
 	}
 	if readProcBool(procFile) {
@@ -38,7 +37,7 @@ func TestReadProcBool(t *testing.T) {
 }
 
 func TestCgroupEnabled(t *testing.T) {
-	cgroupDir, err := ioutil.TempDir("", "cgroup-test")
+	cgroupDir, err := os.MkdirTemp("", "cgroup-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(cgroupDir)
 
@@ -46,7 +45,7 @@ func TestCgroupEnabled(t *testing.T) {
 		t.Fatal("cgroupEnabled should be false")
 	}
 
-	err = ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644)
+	err = os.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644)
 	assert.NilError(t, err)
 
 	if !cgroupEnabled(cgroupDir, "test") {
@@ -55,11 +54,7 @@ func TestCgroupEnabled(t *testing.T) {
 }
 
 func TestNew(t *testing.T) {
-	sysInfo := New(false)
-	assert.Assert(t, sysInfo != nil)
-	checkSysInfo(t, sysInfo)
-
-	sysInfo = New(true)
+	sysInfo := New()
 	assert.Assert(t, sysInfo != nil)
 	checkSysInfo(t, sysInfo)
 }
@@ -79,23 +74,43 @@ func checkSysInfo(t *testing.T, sysInfo *SysInfo) {
 func TestNewAppArmorEnabled(t *testing.T) {
 	// Check if AppArmor is supported. then it must be TRUE , else FALSE
 	if _, err := os.Stat("/sys/kernel/security/apparmor"); err != nil {
-		t.Skip("App Armor Must be Enabled")
+		t.Skip("AppArmor Must be Enabled")
 	}
 
-	sysInfo := New(true)
+	sysInfo := New()
 	assert.Assert(t, sysInfo.AppArmor)
 }
 
 func TestNewAppArmorDisabled(t *testing.T) {
 	// Check if AppArmor is supported. then it must be TRUE , else FALSE
 	if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) {
-		t.Skip("App Armor Must be Disabled")
+		t.Skip("AppArmor Must be Disabled")
 	}
 
-	sysInfo := New(true)
+	sysInfo := New()
 	assert.Assert(t, !sysInfo.AppArmor)
 }
 
+func TestNewCgroupNamespacesEnabled(t *testing.T) {
+	// If cgroup namespaces are supported in the kernel, then sysInfo.CgroupNamespaces should be TRUE
+	if _, err := os.Stat("/proc/self/ns/cgroup"); err != nil {
+		t.Skip("cgroup namespaces must be enabled")
+	}
+
+	sysInfo := New()
+	assert.Assert(t, sysInfo.CgroupNamespaces)
+}
+
+func TestNewCgroupNamespacesDisabled(t *testing.T) {
+	// If cgroup namespaces are *not* supported in the kernel, then sysInfo.CgroupNamespaces should be FALSE
+	if _, err := os.Stat("/proc/self/ns/cgroup"); !os.IsNotExist(err) {
+		t.Skip("cgroup namespaces must be disabled")
+	}
+
+	sysInfo := New()
+	assert.Assert(t, !sysInfo.CgroupNamespaces)
+}
+
 func TestNumCPU(t *testing.T) {
 	cpuNumbers := NumCPU()
 	if cpuNumbers <= 0 {
diff --git a/pkg/sysinfo/sysinfo_other.go b/pkg/sysinfo/sysinfo_other.go
new file mode 100644
index 0000000000000..aa97c0f29ab9b
--- /dev/null
+++ b/pkg/sysinfo/sysinfo_other.go
@@ -0,0 +1,9 @@
+//go:build !linux
+// +build !linux
+
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
+
+// New returns an empty SysInfo for non linux for now.
+func New(options ...Opt) *SysInfo {
+	return &SysInfo{}
+}
diff --git a/pkg/sysinfo/sysinfo_unix.go b/pkg/sysinfo/sysinfo_unix.go
deleted file mode 100644
index 23cc695fb83d3..0000000000000
--- a/pkg/sysinfo/sysinfo_unix.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// +build !linux,!windows
-
-package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
-
-// New returns an empty SysInfo for non linux for now.
-func New(quiet bool) *SysInfo {
-	sysInfo := &SysInfo{}
-	return sysInfo
-}
diff --git a/pkg/sysinfo/sysinfo_windows.go b/pkg/sysinfo/sysinfo_windows.go
deleted file mode 100644
index 5f68524e7ed65..0000000000000
--- a/pkg/sysinfo/sysinfo_windows.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
-
-// New returns an empty SysInfo for windows for now.
-func New(quiet bool) *SysInfo {
-	sysInfo := &SysInfo{}
-	return sysInfo
-}
diff --git a/pkg/system/args_windows.go b/pkg/system/args_windows.go
new file mode 100644
index 0000000000000..b7c9487a0674a
--- /dev/null
+++ b/pkg/system/args_windows.go
@@ -0,0 +1,16 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"strings"
+
+	"golang.org/x/sys/windows"
+)
+
+// EscapeArgs makes a Windows-style escaped command line from a set of arguments
+func EscapeArgs(args []string) string {
+	escapedArgs := make([]string, len(args))
+	for i, a := range args {
+		escapedArgs[i] = windows.EscapeArg(a)
+	}
+	return strings.Join(escapedArgs, " ")
+}
diff --git a/pkg/system/chtimes_linux_test.go b/pkg/system/chtimes_linux_test.go
new file mode 100644
index 0000000000000..075f573059ae2
--- /dev/null
+++ b/pkg/system/chtimes_linux_test.go
@@ -0,0 +1,89 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"os"
+	"syscall"
+	"testing"
+	"time"
+)
+
+// TestChtimesLinux tests Chtimes access time on a tempfile on Linux
+func TestChtimesLinux(t *testing.T) {
+	file, dir := prepareTempFile(t)
+	defer os.RemoveAll(dir)
+
+	beforeUnixEpochTime := time.Unix(0, 0).Add(-100 * time.Second)
+	unixEpochTime := time.Unix(0, 0)
+	afterUnixEpochTime := time.Unix(100, 0)
+	unixMaxTime := maxTime
+
+	// Test both aTime and mTime set to Unix Epoch
+	Chtimes(file, unixEpochTime, unixEpochTime)
+
+	f, err := os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat := f.Sys().(*syscall.Stat_t)
+	aTime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec)) //nolint: unconvert
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test aTime before Unix Epoch and mTime set to Unix Epoch
+	Chtimes(file, beforeUnixEpochTime, unixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat = f.Sys().(*syscall.Stat_t)
+	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec)) //nolint: unconvert
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test aTime set to Unix Epoch and mTime before Unix Epoch
+	Chtimes(file, unixEpochTime, beforeUnixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat = f.Sys().(*syscall.Stat_t)
+	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec)) //nolint: unconvert
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test both aTime and mTime set to after Unix Epoch (valid time)
+	Chtimes(file, afterUnixEpochTime, afterUnixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat = f.Sys().(*syscall.Stat_t)
+	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec)) //nolint: unconvert
+	if aTime != afterUnixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", afterUnixEpochTime, aTime)
+	}
+
+	// Test both aTime and mTime set to Unix max time
+	Chtimes(file, unixMaxTime, unixMaxTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat = f.Sys().(*syscall.Stat_t)
+	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec)) //nolint: unconvert
+	if aTime.Truncate(time.Second) != unixMaxTime.Truncate(time.Second) {
+		t.Fatalf("Expected: %s, got: %s", unixMaxTime.Truncate(time.Second), aTime.Truncate(time.Second))
+	}
+}
diff --git a/pkg/system/chtimes_nowindows.go b/pkg/system/chtimes_nowindows.go
new file mode 100644
index 0000000000000..84ae1570513b5
--- /dev/null
+++ b/pkg/system/chtimes_nowindows.go
@@ -0,0 +1,15 @@
+//go:build !windows
+// +build !windows
+
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"time"
+)
+
+// setCTime will set the create time on a file. On Unix, the create
+// time is updated as a side effect of setting the modified time, so
+// no action is required.
+func setCTime(path string, ctime time.Time) error {
+	return nil
+}
diff --git a/pkg/system/chtimes_test.go b/pkg/system/chtimes_test.go
index 5a3f98e199d69..3bb1fb2a60329 100644
--- a/pkg/system/chtimes_test.go
+++ b/pkg/system/chtimes_test.go
@@ -1,7 +1,6 @@
 package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -10,13 +9,13 @@ import (
 
 // prepareTempFile creates a temporary file in a temporary directory.
 func prepareTempFile(t *testing.T) (string, string) {
-	dir, err := ioutil.TempDir("", "docker-system-test")
+	dir, err := os.MkdirTemp("", "docker-system-test")
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	file := filepath.Join(dir, "exist")
-	if err := ioutil.WriteFile(file, []byte("hello"), 0644); err != nil {
+	if err := os.WriteFile(file, []byte("hello"), 0644); err != nil {
 		t.Fatal(err)
 	}
 	return file, dir
diff --git a/pkg/system/chtimes_unix.go b/pkg/system/chtimes_unix.go
deleted file mode 100644
index 259138a45b52c..0000000000000
--- a/pkg/system/chtimes_unix.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// +build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
-	"time"
-)
-
-//setCTime will set the create time on a file. On Unix, the create
-//time is updated as a side effect of setting the modified time, so
-//no action is required.
-func setCTime(path string, ctime time.Time) error {
-	return nil
-}
diff --git a/pkg/system/chtimes_unix_test.go b/pkg/system/chtimes_unix_test.go
deleted file mode 100644
index e25232c767556..0000000000000
--- a/pkg/system/chtimes_unix_test.go
+++ /dev/null
@@ -1,91 +0,0 @@
-// +build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
-	"os"
-	"syscall"
-	"testing"
-	"time"
-)
-
-// TestChtimesLinux tests Chtimes access time on a tempfile on Linux
-func TestChtimesLinux(t *testing.T) {
-	file, dir := prepareTempFile(t)
-	defer os.RemoveAll(dir)
-
-	beforeUnixEpochTime := time.Unix(0, 0).Add(-100 * time.Second)
-	unixEpochTime := time.Unix(0, 0)
-	afterUnixEpochTime := time.Unix(100, 0)
-	unixMaxTime := maxTime
-
-	// Test both aTime and mTime set to Unix Epoch
-	Chtimes(file, unixEpochTime, unixEpochTime)
-
-	f, err := os.Stat(file)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	stat := f.Sys().(*syscall.Stat_t)
-	aTime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
-	if aTime != unixEpochTime {
-		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
-	}
-
-	// Test aTime before Unix Epoch and mTime set to Unix Epoch
-	Chtimes(file, beforeUnixEpochTime, unixEpochTime)
-
-	f, err = os.Stat(file)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	stat = f.Sys().(*syscall.Stat_t)
-	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
-	if aTime != unixEpochTime {
-		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
-	}
-
-	// Test aTime set to Unix Epoch and mTime before Unix Epoch
-	Chtimes(file, unixEpochTime, beforeUnixEpochTime)
-
-	f, err = os.Stat(file)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	stat = f.Sys().(*syscall.Stat_t)
-	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
-	if aTime != unixEpochTime {
-		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
-	}
-
-	// Test both aTime and mTime set to after Unix Epoch (valid time)
-	Chtimes(file, afterUnixEpochTime, afterUnixEpochTime)
-
-	f, err = os.Stat(file)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	stat = f.Sys().(*syscall.Stat_t)
-	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
-	if aTime != afterUnixEpochTime {
-		t.Fatalf("Expected: %s, got: %s", afterUnixEpochTime, aTime)
-	}
-
-	// Test both aTime and mTime set to Unix max time
-	Chtimes(file, unixMaxTime, unixMaxTime)
-
-	f, err = os.Stat(file)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	stat = f.Sys().(*syscall.Stat_t)
-	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
-	if aTime.Truncate(time.Second) != unixMaxTime.Truncate(time.Second) {
-		t.Fatalf("Expected: %s, got: %s", unixMaxTime.Truncate(time.Second), aTime.Truncate(time.Second))
-	}
-}
diff --git a/pkg/system/chtimes_windows.go b/pkg/system/chtimes_windows.go
index d3a115ff42b8e..6664b8bcad76e 100644
--- a/pkg/system/chtimes_windows.go
+++ b/pkg/system/chtimes_windows.go
@@ -6,8 +6,8 @@ import (
 	"golang.org/x/sys/windows"
 )
 
-//setCTime will set the create time on a file. On Windows, this requires
-//calling SetFileTime and explicitly including the create time.
+// setCTime will set the create time on a file. On Windows, this requires
+// calling SetFileTime and explicitly including the create time.
 func setCTime(path string, ctime time.Time) error {
 	ctimespec := windows.NsecToTimespec(ctime.UnixNano())
 	pathp, e := windows.UTF16PtrFromString(path)
diff --git a/pkg/system/chtimes_windows_test.go b/pkg/system/chtimes_windows_test.go
index d91e4bc6e4bcf..060c5150037d7 100644
--- a/pkg/system/chtimes_windows_test.go
+++ b/pkg/system/chtimes_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package system // import "github.com/docker/docker/pkg/system"
diff --git a/pkg/system/filesys.go b/pkg/system/filesys.go
deleted file mode 100644
index adeb163052048..0000000000000
--- a/pkg/system/filesys.go
+++ /dev/null
@@ -1,67 +0,0 @@
-// +build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
-	"io/ioutil"
-	"os"
-	"path/filepath"
-)
-
-// MkdirAllWithACL is a wrapper for MkdirAll on unix systems.
-func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
-	return MkdirAll(path, perm, sddl)
-}
-
-// MkdirAll creates a directory named path along with any necessary parents,
-// with permission specified by attribute perm for all dir created.
-func MkdirAll(path string, perm os.FileMode, sddl string) error {
-	return os.MkdirAll(path, perm)
-}
-
-// IsAbs is a platform-specific wrapper for filepath.IsAbs.
-func IsAbs(path string) bool {
-	return filepath.IsAbs(path)
-}
-
-// The functions below here are wrappers for the equivalents in the os and ioutils packages.
-// They are passthrough on Unix platforms, and only relevant on Windows.
-
-// CreateSequential creates the named file with mode 0666 (before umask), truncating
-// it if it already exists. If successful, methods on the returned
-// File can be used for I/O; the associated file descriptor has mode
-// O_RDWR.
-// If there is an error, it will be of type *PathError.
-func CreateSequential(name string) (*os.File, error) {
-	return os.Create(name)
-}
-
-// OpenSequential opens the named file for reading. If successful, methods on
-// the returned file can be used for reading; the associated file
-// descriptor has mode O_RDONLY.
-// If there is an error, it will be of type *PathError.
-func OpenSequential(name string) (*os.File, error) {
-	return os.Open(name)
-}
-
-// OpenFileSequential is the generalized open call; most users will use Open
-// or Create instead. It opens the named file with specified flag
-// (O_RDONLY etc.) and perm, (0666 etc.) if applicable. If successful,
-// methods on the returned File can be used for I/O.
-// If there is an error, it will be of type *PathError.
-func OpenFileSequential(name string, flag int, perm os.FileMode) (*os.File, error) {
-	return os.OpenFile(name, flag, perm)
-}
-
-// TempFileSequential creates a new temporary file in the directory dir
-// with a name beginning with prefix, opens the file for reading
-// and writing, and returns the resulting *os.File.
-// If dir is the empty string, TempFile uses the default directory
-// for temporary files (see os.TempDir).
-// Multiple programs calling TempFile simultaneously
-// will not choose the same file. The caller can use f.Name()
-// to find the pathname of the file. It is the caller's responsibility
-// to remove the file when no longer needed.
-func TempFileSequential(dir, prefix string) (f *os.File, err error) {
-	return ioutil.TempFile(dir, prefix)
-}
diff --git a/pkg/system/filesys_unix.go b/pkg/system/filesys_unix.go
new file mode 100644
index 0000000000000..8b991201a98f8
--- /dev/null
+++ b/pkg/system/filesys_unix.go
@@ -0,0 +1,67 @@
+//go:build !windows
+// +build !windows
+
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// MkdirAllWithACL is a wrapper for os.MkdirAll on unix systems.
+func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
+	return os.MkdirAll(path, perm)
+}
+
+// MkdirAll creates a directory named path along with any necessary parents,
+// with permission specified by attribute perm for all dir created.
+func MkdirAll(path string, perm os.FileMode) error {
+	return os.MkdirAll(path, perm)
+}
+
+// IsAbs is a platform-specific wrapper for filepath.IsAbs.
+func IsAbs(path string) bool {
+	return filepath.IsAbs(path)
+}
+
+// The functions below here are wrappers for the equivalents in the os and ioutils packages.
+// They are passthrough on Unix platforms, and only relevant on Windows.
+
+// CreateSequential creates the named file with mode 0666 (before umask), truncating
+// it if it already exists. If successful, methods on the returned
+// File can be used for I/O; the associated file descriptor has mode
+// O_RDWR.
+// If there is an error, it will be of type *PathError.
+func CreateSequential(name string) (*os.File, error) {
+	return os.Create(name)
+}
+
+// OpenSequential opens the named file for reading. If successful, methods on
+// the returned file can be used for reading; the associated file
+// descriptor has mode O_RDONLY.
+// If there is an error, it will be of type *PathError.
+func OpenSequential(name string) (*os.File, error) {
+	return os.Open(name)
+}
+
+// OpenFileSequential is the generalized open call; most users will use Open
+// or Create instead. It opens the named file with specified flag
+// (O_RDONLY etc.) and perm, (0666 etc.) if applicable. If successful,
+// methods on the returned File can be used for I/O.
+// If there is an error, it will be of type *PathError.
+func OpenFileSequential(name string, flag int, perm os.FileMode) (*os.File, error) {
+	return os.OpenFile(name, flag, perm)
+}
+
+// TempFileSequential creates a new temporary file in the directory dir
+// with a name beginning with prefix, opens the file for reading
+// and writing, and returns the resulting *os.File.
+// If dir is the empty string, TempFile uses the default directory
+// for temporary files (see os.TempDir).
+// Multiple programs calling TempFile simultaneously
+// will not choose the same file. The caller can use f.Name()
+// to find the pathname of the file. It is the caller's responsibility
+// to remove the file when no longer needed.
+func TempFileSequential(dir, prefix string) (f *os.File, err error) {
+	return os.CreateTemp(dir, prefix)
+}
diff --git a/pkg/system/filesys_windows.go b/pkg/system/filesys_windows.go
index a1f6013f1397f..8f79dc8fe06c5 100644
--- a/pkg/system/filesys_windows.go
+++ b/pkg/system/filesys_windows.go
@@ -11,15 +11,12 @@ import (
 	"time"
 	"unsafe"
 
-	winio "github.com/Microsoft/go-winio"
 	"golang.org/x/sys/windows"
 )
 
 const (
 	// SddlAdministratorsLocalSystem is local administrators plus NT AUTHORITY\System
 	SddlAdministratorsLocalSystem = "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
-	// SddlNtvmAdministratorsLocalSystem is NT VIRTUAL MACHINE\Virtual Machines plus local administrators plus NT AUTHORITY\System
-	SddlNtvmAdministratorsLocalSystem = "D:P(A;OICI;GA;;;S-1-5-83-0)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
 )
 
 // MkdirAllWithACL is a wrapper for MkdirAll that creates a directory
@@ -28,9 +25,10 @@ func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
 	return mkdirall(path, true, sddl)
 }
 
-// MkdirAll implementation that is volume path aware for Windows.
-func MkdirAll(path string, _ os.FileMode, sddl string) error {
-	return mkdirall(path, false, sddl)
+// MkdirAll implementation that is volume path aware for Windows. It can be used
+// as a drop-in replacement for os.MkdirAll()
+func MkdirAll(path string, _ os.FileMode) error {
+	return mkdirall(path, false, "")
 }
 
 // mkdirall is a custom version of os.MkdirAll modified for use on Windows
@@ -104,13 +102,13 @@ func mkdirall(path string, applyACL bool, sddl string) error {
 // and Local System.
 func mkdirWithACL(name string, sddl string) error {
 	sa := windows.SecurityAttributes{Length: 0}
-	sd, err := winio.SddlToSecurityDescriptor(sddl)
+	sd, err := windows.SecurityDescriptorFromString(sddl)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 
 	namep, err := windows.UTF16PtrFromString(name)
 	if err != nil {
@@ -132,12 +130,10 @@ func mkdirWithACL(name string, sddl string) error {
 // by the daemon. This SHOULD be treated as absolute from a docker processing
 // perspective.
 func IsAbs(path string) bool {
-	if !filepath.IsAbs(path) {
-		if !strings.HasPrefix(path, string(os.PathSeparator)) {
-			return false
-		}
+	if filepath.IsAbs(path) || strings.HasPrefix(path, string(os.PathSeparator)) {
+		return true
 	}
-	return true
+	return false
 }
 
 // The origin of the functions below here are the golang OS and windows packages,
@@ -237,7 +233,7 @@ func windowsOpenSequential(path string, mode int, _ uint32) (fd windows.Handle,
 		createmode = windows.OPEN_EXISTING
 	}
 	// Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang.
-	//https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
+	// https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
 	const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
 	h, e := windows.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
 	return h, e
@@ -262,7 +258,7 @@ func nextSuffix() string {
 	return strconv.Itoa(int(1e9 + r%1e9))[1:]
 }
 
-// TempFileSequential is a copy of ioutil.TempFile, modified to use sequential
+// TempFileSequential is a copy of os.CreateTemp, modified to use sequential
 // file access. Below is the original comment from golang:
 // TempFile creates a new temporary file in the directory dir
 // with a name beginning with prefix, opens the file for reading
diff --git a/pkg/system/image_os.go b/pkg/system/image_os.go
new file mode 100644
index 0000000000000..e3de86be29228
--- /dev/null
+++ b/pkg/system/image_os.go
@@ -0,0 +1,10 @@
+package system // import "github.com/docker/docker/pkg/system"
+import (
+	"runtime"
+	"strings"
+)
+
+// IsOSSupported determines if an operating system is supported by the host.
+func IsOSSupported(os string) bool {
+	return strings.EqualFold(runtime.GOOS, os)
+}
diff --git a/pkg/system/init_unix.go b/pkg/system/init_unix.go
deleted file mode 100644
index 4996a67c12e5b..0000000000000
--- a/pkg/system/init_unix.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-// InitLCOW does nothing since LCOW is a windows only feature
-func InitLCOW(experimental bool) {
-}
diff --git a/pkg/system/init_windows.go b/pkg/system/init_windows.go
index 4910ff69d6661..3c2a43ddbd397 100644
--- a/pkg/system/init_windows.go
+++ b/pkg/system/init_windows.go
@@ -1,12 +1,18 @@
 package system // import "github.com/docker/docker/pkg/system"
 
-// lcowSupported determines if Linux Containers on Windows are supported.
-var lcowSupported = false
+var (
+	// containerdRuntimeSupported determines if containerd should be the runtime.
+	containerdRuntimeSupported = false
+)
 
-// InitLCOW sets whether LCOW is supported or not
-func InitLCOW(experimental bool) {
-	v := GetOSVersion()
-	if experimental && v.Build >= 16299 {
-		lcowSupported = true
+// InitContainerdRuntime sets whether to use containerd for runtime on Windows.
+func InitContainerdRuntime(cdPath string) {
+	if len(cdPath) > 0 {
+		containerdRuntimeSupported = true
 	}
 }
+
+// ContainerdRuntimeSupported returns true if the use of containerd runtime is supported.
+func ContainerdRuntimeSupported() bool {
+	return containerdRuntimeSupported
+}
diff --git a/pkg/system/lcow.go b/pkg/system/lcow.go
deleted file mode 100644
index 5be3e2182ba08..0000000000000
--- a/pkg/system/lcow.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
-	"runtime"
-	"strings"
-
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/pkg/errors"
-)
-
-// IsOSSupported determines if an operating system is supported by the host
-func IsOSSupported(os string) bool {
-	if strings.EqualFold(runtime.GOOS, os) {
-		return true
-	}
-	if LCOWSupported() && strings.EqualFold(os, "linux") {
-		return true
-	}
-	return false
-}
-
-// ValidatePlatform determines if a platform structure is valid.
-// TODO This is a temporary windows-only function, should be replaced by
-// comparison of worker capabilities
-func ValidatePlatform(platform specs.Platform) error {
-	if runtime.GOOS == "windows" {
-		if !(platform.OS == runtime.GOOS || (LCOWSupported() && platform.OS == "linux")) {
-			return errors.Errorf("unsupported os %s", platform.OS)
-		}
-	}
-	return nil
-}
diff --git a/pkg/system/lcow_unix.go b/pkg/system/lcow_unix.go
deleted file mode 100644
index 26397fb8a1764..0000000000000
--- a/pkg/system/lcow_unix.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// +build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-// LCOWSupported returns true if Linux containers on Windows are supported.
-func LCOWSupported() bool {
-	return false
-}
diff --git a/pkg/system/lcow_windows.go b/pkg/system/lcow_windows.go
deleted file mode 100644
index f0139df8f7e03..0000000000000
--- a/pkg/system/lcow_windows.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-// LCOWSupported returns true if Linux containers on Windows are supported.
-func LCOWSupported() bool {
-	return lcowSupported
-}
diff --git a/pkg/system/lstat_unix.go b/pkg/system/lstat_unix.go
index 7477995f1bfd7..654b9f2c9e69b 100644
--- a/pkg/system/lstat_unix.go
+++ b/pkg/system/lstat_unix.go
@@ -1,8 +1,10 @@
+//go:build !windows
 // +build !windows
 
 package system // import "github.com/docker/docker/pkg/system"
 
 import (
+	"os"
 	"syscall"
 )
 
@@ -13,7 +15,7 @@ import (
 func Lstat(path string) (*StatT, error) {
 	s := &syscall.Stat_t{}
 	if err := syscall.Lstat(path, s); err != nil {
-		return nil, err
+		return nil, &os.PathError{Op: "Lstat", Path: path, Err: err}
 	}
 	return fromStatT(s)
 }
diff --git a/pkg/system/lstat_unix_test.go b/pkg/system/lstat_unix_test.go
index 9fb4a191cfe32..943b7d6c638f2 100644
--- a/pkg/system/lstat_unix_test.go
+++ b/pkg/system/lstat_unix_test.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package system // import "github.com/docker/docker/pkg/system"
diff --git a/pkg/system/meminfo_linux.go b/pkg/system/meminfo_linux.go
index d79e8b0765357..cd060eff24de5 100644
--- a/pkg/system/meminfo_linux.go
+++ b/pkg/system/meminfo_linux.go
@@ -7,7 +7,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
 // ReadMemInfo retrieves memory statistics of the host system and returns a
@@ -27,6 +27,7 @@ func ReadMemInfo() (*MemInfo, error) {
 func parseMemInfo(reader io.Reader) (*MemInfo, error) {
 	meminfo := &MemInfo{}
 	scanner := bufio.NewScanner(reader)
+	memAvailable := int64(-1)
 	for scanner.Scan() {
 		// Expected format: ["MemTotal:", "1234", "kB"]
 		parts := strings.Fields(scanner.Text())
@@ -48,6 +49,8 @@ func parseMemInfo(reader io.Reader) (*MemInfo, error) {
 			meminfo.MemTotal = bytes
 		case "MemFree:":
 			meminfo.MemFree = bytes
+		case "MemAvailable:":
+			memAvailable = bytes
 		case "SwapTotal:":
 			meminfo.SwapTotal = bytes
 		case "SwapFree:":
@@ -55,6 +58,9 @@ func parseMemInfo(reader io.Reader) (*MemInfo, error) {
 		}
 
 	}
+	if memAvailable != -1 {
+		meminfo.MemFree = memAvailable
+	}
 
 	// Handle errors that may have occurred during the reading of the file.
 	if err := scanner.Err(); err != nil {
diff --git a/pkg/system/meminfo_unix_test.go b/pkg/system/meminfo_unix_test.go
index c3690d6311d97..adbc94824728b 100644
--- a/pkg/system/meminfo_unix_test.go
+++ b/pkg/system/meminfo_unix_test.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package system // import "github.com/docker/docker/pkg/system"
@@ -6,7 +7,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
 // TestMemInfo tests parseMemInfo with a static meminfo string
@@ -14,8 +15,9 @@ func TestMemInfo(t *testing.T) {
 	const input = `
 	MemTotal:      1 kB
 	MemFree:       2 kB
-	SwapTotal:     3 kB
-	SwapFree:      4 kB
+	MemAvailable:  3 kB
+	SwapTotal:     4 kB
+	SwapFree:      5 kB
 	Malformed1:
 	Malformed2:    1
 	Malformed3:    2 MB
@@ -28,13 +30,13 @@ func TestMemInfo(t *testing.T) {
 	if meminfo.MemTotal != 1*units.KiB {
 		t.Fatalf("Unexpected MemTotal: %d", meminfo.MemTotal)
 	}
-	if meminfo.MemFree != 2*units.KiB {
+	if meminfo.MemFree != 3*units.KiB {
 		t.Fatalf("Unexpected MemFree: %d", meminfo.MemFree)
 	}
-	if meminfo.SwapTotal != 3*units.KiB {
+	if meminfo.SwapTotal != 4*units.KiB {
 		t.Fatalf("Unexpected SwapTotal: %d", meminfo.SwapTotal)
 	}
-	if meminfo.SwapFree != 4*units.KiB {
+	if meminfo.SwapFree != 5*units.KiB {
 		t.Fatalf("Unexpected SwapFree: %d", meminfo.SwapFree)
 	}
 }
diff --git a/pkg/system/meminfo_unsupported.go b/pkg/system/meminfo_unsupported.go
index 56f4494268043..207ee58ee6c50 100644
--- a/pkg/system/meminfo_unsupported.go
+++ b/pkg/system/meminfo_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package system // import "github.com/docker/docker/pkg/system"
diff --git a/pkg/system/mknod.go b/pkg/system/mknod.go
index b132482e03818..d27152c0f5b58 100644
--- a/pkg/system/mknod.go
+++ b/pkg/system/mknod.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package system // import "github.com/docker/docker/pkg/system"
@@ -6,12 +7,6 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-// Mknod creates a filesystem node (file, device special file or named pipe) named path
-// with attributes specified by mode and dev.
-func Mknod(path string, mode uint32, dev int) error {
-	return unix.Mknod(path, mode, dev)
-}
-
 // Mkdev is used to build the value of linux devices (in /dev/) which specifies major
 // and minor number of the newly created device special file.
 // Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes.
diff --git a/pkg/system/mknod_freebsd.go b/pkg/system/mknod_freebsd.go
new file mode 100644
index 0000000000000..c890be116f796
--- /dev/null
+++ b/pkg/system/mknod_freebsd.go
@@ -0,0 +1,14 @@
+//go:build freebsd
+// +build freebsd
+
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// Mknod creates a filesystem node (file, device special file or named pipe) named path
+// with attributes specified by mode and dev.
+func Mknod(path string, mode uint32, dev int) error {
+	return unix.Mknod(path, mode, uint64(dev))
+}
diff --git a/pkg/system/mknod_linux.go b/pkg/system/mknod_linux.go
new file mode 100644
index 0000000000000..5c65f8a49c31b
--- /dev/null
+++ b/pkg/system/mknod_linux.go
@@ -0,0 +1,11 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// Mknod creates a filesystem node (file, device special file or named pipe) named path
+// with attributes specified by mode and dev.
+func Mknod(path string, mode uint32, dev int) error {
+	return unix.Mknod(path, mode, dev)
+}
diff --git a/pkg/system/path.go b/pkg/system/path.go
index a3d957afab742..4d81906b9d247 100644
--- a/pkg/system/path.go
+++ b/pkg/system/path.go
@@ -1,32 +1,27 @@
 package system // import "github.com/docker/docker/pkg/system"
 
-import (
-	"fmt"
-	"path/filepath"
-	"runtime"
-	"strings"
-
-	"github.com/containerd/continuity/pathdriver"
-)
-
 const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 // DefaultPathEnv is unix style list of directories to search for
 // executables. Each directory is separated from the next by a colon
 // ':' character .
+// For Windows containers, an empty string is returned as the default
+// path will be set by the container, and Docker has no context of what the
+// default path should be.
 func DefaultPathEnv(os string) string {
-	if runtime.GOOS == "windows" {
-		if os != runtime.GOOS {
-			return defaultUnixPathEnv
-		}
-		// Deliberately empty on Windows containers on Windows as the default path will be set by
-		// the container. Docker has no context of what the default path should be.
+	if os == "windows" {
 		return ""
 	}
 	return defaultUnixPathEnv
 
 }
 
+// PathVerifier defines the subset of a PathDriver that CheckSystemDriveAndRemoveDriveLetter
+// actually uses in order to avoid system depending on containerd/continuity.
+type PathVerifier interface {
+	IsAbs(string) bool
+}
+
 // CheckSystemDriveAndRemoveDriveLetter verifies that a path, if it includes a drive letter,
 // is the system drive.
 // On Linux: this is a no-op.
@@ -42,19 +37,6 @@ func DefaultPathEnv(os string) string {
 // a			--> a
 // /a			--> \a
 // d:\			--> Fail
-func CheckSystemDriveAndRemoveDriveLetter(path string, driver pathdriver.PathDriver) (string, error) {
-	if runtime.GOOS != "windows" || LCOWSupported() {
-		return path, nil
-	}
-
-	if len(path) == 2 && string(path[1]) == ":" {
-		return "", fmt.Errorf("No relative path specified in %q", path)
-	}
-	if !driver.IsAbs(path) || len(path) < 2 {
-		return filepath.FromSlash(path), nil
-	}
-	if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
-		return "", fmt.Errorf("The specified path is not on the system drive (C:)")
-	}
-	return filepath.FromSlash(path[2:]), nil
+func CheckSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
+	return checkSystemDriveAndRemoveDriveLetter(path, driver)
 }
diff --git a/pkg/system/path_unix.go b/pkg/system/path_unix.go
index b0b93196a15c5..197a37a219d18 100644
--- a/pkg/system/path_unix.go
+++ b/pkg/system/path_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package system // import "github.com/docker/docker/pkg/system"
@@ -8,3 +9,9 @@ package system // import "github.com/docker/docker/pkg/system"
 func GetLongPathName(path string) (string, error) {
 	return path, nil
 }
+
+// checkSystemDriveAndRemoveDriveLetter is the non-Windows implementation
+// of CheckSystemDriveAndRemoveDriveLetter
+func checkSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
+	return path, nil
+}
diff --git a/pkg/system/path_windows.go b/pkg/system/path_windows.go
index 188f2c2957a48..7d375b0ddc3f3 100644
--- a/pkg/system/path_windows.go
+++ b/pkg/system/path_windows.go
@@ -1,24 +1,48 @@
 package system // import "github.com/docker/docker/pkg/system"
 
-import "syscall"
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"golang.org/x/sys/windows"
+)
 
 // GetLongPathName converts Windows short pathnames to full pathnames.
 // For example C:\Users\ADMIN~1 --> C:\Users\Administrator.
 // It is a no-op on non-Windows platforms
 func GetLongPathName(path string) (string, error) {
 	// See https://groups.google.com/forum/#!topic/golang-dev/1tufzkruoTg
-	p := syscall.StringToUTF16(path)
+	p, err := windows.UTF16FromString(path)
+	if err != nil {
+		return "", err
+	}
 	b := p // GetLongPathName says we can reuse buffer
-	n, err := syscall.GetLongPathName(&p[0], &b[0], uint32(len(b)))
+	n, err := windows.GetLongPathName(&p[0], &b[0], uint32(len(b)))
 	if err != nil {
 		return "", err
 	}
 	if n > uint32(len(b)) {
 		b = make([]uint16, n)
-		_, err = syscall.GetLongPathName(&p[0], &b[0], uint32(len(b)))
+		_, err = windows.GetLongPathName(&p[0], &b[0], uint32(len(b)))
 		if err != nil {
 			return "", err
 		}
 	}
-	return syscall.UTF16ToString(b), nil
+	return windows.UTF16ToString(b), nil
+}
+
+// checkSystemDriveAndRemoveDriveLetter is the Windows implementation
+// of CheckSystemDriveAndRemoveDriveLetter
+func checkSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
+	if len(path) == 2 && string(path[1]) == ":" {
+		return "", fmt.Errorf("No relative path specified in %q", path)
+	}
+	if !driver.IsAbs(path) || len(path) < 2 {
+		return filepath.FromSlash(path), nil
+	}
+	if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
+		return "", fmt.Errorf("The specified path is not on the system drive (C:)")
+	}
+	return filepath.FromSlash(path[2:]), nil
 }
diff --git a/pkg/system/path_windows_test.go b/pkg/system/path_windows_test.go
index 974707eb71831..5ba2c84e39bf4 100644
--- a/pkg/system/path_windows_test.go
+++ b/pkg/system/path_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package system // import "github.com/docker/docker/pkg/system"
@@ -12,7 +13,7 @@ import (
 func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	// Fails if not C drive.
 	_, err := CheckSystemDriveAndRemoveDriveLetter(`d:\`, pathdriver.LocalPathDriver)
-	if err == nil || (err != nil && err.Error() != "The specified path is not on the system drive (C:)") {
+	if err == nil || err.Error() != "The specified path is not on the system drive (C:)" {
 		t.Fatalf("Expected error for d:")
 	}
 
diff --git a/pkg/system/process_unix.go b/pkg/system/process_unix.go
index 0195a891b27c0..d2ab9c3d7e03c 100644
--- a/pkg/system/process_unix.go
+++ b/pkg/system/process_unix.go
@@ -1,8 +1,12 @@
+//go:build linux || freebsd || darwin
 // +build linux freebsd darwin
 
 package system // import "github.com/docker/docker/pkg/system"
 
 import (
+	"fmt"
+	"os"
+	"strings"
 	"syscall"
 
 	"golang.org/x/sys/unix"
@@ -22,3 +26,20 @@ func IsProcessAlive(pid int) bool {
 func KillProcess(pid int) {
 	unix.Kill(pid, unix.SIGKILL)
 }
+
+// IsProcessZombie return true if process has a state with "Z"
+// http://man7.org/linux/man-pages/man5/proc.5.html
+func IsProcessZombie(pid int) (bool, error) {
+	statPath := fmt.Sprintf("/proc/%d/stat", pid)
+	dataBytes, err := os.ReadFile(statPath)
+	if err != nil {
+		return false, err
+	}
+	data := string(dataBytes)
+	sdata := strings.SplitN(data, " ", 4)
+	if len(sdata) >= 3 && sdata[2] == "Z" {
+		return true, nil
+	}
+
+	return false, nil
+}
diff --git a/pkg/system/process_windows.go b/pkg/system/process_windows.go
index 4e70c97b18f0f..09bdfa0ca0aa8 100644
--- a/pkg/system/process_windows.go
+++ b/pkg/system/process_windows.go
@@ -13,6 +13,6 @@ func IsProcessAlive(pid int) bool {
 func KillProcess(pid int) {
 	p, err := os.FindProcess(pid)
 	if err == nil {
-		p.Kill()
+		_ = p.Kill()
 	}
 }
diff --git a/pkg/system/rm.go b/pkg/system/rm.go
index b3109918004a6..f2d81597c9dc2 100644
--- a/pkg/system/rm.go
+++ b/pkg/system/rm.go
@@ -1,3 +1,6 @@
+//go:build !darwin && !windows
+// +build !darwin,!windows
+
 package system // import "github.com/docker/docker/pkg/system"
 
 import (
@@ -5,7 +8,7 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/docker/docker/pkg/mount"
+	"github.com/moby/sys/mount"
 	"github.com/pkg/errors"
 )
 
@@ -63,12 +66,8 @@ func EnsureRemoveAll(dir string) error {
 			return err
 		}
 
-		if mounted, _ := mount.Mounted(pe.Path); mounted {
-			if e := mount.Unmount(pe.Path); e != nil {
-				if mounted, _ := mount.Mounted(pe.Path); mounted {
-					return errors.Wrapf(e, "error while removing %s", dir)
-				}
-			}
+		if e := mount.Unmount(pe.Path); e != nil {
+			return errors.Wrapf(e, "error while removing %s", dir)
 		}
 
 		if exitOnErr[pe.Path] == maxRetry {
diff --git a/pkg/system/rm_nodarwin_test.go b/pkg/system/rm_nodarwin_test.go
new file mode 100644
index 0000000000000..f29137ca879b6
--- /dev/null
+++ b/pkg/system/rm_nodarwin_test.go
@@ -0,0 +1,37 @@
+//go:build !darwin
+// +build !darwin
+
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"os"
+	"testing"
+)
+
+func TestEnsureRemoveAllNotExist(t *testing.T) {
+	// should never return an error for a non-existent path
+	if err := EnsureRemoveAll("/non/existent/path"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEnsureRemoveAllWithDir(t *testing.T) {
+	dir, err := os.MkdirTemp("", "test-ensure-removeall-with-dir")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := EnsureRemoveAll(dir); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEnsureRemoveAllWithFile(t *testing.T) {
+	tmp, err := os.CreateTemp("", "test-ensure-removeall-with-dir")
+	if err != nil {
+		t.Fatal(err)
+	}
+	tmp.Close()
+	if err := EnsureRemoveAll(tmp.Name()); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/pkg/system/rm_test.go b/pkg/system/rm_test.go
index 0448aac619de1..f3d0390e394bc 100644
--- a/pkg/system/rm_test.go
+++ b/pkg/system/rm_test.go
@@ -1,54 +1,26 @@
+//go:build !darwin && !windows
+// +build !darwin,!windows
+
 package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
-	"runtime"
 	"testing"
 	"time"
 
-	"github.com/docker/docker/pkg/mount"
-	"gotest.tools/skip"
+	"github.com/moby/sys/mount"
+	"gotest.tools/v3/skip"
 )
 
-func TestEnsureRemoveAllNotExist(t *testing.T) {
-	// should never return an error for a non-existent path
-	if err := EnsureRemoveAll("/non/existent/path"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestEnsureRemoveAllWithDir(t *testing.T) {
-	dir, err := ioutil.TempDir("", "test-ensure-removeall-with-dir")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := EnsureRemoveAll(dir); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestEnsureRemoveAllWithFile(t *testing.T) {
-	tmp, err := ioutil.TempFile("", "test-ensure-removeall-with-dir")
-	if err != nil {
-		t.Fatal(err)
-	}
-	tmp.Close()
-	if err := EnsureRemoveAll(tmp.Name()); err != nil {
-		t.Fatal(err)
-	}
-}
-
 func TestEnsureRemoveAllWithMount(t *testing.T) {
-	skip.If(t, runtime.GOOS == "windows", "mount not supported on Windows")
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 
-	dir1, err := ioutil.TempDir("", "test-ensure-removeall-with-dir1")
+	dir1, err := os.MkdirTemp("", "test-ensure-removeall-with-dir1")
 	if err != nil {
 		t.Fatal(err)
 	}
-	dir2, err := ioutil.TempDir("", "test-ensure-removeall-with-dir2")
+	dir2, err := os.MkdirTemp("", "test-ensure-removeall-with-dir2")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -63,7 +35,7 @@ func TestEnsureRemoveAllWithMount(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	done := make(chan struct{})
+	done := make(chan struct{}, 1)
 	go func() {
 		err = EnsureRemoveAll(dir1)
 		close(done)
diff --git a/pkg/system/rm_windows.go b/pkg/system/rm_windows.go
new file mode 100644
index 0000000000000..ed9c5dcb8ae9a
--- /dev/null
+++ b/pkg/system/rm_windows.go
@@ -0,0 +1,6 @@
+package system
+
+import "os"
+
+// EnsureRemoveAll is an alias to os.RemoveAll on Windows
+var EnsureRemoveAll = os.RemoveAll
diff --git a/pkg/system/stat_bsd.go b/pkg/system/stat_bsd.go
new file mode 100644
index 0000000000000..8e61d820f02bb
--- /dev/null
+++ b/pkg/system/stat_bsd.go
@@ -0,0 +1,16 @@
+//go:build freebsd || netbsd
+// +build freebsd netbsd
+
+package system // import "github.com/docker/docker/pkg/system"
+
+import "syscall"
+
+// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return &StatT{size: s.Size,
+		mode: uint32(s.Mode),
+		uid:  s.Uid,
+		gid:  s.Gid,
+		rdev: uint64(s.Rdev),
+		mtim: s.Mtimespec}, nil
+}
diff --git a/pkg/system/stat_freebsd.go b/pkg/system/stat_freebsd.go
deleted file mode 100644
index c1c0ee9f3865c..0000000000000
--- a/pkg/system/stat_freebsd.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import "syscall"
-
-// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
-func fromStatT(s *syscall.Stat_t) (*StatT, error) {
-	return &StatT{size: s.Size,
-		mode: uint32(s.Mode),
-		uid:  s.Uid,
-		gid:  s.Gid,
-		rdev: uint64(s.Rdev),
-		mtim: s.Mtimespec}, nil
-}
diff --git a/pkg/system/stat_linux.go b/pkg/system/stat_linux.go
index 98c9eb18d18d8..3ac02393f0a0a 100644
--- a/pkg/system/stat_linux.go
+++ b/pkg/system/stat_linux.go
@@ -8,7 +8,8 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 		mode: s.Mode,
 		uid:  s.Uid,
 		gid:  s.Gid,
-		rdev: s.Rdev,
+		// the type is 32bit on mips
+		rdev: uint64(s.Rdev), //nolint: unconvert
 		mtim: s.Mtim}, nil
 }
 
diff --git a/pkg/system/stat_solaris.go b/pkg/system/stat_solaris.go
index 756b92d1e6cf6..6a51ccd64233c 100644
--- a/pkg/system/stat_solaris.go
+++ b/pkg/system/stat_solaris.go
@@ -5,9 +5,9 @@ import "syscall"
 // fromStatT converts a syscall.Stat_t type to a system.Stat_t type
 func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 	return &StatT{size: s.Size,
-		mode: uint32(s.Mode),
+		mode: s.Mode,
 		uid:  s.Uid,
 		gid:  s.Gid,
-		rdev: uint64(s.Rdev),
+		rdev: s.Rdev,
 		mtim: s.Mtim}, nil
 }
diff --git a/pkg/system/stat_unix.go b/pkg/system/stat_unix.go
index 3d7e2ebbefafe..a45ffddf7500d 100644
--- a/pkg/system/stat_unix.go
+++ b/pkg/system/stat_unix.go
@@ -1,8 +1,10 @@
+//go:build !windows
 // +build !windows
 
 package system // import "github.com/docker/docker/pkg/system"
 
 import (
+	"os"
 	"syscall"
 )
 
@@ -59,7 +61,7 @@ func (s StatT) IsDir() bool {
 func Stat(path string) (*StatT, error) {
 	s := &syscall.Stat_t{}
 	if err := syscall.Stat(path, s); err != nil {
-		return nil, err
+		return nil, &os.PathError{Op: "Stat", Path: path, Err: err}
 	}
 	return fromStatT(s)
 }
diff --git a/pkg/system/stat_unix_test.go b/pkg/system/stat_unix_test.go
index 44e048f2a7230..416b07eaa5d83 100644
--- a/pkg/system/stat_unix_test.go
+++ b/pkg/system/stat_unix_test.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package system // import "github.com/docker/docker/pkg/system"
@@ -7,7 +8,7 @@ import (
 	"syscall"
 	"testing"
 
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 // TestFromStatT tests fromStatT for a tempfile
@@ -31,7 +32,8 @@ func TestFromStatT(t *testing.T) {
 	if stat.Gid != s.GID() {
 		t.Fatal("got invalid gid")
 	}
-	if stat.Rdev != s.Rdev() {
+	//nolint:unconvert // conversion needed to fix mismatch types on mips64el
+	if uint64(stat.Rdev) != s.Rdev() {
 		t.Fatal("got invalid rdev")
 	}
 	if stat.Mtim != s.Mtim() {
diff --git a/pkg/system/syscall_unix.go b/pkg/system/syscall_unix.go
deleted file mode 100644
index 919a412a7b308..0000000000000
--- a/pkg/system/syscall_unix.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// +build linux freebsd
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import "golang.org/x/sys/unix"
-
-// Unmount is a platform-specific helper function to call
-// the unmount syscall.
-func Unmount(dest string) error {
-	return unix.Unmount(dest, 0)
-}
-
-// CommandLineToArgv should not be used on Unix.
-// It simply returns commandLine in the only element in the returned array.
-func CommandLineToArgv(commandLine string) ([]string, error) {
-	return []string{commandLine}, nil
-}
diff --git a/pkg/system/syscall_windows.go b/pkg/system/syscall_windows.go
index 4ae92fa6c7d7b..afebed74d7484 100644
--- a/pkg/system/syscall_windows.go
+++ b/pkg/system/syscall_windows.go
@@ -1,8 +1,6 @@
 package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"fmt"
-	"syscall"
 	"unsafe"
 
 	"github.com/sirupsen/logrus"
@@ -10,66 +8,24 @@ import (
 )
 
 const (
-	OWNER_SECURITY_INFORMATION               = 0x00000001
-	GROUP_SECURITY_INFORMATION               = 0x00000002
-	DACL_SECURITY_INFORMATION                = 0x00000004
-	SACL_SECURITY_INFORMATION                = 0x00000008
-	LABEL_SECURITY_INFORMATION               = 0x00000010
-	ATTRIBUTE_SECURITY_INFORMATION           = 0x00000020
-	SCOPE_SECURITY_INFORMATION               = 0x00000040
-	PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00000080
-	ACCESS_FILTER_SECURITY_INFORMATION       = 0x00000100
-	BACKUP_SECURITY_INFORMATION              = 0x00010000
-	PROTECTED_DACL_SECURITY_INFORMATION      = 0x80000000
-	PROTECTED_SACL_SECURITY_INFORMATION      = 0x40000000
-	UNPROTECTED_DACL_SECURITY_INFORMATION    = 0x20000000
-	UNPROTECTED_SACL_SECURITY_INFORMATION    = 0x10000000
-)
-
-const (
-	SE_UNKNOWN_OBJECT_TYPE = iota
-	SE_FILE_OBJECT
-	SE_SERVICE
-	SE_PRINTER
-	SE_REGISTRY_KEY
-	SE_LMSHARE
-	SE_KERNEL_OBJECT
-	SE_WINDOW_OBJECT
-	SE_DS_OBJECT
-	SE_DS_OBJECT_ALL
-	SE_PROVIDER_DEFINED_OBJECT
-	SE_WMIGUID_OBJECT
-	SE_REGISTRY_WOW64_32KEY
-)
-
-const (
+	// Deprecated: use github.com/docker/pkg/idtools.SeTakeOwnershipPrivilege
 	SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
 )
 
 const (
+	// Deprecated: use github.com/docker/pkg/idtools.ContainerAdministratorSidString
 	ContainerAdministratorSidString = "S-1-5-93-2-1"
-	ContainerUserSidString          = "S-1-5-93-2-2"
+	// Deprecated: use github.com/docker/pkg/idtools.ContainerUserSidString
+	ContainerUserSidString = "S-1-5-93-2-2"
 )
 
 var (
-	ntuserApiset                  = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
-	modadvapi32                   = windows.NewLazySystemDLL("advapi32.dll")
-	procGetVersionExW             = modkernel32.NewProc("GetVersionExW")
-	procGetProductInfo            = modkernel32.NewProc("GetProductInfo")
-	procSetNamedSecurityInfo      = modadvapi32.NewProc("SetNamedSecurityInfoW")
-	procGetSecurityDescriptorDacl = modadvapi32.NewProc("GetSecurityDescriptorDacl")
+	ntuserApiset      = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
+	procGetVersionExW = modkernel32.NewProc("GetVersionExW")
 )
 
-// OSVersion is a wrapper for Windows version information
-// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
-type OSVersion struct {
-	Version      uint32
-	MajorVersion uint8
-	MinorVersion uint8
-	Build        uint16
-}
-
-// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa
+// TODO: use golang.org/x/sys/windows.OsVersionInfoEx (needs OSVersionInfoSize to be exported)
 type osVersionInfoEx struct {
 	OSVersionInfoSize uint32
 	MajorVersion      uint32
@@ -84,85 +40,21 @@ type osVersionInfoEx struct {
 	Reserve           byte
 }
 
-// GetOSVersion gets the operating system version on Windows. Note that
-// docker.exe must be manifested to get the correct version information.
-func GetOSVersion() OSVersion {
-	var err error
-	osv := OSVersion{}
-	osv.Version, err = windows.GetVersion()
-	if err != nil {
-		// GetVersion never fails.
-		panic(err)
-	}
-	osv.MajorVersion = uint8(osv.Version & 0xFF)
-	osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF)
-	osv.Build = uint16(osv.Version >> 16)
-	return osv
-}
-
-func (osv OSVersion) ToString() string {
-	return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build)
-}
-
-// IsWindowsClient returns true if the SKU is client
-// @engine maintainers - this function should not be removed or modified as it
-// is used to enforce licensing restrictions on Windows.
+// IsWindowsClient returns true if the SKU is client. It returns false on
+// Windows server, or if an error occurred when making the GetVersionExW
+// syscall.
 func IsWindowsClient() bool {
 	osviex := &osVersionInfoEx{OSVersionInfoSize: 284}
 	r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex)))
 	if r1 == 0 {
-		logrus.Warnf("GetVersionExW failed - assuming server SKU: %v", err)
+		logrus.WithError(err).Warn("GetVersionExW failed - assuming server SKU")
 		return false
 	}
-	const verNTWorkstation = 0x00000001
+	// VER_NT_WORKSTATION, see https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa
+	const verNTWorkstation = 0x00000001 // VER_NT_WORKSTATION
 	return osviex.ProductType == verNTWorkstation
 }
 
-// IsIoTCore returns true if the currently running image is based off of
-// Windows 10 IoT Core.
-// @engine maintainers - this function should not be removed or modified as it
-// is used to enforce licensing restrictions on Windows.
-func IsIoTCore() bool {
-	var returnedProductType uint32
-	r1, _, err := procGetProductInfo.Call(6, 1, 0, 0, uintptr(unsafe.Pointer(&returnedProductType)))
-	if r1 == 0 {
-		logrus.Warnf("GetProductInfo failed - assuming this is not IoT: %v", err)
-		return false
-	}
-	const productIoTUAP = 0x0000007B
-	const productIoTUAPCommercial = 0x00000083
-	return returnedProductType == productIoTUAP || returnedProductType == productIoTUAPCommercial
-}
-
-// Unmount is a platform-specific helper function to call
-// the unmount syscall. Not supported on Windows
-func Unmount(dest string) error {
-	return nil
-}
-
-// CommandLineToArgv wraps the Windows syscall to turn a commandline into an argument array.
-func CommandLineToArgv(commandLine string) ([]string, error) {
-	var argc int32
-
-	argsPtr, err := windows.UTF16PtrFromString(commandLine)
-	if err != nil {
-		return nil, err
-	}
-
-	argv, err := windows.CommandLineToArgv(argsPtr, &argc)
-	if err != nil {
-		return nil, err
-	}
-	defer windows.LocalFree(windows.Handle(uintptr(unsafe.Pointer(argv))))
-
-	newArgs := make([]string, argc)
-	for i, v := range (*argv)[:argc] {
-		newArgs[i] = string(windows.UTF16ToString((*v)[:]))
-	}
-
-	return newArgs, nil
-}
-
 // HasWin32KSupport determines whether containers that depend on win32k can
 // run on this machine. Win32k is the driver used to implement windowing.
 func HasWin32KSupport() bool {
@@ -171,23 +63,3 @@ func HasWin32KSupport() bool {
 	// APIs.
 	return ntuserApiset.Load() == nil
 }
-
-func SetNamedSecurityInfo(objectName *uint16, objectType uint32, securityInformation uint32, sidOwner *windows.SID, sidGroup *windows.SID, dacl *byte, sacl *byte) (result error) {
-	r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfo.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(sidOwner)), uintptr(unsafe.Pointer(sidGroup)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
-	if r0 != 0 {
-		result = syscall.Errno(r0)
-	}
-	return
-}
-
-func GetSecurityDescriptorDacl(securityDescriptor *byte, daclPresent *uint32, dacl **byte, daclDefaulted *uint32) (result error) {
-	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(daclPresent)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclDefaulted)), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			result = syscall.Errno(e1)
-		} else {
-			result = syscall.EINVAL
-		}
-	}
-	return
-}
diff --git a/pkg/system/umask.go b/pkg/system/umask.go
index 9912a2babb3fe..d4a15cbedc33b 100644
--- a/pkg/system/umask.go
+++ b/pkg/system/umask.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package system // import "github.com/docker/docker/pkg/system"
diff --git a/pkg/system/utimes_freebsd.go b/pkg/system/utimes_freebsd.go
deleted file mode 100644
index ed1b9fad59bbf..0000000000000
--- a/pkg/system/utimes_freebsd.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-// LUtimesNano is used to change access and modification time of the specified path.
-// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
-func LUtimesNano(path string, ts []syscall.Timespec) error {
-	var _path *byte
-	_path, err := unix.BytePtrFromString(path)
-	if err != nil {
-		return err
-	}
-
-	if _, _, err := unix.Syscall(unix.SYS_LUTIMES, uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), 0); err != 0 && err != unix.ENOSYS {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/system/utimes_linux.go b/pkg/system/utimes_linux.go
deleted file mode 100644
index 0afe854589f6a..0000000000000
--- a/pkg/system/utimes_linux.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-// LUtimesNano is used to change access and modification time of the specified path.
-// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
-func LUtimesNano(path string, ts []syscall.Timespec) error {
-	atFdCwd := unix.AT_FDCWD
-
-	var _path *byte
-	_path, err := unix.BytePtrFromString(path)
-	if err != nil {
-		return err
-	}
-	if _, _, err := unix.Syscall6(unix.SYS_UTIMENSAT, uintptr(atFdCwd), uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), unix.AT_SYMLINK_NOFOLLOW, 0, 0); err != 0 && err != unix.ENOSYS {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/system/utimes_unix.go b/pkg/system/utimes_unix.go
new file mode 100644
index 0000000000000..2768750a00bfb
--- /dev/null
+++ b/pkg/system/utimes_unix.go
@@ -0,0 +1,25 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+// LUtimesNano is used to change access and modification time of the specified path.
+// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
+func LUtimesNano(path string, ts []syscall.Timespec) error {
+	uts := []unix.Timespec{
+		unix.NsecToTimespec(syscall.TimespecToNsec(ts[0])),
+		unix.NsecToTimespec(syscall.TimespecToNsec(ts[1])),
+	}
+	err := unix.UtimesNanoAt(unix.AT_FDCWD, path, uts, unix.AT_SYMLINK_NOFOLLOW)
+	if err != nil && err != unix.ENOSYS {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/system/utimes_unix_test.go b/pkg/system/utimes_unix_test.go
index cc0e7cbf1f1cf..30482b7c074e3 100644
--- a/pkg/system/utimes_unix_test.go
+++ b/pkg/system/utimes_unix_test.go
@@ -1,9 +1,9 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"syscall"
@@ -12,13 +12,13 @@ import (
 
 // prepareFiles creates files for testing in the temp directory
 func prepareFiles(t *testing.T) (string, string, string, string) {
-	dir, err := ioutil.TempDir("", "docker-system-test")
+	dir, err := os.MkdirTemp("", "docker-system-test")
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	file := filepath.Join(dir, "exist")
-	if err := ioutil.WriteFile(file, []byte("hello"), 0644); err != nil {
+	if err := os.WriteFile(file, []byte("hello"), 0644); err != nil {
 		t.Fatal(err)
 	}
 
diff --git a/pkg/system/utimes_unsupported.go b/pkg/system/utimes_unsupported.go
index 095e072e1df34..bfed4af0325eb 100644
--- a/pkg/system/utimes_unsupported.go
+++ b/pkg/system/utimes_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !freebsd
 // +build !linux,!freebsd
 
 package system // import "github.com/docker/docker/pkg/system"
diff --git a/pkg/system/xattrs_linux.go b/pkg/system/xattrs_linux.go
index 66d4895b27ab6..95b609fe7a8bf 100644
--- a/pkg/system/xattrs_linux.go
+++ b/pkg/system/xattrs_linux.go
@@ -6,16 +6,24 @@ import "golang.org/x/sys/unix"
 // and associated with the given path in the file system.
 // It will returns a nil slice and nil error if the xattr is not set.
 func Lgetxattr(path string, attr string) ([]byte, error) {
+	// Start with a 128 length byte array
 	dest := make([]byte, 128)
 	sz, errno := unix.Lgetxattr(path, attr, dest)
-	if errno == unix.ENODATA {
-		return nil, nil
-	}
-	if errno == unix.ERANGE {
+
+	for errno == unix.ERANGE {
+		// Buffer too small, use zero-sized buffer to get the actual size
+		sz, errno = unix.Lgetxattr(path, attr, []byte{})
+		if errno != nil {
+			return nil, errno
+		}
 		dest = make([]byte, sz)
 		sz, errno = unix.Lgetxattr(path, attr, dest)
 	}
-	if errno != nil {
+
+	switch {
+	case errno == unix.ENODATA:
+		return nil, nil
+	case errno != nil:
 		return nil, errno
 	}
 
diff --git a/pkg/system/xattrs_unsupported.go b/pkg/system/xattrs_unsupported.go
index d780a90cd383c..b165a5dbfe93d 100644
--- a/pkg/system/xattrs_unsupported.go
+++ b/pkg/system/xattrs_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package system // import "github.com/docker/docker/pkg/system"
diff --git a/pkg/tailfile/tailfile.go b/pkg/tailfile/tailfile.go
index c82fe603f663c..90f5a7f360f22 100644
--- a/pkg/tailfile/tailfile.go
+++ b/pkg/tailfile/tailfile.go
@@ -18,7 +18,7 @@ var eol = []byte("\n")
 // ErrNonPositiveLinesNumber is an error returned if the lines number was negative.
 var ErrNonPositiveLinesNumber = errors.New("The number of lines to extract from the file must be positive")
 
-//TailFile returns last n lines of the passed in file.
+// TailFile returns last n lines of the passed in file.
 func TailFile(f *os.File, n int) ([][]byte, error) {
 	size, err := f.Seek(0, io.SeekEnd)
 	if err != nil {
@@ -127,7 +127,6 @@ type scanner struct {
 	delim []byte
 	err   error
 	idx   int
-	done  bool
 }
 
 func (s *scanner) Start(ctx context.Context) int64 {
diff --git a/pkg/tailfile/tailfile_test.go b/pkg/tailfile/tailfile_test.go
index 4dde90f9e3a30..15c8acfe01762 100644
--- a/pkg/tailfile/tailfile_test.go
+++ b/pkg/tailfile/tailfile_test.go
@@ -6,16 +6,15 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestTailFile(t *testing.T) {
-	f, err := ioutil.TempFile("", "tail-test")
+	f, err := os.CreateTemp("", "tail-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -69,7 +68,7 @@ truncated line`)
 }
 
 func TestTailFileManyLines(t *testing.T) {
-	f, err := ioutil.TempFile("", "tail-test")
+	f, err := os.CreateTemp("", "tail-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -100,7 +99,7 @@ truncated line`)
 }
 
 func TestTailEmptyFile(t *testing.T) {
-	f, err := ioutil.TempFile("", "tail-test")
+	f, err := os.CreateTemp("", "tail-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -116,7 +115,7 @@ func TestTailEmptyFile(t *testing.T) {
 }
 
 func TestTailNegativeN(t *testing.T) {
-	f, err := ioutil.TempFile("", "tail-test")
+	f, err := os.CreateTemp("", "tail-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -140,7 +139,7 @@ truncated line`)
 }
 
 func BenchmarkTail(b *testing.B) {
-	f, err := ioutil.TempFile("", "tail-test")
+	f, err := os.CreateTemp("", "tail-test")
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -232,11 +231,11 @@ func TestNewTailReader(t *testing.T) {
 								assert.Assert(t, lines == 0)
 								return
 							}
-							assert.Assert(t, err)
+							assert.NilError(t, err)
 							assert.Check(t, lines == i, "%d -- %d", lines, i)
 
-							b, err := ioutil.ReadAll(tr)
-							assert.Assert(t, err)
+							b, err := io.ReadAll(tr)
+							assert.NilError(t, err)
 
 							expectLines := test.data[len(test.data)-i:]
 							assert.Check(t, len(expectLines) == i)
@@ -260,10 +259,10 @@ func TestNewTailReader(t *testing.T) {
 							return
 						}
 
-						assert.Assert(t, err)
+						assert.NilError(t, err)
 						assert.Check(t, lines == len(test.data), "%d -- %d", lines, len(test.data))
-						b, err := ioutil.ReadAll(tr)
-						assert.Assert(t, err)
+						b, err := io.ReadAll(tr)
+						assert.NilError(t, err)
 						assert.Check(t, bytes.Equal(b, []byte(s)), "\n%v\n%v", b, []byte(s))
 					})
 				})
@@ -273,16 +272,16 @@ func TestNewTailReader(t *testing.T) {
 	t.Run("truncated last line", func(t *testing.T) {
 		t.Run("more than available", func(t *testing.T) {
 			tail, nLines, err := NewTailReader(ctx, strings.NewReader("a\nb\nextra"), 3)
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 			assert.Check(t, nLines == 2, nLines)
 
 			rdr := bufio.NewReader(tail)
 			data, _, err := rdr.ReadLine()
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 			assert.Check(t, string(data) == "a", string(data))
 
 			data, _, err = rdr.ReadLine()
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 			assert.Check(t, string(data) == "b", string(data))
 
 			_, _, err = rdr.ReadLine()
@@ -292,16 +291,16 @@ func TestNewTailReader(t *testing.T) {
 	t.Run("truncated last line", func(t *testing.T) {
 		t.Run("exact", func(t *testing.T) {
 			tail, nLines, err := NewTailReader(ctx, strings.NewReader("a\nb\nextra"), 2)
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 			assert.Check(t, nLines == 2, nLines)
 
 			rdr := bufio.NewReader(tail)
 			data, _, err := rdr.ReadLine()
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 			assert.Check(t, string(data) == "a", string(data))
 
 			data, _, err = rdr.ReadLine()
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 			assert.Check(t, string(data) == "b", string(data))
 
 			_, _, err = rdr.ReadLine()
@@ -312,12 +311,12 @@ func TestNewTailReader(t *testing.T) {
 	t.Run("truncated last line", func(t *testing.T) {
 		t.Run("one line", func(t *testing.T) {
 			tail, nLines, err := NewTailReader(ctx, strings.NewReader("a\nb\nextra"), 1)
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 			assert.Check(t, nLines == 1, nLines)
 
 			rdr := bufio.NewReader(tail)
 			data, _, err := rdr.ReadLine()
-			assert.Assert(t, err)
+			assert.NilError(t, err)
 			assert.Check(t, string(data) == "b", string(data))
 
 			_, _, err = rdr.ReadLine()
diff --git a/pkg/tarsum/builder_context_test.go b/pkg/tarsum/builder_context_test.go
index 86adb442d609e..0d69d3127b250 100644
--- a/pkg/tarsum/builder_context_test.go
+++ b/pkg/tarsum/builder_context_test.go
@@ -2,7 +2,6 @@ package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 import (
 	"io"
-	"io/ioutil"
 	"os"
 	"testing"
 )
@@ -22,7 +21,7 @@ func TestTarSumRemoveNonExistent(t *testing.T) {
 	}
 
 	// Read and discard bytes so that it populates sums
-	_, err = io.Copy(ioutil.Discard, ts)
+	_, err = io.Copy(io.Discard, ts)
 	if err != nil {
 		t.Errorf("failed to read from %s: %s", filename, err)
 	}
@@ -52,7 +51,7 @@ func TestTarSumRemove(t *testing.T) {
 	}
 
 	// Read and discard bytes so that it populates sums
-	_, err = io.Copy(ioutil.Discard, ts)
+	_, err = io.Copy(io.Discard, ts)
 	if err != nil {
 		t.Errorf("failed to read from %s: %s", filename, err)
 	}
diff --git a/pkg/tarsum/tarsum_test.go b/pkg/tarsum/tarsum_test.go
index 97ece8506cb24..1945f4a5cfe8f 100644
--- a/pkg/tarsum/tarsum_test.go
+++ b/pkg/tarsum/tarsum_test.go
@@ -4,21 +4,20 @@ import (
 	"archive/tar"
 	"bytes"
 	"compress/gzip"
-	"crypto/md5"
+	"crypto/md5" // #nosec G501
 	"crypto/rand"
-	"crypto/sha1"
+	"crypto/sha1" // #nosec G505
 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 type testLayer struct {
@@ -127,7 +126,7 @@ func sizedTar(opts sizedOptions) io.Reader {
 		err error
 	)
 	if opts.realFile {
-		fh, err = ioutil.TempFile("", "tarsum")
+		fh, err = os.CreateTemp("", "tarsum")
 		if err != nil {
 			return nil
 		}
@@ -366,7 +365,7 @@ func TestTarSums(t *testing.T) {
 		}
 
 		// Read and discard remaining bytes
-		_, err = io.Copy(ioutil.Discard, ts)
+		_, err = io.Copy(io.Discard, ts)
 		if err != nil {
 			t.Errorf("failed to copy from %s: %s", layer.filename, err)
 			continue
@@ -380,7 +379,7 @@ func TestTarSums(t *testing.T) {
 			}
 			defer jfh.Close()
 
-			buf, err := ioutil.ReadAll(jfh)
+			buf, err := io.ReadAll(jfh)
 			if err != nil {
 				t.Errorf("failed to readAll %s: %s", layer.jsonfile, err)
 				continue
@@ -545,7 +544,7 @@ func renderSumForHeader(v Version, h *tar.Header, data []byte) (string, error) {
 		if err != nil {
 			return "", err
 		}
-		if _, err = io.Copy(ioutil.Discard, tr); err != nil {
+		if _, err = io.Copy(io.Discard, tr); err != nil {
 			return "", err
 		}
 	}
@@ -578,7 +577,7 @@ func Benchmark9kTar(b *testing.B) {
 			b.Error(err)
 			return
 		}
-		io.Copy(ioutil.Discard, ts)
+		io.Copy(io.Discard, ts)
 		ts.Sum(nil)
 	}
 }
@@ -609,7 +608,7 @@ func Benchmark9kTarGzip(b *testing.B) {
 			b.Error(err)
 			return
 		}
-		io.Copy(ioutil.Discard, ts)
+		io.Copy(io.Discard, ts)
 		ts.Sum(nil)
 	}
 }
@@ -651,7 +650,7 @@ func benchmarkTar(b *testing.B, opts sizedOptions, isGzip bool) {
 			b.Error(err)
 			return
 		}
-		io.Copy(ioutil.Discard, ts)
+		io.Copy(io.Discard, ts)
 		ts.Sum(nil)
 		fh.Seek(0, 0)
 	}
diff --git a/pkg/term/ascii_test.go b/pkg/term/ascii_test.go
deleted file mode 100644
index 665ab1552ff04..0000000000000
--- a/pkg/term/ascii_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package term // import "github.com/docker/docker/pkg/term"
-
-import (
-	"testing"
-
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-)
-
-func TestToBytes(t *testing.T) {
-	codes, err := ToBytes("ctrl-a,a")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual([]byte{1, 97}, codes))
-
-	_, err = ToBytes("shift-z")
-	assert.Check(t, is.ErrorContains(err, ""))
-
-	codes, err = ToBytes("ctrl-@,ctrl-[,~,ctrl-o")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual([]byte{0, 27, 126, 15}, codes))
-
-	codes, err = ToBytes("DEL,+")
-	assert.NilError(t, err)
-	assert.Check(t, is.DeepEqual([]byte{127, 43}, codes))
-}
diff --git a/pkg/term/deprecated.go b/pkg/term/deprecated.go
new file mode 100644
index 0000000000000..4d18168fc28fb
--- /dev/null
+++ b/pkg/term/deprecated.go
@@ -0,0 +1,84 @@
+// Package term provides structures and helper functions to work with
+// terminal (state, sizes).
+//
+// Deprecated: use github.com/moby/term instead
+package term // import "github.com/docker/docker/pkg/term"
+
+import (
+	"github.com/moby/term"
+)
+
+// EscapeError is special error which returned by a TTY proxy reader's Read()
+// method in case its detach escape sequence is read.
+// Deprecated: use github.com/moby/term.EscapeError
+type EscapeError = term.EscapeError
+
+// State represents the state of the terminal.
+// Deprecated: use github.com/moby/term.State
+type State = term.State
+
+// Winsize represents the size of the terminal window.
+// Deprecated: use github.com/moby/term.Winsize
+type Winsize = term.Winsize
+
+var (
+	// ASCII list the possible supported ASCII key sequence
+	ASCII = term.ASCII
+
+	// ToBytes converts a string representing a suite of key-sequence to the corresponding ASCII code.
+	// Deprecated: use github.com/moby/term.ToBytes
+	ToBytes = term.ToBytes
+
+	// StdStreams returns the standard streams (stdin, stdout, stderr).
+	// Deprecated: use github.com/moby/term.StdStreams
+	StdStreams = term.StdStreams
+
+	// GetFdInfo returns the file descriptor for an os.File and indicates whether the file represents a terminal.
+	// Deprecated: use github.com/moby/term.GetFdInfo
+	GetFdInfo = term.GetFdInfo
+
+	// GetWinsize returns the window size based on the specified file descriptor.
+	// Deprecated: use github.com/moby/term.GetWinsize
+	GetWinsize = term.GetWinsize
+
+	// IsTerminal returns true if the given file descriptor is a terminal.
+	// Deprecated: use github.com/moby/term.IsTerminal
+	IsTerminal = term.IsTerminal
+
+	// RestoreTerminal restores the terminal connected to the given file descriptor
+	// to a previous state.
+	// Deprecated: use github.com/moby/term.RestoreTerminal
+	RestoreTerminal = term.RestoreTerminal
+
+	// SaveState saves the state of the terminal connected to the given file descriptor.
+	// Deprecated: use github.com/moby/term.SaveState
+	SaveState = term.SaveState
+
+	// DisableEcho applies the specified state to the terminal connected to the file
+	// descriptor, with echo disabled.
+	// Deprecated: use github.com/moby/term.DisableEcho
+	DisableEcho = term.DisableEcho
+
+	// SetRawTerminal puts the terminal connected to the given file descriptor into
+	// raw mode and returns the previous state. On UNIX, this puts both the input
+	// and output into raw mode. On Windows, it only puts the input into raw mode.
+	// Deprecated: use github.com/moby/term.SetRawTerminal
+	SetRawTerminal = term.SetRawTerminal
+
+	// SetRawTerminalOutput puts the output of terminal connected to the given file
+	// descriptor into raw mode. On UNIX, this does nothing and returns nil for the
+	// state. On Windows, it disables LF -> CRLF translation.
+	// Deprecated: use github.com/moby/term.SetRawTerminalOutput
+	SetRawTerminalOutput = term.SetRawTerminalOutput
+
+	// MakeRaw puts the terminal connected to the given file descriptor into raw
+	// mode and returns the previous state of the terminal so that it can be restored.
+	// Deprecated: use github.com/moby/term.MakeRaw
+	MakeRaw = term.MakeRaw
+
+	// NewEscapeProxy returns a new TTY proxy reader which wraps the given reader
+	// and detects when the specified escape keys are read, in which case the Read
+	// method will return an error of type EscapeError.
+	// Deprecated: use github.com/moby/term.NewEscapeProxy
+	NewEscapeProxy = term.NewEscapeProxy
+)
diff --git a/pkg/term/deprecated_unix.go b/pkg/term/deprecated_unix.go
new file mode 100644
index 0000000000000..2d3641dc158e9
--- /dev/null
+++ b/pkg/term/deprecated_unix.go
@@ -0,0 +1,21 @@
+//go:build !windows
+// +build !windows
+
+package term // import "github.com/docker/docker/pkg/term"
+
+import (
+	"github.com/moby/term"
+)
+
+// Termios is the Unix API for terminal I/O.
+// Deprecated: use github.com/moby/term.Termios
+type Termios = term.Termios
+
+var (
+	// ErrInvalidState is returned if the state of the terminal is invalid.
+	ErrInvalidState = term.ErrInvalidState
+
+	// SetWinsize tries to set the specified window size for the specified file descriptor.
+	// Deprecated: use github.com/moby/term.GetWinsize
+	SetWinsize = term.SetWinsize
+)
diff --git a/pkg/term/proxy.go b/pkg/term/proxy.go
deleted file mode 100644
index da733e58484c3..0000000000000
--- a/pkg/term/proxy.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package term // import "github.com/docker/docker/pkg/term"
-
-import (
-	"io"
-)
-
-// EscapeError is special error which returned by a TTY proxy reader's Read()
-// method in case its detach escape sequence is read.
-type EscapeError struct{}
-
-func (EscapeError) Error() string {
-	return "read escape sequence"
-}
-
-// escapeProxy is used only for attaches with a TTY. It is used to proxy
-// stdin keypresses from the underlying reader and look for the passed in
-// escape key sequence to signal a detach.
-type escapeProxy struct {
-	escapeKeys   []byte
-	escapeKeyPos int
-	r            io.Reader
-}
-
-// NewEscapeProxy returns a new TTY proxy reader which wraps the given reader
-// and detects when the specified escape keys are read, in which case the Read
-// method will return an error of type EscapeError.
-func NewEscapeProxy(r io.Reader, escapeKeys []byte) io.Reader {
-	return &escapeProxy{
-		escapeKeys: escapeKeys,
-		r:          r,
-	}
-}
-
-func (r *escapeProxy) Read(buf []byte) (int, error) {
-	nr, err := r.r.Read(buf)
-
-	if len(r.escapeKeys) == 0 {
-		return nr, err
-	}
-
-	preserve := func() {
-		// this preserves the original key presses in the passed in buffer
-		nr += r.escapeKeyPos
-		preserve := make([]byte, 0, r.escapeKeyPos+len(buf))
-		preserve = append(preserve, r.escapeKeys[:r.escapeKeyPos]...)
-		preserve = append(preserve, buf...)
-		r.escapeKeyPos = 0
-		copy(buf[0:nr], preserve)
-	}
-
-	if nr != 1 || err != nil {
-		if r.escapeKeyPos > 0 {
-			preserve()
-		}
-		return nr, err
-	}
-
-	if buf[0] != r.escapeKeys[r.escapeKeyPos] {
-		if r.escapeKeyPos > 0 {
-			preserve()
-		}
-		return nr, nil
-	}
-
-	if r.escapeKeyPos == len(r.escapeKeys)-1 {
-		return 0, EscapeError{}
-	}
-
-	// Looks like we've got an escape key, but we need to match again on the next
-	// read.
-	// Store the current escape key we found so we can look for the next one on
-	// the next read.
-	// Since this is an escape key, make sure we don't let the caller read it
-	// If later on we find that this is not the escape sequence, we'll add the
-	// keys back
-	r.escapeKeyPos++
-	return nr - r.escapeKeyPos, nil
-}
diff --git a/pkg/term/proxy_test.go b/pkg/term/proxy_test.go
deleted file mode 100644
index df588fe15bb00..0000000000000
--- a/pkg/term/proxy_test.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package term // import "github.com/docker/docker/pkg/term"
-
-import (
-	"bytes"
-	"fmt"
-	"testing"
-
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-)
-
-func TestEscapeProxyRead(t *testing.T) {
-	escapeKeys, _ := ToBytes("")
-	keys, _ := ToBytes("a")
-	reader := NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf := make([]byte, len(keys))
-	nr, err := reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr %d should be equal to the number of %d", nr, len(keys)))
-	assert.DeepEqual(t, keys, buf)
-
-	keys, _ = ToBytes("a,b,c")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, len(keys))
-	nr, err = reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr %d should be equal to the number of %d", nr, len(keys)))
-	assert.DeepEqual(t, keys, buf)
-
-	keys, _ = ToBytes("")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, len(keys))
-	nr, err = reader.Read(buf)
-	assert.Assert(t, is.ErrorContains(err, ""), "Should throw error when no keys are to read")
-	assert.Equal(t, nr, 0, "nr should be zero")
-	assert.Check(t, is.Len(keys, 0))
-	assert.Check(t, is.Len(buf, 0))
-
-	escapeKeys, _ = ToBytes("DEL")
-	keys, _ = ToBytes("a,b,c,+")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, len(keys))
-	nr, err = reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr %d should be equal to the number of %d", nr, len(keys)))
-	assert.DeepEqual(t, keys, buf)
-
-	keys, _ = ToBytes("")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, len(keys))
-	nr, err = reader.Read(buf)
-	assert.Assert(t, is.ErrorContains(err, ""), "Should throw error when no keys are to read")
-	assert.Equal(t, nr, 0, "nr should be zero")
-	assert.Check(t, is.Len(keys, 0))
-	assert.Check(t, is.Len(buf, 0))
-
-	escapeKeys, _ = ToBytes("ctrl-x,ctrl-@")
-	keys, _ = ToBytes("DEL")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, len(keys))
-	nr, err = reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, 1, fmt.Sprintf("nr %d should be equal to the number of 1", nr))
-	assert.DeepEqual(t, keys, buf)
-
-	escapeKeys, _ = ToBytes("ctrl-c")
-	keys, _ = ToBytes("ctrl-c")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, len(keys))
-	nr, err = reader.Read(buf)
-	assert.Error(t, err, "read escape sequence")
-	assert.Equal(t, nr, 0, "nr should be equal to 0")
-	assert.DeepEqual(t, keys, buf)
-
-	escapeKeys, _ = ToBytes("ctrl-c,ctrl-z")
-	keys, _ = ToBytes("ctrl-c,ctrl-z")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, 1)
-	nr, err = reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, 0, "nr should be equal to 0")
-	assert.DeepEqual(t, keys[0:1], buf)
-	nr, err = reader.Read(buf)
-	assert.Error(t, err, "read escape sequence")
-	assert.Equal(t, nr, 0, "nr should be equal to 0")
-	assert.DeepEqual(t, keys[1:], buf)
-
-	escapeKeys, _ = ToBytes("ctrl-c,ctrl-z")
-	keys, _ = ToBytes("ctrl-c,DEL,+")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, 1)
-	nr, err = reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, 0, "nr should be equal to 0")
-	assert.DeepEqual(t, keys[0:1], buf)
-	buf = make([]byte, len(keys))
-	nr, err = reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr should be equal to %d", len(keys)))
-	assert.DeepEqual(t, keys, buf)
-
-	escapeKeys, _ = ToBytes("ctrl-c,ctrl-z")
-	keys, _ = ToBytes("ctrl-c,DEL")
-	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
-	buf = make([]byte, 1)
-	nr, err = reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, 0, "nr should be equal to 0")
-	assert.DeepEqual(t, keys[0:1], buf)
-	buf = make([]byte, len(keys))
-	nr, err = reader.Read(buf)
-	assert.NilError(t, err)
-	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr should be equal to %d", len(keys)))
-	assert.DeepEqual(t, keys, buf)
-}
diff --git a/pkg/term/tc.go b/pkg/term/tc.go
deleted file mode 100644
index 01bcaa8abb187..0000000000000
--- a/pkg/term/tc.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// +build !windows
-
-package term // import "github.com/docker/docker/pkg/term"
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-func tcget(fd uintptr, p *Termios) syscall.Errno {
-	_, _, err := unix.Syscall(unix.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(p)))
-	return err
-}
-
-func tcset(fd uintptr, p *Termios) syscall.Errno {
-	_, _, err := unix.Syscall(unix.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(p)))
-	return err
-}
diff --git a/pkg/term/term_linux_test.go b/pkg/term/term_linux_test.go
deleted file mode 100644
index 272395a10ea46..0000000000000
--- a/pkg/term/term_linux_test.go
+++ /dev/null
@@ -1,117 +0,0 @@
-//+build linux
-
-package term // import "github.com/docker/docker/pkg/term"
-
-import (
-	"io/ioutil"
-	"os"
-	"testing"
-
-	"github.com/google/go-cmp/cmp"
-	"gotest.tools/assert"
-)
-
-// RequiresRoot skips tests that require root, unless the test.root flag has
-// been set
-func RequiresRoot(t *testing.T) {
-	if os.Getuid() != 0 {
-		t.Skip("skipping test that requires root")
-		return
-	}
-}
-
-func newTtyForTest(t *testing.T) (*os.File, error) {
-	RequiresRoot(t)
-	return os.OpenFile("/dev/tty", os.O_RDWR, os.ModeDevice)
-}
-
-func newTempFile() (*os.File, error) {
-	return ioutil.TempFile(os.TempDir(), "temp")
-}
-
-func TestGetWinsize(t *testing.T) {
-	tty, err := newTtyForTest(t)
-	defer tty.Close()
-	assert.NilError(t, err)
-	winSize, err := GetWinsize(tty.Fd())
-	assert.NilError(t, err)
-	assert.Assert(t, winSize != nil)
-
-	newSize := Winsize{Width: 200, Height: 200, x: winSize.x, y: winSize.y}
-	err = SetWinsize(tty.Fd(), &newSize)
-	assert.NilError(t, err)
-	winSize, err = GetWinsize(tty.Fd())
-	assert.NilError(t, err)
-	assert.DeepEqual(t, *winSize, newSize, cmpWinsize)
-}
-
-var cmpWinsize = cmp.AllowUnexported(Winsize{})
-
-func TestSetWinsize(t *testing.T) {
-	tty, err := newTtyForTest(t)
-	defer tty.Close()
-	assert.NilError(t, err)
-	winSize, err := GetWinsize(tty.Fd())
-	assert.NilError(t, err)
-	assert.Assert(t, winSize != nil)
-	newSize := Winsize{Width: 200, Height: 200, x: winSize.x, y: winSize.y}
-	err = SetWinsize(tty.Fd(), &newSize)
-	assert.NilError(t, err)
-	winSize, err = GetWinsize(tty.Fd())
-	assert.NilError(t, err)
-	assert.DeepEqual(t, *winSize, newSize, cmpWinsize)
-}
-
-func TestGetFdInfo(t *testing.T) {
-	tty, err := newTtyForTest(t)
-	defer tty.Close()
-	assert.NilError(t, err)
-	inFd, isTerminal := GetFdInfo(tty)
-	assert.Equal(t, inFd, tty.Fd())
-	assert.Equal(t, isTerminal, true)
-	tmpFile, err := newTempFile()
-	assert.NilError(t, err)
-	defer tmpFile.Close()
-	inFd, isTerminal = GetFdInfo(tmpFile)
-	assert.Equal(t, inFd, tmpFile.Fd())
-	assert.Equal(t, isTerminal, false)
-}
-
-func TestIsTerminal(t *testing.T) {
-	tty, err := newTtyForTest(t)
-	defer tty.Close()
-	assert.NilError(t, err)
-	isTerminal := IsTerminal(tty.Fd())
-	assert.Equal(t, isTerminal, true)
-	tmpFile, err := newTempFile()
-	assert.NilError(t, err)
-	defer tmpFile.Close()
-	isTerminal = IsTerminal(tmpFile.Fd())
-	assert.Equal(t, isTerminal, false)
-}
-
-func TestSaveState(t *testing.T) {
-	tty, err := newTtyForTest(t)
-	defer tty.Close()
-	assert.NilError(t, err)
-	state, err := SaveState(tty.Fd())
-	assert.NilError(t, err)
-	assert.Assert(t, state != nil)
-	tty, err = newTtyForTest(t)
-	assert.NilError(t, err)
-	defer tty.Close()
-	err = RestoreTerminal(tty.Fd(), state)
-	assert.NilError(t, err)
-}
-
-func TestDisableEcho(t *testing.T) {
-	tty, err := newTtyForTest(t)
-	defer tty.Close()
-	assert.NilError(t, err)
-	state, err := SetRawTerminal(tty.Fd())
-	defer RestoreTerminal(tty.Fd(), state)
-	assert.NilError(t, err)
-	assert.Assert(t, state != nil)
-	err = DisableEcho(tty.Fd(), state)
-	assert.NilError(t, err)
-}
diff --git a/pkg/term/term_windows.go b/pkg/term/term_windows.go
deleted file mode 100644
index a3c3db1315740..0000000000000
--- a/pkg/term/term_windows.go
+++ /dev/null
@@ -1,221 +0,0 @@
-package term // import "github.com/docker/docker/pkg/term"
-
-import (
-	"io"
-	"os"
-	"os/signal"
-	"syscall" // used for STD_INPUT_HANDLE, STD_OUTPUT_HANDLE and STD_ERROR_HANDLE
-
-	"github.com/Azure/go-ansiterm/winterm"
-	"github.com/docker/docker/pkg/term/windows"
-)
-
-// State holds the console mode for the terminal.
-type State struct {
-	mode uint32
-}
-
-// Winsize is used for window size.
-type Winsize struct {
-	Height uint16
-	Width  uint16
-}
-
-// vtInputSupported is true if winterm.ENABLE_VIRTUAL_TERMINAL_INPUT is supported by the console
-var vtInputSupported bool
-
-// StdStreams returns the standard streams (stdin, stdout, stderr).
-func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
-	// Turn on VT handling on all std handles, if possible. This might
-	// fail, in which case we will fall back to terminal emulation.
-	var emulateStdin, emulateStdout, emulateStderr bool
-	fd := os.Stdin.Fd()
-	if mode, err := winterm.GetConsoleMode(fd); err == nil {
-		// Validate that winterm.ENABLE_VIRTUAL_TERMINAL_INPUT is supported, but do not set it.
-		if err = winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_INPUT); err != nil {
-			emulateStdin = true
-		} else {
-			vtInputSupported = true
-		}
-		// Unconditionally set the console mode back even on failure because SetConsoleMode
-		// remembers invalid bits on input handles.
-		winterm.SetConsoleMode(fd, mode)
-	}
-
-	fd = os.Stdout.Fd()
-	if mode, err := winterm.GetConsoleMode(fd); err == nil {
-		// Validate winterm.DISABLE_NEWLINE_AUTO_RETURN is supported, but do not set it.
-		if err = winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_PROCESSING|winterm.DISABLE_NEWLINE_AUTO_RETURN); err != nil {
-			emulateStdout = true
-		} else {
-			winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_PROCESSING)
-		}
-	}
-
-	fd = os.Stderr.Fd()
-	if mode, err := winterm.GetConsoleMode(fd); err == nil {
-		// Validate winterm.DISABLE_NEWLINE_AUTO_RETURN is supported, but do not set it.
-		if err = winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_PROCESSING|winterm.DISABLE_NEWLINE_AUTO_RETURN); err != nil {
-			emulateStderr = true
-		} else {
-			winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_PROCESSING)
-		}
-	}
-
-	// Temporarily use STD_INPUT_HANDLE, STD_OUTPUT_HANDLE and
-	// STD_ERROR_HANDLE from syscall rather than x/sys/windows as long as
-	// go-ansiterm hasn't switch to x/sys/windows.
-	// TODO: switch back to x/sys/windows once go-ansiterm has switched
-	if emulateStdin {
-		stdIn = windowsconsole.NewAnsiReader(syscall.STD_INPUT_HANDLE)
-	} else {
-		stdIn = os.Stdin
-	}
-
-	if emulateStdout {
-		stdOut = windowsconsole.NewAnsiWriter(syscall.STD_OUTPUT_HANDLE)
-	} else {
-		stdOut = os.Stdout
-	}
-
-	if emulateStderr {
-		stdErr = windowsconsole.NewAnsiWriter(syscall.STD_ERROR_HANDLE)
-	} else {
-		stdErr = os.Stderr
-	}
-
-	return
-}
-
-// GetFdInfo returns the file descriptor for an os.File and indicates whether the file represents a terminal.
-func GetFdInfo(in interface{}) (uintptr, bool) {
-	return windowsconsole.GetHandleInfo(in)
-}
-
-// GetWinsize returns the window size based on the specified file descriptor.
-func GetWinsize(fd uintptr) (*Winsize, error) {
-	info, err := winterm.GetConsoleScreenBufferInfo(fd)
-	if err != nil {
-		return nil, err
-	}
-
-	winsize := &Winsize{
-		Width:  uint16(info.Window.Right - info.Window.Left + 1),
-		Height: uint16(info.Window.Bottom - info.Window.Top + 1),
-	}
-
-	return winsize, nil
-}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd uintptr) bool {
-	return windowsconsole.IsConsole(fd)
-}
-
-// RestoreTerminal restores the terminal connected to the given file descriptor
-// to a previous state.
-func RestoreTerminal(fd uintptr, state *State) error {
-	return winterm.SetConsoleMode(fd, state.mode)
-}
-
-// SaveState saves the state of the terminal connected to the given file descriptor.
-func SaveState(fd uintptr) (*State, error) {
-	mode, e := winterm.GetConsoleMode(fd)
-	if e != nil {
-		return nil, e
-	}
-
-	return &State{mode: mode}, nil
-}
-
-// DisableEcho disables echo for the terminal connected to the given file descriptor.
-// -- See https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx
-func DisableEcho(fd uintptr, state *State) error {
-	mode := state.mode
-	mode &^= winterm.ENABLE_ECHO_INPUT
-	mode |= winterm.ENABLE_PROCESSED_INPUT | winterm.ENABLE_LINE_INPUT
-	err := winterm.SetConsoleMode(fd, mode)
-	if err != nil {
-		return err
-	}
-
-	// Register an interrupt handler to catch and restore prior state
-	restoreAtInterrupt(fd, state)
-	return nil
-}
-
-// SetRawTerminal puts the terminal connected to the given file descriptor into
-// raw mode and returns the previous state. On UNIX, this puts both the input
-// and output into raw mode. On Windows, it only puts the input into raw mode.
-func SetRawTerminal(fd uintptr) (*State, error) {
-	state, err := MakeRaw(fd)
-	if err != nil {
-		return nil, err
-	}
-
-	// Register an interrupt handler to catch and restore prior state
-	restoreAtInterrupt(fd, state)
-	return state, err
-}
-
-// SetRawTerminalOutput puts the output of terminal connected to the given file
-// descriptor into raw mode. On UNIX, this does nothing and returns nil for the
-// state. On Windows, it disables LF -> CRLF translation.
-func SetRawTerminalOutput(fd uintptr) (*State, error) {
-	state, err := SaveState(fd)
-	if err != nil {
-		return nil, err
-	}
-
-	// Ignore failures, since winterm.DISABLE_NEWLINE_AUTO_RETURN might not be supported on this
-	// version of Windows.
-	winterm.SetConsoleMode(fd, state.mode|winterm.DISABLE_NEWLINE_AUTO_RETURN)
-	return state, err
-}
-
-// MakeRaw puts the terminal (Windows Console) connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be restored.
-func MakeRaw(fd uintptr) (*State, error) {
-	state, err := SaveState(fd)
-	if err != nil {
-		return nil, err
-	}
-
-	mode := state.mode
-
-	// See
-	// -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx
-	// -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx
-
-	// Disable these modes
-	mode &^= winterm.ENABLE_ECHO_INPUT
-	mode &^= winterm.ENABLE_LINE_INPUT
-	mode &^= winterm.ENABLE_MOUSE_INPUT
-	mode &^= winterm.ENABLE_WINDOW_INPUT
-	mode &^= winterm.ENABLE_PROCESSED_INPUT
-
-	// Enable these modes
-	mode |= winterm.ENABLE_EXTENDED_FLAGS
-	mode |= winterm.ENABLE_INSERT_MODE
-	mode |= winterm.ENABLE_QUICK_EDIT_MODE
-	if vtInputSupported {
-		mode |= winterm.ENABLE_VIRTUAL_TERMINAL_INPUT
-	}
-
-	err = winterm.SetConsoleMode(fd, mode)
-	if err != nil {
-		return nil, err
-	}
-	return state, nil
-}
-
-func restoreAtInterrupt(fd uintptr, state *State) {
-	sigchan := make(chan os.Signal, 1)
-	signal.Notify(sigchan, os.Interrupt)
-
-	go func() {
-		_ = <-sigchan
-		RestoreTerminal(fd, state)
-		os.Exit(0)
-	}()
-}
diff --git a/pkg/term/termios_bsd.go b/pkg/term/termios_bsd.go
deleted file mode 100644
index 48b16f52039ca..0000000000000
--- a/pkg/term/termios_bsd.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// +build darwin freebsd openbsd netbsd
-
-package term // import "github.com/docker/docker/pkg/term"
-
-import (
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	getTermios = unix.TIOCGETA
-	setTermios = unix.TIOCSETA
-)
-
-// Termios is the Unix API for terminal I/O.
-type Termios unix.Termios
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd uintptr) (*State, error) {
-	var oldState State
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, getTermios, uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
-		return nil, err
-	}
-
-	newState := oldState.termios
-	newState.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON)
-	newState.Oflag &^= unix.OPOST
-	newState.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN)
-	newState.Cflag &^= (unix.CSIZE | unix.PARENB)
-	newState.Cflag |= unix.CS8
-	newState.Cc[unix.VMIN] = 1
-	newState.Cc[unix.VTIME] = 0
-
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(&newState))); err != 0 {
-		return nil, err
-	}
-
-	return &oldState, nil
-}
diff --git a/pkg/term/termios_linux.go b/pkg/term/termios_linux.go
deleted file mode 100644
index 6d4c63fdb75e5..0000000000000
--- a/pkg/term/termios_linux.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package term // import "github.com/docker/docker/pkg/term"
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-const (
-	getTermios = unix.TCGETS
-	setTermios = unix.TCSETS
-)
-
-// Termios is the Unix API for terminal I/O.
-type Termios unix.Termios
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd uintptr) (*State, error) {
-	termios, err := unix.IoctlGetTermios(int(fd), getTermios)
-	if err != nil {
-		return nil, err
-	}
-
-	var oldState State
-	oldState.termios = Termios(*termios)
-
-	termios.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON)
-	termios.Oflag &^= unix.OPOST
-	termios.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN)
-	termios.Cflag &^= (unix.CSIZE | unix.PARENB)
-	termios.Cflag |= unix.CS8
-	termios.Cc[unix.VMIN] = 1
-	termios.Cc[unix.VTIME] = 0
-
-	if err := unix.IoctlSetTermios(int(fd), setTermios, termios); err != nil {
-		return nil, err
-	}
-	return &oldState, nil
-}
diff --git a/pkg/term/windows/console.go b/pkg/term/windows/console.go
deleted file mode 100644
index 5274019758050..0000000000000
--- a/pkg/term/windows/console.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// +build windows
-
-package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
-
-import (
-	"os"
-
-	"github.com/Azure/go-ansiterm/winterm"
-)
-
-// GetHandleInfo returns file descriptor and bool indicating whether the file is a console.
-func GetHandleInfo(in interface{}) (uintptr, bool) {
-	switch t := in.(type) {
-	case *ansiReader:
-		return t.Fd(), true
-	case *ansiWriter:
-		return t.Fd(), true
-	}
-
-	var inFd uintptr
-	var isTerminal bool
-
-	if file, ok := in.(*os.File); ok {
-		inFd = file.Fd()
-		isTerminal = IsConsole(inFd)
-	}
-	return inFd, isTerminal
-}
-
-// IsConsole returns true if the given file descriptor is a Windows Console.
-// The code assumes that GetConsoleMode will return an error for file descriptors that are not a console.
-func IsConsole(fd uintptr) bool {
-	_, e := winterm.GetConsoleMode(fd)
-	return e == nil
-}
diff --git a/pkg/term/windows/deprecated.go b/pkg/term/windows/deprecated.go
new file mode 100644
index 0000000000000..bebef13991ccf
--- /dev/null
+++ b/pkg/term/windows/deprecated.go
@@ -0,0 +1,35 @@
+//go:build windows
+// +build windows
+
+// Package windowsconsole implements ANSI-aware input and output streams for use
+// by the Docker Windows client. When asked for the set of standard streams (e.g.,
+// stdin, stdout, stderr), the code will create and return pseudo-streams that
+// convert ANSI sequences to / from Windows Console API calls.
+//
+// Deprecated: use github.com/moby/term/windows instead
+package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
+
+import (
+	windowsconsole "github.com/moby/term/windows"
+)
+
+var (
+	// GetHandleInfo returns file descriptor and bool indicating whether the file is a console.
+	// Deprecated: use github.com/moby/term/windows.GetHandleInfo
+	GetHandleInfo = windowsconsole.GetHandleInfo
+
+	// IsConsole returns true if the given file descriptor is a Windows Console.
+	// The code assumes that GetConsoleMode will return an error for file descriptors that are not a console.
+	// Deprecated: use github.com/moby/term/windows.IsConsole
+	IsConsole = windowsconsole.IsConsole
+
+	// NewAnsiReader returns an io.ReadCloser that provides VT100 terminal emulation on top of a
+	// Windows console input handle.
+	// Deprecated: use github.com/moby/term/windows.NewAnsiReader
+	NewAnsiReader = windowsconsole.NewAnsiReader
+
+	// NewAnsiWriter returns an io.Writer that provides VT100 terminal emulation on top of a
+	// Windows console output handle.
+	// Deprecated: use github.com/moby/term/windows.NewAnsiWriter
+	NewAnsiWriter = windowsconsole.NewAnsiWriter
+)
diff --git a/pkg/term/windows/windows.go b/pkg/term/windows/windows.go
deleted file mode 100644
index 3e5593ca6a683..0000000000000
--- a/pkg/term/windows/windows.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// These files implement ANSI-aware input and output streams for use by the Docker Windows client.
-// When asked for the set of standard streams (e.g., stdin, stdout, stderr), the code will create
-// and return pseudo-streams that convert ANSI sequences to / from Windows Console API calls.
-
-package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
-
-import (
-	"io/ioutil"
-	"os"
-	"sync"
-
-	"github.com/Azure/go-ansiterm"
-	"github.com/sirupsen/logrus"
-)
-
-var logger *logrus.Logger
-var initOnce sync.Once
-
-func initLogger() {
-	initOnce.Do(func() {
-		logFile := ioutil.Discard
-
-		if isDebugEnv := os.Getenv(ansiterm.LogEnv); isDebugEnv == "1" {
-			logFile, _ = os.Create("ansiReaderWriter.log")
-		}
-
-		logger = &logrus.Logger{
-			Out:       logFile,
-			Formatter: new(logrus.TextFormatter),
-			Level:     logrus.DebugLevel,
-		}
-	})
-}
diff --git a/pkg/truncindex/truncindex_test.go b/pkg/truncindex/truncindex_test.go
index e259017982a20..6d00a245aa149 100644
--- a/pkg/truncindex/truncindex_test.go
+++ b/pkg/truncindex/truncindex_test.go
@@ -158,7 +158,7 @@ func assertIndexGet(t *testing.T, index *TruncIndex, input, expectedResult strin
 func BenchmarkTruncIndexAdd100(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 100; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -174,7 +174,7 @@ func BenchmarkTruncIndexAdd100(b *testing.B) {
 func BenchmarkTruncIndexAdd250(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 250; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -190,7 +190,7 @@ func BenchmarkTruncIndexAdd250(b *testing.B) {
 func BenchmarkTruncIndexAdd500(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 500; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -207,7 +207,7 @@ func BenchmarkTruncIndexGet100(b *testing.B) {
 	var testSet []string
 	var testKeys []string
 	for i := 0; i < 100; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	index := NewTruncIndex([]string{})
 	for _, id := range testSet {
@@ -231,7 +231,7 @@ func BenchmarkTruncIndexGet250(b *testing.B) {
 	var testSet []string
 	var testKeys []string
 	for i := 0; i < 250; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	index := NewTruncIndex([]string{})
 	for _, id := range testSet {
@@ -255,7 +255,7 @@ func BenchmarkTruncIndexGet500(b *testing.B) {
 	var testSet []string
 	var testKeys []string
 	for i := 0; i < 500; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	index := NewTruncIndex([]string{})
 	for _, id := range testSet {
@@ -278,7 +278,7 @@ func BenchmarkTruncIndexGet500(b *testing.B) {
 func BenchmarkTruncIndexDelete100(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 100; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -301,7 +301,7 @@ func BenchmarkTruncIndexDelete100(b *testing.B) {
 func BenchmarkTruncIndexDelete250(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 250; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -324,7 +324,7 @@ func BenchmarkTruncIndexDelete250(b *testing.B) {
 func BenchmarkTruncIndexDelete500(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 500; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -347,7 +347,7 @@ func BenchmarkTruncIndexDelete500(b *testing.B) {
 func BenchmarkTruncIndexNew100(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 100; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -358,7 +358,7 @@ func BenchmarkTruncIndexNew100(b *testing.B) {
 func BenchmarkTruncIndexNew250(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 250; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -369,7 +369,7 @@ func BenchmarkTruncIndexNew250(b *testing.B) {
 func BenchmarkTruncIndexNew500(b *testing.B) {
 	var testSet []string
 	for i := 0; i < 500; i++ {
-		testSet = append(testSet, stringid.GenerateNonCryptoID())
+		testSet = append(testSet, stringid.GenerateRandomID())
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
@@ -381,7 +381,7 @@ func BenchmarkTruncIndexAddGet100(b *testing.B) {
 	var testSet []string
 	var testKeys []string
 	for i := 0; i < 500; i++ {
-		id := stringid.GenerateNonCryptoID()
+		id := stringid.GenerateRandomID()
 		testSet = append(testSet, id)
 		l := rand.Intn(12) + 12
 		testKeys = append(testKeys, id[:l])
@@ -406,7 +406,7 @@ func BenchmarkTruncIndexAddGet250(b *testing.B) {
 	var testSet []string
 	var testKeys []string
 	for i := 0; i < 500; i++ {
-		id := stringid.GenerateNonCryptoID()
+		id := stringid.GenerateRandomID()
 		testSet = append(testSet, id)
 		l := rand.Intn(12) + 12
 		testKeys = append(testKeys, id[:l])
@@ -431,7 +431,7 @@ func BenchmarkTruncIndexAddGet500(b *testing.B) {
 	var testSet []string
 	var testKeys []string
 	for i := 0; i < 500; i++ {
-		id := stringid.GenerateNonCryptoID()
+		id := stringid.GenerateRandomID()
 		testSet = append(testSet, id)
 		l := rand.Intn(12) + 12
 		testKeys = append(testKeys, id[:l])
diff --git a/plugin/backend_linux.go b/plugin/backend_linux.go
index 044e14b0cbf81..34313e8fd3fca 100644
--- a/plugin/backend_linux.go
+++ b/plugin/backend_linux.go
@@ -2,38 +2,38 @@ package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"archive/tar"
+	"bytes"
 	"compress/gzip"
 	"context"
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path"
 	"path/filepath"
-	"runtime"
 	"strings"
+	"time"
 
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/distribution"
-	progressutils "github.com/docker/docker/distribution/utils"
-	"github.com/docker/docker/distribution/xfer"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/authorization"
 	"github.com/docker/docker/pkg/chrootarchive"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/plugin/v2"
-	refstore "github.com/docker/docker/reference"
-	"github.com/opencontainers/go-digest"
+	v2 "github.com/docker/docker/plugin/v2"
+	"github.com/moby/sys/mount"
+	digest "github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -98,64 +98,6 @@ func (pm *Manager) Inspect(refOrID string) (tp *types.Plugin, err error) {
 	return &p.PluginObj, nil
 }
 
-func (pm *Manager) pull(ctx context.Context, ref reference.Named, config *distribution.ImagePullConfig, outStream io.Writer) error {
-	if outStream != nil {
-		// Include a buffer so that slow client connections don't affect
-		// transfer performance.
-		progressChan := make(chan progress.Progress, 100)
-
-		writesDone := make(chan struct{})
-
-		defer func() {
-			close(progressChan)
-			<-writesDone
-		}()
-
-		var cancelFunc context.CancelFunc
-		ctx, cancelFunc = context.WithCancel(ctx)
-
-		go func() {
-			progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
-			close(writesDone)
-		}()
-
-		config.ProgressOutput = progress.ChanOutput(progressChan)
-	} else {
-		config.ProgressOutput = progress.DiscardOutput()
-	}
-	return distribution.Pull(ctx, ref, config)
-}
-
-type tempConfigStore struct {
-	config       []byte
-	configDigest digest.Digest
-}
-
-func (s *tempConfigStore) Put(c []byte) (digest.Digest, error) {
-	dgst := digest.FromBytes(c)
-
-	s.config = c
-	s.configDigest = dgst
-
-	return dgst, nil
-}
-
-func (s *tempConfigStore) Get(d digest.Digest) ([]byte, error) {
-	if d != s.configDigest {
-		return nil, errNotFound("digest not found")
-	}
-	return s.config, nil
-}
-
-func (s *tempConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) {
-	return configToRootFS(c)
-}
-
-func (s *tempConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error) {
-	// TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS
-	return &specs.Platform{OS: runtime.GOOS}, nil
-}
-
 func computePrivileges(c types.PluginConfig) types.PluginPrivileges {
 	var privileges types.PluginPrivileges
 	if c.Network.Type != "null" && c.Network.Type != "bridge" && c.Network.Type != "" {
@@ -217,37 +159,53 @@ func computePrivileges(c types.PluginConfig) types.PluginPrivileges {
 
 // Privileges pulls a plugin config and computes the privileges required to install it.
 func (pm *Manager) Privileges(ctx context.Context, ref reference.Named, metaHeader http.Header, authConfig *types.AuthConfig) (types.PluginPrivileges, error) {
-	// create image store instance
-	cs := &tempConfigStore{}
-
-	// DownloadManager not defined because only pulling configuration.
-	pluginPullConfig := &distribution.ImagePullConfig{
-		Config: distribution.Config{
-			MetaHeaders:      metaHeader,
-			AuthConfig:       authConfig,
-			RegistryService:  pm.config.RegistryService,
-			ImageEventLogger: func(string, string, string) {},
-			ImageStore:       cs,
-		},
-		Schema2Types: distribution.PluginTypes,
-	}
-
-	if err := pm.pull(ctx, ref, pluginPullConfig, nil); err != nil {
-		return nil, err
+	var (
+		config     types.PluginConfig
+		configSeen bool
+	)
+
+	h := func(ctx context.Context, desc specs.Descriptor) ([]specs.Descriptor, error) {
+		switch desc.MediaType {
+		case schema2.MediaTypeManifest, specs.MediaTypeImageManifest:
+			data, err := content.ReadBlob(ctx, pm.blobStore, desc)
+			if err != nil {
+				return nil, errors.Wrapf(err, "error reading image manifest from blob store for %s", ref)
+			}
+
+			var m specs.Manifest
+			if err := json.Unmarshal(data, &m); err != nil {
+				return nil, errors.Wrapf(err, "error unmarshaling image manifest for %s", ref)
+			}
+			return []specs.Descriptor{m.Config}, nil
+		case schema2.MediaTypePluginConfig:
+			configSeen = true
+			data, err := content.ReadBlob(ctx, pm.blobStore, desc)
+			if err != nil {
+				return nil, errors.Wrapf(err, "error reading plugin config from blob store for %s", ref)
+			}
+
+			if err := json.Unmarshal(data, &config); err != nil {
+				return nil, errors.Wrapf(err, "error unmarshaling plugin config for %s", ref)
+			}
+		}
+
+		return nil, nil
 	}
 
-	if cs.config == nil {
-		return nil, errors.New("no configuration pulled")
+	if err := pm.fetch(ctx, ref, authConfig, progress.DiscardOutput(), metaHeader, images.HandlerFunc(h)); err != nil {
+		return types.PluginPrivileges{}, nil
 	}
-	var config types.PluginConfig
-	if err := json.Unmarshal(cs.config, &config); err != nil {
-		return nil, errdefs.System(err)
+
+	if !configSeen {
+		return types.PluginPrivileges{}, errors.Errorf("did not find plugin config for specified reference %s", ref)
 	}
 
 	return computePrivileges(config), nil
 }
 
 // Upgrade upgrades a plugin
+//
+// TODO: replace reference package usage with simpler url.Parse semantics
 func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) (err error) {
 	p, err := pm.config.Store.GetV2Plugin(name)
 	if err != nil {
@@ -258,44 +216,35 @@ func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string
 		return errors.Wrap(enabledError(p.Name()), "plugin must be disabled before upgrading")
 	}
 
-	pm.muGC.RLock()
-	defer pm.muGC.RUnlock()
-
 	// revalidate because Pull is public
 	if _, err := reference.ParseNormalizedNamed(name); err != nil {
 		return errors.Wrapf(errdefs.InvalidParameter(err), "failed to parse %q", name)
 	}
 
-	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
+	pm.muGC.RLock()
+	defer pm.muGC.RUnlock()
+
+	tmpRootFSDir, err := os.MkdirTemp(pm.tmpDir(), ".rootfs")
 	if err != nil {
-		return errors.Wrap(errdefs.System(err), "error preparing upgrade")
+		return errors.Wrap(err, "error creating tmp dir for plugin rootfs")
 	}
-	defer os.RemoveAll(tmpRootFSDir)
 
-	dm := &downloadManager{
-		tmpDir:    tmpRootFSDir,
-		blobStore: pm.blobStore,
-	}
+	var md fetchMeta
 
-	pluginPullConfig := &distribution.ImagePullConfig{
-		Config: distribution.Config{
-			MetaHeaders:      metaHeader,
-			AuthConfig:       authConfig,
-			RegistryService:  pm.config.RegistryService,
-			ImageEventLogger: pm.config.LogPluginEvent,
-			ImageStore:       dm,
-		},
-		DownloadManager: dm, // todo: reevaluate if possible to substitute distribution/xfer dependencies instead
-		Schema2Types:    distribution.PluginTypes,
+	ctx, cancel := context.WithCancel(ctx)
+	out, waitProgress := setupProgressOutput(outStream, cancel)
+	defer waitProgress()
+
+	if err := pm.fetch(ctx, ref, authConfig, out, metaHeader, storeFetchMetadata(&md), childrenHandler(pm.blobStore), applyLayer(pm.blobStore, tmpRootFSDir, out)); err != nil {
+		return err
 	}
+	pm.config.LogPluginEvent(reference.FamiliarString(ref), name, "pull")
 
-	err = pm.pull(ctx, ref, pluginPullConfig, outStream)
-	if err != nil {
-		go pm.GC()
+	if err := validateFetchedMetadata(md); err != nil {
 		return err
 	}
 
-	if err := pm.upgradePlugin(p, dm.configDigest, dm.blobs, tmpRootFSDir, &privileges); err != nil {
+	if err := pm.upgradePlugin(p, md.config, md.manifest, md.blobs, tmpRootFSDir, &privileges); err != nil {
 		return err
 	}
 	p.PluginObj.PluginReference = ref.String()
@@ -303,6 +252,8 @@ func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string
 }
 
 // Pull pulls a plugin, check if the correct privileges are provided and install the plugin.
+//
+// TODO: replace reference package usage with simpler url.Parse semantics
 func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer, opts ...CreateOpt) (err error) {
 	pm.muGC.RLock()
 	defer pm.muGC.RUnlock()
@@ -318,32 +269,24 @@ func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, m
 		return errdefs.InvalidParameter(err)
 	}
 
-	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
+	tmpRootFSDir, err := os.MkdirTemp(pm.tmpDir(), ".rootfs")
 	if err != nil {
-		return errors.Wrap(errdefs.System(err), "error preparing pull")
+		return errors.Wrap(errdefs.System(err), "error preparing upgrade")
 	}
 	defer os.RemoveAll(tmpRootFSDir)
 
-	dm := &downloadManager{
-		tmpDir:    tmpRootFSDir,
-		blobStore: pm.blobStore,
-	}
+	var md fetchMeta
 
-	pluginPullConfig := &distribution.ImagePullConfig{
-		Config: distribution.Config{
-			MetaHeaders:      metaHeader,
-			AuthConfig:       authConfig,
-			RegistryService:  pm.config.RegistryService,
-			ImageEventLogger: pm.config.LogPluginEvent,
-			ImageStore:       dm,
-		},
-		DownloadManager: dm, // todo: reevaluate if possible to substitute distribution/xfer dependencies instead
-		Schema2Types:    distribution.PluginTypes,
+	ctx, cancel := context.WithCancel(ctx)
+	out, waitProgress := setupProgressOutput(outStream, cancel)
+	defer waitProgress()
+
+	if err := pm.fetch(ctx, ref, authConfig, out, metaHeader, storeFetchMetadata(&md), childrenHandler(pm.blobStore), applyLayer(pm.blobStore, tmpRootFSDir, out)); err != nil {
+		return err
 	}
+	pm.config.LogPluginEvent(reference.FamiliarString(ref), name, "pull")
 
-	err = pm.pull(ctx, ref, pluginPullConfig, outStream)
-	if err != nil {
-		go pm.GC()
+	if err := validateFetchedMetadata(md); err != nil {
 		return err
 	}
 
@@ -354,12 +297,14 @@ func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, m
 	optsList = append(optsList, opts...)
 	optsList = append(optsList, refOpt)
 
-	p, err := pm.createPlugin(name, dm.configDigest, dm.blobs, tmpRootFSDir, &privileges, optsList...)
+	// TODO: tmpRootFSDir is empty but should have layers in it
+	p, err := pm.createPlugin(name, md.config, md.manifest, md.blobs, tmpRootFSDir, &privileges, optsList...)
 	if err != nil {
 		return err
 	}
 
 	pm.publisher.Publish(EventCreate{Plugin: p.PluginObj})
+
 	return nil
 }
 
@@ -404,7 +349,7 @@ next:
 	return out, nil
 }
 
-// Push pushes a plugin to the store.
+// Push pushes a plugin to the registry.
 func (pm *Manager) Push(ctx context.Context, name string, metaHeader http.Header, authConfig *types.AuthConfig, outStream io.Writer) error {
 	p, err := pm.config.Store.GetV2Plugin(name)
 	if err != nil {
@@ -416,201 +361,197 @@ func (pm *Manager) Push(ctx context.Context, name string, metaHeader http.Header
 		return errors.Wrapf(err, "plugin has invalid name %v for push", p.Name())
 	}
 
-	var po progress.Output
-	if outStream != nil {
-		// Include a buffer so that slow client connections don't affect
-		// transfer performance.
-		progressChan := make(chan progress.Progress, 100)
-
-		writesDone := make(chan struct{})
+	statusTracker := docker.NewInMemoryTracker()
 
-		defer func() {
-			close(progressChan)
-			<-writesDone
-		}()
-
-		var cancelFunc context.CancelFunc
-		ctx, cancelFunc = context.WithCancel(ctx)
+	resolver, err := pm.newResolver(ctx, statusTracker, authConfig, metaHeader, false)
+	if err != nil {
+		return err
+	}
 
-		go func() {
-			progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
-			close(writesDone)
-		}()
+	pusher, err := resolver.Pusher(ctx, ref.String())
+	if err != nil {
 
-		po = progress.ChanOutput(progressChan)
-	} else {
-		po = progress.DiscardOutput()
+		return errors.Wrap(err, "error creating plugin pusher")
 	}
 
-	// TODO: replace these with manager
-	is := &pluginConfigStore{
-		pm:     pm,
-		plugin: p,
-	}
-	lss := make(map[string]distribution.PushLayerProvider)
-	lss[runtime.GOOS] = &pluginLayerProvider{
-		pm:     pm,
-		plugin: p,
-	}
-	rs := &pluginReference{
-		name:     ref,
-		pluginID: p.Config,
-	}
+	pj := newPushJobs(statusTracker)
+
+	ctx, cancel := context.WithCancel(ctx)
+	out, waitProgress := setupProgressOutput(outStream, cancel)
+	defer waitProgress()
 
-	uploadManager := xfer.NewLayerUploadManager(3)
+	progressHandler := images.HandlerFunc(func(ctx context.Context, desc specs.Descriptor) ([]specs.Descriptor, error) {
+		logrus.WithField("mediaType", desc.MediaType).WithField("digest", desc.Digest.String()).Debug("Preparing to push plugin layer")
+		id := stringid.TruncateID(desc.Digest.String())
+		pj.add(remotes.MakeRefKey(ctx, desc), id)
+		progress.Update(out, id, "Preparing")
+		return nil, nil
+	})
 
-	imagePushConfig := &distribution.ImagePushConfig{
-		Config: distribution.Config{
-			MetaHeaders:      metaHeader,
-			AuthConfig:       authConfig,
-			ProgressOutput:   po,
-			RegistryService:  pm.config.RegistryService,
-			ReferenceStore:   rs,
-			ImageEventLogger: pm.config.LogPluginEvent,
-			ImageStore:       is,
-			RequireSchema2:   true,
-		},
-		ConfigMediaType: schema2.MediaTypePluginConfig,
-		LayerStores:     lss,
-		UploadManager:   uploadManager,
+	desc, err := pm.getManifestDescriptor(ctx, p)
+	if err != nil {
+		return errors.Wrap(err, "error reading plugin manifest")
 	}
 
-	return distribution.Push(ctx, ref, imagePushConfig)
-}
+	progress.Messagef(out, "", "The push refers to repository [%s]", reference.FamiliarName(ref))
 
-type pluginReference struct {
-	name     reference.Named
-	pluginID digest.Digest
-}
+	// TODO: If a layer already exists on the registry, the progress output just says "Preparing"
+	go func() {
+		timer := time.NewTimer(100 * time.Millisecond)
+		defer timer.Stop()
+		if !timer.Stop() {
+			<-timer.C
+		}
+		var statuses []contentStatus
+		for {
+			timer.Reset(100 * time.Millisecond)
+			select {
+			case <-ctx.Done():
+				return
+			case <-timer.C:
+				statuses = pj.status()
+			}
 
-func (r *pluginReference) References(id digest.Digest) []reference.Named {
-	if r.pluginID != id {
-		return nil
-	}
-	return []reference.Named{r.name}
-}
+			for _, s := range statuses {
+				out.WriteProgress(progress.Progress{ID: s.Ref, Current: s.Offset, Total: s.Total, Action: s.Status, LastUpdate: s.Offset == s.Total})
+			}
+		}
+	}()
 
-func (r *pluginReference) ReferencesByName(ref reference.Named) []refstore.Association {
-	return []refstore.Association{
-		{
-			Ref: r.name,
-			ID:  r.pluginID,
-		},
+	// Make sure we can authenticate the request since the auth scope for plugin repos is different than a normal repo.
+	ctx = docker.WithScope(ctx, scope(ref, true))
+	if err := remotes.PushContent(ctx, pusher, desc, pm.blobStore, nil, nil, func(h images.Handler) images.Handler {
+		return images.Handlers(progressHandler, h)
+	}); err != nil {
+		// Try fallback to http.
+		// This is needed because the containerd pusher will only attempt the first registry config we pass, which would
+		// typically be https.
+		// If there are no http-only host configs found we'll error out anyway.
+		resolver, _ := pm.newResolver(ctx, statusTracker, authConfig, metaHeader, true)
+		if resolver != nil {
+			pusher, _ := resolver.Pusher(ctx, ref.String())
+			if pusher != nil {
+				logrus.WithField("ref", ref).Debug("Re-attmpting push with http-fallback")
+				err2 := remotes.PushContent(ctx, pusher, desc, pm.blobStore, nil, nil, func(h images.Handler) images.Handler {
+					return images.Handlers(progressHandler, h)
+				})
+				if err2 == nil {
+					err = nil
+				} else {
+					logrus.WithError(err2).WithField("ref", ref).Debug("Error while attempting push with http-fallback")
+				}
+			}
+		}
+		if err != nil {
+			return errors.Wrap(err, "error pushing plugin")
+		}
 	}
-}
 
-func (r *pluginReference) Get(ref reference.Named) (digest.Digest, error) {
-	if r.name.String() != ref.String() {
-		return digest.Digest(""), refstore.ErrDoesNotExist
+	// For blobs that already exist in the registry we need to make sure to update the progress otherwise it will just say "pending"
+	// TODO: How to check if the layer already exists? Is it worth it?
+	for _, j := range pj.jobs {
+		progress.Update(out, pj.names[j], "Upload complete")
 	}
-	return r.pluginID, nil
-}
 
-func (r *pluginReference) AddTag(ref reference.Named, id digest.Digest, force bool) error {
-	// Read only, ignore
-	return nil
-}
-func (r *pluginReference) AddDigest(ref reference.Canonical, id digest.Digest, force bool) error {
-	// Read only, ignore
+	// Signal the client for content trust verification
+	progress.Aux(out, types.PushResult{Tag: ref.(reference.Tagged).Tag(), Digest: desc.Digest.String(), Size: int(desc.Size)})
+
 	return nil
 }
-func (r *pluginReference) Delete(ref reference.Named) (bool, error) {
-	// Read only, ignore
-	return false, nil
-}
 
-type pluginConfigStore struct {
-	pm     *Manager
-	plugin *v2.Plugin
+// manifest wraps an OCI manifest, because...
+// Historically the registry does not support plugins unless the media type on the manifest is specifically schema2.MediaTypeManifest
+// So the OCI manifest media type is not supported.
+// Additionally, there is extra validation for the docker schema2 manifest than there is a mediatype set on the manifest itself
+// even though this is set on the descriptor
+// The OCI types do not have this field.
+type manifest struct {
+	specs.Manifest
+	MediaType string `json:"mediaType,omitempty"`
 }
 
-func (s *pluginConfigStore) Put([]byte) (digest.Digest, error) {
-	return digest.Digest(""), errors.New("cannot store config on push")
-}
+func buildManifest(ctx context.Context, s content.Manager, config digest.Digest, layers []digest.Digest) (manifest, error) {
+	var m manifest
+	m.MediaType = images.MediaTypeDockerSchema2Manifest
+	m.SchemaVersion = 2
 
-func (s *pluginConfigStore) Get(d digest.Digest) ([]byte, error) {
-	if s.plugin.Config != d {
-		return nil, errors.New("plugin not found")
-	}
-	rwc, err := s.pm.blobStore.Get(d)
+	configInfo, err := s.Info(ctx, config)
 	if err != nil {
-		return nil, err
+		return m, errors.Wrapf(err, "error reading plugin config content for digest %s", config)
+	}
+	m.Config = specs.Descriptor{
+		MediaType: mediaTypePluginConfig,
+		Size:      configInfo.Size,
+		Digest:    configInfo.Digest,
 	}
-	defer rwc.Close()
-	return ioutil.ReadAll(rwc)
-}
-
-func (s *pluginConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) {
-	return configToRootFS(c)
-}
-
-func (s *pluginConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error) {
-	// TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS
-	return &specs.Platform{OS: runtime.GOOS}, nil
-}
 
-type pluginLayerProvider struct {
-	pm     *Manager
-	plugin *v2.Plugin
+	for _, l := range layers {
+		info, err := s.Info(ctx, l)
+		if err != nil {
+			return m, errors.Wrapf(err, "error fetching info for content digest %s", l)
+		}
+		m.Layers = append(m.Layers, specs.Descriptor{
+			MediaType: images.MediaTypeDockerSchema2LayerGzip, // TODO: This is assuming everything is a gzip compressed layer, but that may not be true.
+			Digest:    l,
+			Size:      info.Size,
+		})
+	}
+	return m, nil
 }
 
-func (p *pluginLayerProvider) Get(id layer.ChainID) (distribution.PushLayer, error) {
-	rootFS := rootFSFromPlugin(p.plugin.PluginObj.Config.Rootfs)
-	var i int
-	for i = 1; i <= len(rootFS.DiffIDs); i++ {
-		if layer.CreateChainID(rootFS.DiffIDs[:i]) == id {
-			break
+// getManifestDescriptor gets the OCI descriptor for a manifest
+// It will generate a manifest if one does not exist
+func (pm *Manager) getManifestDescriptor(ctx context.Context, p *v2.Plugin) (specs.Descriptor, error) {
+	logger := logrus.WithField("plugin", p.Name()).WithField("digest", p.Manifest)
+	if p.Manifest != "" {
+		info, err := pm.blobStore.Info(ctx, p.Manifest)
+		if err == nil {
+			desc := specs.Descriptor{
+				Size:      info.Size,
+				Digest:    info.Digest,
+				MediaType: images.MediaTypeDockerSchema2Manifest,
+			}
+			return desc, nil
 		}
+		logger.WithError(err).Debug("Could not find plugin manifest in content store")
+	} else {
+		logger.Info("Plugin does not have manifest digest")
 	}
-	if i > len(rootFS.DiffIDs) {
-		return nil, errors.New("layer not found")
-	}
-	return &pluginLayer{
-		pm:      p.pm,
-		diffIDs: rootFS.DiffIDs[:i],
-		blobs:   p.plugin.Blobsums[:i],
-	}, nil
-}
+	logger.Info("Building a new plugin manifest")
 
-type pluginLayer struct {
-	pm      *Manager
-	diffIDs []layer.DiffID
-	blobs   []digest.Digest
-}
+	manifest, err := buildManifest(ctx, pm.blobStore, p.Config, p.Blobsums)
+	if err != nil {
+		return specs.Descriptor{}, err
+	}
 
-func (l *pluginLayer) ChainID() layer.ChainID {
-	return layer.CreateChainID(l.diffIDs)
-}
+	desc, err := writeManifest(ctx, pm.blobStore, &manifest)
+	if err != nil {
+		return desc, err
+	}
 
-func (l *pluginLayer) DiffID() layer.DiffID {
-	return l.diffIDs[len(l.diffIDs)-1]
+	if err := pm.save(p); err != nil {
+		logger.WithError(err).Error("Could not save plugin with manifest digest")
+	}
+	return desc, nil
 }
 
-func (l *pluginLayer) Parent() distribution.PushLayer {
-	if len(l.diffIDs) == 1 {
-		return nil
+func writeManifest(ctx context.Context, cs content.Store, m *manifest) (specs.Descriptor, error) {
+	platform := platforms.DefaultSpec()
+	desc := specs.Descriptor{
+		MediaType: images.MediaTypeDockerSchema2Manifest,
+		Platform:  &platform,
 	}
-	return &pluginLayer{
-		pm:      l.pm,
-		diffIDs: l.diffIDs[:len(l.diffIDs)-1],
-		blobs:   l.blobs[:len(l.diffIDs)-1],
+	data, err := json.Marshal(m)
+	if err != nil {
+		return desc, errors.Wrap(err, "error encoding manifest")
 	}
-}
-
-func (l *pluginLayer) Open() (io.ReadCloser, error) {
-	return l.pm.blobStore.Get(l.blobs[len(l.diffIDs)-1])
-}
-
-func (l *pluginLayer) Size() (int64, error) {
-	return l.pm.blobStore.Size(l.blobs[len(l.diffIDs)-1])
-}
-
-func (l *pluginLayer) MediaType() string {
-	return schema2.MediaTypeLayer
-}
+	desc.Digest = digest.FromBytes(data)
+	desc.Size = int64(len(data))
 
-func (l *pluginLayer) Release() {
-	// Nothing needs to be release, no references held
+	if err := content.WriteBlob(ctx, cs, remotes.MakeRefKey(ctx, desc), bytes.NewReader(data), desc); err != nil {
+		return desc, errors.Wrap(err, "error writing plugin manifest")
+	}
+	return desc, nil
 }
 
 // Remove deletes plugin's root directory.
@@ -691,7 +632,7 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 		return err
 	}
 
-	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
+	tmpRootFSDir, err := os.MkdirTemp(pm.tmpDir(), ".rootfs")
 	if err != nil {
 		return errors.Wrap(err, "failed to create temp directory")
 	}
@@ -700,14 +641,14 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 	var configJSON []byte
 	rootFS := splitConfigRootFSFromTar(tarCtx, &configJSON)
 
-	rootFSBlob, err := pm.blobStore.New()
+	rootFSBlob, err := pm.blobStore.Writer(ctx, content.WithRef(name))
 	if err != nil {
 		return err
 	}
 	defer rootFSBlob.Close()
+
 	gzw := gzip.NewWriter(rootFSBlob)
-	layerDigester := digest.Canonical.Digester()
-	rootFSReader := io.TeeReader(rootFS, io.MultiWriter(gzw, layerDigester.Hash()))
+	rootFSReader := io.TeeReader(rootFS, gzw)
 
 	if err := chrootarchive.Untar(rootFSReader, tmpRootFSDir, nil); err != nil {
 		return err
@@ -736,8 +677,7 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 	pm.mu.Lock()
 	defer pm.mu.Unlock()
 
-	rootFSBlobsum, err := rootFSBlob.Commit()
-	if err != nil {
+	if err := rootFSBlob.Commit(ctx, 0, ""); err != nil {
 		return err
 	}
 	defer func() {
@@ -748,12 +688,12 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 
 	config.Rootfs = &types.PluginConfigRootfs{
 		Type:    "layers",
-		DiffIds: []string{layerDigester.Digest().String()},
+		DiffIds: []string{rootFSBlob.Digest().String()},
 	}
 
 	config.DockerVersion = dockerversion.Version
 
-	configBlob, err := pm.blobStore.New()
+	configBlob, err := pm.blobStore.Writer(ctx, content.WithRef(name+"-config.json"))
 	if err != nil {
 		return err
 	}
@@ -761,12 +701,23 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 	if err := json.NewEncoder(configBlob).Encode(config); err != nil {
 		return errors.Wrap(err, "error encoding json config")
 	}
-	configBlobsum, err := configBlob.Commit()
+	if err := configBlob.Commit(ctx, 0, ""); err != nil {
+		return err
+	}
+
+	configDigest := configBlob.Digest()
+	layers := []digest.Digest{rootFSBlob.Digest()}
+
+	manifest, err := buildManifest(ctx, pm.blobStore, configDigest, layers)
 	if err != nil {
 		return err
 	}
+	desc, err := writeManifest(ctx, pm.blobStore, &manifest)
+	if err != nil {
+		return
+	}
 
-	p, err := pm.createPlugin(name, configBlobsum, []digest.Digest{rootFSBlobsum}, tmpRootFSDir, nil)
+	p, err := pm.createPlugin(name, configDigest, desc.Digest, layers, tmpRootFSDir, nil)
 	if err != nil {
 		return err
 	}
@@ -814,7 +765,7 @@ func splitConfigRootFSFromTar(in io.ReadCloser, config *[]byte) io.ReadCloser {
 				name = name[1:]
 			}
 			if name == configFileName {
-				dt, err := ioutil.ReadAll(content)
+				dt, err := io.ReadAll(content)
 				if err != nil {
 					pw.CloseWithError(errors.Wrapf(err, "failed to read %s", configFileName))
 					return
@@ -836,7 +787,7 @@ func splitConfigRootFSFromTar(in io.ReadCloser, config *[]byte) io.ReadCloser {
 				}
 				hasRootFS = true
 			} else {
-				io.Copy(ioutil.Discard, content)
+				io.Copy(io.Discard, content)
 			}
 		}
 	}()
diff --git a/plugin/backend_linux_test.go b/plugin/backend_linux_test.go
index 81cf2ebb76291..bb4e7172f5990 100644
--- a/plugin/backend_linux_test.go
+++ b/plugin/backend_linux_test.go
@@ -1,14 +1,13 @@
 package plugin // import "github.com/docker/docker/plugin"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 )
 
 func TestAtomicRemoveAllNormal(t *testing.T) {
-	dir, err := ioutil.TempDir("", "atomic-remove-with-normal")
+	dir, err := os.MkdirTemp("", "atomic-remove-with-normal")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -27,7 +26,7 @@ func TestAtomicRemoveAllNormal(t *testing.T) {
 }
 
 func TestAtomicRemoveAllAlreadyExists(t *testing.T) {
-	dir, err := ioutil.TempDir("", "atomic-remove-already-exists")
+	dir, err := os.MkdirTemp("", "atomic-remove-already-exists")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -55,7 +54,7 @@ func TestAtomicRemoveAllNotExist(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	dir, err := ioutil.TempDir("", "atomic-remove-already-exists")
+	dir, err := os.MkdirTemp("", "atomic-remove-already-exists")
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/plugin/backend_unsupported.go b/plugin/backend_unsupported.go
index c0666e858e535..98d35c1dfa34c 100644
--- a/plugin/backend_unsupported.go
+++ b/plugin/backend_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package plugin // import "github.com/docker/docker/plugin"
diff --git a/plugin/blobstore.go b/plugin/blobstore.go
deleted file mode 100644
index a24e7bdf4f8e4..0000000000000
--- a/plugin/blobstore.go
+++ /dev/null
@@ -1,190 +0,0 @@
-package plugin // import "github.com/docker/docker/plugin"
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"runtime"
-
-	"github.com/docker/docker/distribution/xfer"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/chrootarchive"
-	"github.com/docker/docker/pkg/progress"
-	"github.com/opencontainers/go-digest"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-)
-
-type blobstore interface {
-	New() (WriteCommitCloser, error)
-	Get(dgst digest.Digest) (io.ReadCloser, error)
-	Size(dgst digest.Digest) (int64, error)
-}
-
-type basicBlobStore struct {
-	path string
-}
-
-func newBasicBlobStore(p string) (*basicBlobStore, error) {
-	tmpdir := filepath.Join(p, "tmp")
-	if err := os.MkdirAll(tmpdir, 0700); err != nil {
-		return nil, errors.Wrapf(err, "failed to mkdir %v", p)
-	}
-	return &basicBlobStore{path: p}, nil
-}
-
-func (b *basicBlobStore) New() (WriteCommitCloser, error) {
-	f, err := ioutil.TempFile(filepath.Join(b.path, "tmp"), ".insertion")
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to create temp file")
-	}
-	return newInsertion(f), nil
-}
-
-func (b *basicBlobStore) Get(dgst digest.Digest) (io.ReadCloser, error) {
-	return os.Open(filepath.Join(b.path, string(dgst.Algorithm()), dgst.Hex()))
-}
-
-func (b *basicBlobStore) Size(dgst digest.Digest) (int64, error) {
-	stat, err := os.Stat(filepath.Join(b.path, string(dgst.Algorithm()), dgst.Hex()))
-	if err != nil {
-		return 0, err
-	}
-	return stat.Size(), nil
-}
-
-func (b *basicBlobStore) gc(whitelist map[digest.Digest]struct{}) {
-	for _, alg := range []string{string(digest.Canonical)} {
-		items, err := ioutil.ReadDir(filepath.Join(b.path, alg))
-		if err != nil {
-			continue
-		}
-		for _, fi := range items {
-			if _, exists := whitelist[digest.Digest(alg+":"+fi.Name())]; !exists {
-				p := filepath.Join(b.path, alg, fi.Name())
-				err := os.RemoveAll(p)
-				logrus.Debugf("cleaned up blob %v: %v", p, err)
-			}
-		}
-	}
-
-}
-
-// WriteCommitCloser defines object that can be committed to blobstore.
-type WriteCommitCloser interface {
-	io.WriteCloser
-	Commit() (digest.Digest, error)
-}
-
-type insertion struct {
-	io.Writer
-	f        *os.File
-	digester digest.Digester
-	closed   bool
-}
-
-func newInsertion(tempFile *os.File) *insertion {
-	digester := digest.Canonical.Digester()
-	return &insertion{f: tempFile, digester: digester, Writer: io.MultiWriter(tempFile, digester.Hash())}
-}
-
-func (i *insertion) Commit() (digest.Digest, error) {
-	p := i.f.Name()
-	d := filepath.Join(filepath.Join(p, "../../"))
-	i.f.Sync()
-	defer os.RemoveAll(p)
-	if err := i.f.Close(); err != nil {
-		return "", err
-	}
-	i.closed = true
-	dgst := i.digester.Digest()
-	if err := os.MkdirAll(filepath.Join(d, string(dgst.Algorithm())), 0700); err != nil {
-		return "", errors.Wrapf(err, "failed to mkdir %v", d)
-	}
-	if err := os.Rename(p, filepath.Join(d, string(dgst.Algorithm()), dgst.Hex())); err != nil {
-		return "", errors.Wrapf(err, "failed to rename %v", p)
-	}
-	return dgst, nil
-}
-
-func (i *insertion) Close() error {
-	if i.closed {
-		return nil
-	}
-	defer os.RemoveAll(i.f.Name())
-	return i.f.Close()
-}
-
-type downloadManager struct {
-	blobStore    blobstore
-	tmpDir       string
-	blobs        []digest.Digest
-	configDigest digest.Digest
-}
-
-func (dm *downloadManager) Download(ctx context.Context, initialRootFS image.RootFS, os string, layers []xfer.DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error) {
-	for _, l := range layers {
-		b, err := dm.blobStore.New()
-		if err != nil {
-			return initialRootFS, nil, err
-		}
-		defer b.Close()
-		rc, _, err := l.Download(ctx, progressOutput)
-		if err != nil {
-			return initialRootFS, nil, errors.Wrap(err, "failed to download")
-		}
-		defer rc.Close()
-		r := io.TeeReader(rc, b)
-		inflatedLayerData, err := archive.DecompressStream(r)
-		if err != nil {
-			return initialRootFS, nil, err
-		}
-		defer inflatedLayerData.Close()
-		digester := digest.Canonical.Digester()
-		if _, err := chrootarchive.ApplyLayer(dm.tmpDir, io.TeeReader(inflatedLayerData, digester.Hash())); err != nil {
-			return initialRootFS, nil, err
-		}
-		initialRootFS.Append(layer.DiffID(digester.Digest()))
-		d, err := b.Commit()
-		if err != nil {
-			return initialRootFS, nil, err
-		}
-		dm.blobs = append(dm.blobs, d)
-	}
-	return initialRootFS, nil, nil
-}
-
-func (dm *downloadManager) Put(dt []byte) (digest.Digest, error) {
-	b, err := dm.blobStore.New()
-	if err != nil {
-		return "", err
-	}
-	defer b.Close()
-	n, err := b.Write(dt)
-	if err != nil {
-		return "", err
-	}
-	if n != len(dt) {
-		return "", io.ErrShortWrite
-	}
-	d, err := b.Commit()
-	dm.configDigest = d
-	return d, err
-}
-
-func (dm *downloadManager) Get(d digest.Digest) ([]byte, error) {
-	return nil, fmt.Errorf("digest not found")
-}
-func (dm *downloadManager) RootFSFromConfig(c []byte) (*image.RootFS, error) {
-	return configToRootFS(c)
-}
-func (dm *downloadManager) PlatformFromConfig(c []byte) (*specs.Platform, error) {
-	// TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS
-	return &specs.Platform{OS: runtime.GOOS}, nil
-}
diff --git a/plugin/defs.go b/plugin/defs.go
index 31f7c6bcc33ca..9a3577a72b1f5 100644
--- a/plugin/defs.go
+++ b/plugin/defs.go
@@ -1,11 +1,13 @@
 package plugin // import "github.com/docker/docker/plugin"
 
 import (
+	"fmt"
+	"strings"
 	"sync"
 
 	"github.com/docker/docker/pkg/plugins"
-	"github.com/docker/docker/plugin/v2"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	v2 "github.com/docker/docker/plugin/v2"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // Store manages the plugin inventory in memory and on-disk
@@ -42,6 +44,31 @@ func WithSwarmService(id string) CreateOpt {
 	}
 }
 
+// WithEnv is a CreateOpt that passes the user-provided environment variables
+// to the plugin container, de-duplicating variables with the same names case
+// sensitively and only appends valid key=value pairs
+func WithEnv(env []string) CreateOpt {
+	return func(p *v2.Plugin) {
+		effectiveEnv := make(map[string]string)
+		for _, penv := range p.PluginObj.Config.Env {
+			if penv.Value != nil {
+				effectiveEnv[penv.Name] = *penv.Value
+			}
+		}
+		for _, line := range env {
+			if pair := strings.SplitN(line, "=", 2); len(pair) > 1 {
+				effectiveEnv[pair[0]] = pair[1]
+			}
+		}
+		p.PluginObj.Settings.Env = make([]string, len(effectiveEnv))
+		i := 0
+		for key, value := range effectiveEnv {
+			p.PluginObj.Settings.Env[i] = fmt.Sprintf("%s=%s", key, value)
+			i++
+		}
+	}
+}
+
 // WithSpecMounts is a SpecOpt which appends the provided mounts to the runtime spec
 func WithSpecMounts(mounts []specs.Mount) SpecOpt {
 	return func(s *specs.Spec) {
diff --git a/plugin/executor/containerd/containerd.go b/plugin/executor/containerd/containerd.go
index a3401dce794ac..8354745990684 100644
--- a/plugin/executor/containerd/containerd.go
+++ b/plugin/executor/containerd/containerd.go
@@ -3,16 +3,15 @@ package containerd // import "github.com/docker/docker/plugin/executor/container
 import (
 	"context"
 	"io"
-	"path/filepath"
 	"sync"
-	"time"
 
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/cio"
-	"github.com/containerd/containerd/runtime/linux/runctypes"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/libcontainerd"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -25,27 +24,15 @@ type ExitHandler interface {
 	HandleExitEvent(id string) error
 }
 
-// Client is used by the exector to perform operations.
-// TODO(@cpuguy83): This should really just be based off the containerd client interface.
-// However right now this whole package is tied to github.com/docker/docker/libcontainerd
-type Client interface {
-	Create(ctx context.Context, containerID string, spec *specs.Spec, runtimeOptions interface{}) error
-	Restore(ctx context.Context, containerID string, attachStdio libcontainerd.StdioCallback) (alive bool, pid int, err error)
-	Status(ctx context.Context, containerID string) (libcontainerd.Status, error)
-	Delete(ctx context.Context, containerID string) error
-	DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error)
-	Start(ctx context.Context, containerID, checkpointDir string, withStdin bool, attachStdio libcontainerd.StdioCallback) (pid int, err error)
-	SignalProcess(ctx context.Context, containerID, processID string, signal int) error
-}
-
 // New creates a new containerd plugin executor
-func New(ctx context.Context, rootDir string, cli *containerd.Client, exitHandler ExitHandler) (*Executor, error) {
+func New(ctx context.Context, rootDir string, cli *containerd.Client, ns string, exitHandler ExitHandler, runtime types.Runtime) (*Executor, error) {
 	e := &Executor{
 		rootDir:     rootDir,
 		exitHandler: exitHandler,
+		runtime:     runtime,
 	}
 
-	client, err := libcontainerd.NewClient(ctx, cli, rootDir, PluginNamespace, e)
+	client, err := libcontainerd.NewClient(ctx, cli, rootDir, ns, e)
 	if err != nil {
 		return nil, errors.Wrap(err, "error creating containerd exec client")
 	}
@@ -56,30 +43,32 @@ func New(ctx context.Context, rootDir string, cli *containerd.Client, exitHandle
 // Executor is the containerd client implementation of a plugin executor
 type Executor struct {
 	rootDir     string
-	client      Client
+	client      libcontainerdtypes.Client
 	exitHandler ExitHandler
+	runtime     types.Runtime
 }
 
 // deleteTaskAndContainer deletes plugin task and then plugin container from containerd
-func deleteTaskAndContainer(ctx context.Context, cli Client, id string) {
-	_, _, err := cli.DeleteTask(ctx, id)
-	if err != nil && !errdefs.IsNotFound(err) {
-		logrus.WithError(err).WithField("id", id).Error("failed to delete plugin task from containerd")
+func deleteTaskAndContainer(ctx context.Context, cli libcontainerdtypes.Client, id string, p libcontainerdtypes.Process) {
+	if p != nil {
+		if _, _, err := p.Delete(ctx); err != nil && !errdefs.IsNotFound(err) {
+			logrus.WithError(err).WithField("id", id).Error("failed to delete plugin task from containerd")
+		}
+	} else {
+		if _, _, err := cli.DeleteTask(ctx, id); err != nil && !errdefs.IsNotFound(err) {
+			logrus.WithError(err).WithField("id", id).Error("failed to delete plugin task from containerd")
+		}
 	}
 
-	err = cli.Delete(ctx, id)
-	if err != nil && !errdefs.IsNotFound(err) {
+	if err := cli.Delete(ctx, id); err != nil && !errdefs.IsNotFound(err) {
 		logrus.WithError(err).WithField("id", id).Error("failed to delete plugin container from containerd")
 	}
 }
 
 // Create creates a new container
 func (e *Executor) Create(id string, spec specs.Spec, stdout, stderr io.WriteCloser) error {
-	opts := runctypes.RuncOptions{
-		RuntimeRoot: filepath.Join(e.rootDir, "runtime-root"),
-	}
 	ctx := context.Background()
-	err := e.client.Create(ctx, id, &spec, &opts)
+	err := e.client.Create(ctx, id, &spec, e.runtime.Shim.Binary, e.runtime.Shim.Opts)
 	if err != nil {
 		status, err2 := e.client.Status(ctx, id)
 		if err2 != nil {
@@ -87,11 +76,11 @@ func (e *Executor) Create(id string, spec specs.Spec, stdout, stderr io.WriteClo
 				logrus.WithError(err2).WithField("id", id).Warn("Received an error while attempting to read plugin status")
 			}
 		} else {
-			if status != libcontainerd.StatusRunning && status != libcontainerd.StatusUnknown {
+			if status != containerd.Running && status != containerd.Unknown {
 				if err2 := e.client.Delete(ctx, id); err2 != nil && !errdefs.IsNotFound(err2) {
 					logrus.WithError(err2).WithField("plugin", id).Error("Error cleaning up containerd container")
 				}
-				err = e.client.Create(ctx, id, &spec, &opts)
+				err = e.client.Create(ctx, id, &spec, e.runtime.Shim.Binary, e.runtime.Shim.Opts)
 			}
 		}
 
@@ -102,19 +91,19 @@ func (e *Executor) Create(id string, spec specs.Spec, stdout, stderr io.WriteClo
 
 	_, err = e.client.Start(ctx, id, "", false, attachStreamsFunc(stdout, stderr))
 	if err != nil {
-		deleteTaskAndContainer(ctx, e.client, id)
+		deleteTaskAndContainer(ctx, e.client, id, nil)
 	}
 	return err
 }
 
 // Restore restores a container
 func (e *Executor) Restore(id string, stdout, stderr io.WriteCloser) (bool, error) {
-	alive, _, err := e.client.Restore(context.Background(), id, attachStreamsFunc(stdout, stderr))
+	alive, _, p, err := e.client.Restore(context.Background(), id, attachStreamsFunc(stdout, stderr))
 	if err != nil && !errdefs.IsNotFound(err) {
 		return false, err
 	}
 	if !alive {
-		deleteTaskAndContainer(context.Background(), e.client, id)
+		deleteTaskAndContainer(context.Background(), e.client, id, p)
 	}
 	return alive, nil
 }
@@ -122,20 +111,20 @@ func (e *Executor) Restore(id string, stdout, stderr io.WriteCloser) (bool, erro
 // IsRunning returns if the container with the given id is running
 func (e *Executor) IsRunning(id string) (bool, error) {
 	status, err := e.client.Status(context.Background(), id)
-	return status == libcontainerd.StatusRunning, err
+	return status == containerd.Running, err
 }
 
 // Signal sends the specified signal to the container
 func (e *Executor) Signal(id string, signal int) error {
-	return e.client.SignalProcess(context.Background(), id, libcontainerd.InitProcessName, signal)
+	return e.client.SignalProcess(context.Background(), id, libcontainerdtypes.InitProcessName, signal)
 }
 
 // ProcessEvent handles events from containerd
 // All events are ignored except the exit event, which is sent of to the stored handler
-func (e *Executor) ProcessEvent(id string, et libcontainerd.EventType, ei libcontainerd.EventInfo) error {
+func (e *Executor) ProcessEvent(id string, et libcontainerdtypes.EventType, ei libcontainerdtypes.EventInfo) error {
 	switch et {
-	case libcontainerd.EventExit:
-		deleteTaskAndContainer(context.Background(), e.client, id)
+	case libcontainerdtypes.EventExit:
+		deleteTaskAndContainer(context.Background(), e.client, id, nil)
 		return e.exitHandler.HandleExitEvent(ei.ContainerID)
 	}
 	return nil
@@ -152,7 +141,7 @@ func (c *rio) Wait() {
 	c.IO.Wait()
 }
 
-func attachStreamsFunc(stdout, stderr io.WriteCloser) libcontainerd.StdioCallback {
+func attachStreamsFunc(stdout, stderr io.WriteCloser) libcontainerdtypes.StdioCallback {
 	return func(iop *cio.DirectIO) (cio.IO, error) {
 		if iop.Stdin != nil {
 			iop.Stdin.Close()
diff --git a/plugin/executor/containerd/containerd_test.go b/plugin/executor/containerd/containerd_test.go
deleted file mode 100644
index e27063b1d81f9..0000000000000
--- a/plugin/executor/containerd/containerd_test.go
+++ /dev/null
@@ -1,148 +0,0 @@
-package containerd
-
-import (
-	"context"
-	"io/ioutil"
-	"os"
-	"sync"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/libcontainerd"
-	"github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-	"gotest.tools/assert"
-)
-
-func TestLifeCycle(t *testing.T) {
-	t.Parallel()
-
-	mock := newMockClient()
-	exec, cleanup := setupTest(t, mock, mock)
-	defer cleanup()
-
-	id := "test-create"
-	mock.simulateStartError(true, id)
-	err := exec.Create(id, specs.Spec{}, nil, nil)
-	assert.Assert(t, err != nil)
-	mock.simulateStartError(false, id)
-
-	err = exec.Create(id, specs.Spec{}, nil, nil)
-	assert.Assert(t, err)
-	running, _ := exec.IsRunning(id)
-	assert.Assert(t, running)
-
-	// create with the same ID
-	err = exec.Create(id, specs.Spec{}, nil, nil)
-	assert.Assert(t, err != nil)
-
-	mock.HandleExitEvent(id) // simulate a plugin that exits
-
-	err = exec.Create(id, specs.Spec{}, nil, nil)
-	assert.Assert(t, err)
-}
-
-func setupTest(t *testing.T, client Client, eh ExitHandler) (*Executor, func()) {
-	rootDir, err := ioutil.TempDir("", "test-daemon")
-	assert.Assert(t, err)
-	assert.Assert(t, client != nil)
-	assert.Assert(t, eh != nil)
-
-	return &Executor{
-			rootDir:     rootDir,
-			client:      client,
-			exitHandler: eh,
-		}, func() {
-			assert.Assert(t, os.RemoveAll(rootDir))
-		}
-}
-
-type mockClient struct {
-	mu           sync.Mutex
-	containers   map[string]bool
-	errorOnStart map[string]bool
-}
-
-func newMockClient() *mockClient {
-	return &mockClient{
-		containers:   make(map[string]bool),
-		errorOnStart: make(map[string]bool),
-	}
-}
-
-func (c *mockClient) Create(ctx context.Context, id string, _ *specs.Spec, _ interface{}) error {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	if _, ok := c.containers[id]; ok {
-		return errors.New("exists")
-	}
-
-	c.containers[id] = false
-	return nil
-}
-
-func (c *mockClient) Restore(ctx context.Context, id string, attachStdio libcontainerd.StdioCallback) (alive bool, pid int, err error) {
-	return false, 0, nil
-}
-
-func (c *mockClient) Status(ctx context.Context, id string) (libcontainerd.Status, error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	running, ok := c.containers[id]
-	if !ok {
-		return libcontainerd.StatusUnknown, errors.New("not found")
-	}
-	if running {
-		return libcontainerd.StatusRunning, nil
-	}
-	return libcontainerd.StatusStopped, nil
-}
-
-func (c *mockClient) Delete(ctx context.Context, id string) error {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	delete(c.containers, id)
-	return nil
-}
-
-func (c *mockClient) DeleteTask(ctx context.Context, id string) (uint32, time.Time, error) {
-	return 0, time.Time{}, nil
-}
-
-func (c *mockClient) Start(ctx context.Context, id, checkpointDir string, withStdin bool, attachStdio libcontainerd.StdioCallback) (pid int, err error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	if _, ok := c.containers[id]; !ok {
-		return 0, errors.New("not found")
-	}
-
-	if c.errorOnStart[id] {
-		return 0, errors.New("some startup error")
-	}
-	c.containers[id] = true
-	return 1, nil
-}
-
-func (c *mockClient) SignalProcess(ctx context.Context, containerID, processID string, signal int) error {
-	return nil
-}
-
-func (c *mockClient) simulateStartError(sim bool, id string) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	if sim {
-		c.errorOnStart[id] = sim
-		return
-	}
-	delete(c.errorOnStart, id)
-}
-
-func (c *mockClient) HandleExitEvent(id string) error {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	delete(c.containers, id)
-	return nil
-}
diff --git a/plugin/fetch_linux.go b/plugin/fetch_linux.go
new file mode 100644
index 0000000000000..8ec85f9f36118
--- /dev/null
+++ b/plugin/fetch_linux.go
@@ -0,0 +1,285 @@
+package plugin
+
+import (
+	"context"
+	"io"
+	"net/http"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	c8derrdefs "github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	progressutils "github.com/docker/docker/distribution/utils"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/stringid"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const mediaTypePluginConfig = "application/vnd.docker.plugin.v1+json"
+
+// setupProgressOutput sets up the passed in writer to stream progress.
+//
+// The passed in cancel function is used by the progress writer to signal callers that there
+// is an issue writing to the stream.
+//
+// The returned function is used to wait for the progress writer to be finished.
+// Call it to make sure the progress writer is done before returning from your function as needed.
+func setupProgressOutput(outStream io.Writer, cancel func()) (progress.Output, func()) {
+	var out progress.Output
+	f := func() {}
+
+	if outStream != nil {
+		ch := make(chan progress.Progress, 100)
+		out = progress.ChanOutput(ch)
+
+		ctx, retCancel := context.WithCancel(context.Background())
+		go func() {
+			progressutils.WriteDistributionProgress(cancel, outStream, ch)
+			retCancel()
+		}()
+
+		f = func() {
+			close(ch)
+			<-ctx.Done()
+		}
+	} else {
+		out = progress.DiscardOutput()
+	}
+	return out, f
+}
+
+// fetch the content related to the passed in reference into the blob store and appends the provided images.Handlers
+// There is no need to use remotes.FetchHandler since it already gets set
+func (pm *Manager) fetch(ctx context.Context, ref reference.Named, auth *types.AuthConfig, out progress.Output, metaHeader http.Header, handlers ...images.Handler) (err error) {
+	// We need to make sure we have a domain on the reference
+	withDomain, err := reference.ParseNormalizedNamed(ref.String())
+	if err != nil {
+		return errors.Wrap(err, "error parsing plugin image reference")
+	}
+
+	// Make sure we can authenticate the request since the auth scope for plugin repos is different than a normal repo.
+	ctx = docker.WithScope(ctx, scope(ref, false))
+
+	// Make sure the fetch handler knows how to set a ref key for the plugin media type.
+	// Without this the ref key is "unknown" and we see a nasty warning message in the logs
+	ctx = remotes.WithMediaTypeKeyPrefix(ctx, mediaTypePluginConfig, "docker-plugin")
+
+	resolver, err := pm.newResolver(ctx, nil, auth, metaHeader, false)
+	if err != nil {
+		return err
+	}
+	resolved, desc, err := resolver.Resolve(ctx, withDomain.String())
+	if err != nil {
+		// This is backwards compatible with older versions of the distribution registry.
+		// The containerd client will add it's own accept header as a comma separated list of supported manifests.
+		// This is perfectly fine, unless you are talking to an older registry which does not split the comma separated list,
+		//   so it is never able to match a media type and it falls back to schema1 (yuck) and fails because our manifest the
+		//   fallback does not support plugin configs...
+		logrus.WithError(err).WithField("ref", withDomain).Debug("Error while resolving reference, falling back to backwards compatible accept header format")
+		headers := http.Header{}
+		headers.Add("Accept", images.MediaTypeDockerSchema2Manifest)
+		headers.Add("Accept", images.MediaTypeDockerSchema2ManifestList)
+		headers.Add("Accept", specs.MediaTypeImageManifest)
+		headers.Add("Accept", specs.MediaTypeImageIndex)
+		resolver, _ = pm.newResolver(ctx, nil, auth, headers, false)
+		if resolver != nil {
+			resolved, desc, err = resolver.Resolve(ctx, withDomain.String())
+			if err != nil {
+				logrus.WithError(err).WithField("ref", withDomain).Debug("Failed to resolve reference after falling back to backwards compatible accept header format")
+			}
+		}
+		if err != nil {
+			return errors.Wrap(err, "error resolving plugin reference")
+		}
+	}
+
+	fetcher, err := resolver.Fetcher(ctx, resolved)
+	if err != nil {
+		return errors.Wrap(err, "error creating plugin image fetcher")
+	}
+
+	fp := withFetchProgress(pm.blobStore, out, ref)
+	handlers = append([]images.Handler{fp, remotes.FetchHandler(pm.blobStore, fetcher)}, handlers...)
+	return images.Dispatch(ctx, images.Handlers(handlers...), nil, desc)
+}
+
+// applyLayer makes an images.HandlerFunc which applies a fetched image rootfs layer to a directory.
+//
+// TODO(@cpuguy83) This gets run sequentially after layer pull (makes sense), however
+// if there are multiple layers to fetch we may end up extracting layers in the wrong
+// order.
+func applyLayer(cs content.Store, dir string, out progress.Output) images.HandlerFunc {
+	return func(ctx context.Context, desc specs.Descriptor) ([]specs.Descriptor, error) {
+		switch desc.MediaType {
+		case
+			specs.MediaTypeImageLayer,
+			images.MediaTypeDockerSchema2Layer,
+			specs.MediaTypeImageLayerGzip,
+			images.MediaTypeDockerSchema2LayerGzip:
+		default:
+			return nil, nil
+		}
+
+		ra, err := cs.ReaderAt(ctx, desc)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error getting content from content store for digest %s", desc.Digest)
+		}
+
+		id := stringid.TruncateID(desc.Digest.String())
+
+		rc := ioutils.NewReadCloserWrapper(content.NewReader(ra), ra.Close)
+		pr := progress.NewProgressReader(rc, out, desc.Size, id, "Extracting")
+		defer pr.Close()
+
+		if _, err := chrootarchive.ApplyLayer(dir, pr); err != nil {
+			return nil, errors.Wrapf(err, "error applying layer for digest %s", desc.Digest)
+		}
+		progress.Update(out, id, "Complete")
+		return nil, nil
+	}
+}
+
+func childrenHandler(cs content.Store) images.HandlerFunc {
+	ch := images.ChildrenHandler(cs)
+	return func(ctx context.Context, desc specs.Descriptor) ([]specs.Descriptor, error) {
+		switch desc.MediaType {
+		case mediaTypePluginConfig:
+			return nil, nil
+		default:
+			return ch(ctx, desc)
+		}
+	}
+}
+
+type fetchMeta struct {
+	blobs    []digest.Digest
+	config   digest.Digest
+	manifest digest.Digest
+}
+
+func storeFetchMetadata(m *fetchMeta) images.HandlerFunc {
+	return func(ctx context.Context, desc specs.Descriptor) ([]specs.Descriptor, error) {
+		switch desc.MediaType {
+		case
+			images.MediaTypeDockerSchema2LayerForeignGzip,
+			images.MediaTypeDockerSchema2Layer,
+			specs.MediaTypeImageLayer,
+			specs.MediaTypeImageLayerGzip:
+			m.blobs = append(m.blobs, desc.Digest)
+		case specs.MediaTypeImageManifest, images.MediaTypeDockerSchema2Manifest:
+			m.manifest = desc.Digest
+		case mediaTypePluginConfig:
+			m.config = desc.Digest
+		}
+		return nil, nil
+	}
+}
+
+func validateFetchedMetadata(md fetchMeta) error {
+	if md.config == "" {
+		return errors.New("fetched plugin image but plugin config is missing")
+	}
+	if md.manifest == "" {
+		return errors.New("fetched plugin image but manifest is missing")
+	}
+	return nil
+}
+
+// withFetchProgress is a fetch handler which registers a descriptor with a progress
+func withFetchProgress(cs content.Store, out progress.Output, ref reference.Named) images.HandlerFunc {
+	return func(ctx context.Context, desc specs.Descriptor) ([]specs.Descriptor, error) {
+		switch desc.MediaType {
+		case specs.MediaTypeImageManifest, images.MediaTypeDockerSchema2Manifest:
+			tn := reference.TagNameOnly(ref)
+			tagged := tn.(reference.Tagged)
+			progress.Messagef(out, tagged.Tag(), "Pulling from %s", reference.FamiliarName(ref))
+			progress.Messagef(out, "", "Digest: %s", desc.Digest.String())
+			return nil, nil
+		case
+			images.MediaTypeDockerSchema2LayerGzip,
+			images.MediaTypeDockerSchema2Layer,
+			specs.MediaTypeImageLayer,
+			specs.MediaTypeImageLayerGzip:
+		default:
+			return nil, nil
+		}
+
+		id := stringid.TruncateID(desc.Digest.String())
+
+		if _, err := cs.Info(ctx, desc.Digest); err == nil {
+			out.WriteProgress(progress.Progress{ID: id, Action: "Already exists", LastUpdate: true})
+			return nil, nil
+		}
+
+		progress.Update(out, id, "Waiting")
+
+		key := remotes.MakeRefKey(ctx, desc)
+
+		go func() {
+			timer := time.NewTimer(100 * time.Millisecond)
+			if !timer.Stop() {
+				<-timer.C
+			}
+			defer timer.Stop()
+
+			var pulling bool
+			var ctxErr error
+
+			for {
+				timer.Reset(100 * time.Millisecond)
+
+				select {
+				case <-ctx.Done():
+					ctxErr = ctx.Err()
+					// make sure we can still fetch from the content store
+					// TODO: Might need to add some sort of timeout
+					ctx = context.Background()
+				case <-timer.C:
+				}
+
+				s, err := cs.Status(ctx, key)
+				if err != nil {
+					if !c8derrdefs.IsNotFound(err) {
+						logrus.WithError(err).WithField("layerDigest", desc.Digest.String()).Error("Error looking up status of plugin layer pull")
+						progress.Update(out, id, err.Error())
+						return
+					}
+
+					if _, err := cs.Info(ctx, desc.Digest); err == nil {
+						progress.Update(out, id, "Download complete")
+						return
+					}
+
+					if ctxErr != nil {
+						progress.Update(out, id, ctxErr.Error())
+						return
+					}
+
+					continue
+				}
+
+				if !pulling {
+					progress.Update(out, id, "Pulling fs layer")
+					pulling = true
+				}
+
+				if s.Offset == s.Total {
+					out.WriteProgress(progress.Progress{ID: id, Action: "Download complete", Current: s.Offset, LastUpdate: true})
+					return
+				}
+
+				out.WriteProgress(progress.Progress{ID: id, Action: "Downloading", Current: s.Offset, Total: s.Total})
+			}
+		}()
+		return nil, nil
+	}
+}
diff --git a/plugin/manager.go b/plugin/manager.go
index c6f896129b9b4..cfc49f285e536 100644
--- a/plugin/manager.go
+++ b/plugin/manager.go
@@ -1,9 +1,9 @@
 package plugin // import "github.com/docker/docker/plugin"
 
 import (
+	"context"
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -12,19 +12,18 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/content/local"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/authorization"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/pubsub"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/plugin/v2"
+	v2 "github.com/docker/docker/plugin/v2"
 	"github.com/docker/docker/registry"
-	"github.com/opencontainers/go-digest"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -72,7 +71,7 @@ type Manager struct {
 	mu        sync.RWMutex // protects cMap
 	muGC      sync.RWMutex // protects blobstore deletions
 	cMap      map[*v2.Plugin]*controller
-	blobStore *basicBlobStore
+	blobStore content.Store
 	publisher *pubsub.Publisher
 	executor  Executor
 }
@@ -117,9 +116,9 @@ func NewManager(config ManagerConfig) (*Manager, error) {
 		return nil, err
 	}
 
-	manager.blobStore, err = newBasicBlobStore(filepath.Join(manager.config.Root, "storage/blobs"))
+	manager.blobStore, err = local.NewStore(filepath.Join(manager.config.Root, "storage"))
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "error creating plugin blob store")
 	}
 
 	manager.cMap = make(map[*v2.Plugin]*controller)
@@ -143,7 +142,7 @@ func (pm *Manager) HandleExitEvent(id string) error {
 		return err
 	}
 
-	if err := os.RemoveAll(filepath.Join(pm.config.ExecRoot, id)); err != nil && !os.IsNotExist(err) {
+	if err := os.RemoveAll(filepath.Join(pm.config.ExecRoot, id)); err != nil {
 		logrus.WithError(err).WithField("id", id).Error("Could not remove plugin bundle dir")
 	}
 
@@ -158,10 +157,8 @@ func (pm *Manager) HandleExitEvent(id string) error {
 
 	if restart {
 		pm.enable(p, c, true)
-	} else {
-		if err := mount.RecursiveUnmount(filepath.Join(pm.config.Root, id)); err != nil {
-			return errors.Wrap(err, "error cleaning up plugin mounts")
-		}
+	} else if err := recursiveUnmount(filepath.Join(pm.config.Root, id)); err != nil {
+		return errors.Wrap(err, "error cleaning up plugin mounts")
 	}
 	return nil
 }
@@ -171,7 +168,7 @@ func handleLoadError(err error, id string) {
 		return
 	}
 	logger := logrus.WithError(err).WithField("id", id)
-	if os.IsNotExist(errors.Cause(err)) {
+	if errors.Is(err, os.ErrNotExist) {
 		// Likely some error while removing on an older version of docker
 		logger.Warn("missing plugin config, skipping: this may be caused due to a failed remove and requires manual cleanup.")
 		return
@@ -180,7 +177,7 @@ func handleLoadError(err error, id string) {
 }
 
 func (pm *Manager) reload() error { // todo: restore
-	dir, err := ioutil.ReadDir(pm.config.Root)
+	dir, err := os.ReadDir(pm.config.Root)
 	if err != nil {
 		return errors.Wrapf(err, "failed to read %v", pm.config.Root)
 	}
@@ -270,7 +267,7 @@ func (pm *Manager) Get(idOrName string) (*v2.Plugin, error) {
 
 func (pm *Manager) loadPlugin(id string) (*v2.Plugin, error) {
 	p := filepath.Join(pm.config.Root, id, configFileName)
-	dt, err := ioutil.ReadFile(p)
+	dt, err := os.ReadFile(p)
 	if err != nil {
 		return nil, errors.Wrapf(err, "error reading %v", p)
 	}
@@ -297,15 +294,23 @@ func (pm *Manager) GC() {
 	pm.muGC.Lock()
 	defer pm.muGC.Unlock()
 
-	whitelist := make(map[digest.Digest]struct{})
+	used := make(map[digest.Digest]struct{})
 	for _, p := range pm.config.Store.GetAll() {
-		whitelist[p.Config] = struct{}{}
+		used[p.Config] = struct{}{}
 		for _, b := range p.Blobsums {
-			whitelist[b] = struct{}{}
+			used[b] = struct{}{}
 		}
 	}
 
-	pm.blobStore.gc(whitelist)
+	ctx := context.TODO()
+	pm.blobStore.Walk(ctx, func(info content.Info) error {
+		_, ok := used[info.Digest]
+		if ok {
+			return nil
+		}
+
+		return pm.blobStore.Delete(ctx, info.Digest)
+	})
 }
 
 type logHook struct{ id string }
@@ -357,28 +362,3 @@ func isEqualPrivilege(a, b types.PluginPrivilege) bool {
 
 	return reflect.DeepEqual(a.Value, b.Value)
 }
-
-func configToRootFS(c []byte) (*image.RootFS, error) {
-	var pluginConfig types.PluginConfig
-	if err := json.Unmarshal(c, &pluginConfig); err != nil {
-		return nil, err
-	}
-	// validation for empty rootfs is in distribution code
-	if pluginConfig.Rootfs == nil {
-		return nil, nil
-	}
-
-	return rootFSFromPlugin(pluginConfig.Rootfs), nil
-}
-
-func rootFSFromPlugin(pluginfs *types.PluginConfigRootfs) *image.RootFS {
-	rootFS := image.RootFS{
-		Type:    pluginfs.Type,
-		DiffIDs: make([]layer.DiffID, len(pluginfs.DiffIds)),
-	}
-	for i := range pluginfs.DiffIds {
-		rootFS.DiffIDs[i] = layer.DiffID(pluginfs.DiffIds[i])
-	}
-
-	return &rootFS
-}
diff --git a/plugin/manager_linux.go b/plugin/manager_linux.go
index df1fe5b73dfac..4156eadf94582 100644
--- a/plugin/manager_linux.go
+++ b/plugin/manager_linux.go
@@ -1,22 +1,25 @@
 package plugin // import "github.com/docker/docker/plugin"
 
 import (
+	"context"
 	"encoding/json"
 	"net"
 	"os"
 	"path/filepath"
 	"time"
 
+	"github.com/containerd/containerd/content"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/daemon/initlayer"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/plugin/v2"
-	"github.com/opencontainers/go-digest"
+	v2 "github.com/docker/docker/plugin/v2"
+	"github.com/moby/sys/mount"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
@@ -61,7 +64,7 @@ func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
 	if err := pm.executor.Create(p.GetID(), *spec, stdout, stderr); err != nil {
 		if p.PluginObj.Config.PropagatedMount != "" {
 			if err := mount.Unmount(propRoot); err != nil {
-				logrus.Warnf("Could not unmount %s: %v", propRoot, err)
+				logrus.WithField("plugin", p.Name()).WithError(err).Warn("Failed to unmount vplugin propagated mount root")
 			}
 		}
 		return errors.WithStack(err)
@@ -146,6 +149,8 @@ func (pm *Manager) restore(p *v2.Plugin, c *controller) error {
 	return nil
 }
 
+const shutdownTimeout = 10 * time.Second
+
 func shutdownPlugin(p *v2.Plugin, ec chan bool, executor Executor) {
 	pluginID := p.GetID()
 
@@ -153,19 +158,26 @@ func shutdownPlugin(p *v2.Plugin, ec chan bool, executor Executor) {
 	if err != nil {
 		logrus.Errorf("Sending SIGTERM to plugin failed with error: %v", err)
 	} else {
+
+		timeout := time.NewTimer(shutdownTimeout)
+		defer timeout.Stop()
+
 		select {
 		case <-ec:
 			logrus.Debug("Clean shutdown of plugin")
-		case <-time.After(time.Second * 10):
+		case <-timeout.C:
 			logrus.Debug("Force shutdown plugin")
 			if err := executor.Signal(pluginID, int(unix.SIGKILL)); err != nil {
 				logrus.Errorf("Sending SIGKILL to plugin failed with error: %v", err)
 			}
+
+			timeout.Reset(shutdownTimeout)
+
 			select {
 			case <-ec:
 				logrus.Debug("SIGKILL plugin shutdown")
-			case <-time.After(time.Second * 10):
-				logrus.Debug("Force shutdown plugin FAILED")
+			case <-timeout.C:
+				logrus.WithField("plugin", p.Name).Warn("Force shutdown plugin FAILED")
 			}
 		}
 	}
@@ -204,8 +216,8 @@ func (pm *Manager) Shutdown() {
 	}
 }
 
-func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobsums []digest.Digest, tmpRootFSDir string, privileges *types.PluginPrivileges) (err error) {
-	config, err := pm.setupNewPlugin(configDigest, blobsums, privileges)
+func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest, manifestDigest digest.Digest, blobsums []digest.Digest, tmpRootFSDir string, privileges *types.PluginPrivileges) (err error) {
+	config, err := pm.setupNewPlugin(configDigest, privileges)
 	if err != nil {
 		return err
 	}
@@ -227,7 +239,7 @@ func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobs
 
 	defer func() {
 		if err != nil {
-			if rmErr := os.RemoveAll(orig); rmErr != nil && !os.IsNotExist(rmErr) {
+			if rmErr := os.RemoveAll(orig); rmErr != nil {
 				logrus.WithError(rmErr).WithField("dir", backup).Error("error cleaning up after failed upgrade")
 				return
 			}
@@ -238,7 +250,7 @@ func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobs
 				logrus.WithError(rmErr).WithField("plugin", p.Name()).Errorf("error cleaning up plugin upgrade dir: %s", tmpRootFSDir)
 			}
 		} else {
-			if rmErr := os.RemoveAll(backup); rmErr != nil && !os.IsNotExist(rmErr) {
+			if rmErr := os.RemoveAll(backup); rmErr != nil {
 				logrus.WithError(rmErr).WithField("dir", backup).Error("error cleaning up old plugin root after successful upgrade")
 			}
 
@@ -252,19 +264,22 @@ func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobs
 	}
 
 	p.PluginObj.Config = config
+	p.Manifest = manifestDigest
 	err = pm.save(p)
 	return errors.Wrap(err, "error saving upgraded plugin config")
 }
 
-func (pm *Manager) setupNewPlugin(configDigest digest.Digest, blobsums []digest.Digest, privileges *types.PluginPrivileges) (types.PluginConfig, error) {
-	configRC, err := pm.blobStore.Get(configDigest)
+func (pm *Manager) setupNewPlugin(configDigest digest.Digest, privileges *types.PluginPrivileges) (types.PluginConfig, error) {
+	configRA, err := pm.blobStore.ReaderAt(context.TODO(), specs.Descriptor{Digest: configDigest})
 	if err != nil {
 		return types.PluginConfig{}, err
 	}
-	defer configRC.Close()
+	defer configRA.Close()
+
+	configR := content.NewReader(configRA)
 
 	var config types.PluginConfig
-	dec := json.NewDecoder(configRC)
+	dec := json.NewDecoder(configR)
 	if err := dec.Decode(&config); err != nil {
 		return types.PluginConfig{}, errors.Wrapf(err, "failed to parse config")
 	}
@@ -273,9 +288,6 @@ func (pm *Manager) setupNewPlugin(configDigest digest.Digest, blobsums []digest.
 	}
 
 	requiredPrivileges := computePrivileges(config)
-	if err != nil {
-		return types.PluginConfig{}, err
-	}
 	if privileges != nil {
 		if err := validatePrivileges(requiredPrivileges, *privileges); err != nil {
 			return types.PluginConfig{}, err
@@ -286,12 +298,12 @@ func (pm *Manager) setupNewPlugin(configDigest digest.Digest, blobsums []digest.
 }
 
 // createPlugin creates a new plugin. take lock before calling.
-func (pm *Manager) createPlugin(name string, configDigest digest.Digest, blobsums []digest.Digest, rootFSDir string, privileges *types.PluginPrivileges, opts ...CreateOpt) (p *v2.Plugin, err error) {
+func (pm *Manager) createPlugin(name string, configDigest, manifestDigest digest.Digest, blobsums []digest.Digest, rootFSDir string, privileges *types.PluginPrivileges, opts ...CreateOpt) (p *v2.Plugin, err error) {
 	if err := pm.config.Store.validateName(name); err != nil { // todo: this check is wrong. remove store
 		return nil, errdefs.InvalidParameter(err)
 	}
 
-	config, err := pm.setupNewPlugin(configDigest, blobsums, privileges)
+	config, err := pm.setupNewPlugin(configDigest, privileges)
 	if err != nil {
 		return nil, err
 	}
@@ -304,6 +316,7 @@ func (pm *Manager) createPlugin(name string, configDigest digest.Digest, blobsum
 		},
 		Config:   configDigest,
 		Blobsums: blobsums,
+		Manifest: manifestDigest,
 	}
 	p.InitEmptySettings()
 	for _, o := range opts {
@@ -333,3 +346,7 @@ func (pm *Manager) createPlugin(name string, configDigest digest.Digest, blobsum
 
 	return p, nil
 }
+
+func recursiveUnmount(target string) error {
+	return mount.RecursiveUnmount(target)
+}
diff --git a/plugin/manager_linux_test.go b/plugin/manager_linux_test.go
index fd8fa8523c23a..b9f71e3702d8b 100644
--- a/plugin/manager_linux_test.go
+++ b/plugin/manager_linux_test.go
@@ -2,25 +2,25 @@ package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/plugin/v2"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	v2 "github.com/docker/docker/plugin/v2"
+	"github.com/moby/sys/mount"
+	"github.com/moby/sys/mountinfo"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
-	"gotest.tools/skip"
+	"gotest.tools/v3/skip"
 )
 
 func TestManagerWithPluginMounts(t *testing.T) {
 	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	root, err := ioutil.TempDir("", "test-store-with-plugin-mounts")
+	root, err := os.MkdirTemp("", "test-store-with-plugin-mounts")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -64,13 +64,13 @@ func TestManagerWithPluginMounts(t *testing.T) {
 	if err := m.Remove(p1.GetID(), &types.PluginRmConfig{ForceRemove: true}); err != nil {
 		t.Fatal(err)
 	}
-	if mounted, err := mount.Mounted(p2Mount); !mounted || err != nil {
+	if mounted, err := mountinfo.Mounted(p2Mount); !mounted || err != nil {
 		t.Fatalf("expected %s to be mounted, err: %v", p2Mount, err)
 	}
 }
 
 func newTestPlugin(t *testing.T, name, cap, root string) *v2.Plugin {
-	id := stringid.GenerateNonCryptoID()
+	id := stringid.GenerateRandomID()
 	rootfs := filepath.Join(root, id)
 	if err := os.MkdirAll(rootfs, 0755); err != nil {
 		t.Fatal(err)
@@ -106,7 +106,7 @@ func (e *simpleExecutor) Signal(id string, signal int) error {
 }
 
 func TestCreateFailed(t *testing.T) {
-	root, err := ioutil.TempDir("", "test-create-failed")
+	root, err := os.MkdirTemp("", "test-create-failed")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -174,9 +174,10 @@ func (e *executorWithRunning) Signal(id string, signal int) error {
 }
 
 func TestPluginAlreadyRunningOnStartup(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	t.Parallel()
 
-	root, err := ioutil.TempDir("", t.Name())
+	root, err := os.MkdirTemp("", t.Name())
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -209,7 +210,7 @@ func TestPluginAlreadyRunningOnStartup(t *testing.T) {
 			p.PluginObj.Enabled = true
 
 			// Need a short-ish path here so we don't run into unix socket path length issues.
-			config.ExecRoot, err = ioutil.TempDir("", "plugintest")
+			config.ExecRoot, err = os.MkdirTemp("", "plugintest")
 
 			executor := &executorWithRunning{root: config.ExecRoot}
 			config.CreateExecutor = func(m *Manager) (Executor, error) { executor.m = m; return executor, nil }
diff --git a/plugin/manager_windows.go b/plugin/manager_windows.go
index 90cc52c99253c..003b2210f9fd1 100644
--- a/plugin/manager_windows.go
+++ b/plugin/manager_windows.go
@@ -3,7 +3,7 @@ package plugin // import "github.com/docker/docker/plugin"
 import (
 	"fmt"
 
-	"github.com/docker/docker/plugin/v2"
+	v2 "github.com/docker/docker/plugin/v2"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -26,3 +26,7 @@ func (pm *Manager) restore(p *v2.Plugin, c *controller) error {
 // Shutdown plugins
 func (pm *Manager) Shutdown() {
 }
+
+func recursiveUnmount(_ string) error {
+	return nil
+}
diff --git a/plugin/progress.go b/plugin/progress.go
new file mode 100644
index 0000000000000..ffe6c70aaeac3
--- /dev/null
+++ b/plugin/progress.go
@@ -0,0 +1,74 @@
+package plugin
+
+import (
+	"sync"
+	"time"
+
+	"github.com/containerd/containerd/remotes/docker"
+)
+
+func newPushJobs(tracker docker.StatusTracker) *pushJobs {
+	return &pushJobs{
+		names: make(map[string]string),
+		t:     tracker,
+	}
+}
+
+type pushJobs struct {
+	t docker.StatusTracker
+
+	mu   sync.Mutex
+	jobs []string
+	// maps job ref to a name
+	names map[string]string
+}
+
+func (p *pushJobs) add(id, name string) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	if _, ok := p.names[id]; ok {
+		return
+	}
+	p.jobs = append(p.jobs, id)
+	p.names[id] = name
+}
+
+func (p *pushJobs) status() []contentStatus {
+	statuses := make([]contentStatus, 0, len(p.jobs))
+
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	for _, j := range p.jobs {
+		var s contentStatus
+		s.Ref = p.names[j]
+
+		status, err := p.t.GetStatus(j)
+		if err != nil {
+			s.Status = "Waiting"
+		} else {
+			s.Total = status.Total
+			s.Offset = status.Offset
+			s.StartedAt = status.StartedAt
+			s.UpdatedAt = status.UpdatedAt
+			if status.UploadUUID == "" {
+				s.Status = "Upload complete"
+			} else {
+				s.Status = "Uploading"
+			}
+		}
+		statuses = append(statuses, s)
+	}
+
+	return statuses
+}
+
+type contentStatus struct {
+	Status    string
+	Total     int64
+	Offset    int64
+	StartedAt time.Time
+	UpdatedAt time.Time
+	Ref       string
+}
diff --git a/plugin/registry.go b/plugin/registry.go
new file mode 100644
index 0000000000000..ad2a6b7138f50
--- /dev/null
+++ b/plugin/registry.go
@@ -0,0 +1,111 @@
+package plugin
+
+import (
+	"context"
+	"crypto/tls"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/sirupsen/logrus"
+
+	"github.com/docker/docker/dockerversion"
+
+	"github.com/pkg/errors"
+
+	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+)
+
+// scope builds the correct auth scope for the registry client to authorize against
+// By default the client currently only does a "repository:" scope with out a classifier, e.g. "(plugin)"
+// Without this, the client will not be able to authorize the request
+func scope(ref reference.Named, push bool) string {
+	scope := "repository(plugin):" + reference.Path(reference.TrimNamed(ref)) + ":pull"
+	if push {
+		scope += ",push"
+	}
+	return scope
+}
+
+func (pm *Manager) newResolver(ctx context.Context, tracker docker.StatusTracker, auth *types.AuthConfig, headers http.Header, httpFallback bool) (remotes.Resolver, error) {
+	if headers == nil {
+		headers = http.Header{}
+	}
+	headers.Add("User-Agent", dockerversion.DockerUserAgent(ctx))
+
+	return docker.NewResolver(docker.ResolverOptions{
+		Tracker: tracker,
+		Headers: headers,
+		Hosts:   pm.registryHostsFn(auth, httpFallback),
+	}), nil
+}
+
+func registryHTTPClient(config *tls.Config) *http.Client {
+	return &http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			TLSClientConfig:     config,
+			TLSHandshakeTimeout: 10 * time.Second,
+			IdleConnTimeout:     30 * time.Second,
+		},
+	}
+}
+
+func (pm *Manager) registryHostsFn(auth *types.AuthConfig, httpFallback bool) docker.RegistryHosts {
+	return func(hostname string) ([]docker.RegistryHost, error) {
+		eps, err := pm.config.RegistryService.LookupPullEndpoints(hostname)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error resolving repository for %s", hostname)
+		}
+
+		hosts := make([]docker.RegistryHost, 0, len(eps))
+
+		for _, ep := range eps {
+			// forced http fallback is used only for push since the containerd pusher only ever uses the first host we
+			// pass to it.
+			// So it is the callers responsibility to retry with this flag set.
+			if httpFallback && ep.URL.Scheme != "http" {
+				logrus.WithField("registryHost", hostname).WithField("endpoint", ep).Debugf("Skipping non-http endpoint")
+				continue
+			}
+
+			caps := docker.HostCapabilityPull | docker.HostCapabilityResolve
+			if !ep.Mirror {
+				caps = caps | docker.HostCapabilityPush
+			}
+
+			host, err := docker.DefaultHost(ep.URL.Host)
+			if err != nil {
+				return nil, err
+			}
+
+			client := registryHTTPClient(ep.TLSConfig)
+			hosts = append(hosts, docker.RegistryHost{
+				Host:         host,
+				Scheme:       ep.URL.Scheme,
+				Client:       client,
+				Path:         "/v2",
+				Capabilities: caps,
+				Authorizer: docker.NewDockerAuthorizer(
+					docker.WithAuthClient(client),
+					docker.WithAuthCreds(func(_ string) (string, string, error) {
+						if auth.IdentityToken != "" {
+							return "", auth.IdentityToken, nil
+						}
+						return auth.Username, auth.Password, nil
+					}),
+				),
+			})
+		}
+		logrus.WithField("registryHost", hostname).WithField("hosts", hosts).Debug("Resolved registry hosts")
+
+		return hosts, nil
+	}
+}
diff --git a/plugin/store.go b/plugin/store.go
index 8e96c11da4e45..114fcf17a148f 100644
--- a/plugin/store.go
+++ b/plugin/store.go
@@ -8,8 +8,8 @@ import (
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
-	"github.com/docker/docker/plugin/v2"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	v2 "github.com/docker/docker/plugin/v2"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -153,7 +153,8 @@ func (ps *Store) Get(name, capability string, mode int) (plugingetter.CompatPlug
 			// but we should error out right away
 			return nil, errDisabled(name)
 		}
-		if _, ok := errors.Cause(err).(errNotFound); !ok {
+		var ierr errNotFound
+		if !errors.As(err, &ierr) {
 			return nil, err
 		}
 	}
@@ -166,7 +167,7 @@ func (ps *Store) Get(name, capability string, mode int) (plugingetter.CompatPlug
 	if err == nil {
 		return p, nil
 	}
-	if errors.Cause(err) == plugins.ErrNotFound {
+	if errors.Is(err, plugins.ErrNotFound) {
 		return nil, errNotFound(name)
 	}
 	return nil, errors.Wrap(errdefs.System(err), "legacy plugin")
@@ -188,9 +189,7 @@ func (ps *Store) GetAllByCap(capability string) ([]plugingetter.CompatPlugin, er
 	 * bypassing the daemon. For such tests, this check is necessary.
 	 */
 	if ps != nil {
-		ps.RLock()
 		result = ps.getAllByCap(capability)
-		ps.RUnlock()
 	}
 
 	// Lookup with legacy model
@@ -250,10 +249,8 @@ func (ps *Store) CallHandler(p *v2.Plugin) {
 	}
 }
 
+// resolvePluginID must be protected by ps.RLock
 func (ps *Store) resolvePluginID(idOrName string) (string, error) {
-	ps.RLock() // todo: fix
-	defer ps.RUnlock()
-
 	if validFullID.MatchString(idOrName) {
 		return idOrName, nil
 	}
diff --git a/plugin/store_test.go b/plugin/store_test.go
index 14b484f76c70b..47b4bd7d4ddd6 100644
--- a/plugin/store_test.go
+++ b/plugin/store_test.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/docker/plugin/v2"
+	v2 "github.com/docker/docker/plugin/v2"
 )
 
 func TestFilterByCapNeg(t *testing.T) {
diff --git a/plugin/v2/plugin.go b/plugin/v2/plugin.go
index 6852511c5e664..d42e1bd0b94e6 100644
--- a/plugin/v2/plugin.go
+++ b/plugin/v2/plugin.go
@@ -11,8 +11,8 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
-	"github.com/opencontainers/go-digest"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // Plugin represents an individual plugin.
@@ -25,6 +25,7 @@ type Plugin struct {
 
 	Config   digest.Digest
 	Blobsums []digest.Digest
+	Manifest digest.Digest
 
 	modifyRuntimeSpec func(*specs.Spec)
 
@@ -125,7 +126,9 @@ func (p *Plugin) Set(args []string) error {
 	// TODO(vieux): lots of code duplication here, needs to be refactored.
 
 next:
-	for _, s := range sets {
+	for _, set := range sets {
+		s := set
+
 		// range over all the envs in the config
 		for _, env := range p.PluginObj.Config.Env {
 			// found the env in the config
diff --git a/plugin/v2/plugin_linux.go b/plugin/v2/plugin_linux.go
index 58c432fcd6254..4ad582cd834d7 100644
--- a/plugin/v2/plugin_linux.go
+++ b/plugin/v2/plugin_linux.go
@@ -9,7 +9,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/oci"
 	"github.com/docker/docker/pkg/system"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
 
diff --git a/plugin/v2/plugin_unsupported.go b/plugin/v2/plugin_unsupported.go
index 5242fe124ca16..1b08aec171bbc 100644
--- a/plugin/v2/plugin_unsupported.go
+++ b/plugin/v2/plugin_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package v2 // import "github.com/docker/docker/plugin/v2"
@@ -5,7 +6,7 @@ package v2 // import "github.com/docker/docker/plugin/v2"
 import (
 	"errors"
 
-	"github.com/opencontainers/runtime-spec/specs-go"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // InitSpec creates an OCI spec from the plugin's config.
diff --git a/poule.yml b/poule.yml
index d05c764b38ab5..0407a20f20ad3 100644
--- a/poule.yml
+++ b/poule.yml
@@ -99,36 +99,3 @@
             configurations: [ z ],
             label:          "rebuild/z",
         }
-
-# Once a day, randomly assign pull requests older than 2 weeks.
-- schedule:         "@daily"
-  operations:
-      - type:       random-assign
-        filters: {
-            age:    "2w",
-            is:     "pr",
-        }
-        settings: {
-            users: [
-                "aaronlehmann",
-                "akihirosuda",
-                "coolljt0725",
-                "cpuguy83",
-                "crosbymichael",
-                "dnephin",
-                "duglin",
-                "fntlnz",
-                "johnstep",
-                "justincormack",
-                "mhbauer",
-                "mlaventure",
-                "runcom",
-                "stevvooe",
-                "thajeztah",
-                "tiborvass",
-                "tonistiigi",
-                "vdemeester",
-                "vieux",
-                "yongtang",
-            ]
-        }
diff --git a/profiles/apparmor/apparmor.go b/profiles/apparmor/apparmor.go
index b021668c8e4ca..b3566b2f7354d 100644
--- a/profiles/apparmor/apparmor.go
+++ b/profiles/apparmor/apparmor.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package apparmor // import "github.com/docker/docker/profiles/apparmor"
@@ -5,7 +6,6 @@ package apparmor // import "github.com/docker/docker/profiles/apparmor"
 import (
 	"bufio"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"strings"
@@ -23,6 +23,8 @@ var (
 type profileData struct {
 	// Name is profile name.
 	Name string
+	// DaemonProfile is the profile name of our daemon.
+	DaemonProfile string
 	// Imports defines the apparmor functions to import, before defining the profile.
 	Imports []string
 	// InnerImports defines the apparmor functions to import in the profile.
@@ -70,8 +72,27 @@ func InstallDefault(name string) error {
 		Name: name,
 	}
 
+	// Figure out the daemon profile.
+	currentProfile, err := os.ReadFile("/proc/self/attr/current")
+	if err != nil {
+		// If we couldn't get the daemon profile, assume we are running
+		// unconfined which is generally the default.
+		currentProfile = nil
+	}
+	daemonProfile := string(currentProfile)
+	// Normally profiles are suffixed by " (enforcing)" or similar. AppArmor
+	// profiles cannot contain spaces so this doesn't restrict daemon profile
+	// names.
+	if parts := strings.SplitN(daemonProfile, " ", 2); len(parts) >= 1 {
+		daemonProfile = parts[0]
+	}
+	if daemonProfile == "" {
+		daemonProfile = "unconfined"
+	}
+	p.DaemonProfile = daemonProfile
+
 	// Install to a temporary directory.
-	f, err := ioutil.TempFile("", name)
+	f, err := os.CreateTemp("", name)
 	if err != nil {
 		return err
 	}
diff --git a/profiles/apparmor/template.go b/profiles/apparmor/template.go
index c00a3f70e9931..7c8525a71c810 100644
--- a/profiles/apparmor/template.go
+++ b/profiles/apparmor/template.go
@@ -1,7 +1,14 @@
+//go:build linux
 // +build linux
 
 package apparmor // import "github.com/docker/docker/profiles/apparmor"
 
+// NOTE: This profile is replicated in containerd and libpod. If you make a
+//       change to this profile, please make follow-up PRs to those projects so
+//       that these rules can be synchronised (because any issue with this
+//       profile will likely affect libpod and containerd).
+// TODO: Move this to a common project so we can maintain it in one spot.
+
 // baseTemplate defines the default apparmor profile for containers.
 const baseTemplate = `
 {{range $value := .Imports}}
@@ -17,6 +24,14 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
   capability,
   file,
   umount,
+{{if ge .Version 208096}}
+  # Host (privileged) processes may send signals to container processes.
+  signal (receive) peer=unconfined,
+  # dockerd may send signals to container processes (for "docker kill").
+  signal (receive) peer={{.DaemonProfile}},
+  # Container processes may send signals amongst themselves.
+  signal (send,receive) peer={{.Name}},
+{{end}}
 
   deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
   # deny write to files not in /proc/<number>/** or /proc/sys/**
@@ -38,7 +53,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
 
 {{if ge .Version 208095}}
   # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
-  ptrace (trace,read) peer={{.Name}},
+  ptrace (trace,read,tracedby,readby) peer={{.Name}},
 {{end}}
 }
 `
diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
old mode 100755
new mode 100644
index 0d954bb6d018c..fbf3ac8396489
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -1,5 +1,6 @@
 {
 	"defaultAction": "SCMP_ACT_ERRNO",
+	"defaultErrnoRet": 1,
 	"archMap": [
 		{
 			"architecture": "SCMP_ARCH_X86_64",
@@ -65,10 +66,16 @@
 				"chmod",
 				"chown",
 				"chown32",
+				"clock_adjtime",
+				"clock_adjtime64",
 				"clock_getres",
+				"clock_getres_time64",
 				"clock_gettime",
+				"clock_gettime64",
 				"clock_nanosleep",
+				"clock_nanosleep_time64",
 				"close",
+				"close_range",
 				"connect",
 				"copy_file_range",
 				"creat",
@@ -80,6 +87,7 @@
 				"epoll_ctl",
 				"epoll_ctl_old",
 				"epoll_pwait",
+				"epoll_pwait2",
 				"epoll_wait",
 				"epoll_wait_old",
 				"eventfd",
@@ -89,6 +97,7 @@
 				"exit",
 				"exit_group",
 				"faccessat",
+				"faccessat2",
 				"fadvise64",
 				"fadvise64_64",
 				"fallocate",
@@ -117,6 +126,7 @@
 				"ftruncate",
 				"ftruncate64",
 				"futex",
+				"futex_time64",
 				"futimesat",
 				"getcpu",
 				"getcwd",
@@ -162,10 +172,15 @@
 				"ioctl",
 				"io_destroy",
 				"io_getevents",
+				"io_pgetevents",
+				"io_pgetevents_time64",
 				"ioprio_get",
 				"ioprio_set",
 				"io_setup",
 				"io_submit",
+				"io_uring_enter",
+				"io_uring_register",
+				"io_uring_setup",
 				"ipc",
 				"kill",
 				"lchown",
@@ -183,6 +198,7 @@
 				"lstat",
 				"lstat64",
 				"madvise",
+				"membarrier",
 				"memfd_create",
 				"mincore",
 				"mkdir",
@@ -199,7 +215,9 @@
 				"mq_notify",
 				"mq_open",
 				"mq_timedreceive",
+				"mq_timedreceive_time64",
 				"mq_timedsend",
+				"mq_timedsend_time64",
 				"mq_unlink",
 				"mremap",
 				"msgctl",
@@ -215,17 +233,22 @@
 				"_newselect",
 				"open",
 				"openat",
+				"openat2",
 				"pause",
+				"pidfd_open",
+				"pidfd_send_signal",
 				"pipe",
 				"pipe2",
 				"poll",
 				"ppoll",
+				"ppoll_time64",
 				"prctl",
 				"pread64",
 				"preadv",
 				"preadv2",
 				"prlimit64",
 				"pselect6",
+				"pselect6_time64",
 				"pwrite64",
 				"pwritev",
 				"pwritev2",
@@ -237,6 +260,7 @@
 				"recv",
 				"recvfrom",
 				"recvmmsg",
+				"recvmmsg_time64",
 				"recvmsg",
 				"remap_file_pages",
 				"removexattr",
@@ -245,6 +269,7 @@
 				"renameat2",
 				"restart_syscall",
 				"rmdir",
+				"rseq",
 				"rt_sigaction",
 				"rt_sigpending",
 				"rt_sigprocmask",
@@ -252,6 +277,7 @@
 				"rt_sigreturn",
 				"rt_sigsuspend",
 				"rt_sigtimedwait",
+				"rt_sigtimedwait_time64",
 				"rt_tgsigqueueinfo",
 				"sched_getaffinity",
 				"sched_getattr",
@@ -260,6 +286,7 @@
 				"sched_get_priority_min",
 				"sched_getscheduler",
 				"sched_rr_get_interval",
+				"sched_rr_get_interval_time64",
 				"sched_setaffinity",
 				"sched_setattr",
 				"sched_setparam",
@@ -271,6 +298,7 @@
 				"semget",
 				"semop",
 				"semtimedop",
+				"semtimedop_time64",
 				"send",
 				"sendfile",
 				"sendfile64",
@@ -313,6 +341,7 @@
 				"sigaltstack",
 				"signalfd",
 				"signalfd4",
+				"sigprocmask",
 				"sigreturn",
 				"socket",
 				"socketcall",
@@ -334,12 +363,16 @@
 				"time",
 				"timer_create",
 				"timer_delete",
-				"timerfd_create",
-				"timerfd_gettime",
-				"timerfd_settime",
 				"timer_getoverrun",
 				"timer_gettime",
+				"timer_gettime64",
 				"timer_settime",
+				"timer_settime64",
+				"timerfd_create",
+				"timerfd_gettime",
+				"timerfd_gettime64",
+				"timerfd_settime",
+				"timerfd_settime64",
 				"times",
 				"tkill",
 				"truncate",
@@ -351,6 +384,7 @@
 				"unlinkat",
 				"utime",
 				"utimensat",
+				"utimensat_time64",
 				"utimes",
 				"vfork",
 				"vmsplice",
@@ -360,11 +394,18 @@
 				"write",
 				"writev"
 			],
+			"action": "SCMP_ACT_ALLOW"
+		},
+		{
+			"names": [
+				"process_vm_readv",
+				"process_vm_writev",
+				"ptrace"
+			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
-			"includes": {},
-			"excludes": {}
+			"includes": {
+				"minKernel": "4.8"
+			}
 		},
 		{
 			"names": [
@@ -375,13 +416,9 @@
 				{
 					"index": 0,
 					"value": 0,
-					"valueTwo": 0,
 					"op": "SCMP_CMP_EQ"
 				}
-			],
-			"comment": "",
-			"includes": {},
-			"excludes": {}
+			]
 		},
 		{
 			"names": [
@@ -392,13 +429,9 @@
 				{
 					"index": 0,
 					"value": 8,
-					"valueTwo": 0,
 					"op": "SCMP_CMP_EQ"
 				}
-			],
-			"comment": "",
-			"includes": {},
-			"excludes": {}
+			]
 		},
 		{
 			"names": [
@@ -409,13 +442,9 @@
 				{
 					"index": 0,
 					"value": 131072,
-					"valueTwo": 0,
 					"op": "SCMP_CMP_EQ"
 				}
-			],
-			"comment": "",
-			"includes": {},
-			"excludes": {}
+			]
 		},
 		{
 			"names": [
@@ -426,13 +455,9 @@
 				{
 					"index": 0,
 					"value": 131080,
-					"valueTwo": 0,
 					"op": "SCMP_CMP_EQ"
 				}
-			],
-			"comment": "",
-			"includes": {},
-			"excludes": {}
+			]
 		},
 		{
 			"names": [
@@ -443,27 +468,20 @@
 				{
 					"index": 0,
 					"value": 4294967295,
-					"valueTwo": 0,
 					"op": "SCMP_CMP_EQ"
 				}
-			],
-			"comment": "",
-			"includes": {},
-			"excludes": {}
+			]
 		},
 		{
 			"names": [
 				"sync_file_range2"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"arches": [
 					"ppc64le"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
@@ -475,46 +493,37 @@
 				"set_tls"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"arches": [
 					"arm",
 					"arm64"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"arch_prctl"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"arches": [
 					"amd64",
 					"x32"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"modify_ldt"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"arches": [
 					"amd64",
 					"x32",
 					"x86"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
@@ -523,38 +532,39 @@
 				"s390_runtime_instr"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"arches": [
 					"s390",
 					"s390x"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"open_by_handle_at"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_DAC_READ_SEARCH"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"bpf",
 				"clone",
+				"clone3",
 				"fanotify_init",
+				"fsconfig",
+				"fsmount",
+				"fsopen",
+				"fspick",
 				"lookup_dcookie",
 				"mount",
+				"move_mount",
 				"name_to_handle_at",
+				"open_tree",
 				"perf_event_open",
 				"quotactl",
 				"setdomainname",
@@ -566,14 +576,11 @@
 				"unshare"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_ADMIN"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
@@ -583,13 +590,10 @@
 			"args": [
 				{
 					"index": 0,
-					"value": 2080505856,
-					"valueTwo": 0,
+					"value": 2114060288,
 					"op": "SCMP_CMP_MASKED_EQ"
 				}
 			],
-			"comment": "",
-			"includes": {},
 			"excludes": {
 				"caps": [
 					"CAP_SYS_ADMIN"
@@ -608,8 +612,7 @@
 			"args": [
 				{
 					"index": 1,
-					"value": 2080505856,
-					"valueTwo": 0,
+					"value": 2114060288,
 					"op": "SCMP_CMP_MASKED_EQ"
 				}
 			],
@@ -626,81 +629,79 @@
 				]
 			}
 		},
+		{
+			"names": [
+				"clone3"
+			],
+			"action": "SCMP_ACT_ERRNO",
+			"errnoRet": 38,
+			"excludes": {
+				"caps": [
+					"CAP_SYS_ADMIN"
+				]
+			}
+		},
 		{
 			"names": [
 				"reboot"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_BOOT"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"chroot"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_CHROOT"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"delete_module",
 				"init_module",
-				"finit_module",
-				"query_module"
+				"finit_module"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_MODULE"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"acct"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_PACCT"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"kcmp",
+				"pidfd_getfd",
+				"process_madvise",
 				"process_vm_readv",
 				"process_vm_writev",
 				"ptrace"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_PTRACE"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
@@ -708,14 +709,11 @@
 				"ioperm"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_RAWIO"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
@@ -724,28 +722,22 @@
 				"clock_settime"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_TIME"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"vhangup"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_TTY_CONFIG"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
@@ -754,28 +746,22 @@
 				"set_mempolicy"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYS_NICE"
 				]
-			},
-			"excludes": {}
+			}
 		},
 		{
 			"names": [
 				"syslog"
 			],
 			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
 			"includes": {
 				"caps": [
 					"CAP_SYSLOG"
 				]
-			},
-			"excludes": {}
+			}
 		}
 	]
 }
\ No newline at end of file
diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
new file mode 100644
index 0000000000000..f7d93d2cc4f79
--- /dev/null
+++ b/profiles/seccomp/default_linux.go
@@ -0,0 +1,766 @@
+//go:build seccomp
+// +build seccomp
+
+package seccomp // import "github.com/docker/docker/profiles/seccomp"
+
+import (
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"golang.org/x/sys/unix"
+)
+
+func arches() []Architecture {
+	return []Architecture{
+		{
+			Arch:      specs.ArchX86_64,
+			SubArches: []specs.Arch{specs.ArchX86, specs.ArchX32},
+		},
+		{
+			Arch:      specs.ArchAARCH64,
+			SubArches: []specs.Arch{specs.ArchARM},
+		},
+		{
+			Arch:      specs.ArchMIPS64,
+			SubArches: []specs.Arch{specs.ArchMIPS, specs.ArchMIPS64N32},
+		},
+		{
+			Arch:      specs.ArchMIPS64N32,
+			SubArches: []specs.Arch{specs.ArchMIPS, specs.ArchMIPS64},
+		},
+		{
+			Arch:      specs.ArchMIPSEL64,
+			SubArches: []specs.Arch{specs.ArchMIPSEL, specs.ArchMIPSEL64N32},
+		},
+		{
+			Arch:      specs.ArchMIPSEL64N32,
+			SubArches: []specs.Arch{specs.ArchMIPSEL, specs.ArchMIPSEL64},
+		},
+		{
+			Arch:      specs.ArchS390X,
+			SubArches: []specs.Arch{specs.ArchS390},
+		},
+	}
+}
+
+// DefaultProfile defines the allowed syscalls for the default seccomp profile.
+func DefaultProfile() *Seccomp {
+	nosys := uint(unix.ENOSYS)
+	syscalls := []*Syscall{
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"accept",
+					"accept4",
+					"access",
+					"adjtimex",
+					"alarm",
+					"bind",
+					"brk",
+					"capget",
+					"capset",
+					"chdir",
+					"chmod",
+					"chown",
+					"chown32",
+					"clock_adjtime",
+					"clock_adjtime64",
+					"clock_getres",
+					"clock_getres_time64",
+					"clock_gettime",
+					"clock_gettime64",
+					"clock_nanosleep",
+					"clock_nanosleep_time64",
+					"close",
+					"close_range",
+					"connect",
+					"copy_file_range",
+					"creat",
+					"dup",
+					"dup2",
+					"dup3",
+					"epoll_create",
+					"epoll_create1",
+					"epoll_ctl",
+					"epoll_ctl_old",
+					"epoll_pwait",
+					"epoll_pwait2",
+					"epoll_wait",
+					"epoll_wait_old",
+					"eventfd",
+					"eventfd2",
+					"execve",
+					"execveat",
+					"exit",
+					"exit_group",
+					"faccessat",
+					"faccessat2",
+					"fadvise64",
+					"fadvise64_64",
+					"fallocate",
+					"fanotify_mark",
+					"fchdir",
+					"fchmod",
+					"fchmodat",
+					"fchown",
+					"fchown32",
+					"fchownat",
+					"fcntl",
+					"fcntl64",
+					"fdatasync",
+					"fgetxattr",
+					"flistxattr",
+					"flock",
+					"fork",
+					"fremovexattr",
+					"fsetxattr",
+					"fstat",
+					"fstat64",
+					"fstatat64",
+					"fstatfs",
+					"fstatfs64",
+					"fsync",
+					"ftruncate",
+					"ftruncate64",
+					"futex",
+					"futex_time64",
+					"futimesat",
+					"getcpu",
+					"getcwd",
+					"getdents",
+					"getdents64",
+					"getegid",
+					"getegid32",
+					"geteuid",
+					"geteuid32",
+					"getgid",
+					"getgid32",
+					"getgroups",
+					"getgroups32",
+					"getitimer",
+					"getpeername",
+					"getpgid",
+					"getpgrp",
+					"getpid",
+					"getppid",
+					"getpriority",
+					"getrandom",
+					"getresgid",
+					"getresgid32",
+					"getresuid",
+					"getresuid32",
+					"getrlimit",
+					"get_robust_list",
+					"getrusage",
+					"getsid",
+					"getsockname",
+					"getsockopt",
+					"get_thread_area",
+					"gettid",
+					"gettimeofday",
+					"getuid",
+					"getuid32",
+					"getxattr",
+					"inotify_add_watch",
+					"inotify_init",
+					"inotify_init1",
+					"inotify_rm_watch",
+					"io_cancel",
+					"ioctl",
+					"io_destroy",
+					"io_getevents",
+					"io_pgetevents",
+					"io_pgetevents_time64",
+					"ioprio_get",
+					"ioprio_set",
+					"io_setup",
+					"io_submit",
+					"io_uring_enter",
+					"io_uring_register",
+					"io_uring_setup",
+					"ipc",
+					"kill",
+					"lchown",
+					"lchown32",
+					"lgetxattr",
+					"link",
+					"linkat",
+					"listen",
+					"listxattr",
+					"llistxattr",
+					"_llseek",
+					"lremovexattr",
+					"lseek",
+					"lsetxattr",
+					"lstat",
+					"lstat64",
+					"madvise",
+					"membarrier",
+					"memfd_create",
+					"mincore",
+					"mkdir",
+					"mkdirat",
+					"mknod",
+					"mknodat",
+					"mlock",
+					"mlock2",
+					"mlockall",
+					"mmap",
+					"mmap2",
+					"mprotect",
+					"mq_getsetattr",
+					"mq_notify",
+					"mq_open",
+					"mq_timedreceive",
+					"mq_timedreceive_time64",
+					"mq_timedsend",
+					"mq_timedsend_time64",
+					"mq_unlink",
+					"mremap",
+					"msgctl",
+					"msgget",
+					"msgrcv",
+					"msgsnd",
+					"msync",
+					"munlock",
+					"munlockall",
+					"munmap",
+					"nanosleep",
+					"newfstatat",
+					"_newselect",
+					"open",
+					"openat",
+					"openat2",
+					"pause",
+					"pidfd_open",
+					"pidfd_send_signal",
+					"pipe",
+					"pipe2",
+					"poll",
+					"ppoll",
+					"ppoll_time64",
+					"prctl",
+					"pread64",
+					"preadv",
+					"preadv2",
+					"prlimit64",
+					"pselect6",
+					"pselect6_time64",
+					"pwrite64",
+					"pwritev",
+					"pwritev2",
+					"read",
+					"readahead",
+					"readlink",
+					"readlinkat",
+					"readv",
+					"recv",
+					"recvfrom",
+					"recvmmsg",
+					"recvmmsg_time64",
+					"recvmsg",
+					"remap_file_pages",
+					"removexattr",
+					"rename",
+					"renameat",
+					"renameat2",
+					"restart_syscall",
+					"rmdir",
+					"rseq",
+					"rt_sigaction",
+					"rt_sigpending",
+					"rt_sigprocmask",
+					"rt_sigqueueinfo",
+					"rt_sigreturn",
+					"rt_sigsuspend",
+					"rt_sigtimedwait",
+					"rt_sigtimedwait_time64",
+					"rt_tgsigqueueinfo",
+					"sched_getaffinity",
+					"sched_getattr",
+					"sched_getparam",
+					"sched_get_priority_max",
+					"sched_get_priority_min",
+					"sched_getscheduler",
+					"sched_rr_get_interval",
+					"sched_rr_get_interval_time64",
+					"sched_setaffinity",
+					"sched_setattr",
+					"sched_setparam",
+					"sched_setscheduler",
+					"sched_yield",
+					"seccomp",
+					"select",
+					"semctl",
+					"semget",
+					"semop",
+					"semtimedop",
+					"semtimedop_time64",
+					"send",
+					"sendfile",
+					"sendfile64",
+					"sendmmsg",
+					"sendmsg",
+					"sendto",
+					"setfsgid",
+					"setfsgid32",
+					"setfsuid",
+					"setfsuid32",
+					"setgid",
+					"setgid32",
+					"setgroups",
+					"setgroups32",
+					"setitimer",
+					"setpgid",
+					"setpriority",
+					"setregid",
+					"setregid32",
+					"setresgid",
+					"setresgid32",
+					"setresuid",
+					"setresuid32",
+					"setreuid",
+					"setreuid32",
+					"setrlimit",
+					"set_robust_list",
+					"setsid",
+					"setsockopt",
+					"set_thread_area",
+					"set_tid_address",
+					"setuid",
+					"setuid32",
+					"setxattr",
+					"shmat",
+					"shmctl",
+					"shmdt",
+					"shmget",
+					"shutdown",
+					"sigaltstack",
+					"signalfd",
+					"signalfd4",
+					"sigprocmask",
+					"sigreturn",
+					"socket",
+					"socketcall",
+					"socketpair",
+					"splice",
+					"stat",
+					"stat64",
+					"statfs",
+					"statfs64",
+					"statx",
+					"symlink",
+					"symlinkat",
+					"sync",
+					"sync_file_range",
+					"syncfs",
+					"sysinfo",
+					"tee",
+					"tgkill",
+					"time",
+					"timer_create",
+					"timer_delete",
+					"timer_getoverrun",
+					"timer_gettime",
+					"timer_gettime64",
+					"timer_settime",
+					"timer_settime64",
+					"timerfd_create",
+					"timerfd_gettime",
+					"timerfd_gettime64",
+					"timerfd_settime",
+					"timerfd_settime64",
+					"times",
+					"tkill",
+					"truncate",
+					"truncate64",
+					"ugetrlimit",
+					"umask",
+					"uname",
+					"unlink",
+					"unlinkat",
+					"utime",
+					"utimensat",
+					"utimensat_time64",
+					"utimes",
+					"vfork",
+					"vmsplice",
+					"wait4",
+					"waitid",
+					"waitpid",
+					"write",
+					"writev",
+				},
+				Action: specs.ActAllow,
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"process_vm_readv",
+					"process_vm_writev",
+					"ptrace",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				MinKernel: &KernelVersion{4, 8},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names:  []string{"personality"},
+				Action: specs.ActAllow,
+				Args: []specs.LinuxSeccompArg{
+					{
+						Index: 0,
+						Value: 0x0,
+						Op:    specs.OpEqualTo,
+					},
+				},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names:  []string{"personality"},
+				Action: specs.ActAllow,
+				Args: []specs.LinuxSeccompArg{
+					{
+						Index: 0,
+						Value: 0x0008,
+						Op:    specs.OpEqualTo,
+					},
+				},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names:  []string{"personality"},
+				Action: specs.ActAllow,
+				Args: []specs.LinuxSeccompArg{
+					{
+						Index: 0,
+						Value: 0x20000,
+						Op:    specs.OpEqualTo,
+					},
+				},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names:  []string{"personality"},
+				Action: specs.ActAllow,
+				Args: []specs.LinuxSeccompArg{
+					{
+						Index: 0,
+						Value: 0x20008,
+						Op:    specs.OpEqualTo,
+					},
+				},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names:  []string{"personality"},
+				Action: specs.ActAllow,
+				Args: []specs.LinuxSeccompArg{
+					{
+						Index: 0,
+						Value: 0xffffffff,
+						Op:    specs.OpEqualTo,
+					},
+				},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"sync_file_range2",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Arches: []string{"ppc64le"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"arm_fadvise64_64",
+					"arm_sync_file_range",
+					"sync_file_range2",
+					"breakpoint",
+					"cacheflush",
+					"set_tls",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Arches: []string{"arm", "arm64"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"arch_prctl",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Arches: []string{"amd64", "x32"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"modify_ldt",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Arches: []string{"amd64", "x32", "x86"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"s390_pci_mmio_read",
+					"s390_pci_mmio_write",
+					"s390_runtime_instr",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Arches: []string{"s390", "s390x"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"open_by_handle_at",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_DAC_READ_SEARCH"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"bpf",
+					"clone",
+					"clone3",
+					"fanotify_init",
+					"fsconfig",
+					"fsmount",
+					"fsopen",
+					"fspick",
+					"lookup_dcookie",
+					"mount",
+					"move_mount",
+					"name_to_handle_at",
+					"open_tree",
+					"perf_event_open",
+					"quotactl",
+					"setdomainname",
+					"sethostname",
+					"setns",
+					"syslog",
+					"umount",
+					"umount2",
+					"unshare",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_ADMIN"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"clone",
+				},
+				Action: specs.ActAllow,
+				Args: []specs.LinuxSeccompArg{
+					{
+						Index:    0,
+						Value:    unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET | unix.CLONE_NEWCGROUP,
+						ValueTwo: 0,
+						Op:       specs.OpMaskedEqual,
+					},
+				},
+			},
+			Excludes: &Filter{
+				Caps:   []string{"CAP_SYS_ADMIN"},
+				Arches: []string{"s390", "s390x"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"clone",
+				},
+				Action: specs.ActAllow,
+				Args: []specs.LinuxSeccompArg{
+					{
+						Index:    1,
+						Value:    unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET | unix.CLONE_NEWCGROUP,
+						ValueTwo: 0,
+						Op:       specs.OpMaskedEqual,
+					},
+				},
+			},
+			Comment: "s390 parameter ordering for clone is different",
+			Includes: &Filter{
+				Arches: []string{"s390", "s390x"},
+			},
+			Excludes: &Filter{
+				Caps: []string{"CAP_SYS_ADMIN"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"clone3",
+				},
+				Action:   specs.ActErrno,
+				ErrnoRet: &nosys,
+			},
+			Excludes: &Filter{
+				Caps: []string{"CAP_SYS_ADMIN"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"reboot",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_BOOT"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"chroot",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_CHROOT"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"delete_module",
+					"init_module",
+					"finit_module",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_MODULE"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"acct",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_PACCT"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"kcmp",
+					"pidfd_getfd",
+					"process_madvise",
+					"process_vm_readv",
+					"process_vm_writev",
+					"ptrace",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_PTRACE"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"iopl",
+					"ioperm",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_RAWIO"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"settimeofday",
+					"stime",
+					"clock_settime",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_TIME"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"vhangup",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_TTY_CONFIG"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"get_mempolicy",
+					"mbind",
+					"set_mempolicy",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYS_NICE"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"syslog",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Caps: []string{"CAP_SYSLOG"},
+			},
+		},
+	}
+
+	errnoRet := uint(unix.EPERM)
+	return &Seccomp{
+		LinuxSeccomp: specs.LinuxSeccomp{
+			DefaultAction:   specs.ActErrno,
+			DefaultErrnoRet: &errnoRet,
+		},
+		ArchMap:  arches(),
+		Syscalls: syscalls,
+	}
+}
diff --git a/profiles/seccomp/fixtures/conditional_include.json b/profiles/seccomp/fixtures/conditional_include.json
new file mode 100644
index 0000000000000..09a3d2a7000fb
--- /dev/null
+++ b/profiles/seccomp/fixtures/conditional_include.json
@@ -0,0 +1,23 @@
+{
+  "defaultAction": "SCMP_ACT_ERRNO",
+  "syscalls": [
+    {
+      "names": ["chmod"],
+      "action": "SCMP_ACT_ALLOW"
+    },
+    {
+      "names": ["syslog"],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": ["CAP_SYSLOG"]
+      }
+    },
+    {
+      "names": ["ptrace"],
+      "action": "SCMP_ACT_ALLOW",
+      "excludes": {
+        "caps": ["CAP_SYS_ADMIN"]
+      }
+    }
+  ]
+}
diff --git a/profiles/seccomp/fixtures/default-old-format.json b/profiles/seccomp/fixtures/default-old-format.json
new file mode 100644
index 0000000000000..0e52bf95ec346
--- /dev/null
+++ b/profiles/seccomp/fixtures/default-old-format.json
@@ -0,0 +1,1593 @@
+{
+  "defaultAction": "SCMP_ACT_ERRNO",
+  "architectures": [
+    "SCMP_ARCH_X86_64",
+    "SCMP_ARCH_X86",
+    "SCMP_ARCH_X32"
+  ],
+  "syscalls": [
+    {
+      "name": "accept",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "accept4",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "access",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "alarm",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "bind",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "brk",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "capget",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "capset",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chdir",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chmod",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chown",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chown32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "clock_getres",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "clock_gettime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "clock_nanosleep",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "close",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "connect",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "copy_file_range",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "creat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "dup",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "dup2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "dup3",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_create",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_create1",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_ctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_ctl_old",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_pwait",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_wait",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "epoll_wait_old",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "eventfd",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "eventfd2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "execve",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "execveat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "exit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "exit_group",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "faccessat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fadvise64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fadvise64_64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fallocate",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fanotify_mark",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchdir",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchmod",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchmodat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchown",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchown32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fchownat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fcntl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fcntl64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fdatasync",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fgetxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "flistxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "flock",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fork",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fremovexattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fsetxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstat64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstatat64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstatfs",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fstatfs64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "fsync",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ftruncate",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ftruncate64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "futex",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "futimesat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getcpu",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getcwd",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getdents",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getdents64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getegid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getegid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "geteuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "geteuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getgroups",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getgroups32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getitimer",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpeername",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpgrp",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getppid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getpriority",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getrandom",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getresgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getresgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getresuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getresuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getrlimit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "get_robust_list",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getrusage",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getsid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getsockname",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getsockopt",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "get_thread_area",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "gettid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "gettimeofday",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "getxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "inotify_add_watch",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "inotify_init",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "inotify_init1",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "inotify_rm_watch",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_cancel",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ioctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_destroy",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_getevents",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ioprio_get",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ioprio_set",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_setup",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "io_submit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ipc",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "kill",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lchown",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lchown32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lgetxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "link",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "linkat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "listen",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "listxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "llistxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "_llseek",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lremovexattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lseek",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lsetxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lstat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "lstat64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "madvise",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "memfd_create",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mincore",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mkdir",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mkdirat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mknod",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mknodat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mlock",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mlock2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mlockall",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mmap",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mmap2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mprotect",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_getsetattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_notify",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_open",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_timedreceive",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_timedsend",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mq_unlink",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "mremap",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msgctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msgget",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msgrcv",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msgsnd",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "msync",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "munlock",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "munlockall",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "munmap",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "nanosleep",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "newfstatat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "_newselect",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "open",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "openat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pause",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "personality",
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 0,
+          "valueTwo": 0,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "name": "personality",
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 8,
+          "valueTwo": 0,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "name": "personality",
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 4294967295,
+          "valueTwo": 0,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "name": "pipe",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pipe2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "poll",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ppoll",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "prctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pread64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "preadv",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "prlimit64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pselect6",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pwrite64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "pwritev",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "read",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "readahead",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "readlink",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "readlinkat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "readv",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "recv",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "recvfrom",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "recvmmsg",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "recvmsg",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "remap_file_pages",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "removexattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rename",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "renameat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "renameat2",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "restart_syscall",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rmdir",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigaction",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigpending",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigprocmask",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigqueueinfo",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigreturn",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigsuspend",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_sigtimedwait",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "rt_tgsigqueueinfo",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_getaffinity",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_getattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_getparam",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_get_priority_max",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_get_priority_min",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_getscheduler",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_rr_get_interval",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_setaffinity",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_setattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_setparam",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_setscheduler",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sched_yield",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "seccomp",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "select",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "semctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "semget",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "semop",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "semtimedop",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "send",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendfile",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendfile64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendmmsg",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendmsg",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sendto",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setfsgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setfsgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setfsuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setfsuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setgroups",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setgroups32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setitimer",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setpgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setpriority",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setregid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setregid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setresgid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setresgid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setresuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setresuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setreuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setreuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setrlimit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "set_robust_list",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setsid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setsockopt",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "set_thread_area",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "set_tid_address",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setuid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setuid32",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "setxattr",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shmat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shmctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shmdt",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shmget",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "shutdown",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sigaltstack",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "signalfd",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "signalfd4",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sigreturn",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "socket",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "socketcall",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "socketpair",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "splice",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "stat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "stat64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "statfs",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "statfs64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "symlink",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "symlinkat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sync",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sync_file_range",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "syncfs",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "sysinfo",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "syslog",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "tee",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "tgkill",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "time",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_create",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_delete",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timerfd_create",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timerfd_gettime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timerfd_settime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_getoverrun",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_gettime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "timer_settime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "times",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "tkill",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "truncate",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "truncate64",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "ugetrlimit",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "umask",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "uname",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "unlink",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "unlinkat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "utime",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "utimensat",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "utimes",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "vfork",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "vmsplice",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "wait4",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "waitid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "waitpid",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "write",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "writev",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "arch_prctl",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "modify_ldt",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "chroot",
+      "action": "SCMP_ACT_ALLOW",
+      "args": []
+    },
+    {
+      "name": "clone",
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 2080505856,
+          "valueTwo": 0,
+          "op": "SCMP_CMP_MASKED_EQ"
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/profiles/seccomp/fixtures/example.json b/profiles/seccomp/fixtures/example.json
old mode 100755
new mode 100644
index 674ca50fd9734..80c5a3152db95
--- a/profiles/seccomp/fixtures/example.json
+++ b/profiles/seccomp/fixtures/example.json
@@ -1,5 +1,6 @@
 {
     "defaultAction": "SCMP_ACT_ERRNO",
+    "defaultErrnoRet": 1,
     "syscalls": [
         {
             "name": "clone",
@@ -7,7 +8,7 @@
             "args": [
                 {
                     "index": 0,
-                    "value": 2080505856,
+                    "value": 2114060288,
                     "valueTwo": 0,
                     "op": "SCMP_CMP_MASKED_EQ"
                 }
@@ -22,6 +23,12 @@
             "name": "close",
             "action": "SCMP_ACT_ALLOW",
             "args": []
+        },
+        {
+            "name": "syslog",
+            "action": "SCMP_ACT_ERRNO",
+            "errnoRet": 12345,
+            "args": []
         }
     ]
 }
diff --git a/profiles/seccomp/generate.go b/profiles/seccomp/generate.go
index 32f22bb375f32..a5d56247ab7cb 100644
--- a/profiles/seccomp/generate.go
+++ b/profiles/seccomp/generate.go
@@ -1,10 +1,10 @@
+//go:build ignore
 // +build ignore
 
 package main
 
 import (
 	"encoding/json"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -26,7 +26,7 @@ func main() {
 		panic(err)
 	}
 
-	if err := ioutil.WriteFile(f, b, 0644); err != nil {
+	if err := os.WriteFile(f, b, 0644); err != nil {
 		panic(err)
 	}
 }
diff --git a/profiles/seccomp/kernel_linux.go b/profiles/seccomp/kernel_linux.go
new file mode 100644
index 0000000000000..558eabda3880c
--- /dev/null
+++ b/profiles/seccomp/kernel_linux.go
@@ -0,0 +1,59 @@
+package seccomp
+
+import (
+	"bytes"
+	"fmt"
+	"sync"
+
+	"golang.org/x/sys/unix"
+)
+
+var (
+	currentKernelVersion *KernelVersion
+	kernelVersionError   error
+	once                 sync.Once
+)
+
+// getKernelVersion gets the current kernel version.
+func getKernelVersion() (*KernelVersion, error) {
+	once.Do(func() {
+		var uts unix.Utsname
+		if err := unix.Uname(&uts); err != nil {
+			return
+		}
+		// Remove the \x00 from the release for Atoi to parse correctly
+		currentKernelVersion, kernelVersionError = parseRelease(string(uts.Release[:bytes.IndexByte(uts.Release[:], 0)]))
+	})
+	return currentKernelVersion, kernelVersionError
+}
+
+// parseRelease parses a string and creates a KernelVersion based on it.
+func parseRelease(release string) (*KernelVersion, error) {
+	var version = KernelVersion{}
+
+	// We're only make sure we get the "kernel" and "major revision". Sometimes we have
+	// 3.12.25-gentoo, but sometimes we just have 3.12-1-amd64.
+	_, err := fmt.Sscanf(release, "%d.%d", &version.Kernel, &version.Major)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse kernel version %q: %w", release, err)
+	}
+	return &version, nil
+}
+
+// kernelGreaterEqualThan checks if the host's kernel version is greater than, or
+// equal to the given kernel version v. Only "kernel version" and "major revision"
+// can be specified (e.g., "3.12") and will be taken into account, which means
+// that 3.12.25-gentoo and 3.12-1-amd64 are considered equal (kernel: 3, major: 12).
+func kernelGreaterEqualThan(minVersion KernelVersion) (bool, error) {
+	kv, err := getKernelVersion()
+	if err != nil {
+		return false, err
+	}
+	if kv.Kernel > minVersion.Kernel {
+		return true, nil
+	}
+	if kv.Kernel == minVersion.Kernel && kv.Major >= minVersion.Major {
+		return true, nil
+	}
+	return false, nil
+}
diff --git a/profiles/seccomp/kernel_linux_test.go b/profiles/seccomp/kernel_linux_test.go
new file mode 100644
index 0000000000000..a56a97a5880b1
--- /dev/null
+++ b/profiles/seccomp/kernel_linux_test.go
@@ -0,0 +1,122 @@
+package seccomp
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestGetKernelVersion(t *testing.T) {
+	version, err := getKernelVersion()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if version == nil {
+		t.Fatal("version is nil")
+	}
+	if version.Kernel == 0 {
+		t.Fatal("no kernel version")
+	}
+}
+
+// TestParseRelease tests the ParseRelease() function
+func TestParseRelease(t *testing.T) {
+	tests := []struct {
+		in          string
+		out         KernelVersion
+		expectedErr error
+	}{
+		{in: "3.8", out: KernelVersion{Kernel: 3, Major: 8}},
+		{in: "3.8.0", out: KernelVersion{Kernel: 3, Major: 8}},
+		{in: "3.8.0-19-generic", out: KernelVersion{Kernel: 3, Major: 8}},
+		{in: "3.4.54.longterm-1", out: KernelVersion{Kernel: 3, Major: 4}},
+		{in: "3.10.0-862.2.3.el7.x86_64", out: KernelVersion{Kernel: 3, Major: 10}},
+		{in: "3.12.8tag", out: KernelVersion{Kernel: 3, Major: 12}},
+		{in: "3.12-1-amd64", out: KernelVersion{Kernel: 3, Major: 12}},
+		{in: "3.12foobar", out: KernelVersion{Kernel: 3, Major: 12}},
+		{in: "99.999.999-19-generic", out: KernelVersion{Kernel: 99, Major: 999}},
+		{in: "", expectedErr: fmt.Errorf(`failed to parse kernel version "": EOF`)},
+		{in: "3", expectedErr: fmt.Errorf(`failed to parse kernel version "3": unexpected EOF`)},
+		{in: "3.", expectedErr: fmt.Errorf(`failed to parse kernel version "3.": EOF`)},
+		{in: "3a", expectedErr: fmt.Errorf(`failed to parse kernel version "3a": input does not match format`)},
+		{in: "3.a", expectedErr: fmt.Errorf(`failed to parse kernel version "3.a": expected integer`)},
+		{in: "a", expectedErr: fmt.Errorf(`failed to parse kernel version "a": expected integer`)},
+		{in: "a.a", expectedErr: fmt.Errorf(`failed to parse kernel version "a.a": expected integer`)},
+		{in: "a.a.a-a", expectedErr: fmt.Errorf(`failed to parse kernel version "a.a.a-a": expected integer`)},
+		{in: "-3", expectedErr: fmt.Errorf(`failed to parse kernel version "-3": expected integer`)},
+		{in: "-3.", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.": expected integer`)},
+		{in: "-3.8", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.8": expected integer`)},
+		{in: "-3.-8", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.-8": expected integer`)},
+		{in: "3.-8", expectedErr: fmt.Errorf(`failed to parse kernel version "3.-8": expected integer`)},
+	}
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.in, func(t *testing.T) {
+			version, err := parseRelease(tc.in)
+			if tc.expectedErr != nil {
+				if err == nil {
+					t.Fatal("expected an error")
+				}
+				if err.Error() != tc.expectedErr.Error() {
+					t.Fatalf("expected: %s, got: %s", tc.expectedErr, err)
+				}
+				return
+			}
+			if err != nil {
+				t.Fatal("unexpected error:", err)
+			}
+			if version == nil {
+				t.Fatal("version is nil")
+			}
+			if version.Kernel != tc.out.Kernel || version.Major != tc.out.Major {
+				t.Fatalf("expected: %d.%d, got: %d.%d", tc.out.Kernel, tc.out.Major, version.Kernel, version.Major)
+			}
+		})
+	}
+}
+
+func TestKernelGreaterEqualThan(t *testing.T) {
+	// Get the current kernel version, so that we can make test relative to that
+	v, err := getKernelVersion()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []struct {
+		doc      string
+		in       KernelVersion
+		expected bool
+	}{
+		{
+			doc:      "same version",
+			in:       KernelVersion{v.Kernel, v.Major},
+			expected: true,
+		},
+		{
+			doc:      "kernel minus one",
+			in:       KernelVersion{v.Kernel - 1, v.Major},
+			expected: true,
+		},
+		{
+			doc:      "kernel plus one",
+			in:       KernelVersion{v.Kernel + 1, v.Major},
+			expected: false,
+		},
+		{
+			doc:      "major plus one",
+			in:       KernelVersion{v.Kernel, v.Major + 1},
+			expected: false,
+		},
+	}
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.doc+": "+tc.in.String(), func(t *testing.T) {
+			ok, err := kernelGreaterEqualThan(tc.in)
+			if err != nil {
+				t.Fatal("unexpected error:", err)
+			}
+			if ok != tc.expected {
+				t.Fatalf("expected: %v, got: %v", tc.expected, ok)
+			}
+		})
+	}
+}
diff --git a/profiles/seccomp/seccomp.go b/profiles/seccomp/seccomp.go
index 4438670a5817a..45b1e4f76e0bd 100644
--- a/profiles/seccomp/seccomp.go
+++ b/profiles/seccomp/seccomp.go
@@ -1,160 +1,115 @@
-// +build linux
-
 package seccomp // import "github.com/docker/docker/profiles/seccomp"
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
+	"strconv"
+	"strings"
 
-	"github.com/docker/docker/api/types"
 	"github.com/opencontainers/runtime-spec/specs-go"
-	libseccomp "github.com/seccomp/libseccomp-golang"
 )
 
-//go:generate go run -tags 'seccomp' generate.go
+// Seccomp represents the config for a seccomp profile for syscall restriction.
+// It is used to marshal/unmarshal the JSON profiles as accepted by docker, and
+// extends the runtime-spec's specs.LinuxSeccomp, overriding some fields to
+// provide the ability to define conditional rules based on the host's kernel
+// version, architecture, and the container's capabilities.
+type Seccomp struct {
+	specs.LinuxSeccomp
+
+	// ArchMap contains a list of Architectures and Sub-architectures for the
+	// profile. When generating the profile, this list is expanded to a
+	// []specs.Arch, to propagate the Architectures field of the profile.
+	ArchMap []Architecture `json:"archMap,omitempty"`
+
+	// Syscalls contains lists of syscall rules. Rules can define conditions
+	// for them to be included or excluded in the resulting profile (based on
+	// on kernel version, architecture, capabilities, etc.). These lists are
+	// expanded to an specs.Syscall  When generating the profile, these lists
+	// are expanded to a []specs.LinuxSyscall.
+	Syscalls []*Syscall `json:"syscalls"`
+}
 
-// GetDefaultProfile returns the default seccomp profile.
-func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) {
-	return setupSeccomp(DefaultProfile(), rs)
+// Architecture is used to represent a specific architecture
+// and its sub-architectures
+type Architecture struct {
+	Arch      specs.Arch   `json:"architecture"`
+	SubArches []specs.Arch `json:"subArchitectures"`
 }
 
-// LoadProfile takes a json string and decodes the seccomp profile.
-func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
-	var config types.Seccomp
-	if err := json.Unmarshal([]byte(body), &config); err != nil {
-		return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err)
-	}
-	return setupSeccomp(&config, rs)
+// Filter is used to conditionally apply Seccomp rules
+type Filter struct {
+	Caps   []string `json:"caps,omitempty"`
+	Arches []string `json:"arches,omitempty"`
+
+	// MinKernel describes the minimum kernel version the rule must be applied
+	// on, in the format "<kernel version>.<major revision>" (e.g. "3.12").
+	//
+	// When matching the kernel version of the host, minor revisions, and distro-
+	// specific suffixes are ignored, which means that "3.12.25-gentoo", "3.12-1-amd64",
+	// "3.12", and "3.12-rc5" are considered equal (kernel 3, major revision 12).
+	MinKernel *KernelVersion `json:"minKernel,omitempty"`
 }
 
-var nativeToSeccomp = map[string]types.Arch{
-	"amd64":       types.ArchX86_64,
-	"arm64":       types.ArchAARCH64,
-	"mips64":      types.ArchMIPS64,
-	"mips64n32":   types.ArchMIPS64N32,
-	"mipsel64":    types.ArchMIPSEL64,
-	"mipsel64n32": types.ArchMIPSEL64N32,
-	"s390x":       types.ArchS390X,
+// Syscall is used to match a group of syscalls in Seccomp. It extends the
+// runtime-spec Syscall type, adding a "Name" field for backward compatibility
+// with older JSON representations, additional "Comment" metadata, and conditional
+// rules ("Includes", "Excludes") used to generate a runtime-spec Seccomp profile
+// based on the container (capabilities) and host's (arch, kernel) configuration.
+type Syscall struct {
+	specs.LinuxSyscall
+	// Deprecated: kept for backward compatibility with old JSON profiles, use Names instead
+	Name     string  `json:"name,omitempty"`
+	Comment  string  `json:"comment,omitempty"`
+	Includes *Filter `json:"includes,omitempty"`
+	Excludes *Filter `json:"excludes,omitempty"`
 }
 
-// inSlice tests whether a string is contained in a slice of strings or not.
-// Comparison is case sensitive
-func inSlice(slice []string, s string) bool {
-	for _, ss := range slice {
-		if s == ss {
-			return true
-		}
-	}
-	return false
+// KernelVersion holds information about the kernel.
+type KernelVersion struct {
+	Kernel uint64 // Version of the Kernel (i.e., the "4" in "4.1.2-generic")
+	Major  uint64 // Major revision of the Kernel (i.e., the "1" in "4.1.2-generic")
 }
 
-func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
-	if config == nil {
-		return nil, nil
+// String implements fmt.Stringer for KernelVersion
+func (k *KernelVersion) String() string {
+	if k.Kernel > 0 || k.Major > 0 {
+		return fmt.Sprintf("%d.%d", k.Kernel, k.Major)
 	}
+	return ""
+}
 
-	// No default action specified, no syscalls listed, assume seccomp disabled
-	if config.DefaultAction == "" && len(config.Syscalls) == 0 {
-		return nil, nil
-	}
+// MarshalJSON implements json.Unmarshaler for KernelVersion
+func (k *KernelVersion) MarshalJSON() ([]byte, error) {
+	return json.Marshal(k.String())
+}
 
-	newConfig := &specs.LinuxSeccomp{}
+// UnmarshalJSON implements json.Marshaler for KernelVersion
+func (k *KernelVersion) UnmarshalJSON(version []byte) error {
+	var (
+		ver string
+		err error
+	)
 
-	var arch string
-	var native, err = libseccomp.GetNativeArch()
-	if err == nil {
-		arch = native.String()
+	// make sure we have a string
+	if err = json.Unmarshal(version, &ver); err != nil {
+		return fmt.Errorf(`invalid kernel version: %s, expected "<kernel>.<major>": %v`, string(version), err)
 	}
-
-	if len(config.Architectures) != 0 && len(config.ArchMap) != 0 {
-		return nil, errors.New("'architectures' and 'archMap' were specified in the seccomp profile, use either 'architectures' or 'archMap'")
+	if ver == "" {
+		return nil
 	}
-
-	// if config.Architectures == 0 then libseccomp will figure out the architecture to use
-	if len(config.Architectures) != 0 {
-		for _, a := range config.Architectures {
-			newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a))
-		}
+	parts := strings.SplitN(ver, ".", 3)
+	if len(parts) != 2 {
+		return fmt.Errorf(`invalid kernel version: %s, expected "<kernel>.<major>"`, string(version))
 	}
-
-	if len(config.ArchMap) != 0 {
-		for _, a := range config.ArchMap {
-			seccompArch, ok := nativeToSeccomp[arch]
-			if ok {
-				if a.Arch == seccompArch {
-					newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a.Arch))
-					for _, sa := range a.SubArches {
-						newConfig.Architectures = append(newConfig.Architectures, specs.Arch(sa))
-					}
-					break
-				}
-			}
-		}
+	if k.Kernel, err = strconv.ParseUint(parts[0], 10, 8); err != nil {
+		return fmt.Errorf(`invalid kernel version: %s, expected "<kernel>.<major>": %v`, string(version), err)
 	}
-
-	newConfig.DefaultAction = specs.LinuxSeccompAction(config.DefaultAction)
-
-Loop:
-	// Loop through all syscall blocks and convert them to libcontainer format after filtering them
-	for _, call := range config.Syscalls {
-		if len(call.Excludes.Arches) > 0 {
-			if inSlice(call.Excludes.Arches, arch) {
-				continue Loop
-			}
-		}
-		if len(call.Excludes.Caps) > 0 {
-			for _, c := range call.Excludes.Caps {
-				if inSlice(rs.Process.Capabilities.Bounding, c) {
-					continue Loop
-				}
-			}
-		}
-		if len(call.Includes.Arches) > 0 {
-			if !inSlice(call.Includes.Arches, arch) {
-				continue Loop
-			}
-		}
-		if len(call.Includes.Caps) > 0 {
-			for _, c := range call.Includes.Caps {
-				if !inSlice(rs.Process.Capabilities.Bounding, c) {
-					continue Loop
-				}
-			}
-		}
-
-		if call.Name != "" && len(call.Names) != 0 {
-			return nil, errors.New("'name' and 'names' were specified in the seccomp profile, use either 'name' or 'names'")
-		}
-
-		if call.Name != "" {
-			newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Name, call.Action, call.Args))
-		}
-
-		for _, n := range call.Names {
-			newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(n, call.Action, call.Args))
-		}
-	}
-
-	return newConfig, nil
-}
-
-func createSpecsSyscall(name string, action types.Action, args []*types.Arg) specs.LinuxSyscall {
-	newCall := specs.LinuxSyscall{
-		Names:  []string{name},
-		Action: specs.LinuxSeccompAction(action),
+	if k.Major, err = strconv.ParseUint(parts[1], 10, 8); err != nil {
+		return fmt.Errorf(`invalid kernel version: %s, expected "<kernel>.<major>": %v`, string(version), err)
 	}
-
-	// Loop through all the arguments of the syscall and convert them
-	for _, arg := range args {
-		newArg := specs.LinuxSeccompArg{
-			Index:    arg.Index,
-			Value:    arg.Value,
-			ValueTwo: arg.ValueTwo,
-			Op:       specs.LinuxSeccompOperator(arg.Op),
-		}
-
-		newCall.Args = append(newCall.Args, newArg)
+	if k.Kernel == 0 && k.Major == 0 {
+		return fmt.Errorf(`invalid kernel version: %s, expected "<kernel>.<major>": version cannot be 0.0`, string(version))
 	}
-	return newCall
+	return nil
 }
diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go
deleted file mode 100644
index 60550124daa83..0000000000000
--- a/profiles/seccomp/seccomp_default.go
+++ /dev/null
@@ -1,662 +0,0 @@
-// +build linux,seccomp
-
-package seccomp // import "github.com/docker/docker/profiles/seccomp"
-
-import (
-	"github.com/docker/docker/api/types"
-	"golang.org/x/sys/unix"
-)
-
-func arches() []types.Architecture {
-	return []types.Architecture{
-		{
-			Arch:      types.ArchX86_64,
-			SubArches: []types.Arch{types.ArchX86, types.ArchX32},
-		},
-		{
-			Arch:      types.ArchAARCH64,
-			SubArches: []types.Arch{types.ArchARM},
-		},
-		{
-			Arch:      types.ArchMIPS64,
-			SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64N32},
-		},
-		{
-			Arch:      types.ArchMIPS64N32,
-			SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64},
-		},
-		{
-			Arch:      types.ArchMIPSEL64,
-			SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64N32},
-		},
-		{
-			Arch:      types.ArchMIPSEL64N32,
-			SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64},
-		},
-		{
-			Arch:      types.ArchS390X,
-			SubArches: []types.Arch{types.ArchS390},
-		},
-	}
-}
-
-// DefaultProfile defines the whitelist for the default seccomp profile.
-func DefaultProfile() *types.Seccomp {
-	syscalls := []*types.Syscall{
-		{
-			Names: []string{
-				"accept",
-				"accept4",
-				"access",
-				"adjtimex",
-				"alarm",
-				"bind",
-				"brk",
-				"capget",
-				"capset",
-				"chdir",
-				"chmod",
-				"chown",
-				"chown32",
-				"clock_getres",
-				"clock_gettime",
-				"clock_nanosleep",
-				"close",
-				"connect",
-				"copy_file_range",
-				"creat",
-				"dup",
-				"dup2",
-				"dup3",
-				"epoll_create",
-				"epoll_create1",
-				"epoll_ctl",
-				"epoll_ctl_old",
-				"epoll_pwait",
-				"epoll_wait",
-				"epoll_wait_old",
-				"eventfd",
-				"eventfd2",
-				"execve",
-				"execveat",
-				"exit",
-				"exit_group",
-				"faccessat",
-				"fadvise64",
-				"fadvise64_64",
-				"fallocate",
-				"fanotify_mark",
-				"fchdir",
-				"fchmod",
-				"fchmodat",
-				"fchown",
-				"fchown32",
-				"fchownat",
-				"fcntl",
-				"fcntl64",
-				"fdatasync",
-				"fgetxattr",
-				"flistxattr",
-				"flock",
-				"fork",
-				"fremovexattr",
-				"fsetxattr",
-				"fstat",
-				"fstat64",
-				"fstatat64",
-				"fstatfs",
-				"fstatfs64",
-				"fsync",
-				"ftruncate",
-				"ftruncate64",
-				"futex",
-				"futimesat",
-				"getcpu",
-				"getcwd",
-				"getdents",
-				"getdents64",
-				"getegid",
-				"getegid32",
-				"geteuid",
-				"geteuid32",
-				"getgid",
-				"getgid32",
-				"getgroups",
-				"getgroups32",
-				"getitimer",
-				"getpeername",
-				"getpgid",
-				"getpgrp",
-				"getpid",
-				"getppid",
-				"getpriority",
-				"getrandom",
-				"getresgid",
-				"getresgid32",
-				"getresuid",
-				"getresuid32",
-				"getrlimit",
-				"get_robust_list",
-				"getrusage",
-				"getsid",
-				"getsockname",
-				"getsockopt",
-				"get_thread_area",
-				"gettid",
-				"gettimeofday",
-				"getuid",
-				"getuid32",
-				"getxattr",
-				"inotify_add_watch",
-				"inotify_init",
-				"inotify_init1",
-				"inotify_rm_watch",
-				"io_cancel",
-				"ioctl",
-				"io_destroy",
-				"io_getevents",
-				"ioprio_get",
-				"ioprio_set",
-				"io_setup",
-				"io_submit",
-				"ipc",
-				"kill",
-				"lchown",
-				"lchown32",
-				"lgetxattr",
-				"link",
-				"linkat",
-				"listen",
-				"listxattr",
-				"llistxattr",
-				"_llseek",
-				"lremovexattr",
-				"lseek",
-				"lsetxattr",
-				"lstat",
-				"lstat64",
-				"madvise",
-				"memfd_create",
-				"mincore",
-				"mkdir",
-				"mkdirat",
-				"mknod",
-				"mknodat",
-				"mlock",
-				"mlock2",
-				"mlockall",
-				"mmap",
-				"mmap2",
-				"mprotect",
-				"mq_getsetattr",
-				"mq_notify",
-				"mq_open",
-				"mq_timedreceive",
-				"mq_timedsend",
-				"mq_unlink",
-				"mremap",
-				"msgctl",
-				"msgget",
-				"msgrcv",
-				"msgsnd",
-				"msync",
-				"munlock",
-				"munlockall",
-				"munmap",
-				"nanosleep",
-				"newfstatat",
-				"_newselect",
-				"open",
-				"openat",
-				"pause",
-				"pipe",
-				"pipe2",
-				"poll",
-				"ppoll",
-				"prctl",
-				"pread64",
-				"preadv",
-				"preadv2",
-				"prlimit64",
-				"pselect6",
-				"pwrite64",
-				"pwritev",
-				"pwritev2",
-				"read",
-				"readahead",
-				"readlink",
-				"readlinkat",
-				"readv",
-				"recv",
-				"recvfrom",
-				"recvmmsg",
-				"recvmsg",
-				"remap_file_pages",
-				"removexattr",
-				"rename",
-				"renameat",
-				"renameat2",
-				"restart_syscall",
-				"rmdir",
-				"rt_sigaction",
-				"rt_sigpending",
-				"rt_sigprocmask",
-				"rt_sigqueueinfo",
-				"rt_sigreturn",
-				"rt_sigsuspend",
-				"rt_sigtimedwait",
-				"rt_tgsigqueueinfo",
-				"sched_getaffinity",
-				"sched_getattr",
-				"sched_getparam",
-				"sched_get_priority_max",
-				"sched_get_priority_min",
-				"sched_getscheduler",
-				"sched_rr_get_interval",
-				"sched_setaffinity",
-				"sched_setattr",
-				"sched_setparam",
-				"sched_setscheduler",
-				"sched_yield",
-				"seccomp",
-				"select",
-				"semctl",
-				"semget",
-				"semop",
-				"semtimedop",
-				"send",
-				"sendfile",
-				"sendfile64",
-				"sendmmsg",
-				"sendmsg",
-				"sendto",
-				"setfsgid",
-				"setfsgid32",
-				"setfsuid",
-				"setfsuid32",
-				"setgid",
-				"setgid32",
-				"setgroups",
-				"setgroups32",
-				"setitimer",
-				"setpgid",
-				"setpriority",
-				"setregid",
-				"setregid32",
-				"setresgid",
-				"setresgid32",
-				"setresuid",
-				"setresuid32",
-				"setreuid",
-				"setreuid32",
-				"setrlimit",
-				"set_robust_list",
-				"setsid",
-				"setsockopt",
-				"set_thread_area",
-				"set_tid_address",
-				"setuid",
-				"setuid32",
-				"setxattr",
-				"shmat",
-				"shmctl",
-				"shmdt",
-				"shmget",
-				"shutdown",
-				"sigaltstack",
-				"signalfd",
-				"signalfd4",
-				"sigreturn",
-				"socket",
-				"socketcall",
-				"socketpair",
-				"splice",
-				"stat",
-				"stat64",
-				"statfs",
-				"statfs64",
-				"statx",
-				"symlink",
-				"symlinkat",
-				"sync",
-				"sync_file_range",
-				"syncfs",
-				"sysinfo",
-				"tee",
-				"tgkill",
-				"time",
-				"timer_create",
-				"timer_delete",
-				"timerfd_create",
-				"timerfd_gettime",
-				"timerfd_settime",
-				"timer_getoverrun",
-				"timer_gettime",
-				"timer_settime",
-				"times",
-				"tkill",
-				"truncate",
-				"truncate64",
-				"ugetrlimit",
-				"umask",
-				"uname",
-				"unlink",
-				"unlinkat",
-				"utime",
-				"utimensat",
-				"utimes",
-				"vfork",
-				"vmsplice",
-				"wait4",
-				"waitid",
-				"waitpid",
-				"write",
-				"writev",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-		},
-		{
-			Names:  []string{"personality"},
-			Action: types.ActAllow,
-			Args: []*types.Arg{
-				{
-					Index: 0,
-					Value: 0x0,
-					Op:    types.OpEqualTo,
-				},
-			},
-		},
-		{
-			Names:  []string{"personality"},
-			Action: types.ActAllow,
-			Args: []*types.Arg{
-				{
-					Index: 0,
-					Value: 0x0008,
-					Op:    types.OpEqualTo,
-				},
-			},
-		},
-		{
-			Names:  []string{"personality"},
-			Action: types.ActAllow,
-			Args: []*types.Arg{
-				{
-					Index: 0,
-					Value: 0x20000,
-					Op:    types.OpEqualTo,
-				},
-			},
-		},
-		{
-			Names:  []string{"personality"},
-			Action: types.ActAllow,
-			Args: []*types.Arg{
-				{
-					Index: 0,
-					Value: 0x20008,
-					Op:    types.OpEqualTo,
-				},
-			},
-		},
-		{
-			Names:  []string{"personality"},
-			Action: types.ActAllow,
-			Args: []*types.Arg{
-				{
-					Index: 0,
-					Value: 0xffffffff,
-					Op:    types.OpEqualTo,
-				},
-			},
-		},
-		{
-			Names: []string{
-				"sync_file_range2",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Arches: []string{"ppc64le"},
-			},
-		},
-		{
-			Names: []string{
-				"arm_fadvise64_64",
-				"arm_sync_file_range",
-				"sync_file_range2",
-				"breakpoint",
-				"cacheflush",
-				"set_tls",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Arches: []string{"arm", "arm64"},
-			},
-		},
-		{
-			Names: []string{
-				"arch_prctl",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Arches: []string{"amd64", "x32"},
-			},
-		},
-		{
-			Names: []string{
-				"modify_ldt",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Arches: []string{"amd64", "x32", "x86"},
-			},
-		},
-		{
-			Names: []string{
-				"s390_pci_mmio_read",
-				"s390_pci_mmio_write",
-				"s390_runtime_instr",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Arches: []string{"s390", "s390x"},
-			},
-		},
-		{
-			Names: []string{
-				"open_by_handle_at",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_DAC_READ_SEARCH"},
-			},
-		},
-		{
-			Names: []string{
-				"bpf",
-				"clone",
-				"fanotify_init",
-				"lookup_dcookie",
-				"mount",
-				"name_to_handle_at",
-				"perf_event_open",
-				"quotactl",
-				"setdomainname",
-				"sethostname",
-				"setns",
-				"syslog",
-				"umount",
-				"umount2",
-				"unshare",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_ADMIN"},
-			},
-		},
-		{
-			Names: []string{
-				"clone",
-			},
-			Action: types.ActAllow,
-			Args: []*types.Arg{
-				{
-					Index:    0,
-					Value:    unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET,
-					ValueTwo: 0,
-					Op:       types.OpMaskedEqual,
-				},
-			},
-			Excludes: types.Filter{
-				Caps:   []string{"CAP_SYS_ADMIN"},
-				Arches: []string{"s390", "s390x"},
-			},
-		},
-		{
-			Names: []string{
-				"clone",
-			},
-			Action: types.ActAllow,
-			Args: []*types.Arg{
-				{
-					Index:    1,
-					Value:    unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET,
-					ValueTwo: 0,
-					Op:       types.OpMaskedEqual,
-				},
-			},
-			Comment: "s390 parameter ordering for clone is different",
-			Includes: types.Filter{
-				Arches: []string{"s390", "s390x"},
-			},
-			Excludes: types.Filter{
-				Caps: []string{"CAP_SYS_ADMIN"},
-			},
-		},
-		{
-			Names: []string{
-				"reboot",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_BOOT"},
-			},
-		},
-		{
-			Names: []string{
-				"chroot",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_CHROOT"},
-			},
-		},
-		{
-			Names: []string{
-				"delete_module",
-				"init_module",
-				"finit_module",
-				"query_module",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_MODULE"},
-			},
-		},
-		{
-			Names: []string{
-				"acct",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_PACCT"},
-			},
-		},
-		{
-			Names: []string{
-				"kcmp",
-				"process_vm_readv",
-				"process_vm_writev",
-				"ptrace",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_PTRACE"},
-			},
-		},
-		{
-			Names: []string{
-				"iopl",
-				"ioperm",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_RAWIO"},
-			},
-		},
-		{
-			Names: []string{
-				"settimeofday",
-				"stime",
-				"clock_settime",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_TIME"},
-			},
-		},
-		{
-			Names: []string{
-				"vhangup",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_TTY_CONFIG"},
-			},
-		},
-		{
-			Names: []string{
-				"get_mempolicy",
-				"mbind",
-				"set_mempolicy",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYS_NICE"},
-			},
-		},
-		{
-			Names: []string{
-				"syslog",
-			},
-			Action: types.ActAllow,
-			Args:   []*types.Arg{},
-			Includes: types.Filter{
-				Caps: []string{"CAP_SYSLOG"},
-			},
-		},
-	}
-
-	return &types.Seccomp{
-		DefaultAction: types.ActErrno,
-		ArchMap:       arches(),
-		Syscalls:      syscalls,
-	}
-}
diff --git a/profiles/seccomp/seccomp_linux.go b/profiles/seccomp/seccomp_linux.go
new file mode 100644
index 0000000000000..4d8fed68c6a19
--- /dev/null
+++ b/profiles/seccomp/seccomp_linux.go
@@ -0,0 +1,166 @@
+//go:generate go run -tags 'seccomp' generate.go
+
+package seccomp // import "github.com/docker/docker/profiles/seccomp"
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"runtime"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// GetDefaultProfile returns the default seccomp profile.
+func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) {
+	return setupSeccomp(DefaultProfile(), rs)
+}
+
+// LoadProfile takes a json string and decodes the seccomp profile.
+func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
+	var config Seccomp
+	if err := json.Unmarshal([]byte(body), &config); err != nil {
+		return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err)
+	}
+	return setupSeccomp(&config, rs)
+}
+
+// libseccomp string => seccomp arch
+var nativeToSeccomp = map[string]specs.Arch{
+	"x86":         specs.ArchX86,
+	"amd64":       specs.ArchX86_64,
+	"arm":         specs.ArchARM,
+	"arm64":       specs.ArchAARCH64,
+	"mips64":      specs.ArchMIPS64,
+	"mips64n32":   specs.ArchMIPS64N32,
+	"mipsel64":    specs.ArchMIPSEL64,
+	"mips3l64n32": specs.ArchMIPSEL64N32,
+	"mipsle":      specs.ArchMIPSEL,
+	"ppc":         specs.ArchPPC,
+	"ppc64":       specs.ArchPPC64,
+	"ppc64le":     specs.ArchPPC64LE,
+	"s390":        specs.ArchS390,
+	"s390x":       specs.ArchS390X,
+}
+
+// GOARCH => libseccomp string
+var goToNative = map[string]string{
+	"386":         "x86",
+	"amd64":       "amd64",
+	"arm":         "arm",
+	"arm64":       "arm64",
+	"mips64":      "mips64",
+	"mips64p32":   "mips64n32",
+	"mips64le":    "mipsel64",
+	"mips64p32le": "mips3l64n32",
+	"mipsle":      "mipsel",
+	"ppc":         "ppc",
+	"ppc64":       "ppc64",
+	"ppc64le":     "ppc64le",
+	"s390":        "s390",
+	"s390x":       "s390x",
+}
+
+// inSlice tests whether a string is contained in a slice of strings or not.
+// Comparison is case sensitive
+func inSlice(slice []string, s string) bool {
+	for _, ss := range slice {
+		if s == ss {
+			return true
+		}
+	}
+	return false
+}
+
+func setupSeccomp(config *Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
+	if config == nil {
+		return nil, nil
+	}
+
+	// No default action specified, no syscalls listed, assume seccomp disabled
+	if config.DefaultAction == "" && len(config.Syscalls) == 0 {
+		return nil, nil
+	}
+
+	if len(config.Architectures) != 0 && len(config.ArchMap) != 0 {
+		return nil, errors.New("both 'architectures' and 'archMap' are specified in the seccomp profile, use either 'architectures' or 'archMap'")
+	}
+
+	if len(config.LinuxSeccomp.Syscalls) != 0 {
+		// The Seccomp type overrides the LinuxSeccomp.Syscalls field,
+		// so 'this should never happen' when loaded from JSON, but could
+		// happen if someone constructs the Config from source.
+		return nil, errors.New("the LinuxSeccomp.Syscalls field should be empty")
+	}
+
+	var (
+		// Copy all common / standard properties to the output profile
+		newConfig = &config.LinuxSeccomp
+		arch      = goToNative[runtime.GOARCH]
+	)
+	if seccompArch, ok := nativeToSeccomp[arch]; ok {
+		for _, a := range config.ArchMap {
+			if a.Arch == seccompArch {
+				newConfig.Architectures = append(newConfig.Architectures, a.Arch)
+				newConfig.Architectures = append(newConfig.Architectures, a.SubArches...)
+				break
+			}
+		}
+	}
+
+Loop:
+	// Convert Syscall to OCI runtimes-spec specs.LinuxSyscall after filtering them.
+	for _, call := range config.Syscalls {
+		if call.Name != "" {
+			if len(call.Names) != 0 {
+				return nil, errors.New("both 'name' and 'names' are specified in the seccomp profile, use either 'name' or 'names'")
+			}
+			call.Names = []string{call.Name}
+		}
+		if call.Excludes != nil {
+			if len(call.Excludes.Arches) > 0 {
+				if inSlice(call.Excludes.Arches, arch) {
+					continue Loop
+				}
+			}
+			if len(call.Excludes.Caps) > 0 {
+				for _, c := range call.Excludes.Caps {
+					if inSlice(rs.Process.Capabilities.Bounding, c) {
+						continue Loop
+					}
+				}
+			}
+			if call.Excludes.MinKernel != nil {
+				if ok, err := kernelGreaterEqualThan(*call.Excludes.MinKernel); err != nil {
+					return nil, err
+				} else if ok {
+					continue Loop
+				}
+			}
+		}
+		if call.Includes != nil {
+			if len(call.Includes.Arches) > 0 {
+				if !inSlice(call.Includes.Arches, arch) {
+					continue Loop
+				}
+			}
+			if len(call.Includes.Caps) > 0 {
+				for _, c := range call.Includes.Caps {
+					if !inSlice(rs.Process.Capabilities.Bounding, c) {
+						continue Loop
+					}
+				}
+			}
+			if call.Includes.MinKernel != nil {
+				if ok, err := kernelGreaterEqualThan(*call.Includes.MinKernel); err != nil {
+					return nil, err
+				} else if !ok {
+					continue Loop
+				}
+			}
+		}
+		newConfig.Syscalls = append(newConfig.Syscalls, call.LinuxSyscall)
+	}
+
+	return newConfig, nil
+}
diff --git a/profiles/seccomp/seccomp_test.go b/profiles/seccomp/seccomp_test.go
index b0b63ea8110ee..3a401db4ecc2e 100644
--- a/profiles/seccomp/seccomp_test.go
+++ b/profiles/seccomp/seccomp_test.go
@@ -1,32 +1,297 @@
+//go:build linux
 // +build linux
 
 package seccomp // import "github.com/docker/docker/profiles/seccomp"
 
 import (
-	"io/ioutil"
+	"encoding/json"
+	"os"
+	"strings"
 	"testing"
 
-	"github.com/docker/docker/oci"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"gotest.tools/v3/assert"
 )
 
 func TestLoadProfile(t *testing.T) {
-	f, err := ioutil.ReadFile("fixtures/example.json")
+	f, err := os.ReadFile("fixtures/example.json")
 	if err != nil {
 		t.Fatal(err)
 	}
-	rs := oci.DefaultSpec()
-	if _, err := LoadProfile(string(f), &rs); err != nil {
+	rs := createSpec()
+	p, err := LoadProfile(string(f), &rs)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var expectedErrno uint = 12345
+	var expectedDefaultErrno uint = 1
+	expected := specs.LinuxSeccomp{
+		DefaultAction:   specs.ActErrno,
+		DefaultErrnoRet: &expectedDefaultErrno,
+		Syscalls: []specs.LinuxSyscall{
+			{
+				Names:  []string{"clone"},
+				Action: specs.ActAllow,
+				Args: []specs.LinuxSeccompArg{{
+					Index:    0,
+					Value:    2114060288,
+					ValueTwo: 0,
+					Op:       specs.OpMaskedEqual,
+				}},
+			},
+			{
+
+				Names:  []string{"open"},
+				Action: specs.ActAllow,
+				Args:   []specs.LinuxSeccompArg{},
+			},
+			{
+				Names:  []string{"close"},
+				Action: specs.ActAllow,
+				Args:   []specs.LinuxSeccompArg{},
+			},
+			{
+				Names:    []string{"syslog"},
+				Action:   specs.ActErrno,
+				ErrnoRet: &expectedErrno,
+				Args:     []specs.LinuxSeccompArg{},
+			},
+		},
+	}
+
+	assert.DeepEqual(t, expected, *p)
+}
+
+func TestLoadProfileWithDefaultErrnoRet(t *testing.T) {
+	var profile = []byte(`{
+"defaultAction": "SCMP_ACT_ERRNO",
+"defaultErrnoRet": 6
+}`)
+	rs := createSpec()
+	p, err := LoadProfile(string(profile), &rs)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedErrnoRet := uint(6)
+	expected := specs.LinuxSeccomp{
+		DefaultAction:   specs.ActErrno,
+		DefaultErrnoRet: &expectedErrnoRet,
+	}
+
+	assert.DeepEqual(t, expected, *p)
+}
+
+func TestLoadProfileWithListenerPath(t *testing.T) {
+	var profile = []byte(`{
+"defaultAction": "SCMP_ACT_ERRNO",
+"listenerPath": "/var/run/seccompaget.sock",
+"listenerMetadata": "opaque-metadata"
+}`)
+	rs := createSpec()
+	p, err := LoadProfile(string(profile), &rs)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := specs.LinuxSeccomp{
+		DefaultAction:    specs.ActErrno,
+		ListenerPath:     "/var/run/seccompaget.sock",
+		ListenerMetadata: "opaque-metadata",
+	}
+
+	assert.DeepEqual(t, expected, *p)
+}
+
+func TestLoadProfileWithFlag(t *testing.T) {
+	profile := `{"defaultAction": "SCMP_ACT_ERRNO", "flags": ["SECCOMP_FILTER_FLAG_SPEC_ALLOW", "SECCOMP_FILTER_FLAG_LOG"]}`
+	expected := specs.LinuxSeccomp{
+		DefaultAction: specs.ActErrno,
+		Flags:         []specs.LinuxSeccompFlag{"SECCOMP_FILTER_FLAG_SPEC_ALLOW", "SECCOMP_FILTER_FLAG_LOG"},
+	}
+	rs := createSpec()
+	p, err := LoadProfile(profile, &rs)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, expected, *p)
+}
+
+// TestLoadProfileValidation tests that invalid profiles produce the correct error.
+func TestLoadProfileValidation(t *testing.T) {
+	tests := []struct {
+		doc      string
+		profile  string
+		expected string
+	}{
+		{
+			doc:      "conflicting architectures and archMap",
+			profile:  `{"defaultAction": "SCMP_ACT_ERRNO", "architectures": ["A", "B", "C"], "archMap": [{"architecture": "A", "subArchitectures": ["B", "C"]}]}`,
+			expected: `use either 'architectures' or 'archMap'`,
+		},
+		{
+			doc:      "conflicting syscall.name and syscall.names",
+			profile:  `{"defaultAction": "SCMP_ACT_ERRNO", "syscalls": [{"name": "accept", "names": ["accept"], "action": "SCMP_ACT_ALLOW"}]}`,
+			expected: `use either 'name' or 'names'`,
+		},
+	}
+	for _, tc := range tests {
+		tc := tc
+		rs := createSpec()
+		t.Run(tc.doc, func(t *testing.T) {
+			_, err := LoadProfile(tc.profile, &rs)
+			assert.ErrorContains(t, err, tc.expected)
+		})
+	}
+}
+
+// TestLoadLegacyProfile tests loading a seccomp profile in the old format
+// (before https://github.com/docker/docker/pull/24510)
+func TestLoadLegacyProfile(t *testing.T) {
+	f, err := os.ReadFile("fixtures/default-old-format.json")
+	if err != nil {
 		t.Fatal(err)
 	}
+	rs := createSpec()
+	p, err := LoadProfile(string(f), &rs)
+	assert.NilError(t, err)
+	assert.Equal(t, p.DefaultAction, specs.ActErrno)
+	assert.DeepEqual(t, p.Architectures, []specs.Arch{"SCMP_ARCH_X86_64", "SCMP_ARCH_X86", "SCMP_ARCH_X32"})
+	assert.Equal(t, len(p.Syscalls), 311)
+	expected := specs.LinuxSyscall{
+		Names:  []string{"accept"},
+		Action: specs.ActAllow,
+		Args:   []specs.LinuxSeccompArg{},
+	}
+	assert.DeepEqual(t, p.Syscalls[0], expected)
 }
 
 func TestLoadDefaultProfile(t *testing.T) {
-	f, err := ioutil.ReadFile("default.json")
+	f, err := os.ReadFile("default.json")
 	if err != nil {
 		t.Fatal(err)
 	}
-	rs := oci.DefaultSpec()
+	rs := createSpec()
 	if _, err := LoadProfile(string(f), &rs); err != nil {
 		t.Fatal(err)
 	}
 }
+
+func TestUnmarshalDefaultProfile(t *testing.T) {
+	expected := DefaultProfile()
+	if expected == nil {
+		t.Skip("seccomp not supported")
+	}
+
+	f, err := os.ReadFile("default.json")
+	if err != nil {
+		t.Fatal(err)
+	}
+	var profile Seccomp
+	err = json.Unmarshal(f, &profile)
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.DeepEqual(t, expected.Architectures, profile.Architectures)
+	assert.DeepEqual(t, expected.ArchMap, profile.ArchMap)
+	assert.DeepEqual(t, expected.DefaultAction, profile.DefaultAction)
+	assert.DeepEqual(t, expected.Syscalls, profile.Syscalls)
+}
+
+func TestMarshalUnmarshalFilter(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		in    string
+		out   string
+		error bool
+	}{
+		{in: `{"arches":["s390x"],"minKernel":3}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":3.12}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":true}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":"0.0"}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":"3"}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":".3"}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":"3."}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":"true"}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":"3.12.1\""}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":"4.15abc"}`, error: true},
+		{in: `{"arches":["s390x"],"minKernel":null}`, out: `{"arches":["s390x"]}`},
+		{in: `{"arches":["s390x"],"minKernel":""}`, out: `{"arches":["s390x"],"minKernel":""}`}, // FIXME: try to fix omitempty for this
+		{in: `{"arches":["s390x"],"minKernel":"0.5"}`, out: `{"arches":["s390x"],"minKernel":"0.5"}`},
+		{in: `{"arches":["s390x"],"minKernel":"0.50"}`, out: `{"arches":["s390x"],"minKernel":"0.50"}`},
+		{in: `{"arches":["s390x"],"minKernel":"5.0"}`, out: `{"arches":["s390x"],"minKernel":"5.0"}`},
+		{in: `{"arches":["s390x"],"minKernel":"50.0"}`, out: `{"arches":["s390x"],"minKernel":"50.0"}`},
+		{in: `{"arches":["s390x"],"minKernel":"4.15"}`, out: `{"arches":["s390x"],"minKernel":"4.15"}`},
+	}
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.in, func(t *testing.T) {
+			var filter Filter
+			err := json.Unmarshal([]byte(tc.in), &filter)
+			if tc.error {
+				if err == nil {
+					t.Fatal("expected an error")
+				} else if !strings.Contains(err.Error(), "invalid kernel version") {
+					t.Fatal("unexpected error:", err)
+				}
+				return
+			}
+			if err != nil {
+				t.Fatal(err)
+			}
+			out, err := json.Marshal(filter)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if string(out) != tc.out {
+				t.Fatalf("expected %s, got %s", tc.out, string(out))
+			}
+		})
+	}
+}
+
+func TestLoadConditional(t *testing.T) {
+	f, err := os.ReadFile("fixtures/conditional_include.json")
+	if err != nil {
+		t.Fatal(err)
+	}
+	tests := []struct {
+		doc      string
+		cap      string
+		expected []string
+	}{
+		{doc: "no caps", expected: []string{"chmod", "ptrace"}},
+		{doc: "with syslog", cap: "CAP_SYSLOG", expected: []string{"chmod", "syslog", "ptrace"}},
+		{doc: "no ptrace", cap: "CAP_SYS_ADMIN", expected: []string{"chmod"}},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.doc, func(t *testing.T) {
+			rs := createSpec(tc.cap)
+			p, err := LoadProfile(string(f), &rs)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if len(p.Syscalls) != len(tc.expected) {
+				t.Fatalf("expected %d syscalls in profile, have %d", len(tc.expected), len(p.Syscalls))
+			}
+			for i, v := range p.Syscalls {
+				if v.Names[0] != tc.expected[i] {
+					t.Fatalf("expected %s syscall, have %s", tc.expected[i], v.Names[0])
+				}
+			}
+		})
+	}
+}
+
+// createSpec() creates a minimum spec for testing
+func createSpec(caps ...string) specs.Spec {
+	rs := specs.Spec{
+		Process: &specs.Process{
+			Capabilities: &specs.LinuxCapabilities{},
+		},
+	}
+	if caps != nil {
+		rs.Process.Capabilities.Bounding = append(rs.Process.Capabilities.Bounding, caps...)
+	}
+	return rs
+}
diff --git a/profiles/seccomp/seccomp_unsupported.go b/profiles/seccomp/seccomp_unsupported.go
index 67e06401f1173..d337695e10b5a 100644
--- a/profiles/seccomp/seccomp_unsupported.go
+++ b/profiles/seccomp/seccomp_unsupported.go
@@ -1,12 +1,9 @@
+//go:build linux && !seccomp
 // +build linux,!seccomp
 
 package seccomp // import "github.com/docker/docker/profiles/seccomp"
 
-import (
-	"github.com/docker/docker/api/types"
-)
-
 // DefaultProfile returns a nil pointer on unsupported systems.
-func DefaultProfile() *types.Seccomp {
+func DefaultProfile() *Seccomp {
 	return nil
 }
diff --git a/project/ARM.md b/project/ARM.md
deleted file mode 100644
index c876231d1eba3..0000000000000
--- a/project/ARM.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# ARM support
-
-The ARM support should be considered experimental. It will be extended step by step in the coming weeks.
-
-Building a Docker Development Image works in the same fashion as for Intel platform (x86-64).
-Currently we have initial support for 32bit ARMv7 devices.
-
-To work with the Docker Development Image you have to clone the Docker/Docker repo on a supported device.
-It needs to have a Docker Engine installed to build the Docker Development Image.
-
-From the root of the Docker/Docker repo one can use make to execute the following make targets:
-- make validate
-- make binary
-- make build
-- make deb
-- make bundles
-- make default
-- make shell
-- make test-unit
-- make test-integration
-- make
-
-The Makefile does include logic to determine on which OS and architecture the Docker Development Image is built.
-Based on OS and architecture it chooses the correct Dockerfile.
-For the ARM 32bit architecture it uses `Dockerfile.armhf`.
-
-So for example in order to build a Docker binary one has to:
-1. clone the Docker/Docker repository on an ARM device `git clone https://github.com/docker/docker.git`  
-2. change into the checked out repository with `cd docker`  
-3. execute `make binary` to create a Docker Engine binary for ARM  
-
-## Kernel modules
-A few libnetwork integration tests require that the kernel be
-configured with "dummy" network interface and has the module
-loaded. However, the dummy module may be not loaded automatically.
-
-To load the kernel module permanently, run these commands as `root`.
-
-    modprobe dummy
-    echo "dummy" >> /etc/modules
-
-On some systems you also have to sync your kernel modules.
-
-    oc-sync-kernel-modules
-    depmod
diff --git a/project/CONTRIBUTING.md b/project/CONTRIBUTING.md
deleted file mode 120000
index 44fcc63439371..0000000000000
--- a/project/CONTRIBUTING.md
+++ /dev/null
@@ -1 +0,0 @@
-../CONTRIBUTING.md
\ No newline at end of file
diff --git a/project/GOVERNANCE.md b/project/GOVERNANCE.md
index 4b52989a642e5..588429b313b74 100644
--- a/project/GOVERNANCE.md
+++ b/project/GOVERNANCE.md
@@ -113,7 +113,7 @@ the same steps:
  * **Step 3**: Maintainers merge, close or reject the pull request.
 
 Pull requests are reviewed by the current maintainers of the moby/moby
-repository. Weekly meetings are organized to are organized to synchronously
+repository. Weekly meetings are organized to synchronously
 discuss tricky PRs, as well as design and architecture decisions.. When
 technical agreement cannot be reached among the maintainers of the project,
 escalation or concerns can be raised by opening an issue to be handled
diff --git a/project/IRC-ADMINISTRATION.md b/project/IRC-ADMINISTRATION.md
deleted file mode 100644
index 824a14bd51fd7..0000000000000
--- a/project/IRC-ADMINISTRATION.md
+++ /dev/null
@@ -1,37 +0,0 @@
-# Freenode IRC Administration Guidelines and Tips
-
-This is not meant to be a general "Here's how to IRC" document, so if you're
-looking for that, check Google instead. ♥
-
-If you've been charged with helping maintain one of Docker's now many IRC
-channels, this might turn out to be useful.  If there's information that you
-wish you'd known about how a particular channel is organized, you should add
-deets here! :)
-
-## `ChanServ`
-
-Most channel maintenance happens by talking to Freenode's `ChanServ` bot.  For
-example, `/msg ChanServ ACCESS <channel> LIST` will show you a list of everyone
-with "access" privileges for a particular channel.
-
-A similar command is used to give someone a particular access level.  For
-example, to add a new maintainer to the `#docker-maintainers` access list so
-that they can contribute to the discussions (after they've been merged
-appropriately in a `MAINTAINERS` file, of course), one would use `/msg ChanServ
-ACCESS #docker-maintainers ADD <nick> maintainer`.
-
-To setup a new channel with a similar `maintainer` access template, use a
-command like `/msg ChanServ TEMPLATE <channel> maintainer +AV` (`+A` for letting
-them view the `ACCESS LIST`, `+V` for auto-voice; see `/msg ChanServ HELP FLAGS`
-for more details).
-
-## Troubleshooting
-
-The most common cause of not-getting-auto-`+v` woes is people not being
-`IDENTIFY`ed with `NickServ` (or their current nickname not being `GROUP`ed with
-their main nickname) -- often manifested by `ChanServ` responding to an `ACCESS
-ADD` request with something like `xyz is not registered.`.
-
-This is easily fixed by doing `/msg NickServ IDENTIFY OldNick SecretPassword`
-followed by `/msg NickServ GROUP` to group the two nicknames together.  See
-`/msg NickServ HELP GROUP` for more information.
diff --git a/project/PACKAGE-REPO-MAINTENANCE.md b/project/PACKAGE-REPO-MAINTENANCE.md
deleted file mode 100644
index 458384a3d9244..0000000000000
--- a/project/PACKAGE-REPO-MAINTENANCE.md
+++ /dev/null
@@ -1,74 +0,0 @@
-# Apt & Yum Repository Maintenance
-## A maintainer's guide to managing Docker's package repos
-
-### How to clean up old experimental debs and rpms
-
-We release debs and rpms for experimental nightly, so these can build up.
-To remove old experimental debs and rpms, and _ONLY_ keep the latest, follow the
-steps below.
-
-1. Checkout docker master
-
-2. Run clean scripts
-
-```bash
-docker build --rm --force-rm -t docker-dev:master .
-docker run --rm -it --privileged \
-    -v /path/to/your/repos/dir:/volumes/repos \
-    -v $HOME/.gnupg:/root/.gnupg \
-    -e GPG_PASSPHRASE \
-    -e DOCKER_RELEASE_DIR=/volumes/repos \
-    docker-dev:master hack/make.sh clean-apt-repo clean-yum-repo generate-index-listing sign-repos
-```
-
-3. Upload the changed repos to `s3` (if you host on s3)
-
-4. Purge the cache, PURGE the cache, PURGE THE CACHE!
-
-### How to get out of a sticky situation
-
-Sh\*t happens. We know. Below are steps to get out of any "hash-sum mismatch" or
-"gpg sig error" or the likes error that might happen to the apt repo.
-
-**NOTE:** These are apt repo specific, have had no experience with anything similar
-happening to the yum repo in the past so you can rest easy.
-
-For each step listed below, move on to the next if the previous didn't work.
-Otherwise CELEBRATE!
-
-1. Purge the cache.
-
-2. Did you remember to sign the debs after releasing?
-
-Re-sign the repo with your gpg key:
-
-```bash
-docker build --rm --force-rm -t docker-dev:master .
-docker run --rm -it --privileged \
-    -v /path/to/your/repos/dir:/volumes/repos \
-    -v $HOME/.gnupg:/root/.gnupg \
-    -e GPG_PASSPHRASE \
-    -e DOCKER_RELEASE_DIR=/volumes/repos \
-    docker-dev:master hack/make.sh sign-repos
-```
-
-Upload the changed repo to `s3` (if that is where you host)
-
-PURGE THE CACHE.
-
-3. Run Jess' magical, save all, only in case of extreme emergencies, "you are
-going to have to break this glass to get it" script.
-
-```bash
-docker build --rm --force-rm -t docker-dev:master .
-docker run --rm -it --privileged \
-    -v /path/to/your/repos/dir:/volumes/repos \
-    -v $HOME/.gnupg:/root/.gnupg \
-    -e GPG_PASSPHRASE \
-    -e DOCKER_RELEASE_DIR=/volumes/repos \
-    docker-dev:master hack/make.sh update-apt-repo generate-index-listing sign-repos
-```
-
-4. Upload the changed repo to `s3` (if that is where you host)
-
-PURGE THE CACHE.
diff --git a/project/PACKAGERS.md b/project/PACKAGERS.md
index a5b0018b5a0cf..23c963c725262 100644
--- a/project/PACKAGERS.md
+++ b/project/PACKAGERS.md
@@ -4,24 +4,6 @@ If you are looking to make Docker available on your favorite software
 distribution, this document is for you. It summarizes the requirements for
 building and running the Docker client and the Docker daemon.
 
-## Getting Started
-
-We want to help you package Docker successfully. Before doing any packaging, a
-good first step is to introduce yourself on the [docker-dev mailing
-list](https://groups.google.com/d/forum/docker-dev), explain what you're trying
-to achieve, and tell us how we can help. Don't worry, we don't bite! There might
-even be someone already working on packaging for the same distro!
-
-You can also join the IRC channel - #docker and #docker-dev on Freenode are both
-active and friendly.
-
-We like to refer to Tianon ("@tianon" on GitHub and "tianon" on IRC) as our
-"Packagers Relations", since he's always working to make sure our packagers have
-a good, healthy upstream to work with (both in our communication and in our
-build scripts). If you're having any kind of trouble, feel free to ping him
-directly. He also likes to keep track of what distributions we have packagers
-for, so feel free to reach out to him even just to say "Hi!"
-
 ## Package Name
 
 If possible, your package should be called "docker". If that name is already
@@ -41,27 +23,7 @@ need to package Docker your way, without denaturing it in the process.
 
 ## Build Dependencies
 
-To build Docker, you will need the following:
-
-* A recent version of Git and Mercurial
-* Go version 1.6 or later
-* A clean checkout of the source added to a valid [Go
-  workspace](https://golang.org/doc/code.html#Workspaces) under the path
-  *src/github.com/docker/docker* (unless you plan to use `AUTO_GOPATH`,
-  explained in more detail below)
-
-To build the Docker daemon, you will additionally need:
-
-* An amd64/x86_64 machine running Linux
-* SQLite version 3.7.9 or later
-* libdevmapper version 1.02.68-cvs (2012-01-26) or later from lvm2 version
-  2.02.89 or later
-* btrfs-progs version 3.16.1 or later (unless using an older version is
-  absolutely necessary, in which case 3.8 is the minimum)
-* libseccomp version 2.2.1 or later (for build tag seccomp)
-
-Be sure to also check out Docker's Dockerfile for the most up-to-date list of
-these build-time dependencies.
+The Dockerfile contains the most up-to-date list of build-time dependencies.
 
 ### Go Dependencies
 
@@ -69,18 +31,10 @@ All Go dependencies are vendored under "./vendor". They are used by the official
 build, so the source of truth for the current version of each dependency is
 whatever is in "./vendor".
 
-To use the vendored dependencies, simply make sure the path to "./vendor" is
-included in `GOPATH` (or use `AUTO_GOPATH`, as explained below).
-
 If you would rather (or must, due to distro policy) package these dependencies
 yourself, take a look at "vendor.conf" for an easy-to-parse list of the
 exact version for each.
 
-NOTE: if you're not able to package the exact version (to the exact commit) of a
-given dependency, please get in touch so we can remediate! Who knows what
-discrepancies can be caused by even the slightest deviation. We promise to do
-our best to make everybody happy.
-
 ## Stripping Binaries
 
 Please, please, please do not strip any compiled binaries. This is really
@@ -123,46 +77,11 @@ from the upstream Golang perspective.
 
 ## Building Docker
 
-Please use our build script ("./hack/make.sh") for all your compilation of
-Docker. If there's something you need that it isn't doing, or something it could
-be doing to make your life as a packager easier, please get in touch with Tianon
-and help us rectify the situation. Chances are good that other packagers have
-probably run into the same problems and a fix might already be in the works, but
-none of us will know for sure unless you harass Tianon about it. :)
-
-All the commands listed within this section should be run with the Docker source
-checkout as the current working directory.
-
-### `AUTO_GOPATH`
-
-If you'd rather not be bothered with the hassles that setting up `GOPATH`
-appropriately can be, and prefer to just get a "build that works", you should
-add something similar to this to whatever script or process you're using to
-build Docker:
-
-```bash
-export AUTO_GOPATH=1
-```
-
-This will cause the build scripts to set up a reasonable `GOPATH` that
-automatically and properly includes both docker/docker from the local
-directory, and the local "./vendor" directory as necessary.
+Please use our build script ("./hack/make.sh") for compilation.
 
 ### `DOCKER_BUILDTAGS`
 
-If you're building a binary that may need to be used on platforms that include
-AppArmor, you will need to set `DOCKER_BUILDTAGS` as follows:
-```bash
-export DOCKER_BUILDTAGS='apparmor'
-```
-
-If you're building a binary that may need to be used on platforms that include
-SELinux, you will need to use the `selinux` build tag:
-```bash
-export DOCKER_BUILDTAGS='selinux'
-```
-
-If you're building a binary that may need to be used on platforms that include
+If you're building a binary that might be used on platforms that include
 seccomp, you will need to use the `seccomp` build tag:
 ```bash
 export DOCKER_BUILDTAGS='seccomp'
@@ -188,51 +107,9 @@ export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
 
 NOTE: if you need to set more than one build tag, space separate them:
 ```bash
-export DOCKER_BUILDTAGS='apparmor selinux exclude_graphdriver_aufs'
+export DOCKER_BUILDTAGS='apparmor exclude_graphdriver_aufs'
 ```
 
-### Static Daemon
-
-If it is feasible within the constraints of your distribution, you should
-seriously consider packaging Docker as a single static binary. A good comparison
-is Busybox, which is often packaged statically as a feature to enable mass
-portability. Because of the unique way Docker operates, being similarly static
-is a "feature".
-
-To build a static Docker daemon binary, run the following command (first
-ensuring that all the necessary libraries are available in static form for
-linking - see the "Build Dependencies" section above, and the relevant lines
-within Docker's own Dockerfile that set up our official build environment):
-
-```bash
-./hack/make.sh binary
-```
-
-This will create a static binary under
-"./bundles/$VERSION/binary/docker-$VERSION", where "$VERSION" is the contents of
-the file "./VERSION". This binary is usually installed somewhere like
-"/usr/bin/docker".
-
-### Dynamic Daemon / Client-only Binary
-
-If you are only interested in a Docker client binary, you can build using:
-
-```bash
-./hack/make.sh binary-client
-```
-
-If you need to (due to distro policy, distro library availability, or for other
-reasons) create a dynamically compiled daemon binary, or if you are only
-interested in creating a client binary for Docker, use something similar to the
-following:
-
-```bash
-./hack/make.sh dynbinary-client
-```
-
-This will create "./bundles/$VERSION/dynbinary-client/docker-$VERSION", which for
-client-only builds is the important file to grab and install as appropriate.
-
 ## System Dependencies
 
 ### Runtime Dependencies
@@ -245,12 +122,7 @@ installed and available at runtime:
 * e2fsprogs version 1.4.12 or later (in use: mkfs.ext4, tune2fs)
 * xfsprogs (in use: mkfs.xfs)
 * XZ Utils version 4.9 or later
-* a [properly
-  mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount)
-  cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point
-  [is](https://github.com/docker/docker/issues/2683)
-  [not](https://github.com/docker/docker/issues/3485)
-  [sufficient](https://github.com/docker/docker/issues/4568))
+* pigz (optional)
 
 Additionally, the Docker client needs the following software to be installed and
 available at runtime:
@@ -261,11 +133,7 @@ available at runtime:
 
 The Docker daemon has very specific kernel requirements. Most pre-packaged
 kernels already include the necessary options enabled. If you are building your
-own kernel, you will either need to discover the options necessary via trial and
-error, or check out the [Gentoo
-ebuild](https://github.com/tianon/docker-overlay/blob/master/app-emulation/docker/docker-9999.ebuild),
-in which a list is maintained (and if there are any issues or discrepancies in
-that list, please contact Tianon so they can be rectified).
+own kernel, you should check out `contrib/check-config.sh`.
 
 Note that in client mode, there are no specific kernel requirements, and that
 the client will even run on alternative platforms such as Mac OS X / Darwin.
@@ -286,8 +154,7 @@ by having support for them in the kernel or userspace. A few examples include:
 Docker expects to run as a daemon at machine startup. Your package will need to
 include a script for your distro's process supervisor of choice. Be sure to
 check out the "contrib/init" folder in case a suitable init script already
-exists (and if one does not, contact Tianon about whether it might be
-appropriate for your distro's init script to live there too!).
+exists.
 
 In general, Docker should be run as root, similar to the following:
 
@@ -295,13 +162,5 @@ In general, Docker should be run as root, similar to the following:
 dockerd
 ```
 
-Generally, a `DOCKER_OPTS` variable of some kind is available for adding more
-flags (such as changing the graph driver to use BTRFS, switching the location of
-"/var/lib/docker", etc).
-
-## Communicate
-
-As a final note, please do feel free to reach out to Tianon at any time for
-pretty much anything. He really does love hearing from our packagers and wants
-to make sure we're not being a "hostile upstream". As should be a given, we
-appreciate the work our packagers do to make sure we have broad distribution!
+Generally, it is encouraged that additional configuration be placed in
+`/etc/docker/daemon.json`.
diff --git a/project/REVIEWING.md b/project/REVIEWING.md
index cac3f5d7d4e46..d29f217086ed8 100644
--- a/project/REVIEWING.md
+++ b/project/REVIEWING.md
@@ -21,7 +21,7 @@ exist on the repository should apply to issues.
  * `status/1-design-review`
  * `status/2-code-review`
  * `status/3-docs-review`
- * `status/4-ready-to-merge`
+ * `status/4-merge`
 
 Special status labels:
 
diff --git a/project/TOOLS.md b/project/TOOLS.md
deleted file mode 100644
index dda0fc034233f..0000000000000
--- a/project/TOOLS.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# Tools
-
-This page describes the tools we use and infrastructure that is in place for
-the Docker project.
-
-### CI
-
-The Docker project uses [Jenkins](https://jenkins.dockerproject.org/) as our
-continuous integration server. Each Pull Request to Docker is tested by running the 
-equivalent of `make all`. We chose Jenkins because we can host it ourselves and
-we run Docker in Docker to test.
-
-#### Leeroy
-
-Leeroy is a Go application which integrates Jenkins with 
-GitHub pull requests. Leeroy uses 
-[GitHub hooks](https://developer.github.com/v3/repos/hooks/) 
-to listen for pull request notifications and starts jobs on your Jenkins 
-server.  Using the Jenkins
-[notification plugin](https://wiki.jenkins-ci.org/display/JENKINS/Notification+Plugin),
-Leeroy updates the pull request using GitHub's 
-[status API](https://developer.github.com/v3/repos/statuses/)
-with pending, success, failure, or error statuses.
-
-The leeroy repository is maintained at
-[github.com/docker/leeroy](https://github.com/docker/leeroy).
-
-#### GordonTheTurtle IRC Bot
-
-The GordonTheTurtle IRC Bot lives in the
-[#docker-maintainers](https://botbot.me/freenode/docker-maintainers/) channel
-on Freenode. He is built in Go and is based off the project at
-[github.com/fabioxgn/go-bot](https://github.com/fabioxgn/go-bot). 
-
-His main command is `!rebuild`, which rebuilds a given Pull Request for a repository.
-This command works by integrating with Leroy. He has a few other commands too, such 
-as `!gif` or `!godoc`, but we are always looking for more fun commands to add.
-
-The gordon-bot repository is maintained at
-[github.com/docker/gordon-bot](https://github.com/docker/gordon-bot)
-
-### NSQ
-
-We use [NSQ](https://github.com/bitly/nsq) for various aspects of the project
-infrastructure.
-
-#### Hooks
-
-The hooks project,
-[github.com/crosbymichael/hooks](https://github.com/crosbymichael/hooks),
-is a small Go application that manages web hooks from github, hub.docker.com, or
-other third party services.
-
-It can be used for listening to github webhooks & pushing them to a queue,
-archiving hooks to rethinkdb for processing, and broadcasting hooks to various
-jobs.
-
-#### Docker Master Binaries
-
-One of the things queued from the Hooks are the building of the Master
-Binaries. This happens on every push to the master branch of Docker. The
-repository for this is maintained at
-[github.com/docker/docker-bb](https://github.com/docker/docker-bb).
diff --git a/quota/errors.go b/quota/errors.go
new file mode 100644
index 0000000000000..37f3438bd02a0
--- /dev/null
+++ b/quota/errors.go
@@ -0,0 +1,19 @@
+package quota // import "github.com/docker/docker/quota"
+
+import "github.com/docker/docker/errdefs"
+
+var (
+	_ errdefs.ErrNotImplemented = (*errQuotaNotSupported)(nil)
+)
+
+// ErrQuotaNotSupported indicates if were found the FS didn't have projects quotas available
+var ErrQuotaNotSupported = errQuotaNotSupported{}
+
+type errQuotaNotSupported struct {
+}
+
+func (e errQuotaNotSupported) NotImplemented() {}
+
+func (e errQuotaNotSupported) Error() string {
+	return "Filesystem does not support, or has not enabled quotas"
+}
diff --git a/quota/projectquota.go b/quota/projectquota.go
new file mode 100644
index 0000000000000..13d2efefe57d4
--- /dev/null
+++ b/quota/projectquota.go
@@ -0,0 +1,443 @@
+//go:build linux && !exclude_disk_quota && cgo
+// +build linux,!exclude_disk_quota,cgo
+
+//
+// projectquota.go - implements XFS project quota controls
+// for setting quota limits on a newly created directory.
+// It currently supports the legacy XFS specific ioctls.
+//
+// TODO: use generic quota control ioctl FS_IOC_FS{GET,SET}XATTR
+//       for both xfs/ext4 for kernel version >= v4.5
+//
+
+package quota // import "github.com/docker/docker/quota"
+
+/*
+#include <stdlib.h>
+#include <dirent.h>
+#include <linux/fs.h>
+#include <linux/quota.h>
+#include <linux/dqblk_xfs.h>
+
+#ifndef FS_XFLAG_PROJINHERIT
+struct fsxattr {
+	__u32		fsx_xflags;
+	__u32		fsx_extsize;
+	__u32		fsx_nextents;
+	__u32		fsx_projid;
+	unsigned char	fsx_pad[12];
+};
+#define FS_XFLAG_PROJINHERIT	0x00000200
+#endif
+#ifndef FS_IOC_FSGETXATTR
+#define FS_IOC_FSGETXATTR		_IOR ('X', 31, struct fsxattr)
+#endif
+#ifndef FS_IOC_FSSETXATTR
+#define FS_IOC_FSSETXATTR		_IOW ('X', 32, struct fsxattr)
+#endif
+
+#ifndef PRJQUOTA
+#define PRJQUOTA	2
+#endif
+#ifndef XFS_PROJ_QUOTA
+#define XFS_PROJ_QUOTA	2
+#endif
+#ifndef Q_XSETPQLIM
+#define Q_XSETPQLIM QCMD(Q_XSETQLIM, PRJQUOTA)
+#endif
+#ifndef Q_XGETPQUOTA
+#define Q_XGETPQUOTA QCMD(Q_XGETQUOTA, PRJQUOTA)
+#endif
+
+const int Q_XGETQSTAT_PRJQUOTA = QCMD(Q_XGETQSTAT, PRJQUOTA);
+*/
+import "C"
+import (
+	"os"
+	"path"
+	"path/filepath"
+	"sync"
+	"unsafe"
+
+	"github.com/containerd/containerd/pkg/userns"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+type pquotaState struct {
+	sync.Mutex
+	nextProjectID uint32
+}
+
+var pquotaStateInst *pquotaState
+var pquotaStateOnce sync.Once
+
+// getPquotaState - get global pquota state tracker instance
+func getPquotaState() *pquotaState {
+	pquotaStateOnce.Do(func() {
+		pquotaStateInst = &pquotaState{
+			nextProjectID: 1,
+		}
+	})
+	return pquotaStateInst
+}
+
+// registerBasePath - register a new base path and update nextProjectID
+func (state *pquotaState) updateMinProjID(minProjectID uint32) {
+	state.Lock()
+	defer state.Unlock()
+	if state.nextProjectID <= minProjectID {
+		state.nextProjectID = minProjectID + 1
+	}
+}
+
+// NewControl - initialize project quota support.
+// Test to make sure that quota can be set on a test dir and find
+// the first project id to be used for the next container create.
+//
+// Returns nil (and error) if project quota is not supported.
+//
+// First get the project id of the home directory.
+// This test will fail if the backing fs is not xfs.
+//
+// xfs_quota tool can be used to assign a project id to the driver home directory, e.g.:
+//    echo 999:/var/lib/docker/overlay2 >> /etc/projects
+//    echo docker:999 >> /etc/projid
+//    xfs_quota -x -c 'project -s docker' /<xfs mount point>
+//
+// In that case, the home directory project id will be used as a "start offset"
+// and all containers will be assigned larger project ids (e.g. >= 1000).
+// This is a way to prevent xfs_quota management from conflicting with docker.
+//
+// Then try to create a test directory with the next project id and set a quota
+// on it. If that works, continue to scan existing containers to map allocated
+// project ids.
+//
+func NewControl(basePath string) (*Control, error) {
+	//
+	// If we are running in a user namespace quota won't be supported for
+	// now since makeBackingFsDev() will try to mknod().
+	//
+	if userns.RunningInUserNS() {
+		return nil, ErrQuotaNotSupported
+	}
+
+	//
+	// create backing filesystem device node
+	//
+	backingFsBlockDev, err := makeBackingFsDev(basePath)
+	if err != nil {
+		return nil, err
+	}
+
+	// check if we can call quotactl with project quotas
+	// as a mechanism to determine (early) if we have support
+	hasQuotaSupport, err := hasQuotaSupport(backingFsBlockDev)
+	if err != nil {
+		return nil, err
+	}
+	if !hasQuotaSupport {
+		return nil, ErrQuotaNotSupported
+	}
+
+	//
+	// Get project id of parent dir as minimal id to be used by driver
+	//
+	baseProjectID, err := getProjectID(basePath)
+	if err != nil {
+		return nil, err
+	}
+	minProjectID := baseProjectID + 1
+
+	//
+	// Test if filesystem supports project quotas by trying to set
+	// a quota on the first available project id
+	//
+	quota := Quota{
+		Size: 0,
+	}
+	if err := setProjectQuota(backingFsBlockDev, minProjectID, quota); err != nil {
+		return nil, err
+	}
+
+	q := Control{
+		backingFsBlockDev: backingFsBlockDev,
+		quotas:            make(map[string]uint32),
+	}
+
+	//
+	// update minimum project ID
+	//
+	state := getPquotaState()
+	state.updateMinProjID(minProjectID)
+
+	//
+	// get first project id to be used for next container
+	//
+	err = q.findNextProjectID(basePath, baseProjectID)
+	if err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("NewControl(%s): nextProjectID = %d", basePath, state.nextProjectID)
+	return &q, nil
+}
+
+// SetQuota - assign a unique project id to directory and set the quota limits
+// for that project id
+func (q *Control) SetQuota(targetPath string, quota Quota) error {
+	q.RLock()
+	projectID, ok := q.quotas[targetPath]
+	q.RUnlock()
+	if !ok {
+		state := getPquotaState()
+		state.Lock()
+		projectID = state.nextProjectID
+
+		//
+		// assign project id to new container directory
+		//
+		err := setProjectID(targetPath, projectID)
+		if err != nil {
+			state.Unlock()
+			return err
+		}
+
+		state.nextProjectID++
+		state.Unlock()
+
+		q.Lock()
+		q.quotas[targetPath] = projectID
+		q.Unlock()
+	}
+
+	//
+	// set the quota limit for the container's project id
+	//
+	logrus.Debugf("SetQuota(%s, %d): projectID=%d", targetPath, quota.Size, projectID)
+	return setProjectQuota(q.backingFsBlockDev, projectID, quota)
+}
+
+// setProjectQuota - set the quota for project id on xfs block device
+func setProjectQuota(backingFsBlockDev string, projectID uint32, quota Quota) error {
+	var d C.fs_disk_quota_t
+	d.d_version = C.FS_DQUOT_VERSION
+	d.d_id = C.__u32(projectID)
+	d.d_flags = C.XFS_PROJ_QUOTA
+
+	d.d_fieldmask = C.FS_DQ_BHARD | C.FS_DQ_BSOFT
+	d.d_blk_hardlimit = C.__u64(quota.Size / 512)
+	d.d_blk_softlimit = d.d_blk_hardlimit
+
+	var cs = C.CString(backingFsBlockDev)
+	defer C.free(unsafe.Pointer(cs))
+
+	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, C.Q_XSETPQLIM,
+		uintptr(unsafe.Pointer(cs)), uintptr(d.d_id),
+		uintptr(unsafe.Pointer(&d)), 0, 0)
+	if errno != 0 {
+		return errors.Wrapf(errno, "failed to set quota limit for projid %d on %s",
+			projectID, backingFsBlockDev)
+	}
+
+	return nil
+}
+
+// GetQuota - get the quota limits of a directory that was configured with SetQuota
+func (q *Control) GetQuota(targetPath string, quota *Quota) error {
+	q.RLock()
+	projectID, ok := q.quotas[targetPath]
+	q.RUnlock()
+	if !ok {
+		return errors.Errorf("quota not found for path: %s", targetPath)
+	}
+
+	//
+	// get the quota limit for the container's project id
+	//
+	var d C.fs_disk_quota_t
+
+	var cs = C.CString(q.backingFsBlockDev)
+	defer C.free(unsafe.Pointer(cs))
+
+	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, C.Q_XGETPQUOTA,
+		uintptr(unsafe.Pointer(cs)), uintptr(C.__u32(projectID)),
+		uintptr(unsafe.Pointer(&d)), 0, 0)
+	if errno != 0 {
+		return errors.Wrapf(errno, "Failed to get quota limit for projid %d on %s",
+			projectID, q.backingFsBlockDev)
+	}
+	quota.Size = uint64(d.d_blk_hardlimit) * 512
+
+	return nil
+}
+
+// getProjectID - get the project id of path on xfs
+func getProjectID(targetPath string) (uint32, error) {
+	dir, err := openDir(targetPath)
+	if err != nil {
+		return 0, err
+	}
+	defer closeDir(dir)
+
+	var fsx C.struct_fsxattr
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
+		uintptr(unsafe.Pointer(&fsx)))
+	if errno != 0 {
+		return 0, errors.Wrapf(errno, "failed to get projid for %s", targetPath)
+	}
+
+	return uint32(fsx.fsx_projid), nil
+}
+
+// setProjectID - set the project id of path on xfs
+func setProjectID(targetPath string, projectID uint32) error {
+	dir, err := openDir(targetPath)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+
+	var fsx C.struct_fsxattr
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
+		uintptr(unsafe.Pointer(&fsx)))
+	if errno != 0 {
+		return errors.Wrapf(errno, "failed to get projid for %s", targetPath)
+	}
+	fsx.fsx_projid = C.__u32(projectID)
+	fsx.fsx_xflags |= C.FS_XFLAG_PROJINHERIT
+	_, _, errno = unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSSETXATTR,
+		uintptr(unsafe.Pointer(&fsx)))
+	if errno != 0 {
+		return errors.Wrapf(errno, "failed to set projid for %s", targetPath)
+	}
+
+	return nil
+}
+
+// findNextProjectID - find the next project id to be used for containers
+// by scanning driver home directory to find used project ids
+func (q *Control) findNextProjectID(home string, baseID uint32) error {
+	state := getPquotaState()
+	state.Lock()
+	defer state.Unlock()
+
+	checkProjID := func(path string) (uint32, error) {
+		projid, err := getProjectID(path)
+		if err != nil {
+			return projid, err
+		}
+		if projid > 0 {
+			q.quotas[path] = projid
+		}
+		if state.nextProjectID <= projid {
+			state.nextProjectID = projid + 1
+		}
+		return projid, nil
+	}
+
+	files, err := os.ReadDir(home)
+	if err != nil {
+		return errors.Errorf("read directory failed: %s", home)
+	}
+	for _, file := range files {
+		if !file.IsDir() {
+			continue
+		}
+		path := filepath.Join(home, file.Name())
+		projid, err := checkProjID(path)
+		if err != nil {
+			return err
+		}
+		if projid > 0 && projid != baseID {
+			continue
+		}
+		subfiles, err := os.ReadDir(path)
+		if err != nil {
+			return errors.Errorf("read directory failed: %s", path)
+		}
+		for _, subfile := range subfiles {
+			if !subfile.IsDir() {
+				continue
+			}
+			subpath := filepath.Join(path, subfile.Name())
+			_, err := checkProjID(subpath)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func free(p *C.char) {
+	C.free(unsafe.Pointer(p))
+}
+
+func openDir(path string) (*C.DIR, error) {
+	Cpath := C.CString(path)
+	defer free(Cpath)
+
+	dir := C.opendir(Cpath)
+	if dir == nil {
+		return nil, errors.Errorf("failed to open dir: %s", path)
+	}
+	return dir, nil
+}
+
+func closeDir(dir *C.DIR) {
+	if dir != nil {
+		C.closedir(dir)
+	}
+}
+
+func getDirFd(dir *C.DIR) uintptr {
+	return uintptr(C.dirfd(dir))
+}
+
+// makeBackingFsDev gets the backing block device of the driver home directory
+// and creates a block device node under the home directory to be used by
+// quotactl commands.
+func makeBackingFsDev(home string) (string, error) {
+	var stat unix.Stat_t
+	if err := unix.Stat(home, &stat); err != nil {
+		return "", err
+	}
+
+	backingFsBlockDev := path.Join(home, "backingFsBlockDev")
+	// Re-create just in case someone copied the home directory over to a new device
+	unix.Unlink(backingFsBlockDev)
+	err := unix.Mknod(backingFsBlockDev, unix.S_IFBLK|0600, int(stat.Dev))
+	switch err {
+	case nil:
+		return backingFsBlockDev, nil
+
+	case unix.ENOSYS, unix.EPERM:
+		return "", ErrQuotaNotSupported
+
+	default:
+		return "", errors.Wrapf(err, "failed to mknod %s", backingFsBlockDev)
+	}
+}
+
+func hasQuotaSupport(backingFsBlockDev string) (bool, error) {
+	var cs = C.CString(backingFsBlockDev)
+	defer free(cs)
+	var qstat C.fs_quota_stat_t
+
+	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, uintptr(C.Q_XGETQSTAT_PRJQUOTA), uintptr(unsafe.Pointer(cs)), 0, uintptr(unsafe.Pointer(&qstat)), 0, 0)
+	if errno == 0 && qstat.qs_flags&C.FS_QUOTA_PDQ_ENFD > 0 && qstat.qs_flags&C.FS_QUOTA_PDQ_ACCT > 0 {
+		return true, nil
+	}
+
+	switch errno {
+	// These are the known fatal errors, consider all other errors (ENOTTY, etc.. not supporting quota)
+	case unix.EFAULT, unix.ENOENT, unix.ENOTBLK, unix.EPERM:
+	default:
+		return false, nil
+	}
+
+	return false, errno
+}
diff --git a/quota/projectquota_test.go b/quota/projectquota_test.go
new file mode 100644
index 0000000000000..e25fe99fb431e
--- /dev/null
+++ b/quota/projectquota_test.go
@@ -0,0 +1,78 @@
+//go:build linux
+// +build linux
+
+package quota // import "github.com/docker/docker/quota"
+
+import (
+	"io"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+// 10MB
+const testQuotaSize = 10 * 1024 * 1024
+
+func TestBlockDev(t *testing.T) {
+	if msg, ok := CanTestQuota(); !ok {
+		t.Skip(msg)
+	}
+
+	// get sparse xfs test image
+	imageFileName, err := PrepareQuotaTestImage(t)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(imageFileName)
+
+	t.Run("testBlockDevQuotaDisabled", WrapMountTest(imageFileName, false, testBlockDevQuotaDisabled))
+	t.Run("testBlockDevQuotaEnabled", WrapMountTest(imageFileName, true, testBlockDevQuotaEnabled))
+	t.Run("testSmallerThanQuota", WrapMountTest(imageFileName, true, WrapQuotaTest(testSmallerThanQuota)))
+	t.Run("testBiggerThanQuota", WrapMountTest(imageFileName, true, WrapQuotaTest(testBiggerThanQuota)))
+	t.Run("testRetrieveQuota", WrapMountTest(imageFileName, true, WrapQuotaTest(testRetrieveQuota)))
+}
+
+func testBlockDevQuotaDisabled(t *testing.T, mountPoint, backingFsDev, testDir string) {
+	hasSupport, err := hasQuotaSupport(backingFsDev)
+	assert.NilError(t, err)
+	assert.Check(t, !hasSupport)
+}
+
+func testBlockDevQuotaEnabled(t *testing.T, mountPoint, backingFsDev, testDir string) {
+	hasSupport, err := hasQuotaSupport(backingFsDev)
+	assert.NilError(t, err)
+	assert.Check(t, hasSupport)
+}
+
+func testSmallerThanQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
+	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
+	smallerThanQuotaFile := filepath.Join(testSubDir, "smaller-than-quota")
+	assert.NilError(t, os.WriteFile(smallerThanQuotaFile, make([]byte, testQuotaSize/2), 0644))
+	assert.NilError(t, os.Remove(smallerThanQuotaFile))
+}
+
+func testBiggerThanQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
+	// Make sure the quota is being enforced
+	// TODO: When we implement this under EXT4, we need to shed CAP_SYS_RESOURCE, otherwise
+	// we're able to violate quota without issue
+	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
+
+	biggerThanQuotaFile := filepath.Join(testSubDir, "bigger-than-quota")
+	err := os.WriteFile(biggerThanQuotaFile, make([]byte, testQuotaSize+1), 0644)
+	assert.Assert(t, is.ErrorContains(err, ""))
+	if err == io.ErrShortWrite {
+		assert.NilError(t, os.Remove(biggerThanQuotaFile))
+	}
+}
+
+func testRetrieveQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
+	// Validate that we can retrieve quota
+	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
+
+	var q Quota
+	assert.NilError(t, ctrl.GetQuota(testSubDir, &q))
+	assert.Check(t, is.Equal(uint64(testQuotaSize), q.Size))
+}
diff --git a/quota/projectquota_unsupported.go b/quota/projectquota_unsupported.go
new file mode 100644
index 0000000000000..ed21055c2eece
--- /dev/null
+++ b/quota/projectquota_unsupported.go
@@ -0,0 +1,19 @@
+//go:build (linux && exclude_disk_quota) || (linux && !cgo) || !linux
+// +build linux,exclude_disk_quota linux,!cgo !linux
+
+package quota // import "github.com/docker/docker/quota"
+
+func NewControl(basePath string) (*Control, error) {
+	return nil, ErrQuotaNotSupported
+}
+
+// SetQuota - assign a unique project id to directory and set the quota limits
+// for that project id
+func (q *Control) SetQuota(targetPath string, quota Quota) error {
+	return ErrQuotaNotSupported
+}
+
+// GetQuota - get the quota limits of a directory that was configured with SetQuota
+func (q *Control) GetQuota(targetPath string, quota *Quota) error {
+	return ErrQuotaNotSupported
+}
diff --git a/quota/testhelpers.go b/quota/testhelpers.go
new file mode 100644
index 0000000000000..6087162e2ae78
--- /dev/null
+++ b/quota/testhelpers.go
@@ -0,0 +1,122 @@
+//go:build linux && !exclude_disk_quota && cgo
+// +build linux,!exclude_disk_quota,cgo
+
+package quota // import "github.com/docker/docker/quota"
+
+import (
+	"os"
+	"os/exec"
+	"testing"
+
+	"golang.org/x/sys/unix"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/fs"
+)
+
+const imageSize = 64 * 1024 * 1024
+
+// CanTestQuota - checks if xfs prjquota can be tested
+// returns a reason if not
+func CanTestQuota() (string, bool) {
+	if os.Getuid() != 0 {
+		return "requires mounts", false
+	}
+	_, err := exec.LookPath("mkfs.xfs")
+	if err != nil {
+		return "mkfs.xfs not found in PATH", false
+	}
+	return "", true
+}
+
+// PrepareQuotaTestImage - prepares an xfs prjquota test image
+// returns the path the the image on success
+func PrepareQuotaTestImage(t *testing.T) (string, error) {
+	mkfs, err := exec.LookPath("mkfs.xfs")
+	if err != nil {
+		return "", err
+	}
+
+	// create a sparse image
+	imageFile, err := os.CreateTemp("", "xfs-image")
+	if err != nil {
+		return "", err
+	}
+	imageFileName := imageFile.Name()
+	if _, err = imageFile.Seek(imageSize-1, 0); err != nil {
+		os.Remove(imageFileName)
+		return "", err
+	}
+	if _, err = imageFile.Write([]byte{0}); err != nil {
+		os.Remove(imageFileName)
+		return "", err
+	}
+	if err = imageFile.Close(); err != nil {
+		os.Remove(imageFileName)
+		return "", err
+	}
+
+	// The reason for disabling these options is sometimes people run with a newer userspace
+	// than kernelspace
+	out, err := exec.Command(mkfs, "-m", "crc=0,finobt=0", imageFileName).CombinedOutput()
+	if len(out) > 0 {
+		t.Log(string(out))
+	}
+	if err != nil {
+		os.Remove(imageFileName)
+		return "", err
+	}
+
+	return imageFileName, nil
+}
+
+// WrapMountTest - wraps a test function such that it has easy access to a mountPoint and testDir
+// with guaranteed prjquota or guaranteed no prjquota support.
+func WrapMountTest(imageFileName string, enableQuota bool, testFunc func(t *testing.T, mountPoint, backingFsDev, testDir string)) func(*testing.T) {
+	return func(t *testing.T) {
+		mountOptions := "loop"
+
+		if enableQuota {
+			mountOptions = mountOptions + ",prjquota"
+		}
+
+		mountPointDir := fs.NewDir(t, "xfs-mountPoint")
+		defer mountPointDir.Remove()
+		mountPoint := mountPointDir.Path()
+
+		out, err := exec.Command("mount", "-o", mountOptions, imageFileName, mountPoint).CombinedOutput()
+		if err != nil {
+			_, err := os.Stat("/proc/fs/xfs")
+			if os.IsNotExist(err) {
+				t.Skip("no /proc/fs/xfs")
+			}
+		}
+
+		assert.NilError(t, err, "mount failed: %s", out)
+
+		defer func() {
+			assert.NilError(t, unix.Unmount(mountPoint, 0))
+		}()
+
+		backingFsDev, err := makeBackingFsDev(mountPoint)
+		assert.NilError(t, err)
+
+		testDir, err := os.MkdirTemp(mountPoint, "per-test")
+		assert.NilError(t, err)
+		defer os.RemoveAll(testDir)
+
+		testFunc(t, mountPoint, backingFsDev, testDir)
+	}
+}
+
+// WrapQuotaTest - wraps a test function such that is has easy and guaranteed access to a quota Control
+// instance with a quota test dir under its control.
+func WrapQuotaTest(testFunc func(t *testing.T, ctrl *Control, mountPoint, testDir, testSubDir string)) func(t *testing.T, mountPoint, backingFsDev, testDir string) {
+	return func(t *testing.T, mountPoint, backingFsDev, testDir string) {
+		ctrl, err := NewControl(testDir)
+		assert.NilError(t, err)
+
+		testSubDir, err := os.MkdirTemp(testDir, "quota-test")
+		assert.NilError(t, err)
+		testFunc(t, ctrl, mountPoint, testDir, testSubDir)
+	}
+}
diff --git a/quota/types.go b/quota/types.go
new file mode 100644
index 0000000000000..4661bc74e0383
--- /dev/null
+++ b/quota/types.go
@@ -0,0 +1,16 @@
+package quota // import "github.com/docker/docker/quota"
+
+import "sync"
+
+// Quota limit params - currently we only control blocks hard limit
+type Quota struct {
+	Size uint64
+}
+
+// Control - Context to be used by storage driver (e.g. overlay)
+// who wants to apply project quotas to container dirs
+type Control struct {
+	backingFsBlockDev string
+	sync.RWMutex      // protect nextProjectID and quotas map
+	quotas            map[string]uint32
+}
diff --git a/reference/store.go b/reference/store.go
index b01051bf58922..d6ef6697f535f 100644
--- a/reference/store.go
+++ b/reference/store.go
@@ -10,7 +10,7 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
 
@@ -149,6 +149,11 @@ func (store *store) addReference(ref reference.Named, id digest.Digest, force bo
 	oldID, exists := repository[refStr]
 
 	if exists {
+		if oldID == id {
+			// Nothing to do. The caller may have checked for this using store.Get in advance, but store.mu was unlocked in the meantime, so this can legitimately happen nevertheless.
+			return nil
+		}
+
 		// force only works for tags
 		if digested, isDigest := ref.(reference.Canonical); isDigest {
 			return errors.WithStack(conflictingTagError("Cannot overwrite digest " + digested.Digest().String()))
diff --git a/reference/store_test.go b/reference/store_test.go
index e8ccd962678dc..a2fdfdb75ea51 100644
--- a/reference/store_test.go
+++ b/reference/store_test.go
@@ -2,16 +2,15 @@ package reference // import "github.com/docker/docker/reference"
 
 import (
 	"bytes"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 
 	"github.com/docker/distribution/reference"
-	"github.com/opencontainers/go-digest"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	digest "github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 var (
@@ -29,7 +28,7 @@ var (
 )
 
 func TestLoad(t *testing.T) {
-	jsonFile, err := ioutil.TempFile("", "tag-store-test")
+	jsonFile, err := os.CreateTemp("", "tag-store-test")
 	if err != nil {
 		t.Fatalf("error creating temp file: %v", err)
 	}
@@ -63,7 +62,7 @@ func TestLoad(t *testing.T) {
 }
 
 func TestSave(t *testing.T) {
-	jsonFile, err := ioutil.TempFile("", "tag-store-test")
+	jsonFile, err := os.CreateTemp("", "tag-store-test")
 	assert.NilError(t, err)
 
 	_, err = jsonFile.Write([]byte(`{}`))
@@ -94,7 +93,7 @@ func TestSave(t *testing.T) {
 		}
 	}
 
-	jsonBytes, err := ioutil.ReadFile(jsonFile.Name())
+	jsonBytes, err := os.ReadFile(jsonFile.Name())
 	if err != nil {
 		t.Fatalf("could not read json file: %v", err)
 	}
@@ -105,13 +104,14 @@ func TestSave(t *testing.T) {
 }
 
 func TestAddDeleteGet(t *testing.T) {
-	jsonFile, err := ioutil.TempFile("", "tag-store-test")
+	jsonFile, err := os.CreateTemp("", "tag-store-test")
 	if err != nil {
 		t.Fatalf("error creating temp file: %v", err)
 	}
 	_, err = jsonFile.Write([]byte(`{}`))
-	jsonFile.Close()
-	defer os.RemoveAll(jsonFile.Name())
+	assert.NilError(t, err)
+	_ = jsonFile.Close()
+	defer func() { _ = os.RemoveAll(jsonFile.Name()) }()
 
 	store, err := NewReferenceStore(jsonFile.Name())
 	if err != nil {
@@ -163,6 +163,10 @@ func TestAddDeleteGet(t *testing.T) {
 	if err = store.AddTag(ref4, testImageID2, false); err != nil {
 		t.Fatalf("error adding to store: %v", err)
 	}
+	// Write the same values again; should silently succeed
+	if err = store.AddTag(ref4, testImageID2, false); err != nil {
+		t.Fatalf("error redundantly adding to store: %v", err)
+	}
 
 	ref5, err := reference.ParseNormalizedNamed("username/repo3@sha256:58153dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c")
 	if err != nil {
@@ -171,6 +175,10 @@ func TestAddDeleteGet(t *testing.T) {
 	if err = store.AddDigest(ref5.(reference.Canonical), testImageID2, false); err != nil {
 		t.Fatalf("error adding to store: %v", err)
 	}
+	// Write the same values again; should silently succeed
+	if err = store.AddDigest(ref5.(reference.Canonical), testImageID2, false); err != nil {
+		t.Fatalf("error redundantly adding to store: %v", err)
+	}
 
 	// Attempt to overwrite with force == false
 	if err = store.AddTag(ref4, testImageID3, false); err == nil || !strings.HasPrefix(err.Error(), "Conflict:") {
@@ -327,7 +335,7 @@ func TestAddDeleteGet(t *testing.T) {
 }
 
 func TestInvalidTags(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "tag-store-test")
+	tmpDir, err := os.MkdirTemp("", "tag-store-test")
 	assert.NilError(t, err)
 	defer os.RemoveAll(tmpDir)
 
diff --git a/registry/auth.go b/registry/auth.go
index 1f2043a0d9622..81533d269fbd7 100644
--- a/registry/auth.go
+++ b/registry/auth.go
@@ -1,7 +1,6 @@
 package registry // import "github.com/docker/docker/registry"
 
 import (
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
@@ -12,7 +11,6 @@ import (
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -22,51 +20,6 @@ const (
 	AuthClientID = "docker"
 )
 
-// loginV1 tries to register/login to the v1 registry server.
-func loginV1(authConfig *types.AuthConfig, apiEndpoint APIEndpoint, userAgent string) (string, string, error) {
-	registryEndpoint := apiEndpoint.ToV1Endpoint(userAgent, nil)
-	serverAddress := registryEndpoint.String()
-
-	logrus.Debugf("attempting v1 login to registry endpoint %s", serverAddress)
-
-	if serverAddress == "" {
-		return "", "", errdefs.System(errors.New("server Error: Server Address not set"))
-	}
-
-	req, err := http.NewRequest("GET", serverAddress+"users/", nil)
-	if err != nil {
-		return "", "", err
-	}
-	req.SetBasicAuth(authConfig.Username, authConfig.Password)
-	resp, err := registryEndpoint.client.Do(req)
-	if err != nil {
-		// fallback when request could not be completed
-		return "", "", fallbackError{
-			err: err,
-		}
-	}
-	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return "", "", errdefs.System(err)
-	}
-
-	switch resp.StatusCode {
-	case http.StatusOK:
-		return "Login Succeeded", "", nil
-	case http.StatusUnauthorized:
-		return "", "", errdefs.Unauthorized(errors.New("Wrong login/password, please try again"))
-	case http.StatusForbidden:
-		// *TODO: Use registry configuration to determine what this says, if anything?
-		return "", "", errdefs.Forbidden(errors.Errorf("Login: Account is not active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress))
-	case http.StatusInternalServerError:
-		logrus.Errorf("%s returned status code %d. Response Body :\n%s", req.URL.String(), resp.StatusCode, body)
-		return "", "", errdefs.System(errors.New("Internal Server Error"))
-	}
-	return "", "", errdefs.System(errors.Errorf("Login: %s (Code: %d; Headers: %s)", body,
-		resp.StatusCode, resp.Header))
-}
-
 type loginCredentialStore struct {
 	authConfig *types.AuthConfig
 }
@@ -124,37 +77,29 @@ func (err fallbackError) Error() string {
 // endpoint will be pinged to get authorization challenges. These challenges
 // will be used to authenticate against the registry to validate credentials.
 func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent string) (string, string, error) {
-	logrus.Debugf("attempting v2 login to registry endpoint %s", strings.TrimRight(endpoint.URL.String(), "/")+"/v2/")
-
-	modifiers := Headers(userAgent, nil)
-	authTransport := transport.NewTransport(NewTransport(endpoint.TLSConfig), modifiers...)
+	var (
+		endpointStr          = strings.TrimRight(endpoint.URL.String(), "/") + "/v2/"
+		modifiers            = Headers(userAgent, nil)
+		authTransport        = transport.NewTransport(NewTransport(endpoint.TLSConfig), modifiers...)
+		credentialAuthConfig = *authConfig
+		creds                = loginCredentialStore{authConfig: &credentialAuthConfig}
+	)
 
-	credentialAuthConfig := *authConfig
-	creds := loginCredentialStore{
-		authConfig: &credentialAuthConfig,
-	}
+	logrus.Debugf("attempting v2 login to registry endpoint %s", endpointStr)
 
-	loginClient, foundV2, err := v2AuthHTTPClient(endpoint.URL, authTransport, modifiers, creds, nil)
+	loginClient, err := v2AuthHTTPClient(endpoint.URL, authTransport, modifiers, creds, nil)
 	if err != nil {
 		return "", "", err
 	}
 
-	endpointStr := strings.TrimRight(endpoint.URL.String(), "/") + "/v2/"
-	req, err := http.NewRequest("GET", endpointStr, nil)
+	req, err := http.NewRequest(http.MethodGet, endpointStr, nil)
 	if err != nil {
-		if !foundV2 {
-			err = fallbackError{err: err}
-		}
 		return "", "", err
 	}
 
 	resp, err := loginClient.Do(req)
 	if err != nil {
 		err = translateV2AuthError(err)
-		if !foundV2 {
-			err = fallbackError{err: err}
-		}
-
 		return "", "", err
 	}
 	defer resp.Body.Close()
@@ -165,19 +110,13 @@ func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent strin
 
 	// TODO(dmcgowan): Attempt to further interpret result, status code and error code string
 	err = errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
-	if !foundV2 {
-		err = fallbackError{err: err}
-	}
 	return "", "", err
 }
 
-func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, bool, error) {
-	challengeManager, foundV2, err := PingV2Registry(endpoint, authTransport)
+func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, error) {
+	challengeManager, err := PingV2Registry(endpoint, authTransport)
 	if err != nil {
-		if !foundV2 {
-			err = fallbackError{err: err}
-		}
-		return nil, foundV2, err
+		return nil, err
 	}
 
 	tokenHandlerOptions := auth.TokenHandlerOptions{
@@ -195,8 +134,7 @@ func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifi
 	return &http.Client{
 		Transport: tr,
 		Timeout:   15 * time.Second,
-	}, foundV2, nil
-
+	}, nil
 }
 
 // ConvertToHostname converts a registry url which has http|https prepended
@@ -245,52 +183,30 @@ func (err PingResponseError) Error() string {
 }
 
 // PingV2Registry attempts to ping a v2 registry and on success return a
-// challenge manager for the supported authentication types and
-// whether v2 was confirmed by the response. If a response is received but
-// cannot be interpreted a PingResponseError will be returned.
-// nolint: interfacer
-func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, bool, error) {
-	var (
-		foundV2   = false
-		v2Version = auth.APIVersion{
-			Type:    "registry",
-			Version: "2.0",
-		}
-	)
-
+// challenge manager for the supported authentication types.
+// If a response is received but cannot be interpreted, a PingResponseError will be returned.
+func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, error) {
 	pingClient := &http.Client{
 		Transport: transport,
 		Timeout:   15 * time.Second,
 	}
 	endpointStr := strings.TrimRight(endpoint.String(), "/") + "/v2/"
-	req, err := http.NewRequest("GET", endpointStr, nil)
+	req, err := http.NewRequest(http.MethodGet, endpointStr, nil)
 	if err != nil {
-		return nil, false, err
+		return nil, err
 	}
 	resp, err := pingClient.Do(req)
 	if err != nil {
-		return nil, false, err
+		return nil, err
 	}
 	defer resp.Body.Close()
 
-	versions := auth.APIVersions(resp, DefaultRegistryVersionHeader)
-	for _, pingVersion := range versions {
-		if pingVersion == v2Version {
-			// The version header indicates we're definitely
-			// talking to a v2 registry. So don't allow future
-			// fallbacks to the v1 protocol.
-
-			foundV2 = true
-			break
-		}
-	}
-
 	challengeManager := challenge.NewSimpleManager()
 	if err := challengeManager.AddResponse(resp); err != nil {
-		return nil, foundV2, PingResponseError{
+		return nil, PingResponseError{
 			Err: err,
 		}
 	}
 
-	return challengeManager, foundV2, nil
+	return challengeManager, nil
 }
diff --git a/registry/auth_test.go b/registry/auth_test.go
index f8f3e1997be1d..511b2ef8bde1c 100644
--- a/registry/auth_test.go
+++ b/registry/auth_test.go
@@ -20,20 +20,6 @@ func buildAuthConfigs() map[string]types.AuthConfig {
 	return authConfigs
 }
 
-func TestSameAuthDataPostSave(t *testing.T) {
-	authConfigs := buildAuthConfigs()
-	authConfig := authConfigs["testIndex"]
-	if authConfig.Username != "docker-user" {
-		t.Fail()
-	}
-	if authConfig.Password != "docker-pass" {
-		t.Fail()
-	}
-	if authConfig.Auth != "" {
-		t.Fail()
-	}
-}
-
 func TestResolveAuthConfigIndexServer(t *testing.T) {
 	authConfigs := buildAuthConfigs()
 	indexConfig := authConfigs[IndexServer]
@@ -72,7 +58,7 @@ func TestResolveAuthConfigFullURL(t *testing.T) {
 	expectedAuths := map[string]types.AuthConfig{
 		"registry.example.com": registryAuth,
 		"localhost:8000":       localAuth,
-		"registry.com":         localAuth,
+		"example.com":          localAuth,
 	}
 
 	validRegistries := map[string][]string{
@@ -88,11 +74,11 @@ func TestResolveAuthConfigFullURL(t *testing.T) {
 			"localhost:8000",
 			"localhost:8000/v1/",
 		},
-		"registry.com": {
-			"https://registry.com/v1/",
-			"http://registry.com/v1/",
-			"registry.com",
-			"registry.com/v1/",
+		"example.com": {
+			"https://example.com/v1/",
+			"http://example.com/v1/",
+			"example.com",
+			"example.com/v1/",
 		},
 	}
 
diff --git a/registry/config.go b/registry/config.go
index de5a526b694d3..cfb87f0d0d9b6 100644
--- a/registry/config.go
+++ b/registry/config.go
@@ -19,54 +19,42 @@ type ServiceOptions struct {
 	AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
 	Mirrors                        []string `json:"registry-mirrors,omitempty"`
 	InsecureRegistries             []string `json:"insecure-registries,omitempty"`
-
-	// V2Only controls access to legacy registries.  If it is set to true via the
-	// command line flag the daemon will not attempt to contact v1 legacy registries
-	V2Only bool `json:"disable-legacy-registry,omitempty"`
 }
 
 // serviceConfig holds daemon configuration for the registry service.
 type serviceConfig struct {
 	registrytypes.ServiceConfig
-	V2Only bool
 }
 
-var (
+const (
 	// DefaultNamespace is the default namespace
 	DefaultNamespace = "docker.io"
-	// DefaultRegistryVersionHeader is the name of the default HTTP header
-	// that carries Registry version info
-	DefaultRegistryVersionHeader = "Docker-Distribution-Api-Version"
-
 	// IndexHostname is the index hostname
 	IndexHostname = "index.docker.io"
 	// IndexServer is used for user auth and image search
 	IndexServer = "https://" + IndexHostname + "/v1/"
 	// IndexName is the name of the index
 	IndexName = "docker.io"
+)
 
+var (
 	// DefaultV2Registry is the URI of the default v2 registry
 	DefaultV2Registry = &url.URL{
 		Scheme: "https",
 		Host:   "registry-1.docker.io",
 	}
-)
 
-var (
 	// ErrInvalidRepositoryName is an error returned if the repository name did
 	// not have the correct form
 	ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
 
 	emptyServiceConfig, _ = newServiceConfig(ServiceOptions{})
-)
+	validHostPortRegex    = regexp.MustCompile(`^` + reference.DomainRegexp.String() + `$`)
 
-var (
-	validHostPortRegex = regexp.MustCompile(`^` + reference.DomainRegexp.String() + `$`)
+	// for mocking in unit tests
+	lookupIP = net.LookupIP
 )
 
-// for mocking in unit tests
-var lookupIP = net.LookupIP
-
 // newServiceConfig returns a new instance of ServiceConfig
 func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
 	config := &serviceConfig{
@@ -76,7 +64,6 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
 			// Hack: Bypass setting the mirrors to IndexConfigs since they are going away
 			// and Mirrors are only for the official registry anyways.
 		},
-		V2Only: options.V2Only,
 	}
 	if err := config.LoadAllowNondistributableArtifacts(options.AllowNondistributableArtifacts); err != nil {
 		return nil, err
diff --git a/registry/config_test.go b/registry/config_test.go
index 30a257e325563..c939eff56f51b 100644
--- a/registry/config_test.go
+++ b/registry/config_test.go
@@ -6,8 +6,8 @@ import (
 	"strings"
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestLoadAllowNondistributableArtifacts(t *testing.T) {
@@ -52,20 +52,20 @@ func TestLoadAllowNondistributableArtifacts(t *testing.T) {
 		},
 
 		{
-			registries: []string{"http://mytest.com"},
-			err:        "allow-nondistributable-artifacts registry http://mytest.com should not contain '://'",
+			registries: []string{"http://myregistry.example.com"},
+			err:        "allow-nondistributable-artifacts registry http://myregistry.example.com should not contain '://'",
 		},
 		{
-			registries: []string{"https://mytest.com"},
-			err:        "allow-nondistributable-artifacts registry https://mytest.com should not contain '://'",
+			registries: []string{"https://myregistry.example.com"},
+			err:        "allow-nondistributable-artifacts registry https://myregistry.example.com should not contain '://'",
 		},
 		{
-			registries: []string{"HTTP://mytest.com"},
-			err:        "allow-nondistributable-artifacts registry HTTP://mytest.com should not contain '://'",
+			registries: []string{"HTTP://myregistry.example.com"},
+			err:        "allow-nondistributable-artifacts registry HTTP://myregistry.example.com should not contain '://'",
 		},
 		{
-			registries: []string{"svn://mytest.com"},
-			err:        "allow-nondistributable-artifacts registry svn://mytest.com should not contain '://'",
+			registries: []string{"svn://myregistry.example.com"},
+			err:        "allow-nondistributable-artifacts registry svn://myregistry.example.com should not contain '://'",
 		},
 		{
 			registries: []string{"-invalid-registry"},
@@ -80,16 +80,16 @@ func TestLoadAllowNondistributableArtifacts(t *testing.T) {
 			err:        `allow-nondistributable-artifacts registry 1200:0000:AB00:1234:0000:2552:7777:1313:8080 is not valid: invalid host "1200:0000:AB00:1234:0000:2552:7777:1313:8080"`,
 		},
 		{
-			registries: []string{`mytest.com:500000`},
-			err:        `allow-nondistributable-artifacts registry mytest.com:500000 is not valid: invalid port "500000"`,
+			registries: []string{`myregistry.example.com:500000`},
+			err:        `allow-nondistributable-artifacts registry myregistry.example.com:500000 is not valid: invalid port "500000"`,
 		},
 		{
-			registries: []string{`"mytest.com"`},
-			err:        `allow-nondistributable-artifacts registry "mytest.com" is not valid: invalid host "\"mytest.com\""`,
+			registries: []string{`"myregistry.example.com"`},
+			err:        `allow-nondistributable-artifacts registry "myregistry.example.com" is not valid: invalid host "\"myregistry.example.com\""`,
 		},
 		{
-			registries: []string{`"mytest.com:5000"`},
-			err:        `allow-nondistributable-artifacts registry "mytest.com:5000" is not valid: invalid host "\"mytest.com"`,
+			registries: []string{`"myregistry.example.com:5000"`},
+			err:        `allow-nondistributable-artifacts registry "myregistry.example.com:5000" is not valid: invalid host "\"myregistry.example.com"`,
 		},
 	}
 	for _, testCase := range testCases {
@@ -129,10 +129,10 @@ func TestLoadAllowNondistributableArtifacts(t *testing.T) {
 
 func TestValidateMirror(t *testing.T) {
 	valid := []string{
-		"http://mirror-1.com",
-		"http://mirror-1.com/",
-		"https://mirror-1.com",
-		"https://mirror-1.com/",
+		"http://mirror-1.example.com",
+		"http://mirror-1.example.com/",
+		"https://mirror-1.example.com",
+		"https://mirror-1.example.com/",
 		"http://localhost",
 		"https://localhost",
 		"http://localhost:5000",
@@ -145,18 +145,18 @@ func TestValidateMirror(t *testing.T) {
 
 	invalid := []string{
 		"!invalid!://%as%",
-		"ftp://mirror-1.com",
-		"http://mirror-1.com/?q=foo",
-		"http://mirror-1.com/v1/",
-		"http://mirror-1.com/v1/?q=foo",
-		"http://mirror-1.com/v1/?q=foo#frag",
-		"http://mirror-1.com?q=foo",
-		"https://mirror-1.com#frag",
-		"https://mirror-1.com/#frag",
-		"http://foo:bar@mirror-1.com/",
-		"https://mirror-1.com/v1/",
-		"https://mirror-1.com/v1/#",
-		"https://mirror-1.com?q",
+		"ftp://mirror-1.example.com",
+		"http://mirror-1.example.com/?q=foo",
+		"http://mirror-1.example.com/v1/",
+		"http://mirror-1.example.com/v1/?q=foo",
+		"http://mirror-1.example.com/v1/?q=foo#frag",
+		"http://mirror-1.example.com?q=foo",
+		"https://mirror-1.example.com#frag",
+		"https://mirror-1.example.com/#frag",
+		"http://foo:bar@mirror-1.example.com/",
+		"https://mirror-1.example.com/v1/",
+		"https://mirror-1.example.com/v1/#",
+		"https://mirror-1.example.com?q",
 	}
 
 	for _, address := range valid {
@@ -195,20 +195,20 @@ func TestLoadInsecureRegistries(t *testing.T) {
 			index:      "[2001:db8::1]:80",
 		},
 		{
-			registries: []string{"http://mytest.com"},
-			index:      "mytest.com",
+			registries: []string{"http://myregistry.example.com"},
+			index:      "myregistry.example.com",
 		},
 		{
-			registries: []string{"https://mytest.com"},
-			index:      "mytest.com",
+			registries: []string{"https://myregistry.example.com"},
+			index:      "myregistry.example.com",
 		},
 		{
-			registries: []string{"HTTP://mytest.com"},
-			index:      "mytest.com",
+			registries: []string{"HTTP://myregistry.example.com"},
+			index:      "myregistry.example.com",
 		},
 		{
-			registries: []string{"svn://mytest.com"},
-			err:        "insecure registry svn://mytest.com should not contain '://'",
+			registries: []string{"svn://myregistry.example.com"},
+			err:        "insecure registry svn://myregistry.example.com should not contain '://'",
 		},
 		{
 			registries: []string{"-invalid-registry"},
@@ -223,16 +223,16 @@ func TestLoadInsecureRegistries(t *testing.T) {
 			err:        `insecure registry 1200:0000:AB00:1234:0000:2552:7777:1313:8080 is not valid: invalid host "1200:0000:AB00:1234:0000:2552:7777:1313:8080"`,
 		},
 		{
-			registries: []string{`mytest.com:500000`},
-			err:        `insecure registry mytest.com:500000 is not valid: invalid port "500000"`,
+			registries: []string{`myregistry.example.com:500000`},
+			err:        `insecure registry myregistry.example.com:500000 is not valid: invalid port "500000"`,
 		},
 		{
-			registries: []string{`"mytest.com"`},
-			err:        `insecure registry "mytest.com" is not valid: invalid host "\"mytest.com\""`,
+			registries: []string{`"myregistry.example.com"`},
+			err:        `insecure registry "myregistry.example.com" is not valid: invalid host "\"myregistry.example.com\""`,
 		},
 		{
-			registries: []string{`"mytest.com:5000"`},
-			err:        `insecure registry "mytest.com:5000" is not valid: invalid host "\"mytest.com"`,
+			registries: []string{`"myregistry.example.com:5000"`},
+			err:        `insecure registry "myregistry.example.com:5000" is not valid: invalid host "\"myregistry.example.com"`,
 		},
 	}
 	for _, testCase := range testCases {
@@ -341,8 +341,8 @@ func TestValidateIndexName(t *testing.T) {
 			expect: "mytest-1.com",
 		},
 		{
-			index:  "mirror-1.com/v1/?q=foo",
-			expect: "mirror-1.com/v1/?q=foo",
+			index:  "mirror-1.example.com/v1/?q=foo",
+			expect: "mirror-1.example.com/v1/?q=foo",
 		},
 	}
 
@@ -370,8 +370,8 @@ func TestValidateIndexNameWithError(t *testing.T) {
 			err:   "invalid index name (-example.com). Cannot begin or end with a hyphen",
 		},
 		{
-			index: "mirror-1.com/v1/?q=foo-",
-			err:   "invalid index name (mirror-1.com/v1/?q=foo-). Cannot begin or end with a hyphen",
+			index: "mirror-1.example.com/v1/?q=foo-",
+			err:   "invalid index name (mirror-1.example.com/v1/?q=foo-). Cannot begin or end with a hyphen",
 		},
 	}
 	for _, testCase := range invalid {
diff --git a/registry/config_unix.go b/registry/config_unix.go
index 20fb47bcaedc1..b5bb31cfa6595 100644
--- a/registry/config_unix.go
+++ b/registry/config_unix.go
@@ -1,12 +1,28 @@
+//go:build !windows
 // +build !windows
 
 package registry // import "github.com/docker/docker/registry"
 
-var (
-	// CertsDir is the directory where certificates are stored
-	CertsDir = "/etc/docker/certs.d"
+import (
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/docker/docker/rootless"
 )
 
+// CertsDir is the directory where certificates are stored
+func CertsDir() string {
+	d := "/etc/docker/certs.d"
+
+	if rootless.RunningWithRootlessKit() {
+		configHome, err := homedir.GetConfigHome()
+		if err == nil {
+			d = filepath.Join(configHome, "docker/certs.d")
+		}
+	}
+	return d
+}
+
 // cleanPath is used to ensure that a directory name is valid on the target
 // platform. It will be passed in something *similar* to a URL such as
 // https:/index.docker.io/v1. Not all platforms support directory names
diff --git a/registry/config_windows.go b/registry/config_windows.go
index 6de0508f87239..4ae1e07abfd42 100644
--- a/registry/config_windows.go
+++ b/registry/config_windows.go
@@ -7,7 +7,9 @@ import (
 )
 
 // CertsDir is the directory where certificates are stored
-var CertsDir = os.Getenv("programdata") + `\docker\certs.d`
+func CertsDir() string {
+	return os.Getenv("programdata") + `\docker\certs.d`
+}
 
 // cleanPath is used to ensure that a directory name is valid on the target
 // platform. It will be passed in something *similar* to a URL such as
diff --git a/registry/endpoint_v1.go b/registry/endpoint_v1.go
index 832fdb95a482b..684c330dc305c 100644
--- a/registry/endpoint_v1.go
+++ b/registry/endpoint_v1.go
@@ -4,7 +4,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -22,6 +22,7 @@ type V1Endpoint struct {
 }
 
 // NewV1Endpoint parses the given address to return a registry endpoint.
+// TODO: remove. This is only used by search.
 func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
 	tlsConfig, err := newTLSConfig(index.Name, index.Secure)
 	if err != nil {
@@ -33,7 +34,8 @@ func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders
 		return nil, err
 	}
 
-	if err := validateEndpoint(endpoint); err != nil {
+	err = validateEndpoint(endpoint)
+	if err != nil {
 		return nil, err
 	}
 
@@ -67,20 +69,6 @@ func validateEndpoint(endpoint *V1Endpoint) error {
 	return nil
 }
 
-func newV1Endpoint(address url.URL, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) *V1Endpoint {
-	endpoint := &V1Endpoint{
-		IsSecure: tlsConfig == nil || !tlsConfig.InsecureSkipVerify,
-		URL:      new(url.URL),
-	}
-
-	*endpoint.URL = address
-
-	// TODO(tiborvass): make sure a ConnectTimeout transport is used
-	tr := NewTransport(tlsConfig)
-	endpoint.client = HTTPClient(transport.NewTransport(tr, Headers(userAgent, metaHeaders)...))
-	return endpoint
-}
-
 // trimV1Address trims the version off the address and returns the
 // trimmed address or an error if there is a non-V1 version.
 func trimV1Address(address string) (string, error) {
@@ -89,10 +77,7 @@ func trimV1Address(address string) (string, error) {
 		apiVersionStr string
 	)
 
-	if strings.HasSuffix(address, "/") {
-		address = address[:len(address)-1]
-	}
-
+	address = strings.TrimSuffix(address, "/")
 	chunks = strings.Split(address, "/")
 	apiVersionStr = chunks[len(chunks)-1]
 	if apiVersionStr == "v1" {
@@ -123,12 +108,14 @@ func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent strin
 		return nil, err
 	}
 
-	endpoint := newV1Endpoint(*uri, tlsConfig, userAgent, metaHeaders)
-	if err != nil {
-		return nil, err
-	}
+	// TODO(tiborvass): make sure a ConnectTimeout transport is used
+	tr := NewTransport(tlsConfig)
 
-	return endpoint, nil
+	return &V1Endpoint{
+		IsSecure: tlsConfig == nil || !tlsConfig.InsecureSkipVerify,
+		URL:      uri,
+		client:   HTTPClient(transport.NewTransport(tr, Headers(userAgent, metaHeaders)...)),
+	}, nil
 }
 
 // Get the formatted URL for the root of this registry Endpoint
@@ -144,29 +131,28 @@ func (e *V1Endpoint) Path(path string) string {
 
 // Ping returns a PingResult which indicates whether the registry is standalone or not.
 func (e *V1Endpoint) Ping() (PingResult, error) {
-	logrus.Debugf("attempting v1 ping for registry endpoint %s", e)
-
 	if e.String() == IndexServer {
 		// Skip the check, we know this one is valid
 		// (and we never want to fallback to http in case of error)
-		return PingResult{Standalone: false}, nil
+		return PingResult{}, nil
 	}
 
-	req, err := http.NewRequest("GET", e.Path("_ping"), nil)
+	logrus.Debugf("attempting v1 ping for registry endpoint %s", e)
+	req, err := http.NewRequest(http.MethodGet, e.Path("_ping"), nil)
 	if err != nil {
-		return PingResult{Standalone: false}, err
+		return PingResult{}, err
 	}
 
 	resp, err := e.client.Do(req)
 	if err != nil {
-		return PingResult{Standalone: false}, err
+		return PingResult{}, err
 	}
 
 	defer resp.Body.Close()
 
-	jsonString, err := ioutil.ReadAll(resp.Body)
+	jsonString, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return PingResult{Standalone: false}, fmt.Errorf("error while reading the http response: %s", err)
+		return PingResult{}, fmt.Errorf("error while reading the http response: %s", err)
 	}
 
 	// If the header is absent, we assume true for compatibility with earlier
@@ -179,13 +165,12 @@ func (e *V1Endpoint) Ping() (PingResult, error) {
 		// don't stop here. Just assume sane defaults
 	}
 	if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {
-		logrus.Debugf("Registry version header: '%s'", hdr)
 		info.Version = hdr
 	}
 	logrus.Debugf("PingResult.Version: %q", info.Version)
 
 	standalone := resp.Header.Get("X-Docker-Registry-Standalone")
-	logrus.Debugf("Registry standalone header: '%s'", standalone)
+
 	// Accepted values are "true" (case-insensitive) and "1".
 	if strings.EqualFold(standalone, "true") || standalone == "1" {
 		info.Standalone = true
diff --git a/registry/errors.go b/registry/errors.go
index 5bab02e5e2918..4906303efcf9e 100644
--- a/registry/errors.go
+++ b/registry/errors.go
@@ -7,14 +7,6 @@ import (
 	"github.com/docker/docker/errdefs"
 )
 
-type notFoundError string
-
-func (e notFoundError) Error() string {
-	return string(e)
-}
-
-func (notFoundError) NotFound() {}
-
 func translateV2AuthError(err error) error {
 	switch e := err.(type) {
 	case *url.Error:
diff --git a/registry/registry.go b/registry/registry.go
index 7a84bbfb7eef2..55fc117c8276f 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -3,9 +3,7 @@ package registry // import "github.com/docker/docker/registry"
 
 import (
 	"crypto/tls"
-	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
@@ -14,16 +12,18 @@ import (
 	"time"
 
 	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/sirupsen/logrus"
 )
 
-var (
-	// ErrAlreadyExists is an error returned if an image being pushed
-	// already exists on the remote side
-	ErrAlreadyExists = errors.New("Image already exists")
-)
+// HostCertsDir returns the config directory for a specific host
+func HostCertsDir(hostname string) (string, error) {
+	certsDir := CertsDir()
+
+	hostDir := filepath.Join(certsDir, cleanPath(hostname))
+
+	return hostDir, nil
+}
 
 func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
 	// PreferredServerCipherSuites should have no effect
@@ -31,8 +31,12 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
 
 	tlsConfig.InsecureSkipVerify = !isSecure
 
-	if isSecure && CertsDir != "" {
-		hostDir := filepath.Join(CertsDir, cleanPath(hostname))
+	if isSecure && CertsDir() != "" {
+		hostDir, err := HostCertsDir(hostname)
+		if err != nil {
+			return nil, err
+		}
+
 		logrus.Debugf("hostDir: %s", hostDir)
 		if err := ReadCertsDirectory(tlsConfig, hostDir); err != nil {
 			return nil, err
@@ -42,7 +46,7 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
 	return tlsConfig, nil
 }
 
-func hasFile(files []os.FileInfo, name string) bool {
+func hasFile(files []os.DirEntry, name string) bool {
 	for _, f := range files {
 		if f.Name() == name {
 			return true
@@ -55,7 +59,7 @@ func hasFile(files []os.FileInfo, name string) bool {
 // including roots and certificate pairs and updates the
 // provided TLS configuration.
 func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error {
-	fs, err := ioutil.ReadDir(directory)
+	fs, err := os.ReadDir(directory)
 	if err != nil && !os.IsNotExist(err) {
 		return err
 	}
@@ -70,7 +74,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error {
 				tlsConfig.RootCAs = systemPool
 			}
 			logrus.Debugf("crt: %s", filepath.Join(directory, f.Name()))
-			data, err := ioutil.ReadFile(filepath.Join(directory, f.Name()))
+			data, err := os.ReadFile(filepath.Join(directory, f.Name()))
 			if err != nil {
 				return err
 			}
@@ -145,7 +149,7 @@ func trustedLocation(req *http.Request) bool {
 // addRequiredHeadersToRedirectedRequests adds the necessary redirection headers
 // for redirected requests
 func addRequiredHeadersToRedirectedRequests(req *http.Request, via []*http.Request) error {
-	if via != nil && via[0] != nil {
+	if len(via) != 0 && via[0] != nil {
 		if trustedLocation(req) && trustedLocation(via[0]) {
 			req.Header = via[0].Header
 			return nil
@@ -176,16 +180,12 @@ func NewTransport(tlsConfig *tls.Config) *http.Transport {
 
 	base := &http.Transport{
 		Proxy:               http.ProxyFromEnvironment,
-		Dial:                direct.Dial,
+		DialContext:         direct.DialContext,
 		TLSHandshakeTimeout: 10 * time.Second,
 		TLSClientConfig:     tlsConfig,
 		// TODO(dmcgowan): Call close idle connections when complete and use keep alive
 		DisableKeepAlives: true,
 	}
 
-	proxyDialer, err := sockets.DialerFromEnvironment(direct)
-	if err == nil {
-		base.Dial = proxyDialer.Dial
-	}
 	return base
 }
diff --git a/registry/registry_mock_test.go b/registry/registry_mock_test.go
index bf17eb9fc7b2d..74c5a2b1689d4 100644
--- a/registry/registry_mock_test.go
+++ b/registry/registry_mock_test.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/http/httptest"
@@ -97,19 +96,19 @@ func init() {
 	r := mux.NewRouter()
 
 	// /v1/
-	r.HandleFunc("/v1/_ping", handlerGetPing).Methods("GET")
-	r.HandleFunc("/v1/images/{image_id:[^/]+}/{action:json|layer|ancestry}", handlerGetImage).Methods("GET")
-	r.HandleFunc("/v1/images/{image_id:[^/]+}/{action:json|layer|checksum}", handlerPutImage).Methods("PUT")
-	r.HandleFunc("/v1/repositories/{repository:.+}/tags", handlerGetDeleteTags).Methods("GET", "DELETE")
-	r.HandleFunc("/v1/repositories/{repository:.+}/tags/{tag:.+}", handlerGetTag).Methods("GET")
-	r.HandleFunc("/v1/repositories/{repository:.+}/tags/{tag:.+}", handlerPutTag).Methods("PUT")
-	r.HandleFunc("/v1/users{null:.*}", handlerUsers).Methods("GET", "POST", "PUT")
-	r.HandleFunc("/v1/repositories/{repository:.+}{action:/images|/}", handlerImages).Methods("GET", "PUT", "DELETE")
-	r.HandleFunc("/v1/repositories/{repository:.+}/auth", handlerAuth).Methods("PUT")
-	r.HandleFunc("/v1/search", handlerSearch).Methods("GET")
+	r.HandleFunc("/v1/_ping", handlerGetPing).Methods(http.MethodGet)
+	r.HandleFunc("/v1/images/{image_id:[^/]+}/{action:json|layer|ancestry}", handlerGetImage).Methods(http.MethodGet)
+	r.HandleFunc("/v1/images/{image_id:[^/]+}/{action:json|layer|checksum}", handlerPutImage).Methods(http.MethodPut)
+	r.HandleFunc("/v1/repositories/{repository:.+}/tags", handlerGetDeleteTags).Methods(http.MethodGet, http.MethodDelete)
+	r.HandleFunc("/v1/repositories/{repository:.+}/tags/{tag:.+}", handlerGetTag).Methods(http.MethodGet)
+	r.HandleFunc("/v1/repositories/{repository:.+}/tags/{tag:.+}", handlerPutTag).Methods(http.MethodPut)
+	r.HandleFunc("/v1/users{null:.*}", handlerUsers).Methods(http.MethodGet, http.MethodPost, http.MethodPut)
+	r.HandleFunc("/v1/repositories/{repository:.+}{action:/images|/}", handlerImages).Methods(http.MethodGet, http.MethodPut, http.MethodDelete)
+	r.HandleFunc("/v1/repositories/{repository:.+}/auth", handlerAuth).Methods(http.MethodPut)
+	r.HandleFunc("/v1/search", handlerSearch).Methods(http.MethodGet)
 
 	// /v2/
-	r.HandleFunc("/v2/version", handlerGetPing).Methods("GET")
+	r.HandleFunc("/v2/version", handlerGetPing).Methods(http.MethodGet)
 
 	testHTTPServer = httptest.NewServer(handlerAccessLog(r))
 	testHTTPSServer = httptest.NewTLSServer(handlerAccessLog(r))
@@ -205,7 +204,7 @@ func writeResponse(w http.ResponseWriter, message interface{}, code int) {
 }
 
 func readJSON(r *http.Request, dest interface{}) error {
-	body, err := ioutil.ReadAll(r.Body)
+	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		return err
 	}
@@ -268,7 +267,7 @@ func requiresAuth(w http.ResponseWriter, r *http.Request) bool {
 		value := fmt.Sprintf("FAKE-SESSION-%d", time.Now().UnixNano())
 		cookie := &http.Cookie{Name: "session", Value: value, MaxAge: 3600}
 		http.SetCookie(w, cookie)
-		//FIXME(sam): this should be sent only on Index routes
+		// FIXME(sam): this should be sent only on Index routes
 		value = fmt.Sprintf("FAKE-TOKEN-%d", time.Now().UnixNano())
 		w.Header().Add("X-Docker-Token", value)
 	}
@@ -281,12 +280,12 @@ func requiresAuth(w http.ResponseWriter, r *http.Request) bool {
 		return true
 	}
 	w.Header().Add("WWW-Authenticate", "token")
-	apiError(w, "Wrong auth", 401)
+	apiError(w, "Wrong auth", http.StatusUnauthorized)
 	return false
 }
 
 func handlerGetPing(w http.ResponseWriter, r *http.Request) {
-	writeResponse(w, true, 200)
+	writeResponse(w, true, http.StatusOK)
 }
 
 func handlerGetImage(w http.ResponseWriter, r *http.Request) {
@@ -323,17 +322,17 @@ func handlerPutImage(w http.ResponseWriter, r *http.Request) {
 	}
 	if checksum := r.Header.Get("X-Docker-Checksum"); checksum != "" {
 		if checksum != layer["checksum_simple"] && checksum != layer["checksum_tarsum"] {
-			apiError(w, "Wrong checksum", 400)
+			apiError(w, "Wrong checksum", http.StatusBadRequest)
 			return
 		}
 	}
-	body, err := ioutil.ReadAll(r.Body)
+	body, err := io.ReadAll(r.Body)
 	if err != nil {
-		apiError(w, fmt.Sprintf("Error: %s", err), 500)
+		apiError(w, fmt.Sprintf("Error: %s", err), http.StatusInternalServerError)
 		return
 	}
 	layer[action] = string(body)
-	writeResponse(w, true, 200)
+	writeResponse(w, true, http.StatusOK)
 }
 
 func handlerGetDeleteTags(w http.ResponseWriter, r *http.Request) {
@@ -342,20 +341,20 @@ func handlerGetDeleteTags(w http.ResponseWriter, r *http.Request) {
 	}
 	repositoryName, err := reference.WithName(mux.Vars(r)["repository"])
 	if err != nil {
-		apiError(w, "Could not parse repository", 400)
+		apiError(w, "Could not parse repository", http.StatusBadRequest)
 		return
 	}
 	tags, exists := testRepositories[repositoryName.String()]
 	if !exists {
-		apiError(w, "Repository not found", 404)
+		apiError(w, "Repository not found", http.StatusNotFound)
 		return
 	}
-	if r.Method == "DELETE" {
+	if r.Method == http.MethodDelete {
 		delete(testRepositories, repositoryName.String())
-		writeResponse(w, true, 200)
+		writeResponse(w, true, http.StatusOK)
 		return
 	}
-	writeResponse(w, tags, 200)
+	writeResponse(w, tags, http.StatusOK)
 }
 
 func handlerGetTag(w http.ResponseWriter, r *http.Request) {
@@ -365,21 +364,21 @@ func handlerGetTag(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	repositoryName, err := reference.WithName(vars["repository"])
 	if err != nil {
-		apiError(w, "Could not parse repository", 400)
+		apiError(w, "Could not parse repository", http.StatusBadRequest)
 		return
 	}
 	tagName := vars["tag"]
 	tags, exists := testRepositories[repositoryName.String()]
 	if !exists {
-		apiError(w, "Repository not found", 404)
+		apiError(w, "Repository not found", http.StatusNotFound)
 		return
 	}
 	tag, exists := tags[tagName]
 	if !exists {
-		apiError(w, "Tag not found", 404)
+		apiError(w, "Tag not found", http.StatusNotFound)
 		return
 	}
-	writeResponse(w, tag, 200)
+	writeResponse(w, tag, http.StatusOK)
 }
 
 func handlerPutTag(w http.ResponseWriter, r *http.Request) {
@@ -389,7 +388,7 @@ func handlerPutTag(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	repositoryName, err := reference.WithName(vars["repository"])
 	if err != nil {
-		apiError(w, "Could not parse repository", 400)
+		apiError(w, "Could not parse repository", http.StatusBadRequest)
 		return
 	}
 	tagName := vars["tag"]
@@ -401,15 +400,15 @@ func handlerPutTag(w http.ResponseWriter, r *http.Request) {
 	tagValue := ""
 	readJSON(r, tagValue)
 	tags[tagName] = tagValue
-	writeResponse(w, true, 200)
+	writeResponse(w, true, http.StatusOK)
 }
 
 func handlerUsers(w http.ResponseWriter, r *http.Request) {
-	code := 200
-	if r.Method == "POST" {
-		code = 201
-	} else if r.Method == "PUT" {
-		code = 204
+	code := http.StatusOK
+	if r.Method == http.MethodPost {
+		code = http.StatusCreated
+	} else if r.Method == http.MethodPut {
+		code = http.StatusNoContent
 	}
 	writeResponse(w, "", code)
 }
@@ -418,16 +417,16 @@ func handlerImages(w http.ResponseWriter, r *http.Request) {
 	u, _ := url.Parse(testHTTPServer.URL)
 	w.Header().Add("X-Docker-Endpoints", fmt.Sprintf("%s 	,  %s ", u.Host, "test.example.com"))
 	w.Header().Add("X-Docker-Token", fmt.Sprintf("FAKE-SESSION-%d", time.Now().UnixNano()))
-	if r.Method == "PUT" {
+	if r.Method == http.MethodPut {
 		if strings.HasSuffix(r.URL.Path, "images") {
-			writeResponse(w, "", 204)
+			writeResponse(w, "", http.StatusNoContent)
 			return
 		}
-		writeResponse(w, "", 200)
+		writeResponse(w, "", http.StatusOK)
 		return
 	}
-	if r.Method == "DELETE" {
-		writeResponse(w, "", 204)
+	if r.Method == http.MethodDelete {
+		writeResponse(w, "", http.StatusNoContent)
 		return
 	}
 	var images []map[string]string
@@ -438,11 +437,11 @@ func handlerImages(w http.ResponseWriter, r *http.Request) {
 		image["Tag"] = "latest"
 		images = append(images, image)
 	}
-	writeResponse(w, images, 200)
+	writeResponse(w, images, http.StatusOK)
 }
 
 func handlerAuth(w http.ResponseWriter, r *http.Request) {
-	writeResponse(w, "OK", 200)
+	writeResponse(w, "OK", http.StatusOK)
 }
 
 func handlerSearch(w http.ResponseWriter, r *http.Request) {
@@ -451,7 +450,7 @@ func handlerSearch(w http.ResponseWriter, r *http.Request) {
 		NumResults: 1,
 		Results:    []registrytypes.SearchResult{{Name: "fakeimage", StarCount: 42}},
 	}
-	writeResponse(w, result, 200)
+	writeResponse(w, result, http.StatusOK)
 }
 
 func TestPing(t *testing.T) {
@@ -459,7 +458,7 @@ func TestPing(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	assertEqual(t, res.StatusCode, 200, "")
+	assertEqual(t, res.StatusCode, http.StatusOK, "")
 	assertEqual(t, res.Header.Get("X-Docker-Registry-Config"), "mock",
 		"This is not a Mocked Registry")
 }
diff --git a/registry/registry_test.go b/registry/registry_test.go
index b7459471b3f64..03ac260d8df93 100644
--- a/registry/registry_test.go
+++ b/registry/registry_test.go
@@ -1,10 +1,8 @@
 package registry // import "github.com/docker/docker/registry"
 
 import (
-	"fmt"
 	"net/http"
 	"net/http/httputil"
-	"net/url"
 	"os"
 	"strings"
 	"testing"
@@ -13,17 +11,8 @@ import (
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"gotest.tools/assert"
-	"gotest.tools/skip"
-)
-
-var (
-	token = []string{"fake-token"}
-)
-
-const (
-	imageID = "42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d"
-	REPO    = "foo42/bar"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/skip"
 )
 
 func spawnTestRegistrySession(t *testing.T) *Session {
@@ -50,7 +39,7 @@ func spawnTestRegistrySession(t *testing.T) *Session {
 	// Because we know that the client's transport is an `*authTransport` we simply cast it,
 	// in order to set the internal cached token to the fake token, and thus send that fake token
 	// upon every subsequent requests.
-	r.client.Transport.(*authTransport).token = token
+	r.client.Transport.(*authTransport).token = []string{"fake-token"}
 	return r
 }
 
@@ -148,153 +137,6 @@ func TestEndpoint(t *testing.T) {
 	}
 }
 
-func TestGetRemoteHistory(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	hist, err := r.GetRemoteHistory(imageID, makeURL("/v1/"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	assertEqual(t, len(hist), 2, "Expected 2 images in history")
-	assertEqual(t, hist[0], imageID, "Expected "+imageID+"as first ancestry")
-	assertEqual(t, hist[1], "77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
-		"Unexpected second ancestry")
-}
-
-func TestLookupRemoteImage(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	err := r.LookupRemoteImage(imageID, makeURL("/v1/"))
-	assertEqual(t, err, nil, "Expected error of remote lookup to nil")
-	if err := r.LookupRemoteImage("abcdef", makeURL("/v1/")); err == nil {
-		t.Fatal("Expected error of remote lookup to not nil")
-	}
-}
-
-func TestGetRemoteImageJSON(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	json, size, err := r.GetRemoteImageJSON(imageID, makeURL("/v1/"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	assertEqual(t, size, int64(154), "Expected size 154")
-	if len(json) == 0 {
-		t.Fatal("Expected non-empty json")
-	}
-
-	_, _, err = r.GetRemoteImageJSON("abcdef", makeURL("/v1/"))
-	if err == nil {
-		t.Fatal("Expected image not found error")
-	}
-}
-
-func TestGetRemoteImageLayer(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	data, err := r.GetRemoteImageLayer(imageID, makeURL("/v1/"), 0)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if data == nil {
-		t.Fatal("Expected non-nil data result")
-	}
-
-	_, err = r.GetRemoteImageLayer("abcdef", makeURL("/v1/"), 0)
-	if err == nil {
-		t.Fatal("Expected image not found error")
-	}
-}
-
-func TestGetRemoteTag(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	repoRef, err := reference.ParseNormalizedNamed(REPO)
-	if err != nil {
-		t.Fatal(err)
-	}
-	tag, err := r.GetRemoteTag([]string{makeURL("/v1/")}, repoRef, "test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	assertEqual(t, tag, imageID, "Expected tag test to map to "+imageID)
-
-	bazRef, err := reference.ParseNormalizedNamed("foo42/baz")
-	if err != nil {
-		t.Fatal(err)
-	}
-	_, err = r.GetRemoteTag([]string{makeURL("/v1/")}, bazRef, "foo")
-	if err != ErrRepoNotFound {
-		t.Fatal("Expected ErrRepoNotFound error when fetching tag for bogus repo")
-	}
-}
-
-func TestGetRemoteTags(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	repoRef, err := reference.ParseNormalizedNamed(REPO)
-	if err != nil {
-		t.Fatal(err)
-	}
-	tags, err := r.GetRemoteTags([]string{makeURL("/v1/")}, repoRef)
-	if err != nil {
-		t.Fatal(err)
-	}
-	assertEqual(t, len(tags), 2, "Expected two tags")
-	assertEqual(t, tags["latest"], imageID, "Expected tag latest to map to "+imageID)
-	assertEqual(t, tags["test"], imageID, "Expected tag test to map to "+imageID)
-
-	bazRef, err := reference.ParseNormalizedNamed("foo42/baz")
-	if err != nil {
-		t.Fatal(err)
-	}
-	_, err = r.GetRemoteTags([]string{makeURL("/v1/")}, bazRef)
-	if err != ErrRepoNotFound {
-		t.Fatal("Expected ErrRepoNotFound error when fetching tags for bogus repo")
-	}
-}
-
-func TestGetRepositoryData(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	parsedURL, err := url.Parse(makeURL("/v1/"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	host := "http://" + parsedURL.Host + "/v1/"
-	repoRef, err := reference.ParseNormalizedNamed(REPO)
-	if err != nil {
-		t.Fatal(err)
-	}
-	data, err := r.GetRepositoryData(repoRef)
-	if err != nil {
-		t.Fatal(err)
-	}
-	assertEqual(t, len(data.ImgList), 2, "Expected 2 images in ImgList")
-	assertEqual(t, len(data.Endpoints), 2,
-		fmt.Sprintf("Expected 2 endpoints in Endpoints, found %d instead", len(data.Endpoints)))
-	assertEqual(t, data.Endpoints[0], host,
-		fmt.Sprintf("Expected first endpoint to be %s but found %s instead", host, data.Endpoints[0]))
-	assertEqual(t, data.Endpoints[1], "http://test.example.com/v1/",
-		fmt.Sprintf("Expected first endpoint to be http://test.example.com/v1/ but found %s instead", data.Endpoints[1]))
-
-}
-
-func TestPushImageJSONRegistry(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	imgData := &ImgData{
-		ID:       "77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
-		Checksum: "sha256:1ac330d56e05eef6d438586545ceff7550d3bdcb6b19961f12c5ba714ee1bb37",
-	}
-
-	err := r.PushImageJSONRegistry(imgData, []byte{0x42, 0xdf, 0x0}, makeURL("/v1/"))
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestPushImageLayerRegistry(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	layer := strings.NewReader("")
-	_, _, err := r.PushImageLayerRegistry(imageID, layer, makeURL("/v1/"), []byte{})
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
 func TestParseRepositoryInfo(t *testing.T) {
 	type staticRepositoryInfo struct {
 		Index         *registrytypes.IndexInfo
@@ -701,50 +543,6 @@ func TestMirrorEndpointLookup(t *testing.T) {
 	}
 }
 
-func TestPushRegistryTag(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	repoRef, err := reference.ParseNormalizedNamed(REPO)
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = r.PushRegistryTag(repoRef, imageID, "stable", makeURL("/v1/"))
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestPushImageJSONIndex(t *testing.T) {
-	r := spawnTestRegistrySession(t)
-	imgData := []*ImgData{
-		{
-			ID:       "77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
-			Checksum: "sha256:1ac330d56e05eef6d438586545ceff7550d3bdcb6b19961f12c5ba714ee1bb37",
-		},
-		{
-			ID:       "42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d",
-			Checksum: "sha256:bea7bf2e4bacd479344b737328db47b18880d09096e6674165533aa994f5e9f2",
-		},
-	}
-	repoRef, err := reference.ParseNormalizedNamed(REPO)
-	if err != nil {
-		t.Fatal(err)
-	}
-	repoData, err := r.PushImageJSONIndex(repoRef, imgData, false, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if repoData == nil {
-		t.Fatal("Expected RepositoryData object")
-	}
-	repoData, err = r.PushImageJSONIndex(repoRef, imgData, true, []string{r.indexEndpoint.String()})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if repoData == nil {
-		t.Fatal("Expected RepositoryData object")
-	}
-}
-
 func TestSearchRepositories(t *testing.T) {
 	r := spawnTestRegistrySession(t)
 	results, err := r.SearchRepositories("fakequery", 25)
@@ -761,12 +559,12 @@ func TestSearchRepositories(t *testing.T) {
 
 func TestTrustedLocation(t *testing.T) {
 	for _, url := range []string{"http://example.com", "https://example.com:7777", "http://docker.io", "http://test.docker.com", "https://fakedocker.com"} {
-		req, _ := http.NewRequest("GET", url, nil)
+		req, _ := http.NewRequest(http.MethodGet, url, nil)
 		assert.Check(t, !trustedLocation(req))
 	}
 
 	for _, url := range []string{"https://docker.io", "https://test.docker.com:80"} {
-		req, _ := http.NewRequest("GET", url, nil)
+		req, _ := http.NewRequest(http.MethodGet, url, nil)
 		assert.Check(t, trustedLocation(req))
 	}
 }
@@ -777,10 +575,10 @@ func TestAddRequiredHeadersToRedirectedRequests(t *testing.T) {
 		{"https://foo.docker.io:7777", "http://bar.docker.com"},
 		{"https://foo.docker.io", "https://example.com"},
 	} {
-		reqFrom, _ := http.NewRequest("GET", urls[0], nil)
+		reqFrom, _ := http.NewRequest(http.MethodGet, urls[0], nil)
 		reqFrom.Header.Add("Content-Type", "application/json")
 		reqFrom.Header.Add("Authorization", "super_secret")
-		reqTo, _ := http.NewRequest("GET", urls[1], nil)
+		reqTo, _ := http.NewRequest(http.MethodGet, urls[1], nil)
 
 		addRequiredHeadersToRedirectedRequests(reqTo, []*http.Request{reqFrom})
 
@@ -801,10 +599,10 @@ func TestAddRequiredHeadersToRedirectedRequests(t *testing.T) {
 		{"https://docker.io", "https://docker.com"},
 		{"https://foo.docker.io:7777", "https://bar.docker.com"},
 	} {
-		reqFrom, _ := http.NewRequest("GET", urls[0], nil)
+		reqFrom, _ := http.NewRequest(http.MethodGet, urls[0], nil)
 		reqFrom.Header.Add("Content-Type", "application/json")
 		reqFrom.Header.Add("Authorization", "super_secret")
-		reqTo, _ := http.NewRequest("GET", urls[1], nil)
+		reqTo, _ := http.NewRequest(http.MethodGet, urls[1], nil)
 
 		addRequiredHeadersToRedirectedRequests(reqTo, []*http.Request{reqFrom})
 
@@ -849,10 +647,10 @@ func TestAllowNondistributableArtifacts(t *testing.T) {
 		{"example.com:5000", []string{"42.42.42.42/8"}, true},
 		{"127.0.0.1:5000", []string{"127.0.0.0/8"}, true},
 		{"42.42.42.42:5000", []string{"42.1.1.1/8"}, true},
-		{"invalid.domain.com", []string{"42.42.0.0/16"}, false},
-		{"invalid.domain.com", []string{"invalid.domain.com"}, true},
-		{"invalid.domain.com:5000", []string{"invalid.domain.com"}, false},
-		{"invalid.domain.com:5000", []string{"invalid.domain.com:5000"}, true},
+		{"invalid.example.com", []string{"42.42.0.0/16"}, false},
+		{"invalid.example.com", []string{"invalid.example.com"}, true},
+		{"invalid.example.com:5000", []string{"invalid.example.com"}, false},
+		{"invalid.example.com:5000", []string{"invalid.example.com:5000"}, true},
 	}
 	for _, tt := range tests {
 		config, err := newServiceConfig(ServiceOptions{
@@ -894,10 +692,10 @@ func TestIsSecureIndex(t *testing.T) {
 		{"example.com:5000", []string{"42.42.42.42/8"}, false},
 		{"127.0.0.1:5000", []string{"127.0.0.0/8"}, false},
 		{"42.42.42.42:5000", []string{"42.1.1.1/8"}, false},
-		{"invalid.domain.com", []string{"42.42.0.0/16"}, true},
-		{"invalid.domain.com", []string{"invalid.domain.com"}, false},
-		{"invalid.domain.com:5000", []string{"invalid.domain.com"}, true},
-		{"invalid.domain.com:5000", []string{"invalid.domain.com:5000"}, false},
+		{"invalid.example.com", []string{"42.42.0.0/16"}, true},
+		{"invalid.example.com", []string{"invalid.example.com"}, false},
+		{"invalid.example.com:5000", []string{"invalid.example.com"}, true},
+		{"invalid.example.com:5000", []string{"invalid.example.com:5000"}, false},
 	}
 	for _, tt := range tests {
 		config, err := makeServiceConfig(nil, tt.insecureRegistries)
diff --git a/registry/resumable/resumablerequestreader.go b/registry/resumable/resumablerequestreader.go
index 8e97a1a4d1499..3649f36edecce 100644
--- a/registry/resumable/resumablerequestreader.go
+++ b/registry/resumable/resumablerequestreader.go
@@ -56,10 +56,10 @@ func (r *requestReader) Read(p []byte) (n int, err error) {
 		r.cleanUpResponse()
 		return 0, err
 	}
-	if r.currentResponse.StatusCode == 416 && r.lastRange == r.totalSize && r.currentResponse.ContentLength == 0 {
+	if r.currentResponse.StatusCode == http.StatusRequestedRangeNotSatisfiable && r.lastRange == r.totalSize && r.currentResponse.ContentLength == 0 {
 		r.cleanUpResponse()
 		return 0, io.EOF
-	} else if r.currentResponse.StatusCode != 206 && r.lastRange != 0 && isFreshRequest {
+	} else if r.currentResponse.StatusCode != http.StatusPartialContent && r.lastRange != 0 && isFreshRequest {
 		r.cleanUpResponse()
 		return 0, fmt.Errorf("the server doesn't support byte ranges")
 	}
diff --git a/registry/resumable/resumablerequestreader_test.go b/registry/resumable/resumablerequestreader_test.go
index c72c210e776e2..326307ff41efb 100644
--- a/registry/resumable/resumablerequestreader_test.go
+++ b/registry/resumable/resumablerequestreader_test.go
@@ -3,15 +3,14 @@ package resumable // import "github.com/docker/docker/registry/resumable"
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
 	"time"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestResumableRequestHeaderSimpleErrors(t *testing.T) {
@@ -23,7 +22,7 @@ func TestResumableRequestHeaderSimpleErrors(t *testing.T) {
 	client := &http.Client{}
 
 	var req *http.Request
-	req, err := http.NewRequest("GET", ts.URL, nil)
+	req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
 	assert.NilError(t, err)
 
 	resreq := &requestReader{}
@@ -44,7 +43,7 @@ func TestResumableRequestHeaderNotTooMuchFailures(t *testing.T) {
 	client := &http.Client{}
 
 	var badReq *http.Request
-	badReq, err := http.NewRequest("GET", "I'm not an url", nil)
+	badReq, err := http.NewRequest(http.MethodGet, "I'm not an url", nil)
 	assert.NilError(t, err)
 
 	resreq := &requestReader{
@@ -64,7 +63,7 @@ func TestResumableRequestHeaderTooMuchFailures(t *testing.T) {
 	client := &http.Client{}
 
 	var badReq *http.Request
-	badReq, err := http.NewRequest("GET", "I'm not an url", nil)
+	badReq, err := http.NewRequest(http.MethodGet, "I'm not an url", nil)
 	assert.NilError(t, err)
 
 	resreq := &requestReader{
@@ -75,9 +74,10 @@ func TestResumableRequestHeaderTooMuchFailures(t *testing.T) {
 	}
 	defer resreq.Close()
 
-	expectedError := `Get I%27m%20not%20an%20url: unsupported protocol scheme ""`
 	read, err := resreq.Read([]byte{})
-	assert.Check(t, is.Error(err, expectedError))
+	assert.Assert(t, err != nil)
+	assert.Check(t, is.ErrorContains(err, "unsupported protocol scheme"))
+	assert.Check(t, is.ErrorContains(err, "I%27m%20not%20an%20url"))
 	assert.Check(t, is.Equal(0, read))
 }
 
@@ -92,14 +92,14 @@ func (errorReaderCloser) Read(p []byte) (n int, err error) {
 // If an unknown error is encountered, return 0, nil and log it
 func TestResumableRequestReaderWithReadError(t *testing.T) {
 	var req *http.Request
-	req, err := http.NewRequest("GET", "", nil)
+	req, err := http.NewRequest(http.MethodGet, "", nil)
 	assert.NilError(t, err)
 
 	client := &http.Client{}
 
 	response := &http.Response{
 		Status:        "500 Internal Server",
-		StatusCode:    500,
+		StatusCode:    http.StatusInternalServerError,
 		ContentLength: 0,
 		Close:         true,
 		Body:          errorReaderCloser{},
@@ -123,17 +123,17 @@ func TestResumableRequestReaderWithReadError(t *testing.T) {
 
 func TestResumableRequestReaderWithEOFWith416Response(t *testing.T) {
 	var req *http.Request
-	req, err := http.NewRequest("GET", "", nil)
+	req, err := http.NewRequest(http.MethodGet, "", nil)
 	assert.NilError(t, err)
 
 	client := &http.Client{}
 
 	response := &http.Response{
 		Status:        "416 Requested Range Not Satisfiable",
-		StatusCode:    416,
+		StatusCode:    http.StatusRequestedRangeNotSatisfiable,
 		ContentLength: 0,
 		Close:         true,
-		Body:          ioutil.NopCloser(strings.NewReader("")),
+		Body:          io.NopCloser(strings.NewReader("")),
 	}
 
 	resreq := &requestReader{
@@ -159,7 +159,7 @@ func TestResumableRequestReaderWithServerDoesntSupportByteRanges(t *testing.T) {
 	defer ts.Close()
 
 	var req *http.Request
-	req, err := http.NewRequest("GET", ts.URL, nil)
+	req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
 	assert.NilError(t, err)
 
 	client := &http.Client{}
@@ -185,7 +185,7 @@ func TestResumableRequestReaderWithZeroTotalSize(t *testing.T) {
 	defer ts.Close()
 
 	var req *http.Request
-	req, err := http.NewRequest("GET", ts.URL, nil)
+	req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
 	assert.NilError(t, err)
 
 	client := &http.Client{}
@@ -194,7 +194,7 @@ func TestResumableRequestReaderWithZeroTotalSize(t *testing.T) {
 	resreq := NewRequestReader(client, req, retries, 0)
 	defer resreq.Close()
 
-	data, err := ioutil.ReadAll(resreq)
+	data, err := io.ReadAll(resreq)
 	assert.NilError(t, err)
 
 	resstr := strings.TrimSuffix(string(data), "\n")
@@ -210,7 +210,7 @@ func TestResumableRequestReader(t *testing.T) {
 	defer ts.Close()
 
 	var req *http.Request
-	req, err := http.NewRequest("GET", ts.URL, nil)
+	req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
 	assert.NilError(t, err)
 
 	client := &http.Client{}
@@ -220,7 +220,7 @@ func TestResumableRequestReader(t *testing.T) {
 	resreq := NewRequestReader(client, req, retries, imgSize)
 	defer resreq.Close()
 
-	data, err := ioutil.ReadAll(resreq)
+	data, err := io.ReadAll(resreq)
 	assert.NilError(t, err)
 
 	resstr := strings.TrimSuffix(string(data), "\n")
@@ -236,7 +236,7 @@ func TestResumableRequestReaderWithInitialResponse(t *testing.T) {
 	defer ts.Close()
 
 	var req *http.Request
-	req, err := http.NewRequest("GET", ts.URL, nil)
+	req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
 	assert.NilError(t, err)
 
 	client := &http.Client{}
@@ -249,7 +249,7 @@ func TestResumableRequestReaderWithInitialResponse(t *testing.T) {
 	resreq := NewRequestReaderWithInitialResponse(client, req, retries, imgSize, res)
 	defer resreq.Close()
 
-	data, err := ioutil.ReadAll(resreq)
+	data, err := io.ReadAll(resreq)
 	assert.NilError(t, err)
 
 	resstr := strings.TrimSuffix(string(data), "\n")
diff --git a/registry/service.go b/registry/service.go
index b441970ff1709..276b04724ab27 100644
--- a/registry/service.go
+++ b/registry/service.go
@@ -108,40 +108,38 @@ func (s *DefaultService) LoadInsecureRegistries(registries []string) error {
 // It can be used to verify the validity of a client's credentials.
 func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig, userAgent string) (status, token string, err error) {
 	// TODO Use ctx when searching for repositories
-	serverAddress := authConfig.ServerAddress
-	if serverAddress == "" {
-		serverAddress = IndexServer
-	}
-	if !strings.HasPrefix(serverAddress, "https://") && !strings.HasPrefix(serverAddress, "http://") {
-		serverAddress = "https://" + serverAddress
-	}
-	u, err := url.Parse(serverAddress)
-	if err != nil {
-		return "", "", errdefs.InvalidParameter(errors.Errorf("unable to parse server address: %v", err))
+	var registryHostName = IndexHostname
+
+	if authConfig.ServerAddress != "" {
+		serverAddress := authConfig.ServerAddress
+		if !strings.HasPrefix(serverAddress, "https://") && !strings.HasPrefix(serverAddress, "http://") {
+			serverAddress = "https://" + serverAddress
+		}
+		u, err := url.Parse(serverAddress)
+		if err != nil {
+			return "", "", errdefs.InvalidParameter(errors.Errorf("unable to parse server address: %v", err))
+		}
+		registryHostName = u.Host
 	}
 
-	endpoints, err := s.LookupPushEndpoints(u.Host)
+	// Lookup endpoints for authentication using "LookupPushEndpoints", which
+	// excludes mirrors to prevent sending credentials of the upstream registry
+	// to a mirror.
+	endpoints, err := s.LookupPushEndpoints(registryHostName)
 	if err != nil {
 		return "", "", errdefs.InvalidParameter(err)
 	}
 
 	for _, endpoint := range endpoints {
-		login := loginV2
-		if endpoint.Version == APIVersion1 {
-			login = loginV1
-		}
-
-		status, token, err = login(authConfig, endpoint, userAgent)
+		status, token, err = loginV2(authConfig, endpoint, userAgent)
 		if err == nil {
 			return
 		}
-		if fErr, ok := err.(fallbackError); ok {
-			err = fErr.err
-			logrus.Infof("Error logging in to %s endpoint, trying next endpoint: %v", endpoint.Version, err)
-			continue
+		if errdefs.IsUnauthorized(err) {
+			// Failed to authenticate; don't continue with (non-TLS) endpoints.
+			return status, token, err
 		}
-
-		return "", "", err
+		logrus.WithError(err).Infof("Error logging in to endpoint, trying next endpoint")
 	}
 
 	return "", "", err
@@ -150,18 +148,13 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig,
 // splitReposSearchTerm breaks a search term into an index name and remote name
 func splitReposSearchTerm(reposName string) (string, string) {
 	nameParts := strings.SplitN(reposName, "/", 2)
-	var indexName, remoteName string
 	if len(nameParts) == 1 || (!strings.Contains(nameParts[0], ".") &&
 		!strings.Contains(nameParts[0], ":") && nameParts[0] != "localhost") {
-		// This is a Docker Index repos (ex: samalba/hipache or ubuntu)
-		// 'docker.io'
-		indexName = IndexName
-		remoteName = reposName
-	} else {
-		indexName = nameParts[0]
-		remoteName = nameParts[1]
+		// This is a Docker Hub repository (ex: samalba/hipache or ubuntu),
+		// use the default Docker Hub registry (docker.io)
+		return IndexName, reposName
 	}
-	return indexName, remoteName
+	return nameParts[0], nameParts[1]
 }
 
 // Search queries the public registry for images matching the specified
@@ -184,7 +177,7 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
 	}
 
 	// *TODO: Search multiple indexes.
-	endpoint, err := NewV1Endpoint(index, userAgent, http.Header(headers))
+	endpoint, err := NewV1Endpoint(index, userAgent, headers)
 	if err != nil {
 		return nil, err
 	}
@@ -200,14 +193,14 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
 		}
 
 		modifiers := Headers(userAgent, nil)
-		v2Client, foundV2, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
+		v2Client, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
 		if err != nil {
 			if fErr, ok := err.(fallbackError); ok {
 				logrus.Errorf("Cannot use identity token for search, v2 auth not supported: %v", fErr.err)
 			} else {
 				return nil, err
 			}
-		} else if foundV2 {
+		} else {
 			// Copy non transport http client features
 			v2Client.Timeout = endpoint.client.Timeout
 			v2Client.CheckRedirect = endpoint.client.CheckRedirect
@@ -228,13 +221,8 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
 	r := newSession(client, authConfig, endpoint)
 
 	if index.Official {
-		localName := remoteName
-		if strings.HasPrefix(localName, "library/") {
-			// If pull "library/foo", it's stored locally under "foo"
-			localName = strings.SplitN(localName, "/", 2)[1]
-		}
-
-		return r.SearchRepositories(localName, limit)
+		// If pull "library/foo", it's stored locally under "foo"
+		remoteName = strings.TrimPrefix(remoteName, "library/")
 	}
 	return r.SearchRepositories(remoteName, limit)
 }
@@ -258,17 +246,12 @@ type APIEndpoint struct {
 	TLSConfig                      *tls.Config
 }
 
-// ToV1Endpoint returns a V1 API endpoint based on the APIEndpoint
-func (e APIEndpoint) ToV1Endpoint(userAgent string, metaHeaders http.Header) *V1Endpoint {
-	return newV1Endpoint(*e.URL, e.TLSConfig, userAgent, metaHeaders)
-}
-
 // TLSConfig constructs a client TLS configuration based on server defaults
 func (s *DefaultService) TLSConfig(hostname string) (*tls.Config, error) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	return newTLSConfig(hostname, isSecureIndex(s.config, hostname))
+	return s.tlsConfig(hostname)
 }
 
 // tlsConfig constructs a client TLS configuration based on server defaults
@@ -276,28 +259,22 @@ func (s *DefaultService) tlsConfig(hostname string) (*tls.Config, error) {
 	return newTLSConfig(hostname, isSecureIndex(s.config, hostname))
 }
 
-func (s *DefaultService) tlsConfigForMirror(mirrorURL *url.URL) (*tls.Config, error) {
-	return s.tlsConfig(mirrorURL.Host)
-}
-
-// LookupPullEndpoints creates a list of endpoints to try to pull from, in order of preference.
-// It gives preference to v2 endpoints over v1, mirrors over the actual
-// registry, and HTTPS over plain HTTP.
+// LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference.
+// It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP.
 func (s *DefaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	return s.lookupEndpoints(hostname)
+	return s.lookupV2Endpoints(hostname)
 }
 
-// LookupPushEndpoints creates a list of endpoints to try to push to, in order of preference.
-// It gives preference to v2 endpoints over v1, and HTTPS over plain HTTP.
-// Mirrors are not included.
+// LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference.
+// It gives preference to HTTPS over plain HTTP. Mirrors are not included.
 func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	allEndpoints, err := s.lookupEndpoints(hostname)
+	allEndpoints, err := s.lookupV2Endpoints(hostname)
 	if err == nil {
 		for _, endpoint := range allEndpoints {
 			if !endpoint.Mirror {
@@ -307,22 +284,3 @@ func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn
 	}
 	return endpoints, err
 }
-
-func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
-	endpoints, err = s.lookupV2Endpoints(hostname)
-	if err != nil {
-		return nil, err
-	}
-
-	if s.config.V2Only {
-		return endpoints, nil
-	}
-
-	legacyEndpoints, err := s.lookupV1Endpoints(hostname)
-	if err != nil {
-		return nil, err
-	}
-	endpoints = append(endpoints, legacyEndpoints...)
-
-	return endpoints, nil
-}
diff --git a/registry/service_v1.go b/registry/service_v1.go
deleted file mode 100644
index d955ec51fbf82..0000000000000
--- a/registry/service_v1.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package registry // import "github.com/docker/docker/registry"
-
-import "net/url"
-
-func (s *DefaultService) lookupV1Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
-	if hostname == DefaultNamespace || hostname == DefaultV2Registry.Host || hostname == IndexHostname {
-		return []APIEndpoint{}, nil
-	}
-
-	tlsConfig, err := s.tlsConfig(hostname)
-	if err != nil {
-		return nil, err
-	}
-
-	endpoints = []APIEndpoint{
-		{
-			URL: &url.URL{
-				Scheme: "https",
-				Host:   hostname,
-			},
-			Version:      APIVersion1,
-			TrimHostname: true,
-			TLSConfig:    tlsConfig,
-		},
-	}
-
-	if tlsConfig.InsecureSkipVerify {
-		endpoints = append(endpoints, APIEndpoint{ // or this
-			URL: &url.URL{
-				Scheme: "http",
-				Host:   hostname,
-			},
-			Version:      APIVersion1,
-			TrimHostname: true,
-			// used to check if supposed to be secure via InsecureSkipVerify
-			TLSConfig: tlsConfig,
-		})
-	}
-	return endpoints, nil
-}
diff --git a/registry/service_v1_test.go b/registry/service_v1_test.go
deleted file mode 100644
index 11861f7c05296..0000000000000
--- a/registry/service_v1_test.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package registry // import "github.com/docker/docker/registry"
-
-import (
-	"os"
-	"testing"
-
-	"gotest.tools/skip"
-)
-
-func TestLookupV1Endpoints(t *testing.T) {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
-	s, err := NewService(ServiceOptions{})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	cases := []struct {
-		hostname    string
-		expectedLen int
-	}{
-		{"example.com", 1},
-		{DefaultNamespace, 0},
-		{DefaultV2Registry.Host, 0},
-		{IndexHostname, 0},
-	}
-
-	for _, c := range cases {
-		if ret, err := s.lookupV1Endpoints(c.hostname); err != nil || len(ret) != c.expectedLen {
-			t.Errorf("lookupV1Endpoints(`"+c.hostname+"`) returned %+v and %+v", ret, err)
-		}
-	}
-}
diff --git a/registry/service_v2.go b/registry/service_v2.go
index 1a4c9e310547b..46f28ebccfdf1 100644
--- a/registry/service_v2.go
+++ b/registry/service_v2.go
@@ -10,7 +10,6 @@ import (
 func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
 	tlsConfig := tlsconfig.ServerDefault()
 	if hostname == DefaultNamespace || hostname == IndexHostname {
-		// v2 mirrors
 		for _, mirror := range s.config.Mirrors {
 			if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
 				mirror = "https://" + mirror
@@ -19,20 +18,18 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 			if err != nil {
 				return nil, err
 			}
-			mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+			mirrorTLSConfig, err := s.tlsConfig(mirrorURL.Host)
 			if err != nil {
 				return nil, err
 			}
 			endpoints = append(endpoints, APIEndpoint{
-				URL: mirrorURL,
-				// guess mirrors are v2
+				URL:          mirrorURL,
 				Version:      APIVersion2,
 				Mirror:       true,
 				TrimHostname: true,
 				TLSConfig:    mirrorTLSConfig,
 			})
 		}
-		// v2 registry
 		endpoints = append(endpoints, APIEndpoint{
 			URL:          DefaultV2Registry,
 			Version:      APIVersion2,
diff --git a/registry/session.go b/registry/session.go
index ef142995942f7..d34dc1e58ab45 100644
--- a/registry/session.go
+++ b/registry/session.go
@@ -1,42 +1,26 @@
 package registry // import "github.com/docker/docker/registry"
 
 import (
-	"bytes"
-	"crypto/sha256"
 	// this is required for some certificates
 	_ "crypto/sha512"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
-	"strconv"
 	"strings"
 	"sync"
 
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/tarsum"
-	"github.com/docker/docker/registry/resumable"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
-var (
-	// ErrRepoNotFound is returned if the repository didn't exist on the
-	// remote side
-	ErrRepoNotFound notFoundError = "Repository not found"
-)
-
 // A Session is used to communicate with a V1 registry
 type Session struct {
 	indexEndpoint *V1Endpoint
@@ -132,7 +116,9 @@ func (tr *authTransport) RoundTrip(orig *http.Request) (*http.Response, error) {
 	}
 	resp, err := tr.RoundTripper.RoundTrip(req)
 	if err != nil {
+		tr.mu.Lock()
 		delete(tr.modReq, orig)
+		tr.mu.Unlock()
 		return nil, err
 	}
 	if len(resp.Header["X-Docker-Token"]) > 0 {
@@ -211,527 +197,6 @@ func NewSession(client *http.Client, authConfig *types.AuthConfig, endpoint *V1E
 	return newSession(client, authConfig, endpoint), nil
 }
 
-// ID returns this registry session's ID.
-func (r *Session) ID() string {
-	return r.id
-}
-
-// GetRemoteHistory retrieves the history of a given image from the registry.
-// It returns a list of the parent's JSON files (including the requested image).
-func (r *Session) GetRemoteHistory(imgID, registry string) ([]string, error) {
-	res, err := r.client.Get(registry + "images/" + imgID + "/ancestry")
-	if err != nil {
-		return nil, err
-	}
-	defer res.Body.Close()
-	if res.StatusCode != 200 {
-		if res.StatusCode == 401 {
-			return nil, errcode.ErrorCodeUnauthorized.WithArgs()
-		}
-		return nil, newJSONError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res)
-	}
-
-	var history []string
-	if err := json.NewDecoder(res.Body).Decode(&history); err != nil {
-		return nil, fmt.Errorf("Error while reading the http response: %v", err)
-	}
-
-	logrus.Debugf("Ancestry: %v", history)
-	return history, nil
-}
-
-// LookupRemoteImage checks if an image exists in the registry
-func (r *Session) LookupRemoteImage(imgID, registry string) error {
-	res, err := r.client.Get(registry + "images/" + imgID + "/json")
-	if err != nil {
-		return err
-	}
-	res.Body.Close()
-	if res.StatusCode != 200 {
-		return newJSONError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
-	}
-	return nil
-}
-
-// GetRemoteImageJSON retrieves an image's JSON metadata from the registry.
-func (r *Session) GetRemoteImageJSON(imgID, registry string) ([]byte, int64, error) {
-	res, err := r.client.Get(registry + "images/" + imgID + "/json")
-	if err != nil {
-		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
-	}
-	defer res.Body.Close()
-	if res.StatusCode != 200 {
-		return nil, -1, newJSONError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
-	}
-	// if the size header is not present, then set it to '-1'
-	imageSize := int64(-1)
-	if hdr := res.Header.Get("X-Docker-Size"); hdr != "" {
-		imageSize, err = strconv.ParseInt(hdr, 10, 64)
-		if err != nil {
-			return nil, -1, err
-		}
-	}
-
-	jsonString, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return nil, -1, fmt.Errorf("Failed to parse downloaded json: %v (%s)", err, jsonString)
-	}
-	return jsonString, imageSize, nil
-}
-
-// GetRemoteImageLayer retrieves an image layer from the registry
-func (r *Session) GetRemoteImageLayer(imgID, registry string, imgSize int64) (io.ReadCloser, error) {
-	var (
-		statusCode = 0
-		res        *http.Response
-		err        error
-		imageURL   = fmt.Sprintf("%simages/%s/layer", registry, imgID)
-	)
-
-	req, err := http.NewRequest("GET", imageURL, nil)
-	if err != nil {
-		return nil, fmt.Errorf("Error while getting from the server: %v", err)
-	}
-
-	res, err = r.client.Do(req)
-	if err != nil {
-		logrus.Debugf("Error contacting registry %s: %v", registry, err)
-		// the only case err != nil && res != nil is https://golang.org/src/net/http/client.go#L515
-		if res != nil {
-			if res.Body != nil {
-				res.Body.Close()
-			}
-			statusCode = res.StatusCode
-		}
-		return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
-			statusCode, imgID)
-	}
-
-	if res.StatusCode != 200 {
-		res.Body.Close()
-		return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
-			res.StatusCode, imgID)
-	}
-
-	if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
-		logrus.Debug("server supports resume")
-		return resumable.NewRequestReaderWithInitialResponse(r.client, req, 5, imgSize, res), nil
-	}
-	logrus.Debug("server doesn't support resume")
-	return res.Body, nil
-}
-
-// GetRemoteTag retrieves the tag named in the askedTag argument from the given
-// repository. It queries each of the registries supplied in the registries
-// argument, and returns data from the first one that answers the query
-// successfully.
-func (r *Session) GetRemoteTag(registries []string, repositoryRef reference.Named, askedTag string) (string, error) {
-	repository := reference.Path(repositoryRef)
-
-	if strings.Count(repository, "/") == 0 {
-		// This will be removed once the registry supports auto-resolution on
-		// the "library" namespace
-		repository = "library/" + repository
-	}
-	for _, host := range registries {
-		endpoint := fmt.Sprintf("%srepositories/%s/tags/%s", host, repository, askedTag)
-		res, err := r.client.Get(endpoint)
-		if err != nil {
-			return "", err
-		}
-
-		logrus.Debugf("Got status code %d from %s", res.StatusCode, endpoint)
-		defer res.Body.Close()
-
-		if res.StatusCode == 404 {
-			return "", ErrRepoNotFound
-		}
-		if res.StatusCode != 200 {
-			continue
-		}
-
-		var tagID string
-		if err := json.NewDecoder(res.Body).Decode(&tagID); err != nil {
-			return "", err
-		}
-		return tagID, nil
-	}
-	return "", fmt.Errorf("Could not reach any registry endpoint")
-}
-
-// GetRemoteTags retrieves all tags from the given repository. It queries each
-// of the registries supplied in the registries argument, and returns data from
-// the first one that answers the query successfully. It returns a map with
-// tag names as the keys and image IDs as the values.
-func (r *Session) GetRemoteTags(registries []string, repositoryRef reference.Named) (map[string]string, error) {
-	repository := reference.Path(repositoryRef)
-
-	if strings.Count(repository, "/") == 0 {
-		// This will be removed once the registry supports auto-resolution on
-		// the "library" namespace
-		repository = "library/" + repository
-	}
-	for _, host := range registries {
-		endpoint := fmt.Sprintf("%srepositories/%s/tags", host, repository)
-		res, err := r.client.Get(endpoint)
-		if err != nil {
-			return nil, err
-		}
-
-		logrus.Debugf("Got status code %d from %s", res.StatusCode, endpoint)
-		defer res.Body.Close()
-
-		if res.StatusCode == 404 {
-			return nil, ErrRepoNotFound
-		}
-		if res.StatusCode != 200 {
-			continue
-		}
-
-		result := make(map[string]string)
-		if err := json.NewDecoder(res.Body).Decode(&result); err != nil {
-			return nil, err
-		}
-		return result, nil
-	}
-	return nil, fmt.Errorf("Could not reach any registry endpoint")
-}
-
-func buildEndpointsList(headers []string, indexEp string) ([]string, error) {
-	var endpoints []string
-	parsedURL, err := url.Parse(indexEp)
-	if err != nil {
-		return nil, err
-	}
-	var urlScheme = parsedURL.Scheme
-	// The registry's URL scheme has to match the Index'
-	for _, ep := range headers {
-		epList := strings.Split(ep, ",")
-		for _, epListElement := range epList {
-			endpoints = append(
-				endpoints,
-				fmt.Sprintf("%s://%s/v1/", urlScheme, strings.TrimSpace(epListElement)))
-		}
-	}
-	return endpoints, nil
-}
-
-// GetRepositoryData returns lists of images and endpoints for the repository
-func (r *Session) GetRepositoryData(name reference.Named) (*RepositoryData, error) {
-	repositoryTarget := fmt.Sprintf("%srepositories/%s/images", r.indexEndpoint.String(), reference.Path(name))
-
-	logrus.Debugf("[registry] Calling GET %s", repositoryTarget)
-
-	req, err := http.NewRequest("GET", repositoryTarget, nil)
-	if err != nil {
-		return nil, err
-	}
-	// this will set basic auth in r.client.Transport and send cached X-Docker-Token headers for all subsequent requests
-	req.Header.Set("X-Docker-Token", "true")
-	res, err := r.client.Do(req)
-	if err != nil {
-		// check if the error is because of i/o timeout
-		// and return a non-obtuse error message for users
-		// "Get https://index.docker.io/v1/repositories/library/busybox/images: i/o timeout"
-		// was a top search on the docker user forum
-		if isTimeout(err) {
-			return nil, fmt.Errorf("network timed out while trying to connect to %s. You may want to check your internet connection or if you are behind a proxy", repositoryTarget)
-		}
-		return nil, fmt.Errorf("Error while pulling image: %v", err)
-	}
-	defer res.Body.Close()
-	if res.StatusCode == 401 {
-		return nil, errcode.ErrorCodeUnauthorized.WithArgs()
-	}
-	// TODO: Right now we're ignoring checksums in the response body.
-	// In the future, we need to use them to check image validity.
-	if res.StatusCode == 404 {
-		return nil, newJSONError(fmt.Sprintf("HTTP code: %d", res.StatusCode), res)
-	} else if res.StatusCode != 200 {
-		errBody, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			logrus.Debugf("Error reading response body: %s", err)
-		}
-		return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to pull repository %s: %q", res.StatusCode, reference.Path(name), errBody), res)
-	}
-
-	var endpoints []string
-	if res.Header.Get("X-Docker-Endpoints") != "" {
-		endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], r.indexEndpoint.String())
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		// Assume the endpoint is on the same host
-		endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", r.indexEndpoint.URL.Scheme, req.URL.Host))
-	}
-
-	remoteChecksums := []*ImgData{}
-	if err := json.NewDecoder(res.Body).Decode(&remoteChecksums); err != nil {
-		return nil, err
-	}
-
-	// Forge a better object from the retrieved data
-	imgsData := make(map[string]*ImgData, len(remoteChecksums))
-	for _, elem := range remoteChecksums {
-		imgsData[elem.ID] = elem
-	}
-
-	return &RepositoryData{
-		ImgList:   imgsData,
-		Endpoints: endpoints,
-	}, nil
-}
-
-// PushImageChecksumRegistry uploads checksums for an image
-func (r *Session) PushImageChecksumRegistry(imgData *ImgData, registry string) error {
-	u := registry + "images/" + imgData.ID + "/checksum"
-
-	logrus.Debugf("[registry] Calling PUT %s", u)
-
-	req, err := http.NewRequest("PUT", u, nil)
-	if err != nil {
-		return err
-	}
-	req.Header.Set("X-Docker-Checksum", imgData.Checksum)
-	req.Header.Set("X-Docker-Checksum-Payload", imgData.ChecksumPayload)
-
-	res, err := r.client.Do(req)
-	if err != nil {
-		return fmt.Errorf("Failed to upload metadata: %v", err)
-	}
-	defer res.Body.Close()
-	if len(res.Cookies()) > 0 {
-		r.client.Jar.SetCookies(req.URL, res.Cookies())
-	}
-	if res.StatusCode != 200 {
-		errBody, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			return fmt.Errorf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err)
-		}
-		var jsonBody map[string]string
-		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
-			errBody = []byte(err.Error())
-		} else if jsonBody["error"] == "Image already exists" {
-			return ErrAlreadyExists
-		}
-		return fmt.Errorf("HTTP code %d while uploading metadata: %q", res.StatusCode, errBody)
-	}
-	return nil
-}
-
-// PushImageJSONRegistry pushes JSON metadata for a local image to the registry
-func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, registry string) error {
-
-	u := registry + "images/" + imgData.ID + "/json"
-
-	logrus.Debugf("[registry] Calling PUT %s", u)
-
-	req, err := http.NewRequest("PUT", u, bytes.NewReader(jsonRaw))
-	if err != nil {
-		return err
-	}
-	req.Header.Add("Content-type", "application/json")
-
-	res, err := r.client.Do(req)
-	if err != nil {
-		return fmt.Errorf("Failed to upload metadata: %s", err)
-	}
-	defer res.Body.Close()
-	if res.StatusCode == 401 && strings.HasPrefix(registry, "http://") {
-		return newJSONError("HTTP code 401, Docker will not send auth headers over HTTP.", res)
-	}
-	if res.StatusCode != 200 {
-		errBody, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			return newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
-		}
-		var jsonBody map[string]string
-		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
-			errBody = []byte(err.Error())
-		} else if jsonBody["error"] == "Image already exists" {
-			return ErrAlreadyExists
-		}
-		return newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata: %q", res.StatusCode, errBody), res)
-	}
-	return nil
-}
-
-// PushImageLayerRegistry sends the checksum of an image layer to the registry
-func (r *Session) PushImageLayerRegistry(imgID string, layer io.Reader, registry string, jsonRaw []byte) (checksum string, checksumPayload string, err error) {
-	u := registry + "images/" + imgID + "/layer"
-
-	logrus.Debugf("[registry] Calling PUT %s", u)
-
-	tarsumLayer, err := tarsum.NewTarSum(layer, false, tarsum.Version0)
-	if err != nil {
-		return "", "", err
-	}
-	h := sha256.New()
-	h.Write(jsonRaw)
-	h.Write([]byte{'\n'})
-	checksumLayer := io.TeeReader(tarsumLayer, h)
-
-	req, err := http.NewRequest("PUT", u, checksumLayer)
-	if err != nil {
-		return "", "", err
-	}
-	req.Header.Add("Content-Type", "application/octet-stream")
-	req.ContentLength = -1
-	req.TransferEncoding = []string{"chunked"}
-	res, err := r.client.Do(req)
-	if err != nil {
-		return "", "", fmt.Errorf("Failed to upload layer: %v", err)
-	}
-	if rc, ok := layer.(io.Closer); ok {
-		if err := rc.Close(); err != nil {
-			return "", "", err
-		}
-	}
-	defer res.Body.Close()
-
-	if res.StatusCode != 200 {
-		errBody, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			return "", "", newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
-		}
-		return "", "", newJSONError(fmt.Sprintf("Received HTTP code %d while uploading layer: %q", res.StatusCode, errBody), res)
-	}
-
-	checksumPayload = "sha256:" + hex.EncodeToString(h.Sum(nil))
-	return tarsumLayer.Sum(jsonRaw), checksumPayload, nil
-}
-
-// PushRegistryTag pushes a tag on the registry.
-// Remote has the format '<user>/<repo>
-func (r *Session) PushRegistryTag(remote reference.Named, revision, tag, registry string) error {
-	// "jsonify" the string
-	revision = "\"" + revision + "\""
-	path := fmt.Sprintf("repositories/%s/tags/%s", reference.Path(remote), tag)
-
-	req, err := http.NewRequest("PUT", registry+path, strings.NewReader(revision))
-	if err != nil {
-		return err
-	}
-	req.Header.Add("Content-type", "application/json")
-	req.ContentLength = int64(len(revision))
-	res, err := r.client.Do(req)
-	if err != nil {
-		return err
-	}
-	res.Body.Close()
-	if res.StatusCode != 200 && res.StatusCode != 201 {
-		return newJSONError(fmt.Sprintf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, reference.Path(remote)), res)
-	}
-	return nil
-}
-
-// PushImageJSONIndex uploads an image list to the repository
-func (r *Session) PushImageJSONIndex(remote reference.Named, imgList []*ImgData, validate bool, regs []string) (*RepositoryData, error) {
-	cleanImgList := []*ImgData{}
-	if validate {
-		for _, elem := range imgList {
-			if elem.Checksum != "" {
-				cleanImgList = append(cleanImgList, elem)
-			}
-		}
-	} else {
-		cleanImgList = imgList
-	}
-
-	imgListJSON, err := json.Marshal(cleanImgList)
-	if err != nil {
-		return nil, err
-	}
-	var suffix string
-	if validate {
-		suffix = "images"
-	}
-	u := fmt.Sprintf("%srepositories/%s/%s", r.indexEndpoint.String(), reference.Path(remote), suffix)
-	logrus.Debugf("[registry] PUT %s", u)
-	logrus.Debugf("Image list pushed to index:\n%s", imgListJSON)
-	headers := map[string][]string{
-		"Content-type": {"application/json"},
-		// this will set basic auth in r.client.Transport and send cached X-Docker-Token headers for all subsequent requests
-		"X-Docker-Token": {"true"},
-	}
-	if validate {
-		headers["X-Docker-Endpoints"] = regs
-	}
-
-	// Redirect if necessary
-	var res *http.Response
-	for {
-		if res, err = r.putImageRequest(u, headers, imgListJSON); err != nil {
-			return nil, err
-		}
-		if !shouldRedirect(res) {
-			break
-		}
-		res.Body.Close()
-		u = res.Header.Get("Location")
-		logrus.Debugf("Redirected to %s", u)
-	}
-	defer res.Body.Close()
-
-	if res.StatusCode == 401 {
-		return nil, errcode.ErrorCodeUnauthorized.WithArgs()
-	}
-
-	var tokens, endpoints []string
-	if !validate {
-		if res.StatusCode != 200 && res.StatusCode != 201 {
-			errBody, err := ioutil.ReadAll(res.Body)
-			if err != nil {
-				logrus.Debugf("Error reading response body: %s", err)
-			}
-			return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to push repository %s: %q", res.StatusCode, reference.Path(remote), errBody), res)
-		}
-		tokens = res.Header["X-Docker-Token"]
-		logrus.Debugf("Auth token: %v", tokens)
-
-		if res.Header.Get("X-Docker-Endpoints") == "" {
-			return nil, fmt.Errorf("Index response didn't contain any endpoints")
-		}
-		endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], r.indexEndpoint.String())
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		if res.StatusCode != 204 {
-			errBody, err := ioutil.ReadAll(res.Body)
-			if err != nil {
-				logrus.Debugf("Error reading response body: %s", err)
-			}
-			return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to push checksums %s: %q", res.StatusCode, reference.Path(remote), errBody), res)
-		}
-	}
-
-	return &RepositoryData{
-		Endpoints: endpoints,
-	}, nil
-}
-
-func (r *Session) putImageRequest(u string, headers map[string][]string, body []byte) (*http.Response, error) {
-	req, err := http.NewRequest("PUT", u, bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-	req.ContentLength = int64(len(body))
-	for k, v := range headers {
-		req.Header[k] = v
-	}
-	response, err := r.client.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	return response, nil
-}
-
-func shouldRedirect(response *http.Response) bool {
-	return response.StatusCode >= 300 && response.StatusCode < 400
-}
-
 // SearchRepositories performs a search against the remote repository
 func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.SearchResults, error) {
 	if limit < 1 || limit > 100 {
@@ -740,7 +205,7 @@ func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.Sea
 	logrus.Debugf("Index server: %s", r.indexEndpoint)
 	u := r.indexEndpoint.String() + "search?q=" + url.QueryEscape(term) + "&n=" + url.QueryEscape(fmt.Sprintf("%d", limit))
 
-	req, err := http.NewRequest("GET", u, nil)
+	req, err := http.NewRequest(http.MethodGet, u, nil)
 	if err != nil {
 		return nil, errors.Wrap(errdefs.InvalidParameter(err), "Error building request")
 	}
@@ -751,29 +216,12 @@ func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.Sea
 		return nil, errdefs.System(err)
 	}
 	defer res.Body.Close()
-	if res.StatusCode != 200 {
-		return nil, newJSONError(fmt.Sprintf("Unexpected status code %d", res.StatusCode), res)
+	if res.StatusCode != http.StatusOK {
+		return nil, &jsonmessage.JSONError{
+			Message: fmt.Sprintf("Unexpected status code %d", res.StatusCode),
+			Code:    res.StatusCode,
+		}
 	}
 	result := new(registrytypes.SearchResults)
 	return result, errors.Wrap(json.NewDecoder(res.Body).Decode(result), "error decoding registry search results")
 }
-
-func isTimeout(err error) bool {
-	type timeout interface {
-		Timeout() bool
-	}
-	e := err
-	switch urlErr := err.(type) {
-	case *url.Error:
-		e = urlErr.Err
-	}
-	t, ok := e.(timeout)
-	return ok && t.Timeout()
-}
-
-func newJSONError(msg string, res *http.Response) error {
-	return &jsonmessage.JSONError{
-		Message: msg,
-		Code:    res.StatusCode,
-	}
-}
diff --git a/registry/types.go b/registry/types.go
index 28ed2bfa5e88f..073e244ba8b1b 100644
--- a/registry/types.go
+++ b/registry/types.go
@@ -45,9 +45,8 @@ func (av APIVersion) String() string {
 
 // API Version identifiers.
 const (
-	_                      = iota
-	APIVersion1 APIVersion = iota
-	APIVersion2
+	APIVersion1 APIVersion = 1
+	APIVersion2 APIVersion = 2
 )
 
 var apiVersions = map[APIVersion]string{
diff --git a/restartmanager/restartmanager.go b/restartmanager/restartmanager.go
index 6468ccf7e64e1..12094def60dfc 100644
--- a/restartmanager/restartmanager.go
+++ b/restartmanager/restartmanager.go
@@ -107,11 +107,14 @@ func (rm *restartManager) ShouldRestart(exitCode uint32, hasBeenManuallyStopped
 
 	ch := make(chan error)
 	go func() {
+		timeout := time.NewTimer(rm.timeout)
+		defer timeout.Stop()
+
 		select {
 		case <-rm.cancel:
 			ch <- ErrRestartCanceled
 			close(ch)
-		case <-time.After(rm.timeout):
+		case <-timeout.C:
 			rm.Lock()
 			close(ch)
 			rm.active = false
diff --git a/restartmanager/restartmanager_test.go b/restartmanager/restartmanager_test.go
index 4b6f30247902a..82558946bc2f8 100644
--- a/restartmanager/restartmanager_test.go
+++ b/restartmanager/restartmanager_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestRestartManagerTimeout(t *testing.T) {
 	rm := New(container.RestartPolicy{Name: "always"}, 0).(*restartManager)
-	var duration = time.Duration(1 * time.Second)
+	var duration = 1 * time.Second
 	should, _, err := rm.ShouldRestart(0, false, duration)
 	if err != nil {
 		t.Fatal(err)
@@ -25,7 +25,7 @@ func TestRestartManagerTimeout(t *testing.T) {
 func TestRestartManagerTimeoutReset(t *testing.T) {
 	rm := New(container.RestartPolicy{Name: "always"}, 0).(*restartManager)
 	rm.timeout = 5 * time.Second
-	var duration = time.Duration(10 * time.Second)
+	var duration = 10 * time.Second
 	_, _, err := rm.ShouldRestart(0, false, duration)
 	if err != nil {
 		t.Fatal(err)
diff --git a/rootless/rootless.go b/rootless/rootless.go
new file mode 100644
index 0000000000000..376d5263de9fc
--- /dev/null
+++ b/rootless/rootless.go
@@ -0,0 +1,25 @@
+package rootless // import "github.com/docker/docker/rootless"
+
+import (
+	"os"
+	"sync"
+)
+
+const (
+	// RootlessKitDockerProxyBinary is the binary name of rootlesskit-docker-proxy
+	RootlessKitDockerProxyBinary = "rootlesskit-docker-proxy"
+)
+
+var (
+	runningWithRootlessKit     bool
+	runningWithRootlessKitOnce sync.Once
+)
+
+// RunningWithRootlessKit returns true if running under RootlessKit namespaces.
+func RunningWithRootlessKit() bool {
+	runningWithRootlessKitOnce.Do(func() {
+		u := os.Getenv("ROOTLESSKIT_STATE_DIR")
+		runningWithRootlessKit = u != ""
+	})
+	return runningWithRootlessKit
+}
diff --git a/rootless/specconv/specconv_linux.go b/rootless/specconv/specconv_linux.go
new file mode 100644
index 0000000000000..4e542818c24d4
--- /dev/null
+++ b/rootless/specconv/specconv_linux.go
@@ -0,0 +1,138 @@
+package specconv // import "github.com/docker/docker/rootless/specconv"
+
+import (
+	"os"
+	"path"
+	"strconv"
+	"strings"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
+)
+
+// ToRootless converts spec to be compatible with "rootless" runc.
+// * Remove non-supported cgroups
+// * Fix up OOMScoreAdj
+// * Fix up /proc if --pid=host
+//
+// v2Controllers should be non-nil only if running with v2 and systemd.
+func ToRootless(spec *specs.Spec, v2Controllers []string) error {
+	return toRootless(spec, v2Controllers, getCurrentOOMScoreAdj())
+}
+
+func getCurrentOOMScoreAdj() int {
+	b, err := os.ReadFile("/proc/self/oom_score_adj")
+	if err != nil {
+		logrus.WithError(err).Warn("failed to read /proc/self/oom_score_adj")
+		return 0
+	}
+	s := string(b)
+	i, err := strconv.Atoi(strings.TrimSpace(s))
+	if err != nil {
+		logrus.WithError(err).Warnf("failed to parse /proc/self/oom_score_adj (%q)", s)
+		return 0
+	}
+	return i
+}
+
+func toRootless(spec *specs.Spec, v2Controllers []string, currentOOMScoreAdj int) error {
+	if len(v2Controllers) == 0 {
+		// Remove cgroup settings.
+		spec.Linux.Resources = nil
+		spec.Linux.CgroupsPath = ""
+	} else {
+		if spec.Linux.Resources != nil {
+			m := make(map[string]struct{})
+			for _, s := range v2Controllers {
+				m[s] = struct{}{}
+			}
+			// Remove devices: https://github.com/containers/crun/issues/255
+			spec.Linux.Resources.Devices = nil
+			if _, ok := m["memory"]; !ok {
+				spec.Linux.Resources.Memory = nil
+			}
+			if _, ok := m["cpu"]; !ok {
+				spec.Linux.Resources.CPU = nil
+			}
+			if _, ok := m["cpuset"]; !ok {
+				if spec.Linux.Resources.CPU != nil {
+					spec.Linux.Resources.CPU.Cpus = ""
+					spec.Linux.Resources.CPU.Mems = ""
+				}
+			}
+			if _, ok := m["pids"]; !ok {
+				spec.Linux.Resources.Pids = nil
+			}
+			if _, ok := m["io"]; !ok {
+				spec.Linux.Resources.BlockIO = nil
+			}
+			if _, ok := m["rdma"]; !ok {
+				spec.Linux.Resources.Rdma = nil
+			}
+			spec.Linux.Resources.HugepageLimits = nil
+			spec.Linux.Resources.Network = nil
+		}
+	}
+
+	if spec.Process.OOMScoreAdj != nil && *spec.Process.OOMScoreAdj < currentOOMScoreAdj {
+		*spec.Process.OOMScoreAdj = currentOOMScoreAdj
+	}
+
+	// Fix up /proc if --pid=host
+	pidHost, err := isPidHost(spec)
+	if err != nil {
+		return err
+	}
+	if !pidHost {
+		return nil
+	}
+	return bindMountHostProcfs(spec)
+}
+
+func isPidHost(spec *specs.Spec) (bool, error) {
+	for _, ns := range spec.Linux.Namespaces {
+		if ns.Type == specs.PIDNamespace {
+			if ns.Path == "" {
+				return false, nil
+			}
+			pidNS, err := os.Readlink(ns.Path)
+			if err != nil {
+				return false, err
+			}
+			selfPidNS, err := os.Readlink("/proc/self/ns/pid")
+			if err != nil {
+				return false, err
+			}
+			return pidNS == selfPidNS, nil
+		}
+	}
+	return true, nil
+}
+
+func bindMountHostProcfs(spec *specs.Spec) error {
+	// Replace procfs mount with rbind
+	// https://github.com/containers/podman/blob/v3.0.0-rc1/pkg/specgen/generate/oci.go#L248-L257
+	for i, m := range spec.Mounts {
+		if path.Clean(m.Destination) == "/proc" {
+			newM := specs.Mount{
+				Destination: "/proc",
+				Type:        "bind",
+				Source:      "/proc",
+				Options:     []string{"rbind", "nosuid", "noexec", "nodev"},
+			}
+			spec.Mounts[i] = newM
+		}
+	}
+
+	// Remove ReadonlyPaths for /proc/*
+	newROP := spec.Linux.ReadonlyPaths[:0]
+	for _, s := range spec.Linux.ReadonlyPaths {
+		s = path.Clean(s)
+		if !strings.HasPrefix(s, "/proc/") {
+			newROP = append(newROP, s)
+		}
+	}
+	spec.Linux.ReadonlyPaths = newROP
+
+	return nil
+}
diff --git a/runconfig/config.go b/runconfig/config.go
index cbacf47df341d..1b71b2042f3ad 100644
--- a/runconfig/config.go
+++ b/runconfig/config.go
@@ -11,11 +11,20 @@ import (
 
 // ContainerDecoder implements httputils.ContainerDecoder
 // calling DecodeContainerConfig.
-type ContainerDecoder struct{}
+type ContainerDecoder struct {
+	GetSysInfo func() *sysinfo.SysInfo
+}
 
 // DecodeConfig makes ContainerDecoder to implement httputils.ContainerDecoder
 func (r ContainerDecoder) DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
-	return decodeContainerConfig(src)
+	var si *sysinfo.SysInfo
+	if r.GetSysInfo != nil {
+		si = r.GetSysInfo()
+	} else {
+		si = sysinfo.New()
+	}
+
+	return decodeContainerConfig(src, si)
 }
 
 // DecodeHostConfig makes ContainerDecoder to implement httputils.ContainerDecoder
@@ -24,58 +33,42 @@ func (r ContainerDecoder) DecodeHostConfig(src io.Reader) (*container.HostConfig
 }
 
 // decodeContainerConfig decodes a json encoded config into a ContainerConfigWrapper
-// struct and returns both a Config and a HostConfig struct
+// struct and returns both a Config and a HostConfig struct, and performs some
+// validation. Certain parameters need daemon-side validation that cannot be done
+// on the client, as only the daemon knows what is valid for the platform.
 // Be aware this function is not checking whether the resulted structs are nil,
 // it's your business to do so
-func decodeContainerConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
+func decodeContainerConfig(src io.Reader, si *sysinfo.SysInfo) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
 	var w ContainerConfigWrapper
-
-	decoder := json.NewDecoder(src)
-	if err := decoder.Decode(&w); err != nil {
+	if err := json.NewDecoder(src).Decode(&w); err != nil {
 		return nil, nil, nil, err
 	}
 
 	hc := w.getHostConfig()
-
-	// Perform platform-specific processing of Volumes and Binds.
-	if w.Config != nil && hc != nil {
-
-		// Initialize the volumes map if currently nil
-		if w.Config.Volumes == nil {
-			w.Config.Volumes = make(map[string]struct{})
-		}
+	if hc == nil {
+		// We may not be passed a host config, such as in the case of docker commit
+		return w.Config, hc, w.NetworkingConfig, nil
 	}
-
-	// Certain parameters need daemon-side validation that cannot be done
-	// on the client, as only the daemon knows what is valid for the platform.
 	if err := validateNetMode(w.Config, hc); err != nil {
 		return nil, nil, nil, err
 	}
-
-	// Validate isolation
 	if err := validateIsolation(hc); err != nil {
 		return nil, nil, nil, err
 	}
-
-	// Validate QoS
 	if err := validateQoS(hc); err != nil {
 		return nil, nil, nil, err
 	}
-
-	// Validate Resources
-	if err := validateResources(hc, sysinfo.New(true)); err != nil {
+	if err := validateResources(hc, si); err != nil {
 		return nil, nil, nil, err
 	}
-
-	// Validate Privileged
 	if err := validatePrivileged(hc); err != nil {
 		return nil, nil, nil, err
 	}
-
-	// Validate ReadonlyRootfs
 	if err := validateReadonlyRootfs(hc); err != nil {
 		return nil, nil, nil, err
 	}
-
+	if w.Config != nil && w.Config.Volumes == nil {
+		w.Config.Volumes = make(map[string]struct{})
+	}
 	return w.Config, hc, w.NetworkingConfig, nil
 }
diff --git a/runconfig/config_test.go b/runconfig/config_test.go
index 67d386969f4da..5325f5a754752 100644
--- a/runconfig/config_test.go
+++ b/runconfig/config_test.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"runtime"
 	"strings"
 	"testing"
@@ -12,8 +12,7 @@ import (
 	"github.com/docker/docker/api/types/container"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/strslice"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"github.com/docker/docker/pkg/sysinfo"
 )
 
 type f struct {
@@ -43,12 +42,12 @@ func TestDecodeContainerConfig(t *testing.T) {
 	}
 
 	for _, f := range fixtures {
-		b, err := ioutil.ReadFile(f.file)
+		b, err := os.ReadFile(f.file)
 		if err != nil {
 			t.Fatal(err)
 		}
 
-		c, h, _, err := decodeContainerConfig(bytes.NewReader(b))
+		c, h, _, err := decodeContainerConfig(bytes.NewReader(b), sysinfo.New())
 		if err != nil {
 			t.Fatal(fmt.Errorf("Error parsing %s: %v", f, err))
 		}
@@ -132,59 +131,5 @@ func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *c
 	if b, err = json.Marshal(w); err != nil {
 		return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error())
 	}
-	return decodeContainerConfig(bytes.NewReader(b))
-}
-
-type decodeConfigTestcase struct {
-	doc                string
-	wrapper            ContainerConfigWrapper
-	expectedErr        string
-	expectedConfig     *container.Config
-	expectedHostConfig *container.HostConfig
-	goos               string
-}
-
-func runDecodeContainerConfigTestCase(testcase decodeConfigTestcase) func(t *testing.T) {
-	return func(t *testing.T) {
-		raw := marshal(t, testcase.wrapper, testcase.doc)
-		config, hostConfig, _, err := decodeContainerConfig(bytes.NewReader(raw))
-		if testcase.expectedErr != "" {
-			if !assert.Check(t, is.ErrorContains(err, "")) {
-				return
-			}
-			assert.Check(t, is.Contains(err.Error(), testcase.expectedErr))
-			return
-		}
-		assert.Check(t, err)
-		assert.Check(t, is.DeepEqual(testcase.expectedConfig, config))
-		assert.Check(t, is.DeepEqual(testcase.expectedHostConfig, hostConfig))
-	}
-}
-
-func marshal(t *testing.T, w ContainerConfigWrapper, doc string) []byte {
-	b, err := json.Marshal(w)
-	assert.NilError(t, err, "%s: failed to encode config wrapper", doc)
-	return b
-}
-
-func containerWrapperWithVolume(volume string) ContainerConfigWrapper {
-	return ContainerConfigWrapper{
-		Config: &container.Config{
-			Volumes: map[string]struct{}{
-				volume: {},
-			},
-		},
-		HostConfig: &container.HostConfig{},
-	}
-}
-
-func containerWrapperWithBind(bind string) ContainerConfigWrapper {
-	return ContainerConfigWrapper{
-		Config: &container.Config{
-			Volumes: map[string]struct{}{},
-		},
-		HostConfig: &container.HostConfig{
-			Binds: []string{bind},
-		},
-	}
+	return decodeContainerConfig(bytes.NewReader(b), sysinfo.New())
 }
diff --git a/runconfig/config_unix.go b/runconfig/config_unix.go
index 65e8d6fcd498a..6b2939705156e 100644
--- a/runconfig/config_unix.go
+++ b/runconfig/config_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package runconfig // import "github.com/docker/docker/runconfig"
@@ -24,7 +25,7 @@ func (w *ContainerConfigWrapper) getHostConfig() *container.HostConfig {
 
 	if hc == nil && w.InnerHostConfig != nil {
 		hc = w.InnerHostConfig
-	} else if w.InnerHostConfig != nil {
+	} else if hc != nil && w.InnerHostConfig != nil {
 		if hc.Memory != 0 && w.InnerHostConfig.Memory == 0 {
 			w.InnerHostConfig.Memory = hc.Memory
 		}
diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 7d99e5acfabdd..1d6266d5f719e 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -11,15 +11,11 @@ import (
 // DecodeHostConfig creates a HostConfig based on the specified Reader.
 // It assumes the content of the reader will be JSON, and decodes it.
 func decodeHostConfig(src io.Reader) (*container.HostConfig, error) {
-	decoder := json.NewDecoder(src)
-
 	var w ContainerConfigWrapper
-	if err := decoder.Decode(&w); err != nil {
+	if err := json.NewDecoder(src).Decode(&w); err != nil {
 		return nil, err
 	}
-
-	hc := w.getHostConfig()
-	return hc, nil
+	return w.getHostConfig(), nil
 }
 
 // SetDefaultNetModeIfBlank changes the NetworkMode in a HostConfig structure
@@ -27,20 +23,14 @@ func decodeHostConfig(src io.Reader) (*container.HostConfig, error) {
 // the validation of the network mode was moved from the docker CLI to the
 // docker daemon.
 func SetDefaultNetModeIfBlank(hc *container.HostConfig) {
-	if hc != nil {
-		if hc.NetworkMode == container.NetworkMode("") {
-			hc.NetworkMode = container.NetworkMode("default")
-		}
+	if hc != nil && hc.NetworkMode == "" {
+		hc.NetworkMode = "default"
 	}
 }
 
 // validateNetContainerMode ensures that the various combinations of requested
 // network settings wrt container mode are valid.
 func validateNetContainerMode(c *container.Config, hc *container.HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
 	parts := strings.Split(string(hc.NetworkMode), ":")
 	if parts[0] == "container" {
 		if len(parts) < 2 || parts[1] == "" {
diff --git a/runconfig/hostconfig_test.go b/runconfig/hostconfig_test.go
index d74d5f1176d48..9039e07f12985 100644
--- a/runconfig/hostconfig_test.go
+++ b/runconfig/hostconfig_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package runconfig // import "github.com/docker/docker/runconfig"
@@ -5,15 +6,41 @@ package runconfig // import "github.com/docker/docker/runconfig"
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/sysinfo"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
+func TestCgroupnsModeTest(t *testing.T) {
+	cgroupNsModes := map[container.CgroupnsMode][]bool{
+		// private, host, empty, valid
+		"":                {false, false, true, true},
+		"something:weird": {false, false, false, false},
+		"host":            {false, true, false, true},
+		"host:name":       {false, false, false, false},
+		"private":         {true, false, false, true},
+		"private:name":    {false, false, false, false},
+	}
+	for cgroupNsMode, state := range cgroupNsModes {
+		if cgroupNsMode.IsPrivate() != state[0] {
+			t.Fatalf("CgroupnsMode.IsPrivate for %v should have been %v but was %v", cgroupNsMode, state[0], cgroupNsMode.IsPrivate())
+		}
+		if cgroupNsMode.IsHost() != state[1] {
+			t.Fatalf("CgroupnsMode.IsHost for %v should have been %v but was %v", cgroupNsMode, state[1], cgroupNsMode.IsHost())
+		}
+		if cgroupNsMode.IsEmpty() != state[2] {
+			t.Fatalf("CgroupnsMode.Valid for %v should have been %v but was %v", cgroupNsMode, state[2], cgroupNsMode.Valid())
+		}
+		if cgroupNsMode.Valid() != state[3] {
+			t.Fatalf("CgroupnsMode.Valid for %v should have been %v but was %v", cgroupNsMode, state[2], cgroupNsMode.Valid())
+		}
+	}
+}
+
 // TODO Windows: This will need addressing for a Windows daemon.
 func TestNetworkModeTest(t *testing.T) {
 	networkModes := map[container.NetworkMode][]bool{
@@ -186,7 +213,7 @@ func TestDecodeHostConfig(t *testing.T) {
 	}
 
 	for _, f := range fixtures {
-		b, err := ioutil.ReadFile(f.file)
+		b, err := os.ReadFile(f.file)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -214,46 +241,41 @@ func TestDecodeHostConfig(t *testing.T) {
 
 func TestValidateResources(t *testing.T) {
 	type resourceTest struct {
-		ConfigCPURealtimePeriod   int64
-		ConfigCPURealtimeRuntime  int64
-		SysInfoCPURealtimePeriod  bool
-		SysInfoCPURealtimeRuntime bool
-		ErrorExpected             bool
-		FailureMsg                string
+		ConfigCPURealtimePeriod  int64
+		ConfigCPURealtimeRuntime int64
+		SysInfoCPURealtime       bool
+		ErrorExpected            bool
+		FailureMsg               string
 	}
 
 	tests := []resourceTest{
 		{
-			ConfigCPURealtimePeriod:   1000,
-			ConfigCPURealtimeRuntime:  1000,
-			SysInfoCPURealtimePeriod:  true,
-			SysInfoCPURealtimeRuntime: true,
-			ErrorExpected:             false,
-			FailureMsg:                "Expected valid configuration",
+			ConfigCPURealtimePeriod:  1000,
+			ConfigCPURealtimeRuntime: 1000,
+			SysInfoCPURealtime:       true,
+			ErrorExpected:            false,
+			FailureMsg:               "Expected valid configuration",
 		},
 		{
-			ConfigCPURealtimePeriod:   5000,
-			ConfigCPURealtimeRuntime:  5000,
-			SysInfoCPURealtimePeriod:  false,
-			SysInfoCPURealtimeRuntime: true,
-			ErrorExpected:             true,
-			FailureMsg:                "Expected failure when cpu-rt-period is set but kernel doesn't support it",
+			ConfigCPURealtimePeriod:  5000,
+			ConfigCPURealtimeRuntime: 5000,
+			SysInfoCPURealtime:       false,
+			ErrorExpected:            true,
+			FailureMsg:               "Expected failure when cpu-rt-period is set but kernel doesn't support it",
 		},
 		{
-			ConfigCPURealtimePeriod:   5000,
-			ConfigCPURealtimeRuntime:  5000,
-			SysInfoCPURealtimePeriod:  true,
-			SysInfoCPURealtimeRuntime: false,
-			ErrorExpected:             true,
-			FailureMsg:                "Expected failure when cpu-rt-runtime is set but kernel doesn't support it",
+			ConfigCPURealtimePeriod:  5000,
+			ConfigCPURealtimeRuntime: 5000,
+			SysInfoCPURealtime:       false,
+			ErrorExpected:            true,
+			FailureMsg:               "Expected failure when cpu-rt-runtime is set but kernel doesn't support it",
 		},
 		{
-			ConfigCPURealtimePeriod:   5000,
-			ConfigCPURealtimeRuntime:  10000,
-			SysInfoCPURealtimePeriod:  true,
-			SysInfoCPURealtimeRuntime: false,
-			ErrorExpected:             true,
-			FailureMsg:                "Expected failure when cpu-rt-runtime is greater than cpu-rt-period",
+			ConfigCPURealtimePeriod:  5000,
+			ConfigCPURealtimeRuntime: 10000,
+			SysInfoCPURealtime:       true,
+			ErrorExpected:            true,
+			FailureMsg:               "Expected failure when cpu-rt-runtime is greater than cpu-rt-period",
 		},
 	}
 
@@ -263,8 +285,7 @@ func TestValidateResources(t *testing.T) {
 		hc.Resources.CPURealtimeRuntime = rt.ConfigCPURealtimeRuntime
 
 		var si sysinfo.SysInfo
-		si.CPURealtimePeriod = rt.SysInfoCPURealtimePeriod
-		si.CPURealtimeRuntime = rt.SysInfoCPURealtimeRuntime
+		si.CPURealtime = rt.SysInfoCPURealtime
 
 		if err := validateResources(&hc, &si); (err != nil) != rt.ErrorExpected {
 			t.Fatal(rt.FailureMsg, err)
diff --git a/runconfig/hostconfig_unix.go b/runconfig/hostconfig_unix.go
index e579b06d9b287..bbe70263499db 100644
--- a/runconfig/hostconfig_unix.go
+++ b/runconfig/hostconfig_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package runconfig // import "github.com/docker/docker/runconfig"
@@ -13,7 +14,7 @@ import (
 // DefaultDaemonNetworkMode returns the default network stack the daemon should
 // use.
 func DefaultDaemonNetworkMode() container.NetworkMode {
-	return container.NetworkMode("bridge")
+	return "bridge"
 }
 
 // IsPreDefinedNetwork indicates if a network is predefined by the daemon
@@ -25,24 +26,16 @@ func IsPreDefinedNetwork(network string) bool {
 // validateNetMode ensures that the various combinations of requested
 // network settings are valid.
 func validateNetMode(c *container.Config, hc *container.HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
-
 	err := validateNetContainerMode(c, hc)
 	if err != nil {
 		return err
 	}
-
 	if hc.UTSMode.IsHost() && c.Hostname != "" {
 		return ErrConflictUTSHostname
 	}
-
 	if hc.NetworkMode.IsHost() && len(hc.Links) > 0 {
 		return ErrConflictHostNetworkAndLinks
 	}
-
 	return nil
 }
 
@@ -50,10 +43,6 @@ func validateNetMode(c *container.Config, hc *container.HostConfig) error {
 // isolation in the hostconfig structure. Linux only supports "default"
 // which is LXC container isolation
 func validateIsolation(hc *container.HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
 	if !hc.Isolation.IsValid() {
 		return fmt.Errorf("Invalid isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS)
 	}
@@ -62,15 +51,9 @@ func validateIsolation(hc *container.HostConfig) error {
 
 // validateQoS performs platform specific validation of the QoS settings
 func validateQoS(hc *container.HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
-
 	if hc.IOMaximumBandwidth != 0 {
 		return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum bandwidth", runtime.GOOS)
 	}
-
 	if hc.IOMaximumIOps != 0 {
 		return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum IOPs", runtime.GOOS)
 	}
@@ -80,19 +63,9 @@ func validateQoS(hc *container.HostConfig) error {
 // validateResources performs platform specific validation of the resource settings
 // cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice
 func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
-
-	if hc.Resources.CPURealtimePeriod > 0 && !si.CPURealtimePeriod {
-		return fmt.Errorf("Your kernel does not support cgroup cpu real-time period")
+	if (hc.Resources.CPURealtimePeriod != 0 || hc.Resources.CPURealtimeRuntime != 0) && !si.CPURealtime {
+		return fmt.Errorf("Your kernel does not support CPU real-time scheduler")
 	}
-
-	if hc.Resources.CPURealtimeRuntime > 0 && !si.CPURealtimeRuntime {
-		return fmt.Errorf("Your kernel does not support cgroup cpu real-time runtime")
-	}
-
 	if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod {
 		return fmt.Errorf("cpu real-time runtime cannot be higher than cpu real-time period")
 	}
@@ -100,11 +73,11 @@ func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
 }
 
 // validatePrivileged performs platform specific validation of the Privileged setting
-func validatePrivileged(hc *container.HostConfig) error {
+func validatePrivileged(_ *container.HostConfig) error {
 	return nil
 }
 
 // validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting
-func validateReadonlyRootfs(hc *container.HostConfig) error {
+func validateReadonlyRootfs(_ *container.HostConfig) error {
 	return nil
 }
diff --git a/runconfig/hostconfig_windows.go b/runconfig/hostconfig_windows.go
index 33a4668af1623..91e27eac5e39e 100644
--- a/runconfig/hostconfig_windows.go
+++ b/runconfig/hostconfig_windows.go
@@ -10,7 +10,7 @@ import (
 // DefaultDaemonNetworkMode returns the default network stack the daemon should
 // use.
 func DefaultDaemonNetworkMode() container.NetworkMode {
-	return container.NetworkMode("nat")
+	return "nat"
 }
 
 // IsPreDefinedNetwork indicates if a network is predefined by the daemon
@@ -21,19 +21,12 @@ func IsPreDefinedNetwork(network string) bool {
 // validateNetMode ensures that the various combinations of requested
 // network settings are valid.
 func validateNetMode(c *container.Config, hc *container.HostConfig) error {
-	if hc == nil {
-		return nil
-	}
-
-	err := validateNetContainerMode(c, hc)
-	if err != nil {
+	if err := validateNetContainerMode(c, hc); err != nil {
 		return err
 	}
-
 	if hc.NetworkMode.IsContainer() && hc.Isolation.IsHyperV() {
 		return fmt.Errorf("Using the network stack of another container is not supported while using Hyper-V Containers")
 	}
-
 	return nil
 }
 
@@ -41,10 +34,6 @@ func validateNetMode(c *container.Config, hc *container.HostConfig) error {
 // isolation in the hostconfig structure. Windows supports 'default' (or
 // blank), 'process', or 'hyperv'.
 func validateIsolation(hc *container.HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
 	if !hc.Isolation.IsValid() {
 		return fmt.Errorf("Invalid isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation)
 	}
@@ -52,16 +41,12 @@ func validateIsolation(hc *container.HostConfig) error {
 }
 
 // validateQoS performs platform specific validation of the Qos settings
-func validateQoS(hc *container.HostConfig) error {
+func validateQoS(_ *container.HostConfig) error {
 	return nil
 }
 
 // validateResources performs platform specific validation of the resource settings
-func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
+func validateResources(hc *container.HostConfig, _ *sysinfo.SysInfo) error {
 	if hc.Resources.CPURealtimePeriod != 0 {
 		return fmt.Errorf("Windows does not support CPU real-time period")
 	}
@@ -73,10 +58,6 @@ func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
 
 // validatePrivileged performs platform specific validation of the Privileged setting
 func validatePrivileged(hc *container.HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
 	if hc.Privileged {
 		return fmt.Errorf("Windows does not support privileged mode")
 	}
@@ -85,10 +66,6 @@ func validatePrivileged(hc *container.HostConfig) error {
 
 // validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting
 func validateReadonlyRootfs(hc *container.HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
 	if hc.ReadonlyRootfs {
 		return fmt.Errorf("Windows does not support root filesystem in read-only mode")
 	}
diff --git a/runconfig/hostconfig_windows_test.go b/runconfig/hostconfig_windows_test.go
index d7a480f313f52..ccfe939ca8841 100644
--- a/runconfig/hostconfig_windows_test.go
+++ b/runconfig/hostconfig_windows_test.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package runconfig // import "github.com/docker/docker/runconfig"
diff --git a/testutil/daemon/config.go b/testutil/daemon/config.go
new file mode 100644
index 0000000000000..1bf182ae28908
--- /dev/null
+++ b/testutil/daemon/config.go
@@ -0,0 +1,72 @@
+package daemon
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"gotest.tools/v3/assert"
+)
+
+// ConfigConstructor defines a swarm config constructor
+type ConfigConstructor func(*swarm.Config)
+
+// CreateConfig creates a config given the specified spec
+func (d *Daemon) CreateConfig(t testing.TB, configSpec swarm.ConfigSpec) string {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	scr, err := cli.ConfigCreate(context.Background(), configSpec)
+	assert.NilError(t, err)
+	return scr.ID
+}
+
+// ListConfigs returns the list of the current swarm configs
+func (d *Daemon) ListConfigs(t testing.TB) []swarm.Config {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	configs, err := cli.ConfigList(context.Background(), types.ConfigListOptions{})
+	assert.NilError(t, err)
+	return configs
+}
+
+// GetConfig returns a swarm config identified by the specified id
+func (d *Daemon) GetConfig(t testing.TB, id string) *swarm.Config {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	config, _, err := cli.ConfigInspectWithRaw(context.Background(), id)
+	assert.NilError(t, err)
+	return &config
+}
+
+// DeleteConfig removes the swarm config identified by the specified id
+func (d *Daemon) DeleteConfig(t testing.TB, id string) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	err := cli.ConfigRemove(context.Background(), id)
+	assert.NilError(t, err)
+}
+
+// UpdateConfig updates the swarm config identified by the specified id
+// Currently, only label update is supported.
+func (d *Daemon) UpdateConfig(t testing.TB, id string, f ...ConfigConstructor) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	config := d.GetConfig(t, id)
+	for _, fn := range f {
+		fn(config)
+	}
+
+	err := cli.ConfigUpdate(context.Background(), config.ID, config.Version, config.Spec)
+	assert.NilError(t, err)
+}
diff --git a/testutil/daemon/container.go b/testutil/daemon/container.go
new file mode 100644
index 0000000000000..8e88e7b202b82
--- /dev/null
+++ b/testutil/daemon/container.go
@@ -0,0 +1,36 @@
+package daemon
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"gotest.tools/v3/assert"
+)
+
+// ActiveContainers returns the list of ids of the currently running containers
+func (d *Daemon) ActiveContainers(t testing.TB) []string {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{})
+	assert.NilError(t, err)
+
+	ids := make([]string, len(containers))
+	for i, c := range containers {
+		ids[i] = c.ID
+	}
+	return ids
+}
+
+// FindContainerIP returns the ip of the specified container
+func (d *Daemon) FindContainerIP(t testing.TB, id string) string {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	i, err := cli.ContainerInspect(context.Background(), id)
+	assert.NilError(t, err)
+	return i.NetworkSettings.IPAddress
+}
diff --git a/testutil/daemon/daemon.go b/testutil/daemon/daemon.go
new file mode 100644
index 0000000000000..56998ab4c98d9
--- /dev/null
+++ b/testutil/daemon/daemon.go
@@ -0,0 +1,868 @@
+package daemon // import "github.com/docker/docker/testutil/daemon"
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"os"
+	"os/exec"
+	"os/user"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/testutil/request"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
+)
+
+// LogT is the subset of the testing.TB interface used by the daemon.
+type LogT interface {
+	Logf(string, ...interface{})
+}
+
+// nopLog is a no-op implementation of LogT that is used in daemons created by
+// NewDaemon (where no testing.TB is available).
+type nopLog struct{}
+
+func (nopLog) Logf(string, ...interface{}) {}
+
+const (
+	defaultDockerdBinary         = "dockerd"
+	defaultContainerdSocket      = "/var/run/docker/containerd/containerd.sock"
+	defaultDockerdRootlessBinary = "dockerd-rootless.sh"
+	defaultUnixSocket            = "/var/run/docker.sock"
+	defaultTLSHost               = "localhost:2376"
+)
+
+var errDaemonNotStarted = errors.New("daemon not started")
+
+// SockRoot holds the path of the default docker integration daemon socket
+var SockRoot = filepath.Join(os.TempDir(), "docker-integration")
+
+type clientConfig struct {
+	transport *http.Transport
+	scheme    string
+	addr      string
+}
+
+// Daemon represents a Docker daemon for the testing framework
+type Daemon struct {
+	Root              string
+	Folder            string
+	Wait              chan error
+	UseDefaultHost    bool
+	UseDefaultTLSHost bool
+
+	id                         string
+	logFile                    *os.File
+	cmd                        *exec.Cmd
+	storageDriver              string
+	userlandProxy              bool
+	defaultCgroupNamespaceMode string
+	execRoot                   string
+	experimental               bool
+	init                       bool
+	dockerdBinary              string
+	log                        LogT
+	pidFile                    string
+	args                       []string
+	containerdSocket           string
+	rootlessUser               *user.User
+	rootlessXDGRuntimeDir      string
+
+	// swarm related field
+	swarmListenAddr string
+	SwarmPort       int // FIXME(vdemeester) should probably not be exported
+	DefaultAddrPool []string
+	SubnetSize      uint32
+	DataPathPort    uint32
+	OOMScoreAdjust  int
+	// cached information
+	CachedInfo types.Info
+}
+
+// NewDaemon returns a Daemon instance to be used for testing.
+// The daemon will not automatically start.
+// The daemon will modify and create files under workingDir.
+func NewDaemon(workingDir string, ops ...Option) (*Daemon, error) {
+	storageDriver := os.Getenv("DOCKER_GRAPHDRIVER")
+
+	if err := os.MkdirAll(SockRoot, 0700); err != nil {
+		return nil, errors.Wrapf(err, "failed to create daemon socket root %q", SockRoot)
+	}
+
+	id := fmt.Sprintf("d%s", stringid.TruncateID(stringid.GenerateRandomID()))
+	dir := filepath.Join(workingDir, id)
+	daemonFolder, err := filepath.Abs(dir)
+	if err != nil {
+		return nil, err
+	}
+	daemonRoot := filepath.Join(daemonFolder, "root")
+	if err := os.MkdirAll(daemonRoot, 0755); err != nil {
+		return nil, errors.Wrapf(err, "failed to create daemon root %q", daemonRoot)
+	}
+
+	userlandProxy := true
+	if env := os.Getenv("DOCKER_USERLANDPROXY"); env != "" {
+		if val, err := strconv.ParseBool(env); err != nil {
+			userlandProxy = val
+		}
+	}
+	d := &Daemon{
+		id:            id,
+		Folder:        daemonFolder,
+		Root:          daemonRoot,
+		storageDriver: storageDriver,
+		userlandProxy: userlandProxy,
+		// dxr stands for docker-execroot (shortened for avoiding unix(7) path length limitation)
+		execRoot:         filepath.Join(os.TempDir(), "dxr", id),
+		dockerdBinary:    defaultDockerdBinary,
+		swarmListenAddr:  defaultSwarmListenAddr,
+		SwarmPort:        DefaultSwarmPort,
+		log:              nopLog{},
+		containerdSocket: defaultContainerdSocket,
+	}
+
+	for _, op := range ops {
+		op(d)
+	}
+
+	if d.rootlessUser != nil {
+		if err := os.Chmod(SockRoot, 0777); err != nil {
+			return nil, err
+		}
+		uid, err := strconv.Atoi(d.rootlessUser.Uid)
+		if err != nil {
+			return nil, err
+		}
+		gid, err := strconv.Atoi(d.rootlessUser.Gid)
+		if err != nil {
+			return nil, err
+		}
+		if err := os.Chown(d.Folder, uid, gid); err != nil {
+			return nil, err
+		}
+		if err := os.Chown(d.Root, uid, gid); err != nil {
+			return nil, err
+		}
+		if err := os.MkdirAll(filepath.Dir(d.execRoot), 0700); err != nil {
+			return nil, err
+		}
+		if err := os.Chown(filepath.Dir(d.execRoot), uid, gid); err != nil {
+			return nil, err
+		}
+		if err := os.MkdirAll(d.execRoot, 0700); err != nil {
+			return nil, err
+		}
+		if err := os.Chown(d.execRoot, uid, gid); err != nil {
+			return nil, err
+		}
+		d.rootlessXDGRuntimeDir = filepath.Join(d.Folder, "xdgrun")
+		if err := os.MkdirAll(d.rootlessXDGRuntimeDir, 0700); err != nil {
+			return nil, err
+		}
+		if err := os.Chown(d.rootlessXDGRuntimeDir, uid, gid); err != nil {
+			return nil, err
+		}
+		d.containerdSocket = ""
+	}
+
+	return d, nil
+}
+
+// New returns a Daemon instance to be used for testing.
+// This will create a directory such as d123456789 in the folder specified by
+// $DOCKER_INTEGRATION_DAEMON_DEST or $DEST.
+// The daemon will not automatically start.
+func New(t testing.TB, ops ...Option) *Daemon {
+	t.Helper()
+	dest := os.Getenv("DOCKER_INTEGRATION_DAEMON_DEST")
+	if dest == "" {
+		dest = os.Getenv("DEST")
+	}
+	dest = filepath.Join(dest, t.Name())
+
+	assert.Check(t, dest != "", "Please set the DOCKER_INTEGRATION_DAEMON_DEST or the DEST environment variable")
+
+	if os.Getenv("DOCKER_ROOTLESS") != "" {
+		if os.Getenv("DOCKER_REMAP_ROOT") != "" {
+			t.Skip("DOCKER_ROOTLESS doesn't support DOCKER_REMAP_ROOT currently")
+		}
+		if env := os.Getenv("DOCKER_USERLANDPROXY"); env != "" {
+			if val, err := strconv.ParseBool(env); err == nil && !val {
+				t.Skip("DOCKER_ROOTLESS doesn't support DOCKER_USERLANDPROXY=false")
+			}
+		}
+		ops = append(ops, WithRootlessUser("unprivilegeduser"))
+	}
+	ops = append(ops, WithOOMScoreAdjust(-500))
+
+	d, err := NewDaemon(dest, ops...)
+	assert.NilError(t, err, "could not create daemon at %q", dest)
+	if d.rootlessUser != nil && d.dockerdBinary != defaultDockerdBinary {
+		t.Skipf("DOCKER_ROOTLESS doesn't support specifying non-default dockerd binary path %q", d.dockerdBinary)
+	}
+
+	return d
+}
+
+// BinaryPath returns the binary and its arguments.
+func (d *Daemon) BinaryPath() (string, error) {
+	dockerdBinary, err := exec.LookPath(d.dockerdBinary)
+	if err != nil {
+		return "", errors.Wrapf(err, "[%s] could not find docker binary in $PATH", d.id)
+	}
+	return dockerdBinary, nil
+}
+
+// ContainersNamespace returns the containerd namespace used for containers.
+func (d *Daemon) ContainersNamespace() string {
+	return d.id
+}
+
+// RootDir returns the root directory of the daemon.
+func (d *Daemon) RootDir() string {
+	return d.Root
+}
+
+// ID returns the generated id of the daemon
+func (d *Daemon) ID() string {
+	return d.id
+}
+
+// StorageDriver returns the configured storage driver of the daemon
+func (d *Daemon) StorageDriver() string {
+	return d.storageDriver
+}
+
+// Sock returns the socket path of the daemon
+func (d *Daemon) Sock() string {
+	return fmt.Sprintf("unix://" + d.sockPath())
+}
+
+func (d *Daemon) sockPath() string {
+	return filepath.Join(SockRoot, d.id+".sock")
+}
+
+// LogFileName returns the path the daemon's log file
+func (d *Daemon) LogFileName() string {
+	return d.logFile.Name()
+}
+
+// ReadLogFile returns the content of the daemon log file
+func (d *Daemon) ReadLogFile() ([]byte, error) {
+	_ = d.logFile.Sync()
+	return os.ReadFile(d.logFile.Name())
+}
+
+// NewClientT creates new client based on daemon's socket path
+func (d *Daemon) NewClientT(t testing.TB, extraOpts ...client.Opt) *client.Client {
+	t.Helper()
+
+	c, err := d.NewClient(extraOpts...)
+	assert.NilError(t, err, "[%s] could not create daemon client", d.id)
+	return c
+}
+
+// NewClient creates new client based on daemon's socket path
+func (d *Daemon) NewClient(extraOpts ...client.Opt) (*client.Client, error) {
+	clientOpts := []client.Opt{
+		client.FromEnv,
+		client.WithHost(d.Sock()),
+	}
+	clientOpts = append(clientOpts, extraOpts...)
+
+	return client.NewClientWithOpts(clientOpts...)
+}
+
+// Cleanup cleans the daemon files : exec root (network namespaces, ...), swarmkit files
+func (d *Daemon) Cleanup(t testing.TB) {
+	t.Helper()
+	cleanupMount(t, d)
+	cleanupRaftDir(t, d)
+	cleanupDaemonStorage(t, d)
+	cleanupNetworkNamespace(t, d)
+}
+
+// Start starts the daemon and return once it is ready to receive requests.
+func (d *Daemon) Start(t testing.TB, args ...string) {
+	t.Helper()
+	if err := d.StartWithError(args...); err != nil {
+		d.DumpStackAndQuit() // in case the daemon is stuck
+		t.Fatalf("[%s] failed to start daemon with arguments %v : %v", d.id, d.args, err)
+	}
+}
+
+// StartWithError starts the daemon and return once it is ready to receive requests.
+// It returns an error in case it couldn't start.
+func (d *Daemon) StartWithError(args ...string) error {
+	logFile, err := os.OpenFile(filepath.Join(d.Folder, "docker.log"), os.O_RDWR|os.O_CREATE|os.O_APPEND, 0600)
+	if err != nil {
+		return errors.Wrapf(err, "[%s] failed to create logfile", d.id)
+	}
+
+	return d.StartWithLogFile(logFile, args...)
+}
+
+// StartWithLogFile will start the daemon and attach its streams to a given file.
+func (d *Daemon) StartWithLogFile(out *os.File, providedArgs ...string) error {
+	d.handleUserns()
+	dockerdBinary, err := d.BinaryPath()
+	if err != nil {
+		return err
+	}
+
+	if d.pidFile == "" {
+		d.pidFile = filepath.Join(d.Folder, "docker.pid")
+	}
+
+	d.args = []string{}
+	if d.rootlessUser != nil {
+		if d.dockerdBinary != defaultDockerdBinary {
+			return errors.Errorf("[%s] DOCKER_ROOTLESS doesn't support non-default dockerd binary path %q", d.id, d.dockerdBinary)
+		}
+		dockerdBinary = "sudo"
+		d.args = append(d.args,
+			"-u", d.rootlessUser.Username,
+			"-E", "XDG_RUNTIME_DIR="+d.rootlessXDGRuntimeDir,
+			"-E", "HOME="+d.rootlessUser.HomeDir,
+			"-E", "PATH="+os.Getenv("PATH"),
+			"--",
+			defaultDockerdRootlessBinary,
+		)
+	}
+
+	d.args = append(d.args,
+		"--data-root", d.Root,
+		"--exec-root", d.execRoot,
+		"--pidfile", d.pidFile,
+		fmt.Sprintf("--userland-proxy=%t", d.userlandProxy),
+		"--containerd-namespace", d.id,
+		"--containerd-plugins-namespace", d.id+"p",
+	)
+	if d.containerdSocket != "" {
+		d.args = append(d.args, "--containerd", d.containerdSocket)
+	}
+
+	if d.defaultCgroupNamespaceMode != "" {
+		d.args = append(d.args, "--default-cgroupns-mode", d.defaultCgroupNamespaceMode)
+	}
+	if d.experimental {
+		d.args = append(d.args, "--experimental")
+	}
+	if d.init {
+		d.args = append(d.args, "--init")
+	}
+	if !(d.UseDefaultHost || d.UseDefaultTLSHost) {
+		d.args = append(d.args, "--host", d.Sock())
+	}
+	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
+		d.args = append(d.args, "--userns-remap", root)
+	}
+
+	// If we don't explicitly set the log-level or debug flag(-D) then
+	// turn on debug mode
+	foundLog := false
+	foundSd := false
+	for _, a := range providedArgs {
+		if strings.Contains(a, "--log-level") || strings.Contains(a, "-D") || strings.Contains(a, "--debug") {
+			foundLog = true
+		}
+		if strings.Contains(a, "--storage-driver") {
+			foundSd = true
+		}
+	}
+	if !foundLog {
+		d.args = append(d.args, "--debug")
+	}
+	if d.storageDriver != "" && !foundSd {
+		d.args = append(d.args, "--storage-driver", d.storageDriver)
+	}
+
+	d.args = append(d.args, providedArgs...)
+	d.cmd = exec.Command(dockerdBinary, d.args...)
+	d.cmd.Env = append(os.Environ(), "DOCKER_SERVICE_PREFER_OFFLINE_IMAGE=1")
+	d.cmd.Stdout = out
+	d.cmd.Stderr = out
+	d.logFile = out
+	if d.rootlessUser != nil {
+		// sudo requires this for propagating signals
+		setsid(d.cmd)
+	}
+
+	if err := d.cmd.Start(); err != nil {
+		return errors.Wrapf(err, "[%s] could not start daemon container", d.id)
+	}
+
+	wait := make(chan error, 1)
+
+	go func() {
+		ret := d.cmd.Wait()
+		d.log.Logf("[%s] exiting daemon", d.id)
+		// If we send before logging, we might accidentally log _after_ the test is done.
+		// As of Go 1.12, this incurs a panic instead of silently being dropped.
+		wait <- ret
+		close(wait)
+	}()
+
+	d.Wait = wait
+
+	clientConfig, err := d.getClientConfig()
+	if err != nil {
+		return err
+	}
+	client := &http.Client{
+		Transport: clientConfig.transport,
+	}
+
+	req, err := http.NewRequest(http.MethodGet, "/_ping", nil)
+	if err != nil {
+		return errors.Wrapf(err, "[%s] could not create new request", d.id)
+	}
+	req.URL.Host = clientConfig.addr
+	req.URL.Scheme = clientConfig.scheme
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+
+	// make sure daemon is ready to receive requests
+	for i := 0; ; i++ {
+		d.log.Logf("[%s] waiting for daemon to start", d.id)
+
+		select {
+		case <-ctx.Done():
+			return errors.Wrapf(ctx.Err(), "[%s] daemon exited and never started", d.id)
+		case err := <-d.Wait:
+			return errors.Wrapf(err, "[%s] daemon exited during startup", d.id)
+		default:
+			rctx, rcancel := context.WithTimeout(context.TODO(), 2*time.Second)
+			defer rcancel()
+
+			resp, err := client.Do(req.WithContext(rctx))
+			if err != nil {
+				if i > 2 { // don't log the first couple, this ends up just being noise
+					d.log.Logf("[%s] error pinging daemon on start: %v", d.id, err)
+				}
+
+				select {
+				case <-ctx.Done():
+				case <-time.After(500 * time.Millisecond):
+				}
+				continue
+			}
+
+			resp.Body.Close()
+			if resp.StatusCode != http.StatusOK {
+				d.log.Logf("[%s] received status != 200 OK: %s\n", d.id, resp.Status)
+			}
+			d.log.Logf("[%s] daemon started\n", d.id)
+			d.Root, err = d.queryRootDir()
+			if err != nil {
+				return errors.Wrapf(err, "[%s] error querying daemon for root directory", d.id)
+			}
+			return nil
+		}
+	}
+}
+
+// StartWithBusybox will first start the daemon with Daemon.Start()
+// then save the busybox image from the main daemon and load it into this Daemon instance.
+func (d *Daemon) StartWithBusybox(t testing.TB, arg ...string) {
+	t.Helper()
+	d.Start(t, arg...)
+	d.LoadBusybox(t)
+}
+
+// Kill will send a SIGKILL to the daemon
+func (d *Daemon) Kill() error {
+	if d.cmd == nil || d.Wait == nil {
+		return errDaemonNotStarted
+	}
+
+	defer func() {
+		d.logFile.Close()
+		d.cmd = nil
+	}()
+
+	if err := d.cmd.Process.Kill(); err != nil {
+		return err
+	}
+
+	if d.pidFile != "" {
+		_ = os.Remove(d.pidFile)
+	}
+	return nil
+}
+
+// Pid returns the pid of the daemon
+func (d *Daemon) Pid() int {
+	return d.cmd.Process.Pid
+}
+
+// Interrupt stops the daemon by sending it an Interrupt signal
+func (d *Daemon) Interrupt() error {
+	return d.Signal(os.Interrupt)
+}
+
+// Signal sends the specified signal to the daemon if running
+func (d *Daemon) Signal(signal os.Signal) error {
+	if d.cmd == nil || d.Wait == nil {
+		return errDaemonNotStarted
+	}
+	return d.cmd.Process.Signal(signal)
+}
+
+// DumpStackAndQuit sends SIGQUIT to the daemon, which triggers it to dump its
+// stack to its log file and exit
+// This is used primarily for gathering debug information on test timeout
+func (d *Daemon) DumpStackAndQuit() {
+	if d.cmd == nil || d.cmd.Process == nil {
+		return
+	}
+	SignalDaemonDump(d.cmd.Process.Pid)
+}
+
+// Stop will send a SIGINT every second and wait for the daemon to stop.
+// If it times out, a SIGKILL is sent.
+// Stop will not delete the daemon directory. If a purged daemon is needed,
+// instantiate a new one with NewDaemon.
+// If an error occurs while starting the daemon, the test will fail.
+func (d *Daemon) Stop(t testing.TB) {
+	t.Helper()
+	err := d.StopWithError()
+	if err != nil {
+		if err != errDaemonNotStarted {
+			t.Fatalf("[%s] error while stopping the daemon: %v", d.id, err)
+		} else {
+			t.Logf("[%s] daemon is not started", d.id)
+		}
+	}
+}
+
+// StopWithError will send a SIGINT every second and wait for the daemon to stop.
+// If it timeouts, a SIGKILL is sent.
+// Stop will not delete the daemon directory. If a purged daemon is needed,
+// instantiate a new one with NewDaemon.
+func (d *Daemon) StopWithError() (err error) {
+	if d.cmd == nil || d.Wait == nil {
+		return errDaemonNotStarted
+	}
+	defer func() {
+		if err != nil {
+			d.log.Logf("[%s] error while stopping daemon: %v", d.id, err)
+		} else {
+			d.log.Logf("[%s] daemon stopped", d.id)
+			if d.pidFile != "" {
+				_ = os.Remove(d.pidFile)
+			}
+		}
+		if err := d.logFile.Close(); err != nil {
+			d.log.Logf("[%s] failed to close daemon logfile: %v", d.id, err)
+		}
+		d.cmd = nil
+	}()
+
+	i := 1
+	ticker := time.NewTicker(time.Second)
+	defer ticker.Stop()
+	tick := ticker.C
+
+	d.log.Logf("[%s] stopping daemon", d.id)
+
+	if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
+		if strings.Contains(err.Error(), "os: process already finished") {
+			return errDaemonNotStarted
+		}
+		return errors.Wrapf(err, "[%s] could not send signal", d.id)
+	}
+
+out1:
+	for {
+		select {
+		case err := <-d.Wait:
+			return err
+		case <-time.After(20 * time.Second):
+			// time for stopping jobs and run onShutdown hooks
+			d.log.Logf("[%s] daemon stop timed out after 20 seconds", d.id)
+			break out1
+		}
+	}
+
+out2:
+	for {
+		select {
+		case err := <-d.Wait:
+			return err
+		case <-tick:
+			i++
+			if i > 5 {
+				d.log.Logf("[%s] tried to interrupt daemon for %d times, now try to kill it", d.id, i)
+				break out2
+			}
+			d.log.Logf("[%d] attempt #%d/5: daemon is still running with pid %d", i, d.cmd.Process.Pid)
+			if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
+				return errors.Wrapf(err, "[%s] attempt #%d/5 could not send signal", d.id, i)
+			}
+		}
+	}
+
+	if err := d.cmd.Process.Kill(); err != nil {
+		d.log.Logf("[%s] failed to kill daemon: %v", d.id, err)
+		return err
+	}
+
+	return nil
+}
+
+// Restart will restart the daemon by first stopping it and the starting it.
+// If an error occurs while starting the daemon, the test will fail.
+func (d *Daemon) Restart(t testing.TB, args ...string) {
+	t.Helper()
+	d.Stop(t)
+	d.Start(t, args...)
+}
+
+// RestartWithError will restart the daemon by first stopping it and then starting it.
+func (d *Daemon) RestartWithError(arg ...string) error {
+	if err := d.StopWithError(); err != nil {
+		return err
+	}
+	return d.StartWithError(arg...)
+}
+
+func (d *Daemon) handleUserns() {
+	// in the case of tests running a user namespace-enabled daemon, we have resolved
+	// d.Root to be the actual final path of the graph dir after the "uid.gid" of
+	// remapped root is added--we need to subtract it from the path before calling
+	// start or else we will continue making subdirectories rather than truly restarting
+	// with the same location/root:
+	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
+		d.Root = filepath.Dir(d.Root)
+	}
+}
+
+// ReloadConfig asks the daemon to reload its configuration
+func (d *Daemon) ReloadConfig() error {
+	if d.cmd == nil || d.cmd.Process == nil {
+		return errors.New("daemon is not running")
+	}
+
+	errCh := make(chan error, 1)
+	started := make(chan struct{})
+	go func() {
+		_, body, err := request.Get("/events", request.Host(d.Sock()))
+		close(started)
+		if err != nil {
+			errCh <- err
+			return
+		}
+		defer body.Close()
+		dec := json.NewDecoder(body)
+		for {
+			var e events.Message
+			if err := dec.Decode(&e); err != nil {
+				errCh <- err
+				return
+			}
+			if e.Type != events.DaemonEventType {
+				continue
+			}
+			if e.Action != "reload" {
+				continue
+			}
+			close(errCh) // notify that we are done
+			return
+		}
+	}()
+
+	<-started
+	if err := signalDaemonReload(d.cmd.Process.Pid); err != nil {
+		return errors.Wrapf(err, "[%s] error signaling daemon reload", d.id)
+	}
+	select {
+	case err := <-errCh:
+		if err != nil {
+			return errors.Wrapf(err, "[%s] error waiting for daemon reload event", d.id)
+		}
+	case <-time.After(30 * time.Second):
+		return errors.Errorf("[%s] daemon reload event timed out after 30 seconds", d.id)
+	}
+	return nil
+}
+
+// LoadBusybox image into the daemon
+func (d *Daemon) LoadBusybox(t testing.TB) {
+	t.Helper()
+	clientHost, err := client.NewClientWithOpts(client.FromEnv)
+	assert.NilError(t, err, "[%s] failed to create client", d.id)
+	defer clientHost.Close()
+
+	ctx := context.Background()
+	reader, err := clientHost.ImageSave(ctx, []string{"busybox:latest"})
+	assert.NilError(t, err, "[%s] failed to download busybox", d.id)
+	defer reader.Close()
+
+	c := d.NewClientT(t)
+	defer c.Close()
+
+	resp, err := c.ImageLoad(ctx, reader, true)
+	assert.NilError(t, err, "[%s] failed to load busybox", d.id)
+	defer resp.Body.Close()
+}
+
+func (d *Daemon) getClientConfig() (*clientConfig, error) {
+	var (
+		transport *http.Transport
+		scheme    string
+		addr      string
+		proto     string
+	)
+	if d.UseDefaultTLSHost {
+		option := &tlsconfig.Options{
+			CAFile:   "fixtures/https/ca.pem",
+			CertFile: "fixtures/https/client-cert.pem",
+			KeyFile:  "fixtures/https/client-key.pem",
+		}
+		tlsConfig, err := tlsconfig.Client(*option)
+		if err != nil {
+			return nil, err
+		}
+		transport = &http.Transport{
+			TLSClientConfig: tlsConfig,
+		}
+		addr = defaultTLSHost
+		scheme = "https"
+		proto = "tcp"
+	} else if d.UseDefaultHost {
+		addr = defaultUnixSocket
+		proto = "unix"
+		scheme = "http"
+		transport = &http.Transport{}
+	} else {
+		addr = d.sockPath()
+		proto = "unix"
+		scheme = "http"
+		transport = &http.Transport{}
+	}
+
+	if err := sockets.ConfigureTransport(transport, proto, addr); err != nil {
+		return nil, err
+	}
+	transport.DisableKeepAlives = true
+	if proto == "unix" {
+		addr = filepath.Base(addr)
+	}
+	return &clientConfig{
+		transport: transport,
+		scheme:    scheme,
+		addr:      addr,
+	}, nil
+}
+
+func (d *Daemon) queryRootDir() (string, error) {
+	// update daemon root by asking /info endpoint (to support user
+	// namespaced daemon with root remapped uid.gid directory)
+	clientConfig, err := d.getClientConfig()
+	if err != nil {
+		return "", err
+	}
+
+	c := &http.Client{
+		Transport: clientConfig.transport,
+	}
+
+	req, err := http.NewRequest(http.MethodGet, "/info", nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.URL.Host = clientConfig.addr
+	req.URL.Scheme = clientConfig.scheme
+
+	resp, err := c.Do(req)
+	if err != nil {
+		return "", err
+	}
+	body := ioutils.NewReadCloserWrapper(resp.Body, func() error {
+		return resp.Body.Close()
+	})
+
+	type Info struct {
+		DockerRootDir string
+	}
+	var b []byte
+	var i Info
+	b, err = request.ReadBody(body)
+	if err == nil && resp.StatusCode == http.StatusOK {
+		// read the docker root dir
+		if err = json.Unmarshal(b, &i); err == nil {
+			return i.DockerRootDir, nil
+		}
+	}
+	return "", err
+}
+
+// Info returns the info struct for this daemon
+func (d *Daemon) Info(t testing.TB) types.Info {
+	t.Helper()
+	c := d.NewClientT(t)
+	info, err := c.Info(context.Background())
+	assert.NilError(t, err)
+	assert.NilError(t, c.Close())
+	return info
+}
+
+// cleanupRaftDir removes swarmkit wal files if present
+func cleanupRaftDir(t testing.TB, d *Daemon) {
+	t.Helper()
+	for _, p := range []string{"wal", "wal-v3-encrypted", "snap-v3-encrypted"} {
+		dir := filepath.Join(d.Root, "swarm/raft", p)
+		if err := os.RemoveAll(dir); err != nil {
+			t.Logf("[%s] error removing %v: %v", d.id, dir, err)
+		}
+	}
+}
+
+// cleanupDaemonStorage removes the daemon's storage directory.
+//
+// Note that we don't delete the whole directory, as some files (e.g. daemon
+// logs) are collected for inclusion in the "bundles" that are stored as Jenkins
+// artifacts.
+//
+// We currently do not include container logs in the bundles, so this also
+// removes the "containers" sub-directory.
+func cleanupDaemonStorage(t testing.TB, d *Daemon) {
+	t.Helper()
+	dirs := []string{
+		"builder",
+		"buildkit",
+		"containers",
+		"image",
+		"network",
+		"plugins",
+		"tmp",
+		"trust",
+		"volumes",
+		// note: this assumes storage-driver name matches the subdirectory,
+		// which is currently true, but not guaranteed.
+		d.storageDriver,
+	}
+
+	for _, p := range dirs {
+		dir := filepath.Join(d.Root, p)
+		if err := os.RemoveAll(dir); err != nil {
+			t.Logf("[%s] error removing %v: %v", d.id, dir, err)
+		}
+	}
+}
diff --git a/testutil/daemon/daemon_freebsd.go b/testutil/daemon/daemon_freebsd.go
new file mode 100644
index 0000000000000..0d182d4fb9a76
--- /dev/null
+++ b/testutil/daemon/daemon_freebsd.go
@@ -0,0 +1,18 @@
+//go:build freebsd
+// +build freebsd
+
+package daemon // import "github.com/docker/docker/testutil/daemon"
+
+import (
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+func cleanupNetworkNamespace(_ testing.TB, _ *Daemon) {}
+
+// CgroupNamespace returns the cgroup namespace the daemon is running in
+func (d *Daemon) CgroupNamespace(t testing.TB) string {
+	assert.Assert(t, false, "cgroup namespaces are not supported on FreeBSD")
+	return ""
+}
diff --git a/testutil/daemon/daemon_linux.go b/testutil/daemon/daemon_linux.go
new file mode 100644
index 0000000000000..720c52a4364e8
--- /dev/null
+++ b/testutil/daemon/daemon_linux.go
@@ -0,0 +1,37 @@
+package daemon // import "github.com/docker/docker/testutil/daemon"
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"golang.org/x/sys/unix"
+	"gotest.tools/v3/assert"
+)
+
+func cleanupNetworkNamespace(t testing.TB, d *Daemon) {
+	t.Helper()
+	// Cleanup network namespaces in the exec root of this
+	// daemon because this exec root is specific to this
+	// daemon instance and has no chance of getting
+	// cleaned up when a new daemon is instantiated with a
+	// new exec root.
+	netnsPath := filepath.Join(d.execRoot, "netns")
+	filepath.Walk(netnsPath, func(path string, info os.FileInfo, err error) error {
+		if err := unix.Unmount(path, unix.MNT_DETACH); err != nil && err != unix.EINVAL && err != unix.ENOENT {
+			t.Logf("[%s] unmount of %s failed: %v", d.id, path, err)
+		}
+		os.Remove(path)
+		return nil
+	})
+}
+
+// CgroupNamespace returns the cgroup namespace the daemon is running in
+func (d *Daemon) CgroupNamespace(t testing.TB) string {
+	link, err := os.Readlink(fmt.Sprintf("/proc/%d/ns/cgroup", d.Pid()))
+	assert.NilError(t, err)
+
+	return strings.TrimSpace(link)
+}
diff --git a/testutil/daemon/daemon_unix.go b/testutil/daemon/daemon_unix.go
new file mode 100644
index 0000000000000..5ad7812b04404
--- /dev/null
+++ b/testutil/daemon/daemon_unix.go
@@ -0,0 +1,38 @@
+//go:build !windows
+// +build !windows
+
+package daemon // import "github.com/docker/docker/testutil/daemon"
+
+import (
+	"os/exec"
+	"syscall"
+	"testing"
+
+	"github.com/moby/sys/mount"
+	"golang.org/x/sys/unix"
+)
+
+// cleanupMount unmounts the daemon root directory, or logs a message if
+// unmounting failed.
+func cleanupMount(t testing.TB, d *Daemon) {
+	t.Helper()
+	if err := mount.Unmount(d.Root); err != nil {
+		d.log.Logf("[%s] unable to unmount daemon root (%s): %v", d.id, d.Root, err)
+	}
+}
+
+// SignalDaemonDump sends a signal to the daemon to write a dump file
+func SignalDaemonDump(pid int) {
+	unix.Kill(pid, unix.SIGQUIT)
+}
+
+func signalDaemonReload(pid int) error {
+	return unix.Kill(pid, unix.SIGHUP)
+}
+
+func setsid(cmd *exec.Cmd) {
+	if cmd.SysProcAttr == nil {
+		cmd.SysProcAttr = &syscall.SysProcAttr{}
+	}
+	cmd.SysProcAttr.Setsid = true
+}
diff --git a/testutil/daemon/daemon_windows.go b/testutil/daemon/daemon_windows.go
new file mode 100644
index 0000000000000..be94b5283839e
--- /dev/null
+++ b/testutil/daemon/daemon_windows.go
@@ -0,0 +1,38 @@
+package daemon
+
+import (
+	"fmt"
+	"os/exec"
+	"strconv"
+	"testing"
+
+	"golang.org/x/sys/windows"
+	"gotest.tools/v3/assert"
+)
+
+// SignalDaemonDump sends a signal to the daemon to write a dump file
+func SignalDaemonDump(pid int) {
+	ev, _ := windows.UTF16PtrFromString("Global\\docker-daemon-" + strconv.Itoa(pid))
+	h2, err := windows.OpenEvent(0x0002, false, ev)
+	if h2 == 0 || err != nil {
+		return
+	}
+	windows.PulseEvent(h2)
+}
+
+func signalDaemonReload(pid int) error {
+	return fmt.Errorf("daemon reload not supported")
+}
+
+func cleanupMount(_ testing.TB, _ *Daemon) {}
+
+func cleanupNetworkNamespace(_ testing.TB, _ *Daemon) {}
+
+// CgroupNamespace returns the cgroup namespace the daemon is running in
+func (d *Daemon) CgroupNamespace(t testing.TB) string {
+	assert.Assert(t, false)
+	return "cgroup namespaces are not supported on Windows"
+}
+
+func setsid(cmd *exec.Cmd) {
+}
diff --git a/testutil/daemon/doc.go b/testutil/daemon/doc.go
new file mode 100644
index 0000000000000..add30e3cfb4a4
--- /dev/null
+++ b/testutil/daemon/doc.go
@@ -0,0 +1,2 @@
+// Package daemon launches dockerd for testing purposes.
+package daemon // import "github.com/docker/docker/testutil/daemon"
diff --git a/testutil/daemon/node.go b/testutil/daemon/node.go
new file mode 100644
index 0000000000000..89d0817b0030a
--- /dev/null
+++ b/testutil/daemon/node.go
@@ -0,0 +1,81 @@
+package daemon
+
+import (
+	"context"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"gotest.tools/v3/assert"
+)
+
+// NodeConstructor defines a swarm node constructor
+type NodeConstructor func(*swarm.Node)
+
+// GetNode returns a swarm node identified by the specified id
+func (d *Daemon) GetNode(t testing.TB, id string, errCheck ...func(error) bool) *swarm.Node {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	node, _, err := cli.NodeInspectWithRaw(context.Background(), id)
+	if err != nil {
+		for _, f := range errCheck {
+			if f(err) {
+				return nil
+			}
+		}
+	}
+	assert.NilError(t, err, "[%s] (*Daemon).GetNode: NodeInspectWithRaw(%q) failed", d.id, id)
+	assert.Check(t, node.ID == id)
+	return &node
+}
+
+// RemoveNode removes the specified node
+func (d *Daemon) RemoveNode(t testing.TB, id string, force bool) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	options := types.NodeRemoveOptions{
+		Force: force,
+	}
+	err := cli.NodeRemove(context.Background(), id, options)
+	assert.NilError(t, err)
+}
+
+// UpdateNode updates a swarm node with the specified node constructor
+func (d *Daemon) UpdateNode(t testing.TB, id string, f ...NodeConstructor) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	for i := 0; ; i++ {
+		node := d.GetNode(t, id)
+		for _, fn := range f {
+			fn(node)
+		}
+
+		err := cli.NodeUpdate(context.Background(), node.ID, node.Version, node.Spec)
+		if i < 10 && err != nil && strings.Contains(err.Error(), "update out of sequence") {
+			time.Sleep(100 * time.Millisecond)
+			continue
+		}
+		assert.NilError(t, err)
+		return
+	}
+}
+
+// ListNodes returns the list of the current swarm nodes
+func (d *Daemon) ListNodes(t testing.TB) []swarm.Node {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	nodes, err := cli.NodeList(context.Background(), types.NodeListOptions{})
+	assert.NilError(t, err)
+
+	return nodes
+}
diff --git a/testutil/daemon/ops.go b/testutil/daemon/ops.go
new file mode 100644
index 0000000000000..c977dcef44f76
--- /dev/null
+++ b/testutil/daemon/ops.go
@@ -0,0 +1,124 @@
+package daemon
+
+import (
+	"os/user"
+
+	"github.com/docker/docker/testutil/environment"
+)
+
+// Option is used to configure a daemon.
+type Option func(*Daemon)
+
+// WithContainerdSocket sets the --containerd option on the daemon.
+// Use an empty string to remove the option.
+//
+// If unset the --containerd option will be used with a default value.
+func WithContainerdSocket(socket string) Option {
+	return func(d *Daemon) {
+		d.containerdSocket = socket
+	}
+}
+
+// WithDefaultCgroupNamespaceMode sets the default cgroup namespace mode for the daemon
+func WithDefaultCgroupNamespaceMode(mode string) Option {
+	return func(d *Daemon) {
+		d.defaultCgroupNamespaceMode = mode
+	}
+}
+
+// WithTestLogger causes the daemon to log certain actions to the provided test.
+func WithTestLogger(t LogT) Option {
+	return func(d *Daemon) {
+		d.log = t
+	}
+}
+
+// WithExperimental sets the daemon in experimental mode
+func WithExperimental() Option {
+	return func(d *Daemon) {
+		d.experimental = true
+	}
+}
+
+// WithInit sets the daemon init
+func WithInit() Option {
+	return func(d *Daemon) {
+		d.init = true
+	}
+}
+
+// WithDockerdBinary sets the dockerd binary to the specified one
+func WithDockerdBinary(dockerdBinary string) Option {
+	return func(d *Daemon) {
+		d.dockerdBinary = dockerdBinary
+	}
+}
+
+// WithSwarmPort sets the swarm port to use for swarm mode
+func WithSwarmPort(port int) Option {
+	return func(d *Daemon) {
+		d.SwarmPort = port
+	}
+}
+
+// WithSwarmListenAddr sets the swarm listen addr to use for swarm mode
+func WithSwarmListenAddr(listenAddr string) Option {
+	return func(d *Daemon) {
+		d.swarmListenAddr = listenAddr
+	}
+}
+
+// WithSwarmDefaultAddrPool sets the swarm default address pool to use for swarm mode
+func WithSwarmDefaultAddrPool(defaultAddrPool []string) Option {
+	return func(d *Daemon) {
+		d.DefaultAddrPool = defaultAddrPool
+	}
+}
+
+// WithSwarmDefaultAddrPoolSubnetSize sets the subnet length mask of swarm default address pool to use for swarm mode
+func WithSwarmDefaultAddrPoolSubnetSize(subnetSize uint32) Option {
+	return func(d *Daemon) {
+		d.SubnetSize = subnetSize
+	}
+}
+
+// WithSwarmDataPathPort sets the  swarm datapath port to use for swarm mode
+func WithSwarmDataPathPort(datapathPort uint32) Option {
+	return func(d *Daemon) {
+		d.DataPathPort = datapathPort
+	}
+}
+
+// WithEnvironment sets options from testutil/environment.Execution struct
+func WithEnvironment(e environment.Execution) Option {
+	return func(d *Daemon) {
+		if e.DaemonInfo.ExperimentalBuild {
+			d.experimental = true
+		}
+	}
+}
+
+// WithStorageDriver sets store driver option
+func WithStorageDriver(driver string) Option {
+	return func(d *Daemon) {
+		d.storageDriver = driver
+	}
+}
+
+// WithRootlessUser sets the daemon to be rootless
+func WithRootlessUser(username string) Option {
+	return func(d *Daemon) {
+		u, err := user.Lookup(username)
+		if err != nil {
+			panic(err)
+		}
+		d.rootlessUser = u
+	}
+}
+
+// WithOOMScoreAdjust sets OOM score for the daemon
+func WithOOMScoreAdjust(score int) Option {
+	return func(d *Daemon) {
+		d.OOMScoreAdjust = score
+	}
+}
diff --git a/testutil/daemon/plugin.go b/testutil/daemon/plugin.go
new file mode 100644
index 0000000000000..98aa6063a902a
--- /dev/null
+++ b/testutil/daemon/plugin.go
@@ -0,0 +1,75 @@
+package daemon
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"gotest.tools/v3/poll"
+)
+
+// PluginIsRunning provides a poller to check if the specified plugin is running
+func (d *Daemon) PluginIsRunning(t testing.TB, name string) func(poll.LogT) poll.Result {
+	return withClient(t, d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
+		if plugin.Enabled {
+			return poll.Success()
+		}
+		return poll.Continue("plugin %q is not enabled", name)
+	}))
+}
+
+// PluginIsNotRunning provides a poller to check if the specified plugin is not running
+func (d *Daemon) PluginIsNotRunning(t testing.TB, name string) func(poll.LogT) poll.Result {
+	return withClient(t, d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
+		if !plugin.Enabled {
+			return poll.Success()
+		}
+		return poll.Continue("plugin %q is enabled", name)
+	}))
+}
+
+// PluginIsNotPresent provides a poller to check if the specified plugin is not present
+func (d *Daemon) PluginIsNotPresent(t testing.TB, name string) func(poll.LogT) poll.Result {
+	return withClient(t, d, func(c client.APIClient, t poll.LogT) poll.Result {
+		_, _, err := c.PluginInspectWithRaw(context.Background(), name)
+		if client.IsErrNotFound(err) {
+			return poll.Success()
+		}
+		if err != nil {
+			return poll.Error(err)
+		}
+		return poll.Continue("plugin %q exists", name)
+	})
+}
+
+// PluginReferenceIs provides a poller to check if the specified plugin has the specified reference
+func (d *Daemon) PluginReferenceIs(t testing.TB, name, expectedRef string) func(poll.LogT) poll.Result {
+	return withClient(t, d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
+		if plugin.PluginReference == expectedRef {
+			return poll.Success()
+		}
+		return poll.Continue("plugin %q reference is not %q", name, expectedRef)
+	}))
+}
+
+func withPluginInspect(name string, f func(*types.Plugin, poll.LogT) poll.Result) func(client.APIClient, poll.LogT) poll.Result {
+	return func(c client.APIClient, t poll.LogT) poll.Result {
+		plugin, _, err := c.PluginInspectWithRaw(context.Background(), name)
+		if client.IsErrNotFound(err) {
+			return poll.Continue("plugin %q not found", name)
+		}
+		if err != nil {
+			return poll.Error(err)
+		}
+		return f(plugin, t)
+	}
+
+}
+
+func withClient(t testing.TB, d *Daemon, f func(client.APIClient, poll.LogT) poll.Result) func(poll.LogT) poll.Result {
+	return func(pt poll.LogT) poll.Result {
+		c := d.NewClientT(t)
+		return f(c, pt)
+	}
+}
diff --git a/testutil/daemon/secret.go b/testutil/daemon/secret.go
new file mode 100644
index 0000000000000..099fdf33f1184
--- /dev/null
+++ b/testutil/daemon/secret.go
@@ -0,0 +1,74 @@
+package daemon
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"gotest.tools/v3/assert"
+)
+
+// SecretConstructor defines a swarm secret constructor
+type SecretConstructor func(*swarm.Secret)
+
+// CreateSecret creates a secret given the specified spec
+func (d *Daemon) CreateSecret(t testing.TB, secretSpec swarm.SecretSpec) string {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	scr, err := cli.SecretCreate(context.Background(), secretSpec)
+	assert.NilError(t, err)
+
+	return scr.ID
+}
+
+// ListSecrets returns the list of the current swarm secrets
+func (d *Daemon) ListSecrets(t testing.TB) []swarm.Secret {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	secrets, err := cli.SecretList(context.Background(), types.SecretListOptions{})
+	assert.NilError(t, err)
+	return secrets
+}
+
+// GetSecret returns a swarm secret identified by the specified id
+func (d *Daemon) GetSecret(t testing.TB, id string) *swarm.Secret {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	secret, _, err := cli.SecretInspectWithRaw(context.Background(), id)
+	assert.NilError(t, err)
+	return &secret
+}
+
+// DeleteSecret removes the swarm secret identified by the specified id
+func (d *Daemon) DeleteSecret(t testing.TB, id string) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	err := cli.SecretRemove(context.Background(), id)
+	assert.NilError(t, err)
+}
+
+// UpdateSecret updates the swarm secret identified by the specified id
+// Currently, only label update is supported.
+func (d *Daemon) UpdateSecret(t testing.TB, id string, f ...SecretConstructor) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	secret := d.GetSecret(t, id)
+	for _, fn := range f {
+		fn(secret)
+	}
+
+	err := cli.SecretUpdate(context.Background(), secret.ID, secret.Version, secret.Spec)
+
+	assert.NilError(t, err)
+}
diff --git a/testutil/daemon/service.go b/testutil/daemon/service.go
new file mode 100644
index 0000000000000..0fb49b5f5b395
--- /dev/null
+++ b/testutil/daemon/service.go
@@ -0,0 +1,118 @@
+package daemon
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"gotest.tools/v3/assert"
+)
+
+// ServiceConstructor defines a swarm service constructor function
+type ServiceConstructor func(*swarm.Service)
+
+func (d *Daemon) createServiceWithOptions(t testing.TB, opts types.ServiceCreateOptions, f ...ServiceConstructor) string {
+	t.Helper()
+	var service swarm.Service
+	for _, fn := range f {
+		fn(&service)
+	}
+
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+
+	res, err := cli.ServiceCreate(ctx, service.Spec, opts)
+	assert.NilError(t, err)
+	return res.ID
+}
+
+// CreateService creates a swarm service given the specified service constructor
+func (d *Daemon) CreateService(t testing.TB, f ...ServiceConstructor) string {
+	t.Helper()
+	return d.createServiceWithOptions(t, types.ServiceCreateOptions{}, f...)
+}
+
+// GetService returns the swarm service corresponding to the specified id
+func (d *Daemon) GetService(t testing.TB, id string) *swarm.Service {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	service, _, err := cli.ServiceInspectWithRaw(context.Background(), id, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+	return &service
+}
+
+// GetServiceTasks returns the swarm tasks for the specified service
+func (d *Daemon) GetServiceTasks(t testing.TB, service string, additionalFilters ...filters.KeyValuePair) []swarm.Task {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("desired-state", "running")
+	filterArgs.Add("service", service)
+	for _, filter := range additionalFilters {
+		filterArgs.Add(filter.Key, filter.Value)
+	}
+
+	options := types.TaskListOptions{
+		Filters: filterArgs,
+	}
+
+	tasks, err := cli.TaskList(context.Background(), options)
+	assert.NilError(t, err)
+	return tasks
+}
+
+// UpdateService updates a swarm service with the specified service constructor
+func (d *Daemon) UpdateService(t testing.TB, service *swarm.Service, f ...ServiceConstructor) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	for _, fn := range f {
+		fn(service)
+	}
+
+	_, err := cli.ServiceUpdate(context.Background(), service.ID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+}
+
+// RemoveService removes the specified service
+func (d *Daemon) RemoveService(t testing.TB, id string) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	err := cli.ServiceRemove(context.Background(), id)
+	assert.NilError(t, err)
+}
+
+// ListServices returns the list of the current swarm services
+func (d *Daemon) ListServices(t testing.TB) []swarm.Service {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	services, err := cli.ServiceList(context.Background(), types.ServiceListOptions{})
+	assert.NilError(t, err)
+	return services
+}
+
+// GetTask returns the swarm task identified by the specified id
+func (d *Daemon) GetTask(t testing.TB, id string) swarm.Task {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	task, _, err := cli.TaskInspectWithRaw(context.Background(), id)
+	assert.NilError(t, err)
+	return task
+}
diff --git a/testutil/daemon/swarm.go b/testutil/daemon/swarm.go
new file mode 100644
index 0000000000000..8746a0e8a6fc4
--- /dev/null
+++ b/testutil/daemon/swarm.go
@@ -0,0 +1,201 @@
+package daemon
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
+)
+
+const (
+	// DefaultSwarmPort is the default port use for swarm in the tests
+	DefaultSwarmPort       = 2477
+	defaultSwarmListenAddr = "0.0.0.0"
+)
+
+var (
+	startArgs = []string{"--iptables=false", "--swarm-default-advertise-addr=lo"}
+)
+
+// StartNode (re)starts the daemon
+func (d *Daemon) StartNode(t testing.TB) {
+	t.Helper()
+	d.Start(t, startArgs...)
+}
+
+// StartNodeWithBusybox starts daemon to be used as a swarm node, and loads the busybox image
+func (d *Daemon) StartNodeWithBusybox(t testing.TB) {
+	t.Helper()
+	d.StartWithBusybox(t, startArgs...)
+}
+
+// RestartNode restarts a daemon to be used as a swarm node
+func (d *Daemon) RestartNode(t testing.TB) {
+	t.Helper()
+	// avoid networking conflicts
+	d.Stop(t)
+	d.Start(t, startArgs...)
+}
+
+// StartAndSwarmInit starts the daemon (with busybox) and init the swarm
+func (d *Daemon) StartAndSwarmInit(t testing.TB) {
+	d.StartNodeWithBusybox(t)
+	d.SwarmInit(t, swarm.InitRequest{})
+}
+
+// StartAndSwarmJoin starts the daemon (with busybox) and join the specified swarm as worker or manager
+func (d *Daemon) StartAndSwarmJoin(t testing.TB, leader *Daemon, manager bool) {
+	t.Helper()
+	d.StartNodeWithBusybox(t)
+
+	tokens := leader.JoinTokens(t)
+	token := tokens.Worker
+	if manager {
+		token = tokens.Manager
+	}
+	t.Logf("[%s] joining swarm manager [%s]@%s, swarm listen addr %s", d.id, leader.id, leader.SwarmListenAddr(), d.SwarmListenAddr())
+	d.SwarmJoin(t, swarm.JoinRequest{
+		RemoteAddrs: []string{leader.SwarmListenAddr()},
+		JoinToken:   token,
+	})
+}
+
+// SpecConstructor defines a swarm spec constructor
+type SpecConstructor func(*swarm.Spec)
+
+// SwarmListenAddr returns the listen-addr used for the daemon
+func (d *Daemon) SwarmListenAddr() string {
+	return fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
+}
+
+// NodeID returns the swarm mode node ID
+func (d *Daemon) NodeID() string {
+	return d.CachedInfo.Swarm.NodeID
+}
+
+// SwarmInit initializes a new swarm cluster.
+func (d *Daemon) SwarmInit(t testing.TB, req swarm.InitRequest) {
+	t.Helper()
+	if req.ListenAddr == "" {
+		req.ListenAddr = fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
+	}
+	if req.DefaultAddrPool == nil {
+		req.DefaultAddrPool = d.DefaultAddrPool
+		req.SubnetSize = d.SubnetSize
+	}
+	if d.DataPathPort > 0 {
+		req.DataPathPort = d.DataPathPort
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+	_, err := cli.SwarmInit(context.Background(), req)
+	assert.NilError(t, err, "initializing swarm")
+	d.CachedInfo = d.Info(t)
+}
+
+// SwarmJoin joins a daemon to an existing cluster.
+func (d *Daemon) SwarmJoin(t testing.TB, req swarm.JoinRequest) {
+	t.Helper()
+	if req.ListenAddr == "" {
+		req.ListenAddr = fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+	err := cli.SwarmJoin(context.Background(), req)
+	assert.NilError(t, err, "[%s] joining swarm", d.id)
+	d.CachedInfo = d.Info(t)
+}
+
+// SwarmLeave forces daemon to leave current cluster.
+//
+// The passed in testing.TB is only used to validate that the client was successfully created
+// Some tests rely on error checking the result of the actual unlock, so allow
+// the error to be returned.
+func (d *Daemon) SwarmLeave(t testing.TB, force bool) error {
+	cli := d.NewClientT(t)
+	defer cli.Close()
+	return cli.SwarmLeave(context.Background(), force)
+}
+
+// SwarmInfo returns the swarm information of the daemon
+func (d *Daemon) SwarmInfo(t testing.TB) swarm.Info {
+	t.Helper()
+	cli := d.NewClientT(t)
+	info, err := cli.Info(context.Background())
+	assert.NilError(t, err, "get swarm info")
+	return info.Swarm
+}
+
+// SwarmUnlock tries to unlock a locked swarm
+//
+// The passed in testing.TB is only used to validate that the client was successfully created
+// Some tests rely on error checking the result of the actual unlock, so allow
+// the error to be returned.
+func (d *Daemon) SwarmUnlock(t testing.TB, req swarm.UnlockRequest) error {
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	err := cli.SwarmUnlock(context.Background(), req)
+	if err != nil {
+		err = errors.Wrap(err, "unlocking swarm")
+	}
+	return err
+}
+
+// GetSwarm returns the current swarm object
+func (d *Daemon) GetSwarm(t testing.TB) swarm.Swarm {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	sw, err := cli.SwarmInspect(context.Background())
+	assert.NilError(t, err)
+	return sw
+}
+
+// UpdateSwarm updates the current swarm object with the specified spec constructors
+func (d *Daemon) UpdateSwarm(t testing.TB, f ...SpecConstructor) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	sw := d.GetSwarm(t)
+	for _, fn := range f {
+		fn(&sw.Spec)
+	}
+
+	err := cli.SwarmUpdate(context.Background(), sw.Version, sw.Spec, swarm.UpdateFlags{})
+	assert.NilError(t, err)
+}
+
+// RotateTokens update the swarm to rotate tokens
+func (d *Daemon) RotateTokens(t testing.TB) {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	sw, err := cli.SwarmInspect(context.Background())
+	assert.NilError(t, err)
+
+	flags := swarm.UpdateFlags{
+		RotateManagerToken: true,
+		RotateWorkerToken:  true,
+	}
+
+	err = cli.SwarmUpdate(context.Background(), sw.Version, sw.Spec, flags)
+	assert.NilError(t, err)
+}
+
+// JoinTokens returns the current swarm join tokens
+func (d *Daemon) JoinTokens(t testing.TB) swarm.JoinTokens {
+	t.Helper()
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	sw, err := cli.SwarmInspect(context.Background())
+	assert.NilError(t, err)
+	return sw.JoinTokens
+}
diff --git a/testutil/doc.go b/testutil/doc.go
new file mode 100644
index 0000000000000..1bf03ef3ff274
--- /dev/null
+++ b/testutil/doc.go
@@ -0,0 +1,2 @@
+// Package testutil contains common testing tasks like running dockerd.
+package testutil // import "github.com/docker/docker/testutil"
diff --git a/testutil/environment/clean.go b/testutil/environment/clean.go
new file mode 100644
index 0000000000000..415615e8774e0
--- /dev/null
+++ b/testutil/environment/clean.go
@@ -0,0 +1,185 @@
+package environment // import "github.com/docker/docker/testutil/environment"
+
+import (
+	"context"
+	"regexp"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/client"
+	"gotest.tools/v3/assert"
+)
+
+// Clean the environment, preserving protected objects (images, containers, ...)
+// and removing everything else. It's meant to run after any tests so that they don't
+// depend on each others.
+func (e *Execution) Clean(t testing.TB) {
+	t.Helper()
+	client := e.APIClient()
+
+	platform := e.OSType
+	if (platform != "windows") || (platform == "windows" && e.DaemonInfo.Isolation == "hyperv") {
+		unpauseAllContainers(t, client)
+	}
+	deleteAllContainers(t, client, e.protectedElements.containers)
+	deleteAllImages(t, client, e.protectedElements.images)
+	deleteAllVolumes(t, client, e.protectedElements.volumes)
+	deleteAllNetworks(t, client, platform, e.protectedElements.networks)
+	if platform == "linux" {
+		deleteAllPlugins(t, client, e.protectedElements.plugins)
+	}
+}
+
+func unpauseAllContainers(t testing.TB, client client.ContainerAPIClient) {
+	t.Helper()
+	ctx := context.Background()
+	containers := getPausedContainers(ctx, t, client)
+	if len(containers) > 0 {
+		for _, container := range containers {
+			err := client.ContainerUnpause(ctx, container.ID)
+			assert.Check(t, err, "failed to unpause container %s", container.ID)
+		}
+	}
+}
+
+func getPausedContainers(ctx context.Context, t testing.TB, client client.ContainerAPIClient) []types.Container {
+	t.Helper()
+	filter := filters.NewArgs()
+	filter.Add("status", "paused")
+	containers, err := client.ContainerList(ctx, types.ContainerListOptions{
+		Filters: filter,
+		All:     true,
+	})
+	assert.Check(t, err, "failed to list containers")
+	return containers
+}
+
+var alreadyExists = regexp.MustCompile(`Error response from daemon: removal of container (\w+) is already in progress`)
+
+func deleteAllContainers(t testing.TB, apiclient client.ContainerAPIClient, protectedContainers map[string]struct{}) {
+	t.Helper()
+	ctx := context.Background()
+	containers := getAllContainers(ctx, t, apiclient)
+	if len(containers) == 0 {
+		return
+	}
+
+	for _, container := range containers {
+		if _, ok := protectedContainers[container.ID]; ok {
+			continue
+		}
+		err := apiclient.ContainerRemove(ctx, container.ID, types.ContainerRemoveOptions{
+			Force:         true,
+			RemoveVolumes: true,
+		})
+		if err == nil || client.IsErrNotFound(err) || alreadyExists.MatchString(err.Error()) || isErrNotFoundSwarmClassic(err) {
+			continue
+		}
+		assert.Check(t, err, "failed to remove %s", container.ID)
+	}
+}
+
+func getAllContainers(ctx context.Context, t testing.TB, client client.ContainerAPIClient) []types.Container {
+	t.Helper()
+	containers, err := client.ContainerList(ctx, types.ContainerListOptions{
+		All: true,
+	})
+	assert.Check(t, err, "failed to list containers")
+	return containers
+}
+
+func deleteAllImages(t testing.TB, apiclient client.ImageAPIClient, protectedImages map[string]struct{}) {
+	t.Helper()
+	images, err := apiclient.ImageList(context.Background(), types.ImageListOptions{})
+	assert.Check(t, err, "failed to list images")
+
+	ctx := context.Background()
+	for _, image := range images {
+		tags := tagsFromImageSummary(image)
+		if len(tags) == 0 {
+			removeImage(ctx, t, apiclient, image.ID)
+			continue
+		}
+		for _, tag := range tags {
+			if _, ok := protectedImages[tag]; !ok {
+				removeImage(ctx, t, apiclient, tag)
+			}
+		}
+	}
+}
+
+func removeImage(ctx context.Context, t testing.TB, apiclient client.ImageAPIClient, ref string) {
+	t.Helper()
+	_, err := apiclient.ImageRemove(ctx, ref, types.ImageRemoveOptions{
+		Force: true,
+	})
+	if client.IsErrNotFound(err) {
+		return
+	}
+	assert.Check(t, err, "failed to remove image %s", ref)
+}
+
+func deleteAllVolumes(t testing.TB, c client.VolumeAPIClient, protectedVolumes map[string]struct{}) {
+	t.Helper()
+	volumes, err := c.VolumeList(context.Background(), filters.Args{})
+	assert.Check(t, err, "failed to list volumes")
+
+	for _, v := range volumes.Volumes {
+		if _, ok := protectedVolumes[v.Name]; ok {
+			continue
+		}
+		err := c.VolumeRemove(context.Background(), v.Name, true)
+		// Docker EE may list volumes that no longer exist.
+		if isErrNotFoundSwarmClassic(err) {
+			continue
+		}
+		assert.Check(t, err, "failed to remove volume %s", v.Name)
+	}
+}
+
+func deleteAllNetworks(t testing.TB, c client.NetworkAPIClient, daemonPlatform string, protectedNetworks map[string]struct{}) {
+	t.Helper()
+	networks, err := c.NetworkList(context.Background(), types.NetworkListOptions{})
+	assert.Check(t, err, "failed to list networks")
+
+	for _, n := range networks {
+		if n.Name == "bridge" || n.Name == "none" || n.Name == "host" {
+			continue
+		}
+		if _, ok := protectedNetworks[n.ID]; ok {
+			continue
+		}
+		if daemonPlatform == "windows" && strings.ToLower(n.Name) == "nat" {
+			// nat is a pre-defined network on Windows and cannot be removed
+			continue
+		}
+		err := c.NetworkRemove(context.Background(), n.ID)
+		assert.Check(t, err, "failed to remove network %s", n.ID)
+	}
+}
+
+func deleteAllPlugins(t testing.TB, c client.PluginAPIClient, protectedPlugins map[string]struct{}) {
+	t.Helper()
+	plugins, err := c.PluginList(context.Background(), filters.Args{})
+	// Docker EE does not allow cluster-wide plugin management.
+	if client.IsErrNotImplemented(err) {
+		return
+	}
+	assert.Check(t, err, "failed to list plugins")
+
+	for _, p := range plugins {
+		if _, ok := protectedPlugins[p.Name]; ok {
+			continue
+		}
+		err := c.PluginRemove(context.Background(), p.Name, types.PluginRemoveOptions{Force: true})
+		assert.Check(t, err, "failed to remove plugin %s", p.ID)
+	}
+}
+
+// Swarm classic aggregates node errors and returns a 500 so we need to check
+// the error string instead of just IsErrNotFound().
+func isErrNotFoundSwarmClassic(err error) bool {
+	return err != nil && strings.Contains(strings.ToLower(err.Error()), "no such")
+}
diff --git a/testutil/environment/environment.go b/testutil/environment/environment.go
new file mode 100644
index 0000000000000..8af8ca8d6f1aa
--- /dev/null
+++ b/testutil/environment/environment.go
@@ -0,0 +1,223 @@
+package environment // import "github.com/docker/docker/testutil/environment"
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/testutil/fixtures/load"
+	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
+)
+
+// Execution contains information about the current test execution and daemon
+// under test
+type Execution struct {
+	client            client.APIClient
+	DaemonInfo        types.Info
+	OSType            string
+	PlatformDefaults  PlatformDefaults
+	protectedElements protectedElements
+}
+
+// PlatformDefaults are defaults values for the platform of the daemon under test
+type PlatformDefaults struct {
+	BaseImage            string
+	VolumesConfigPath    string
+	ContainerStoragePath string
+}
+
+// New creates a new Execution struct
+// This is configured using the env client (see client.FromEnv)
+func New() (*Execution, error) {
+	c, err := client.NewClientWithOpts(client.FromEnv)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to create client")
+	}
+	return FromClient(c)
+}
+
+// FromClient creates a new Execution environment from the passed in client
+func FromClient(c *client.Client) (*Execution, error) {
+	info, err := c.Info(context.Background())
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to get info from daemon")
+	}
+
+	osType := getOSType(info)
+
+	return &Execution{
+		client:            c,
+		DaemonInfo:        info,
+		OSType:            osType,
+		PlatformDefaults:  getPlatformDefaults(info, osType),
+		protectedElements: newProtectedElements(),
+	}, nil
+}
+
+func getOSType(info types.Info) string {
+	// Docker EE does not set the OSType so allow the user to override this value.
+	userOsType := os.Getenv("TEST_OSTYPE")
+	if userOsType != "" {
+		return userOsType
+	}
+	return info.OSType
+}
+
+func getPlatformDefaults(info types.Info, osType string) PlatformDefaults {
+	volumesPath := filepath.Join(info.DockerRootDir, "volumes")
+	containersPath := filepath.Join(info.DockerRootDir, "containers")
+
+	switch osType {
+	case "linux":
+		return PlatformDefaults{
+			BaseImage:            "scratch",
+			VolumesConfigPath:    toSlash(volumesPath),
+			ContainerStoragePath: toSlash(containersPath),
+		}
+	case "windows":
+		baseImage := "microsoft/windowsservercore"
+		if overrideBaseImage := os.Getenv("WINDOWS_BASE_IMAGE"); overrideBaseImage != "" {
+			baseImage = overrideBaseImage
+			if overrideBaseImageTag := os.Getenv("WINDOWS_BASE_IMAGE_TAG"); overrideBaseImageTag != "" {
+				baseImage = baseImage + ":" + overrideBaseImageTag
+			}
+		}
+		fmt.Println("INFO: Windows Base image is ", baseImage)
+		return PlatformDefaults{
+			BaseImage:            baseImage,
+			VolumesConfigPath:    filepath.FromSlash(volumesPath),
+			ContainerStoragePath: filepath.FromSlash(containersPath),
+		}
+	default:
+		panic(fmt.Sprintf("unknown OSType for daemon: %s", osType))
+	}
+}
+
+// Make sure in context of daemon, not the local platform. Note we can't
+// use filepath.FromSlash or ToSlash here as they are a no-op on Unix.
+func toSlash(path string) string {
+	return strings.Replace(path, `\`, `/`, -1)
+}
+
+// IsLocalDaemon is true if the daemon under test is on the same
+// host as the test process.
+//
+// Deterministically working out the environment in which CI is running
+// to evaluate whether the daemon is local or remote is not possible through
+// a build tag.
+//
+// For example Windows to Linux CI under Jenkins tests the 64-bit
+// Windows binary build with the daemon build tag, but calls a remote
+// Linux daemon.
+//
+// We can't just say if Windows then assume the daemon is local as at
+// some point, we will be testing the Windows CLI against a Windows daemon.
+//
+// Similarly, it will be perfectly valid to also run CLI tests from
+// a Linux CLI (built with the daemon tag) against a Windows daemon.
+func (e *Execution) IsLocalDaemon() bool {
+	return os.Getenv("DOCKER_REMOTE_DAEMON") == ""
+}
+
+// IsRemoteDaemon is true if the daemon under test is on different host
+// as the test process.
+func (e *Execution) IsRemoteDaemon() bool {
+	return !e.IsLocalDaemon()
+}
+
+// DaemonAPIVersion returns the negotiated daemon api version
+func (e *Execution) DaemonAPIVersion() string {
+	version, err := e.APIClient().ServerVersion(context.TODO())
+	if err != nil {
+		return ""
+	}
+	return version.APIVersion
+}
+
+// Print the execution details to stdout
+// TODO: print everything
+func (e *Execution) Print() {
+	if e.IsLocalDaemon() {
+		fmt.Println("INFO: Testing against a local daemon")
+	} else {
+		fmt.Println("INFO: Testing against a remote daemon")
+	}
+}
+
+// APIClient returns an APIClient connected to the daemon under test
+func (e *Execution) APIClient() client.APIClient {
+	return e.client
+}
+
+// IsUserNamespace returns whether the user namespace remapping is enabled
+func (e *Execution) IsUserNamespace() bool {
+	root := os.Getenv("DOCKER_REMAP_ROOT")
+	return root != ""
+}
+
+// RuntimeIsWindowsContainerd returns whether containerd runtime is used on Windows
+func (e *Execution) RuntimeIsWindowsContainerd() bool {
+	return os.Getenv("DOCKER_WINDOWS_CONTAINERD_RUNTIME") == "1"
+}
+
+// IsRootless returns whether the rootless mode is enabled
+func (e *Execution) IsRootless() bool {
+	return os.Getenv("DOCKER_ROOTLESS") != ""
+}
+
+// IsUserNamespaceInKernel returns whether the kernel supports user namespaces
+func (e *Execution) IsUserNamespaceInKernel() bool {
+	if _, err := os.Stat("/proc/self/uid_map"); os.IsNotExist(err) {
+		/*
+		 * This kernel-provided file only exists if user namespaces are
+		 * supported
+		 */
+		return false
+	}
+
+	// We need extra check on redhat based distributions
+	if f, err := os.Open("/sys/module/user_namespace/parameters/enable"); err == nil {
+		defer f.Close()
+		b := make([]byte, 1)
+		_, _ = f.Read(b)
+		return string(b) != "N"
+	}
+
+	return true
+}
+
+// HasExistingImage checks whether there is an image with the given reference.
+// Note that this is done by filtering and then checking whether there were any
+// results -- so ambiguous references might result in false-positives.
+func (e *Execution) HasExistingImage(t testing.TB, reference string) bool {
+	client := e.APIClient()
+	filter := filters.NewArgs()
+	filter.Add("dangling", "false")
+	filter.Add("reference", reference)
+	imageList, err := client.ImageList(context.Background(), types.ImageListOptions{
+		All:     true,
+		Filters: filter,
+	})
+	assert.NilError(t, err, "failed to list images")
+
+	return len(imageList) > 0
+}
+
+// EnsureFrozenImagesLinux loads frozen test images into the daemon
+// if they aren't already loaded
+func EnsureFrozenImagesLinux(testEnv *Execution) error {
+	if testEnv.OSType == "linux" {
+		err := load.FrozenImagesLinux(testEnv.APIClient(), frozenImages...)
+		if err != nil {
+			return errors.Wrap(err, "error loading frozen images")
+		}
+	}
+	return nil
+}
diff --git a/testutil/environment/protect.go b/testutil/environment/protect.go
new file mode 100644
index 0000000000000..d790106128fbf
--- /dev/null
+++ b/testutil/environment/protect.go
@@ -0,0 +1,222 @@
+package environment
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	dclient "github.com/docker/docker/client"
+	"gotest.tools/v3/assert"
+)
+
+var frozenImages = []string{"busybox:latest", "busybox:glibc", "hello-world:frozen", "debian:bullseye-slim"}
+
+type protectedElements struct {
+	containers map[string]struct{}
+	images     map[string]struct{}
+	networks   map[string]struct{}
+	plugins    map[string]struct{}
+	volumes    map[string]struct{}
+}
+
+func newProtectedElements() protectedElements {
+	return protectedElements{
+		containers: map[string]struct{}{},
+		images:     map[string]struct{}{},
+		networks:   map[string]struct{}{},
+		plugins:    map[string]struct{}{},
+		volumes:    map[string]struct{}{},
+	}
+}
+
+// ProtectAll protects the existing environment (containers, images, networks,
+// volumes, and, on Linux, plugins) from being cleaned up at the end of test
+// runs
+func ProtectAll(t testing.TB, testEnv *Execution) {
+	t.Helper()
+	ProtectContainers(t, testEnv)
+	ProtectImages(t, testEnv)
+	ProtectNetworks(t, testEnv)
+	ProtectVolumes(t, testEnv)
+	if testEnv.OSType == "linux" {
+		ProtectPlugins(t, testEnv)
+	}
+}
+
+// ProtectContainer adds the specified container(s) to be protected in case of
+// clean
+func (e *Execution) ProtectContainer(t testing.TB, containers ...string) {
+	t.Helper()
+	for _, container := range containers {
+		e.protectedElements.containers[container] = struct{}{}
+	}
+}
+
+// ProtectContainers protects existing containers from being cleaned up at the
+// end of test runs
+func ProtectContainers(t testing.TB, testEnv *Execution) {
+	t.Helper()
+	containers := getExistingContainers(t, testEnv)
+	testEnv.ProtectContainer(t, containers...)
+}
+
+func getExistingContainers(t testing.TB, testEnv *Execution) []string {
+	t.Helper()
+	client := testEnv.APIClient()
+	containerList, err := client.ContainerList(context.Background(), types.ContainerListOptions{
+		All: true,
+	})
+	assert.NilError(t, err, "failed to list containers")
+
+	var containers []string
+	for _, container := range containerList {
+		containers = append(containers, container.ID)
+	}
+	return containers
+}
+
+// ProtectImage adds the specified image(s) to be protected in case of clean
+func (e *Execution) ProtectImage(t testing.TB, images ...string) {
+	t.Helper()
+	for _, image := range images {
+		e.protectedElements.images[image] = struct{}{}
+	}
+}
+
+// ProtectImages protects existing images and on linux frozen images from being
+// cleaned up at the end of test runs
+func ProtectImages(t testing.TB, testEnv *Execution) {
+	t.Helper()
+	images := getExistingImages(t, testEnv)
+
+	if testEnv.OSType == "linux" {
+		images = append(images, frozenImages...)
+	}
+	testEnv.ProtectImage(t, images...)
+}
+
+func getExistingImages(t testing.TB, testEnv *Execution) []string {
+	t.Helper()
+	client := testEnv.APIClient()
+	filter := filters.NewArgs()
+	filter.Add("dangling", "false")
+	imageList, err := client.ImageList(context.Background(), types.ImageListOptions{
+		All:     true,
+		Filters: filter,
+	})
+	assert.NilError(t, err, "failed to list images")
+
+	var images []string
+	for _, image := range imageList {
+		images = append(images, tagsFromImageSummary(image)...)
+	}
+	return images
+}
+
+func tagsFromImageSummary(image types.ImageSummary) []string {
+	var result []string
+	for _, tag := range image.RepoTags {
+		if tag != "<none>:<none>" {
+			result = append(result, tag)
+		}
+	}
+	for _, digest := range image.RepoDigests {
+		if digest != "<none>@<none>" {
+			result = append(result, digest)
+		}
+	}
+	return result
+}
+
+// ProtectNetwork adds the specified network(s) to be protected in case of
+// clean
+func (e *Execution) ProtectNetwork(t testing.TB, networks ...string) {
+	t.Helper()
+	for _, network := range networks {
+		e.protectedElements.networks[network] = struct{}{}
+	}
+}
+
+// ProtectNetworks protects existing networks from being cleaned up at the end
+// of test runs
+func ProtectNetworks(t testing.TB, testEnv *Execution) {
+	t.Helper()
+	networks := getExistingNetworks(t, testEnv)
+	testEnv.ProtectNetwork(t, networks...)
+}
+
+func getExistingNetworks(t testing.TB, testEnv *Execution) []string {
+	t.Helper()
+	client := testEnv.APIClient()
+	networkList, err := client.NetworkList(context.Background(), types.NetworkListOptions{})
+	assert.NilError(t, err, "failed to list networks")
+
+	var networks []string
+	for _, network := range networkList {
+		networks = append(networks, network.ID)
+	}
+	return networks
+}
+
+// ProtectPlugin adds the specified plugin(s) to be protected in case of clean
+func (e *Execution) ProtectPlugin(t testing.TB, plugins ...string) {
+	t.Helper()
+	for _, plugin := range plugins {
+		e.protectedElements.plugins[plugin] = struct{}{}
+	}
+}
+
+// ProtectPlugins protects existing plugins from being cleaned up at the end of
+// test runs
+func ProtectPlugins(t testing.TB, testEnv *Execution) {
+	t.Helper()
+	plugins := getExistingPlugins(t, testEnv)
+	testEnv.ProtectPlugin(t, plugins...)
+}
+
+func getExistingPlugins(t testing.TB, testEnv *Execution) []string {
+	t.Helper()
+	client := testEnv.APIClient()
+	pluginList, err := client.PluginList(context.Background(), filters.Args{})
+	// Docker EE does not allow cluster-wide plugin management.
+	if dclient.IsErrNotImplemented(err) {
+		return []string{}
+	}
+	assert.NilError(t, err, "failed to list plugins")
+
+	var plugins []string
+	for _, plugin := range pluginList {
+		plugins = append(plugins, plugin.Name)
+	}
+	return plugins
+}
+
+// ProtectVolume adds the specified volume(s) to be protected in case of clean
+func (e *Execution) ProtectVolume(t testing.TB, volumes ...string) {
+	t.Helper()
+	for _, volume := range volumes {
+		e.protectedElements.volumes[volume] = struct{}{}
+	}
+}
+
+// ProtectVolumes protects existing volumes from being cleaned up at the end of
+// test runs
+func ProtectVolumes(t testing.TB, testEnv *Execution) {
+	t.Helper()
+	volumes := getExistingVolumes(t, testEnv)
+	testEnv.ProtectVolume(t, volumes...)
+}
+
+func getExistingVolumes(t testing.TB, testEnv *Execution) []string {
+	t.Helper()
+	client := testEnv.APIClient()
+	volumeList, err := client.VolumeList(context.Background(), filters.Args{})
+	assert.NilError(t, err, "failed to list volumes")
+
+	var volumes []string
+	for _, volume := range volumeList.Volumes {
+		volumes = append(volumes, volume.Name)
+	}
+	return volumes
+}
diff --git a/testutil/fakecontext/context.go b/testutil/fakecontext/context.go
new file mode 100644
index 0000000000000..7ab37cfe0ab55
--- /dev/null
+++ b/testutil/fakecontext/context.go
@@ -0,0 +1,121 @@
+package fakecontext // import "github.com/docker/docker/testutil/fakecontext"
+
+import (
+	"bytes"
+	"io"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/pkg/archive"
+)
+
+// New creates a fake build context
+func New(t testing.TB, dir string, modifiers ...func(*Fake) error) *Fake {
+	t.Helper()
+	fakeContext := &Fake{Dir: dir}
+	if dir == "" {
+		if err := newDir(fakeContext); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	for _, modifier := range modifiers {
+		if err := modifier(fakeContext); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	return fakeContext
+}
+
+func newDir(fake *Fake) error {
+	tmp, err := os.MkdirTemp("", "fake-context")
+	if err != nil {
+		return err
+	}
+	if err := os.Chmod(tmp, 0755); err != nil {
+		return err
+	}
+	fake.Dir = tmp
+	return nil
+}
+
+// WithFile adds the specified file (with content) in the build context
+func WithFile(name, content string) func(*Fake) error {
+	return func(ctx *Fake) error {
+		return ctx.Add(name, content)
+	}
+}
+
+// WithDockerfile adds the specified content as Dockerfile in the build context
+func WithDockerfile(content string) func(*Fake) error {
+	return WithFile("Dockerfile", content)
+}
+
+// WithFiles adds the specified files in the build context, content is a string
+func WithFiles(files map[string]string) func(*Fake) error {
+	return func(fakeContext *Fake) error {
+		for file, content := range files {
+			if err := fakeContext.Add(file, content); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
+
+// WithBinaryFiles adds the specified files in the build context, content is binary
+func WithBinaryFiles(files map[string]*bytes.Buffer) func(*Fake) error {
+	return func(fakeContext *Fake) error {
+		for file, content := range files {
+			if err := fakeContext.Add(file, content.String()); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
+
+// Fake creates directories that can be used as a build context
+type Fake struct {
+	Dir string
+}
+
+// Add a file at a path, creating directories where necessary
+func (f *Fake) Add(file, content string) error {
+	return f.addFile(file, []byte(content))
+}
+
+func (f *Fake) addFile(file string, content []byte) error {
+	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
+	dirpath := filepath.Dir(fp)
+	if dirpath != "." {
+		if err := os.MkdirAll(dirpath, 0755); err != nil {
+			return err
+		}
+	}
+	return os.WriteFile(fp, content, 0644)
+
+}
+
+// Delete a file at a path
+func (f *Fake) Delete(file string) error {
+	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
+	return os.RemoveAll(fp)
+}
+
+// Close deletes the context
+func (f *Fake) Close() error {
+	return os.RemoveAll(f.Dir)
+}
+
+// AsTarReader returns a ReadCloser with the contents of Dir as a tar archive.
+func (f *Fake) AsTarReader(t testing.TB) io.ReadCloser {
+	t.Helper()
+	reader, err := archive.TarWithOptions(f.Dir, &archive.TarOptions{})
+	if err != nil {
+		t.Fatalf("Failed to create tar from %s: %s", f.Dir, err)
+	}
+	return reader
+}
diff --git a/internal/test/fakegit/fakegit.go b/testutil/fakegit/fakegit.go
similarity index 80%
rename from internal/test/fakegit/fakegit.go
rename to testutil/fakegit/fakegit.go
index 605d1baaa8337..33594dc8a870a 100644
--- a/internal/test/fakegit/fakegit.go
+++ b/testutil/fakegit/fakegit.go
@@ -1,36 +1,18 @@
-package fakegit // import "github.com/docker/docker/internal/test/fakegit"
+package fakegit // import "github.com/docker/docker/testutil/fakegit"
 
 import (
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"os/exec"
 	"path/filepath"
+	"testing"
 
-	"github.com/docker/docker/internal/test"
-	"github.com/docker/docker/internal/test/fakecontext"
-	"github.com/docker/docker/internal/test/fakestorage"
-	"gotest.tools/assert"
+	"github.com/docker/docker/testutil/fakecontext"
+	"github.com/docker/docker/testutil/fakestorage"
 )
 
-type testingT interface {
-	assert.TestingT
-	logT
-	skipT
-	Fatal(args ...interface{})
-	Fatalf(string, ...interface{})
-}
-
-type logT interface {
-	Logf(string, ...interface{})
-}
-
-type skipT interface {
-	Skip(reason string)
-}
-
 type gitServer interface {
 	URL() string
 	Close() error
@@ -63,10 +45,8 @@ func (g *FakeGit) Close() {
 }
 
 // New create a fake git server that can be used for git related tests
-func New(c testingT, name string, files map[string]string, enforceLocalServer bool) *FakeGit {
-	if ht, ok := c.(test.HelperT); ok {
-		ht.Helper()
-	}
+func New(c testing.TB, name string, files map[string]string, enforceLocalServer bool) *FakeGit {
+	c.Helper()
 	ctx := fakecontext.New(c, "", fakecontext.WithFiles(files))
 	defer ctx.Close()
 	curdir, err := os.Getwd()
@@ -95,7 +75,7 @@ func New(c testingT, name string, files map[string]string, enforceLocalServer bo
 		c.Fatalf("error trying to commit to repo: %s (%s)", err, output)
 	}
 
-	root, err := ioutil.TempDir("", "docker-test-git-repo")
+	root, err := os.MkdirTemp("", "docker-test-git-repo")
 	if err != nil {
 		c.Fatal(err)
 	}
diff --git a/internal/test/fakestorage/fixtures.go b/testutil/fakestorage/fixtures.go
similarity index 84%
rename from internal/test/fakestorage/fixtures.go
rename to testutil/fakestorage/fixtures.go
index ad8f76314338a..e11bee3b2815d 100644
--- a/internal/test/fakestorage/fixtures.go
+++ b/testutil/fakestorage/fixtures.go
@@ -1,26 +1,23 @@
-package fakestorage // import "github.com/docker/docker/internal/test/fakestorage"
+package fakestorage // import "github.com/docker/docker/testutil/fakestorage"
 
 import (
 	"context"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"sync"
+	"testing"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/internal/test"
 	"github.com/docker/docker/pkg/archive"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 var ensureHTTPServerOnce sync.Once
 
-func ensureHTTPServerImage(t testingT) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
+func ensureHTTPServerImage(t testing.TB) {
+	t.Helper()
 	var doIt bool
 	ensureHTTPServerOnce.Do(func() {
 		doIt = true
@@ -32,7 +29,7 @@ func ensureHTTPServerImage(t testingT) {
 
 	defer testEnv.ProtectImage(t, "httpserver:latest")
 
-	tmp, err := ioutil.TempDir("", "docker-http-server-test")
+	tmp, err := os.MkdirTemp("", "docker-http-server-test")
 	if err != nil {
 		t.Fatalf("could not build http server: %v", err)
 	}
@@ -87,6 +84,6 @@ func ensureHTTPServerImage(t testingT) {
 		Tags:        []string{"httpserver"},
 	})
 	assert.NilError(t, err)
-	_, err = io.Copy(ioutil.Discard, resp.Body)
+	_, err = io.Copy(io.Discard, resp.Body)
 	assert.NilError(t, err)
 }
diff --git a/testutil/fakestorage/storage.go b/testutil/fakestorage/storage.go
new file mode 100644
index 0000000000000..8bcf1d8863258
--- /dev/null
+++ b/testutil/fakestorage/storage.go
@@ -0,0 +1,181 @@
+package fakestorage // import "github.com/docker/docker/testutil/fakestorage"
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/testutil"
+	"github.com/docker/docker/testutil/environment"
+	"github.com/docker/docker/testutil/fakecontext"
+	"github.com/docker/docker/testutil/request"
+	"github.com/docker/go-connections/nat"
+	"gotest.tools/v3/assert"
+)
+
+var testEnv *environment.Execution
+
+// Fake is a static file server. It might be running locally or remotely
+// on test host.
+type Fake interface {
+	Close() error
+	URL() string
+	CtxDir() string
+}
+
+// SetTestEnvironment sets a static test environment
+// TODO: decouple this package from environment
+func SetTestEnvironment(env *environment.Execution) {
+	testEnv = env
+}
+
+// New returns a static file server that will be use as build context.
+func New(t testing.TB, dir string, modifiers ...func(*fakecontext.Fake) error) Fake {
+	t.Helper()
+	if testEnv == nil {
+		t.Fatal("fakstorage package requires SetTestEnvironment() to be called before use.")
+	}
+	ctx := fakecontext.New(t, dir, modifiers...)
+	switch {
+	case testEnv.IsRemoteDaemon() && strings.HasPrefix(request.DaemonHost(), "unix:///"):
+		t.Skip("e2e run : daemon is remote but docker host points to a unix socket")
+	case testEnv.IsLocalDaemon():
+		return newLocalFakeStorage(ctx)
+	default:
+		return newRemoteFileServer(t, ctx, testEnv.APIClient())
+	}
+	return nil
+}
+
+// localFileStorage is a file storage on the running machine
+type localFileStorage struct {
+	*fakecontext.Fake
+	*httptest.Server
+}
+
+func (s *localFileStorage) URL() string {
+	return s.Server.URL
+}
+
+func (s *localFileStorage) CtxDir() string {
+	return s.Fake.Dir
+}
+
+func (s *localFileStorage) Close() error {
+	defer s.Server.Close()
+	return s.Fake.Close()
+}
+
+func newLocalFakeStorage(ctx *fakecontext.Fake) *localFileStorage {
+	handler := http.FileServer(http.Dir(ctx.Dir))
+	server := httptest.NewServer(handler)
+	return &localFileStorage{
+		Fake:   ctx,
+		Server: server,
+	}
+}
+
+// remoteFileServer is a containerized static file server started on the remote
+// testing machine to be used in URL-accepting docker build functionality.
+type remoteFileServer struct {
+	host      string // hostname/port web server is listening to on docker host e.g. 0.0.0.0:43712
+	container string
+	image     string
+	client    client.APIClient
+	ctx       *fakecontext.Fake
+}
+
+func (f *remoteFileServer) URL() string {
+	u := url.URL{
+		Scheme: "http",
+		Host:   f.host}
+	return u.String()
+}
+
+func (f *remoteFileServer) CtxDir() string {
+	return f.ctx.Dir
+}
+
+func (f *remoteFileServer) Close() error {
+	defer func() {
+		if f.ctx != nil {
+			f.ctx.Close()
+		}
+		if f.image != "" {
+			if _, err := f.client.ImageRemove(context.Background(), f.image, types.ImageRemoveOptions{
+				Force: true,
+			}); err != nil {
+				fmt.Fprintf(os.Stderr, "Error closing remote file server : %v\n", err)
+			}
+		}
+		if err := f.client.Close(); err != nil {
+			fmt.Fprintf(os.Stderr, "Error closing remote file server : %v\n", err)
+		}
+	}()
+	if f.container == "" {
+		return nil
+	}
+	return f.client.ContainerRemove(context.Background(), f.container, types.ContainerRemoveOptions{
+		Force:         true,
+		RemoveVolumes: true,
+	})
+}
+
+func newRemoteFileServer(t testing.TB, ctx *fakecontext.Fake, c client.APIClient) *remoteFileServer {
+	var (
+		image     = fmt.Sprintf("fileserver-img-%s", strings.ToLower(testutil.GenerateRandomAlphaOnlyString(10)))
+		container = fmt.Sprintf("fileserver-cnt-%s", strings.ToLower(testutil.GenerateRandomAlphaOnlyString(10)))
+	)
+
+	ensureHTTPServerImage(t)
+
+	// Build the image
+	if err := ctx.Add("Dockerfile", `FROM httpserver
+COPY . /static`); err != nil {
+		t.Fatal(err)
+	}
+	resp, err := c.ImageBuild(context.Background(), ctx.AsTarReader(t), types.ImageBuildOptions{
+		NoCache: true,
+		Tags:    []string{image},
+	})
+	assert.NilError(t, err)
+	_, err = io.Copy(io.Discard, resp.Body)
+	assert.NilError(t, err)
+
+	// Start the container
+	b, err := c.ContainerCreate(context.Background(), &containertypes.Config{
+		Image: image,
+	}, &containertypes.HostConfig{}, nil, nil, container)
+	assert.NilError(t, err)
+	err = c.ContainerStart(context.Background(), b.ID, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	// Find out the system assigned port
+	i, err := c.ContainerInspect(context.Background(), b.ID)
+	assert.NilError(t, err)
+	newP, err := nat.NewPort("tcp", "80")
+	assert.NilError(t, err)
+	ports, exists := i.NetworkSettings.Ports[newP]
+	if !exists || len(ports) != 1 {
+		t.Fatalf("unable to find port 80/tcp for %s", container)
+	}
+	host := ports[0].HostIP
+	port := ports[0].HostPort
+
+	return &remoteFileServer{
+		container: container,
+		image:     image,
+		host:      fmt.Sprintf("%s:%s", host, port),
+		ctx:       ctx,
+		client:    c,
+	}
+}
diff --git a/internal/test/fixtures/load/frozen.go b/testutil/fixtures/load/frozen.go
similarity index 97%
rename from internal/test/fixtures/load/frozen.go
rename to testutil/fixtures/load/frozen.go
index 94f3680f954d3..6ea591b4f224c 100644
--- a/internal/test/fixtures/load/frozen.go
+++ b/testutil/fixtures/load/frozen.go
@@ -1,4 +1,4 @@
-package load // import "github.com/docker/docker/internal/test/fixtures/load"
+package load // import "github.com/docker/docker/testutil/fixtures/load"
 
 import (
 	"bufio"
@@ -13,7 +13,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
 	"github.com/pkg/errors"
 )
 
diff --git a/internal/test/fixtures/plugin/basic/basic.go b/testutil/fixtures/plugin/basic/basic.go
similarity index 100%
rename from internal/test/fixtures/plugin/basic/basic.go
rename to testutil/fixtures/plugin/basic/basic.go
diff --git a/testutil/fixtures/plugin/plugin.go b/testutil/fixtures/plugin/plugin.go
new file mode 100644
index 0000000000000..81ebc41b645ff
--- /dev/null
+++ b/testutil/fixtures/plugin/plugin.go
@@ -0,0 +1,229 @@
+package plugin // import "github.com/docker/docker/testutil/fixtures/plugin"
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/plugin"
+	"github.com/docker/docker/registry"
+	"github.com/pkg/errors"
+)
+
+// CreateOpt is passed used to change the default plugin config before
+// creating it
+type CreateOpt func(*Config)
+
+// Config wraps types.PluginConfig to provide some extra state for options
+// extra customizations on the plugin details, such as using a custom binary to
+// create the plugin with.
+type Config struct {
+	*types.PluginConfig
+	binPath        string
+	RegistryConfig registry.ServiceOptions
+}
+
+// WithInsecureRegistry specifies that the given registry can skip host-key checking as well as fall back to plain http
+func WithInsecureRegistry(url string) CreateOpt {
+	return func(cfg *Config) {
+		cfg.RegistryConfig.InsecureRegistries = append(cfg.RegistryConfig.InsecureRegistries, url)
+	}
+}
+
+// WithBinary is a CreateOpt to set an custom binary to create the plugin with.
+// This binary must be statically compiled.
+func WithBinary(bin string) CreateOpt {
+	return func(cfg *Config) {
+		cfg.binPath = bin
+	}
+}
+
+// CreateClient is the interface used for `BuildPlugin` to interact with the
+// daemon.
+type CreateClient interface {
+	PluginCreate(context.Context, io.Reader, types.PluginCreateOptions) error
+}
+
+// Create creates a new plugin with the specified name
+func Create(ctx context.Context, c CreateClient, name string, opts ...CreateOpt) error {
+	tmpDir, err := os.MkdirTemp("", "create-test-plugin")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	tar, err := makePluginBundle(tmpDir, opts...)
+	if err != nil {
+		return err
+	}
+	defer tar.Close()
+
+	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+
+	return c.PluginCreate(ctx, tar, types.PluginCreateOptions{RepoName: name})
+}
+
+// CreateInRegistry makes a plugin (locally) and pushes it to a registry.
+// This does not use a dockerd instance to create or push the plugin.
+// If you just want to create a plugin in some daemon, use `Create`.
+//
+// This can be useful when testing plugins on swarm where you don't really want
+// the plugin to exist on any of the daemons (immediately) and there needs to be
+// some way to distribute the plugin.
+func CreateInRegistry(ctx context.Context, repo string, auth *types.AuthConfig, opts ...CreateOpt) error {
+	tmpDir, err := os.MkdirTemp("", "create-test-plugin-local")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	inPath := filepath.Join(tmpDir, "plugin")
+	if err := os.MkdirAll(inPath, 0755); err != nil {
+		return errors.Wrap(err, "error creating plugin root")
+	}
+
+	var cfg Config
+	cfg.PluginConfig = &types.PluginConfig{}
+	for _, o := range opts {
+		o(&cfg)
+	}
+
+	tar, err := makePluginBundle(inPath, opts...)
+	if err != nil {
+		return err
+	}
+	defer tar.Close()
+
+	dummyExec := func(m *plugin.Manager) (plugin.Executor, error) {
+		return nil, nil
+	}
+
+	regService, err := registry.NewService(cfg.RegistryConfig)
+	if err != nil {
+		return err
+	}
+
+	managerConfig := plugin.ManagerConfig{
+		Store:           plugin.NewStore(),
+		RegistryService: regService,
+		Root:            filepath.Join(tmpDir, "root"),
+		ExecRoot:        "/run/docker", // manager init fails if not set
+		CreateExecutor:  dummyExec,
+		LogPluginEvent:  func(id, name, action string) {}, // panics when not set
+	}
+	manager, err := plugin.NewManager(managerConfig)
+	if err != nil {
+		return errors.Wrap(err, "error creating plugin manager")
+	}
+
+	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+	if err := manager.CreateFromContext(ctx, tar, &types.PluginCreateOptions{RepoName: repo}); err != nil {
+		return err
+	}
+
+	if auth == nil {
+		auth = &types.AuthConfig{}
+	}
+	err = manager.Push(ctx, repo, nil, auth, io.Discard)
+	return errors.Wrap(err, "error pushing plugin")
+}
+
+func makePluginBundle(inPath string, opts ...CreateOpt) (io.ReadCloser, error) {
+	p := &types.PluginConfig{
+		Interface: types.PluginConfigInterface{
+			Socket: "basic.sock",
+			Types:  []types.PluginInterfaceType{{Capability: "docker.dummy/1.0"}},
+		},
+		Entrypoint: []string{"/basic"},
+	}
+	cfg := &Config{
+		PluginConfig: p,
+	}
+	for _, o := range opts {
+		o(cfg)
+	}
+	if cfg.binPath == "" {
+		binPath, err := ensureBasicPluginBin()
+		if err != nil {
+			return nil, err
+		}
+		cfg.binPath = binPath
+	}
+
+	configJSON, err := json.Marshal(p)
+	if err != nil {
+		return nil, err
+	}
+	if err := os.WriteFile(filepath.Join(inPath, "config.json"), configJSON, 0644); err != nil {
+		return nil, err
+	}
+	if err := os.MkdirAll(filepath.Join(inPath, "rootfs", filepath.Dir(p.Entrypoint[0])), 0755); err != nil {
+		return nil, errors.Wrap(err, "error creating plugin rootfs dir")
+	}
+
+	// Ensure the mount target paths exist
+	for _, m := range p.Mounts {
+		var stat os.FileInfo
+		if m.Source != nil {
+			stat, err = os.Stat(*m.Source)
+			if err != nil && !os.IsNotExist(err) {
+				return nil, err
+			}
+		}
+
+		if stat == nil || stat.IsDir() {
+			var mode os.FileMode = 0755
+			if stat != nil {
+				mode = stat.Mode()
+			}
+			if err := os.MkdirAll(filepath.Join(inPath, "rootfs", m.Destination), mode); err != nil {
+				return nil, errors.Wrap(err, "error preparing plugin mount destination path")
+			}
+		} else {
+			if err := os.MkdirAll(filepath.Join(inPath, "rootfs", filepath.Dir(m.Destination)), 0755); err != nil {
+				return nil, errors.Wrap(err, "error preparing plugin mount destination dir")
+			}
+			f, err := os.Create(filepath.Join(inPath, "rootfs", m.Destination))
+			if err != nil && !os.IsExist(err) {
+				return nil, errors.Wrap(err, "error preparing plugin mount destination file")
+			}
+			if f != nil {
+				f.Close()
+			}
+		}
+	}
+	if err := archive.NewDefaultArchiver().CopyFileWithTar(cfg.binPath, filepath.Join(inPath, "rootfs", p.Entrypoint[0])); err != nil {
+		return nil, errors.Wrap(err, "error copying plugin binary to rootfs path")
+	}
+	tar, err := archive.Tar(inPath, archive.Uncompressed)
+	return tar, errors.Wrap(err, "error making plugin archive")
+}
+
+func ensureBasicPluginBin() (string, error) {
+	name := "docker-basic-plugin"
+	p, err := exec.LookPath(name)
+	if err == nil {
+		return p, nil
+	}
+
+	goBin, err := exec.LookPath("go")
+	if err != nil {
+		return "", err
+	}
+	installPath := filepath.Join(os.Getenv("GOPATH"), "bin", name)
+	sourcePath := filepath.Join("github.com", "docker", "docker", "testutil", "fixtures", "plugin", "basic")
+	cmd := exec.Command(goBin, "build", "-o", installPath, sourcePath)
+	cmd.Env = append(os.Environ(), "CGO_ENABLED=0", "GO111MODULE=off")
+	if out, err := cmd.CombinedOutput(); err != nil {
+		return "", errors.Wrapf(err, "error building basic plugin bin: %s", string(out))
+	}
+	return installPath, nil
+}
diff --git a/testutil/helper.go b/testutil/helper.go
new file mode 100644
index 0000000000000..a8a70e4dfbbfa
--- /dev/null
+++ b/testutil/helper.go
@@ -0,0 +1,6 @@
+package testutil
+
+// HelperT is a subset of testing.T that implements the Helper function
+type HelperT interface {
+	Helper()
+}
diff --git a/testutil/helpers.go b/testutil/helpers.go
new file mode 100644
index 0000000000000..e522b5a9a4ecc
--- /dev/null
+++ b/testutil/helpers.go
@@ -0,0 +1,17 @@
+package testutil // import "github.com/docker/docker/testutil"
+
+import (
+	"io"
+)
+
+// DevZero acts like /dev/zero but in an OS-independent fashion.
+var DevZero io.Reader = devZero{}
+
+type devZero struct{}
+
+func (d devZero) Read(p []byte) (n int, err error) {
+	for i := range p {
+		p[i] = 0
+	}
+	return len(p), nil
+}
diff --git a/testutil/registry/ops.go b/testutil/registry/ops.go
new file mode 100644
index 0000000000000..7357d5f5098ae
--- /dev/null
+++ b/testutil/registry/ops.go
@@ -0,0 +1,42 @@
+package registry
+
+import "io"
+
+// Schema1 sets the registry to serve v1 api
+func Schema1(c *Config) {
+	c.schema1 = true
+}
+
+// Htpasswd sets the auth method with htpasswd
+func Htpasswd(c *Config) {
+	c.auth = "htpasswd"
+}
+
+// Token sets the auth method to token, with the specified token url
+func Token(tokenURL string) func(*Config) {
+	return func(c *Config) {
+		c.auth = "token"
+		c.tokenURL = tokenURL
+	}
+}
+
+// URL sets the registry url
+func URL(registryURL string) func(*Config) {
+	return func(c *Config) {
+		c.registryURL = registryURL
+	}
+}
+
+// WithStdout sets the stdout of the registry command to the passed in writer.
+func WithStdout(w io.Writer) func(c *Config) {
+	return func(c *Config) {
+		c.stdout = w
+	}
+}
+
+// WithStderr sets the stdout of the registry command to the passed in writer.
+func WithStderr(w io.Writer) func(c *Config) {
+	return func(c *Config) {
+		c.stderr = w
+	}
+}
diff --git a/testutil/registry/registry.go b/testutil/registry/registry.go
new file mode 100644
index 0000000000000..5de61620c06f8
--- /dev/null
+++ b/testutil/registry/registry.go
@@ -0,0 +1,239 @@
+package registry // import "github.com/docker/docker/testutil/registry"
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/v3/assert"
+)
+
+const (
+	// V2binary is the name of the registry v2 binary
+	V2binary = "registry-v2"
+	// V2binarySchema1 is the name of the registry that serve schema1
+	V2binarySchema1 = "registry-v2-schema1"
+	// DefaultURL is the default url that will be used by the registry (if not specified otherwise)
+	DefaultURL = "127.0.0.1:5000"
+)
+
+// V2 represent a registry version 2
+type V2 struct {
+	cmd         *exec.Cmd
+	registryURL string
+	dir         string
+	auth        string
+	username    string
+	password    string
+	email       string
+}
+
+// Config contains the test registry configuration
+type Config struct {
+	schema1     bool
+	auth        string
+	tokenURL    string
+	registryURL string
+	stdout      io.Writer
+	stderr      io.Writer
+}
+
+// NewV2 creates a v2 registry server
+func NewV2(t testing.TB, ops ...func(*Config)) *V2 {
+	t.Helper()
+	c := &Config{
+		registryURL: DefaultURL,
+	}
+	for _, op := range ops {
+		op(c)
+	}
+	tmp, err := os.MkdirTemp("", "registry-test-")
+	assert.NilError(t, err)
+	template := `version: 0.1
+loglevel: debug
+storage:
+    filesystem:
+        rootdirectory: %s
+http:
+    addr: %s
+%s`
+	var (
+		authTemplate string
+		username     string
+		password     string
+		email        string
+	)
+	switch c.auth {
+	case "htpasswd":
+		htpasswdPath := filepath.Join(tmp, "htpasswd")
+		// generated with: htpasswd -Bbn testuser testpassword
+		// #nosec G101
+		userpasswd := "testuser:$2y$05$sBsSqk0OpSD1uTZkHXc4FeJ0Z70wLQdAX/82UiHuQOKbNbBrzs63m"
+		username = "testuser"
+		password = "testpassword"
+		email = "test@test.org"
+		err := os.WriteFile(htpasswdPath, []byte(userpasswd), os.FileMode(0644))
+		assert.NilError(t, err)
+		authTemplate = fmt.Sprintf(`auth:
+    htpasswd:
+        realm: basic-realm
+        path: %s
+`, htpasswdPath)
+	case "token":
+		authTemplate = fmt.Sprintf(`auth:
+    token:
+        realm: %s
+        service: "registry"
+        issuer: "auth-registry"
+        rootcertbundle: "fixtures/registry/cert.pem"
+`, c.tokenURL)
+	}
+
+	confPath := filepath.Join(tmp, "config.yaml")
+	config, err := os.Create(confPath)
+	assert.NilError(t, err)
+	defer config.Close()
+
+	if _, err := fmt.Fprintf(config, template, tmp, c.registryURL, authTemplate); err != nil {
+		// FIXME(vdemeester) use a defer/clean func
+		os.RemoveAll(tmp)
+		t.Fatal(err)
+	}
+
+	binary := V2binary
+	if c.schema1 {
+		binary = V2binarySchema1
+	}
+	cmd := exec.Command(binary, confPath)
+	cmd.Stdout = c.stdout
+	cmd.Stderr = c.stderr
+	if err := cmd.Start(); err != nil {
+		// FIXME(vdemeester) use a defer/clean func
+		os.RemoveAll(tmp)
+		t.Fatal(err)
+	}
+	return &V2{
+		cmd:         cmd,
+		dir:         tmp,
+		auth:        c.auth,
+		username:    username,
+		password:    password,
+		email:       email,
+		registryURL: c.registryURL,
+	}
+}
+
+// WaitReady waits for the registry to be ready to serve requests (or fail after a while)
+func (r *V2) WaitReady(t testing.TB) {
+	t.Helper()
+	var err error
+	for i := 0; i != 50; i++ {
+		if err = r.Ping(); err == nil {
+			return
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+	t.Fatalf("timeout waiting for test registry to become available: %v", err)
+}
+
+// Ping sends an http request to the current registry, and fail if it doesn't respond correctly
+func (r *V2) Ping() error {
+	// We always ping through HTTP for our test registry.
+	resp, err := http.Get(fmt.Sprintf("http://%s/v2/", r.registryURL))
+	if err != nil {
+		return err
+	}
+	resp.Body.Close()
+
+	fail := resp.StatusCode != http.StatusOK
+	if r.auth != "" {
+		// unauthorized is a _good_ status when pinging v2/ and it needs auth
+		fail = fail && resp.StatusCode != http.StatusUnauthorized
+	}
+	if fail {
+		return fmt.Errorf("registry ping replied with an unexpected status code %d", resp.StatusCode)
+	}
+	return nil
+}
+
+// Close kills the registry server
+func (r *V2) Close() {
+	r.cmd.Process.Kill()
+	r.cmd.Process.Wait()
+	os.RemoveAll(r.dir)
+}
+
+func (r *V2) getBlobFilename(blobDigest digest.Digest) string {
+	// Split the digest into its algorithm and hex components.
+	dgstAlg, dgstHex := blobDigest.Algorithm(), blobDigest.Hex()
+
+	// The path to the target blob data looks something like:
+	//   baseDir + "docker/registry/v2/blobs/sha256/a3/a3ed...46d4/data"
+	return fmt.Sprintf("%s/docker/registry/v2/blobs/%s/%s/%s/data", r.dir, dgstAlg, dgstHex[:2], dgstHex)
+}
+
+// ReadBlobContents read the file corresponding to the specified digest
+func (r *V2) ReadBlobContents(t testing.TB, blobDigest digest.Digest) []byte {
+	t.Helper()
+	// Load the target manifest blob.
+	manifestBlob, err := os.ReadFile(r.getBlobFilename(blobDigest))
+	assert.NilError(t, err, "unable to read blob")
+	return manifestBlob
+}
+
+// WriteBlobContents write the file corresponding to the specified digest with the given content
+func (r *V2) WriteBlobContents(t testing.TB, blobDigest digest.Digest, data []byte) {
+	t.Helper()
+	err := os.WriteFile(r.getBlobFilename(blobDigest), data, os.FileMode(0644))
+	assert.NilError(t, err, "unable to write malicious data blob")
+}
+
+// TempMoveBlobData moves the existing data file aside, so that we can replace it with a
+// malicious blob of data for example.
+func (r *V2) TempMoveBlobData(t testing.TB, blobDigest digest.Digest) (undo func()) {
+	t.Helper()
+	tempFile, err := os.CreateTemp("", "registry-temp-blob-")
+	assert.NilError(t, err, "unable to get temporary blob file")
+	tempFile.Close()
+
+	blobFilename := r.getBlobFilename(blobDigest)
+
+	// Move the existing data file aside, so that we can replace it with a
+	// another blob of data.
+	if err := os.Rename(blobFilename, tempFile.Name()); err != nil {
+		// FIXME(vdemeester) use a defer/clean func
+		os.Remove(tempFile.Name())
+		t.Fatalf("unable to move data blob: %s", err)
+	}
+
+	return func() {
+		os.Rename(tempFile.Name(), blobFilename)
+		os.Remove(tempFile.Name())
+	}
+}
+
+// Username returns the configured user name of the server
+func (r *V2) Username() string {
+	return r.username
+}
+
+// Password returns the configured password of the server
+func (r *V2) Password() string {
+	return r.password
+}
+
+// Email returns the configured email of the server
+func (r *V2) Email() string {
+	return r.email
+}
+
+// Path returns the path where the registry write data
+func (r *V2) Path() string {
+	return filepath.Join(r.dir, "docker", "registry", "v2")
+}
diff --git a/internal/test/registry/registry_mock.go b/testutil/registry/registry_mock.go
similarity index 85%
rename from internal/test/registry/registry_mock.go
rename to testutil/registry/registry_mock.go
index d139401a62036..540cef5d41e28 100644
--- a/internal/test/registry/registry_mock.go
+++ b/testutil/registry/registry_mock.go
@@ -1,4 +1,4 @@
-package registry // import "github.com/docker/docker/internal/test/registry"
+package registry // import "github.com/docker/docker/testutil/registry"
 
 import (
 	"net/http"
@@ -6,8 +6,7 @@ import (
 	"regexp"
 	"strings"
 	"sync"
-
-	"github.com/docker/docker/internal/test"
+	"testing"
 )
 
 type handlerFunc func(w http.ResponseWriter, r *http.Request)
@@ -28,10 +27,8 @@ func (tr *Mock) RegisterHandler(path string, h handlerFunc) {
 }
 
 // NewMock creates a registry mock
-func NewMock(t testingT) (*Mock, error) {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
+func NewMock(t testing.TB) (*Mock, error) {
+	t.Helper()
 	testReg := &Mock{handlers: make(map[string]handlerFunc)}
 
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/internal/test/request/npipe.go b/testutil/request/npipe.go
similarity index 90%
rename from internal/test/request/npipe.go
rename to testutil/request/npipe.go
index e6ab03945e2bb..e827ad6b80060 100644
--- a/internal/test/request/npipe.go
+++ b/testutil/request/npipe.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package request
diff --git a/internal/test/request/npipe_windows.go b/testutil/request/npipe_windows.go
similarity index 80%
rename from internal/test/request/npipe_windows.go
rename to testutil/request/npipe_windows.go
index a268aac922f0d..9741ae64c6534 100644
--- a/internal/test/request/npipe_windows.go
+++ b/testutil/request/npipe_windows.go
@@ -4,7 +4,7 @@ import (
 	"net"
 	"time"
 
-	"github.com/Microsoft/go-winio"
+	winio "github.com/Microsoft/go-winio"
 )
 
 func npipeDial(path string, timeout time.Duration) (net.Conn, error) {
diff --git a/testutil/request/ops.go b/testutil/request/ops.go
new file mode 100644
index 0000000000000..be4e502ccb6bd
--- /dev/null
+++ b/testutil/request/ops.go
@@ -0,0 +1,77 @@
+package request
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"net/http"
+	"strings"
+)
+
+// Options defines request options, like request modifiers and which host to target
+type Options struct {
+	host             string
+	requestModifiers []func(*http.Request) error
+}
+
+// Host creates a modifier that sets the specified host as the request URL host
+func Host(host string) func(*Options) {
+	return func(o *Options) {
+		o.host = host
+	}
+}
+
+// With adds a request modifier to the options
+func With(f func(*http.Request) error) func(*Options) {
+	return func(o *Options) {
+		o.requestModifiers = append(o.requestModifiers, f)
+	}
+}
+
+// Method creates a modifier that sets the specified string as the request method
+func Method(method string) func(*Options) {
+	return With(func(req *http.Request) error {
+		req.Method = method
+		return nil
+	})
+}
+
+// RawString sets the specified string as body for the request
+func RawString(content string) func(*Options) {
+	return RawContent(io.NopCloser(strings.NewReader(content)))
+}
+
+// RawContent sets the specified reader as body for the request
+func RawContent(reader io.ReadCloser) func(*Options) {
+	return With(func(req *http.Request) error {
+		req.Body = reader
+		return nil
+	})
+}
+
+// ContentType sets the specified Content-Type request header
+func ContentType(contentType string) func(*Options) {
+	return With(func(req *http.Request) error {
+		req.Header.Set("Content-Type", contentType)
+		return nil
+	})
+}
+
+// JSON sets the Content-Type request header to json
+func JSON(o *Options) {
+	ContentType("application/json")(o)
+}
+
+// JSONBody creates a modifier that encodes the specified data to a JSON string and set it as request body. It also sets
+// the Content-Type header of the request.
+func JSONBody(data interface{}) func(*Options) {
+	return With(func(req *http.Request) error {
+		jsonData := bytes.NewBuffer(nil)
+		if err := json.NewEncoder(jsonData).Encode(data); err != nil {
+			return err
+		}
+		req.Body = io.NopCloser(jsonData)
+		req.Header.Set("Content-Type", "application/json")
+		return nil
+	})
+}
diff --git a/internal/test/request/request.go b/testutil/request/request.go
similarity index 85%
rename from internal/test/request/request.go
rename to testutil/request/request.go
index 1986d370f152f..d5f559c666370 100644
--- a/internal/test/request/request.go
+++ b/testutil/request/request.go
@@ -1,45 +1,39 @@
-package request // import "github.com/docker/docker/internal/test/request"
+package request // import "github.com/docker/docker/testutil/request"
 
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"path/filepath"
+	"testing"
 	"time"
 
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/internal/test"
-	"github.com/docker/docker/internal/test/environment"
-	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/testutil/environment"
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 // NewAPIClient returns a docker API client configured from environment variables
-func NewAPIClient(t assert.TestingT, ops ...func(*client.Client) error) client.APIClient {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
-	ops = append([]func(*client.Client) error{client.FromEnv}, ops...)
+func NewAPIClient(t testing.TB, ops ...client.Opt) client.APIClient {
+	t.Helper()
+	ops = append([]client.Opt{client.FromEnv}, ops...)
 	clt, err := client.NewClientWithOpts(ops...)
 	assert.NilError(t, err)
 	return clt
 }
 
 // DaemonTime provides the current time on the daemon host
-func DaemonTime(ctx context.Context, t assert.TestingT, client client.APIClient, testEnv *environment.Execution) time.Time {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
+func DaemonTime(ctx context.Context, t testing.TB, client client.APIClient, testEnv *environment.Execution) time.Time {
+	t.Helper()
 	if testEnv.IsLocalDaemon() {
 		return time.Now()
 	}
@@ -54,10 +48,8 @@ func DaemonTime(ctx context.Context, t assert.TestingT, client client.APIClient,
 
 // DaemonUnixTime returns the current time on the daemon host with nanoseconds precision.
 // It return the time formatted how the client sends timestamps to the server.
-func DaemonUnixTime(ctx context.Context, t assert.TestingT, client client.APIClient, testEnv *environment.Execution) string {
-	if ht, ok := t.(test.HelperT); ok {
-		ht.Helper()
-	}
+func DaemonUnixTime(ctx context.Context, t testing.TB, client client.APIClient, testEnv *environment.Execution) string {
+	t.Helper()
 	dt := DaemonTime(ctx, t, client, testEnv)
 	return fmt.Sprintf("%d.%09d", dt.Unix(), int64(dt.Nanosecond()))
 }
@@ -77,6 +69,11 @@ func Get(endpoint string, modifiers ...func(*Options)) (*http.Response, io.ReadC
 	return Do(endpoint, modifiers...)
 }
 
+// Head creates and execute a HEAD request on the specified host and endpoint, with the specified request modifiers
+func Head(endpoint string, modifiers ...func(*Options)) (*http.Response, io.ReadCloser, error) {
+	return Do(endpoint, append(modifiers, Method(http.MethodHead))...)
+}
+
 // Do creates and execute a request on the specified endpoint, with the specified request modifiers
 func Do(endpoint string, modifiers ...func(*Options)) (*http.Response, io.ReadCloser, error) {
 	opts := &Options{
@@ -107,7 +104,7 @@ func Do(endpoint string, modifiers ...func(*Options)) (*http.Response, io.ReadCl
 // ReadBody read the specified ReadCloser content and returns it
 func ReadBody(b io.ReadCloser) ([]byte, error) {
 	defer b.Close()
-	return ioutil.ReadAll(b)
+	return io.ReadAll(b)
 }
 
 // newRequest creates a new http Request to the specified host and endpoint, with the specified request modifiers
@@ -116,7 +113,7 @@ func newRequest(endpoint string, opts *Options) (*http.Request, error) {
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed parsing url %q", opts.host)
 	}
-	req, err := http.NewRequest("GET", endpoint, nil)
+	req, err := http.NewRequest(http.MethodGet, endpoint, nil)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to create request")
 	}
@@ -181,7 +178,7 @@ func getTLSConfig() (*tls.Config, error) {
 
 // DaemonHost return the daemon host string for this test execution
 func DaemonHost() string {
-	daemonURLStr := "unix://" + opts.DefaultUnixSocket
+	daemonURLStr := client.DefaultDockerHost
 	if daemonHostVar := os.Getenv("DOCKER_HOST"); daemonHostVar != "" {
 		daemonURLStr = daemonHostVar
 	}
diff --git a/testutil/stringutils.go b/testutil/stringutils.go
new file mode 100644
index 0000000000000..885ebe560bf92
--- /dev/null
+++ b/testutil/stringutils.go
@@ -0,0 +1,14 @@
+package testutil // import "github.com/docker/docker/testutil"
+
+import "math/rand"
+
+// GenerateRandomAlphaOnlyString generates an alphabetical random string with length n.
+func GenerateRandomAlphaOnlyString(n int) string {
+	// make a really long string
+	letters := []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = letters[rand.Intn(len(letters))] //nolint: gosec // G404: Use of weak random number generator (math/rand instead of crypto/rand)
+	}
+	return string(b)
+}
diff --git a/internal/testutil/stringutils_test.go b/testutil/stringutils_test.go
similarity index 86%
rename from internal/testutil/stringutils_test.go
rename to testutil/stringutils_test.go
index 753aac966dc2e..438683664ff26 100644
--- a/internal/testutil/stringutils_test.go
+++ b/testutil/stringutils_test.go
@@ -1,10 +1,10 @@
-package testutil // import "github.com/docker/docker/internal/testutil"
+package testutil // import "github.com/docker/docker/testutil"
 
 import (
 	"testing"
 
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func testLengthHelper(generator func(int) string, t *testing.T) {
diff --git a/vendor.conf b/vendor.conf
index 5d7d2d7d80730..6e22620c32107 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -1,159 +1,190 @@
-# the following lines are in sorted order, FYI
-github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
-github.com/Microsoft/hcsshim v0.7.6
-github.com/Microsoft/go-winio v0.4.11
-github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
-github.com/go-check/check 4ed411733c5785b40214c70bce814c3a3a689609 https://github.com/cpuguy83/check.git
-github.com/golang/gddo 9b12a26f3fbd7397dee4e20939ddca719d840d2a
-github.com/gorilla/context v1.1
-github.com/gorilla/mux v1.1
-github.com/Microsoft/opengcs v0.3.9
-github.com/kr/pty 5cf931ef8f
-github.com/mattn/go-shellwords v1.0.3
-github.com/sirupsen/logrus v1.0.6
-github.com/tchap/go-patricia v2.2.6
-github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
-golang.org/x/net a680a1efc54dd51c040b3b5ce4939ea3cf2ea0d1
-golang.org/x/sys ac767d655b305d4e9612f5f6e33120b9176c4ad4
-github.com/docker/go-units 47565b4f722fb6ceae66b95f853feed578a4a51c # v0.3.3
-github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
-golang.org/x/text f21a4dfb5e38f5895301dc265a8def02365cc3d0 # v0.3.0
-gotest.tools v2.1.0
-github.com/google/go-cmp v0.2.0
-
-github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5
-github.com/imdario/mergo v0.3.6
-golang.org/x/sync 1d60e4601c6fd243af51cc01ddf169918a5407ca
+github.com/Azure/go-ansiterm                        d185dfc1b5a126116ea5a19e148e29d16b4574c9
+github.com/Microsoft/hcsshim                        133feb626666d38630976b19f742431f31cee604 # v0.8.23
+github.com/Microsoft/go-winio                       6c24dfa01eb5906508a5ad06f4f6534a9be47456 # v0.5.1
+github.com/docker/libtrust                          9cbd2a1374f46905c68a4eb3694a130610adc62a
+github.com/golang/gddo                              72a348e765d293ed6d1ded7b699591f14d6cd921
+github.com/google/uuid                              0cd6bf5da1e1c83f8b45653022c74f71af0538a4 # v1.1.1
+github.com/gorilla/mux                              98cb6bf42e086f6af920b965c38cacc07402d51b # v1.8.0
+github.com/moby/locker                              281af2d563954745bea9d1487c965f24d30742fe # v1.0.1
+github.com/moby/term                                3f7ff695adc6a35abc925370dd0a4dafb48ec64d
+
+# Note that this dependency uses submodules, providing the github.com/moby/sys/mount,
+# github.com/moby/sys/mountinfo, github.com/moby/sys/signal, and github.com/moby/sys/symlink
+# modules. Our vendoring tool (vndr) currently does not support submodules / vendoring sub-paths,
+# so we vendor the top-level moby/sys repository (which contains both) and pick the most recent tag,
+# which could be either `mountinfo/vX.Y.Z`, `mount/vX.Y.Z`, `signal/vX.Y.Z`, or `symlink/vX.Y.Z`.
+github.com/moby/sys                                 03b9f8d59a07f5206a2264105f4903a222aea964 # signal/v0.6.0
+
+github.com/creack/pty                               2a38352e8b4d7ab6c336eef107e42a55e72e7fbc # v1.1.11
+github.com/sirupsen/logrus                          bdc0db8ead3853c56b7cd1ac2ba4e11b47d7da6b # v1.8.1
+github.com/tchap/go-patricia                        a7f0089c6f496e8e70402f61733606daa326cac5 # v2.3.0
+golang.org/x/net                                    e18ecbb051101a46fc263334b127c89bc7bff7ea
+golang.org/x/sys                                    69cdffdb9359ff97d91e4f4fbb6b2714c3898eae
+github.com/docker/go-units                          519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
+github.com/docker/go-connections                    7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
+golang.org/x/text                                   23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3
+gotest.tools/v3                                     568bc57cc5c19a2ef85e5749870b49a4cc2ab54d # v3.0.3
+github.com/google/go-cmp                            3af367b6b30c263d47e8895973edcca9a49cf029 # v0.2.0
+
+github.com/RackSec/srslog                           a4725f04ec91af1a91b380da679d6e0c2f061e59
+github.com/imdario/mergo                            29fb3d3bdc5512887f1dc9aedde6a0fed407fa8f # v0.3.12
+golang.org/x/sync                                   036812b2e83c0ddf193dd5a34e034151da389d09
 
 # buildkit
-github.com/moby/buildkit c7bb575343df0cbfeab8b5b28149630b8153fcc6
-github.com/tonistiigi/fsutil f567071bed2416e4d87d260d3162722651182317
-github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
-github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7
-github.com/google/shlex 6f45313302b9c56850fc17f99e40caebce98c716
-github.com/opentracing-contrib/go-stdlib  b1a47cfbdd7543e70e9ef3e73d0802ad306cc1cc
-github.com/mitchellh/hashstructure 2bca23e0e452137f789efbc8610126fd8b94f73b
-
-#get libnetwork packages
-
-# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy accordingly
-github.com/docker/libnetwork d7b61745d16675c9f548b19f06fda80d422a74f0
-github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
-github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
-github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
-github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
-github.com/hashicorp/memberlist 3d8438da9589e7b608a83ffac1ef8211486bcb7c
-github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372
-github.com/hashicorp/go-sockaddr 6d291a969b86c4b633730bfc6b8b9d64c3aafed9
-github.com/hashicorp/go-multierror fcdddc395df1ddf4247c69bd436e84cfa0733f7e
-github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870
-github.com/docker/libkv 458977154600b9f23984d9f4b82e79570b5ae12b
-github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25
-github.com/vishvananda/netlink b2de5d10e38ecce8607e6b438b6d174f389a004e
-
-# When updating, consider updating TOMLV_COMMIT in hack/dockerfile/install/tomlv accordingly
-github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
-github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
-github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
-github.com/coreos/etcd v3.3.9
-github.com/coreos/go-semver v0.2.0
-github.com/ugorji/go v1.1.1
-github.com/hashicorp/consul v0.5.2
-github.com/miekg/dns v1.0.7
-github.com/ishidawataru/sctp 07191f837fedd2f13d1ec7b5f885f0f3ec54b1cb
-go.etcd.io/bbolt v1.3.1-etcd.8
+github.com/moby/buildkit                            9f254e18360a24c2ae47b26f772c3c89533bcbb7 # master / v0.9.0-dev
+github.com/tonistiigi/fsutil                        d72af97c0eaf93c1d20360e3cb9c63c223675b83
+github.com/tonistiigi/units                         6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
+github.com/grpc-ecosystem/grpc-opentracing          8e809c8a86450a29b90dcc9efbf062d0fe6d9746
+github.com/opentracing/opentracing-go               d34af3eaa63c4d08ab54863a4bdd0daa45212e12 # v1.2.0
+github.com/google/shlex                             e7afc7fbc51079733e9468cdfd1efcd7d196cd1d
+github.com/opentracing-contrib/go-stdlib            8a6ff1ad1691a29e4f7b5d46604f97634997c8c4 # v1.0.0
+github.com/mitchellh/hashstructure                  a38c50148365edc8df43c1580c48fb2b3a1e9cd7 # v1.0.0
+github.com/gofrs/flock                              6caa7350c26b838538005fae7dbee4e69d9398db # v0.7.3
+github.com/grpc-ecosystem/go-grpc-middleware        3c51f7f332123e8be5a157c0802a228ac85bf9db # v1.2.0
+
+# libnetwork
+
+github.com/docker/go-events                         e31b211e4f1cd09aa76fe4ac244571fab96ae47f
+github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
+github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec
+github.com/hashicorp/go-msgpack                     71c2886f5a673a35f909803f38ece5810165097b
+github.com/hashicorp/memberlist                     619135cdd9e5dda8c12f8ceef39bdade4f5899b6 # v0.2.4
+github.com/sean-/seed                               e2103e2c35297fb7e17febb81e49b312087a2372
+github.com/hashicorp/errwrap                        8a6fb523712970c966eefc6b39ed2c5e74880354 # v1.0.0
+github.com/hashicorp/go-sockaddr                    c7188e74f6acae5a989bdc959aa779f8b9f42faf # v1.0.2
+github.com/hashicorp/go-multierror                  886a7fbe3eb1c874d46f623bfa70af45f425b3d1 # v1.0.0
+github.com/hashicorp/serf                           598c54895cc5a7b1a24a398d635e8c0ea0959870
+github.com/docker/libkv                             458977154600b9f23984d9f4b82e79570b5ae12b
+github.com/vishvananda/netns                        db3c7e526aae966c4ccfa6c8189b693d6ac5d202
+github.com/vishvananda/netlink                      f049be6f391489d3f374498fe0c8df8449258372 # v1.1.0
+github.com/moby/ipvs                                4566ccea0e08d68e9614c3e7a64a23b850c4bb35 # v1.0.1
+github.com/google/btree                             479b5e81b0a93ec038d201b0b33d17db599531d3 # v1.0.1
+
+github.com/samuel/go-zookeeper                      d0e0d8e11f318e000a8cc434616d69e329edc374
+github.com/deckarep/golang-set                      ef32fa3046d9f249d399f98ebaf9be944430fd1d
+github.com/coreos/etcd                              2c834459e1aab78a5d5219c7dfe42335fc4b617a # v3.3.25
+github.com/coreos/go-semver                         8ab6407b697782a06568d4b7f1db25550ec2e4c6 # v0.2.0
+github.com/hashicorp/consul                         9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2
+github.com/miekg/dns                                6c0c4e6581f8e173cc562c8b3363ab984e4ae071 # v1.1.27
+github.com/ishidawataru/sctp                        f2269e66cdee387bd321445d5d300893449805be
+go.etcd.io/bbolt                                    232d8fc87f50244f9c808f4745759e08a304c029 # v1.3.5
+github.com/json-iterator/go                         a1ca0830781e007c66b225121d2cdb3a649421f6 # v1.1.10
+github.com/modern-go/concurrent                     bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
+github.com/modern-go/reflect2                       94122c33edd36123c84d5368cfb2b69df93a0ec8 # v1.0.1
 
 # get graph and distribution packages
-github.com/docker/distribution 83389a148052d74ac602f5f1d62f86ff2f3c4aa5
-github.com/vbatts/tar-split v0.11.0
-github.com/opencontainers/go-digest v1.0.0-rc1
+github.com/docker/distribution                      0d3efadf0154c2b8a4e7b6621fff9809655cc580
+github.com/vbatts/tar-split                         80a436fd6164c557b131f7c59ed69bd81af69761 # v0.11.2
+github.com/opencontainers/go-digest                 ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0
 
 # get go-zfs packages
-github.com/mistifyio/go-zfs 22c9b32c84eb0d0c6f4043b6e90fc94073de92fa
-github.com/pborman/uuid v1.0
+github.com/mistifyio/go-zfs                         f784269be439d704d3dfa1906f45dd848fed2beb
 
-google.golang.org/grpc v1.12.0
+google.golang.org/grpc                              f495f5b15ae7ccda3b38c53a1bfcde4c1a58a2bc # v1.27.1
 
-# This does not need to match RUNC_COMMIT as it is used for helper packages but should be newer or equal
-github.com/opencontainers/runc 00dc70017d222b178a002ed30e9321b12647af2d
-github.com/opencontainers/runtime-spec eba862dc2470385a233c7507392675cbeadf7353 # v1.0.1-45-geba862d
-github.com/opencontainers/image-spec v1.0.1
-github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
+# The version of runc should match the version that is used by the containerd
+# version that is used. If you need to update runc, open a pull request in
+# the containerd project first, and update both after that is merged.
+# This commit does not need to match RUNC_COMMIT as it is used for helper
+# packages but should be newer or equal.
+github.com/opencontainers/runc                      f46b6ba2c9314cfc8caae24a32ec5fe9ef1059fe # v1.0.3
+github.com/opencontainers/runtime-spec              1c3f411f041711bbeecf35ff7e93461ea6789220 # v1.0.3-0.20210326190908-1c3f411f0417
+github.com/opencontainers/image-spec                67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2
+github.com/cyphar/filepath-securejoin               a261ee33d7a517f054effbf451841abaafe3e0fd # v0.2.2
 
-# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
-github.com/coreos/go-systemd v17
-github.com/godbus/dbus v4.0.0
-github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852
-github.com/golang/protobuf v1.1.0
+# go-systemd v17 is required by github.com/coreos/pkg/capnslog/journald_formatter.go
+github.com/coreos/go-systemd                        39ca1b05acc7ad1220e09f133283b8859a8b71ab # v17
+
+# systemd integration (journald, daemon/listeners, containerd/cgroups)
+github.com/coreos/go-systemd/v22                    777e73a89cef78631ccaa97f53a9bae67e166186 # v22.3.2
+github.com/godbus/dbus/v5                           c88335c0b1d28a30e7fc76d526a06154b85e5d97 # v5.0.4
 
 # gelf logging driver deps
-github.com/Graylog2/go-gelf 4143646226541087117ff2f83334ea48b3201841
+github.com/Graylog2/go-gelf                         1550ee647df0510058c9d67a45c56f18911d80b8 # v2 branch
 
-github.com/fluent/fluent-logger-golang v1.3.0
 # fluent-logger-golang deps
-github.com/philhofer/fwd 98c11a7a6ec829d672b03833c3d69a7fae1ca972
-github.com/tinylib/msgp 3b556c64540842d4f82967be066a7f7fffc3adad
+github.com/fluent/fluent-logger-golang              0b652e850a9140d0b1db6390d8925d0601e952db # v1.8.0
+github.com/philhofer/fwd                            bb6d471dc95d4fe11e432687f8b70ff496cf3136 # v1.0.0
+github.com/tinylib/msgp                             af6442a0fcf6e2a1b824f70dd0c734f01e817751 # v1.1.0
 
 # fsnotify
-github.com/fsnotify/fsnotify v1.4.7
+github.com/fsnotify/fsnotify                        45d7d09e39ef4ac08d493309fa031790c15bfe8a # v1.4.9
 
 # awslogs deps
-github.com/aws/aws-sdk-go v1.12.66
-github.com/go-ini/ini v1.25.4
-github.com/jmespath/go-jmespath 0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74
+github.com/aws/aws-sdk-go                           2590bc875c54c9fda225d8e4e56a9d28d90c6a47 # v1.28.11
+github.com/jmespath/go-jmespath                     2d053f87d1d7f9f48196ae04cf3daea4273d207d # v0.3.0
 
 # logentries
-github.com/bsphere/le_go 7a984a84b5492ae539b79b62fb4a10afc63c7bcf
+github.com/bsphere/le_go                            7a984a84b5492ae539b79b62fb4a10afc63c7bcf
 
 # gcplogs deps
-golang.org/x/oauth2 ec22f46f877b4505e0117eeaab541714644fdd28
-google.golang.org/api de943baf05a022a8f921b544b7827bacaba1aed5
-go.opencensus.io v0.11.0
-cloud.google.com/go v0.23.0
-github.com/googleapis/gax-go v2.0.0
-google.golang.org/genproto 694d95ba50e67b2e363f3483057db5d4910c18f9
+golang.org/x/oauth2                                 bf48bf16ab8d622ce64ec6ce98d2c98f916b6303
+google.golang.org/api                               dec2ee309f5b09fc59bc40676447c15736284d78 # v0.8.0
+github.com/golang/groupcache                        869f871628b6baa9cfbc11732cdf6546b17c1298
+go.opencensus.io                                    d835ff86be02193d324330acdb7d65546b05f814 # v0.22.3
+cloud.google.com/go                                 ceeb313ad77b789a7fa5287b36a1d127b69b7093 # v0.44.3
+github.com/googleapis/gax-go                        bd5b16380fd03dc758d11cef74ba2e3bc8b0e8c2 # v2.0.5
+google.golang.org/genproto                          3f1135a288c9a07e340ae8ba4cc6c7065a3160e8
 
 # containerd
-github.com/containerd/containerd 0c5f8f63c3368856c320ae8a1c125e703b73b51d # v1.2.0-rc.1
-github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
-github.com/containerd/continuity bd77b46c8352f74eb12c85bdc01f4b90f69d66b4
-github.com/containerd/cgroups 5e610833b72089b37d0e615de9a92dfc043757c2
-github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23
-github.com/containerd/cri 9f39e3289533fc228c5e5fcac0a6dbdd60c6047b # release/1.2 branch
-github.com/containerd/go-runc 5a6d9f37cfa36b15efba46dc7ea349fa9b7143c3
-github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
-github.com/containerd/ttrpc 2a805f71863501300ae1976d29f0454ae003e85a
-github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef
+github.com/containerd/containerd                    1e5ef943eb76627a6d3b6de8cd1ef6537f393a71 # v1.5.8
+github.com/containerd/fifo                          650e8a8a179d040123db61f016cb133143e7a581 # v1.0.0
+github.com/containerd/continuity                    bce1c3f9669b6f3e7f6656ee715b0b4d75fa64a6 # v0.1.0
+github.com/containerd/cgroups                       b9de8a2212026c07cec67baf3323f1fc0121e048 # v1.0.1
+github.com/containerd/console                       2f1e3d2b6afd18e8b2077816c711205a0b4d8769 # v1.0.2
+github.com/containerd/go-runc                       16b287bc67d069a60fa48db15f330b790b74365b # v1.0.0
+github.com/containerd/typeurl                       5e43fb8b75ed2f2305fc04e6918c8d10636771bc # v1.0.2
+github.com/containerd/ttrpc                         0247db16a1f98bb76731a12ad72b8d49705b38b3 # v1.1.0
+github.com/gogo/googleapis                          01e0f9cca9b92166042241267ee2a5cdf5cff46c # v1.3.2
+github.com/cilium/ebpf                              ca492085341e0e917f48ec30704d5054c5d42ca8 # v0.6.2
+github.com/klauspost/compress                       a3b7545c88eea469c2246bee0e6c130525d56190 # v1.11.13
+github.com/pelletier/go-toml                        65ca8064882c8c308e5c804c5d5443d409e0738c # v1.8.1
 
 # cluster
-github.com/docker/swarmkit 9f271c2963d18a7c60d2c4001fb418ca4037df19
-github.com/gogo/protobuf v1.0.0
-github.com/cloudflare/cfssl 1.3.2
-github.com/fernet/fernet-go 1b2437bc582b3cfbb341ee5a29f8ef5b42912ff2
-github.com/google/certificate-transparency-go v1.0.20
-golang.org/x/crypto 0709b304e793a5edb4a2c0145f281ecdc20838a4
-golang.org/x/time fbb02b2291d28baffd63558aa44b4b56f178d650
-github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad
-github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
-github.com/hashicorp/golang-lru 0fb14efe8c47ae851c0034ed7a448854d3d34cf3
-github.com/coreos/pkg v3
-github.com/pivotal-golang/clock 3fd3c1944c59d9742e1cd333672181cd1a6f9fa0
-github.com/prometheus/client_golang v0.8.0
-github.com/beorn7/perks 3a771d992973f24aa725d07868b467d1ddfceaf
-github.com/prometheus/client_model 6f3806018612930941127f2a7c6c453ba2c527d2
-github.com/prometheus/common 7600349dcfe1abd18d72d3a1770870d9800a7801
-github.com/prometheus/procfs 7d6f385de8bea29190f15ba9931442a0eaef9af7
-github.com/matttproud/golang_protobuf_extensions v1.0.0
-github.com/pkg/errors 645ef00459ed84a119197bfb8d8205042c6df63d # v0.8.0
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
+github.com/docker/swarmkit                          3629f50980f6c0dd5ccd7dbfa0956b57ea0cd78d  # master
+github.com/gogo/protobuf                            b03c65ea87cdc3521ede29f62fe3ce239267c1bc # v1.3.2
+github.com/golang/protobuf                          84668698ea25b64748563aa20726db66a6b8d299 # v1.3.5
+github.com/cloudflare/cfssl                         5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
+github.com/fernet/fernet-go                         9eac43b88a5efb8651d24de9b68e87567e029736
+github.com/google/certificate-transparency-go       37a384cd035e722ea46e55029093e26687138edf # v1.0.20
+golang.org/x/crypto                                 0c34fe9e7dc2486962ef9867e3edb3503537209f
+golang.org/x/time                                   3af7569d3a1e776fc2a3c1cec133b43105ea9c2e
+github.com/hashicorp/go-memdb                       cb9a474f84cc5e41b273b20c6927680b2a8776ad
+github.com/hashicorp/go-immutable-radix             826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
+github.com/hashicorp/golang-lru                     7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
+github.com/coreos/pkg                               97fdf19511ea361ae1c100dd393cc47f8dcfa1e1 # v4
+code.cloudfoundry.org/clock                         02e53af36e6c978af692887ed449b74026d76fec # v1.0.0
+
+# prometheus
+github.com/prometheus/client_golang                 6edbbd9e560190e318cdc5b4d3e630b442858380 # v1.6.0
+github.com/beorn7/perks                             37c8de3658fcb183f997c4e13e8337516ab753e6 # v1.0.1
+github.com/prometheus/client_model                  7bc5445566f0fe75b15de23e6b93886e982d7bf9 # v0.2.0
+github.com/prometheus/common                        d978bcb1309602d68bb4ba69cf3f8ed900e07308 # v0.9.1
+github.com/prometheus/procfs                        46159f73e74d1cb8dc223deef9b2d049286f46b1 # v0.0.11
+github.com/matttproud/golang_protobuf_extensions    c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
+github.com/pkg/errors                               614d223910a179a466c1767a985424175c39b465 # v0.9.1
+github.com/grpc-ecosystem/go-grpc-prometheus        c225b8c3b01faf2899099b768856a9e916e5087b # v1.2.0
+github.com/cespare/xxhash/v2                        d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
 
 # cli
-github.com/spf13/cobra v0.0.3
-github.com/spf13/pflag v1.0.1
-github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0
-github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.com/ijc25/Gotty
+github.com/spf13/cobra                              8380ddd3132bdf8fd77731725b550c181dda0aa8 # v1.1.3
+github.com/spf13/pflag                              2e9d26c8c37aae03e3f9d4e90b7116f5accb7cab # v1.0.5
+github.com/inconshreveable/mousetrap                76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0.0
+github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9c45e8be1067b # v1.0.0
 
 # metrics
-github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18
+github.com/docker/go-metrics                        b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
+
+github.com/opencontainers/selinux                   95d3852f356b31cbb2d84040ffca303911d08273 # v1.9.1
+
+
+# archive/tar
+# rm -rf vendor/archive
+# mkdir -p ./vendor/archive
+# git clone -b go$GOLANG_VERSION --depth=1 git://github.com/golang/go.git ./go
+# git --git-dir ./go/.git --work-tree ./go am ../patches/0001-archive-tar-do-not-populate-user-group-names.patch
+# cp -a go/src/archive/tar ./vendor/archive/tar
+# rm -rf ./go
+# vndr -whitelist=^archive/tar
 
-github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a
+# DO NOT EDIT BELOW THIS LINE -------- reserved for downstream projects --------
diff --git a/vendor/archive/tar/common.go b/vendor/archive/tar/common.go
new file mode 100644
index 0000000000000..c667cfc8720b5
--- /dev/null
+++ b/vendor/archive/tar/common.go
@@ -0,0 +1,723 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package tar implements access to tar archives.
+//
+// Tape archives (tar) are a file format for storing a sequence of files that
+// can be read and written in a streaming manner.
+// This package aims to cover most variations of the format,
+// including those produced by GNU and BSD tar tools.
+package tar
+
+import (
+	"errors"
+	"fmt"
+	"io/fs"
+	"math"
+	"path"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// BUG: Use of the Uid and Gid fields in Header could overflow on 32-bit
+// architectures. If a large value is encountered when decoding, the result
+// stored in Header will be the truncated version.
+
+var (
+	ErrHeader          = errors.New("archive/tar: invalid tar header")
+	ErrWriteTooLong    = errors.New("archive/tar: write too long")
+	ErrFieldTooLong    = errors.New("archive/tar: header field too long")
+	ErrWriteAfterClose = errors.New("archive/tar: write after close")
+	errMissData        = errors.New("archive/tar: sparse file references non-existent data")
+	errUnrefData       = errors.New("archive/tar: sparse file contains unreferenced data")
+	errWriteHole       = errors.New("archive/tar: write non-NUL byte in sparse hole")
+)
+
+type headerError []string
+
+func (he headerError) Error() string {
+	const prefix = "archive/tar: cannot encode header"
+	var ss []string
+	for _, s := range he {
+		if s != "" {
+			ss = append(ss, s)
+		}
+	}
+	if len(ss) == 0 {
+		return prefix
+	}
+	return fmt.Sprintf("%s: %v", prefix, strings.Join(ss, "; and "))
+}
+
+// Type flags for Header.Typeflag.
+const (
+	// Type '0' indicates a regular file.
+	TypeReg  = '0'
+	TypeRegA = '\x00' // Deprecated: Use TypeReg instead.
+
+	// Type '1' to '6' are header-only flags and may not have a data body.
+	TypeLink    = '1' // Hard link
+	TypeSymlink = '2' // Symbolic link
+	TypeChar    = '3' // Character device node
+	TypeBlock   = '4' // Block device node
+	TypeDir     = '5' // Directory
+	TypeFifo    = '6' // FIFO node
+
+	// Type '7' is reserved.
+	TypeCont = '7'
+
+	// Type 'x' is used by the PAX format to store key-value records that
+	// are only relevant to the next file.
+	// This package transparently handles these types.
+	TypeXHeader = 'x'
+
+	// Type 'g' is used by the PAX format to store key-value records that
+	// are relevant to all subsequent files.
+	// This package only supports parsing and composing such headers,
+	// but does not currently support persisting the global state across files.
+	TypeXGlobalHeader = 'g'
+
+	// Type 'S' indicates a sparse file in the GNU format.
+	TypeGNUSparse = 'S'
+
+	// Types 'L' and 'K' are used by the GNU format for a meta file
+	// used to store the path or link name for the next file.
+	// This package transparently handles these types.
+	TypeGNULongName = 'L'
+	TypeGNULongLink = 'K'
+)
+
+// Keywords for PAX extended header records.
+const (
+	paxNone     = "" // Indicates that no PAX key is suitable
+	paxPath     = "path"
+	paxLinkpath = "linkpath"
+	paxSize     = "size"
+	paxUid      = "uid"
+	paxGid      = "gid"
+	paxUname    = "uname"
+	paxGname    = "gname"
+	paxMtime    = "mtime"
+	paxAtime    = "atime"
+	paxCtime    = "ctime"   // Removed from later revision of PAX spec, but was valid
+	paxCharset  = "charset" // Currently unused
+	paxComment  = "comment" // Currently unused
+
+	paxSchilyXattr = "SCHILY.xattr."
+
+	// Keywords for GNU sparse files in a PAX extended header.
+	paxGNUSparse          = "GNU.sparse."
+	paxGNUSparseNumBlocks = "GNU.sparse.numblocks"
+	paxGNUSparseOffset    = "GNU.sparse.offset"
+	paxGNUSparseNumBytes  = "GNU.sparse.numbytes"
+	paxGNUSparseMap       = "GNU.sparse.map"
+	paxGNUSparseName      = "GNU.sparse.name"
+	paxGNUSparseMajor     = "GNU.sparse.major"
+	paxGNUSparseMinor     = "GNU.sparse.minor"
+	paxGNUSparseSize      = "GNU.sparse.size"
+	paxGNUSparseRealSize  = "GNU.sparse.realsize"
+)
+
+// basicKeys is a set of the PAX keys for which we have built-in support.
+// This does not contain "charset" or "comment", which are both PAX-specific,
+// so adding them as first-class features of Header is unlikely.
+// Users can use the PAXRecords field to set it themselves.
+var basicKeys = map[string]bool{
+	paxPath: true, paxLinkpath: true, paxSize: true, paxUid: true, paxGid: true,
+	paxUname: true, paxGname: true, paxMtime: true, paxAtime: true, paxCtime: true,
+}
+
+// A Header represents a single header in a tar archive.
+// Some fields may not be populated.
+//
+// For forward compatibility, users that retrieve a Header from Reader.Next,
+// mutate it in some ways, and then pass it back to Writer.WriteHeader
+// should do so by creating a new Header and copying the fields
+// that they are interested in preserving.
+type Header struct {
+	// Typeflag is the type of header entry.
+	// The zero value is automatically promoted to either TypeReg or TypeDir
+	// depending on the presence of a trailing slash in Name.
+	Typeflag byte
+
+	Name     string // Name of file entry
+	Linkname string // Target name of link (valid for TypeLink or TypeSymlink)
+
+	Size  int64  // Logical file size in bytes
+	Mode  int64  // Permission and mode bits
+	Uid   int    // User ID of owner
+	Gid   int    // Group ID of owner
+	Uname string // User name of owner
+	Gname string // Group name of owner
+
+	// If the Format is unspecified, then Writer.WriteHeader rounds ModTime
+	// to the nearest second and ignores the AccessTime and ChangeTime fields.
+	//
+	// To use AccessTime or ChangeTime, specify the Format as PAX or GNU.
+	// To use sub-second resolution, specify the Format as PAX.
+	ModTime    time.Time // Modification time
+	AccessTime time.Time // Access time (requires either PAX or GNU support)
+	ChangeTime time.Time // Change time (requires either PAX or GNU support)
+
+	Devmajor int64 // Major device number (valid for TypeChar or TypeBlock)
+	Devminor int64 // Minor device number (valid for TypeChar or TypeBlock)
+
+	// Xattrs stores extended attributes as PAX records under the
+	// "SCHILY.xattr." namespace.
+	//
+	// The following are semantically equivalent:
+	//  h.Xattrs[key] = value
+	//  h.PAXRecords["SCHILY.xattr."+key] = value
+	//
+	// When Writer.WriteHeader is called, the contents of Xattrs will take
+	// precedence over those in PAXRecords.
+	//
+	// Deprecated: Use PAXRecords instead.
+	Xattrs map[string]string
+
+	// PAXRecords is a map of PAX extended header records.
+	//
+	// User-defined records should have keys of the following form:
+	//	VENDOR.keyword
+	// Where VENDOR is some namespace in all uppercase, and keyword may
+	// not contain the '=' character (e.g., "GOLANG.pkg.version").
+	// The key and value should be non-empty UTF-8 strings.
+	//
+	// When Writer.WriteHeader is called, PAX records derived from the
+	// other fields in Header take precedence over PAXRecords.
+	PAXRecords map[string]string
+
+	// Format specifies the format of the tar header.
+	//
+	// This is set by Reader.Next as a best-effort guess at the format.
+	// Since the Reader liberally reads some non-compliant files,
+	// it is possible for this to be FormatUnknown.
+	//
+	// If the format is unspecified when Writer.WriteHeader is called,
+	// then it uses the first format (in the order of USTAR, PAX, GNU)
+	// capable of encoding this Header (see Format).
+	Format Format
+}
+
+// sparseEntry represents a Length-sized fragment at Offset in the file.
+type sparseEntry struct{ Offset, Length int64 }
+
+func (s sparseEntry) endOffset() int64 { return s.Offset + s.Length }
+
+// A sparse file can be represented as either a sparseDatas or a sparseHoles.
+// As long as the total size is known, they are equivalent and one can be
+// converted to the other form and back. The various tar formats with sparse
+// file support represent sparse files in the sparseDatas form. That is, they
+// specify the fragments in the file that has data, and treat everything else as
+// having zero bytes. As such, the encoding and decoding logic in this package
+// deals with sparseDatas.
+//
+// However, the external API uses sparseHoles instead of sparseDatas because the
+// zero value of sparseHoles logically represents a normal file (i.e., there are
+// no holes in it). On the other hand, the zero value of sparseDatas implies
+// that the file has no data in it, which is rather odd.
+//
+// As an example, if the underlying raw file contains the 10-byte data:
+//	var compactFile = "abcdefgh"
+//
+// And the sparse map has the following entries:
+//	var spd sparseDatas = []sparseEntry{
+//		{Offset: 2,  Length: 5},  // Data fragment for 2..6
+//		{Offset: 18, Length: 3},  // Data fragment for 18..20
+//	}
+//	var sph sparseHoles = []sparseEntry{
+//		{Offset: 0,  Length: 2},  // Hole fragment for 0..1
+//		{Offset: 7,  Length: 11}, // Hole fragment for 7..17
+//		{Offset: 21, Length: 4},  // Hole fragment for 21..24
+//	}
+//
+// Then the content of the resulting sparse file with a Header.Size of 25 is:
+//	var sparseFile = "\x00"*2 + "abcde" + "\x00"*11 + "fgh" + "\x00"*4
+type (
+	sparseDatas []sparseEntry
+	sparseHoles []sparseEntry
+)
+
+// validateSparseEntries reports whether sp is a valid sparse map.
+// It does not matter whether sp represents data fragments or hole fragments.
+func validateSparseEntries(sp []sparseEntry, size int64) bool {
+	// Validate all sparse entries. These are the same checks as performed by
+	// the BSD tar utility.
+	if size < 0 {
+		return false
+	}
+	var pre sparseEntry
+	for _, cur := range sp {
+		switch {
+		case cur.Offset < 0 || cur.Length < 0:
+			return false // Negative values are never okay
+		case cur.Offset > math.MaxInt64-cur.Length:
+			return false // Integer overflow with large length
+		case cur.endOffset() > size:
+			return false // Region extends beyond the actual size
+		case pre.endOffset() > cur.Offset:
+			return false // Regions cannot overlap and must be in order
+		}
+		pre = cur
+	}
+	return true
+}
+
+// alignSparseEntries mutates src and returns dst where each fragment's
+// starting offset is aligned up to the nearest block edge, and each
+// ending offset is aligned down to the nearest block edge.
+//
+// Even though the Go tar Reader and the BSD tar utility can handle entries
+// with arbitrary offsets and lengths, the GNU tar utility can only handle
+// offsets and lengths that are multiples of blockSize.
+func alignSparseEntries(src []sparseEntry, size int64) []sparseEntry {
+	dst := src[:0]
+	for _, s := range src {
+		pos, end := s.Offset, s.endOffset()
+		pos += blockPadding(+pos) // Round-up to nearest blockSize
+		if end != size {
+			end -= blockPadding(-end) // Round-down to nearest blockSize
+		}
+		if pos < end {
+			dst = append(dst, sparseEntry{Offset: pos, Length: end - pos})
+		}
+	}
+	return dst
+}
+
+// invertSparseEntries converts a sparse map from one form to the other.
+// If the input is sparseHoles, then it will output sparseDatas and vice-versa.
+// The input must have been already validated.
+//
+// This function mutates src and returns a normalized map where:
+//	* adjacent fragments are coalesced together
+//	* only the last fragment may be empty
+//	* the endOffset of the last fragment is the total size
+func invertSparseEntries(src []sparseEntry, size int64) []sparseEntry {
+	dst := src[:0]
+	var pre sparseEntry
+	for _, cur := range src {
+		if cur.Length == 0 {
+			continue // Skip empty fragments
+		}
+		pre.Length = cur.Offset - pre.Offset
+		if pre.Length > 0 {
+			dst = append(dst, pre) // Only add non-empty fragments
+		}
+		pre.Offset = cur.endOffset()
+	}
+	pre.Length = size - pre.Offset // Possibly the only empty fragment
+	return append(dst, pre)
+}
+
+// fileState tracks the number of logical (includes sparse holes) and physical
+// (actual in tar archive) bytes remaining for the current file.
+//
+// Invariant: LogicalRemaining >= PhysicalRemaining
+type fileState interface {
+	LogicalRemaining() int64
+	PhysicalRemaining() int64
+}
+
+// allowedFormats determines which formats can be used.
+// The value returned is the logical OR of multiple possible formats.
+// If the value is FormatUnknown, then the input Header cannot be encoded
+// and an error is returned explaining why.
+//
+// As a by-product of checking the fields, this function returns paxHdrs, which
+// contain all fields that could not be directly encoded.
+// A value receiver ensures that this method does not mutate the source Header.
+func (h Header) allowedFormats() (format Format, paxHdrs map[string]string, err error) {
+	format = FormatUSTAR | FormatPAX | FormatGNU
+	paxHdrs = make(map[string]string)
+
+	var whyNoUSTAR, whyNoPAX, whyNoGNU string
+	var preferPAX bool // Prefer PAX over USTAR
+	verifyString := func(s string, size int, name, paxKey string) {
+		// NUL-terminator is optional for path and linkpath.
+		// Technically, it is required for uname and gname,
+		// but neither GNU nor BSD tar checks for it.
+		tooLong := len(s) > size
+		allowLongGNU := paxKey == paxPath || paxKey == paxLinkpath
+		if hasNUL(s) || (tooLong && !allowLongGNU) {
+			whyNoGNU = fmt.Sprintf("GNU cannot encode %s=%q", name, s)
+			format.mustNotBe(FormatGNU)
+		}
+		if !isASCII(s) || tooLong {
+			canSplitUSTAR := paxKey == paxPath
+			if _, _, ok := splitUSTARPath(s); !canSplitUSTAR || !ok {
+				whyNoUSTAR = fmt.Sprintf("USTAR cannot encode %s=%q", name, s)
+				format.mustNotBe(FormatUSTAR)
+			}
+			if paxKey == paxNone {
+				whyNoPAX = fmt.Sprintf("PAX cannot encode %s=%q", name, s)
+				format.mustNotBe(FormatPAX)
+			} else {
+				paxHdrs[paxKey] = s
+			}
+		}
+		if v, ok := h.PAXRecords[paxKey]; ok && v == s {
+			paxHdrs[paxKey] = v
+		}
+	}
+	verifyNumeric := func(n int64, size int, name, paxKey string) {
+		if !fitsInBase256(size, n) {
+			whyNoGNU = fmt.Sprintf("GNU cannot encode %s=%d", name, n)
+			format.mustNotBe(FormatGNU)
+		}
+		if !fitsInOctal(size, n) {
+			whyNoUSTAR = fmt.Sprintf("USTAR cannot encode %s=%d", name, n)
+			format.mustNotBe(FormatUSTAR)
+			if paxKey == paxNone {
+				whyNoPAX = fmt.Sprintf("PAX cannot encode %s=%d", name, n)
+				format.mustNotBe(FormatPAX)
+			} else {
+				paxHdrs[paxKey] = strconv.FormatInt(n, 10)
+			}
+		}
+		if v, ok := h.PAXRecords[paxKey]; ok && v == strconv.FormatInt(n, 10) {
+			paxHdrs[paxKey] = v
+		}
+	}
+	verifyTime := func(ts time.Time, size int, name, paxKey string) {
+		if ts.IsZero() {
+			return // Always okay
+		}
+		if !fitsInBase256(size, ts.Unix()) {
+			whyNoGNU = fmt.Sprintf("GNU cannot encode %s=%v", name, ts)
+			format.mustNotBe(FormatGNU)
+		}
+		isMtime := paxKey == paxMtime
+		fitsOctal := fitsInOctal(size, ts.Unix())
+		if (isMtime && !fitsOctal) || !isMtime {
+			whyNoUSTAR = fmt.Sprintf("USTAR cannot encode %s=%v", name, ts)
+			format.mustNotBe(FormatUSTAR)
+		}
+		needsNano := ts.Nanosecond() != 0
+		if !isMtime || !fitsOctal || needsNano {
+			preferPAX = true // USTAR may truncate sub-second measurements
+			if paxKey == paxNone {
+				whyNoPAX = fmt.Sprintf("PAX cannot encode %s=%v", name, ts)
+				format.mustNotBe(FormatPAX)
+			} else {
+				paxHdrs[paxKey] = formatPAXTime(ts)
+			}
+		}
+		if v, ok := h.PAXRecords[paxKey]; ok && v == formatPAXTime(ts) {
+			paxHdrs[paxKey] = v
+		}
+	}
+
+	// Check basic fields.
+	var blk block
+	v7 := blk.V7()
+	ustar := blk.USTAR()
+	gnu := blk.GNU()
+	verifyString(h.Name, len(v7.Name()), "Name", paxPath)
+	verifyString(h.Linkname, len(v7.LinkName()), "Linkname", paxLinkpath)
+	verifyString(h.Uname, len(ustar.UserName()), "Uname", paxUname)
+	verifyString(h.Gname, len(ustar.GroupName()), "Gname", paxGname)
+	verifyNumeric(h.Mode, len(v7.Mode()), "Mode", paxNone)
+	verifyNumeric(int64(h.Uid), len(v7.UID()), "Uid", paxUid)
+	verifyNumeric(int64(h.Gid), len(v7.GID()), "Gid", paxGid)
+	verifyNumeric(h.Size, len(v7.Size()), "Size", paxSize)
+	verifyNumeric(h.Devmajor, len(ustar.DevMajor()), "Devmajor", paxNone)
+	verifyNumeric(h.Devminor, len(ustar.DevMinor()), "Devminor", paxNone)
+	verifyTime(h.ModTime, len(v7.ModTime()), "ModTime", paxMtime)
+	verifyTime(h.AccessTime, len(gnu.AccessTime()), "AccessTime", paxAtime)
+	verifyTime(h.ChangeTime, len(gnu.ChangeTime()), "ChangeTime", paxCtime)
+
+	// Check for header-only types.
+	var whyOnlyPAX, whyOnlyGNU string
+	switch h.Typeflag {
+	case TypeReg, TypeChar, TypeBlock, TypeFifo, TypeGNUSparse:
+		// Exclude TypeLink and TypeSymlink, since they may reference directories.
+		if strings.HasSuffix(h.Name, "/") {
+			return FormatUnknown, nil, headerError{"filename may not have trailing slash"}
+		}
+	case TypeXHeader, TypeGNULongName, TypeGNULongLink:
+		return FormatUnknown, nil, headerError{"cannot manually encode TypeXHeader, TypeGNULongName, or TypeGNULongLink headers"}
+	case TypeXGlobalHeader:
+		h2 := Header{Name: h.Name, Typeflag: h.Typeflag, Xattrs: h.Xattrs, PAXRecords: h.PAXRecords, Format: h.Format}
+		if !reflect.DeepEqual(h, h2) {
+			return FormatUnknown, nil, headerError{"only PAXRecords should be set for TypeXGlobalHeader"}
+		}
+		whyOnlyPAX = "only PAX supports TypeXGlobalHeader"
+		format.mayOnlyBe(FormatPAX)
+	}
+	if !isHeaderOnlyType(h.Typeflag) && h.Size < 0 {
+		return FormatUnknown, nil, headerError{"negative size on header-only type"}
+	}
+
+	// Check PAX records.
+	if len(h.Xattrs) > 0 {
+		for k, v := range h.Xattrs {
+			paxHdrs[paxSchilyXattr+k] = v
+		}
+		whyOnlyPAX = "only PAX supports Xattrs"
+		format.mayOnlyBe(FormatPAX)
+	}
+	if len(h.PAXRecords) > 0 {
+		for k, v := range h.PAXRecords {
+			switch _, exists := paxHdrs[k]; {
+			case exists:
+				continue // Do not overwrite existing records
+			case h.Typeflag == TypeXGlobalHeader:
+				paxHdrs[k] = v // Copy all records
+			case !basicKeys[k] && !strings.HasPrefix(k, paxGNUSparse):
+				paxHdrs[k] = v // Ignore local records that may conflict
+			}
+		}
+		whyOnlyPAX = "only PAX supports PAXRecords"
+		format.mayOnlyBe(FormatPAX)
+	}
+	for k, v := range paxHdrs {
+		if !validPAXRecord(k, v) {
+			return FormatUnknown, nil, headerError{fmt.Sprintf("invalid PAX record: %q", k+" = "+v)}
+		}
+	}
+
+	// TODO(dsnet): Re-enable this when adding sparse support.
+	// See https://golang.org/issue/22735
+	/*
+		// Check sparse files.
+		if len(h.SparseHoles) > 0 || h.Typeflag == TypeGNUSparse {
+			if isHeaderOnlyType(h.Typeflag) {
+				return FormatUnknown, nil, headerError{"header-only type cannot be sparse"}
+			}
+			if !validateSparseEntries(h.SparseHoles, h.Size) {
+				return FormatUnknown, nil, headerError{"invalid sparse holes"}
+			}
+			if h.Typeflag == TypeGNUSparse {
+				whyOnlyGNU = "only GNU supports TypeGNUSparse"
+				format.mayOnlyBe(FormatGNU)
+			} else {
+				whyNoGNU = "GNU supports sparse files only with TypeGNUSparse"
+				format.mustNotBe(FormatGNU)
+			}
+			whyNoUSTAR = "USTAR does not support sparse files"
+			format.mustNotBe(FormatUSTAR)
+		}
+	*/
+
+	// Check desired format.
+	if wantFormat := h.Format; wantFormat != FormatUnknown {
+		if wantFormat.has(FormatPAX) && !preferPAX {
+			wantFormat.mayBe(FormatUSTAR) // PAX implies USTAR allowed too
+		}
+		format.mayOnlyBe(wantFormat) // Set union of formats allowed and format wanted
+	}
+	if format == FormatUnknown {
+		switch h.Format {
+		case FormatUSTAR:
+			err = headerError{"Format specifies USTAR", whyNoUSTAR, whyOnlyPAX, whyOnlyGNU}
+		case FormatPAX:
+			err = headerError{"Format specifies PAX", whyNoPAX, whyOnlyGNU}
+		case FormatGNU:
+			err = headerError{"Format specifies GNU", whyNoGNU, whyOnlyPAX}
+		default:
+			err = headerError{whyNoUSTAR, whyNoPAX, whyNoGNU, whyOnlyPAX, whyOnlyGNU}
+		}
+	}
+	return format, paxHdrs, err
+}
+
+// FileInfo returns an fs.FileInfo for the Header.
+func (h *Header) FileInfo() fs.FileInfo {
+	return headerFileInfo{h}
+}
+
+// headerFileInfo implements fs.FileInfo.
+type headerFileInfo struct {
+	h *Header
+}
+
+func (fi headerFileInfo) Size() int64        { return fi.h.Size }
+func (fi headerFileInfo) IsDir() bool        { return fi.Mode().IsDir() }
+func (fi headerFileInfo) ModTime() time.Time { return fi.h.ModTime }
+func (fi headerFileInfo) Sys() interface{}   { return fi.h }
+
+// Name returns the base name of the file.
+func (fi headerFileInfo) Name() string {
+	if fi.IsDir() {
+		return path.Base(path.Clean(fi.h.Name))
+	}
+	return path.Base(fi.h.Name)
+}
+
+// Mode returns the permission and mode bits for the headerFileInfo.
+func (fi headerFileInfo) Mode() (mode fs.FileMode) {
+	// Set file permission bits.
+	mode = fs.FileMode(fi.h.Mode).Perm()
+
+	// Set setuid, setgid and sticky bits.
+	if fi.h.Mode&c_ISUID != 0 {
+		mode |= fs.ModeSetuid
+	}
+	if fi.h.Mode&c_ISGID != 0 {
+		mode |= fs.ModeSetgid
+	}
+	if fi.h.Mode&c_ISVTX != 0 {
+		mode |= fs.ModeSticky
+	}
+
+	// Set file mode bits; clear perm, setuid, setgid, and sticky bits.
+	switch m := fs.FileMode(fi.h.Mode) &^ 07777; m {
+	case c_ISDIR:
+		mode |= fs.ModeDir
+	case c_ISFIFO:
+		mode |= fs.ModeNamedPipe
+	case c_ISLNK:
+		mode |= fs.ModeSymlink
+	case c_ISBLK:
+		mode |= fs.ModeDevice
+	case c_ISCHR:
+		mode |= fs.ModeDevice
+		mode |= fs.ModeCharDevice
+	case c_ISSOCK:
+		mode |= fs.ModeSocket
+	}
+
+	switch fi.h.Typeflag {
+	case TypeSymlink:
+		mode |= fs.ModeSymlink
+	case TypeChar:
+		mode |= fs.ModeDevice
+		mode |= fs.ModeCharDevice
+	case TypeBlock:
+		mode |= fs.ModeDevice
+	case TypeDir:
+		mode |= fs.ModeDir
+	case TypeFifo:
+		mode |= fs.ModeNamedPipe
+	}
+
+	return mode
+}
+
+// sysStat, if non-nil, populates h from system-dependent fields of fi.
+var sysStat func(fi fs.FileInfo, h *Header) error
+
+const (
+	// Mode constants from the USTAR spec:
+	// See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_06
+	c_ISUID = 04000 // Set uid
+	c_ISGID = 02000 // Set gid
+	c_ISVTX = 01000 // Save text (sticky bit)
+
+	// Common Unix mode constants; these are not defined in any common tar standard.
+	// Header.FileInfo understands these, but FileInfoHeader will never produce these.
+	c_ISDIR  = 040000  // Directory
+	c_ISFIFO = 010000  // FIFO
+	c_ISREG  = 0100000 // Regular file
+	c_ISLNK  = 0120000 // Symbolic link
+	c_ISBLK  = 060000  // Block special file
+	c_ISCHR  = 020000  // Character special file
+	c_ISSOCK = 0140000 // Socket
+)
+
+// FileInfoHeader creates a partially-populated Header from fi.
+// If fi describes a symlink, FileInfoHeader records link as the link target.
+// If fi describes a directory, a slash is appended to the name.
+//
+// Since fs.FileInfo's Name method only returns the base name of
+// the file it describes, it may be necessary to modify Header.Name
+// to provide the full path name of the file.
+func FileInfoHeader(fi fs.FileInfo, link string) (*Header, error) {
+	if fi == nil {
+		return nil, errors.New("archive/tar: FileInfo is nil")
+	}
+	fm := fi.Mode()
+	h := &Header{
+		Name:    fi.Name(),
+		ModTime: fi.ModTime(),
+		Mode:    int64(fm.Perm()), // or'd with c_IS* constants later
+	}
+	switch {
+	case fm.IsRegular():
+		h.Typeflag = TypeReg
+		h.Size = fi.Size()
+	case fi.IsDir():
+		h.Typeflag = TypeDir
+		h.Name += "/"
+	case fm&fs.ModeSymlink != 0:
+		h.Typeflag = TypeSymlink
+		h.Linkname = link
+	case fm&fs.ModeDevice != 0:
+		if fm&fs.ModeCharDevice != 0 {
+			h.Typeflag = TypeChar
+		} else {
+			h.Typeflag = TypeBlock
+		}
+	case fm&fs.ModeNamedPipe != 0:
+		h.Typeflag = TypeFifo
+	case fm&fs.ModeSocket != 0:
+		return nil, fmt.Errorf("archive/tar: sockets not supported")
+	default:
+		return nil, fmt.Errorf("archive/tar: unknown file mode %v", fm)
+	}
+	if fm&fs.ModeSetuid != 0 {
+		h.Mode |= c_ISUID
+	}
+	if fm&fs.ModeSetgid != 0 {
+		h.Mode |= c_ISGID
+	}
+	if fm&fs.ModeSticky != 0 {
+		h.Mode |= c_ISVTX
+	}
+	// If possible, populate additional fields from OS-specific
+	// FileInfo fields.
+	if sys, ok := fi.Sys().(*Header); ok {
+		// This FileInfo came from a Header (not the OS). Use the
+		// original Header to populate all remaining fields.
+		h.Uid = sys.Uid
+		h.Gid = sys.Gid
+		h.Uname = sys.Uname
+		h.Gname = sys.Gname
+		h.AccessTime = sys.AccessTime
+		h.ChangeTime = sys.ChangeTime
+		if sys.Xattrs != nil {
+			h.Xattrs = make(map[string]string)
+			for k, v := range sys.Xattrs {
+				h.Xattrs[k] = v
+			}
+		}
+		if sys.Typeflag == TypeLink {
+			// hard link
+			h.Typeflag = TypeLink
+			h.Size = 0
+			h.Linkname = sys.Linkname
+		}
+		if sys.PAXRecords != nil {
+			h.PAXRecords = make(map[string]string)
+			for k, v := range sys.PAXRecords {
+				h.PAXRecords[k] = v
+			}
+		}
+	}
+	if sysStat != nil {
+		return h, sysStat(fi, h)
+	}
+	return h, nil
+}
+
+// isHeaderOnlyType checks if the given type flag is of the type that has no
+// data section even if a size is specified.
+func isHeaderOnlyType(flag byte) bool {
+	switch flag {
+	case TypeLink, TypeSymlink, TypeChar, TypeBlock, TypeDir, TypeFifo:
+		return true
+	default:
+		return false
+	}
+}
+
+func min(a, b int64) int64 {
+	if a < b {
+		return a
+	}
+	return b
+}
diff --git a/vendor/archive/tar/example_test.go b/vendor/archive/tar/example_test.go
new file mode 100644
index 0000000000000..a2474b959f65c
--- /dev/null
+++ b/vendor/archive/tar/example_test.go
@@ -0,0 +1,71 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar_test
+
+import (
+	"archive/tar"
+	"bytes"
+	"fmt"
+	"io"
+	"log"
+	"os"
+)
+
+func Example_minimal() {
+	// Create and add some files to the archive.
+	var buf bytes.Buffer
+	tw := tar.NewWriter(&buf)
+	var files = []struct {
+		Name, Body string
+	}{
+		{"readme.txt", "This archive contains some text files."},
+		{"gopher.txt", "Gopher names:\nGeorge\nGeoffrey\nGonzo"},
+		{"todo.txt", "Get animal handling license."},
+	}
+	for _, file := range files {
+		hdr := &tar.Header{
+			Name: file.Name,
+			Mode: 0600,
+			Size: int64(len(file.Body)),
+		}
+		if err := tw.WriteHeader(hdr); err != nil {
+			log.Fatal(err)
+		}
+		if _, err := tw.Write([]byte(file.Body)); err != nil {
+			log.Fatal(err)
+		}
+	}
+	if err := tw.Close(); err != nil {
+		log.Fatal(err)
+	}
+
+	// Open and iterate through the files in the archive.
+	tr := tar.NewReader(&buf)
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			break // End of archive
+		}
+		if err != nil {
+			log.Fatal(err)
+		}
+		fmt.Printf("Contents of %s:\n", hdr.Name)
+		if _, err := io.Copy(os.Stdout, tr); err != nil {
+			log.Fatal(err)
+		}
+		fmt.Println()
+	}
+
+	// Output:
+	// Contents of readme.txt:
+	// This archive contains some text files.
+	// Contents of gopher.txt:
+	// Gopher names:
+	// George
+	// Geoffrey
+	// Gonzo
+	// Contents of todo.txt:
+	// Get animal handling license.
+}
diff --git a/vendor/archive/tar/format.go b/vendor/archive/tar/format.go
new file mode 100644
index 0000000000000..cfe24a5e1d339
--- /dev/null
+++ b/vendor/archive/tar/format.go
@@ -0,0 +1,303 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar
+
+import "strings"
+
+// Format represents the tar archive format.
+//
+// The original tar format was introduced in Unix V7.
+// Since then, there have been multiple competing formats attempting to
+// standardize or extend the V7 format to overcome its limitations.
+// The most common formats are the USTAR, PAX, and GNU formats,
+// each with their own advantages and limitations.
+//
+// The following table captures the capabilities of each format:
+//
+//	                  |  USTAR |       PAX |       GNU
+//	------------------+--------+-----------+----------
+//	Name              |   256B | unlimited | unlimited
+//	Linkname          |   100B | unlimited | unlimited
+//	Size              | uint33 | unlimited |    uint89
+//	Mode              | uint21 |    uint21 |    uint57
+//	Uid/Gid           | uint21 | unlimited |    uint57
+//	Uname/Gname       |    32B | unlimited |       32B
+//	ModTime           | uint33 | unlimited |     int89
+//	AccessTime        |    n/a | unlimited |     int89
+//	ChangeTime        |    n/a | unlimited |     int89
+//	Devmajor/Devminor | uint21 |    uint21 |    uint57
+//	------------------+--------+-----------+----------
+//	string encoding   |  ASCII |     UTF-8 |    binary
+//	sub-second times  |     no |       yes |        no
+//	sparse files      |     no |       yes |       yes
+//
+// The table's upper portion shows the Header fields, where each format reports
+// the maximum number of bytes allowed for each string field and
+// the integer type used to store each numeric field
+// (where timestamps are stored as the number of seconds since the Unix epoch).
+//
+// The table's lower portion shows specialized features of each format,
+// such as supported string encodings, support for sub-second timestamps,
+// or support for sparse files.
+//
+// The Writer currently provides no support for sparse files.
+type Format int
+
+// Constants to identify various tar formats.
+const (
+	// Deliberately hide the meaning of constants from public API.
+	_ Format = (1 << iota) / 4 // Sequence of 0, 0, 1, 2, 4, 8, etc...
+
+	// FormatUnknown indicates that the format is unknown.
+	FormatUnknown
+
+	// The format of the original Unix V7 tar tool prior to standardization.
+	formatV7
+
+	// FormatUSTAR represents the USTAR header format defined in POSIX.1-1988.
+	//
+	// While this format is compatible with most tar readers,
+	// the format has several limitations making it unsuitable for some usages.
+	// Most notably, it cannot support sparse files, files larger than 8GiB,
+	// filenames larger than 256 characters, and non-ASCII filenames.
+	//
+	// Reference:
+	//	http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_06
+	FormatUSTAR
+
+	// FormatPAX represents the PAX header format defined in POSIX.1-2001.
+	//
+	// PAX extends USTAR by writing a special file with Typeflag TypeXHeader
+	// preceding the original header. This file contains a set of key-value
+	// records, which are used to overcome USTAR's shortcomings, in addition to
+	// providing the ability to have sub-second resolution for timestamps.
+	//
+	// Some newer formats add their own extensions to PAX by defining their
+	// own keys and assigning certain semantic meaning to the associated values.
+	// For example, sparse file support in PAX is implemented using keys
+	// defined by the GNU manual (e.g., "GNU.sparse.map").
+	//
+	// Reference:
+	//	http://pubs.opengroup.org/onlinepubs/009695399/utilities/pax.html
+	FormatPAX
+
+	// FormatGNU represents the GNU header format.
+	//
+	// The GNU header format is older than the USTAR and PAX standards and
+	// is not compatible with them. The GNU format supports
+	// arbitrary file sizes, filenames of arbitrary encoding and length,
+	// sparse files, and other features.
+	//
+	// It is recommended that PAX be chosen over GNU unless the target
+	// application can only parse GNU formatted archives.
+	//
+	// Reference:
+	//	https://www.gnu.org/software/tar/manual/html_node/Standard.html
+	FormatGNU
+
+	// Schily's tar format, which is incompatible with USTAR.
+	// This does not cover STAR extensions to the PAX format; these fall under
+	// the PAX format.
+	formatSTAR
+
+	formatMax
+)
+
+func (f Format) has(f2 Format) bool   { return f&f2 != 0 }
+func (f *Format) mayBe(f2 Format)     { *f |= f2 }
+func (f *Format) mayOnlyBe(f2 Format) { *f &= f2 }
+func (f *Format) mustNotBe(f2 Format) { *f &^= f2 }
+
+var formatNames = map[Format]string{
+	formatV7: "V7", FormatUSTAR: "USTAR", FormatPAX: "PAX", FormatGNU: "GNU", formatSTAR: "STAR",
+}
+
+func (f Format) String() string {
+	var ss []string
+	for f2 := Format(1); f2 < formatMax; f2 <<= 1 {
+		if f.has(f2) {
+			ss = append(ss, formatNames[f2])
+		}
+	}
+	switch len(ss) {
+	case 0:
+		return "<unknown>"
+	case 1:
+		return ss[0]
+	default:
+		return "(" + strings.Join(ss, " | ") + ")"
+	}
+}
+
+// Magics used to identify various formats.
+const (
+	magicGNU, versionGNU     = "ustar ", " \x00"
+	magicUSTAR, versionUSTAR = "ustar\x00", "00"
+	trailerSTAR              = "tar\x00"
+)
+
+// Size constants from various tar specifications.
+const (
+	blockSize  = 512 // Size of each block in a tar stream
+	nameSize   = 100 // Max length of the name field in USTAR format
+	prefixSize = 155 // Max length of the prefix field in USTAR format
+)
+
+// blockPadding computes the number of bytes needed to pad offset up to the
+// nearest block edge where 0 <= n < blockSize.
+func blockPadding(offset int64) (n int64) {
+	return -offset & (blockSize - 1)
+}
+
+var zeroBlock block
+
+type block [blockSize]byte
+
+// Convert block to any number of formats.
+func (b *block) V7() *headerV7       { return (*headerV7)(b) }
+func (b *block) GNU() *headerGNU     { return (*headerGNU)(b) }
+func (b *block) STAR() *headerSTAR   { return (*headerSTAR)(b) }
+func (b *block) USTAR() *headerUSTAR { return (*headerUSTAR)(b) }
+func (b *block) Sparse() sparseArray { return sparseArray(b[:]) }
+
+// GetFormat checks that the block is a valid tar header based on the checksum.
+// It then attempts to guess the specific format based on magic values.
+// If the checksum fails, then FormatUnknown is returned.
+func (b *block) GetFormat() Format {
+	// Verify checksum.
+	var p parser
+	value := p.parseOctal(b.V7().Chksum())
+	chksum1, chksum2 := b.ComputeChecksum()
+	if p.err != nil || (value != chksum1 && value != chksum2) {
+		return FormatUnknown
+	}
+
+	// Guess the magic values.
+	magic := string(b.USTAR().Magic())
+	version := string(b.USTAR().Version())
+	trailer := string(b.STAR().Trailer())
+	switch {
+	case magic == magicUSTAR && trailer == trailerSTAR:
+		return formatSTAR
+	case magic == magicUSTAR:
+		return FormatUSTAR | FormatPAX
+	case magic == magicGNU && version == versionGNU:
+		return FormatGNU
+	default:
+		return formatV7
+	}
+}
+
+// SetFormat writes the magic values necessary for specified format
+// and then updates the checksum accordingly.
+func (b *block) SetFormat(format Format) {
+	// Set the magic values.
+	switch {
+	case format.has(formatV7):
+		// Do nothing.
+	case format.has(FormatGNU):
+		copy(b.GNU().Magic(), magicGNU)
+		copy(b.GNU().Version(), versionGNU)
+	case format.has(formatSTAR):
+		copy(b.STAR().Magic(), magicUSTAR)
+		copy(b.STAR().Version(), versionUSTAR)
+		copy(b.STAR().Trailer(), trailerSTAR)
+	case format.has(FormatUSTAR | FormatPAX):
+		copy(b.USTAR().Magic(), magicUSTAR)
+		copy(b.USTAR().Version(), versionUSTAR)
+	default:
+		panic("invalid format")
+	}
+
+	// Update checksum.
+	// This field is special in that it is terminated by a NULL then space.
+	var f formatter
+	field := b.V7().Chksum()
+	chksum, _ := b.ComputeChecksum() // Possible values are 256..128776
+	f.formatOctal(field[:7], chksum) // Never fails since 128776 < 262143
+	field[7] = ' '
+}
+
+// ComputeChecksum computes the checksum for the header block.
+// POSIX specifies a sum of the unsigned byte values, but the Sun tar used
+// signed byte values.
+// We compute and return both.
+func (b *block) ComputeChecksum() (unsigned, signed int64) {
+	for i, c := range b {
+		if 148 <= i && i < 156 {
+			c = ' ' // Treat the checksum field itself as all spaces.
+		}
+		unsigned += int64(c)
+		signed += int64(int8(c))
+	}
+	return unsigned, signed
+}
+
+// Reset clears the block with all zeros.
+func (b *block) Reset() {
+	*b = block{}
+}
+
+type headerV7 [blockSize]byte
+
+func (h *headerV7) Name() []byte     { return h[000:][:100] }
+func (h *headerV7) Mode() []byte     { return h[100:][:8] }
+func (h *headerV7) UID() []byte      { return h[108:][:8] }
+func (h *headerV7) GID() []byte      { return h[116:][:8] }
+func (h *headerV7) Size() []byte     { return h[124:][:12] }
+func (h *headerV7) ModTime() []byte  { return h[136:][:12] }
+func (h *headerV7) Chksum() []byte   { return h[148:][:8] }
+func (h *headerV7) TypeFlag() []byte { return h[156:][:1] }
+func (h *headerV7) LinkName() []byte { return h[157:][:100] }
+
+type headerGNU [blockSize]byte
+
+func (h *headerGNU) V7() *headerV7       { return (*headerV7)(h) }
+func (h *headerGNU) Magic() []byte       { return h[257:][:6] }
+func (h *headerGNU) Version() []byte     { return h[263:][:2] }
+func (h *headerGNU) UserName() []byte    { return h[265:][:32] }
+func (h *headerGNU) GroupName() []byte   { return h[297:][:32] }
+func (h *headerGNU) DevMajor() []byte    { return h[329:][:8] }
+func (h *headerGNU) DevMinor() []byte    { return h[337:][:8] }
+func (h *headerGNU) AccessTime() []byte  { return h[345:][:12] }
+func (h *headerGNU) ChangeTime() []byte  { return h[357:][:12] }
+func (h *headerGNU) Sparse() sparseArray { return sparseArray(h[386:][:24*4+1]) }
+func (h *headerGNU) RealSize() []byte    { return h[483:][:12] }
+
+type headerSTAR [blockSize]byte
+
+func (h *headerSTAR) V7() *headerV7      { return (*headerV7)(h) }
+func (h *headerSTAR) Magic() []byte      { return h[257:][:6] }
+func (h *headerSTAR) Version() []byte    { return h[263:][:2] }
+func (h *headerSTAR) UserName() []byte   { return h[265:][:32] }
+func (h *headerSTAR) GroupName() []byte  { return h[297:][:32] }
+func (h *headerSTAR) DevMajor() []byte   { return h[329:][:8] }
+func (h *headerSTAR) DevMinor() []byte   { return h[337:][:8] }
+func (h *headerSTAR) Prefix() []byte     { return h[345:][:131] }
+func (h *headerSTAR) AccessTime() []byte { return h[476:][:12] }
+func (h *headerSTAR) ChangeTime() []byte { return h[488:][:12] }
+func (h *headerSTAR) Trailer() []byte    { return h[508:][:4] }
+
+type headerUSTAR [blockSize]byte
+
+func (h *headerUSTAR) V7() *headerV7     { return (*headerV7)(h) }
+func (h *headerUSTAR) Magic() []byte     { return h[257:][:6] }
+func (h *headerUSTAR) Version() []byte   { return h[263:][:2] }
+func (h *headerUSTAR) UserName() []byte  { return h[265:][:32] }
+func (h *headerUSTAR) GroupName() []byte { return h[297:][:32] }
+func (h *headerUSTAR) DevMajor() []byte  { return h[329:][:8] }
+func (h *headerUSTAR) DevMinor() []byte  { return h[337:][:8] }
+func (h *headerUSTAR) Prefix() []byte    { return h[345:][:155] }
+
+type sparseArray []byte
+
+func (s sparseArray) Entry(i int) sparseElem { return sparseElem(s[i*24:]) }
+func (s sparseArray) IsExtended() []byte     { return s[24*s.MaxEntries():][:1] }
+func (s sparseArray) MaxEntries() int        { return len(s) / 24 }
+
+type sparseElem []byte
+
+func (s sparseElem) Offset() []byte { return s[00:][:12] }
+func (s sparseElem) Length() []byte { return s[12:][:12] }
diff --git a/vendor/archive/tar/reader.go b/vendor/archive/tar/reader.go
new file mode 100644
index 0000000000000..1b1d5b46891b6
--- /dev/null
+++ b/vendor/archive/tar/reader.go
@@ -0,0 +1,857 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar
+
+import (
+	"bytes"
+	"io"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// Reader provides sequential access to the contents of a tar archive.
+// Reader.Next advances to the next file in the archive (including the first),
+// and then Reader can be treated as an io.Reader to access the file's data.
+type Reader struct {
+	r    io.Reader
+	pad  int64      // Amount of padding (ignored) after current file entry
+	curr fileReader // Reader for current file entry
+	blk  block      // Buffer to use as temporary local storage
+
+	// err is a persistent error.
+	// It is only the responsibility of every exported method of Reader to
+	// ensure that this error is sticky.
+	err error
+}
+
+type fileReader interface {
+	io.Reader
+	fileState
+
+	WriteTo(io.Writer) (int64, error)
+}
+
+// NewReader creates a new Reader reading from r.
+func NewReader(r io.Reader) *Reader {
+	return &Reader{r: r, curr: &regFileReader{r, 0}}
+}
+
+// Next advances to the next entry in the tar archive.
+// The Header.Size determines how many bytes can be read for the next file.
+// Any remaining data in the current file is automatically discarded.
+//
+// io.EOF is returned at the end of the input.
+func (tr *Reader) Next() (*Header, error) {
+	if tr.err != nil {
+		return nil, tr.err
+	}
+	hdr, err := tr.next()
+	tr.err = err
+	return hdr, err
+}
+
+func (tr *Reader) next() (*Header, error) {
+	var paxHdrs map[string]string
+	var gnuLongName, gnuLongLink string
+
+	// Externally, Next iterates through the tar archive as if it is a series of
+	// files. Internally, the tar format often uses fake "files" to add meta
+	// data that describes the next file. These meta data "files" should not
+	// normally be visible to the outside. As such, this loop iterates through
+	// one or more "header files" until it finds a "normal file".
+	format := FormatUSTAR | FormatPAX | FormatGNU
+	for {
+		// Discard the remainder of the file and any padding.
+		if err := discard(tr.r, tr.curr.PhysicalRemaining()); err != nil {
+			return nil, err
+		}
+		if _, err := tryReadFull(tr.r, tr.blk[:tr.pad]); err != nil {
+			return nil, err
+		}
+		tr.pad = 0
+
+		hdr, rawHdr, err := tr.readHeader()
+		if err != nil {
+			return nil, err
+		}
+		if err := tr.handleRegularFile(hdr); err != nil {
+			return nil, err
+		}
+		format.mayOnlyBe(hdr.Format)
+
+		// Check for PAX/GNU special headers and files.
+		switch hdr.Typeflag {
+		case TypeXHeader, TypeXGlobalHeader:
+			format.mayOnlyBe(FormatPAX)
+			paxHdrs, err = parsePAX(tr)
+			if err != nil {
+				return nil, err
+			}
+			if hdr.Typeflag == TypeXGlobalHeader {
+				mergePAX(hdr, paxHdrs)
+				return &Header{
+					Name:       hdr.Name,
+					Typeflag:   hdr.Typeflag,
+					Xattrs:     hdr.Xattrs,
+					PAXRecords: hdr.PAXRecords,
+					Format:     format,
+				}, nil
+			}
+			continue // This is a meta header affecting the next header
+		case TypeGNULongName, TypeGNULongLink:
+			format.mayOnlyBe(FormatGNU)
+			realname, err := io.ReadAll(tr)
+			if err != nil {
+				return nil, err
+			}
+
+			var p parser
+			switch hdr.Typeflag {
+			case TypeGNULongName:
+				gnuLongName = p.parseString(realname)
+			case TypeGNULongLink:
+				gnuLongLink = p.parseString(realname)
+			}
+			continue // This is a meta header affecting the next header
+		default:
+			// The old GNU sparse format is handled here since it is technically
+			// just a regular file with additional attributes.
+
+			if err := mergePAX(hdr, paxHdrs); err != nil {
+				return nil, err
+			}
+			if gnuLongName != "" {
+				hdr.Name = gnuLongName
+			}
+			if gnuLongLink != "" {
+				hdr.Linkname = gnuLongLink
+			}
+			if hdr.Typeflag == TypeRegA {
+				if strings.HasSuffix(hdr.Name, "/") {
+					hdr.Typeflag = TypeDir // Legacy archives use trailing slash for directories
+				} else {
+					hdr.Typeflag = TypeReg
+				}
+			}
+
+			// The extended headers may have updated the size.
+			// Thus, setup the regFileReader again after merging PAX headers.
+			if err := tr.handleRegularFile(hdr); err != nil {
+				return nil, err
+			}
+
+			// Sparse formats rely on being able to read from the logical data
+			// section; there must be a preceding call to handleRegularFile.
+			if err := tr.handleSparseFile(hdr, rawHdr); err != nil {
+				return nil, err
+			}
+
+			// Set the final guess at the format.
+			if format.has(FormatUSTAR) && format.has(FormatPAX) {
+				format.mayOnlyBe(FormatUSTAR)
+			}
+			hdr.Format = format
+			return hdr, nil // This is a file, so stop
+		}
+	}
+}
+
+// handleRegularFile sets up the current file reader and padding such that it
+// can only read the following logical data section. It will properly handle
+// special headers that contain no data section.
+func (tr *Reader) handleRegularFile(hdr *Header) error {
+	nb := hdr.Size
+	if isHeaderOnlyType(hdr.Typeflag) {
+		nb = 0
+	}
+	if nb < 0 {
+		return ErrHeader
+	}
+
+	tr.pad = blockPadding(nb)
+	tr.curr = &regFileReader{r: tr.r, nb: nb}
+	return nil
+}
+
+// handleSparseFile checks if the current file is a sparse format of any type
+// and sets the curr reader appropriately.
+func (tr *Reader) handleSparseFile(hdr *Header, rawHdr *block) error {
+	var spd sparseDatas
+	var err error
+	if hdr.Typeflag == TypeGNUSparse {
+		spd, err = tr.readOldGNUSparseMap(hdr, rawHdr)
+	} else {
+		spd, err = tr.readGNUSparsePAXHeaders(hdr)
+	}
+
+	// If sp is non-nil, then this is a sparse file.
+	// Note that it is possible for len(sp) == 0.
+	if err == nil && spd != nil {
+		if isHeaderOnlyType(hdr.Typeflag) || !validateSparseEntries(spd, hdr.Size) {
+			return ErrHeader
+		}
+		sph := invertSparseEntries(spd, hdr.Size)
+		tr.curr = &sparseFileReader{tr.curr, sph, 0}
+	}
+	return err
+}
+
+// readGNUSparsePAXHeaders checks the PAX headers for GNU sparse headers.
+// If they are found, then this function reads the sparse map and returns it.
+// This assumes that 0.0 headers have already been converted to 0.1 headers
+// by the PAX header parsing logic.
+func (tr *Reader) readGNUSparsePAXHeaders(hdr *Header) (sparseDatas, error) {
+	// Identify the version of GNU headers.
+	var is1x0 bool
+	major, minor := hdr.PAXRecords[paxGNUSparseMajor], hdr.PAXRecords[paxGNUSparseMinor]
+	switch {
+	case major == "0" && (minor == "0" || minor == "1"):
+		is1x0 = false
+	case major == "1" && minor == "0":
+		is1x0 = true
+	case major != "" || minor != "":
+		return nil, nil // Unknown GNU sparse PAX version
+	case hdr.PAXRecords[paxGNUSparseMap] != "":
+		is1x0 = false // 0.0 and 0.1 did not have explicit version records, so guess
+	default:
+		return nil, nil // Not a PAX format GNU sparse file.
+	}
+	hdr.Format.mayOnlyBe(FormatPAX)
+
+	// Update hdr from GNU sparse PAX headers.
+	if name := hdr.PAXRecords[paxGNUSparseName]; name != "" {
+		hdr.Name = name
+	}
+	size := hdr.PAXRecords[paxGNUSparseSize]
+	if size == "" {
+		size = hdr.PAXRecords[paxGNUSparseRealSize]
+	}
+	if size != "" {
+		n, err := strconv.ParseInt(size, 10, 64)
+		if err != nil {
+			return nil, ErrHeader
+		}
+		hdr.Size = n
+	}
+
+	// Read the sparse map according to the appropriate format.
+	if is1x0 {
+		return readGNUSparseMap1x0(tr.curr)
+	}
+	return readGNUSparseMap0x1(hdr.PAXRecords)
+}
+
+// mergePAX merges paxHdrs into hdr for all relevant fields of Header.
+func mergePAX(hdr *Header, paxHdrs map[string]string) (err error) {
+	for k, v := range paxHdrs {
+		if v == "" {
+			continue // Keep the original USTAR value
+		}
+		var id64 int64
+		switch k {
+		case paxPath:
+			hdr.Name = v
+		case paxLinkpath:
+			hdr.Linkname = v
+		case paxUname:
+			hdr.Uname = v
+		case paxGname:
+			hdr.Gname = v
+		case paxUid:
+			id64, err = strconv.ParseInt(v, 10, 64)
+			hdr.Uid = int(id64) // Integer overflow possible
+		case paxGid:
+			id64, err = strconv.ParseInt(v, 10, 64)
+			hdr.Gid = int(id64) // Integer overflow possible
+		case paxAtime:
+			hdr.AccessTime, err = parsePAXTime(v)
+		case paxMtime:
+			hdr.ModTime, err = parsePAXTime(v)
+		case paxCtime:
+			hdr.ChangeTime, err = parsePAXTime(v)
+		case paxSize:
+			hdr.Size, err = strconv.ParseInt(v, 10, 64)
+		default:
+			if strings.HasPrefix(k, paxSchilyXattr) {
+				if hdr.Xattrs == nil {
+					hdr.Xattrs = make(map[string]string)
+				}
+				hdr.Xattrs[k[len(paxSchilyXattr):]] = v
+			}
+		}
+		if err != nil {
+			return ErrHeader
+		}
+	}
+	hdr.PAXRecords = paxHdrs
+	return nil
+}
+
+// parsePAX parses PAX headers.
+// If an extended header (type 'x') is invalid, ErrHeader is returned
+func parsePAX(r io.Reader) (map[string]string, error) {
+	buf, err := io.ReadAll(r)
+	if err != nil {
+		return nil, err
+	}
+	sbuf := string(buf)
+
+	// For GNU PAX sparse format 0.0 support.
+	// This function transforms the sparse format 0.0 headers into format 0.1
+	// headers since 0.0 headers were not PAX compliant.
+	var sparseMap []string
+
+	paxHdrs := make(map[string]string)
+	for len(sbuf) > 0 {
+		key, value, residual, err := parsePAXRecord(sbuf)
+		if err != nil {
+			return nil, ErrHeader
+		}
+		sbuf = residual
+
+		switch key {
+		case paxGNUSparseOffset, paxGNUSparseNumBytes:
+			// Validate sparse header order and value.
+			if (len(sparseMap)%2 == 0 && key != paxGNUSparseOffset) ||
+				(len(sparseMap)%2 == 1 && key != paxGNUSparseNumBytes) ||
+				strings.Contains(value, ",") {
+				return nil, ErrHeader
+			}
+			sparseMap = append(sparseMap, value)
+		default:
+			paxHdrs[key] = value
+		}
+	}
+	if len(sparseMap) > 0 {
+		paxHdrs[paxGNUSparseMap] = strings.Join(sparseMap, ",")
+	}
+	return paxHdrs, nil
+}
+
+// readHeader reads the next block header and assumes that the underlying reader
+// is already aligned to a block boundary. It returns the raw block of the
+// header in case further processing is required.
+//
+// The err will be set to io.EOF only when one of the following occurs:
+//	* Exactly 0 bytes are read and EOF is hit.
+//	* Exactly 1 block of zeros is read and EOF is hit.
+//	* At least 2 blocks of zeros are read.
+func (tr *Reader) readHeader() (*Header, *block, error) {
+	// Two blocks of zero bytes marks the end of the archive.
+	if _, err := io.ReadFull(tr.r, tr.blk[:]); err != nil {
+		return nil, nil, err // EOF is okay here; exactly 0 bytes read
+	}
+	if bytes.Equal(tr.blk[:], zeroBlock[:]) {
+		if _, err := io.ReadFull(tr.r, tr.blk[:]); err != nil {
+			return nil, nil, err // EOF is okay here; exactly 1 block of zeros read
+		}
+		if bytes.Equal(tr.blk[:], zeroBlock[:]) {
+			return nil, nil, io.EOF // normal EOF; exactly 2 block of zeros read
+		}
+		return nil, nil, ErrHeader // Zero block and then non-zero block
+	}
+
+	// Verify the header matches a known format.
+	format := tr.blk.GetFormat()
+	if format == FormatUnknown {
+		return nil, nil, ErrHeader
+	}
+
+	var p parser
+	hdr := new(Header)
+
+	// Unpack the V7 header.
+	v7 := tr.blk.V7()
+	hdr.Typeflag = v7.TypeFlag()[0]
+	hdr.Name = p.parseString(v7.Name())
+	hdr.Linkname = p.parseString(v7.LinkName())
+	hdr.Size = p.parseNumeric(v7.Size())
+	hdr.Mode = p.parseNumeric(v7.Mode())
+	hdr.Uid = int(p.parseNumeric(v7.UID()))
+	hdr.Gid = int(p.parseNumeric(v7.GID()))
+	hdr.ModTime = time.Unix(p.parseNumeric(v7.ModTime()), 0)
+
+	// Unpack format specific fields.
+	if format > formatV7 {
+		ustar := tr.blk.USTAR()
+		hdr.Uname = p.parseString(ustar.UserName())
+		hdr.Gname = p.parseString(ustar.GroupName())
+		hdr.Devmajor = p.parseNumeric(ustar.DevMajor())
+		hdr.Devminor = p.parseNumeric(ustar.DevMinor())
+
+		var prefix string
+		switch {
+		case format.has(FormatUSTAR | FormatPAX):
+			hdr.Format = format
+			ustar := tr.blk.USTAR()
+			prefix = p.parseString(ustar.Prefix())
+
+			// For Format detection, check if block is properly formatted since
+			// the parser is more liberal than what USTAR actually permits.
+			notASCII := func(r rune) bool { return r >= 0x80 }
+			if bytes.IndexFunc(tr.blk[:], notASCII) >= 0 {
+				hdr.Format = FormatUnknown // Non-ASCII characters in block.
+			}
+			nul := func(b []byte) bool { return int(b[len(b)-1]) == 0 }
+			if !(nul(v7.Size()) && nul(v7.Mode()) && nul(v7.UID()) && nul(v7.GID()) &&
+				nul(v7.ModTime()) && nul(ustar.DevMajor()) && nul(ustar.DevMinor())) {
+				hdr.Format = FormatUnknown // Numeric fields must end in NUL
+			}
+		case format.has(formatSTAR):
+			star := tr.blk.STAR()
+			prefix = p.parseString(star.Prefix())
+			hdr.AccessTime = time.Unix(p.parseNumeric(star.AccessTime()), 0)
+			hdr.ChangeTime = time.Unix(p.parseNumeric(star.ChangeTime()), 0)
+		case format.has(FormatGNU):
+			hdr.Format = format
+			var p2 parser
+			gnu := tr.blk.GNU()
+			if b := gnu.AccessTime(); b[0] != 0 {
+				hdr.AccessTime = time.Unix(p2.parseNumeric(b), 0)
+			}
+			if b := gnu.ChangeTime(); b[0] != 0 {
+				hdr.ChangeTime = time.Unix(p2.parseNumeric(b), 0)
+			}
+
+			// Prior to Go1.8, the Writer had a bug where it would output
+			// an invalid tar file in certain rare situations because the logic
+			// incorrectly believed that the old GNU format had a prefix field.
+			// This is wrong and leads to an output file that mangles the
+			// atime and ctime fields, which are often left unused.
+			//
+			// In order to continue reading tar files created by former, buggy
+			// versions of Go, we skeptically parse the atime and ctime fields.
+			// If we are unable to parse them and the prefix field looks like
+			// an ASCII string, then we fallback on the pre-Go1.8 behavior
+			// of treating these fields as the USTAR prefix field.
+			//
+			// Note that this will not use the fallback logic for all possible
+			// files generated by a pre-Go1.8 toolchain. If the generated file
+			// happened to have a prefix field that parses as valid
+			// atime and ctime fields (e.g., when they are valid octal strings),
+			// then it is impossible to distinguish between a valid GNU file
+			// and an invalid pre-Go1.8 file.
+			//
+			// See https://golang.org/issues/12594
+			// See https://golang.org/issues/21005
+			if p2.err != nil {
+				hdr.AccessTime, hdr.ChangeTime = time.Time{}, time.Time{}
+				ustar := tr.blk.USTAR()
+				if s := p.parseString(ustar.Prefix()); isASCII(s) {
+					prefix = s
+				}
+				hdr.Format = FormatUnknown // Buggy file is not GNU
+			}
+		}
+		if len(prefix) > 0 {
+			hdr.Name = prefix + "/" + hdr.Name
+		}
+	}
+	return hdr, &tr.blk, p.err
+}
+
+// readOldGNUSparseMap reads the sparse map from the old GNU sparse format.
+// The sparse map is stored in the tar header if it's small enough.
+// If it's larger than four entries, then one or more extension headers are used
+// to store the rest of the sparse map.
+//
+// The Header.Size does not reflect the size of any extended headers used.
+// Thus, this function will read from the raw io.Reader to fetch extra headers.
+// This method mutates blk in the process.
+func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) (sparseDatas, error) {
+	// Make sure that the input format is GNU.
+	// Unfortunately, the STAR format also has a sparse header format that uses
+	// the same type flag but has a completely different layout.
+	if blk.GetFormat() != FormatGNU {
+		return nil, ErrHeader
+	}
+	hdr.Format.mayOnlyBe(FormatGNU)
+
+	var p parser
+	hdr.Size = p.parseNumeric(blk.GNU().RealSize())
+	if p.err != nil {
+		return nil, p.err
+	}
+	s := blk.GNU().Sparse()
+	spd := make(sparseDatas, 0, s.MaxEntries())
+	for {
+		for i := 0; i < s.MaxEntries(); i++ {
+			// This termination condition is identical to GNU and BSD tar.
+			if s.Entry(i).Offset()[0] == 0x00 {
+				break // Don't return, need to process extended headers (even if empty)
+			}
+			offset := p.parseNumeric(s.Entry(i).Offset())
+			length := p.parseNumeric(s.Entry(i).Length())
+			if p.err != nil {
+				return nil, p.err
+			}
+			spd = append(spd, sparseEntry{Offset: offset, Length: length})
+		}
+
+		if s.IsExtended()[0] > 0 {
+			// There are more entries. Read an extension header and parse its entries.
+			if _, err := mustReadFull(tr.r, blk[:]); err != nil {
+				return nil, err
+			}
+			s = blk.Sparse()
+			continue
+		}
+		return spd, nil // Done
+	}
+}
+
+// readGNUSparseMap1x0 reads the sparse map as stored in GNU's PAX sparse format
+// version 1.0. The format of the sparse map consists of a series of
+// newline-terminated numeric fields. The first field is the number of entries
+// and is always present. Following this are the entries, consisting of two
+// fields (offset, length). This function must stop reading at the end
+// boundary of the block containing the last newline.
+//
+// Note that the GNU manual says that numeric values should be encoded in octal
+// format. However, the GNU tar utility itself outputs these values in decimal.
+// As such, this library treats values as being encoded in decimal.
+func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) {
+	var (
+		cntNewline int64
+		buf        bytes.Buffer
+		blk        block
+	)
+
+	// feedTokens copies data in blocks from r into buf until there are
+	// at least cnt newlines in buf. It will not read more blocks than needed.
+	feedTokens := func(n int64) error {
+		for cntNewline < n {
+			if _, err := mustReadFull(r, blk[:]); err != nil {
+				return err
+			}
+			buf.Write(blk[:])
+			for _, c := range blk {
+				if c == '\n' {
+					cntNewline++
+				}
+			}
+		}
+		return nil
+	}
+
+	// nextToken gets the next token delimited by a newline. This assumes that
+	// at least one newline exists in the buffer.
+	nextToken := func() string {
+		cntNewline--
+		tok, _ := buf.ReadString('\n')
+		return strings.TrimRight(tok, "\n")
+	}
+
+	// Parse for the number of entries.
+	// Use integer overflow resistant math to check this.
+	if err := feedTokens(1); err != nil {
+		return nil, err
+	}
+	numEntries, err := strconv.ParseInt(nextToken(), 10, 0) // Intentionally parse as native int
+	if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) {
+		return nil, ErrHeader
+	}
+
+	// Parse for all member entries.
+	// numEntries is trusted after this since a potential attacker must have
+	// committed resources proportional to what this library used.
+	if err := feedTokens(2 * numEntries); err != nil {
+		return nil, err
+	}
+	spd := make(sparseDatas, 0, numEntries)
+	for i := int64(0); i < numEntries; i++ {
+		offset, err1 := strconv.ParseInt(nextToken(), 10, 64)
+		length, err2 := strconv.ParseInt(nextToken(), 10, 64)
+		if err1 != nil || err2 != nil {
+			return nil, ErrHeader
+		}
+		spd = append(spd, sparseEntry{Offset: offset, Length: length})
+	}
+	return spd, nil
+}
+
+// readGNUSparseMap0x1 reads the sparse map as stored in GNU's PAX sparse format
+// version 0.1. The sparse map is stored in the PAX headers.
+func readGNUSparseMap0x1(paxHdrs map[string]string) (sparseDatas, error) {
+	// Get number of entries.
+	// Use integer overflow resistant math to check this.
+	numEntriesStr := paxHdrs[paxGNUSparseNumBlocks]
+	numEntries, err := strconv.ParseInt(numEntriesStr, 10, 0) // Intentionally parse as native int
+	if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) {
+		return nil, ErrHeader
+	}
+
+	// There should be two numbers in sparseMap for each entry.
+	sparseMap := strings.Split(paxHdrs[paxGNUSparseMap], ",")
+	if len(sparseMap) == 1 && sparseMap[0] == "" {
+		sparseMap = sparseMap[:0]
+	}
+	if int64(len(sparseMap)) != 2*numEntries {
+		return nil, ErrHeader
+	}
+
+	// Loop through the entries in the sparse map.
+	// numEntries is trusted now.
+	spd := make(sparseDatas, 0, numEntries)
+	for len(sparseMap) >= 2 {
+		offset, err1 := strconv.ParseInt(sparseMap[0], 10, 64)
+		length, err2 := strconv.ParseInt(sparseMap[1], 10, 64)
+		if err1 != nil || err2 != nil {
+			return nil, ErrHeader
+		}
+		spd = append(spd, sparseEntry{Offset: offset, Length: length})
+		sparseMap = sparseMap[2:]
+	}
+	return spd, nil
+}
+
+// Read reads from the current file in the tar archive.
+// It returns (0, io.EOF) when it reaches the end of that file,
+// until Next is called to advance to the next file.
+//
+// If the current file is sparse, then the regions marked as a hole
+// are read back as NUL-bytes.
+//
+// Calling Read on special types like TypeLink, TypeSymlink, TypeChar,
+// TypeBlock, TypeDir, and TypeFifo returns (0, io.EOF) regardless of what
+// the Header.Size claims.
+func (tr *Reader) Read(b []byte) (int, error) {
+	if tr.err != nil {
+		return 0, tr.err
+	}
+	n, err := tr.curr.Read(b)
+	if err != nil && err != io.EOF {
+		tr.err = err
+	}
+	return n, err
+}
+
+// writeTo writes the content of the current file to w.
+// The bytes written matches the number of remaining bytes in the current file.
+//
+// If the current file is sparse and w is an io.WriteSeeker,
+// then writeTo uses Seek to skip past holes defined in Header.SparseHoles,
+// assuming that skipped regions are filled with NULs.
+// This always writes the last byte to ensure w is the right size.
+//
+// TODO(dsnet): Re-export this when adding sparse file support.
+// See https://golang.org/issue/22735
+func (tr *Reader) writeTo(w io.Writer) (int64, error) {
+	if tr.err != nil {
+		return 0, tr.err
+	}
+	n, err := tr.curr.WriteTo(w)
+	if err != nil {
+		tr.err = err
+	}
+	return n, err
+}
+
+// regFileReader is a fileReader for reading data from a regular file entry.
+type regFileReader struct {
+	r  io.Reader // Underlying Reader
+	nb int64     // Number of remaining bytes to read
+}
+
+func (fr *regFileReader) Read(b []byte) (n int, err error) {
+	if int64(len(b)) > fr.nb {
+		b = b[:fr.nb]
+	}
+	if len(b) > 0 {
+		n, err = fr.r.Read(b)
+		fr.nb -= int64(n)
+	}
+	switch {
+	case err == io.EOF && fr.nb > 0:
+		return n, io.ErrUnexpectedEOF
+	case err == nil && fr.nb == 0:
+		return n, io.EOF
+	default:
+		return n, err
+	}
+}
+
+func (fr *regFileReader) WriteTo(w io.Writer) (int64, error) {
+	return io.Copy(w, struct{ io.Reader }{fr})
+}
+
+func (fr regFileReader) LogicalRemaining() int64 {
+	return fr.nb
+}
+
+func (fr regFileReader) PhysicalRemaining() int64 {
+	return fr.nb
+}
+
+// sparseFileReader is a fileReader for reading data from a sparse file entry.
+type sparseFileReader struct {
+	fr  fileReader  // Underlying fileReader
+	sp  sparseHoles // Normalized list of sparse holes
+	pos int64       // Current position in sparse file
+}
+
+func (sr *sparseFileReader) Read(b []byte) (n int, err error) {
+	finished := int64(len(b)) >= sr.LogicalRemaining()
+	if finished {
+		b = b[:sr.LogicalRemaining()]
+	}
+
+	b0 := b
+	endPos := sr.pos + int64(len(b))
+	for endPos > sr.pos && err == nil {
+		var nf int // Bytes read in fragment
+		holeStart, holeEnd := sr.sp[0].Offset, sr.sp[0].endOffset()
+		if sr.pos < holeStart { // In a data fragment
+			bf := b[:min(int64(len(b)), holeStart-sr.pos)]
+			nf, err = tryReadFull(sr.fr, bf)
+		} else { // In a hole fragment
+			bf := b[:min(int64(len(b)), holeEnd-sr.pos)]
+			nf, err = tryReadFull(zeroReader{}, bf)
+		}
+		b = b[nf:]
+		sr.pos += int64(nf)
+		if sr.pos >= holeEnd && len(sr.sp) > 1 {
+			sr.sp = sr.sp[1:] // Ensure last fragment always remains
+		}
+	}
+
+	n = len(b0) - len(b)
+	switch {
+	case err == io.EOF:
+		return n, errMissData // Less data in dense file than sparse file
+	case err != nil:
+		return n, err
+	case sr.LogicalRemaining() == 0 && sr.PhysicalRemaining() > 0:
+		return n, errUnrefData // More data in dense file than sparse file
+	case finished:
+		return n, io.EOF
+	default:
+		return n, nil
+	}
+}
+
+func (sr *sparseFileReader) WriteTo(w io.Writer) (n int64, err error) {
+	ws, ok := w.(io.WriteSeeker)
+	if ok {
+		if _, err := ws.Seek(0, io.SeekCurrent); err != nil {
+			ok = false // Not all io.Seeker can really seek
+		}
+	}
+	if !ok {
+		return io.Copy(w, struct{ io.Reader }{sr})
+	}
+
+	var writeLastByte bool
+	pos0 := sr.pos
+	for sr.LogicalRemaining() > 0 && !writeLastByte && err == nil {
+		var nf int64 // Size of fragment
+		holeStart, holeEnd := sr.sp[0].Offset, sr.sp[0].endOffset()
+		if sr.pos < holeStart { // In a data fragment
+			nf = holeStart - sr.pos
+			nf, err = io.CopyN(ws, sr.fr, nf)
+		} else { // In a hole fragment
+			nf = holeEnd - sr.pos
+			if sr.PhysicalRemaining() == 0 {
+				writeLastByte = true
+				nf--
+			}
+			_, err = ws.Seek(nf, io.SeekCurrent)
+		}
+		sr.pos += nf
+		if sr.pos >= holeEnd && len(sr.sp) > 1 {
+			sr.sp = sr.sp[1:] // Ensure last fragment always remains
+		}
+	}
+
+	// If the last fragment is a hole, then seek to 1-byte before EOF, and
+	// write a single byte to ensure the file is the right size.
+	if writeLastByte && err == nil {
+		_, err = ws.Write([]byte{0})
+		sr.pos++
+	}
+
+	n = sr.pos - pos0
+	switch {
+	case err == io.EOF:
+		return n, errMissData // Less data in dense file than sparse file
+	case err != nil:
+		return n, err
+	case sr.LogicalRemaining() == 0 && sr.PhysicalRemaining() > 0:
+		return n, errUnrefData // More data in dense file than sparse file
+	default:
+		return n, nil
+	}
+}
+
+func (sr sparseFileReader) LogicalRemaining() int64 {
+	return sr.sp[len(sr.sp)-1].endOffset() - sr.pos
+}
+func (sr sparseFileReader) PhysicalRemaining() int64 {
+	return sr.fr.PhysicalRemaining()
+}
+
+type zeroReader struct{}
+
+func (zeroReader) Read(b []byte) (int, error) {
+	for i := range b {
+		b[i] = 0
+	}
+	return len(b), nil
+}
+
+// mustReadFull is like io.ReadFull except it returns
+// io.ErrUnexpectedEOF when io.EOF is hit before len(b) bytes are read.
+func mustReadFull(r io.Reader, b []byte) (int, error) {
+	n, err := tryReadFull(r, b)
+	if err == io.EOF {
+		err = io.ErrUnexpectedEOF
+	}
+	return n, err
+}
+
+// tryReadFull is like io.ReadFull except it returns
+// io.EOF when it is hit before len(b) bytes are read.
+func tryReadFull(r io.Reader, b []byte) (n int, err error) {
+	for len(b) > n && err == nil {
+		var nn int
+		nn, err = r.Read(b[n:])
+		n += nn
+	}
+	if len(b) == n && err == io.EOF {
+		err = nil
+	}
+	return n, err
+}
+
+// discard skips n bytes in r, reporting an error if unable to do so.
+func discard(r io.Reader, n int64) error {
+	// If possible, Seek to the last byte before the end of the data section.
+	// Do this because Seek is often lazy about reporting errors; this will mask
+	// the fact that the stream may be truncated. We can rely on the
+	// io.CopyN done shortly afterwards to trigger any IO errors.
+	var seekSkipped int64 // Number of bytes skipped via Seek
+	if sr, ok := r.(io.Seeker); ok && n > 1 {
+		// Not all io.Seeker can actually Seek. For example, os.Stdin implements
+		// io.Seeker, but calling Seek always returns an error and performs
+		// no action. Thus, we try an innocent seek to the current position
+		// to see if Seek is really supported.
+		pos1, err := sr.Seek(0, io.SeekCurrent)
+		if pos1 >= 0 && err == nil {
+			// Seek seems supported, so perform the real Seek.
+			pos2, err := sr.Seek(n-1, io.SeekCurrent)
+			if pos2 < 0 || err != nil {
+				return err
+			}
+			seekSkipped = pos2 - pos1
+		}
+	}
+
+	copySkipped, err := io.CopyN(io.Discard, r, n-seekSkipped)
+	if err == io.EOF && seekSkipped+copySkipped < n {
+		err = io.ErrUnexpectedEOF
+	}
+	return err
+}
diff --git a/vendor/archive/tar/reader_test.go b/vendor/archive/tar/reader_test.go
new file mode 100644
index 0000000000000..789ddc1bc0345
--- /dev/null
+++ b/vendor/archive/tar/reader_test.go
@@ -0,0 +1,1610 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar
+
+import (
+	"bytes"
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"os"
+	"path"
+	"reflect"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestReader(t *testing.T) {
+	vectors := []struct {
+		file    string    // Test input file
+		headers []*Header // Expected output headers
+		chksums []string  // MD5 checksum of files, leave as nil if not checked
+		err     error     // Expected error to occur
+	}{{
+		file: "testdata/gnu.tar",
+		headers: []*Header{{
+			Name:     "small.txt",
+			Mode:     0640,
+			Uid:      73025,
+			Gid:      5000,
+			Size:     5,
+			ModTime:  time.Unix(1244428340, 0),
+			Typeflag: '0',
+			Uname:    "dsymonds",
+			Gname:    "eng",
+			Format:   FormatGNU,
+		}, {
+			Name:     "small2.txt",
+			Mode:     0640,
+			Uid:      73025,
+			Gid:      5000,
+			Size:     11,
+			ModTime:  time.Unix(1244436044, 0),
+			Typeflag: '0',
+			Uname:    "dsymonds",
+			Gname:    "eng",
+			Format:   FormatGNU,
+		}},
+		chksums: []string{
+			"e38b27eaccb4391bdec553a7f3ae6b2f",
+			"c65bd2e50a56a2138bf1716f2fd56fe9",
+		},
+	}, {
+		file: "testdata/sparse-formats.tar",
+		headers: []*Header{{
+			Name:     "sparse-gnu",
+			Mode:     420,
+			Uid:      1000,
+			Gid:      1000,
+			Size:     200,
+			ModTime:  time.Unix(1392395740, 0),
+			Typeflag: 0x53,
+			Linkname: "",
+			Uname:    "david",
+			Gname:    "david",
+			Devmajor: 0,
+			Devminor: 0,
+			Format:   FormatGNU,
+		}, {
+			Name:     "sparse-posix-0.0",
+			Mode:     420,
+			Uid:      1000,
+			Gid:      1000,
+			Size:     200,
+			ModTime:  time.Unix(1392342187, 0),
+			Typeflag: 0x30,
+			Linkname: "",
+			Uname:    "david",
+			Gname:    "david",
+			Devmajor: 0,
+			Devminor: 0,
+			PAXRecords: map[string]string{
+				"GNU.sparse.size":      "200",
+				"GNU.sparse.numblocks": "95",
+				"GNU.sparse.map":       "1,1,3,1,5,1,7,1,9,1,11,1,13,1,15,1,17,1,19,1,21,1,23,1,25,1,27,1,29,1,31,1,33,1,35,1,37,1,39,1,41,1,43,1,45,1,47,1,49,1,51,1,53,1,55,1,57,1,59,1,61,1,63,1,65,1,67,1,69,1,71,1,73,1,75,1,77,1,79,1,81,1,83,1,85,1,87,1,89,1,91,1,93,1,95,1,97,1,99,1,101,1,103,1,105,1,107,1,109,1,111,1,113,1,115,1,117,1,119,1,121,1,123,1,125,1,127,1,129,1,131,1,133,1,135,1,137,1,139,1,141,1,143,1,145,1,147,1,149,1,151,1,153,1,155,1,157,1,159,1,161,1,163,1,165,1,167,1,169,1,171,1,173,1,175,1,177,1,179,1,181,1,183,1,185,1,187,1,189,1",
+			},
+			Format: FormatPAX,
+		}, {
+			Name:     "sparse-posix-0.1",
+			Mode:     420,
+			Uid:      1000,
+			Gid:      1000,
+			Size:     200,
+			ModTime:  time.Unix(1392340456, 0),
+			Typeflag: 0x30,
+			Linkname: "",
+			Uname:    "david",
+			Gname:    "david",
+			Devmajor: 0,
+			Devminor: 0,
+			PAXRecords: map[string]string{
+				"GNU.sparse.size":      "200",
+				"GNU.sparse.numblocks": "95",
+				"GNU.sparse.map":       "1,1,3,1,5,1,7,1,9,1,11,1,13,1,15,1,17,1,19,1,21,1,23,1,25,1,27,1,29,1,31,1,33,1,35,1,37,1,39,1,41,1,43,1,45,1,47,1,49,1,51,1,53,1,55,1,57,1,59,1,61,1,63,1,65,1,67,1,69,1,71,1,73,1,75,1,77,1,79,1,81,1,83,1,85,1,87,1,89,1,91,1,93,1,95,1,97,1,99,1,101,1,103,1,105,1,107,1,109,1,111,1,113,1,115,1,117,1,119,1,121,1,123,1,125,1,127,1,129,1,131,1,133,1,135,1,137,1,139,1,141,1,143,1,145,1,147,1,149,1,151,1,153,1,155,1,157,1,159,1,161,1,163,1,165,1,167,1,169,1,171,1,173,1,175,1,177,1,179,1,181,1,183,1,185,1,187,1,189,1",
+				"GNU.sparse.name":      "sparse-posix-0.1",
+			},
+			Format: FormatPAX,
+		}, {
+			Name:     "sparse-posix-1.0",
+			Mode:     420,
+			Uid:      1000,
+			Gid:      1000,
+			Size:     200,
+			ModTime:  time.Unix(1392337404, 0),
+			Typeflag: 0x30,
+			Linkname: "",
+			Uname:    "david",
+			Gname:    "david",
+			Devmajor: 0,
+			Devminor: 0,
+			PAXRecords: map[string]string{
+				"GNU.sparse.major":    "1",
+				"GNU.sparse.minor":    "0",
+				"GNU.sparse.realsize": "200",
+				"GNU.sparse.name":     "sparse-posix-1.0",
+			},
+			Format: FormatPAX,
+		}, {
+			Name:     "end",
+			Mode:     420,
+			Uid:      1000,
+			Gid:      1000,
+			Size:     4,
+			ModTime:  time.Unix(1392398319, 0),
+			Typeflag: 0x30,
+			Linkname: "",
+			Uname:    "david",
+			Gname:    "david",
+			Devmajor: 0,
+			Devminor: 0,
+			Format:   FormatGNU,
+		}},
+		chksums: []string{
+			"6f53234398c2449fe67c1812d993012f",
+			"6f53234398c2449fe67c1812d993012f",
+			"6f53234398c2449fe67c1812d993012f",
+			"6f53234398c2449fe67c1812d993012f",
+			"b0061974914468de549a2af8ced10316",
+		},
+	}, {
+		file: "testdata/star.tar",
+		headers: []*Header{{
+			Name:       "small.txt",
+			Mode:       0640,
+			Uid:        73025,
+			Gid:        5000,
+			Size:       5,
+			ModTime:    time.Unix(1244592783, 0),
+			Typeflag:   '0',
+			Uname:      "dsymonds",
+			Gname:      "eng",
+			AccessTime: time.Unix(1244592783, 0),
+			ChangeTime: time.Unix(1244592783, 0),
+		}, {
+			Name:       "small2.txt",
+			Mode:       0640,
+			Uid:        73025,
+			Gid:        5000,
+			Size:       11,
+			ModTime:    time.Unix(1244592783, 0),
+			Typeflag:   '0',
+			Uname:      "dsymonds",
+			Gname:      "eng",
+			AccessTime: time.Unix(1244592783, 0),
+			ChangeTime: time.Unix(1244592783, 0),
+		}},
+	}, {
+		file: "testdata/v7.tar",
+		headers: []*Header{{
+			Name:     "small.txt",
+			Mode:     0444,
+			Uid:      73025,
+			Gid:      5000,
+			Size:     5,
+			ModTime:  time.Unix(1244593104, 0),
+			Typeflag: '0',
+		}, {
+			Name:     "small2.txt",
+			Mode:     0444,
+			Uid:      73025,
+			Gid:      5000,
+			Size:     11,
+			ModTime:  time.Unix(1244593104, 0),
+			Typeflag: '0',
+		}},
+	}, {
+		file: "testdata/pax.tar",
+		headers: []*Header{{
+			Name:       "a/123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100",
+			Mode:       0664,
+			Uid:        1000,
+			Gid:        1000,
+			Uname:      "shane",
+			Gname:      "shane",
+			Size:       7,
+			ModTime:    time.Unix(1350244992, 23960108),
+			ChangeTime: time.Unix(1350244992, 23960108),
+			AccessTime: time.Unix(1350244992, 23960108),
+			Typeflag:   TypeReg,
+			PAXRecords: map[string]string{
+				"path":  "a/123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100",
+				"mtime": "1350244992.023960108",
+				"atime": "1350244992.023960108",
+				"ctime": "1350244992.023960108",
+			},
+			Format: FormatPAX,
+		}, {
+			Name:       "a/b",
+			Mode:       0777,
+			Uid:        1000,
+			Gid:        1000,
+			Uname:      "shane",
+			Gname:      "shane",
+			Size:       0,
+			ModTime:    time.Unix(1350266320, 910238425),
+			ChangeTime: time.Unix(1350266320, 910238425),
+			AccessTime: time.Unix(1350266320, 910238425),
+			Typeflag:   TypeSymlink,
+			Linkname:   "123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100",
+			PAXRecords: map[string]string{
+				"linkpath": "123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100",
+				"mtime":    "1350266320.910238425",
+				"atime":    "1350266320.910238425",
+				"ctime":    "1350266320.910238425",
+			},
+			Format: FormatPAX,
+		}},
+	}, {
+		file: "testdata/pax-bad-hdr-file.tar",
+		err:  ErrHeader,
+	}, {
+		file: "testdata/pax-bad-mtime-file.tar",
+		err:  ErrHeader,
+	}, {
+		file: "testdata/pax-pos-size-file.tar",
+		headers: []*Header{{
+			Name:     "foo",
+			Mode:     0640,
+			Uid:      319973,
+			Gid:      5000,
+			Size:     999,
+			ModTime:  time.Unix(1442282516, 0),
+			Typeflag: '0',
+			Uname:    "joetsai",
+			Gname:    "eng",
+			PAXRecords: map[string]string{
+				"size": "000000000000000000000999",
+			},
+			Format: FormatPAX,
+		}},
+		chksums: []string{
+			"0afb597b283fe61b5d4879669a350556",
+		},
+	}, {
+		file: "testdata/pax-records.tar",
+		headers: []*Header{{
+			Typeflag: TypeReg,
+			Name:     "file",
+			Uname:    strings.Repeat("long", 10),
+			ModTime:  time.Unix(0, 0),
+			PAXRecords: map[string]string{
+				"GOLANG.pkg": "tar",
+				"comment":    "Hello, 世界",
+				"uname":      strings.Repeat("long", 10),
+			},
+			Format: FormatPAX,
+		}},
+	}, {
+		file: "testdata/pax-global-records.tar",
+		headers: []*Header{{
+			Typeflag:   TypeXGlobalHeader,
+			Name:       "global1",
+			PAXRecords: map[string]string{"path": "global1", "mtime": "1500000000.0"},
+			Format:     FormatPAX,
+		}, {
+			Typeflag: TypeReg,
+			Name:     "file1",
+			ModTime:  time.Unix(0, 0),
+			Format:   FormatUSTAR,
+		}, {
+			Typeflag:   TypeReg,
+			Name:       "file2",
+			PAXRecords: map[string]string{"path": "file2"},
+			ModTime:    time.Unix(0, 0),
+			Format:     FormatPAX,
+		}, {
+			Typeflag:   TypeXGlobalHeader,
+			Name:       "GlobalHead.0.0",
+			PAXRecords: map[string]string{"path": ""},
+			Format:     FormatPAX,
+		}, {
+			Typeflag: TypeReg,
+			Name:     "file3",
+			ModTime:  time.Unix(0, 0),
+			Format:   FormatUSTAR,
+		}, {
+			Typeflag:   TypeReg,
+			Name:       "file4",
+			ModTime:    time.Unix(1400000000, 0),
+			PAXRecords: map[string]string{"mtime": "1400000000"},
+			Format:     FormatPAX,
+		}},
+	}, {
+		file: "testdata/nil-uid.tar", // golang.org/issue/5290
+		headers: []*Header{{
+			Name:     "P1050238.JPG.log",
+			Mode:     0664,
+			Uid:      0,
+			Gid:      0,
+			Size:     14,
+			ModTime:  time.Unix(1365454838, 0),
+			Typeflag: TypeReg,
+			Linkname: "",
+			Uname:    "eyefi",
+			Gname:    "eyefi",
+			Devmajor: 0,
+			Devminor: 0,
+			Format:   FormatGNU,
+		}},
+	}, {
+		file: "testdata/xattrs.tar",
+		headers: []*Header{{
+			Name:       "small.txt",
+			Mode:       0644,
+			Uid:        1000,
+			Gid:        10,
+			Size:       5,
+			ModTime:    time.Unix(1386065770, 448252320),
+			Typeflag:   '0',
+			Uname:      "alex",
+			Gname:      "wheel",
+			AccessTime: time.Unix(1389782991, 419875220),
+			ChangeTime: time.Unix(1389782956, 794414986),
+			Xattrs: map[string]string{
+				"user.key":  "value",
+				"user.key2": "value2",
+				// Interestingly, selinux encodes the terminating null inside the xattr
+				"security.selinux": "unconfined_u:object_r:default_t:s0\x00",
+			},
+			PAXRecords: map[string]string{
+				"mtime":                         "1386065770.44825232",
+				"atime":                         "1389782991.41987522",
+				"ctime":                         "1389782956.794414986",
+				"SCHILY.xattr.user.key":         "value",
+				"SCHILY.xattr.user.key2":        "value2",
+				"SCHILY.xattr.security.selinux": "unconfined_u:object_r:default_t:s0\x00",
+			},
+			Format: FormatPAX,
+		}, {
+			Name:       "small2.txt",
+			Mode:       0644,
+			Uid:        1000,
+			Gid:        10,
+			Size:       11,
+			ModTime:    time.Unix(1386065770, 449252304),
+			Typeflag:   '0',
+			Uname:      "alex",
+			Gname:      "wheel",
+			AccessTime: time.Unix(1389782991, 419875220),
+			ChangeTime: time.Unix(1386065770, 449252304),
+			Xattrs: map[string]string{
+				"security.selinux": "unconfined_u:object_r:default_t:s0\x00",
+			},
+			PAXRecords: map[string]string{
+				"mtime":                         "1386065770.449252304",
+				"atime":                         "1389782991.41987522",
+				"ctime":                         "1386065770.449252304",
+				"SCHILY.xattr.security.selinux": "unconfined_u:object_r:default_t:s0\x00",
+			},
+			Format: FormatPAX,
+		}},
+	}, {
+		// Matches the behavior of GNU, BSD, and STAR tar utilities.
+		file: "testdata/gnu-multi-hdrs.tar",
+		headers: []*Header{{
+			Name:     "GNU2/GNU2/long-path-name",
+			Linkname: "GNU4/GNU4/long-linkpath-name",
+			ModTime:  time.Unix(0, 0),
+			Typeflag: '2',
+			Format:   FormatGNU,
+		}},
+	}, {
+		// GNU tar file with atime and ctime fields set.
+		// Created with the GNU tar v1.27.1.
+		//	tar --incremental -S -cvf gnu-incremental.tar test2
+		file: "testdata/gnu-incremental.tar",
+		headers: []*Header{{
+			Name:       "test2/",
+			Mode:       16877,
+			Uid:        1000,
+			Gid:        1000,
+			Size:       14,
+			ModTime:    time.Unix(1441973427, 0),
+			Typeflag:   'D',
+			Uname:      "rawr",
+			Gname:      "dsnet",
+			AccessTime: time.Unix(1441974501, 0),
+			ChangeTime: time.Unix(1441973436, 0),
+			Format:     FormatGNU,
+		}, {
+			Name:       "test2/foo",
+			Mode:       33188,
+			Uid:        1000,
+			Gid:        1000,
+			Size:       64,
+			ModTime:    time.Unix(1441973363, 0),
+			Typeflag:   '0',
+			Uname:      "rawr",
+			Gname:      "dsnet",
+			AccessTime: time.Unix(1441974501, 0),
+			ChangeTime: time.Unix(1441973436, 0),
+			Format:     FormatGNU,
+		}, {
+			Name:       "test2/sparse",
+			Mode:       33188,
+			Uid:        1000,
+			Gid:        1000,
+			Size:       536870912,
+			ModTime:    time.Unix(1441973427, 0),
+			Typeflag:   'S',
+			Uname:      "rawr",
+			Gname:      "dsnet",
+			AccessTime: time.Unix(1441991948, 0),
+			ChangeTime: time.Unix(1441973436, 0),
+			Format:     FormatGNU,
+		}},
+	}, {
+		// Matches the behavior of GNU and BSD tar utilities.
+		file: "testdata/pax-multi-hdrs.tar",
+		headers: []*Header{{
+			Name:     "bar",
+			Linkname: "PAX4/PAX4/long-linkpath-name",
+			ModTime:  time.Unix(0, 0),
+			Typeflag: '2',
+			PAXRecords: map[string]string{
+				"linkpath": "PAX4/PAX4/long-linkpath-name",
+			},
+			Format: FormatPAX,
+		}},
+	}, {
+		// Both BSD and GNU tar truncate long names at first NUL even
+		// if there is data following that NUL character.
+		// This is reasonable as GNU long names are C-strings.
+		file: "testdata/gnu-long-nul.tar",
+		headers: []*Header{{
+			Name:     "0123456789",
+			Mode:     0644,
+			Uid:      1000,
+			Gid:      1000,
+			ModTime:  time.Unix(1486082191, 0),
+			Typeflag: '0',
+			Uname:    "rawr",
+			Gname:    "dsnet",
+			Format:   FormatGNU,
+		}},
+	}, {
+		// This archive was generated by Writer but is readable by both
+		// GNU and BSD tar utilities.
+		// The archive generated by GNU is nearly byte-for-byte identical
+		// to the Go version except the Go version sets a negative Devminor
+		// just to force the GNU format.
+		file: "testdata/gnu-utf8.tar",
+		headers: []*Header{{
+			Name: "☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹",
+			Mode: 0644,
+			Uid:  1000, Gid: 1000,
+			ModTime:  time.Unix(0, 0),
+			Typeflag: '0',
+			Uname:    "☺",
+			Gname:    "⚹",
+			Format:   FormatGNU,
+		}},
+	}, {
+		// This archive was generated by Writer but is readable by both
+		// GNU and BSD tar utilities.
+		// The archive generated by GNU is nearly byte-for-byte identical
+		// to the Go version except the Go version sets a negative Devminor
+		// just to force the GNU format.
+		file: "testdata/gnu-not-utf8.tar",
+		headers: []*Header{{
+			Name:     "hi\x80\x81\x82\x83bye",
+			Mode:     0644,
+			Uid:      1000,
+			Gid:      1000,
+			ModTime:  time.Unix(0, 0),
+			Typeflag: '0',
+			Uname:    "rawr",
+			Gname:    "dsnet",
+			Format:   FormatGNU,
+		}},
+	}, {
+		// BSD tar v3.1.2 and GNU tar v1.27.1 both rejects PAX records
+		// with NULs in the key.
+		file: "testdata/pax-nul-xattrs.tar",
+		err:  ErrHeader,
+	}, {
+		// BSD tar v3.1.2 rejects a PAX path with NUL in the value, while
+		// GNU tar v1.27.1 simply truncates at first NUL.
+		// We emulate the behavior of BSD since it is strange doing NUL
+		// truncations since PAX records are length-prefix strings instead
+		// of NUL-terminated C-strings.
+		file: "testdata/pax-nul-path.tar",
+		err:  ErrHeader,
+	}, {
+		file: "testdata/neg-size.tar",
+		err:  ErrHeader,
+	}, {
+		file: "testdata/issue10968.tar",
+		err:  ErrHeader,
+	}, {
+		file: "testdata/issue11169.tar",
+		err:  ErrHeader,
+	}, {
+		file: "testdata/issue12435.tar",
+		err:  ErrHeader,
+	}, {
+		// Ensure that we can read back the original Header as written with
+		// a buggy pre-Go1.8 tar.Writer.
+		file: "testdata/invalid-go17.tar",
+		headers: []*Header{{
+			Name:     "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/foo",
+			Uid:      010000000,
+			ModTime:  time.Unix(0, 0),
+			Typeflag: '0',
+		}},
+	}, {
+		// USTAR archive with a regular entry with non-zero device numbers.
+		file: "testdata/ustar-file-devs.tar",
+		headers: []*Header{{
+			Name:     "file",
+			Mode:     0644,
+			Typeflag: '0',
+			ModTime:  time.Unix(0, 0),
+			Devmajor: 1,
+			Devminor: 1,
+			Format:   FormatUSTAR,
+		}},
+	}, {
+		// Generated by Go, works on BSD tar v3.1.2 and GNU tar v.1.27.1.
+		file: "testdata/gnu-nil-sparse-data.tar",
+		headers: []*Header{{
+			Name:     "sparse.db",
+			Typeflag: TypeGNUSparse,
+			Size:     1000,
+			ModTime:  time.Unix(0, 0),
+			Format:   FormatGNU,
+		}},
+	}, {
+		// Generated by Go, works on BSD tar v3.1.2 and GNU tar v.1.27.1.
+		file: "testdata/gnu-nil-sparse-hole.tar",
+		headers: []*Header{{
+			Name:     "sparse.db",
+			Typeflag: TypeGNUSparse,
+			Size:     1000,
+			ModTime:  time.Unix(0, 0),
+			Format:   FormatGNU,
+		}},
+	}, {
+		// Generated by Go, works on BSD tar v3.1.2 and GNU tar v.1.27.1.
+		file: "testdata/pax-nil-sparse-data.tar",
+		headers: []*Header{{
+			Name:     "sparse.db",
+			Typeflag: TypeReg,
+			Size:     1000,
+			ModTime:  time.Unix(0, 0),
+			PAXRecords: map[string]string{
+				"size":                "1512",
+				"GNU.sparse.major":    "1",
+				"GNU.sparse.minor":    "0",
+				"GNU.sparse.realsize": "1000",
+				"GNU.sparse.name":     "sparse.db",
+			},
+			Format: FormatPAX,
+		}},
+	}, {
+		// Generated by Go, works on BSD tar v3.1.2 and GNU tar v.1.27.1.
+		file: "testdata/pax-nil-sparse-hole.tar",
+		headers: []*Header{{
+			Name:     "sparse.db",
+			Typeflag: TypeReg,
+			Size:     1000,
+			ModTime:  time.Unix(0, 0),
+			PAXRecords: map[string]string{
+				"size":                "512",
+				"GNU.sparse.major":    "1",
+				"GNU.sparse.minor":    "0",
+				"GNU.sparse.realsize": "1000",
+				"GNU.sparse.name":     "sparse.db",
+			},
+			Format: FormatPAX,
+		}},
+	}, {
+		file: "testdata/trailing-slash.tar",
+		headers: []*Header{{
+			Typeflag: TypeDir,
+			Name:     strings.Repeat("123456789/", 30),
+			ModTime:  time.Unix(0, 0),
+			PAXRecords: map[string]string{
+				"path": strings.Repeat("123456789/", 30),
+			},
+			Format: FormatPAX,
+		}},
+	}}
+
+	for _, v := range vectors {
+		t.Run(path.Base(v.file), func(t *testing.T) {
+			f, err := os.Open(v.file)
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+			defer f.Close()
+
+			// Capture all headers and checksums.
+			var (
+				tr      = NewReader(f)
+				hdrs    []*Header
+				chksums []string
+				rdbuf   = make([]byte, 8)
+			)
+			for {
+				var hdr *Header
+				hdr, err = tr.Next()
+				if err != nil {
+					if err == io.EOF {
+						err = nil // Expected error
+					}
+					break
+				}
+				hdrs = append(hdrs, hdr)
+
+				if v.chksums == nil {
+					continue
+				}
+				h := md5.New()
+				_, err = io.CopyBuffer(h, tr, rdbuf) // Effectively an incremental read
+				if err != nil {
+					break
+				}
+				chksums = append(chksums, fmt.Sprintf("%x", h.Sum(nil)))
+			}
+
+			for i, hdr := range hdrs {
+				if i >= len(v.headers) {
+					t.Fatalf("entry %d: unexpected header:\ngot %+v", i, *hdr)
+					continue
+				}
+				if !reflect.DeepEqual(*hdr, *v.headers[i]) {
+					t.Fatalf("entry %d: incorrect header:\ngot  %+v\nwant %+v", i, *hdr, *v.headers[i])
+				}
+			}
+			if len(hdrs) != len(v.headers) {
+				t.Fatalf("got %d headers, want %d headers", len(hdrs), len(v.headers))
+			}
+
+			for i, sum := range chksums {
+				if i >= len(v.chksums) {
+					t.Fatalf("entry %d: unexpected sum: got %s", i, sum)
+					continue
+				}
+				if sum != v.chksums[i] {
+					t.Fatalf("entry %d: incorrect checksum: got %s, want %s", i, sum, v.chksums[i])
+				}
+			}
+
+			if err != v.err {
+				t.Fatalf("unexpected error: got %v, want %v", err, v.err)
+			}
+			f.Close()
+		})
+	}
+}
+
+func TestPartialRead(t *testing.T) {
+	type testCase struct {
+		cnt    int    // Number of bytes to read
+		output string // Expected value of string read
+	}
+	vectors := []struct {
+		file  string
+		cases []testCase
+	}{{
+		file: "testdata/gnu.tar",
+		cases: []testCase{
+			{4, "Kilt"},
+			{6, "Google"},
+		},
+	}, {
+		file: "testdata/sparse-formats.tar",
+		cases: []testCase{
+			{2, "\x00G"},
+			{4, "\x00G\x00o"},
+			{6, "\x00G\x00o\x00G"},
+			{8, "\x00G\x00o\x00G\x00o"},
+			{4, "end\n"},
+		},
+	}}
+
+	for _, v := range vectors {
+		t.Run(path.Base(v.file), func(t *testing.T) {
+			f, err := os.Open(v.file)
+			if err != nil {
+				t.Fatalf("Open() error: %v", err)
+			}
+			defer f.Close()
+
+			tr := NewReader(f)
+			for i, tc := range v.cases {
+				hdr, err := tr.Next()
+				if err != nil || hdr == nil {
+					t.Fatalf("entry %d, Next(): got %v, want %v", i, err, nil)
+				}
+				buf := make([]byte, tc.cnt)
+				if _, err := io.ReadFull(tr, buf); err != nil {
+					t.Fatalf("entry %d, ReadFull(): got %v, want %v", i, err, nil)
+				}
+				if string(buf) != tc.output {
+					t.Fatalf("entry %d, ReadFull(): got %q, want %q", i, string(buf), tc.output)
+				}
+			}
+
+			if _, err := tr.Next(); err != io.EOF {
+				t.Fatalf("Next(): got %v, want EOF", err)
+			}
+		})
+	}
+}
+
+func TestUninitializedRead(t *testing.T) {
+	f, err := os.Open("testdata/gnu.tar")
+	if err != nil {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+	defer f.Close()
+
+	tr := NewReader(f)
+	_, err = tr.Read([]byte{})
+	if err == nil || err != io.EOF {
+		t.Errorf("Unexpected error: %v, wanted %v", err, io.EOF)
+	}
+
+}
+
+type reader struct{ io.Reader }
+type readSeeker struct{ io.ReadSeeker }
+type readBadSeeker struct{ io.ReadSeeker }
+
+func (rbs *readBadSeeker) Seek(int64, int) (int64, error) { return 0, fmt.Errorf("illegal seek") }
+
+// TestReadTruncation test the ending condition on various truncated files and
+// that truncated files are still detected even if the underlying io.Reader
+// satisfies io.Seeker.
+func TestReadTruncation(t *testing.T) {
+	var ss []string
+	for _, p := range []string{
+		"testdata/gnu.tar",
+		"testdata/ustar-file-reg.tar",
+		"testdata/pax-path-hdr.tar",
+		"testdata/sparse-formats.tar",
+	} {
+		buf, err := os.ReadFile(p)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		ss = append(ss, string(buf))
+	}
+
+	data1, data2, pax, sparse := ss[0], ss[1], ss[2], ss[3]
+	data2 += strings.Repeat("\x00", 10*512)
+	trash := strings.Repeat("garbage ", 64) // Exactly 512 bytes
+
+	vectors := []struct {
+		input string // Input stream
+		cnt   int    // Expected number of headers read
+		err   error  // Expected error outcome
+	}{
+		{"", 0, io.EOF}, // Empty file is a "valid" tar file
+		{data1[:511], 0, io.ErrUnexpectedEOF},
+		{data1[:512], 1, io.ErrUnexpectedEOF},
+		{data1[:1024], 1, io.EOF},
+		{data1[:1536], 2, io.ErrUnexpectedEOF},
+		{data1[:2048], 2, io.EOF},
+		{data1, 2, io.EOF},
+		{data1[:2048] + data2[:1536], 3, io.EOF},
+		{data2[:511], 0, io.ErrUnexpectedEOF},
+		{data2[:512], 1, io.ErrUnexpectedEOF},
+		{data2[:1195], 1, io.ErrUnexpectedEOF},
+		{data2[:1196], 1, io.EOF}, // Exact end of data and start of padding
+		{data2[:1200], 1, io.EOF},
+		{data2[:1535], 1, io.EOF},
+		{data2[:1536], 1, io.EOF}, // Exact end of padding
+		{data2[:1536] + trash[:1], 1, io.ErrUnexpectedEOF},
+		{data2[:1536] + trash[:511], 1, io.ErrUnexpectedEOF},
+		{data2[:1536] + trash, 1, ErrHeader},
+		{data2[:2048], 1, io.EOF}, // Exactly 1 empty block
+		{data2[:2048] + trash[:1], 1, io.ErrUnexpectedEOF},
+		{data2[:2048] + trash[:511], 1, io.ErrUnexpectedEOF},
+		{data2[:2048] + trash, 1, ErrHeader},
+		{data2[:2560], 1, io.EOF}, // Exactly 2 empty blocks (normal end-of-stream)
+		{data2[:2560] + trash[:1], 1, io.EOF},
+		{data2[:2560] + trash[:511], 1, io.EOF},
+		{data2[:2560] + trash, 1, io.EOF},
+		{data2[:3072], 1, io.EOF},
+		{pax, 0, io.EOF}, // PAX header without data is a "valid" tar file
+		{pax + trash[:1], 0, io.ErrUnexpectedEOF},
+		{pax + trash[:511], 0, io.ErrUnexpectedEOF},
+		{sparse[:511], 0, io.ErrUnexpectedEOF},
+		{sparse[:512], 0, io.ErrUnexpectedEOF},
+		{sparse[:3584], 1, io.EOF},
+		{sparse[:9200], 1, io.EOF}, // Terminate in padding of sparse header
+		{sparse[:9216], 1, io.EOF},
+		{sparse[:9728], 2, io.ErrUnexpectedEOF},
+		{sparse[:10240], 2, io.EOF},
+		{sparse[:11264], 2, io.ErrUnexpectedEOF},
+		{sparse, 5, io.EOF},
+		{sparse + trash, 5, io.EOF},
+	}
+
+	for i, v := range vectors {
+		for j := 0; j < 6; j++ {
+			var tr *Reader
+			var s1, s2 string
+
+			switch j {
+			case 0:
+				tr = NewReader(&reader{strings.NewReader(v.input)})
+				s1, s2 = "io.Reader", "auto"
+			case 1:
+				tr = NewReader(&reader{strings.NewReader(v.input)})
+				s1, s2 = "io.Reader", "manual"
+			case 2:
+				tr = NewReader(&readSeeker{strings.NewReader(v.input)})
+				s1, s2 = "io.ReadSeeker", "auto"
+			case 3:
+				tr = NewReader(&readSeeker{strings.NewReader(v.input)})
+				s1, s2 = "io.ReadSeeker", "manual"
+			case 4:
+				tr = NewReader(&readBadSeeker{strings.NewReader(v.input)})
+				s1, s2 = "ReadBadSeeker", "auto"
+			case 5:
+				tr = NewReader(&readBadSeeker{strings.NewReader(v.input)})
+				s1, s2 = "ReadBadSeeker", "manual"
+			}
+
+			var cnt int
+			var err error
+			for {
+				if _, err = tr.Next(); err != nil {
+					break
+				}
+				cnt++
+				if s2 == "manual" {
+					if _, err = tr.writeTo(io.Discard); err != nil {
+						break
+					}
+				}
+			}
+			if err != v.err {
+				t.Errorf("test %d, NewReader(%s) with %s discard: got %v, want %v",
+					i, s1, s2, err, v.err)
+			}
+			if cnt != v.cnt {
+				t.Errorf("test %d, NewReader(%s) with %s discard: got %d headers, want %d headers",
+					i, s1, s2, cnt, v.cnt)
+			}
+		}
+	}
+}
+
+// TestReadHeaderOnly tests that Reader does not attempt to read special
+// header-only files.
+func TestReadHeaderOnly(t *testing.T) {
+	f, err := os.Open("testdata/hdr-only.tar")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	defer f.Close()
+
+	var hdrs []*Header
+	tr := NewReader(f)
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			t.Errorf("Next(): got %v, want %v", err, nil)
+			continue
+		}
+		hdrs = append(hdrs, hdr)
+
+		// If a special flag, we should read nothing.
+		cnt, _ := io.ReadFull(tr, []byte{0})
+		if cnt > 0 && hdr.Typeflag != TypeReg {
+			t.Errorf("ReadFull(...): got %d bytes, want 0 bytes", cnt)
+		}
+	}
+
+	// File is crafted with 16 entries. The later 8 are identical to the first
+	// 8 except that the size is set.
+	if len(hdrs) != 16 {
+		t.Fatalf("len(hdrs): got %d, want %d", len(hdrs), 16)
+	}
+	for i := 0; i < 8; i++ {
+		hdr1, hdr2 := hdrs[i+0], hdrs[i+8]
+		hdr1.Size, hdr2.Size = 0, 0
+		if !reflect.DeepEqual(*hdr1, *hdr2) {
+			t.Errorf("incorrect header:\ngot  %+v\nwant %+v", *hdr1, *hdr2)
+		}
+	}
+}
+
+func TestMergePAX(t *testing.T) {
+	vectors := []struct {
+		in   map[string]string
+		want *Header
+		ok   bool
+	}{{
+		in: map[string]string{
+			"path":  "a/b/c",
+			"uid":   "1000",
+			"mtime": "1350244992.023960108",
+		},
+		want: &Header{
+			Name:    "a/b/c",
+			Uid:     1000,
+			ModTime: time.Unix(1350244992, 23960108),
+			PAXRecords: map[string]string{
+				"path":  "a/b/c",
+				"uid":   "1000",
+				"mtime": "1350244992.023960108",
+			},
+		},
+		ok: true,
+	}, {
+		in: map[string]string{
+			"gid": "gtgergergersagersgers",
+		},
+		ok: false,
+	}, {
+		in: map[string]string{
+			"missing":          "missing",
+			"SCHILY.xattr.key": "value",
+		},
+		want: &Header{
+			Xattrs: map[string]string{"key": "value"},
+			PAXRecords: map[string]string{
+				"missing":          "missing",
+				"SCHILY.xattr.key": "value",
+			},
+		},
+		ok: true,
+	}}
+
+	for i, v := range vectors {
+		got := new(Header)
+		err := mergePAX(got, v.in)
+		if v.ok && !reflect.DeepEqual(*got, *v.want) {
+			t.Errorf("test %d, mergePAX(...):\ngot  %+v\nwant %+v", i, *got, *v.want)
+		}
+		if ok := err == nil; ok != v.ok {
+			t.Errorf("test %d, mergePAX(...): got %v, want %v", i, ok, v.ok)
+		}
+	}
+}
+
+func TestParsePAX(t *testing.T) {
+	vectors := []struct {
+		in   string
+		want map[string]string
+		ok   bool
+	}{
+		{"", nil, true},
+		{"6 k=1\n", map[string]string{"k": "1"}, true},
+		{"10 a=name\n", map[string]string{"a": "name"}, true},
+		{"9 a=name\n", map[string]string{"a": "name"}, true},
+		{"30 mtime=1350244992.023960108\n", map[string]string{"mtime": "1350244992.023960108"}, true},
+		{"3 somelongkey=\n", nil, false},
+		{"50 tooshort=\n", nil, false},
+		{"13 key1=haha\n13 key2=nana\n13 key3=kaka\n",
+			map[string]string{"key1": "haha", "key2": "nana", "key3": "kaka"}, true},
+		{"13 key1=val1\n13 key2=val2\n8 key1=\n",
+			map[string]string{"key1": "", "key2": "val2"}, true},
+		{"22 GNU.sparse.size=10\n26 GNU.sparse.numblocks=2\n" +
+			"23 GNU.sparse.offset=1\n25 GNU.sparse.numbytes=2\n" +
+			"23 GNU.sparse.offset=3\n25 GNU.sparse.numbytes=4\n",
+			map[string]string{paxGNUSparseSize: "10", paxGNUSparseNumBlocks: "2", paxGNUSparseMap: "1,2,3,4"}, true},
+		{"22 GNU.sparse.size=10\n26 GNU.sparse.numblocks=1\n" +
+			"25 GNU.sparse.numbytes=2\n23 GNU.sparse.offset=1\n",
+			nil, false},
+		{"22 GNU.sparse.size=10\n26 GNU.sparse.numblocks=1\n" +
+			"25 GNU.sparse.offset=1,2\n25 GNU.sparse.numbytes=2\n",
+			nil, false},
+	}
+
+	for i, v := range vectors {
+		r := strings.NewReader(v.in)
+		got, err := parsePAX(r)
+		if !reflect.DeepEqual(got, v.want) && !(len(got) == 0 && len(v.want) == 0) {
+			t.Errorf("test %d, parsePAX():\ngot  %v\nwant %v", i, got, v.want)
+		}
+		if ok := err == nil; ok != v.ok {
+			t.Errorf("test %d, parsePAX(): got %v, want %v", i, ok, v.ok)
+		}
+	}
+}
+
+func TestReadOldGNUSparseMap(t *testing.T) {
+	populateSparseMap := func(sa sparseArray, sps []string) []string {
+		for i := 0; len(sps) > 0 && i < sa.MaxEntries(); i++ {
+			copy(sa.Entry(i), sps[0])
+			sps = sps[1:]
+		}
+		if len(sps) > 0 {
+			copy(sa.IsExtended(), "\x80")
+		}
+		return sps
+	}
+
+	makeInput := func(format Format, size string, sps ...string) (out []byte) {
+		// Write the initial GNU header.
+		var blk block
+		gnu := blk.GNU()
+		sparse := gnu.Sparse()
+		copy(gnu.RealSize(), size)
+		sps = populateSparseMap(sparse, sps)
+		if format != FormatUnknown {
+			blk.SetFormat(format)
+		}
+		out = append(out, blk[:]...)
+
+		// Write extended sparse blocks.
+		for len(sps) > 0 {
+			var blk block
+			sps = populateSparseMap(blk.Sparse(), sps)
+			out = append(out, blk[:]...)
+		}
+		return out
+	}
+
+	makeSparseStrings := func(sp []sparseEntry) (out []string) {
+		var f formatter
+		for _, s := range sp {
+			var b [24]byte
+			f.formatNumeric(b[:12], s.Offset)
+			f.formatNumeric(b[12:], s.Length)
+			out = append(out, string(b[:]))
+		}
+		return out
+	}
+
+	vectors := []struct {
+		input    []byte
+		wantMap  sparseDatas
+		wantSize int64
+		wantErr  error
+	}{{
+		input:   makeInput(FormatUnknown, ""),
+		wantErr: ErrHeader,
+	}, {
+		input:    makeInput(FormatGNU, "1234", "fewa"),
+		wantSize: 01234,
+		wantErr:  ErrHeader,
+	}, {
+		input:    makeInput(FormatGNU, "0031"),
+		wantSize: 031,
+	}, {
+		input:   makeInput(FormatGNU, "80"),
+		wantErr: ErrHeader,
+	}, {
+		input: makeInput(FormatGNU, "1234",
+			makeSparseStrings(sparseDatas{{0, 0}, {1, 1}})...),
+		wantMap:  sparseDatas{{0, 0}, {1, 1}},
+		wantSize: 01234,
+	}, {
+		input: makeInput(FormatGNU, "1234",
+			append(makeSparseStrings(sparseDatas{{0, 0}, {1, 1}}), []string{"", "blah"}...)...),
+		wantMap:  sparseDatas{{0, 0}, {1, 1}},
+		wantSize: 01234,
+	}, {
+		input: makeInput(FormatGNU, "3333",
+			makeSparseStrings(sparseDatas{{0, 1}, {2, 1}, {4, 1}, {6, 1}})...),
+		wantMap:  sparseDatas{{0, 1}, {2, 1}, {4, 1}, {6, 1}},
+		wantSize: 03333,
+	}, {
+		input: makeInput(FormatGNU, "",
+			append(append(
+				makeSparseStrings(sparseDatas{{0, 1}, {2, 1}}),
+				[]string{"", ""}...),
+				makeSparseStrings(sparseDatas{{4, 1}, {6, 1}})...)...),
+		wantMap: sparseDatas{{0, 1}, {2, 1}, {4, 1}, {6, 1}},
+	}, {
+		input: makeInput(FormatGNU, "",
+			makeSparseStrings(sparseDatas{{0, 1}, {2, 1}, {4, 1}, {6, 1}, {8, 1}, {10, 1}})...)[:blockSize],
+		wantErr: io.ErrUnexpectedEOF,
+	}, {
+		input: makeInput(FormatGNU, "",
+			makeSparseStrings(sparseDatas{{0, 1}, {2, 1}, {4, 1}, {6, 1}, {8, 1}, {10, 1}})...)[:3*blockSize/2],
+		wantErr: io.ErrUnexpectedEOF,
+	}, {
+		input: makeInput(FormatGNU, "",
+			makeSparseStrings(sparseDatas{{0, 1}, {2, 1}, {4, 1}, {6, 1}, {8, 1}, {10, 1}})...),
+		wantMap: sparseDatas{{0, 1}, {2, 1}, {4, 1}, {6, 1}, {8, 1}, {10, 1}},
+	}, {
+		input: makeInput(FormatGNU, "",
+			makeSparseStrings(sparseDatas{{10 << 30, 512}, {20 << 30, 512}})...),
+		wantMap: sparseDatas{{10 << 30, 512}, {20 << 30, 512}},
+	}}
+
+	for i, v := range vectors {
+		var blk block
+		var hdr Header
+		v.input = v.input[copy(blk[:], v.input):]
+		tr := Reader{r: bytes.NewReader(v.input)}
+		got, err := tr.readOldGNUSparseMap(&hdr, &blk)
+		if !equalSparseEntries(got, v.wantMap) {
+			t.Errorf("test %d, readOldGNUSparseMap(): got %v, want %v", i, got, v.wantMap)
+		}
+		if err != v.wantErr {
+			t.Errorf("test %d, readOldGNUSparseMap() = %v, want %v", i, err, v.wantErr)
+		}
+		if hdr.Size != v.wantSize {
+			t.Errorf("test %d, Header.Size = %d, want %d", i, hdr.Size, v.wantSize)
+		}
+	}
+}
+
+func TestReadGNUSparsePAXHeaders(t *testing.T) {
+	padInput := func(s string) string {
+		return s + string(zeroBlock[:blockPadding(int64(len(s)))])
+	}
+
+	vectors := []struct {
+		inputData string
+		inputHdrs map[string]string
+		wantMap   sparseDatas
+		wantSize  int64
+		wantName  string
+		wantErr   error
+	}{{
+		inputHdrs: nil,
+		wantErr:   nil,
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseNumBlocks: strconv.FormatInt(math.MaxInt64, 10),
+			paxGNUSparseMap:       "0,1,2,3",
+		},
+		wantErr: ErrHeader,
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseNumBlocks: "4\x00",
+			paxGNUSparseMap:       "0,1,2,3",
+		},
+		wantErr: ErrHeader,
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseNumBlocks: "4",
+			paxGNUSparseMap:       "0,1,2,3",
+		},
+		wantErr: ErrHeader,
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseNumBlocks: "2",
+			paxGNUSparseMap:       "0,1,2,3",
+		},
+		wantMap: sparseDatas{{0, 1}, {2, 3}},
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseNumBlocks: "2",
+			paxGNUSparseMap:       "0, 1,2,3",
+		},
+		wantErr: ErrHeader,
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseNumBlocks: "2",
+			paxGNUSparseMap:       "0,1,02,3",
+			paxGNUSparseRealSize:  "4321",
+		},
+		wantMap:  sparseDatas{{0, 1}, {2, 3}},
+		wantSize: 4321,
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseNumBlocks: "2",
+			paxGNUSparseMap:       "0,one1,2,3",
+		},
+		wantErr: ErrHeader,
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseMajor:     "0",
+			paxGNUSparseMinor:     "0",
+			paxGNUSparseNumBlocks: "2",
+			paxGNUSparseMap:       "0,1,2,3",
+			paxGNUSparseSize:      "1234",
+			paxGNUSparseRealSize:  "4321",
+			paxGNUSparseName:      "realname",
+		},
+		wantMap:  sparseDatas{{0, 1}, {2, 3}},
+		wantSize: 1234,
+		wantName: "realname",
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseMajor:     "0",
+			paxGNUSparseMinor:     "0",
+			paxGNUSparseNumBlocks: "1",
+			paxGNUSparseMap:       "10737418240,512",
+			paxGNUSparseSize:      "10737418240",
+			paxGNUSparseName:      "realname",
+		},
+		wantMap:  sparseDatas{{10737418240, 512}},
+		wantSize: 10737418240,
+		wantName: "realname",
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseMajor:     "0",
+			paxGNUSparseMinor:     "0",
+			paxGNUSparseNumBlocks: "0",
+			paxGNUSparseMap:       "",
+		},
+		wantMap: sparseDatas{},
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseMajor:     "0",
+			paxGNUSparseMinor:     "1",
+			paxGNUSparseNumBlocks: "4",
+			paxGNUSparseMap:       "0,5,10,5,20,5,30,5",
+		},
+		wantMap: sparseDatas{{0, 5}, {10, 5}, {20, 5}, {30, 5}},
+	}, {
+		inputHdrs: map[string]string{
+			paxGNUSparseMajor:     "1",
+			paxGNUSparseMinor:     "0",
+			paxGNUSparseNumBlocks: "4",
+			paxGNUSparseMap:       "0,5,10,5,20,5,30,5",
+		},
+		wantErr: io.ErrUnexpectedEOF,
+	}, {
+		inputData: padInput("0\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantMap:   sparseDatas{},
+	}, {
+		inputData: padInput("0\n")[:blockSize-1] + "#",
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantMap:   sparseDatas{},
+	}, {
+		inputData: padInput("0"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantErr:   io.ErrUnexpectedEOF,
+	}, {
+		inputData: padInput("ab\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantErr:   ErrHeader,
+	}, {
+		inputData: padInput("1\n2\n3\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantMap:   sparseDatas{{2, 3}},
+	}, {
+		inputData: padInput("1\n2\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantErr:   io.ErrUnexpectedEOF,
+	}, {
+		inputData: padInput("1\n2\n\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantErr:   ErrHeader,
+	}, {
+		inputData: string(zeroBlock[:]) + padInput("0\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantErr:   ErrHeader,
+	}, {
+		inputData: strings.Repeat("0", blockSize) + padInput("1\n5\n1\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantMap:   sparseDatas{{5, 1}},
+	}, {
+		inputData: padInput(fmt.Sprintf("%d\n", int64(math.MaxInt64))),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantErr:   ErrHeader,
+	}, {
+		inputData: padInput(strings.Repeat("0", 300) + "1\n" + strings.Repeat("0", 1000) + "5\n" + strings.Repeat("0", 800) + "2\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantMap:   sparseDatas{{5, 2}},
+	}, {
+		inputData: padInput("2\n10737418240\n512\n21474836480\n512\n"),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantMap:   sparseDatas{{10737418240, 512}, {21474836480, 512}},
+	}, {
+		inputData: padInput("100\n" + func() string {
+			var ss []string
+			for i := 0; i < 100; i++ {
+				ss = append(ss, fmt.Sprintf("%d\n%d\n", int64(i)<<30, 512))
+			}
+			return strings.Join(ss, "")
+		}()),
+		inputHdrs: map[string]string{paxGNUSparseMajor: "1", paxGNUSparseMinor: "0"},
+		wantMap: func() (spd sparseDatas) {
+			for i := 0; i < 100; i++ {
+				spd = append(spd, sparseEntry{int64(i) << 30, 512})
+			}
+			return spd
+		}(),
+	}}
+
+	for i, v := range vectors {
+		var hdr Header
+		hdr.PAXRecords = v.inputHdrs
+		r := strings.NewReader(v.inputData + "#") // Add canary byte
+		tr := Reader{curr: &regFileReader{r, int64(r.Len())}}
+		got, err := tr.readGNUSparsePAXHeaders(&hdr)
+		if !equalSparseEntries(got, v.wantMap) {
+			t.Errorf("test %d, readGNUSparsePAXHeaders(): got %v, want %v", i, got, v.wantMap)
+		}
+		if err != v.wantErr {
+			t.Errorf("test %d, readGNUSparsePAXHeaders() = %v, want %v", i, err, v.wantErr)
+		}
+		if hdr.Size != v.wantSize {
+			t.Errorf("test %d, Header.Size = %d, want %d", i, hdr.Size, v.wantSize)
+		}
+		if hdr.Name != v.wantName {
+			t.Errorf("test %d, Header.Name = %s, want %s", i, hdr.Name, v.wantName)
+		}
+		if v.wantErr == nil && r.Len() == 0 {
+			t.Errorf("test %d, canary byte unexpectedly consumed", i)
+		}
+	}
+}
+
+// testNonEmptyReader wraps an io.Reader and ensures that
+// Read is never called with an empty buffer.
+type testNonEmptyReader struct{ io.Reader }
+
+func (r testNonEmptyReader) Read(b []byte) (int, error) {
+	if len(b) == 0 {
+		return 0, errors.New("unexpected empty Read call")
+	}
+	return r.Reader.Read(b)
+}
+
+func TestFileReader(t *testing.T) {
+	type (
+		testRead struct { // Read(cnt) == (wantStr, wantErr)
+			cnt     int
+			wantStr string
+			wantErr error
+		}
+		testWriteTo struct { // WriteTo(testFile{ops}) == (wantCnt, wantErr)
+			ops     fileOps
+			wantCnt int64
+			wantErr error
+		}
+		testRemaining struct { // LogicalRemaining() == wantLCnt, PhysicalRemaining() == wantPCnt
+			wantLCnt int64
+			wantPCnt int64
+		}
+		testFnc interface{} // testRead | testWriteTo | testRemaining
+	)
+
+	type (
+		makeReg struct {
+			str  string
+			size int64
+		}
+		makeSparse struct {
+			makeReg makeReg
+			spd     sparseDatas
+			size    int64
+		}
+		fileMaker interface{} // makeReg | makeSparse
+	)
+
+	vectors := []struct {
+		maker fileMaker
+		tests []testFnc
+	}{{
+		maker: makeReg{"", 0},
+		tests: []testFnc{
+			testRemaining{0, 0},
+			testRead{0, "", io.EOF},
+			testRead{1, "", io.EOF},
+			testWriteTo{nil, 0, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeReg{"", 1},
+		tests: []testFnc{
+			testRemaining{1, 1},
+			testRead{5, "", io.ErrUnexpectedEOF},
+			testWriteTo{nil, 0, io.ErrUnexpectedEOF},
+			testRemaining{1, 1},
+		},
+	}, {
+		maker: makeReg{"hello", 5},
+		tests: []testFnc{
+			testRemaining{5, 5},
+			testRead{5, "hello", io.EOF},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeReg{"hello, world", 50},
+		tests: []testFnc{
+			testRemaining{50, 50},
+			testRead{7, "hello, ", nil},
+			testRemaining{43, 43},
+			testRead{5, "world", nil},
+			testRemaining{38, 38},
+			testWriteTo{nil, 0, io.ErrUnexpectedEOF},
+			testRead{1, "", io.ErrUnexpectedEOF},
+			testRemaining{38, 38},
+		},
+	}, {
+		maker: makeReg{"hello, world", 5},
+		tests: []testFnc{
+			testRemaining{5, 5},
+			testRead{0, "", nil},
+			testRead{4, "hell", nil},
+			testRemaining{1, 1},
+			testWriteTo{fileOps{"o"}, 1, nil},
+			testRemaining{0, 0},
+			testWriteTo{nil, 0, nil},
+			testRead{0, "", io.EOF},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{0, 2}, {5, 3}}, 8},
+		tests: []testFnc{
+			testRemaining{8, 5},
+			testRead{3, "ab\x00", nil},
+			testRead{10, "\x00\x00cde", io.EOF},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{0, 2}, {5, 3}}, 8},
+		tests: []testFnc{
+			testRemaining{8, 5},
+			testWriteTo{fileOps{"ab", int64(3), "cde"}, 8, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{0, 2}, {5, 3}}, 10},
+		tests: []testFnc{
+			testRemaining{10, 5},
+			testRead{100, "ab\x00\x00\x00cde\x00\x00", io.EOF},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abc", 5}, sparseDatas{{0, 2}, {5, 3}}, 10},
+		tests: []testFnc{
+			testRemaining{10, 5},
+			testRead{100, "ab\x00\x00\x00c", io.ErrUnexpectedEOF},
+			testRemaining{4, 2},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{1, 3}, {6, 2}}, 8},
+		tests: []testFnc{
+			testRemaining{8, 5},
+			testRead{8, "\x00abc\x00\x00de", io.EOF},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{1, 3}, {6, 0}, {6, 0}, {6, 2}}, 8},
+		tests: []testFnc{
+			testRemaining{8, 5},
+			testRead{8, "\x00abc\x00\x00de", io.EOF},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{1, 3}, {6, 0}, {6, 0}, {6, 2}}, 8},
+		tests: []testFnc{
+			testRemaining{8, 5},
+			testWriteTo{fileOps{int64(1), "abc", int64(2), "de"}, 8, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{1, 3}, {6, 2}}, 10},
+		tests: []testFnc{
+			testRead{100, "\x00abc\x00\x00de\x00\x00", io.EOF},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{1, 3}, {6, 2}}, 10},
+		tests: []testFnc{
+			testWriteTo{fileOps{int64(1), "abc", int64(2), "de", int64(1), "\x00"}, 10, nil},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{1, 3}, {6, 2}, {8, 0}, {8, 0}, {8, 0}, {8, 0}}, 10},
+		tests: []testFnc{
+			testRead{100, "\x00abc\x00\x00de\x00\x00", io.EOF},
+		},
+	}, {
+		maker: makeSparse{makeReg{"", 0}, sparseDatas{}, 2},
+		tests: []testFnc{
+			testRead{100, "\x00\x00", io.EOF},
+		},
+	}, {
+		maker: makeSparse{makeReg{"", 8}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRead{100, "\x00", io.ErrUnexpectedEOF},
+		},
+	}, {
+		maker: makeSparse{makeReg{"ab", 2}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRead{100, "\x00ab", errMissData},
+		},
+	}, {
+		maker: makeSparse{makeReg{"ab", 8}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRead{100, "\x00ab", io.ErrUnexpectedEOF},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abc", 3}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRead{100, "\x00abc\x00\x00", errMissData},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abc", 8}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRead{100, "\x00abc\x00\x00", io.ErrUnexpectedEOF},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRead{100, "\x00abc\x00\x00de", errMissData},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 5}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testWriteTo{fileOps{int64(1), "abc", int64(2), "de"}, 8, errMissData},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcde", 8}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRead{100, "\x00abc\x00\x00de", io.ErrUnexpectedEOF},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcdefghEXTRA", 13}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRemaining{15, 13},
+			testRead{100, "\x00abc\x00\x00defgh\x00\x00\x00\x00", errUnrefData},
+			testWriteTo{nil, 0, errUnrefData},
+			testRemaining{0, 5},
+		},
+	}, {
+		maker: makeSparse{makeReg{"abcdefghEXTRA", 13}, sparseDatas{{1, 3}, {6, 5}}, 15},
+		tests: []testFnc{
+			testRemaining{15, 13},
+			testWriteTo{fileOps{int64(1), "abc", int64(2), "defgh", int64(4)}, 15, errUnrefData},
+			testRead{100, "", errUnrefData},
+			testRemaining{0, 5},
+		},
+	}}
+
+	for i, v := range vectors {
+		var fr fileReader
+		switch maker := v.maker.(type) {
+		case makeReg:
+			r := testNonEmptyReader{strings.NewReader(maker.str)}
+			fr = &regFileReader{r, maker.size}
+		case makeSparse:
+			if !validateSparseEntries(maker.spd, maker.size) {
+				t.Fatalf("invalid sparse map: %v", maker.spd)
+			}
+			sph := invertSparseEntries(maker.spd, maker.size)
+			r := testNonEmptyReader{strings.NewReader(maker.makeReg.str)}
+			fr = &regFileReader{r, maker.makeReg.size}
+			fr = &sparseFileReader{fr, sph, 0}
+		default:
+			t.Fatalf("test %d, unknown make operation: %T", i, maker)
+		}
+
+		for j, tf := range v.tests {
+			switch tf := tf.(type) {
+			case testRead:
+				b := make([]byte, tf.cnt)
+				n, err := fr.Read(b)
+				if got := string(b[:n]); got != tf.wantStr || err != tf.wantErr {
+					t.Errorf("test %d.%d, Read(%d):\ngot  (%q, %v)\nwant (%q, %v)", i, j, tf.cnt, got, err, tf.wantStr, tf.wantErr)
+				}
+			case testWriteTo:
+				f := &testFile{ops: tf.ops}
+				got, err := fr.WriteTo(f)
+				if _, ok := err.(testError); ok {
+					t.Errorf("test %d.%d, WriteTo(): %v", i, j, err)
+				} else if got != tf.wantCnt || err != tf.wantErr {
+					t.Errorf("test %d.%d, WriteTo() = (%d, %v), want (%d, %v)", i, j, got, err, tf.wantCnt, tf.wantErr)
+				}
+				if len(f.ops) > 0 {
+					t.Errorf("test %d.%d, expected %d more operations", i, j, len(f.ops))
+				}
+			case testRemaining:
+				if got := fr.LogicalRemaining(); got != tf.wantLCnt {
+					t.Errorf("test %d.%d, LogicalRemaining() = %d, want %d", i, j, got, tf.wantLCnt)
+				}
+				if got := fr.PhysicalRemaining(); got != tf.wantPCnt {
+					t.Errorf("test %d.%d, PhysicalRemaining() = %d, want %d", i, j, got, tf.wantPCnt)
+				}
+			default:
+				t.Fatalf("test %d.%d, unknown test operation: %T", i, j, tf)
+			}
+		}
+	}
+}
diff --git a/vendor/archive/tar/stat_actime1.go b/vendor/archive/tar/stat_actime1.go
new file mode 100644
index 0000000000000..4fdf2a04b3df4
--- /dev/null
+++ b/vendor/archive/tar/stat_actime1.go
@@ -0,0 +1,21 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || linux || dragonfly || openbsd || solaris
+// +build aix linux dragonfly openbsd solaris
+
+package tar
+
+import (
+	"syscall"
+	"time"
+)
+
+func statAtime(st *syscall.Stat_t) time.Time {
+	return time.Unix(st.Atim.Unix())
+}
+
+func statCtime(st *syscall.Stat_t) time.Time {
+	return time.Unix(st.Ctim.Unix())
+}
diff --git a/vendor/archive/tar/stat_actime2.go b/vendor/archive/tar/stat_actime2.go
new file mode 100644
index 0000000000000..5a9a35cbb4e22
--- /dev/null
+++ b/vendor/archive/tar/stat_actime2.go
@@ -0,0 +1,21 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin || freebsd || netbsd
+// +build darwin freebsd netbsd
+
+package tar
+
+import (
+	"syscall"
+	"time"
+)
+
+func statAtime(st *syscall.Stat_t) time.Time {
+	return time.Unix(st.Atimespec.Unix())
+}
+
+func statCtime(st *syscall.Stat_t) time.Time {
+	return time.Unix(st.Ctimespec.Unix())
+}
diff --git a/vendor/archive/tar/stat_unix.go b/vendor/archive/tar/stat_unix.go
new file mode 100644
index 0000000000000..4a5bca03121c2
--- /dev/null
+++ b/vendor/archive/tar/stat_unix.go
@@ -0,0 +1,82 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || linux || darwin || dragonfly || freebsd || openbsd || netbsd || solaris
+// +build aix linux darwin dragonfly freebsd openbsd netbsd solaris
+
+package tar
+
+import (
+	"io/fs"
+	"runtime"
+	"syscall"
+)
+
+func init() {
+	sysStat = statUnix
+}
+
+func statUnix(fi fs.FileInfo, h *Header) error {
+	sys, ok := fi.Sys().(*syscall.Stat_t)
+	if !ok {
+		return nil
+	}
+	h.Uid = int(sys.Uid)
+	h.Gid = int(sys.Gid)
+
+	// TODO(bradfitz): populate username & group.  os/user
+	// doesn't cache LookupId lookups, and lacks group
+	// lookup functions.
+	h.AccessTime = statAtime(sys)
+	h.ChangeTime = statCtime(sys)
+
+	// Best effort at populating Devmajor and Devminor.
+	if h.Typeflag == TypeChar || h.Typeflag == TypeBlock {
+		dev := uint64(sys.Rdev) // May be int32 or uint32
+		switch runtime.GOOS {
+		case "aix":
+			var major, minor uint32
+			major = uint32((dev & 0x3fffffff00000000) >> 32)
+			minor = uint32((dev & 0x00000000ffffffff) >> 0)
+			h.Devmajor, h.Devminor = int64(major), int64(minor)
+		case "linux":
+			// Copied from golang.org/x/sys/unix/dev_linux.go.
+			major := uint32((dev & 0x00000000000fff00) >> 8)
+			major |= uint32((dev & 0xfffff00000000000) >> 32)
+			minor := uint32((dev & 0x00000000000000ff) >> 0)
+			minor |= uint32((dev & 0x00000ffffff00000) >> 12)
+			h.Devmajor, h.Devminor = int64(major), int64(minor)
+		case "darwin", "ios":
+			// Copied from golang.org/x/sys/unix/dev_darwin.go.
+			major := uint32((dev >> 24) & 0xff)
+			minor := uint32(dev & 0xffffff)
+			h.Devmajor, h.Devminor = int64(major), int64(minor)
+		case "dragonfly":
+			// Copied from golang.org/x/sys/unix/dev_dragonfly.go.
+			major := uint32((dev >> 8) & 0xff)
+			minor := uint32(dev & 0xffff00ff)
+			h.Devmajor, h.Devminor = int64(major), int64(minor)
+		case "freebsd":
+			// Copied from golang.org/x/sys/unix/dev_freebsd.go.
+			major := uint32((dev >> 8) & 0xff)
+			minor := uint32(dev & 0xffff00ff)
+			h.Devmajor, h.Devminor = int64(major), int64(minor)
+		case "netbsd":
+			// Copied from golang.org/x/sys/unix/dev_netbsd.go.
+			major := uint32((dev & 0x000fff00) >> 8)
+			minor := uint32((dev & 0x000000ff) >> 0)
+			minor |= uint32((dev & 0xfff00000) >> 12)
+			h.Devmajor, h.Devminor = int64(major), int64(minor)
+		case "openbsd":
+			// Copied from golang.org/x/sys/unix/dev_openbsd.go.
+			major := uint32((dev & 0x0000ff00) >> 8)
+			minor := uint32((dev & 0x000000ff) >> 0)
+			minor |= uint32((dev & 0xffff0000) >> 8)
+			h.Devmajor, h.Devminor = int64(major), int64(minor)
+		default:
+			// TODO: Implement solaris (see https://golang.org/issue/8106)
+		}
+	}
+	return nil
+}
diff --git a/vendor/archive/tar/strconv.go b/vendor/archive/tar/strconv.go
new file mode 100644
index 0000000000000..f0b61e6dba69a
--- /dev/null
+++ b/vendor/archive/tar/strconv.go
@@ -0,0 +1,345 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar
+
+import (
+	"bytes"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// hasNUL reports whether the NUL character exists within s.
+func hasNUL(s string) bool {
+	return strings.IndexByte(s, 0) >= 0
+}
+
+// isASCII reports whether the input is an ASCII C-style string.
+func isASCII(s string) bool {
+	for _, c := range s {
+		if c >= 0x80 || c == 0x00 {
+			return false
+		}
+	}
+	return true
+}
+
+// toASCII converts the input to an ASCII C-style string.
+// This is a best effort conversion, so invalid characters are dropped.
+func toASCII(s string) string {
+	if isASCII(s) {
+		return s
+	}
+	b := make([]byte, 0, len(s))
+	for _, c := range s {
+		if c < 0x80 && c != 0x00 {
+			b = append(b, byte(c))
+		}
+	}
+	return string(b)
+}
+
+type parser struct {
+	err error // Last error seen
+}
+
+type formatter struct {
+	err error // Last error seen
+}
+
+// parseString parses bytes as a NUL-terminated C-style string.
+// If a NUL byte is not found then the whole slice is returned as a string.
+func (*parser) parseString(b []byte) string {
+	if i := bytes.IndexByte(b, 0); i >= 0 {
+		return string(b[:i])
+	}
+	return string(b)
+}
+
+// formatString copies s into b, NUL-terminating if possible.
+func (f *formatter) formatString(b []byte, s string) {
+	if len(s) > len(b) {
+		f.err = ErrFieldTooLong
+	}
+	copy(b, s)
+	if len(s) < len(b) {
+		b[len(s)] = 0
+	}
+
+	// Some buggy readers treat regular files with a trailing slash
+	// in the V7 path field as a directory even though the full path
+	// recorded elsewhere (e.g., via PAX record) contains no trailing slash.
+	if len(s) > len(b) && b[len(b)-1] == '/' {
+		n := len(strings.TrimRight(s[:len(b)], "/"))
+		b[n] = 0 // Replace trailing slash with NUL terminator
+	}
+}
+
+// fitsInBase256 reports whether x can be encoded into n bytes using base-256
+// encoding. Unlike octal encoding, base-256 encoding does not require that the
+// string ends with a NUL character. Thus, all n bytes are available for output.
+//
+// If operating in binary mode, this assumes strict GNU binary mode; which means
+// that the first byte can only be either 0x80 or 0xff. Thus, the first byte is
+// equivalent to the sign bit in two's complement form.
+func fitsInBase256(n int, x int64) bool {
+	binBits := uint(n-1) * 8
+	return n >= 9 || (x >= -1<<binBits && x < 1<<binBits)
+}
+
+// parseNumeric parses the input as being encoded in either base-256 or octal.
+// This function may return negative numbers.
+// If parsing fails or an integer overflow occurs, err will be set.
+func (p *parser) parseNumeric(b []byte) int64 {
+	// Check for base-256 (binary) format first.
+	// If the first bit is set, then all following bits constitute a two's
+	// complement encoded number in big-endian byte order.
+	if len(b) > 0 && b[0]&0x80 != 0 {
+		// Handling negative numbers relies on the following identity:
+		//	-a-1 == ^a
+		//
+		// If the number is negative, we use an inversion mask to invert the
+		// data bytes and treat the value as an unsigned number.
+		var inv byte // 0x00 if positive or zero, 0xff if negative
+		if b[0]&0x40 != 0 {
+			inv = 0xff
+		}
+
+		var x uint64
+		for i, c := range b {
+			c ^= inv // Inverts c only if inv is 0xff, otherwise does nothing
+			if i == 0 {
+				c &= 0x7f // Ignore signal bit in first byte
+			}
+			if (x >> 56) > 0 {
+				p.err = ErrHeader // Integer overflow
+				return 0
+			}
+			x = x<<8 | uint64(c)
+		}
+		if (x >> 63) > 0 {
+			p.err = ErrHeader // Integer overflow
+			return 0
+		}
+		if inv == 0xff {
+			return ^int64(x)
+		}
+		return int64(x)
+	}
+
+	// Normal case is base-8 (octal) format.
+	return p.parseOctal(b)
+}
+
+// formatNumeric encodes x into b using base-8 (octal) encoding if possible.
+// Otherwise it will attempt to use base-256 (binary) encoding.
+func (f *formatter) formatNumeric(b []byte, x int64) {
+	if fitsInOctal(len(b), x) {
+		f.formatOctal(b, x)
+		return
+	}
+
+	if fitsInBase256(len(b), x) {
+		for i := len(b) - 1; i >= 0; i-- {
+			b[i] = byte(x)
+			x >>= 8
+		}
+		b[0] |= 0x80 // Highest bit indicates binary format
+		return
+	}
+
+	f.formatOctal(b, 0) // Last resort, just write zero
+	f.err = ErrFieldTooLong
+}
+
+func (p *parser) parseOctal(b []byte) int64 {
+	// Because unused fields are filled with NULs, we need
+	// to skip leading NULs. Fields may also be padded with
+	// spaces or NULs.
+	// So we remove leading and trailing NULs and spaces to
+	// be sure.
+	b = bytes.Trim(b, " \x00")
+
+	if len(b) == 0 {
+		return 0
+	}
+	x, perr := strconv.ParseUint(p.parseString(b), 8, 64)
+	if perr != nil {
+		p.err = ErrHeader
+	}
+	return int64(x)
+}
+
+func (f *formatter) formatOctal(b []byte, x int64) {
+	if !fitsInOctal(len(b), x) {
+		x = 0 // Last resort, just write zero
+		f.err = ErrFieldTooLong
+	}
+
+	s := strconv.FormatInt(x, 8)
+	// Add leading zeros, but leave room for a NUL.
+	if n := len(b) - len(s) - 1; n > 0 {
+		s = strings.Repeat("0", n) + s
+	}
+	f.formatString(b, s)
+}
+
+// fitsInOctal reports whether the integer x fits in a field n-bytes long
+// using octal encoding with the appropriate NUL terminator.
+func fitsInOctal(n int, x int64) bool {
+	octBits := uint(n-1) * 3
+	return x >= 0 && (n >= 22 || x < 1<<octBits)
+}
+
+// parsePAXTime takes a string of the form %d.%d as described in the PAX
+// specification. Note that this implementation allows for negative timestamps,
+// which is allowed for by the PAX specification, but not always portable.
+func parsePAXTime(s string) (time.Time, error) {
+	const maxNanoSecondDigits = 9
+
+	// Split string into seconds and sub-seconds parts.
+	ss, sn := s, ""
+	if pos := strings.IndexByte(s, '.'); pos >= 0 {
+		ss, sn = s[:pos], s[pos+1:]
+	}
+
+	// Parse the seconds.
+	secs, err := strconv.ParseInt(ss, 10, 64)
+	if err != nil {
+		return time.Time{}, ErrHeader
+	}
+	if len(sn) == 0 {
+		return time.Unix(secs, 0), nil // No sub-second values
+	}
+
+	// Parse the nanoseconds.
+	if strings.Trim(sn, "0123456789") != "" {
+		return time.Time{}, ErrHeader
+	}
+	if len(sn) < maxNanoSecondDigits {
+		sn += strings.Repeat("0", maxNanoSecondDigits-len(sn)) // Right pad
+	} else {
+		sn = sn[:maxNanoSecondDigits] // Right truncate
+	}
+	nsecs, _ := strconv.ParseInt(sn, 10, 64) // Must succeed
+	if len(ss) > 0 && ss[0] == '-' {
+		return time.Unix(secs, -1*nsecs), nil // Negative correction
+	}
+	return time.Unix(secs, nsecs), nil
+}
+
+// formatPAXTime converts ts into a time of the form %d.%d as described in the
+// PAX specification. This function is capable of negative timestamps.
+func formatPAXTime(ts time.Time) (s string) {
+	secs, nsecs := ts.Unix(), ts.Nanosecond()
+	if nsecs == 0 {
+		return strconv.FormatInt(secs, 10)
+	}
+
+	// If seconds is negative, then perform correction.
+	sign := ""
+	if secs < 0 {
+		sign = "-"             // Remember sign
+		secs = -(secs + 1)     // Add a second to secs
+		nsecs = -(nsecs - 1e9) // Take that second away from nsecs
+	}
+	return strings.TrimRight(fmt.Sprintf("%s%d.%09d", sign, secs, nsecs), "0")
+}
+
+// parsePAXRecord parses the input PAX record string into a key-value pair.
+// If parsing is successful, it will slice off the currently read record and
+// return the remainder as r.
+func parsePAXRecord(s string) (k, v, r string, err error) {
+	// The size field ends at the first space.
+	sp := strings.IndexByte(s, ' ')
+	if sp == -1 {
+		return "", "", s, ErrHeader
+	}
+
+	// Parse the first token as a decimal integer.
+	n, perr := strconv.ParseInt(s[:sp], 10, 0) // Intentionally parse as native int
+	if perr != nil || n < 5 || int64(len(s)) < n {
+		return "", "", s, ErrHeader
+	}
+
+	afterSpace := int64(sp + 1)
+	beforeLastNewLine := n - 1
+	// In some cases, "length" was perhaps padded/malformed, and
+	// trying to index past where the space supposedly is goes past
+	// the end of the actual record.
+	// For example:
+	//    "0000000000000000000000000000000030 mtime=1432668921.098285006\n30 ctime=2147483649.15163319"
+	//                                  ^     ^
+	//                                  |     |
+	//                                  |  afterSpace=35
+	//                                  |
+	//                          beforeLastNewLine=29
+	// yet indexOf(firstSpace) MUST BE before endOfRecord.
+	//
+	// See https://golang.org/issues/40196.
+	if afterSpace >= beforeLastNewLine {
+		return "", "", s, ErrHeader
+	}
+
+	// Extract everything between the space and the final newline.
+	rec, nl, rem := s[afterSpace:beforeLastNewLine], s[beforeLastNewLine:n], s[n:]
+	if nl != "\n" {
+		return "", "", s, ErrHeader
+	}
+
+	// The first equals separates the key from the value.
+	eq := strings.IndexByte(rec, '=')
+	if eq == -1 {
+		return "", "", s, ErrHeader
+	}
+	k, v = rec[:eq], rec[eq+1:]
+
+	if !validPAXRecord(k, v) {
+		return "", "", s, ErrHeader
+	}
+	return k, v, rem, nil
+}
+
+// formatPAXRecord formats a single PAX record, prefixing it with the
+// appropriate length.
+func formatPAXRecord(k, v string) (string, error) {
+	if !validPAXRecord(k, v) {
+		return "", ErrHeader
+	}
+
+	const padding = 3 // Extra padding for ' ', '=', and '\n'
+	size := len(k) + len(v) + padding
+	size += len(strconv.Itoa(size))
+	record := strconv.Itoa(size) + " " + k + "=" + v + "\n"
+
+	// Final adjustment if adding size field increased the record size.
+	if len(record) != size {
+		size = len(record)
+		record = strconv.Itoa(size) + " " + k + "=" + v + "\n"
+	}
+	return record, nil
+}
+
+// validPAXRecord reports whether the key-value pair is valid where each
+// record is formatted as:
+//	"%d %s=%s\n" % (size, key, value)
+//
+// Keys and values should be UTF-8, but the number of bad writers out there
+// forces us to be a more liberal.
+// Thus, we only reject all keys with NUL, and only reject NULs in values
+// for the PAX version of the USTAR string fields.
+// The key must not contain an '=' character.
+func validPAXRecord(k, v string) bool {
+	if k == "" || strings.IndexByte(k, '=') >= 0 {
+		return false
+	}
+	switch k {
+	case paxPath, paxLinkpath, paxUname, paxGname:
+		return !hasNUL(v)
+	default:
+		return !hasNUL(k)
+	}
+}
diff --git a/vendor/archive/tar/strconv_test.go b/vendor/archive/tar/strconv_test.go
new file mode 100644
index 0000000000000..add65e272ae6d
--- /dev/null
+++ b/vendor/archive/tar/strconv_test.go
@@ -0,0 +1,441 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar
+
+import (
+	"math"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestFitsInBase256(t *testing.T) {
+	vectors := []struct {
+		in    int64
+		width int
+		ok    bool
+	}{
+		{+1, 8, true},
+		{0, 8, true},
+		{-1, 8, true},
+		{1 << 56, 8, false},
+		{(1 << 56) - 1, 8, true},
+		{-1 << 56, 8, true},
+		{(-1 << 56) - 1, 8, false},
+		{121654, 8, true},
+		{-9849849, 8, true},
+		{math.MaxInt64, 9, true},
+		{0, 9, true},
+		{math.MinInt64, 9, true},
+		{math.MaxInt64, 12, true},
+		{0, 12, true},
+		{math.MinInt64, 12, true},
+	}
+
+	for _, v := range vectors {
+		ok := fitsInBase256(v.width, v.in)
+		if ok != v.ok {
+			t.Errorf("fitsInBase256(%d, %d): got %v, want %v", v.in, v.width, ok, v.ok)
+		}
+	}
+}
+
+func TestParseNumeric(t *testing.T) {
+	vectors := []struct {
+		in   string
+		want int64
+		ok   bool
+	}{
+		// Test base-256 (binary) encoded values.
+		{"", 0, true},
+		{"\x80", 0, true},
+		{"\x80\x00", 0, true},
+		{"\x80\x00\x00", 0, true},
+		{"\xbf", (1 << 6) - 1, true},
+		{"\xbf\xff", (1 << 14) - 1, true},
+		{"\xbf\xff\xff", (1 << 22) - 1, true},
+		{"\xff", -1, true},
+		{"\xff\xff", -1, true},
+		{"\xff\xff\xff", -1, true},
+		{"\xc0", -1 * (1 << 6), true},
+		{"\xc0\x00", -1 * (1 << 14), true},
+		{"\xc0\x00\x00", -1 * (1 << 22), true},
+		{"\x87\x76\xa2\x22\xeb\x8a\x72\x61", 537795476381659745, true},
+		{"\x80\x00\x00\x00\x07\x76\xa2\x22\xeb\x8a\x72\x61", 537795476381659745, true},
+		{"\xf7\x76\xa2\x22\xeb\x8a\x72\x61", -615126028225187231, true},
+		{"\xff\xff\xff\xff\xf7\x76\xa2\x22\xeb\x8a\x72\x61", -615126028225187231, true},
+		{"\x80\x7f\xff\xff\xff\xff\xff\xff\xff", math.MaxInt64, true},
+		{"\x80\x80\x00\x00\x00\x00\x00\x00\x00", 0, false},
+		{"\xff\x80\x00\x00\x00\x00\x00\x00\x00", math.MinInt64, true},
+		{"\xff\x7f\xff\xff\xff\xff\xff\xff\xff", 0, false},
+		{"\xf5\xec\xd1\xc7\x7e\x5f\x26\x48\x81\x9f\x8f\x9b", 0, false},
+
+		// Test base-8 (octal) encoded values.
+		{"0000000\x00", 0, true},
+		{" \x0000000\x00", 0, true},
+		{" \x0000003\x00", 3, true},
+		{"00000000227\x00", 0227, true},
+		{"032033\x00 ", 032033, true},
+		{"320330\x00 ", 0320330, true},
+		{"0000660\x00 ", 0660, true},
+		{"\x00 0000660\x00 ", 0660, true},
+		{"0123456789abcdef", 0, false},
+		{"0123456789\x00abcdef", 0, false},
+		{"01234567\x0089abcdef", 342391, true},
+		{"0123\x7e\x5f\x264123", 0, false},
+	}
+
+	for _, v := range vectors {
+		var p parser
+		got := p.parseNumeric([]byte(v.in))
+		ok := (p.err == nil)
+		if ok != v.ok {
+			if v.ok {
+				t.Errorf("parseNumeric(%q): got parsing failure, want success", v.in)
+			} else {
+				t.Errorf("parseNumeric(%q): got parsing success, want failure", v.in)
+			}
+		}
+		if ok && got != v.want {
+			t.Errorf("parseNumeric(%q): got %d, want %d", v.in, got, v.want)
+		}
+	}
+}
+
+func TestFormatNumeric(t *testing.T) {
+	vectors := []struct {
+		in   int64
+		want string
+		ok   bool
+	}{
+		// Test base-8 (octal) encoded values.
+		{0, "0\x00", true},
+		{7, "7\x00", true},
+		{8, "\x80\x08", true},
+		{077, "77\x00", true},
+		{0100, "\x80\x00\x40", true},
+		{0, "0000000\x00", true},
+		{0123, "0000123\x00", true},
+		{07654321, "7654321\x00", true},
+		{07777777, "7777777\x00", true},
+		{010000000, "\x80\x00\x00\x00\x00\x20\x00\x00", true},
+		{0, "00000000000\x00", true},
+		{000001234567, "00001234567\x00", true},
+		{076543210321, "76543210321\x00", true},
+		{012345670123, "12345670123\x00", true},
+		{077777777777, "77777777777\x00", true},
+		{0100000000000, "\x80\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00", true},
+		{math.MaxInt64, "777777777777777777777\x00", true},
+
+		// Test base-256 (binary) encoded values.
+		{-1, "\xff", true},
+		{-1, "\xff\xff", true},
+		{-1, "\xff\xff\xff", true},
+		{(1 << 0), "0", false},
+		{(1 << 8) - 1, "\x80\xff", true},
+		{(1 << 8), "0\x00", false},
+		{(1 << 16) - 1, "\x80\xff\xff", true},
+		{(1 << 16), "00\x00", false},
+		{-1 * (1 << 0), "\xff", true},
+		{-1*(1<<0) - 1, "0", false},
+		{-1 * (1 << 8), "\xff\x00", true},
+		{-1*(1<<8) - 1, "0\x00", false},
+		{-1 * (1 << 16), "\xff\x00\x00", true},
+		{-1*(1<<16) - 1, "00\x00", false},
+		{537795476381659745, "0000000\x00", false},
+		{537795476381659745, "\x80\x00\x00\x00\x07\x76\xa2\x22\xeb\x8a\x72\x61", true},
+		{-615126028225187231, "0000000\x00", false},
+		{-615126028225187231, "\xff\xff\xff\xff\xf7\x76\xa2\x22\xeb\x8a\x72\x61", true},
+		{math.MaxInt64, "0000000\x00", false},
+		{math.MaxInt64, "\x80\x00\x00\x00\x7f\xff\xff\xff\xff\xff\xff\xff", true},
+		{math.MinInt64, "0000000\x00", false},
+		{math.MinInt64, "\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00", true},
+		{math.MaxInt64, "\x80\x7f\xff\xff\xff\xff\xff\xff\xff", true},
+		{math.MinInt64, "\xff\x80\x00\x00\x00\x00\x00\x00\x00", true},
+	}
+
+	for _, v := range vectors {
+		var f formatter
+		got := make([]byte, len(v.want))
+		f.formatNumeric(got, v.in)
+		ok := (f.err == nil)
+		if ok != v.ok {
+			if v.ok {
+				t.Errorf("formatNumeric(%d): got formatting failure, want success", v.in)
+			} else {
+				t.Errorf("formatNumeric(%d): got formatting success, want failure", v.in)
+			}
+		}
+		if string(got) != v.want {
+			t.Errorf("formatNumeric(%d): got %q, want %q", v.in, got, v.want)
+		}
+	}
+}
+
+func TestFitsInOctal(t *testing.T) {
+	vectors := []struct {
+		input int64
+		width int
+		ok    bool
+	}{
+		{-1, 1, false},
+		{-1, 2, false},
+		{-1, 3, false},
+		{0, 1, true},
+		{0 + 1, 1, false},
+		{0, 2, true},
+		{07, 2, true},
+		{07 + 1, 2, false},
+		{0, 4, true},
+		{0777, 4, true},
+		{0777 + 1, 4, false},
+		{0, 8, true},
+		{07777777, 8, true},
+		{07777777 + 1, 8, false},
+		{0, 12, true},
+		{077777777777, 12, true},
+		{077777777777 + 1, 12, false},
+		{math.MaxInt64, 22, true},
+		{012345670123, 12, true},
+		{01564164, 12, true},
+		{-012345670123, 12, false},
+		{-01564164, 12, false},
+		{-1564164, 30, false},
+	}
+
+	for _, v := range vectors {
+		ok := fitsInOctal(v.width, v.input)
+		if ok != v.ok {
+			t.Errorf("checkOctal(%d, %d): got %v, want %v", v.input, v.width, ok, v.ok)
+		}
+	}
+}
+
+func TestParsePAXTime(t *testing.T) {
+	vectors := []struct {
+		in   string
+		want time.Time
+		ok   bool
+	}{
+		{"1350244992.023960108", time.Unix(1350244992, 23960108), true},
+		{"1350244992.02396010", time.Unix(1350244992, 23960100), true},
+		{"1350244992.0239601089", time.Unix(1350244992, 23960108), true},
+		{"1350244992.3", time.Unix(1350244992, 300000000), true},
+		{"1350244992", time.Unix(1350244992, 0), true},
+		{"-1.000000001", time.Unix(-1, -1e0+0e0), true},
+		{"-1.000001", time.Unix(-1, -1e3+0e0), true},
+		{"-1.001000", time.Unix(-1, -1e6+0e0), true},
+		{"-1", time.Unix(-1, -0e0+0e0), true},
+		{"-1.999000", time.Unix(-1, -1e9+1e6), true},
+		{"-1.999999", time.Unix(-1, -1e9+1e3), true},
+		{"-1.999999999", time.Unix(-1, -1e9+1e0), true},
+		{"0.000000001", time.Unix(0, 1e0+0e0), true},
+		{"0.000001", time.Unix(0, 1e3+0e0), true},
+		{"0.001000", time.Unix(0, 1e6+0e0), true},
+		{"0", time.Unix(0, 0e0), true},
+		{"0.999000", time.Unix(0, 1e9-1e6), true},
+		{"0.999999", time.Unix(0, 1e9-1e3), true},
+		{"0.999999999", time.Unix(0, 1e9-1e0), true},
+		{"1.000000001", time.Unix(+1, +1e0-0e0), true},
+		{"1.000001", time.Unix(+1, +1e3-0e0), true},
+		{"1.001000", time.Unix(+1, +1e6-0e0), true},
+		{"1", time.Unix(+1, +0e0-0e0), true},
+		{"1.999000", time.Unix(+1, +1e9-1e6), true},
+		{"1.999999", time.Unix(+1, +1e9-1e3), true},
+		{"1.999999999", time.Unix(+1, +1e9-1e0), true},
+		{"-1350244992.023960108", time.Unix(-1350244992, -23960108), true},
+		{"-1350244992.02396010", time.Unix(-1350244992, -23960100), true},
+		{"-1350244992.0239601089", time.Unix(-1350244992, -23960108), true},
+		{"-1350244992.3", time.Unix(-1350244992, -300000000), true},
+		{"-1350244992", time.Unix(-1350244992, 0), true},
+		{"", time.Time{}, false},
+		{"0", time.Unix(0, 0), true},
+		{"1.", time.Unix(1, 0), true},
+		{"0.0", time.Unix(0, 0), true},
+		{".5", time.Time{}, false},
+		{"-1.3", time.Unix(-1, -3e8), true},
+		{"-1.0", time.Unix(-1, -0e0), true},
+		{"-0.0", time.Unix(-0, -0e0), true},
+		{"-0.1", time.Unix(-0, -1e8), true},
+		{"-0.01", time.Unix(-0, -1e7), true},
+		{"-0.99", time.Unix(-0, -99e7), true},
+		{"-0.98", time.Unix(-0, -98e7), true},
+		{"-1.1", time.Unix(-1, -1e8), true},
+		{"-1.01", time.Unix(-1, -1e7), true},
+		{"-2.99", time.Unix(-2, -99e7), true},
+		{"-5.98", time.Unix(-5, -98e7), true},
+		{"-", time.Time{}, false},
+		{"+", time.Time{}, false},
+		{"-1.-1", time.Time{}, false},
+		{"99999999999999999999999999999999999999999999999", time.Time{}, false},
+		{"0.123456789abcdef", time.Time{}, false},
+		{"foo", time.Time{}, false},
+		{"\x00", time.Time{}, false},
+		{"𝟵𝟴𝟳𝟲𝟱.𝟰𝟯𝟮𝟭𝟬", time.Time{}, false}, // Unicode numbers (U+1D7EC to U+1D7F5)
+		{"98765﹒43210", time.Time{}, false}, // Unicode period (U+FE52)
+	}
+
+	for _, v := range vectors {
+		ts, err := parsePAXTime(v.in)
+		ok := (err == nil)
+		if v.ok != ok {
+			if v.ok {
+				t.Errorf("parsePAXTime(%q): got parsing failure, want success", v.in)
+			} else {
+				t.Errorf("parsePAXTime(%q): got parsing success, want failure", v.in)
+			}
+		}
+		if ok && !ts.Equal(v.want) {
+			t.Errorf("parsePAXTime(%q): got (%ds %dns), want (%ds %dns)",
+				v.in, ts.Unix(), ts.Nanosecond(), v.want.Unix(), v.want.Nanosecond())
+		}
+	}
+}
+
+func TestFormatPAXTime(t *testing.T) {
+	vectors := []struct {
+		sec, nsec int64
+		want      string
+	}{
+		{1350244992, 0, "1350244992"},
+		{1350244992, 300000000, "1350244992.3"},
+		{1350244992, 23960100, "1350244992.0239601"},
+		{1350244992, 23960108, "1350244992.023960108"},
+		{+1, +1e9 - 1e0, "1.999999999"},
+		{+1, +1e9 - 1e3, "1.999999"},
+		{+1, +1e9 - 1e6, "1.999"},
+		{+1, +0e0 - 0e0, "1"},
+		{+1, +1e6 - 0e0, "1.001"},
+		{+1, +1e3 - 0e0, "1.000001"},
+		{+1, +1e0 - 0e0, "1.000000001"},
+		{0, 1e9 - 1e0, "0.999999999"},
+		{0, 1e9 - 1e3, "0.999999"},
+		{0, 1e9 - 1e6, "0.999"},
+		{0, 0e0, "0"},
+		{0, 1e6 + 0e0, "0.001"},
+		{0, 1e3 + 0e0, "0.000001"},
+		{0, 1e0 + 0e0, "0.000000001"},
+		{-1, -1e9 + 1e0, "-1.999999999"},
+		{-1, -1e9 + 1e3, "-1.999999"},
+		{-1, -1e9 + 1e6, "-1.999"},
+		{-1, -0e0 + 0e0, "-1"},
+		{-1, -1e6 + 0e0, "-1.001"},
+		{-1, -1e3 + 0e0, "-1.000001"},
+		{-1, -1e0 + 0e0, "-1.000000001"},
+		{-1350244992, 0, "-1350244992"},
+		{-1350244992, -300000000, "-1350244992.3"},
+		{-1350244992, -23960100, "-1350244992.0239601"},
+		{-1350244992, -23960108, "-1350244992.023960108"},
+	}
+
+	for _, v := range vectors {
+		got := formatPAXTime(time.Unix(v.sec, v.nsec))
+		if got != v.want {
+			t.Errorf("formatPAXTime(%ds, %dns): got %q, want %q",
+				v.sec, v.nsec, got, v.want)
+		}
+	}
+}
+
+func TestParsePAXRecord(t *testing.T) {
+	medName := strings.Repeat("CD", 50)
+	longName := strings.Repeat("AB", 100)
+
+	vectors := []struct {
+		in      string
+		wantRes string
+		wantKey string
+		wantVal string
+		ok      bool
+	}{
+		{"6 k=v\n\n", "\n", "k", "v", true},
+		{"19 path=/etc/hosts\n", "", "path", "/etc/hosts", true},
+		{"210 path=" + longName + "\nabc", "abc", "path", longName, true},
+		{"110 path=" + medName + "\n", "", "path", medName, true},
+		{"9 foo=ba\n", "", "foo", "ba", true},
+		{"11 foo=bar\n\x00", "\x00", "foo", "bar", true},
+		{"18 foo=b=\nar=\n==\x00\n", "", "foo", "b=\nar=\n==\x00", true},
+		{"27 foo=hello9 foo=ba\nworld\n", "", "foo", "hello9 foo=ba\nworld", true},
+		{"27 ☺☻☹=日a本b語ç\nmeow mix", "meow mix", "☺☻☹", "日a本b語ç", true},
+		{"17 \x00hello=\x00world\n", "17 \x00hello=\x00world\n", "", "", false},
+		{"1 k=1\n", "1 k=1\n", "", "", false},
+		{"6 k~1\n", "6 k~1\n", "", "", false},
+		{"6_k=1\n", "6_k=1\n", "", "", false},
+		{"6 k=1 ", "6 k=1 ", "", "", false},
+		{"632 k=1\n", "632 k=1\n", "", "", false},
+		{"16 longkeyname=hahaha\n", "16 longkeyname=hahaha\n", "", "", false},
+		{"3 somelongkey=\n", "3 somelongkey=\n", "", "", false},
+		{"50 tooshort=\n", "50 tooshort=\n", "", "", false},
+		{"0000000000000000000000000000000030 mtime=1432668921.098285006\n30 ctime=2147483649.15163319", "0000000000000000000000000000000030 mtime=1432668921.098285006\n30 ctime=2147483649.15163319", "mtime", "1432668921.098285006", false},
+		{"06 k=v\n", "06 k=v\n", "", "", false},
+		{"00006 k=v\n", "00006 k=v\n", "", "", false},
+		{"000006 k=v\n", "000006 k=v\n", "", "", false},
+		{"000000 k=v\n", "000000 k=v\n", "", "", false},
+		{"0 k=v\n", "0 k=v\n", "", "", false},
+		{"+0000005 x=\n", "+0000005 x=\n", "", "", false},
+	}
+
+	for _, v := range vectors {
+		key, val, res, err := parsePAXRecord(v.in)
+		ok := (err == nil)
+		if ok != v.ok {
+			if v.ok {
+				t.Errorf("parsePAXRecord(%q): got parsing failure, want success", v.in)
+			} else {
+				t.Errorf("parsePAXRecord(%q): got parsing success, want failure", v.in)
+			}
+		}
+		if v.ok && (key != v.wantKey || val != v.wantVal) {
+			t.Errorf("parsePAXRecord(%q): got (%q: %q), want (%q: %q)",
+				v.in, key, val, v.wantKey, v.wantVal)
+		}
+		if res != v.wantRes {
+			t.Errorf("parsePAXRecord(%q): got residual %q, want residual %q",
+				v.in, res, v.wantRes)
+		}
+	}
+}
+
+func TestFormatPAXRecord(t *testing.T) {
+	medName := strings.Repeat("CD", 50)
+	longName := strings.Repeat("AB", 100)
+
+	vectors := []struct {
+		inKey string
+		inVal string
+		want  string
+		ok    bool
+	}{
+		{"k", "v", "6 k=v\n", true},
+		{"path", "/etc/hosts", "19 path=/etc/hosts\n", true},
+		{"path", longName, "210 path=" + longName + "\n", true},
+		{"path", medName, "110 path=" + medName + "\n", true},
+		{"foo", "ba", "9 foo=ba\n", true},
+		{"foo", "bar", "11 foo=bar\n", true},
+		{"foo", "b=\nar=\n==\x00", "18 foo=b=\nar=\n==\x00\n", true},
+		{"foo", "hello9 foo=ba\nworld", "27 foo=hello9 foo=ba\nworld\n", true},
+		{"☺☻☹", "日a本b語ç", "27 ☺☻☹=日a本b語ç\n", true},
+		{"xhello", "\x00world", "17 xhello=\x00world\n", true},
+		{"path", "null\x00", "", false},
+		{"null\x00", "value", "", false},
+		{paxSchilyXattr + "key", "null\x00", "26 SCHILY.xattr.key=null\x00\n", true},
+	}
+
+	for _, v := range vectors {
+		got, err := formatPAXRecord(v.inKey, v.inVal)
+		ok := (err == nil)
+		if ok != v.ok {
+			if v.ok {
+				t.Errorf("formatPAXRecord(%q, %q): got format failure, want success", v.inKey, v.inVal)
+			} else {
+				t.Errorf("formatPAXRecord(%q, %q): got format success, want failure", v.inKey, v.inVal)
+			}
+		}
+		if got != v.want {
+			t.Errorf("formatPAXRecord(%q, %q): got %q, want %q",
+				v.inKey, v.inVal, got, v.want)
+		}
+	}
+}
diff --git a/vendor/archive/tar/tar_test.go b/vendor/archive/tar/tar_test.go
new file mode 100644
index 0000000000000..e9fafc7cc70df
--- /dev/null
+++ b/vendor/archive/tar/tar_test.go
@@ -0,0 +1,850 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"internal/testenv"
+	"io"
+	"io/fs"
+	"math"
+	"os"
+	"path"
+	"path/filepath"
+	"reflect"
+	"strings"
+	"testing"
+	"time"
+)
+
+type testError struct{ error }
+
+type fileOps []interface{} // []T where T is (string | int64)
+
+// testFile is an io.ReadWriteSeeker where the IO operations performed
+// on it must match the list of operations in ops.
+type testFile struct {
+	ops fileOps
+	pos int64
+}
+
+func (f *testFile) Read(b []byte) (int, error) {
+	if len(b) == 0 {
+		return 0, nil
+	}
+	if len(f.ops) == 0 {
+		return 0, io.EOF
+	}
+	s, ok := f.ops[0].(string)
+	if !ok {
+		return 0, errors.New("unexpected Read operation")
+	}
+
+	n := copy(b, s)
+	if len(s) > n {
+		f.ops[0] = s[n:]
+	} else {
+		f.ops = f.ops[1:]
+	}
+	f.pos += int64(len(b))
+	return n, nil
+}
+
+func (f *testFile) Write(b []byte) (int, error) {
+	if len(b) == 0 {
+		return 0, nil
+	}
+	if len(f.ops) == 0 {
+		return 0, errors.New("unexpected Write operation")
+	}
+	s, ok := f.ops[0].(string)
+	if !ok {
+		return 0, errors.New("unexpected Write operation")
+	}
+
+	if !strings.HasPrefix(s, string(b)) {
+		return 0, testError{fmt.Errorf("got Write(%q), want Write(%q)", b, s)}
+	}
+	if len(s) > len(b) {
+		f.ops[0] = s[len(b):]
+	} else {
+		f.ops = f.ops[1:]
+	}
+	f.pos += int64(len(b))
+	return len(b), nil
+}
+
+func (f *testFile) Seek(pos int64, whence int) (int64, error) {
+	if pos == 0 && whence == io.SeekCurrent {
+		return f.pos, nil
+	}
+	if len(f.ops) == 0 {
+		return 0, errors.New("unexpected Seek operation")
+	}
+	s, ok := f.ops[0].(int64)
+	if !ok {
+		return 0, errors.New("unexpected Seek operation")
+	}
+
+	if s != pos || whence != io.SeekCurrent {
+		return 0, testError{fmt.Errorf("got Seek(%d, %d), want Seek(%d, %d)", pos, whence, s, io.SeekCurrent)}
+	}
+	f.pos += s
+	f.ops = f.ops[1:]
+	return f.pos, nil
+}
+
+func equalSparseEntries(x, y []sparseEntry) bool {
+	return (len(x) == 0 && len(y) == 0) || reflect.DeepEqual(x, y)
+}
+
+func TestSparseEntries(t *testing.T) {
+	vectors := []struct {
+		in   []sparseEntry
+		size int64
+
+		wantValid    bool          // Result of validateSparseEntries
+		wantAligned  []sparseEntry // Result of alignSparseEntries
+		wantInverted []sparseEntry // Result of invertSparseEntries
+	}{{
+		in: []sparseEntry{}, size: 0,
+		wantValid:    true,
+		wantInverted: []sparseEntry{{0, 0}},
+	}, {
+		in: []sparseEntry{}, size: 5000,
+		wantValid:    true,
+		wantInverted: []sparseEntry{{0, 5000}},
+	}, {
+		in: []sparseEntry{{0, 5000}}, size: 5000,
+		wantValid:    true,
+		wantAligned:  []sparseEntry{{0, 5000}},
+		wantInverted: []sparseEntry{{5000, 0}},
+	}, {
+		in: []sparseEntry{{1000, 4000}}, size: 5000,
+		wantValid:    true,
+		wantAligned:  []sparseEntry{{1024, 3976}},
+		wantInverted: []sparseEntry{{0, 1000}, {5000, 0}},
+	}, {
+		in: []sparseEntry{{0, 3000}}, size: 5000,
+		wantValid:    true,
+		wantAligned:  []sparseEntry{{0, 2560}},
+		wantInverted: []sparseEntry{{3000, 2000}},
+	}, {
+		in: []sparseEntry{{3000, 2000}}, size: 5000,
+		wantValid:    true,
+		wantAligned:  []sparseEntry{{3072, 1928}},
+		wantInverted: []sparseEntry{{0, 3000}, {5000, 0}},
+	}, {
+		in: []sparseEntry{{2000, 2000}}, size: 5000,
+		wantValid:    true,
+		wantAligned:  []sparseEntry{{2048, 1536}},
+		wantInverted: []sparseEntry{{0, 2000}, {4000, 1000}},
+	}, {
+		in: []sparseEntry{{0, 2000}, {8000, 2000}}, size: 10000,
+		wantValid:    true,
+		wantAligned:  []sparseEntry{{0, 1536}, {8192, 1808}},
+		wantInverted: []sparseEntry{{2000, 6000}, {10000, 0}},
+	}, {
+		in: []sparseEntry{{0, 2000}, {2000, 2000}, {4000, 0}, {4000, 3000}, {7000, 1000}, {8000, 0}, {8000, 2000}}, size: 10000,
+		wantValid:    true,
+		wantAligned:  []sparseEntry{{0, 1536}, {2048, 1536}, {4096, 2560}, {7168, 512}, {8192, 1808}},
+		wantInverted: []sparseEntry{{10000, 0}},
+	}, {
+		in: []sparseEntry{{0, 0}, {1000, 0}, {2000, 0}, {3000, 0}, {4000, 0}, {5000, 0}}, size: 5000,
+		wantValid:    true,
+		wantInverted: []sparseEntry{{0, 5000}},
+	}, {
+		in: []sparseEntry{{1, 0}}, size: 0,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{-1, 0}}, size: 100,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{0, -1}}, size: 100,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{0, 0}}, size: -100,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{math.MaxInt64, 3}, {6, -5}}, size: 35,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{1, 3}, {6, -5}}, size: 35,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{math.MaxInt64, math.MaxInt64}}, size: math.MaxInt64,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{3, 3}}, size: 5,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{2, 0}, {1, 0}, {0, 0}}, size: 3,
+		wantValid: false,
+	}, {
+		in: []sparseEntry{{1, 3}, {2, 2}}, size: 10,
+		wantValid: false,
+	}}
+
+	for i, v := range vectors {
+		gotValid := validateSparseEntries(v.in, v.size)
+		if gotValid != v.wantValid {
+			t.Errorf("test %d, validateSparseEntries() = %v, want %v", i, gotValid, v.wantValid)
+		}
+		if !v.wantValid {
+			continue
+		}
+		gotAligned := alignSparseEntries(append([]sparseEntry{}, v.in...), v.size)
+		if !equalSparseEntries(gotAligned, v.wantAligned) {
+			t.Errorf("test %d, alignSparseEntries():\ngot  %v\nwant %v", i, gotAligned, v.wantAligned)
+		}
+		gotInverted := invertSparseEntries(append([]sparseEntry{}, v.in...), v.size)
+		if !equalSparseEntries(gotInverted, v.wantInverted) {
+			t.Errorf("test %d, inverseSparseEntries():\ngot  %v\nwant %v", i, gotInverted, v.wantInverted)
+		}
+	}
+}
+
+func TestFileInfoHeader(t *testing.T) {
+	fi, err := os.Stat("testdata/small.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	h, err := FileInfoHeader(fi, "")
+	if err != nil {
+		t.Fatalf("FileInfoHeader: %v", err)
+	}
+	if g, e := h.Name, "small.txt"; g != e {
+		t.Errorf("Name = %q; want %q", g, e)
+	}
+	if g, e := h.Mode, int64(fi.Mode().Perm()); g != e {
+		t.Errorf("Mode = %#o; want %#o", g, e)
+	}
+	if g, e := h.Size, int64(5); g != e {
+		t.Errorf("Size = %v; want %v", g, e)
+	}
+	if g, e := h.ModTime, fi.ModTime(); !g.Equal(e) {
+		t.Errorf("ModTime = %v; want %v", g, e)
+	}
+	// FileInfoHeader should error when passing nil FileInfo
+	if _, err := FileInfoHeader(nil, ""); err == nil {
+		t.Fatalf("Expected error when passing nil to FileInfoHeader")
+	}
+}
+
+func TestFileInfoHeaderDir(t *testing.T) {
+	fi, err := os.Stat("testdata")
+	if err != nil {
+		t.Fatal(err)
+	}
+	h, err := FileInfoHeader(fi, "")
+	if err != nil {
+		t.Fatalf("FileInfoHeader: %v", err)
+	}
+	if g, e := h.Name, "testdata/"; g != e {
+		t.Errorf("Name = %q; want %q", g, e)
+	}
+	// Ignoring c_ISGID for golang.org/issue/4867
+	if g, e := h.Mode&^c_ISGID, int64(fi.Mode().Perm()); g != e {
+		t.Errorf("Mode = %#o; want %#o", g, e)
+	}
+	if g, e := h.Size, int64(0); g != e {
+		t.Errorf("Size = %v; want %v", g, e)
+	}
+	if g, e := h.ModTime, fi.ModTime(); !g.Equal(e) {
+		t.Errorf("ModTime = %v; want %v", g, e)
+	}
+}
+
+func TestFileInfoHeaderSymlink(t *testing.T) {
+	testenv.MustHaveSymlink(t)
+
+	tmpdir := t.TempDir()
+
+	link := filepath.Join(tmpdir, "link")
+	target := tmpdir
+	if err := os.Symlink(target, link); err != nil {
+		t.Fatal(err)
+	}
+	fi, err := os.Lstat(link)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	h, err := FileInfoHeader(fi, target)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if g, e := h.Name, fi.Name(); g != e {
+		t.Errorf("Name = %q; want %q", g, e)
+	}
+	if g, e := h.Linkname, target; g != e {
+		t.Errorf("Linkname = %q; want %q", g, e)
+	}
+	if g, e := h.Typeflag, byte(TypeSymlink); g != e {
+		t.Errorf("Typeflag = %v; want %v", g, e)
+	}
+}
+
+func TestRoundTrip(t *testing.T) {
+	data := []byte("some file contents")
+
+	var b bytes.Buffer
+	tw := NewWriter(&b)
+	hdr := &Header{
+		Name:       "file.txt",
+		Uid:        1 << 21, // Too big for 8 octal digits
+		Size:       int64(len(data)),
+		ModTime:    time.Now().Round(time.Second),
+		PAXRecords: map[string]string{"uid": "2097152"},
+		Format:     FormatPAX,
+		Typeflag:   TypeReg,
+	}
+	if err := tw.WriteHeader(hdr); err != nil {
+		t.Fatalf("tw.WriteHeader: %v", err)
+	}
+	if _, err := tw.Write(data); err != nil {
+		t.Fatalf("tw.Write: %v", err)
+	}
+	if err := tw.Close(); err != nil {
+		t.Fatalf("tw.Close: %v", err)
+	}
+
+	// Read it back.
+	tr := NewReader(&b)
+	rHdr, err := tr.Next()
+	if err != nil {
+		t.Fatalf("tr.Next: %v", err)
+	}
+	if !reflect.DeepEqual(rHdr, hdr) {
+		t.Errorf("Header mismatch.\n got %+v\nwant %+v", rHdr, hdr)
+	}
+	rData, err := io.ReadAll(tr)
+	if err != nil {
+		t.Fatalf("Read: %v", err)
+	}
+	if !bytes.Equal(rData, data) {
+		t.Errorf("Data mismatch.\n got %q\nwant %q", rData, data)
+	}
+}
+
+type headerRoundTripTest struct {
+	h  *Header
+	fm fs.FileMode
+}
+
+func TestHeaderRoundTrip(t *testing.T) {
+	vectors := []headerRoundTripTest{{
+		// regular file.
+		h: &Header{
+			Name:     "test.txt",
+			Mode:     0644,
+			Size:     12,
+			ModTime:  time.Unix(1360600916, 0),
+			Typeflag: TypeReg,
+		},
+		fm: 0644,
+	}, {
+		// symbolic link.
+		h: &Header{
+			Name:     "link.txt",
+			Mode:     0777,
+			Size:     0,
+			ModTime:  time.Unix(1360600852, 0),
+			Typeflag: TypeSymlink,
+		},
+		fm: 0777 | fs.ModeSymlink,
+	}, {
+		// character device node.
+		h: &Header{
+			Name:     "dev/null",
+			Mode:     0666,
+			Size:     0,
+			ModTime:  time.Unix(1360578951, 0),
+			Typeflag: TypeChar,
+		},
+		fm: 0666 | fs.ModeDevice | fs.ModeCharDevice,
+	}, {
+		// block device node.
+		h: &Header{
+			Name:     "dev/sda",
+			Mode:     0660,
+			Size:     0,
+			ModTime:  time.Unix(1360578954, 0),
+			Typeflag: TypeBlock,
+		},
+		fm: 0660 | fs.ModeDevice,
+	}, {
+		// directory.
+		h: &Header{
+			Name:     "dir/",
+			Mode:     0755,
+			Size:     0,
+			ModTime:  time.Unix(1360601116, 0),
+			Typeflag: TypeDir,
+		},
+		fm: 0755 | fs.ModeDir,
+	}, {
+		// fifo node.
+		h: &Header{
+			Name:     "dev/initctl",
+			Mode:     0600,
+			Size:     0,
+			ModTime:  time.Unix(1360578949, 0),
+			Typeflag: TypeFifo,
+		},
+		fm: 0600 | fs.ModeNamedPipe,
+	}, {
+		// setuid.
+		h: &Header{
+			Name:     "bin/su",
+			Mode:     0755 | c_ISUID,
+			Size:     23232,
+			ModTime:  time.Unix(1355405093, 0),
+			Typeflag: TypeReg,
+		},
+		fm: 0755 | fs.ModeSetuid,
+	}, {
+		// setguid.
+		h: &Header{
+			Name:     "group.txt",
+			Mode:     0750 | c_ISGID,
+			Size:     0,
+			ModTime:  time.Unix(1360602346, 0),
+			Typeflag: TypeReg,
+		},
+		fm: 0750 | fs.ModeSetgid,
+	}, {
+		// sticky.
+		h: &Header{
+			Name:     "sticky.txt",
+			Mode:     0600 | c_ISVTX,
+			Size:     7,
+			ModTime:  time.Unix(1360602540, 0),
+			Typeflag: TypeReg,
+		},
+		fm: 0600 | fs.ModeSticky,
+	}, {
+		// hard link.
+		h: &Header{
+			Name:     "hard.txt",
+			Mode:     0644,
+			Size:     0,
+			Linkname: "file.txt",
+			ModTime:  time.Unix(1360600916, 0),
+			Typeflag: TypeLink,
+		},
+		fm: 0644,
+	}, {
+		// More information.
+		h: &Header{
+			Name:     "info.txt",
+			Mode:     0600,
+			Size:     0,
+			Uid:      1000,
+			Gid:      1000,
+			ModTime:  time.Unix(1360602540, 0),
+			Uname:    "slartibartfast",
+			Gname:    "users",
+			Typeflag: TypeReg,
+		},
+		fm: 0600,
+	}}
+
+	for i, v := range vectors {
+		fi := v.h.FileInfo()
+		h2, err := FileInfoHeader(fi, "")
+		if err != nil {
+			t.Error(err)
+			continue
+		}
+		if strings.Contains(fi.Name(), "/") {
+			t.Errorf("FileInfo of %q contains slash: %q", v.h.Name, fi.Name())
+		}
+		name := path.Base(v.h.Name)
+		if fi.IsDir() {
+			name += "/"
+		}
+		if got, want := h2.Name, name; got != want {
+			t.Errorf("i=%d: Name: got %v, want %v", i, got, want)
+		}
+		if got, want := h2.Size, v.h.Size; got != want {
+			t.Errorf("i=%d: Size: got %v, want %v", i, got, want)
+		}
+		if got, want := h2.Uid, v.h.Uid; got != want {
+			t.Errorf("i=%d: Uid: got %d, want %d", i, got, want)
+		}
+		if got, want := h2.Gid, v.h.Gid; got != want {
+			t.Errorf("i=%d: Gid: got %d, want %d", i, got, want)
+		}
+		if got, want := h2.Uname, v.h.Uname; got != want {
+			t.Errorf("i=%d: Uname: got %q, want %q", i, got, want)
+		}
+		if got, want := h2.Gname, v.h.Gname; got != want {
+			t.Errorf("i=%d: Gname: got %q, want %q", i, got, want)
+		}
+		if got, want := h2.Linkname, v.h.Linkname; got != want {
+			t.Errorf("i=%d: Linkname: got %v, want %v", i, got, want)
+		}
+		if got, want := h2.Typeflag, v.h.Typeflag; got != want {
+			t.Logf("%#v %#v", v.h, fi.Sys())
+			t.Errorf("i=%d: Typeflag: got %q, want %q", i, got, want)
+		}
+		if got, want := h2.Mode, v.h.Mode; got != want {
+			t.Errorf("i=%d: Mode: got %o, want %o", i, got, want)
+		}
+		if got, want := fi.Mode(), v.fm; got != want {
+			t.Errorf("i=%d: fi.Mode: got %o, want %o", i, got, want)
+		}
+		if got, want := h2.AccessTime, v.h.AccessTime; got != want {
+			t.Errorf("i=%d: AccessTime: got %v, want %v", i, got, want)
+		}
+		if got, want := h2.ChangeTime, v.h.ChangeTime; got != want {
+			t.Errorf("i=%d: ChangeTime: got %v, want %v", i, got, want)
+		}
+		if got, want := h2.ModTime, v.h.ModTime; got != want {
+			t.Errorf("i=%d: ModTime: got %v, want %v", i, got, want)
+		}
+		if sysh, ok := fi.Sys().(*Header); !ok || sysh != v.h {
+			t.Errorf("i=%d: Sys didn't return original *Header", i)
+		}
+	}
+}
+
+func TestHeaderAllowedFormats(t *testing.T) {
+	vectors := []struct {
+		header  *Header           // Input header
+		paxHdrs map[string]string // Expected PAX headers that may be needed
+		formats Format            // Expected formats that can encode the header
+	}{{
+		header:  &Header{},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Size: 077777777777},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Size: 077777777777, Format: FormatUSTAR},
+		formats: FormatUSTAR,
+	}, {
+		header:  &Header{Size: 077777777777, Format: FormatPAX},
+		formats: FormatUSTAR | FormatPAX,
+	}, {
+		header:  &Header{Size: 077777777777, Format: FormatGNU},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{Size: 077777777777 + 1},
+		paxHdrs: map[string]string{paxSize: "8589934592"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Size: 077777777777 + 1, Format: FormatPAX},
+		paxHdrs: map[string]string{paxSize: "8589934592"},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{Size: 077777777777 + 1, Format: FormatGNU},
+		paxHdrs: map[string]string{paxSize: "8589934592"},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{Mode: 07777777},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Mode: 07777777 + 1},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{Devmajor: -123},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{Devmajor: 1<<56 - 1},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{Devmajor: 1 << 56},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{Devmajor: -1 << 56},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{Devmajor: -1<<56 - 1},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{Name: "用戶名", Devmajor: -1 << 56},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{Size: math.MaxInt64},
+		paxHdrs: map[string]string{paxSize: "9223372036854775807"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Size: math.MinInt64},
+		paxHdrs: map[string]string{paxSize: "-9223372036854775808"},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{Uname: "0123456789abcdef0123456789abcdef"},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Uname: "0123456789abcdef0123456789abcdefx"},
+		paxHdrs: map[string]string{paxUname: "0123456789abcdef0123456789abcdefx"},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{Name: "foobar"},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Name: strings.Repeat("a", nameSize)},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Name: strings.Repeat("a", nameSize+1)},
+		paxHdrs: map[string]string{paxPath: strings.Repeat("a", nameSize+1)},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Linkname: "用戶名"},
+		paxHdrs: map[string]string{paxLinkpath: "用戶名"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Linkname: strings.Repeat("用戶名\x00", nameSize)},
+		paxHdrs: map[string]string{paxLinkpath: strings.Repeat("用戶名\x00", nameSize)},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{Linkname: "\x00hello"},
+		paxHdrs: map[string]string{paxLinkpath: "\x00hello"},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{Uid: 07777777},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Uid: 07777777 + 1},
+		paxHdrs: map[string]string{paxUid: "2097152"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Xattrs: nil},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Xattrs: map[string]string{"foo": "bar"}},
+		paxHdrs: map[string]string{paxSchilyXattr + "foo": "bar"},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{Xattrs: map[string]string{"foo": "bar"}, Format: FormatGNU},
+		paxHdrs: map[string]string{paxSchilyXattr + "foo": "bar"},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{Xattrs: map[string]string{"用戶名": "\x00hello"}},
+		paxHdrs: map[string]string{paxSchilyXattr + "用戶名": "\x00hello"},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{Xattrs: map[string]string{"foo=bar": "baz"}},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{Xattrs: map[string]string{"foo": ""}},
+		paxHdrs: map[string]string{paxSchilyXattr + "foo": ""},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{ModTime: time.Unix(0, 0)},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(077777777777, 0)},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(077777777777+1, 0)},
+		paxHdrs: map[string]string{paxMtime: "8589934592"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(math.MaxInt64, 0)},
+		paxHdrs: map[string]string{paxMtime: "9223372036854775807"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(math.MaxInt64, 0), Format: FormatUSTAR},
+		paxHdrs: map[string]string{paxMtime: "9223372036854775807"},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{ModTime: time.Unix(-1, 0)},
+		paxHdrs: map[string]string{paxMtime: "-1"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(1, 500)},
+		paxHdrs: map[string]string{paxMtime: "1.0000005"},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(1, 0)},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(1, 0), Format: FormatPAX},
+		formats: FormatUSTAR | FormatPAX,
+	}, {
+		header:  &Header{ModTime: time.Unix(1, 500), Format: FormatUSTAR},
+		paxHdrs: map[string]string{paxMtime: "1.0000005"},
+		formats: FormatUSTAR,
+	}, {
+		header:  &Header{ModTime: time.Unix(1, 500), Format: FormatPAX},
+		paxHdrs: map[string]string{paxMtime: "1.0000005"},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{ModTime: time.Unix(1, 500), Format: FormatGNU},
+		paxHdrs: map[string]string{paxMtime: "1.0000005"},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(-1, 500)},
+		paxHdrs: map[string]string{paxMtime: "-0.9999995"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ModTime: time.Unix(-1, 500), Format: FormatGNU},
+		paxHdrs: map[string]string{paxMtime: "-0.9999995"},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{AccessTime: time.Unix(0, 0)},
+		paxHdrs: map[string]string{paxAtime: "0"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{AccessTime: time.Unix(0, 0), Format: FormatUSTAR},
+		paxHdrs: map[string]string{paxAtime: "0"},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{AccessTime: time.Unix(0, 0), Format: FormatPAX},
+		paxHdrs: map[string]string{paxAtime: "0"},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{AccessTime: time.Unix(0, 0), Format: FormatGNU},
+		paxHdrs: map[string]string{paxAtime: "0"},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{AccessTime: time.Unix(-123, 0)},
+		paxHdrs: map[string]string{paxAtime: "-123"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{AccessTime: time.Unix(-123, 0), Format: FormatPAX},
+		paxHdrs: map[string]string{paxAtime: "-123"},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{ChangeTime: time.Unix(123, 456)},
+		paxHdrs: map[string]string{paxCtime: "123.000000456"},
+		formats: FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{ChangeTime: time.Unix(123, 456), Format: FormatUSTAR},
+		paxHdrs: map[string]string{paxCtime: "123.000000456"},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{ChangeTime: time.Unix(123, 456), Format: FormatGNU},
+		paxHdrs: map[string]string{paxCtime: "123.000000456"},
+		formats: FormatGNU,
+	}, {
+		header:  &Header{ChangeTime: time.Unix(123, 456), Format: FormatPAX},
+		paxHdrs: map[string]string{paxCtime: "123.000000456"},
+		formats: FormatPAX,
+	}, {
+		header:  &Header{Name: "foo/", Typeflag: TypeDir},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}, {
+		header:  &Header{Name: "foo/", Typeflag: TypeReg},
+		formats: FormatUnknown,
+	}, {
+		header:  &Header{Name: "foo/", Typeflag: TypeSymlink},
+		formats: FormatUSTAR | FormatPAX | FormatGNU,
+	}}
+
+	for i, v := range vectors {
+		formats, paxHdrs, err := v.header.allowedFormats()
+		if formats != v.formats {
+			t.Errorf("test %d, allowedFormats(): got %v, want %v", i, formats, v.formats)
+		}
+		if formats&FormatPAX > 0 && !reflect.DeepEqual(paxHdrs, v.paxHdrs) && !(len(paxHdrs) == 0 && len(v.paxHdrs) == 0) {
+			t.Errorf("test %d, allowedFormats():\ngot  %v\nwant %s", i, paxHdrs, v.paxHdrs)
+		}
+		if (formats != FormatUnknown) && (err != nil) {
+			t.Errorf("test %d, unexpected error: %v", i, err)
+		}
+		if (formats == FormatUnknown) && (err == nil) {
+			t.Errorf("test %d, got nil-error, want non-nil error", i)
+		}
+	}
+}
+
+func Benchmark(b *testing.B) {
+	type file struct {
+		hdr  *Header
+		body []byte
+	}
+
+	vectors := []struct {
+		label string
+		files []file
+	}{{
+		"USTAR",
+		[]file{{
+			&Header{Name: "bar", Mode: 0640, Size: int64(3)},
+			[]byte("foo"),
+		}, {
+			&Header{Name: "world", Mode: 0640, Size: int64(5)},
+			[]byte("hello"),
+		}},
+	}, {
+		"GNU",
+		[]file{{
+			&Header{Name: "bar", Mode: 0640, Size: int64(3), Devmajor: -1},
+			[]byte("foo"),
+		}, {
+			&Header{Name: "world", Mode: 0640, Size: int64(5), Devmajor: -1},
+			[]byte("hello"),
+		}},
+	}, {
+		"PAX",
+		[]file{{
+			&Header{Name: "bar", Mode: 0640, Size: int64(3), Xattrs: map[string]string{"foo": "bar"}},
+			[]byte("foo"),
+		}, {
+			&Header{Name: "world", Mode: 0640, Size: int64(5), Xattrs: map[string]string{"foo": "bar"}},
+			[]byte("hello"),
+		}},
+	}}
+
+	b.Run("Writer", func(b *testing.B) {
+		for _, v := range vectors {
+			b.Run(v.label, func(b *testing.B) {
+				b.ReportAllocs()
+				for i := 0; i < b.N; i++ {
+					// Writing to io.Discard because we want to
+					// test purely the writer code and not bring in disk performance into this.
+					tw := NewWriter(io.Discard)
+					for _, file := range v.files {
+						if err := tw.WriteHeader(file.hdr); err != nil {
+							b.Errorf("unexpected WriteHeader error: %v", err)
+						}
+						if _, err := tw.Write(file.body); err != nil {
+							b.Errorf("unexpected Write error: %v", err)
+						}
+					}
+					if err := tw.Close(); err != nil {
+						b.Errorf("unexpected Close error: %v", err)
+					}
+				}
+			})
+		}
+	})
+
+	b.Run("Reader", func(b *testing.B) {
+		for _, v := range vectors {
+			var buf bytes.Buffer
+			var r bytes.Reader
+
+			// Write the archive to a byte buffer.
+			tw := NewWriter(&buf)
+			for _, file := range v.files {
+				tw.WriteHeader(file.hdr)
+				tw.Write(file.body)
+			}
+			tw.Close()
+			b.Run(v.label, func(b *testing.B) {
+				b.ReportAllocs()
+				// Read from the byte buffer.
+				for i := 0; i < b.N; i++ {
+					r.Reset(buf.Bytes())
+					tr := NewReader(&r)
+					if _, err := tr.Next(); err != nil {
+						b.Errorf("unexpected Next error: %v", err)
+					}
+					if _, err := io.Copy(io.Discard, tr); err != nil {
+						b.Errorf("unexpected Copy error : %v", err)
+					}
+				}
+			})
+		}
+	})
+
+}
diff --git a/vendor/archive/tar/testdata/file-and-dir.tar b/vendor/archive/tar/testdata/file-and-dir.tar
new file mode 100644
index 0000000000000..c18d4283e3809
Binary files /dev/null and b/vendor/archive/tar/testdata/file-and-dir.tar differ
diff --git a/vendor/archive/tar/testdata/gnu-incremental.tar b/vendor/archive/tar/testdata/gnu-incremental.tar
new file mode 100644
index 0000000000000..4c442e5b82d19
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu-incremental.tar differ
diff --git a/vendor/archive/tar/testdata/gnu-long-nul.tar b/vendor/archive/tar/testdata/gnu-long-nul.tar
new file mode 100644
index 0000000000000..28bc812aa60e8
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu-long-nul.tar differ
diff --git a/vendor/archive/tar/testdata/gnu-multi-hdrs.tar b/vendor/archive/tar/testdata/gnu-multi-hdrs.tar
new file mode 100644
index 0000000000000..8bcad55d06e8f
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu-multi-hdrs.tar differ
diff --git a/vendor/archive/tar/testdata/gnu-nil-sparse-data.tar b/vendor/archive/tar/testdata/gnu-nil-sparse-data.tar
new file mode 100644
index 0000000000000..df1aa834538e7
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu-nil-sparse-data.tar differ
diff --git a/vendor/archive/tar/testdata/gnu-nil-sparse-hole.tar b/vendor/archive/tar/testdata/gnu-nil-sparse-hole.tar
new file mode 100644
index 0000000000000..496abfeb78a5e
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu-nil-sparse-hole.tar differ
diff --git a/vendor/archive/tar/testdata/gnu-not-utf8.tar b/vendor/archive/tar/testdata/gnu-not-utf8.tar
new file mode 100644
index 0000000000000..81cec67d33095
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu-not-utf8.tar differ
diff --git a/vendor/archive/tar/testdata/gnu-sparse-big.tar b/vendor/archive/tar/testdata/gnu-sparse-big.tar
new file mode 100644
index 0000000000000..1a5cfc96d9298
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu-sparse-big.tar differ
diff --git a/vendor/archive/tar/testdata/gnu-utf8.tar b/vendor/archive/tar/testdata/gnu-utf8.tar
new file mode 100644
index 0000000000000..2c9c8079cf651
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu-utf8.tar differ
diff --git a/vendor/archive/tar/testdata/gnu.tar b/vendor/archive/tar/testdata/gnu.tar
new file mode 100644
index 0000000000000..fc899dc8dc2ad
Binary files /dev/null and b/vendor/archive/tar/testdata/gnu.tar differ
diff --git a/vendor/archive/tar/testdata/hardlink.tar b/vendor/archive/tar/testdata/hardlink.tar
new file mode 100644
index 0000000000000..9cd1a26572e44
Binary files /dev/null and b/vendor/archive/tar/testdata/hardlink.tar differ
diff --git a/vendor/archive/tar/testdata/hdr-only.tar b/vendor/archive/tar/testdata/hdr-only.tar
new file mode 100644
index 0000000000000..f25034083de6e
Binary files /dev/null and b/vendor/archive/tar/testdata/hdr-only.tar differ
diff --git a/vendor/archive/tar/testdata/invalid-go17.tar b/vendor/archive/tar/testdata/invalid-go17.tar
new file mode 100644
index 0000000000000..58f2488e78fb4
Binary files /dev/null and b/vendor/archive/tar/testdata/invalid-go17.tar differ
diff --git a/vendor/archive/tar/testdata/issue10968.tar b/vendor/archive/tar/testdata/issue10968.tar
new file mode 100644
index 0000000000000..1cc837bcff14c
Binary files /dev/null and b/vendor/archive/tar/testdata/issue10968.tar differ
diff --git a/vendor/archive/tar/testdata/issue11169.tar b/vendor/archive/tar/testdata/issue11169.tar
new file mode 100644
index 0000000000000..4d71fa1526060
Binary files /dev/null and b/vendor/archive/tar/testdata/issue11169.tar differ
diff --git a/vendor/archive/tar/testdata/issue12435.tar b/vendor/archive/tar/testdata/issue12435.tar
new file mode 100644
index 0000000000000..3542dd8efd5d4
Binary files /dev/null and b/vendor/archive/tar/testdata/issue12435.tar differ
diff --git a/vendor/archive/tar/testdata/neg-size.tar b/vendor/archive/tar/testdata/neg-size.tar
new file mode 100644
index 0000000000000..21edf38cc3c3d
Binary files /dev/null and b/vendor/archive/tar/testdata/neg-size.tar differ
diff --git a/vendor/archive/tar/testdata/nil-uid.tar b/vendor/archive/tar/testdata/nil-uid.tar
new file mode 100644
index 0000000000000..cc9cfaa33cc5d
Binary files /dev/null and b/vendor/archive/tar/testdata/nil-uid.tar differ
diff --git a/vendor/archive/tar/testdata/pax-bad-hdr-file.tar b/vendor/archive/tar/testdata/pax-bad-hdr-file.tar
new file mode 100644
index 0000000000000..b97cc981f29b8
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-bad-hdr-file.tar differ
diff --git a/vendor/archive/tar/testdata/pax-bad-mtime-file.tar b/vendor/archive/tar/testdata/pax-bad-mtime-file.tar
new file mode 100644
index 0000000000000..9b22f7e8d9438
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-bad-mtime-file.tar differ
diff --git a/vendor/archive/tar/testdata/pax-global-records.tar b/vendor/archive/tar/testdata/pax-global-records.tar
new file mode 100644
index 0000000000000..3d3d241e65c3a
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-global-records.tar differ
diff --git a/vendor/archive/tar/testdata/pax-multi-hdrs.tar b/vendor/archive/tar/testdata/pax-multi-hdrs.tar
new file mode 100644
index 0000000000000..14bc759780802
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-multi-hdrs.tar differ
diff --git a/vendor/archive/tar/testdata/pax-nil-sparse-data.tar b/vendor/archive/tar/testdata/pax-nil-sparse-data.tar
new file mode 100644
index 0000000000000..e59bd94117d9e
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-nil-sparse-data.tar differ
diff --git a/vendor/archive/tar/testdata/pax-nil-sparse-hole.tar b/vendor/archive/tar/testdata/pax-nil-sparse-hole.tar
new file mode 100644
index 0000000000000..b44327bdbfb34
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-nil-sparse-hole.tar differ
diff --git a/vendor/archive/tar/testdata/pax-nul-path.tar b/vendor/archive/tar/testdata/pax-nul-path.tar
new file mode 100644
index 0000000000000..c78f82b16e853
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-nul-path.tar differ
diff --git a/vendor/archive/tar/testdata/pax-nul-xattrs.tar b/vendor/archive/tar/testdata/pax-nul-xattrs.tar
new file mode 100644
index 0000000000000..881f51768f987
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-nul-xattrs.tar differ
diff --git a/vendor/archive/tar/testdata/pax-path-hdr.tar b/vendor/archive/tar/testdata/pax-path-hdr.tar
new file mode 100644
index 0000000000000..ab8fc325b2615
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-path-hdr.tar differ
diff --git a/vendor/archive/tar/testdata/pax-pos-size-file.tar b/vendor/archive/tar/testdata/pax-pos-size-file.tar
new file mode 100644
index 0000000000000..ea5ccf916426a
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-pos-size-file.tar differ
diff --git a/vendor/archive/tar/testdata/pax-records.tar b/vendor/archive/tar/testdata/pax-records.tar
new file mode 100644
index 0000000000000..276c211baa388
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-records.tar differ
diff --git a/vendor/archive/tar/testdata/pax-sparse-big.tar b/vendor/archive/tar/testdata/pax-sparse-big.tar
new file mode 100644
index 0000000000000..65d1f8eceb084
Binary files /dev/null and b/vendor/archive/tar/testdata/pax-sparse-big.tar differ
diff --git a/vendor/archive/tar/testdata/pax.tar b/vendor/archive/tar/testdata/pax.tar
new file mode 100644
index 0000000000000..9bc24b6587d72
Binary files /dev/null and b/vendor/archive/tar/testdata/pax.tar differ
diff --git a/vendor/archive/tar/testdata/small.txt b/vendor/archive/tar/testdata/small.txt
new file mode 100644
index 0000000000000..b249bfc518a8c
--- /dev/null
+++ b/vendor/archive/tar/testdata/small.txt
@@ -0,0 +1 @@
+Kilts
\ No newline at end of file
diff --git a/vendor/archive/tar/testdata/small2.txt b/vendor/archive/tar/testdata/small2.txt
new file mode 100644
index 0000000000000..394ee3ecd0edf
--- /dev/null
+++ b/vendor/archive/tar/testdata/small2.txt
@@ -0,0 +1 @@
+Google.com
diff --git a/vendor/archive/tar/testdata/sparse-formats.tar b/vendor/archive/tar/testdata/sparse-formats.tar
new file mode 100644
index 0000000000000..8bd4e74d50f9c
Binary files /dev/null and b/vendor/archive/tar/testdata/sparse-formats.tar differ
diff --git a/vendor/archive/tar/testdata/star.tar b/vendor/archive/tar/testdata/star.tar
new file mode 100644
index 0000000000000..59e2d4e604611
Binary files /dev/null and b/vendor/archive/tar/testdata/star.tar differ
diff --git a/vendor/archive/tar/testdata/trailing-slash.tar b/vendor/archive/tar/testdata/trailing-slash.tar
new file mode 100644
index 0000000000000..93718b3034879
Binary files /dev/null and b/vendor/archive/tar/testdata/trailing-slash.tar differ
diff --git a/vendor/archive/tar/testdata/ustar-file-devs.tar b/vendor/archive/tar/testdata/ustar-file-devs.tar
new file mode 100644
index 0000000000000..146e25b79d898
Binary files /dev/null and b/vendor/archive/tar/testdata/ustar-file-devs.tar differ
diff --git a/vendor/archive/tar/testdata/ustar-file-reg.tar b/vendor/archive/tar/testdata/ustar-file-reg.tar
new file mode 100644
index 0000000000000..c84fa27ffb861
Binary files /dev/null and b/vendor/archive/tar/testdata/ustar-file-reg.tar differ
diff --git a/vendor/archive/tar/testdata/ustar.tar b/vendor/archive/tar/testdata/ustar.tar
new file mode 100644
index 0000000000000..29679d9a305fc
Binary files /dev/null and b/vendor/archive/tar/testdata/ustar.tar differ
diff --git a/vendor/archive/tar/testdata/v7.tar b/vendor/archive/tar/testdata/v7.tar
new file mode 100644
index 0000000000000..eb65fc9410721
Binary files /dev/null and b/vendor/archive/tar/testdata/v7.tar differ
diff --git a/vendor/archive/tar/testdata/writer-big-long.tar b/vendor/archive/tar/testdata/writer-big-long.tar
new file mode 100644
index 0000000000000..09fc5dd3dd7fc
Binary files /dev/null and b/vendor/archive/tar/testdata/writer-big-long.tar differ
diff --git a/vendor/archive/tar/testdata/writer-big.tar b/vendor/archive/tar/testdata/writer-big.tar
new file mode 100644
index 0000000000000..435dcbce6abc7
Binary files /dev/null and b/vendor/archive/tar/testdata/writer-big.tar differ
diff --git a/vendor/archive/tar/testdata/writer.tar b/vendor/archive/tar/testdata/writer.tar
new file mode 100644
index 0000000000000..e6d816ad0775d
Binary files /dev/null and b/vendor/archive/tar/testdata/writer.tar differ
diff --git a/vendor/archive/tar/testdata/xattrs.tar b/vendor/archive/tar/testdata/xattrs.tar
new file mode 100644
index 0000000000000..9701950edd1f0
Binary files /dev/null and b/vendor/archive/tar/testdata/xattrs.tar differ
diff --git a/vendor/archive/tar/writer.go b/vendor/archive/tar/writer.go
new file mode 100644
index 0000000000000..e80498d03e39c
--- /dev/null
+++ b/vendor/archive/tar/writer.go
@@ -0,0 +1,653 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar
+
+import (
+	"fmt"
+	"io"
+	"path"
+	"sort"
+	"strings"
+	"time"
+)
+
+// Writer provides sequential writing of a tar archive.
+// Write.WriteHeader begins a new file with the provided Header,
+// and then Writer can be treated as an io.Writer to supply that file's data.
+type Writer struct {
+	w    io.Writer
+	pad  int64      // Amount of padding to write after current file entry
+	curr fileWriter // Writer for current file entry
+	hdr  Header     // Shallow copy of Header that is safe for mutations
+	blk  block      // Buffer to use as temporary local storage
+
+	// err is a persistent error.
+	// It is only the responsibility of every exported method of Writer to
+	// ensure that this error is sticky.
+	err error
+}
+
+// NewWriter creates a new Writer writing to w.
+func NewWriter(w io.Writer) *Writer {
+	return &Writer{w: w, curr: &regFileWriter{w, 0}}
+}
+
+type fileWriter interface {
+	io.Writer
+	fileState
+
+	ReadFrom(io.Reader) (int64, error)
+}
+
+// Flush finishes writing the current file's block padding.
+// The current file must be fully written before Flush can be called.
+//
+// This is unnecessary as the next call to WriteHeader or Close
+// will implicitly flush out the file's padding.
+func (tw *Writer) Flush() error {
+	if tw.err != nil {
+		return tw.err
+	}
+	if nb := tw.curr.LogicalRemaining(); nb > 0 {
+		return fmt.Errorf("archive/tar: missed writing %d bytes", nb)
+	}
+	if _, tw.err = tw.w.Write(zeroBlock[:tw.pad]); tw.err != nil {
+		return tw.err
+	}
+	tw.pad = 0
+	return nil
+}
+
+// WriteHeader writes hdr and prepares to accept the file's contents.
+// The Header.Size determines how many bytes can be written for the next file.
+// If the current file is not fully written, then this returns an error.
+// This implicitly flushes any padding necessary before writing the header.
+func (tw *Writer) WriteHeader(hdr *Header) error {
+	if err := tw.Flush(); err != nil {
+		return err
+	}
+	tw.hdr = *hdr // Shallow copy of Header
+
+	// Avoid usage of the legacy TypeRegA flag, and automatically promote
+	// it to use TypeReg or TypeDir.
+	if tw.hdr.Typeflag == TypeRegA {
+		if strings.HasSuffix(tw.hdr.Name, "/") {
+			tw.hdr.Typeflag = TypeDir
+		} else {
+			tw.hdr.Typeflag = TypeReg
+		}
+	}
+
+	// Round ModTime and ignore AccessTime and ChangeTime unless
+	// the format is explicitly chosen.
+	// This ensures nominal usage of WriteHeader (without specifying the format)
+	// does not always result in the PAX format being chosen, which
+	// causes a 1KiB increase to every header.
+	if tw.hdr.Format == FormatUnknown {
+		tw.hdr.ModTime = tw.hdr.ModTime.Round(time.Second)
+		tw.hdr.AccessTime = time.Time{}
+		tw.hdr.ChangeTime = time.Time{}
+	}
+
+	allowedFormats, paxHdrs, err := tw.hdr.allowedFormats()
+	switch {
+	case allowedFormats.has(FormatUSTAR):
+		tw.err = tw.writeUSTARHeader(&tw.hdr)
+		return tw.err
+	case allowedFormats.has(FormatPAX):
+		tw.err = tw.writePAXHeader(&tw.hdr, paxHdrs)
+		return tw.err
+	case allowedFormats.has(FormatGNU):
+		tw.err = tw.writeGNUHeader(&tw.hdr)
+		return tw.err
+	default:
+		return err // Non-fatal error
+	}
+}
+
+func (tw *Writer) writeUSTARHeader(hdr *Header) error {
+	// Check if we can use USTAR prefix/suffix splitting.
+	var namePrefix string
+	if prefix, suffix, ok := splitUSTARPath(hdr.Name); ok {
+		namePrefix, hdr.Name = prefix, suffix
+	}
+
+	// Pack the main header.
+	var f formatter
+	blk := tw.templateV7Plus(hdr, f.formatString, f.formatOctal)
+	f.formatString(blk.USTAR().Prefix(), namePrefix)
+	blk.SetFormat(FormatUSTAR)
+	if f.err != nil {
+		return f.err // Should never happen since header is validated
+	}
+	return tw.writeRawHeader(blk, hdr.Size, hdr.Typeflag)
+}
+
+func (tw *Writer) writePAXHeader(hdr *Header, paxHdrs map[string]string) error {
+	realName, realSize := hdr.Name, hdr.Size
+
+	// TODO(dsnet): Re-enable this when adding sparse support.
+	// See https://golang.org/issue/22735
+	/*
+		// Handle sparse files.
+		var spd sparseDatas
+		var spb []byte
+		if len(hdr.SparseHoles) > 0 {
+			sph := append([]sparseEntry{}, hdr.SparseHoles...) // Copy sparse map
+			sph = alignSparseEntries(sph, hdr.Size)
+			spd = invertSparseEntries(sph, hdr.Size)
+
+			// Format the sparse map.
+			hdr.Size = 0 // Replace with encoded size
+			spb = append(strconv.AppendInt(spb, int64(len(spd)), 10), '\n')
+			for _, s := range spd {
+				hdr.Size += s.Length
+				spb = append(strconv.AppendInt(spb, s.Offset, 10), '\n')
+				spb = append(strconv.AppendInt(spb, s.Length, 10), '\n')
+			}
+			pad := blockPadding(int64(len(spb)))
+			spb = append(spb, zeroBlock[:pad]...)
+			hdr.Size += int64(len(spb)) // Accounts for encoded sparse map
+
+			// Add and modify appropriate PAX records.
+			dir, file := path.Split(realName)
+			hdr.Name = path.Join(dir, "GNUSparseFile.0", file)
+			paxHdrs[paxGNUSparseMajor] = "1"
+			paxHdrs[paxGNUSparseMinor] = "0"
+			paxHdrs[paxGNUSparseName] = realName
+			paxHdrs[paxGNUSparseRealSize] = strconv.FormatInt(realSize, 10)
+			paxHdrs[paxSize] = strconv.FormatInt(hdr.Size, 10)
+			delete(paxHdrs, paxPath) // Recorded by paxGNUSparseName
+		}
+	*/
+	_ = realSize
+
+	// Write PAX records to the output.
+	isGlobal := hdr.Typeflag == TypeXGlobalHeader
+	if len(paxHdrs) > 0 || isGlobal {
+		// Sort keys for deterministic ordering.
+		var keys []string
+		for k := range paxHdrs {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+
+		// Write each record to a buffer.
+		var buf strings.Builder
+		for _, k := range keys {
+			rec, err := formatPAXRecord(k, paxHdrs[k])
+			if err != nil {
+				return err
+			}
+			buf.WriteString(rec)
+		}
+
+		// Write the extended header file.
+		var name string
+		var flag byte
+		if isGlobal {
+			name = realName
+			if name == "" {
+				name = "GlobalHead.0.0"
+			}
+			flag = TypeXGlobalHeader
+		} else {
+			dir, file := path.Split(realName)
+			name = path.Join(dir, "PaxHeaders.0", file)
+			flag = TypeXHeader
+		}
+		data := buf.String()
+		if err := tw.writeRawFile(name, data, flag, FormatPAX); err != nil || isGlobal {
+			return err // Global headers return here
+		}
+	}
+
+	// Pack the main header.
+	var f formatter // Ignore errors since they are expected
+	fmtStr := func(b []byte, s string) { f.formatString(b, toASCII(s)) }
+	blk := tw.templateV7Plus(hdr, fmtStr, f.formatOctal)
+	blk.SetFormat(FormatPAX)
+	if err := tw.writeRawHeader(blk, hdr.Size, hdr.Typeflag); err != nil {
+		return err
+	}
+
+	// TODO(dsnet): Re-enable this when adding sparse support.
+	// See https://golang.org/issue/22735
+	/*
+		// Write the sparse map and setup the sparse writer if necessary.
+		if len(spd) > 0 {
+			// Use tw.curr since the sparse map is accounted for in hdr.Size.
+			if _, err := tw.curr.Write(spb); err != nil {
+				return err
+			}
+			tw.curr = &sparseFileWriter{tw.curr, spd, 0}
+		}
+	*/
+	return nil
+}
+
+func (tw *Writer) writeGNUHeader(hdr *Header) error {
+	// Use long-link files if Name or Linkname exceeds the field size.
+	const longName = "././@LongLink"
+	if len(hdr.Name) > nameSize {
+		data := hdr.Name + "\x00"
+		if err := tw.writeRawFile(longName, data, TypeGNULongName, FormatGNU); err != nil {
+			return err
+		}
+	}
+	if len(hdr.Linkname) > nameSize {
+		data := hdr.Linkname + "\x00"
+		if err := tw.writeRawFile(longName, data, TypeGNULongLink, FormatGNU); err != nil {
+			return err
+		}
+	}
+
+	// Pack the main header.
+	var f formatter // Ignore errors since they are expected
+	var spd sparseDatas
+	var spb []byte
+	blk := tw.templateV7Plus(hdr, f.formatString, f.formatNumeric)
+	if !hdr.AccessTime.IsZero() {
+		f.formatNumeric(blk.GNU().AccessTime(), hdr.AccessTime.Unix())
+	}
+	if !hdr.ChangeTime.IsZero() {
+		f.formatNumeric(blk.GNU().ChangeTime(), hdr.ChangeTime.Unix())
+	}
+	// TODO(dsnet): Re-enable this when adding sparse support.
+	// See https://golang.org/issue/22735
+	/*
+		if hdr.Typeflag == TypeGNUSparse {
+			sph := append([]sparseEntry{}, hdr.SparseHoles...) // Copy sparse map
+			sph = alignSparseEntries(sph, hdr.Size)
+			spd = invertSparseEntries(sph, hdr.Size)
+
+			// Format the sparse map.
+			formatSPD := func(sp sparseDatas, sa sparseArray) sparseDatas {
+				for i := 0; len(sp) > 0 && i < sa.MaxEntries(); i++ {
+					f.formatNumeric(sa.Entry(i).Offset(), sp[0].Offset)
+					f.formatNumeric(sa.Entry(i).Length(), sp[0].Length)
+					sp = sp[1:]
+				}
+				if len(sp) > 0 {
+					sa.IsExtended()[0] = 1
+				}
+				return sp
+			}
+			sp2 := formatSPD(spd, blk.GNU().Sparse())
+			for len(sp2) > 0 {
+				var spHdr block
+				sp2 = formatSPD(sp2, spHdr.Sparse())
+				spb = append(spb, spHdr[:]...)
+			}
+
+			// Update size fields in the header block.
+			realSize := hdr.Size
+			hdr.Size = 0 // Encoded size; does not account for encoded sparse map
+			for _, s := range spd {
+				hdr.Size += s.Length
+			}
+			copy(blk.V7().Size(), zeroBlock[:]) // Reset field
+			f.formatNumeric(blk.V7().Size(), hdr.Size)
+			f.formatNumeric(blk.GNU().RealSize(), realSize)
+		}
+	*/
+	blk.SetFormat(FormatGNU)
+	if err := tw.writeRawHeader(blk, hdr.Size, hdr.Typeflag); err != nil {
+		return err
+	}
+
+	// Write the extended sparse map and setup the sparse writer if necessary.
+	if len(spd) > 0 {
+		// Use tw.w since the sparse map is not accounted for in hdr.Size.
+		if _, err := tw.w.Write(spb); err != nil {
+			return err
+		}
+		tw.curr = &sparseFileWriter{tw.curr, spd, 0}
+	}
+	return nil
+}
+
+type (
+	stringFormatter func([]byte, string)
+	numberFormatter func([]byte, int64)
+)
+
+// templateV7Plus fills out the V7 fields of a block using values from hdr.
+// It also fills out fields (uname, gname, devmajor, devminor) that are
+// shared in the USTAR, PAX, and GNU formats using the provided formatters.
+//
+// The block returned is only valid until the next call to
+// templateV7Plus or writeRawFile.
+func (tw *Writer) templateV7Plus(hdr *Header, fmtStr stringFormatter, fmtNum numberFormatter) *block {
+	tw.blk.Reset()
+
+	modTime := hdr.ModTime
+	if modTime.IsZero() {
+		modTime = time.Unix(0, 0)
+	}
+
+	v7 := tw.blk.V7()
+	v7.TypeFlag()[0] = hdr.Typeflag
+	fmtStr(v7.Name(), hdr.Name)
+	fmtStr(v7.LinkName(), hdr.Linkname)
+	fmtNum(v7.Mode(), hdr.Mode)
+	fmtNum(v7.UID(), int64(hdr.Uid))
+	fmtNum(v7.GID(), int64(hdr.Gid))
+	fmtNum(v7.Size(), hdr.Size)
+	fmtNum(v7.ModTime(), modTime.Unix())
+
+	ustar := tw.blk.USTAR()
+	fmtStr(ustar.UserName(), hdr.Uname)
+	fmtStr(ustar.GroupName(), hdr.Gname)
+	fmtNum(ustar.DevMajor(), hdr.Devmajor)
+	fmtNum(ustar.DevMinor(), hdr.Devminor)
+
+	return &tw.blk
+}
+
+// writeRawFile writes a minimal file with the given name and flag type.
+// It uses format to encode the header format and will write data as the body.
+// It uses default values for all of the other fields (as BSD and GNU tar does).
+func (tw *Writer) writeRawFile(name, data string, flag byte, format Format) error {
+	tw.blk.Reset()
+
+	// Best effort for the filename.
+	name = toASCII(name)
+	if len(name) > nameSize {
+		name = name[:nameSize]
+	}
+	name = strings.TrimRight(name, "/")
+
+	var f formatter
+	v7 := tw.blk.V7()
+	v7.TypeFlag()[0] = flag
+	f.formatString(v7.Name(), name)
+	f.formatOctal(v7.Mode(), 0)
+	f.formatOctal(v7.UID(), 0)
+	f.formatOctal(v7.GID(), 0)
+	f.formatOctal(v7.Size(), int64(len(data))) // Must be < 8GiB
+	f.formatOctal(v7.ModTime(), 0)
+	tw.blk.SetFormat(format)
+	if f.err != nil {
+		return f.err // Only occurs if size condition is violated
+	}
+
+	// Write the header and data.
+	if err := tw.writeRawHeader(&tw.blk, int64(len(data)), flag); err != nil {
+		return err
+	}
+	_, err := io.WriteString(tw, data)
+	return err
+}
+
+// writeRawHeader writes the value of blk, regardless of its value.
+// It sets up the Writer such that it can accept a file of the given size.
+// If the flag is a special header-only flag, then the size is treated as zero.
+func (tw *Writer) writeRawHeader(blk *block, size int64, flag byte) error {
+	if err := tw.Flush(); err != nil {
+		return err
+	}
+	if _, err := tw.w.Write(blk[:]); err != nil {
+		return err
+	}
+	if isHeaderOnlyType(flag) {
+		size = 0
+	}
+	tw.curr = &regFileWriter{tw.w, size}
+	tw.pad = blockPadding(size)
+	return nil
+}
+
+// splitUSTARPath splits a path according to USTAR prefix and suffix rules.
+// If the path is not splittable, then it will return ("", "", false).
+func splitUSTARPath(name string) (prefix, suffix string, ok bool) {
+	length := len(name)
+	if length <= nameSize || !isASCII(name) {
+		return "", "", false
+	} else if length > prefixSize+1 {
+		length = prefixSize + 1
+	} else if name[length-1] == '/' {
+		length--
+	}
+
+	i := strings.LastIndex(name[:length], "/")
+	nlen := len(name) - i - 1 // nlen is length of suffix
+	plen := i                 // plen is length of prefix
+	if i <= 0 || nlen > nameSize || nlen == 0 || plen > prefixSize {
+		return "", "", false
+	}
+	return name[:i], name[i+1:], true
+}
+
+// Write writes to the current file in the tar archive.
+// Write returns the error ErrWriteTooLong if more than
+// Header.Size bytes are written after WriteHeader.
+//
+// Calling Write on special types like TypeLink, TypeSymlink, TypeChar,
+// TypeBlock, TypeDir, and TypeFifo returns (0, ErrWriteTooLong) regardless
+// of what the Header.Size claims.
+func (tw *Writer) Write(b []byte) (int, error) {
+	if tw.err != nil {
+		return 0, tw.err
+	}
+	n, err := tw.curr.Write(b)
+	if err != nil && err != ErrWriteTooLong {
+		tw.err = err
+	}
+	return n, err
+}
+
+// readFrom populates the content of the current file by reading from r.
+// The bytes read must match the number of remaining bytes in the current file.
+//
+// If the current file is sparse and r is an io.ReadSeeker,
+// then readFrom uses Seek to skip past holes defined in Header.SparseHoles,
+// assuming that skipped regions are all NULs.
+// This always reads the last byte to ensure r is the right size.
+//
+// TODO(dsnet): Re-export this when adding sparse file support.
+// See https://golang.org/issue/22735
+func (tw *Writer) readFrom(r io.Reader) (int64, error) {
+	if tw.err != nil {
+		return 0, tw.err
+	}
+	n, err := tw.curr.ReadFrom(r)
+	if err != nil && err != ErrWriteTooLong {
+		tw.err = err
+	}
+	return n, err
+}
+
+// Close closes the tar archive by flushing the padding, and writing the footer.
+// If the current file (from a prior call to WriteHeader) is not fully written,
+// then this returns an error.
+func (tw *Writer) Close() error {
+	if tw.err == ErrWriteAfterClose {
+		return nil
+	}
+	if tw.err != nil {
+		return tw.err
+	}
+
+	// Trailer: two zero blocks.
+	err := tw.Flush()
+	for i := 0; i < 2 && err == nil; i++ {
+		_, err = tw.w.Write(zeroBlock[:])
+	}
+
+	// Ensure all future actions are invalid.
+	tw.err = ErrWriteAfterClose
+	return err // Report IO errors
+}
+
+// regFileWriter is a fileWriter for writing data to a regular file entry.
+type regFileWriter struct {
+	w  io.Writer // Underlying Writer
+	nb int64     // Number of remaining bytes to write
+}
+
+func (fw *regFileWriter) Write(b []byte) (n int, err error) {
+	overwrite := int64(len(b)) > fw.nb
+	if overwrite {
+		b = b[:fw.nb]
+	}
+	if len(b) > 0 {
+		n, err = fw.w.Write(b)
+		fw.nb -= int64(n)
+	}
+	switch {
+	case err != nil:
+		return n, err
+	case overwrite:
+		return n, ErrWriteTooLong
+	default:
+		return n, nil
+	}
+}
+
+func (fw *regFileWriter) ReadFrom(r io.Reader) (int64, error) {
+	return io.Copy(struct{ io.Writer }{fw}, r)
+}
+
+func (fw regFileWriter) LogicalRemaining() int64 {
+	return fw.nb
+}
+func (fw regFileWriter) PhysicalRemaining() int64 {
+	return fw.nb
+}
+
+// sparseFileWriter is a fileWriter for writing data to a sparse file entry.
+type sparseFileWriter struct {
+	fw  fileWriter  // Underlying fileWriter
+	sp  sparseDatas // Normalized list of data fragments
+	pos int64       // Current position in sparse file
+}
+
+func (sw *sparseFileWriter) Write(b []byte) (n int, err error) {
+	overwrite := int64(len(b)) > sw.LogicalRemaining()
+	if overwrite {
+		b = b[:sw.LogicalRemaining()]
+	}
+
+	b0 := b
+	endPos := sw.pos + int64(len(b))
+	for endPos > sw.pos && err == nil {
+		var nf int // Bytes written in fragment
+		dataStart, dataEnd := sw.sp[0].Offset, sw.sp[0].endOffset()
+		if sw.pos < dataStart { // In a hole fragment
+			bf := b[:min(int64(len(b)), dataStart-sw.pos)]
+			nf, err = zeroWriter{}.Write(bf)
+		} else { // In a data fragment
+			bf := b[:min(int64(len(b)), dataEnd-sw.pos)]
+			nf, err = sw.fw.Write(bf)
+		}
+		b = b[nf:]
+		sw.pos += int64(nf)
+		if sw.pos >= dataEnd && len(sw.sp) > 1 {
+			sw.sp = sw.sp[1:] // Ensure last fragment always remains
+		}
+	}
+
+	n = len(b0) - len(b)
+	switch {
+	case err == ErrWriteTooLong:
+		return n, errMissData // Not possible; implies bug in validation logic
+	case err != nil:
+		return n, err
+	case sw.LogicalRemaining() == 0 && sw.PhysicalRemaining() > 0:
+		return n, errUnrefData // Not possible; implies bug in validation logic
+	case overwrite:
+		return n, ErrWriteTooLong
+	default:
+		return n, nil
+	}
+}
+
+func (sw *sparseFileWriter) ReadFrom(r io.Reader) (n int64, err error) {
+	rs, ok := r.(io.ReadSeeker)
+	if ok {
+		if _, err := rs.Seek(0, io.SeekCurrent); err != nil {
+			ok = false // Not all io.Seeker can really seek
+		}
+	}
+	if !ok {
+		return io.Copy(struct{ io.Writer }{sw}, r)
+	}
+
+	var readLastByte bool
+	pos0 := sw.pos
+	for sw.LogicalRemaining() > 0 && !readLastByte && err == nil {
+		var nf int64 // Size of fragment
+		dataStart, dataEnd := sw.sp[0].Offset, sw.sp[0].endOffset()
+		if sw.pos < dataStart { // In a hole fragment
+			nf = dataStart - sw.pos
+			if sw.PhysicalRemaining() == 0 {
+				readLastByte = true
+				nf--
+			}
+			_, err = rs.Seek(nf, io.SeekCurrent)
+		} else { // In a data fragment
+			nf = dataEnd - sw.pos
+			nf, err = io.CopyN(sw.fw, rs, nf)
+		}
+		sw.pos += nf
+		if sw.pos >= dataEnd && len(sw.sp) > 1 {
+			sw.sp = sw.sp[1:] // Ensure last fragment always remains
+		}
+	}
+
+	// If the last fragment is a hole, then seek to 1-byte before EOF, and
+	// read a single byte to ensure the file is the right size.
+	if readLastByte && err == nil {
+		_, err = mustReadFull(rs, []byte{0})
+		sw.pos++
+	}
+
+	n = sw.pos - pos0
+	switch {
+	case err == io.EOF:
+		return n, io.ErrUnexpectedEOF
+	case err == ErrWriteTooLong:
+		return n, errMissData // Not possible; implies bug in validation logic
+	case err != nil:
+		return n, err
+	case sw.LogicalRemaining() == 0 && sw.PhysicalRemaining() > 0:
+		return n, errUnrefData // Not possible; implies bug in validation logic
+	default:
+		return n, ensureEOF(rs)
+	}
+}
+
+func (sw sparseFileWriter) LogicalRemaining() int64 {
+	return sw.sp[len(sw.sp)-1].endOffset() - sw.pos
+}
+func (sw sparseFileWriter) PhysicalRemaining() int64 {
+	return sw.fw.PhysicalRemaining()
+}
+
+// zeroWriter may only be written with NULs, otherwise it returns errWriteHole.
+type zeroWriter struct{}
+
+func (zeroWriter) Write(b []byte) (int, error) {
+	for i, c := range b {
+		if c != 0 {
+			return i, errWriteHole
+		}
+	}
+	return len(b), nil
+}
+
+// ensureEOF checks whether r is at EOF, reporting ErrWriteTooLong if not so.
+func ensureEOF(r io.Reader) error {
+	n, err := tryReadFull(r, []byte{0})
+	switch {
+	case n > 0:
+		return ErrWriteTooLong
+	case err == io.EOF:
+		return nil
+	default:
+		return err
+	}
+}
diff --git a/vendor/archive/tar/writer_test.go b/vendor/archive/tar/writer_test.go
new file mode 100644
index 0000000000000..a00f02d8fab69
--- /dev/null
+++ b/vendor/archive/tar/writer_test.go
@@ -0,0 +1,1310 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tar
+
+import (
+	"bytes"
+	"encoding/hex"
+	"errors"
+	"io"
+	"os"
+	"path"
+	"reflect"
+	"sort"
+	"strings"
+	"testing"
+	"testing/iotest"
+	"time"
+)
+
+func bytediff(a, b []byte) string {
+	const (
+		uniqueA  = "-  "
+		uniqueB  = "+  "
+		identity = "   "
+	)
+	var ss []string
+	sa := strings.Split(strings.TrimSpace(hex.Dump(a)), "\n")
+	sb := strings.Split(strings.TrimSpace(hex.Dump(b)), "\n")
+	for len(sa) > 0 && len(sb) > 0 {
+		if sa[0] == sb[0] {
+			ss = append(ss, identity+sa[0])
+		} else {
+			ss = append(ss, uniqueA+sa[0])
+			ss = append(ss, uniqueB+sb[0])
+		}
+		sa, sb = sa[1:], sb[1:]
+	}
+	for len(sa) > 0 {
+		ss = append(ss, uniqueA+sa[0])
+		sa = sa[1:]
+	}
+	for len(sb) > 0 {
+		ss = append(ss, uniqueB+sb[0])
+		sb = sb[1:]
+	}
+	return strings.Join(ss, "\n")
+}
+
+func TestWriter(t *testing.T) {
+	type (
+		testHeader struct { // WriteHeader(hdr) == wantErr
+			hdr     Header
+			wantErr error
+		}
+		testWrite struct { // Write(str) == (wantCnt, wantErr)
+			str     string
+			wantCnt int
+			wantErr error
+		}
+		testReadFrom struct { // ReadFrom(testFile{ops}) == (wantCnt, wantErr)
+			ops     fileOps
+			wantCnt int64
+			wantErr error
+		}
+		testClose struct { // Close() == wantErr
+			wantErr error
+		}
+		testFnc interface{} // testHeader | testWrite | testReadFrom | testClose
+	)
+
+	vectors := []struct {
+		file  string // Optional filename of expected output
+		tests []testFnc
+	}{{
+		// The writer test file was produced with this command:
+		// tar (GNU tar) 1.26
+		//   ln -s small.txt link.txt
+		//   tar -b 1 --format=ustar -c -f writer.tar small.txt small2.txt link.txt
+		file: "testdata/writer.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "small.txt",
+				Size:     5,
+				Mode:     0640,
+				Uid:      73025,
+				Gid:      5000,
+				Uname:    "dsymonds",
+				Gname:    "eng",
+				ModTime:  time.Unix(1246508266, 0),
+			}, nil},
+			testWrite{"Kilts", 5, nil},
+
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "small2.txt",
+				Size:     11,
+				Mode:     0640,
+				Uid:      73025,
+				Uname:    "dsymonds",
+				Gname:    "eng",
+				Gid:      5000,
+				ModTime:  time.Unix(1245217492, 0),
+			}, nil},
+			testWrite{"Google.com\n", 11, nil},
+
+			testHeader{Header{
+				Typeflag: TypeSymlink,
+				Name:     "link.txt",
+				Linkname: "small.txt",
+				Mode:     0777,
+				Uid:      1000,
+				Gid:      1000,
+				Uname:    "strings",
+				Gname:    "strings",
+				ModTime:  time.Unix(1314603082, 0),
+			}, nil},
+			testWrite{"", 0, nil},
+
+			testClose{nil},
+		},
+	}, {
+		// The truncated test file was produced using these commands:
+		//   dd if=/dev/zero bs=1048576 count=16384 > /tmp/16gig.txt
+		//   tar -b 1 -c -f- /tmp/16gig.txt | dd bs=512 count=8 > writer-big.tar
+		file: "testdata/writer-big.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "tmp/16gig.txt",
+				Size:     16 << 30,
+				Mode:     0640,
+				Uid:      73025,
+				Gid:      5000,
+				Uname:    "dsymonds",
+				Gname:    "eng",
+				ModTime:  time.Unix(1254699560, 0),
+				Format:   FormatGNU,
+			}, nil},
+		},
+	}, {
+		// This truncated file was produced using this library.
+		// It was verified to work with GNU tar 1.27.1 and BSD tar 3.1.2.
+		//  dd if=/dev/zero bs=1G count=16 >> writer-big-long.tar
+		//  gnutar -xvf writer-big-long.tar
+		//  bsdtar -xvf writer-big-long.tar
+		//
+		// This file is in PAX format.
+		file: "testdata/writer-big-long.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     strings.Repeat("longname/", 15) + "16gig.txt",
+				Size:     16 << 30,
+				Mode:     0644,
+				Uid:      1000,
+				Gid:      1000,
+				Uname:    "guillaume",
+				Gname:    "guillaume",
+				ModTime:  time.Unix(1399583047, 0),
+			}, nil},
+		},
+	}, {
+		// This file was produced using GNU tar v1.17.
+		//	gnutar -b 4 --format=ustar (longname/)*15 + file.txt
+		file: "testdata/ustar.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     strings.Repeat("longname/", 15) + "file.txt",
+				Size:     6,
+				Mode:     0644,
+				Uid:      501,
+				Gid:      20,
+				Uname:    "shane",
+				Gname:    "staff",
+				ModTime:  time.Unix(1360135598, 0),
+			}, nil},
+			testWrite{"hello\n", 6, nil},
+			testClose{nil},
+		},
+	}, {
+		// This file was produced using GNU tar v1.26:
+		//	echo "Slartibartfast" > file.txt
+		//	ln file.txt hard.txt
+		//	tar -b 1 --format=ustar -c -f hardlink.tar file.txt hard.txt
+		file: "testdata/hardlink.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "file.txt",
+				Size:     15,
+				Mode:     0644,
+				Uid:      1000,
+				Gid:      100,
+				Uname:    "vbatts",
+				Gname:    "users",
+				ModTime:  time.Unix(1425484303, 0),
+			}, nil},
+			testWrite{"Slartibartfast\n", 15, nil},
+
+			testHeader{Header{
+				Typeflag: TypeLink,
+				Name:     "hard.txt",
+				Linkname: "file.txt",
+				Mode:     0644,
+				Uid:      1000,
+				Gid:      100,
+				Uname:    "vbatts",
+				Gname:    "users",
+				ModTime:  time.Unix(1425484303, 0),
+			}, nil},
+			testWrite{"", 0, nil},
+
+			testClose{nil},
+		},
+	}, {
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "bad-null.txt",
+				Xattrs:   map[string]string{"null\x00null\x00": "fizzbuzz"},
+			}, headerError{}},
+		},
+	}, {
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "null\x00.txt",
+			}, headerError{}},
+		},
+	}, {
+		file: "testdata/pax-records.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "file",
+				Uname:    strings.Repeat("long", 10),
+				PAXRecords: map[string]string{
+					"path":           "FILE", // Should be ignored
+					"GNU.sparse.map": "0,0",  // Should be ignored
+					"comment":        "Hello, 世界",
+					"GOLANG.pkg":     "tar",
+				},
+			}, nil},
+			testClose{nil},
+		},
+	}, {
+		// Craft a theoretically valid PAX archive with global headers.
+		// The GNU and BSD tar tools do not parse these the same way.
+		//
+		// BSD tar v3.1.2 parses and ignores all global headers;
+		// the behavior is verified by researching the source code.
+		//
+		//	$ bsdtar -tvf pax-global-records.tar
+		//	----------  0 0      0           0 Dec 31  1969 file1
+		//	----------  0 0      0           0 Dec 31  1969 file2
+		//	----------  0 0      0           0 Dec 31  1969 file3
+		//	----------  0 0      0           0 May 13  2014 file4
+		//
+		// GNU tar v1.27.1 applies global headers to subsequent records,
+		// but does not do the following properly:
+		//	* It does not treat an empty record as deletion.
+		//	* It does not use subsequent global headers to update previous ones.
+		//
+		//	$ gnutar -tvf pax-global-records.tar
+		//	---------- 0/0               0 2017-07-13 19:40 global1
+		//	---------- 0/0               0 2017-07-13 19:40 file2
+		//	gnutar: Substituting `.' for empty member name
+		//	---------- 0/0               0 1969-12-31 16:00
+		//	gnutar: Substituting `.' for empty member name
+		//	---------- 0/0               0 2014-05-13 09:53
+		//
+		// According to the PAX specification, this should have been the result:
+		//	---------- 0/0               0 2017-07-13 19:40 global1
+		//	---------- 0/0               0 2017-07-13 19:40 file2
+		//	---------- 0/0               0 2017-07-13 19:40 file3
+		//	---------- 0/0               0 2014-05-13 09:53 file4
+		file: "testdata/pax-global-records.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag:   TypeXGlobalHeader,
+				PAXRecords: map[string]string{"path": "global1", "mtime": "1500000000.0"},
+			}, nil},
+			testHeader{Header{
+				Typeflag: TypeReg, Name: "file1",
+			}, nil},
+			testHeader{Header{
+				Typeflag:   TypeReg,
+				Name:       "file2",
+				PAXRecords: map[string]string{"path": "file2"},
+			}, nil},
+			testHeader{Header{
+				Typeflag:   TypeXGlobalHeader,
+				PAXRecords: map[string]string{"path": ""}, // Should delete "path", but keep "mtime"
+			}, nil},
+			testHeader{Header{
+				Typeflag: TypeReg, Name: "file3",
+			}, nil},
+			testHeader{Header{
+				Typeflag:   TypeReg,
+				Name:       "file4",
+				ModTime:    time.Unix(1400000000, 0),
+				PAXRecords: map[string]string{"mtime": "1400000000"},
+			}, nil},
+			testClose{nil},
+		},
+	}, {
+		file: "testdata/gnu-utf8.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹☺☻☹",
+				Mode:     0644,
+				Uid:      1000, Gid: 1000,
+				Uname:   "☺",
+				Gname:   "⚹",
+				ModTime: time.Unix(0, 0),
+				Format:  FormatGNU,
+			}, nil},
+			testClose{nil},
+		},
+	}, {
+		file: "testdata/gnu-not-utf8.tar",
+		tests: []testFnc{
+			testHeader{Header{
+				Typeflag: TypeReg,
+				Name:     "hi\x80\x81\x82\x83bye",
+				Mode:     0644,
+				Uid:      1000,
+				Gid:      1000,
+				Uname:    "rawr",
+				Gname:    "dsnet",
+				ModTime:  time.Unix(0, 0),
+				Format:   FormatGNU,
+			}, nil},
+			testClose{nil},
+		},
+		// TODO(dsnet): Re-enable this test when adding sparse support.
+		// See https://golang.org/issue/22735
+		/*
+			}, {
+				file: "testdata/gnu-nil-sparse-data.tar",
+				tests: []testFnc{
+					testHeader{Header{
+						Typeflag:    TypeGNUSparse,
+						Name:        "sparse.db",
+						Size:        1000,
+						SparseHoles: []sparseEntry{{Offset: 1000, Length: 0}},
+					}, nil},
+					testWrite{strings.Repeat("0123456789", 100), 1000, nil},
+					testClose{},
+				},
+			}, {
+				file: "testdata/gnu-nil-sparse-hole.tar",
+				tests: []testFnc{
+					testHeader{Header{
+						Typeflag:    TypeGNUSparse,
+						Name:        "sparse.db",
+						Size:        1000,
+						SparseHoles: []sparseEntry{{Offset: 0, Length: 1000}},
+					}, nil},
+					testWrite{strings.Repeat("\x00", 1000), 1000, nil},
+					testClose{},
+				},
+			}, {
+				file: "testdata/pax-nil-sparse-data.tar",
+				tests: []testFnc{
+					testHeader{Header{
+						Typeflag:    TypeReg,
+						Name:        "sparse.db",
+						Size:        1000,
+						SparseHoles: []sparseEntry{{Offset: 1000, Length: 0}},
+					}, nil},
+					testWrite{strings.Repeat("0123456789", 100), 1000, nil},
+					testClose{},
+				},
+			}, {
+				file: "testdata/pax-nil-sparse-hole.tar",
+				tests: []testFnc{
+					testHeader{Header{
+						Typeflag:    TypeReg,
+						Name:        "sparse.db",
+						Size:        1000,
+						SparseHoles: []sparseEntry{{Offset: 0, Length: 1000}},
+					}, nil},
+					testWrite{strings.Repeat("\x00", 1000), 1000, nil},
+					testClose{},
+				},
+			}, {
+				file: "testdata/gnu-sparse-big.tar",
+				tests: []testFnc{
+					testHeader{Header{
+						Typeflag: TypeGNUSparse,
+						Name:     "gnu-sparse",
+						Size:     6e10,
+						SparseHoles: []sparseEntry{
+							{Offset: 0e10, Length: 1e10 - 100},
+							{Offset: 1e10, Length: 1e10 - 100},
+							{Offset: 2e10, Length: 1e10 - 100},
+							{Offset: 3e10, Length: 1e10 - 100},
+							{Offset: 4e10, Length: 1e10 - 100},
+							{Offset: 5e10, Length: 1e10 - 100},
+						},
+					}, nil},
+					testReadFrom{fileOps{
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+					}, 6e10, nil},
+					testClose{nil},
+				},
+			}, {
+				file: "testdata/pax-sparse-big.tar",
+				tests: []testFnc{
+					testHeader{Header{
+						Typeflag: TypeReg,
+						Name:     "pax-sparse",
+						Size:     6e10,
+						SparseHoles: []sparseEntry{
+							{Offset: 0e10, Length: 1e10 - 100},
+							{Offset: 1e10, Length: 1e10 - 100},
+							{Offset: 2e10, Length: 1e10 - 100},
+							{Offset: 3e10, Length: 1e10 - 100},
+							{Offset: 4e10, Length: 1e10 - 100},
+							{Offset: 5e10, Length: 1e10 - 100},
+						},
+					}, nil},
+					testReadFrom{fileOps{
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+						int64(1e10 - blockSize),
+						strings.Repeat("\x00", blockSize-100) + strings.Repeat("0123456789", 10),
+					}, 6e10, nil},
+					testClose{nil},
+				},
+		*/
+	}, {
+		file: "testdata/trailing-slash.tar",
+		tests: []testFnc{
+			testHeader{Header{Name: strings.Repeat("123456789/", 30)}, nil},
+			testClose{nil},
+		},
+	}, {
+		// Automatically promote zero value of Typeflag depending on the name.
+		file: "testdata/file-and-dir.tar",
+		tests: []testFnc{
+			testHeader{Header{Name: "small.txt", Size: 5}, nil},
+			testWrite{"Kilts", 5, nil},
+			testHeader{Header{Name: "dir/"}, nil},
+			testClose{nil},
+		},
+	}}
+
+	equalError := func(x, y error) bool {
+		_, ok1 := x.(headerError)
+		_, ok2 := y.(headerError)
+		if ok1 || ok2 {
+			return ok1 && ok2
+		}
+		return x == y
+	}
+	for _, v := range vectors {
+		t.Run(path.Base(v.file), func(t *testing.T) {
+			const maxSize = 10 << 10 // 10KiB
+			buf := new(bytes.Buffer)
+			tw := NewWriter(iotest.TruncateWriter(buf, maxSize))
+
+			for i, tf := range v.tests {
+				switch tf := tf.(type) {
+				case testHeader:
+					err := tw.WriteHeader(&tf.hdr)
+					if !equalError(err, tf.wantErr) {
+						t.Fatalf("test %d, WriteHeader() = %v, want %v", i, err, tf.wantErr)
+					}
+				case testWrite:
+					got, err := tw.Write([]byte(tf.str))
+					if got != tf.wantCnt || !equalError(err, tf.wantErr) {
+						t.Fatalf("test %d, Write() = (%d, %v), want (%d, %v)", i, got, err, tf.wantCnt, tf.wantErr)
+					}
+				case testReadFrom:
+					f := &testFile{ops: tf.ops}
+					got, err := tw.readFrom(f)
+					if _, ok := err.(testError); ok {
+						t.Errorf("test %d, ReadFrom(): %v", i, err)
+					} else if got != tf.wantCnt || !equalError(err, tf.wantErr) {
+						t.Errorf("test %d, ReadFrom() = (%d, %v), want (%d, %v)", i, got, err, tf.wantCnt, tf.wantErr)
+					}
+					if len(f.ops) > 0 {
+						t.Errorf("test %d, expected %d more operations", i, len(f.ops))
+					}
+				case testClose:
+					err := tw.Close()
+					if !equalError(err, tf.wantErr) {
+						t.Fatalf("test %d, Close() = %v, want %v", i, err, tf.wantErr)
+					}
+				default:
+					t.Fatalf("test %d, unknown test operation: %T", i, tf)
+				}
+			}
+
+			if v.file != "" {
+				want, err := os.ReadFile(v.file)
+				if err != nil {
+					t.Fatalf("ReadFile() = %v, want nil", err)
+				}
+				got := buf.Bytes()
+				if !bytes.Equal(want, got) {
+					t.Fatalf("incorrect result: (-got +want)\n%v", bytediff(got, want))
+				}
+			}
+		})
+	}
+}
+
+func TestPax(t *testing.T) {
+	// Create an archive with a large name
+	fileinfo, err := os.Stat("testdata/small.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	hdr, err := FileInfoHeader(fileinfo, "")
+	if err != nil {
+		t.Fatalf("os.Stat: %v", err)
+	}
+	// Force a PAX long name to be written
+	longName := strings.Repeat("ab", 100)
+	contents := strings.Repeat(" ", int(hdr.Size))
+	hdr.Name = longName
+	var buf bytes.Buffer
+	writer := NewWriter(&buf)
+	if err := writer.WriteHeader(hdr); err != nil {
+		t.Fatal(err)
+	}
+	if _, err = writer.Write([]byte(contents)); err != nil {
+		t.Fatal(err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatal(err)
+	}
+	// Simple test to make sure PAX extensions are in effect
+	if !bytes.Contains(buf.Bytes(), []byte("PaxHeaders.0")) {
+		t.Fatal("Expected at least one PAX header to be written.")
+	}
+	// Test that we can get a long name back out of the archive.
+	reader := NewReader(&buf)
+	hdr, err = reader.Next()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if hdr.Name != longName {
+		t.Fatal("Couldn't recover long file name")
+	}
+}
+
+func TestPaxSymlink(t *testing.T) {
+	// Create an archive with a large linkname
+	fileinfo, err := os.Stat("testdata/small.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	hdr, err := FileInfoHeader(fileinfo, "")
+	hdr.Typeflag = TypeSymlink
+	if err != nil {
+		t.Fatalf("os.Stat:1 %v", err)
+	}
+	// Force a PAX long linkname to be written
+	longLinkname := strings.Repeat("1234567890/1234567890", 10)
+	hdr.Linkname = longLinkname
+
+	hdr.Size = 0
+	var buf bytes.Buffer
+	writer := NewWriter(&buf)
+	if err := writer.WriteHeader(hdr); err != nil {
+		t.Fatal(err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatal(err)
+	}
+	// Simple test to make sure PAX extensions are in effect
+	if !bytes.Contains(buf.Bytes(), []byte("PaxHeaders.0")) {
+		t.Fatal("Expected at least one PAX header to be written.")
+	}
+	// Test that we can get a long name back out of the archive.
+	reader := NewReader(&buf)
+	hdr, err = reader.Next()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if hdr.Linkname != longLinkname {
+		t.Fatal("Couldn't recover long link name")
+	}
+}
+
+func TestPaxNonAscii(t *testing.T) {
+	// Create an archive with non ascii. These should trigger a pax header
+	// because pax headers have a defined utf-8 encoding.
+	fileinfo, err := os.Stat("testdata/small.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	hdr, err := FileInfoHeader(fileinfo, "")
+	if err != nil {
+		t.Fatalf("os.Stat:1 %v", err)
+	}
+
+	// some sample data
+	chineseFilename := "文件名"
+	chineseGroupname := "組"
+	chineseUsername := "用戶名"
+
+	hdr.Name = chineseFilename
+	hdr.Gname = chineseGroupname
+	hdr.Uname = chineseUsername
+
+	contents := strings.Repeat(" ", int(hdr.Size))
+
+	var buf bytes.Buffer
+	writer := NewWriter(&buf)
+	if err := writer.WriteHeader(hdr); err != nil {
+		t.Fatal(err)
+	}
+	if _, err = writer.Write([]byte(contents)); err != nil {
+		t.Fatal(err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatal(err)
+	}
+	// Simple test to make sure PAX extensions are in effect
+	if !bytes.Contains(buf.Bytes(), []byte("PaxHeaders.0")) {
+		t.Fatal("Expected at least one PAX header to be written.")
+	}
+	// Test that we can get a long name back out of the archive.
+	reader := NewReader(&buf)
+	hdr, err = reader.Next()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if hdr.Name != chineseFilename {
+		t.Fatal("Couldn't recover unicode name")
+	}
+	if hdr.Gname != chineseGroupname {
+		t.Fatal("Couldn't recover unicode group")
+	}
+	if hdr.Uname != chineseUsername {
+		t.Fatal("Couldn't recover unicode user")
+	}
+}
+
+func TestPaxXattrs(t *testing.T) {
+	xattrs := map[string]string{
+		"user.key": "value",
+	}
+
+	// Create an archive with an xattr
+	fileinfo, err := os.Stat("testdata/small.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	hdr, err := FileInfoHeader(fileinfo, "")
+	if err != nil {
+		t.Fatalf("os.Stat: %v", err)
+	}
+	contents := "Kilts"
+	hdr.Xattrs = xattrs
+	var buf bytes.Buffer
+	writer := NewWriter(&buf)
+	if err := writer.WriteHeader(hdr); err != nil {
+		t.Fatal(err)
+	}
+	if _, err = writer.Write([]byte(contents)); err != nil {
+		t.Fatal(err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatal(err)
+	}
+	// Test that we can get the xattrs back out of the archive.
+	reader := NewReader(&buf)
+	hdr, err = reader.Next()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(hdr.Xattrs, xattrs) {
+		t.Fatalf("xattrs did not survive round trip: got %+v, want %+v",
+			hdr.Xattrs, xattrs)
+	}
+}
+
+func TestPaxHeadersSorted(t *testing.T) {
+	fileinfo, err := os.Stat("testdata/small.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	hdr, err := FileInfoHeader(fileinfo, "")
+	if err != nil {
+		t.Fatalf("os.Stat: %v", err)
+	}
+	contents := strings.Repeat(" ", int(hdr.Size))
+
+	hdr.Xattrs = map[string]string{
+		"foo": "foo",
+		"bar": "bar",
+		"baz": "baz",
+		"qux": "qux",
+	}
+
+	var buf bytes.Buffer
+	writer := NewWriter(&buf)
+	if err := writer.WriteHeader(hdr); err != nil {
+		t.Fatal(err)
+	}
+	if _, err = writer.Write([]byte(contents)); err != nil {
+		t.Fatal(err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatal(err)
+	}
+	// Simple test to make sure PAX extensions are in effect
+	if !bytes.Contains(buf.Bytes(), []byte("PaxHeaders.0")) {
+		t.Fatal("Expected at least one PAX header to be written.")
+	}
+
+	// xattr bar should always appear before others
+	indices := []int{
+		bytes.Index(buf.Bytes(), []byte("bar=bar")),
+		bytes.Index(buf.Bytes(), []byte("baz=baz")),
+		bytes.Index(buf.Bytes(), []byte("foo=foo")),
+		bytes.Index(buf.Bytes(), []byte("qux=qux")),
+	}
+	if !sort.IntsAreSorted(indices) {
+		t.Fatal("PAX headers are not sorted")
+	}
+}
+
+func TestUSTARLongName(t *testing.T) {
+	// Create an archive with a path that failed to split with USTAR extension in previous versions.
+	fileinfo, err := os.Stat("testdata/small.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	hdr, err := FileInfoHeader(fileinfo, "")
+	hdr.Typeflag = TypeDir
+	if err != nil {
+		t.Fatalf("os.Stat:1 %v", err)
+	}
+	// Force a PAX long name to be written. The name was taken from a practical example
+	// that fails and replaced ever char through numbers to anonymize the sample.
+	longName := "/0000_0000000/00000-000000000/0000_0000000/00000-0000000000000/0000_0000000/00000-0000000-00000000/0000_0000000/00000000/0000_0000000/000/0000_0000000/00000000v00/0000_0000000/000000/0000_0000000/0000000/0000_0000000/00000y-00/0000/0000/00000000/0x000000/"
+	hdr.Name = longName
+
+	hdr.Size = 0
+	var buf bytes.Buffer
+	writer := NewWriter(&buf)
+	if err := writer.WriteHeader(hdr); err != nil {
+		t.Fatal(err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatal(err)
+	}
+	// Test that we can get a long name back out of the archive.
+	reader := NewReader(&buf)
+	hdr, err = reader.Next()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if hdr.Name != longName {
+		t.Fatal("Couldn't recover long name")
+	}
+}
+
+func TestValidTypeflagWithPAXHeader(t *testing.T) {
+	var buffer bytes.Buffer
+	tw := NewWriter(&buffer)
+
+	fileName := strings.Repeat("ab", 100)
+
+	hdr := &Header{
+		Name:     fileName,
+		Size:     4,
+		Typeflag: 0,
+	}
+	if err := tw.WriteHeader(hdr); err != nil {
+		t.Fatalf("Failed to write header: %s", err)
+	}
+	if _, err := tw.Write([]byte("fooo")); err != nil {
+		t.Fatalf("Failed to write the file's data: %s", err)
+	}
+	tw.Close()
+
+	tr := NewReader(&buffer)
+
+	for {
+		header, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			t.Fatalf("Failed to read header: %s", err)
+		}
+		if header.Typeflag != TypeReg {
+			t.Fatalf("Typeflag should've been %d, found %d", TypeReg, header.Typeflag)
+		}
+	}
+}
+
+// failOnceWriter fails exactly once and then always reports success.
+type failOnceWriter bool
+
+func (w *failOnceWriter) Write(b []byte) (int, error) {
+	if !*w {
+		return 0, io.ErrShortWrite
+	}
+	*w = true
+	return len(b), nil
+}
+
+func TestWriterErrors(t *testing.T) {
+	t.Run("HeaderOnly", func(t *testing.T) {
+		tw := NewWriter(new(bytes.Buffer))
+		hdr := &Header{Name: "dir/", Typeflag: TypeDir}
+		if err := tw.WriteHeader(hdr); err != nil {
+			t.Fatalf("WriteHeader() = %v, want nil", err)
+		}
+		if _, err := tw.Write([]byte{0x00}); err != ErrWriteTooLong {
+			t.Fatalf("Write() = %v, want %v", err, ErrWriteTooLong)
+		}
+	})
+
+	t.Run("NegativeSize", func(t *testing.T) {
+		tw := NewWriter(new(bytes.Buffer))
+		hdr := &Header{Name: "small.txt", Size: -1}
+		if err := tw.WriteHeader(hdr); err == nil {
+			t.Fatalf("WriteHeader() = nil, want non-nil error")
+		}
+	})
+
+	t.Run("BeforeHeader", func(t *testing.T) {
+		tw := NewWriter(new(bytes.Buffer))
+		if _, err := tw.Write([]byte("Kilts")); err != ErrWriteTooLong {
+			t.Fatalf("Write() = %v, want %v", err, ErrWriteTooLong)
+		}
+	})
+
+	t.Run("AfterClose", func(t *testing.T) {
+		tw := NewWriter(new(bytes.Buffer))
+		hdr := &Header{Name: "small.txt"}
+		if err := tw.WriteHeader(hdr); err != nil {
+			t.Fatalf("WriteHeader() = %v, want nil", err)
+		}
+		if err := tw.Close(); err != nil {
+			t.Fatalf("Close() = %v, want nil", err)
+		}
+		if _, err := tw.Write([]byte("Kilts")); err != ErrWriteAfterClose {
+			t.Fatalf("Write() = %v, want %v", err, ErrWriteAfterClose)
+		}
+		if err := tw.Flush(); err != ErrWriteAfterClose {
+			t.Fatalf("Flush() = %v, want %v", err, ErrWriteAfterClose)
+		}
+		if err := tw.Close(); err != nil {
+			t.Fatalf("Close() = %v, want nil", err)
+		}
+	})
+
+	t.Run("PrematureFlush", func(t *testing.T) {
+		tw := NewWriter(new(bytes.Buffer))
+		hdr := &Header{Name: "small.txt", Size: 5}
+		if err := tw.WriteHeader(hdr); err != nil {
+			t.Fatalf("WriteHeader() = %v, want nil", err)
+		}
+		if err := tw.Flush(); err == nil {
+			t.Fatalf("Flush() = %v, want non-nil error", err)
+		}
+	})
+
+	t.Run("PrematureClose", func(t *testing.T) {
+		tw := NewWriter(new(bytes.Buffer))
+		hdr := &Header{Name: "small.txt", Size: 5}
+		if err := tw.WriteHeader(hdr); err != nil {
+			t.Fatalf("WriteHeader() = %v, want nil", err)
+		}
+		if err := tw.Close(); err == nil {
+			t.Fatalf("Close() = %v, want non-nil error", err)
+		}
+	})
+
+	t.Run("Persistence", func(t *testing.T) {
+		tw := NewWriter(new(failOnceWriter))
+		if err := tw.WriteHeader(&Header{}); err != io.ErrShortWrite {
+			t.Fatalf("WriteHeader() = %v, want %v", err, io.ErrShortWrite)
+		}
+		if err := tw.WriteHeader(&Header{Name: "small.txt"}); err == nil {
+			t.Errorf("WriteHeader() = got %v, want non-nil error", err)
+		}
+		if _, err := tw.Write(nil); err == nil {
+			t.Errorf("Write() = %v, want non-nil error", err)
+		}
+		if err := tw.Flush(); err == nil {
+			t.Errorf("Flush() = %v, want non-nil error", err)
+		}
+		if err := tw.Close(); err == nil {
+			t.Errorf("Close() = %v, want non-nil error", err)
+		}
+	})
+}
+
+func TestSplitUSTARPath(t *testing.T) {
+	sr := strings.Repeat
+
+	vectors := []struct {
+		input  string // Input path
+		prefix string // Expected output prefix
+		suffix string // Expected output suffix
+		ok     bool   // Split success?
+	}{
+		{"", "", "", false},
+		{"abc", "", "", false},
+		{"用戶名", "", "", false},
+		{sr("a", nameSize), "", "", false},
+		{sr("a", nameSize) + "/", "", "", false},
+		{sr("a", nameSize) + "/a", sr("a", nameSize), "a", true},
+		{sr("a", prefixSize) + "/", "", "", false},
+		{sr("a", prefixSize) + "/a", sr("a", prefixSize), "a", true},
+		{sr("a", nameSize+1), "", "", false},
+		{sr("/", nameSize+1), sr("/", nameSize-1), "/", true},
+		{sr("a", prefixSize) + "/" + sr("b", nameSize),
+			sr("a", prefixSize), sr("b", nameSize), true},
+		{sr("a", prefixSize) + "//" + sr("b", nameSize), "", "", false},
+		{sr("a/", nameSize), sr("a/", 77) + "a", sr("a/", 22), true},
+	}
+
+	for _, v := range vectors {
+		prefix, suffix, ok := splitUSTARPath(v.input)
+		if prefix != v.prefix || suffix != v.suffix || ok != v.ok {
+			t.Errorf("splitUSTARPath(%q):\ngot  (%q, %q, %v)\nwant (%q, %q, %v)",
+				v.input, prefix, suffix, ok, v.prefix, v.suffix, v.ok)
+		}
+	}
+}
+
+// TestIssue12594 tests that the Writer does not attempt to populate the prefix
+// field when encoding a header in the GNU format. The prefix field is valid
+// in USTAR and PAX, but not GNU.
+func TestIssue12594(t *testing.T) {
+	names := []string{
+		"0/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24/25/26/27/28/29/30/file.txt",
+		"0/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24/25/26/27/28/29/30/31/32/33/file.txt",
+		"0/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24/25/26/27/28/29/30/31/32/333/file.txt",
+		"0/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24/25/26/27/28/29/30/31/32/33/34/35/36/37/38/39/40/file.txt",
+		"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000/file.txt",
+		"/home/support/.openoffice.org/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend",
+	}
+
+	for i, name := range names {
+		var b bytes.Buffer
+
+		tw := NewWriter(&b)
+		if err := tw.WriteHeader(&Header{
+			Name: name,
+			Uid:  1 << 25, // Prevent USTAR format
+		}); err != nil {
+			t.Errorf("test %d, unexpected WriteHeader error: %v", i, err)
+		}
+		if err := tw.Close(); err != nil {
+			t.Errorf("test %d, unexpected Close error: %v", i, err)
+		}
+
+		// The prefix field should never appear in the GNU format.
+		var blk block
+		copy(blk[:], b.Bytes())
+		prefix := string(blk.USTAR().Prefix())
+		if i := strings.IndexByte(prefix, 0); i >= 0 {
+			prefix = prefix[:i] // Truncate at the NUL terminator
+		}
+		if blk.GetFormat() == FormatGNU && len(prefix) > 0 && strings.HasPrefix(name, prefix) {
+			t.Errorf("test %d, found prefix in GNU format: %s", i, prefix)
+		}
+
+		tr := NewReader(&b)
+		hdr, err := tr.Next()
+		if err != nil {
+			t.Errorf("test %d, unexpected Next error: %v", i, err)
+		}
+		if hdr.Name != name {
+			t.Errorf("test %d, hdr.Name = %s, want %s", i, hdr.Name, name)
+		}
+	}
+}
+
+// testNonEmptyWriter wraps an io.Writer and ensures that
+// Write is never called with an empty buffer.
+type testNonEmptyWriter struct{ io.Writer }
+
+func (w testNonEmptyWriter) Write(b []byte) (int, error) {
+	if len(b) == 0 {
+		return 0, errors.New("unexpected empty Write call")
+	}
+	return w.Writer.Write(b)
+}
+
+func TestFileWriter(t *testing.T) {
+	type (
+		testWrite struct { // Write(str) == (wantCnt, wantErr)
+			str     string
+			wantCnt int
+			wantErr error
+		}
+		testReadFrom struct { // ReadFrom(testFile{ops}) == (wantCnt, wantErr)
+			ops     fileOps
+			wantCnt int64
+			wantErr error
+		}
+		testRemaining struct { // LogicalRemaining() == wantLCnt, PhysicalRemaining() == wantPCnt
+			wantLCnt int64
+			wantPCnt int64
+		}
+		testFnc interface{} // testWrite | testReadFrom | testRemaining
+	)
+
+	type (
+		makeReg struct {
+			size    int64
+			wantStr string
+		}
+		makeSparse struct {
+			makeReg makeReg
+			sph     sparseHoles
+			size    int64
+		}
+		fileMaker interface{} // makeReg | makeSparse
+	)
+
+	vectors := []struct {
+		maker fileMaker
+		tests []testFnc
+	}{{
+		maker: makeReg{0, ""},
+		tests: []testFnc{
+			testRemaining{0, 0},
+			testWrite{"", 0, nil},
+			testWrite{"a", 0, ErrWriteTooLong},
+			testReadFrom{fileOps{""}, 0, nil},
+			testReadFrom{fileOps{"a"}, 0, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeReg{1, "a"},
+		tests: []testFnc{
+			testRemaining{1, 1},
+			testWrite{"", 0, nil},
+			testWrite{"a", 1, nil},
+			testWrite{"bcde", 0, ErrWriteTooLong},
+			testWrite{"", 0, nil},
+			testReadFrom{fileOps{""}, 0, nil},
+			testReadFrom{fileOps{"a"}, 0, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeReg{5, "hello"},
+		tests: []testFnc{
+			testRemaining{5, 5},
+			testWrite{"hello", 5, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeReg{5, "\x00\x00\x00\x00\x00"},
+		tests: []testFnc{
+			testRemaining{5, 5},
+			testReadFrom{fileOps{"\x00\x00\x00\x00\x00"}, 5, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeReg{5, "\x00\x00\x00\x00\x00"},
+		tests: []testFnc{
+			testRemaining{5, 5},
+			testReadFrom{fileOps{"\x00\x00\x00\x00\x00extra"}, 5, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeReg{5, "abc\x00\x00"},
+		tests: []testFnc{
+			testRemaining{5, 5},
+			testWrite{"abc", 3, nil},
+			testRemaining{2, 2},
+			testReadFrom{fileOps{"\x00\x00"}, 2, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeReg{5, "\x00\x00abc"},
+		tests: []testFnc{
+			testRemaining{5, 5},
+			testWrite{"\x00\x00", 2, nil},
+			testRemaining{3, 3},
+			testWrite{"abc", 3, nil},
+			testReadFrom{fileOps{"z"}, 0, ErrWriteTooLong},
+			testWrite{"z", 0, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{5, "abcde"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testRemaining{8, 5},
+			testWrite{"ab\x00\x00\x00cde", 8, nil},
+			testWrite{"a", 0, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{5, "abcde"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testWrite{"ab\x00\x00\x00cdez", 8, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{5, "abcde"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testWrite{"ab\x00", 3, nil},
+			testRemaining{5, 3},
+			testWrite{"\x00\x00cde", 5, nil},
+			testWrite{"a", 0, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{5, "abcde"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testWrite{"ab", 2, nil},
+			testRemaining{6, 3},
+			testReadFrom{fileOps{int64(3), "cde"}, 6, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{5, "abcde"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testReadFrom{fileOps{"ab", int64(3), "cde"}, 8, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{5, "abcde"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testReadFrom{fileOps{"ab", int64(3), "cdeX"}, 8, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{4, "abcd"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testReadFrom{fileOps{"ab", int64(3), "cd"}, 7, io.ErrUnexpectedEOF},
+			testRemaining{1, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{4, "abcd"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testReadFrom{fileOps{"ab", int64(3), "cde"}, 7, errMissData},
+			testRemaining{1, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{6, "abcde"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testReadFrom{fileOps{"ab", int64(3), "cde"}, 8, errUnrefData},
+			testRemaining{0, 1},
+		},
+	}, {
+		maker: makeSparse{makeReg{4, "abcd"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testWrite{"ab", 2, nil},
+			testRemaining{6, 2},
+			testWrite{"\x00\x00\x00", 3, nil},
+			testRemaining{3, 2},
+			testWrite{"cde", 2, errMissData},
+			testRemaining{1, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{6, "abcde"}, sparseHoles{{2, 3}}, 8},
+		tests: []testFnc{
+			testWrite{"ab", 2, nil},
+			testRemaining{6, 4},
+			testWrite{"\x00\x00\x00", 3, nil},
+			testRemaining{3, 4},
+			testWrite{"cde", 3, errUnrefData},
+			testRemaining{0, 1},
+		},
+	}, {
+		maker: makeSparse{makeReg{3, "abc"}, sparseHoles{{0, 2}, {5, 2}}, 7},
+		tests: []testFnc{
+			testRemaining{7, 3},
+			testWrite{"\x00\x00abc\x00\x00", 7, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{3, "abc"}, sparseHoles{{0, 2}, {5, 2}}, 7},
+		tests: []testFnc{
+			testRemaining{7, 3},
+			testReadFrom{fileOps{int64(2), "abc", int64(1), "\x00"}, 7, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{3, ""}, sparseHoles{{0, 2}, {5, 2}}, 7},
+		tests: []testFnc{
+			testWrite{"abcdefg", 0, errWriteHole},
+		},
+	}, {
+		maker: makeSparse{makeReg{3, "abc"}, sparseHoles{{0, 2}, {5, 2}}, 7},
+		tests: []testFnc{
+			testWrite{"\x00\x00abcde", 5, errWriteHole},
+		},
+	}, {
+		maker: makeSparse{makeReg{3, "abc"}, sparseHoles{{0, 2}, {5, 2}}, 7},
+		tests: []testFnc{
+			testWrite{"\x00\x00abc\x00\x00z", 7, ErrWriteTooLong},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{3, "abc"}, sparseHoles{{0, 2}, {5, 2}}, 7},
+		tests: []testFnc{
+			testWrite{"\x00\x00", 2, nil},
+			testRemaining{5, 3},
+			testWrite{"abc", 3, nil},
+			testRemaining{2, 0},
+			testWrite{"\x00\x00", 2, nil},
+			testRemaining{0, 0},
+		},
+	}, {
+		maker: makeSparse{makeReg{2, "ab"}, sparseHoles{{0, 2}, {5, 2}}, 7},
+		tests: []testFnc{
+			testWrite{"\x00\x00", 2, nil},
+			testWrite{"abc", 2, errMissData},
+			testWrite{"\x00\x00", 0, errMissData},
+		},
+	}, {
+		maker: makeSparse{makeReg{4, "abc"}, sparseHoles{{0, 2}, {5, 2}}, 7},
+		tests: []testFnc{
+			testWrite{"\x00\x00", 2, nil},
+			testWrite{"abc", 3, nil},
+			testWrite{"\x00\x00", 2, errUnrefData},
+		},
+	}}
+
+	for i, v := range vectors {
+		var wantStr string
+		bb := new(bytes.Buffer)
+		w := testNonEmptyWriter{bb}
+		var fw fileWriter
+		switch maker := v.maker.(type) {
+		case makeReg:
+			fw = &regFileWriter{w, maker.size}
+			wantStr = maker.wantStr
+		case makeSparse:
+			if !validateSparseEntries(maker.sph, maker.size) {
+				t.Fatalf("invalid sparse map: %v", maker.sph)
+			}
+			spd := invertSparseEntries(maker.sph, maker.size)
+			fw = &regFileWriter{w, maker.makeReg.size}
+			fw = &sparseFileWriter{fw, spd, 0}
+			wantStr = maker.makeReg.wantStr
+		default:
+			t.Fatalf("test %d, unknown make operation: %T", i, maker)
+		}
+
+		for j, tf := range v.tests {
+			switch tf := tf.(type) {
+			case testWrite:
+				got, err := fw.Write([]byte(tf.str))
+				if got != tf.wantCnt || err != tf.wantErr {
+					t.Errorf("test %d.%d, Write(%s):\ngot  (%d, %v)\nwant (%d, %v)", i, j, tf.str, got, err, tf.wantCnt, tf.wantErr)
+				}
+			case testReadFrom:
+				f := &testFile{ops: tf.ops}
+				got, err := fw.ReadFrom(f)
+				if _, ok := err.(testError); ok {
+					t.Errorf("test %d.%d, ReadFrom(): %v", i, j, err)
+				} else if got != tf.wantCnt || err != tf.wantErr {
+					t.Errorf("test %d.%d, ReadFrom() = (%d, %v), want (%d, %v)", i, j, got, err, tf.wantCnt, tf.wantErr)
+				}
+				if len(f.ops) > 0 {
+					t.Errorf("test %d.%d, expected %d more operations", i, j, len(f.ops))
+				}
+			case testRemaining:
+				if got := fw.LogicalRemaining(); got != tf.wantLCnt {
+					t.Errorf("test %d.%d, LogicalRemaining() = %d, want %d", i, j, got, tf.wantLCnt)
+				}
+				if got := fw.PhysicalRemaining(); got != tf.wantPCnt {
+					t.Errorf("test %d.%d, PhysicalRemaining() = %d, want %d", i, j, got, tf.wantPCnt)
+				}
+			default:
+				t.Fatalf("test %d.%d, unknown test operation: %T", i, j, tf)
+			}
+		}
+
+		if got := bb.String(); got != wantStr {
+			t.Fatalf("test %d, String() = %q, want %q", i, got, wantStr)
+		}
+	}
+}
diff --git a/vendor/cloud.google.com/go/README.md b/vendor/cloud.google.com/go/README.md
index ac66000bc74b6..f3a0c3c5e8fc3 100644
--- a/vendor/cloud.google.com/go/README.md
+++ b/vendor/cloud.google.com/go/README.md
@@ -8,7 +8,7 @@ Go packages for [Google Cloud Platform](https://cloud.google.com) services.
 import "cloud.google.com/go"
 ```
 
-To install the packages on your system,
+To install the packages on your system, *do not clone the repo*. Instead use
 
 ```
 $ go get -u cloud.google.com/go/...
@@ -19,263 +19,44 @@ make backwards-incompatible changes.
 
 **NOTE:** Github repo is a mirror of [https://code.googlesource.com/gocloud](https://code.googlesource.com/gocloud).
 
-  * [News](#news)
-  * [Supported APIs](#supported-apis)
-  * [Go Versions Supported](#go-versions-supported)
-  * [Authorization](#authorization)
-  * [Cloud Datastore](#cloud-datastore-)
-  * [Cloud Storage](#cloud-storage-)
-  * [Cloud Pub/Sub](#cloud-pub-sub-)
-  * [Cloud BigQuery](#cloud-bigquery-)
-  * [Stackdriver Logging](#stackdriver-logging-)
-  * [Cloud Spanner](#cloud-spanner-)
-
-
-## News
-
-_May 18, 2018_
-
-*v0.23.0*
-
-- bigquery: Add DDL stats to query statistics.
-- bigtable:
-  - cbt: Add cells-per-column limit for row lookup.
-  - cbt: Make it possible to combine read filters.
-- dlp: v2beta2 client removed. Use the v2 client instead.
-- firestore, spanner: Fix compilation errors due to protobuf changes.
-
-_May 8, 2018_
-
-*v0.22.0*
-
-- bigtable:
-  - cbt: Support cells per column limit for row read.
-  - bttest: Correctly handle empty RowSet.
-  - Fix ReadModifyWrite operation in emulator.
-  - Fix API path in GetCluster.
-
-- bigquery:
-  - BEHAVIOR CHANGE: Retry on 503 status code.
-  - Add dataset.DeleteWithContents.
-  - Add SchemaUpdateOptions for query jobs.
-  - Add Timeline to QueryStatistics.
-  - Add more stats to ExplainQueryStage.
-  - Support Parquet data format.
-
-- datastore:
-  - Support omitempty for times.
-
-- dlp:
-  - **BREAKING CHANGE:** Remove v1beta1 client. Please migrate to the v2 client,
-  which is now out of beta.
-  - Add v2 client.
-
-- firestore:
-  - BEHAVIOR CHANGE: Treat set({}, MergeAll) as valid.
-
-- iam:
-  - Support JWT signing via SignJwt callopt.
-
-- profiler:
-  - BEHAVIOR CHANGE: PollForSerialOutput returns an error when context.Done.
-  - BEHAVIOR CHANGE: Increase the initial backoff to 1 minute.
-  - Avoid returning empty serial port output.
-
-- pubsub:
-  - BEHAVIOR CHANGE: Don't backoff during next retryable error once stream is healthy.
-  - BEHAVIOR CHANGE: Don't backoff on EOF.
-  - pstest: Support Acknowledge and ModifyAckDeadline RPCs.
-
-- redis:
-  - Add v1 beta Redis client.
-
-- spanner:
-  - Support SessionLabels.
-
-- speech:
-  - Add api v1 beta1 client.
-
-- storage:
-  - BEHAVIOR CHANGE: Retry reads when retryable error occurs.
-  - Fix delete of object in requester-pays bucket.
-  - Support KMS integration.
-
-_April 9, 2018_
-
-*v0.21.0*
-
-- bigquery:
-  - Add OpenCensus tracing.
-
-- firestore:
-  - **BREAKING CHANGE:** If a document does not exist, return a DocumentSnapshot
-    whose Exists method returns false. DocumentRef.Get and Transaction.Get
-    return the non-nil DocumentSnapshot in addition to a NotFound error.
-    **DocumentRef.GetAll and Transaction.GetAll return a non-nil
-    DocumentSnapshot instead of nil.**
-  - Add DocumentIterator.Stop. **Call Stop whenever you are done with a
-    DocumentIterator.**
-  - Added Query.Snapshots and DocumentRef.Snapshots, which provide realtime
-    notification of updates. See https://cloud.google.com/firestore/docs/query-data/listen.
-  - Canceling an RPC now always returns a grpc.Status with codes.Canceled.
-
-- spanner:
-  - Add `CommitTimestamp`, which supports inserting the commit timestamp of a
-    transaction into a column.
-
-_March 22, 2018_
-
-*v0.20.0*
-
-- bigquery: Support SchemaUpdateOptions for load jobs.
-
-- bigtable:
-  - Add SampleRowKeys.
-  - cbt: Support union, intersection GCPolicy.
-  - Retry admin RPCS.
-  - Add trace spans to retries.
-
-- datastore: Add OpenCensus tracing.
-
-- firestore:
-  - Fix queries involving Null and NaN.
-  - Allow Timestamp protobuffers for time values.
-
-- logging: Add a WriteTimeout option.
-
-- spanner: Support Batch API.
-
-- storage: Add OpenCensus tracing.
-
-
-_February 26, 2018_
-
-*v0.19.0*
-
-- bigquery:
-  - Support customer-managed encryption keys.
-
-- bigtable:
-  - Improved emulator support.
-  - Support GetCluster.
-
-- datastore:
-  - Add general mutations.
-  - Support pointer struct fields.
-  - Support transaction options.
-
-- firestore:
-  - Add Transaction.GetAll.
-  - Support document cursors.
-
-- logging:
-  - Support concurrent RPCs to the service.
-  - Support per-entry resources.
-
-- profiler:
-  - Add config options to disable heap and thread profiling.
-  - Read the project ID from $GOOGLE_CLOUD_PROJECT when it's set.
-
-- pubsub:
-  - BEHAVIOR CHANGE: Release flow control after ack/nack (instead of after the
-    callback returns).
-  - Add SubscriptionInProject.
-  - Add OpenCensus instrumentation for streaming pull.
-
-- storage:
-  - Support CORS.
-
-
-_January 18, 2018_
-
-*v0.18.0*
-
-- bigquery:
-  - Marked stable.
-  - Schema inference of nullable fields supported.
-  - Added TimePartitioning to QueryConfig.
-
-- firestore: Data provided to DocumentRef.Set with a Merge option can contain
-  Delete sentinels.
-
-- logging: Clients can accept parent resources other than projects.
-
-- pubsub:
-  - pubsub/pstest: A lighweight fake for pubsub. Experimental; feedback welcome.
-  - Support updating more subscription metadata: AckDeadline,
-    RetainAckedMessages and RetentionDuration.
-
-- oslogin/apiv1beta: New client for the Cloud OS Login API.
-
-- rpcreplay: A package for recording and replaying gRPC traffic.
-
-- spanner:
-  - Add a ReadWithOptions that supports a row limit, as well as an index.
-  - Support query plan and execution statistics.
-  - Added [OpenCensus](http://opencensus.io) support.
-
-- storage: Clarify checksum validation for gzipped files (it is not validated
-  when the file is served uncompressed).
-
-
-_December 11, 2017_
-
-*v0.17.0*
-
-- firestore BREAKING CHANGES:
-  - Remove UpdateMap and UpdateStruct; rename UpdatePaths to Update.
-    Change
-        `docref.UpdateMap(ctx, map[string]interface{}{"a.b", 1})`
-    to
-        `docref.Update(ctx, []firestore.Update{{Path: "a.b", Value: 1}})`
-
-    Change
-        `docref.UpdateStruct(ctx, []string{"Field"}, aStruct)`
-    to
-        `docref.Update(ctx, []firestore.Update{{Path: "Field", Value: aStruct.Field}})`
-  - Rename MergePaths to Merge; require args to be FieldPaths
-  - A value stored as an integer can be read into a floating-point field, and vice versa.
-- bigtable/cmd/cbt:
-  - Support deleting a column.
-  - Add regex option for row read.
-- spanner: Mark stable.
-- storage:
-  - Add Reader.ContentEncoding method.
-  - Fix handling of SignedURL headers.
-- bigquery:
-  - If Uploader.Put is called with no rows, it returns nil without making a
-    call.
-  - Schema inference supports the "nullable" option in struct tags for
-    non-required fields.
-  - TimePartitioning supports "Field".
-
-
-[Older news](https://github.com/GoogleCloudPlatform/google-cloud-go/blob/master/old-news.md)
-
 ## Supported APIs
 
-Google API                       | Status       | Package
----------------------------------|--------------|-----------------------------------------------------------
-[BigQuery][cloud-bigquery]       | stable       | [`cloud.google.com/go/bigquery`][cloud-bigquery-ref]
-[Bigtable][cloud-bigtable]       | stable       | [`cloud.google.com/go/bigtable`][cloud-bigtable-ref]
-[Container][cloud-container]     | alpha        | [`cloud.google.com/go/container/apiv1`][cloud-container-ref]
-[Data Loss Prevention][cloud-dlp]| alpha        | [`cloud.google.com/go/dlp/apiv2beta1`][cloud-dlp-ref]
-[Datastore][cloud-datastore]     | stable       | [`cloud.google.com/go/datastore`][cloud-datastore-ref]
-[Debugger][cloud-debugger]       | alpha        | [`cloud.google.com/go/debugger/apiv2`][cloud-debugger-ref]
-[ErrorReporting][cloud-errors]   | alpha        | [`cloud.google.com/go/errorreporting`][cloud-errors-ref]
-[Firestore][cloud-firestore]     | beta         | [`cloud.google.com/go/firestore`][cloud-firestore-ref]
-[Language][cloud-language]       | stable       | [`cloud.google.com/go/language/apiv1`][cloud-language-ref]
-[Logging][cloud-logging]         | stable       | [`cloud.google.com/go/logging`][cloud-logging-ref]
-[Monitoring][cloud-monitoring]   | beta         | [`cloud.google.com/go/monitoring/apiv3`][cloud-monitoring-ref]
-[OS Login][cloud-oslogin]        | alpha        | [`cloud.google.com/compute/docs/oslogin/rest`][cloud-oslogin-ref]
-[Pub/Sub][cloud-pubsub]          | beta         | [`cloud.google.com/go/pubsub`][cloud-pubsub-ref]
-[Spanner][cloud-spanner]         | stable       | [`cloud.google.com/go/spanner`][cloud-spanner-ref]
-[Speech][cloud-speech]           | stable       | [`cloud.google.com/go/speech/apiv1`][cloud-speech-ref]
-[Storage][cloud-storage]         | stable       | [`cloud.google.com/go/storage`][cloud-storage-ref]
-[Translation][cloud-translation] | stable       | [`cloud.google.com/go/translate`][cloud-translation-ref]
-[Video Intelligence][cloud-video]| beta         | [`cloud.google.com/go/videointelligence/apiv1beta1`][cloud-video-ref]
-[Vision][cloud-vision]           | stable       | [`cloud.google.com/go/vision/apiv1`][cloud-vision-ref]
-
+Google API                                      | Status       | Package
+------------------------------------------------|--------------|-----------------------------------------------------------
+[Asset][cloud-asset]                            | alpha        | [`cloud.google.com/go/asset/v1beta`][cloud-asset-ref]
+[BigQuery][cloud-bigquery]                      | stable       | [`cloud.google.com/go/bigquery`][cloud-bigquery-ref]
+[Bigtable][cloud-bigtable]                      | stable       | [`cloud.google.com/go/bigtable`][cloud-bigtable-ref]
+[Cloudtasks][cloud-tasks]                       | stable       | [`cloud.google.com/go/cloudtasks/apiv2`][cloud-tasks-ref]
+[Container][cloud-container]                    | stable       | [`cloud.google.com/go/container/apiv1`][cloud-container-ref]
+[ContainerAnalysis][cloud-containeranalysis]    | beta         | [`cloud.google.com/go/containeranalysis/apiv1beta1`][cloud-containeranalysis-ref]
+[Dataproc][cloud-dataproc]                      | stable       | [`cloud.google.com/go/dataproc/apiv1`][cloud-dataproc-ref]
+[Datastore][cloud-datastore]                    | stable       | [`cloud.google.com/go/datastore`][cloud-datastore-ref]
+[Debugger][cloud-debugger]                      | alpha        | [`cloud.google.com/go/debugger/apiv2`][cloud-debugger-ref]
+[Dialogflow][cloud-dialogflow]                  | alpha        | [`cloud.google.com/go/dialogflow/apiv2`][cloud-dialogflow-ref]
+[Data Loss Prevention][cloud-dlp]               | alpha        | [`cloud.google.com/go/dlp/apiv2`][cloud-dlp-ref]
+[ErrorReporting][cloud-errors]                  | alpha        | [`cloud.google.com/go/errorreporting`][cloud-errors-ref]
+[Firestore][cloud-firestore]                    | stable       | [`cloud.google.com/go/firestore`][cloud-firestore-ref]
+[IAM][cloud-iam]                                | stable       | [`cloud.google.com/go/iam`][cloud-iam-ref]
+[IoT][cloud-iot]                                | alpha        | [`cloud.google.com/iot/apiv1`][cloud-iot-ref]
+[KMS][cloud-kms]                                | stable       | [`cloud.google.com/go/kms`][cloud-kms-ref]
+[Natural Language][cloud-natural-language]      | stable       | [`cloud.google.com/go/language/apiv1`][cloud-natural-language-ref]
+[Logging][cloud-logging]                        | stable       | [`cloud.google.com/go/logging`][cloud-logging-ref]
+[Monitoring][cloud-monitoring]                  | alpha        | [`cloud.google.com/go/monitoring/apiv3`][cloud-monitoring-ref]
+[OS Login][cloud-oslogin]                       | alpha        | [`cloud.google.com/go/oslogin/apiv1`][cloud-oslogin-ref]
+[Pub/Sub][cloud-pubsub]                         | stable       | [`cloud.google.com/go/pubsub`][cloud-pubsub-ref]
+[Phishing Protection][cloud-phishingprotection] | alpha        | [`cloud.google.com/go/phishingprotection/apiv1betad1`][cloud-phishingprotection-ref]
+[reCAPTCHA Enterprise][cloud-recaptcha]         | alpha        | [`cloud.google.com/go/recaptchaenterprise/apiv1betad1`][cloud-recaptcha-ref]
+[Memorystore][cloud-memorystore]                | alpha        | [`cloud.google.com/go/redis/apiv1`][cloud-memorystore-ref]
+[Scheduler][cloud-scheduler]                    | stable       | [`cloud.google.com/go/scheduler/apiv1`][cloud-scheduler-ref]
+[Spanner][cloud-spanner]                        | stable       | [`cloud.google.com/go/spanner`][cloud-spanner-ref]
+[Speech][cloud-speech]                          | stable       | [`cloud.google.com/go/speech/apiv1`][cloud-speech-ref]
+[Storage][cloud-storage]                        | stable       | [`cloud.google.com/go/storage`][cloud-storage-ref]
+[Talent][cloud-talent]                          | alpha        | [`cloud.google.com/go/talent/apiv4beta1`][cloud-talent-ref]
+[Text To Speech][cloud-texttospeech]            | alpha        | [`cloud.google.com/go/texttospeech/apiv1`][cloud-texttospeech-ref]
+[Trace][cloud-trace]                            | alpha        | [`cloud.google.com/go/trace/apiv2`][cloud-trace-ref]
+[Translate][cloud-translate]                    | stable       | [`cloud.google.com/go/translate`][cloud-translate-ref]
+[Video Intelligence][cloud-video]               | alpha        | [`cloud.google.com/go/videointelligence/apiv1beta1`][cloud-video-ref]
+[Vision][cloud-vision]                          | stable       | [`cloud.google.com/go/vision/apiv1`][cloud-vision-ref]
 
 > **Alpha status**: the API is still being actively developed. As a
 > result, it might change in backward-incompatible ways and is not recommended
@@ -288,23 +69,16 @@ Google API                       | Status       | Package
 > **Stable status**: the API is mature and ready for production use. We will
 > continue addressing bugs and feature requests.
 
-Documentation and examples are available at
-https://godoc.org/cloud.google.com/go
-
-Visit or join the
-[google-api-go-announce group](https://groups.google.com/forum/#!forum/google-api-go-announce)
-for updates on these packages.
+Documentation and examples are available at [godoc.org/cloud.google.com/go](godoc.org/cloud.google.com/go)
 
 ## Go Versions Supported
 
 We support the two most recent major versions of Go. If Google App Engine uses
-an older version, we support that as well. You can see which versions are
-currently supported by looking at the lines following `go:` in
-[`.travis.yml`](.travis.yml).
+an older version, we support that as well.
 
 ## Authorization
 
-By default, each API will use [Google Application Default Credentials][default-creds]
+By default, each API will use [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials)
 for authorization credentials used in calling the API endpoints. This will allow your
 application to run in many environments without requiring explicit configuration.
 
@@ -316,12 +90,12 @@ client, err := storage.NewClient(ctx)
 To authorize using a
 [JSON key file](https://cloud.google.com/iam/docs/managing-service-account-keys),
 pass
-[`option.WithServiceAccountFile`](https://godoc.org/google.golang.org/api/option#WithServiceAccountFile)
+[`option.WithCredentialsFile`](https://godoc.org/google.golang.org/api/option#WithCredentialsFile)
 to the `NewClient` function of the desired package. For example:
 
 [snip]:# (auth-JSON)
 ```go
-client, err := storage.NewClient(ctx, option.WithServiceAccountFile("path/to/keyfile.json"))
+client, err := storage.NewClient(ctx, option.WithCredentialsFile("path/to/keyfile.json"))
 ```
 
 You can exert more control over authorization by using the
@@ -335,249 +109,6 @@ tokenSource := ...
 client, err := storage.NewClient(ctx, option.WithTokenSource(tokenSource))
 ```
 
-## Cloud Datastore [![GoDoc](https://godoc.org/cloud.google.com/go/datastore?status.svg)](https://godoc.org/cloud.google.com/go/datastore)
-
-- [About Cloud Datastore][cloud-datastore]
-- [Activating the API for your project][cloud-datastore-activation]
-- [API documentation][cloud-datastore-docs]
-- [Go client documentation](https://godoc.org/cloud.google.com/go/datastore)
-- [Complete sample program](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/datastore/tasks)
-
-### Example Usage
-
-First create a `datastore.Client` to use throughout your application:
-
-[snip]:# (datastore-1)
-```go
-client, err := datastore.NewClient(ctx, "my-project-id")
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-Then use that client to interact with the API:
-
-[snip]:# (datastore-2)
-```go
-type Post struct {
-	Title       string
-	Body        string `datastore:",noindex"`
-	PublishedAt time.Time
-}
-keys := []*datastore.Key{
-	datastore.NameKey("Post", "post1", nil),
-	datastore.NameKey("Post", "post2", nil),
-}
-posts := []*Post{
-	{Title: "Post 1", Body: "...", PublishedAt: time.Now()},
-	{Title: "Post 2", Body: "...", PublishedAt: time.Now()},
-}
-if _, err := client.PutMulti(ctx, keys, posts); err != nil {
-	log.Fatal(err)
-}
-```
-
-## Cloud Storage [![GoDoc](https://godoc.org/cloud.google.com/go/storage?status.svg)](https://godoc.org/cloud.google.com/go/storage)
-
-- [About Cloud Storage][cloud-storage]
-- [API documentation][cloud-storage-docs]
-- [Go client documentation](https://godoc.org/cloud.google.com/go/storage)
-- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/storage)
-
-### Example Usage
-
-First create a `storage.Client` to use throughout your application:
-
-[snip]:# (storage-1)
-```go
-client, err := storage.NewClient(ctx)
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-[snip]:# (storage-2)
-```go
-// Read the object1 from bucket.
-rc, err := client.Bucket("bucket").Object("object1").NewReader(ctx)
-if err != nil {
-	log.Fatal(err)
-}
-defer rc.Close()
-body, err := ioutil.ReadAll(rc)
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-## Cloud Pub/Sub [![GoDoc](https://godoc.org/cloud.google.com/go/pubsub?status.svg)](https://godoc.org/cloud.google.com/go/pubsub)
-
-- [About Cloud Pubsub][cloud-pubsub]
-- [API documentation][cloud-pubsub-docs]
-- [Go client documentation](https://godoc.org/cloud.google.com/go/pubsub)
-- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/pubsub)
-
-### Example Usage
-
-First create a `pubsub.Client` to use throughout your application:
-
-[snip]:# (pubsub-1)
-```go
-client, err := pubsub.NewClient(ctx, "project-id")
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-Then use the client to publish and subscribe:
-
-[snip]:# (pubsub-2)
-```go
-// Publish "hello world" on topic1.
-topic := client.Topic("topic1")
-res := topic.Publish(ctx, &pubsub.Message{
-	Data: []byte("hello world"),
-})
-// The publish happens asynchronously.
-// Later, you can get the result from res:
-...
-msgID, err := res.Get(ctx)
-if err != nil {
-	log.Fatal(err)
-}
-
-// Use a callback to receive messages via subscription1.
-sub := client.Subscription("subscription1")
-err = sub.Receive(ctx, func(ctx context.Context, m *pubsub.Message) {
-	fmt.Println(m.Data)
-	m.Ack() // Acknowledge that we've consumed the message.
-})
-if err != nil {
-	log.Println(err)
-}
-```
-
-## Cloud BigQuery [![GoDoc](https://godoc.org/cloud.google.com/go/bigquery?status.svg)](https://godoc.org/cloud.google.com/go/bigquery)
-
-- [About Cloud BigQuery][cloud-bigquery]
-- [API documentation][cloud-bigquery-docs]
-- [Go client documentation][cloud-bigquery-ref]
-- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/bigquery)
-
-### Example Usage
-
-First create a `bigquery.Client` to use throughout your application:
-[snip]:# (bq-1)
-```go
-c, err := bigquery.NewClient(ctx, "my-project-ID")
-if err != nil {
-	// TODO: Handle error.
-}
-```
-
-Then use that client to interact with the API:
-[snip]:# (bq-2)
-```go
-// Construct a query.
-q := c.Query(`
-    SELECT year, SUM(number)
-    FROM [bigquery-public-data:usa_names.usa_1910_2013]
-    WHERE name = "William"
-    GROUP BY year
-    ORDER BY year
-`)
-// Execute the query.
-it, err := q.Read(ctx)
-if err != nil {
-	// TODO: Handle error.
-}
-// Iterate through the results.
-for {
-	var values []bigquery.Value
-	err := it.Next(&values)
-	if err == iterator.Done {
-		break
-	}
-	if err != nil {
-		// TODO: Handle error.
-	}
-	fmt.Println(values)
-}
-```
-
-
-## Stackdriver Logging [![GoDoc](https://godoc.org/cloud.google.com/go/logging?status.svg)](https://godoc.org/cloud.google.com/go/logging)
-
-- [About Stackdriver Logging][cloud-logging]
-- [API documentation][cloud-logging-docs]
-- [Go client documentation][cloud-logging-ref]
-- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/logging)
-
-### Example Usage
-
-First create a `logging.Client` to use throughout your application:
-[snip]:# (logging-1)
-```go
-ctx := context.Background()
-client, err := logging.NewClient(ctx, "my-project")
-if err != nil {
-	// TODO: Handle error.
-}
-```
-
-Usually, you'll want to add log entries to a buffer to be periodically flushed
-(automatically and asynchronously) to the Stackdriver Logging service.
-[snip]:# (logging-2)
-```go
-logger := client.Logger("my-log")
-logger.Log(logging.Entry{Payload: "something happened!"})
-```
-
-Close your client before your program exits, to flush any buffered log entries.
-[snip]:# (logging-3)
-```go
-err = client.Close()
-if err != nil {
-	// TODO: Handle error.
-}
-```
-
-## Cloud Spanner [![GoDoc](https://godoc.org/cloud.google.com/go/spanner?status.svg)](https://godoc.org/cloud.google.com/go/spanner)
-
-- [About Cloud Spanner][cloud-spanner]
-- [API documentation][cloud-spanner-docs]
-- [Go client documentation](https://godoc.org/cloud.google.com/go/spanner)
-
-### Example Usage
-
-First create a `spanner.Client` to use throughout your application:
-
-[snip]:# (spanner-1)
-```go
-client, err := spanner.NewClient(ctx, "projects/P/instances/I/databases/D")
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-[snip]:# (spanner-2)
-```go
-// Simple Reads And Writes
-_, err = client.Apply(ctx, []*spanner.Mutation{
-	spanner.Insert("Users",
-		[]string{"name", "email"},
-		[]interface{}{"alice", "a@example.com"})})
-if err != nil {
-	log.Fatal(err)
-}
-row, err := client.Single().ReadRow(ctx, "Users",
-	spanner.Key{"alice"}, []string{"email"})
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-
 ## Contributing
 
 Contributions are welcome. Please, see the
@@ -592,32 +123,23 @@ for more information.
 
 [cloud-datastore]: https://cloud.google.com/datastore/
 [cloud-datastore-ref]: https://godoc.org/cloud.google.com/go/datastore
-[cloud-datastore-docs]: https://cloud.google.com/datastore/docs
-[cloud-datastore-activation]: https://cloud.google.com/datastore/docs/activate
 
 [cloud-firestore]: https://cloud.google.com/firestore/
 [cloud-firestore-ref]: https://godoc.org/cloud.google.com/go/firestore
-[cloud-firestore-docs]: https://cloud.google.com/firestore/docs
-[cloud-firestore-activation]: https://cloud.google.com/firestore/docs/activate
 
 [cloud-pubsub]: https://cloud.google.com/pubsub/
 [cloud-pubsub-ref]: https://godoc.org/cloud.google.com/go/pubsub
-[cloud-pubsub-docs]: https://cloud.google.com/pubsub/docs
 
 [cloud-storage]: https://cloud.google.com/storage/
 [cloud-storage-ref]: https://godoc.org/cloud.google.com/go/storage
-[cloud-storage-docs]: https://cloud.google.com/storage/docs
-[cloud-storage-create-bucket]: https://cloud.google.com/storage/docs/cloud-console#_creatingbuckets
 
 [cloud-bigtable]: https://cloud.google.com/bigtable/
 [cloud-bigtable-ref]: https://godoc.org/cloud.google.com/go/bigtable
 
 [cloud-bigquery]: https://cloud.google.com/bigquery/
-[cloud-bigquery-docs]: https://cloud.google.com/bigquery/docs
 [cloud-bigquery-ref]: https://godoc.org/cloud.google.com/go/bigquery
 
 [cloud-logging]: https://cloud.google.com/logging/
-[cloud-logging-docs]: https://cloud.google.com/logging/docs
 [cloud-logging-ref]: https://godoc.org/cloud.google.com/go/logging
 
 [cloud-monitoring]: https://cloud.google.com/monitoring/
@@ -630,17 +152,16 @@ for more information.
 [cloud-language-ref]: https://godoc.org/cloud.google.com/go/language/apiv1
 
 [cloud-oslogin]: https://cloud.google.com/compute/docs/oslogin/rest
-[cloud-oslogin-ref]: https://cloud.google.com/compute/docs/oslogin/rest
+[cloud-oslogin-ref]: https://cloud.google.com/go/oslogin/apiv1
 
 [cloud-speech]: https://cloud.google.com/speech
 [cloud-speech-ref]: https://godoc.org/cloud.google.com/go/speech/apiv1
 
 [cloud-spanner]: https://cloud.google.com/spanner/
 [cloud-spanner-ref]: https://godoc.org/cloud.google.com/go/spanner
-[cloud-spanner-docs]: https://cloud.google.com/spanner/docs
 
-[cloud-translation]: https://cloud.google.com/translation
-[cloud-translation-ref]: https://godoc.org/cloud.google.com/go/translation
+[cloud-translate]: https://cloud.google.com/translate
+[cloud-translate-ref]: https://godoc.org/cloud.google.com/go/translate
 
 [cloud-video]: https://cloud.google.com/video-intelligence/
 [cloud-video-ref]: https://godoc.org/cloud.google.com/go/videointelligence/apiv1beta1
@@ -657,4 +178,50 @@ for more information.
 [cloud-dlp]: https://cloud.google.com/dlp/
 [cloud-dlp-ref]: https://godoc.org/cloud.google.com/go/dlp/apiv2beta1
 
-[default-creds]: https://developers.google.com/identity/protocols/application-default-credentials
+[cloud-dataproc]: https://cloud.google.com/dataproc/
+[cloud-dataproc-ref]: https://godoc.org/cloud.google.com/go/dataproc/apiv1
+
+[cloud-iam]: https://cloud.google.com/iam/
+[cloud-iam-ref]: https://godoc.org/cloud.google.com/go/iam
+
+[cloud-kms]: https://cloud.google.com/kms/
+[cloud-kms-ref]: https://godoc.org/cloud.google.com/go/kms/apiv1
+
+[cloud-natural-language]: https://cloud.google.com/natural-language/
+[cloud-natural-language-ref]: https://godoc.org/cloud.google.com/go/language/apiv1
+
+[cloud-memorystore]: https://cloud.google.com/memorystore/
+[cloud-memorystore-ref]: https://godoc.org/cloud.google.com/go/redis/apiv1
+
+[cloud-texttospeech]: https://cloud.google.com/texttospeech/
+[cloud-texttospeech-ref]: https://godoc.org/cloud.google.com/go/texttospeech/apiv1
+
+[cloud-trace]: https://cloud.google.com/trace/
+[cloud-trace-ref]: https://godoc.org/cloud.google.com/go/trace/apiv2
+
+[cloud-dialogflow]: https://cloud.google.com/dialogflow-enterprise/
+[cloud-dialogflow-ref]: https://godoc.org/cloud.google.com/go/dialogflow/apiv2
+
+[cloud-containeranalysis]: https://cloud.google.com/container-registry/docs/container-analysis
+[cloud-containeranalysis-ref]: https://godoc.org/cloud.google.com/go/devtools/containeranalysis/apiv1beta1
+
+[cloud-asset]: https://cloud.google.com/security-command-center/docs/how-to-asset-inventory
+[cloud-asset-ref]: https://godoc.org/cloud.google.com/go/asset/apiv1
+
+[cloud-tasks]: https://cloud.google.com/tasks/
+[cloud-tasks-ref]: https://godoc.org/cloud.google.com/go/cloudtasks/apiv2
+
+[cloud-scheduler]: https://cloud.google.com/scheduler
+[cloud-scheduler-ref]: https://godoc.org/cloud.google.com/go/scheduler/apiv1
+
+[cloud-iot]: https://cloud.google.com/iot-core/
+[cloud-iot-ref]: https://godoc.org/cloud.google.com/go/iot/apiv1
+
+[cloud-phishingprotection]: https://cloud.google.com/phishing-protection/
+[cloud-phishingprotection-ref]: https://cloud.google.com/go/phishingprotection/apiv1beta1
+
+[cloud-recaptcha]: https://cloud.google.com/recaptcha-enterprise/
+[cloud-recaptcha-ref]: https://cloud.google.com/go/recaptchaenterprise/apiv1beta1
+
+[cloud-talent]: https://cloud.google.com/solutions/talent-solution/
+[cloud-talent-ref]: https://godoc.org/cloud.google.com/go/talent/apiv4beta1
diff --git a/vendor/cloud.google.com/go/cloud.go b/vendor/cloud.google.com/go/cloud.go
new file mode 100644
index 0000000000000..237d84561ce0a
--- /dev/null
+++ b/vendor/cloud.google.com/go/cloud.go
@@ -0,0 +1,100 @@
+// Copyright 2014 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/*
+Package cloud is the root of the packages used to access Google Cloud
+Services. See https://godoc.org/cloud.google.com/go for a full list
+of sub-packages.
+
+
+Client Options
+
+All clients in sub-packages are configurable via client options. These options are
+described here: https://godoc.org/google.golang.org/api/option.
+
+
+Authentication and Authorization
+
+All the clients in sub-packages support authentication via Google Application Default
+Credentials (see https://cloud.google.com/docs/authentication/production), or
+by providing a JSON key file for a Service Account. See the authentication examples
+in this package for details.
+
+
+Timeouts and Cancellation
+
+By default, all requests in sub-packages will run indefinitely, retrying on transient
+errors when correctness allows. To set timeouts or arrange for cancellation, use
+contexts. See the examples for details.
+
+Do not attempt to control the initial connection (dialing) of a service by setting a
+timeout on the context passed to NewClient. Dialing is non-blocking, so timeouts
+would be ineffective and would only interfere with credential refreshing, which uses
+the same context.
+
+
+Connection Pooling
+
+Connection pooling differs in clients based on their transport. Cloud
+clients either rely on HTTP or gRPC transports to communicate
+with Google Cloud.
+
+Cloud clients that use HTTP (bigquery, compute, storage, and translate) rely on the
+underlying HTTP transport to cache connections for later re-use. These are cached to
+the default http.MaxIdleConns and http.MaxIdleConnsPerHost settings in
+http.DefaultTransport.
+
+For gRPC clients (all others in this repo), connection pooling is configurable. Users
+of cloud client libraries may specify option.WithGRPCConnectionPool(n) as a client
+option to NewClient calls. This configures the underlying gRPC connections to be
+pooled and addressed in a round robin fashion.
+
+
+Using the Libraries with Docker
+
+Minimal docker images like Alpine lack CA certificates. This causes RPCs to appear to
+hang, because gRPC retries indefinitely. See https://github.com/googleapis/google-cloud-go/issues/928
+for more information.
+
+
+Debugging
+
+To see gRPC logs, set the environment variable GRPC_GO_LOG_SEVERITY_LEVEL. See
+https://godoc.org/google.golang.org/grpc/grpclog for more information.
+
+For HTTP logging, set the GODEBUG environment variable to "http2debug=1" or "http2debug=2".
+
+
+Client Stability
+
+Clients in this repository are considered alpha or beta unless otherwise
+marked as stable in the README.md. Semver is not used to communicate stability
+of clients.
+
+Alpha and beta clients may change or go away without notice.
+
+Clients marked stable will maintain compatibility with future versions for as
+long as we can reasonably sustain. Incompatible changes might be made in some
+situations, including:
+
+- Security bugs may prompt backwards-incompatible changes.
+
+- Situations in which components are no longer feasible to maintain without
+making breaking changes, including removal.
+
+- Parts of the client surface may be outright unstable and subject to change.
+These parts of the surface will be labeled with the note, "It is EXPERIMENTAL
+and subject to change or removal without notice."
+*/
+package cloud // import "cloud.google.com/go"
diff --git a/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/pclinetest.h b/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/pclinetest.h
new file mode 100644
index 0000000000000..156c0b87b00a0
--- /dev/null
+++ b/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/pclinetest.h
@@ -0,0 +1,9 @@
+// +build ignore
+
+// Empty include file to generate z symbols
+
+
+
+
+
+// EOF
diff --git a/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/pclntab.go b/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/pclntab.go
new file mode 100644
index 0000000000000..dcd7015bb7298
--- /dev/null
+++ b/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/pclntab.go
@@ -0,0 +1,472 @@
+// Copyright 2018 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/*
+ * Line tables
+ */
+
+package gosym
+
+import (
+	"encoding/binary"
+	"sync"
+)
+
+// A LineTable is a data structure mapping program counters to line numbers.
+//
+// In Go 1.1 and earlier, each function (represented by a Func) had its own LineTable,
+// and the line number corresponded to a numbering of all source lines in the
+// program, across all files. That absolute line number would then have to be
+// converted separately to a file name and line number within the file.
+//
+// In Go 1.2, the format of the data changed so that there is a single LineTable
+// for the entire program, shared by all Funcs, and there are no absolute line
+// numbers, just line numbers within specific files.
+//
+// For the most part, LineTable's methods should be treated as an internal
+// detail of the package; callers should use the methods on Table instead.
+type LineTable struct {
+	Data []byte
+	PC   uint64
+	Line int
+
+	// Go 1.2 state
+	mu       sync.Mutex
+	go12     int // is this in Go 1.2 format? -1 no, 0 unknown, 1 yes
+	binary   binary.ByteOrder
+	quantum  uint32
+	ptrsize  uint32
+	functab  []byte
+	nfunctab uint32
+	filetab  []byte
+	nfiletab uint32
+	fileMap  map[string]uint32
+}
+
+// NOTE(rsc): This is wrong for GOARCH=arm, which uses a quantum of 4,
+// but we have no idea whether we're using arm or not. This only
+// matters in the old (pre-Go 1.2) symbol table format, so it's not worth
+// fixing.
+const oldQuantum = 1
+
+func (t *LineTable) parse(targetPC uint64, targetLine int) (b []byte, pc uint64, line int) {
+	// The PC/line table can be thought of as a sequence of
+	//  <pc update>* <line update>
+	// batches.  Each update batch results in a (pc, line) pair,
+	// where line applies to every PC from pc up to but not
+	// including the pc of the next pair.
+	//
+	// Here we process each update individually, which simplifies
+	// the code, but makes the corner cases more confusing.
+	b, pc, line = t.Data, t.PC, t.Line
+	for pc <= targetPC && line != targetLine && len(b) > 0 {
+		code := b[0]
+		b = b[1:]
+		switch {
+		case code == 0:
+			if len(b) < 4 {
+				b = b[0:0]
+				break
+			}
+			val := binary.BigEndian.Uint32(b)
+			b = b[4:]
+			line += int(val)
+		case code <= 64:
+			line += int(code)
+		case code <= 128:
+			line -= int(code - 64)
+		default:
+			pc += oldQuantum * uint64(code-128)
+			continue
+		}
+		pc += oldQuantum
+	}
+	return b, pc, line
+}
+
+func (t *LineTable) slice(pc uint64) *LineTable {
+	data, pc, line := t.parse(pc, -1)
+	return &LineTable{Data: data, PC: pc, Line: line}
+}
+
+// PCToLine returns the line number for the given program counter.
+// Callers should use Table's PCToLine method instead.
+func (t *LineTable) PCToLine(pc uint64) int {
+	if t.isGo12() {
+		return t.go12PCToLine(pc)
+	}
+	_, _, line := t.parse(pc, -1)
+	return line
+}
+
+// LineToPC returns the program counter for the given line number,
+// considering only program counters before maxpc.
+// Callers should use Table's LineToPC method instead.
+func (t *LineTable) LineToPC(line int, maxpc uint64) uint64 {
+	if t.isGo12() {
+		return 0
+	}
+	_, pc, line1 := t.parse(maxpc, line)
+	if line1 != line {
+		return 0
+	}
+	// Subtract quantum from PC to account for post-line increment
+	return pc - oldQuantum
+}
+
+// NewLineTable returns a new PC/line table
+// corresponding to the encoded data.
+// Text must be the start address of the
+// corresponding text segment.
+func NewLineTable(data []byte, text uint64) *LineTable {
+	return &LineTable{Data: data, PC: text, Line: 0}
+}
+
+// Go 1.2 symbol table format.
+// See golang.org/s/go12symtab.
+//
+// A general note about the methods here: rather than try to avoid
+// index out of bounds errors, we trust Go to detect them, and then
+// we recover from the panics and treat them as indicative of a malformed
+// or incomplete table.
+//
+// The methods called by symtab.go, which begin with "go12" prefixes,
+// are expected to have that recovery logic.
+
+// isGo12 reports whether this is a Go 1.2 (or later) symbol table.
+func (t *LineTable) isGo12() bool {
+	t.go12Init()
+	return t.go12 == 1
+}
+
+const go12magic = 0xfffffffb
+
+// uintptr returns the pointer-sized value encoded at b.
+// The pointer size is dictated by the table being read.
+func (t *LineTable) uintptr(b []byte) uint64 {
+	if t.ptrsize == 4 {
+		return uint64(t.binary.Uint32(b))
+	}
+	return t.binary.Uint64(b)
+}
+
+// go12init initializes the Go 1.2 metadata if t is a Go 1.2 symbol table.
+func (t *LineTable) go12Init() {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	if t.go12 != 0 {
+		return
+	}
+
+	defer func() {
+		// If we panic parsing, assume it's not a Go 1.2 symbol table.
+		recover()
+	}()
+
+	// Check header: 4-byte magic, two zeros, pc quantum, pointer size.
+	t.go12 = -1 // not Go 1.2 until proven otherwise
+	if len(t.Data) < 16 || t.Data[4] != 0 || t.Data[5] != 0 ||
+		(t.Data[6] != 1 && t.Data[6] != 4) || // pc quantum
+		(t.Data[7] != 4 && t.Data[7] != 8) { // pointer size
+		return
+	}
+
+	switch uint32(go12magic) {
+	case binary.LittleEndian.Uint32(t.Data):
+		t.binary = binary.LittleEndian
+	case binary.BigEndian.Uint32(t.Data):
+		t.binary = binary.BigEndian
+	default:
+		return
+	}
+
+	t.quantum = uint32(t.Data[6])
+	t.ptrsize = uint32(t.Data[7])
+
+	t.nfunctab = uint32(t.uintptr(t.Data[8:]))
+	t.functab = t.Data[8+t.ptrsize:]
+	functabsize := t.nfunctab*2*t.ptrsize + t.ptrsize
+	fileoff := t.binary.Uint32(t.functab[functabsize:])
+	t.functab = t.functab[:functabsize]
+	t.filetab = t.Data[fileoff:]
+	t.nfiletab = t.binary.Uint32(t.filetab)
+	t.filetab = t.filetab[:t.nfiletab*4]
+
+	t.go12 = 1 // so far so good
+}
+
+// go12Funcs returns a slice of Funcs derived from the Go 1.2 pcln table.
+func (t *LineTable) go12Funcs() []Func {
+	// Assume it is malformed and return nil on error.
+	defer func() {
+		recover()
+	}()
+
+	n := len(t.functab) / int(t.ptrsize) / 2
+	funcs := make([]Func, n)
+	for i := range funcs {
+		f := &funcs[i]
+		f.Entry = uint64(t.uintptr(t.functab[2*i*int(t.ptrsize):]))
+		f.End = uint64(t.uintptr(t.functab[(2*i+2)*int(t.ptrsize):]))
+		info := t.Data[t.uintptr(t.functab[(2*i+1)*int(t.ptrsize):]):]
+		f.LineTable = t
+		f.FrameSize = int(t.binary.Uint32(info[t.ptrsize+2*4:]))
+		f.Sym = &Sym{
+			Value:  f.Entry,
+			Type:   'T',
+			Name:   t.string(t.binary.Uint32(info[t.ptrsize:])),
+			GoType: 0,
+			Func:   f,
+		}
+	}
+	return funcs
+}
+
+// findFunc returns the func corresponding to the given program counter.
+func (t *LineTable) findFunc(pc uint64) []byte {
+	if pc < t.uintptr(t.functab) || pc >= t.uintptr(t.functab[len(t.functab)-int(t.ptrsize):]) {
+		return nil
+	}
+
+	// The function table is a list of 2*nfunctab+1 uintptrs,
+	// alternating program counters and offsets to func structures.
+	f := t.functab
+	nf := t.nfunctab
+	for nf > 0 {
+		m := nf / 2
+		fm := f[2*t.ptrsize*m:]
+		if t.uintptr(fm) <= pc && pc < t.uintptr(fm[2*t.ptrsize:]) {
+			return t.Data[t.uintptr(fm[t.ptrsize:]):]
+		} else if pc < t.uintptr(fm) {
+			nf = m
+		} else {
+			f = f[(m+1)*2*t.ptrsize:]
+			nf -= m + 1
+		}
+	}
+	return nil
+}
+
+// readvarint reads, removes, and returns a varint from *pp.
+func (t *LineTable) readvarint(pp *[]byte) uint32 {
+	var v, shift uint32
+	p := *pp
+	for shift = 0; ; shift += 7 {
+		b := p[0]
+		p = p[1:]
+		v |= (uint32(b) & 0x7F) << shift
+		if b&0x80 == 0 {
+			break
+		}
+	}
+	*pp = p
+	return v
+}
+
+// string returns a Go string found at off.
+func (t *LineTable) string(off uint32) string {
+	for i := off; ; i++ {
+		if t.Data[i] == 0 {
+			return string(t.Data[off:i])
+		}
+	}
+}
+
+// step advances to the next pc, value pair in the encoded table.
+func (t *LineTable) step(p *[]byte, pc *uint64, val *int32, first bool) bool {
+	uvdelta := t.readvarint(p)
+	if uvdelta == 0 && !first {
+		return false
+	}
+	if uvdelta&1 != 0 {
+		uvdelta = ^(uvdelta >> 1)
+	} else {
+		uvdelta >>= 1
+	}
+	vdelta := int32(uvdelta)
+	pcdelta := t.readvarint(p) * t.quantum
+	*pc += uint64(pcdelta)
+	*val += vdelta
+	return true
+}
+
+// pcvalue reports the value associated with the target pc.
+// off is the offset to the beginning of the pc-value table,
+// and entry is the start PC for the corresponding function.
+func (t *LineTable) pcvalue(off uint32, entry, targetpc uint64) int32 {
+	if off == 0 {
+		return -1
+	}
+	p := t.Data[off:]
+
+	val := int32(-1)
+	pc := entry
+	for t.step(&p, &pc, &val, pc == entry) {
+		if targetpc < pc {
+			return val
+		}
+	}
+	return -1
+}
+
+// findFileLine scans one function in the binary looking for a
+// program counter in the given file on the given line.
+// It does so by running the pc-value tables mapping program counter
+// to file number. Since most functions come from a single file, these
+// are usually short and quick to scan. If a file match is found, then the
+// code goes to the expense of looking for a simultaneous line number match.
+func (t *LineTable) findFileLine(entry uint64, filetab, linetab uint32, filenum, line int32) uint64 {
+	if filetab == 0 || linetab == 0 {
+		return 0
+	}
+
+	fp := t.Data[filetab:]
+	fl := t.Data[linetab:]
+	fileVal := int32(-1)
+	filePC := entry
+	lineVal := int32(-1)
+	linePC := entry
+	fileStartPC := filePC
+	for t.step(&fp, &filePC, &fileVal, filePC == entry) {
+		if fileVal == filenum && fileStartPC < filePC {
+			// fileVal is in effect starting at fileStartPC up to
+			// but not including filePC, and it's the file we want.
+			// Run the PC table looking for a matching line number
+			// or until we reach filePC.
+			lineStartPC := linePC
+			for linePC < filePC && t.step(&fl, &linePC, &lineVal, linePC == entry) {
+				// lineVal is in effect until linePC, and lineStartPC < filePC.
+				if lineVal == line {
+					if fileStartPC <= lineStartPC {
+						return lineStartPC
+					}
+					if fileStartPC < linePC {
+						return fileStartPC
+					}
+				}
+				lineStartPC = linePC
+			}
+		}
+		fileStartPC = filePC
+	}
+	return 0
+}
+
+// go12PCToLine maps program counter to line number for the Go 1.2 pcln table.
+func (t *LineTable) go12PCToLine(pc uint64) (line int) {
+	return t.go12PCToVal(pc, t.ptrsize+5*4)
+}
+
+// go12PCToSPAdj maps program counter to Stack Pointer adjustment for the Go 1.2 pcln table.
+func (t *LineTable) go12PCToSPAdj(pc uint64) (spadj int) {
+	return t.go12PCToVal(pc, t.ptrsize+3*4)
+}
+
+func (t *LineTable) go12PCToVal(pc uint64, fOffset uint32) (val int) {
+	defer func() {
+		if recover() != nil {
+			val = -1
+		}
+	}()
+
+	f := t.findFunc(pc)
+	if f == nil {
+		return -1
+	}
+	entry := t.uintptr(f)
+	linetab := t.binary.Uint32(f[fOffset:])
+	return int(t.pcvalue(linetab, entry, pc))
+}
+
+// go12PCToFile maps program counter to file name for the Go 1.2 pcln table.
+func (t *LineTable) go12PCToFile(pc uint64) (file string) {
+	defer func() {
+		if recover() != nil {
+			file = ""
+		}
+	}()
+
+	f := t.findFunc(pc)
+	if f == nil {
+		return ""
+	}
+	entry := t.uintptr(f)
+	filetab := t.binary.Uint32(f[t.ptrsize+4*4:])
+	fno := t.pcvalue(filetab, entry, pc)
+	if fno <= 0 {
+		return ""
+	}
+	return t.string(t.binary.Uint32(t.filetab[4*fno:]))
+}
+
+// go12LineToPC maps a (file, line) pair to a program counter for the Go 1.2 pcln table.
+func (t *LineTable) go12LineToPC(file string, line int) (pc uint64) {
+	defer func() {
+		if recover() != nil {
+			pc = 0
+		}
+	}()
+
+	t.initFileMap()
+	filenum := t.fileMap[file]
+	if filenum == 0 {
+		return 0
+	}
+
+	// Scan all functions.
+	// If this turns out to be a bottleneck, we could build a map[int32][]int32
+	// mapping file number to a list of functions with code from that file.
+	for i := uint32(0); i < t.nfunctab; i++ {
+		f := t.Data[t.uintptr(t.functab[2*t.ptrsize*i+t.ptrsize:]):]
+		entry := t.uintptr(f)
+		filetab := t.binary.Uint32(f[t.ptrsize+4*4:])
+		linetab := t.binary.Uint32(f[t.ptrsize+5*4:])
+		pc := t.findFileLine(entry, filetab, linetab, int32(filenum), int32(line))
+		if pc != 0 {
+			return pc
+		}
+	}
+	return 0
+}
+
+// initFileMap initializes the map from file name to file number.
+func (t *LineTable) initFileMap() {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	if t.fileMap != nil {
+		return
+	}
+	m := make(map[string]uint32)
+
+	for i := uint32(1); i < t.nfiletab; i++ {
+		s := t.string(t.binary.Uint32(t.filetab[4*i:]))
+		m[s] = i
+	}
+	t.fileMap = m
+}
+
+// go12MapFiles adds to m a key for every file in the Go 1.2 LineTable.
+// Every key maps to obj. That's not a very interesting map, but it provides
+// a way for callers to obtain the list of files in the program.
+func (t *LineTable) go12MapFiles(m map[string]*Obj, obj *Obj) {
+	defer func() {
+		recover()
+	}()
+
+	t.initFileMap()
+	for file := range t.fileMap {
+		m[file] = obj
+	}
+}
diff --git a/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/symtab.go b/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/symtab.go
new file mode 100644
index 0000000000000..2c83b841cf8ce
--- /dev/null
+++ b/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/symtab.go
@@ -0,0 +1,731 @@
+// Copyright 2018 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package gosym implements access to the Go symbol
+// and line number tables embedded in Go binaries generated
+// by the gc compilers.
+package gosym
+
+// The table format is a variant of the format used in Plan 9's a.out
+// format, documented at http://plan9.bell-labs.com/magic/man2html/6/a.out.
+// The best reference for the differences between the Plan 9 format
+// and the Go format is the runtime source, specifically ../../runtime/symtab.c.
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+/*
+ * Symbols
+ */
+
+// A Sym represents a single symbol table entry.
+type Sym struct {
+	Value  uint64
+	Type   byte
+	Name   string
+	GoType uint64
+	// If this symbol if a function symbol, the corresponding Func
+	Func *Func
+}
+
+// Static reports whether this symbol is static (not visible outside its file).
+func (s *Sym) Static() bool { return s.Type >= 'a' }
+
+// PackageName returns the package part of the symbol name,
+// or the empty string if there is none.
+func (s *Sym) PackageName() string {
+	if i := strings.Index(s.Name, "."); i != -1 {
+		return s.Name[0:i]
+	}
+	return ""
+}
+
+// ReceiverName returns the receiver type name of this symbol,
+// or the empty string if there is none.
+func (s *Sym) ReceiverName() string {
+	l := strings.Index(s.Name, ".")
+	r := strings.LastIndex(s.Name, ".")
+	if l == -1 || r == -1 || l == r {
+		return ""
+	}
+	return s.Name[l+1 : r]
+}
+
+// BaseName returns the symbol name without the package or receiver name.
+func (s *Sym) BaseName() string {
+	if i := strings.LastIndex(s.Name, "."); i != -1 {
+		return s.Name[i+1:]
+	}
+	return s.Name
+}
+
+// A Func collects information about a single function.
+type Func struct {
+	Entry uint64
+	*Sym
+	End       uint64
+	Params    []*Sym
+	Locals    []*Sym
+	FrameSize int
+	LineTable *LineTable
+	Obj       *Obj
+}
+
+// An Obj represents a collection of functions in a symbol table.
+//
+// The exact method of division of a binary into separate Objs is an internal detail
+// of the symbol table format.
+//
+// In early versions of Go each source file became a different Obj.
+//
+// In Go 1 and Go 1.1, each package produced one Obj for all Go sources
+// and one Obj per C source file.
+//
+// In Go 1.2, there is a single Obj for the entire program.
+type Obj struct {
+	// Funcs is a list of functions in the Obj.
+	Funcs []Func
+
+	// In Go 1.1 and earlier, Paths is a list of symbols corresponding
+	// to the source file names that produced the Obj.
+	// In Go 1.2, Paths is nil.
+	// Use the keys of Table.Files to obtain a list of source files.
+	Paths []Sym // meta
+}
+
+/*
+ * Symbol tables
+ */
+
+// Table represents a Go symbol table.  It stores all of the
+// symbols decoded from the program and provides methods to translate
+// between symbols, names, and addresses.
+type Table struct {
+	Syms  []Sym
+	Funcs []Func
+	Files map[string]*Obj // nil for Go 1.2 and later binaries
+	Objs  []Obj           // nil for Go 1.2 and later binaries
+
+	go12line *LineTable // Go 1.2 line number table
+}
+
+type sym struct {
+	value  uint64
+	gotype uint64
+	typ    byte
+	name   []byte
+}
+
+var (
+	littleEndianSymtab    = []byte{0xFD, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00}
+	bigEndianSymtab       = []byte{0xFF, 0xFF, 0xFF, 0xFD, 0x00, 0x00, 0x00}
+	oldLittleEndianSymtab = []byte{0xFE, 0xFF, 0xFF, 0xFF, 0x00, 0x00}
+)
+
+func walksymtab(data []byte, fn func(sym) error) error {
+	if len(data) == 0 { // missing symtab is okay
+		return nil
+	}
+	var order binary.ByteOrder = binary.BigEndian
+	newTable := false
+	switch {
+	case bytes.HasPrefix(data, oldLittleEndianSymtab):
+		// Same as Go 1.0, but little endian.
+		// Format was used during interim development between Go 1.0 and Go 1.1.
+		// Should not be widespread, but easy to support.
+		data = data[6:]
+		order = binary.LittleEndian
+	case bytes.HasPrefix(data, bigEndianSymtab):
+		newTable = true
+	case bytes.HasPrefix(data, littleEndianSymtab):
+		newTable = true
+		order = binary.LittleEndian
+	}
+	var ptrsz int
+	if newTable {
+		if len(data) < 8 {
+			return &DecodingError{len(data), "unexpected EOF", nil}
+		}
+		ptrsz = int(data[7])
+		if ptrsz != 4 && ptrsz != 8 {
+			return &DecodingError{7, "invalid pointer size", ptrsz}
+		}
+		data = data[8:]
+	}
+	var s sym
+	p := data
+	for len(p) >= 4 {
+		var typ byte
+		if newTable {
+			// Symbol type, value, Go type.
+			typ = p[0] & 0x3F
+			wideValue := p[0]&0x40 != 0
+			goType := p[0]&0x80 != 0
+			if typ < 26 {
+				typ += 'A'
+			} else {
+				typ += 'a' - 26
+			}
+			s.typ = typ
+			p = p[1:]
+			if wideValue {
+				if len(p) < ptrsz {
+					return &DecodingError{len(data), "unexpected EOF", nil}
+				}
+				// fixed-width value
+				if ptrsz == 8 {
+					s.value = order.Uint64(p[0:8])
+					p = p[8:]
+				} else {
+					s.value = uint64(order.Uint32(p[0:4]))
+					p = p[4:]
+				}
+			} else {
+				// varint value
+				s.value = 0
+				shift := uint(0)
+				for len(p) > 0 && p[0]&0x80 != 0 {
+					s.value |= uint64(p[0]&0x7F) << shift
+					shift += 7
+					p = p[1:]
+				}
+				if len(p) == 0 {
+					return &DecodingError{len(data), "unexpected EOF", nil}
+				}
+				s.value |= uint64(p[0]) << shift
+				p = p[1:]
+			}
+			if goType {
+				if len(p) < ptrsz {
+					return &DecodingError{len(data), "unexpected EOF", nil}
+				}
+				// fixed-width go type
+				if ptrsz == 8 {
+					s.gotype = order.Uint64(p[0:8])
+					p = p[8:]
+				} else {
+					s.gotype = uint64(order.Uint32(p[0:4]))
+					p = p[4:]
+				}
+			}
+		} else {
+			// Value, symbol type.
+			s.value = uint64(order.Uint32(p[0:4]))
+			if len(p) < 5 {
+				return &DecodingError{len(data), "unexpected EOF", nil}
+			}
+			typ = p[4]
+			if typ&0x80 == 0 {
+				return &DecodingError{len(data) - len(p) + 4, "bad symbol type", typ}
+			}
+			typ &^= 0x80
+			s.typ = typ
+			p = p[5:]
+		}
+
+		// Name.
+		var i int
+		var nnul int
+		for i = 0; i < len(p); i++ {
+			if p[i] == 0 {
+				nnul = 1
+				break
+			}
+		}
+		switch typ {
+		case 'z', 'Z':
+			p = p[i+nnul:]
+			for i = 0; i+2 <= len(p); i += 2 {
+				if p[i] == 0 && p[i+1] == 0 {
+					nnul = 2
+					break
+				}
+			}
+		}
+		if len(p) < i+nnul {
+			return &DecodingError{len(data), "unexpected EOF", nil}
+		}
+		s.name = p[0:i]
+		i += nnul
+		p = p[i:]
+
+		if !newTable {
+			if len(p) < 4 {
+				return &DecodingError{len(data), "unexpected EOF", nil}
+			}
+			// Go type.
+			s.gotype = uint64(order.Uint32(p[:4]))
+			p = p[4:]
+		}
+		fn(s)
+	}
+	return nil
+}
+
+// NewTable decodes the Go symbol table in data,
+// returning an in-memory representation.
+func NewTable(symtab []byte, pcln *LineTable) (*Table, error) {
+	var n int
+	err := walksymtab(symtab, func(s sym) error {
+		n++
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var t Table
+	if pcln.isGo12() {
+		t.go12line = pcln
+	}
+	fname := make(map[uint16]string)
+	t.Syms = make([]Sym, 0, n)
+	nf := 0
+	nz := 0
+	lasttyp := uint8(0)
+	err = walksymtab(symtab, func(s sym) error {
+		n := len(t.Syms)
+		t.Syms = t.Syms[0 : n+1]
+		ts := &t.Syms[n]
+		ts.Type = s.typ
+		ts.Value = uint64(s.value)
+		ts.GoType = uint64(s.gotype)
+		switch s.typ {
+		default:
+			// rewrite name to use . instead of · (c2 b7)
+			w := 0
+			b := s.name
+			for i := 0; i < len(b); i++ {
+				if b[i] == 0xc2 && i+1 < len(b) && b[i+1] == 0xb7 {
+					i++
+					b[i] = '.'
+				}
+				b[w] = b[i]
+				w++
+			}
+			ts.Name = string(s.name[0:w])
+		case 'z', 'Z':
+			if lasttyp != 'z' && lasttyp != 'Z' {
+				nz++
+			}
+			for i := 0; i < len(s.name); i += 2 {
+				eltIdx := binary.BigEndian.Uint16(s.name[i : i+2])
+				elt, ok := fname[eltIdx]
+				if !ok {
+					return &DecodingError{-1, "bad filename code", eltIdx}
+				}
+				if n := len(ts.Name); n > 0 && ts.Name[n-1] != '/' {
+					ts.Name += "/"
+				}
+				ts.Name += elt
+			}
+		}
+		switch s.typ {
+		case 'T', 't', 'L', 'l':
+			nf++
+		case 'f':
+			fname[uint16(s.value)] = ts.Name
+		}
+		lasttyp = s.typ
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	t.Funcs = make([]Func, 0, nf)
+	t.Files = make(map[string]*Obj)
+
+	var obj *Obj
+	if t.go12line != nil {
+		// Put all functions into one Obj.
+		t.Objs = make([]Obj, 1)
+		obj = &t.Objs[0]
+		t.go12line.go12MapFiles(t.Files, obj)
+	} else {
+		t.Objs = make([]Obj, 0, nz)
+	}
+
+	// Count text symbols and attach frame sizes, parameters, and
+	// locals to them.  Also, find object file boundaries.
+	lastf := 0
+	for i := 0; i < len(t.Syms); i++ {
+		sym := &t.Syms[i]
+		switch sym.Type {
+		case 'Z', 'z': // path symbol
+			if t.go12line != nil {
+				// Go 1.2 binaries have the file information elsewhere. Ignore.
+				break
+			}
+			// Finish the current object
+			if obj != nil {
+				obj.Funcs = t.Funcs[lastf:]
+			}
+			lastf = len(t.Funcs)
+
+			// Start new object
+			n := len(t.Objs)
+			t.Objs = t.Objs[0 : n+1]
+			obj = &t.Objs[n]
+
+			// Count & copy path symbols
+			var end int
+			for end = i + 1; end < len(t.Syms); end++ {
+				if c := t.Syms[end].Type; c != 'Z' && c != 'z' {
+					break
+				}
+			}
+			obj.Paths = t.Syms[i:end]
+			i = end - 1 // loop will i++
+
+			// Record file names
+			depth := 0
+			for j := range obj.Paths {
+				s := &obj.Paths[j]
+				if s.Name == "" {
+					depth--
+				} else {
+					if depth == 0 {
+						t.Files[s.Name] = obj
+					}
+					depth++
+				}
+			}
+
+		case 'T', 't', 'L', 'l': // text symbol
+			if n := len(t.Funcs); n > 0 {
+				t.Funcs[n-1].End = sym.Value
+			}
+			if sym.Name == "etext" {
+				continue
+			}
+
+			// Count parameter and local (auto) syms
+			var np, na int
+			var end int
+		countloop:
+			for end = i + 1; end < len(t.Syms); end++ {
+				switch t.Syms[end].Type {
+				case 'T', 't', 'L', 'l', 'Z', 'z':
+					break countloop
+				case 'p':
+					np++
+				case 'a':
+					na++
+				}
+			}
+
+			// Fill in the function symbol
+			n := len(t.Funcs)
+			t.Funcs = t.Funcs[0 : n+1]
+			fn := &t.Funcs[n]
+			sym.Func = fn
+			fn.Params = make([]*Sym, 0, np)
+			fn.Locals = make([]*Sym, 0, na)
+			fn.Sym = sym
+			fn.Entry = sym.Value
+			fn.Obj = obj
+			if t.go12line != nil {
+				// All functions share the same line table.
+				// It knows how to narrow down to a specific
+				// function quickly.
+				fn.LineTable = t.go12line
+			} else if pcln != nil {
+				fn.LineTable = pcln.slice(fn.Entry)
+				pcln = fn.LineTable
+			}
+			for j := i; j < end; j++ {
+				s := &t.Syms[j]
+				switch s.Type {
+				case 'm':
+					fn.FrameSize = int(s.Value)
+				case 'p':
+					n := len(fn.Params)
+					fn.Params = fn.Params[0 : n+1]
+					fn.Params[n] = s
+				case 'a':
+					n := len(fn.Locals)
+					fn.Locals = fn.Locals[0 : n+1]
+					fn.Locals[n] = s
+				}
+			}
+			i = end - 1 // loop will i++
+		}
+	}
+
+	if t.go12line != nil && nf == 0 {
+		t.Funcs = t.go12line.go12Funcs()
+	}
+	if obj != nil {
+		obj.Funcs = t.Funcs[lastf:]
+	}
+	return &t, nil
+}
+
+// PCToFunc returns the function containing the program counter pc,
+// or nil if there is no such function.
+func (t *Table) PCToFunc(pc uint64) *Func {
+	funcs := t.Funcs
+	for len(funcs) > 0 {
+		m := len(funcs) / 2
+		fn := &funcs[m]
+		switch {
+		case pc < fn.Entry:
+			funcs = funcs[0:m]
+		case fn.Entry <= pc && pc < fn.End:
+			return fn
+		default:
+			funcs = funcs[m+1:]
+		}
+	}
+	return nil
+}
+
+// PCToLine looks up line number information for a program counter.
+// If there is no information, it returns fn == nil.
+func (t *Table) PCToLine(pc uint64) (file string, line int, fn *Func) {
+	if fn = t.PCToFunc(pc); fn == nil {
+		return
+	}
+	if t.go12line != nil {
+		file = t.go12line.go12PCToFile(pc)
+		line = t.go12line.go12PCToLine(pc)
+	} else {
+		file, line = fn.Obj.lineFromAline(fn.LineTable.PCToLine(pc))
+	}
+	return
+}
+
+// PCToSPAdj returns the stack pointer adjustment for a program counter.
+func (t *Table) PCToSPAdj(pc uint64) (spadj int) {
+	if fn := t.PCToFunc(pc); fn == nil {
+		return 0
+	}
+	if t.go12line != nil {
+		return t.go12line.go12PCToSPAdj(pc)
+	}
+	return 0
+}
+
+// LineToPC looks up the first program counter on the given line in
+// the named file.  It returns UnknownPathError or UnknownLineError if
+// there is an error looking up this line.
+func (t *Table) LineToPC(file string, line int) (pc uint64, fn *Func, err error) {
+	obj, ok := t.Files[file]
+	if !ok {
+		return 0, nil, UnknownFileError(file)
+	}
+
+	if t.go12line != nil {
+		pc := t.go12line.go12LineToPC(file, line)
+		if pc == 0 {
+			return 0, nil, &UnknownLineError{file, line}
+		}
+		return pc, t.PCToFunc(pc), nil
+	}
+
+	abs, err := obj.alineFromLine(file, line)
+	if err != nil {
+		return
+	}
+	for i := range obj.Funcs {
+		f := &obj.Funcs[i]
+		pc := f.LineTable.LineToPC(abs, f.End)
+		if pc != 0 {
+			return pc, f, nil
+		}
+	}
+	return 0, nil, &UnknownLineError{file, line}
+}
+
+// LookupSym returns the text, data, or bss symbol with the given name,
+// or nil if no such symbol is found.
+func (t *Table) LookupSym(name string) *Sym {
+	// TODO(austin) Maybe make a map
+	for i := range t.Syms {
+		s := &t.Syms[i]
+		switch s.Type {
+		case 'T', 't', 'L', 'l', 'D', 'd', 'B', 'b':
+			if s.Name == name {
+				return s
+			}
+		}
+	}
+	return nil
+}
+
+// LookupFunc returns the text, data, or bss symbol with the given name,
+// or nil if no such symbol is found.
+func (t *Table) LookupFunc(name string) *Func {
+	for i := range t.Funcs {
+		f := &t.Funcs[i]
+		if f.Sym.Name == name {
+			return f
+		}
+	}
+	return nil
+}
+
+// SymByAddr returns the text, data, or bss symbol starting at the given address.
+func (t *Table) SymByAddr(addr uint64) *Sym {
+	for i := range t.Syms {
+		s := &t.Syms[i]
+		switch s.Type {
+		case 'T', 't', 'L', 'l', 'D', 'd', 'B', 'b':
+			if s.Value == addr {
+				return s
+			}
+		}
+	}
+	return nil
+}
+
+/*
+ * Object files
+ */
+
+// This is legacy code for Go 1.1 and earlier, which used the
+// Plan 9 format for pc-line tables. This code was never quite
+// correct. It's probably very close, and it's usually correct, but
+// we never quite found all the corner cases.
+//
+// Go 1.2 and later use a simpler format, documented at golang.org/s/go12symtab.
+
+func (o *Obj) lineFromAline(aline int) (string, int) {
+	type stackEnt struct {
+		path   string
+		start  int
+		offset int
+		prev   *stackEnt
+	}
+
+	noPath := &stackEnt{"", 0, 0, nil}
+	tos := noPath
+
+pathloop:
+	for _, s := range o.Paths {
+		val := int(s.Value)
+		switch {
+		case val > aline:
+			break pathloop
+
+		case val == 1:
+			// Start a new stack
+			tos = &stackEnt{s.Name, val, 0, noPath}
+
+		case s.Name == "":
+			// Pop
+			if tos == noPath {
+				return "<malformed symbol table>", 0
+			}
+			tos.prev.offset += val - tos.start
+			tos = tos.prev
+
+		default:
+			// Push
+			tos = &stackEnt{s.Name, val, 0, tos}
+		}
+	}
+
+	if tos == noPath {
+		return "", 0
+	}
+	return tos.path, aline - tos.start - tos.offset + 1
+}
+
+func (o *Obj) alineFromLine(path string, line int) (int, error) {
+	if line < 1 {
+		return 0, &UnknownLineError{path, line}
+	}
+
+	for i, s := range o.Paths {
+		// Find this path
+		if s.Name != path {
+			continue
+		}
+
+		// Find this line at this stack level
+		depth := 0
+		var incstart int
+		line += int(s.Value)
+	pathloop:
+		for _, s := range o.Paths[i:] {
+			val := int(s.Value)
+			switch {
+			case depth == 1 && val >= line:
+				return line - 1, nil
+
+			case s.Name == "":
+				depth--
+				if depth == 0 {
+					break pathloop
+				} else if depth == 1 {
+					line += val - incstart
+				}
+
+			default:
+				if depth == 1 {
+					incstart = val
+				}
+				depth++
+			}
+		}
+		return 0, &UnknownLineError{path, line}
+	}
+	return 0, UnknownFileError(path)
+}
+
+/*
+ * Errors
+ */
+
+// UnknownFileError represents a failure to find the specific file in
+// the symbol table.
+type UnknownFileError string
+
+func (e UnknownFileError) Error() string { return "unknown file: " + string(e) }
+
+// UnknownLineError represents a failure to map a line to a program
+// counter, either because the line is beyond the bounds of the file
+// or because there is no code on the given line.
+type UnknownLineError struct {
+	File string
+	Line int
+}
+
+func (e *UnknownLineError) Error() string {
+	return "no code at " + e.File + ":" + strconv.Itoa(e.Line)
+}
+
+// DecodingError represents an error during the decoding of
+// the symbol table.
+type DecodingError struct {
+	off int
+	msg string
+	val interface{}
+}
+
+func (e *DecodingError) Error() string {
+	msg := e.msg
+	if e.val != nil {
+		msg += fmt.Sprintf(" '%v'", e.val)
+	}
+	msg += fmt.Sprintf(" at byte %#x", e.off)
+	return msg
+}
diff --git a/vendor/cloud.google.com/go/compute/metadata/metadata.go b/vendor/cloud.google.com/go/compute/metadata/metadata.go
index e708c031b9586..125b7033c96b9 100644
--- a/vendor/cloud.google.com/go/compute/metadata/metadata.go
+++ b/vendor/cloud.google.com/go/compute/metadata/metadata.go
@@ -1,4 +1,4 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
+// Copyright 2014 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
 package metadata // import "cloud.google.com/go/compute/metadata"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -31,9 +32,6 @@ import (
 	"strings"
 	"sync"
 	"time"
-
-	"golang.org/x/net/context"
-	"golang.org/x/net/context/ctxhttp"
 )
 
 const (
@@ -64,7 +62,7 @@ var (
 )
 
 var (
-	metaClient = &http.Client{
+	defaultClient = &Client{hc: &http.Client{
 		Transport: &http.Transport{
 			Dial: (&net.Dialer{
 				Timeout:   2 * time.Second,
@@ -72,15 +70,15 @@ var (
 			}).Dial,
 			ResponseHeaderTimeout: 2 * time.Second,
 		},
-	}
-	subscribeClient = &http.Client{
+	}}
+	subscribeClient = &Client{hc: &http.Client{
 		Transport: &http.Transport{
 			Dial: (&net.Dialer{
 				Timeout:   2 * time.Second,
 				KeepAlive: 30 * time.Second,
 			}).Dial,
 		},
-	}
+	}}
 )
 
 // NotDefinedError is returned when requested metadata is not defined.
@@ -95,74 +93,16 @@ func (suffix NotDefinedError) Error() string {
 	return fmt.Sprintf("metadata: GCE metadata %q not defined", string(suffix))
 }
 
-// Get returns a value from the metadata service.
-// The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
-//
-// If the GCE_METADATA_HOST environment variable is not defined, a default of
-// 169.254.169.254 will be used instead.
-//
-// If the requested metadata is not defined, the returned error will
-// be of type NotDefinedError.
-func Get(suffix string) (string, error) {
-	val, _, err := getETag(metaClient, suffix)
-	return val, err
-}
-
-// getETag returns a value from the metadata service as well as the associated
-// ETag using the provided client. This func is otherwise equivalent to Get.
-func getETag(client *http.Client, suffix string) (value, etag string, err error) {
-	// Using a fixed IP makes it very difficult to spoof the metadata service in
-	// a container, which is an important use-case for local testing of cloud
-	// deployments. To enable spoofing of the metadata service, the environment
-	// variable GCE_METADATA_HOST is first inspected to decide where metadata
-	// requests shall go.
-	host := os.Getenv(metadataHostEnv)
-	if host == "" {
-		// Using 169.254.169.254 instead of "metadata" here because Go
-		// binaries built with the "netgo" tag and without cgo won't
-		// know the search suffix for "metadata" is
-		// ".google.internal", and this IP address is documented as
-		// being stable anyway.
-		host = metadataIP
-	}
-	url := "http://" + host + "/computeMetadata/v1/" + suffix
-	req, _ := http.NewRequest("GET", url, nil)
-	req.Header.Set("Metadata-Flavor", "Google")
-	req.Header.Set("User-Agent", userAgent)
-	res, err := client.Do(req)
-	if err != nil {
-		return "", "", err
-	}
-	defer res.Body.Close()
-	if res.StatusCode == http.StatusNotFound {
-		return "", "", NotDefinedError(suffix)
-	}
-	if res.StatusCode != 200 {
-		return "", "", fmt.Errorf("status code %d trying to fetch %s", res.StatusCode, url)
-	}
-	all, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return "", "", err
-	}
-	return string(all), res.Header.Get("Etag"), nil
-}
-
-func getTrimmed(suffix string) (s string, err error) {
-	s, err = Get(suffix)
-	s = strings.TrimSpace(s)
-	return
-}
-
-func (c *cachedValue) get() (v string, err error) {
+func (c *cachedValue) get(cl *Client) (v string, err error) {
 	defer c.mu.Unlock()
 	c.mu.Lock()
 	if c.v != "" {
 		return c.v, nil
 	}
 	if c.trim {
-		v, err = getTrimmed(c.k)
+		v, err = cl.getTrimmed(c.k)
 	} else {
-		v, err = Get(c.k)
+		v, err = cl.Get(c.k)
 	}
 	if err == nil {
 		c.v = v
@@ -197,11 +137,11 @@ func testOnGCE() bool {
 	resc := make(chan bool, 2)
 
 	// Try two strategies in parallel.
-	// See https://github.com/GoogleCloudPlatform/google-cloud-go/issues/194
+	// See https://github.com/googleapis/google-cloud-go/issues/194
 	go func() {
 		req, _ := http.NewRequest("GET", "http://"+metadataIP, nil)
 		req.Header.Set("User-Agent", userAgent)
-		res, err := ctxhttp.Do(ctx, metaClient, req)
+		res, err := defaultClient.hc.Do(req.WithContext(ctx))
 		if err != nil {
 			resc <- false
 			return
@@ -266,78 +206,183 @@ func systemInfoSuggestsGCE() bool {
 	return name == "Google" || name == "Google Compute Engine"
 }
 
-// Subscribe subscribes to a value from the metadata service.
-// The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
-// The suffix may contain query parameters.
-//
-// Subscribe calls fn with the latest metadata value indicated by the provided
-// suffix. If the metadata value is deleted, fn is called with the empty string
-// and ok false. Subscribe blocks until fn returns a non-nil error or the value
-// is deleted. Subscribe returns the error value returned from the last call to
-// fn, which may be nil when ok == false.
+// Subscribe calls Client.Subscribe on a client designed for subscribing (one with no
+// ResponseHeaderTimeout).
 func Subscribe(suffix string, fn func(v string, ok bool) error) error {
-	const failedSubscribeSleep = time.Second * 5
+	return subscribeClient.Subscribe(suffix, fn)
+}
 
-	// First check to see if the metadata value exists at all.
-	val, lastETag, err := getETag(subscribeClient, suffix)
-	if err != nil {
-		return err
-	}
+// Get calls Client.Get on the default client.
+func Get(suffix string) (string, error) { return defaultClient.Get(suffix) }
 
-	if err := fn(val, true); err != nil {
-		return err
+// ProjectID returns the current instance's project ID string.
+func ProjectID() (string, error) { return defaultClient.ProjectID() }
+
+// NumericProjectID returns the current instance's numeric project ID.
+func NumericProjectID() (string, error) { return defaultClient.NumericProjectID() }
+
+// InternalIP returns the instance's primary internal IP address.
+func InternalIP() (string, error) { return defaultClient.InternalIP() }
+
+// ExternalIP returns the instance's primary external (public) IP address.
+func ExternalIP() (string, error) { return defaultClient.ExternalIP() }
+
+// Hostname returns the instance's hostname. This will be of the form
+// "<instanceID>.c.<projID>.internal".
+func Hostname() (string, error) { return defaultClient.Hostname() }
+
+// InstanceTags returns the list of user-defined instance tags,
+// assigned when initially creating a GCE instance.
+func InstanceTags() ([]string, error) { return defaultClient.InstanceTags() }
+
+// InstanceID returns the current VM's numeric instance ID.
+func InstanceID() (string, error) { return defaultClient.InstanceID() }
+
+// InstanceName returns the current VM's instance ID string.
+func InstanceName() (string, error) { return defaultClient.InstanceName() }
+
+// Zone returns the current VM's zone, such as "us-central1-b".
+func Zone() (string, error) { return defaultClient.Zone() }
+
+// InstanceAttributes calls Client.InstanceAttributes on the default client.
+func InstanceAttributes() ([]string, error) { return defaultClient.InstanceAttributes() }
+
+// ProjectAttributes calls Client.ProjectAttributes on the default client.
+func ProjectAttributes() ([]string, error) { return defaultClient.ProjectAttributes() }
+
+// InstanceAttributeValue calls Client.InstanceAttributeValue on the default client.
+func InstanceAttributeValue(attr string) (string, error) {
+	return defaultClient.InstanceAttributeValue(attr)
+}
+
+// ProjectAttributeValue calls Client.ProjectAttributeValue on the default client.
+func ProjectAttributeValue(attr string) (string, error) {
+	return defaultClient.ProjectAttributeValue(attr)
+}
+
+// Scopes calls Client.Scopes on the default client.
+func Scopes(serviceAccount string) ([]string, error) { return defaultClient.Scopes(serviceAccount) }
+
+func strsContains(ss []string, s string) bool {
+	for _, v := range ss {
+		if v == s {
+			return true
+		}
 	}
+	return false
+}
 
-	ok := true
-	if strings.ContainsRune(suffix, '?') {
-		suffix += "&wait_for_change=true&last_etag="
-	} else {
-		suffix += "?wait_for_change=true&last_etag="
+// A Client provides metadata.
+type Client struct {
+	hc *http.Client
+}
+
+// NewClient returns a Client that can be used to fetch metadata. All HTTP requests
+// will use the given http.Client instead of the default client.
+func NewClient(c *http.Client) *Client {
+	return &Client{hc: c}
+}
+
+// getETag returns a value from the metadata service as well as the associated ETag.
+// This func is otherwise equivalent to Get.
+func (c *Client) getETag(suffix string) (value, etag string, err error) {
+	// Using a fixed IP makes it very difficult to spoof the metadata service in
+	// a container, which is an important use-case for local testing of cloud
+	// deployments. To enable spoofing of the metadata service, the environment
+	// variable GCE_METADATA_HOST is first inspected to decide where metadata
+	// requests shall go.
+	host := os.Getenv(metadataHostEnv)
+	if host == "" {
+		// Using 169.254.169.254 instead of "metadata" here because Go
+		// binaries built with the "netgo" tag and without cgo won't
+		// know the search suffix for "metadata" is
+		// ".google.internal", and this IP address is documented as
+		// being stable anyway.
+		host = metadataIP
 	}
-	for {
-		val, etag, err := getETag(subscribeClient, suffix+url.QueryEscape(lastETag))
-		if err != nil {
-			if _, deleted := err.(NotDefinedError); !deleted {
-				time.Sleep(failedSubscribeSleep)
-				continue // Retry on other errors.
-			}
-			ok = false
-		}
-		lastETag = etag
+	u := "http://" + host + "/computeMetadata/v1/" + suffix
+	req, _ := http.NewRequest("GET", u, nil)
+	req.Header.Set("Metadata-Flavor", "Google")
+	req.Header.Set("User-Agent", userAgent)
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return "", "", err
+	}
+	defer res.Body.Close()
+	if res.StatusCode == http.StatusNotFound {
+		return "", "", NotDefinedError(suffix)
+	}
+	all, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return "", "", err
+	}
+	if res.StatusCode != 200 {
+		return "", "", &Error{Code: res.StatusCode, Message: string(all)}
+	}
+	return string(all), res.Header.Get("Etag"), nil
+}
 
-		if err := fn(val, ok); err != nil || !ok {
-			return err
-		}
+// Get returns a value from the metadata service.
+// The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
+//
+// If the GCE_METADATA_HOST environment variable is not defined, a default of
+// 169.254.169.254 will be used instead.
+//
+// If the requested metadata is not defined, the returned error will
+// be of type NotDefinedError.
+func (c *Client) Get(suffix string) (string, error) {
+	val, _, err := c.getETag(suffix)
+	return val, err
+}
+
+func (c *Client) getTrimmed(suffix string) (s string, err error) {
+	s, err = c.Get(suffix)
+	s = strings.TrimSpace(s)
+	return
+}
+
+func (c *Client) lines(suffix string) ([]string, error) {
+	j, err := c.Get(suffix)
+	if err != nil {
+		return nil, err
 	}
+	s := strings.Split(strings.TrimSpace(j), "\n")
+	for i := range s {
+		s[i] = strings.TrimSpace(s[i])
+	}
+	return s, nil
 }
 
 // ProjectID returns the current instance's project ID string.
-func ProjectID() (string, error) { return projID.get() }
+func (c *Client) ProjectID() (string, error) { return projID.get(c) }
 
 // NumericProjectID returns the current instance's numeric project ID.
-func NumericProjectID() (string, error) { return projNum.get() }
+func (c *Client) NumericProjectID() (string, error) { return projNum.get(c) }
+
+// InstanceID returns the current VM's numeric instance ID.
+func (c *Client) InstanceID() (string, error) { return instID.get(c) }
 
 // InternalIP returns the instance's primary internal IP address.
-func InternalIP() (string, error) {
-	return getTrimmed("instance/network-interfaces/0/ip")
+func (c *Client) InternalIP() (string, error) {
+	return c.getTrimmed("instance/network-interfaces/0/ip")
 }
 
 // ExternalIP returns the instance's primary external (public) IP address.
-func ExternalIP() (string, error) {
-	return getTrimmed("instance/network-interfaces/0/access-configs/0/external-ip")
+func (c *Client) ExternalIP() (string, error) {
+	return c.getTrimmed("instance/network-interfaces/0/access-configs/0/external-ip")
 }
 
 // Hostname returns the instance's hostname. This will be of the form
 // "<instanceID>.c.<projID>.internal".
-func Hostname() (string, error) {
-	return getTrimmed("instance/hostname")
+func (c *Client) Hostname() (string, error) {
+	return c.getTrimmed("instance/hostname")
 }
 
 // InstanceTags returns the list of user-defined instance tags,
 // assigned when initially creating a GCE instance.
-func InstanceTags() ([]string, error) {
+func (c *Client) InstanceTags() ([]string, error) {
 	var s []string
-	j, err := Get("instance/tags")
+	j, err := c.Get("instance/tags")
 	if err != nil {
 		return nil, err
 	}
@@ -347,14 +392,9 @@ func InstanceTags() ([]string, error) {
 	return s, nil
 }
 
-// InstanceID returns the current VM's numeric instance ID.
-func InstanceID() (string, error) {
-	return instID.get()
-}
-
 // InstanceName returns the current VM's instance ID string.
-func InstanceName() (string, error) {
-	host, err := Hostname()
+func (c *Client) InstanceName() (string, error) {
+	host, err := c.Hostname()
 	if err != nil {
 		return "", err
 	}
@@ -362,8 +402,8 @@ func InstanceName() (string, error) {
 }
 
 // Zone returns the current VM's zone, such as "us-central1-b".
-func Zone() (string, error) {
-	zone, err := getTrimmed("instance/zone")
+func (c *Client) Zone() (string, error) {
+	zone, err := c.getTrimmed("instance/zone")
 	// zone is of the form "projects/<projNum>/zones/<zoneName>".
 	if err != nil {
 		return "", err
@@ -374,24 +414,12 @@ func Zone() (string, error) {
 // InstanceAttributes returns the list of user-defined attributes,
 // assigned when initially creating a GCE VM instance. The value of an
 // attribute can be obtained with InstanceAttributeValue.
-func InstanceAttributes() ([]string, error) { return lines("instance/attributes/") }
+func (c *Client) InstanceAttributes() ([]string, error) { return c.lines("instance/attributes/") }
 
 // ProjectAttributes returns the list of user-defined attributes
 // applying to the project as a whole, not just this VM.  The value of
 // an attribute can be obtained with ProjectAttributeValue.
-func ProjectAttributes() ([]string, error) { return lines("project/attributes/") }
-
-func lines(suffix string) ([]string, error) {
-	j, err := Get(suffix)
-	if err != nil {
-		return nil, err
-	}
-	s := strings.Split(strings.TrimSpace(j), "\n")
-	for i := range s {
-		s[i] = strings.TrimSpace(s[i])
-	}
-	return s, nil
-}
+func (c *Client) ProjectAttributes() ([]string, error) { return c.lines("project/attributes/") }
 
 // InstanceAttributeValue returns the value of the provided VM
 // instance attribute.
@@ -401,8 +429,8 @@ func lines(suffix string) ([]string, error) {
 //
 // InstanceAttributeValue may return ("", nil) if the attribute was
 // defined to be the empty string.
-func InstanceAttributeValue(attr string) (string, error) {
-	return Get("instance/attributes/" + attr)
+func (c *Client) InstanceAttributeValue(attr string) (string, error) {
+	return c.Get("instance/attributes/" + attr)
 }
 
 // ProjectAttributeValue returns the value of the provided
@@ -413,25 +441,73 @@ func InstanceAttributeValue(attr string) (string, error) {
 //
 // ProjectAttributeValue may return ("", nil) if the attribute was
 // defined to be the empty string.
-func ProjectAttributeValue(attr string) (string, error) {
-	return Get("project/attributes/" + attr)
+func (c *Client) ProjectAttributeValue(attr string) (string, error) {
+	return c.Get("project/attributes/" + attr)
 }
 
 // Scopes returns the service account scopes for the given account.
 // The account may be empty or the string "default" to use the instance's
 // main account.
-func Scopes(serviceAccount string) ([]string, error) {
+func (c *Client) Scopes(serviceAccount string) ([]string, error) {
 	if serviceAccount == "" {
 		serviceAccount = "default"
 	}
-	return lines("instance/service-accounts/" + serviceAccount + "/scopes")
+	return c.lines("instance/service-accounts/" + serviceAccount + "/scopes")
 }
 
-func strsContains(ss []string, s string) bool {
-	for _, v := range ss {
-		if v == s {
-			return true
+// Subscribe subscribes to a value from the metadata service.
+// The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
+// The suffix may contain query parameters.
+//
+// Subscribe calls fn with the latest metadata value indicated by the provided
+// suffix. If the metadata value is deleted, fn is called with the empty string
+// and ok false. Subscribe blocks until fn returns a non-nil error or the value
+// is deleted. Subscribe returns the error value returned from the last call to
+// fn, which may be nil when ok == false.
+func (c *Client) Subscribe(suffix string, fn func(v string, ok bool) error) error {
+	const failedSubscribeSleep = time.Second * 5
+
+	// First check to see if the metadata value exists at all.
+	val, lastETag, err := c.getETag(suffix)
+	if err != nil {
+		return err
+	}
+
+	if err := fn(val, true); err != nil {
+		return err
+	}
+
+	ok := true
+	if strings.ContainsRune(suffix, '?') {
+		suffix += "&wait_for_change=true&last_etag="
+	} else {
+		suffix += "?wait_for_change=true&last_etag="
+	}
+	for {
+		val, etag, err := c.getETag(suffix + url.QueryEscape(lastETag))
+		if err != nil {
+			if _, deleted := err.(NotDefinedError); !deleted {
+				time.Sleep(failedSubscribeSleep)
+				continue // Retry on other errors.
+			}
+			ok = false
+		}
+		lastETag = etag
+
+		if err := fn(val, ok); err != nil || !ok {
+			return err
 		}
 	}
-	return false
+}
+
+// Error contains an error response from the server.
+type Error struct {
+	// Code is the HTTP response status code.
+	Code int
+	// Message is the server response message.
+	Message string
+}
+
+func (e *Error) Error() string {
+	return fmt.Sprintf("compute: Received %d `%s`", e.Code, e.Message)
 }
diff --git a/vendor/cloud.google.com/go/go.mod b/vendor/cloud.google.com/go/go.mod
new file mode 100644
index 0000000000000..e3d7d7e62391d
--- /dev/null
+++ b/vendor/cloud.google.com/go/go.mod
@@ -0,0 +1,29 @@
+module cloud.google.com/go
+
+go 1.9
+
+require (
+	cloud.google.com/go/datastore v1.0.0
+	github.com/golang/mock v1.3.1
+	github.com/golang/protobuf v1.3.2
+	github.com/google/btree v1.0.0
+	github.com/google/go-cmp v0.3.0
+	github.com/google/martian v2.1.0+incompatible
+	github.com/google/pprof v0.0.0-20190515194954-54271f7e092f
+	github.com/googleapis/gax-go/v2 v2.0.5
+	github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024
+	go.opencensus.io v0.22.0
+	golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522
+	golang.org/x/lint v0.0.0-20190409202823-959b441ac422
+	golang.org/x/net v0.0.0-20190620200207-3b0461eec859
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+	golang.org/x/sync v0.0.0-20190423024810-112230192c58
+	golang.org/x/text v0.3.2
+	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
+	golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0
+	google.golang.org/api v0.8.0
+	google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64
+	google.golang.org/grpc v1.21.1
+	honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a
+	rsc.io/binaryregexp v0.2.0
+)
diff --git a/vendor/cloud.google.com/go/internal/version/version.go b/vendor/cloud.google.com/go/internal/version/version.go
index f5c23a564c604..d291921b18f92 100644
--- a/vendor/cloud.google.com/go/internal/version/version.go
+++ b/vendor/cloud.google.com/go/internal/version/version.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -26,7 +26,7 @@ import (
 
 // Repo is the current version of the client libraries in this
 // repo. It should be a date in YYYYMMDD format.
-const Repo = "20180226"
+const Repo = "20190802"
 
 // Go returns the Go runtime version. The returned string
 // has no whitespace.
@@ -67,5 +67,5 @@ func goVer(s string) string {
 }
 
 func notSemverRune(r rune) bool {
-	return strings.IndexRune("0123456789.", r) < 0
+	return !strings.ContainsRune("0123456789.", r)
 }
diff --git a/vendor/cloud.google.com/go/logging/README.md b/vendor/cloud.google.com/go/logging/README.md
new file mode 100644
index 0000000000000..06050110e4eed
--- /dev/null
+++ b/vendor/cloud.google.com/go/logging/README.md
@@ -0,0 +1,35 @@
+## Stackdriver Logging [![GoDoc](https://godoc.org/cloud.google.com/go/logging?status.svg)](https://godoc.org/cloud.google.com/go/logging)
+
+- [About Stackdriver Logging](https://cloud.google.com/logging/)
+- [API documentation](https://cloud.google.com/logging/docs)
+- [Go client documentation](https://godoc.org/cloud.google.com/go/logging)
+- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/logging)
+
+### Example Usage
+
+First create a `logging.Client` to use throughout your application:
+[snip]:# (logging-1)
+```go
+ctx := context.Background()
+client, err := logging.NewClient(ctx, "my-project")
+if err != nil {
+	// TODO: Handle error.
+}
+```
+
+Usually, you'll want to add log entries to a buffer to be periodically flushed
+(automatically and asynchronously) to the Stackdriver Logging service.
+[snip]:# (logging-2)
+```go
+logger := client.Logger("my-log")
+logger.Log(logging.Entry{Payload: "something happened!"})
+```
+
+Close your client before your program exits, to flush any buffered log entries.
+[snip]:# (logging-3)
+```go
+err = client.Close()
+if err != nil {
+	// TODO: Handle error.
+}
+```
\ No newline at end of file
diff --git a/vendor/cloud.google.com/go/logging/apiv2/config_client.go b/vendor/cloud.google.com/go/logging/apiv2/config_client.go
index bad7a3a4834e4..747158714fd2b 100644
--- a/vendor/cloud.google.com/go/logging/apiv2/config_client.go
+++ b/vendor/cloud.google.com/go/logging/apiv2/config_client.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC
+// Copyright 2019 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,17 +12,19 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// AUTO-GENERATED CODE. DO NOT EDIT.
+// Code generated by gapic-generator. DO NOT EDIT.
 
 package logging
 
 import (
+	"context"
+	"fmt"
 	"math"
+	"net/url"
 	"time"
 
-	"cloud.google.com/go/internal/version"
-	gax "github.com/googleapis/gax-go"
-	"golang.org/x/net/context"
+	"github.com/golang/protobuf/proto"
+	gax "github.com/googleapis/gax-go/v2"
 	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
 	"google.golang.org/api/transport"
@@ -63,8 +65,8 @@ func defaultConfigCallOptions() *ConfigCallOptions {
 					codes.Unavailable,
 				}, gax.Backoff{
 					Initial:    100 * time.Millisecond,
-					Max:        1000 * time.Millisecond,
-					Multiplier: 1.2,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.3,
 				})
 			}),
 		},
@@ -73,7 +75,7 @@ func defaultConfigCallOptions() *ConfigCallOptions {
 		ListSinks:       retry[[2]string{"default", "idempotent"}],
 		GetSink:         retry[[2]string{"default", "idempotent"}],
 		CreateSink:      retry[[2]string{"default", "non_idempotent"}],
-		UpdateSink:      retry[[2]string{"default", "non_idempotent"}],
+		UpdateSink:      retry[[2]string{"default", "idempotent"}],
 		DeleteSink:      retry[[2]string{"default", "idempotent"}],
 		ListExclusions:  retry[[2]string{"default", "idempotent"}],
 		GetExclusion:    retry[[2]string{"default", "idempotent"}],
@@ -84,6 +86,8 @@ func defaultConfigCallOptions() *ConfigCallOptions {
 }
 
 // ConfigClient is a client for interacting with Stackdriver Logging API.
+//
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
 type ConfigClient struct {
 	// The connection to the service.
 	conn *grpc.ClientConn
@@ -100,8 +104,8 @@ type ConfigClient struct {
 
 // NewConfigClient creates a new config service v2 client.
 //
-// Service for configuring sinks used to export log entries outside of
-// Stackdriver Logging.
+// Service for configuring sinks used to export log entries out of
+// Logging.
 func NewConfigClient(ctx context.Context, opts ...option.ClientOption) (*ConfigClient, error) {
 	conn, err := transport.DialGRPC(ctx, append(defaultConfigClientOptions(), opts...)...)
 	if err != nil {
@@ -132,16 +136,18 @@ func (c *ConfigClient) Close() error {
 // the `x-goog-api-client` header passed on each request. Intended for
 // use by Google-written clients.
 func (c *ConfigClient) SetGoogleClientInfo(keyval ...string) {
-	kv := append([]string{"gl-go", version.Go()}, keyval...)
-	kv = append(kv, "gapic", version.Repo, "gax", gax.Version, "grpc", grpc.Version)
+	kv := append([]string{"gl-go", versionGo()}, keyval...)
+	kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version)
 	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
 }
 
 // ListSinks lists sinks.
 func (c *ConfigClient) ListSinks(ctx context.Context, req *loggingpb.ListSinksRequest, opts ...gax.CallOption) *LogSinkIterator {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.ListSinks[0:len(c.CallOptions.ListSinks):len(c.CallOptions.ListSinks)], opts...)
 	it := &LogSinkIterator{}
+	req = proto.Clone(req).(*loggingpb.ListSinksRequest)
 	it.InternalFetch = func(pageSize int, pageToken string) ([]*loggingpb.LogSink, string, error) {
 		var resp *loggingpb.ListSinksResponse
 		req.PageToken = pageToken
@@ -169,12 +175,15 @@ func (c *ConfigClient) ListSinks(ctx context.Context, req *loggingpb.ListSinksRe
 		return nextPageToken, nil
 	}
 	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.PageSize)
+	it.pageInfo.Token = req.PageToken
 	return it
 }
 
 // GetSink gets a sink.
 func (c *ConfigClient) GetSink(ctx context.Context, req *loggingpb.GetSinkRequest, opts ...gax.CallOption) (*loggingpb.LogSink, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "sink_name", url.QueryEscape(req.GetSinkName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.GetSink[0:len(c.CallOptions.GetSink):len(c.CallOptions.GetSink)], opts...)
 	var resp *loggingpb.LogSink
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -193,7 +202,8 @@ func (c *ConfigClient) GetSink(ctx context.Context, req *loggingpb.GetSinkReques
 // writer_identity is not permitted to write to the destination.  A sink can
 // export log entries only from the resource owning the sink.
 func (c *ConfigClient) CreateSink(ctx context.Context, req *loggingpb.CreateSinkRequest, opts ...gax.CallOption) (*loggingpb.LogSink, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.CreateSink[0:len(c.CallOptions.CreateSink):len(c.CallOptions.CreateSink)], opts...)
 	var resp *loggingpb.LogSink
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -212,7 +222,8 @@ func (c *ConfigClient) CreateSink(ctx context.Context, req *loggingpb.CreateSink
 // The updated sink might also have a new writer_identity; see the
 // unique_writer_identity field.
 func (c *ConfigClient) UpdateSink(ctx context.Context, req *loggingpb.UpdateSinkRequest, opts ...gax.CallOption) (*loggingpb.LogSink, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "sink_name", url.QueryEscape(req.GetSinkName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.UpdateSink[0:len(c.CallOptions.UpdateSink):len(c.CallOptions.UpdateSink)], opts...)
 	var resp *loggingpb.LogSink
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -229,7 +240,8 @@ func (c *ConfigClient) UpdateSink(ctx context.Context, req *loggingpb.UpdateSink
 // DeleteSink deletes a sink. If the sink has a unique writer_identity, then that
 // service account is also deleted.
 func (c *ConfigClient) DeleteSink(ctx context.Context, req *loggingpb.DeleteSinkRequest, opts ...gax.CallOption) error {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "sink_name", url.QueryEscape(req.GetSinkName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.DeleteSink[0:len(c.CallOptions.DeleteSink):len(c.CallOptions.DeleteSink)], opts...)
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 		var err error
@@ -241,9 +253,11 @@ func (c *ConfigClient) DeleteSink(ctx context.Context, req *loggingpb.DeleteSink
 
 // ListExclusions lists all the exclusions in a parent resource.
 func (c *ConfigClient) ListExclusions(ctx context.Context, req *loggingpb.ListExclusionsRequest, opts ...gax.CallOption) *LogExclusionIterator {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.ListExclusions[0:len(c.CallOptions.ListExclusions):len(c.CallOptions.ListExclusions)], opts...)
 	it := &LogExclusionIterator{}
+	req = proto.Clone(req).(*loggingpb.ListExclusionsRequest)
 	it.InternalFetch = func(pageSize int, pageToken string) ([]*loggingpb.LogExclusion, string, error) {
 		var resp *loggingpb.ListExclusionsResponse
 		req.PageToken = pageToken
@@ -271,12 +285,15 @@ func (c *ConfigClient) ListExclusions(ctx context.Context, req *loggingpb.ListEx
 		return nextPageToken, nil
 	}
 	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.PageSize)
+	it.pageInfo.Token = req.PageToken
 	return it
 }
 
 // GetExclusion gets the description of an exclusion.
 func (c *ConfigClient) GetExclusion(ctx context.Context, req *loggingpb.GetExclusionRequest, opts ...gax.CallOption) (*loggingpb.LogExclusion, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.GetExclusion[0:len(c.CallOptions.GetExclusion):len(c.CallOptions.GetExclusion)], opts...)
 	var resp *loggingpb.LogExclusion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -294,7 +311,8 @@ func (c *ConfigClient) GetExclusion(ctx context.Context, req *loggingpb.GetExclu
 // Only log entries belonging to that resource can be excluded.
 // You can have up to 10 exclusions in a resource.
 func (c *ConfigClient) CreateExclusion(ctx context.Context, req *loggingpb.CreateExclusionRequest, opts ...gax.CallOption) (*loggingpb.LogExclusion, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.CreateExclusion[0:len(c.CallOptions.CreateExclusion):len(c.CallOptions.CreateExclusion)], opts...)
 	var resp *loggingpb.LogExclusion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -310,7 +328,8 @@ func (c *ConfigClient) CreateExclusion(ctx context.Context, req *loggingpb.Creat
 
 // UpdateExclusion changes one or more properties of an existing exclusion.
 func (c *ConfigClient) UpdateExclusion(ctx context.Context, req *loggingpb.UpdateExclusionRequest, opts ...gax.CallOption) (*loggingpb.LogExclusion, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.UpdateExclusion[0:len(c.CallOptions.UpdateExclusion):len(c.CallOptions.UpdateExclusion)], opts...)
 	var resp *loggingpb.LogExclusion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -326,7 +345,8 @@ func (c *ConfigClient) UpdateExclusion(ctx context.Context, req *loggingpb.Updat
 
 // DeleteExclusion deletes an exclusion.
 func (c *ConfigClient) DeleteExclusion(ctx context.Context, req *loggingpb.DeleteExclusionRequest, opts ...gax.CallOption) error {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.DeleteExclusion[0:len(c.CallOptions.DeleteExclusion):len(c.CallOptions.DeleteExclusion)], opts...)
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 		var err error
diff --git a/vendor/cloud.google.com/go/logging/apiv2/doc.go b/vendor/cloud.google.com/go/logging/apiv2/doc.go
index b8087b020f0a3..cd6d8f7421ec4 100644
--- a/vendor/cloud.google.com/go/logging/apiv2/doc.go
+++ b/vendor/cloud.google.com/go/logging/apiv2/doc.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC
+// Copyright 2019 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,20 +12,35 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// AUTO-GENERATED CODE. DO NOT EDIT.
+// Code generated by gapic-generator. DO NOT EDIT.
 
 // Package logging is an auto-generated package for the
 // Stackdriver Logging API.
 //
 //   NOTE: This package is in alpha. It is not stable, and is likely to change.
 //
-// Writes log entries and manages your Stackdriver Logging configuration.
+// Writes log entries and manages your Logging configuration.
+//
+// Use of Context
+//
+// The ctx passed to NewClient is used for authentication requests and
+// for creating the underlying connection, but is not used for subsequent calls.
+// Individual methods on the client use the ctx given to them.
+//
+// To close the open connection, use the Close() method.
+//
+// For information about setting deadlines, reusing contexts, and more
+// please visit godoc.org/cloud.google.com/go.
 //
 // Use the client at cloud.google.com/go/logging in preference to this.
 package logging // import "cloud.google.com/go/logging/apiv2"
 
 import (
-	"golang.org/x/net/context"
+	"context"
+	"runtime"
+	"strings"
+	"unicode"
+
 	"google.golang.org/grpc/metadata"
 )
 
@@ -50,3 +65,42 @@ func DefaultAuthScopes() []string {
 		"https://www.googleapis.com/auth/logging.write",
 	}
 }
+
+// versionGo returns the Go runtime version. The returned string
+// has no whitespace, suitable for reporting in header.
+func versionGo() string {
+	const develPrefix = "devel +"
+
+	s := runtime.Version()
+	if strings.HasPrefix(s, develPrefix) {
+		s = s[len(develPrefix):]
+		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+			s = s[:p]
+		}
+		return s
+	}
+
+	notSemverRune := func(r rune) bool {
+		return strings.IndexRune("0123456789.", r) < 0
+	}
+
+	if strings.HasPrefix(s, "go1") {
+		s = s[2:]
+		var prerelease string
+		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
+			s, prerelease = s[:p], s[p:]
+		}
+		if strings.HasSuffix(s, ".") {
+			s += "0"
+		} else if strings.Count(s, ".") < 2 {
+			s += ".0"
+		}
+		if prerelease != "" {
+			s += "-" + prerelease
+		}
+		return s
+	}
+	return "UNKNOWN"
+}
+
+const versionClient = "20190801"
diff --git a/vendor/cloud.google.com/go/logging/apiv2/logging_client.go b/vendor/cloud.google.com/go/logging/apiv2/logging_client.go
index 90dae0ab4a1c6..f39bdce45759f 100644
--- a/vendor/cloud.google.com/go/logging/apiv2/logging_client.go
+++ b/vendor/cloud.google.com/go/logging/apiv2/logging_client.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC
+// Copyright 2019 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,17 +12,19 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// AUTO-GENERATED CODE. DO NOT EDIT.
+// Code generated by gapic-generator. DO NOT EDIT.
 
 package logging
 
 import (
+	"context"
+	"fmt"
 	"math"
+	"net/url"
 	"time"
 
-	"cloud.google.com/go/internal/version"
-	gax "github.com/googleapis/gax-go"
-	"golang.org/x/net/context"
+	"github.com/golang/protobuf/proto"
+	gax "github.com/googleapis/gax-go/v2"
 	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
 	"google.golang.org/api/transport"
@@ -59,35 +61,24 @@ func defaultCallOptions() *CallOptions {
 					codes.Unavailable,
 				}, gax.Backoff{
 					Initial:    100 * time.Millisecond,
-					Max:        1000 * time.Millisecond,
-					Multiplier: 1.2,
-				})
-			}),
-		},
-		{"list", "idempotent"}: {
-			gax.WithRetry(func() gax.Retryer {
-				return gax.OnCodes([]codes.Code{
-					codes.DeadlineExceeded,
-					codes.Internal,
-					codes.Unavailable,
-				}, gax.Backoff{
-					Initial:    100 * time.Millisecond,
-					Max:        1000 * time.Millisecond,
-					Multiplier: 1.2,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.3,
 				})
 			}),
 		},
 	}
 	return &CallOptions{
 		DeleteLog:                        retry[[2]string{"default", "idempotent"}],
-		WriteLogEntries:                  retry[[2]string{"default", "non_idempotent"}],
-		ListLogEntries:                   retry[[2]string{"list", "idempotent"}],
+		WriteLogEntries:                  retry[[2]string{"default", "idempotent"}],
+		ListLogEntries:                   retry[[2]string{"default", "idempotent"}],
 		ListMonitoredResourceDescriptors: retry[[2]string{"default", "idempotent"}],
-		ListLogs: retry[[2]string{"default", "idempotent"}],
+		ListLogs:                         retry[[2]string{"default", "idempotent"}],
 	}
 }
 
 // Client is a client for interacting with Stackdriver Logging API.
+//
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
 type Client struct {
 	// The connection to the service.
 	conn *grpc.ClientConn
@@ -135,8 +126,8 @@ func (c *Client) Close() error {
 // the `x-goog-api-client` header passed on each request. Intended for
 // use by Google-written clients.
 func (c *Client) SetGoogleClientInfo(keyval ...string) {
-	kv := append([]string{"gl-go", version.Go()}, keyval...)
-	kv = append(kv, "gapic", version.Repo, "gax", gax.Version, "grpc", grpc.Version)
+	kv := append([]string{"gl-go", versionGo()}, keyval...)
+	kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version)
 	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
 }
 
@@ -145,7 +136,8 @@ func (c *Client) SetGoogleClientInfo(keyval ...string) {
 // Log entries written shortly before the delete operation might not be
 // deleted.
 func (c *Client) DeleteLog(ctx context.Context, req *loggingpb.DeleteLogRequest, opts ...gax.CallOption) error {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "log_name", url.QueryEscape(req.GetLogName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.DeleteLog[0:len(c.CallOptions.DeleteLog):len(c.CallOptions.DeleteLog)], opts...)
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 		var err error
@@ -155,13 +147,13 @@ func (c *Client) DeleteLog(ctx context.Context, req *loggingpb.DeleteLogRequest,
 	return err
 }
 
-// WriteLogEntries ## Log entry resources
-//
-// Writes log entries to Stackdriver Logging. This API method is the
-// only way to send log entries to Stackdriver Logging. This method
-// is used, directly or indirectly, by the Stackdriver Logging agent
-// (fluentd) and all logging libraries configured to use Stackdriver
-// Logging.
+// WriteLogEntries writes log entries to Logging. This API method is the
+// only way to send log entries to Logging. This method
+// is used, directly or indirectly, by the Logging agent
+// (fluentd) and all logging libraries configured to use Logging.
+// A single request may contain log entries for a maximum of 1000
+// different resources (projects, organizations, billing accounts or
+// folders)
 func (c *Client) WriteLogEntries(ctx context.Context, req *loggingpb.WriteLogEntriesRequest, opts ...gax.CallOption) (*loggingpb.WriteLogEntriesResponse, error) {
 	ctx = insertMetadata(ctx, c.xGoogMetadata)
 	opts = append(c.CallOptions.WriteLogEntries[0:len(c.CallOptions.WriteLogEntries):len(c.CallOptions.WriteLogEntries)], opts...)
@@ -178,12 +170,13 @@ func (c *Client) WriteLogEntries(ctx context.Context, req *loggingpb.WriteLogEnt
 }
 
 // ListLogEntries lists log entries.  Use this method to retrieve log entries from
-// Stackdriver Logging.  For ways to export log entries, see
+// Logging.  For ways to export log entries, see
 // Exporting Logs (at /logging/docs/export).
 func (c *Client) ListLogEntries(ctx context.Context, req *loggingpb.ListLogEntriesRequest, opts ...gax.CallOption) *LogEntryIterator {
 	ctx = insertMetadata(ctx, c.xGoogMetadata)
 	opts = append(c.CallOptions.ListLogEntries[0:len(c.CallOptions.ListLogEntries):len(c.CallOptions.ListLogEntries)], opts...)
 	it := &LogEntryIterator{}
+	req = proto.Clone(req).(*loggingpb.ListLogEntriesRequest)
 	it.InternalFetch = func(pageSize int, pageToken string) ([]*loggingpb.LogEntry, string, error) {
 		var resp *loggingpb.ListLogEntriesResponse
 		req.PageToken = pageToken
@@ -211,15 +204,17 @@ func (c *Client) ListLogEntries(ctx context.Context, req *loggingpb.ListLogEntri
 		return nextPageToken, nil
 	}
 	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.PageSize)
+	it.pageInfo.Token = req.PageToken
 	return it
 }
 
-// ListMonitoredResourceDescriptors lists the descriptors for monitored resource types used by Stackdriver
-// Logging.
+// ListMonitoredResourceDescriptors lists the descriptors for monitored resource types used by Logging.
 func (c *Client) ListMonitoredResourceDescriptors(ctx context.Context, req *loggingpb.ListMonitoredResourceDescriptorsRequest, opts ...gax.CallOption) *MonitoredResourceDescriptorIterator {
 	ctx = insertMetadata(ctx, c.xGoogMetadata)
 	opts = append(c.CallOptions.ListMonitoredResourceDescriptors[0:len(c.CallOptions.ListMonitoredResourceDescriptors):len(c.CallOptions.ListMonitoredResourceDescriptors)], opts...)
 	it := &MonitoredResourceDescriptorIterator{}
+	req = proto.Clone(req).(*loggingpb.ListMonitoredResourceDescriptorsRequest)
 	it.InternalFetch = func(pageSize int, pageToken string) ([]*monitoredrespb.MonitoredResourceDescriptor, string, error) {
 		var resp *loggingpb.ListMonitoredResourceDescriptorsResponse
 		req.PageToken = pageToken
@@ -247,15 +242,19 @@ func (c *Client) ListMonitoredResourceDescriptors(ctx context.Context, req *logg
 		return nextPageToken, nil
 	}
 	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.PageSize)
+	it.pageInfo.Token = req.PageToken
 	return it
 }
 
 // ListLogs lists the logs in projects, organizations, folders, or billing accounts.
 // Only logs that have entries are listed.
 func (c *Client) ListLogs(ctx context.Context, req *loggingpb.ListLogsRequest, opts ...gax.CallOption) *StringIterator {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.ListLogs[0:len(c.CallOptions.ListLogs):len(c.CallOptions.ListLogs)], opts...)
 	it := &StringIterator{}
+	req = proto.Clone(req).(*loggingpb.ListLogsRequest)
 	it.InternalFetch = func(pageSize int, pageToken string) ([]string, string, error) {
 		var resp *loggingpb.ListLogsResponse
 		req.PageToken = pageToken
@@ -283,6 +282,8 @@ func (c *Client) ListLogs(ctx context.Context, req *loggingpb.ListLogsRequest, o
 		return nextPageToken, nil
 	}
 	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.PageSize)
+	it.pageInfo.Token = req.PageToken
 	return it
 }
 
diff --git a/vendor/cloud.google.com/go/logging/apiv2/metrics_client.go b/vendor/cloud.google.com/go/logging/apiv2/metrics_client.go
index e2f96612b3dab..3b70ab741f51f 100644
--- a/vendor/cloud.google.com/go/logging/apiv2/metrics_client.go
+++ b/vendor/cloud.google.com/go/logging/apiv2/metrics_client.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC
+// Copyright 2019 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,17 +12,19 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// AUTO-GENERATED CODE. DO NOT EDIT.
+// Code generated by gapic-generator. DO NOT EDIT.
 
 package logging
 
 import (
+	"context"
+	"fmt"
 	"math"
+	"net/url"
 	"time"
 
-	"cloud.google.com/go/internal/version"
-	gax "github.com/googleapis/gax-go"
-	"golang.org/x/net/context"
+	"github.com/golang/protobuf/proto"
+	gax "github.com/googleapis/gax-go/v2"
 	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
 	"google.golang.org/api/transport"
@@ -58,8 +60,8 @@ func defaultMetricsCallOptions() *MetricsCallOptions {
 					codes.Unavailable,
 				}, gax.Backoff{
 					Initial:    100 * time.Millisecond,
-					Max:        1000 * time.Millisecond,
-					Multiplier: 1.2,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.3,
 				})
 			}),
 		},
@@ -68,12 +70,14 @@ func defaultMetricsCallOptions() *MetricsCallOptions {
 		ListLogMetrics:  retry[[2]string{"default", "idempotent"}],
 		GetLogMetric:    retry[[2]string{"default", "idempotent"}],
 		CreateLogMetric: retry[[2]string{"default", "non_idempotent"}],
-		UpdateLogMetric: retry[[2]string{"default", "non_idempotent"}],
+		UpdateLogMetric: retry[[2]string{"default", "idempotent"}],
 		DeleteLogMetric: retry[[2]string{"default", "idempotent"}],
 	}
 }
 
 // MetricsClient is a client for interacting with Stackdriver Logging API.
+//
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
 type MetricsClient struct {
 	// The connection to the service.
 	conn *grpc.ClientConn
@@ -121,16 +125,18 @@ func (c *MetricsClient) Close() error {
 // the `x-goog-api-client` header passed on each request. Intended for
 // use by Google-written clients.
 func (c *MetricsClient) SetGoogleClientInfo(keyval ...string) {
-	kv := append([]string{"gl-go", version.Go()}, keyval...)
-	kv = append(kv, "gapic", version.Repo, "gax", gax.Version, "grpc", grpc.Version)
+	kv := append([]string{"gl-go", versionGo()}, keyval...)
+	kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version)
 	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
 }
 
 // ListLogMetrics lists logs-based metrics.
 func (c *MetricsClient) ListLogMetrics(ctx context.Context, req *loggingpb.ListLogMetricsRequest, opts ...gax.CallOption) *LogMetricIterator {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.ListLogMetrics[0:len(c.CallOptions.ListLogMetrics):len(c.CallOptions.ListLogMetrics)], opts...)
 	it := &LogMetricIterator{}
+	req = proto.Clone(req).(*loggingpb.ListLogMetricsRequest)
 	it.InternalFetch = func(pageSize int, pageToken string) ([]*loggingpb.LogMetric, string, error) {
 		var resp *loggingpb.ListLogMetricsResponse
 		req.PageToken = pageToken
@@ -158,12 +164,15 @@ func (c *MetricsClient) ListLogMetrics(ctx context.Context, req *loggingpb.ListL
 		return nextPageToken, nil
 	}
 	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.PageSize)
+	it.pageInfo.Token = req.PageToken
 	return it
 }
 
 // GetLogMetric gets a logs-based metric.
 func (c *MetricsClient) GetLogMetric(ctx context.Context, req *loggingpb.GetLogMetricRequest, opts ...gax.CallOption) (*loggingpb.LogMetric, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "metric_name", url.QueryEscape(req.GetMetricName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.GetLogMetric[0:len(c.CallOptions.GetLogMetric):len(c.CallOptions.GetLogMetric)], opts...)
 	var resp *loggingpb.LogMetric
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -179,7 +188,8 @@ func (c *MetricsClient) GetLogMetric(ctx context.Context, req *loggingpb.GetLogM
 
 // CreateLogMetric creates a logs-based metric.
 func (c *MetricsClient) CreateLogMetric(ctx context.Context, req *loggingpb.CreateLogMetricRequest, opts ...gax.CallOption) (*loggingpb.LogMetric, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.CreateLogMetric[0:len(c.CallOptions.CreateLogMetric):len(c.CallOptions.CreateLogMetric)], opts...)
 	var resp *loggingpb.LogMetric
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -195,7 +205,8 @@ func (c *MetricsClient) CreateLogMetric(ctx context.Context, req *loggingpb.Crea
 
 // UpdateLogMetric creates or updates a logs-based metric.
 func (c *MetricsClient) UpdateLogMetric(ctx context.Context, req *loggingpb.UpdateLogMetricRequest, opts ...gax.CallOption) (*loggingpb.LogMetric, error) {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "metric_name", url.QueryEscape(req.GetMetricName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.UpdateLogMetric[0:len(c.CallOptions.UpdateLogMetric):len(c.CallOptions.UpdateLogMetric)], opts...)
 	var resp *loggingpb.LogMetric
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -211,7 +222,8 @@ func (c *MetricsClient) UpdateLogMetric(ctx context.Context, req *loggingpb.Upda
 
 // DeleteLogMetric deletes a logs-based metric.
 func (c *MetricsClient) DeleteLogMetric(ctx context.Context, req *loggingpb.DeleteLogMetricRequest, opts ...gax.CallOption) error {
-	ctx = insertMetadata(ctx, c.xGoogMetadata)
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "metric_name", url.QueryEscape(req.GetMetricName())))
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
 	opts = append(c.CallOptions.DeleteLogMetric[0:len(c.CallOptions.DeleteLogMetric):len(c.CallOptions.DeleteLogMetric)], opts...)
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 		var err error
diff --git a/vendor/cloud.google.com/go/logging/doc.go b/vendor/cloud.google.com/go/logging/doc.go
index d5f425e557cd5..2a2a4ce478404 100644
--- a/vendor/cloud.google.com/go/logging/doc.go
+++ b/vendor/cloud.google.com/go/logging/doc.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -21,9 +21,6 @@ This client uses Logging API v2.
 See https://cloud.google.com/logging/docs/api/v2/ for an introduction to the API.
 
 
-Note: This package is in beta.  Some backwards-incompatible changes may occur.
-
-
 Creating a Client
 
 Use a Client to interact with the Stackdriver Logging API.
@@ -65,7 +62,10 @@ For critical errors, you may want to send your log entries immediately.
 LogSync is slow and will block until the log entry has been sent, so it is
 not recommended for normal use.
 
-	lg.LogSync(ctx, logging.Entry{Payload: "ALERT! Something critical happened!"})
+	err = lg.LogSync(ctx, logging.Entry{Payload: "ALERT! Something critical happened!"})
+	if err != nil {
+		// TODO: Handle error.
+	}
 
 
 Payloads
@@ -85,11 +85,11 @@ If you have a []byte of JSON, wrap it in json.RawMessage:
 	lg.Log(logging.Entry{Payload: json.RawMessage(j)})
 
 
-The Standard Logger Interface
+The Standard Logger
 
 You may want use a standard log.Logger in your program.
 
-	// stdlg implements log.Logger
+	// stdlg is an instance of *log.Logger.
 	stdlg := lg.StandardLogger(logging.Info)
 	stdlg.Println("some info")
 
@@ -113,5 +113,22 @@ running from a Google Cloud Platform VM, select "GCE VM Instance". Otherwise, se
 accounts can be viewed on the command line with the "gcloud logging read" command.
 
 
+Grouping Logs by Request
+
+To group all the log entries written during a single HTTP request, create two
+Loggers, a "parent" and a "child," with different log IDs. Both should be in the same
+project, and have the same MonitoredResouce type and labels.
+
+- Parent entries must have HTTPRequest.Request populated. (Strictly speaking, only the URL is necessary.)
+
+- A child entry's timestamp must be within the time interval covered by the parent request (i.e., older
+than parent.Timestamp, and newer than parent.Timestamp - parent.HTTPRequest.Latency, assuming the
+parent timestamp marks the end of the request.
+
+- The trace field must be populated in all of the entries and match exactly.
+
+You should observe the child log entries grouped under the parent on the console. The
+parent entry will not inherit the severity of its children; you must update the
+parent severity yourself.
 */
 package logging // import "cloud.google.com/go/logging"
diff --git a/vendor/cloud.google.com/go/logging/go.mod b/vendor/cloud.google.com/go/logging/go.mod
new file mode 100644
index 0000000000000..8739fdf496f10
--- /dev/null
+++ b/vendor/cloud.google.com/go/logging/go.mod
@@ -0,0 +1,15 @@
+module cloud.google.com/go/logging
+
+go 1.9
+
+require (
+	cloud.google.com/go v0.43.0
+	github.com/golang/protobuf v1.3.1
+	github.com/google/go-cmp v0.3.0
+	github.com/googleapis/gax-go/v2 v2.0.5
+	go.opencensus.io v0.22.0
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+	google.golang.org/api v0.7.0
+	google.golang.org/genproto v0.0.0-20190708153700-3bdd9d9f5532
+	google.golang.org/grpc v1.21.1
+)
diff --git a/vendor/cloud.google.com/go/logging/go_mod_tidy_hack.go b/vendor/cloud.google.com/go/logging/go_mod_tidy_hack.go
new file mode 100644
index 0000000000000..a932c70c41e0e
--- /dev/null
+++ b/vendor/cloud.google.com/go/logging/go_mod_tidy_hack.go
@@ -0,0 +1,22 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// This file, and the cloud.google.com/go import, won't actually become part of
+// the resultant binary.
+// +build modhack
+
+package logging
+
+// Necessary for safely adding multi-module repo. See: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
+import _ "cloud.google.com/go"
diff --git a/vendor/cloud.google.com/go/logging/internal/common.go b/vendor/cloud.google.com/go/logging/internal/common.go
index 38cfbb5fa292e..c5788feb0b2c9 100644
--- a/vendor/cloud.google.com/go/logging/internal/common.go
+++ b/vendor/cloud.google.com/go/logging/internal/common.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -20,15 +20,17 @@ import (
 )
 
 const (
+	// ProdAddr is the production address.
 	ProdAddr = "logging.googleapis.com:443"
-	Version  = "0.2.0"
 )
 
+// LogPath creates a formatted path from a parent and a logID.
 func LogPath(parent, logID string) string {
 	logID = strings.Replace(logID, "/", "%2F", -1)
 	return fmt.Sprintf("%s/logs/%s", parent, logID)
 }
 
+// LogIDFromPath parses and returns the ID from a log path.
 func LogIDFromPath(parent, path string) string {
 	start := len(parent) + len("/logs/")
 	if len(path) < start {
diff --git a/vendor/cloud.google.com/go/logging/logging.go b/vendor/cloud.google.com/go/logging/logging.go
index b341f61f7f215..c537675f12165 100644
--- a/vendor/cloud.google.com/go/logging/logging.go
+++ b/vendor/cloud.google.com/go/logging/logging.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -25,16 +25,19 @@
 package logging
 
 import (
+	"bytes"
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"log"
-	"math"
 	"net/http"
+	"regexp"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
+	"unicode/utf8"
 
 	"cloud.google.com/go/compute/metadata"
 	"cloud.google.com/go/internal/version"
@@ -44,7 +47,6 @@ import (
 	"github.com/golang/protobuf/ptypes"
 	structpb "github.com/golang/protobuf/ptypes/struct"
 	tspb "github.com/golang/protobuf/ptypes/timestamp"
-	"golang.org/x/net/context"
 	"google.golang.org/api/option"
 	"google.golang.org/api/support/bundler"
 	mrpb "google.golang.org/genproto/googleapis/api/monitoredres"
@@ -53,13 +55,13 @@ import (
 )
 
 const (
-	// Scope for reading from the logging service.
+	// ReadScope is the scope for reading from the logging service.
 	ReadScope = "https://www.googleapis.com/auth/logging.read"
 
-	// Scope for writing to the logging service.
+	// WriteScope is the scope for writing to the logging service.
 	WriteScope = "https://www.googleapis.com/auth/logging.write"
 
-	// Scope for administrative actions on the logging service.
+	// AdminScope is the scope for administrative actions on the logging service.
 	AdminScope = "https://www.googleapis.com/auth/logging.admin"
 )
 
@@ -234,7 +236,7 @@ type Logger struct {
 	// Options
 	commonResource *mrpb.MonitoredResource
 	commonLabels   map[string]string
-	writeTimeout   time.Duration
+	ctxFunc        func() (context.Context, func())
 }
 
 // A LoggerOption is a configuration option for a Logger.
@@ -274,12 +276,17 @@ func detectResource() *mrpb.MonitoredResource {
 		if err != nil {
 			return
 		}
+		name, err := metadata.InstanceName()
+		if err != nil {
+			return
+		}
 		detectedResource.pb = &mrpb.MonitoredResource{
 			Type: "gce_instance",
 			Labels: map[string]string{
-				"project_id":  projectID,
-				"instance_id": id,
-				"zone":        zone,
+				"project_id":    projectID,
+				"instance_id":   id,
+				"instance_name": name,
+				"zone":          zone,
 			},
 		}
 	})
@@ -398,6 +405,23 @@ type bufferedByteLimit int
 
 func (b bufferedByteLimit) set(l *Logger) { l.bundler.BufferedByteLimit = int(b) }
 
+// ContextFunc is a function that will be called to obtain a context.Context for the
+// WriteLogEntries RPC executed in the background for calls to Logger.Log. The
+// default is a function that always returns context.Background. The second return
+// value of the function is a function to call after the RPC completes.
+//
+// The function is not used for calls to Logger.LogSync, since the caller can pass
+// in the context directly.
+//
+// This option is EXPERIMENTAL. It may be changed or removed.
+func ContextFunc(f func() (ctx context.Context, afterCall func())) LoggerOption {
+	return contextFunc(f)
+}
+
+type contextFunc func() (ctx context.Context, afterCall func())
+
+func (c contextFunc) set(l *Logger) { l.ctxFunc = c }
+
 // Logger returns a Logger that will write entries with the given log ID, such as
 // "syslog". A log ID must be less than 512 characters long and can only
 // include the following characters: upper and lower case alphanumeric
@@ -412,6 +436,7 @@ func (c *Client) Logger(logID string, opts ...LoggerOption) *Logger {
 		client:         c,
 		logName:        internal.LogPath(c.parent, logID),
 		commonResource: r,
+		ctxFunc:        func() (context.Context, func()) { return context.Background(), nil },
 	}
 	l.bundler = bundler.NewBundler(&logpb.LogEntry{}, func(entries interface{}) {
 		l.writeLogEntries(entries.([]*logpb.LogEntry))
@@ -578,6 +603,17 @@ type Entry struct {
 	// if any. If it contains a relative resource name, the name is assumed to
 	// be relative to //tracing.googleapis.com.
 	Trace string
+
+	// ID of the span within the trace associated with the log entry.
+	// The ID is a 16-character hexadecimal encoding of an 8-byte array.
+	SpanID string
+
+	// If set, symbolizes that this request was sampled.
+	TraceSampled bool
+
+	// Optional. Source code location information associated with the log entry,
+	// if any.
+	SourceLocation *logpb.LogEntrySourceLocation
 }
 
 // HTTPRequest contains an http.Request as well as additional
@@ -631,7 +667,7 @@ func fromHTTPRequest(r *HTTPRequest) *logtypepb.HttpRequest {
 	u.Fragment = ""
 	pb := &logtypepb.HttpRequest{
 		RequestMethod:                  r.Request.Method,
-		RequestUrl:                     u.String(),
+		RequestUrl:                     fixUTF8(u.String()),
 		RequestSize:                    r.RequestSize,
 		Status:                         int32(r.Status),
 		ResponseSize:                   r.ResponseSize,
@@ -648,6 +684,27 @@ func fromHTTPRequest(r *HTTPRequest) *logtypepb.HttpRequest {
 	return pb
 }
 
+// fixUTF8 is a helper that fixes an invalid UTF-8 string by replacing
+// invalid UTF-8 runes with the Unicode replacement character (U+FFFD).
+// See Issue https://github.com/googleapis/google-cloud-go/issues/1383.
+func fixUTF8(s string) string {
+	if utf8.ValidString(s) {
+		return s
+	}
+
+	// Otherwise time to build the sequence.
+	buf := new(bytes.Buffer)
+	buf.Grow(len(s))
+	for _, r := range s {
+		if utf8.ValidRune(r) {
+			buf.WriteRune(r)
+		} else {
+			buf.WriteRune('\uFFFD')
+		}
+	}
+	return buf.String()
+}
+
 // toProtoStruct converts v, which must marshal into a JSON object,
 // into a Google Struct proto.
 func toProtoStruct(v interface{}) (*structpb.Struct, error) {
@@ -713,7 +770,7 @@ func jsonValueToStructValue(v interface{}) *structpb.Value {
 // Prefer Log for most uses.
 // TODO(jba): come up with a better name (LogNow?) or eliminate.
 func (l *Logger) LogSync(ctx context.Context, e Entry) error {
-	ent, err := toLogEntry(e)
+	ent, err := l.toLogEntry(e)
 	if err != nil {
 		return err
 	}
@@ -728,7 +785,7 @@ func (l *Logger) LogSync(ctx context.Context, e Entry) error {
 
 // Log buffers the Entry for output to the logging service. It never blocks.
 func (l *Logger) Log(e Entry) {
-	ent, err := toLogEntry(e)
+	ent, err := l.toLogEntry(e)
 	if err != nil {
 		l.client.error(err)
 		return
@@ -756,12 +813,16 @@ func (l *Logger) writeLogEntries(entries []*logpb.LogEntry) {
 		Labels:   l.commonLabels,
 		Entries:  entries,
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), defaultWriteTimeout)
+	ctx, afterCall := l.ctxFunc()
+	ctx, cancel := context.WithTimeout(ctx, defaultWriteTimeout)
 	defer cancel()
 	_, err := l.client.client.WriteLogEntries(ctx, req)
 	if err != nil {
 		l.client.error(err)
 	}
+	if afterCall != nil {
+		afterCall()
+	}
 }
 
 // StandardLogger returns a *log.Logger for the provided severity.
@@ -771,14 +832,38 @@ func (l *Logger) writeLogEntries(entries []*logpb.LogEntry) {
 // (for example by calling SetFlags or SetPrefix).
 func (l *Logger) StandardLogger(s Severity) *log.Logger { return l.stdLoggers[s] }
 
-func trunc32(i int) int32 {
-	if i > math.MaxInt32 {
-		i = math.MaxInt32
+var reCloudTraceContext = regexp.MustCompile(`([a-f\d]+)/([a-f\d]+);o=(\d)`)
+
+func deconstructXCloudTraceContext(s string) (traceID, spanID string, traceSampled bool) {
+	// As per the format described at https://cloud.google.com/trace/docs/troubleshooting#force-trace
+	//    "X-Cloud-Trace-Context: TRACE_ID/SPAN_ID;o=TRACE_TRUE"
+	// for example:
+	//    "X-Cloud-Trace-Context: 105445aa7843bc8bf206b120001000/0;o=1"
+	//
+	// We expect:
+	//   * traceID:         "105445aa7843bc8bf206b120001000"
+	//   * spanID:          ""
+	//   * traceSampled:    true
+	matches := reCloudTraceContext.FindAllStringSubmatch(s, -1)
+	if len(matches) != 1 {
+		return
+	}
+
+	sub := matches[0]
+	if len(sub) != 4 {
+		return
 	}
-	return int32(i)
+
+	traceID, spanID = sub[1], sub[2]
+	if spanID == "0" {
+		spanID = ""
+	}
+	traceSampled = sub[3] == "1"
+
+	return
 }
 
-func toLogEntry(e Entry) (*logpb.LogEntry, error) {
+func (l *Logger) toLogEntry(e Entry) (*logpb.LogEntry, error) {
 	if e.LogName != "" {
 		return nil, errors.New("logging: Entry.LogName should be not be set when writing")
 	}
@@ -790,15 +875,37 @@ func toLogEntry(e Entry) (*logpb.LogEntry, error) {
 	if err != nil {
 		return nil, err
 	}
+	if e.Trace == "" && e.HTTPRequest != nil && e.HTTPRequest.Request != nil {
+		traceHeader := e.HTTPRequest.Request.Header.Get("X-Cloud-Trace-Context")
+		if traceHeader != "" {
+			// Set to a relative resource name, as described at
+			// https://cloud.google.com/appengine/docs/flexible/go/writing-application-logs.
+			traceID, spanID, traceSampled := deconstructXCloudTraceContext(traceHeader)
+			if traceID != "" {
+				e.Trace = fmt.Sprintf("%s/traces/%s", l.client.parent, traceID)
+			}
+			if e.SpanID == "" {
+				e.SpanID = spanID
+			}
+
+			// If we previously hadn't set TraceSampled, let's retrieve it
+			// from the HTTP request's header, as per:
+			//   https://cloud.google.com/trace/docs/troubleshooting#force-trace
+			e.TraceSampled = e.TraceSampled || traceSampled
+		}
+	}
 	ent := &logpb.LogEntry{
-		Timestamp:   ts,
-		Severity:    logtypepb.LogSeverity(e.Severity),
-		InsertId:    e.InsertID,
-		HttpRequest: fromHTTPRequest(e.HTTPRequest),
-		Operation:   e.Operation,
-		Labels:      e.Labels,
-		Trace:       e.Trace,
-		Resource:    e.Resource,
+		Timestamp:      ts,
+		Severity:       logtypepb.LogSeverity(e.Severity),
+		InsertId:       e.InsertID,
+		HttpRequest:    fromHTTPRequest(e.HTTPRequest),
+		Operation:      e.Operation,
+		Labels:         e.Labels,
+		Trace:          e.Trace,
+		SpanId:         e.SpanID,
+		Resource:       e.Resource,
+		SourceLocation: e.SourceLocation,
+		TraceSampled:   e.TraceSampled,
 	}
 	switch p := e.Payload.(type) {
 	case string:
diff --git a/vendor/cloud.google.com/go/tools.go b/vendor/cloud.google.com/go/tools.go
new file mode 100644
index 0000000000000..fa01cc44ccc4b
--- /dev/null
+++ b/vendor/cloud.google.com/go/tools.go
@@ -0,0 +1,33 @@
+// +build tools
+
+// Copyright 2018 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// This package exists to cause `go mod` and `go get` to believe these tools
+// are dependencies, even though they are not runtime dependencies of any
+// package (these are tools used by our CI builds). This means they will appear
+// in our `go.mod` file, but will not be a part of the build. Also, since the
+// build target is something non-existent, these should not be included in any
+// binaries.
+
+package cloud
+
+import (
+	_ "github.com/golang/protobuf/protoc-gen-go"
+	_ "github.com/jstemmer/go-junit-report"
+	_ "golang.org/x/exp/cmd/apidiff"
+	_ "golang.org/x/lint/golint"
+	_ "golang.org/x/tools/cmd/goimports"
+	_ "honnef.co/go/tools/cmd/staticcheck"
+)
diff --git a/vendor/code.cloudfoundry.org/clock/LICENSE b/vendor/code.cloudfoundry.org/clock/LICENSE
new file mode 100644
index 0000000000000..f49a4e16e68b1
--- /dev/null
+++ b/vendor/code.cloudfoundry.org/clock/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/vendor/code.cloudfoundry.org/clock/NOTICE b/vendor/code.cloudfoundry.org/clock/NOTICE
new file mode 100644
index 0000000000000..29c0e5ff07cb7
--- /dev/null
+++ b/vendor/code.cloudfoundry.org/clock/NOTICE
@@ -0,0 +1,20 @@
+Copyright (c) 2015-Present CloudFoundry.org Foundation, Inc. All Rights Reserved.
+
+This project contains software that is Copyright (c) 2015 Pivotal Software, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+This project may include a number of subcomponents with separate
+copyright notices and license terms. Your use of these subcomponents
+is subject to the terms and conditions of each subcomponent's license,
+as noted in the LICENSE file.
diff --git a/vendor/code.cloudfoundry.org/clock/README.md b/vendor/code.cloudfoundry.org/clock/README.md
new file mode 100644
index 0000000000000..abaf64149e608
--- /dev/null
+++ b/vendor/code.cloudfoundry.org/clock/README.md
@@ -0,0 +1,5 @@
+# clock
+
+**Note**: This repository should be imported as `code.cloudfoundry.org/clock`.
+
+Provides a `Clock` interface, useful for injecting time dependencies in tests.
diff --git a/vendor/code.cloudfoundry.org/clock/clock.go b/vendor/code.cloudfoundry.org/clock/clock.go
new file mode 100644
index 0000000000000..6b091d99a4907
--- /dev/null
+++ b/vendor/code.cloudfoundry.org/clock/clock.go
@@ -0,0 +1,53 @@
+package clock
+
+import "time"
+
+type Clock interface {
+	Now() time.Time
+	Sleep(d time.Duration)
+	Since(t time.Time) time.Duration
+	// After waits for the duration to elapse and then sends the current time
+	// on the returned channel.
+	// It is equivalent to clock.NewTimer(d).C.
+	// The underlying Timer is not recovered by the garbage collector
+	// until the timer fires. If efficiency is a concern, use clock.NewTimer
+	// instead and call Timer.Stop if the timer is no longer needed.
+	After(d time.Duration) <-chan time.Time
+
+	NewTimer(d time.Duration) Timer
+	NewTicker(d time.Duration) Ticker
+}
+
+type realClock struct{}
+
+func NewClock() Clock {
+	return &realClock{}
+}
+
+func (clock *realClock) Now() time.Time {
+	return time.Now()
+}
+
+func (clock *realClock) Since(t time.Time) time.Duration {
+	return time.Now().Sub(t)
+}
+
+func (clock *realClock) Sleep(d time.Duration) {
+	<-clock.NewTimer(d).C()
+}
+
+func (clock *realClock) After(d time.Duration) <-chan time.Time {
+	return clock.NewTimer(d).C()
+}
+
+func (clock *realClock) NewTimer(d time.Duration) Timer {
+	return &realTimer{
+		t: time.NewTimer(d),
+	}
+}
+
+func (clock *realClock) NewTicker(d time.Duration) Ticker {
+	return &realTicker{
+		t: time.NewTicker(d),
+	}
+}
diff --git a/vendor/code.cloudfoundry.org/clock/package.go b/vendor/code.cloudfoundry.org/clock/package.go
new file mode 100644
index 0000000000000..349f67c82a15b
--- /dev/null
+++ b/vendor/code.cloudfoundry.org/clock/package.go
@@ -0,0 +1 @@
+package clock // import "code.cloudfoundry.org/clock"
diff --git a/vendor/github.com/pivotal-golang/clock/ticker.go b/vendor/code.cloudfoundry.org/clock/ticker.go
similarity index 100%
rename from vendor/github.com/pivotal-golang/clock/ticker.go
rename to vendor/code.cloudfoundry.org/clock/ticker.go
diff --git a/vendor/github.com/pivotal-golang/clock/timer.go b/vendor/code.cloudfoundry.org/clock/timer.go
similarity index 100%
rename from vendor/github.com/pivotal-golang/clock/timer.go
rename to vendor/code.cloudfoundry.org/clock/timer.go
diff --git a/vendor/github.com/Azure/go-ansiterm/go.mod b/vendor/github.com/Azure/go-ansiterm/go.mod
new file mode 100644
index 0000000000000..965cb8120ec93
--- /dev/null
+++ b/vendor/github.com/Azure/go-ansiterm/go.mod
@@ -0,0 +1,5 @@
+module github.com/Azure/go-ansiterm
+
+go 1.16
+
+require golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
diff --git a/vendor/github.com/Azure/go-ansiterm/winterm/ansi.go b/vendor/github.com/Azure/go-ansiterm/winterm/ansi.go
index a6732797263ff..5599082ae9cb7 100644
--- a/vendor/github.com/Azure/go-ansiterm/winterm/ansi.go
+++ b/vendor/github.com/Azure/go-ansiterm/winterm/ansi.go
@@ -10,6 +10,7 @@ import (
 	"syscall"
 
 	"github.com/Azure/go-ansiterm"
+	windows "golang.org/x/sys/windows"
 )
 
 // Windows keyboard constants
@@ -162,15 +163,28 @@ func ensureInRange(n int16, min int16, max int16) int16 {
 
 func GetStdFile(nFile int) (*os.File, uintptr) {
 	var file *os.File
-	switch nFile {
-	case syscall.STD_INPUT_HANDLE:
+
+	// syscall uses negative numbers
+	// windows package uses very big uint32
+	// Keep these switches split so we don't have to convert ints too much.
+	switch uint32(nFile) {
+	case windows.STD_INPUT_HANDLE:
 		file = os.Stdin
-	case syscall.STD_OUTPUT_HANDLE:
+	case windows.STD_OUTPUT_HANDLE:
 		file = os.Stdout
-	case syscall.STD_ERROR_HANDLE:
+	case windows.STD_ERROR_HANDLE:
 		file = os.Stderr
 	default:
-		panic(fmt.Errorf("Invalid standard handle identifier: %v", nFile))
+		switch nFile {
+		case syscall.STD_INPUT_HANDLE:
+			file = os.Stdin
+		case syscall.STD_OUTPUT_HANDLE:
+			file = os.Stdout
+		case syscall.STD_ERROR_HANDLE:
+			file = os.Stderr
+		default:
+			panic(fmt.Errorf("Invalid standard handle identifier: %v", nFile))
+		}
 	}
 
 	fd, err := syscall.GetStdHandle(nFile)
diff --git a/vendor/github.com/BurntSushi/toml/COPYING b/vendor/github.com/BurntSushi/toml/COPYING
deleted file mode 100644
index 01b5743200b84..0000000000000
--- a/vendor/github.com/BurntSushi/toml/COPYING
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2013 TOML authors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/vendor/github.com/BurntSushi/toml/README.md b/vendor/github.com/BurntSushi/toml/README.md
deleted file mode 100644
index 7c1b37ecc7a02..0000000000000
--- a/vendor/github.com/BurntSushi/toml/README.md
+++ /dev/null
@@ -1,218 +0,0 @@
-## TOML parser and encoder for Go with reflection
-
-TOML stands for Tom's Obvious, Minimal Language. This Go package provides a
-reflection interface similar to Go's standard library `json` and `xml`
-packages. This package also supports the `encoding.TextUnmarshaler` and
-`encoding.TextMarshaler` interfaces so that you can define custom data
-representations. (There is an example of this below.)
-
-Spec: https://github.com/toml-lang/toml
-
-Compatible with TOML version
-[v0.4.0](https://github.com/toml-lang/toml/blob/master/versions/en/toml-v0.4.0.md)
-
-Documentation: https://godoc.org/github.com/BurntSushi/toml
-
-Installation:
-
-```bash
-go get github.com/BurntSushi/toml
-```
-
-Try the toml validator:
-
-```bash
-go get github.com/BurntSushi/toml/cmd/tomlv
-tomlv some-toml-file.toml
-```
-
-[![Build Status](https://travis-ci.org/BurntSushi/toml.svg?branch=master)](https://travis-ci.org/BurntSushi/toml) [![GoDoc](https://godoc.org/github.com/BurntSushi/toml?status.svg)](https://godoc.org/github.com/BurntSushi/toml)
-
-### Testing
-
-This package passes all tests in
-[toml-test](https://github.com/BurntSushi/toml-test) for both the decoder
-and the encoder.
-
-### Examples
-
-This package works similarly to how the Go standard library handles `XML`
-and `JSON`. Namely, data is loaded into Go values via reflection.
-
-For the simplest example, consider some TOML file as just a list of keys
-and values:
-
-```toml
-Age = 25
-Cats = [ "Cauchy", "Plato" ]
-Pi = 3.14
-Perfection = [ 6, 28, 496, 8128 ]
-DOB = 1987-07-05T05:45:00Z
-```
-
-Which could be defined in Go as:
-
-```go
-type Config struct {
-  Age int
-  Cats []string
-  Pi float64
-  Perfection []int
-  DOB time.Time // requires `import time`
-}
-```
-
-And then decoded with:
-
-```go
-var conf Config
-if _, err := toml.Decode(tomlData, &conf); err != nil {
-  // handle error
-}
-```
-
-You can also use struct tags if your struct field name doesn't map to a TOML
-key value directly:
-
-```toml
-some_key_NAME = "wat"
-```
-
-```go
-type TOML struct {
-  ObscureKey string `toml:"some_key_NAME"`
-}
-```
-
-### Using the `encoding.TextUnmarshaler` interface
-
-Here's an example that automatically parses duration strings into
-`time.Duration` values:
-
-```toml
-[[song]]
-name = "Thunder Road"
-duration = "4m49s"
-
-[[song]]
-name = "Stairway to Heaven"
-duration = "8m03s"
-```
-
-Which can be decoded with:
-
-```go
-type song struct {
-  Name     string
-  Duration duration
-}
-type songs struct {
-  Song []song
-}
-var favorites songs
-if _, err := toml.Decode(blob, &favorites); err != nil {
-  log.Fatal(err)
-}
-
-for _, s := range favorites.Song {
-  fmt.Printf("%s (%s)\n", s.Name, s.Duration)
-}
-```
-
-And you'll also need a `duration` type that satisfies the
-`encoding.TextUnmarshaler` interface:
-
-```go
-type duration struct {
-	time.Duration
-}
-
-func (d *duration) UnmarshalText(text []byte) error {
-	var err error
-	d.Duration, err = time.ParseDuration(string(text))
-	return err
-}
-```
-
-### More complex usage
-
-Here's an example of how to load the example from the official spec page:
-
-```toml
-# This is a TOML document. Boom.
-
-title = "TOML Example"
-
-[owner]
-name = "Tom Preston-Werner"
-organization = "GitHub"
-bio = "GitHub Cofounder & CEO\nLikes tater tots and beer."
-dob = 1979-05-27T07:32:00Z # First class dates? Why not?
-
-[database]
-server = "192.168.1.1"
-ports = [ 8001, 8001, 8002 ]
-connection_max = 5000
-enabled = true
-
-[servers]
-
-  # You can indent as you please. Tabs or spaces. TOML don't care.
-  [servers.alpha]
-  ip = "10.0.0.1"
-  dc = "eqdc10"
-
-  [servers.beta]
-  ip = "10.0.0.2"
-  dc = "eqdc10"
-
-[clients]
-data = [ ["gamma", "delta"], [1, 2] ] # just an update to make sure parsers support it
-
-# Line breaks are OK when inside arrays
-hosts = [
-  "alpha",
-  "omega"
-]
-```
-
-And the corresponding Go types are:
-
-```go
-type tomlConfig struct {
-	Title string
-	Owner ownerInfo
-	DB database `toml:"database"`
-	Servers map[string]server
-	Clients clients
-}
-
-type ownerInfo struct {
-	Name string
-	Org string `toml:"organization"`
-	Bio string
-	DOB time.Time
-}
-
-type database struct {
-	Server string
-	Ports []int
-	ConnMax int `toml:"connection_max"`
-	Enabled bool
-}
-
-type server struct {
-	IP string
-	DC string
-}
-
-type clients struct {
-	Data [][]interface{}
-	Hosts []string
-}
-```
-
-Note that a case insensitive match will be tried if an exact match can't be
-found.
-
-A working example of the above can be found in `_examples/example.{go,toml}`.
diff --git a/vendor/github.com/BurntSushi/toml/decode.go b/vendor/github.com/BurntSushi/toml/decode.go
deleted file mode 100644
index b0fd51d5b6ea5..0000000000000
--- a/vendor/github.com/BurntSushi/toml/decode.go
+++ /dev/null
@@ -1,509 +0,0 @@
-package toml
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"math"
-	"reflect"
-	"strings"
-	"time"
-)
-
-func e(format string, args ...interface{}) error {
-	return fmt.Errorf("toml: "+format, args...)
-}
-
-// Unmarshaler is the interface implemented by objects that can unmarshal a
-// TOML description of themselves.
-type Unmarshaler interface {
-	UnmarshalTOML(interface{}) error
-}
-
-// Unmarshal decodes the contents of `p` in TOML format into a pointer `v`.
-func Unmarshal(p []byte, v interface{}) error {
-	_, err := Decode(string(p), v)
-	return err
-}
-
-// Primitive is a TOML value that hasn't been decoded into a Go value.
-// When using the various `Decode*` functions, the type `Primitive` may
-// be given to any value, and its decoding will be delayed.
-//
-// A `Primitive` value can be decoded using the `PrimitiveDecode` function.
-//
-// The underlying representation of a `Primitive` value is subject to change.
-// Do not rely on it.
-//
-// N.B. Primitive values are still parsed, so using them will only avoid
-// the overhead of reflection. They can be useful when you don't know the
-// exact type of TOML data until run time.
-type Primitive struct {
-	undecoded interface{}
-	context   Key
-}
-
-// DEPRECATED!
-//
-// Use MetaData.PrimitiveDecode instead.
-func PrimitiveDecode(primValue Primitive, v interface{}) error {
-	md := MetaData{decoded: make(map[string]bool)}
-	return md.unify(primValue.undecoded, rvalue(v))
-}
-
-// PrimitiveDecode is just like the other `Decode*` functions, except it
-// decodes a TOML value that has already been parsed. Valid primitive values
-// can *only* be obtained from values filled by the decoder functions,
-// including this method. (i.e., `v` may contain more `Primitive`
-// values.)
-//
-// Meta data for primitive values is included in the meta data returned by
-// the `Decode*` functions with one exception: keys returned by the Undecoded
-// method will only reflect keys that were decoded. Namely, any keys hidden
-// behind a Primitive will be considered undecoded. Executing this method will
-// update the undecoded keys in the meta data. (See the example.)
-func (md *MetaData) PrimitiveDecode(primValue Primitive, v interface{}) error {
-	md.context = primValue.context
-	defer func() { md.context = nil }()
-	return md.unify(primValue.undecoded, rvalue(v))
-}
-
-// Decode will decode the contents of `data` in TOML format into a pointer
-// `v`.
-//
-// TOML hashes correspond to Go structs or maps. (Dealer's choice. They can be
-// used interchangeably.)
-//
-// TOML arrays of tables correspond to either a slice of structs or a slice
-// of maps.
-//
-// TOML datetimes correspond to Go `time.Time` values.
-//
-// All other TOML types (float, string, int, bool and array) correspond
-// to the obvious Go types.
-//
-// An exception to the above rules is if a type implements the
-// encoding.TextUnmarshaler interface. In this case, any primitive TOML value
-// (floats, strings, integers, booleans and datetimes) will be converted to
-// a byte string and given to the value's UnmarshalText method. See the
-// Unmarshaler example for a demonstration with time duration strings.
-//
-// Key mapping
-//
-// TOML keys can map to either keys in a Go map or field names in a Go
-// struct. The special `toml` struct tag may be used to map TOML keys to
-// struct fields that don't match the key name exactly. (See the example.)
-// A case insensitive match to struct names will be tried if an exact match
-// can't be found.
-//
-// The mapping between TOML values and Go values is loose. That is, there
-// may exist TOML values that cannot be placed into your representation, and
-// there may be parts of your representation that do not correspond to
-// TOML values. This loose mapping can be made stricter by using the IsDefined
-// and/or Undecoded methods on the MetaData returned.
-//
-// This decoder will not handle cyclic types. If a cyclic type is passed,
-// `Decode` will not terminate.
-func Decode(data string, v interface{}) (MetaData, error) {
-	rv := reflect.ValueOf(v)
-	if rv.Kind() != reflect.Ptr {
-		return MetaData{}, e("Decode of non-pointer %s", reflect.TypeOf(v))
-	}
-	if rv.IsNil() {
-		return MetaData{}, e("Decode of nil %s", reflect.TypeOf(v))
-	}
-	p, err := parse(data)
-	if err != nil {
-		return MetaData{}, err
-	}
-	md := MetaData{
-		p.mapping, p.types, p.ordered,
-		make(map[string]bool, len(p.ordered)), nil,
-	}
-	return md, md.unify(p.mapping, indirect(rv))
-}
-
-// DecodeFile is just like Decode, except it will automatically read the
-// contents of the file at `fpath` and decode it for you.
-func DecodeFile(fpath string, v interface{}) (MetaData, error) {
-	bs, err := ioutil.ReadFile(fpath)
-	if err != nil {
-		return MetaData{}, err
-	}
-	return Decode(string(bs), v)
-}
-
-// DecodeReader is just like Decode, except it will consume all bytes
-// from the reader and decode it for you.
-func DecodeReader(r io.Reader, v interface{}) (MetaData, error) {
-	bs, err := ioutil.ReadAll(r)
-	if err != nil {
-		return MetaData{}, err
-	}
-	return Decode(string(bs), v)
-}
-
-// unify performs a sort of type unification based on the structure of `rv`,
-// which is the client representation.
-//
-// Any type mismatch produces an error. Finding a type that we don't know
-// how to handle produces an unsupported type error.
-func (md *MetaData) unify(data interface{}, rv reflect.Value) error {
-
-	// Special case. Look for a `Primitive` value.
-	if rv.Type() == reflect.TypeOf((*Primitive)(nil)).Elem() {
-		// Save the undecoded data and the key context into the primitive
-		// value.
-		context := make(Key, len(md.context))
-		copy(context, md.context)
-		rv.Set(reflect.ValueOf(Primitive{
-			undecoded: data,
-			context:   context,
-		}))
-		return nil
-	}
-
-	// Special case. Unmarshaler Interface support.
-	if rv.CanAddr() {
-		if v, ok := rv.Addr().Interface().(Unmarshaler); ok {
-			return v.UnmarshalTOML(data)
-		}
-	}
-
-	// Special case. Handle time.Time values specifically.
-	// TODO: Remove this code when we decide to drop support for Go 1.1.
-	// This isn't necessary in Go 1.2 because time.Time satisfies the encoding
-	// interfaces.
-	if rv.Type().AssignableTo(rvalue(time.Time{}).Type()) {
-		return md.unifyDatetime(data, rv)
-	}
-
-	// Special case. Look for a value satisfying the TextUnmarshaler interface.
-	if v, ok := rv.Interface().(TextUnmarshaler); ok {
-		return md.unifyText(data, v)
-	}
-	// BUG(burntsushi)
-	// The behavior here is incorrect whenever a Go type satisfies the
-	// encoding.TextUnmarshaler interface but also corresponds to a TOML
-	// hash or array. In particular, the unmarshaler should only be applied
-	// to primitive TOML values. But at this point, it will be applied to
-	// all kinds of values and produce an incorrect error whenever those values
-	// are hashes or arrays (including arrays of tables).
-
-	k := rv.Kind()
-
-	// laziness
-	if k >= reflect.Int && k <= reflect.Uint64 {
-		return md.unifyInt(data, rv)
-	}
-	switch k {
-	case reflect.Ptr:
-		elem := reflect.New(rv.Type().Elem())
-		err := md.unify(data, reflect.Indirect(elem))
-		if err != nil {
-			return err
-		}
-		rv.Set(elem)
-		return nil
-	case reflect.Struct:
-		return md.unifyStruct(data, rv)
-	case reflect.Map:
-		return md.unifyMap(data, rv)
-	case reflect.Array:
-		return md.unifyArray(data, rv)
-	case reflect.Slice:
-		return md.unifySlice(data, rv)
-	case reflect.String:
-		return md.unifyString(data, rv)
-	case reflect.Bool:
-		return md.unifyBool(data, rv)
-	case reflect.Interface:
-		// we only support empty interfaces.
-		if rv.NumMethod() > 0 {
-			return e("unsupported type %s", rv.Type())
-		}
-		return md.unifyAnything(data, rv)
-	case reflect.Float32:
-		fallthrough
-	case reflect.Float64:
-		return md.unifyFloat64(data, rv)
-	}
-	return e("unsupported type %s", rv.Kind())
-}
-
-func (md *MetaData) unifyStruct(mapping interface{}, rv reflect.Value) error {
-	tmap, ok := mapping.(map[string]interface{})
-	if !ok {
-		if mapping == nil {
-			return nil
-		}
-		return e("type mismatch for %s: expected table but found %T",
-			rv.Type().String(), mapping)
-	}
-
-	for key, datum := range tmap {
-		var f *field
-		fields := cachedTypeFields(rv.Type())
-		for i := range fields {
-			ff := &fields[i]
-			if ff.name == key {
-				f = ff
-				break
-			}
-			if f == nil && strings.EqualFold(ff.name, key) {
-				f = ff
-			}
-		}
-		if f != nil {
-			subv := rv
-			for _, i := range f.index {
-				subv = indirect(subv.Field(i))
-			}
-			if isUnifiable(subv) {
-				md.decoded[md.context.add(key).String()] = true
-				md.context = append(md.context, key)
-				if err := md.unify(datum, subv); err != nil {
-					return err
-				}
-				md.context = md.context[0 : len(md.context)-1]
-			} else if f.name != "" {
-				// Bad user! No soup for you!
-				return e("cannot write unexported field %s.%s",
-					rv.Type().String(), f.name)
-			}
-		}
-	}
-	return nil
-}
-
-func (md *MetaData) unifyMap(mapping interface{}, rv reflect.Value) error {
-	tmap, ok := mapping.(map[string]interface{})
-	if !ok {
-		if tmap == nil {
-			return nil
-		}
-		return badtype("map", mapping)
-	}
-	if rv.IsNil() {
-		rv.Set(reflect.MakeMap(rv.Type()))
-	}
-	for k, v := range tmap {
-		md.decoded[md.context.add(k).String()] = true
-		md.context = append(md.context, k)
-
-		rvkey := indirect(reflect.New(rv.Type().Key()))
-		rvval := reflect.Indirect(reflect.New(rv.Type().Elem()))
-		if err := md.unify(v, rvval); err != nil {
-			return err
-		}
-		md.context = md.context[0 : len(md.context)-1]
-
-		rvkey.SetString(k)
-		rv.SetMapIndex(rvkey, rvval)
-	}
-	return nil
-}
-
-func (md *MetaData) unifyArray(data interface{}, rv reflect.Value) error {
-	datav := reflect.ValueOf(data)
-	if datav.Kind() != reflect.Slice {
-		if !datav.IsValid() {
-			return nil
-		}
-		return badtype("slice", data)
-	}
-	sliceLen := datav.Len()
-	if sliceLen != rv.Len() {
-		return e("expected array length %d; got TOML array of length %d",
-			rv.Len(), sliceLen)
-	}
-	return md.unifySliceArray(datav, rv)
-}
-
-func (md *MetaData) unifySlice(data interface{}, rv reflect.Value) error {
-	datav := reflect.ValueOf(data)
-	if datav.Kind() != reflect.Slice {
-		if !datav.IsValid() {
-			return nil
-		}
-		return badtype("slice", data)
-	}
-	n := datav.Len()
-	if rv.IsNil() || rv.Cap() < n {
-		rv.Set(reflect.MakeSlice(rv.Type(), n, n))
-	}
-	rv.SetLen(n)
-	return md.unifySliceArray(datav, rv)
-}
-
-func (md *MetaData) unifySliceArray(data, rv reflect.Value) error {
-	sliceLen := data.Len()
-	for i := 0; i < sliceLen; i++ {
-		v := data.Index(i).Interface()
-		sliceval := indirect(rv.Index(i))
-		if err := md.unify(v, sliceval); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (md *MetaData) unifyDatetime(data interface{}, rv reflect.Value) error {
-	if _, ok := data.(time.Time); ok {
-		rv.Set(reflect.ValueOf(data))
-		return nil
-	}
-	return badtype("time.Time", data)
-}
-
-func (md *MetaData) unifyString(data interface{}, rv reflect.Value) error {
-	if s, ok := data.(string); ok {
-		rv.SetString(s)
-		return nil
-	}
-	return badtype("string", data)
-}
-
-func (md *MetaData) unifyFloat64(data interface{}, rv reflect.Value) error {
-	if num, ok := data.(float64); ok {
-		switch rv.Kind() {
-		case reflect.Float32:
-			fallthrough
-		case reflect.Float64:
-			rv.SetFloat(num)
-		default:
-			panic("bug")
-		}
-		return nil
-	}
-	return badtype("float", data)
-}
-
-func (md *MetaData) unifyInt(data interface{}, rv reflect.Value) error {
-	if num, ok := data.(int64); ok {
-		if rv.Kind() >= reflect.Int && rv.Kind() <= reflect.Int64 {
-			switch rv.Kind() {
-			case reflect.Int, reflect.Int64:
-				// No bounds checking necessary.
-			case reflect.Int8:
-				if num < math.MinInt8 || num > math.MaxInt8 {
-					return e("value %d is out of range for int8", num)
-				}
-			case reflect.Int16:
-				if num < math.MinInt16 || num > math.MaxInt16 {
-					return e("value %d is out of range for int16", num)
-				}
-			case reflect.Int32:
-				if num < math.MinInt32 || num > math.MaxInt32 {
-					return e("value %d is out of range for int32", num)
-				}
-			}
-			rv.SetInt(num)
-		} else if rv.Kind() >= reflect.Uint && rv.Kind() <= reflect.Uint64 {
-			unum := uint64(num)
-			switch rv.Kind() {
-			case reflect.Uint, reflect.Uint64:
-				// No bounds checking necessary.
-			case reflect.Uint8:
-				if num < 0 || unum > math.MaxUint8 {
-					return e("value %d is out of range for uint8", num)
-				}
-			case reflect.Uint16:
-				if num < 0 || unum > math.MaxUint16 {
-					return e("value %d is out of range for uint16", num)
-				}
-			case reflect.Uint32:
-				if num < 0 || unum > math.MaxUint32 {
-					return e("value %d is out of range for uint32", num)
-				}
-			}
-			rv.SetUint(unum)
-		} else {
-			panic("unreachable")
-		}
-		return nil
-	}
-	return badtype("integer", data)
-}
-
-func (md *MetaData) unifyBool(data interface{}, rv reflect.Value) error {
-	if b, ok := data.(bool); ok {
-		rv.SetBool(b)
-		return nil
-	}
-	return badtype("boolean", data)
-}
-
-func (md *MetaData) unifyAnything(data interface{}, rv reflect.Value) error {
-	rv.Set(reflect.ValueOf(data))
-	return nil
-}
-
-func (md *MetaData) unifyText(data interface{}, v TextUnmarshaler) error {
-	var s string
-	switch sdata := data.(type) {
-	case TextMarshaler:
-		text, err := sdata.MarshalText()
-		if err != nil {
-			return err
-		}
-		s = string(text)
-	case fmt.Stringer:
-		s = sdata.String()
-	case string:
-		s = sdata
-	case bool:
-		s = fmt.Sprintf("%v", sdata)
-	case int64:
-		s = fmt.Sprintf("%d", sdata)
-	case float64:
-		s = fmt.Sprintf("%f", sdata)
-	default:
-		return badtype("primitive (string-like)", data)
-	}
-	if err := v.UnmarshalText([]byte(s)); err != nil {
-		return err
-	}
-	return nil
-}
-
-// rvalue returns a reflect.Value of `v`. All pointers are resolved.
-func rvalue(v interface{}) reflect.Value {
-	return indirect(reflect.ValueOf(v))
-}
-
-// indirect returns the value pointed to by a pointer.
-// Pointers are followed until the value is not a pointer.
-// New values are allocated for each nil pointer.
-//
-// An exception to this rule is if the value satisfies an interface of
-// interest to us (like encoding.TextUnmarshaler).
-func indirect(v reflect.Value) reflect.Value {
-	if v.Kind() != reflect.Ptr {
-		if v.CanSet() {
-			pv := v.Addr()
-			if _, ok := pv.Interface().(TextUnmarshaler); ok {
-				return pv
-			}
-		}
-		return v
-	}
-	if v.IsNil() {
-		v.Set(reflect.New(v.Type().Elem()))
-	}
-	return indirect(reflect.Indirect(v))
-}
-
-func isUnifiable(rv reflect.Value) bool {
-	if rv.CanSet() {
-		return true
-	}
-	if _, ok := rv.Interface().(TextUnmarshaler); ok {
-		return true
-	}
-	return false
-}
-
-func badtype(expected string, data interface{}) error {
-	return e("cannot load TOML value of type %T into a Go %s", data, expected)
-}
diff --git a/vendor/github.com/BurntSushi/toml/decode_meta.go b/vendor/github.com/BurntSushi/toml/decode_meta.go
deleted file mode 100644
index b9914a6798cf9..0000000000000
--- a/vendor/github.com/BurntSushi/toml/decode_meta.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package toml
-
-import "strings"
-
-// MetaData allows access to meta information about TOML data that may not
-// be inferrable via reflection. In particular, whether a key has been defined
-// and the TOML type of a key.
-type MetaData struct {
-	mapping map[string]interface{}
-	types   map[string]tomlType
-	keys    []Key
-	decoded map[string]bool
-	context Key // Used only during decoding.
-}
-
-// IsDefined returns true if the key given exists in the TOML data. The key
-// should be specified hierarchially. e.g.,
-//
-//	// access the TOML key 'a.b.c'
-//	IsDefined("a", "b", "c")
-//
-// IsDefined will return false if an empty key given. Keys are case sensitive.
-func (md *MetaData) IsDefined(key ...string) bool {
-	if len(key) == 0 {
-		return false
-	}
-
-	var hash map[string]interface{}
-	var ok bool
-	var hashOrVal interface{} = md.mapping
-	for _, k := range key {
-		if hash, ok = hashOrVal.(map[string]interface{}); !ok {
-			return false
-		}
-		if hashOrVal, ok = hash[k]; !ok {
-			return false
-		}
-	}
-	return true
-}
-
-// Type returns a string representation of the type of the key specified.
-//
-// Type will return the empty string if given an empty key or a key that
-// does not exist. Keys are case sensitive.
-func (md *MetaData) Type(key ...string) string {
-	fullkey := strings.Join(key, ".")
-	if typ, ok := md.types[fullkey]; ok {
-		return typ.typeString()
-	}
-	return ""
-}
-
-// Key is the type of any TOML key, including key groups. Use (MetaData).Keys
-// to get values of this type.
-type Key []string
-
-func (k Key) String() string {
-	return strings.Join(k, ".")
-}
-
-func (k Key) maybeQuotedAll() string {
-	var ss []string
-	for i := range k {
-		ss = append(ss, k.maybeQuoted(i))
-	}
-	return strings.Join(ss, ".")
-}
-
-func (k Key) maybeQuoted(i int) string {
-	quote := false
-	for _, c := range k[i] {
-		if !isBareKeyChar(c) {
-			quote = true
-			break
-		}
-	}
-	if quote {
-		return "\"" + strings.Replace(k[i], "\"", "\\\"", -1) + "\""
-	}
-	return k[i]
-}
-
-func (k Key) add(piece string) Key {
-	newKey := make(Key, len(k)+1)
-	copy(newKey, k)
-	newKey[len(k)] = piece
-	return newKey
-}
-
-// Keys returns a slice of every key in the TOML data, including key groups.
-// Each key is itself a slice, where the first element is the top of the
-// hierarchy and the last is the most specific.
-//
-// The list will have the same order as the keys appeared in the TOML data.
-//
-// All keys returned are non-empty.
-func (md *MetaData) Keys() []Key {
-	return md.keys
-}
-
-// Undecoded returns all keys that have not been decoded in the order in which
-// they appear in the original TOML document.
-//
-// This includes keys that haven't been decoded because of a Primitive value.
-// Once the Primitive value is decoded, the keys will be considered decoded.
-//
-// Also note that decoding into an empty interface will result in no decoding,
-// and so no keys will be considered decoded.
-//
-// In this sense, the Undecoded keys correspond to keys in the TOML document
-// that do not have a concrete type in your representation.
-func (md *MetaData) Undecoded() []Key {
-	undecoded := make([]Key, 0, len(md.keys))
-	for _, key := range md.keys {
-		if !md.decoded[key.String()] {
-			undecoded = append(undecoded, key)
-		}
-	}
-	return undecoded
-}
diff --git a/vendor/github.com/BurntSushi/toml/doc.go b/vendor/github.com/BurntSushi/toml/doc.go
deleted file mode 100644
index b371f396edcac..0000000000000
--- a/vendor/github.com/BurntSushi/toml/doc.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-Package toml provides facilities for decoding and encoding TOML configuration
-files via reflection. There is also support for delaying decoding with
-the Primitive type, and querying the set of keys in a TOML document with the
-MetaData type.
-
-The specification implemented: https://github.com/toml-lang/toml
-
-The sub-command github.com/BurntSushi/toml/cmd/tomlv can be used to verify
-whether a file is a valid TOML document. It can also be used to print the
-type of each key in a TOML document.
-
-Testing
-
-There are two important types of tests used for this package. The first is
-contained inside '*_test.go' files and uses the standard Go unit testing
-framework. These tests are primarily devoted to holistically testing the
-decoder and encoder.
-
-The second type of testing is used to verify the implementation's adherence
-to the TOML specification. These tests have been factored into their own
-project: https://github.com/BurntSushi/toml-test
-
-The reason the tests are in a separate project is so that they can be used by
-any implementation of TOML. Namely, it is language agnostic.
-*/
-package toml
diff --git a/vendor/github.com/BurntSushi/toml/encode.go b/vendor/github.com/BurntSushi/toml/encode.go
deleted file mode 100644
index d905c21a24662..0000000000000
--- a/vendor/github.com/BurntSushi/toml/encode.go
+++ /dev/null
@@ -1,568 +0,0 @@
-package toml
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"io"
-	"reflect"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-)
-
-type tomlEncodeError struct{ error }
-
-var (
-	errArrayMixedElementTypes = errors.New(
-		"toml: cannot encode array with mixed element types")
-	errArrayNilElement = errors.New(
-		"toml: cannot encode array with nil element")
-	errNonString = errors.New(
-		"toml: cannot encode a map with non-string key type")
-	errAnonNonStruct = errors.New(
-		"toml: cannot encode an anonymous field that is not a struct")
-	errArrayNoTable = errors.New(
-		"toml: TOML array element cannot contain a table")
-	errNoKey = errors.New(
-		"toml: top-level values must be Go maps or structs")
-	errAnything = errors.New("") // used in testing
-)
-
-var quotedReplacer = strings.NewReplacer(
-	"\t", "\\t",
-	"\n", "\\n",
-	"\r", "\\r",
-	"\"", "\\\"",
-	"\\", "\\\\",
-)
-
-// Encoder controls the encoding of Go values to a TOML document to some
-// io.Writer.
-//
-// The indentation level can be controlled with the Indent field.
-type Encoder struct {
-	// A single indentation level. By default it is two spaces.
-	Indent string
-
-	// hasWritten is whether we have written any output to w yet.
-	hasWritten bool
-	w          *bufio.Writer
-}
-
-// NewEncoder returns a TOML encoder that encodes Go values to the io.Writer
-// given. By default, a single indentation level is 2 spaces.
-func NewEncoder(w io.Writer) *Encoder {
-	return &Encoder{
-		w:      bufio.NewWriter(w),
-		Indent: "  ",
-	}
-}
-
-// Encode writes a TOML representation of the Go value to the underlying
-// io.Writer. If the value given cannot be encoded to a valid TOML document,
-// then an error is returned.
-//
-// The mapping between Go values and TOML values should be precisely the same
-// as for the Decode* functions. Similarly, the TextMarshaler interface is
-// supported by encoding the resulting bytes as strings. (If you want to write
-// arbitrary binary data then you will need to use something like base64 since
-// TOML does not have any binary types.)
-//
-// When encoding TOML hashes (i.e., Go maps or structs), keys without any
-// sub-hashes are encoded first.
-//
-// If a Go map is encoded, then its keys are sorted alphabetically for
-// deterministic output. More control over this behavior may be provided if
-// there is demand for it.
-//
-// Encoding Go values without a corresponding TOML representation---like map
-// types with non-string keys---will cause an error to be returned. Similarly
-// for mixed arrays/slices, arrays/slices with nil elements, embedded
-// non-struct types and nested slices containing maps or structs.
-// (e.g., [][]map[string]string is not allowed but []map[string]string is OK
-// and so is []map[string][]string.)
-func (enc *Encoder) Encode(v interface{}) error {
-	rv := eindirect(reflect.ValueOf(v))
-	if err := enc.safeEncode(Key([]string{}), rv); err != nil {
-		return err
-	}
-	return enc.w.Flush()
-}
-
-func (enc *Encoder) safeEncode(key Key, rv reflect.Value) (err error) {
-	defer func() {
-		if r := recover(); r != nil {
-			if terr, ok := r.(tomlEncodeError); ok {
-				err = terr.error
-				return
-			}
-			panic(r)
-		}
-	}()
-	enc.encode(key, rv)
-	return nil
-}
-
-func (enc *Encoder) encode(key Key, rv reflect.Value) {
-	// Special case. Time needs to be in ISO8601 format.
-	// Special case. If we can marshal the type to text, then we used that.
-	// Basically, this prevents the encoder for handling these types as
-	// generic structs (or whatever the underlying type of a TextMarshaler is).
-	switch rv.Interface().(type) {
-	case time.Time, TextMarshaler:
-		enc.keyEqElement(key, rv)
-		return
-	}
-
-	k := rv.Kind()
-	switch k {
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32,
-		reflect.Int64,
-		reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32,
-		reflect.Uint64,
-		reflect.Float32, reflect.Float64, reflect.String, reflect.Bool:
-		enc.keyEqElement(key, rv)
-	case reflect.Array, reflect.Slice:
-		if typeEqual(tomlArrayHash, tomlTypeOfGo(rv)) {
-			enc.eArrayOfTables(key, rv)
-		} else {
-			enc.keyEqElement(key, rv)
-		}
-	case reflect.Interface:
-		if rv.IsNil() {
-			return
-		}
-		enc.encode(key, rv.Elem())
-	case reflect.Map:
-		if rv.IsNil() {
-			return
-		}
-		enc.eTable(key, rv)
-	case reflect.Ptr:
-		if rv.IsNil() {
-			return
-		}
-		enc.encode(key, rv.Elem())
-	case reflect.Struct:
-		enc.eTable(key, rv)
-	default:
-		panic(e("unsupported type for key '%s': %s", key, k))
-	}
-}
-
-// eElement encodes any value that can be an array element (primitives and
-// arrays).
-func (enc *Encoder) eElement(rv reflect.Value) {
-	switch v := rv.Interface().(type) {
-	case time.Time:
-		// Special case time.Time as a primitive. Has to come before
-		// TextMarshaler below because time.Time implements
-		// encoding.TextMarshaler, but we need to always use UTC.
-		enc.wf(v.UTC().Format("2006-01-02T15:04:05Z"))
-		return
-	case TextMarshaler:
-		// Special case. Use text marshaler if it's available for this value.
-		if s, err := v.MarshalText(); err != nil {
-			encPanic(err)
-		} else {
-			enc.writeQuoted(string(s))
-		}
-		return
-	}
-	switch rv.Kind() {
-	case reflect.Bool:
-		enc.wf(strconv.FormatBool(rv.Bool()))
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32,
-		reflect.Int64:
-		enc.wf(strconv.FormatInt(rv.Int(), 10))
-	case reflect.Uint, reflect.Uint8, reflect.Uint16,
-		reflect.Uint32, reflect.Uint64:
-		enc.wf(strconv.FormatUint(rv.Uint(), 10))
-	case reflect.Float32:
-		enc.wf(floatAddDecimal(strconv.FormatFloat(rv.Float(), 'f', -1, 32)))
-	case reflect.Float64:
-		enc.wf(floatAddDecimal(strconv.FormatFloat(rv.Float(), 'f', -1, 64)))
-	case reflect.Array, reflect.Slice:
-		enc.eArrayOrSliceElement(rv)
-	case reflect.Interface:
-		enc.eElement(rv.Elem())
-	case reflect.String:
-		enc.writeQuoted(rv.String())
-	default:
-		panic(e("unexpected primitive type: %s", rv.Kind()))
-	}
-}
-
-// By the TOML spec, all floats must have a decimal with at least one
-// number on either side.
-func floatAddDecimal(fstr string) string {
-	if !strings.Contains(fstr, ".") {
-		return fstr + ".0"
-	}
-	return fstr
-}
-
-func (enc *Encoder) writeQuoted(s string) {
-	enc.wf("\"%s\"", quotedReplacer.Replace(s))
-}
-
-func (enc *Encoder) eArrayOrSliceElement(rv reflect.Value) {
-	length := rv.Len()
-	enc.wf("[")
-	for i := 0; i < length; i++ {
-		elem := rv.Index(i)
-		enc.eElement(elem)
-		if i != length-1 {
-			enc.wf(", ")
-		}
-	}
-	enc.wf("]")
-}
-
-func (enc *Encoder) eArrayOfTables(key Key, rv reflect.Value) {
-	if len(key) == 0 {
-		encPanic(errNoKey)
-	}
-	for i := 0; i < rv.Len(); i++ {
-		trv := rv.Index(i)
-		if isNil(trv) {
-			continue
-		}
-		panicIfInvalidKey(key)
-		enc.newline()
-		enc.wf("%s[[%s]]", enc.indentStr(key), key.maybeQuotedAll())
-		enc.newline()
-		enc.eMapOrStruct(key, trv)
-	}
-}
-
-func (enc *Encoder) eTable(key Key, rv reflect.Value) {
-	panicIfInvalidKey(key)
-	if len(key) == 1 {
-		// Output an extra newline between top-level tables.
-		// (The newline isn't written if nothing else has been written though.)
-		enc.newline()
-	}
-	if len(key) > 0 {
-		enc.wf("%s[%s]", enc.indentStr(key), key.maybeQuotedAll())
-		enc.newline()
-	}
-	enc.eMapOrStruct(key, rv)
-}
-
-func (enc *Encoder) eMapOrStruct(key Key, rv reflect.Value) {
-	switch rv := eindirect(rv); rv.Kind() {
-	case reflect.Map:
-		enc.eMap(key, rv)
-	case reflect.Struct:
-		enc.eStruct(key, rv)
-	default:
-		panic("eTable: unhandled reflect.Value Kind: " + rv.Kind().String())
-	}
-}
-
-func (enc *Encoder) eMap(key Key, rv reflect.Value) {
-	rt := rv.Type()
-	if rt.Key().Kind() != reflect.String {
-		encPanic(errNonString)
-	}
-
-	// Sort keys so that we have deterministic output. And write keys directly
-	// underneath this key first, before writing sub-structs or sub-maps.
-	var mapKeysDirect, mapKeysSub []string
-	for _, mapKey := range rv.MapKeys() {
-		k := mapKey.String()
-		if typeIsHash(tomlTypeOfGo(rv.MapIndex(mapKey))) {
-			mapKeysSub = append(mapKeysSub, k)
-		} else {
-			mapKeysDirect = append(mapKeysDirect, k)
-		}
-	}
-
-	var writeMapKeys = func(mapKeys []string) {
-		sort.Strings(mapKeys)
-		for _, mapKey := range mapKeys {
-			mrv := rv.MapIndex(reflect.ValueOf(mapKey))
-			if isNil(mrv) {
-				// Don't write anything for nil fields.
-				continue
-			}
-			enc.encode(key.add(mapKey), mrv)
-		}
-	}
-	writeMapKeys(mapKeysDirect)
-	writeMapKeys(mapKeysSub)
-}
-
-func (enc *Encoder) eStruct(key Key, rv reflect.Value) {
-	// Write keys for fields directly under this key first, because if we write
-	// a field that creates a new table, then all keys under it will be in that
-	// table (not the one we're writing here).
-	rt := rv.Type()
-	var fieldsDirect, fieldsSub [][]int
-	var addFields func(rt reflect.Type, rv reflect.Value, start []int)
-	addFields = func(rt reflect.Type, rv reflect.Value, start []int) {
-		for i := 0; i < rt.NumField(); i++ {
-			f := rt.Field(i)
-			// skip unexported fields
-			if f.PkgPath != "" && !f.Anonymous {
-				continue
-			}
-			frv := rv.Field(i)
-			if f.Anonymous {
-				t := f.Type
-				switch t.Kind() {
-				case reflect.Struct:
-					// Treat anonymous struct fields with
-					// tag names as though they are not
-					// anonymous, like encoding/json does.
-					if getOptions(f.Tag).name == "" {
-						addFields(t, frv, f.Index)
-						continue
-					}
-				case reflect.Ptr:
-					if t.Elem().Kind() == reflect.Struct &&
-						getOptions(f.Tag).name == "" {
-						if !frv.IsNil() {
-							addFields(t.Elem(), frv.Elem(), f.Index)
-						}
-						continue
-					}
-					// Fall through to the normal field encoding logic below
-					// for non-struct anonymous fields.
-				}
-			}
-
-			if typeIsHash(tomlTypeOfGo(frv)) {
-				fieldsSub = append(fieldsSub, append(start, f.Index...))
-			} else {
-				fieldsDirect = append(fieldsDirect, append(start, f.Index...))
-			}
-		}
-	}
-	addFields(rt, rv, nil)
-
-	var writeFields = func(fields [][]int) {
-		for _, fieldIndex := range fields {
-			sft := rt.FieldByIndex(fieldIndex)
-			sf := rv.FieldByIndex(fieldIndex)
-			if isNil(sf) {
-				// Don't write anything for nil fields.
-				continue
-			}
-
-			opts := getOptions(sft.Tag)
-			if opts.skip {
-				continue
-			}
-			keyName := sft.Name
-			if opts.name != "" {
-				keyName = opts.name
-			}
-			if opts.omitempty && isEmpty(sf) {
-				continue
-			}
-			if opts.omitzero && isZero(sf) {
-				continue
-			}
-
-			enc.encode(key.add(keyName), sf)
-		}
-	}
-	writeFields(fieldsDirect)
-	writeFields(fieldsSub)
-}
-
-// tomlTypeName returns the TOML type name of the Go value's type. It is
-// used to determine whether the types of array elements are mixed (which is
-// forbidden). If the Go value is nil, then it is illegal for it to be an array
-// element, and valueIsNil is returned as true.
-
-// Returns the TOML type of a Go value. The type may be `nil`, which means
-// no concrete TOML type could be found.
-func tomlTypeOfGo(rv reflect.Value) tomlType {
-	if isNil(rv) || !rv.IsValid() {
-		return nil
-	}
-	switch rv.Kind() {
-	case reflect.Bool:
-		return tomlBool
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32,
-		reflect.Int64,
-		reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32,
-		reflect.Uint64:
-		return tomlInteger
-	case reflect.Float32, reflect.Float64:
-		return tomlFloat
-	case reflect.Array, reflect.Slice:
-		if typeEqual(tomlHash, tomlArrayType(rv)) {
-			return tomlArrayHash
-		}
-		return tomlArray
-	case reflect.Ptr, reflect.Interface:
-		return tomlTypeOfGo(rv.Elem())
-	case reflect.String:
-		return tomlString
-	case reflect.Map:
-		return tomlHash
-	case reflect.Struct:
-		switch rv.Interface().(type) {
-		case time.Time:
-			return tomlDatetime
-		case TextMarshaler:
-			return tomlString
-		default:
-			return tomlHash
-		}
-	default:
-		panic("unexpected reflect.Kind: " + rv.Kind().String())
-	}
-}
-
-// tomlArrayType returns the element type of a TOML array. The type returned
-// may be nil if it cannot be determined (e.g., a nil slice or a zero length
-// slize). This function may also panic if it finds a type that cannot be
-// expressed in TOML (such as nil elements, heterogeneous arrays or directly
-// nested arrays of tables).
-func tomlArrayType(rv reflect.Value) tomlType {
-	if isNil(rv) || !rv.IsValid() || rv.Len() == 0 {
-		return nil
-	}
-	firstType := tomlTypeOfGo(rv.Index(0))
-	if firstType == nil {
-		encPanic(errArrayNilElement)
-	}
-
-	rvlen := rv.Len()
-	for i := 1; i < rvlen; i++ {
-		elem := rv.Index(i)
-		switch elemType := tomlTypeOfGo(elem); {
-		case elemType == nil:
-			encPanic(errArrayNilElement)
-		case !typeEqual(firstType, elemType):
-			encPanic(errArrayMixedElementTypes)
-		}
-	}
-	// If we have a nested array, then we must make sure that the nested
-	// array contains ONLY primitives.
-	// This checks arbitrarily nested arrays.
-	if typeEqual(firstType, tomlArray) || typeEqual(firstType, tomlArrayHash) {
-		nest := tomlArrayType(eindirect(rv.Index(0)))
-		if typeEqual(nest, tomlHash) || typeEqual(nest, tomlArrayHash) {
-			encPanic(errArrayNoTable)
-		}
-	}
-	return firstType
-}
-
-type tagOptions struct {
-	skip      bool // "-"
-	name      string
-	omitempty bool
-	omitzero  bool
-}
-
-func getOptions(tag reflect.StructTag) tagOptions {
-	t := tag.Get("toml")
-	if t == "-" {
-		return tagOptions{skip: true}
-	}
-	var opts tagOptions
-	parts := strings.Split(t, ",")
-	opts.name = parts[0]
-	for _, s := range parts[1:] {
-		switch s {
-		case "omitempty":
-			opts.omitempty = true
-		case "omitzero":
-			opts.omitzero = true
-		}
-	}
-	return opts
-}
-
-func isZero(rv reflect.Value) bool {
-	switch rv.Kind() {
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		return rv.Int() == 0
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
-		return rv.Uint() == 0
-	case reflect.Float32, reflect.Float64:
-		return rv.Float() == 0.0
-	}
-	return false
-}
-
-func isEmpty(rv reflect.Value) bool {
-	switch rv.Kind() {
-	case reflect.Array, reflect.Slice, reflect.Map, reflect.String:
-		return rv.Len() == 0
-	case reflect.Bool:
-		return !rv.Bool()
-	}
-	return false
-}
-
-func (enc *Encoder) newline() {
-	if enc.hasWritten {
-		enc.wf("\n")
-	}
-}
-
-func (enc *Encoder) keyEqElement(key Key, val reflect.Value) {
-	if len(key) == 0 {
-		encPanic(errNoKey)
-	}
-	panicIfInvalidKey(key)
-	enc.wf("%s%s = ", enc.indentStr(key), key.maybeQuoted(len(key)-1))
-	enc.eElement(val)
-	enc.newline()
-}
-
-func (enc *Encoder) wf(format string, v ...interface{}) {
-	if _, err := fmt.Fprintf(enc.w, format, v...); err != nil {
-		encPanic(err)
-	}
-	enc.hasWritten = true
-}
-
-func (enc *Encoder) indentStr(key Key) string {
-	return strings.Repeat(enc.Indent, len(key)-1)
-}
-
-func encPanic(err error) {
-	panic(tomlEncodeError{err})
-}
-
-func eindirect(v reflect.Value) reflect.Value {
-	switch v.Kind() {
-	case reflect.Ptr, reflect.Interface:
-		return eindirect(v.Elem())
-	default:
-		return v
-	}
-}
-
-func isNil(rv reflect.Value) bool {
-	switch rv.Kind() {
-	case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
-		return rv.IsNil()
-	default:
-		return false
-	}
-}
-
-func panicIfInvalidKey(key Key) {
-	for _, k := range key {
-		if len(k) == 0 {
-			encPanic(e("Key '%s' is not a valid table name. Key names "+
-				"cannot be empty.", key.maybeQuotedAll()))
-		}
-	}
-}
-
-func isValidKeyName(s string) bool {
-	return len(s) != 0
-}
diff --git a/vendor/github.com/BurntSushi/toml/encoding_types.go b/vendor/github.com/BurntSushi/toml/encoding_types.go
deleted file mode 100644
index d36e1dd6002be..0000000000000
--- a/vendor/github.com/BurntSushi/toml/encoding_types.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// +build go1.2
-
-package toml
-
-// In order to support Go 1.1, we define our own TextMarshaler and
-// TextUnmarshaler types. For Go 1.2+, we just alias them with the
-// standard library interfaces.
-
-import (
-	"encoding"
-)
-
-// TextMarshaler is a synonym for encoding.TextMarshaler. It is defined here
-// so that Go 1.1 can be supported.
-type TextMarshaler encoding.TextMarshaler
-
-// TextUnmarshaler is a synonym for encoding.TextUnmarshaler. It is defined
-// here so that Go 1.1 can be supported.
-type TextUnmarshaler encoding.TextUnmarshaler
diff --git a/vendor/github.com/BurntSushi/toml/encoding_types_1.1.go b/vendor/github.com/BurntSushi/toml/encoding_types_1.1.go
deleted file mode 100644
index e8d503d04690d..0000000000000
--- a/vendor/github.com/BurntSushi/toml/encoding_types_1.1.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// +build !go1.2
-
-package toml
-
-// These interfaces were introduced in Go 1.2, so we add them manually when
-// compiling for Go 1.1.
-
-// TextMarshaler is a synonym for encoding.TextMarshaler. It is defined here
-// so that Go 1.1 can be supported.
-type TextMarshaler interface {
-	MarshalText() (text []byte, err error)
-}
-
-// TextUnmarshaler is a synonym for encoding.TextUnmarshaler. It is defined
-// here so that Go 1.1 can be supported.
-type TextUnmarshaler interface {
-	UnmarshalText(text []byte) error
-}
diff --git a/vendor/github.com/BurntSushi/toml/lex.go b/vendor/github.com/BurntSushi/toml/lex.go
deleted file mode 100644
index e0a742a8870f1..0000000000000
--- a/vendor/github.com/BurntSushi/toml/lex.go
+++ /dev/null
@@ -1,953 +0,0 @@
-package toml
-
-import (
-	"fmt"
-	"strings"
-	"unicode"
-	"unicode/utf8"
-)
-
-type itemType int
-
-const (
-	itemError itemType = iota
-	itemNIL            // used in the parser to indicate no type
-	itemEOF
-	itemText
-	itemString
-	itemRawString
-	itemMultilineString
-	itemRawMultilineString
-	itemBool
-	itemInteger
-	itemFloat
-	itemDatetime
-	itemArray // the start of an array
-	itemArrayEnd
-	itemTableStart
-	itemTableEnd
-	itemArrayTableStart
-	itemArrayTableEnd
-	itemKeyStart
-	itemCommentStart
-	itemInlineTableStart
-	itemInlineTableEnd
-)
-
-const (
-	eof              = 0
-	comma            = ','
-	tableStart       = '['
-	tableEnd         = ']'
-	arrayTableStart  = '['
-	arrayTableEnd    = ']'
-	tableSep         = '.'
-	keySep           = '='
-	arrayStart       = '['
-	arrayEnd         = ']'
-	commentStart     = '#'
-	stringStart      = '"'
-	stringEnd        = '"'
-	rawStringStart   = '\''
-	rawStringEnd     = '\''
-	inlineTableStart = '{'
-	inlineTableEnd   = '}'
-)
-
-type stateFn func(lx *lexer) stateFn
-
-type lexer struct {
-	input string
-	start int
-	pos   int
-	line  int
-	state stateFn
-	items chan item
-
-	// Allow for backing up up to three runes.
-	// This is necessary because TOML contains 3-rune tokens (""" and ''').
-	prevWidths [3]int
-	nprev      int // how many of prevWidths are in use
-	// If we emit an eof, we can still back up, but it is not OK to call
-	// next again.
-	atEOF bool
-
-	// A stack of state functions used to maintain context.
-	// The idea is to reuse parts of the state machine in various places.
-	// For example, values can appear at the top level or within arbitrarily
-	// nested arrays. The last state on the stack is used after a value has
-	// been lexed. Similarly for comments.
-	stack []stateFn
-}
-
-type item struct {
-	typ  itemType
-	val  string
-	line int
-}
-
-func (lx *lexer) nextItem() item {
-	for {
-		select {
-		case item := <-lx.items:
-			return item
-		default:
-			lx.state = lx.state(lx)
-		}
-	}
-}
-
-func lex(input string) *lexer {
-	lx := &lexer{
-		input: input,
-		state: lexTop,
-		line:  1,
-		items: make(chan item, 10),
-		stack: make([]stateFn, 0, 10),
-	}
-	return lx
-}
-
-func (lx *lexer) push(state stateFn) {
-	lx.stack = append(lx.stack, state)
-}
-
-func (lx *lexer) pop() stateFn {
-	if len(lx.stack) == 0 {
-		return lx.errorf("BUG in lexer: no states to pop")
-	}
-	last := lx.stack[len(lx.stack)-1]
-	lx.stack = lx.stack[0 : len(lx.stack)-1]
-	return last
-}
-
-func (lx *lexer) current() string {
-	return lx.input[lx.start:lx.pos]
-}
-
-func (lx *lexer) emit(typ itemType) {
-	lx.items <- item{typ, lx.current(), lx.line}
-	lx.start = lx.pos
-}
-
-func (lx *lexer) emitTrim(typ itemType) {
-	lx.items <- item{typ, strings.TrimSpace(lx.current()), lx.line}
-	lx.start = lx.pos
-}
-
-func (lx *lexer) next() (r rune) {
-	if lx.atEOF {
-		panic("next called after EOF")
-	}
-	if lx.pos >= len(lx.input) {
-		lx.atEOF = true
-		return eof
-	}
-
-	if lx.input[lx.pos] == '\n' {
-		lx.line++
-	}
-	lx.prevWidths[2] = lx.prevWidths[1]
-	lx.prevWidths[1] = lx.prevWidths[0]
-	if lx.nprev < 3 {
-		lx.nprev++
-	}
-	r, w := utf8.DecodeRuneInString(lx.input[lx.pos:])
-	lx.prevWidths[0] = w
-	lx.pos += w
-	return r
-}
-
-// ignore skips over the pending input before this point.
-func (lx *lexer) ignore() {
-	lx.start = lx.pos
-}
-
-// backup steps back one rune. Can be called only twice between calls to next.
-func (lx *lexer) backup() {
-	if lx.atEOF {
-		lx.atEOF = false
-		return
-	}
-	if lx.nprev < 1 {
-		panic("backed up too far")
-	}
-	w := lx.prevWidths[0]
-	lx.prevWidths[0] = lx.prevWidths[1]
-	lx.prevWidths[1] = lx.prevWidths[2]
-	lx.nprev--
-	lx.pos -= w
-	if lx.pos < len(lx.input) && lx.input[lx.pos] == '\n' {
-		lx.line--
-	}
-}
-
-// accept consumes the next rune if it's equal to `valid`.
-func (lx *lexer) accept(valid rune) bool {
-	if lx.next() == valid {
-		return true
-	}
-	lx.backup()
-	return false
-}
-
-// peek returns but does not consume the next rune in the input.
-func (lx *lexer) peek() rune {
-	r := lx.next()
-	lx.backup()
-	return r
-}
-
-// skip ignores all input that matches the given predicate.
-func (lx *lexer) skip(pred func(rune) bool) {
-	for {
-		r := lx.next()
-		if pred(r) {
-			continue
-		}
-		lx.backup()
-		lx.ignore()
-		return
-	}
-}
-
-// errorf stops all lexing by emitting an error and returning `nil`.
-// Note that any value that is a character is escaped if it's a special
-// character (newlines, tabs, etc.).
-func (lx *lexer) errorf(format string, values ...interface{}) stateFn {
-	lx.items <- item{
-		itemError,
-		fmt.Sprintf(format, values...),
-		lx.line,
-	}
-	return nil
-}
-
-// lexTop consumes elements at the top level of TOML data.
-func lexTop(lx *lexer) stateFn {
-	r := lx.next()
-	if isWhitespace(r) || isNL(r) {
-		return lexSkip(lx, lexTop)
-	}
-	switch r {
-	case commentStart:
-		lx.push(lexTop)
-		return lexCommentStart
-	case tableStart:
-		return lexTableStart
-	case eof:
-		if lx.pos > lx.start {
-			return lx.errorf("unexpected EOF")
-		}
-		lx.emit(itemEOF)
-		return nil
-	}
-
-	// At this point, the only valid item can be a key, so we back up
-	// and let the key lexer do the rest.
-	lx.backup()
-	lx.push(lexTopEnd)
-	return lexKeyStart
-}
-
-// lexTopEnd is entered whenever a top-level item has been consumed. (A value
-// or a table.) It must see only whitespace, and will turn back to lexTop
-// upon a newline. If it sees EOF, it will quit the lexer successfully.
-func lexTopEnd(lx *lexer) stateFn {
-	r := lx.next()
-	switch {
-	case r == commentStart:
-		// a comment will read to a newline for us.
-		lx.push(lexTop)
-		return lexCommentStart
-	case isWhitespace(r):
-		return lexTopEnd
-	case isNL(r):
-		lx.ignore()
-		return lexTop
-	case r == eof:
-		lx.emit(itemEOF)
-		return nil
-	}
-	return lx.errorf("expected a top-level item to end with a newline, "+
-		"comment, or EOF, but got %q instead", r)
-}
-
-// lexTable lexes the beginning of a table. Namely, it makes sure that
-// it starts with a character other than '.' and ']'.
-// It assumes that '[' has already been consumed.
-// It also handles the case that this is an item in an array of tables.
-// e.g., '[[name]]'.
-func lexTableStart(lx *lexer) stateFn {
-	if lx.peek() == arrayTableStart {
-		lx.next()
-		lx.emit(itemArrayTableStart)
-		lx.push(lexArrayTableEnd)
-	} else {
-		lx.emit(itemTableStart)
-		lx.push(lexTableEnd)
-	}
-	return lexTableNameStart
-}
-
-func lexTableEnd(lx *lexer) stateFn {
-	lx.emit(itemTableEnd)
-	return lexTopEnd
-}
-
-func lexArrayTableEnd(lx *lexer) stateFn {
-	if r := lx.next(); r != arrayTableEnd {
-		return lx.errorf("expected end of table array name delimiter %q, "+
-			"but got %q instead", arrayTableEnd, r)
-	}
-	lx.emit(itemArrayTableEnd)
-	return lexTopEnd
-}
-
-func lexTableNameStart(lx *lexer) stateFn {
-	lx.skip(isWhitespace)
-	switch r := lx.peek(); {
-	case r == tableEnd || r == eof:
-		return lx.errorf("unexpected end of table name " +
-			"(table names cannot be empty)")
-	case r == tableSep:
-		return lx.errorf("unexpected table separator " +
-			"(table names cannot be empty)")
-	case r == stringStart || r == rawStringStart:
-		lx.ignore()
-		lx.push(lexTableNameEnd)
-		return lexValue // reuse string lexing
-	default:
-		return lexBareTableName
-	}
-}
-
-// lexBareTableName lexes the name of a table. It assumes that at least one
-// valid character for the table has already been read.
-func lexBareTableName(lx *lexer) stateFn {
-	r := lx.next()
-	if isBareKeyChar(r) {
-		return lexBareTableName
-	}
-	lx.backup()
-	lx.emit(itemText)
-	return lexTableNameEnd
-}
-
-// lexTableNameEnd reads the end of a piece of a table name, optionally
-// consuming whitespace.
-func lexTableNameEnd(lx *lexer) stateFn {
-	lx.skip(isWhitespace)
-	switch r := lx.next(); {
-	case isWhitespace(r):
-		return lexTableNameEnd
-	case r == tableSep:
-		lx.ignore()
-		return lexTableNameStart
-	case r == tableEnd:
-		return lx.pop()
-	default:
-		return lx.errorf("expected '.' or ']' to end table name, "+
-			"but got %q instead", r)
-	}
-}
-
-// lexKeyStart consumes a key name up until the first non-whitespace character.
-// lexKeyStart will ignore whitespace.
-func lexKeyStart(lx *lexer) stateFn {
-	r := lx.peek()
-	switch {
-	case r == keySep:
-		return lx.errorf("unexpected key separator %q", keySep)
-	case isWhitespace(r) || isNL(r):
-		lx.next()
-		return lexSkip(lx, lexKeyStart)
-	case r == stringStart || r == rawStringStart:
-		lx.ignore()
-		lx.emit(itemKeyStart)
-		lx.push(lexKeyEnd)
-		return lexValue // reuse string lexing
-	default:
-		lx.ignore()
-		lx.emit(itemKeyStart)
-		return lexBareKey
-	}
-}
-
-// lexBareKey consumes the text of a bare key. Assumes that the first character
-// (which is not whitespace) has not yet been consumed.
-func lexBareKey(lx *lexer) stateFn {
-	switch r := lx.next(); {
-	case isBareKeyChar(r):
-		return lexBareKey
-	case isWhitespace(r):
-		lx.backup()
-		lx.emit(itemText)
-		return lexKeyEnd
-	case r == keySep:
-		lx.backup()
-		lx.emit(itemText)
-		return lexKeyEnd
-	default:
-		return lx.errorf("bare keys cannot contain %q", r)
-	}
-}
-
-// lexKeyEnd consumes the end of a key and trims whitespace (up to the key
-// separator).
-func lexKeyEnd(lx *lexer) stateFn {
-	switch r := lx.next(); {
-	case r == keySep:
-		return lexSkip(lx, lexValue)
-	case isWhitespace(r):
-		return lexSkip(lx, lexKeyEnd)
-	default:
-		return lx.errorf("expected key separator %q, but got %q instead",
-			keySep, r)
-	}
-}
-
-// lexValue starts the consumption of a value anywhere a value is expected.
-// lexValue will ignore whitespace.
-// After a value is lexed, the last state on the next is popped and returned.
-func lexValue(lx *lexer) stateFn {
-	// We allow whitespace to precede a value, but NOT newlines.
-	// In array syntax, the array states are responsible for ignoring newlines.
-	r := lx.next()
-	switch {
-	case isWhitespace(r):
-		return lexSkip(lx, lexValue)
-	case isDigit(r):
-		lx.backup() // avoid an extra state and use the same as above
-		return lexNumberOrDateStart
-	}
-	switch r {
-	case arrayStart:
-		lx.ignore()
-		lx.emit(itemArray)
-		return lexArrayValue
-	case inlineTableStart:
-		lx.ignore()
-		lx.emit(itemInlineTableStart)
-		return lexInlineTableValue
-	case stringStart:
-		if lx.accept(stringStart) {
-			if lx.accept(stringStart) {
-				lx.ignore() // Ignore """
-				return lexMultilineString
-			}
-			lx.backup()
-		}
-		lx.ignore() // ignore the '"'
-		return lexString
-	case rawStringStart:
-		if lx.accept(rawStringStart) {
-			if lx.accept(rawStringStart) {
-				lx.ignore() // Ignore """
-				return lexMultilineRawString
-			}
-			lx.backup()
-		}
-		lx.ignore() // ignore the "'"
-		return lexRawString
-	case '+', '-':
-		return lexNumberStart
-	case '.': // special error case, be kind to users
-		return lx.errorf("floats must start with a digit, not '.'")
-	}
-	if unicode.IsLetter(r) {
-		// Be permissive here; lexBool will give a nice error if the
-		// user wrote something like
-		//   x = foo
-		// (i.e. not 'true' or 'false' but is something else word-like.)
-		lx.backup()
-		return lexBool
-	}
-	return lx.errorf("expected value but found %q instead", r)
-}
-
-// lexArrayValue consumes one value in an array. It assumes that '[' or ','
-// have already been consumed. All whitespace and newlines are ignored.
-func lexArrayValue(lx *lexer) stateFn {
-	r := lx.next()
-	switch {
-	case isWhitespace(r) || isNL(r):
-		return lexSkip(lx, lexArrayValue)
-	case r == commentStart:
-		lx.push(lexArrayValue)
-		return lexCommentStart
-	case r == comma:
-		return lx.errorf("unexpected comma")
-	case r == arrayEnd:
-		// NOTE(caleb): The spec isn't clear about whether you can have
-		// a trailing comma or not, so we'll allow it.
-		return lexArrayEnd
-	}
-
-	lx.backup()
-	lx.push(lexArrayValueEnd)
-	return lexValue
-}
-
-// lexArrayValueEnd consumes everything between the end of an array value and
-// the next value (or the end of the array): it ignores whitespace and newlines
-// and expects either a ',' or a ']'.
-func lexArrayValueEnd(lx *lexer) stateFn {
-	r := lx.next()
-	switch {
-	case isWhitespace(r) || isNL(r):
-		return lexSkip(lx, lexArrayValueEnd)
-	case r == commentStart:
-		lx.push(lexArrayValueEnd)
-		return lexCommentStart
-	case r == comma:
-		lx.ignore()
-		return lexArrayValue // move on to the next value
-	case r == arrayEnd:
-		return lexArrayEnd
-	}
-	return lx.errorf(
-		"expected a comma or array terminator %q, but got %q instead",
-		arrayEnd, r,
-	)
-}
-
-// lexArrayEnd finishes the lexing of an array.
-// It assumes that a ']' has just been consumed.
-func lexArrayEnd(lx *lexer) stateFn {
-	lx.ignore()
-	lx.emit(itemArrayEnd)
-	return lx.pop()
-}
-
-// lexInlineTableValue consumes one key/value pair in an inline table.
-// It assumes that '{' or ',' have already been consumed. Whitespace is ignored.
-func lexInlineTableValue(lx *lexer) stateFn {
-	r := lx.next()
-	switch {
-	case isWhitespace(r):
-		return lexSkip(lx, lexInlineTableValue)
-	case isNL(r):
-		return lx.errorf("newlines not allowed within inline tables")
-	case r == commentStart:
-		lx.push(lexInlineTableValue)
-		return lexCommentStart
-	case r == comma:
-		return lx.errorf("unexpected comma")
-	case r == inlineTableEnd:
-		return lexInlineTableEnd
-	}
-	lx.backup()
-	lx.push(lexInlineTableValueEnd)
-	return lexKeyStart
-}
-
-// lexInlineTableValueEnd consumes everything between the end of an inline table
-// key/value pair and the next pair (or the end of the table):
-// it ignores whitespace and expects either a ',' or a '}'.
-func lexInlineTableValueEnd(lx *lexer) stateFn {
-	r := lx.next()
-	switch {
-	case isWhitespace(r):
-		return lexSkip(lx, lexInlineTableValueEnd)
-	case isNL(r):
-		return lx.errorf("newlines not allowed within inline tables")
-	case r == commentStart:
-		lx.push(lexInlineTableValueEnd)
-		return lexCommentStart
-	case r == comma:
-		lx.ignore()
-		return lexInlineTableValue
-	case r == inlineTableEnd:
-		return lexInlineTableEnd
-	}
-	return lx.errorf("expected a comma or an inline table terminator %q, "+
-		"but got %q instead", inlineTableEnd, r)
-}
-
-// lexInlineTableEnd finishes the lexing of an inline table.
-// It assumes that a '}' has just been consumed.
-func lexInlineTableEnd(lx *lexer) stateFn {
-	lx.ignore()
-	lx.emit(itemInlineTableEnd)
-	return lx.pop()
-}
-
-// lexString consumes the inner contents of a string. It assumes that the
-// beginning '"' has already been consumed and ignored.
-func lexString(lx *lexer) stateFn {
-	r := lx.next()
-	switch {
-	case r == eof:
-		return lx.errorf("unexpected EOF")
-	case isNL(r):
-		return lx.errorf("strings cannot contain newlines")
-	case r == '\\':
-		lx.push(lexString)
-		return lexStringEscape
-	case r == stringEnd:
-		lx.backup()
-		lx.emit(itemString)
-		lx.next()
-		lx.ignore()
-		return lx.pop()
-	}
-	return lexString
-}
-
-// lexMultilineString consumes the inner contents of a string. It assumes that
-// the beginning '"""' has already been consumed and ignored.
-func lexMultilineString(lx *lexer) stateFn {
-	switch lx.next() {
-	case eof:
-		return lx.errorf("unexpected EOF")
-	case '\\':
-		return lexMultilineStringEscape
-	case stringEnd:
-		if lx.accept(stringEnd) {
-			if lx.accept(stringEnd) {
-				lx.backup()
-				lx.backup()
-				lx.backup()
-				lx.emit(itemMultilineString)
-				lx.next()
-				lx.next()
-				lx.next()
-				lx.ignore()
-				return lx.pop()
-			}
-			lx.backup()
-		}
-	}
-	return lexMultilineString
-}
-
-// lexRawString consumes a raw string. Nothing can be escaped in such a string.
-// It assumes that the beginning "'" has already been consumed and ignored.
-func lexRawString(lx *lexer) stateFn {
-	r := lx.next()
-	switch {
-	case r == eof:
-		return lx.errorf("unexpected EOF")
-	case isNL(r):
-		return lx.errorf("strings cannot contain newlines")
-	case r == rawStringEnd:
-		lx.backup()
-		lx.emit(itemRawString)
-		lx.next()
-		lx.ignore()
-		return lx.pop()
-	}
-	return lexRawString
-}
-
-// lexMultilineRawString consumes a raw string. Nothing can be escaped in such
-// a string. It assumes that the beginning "'''" has already been consumed and
-// ignored.
-func lexMultilineRawString(lx *lexer) stateFn {
-	switch lx.next() {
-	case eof:
-		return lx.errorf("unexpected EOF")
-	case rawStringEnd:
-		if lx.accept(rawStringEnd) {
-			if lx.accept(rawStringEnd) {
-				lx.backup()
-				lx.backup()
-				lx.backup()
-				lx.emit(itemRawMultilineString)
-				lx.next()
-				lx.next()
-				lx.next()
-				lx.ignore()
-				return lx.pop()
-			}
-			lx.backup()
-		}
-	}
-	return lexMultilineRawString
-}
-
-// lexMultilineStringEscape consumes an escaped character. It assumes that the
-// preceding '\\' has already been consumed.
-func lexMultilineStringEscape(lx *lexer) stateFn {
-	// Handle the special case first:
-	if isNL(lx.next()) {
-		return lexMultilineString
-	}
-	lx.backup()
-	lx.push(lexMultilineString)
-	return lexStringEscape(lx)
-}
-
-func lexStringEscape(lx *lexer) stateFn {
-	r := lx.next()
-	switch r {
-	case 'b':
-		fallthrough
-	case 't':
-		fallthrough
-	case 'n':
-		fallthrough
-	case 'f':
-		fallthrough
-	case 'r':
-		fallthrough
-	case '"':
-		fallthrough
-	case '\\':
-		return lx.pop()
-	case 'u':
-		return lexShortUnicodeEscape
-	case 'U':
-		return lexLongUnicodeEscape
-	}
-	return lx.errorf("invalid escape character %q; only the following "+
-		"escape characters are allowed: "+
-		`\b, \t, \n, \f, \r, \", \\, \uXXXX, and \UXXXXXXXX`, r)
-}
-
-func lexShortUnicodeEscape(lx *lexer) stateFn {
-	var r rune
-	for i := 0; i < 4; i++ {
-		r = lx.next()
-		if !isHexadecimal(r) {
-			return lx.errorf(`expected four hexadecimal digits after '\u', `+
-				"but got %q instead", lx.current())
-		}
-	}
-	return lx.pop()
-}
-
-func lexLongUnicodeEscape(lx *lexer) stateFn {
-	var r rune
-	for i := 0; i < 8; i++ {
-		r = lx.next()
-		if !isHexadecimal(r) {
-			return lx.errorf(`expected eight hexadecimal digits after '\U', `+
-				"but got %q instead", lx.current())
-		}
-	}
-	return lx.pop()
-}
-
-// lexNumberOrDateStart consumes either an integer, a float, or datetime.
-func lexNumberOrDateStart(lx *lexer) stateFn {
-	r := lx.next()
-	if isDigit(r) {
-		return lexNumberOrDate
-	}
-	switch r {
-	case '_':
-		return lexNumber
-	case 'e', 'E':
-		return lexFloat
-	case '.':
-		return lx.errorf("floats must start with a digit, not '.'")
-	}
-	return lx.errorf("expected a digit but got %q", r)
-}
-
-// lexNumberOrDate consumes either an integer, float or datetime.
-func lexNumberOrDate(lx *lexer) stateFn {
-	r := lx.next()
-	if isDigit(r) {
-		return lexNumberOrDate
-	}
-	switch r {
-	case '-':
-		return lexDatetime
-	case '_':
-		return lexNumber
-	case '.', 'e', 'E':
-		return lexFloat
-	}
-
-	lx.backup()
-	lx.emit(itemInteger)
-	return lx.pop()
-}
-
-// lexDatetime consumes a Datetime, to a first approximation.
-// The parser validates that it matches one of the accepted formats.
-func lexDatetime(lx *lexer) stateFn {
-	r := lx.next()
-	if isDigit(r) {
-		return lexDatetime
-	}
-	switch r {
-	case '-', 'T', ':', '.', 'Z', '+':
-		return lexDatetime
-	}
-
-	lx.backup()
-	lx.emit(itemDatetime)
-	return lx.pop()
-}
-
-// lexNumberStart consumes either an integer or a float. It assumes that a sign
-// has already been read, but that *no* digits have been consumed.
-// lexNumberStart will move to the appropriate integer or float states.
-func lexNumberStart(lx *lexer) stateFn {
-	// We MUST see a digit. Even floats have to start with a digit.
-	r := lx.next()
-	if !isDigit(r) {
-		if r == '.' {
-			return lx.errorf("floats must start with a digit, not '.'")
-		}
-		return lx.errorf("expected a digit but got %q", r)
-	}
-	return lexNumber
-}
-
-// lexNumber consumes an integer or a float after seeing the first digit.
-func lexNumber(lx *lexer) stateFn {
-	r := lx.next()
-	if isDigit(r) {
-		return lexNumber
-	}
-	switch r {
-	case '_':
-		return lexNumber
-	case '.', 'e', 'E':
-		return lexFloat
-	}
-
-	lx.backup()
-	lx.emit(itemInteger)
-	return lx.pop()
-}
-
-// lexFloat consumes the elements of a float. It allows any sequence of
-// float-like characters, so floats emitted by the lexer are only a first
-// approximation and must be validated by the parser.
-func lexFloat(lx *lexer) stateFn {
-	r := lx.next()
-	if isDigit(r) {
-		return lexFloat
-	}
-	switch r {
-	case '_', '.', '-', '+', 'e', 'E':
-		return lexFloat
-	}
-
-	lx.backup()
-	lx.emit(itemFloat)
-	return lx.pop()
-}
-
-// lexBool consumes a bool string: 'true' or 'false.
-func lexBool(lx *lexer) stateFn {
-	var rs []rune
-	for {
-		r := lx.next()
-		if !unicode.IsLetter(r) {
-			lx.backup()
-			break
-		}
-		rs = append(rs, r)
-	}
-	s := string(rs)
-	switch s {
-	case "true", "false":
-		lx.emit(itemBool)
-		return lx.pop()
-	}
-	return lx.errorf("expected value but found %q instead", s)
-}
-
-// lexCommentStart begins the lexing of a comment. It will emit
-// itemCommentStart and consume no characters, passing control to lexComment.
-func lexCommentStart(lx *lexer) stateFn {
-	lx.ignore()
-	lx.emit(itemCommentStart)
-	return lexComment
-}
-
-// lexComment lexes an entire comment. It assumes that '#' has been consumed.
-// It will consume *up to* the first newline character, and pass control
-// back to the last state on the stack.
-func lexComment(lx *lexer) stateFn {
-	r := lx.peek()
-	if isNL(r) || r == eof {
-		lx.emit(itemText)
-		return lx.pop()
-	}
-	lx.next()
-	return lexComment
-}
-
-// lexSkip ignores all slurped input and moves on to the next state.
-func lexSkip(lx *lexer, nextState stateFn) stateFn {
-	return func(lx *lexer) stateFn {
-		lx.ignore()
-		return nextState
-	}
-}
-
-// isWhitespace returns true if `r` is a whitespace character according
-// to the spec.
-func isWhitespace(r rune) bool {
-	return r == '\t' || r == ' '
-}
-
-func isNL(r rune) bool {
-	return r == '\n' || r == '\r'
-}
-
-func isDigit(r rune) bool {
-	return r >= '0' && r <= '9'
-}
-
-func isHexadecimal(r rune) bool {
-	return (r >= '0' && r <= '9') ||
-		(r >= 'a' && r <= 'f') ||
-		(r >= 'A' && r <= 'F')
-}
-
-func isBareKeyChar(r rune) bool {
-	return (r >= 'A' && r <= 'Z') ||
-		(r >= 'a' && r <= 'z') ||
-		(r >= '0' && r <= '9') ||
-		r == '_' ||
-		r == '-'
-}
-
-func (itype itemType) String() string {
-	switch itype {
-	case itemError:
-		return "Error"
-	case itemNIL:
-		return "NIL"
-	case itemEOF:
-		return "EOF"
-	case itemText:
-		return "Text"
-	case itemString, itemRawString, itemMultilineString, itemRawMultilineString:
-		return "String"
-	case itemBool:
-		return "Bool"
-	case itemInteger:
-		return "Integer"
-	case itemFloat:
-		return "Float"
-	case itemDatetime:
-		return "DateTime"
-	case itemTableStart:
-		return "TableStart"
-	case itemTableEnd:
-		return "TableEnd"
-	case itemKeyStart:
-		return "KeyStart"
-	case itemArray:
-		return "Array"
-	case itemArrayEnd:
-		return "ArrayEnd"
-	case itemCommentStart:
-		return "CommentStart"
-	}
-	panic(fmt.Sprintf("BUG: Unknown type '%d'.", int(itype)))
-}
-
-func (item item) String() string {
-	return fmt.Sprintf("(%s, %s)", item.typ.String(), item.val)
-}
diff --git a/vendor/github.com/BurntSushi/toml/parse.go b/vendor/github.com/BurntSushi/toml/parse.go
deleted file mode 100644
index 50869ef9266e4..0000000000000
--- a/vendor/github.com/BurntSushi/toml/parse.go
+++ /dev/null
@@ -1,592 +0,0 @@
-package toml
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"time"
-	"unicode"
-	"unicode/utf8"
-)
-
-type parser struct {
-	mapping map[string]interface{}
-	types   map[string]tomlType
-	lx      *lexer
-
-	// A list of keys in the order that they appear in the TOML data.
-	ordered []Key
-
-	// the full key for the current hash in scope
-	context Key
-
-	// the base key name for everything except hashes
-	currentKey string
-
-	// rough approximation of line number
-	approxLine int
-
-	// A map of 'key.group.names' to whether they were created implicitly.
-	implicits map[string]bool
-}
-
-type parseError string
-
-func (pe parseError) Error() string {
-	return string(pe)
-}
-
-func parse(data string) (p *parser, err error) {
-	defer func() {
-		if r := recover(); r != nil {
-			var ok bool
-			if err, ok = r.(parseError); ok {
-				return
-			}
-			panic(r)
-		}
-	}()
-
-	p = &parser{
-		mapping:   make(map[string]interface{}),
-		types:     make(map[string]tomlType),
-		lx:        lex(data),
-		ordered:   make([]Key, 0),
-		implicits: make(map[string]bool),
-	}
-	for {
-		item := p.next()
-		if item.typ == itemEOF {
-			break
-		}
-		p.topLevel(item)
-	}
-
-	return p, nil
-}
-
-func (p *parser) panicf(format string, v ...interface{}) {
-	msg := fmt.Sprintf("Near line %d (last key parsed '%s'): %s",
-		p.approxLine, p.current(), fmt.Sprintf(format, v...))
-	panic(parseError(msg))
-}
-
-func (p *parser) next() item {
-	it := p.lx.nextItem()
-	if it.typ == itemError {
-		p.panicf("%s", it.val)
-	}
-	return it
-}
-
-func (p *parser) bug(format string, v ...interface{}) {
-	panic(fmt.Sprintf("BUG: "+format+"\n\n", v...))
-}
-
-func (p *parser) expect(typ itemType) item {
-	it := p.next()
-	p.assertEqual(typ, it.typ)
-	return it
-}
-
-func (p *parser) assertEqual(expected, got itemType) {
-	if expected != got {
-		p.bug("Expected '%s' but got '%s'.", expected, got)
-	}
-}
-
-func (p *parser) topLevel(item item) {
-	switch item.typ {
-	case itemCommentStart:
-		p.approxLine = item.line
-		p.expect(itemText)
-	case itemTableStart:
-		kg := p.next()
-		p.approxLine = kg.line
-
-		var key Key
-		for ; kg.typ != itemTableEnd && kg.typ != itemEOF; kg = p.next() {
-			key = append(key, p.keyString(kg))
-		}
-		p.assertEqual(itemTableEnd, kg.typ)
-
-		p.establishContext(key, false)
-		p.setType("", tomlHash)
-		p.ordered = append(p.ordered, key)
-	case itemArrayTableStart:
-		kg := p.next()
-		p.approxLine = kg.line
-
-		var key Key
-		for ; kg.typ != itemArrayTableEnd && kg.typ != itemEOF; kg = p.next() {
-			key = append(key, p.keyString(kg))
-		}
-		p.assertEqual(itemArrayTableEnd, kg.typ)
-
-		p.establishContext(key, true)
-		p.setType("", tomlArrayHash)
-		p.ordered = append(p.ordered, key)
-	case itemKeyStart:
-		kname := p.next()
-		p.approxLine = kname.line
-		p.currentKey = p.keyString(kname)
-
-		val, typ := p.value(p.next())
-		p.setValue(p.currentKey, val)
-		p.setType(p.currentKey, typ)
-		p.ordered = append(p.ordered, p.context.add(p.currentKey))
-		p.currentKey = ""
-	default:
-		p.bug("Unexpected type at top level: %s", item.typ)
-	}
-}
-
-// Gets a string for a key (or part of a key in a table name).
-func (p *parser) keyString(it item) string {
-	switch it.typ {
-	case itemText:
-		return it.val
-	case itemString, itemMultilineString,
-		itemRawString, itemRawMultilineString:
-		s, _ := p.value(it)
-		return s.(string)
-	default:
-		p.bug("Unexpected key type: %s", it.typ)
-		panic("unreachable")
-	}
-}
-
-// value translates an expected value from the lexer into a Go value wrapped
-// as an empty interface.
-func (p *parser) value(it item) (interface{}, tomlType) {
-	switch it.typ {
-	case itemString:
-		return p.replaceEscapes(it.val), p.typeOfPrimitive(it)
-	case itemMultilineString:
-		trimmed := stripFirstNewline(stripEscapedWhitespace(it.val))
-		return p.replaceEscapes(trimmed), p.typeOfPrimitive(it)
-	case itemRawString:
-		return it.val, p.typeOfPrimitive(it)
-	case itemRawMultilineString:
-		return stripFirstNewline(it.val), p.typeOfPrimitive(it)
-	case itemBool:
-		switch it.val {
-		case "true":
-			return true, p.typeOfPrimitive(it)
-		case "false":
-			return false, p.typeOfPrimitive(it)
-		}
-		p.bug("Expected boolean value, but got '%s'.", it.val)
-	case itemInteger:
-		if !numUnderscoresOK(it.val) {
-			p.panicf("Invalid integer %q: underscores must be surrounded by digits",
-				it.val)
-		}
-		val := strings.Replace(it.val, "_", "", -1)
-		num, err := strconv.ParseInt(val, 10, 64)
-		if err != nil {
-			// Distinguish integer values. Normally, it'd be a bug if the lexer
-			// provides an invalid integer, but it's possible that the number is
-			// out of range of valid values (which the lexer cannot determine).
-			// So mark the former as a bug but the latter as a legitimate user
-			// error.
-			if e, ok := err.(*strconv.NumError); ok &&
-				e.Err == strconv.ErrRange {
-
-				p.panicf("Integer '%s' is out of the range of 64-bit "+
-					"signed integers.", it.val)
-			} else {
-				p.bug("Expected integer value, but got '%s'.", it.val)
-			}
-		}
-		return num, p.typeOfPrimitive(it)
-	case itemFloat:
-		parts := strings.FieldsFunc(it.val, func(r rune) bool {
-			switch r {
-			case '.', 'e', 'E':
-				return true
-			}
-			return false
-		})
-		for _, part := range parts {
-			if !numUnderscoresOK(part) {
-				p.panicf("Invalid float %q: underscores must be "+
-					"surrounded by digits", it.val)
-			}
-		}
-		if !numPeriodsOK(it.val) {
-			// As a special case, numbers like '123.' or '1.e2',
-			// which are valid as far as Go/strconv are concerned,
-			// must be rejected because TOML says that a fractional
-			// part consists of '.' followed by 1+ digits.
-			p.panicf("Invalid float %q: '.' must be followed "+
-				"by one or more digits", it.val)
-		}
-		val := strings.Replace(it.val, "_", "", -1)
-		num, err := strconv.ParseFloat(val, 64)
-		if err != nil {
-			if e, ok := err.(*strconv.NumError); ok &&
-				e.Err == strconv.ErrRange {
-
-				p.panicf("Float '%s' is out of the range of 64-bit "+
-					"IEEE-754 floating-point numbers.", it.val)
-			} else {
-				p.panicf("Invalid float value: %q", it.val)
-			}
-		}
-		return num, p.typeOfPrimitive(it)
-	case itemDatetime:
-		var t time.Time
-		var ok bool
-		var err error
-		for _, format := range []string{
-			"2006-01-02T15:04:05Z07:00",
-			"2006-01-02T15:04:05",
-			"2006-01-02",
-		} {
-			t, err = time.ParseInLocation(format, it.val, time.Local)
-			if err == nil {
-				ok = true
-				break
-			}
-		}
-		if !ok {
-			p.panicf("Invalid TOML Datetime: %q.", it.val)
-		}
-		return t, p.typeOfPrimitive(it)
-	case itemArray:
-		array := make([]interface{}, 0)
-		types := make([]tomlType, 0)
-
-		for it = p.next(); it.typ != itemArrayEnd; it = p.next() {
-			if it.typ == itemCommentStart {
-				p.expect(itemText)
-				continue
-			}
-
-			val, typ := p.value(it)
-			array = append(array, val)
-			types = append(types, typ)
-		}
-		return array, p.typeOfArray(types)
-	case itemInlineTableStart:
-		var (
-			hash         = make(map[string]interface{})
-			outerContext = p.context
-			outerKey     = p.currentKey
-		)
-
-		p.context = append(p.context, p.currentKey)
-		p.currentKey = ""
-		for it := p.next(); it.typ != itemInlineTableEnd; it = p.next() {
-			if it.typ != itemKeyStart {
-				p.bug("Expected key start but instead found %q, around line %d",
-					it.val, p.approxLine)
-			}
-			if it.typ == itemCommentStart {
-				p.expect(itemText)
-				continue
-			}
-
-			// retrieve key
-			k := p.next()
-			p.approxLine = k.line
-			kname := p.keyString(k)
-
-			// retrieve value
-			p.currentKey = kname
-			val, typ := p.value(p.next())
-			// make sure we keep metadata up to date
-			p.setType(kname, typ)
-			p.ordered = append(p.ordered, p.context.add(p.currentKey))
-			hash[kname] = val
-		}
-		p.context = outerContext
-		p.currentKey = outerKey
-		return hash, tomlHash
-	}
-	p.bug("Unexpected value type: %s", it.typ)
-	panic("unreachable")
-}
-
-// numUnderscoresOK checks whether each underscore in s is surrounded by
-// characters that are not underscores.
-func numUnderscoresOK(s string) bool {
-	accept := false
-	for _, r := range s {
-		if r == '_' {
-			if !accept {
-				return false
-			}
-			accept = false
-			continue
-		}
-		accept = true
-	}
-	return accept
-}
-
-// numPeriodsOK checks whether every period in s is followed by a digit.
-func numPeriodsOK(s string) bool {
-	period := false
-	for _, r := range s {
-		if period && !isDigit(r) {
-			return false
-		}
-		period = r == '.'
-	}
-	return !period
-}
-
-// establishContext sets the current context of the parser,
-// where the context is either a hash or an array of hashes. Which one is
-// set depends on the value of the `array` parameter.
-//
-// Establishing the context also makes sure that the key isn't a duplicate, and
-// will create implicit hashes automatically.
-func (p *parser) establishContext(key Key, array bool) {
-	var ok bool
-
-	// Always start at the top level and drill down for our context.
-	hashContext := p.mapping
-	keyContext := make(Key, 0)
-
-	// We only need implicit hashes for key[0:-1]
-	for _, k := range key[0 : len(key)-1] {
-		_, ok = hashContext[k]
-		keyContext = append(keyContext, k)
-
-		// No key? Make an implicit hash and move on.
-		if !ok {
-			p.addImplicit(keyContext)
-			hashContext[k] = make(map[string]interface{})
-		}
-
-		// If the hash context is actually an array of tables, then set
-		// the hash context to the last element in that array.
-		//
-		// Otherwise, it better be a table, since this MUST be a key group (by
-		// virtue of it not being the last element in a key).
-		switch t := hashContext[k].(type) {
-		case []map[string]interface{}:
-			hashContext = t[len(t)-1]
-		case map[string]interface{}:
-			hashContext = t
-		default:
-			p.panicf("Key '%s' was already created as a hash.", keyContext)
-		}
-	}
-
-	p.context = keyContext
-	if array {
-		// If this is the first element for this array, then allocate a new
-		// list of tables for it.
-		k := key[len(key)-1]
-		if _, ok := hashContext[k]; !ok {
-			hashContext[k] = make([]map[string]interface{}, 0, 5)
-		}
-
-		// Add a new table. But make sure the key hasn't already been used
-		// for something else.
-		if hash, ok := hashContext[k].([]map[string]interface{}); ok {
-			hashContext[k] = append(hash, make(map[string]interface{}))
-		} else {
-			p.panicf("Key '%s' was already created and cannot be used as "+
-				"an array.", keyContext)
-		}
-	} else {
-		p.setValue(key[len(key)-1], make(map[string]interface{}))
-	}
-	p.context = append(p.context, key[len(key)-1])
-}
-
-// setValue sets the given key to the given value in the current context.
-// It will make sure that the key hasn't already been defined, account for
-// implicit key groups.
-func (p *parser) setValue(key string, value interface{}) {
-	var tmpHash interface{}
-	var ok bool
-
-	hash := p.mapping
-	keyContext := make(Key, 0)
-	for _, k := range p.context {
-		keyContext = append(keyContext, k)
-		if tmpHash, ok = hash[k]; !ok {
-			p.bug("Context for key '%s' has not been established.", keyContext)
-		}
-		switch t := tmpHash.(type) {
-		case []map[string]interface{}:
-			// The context is a table of hashes. Pick the most recent table
-			// defined as the current hash.
-			hash = t[len(t)-1]
-		case map[string]interface{}:
-			hash = t
-		default:
-			p.bug("Expected hash to have type 'map[string]interface{}', but "+
-				"it has '%T' instead.", tmpHash)
-		}
-	}
-	keyContext = append(keyContext, key)
-
-	if _, ok := hash[key]; ok {
-		// Typically, if the given key has already been set, then we have
-		// to raise an error since duplicate keys are disallowed. However,
-		// it's possible that a key was previously defined implicitly. In this
-		// case, it is allowed to be redefined concretely. (See the
-		// `tests/valid/implicit-and-explicit-after.toml` test in `toml-test`.)
-		//
-		// But we have to make sure to stop marking it as an implicit. (So that
-		// another redefinition provokes an error.)
-		//
-		// Note that since it has already been defined (as a hash), we don't
-		// want to overwrite it. So our business is done.
-		if p.isImplicit(keyContext) {
-			p.removeImplicit(keyContext)
-			return
-		}
-
-		// Otherwise, we have a concrete key trying to override a previous
-		// key, which is *always* wrong.
-		p.panicf("Key '%s' has already been defined.", keyContext)
-	}
-	hash[key] = value
-}
-
-// setType sets the type of a particular value at a given key.
-// It should be called immediately AFTER setValue.
-//
-// Note that if `key` is empty, then the type given will be applied to the
-// current context (which is either a table or an array of tables).
-func (p *parser) setType(key string, typ tomlType) {
-	keyContext := make(Key, 0, len(p.context)+1)
-	for _, k := range p.context {
-		keyContext = append(keyContext, k)
-	}
-	if len(key) > 0 { // allow type setting for hashes
-		keyContext = append(keyContext, key)
-	}
-	p.types[keyContext.String()] = typ
-}
-
-// addImplicit sets the given Key as having been created implicitly.
-func (p *parser) addImplicit(key Key) {
-	p.implicits[key.String()] = true
-}
-
-// removeImplicit stops tagging the given key as having been implicitly
-// created.
-func (p *parser) removeImplicit(key Key) {
-	p.implicits[key.String()] = false
-}
-
-// isImplicit returns true if the key group pointed to by the key was created
-// implicitly.
-func (p *parser) isImplicit(key Key) bool {
-	return p.implicits[key.String()]
-}
-
-// current returns the full key name of the current context.
-func (p *parser) current() string {
-	if len(p.currentKey) == 0 {
-		return p.context.String()
-	}
-	if len(p.context) == 0 {
-		return p.currentKey
-	}
-	return fmt.Sprintf("%s.%s", p.context, p.currentKey)
-}
-
-func stripFirstNewline(s string) string {
-	if len(s) == 0 || s[0] != '\n' {
-		return s
-	}
-	return s[1:]
-}
-
-func stripEscapedWhitespace(s string) string {
-	esc := strings.Split(s, "\\\n")
-	if len(esc) > 1 {
-		for i := 1; i < len(esc); i++ {
-			esc[i] = strings.TrimLeftFunc(esc[i], unicode.IsSpace)
-		}
-	}
-	return strings.Join(esc, "")
-}
-
-func (p *parser) replaceEscapes(str string) string {
-	var replaced []rune
-	s := []byte(str)
-	r := 0
-	for r < len(s) {
-		if s[r] != '\\' {
-			c, size := utf8.DecodeRune(s[r:])
-			r += size
-			replaced = append(replaced, c)
-			continue
-		}
-		r += 1
-		if r >= len(s) {
-			p.bug("Escape sequence at end of string.")
-			return ""
-		}
-		switch s[r] {
-		default:
-			p.bug("Expected valid escape code after \\, but got %q.", s[r])
-			return ""
-		case 'b':
-			replaced = append(replaced, rune(0x0008))
-			r += 1
-		case 't':
-			replaced = append(replaced, rune(0x0009))
-			r += 1
-		case 'n':
-			replaced = append(replaced, rune(0x000A))
-			r += 1
-		case 'f':
-			replaced = append(replaced, rune(0x000C))
-			r += 1
-		case 'r':
-			replaced = append(replaced, rune(0x000D))
-			r += 1
-		case '"':
-			replaced = append(replaced, rune(0x0022))
-			r += 1
-		case '\\':
-			replaced = append(replaced, rune(0x005C))
-			r += 1
-		case 'u':
-			// At this point, we know we have a Unicode escape of the form
-			// `uXXXX` at [r, r+5). (Because the lexer guarantees this
-			// for us.)
-			escaped := p.asciiEscapeToUnicode(s[r+1 : r+5])
-			replaced = append(replaced, escaped)
-			r += 5
-		case 'U':
-			// At this point, we know we have a Unicode escape of the form
-			// `uXXXX` at [r, r+9). (Because the lexer guarantees this
-			// for us.)
-			escaped := p.asciiEscapeToUnicode(s[r+1 : r+9])
-			replaced = append(replaced, escaped)
-			r += 9
-		}
-	}
-	return string(replaced)
-}
-
-func (p *parser) asciiEscapeToUnicode(bs []byte) rune {
-	s := string(bs)
-	hex, err := strconv.ParseUint(strings.ToLower(s), 16, 32)
-	if err != nil {
-		p.bug("Could not parse '%s' as a hexadecimal number, but the "+
-			"lexer claims it's OK: %s", s, err)
-	}
-	if !utf8.ValidRune(rune(hex)) {
-		p.panicf("Escaped character '\\u%s' is not valid UTF-8.", s)
-	}
-	return rune(hex)
-}
-
-func isStringType(ty itemType) bool {
-	return ty == itemString || ty == itemMultilineString ||
-		ty == itemRawString || ty == itemRawMultilineString
-}
diff --git a/vendor/github.com/BurntSushi/toml/type_check.go b/vendor/github.com/BurntSushi/toml/type_check.go
deleted file mode 100644
index c73f8afc1a6db..0000000000000
--- a/vendor/github.com/BurntSushi/toml/type_check.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package toml
-
-// tomlType represents any Go type that corresponds to a TOML type.
-// While the first draft of the TOML spec has a simplistic type system that
-// probably doesn't need this level of sophistication, we seem to be militating
-// toward adding real composite types.
-type tomlType interface {
-	typeString() string
-}
-
-// typeEqual accepts any two types and returns true if they are equal.
-func typeEqual(t1, t2 tomlType) bool {
-	if t1 == nil || t2 == nil {
-		return false
-	}
-	return t1.typeString() == t2.typeString()
-}
-
-func typeIsHash(t tomlType) bool {
-	return typeEqual(t, tomlHash) || typeEqual(t, tomlArrayHash)
-}
-
-type tomlBaseType string
-
-func (btype tomlBaseType) typeString() string {
-	return string(btype)
-}
-
-func (btype tomlBaseType) String() string {
-	return btype.typeString()
-}
-
-var (
-	tomlInteger   tomlBaseType = "Integer"
-	tomlFloat     tomlBaseType = "Float"
-	tomlDatetime  tomlBaseType = "Datetime"
-	tomlString    tomlBaseType = "String"
-	tomlBool      tomlBaseType = "Bool"
-	tomlArray     tomlBaseType = "Array"
-	tomlHash      tomlBaseType = "Hash"
-	tomlArrayHash tomlBaseType = "ArrayHash"
-)
-
-// typeOfPrimitive returns a tomlType of any primitive value in TOML.
-// Primitive values are: Integer, Float, Datetime, String and Bool.
-//
-// Passing a lexer item other than the following will cause a BUG message
-// to occur: itemString, itemBool, itemInteger, itemFloat, itemDatetime.
-func (p *parser) typeOfPrimitive(lexItem item) tomlType {
-	switch lexItem.typ {
-	case itemInteger:
-		return tomlInteger
-	case itemFloat:
-		return tomlFloat
-	case itemDatetime:
-		return tomlDatetime
-	case itemString:
-		return tomlString
-	case itemMultilineString:
-		return tomlString
-	case itemRawString:
-		return tomlString
-	case itemRawMultilineString:
-		return tomlString
-	case itemBool:
-		return tomlBool
-	}
-	p.bug("Cannot infer primitive type of lex item '%s'.", lexItem)
-	panic("unreachable")
-}
-
-// typeOfArray returns a tomlType for an array given a list of types of its
-// values.
-//
-// In the current spec, if an array is homogeneous, then its type is always
-// "Array". If the array is not homogeneous, an error is generated.
-func (p *parser) typeOfArray(types []tomlType) tomlType {
-	// Empty arrays are cool.
-	if len(types) == 0 {
-		return tomlArray
-	}
-
-	theType := types[0]
-	for _, t := range types[1:] {
-		if !typeEqual(theType, t) {
-			p.panicf("Array contains values of type '%s' and '%s', but "+
-				"arrays must be homogeneous.", theType, t)
-		}
-	}
-	return tomlArray
-}
diff --git a/vendor/github.com/BurntSushi/toml/type_fields.go b/vendor/github.com/BurntSushi/toml/type_fields.go
deleted file mode 100644
index 608997c22f68c..0000000000000
--- a/vendor/github.com/BurntSushi/toml/type_fields.go
+++ /dev/null
@@ -1,242 +0,0 @@
-package toml
-
-// Struct field handling is adapted from code in encoding/json:
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the Go distribution.
-
-import (
-	"reflect"
-	"sort"
-	"sync"
-)
-
-// A field represents a single field found in a struct.
-type field struct {
-	name  string       // the name of the field (`toml` tag included)
-	tag   bool         // whether field has a `toml` tag
-	index []int        // represents the depth of an anonymous field
-	typ   reflect.Type // the type of the field
-}
-
-// byName sorts field by name, breaking ties with depth,
-// then breaking ties with "name came from toml tag", then
-// breaking ties with index sequence.
-type byName []field
-
-func (x byName) Len() int { return len(x) }
-
-func (x byName) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
-
-func (x byName) Less(i, j int) bool {
-	if x[i].name != x[j].name {
-		return x[i].name < x[j].name
-	}
-	if len(x[i].index) != len(x[j].index) {
-		return len(x[i].index) < len(x[j].index)
-	}
-	if x[i].tag != x[j].tag {
-		return x[i].tag
-	}
-	return byIndex(x).Less(i, j)
-}
-
-// byIndex sorts field by index sequence.
-type byIndex []field
-
-func (x byIndex) Len() int { return len(x) }
-
-func (x byIndex) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
-
-func (x byIndex) Less(i, j int) bool {
-	for k, xik := range x[i].index {
-		if k >= len(x[j].index) {
-			return false
-		}
-		if xik != x[j].index[k] {
-			return xik < x[j].index[k]
-		}
-	}
-	return len(x[i].index) < len(x[j].index)
-}
-
-// typeFields returns a list of fields that TOML should recognize for the given
-// type. The algorithm is breadth-first search over the set of structs to
-// include - the top struct and then any reachable anonymous structs.
-func typeFields(t reflect.Type) []field {
-	// Anonymous fields to explore at the current level and the next.
-	current := []field{}
-	next := []field{{typ: t}}
-
-	// Count of queued names for current level and the next.
-	count := map[reflect.Type]int{}
-	nextCount := map[reflect.Type]int{}
-
-	// Types already visited at an earlier level.
-	visited := map[reflect.Type]bool{}
-
-	// Fields found.
-	var fields []field
-
-	for len(next) > 0 {
-		current, next = next, current[:0]
-		count, nextCount = nextCount, map[reflect.Type]int{}
-
-		for _, f := range current {
-			if visited[f.typ] {
-				continue
-			}
-			visited[f.typ] = true
-
-			// Scan f.typ for fields to include.
-			for i := 0; i < f.typ.NumField(); i++ {
-				sf := f.typ.Field(i)
-				if sf.PkgPath != "" && !sf.Anonymous { // unexported
-					continue
-				}
-				opts := getOptions(sf.Tag)
-				if opts.skip {
-					continue
-				}
-				index := make([]int, len(f.index)+1)
-				copy(index, f.index)
-				index[len(f.index)] = i
-
-				ft := sf.Type
-				if ft.Name() == "" && ft.Kind() == reflect.Ptr {
-					// Follow pointer.
-					ft = ft.Elem()
-				}
-
-				// Record found field and index sequence.
-				if opts.name != "" || !sf.Anonymous || ft.Kind() != reflect.Struct {
-					tagged := opts.name != ""
-					name := opts.name
-					if name == "" {
-						name = sf.Name
-					}
-					fields = append(fields, field{name, tagged, index, ft})
-					if count[f.typ] > 1 {
-						// If there were multiple instances, add a second,
-						// so that the annihilation code will see a duplicate.
-						// It only cares about the distinction between 1 or 2,
-						// so don't bother generating any more copies.
-						fields = append(fields, fields[len(fields)-1])
-					}
-					continue
-				}
-
-				// Record new anonymous struct to explore in next round.
-				nextCount[ft]++
-				if nextCount[ft] == 1 {
-					f := field{name: ft.Name(), index: index, typ: ft}
-					next = append(next, f)
-				}
-			}
-		}
-	}
-
-	sort.Sort(byName(fields))
-
-	// Delete all fields that are hidden by the Go rules for embedded fields,
-	// except that fields with TOML tags are promoted.
-
-	// The fields are sorted in primary order of name, secondary order
-	// of field index length. Loop over names; for each name, delete
-	// hidden fields by choosing the one dominant field that survives.
-	out := fields[:0]
-	for advance, i := 0, 0; i < len(fields); i += advance {
-		// One iteration per name.
-		// Find the sequence of fields with the name of this first field.
-		fi := fields[i]
-		name := fi.name
-		for advance = 1; i+advance < len(fields); advance++ {
-			fj := fields[i+advance]
-			if fj.name != name {
-				break
-			}
-		}
-		if advance == 1 { // Only one field with this name
-			out = append(out, fi)
-			continue
-		}
-		dominant, ok := dominantField(fields[i : i+advance])
-		if ok {
-			out = append(out, dominant)
-		}
-	}
-
-	fields = out
-	sort.Sort(byIndex(fields))
-
-	return fields
-}
-
-// dominantField looks through the fields, all of which are known to
-// have the same name, to find the single field that dominates the
-// others using Go's embedding rules, modified by the presence of
-// TOML tags. If there are multiple top-level fields, the boolean
-// will be false: This condition is an error in Go and we skip all
-// the fields.
-func dominantField(fields []field) (field, bool) {
-	// The fields are sorted in increasing index-length order. The winner
-	// must therefore be one with the shortest index length. Drop all
-	// longer entries, which is easy: just truncate the slice.
-	length := len(fields[0].index)
-	tagged := -1 // Index of first tagged field.
-	for i, f := range fields {
-		if len(f.index) > length {
-			fields = fields[:i]
-			break
-		}
-		if f.tag {
-			if tagged >= 0 {
-				// Multiple tagged fields at the same level: conflict.
-				// Return no field.
-				return field{}, false
-			}
-			tagged = i
-		}
-	}
-	if tagged >= 0 {
-		return fields[tagged], true
-	}
-	// All remaining fields have the same length. If there's more than one,
-	// we have a conflict (two fields named "X" at the same level) and we
-	// return no field.
-	if len(fields) > 1 {
-		return field{}, false
-	}
-	return fields[0], true
-}
-
-var fieldCache struct {
-	sync.RWMutex
-	m map[reflect.Type][]field
-}
-
-// cachedTypeFields is like typeFields but uses a cache to avoid repeated work.
-func cachedTypeFields(t reflect.Type) []field {
-	fieldCache.RLock()
-	f := fieldCache.m[t]
-	fieldCache.RUnlock()
-	if f != nil {
-		return f
-	}
-
-	// Compute fields without lock.
-	// Might duplicate effort but won't hold other computations back.
-	f = typeFields(t)
-	if f == nil {
-		f = []field{}
-	}
-
-	fieldCache.Lock()
-	if fieldCache.m == nil {
-		fieldCache.m = map[reflect.Type][]field{}
-	}
-	fieldCache.m[t] = f
-	fieldCache.Unlock()
-	return f
-}
diff --git a/vendor/github.com/Graylog2/go-gelf/gelf/message.go b/vendor/github.com/Graylog2/go-gelf/gelf/message.go
index 4e5a05ec325e6..fcb182f9122e3 100644
--- a/vendor/github.com/Graylog2/go-gelf/gelf/message.go
+++ b/vendor/github.com/Graylog2/go-gelf/gelf/message.go
@@ -3,6 +3,7 @@ package gelf
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"time"
 )
 
@@ -84,29 +85,35 @@ func (m *Message) UnmarshalJSON(data []byte) error {
 			m.Extra[k] = v
 			continue
 		}
+
+		ok := true
 		switch k {
 		case "version":
-			m.Version = v.(string)
+			m.Version, ok = v.(string)
 		case "host":
-			m.Host = v.(string)
+			m.Host, ok = v.(string)
 		case "short_message":
-			m.Short = v.(string)
+			m.Short, ok = v.(string)
 		case "full_message":
-			m.Full = v.(string)
+			m.Full, ok = v.(string)
 		case "timestamp":
-			m.TimeUnix = v.(float64)
+			m.TimeUnix, ok = v.(float64)
 		case "level":
-			m.Level = int32(v.(float64))
+			var level float64
+			level, ok = v.(float64)
+			m.Level = int32(level)
 		case "facility":
-			m.Facility = v.(string)
+			m.Facility, ok = v.(string)
+		}
+
+		if !ok {
+			return fmt.Errorf("invalid type for field %s", k)
 		}
 	}
 	return nil
 }
 
-func (m *Message) toBytes() (messageBytes []byte, err error) {
-	buf := newBuffer()
-	defer bufPool.Put(buf)
+func (m *Message) toBytes(buf *bytes.Buffer) (messageBytes []byte, err error) {
 	if err = m.MarshalJSONBuf(buf); err != nil {
 		return nil, err
 	}
@@ -134,7 +141,7 @@ func constructMessage(p []byte, hostname string, facility string, file string, l
 		Host:     hostname,
 		Short:    string(short),
 		Full:     string(full),
-		TimeUnix: float64(time.Now().Unix()),
+		TimeUnix: float64(time.Now().UnixNano()) / float64(time.Second),
 		Level:    6, // info
 		Facility: facility,
 		Extra: map[string]interface{}{
diff --git a/vendor/github.com/Graylog2/go-gelf/gelf/tcpwriter.go b/vendor/github.com/Graylog2/go-gelf/gelf/tcpwriter.go
index da1390d1d63a7..5a637ff19b8a5 100644
--- a/vendor/github.com/Graylog2/go-gelf/gelf/tcpwriter.go
+++ b/vendor/github.com/Graylog2/go-gelf/gelf/tcpwriter.go
@@ -43,7 +43,9 @@ func NewTCPWriter(addr string) (*TCPWriter, error) {
 // filled out appropriately.  In general, clients will want to use
 // Write, rather than WriteMessage.
 func (w *TCPWriter) WriteMessage(m *Message) (err error) {
-	messageBytes, err := m.toBytes()
+	buf := newBuffer()
+	defer bufPool.Put(buf)
+	messageBytes, err := m.toBytes(buf)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/Microsoft/go-winio/README.md b/vendor/github.com/Microsoft/go-winio/README.md
index 5680010575b7f..683be1dcf9c8a 100644
--- a/vendor/github.com/Microsoft/go-winio/README.md
+++ b/vendor/github.com/Microsoft/go-winio/README.md
@@ -1,4 +1,4 @@
-# go-winio
+# go-winio [![Build Status](https://github.com/microsoft/go-winio/actions/workflows/ci.yml/badge.svg)](https://github.com/microsoft/go-winio/actions/workflows/ci.yml)
 
 This repository contains utilities for efficiently performing Win32 IO operations in
 Go. Currently, this is focused on accessing named pipes and other file handles, and
@@ -11,12 +11,27 @@ package.
 
 Please see the LICENSE file for licensing information.
 
-This project has adopted the [Microsoft Open Source Code of
-Conduct](https://opensource.microsoft.com/codeofconduct/). For more information
-see the [Code of Conduct
-FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact
-[opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional
-questions or comments.
+## Contributing
 
+This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA)
+declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
+
+When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR
+appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
+
+We also require that contributors sign their commits using git commit -s or git commit --signoff to certify they either authored the work themselves
+or otherwise have permission to use it in this project. Please see https://developercertificate.org/ for more info, as well as to make sure that you can
+attest to the rules listed. Our CI uses the DCO Github app to ensure that all commits in a given PR are signed-off.
+
+
+## Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+
+
+
+## Special Thanks
 Thanks to natefinch for the inspiration for this library. See https://github.com/natefinch/npipe
 for another named pipe implementation.
diff --git a/vendor/github.com/Microsoft/go-winio/archive/tar/LICENSE b/vendor/github.com/Microsoft/go-winio/archive/tar/LICENSE
deleted file mode 100644
index 74487567632c8..0000000000000
--- a/vendor/github.com/Microsoft/go-winio/archive/tar/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2012 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/Microsoft/go-winio/archive/tar/common.go b/vendor/github.com/Microsoft/go-winio/archive/tar/common.go
deleted file mode 100644
index 0378401c0d11f..0000000000000
--- a/vendor/github.com/Microsoft/go-winio/archive/tar/common.go
+++ /dev/null
@@ -1,344 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package tar implements access to tar archives.
-// It aims to cover most of the variations, including those produced
-// by GNU and BSD tars.
-//
-// References:
-//   http://www.freebsd.org/cgi/man.cgi?query=tar&sektion=5
-//   http://www.gnu.org/software/tar/manual/html_node/Standard.html
-//   http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html
-package tar
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"os"
-	"path"
-	"time"
-)
-
-const (
-	blockSize = 512
-
-	// Types
-	TypeReg           = '0'    // regular file
-	TypeRegA          = '\x00' // regular file
-	TypeLink          = '1'    // hard link
-	TypeSymlink       = '2'    // symbolic link
-	TypeChar          = '3'    // character device node
-	TypeBlock         = '4'    // block device node
-	TypeDir           = '5'    // directory
-	TypeFifo          = '6'    // fifo node
-	TypeCont          = '7'    // reserved
-	TypeXHeader       = 'x'    // extended header
-	TypeXGlobalHeader = 'g'    // global extended header
-	TypeGNULongName   = 'L'    // Next file has a long name
-	TypeGNULongLink   = 'K'    // Next file symlinks to a file w/ a long name
-	TypeGNUSparse     = 'S'    // sparse file
-)
-
-// A Header represents a single header in a tar archive.
-// Some fields may not be populated.
-type Header struct {
-	Name         string    // name of header file entry
-	Mode         int64     // permission and mode bits
-	Uid          int       // user id of owner
-	Gid          int       // group id of owner
-	Size         int64     // length in bytes
-	ModTime      time.Time // modified time
-	Typeflag     byte      // type of header entry
-	Linkname     string    // target name of link
-	Uname        string    // user name of owner
-	Gname        string    // group name of owner
-	Devmajor     int64     // major number of character or block device
-	Devminor     int64     // minor number of character or block device
-	AccessTime   time.Time // access time
-	ChangeTime   time.Time // status change time
-	CreationTime time.Time // creation time
-	Xattrs       map[string]string
-	Winheaders   map[string]string
-}
-
-// File name constants from the tar spec.
-const (
-	fileNameSize       = 100 // Maximum number of bytes in a standard tar name.
-	fileNamePrefixSize = 155 // Maximum number of ustar extension bytes.
-)
-
-// FileInfo returns an os.FileInfo for the Header.
-func (h *Header) FileInfo() os.FileInfo {
-	return headerFileInfo{h}
-}
-
-// headerFileInfo implements os.FileInfo.
-type headerFileInfo struct {
-	h *Header
-}
-
-func (fi headerFileInfo) Size() int64        { return fi.h.Size }
-func (fi headerFileInfo) IsDir() bool        { return fi.Mode().IsDir() }
-func (fi headerFileInfo) ModTime() time.Time { return fi.h.ModTime }
-func (fi headerFileInfo) Sys() interface{}   { return fi.h }
-
-// Name returns the base name of the file.
-func (fi headerFileInfo) Name() string {
-	if fi.IsDir() {
-		return path.Base(path.Clean(fi.h.Name))
-	}
-	return path.Base(fi.h.Name)
-}
-
-// Mode returns the permission and mode bits for the headerFileInfo.
-func (fi headerFileInfo) Mode() (mode os.FileMode) {
-	// Set file permission bits.
-	mode = os.FileMode(fi.h.Mode).Perm()
-
-	// Set setuid, setgid and sticky bits.
-	if fi.h.Mode&c_ISUID != 0 {
-		// setuid
-		mode |= os.ModeSetuid
-	}
-	if fi.h.Mode&c_ISGID != 0 {
-		// setgid
-		mode |= os.ModeSetgid
-	}
-	if fi.h.Mode&c_ISVTX != 0 {
-		// sticky
-		mode |= os.ModeSticky
-	}
-
-	// Set file mode bits.
-	// clear perm, setuid, setgid and sticky bits.
-	m := os.FileMode(fi.h.Mode) &^ 07777
-	if m == c_ISDIR {
-		// directory
-		mode |= os.ModeDir
-	}
-	if m == c_ISFIFO {
-		// named pipe (FIFO)
-		mode |= os.ModeNamedPipe
-	}
-	if m == c_ISLNK {
-		// symbolic link
-		mode |= os.ModeSymlink
-	}
-	if m == c_ISBLK {
-		// device file
-		mode |= os.ModeDevice
-	}
-	if m == c_ISCHR {
-		// Unix character device
-		mode |= os.ModeDevice
-		mode |= os.ModeCharDevice
-	}
-	if m == c_ISSOCK {
-		// Unix domain socket
-		mode |= os.ModeSocket
-	}
-
-	switch fi.h.Typeflag {
-	case TypeSymlink:
-		// symbolic link
-		mode |= os.ModeSymlink
-	case TypeChar:
-		// character device node
-		mode |= os.ModeDevice
-		mode |= os.ModeCharDevice
-	case TypeBlock:
-		// block device node
-		mode |= os.ModeDevice
-	case TypeDir:
-		// directory
-		mode |= os.ModeDir
-	case TypeFifo:
-		// fifo node
-		mode |= os.ModeNamedPipe
-	}
-
-	return mode
-}
-
-// sysStat, if non-nil, populates h from system-dependent fields of fi.
-var sysStat func(fi os.FileInfo, h *Header) error
-
-// Mode constants from the tar spec.
-const (
-	c_ISUID  = 04000   // Set uid
-	c_ISGID  = 02000   // Set gid
-	c_ISVTX  = 01000   // Save text (sticky bit)
-	c_ISDIR  = 040000  // Directory
-	c_ISFIFO = 010000  // FIFO
-	c_ISREG  = 0100000 // Regular file
-	c_ISLNK  = 0120000 // Symbolic link
-	c_ISBLK  = 060000  // Block special file
-	c_ISCHR  = 020000  // Character special file
-	c_ISSOCK = 0140000 // Socket
-)
-
-// Keywords for the PAX Extended Header
-const (
-	paxAtime        = "atime"
-	paxCharset      = "charset"
-	paxComment      = "comment"
-	paxCtime        = "ctime" // please note that ctime is not a valid pax header.
-	paxCreationTime = "LIBARCHIVE.creationtime"
-	paxGid          = "gid"
-	paxGname        = "gname"
-	paxLinkpath     = "linkpath"
-	paxMtime        = "mtime"
-	paxPath         = "path"
-	paxSize         = "size"
-	paxUid          = "uid"
-	paxUname        = "uname"
-	paxXattr        = "SCHILY.xattr."
-	paxWindows      = "MSWINDOWS."
-	paxNone         = ""
-)
-
-// FileInfoHeader creates a partially-populated Header from fi.
-// If fi describes a symlink, FileInfoHeader records link as the link target.
-// If fi describes a directory, a slash is appended to the name.
-// Because os.FileInfo's Name method returns only the base name of
-// the file it describes, it may be necessary to modify the Name field
-// of the returned header to provide the full path name of the file.
-func FileInfoHeader(fi os.FileInfo, link string) (*Header, error) {
-	if fi == nil {
-		return nil, errors.New("tar: FileInfo is nil")
-	}
-	fm := fi.Mode()
-	h := &Header{
-		Name:    fi.Name(),
-		ModTime: fi.ModTime(),
-		Mode:    int64(fm.Perm()), // or'd with c_IS* constants later
-	}
-	switch {
-	case fm.IsRegular():
-		h.Mode |= c_ISREG
-		h.Typeflag = TypeReg
-		h.Size = fi.Size()
-	case fi.IsDir():
-		h.Typeflag = TypeDir
-		h.Mode |= c_ISDIR
-		h.Name += "/"
-	case fm&os.ModeSymlink != 0:
-		h.Typeflag = TypeSymlink
-		h.Mode |= c_ISLNK
-		h.Linkname = link
-	case fm&os.ModeDevice != 0:
-		if fm&os.ModeCharDevice != 0 {
-			h.Mode |= c_ISCHR
-			h.Typeflag = TypeChar
-		} else {
-			h.Mode |= c_ISBLK
-			h.Typeflag = TypeBlock
-		}
-	case fm&os.ModeNamedPipe != 0:
-		h.Typeflag = TypeFifo
-		h.Mode |= c_ISFIFO
-	case fm&os.ModeSocket != 0:
-		h.Mode |= c_ISSOCK
-	default:
-		return nil, fmt.Errorf("archive/tar: unknown file mode %v", fm)
-	}
-	if fm&os.ModeSetuid != 0 {
-		h.Mode |= c_ISUID
-	}
-	if fm&os.ModeSetgid != 0 {
-		h.Mode |= c_ISGID
-	}
-	if fm&os.ModeSticky != 0 {
-		h.Mode |= c_ISVTX
-	}
-	// If possible, populate additional fields from OS-specific
-	// FileInfo fields.
-	if sys, ok := fi.Sys().(*Header); ok {
-		// This FileInfo came from a Header (not the OS). Use the
-		// original Header to populate all remaining fields.
-		h.Uid = sys.Uid
-		h.Gid = sys.Gid
-		h.Uname = sys.Uname
-		h.Gname = sys.Gname
-		h.AccessTime = sys.AccessTime
-		h.ChangeTime = sys.ChangeTime
-		if sys.Xattrs != nil {
-			h.Xattrs = make(map[string]string)
-			for k, v := range sys.Xattrs {
-				h.Xattrs[k] = v
-			}
-		}
-		if sys.Typeflag == TypeLink {
-			// hard link
-			h.Typeflag = TypeLink
-			h.Size = 0
-			h.Linkname = sys.Linkname
-		}
-	}
-	if sysStat != nil {
-		return h, sysStat(fi, h)
-	}
-	return h, nil
-}
-
-var zeroBlock = make([]byte, blockSize)
-
-// POSIX specifies a sum of the unsigned byte values, but the Sun tar uses signed byte values.
-// We compute and return both.
-func checksum(header []byte) (unsigned int64, signed int64) {
-	for i := 0; i < len(header); i++ {
-		if i == 148 {
-			// The chksum field (header[148:156]) is special: it should be treated as space bytes.
-			unsigned += ' ' * 8
-			signed += ' ' * 8
-			i += 7
-			continue
-		}
-		unsigned += int64(header[i])
-		signed += int64(int8(header[i]))
-	}
-	return
-}
-
-type slicer []byte
-
-func (sp *slicer) next(n int) (b []byte) {
-	s := *sp
-	b, *sp = s[0:n], s[n:]
-	return
-}
-
-func isASCII(s string) bool {
-	for _, c := range s {
-		if c >= 0x80 {
-			return false
-		}
-	}
-	return true
-}
-
-func toASCII(s string) string {
-	if isASCII(s) {
-		return s
-	}
-	var buf bytes.Buffer
-	for _, c := range s {
-		if c < 0x80 {
-			buf.WriteByte(byte(c))
-		}
-	}
-	return buf.String()
-}
-
-// isHeaderOnlyType checks if the given type flag is of the type that has no
-// data section even if a size is specified.
-func isHeaderOnlyType(flag byte) bool {
-	switch flag {
-	case TypeLink, TypeSymlink, TypeChar, TypeBlock, TypeDir, TypeFifo:
-		return true
-	default:
-		return false
-	}
-}
diff --git a/vendor/github.com/Microsoft/go-winio/archive/tar/reader.go b/vendor/github.com/Microsoft/go-winio/archive/tar/reader.go
deleted file mode 100644
index e210c618a1831..0000000000000
--- a/vendor/github.com/Microsoft/go-winio/archive/tar/reader.go
+++ /dev/null
@@ -1,1002 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tar
-
-// TODO(dsymonds):
-//   - pax extensions
-
-import (
-	"bytes"
-	"errors"
-	"io"
-	"io/ioutil"
-	"math"
-	"os"
-	"strconv"
-	"strings"
-	"time"
-)
-
-var (
-	ErrHeader = errors.New("archive/tar: invalid tar header")
-)
-
-const maxNanoSecondIntSize = 9
-
-// A Reader provides sequential access to the contents of a tar archive.
-// A tar archive consists of a sequence of files.
-// The Next method advances to the next file in the archive (including the first),
-// and then it can be treated as an io.Reader to access the file's data.
-type Reader struct {
-	r       io.Reader
-	err     error
-	pad     int64           // amount of padding (ignored) after current file entry
-	curr    numBytesReader  // reader for current file entry
-	hdrBuff [blockSize]byte // buffer to use in readHeader
-}
-
-type parser struct {
-	err error // Last error seen
-}
-
-// A numBytesReader is an io.Reader with a numBytes method, returning the number
-// of bytes remaining in the underlying encoded data.
-type numBytesReader interface {
-	io.Reader
-	numBytes() int64
-}
-
-// A regFileReader is a numBytesReader for reading file data from a tar archive.
-type regFileReader struct {
-	r  io.Reader // underlying reader
-	nb int64     // number of unread bytes for current file entry
-}
-
-// A sparseFileReader is a numBytesReader for reading sparse file data from a
-// tar archive.
-type sparseFileReader struct {
-	rfr   numBytesReader // Reads the sparse-encoded file data
-	sp    []sparseEntry  // The sparse map for the file
-	pos   int64          // Keeps track of file position
-	total int64          // Total size of the file
-}
-
-// A sparseEntry holds a single entry in a sparse file's sparse map.
-//
-// Sparse files are represented using a series of sparseEntrys.
-// Despite the name, a sparseEntry represents an actual data fragment that
-// references data found in the underlying archive stream. All regions not
-// covered by a sparseEntry are logically filled with zeros.
-//
-// For example, if the underlying raw file contains the 10-byte data:
-//	var compactData = "abcdefgh"
-//
-// And the sparse map has the following entries:
-//	var sp = []sparseEntry{
-//		{offset: 2,  numBytes: 5} // Data fragment for [2..7]
-//		{offset: 18, numBytes: 3} // Data fragment for [18..21]
-//	}
-//
-// Then the content of the resulting sparse file with a "real" size of 25 is:
-//	var sparseData = "\x00"*2 + "abcde" + "\x00"*11 + "fgh" + "\x00"*4
-type sparseEntry struct {
-	offset   int64 // Starting position of the fragment
-	numBytes int64 // Length of the fragment
-}
-
-// Keywords for GNU sparse files in a PAX extended header
-const (
-	paxGNUSparseNumBlocks = "GNU.sparse.numblocks"
-	paxGNUSparseOffset    = "GNU.sparse.offset"
-	paxGNUSparseNumBytes  = "GNU.sparse.numbytes"
-	paxGNUSparseMap       = "GNU.sparse.map"
-	paxGNUSparseName      = "GNU.sparse.name"
-	paxGNUSparseMajor     = "GNU.sparse.major"
-	paxGNUSparseMinor     = "GNU.sparse.minor"
-	paxGNUSparseSize      = "GNU.sparse.size"
-	paxGNUSparseRealSize  = "GNU.sparse.realsize"
-)
-
-// Keywords for old GNU sparse headers
-const (
-	oldGNUSparseMainHeaderOffset               = 386
-	oldGNUSparseMainHeaderIsExtendedOffset     = 482
-	oldGNUSparseMainHeaderNumEntries           = 4
-	oldGNUSparseExtendedHeaderIsExtendedOffset = 504
-	oldGNUSparseExtendedHeaderNumEntries       = 21
-	oldGNUSparseOffsetSize                     = 12
-	oldGNUSparseNumBytesSize                   = 12
-)
-
-// NewReader creates a new Reader reading from r.
-func NewReader(r io.Reader) *Reader { return &Reader{r: r} }
-
-// Next advances to the next entry in the tar archive.
-//
-// io.EOF is returned at the end of the input.
-func (tr *Reader) Next() (*Header, error) {
-	if tr.err != nil {
-		return nil, tr.err
-	}
-
-	var hdr *Header
-	var extHdrs map[string]string
-
-	// Externally, Next iterates through the tar archive as if it is a series of
-	// files. Internally, the tar format often uses fake "files" to add meta
-	// data that describes the next file. These meta data "files" should not
-	// normally be visible to the outside. As such, this loop iterates through
-	// one or more "header files" until it finds a "normal file".
-loop:
-	for {
-		tr.err = tr.skipUnread()
-		if tr.err != nil {
-			return nil, tr.err
-		}
-
-		hdr = tr.readHeader()
-		if tr.err != nil {
-			return nil, tr.err
-		}
-
-		// Check for PAX/GNU special headers and files.
-		switch hdr.Typeflag {
-		case TypeXHeader:
-			extHdrs, tr.err = parsePAX(tr)
-			if tr.err != nil {
-				return nil, tr.err
-			}
-			continue loop // This is a meta header affecting the next header
-		case TypeGNULongName, TypeGNULongLink:
-			var realname []byte
-			realname, tr.err = ioutil.ReadAll(tr)
-			if tr.err != nil {
-				return nil, tr.err
-			}
-
-			// Convert GNU extensions to use PAX headers.
-			if extHdrs == nil {
-				extHdrs = make(map[string]string)
-			}
-			var p parser
-			switch hdr.Typeflag {
-			case TypeGNULongName:
-				extHdrs[paxPath] = p.parseString(realname)
-			case TypeGNULongLink:
-				extHdrs[paxLinkpath] = p.parseString(realname)
-			}
-			if p.err != nil {
-				tr.err = p.err
-				return nil, tr.err
-			}
-			continue loop // This is a meta header affecting the next header
-		default:
-			mergePAX(hdr, extHdrs)
-
-			// Check for a PAX format sparse file
-			sp, err := tr.checkForGNUSparsePAXHeaders(hdr, extHdrs)
-			if err != nil {
-				tr.err = err
-				return nil, err
-			}
-			if sp != nil {
-				// Current file is a PAX format GNU sparse file.
-				// Set the current file reader to a sparse file reader.
-				tr.curr, tr.err = newSparseFileReader(tr.curr, sp, hdr.Size)
-				if tr.err != nil {
-					return nil, tr.err
-				}
-			}
-			break loop // This is a file, so stop
-		}
-	}
-	return hdr, nil
-}
-
-// checkForGNUSparsePAXHeaders checks the PAX headers for GNU sparse headers. If they are found, then
-// this function reads the sparse map and returns it. Unknown sparse formats are ignored, causing the file to
-// be treated as a regular file.
-func (tr *Reader) checkForGNUSparsePAXHeaders(hdr *Header, headers map[string]string) ([]sparseEntry, error) {
-	var sparseFormat string
-
-	// Check for sparse format indicators
-	major, majorOk := headers[paxGNUSparseMajor]
-	minor, minorOk := headers[paxGNUSparseMinor]
-	sparseName, sparseNameOk := headers[paxGNUSparseName]
-	_, sparseMapOk := headers[paxGNUSparseMap]
-	sparseSize, sparseSizeOk := headers[paxGNUSparseSize]
-	sparseRealSize, sparseRealSizeOk := headers[paxGNUSparseRealSize]
-
-	// Identify which, if any, sparse format applies from which PAX headers are set
-	if majorOk && minorOk {
-		sparseFormat = major + "." + minor
-	} else if sparseNameOk && sparseMapOk {
-		sparseFormat = "0.1"
-	} else if sparseSizeOk {
-		sparseFormat = "0.0"
-	} else {
-		// Not a PAX format GNU sparse file.
-		return nil, nil
-	}
-
-	// Check for unknown sparse format
-	if sparseFormat != "0.0" && sparseFormat != "0.1" && sparseFormat != "1.0" {
-		return nil, nil
-	}
-
-	// Update hdr from GNU sparse PAX headers
-	if sparseNameOk {
-		hdr.Name = sparseName
-	}
-	if sparseSizeOk {
-		realSize, err := strconv.ParseInt(sparseSize, 10, 0)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		hdr.Size = realSize
-	} else if sparseRealSizeOk {
-		realSize, err := strconv.ParseInt(sparseRealSize, 10, 0)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		hdr.Size = realSize
-	}
-
-	// Set up the sparse map, according to the particular sparse format in use
-	var sp []sparseEntry
-	var err error
-	switch sparseFormat {
-	case "0.0", "0.1":
-		sp, err = readGNUSparseMap0x1(headers)
-	case "1.0":
-		sp, err = readGNUSparseMap1x0(tr.curr)
-	}
-	return sp, err
-}
-
-// mergePAX merges well known headers according to PAX standard.
-// In general headers with the same name as those found
-// in the header struct overwrite those found in the header
-// struct with higher precision or longer values. Esp. useful
-// for name and linkname fields.
-func mergePAX(hdr *Header, headers map[string]string) error {
-	for k, v := range headers {
-		switch k {
-		case paxPath:
-			hdr.Name = v
-		case paxLinkpath:
-			hdr.Linkname = v
-		case paxGname:
-			hdr.Gname = v
-		case paxUname:
-			hdr.Uname = v
-		case paxUid:
-			uid, err := strconv.ParseInt(v, 10, 0)
-			if err != nil {
-				return err
-			}
-			hdr.Uid = int(uid)
-		case paxGid:
-			gid, err := strconv.ParseInt(v, 10, 0)
-			if err != nil {
-				return err
-			}
-			hdr.Gid = int(gid)
-		case paxAtime:
-			t, err := parsePAXTime(v)
-			if err != nil {
-				return err
-			}
-			hdr.AccessTime = t
-		case paxMtime:
-			t, err := parsePAXTime(v)
-			if err != nil {
-				return err
-			}
-			hdr.ModTime = t
-		case paxCtime:
-			t, err := parsePAXTime(v)
-			if err != nil {
-				return err
-			}
-			hdr.ChangeTime = t
-		case paxCreationTime:
-			t, err := parsePAXTime(v)
-			if err != nil {
-				return err
-			}
-			hdr.CreationTime = t
-		case paxSize:
-			size, err := strconv.ParseInt(v, 10, 0)
-			if err != nil {
-				return err
-			}
-			hdr.Size = int64(size)
-		default:
-			if strings.HasPrefix(k, paxXattr) {
-				if hdr.Xattrs == nil {
-					hdr.Xattrs = make(map[string]string)
-				}
-				hdr.Xattrs[k[len(paxXattr):]] = v
-			} else if strings.HasPrefix(k, paxWindows) {
-				if hdr.Winheaders == nil {
-					hdr.Winheaders = make(map[string]string)
-				}
-				hdr.Winheaders[k[len(paxWindows):]] = v
-			}
-		}
-	}
-	return nil
-}
-
-// parsePAXTime takes a string of the form %d.%d as described in
-// the PAX specification.
-func parsePAXTime(t string) (time.Time, error) {
-	buf := []byte(t)
-	pos := bytes.IndexByte(buf, '.')
-	var seconds, nanoseconds int64
-	var err error
-	if pos == -1 {
-		seconds, err = strconv.ParseInt(t, 10, 0)
-		if err != nil {
-			return time.Time{}, err
-		}
-	} else {
-		seconds, err = strconv.ParseInt(string(buf[:pos]), 10, 0)
-		if err != nil {
-			return time.Time{}, err
-		}
-		nano_buf := string(buf[pos+1:])
-		// Pad as needed before converting to a decimal.
-		// For example .030 -> .030000000 -> 30000000 nanoseconds
-		if len(nano_buf) < maxNanoSecondIntSize {
-			// Right pad
-			nano_buf += strings.Repeat("0", maxNanoSecondIntSize-len(nano_buf))
-		} else if len(nano_buf) > maxNanoSecondIntSize {
-			// Right truncate
-			nano_buf = nano_buf[:maxNanoSecondIntSize]
-		}
-		nanoseconds, err = strconv.ParseInt(string(nano_buf), 10, 0)
-		if err != nil {
-			return time.Time{}, err
-		}
-	}
-	ts := time.Unix(seconds, nanoseconds)
-	return ts, nil
-}
-
-// parsePAX parses PAX headers.
-// If an extended header (type 'x') is invalid, ErrHeader is returned
-func parsePAX(r io.Reader) (map[string]string, error) {
-	buf, err := ioutil.ReadAll(r)
-	if err != nil {
-		return nil, err
-	}
-	sbuf := string(buf)
-
-	// For GNU PAX sparse format 0.0 support.
-	// This function transforms the sparse format 0.0 headers into sparse format 0.1 headers.
-	var sparseMap bytes.Buffer
-
-	headers := make(map[string]string)
-	// Each record is constructed as
-	//     "%d %s=%s\n", length, keyword, value
-	for len(sbuf) > 0 {
-		key, value, residual, err := parsePAXRecord(sbuf)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		sbuf = residual
-
-		keyStr := string(key)
-		if keyStr == paxGNUSparseOffset || keyStr == paxGNUSparseNumBytes {
-			// GNU sparse format 0.0 special key. Write to sparseMap instead of using the headers map.
-			sparseMap.WriteString(value)
-			sparseMap.Write([]byte{','})
-		} else {
-			// Normal key. Set the value in the headers map.
-			headers[keyStr] = string(value)
-		}
-	}
-	if sparseMap.Len() != 0 {
-		// Add sparse info to headers, chopping off the extra comma
-		sparseMap.Truncate(sparseMap.Len() - 1)
-		headers[paxGNUSparseMap] = sparseMap.String()
-	}
-	return headers, nil
-}
-
-// parsePAXRecord parses the input PAX record string into a key-value pair.
-// If parsing is successful, it will slice off the currently read record and
-// return the remainder as r.
-//
-// A PAX record is of the following form:
-//	"%d %s=%s\n" % (size, key, value)
-func parsePAXRecord(s string) (k, v, r string, err error) {
-	// The size field ends at the first space.
-	sp := strings.IndexByte(s, ' ')
-	if sp == -1 {
-		return "", "", s, ErrHeader
-	}
-
-	// Parse the first token as a decimal integer.
-	n, perr := strconv.ParseInt(s[:sp], 10, 0) // Intentionally parse as native int
-	if perr != nil || n < 5 || int64(len(s)) < n {
-		return "", "", s, ErrHeader
-	}
-
-	// Extract everything between the space and the final newline.
-	rec, nl, rem := s[sp+1:n-1], s[n-1:n], s[n:]
-	if nl != "\n" {
-		return "", "", s, ErrHeader
-	}
-
-	// The first equals separates the key from the value.
-	eq := strings.IndexByte(rec, '=')
-	if eq == -1 {
-		return "", "", s, ErrHeader
-	}
-	return rec[:eq], rec[eq+1:], rem, nil
-}
-
-// parseString parses bytes as a NUL-terminated C-style string.
-// If a NUL byte is not found then the whole slice is returned as a string.
-func (*parser) parseString(b []byte) string {
-	n := 0
-	for n < len(b) && b[n] != 0 {
-		n++
-	}
-	return string(b[0:n])
-}
-
-// parseNumeric parses the input as being encoded in either base-256 or octal.
-// This function may return negative numbers.
-// If parsing fails or an integer overflow occurs, err will be set.
-func (p *parser) parseNumeric(b []byte) int64 {
-	// Check for base-256 (binary) format first.
-	// If the first bit is set, then all following bits constitute a two's
-	// complement encoded number in big-endian byte order.
-	if len(b) > 0 && b[0]&0x80 != 0 {
-		// Handling negative numbers relies on the following identity:
-		//	-a-1 == ^a
-		//
-		// If the number is negative, we use an inversion mask to invert the
-		// data bytes and treat the value as an unsigned number.
-		var inv byte // 0x00 if positive or zero, 0xff if negative
-		if b[0]&0x40 != 0 {
-			inv = 0xff
-		}
-
-		var x uint64
-		for i, c := range b {
-			c ^= inv // Inverts c only if inv is 0xff, otherwise does nothing
-			if i == 0 {
-				c &= 0x7f // Ignore signal bit in first byte
-			}
-			if (x >> 56) > 0 {
-				p.err = ErrHeader // Integer overflow
-				return 0
-			}
-			x = x<<8 | uint64(c)
-		}
-		if (x >> 63) > 0 {
-			p.err = ErrHeader // Integer overflow
-			return 0
-		}
-		if inv == 0xff {
-			return ^int64(x)
-		}
-		return int64(x)
-	}
-
-	// Normal case is base-8 (octal) format.
-	return p.parseOctal(b)
-}
-
-func (p *parser) parseOctal(b []byte) int64 {
-	// Because unused fields are filled with NULs, we need
-	// to skip leading NULs. Fields may also be padded with
-	// spaces or NULs.
-	// So we remove leading and trailing NULs and spaces to
-	// be sure.
-	b = bytes.Trim(b, " \x00")
-
-	if len(b) == 0 {
-		return 0
-	}
-	x, perr := strconv.ParseUint(p.parseString(b), 8, 64)
-	if perr != nil {
-		p.err = ErrHeader
-	}
-	return int64(x)
-}
-
-// skipUnread skips any unread bytes in the existing file entry, as well as any
-// alignment padding. It returns io.ErrUnexpectedEOF if any io.EOF is
-// encountered in the data portion; it is okay to hit io.EOF in the padding.
-//
-// Note that this function still works properly even when sparse files are being
-// used since numBytes returns the bytes remaining in the underlying io.Reader.
-func (tr *Reader) skipUnread() error {
-	dataSkip := tr.numBytes()      // Number of data bytes to skip
-	totalSkip := dataSkip + tr.pad // Total number of bytes to skip
-	tr.curr, tr.pad = nil, 0
-
-	// If possible, Seek to the last byte before the end of the data section.
-	// Do this because Seek is often lazy about reporting errors; this will mask
-	// the fact that the tar stream may be truncated. We can rely on the
-	// io.CopyN done shortly afterwards to trigger any IO errors.
-	var seekSkipped int64 // Number of bytes skipped via Seek
-	if sr, ok := tr.r.(io.Seeker); ok && dataSkip > 1 {
-		// Not all io.Seeker can actually Seek. For example, os.Stdin implements
-		// io.Seeker, but calling Seek always returns an error and performs
-		// no action. Thus, we try an innocent seek to the current position
-		// to see if Seek is really supported.
-		pos1, err := sr.Seek(0, os.SEEK_CUR)
-		if err == nil {
-			// Seek seems supported, so perform the real Seek.
-			pos2, err := sr.Seek(dataSkip-1, os.SEEK_CUR)
-			if err != nil {
-				tr.err = err
-				return tr.err
-			}
-			seekSkipped = pos2 - pos1
-		}
-	}
-
-	var copySkipped int64 // Number of bytes skipped via CopyN
-	copySkipped, tr.err = io.CopyN(ioutil.Discard, tr.r, totalSkip-seekSkipped)
-	if tr.err == io.EOF && seekSkipped+copySkipped < dataSkip {
-		tr.err = io.ErrUnexpectedEOF
-	}
-	return tr.err
-}
-
-func (tr *Reader) verifyChecksum(header []byte) bool {
-	if tr.err != nil {
-		return false
-	}
-
-	var p parser
-	given := p.parseOctal(header[148:156])
-	unsigned, signed := checksum(header)
-	return p.err == nil && (given == unsigned || given == signed)
-}
-
-// readHeader reads the next block header and assumes that the underlying reader
-// is already aligned to a block boundary.
-//
-// The err will be set to io.EOF only when one of the following occurs:
-//	* Exactly 0 bytes are read and EOF is hit.
-//	* Exactly 1 block of zeros is read and EOF is hit.
-//	* At least 2 blocks of zeros are read.
-func (tr *Reader) readHeader() *Header {
-	header := tr.hdrBuff[:]
-	copy(header, zeroBlock)
-
-	if _, tr.err = io.ReadFull(tr.r, header); tr.err != nil {
-		return nil // io.EOF is okay here
-	}
-
-	// Two blocks of zero bytes marks the end of the archive.
-	if bytes.Equal(header, zeroBlock[0:blockSize]) {
-		if _, tr.err = io.ReadFull(tr.r, header); tr.err != nil {
-			return nil // io.EOF is okay here
-		}
-		if bytes.Equal(header, zeroBlock[0:blockSize]) {
-			tr.err = io.EOF
-		} else {
-			tr.err = ErrHeader // zero block and then non-zero block
-		}
-		return nil
-	}
-
-	if !tr.verifyChecksum(header) {
-		tr.err = ErrHeader
-		return nil
-	}
-
-	// Unpack
-	var p parser
-	hdr := new(Header)
-	s := slicer(header)
-
-	hdr.Name = p.parseString(s.next(100))
-	hdr.Mode = p.parseNumeric(s.next(8))
-	hdr.Uid = int(p.parseNumeric(s.next(8)))
-	hdr.Gid = int(p.parseNumeric(s.next(8)))
-	hdr.Size = p.parseNumeric(s.next(12))
-	hdr.ModTime = time.Unix(p.parseNumeric(s.next(12)), 0)
-	s.next(8) // chksum
-	hdr.Typeflag = s.next(1)[0]
-	hdr.Linkname = p.parseString(s.next(100))
-
-	// The remainder of the header depends on the value of magic.
-	// The original (v7) version of tar had no explicit magic field,
-	// so its magic bytes, like the rest of the block, are NULs.
-	magic := string(s.next(8)) // contains version field as well.
-	var format string
-	switch {
-	case magic[:6] == "ustar\x00": // POSIX tar (1003.1-1988)
-		if string(header[508:512]) == "tar\x00" {
-			format = "star"
-		} else {
-			format = "posix"
-		}
-	case magic == "ustar  \x00": // old GNU tar
-		format = "gnu"
-	}
-
-	switch format {
-	case "posix", "gnu", "star":
-		hdr.Uname = p.parseString(s.next(32))
-		hdr.Gname = p.parseString(s.next(32))
-		devmajor := s.next(8)
-		devminor := s.next(8)
-		if hdr.Typeflag == TypeChar || hdr.Typeflag == TypeBlock {
-			hdr.Devmajor = p.parseNumeric(devmajor)
-			hdr.Devminor = p.parseNumeric(devminor)
-		}
-		var prefix string
-		switch format {
-		case "posix", "gnu":
-			prefix = p.parseString(s.next(155))
-		case "star":
-			prefix = p.parseString(s.next(131))
-			hdr.AccessTime = time.Unix(p.parseNumeric(s.next(12)), 0)
-			hdr.ChangeTime = time.Unix(p.parseNumeric(s.next(12)), 0)
-		}
-		if len(prefix) > 0 {
-			hdr.Name = prefix + "/" + hdr.Name
-		}
-	}
-
-	if p.err != nil {
-		tr.err = p.err
-		return nil
-	}
-
-	nb := hdr.Size
-	if isHeaderOnlyType(hdr.Typeflag) {
-		nb = 0
-	}
-	if nb < 0 {
-		tr.err = ErrHeader
-		return nil
-	}
-
-	// Set the current file reader.
-	tr.pad = -nb & (blockSize - 1) // blockSize is a power of two
-	tr.curr = &regFileReader{r: tr.r, nb: nb}
-
-	// Check for old GNU sparse format entry.
-	if hdr.Typeflag == TypeGNUSparse {
-		// Get the real size of the file.
-		hdr.Size = p.parseNumeric(header[483:495])
-		if p.err != nil {
-			tr.err = p.err
-			return nil
-		}
-
-		// Read the sparse map.
-		sp := tr.readOldGNUSparseMap(header)
-		if tr.err != nil {
-			return nil
-		}
-
-		// Current file is a GNU sparse file. Update the current file reader.
-		tr.curr, tr.err = newSparseFileReader(tr.curr, sp, hdr.Size)
-		if tr.err != nil {
-			return nil
-		}
-	}
-
-	return hdr
-}
-
-// readOldGNUSparseMap reads the sparse map as stored in the old GNU sparse format.
-// The sparse map is stored in the tar header if it's small enough. If it's larger than four entries,
-// then one or more extension headers are used to store the rest of the sparse map.
-func (tr *Reader) readOldGNUSparseMap(header []byte) []sparseEntry {
-	var p parser
-	isExtended := header[oldGNUSparseMainHeaderIsExtendedOffset] != 0
-	spCap := oldGNUSparseMainHeaderNumEntries
-	if isExtended {
-		spCap += oldGNUSparseExtendedHeaderNumEntries
-	}
-	sp := make([]sparseEntry, 0, spCap)
-	s := slicer(header[oldGNUSparseMainHeaderOffset:])
-
-	// Read the four entries from the main tar header
-	for i := 0; i < oldGNUSparseMainHeaderNumEntries; i++ {
-		offset := p.parseNumeric(s.next(oldGNUSparseOffsetSize))
-		numBytes := p.parseNumeric(s.next(oldGNUSparseNumBytesSize))
-		if p.err != nil {
-			tr.err = p.err
-			return nil
-		}
-		if offset == 0 && numBytes == 0 {
-			break
-		}
-		sp = append(sp, sparseEntry{offset: offset, numBytes: numBytes})
-	}
-
-	for isExtended {
-		// There are more entries. Read an extension header and parse its entries.
-		sparseHeader := make([]byte, blockSize)
-		if _, tr.err = io.ReadFull(tr.r, sparseHeader); tr.err != nil {
-			return nil
-		}
-		isExtended = sparseHeader[oldGNUSparseExtendedHeaderIsExtendedOffset] != 0
-		s = slicer(sparseHeader)
-		for i := 0; i < oldGNUSparseExtendedHeaderNumEntries; i++ {
-			offset := p.parseNumeric(s.next(oldGNUSparseOffsetSize))
-			numBytes := p.parseNumeric(s.next(oldGNUSparseNumBytesSize))
-			if p.err != nil {
-				tr.err = p.err
-				return nil
-			}
-			if offset == 0 && numBytes == 0 {
-				break
-			}
-			sp = append(sp, sparseEntry{offset: offset, numBytes: numBytes})
-		}
-	}
-	return sp
-}
-
-// readGNUSparseMap1x0 reads the sparse map as stored in GNU's PAX sparse format
-// version 1.0. The format of the sparse map consists of a series of
-// newline-terminated numeric fields. The first field is the number of entries
-// and is always present. Following this are the entries, consisting of two
-// fields (offset, numBytes). This function must stop reading at the end
-// boundary of the block containing the last newline.
-//
-// Note that the GNU manual says that numeric values should be encoded in octal
-// format. However, the GNU tar utility itself outputs these values in decimal.
-// As such, this library treats values as being encoded in decimal.
-func readGNUSparseMap1x0(r io.Reader) ([]sparseEntry, error) {
-	var cntNewline int64
-	var buf bytes.Buffer
-	var blk = make([]byte, blockSize)
-
-	// feedTokens copies data in numBlock chunks from r into buf until there are
-	// at least cnt newlines in buf. It will not read more blocks than needed.
-	var feedTokens = func(cnt int64) error {
-		for cntNewline < cnt {
-			if _, err := io.ReadFull(r, blk); err != nil {
-				if err == io.EOF {
-					err = io.ErrUnexpectedEOF
-				}
-				return err
-			}
-			buf.Write(blk)
-			for _, c := range blk {
-				if c == '\n' {
-					cntNewline++
-				}
-			}
-		}
-		return nil
-	}
-
-	// nextToken gets the next token delimited by a newline. This assumes that
-	// at least one newline exists in the buffer.
-	var nextToken = func() string {
-		cntNewline--
-		tok, _ := buf.ReadString('\n')
-		return tok[:len(tok)-1] // Cut off newline
-	}
-
-	// Parse for the number of entries.
-	// Use integer overflow resistant math to check this.
-	if err := feedTokens(1); err != nil {
-		return nil, err
-	}
-	numEntries, err := strconv.ParseInt(nextToken(), 10, 0) // Intentionally parse as native int
-	if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) {
-		return nil, ErrHeader
-	}
-
-	// Parse for all member entries.
-	// numEntries is trusted after this since a potential attacker must have
-	// committed resources proportional to what this library used.
-	if err := feedTokens(2 * numEntries); err != nil {
-		return nil, err
-	}
-	sp := make([]sparseEntry, 0, numEntries)
-	for i := int64(0); i < numEntries; i++ {
-		offset, err := strconv.ParseInt(nextToken(), 10, 64)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		numBytes, err := strconv.ParseInt(nextToken(), 10, 64)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		sp = append(sp, sparseEntry{offset: offset, numBytes: numBytes})
-	}
-	return sp, nil
-}
-
-// readGNUSparseMap0x1 reads the sparse map as stored in GNU's PAX sparse format
-// version 0.1. The sparse map is stored in the PAX headers.
-func readGNUSparseMap0x1(extHdrs map[string]string) ([]sparseEntry, error) {
-	// Get number of entries.
-	// Use integer overflow resistant math to check this.
-	numEntriesStr := extHdrs[paxGNUSparseNumBlocks]
-	numEntries, err := strconv.ParseInt(numEntriesStr, 10, 0) // Intentionally parse as native int
-	if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) {
-		return nil, ErrHeader
-	}
-
-	// There should be two numbers in sparseMap for each entry.
-	sparseMap := strings.Split(extHdrs[paxGNUSparseMap], ",")
-	if int64(len(sparseMap)) != 2*numEntries {
-		return nil, ErrHeader
-	}
-
-	// Loop through the entries in the sparse map.
-	// numEntries is trusted now.
-	sp := make([]sparseEntry, 0, numEntries)
-	for i := int64(0); i < numEntries; i++ {
-		offset, err := strconv.ParseInt(sparseMap[2*i], 10, 64)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		numBytes, err := strconv.ParseInt(sparseMap[2*i+1], 10, 64)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		sp = append(sp, sparseEntry{offset: offset, numBytes: numBytes})
-	}
-	return sp, nil
-}
-
-// numBytes returns the number of bytes left to read in the current file's entry
-// in the tar archive, or 0 if there is no current file.
-func (tr *Reader) numBytes() int64 {
-	if tr.curr == nil {
-		// No current file, so no bytes
-		return 0
-	}
-	return tr.curr.numBytes()
-}
-
-// Read reads from the current entry in the tar archive.
-// It returns 0, io.EOF when it reaches the end of that entry,
-// until Next is called to advance to the next entry.
-//
-// Calling Read on special types like TypeLink, TypeSymLink, TypeChar,
-// TypeBlock, TypeDir, and TypeFifo returns 0, io.EOF regardless of what
-// the Header.Size claims.
-func (tr *Reader) Read(b []byte) (n int, err error) {
-	if tr.err != nil {
-		return 0, tr.err
-	}
-	if tr.curr == nil {
-		return 0, io.EOF
-	}
-
-	n, err = tr.curr.Read(b)
-	if err != nil && err != io.EOF {
-		tr.err = err
-	}
-	return
-}
-
-func (rfr *regFileReader) Read(b []byte) (n int, err error) {
-	if rfr.nb == 0 {
-		// file consumed
-		return 0, io.EOF
-	}
-	if int64(len(b)) > rfr.nb {
-		b = b[0:rfr.nb]
-	}
-	n, err = rfr.r.Read(b)
-	rfr.nb -= int64(n)
-
-	if err == io.EOF && rfr.nb > 0 {
-		err = io.ErrUnexpectedEOF
-	}
-	return
-}
-
-// numBytes returns the number of bytes left to read in the file's data in the tar archive.
-func (rfr *regFileReader) numBytes() int64 {
-	return rfr.nb
-}
-
-// newSparseFileReader creates a new sparseFileReader, but validates all of the
-// sparse entries before doing so.
-func newSparseFileReader(rfr numBytesReader, sp []sparseEntry, total int64) (*sparseFileReader, error) {
-	if total < 0 {
-		return nil, ErrHeader // Total size cannot be negative
-	}
-
-	// Validate all sparse entries. These are the same checks as performed by
-	// the BSD tar utility.
-	for i, s := range sp {
-		switch {
-		case s.offset < 0 || s.numBytes < 0:
-			return nil, ErrHeader // Negative values are never okay
-		case s.offset > math.MaxInt64-s.numBytes:
-			return nil, ErrHeader // Integer overflow with large length
-		case s.offset+s.numBytes > total:
-			return nil, ErrHeader // Region extends beyond the "real" size
-		case i > 0 && sp[i-1].offset+sp[i-1].numBytes > s.offset:
-			return nil, ErrHeader // Regions can't overlap and must be in order
-		}
-	}
-	return &sparseFileReader{rfr: rfr, sp: sp, total: total}, nil
-}
-
-// readHole reads a sparse hole ending at endOffset.
-func (sfr *sparseFileReader) readHole(b []byte, endOffset int64) int {
-	n64 := endOffset - sfr.pos
-	if n64 > int64(len(b)) {
-		n64 = int64(len(b))
-	}
-	n := int(n64)
-	for i := 0; i < n; i++ {
-		b[i] = 0
-	}
-	sfr.pos += n64
-	return n
-}
-
-// Read reads the sparse file data in expanded form.
-func (sfr *sparseFileReader) Read(b []byte) (n int, err error) {
-	// Skip past all empty fragments.
-	for len(sfr.sp) > 0 && sfr.sp[0].numBytes == 0 {
-		sfr.sp = sfr.sp[1:]
-	}
-
-	// If there are no more fragments, then it is possible that there
-	// is one last sparse hole.
-	if len(sfr.sp) == 0 {
-		// This behavior matches the BSD tar utility.
-		// However, GNU tar stops returning data even if sfr.total is unmet.
-		if sfr.pos < sfr.total {
-			return sfr.readHole(b, sfr.total), nil
-		}
-		return 0, io.EOF
-	}
-
-	// In front of a data fragment, so read a hole.
-	if sfr.pos < sfr.sp[0].offset {
-		return sfr.readHole(b, sfr.sp[0].offset), nil
-	}
-
-	// In a data fragment, so read from it.
-	// This math is overflow free since we verify that offset and numBytes can
-	// be safely added when creating the sparseFileReader.
-	endPos := sfr.sp[0].offset + sfr.sp[0].numBytes // End offset of fragment
-	bytesLeft := endPos - sfr.pos                   // Bytes left in fragment
-	if int64(len(b)) > bytesLeft {
-		b = b[:bytesLeft]
-	}
-
-	n, err = sfr.rfr.Read(b)
-	sfr.pos += int64(n)
-	if err == io.EOF {
-		if sfr.pos < endPos {
-			err = io.ErrUnexpectedEOF // There was supposed to be more data
-		} else if sfr.pos < sfr.total {
-			err = nil // There is still an implicit sparse hole at the end
-		}
-	}
-
-	if sfr.pos == endPos {
-		sfr.sp = sfr.sp[1:] // We are done with this fragment, so pop it
-	}
-	return n, err
-}
-
-// numBytes returns the number of bytes left to read in the sparse file's
-// sparse-encoded data in the tar archive.
-func (sfr *sparseFileReader) numBytes() int64 {
-	return sfr.rfr.numBytes()
-}
diff --git a/vendor/github.com/Microsoft/go-winio/archive/tar/stat_atim.go b/vendor/github.com/Microsoft/go-winio/archive/tar/stat_atim.go
deleted file mode 100644
index cf9cc79c5915b..0000000000000
--- a/vendor/github.com/Microsoft/go-winio/archive/tar/stat_atim.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux dragonfly openbsd solaris
-
-package tar
-
-import (
-	"syscall"
-	"time"
-)
-
-func statAtime(st *syscall.Stat_t) time.Time {
-	return time.Unix(st.Atim.Unix())
-}
-
-func statCtime(st *syscall.Stat_t) time.Time {
-	return time.Unix(st.Ctim.Unix())
-}
diff --git a/vendor/github.com/Microsoft/go-winio/archive/tar/stat_atimespec.go b/vendor/github.com/Microsoft/go-winio/archive/tar/stat_atimespec.go
deleted file mode 100644
index 6f17dbe30725c..0000000000000
--- a/vendor/github.com/Microsoft/go-winio/archive/tar/stat_atimespec.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin freebsd netbsd
-
-package tar
-
-import (
-	"syscall"
-	"time"
-)
-
-func statAtime(st *syscall.Stat_t) time.Time {
-	return time.Unix(st.Atimespec.Unix())
-}
-
-func statCtime(st *syscall.Stat_t) time.Time {
-	return time.Unix(st.Ctimespec.Unix())
-}
diff --git a/vendor/github.com/Microsoft/go-winio/archive/tar/stat_unix.go b/vendor/github.com/Microsoft/go-winio/archive/tar/stat_unix.go
deleted file mode 100644
index cb843db4cfd65..0000000000000
--- a/vendor/github.com/Microsoft/go-winio/archive/tar/stat_unix.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux darwin dragonfly freebsd openbsd netbsd solaris
-
-package tar
-
-import (
-	"os"
-	"syscall"
-)
-
-func init() {
-	sysStat = statUnix
-}
-
-func statUnix(fi os.FileInfo, h *Header) error {
-	sys, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return nil
-	}
-	h.Uid = int(sys.Uid)
-	h.Gid = int(sys.Gid)
-	// TODO(bradfitz): populate username & group.  os/user
-	// doesn't cache LookupId lookups, and lacks group
-	// lookup functions.
-	h.AccessTime = statAtime(sys)
-	h.ChangeTime = statCtime(sys)
-	// TODO(bradfitz): major/minor device numbers?
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/go-winio/archive/tar/writer.go b/vendor/github.com/Microsoft/go-winio/archive/tar/writer.go
deleted file mode 100644
index 30d7e606d6baf..0000000000000
--- a/vendor/github.com/Microsoft/go-winio/archive/tar/writer.go
+++ /dev/null
@@ -1,444 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tar
-
-// TODO(dsymonds):
-// - catch more errors (no first header, etc.)
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"path"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-)
-
-var (
-	ErrWriteTooLong    = errors.New("archive/tar: write too long")
-	ErrFieldTooLong    = errors.New("archive/tar: header field too long")
-	ErrWriteAfterClose = errors.New("archive/tar: write after close")
-	errInvalidHeader   = errors.New("archive/tar: header field too long or contains invalid values")
-)
-
-// A Writer provides sequential writing of a tar archive in POSIX.1 format.
-// A tar archive consists of a sequence of files.
-// Call WriteHeader to begin a new file, and then call Write to supply that file's data,
-// writing at most hdr.Size bytes in total.
-type Writer struct {
-	w          io.Writer
-	err        error
-	nb         int64 // number of unwritten bytes for current file entry
-	pad        int64 // amount of padding to write after current file entry
-	closed     bool
-	usedBinary bool            // whether the binary numeric field extension was used
-	preferPax  bool            // use pax header instead of binary numeric header
-	hdrBuff    [blockSize]byte // buffer to use in writeHeader when writing a regular header
-	paxHdrBuff [blockSize]byte // buffer to use in writeHeader when writing a pax header
-}
-
-type formatter struct {
-	err error // Last error seen
-}
-
-// NewWriter creates a new Writer writing to w.
-func NewWriter(w io.Writer) *Writer { return &Writer{w: w, preferPax: true} }
-
-// Flush finishes writing the current file (optional).
-func (tw *Writer) Flush() error {
-	if tw.nb > 0 {
-		tw.err = fmt.Errorf("archive/tar: missed writing %d bytes", tw.nb)
-		return tw.err
-	}
-
-	n := tw.nb + tw.pad
-	for n > 0 && tw.err == nil {
-		nr := n
-		if nr > blockSize {
-			nr = blockSize
-		}
-		var nw int
-		nw, tw.err = tw.w.Write(zeroBlock[0:nr])
-		n -= int64(nw)
-	}
-	tw.nb = 0
-	tw.pad = 0
-	return tw.err
-}
-
-// Write s into b, terminating it with a NUL if there is room.
-func (f *formatter) formatString(b []byte, s string) {
-	if len(s) > len(b) {
-		f.err = ErrFieldTooLong
-		return
-	}
-	ascii := toASCII(s)
-	copy(b, ascii)
-	if len(ascii) < len(b) {
-		b[len(ascii)] = 0
-	}
-}
-
-// Encode x as an octal ASCII string and write it into b with leading zeros.
-func (f *formatter) formatOctal(b []byte, x int64) {
-	s := strconv.FormatInt(x, 8)
-	// leading zeros, but leave room for a NUL.
-	for len(s)+1 < len(b) {
-		s = "0" + s
-	}
-	f.formatString(b, s)
-}
-
-// fitsInBase256 reports whether x can be encoded into n bytes using base-256
-// encoding. Unlike octal encoding, base-256 encoding does not require that the
-// string ends with a NUL character. Thus, all n bytes are available for output.
-//
-// If operating in binary mode, this assumes strict GNU binary mode; which means
-// that the first byte can only be either 0x80 or 0xff. Thus, the first byte is
-// equivalent to the sign bit in two's complement form.
-func fitsInBase256(n int, x int64) bool {
-	var binBits = uint(n-1) * 8
-	return n >= 9 || (x >= -1<<binBits && x < 1<<binBits)
-}
-
-// Write x into b, as binary (GNUtar/star extension).
-func (f *formatter) formatNumeric(b []byte, x int64) {
-	if fitsInBase256(len(b), x) {
-		for i := len(b) - 1; i >= 0; i-- {
-			b[i] = byte(x)
-			x >>= 8
-		}
-		b[0] |= 0x80 // Highest bit indicates binary format
-		return
-	}
-
-	f.formatOctal(b, 0) // Last resort, just write zero
-	f.err = ErrFieldTooLong
-}
-
-var (
-	minTime = time.Unix(0, 0)
-	// There is room for 11 octal digits (33 bits) of mtime.
-	maxTime = minTime.Add((1<<33 - 1) * time.Second)
-)
-
-// WriteHeader writes hdr and prepares to accept the file's contents.
-// WriteHeader calls Flush if it is not the first header.
-// Calling after a Close will return ErrWriteAfterClose.
-func (tw *Writer) WriteHeader(hdr *Header) error {
-	return tw.writeHeader(hdr, true)
-}
-
-// WriteHeader writes hdr and prepares to accept the file's contents.
-// WriteHeader calls Flush if it is not the first header.
-// Calling after a Close will return ErrWriteAfterClose.
-// As this method is called internally by writePax header to allow it to
-// suppress writing the pax header.
-func (tw *Writer) writeHeader(hdr *Header, allowPax bool) error {
-	if tw.closed {
-		return ErrWriteAfterClose
-	}
-	if tw.err == nil {
-		tw.Flush()
-	}
-	if tw.err != nil {
-		return tw.err
-	}
-
-	// a map to hold pax header records, if any are needed
-	paxHeaders := make(map[string]string)
-
-	// TODO(shanemhansen): we might want to use PAX headers for
-	// subsecond time resolution, but for now let's just capture
-	// too long fields or non ascii characters
-
-	var f formatter
-	var header []byte
-
-	// We need to select which scratch buffer to use carefully,
-	// since this method is called recursively to write PAX headers.
-	// If allowPax is true, this is the non-recursive call, and we will use hdrBuff.
-	// If allowPax is false, we are being called by writePAXHeader, and hdrBuff is
-	// already being used by the non-recursive call, so we must use paxHdrBuff.
-	header = tw.hdrBuff[:]
-	if !allowPax {
-		header = tw.paxHdrBuff[:]
-	}
-	copy(header, zeroBlock)
-	s := slicer(header)
-
-	// Wrappers around formatter that automatically sets paxHeaders if the
-	// argument extends beyond the capacity of the input byte slice.
-	var formatString = func(b []byte, s string, paxKeyword string) {
-		needsPaxHeader := paxKeyword != paxNone && len(s) > len(b) || !isASCII(s)
-		if needsPaxHeader {
-			paxHeaders[paxKeyword] = s
-			return
-		}
-		f.formatString(b, s)
-	}
-	var formatNumeric = func(b []byte, x int64, paxKeyword string) {
-		// Try octal first.
-		s := strconv.FormatInt(x, 8)
-		if len(s) < len(b) {
-			f.formatOctal(b, x)
-			return
-		}
-
-		// If it is too long for octal, and PAX is preferred, use a PAX header.
-		if paxKeyword != paxNone && tw.preferPax {
-			f.formatOctal(b, 0)
-			s := strconv.FormatInt(x, 10)
-			paxHeaders[paxKeyword] = s
-			return
-		}
-
-		tw.usedBinary = true
-		f.formatNumeric(b, x)
-	}
-	var formatTime = func(b []byte, t time.Time, paxKeyword string) {
-		var unixTime int64
-		if !t.Before(minTime) && !t.After(maxTime) {
-			unixTime = t.Unix()
-		}
-		formatNumeric(b, unixTime, paxNone)
-
-		// Write a PAX header if the time didn't fit precisely.
-		if paxKeyword != "" && tw.preferPax && allowPax && (t.Nanosecond() != 0 || !t.Before(minTime) || !t.After(maxTime)) {
-			paxHeaders[paxKeyword] = formatPAXTime(t)
-		}
-	}
-
-	// keep a reference to the filename to allow to overwrite it later if we detect that we can use ustar longnames instead of pax
-	pathHeaderBytes := s.next(fileNameSize)
-
-	formatString(pathHeaderBytes, hdr.Name, paxPath)
-
-	f.formatOctal(s.next(8), hdr.Mode)               // 100:108
-	formatNumeric(s.next(8), int64(hdr.Uid), paxUid) // 108:116
-	formatNumeric(s.next(8), int64(hdr.Gid), paxGid) // 116:124
-	formatNumeric(s.next(12), hdr.Size, paxSize)     // 124:136
-	formatTime(s.next(12), hdr.ModTime, paxMtime)    // 136:148
-	s.next(8)                                        // chksum (148:156)
-	s.next(1)[0] = hdr.Typeflag                      // 156:157
-
-	formatString(s.next(100), hdr.Linkname, paxLinkpath)
-
-	copy(s.next(8), []byte("ustar\x0000"))          // 257:265
-	formatString(s.next(32), hdr.Uname, paxUname)   // 265:297
-	formatString(s.next(32), hdr.Gname, paxGname)   // 297:329
-	formatNumeric(s.next(8), hdr.Devmajor, paxNone) // 329:337
-	formatNumeric(s.next(8), hdr.Devminor, paxNone) // 337:345
-
-	// keep a reference to the prefix to allow to overwrite it later if we detect that we can use ustar longnames instead of pax
-	prefixHeaderBytes := s.next(155)
-	formatString(prefixHeaderBytes, "", paxNone) // 345:500  prefix
-
-	// Use the GNU magic instead of POSIX magic if we used any GNU extensions.
-	if tw.usedBinary {
-		copy(header[257:265], []byte("ustar  \x00"))
-	}
-
-	_, paxPathUsed := paxHeaders[paxPath]
-	// try to use a ustar header when only the name is too long
-	if !tw.preferPax && len(paxHeaders) == 1 && paxPathUsed {
-		prefix, suffix, ok := splitUSTARPath(hdr.Name)
-		if ok {
-			// Since we can encode in USTAR format, disable PAX header.
-			delete(paxHeaders, paxPath)
-
-			// Update the path fields
-			formatString(pathHeaderBytes, suffix, paxNone)
-			formatString(prefixHeaderBytes, prefix, paxNone)
-		}
-	}
-
-	// The chksum field is terminated by a NUL and a space.
-	// This is different from the other octal fields.
-	chksum, _ := checksum(header)
-	f.formatOctal(header[148:155], chksum) // Never fails
-	header[155] = ' '
-
-	// Check if there were any formatting errors.
-	if f.err != nil {
-		tw.err = f.err
-		return tw.err
-	}
-
-	if allowPax {
-		if !hdr.AccessTime.IsZero() {
-			paxHeaders[paxAtime] = formatPAXTime(hdr.AccessTime)
-		}
-		if !hdr.ChangeTime.IsZero() {
-			paxHeaders[paxCtime] = formatPAXTime(hdr.ChangeTime)
-		}
-		if !hdr.CreationTime.IsZero() {
-			paxHeaders[paxCreationTime] = formatPAXTime(hdr.CreationTime)
-		}
-		for k, v := range hdr.Xattrs {
-			paxHeaders[paxXattr+k] = v
-		}
-		for k, v := range hdr.Winheaders {
-			paxHeaders[paxWindows+k] = v
-		}
-	}
-
-	if len(paxHeaders) > 0 {
-		if !allowPax {
-			return errInvalidHeader
-		}
-		if err := tw.writePAXHeader(hdr, paxHeaders); err != nil {
-			return err
-		}
-	}
-	tw.nb = int64(hdr.Size)
-	tw.pad = (blockSize - (tw.nb % blockSize)) % blockSize
-
-	_, tw.err = tw.w.Write(header)
-	return tw.err
-}
-
-func formatPAXTime(t time.Time) string {
-	sec := t.Unix()
-	usec := t.Nanosecond()
-	s := strconv.FormatInt(sec, 10)
-	if usec != 0 {
-		s = fmt.Sprintf("%s.%09d", s, usec)
-	}
-	return s
-}
-
-// splitUSTARPath splits a path according to USTAR prefix and suffix rules.
-// If the path is not splittable, then it will return ("", "", false).
-func splitUSTARPath(name string) (prefix, suffix string, ok bool) {
-	length := len(name)
-	if length <= fileNameSize || !isASCII(name) {
-		return "", "", false
-	} else if length > fileNamePrefixSize+1 {
-		length = fileNamePrefixSize + 1
-	} else if name[length-1] == '/' {
-		length--
-	}
-
-	i := strings.LastIndex(name[:length], "/")
-	nlen := len(name) - i - 1 // nlen is length of suffix
-	plen := i                 // plen is length of prefix
-	if i <= 0 || nlen > fileNameSize || nlen == 0 || plen > fileNamePrefixSize {
-		return "", "", false
-	}
-	return name[:i], name[i+1:], true
-}
-
-// writePaxHeader writes an extended pax header to the
-// archive.
-func (tw *Writer) writePAXHeader(hdr *Header, paxHeaders map[string]string) error {
-	// Prepare extended header
-	ext := new(Header)
-	ext.Typeflag = TypeXHeader
-	// Setting ModTime is required for reader parsing to
-	// succeed, and seems harmless enough.
-	ext.ModTime = hdr.ModTime
-	// The spec asks that we namespace our pseudo files
-	// with the current pid.  However, this results in differing outputs
-	// for identical inputs.  As such, the constant 0 is now used instead.
-	// golang.org/issue/12358
-	dir, file := path.Split(hdr.Name)
-	fullName := path.Join(dir, "PaxHeaders.0", file)
-
-	ascii := toASCII(fullName)
-	if len(ascii) > 100 {
-		ascii = ascii[:100]
-	}
-	ext.Name = ascii
-	// Construct the body
-	var buf bytes.Buffer
-
-	// Keys are sorted before writing to body to allow deterministic output.
-	var keys []string
-	for k := range paxHeaders {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-
-	for _, k := range keys {
-		fmt.Fprint(&buf, formatPAXRecord(k, paxHeaders[k]))
-	}
-
-	ext.Size = int64(len(buf.Bytes()))
-	if err := tw.writeHeader(ext, false); err != nil {
-		return err
-	}
-	if _, err := tw.Write(buf.Bytes()); err != nil {
-		return err
-	}
-	if err := tw.Flush(); err != nil {
-		return err
-	}
-	return nil
-}
-
-// formatPAXRecord formats a single PAX record, prefixing it with the
-// appropriate length.
-func formatPAXRecord(k, v string) string {
-	const padding = 3 // Extra padding for ' ', '=', and '\n'
-	size := len(k) + len(v) + padding
-	size += len(strconv.Itoa(size))
-	record := fmt.Sprintf("%d %s=%s\n", size, k, v)
-
-	// Final adjustment if adding size field increased the record size.
-	if len(record) != size {
-		size = len(record)
-		record = fmt.Sprintf("%d %s=%s\n", size, k, v)
-	}
-	return record
-}
-
-// Write writes to the current entry in the tar archive.
-// Write returns the error ErrWriteTooLong if more than
-// hdr.Size bytes are written after WriteHeader.
-func (tw *Writer) Write(b []byte) (n int, err error) {
-	if tw.closed {
-		err = ErrWriteAfterClose
-		return
-	}
-	overwrite := false
-	if int64(len(b)) > tw.nb {
-		b = b[0:tw.nb]
-		overwrite = true
-	}
-	n, err = tw.w.Write(b)
-	tw.nb -= int64(n)
-	if err == nil && overwrite {
-		err = ErrWriteTooLong
-		return
-	}
-	tw.err = err
-	return
-}
-
-// Close closes the tar archive, flushing any unwritten
-// data to the underlying writer.
-func (tw *Writer) Close() error {
-	if tw.err != nil || tw.closed {
-		return tw.err
-	}
-	tw.Flush()
-	tw.closed = true
-	if tw.err != nil {
-		return tw.err
-	}
-
-	// trailer: two zero blocks
-	for i := 0; i < 2; i++ {
-		_, tw.err = tw.w.Write(zeroBlock)
-		if tw.err != nil {
-			break
-		}
-	}
-	return tw.err
-}
diff --git a/vendor/github.com/Microsoft/go-winio/backuptar/strconv.go b/vendor/github.com/Microsoft/go-winio/backuptar/strconv.go
new file mode 100644
index 0000000000000..3416096639918
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/backuptar/strconv.go
@@ -0,0 +1,68 @@
+package backuptar
+
+import (
+	"archive/tar"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// Functions copied from https://github.com/golang/go/blob/master/src/archive/tar/strconv.go
+// as we need to manage the LIBARCHIVE.creationtime PAXRecord manually.
+// Idea taken from containerd which did the same thing.
+
+// parsePAXTime takes a string of the form %d.%d as described in the PAX
+// specification. Note that this implementation allows for negative timestamps,
+// which is allowed for by the PAX specification, but not always portable.
+func parsePAXTime(s string) (time.Time, error) {
+	const maxNanoSecondDigits = 9
+
+	// Split string into seconds and sub-seconds parts.
+	ss, sn := s, ""
+	if pos := strings.IndexByte(s, '.'); pos >= 0 {
+		ss, sn = s[:pos], s[pos+1:]
+	}
+
+	// Parse the seconds.
+	secs, err := strconv.ParseInt(ss, 10, 64)
+	if err != nil {
+		return time.Time{}, tar.ErrHeader
+	}
+	if len(sn) == 0 {
+		return time.Unix(secs, 0), nil // No sub-second values
+	}
+
+	// Parse the nanoseconds.
+	if strings.Trim(sn, "0123456789") != "" {
+		return time.Time{}, tar.ErrHeader
+	}
+	if len(sn) < maxNanoSecondDigits {
+		sn += strings.Repeat("0", maxNanoSecondDigits-len(sn)) // Right pad
+	} else {
+		sn = sn[:maxNanoSecondDigits] // Right truncate
+	}
+	nsecs, _ := strconv.ParseInt(sn, 10, 64) // Must succeed
+	if len(ss) > 0 && ss[0] == '-' {
+		return time.Unix(secs, -1*nsecs), nil // Negative correction
+	}
+	return time.Unix(secs, nsecs), nil
+}
+
+// formatPAXTime converts ts into a time of the form %d.%d as described in the
+// PAX specification. This function is capable of negative timestamps.
+func formatPAXTime(ts time.Time) (s string) {
+	secs, nsecs := ts.Unix(), ts.Nanosecond()
+	if nsecs == 0 {
+		return strconv.FormatInt(secs, 10)
+	}
+
+	// If seconds is negative, then perform correction.
+	sign := ""
+	if secs < 0 {
+		sign = "-"             // Remember sign
+		secs = -(secs + 1)     // Add a second to secs
+		nsecs = -(nsecs - 1e9) // Take that second away from nsecs
+	}
+	return strings.TrimRight(fmt.Sprintf("%s%d.%09d", sign, secs, nsecs), "0")
+}
diff --git a/vendor/github.com/Microsoft/go-winio/backuptar/tar.go b/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
index d6566dbf0c6cf..689e4da6bdacc 100644
--- a/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
+++ b/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
@@ -3,8 +3,8 @@
 package backuptar
 
 import (
+	"archive/tar"
 	"encoding/base64"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -15,7 +15,7 @@ import (
 	"time"
 
 	"github.com/Microsoft/go-winio"
-	"github.com/Microsoft/go-winio/archive/tar" // until archive/tar supports pax extensions in its interface
+	"golang.org/x/sys/windows"
 )
 
 const (
@@ -32,26 +32,23 @@ const (
 )
 
 const (
-	hdrFileAttributes        = "fileattr"
-	hdrSecurityDescriptor    = "sd"
-	hdrRawSecurityDescriptor = "rawsd"
-	hdrMountPoint            = "mountpoint"
-	hdrEaPrefix              = "xattr."
+	hdrFileAttributes        = "MSWINDOWS.fileattr"
+	hdrSecurityDescriptor    = "MSWINDOWS.sd"
+	hdrRawSecurityDescriptor = "MSWINDOWS.rawsd"
+	hdrMountPoint            = "MSWINDOWS.mountpoint"
+	hdrEaPrefix              = "MSWINDOWS.xattr."
+
+	hdrCreationTime = "LIBARCHIVE.creationtime"
 )
 
-func writeZeroes(w io.Writer, count int64) error {
-	buf := make([]byte, 8192)
-	c := len(buf)
-	for i := int64(0); i < count; i += int64(c) {
-		if int64(c) > count-i {
-			c = int(count - i)
-		}
-		_, err := w.Write(buf[:c])
-		if err != nil {
-			return err
-		}
+// zeroReader is an io.Reader that always returns 0s.
+type zeroReader struct{}
+
+func (zr zeroReader) Read(b []byte) (int, error) {
+	for i := range b {
+		b[i] = 0
 	}
-	return nil
+	return len(b), nil
 }
 
 func copySparse(t *tar.Writer, br *winio.BackupStreamReader) error {
@@ -68,16 +65,26 @@ func copySparse(t *tar.Writer, br *winio.BackupStreamReader) error {
 			return fmt.Errorf("unexpected stream %d", bhdr.Id)
 		}
 
+		// We can't seek backwards, since we have already written that data to the tar.Writer.
+		if bhdr.Offset < curOffset {
+			return fmt.Errorf("cannot seek back from %d to %d", curOffset, bhdr.Offset)
+		}
 		// archive/tar does not support writing sparse files
 		// so just write zeroes to catch up to the current offset.
-		err = writeZeroes(t, bhdr.Offset-curOffset)
+		if _, err := io.CopyN(t, zeroReader{}, bhdr.Offset-curOffset); err != nil {
+			return fmt.Errorf("seek to offset %d: %s", bhdr.Offset, err)
+		}
 		if bhdr.Size == 0 {
+			// A sparse block with size = 0 is used to mark the end of the sparse blocks.
 			break
 		}
 		n, err := io.Copy(t, br)
 		if err != nil {
 			return err
 		}
+		if n != bhdr.Size {
+			return fmt.Errorf("copied %d bytes instead of %d at offset %d", n, bhdr.Size, bhdr.Offset)
+		}
 		curOffset = bhdr.Offset + n
 	}
 	return nil
@@ -86,16 +93,17 @@ func copySparse(t *tar.Writer, br *winio.BackupStreamReader) error {
 // BasicInfoHeader creates a tar header from basic file information.
 func BasicInfoHeader(name string, size int64, fileInfo *winio.FileBasicInfo) *tar.Header {
 	hdr := &tar.Header{
-		Name:         filepath.ToSlash(name),
-		Size:         size,
-		Typeflag:     tar.TypeReg,
-		ModTime:      time.Unix(0, fileInfo.LastWriteTime.Nanoseconds()),
-		ChangeTime:   time.Unix(0, fileInfo.ChangeTime.Nanoseconds()),
-		AccessTime:   time.Unix(0, fileInfo.LastAccessTime.Nanoseconds()),
-		CreationTime: time.Unix(0, fileInfo.CreationTime.Nanoseconds()),
-		Winheaders:   make(map[string]string),
+		Format:     tar.FormatPAX,
+		Name:       filepath.ToSlash(name),
+		Size:       size,
+		Typeflag:   tar.TypeReg,
+		ModTime:    time.Unix(0, fileInfo.LastWriteTime.Nanoseconds()),
+		ChangeTime: time.Unix(0, fileInfo.ChangeTime.Nanoseconds()),
+		AccessTime: time.Unix(0, fileInfo.LastAccessTime.Nanoseconds()),
+		PAXRecords: make(map[string]string),
 	}
-	hdr.Winheaders[hdrFileAttributes] = fmt.Sprintf("%d", fileInfo.FileAttributes)
+	hdr.PAXRecords[hdrFileAttributes] = fmt.Sprintf("%d", fileInfo.FileAttributes)
+	hdr.PAXRecords[hdrCreationTime] = formatPAXTime(time.Unix(0, fileInfo.CreationTime.Nanoseconds()))
 
 	if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
 		hdr.Mode |= c_ISDIR
@@ -155,7 +163,7 @@ func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size
 			if err != nil {
 				return err
 			}
-			hdr.Winheaders[hdrRawSecurityDescriptor] = base64.StdEncoding.EncodeToString(sd)
+			hdr.PAXRecords[hdrRawSecurityDescriptor] = base64.StdEncoding.EncodeToString(sd)
 
 		case winio.BackupReparseData:
 			hdr.Mode |= c_ISLNK
@@ -166,7 +174,7 @@ func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size
 				return err
 			}
 			if rp.IsMountPoint {
-				hdr.Winheaders[hdrMountPoint] = "1"
+				hdr.PAXRecords[hdrMountPoint] = "1"
 			}
 			hdr.Linkname = rp.Target
 
@@ -183,7 +191,7 @@ func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size
 				// Use base64 encoding for the binary value. Note that there
 				// is no way to encode the EA's flags, since their use doesn't
 				// make any sense for persisted EAs.
-				hdr.Winheaders[hdrEaPrefix+ea.Name] = base64.StdEncoding.EncodeToString(ea.Value)
+				hdr.PAXRecords[hdrEaPrefix+ea.Name] = base64.StdEncoding.EncodeToString(ea.Value)
 			}
 
 		case winio.BackupAlternateData, winio.BackupLink, winio.BackupPropertyData, winio.BackupObjectId, winio.BackupTxfsData:
@@ -217,20 +225,44 @@ func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size
 		}
 	}
 
+	// The logic for copying file contents is fairly complicated due to the need for handling sparse files,
+	// and the weird ways they are represented by BackupRead. A normal file will always either have a data stream
+	// with size and content, or no data stream at all (if empty). However, for a sparse file, the content can also
+	// be represented using a series of sparse block streams following the data stream. Additionally, the way sparse
+	// files are handled by BackupRead has changed in the OS recently. The specifics of the representation are described
+	// in the list at the bottom of this block comment.
+	//
+	// Sparse files can be represented in four different ways, based on the specifics of the file.
+	// - Size = 0:
+	//     Previously: BackupRead yields no data stream and no sparse block streams.
+	//     Recently: BackupRead yields a data stream with size = 0. There are no following sparse block streams.
+	// - Size > 0, no allocated ranges:
+	//     BackupRead yields a data stream with size = 0. Following is a single sparse block stream with
+	//     size = 0 and offset = <file size>.
+	// - Size > 0, one allocated range:
+	//     BackupRead yields a data stream with size = <file size> containing the file contents. There are no
+	//     sparse block streams. This is the case if you take a normal file with contents and simply set the
+	//     sparse flag on it.
+	// - Size > 0, multiple allocated ranges:
+	//     BackupRead yields a data stream with size = 0. Following are sparse block streams for each allocated
+	//     range of the file containing the range contents. Finally there is a sparse block stream with
+	//     size = 0 and offset = <file size>.
+
 	if dataHdr != nil {
 		// A data stream was found. Copy the data.
-		if (dataHdr.Attributes & winio.StreamSparseAttributes) == 0 {
+		// We assume that we will either have a data stream size > 0 XOR have sparse block streams.
+		if dataHdr.Size > 0 || (dataHdr.Attributes&winio.StreamSparseAttributes) == 0 {
 			if size != dataHdr.Size {
 				return fmt.Errorf("%s: mismatch between file size %d and header size %d", name, size, dataHdr.Size)
 			}
-			_, err = io.Copy(t, br)
-			if err != nil {
-				return err
+			if _, err = io.Copy(t, br); err != nil {
+				return fmt.Errorf("%s: copying contents from data stream: %s", name, err)
 			}
-		} else {
-			err = copySparse(t, br)
-			if err != nil {
-				return err
+		} else if size > 0 {
+			// As of a recent OS change, BackupRead now returns a data stream for empty sparse files.
+			// These files have no sparse block streams, so skip the copySparse call if file size = 0.
+			if err = copySparse(t, br); err != nil {
+				return fmt.Errorf("%s: copying contents from sparse block stream: %s", name, err)
 			}
 		}
 	}
@@ -254,6 +286,7 @@ func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size
 			}
 			if (bhdr.Attributes & winio.StreamSparseAttributes) == 0 {
 				hdr = &tar.Header{
+					Format:     hdr.Format,
 					Name:       name + altName,
 					Mode:       hdr.Mode,
 					Typeflag:   tar.TypeReg,
@@ -274,7 +307,7 @@ func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size
 			} else {
 				// Unsupported for now, since the size of the alternate stream is not present
 				// in the backup stream until after the data has been read.
-				return errors.New("tar of sparse alternate data streams is unsupported")
+				return fmt.Errorf("%s: tar of sparse alternate data streams is unsupported", name)
 			}
 		case winio.BackupEaData, winio.BackupLink, winio.BackupPropertyData, winio.BackupObjectId, winio.BackupTxfsData:
 			// ignore these streams
@@ -293,12 +326,13 @@ func FileInfoFromHeader(hdr *tar.Header) (name string, size int64, fileInfo *win
 		size = hdr.Size
 	}
 	fileInfo = &winio.FileBasicInfo{
-		LastAccessTime: syscall.NsecToFiletime(hdr.AccessTime.UnixNano()),
-		LastWriteTime:  syscall.NsecToFiletime(hdr.ModTime.UnixNano()),
-		ChangeTime:     syscall.NsecToFiletime(hdr.ChangeTime.UnixNano()),
-		CreationTime:   syscall.NsecToFiletime(hdr.CreationTime.UnixNano()),
+		LastAccessTime: windows.NsecToFiletime(hdr.AccessTime.UnixNano()),
+		LastWriteTime:  windows.NsecToFiletime(hdr.ModTime.UnixNano()),
+		ChangeTime:     windows.NsecToFiletime(hdr.ChangeTime.UnixNano()),
+		// Default to ModTime, we'll pull hdrCreationTime below if present
+		CreationTime: windows.NsecToFiletime(hdr.ModTime.UnixNano()),
 	}
-	if attrStr, ok := hdr.Winheaders[hdrFileAttributes]; ok {
+	if attrStr, ok := hdr.PAXRecords[hdrFileAttributes]; ok {
 		attr, err := strconv.ParseUint(attrStr, 10, 32)
 		if err != nil {
 			return "", 0, nil, err
@@ -309,6 +343,13 @@ func FileInfoFromHeader(hdr *tar.Header) (name string, size int64, fileInfo *win
 			fileInfo.FileAttributes |= syscall.FILE_ATTRIBUTE_DIRECTORY
 		}
 	}
+	if creationTimeStr, ok := hdr.PAXRecords[hdrCreationTime]; ok {
+		creationTime, err := parsePAXTime(creationTimeStr)
+		if err != nil {
+			return "", 0, nil, err
+		}
+		fileInfo.CreationTime = windows.NsecToFiletime(creationTime.UnixNano())
+	}
 	return
 }
 
@@ -321,13 +362,13 @@ func WriteBackupStreamFromTarFile(w io.Writer, t *tar.Reader, hdr *tar.Header) (
 	var err error
 	// Maintaining old SDDL-based behavior for backward compatibility.  All new tar headers written
 	// by this library will have raw binary for the security descriptor.
-	if sddl, ok := hdr.Winheaders[hdrSecurityDescriptor]; ok {
+	if sddl, ok := hdr.PAXRecords[hdrSecurityDescriptor]; ok {
 		sd, err = winio.SddlToSecurityDescriptor(sddl)
 		if err != nil {
 			return nil, err
 		}
 	}
-	if sdraw, ok := hdr.Winheaders[hdrRawSecurityDescriptor]; ok {
+	if sdraw, ok := hdr.PAXRecords[hdrRawSecurityDescriptor]; ok {
 		sd, err = base64.StdEncoding.DecodeString(sdraw)
 		if err != nil {
 			return nil, err
@@ -348,7 +389,7 @@ func WriteBackupStreamFromTarFile(w io.Writer, t *tar.Reader, hdr *tar.Header) (
 		}
 	}
 	var eas []winio.ExtendedAttribute
-	for k, v := range hdr.Winheaders {
+	for k, v := range hdr.PAXRecords {
 		if !strings.HasPrefix(k, hdrEaPrefix) {
 			continue
 		}
@@ -380,7 +421,7 @@ func WriteBackupStreamFromTarFile(w io.Writer, t *tar.Reader, hdr *tar.Header) (
 		}
 	}
 	if hdr.Typeflag == tar.TypeSymlink {
-		_, isMountPoint := hdr.Winheaders[hdrMountPoint]
+		_, isMountPoint := hdr.PAXRecords[hdrMountPoint]
 		rp := winio.ReparsePoint{
 			Target:       filepath.FromSlash(hdr.Linkname),
 			IsMountPoint: isMountPoint,
diff --git a/vendor/github.com/Microsoft/go-winio/file.go b/vendor/github.com/Microsoft/go-winio/file.go
index 4334ff1cbeeb1..0385e4108129b 100644
--- a/vendor/github.com/Microsoft/go-winio/file.go
+++ b/vendor/github.com/Microsoft/go-winio/file.go
@@ -16,6 +16,7 @@ import (
 //sys createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) = CreateIoCompletionPort
 //sys getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) = GetQueuedCompletionStatus
 //sys setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) = SetFileCompletionNotificationModes
+//sys wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) = ws2_32.WSAGetOverlappedResult
 
 type atomicBool int32
 
@@ -79,6 +80,7 @@ type win32File struct {
 	wg            sync.WaitGroup
 	wgLock        sync.RWMutex
 	closing       atomicBool
+	socket        bool
 	readDeadline  deadlineHandler
 	writeDeadline deadlineHandler
 }
@@ -109,7 +111,13 @@ func makeWin32File(h syscall.Handle) (*win32File, error) {
 }
 
 func MakeOpenFile(h syscall.Handle) (io.ReadWriteCloser, error) {
-	return makeWin32File(h)
+	// If we return the result of makeWin32File directly, it can result in an
+	// interface-wrapped nil, rather than a nil interface value.
+	f, err := makeWin32File(h)
+	if err != nil {
+		return nil, err
+	}
+	return f, nil
 }
 
 // closeHandle closes the resources associated with a Win32 handle
@@ -190,6 +198,10 @@ func (f *win32File) asyncIo(c *ioOperation, d *deadlineHandler, bytes uint32, er
 			if f.closing.isSet() {
 				err = ErrFileClosed
 			}
+		} else if err != nil && f.socket {
+			// err is from Win32. Query the overlapped structure to get the winsock error.
+			var bytes, flags uint32
+			err = wsaGetOverlappedResult(f.handle, &c.o, &bytes, false, &flags)
 		}
 	case <-timeout:
 		cancelIoEx(f.handle, &c.o)
@@ -265,6 +277,10 @@ func (f *win32File) Flush() error {
 	return syscall.FlushFileBuffers(f.handle)
 }
 
+func (f *win32File) Fd() uintptr {
+	return uintptr(f.handle)
+}
+
 func (d *deadlineHandler) set(deadline time.Time) error {
 	d.setLock.Lock()
 	defer d.setLock.Unlock()
diff --git a/vendor/github.com/Microsoft/go-winio/fileinfo.go b/vendor/github.com/Microsoft/go-winio/fileinfo.go
index ada2fbab63288..3ab6bff69c5d6 100644
--- a/vendor/github.com/Microsoft/go-winio/fileinfo.go
+++ b/vendor/github.com/Microsoft/go-winio/fileinfo.go
@@ -5,21 +5,14 @@ package winio
 import (
 	"os"
 	"runtime"
-	"syscall"
 	"unsafe"
-)
-
-//sys getFileInformationByHandleEx(h syscall.Handle, class uint32, buffer *byte, size uint32) (err error) = GetFileInformationByHandleEx
-//sys setFileInformationByHandle(h syscall.Handle, class uint32, buffer *byte, size uint32) (err error) = SetFileInformationByHandle
 
-const (
-	fileBasicInfo = 0
-	fileIDInfo    = 0x12
+	"golang.org/x/sys/windows"
 )
 
 // FileBasicInfo contains file access time and file attributes information.
 type FileBasicInfo struct {
-	CreationTime, LastAccessTime, LastWriteTime, ChangeTime syscall.Filetime
+	CreationTime, LastAccessTime, LastWriteTime, ChangeTime windows.Filetime
 	FileAttributes                                          uint32
 	pad                                                     uint32 // padding
 }
@@ -27,7 +20,7 @@ type FileBasicInfo struct {
 // GetFileBasicInfo retrieves times and attributes for a file.
 func GetFileBasicInfo(f *os.File) (*FileBasicInfo, error) {
 	bi := &FileBasicInfo{}
-	if err := getFileInformationByHandleEx(syscall.Handle(f.Fd()), fileBasicInfo, (*byte)(unsafe.Pointer(bi)), uint32(unsafe.Sizeof(*bi))); err != nil {
+	if err := windows.GetFileInformationByHandleEx(windows.Handle(f.Fd()), windows.FileBasicInfo, (*byte)(unsafe.Pointer(bi)), uint32(unsafe.Sizeof(*bi))); err != nil {
 		return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
 	}
 	runtime.KeepAlive(f)
@@ -36,13 +29,32 @@ func GetFileBasicInfo(f *os.File) (*FileBasicInfo, error) {
 
 // SetFileBasicInfo sets times and attributes for a file.
 func SetFileBasicInfo(f *os.File, bi *FileBasicInfo) error {
-	if err := setFileInformationByHandle(syscall.Handle(f.Fd()), fileBasicInfo, (*byte)(unsafe.Pointer(bi)), uint32(unsafe.Sizeof(*bi))); err != nil {
+	if err := windows.SetFileInformationByHandle(windows.Handle(f.Fd()), windows.FileBasicInfo, (*byte)(unsafe.Pointer(bi)), uint32(unsafe.Sizeof(*bi))); err != nil {
 		return &os.PathError{Op: "SetFileInformationByHandle", Path: f.Name(), Err: err}
 	}
 	runtime.KeepAlive(f)
 	return nil
 }
 
+// FileStandardInfo contains extended information for the file.
+// FILE_STANDARD_INFO in WinBase.h
+// https://docs.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-file_standard_info
+type FileStandardInfo struct {
+	AllocationSize, EndOfFile int64
+	NumberOfLinks             uint32
+	DeletePending, Directory  bool
+}
+
+// GetFileStandardInfo retrieves ended information for the file.
+func GetFileStandardInfo(f *os.File) (*FileStandardInfo, error) {
+	si := &FileStandardInfo{}
+	if err := windows.GetFileInformationByHandleEx(windows.Handle(f.Fd()), windows.FileStandardInfo, (*byte)(unsafe.Pointer(si)), uint32(unsafe.Sizeof(*si))); err != nil {
+		return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
+	}
+	runtime.KeepAlive(f)
+	return si, nil
+}
+
 // FileIDInfo contains the volume serial number and file ID for a file. This pair should be
 // unique on a system.
 type FileIDInfo struct {
@@ -53,7 +65,7 @@ type FileIDInfo struct {
 // GetFileID retrieves the unique (volume, file ID) pair for a file.
 func GetFileID(f *os.File) (*FileIDInfo, error) {
 	fileID := &FileIDInfo{}
-	if err := getFileInformationByHandleEx(syscall.Handle(f.Fd()), fileIDInfo, (*byte)(unsafe.Pointer(fileID)), uint32(unsafe.Sizeof(*fileID))); err != nil {
+	if err := windows.GetFileInformationByHandleEx(windows.Handle(f.Fd()), windows.FileIdInfo, (*byte)(unsafe.Pointer(fileID)), uint32(unsafe.Sizeof(*fileID))); err != nil {
 		return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
 	}
 	runtime.KeepAlive(f)
diff --git a/vendor/github.com/Microsoft/go-winio/go.mod b/vendor/github.com/Microsoft/go-winio/go.mod
new file mode 100644
index 0000000000000..98a8dea0e7e1d
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/go.mod
@@ -0,0 +1,9 @@
+module github.com/Microsoft/go-winio
+
+go 1.12
+
+require (
+	github.com/pkg/errors v0.9.1
+	github.com/sirupsen/logrus v1.7.0
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+)
diff --git a/vendor/github.com/Microsoft/go-winio/hvsock.go b/vendor/github.com/Microsoft/go-winio/hvsock.go
new file mode 100644
index 0000000000000..b632f8f8bb98b
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/hvsock.go
@@ -0,0 +1,307 @@
+// +build windows
+
+package winio
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"syscall"
+	"time"
+	"unsafe"
+
+	"github.com/Microsoft/go-winio/pkg/guid"
+)
+
+//sys bind(s syscall.Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socketError] = ws2_32.bind
+
+const (
+	afHvSock = 34 // AF_HYPERV
+
+	socketError = ^uintptr(0)
+)
+
+// An HvsockAddr is an address for a AF_HYPERV socket.
+type HvsockAddr struct {
+	VMID      guid.GUID
+	ServiceID guid.GUID
+}
+
+type rawHvsockAddr struct {
+	Family    uint16
+	_         uint16
+	VMID      guid.GUID
+	ServiceID guid.GUID
+}
+
+// Network returns the address's network name, "hvsock".
+func (addr *HvsockAddr) Network() string {
+	return "hvsock"
+}
+
+func (addr *HvsockAddr) String() string {
+	return fmt.Sprintf("%s:%s", &addr.VMID, &addr.ServiceID)
+}
+
+// VsockServiceID returns an hvsock service ID corresponding to the specified AF_VSOCK port.
+func VsockServiceID(port uint32) guid.GUID {
+	g, _ := guid.FromString("00000000-facb-11e6-bd58-64006a7986d3")
+	g.Data1 = port
+	return g
+}
+
+func (addr *HvsockAddr) raw() rawHvsockAddr {
+	return rawHvsockAddr{
+		Family:    afHvSock,
+		VMID:      addr.VMID,
+		ServiceID: addr.ServiceID,
+	}
+}
+
+func (addr *HvsockAddr) fromRaw(raw *rawHvsockAddr) {
+	addr.VMID = raw.VMID
+	addr.ServiceID = raw.ServiceID
+}
+
+// HvsockListener is a socket listener for the AF_HYPERV address family.
+type HvsockListener struct {
+	sock *win32File
+	addr HvsockAddr
+}
+
+// HvsockConn is a connected socket of the AF_HYPERV address family.
+type HvsockConn struct {
+	sock          *win32File
+	local, remote HvsockAddr
+}
+
+func newHvSocket() (*win32File, error) {
+	fd, err := syscall.Socket(afHvSock, syscall.SOCK_STREAM, 1)
+	if err != nil {
+		return nil, os.NewSyscallError("socket", err)
+	}
+	f, err := makeWin32File(fd)
+	if err != nil {
+		syscall.Close(fd)
+		return nil, err
+	}
+	f.socket = true
+	return f, nil
+}
+
+// ListenHvsock listens for connections on the specified hvsock address.
+func ListenHvsock(addr *HvsockAddr) (_ *HvsockListener, err error) {
+	l := &HvsockListener{addr: *addr}
+	sock, err := newHvSocket()
+	if err != nil {
+		return nil, l.opErr("listen", err)
+	}
+	sa := addr.raw()
+	err = bind(sock.handle, unsafe.Pointer(&sa), int32(unsafe.Sizeof(sa)))
+	if err != nil {
+		return nil, l.opErr("listen", os.NewSyscallError("socket", err))
+	}
+	err = syscall.Listen(sock.handle, 16)
+	if err != nil {
+		return nil, l.opErr("listen", os.NewSyscallError("listen", err))
+	}
+	return &HvsockListener{sock: sock, addr: *addr}, nil
+}
+
+func (l *HvsockListener) opErr(op string, err error) error {
+	return &net.OpError{Op: op, Net: "hvsock", Addr: &l.addr, Err: err}
+}
+
+// Addr returns the listener's network address.
+func (l *HvsockListener) Addr() net.Addr {
+	return &l.addr
+}
+
+// Accept waits for the next connection and returns it.
+func (l *HvsockListener) Accept() (_ net.Conn, err error) {
+	sock, err := newHvSocket()
+	if err != nil {
+		return nil, l.opErr("accept", err)
+	}
+	defer func() {
+		if sock != nil {
+			sock.Close()
+		}
+	}()
+	c, err := l.sock.prepareIo()
+	if err != nil {
+		return nil, l.opErr("accept", err)
+	}
+	defer l.sock.wg.Done()
+
+	// AcceptEx, per documentation, requires an extra 16 bytes per address.
+	const addrlen = uint32(16 + unsafe.Sizeof(rawHvsockAddr{}))
+	var addrbuf [addrlen * 2]byte
+
+	var bytes uint32
+	err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0, addrlen, addrlen, &bytes, &c.o)
+	_, err = l.sock.asyncIo(c, nil, bytes, err)
+	if err != nil {
+		return nil, l.opErr("accept", os.NewSyscallError("acceptex", err))
+	}
+	conn := &HvsockConn{
+		sock: sock,
+	}
+	conn.local.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[0])))
+	conn.remote.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[addrlen])))
+	sock = nil
+	return conn, nil
+}
+
+// Close closes the listener, causing any pending Accept calls to fail.
+func (l *HvsockListener) Close() error {
+	return l.sock.Close()
+}
+
+/* Need to finish ConnectEx handling
+func DialHvsock(ctx context.Context, addr *HvsockAddr) (*HvsockConn, error) {
+	sock, err := newHvSocket()
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if sock != nil {
+			sock.Close()
+		}
+	}()
+	c, err := sock.prepareIo()
+	if err != nil {
+		return nil, err
+	}
+	defer sock.wg.Done()
+	var bytes uint32
+	err = windows.ConnectEx(windows.Handle(sock.handle), sa, nil, 0, &bytes, &c.o)
+	_, err = sock.asyncIo(ctx, c, nil, bytes, err)
+	if err != nil {
+		return nil, err
+	}
+	conn := &HvsockConn{
+		sock:   sock,
+		remote: *addr,
+	}
+	sock = nil
+	return conn, nil
+}
+*/
+
+func (conn *HvsockConn) opErr(op string, err error) error {
+	return &net.OpError{Op: op, Net: "hvsock", Source: &conn.local, Addr: &conn.remote, Err: err}
+}
+
+func (conn *HvsockConn) Read(b []byte) (int, error) {
+	c, err := conn.sock.prepareIo()
+	if err != nil {
+		return 0, conn.opErr("read", err)
+	}
+	defer conn.sock.wg.Done()
+	buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
+	var flags, bytes uint32
+	err = syscall.WSARecv(conn.sock.handle, &buf, 1, &bytes, &flags, &c.o, nil)
+	n, err := conn.sock.asyncIo(c, &conn.sock.readDeadline, bytes, err)
+	if err != nil {
+		if _, ok := err.(syscall.Errno); ok {
+			err = os.NewSyscallError("wsarecv", err)
+		}
+		return 0, conn.opErr("read", err)
+	} else if n == 0 {
+		err = io.EOF
+	}
+	return n, err
+}
+
+func (conn *HvsockConn) Write(b []byte) (int, error) {
+	t := 0
+	for len(b) != 0 {
+		n, err := conn.write(b)
+		if err != nil {
+			return t + n, err
+		}
+		t += n
+		b = b[n:]
+	}
+	return t, nil
+}
+
+func (conn *HvsockConn) write(b []byte) (int, error) {
+	c, err := conn.sock.prepareIo()
+	if err != nil {
+		return 0, conn.opErr("write", err)
+	}
+	defer conn.sock.wg.Done()
+	buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
+	var bytes uint32
+	err = syscall.WSASend(conn.sock.handle, &buf, 1, &bytes, 0, &c.o, nil)
+	n, err := conn.sock.asyncIo(c, &conn.sock.writeDeadline, bytes, err)
+	if err != nil {
+		if _, ok := err.(syscall.Errno); ok {
+			err = os.NewSyscallError("wsasend", err)
+		}
+		return 0, conn.opErr("write", err)
+	}
+	return n, err
+}
+
+// Close closes the socket connection, failing any pending read or write calls.
+func (conn *HvsockConn) Close() error {
+	return conn.sock.Close()
+}
+
+func (conn *HvsockConn) shutdown(how int) error {
+	err := syscall.Shutdown(conn.sock.handle, syscall.SHUT_RD)
+	if err != nil {
+		return os.NewSyscallError("shutdown", err)
+	}
+	return nil
+}
+
+// CloseRead shuts down the read end of the socket.
+func (conn *HvsockConn) CloseRead() error {
+	err := conn.shutdown(syscall.SHUT_RD)
+	if err != nil {
+		return conn.opErr("close", err)
+	}
+	return nil
+}
+
+// CloseWrite shuts down the write end of the socket, notifying the other endpoint that
+// no more data will be written.
+func (conn *HvsockConn) CloseWrite() error {
+	err := conn.shutdown(syscall.SHUT_WR)
+	if err != nil {
+		return conn.opErr("close", err)
+	}
+	return nil
+}
+
+// LocalAddr returns the local address of the connection.
+func (conn *HvsockConn) LocalAddr() net.Addr {
+	return &conn.local
+}
+
+// RemoteAddr returns the remote address of the connection.
+func (conn *HvsockConn) RemoteAddr() net.Addr {
+	return &conn.remote
+}
+
+// SetDeadline implements the net.Conn SetDeadline method.
+func (conn *HvsockConn) SetDeadline(t time.Time) error {
+	conn.SetReadDeadline(t)
+	conn.SetWriteDeadline(t)
+	return nil
+}
+
+// SetReadDeadline implements the net.Conn SetReadDeadline method.
+func (conn *HvsockConn) SetReadDeadline(t time.Time) error {
+	return conn.sock.SetReadDeadline(t)
+}
+
+// SetWriteDeadline implements the net.Conn SetWriteDeadline method.
+func (conn *HvsockConn) SetWriteDeadline(t time.Time) error {
+	return conn.sock.SetWriteDeadline(t)
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pipe.go b/vendor/github.com/Microsoft/go-winio/pipe.go
index d99eedb6489b0..96700a73de25a 100644
--- a/vendor/github.com/Microsoft/go-winio/pipe.go
+++ b/vendor/github.com/Microsoft/go-winio/pipe.go
@@ -3,10 +3,13 @@
 package winio
 
 import (
+	"context"
 	"errors"
+	"fmt"
 	"io"
 	"net"
 	"os"
+	"runtime"
 	"syscall"
 	"time"
 	"unsafe"
@@ -18,6 +21,48 @@ import (
 //sys getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo
 //sys getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
 //sys localAlloc(uFlags uint32, length uint32) (ptr uintptr) = LocalAlloc
+//sys ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntstatus) = ntdll.NtCreateNamedPipeFile
+//sys rtlNtStatusToDosError(status ntstatus) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb
+//sys rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntstatus) = ntdll.RtlDosPathNameToNtPathName_U
+//sys rtlDefaultNpAcl(dacl *uintptr) (status ntstatus) = ntdll.RtlDefaultNpAcl
+
+type ioStatusBlock struct {
+	Status, Information uintptr
+}
+
+type objectAttributes struct {
+	Length             uintptr
+	RootDirectory      uintptr
+	ObjectName         *unicodeString
+	Attributes         uintptr
+	SecurityDescriptor *securityDescriptor
+	SecurityQoS        uintptr
+}
+
+type unicodeString struct {
+	Length        uint16
+	MaximumLength uint16
+	Buffer        uintptr
+}
+
+type securityDescriptor struct {
+	Revision byte
+	Sbz1     byte
+	Control  uint16
+	Owner    uintptr
+	Group    uintptr
+	Sacl     uintptr
+	Dacl     uintptr
+}
+
+type ntstatus int32
+
+func (status ntstatus) Err() error {
+	if status >= 0 {
+		return nil
+	}
+	return rtlNtStatusToDosError(status)
+}
 
 const (
 	cERROR_PIPE_BUSY      = syscall.Errno(231)
@@ -25,21 +70,20 @@ const (
 	cERROR_PIPE_CONNECTED = syscall.Errno(535)
 	cERROR_SEM_TIMEOUT    = syscall.Errno(121)
 
-	cPIPE_ACCESS_DUPLEX            = 0x3
-	cFILE_FLAG_FIRST_PIPE_INSTANCE = 0x80000
-	cSECURITY_SQOS_PRESENT         = 0x100000
-	cSECURITY_ANONYMOUS            = 0
+	cSECURITY_SQOS_PRESENT = 0x100000
+	cSECURITY_ANONYMOUS    = 0
 
-	cPIPE_REJECT_REMOTE_CLIENTS = 0x8
+	cPIPE_TYPE_MESSAGE = 4
 
-	cPIPE_UNLIMITED_INSTANCES = 255
+	cPIPE_READMODE_MESSAGE = 2
 
-	cNMPWAIT_USE_DEFAULT_WAIT = 0
-	cNMPWAIT_NOWAIT           = 1
+	cFILE_OPEN   = 1
+	cFILE_CREATE = 2
 
-	cPIPE_TYPE_MESSAGE = 4
+	cFILE_PIPE_MESSAGE_TYPE          = 1
+	cFILE_PIPE_REJECT_REMOTE_CLIENTS = 2
 
-	cPIPE_READMODE_MESSAGE = 2
+	cSE_DACL_PRESENT = 4
 )
 
 var (
@@ -137,33 +181,60 @@ func (s pipeAddress) String() string {
 	return string(s)
 }
 
+// tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout.
+func tryDialPipe(ctx context.Context, path *string, access uint32) (syscall.Handle, error) {
+	for {
+
+		select {
+		case <-ctx.Done():
+			return syscall.Handle(0), ctx.Err()
+		default:
+			h, err := createFile(*path, access, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
+			if err == nil {
+				return h, nil
+			}
+			if err != cERROR_PIPE_BUSY {
+				return h, &os.PathError{Err: err, Op: "open", Path: *path}
+			}
+			// Wait 10 msec and try again. This is a rather simplistic
+			// view, as we always try each 10 milliseconds.
+			time.Sleep(10 * time.Millisecond)
+		}
+	}
+}
+
 // DialPipe connects to a named pipe by path, timing out if the connection
 // takes longer than the specified duration. If timeout is nil, then we use
-// a default timeout of 5 seconds.  (We do not use WaitNamedPipe.)
+// a default timeout of 2 seconds.  (We do not use WaitNamedPipe.)
 func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 	var absTimeout time.Time
 	if timeout != nil {
 		absTimeout = time.Now().Add(*timeout)
 	} else {
-		absTimeout = time.Now().Add(time.Second * 2)
+		absTimeout = time.Now().Add(2 * time.Second)
+	}
+	ctx, _ := context.WithDeadline(context.Background(), absTimeout)
+	conn, err := DialPipeContext(ctx, path)
+	if err == context.DeadlineExceeded {
+		return nil, ErrTimeout
 	}
+	return conn, err
+}
+
+// DialPipeContext attempts to connect to a named pipe by `path` until `ctx`
+// cancellation or timeout.
+func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
+	return DialPipeAccess(ctx, path, syscall.GENERIC_READ|syscall.GENERIC_WRITE)
+}
+
+// DialPipeAccess attempts to connect to a named pipe by `path` with `access` until `ctx`
+// cancellation or timeout.
+func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn, error) {
 	var err error
 	var h syscall.Handle
-	for {
-		h, err = createFile(path, syscall.GENERIC_READ|syscall.GENERIC_WRITE, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
-		if err != cERROR_PIPE_BUSY {
-			break
-		}
-		if time.Now().After(absTimeout) {
-			return nil, ErrTimeout
-		}
-
-		// Wait 10 msec and try again. This is a rather simplistic
-		// view, as we always try each 10 milliseconds.
-		time.Sleep(time.Millisecond * 10)
-	}
+	h, err = tryDialPipe(ctx, &path, access)
 	if err != nil {
-		return nil, &os.PathError{Op: "open", Path: path, Err: err}
+		return nil, err
 	}
 
 	var flags uint32
@@ -194,43 +265,87 @@ type acceptResponse struct {
 }
 
 type win32PipeListener struct {
-	firstHandle        syscall.Handle
-	path               string
-	securityDescriptor []byte
-	config             PipeConfig
-	acceptCh           chan (chan acceptResponse)
-	closeCh            chan int
-	doneCh             chan int
+	firstHandle syscall.Handle
+	path        string
+	config      PipeConfig
+	acceptCh    chan (chan acceptResponse)
+	closeCh     chan int
+	doneCh      chan int
 }
 
-func makeServerPipeHandle(path string, securityDescriptor []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
-	var flags uint32 = cPIPE_ACCESS_DUPLEX | syscall.FILE_FLAG_OVERLAPPED
+func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
+	path16, err := syscall.UTF16FromString(path)
+	if err != nil {
+		return 0, &os.PathError{Op: "open", Path: path, Err: err}
+	}
+
+	var oa objectAttributes
+	oa.Length = unsafe.Sizeof(oa)
+
+	var ntPath unicodeString
+	if err := rtlDosPathNameToNtPathName(&path16[0], &ntPath, 0, 0).Err(); err != nil {
+		return 0, &os.PathError{Op: "open", Path: path, Err: err}
+	}
+	defer localFree(ntPath.Buffer)
+	oa.ObjectName = &ntPath
+
+	// The security descriptor is only needed for the first pipe.
 	if first {
-		flags |= cFILE_FLAG_FIRST_PIPE_INSTANCE
+		if sd != nil {
+			len := uint32(len(sd))
+			sdb := localAlloc(0, len)
+			defer localFree(sdb)
+			copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:], sd)
+			oa.SecurityDescriptor = (*securityDescriptor)(unsafe.Pointer(sdb))
+		} else {
+			// Construct the default named pipe security descriptor.
+			var dacl uintptr
+			if err := rtlDefaultNpAcl(&dacl).Err(); err != nil {
+				return 0, fmt.Errorf("getting default named pipe ACL: %s", err)
+			}
+			defer localFree(dacl)
+
+			sdb := &securityDescriptor{
+				Revision: 1,
+				Control:  cSE_DACL_PRESENT,
+				Dacl:     dacl,
+			}
+			oa.SecurityDescriptor = sdb
+		}
 	}
 
-	var mode uint32 = cPIPE_REJECT_REMOTE_CLIENTS
+	typ := uint32(cFILE_PIPE_REJECT_REMOTE_CLIENTS)
 	if c.MessageMode {
-		mode |= cPIPE_TYPE_MESSAGE
+		typ |= cFILE_PIPE_MESSAGE_TYPE
 	}
 
-	sa := &syscall.SecurityAttributes{}
-	sa.Length = uint32(unsafe.Sizeof(*sa))
-	if securityDescriptor != nil {
-		len := uint32(len(securityDescriptor))
-		sa.SecurityDescriptor = localAlloc(0, len)
-		defer localFree(sa.SecurityDescriptor)
-		copy((*[0xffff]byte)(unsafe.Pointer(sa.SecurityDescriptor))[:], securityDescriptor)
+	disposition := uint32(cFILE_OPEN)
+	access := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | syscall.SYNCHRONIZE)
+	if first {
+		disposition = cFILE_CREATE
+		// By not asking for read or write access, the named pipe file system
+		// will put this pipe into an initially disconnected state, blocking
+		// client connections until the next call with first == false.
+		access = syscall.SYNCHRONIZE
 	}
-	h, err := createNamedPipe(path, flags, mode, cPIPE_UNLIMITED_INSTANCES, uint32(c.OutputBufferSize), uint32(c.InputBufferSize), 0, sa)
+
+	timeout := int64(-50 * 10000) // 50ms
+
+	var (
+		h    syscall.Handle
+		iosb ioStatusBlock
+	)
+	err = ntCreateNamedPipeFile(&h, access, &oa, &iosb, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE, disposition, 0, typ, 0, 0, 0xffffffff, uint32(c.InputBufferSize), uint32(c.OutputBufferSize), &timeout).Err()
 	if err != nil {
 		return 0, &os.PathError{Op: "open", Path: path, Err: err}
 	}
+
+	runtime.KeepAlive(ntPath)
 	return h, nil
 }
 
 func (l *win32PipeListener) makeServerPipe() (*win32File, error) {
-	h, err := makeServerPipeHandle(l.path, l.securityDescriptor, &l.config, false)
+	h, err := makeServerPipeHandle(l.path, nil, &l.config, false)
 	if err != nil {
 		return nil, err
 	}
@@ -314,10 +429,10 @@ type PipeConfig struct {
 	// when the pipe is in message mode.
 	MessageMode bool
 
-	// InputBufferSize specifies the size the input buffer, in bytes.
+	// InputBufferSize specifies the size of the input buffer, in bytes.
 	InputBufferSize int32
 
-	// OutputBufferSize specifies the size the input buffer, in bytes.
+	// OutputBufferSize specifies the size of the output buffer, in bytes.
 	OutputBufferSize int32
 }
 
@@ -341,32 +456,13 @@ func ListenPipe(path string, c *PipeConfig) (net.Listener, error) {
 	if err != nil {
 		return nil, err
 	}
-	// Create a client handle and connect it.  This results in the pipe
-	// instance always existing, so that clients see ERROR_PIPE_BUSY
-	// rather than ERROR_FILE_NOT_FOUND.  This ties the first instance
-	// up so that no other instances can be used.  This would have been
-	// cleaner if the Win32 API matched CreateFile with ConnectNamedPipe
-	// instead of CreateNamedPipe.  (Apparently created named pipes are
-	// considered to be in listening state regardless of whether any
-	// active calls to ConnectNamedPipe are outstanding.)
-	h2, err := createFile(path, 0, 0, nil, syscall.OPEN_EXISTING, cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
-	if err != nil {
-		syscall.Close(h)
-		return nil, err
-	}
-	// Close the client handle. The server side of the instance will
-	// still be busy, leading to ERROR_PIPE_BUSY instead of
-	// ERROR_NOT_FOUND, as long as we don't close the server handle,
-	// or disconnect the client with DisconnectNamedPipe.
-	syscall.Close(h2)
 	l := &win32PipeListener{
-		firstHandle:        h,
-		path:               path,
-		securityDescriptor: sd,
-		config:             *c,
-		acceptCh:           make(chan (chan acceptResponse)),
-		closeCh:            make(chan int),
-		doneCh:             make(chan int),
+		firstHandle: h,
+		path:        path,
+		config:      *c,
+		acceptCh:    make(chan (chan acceptResponse)),
+		closeCh:     make(chan int),
+		doneCh:      make(chan int),
 	}
 	go l.listenerRoutine()
 	return l, nil
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/etw.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/etw.go
new file mode 100644
index 0000000000000..10cd08d84c2b9
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/etw.go
@@ -0,0 +1,20 @@
+// Package etw provides support for TraceLogging-based ETW (Event Tracing
+// for Windows). TraceLogging is a format of ETW events that are self-describing
+// (the event contains information on its own schema). This allows them to be
+// decoded without needing a separate manifest with event information. The
+// implementation here is based on the information found in
+// TraceLoggingProvider.h in the Windows SDK, which implements TraceLogging as a
+// set of C macros.
+package etw
+
+//go:generate go run mksyscall_windows.go -output zsyscall_windows.go etw.go
+
+//sys eventRegister(providerId *windows.GUID, callback uintptr, callbackContext uintptr, providerHandle *providerHandle) (win32err error) = advapi32.EventRegister
+
+//sys eventUnregister_64(providerHandle providerHandle) (win32err error) = advapi32.EventUnregister
+//sys eventWriteTransfer_64(providerHandle providerHandle, descriptor *eventDescriptor, activityID *windows.GUID, relatedActivityID *windows.GUID, dataDescriptorCount uint32, dataDescriptors *eventDataDescriptor) (win32err error) = advapi32.EventWriteTransfer
+//sys eventSetInformation_64(providerHandle providerHandle, class eventInfoClass, information uintptr, length uint32) (win32err error) = advapi32.EventSetInformation
+
+//sys eventUnregister_32(providerHandle_low uint32, providerHandle_high uint32) (win32err error) = advapi32.EventUnregister
+//sys eventWriteTransfer_32(providerHandle_low uint32, providerHandle_high uint32, descriptor *eventDescriptor, activityID *windows.GUID, relatedActivityID *windows.GUID, dataDescriptorCount uint32, dataDescriptors *eventDataDescriptor) (win32err error) = advapi32.EventWriteTransfer
+//sys eventSetInformation_32(providerHandle_low uint32, providerHandle_high uint32, class eventInfoClass, information uintptr, length uint32) (win32err error) = advapi32.EventSetInformation
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdata.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdata.go
new file mode 100644
index 0000000000000..abf16803ee40d
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdata.go
@@ -0,0 +1,73 @@
+// +build windows
+
+package etw
+
+import (
+	"bytes"
+	"encoding/binary"
+	"syscall"
+)
+
+// eventData maintains a buffer which builds up the data for an ETW event. It
+// needs to be paired with EventMetadata which describes the event.
+type eventData struct {
+	buffer bytes.Buffer
+}
+
+// bytes returns the raw binary data containing the event data. The returned
+// value is not copied from the internal buffer, so it can be mutated by the
+// eventData object after it is returned.
+func (ed *eventData) bytes() []byte {
+	return ed.buffer.Bytes()
+}
+
+// writeString appends a string, including the null terminator, to the buffer.
+func (ed *eventData) writeString(data string) {
+	ed.buffer.WriteString(data)
+	ed.buffer.WriteByte(0)
+}
+
+// writeInt8 appends a int8 to the buffer.
+func (ed *eventData) writeInt8(value int8) {
+	ed.buffer.WriteByte(uint8(value))
+}
+
+// writeInt16 appends a int16 to the buffer.
+func (ed *eventData) writeInt16(value int16) {
+	binary.Write(&ed.buffer, binary.LittleEndian, value)
+}
+
+// writeInt32 appends a int32 to the buffer.
+func (ed *eventData) writeInt32(value int32) {
+	binary.Write(&ed.buffer, binary.LittleEndian, value)
+}
+
+// writeInt64 appends a int64 to the buffer.
+func (ed *eventData) writeInt64(value int64) {
+	binary.Write(&ed.buffer, binary.LittleEndian, value)
+}
+
+// writeUint8 appends a uint8 to the buffer.
+func (ed *eventData) writeUint8(value uint8) {
+	ed.buffer.WriteByte(value)
+}
+
+// writeUint16 appends a uint16 to the buffer.
+func (ed *eventData) writeUint16(value uint16) {
+	binary.Write(&ed.buffer, binary.LittleEndian, value)
+}
+
+// writeUint32 appends a uint32 to the buffer.
+func (ed *eventData) writeUint32(value uint32) {
+	binary.Write(&ed.buffer, binary.LittleEndian, value)
+}
+
+// writeUint64 appends a uint64 to the buffer.
+func (ed *eventData) writeUint64(value uint64) {
+	binary.Write(&ed.buffer, binary.LittleEndian, value)
+}
+
+// writeFiletime appends a FILETIME to the buffer.
+func (ed *eventData) writeFiletime(value syscall.Filetime) {
+	binary.Write(&ed.buffer, binary.LittleEndian, value)
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdatadescriptor.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdatadescriptor.go
new file mode 100644
index 0000000000000..8b0ad4816254f
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdatadescriptor.go
@@ -0,0 +1,29 @@
+package etw
+
+import (
+	"unsafe"
+)
+
+type eventDataDescriptorType uint8
+
+const (
+	eventDataDescriptorTypeUserData eventDataDescriptorType = iota
+	eventDataDescriptorTypeEventMetadata
+	eventDataDescriptorTypeProviderMetadata
+)
+
+type eventDataDescriptor struct {
+	ptr       ptr64
+	size      uint32
+	dataType  eventDataDescriptorType
+	reserved1 uint8
+	reserved2 uint16
+}
+
+func newEventDataDescriptor(dataType eventDataDescriptorType, buffer []byte) eventDataDescriptor {
+	return eventDataDescriptor{
+		ptr:      ptr64{ptr: unsafe.Pointer(&buffer[0])},
+		size:     uint32(len(buffer)),
+		dataType: dataType,
+	}
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdescriptor.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdescriptor.go
new file mode 100644
index 0000000000000..cc41f15999c3c
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventdescriptor.go
@@ -0,0 +1,84 @@
+package etw
+
+// Channel represents the ETW logging channel that is used. It can be used by
+// event consumers to give an event special treatment.
+type Channel uint8
+
+const (
+	// ChannelTraceLogging is the default channel for TraceLogging events. It is
+	// not required to be used for TraceLogging, but will prevent decoding
+	// issues for these events on older operating systems.
+	ChannelTraceLogging Channel = 11
+)
+
+// Level represents the ETW logging level. There are several predefined levels
+// that are commonly used, but technically anything from 0-255 is allowed.
+// Lower levels indicate more important events, and 0 indicates an event that
+// will always be collected.
+type Level uint8
+
+// Predefined ETW log levels from winmeta.xml in the Windows SDK.
+const (
+	LevelAlways Level = iota
+	LevelCritical
+	LevelError
+	LevelWarning
+	LevelInfo
+	LevelVerbose
+)
+
+// Opcode represents the operation that the event indicates is being performed.
+type Opcode uint8
+
+// Predefined ETW opcodes from winmeta.xml in the Windows SDK.
+const (
+	// OpcodeInfo indicates an informational event.
+	OpcodeInfo Opcode = iota
+	// OpcodeStart indicates the start of an operation.
+	OpcodeStart
+	// OpcodeStop indicates the end of an operation.
+	OpcodeStop
+	// OpcodeDCStart indicates the start of a provider capture state operation.
+	OpcodeDCStart
+	// OpcodeDCStop indicates the end of a provider capture state operation.
+	OpcodeDCStop
+)
+
+// EventDescriptor represents various metadata for an ETW event.
+type eventDescriptor struct {
+	id      uint16
+	version uint8
+	channel Channel
+	level   Level
+	opcode  Opcode
+	task    uint16
+	keyword uint64
+}
+
+// NewEventDescriptor returns an EventDescriptor initialized for use with
+// TraceLogging.
+func newEventDescriptor() *eventDescriptor {
+	// Standard TraceLogging events default to the TraceLogging channel, and
+	// verbose level.
+	return &eventDescriptor{
+		channel: ChannelTraceLogging,
+		level:   LevelVerbose,
+	}
+}
+
+// Identity returns the identity of the event. If the identity is not 0, it
+// should uniquely identify the other event metadata (contained in
+// EventDescriptor, and field metadata). Only the lower 24 bits of this value
+// are relevant.
+func (ed *eventDescriptor) identity() uint32 {
+	return (uint32(ed.version) << 16) | uint32(ed.id)
+}
+
+// SetIdentity sets the identity of the event. If the identity is not 0, it
+// should uniquely identify the other event metadata (contained in
+// EventDescriptor, and field metadata). Only the lower 24 bits of this value
+// are relevant.
+func (ed *eventDescriptor) setIdentity(identity uint32) {
+	ed.id = uint16(identity)
+	ed.version = uint8(identity >> 16)
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/eventmetadata.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventmetadata.go
new file mode 100644
index 0000000000000..6fdc126cc90e9
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventmetadata.go
@@ -0,0 +1,177 @@
+package etw
+
+import (
+	"bytes"
+	"encoding/binary"
+)
+
+// inType indicates the type of data contained in the ETW event.
+type inType byte
+
+// Various inType definitions for TraceLogging. These must match the definitions
+// found in TraceLoggingProvider.h in the Windows SDK.
+const (
+	inTypeNull inType = iota
+	inTypeUnicodeString
+	inTypeANSIString
+	inTypeInt8
+	inTypeUint8
+	inTypeInt16
+	inTypeUint16
+	inTypeInt32
+	inTypeUint32
+	inTypeInt64
+	inTypeUint64
+	inTypeFloat
+	inTypeDouble
+	inTypeBool32
+	inTypeBinary
+	inTypeGUID
+	inTypePointerUnsupported
+	inTypeFileTime
+	inTypeSystemTime
+	inTypeSID
+	inTypeHexInt32
+	inTypeHexInt64
+	inTypeCountedString
+	inTypeCountedANSIString
+	inTypeStruct
+	inTypeCountedBinary
+	inTypeCountedArray inType = 32
+	inTypeArray        inType = 64
+)
+
+// outType specifies a hint to the event decoder for how the value should be
+// formatted.
+type outType byte
+
+// Various outType definitions for TraceLogging. These must match the
+// definitions found in TraceLoggingProvider.h in the Windows SDK.
+const (
+	// outTypeDefault indicates that the default formatting for the inType will
+	// be used by the event decoder.
+	outTypeDefault outType = iota
+	outTypeNoPrint
+	outTypeString
+	outTypeBoolean
+	outTypeHex
+	outTypePID
+	outTypeTID
+	outTypePort
+	outTypeIPv4
+	outTypeIPv6
+	outTypeSocketAddress
+	outTypeXML
+	outTypeJSON
+	outTypeWin32Error
+	outTypeNTStatus
+	outTypeHResult
+	outTypeFileTime
+	outTypeSigned
+	outTypeUnsigned
+	outTypeUTF8              outType = 35
+	outTypePKCS7WithTypeInfo outType = 36
+	outTypeCodePointer       outType = 37
+	outTypeDateTimeUTC       outType = 38
+)
+
+// eventMetadata maintains a buffer which builds up the metadata for an ETW
+// event. It needs to be paired with EventData which describes the event.
+type eventMetadata struct {
+	buffer bytes.Buffer
+}
+
+// bytes returns the raw binary data containing the event metadata. Before being
+// returned, the current size of the buffer is written to the start of the
+// buffer. The returned value is not copied from the internal buffer, so it can
+// be mutated by the eventMetadata object after it is returned.
+func (em *eventMetadata) bytes() []byte {
+	// Finalize the event metadata buffer by filling in the buffer length at the
+	// beginning.
+	binary.LittleEndian.PutUint16(em.buffer.Bytes(), uint16(em.buffer.Len()))
+	return em.buffer.Bytes()
+}
+
+// writeEventHeader writes the metadata for the start of an event to the buffer.
+// This specifies the event name and tags.
+func (em *eventMetadata) writeEventHeader(name string, tags uint32) {
+	binary.Write(&em.buffer, binary.LittleEndian, uint16(0)) // Length placeholder
+	em.writeTags(tags)
+	em.buffer.WriteString(name)
+	em.buffer.WriteByte(0) // Null terminator for name
+}
+
+func (em *eventMetadata) writeFieldInner(name string, inType inType, outType outType, tags uint32, arrSize uint16) {
+	em.buffer.WriteString(name)
+	em.buffer.WriteByte(0) // Null terminator for name
+
+	if outType == outTypeDefault && tags == 0 {
+		em.buffer.WriteByte(byte(inType))
+	} else {
+		em.buffer.WriteByte(byte(inType | 128))
+		if tags == 0 {
+			em.buffer.WriteByte(byte(outType))
+		} else {
+			em.buffer.WriteByte(byte(outType | 128))
+			em.writeTags(tags)
+		}
+	}
+
+	if arrSize != 0 {
+		binary.Write(&em.buffer, binary.LittleEndian, arrSize)
+	}
+}
+
+// writeTags writes out the tags value to the event metadata. Tags is a 28-bit
+// value, interpreted as bit flags, which are only relevant to the event
+// consumer. The event consumer may choose to attribute special meaning to tags
+// (e.g. 0x4 could mean the field contains PII). Tags are written as a series of
+// bytes, each containing 7 bits of tag value, with the high bit set if there is
+// more tag data in the following byte. This allows for a more compact
+// representation when not all of the tag bits are needed.
+func (em *eventMetadata) writeTags(tags uint32) {
+	// Only use the top 28 bits of the tags value.
+	tags &= 0xfffffff
+
+	for {
+		// Tags are written with the most significant bits (e.g. 21-27) first.
+		val := tags >> 21
+
+		if tags&0x1fffff == 0 {
+			// If there is no more data to write after this, write this value
+			// without the high bit set, and return.
+			em.buffer.WriteByte(byte(val & 0x7f))
+			return
+		}
+
+		em.buffer.WriteByte(byte(val | 0x80))
+
+		tags <<= 7
+	}
+}
+
+// writeField writes the metadata for a simple field to the buffer.
+func (em *eventMetadata) writeField(name string, inType inType, outType outType, tags uint32) {
+	em.writeFieldInner(name, inType, outType, tags, 0)
+}
+
+// writeArray writes the metadata for an array field to the buffer. The number
+// of elements in the array must be written as a uint16 in the event data,
+// immediately preceeding the event data.
+func (em *eventMetadata) writeArray(name string, inType inType, outType outType, tags uint32) {
+	em.writeFieldInner(name, inType|inTypeArray, outType, tags, 0)
+}
+
+// writeCountedArray writes the metadata for an array field to the buffer. The
+// size of a counted array is fixed, and the size is written into the metadata
+// directly.
+func (em *eventMetadata) writeCountedArray(name string, count uint16, inType inType, outType outType, tags uint32) {
+	em.writeFieldInner(name, inType|inTypeCountedArray, outType, tags, count)
+}
+
+// writeStruct writes the metadata for a nested struct to the buffer. The struct
+// contains the next N fields in the metadata, where N is specified by the
+// fieldCount argument.
+func (em *eventMetadata) writeStruct(name string, fieldCount uint8, tags uint32) {
+	em.writeFieldInner(name, inTypeStruct, outType(fieldCount), tags, 0)
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/eventopt.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventopt.go
new file mode 100644
index 0000000000000..eaace6886edc9
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/eventopt.go
@@ -0,0 +1,75 @@
+// +build windows
+
+package etw
+
+import (
+	"github.com/Microsoft/go-winio/pkg/guid"
+)
+
+type eventOptions struct {
+	descriptor        *eventDescriptor
+	activityID        guid.GUID
+	relatedActivityID guid.GUID
+	tags              uint32
+}
+
+// EventOpt defines the option function type that can be passed to
+// Provider.WriteEvent to specify general event options, such as level and
+// keyword.
+type EventOpt func(options *eventOptions)
+
+// WithEventOpts returns the variadic arguments as a single slice.
+func WithEventOpts(opts ...EventOpt) []EventOpt {
+	return opts
+}
+
+// WithLevel specifies the level of the event to be written.
+func WithLevel(level Level) EventOpt {
+	return func(options *eventOptions) {
+		options.descriptor.level = level
+	}
+}
+
+// WithKeyword specifies the keywords of the event to be written. Multiple uses
+// of this option are OR'd together.
+func WithKeyword(keyword uint64) EventOpt {
+	return func(options *eventOptions) {
+		options.descriptor.keyword |= keyword
+	}
+}
+
+// WithChannel specifies the channel of the event to be written.
+func WithChannel(channel Channel) EventOpt {
+	return func(options *eventOptions) {
+		options.descriptor.channel = channel
+	}
+}
+
+// WithOpcode specifies the opcode of the event to be written.
+func WithOpcode(opcode Opcode) EventOpt {
+	return func(options *eventOptions) {
+		options.descriptor.opcode = opcode
+	}
+}
+
+// WithTags specifies the tags of the event to be written. Tags is a 28-bit
+// value (top 4 bits are ignored) which are interpreted by the event consumer.
+func WithTags(newTags uint32) EventOpt {
+	return func(options *eventOptions) {
+		options.tags |= newTags
+	}
+}
+
+// WithActivityID specifies the activity ID of the event to be written.
+func WithActivityID(activityID guid.GUID) EventOpt {
+	return func(options *eventOptions) {
+		options.activityID = activityID
+	}
+}
+
+// WithRelatedActivityID specifies the parent activity ID of the event to be written.
+func WithRelatedActivityID(activityID guid.GUID) EventOpt {
+	return func(options *eventOptions) {
+		options.relatedActivityID = activityID
+	}
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/fieldopt.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/fieldopt.go
new file mode 100644
index 0000000000000..b5ea80a4607aa
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/fieldopt.go
@@ -0,0 +1,516 @@
+// +build windows
+
+package etw
+
+import (
+	"fmt"
+	"math"
+	"reflect"
+	"syscall"
+	"time"
+	"unsafe"
+)
+
+// FieldOpt defines the option function type that can be passed to
+// Provider.WriteEvent to add fields to the event.
+type FieldOpt func(em *eventMetadata, ed *eventData)
+
+// WithFields returns the variadic arguments as a single slice.
+func WithFields(opts ...FieldOpt) []FieldOpt {
+	return opts
+}
+
+// BoolField adds a single bool field to the event.
+func BoolField(name string, value bool) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeUint8, outTypeBoolean, 0)
+		bool8 := uint8(0)
+		if value {
+			bool8 = uint8(1)
+		}
+		ed.writeUint8(bool8)
+	}
+}
+
+// BoolArray adds an array of bool to the event.
+func BoolArray(name string, values []bool) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeUint8, outTypeBoolean, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			bool8 := uint8(0)
+			if v {
+				bool8 = uint8(1)
+			}
+			ed.writeUint8(bool8)
+		}
+	}
+}
+
+// StringField adds a single string field to the event.
+func StringField(name string, value string) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeANSIString, outTypeUTF8, 0)
+		ed.writeString(value)
+	}
+}
+
+// StringArray adds an array of string to the event.
+func StringArray(name string, values []string) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeANSIString, outTypeUTF8, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeString(v)
+		}
+	}
+}
+
+// IntField adds a single int field to the event.
+func IntField(name string, value int) FieldOpt {
+	switch unsafe.Sizeof(value) {
+	case 4:
+		return Int32Field(name, int32(value))
+	case 8:
+		return Int64Field(name, int64(value))
+	default:
+		panic("Unsupported int size")
+	}
+}
+
+// IntArray adds an array of int to the event.
+func IntArray(name string, values []int) FieldOpt {
+	inType := inTypeNull
+	var writeItem func(*eventData, int)
+	switch unsafe.Sizeof(values[0]) {
+	case 4:
+		inType = inTypeInt32
+		writeItem = func(ed *eventData, item int) { ed.writeInt32(int32(item)) }
+	case 8:
+		inType = inTypeInt64
+		writeItem = func(ed *eventData, item int) { ed.writeInt64(int64(item)) }
+	default:
+		panic("Unsupported int size")
+	}
+
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inType, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			writeItem(ed, v)
+		}
+	}
+}
+
+// Int8Field adds a single int8 field to the event.
+func Int8Field(name string, value int8) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeInt8, outTypeDefault, 0)
+		ed.writeInt8(value)
+	}
+}
+
+// Int8Array adds an array of int8 to the event.
+func Int8Array(name string, values []int8) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeInt8, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeInt8(v)
+		}
+	}
+}
+
+// Int16Field adds a single int16 field to the event.
+func Int16Field(name string, value int16) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeInt16, outTypeDefault, 0)
+		ed.writeInt16(value)
+	}
+}
+
+// Int16Array adds an array of int16 to the event.
+func Int16Array(name string, values []int16) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeInt16, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeInt16(v)
+		}
+	}
+}
+
+// Int32Field adds a single int32 field to the event.
+func Int32Field(name string, value int32) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeInt32, outTypeDefault, 0)
+		ed.writeInt32(value)
+	}
+}
+
+// Int32Array adds an array of int32 to the event.
+func Int32Array(name string, values []int32) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeInt32, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeInt32(v)
+		}
+	}
+}
+
+// Int64Field adds a single int64 field to the event.
+func Int64Field(name string, value int64) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeInt64, outTypeDefault, 0)
+		ed.writeInt64(value)
+	}
+}
+
+// Int64Array adds an array of int64 to the event.
+func Int64Array(name string, values []int64) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeInt64, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeInt64(v)
+		}
+	}
+}
+
+// UintField adds a single uint field to the event.
+func UintField(name string, value uint) FieldOpt {
+	switch unsafe.Sizeof(value) {
+	case 4:
+		return Uint32Field(name, uint32(value))
+	case 8:
+		return Uint64Field(name, uint64(value))
+	default:
+		panic("Unsupported uint size")
+	}
+}
+
+// UintArray adds an array of uint to the event.
+func UintArray(name string, values []uint) FieldOpt {
+	inType := inTypeNull
+	var writeItem func(*eventData, uint)
+	switch unsafe.Sizeof(values[0]) {
+	case 4:
+		inType = inTypeUint32
+		writeItem = func(ed *eventData, item uint) { ed.writeUint32(uint32(item)) }
+	case 8:
+		inType = inTypeUint64
+		writeItem = func(ed *eventData, item uint) { ed.writeUint64(uint64(item)) }
+	default:
+		panic("Unsupported uint size")
+	}
+
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inType, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			writeItem(ed, v)
+		}
+	}
+}
+
+// Uint8Field adds a single uint8 field to the event.
+func Uint8Field(name string, value uint8) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeUint8, outTypeDefault, 0)
+		ed.writeUint8(value)
+	}
+}
+
+// Uint8Array adds an array of uint8 to the event.
+func Uint8Array(name string, values []uint8) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeUint8, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeUint8(v)
+		}
+	}
+}
+
+// Uint16Field adds a single uint16 field to the event.
+func Uint16Field(name string, value uint16) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeUint16, outTypeDefault, 0)
+		ed.writeUint16(value)
+	}
+}
+
+// Uint16Array adds an array of uint16 to the event.
+func Uint16Array(name string, values []uint16) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeUint16, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeUint16(v)
+		}
+	}
+}
+
+// Uint32Field adds a single uint32 field to the event.
+func Uint32Field(name string, value uint32) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeUint32, outTypeDefault, 0)
+		ed.writeUint32(value)
+	}
+}
+
+// Uint32Array adds an array of uint32 to the event.
+func Uint32Array(name string, values []uint32) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeUint32, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeUint32(v)
+		}
+	}
+}
+
+// Uint64Field adds a single uint64 field to the event.
+func Uint64Field(name string, value uint64) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeUint64, outTypeDefault, 0)
+		ed.writeUint64(value)
+	}
+}
+
+// Uint64Array adds an array of uint64 to the event.
+func Uint64Array(name string, values []uint64) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeUint64, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeUint64(v)
+		}
+	}
+}
+
+// UintptrField adds a single uintptr field to the event.
+func UintptrField(name string, value uintptr) FieldOpt {
+	inType := inTypeNull
+	var writeItem func(*eventData, uintptr)
+	switch unsafe.Sizeof(value) {
+	case 4:
+		inType = inTypeHexInt32
+		writeItem = func(ed *eventData, item uintptr) { ed.writeUint32(uint32(item)) }
+	case 8:
+		inType = inTypeHexInt64
+		writeItem = func(ed *eventData, item uintptr) { ed.writeUint64(uint64(item)) }
+	default:
+		panic("Unsupported uintptr size")
+	}
+
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inType, outTypeDefault, 0)
+		writeItem(ed, value)
+	}
+}
+
+// UintptrArray adds an array of uintptr to the event.
+func UintptrArray(name string, values []uintptr) FieldOpt {
+	inType := inTypeNull
+	var writeItem func(*eventData, uintptr)
+	switch unsafe.Sizeof(values[0]) {
+	case 4:
+		inType = inTypeHexInt32
+		writeItem = func(ed *eventData, item uintptr) { ed.writeUint32(uint32(item)) }
+	case 8:
+		inType = inTypeHexInt64
+		writeItem = func(ed *eventData, item uintptr) { ed.writeUint64(uint64(item)) }
+	default:
+		panic("Unsupported uintptr size")
+	}
+
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inType, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			writeItem(ed, v)
+		}
+	}
+}
+
+// Float32Field adds a single float32 field to the event.
+func Float32Field(name string, value float32) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeFloat, outTypeDefault, 0)
+		ed.writeUint32(math.Float32bits(value))
+	}
+}
+
+// Float32Array adds an array of float32 to the event.
+func Float32Array(name string, values []float32) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeFloat, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeUint32(math.Float32bits(v))
+		}
+	}
+}
+
+// Float64Field adds a single float64 field to the event.
+func Float64Field(name string, value float64) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeDouble, outTypeDefault, 0)
+		ed.writeUint64(math.Float64bits(value))
+	}
+}
+
+// Float64Array adds an array of float64 to the event.
+func Float64Array(name string, values []float64) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeArray(name, inTypeDouble, outTypeDefault, 0)
+		ed.writeUint16(uint16(len(values)))
+		for _, v := range values {
+			ed.writeUint64(math.Float64bits(v))
+		}
+	}
+}
+
+// Struct adds a nested struct to the event, the FieldOpts in the opts argument
+// are used to specify the fields of the struct.
+func Struct(name string, opts ...FieldOpt) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeStruct(name, uint8(len(opts)), 0)
+		for _, opt := range opts {
+			opt(em, ed)
+		}
+	}
+}
+
+// Time adds a time to the event.
+func Time(name string, value time.Time) FieldOpt {
+	return func(em *eventMetadata, ed *eventData) {
+		em.writeField(name, inTypeFileTime, outTypeDateTimeUTC, 0)
+		ed.writeFiletime(syscall.NsecToFiletime(value.UTC().UnixNano()))
+	}
+}
+
+// Currently, we support logging basic builtin types (int, string, etc), slices
+// of basic builtin types, error, types derived from the basic types (e.g. "type
+// foo int"), and structs (recursively logging their fields). We do not support
+// slices of derived types (e.g. "[]foo").
+//
+// For types that we don't support, the value is formatted via fmt.Sprint, and
+// we also log a message that the type is unsupported along with the formatted
+// type. The intent of this is to make it easier to see which types are not
+// supported in traces, so we can evaluate adding support for more types in the
+// future.
+func SmartField(name string, v interface{}) FieldOpt {
+	switch v := v.(type) {
+	case bool:
+		return BoolField(name, v)
+	case []bool:
+		return BoolArray(name, v)
+	case string:
+		return StringField(name, v)
+	case []string:
+		return StringArray(name, v)
+	case int:
+		return IntField(name, v)
+	case []int:
+		return IntArray(name, v)
+	case int8:
+		return Int8Field(name, v)
+	case []int8:
+		return Int8Array(name, v)
+	case int16:
+		return Int16Field(name, v)
+	case []int16:
+		return Int16Array(name, v)
+	case int32:
+		return Int32Field(name, v)
+	case []int32:
+		return Int32Array(name, v)
+	case int64:
+		return Int64Field(name, v)
+	case []int64:
+		return Int64Array(name, v)
+	case uint:
+		return UintField(name, v)
+	case []uint:
+		return UintArray(name, v)
+	case uint8:
+		return Uint8Field(name, v)
+	case []uint8:
+		return Uint8Array(name, v)
+	case uint16:
+		return Uint16Field(name, v)
+	case []uint16:
+		return Uint16Array(name, v)
+	case uint32:
+		return Uint32Field(name, v)
+	case []uint32:
+		return Uint32Array(name, v)
+	case uint64:
+		return Uint64Field(name, v)
+	case []uint64:
+		return Uint64Array(name, v)
+	case uintptr:
+		return UintptrField(name, v)
+	case []uintptr:
+		return UintptrArray(name, v)
+	case float32:
+		return Float32Field(name, v)
+	case []float32:
+		return Float32Array(name, v)
+	case float64:
+		return Float64Field(name, v)
+	case []float64:
+		return Float64Array(name, v)
+	case error:
+		return StringField(name, v.Error())
+	case time.Time:
+		return Time(name, v)
+	default:
+		switch rv := reflect.ValueOf(v); rv.Kind() {
+		case reflect.Bool:
+			return SmartField(name, rv.Bool())
+		case reflect.Int:
+			return SmartField(name, int(rv.Int()))
+		case reflect.Int8:
+			return SmartField(name, int8(rv.Int()))
+		case reflect.Int16:
+			return SmartField(name, int16(rv.Int()))
+		case reflect.Int32:
+			return SmartField(name, int32(rv.Int()))
+		case reflect.Int64:
+			return SmartField(name, int64(rv.Int()))
+		case reflect.Uint:
+			return SmartField(name, uint(rv.Uint()))
+		case reflect.Uint8:
+			return SmartField(name, uint8(rv.Uint()))
+		case reflect.Uint16:
+			return SmartField(name, uint16(rv.Uint()))
+		case reflect.Uint32:
+			return SmartField(name, uint32(rv.Uint()))
+		case reflect.Uint64:
+			return SmartField(name, uint64(rv.Uint()))
+		case reflect.Uintptr:
+			return SmartField(name, uintptr(rv.Uint()))
+		case reflect.Float32:
+			return SmartField(name, float32(rv.Float()))
+		case reflect.Float64:
+			return SmartField(name, float64(rv.Float()))
+		case reflect.String:
+			return SmartField(name, rv.String())
+		case reflect.Struct:
+			fields := make([]FieldOpt, 0, rv.NumField())
+			for i := 0; i < rv.NumField(); i++ {
+				field := rv.Field(i)
+				if field.CanInterface() {
+					fields = append(fields, SmartField(name, field.Interface()))
+				}
+			}
+			return Struct(name, fields...)
+		}
+	}
+
+	return StringField(name, fmt.Sprintf("(Unsupported: %T) %v", v, v))
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/newprovider.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/newprovider.go
new file mode 100644
index 0000000000000..581ef595a5f97
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/newprovider.go
@@ -0,0 +1,73 @@
+// +build windows
+// +build amd64 arm64 386
+
+package etw
+
+import (
+	"bytes"
+	"encoding/binary"
+	"unsafe"
+
+	"github.com/Microsoft/go-winio/pkg/guid"
+	"golang.org/x/sys/windows"
+)
+
+// NewProviderWithOptions creates and registers a new ETW provider, allowing
+// the provider ID and Group to be manually specified. This is most useful when
+// there is an existing provider ID that must be used to conform to existing
+// diagnostic infrastructure.
+func NewProviderWithOptions(name string, options ...ProviderOpt) (provider *Provider, err error) {
+	var opts providerOpts
+	for _, opt := range options {
+		opt(&opts)
+	}
+
+	if opts.id == (guid.GUID{}) {
+		opts.id = providerIDFromName(name)
+	}
+
+	providerCallbackOnce.Do(func() {
+		globalProviderCallback = windows.NewCallback(providerCallbackAdapter)
+	})
+
+	provider = providers.newProvider()
+	defer func(provider *Provider) {
+		if err != nil {
+			providers.removeProvider(provider)
+		}
+	}(provider)
+	provider.ID = opts.id
+	provider.callback = opts.callback
+
+	if err := eventRegister((*windows.GUID)(&provider.ID), globalProviderCallback, uintptr(provider.index), &provider.handle); err != nil {
+		return nil, err
+	}
+
+	trait := &bytes.Buffer{}
+	if opts.group != (guid.GUID{}) {
+		binary.Write(trait, binary.LittleEndian, uint16(0)) // Write empty size for buffer (update later)
+		binary.Write(trait, binary.LittleEndian, uint8(1))  // EtwProviderTraitTypeGroup
+		traitArray := opts.group.ToWindowsArray()           // Append group guid
+		trait.Write(traitArray[:])
+		binary.LittleEndian.PutUint16(trait.Bytes(), uint16(trait.Len())) // Update size
+	}
+
+	metadata := &bytes.Buffer{}
+	binary.Write(metadata, binary.LittleEndian, uint16(0)) // Write empty size for buffer (to update later)
+	metadata.WriteString(name)
+	metadata.WriteByte(0)                                                   // Null terminator for name
+	trait.WriteTo(metadata)                                                 // Add traits if applicable
+	binary.LittleEndian.PutUint16(metadata.Bytes(), uint16(metadata.Len())) // Update the size at the beginning of the buffer
+	provider.metadata = metadata.Bytes()
+
+	if err := eventSetInformation(
+		provider.handle,
+		eventInfoClassProviderSetTraits,
+		uintptr(unsafe.Pointer(&provider.metadata[0])),
+		uint32(len(provider.metadata))); err != nil {
+
+		return nil, err
+	}
+
+	return provider, nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/newprovider_unsupported.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/newprovider_unsupported.go
new file mode 100644
index 0000000000000..5a05c13425421
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/newprovider_unsupported.go
@@ -0,0 +1,9 @@
+// +build windows
+// +build arm
+
+package etw
+
+// NewProviderWithID returns a nil provider on unsupported platforms.
+func NewProviderWithOptions(name string, options ...ProviderOpt) (provider *Provider, err error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/provider.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/provider.go
new file mode 100644
index 0000000000000..a5b90d037ddee
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/provider.go
@@ -0,0 +1,273 @@
+// +build windows
+
+package etw
+
+import (
+	"crypto/sha1"
+	"encoding/binary"
+	"strings"
+	"unicode/utf16"
+
+	"github.com/Microsoft/go-winio/pkg/guid"
+	"golang.org/x/sys/windows"
+)
+
+// Provider represents an ETW event provider. It is identified by a provider
+// name and ID (GUID), which should always have a 1:1 mapping to each other
+// (e.g. don't use multiple provider names with the same ID, or vice versa).
+type Provider struct {
+	ID         guid.GUID
+	handle     providerHandle
+	metadata   []byte
+	callback   EnableCallback
+	index      uint
+	enabled    bool
+	level      Level
+	keywordAny uint64
+	keywordAll uint64
+}
+
+// String returns the `provider`.ID as a string
+func (provider *Provider) String() string {
+	if provider == nil {
+		return "<nil>"
+	}
+
+	return provider.ID.String()
+}
+
+type providerHandle uint64
+
+// ProviderState informs the provider EnableCallback what action is being
+// performed.
+type ProviderState uint32
+
+const (
+	// ProviderStateDisable indicates the provider is being disabled.
+	ProviderStateDisable ProviderState = iota
+	// ProviderStateEnable indicates the provider is being enabled.
+	ProviderStateEnable
+	// ProviderStateCaptureState indicates the provider is having its current
+	// state snap-shotted.
+	ProviderStateCaptureState
+)
+
+type eventInfoClass uint32
+
+const (
+	eventInfoClassProviderBinaryTrackInfo eventInfoClass = iota
+	eventInfoClassProviderSetReserved1
+	eventInfoClassProviderSetTraits
+	eventInfoClassProviderUseDescriptorType
+)
+
+// EnableCallback is the form of the callback function that receives provider
+// enable/disable notifications from ETW.
+type EnableCallback func(guid.GUID, ProviderState, Level, uint64, uint64, uintptr)
+
+func providerCallback(sourceID guid.GUID, state ProviderState, level Level, matchAnyKeyword uint64, matchAllKeyword uint64, filterData uintptr, i uintptr) {
+	provider := providers.getProvider(uint(i))
+
+	switch state {
+	case ProviderStateDisable:
+		provider.enabled = false
+	case ProviderStateEnable:
+		provider.enabled = true
+		provider.level = level
+		provider.keywordAny = matchAnyKeyword
+		provider.keywordAll = matchAllKeyword
+	}
+
+	if provider.callback != nil {
+		provider.callback(sourceID, state, level, matchAnyKeyword, matchAllKeyword, filterData)
+	}
+}
+
+// providerIDFromName generates a provider ID based on the provider name. It
+// uses the same algorithm as used by .NET's EventSource class, which is based
+// on RFC 4122. More information on the algorithm can be found here:
+// https://blogs.msdn.microsoft.com/dcook/2015/09/08/etw-provider-names-and-guids/
+//
+// The algorithm is roughly the RFC 4122 algorithm for a V5 UUID, but differs in
+// the following ways:
+// - The input name is first upper-cased, UTF16-encoded, and converted to
+//   big-endian.
+// - No variant is set on the result UUID.
+// - The result UUID is treated as being in little-endian format, rather than
+//   big-endian.
+func providerIDFromName(name string) guid.GUID {
+	buffer := sha1.New()
+	namespace := guid.GUID{0x482C2DB2, 0xC390, 0x47C8, [8]byte{0x87, 0xF8, 0x1A, 0x15, 0xBF, 0xC1, 0x30, 0xFB}}
+	namespaceBytes := namespace.ToArray()
+	buffer.Write(namespaceBytes[:])
+	binary.Write(buffer, binary.BigEndian, utf16.Encode([]rune(strings.ToUpper(name))))
+
+	sum := buffer.Sum(nil)
+	sum[7] = (sum[7] & 0xf) | 0x50
+
+	a := [16]byte{}
+	copy(a[:], sum)
+	return guid.FromWindowsArray(a)
+}
+
+type providerOpts struct {
+	callback EnableCallback
+	id       guid.GUID
+	group    guid.GUID
+}
+
+// ProviderOpt allows the caller to specify provider options to
+// NewProviderWithOptions
+type ProviderOpt func(*providerOpts)
+
+// WithCallback is used to provide a callback option to NewProviderWithOptions
+func WithCallback(callback EnableCallback) ProviderOpt {
+	return func(opts *providerOpts) {
+		opts.callback = callback
+	}
+}
+
+// WithID is used to provide a provider ID option to NewProviderWithOptions
+func WithID(id guid.GUID) ProviderOpt {
+	return func(opts *providerOpts) {
+		opts.id = id
+	}
+}
+
+// WithGroup is used to provide a provider group option to
+// NewProviderWithOptions
+func WithGroup(group guid.GUID) ProviderOpt {
+	return func(opts *providerOpts) {
+		opts.group = group
+	}
+}
+
+// NewProviderWithID creates and registers a new ETW provider, allowing the
+// provider ID to be manually specified. This is most useful when there is an
+// existing provider ID that must be used to conform to existing diagnostic
+// infrastructure.
+func NewProviderWithID(name string, id guid.GUID, callback EnableCallback) (provider *Provider, err error) {
+	return NewProviderWithOptions(name, WithID(id), WithCallback(callback))
+}
+
+// NewProvider creates and registers a new ETW provider. The provider ID is
+// generated based on the provider name.
+func NewProvider(name string, callback EnableCallback) (provider *Provider, err error) {
+	return NewProviderWithOptions(name, WithCallback(callback))
+}
+
+// Close unregisters the provider.
+func (provider *Provider) Close() error {
+	if provider == nil {
+		return nil
+	}
+
+	providers.removeProvider(provider)
+	return eventUnregister(provider.handle)
+}
+
+// IsEnabled calls IsEnabledForLevelAndKeywords with LevelAlways and all
+// keywords set.
+func (provider *Provider) IsEnabled() bool {
+	return provider.IsEnabledForLevelAndKeywords(LevelAlways, ^uint64(0))
+}
+
+// IsEnabledForLevel calls IsEnabledForLevelAndKeywords with the specified level
+// and all keywords set.
+func (provider *Provider) IsEnabledForLevel(level Level) bool {
+	return provider.IsEnabledForLevelAndKeywords(level, ^uint64(0))
+}
+
+// IsEnabledForLevelAndKeywords allows event producer code to check if there are
+// any event sessions that are interested in an event, based on the event level
+// and keywords. Although this check happens automatically in the ETW
+// infrastructure, it can be useful to check if an event will actually be
+// consumed before doing expensive work to build the event data.
+func (provider *Provider) IsEnabledForLevelAndKeywords(level Level, keywords uint64) bool {
+	if provider == nil {
+		return false
+	}
+
+	if !provider.enabled {
+		return false
+	}
+
+	// ETW automatically sets the level to 255 if it is specified as 0, so we
+	// don't need to worry about the level=0 (all events) case.
+	if level > provider.level {
+		return false
+	}
+
+	if keywords != 0 && (keywords&provider.keywordAny == 0 || keywords&provider.keywordAll != provider.keywordAll) {
+		return false
+	}
+
+	return true
+}
+
+// WriteEvent writes a single ETW event from the provider. The event is
+// constructed based on the EventOpt and FieldOpt values that are passed as
+// opts.
+func (provider *Provider) WriteEvent(name string, eventOpts []EventOpt, fieldOpts []FieldOpt) error {
+	if provider == nil {
+		return nil
+	}
+
+	options := eventOptions{descriptor: newEventDescriptor()}
+	em := &eventMetadata{}
+	ed := &eventData{}
+
+	// We need to evaluate the EventOpts first since they might change tags, and
+	// we write out the tags before evaluating FieldOpts.
+	for _, opt := range eventOpts {
+		opt(&options)
+	}
+
+	if !provider.IsEnabledForLevelAndKeywords(options.descriptor.level, options.descriptor.keyword) {
+		return nil
+	}
+
+	em.writeEventHeader(name, options.tags)
+
+	for _, opt := range fieldOpts {
+		opt(em, ed)
+	}
+
+	// Don't pass a data blob if there is no event data. There will always be
+	// event metadata (e.g. for the name) so we don't need to do this check for
+	// the metadata.
+	dataBlobs := [][]byte{}
+	if len(ed.bytes()) > 0 {
+		dataBlobs = [][]byte{ed.bytes()}
+	}
+
+	return provider.writeEventRaw(options.descriptor, options.activityID, options.relatedActivityID, [][]byte{em.bytes()}, dataBlobs)
+}
+
+// writeEventRaw writes a single ETW event from the provider. This function is
+// less abstracted than WriteEvent, and presents a fairly direct interface to
+// the event writing functionality. It expects a series of event metadata and
+// event data blobs to be passed in, which must conform to the TraceLogging
+// schema. The functions on EventMetadata and EventData can help with creating
+// these blobs. The blobs of each type are effectively concatenated together by
+// the ETW infrastructure.
+func (provider *Provider) writeEventRaw(
+	descriptor *eventDescriptor,
+	activityID guid.GUID,
+	relatedActivityID guid.GUID,
+	metadataBlobs [][]byte,
+	dataBlobs [][]byte) error {
+
+	dataDescriptorCount := uint32(1 + len(metadataBlobs) + len(dataBlobs))
+	dataDescriptors := make([]eventDataDescriptor, 0, dataDescriptorCount)
+
+	dataDescriptors = append(dataDescriptors, newEventDataDescriptor(eventDataDescriptorTypeProviderMetadata, provider.metadata))
+	for _, blob := range metadataBlobs {
+		dataDescriptors = append(dataDescriptors, newEventDataDescriptor(eventDataDescriptorTypeEventMetadata, blob))
+	}
+	for _, blob := range dataBlobs {
+		dataDescriptors = append(dataDescriptors, newEventDataDescriptor(eventDataDescriptorTypeUserData, blob))
+	}
+
+	return eventWriteTransfer(provider.handle, descriptor, (*windows.GUID)(&activityID), (*windows.GUID)(&relatedActivityID), dataDescriptorCount, &dataDescriptors[0])
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/providerglobal.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/providerglobal.go
new file mode 100644
index 0000000000000..ce3d305762ab5
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/providerglobal.go
@@ -0,0 +1,54 @@
+// +build windows
+
+package etw
+
+import (
+	"sync"
+)
+
+// Because the provider callback function needs to be able to access the
+// provider data when it is invoked by ETW, we need to keep provider data stored
+// in a global map based on an index. The index is passed as the callback
+// context to ETW.
+type providerMap struct {
+	m    map[uint]*Provider
+	i    uint
+	lock sync.Mutex
+	once sync.Once
+}
+
+var providers = providerMap{
+	m: make(map[uint]*Provider),
+}
+
+func (p *providerMap) newProvider() *Provider {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+
+	i := p.i
+	p.i++
+
+	provider := &Provider{
+		index: i,
+	}
+
+	p.m[i] = provider
+	return provider
+}
+
+func (p *providerMap) removeProvider(provider *Provider) {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+
+	delete(p.m, provider.index)
+}
+
+func (p *providerMap) getProvider(index uint) *Provider {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+
+	return p.m[index]
+}
+
+var providerCallbackOnce sync.Once
+var globalProviderCallback uintptr
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/ptr64_32.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/ptr64_32.go
new file mode 100644
index 0000000000000..d1a76125d7e66
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/ptr64_32.go
@@ -0,0 +1,16 @@
+// +build 386 arm
+
+package etw
+
+import (
+	"unsafe"
+)
+
+// byteptr64 defines a struct containing a pointer. The struct is guaranteed to
+// be 64 bits, regardless of the actual size of a pointer on the platform. This
+// is intended for use with certain Windows APIs that expect a pointer as a
+// ULONGLONG.
+type ptr64 struct {
+	ptr unsafe.Pointer
+	_   uint32
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/ptr64_64.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/ptr64_64.go
new file mode 100644
index 0000000000000..b86c8f2bd8822
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/ptr64_64.go
@@ -0,0 +1,15 @@
+// +build amd64 arm64
+
+package etw
+
+import (
+	"unsafe"
+)
+
+// byteptr64 defines a struct containing a pointer. The struct is guaranteed to
+// be 64 bits, regardless of the actual size of a pointer on the platform. This
+// is intended for use with certain Windows APIs that expect a pointer as a
+// ULONGLONG.
+type ptr64 struct {
+	ptr unsafe.Pointer
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/wrapper_32.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/wrapper_32.go
new file mode 100644
index 0000000000000..6867a1f87843e
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/wrapper_32.go
@@ -0,0 +1,67 @@
+// +build windows
+// +build 386 arm
+
+package etw
+
+import (
+	"github.com/Microsoft/go-winio/pkg/guid"
+	"golang.org/x/sys/windows"
+)
+
+func low(v providerHandle) uint32 {
+	return uint32(v & 0xffffffff)
+}
+
+func high(v providerHandle) uint32 {
+	return low(v >> 32)
+}
+
+func eventUnregister(providerHandle providerHandle) (win32err error) {
+	return eventUnregister_32(low(providerHandle), high(providerHandle))
+}
+
+func eventWriteTransfer(
+	providerHandle providerHandle,
+	descriptor *eventDescriptor,
+	activityID *windows.GUID,
+	relatedActivityID *windows.GUID,
+	dataDescriptorCount uint32,
+	dataDescriptors *eventDataDescriptor) (win32err error) {
+
+	return eventWriteTransfer_32(
+		low(providerHandle),
+		high(providerHandle),
+		descriptor,
+		activityID,
+		relatedActivityID,
+		dataDescriptorCount,
+		dataDescriptors)
+}
+
+func eventSetInformation(
+	providerHandle providerHandle,
+	class eventInfoClass,
+	information uintptr,
+	length uint32) (win32err error) {
+
+	return eventSetInformation_32(
+		low(providerHandle),
+		high(providerHandle),
+		class,
+		information,
+		length)
+}
+
+// providerCallbackAdapter acts as the first-level callback from the C/ETW side
+// for provider notifications. Because Go has trouble with callback arguments of
+// different size, it has only pointer-sized arguments, which are then cast to
+// the appropriate types when calling providerCallback.
+// For x86, the matchAny and matchAll keywords need to be assembled from two
+// 32-bit integers, because the max size of an argument is uintptr, but those
+// two arguments are actually 64-bit integers.
+func providerCallbackAdapter(sourceID *guid.GUID, state uint32, level uint32, matchAnyKeyword_low uint32, matchAnyKeyword_high uint32, matchAllKeyword_low uint32, matchAllKeyword_high uint32, filterData uintptr, i uintptr) uintptr {
+	matchAnyKeyword := uint64(matchAnyKeyword_high)<<32 | uint64(matchAnyKeyword_low)
+	matchAllKeyword := uint64(matchAllKeyword_high)<<32 | uint64(matchAllKeyword_low)
+	providerCallback(*sourceID, ProviderState(state), Level(level), uint64(matchAnyKeyword), uint64(matchAllKeyword), filterData, i)
+	return 0
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/wrapper_64.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/wrapper_64.go
new file mode 100644
index 0000000000000..fe83df2bf0ec0
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/wrapper_64.go
@@ -0,0 +1,52 @@
+// +build windows
+// +build amd64 arm64
+
+package etw
+
+import (
+	"github.com/Microsoft/go-winio/pkg/guid"
+	"golang.org/x/sys/windows"
+)
+
+func eventUnregister(providerHandle providerHandle) (win32err error) {
+	return eventUnregister_64(providerHandle)
+}
+
+func eventWriteTransfer(
+	providerHandle providerHandle,
+	descriptor *eventDescriptor,
+	activityID *windows.GUID,
+	relatedActivityID *windows.GUID,
+	dataDescriptorCount uint32,
+	dataDescriptors *eventDataDescriptor) (win32err error) {
+
+	return eventWriteTransfer_64(
+		providerHandle,
+		descriptor,
+		activityID,
+		relatedActivityID,
+		dataDescriptorCount,
+		dataDescriptors)
+}
+
+func eventSetInformation(
+	providerHandle providerHandle,
+	class eventInfoClass,
+	information uintptr,
+	length uint32) (win32err error) {
+
+	return eventSetInformation_64(
+		providerHandle,
+		class,
+		information,
+		length)
+}
+
+// providerCallbackAdapter acts as the first-level callback from the C/ETW side
+// for provider notifications. Because Go has trouble with callback arguments of
+// different size, it has only pointer-sized arguments, which are then cast to
+// the appropriate types when calling providerCallback.
+func providerCallbackAdapter(sourceID *guid.GUID, state uintptr, level uintptr, matchAnyKeyword uintptr, matchAllKeyword uintptr, filterData uintptr, i uintptr) uintptr {
+	providerCallback(*sourceID, ProviderState(state), Level(level), uint64(matchAnyKeyword), uint64(matchAllKeyword), filterData, i)
+	return 0
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etw/zsyscall_windows.go b/vendor/github.com/Microsoft/go-winio/pkg/etw/zsyscall_windows.go
new file mode 100644
index 0000000000000..719b13d284293
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etw/zsyscall_windows.go
@@ -0,0 +1,103 @@
+// Code generated by 'go generate'; DO NOT EDIT.
+
+package etw
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return errERROR_EINVAL
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
+
+	procEventRegister       = modadvapi32.NewProc("EventRegister")
+	procEventSetInformation = modadvapi32.NewProc("EventSetInformation")
+	procEventUnregister     = modadvapi32.NewProc("EventUnregister")
+	procEventWriteTransfer  = modadvapi32.NewProc("EventWriteTransfer")
+)
+
+func eventRegister(providerId *windows.GUID, callback uintptr, callbackContext uintptr, providerHandle *providerHandle) (win32err error) {
+	r0, _, _ := syscall.Syscall6(procEventRegister.Addr(), 4, uintptr(unsafe.Pointer(providerId)), uintptr(callback), uintptr(callbackContext), uintptr(unsafe.Pointer(providerHandle)), 0, 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func eventSetInformation_64(providerHandle providerHandle, class eventInfoClass, information uintptr, length uint32) (win32err error) {
+	r0, _, _ := syscall.Syscall6(procEventSetInformation.Addr(), 4, uintptr(providerHandle), uintptr(class), uintptr(information), uintptr(length), 0, 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func eventSetInformation_32(providerHandle_low uint32, providerHandle_high uint32, class eventInfoClass, information uintptr, length uint32) (win32err error) {
+	r0, _, _ := syscall.Syscall6(procEventSetInformation.Addr(), 5, uintptr(providerHandle_low), uintptr(providerHandle_high), uintptr(class), uintptr(information), uintptr(length), 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func eventUnregister_64(providerHandle providerHandle) (win32err error) {
+	r0, _, _ := syscall.Syscall(procEventUnregister.Addr(), 1, uintptr(providerHandle), 0, 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func eventUnregister_32(providerHandle_low uint32, providerHandle_high uint32) (win32err error) {
+	r0, _, _ := syscall.Syscall(procEventUnregister.Addr(), 2, uintptr(providerHandle_low), uintptr(providerHandle_high), 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func eventWriteTransfer_64(providerHandle providerHandle, descriptor *eventDescriptor, activityID *windows.GUID, relatedActivityID *windows.GUID, dataDescriptorCount uint32, dataDescriptors *eventDataDescriptor) (win32err error) {
+	r0, _, _ := syscall.Syscall6(procEventWriteTransfer.Addr(), 6, uintptr(providerHandle), uintptr(unsafe.Pointer(descriptor)), uintptr(unsafe.Pointer(activityID)), uintptr(unsafe.Pointer(relatedActivityID)), uintptr(dataDescriptorCount), uintptr(unsafe.Pointer(dataDescriptors)))
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func eventWriteTransfer_32(providerHandle_low uint32, providerHandle_high uint32, descriptor *eventDescriptor, activityID *windows.GUID, relatedActivityID *windows.GUID, dataDescriptorCount uint32, dataDescriptors *eventDataDescriptor) (win32err error) {
+	r0, _, _ := syscall.Syscall9(procEventWriteTransfer.Addr(), 7, uintptr(providerHandle_low), uintptr(providerHandle_high), uintptr(unsafe.Pointer(descriptor)), uintptr(unsafe.Pointer(activityID)), uintptr(unsafe.Pointer(relatedActivityID)), uintptr(dataDescriptorCount), uintptr(unsafe.Pointer(dataDescriptors)), 0, 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/etwlogrus/hook.go b/vendor/github.com/Microsoft/go-winio/pkg/etwlogrus/hook.go
new file mode 100644
index 0000000000000..4332af56492dd
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/etwlogrus/hook.go
@@ -0,0 +1,107 @@
+// +build windows
+
+package etwlogrus
+
+import (
+	"sort"
+
+	"github.com/Microsoft/go-winio/pkg/etw"
+	"github.com/sirupsen/logrus"
+)
+
+// Hook is a Logrus hook which logs received events to ETW.
+type Hook struct {
+	provider      *etw.Provider
+	closeProvider bool
+}
+
+// NewHook registers a new ETW provider and returns a hook to log from it. The
+// provider will be closed when the hook is closed.
+func NewHook(providerName string) (*Hook, error) {
+	provider, err := etw.NewProvider(providerName, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Hook{provider, true}, nil
+}
+
+// NewHookFromProvider creates a new hook based on an existing ETW provider. The
+// provider will not be closed when the hook is closed.
+func NewHookFromProvider(provider *etw.Provider) (*Hook, error) {
+	return &Hook{provider, false}, nil
+}
+
+// Levels returns the set of levels that this hook wants to receive log entries
+// for.
+func (h *Hook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
+
+var logrusToETWLevelMap = map[logrus.Level]etw.Level{
+	logrus.PanicLevel: etw.LevelAlways,
+	logrus.FatalLevel: etw.LevelCritical,
+	logrus.ErrorLevel: etw.LevelError,
+	logrus.WarnLevel:  etw.LevelWarning,
+	logrus.InfoLevel:  etw.LevelInfo,
+	logrus.DebugLevel: etw.LevelVerbose,
+	logrus.TraceLevel: etw.LevelVerbose,
+}
+
+// Fire receives each Logrus entry as it is logged, and logs it to ETW.
+func (h *Hook) Fire(e *logrus.Entry) error {
+	// Logrus defines more levels than ETW typically uses, but analysis is
+	// easiest when using a consistent set of levels across ETW providers, so we
+	// map the Logrus levels to ETW levels.
+	level := logrusToETWLevelMap[e.Level]
+	if !h.provider.IsEnabledForLevel(level) {
+		return nil
+	}
+
+	// Sort the fields by name so they are consistent in each instance
+	// of an event. Otherwise, the fields don't line up in WPA.
+	names := make([]string, 0, len(e.Data))
+	hasError := false
+	for k := range e.Data {
+		if k == logrus.ErrorKey {
+			// Always put the error last because it is optional in some events.
+			hasError = true
+		} else {
+			names = append(names, k)
+		}
+	}
+	sort.Strings(names)
+
+	// Reserve extra space for the message and time fields.
+	fields := make([]etw.FieldOpt, 0, len(e.Data)+2)
+	fields = append(fields, etw.StringField("Message", e.Message))
+	fields = append(fields, etw.Time("Time", e.Time))
+	for _, k := range names {
+		fields = append(fields, etw.SmartField(k, e.Data[k]))
+	}
+	if hasError {
+		fields = append(fields, etw.SmartField(logrus.ErrorKey, e.Data[logrus.ErrorKey]))
+	}
+
+	// Firing an ETW event is essentially best effort, as the event write can
+	// fail for reasons completely out of the control of the event writer (such
+	// as a session listening for the event having no available space in its
+	// buffers). Therefore, we don't return the error from WriteEvent, as it is
+	// just noise in many cases.
+	h.provider.WriteEvent(
+		"LogrusEntry",
+		etw.WithEventOpts(etw.WithLevel(level)),
+		fields)
+
+	return nil
+}
+
+// Close cleans up the hook and closes the ETW provider. If the provder was
+// registered by etwlogrus, it will be closed as part of `Close`. If the
+// provider was passed in, it will not be closed.
+func (h *Hook) Close() error {
+	if h.closeProvider {
+		return h.provider.Close()
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
new file mode 100644
index 0000000000000..f497c0e391786
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
@@ -0,0 +1,237 @@
+// +build windows
+
+// Package guid provides a GUID type. The backing structure for a GUID is
+// identical to that used by the golang.org/x/sys/windows GUID type.
+// There are two main binary encodings used for a GUID, the big-endian encoding,
+// and the Windows (mixed-endian) encoding. See here for details:
+// https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding
+package guid
+
+import (
+	"crypto/rand"
+	"crypto/sha1"
+	"encoding"
+	"encoding/binary"
+	"fmt"
+	"strconv"
+
+	"golang.org/x/sys/windows"
+)
+
+// Variant specifies which GUID variant (or "type") of the GUID. It determines
+// how the entirety of the rest of the GUID is interpreted.
+type Variant uint8
+
+// The variants specified by RFC 4122.
+const (
+	// VariantUnknown specifies a GUID variant which does not conform to one of
+	// the variant encodings specified in RFC 4122.
+	VariantUnknown Variant = iota
+	VariantNCS
+	VariantRFC4122
+	VariantMicrosoft
+	VariantFuture
+)
+
+// Version specifies how the bits in the GUID were generated. For instance, a
+// version 4 GUID is randomly generated, and a version 5 is generated from the
+// hash of an input string.
+type Version uint8
+
+var _ = (encoding.TextMarshaler)(GUID{})
+var _ = (encoding.TextUnmarshaler)(&GUID{})
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type so that stringification and
+// marshaling can be supported. The representation matches that used by native
+// Windows code.
+type GUID windows.GUID
+
+// NewV4 returns a new version 4 (pseudorandom) GUID, as defined by RFC 4122.
+func NewV4() (GUID, error) {
+	var b [16]byte
+	if _, err := rand.Read(b[:]); err != nil {
+		return GUID{}, err
+	}
+
+	g := FromArray(b)
+	g.setVersion(4) // Version 4 means randomly generated.
+	g.setVariant(VariantRFC4122)
+
+	return g, nil
+}
+
+// NewV5 returns a new version 5 (generated from a string via SHA-1 hashing)
+// GUID, as defined by RFC 4122. The RFC is unclear on the encoding of the name,
+// and the sample code treats it as a series of bytes, so we do the same here.
+//
+// Some implementations, such as those found on Windows, treat the name as a
+// big-endian UTF16 stream of bytes. If that is desired, the string can be
+// encoded as such before being passed to this function.
+func NewV5(namespace GUID, name []byte) (GUID, error) {
+	b := sha1.New()
+	namespaceBytes := namespace.ToArray()
+	b.Write(namespaceBytes[:])
+	b.Write(name)
+
+	a := [16]byte{}
+	copy(a[:], b.Sum(nil))
+
+	g := FromArray(a)
+	g.setVersion(5) // Version 5 means generated from a string.
+	g.setVariant(VariantRFC4122)
+
+	return g, nil
+}
+
+func fromArray(b [16]byte, order binary.ByteOrder) GUID {
+	var g GUID
+	g.Data1 = order.Uint32(b[0:4])
+	g.Data2 = order.Uint16(b[4:6])
+	g.Data3 = order.Uint16(b[6:8])
+	copy(g.Data4[:], b[8:16])
+	return g
+}
+
+func (g GUID) toArray(order binary.ByteOrder) [16]byte {
+	b := [16]byte{}
+	order.PutUint32(b[0:4], g.Data1)
+	order.PutUint16(b[4:6], g.Data2)
+	order.PutUint16(b[6:8], g.Data3)
+	copy(b[8:16], g.Data4[:])
+	return b
+}
+
+// FromArray constructs a GUID from a big-endian encoding array of 16 bytes.
+func FromArray(b [16]byte) GUID {
+	return fromArray(b, binary.BigEndian)
+}
+
+// ToArray returns an array of 16 bytes representing the GUID in big-endian
+// encoding.
+func (g GUID) ToArray() [16]byte {
+	return g.toArray(binary.BigEndian)
+}
+
+// FromWindowsArray constructs a GUID from a Windows encoding array of bytes.
+func FromWindowsArray(b [16]byte) GUID {
+	return fromArray(b, binary.LittleEndian)
+}
+
+// ToWindowsArray returns an array of 16 bytes representing the GUID in Windows
+// encoding.
+func (g GUID) ToWindowsArray() [16]byte {
+	return g.toArray(binary.LittleEndian)
+}
+
+func (g GUID) String() string {
+	return fmt.Sprintf(
+		"%08x-%04x-%04x-%04x-%012x",
+		g.Data1,
+		g.Data2,
+		g.Data3,
+		g.Data4[:2],
+		g.Data4[2:])
+}
+
+// FromString parses a string containing a GUID and returns the GUID. The only
+// format currently supported is the `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
+// format.
+func FromString(s string) (GUID, error) {
+	if len(s) != 36 {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+
+	var g GUID
+
+	data1, err := strconv.ParseUint(s[0:8], 16, 32)
+	if err != nil {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+	g.Data1 = uint32(data1)
+
+	data2, err := strconv.ParseUint(s[9:13], 16, 16)
+	if err != nil {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+	g.Data2 = uint16(data2)
+
+	data3, err := strconv.ParseUint(s[14:18], 16, 16)
+	if err != nil {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+	g.Data3 = uint16(data3)
+
+	for i, x := range []int{19, 21, 24, 26, 28, 30, 32, 34} {
+		v, err := strconv.ParseUint(s[x:x+2], 16, 8)
+		if err != nil {
+			return GUID{}, fmt.Errorf("invalid GUID %q", s)
+		}
+		g.Data4[i] = uint8(v)
+	}
+
+	return g, nil
+}
+
+func (g *GUID) setVariant(v Variant) {
+	d := g.Data4[0]
+	switch v {
+	case VariantNCS:
+		d = (d & 0x7f)
+	case VariantRFC4122:
+		d = (d & 0x3f) | 0x80
+	case VariantMicrosoft:
+		d = (d & 0x1f) | 0xc0
+	case VariantFuture:
+		d = (d & 0x0f) | 0xe0
+	case VariantUnknown:
+		fallthrough
+	default:
+		panic(fmt.Sprintf("invalid variant: %d", v))
+	}
+	g.Data4[0] = d
+}
+
+// Variant returns the GUID variant, as defined in RFC 4122.
+func (g GUID) Variant() Variant {
+	b := g.Data4[0]
+	if b&0x80 == 0 {
+		return VariantNCS
+	} else if b&0xc0 == 0x80 {
+		return VariantRFC4122
+	} else if b&0xe0 == 0xc0 {
+		return VariantMicrosoft
+	} else if b&0xe0 == 0xe0 {
+		return VariantFuture
+	}
+	return VariantUnknown
+}
+
+func (g *GUID) setVersion(v Version) {
+	g.Data3 = (g.Data3 & 0x0fff) | (uint16(v) << 12)
+}
+
+// Version returns the GUID version, as defined in RFC 4122.
+func (g GUID) Version() Version {
+	return Version((g.Data3 & 0xF000) >> 12)
+}
+
+// MarshalText returns the textual representation of the GUID.
+func (g GUID) MarshalText() ([]byte, error) {
+	return []byte(g.String()), nil
+}
+
+// UnmarshalText takes the textual representation of a GUID, and unmarhals it
+// into this GUID.
+func (g *GUID) UnmarshalText(text []byte) error {
+	g2, err := FromString(string(text))
+	if err != nil {
+		return err
+	}
+	*g = g2
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go b/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go
new file mode 100644
index 0000000000000..fca241590ccac
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go
@@ -0,0 +1,161 @@
+// +build windows
+
+package security
+
+import (
+	"os"
+	"syscall"
+	"unsafe"
+
+	"github.com/pkg/errors"
+)
+
+type (
+	accessMask          uint32
+	accessMode          uint32
+	desiredAccess       uint32
+	inheritMode         uint32
+	objectType          uint32
+	shareMode           uint32
+	securityInformation uint32
+	trusteeForm         uint32
+	trusteeType         uint32
+
+	explicitAccess struct {
+		accessPermissions accessMask
+		accessMode        accessMode
+		inheritance       inheritMode
+		trustee           trustee
+	}
+
+	trustee struct {
+		multipleTrustee          *trustee
+		multipleTrusteeOperation int32
+		trusteeForm              trusteeForm
+		trusteeType              trusteeType
+		name                     uintptr
+	}
+)
+
+const (
+	accessMaskDesiredPermission accessMask = 1 << 31 // GENERIC_READ
+
+	accessModeGrant accessMode = 1
+
+	desiredAccessReadControl desiredAccess = 0x20000
+	desiredAccessWriteDac    desiredAccess = 0x40000
+
+	gvmga = "GrantVmGroupAccess:"
+
+	inheritModeNoInheritance                  inheritMode = 0x0
+	inheritModeSubContainersAndObjectsInherit inheritMode = 0x3
+
+	objectTypeFileObject objectType = 0x1
+
+	securityInformationDACL securityInformation = 0x4
+
+	shareModeRead  shareMode = 0x1
+	shareModeWrite shareMode = 0x2
+
+	sidVmGroup = "S-1-5-83-0"
+
+	trusteeFormIsSid trusteeForm = 0
+
+	trusteeTypeWellKnownGroup trusteeType = 5
+)
+
+// GrantVMGroupAccess sets the DACL for a specified file or directory to
+// include Grant ACE entries for the VM Group SID. This is a golang re-
+// implementation of the same function in vmcompute, just not exported in
+// RS5. Which kind of sucks. Sucks a lot :/
+func GrantVmGroupAccess(name string) error {
+	// Stat (to determine if `name` is a directory).
+	s, err := os.Stat(name)
+	if err != nil {
+		return errors.Wrapf(err, "%s os.Stat %s", gvmga, name)
+	}
+
+	// Get a handle to the file/directory. Must defer Close on success.
+	fd, err := createFile(name, s.IsDir())
+	if err != nil {
+		return err // Already wrapped
+	}
+	defer syscall.CloseHandle(fd)
+
+	// Get the current DACL and Security Descriptor. Must defer LocalFree on success.
+	ot := objectTypeFileObject
+	si := securityInformationDACL
+	sd := uintptr(0)
+	origDACL := uintptr(0)
+	if err := getSecurityInfo(fd, uint32(ot), uint32(si), nil, nil, &origDACL, nil, &sd); err != nil {
+		return errors.Wrapf(err, "%s GetSecurityInfo %s", gvmga, name)
+	}
+	defer syscall.LocalFree((syscall.Handle)(unsafe.Pointer(sd)))
+
+	// Generate a new DACL which is the current DACL with the required ACEs added.
+	// Must defer LocalFree on success.
+	newDACL, err := generateDACLWithAcesAdded(name, s.IsDir(), origDACL)
+	if err != nil {
+		return err // Already wrapped
+	}
+	defer syscall.LocalFree((syscall.Handle)(unsafe.Pointer(newDACL)))
+
+	// And finally use SetSecurityInfo to apply the updated DACL.
+	if err := setSecurityInfo(fd, uint32(ot), uint32(si), uintptr(0), uintptr(0), newDACL, uintptr(0)); err != nil {
+		return errors.Wrapf(err, "%s SetSecurityInfo %s", gvmga, name)
+	}
+
+	return nil
+}
+
+// createFile is a helper function to call [Nt]CreateFile to get a handle to
+// the file or directory.
+func createFile(name string, isDir bool) (syscall.Handle, error) {
+	namep := syscall.StringToUTF16(name)
+	da := uint32(desiredAccessReadControl | desiredAccessWriteDac)
+	sm := uint32(shareModeRead | shareModeWrite)
+	fa := uint32(syscall.FILE_ATTRIBUTE_NORMAL)
+	if isDir {
+		fa = uint32(fa | syscall.FILE_FLAG_BACKUP_SEMANTICS)
+	}
+	fd, err := syscall.CreateFile(&namep[0], da, sm, nil, syscall.OPEN_EXISTING, fa, 0)
+	if err != nil {
+		return 0, errors.Wrapf(err, "%s syscall.CreateFile %s", gvmga, name)
+	}
+	return fd, nil
+}
+
+// generateDACLWithAcesAdded generates a new DACL with the two needed ACEs added.
+// The caller is responsible for LocalFree of the returned DACL on success.
+func generateDACLWithAcesAdded(name string, isDir bool, origDACL uintptr) (uintptr, error) {
+	// Generate pointers to the SIDs based on the string SIDs
+	sid, err := syscall.StringToSid(sidVmGroup)
+	if err != nil {
+		return 0, errors.Wrapf(err, "%s syscall.StringToSid %s %s", gvmga, name, sidVmGroup)
+	}
+
+	inheritance := inheritModeNoInheritance
+	if isDir {
+		inheritance = inheritModeSubContainersAndObjectsInherit
+	}
+
+	eaArray := []explicitAccess{
+		explicitAccess{
+			accessPermissions: accessMaskDesiredPermission,
+			accessMode:        accessModeGrant,
+			inheritance:       inheritance,
+			trustee: trustee{
+				trusteeForm: trusteeFormIsSid,
+				trusteeType: trusteeTypeWellKnownGroup,
+				name:        uintptr(unsafe.Pointer(sid)),
+			},
+		},
+	}
+
+	modifiedDACL := uintptr(0)
+	if err := setEntriesInAcl(uintptr(uint32(1)), uintptr(unsafe.Pointer(&eaArray[0])), origDACL, &modifiedDACL); err != nil {
+		return 0, errors.Wrapf(err, "%s SetEntriesInAcl %s", gvmga, name)
+	}
+
+	return modifiedDACL, nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/security/syscall_windows.go b/vendor/github.com/Microsoft/go-winio/pkg/security/syscall_windows.go
new file mode 100644
index 0000000000000..d7096716ce2cf
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/security/syscall_windows.go
@@ -0,0 +1,7 @@
+package security
+
+//go:generate go run mksyscall_windows.go -output zsyscall_windows.go syscall_windows.go
+
+//sys getSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, ppsidOwner **uintptr, ppsidGroup **uintptr, ppDacl *uintptr, ppSacl *uintptr, ppSecurityDescriptor *uintptr) (win32err error) = advapi32.GetSecurityInfo
+//sys setSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, psidOwner uintptr, psidGroup uintptr, pDacl uintptr, pSacl uintptr) (win32err error) = advapi32.SetSecurityInfo
+//sys setEntriesInAcl(count uintptr, pListOfEEs uintptr, oldAcl uintptr, newAcl *uintptr) (win32err error) = advapi32.SetEntriesInAclW
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/security/zsyscall_windows.go b/vendor/github.com/Microsoft/go-winio/pkg/security/zsyscall_windows.go
new file mode 100644
index 0000000000000..4084680e0f0a0
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/security/zsyscall_windows.go
@@ -0,0 +1,70 @@
+// Code generated by 'go generate'; DO NOT EDIT.
+
+package security
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return errERROR_EINVAL
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
+
+	procGetSecurityInfo  = modadvapi32.NewProc("GetSecurityInfo")
+	procSetEntriesInAclW = modadvapi32.NewProc("SetEntriesInAclW")
+	procSetSecurityInfo  = modadvapi32.NewProc("SetSecurityInfo")
+)
+
+func getSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, ppsidOwner **uintptr, ppsidGroup **uintptr, ppDacl *uintptr, ppSacl *uintptr, ppSecurityDescriptor *uintptr) (win32err error) {
+	r0, _, _ := syscall.Syscall9(procGetSecurityInfo.Addr(), 8, uintptr(handle), uintptr(objectType), uintptr(si), uintptr(unsafe.Pointer(ppsidOwner)), uintptr(unsafe.Pointer(ppsidGroup)), uintptr(unsafe.Pointer(ppDacl)), uintptr(unsafe.Pointer(ppSacl)), uintptr(unsafe.Pointer(ppSecurityDescriptor)), 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func setEntriesInAcl(count uintptr, pListOfEEs uintptr, oldAcl uintptr, newAcl *uintptr) (win32err error) {
+	r0, _, _ := syscall.Syscall6(procSetEntriesInAclW.Addr(), 4, uintptr(count), uintptr(pListOfEEs), uintptr(oldAcl), uintptr(unsafe.Pointer(newAcl)), 0, 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func setSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, psidOwner uintptr, psidGroup uintptr, pDacl uintptr, pSacl uintptr) (win32err error) {
+	r0, _, _ := syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(si), uintptr(psidOwner), uintptr(psidGroup), uintptr(pDacl), uintptr(pSacl), 0, 0)
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
diff --git a/vendor/github.com/Microsoft/go-winio/privilege.go b/vendor/github.com/Microsoft/go-winio/privilege.go
index 9c83d36fe533c..c3dd7c2176971 100644
--- a/vendor/github.com/Microsoft/go-winio/privilege.go
+++ b/vendor/github.com/Microsoft/go-winio/privilege.go
@@ -28,8 +28,9 @@ const (
 
 	ERROR_NOT_ALL_ASSIGNED syscall.Errno = 1300
 
-	SeBackupPrivilege  = "SeBackupPrivilege"
-	SeRestorePrivilege = "SeRestorePrivilege"
+	SeBackupPrivilege   = "SeBackupPrivilege"
+	SeRestorePrivilege  = "SeRestorePrivilege"
+	SeSecurityPrivilege = "SeSecurityPrivilege"
 )
 
 const (
diff --git a/vendor/github.com/Microsoft/go-winio/syscall.go b/vendor/github.com/Microsoft/go-winio/syscall.go
index 20d64cf41d0e7..5955c99fdeafe 100644
--- a/vendor/github.com/Microsoft/go-winio/syscall.go
+++ b/vendor/github.com/Microsoft/go-winio/syscall.go
@@ -1,3 +1,3 @@
 package winio
 
-//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go file.go pipe.go sd.go fileinfo.go privilege.go backup.go
+//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go file.go pipe.go sd.go fileinfo.go privilege.go backup.go hvsock.go
diff --git a/vendor/github.com/Microsoft/go-winio/vhd/vhd.go b/vendor/github.com/Microsoft/go-winio/vhd/vhd.go
index 8fa90e917ce6f..a33a36c0ffba4 100644
--- a/vendor/github.com/Microsoft/go-winio/vhd/vhd.go
+++ b/vendor/github.com/Microsoft/go-winio/vhd/vhd.go
@@ -2,107 +2,322 @@
 
 package vhd
 
-import "syscall"
+import (
+	"fmt"
+	"syscall"
 
-//go:generate go run mksyscall_windows.go -output zvhd.go vhd.go
+	"github.com/Microsoft/go-winio/pkg/guid"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/windows"
+)
 
-//sys createVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, securityDescriptor *uintptr, flags uint32, providerSpecificFlags uint32, parameters *createVirtualDiskParameters, o *syscall.Overlapped, handle *syscall.Handle) (err error) [failretval != 0] = VirtDisk.CreateVirtualDisk
-//sys openVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, flags uint32, parameters *uintptr, handle *syscall.Handle) (err error) [failretval != 0] = VirtDisk.OpenVirtualDisk
-//sys detachVirtualDisk(handle syscall.Handle, flags uint32, providerSpecificFlags uint32) (err error) [failretval != 0] = VirtDisk.DetachVirtualDisk
+//go:generate go run mksyscall_windows.go -output zvhd_windows.go vhd.go
 
-type virtualStorageType struct {
+//sys createVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, securityDescriptor *uintptr, createVirtualDiskFlags uint32, providerSpecificFlags uint32, parameters *CreateVirtualDiskParameters, overlapped *syscall.Overlapped, handle *syscall.Handle) (win32err error) = virtdisk.CreateVirtualDisk
+//sys openVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, openVirtualDiskFlags uint32, parameters *OpenVirtualDiskParameters, handle *syscall.Handle) (win32err error) = virtdisk.OpenVirtualDisk
+//sys attachVirtualDisk(handle syscall.Handle, securityDescriptor *uintptr, attachVirtualDiskFlag uint32, providerSpecificFlags uint32, parameters *AttachVirtualDiskParameters, overlapped *syscall.Overlapped) (win32err error) = virtdisk.AttachVirtualDisk
+//sys detachVirtualDisk(handle syscall.Handle, detachVirtualDiskFlags uint32, providerSpecificFlags uint32) (win32err error) = virtdisk.DetachVirtualDisk
+//sys getVirtualDiskPhysicalPath(handle syscall.Handle, diskPathSizeInBytes *uint32, buffer *uint16) (win32err error) = virtdisk.GetVirtualDiskPhysicalPath
+
+type (
+	CreateVirtualDiskFlag uint32
+	VirtualDiskFlag       uint32
+	AttachVirtualDiskFlag uint32
+	DetachVirtualDiskFlag uint32
+	VirtualDiskAccessMask uint32
+)
+
+type VirtualStorageType struct {
 	DeviceID uint32
-	VendorID [16]byte
-}
-
-const virtualDiskAccessNONE uint32 = 0
-const virtualDiskAccessATTACHRO uint32 = 65536
-const virtualDiskAccessATTACHRW uint32 = 131072
-const virtualDiskAccessDETACH uint32 = 262144
-const virtualDiskAccessGETINFO uint32 = 524288
-const virtualDiskAccessCREATE uint32 = 1048576
-const virtualDiskAccessMETAOPS uint32 = 2097152
-const virtualDiskAccessREAD uint32 = 851968
-const virtualDiskAccessALL uint32 = 4128768
-const virtualDiskAccessWRITABLE uint32 = 3276800
-
-const createVirtualDiskFlagNone uint32 = 0
-const createVirtualDiskFlagFullPhysicalAllocation uint32 = 1
-const createVirtualDiskFlagPreventWritesToSourceDisk uint32 = 2
-const createVirtualDiskFlagDoNotCopyMetadataFromParent uint32 = 4
-
-type version2 struct {
-	UniqueID                 [16]byte // GUID
+	VendorID guid.GUID
+}
+
+type CreateVersion2 struct {
+	UniqueID                 guid.GUID
 	MaximumSize              uint64
 	BlockSizeInBytes         uint32
 	SectorSizeInBytes        uint32
+	PhysicalSectorSizeInByte uint32
 	ParentPath               *uint16 // string
 	SourcePath               *uint16 // string
 	OpenFlags                uint32
-	ParentVirtualStorageType virtualStorageType
-	SourceVirtualStorageType virtualStorageType
-	ResiliencyGUID           [16]byte // GUID
+	ParentVirtualStorageType VirtualStorageType
+	SourceVirtualStorageType VirtualStorageType
+	ResiliencyGUID           guid.GUID
 }
 
-type createVirtualDiskParameters struct {
+type CreateVirtualDiskParameters struct {
 	Version  uint32 // Must always be set to 2
-	Version2 version2
+	Version2 CreateVersion2
 }
 
-// CreateVhdx will create a simple vhdx file at the given path using default values.
-func CreateVhdx(path string, maxSizeInGb, blockSizeInMb uint32) error {
-	var defaultType virtualStorageType
+type OpenVersion2 struct {
+	GetInfoOnly    bool
+	ReadOnly       bool
+	ResiliencyGUID guid.GUID
+}
+
+type OpenVirtualDiskParameters struct {
+	Version  uint32 // Must always be set to 2
+	Version2 OpenVersion2
+}
+
+type AttachVersion2 struct {
+	RestrictedOffset uint64
+	RestrictedLength uint64
+}
 
-	parameters := createVirtualDiskParameters{
+type AttachVirtualDiskParameters struct {
+	Version  uint32 // Must always be set to 2
+	Version2 AttachVersion2
+}
+
+const (
+	VIRTUAL_STORAGE_TYPE_DEVICE_VHDX = 0x3
+
+	// Access Mask for opening a VHD
+	VirtualDiskAccessNone     VirtualDiskAccessMask = 0x00000000
+	VirtualDiskAccessAttachRO VirtualDiskAccessMask = 0x00010000
+	VirtualDiskAccessAttachRW VirtualDiskAccessMask = 0x00020000
+	VirtualDiskAccessDetach   VirtualDiskAccessMask = 0x00040000
+	VirtualDiskAccessGetInfo  VirtualDiskAccessMask = 0x00080000
+	VirtualDiskAccessCreate   VirtualDiskAccessMask = 0x00100000
+	VirtualDiskAccessMetaOps  VirtualDiskAccessMask = 0x00200000
+	VirtualDiskAccessRead     VirtualDiskAccessMask = 0x000d0000
+	VirtualDiskAccessAll      VirtualDiskAccessMask = 0x003f0000
+	VirtualDiskAccessWritable VirtualDiskAccessMask = 0x00320000
+
+	// Flags for creating a VHD
+	CreateVirtualDiskFlagNone                              CreateVirtualDiskFlag = 0x0
+	CreateVirtualDiskFlagFullPhysicalAllocation            CreateVirtualDiskFlag = 0x1
+	CreateVirtualDiskFlagPreventWritesToSourceDisk         CreateVirtualDiskFlag = 0x2
+	CreateVirtualDiskFlagDoNotCopyMetadataFromParent       CreateVirtualDiskFlag = 0x4
+	CreateVirtualDiskFlagCreateBackingStorage              CreateVirtualDiskFlag = 0x8
+	CreateVirtualDiskFlagUseChangeTrackingSourceLimit      CreateVirtualDiskFlag = 0x10
+	CreateVirtualDiskFlagPreserveParentChangeTrackingState CreateVirtualDiskFlag = 0x20
+	CreateVirtualDiskFlagVhdSetUseOriginalBackingStorage   CreateVirtualDiskFlag = 0x40
+	CreateVirtualDiskFlagSparseFile                        CreateVirtualDiskFlag = 0x80
+	CreateVirtualDiskFlagPmemCompatible                    CreateVirtualDiskFlag = 0x100
+	CreateVirtualDiskFlagSupportCompressedVolumes          CreateVirtualDiskFlag = 0x200
+
+	// Flags for opening a VHD
+	OpenVirtualDiskFlagNone                        VirtualDiskFlag = 0x00000000
+	OpenVirtualDiskFlagNoParents                   VirtualDiskFlag = 0x00000001
+	OpenVirtualDiskFlagBlankFile                   VirtualDiskFlag = 0x00000002
+	OpenVirtualDiskFlagBootDrive                   VirtualDiskFlag = 0x00000004
+	OpenVirtualDiskFlagCachedIO                    VirtualDiskFlag = 0x00000008
+	OpenVirtualDiskFlagCustomDiffChain             VirtualDiskFlag = 0x00000010
+	OpenVirtualDiskFlagParentCachedIO              VirtualDiskFlag = 0x00000020
+	OpenVirtualDiskFlagVhdsetFileOnly              VirtualDiskFlag = 0x00000040
+	OpenVirtualDiskFlagIgnoreRelativeParentLocator VirtualDiskFlag = 0x00000080
+	OpenVirtualDiskFlagNoWriteHardening            VirtualDiskFlag = 0x00000100
+	OpenVirtualDiskFlagSupportCompressedVolumes    VirtualDiskFlag = 0x00000200
+
+	// Flags for attaching a VHD
+	AttachVirtualDiskFlagNone                          AttachVirtualDiskFlag = 0x00000000
+	AttachVirtualDiskFlagReadOnly                      AttachVirtualDiskFlag = 0x00000001
+	AttachVirtualDiskFlagNoDriveLetter                 AttachVirtualDiskFlag = 0x00000002
+	AttachVirtualDiskFlagPermanentLifetime             AttachVirtualDiskFlag = 0x00000004
+	AttachVirtualDiskFlagNoLocalHost                   AttachVirtualDiskFlag = 0x00000008
+	AttachVirtualDiskFlagNoSecurityDescriptor          AttachVirtualDiskFlag = 0x00000010
+	AttachVirtualDiskFlagBypassDefaultEncryptionPolicy AttachVirtualDiskFlag = 0x00000020
+	AttachVirtualDiskFlagNonPnp                        AttachVirtualDiskFlag = 0x00000040
+	AttachVirtualDiskFlagRestrictedRange               AttachVirtualDiskFlag = 0x00000080
+	AttachVirtualDiskFlagSinglePartition               AttachVirtualDiskFlag = 0x00000100
+	AttachVirtualDiskFlagRegisterVolume                AttachVirtualDiskFlag = 0x00000200
+
+	// Flags for detaching a VHD
+	DetachVirtualDiskFlagNone DetachVirtualDiskFlag = 0x0
+)
+
+// CreateVhdx is a helper function to create a simple vhdx file at the given path using
+// default values.
+func CreateVhdx(path string, maxSizeInGb, blockSizeInMb uint32) error {
+	params := CreateVirtualDiskParameters{
 		Version: 2,
-		Version2: version2{
+		Version2: CreateVersion2{
 			MaximumSize:      uint64(maxSizeInGb) * 1024 * 1024 * 1024,
 			BlockSizeInBytes: blockSizeInMb * 1024 * 1024,
 		},
 	}
 
-	var handle syscall.Handle
+	handle, err := CreateVirtualDisk(path, VirtualDiskAccessNone, CreateVirtualDiskFlagNone, &params)
+	if err != nil {
+		return err
+	}
+
+	if err := syscall.CloseHandle(handle); err != nil {
+		return err
+	}
+	return nil
+}
 
-	if err := createVirtualDisk(
-		&defaultType,
+// DetachVirtualDisk detaches a virtual hard disk by handle.
+func DetachVirtualDisk(handle syscall.Handle) (err error) {
+	if err := detachVirtualDisk(handle, 0, 0); err != nil {
+		return errors.Wrap(err, "failed to detach virtual disk")
+	}
+	return nil
+}
+
+// DetachVhd detaches a vhd found at `path`.
+func DetachVhd(path string) error {
+	handle, err := OpenVirtualDisk(
 		path,
-		virtualDiskAccessNONE,
+		VirtualDiskAccessNone,
+		OpenVirtualDiskFlagCachedIO|OpenVirtualDiskFlagIgnoreRelativeParentLocator,
+	)
+	if err != nil {
+		return err
+	}
+	defer syscall.CloseHandle(handle)
+	return DetachVirtualDisk(handle)
+}
+
+// AttachVirtualDisk attaches a virtual hard disk for use.
+func AttachVirtualDisk(handle syscall.Handle, attachVirtualDiskFlag AttachVirtualDiskFlag, parameters *AttachVirtualDiskParameters) (err error) {
+	// Supports both version 1 and 2 of the attach parameters as version 2 wasn't present in RS5.
+	if err := attachVirtualDisk(
+		handle,
 		nil,
-		createVirtualDiskFlagNone,
+		uint32(attachVirtualDiskFlag),
 		0,
-		&parameters,
+		parameters,
 		nil,
-		&handle); err != nil {
-		return err
+	); err != nil {
+		return errors.Wrap(err, "failed to attach virtual disk")
 	}
+	return nil
+}
 
-	if err := syscall.CloseHandle(handle); err != nil {
+// AttachVhd attaches a virtual hard disk at `path` for use. Attaches using version 2
+// of the ATTACH_VIRTUAL_DISK_PARAMETERS.
+func AttachVhd(path string) (err error) {
+	handle, err := OpenVirtualDisk(
+		path,
+		VirtualDiskAccessNone,
+		OpenVirtualDiskFlagCachedIO|OpenVirtualDiskFlagIgnoreRelativeParentLocator,
+	)
+	if err != nil {
 		return err
 	}
 
+	defer syscall.CloseHandle(handle)
+	params := AttachVirtualDiskParameters{Version: 2}
+	if err := AttachVirtualDisk(
+		handle,
+		AttachVirtualDiskFlagNone,
+		&params,
+	); err != nil {
+		return errors.Wrap(err, "failed to attach virtual disk")
+	}
 	return nil
 }
 
-// DetachVhd detaches a VHD attached at the given path.
-func DetachVhd(path string) error {
+// OpenVirtualDisk obtains a handle to a VHD opened with supplied access mask and flags.
+func OpenVirtualDisk(vhdPath string, virtualDiskAccessMask VirtualDiskAccessMask, openVirtualDiskFlags VirtualDiskFlag) (syscall.Handle, error) {
+	parameters := OpenVirtualDiskParameters{Version: 2}
+	handle, err := OpenVirtualDiskWithParameters(
+		vhdPath,
+		virtualDiskAccessMask,
+		openVirtualDiskFlags,
+		&parameters,
+	)
+	if err != nil {
+		return 0, err
+	}
+	return handle, nil
+}
+
+// OpenVirtualDiskWithParameters obtains a handle to a VHD opened with supplied access mask, flags and parameters.
+func OpenVirtualDiskWithParameters(vhdPath string, virtualDiskAccessMask VirtualDiskAccessMask, openVirtualDiskFlags VirtualDiskFlag, parameters *OpenVirtualDiskParameters) (syscall.Handle, error) {
 	var (
-		defaultType virtualStorageType
 		handle      syscall.Handle
+		defaultType VirtualStorageType
 	)
-
+	if parameters.Version != 2 {
+		return handle, fmt.Errorf("only version 2 VHDs are supported, found version: %d", parameters.Version)
+	}
 	if err := openVirtualDisk(
+		&defaultType,
+		vhdPath,
+		uint32(virtualDiskAccessMask),
+		uint32(openVirtualDiskFlags),
+		parameters,
+		&handle,
+	); err != nil {
+		return 0, errors.Wrap(err, "failed to open virtual disk")
+	}
+	return handle, nil
+}
+
+// CreateVirtualDisk creates a virtual harddisk and returns a handle to the disk.
+func CreateVirtualDisk(path string, virtualDiskAccessMask VirtualDiskAccessMask, createVirtualDiskFlags CreateVirtualDiskFlag, parameters *CreateVirtualDiskParameters) (syscall.Handle, error) {
+	var (
+		handle      syscall.Handle
+		defaultType VirtualStorageType
+	)
+	if parameters.Version != 2 {
+		return handle, fmt.Errorf("only version 2 VHDs are supported, found version: %d", parameters.Version)
+	}
+
+	if err := createVirtualDisk(
 		&defaultType,
 		path,
-		virtualDiskAccessDETACH,
+		uint32(virtualDiskAccessMask),
+		nil,
+		uint32(createVirtualDiskFlags),
 		0,
+		parameters,
 		nil,
-		&handle); err != nil {
-		return err
+		&handle,
+	); err != nil {
+		return handle, errors.Wrap(err, "failed to create virtual disk")
 	}
-	defer syscall.CloseHandle(handle)
+	return handle, nil
+}
 
-	if err := detachVirtualDisk(handle, 0, 0); err != nil {
-		return err
+// GetVirtualDiskPhysicalPath takes a handle to a virtual hard disk and returns the physical
+// path of the disk on the machine. This path is in the form \\.\PhysicalDriveX where X is an integer
+// that represents the particular enumeration of the physical disk on the caller's system.
+func GetVirtualDiskPhysicalPath(handle syscall.Handle) (_ string, err error) {
+	var (
+		diskPathSizeInBytes uint32 = 256 * 2 // max path length 256 wide chars
+		diskPhysicalPathBuf [256]uint16
+	)
+	if err := getVirtualDiskPhysicalPath(
+		handle,
+		&diskPathSizeInBytes,
+		&diskPhysicalPathBuf[0],
+	); err != nil {
+		return "", errors.Wrap(err, "failed to get disk physical path")
+	}
+	return windows.UTF16ToString(diskPhysicalPathBuf[:]), nil
+}
+
+// CreateDiffVhd is a helper function to create a differencing virtual disk.
+func CreateDiffVhd(diffVhdPath, baseVhdPath string, blockSizeInMB uint32) error {
+	// Setting `ParentPath` is how to signal to create a differencing disk.
+	createParams := &CreateVirtualDiskParameters{
+		Version: 2,
+		Version2: CreateVersion2{
+			ParentPath:       windows.StringToUTF16Ptr(baseVhdPath),
+			BlockSizeInBytes: blockSizeInMB * 1024 * 1024,
+			OpenFlags:        uint32(OpenVirtualDiskFlagCachedIO),
+		},
+	}
+
+	vhdHandle, err := CreateVirtualDisk(
+		diffVhdPath,
+		VirtualDiskAccessNone,
+		CreateVirtualDiskFlagNone,
+		createParams,
+	)
+	if err != nil {
+		return fmt.Errorf("failed to create differencing vhd: %s", err)
+	}
+	if err := syscall.CloseHandle(vhdHandle); err != nil {
+		return fmt.Errorf("failed to close differencing vhd handle: %s", err)
 	}
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/go-winio/vhd/zvhd.go b/vendor/github.com/Microsoft/go-winio/vhd/zvhd.go
deleted file mode 100644
index 73f52596eda18..0000000000000
--- a/vendor/github.com/Microsoft/go-winio/vhd/zvhd.go
+++ /dev/null
@@ -1,99 +0,0 @@
-// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
-
-package vhd
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-var _ unsafe.Pointer
-
-// Do the interface allocations only once for common
-// Errno values.
-const (
-	errnoERROR_IO_PENDING = 997
-)
-
-var (
-	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
-)
-
-// errnoErr returns common boxed Errno values, to prevent
-// allocations at runtime.
-func errnoErr(e syscall.Errno) error {
-	switch e {
-	case 0:
-		return nil
-	case errnoERROR_IO_PENDING:
-		return errERROR_IO_PENDING
-	}
-	// TODO: add more here, after collecting data on the common
-	// error values see on Windows. (perhaps when running
-	// all.bat?)
-	return e
-}
-
-var (
-	modVirtDisk = windows.NewLazySystemDLL("VirtDisk.dll")
-
-	procCreateVirtualDisk = modVirtDisk.NewProc("CreateVirtualDisk")
-	procOpenVirtualDisk   = modVirtDisk.NewProc("OpenVirtualDisk")
-	procDetachVirtualDisk = modVirtDisk.NewProc("DetachVirtualDisk")
-)
-
-func createVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, securityDescriptor *uintptr, flags uint32, providerSpecificFlags uint32, parameters *createVirtualDiskParameters, o *syscall.Overlapped, handle *syscall.Handle) (err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(path)
-	if err != nil {
-		return
-	}
-	return _createVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, securityDescriptor, flags, providerSpecificFlags, parameters, o, handle)
-}
-
-func _createVirtualDisk(virtualStorageType *virtualStorageType, path *uint16, virtualDiskAccessMask uint32, securityDescriptor *uintptr, flags uint32, providerSpecificFlags uint32, parameters *createVirtualDiskParameters, o *syscall.Overlapped, handle *syscall.Handle) (err error) {
-	r1, _, e1 := syscall.Syscall9(procCreateVirtualDisk.Addr(), 9, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(flags), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(handle)))
-	if r1 != 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
-	return
-}
-
-func openVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, flags uint32, parameters *uintptr, handle *syscall.Handle) (err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(path)
-	if err != nil {
-		return
-	}
-	return _openVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, flags, parameters, handle)
-}
-
-func _openVirtualDisk(virtualStorageType *virtualStorageType, path *uint16, virtualDiskAccessMask uint32, flags uint32, parameters *uintptr, handle *syscall.Handle) (err error) {
-	r1, _, e1 := syscall.Syscall6(procOpenVirtualDisk.Addr(), 6, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(flags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(handle)))
-	if r1 != 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
-	return
-}
-
-func detachVirtualDisk(handle syscall.Handle, flags uint32, providerSpecificFlags uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procDetachVirtualDisk.Addr(), 3, uintptr(handle), uintptr(flags), uintptr(providerSpecificFlags))
-	if r1 != 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
-	return
-}
diff --git a/vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go b/vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go
new file mode 100644
index 0000000000000..7fb5f3651b955
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go
@@ -0,0 +1,106 @@
+// Code generated by 'go generate'; DO NOT EDIT.
+
+package vhd
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return errERROR_EINVAL
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modvirtdisk = windows.NewLazySystemDLL("virtdisk.dll")
+
+	procAttachVirtualDisk          = modvirtdisk.NewProc("AttachVirtualDisk")
+	procCreateVirtualDisk          = modvirtdisk.NewProc("CreateVirtualDisk")
+	procDetachVirtualDisk          = modvirtdisk.NewProc("DetachVirtualDisk")
+	procGetVirtualDiskPhysicalPath = modvirtdisk.NewProc("GetVirtualDiskPhysicalPath")
+	procOpenVirtualDisk            = modvirtdisk.NewProc("OpenVirtualDisk")
+)
+
+func attachVirtualDisk(handle syscall.Handle, securityDescriptor *uintptr, attachVirtualDiskFlag uint32, providerSpecificFlags uint32, parameters *AttachVirtualDiskParameters, overlapped *syscall.Overlapped) (win32err error) {
+	r0, _, _ := syscall.Syscall6(procAttachVirtualDisk.Addr(), 6, uintptr(handle), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(attachVirtualDiskFlag), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(overlapped)))
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func createVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, securityDescriptor *uintptr, createVirtualDiskFlags uint32, providerSpecificFlags uint32, parameters *CreateVirtualDiskParameters, overlapped *syscall.Overlapped, handle *syscall.Handle) (win32err error) {
+	var _p0 *uint16
+	_p0, win32err = syscall.UTF16PtrFromString(path)
+	if win32err != nil {
+		return
+	}
+	return _createVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, securityDescriptor, createVirtualDiskFlags, providerSpecificFlags, parameters, overlapped, handle)
+}
+
+func _createVirtualDisk(virtualStorageType *VirtualStorageType, path *uint16, virtualDiskAccessMask uint32, securityDescriptor *uintptr, createVirtualDiskFlags uint32, providerSpecificFlags uint32, parameters *CreateVirtualDiskParameters, overlapped *syscall.Overlapped, handle *syscall.Handle) (win32err error) {
+	r0, _, _ := syscall.Syscall9(procCreateVirtualDisk.Addr(), 9, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(createVirtualDiskFlags), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(handle)))
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func detachVirtualDisk(handle syscall.Handle, detachVirtualDiskFlags uint32, providerSpecificFlags uint32) (win32err error) {
+	r0, _, _ := syscall.Syscall(procDetachVirtualDisk.Addr(), 3, uintptr(handle), uintptr(detachVirtualDiskFlags), uintptr(providerSpecificFlags))
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func getVirtualDiskPhysicalPath(handle syscall.Handle, diskPathSizeInBytes *uint32, buffer *uint16) (win32err error) {
+	r0, _, _ := syscall.Syscall(procGetVirtualDiskPhysicalPath.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(diskPathSizeInBytes)), uintptr(unsafe.Pointer(buffer)))
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
+
+func openVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, openVirtualDiskFlags uint32, parameters *OpenVirtualDiskParameters, handle *syscall.Handle) (win32err error) {
+	var _p0 *uint16
+	_p0, win32err = syscall.UTF16PtrFromString(path)
+	if win32err != nil {
+		return
+	}
+	return _openVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, openVirtualDiskFlags, parameters, handle)
+}
+
+func _openVirtualDisk(virtualStorageType *VirtualStorageType, path *uint16, virtualDiskAccessMask uint32, openVirtualDiskFlags uint32, parameters *OpenVirtualDiskParameters, handle *syscall.Handle) (win32err error) {
+	r0, _, _ := syscall.Syscall6(procOpenVirtualDisk.Addr(), 6, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(openVirtualDiskFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(handle)))
+	if r0 != 0 {
+		win32err = syscall.Errno(r0)
+	}
+	return
+}
diff --git a/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go b/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
index 3f527639a47f6..176ff75e320cf 100644
--- a/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
@@ -1,4 +1,4 @@
-// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
+// Code generated by 'go generate'; DO NOT EDIT.
 
 package winio
 
@@ -19,6 +19,7 @@ const (
 
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
 )
 
 // errnoErr returns common boxed Errno values, to prevent
@@ -26,7 +27,7 @@ var (
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
-		return nil
+		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
@@ -37,484 +38,390 @@ func errnoErr(e syscall.Errno) error {
 }
 
 var (
-	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
 	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
+	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+	modntdll    = windows.NewLazySystemDLL("ntdll.dll")
+	modws2_32   = windows.NewLazySystemDLL("ws2_32.dll")
 
-	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
-	procCreateIoCompletionPort                               = modkernel32.NewProc("CreateIoCompletionPort")
-	procGetQueuedCompletionStatus                            = modkernel32.NewProc("GetQueuedCompletionStatus")
-	procSetFileCompletionNotificationModes                   = modkernel32.NewProc("SetFileCompletionNotificationModes")
-	procConnectNamedPipe                                     = modkernel32.NewProc("ConnectNamedPipe")
-	procCreateNamedPipeW                                     = modkernel32.NewProc("CreateNamedPipeW")
-	procCreateFileW                                          = modkernel32.NewProc("CreateFileW")
-	procWaitNamedPipeW                                       = modkernel32.NewProc("WaitNamedPipeW")
-	procGetNamedPipeInfo                                     = modkernel32.NewProc("GetNamedPipeInfo")
-	procGetNamedPipeHandleStateW                             = modkernel32.NewProc("GetNamedPipeHandleStateW")
-	procLocalAlloc                                           = modkernel32.NewProc("LocalAlloc")
-	procLookupAccountNameW                                   = modadvapi32.NewProc("LookupAccountNameW")
+	procAdjustTokenPrivileges                                = modadvapi32.NewProc("AdjustTokenPrivileges")
+	procConvertSecurityDescriptorToStringSecurityDescriptorW = modadvapi32.NewProc("ConvertSecurityDescriptorToStringSecurityDescriptorW")
 	procConvertSidToStringSidW                               = modadvapi32.NewProc("ConvertSidToStringSidW")
 	procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
-	procConvertSecurityDescriptorToStringSecurityDescriptorW = modadvapi32.NewProc("ConvertSecurityDescriptorToStringSecurityDescriptorW")
-	procLocalFree                                            = modkernel32.NewProc("LocalFree")
 	procGetSecurityDescriptorLength                          = modadvapi32.NewProc("GetSecurityDescriptorLength")
-	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
-	procSetFileInformationByHandle                           = modkernel32.NewProc("SetFileInformationByHandle")
-	procAdjustTokenPrivileges                                = modadvapi32.NewProc("AdjustTokenPrivileges")
 	procImpersonateSelf                                      = modadvapi32.NewProc("ImpersonateSelf")
-	procRevertToSelf                                         = modadvapi32.NewProc("RevertToSelf")
-	procOpenThreadToken                                      = modadvapi32.NewProc("OpenThreadToken")
-	procGetCurrentThread                                     = modkernel32.NewProc("GetCurrentThread")
-	procLookupPrivilegeValueW                                = modadvapi32.NewProc("LookupPrivilegeValueW")
-	procLookupPrivilegeNameW                                 = modadvapi32.NewProc("LookupPrivilegeNameW")
+	procLookupAccountNameW                                   = modadvapi32.NewProc("LookupAccountNameW")
 	procLookupPrivilegeDisplayNameW                          = modadvapi32.NewProc("LookupPrivilegeDisplayNameW")
+	procLookupPrivilegeNameW                                 = modadvapi32.NewProc("LookupPrivilegeNameW")
+	procLookupPrivilegeValueW                                = modadvapi32.NewProc("LookupPrivilegeValueW")
+	procOpenThreadToken                                      = modadvapi32.NewProc("OpenThreadToken")
+	procRevertToSelf                                         = modadvapi32.NewProc("RevertToSelf")
 	procBackupRead                                           = modkernel32.NewProc("BackupRead")
 	procBackupWrite                                          = modkernel32.NewProc("BackupWrite")
+	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
+	procConnectNamedPipe                                     = modkernel32.NewProc("ConnectNamedPipe")
+	procCreateFileW                                          = modkernel32.NewProc("CreateFileW")
+	procCreateIoCompletionPort                               = modkernel32.NewProc("CreateIoCompletionPort")
+	procCreateNamedPipeW                                     = modkernel32.NewProc("CreateNamedPipeW")
+	procGetCurrentThread                                     = modkernel32.NewProc("GetCurrentThread")
+	procGetNamedPipeHandleStateW                             = modkernel32.NewProc("GetNamedPipeHandleStateW")
+	procGetNamedPipeInfo                                     = modkernel32.NewProc("GetNamedPipeInfo")
+	procGetQueuedCompletionStatus                            = modkernel32.NewProc("GetQueuedCompletionStatus")
+	procLocalAlloc                                           = modkernel32.NewProc("LocalAlloc")
+	procLocalFree                                            = modkernel32.NewProc("LocalFree")
+	procSetFileCompletionNotificationModes                   = modkernel32.NewProc("SetFileCompletionNotificationModes")
+	procNtCreateNamedPipeFile                                = modntdll.NewProc("NtCreateNamedPipeFile")
+	procRtlDefaultNpAcl                                      = modntdll.NewProc("RtlDefaultNpAcl")
+	procRtlDosPathNameToNtPathName_U                         = modntdll.NewProc("RtlDosPathNameToNtPathName_U")
+	procRtlNtStatusToDosErrorNoTeb                           = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
+	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
+	procbind                                                 = modws2_32.NewProc("bind")
 )
 
-func cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) {
-	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(file), uintptr(unsafe.Pointer(o)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, outputSize uint32, output *byte, requiredSize *uint32) (success bool, err error) {
+	var _p0 uint32
+	if releaseAll {
+		_p0 = 1
+	}
+	r0, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(input)), uintptr(outputSize), uintptr(unsafe.Pointer(output)), uintptr(unsafe.Pointer(requiredSize)))
+	success = r0 != 0
+	if true {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) {
-	r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(file), uintptr(port), uintptr(key), uintptr(threadCount), 0, 0)
-	newport = syscall.Handle(r0)
-	if newport == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func convertSecurityDescriptorToStringSecurityDescriptor(sd *byte, revision uint32, secInfo uint32, sddl **uint16, sddlSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procConvertSecurityDescriptorToStringSecurityDescriptorW.Addr(), 5, uintptr(unsafe.Pointer(sd)), uintptr(revision), uintptr(secInfo), uintptr(unsafe.Pointer(sddl)), uintptr(unsafe.Pointer(sddlSize)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(port), uintptr(unsafe.Pointer(bytes)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(o)), uintptr(timeout), 0)
+func convertSidToStringSid(sid *byte, str **uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procConvertSidToStringSidW.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(str)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetFileCompletionNotificationModes.Addr(), 2, uintptr(h), uintptr(flags), 0)
+func convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd *uintptr, size *uint32) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(str)
+	if err != nil {
+		return
+	}
+	return _convertStringSecurityDescriptorToSecurityDescriptor(_p0, revision, sd, size)
+}
+
+func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision uint32, sd *uintptr, size *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procConvertStringSecurityDescriptorToSecurityDescriptorW.Addr(), 4, uintptr(unsafe.Pointer(str)), uintptr(revision), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(size)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) {
-	r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(o)), 0)
+func getSecurityDescriptorLength(sd uintptr) (len uint32) {
+	r0, _, _ := syscall.Syscall(procGetSecurityDescriptorLength.Addr(), 1, uintptr(sd), 0, 0)
+	len = uint32(r0)
+	return
+}
+
+func impersonateSelf(level uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procImpersonateSelf.Addr(), 1, uintptr(level), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+func lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
 	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(name)
+	_p0, err = syscall.UTF16PtrFromString(accountName)
 	if err != nil {
 		return
 	}
-	return _createNamedPipe(_p0, flags, pipeMode, maxInstances, outSize, inSize, defaultTimeout, sa)
+	return _lookupAccountName(systemName, _p0, sid, sidSize, refDomain, refDomainSize, sidNameUse)
 }
 
-func _createNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
-	r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0)
-	handle = syscall.Handle(r0)
-	if handle == syscall.InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func _lookupAccountName(systemName *uint16, accountName *uint16, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procLookupAccountNameW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidSize)), uintptr(unsafe.Pointer(refDomain)), uintptr(unsafe.Pointer(refDomainSize)), uintptr(unsafe.Pointer(sidNameUse)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) {
+func lookupPrivilegeDisplayName(systemName string, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) {
 	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(name)
+	_p0, err = syscall.UTF16PtrFromString(systemName)
 	if err != nil {
 		return
 	}
-	return _createFile(_p0, access, mode, sa, createmode, attrs, templatefile)
+	return _lookupPrivilegeDisplayName(_p0, name, buffer, size, languageId)
 }
 
-func _createFile(name *uint16, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) {
-	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
-	handle = syscall.Handle(r0)
-	if handle == syscall.InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func _lookupPrivilegeDisplayName(systemName *uint16, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procLookupPrivilegeDisplayNameW.Addr(), 5, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(languageId)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func waitNamedPipe(name string, timeout uint32) (err error) {
+func lookupPrivilegeName(systemName string, luid *uint64, buffer *uint16, size *uint32) (err error) {
 	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(name)
+	_p0, err = syscall.UTF16PtrFromString(systemName)
 	if err != nil {
 		return
 	}
-	return _waitNamedPipe(_p0, timeout)
+	return _lookupPrivilegeName(_p0, luid, buffer, size)
 }
 
-func _waitNamedPipe(name *uint16, timeout uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procWaitNamedPipeW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(timeout), 0)
+func _lookupPrivilegeName(systemName *uint16, luid *uint64, buffer *uint16, size *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procLookupPrivilegeNameW.Addr(), 4, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(luid)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procGetNamedPipeInfo.Addr(), 5, uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func lookupPrivilegeValue(systemName string, name string, luid *uint64) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(systemName)
+	if err != nil {
+		return
 	}
-	return
+	var _p1 *uint16
+	_p1, err = syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return
+	}
+	return _lookupPrivilegeValue(_p0, _p1, luid)
 }
 
-func getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procGetNamedPipeHandleStateW.Addr(), 7, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize), 0, 0)
+func _lookupPrivilegeValue(systemName *uint16, name *uint16, luid *uint64) (err error) {
+	r1, _, e1 := syscall.Syscall(procLookupPrivilegeValueW.Addr(), 3, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid)))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func localAlloc(uFlags uint32, length uint32) (ptr uintptr) {
-	r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(uFlags), uintptr(length), 0)
-	ptr = uintptr(r0)
+func openThreadToken(thread syscall.Handle, accessMask uint32, openAsSelf bool, token *windows.Token) (err error) {
+	var _p0 uint32
+	if openAsSelf {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procOpenThreadToken.Addr(), 4, uintptr(thread), uintptr(accessMask), uintptr(_p0), uintptr(unsafe.Pointer(token)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(accountName)
-	if err != nil {
-		return
+func revertToSelf() (err error) {
+	r1, _, e1 := syscall.Syscall(procRevertToSelf.Addr(), 0, 0, 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
-	return _lookupAccountName(systemName, _p0, sid, sidSize, refDomain, refDomainSize, sidNameUse)
+	return
 }
 
-func _lookupAccountName(systemName *uint16, accountName *uint16, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procLookupAccountNameW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidSize)), uintptr(unsafe.Pointer(refDomain)), uintptr(unsafe.Pointer(refDomainSize)), uintptr(unsafe.Pointer(sidNameUse)), 0, 0)
+func backupRead(h syscall.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 uint32
+	if abort {
+		_p1 = 1
+	}
+	var _p2 uint32
+	if processSecurity {
+		_p2 = 1
+	}
+	r1, _, e1 := syscall.Syscall9(procBackupRead.Addr(), 7, uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesRead)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func convertSidToStringSid(sid *byte, str **uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procConvertSidToStringSidW.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(str)), 0)
+func backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 uint32
+	if abort {
+		_p1 = 1
+	}
+	var _p2 uint32
+	if processSecurity {
+		_p2 = 1
+	}
+	r1, _, e1 := syscall.Syscall9(procBackupWrite.Addr(), 7, uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesWritten)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd *uintptr, size *uint32) (err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(str)
-	if err != nil {
-		return
+func cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(file), uintptr(unsafe.Pointer(o)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
-	return _convertStringSecurityDescriptorToSecurityDescriptor(_p0, revision, sd, size)
+	return
 }
 
-func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision uint32, sd *uintptr, size *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procConvertStringSecurityDescriptorToSecurityDescriptorW.Addr(), 4, uintptr(unsafe.Pointer(str)), uintptr(revision), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(size)), 0, 0)
+func connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(o)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func convertSecurityDescriptorToStringSecurityDescriptor(sd *byte, revision uint32, secInfo uint32, sddl **uint16, sddlSize *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procConvertSecurityDescriptorToStringSecurityDescriptorW.Addr(), 5, uintptr(unsafe.Pointer(sd)), uintptr(revision), uintptr(secInfo), uintptr(unsafe.Pointer(sddl)), uintptr(unsafe.Pointer(sddlSize)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return
 	}
-	return
+	return _createFile(_p0, access, mode, sa, createmode, attrs, templatefile)
 }
 
-func localFree(mem uintptr) {
-	syscall.Syscall(procLocalFree.Addr(), 1, uintptr(mem), 0, 0)
+func _createFile(name *uint16, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) {
+	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func getSecurityDescriptorLength(sd uintptr) (len uint32) {
-	r0, _, _ := syscall.Syscall(procGetSecurityDescriptorLength.Addr(), 1, uintptr(sd), 0, 0)
-	len = uint32(r0)
+func createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(file), uintptr(port), uintptr(key), uintptr(threadCount), 0, 0)
+	newport = syscall.Handle(r0)
+	if newport == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func getFileInformationByHandleEx(h syscall.Handle, class uint32, buffer *byte, size uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procGetFileInformationByHandleEx.Addr(), 4, uintptr(h), uintptr(class), uintptr(unsafe.Pointer(buffer)), uintptr(size), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return
 	}
-	return
+	return _createNamedPipe(_p0, flags, pipeMode, maxInstances, outSize, inSize, defaultTimeout, sa)
 }
 
-func setFileInformationByHandle(h syscall.Handle, class uint32, buffer *byte, size uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procSetFileInformationByHandle.Addr(), 4, uintptr(h), uintptr(class), uintptr(unsafe.Pointer(buffer)), uintptr(size), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func _createNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+	r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0)
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, outputSize uint32, output *byte, requiredSize *uint32) (success bool, err error) {
-	var _p0 uint32
-	if releaseAll {
-		_p0 = 1
-	} else {
-		_p0 = 0
-	}
-	r0, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(input)), uintptr(outputSize), uintptr(unsafe.Pointer(output)), uintptr(unsafe.Pointer(requiredSize)))
-	success = r0 != 0
-	if true {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func getCurrentThread() (h syscall.Handle) {
+	r0, _, _ := syscall.Syscall(procGetCurrentThread.Addr(), 0, 0, 0, 0)
+	h = syscall.Handle(r0)
 	return
 }
 
-func impersonateSelf(level uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procImpersonateSelf.Addr(), 1, uintptr(level), 0, 0)
+func getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procGetNamedPipeHandleStateW.Addr(), 7, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func revertToSelf() (err error) {
-	r1, _, e1 := syscall.Syscall(procRevertToSelf.Addr(), 0, 0, 0, 0)
+func getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetNamedPipeInfo.Addr(), 5, uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func openThreadToken(thread syscall.Handle, accessMask uint32, openAsSelf bool, token *windows.Token) (err error) {
-	var _p0 uint32
-	if openAsSelf {
-		_p0 = 1
-	} else {
-		_p0 = 0
-	}
-	r1, _, e1 := syscall.Syscall6(procOpenThreadToken.Addr(), 4, uintptr(thread), uintptr(accessMask), uintptr(_p0), uintptr(unsafe.Pointer(token)), 0, 0)
+func getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(port), uintptr(unsafe.Pointer(bytes)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(o)), uintptr(timeout), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func getCurrentThread() (h syscall.Handle) {
-	r0, _, _ := syscall.Syscall(procGetCurrentThread.Addr(), 0, 0, 0, 0)
-	h = syscall.Handle(r0)
+func localAlloc(uFlags uint32, length uint32) (ptr uintptr) {
+	r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(uFlags), uintptr(length), 0)
+	ptr = uintptr(r0)
 	return
 }
 
-func lookupPrivilegeValue(systemName string, name string, luid *uint64) (err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(systemName)
-	if err != nil {
-		return
-	}
-	var _p1 *uint16
-	_p1, err = syscall.UTF16PtrFromString(name)
-	if err != nil {
-		return
-	}
-	return _lookupPrivilegeValue(_p0, _p1, luid)
+func localFree(mem uintptr) {
+	syscall.Syscall(procLocalFree.Addr(), 1, uintptr(mem), 0, 0)
+	return
 }
 
-func _lookupPrivilegeValue(systemName *uint16, name *uint16, luid *uint64) (err error) {
-	r1, _, e1 := syscall.Syscall(procLookupPrivilegeValueW.Addr(), 3, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid)))
+func setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetFileCompletionNotificationModes.Addr(), 2, uintptr(h), uintptr(flags), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func lookupPrivilegeName(systemName string, luid *uint64, buffer *uint16, size *uint32) (err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(systemName)
-	if err != nil {
-		return
-	}
-	return _lookupPrivilegeName(_p0, luid, buffer, size)
+func ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntstatus) {
+	r0, _, _ := syscall.Syscall15(procNtCreateNamedPipeFile.Addr(), 14, uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)), 0)
+	status = ntstatus(r0)
+	return
 }
 
-func _lookupPrivilegeName(systemName *uint16, luid *uint64, buffer *uint16, size *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procLookupPrivilegeNameW.Addr(), 4, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(luid)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func rtlDefaultNpAcl(dacl *uintptr) (status ntstatus) {
+	r0, _, _ := syscall.Syscall(procRtlDefaultNpAcl.Addr(), 1, uintptr(unsafe.Pointer(dacl)), 0, 0)
+	status = ntstatus(r0)
 	return
 }
 
-func lookupPrivilegeDisplayName(systemName string, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(systemName)
-	if err != nil {
-		return
-	}
-	return _lookupPrivilegeDisplayName(_p0, name, buffer, size, languageId)
+func rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntstatus) {
+	r0, _, _ := syscall.Syscall6(procRtlDosPathNameToNtPathName_U.Addr(), 4, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(ntName)), uintptr(filePart), uintptr(reserved), 0, 0)
+	status = ntstatus(r0)
+	return
 }
 
-func _lookupPrivilegeDisplayName(systemName *uint16, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procLookupPrivilegeDisplayNameW.Addr(), 5, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(languageId)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func rtlNtStatusToDosError(status ntstatus) (winerr error) {
+	r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(status), 0, 0)
+	if r0 != 0 {
+		winerr = syscall.Errno(r0)
 	}
 	return
 }
 
-func backupRead(h syscall.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
-	var _p0 *byte
-	if len(b) > 0 {
-		_p0 = &b[0]
-	}
-	var _p1 uint32
-	if abort {
-		_p1 = 1
-	} else {
-		_p1 = 0
-	}
-	var _p2 uint32
-	if processSecurity {
-		_p2 = 1
-	} else {
-		_p2 = 0
+func wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) {
+	var _p0 uint32
+	if wait {
+		_p0 = 1
 	}
-	r1, _, e1 := syscall.Syscall9(procBackupRead.Addr(), 7, uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesRead)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)), 0, 0)
+	r1, _, e1 := syscall.Syscall6(procWSAGetOverlappedResult.Addr(), 5, uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
-	var _p0 *byte
-	if len(b) > 0 {
-		_p0 = &b[0]
-	}
-	var _p1 uint32
-	if abort {
-		_p1 = 1
-	} else {
-		_p1 = 0
-	}
-	var _p2 uint32
-	if processSecurity {
-		_p2 = 1
-	} else {
-		_p2 = 0
-	}
-	r1, _, e1 := syscall.Syscall9(procBackupWrite.Addr(), 7, uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesWritten)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func bind(s syscall.Handle, name unsafe.Pointer, namelen int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
+	if r1 == socketError {
+		err = errnoErr(e1)
 	}
 	return
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/README.md b/vendor/github.com/Microsoft/hcsshim/README.md
index 15b39181a5dff..95c300365623d 100644
--- a/vendor/github.com/Microsoft/hcsshim/README.md
+++ b/vendor/github.com/Microsoft/hcsshim/README.md
@@ -1,8 +1,8 @@
 # hcsshim
 
-[![Build status](https://ci.appveyor.com/api/projects/status/nbcw28mnkqml0loa/branch/master?svg=true)](https://ci.appveyor.com/project/WindowsVirtualization/hcsshim/branch/master)
+[![Build status](https://github.com/microsoft/hcsshim/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/microsoft/hcsshim/actions?query=branch%3Amaster)
 
-This package contains the Golang interface for using the Windows [Host Compute Service](https://blogs.technet.microsoft.com/virtualization/2017/01/27/introducing-the-host-compute-service-hcs/) (HCS) to launch and manage [Windows Containers](https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/). It also contains other helpers and functions for managing Windows Containers such as the Golang interface for the Host Network Service (HNS).
+This package contains the Golang interface for using the Windows [Host Compute Service](https://techcommunity.microsoft.com/t5/containers/introducing-the-host-compute-service-hcs/ba-p/382332) (HCS) to launch and manage [Windows Containers](https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/). It also contains other helpers and functions for managing Windows Containers such as the Golang interface for the Host Network Service (HNS).
 
 It is primarily used in the [Moby Project](https://github.com/moby/moby), but it can be freely used by other projects as well.
 
@@ -16,6 +16,11 @@ When you submit a pull request, a CLA-bot will automatically determine whether y
 a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
 provided by the bot. You will only need to do this once across all repos using our CLA.
 
+We also ask that contributors [sign their commits](https://git-scm.com/docs/git-commit) using `git commit -s` or `git commit --signoff` to certify they either authored the work themselves or otherwise have permission to use it in this project. 
+
+
+## Code of Conduct
+
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
 contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
diff --git a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/doc.go b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/doc.go
new file mode 100644
index 0000000000000..0684d05963c77
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/doc.go
@@ -0,0 +1 @@
+package options
diff --git a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go
new file mode 100644
index 0000000000000..89aff3723a5db
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go
@@ -0,0 +1,1542 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto
+
+package options
+
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	_ "github.com/gogo/protobuf/types"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+var _ = time.Kitchen
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+
+type Options_DebugType int32
+
+const (
+	Options_NPIPE Options_DebugType = 0
+	Options_FILE  Options_DebugType = 1
+	Options_ETW   Options_DebugType = 2
+)
+
+var Options_DebugType_name = map[int32]string{
+	0: "NPIPE",
+	1: "FILE",
+	2: "ETW",
+}
+
+var Options_DebugType_value = map[string]int32{
+	"NPIPE": 0,
+	"FILE":  1,
+	"ETW":   2,
+}
+
+func (x Options_DebugType) String() string {
+	return proto.EnumName(Options_DebugType_name, int32(x))
+}
+
+func (Options_DebugType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_b643df6839c75082, []int{0, 0}
+}
+
+type Options_SandboxIsolation int32
+
+const (
+	Options_PROCESS    Options_SandboxIsolation = 0
+	Options_HYPERVISOR Options_SandboxIsolation = 1
+)
+
+var Options_SandboxIsolation_name = map[int32]string{
+	0: "PROCESS",
+	1: "HYPERVISOR",
+}
+
+var Options_SandboxIsolation_value = map[string]int32{
+	"PROCESS":    0,
+	"HYPERVISOR": 1,
+}
+
+func (x Options_SandboxIsolation) String() string {
+	return proto.EnumName(Options_SandboxIsolation_name, int32(x))
+}
+
+func (Options_SandboxIsolation) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_b643df6839c75082, []int{0, 1}
+}
+
+// Options are the set of customizations that can be passed at Create time.
+type Options struct {
+	// Enable debug tracing (sets the logrus log level to debug). This may be deprecated in the future, prefer
+	// log_level as this will override debug if both of them are set.
+	Debug bool `protobuf:"varint,1,opt,name=debug,proto3" json:"debug,omitempty"`
+	// debug tracing output type
+	DebugType Options_DebugType `protobuf:"varint,2,opt,name=debug_type,json=debugType,proto3,enum=containerd.runhcs.v1.Options_DebugType" json:"debug_type,omitempty"`
+	// registry key root for storage of the runhcs container state
+	RegistryRoot string `protobuf:"bytes,3,opt,name=registry_root,json=registryRoot,proto3" json:"registry_root,omitempty"`
+	// sandbox_image is the image to use for the sandbox that matches the
+	// sandbox_platform.
+	SandboxImage string `protobuf:"bytes,4,opt,name=sandbox_image,json=sandboxImage,proto3" json:"sandbox_image,omitempty"`
+	// sandbox_platform is a CRI setting that specifies the platform
+	// architecture for all sandbox's in this runtime. Values are
+	// 'windows/amd64' and 'linux/amd64'.
+	SandboxPlatform string `protobuf:"bytes,5,opt,name=sandbox_platform,json=sandboxPlatform,proto3" json:"sandbox_platform,omitempty"`
+	// sandbox_isolation is a CRI setting that specifies the isolation level of
+	// the sandbox. For Windows runtime PROCESS and HYPERVISOR are valid. For
+	// LCOW only HYPERVISOR is valid and default if omitted.
+	SandboxIsolation Options_SandboxIsolation `protobuf:"varint,6,opt,name=sandbox_isolation,json=sandboxIsolation,proto3,enum=containerd.runhcs.v1.Options_SandboxIsolation" json:"sandbox_isolation,omitempty"`
+	// boot_files_root_path is the path to the directory containing the LCOW
+	// kernel and root FS files.
+	BootFilesRootPath string `protobuf:"bytes,7,opt,name=boot_files_root_path,json=bootFilesRootPath,proto3" json:"boot_files_root_path,omitempty"`
+	// vm_processor_count is the default number of processors to create for the
+	// hypervisor isolated utility vm.
+	//
+	// The platform default if omitted is 2, unless the host only has a single
+	// core in which case it is 1.
+	VmProcessorCount int32 `protobuf:"varint,8,opt,name=vm_processor_count,json=vmProcessorCount,proto3" json:"vm_processor_count,omitempty"`
+	// vm_memory_size_in_mb is the default amount of memory to assign to the
+	// hypervisor isolated utility vm.
+	//
+	// The platform default is 1024MB if omitted.
+	VmMemorySizeInMb int32 `protobuf:"varint,9,opt,name=vm_memory_size_in_mb,json=vmMemorySizeInMb,proto3" json:"vm_memory_size_in_mb,omitempty"`
+	// GPUVHDPath is the path to the gpu vhd to add to the uvm
+	// when a container requests a gpu
+	GPUVHDPath string `protobuf:"bytes,10,opt,name=GPUVHDPath,proto3" json:"GPUVHDPath,omitempty"`
+	// scale_cpu_limits_to_sandbox indicates that container CPU limits should
+	// be adjusted to account for the difference in number of cores between the
+	// host and UVM.
+	ScaleCpuLimitsToSandbox bool `protobuf:"varint,11,opt,name=scale_cpu_limits_to_sandbox,json=scaleCpuLimitsToSandbox,proto3" json:"scale_cpu_limits_to_sandbox,omitempty"`
+	// default_container_scratch_size_in_gb is the default scratch size (sandbox.vhdx)
+	// to be used for containers. Every container will get a sandbox of `size_in_gb` assigned
+	// instead of the default of 20GB.
+	DefaultContainerScratchSizeInGb int32 `protobuf:"varint,12,opt,name=default_container_scratch_size_in_gb,json=defaultContainerScratchSizeInGb,proto3" json:"default_container_scratch_size_in_gb,omitempty"`
+	// default_vm_scratch_size_in_gb is the default scratch size (sandbox.vhdx)
+	// to be used for the UVM. This only applies to WCOW as LCOW doesn't mount a scratch
+	// specifically for the UVM.
+	DefaultVmScratchSizeInGb int32 `protobuf:"varint,13,opt,name=default_vm_scratch_size_in_gb,json=defaultVmScratchSizeInGb,proto3" json:"default_vm_scratch_size_in_gb,omitempty"`
+	// share_scratch specifies if we'd like to reuse scratch space between multiple containers.
+	// This currently only affects LCOW. The sandbox containers scratch space is re-used for all
+	// subsequent containers launched in the pod.
+	ShareScratch bool `protobuf:"varint,14,opt,name=share_scratch,json=shareScratch,proto3" json:"share_scratch,omitempty"`
+	// NCProxyAddr is the address of the network configuration proxy service. If omitted
+	// the network is setup locally.
+	NCProxyAddr string `protobuf:"bytes,15,opt,name=NCProxyAddr,proto3" json:"NCProxyAddr,omitempty"`
+	// log_level specifies the logrus log level for the shim. Supported values are a string representation of the
+	// logrus log levels: "trace", "debug", "info", "warn", "error", "fatal", "panic". This setting will override
+	// the `debug` field if both are specified, unless the level specified is also "debug", as these are equivalent.
+	LogLevel string `protobuf:"bytes,16,opt,name=log_level,json=logLevel,proto3" json:"log_level,omitempty"`
+	// io_retry_timeout_in_sec is the timeout in seconds for how long to try and reconnect to an upstream IO provider if a connection is lost.
+	// The typical example is if Containerd has restarted but is expected to come back online. A 0 for this field is interpreted as an infinite
+	// timeout.
+	IoRetryTimeoutInSec  int32    `protobuf:"varint,17,opt,name=io_retry_timeout_in_sec,json=ioRetryTimeoutInSec,proto3" json:"io_retry_timeout_in_sec,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Options) Reset()      { *m = Options{} }
+func (*Options) ProtoMessage() {}
+func (*Options) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b643df6839c75082, []int{0}
+}
+func (m *Options) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Options) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Options.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalTo(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Options) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Options.Merge(m, src)
+}
+func (m *Options) XXX_Size() int {
+	return m.Size()
+}
+func (m *Options) XXX_DiscardUnknown() {
+	xxx_messageInfo_Options.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Options proto.InternalMessageInfo
+
+// ProcessDetails contains additional information about a process. This is the additional
+// info returned in the Pids query.
+type ProcessDetails struct {
+	ImageName                    string    `protobuf:"bytes,1,opt,name=image_name,json=imageName,proto3" json:"image_name,omitempty"`
+	CreatedAt                    time.Time `protobuf:"bytes,2,opt,name=created_at,json=createdAt,proto3,stdtime" json:"created_at"`
+	KernelTime_100Ns             uint64    `protobuf:"varint,3,opt,name=kernel_time_100_ns,json=kernelTime100Ns,proto3" json:"kernel_time_100_ns,omitempty"`
+	MemoryCommitBytes            uint64    `protobuf:"varint,4,opt,name=memory_commit_bytes,json=memoryCommitBytes,proto3" json:"memory_commit_bytes,omitempty"`
+	MemoryWorkingSetPrivateBytes uint64    `protobuf:"varint,5,opt,name=memory_working_set_private_bytes,json=memoryWorkingSetPrivateBytes,proto3" json:"memory_working_set_private_bytes,omitempty"`
+	MemoryWorkingSetSharedBytes  uint64    `protobuf:"varint,6,opt,name=memory_working_set_shared_bytes,json=memoryWorkingSetSharedBytes,proto3" json:"memory_working_set_shared_bytes,omitempty"`
+	ProcessID                    uint32    `protobuf:"varint,7,opt,name=process_id,json=processId,proto3" json:"process_id,omitempty"`
+	UserTime_100Ns               uint64    `protobuf:"varint,8,opt,name=user_time_100_ns,json=userTime100Ns,proto3" json:"user_time_100_ns,omitempty"`
+	ExecID                       string    `protobuf:"bytes,9,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}  `json:"-"`
+	XXX_unrecognized             []byte    `json:"-"`
+	XXX_sizecache                int32     `json:"-"`
+}
+
+func (m *ProcessDetails) Reset()      { *m = ProcessDetails{} }
+func (*ProcessDetails) ProtoMessage() {}
+func (*ProcessDetails) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b643df6839c75082, []int{1}
+}
+func (m *ProcessDetails) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ProcessDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ProcessDetails.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalTo(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ProcessDetails) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ProcessDetails.Merge(m, src)
+}
+func (m *ProcessDetails) XXX_Size() int {
+	return m.Size()
+}
+func (m *ProcessDetails) XXX_DiscardUnknown() {
+	xxx_messageInfo_ProcessDetails.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ProcessDetails proto.InternalMessageInfo
+
+func init() {
+	proto.RegisterEnum("containerd.runhcs.v1.Options_DebugType", Options_DebugType_name, Options_DebugType_value)
+	proto.RegisterEnum("containerd.runhcs.v1.Options_SandboxIsolation", Options_SandboxIsolation_name, Options_SandboxIsolation_value)
+	proto.RegisterType((*Options)(nil), "containerd.runhcs.v1.Options")
+	proto.RegisterType((*ProcessDetails)(nil), "containerd.runhcs.v1.ProcessDetails")
+}
+
+func init() {
+	proto.RegisterFile("github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto", fileDescriptor_b643df6839c75082)
+}
+
+var fileDescriptor_b643df6839c75082 = []byte{
+	// 953 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x5d, 0x6f, 0xdb, 0x36,
+	0x17, 0xb6, 0xda, 0x24, 0xb6, 0x4e, 0xbe, 0x1c, 0x36, 0x40, 0x85, 0xe4, 0xad, 0x6d, 0xa4, 0x2f,
+	0xd0, 0x14, 0x6b, 0xa4, 0xa4, 0xdb, 0xdd, 0x06, 0x0c, 0x8d, 0xed, 0xb4, 0x1e, 0xf2, 0x61, 0xc8,
+	0x59, 0xba, 0x8f, 0x0b, 0x42, 0x1f, 0x8c, 0x4c, 0x54, 0x12, 0x05, 0x92, 0xf6, 0xe2, 0x5e, 0xed,
+	0x27, 0xec, 0x87, 0xec, 0x87, 0xe4, 0x72, 0x97, 0x03, 0x06, 0x64, 0xab, 0x7f, 0xc9, 0x40, 0x8a,
+	0x4a, 0xbb, 0x20, 0xd8, 0xcd, 0xae, 0x4c, 0x3e, 0xcf, 0xc3, 0x87, 0xe7, 0x1c, 0x9d, 0x43, 0xc3,
+	0x59, 0x42, 0xe5, 0x78, 0x12, 0xba, 0x11, 0xcb, 0xbc, 0x13, 0x1a, 0x71, 0x26, 0xd8, 0xa5, 0xf4,
+	0xc6, 0x91, 0x10, 0x63, 0x9a, 0x79, 0x51, 0x16, 0x7b, 0x11, 0xcb, 0x65, 0x40, 0x73, 0xc2, 0xe3,
+	0x3d, 0x85, 0xed, 0xf1, 0x49, 0x3e, 0x8e, 0xc4, 0xde, 0xf4, 0xc0, 0x63, 0x85, 0xa4, 0x2c, 0x17,
+	0x5e, 0x89, 0xb8, 0x05, 0x67, 0x92, 0xa1, 0xcd, 0x8f, 0x7a, 0xd7, 0x10, 0xd3, 0x83, 0xad, 0xcd,
+	0x84, 0x25, 0x4c, 0x0b, 0x3c, 0xb5, 0x2a, 0xb5, 0x5b, 0xed, 0x84, 0xb1, 0x24, 0x25, 0x9e, 0xde,
+	0x85, 0x93, 0x4b, 0x4f, 0xd2, 0x8c, 0x08, 0x19, 0x64, 0x45, 0x29, 0xd8, 0xf9, 0xb5, 0x0e, 0xf5,
+	0xb3, 0xf2, 0x16, 0xb4, 0x09, 0x8b, 0x31, 0x09, 0x27, 0x89, 0x63, 0x75, 0xac, 0xdd, 0x86, 0x5f,
+	0x6e, 0xd0, 0x11, 0x80, 0x5e, 0x60, 0x39, 0x2b, 0x88, 0xf3, 0xa0, 0x63, 0xed, 0xae, 0xbd, 0x7c,
+	0xe6, 0xde, 0x17, 0x83, 0x6b, 0x8c, 0xdc, 0x9e, 0xd2, 0x9f, 0xcf, 0x0a, 0xe2, 0xdb, 0x71, 0xb5,
+	0x44, 0x4f, 0x61, 0x95, 0x93, 0x84, 0x0a, 0xc9, 0x67, 0x98, 0x33, 0x26, 0x9d, 0x87, 0x1d, 0x6b,
+	0xd7, 0xf6, 0x57, 0x2a, 0xd0, 0x67, 0x4c, 0x2a, 0x91, 0x08, 0xf2, 0x38, 0x64, 0x57, 0x98, 0x66,
+	0x41, 0x42, 0x9c, 0x85, 0x52, 0x64, 0xc0, 0x81, 0xc2, 0xd0, 0x73, 0x68, 0x56, 0xa2, 0x22, 0x0d,
+	0xe4, 0x25, 0xe3, 0x99, 0xb3, 0xa8, 0x75, 0xeb, 0x06, 0x1f, 0x1a, 0x18, 0xfd, 0x08, 0x1b, 0xb7,
+	0x7e, 0x82, 0xa5, 0x81, 0x8a, 0xcf, 0x59, 0xd2, 0x39, 0xb8, 0xff, 0x9e, 0xc3, 0xc8, 0xdc, 0x58,
+	0x9d, 0xf2, 0xab, 0x3b, 0x6f, 0x11, 0xe4, 0xc1, 0x66, 0xc8, 0x98, 0xc4, 0x97, 0x34, 0x25, 0x42,
+	0xe7, 0x84, 0x8b, 0x40, 0x8e, 0x9d, 0xba, 0x8e, 0x65, 0x43, 0x71, 0x47, 0x8a, 0x52, 0x99, 0x0d,
+	0x03, 0x39, 0x46, 0x2f, 0x00, 0x4d, 0x33, 0x5c, 0x70, 0x16, 0x11, 0x21, 0x18, 0xc7, 0x11, 0x9b,
+	0xe4, 0xd2, 0x69, 0x74, 0xac, 0xdd, 0x45, 0xbf, 0x39, 0xcd, 0x86, 0x15, 0xd1, 0x55, 0x38, 0x72,
+	0x61, 0x73, 0x9a, 0xe1, 0x8c, 0x64, 0x8c, 0xcf, 0xb0, 0xa0, 0xef, 0x09, 0xa6, 0x39, 0xce, 0x42,
+	0xc7, 0xae, 0xf4, 0x27, 0x9a, 0x1a, 0xd1, 0xf7, 0x64, 0x90, 0x9f, 0x84, 0xa8, 0x05, 0xf0, 0x7a,
+	0xf8, 0xed, 0xc5, 0x9b, 0x9e, 0xba, 0xcb, 0x01, 0x1d, 0xc4, 0x27, 0x08, 0xfa, 0x0a, 0xb6, 0x45,
+	0x14, 0xa4, 0x04, 0x47, 0xc5, 0x04, 0xa7, 0x34, 0xa3, 0x52, 0x60, 0xc9, 0xb0, 0x49, 0xcb, 0x59,
+	0xd6, 0x1f, 0xfd, 0xb1, 0x96, 0x74, 0x8b, 0xc9, 0xb1, 0x16, 0x9c, 0x33, 0x53, 0x07, 0x74, 0x02,
+	0xff, 0x8f, 0xc9, 0x65, 0x30, 0x49, 0x25, 0xbe, 0xad, 0x1b, 0x16, 0x11, 0x0f, 0x64, 0x34, 0xbe,
+	0x8d, 0x2e, 0x09, 0x9d, 0x15, 0x1d, 0x5d, 0xdb, 0x68, 0xbb, 0x95, 0x74, 0x54, 0x2a, 0xcb, 0x60,
+	0x5f, 0x87, 0xe8, 0x6b, 0x78, 0x52, 0xd9, 0x4d, 0xb3, 0xfb, 0x7c, 0x56, 0xb5, 0x8f, 0x63, 0x44,
+	0x17, 0xd9, 0x5d, 0x03, 0xd5, 0x29, 0xe3, 0x80, 0x93, 0xea, 0xac, 0xb3, 0xa6, 0xe3, 0x5f, 0xd1,
+	0xa0, 0x11, 0xa3, 0x0e, 0x2c, 0x9f, 0x76, 0x87, 0x9c, 0x5d, 0xcd, 0x5e, 0xc5, 0x31, 0x77, 0xd6,
+	0x75, 0x4d, 0x3e, 0x85, 0xd0, 0x36, 0xd8, 0x29, 0x4b, 0x70, 0x4a, 0xa6, 0x24, 0x75, 0x9a, 0x9a,
+	0x6f, 0xa4, 0x2c, 0x39, 0x56, 0x7b, 0xf4, 0x05, 0x3c, 0xa6, 0x0c, 0x73, 0xa2, 0x5a, 0x56, 0x0d,
+	0x0e, 0x9b, 0x48, 0x15, 0x9d, 0x20, 0x91, 0xb3, 0xa1, 0xc3, 0x7b, 0x44, 0x99, 0xaf, 0xd8, 0xf3,
+	0x92, 0x1c, 0xe4, 0x23, 0x12, 0xed, 0x3c, 0x07, 0xfb, 0x76, 0x00, 0x90, 0x0d, 0x8b, 0xa7, 0xc3,
+	0xc1, 0xb0, 0xdf, 0xac, 0xa1, 0x06, 0x2c, 0x1c, 0x0d, 0x8e, 0xfb, 0x4d, 0x0b, 0xd5, 0xe1, 0x61,
+	0xff, 0xfc, 0x6d, 0xf3, 0xc1, 0x8e, 0x07, 0xcd, 0xbb, 0x7d, 0x86, 0x96, 0xa1, 0x3e, 0xf4, 0xcf,
+	0xba, 0xfd, 0xd1, 0xa8, 0x59, 0x43, 0x6b, 0x00, 0x6f, 0xbe, 0x1f, 0xf6, 0xfd, 0x8b, 0xc1, 0xe8,
+	0xcc, 0x6f, 0x5a, 0x3b, 0x7f, 0x3c, 0x84, 0x35, 0xd3, 0x26, 0x3d, 0x22, 0x03, 0x9a, 0x0a, 0xf4,
+	0x04, 0x40, 0x8f, 0x0a, 0xce, 0x83, 0x8c, 0xe8, 0xd1, 0xb5, 0x7d, 0x5b, 0x23, 0xa7, 0x41, 0x46,
+	0x50, 0x17, 0x20, 0xe2, 0x24, 0x90, 0x24, 0xc6, 0x81, 0xd4, 0xe3, 0xbb, 0xfc, 0x72, 0xcb, 0x2d,
+	0x9f, 0x05, 0xb7, 0x7a, 0x16, 0xdc, 0xf3, 0xea, 0x59, 0x38, 0x6c, 0x5c, 0xdf, 0xb4, 0x6b, 0xbf,
+	0xfc, 0xd9, 0xb6, 0x7c, 0xdb, 0x9c, 0x7b, 0x25, 0xd1, 0x67, 0x80, 0xde, 0x11, 0x9e, 0x93, 0x54,
+	0x97, 0x01, 0x1f, 0xec, 0xef, 0xe3, 0x5c, 0xe8, 0x01, 0x5e, 0xf0, 0xd7, 0x4b, 0x46, 0x39, 0x1c,
+	0xec, 0xef, 0x9f, 0x0a, 0xe4, 0xc2, 0x23, 0xd3, 0xb4, 0x11, 0xcb, 0x32, 0x2a, 0x71, 0x38, 0x93,
+	0x44, 0xe8, 0x49, 0x5e, 0xf0, 0x37, 0x4a, 0xaa, 0xab, 0x99, 0x43, 0x45, 0xa0, 0x23, 0xe8, 0x18,
+	0xfd, 0x4f, 0x8c, 0xbf, 0xa3, 0x79, 0x82, 0x05, 0x91, 0xb8, 0xe0, 0x74, 0x1a, 0x48, 0x62, 0x0e,
+	0x2f, 0xea, 0xc3, 0xff, 0x2b, 0x75, 0x6f, 0x4b, 0xd9, 0x88, 0xc8, 0x61, 0x29, 0x2a, 0x7d, 0x7a,
+	0xd0, 0xbe, 0xc7, 0x47, 0xf7, 0x43, 0x6c, 0x6c, 0x96, 0xb4, 0xcd, 0xf6, 0x5d, 0x9b, 0x91, 0xd6,
+	0x94, 0x2e, 0x2f, 0x00, 0xcc, 0x80, 0x62, 0x1a, 0xeb, 0x51, 0x5e, 0x3d, 0x5c, 0x9d, 0xdf, 0xb4,
+	0x6d, 0x53, 0xf6, 0x41, 0xcf, 0xb7, 0x8d, 0x60, 0x10, 0xa3, 0x67, 0xd0, 0x9c, 0x08, 0xc2, 0xff,
+	0x51, 0x96, 0x86, 0xbe, 0x64, 0x55, 0xe1, 0x1f, 0x8b, 0xf2, 0x14, 0xea, 0xe4, 0x8a, 0x44, 0xca,
+	0x53, 0xcd, 0xaf, 0x7d, 0x08, 0xf3, 0x9b, 0xf6, 0x52, 0xff, 0x8a, 0x44, 0x83, 0x9e, 0xbf, 0xa4,
+	0xa8, 0x41, 0x7c, 0x18, 0x5f, 0x7f, 0x68, 0xd5, 0x7e, 0xff, 0xd0, 0xaa, 0xfd, 0x3c, 0x6f, 0x59,
+	0xd7, 0xf3, 0x96, 0xf5, 0xdb, 0xbc, 0x65, 0xfd, 0x35, 0x6f, 0x59, 0x3f, 0x7c, 0xf3, 0xdf, 0xff,
+	0x44, 0xbe, 0x34, 0xbf, 0xdf, 0xd5, 0xc2, 0x25, 0xfd, 0xdd, 0x3f, 0xff, 0x3b, 0x00, 0x00, 0xff,
+	0xff, 0x6b, 0x83, 0xa6, 0x5f, 0x9b, 0x06, 0x00, 0x00,
+}
+
+func (m *Options) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Options) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if m.Debug {
+		dAtA[i] = 0x8
+		i++
+		if m.Debug {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i++
+	}
+	if m.DebugType != 0 {
+		dAtA[i] = 0x10
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.DebugType))
+	}
+	if len(m.RegistryRoot) > 0 {
+		dAtA[i] = 0x1a
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.RegistryRoot)))
+		i += copy(dAtA[i:], m.RegistryRoot)
+	}
+	if len(m.SandboxImage) > 0 {
+		dAtA[i] = 0x22
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxImage)))
+		i += copy(dAtA[i:], m.SandboxImage)
+	}
+	if len(m.SandboxPlatform) > 0 {
+		dAtA[i] = 0x2a
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxPlatform)))
+		i += copy(dAtA[i:], m.SandboxPlatform)
+	}
+	if m.SandboxIsolation != 0 {
+		dAtA[i] = 0x30
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.SandboxIsolation))
+	}
+	if len(m.BootFilesRootPath) > 0 {
+		dAtA[i] = 0x3a
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.BootFilesRootPath)))
+		i += copy(dAtA[i:], m.BootFilesRootPath)
+	}
+	if m.VmProcessorCount != 0 {
+		dAtA[i] = 0x40
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.VmProcessorCount))
+	}
+	if m.VmMemorySizeInMb != 0 {
+		dAtA[i] = 0x48
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.VmMemorySizeInMb))
+	}
+	if len(m.GPUVHDPath) > 0 {
+		dAtA[i] = 0x52
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.GPUVHDPath)))
+		i += copy(dAtA[i:], m.GPUVHDPath)
+	}
+	if m.ScaleCpuLimitsToSandbox {
+		dAtA[i] = 0x58
+		i++
+		if m.ScaleCpuLimitsToSandbox {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i++
+	}
+	if m.DefaultContainerScratchSizeInGb != 0 {
+		dAtA[i] = 0x60
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultContainerScratchSizeInGb))
+	}
+	if m.DefaultVmScratchSizeInGb != 0 {
+		dAtA[i] = 0x68
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultVmScratchSizeInGb))
+	}
+	if m.ShareScratch {
+		dAtA[i] = 0x70
+		i++
+		if m.ShareScratch {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i++
+	}
+	if len(m.NCProxyAddr) > 0 {
+		dAtA[i] = 0x7a
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.NCProxyAddr)))
+		i += copy(dAtA[i:], m.NCProxyAddr)
+	}
+	if len(m.LogLevel) > 0 {
+		dAtA[i] = 0x82
+		i++
+		dAtA[i] = 0x1
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.LogLevel)))
+		i += copy(dAtA[i:], m.LogLevel)
+	}
+	if m.IoRetryTimeoutInSec != 0 {
+		dAtA[i] = 0x88
+		i++
+		dAtA[i] = 0x1
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.IoRetryTimeoutInSec))
+	}
+	if m.XXX_unrecognized != nil {
+		i += copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return i, nil
+}
+
+func (m *ProcessDetails) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ProcessDetails) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.ImageName) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ImageName)))
+		i += copy(dAtA[i:], m.ImageName)
+	}
+	dAtA[i] = 0x12
+	i++
+	i = encodeVarintRunhcs(dAtA, i, uint64(github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)))
+	n1, err := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
+	if err != nil {
+		return 0, err
+	}
+	i += n1
+	if m.KernelTime_100Ns != 0 {
+		dAtA[i] = 0x18
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.KernelTime_100Ns))
+	}
+	if m.MemoryCommitBytes != 0 {
+		dAtA[i] = 0x20
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryCommitBytes))
+	}
+	if m.MemoryWorkingSetPrivateBytes != 0 {
+		dAtA[i] = 0x28
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetPrivateBytes))
+	}
+	if m.MemoryWorkingSetSharedBytes != 0 {
+		dAtA[i] = 0x30
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetSharedBytes))
+	}
+	if m.ProcessID != 0 {
+		dAtA[i] = 0x38
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.ProcessID))
+	}
+	if m.UserTime_100Ns != 0 {
+		dAtA[i] = 0x40
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.UserTime_100Ns))
+	}
+	if len(m.ExecID) > 0 {
+		dAtA[i] = 0x4a
+		i++
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ExecID)))
+		i += copy(dAtA[i:], m.ExecID)
+	}
+	if m.XXX_unrecognized != nil {
+		i += copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return i, nil
+}
+
+func encodeVarintRunhcs(dAtA []byte, offset int, v uint64) int {
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return offset + 1
+}
+func (m *Options) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Debug {
+		n += 2
+	}
+	if m.DebugType != 0 {
+		n += 1 + sovRunhcs(uint64(m.DebugType))
+	}
+	l = len(m.RegistryRoot)
+	if l > 0 {
+		n += 1 + l + sovRunhcs(uint64(l))
+	}
+	l = len(m.SandboxImage)
+	if l > 0 {
+		n += 1 + l + sovRunhcs(uint64(l))
+	}
+	l = len(m.SandboxPlatform)
+	if l > 0 {
+		n += 1 + l + sovRunhcs(uint64(l))
+	}
+	if m.SandboxIsolation != 0 {
+		n += 1 + sovRunhcs(uint64(m.SandboxIsolation))
+	}
+	l = len(m.BootFilesRootPath)
+	if l > 0 {
+		n += 1 + l + sovRunhcs(uint64(l))
+	}
+	if m.VmProcessorCount != 0 {
+		n += 1 + sovRunhcs(uint64(m.VmProcessorCount))
+	}
+	if m.VmMemorySizeInMb != 0 {
+		n += 1 + sovRunhcs(uint64(m.VmMemorySizeInMb))
+	}
+	l = len(m.GPUVHDPath)
+	if l > 0 {
+		n += 1 + l + sovRunhcs(uint64(l))
+	}
+	if m.ScaleCpuLimitsToSandbox {
+		n += 2
+	}
+	if m.DefaultContainerScratchSizeInGb != 0 {
+		n += 1 + sovRunhcs(uint64(m.DefaultContainerScratchSizeInGb))
+	}
+	if m.DefaultVmScratchSizeInGb != 0 {
+		n += 1 + sovRunhcs(uint64(m.DefaultVmScratchSizeInGb))
+	}
+	if m.ShareScratch {
+		n += 2
+	}
+	l = len(m.NCProxyAddr)
+	if l > 0 {
+		n += 1 + l + sovRunhcs(uint64(l))
+	}
+	l = len(m.LogLevel)
+	if l > 0 {
+		n += 2 + l + sovRunhcs(uint64(l))
+	}
+	if m.IoRetryTimeoutInSec != 0 {
+		n += 2 + sovRunhcs(uint64(m.IoRetryTimeoutInSec))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ProcessDetails) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ImageName)
+	if l > 0 {
+		n += 1 + l + sovRunhcs(uint64(l))
+	}
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)
+	n += 1 + l + sovRunhcs(uint64(l))
+	if m.KernelTime_100Ns != 0 {
+		n += 1 + sovRunhcs(uint64(m.KernelTime_100Ns))
+	}
+	if m.MemoryCommitBytes != 0 {
+		n += 1 + sovRunhcs(uint64(m.MemoryCommitBytes))
+	}
+	if m.MemoryWorkingSetPrivateBytes != 0 {
+		n += 1 + sovRunhcs(uint64(m.MemoryWorkingSetPrivateBytes))
+	}
+	if m.MemoryWorkingSetSharedBytes != 0 {
+		n += 1 + sovRunhcs(uint64(m.MemoryWorkingSetSharedBytes))
+	}
+	if m.ProcessID != 0 {
+		n += 1 + sovRunhcs(uint64(m.ProcessID))
+	}
+	if m.UserTime_100Ns != 0 {
+		n += 1 + sovRunhcs(uint64(m.UserTime_100Ns))
+	}
+	l = len(m.ExecID)
+	if l > 0 {
+		n += 1 + l + sovRunhcs(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func sovRunhcs(x uint64) (n int) {
+	for {
+		n++
+		x >>= 7
+		if x == 0 {
+			break
+		}
+	}
+	return n
+}
+func sozRunhcs(x uint64) (n int) {
+	return sovRunhcs(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *Options) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Options{`,
+		`Debug:` + fmt.Sprintf("%v", this.Debug) + `,`,
+		`DebugType:` + fmt.Sprintf("%v", this.DebugType) + `,`,
+		`RegistryRoot:` + fmt.Sprintf("%v", this.RegistryRoot) + `,`,
+		`SandboxImage:` + fmt.Sprintf("%v", this.SandboxImage) + `,`,
+		`SandboxPlatform:` + fmt.Sprintf("%v", this.SandboxPlatform) + `,`,
+		`SandboxIsolation:` + fmt.Sprintf("%v", this.SandboxIsolation) + `,`,
+		`BootFilesRootPath:` + fmt.Sprintf("%v", this.BootFilesRootPath) + `,`,
+		`VmProcessorCount:` + fmt.Sprintf("%v", this.VmProcessorCount) + `,`,
+		`VmMemorySizeInMb:` + fmt.Sprintf("%v", this.VmMemorySizeInMb) + `,`,
+		`GPUVHDPath:` + fmt.Sprintf("%v", this.GPUVHDPath) + `,`,
+		`ScaleCpuLimitsToSandbox:` + fmt.Sprintf("%v", this.ScaleCpuLimitsToSandbox) + `,`,
+		`DefaultContainerScratchSizeInGb:` + fmt.Sprintf("%v", this.DefaultContainerScratchSizeInGb) + `,`,
+		`DefaultVmScratchSizeInGb:` + fmt.Sprintf("%v", this.DefaultVmScratchSizeInGb) + `,`,
+		`ShareScratch:` + fmt.Sprintf("%v", this.ShareScratch) + `,`,
+		`NCProxyAddr:` + fmt.Sprintf("%v", this.NCProxyAddr) + `,`,
+		`LogLevel:` + fmt.Sprintf("%v", this.LogLevel) + `,`,
+		`IoRetryTimeoutInSec:` + fmt.Sprintf("%v", this.IoRetryTimeoutInSec) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ProcessDetails) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ProcessDetails{`,
+		`ImageName:` + fmt.Sprintf("%v", this.ImageName) + `,`,
+		`CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
+		`KernelTime_100Ns:` + fmt.Sprintf("%v", this.KernelTime_100Ns) + `,`,
+		`MemoryCommitBytes:` + fmt.Sprintf("%v", this.MemoryCommitBytes) + `,`,
+		`MemoryWorkingSetPrivateBytes:` + fmt.Sprintf("%v", this.MemoryWorkingSetPrivateBytes) + `,`,
+		`MemoryWorkingSetSharedBytes:` + fmt.Sprintf("%v", this.MemoryWorkingSetSharedBytes) + `,`,
+		`ProcessID:` + fmt.Sprintf("%v", this.ProcessID) + `,`,
+		`UserTime_100Ns:` + fmt.Sprintf("%v", this.UserTime_100Ns) + `,`,
+		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringRunhcs(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *Options) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowRunhcs
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Options: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Options: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Debug", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Debug = bool(v != 0)
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field DebugType", wireType)
+			}
+			m.DebugType = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.DebugType |= Options_DebugType(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RegistryRoot", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.RegistryRoot = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SandboxImage", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.SandboxImage = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SandboxPlatform", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.SandboxPlatform = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SandboxIsolation", wireType)
+			}
+			m.SandboxIsolation = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.SandboxIsolation |= Options_SandboxIsolation(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field BootFilesRootPath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.BootFilesRootPath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field VmProcessorCount", wireType)
+			}
+			m.VmProcessorCount = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.VmProcessorCount |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field VmMemorySizeInMb", wireType)
+			}
+			m.VmMemorySizeInMb = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.VmMemorySizeInMb |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field GPUVHDPath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.GPUVHDPath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 11:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ScaleCpuLimitsToSandbox", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.ScaleCpuLimitsToSandbox = bool(v != 0)
+		case 12:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field DefaultContainerScratchSizeInGb", wireType)
+			}
+			m.DefaultContainerScratchSizeInGb = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.DefaultContainerScratchSizeInGb |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 13:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field DefaultVmScratchSizeInGb", wireType)
+			}
+			m.DefaultVmScratchSizeInGb = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.DefaultVmScratchSizeInGb |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 14:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ShareScratch", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.ShareScratch = bool(v != 0)
+		case 15:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NCProxyAddr", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NCProxyAddr = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 16:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LogLevel", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.LogLevel = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 17:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoRetryTimeoutInSec", wireType)
+			}
+			m.IoRetryTimeoutInSec = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.IoRetryTimeoutInSec |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipRunhcs(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowRunhcs
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ProcessDetails: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ProcessDetails: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ImageName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ImageName = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field KernelTime_100Ns", wireType)
+			}
+			m.KernelTime_100Ns = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.KernelTime_100Ns |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MemoryCommitBytes", wireType)
+			}
+			m.MemoryCommitBytes = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.MemoryCommitBytes |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MemoryWorkingSetPrivateBytes", wireType)
+			}
+			m.MemoryWorkingSetPrivateBytes = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.MemoryWorkingSetPrivateBytes |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MemoryWorkingSetSharedBytes", wireType)
+			}
+			m.MemoryWorkingSetSharedBytes = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.MemoryWorkingSetSharedBytes |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ProcessID", wireType)
+			}
+			m.ProcessID = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ProcessID |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UserTime_100Ns", wireType)
+			}
+			m.UserTime_100Ns = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.UserTime_100Ns |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExecID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ExecID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipRunhcs(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipRunhcs(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowRunhcs
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+			return iNdEx, nil
+		case 1:
+			iNdEx += 8
+			return iNdEx, nil
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if length < 0 {
+				return 0, ErrInvalidLengthRunhcs
+			}
+			iNdEx += length
+			if iNdEx < 0 {
+				return 0, ErrInvalidLengthRunhcs
+			}
+			return iNdEx, nil
+		case 3:
+			for {
+				var innerWire uint64
+				var start int = iNdEx
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return 0, ErrIntOverflowRunhcs
+					}
+					if iNdEx >= l {
+						return 0, io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					innerWire |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				innerWireType := int(innerWire & 0x7)
+				if innerWireType == 4 {
+					break
+				}
+				next, err := skipRunhcs(dAtA[start:])
+				if err != nil {
+					return 0, err
+				}
+				iNdEx = start + next
+				if iNdEx < 0 {
+					return 0, ErrInvalidLengthRunhcs
+				}
+			}
+			return iNdEx, nil
+		case 4:
+			return iNdEx, nil
+		case 5:
+			iNdEx += 4
+			return iNdEx, nil
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+	}
+	panic("unreachable")
+}
+
+var (
+	ErrInvalidLengthRunhcs = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowRunhcs   = fmt.Errorf("proto: integer overflow")
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto
new file mode 100644
index 0000000000000..60c89adbde85f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto
@@ -0,0 +1,115 @@
+syntax = "proto3";
+
+package containerd.runhcs.v1;
+
+import weak "gogoproto/gogo.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options;options";
+
+// Options are the set of customizations that can be passed at Create time.
+message Options {
+	// Enable debug tracing (sets the logrus log level to debug). This may be deprecated in the future, prefer
+	// log_level as this will override debug if both of them are set.
+	bool debug = 1;
+
+	enum DebugType {
+		NPIPE = 0;
+		FILE = 1;
+		ETW = 2;
+	}
+
+	// debug tracing output type
+	DebugType debug_type = 2;
+
+	// registry key root for storage of the runhcs container state
+	string registry_root = 3;
+
+	// sandbox_image is the image to use for the sandbox that matches the
+	// sandbox_platform.
+	string sandbox_image = 4;
+
+	// sandbox_platform is a CRI setting that specifies the platform
+	// architecture for all sandbox's in this runtime. Values are
+	// 'windows/amd64' and 'linux/amd64'.
+	string sandbox_platform = 5;
+
+	enum SandboxIsolation {
+		PROCESS = 0;
+		HYPERVISOR = 1;
+	}
+
+	// sandbox_isolation is a CRI setting that specifies the isolation level of
+	// the sandbox. For Windows runtime PROCESS and HYPERVISOR are valid. For
+	// LCOW only HYPERVISOR is valid and default if omitted.
+	SandboxIsolation sandbox_isolation = 6;
+
+	// boot_files_root_path is the path to the directory containing the LCOW
+	// kernel and root FS files.
+	string boot_files_root_path = 7;
+
+	// vm_processor_count is the default number of processors to create for the
+	// hypervisor isolated utility vm.
+	//
+	// The platform default if omitted is 2, unless the host only has a single
+	// core in which case it is 1.
+	int32 vm_processor_count = 8;
+
+	// vm_memory_size_in_mb is the default amount of memory to assign to the
+	// hypervisor isolated utility vm.
+	//
+	// The platform default is 1024MB if omitted.
+	int32 vm_memory_size_in_mb = 9;
+
+	// GPUVHDPath is the path to the gpu vhd to add to the uvm
+	// when a container requests a gpu
+	string GPUVHDPath = 10;
+
+	// scale_cpu_limits_to_sandbox indicates that container CPU limits should
+	// be adjusted to account for the difference in number of cores between the
+	// host and UVM.
+	bool scale_cpu_limits_to_sandbox = 11;
+
+	// default_container_scratch_size_in_gb is the default scratch size (sandbox.vhdx)
+	// to be used for containers. Every container will get a sandbox of `size_in_gb` assigned
+	// instead of the default of 20GB.
+	int32 default_container_scratch_size_in_gb = 12;
+
+	// default_vm_scratch_size_in_gb is the default scratch size (sandbox.vhdx)
+	// to be used for the UVM. This only applies to WCOW as LCOW doesn't mount a scratch
+	// specifically for the UVM.
+	int32 default_vm_scratch_size_in_gb = 13;
+
+	// share_scratch specifies if we'd like to reuse scratch space between multiple containers.
+	// This currently only affects LCOW. The sandbox containers scratch space is re-used for all
+	// subsequent containers launched in the pod.
+	bool share_scratch = 14;
+
+	// NCProxyAddr is the address of the network configuration proxy service. If omitted
+	// the network is setup locally.
+	string NCProxyAddr = 15;
+
+	// log_level specifies the logrus log level for the shim. Supported values are a string representation of the
+	// logrus log levels: "trace", "debug", "info", "warn", "error", "fatal", "panic". This setting will override
+	// the `debug` field if both are specified, unless the level specified is also "debug", as these are equivalent.
+	string log_level = 16;
+
+	// io_retry_timeout_in_sec is the timeout in seconds for how long to try and reconnect to an upstream IO provider if a connection is lost.
+	// The typical example is if Containerd has restarted but is expected to come back online. A 0 for this field is interpreted as an infinite
+	// timeout.
+	int32 io_retry_timeout_in_sec = 17;
+}
+
+// ProcessDetails contains additional information about a process. This is the additional
+// info returned in the Pids query.
+message ProcessDetails {
+	string image_name = 1;
+	google.protobuf.Timestamp created_at = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	uint64 kernel_time_100_ns = 3;
+	uint64 memory_commit_bytes = 4;
+	uint64 memory_working_set_private_bytes = 5;
+	uint64 memory_working_set_shared_bytes = 6;
+	uint32 process_id = 7;
+	uint64 user_time_100_ns = 8;
+	string exec_id = 9;
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go b/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go
new file mode 100644
index 0000000000000..7f1f2823ddce3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go
@@ -0,0 +1,38 @@
+package computestorage
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+)
+
+// AttachLayerStorageFilter sets up the layer storage filter on a writable
+// container layer.
+//
+// `layerPath` is a path to a directory the writable layer is mounted. If the
+// path does not end in a `\` the platform will append it automatically.
+//
+// `layerData` is the parent read-only layer data.
+func AttachLayerStorageFilter(ctx context.Context, layerPath string, layerData LayerData) (err error) {
+	title := "hcsshim.AttachLayerStorageFilter"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("layerPath", layerPath),
+	)
+
+	bytes, err := json.Marshal(layerData)
+	if err != nil {
+		return err
+	}
+
+	err = hcsAttachLayerStorageFilter(layerPath, string(bytes))
+	if err != nil {
+		return errors.Wrap(err, "failed to attach layer storage filter")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go b/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go
new file mode 100644
index 0000000000000..8e28e6c504693
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go
@@ -0,0 +1,26 @@
+package computestorage
+
+import (
+	"context"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+)
+
+// DestroyLayer deletes a container layer.
+//
+// `layerPath` is a path to a directory containing the layer to export.
+func DestroyLayer(ctx context.Context, layerPath string) (err error) {
+	title := "hcsshim.DestroyLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("layerPath", layerPath))
+
+	err = hcsDestroyLayer(layerPath)
+	if err != nil {
+		return errors.Wrap(err, "failed to destroy layer")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go b/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go
new file mode 100644
index 0000000000000..435473257e30c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go
@@ -0,0 +1,26 @@
+package computestorage
+
+import (
+	"context"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+)
+
+// DetachLayerStorageFilter detaches the layer storage filter on a writable container layer.
+//
+// `layerPath` is a path to a directory containing the layer to export.
+func DetachLayerStorageFilter(ctx context.Context, layerPath string) (err error) {
+	title := "hcsshim.DetachLayerStorageFilter"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("layerPath", layerPath))
+
+	err = hcsDetachLayerStorageFilter(layerPath)
+	if err != nil {
+		return errors.Wrap(err, "failed to detach layer storage filter")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/export.go b/vendor/github.com/Microsoft/hcsshim/computestorage/export.go
new file mode 100644
index 0000000000000..a1b12dd129286
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/export.go
@@ -0,0 +1,46 @@
+package computestorage
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+)
+
+// ExportLayer exports a container layer.
+//
+// `layerPath` is a path to a directory containing the layer to export.
+//
+// `exportFolderPath` is a pre-existing folder to export the layer to.
+//
+// `layerData` is the parent layer data.
+//
+// `options` are the export options applied to the exported layer.
+func ExportLayer(ctx context.Context, layerPath, exportFolderPath string, layerData LayerData, options ExportLayerOptions) (err error) {
+	title := "hcsshim.ExportLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("layerPath", layerPath),
+		trace.StringAttribute("exportFolderPath", exportFolderPath),
+	)
+
+	ldbytes, err := json.Marshal(layerData)
+	if err != nil {
+		return err
+	}
+
+	obytes, err := json.Marshal(options)
+	if err != nil {
+		return err
+	}
+
+	err = hcsExportLayer(layerPath, exportFolderPath, string(ldbytes), string(obytes))
+	if err != nil {
+		return errors.Wrap(err, "failed to export layer")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/format.go b/vendor/github.com/Microsoft/hcsshim/computestorage/format.go
new file mode 100644
index 0000000000000..83c0fa33f0fce
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/format.go
@@ -0,0 +1,26 @@
+package computestorage
+
+import (
+	"context"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+	"golang.org/x/sys/windows"
+)
+
+// FormatWritableLayerVhd formats a virtual disk for use as a writable container layer.
+//
+// If the VHD is not mounted it will be temporarily mounted.
+func FormatWritableLayerVhd(ctx context.Context, vhdHandle windows.Handle) (err error) {
+	title := "hcsshim.FormatWritableLayerVhd"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+
+	err = hcsFormatWritableLayerVhd(vhdHandle)
+	if err != nil {
+		return errors.Wrap(err, "failed to format writable layer vhd")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go b/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go
new file mode 100644
index 0000000000000..87fee452cd3f8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go
@@ -0,0 +1,193 @@
+package computestorage
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/Microsoft/go-winio/pkg/security"
+	"github.com/Microsoft/go-winio/vhd"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/windows"
+)
+
+const defaultVHDXBlockSizeInMB = 1
+
+// SetupContainerBaseLayer is a helper to setup a containers scratch. It
+// will create and format the vhdx's inside and the size is configurable with the sizeInGB
+// parameter.
+//
+// `layerPath` is the path to the base container layer on disk.
+//
+// `baseVhdPath` is the path to where the base vhdx for the base layer should be created.
+//
+// `diffVhdPath` is the path where the differencing disk for the base layer should be created.
+//
+// `sizeInGB` is the size in gigabytes to make the base vhdx.
+func SetupContainerBaseLayer(ctx context.Context, layerPath, baseVhdPath, diffVhdPath string, sizeInGB uint64) (err error) {
+	var (
+		hivesPath  = filepath.Join(layerPath, "Hives")
+		layoutPath = filepath.Join(layerPath, "Layout")
+	)
+
+	// We need to remove the hives directory and layout file as `SetupBaseOSLayer` fails if these files
+	// already exist. `SetupBaseOSLayer` will create these files internally. We also remove the base and
+	// differencing disks if they exist in case we're asking for a different size.
+	if _, err := os.Stat(hivesPath); err == nil {
+		if err := os.RemoveAll(hivesPath); err != nil {
+			return errors.Wrap(err, "failed to remove prexisting hives directory")
+		}
+	}
+	if _, err := os.Stat(layoutPath); err == nil {
+		if err := os.RemoveAll(layoutPath); err != nil {
+			return errors.Wrap(err, "failed to remove prexisting layout file")
+		}
+	}
+
+	if _, err := os.Stat(baseVhdPath); err == nil {
+		if err := os.RemoveAll(baseVhdPath); err != nil {
+			return errors.Wrap(err, "failed to remove base vhdx path")
+		}
+	}
+	if _, err := os.Stat(diffVhdPath); err == nil {
+		if err := os.RemoveAll(diffVhdPath); err != nil {
+			return errors.Wrap(err, "failed to remove differencing vhdx")
+		}
+	}
+
+	createParams := &vhd.CreateVirtualDiskParameters{
+		Version: 2,
+		Version2: vhd.CreateVersion2{
+			MaximumSize:      sizeInGB * 1024 * 1024 * 1024,
+			BlockSizeInBytes: defaultVHDXBlockSizeInMB * 1024 * 1024,
+		},
+	}
+	handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams)
+	if err != nil {
+		return errors.Wrap(err, "failed to create vhdx")
+	}
+
+	defer func() {
+		if err != nil {
+			_ = syscall.CloseHandle(handle)
+			os.RemoveAll(baseVhdPath)
+			os.RemoveAll(diffVhdPath)
+		}
+	}()
+
+	if err = FormatWritableLayerVhd(ctx, windows.Handle(handle)); err != nil {
+		return err
+	}
+	// Base vhd handle must be closed before calling SetupBaseLayer in case of Container layer
+	if err = syscall.CloseHandle(handle); err != nil {
+		return errors.Wrap(err, "failed to close vhdx handle")
+	}
+
+	options := OsLayerOptions{
+		Type: OsLayerTypeContainer,
+	}
+
+	// SetupBaseOSLayer expects an empty vhd handle for a container layer and will
+	// error out otherwise.
+	if err = SetupBaseOSLayer(ctx, layerPath, 0, options); err != nil {
+		return err
+	}
+	// Create the differencing disk that will be what's copied for the final rw layer
+	// for a container.
+	if err = vhd.CreateDiffVhd(diffVhdPath, baseVhdPath, defaultVHDXBlockSizeInMB); err != nil {
+		return errors.Wrap(err, "failed to create differencing disk")
+	}
+
+	if err = security.GrantVmGroupAccess(baseVhdPath); err != nil {
+		return errors.Wrapf(err, "failed to grant vm group access to %s", baseVhdPath)
+	}
+	if err = security.GrantVmGroupAccess(diffVhdPath); err != nil {
+		return errors.Wrapf(err, "failed to grant vm group access to %s", diffVhdPath)
+	}
+	return nil
+}
+
+// SetupUtilityVMBaseLayer is a helper to setup a UVMs scratch space. It will create and format
+// the vhdx inside and the size is configurable by the sizeInGB parameter.
+//
+// `uvmPath` is the path to the UtilityVM filesystem.
+//
+// `baseVhdPath` is the path to where the base vhdx for the UVM should be created.
+//
+// `diffVhdPath` is the path where the differencing disk for the UVM should be created.
+//
+// `sizeInGB` specifies the size in gigabytes to make the base vhdx.
+func SetupUtilityVMBaseLayer(ctx context.Context, uvmPath, baseVhdPath, diffVhdPath string, sizeInGB uint64) (err error) {
+	// Remove the base and differencing disks if they exist in case we're asking for a different size.
+	if _, err := os.Stat(baseVhdPath); err == nil {
+		if err := os.RemoveAll(baseVhdPath); err != nil {
+			return errors.Wrap(err, "failed to remove base vhdx")
+		}
+	}
+	if _, err := os.Stat(diffVhdPath); err == nil {
+		if err := os.RemoveAll(diffVhdPath); err != nil {
+			return errors.Wrap(err, "failed to remove differencing vhdx")
+		}
+	}
+
+	// Just create the vhdx for utilityVM layer, no need to format it.
+	createParams := &vhd.CreateVirtualDiskParameters{
+		Version: 2,
+		Version2: vhd.CreateVersion2{
+			MaximumSize:      sizeInGB * 1024 * 1024 * 1024,
+			BlockSizeInBytes: defaultVHDXBlockSizeInMB * 1024 * 1024,
+		},
+	}
+	handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams)
+	if err != nil {
+		return errors.Wrap(err, "failed to create vhdx")
+	}
+
+	defer func() {
+		if err != nil {
+			_ = syscall.CloseHandle(handle)
+			os.RemoveAll(baseVhdPath)
+			os.RemoveAll(diffVhdPath)
+		}
+	}()
+
+	// If it is a UtilityVM layer then the base vhdx must be attached when calling
+	// `SetupBaseOSLayer`
+	attachParams := &vhd.AttachVirtualDiskParameters{
+		Version: 2,
+	}
+	if err := vhd.AttachVirtualDisk(handle, vhd.AttachVirtualDiskFlagNone, attachParams); err != nil {
+		return errors.Wrapf(err, "failed to attach virtual disk")
+	}
+
+	options := OsLayerOptions{
+		Type: OsLayerTypeVM,
+	}
+	if err := SetupBaseOSLayer(ctx, uvmPath, windows.Handle(handle), options); err != nil {
+		return err
+	}
+
+	// Detach and close the handle after setting up the layer as we don't need the handle
+	// for anything else and we no longer need to be attached either.
+	if err = vhd.DetachVirtualDisk(handle); err != nil {
+		return errors.Wrap(err, "failed to detach vhdx")
+	}
+	if err = syscall.CloseHandle(handle); err != nil {
+		return errors.Wrap(err, "failed to close vhdx handle")
+	}
+
+	// Create the differencing disk that will be what's copied for the final rw layer
+	// for a container.
+	if err = vhd.CreateDiffVhd(diffVhdPath, baseVhdPath, defaultVHDXBlockSizeInMB); err != nil {
+		return errors.Wrap(err, "failed to create differencing disk")
+	}
+
+	if err := security.GrantVmGroupAccess(baseVhdPath); err != nil {
+		return errors.Wrapf(err, "failed to grant vm group access to %s", baseVhdPath)
+	}
+	if err := security.GrantVmGroupAccess(diffVhdPath); err != nil {
+		return errors.Wrapf(err, "failed to grant vm group access to %s", diffVhdPath)
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/import.go b/vendor/github.com/Microsoft/hcsshim/computestorage/import.go
new file mode 100644
index 0000000000000..0c61dab329185
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/import.go
@@ -0,0 +1,41 @@
+package computestorage
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+)
+
+// ImportLayer imports a container layer.
+//
+// `layerPath` is a path to a directory to import the layer to. If the directory
+// does not exist it will be automatically created.
+//
+// `sourceFolderpath` is a pre-existing folder that contains the layer to
+// import.
+//
+// `layerData` is the parent layer data.
+func ImportLayer(ctx context.Context, layerPath, sourceFolderPath string, layerData LayerData) (err error) {
+	title := "hcsshim.ImportLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("layerPath", layerPath),
+		trace.StringAttribute("sourceFolderPath", sourceFolderPath),
+	)
+
+	bytes, err := json.Marshal(layerData)
+	if err != nil {
+		return err
+	}
+
+	err = hcsImportLayer(layerPath, sourceFolderPath, string(bytes))
+	if err != nil {
+		return errors.Wrap(err, "failed to import layer")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go b/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go
new file mode 100644
index 0000000000000..53ed8ea6edaaf
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go
@@ -0,0 +1,38 @@
+package computestorage
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+)
+
+// InitializeWritableLayer initializes a writable layer for a container.
+//
+// `layerPath` is a path to a directory the layer is mounted. If the
+// path does not end in a `\` the platform will append it automatically.
+//
+// `layerData` is the parent read-only layer data.
+func InitializeWritableLayer(ctx context.Context, layerPath string, layerData LayerData) (err error) {
+	title := "hcsshim.InitializeWritableLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("layerPath", layerPath),
+	)
+
+	bytes, err := json.Marshal(layerData)
+	if err != nil {
+		return err
+	}
+
+	// Options are not used in the platform as of RS5
+	err = hcsInitializeWritableLayer(layerPath, string(bytes), "")
+	if err != nil {
+		return errors.Wrap(err, "failed to intitialize container layer")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go b/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go
new file mode 100644
index 0000000000000..fcdbbef81437d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go
@@ -0,0 +1,27 @@
+package computestorage
+
+import (
+	"context"
+
+	"github.com/Microsoft/hcsshim/internal/interop"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+	"golang.org/x/sys/windows"
+)
+
+// GetLayerVhdMountPath returns the volume path for a virtual disk of a writable container layer.
+func GetLayerVhdMountPath(ctx context.Context, vhdHandle windows.Handle) (path string, err error) {
+	title := "hcsshim.GetLayerVhdMountPath"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+
+	var mountPath *uint16
+	err = hcsGetLayerVhdMountPath(vhdHandle, &mountPath)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to get vhd mount path")
+	}
+	path = interop.ConvertAndFreeCoTaskMemString(mountPath)
+	return path, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go b/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go
new file mode 100644
index 0000000000000..06aaf841e8f28
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go
@@ -0,0 +1,74 @@
+package computestorage
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/pkg/errors"
+	"go.opencensus.io/trace"
+	"golang.org/x/sys/windows"
+)
+
+// SetupBaseOSLayer sets up a layer that contains a base OS for a container.
+//
+// `layerPath` is a path to a directory containing the layer.
+//
+// `vhdHandle` is an empty file handle of `options.Type == OsLayerTypeContainer`
+// or else it is a file handle to the 'SystemTemplateBase.vhdx' if `options.Type
+// == OsLayerTypeVm`.
+//
+// `options` are the options applied while processing the layer.
+func SetupBaseOSLayer(ctx context.Context, layerPath string, vhdHandle windows.Handle, options OsLayerOptions) (err error) {
+	title := "hcsshim.SetupBaseOSLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("layerPath", layerPath),
+	)
+
+	bytes, err := json.Marshal(options)
+	if err != nil {
+		return err
+	}
+
+	err = hcsSetupBaseOSLayer(layerPath, vhdHandle, string(bytes))
+	if err != nil {
+		return errors.Wrap(err, "failed to setup base OS layer")
+	}
+	return nil
+}
+
+// SetupBaseOSVolume sets up a volume that contains a base OS for a container.
+//
+// `layerPath` is a path to a directory containing the layer.
+//
+// `volumePath` is the path to the volume to be used for setup.
+//
+// `options` are the options applied while processing the layer.
+func SetupBaseOSVolume(ctx context.Context, layerPath, volumePath string, options OsLayerOptions) (err error) {
+	if osversion.Build() < 19645 {
+		return errors.New("SetupBaseOSVolume is not present on builds older than 19645")
+	}
+	title := "hcsshim.SetupBaseOSVolume"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("layerPath", layerPath),
+		trace.StringAttribute("volumePath", volumePath),
+	)
+
+	bytes, err := json.Marshal(options)
+	if err != nil {
+		return err
+	}
+
+	err = hcsSetupBaseOSVolume(layerPath, volumePath, string(bytes))
+	if err != nil {
+		return errors.Wrap(err, "failed to setup base OS layer")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go b/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go
new file mode 100644
index 0000000000000..95aff9c184838
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go
@@ -0,0 +1,50 @@
+// Package computestorage is a wrapper around the HCS storage APIs. These are new storage APIs introduced
+// separate from the original graphdriver calls intended to give more freedom around creating
+// and managing container layers and scratch spaces.
+package computestorage
+
+import (
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+)
+
+//go:generate go run ../mksyscall_windows.go -output zsyscall_windows.go storage.go
+
+//sys hcsImportLayer(layerPath string, sourceFolderPath string, layerData string) (hr error) = computestorage.HcsImportLayer?
+//sys hcsExportLayer(layerPath string, exportFolderPath string, layerData string, options string) (hr error) = computestorage.HcsExportLayer?
+//sys hcsDestroyLayer(layerPath string) (hr error) = computestorage.HcsDestoryLayer?
+//sys hcsSetupBaseOSLayer(layerPath string, handle windows.Handle, options string) (hr error) = computestorage.HcsSetupBaseOSLayer?
+//sys hcsInitializeWritableLayer(writableLayerPath string, layerData string, options string) (hr error) = computestorage.HcsInitializeWritableLayer?
+//sys hcsAttachLayerStorageFilter(layerPath string, layerData string) (hr error) = computestorage.HcsAttachLayerStorageFilter?
+//sys hcsDetachLayerStorageFilter(layerPath string) (hr error) = computestorage.HcsDetachLayerStorageFilter?
+//sys hcsFormatWritableLayerVhd(handle windows.Handle) (hr error) = computestorage.HcsFormatWritableLayerVhd?
+//sys hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr error) = computestorage.HcsGetLayerVhdMountPath?
+//sys hcsSetupBaseOSVolume(layerPath string, volumePath string, options string) (hr error) = computestorage.HcsSetupBaseOSVolume?
+
+// LayerData is the data used to describe parent layer information.
+type LayerData struct {
+	SchemaVersion hcsschema.Version `json:"SchemaVersion,omitempty"`
+	Layers        []hcsschema.Layer `json:"Layers,omitempty"`
+}
+
+// ExportLayerOptions are the set of options that are used with the `computestorage.HcsExportLayer` syscall.
+type ExportLayerOptions struct {
+	IsWritableLayer bool `json:"IsWritableLayer,omitempty"`
+}
+
+// OsLayerType is the type of layer being operated on.
+type OsLayerType string
+
+const (
+	// OsLayerTypeContainer is a container layer.
+	OsLayerTypeContainer OsLayerType = "Container"
+	// OsLayerTypeVM is a virtual machine layer.
+	OsLayerTypeVM OsLayerType = "Vm"
+)
+
+// OsLayerOptions are the set of options that are used with the `SetupBaseOSLayer` and
+// `SetupBaseOSVolume` calls.
+type OsLayerOptions struct {
+	Type                       OsLayerType `json:"Type,omitempty"`
+	DisableCiCacheOptimization bool        `json:"DisableCiCacheOptimization,omitempty"`
+	SkipUpdateBcdForBoot       bool        `json:"SkipUpdateBcdForBoot,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go
new file mode 100644
index 0000000000000..4f95180674340
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go
@@ -0,0 +1,319 @@
+// Code generated mksyscall_windows.exe DO NOT EDIT
+
+package computestorage
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modcomputestorage = windows.NewLazySystemDLL("computestorage.dll")
+
+	procHcsImportLayer              = modcomputestorage.NewProc("HcsImportLayer")
+	procHcsExportLayer              = modcomputestorage.NewProc("HcsExportLayer")
+	procHcsDestoryLayer             = modcomputestorage.NewProc("HcsDestoryLayer")
+	procHcsSetupBaseOSLayer         = modcomputestorage.NewProc("HcsSetupBaseOSLayer")
+	procHcsInitializeWritableLayer  = modcomputestorage.NewProc("HcsInitializeWritableLayer")
+	procHcsAttachLayerStorageFilter = modcomputestorage.NewProc("HcsAttachLayerStorageFilter")
+	procHcsDetachLayerStorageFilter = modcomputestorage.NewProc("HcsDetachLayerStorageFilter")
+	procHcsFormatWritableLayerVhd   = modcomputestorage.NewProc("HcsFormatWritableLayerVhd")
+	procHcsGetLayerVhdMountPath     = modcomputestorage.NewProc("HcsGetLayerVhdMountPath")
+	procHcsSetupBaseOSVolume        = modcomputestorage.NewProc("HcsSetupBaseOSVolume")
+)
+
+func hcsImportLayer(layerPath string, sourceFolderPath string, layerData string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
+		return
+	}
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(sourceFolderPath)
+	if hr != nil {
+		return
+	}
+	var _p2 *uint16
+	_p2, hr = syscall.UTF16PtrFromString(layerData)
+	if hr != nil {
+		return
+	}
+	return _hcsImportLayer(_p0, _p1, _p2)
+}
+
+func _hcsImportLayer(layerPath *uint16, sourceFolderPath *uint16, layerData *uint16) (hr error) {
+	if hr = procHcsImportLayer.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsImportLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(sourceFolderPath)), uintptr(unsafe.Pointer(layerData)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsExportLayer(layerPath string, exportFolderPath string, layerData string, options string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
+		return
+	}
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(exportFolderPath)
+	if hr != nil {
+		return
+	}
+	var _p2 *uint16
+	_p2, hr = syscall.UTF16PtrFromString(layerData)
+	if hr != nil {
+		return
+	}
+	var _p3 *uint16
+	_p3, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsExportLayer(_p0, _p1, _p2, _p3)
+}
+
+func _hcsExportLayer(layerPath *uint16, exportFolderPath *uint16, layerData *uint16, options *uint16) (hr error) {
+	if hr = procHcsExportLayer.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcsExportLayer.Addr(), 4, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(exportFolderPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsDestroyLayer(layerPath string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
+		return
+	}
+	return _hcsDestroyLayer(_p0)
+}
+
+func _hcsDestroyLayer(layerPath *uint16) (hr error) {
+	if hr = procHcsDestoryLayer.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsDestoryLayer.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsSetupBaseOSLayer(layerPath string, handle windows.Handle, options string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
+		return
+	}
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsSetupBaseOSLayer(_p0, handle, _p1)
+}
+
+func _hcsSetupBaseOSLayer(layerPath *uint16, handle windows.Handle, options *uint16) (hr error) {
+	if hr = procHcsSetupBaseOSLayer.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsSetupBaseOSLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(handle), uintptr(unsafe.Pointer(options)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsInitializeWritableLayer(writableLayerPath string, layerData string, options string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(writableLayerPath)
+	if hr != nil {
+		return
+	}
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(layerData)
+	if hr != nil {
+		return
+	}
+	var _p2 *uint16
+	_p2, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsInitializeWritableLayer(_p0, _p1, _p2)
+}
+
+func _hcsInitializeWritableLayer(writableLayerPath *uint16, layerData *uint16, options *uint16) (hr error) {
+	if hr = procHcsInitializeWritableLayer.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsInitializeWritableLayer.Addr(), 3, uintptr(unsafe.Pointer(writableLayerPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsAttachLayerStorageFilter(layerPath string, layerData string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
+		return
+	}
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(layerData)
+	if hr != nil {
+		return
+	}
+	return _hcsAttachLayerStorageFilter(_p0, _p1)
+}
+
+func _hcsAttachLayerStorageFilter(layerPath *uint16, layerData *uint16) (hr error) {
+	if hr = procHcsAttachLayerStorageFilter.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsAttachLayerStorageFilter.Addr(), 2, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(layerData)), 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsDetachLayerStorageFilter(layerPath string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
+		return
+	}
+	return _hcsDetachLayerStorageFilter(_p0)
+}
+
+func _hcsDetachLayerStorageFilter(layerPath *uint16) (hr error) {
+	if hr = procHcsDetachLayerStorageFilter.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsDetachLayerStorageFilter.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsFormatWritableLayerVhd(handle windows.Handle) (hr error) {
+	if hr = procHcsFormatWritableLayerVhd.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsFormatWritableLayerVhd.Addr(), 1, uintptr(handle), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr error) {
+	if hr = procHcsGetLayerVhdMountPath.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsGetLayerVhdMountPath.Addr(), 2, uintptr(vhdHandle), uintptr(unsafe.Pointer(mountPath)), 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsSetupBaseOSVolume(layerPath string, volumePath string, options string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
+		return
+	}
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(volumePath)
+	if hr != nil {
+		return
+	}
+	var _p2 *uint16
+	_p2, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsSetupBaseOSVolume(_p0, _p1, _p2)
+}
+
+func _hcsSetupBaseOSVolume(layerPath *uint16, volumePath *uint16, options *uint16) (hr error) {
+	if hr = procHcsSetupBaseOSVolume.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsSetupBaseOSVolume.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(volumePath)), uintptr(unsafe.Pointer(options)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/container.go b/vendor/github.com/Microsoft/hcsshim/container.go
index e142c315445a1..bfd722898e948 100644
--- a/vendor/github.com/Microsoft/hcsshim/container.go
+++ b/vendor/github.com/Microsoft/hcsshim/container.go
@@ -1,13 +1,15 @@
 package hcsshim
 
 import (
+	"context"
 	"fmt"
 	"os"
+	"sync"
 	"time"
 
 	"github.com/Microsoft/hcsshim/internal/hcs"
+	"github.com/Microsoft/hcsshim/internal/hcs/schema1"
 	"github.com/Microsoft/hcsshim/internal/mergemaps"
-	"github.com/Microsoft/hcsshim/internal/schema1"
 )
 
 // ContainerProperties holds the properties for a container and the processes running in that container
@@ -52,7 +54,10 @@ const (
 type ResourceModificationRequestResponse = schema1.ResourceModificationRequestResponse
 
 type container struct {
-	system *hcs.System
+	system   *hcs.System
+	waitOnce sync.Once
+	waitErr  error
+	waitCh   chan struct{}
 }
 
 // createComputeSystemAdditionalJSON is read from the environment at initialisation
@@ -71,61 +76,87 @@ func CreateContainer(id string, c *ContainerConfig) (Container, error) {
 		return nil, fmt.Errorf("failed to merge additional JSON '%s': %s", createContainerAdditionalJSON, err)
 	}
 
-	system, err := hcs.CreateComputeSystem(id, fullConfig)
+	system, err := hcs.CreateComputeSystem(context.Background(), id, fullConfig)
 	if err != nil {
 		return nil, err
 	}
-	return &container{system}, err
+	return &container{system: system}, err
 }
 
 // OpenContainer opens an existing container by ID.
 func OpenContainer(id string) (Container, error) {
-	system, err := hcs.OpenComputeSystem(id)
+	system, err := hcs.OpenComputeSystem(context.Background(), id)
 	if err != nil {
 		return nil, err
 	}
-	return &container{system}, err
+	return &container{system: system}, err
 }
 
 // GetContainers gets a list of the containers on the system that match the query
 func GetContainers(q ComputeSystemQuery) ([]ContainerProperties, error) {
-	return hcs.GetComputeSystems(q)
+	return hcs.GetComputeSystems(context.Background(), q)
 }
 
 // Start synchronously starts the container.
 func (container *container) Start() error {
-	return convertSystemError(container.system.Start(), container)
+	return convertSystemError(container.system.Start(context.Background()), container)
 }
 
 // Shutdown requests a container shutdown, but it may not actually be shutdown until Wait() succeeds.
 func (container *container) Shutdown() error {
-	return convertSystemError(container.system.Shutdown(), container)
+	err := container.system.Shutdown(context.Background())
+	if err != nil {
+		return convertSystemError(err, container)
+	}
+	return &ContainerError{Container: container, Err: ErrVmcomputeOperationPending, Operation: "hcsshim::ComputeSystem::Shutdown"}
 }
 
 // Terminate requests a container terminate, but it may not actually be terminated until Wait() succeeds.
 func (container *container) Terminate() error {
-	return convertSystemError(container.system.Terminate(), container)
+	err := container.system.Terminate(context.Background())
+	if err != nil {
+		return convertSystemError(err, container)
+	}
+	return &ContainerError{Container: container, Err: ErrVmcomputeOperationPending, Operation: "hcsshim::ComputeSystem::Terminate"}
 }
 
 // Waits synchronously waits for the container to shutdown or terminate.
 func (container *container) Wait() error {
-	return convertSystemError(container.system.Wait(), container)
+	err := container.system.Wait()
+	if err == nil {
+		err = container.system.ExitError()
+	}
+	return convertSystemError(err, container)
 }
 
 // WaitTimeout synchronously waits for the container to terminate or the duration to elapse. It
 // returns false if timeout occurs.
-func (container *container) WaitTimeout(t time.Duration) error {
-	return convertSystemError(container.system.WaitTimeout(t), container)
+func (container *container) WaitTimeout(timeout time.Duration) error {
+	container.waitOnce.Do(func() {
+		container.waitCh = make(chan struct{})
+		go func() {
+			container.waitErr = container.Wait()
+			close(container.waitCh)
+		}()
+	})
+	t := time.NewTimer(timeout)
+	defer t.Stop()
+	select {
+	case <-t.C:
+		return &ContainerError{Container: container, Err: ErrTimeout, Operation: "hcsshim::ComputeSystem::Wait"}
+	case <-container.waitCh:
+		return container.waitErr
+	}
 }
 
 // Pause pauses the execution of a container.
 func (container *container) Pause() error {
-	return convertSystemError(container.system.Pause(), container)
+	return convertSystemError(container.system.Pause(context.Background()), container)
 }
 
 // Resume resumes the execution of a container.
 func (container *container) Resume() error {
-	return convertSystemError(container.system.Resume(), container)
+	return convertSystemError(container.system.Resume(context.Background()), container)
 }
 
 // HasPendingUpdates returns true if the container has updates pending to install
@@ -135,7 +166,7 @@ func (container *container) HasPendingUpdates() (bool, error) {
 
 // Statistics returns statistics for the container. This is a legacy v1 call
 func (container *container) Statistics() (Statistics, error) {
-	properties, err := container.system.Properties(schema1.PropertyTypeStatistics)
+	properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeStatistics)
 	if err != nil {
 		return Statistics{}, convertSystemError(err, container)
 	}
@@ -145,7 +176,7 @@ func (container *container) Statistics() (Statistics, error) {
 
 // ProcessList returns an array of ProcessListItems for the container. This is a legacy v1 call
 func (container *container) ProcessList() ([]ProcessListItem, error) {
-	properties, err := container.system.Properties(schema1.PropertyTypeProcessList)
+	properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeProcessList)
 	if err != nil {
 		return nil, convertSystemError(err, container)
 	}
@@ -155,7 +186,7 @@ func (container *container) ProcessList() ([]ProcessListItem, error) {
 
 // This is a legacy v1 call
 func (container *container) MappedVirtualDisks() (map[int]MappedVirtualDiskController, error) {
-	properties, err := container.system.Properties(schema1.PropertyTypeMappedVirtualDisk)
+	properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeMappedVirtualDisk)
 	if err != nil {
 		return nil, convertSystemError(err, container)
 	}
@@ -165,20 +196,20 @@ func (container *container) MappedVirtualDisks() (map[int]MappedVirtualDiskContr
 
 // CreateProcess launches a new process within the container.
 func (container *container) CreateProcess(c *ProcessConfig) (Process, error) {
-	p, err := container.system.CreateProcess(c)
+	p, err := container.system.CreateProcess(context.Background(), c)
 	if err != nil {
 		return nil, convertSystemError(err, container)
 	}
-	return &process{p}, nil
+	return &process{p: p.(*hcs.Process)}, nil
 }
 
 // OpenProcess gets an interface to an existing process within the container.
 func (container *container) OpenProcess(pid int) (Process, error) {
-	p, err := container.system.OpenProcess(pid)
+	p, err := container.system.OpenProcess(context.Background(), pid)
 	if err != nil {
 		return nil, convertSystemError(err, container)
 	}
-	return &process{p}, nil
+	return &process{p: p}, nil
 }
 
 // Close cleans up any state associated with the container but does not terminate or wait for it.
@@ -188,5 +219,5 @@ func (container *container) Close() error {
 
 // Modify the System
 func (container *container) Modify(config *ResourceModificationRequestResponse) error {
-	return convertSystemError(container.system.Modify(config), container)
+	return convertSystemError(container.system.Modify(context.Background(), config), container)
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/errors.go b/vendor/github.com/Microsoft/hcsshim/errors.go
index 63efa23c7a4e8..f367022e712ec 100644
--- a/vendor/github.com/Microsoft/hcsshim/errors.go
+++ b/vendor/github.com/Microsoft/hcsshim/errors.go
@@ -59,7 +59,7 @@ var (
 	// ErrVmcomputeOperationInvalidState is an error encountered when the compute system is not in a valid state for the requested operation
 	ErrVmcomputeOperationInvalidState = hcs.ErrVmcomputeOperationInvalidState
 
-	// ErrProcNotFound is an error encountered when the the process cannot be found
+	// ErrProcNotFound is an error encountered when a procedure look up fails.
 	ErrProcNotFound = hcs.ErrProcNotFound
 
 	// ErrVmcomputeOperationAccessIsDenied is an error which can be encountered when enumerating compute systems in RS1/RS2
@@ -83,7 +83,6 @@ type NetworkNotFoundError = hns.NetworkNotFoundError
 type ProcessError struct {
 	Process   *process
 	Operation string
-	ExtraInfo string
 	Err       error
 	Events    []hcs.ErrorEvent
 }
@@ -92,7 +91,6 @@ type ProcessError struct {
 type ContainerError struct {
 	Container *container
 	Operation string
-	ExtraInfo string
 	Err       error
 	Events    []hcs.ErrorEvent
 }
@@ -125,22 +123,9 @@ func (e *ContainerError) Error() string {
 		s += "\n" + ev.String()
 	}
 
-	if e.ExtraInfo != "" {
-		s += " extra info: " + e.ExtraInfo
-	}
-
 	return s
 }
 
-func makeContainerError(container *container, operation string, extraInfo string, err error) error {
-	// Don't double wrap errors
-	if _, ok := err.(*ContainerError); ok {
-		return err
-	}
-	containerError := &ContainerError{Container: container, Operation: operation, ExtraInfo: extraInfo, Err: err}
-	return containerError
-}
-
 func (e *ProcessError) Error() string {
 	if e == nil {
 		return "<nil>"
@@ -171,19 +156,10 @@ func (e *ProcessError) Error() string {
 	return s
 }
 
-func makeProcessError(process *process, operation string, extraInfo string, err error) error {
-	// Don't double wrap errors
-	if _, ok := err.(*ProcessError); ok {
-		return err
-	}
-	processError := &ProcessError{Process: process, Operation: operation, ExtraInfo: extraInfo, Err: err}
-	return processError
-}
-
 // IsNotExist checks if an error is caused by the Container or Process not existing.
 // Note: Currently, ErrElementNotFound can mean that a Process has either
 // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
-// will currently return true when the error is ErrElementNotFound or ErrProcNotFound.
+// will currently return true when the error is ErrElementNotFound.
 func IsNotExist(err error) bool {
 	if _, ok := err.(EndpointNotFoundError); ok {
 		return true
@@ -216,7 +192,7 @@ func IsTimeout(err error) bool {
 // a Container or Process being already stopped.
 // Note: Currently, ErrElementNotFound can mean that a Process has either
 // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
-// will currently return true when the error is ErrElementNotFound or ErrProcNotFound.
+// will currently return true when the error is ErrElementNotFound.
 func IsAlreadyStopped(err error) bool {
 	return hcs.IsAlreadyStopped(getInnerError(err))
 }
@@ -230,6 +206,18 @@ func IsNotSupported(err error) bool {
 	return hcs.IsNotSupported(getInnerError(err))
 }
 
+// IsOperationInvalidState returns true when err is caused by
+// `ErrVmcomputeOperationInvalidState`.
+func IsOperationInvalidState(err error) bool {
+	return hcs.IsOperationInvalidState(getInnerError(err))
+}
+
+// IsAccessIsDenied returns true when err is caused by
+// `ErrVmcomputeOperationAccessIsDenied`.
+func IsAccessIsDenied(err error) bool {
+	return hcs.IsAccessIsDenied(getInnerError(err))
+}
+
 func getInnerError(err error) error {
 	switch pe := err.(type) {
 	case nil:
@@ -244,7 +232,7 @@ func getInnerError(err error) error {
 
 func convertSystemError(err error, c *container) error {
 	if serr, ok := err.(*hcs.SystemError); ok {
-		return &ContainerError{Container: c, Operation: serr.Op, ExtraInfo: serr.Extra, Err: serr.Err, Events: serr.Events}
+		return &ContainerError{Container: c, Operation: serr.Op, Err: serr.Err, Events: serr.Events}
 	}
 	return err
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/go.mod b/vendor/github.com/Microsoft/hcsshim/go.mod
new file mode 100644
index 0000000000000..ffc9c2f387905
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/go.mod
@@ -0,0 +1,31 @@
+module github.com/Microsoft/hcsshim
+
+go 1.13
+
+require (
+	github.com/Microsoft/go-winio v0.4.17
+	github.com/cenkalti/backoff/v4 v4.1.1
+	github.com/containerd/cgroups v1.0.1
+	github.com/containerd/console v1.0.2
+	github.com/containerd/containerd v1.4.9
+	github.com/containerd/continuity v0.1.0 // indirect
+	github.com/containerd/fifo v1.0.0 // indirect
+	github.com/containerd/go-runc v1.0.0
+	github.com/containerd/ttrpc v1.1.0
+	github.com/containerd/typeurl v1.0.2
+	github.com/gogo/protobuf v1.3.2
+	github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d
+	github.com/pkg/errors v0.9.1
+	github.com/sirupsen/logrus v1.8.1
+	github.com/urfave/cli v1.22.2
+	go.opencensus.io v0.22.3
+	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
+	golang.org/x/sys v0.0.0-20210324051608-47abb6519492
+	google.golang.org/grpc v1.33.2
+	gotest.tools/v3 v3.0.3 // indirect
+)
+
+replace (
+	google.golang.org/genproto => google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
+	google.golang.org/grpc => google.golang.org/grpc v1.27.1
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go b/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go
index f2eedbe3d3aee..9e0059447d9f4 100644
--- a/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go
+++ b/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go
@@ -6,6 +6,10 @@ import (
 
 // HNSEndpoint represents a network endpoint in HNS
 type HNSEndpoint = hns.HNSEndpoint
+
+// HNSEndpointStats represent the stats for an networkendpoint in HNS
+type HNSEndpointStats = hns.EndpointStats
+
 // Namespace represents a Compartment.
 type Namespace = hns.Namespace
 
@@ -38,11 +42,27 @@ func HNSListEndpointRequest() ([]HNSEndpoint, error) {
 
 // HotAttachEndpoint makes a HCS Call to attach the endpoint to the container
 func HotAttachEndpoint(containerID string, endpointID string) error {
+	endpoint, err := GetHNSEndpointByID(endpointID)
+	if err != nil {
+		return err
+	}
+	isAttached, err := endpoint.IsAttached(containerID)
+	if isAttached {
+		return err
+	}
 	return modifyNetworkEndpoint(containerID, endpointID, Add)
 }
 
 // HotDetachEndpoint makes a HCS Call to detach the endpoint from the container
 func HotDetachEndpoint(containerID string, endpointID string) error {
+	endpoint, err := GetHNSEndpointByID(endpointID)
+	if err != nil {
+		return err
+	}
+	isAttached, err := endpoint.IsAttached(containerID)
+	if !isAttached {
+		return err
+	}
 	return modifyNetworkEndpoint(containerID, endpointID, Remove)
 }
 
@@ -91,3 +111,8 @@ func GetHNSEndpointByID(endpointID string) (*HNSEndpoint, error) {
 func GetHNSEndpointByName(endpointName string) (*HNSEndpoint, error) {
 	return hns.GetHNSEndpointByName(endpointName)
 }
+
+// GetHNSEndpointStats gets the endpoint stats by ID
+func GetHNSEndpointStats(endpointName string) (*HNSEndpointStats, error) {
+	return hns.GetHNSEndpointStats(endpointName)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/hnspolicy.go b/vendor/github.com/Microsoft/hcsshim/hnspolicy.go
index a3e03ff8fcf89..00ab2636449ea 100644
--- a/vendor/github.com/Microsoft/hcsshim/hnspolicy.go
+++ b/vendor/github.com/Microsoft/hcsshim/hnspolicy.go
@@ -21,8 +21,11 @@ const (
 	OutboundNat          = hns.OutboundNat
 	ExternalLoadBalancer = hns.ExternalLoadBalancer
 	Route                = hns.Route
+	Proxy                = hns.Proxy
 )
 
+type ProxyPolicy = hns.ProxyPolicy
+
 type NatPolicy = hns.NatPolicy
 
 type QosPolicy = hns.QosPolicy
diff --git a/vendor/github.com/Microsoft/hcsshim/interface.go b/vendor/github.com/Microsoft/hcsshim/interface.go
index 2724624fd5aa6..300eb59966874 100644
--- a/vendor/github.com/Microsoft/hcsshim/interface.go
+++ b/vendor/github.com/Microsoft/hcsshim/interface.go
@@ -4,7 +4,7 @@ import (
 	"io"
 	"time"
 
-	"github.com/Microsoft/hcsshim/internal/schema1"
+	"github.com/Microsoft/hcsshim/internal/hcs/schema1"
 )
 
 // ProcessConfig is used as both the input of Container.CreateProcess
@@ -17,6 +17,11 @@ type MappedPipe = schema1.MappedPipe
 type HvRuntime = schema1.HvRuntime
 type MappedVirtualDisk = schema1.MappedVirtualDisk
 
+// AssignedDevice represents a device that has been directly assigned to a container
+//
+// NOTE: Support added in RS5
+type AssignedDevice = schema1.AssignedDevice
+
 // ContainerConfig is used as both the input of CreateContainer
 // and to convert the parameters to JSON for passing onto the HCS
 type ContainerConfig = schema1.ContainerConfig
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go b/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go
new file mode 100644
index 0000000000000..27a62a7238618
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go
@@ -0,0 +1,91 @@
+package cow
+
+import (
+	"context"
+	"io"
+
+	"github.com/Microsoft/hcsshim/internal/hcs/schema1"
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+)
+
+// Process is the interface for an OS process running in a container or utility VM.
+type Process interface {
+	// Close releases resources associated with the process and closes the
+	// writer and readers returned by Stdio. Depending on the implementation,
+	// this may also terminate the process.
+	Close() error
+	// CloseStdin causes the process's stdin handle to receive EOF/EPIPE/whatever
+	// is appropriate to indicate that no more data is available.
+	CloseStdin(ctx context.Context) error
+	// CloseStdout closes the stdout connection to the process. It is used to indicate
+	// that we are done receiving output on the shim side.
+	CloseStdout(ctx context.Context) error
+	// CloseStderr closes the stderr connection to the process. It is used to indicate
+	// that we are done receiving output on the shim side.
+	CloseStderr(ctx context.Context) error
+	// Pid returns the process ID.
+	Pid() int
+	// Stdio returns the stdio streams for a process. These may be nil if a stream
+	// was not requested during CreateProcess.
+	Stdio() (_ io.Writer, _ io.Reader, _ io.Reader)
+	// ResizeConsole resizes the virtual terminal associated with the process.
+	ResizeConsole(ctx context.Context, width, height uint16) error
+	// Kill sends a SIGKILL or equivalent signal to the process and returns whether
+	// the signal was delivered. It does not wait for the process to terminate.
+	Kill(ctx context.Context) (bool, error)
+	// Signal sends a signal to the process and returns whether the signal was
+	// delivered. The input is OS specific (either
+	// guestrequest.SignalProcessOptionsWCOW or
+	// guestrequest.SignalProcessOptionsLCOW). It does not wait for the process
+	// to terminate.
+	Signal(ctx context.Context, options interface{}) (bool, error)
+	// Wait waits for the process to complete, or for a connection to the process to be
+	// terminated by some error condition (including calling Close).
+	Wait() error
+	// ExitCode returns the exit code of the process. Returns an error if the process is
+	// not running.
+	ExitCode() (int, error)
+}
+
+// ProcessHost is the interface for creating processes.
+type ProcessHost interface {
+	// CreateProcess creates a process. The configuration is host specific
+	// (either hcsschema.ProcessParameters or lcow.ProcessParameters).
+	CreateProcess(ctx context.Context, config interface{}) (Process, error)
+	// OS returns the host's operating system, "linux" or "windows".
+	OS() string
+	// IsOCI specifies whether this is an OCI-compliant process host. If true,
+	// then the configuration passed to CreateProcess should have an OCI process
+	// spec (or nil if this is the initial process in an OCI container).
+	// Otherwise, it should have the HCS-specific process parameters.
+	IsOCI() bool
+}
+
+// Container is the interface for container objects, either running on the host or
+// in a utility VM.
+type Container interface {
+	ProcessHost
+	// Close releases the resources associated with the container. Depending on
+	// the implementation, this may also terminate the container.
+	Close() error
+	// ID returns the container ID.
+	ID() string
+	// Properties returns the requested container properties targeting a V1 schema container.
+	Properties(ctx context.Context, types ...schema1.PropertyType) (*schema1.ContainerProperties, error)
+	// PropertiesV2 returns the requested container properties targeting a V2 schema container.
+	PropertiesV2(ctx context.Context, types ...hcsschema.PropertyType) (*hcsschema.Properties, error)
+	// Start starts a container.
+	Start(ctx context.Context) error
+	// Shutdown sends a shutdown request to the container (but does not wait for
+	// the shutdown to complete).
+	Shutdown(ctx context.Context) error
+	// Terminate sends a terminate request to the container (but does not wait
+	// for the terminate to complete).
+	Terminate(ctx context.Context) error
+	// Wait waits for the container to terminate, or for the connection to the
+	// container to be terminated by some error condition (including calling
+	// Close).
+	Wait() error
+	// Modify sends a request to modify container resources
+	Modify(ctx context.Context, config interface{}) error
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/guid/guid.go b/vendor/github.com/Microsoft/hcsshim/internal/guid/guid.go
deleted file mode 100644
index e9e45c0306dc0..0000000000000
--- a/vendor/github.com/Microsoft/hcsshim/internal/guid/guid.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package guid
-
-import (
-	"crypto/rand"
-	"encoding/json"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-)
-
-var _ = (json.Marshaler)(&GUID{})
-var _ = (json.Unmarshaler)(&GUID{})
-
-type GUID [16]byte
-
-func New() GUID {
-	g := GUID{}
-	_, err := io.ReadFull(rand.Reader, g[:])
-	if err != nil {
-		panic(err)
-	}
-	return g
-}
-
-func (g GUID) String() string {
-	return fmt.Sprintf("%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x-%02x", g[3], g[2], g[1], g[0], g[5], g[4], g[7], g[6], g[8:10], g[10:])
-}
-
-func FromString(s string) GUID {
-	if len(s) != 36 {
-		panic(fmt.Sprintf("invalid GUID length: %d", len(s)))
-	}
-	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
-		panic("invalid GUID format")
-	}
-	indexOrder := [16]int{
-		0, 2, 4, 6,
-		9, 11,
-		14, 16,
-		19, 21,
-		24, 26, 28, 30, 32, 34,
-	}
-	byteOrder := [16]int{
-		3, 2, 1, 0,
-		5, 4,
-		7, 6,
-		8, 9,
-		10, 11, 12, 13, 14, 15,
-	}
-	var g GUID
-	for i, x := range indexOrder {
-		b, err := strconv.ParseInt(s[x:x+2], 16, 16)
-		if err != nil {
-			panic(err)
-		}
-		g[byteOrder[i]] = byte(b)
-	}
-	return g
-}
-
-func (g GUID) MarshalJSON() ([]byte, error) {
-	return json.Marshal(g.String())
-}
-
-func (g *GUID) UnmarshalJSON(data []byte) error {
-	*g = FromString(strings.Trim(string(data), "\""))
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go
index e41c40ec8fe7f..d13772b0301eb 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go
@@ -1,25 +1,38 @@
 package hcs
 
 import (
+	"fmt"
 	"sync"
 	"syscall"
 
 	"github.com/Microsoft/hcsshim/internal/interop"
+	"github.com/Microsoft/hcsshim/internal/logfields"
+	"github.com/Microsoft/hcsshim/internal/vmcompute"
+	"github.com/sirupsen/logrus"
 )
 
 var (
 	nextCallback    uintptr
-	callbackMap     = map[uintptr]*notifcationWatcherContext{}
+	callbackMap     = map[uintptr]*notificationWatcherContext{}
 	callbackMapLock = sync.RWMutex{}
 
 	notificationWatcherCallback = syscall.NewCallback(notificationWatcher)
 
 	// Notifications for HCS_SYSTEM handles
-	hcsNotificationSystemExited          hcsNotification = 0x00000001
-	hcsNotificationSystemCreateCompleted hcsNotification = 0x00000002
-	hcsNotificationSystemStartCompleted  hcsNotification = 0x00000003
-	hcsNotificationSystemPauseCompleted  hcsNotification = 0x00000004
-	hcsNotificationSystemResumeCompleted hcsNotification = 0x00000005
+	hcsNotificationSystemExited                      hcsNotification = 0x00000001
+	hcsNotificationSystemCreateCompleted             hcsNotification = 0x00000002
+	hcsNotificationSystemStartCompleted              hcsNotification = 0x00000003
+	hcsNotificationSystemPauseCompleted              hcsNotification = 0x00000004
+	hcsNotificationSystemResumeCompleted             hcsNotification = 0x00000005
+	hcsNotificationSystemCrashReport                 hcsNotification = 0x00000006
+	hcsNotificationSystemSiloJobCreated              hcsNotification = 0x00000007
+	hcsNotificationSystemSaveCompleted               hcsNotification = 0x00000008
+	hcsNotificationSystemRdpEnhancedModeStateChanged hcsNotification = 0x00000009
+	hcsNotificationSystemShutdownFailed              hcsNotification = 0x0000000A
+	hcsNotificationSystemGetPropertiesCompleted      hcsNotification = 0x0000000B
+	hcsNotificationSystemModifyCompleted             hcsNotification = 0x0000000C
+	hcsNotificationSystemCrashInitiated              hcsNotification = 0x0000000D
+	hcsNotificationSystemGuestConnectionClosed       hcsNotification = 0x0000000E
 
 	// Notifications for HCS_PROCESS handles
 	hcsNotificationProcessExited hcsNotification = 0x00010000
@@ -30,35 +43,91 @@ var (
 )
 
 type hcsNotification uint32
+
+func (hn hcsNotification) String() string {
+	switch hn {
+	case hcsNotificationSystemExited:
+		return "SystemExited"
+	case hcsNotificationSystemCreateCompleted:
+		return "SystemCreateCompleted"
+	case hcsNotificationSystemStartCompleted:
+		return "SystemStartCompleted"
+	case hcsNotificationSystemPauseCompleted:
+		return "SystemPauseCompleted"
+	case hcsNotificationSystemResumeCompleted:
+		return "SystemResumeCompleted"
+	case hcsNotificationSystemCrashReport:
+		return "SystemCrashReport"
+	case hcsNotificationSystemSiloJobCreated:
+		return "SystemSiloJobCreated"
+	case hcsNotificationSystemSaveCompleted:
+		return "SystemSaveCompleted"
+	case hcsNotificationSystemRdpEnhancedModeStateChanged:
+		return "SystemRdpEnhancedModeStateChanged"
+	case hcsNotificationSystemShutdownFailed:
+		return "SystemShutdownFailed"
+	case hcsNotificationSystemGetPropertiesCompleted:
+		return "SystemGetPropertiesCompleted"
+	case hcsNotificationSystemModifyCompleted:
+		return "SystemModifyCompleted"
+	case hcsNotificationSystemCrashInitiated:
+		return "SystemCrashInitiated"
+	case hcsNotificationSystemGuestConnectionClosed:
+		return "SystemGuestConnectionClosed"
+	case hcsNotificationProcessExited:
+		return "ProcessExited"
+	case hcsNotificationInvalid:
+		return "Invalid"
+	case hcsNotificationServiceDisconnect:
+		return "ServiceDisconnect"
+	default:
+		return fmt.Sprintf("Unknown: %d", hn)
+	}
+}
+
 type notificationChannel chan error
 
-type notifcationWatcherContext struct {
+type notificationWatcherContext struct {
 	channels notificationChannels
-	handle   hcsCallback
+	handle   vmcompute.HcsCallback
+
+	systemID  string
+	processID int
 }
 
 type notificationChannels map[hcsNotification]notificationChannel
 
-func newChannels() notificationChannels {
+func newSystemChannels() notificationChannels {
 	channels := make(notificationChannels)
+	for _, notif := range []hcsNotification{
+		hcsNotificationServiceDisconnect,
+		hcsNotificationSystemExited,
+		hcsNotificationSystemCreateCompleted,
+		hcsNotificationSystemStartCompleted,
+		hcsNotificationSystemPauseCompleted,
+		hcsNotificationSystemResumeCompleted,
+		hcsNotificationSystemSaveCompleted,
+	} {
+		channels[notif] = make(notificationChannel, 1)
+	}
+	return channels
+}
 
-	channels[hcsNotificationSystemExited] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemCreateCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemStartCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemPauseCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemResumeCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationProcessExited] = make(notificationChannel, 1)
-	channels[hcsNotificationServiceDisconnect] = make(notificationChannel, 1)
+func newProcessChannels() notificationChannels {
+	channels := make(notificationChannels)
+	for _, notif := range []hcsNotification{
+		hcsNotificationServiceDisconnect,
+		hcsNotificationProcessExited,
+	} {
+		channels[notif] = make(notificationChannel, 1)
+	}
 	return channels
 }
+
 func closeChannels(channels notificationChannels) {
-	close(channels[hcsNotificationSystemExited])
-	close(channels[hcsNotificationSystemCreateCompleted])
-	close(channels[hcsNotificationSystemStartCompleted])
-	close(channels[hcsNotificationSystemPauseCompleted])
-	close(channels[hcsNotificationSystemResumeCompleted])
-	close(channels[hcsNotificationProcessExited])
-	close(channels[hcsNotificationServiceDisconnect])
+	for _, c := range channels {
+		close(c)
+	}
 }
 
 func notificationWatcher(notificationType hcsNotification, callbackNumber uintptr, notificationStatus uintptr, notificationData *uint16) uintptr {
@@ -75,7 +144,18 @@ func notificationWatcher(notificationType hcsNotification, callbackNumber uintpt
 		return 0
 	}
 
-	context.channels[notificationType] <- result
+	log := logrus.WithFields(logrus.Fields{
+		"notification-type": notificationType.String(),
+		"system-id":         context.systemID,
+	})
+	if context.processID != 0 {
+		log.Data[logfields.ProcessID] = context.processID
+	}
+	log.Debug("HCS notification")
+
+	if channel, ok := context.channels[notificationType]; ok {
+		channel <- result
+	}
 
 	return 0
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/cgo.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/cgo.go
deleted file mode 100644
index 3669c34aa2cc1..0000000000000
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/cgo.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package hcs
-
-import "C"
-
-// This import is needed to make the library compile as CGO because HCSSHIM
-// only works with CGO due to callbacks from HCS comming back from a C thread
-// which is not supported without CGO. See https://github.com/golang/go/issues/10973
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
index 7471f5cc13f73..644f0ab711f1b 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
@@ -1,13 +1,14 @@
 package hcs
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net"
 	"syscall"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/log"
 )
 
 var (
@@ -59,7 +60,7 @@ var (
 	// ErrVmcomputeOperationInvalidState is an error encountered when the compute system is not in a valid state for the requested operation
 	ErrVmcomputeOperationInvalidState = syscall.Errno(0xc0370105)
 
-	// ErrProcNotFound is an error encountered when the the process cannot be found
+	// ErrProcNotFound is an error encountered when a procedure look up fails.
 	ErrProcNotFound = syscall.Errno(0x7f)
 
 	// ErrVmcomputeOperationAccessIsDenied is an error which can be encountered when enumerating compute systems in RS1/RS2
@@ -72,6 +73,9 @@ var (
 	// ErrVmcomputeUnknownMessage is an error encountered guest compute system doesn't support the message
 	ErrVmcomputeUnknownMessage = syscall.Errno(0xc037010b)
 
+	// ErrVmcomputeUnexpectedExit is an error encountered when the compute system terminates unexpectedly
+	ErrVmcomputeUnexpectedExit = syscall.Errno(0xC0370106)
+
 	// ErrNotSupported is an error encountered when hcs doesn't support the request
 	ErrPlatformNotSupported = errors.New("unsupported platform request")
 )
@@ -113,13 +117,11 @@ func (ev *ErrorEvent) String() string {
 	return evs
 }
 
-func processHcsResult(resultp *uint16) []ErrorEvent {
-	if resultp != nil {
-		resultj := interop.ConvertAndFreeCoTaskMemString(resultp)
-		logrus.Debugf("Result: %s", resultj)
+func processHcsResult(ctx context.Context, resultJSON string) []ErrorEvent {
+	if resultJSON != "" {
 		result := &hcsResult{}
-		if err := json.Unmarshal([]byte(resultj), result); err != nil {
-			logrus.Warnf("Could not unmarshal HCS result %s: %s", resultj, err)
+		if err := json.Unmarshal([]byte(resultJSON), result); err != nil {
+			log.G(ctx).WithError(err).Warning("Could not unmarshal HCS result")
 			return nil
 		}
 		return result.ErrorEvents
@@ -133,6 +135,8 @@ type HcsError struct {
 	Events []ErrorEvent
 }
 
+var _ net.Error = &HcsError{}
+
 func (e *HcsError) Error() string {
 	s := e.Op + ": " + e.Err.Error()
 	for _, ev := range e.Events {
@@ -141,6 +145,16 @@ func (e *HcsError) Error() string {
 	return s
 }
 
+func (e *HcsError) Temporary() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Temporary()
+}
+
+func (e *HcsError) Timeout() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Timeout()
+}
+
 // ProcessError is an error encountered in HCS during an operation on a Process object
 type ProcessError struct {
 	SystemID string
@@ -150,27 +164,37 @@ type ProcessError struct {
 	Events   []ErrorEvent
 }
 
+var _ net.Error = &ProcessError{}
+
 // SystemError is an error encountered in HCS during an operation on a Container object
 type SystemError struct {
 	ID     string
 	Op     string
 	Err    error
-	Extra  string
 	Events []ErrorEvent
 }
 
+var _ net.Error = &SystemError{}
+
 func (e *SystemError) Error() string {
 	s := e.Op + " " + e.ID + ": " + e.Err.Error()
 	for _, ev := range e.Events {
 		s += "\n" + ev.String()
 	}
-	if e.Extra != "" {
-		s += "\n(extra info: " + e.Extra + ")"
-	}
 	return s
 }
 
-func makeSystemError(system *System, op string, extra string, err error, events []ErrorEvent) error {
+func (e *SystemError) Temporary() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Temporary()
+}
+
+func (e *SystemError) Timeout() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Timeout()
+}
+
+func makeSystemError(system *System, op string, err error, events []ErrorEvent) error {
 	// Don't double wrap errors
 	if _, ok := err.(*SystemError); ok {
 		return err
@@ -178,7 +202,6 @@ func makeSystemError(system *System, op string, extra string, err error, events
 	return &SystemError{
 		ID:     system.ID(),
 		Op:     op,
-		Extra:  extra,
 		Err:    err,
 		Events: events,
 	}
@@ -192,6 +215,16 @@ func (e *ProcessError) Error() string {
 	return s
 }
 
+func (e *ProcessError) Temporary() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Temporary()
+}
+
+func (e *ProcessError) Timeout() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Timeout()
+}
+
 func makeProcessError(process *Process, op string, err error, events []ErrorEvent) error {
 	// Don't double wrap errors
 	if _, ok := err.(*ProcessError); ok {
@@ -209,12 +242,11 @@ func makeProcessError(process *Process, op string, err error, events []ErrorEven
 // IsNotExist checks if an error is caused by the Container or Process not existing.
 // Note: Currently, ErrElementNotFound can mean that a Process has either
 // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
-// will currently return true when the error is ErrElementNotFound or ErrProcNotFound.
+// will currently return true when the error is ErrElementNotFound.
 func IsNotExist(err error) bool {
 	err = getInnerError(err)
 	return err == ErrComputeSystemDoesNotExist ||
-		err == ErrElementNotFound ||
-		err == ErrProcNotFound
+		err == ErrElementNotFound
 }
 
 // IsAlreadyClosed checks if an error is caused by the Container or Process having been
@@ -234,6 +266,9 @@ func IsPending(err error) bool {
 // IsTimeout returns a boolean indicating whether the error is caused by
 // a timeout waiting for the operation to complete.
 func IsTimeout(err error) bool {
+	if err, ok := err.(net.Error); ok && err.Timeout() {
+		return true
+	}
 	err = getInnerError(err)
 	return err == ErrTimeout
 }
@@ -242,12 +277,11 @@ func IsTimeout(err error) bool {
 // a Container or Process being already stopped.
 // Note: Currently, ErrElementNotFound can mean that a Process has either
 // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
-// will currently return true when the error is ErrElementNotFound or ErrProcNotFound.
+// will currently return true when the error is ErrElementNotFound.
 func IsAlreadyStopped(err error) bool {
 	err = getInnerError(err)
 	return err == ErrVmcomputeAlreadyStopped ||
-		err == ErrElementNotFound ||
-		err == ErrProcNotFound
+		err == ErrElementNotFound
 }
 
 // IsNotSupported returns a boolean indicating whether the error is caused by
@@ -264,6 +298,20 @@ func IsNotSupported(err error) bool {
 		err == ErrVmcomputeUnknownMessage
 }
 
+// IsOperationInvalidState returns true when err is caused by
+// `ErrVmcomputeOperationInvalidState`.
+func IsOperationInvalidState(err error) bool {
+	err = getInnerError(err)
+	return err == ErrVmcomputeOperationInvalidState
+}
+
+// IsAccessIsDenied returns true when err is caused by
+// `ErrVmcomputeOperationAccessIsDenied`.
+func IsAccessIsDenied(err error) bool {
+	err = getInnerError(err)
+	return err == ErrVmcomputeOperationAccessIsDenied
+}
+
 func getInnerError(err error) error {
 	switch pe := err.(type) {
 	case nil:
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/hcs.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/hcs.go
deleted file mode 100644
index b8e30eba174ef..0000000000000
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/hcs.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Shim for the Host Compute Service (HCS) to manage Windows Server
-// containers and Hyper-V containers.
-
-package hcs
-
-import (
-	"syscall"
-)
-
-//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go hcs.go
-
-//sys hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) = vmcompute.HcsEnumerateComputeSystems?
-//sys hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *hcsSystem, result **uint16) (hr error) = vmcompute.HcsCreateComputeSystem?
-//sys hcsOpenComputeSystem(id string, computeSystem *hcsSystem, result **uint16) (hr error) = vmcompute.HcsOpenComputeSystem?
-//sys hcsCloseComputeSystem(computeSystem hcsSystem) (hr error) = vmcompute.HcsCloseComputeSystem?
-//sys hcsStartComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsStartComputeSystem?
-//sys hcsShutdownComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsShutdownComputeSystem?
-//sys hcsTerminateComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsTerminateComputeSystem?
-//sys hcsPauseComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsPauseComputeSystem?
-//sys hcsResumeComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsResumeComputeSystem?
-//sys hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetComputeSystemProperties?
-//sys hcsModifyComputeSystem(computeSystem hcsSystem, configuration string, result **uint16) (hr error) = vmcompute.HcsModifyComputeSystem?
-//sys hcsRegisterComputeSystemCallback(computeSystem hcsSystem, callback uintptr, context uintptr, callbackHandle *hcsCallback) (hr error) = vmcompute.HcsRegisterComputeSystemCallback?
-//sys hcsUnregisterComputeSystemCallback(callbackHandle hcsCallback) (hr error) = vmcompute.HcsUnregisterComputeSystemCallback?
-
-//sys hcsCreateProcess(computeSystem hcsSystem, processParameters string, processInformation *hcsProcessInformation, process *hcsProcess, result **uint16) (hr error) = vmcompute.HcsCreateProcess?
-//sys hcsOpenProcess(computeSystem hcsSystem, pid uint32, process *hcsProcess, result **uint16) (hr error) = vmcompute.HcsOpenProcess?
-//sys hcsCloseProcess(process hcsProcess) (hr error) = vmcompute.HcsCloseProcess?
-//sys hcsTerminateProcess(process hcsProcess, result **uint16) (hr error) = vmcompute.HcsTerminateProcess?
-//sys hcsGetProcessInfo(process hcsProcess, processInformation *hcsProcessInformation, result **uint16) (hr error) = vmcompute.HcsGetProcessInfo?
-//sys hcsGetProcessProperties(process hcsProcess, processProperties **uint16, result **uint16) (hr error) = vmcompute.HcsGetProcessProperties?
-//sys hcsModifyProcess(process hcsProcess, settings string, result **uint16) (hr error) = vmcompute.HcsModifyProcess?
-//sys hcsGetServiceProperties(propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetServiceProperties?
-//sys hcsRegisterProcessCallback(process hcsProcess, callback uintptr, context uintptr, callbackHandle *hcsCallback) (hr error) = vmcompute.HcsRegisterProcessCallback?
-//sys hcsUnregisterProcessCallback(callbackHandle hcsCallback) (hr error) = vmcompute.HcsUnregisterProcessCallback?
-
-type hcsSystem syscall.Handle
-type hcsProcess syscall.Handle
-type hcsCallback syscall.Handle
-
-type hcsProcessInformation struct {
-	ProcessId uint32
-	Reserved  uint32
-	StdInput  syscall.Handle
-	StdOutput syscall.Handle
-	StdError  syscall.Handle
-}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go
index 8294d66d7b489..8f203466887ab 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go
@@ -1,31 +1,45 @@
 package hcs
 
 import (
+	"context"
 	"encoding/json"
-	"fmt"
 	"io"
 	"sync"
 	"syscall"
 	"time"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/internal/vmcompute"
+	"go.opencensus.io/trace"
 )
 
 // ContainerError is an error encountered in HCS
 type Process struct {
 	handleLock     sync.RWMutex
-	handle         hcsProcess
+	handle         vmcompute.HcsProcess
 	processID      int
 	system         *System
-	cachedPipes    *cachedPipes
+	hasCachedStdio bool
+	stdioLock      sync.Mutex
+	stdin          io.WriteCloser
+	stdout         io.ReadCloser
+	stderr         io.ReadCloser
 	callbackNumber uintptr
+
+	closedWaitOnce sync.Once
+	waitBlock      chan struct{}
+	exitCode       int
+	waitError      error
 }
 
-type cachedPipes struct {
-	stdIn  syscall.Handle
-	stdOut syscall.Handle
-	stdErr syscall.Handle
+func newProcess(process vmcompute.HcsProcess, processID int, computeSystem *System) *Process {
+	return &Process{
+		handle:    process,
+		processID: processID,
+		system:    computeSystem,
+		waitBlock: make(chan struct{}),
+	}
 }
 
 type processModifyRequest struct {
@@ -43,18 +57,14 @@ type closeHandle struct {
 	Handle string
 }
 
-type ProcessStatus struct {
+type processStatus struct {
 	ProcessID      uint32
 	Exited         bool
 	ExitCode       uint32
 	LastWaitResult int32
 }
 
-const (
-	stdIn  string = "StdIn"
-	stdOut string = "StdOut"
-	stdErr string = "StdErr"
-)
+const stdIn string = "StdIn"
 
 const (
 	modifyConsoleSize string = "ConsoleSize"
@@ -71,70 +81,155 @@ func (process *Process) SystemID() string {
 	return process.system.ID()
 }
 
-// Kill signals the process to terminate but does not wait for it to finish terminating.
-func (process *Process) Kill() error {
+func (process *Process) processSignalResult(ctx context.Context, err error) (bool, error) {
+	switch err {
+	case nil:
+		return true, nil
+	case ErrVmcomputeOperationInvalidState, ErrComputeSystemDoesNotExist, ErrElementNotFound:
+		select {
+		case <-process.waitBlock:
+			// The process exit notification has already arrived.
+		default:
+			// The process should be gone, but we have not received the notification.
+			// After a second, force unblock the process wait to work around a possible
+			// deadlock in the HCS.
+			go func() {
+				time.Sleep(time.Second)
+				process.closedWaitOnce.Do(func() {
+					log.G(ctx).WithError(err).Warn("force unblocking process waits")
+					process.exitCode = -1
+					process.waitError = err
+					close(process.waitBlock)
+				})
+			}()
+		}
+		return false, nil
+	default:
+		return false, err
+	}
+}
+
+// Signal signals the process with `options`.
+//
+// For LCOW `guestrequest.SignalProcessOptionsLCOW`.
+//
+// For WCOW `guestrequest.SignalProcessOptionsWCOW`.
+func (process *Process) Signal(ctx context.Context, options interface{}) (bool, error) {
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
-	operation := "Kill"
-	title := "hcsshim::Process::" + operation
-	logrus.Debugf(title+" processid=%d", process.processID)
+
+	operation := "hcs::Process::Signal"
 
 	if process.handle == 0 {
-		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
+		return false, makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
-	var resultp *uint16
-	completed := false
-	go syscallWatcher(fmt.Sprintf("TerminateProcess %s: %d", process.SystemID(), process.Pid()), &completed)
-	err := hcsTerminateProcess(process.handle, &resultp)
-	completed = true
-	events := processHcsResult(resultp)
+	optionsb, err := json.Marshal(options)
 	if err != nil {
-		return makeProcessError(process, operation, err, events)
+		return false, err
 	}
 
-	logrus.Debugf(title+" succeeded processid=%d", process.processID)
-	return nil
+	resultJSON, err := vmcompute.HcsSignalProcess(ctx, process.handle, string(optionsb))
+	events := processHcsResult(ctx, resultJSON)
+	delivered, err := process.processSignalResult(ctx, err)
+	if err != nil {
+		err = makeProcessError(process, operation, err, events)
+	}
+	return delivered, err
 }
 
-// Wait waits for the process to exit.
-func (process *Process) Wait() error {
-	operation := "Wait"
-	title := "hcsshim::Process::" + operation
-	logrus.Debugf(title+" processid=%d", process.processID)
+// Kill signals the process to terminate but does not wait for it to finish terminating.
+func (process *Process) Kill(ctx context.Context) (bool, error) {
+	process.handleLock.RLock()
+	defer process.handleLock.RUnlock()
 
-	err := waitForNotification(process.callbackNumber, hcsNotificationProcessExited, nil)
-	if err != nil {
-		return makeProcessError(process, operation, err, nil)
+	operation := "hcs::Process::Kill"
+
+	if process.handle == 0 {
+		return false, makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
-	logrus.Debugf(title+" succeeded processid=%d", process.processID)
-	return nil
+	resultJSON, err := vmcompute.HcsTerminateProcess(ctx, process.handle)
+	events := processHcsResult(ctx, resultJSON)
+	delivered, err := process.processSignalResult(ctx, err)
+	if err != nil {
+		err = makeProcessError(process, operation, err, events)
+	}
+	return delivered, err
 }
 
-// WaitTimeout waits for the process to exit or the duration to elapse. It returns
-// false if timeout occurs.
-func (process *Process) WaitTimeout(timeout time.Duration) error {
-	operation := "WaitTimeout"
-	title := "hcsshim::Process::" + operation
-	logrus.Debugf(title+" processid=%d", process.processID)
+// waitBackground waits for the process exit notification. Once received sets
+// `process.waitError` (if any) and unblocks all `Wait` calls.
+//
+// This MUST be called exactly once per `process.handle` but `Wait` is safe to
+// call multiple times.
+func (process *Process) waitBackground() {
+	operation := "hcs::Process::waitBackground"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
 
-	err := waitForNotification(process.callbackNumber, hcsNotificationProcessExited, &timeout)
+	var (
+		err            error
+		exitCode       = -1
+		propertiesJSON string
+		resultJSON     string
+	)
+
+	err = waitForNotification(ctx, process.callbackNumber, hcsNotificationProcessExited, nil)
 	if err != nil {
-		return makeProcessError(process, operation, err, nil)
+		err = makeProcessError(process, operation, err, nil)
+		log.G(ctx).WithError(err).Error("failed wait")
+	} else {
+		process.handleLock.RLock()
+		defer process.handleLock.RUnlock()
+
+		// Make sure we didnt race with Close() here
+		if process.handle != 0 {
+			propertiesJSON, resultJSON, err = vmcompute.HcsGetProcessProperties(ctx, process.handle)
+			events := processHcsResult(ctx, resultJSON)
+			if err != nil {
+				err = makeProcessError(process, operation, err, events) //nolint:ineffassign
+			} else {
+				properties := &processStatus{}
+				err = json.Unmarshal([]byte(propertiesJSON), properties)
+				if err != nil {
+					err = makeProcessError(process, operation, err, nil) //nolint:ineffassign
+				} else {
+					if properties.LastWaitResult != 0 {
+						log.G(ctx).WithField("wait-result", properties.LastWaitResult).Warning("non-zero last wait result")
+					} else {
+						exitCode = int(properties.ExitCode)
+					}
+				}
+			}
+		}
 	}
+	log.G(ctx).WithField("exitCode", exitCode).Debug("process exited")
+
+	process.closedWaitOnce.Do(func() {
+		process.exitCode = exitCode
+		process.waitError = err
+		close(process.waitBlock)
+	})
+	oc.SetSpanStatus(span, err)
+}
 
-	logrus.Debugf(title+" succeeded processid=%d", process.processID)
-	return nil
+// Wait waits for the process to exit. If the process has already exited returns
+// the pervious error (if any).
+func (process *Process) Wait() error {
+	<-process.waitBlock
+	return process.waitError
 }
 
 // ResizeConsole resizes the console of the process.
-func (process *Process) ResizeConsole(width, height uint16) error {
+func (process *Process) ResizeConsole(ctx context.Context, width, height uint16) error {
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
-	operation := "ResizeConsole"
-	title := "hcsshim::Process::" + operation
-	logrus.Debugf(title+" processid=%d", process.processID)
+
+	operation := "hcs::Process::ResizeConsole"
 
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -153,130 +248,86 @@ func (process *Process) ResizeConsole(width, height uint16) error {
 		return err
 	}
 
-	modifyRequestStr := string(modifyRequestb)
-
-	var resultp *uint16
-	err = hcsModifyProcess(process.handle, modifyRequestStr, &resultp)
-	events := processHcsResult(resultp)
+	resultJSON, err := vmcompute.HcsModifyProcess(ctx, process.handle, string(modifyRequestb))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
 		return makeProcessError(process, operation, err, events)
 	}
 
-	logrus.Debugf(title+" succeeded processid=%d", process.processID)
 	return nil
 }
 
-func (process *Process) Properties() (*ProcessStatus, error) {
-	process.handleLock.RLock()
-	defer process.handleLock.RUnlock()
-	operation := "Properties"
-	title := "hcsshim::Process::" + operation
-	logrus.Debugf(title+" processid=%d", process.processID)
-
-	if process.handle == 0 {
-		return nil, makeProcessError(process, operation, ErrAlreadyClosed, nil)
-	}
-
-	var (
-		resultp     *uint16
-		propertiesp *uint16
-	)
-	completed := false
-	go syscallWatcher(fmt.Sprintf("GetProcessProperties %s: %d", process.SystemID(), process.Pid()), &completed)
-	err := hcsGetProcessProperties(process.handle, &propertiesp, &resultp)
-	completed = true
-	events := processHcsResult(resultp)
-	if err != nil {
-		return nil, makeProcessError(process, operation, err, events)
-	}
-
-	if propertiesp == nil {
-		return nil, ErrUnexpectedValue
-	}
-	propertiesRaw := interop.ConvertAndFreeCoTaskMemBytes(propertiesp)
-
-	properties := &ProcessStatus{}
-	if err := json.Unmarshal(propertiesRaw, properties); err != nil {
-		return nil, makeProcessError(process, operation, err, nil)
-	}
-
-	logrus.Debugf(title+" succeeded processid=%d, properties=%s", process.processID, propertiesRaw)
-	return properties, nil
-}
-
 // ExitCode returns the exit code of the process. The process must have
 // already terminated.
 func (process *Process) ExitCode() (int, error) {
-	operation := "ExitCode"
-	properties, err := process.Properties()
-	if err != nil {
-		return 0, makeProcessError(process, operation, err, nil)
-	}
-
-	if properties.Exited == false {
-		return 0, makeProcessError(process, operation, ErrInvalidProcessState, nil)
-	}
-
-	if properties.LastWaitResult != 0 {
-		return 0, makeProcessError(process, operation, syscall.Errno(properties.LastWaitResult), nil)
+	select {
+	case <-process.waitBlock:
+		if process.waitError != nil {
+			return -1, process.waitError
+		}
+		return process.exitCode, nil
+	default:
+		return -1, makeProcessError(process, "hcs::Process::ExitCode", ErrInvalidProcessState, nil)
 	}
-
-	return int(properties.ExitCode), nil
 }
 
-// Stdio returns the stdin, stdout, and stderr pipes, respectively. Closing
-// these pipes does not close the underlying pipes; it should be possible to
-// call this multiple times to get multiple interfaces.
-func (process *Process) Stdio() (io.WriteCloser, io.ReadCloser, io.ReadCloser, error) {
+// StdioLegacy returns the stdin, stdout, and stderr pipes, respectively. Closing
+// these pipes does not close the underlying pipes. Once returned, these pipes
+// are the responsibility of the caller to close.
+func (process *Process) StdioLegacy() (_ io.WriteCloser, _ io.ReadCloser, _ io.ReadCloser, err error) {
+	operation := "hcs::Process::StdioLegacy"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
+
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
-	operation := "Stdio"
-	title := "hcsshim::Process::" + operation
-	logrus.Debugf(title+" processid=%d", process.processID)
 
 	if process.handle == 0 {
 		return nil, nil, nil, makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
-	var stdIn, stdOut, stdErr syscall.Handle
-
-	if process.cachedPipes == nil {
-		var (
-			processInfo hcsProcessInformation
-			resultp     *uint16
-		)
-		err := hcsGetProcessInfo(process.handle, &processInfo, &resultp)
-		events := processHcsResult(resultp)
-		if err != nil {
-			return nil, nil, nil, makeProcessError(process, operation, err, events)
-		}
-
-		stdIn, stdOut, stdErr = processInfo.StdInput, processInfo.StdOutput, processInfo.StdError
-	} else {
-		// Use cached pipes
-		stdIn, stdOut, stdErr = process.cachedPipes.stdIn, process.cachedPipes.stdOut, process.cachedPipes.stdErr
+	process.stdioLock.Lock()
+	defer process.stdioLock.Unlock()
+	if process.hasCachedStdio {
+		stdin, stdout, stderr := process.stdin, process.stdout, process.stderr
+		process.stdin, process.stdout, process.stderr = nil, nil, nil
+		process.hasCachedStdio = false
+		return stdin, stdout, stderr, nil
+	}
 
-		// Invalidate the cache
-		process.cachedPipes = nil
+	processInfo, resultJSON, err := vmcompute.HcsGetProcessInfo(ctx, process.handle)
+	events := processHcsResult(ctx, resultJSON)
+	if err != nil {
+		return nil, nil, nil, makeProcessError(process, operation, err, events)
 	}
 
-	pipes, err := makeOpenFiles([]syscall.Handle{stdIn, stdOut, stdErr})
+	pipes, err := makeOpenFiles([]syscall.Handle{processInfo.StdInput, processInfo.StdOutput, processInfo.StdError})
 	if err != nil {
 		return nil, nil, nil, makeProcessError(process, operation, err, nil)
 	}
 
-	logrus.Debugf(title+" succeeded processid=%d", process.processID)
 	return pipes[0], pipes[1], pipes[2], nil
 }
 
+// Stdio returns the stdin, stdout, and stderr pipes, respectively.
+// To close them, close the process handle.
+func (process *Process) Stdio() (stdin io.Writer, stdout, stderr io.Reader) {
+	process.stdioLock.Lock()
+	defer process.stdioLock.Unlock()
+	return process.stdin, process.stdout, process.stderr
+}
+
 // CloseStdin closes the write side of the stdin pipe so that the process is
 // notified on the read side that there is no more data in stdin.
-func (process *Process) CloseStdin() error {
+func (process *Process) CloseStdin(ctx context.Context) error {
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
-	operation := "CloseStdin"
-	title := "hcsshim::Process::" + operation
-	logrus.Debugf(title+" processid=%d", process.processID)
+
+	operation := "hcs::Process::CloseStdin"
 
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -294,100 +345,177 @@ func (process *Process) CloseStdin() error {
 		return err
 	}
 
-	modifyRequestStr := string(modifyRequestb)
-
-	var resultp *uint16
-	err = hcsModifyProcess(process.handle, modifyRequestStr, &resultp)
-	events := processHcsResult(resultp)
+	resultJSON, err := vmcompute.HcsModifyProcess(ctx, process.handle, string(modifyRequestb))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
 		return makeProcessError(process, operation, err, events)
 	}
 
-	logrus.Debugf(title+" succeeded processid=%d", process.processID)
+	process.stdioLock.Lock()
+	if process.stdin != nil {
+		process.stdin.Close()
+		process.stdin = nil
+	}
+	process.stdioLock.Unlock()
+
+	return nil
+}
+
+func (process *Process) CloseStdout(ctx context.Context) (err error) {
+	ctx, span := trace.StartSpan(ctx, "hcs::Process::CloseStdout") //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
+
+	process.handleLock.Lock()
+	defer process.handleLock.Unlock()
+
+	if process.handle == 0 {
+		return nil
+	}
+
+	process.stdioLock.Lock()
+	defer process.stdioLock.Unlock()
+	if process.stdout != nil {
+		process.stdout.Close()
+		process.stdout = nil
+	}
+	return nil
+}
+
+func (process *Process) CloseStderr(ctx context.Context) (err error) {
+	ctx, span := trace.StartSpan(ctx, "hcs::Process::CloseStderr") //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
+
+	process.handleLock.Lock()
+	defer process.handleLock.Unlock()
+
+	if process.handle == 0 {
+		return nil
+	}
+
+	process.stdioLock.Lock()
+	defer process.stdioLock.Unlock()
+	if process.stderr != nil {
+		process.stderr.Close()
+		process.stderr = nil
+
+	}
 	return nil
 }
 
 // Close cleans up any state associated with the process but does not kill
 // or wait on it.
-func (process *Process) Close() error {
+func (process *Process) Close() (err error) {
+	operation := "hcs::Process::Close"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
+
 	process.handleLock.Lock()
 	defer process.handleLock.Unlock()
-	operation := "Close"
-	title := "hcsshim::Process::" + operation
-	logrus.Debugf(title+" processid=%d", process.processID)
 
 	// Don't double free this
 	if process.handle == 0 {
 		return nil
 	}
 
-	if err := process.unregisterCallback(); err != nil {
+	process.stdioLock.Lock()
+	if process.stdin != nil {
+		process.stdin.Close()
+		process.stdin = nil
+	}
+	if process.stdout != nil {
+		process.stdout.Close()
+		process.stdout = nil
+	}
+	if process.stderr != nil {
+		process.stderr.Close()
+		process.stderr = nil
+	}
+	process.stdioLock.Unlock()
+
+	if err = process.unregisterCallback(ctx); err != nil {
 		return makeProcessError(process, operation, err, nil)
 	}
 
-	if err := hcsCloseProcess(process.handle); err != nil {
+	if err = vmcompute.HcsCloseProcess(ctx, process.handle); err != nil {
 		return makeProcessError(process, operation, err, nil)
 	}
 
 	process.handle = 0
+	process.closedWaitOnce.Do(func() {
+		process.exitCode = -1
+		process.waitError = ErrAlreadyClosed
+		close(process.waitBlock)
+	})
 
-	logrus.Debugf(title+" succeeded processid=%d", process.processID)
 	return nil
 }
 
-func (process *Process) registerCallback() error {
-	context := &notifcationWatcherContext{
-		channels: newChannels(),
+func (process *Process) registerCallback(ctx context.Context) error {
+	callbackContext := &notificationWatcherContext{
+		channels:  newProcessChannels(),
+		systemID:  process.SystemID(),
+		processID: process.processID,
 	}
 
 	callbackMapLock.Lock()
 	callbackNumber := nextCallback
 	nextCallback++
-	callbackMap[callbackNumber] = context
+	callbackMap[callbackNumber] = callbackContext
 	callbackMapLock.Unlock()
 
-	var callbackHandle hcsCallback
-	err := hcsRegisterProcessCallback(process.handle, notificationWatcherCallback, callbackNumber, &callbackHandle)
+	callbackHandle, err := vmcompute.HcsRegisterProcessCallback(ctx, process.handle, notificationWatcherCallback, callbackNumber)
 	if err != nil {
 		return err
 	}
-	context.handle = callbackHandle
+	callbackContext.handle = callbackHandle
 	process.callbackNumber = callbackNumber
 
 	return nil
 }
 
-func (process *Process) unregisterCallback() error {
+func (process *Process) unregisterCallback(ctx context.Context) error {
 	callbackNumber := process.callbackNumber
 
 	callbackMapLock.RLock()
-	context := callbackMap[callbackNumber]
+	callbackContext := callbackMap[callbackNumber]
 	callbackMapLock.RUnlock()
 
-	if context == nil {
+	if callbackContext == nil {
 		return nil
 	}
 
-	handle := context.handle
+	handle := callbackContext.handle
 
 	if handle == 0 {
 		return nil
 	}
 
-	// hcsUnregisterProcessCallback has its own syncronization
-	// to wait for all callbacks to complete. We must NOT hold the callbackMapLock.
-	err := hcsUnregisterProcessCallback(handle)
+	// vmcompute.HcsUnregisterProcessCallback has its own synchronization to
+	// wait for all callbacks to complete. We must NOT hold the callbackMapLock.
+	err := vmcompute.HcsUnregisterProcessCallback(ctx, handle)
 	if err != nil {
 		return err
 	}
 
-	closeChannels(context.channels)
+	closeChannels(callbackContext.channels)
 
 	callbackMapLock.Lock()
-	callbackMap[callbackNumber] = nil
+	delete(callbackMap, callbackNumber)
 	callbackMapLock.Unlock()
 
-	handle = 0
+	handle = 0 //nolint:ineffassign
 
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema1/schema1.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go
similarity index 88%
rename from vendor/github.com/Microsoft/hcsshim/internal/schema1/schema1.go
rename to vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go
index 6fa3bbc73d62a..b621c55938836 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/schema1/schema1.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go
@@ -3,6 +3,9 @@ package schema1
 import (
 	"encoding/json"
 	"time"
+
+	"github.com/Microsoft/go-winio/pkg/guid"
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
 )
 
 // ProcessConfig is used as both the input of Container.CreateProcess
@@ -60,7 +63,7 @@ type MappedVirtualDisk struct {
 	CreateInUtilityVM bool   `json:",omitempty"`
 	ReadOnly          bool   `json:",omitempty"`
 	Cache             string `json:",omitempty"` // "" (Unspecified); "Disabled"; "Enabled"; "Private"; "PrivateAllowSharing"
-	AttachOnly        bool   `json:",omitempty:`
+	AttachOnly        bool   `json:",omitempty"`
 }
 
 // AssignedDevice represents a device that has been directly assigned to a container
@@ -115,9 +118,10 @@ type ComputeSystemQuery struct {
 type PropertyType string
 
 const (
-	PropertyTypeStatistics        PropertyType = "Statistics"
-	PropertyTypeProcessList                    = "ProcessList"
-	PropertyTypeMappedVirtualDisk              = "MappedVirtualDisk"
+	PropertyTypeStatistics        PropertyType = "Statistics"        // V1 and V2
+	PropertyTypeProcessList       PropertyType = "ProcessList"       // V1 and V2
+	PropertyTypeMappedVirtualDisk PropertyType = "MappedVirtualDisk" // Not supported in V2 schema call
+	PropertyTypeGuestConnection   PropertyType = "GuestConnection"   // V1 and V2. Nil return from HCS before RS5
 )
 
 type PropertyQuery struct {
@@ -130,9 +134,10 @@ type ContainerProperties struct {
 	State                        string
 	Name                         string
 	SystemType                   string
+	RuntimeOSType                string `json:"RuntimeOsType,omitempty"`
 	Owner                        string
 	SiloGUID                     string                              `json:"SiloGuid,omitempty"`
-	RuntimeID                    string                              `json:"RuntimeId,omitempty"`
+	RuntimeID                    guid.GUID                           `json:"RuntimeId,omitempty"`
 	IsRuntimeTemplate            bool                                `json:",omitempty"`
 	RuntimeImagePath             string                              `json:",omitempty"`
 	Stopped                      bool                                `json:",omitempty"`
@@ -142,6 +147,7 @@ type ContainerProperties struct {
 	Statistics                   Statistics                          `json:",omitempty"`
 	ProcessList                  []ProcessListItem                   `json:",omitempty"`
 	MappedVirtualDiskControllers map[int]MappedVirtualDiskController `json:",omitempty"`
+	GuestConnectionInfo          GuestConnectionInfo                 `json:",omitempty"`
 }
 
 // MemoryStats holds the memory statistics for a container
@@ -206,6 +212,22 @@ type MappedVirtualDiskController struct {
 	MappedVirtualDisks map[int]MappedVirtualDisk `json:",omitempty"`
 }
 
+// GuestDefinedCapabilities is part of the GuestConnectionInfo returned by a GuestConnection call on a utility VM
+type GuestDefinedCapabilities struct {
+	NamespaceAddRequestSupported  bool `json:",omitempty"`
+	SignalProcessSupported        bool `json:",omitempty"`
+	DumpStacksSupported           bool `json:",omitempty"`
+	DeleteContainerStateSupported bool `json:",omitempty"`
+	UpdateContainerSupported      bool `json:",omitempty"`
+}
+
+// GuestConnectionInfo is the structure of an iterm return by a GuestConnection call on a utility VM
+type GuestConnectionInfo struct {
+	SupportedSchemaVersions  []hcsschema.Version      `json:",omitempty"`
+	ProtocolVersion          uint32                   `json:",omitempty"`
+	GuestDefinedCapabilities GuestDefinedCapabilities `json:",omitempty"`
+}
+
 // Type of Request Support in ModifySystem
 type RequestType string
 
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/attachment.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/attachment.go
new file mode 100644
index 0000000000000..bcfeb34d54936
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/attachment.go
@@ -0,0 +1,30 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Attachment struct {
+	Type_ string `json:"Type,omitempty"`
+
+	Path string `json:"Path,omitempty"`
+
+	IgnoreFlushes bool `json:"IgnoreFlushes,omitempty"`
+
+	CachingMode string `json:"CachingMode,omitempty"`
+
+	NoWriteHardening bool `json:"NoWriteHardening,omitempty"`
+
+	DisableExpansionOptimization bool `json:"DisableExpansionOptimization,omitempty"`
+
+	IgnoreRelativeLocator bool `json:"IgnoreRelativeLocator,omitempty"`
+
+	CaptureIoAttributionContext bool `json:"CaptureIoAttributionContext,omitempty"`
+
+	ReadOnly bool `json:"ReadOnly,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/battery.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/battery.go
new file mode 100644
index 0000000000000..ecbbed4c233f3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/battery.go
@@ -0,0 +1,13 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Battery struct {
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cache_query_stats_response.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cache_query_stats_response.go
new file mode 100644
index 0000000000000..c1ea3953b58bf
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cache_query_stats_response.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CacheQueryStatsResponse struct {
+	L3OccupancyBytes int32 `json:"L3OccupancyBytes,omitempty"`
+
+	L3TotalBwBytes int32 `json:"L3TotalBwBytes,omitempty"`
+
+	L3LocalBwBytes int32 `json:"L3LocalBwBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/chipset.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/chipset.go
new file mode 100644
index 0000000000000..ca75277a3f25f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/chipset.go
@@ -0,0 +1,27 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Chipset struct {
+	Uefi *Uefi `json:"Uefi,omitempty"`
+
+	IsNumLockDisabled bool `json:"IsNumLockDisabled,omitempty"`
+
+	BaseBoardSerialNumber string `json:"BaseBoardSerialNumber,omitempty"`
+
+	ChassisSerialNumber string `json:"ChassisSerialNumber,omitempty"`
+
+	ChassisAssetTag string `json:"ChassisAssetTag,omitempty"`
+
+	UseUtc bool `json:"UseUtc,omitempty"`
+
+	// LinuxKernelDirect - Added in v2.2 Builds >=181117
+	LinuxKernelDirect *LinuxKernelDirect `json:"LinuxKernelDirect,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/close_handle.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/close_handle.go
new file mode 100644
index 0000000000000..b4f9c315b05b6
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/close_handle.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CloseHandle struct {
+	Handle string `json:"Handle,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/com_port.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/com_port.go
new file mode 100644
index 0000000000000..8bf8cab60e559
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/com_port.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  ComPort specifies the named pipe that will be used for the port, with empty string indicating a disconnected port.
+type ComPort struct {
+	NamedPipe string `json:"NamedPipe,omitempty"`
+
+	OptimizeForDebugger bool `json:"OptimizeForDebugger,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/compute_system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/compute_system.go
new file mode 100644
index 0000000000000..10cea67e04280
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/compute_system.go
@@ -0,0 +1,26 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ComputeSystem struct {
+	Owner string `json:"Owner,omitempty"`
+
+	SchemaVersion *Version `json:"SchemaVersion,omitempty"`
+
+	HostingSystemId string `json:"HostingSystemId,omitempty"`
+
+	HostedSystem interface{} `json:"HostedSystem,omitempty"`
+
+	Container *Container `json:"Container,omitempty"`
+
+	VirtualMachine *VirtualMachine `json:"VirtualMachine,omitempty"`
+
+	ShouldTerminateOnLastHandleClosed bool `json:"ShouldTerminateOnLastHandleClosed,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/configuration.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/configuration.go
new file mode 100644
index 0000000000000..1d5dfe68ad696
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/configuration.go
@@ -0,0 +1,72 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import (
+	"net/http"
+)
+
+// contextKeys are used to identify the type of value in the context.
+// Since these are string, it is possible to get a short description of the
+// context key for logging and debugging using key.String().
+
+type contextKey string
+
+func (c contextKey) String() string {
+	return "auth " + string(c)
+}
+
+var (
+	// ContextOAuth2 takes a oauth2.TokenSource as authentication for the request.
+	ContextOAuth2 = contextKey("token")
+
+	// ContextBasicAuth takes BasicAuth as authentication for the request.
+	ContextBasicAuth = contextKey("basic")
+
+	// ContextAccessToken takes a string oauth2 access token as authentication for the request.
+	ContextAccessToken = contextKey("accesstoken")
+
+	// ContextAPIKey takes an APIKey as authentication for the request
+	ContextAPIKey = contextKey("apikey")
+)
+
+// BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth
+type BasicAuth struct {
+	UserName string `json:"userName,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+// APIKey provides API key based authentication to a request passed via context using ContextAPIKey
+type APIKey struct {
+	Key    string
+	Prefix string
+}
+
+type Configuration struct {
+	BasePath      string            `json:"basePath,omitempty"`
+	Host          string            `json:"host,omitempty"`
+	Scheme        string            `json:"scheme,omitempty"`
+	DefaultHeader map[string]string `json:"defaultHeader,omitempty"`
+	UserAgent     string            `json:"userAgent,omitempty"`
+	HTTPClient    *http.Client
+}
+
+func NewConfiguration() *Configuration {
+	cfg := &Configuration{
+		BasePath:      "https://localhost",
+		DefaultHeader: make(map[string]string),
+		UserAgent:     "Swagger-Codegen/2.1.0/go",
+	}
+	return cfg
+}
+
+func (c *Configuration) AddDefaultHeader(key string, value string) {
+	c.DefaultHeader[key] = value
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/console_size.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/console_size.go
new file mode 100644
index 0000000000000..68aa04a573e75
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/console_size.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ConsoleSize struct {
+	Height int32 `json:"Height,omitempty"`
+
+	Width int32 `json:"Width,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container.go
new file mode 100644
index 0000000000000..4fb23107683c4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container.go
@@ -0,0 +1,34 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Container struct {
+	GuestOs *GuestOs `json:"GuestOs,omitempty"`
+
+	Storage *Storage `json:"Storage,omitempty"`
+
+	MappedDirectories []MappedDirectory `json:"MappedDirectories,omitempty"`
+
+	MappedPipes []MappedPipe `json:"MappedPipes,omitempty"`
+
+	Memory *Memory `json:"Memory,omitempty"`
+
+	Processor *Processor `json:"Processor,omitempty"`
+
+	Networking *Networking `json:"Networking,omitempty"`
+
+	HvSocket *HvSocket `json:"HvSocket,omitempty"`
+
+	ContainerCredentialGuard *ContainerCredentialGuardState `json:"ContainerCredentialGuard,omitempty"`
+
+	RegistryChanges *RegistryChanges `json:"RegistryChanges,omitempty"`
+
+	AssignedDevices []Device `json:"AssignedDevices,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_add_instance_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_add_instance_request.go
new file mode 100644
index 0000000000000..495c6ebc8f4c2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_add_instance_request.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardAddInstanceRequest struct {
+	Id             string `json:"Id,omitempty"`
+	CredentialSpec string `json:"CredentialSpec,omitempty"`
+	Transport      string `json:"Transport,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_hv_socket_service_config.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_hv_socket_service_config.go
new file mode 100644
index 0000000000000..1ed4c008f253c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_hv_socket_service_config.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardHvSocketServiceConfig struct {
+	ServiceId     string                 `json:"ServiceId,omitempty"`
+	ServiceConfig *HvSocketServiceConfig `json:"ServiceConfig,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_instance.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_instance.go
new file mode 100644
index 0000000000000..d7ebd0fcca14a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_instance.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardInstance struct {
+	Id              string                                         `json:"Id,omitempty"`
+	CredentialGuard *ContainerCredentialGuardState                 `json:"CredentialGuard,omitempty"`
+	HvSocketConfig  *ContainerCredentialGuardHvSocketServiceConfig `json:"HvSocketConfig,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_modify_operation.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_modify_operation.go
new file mode 100644
index 0000000000000..71005b090be0d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_modify_operation.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardModifyOperation string
+
+const (
+	AddInstance    ContainerCredentialGuardModifyOperation = "AddInstance"
+	RemoveInstance ContainerCredentialGuardModifyOperation = "RemoveInstance"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_operation_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_operation_request.go
new file mode 100644
index 0000000000000..952cda4965ce8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_operation_request.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardOperationRequest struct {
+	Operation        ContainerCredentialGuardModifyOperation `json:"Operation,omitempty"`
+	OperationDetails interface{}                             `json:"OperationDetails,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_remove_instance_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_remove_instance_request.go
new file mode 100644
index 0000000000000..32e5a3beed15a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_remove_instance_request.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardRemoveInstanceRequest struct {
+	Id string `json:"Id,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_state.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_state.go
new file mode 100644
index 0000000000000..0f8f644379ced
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_state.go
@@ -0,0 +1,25 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardState struct {
+
+	//  Authentication cookie for calls to a Container Credential Guard instance.
+	Cookie string `json:"Cookie,omitempty"`
+
+	//  Name of the RPC endpoint of the Container Credential Guard instance.
+	RpcEndpoint string `json:"RpcEndpoint,omitempty"`
+
+	//  Transport used for the configured Container Credential Guard instance.
+	Transport string `json:"Transport,omitempty"`
+
+	//  Credential spec used for the configured Container Credential Guard instance.
+	CredentialSpec string `json:"CredentialSpec,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_system_info.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_system_info.go
new file mode 100644
index 0000000000000..ea306fa21aca9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_system_info.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardSystemInfo struct {
+	Instances []ContainerCredentialGuardInstance `json:"Instances,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_memory_information.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_memory_information.go
new file mode 100644
index 0000000000000..1fd7ca5d56f6d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_memory_information.go
@@ -0,0 +1,25 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  memory usage as viewed from within the container
+type ContainerMemoryInformation struct {
+	TotalPhysicalBytes int32 `json:"TotalPhysicalBytes,omitempty"`
+
+	TotalUsage int32 `json:"TotalUsage,omitempty"`
+
+	CommittedBytes int32 `json:"CommittedBytes,omitempty"`
+
+	SharedCommittedBytes int32 `json:"SharedCommittedBytes,omitempty"`
+
+	CommitLimitBytes int32 `json:"CommitLimitBytes,omitempty"`
+
+	PeakCommitmentBytes int32 `json:"PeakCommitmentBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group.go
new file mode 100644
index 0000000000000..90332a5190f16
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// CPU groups allow Hyper-V administrators to better manage and allocate the host's CPU resources across guest virtual machines
+type CpuGroup struct {
+	Id string `json:"Id,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_affinity.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_affinity.go
new file mode 100644
index 0000000000000..8794961bf5c41
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_affinity.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CpuGroupAffinity struct {
+	LogicalProcessorCount int32   `json:"LogicalProcessorCount,omitempty"`
+	LogicalProcessors     []int32 `json:"LogicalProcessors,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_config.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_config.go
new file mode 100644
index 0000000000000..f1a28cd389896
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_config.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CpuGroupConfig struct {
+	GroupId         string             `json:"GroupId,omitempty"`
+	Affinity        *CpuGroupAffinity  `json:"Affinity,omitempty"`
+	GroupProperties []CpuGroupProperty `json:"GroupProperties,omitempty"`
+	// Hypervisor CPU group IDs exposed to clients
+	HypervisorGroupId int32 `json:"HypervisorGroupId,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_configurations.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_configurations.go
new file mode 100644
index 0000000000000..3ace0ccc3b890
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_configurations.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Structure used to return cpu groups for a Service property query
+type CpuGroupConfigurations struct {
+	CpuGroups []CpuGroupConfig `json:"CpuGroups,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_operations.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_operations.go
new file mode 100644
index 0000000000000..7d897807016d9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_operations.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CPUGroupOperation string
+
+const (
+	CreateGroup CPUGroupOperation = "CreateGroup"
+	DeleteGroup CPUGroupOperation = "DeleteGroup"
+	SetProperty CPUGroupOperation = "SetProperty"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go
new file mode 100644
index 0000000000000..bbad6a2c450ab
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CpuGroupProperty struct {
+	PropertyCode  uint32 `json:"PropertyCode,omitempty"`
+	PropertyValue uint32 `json:"PropertyValue,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/create_group_operation.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/create_group_operation.go
new file mode 100644
index 0000000000000..91a8278fe3c50
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/create_group_operation.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Create group operation settings
+type CreateGroupOperation struct {
+	GroupId               string   `json:"GroupId,omitempty"`
+	LogicalProcessorCount uint32   `json:"LogicalProcessorCount,omitempty"`
+	LogicalProcessors     []uint32 `json:"LogicalProcessors,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/delete_group_operation.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/delete_group_operation.go
new file mode 100644
index 0000000000000..134bd988175c0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/delete_group_operation.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Delete group operation settings
+type DeleteGroupOperation struct {
+	GroupId string `json:"GroupId,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/device.go
new file mode 100644
index 0000000000000..107caddadae43
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/device.go
@@ -0,0 +1,27 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DeviceType string
+
+const (
+	ClassGUID      DeviceType = "ClassGuid"
+	DeviceInstance DeviceType = "DeviceInstance"
+	GPUMirror      DeviceType = "GpuMirror"
+)
+
+type Device struct {
+	//  The type of device to assign to the container.
+	Type DeviceType `json:"Type,omitempty"`
+	//  The interface class guid of the device interfaces to assign to the  container.  Only used when Type is ClassGuid.
+	InterfaceClassGuid string `json:"InterfaceClassGuid,omitempty"`
+	//  The location path of the device to assign to the container.  Only used when Type is DeviceInstance.
+	LocationPath string `json:"LocationPath,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/devices.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/devices.go
new file mode 100644
index 0000000000000..e985d96d2283c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/devices.go
@@ -0,0 +1,46 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Devices struct {
+	ComPorts map[string]ComPort `json:"ComPorts,omitempty"`
+
+	Scsi map[string]Scsi `json:"Scsi,omitempty"`
+
+	VirtualPMem *VirtualPMemController `json:"VirtualPMem,omitempty"`
+
+	NetworkAdapters map[string]NetworkAdapter `json:"NetworkAdapters,omitempty"`
+
+	VideoMonitor *VideoMonitor `json:"VideoMonitor,omitempty"`
+
+	Keyboard *Keyboard `json:"Keyboard,omitempty"`
+
+	Mouse *Mouse `json:"Mouse,omitempty"`
+
+	HvSocket *HvSocket2 `json:"HvSocket,omitempty"`
+
+	EnhancedModeVideo *EnhancedModeVideo `json:"EnhancedModeVideo,omitempty"`
+
+	GuestCrashReporting *GuestCrashReporting `json:"GuestCrashReporting,omitempty"`
+
+	VirtualSmb *VirtualSmb `json:"VirtualSmb,omitempty"`
+
+	Plan9 *Plan9 `json:"Plan9,omitempty"`
+
+	Battery *Battery `json:"Battery,omitempty"`
+
+	FlexibleIov map[string]FlexibleIoDevice `json:"FlexibleIov,omitempty"`
+
+	SharedMemory *SharedMemoryConfiguration `json:"SharedMemory,omitempty"`
+
+	// TODO: This is pre-release support in schema 2.3. Need to add build number
+	// docs when a public build with this is out.
+	VirtualPci map[string]VirtualPciDevice `json:",omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/enhanced_mode_video.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/enhanced_mode_video.go
new file mode 100644
index 0000000000000..85450c41e10d9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/enhanced_mode_video.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type EnhancedModeVideo struct {
+	ConnectionOptions *RdpConnectionOptions `json:"ConnectionOptions,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/flexible_io_device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/flexible_io_device.go
new file mode 100644
index 0000000000000..fe86cab655667
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/flexible_io_device.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type FlexibleIoDevice struct {
+	EmulatorId string `json:"EmulatorId,omitempty"`
+
+	HostingModel string `json:"HostingModel,omitempty"`
+
+	Configuration []string `json:"Configuration,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection.go
new file mode 100644
index 0000000000000..7db29495b3e69
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type GuestConnection struct {
+
+	//  Use Vsock rather than Hyper-V sockets to communicate with the guest service.
+	UseVsock bool `json:"UseVsock,omitempty"`
+
+	//  Don't disconnect the guest connection when pausing the virtual machine.
+	UseConnectedSuspend bool `json:"UseConnectedSuspend,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection_info.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection_info.go
new file mode 100644
index 0000000000000..8a369bab71c42
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection_info.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  Information about the guest.
+type GuestConnectionInfo struct {
+
+	//  Each schema version x.y stands for the range of versions a.b where a==x  and b<=y. This list comes from the SupportedSchemaVersions field in  GcsCapabilities.
+	SupportedSchemaVersions []Version `json:"SupportedSchemaVersions,omitempty"`
+
+	ProtocolVersion int32 `json:"ProtocolVersion,omitempty"`
+
+	GuestDefinedCapabilities *interface{} `json:"GuestDefinedCapabilities,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_crash_reporting.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_crash_reporting.go
new file mode 100644
index 0000000000000..af828004835c1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_crash_reporting.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type GuestCrashReporting struct {
+	WindowsCrashSettings *WindowsCrashReporting `json:"WindowsCrashSettings,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_os.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_os.go
new file mode 100644
index 0000000000000..8838519a39c40
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_os.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type GuestOs struct {
+	HostName string `json:"HostName,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go
new file mode 100644
index 0000000000000..ef1eec88656fd
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type GuestState struct {
+
+	//  The path to an existing file uses for persistent guest state storage.  An empty string indicates the system should initialize new transient, in-memory guest state.
+	GuestStateFilePath string `json:"GuestStateFilePath,omitempty"`
+
+	//  The path to an existing file for persistent runtime state storage.  An empty string indicates the system should initialize new transient, in-memory runtime state.
+	RuntimeStateFilePath string `json:"RuntimeStateFilePath,omitempty"`
+
+	//  If true, the guest state and runtime state files will be used as templates  to populate transient, in-memory state instead of using the files as persistent backing store.
+	ForceTransientState bool `json:"ForceTransientState,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/host_processor_modify_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/host_processor_modify_request.go
new file mode 100644
index 0000000000000..2238ce5306c39
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/host_processor_modify_request.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Structure used to request a service processor modification
+type HostProcessorModificationRequest struct {
+	Operation        CPUGroupOperation `json:"Operation,omitempty"`
+	OperationDetails interface{}       `json:"OperationDetails,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hosted_system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hosted_system.go
new file mode 100644
index 0000000000000..ea3084bca7ff8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hosted_system.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type HostedSystem struct {
+	SchemaVersion *Version `json:"SchemaVersion,omitempty"`
+
+	Container *Container `json:"Container,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket.go
new file mode 100644
index 0000000000000..23b2ee9e7d450
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type HvSocket struct {
+	Config *HvSocketSystemConfig `json:"Config,omitempty"`
+
+	EnablePowerShellDirect bool `json:"EnablePowerShellDirect,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_2.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_2.go
new file mode 100644
index 0000000000000..a017691f02d72
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_2.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  HvSocket configuration for a VM
+type HvSocket2 struct {
+	HvSocketConfig *HvSocketSystemConfig `json:"HvSocketConfig,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_address.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_address.go
new file mode 100644
index 0000000000000..84c11b93ee582
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_address.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  This class defines address settings applied to a VM
+//  by the GCS every time a VM starts or restores.
+type HvSocketAddress struct {
+	LocalAddress  string `json:"LocalAddress,omitempty"`
+	ParentAddress string `json:"ParentAddress,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_service_config.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_service_config.go
new file mode 100644
index 0000000000000..ecd9f7fbac245
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_service_config.go
@@ -0,0 +1,28 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type HvSocketServiceConfig struct {
+
+	//  SDDL string that HvSocket will check before allowing a host process to bind  to this specific service.  If not specified, defaults to the system DefaultBindSecurityDescriptor, defined in  HvSocketSystemWpConfig in V1.
+	BindSecurityDescriptor string `json:"BindSecurityDescriptor,omitempty"`
+
+	//  SDDL string that HvSocket will check before allowing a host process to connect  to this specific service.  If not specified, defaults to the system DefaultConnectSecurityDescriptor, defined in  HvSocketSystemWpConfig in V1.
+	ConnectSecurityDescriptor string `json:"ConnectSecurityDescriptor,omitempty"`
+
+	//  If true, HvSocket will process wildcard binds for this service/system combination.  Wildcard binds are secured in the registry at  SOFTWARE/Microsoft/Windows NT/CurrentVersion/Virtualization/HvSocket/WildcardDescriptors
+	AllowWildcardBinds bool `json:"AllowWildcardBinds,omitempty"`
+
+	// Disabled controls whether the HvSocket service is accepting connection requests.
+	// This set to true will make the service refuse all incoming connections as well as cancel
+	// any connections already established. The service itself will still be active however
+	// and can be re-enabled at a future time.
+	Disabled bool `json:"Disabled,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_system_config.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_system_config.go
new file mode 100644
index 0000000000000..69f4f9d39b9a5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_system_config.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  This is the HCS Schema version of the HvSocket configuration. The VMWP version is  located in Config.Devices.IC in V1.
+type HvSocketSystemConfig struct {
+
+	//  SDDL string that HvSocket will check before allowing a host process to bind  to an unlisted service for this specific container/VM (not wildcard binds).
+	DefaultBindSecurityDescriptor string `json:"DefaultBindSecurityDescriptor,omitempty"`
+
+	//  SDDL string that HvSocket will check before allowing a host process to connect  to an unlisted service in the VM/container.
+	DefaultConnectSecurityDescriptor string `json:"DefaultConnectSecurityDescriptor,omitempty"`
+
+	ServiceTable map[string]HvSocketServiceConfig `json:"ServiceTable,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/interrupt_moderation_mode.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/interrupt_moderation_mode.go
new file mode 100644
index 0000000000000..a614d63bd7255
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/interrupt_moderation_mode.go
@@ -0,0 +1,42 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type InterruptModerationName string
+
+// The valid interrupt moderation modes for I/O virtualization (IOV) offloading.
+const (
+	DefaultName  InterruptModerationName = "Default"
+	AdaptiveName InterruptModerationName = "Adaptive"
+	OffName      InterruptModerationName = "Off"
+	LowName      InterruptModerationName = "Low"
+	MediumName   InterruptModerationName = "Medium"
+	HighName     InterruptModerationName = "High"
+)
+
+type InterruptModerationValue uint32
+
+const (
+	DefaultValue InterruptModerationValue = iota
+	AdaptiveValue
+	OffValue
+	LowValue    InterruptModerationValue = 100
+	MediumValue InterruptModerationValue = 200
+	HighValue   InterruptModerationValue = 300
+)
+
+var InterruptModerationValueToName = map[InterruptModerationValue]InterruptModerationName{
+	DefaultValue:  DefaultName,
+	AdaptiveValue: AdaptiveName,
+	OffValue:      OffName,
+	LowValue:      LowName,
+	MediumValue:   MediumName,
+	HighValue:     HighName,
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/iov_settings.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/iov_settings.go
new file mode 100644
index 0000000000000..2a55cc37cd33b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/iov_settings.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type IovSettings struct {
+	// The weight assigned to this port for I/O virtualization (IOV) offloading.
+	// Setting this to 0 disables IOV offloading.
+	OffloadWeight *uint32 `json:"OffloadWeight,omitempty"`
+
+	// The number of queue pairs requested for this port for I/O virtualization (IOV) offloading.
+	QueuePairsRequested *uint32 `json:"QueuePairsRequested,omitempty"`
+
+	// The interrupt moderation mode for I/O virtualization (IOV) offloading.
+	InterruptModeration *InterruptModerationName `json:"InterruptModeration,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/keyboard.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/keyboard.go
new file mode 100644
index 0000000000000..3d3fa3b1c7326
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/keyboard.go
@@ -0,0 +1,13 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Keyboard struct {
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/layer.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/layer.go
new file mode 100644
index 0000000000000..176c49d4959ce
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/layer.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Layer struct {
+	Id string `json:"Id,omitempty"`
+
+	Path string `json:"Path,omitempty"`
+
+	PathType string `json:"PathType,omitempty"`
+
+	//  Unspecified defaults to Enabled
+	Cache string `json:"Cache,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/linux_kernel_direct.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/linux_kernel_direct.go
new file mode 100644
index 0000000000000..0ab6c280fc8d5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/linux_kernel_direct.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.2
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type LinuxKernelDirect struct {
+	KernelFilePath string `json:"KernelFilePath,omitempty"`
+
+	InitRdPath string `json:"InitRdPath,omitempty"`
+
+	KernelCmdLine string `json:"KernelCmdLine,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/logical_processor.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/logical_processor.go
new file mode 100644
index 0000000000000..2e3aa5e1750f2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/logical_processor.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type LogicalProcessor struct {
+	LpIndex     uint32 `json:"LpIndex,omitempty"`
+	NodeNumber  uint8  `json:"NodeNumber,omitempty"`
+	PackageId   uint32 `json:"PackageId,omitempty"`
+	CoreId      uint32 `json:"CoreId,omitempty"`
+	RootVpIndex int32  `json:"RootVpIndex,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_directory.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_directory.go
new file mode 100644
index 0000000000000..9b86a40457f20
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_directory.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type MappedDirectory struct {
+	HostPath string `json:"HostPath,omitempty"`
+
+	HostPathType string `json:"HostPathType,omitempty"`
+
+	ContainerPath string `json:"ContainerPath,omitempty"`
+
+	ReadOnly bool `json:"ReadOnly,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_pipe.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_pipe.go
new file mode 100644
index 0000000000000..208074e9a2507
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_pipe.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type MappedPipe struct {
+	ContainerPipeName string `json:"ContainerPipeName,omitempty"`
+
+	HostPath string `json:"HostPath,omitempty"`
+
+	HostPathType string `json:"HostPathType,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory.go
new file mode 100644
index 0000000000000..30749c6724968
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Memory struct {
+	SizeInMB uint64 `json:"SizeInMB,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_2.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_2.go
new file mode 100644
index 0000000000000..71224c75b9de0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_2.go
@@ -0,0 +1,49 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Memory2 struct {
+	SizeInMB uint64 `json:"SizeInMB,omitempty"`
+
+	AllowOvercommit bool `json:"AllowOvercommit,omitempty"`
+
+	EnableHotHint bool `json:"EnableHotHint,omitempty"`
+
+	EnableColdHint bool `json:"EnableColdHint,omitempty"`
+
+	EnableEpf bool `json:"EnableEpf,omitempty"`
+
+	// EnableDeferredCommit is private in the schema. If regenerated need to add back.
+	EnableDeferredCommit bool `json:"EnableDeferredCommit,omitempty"`
+
+	// EnableColdDiscardHint if enabled, then the memory cold discard hint feature is exposed
+	// to the VM, allowing it to trim non-zeroed pages from the working set (if supported by
+	// the guest operating system).
+	EnableColdDiscardHint bool `json:"EnableColdDiscardHint,omitempty"`
+
+	// LowMmioGapInMB is the low MMIO region allocated below 4GB.
+	//
+	// TODO: This is pre-release support in schema 2.3. Need to add build number
+	// docs when a public build with this is out.
+	LowMMIOGapInMB uint64 `json:"LowMmioGapInMB,omitempty"`
+
+	// HighMmioBaseInMB is the high MMIO region allocated above 4GB (base and
+	// size).
+	//
+	// TODO: This is pre-release support in schema 2.3. Need to add build number
+	// docs when a public build with this is out.
+	HighMMIOBaseInMB uint64 `json:"HighMmioBaseInMB,omitempty"`
+
+	// HighMmioGapInMB is the high MMIO region.
+	//
+	// TODO: This is pre-release support in schema 2.3. Need to add build number
+	// docs when a public build with this is out.
+	HighMMIOGapInMB uint64 `json:"HighMmioGapInMB,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_information_for_vm.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_information_for_vm.go
new file mode 100644
index 0000000000000..811779b04b24c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_information_for_vm.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type MemoryInformationForVm struct {
+	VirtualNodeCount uint32 `json:"VirtualNodeCount,omitempty"`
+
+	VirtualMachineMemory *VmMemory `json:"VirtualMachineMemory,omitempty"`
+
+	VirtualNodes []VirtualNodeInfo `json:"VirtualNodes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_stats.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_stats.go
new file mode 100644
index 0000000000000..906ba597f9f50
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_stats.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  Memory runtime statistics
+type MemoryStats struct {
+	MemoryUsageCommitBytes uint64 `json:"MemoryUsageCommitBytes,omitempty"`
+
+	MemoryUsageCommitPeakBytes uint64 `json:"MemoryUsageCommitPeakBytes,omitempty"`
+
+	MemoryUsagePrivateWorkingSetBytes uint64 `json:"MemoryUsagePrivateWorkingSetBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modification_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modification_request.go
new file mode 100644
index 0000000000000..1384ed888218f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modification_request.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ModificationRequest struct {
+	PropertyType PropertyType `json:"PropertyType,omitempty"`
+	Settings     interface{}  `json:"Settings,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go
new file mode 100644
index 0000000000000..d29455a3e4345
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ModifySettingRequest struct {
+	ResourcePath string `json:"ResourcePath,omitempty"`
+
+	RequestType string `json:"RequestType,omitempty"`
+
+	Settings interface{} `json:"Settings,omitempty"` // NOTE: Swagger generated as *interface{}. Locally updated
+
+	GuestRequest interface{} `json:"GuestRequest,omitempty"` // NOTE: Swagger generated as *interface{}. Locally updated
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mouse.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mouse.go
new file mode 100644
index 0000000000000..ccf8b938f3aca
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mouse.go
@@ -0,0 +1,13 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Mouse struct {
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/network_adapter.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/network_adapter.go
new file mode 100644
index 0000000000000..7408abd317dc7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/network_adapter.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type NetworkAdapter struct {
+	EndpointId string `json:"EndpointId,omitempty"`
+	MacAddress string `json:"MacAddress,omitempty"`
+	// The I/O virtualization (IOV) offloading configuration.
+	IovSettings *IovSettings `json:"IovSettings,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/networking.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/networking.go
new file mode 100644
index 0000000000000..e5ea187a2954d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/networking.go
@@ -0,0 +1,23 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Networking struct {
+	AllowUnqualifiedDnsQuery bool `json:"AllowUnqualifiedDnsQuery,omitempty"`
+
+	DnsSearchList string `json:"DnsSearchList,omitempty"`
+
+	NetworkSharedContainerName string `json:"NetworkSharedContainerName,omitempty"`
+
+	//  Guid in windows; string in linux
+	Namespace string `json:"Namespace,omitempty"`
+
+	NetworkAdapters []string `json:"NetworkAdapters,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_notification.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_notification.go
new file mode 100644
index 0000000000000..d96c9501f3318
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_notification.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  Notification data that is indicated to components running in the Virtual Machine.
+type PauseNotification struct {
+	Reason string `json:"Reason,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_options.go
new file mode 100644
index 0000000000000..21707a88eb7a7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_options.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  Options for HcsPauseComputeSystem
+type PauseOptions struct {
+	SuspensionLevel string `json:"SuspensionLevel,omitempty"`
+
+	HostedNotification *PauseNotification `json:"HostedNotification,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9.go
new file mode 100644
index 0000000000000..29d8c8012ffca
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Plan9 struct {
+	Shares []Plan9Share `json:"Shares,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9_share.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9_share.go
new file mode 100644
index 0000000000000..41f8fdea0296c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9_share.go
@@ -0,0 +1,34 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Plan9Share struct {
+	Name string `json:"Name,omitempty"`
+
+	//  The name by which the guest operation system can access this share, via  the aname parameter in the Plan9 protocol.
+	AccessName string `json:"AccessName,omitempty"`
+
+	Path string `json:"Path,omitempty"`
+
+	Port int32 `json:"Port,omitempty"`
+
+	// Flags are marked private. Until they are exported correctly
+	//
+	// ReadOnly      0x00000001
+	// LinuxMetadata 0x00000004
+	// CaseSensitive 0x00000008
+	Flags int32 `json:"Flags,omitempty"`
+
+	ReadOnly bool `json:"ReadOnly,omitempty"`
+
+	UseShareRootIdentity bool `json:"UseShareRootIdentity,omitempty"`
+
+	AllowedFiles []string `json:"AllowedFiles,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_details.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_details.go
new file mode 100644
index 0000000000000..e9a662dd59d41
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_details.go
@@ -0,0 +1,33 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import (
+	"time"
+)
+
+//  Information about a process running in a container
+type ProcessDetails struct {
+	ProcessId int32 `json:"ProcessId,omitempty"`
+
+	ImageName string `json:"ImageName,omitempty"`
+
+	CreateTimestamp time.Time `json:"CreateTimestamp,omitempty"`
+
+	UserTime100ns int32 `json:"UserTime100ns,omitempty"`
+
+	KernelTime100ns int32 `json:"KernelTime100ns,omitempty"`
+
+	MemoryCommitBytes int32 `json:"MemoryCommitBytes,omitempty"`
+
+	MemoryWorkingSetPrivateBytes int32 `json:"MemoryWorkingSetPrivateBytes,omitempty"`
+
+	MemoryWorkingSetSharedBytes int32 `json:"MemoryWorkingSetSharedBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_modify_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_modify_request.go
new file mode 100644
index 0000000000000..e4ed095c7bec5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_modify_request.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  Passed to HcsRpc_ModifyProcess
+type ProcessModifyRequest struct {
+	Operation string `json:"Operation,omitempty"`
+
+	ConsoleSize *ConsoleSize `json:"ConsoleSize,omitempty"`
+
+	CloseHandle *CloseHandle `json:"CloseHandle,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_parameters.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_parameters.go
new file mode 100644
index 0000000000000..82b0d0532b28e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_parameters.go
@@ -0,0 +1,46 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ProcessParameters struct {
+	ApplicationName string `json:"ApplicationName,omitempty"`
+
+	CommandLine string `json:"CommandLine,omitempty"`
+
+	//  optional alternative to CommandLine, currently only supported by Linux GCS
+	CommandArgs []string `json:"CommandArgs,omitempty"`
+
+	User string `json:"User,omitempty"`
+
+	WorkingDirectory string `json:"WorkingDirectory,omitempty"`
+
+	Environment map[string]string `json:"Environment,omitempty"`
+
+	//  if set, will run as low-privilege process
+	RestrictedToken bool `json:"RestrictedToken,omitempty"`
+
+	//  if set, ignore StdErrPipe
+	EmulateConsole bool `json:"EmulateConsole,omitempty"`
+
+	CreateStdInPipe bool `json:"CreateStdInPipe,omitempty"`
+
+	CreateStdOutPipe bool `json:"CreateStdOutPipe,omitempty"`
+
+	CreateStdErrPipe bool `json:"CreateStdErrPipe,omitempty"`
+
+	//  height then width
+	ConsoleSize []int32 `json:"ConsoleSize,omitempty"`
+
+	//  if set, find an existing session for the user and create the process in it
+	UseExistingLogin bool `json:"UseExistingLogin,omitempty"`
+
+	//  if set, use the legacy console instead of conhost
+	UseLegacyConsole bool `json:"UseLegacyConsole,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_status.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_status.go
new file mode 100644
index 0000000000000..ad9a4fa9ad6d4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_status.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  Status of a process running in a container
+type ProcessStatus struct {
+	ProcessId int32 `json:"ProcessId,omitempty"`
+
+	Exited bool `json:"Exited,omitempty"`
+
+	ExitCode int32 `json:"ExitCode,omitempty"`
+
+	LastWaitResult int32 `json:"LastWaitResult,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor.go
new file mode 100644
index 0000000000000..bb24e88da1a42
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Processor struct {
+	Count int32 `json:"Count,omitempty"`
+
+	Maximum int32 `json:"Maximum,omitempty"`
+
+	Weight int32 `json:"Weight,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_2.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_2.go
new file mode 100644
index 0000000000000..c64f335ec7d66
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_2.go
@@ -0,0 +1,23 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.5
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Processor2 struct {
+	Count int32 `json:"Count,omitempty"`
+
+	Limit int32 `json:"Limit,omitempty"`
+
+	Weight int32 `json:"Weight,omitempty"`
+
+	ExposeVirtualizationExtensions bool `json:"ExposeVirtualizationExtensions,omitempty"`
+
+	// An optional object that configures the CPU Group to which a Virtual Machine is going to bind to.
+	CpuGroup *CpuGroup `json:"CpuGroup,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_stats.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_stats.go
new file mode 100644
index 0000000000000..6157e252256a0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_stats.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  CPU runtime statistics
+type ProcessorStats struct {
+	TotalRuntime100ns uint64 `json:"TotalRuntime100ns,omitempty"`
+
+	RuntimeUser100ns uint64 `json:"RuntimeUser100ns,omitempty"`
+
+	RuntimeKernel100ns uint64 `json:"RuntimeKernel100ns,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_topology.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_topology.go
new file mode 100644
index 0000000000000..885156e77fae0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_topology.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ProcessorTopology struct {
+	LogicalProcessorCount uint32             `json:"LogicalProcessorCount,omitempty"`
+	LogicalProcessors     []LogicalProcessor `json:"LogicalProcessors,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/properties.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/properties.go
new file mode 100644
index 0000000000000..17558cba0f286
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/properties.go
@@ -0,0 +1,54 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import (
+	v1 "github.com/containerd/cgroups/stats/v1"
+)
+
+type Properties struct {
+	Id string `json:"Id,omitempty"`
+
+	SystemType string `json:"SystemType,omitempty"`
+
+	RuntimeOsType string `json:"RuntimeOsType,omitempty"`
+
+	Name string `json:"Name,omitempty"`
+
+	Owner string `json:"Owner,omitempty"`
+
+	RuntimeId string `json:"RuntimeId,omitempty"`
+
+	RuntimeTemplateId string `json:"RuntimeTemplateId,omitempty"`
+
+	State string `json:"State,omitempty"`
+
+	Stopped bool `json:"Stopped,omitempty"`
+
+	ExitType string `json:"ExitType,omitempty"`
+
+	Memory *MemoryInformationForVm `json:"Memory,omitempty"`
+
+	Statistics *Statistics `json:"Statistics,omitempty"`
+
+	ProcessList []ProcessDetails `json:"ProcessList,omitempty"`
+
+	TerminateOnLastHandleClosed bool `json:"TerminateOnLastHandleClosed,omitempty"`
+
+	HostingSystemId string `json:"HostingSystemId,omitempty"`
+
+	SharedMemoryRegionInfo []SharedMemoryRegionInfo `json:"SharedMemoryRegionInfo,omitempty"`
+
+	GuestConnectionInfo *GuestConnectionInfo `json:"GuestConnectionInfo,omitempty"`
+
+	// Metrics is not part of the API for HCS but this is used for LCOW v2 to
+	// return the full cgroup metrics from the guest.
+	Metrics *v1.Metrics `json:"LCOWMetrics,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_query.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_query.go
new file mode 100644
index 0000000000000..d6d80df13146f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_query.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//   By default the basic properties will be returned. This query provides a way to  request specific properties.
+type PropertyQuery struct {
+	PropertyTypes []PropertyType `json:"PropertyTypes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_type.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_type.go
new file mode 100644
index 0000000000000..98f2c96edbd62
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_type.go
@@ -0,0 +1,26 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type PropertyType string
+
+const (
+	PTMemory                      PropertyType = "Memory"
+	PTGuestMemory                 PropertyType = "GuestMemory"
+	PTStatistics                  PropertyType = "Statistics"
+	PTProcessList                 PropertyType = "ProcessList"
+	PTTerminateOnLastHandleClosed PropertyType = "TerminateOnLastHandleClosed"
+	PTSharedMemoryRegion          PropertyType = "SharedMemoryRegion"
+	PTContainerCredentialGuard    PropertyType = "ContainerCredentialGuard" // This field is not generated by swagger. This was added manually.
+	PTGuestConnection             PropertyType = "GuestConnection"
+	PTICHeartbeatStatus           PropertyType = "ICHeartbeatStatus"
+	PTProcessorTopology           PropertyType = "ProcessorTopology"
+	PTCPUGroup                    PropertyType = "CpuGroup"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/rdp_connection_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/rdp_connection_options.go
new file mode 100644
index 0000000000000..8d5f5c1719efa
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/rdp_connection_options.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RdpConnectionOptions struct {
+	AccessSids []string `json:"AccessSids,omitempty"`
+
+	NamedPipe string `json:"NamedPipe,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_changes.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_changes.go
new file mode 100644
index 0000000000000..006906f6e2fee
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_changes.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RegistryChanges struct {
+	AddValues []RegistryValue `json:"AddValues,omitempty"`
+
+	DeleteKeys []RegistryKey `json:"DeleteKeys,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_key.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_key.go
new file mode 100644
index 0000000000000..26fde99c74c10
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_key.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RegistryKey struct {
+	Hive string `json:"Hive,omitempty"`
+
+	Name string `json:"Name,omitempty"`
+
+	Volatile bool `json:"Volatile,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_value.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_value.go
new file mode 100644
index 0000000000000..3f203176c322a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_value.go
@@ -0,0 +1,30 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RegistryValue struct {
+	Key *RegistryKey `json:"Key,omitempty"`
+
+	Name string `json:"Name,omitempty"`
+
+	Type_ string `json:"Type,omitempty"`
+
+	//  One and only one value type must be set.
+	StringValue string `json:"StringValue,omitempty"`
+
+	BinaryValue string `json:"BinaryValue,omitempty"`
+
+	DWordValue int32 `json:"DWordValue,omitempty"`
+
+	QWordValue int32 `json:"QWordValue,omitempty"`
+
+	//  Only used if RegistryValueType is CustomType  The data is in BinaryValue
+	CustomType int32 `json:"CustomType,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/restore_state.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/restore_state.go
new file mode 100644
index 0000000000000..778ff58735aad
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/restore_state.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RestoreState struct {
+
+	//  The path to the save state file to restore the system from.
+	SaveStateFilePath string `json:"SaveStateFilePath,omitempty"`
+
+	//  The ID of the template system to clone this new system off of. An empty  string indicates the system should not be cloned from a template.
+	TemplateSystemId string `json:"TemplateSystemId,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/save_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/save_options.go
new file mode 100644
index 0000000000000..e55fa1d98a5b8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/save_options.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SaveOptions struct {
+
+	//  The type of save operation to be performed.
+	SaveType string `json:"SaveType,omitempty"`
+
+	//  The path to the file that will container the saved state.
+	SaveStateFilePath string `json:"SaveStateFilePath,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/scsi.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/scsi.go
new file mode 100644
index 0000000000000..bf253a470b657
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/scsi.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Scsi struct {
+
+	//  Map of attachments, where the key is the integer LUN number on the controller.
+	Attachments map[string]Attachment `json:"Attachments,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/service_properties.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/service_properties.go
new file mode 100644
index 0000000000000..b8142ca6a610d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/service_properties.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import "encoding/json"
+
+type ServiceProperties struct {
+	// Changed Properties field to []json.RawMessage from []interface{} to avoid having to
+	// remarshal sp.Properties[n] and unmarshal into the type(s) we want.
+	Properties []json.RawMessage `json:"Properties,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_configuration.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_configuration.go
new file mode 100644
index 0000000000000..df9baa9219ac2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_configuration.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SharedMemoryConfiguration struct {
+	Regions []SharedMemoryRegion `json:"Regions,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region.go
new file mode 100644
index 0000000000000..825b71865d797
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SharedMemoryRegion struct {
+	SectionName string `json:"SectionName,omitempty"`
+
+	StartOffset int32 `json:"StartOffset,omitempty"`
+
+	Length int32 `json:"Length,omitempty"`
+
+	AllowGuestWrite bool `json:"AllowGuestWrite,omitempty"`
+
+	HiddenFromGuest bool `json:"HiddenFromGuest,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region_info.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region_info.go
new file mode 100644
index 0000000000000..f67b08eb57a24
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region_info.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SharedMemoryRegionInfo struct {
+	SectionName string `json:"SectionName,omitempty"`
+
+	GuestPhysicalAddress int32 `json:"GuestPhysicalAddress,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/silo_properties.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/silo_properties.go
new file mode 100644
index 0000000000000..5eaf6a7f4a2d1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/silo_properties.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  Silo job information
+type SiloProperties struct {
+	Enabled bool `json:"Enabled,omitempty"`
+
+	JobName string `json:"JobName,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/statistics.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/statistics.go
new file mode 100644
index 0000000000000..ba7a6b3963bd7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/statistics.go
@@ -0,0 +1,29 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import (
+	"time"
+)
+
+//  Runtime statistics for a container
+type Statistics struct {
+	Timestamp time.Time `json:"Timestamp,omitempty"`
+
+	ContainerStartTime time.Time `json:"ContainerStartTime,omitempty"`
+
+	Uptime100ns uint64 `json:"Uptime100ns,omitempty"`
+
+	Processor *ProcessorStats `json:"Processor,omitempty"`
+
+	Memory *MemoryStats `json:"Memory,omitempty"`
+
+	Storage *StorageStats `json:"Storage,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage.go
new file mode 100644
index 0000000000000..2627af91323e3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Storage struct {
+
+	//  List of layers that describe the parent hierarchy for a container's  storage. These layers combined together, presented as a disposable  and/or committable working storage, are used by the container to  record all changes done to the parent layers.
+	Layers []Layer `json:"Layers,omitempty"`
+
+	//  Path that points to the scratch space of a container, where parent  layers are combined together to present a new disposable and/or committable  layer with the changes done during its runtime.
+	Path string `json:"Path,omitempty"`
+
+	QoS *StorageQoS `json:"QoS,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_qo_s.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_qo_s.go
new file mode 100644
index 0000000000000..9c5e6eb53235c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_qo_s.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type StorageQoS struct {
+	IopsMaximum int32 `json:"IopsMaximum,omitempty"`
+
+	BandwidthMaximum int32 `json:"BandwidthMaximum,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_stats.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_stats.go
new file mode 100644
index 0000000000000..4f042ffd9371c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_stats.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+//  Storage runtime statistics
+type StorageStats struct {
+	ReadCountNormalized uint64 `json:"ReadCountNormalized,omitempty"`
+
+	ReadSizeBytes uint64 `json:"ReadSizeBytes,omitempty"`
+
+	WriteCountNormalized uint64 `json:"WriteCountNormalized,omitempty"`
+
+	WriteSizeBytes uint64 `json:"WriteSizeBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/topology.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/topology.go
new file mode 100644
index 0000000000000..83486994036dd
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/topology.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Topology struct {
+	Memory *Memory2 `json:"Memory,omitempty"`
+
+	Processor *Processor2 `json:"Processor,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go
new file mode 100644
index 0000000000000..0e48ece500c61
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Uefi struct {
+	EnableDebugger bool `json:"EnableDebugger,omitempty"`
+
+	SecureBootTemplateId string `json:"SecureBootTemplateId,omitempty"`
+
+	BootThis *UefiBootEntry `json:"BootThis,omitempty"`
+
+	Console string `json:"Console,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi_boot_entry.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi_boot_entry.go
new file mode 100644
index 0000000000000..3ab409d825e58
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi_boot_entry.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type UefiBootEntry struct {
+	DeviceType string `json:"DeviceType,omitempty"`
+
+	DevicePath string `json:"DevicePath,omitempty"`
+
+	DiskNumber int32 `json:"DiskNumber,omitempty"`
+
+	OptionalData string `json:"OptionalData,omitempty"`
+
+	VmbFsRootPath string `json:"VmbFsRootPath,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/version.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/version.go
new file mode 100644
index 0000000000000..2abfccca31547
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/version.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Version struct {
+	Major int32 `json:"Major,omitempty"`
+
+	Minor int32 `json:"Minor,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/video_monitor.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/video_monitor.go
new file mode 100644
index 0000000000000..ec5d0fb936dfa
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/video_monitor.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VideoMonitor struct {
+	HorizontalResolution int32 `json:"HorizontalResolution,omitempty"`
+
+	VerticalResolution int32 `json:"VerticalResolution,omitempty"`
+
+	ConnectionOptions *RdpConnectionOptions `json:"ConnectionOptions,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go
new file mode 100644
index 0000000000000..2d22b1bcb0843
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go
@@ -0,0 +1,32 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualMachine struct {
+
+	// StopOnReset is private in the schema. If regenerated need to put back.
+	StopOnReset bool `json:"StopOnReset,omitempty"`
+
+	Chipset *Chipset `json:"Chipset,omitempty"`
+
+	ComputeTopology *Topology `json:"ComputeTopology,omitempty"`
+
+	Devices *Devices `json:"Devices,omitempty"`
+
+	GuestState *GuestState `json:"GuestState,omitempty"`
+
+	RestoreState *RestoreState `json:"RestoreState,omitempty"`
+
+	RegistryChanges *RegistryChanges `json:"RegistryChanges,omitempty"`
+
+	StorageQoS *StorageQoS `json:"StorageQoS,omitempty"`
+
+	GuestConnection *GuestConnection `json:"GuestConnection,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_node_info.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_node_info.go
new file mode 100644
index 0000000000000..91a3c83d4ff1c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_node_info.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualNodeInfo struct {
+	VirtualNodeIndex int32 `json:"VirtualNodeIndex,omitempty"`
+
+	PhysicalNodeNumber int32 `json:"PhysicalNodeNumber,omitempty"`
+
+	VirtualProcessorCount int32 `json:"VirtualProcessorCount,omitempty"`
+
+	MemoryUsageInPages int32 `json:"MemoryUsageInPages,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_controller.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_controller.go
new file mode 100644
index 0000000000000..f5b7f3e38c0f2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_controller.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualPMemController struct {
+	Devices map[string]VirtualPMemDevice `json:"Devices,omitempty"`
+
+	MaximumCount uint32 `json:"MaximumCount,omitempty"`
+
+	MaximumSizeBytes uint64 `json:"MaximumSizeBytes,omitempty"`
+
+	Backing string `json:"Backing,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_device.go
new file mode 100644
index 0000000000000..70cf2d90de034
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_device.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualPMemDevice struct {
+	HostPath string `json:"HostPath,omitempty"`
+
+	ReadOnly bool `json:"ReadOnly,omitempty"`
+
+	ImageFormat string `json:"ImageFormat,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_device.go
new file mode 100644
index 0000000000000..f5e05903c5496
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_device.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.3
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// TODO: This is pre-release support in schema 2.3. Need to add build number
+// docs when a public build with this is out.
+type VirtualPciDevice struct {
+	Functions []VirtualPciFunction `json:",omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_function.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_function.go
new file mode 100644
index 0000000000000..cedb7d18bc287
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_function.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.3
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// TODO: This is pre-release support in schema 2.3. Need to add build number
+// docs when a public build with this is out.
+type VirtualPciFunction struct {
+	DeviceInstancePath string `json:",omitempty"`
+
+	VirtualFunction uint16 `json:",omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb.go
new file mode 100644
index 0000000000000..362df363e13ad
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualSmb struct {
+	Shares []VirtualSmbShare `json:"Shares,omitempty"`
+
+	DirectFileMappingInMB int64 `json:"DirectFileMappingInMB,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share.go
new file mode 100644
index 0000000000000..915e9b6386ab3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualSmbShare struct {
+	Name string `json:"Name,omitempty"`
+
+	Path string `json:"Path,omitempty"`
+
+	AllowedFiles []string `json:"AllowedFiles,omitempty"`
+
+	Options *VirtualSmbShareOptions `json:"Options,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share_options.go
new file mode 100644
index 0000000000000..75196bd8c8dbb
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share_options.go
@@ -0,0 +1,62 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualSmbShareOptions struct {
+	ReadOnly bool `json:"ReadOnly,omitempty"`
+
+	//  convert exclusive access to shared read access
+	ShareRead bool `json:"ShareRead,omitempty"`
+
+	//  all opens will use cached I/O
+	CacheIo bool `json:"CacheIo,omitempty"`
+
+	//  disable oplock support
+	NoOplocks bool `json:"NoOplocks,omitempty"`
+
+	//  Acquire the backup privilege when attempting to open
+	TakeBackupPrivilege bool `json:"TakeBackupPrivilege,omitempty"`
+
+	//  Use the identity of the share root when opening
+	UseShareRootIdentity bool `json:"UseShareRootIdentity,omitempty"`
+
+	//  disable Direct Mapping
+	NoDirectmap bool `json:"NoDirectmap,omitempty"`
+
+	//  disable Byterange locks
+	NoLocks bool `json:"NoLocks,omitempty"`
+
+	//  disable Directory CHange Notifications
+	NoDirnotify bool `json:"NoDirnotify,omitempty"`
+
+	//  share is use for VM shared memory
+	VmSharedMemory bool `json:"VmSharedMemory,omitempty"`
+
+	//  allow access only to the files specified in AllowedFiles
+	RestrictFileAccess bool `json:"RestrictFileAccess,omitempty"`
+
+	//  disable all oplocks except Level II
+	ForceLevelIIOplocks bool `json:"ForceLevelIIOplocks,omitempty"`
+
+	//  Allow the host to reparse this base layer
+	ReparseBaseLayer bool `json:"ReparseBaseLayer,omitempty"`
+
+	//  Enable pseudo-oplocks
+	PseudoOplocks bool `json:"PseudoOplocks,omitempty"`
+
+	//  All opens will use non-cached IO
+	NonCacheIo bool `json:"NonCacheIo,omitempty"`
+
+	//  Enable pseudo directory change notifications
+	PseudoDirnotify bool `json:"PseudoDirnotify,omitempty"`
+
+	//  Block directory enumeration, renames, and deletes.
+	SingleFileMapping bool `json:"SingleFileMapping,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_memory.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_memory.go
new file mode 100644
index 0000000000000..8e1836dd6be42
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_memory.go
@@ -0,0 +1,26 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VmMemory struct {
+	AvailableMemory int32 `json:"AvailableMemory,omitempty"`
+
+	AvailableMemoryBuffer int32 `json:"AvailableMemoryBuffer,omitempty"`
+
+	ReservedMemory uint64 `json:"ReservedMemory,omitempty"`
+
+	AssignedMemory uint64 `json:"AssignedMemory,omitempty"`
+
+	SlpActive bool `json:"SlpActive,omitempty"`
+
+	BalancingEnabled bool `json:"BalancingEnabled,omitempty"`
+
+	DmOperationInProgress bool `json:"DmOperationInProgress,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_processor_limits.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_processor_limits.go
new file mode 100644
index 0000000000000..de1b9cf1ae20e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_processor_limits.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// ProcessorLimits is used when modifying processor scheduling limits of a virtual machine.
+type ProcessorLimits struct {
+	// Maximum amount of host CPU resources that the virtual machine can use.
+	Limit uint64 `json:"Limit,omitempty"`
+	// Value describing the relative priority of this virtual machine compared to other virtual machines.
+	Weight uint64 `json:"Weight,omitempty"`
+	// Minimum amount of host CPU resources that the virtual machine is guaranteed.
+	Reservation uint64 `json:"Reservation,omitempty"`
+	// Provides the target maximum CPU frequency, in MHz, for a virtual machine.
+	MaximumFrequencyMHz uint32 `json:"MaximumFrequencyMHz,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/windows_crash_reporting.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/windows_crash_reporting.go
new file mode 100644
index 0000000000000..8ed7e566d6425
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/windows_crash_reporting.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type WindowsCrashReporting struct {
+	DumpFileName string `json:"DumpFileName,omitempty"`
+
+	MaxDumpSize int64 `json:"MaxDumpSize,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go
new file mode 100644
index 0000000000000..a634dfc151587
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go
@@ -0,0 +1,49 @@
+package hcs
+
+import (
+	"context"
+	"encoding/json"
+
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+	"github.com/Microsoft/hcsshim/internal/vmcompute"
+)
+
+// GetServiceProperties returns properties of the host compute service.
+func GetServiceProperties(ctx context.Context, q hcsschema.PropertyQuery) (*hcsschema.ServiceProperties, error) {
+	operation := "hcs::GetServiceProperties"
+
+	queryb, err := json.Marshal(q)
+	if err != nil {
+		return nil, err
+	}
+	propertiesJSON, resultJSON, err := vmcompute.HcsGetServiceProperties(ctx, string(queryb))
+	events := processHcsResult(ctx, resultJSON)
+	if err != nil {
+		return nil, &HcsError{Op: operation, Err: err, Events: events}
+	}
+
+	if propertiesJSON == "" {
+		return nil, ErrUnexpectedValue
+	}
+	properties := &hcsschema.ServiceProperties{}
+	if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
+		return nil, err
+	}
+	return properties, nil
+}
+
+// ModifyServiceSettings modifies settings of the host compute service.
+func ModifyServiceSettings(ctx context.Context, settings hcsschema.ModificationRequest) error {
+	operation := "hcs::ModifyServiceSettings"
+
+	settingsJSON, err := json.Marshal(settings)
+	if err != nil {
+		return err
+	}
+	resultJSON, err := vmcompute.HcsModifyServiceSettings(ctx, string(settingsJSON))
+	events := processHcsResult(ctx, resultJSON)
+	if err != nil {
+		return &HcsError{Op: operation, Err: err, Events: events}
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
index 57afd5ec6ba35..75499c967f0f3 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
@@ -1,56 +1,55 @@
 package hcs
 
 import (
+	"context"
 	"encoding/json"
-	"fmt"
-	"os"
-	"strconv"
+	"errors"
+	"strings"
 	"sync"
 	"syscall"
-	"time"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
-	"github.com/Microsoft/hcsshim/internal/schema1"
+	"github.com/Microsoft/hcsshim/internal/cow"
+	"github.com/Microsoft/hcsshim/internal/hcs/schema1"
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/internal/oc"
 	"github.com/Microsoft/hcsshim/internal/timeout"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/vmcompute"
+	"go.opencensus.io/trace"
 )
 
-// currentContainerStarts is used to limit the number of concurrent container
-// starts.
-var currentContainerStarts containerStarts
-
-type containerStarts struct {
-	maxParallel int
-	inProgress  int
-	sync.Mutex
-}
-
-func init() {
-	mpsS := os.Getenv("HCSSHIM_MAX_PARALLEL_START")
-	if len(mpsS) > 0 {
-		mpsI, err := strconv.Atoi(mpsS)
-		if err != nil || mpsI < 0 {
-			return
-		}
-		currentContainerStarts.maxParallel = mpsI
-	}
-}
-
 type System struct {
 	handleLock     sync.RWMutex
-	handle         hcsSystem
+	handle         vmcompute.HcsSystem
 	id             string
 	callbackNumber uintptr
+
+	closedWaitOnce sync.Once
+	waitBlock      chan struct{}
+	waitError      error
+	exitError      error
+	os, typ        string
+}
+
+func newSystem(id string) *System {
+	return &System{
+		id:        id,
+		waitBlock: make(chan struct{}),
+	}
 }
 
 // CreateComputeSystem creates a new compute system with the given configuration but does not start it.
-func CreateComputeSystem(id string, hcsDocumentInterface interface{}) (*System, error) {
-	operation := "CreateComputeSystem"
-	title := "hcsshim::" + operation
+func CreateComputeSystem(ctx context.Context, id string, hcsDocumentInterface interface{}) (_ *System, err error) {
+	operation := "hcs::CreateComputeSystem"
 
-	computeSystem := &System{
-		id: id,
-	}
+	// hcsCreateComputeSystemContext is an async operation. Start the outer span
+	// here to measure the full create time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", id))
+
+	computeSystem := newSystem(id)
 
 	hcsDocumentB, err := json.Marshal(hcsDocumentInterface)
 	if err != nil {
@@ -58,157 +57,145 @@ func CreateComputeSystem(id string, hcsDocumentInterface interface{}) (*System,
 	}
 
 	hcsDocument := string(hcsDocumentB)
-	logrus.Debugf(title+" ID=%s config=%s", id, hcsDocument)
 
 	var (
-		resultp  *uint16
-		identity syscall.Handle
+		identity    syscall.Handle
+		resultJSON  string
+		createError error
 	)
-	completed := false
-	go syscallWatcher(fmt.Sprintf("CreateCompleteSystem %s: %s", id, hcsDocument), &completed)
-	createError := hcsCreateComputeSystem(id, hcsDocument, identity, &computeSystem.handle, &resultp)
-	completed = true
-
+	computeSystem.handle, resultJSON, createError = vmcompute.HcsCreateComputeSystem(ctx, id, hcsDocument, identity)
 	if createError == nil || IsPending(createError) {
-		if err := computeSystem.registerCallback(); err != nil {
+		defer func() {
+			if err != nil {
+				computeSystem.Close()
+			}
+		}()
+		if err = computeSystem.registerCallback(ctx); err != nil {
 			// Terminate the compute system if it still exists. We're okay to
 			// ignore a failure here.
-			computeSystem.Terminate()
-			return nil, makeSystemError(computeSystem, operation, "", err, nil)
+			_ = computeSystem.Terminate(ctx)
+			return nil, makeSystemError(computeSystem, operation, err, nil)
 		}
 	}
 
-	events, err := processAsyncHcsResult(createError, resultp, computeSystem.callbackNumber, hcsNotificationSystemCreateCompleted, &timeout.SystemCreate)
+	events, err := processAsyncHcsResult(ctx, createError, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemCreateCompleted, &timeout.SystemCreate)
 	if err != nil {
 		if err == ErrTimeout {
 			// Terminate the compute system if it still exists. We're okay to
 			// ignore a failure here.
-			computeSystem.Terminate()
+			_ = computeSystem.Terminate(ctx)
 		}
-		return nil, makeSystemError(computeSystem, operation, hcsDocument, err, events)
+		return nil, makeSystemError(computeSystem, operation, err, events)
+	}
+	go computeSystem.waitBackground()
+	if err = computeSystem.getCachedProperties(ctx); err != nil {
+		return nil, err
 	}
-
-	logrus.Debugf(title+" succeeded id=%s handle=%d", id, computeSystem.handle)
 	return computeSystem, nil
 }
 
 // OpenComputeSystem opens an existing compute system by ID.
-func OpenComputeSystem(id string) (*System, error) {
-	operation := "OpenComputeSystem"
-	title := "hcsshim::" + operation
-	logrus.Debugf(title+" ID=%s", id)
+func OpenComputeSystem(ctx context.Context, id string) (*System, error) {
+	operation := "hcs::OpenComputeSystem"
 
-	computeSystem := &System{
-		id: id,
-	}
-
-	var (
-		handle  hcsSystem
-		resultp *uint16
-	)
-	err := hcsOpenComputeSystem(id, &handle, &resultp)
-	events := processHcsResult(resultp)
+	computeSystem := newSystem(id)
+	handle, resultJSON, err := vmcompute.HcsOpenComputeSystem(ctx, id)
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, operation, "", err, events)
+		return nil, makeSystemError(computeSystem, operation, err, events)
 	}
-
 	computeSystem.handle = handle
+	defer func() {
+		if err != nil {
+			computeSystem.Close()
+		}
+	}()
+	if err = computeSystem.registerCallback(ctx); err != nil {
+		return nil, makeSystemError(computeSystem, operation, err, nil)
+	}
+	go computeSystem.waitBackground()
+	if err = computeSystem.getCachedProperties(ctx); err != nil {
+		return nil, err
+	}
+	return computeSystem, nil
+}
 
-	if err := computeSystem.registerCallback(); err != nil {
-		return nil, makeSystemError(computeSystem, operation, "", err, nil)
+func (computeSystem *System) getCachedProperties(ctx context.Context) error {
+	props, err := computeSystem.Properties(ctx)
+	if err != nil {
+		return err
 	}
+	computeSystem.typ = strings.ToLower(props.SystemType)
+	computeSystem.os = strings.ToLower(props.RuntimeOSType)
+	if computeSystem.os == "" && computeSystem.typ == "container" {
+		// Pre-RS5 HCS did not return the OS, but it only supported containers
+		// that ran Windows.
+		computeSystem.os = "windows"
+	}
+	return nil
+}
 
-	logrus.Debugf(title+" succeeded id=%s handle=%d", id, handle)
-	return computeSystem, nil
+// OS returns the operating system of the compute system, "linux" or "windows".
+func (computeSystem *System) OS() string {
+	return computeSystem.os
+}
+
+// IsOCI returns whether processes in the compute system should be created via
+// OCI.
+func (computeSystem *System) IsOCI() bool {
+	return computeSystem.os == "linux" && computeSystem.typ == "container"
 }
 
 // GetComputeSystems gets a list of the compute systems on the system that match the query
-func GetComputeSystems(q schema1.ComputeSystemQuery) ([]schema1.ContainerProperties, error) {
-	operation := "GetComputeSystems"
-	title := "hcsshim::" + operation
+func GetComputeSystems(ctx context.Context, q schema1.ComputeSystemQuery) ([]schema1.ContainerProperties, error) {
+	operation := "hcs::GetComputeSystems"
 
 	queryb, err := json.Marshal(q)
 	if err != nil {
 		return nil, err
 	}
 
-	query := string(queryb)
-	logrus.Debugf(title+" query=%s", query)
-
-	var (
-		resultp         *uint16
-		computeSystemsp *uint16
-	)
-	completed := false
-	go syscallWatcher(fmt.Sprintf("GetComputeSystems %s:", query), &completed)
-	err = hcsEnumerateComputeSystems(query, &computeSystemsp, &resultp)
-	completed = true
-	events := processHcsResult(resultp)
+	computeSystemsJSON, resultJSON, err := vmcompute.HcsEnumerateComputeSystems(ctx, string(queryb))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
 		return nil, &HcsError{Op: operation, Err: err, Events: events}
 	}
 
-	if computeSystemsp == nil {
+	if computeSystemsJSON == "" {
 		return nil, ErrUnexpectedValue
 	}
-	computeSystemsRaw := interop.ConvertAndFreeCoTaskMemBytes(computeSystemsp)
 	computeSystems := []schema1.ContainerProperties{}
-	if err := json.Unmarshal(computeSystemsRaw, &computeSystems); err != nil {
+	if err = json.Unmarshal([]byte(computeSystemsJSON), &computeSystems); err != nil {
 		return nil, err
 	}
 
-	logrus.Debugf(title + " succeeded")
 	return computeSystems, nil
 }
 
 // Start synchronously starts the computeSystem.
-func (computeSystem *System) Start() error {
+func (computeSystem *System) Start(ctx context.Context) (err error) {
+	operation := "hcs::System::Start"
+
+	// hcsStartComputeSystemContext is an async operation. Start the outer span
+	// here to measure the full start time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
-	title := "hcsshim::ComputeSystem::Start ID=" + computeSystem.ID()
-	logrus.Debugf(title)
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Start", "", ErrAlreadyClosed, nil)
-	}
-
-	// This is a very simple backoff-retry loop to limit the number
-	// of parallel container starts if environment variable
-	// HCSSHIM_MAX_PARALLEL_START is set to a positive integer.
-	// It should generally only be used as a workaround to various
-	// platform issues that exist between RS1 and RS4 as of Aug 2018
-	if currentContainerStarts.maxParallel > 0 {
-		for {
-			currentContainerStarts.Lock()
-			if currentContainerStarts.inProgress < currentContainerStarts.maxParallel {
-				currentContainerStarts.inProgress++
-				currentContainerStarts.Unlock()
-				break
-			}
-			if currentContainerStarts.inProgress == currentContainerStarts.maxParallel {
-				currentContainerStarts.Unlock()
-				time.Sleep(100 * time.Millisecond)
-			}
-		}
-		// Make sure we decrement the count when we are done.
-		defer func() {
-			currentContainerStarts.Lock()
-			currentContainerStarts.inProgress--
-			currentContainerStarts.Unlock()
-		}()
+		return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
 	}
 
-	var resultp *uint16
-	completed := false
-	go syscallWatcher(fmt.Sprintf("StartComputeSystem %s:", computeSystem.ID()), &completed)
-	err := hcsStartComputeSystem(computeSystem.handle, "", &resultp)
-	completed = true
-	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemStartCompleted, &timeout.SystemStart)
+	resultJSON, err := vmcompute.HcsStartComputeSystem(ctx, computeSystem.handle, "")
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemStartCompleted, &timeout.SystemStart)
 	if err != nil {
-		return makeSystemError(computeSystem, "Start", "", err, events)
+		return makeSystemError(computeSystem, operation, err, events)
 	}
 
-	logrus.Debugf(title + " succeeded")
 	return nil
 }
 
@@ -217,319 +204,389 @@ func (computeSystem *System) ID() string {
 	return computeSystem.id
 }
 
-// Shutdown requests a compute system shutdown, if IsPending() on the error returned is true,
-// it may not actually be shut down until Wait() succeeds.
-func (computeSystem *System) Shutdown() error {
+// Shutdown requests a compute system shutdown.
+func (computeSystem *System) Shutdown(ctx context.Context) error {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
-	title := "hcsshim::ComputeSystem::Shutdown"
-	logrus.Debugf(title)
+
+	operation := "hcs::System::Shutdown"
+
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Shutdown", "", ErrAlreadyClosed, nil)
+		return nil
 	}
 
-	var resultp *uint16
-	completed := false
-	go syscallWatcher(fmt.Sprintf("ShutdownComputeSystem %s:", computeSystem.ID()), &completed)
-	err := hcsShutdownComputeSystem(computeSystem.handle, "", &resultp)
-	completed = true
-	events := processHcsResult(resultp)
-	if err != nil {
-		return makeSystemError(computeSystem, "Shutdown", "", err, events)
+	resultJSON, err := vmcompute.HcsShutdownComputeSystem(ctx, computeSystem.handle, "")
+	events := processHcsResult(ctx, resultJSON)
+	switch err {
+	case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending:
+	default:
+		return makeSystemError(computeSystem, operation, err, events)
 	}
-
-	logrus.Debugf(title + " succeeded")
 	return nil
 }
 
-// Terminate requests a compute system terminate, if IsPending() on the error returned is true,
-// it may not actually be shut down until Wait() succeeds.
-func (computeSystem *System) Terminate() error {
+// Terminate requests a compute system terminate.
+func (computeSystem *System) Terminate(ctx context.Context) error {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
-	title := "hcsshim::ComputeSystem::Terminate ID=" + computeSystem.ID()
-	logrus.Debugf(title)
+
+	operation := "hcs::System::Terminate"
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Terminate", "", ErrAlreadyClosed, nil)
+		return nil
 	}
 
-	var resultp *uint16
-	completed := false
-	go syscallWatcher(fmt.Sprintf("TerminateComputeSystem %s:", computeSystem.ID()), &completed)
-	err := hcsTerminateComputeSystem(computeSystem.handle, "", &resultp)
-	completed = true
-	events := processHcsResult(resultp)
-	if err != nil {
-		return makeSystemError(computeSystem, "Terminate", "", err, events)
+	resultJSON, err := vmcompute.HcsTerminateComputeSystem(ctx, computeSystem.handle, "")
+	events := processHcsResult(ctx, resultJSON)
+	switch err {
+	case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending:
+	default:
+		return makeSystemError(computeSystem, operation, err, events)
 	}
-
-	logrus.Debugf(title + " succeeded")
 	return nil
 }
 
-// Wait synchronously waits for the compute system to shutdown or terminate.
+// waitBackground waits for the compute system exit notification. Once received
+// sets `computeSystem.waitError` (if any) and unblocks all `Wait` calls.
+//
+// This MUST be called exactly once per `computeSystem.handle` but `Wait` is
+// safe to call multiple times.
+func (computeSystem *System) waitBackground() {
+	operation := "hcs::System::waitBackground"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+	err := waitForNotification(ctx, computeSystem.callbackNumber, hcsNotificationSystemExited, nil)
+	switch err {
+	case nil:
+		log.G(ctx).Debug("system exited")
+	case ErrVmcomputeUnexpectedExit:
+		log.G(ctx).Debug("unexpected system exit")
+		computeSystem.exitError = makeSystemError(computeSystem, operation, err, nil)
+		err = nil
+	default:
+		err = makeSystemError(computeSystem, operation, err, nil)
+	}
+	computeSystem.closedWaitOnce.Do(func() {
+		computeSystem.waitError = err
+		close(computeSystem.waitBlock)
+	})
+	oc.SetSpanStatus(span, err)
+}
+
+// Wait synchronously waits for the compute system to shutdown or terminate. If
+// the compute system has already exited returns the previous error (if any).
 func (computeSystem *System) Wait() error {
-	title := "hcsshim::ComputeSystem::Wait ID=" + computeSystem.ID()
-	logrus.Debugf(title)
+	<-computeSystem.waitBlock
+	return computeSystem.waitError
+}
 
-	err := waitForNotification(computeSystem.callbackNumber, hcsNotificationSystemExited, nil)
-	if err != nil {
-		return makeSystemError(computeSystem, "Wait", "", err, nil)
+// ExitError returns an error describing the reason the compute system terminated.
+func (computeSystem *System) ExitError() error {
+	select {
+	case <-computeSystem.waitBlock:
+		if computeSystem.waitError != nil {
+			return computeSystem.waitError
+		}
+		return computeSystem.exitError
+	default:
+		return errors.New("container not exited")
 	}
-
-	logrus.Debugf(title + " succeeded")
-	return nil
 }
 
-// WaitTimeout synchronously waits for the compute system to terminate or the duration to elapse.
-// If the timeout expires, IsTimeout(err) == true
-func (computeSystem *System) WaitTimeout(timeout time.Duration) error {
-	title := "hcsshim::ComputeSystem::WaitTimeout ID=" + computeSystem.ID()
-	logrus.Debugf(title)
+// Properties returns the requested container properties targeting a V1 schema container.
+func (computeSystem *System) Properties(ctx context.Context, types ...schema1.PropertyType) (*schema1.ContainerProperties, error) {
+	computeSystem.handleLock.RLock()
+	defer computeSystem.handleLock.RUnlock()
+
+	operation := "hcs::System::Properties"
 
-	err := waitForNotification(computeSystem.callbackNumber, hcsNotificationSystemExited, &timeout)
+	queryBytes, err := json.Marshal(schema1.PropertyQuery{PropertyTypes: types})
 	if err != nil {
-		return makeSystemError(computeSystem, "WaitTimeout", "", err, nil)
+		return nil, makeSystemError(computeSystem, operation, err, nil)
 	}
 
-	logrus.Debugf(title + " succeeded")
-	return nil
+	propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes))
+	events := processHcsResult(ctx, resultJSON)
+	if err != nil {
+		return nil, makeSystemError(computeSystem, operation, err, events)
+	}
+
+	if propertiesJSON == "" {
+		return nil, ErrUnexpectedValue
+	}
+	properties := &schema1.ContainerProperties{}
+	if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
+		return nil, makeSystemError(computeSystem, operation, err, nil)
+	}
+
+	return properties, nil
 }
 
-func (computeSystem *System) Properties(types ...schema1.PropertyType) (*schema1.ContainerProperties, error) {
+// PropertiesV2 returns the requested container properties targeting a V2 schema container.
+func (computeSystem *System) PropertiesV2(ctx context.Context, types ...hcsschema.PropertyType) (*hcsschema.Properties, error) {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	queryj, err := json.Marshal(schema1.PropertyQuery{types})
+	operation := "hcs::System::PropertiesV2"
+
+	queryBytes, err := json.Marshal(hcsschema.PropertyQuery{PropertyTypes: types})
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "Properties", "", err, nil)
+		return nil, makeSystemError(computeSystem, operation, err, nil)
 	}
 
-	var resultp, propertiesp *uint16
-	completed := false
-	go syscallWatcher(fmt.Sprintf("GetComputeSystemProperties %s:", computeSystem.ID()), &completed)
-	err = hcsGetComputeSystemProperties(computeSystem.handle, string(queryj), &propertiesp, &resultp)
-	completed = true
-	events := processHcsResult(resultp)
+	propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "Properties", "", err, events)
+		return nil, makeSystemError(computeSystem, operation, err, events)
 	}
 
-	if propertiesp == nil {
+	if propertiesJSON == "" {
 		return nil, ErrUnexpectedValue
 	}
-	propertiesRaw := interop.ConvertAndFreeCoTaskMemBytes(propertiesp)
-	properties := &schema1.ContainerProperties{}
-	if err := json.Unmarshal(propertiesRaw, properties); err != nil {
-		return nil, makeSystemError(computeSystem, "Properties", "", err, nil)
+	properties := &hcsschema.Properties{}
+	if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
+		return nil, makeSystemError(computeSystem, operation, err, nil)
 	}
+
 	return properties, nil
 }
 
 // Pause pauses the execution of the computeSystem. This feature is not enabled in TP5.
-func (computeSystem *System) Pause() error {
+func (computeSystem *System) Pause(ctx context.Context) (err error) {
+	operation := "hcs::System::Pause"
+
+	// hcsPauseComputeSystemContext is an async peration. Start the outer span
+	// here to measure the full pause time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
-	title := "hcsshim::ComputeSystem::Pause ID=" + computeSystem.ID()
-	logrus.Debugf(title)
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Pause", "", ErrAlreadyClosed, nil)
+		return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
 	}
 
-	var resultp *uint16
-	completed := false
-	go syscallWatcher(fmt.Sprintf("PauseComputeSystem %s:", computeSystem.ID()), &completed)
-	err := hcsPauseComputeSystem(computeSystem.handle, "", &resultp)
-	completed = true
-	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
+	resultJSON, err := vmcompute.HcsPauseComputeSystem(ctx, computeSystem.handle, "")
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
 	if err != nil {
-		return makeSystemError(computeSystem, "Pause", "", err, events)
+		return makeSystemError(computeSystem, operation, err, events)
 	}
 
-	logrus.Debugf(title + " succeeded")
 	return nil
 }
 
 // Resume resumes the execution of the computeSystem. This feature is not enabled in TP5.
-func (computeSystem *System) Resume() error {
+func (computeSystem *System) Resume(ctx context.Context) (err error) {
+	operation := "hcs::System::Resume"
+
+	// hcsResumeComputeSystemContext is an async operation. Start the outer span
+	// here to measure the full restore time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
-	title := "hcsshim::ComputeSystem::Resume ID=" + computeSystem.ID()
-	logrus.Debugf(title)
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Resume", "", ErrAlreadyClosed, nil)
+		return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
 	}
 
-	var resultp *uint16
-	completed := false
-	go syscallWatcher(fmt.Sprintf("ResumeComputeSystem %s:", computeSystem.ID()), &completed)
-	err := hcsResumeComputeSystem(computeSystem.handle, "", &resultp)
-	completed = true
-	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
+	resultJSON, err := vmcompute.HcsResumeComputeSystem(ctx, computeSystem.handle, "")
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
 	if err != nil {
-		return makeSystemError(computeSystem, "Resume", "", err, events)
+		return makeSystemError(computeSystem, operation, err, events)
 	}
 
-	logrus.Debugf(title + " succeeded")
 	return nil
 }
 
-// CreateProcess launches a new process within the computeSystem.
-func (computeSystem *System) CreateProcess(c interface{}) (*Process, error) {
+// Save the compute system
+func (computeSystem *System) Save(ctx context.Context, options interface{}) (err error) {
+	operation := "hcs::System::Save"
+
+	// hcsSaveComputeSystemContext is an async peration. Start the outer span
+	// here to measure the full save time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+	saveOptions, err := json.Marshal(options)
+	if err != nil {
+		return err
+	}
+
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
-	title := "hcsshim::ComputeSystem::CreateProcess ID=" + computeSystem.ID()
-	var (
-		processInfo   hcsProcessInformation
-		processHandle hcsProcess
-		resultp       *uint16
-	)
 
 	if computeSystem.handle == 0 {
-		return nil, makeSystemError(computeSystem, "CreateProcess", "", ErrAlreadyClosed, nil)
+		return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+	}
+
+	result, err := vmcompute.HcsSaveComputeSystem(ctx, computeSystem.handle, string(saveOptions))
+	events, err := processAsyncHcsResult(ctx, err, result, computeSystem.callbackNumber, hcsNotificationSystemSaveCompleted, &timeout.SystemSave)
+	if err != nil {
+		return makeSystemError(computeSystem, operation, err, events)
+	}
+
+	return nil
+}
+
+func (computeSystem *System) createProcess(ctx context.Context, operation string, c interface{}) (*Process, *vmcompute.HcsProcessInformation, error) {
+	computeSystem.handleLock.RLock()
+	defer computeSystem.handleLock.RUnlock()
+
+	if computeSystem.handle == 0 {
+		return nil, nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
 	}
 
 	configurationb, err := json.Marshal(c)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "CreateProcess", "", err, nil)
+		return nil, nil, makeSystemError(computeSystem, operation, err, nil)
 	}
 
 	configuration := string(configurationb)
-	logrus.Debugf(title+" config=%s", configuration)
+	processInfo, processHandle, resultJSON, err := vmcompute.HcsCreateProcess(ctx, computeSystem.handle, configuration)
+	events := processHcsResult(ctx, resultJSON)
+	if err != nil {
+		return nil, nil, makeSystemError(computeSystem, operation, err, events)
+	}
 
-	completed := false
-	go syscallWatcher(fmt.Sprintf("CreateProcess %s: %s", computeSystem.ID(), configuration), &completed)
-	err = hcsCreateProcess(computeSystem.handle, configuration, &processInfo, &processHandle, &resultp)
-	completed = true
-	events := processHcsResult(resultp)
+	log.G(ctx).WithField("pid", processInfo.ProcessId).Debug("created process pid")
+	return newProcess(processHandle, int(processInfo.ProcessId), computeSystem), &processInfo, nil
+}
+
+// CreateProcess launches a new process within the computeSystem.
+func (computeSystem *System) CreateProcess(ctx context.Context, c interface{}) (cow.Process, error) {
+	operation := "hcs::System::CreateProcess"
+	process, processInfo, err := computeSystem.createProcess(ctx, operation, c)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "CreateProcess", configuration, err, events)
+		return nil, err
 	}
+	defer func() {
+		if err != nil {
+			process.Close()
+		}
+	}()
 
-	process := &Process{
-		handle:    processHandle,
-		processID: int(processInfo.ProcessId),
-		system:    computeSystem,
-		cachedPipes: &cachedPipes{
-			stdIn:  processInfo.StdInput,
-			stdOut: processInfo.StdOutput,
-			stdErr: processInfo.StdError,
-		},
+	pipes, err := makeOpenFiles([]syscall.Handle{processInfo.StdInput, processInfo.StdOutput, processInfo.StdError})
+	if err != nil {
+		return nil, makeSystemError(computeSystem, operation, err, nil)
 	}
+	process.stdin = pipes[0]
+	process.stdout = pipes[1]
+	process.stderr = pipes[2]
+	process.hasCachedStdio = true
 
-	if err := process.registerCallback(); err != nil {
-		return nil, makeSystemError(computeSystem, "CreateProcess", "", err, nil)
+	if err = process.registerCallback(ctx); err != nil {
+		return nil, makeSystemError(computeSystem, operation, err, nil)
 	}
+	go process.waitBackground()
 
-	logrus.Debugf(title+" succeeded processid=%d", process.processID)
 	return process, nil
 }
 
 // OpenProcess gets an interface to an existing process within the computeSystem.
-func (computeSystem *System) OpenProcess(pid int) (*Process, error) {
+func (computeSystem *System) OpenProcess(ctx context.Context, pid int) (*Process, error) {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
-	title := "hcsshim::ComputeSystem::OpenProcess ID=" + computeSystem.ID()
-	logrus.Debugf(title+" processid=%d", pid)
-	var (
-		processHandle hcsProcess
-		resultp       *uint16
-	)
+
+	operation := "hcs::System::OpenProcess"
 
 	if computeSystem.handle == 0 {
-		return nil, makeSystemError(computeSystem, "OpenProcess", "", ErrAlreadyClosed, nil)
+		return nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
 	}
 
-	completed := false
-	go syscallWatcher(fmt.Sprintf("OpenProcess %s: %d", computeSystem.ID(), pid), &completed)
-	err := hcsOpenProcess(computeSystem.handle, uint32(pid), &processHandle, &resultp)
-	completed = true
-	events := processHcsResult(resultp)
+	processHandle, resultJSON, err := vmcompute.HcsOpenProcess(ctx, computeSystem.handle, uint32(pid))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "OpenProcess", "", err, events)
-	}
-
-	process := &Process{
-		handle:    processHandle,
-		processID: pid,
-		system:    computeSystem,
+		return nil, makeSystemError(computeSystem, operation, err, events)
 	}
 
-	if err := process.registerCallback(); err != nil {
-		return nil, makeSystemError(computeSystem, "OpenProcess", "", err, nil)
+	process := newProcess(processHandle, pid, computeSystem)
+	if err = process.registerCallback(ctx); err != nil {
+		return nil, makeSystemError(computeSystem, operation, err, nil)
 	}
+	go process.waitBackground()
 
-	logrus.Debugf(title+" succeeded processid=%s", process.processID)
 	return process, nil
 }
 
 // Close cleans up any state associated with the compute system but does not terminate or wait for it.
-func (computeSystem *System) Close() error {
+func (computeSystem *System) Close() (err error) {
+	operation := "hcs::System::Close"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
 	computeSystem.handleLock.Lock()
 	defer computeSystem.handleLock.Unlock()
-	title := "hcsshim::ComputeSystem::Close ID=" + computeSystem.ID()
-	logrus.Debugf(title)
 
 	// Don't double free this
 	if computeSystem.handle == 0 {
 		return nil
 	}
 
-	if err := computeSystem.unregisterCallback(); err != nil {
-		return makeSystemError(computeSystem, "Close", "", err, nil)
+	if err = computeSystem.unregisterCallback(ctx); err != nil {
+		return makeSystemError(computeSystem, operation, err, nil)
 	}
 
-	completed := false
-	go syscallWatcher(fmt.Sprintf("CloseComputeSystem %s:", computeSystem.ID()), &completed)
-	err := hcsCloseComputeSystem(computeSystem.handle)
-	completed = true
+	err = vmcompute.HcsCloseComputeSystem(ctx, computeSystem.handle)
 	if err != nil {
-		return makeSystemError(computeSystem, "Close", "", err, nil)
+		return makeSystemError(computeSystem, operation, err, nil)
 	}
 
 	computeSystem.handle = 0
+	computeSystem.closedWaitOnce.Do(func() {
+		computeSystem.waitError = ErrAlreadyClosed
+		close(computeSystem.waitBlock)
+	})
 
-	logrus.Debugf(title + " succeeded")
 	return nil
 }
 
-func (computeSystem *System) registerCallback() error {
-	context := &notifcationWatcherContext{
-		channels: newChannels(),
+func (computeSystem *System) registerCallback(ctx context.Context) error {
+	callbackContext := &notificationWatcherContext{
+		channels: newSystemChannels(),
+		systemID: computeSystem.id,
 	}
 
 	callbackMapLock.Lock()
 	callbackNumber := nextCallback
 	nextCallback++
-	callbackMap[callbackNumber] = context
+	callbackMap[callbackNumber] = callbackContext
 	callbackMapLock.Unlock()
 
-	var callbackHandle hcsCallback
-	err := hcsRegisterComputeSystemCallback(computeSystem.handle, notificationWatcherCallback, callbackNumber, &callbackHandle)
+	callbackHandle, err := vmcompute.HcsRegisterComputeSystemCallback(ctx, computeSystem.handle, notificationWatcherCallback, callbackNumber)
 	if err != nil {
 		return err
 	}
-	context.handle = callbackHandle
+	callbackContext.handle = callbackHandle
 	computeSystem.callbackNumber = callbackNumber
 
 	return nil
 }
 
-func (computeSystem *System) unregisterCallback() error {
+func (computeSystem *System) unregisterCallback(ctx context.Context) error {
 	callbackNumber := computeSystem.callbackNumber
 
 	callbackMapLock.RLock()
-	context := callbackMap[callbackNumber]
+	callbackContext := callbackMap[callbackNumber]
 	callbackMapLock.RUnlock()
 
-	if context == nil {
+	if callbackContext == nil {
 		return nil
 	}
 
-	handle := context.handle
+	handle := callbackContext.handle
 
 	if handle == 0 {
 		return nil
@@ -537,49 +594,44 @@ func (computeSystem *System) unregisterCallback() error {
 
 	// hcsUnregisterComputeSystemCallback has its own syncronization
 	// to wait for all callbacks to complete. We must NOT hold the callbackMapLock.
-	err := hcsUnregisterComputeSystemCallback(handle)
+	err := vmcompute.HcsUnregisterComputeSystemCallback(ctx, handle)
 	if err != nil {
 		return err
 	}
 
-	closeChannels(context.channels)
+	closeChannels(callbackContext.channels)
 
 	callbackMapLock.Lock()
-	callbackMap[callbackNumber] = nil
+	delete(callbackMap, callbackNumber)
 	callbackMapLock.Unlock()
 
-	handle = 0
+	handle = 0 //nolint:ineffassign
 
 	return nil
 }
 
-// Modifies the System by sending a request to HCS
-func (computeSystem *System) Modify(config interface{}) error {
+// Modify the System by sending a request to HCS
+func (computeSystem *System) Modify(ctx context.Context, config interface{}) error {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
-	title := "hcsshim::Modify ID=" + computeSystem.id
+
+	operation := "hcs::System::Modify"
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Modify", "", ErrAlreadyClosed, nil)
+		return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
 	}
 
-	requestJSON, err := json.Marshal(config)
+	requestBytes, err := json.Marshal(config)
 	if err != nil {
 		return err
 	}
 
-	requestString := string(requestJSON)
-	logrus.Debugf(title + " " + requestString)
-
-	var resultp *uint16
-	completed := false
-	go syscallWatcher(fmt.Sprintf("ModifyComputeSystem %s: %s", computeSystem.ID(), requestString), &completed)
-	err = hcsModifyComputeSystem(computeSystem.handle, requestString, &resultp)
-	completed = true
-	events := processHcsResult(resultp)
+	requestJSON := string(requestBytes)
+	resultJSON, err := vmcompute.HcsModifyComputeSystem(ctx, computeSystem.handle, requestJSON)
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
-		return makeSystemError(computeSystem, "Modify", requestString, err, events)
+		return makeSystemError(computeSystem, operation, err, events)
 	}
-	logrus.Debugf(title + " succeeded ")
+
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go
index a638677ed5afb..3342e5bb94868 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go
@@ -1,10 +1,15 @@
 package hcs
 
 import (
+	"context"
 	"io"
 	"syscall"
 
 	"github.com/Microsoft/go-winio"
+	diskutil "github.com/Microsoft/go-winio/vhd"
+	"github.com/Microsoft/hcsshim/computestorage"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/windows"
 )
 
 // makeOpenFiles calls winio.MakeOpenFile for each handle in a slice but closes all the handles
@@ -31,3 +36,27 @@ func makeOpenFiles(hs []syscall.Handle) (_ []io.ReadWriteCloser, err error) {
 	}
 	return fs, nil
 }
+
+// CreateNTFSVHD creates a VHD formatted with NTFS of size `sizeGB` at the given `vhdPath`.
+func CreateNTFSVHD(ctx context.Context, vhdPath string, sizeGB uint32) (err error) {
+	if err := diskutil.CreateVhdx(vhdPath, sizeGB, 1); err != nil {
+		return errors.Wrap(err, "failed to create VHD")
+	}
+
+	vhd, err := diskutil.OpenVirtualDisk(vhdPath, diskutil.VirtualDiskAccessNone, diskutil.OpenVirtualDiskFlagNone)
+	if err != nil {
+		return errors.Wrap(err, "failed to open VHD")
+	}
+	defer func() {
+		err2 := windows.CloseHandle(windows.Handle(vhd))
+		if err == nil {
+			err = errors.Wrap(err2, "failed to close VHD")
+		}
+	}()
+
+	if err := computestorage.FormatWritableLayerVhd(ctx, windows.Handle(vhd)); err != nil {
+		return errors.Wrap(err, "failed to format VHD")
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go
index 91e212c574829..db4e14fdfb29e 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go
@@ -1,28 +1,34 @@
 package hcs
 
 import (
+	"context"
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/log"
 )
 
-func processAsyncHcsResult(err error, resultp *uint16, callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) ([]ErrorEvent, error) {
-	events := processHcsResult(resultp)
+func processAsyncHcsResult(ctx context.Context, err error, resultJSON string, callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) ([]ErrorEvent, error) {
+	events := processHcsResult(ctx, resultJSON)
 	if IsPending(err) {
-		return nil, waitForNotification(callbackNumber, expectedNotification, timeout)
+		return nil, waitForNotification(ctx, callbackNumber, expectedNotification, timeout)
 	}
 
 	return events, err
 }
 
-func waitForNotification(callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) error {
+func waitForNotification(ctx context.Context, callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) error {
 	callbackMapLock.RLock()
+	if _, ok := callbackMap[callbackNumber]; !ok {
+		callbackMapLock.RUnlock()
+		log.G(ctx).WithField("callbackNumber", callbackNumber).Error("failed to waitForNotification: callbackNumber does not exist in callbackMap")
+		return ErrHandleClose
+	}
 	channels := callbackMap[callbackNumber].channels
 	callbackMapLock.RUnlock()
 
 	expectedChannel := channels[expectedNotification]
 	if expectedChannel == nil {
-		logrus.Errorf("unknown notification type in waitForNotification %x", expectedNotification)
+		log.G(ctx).WithField("type", expectedNotification).Error("unknown notification type in waitForNotification")
 		return ErrInvalidNotificationType
 	}
 
@@ -59,5 +65,4 @@ func waitForNotification(callbackNumber uintptr, expectedNotification hcsNotific
 	case <-c:
 		return ErrTimeout
 	}
-	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/watcher.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/watcher.go
deleted file mode 100644
index 6b94bc9ff8172..0000000000000
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/watcher.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package hcs
-
-import (
-	"time"
-
-	"github.com/Microsoft/hcsshim/internal/timeout"
-	"github.com/sirupsen/logrus"
-)
-
-// syscallWatcher is used as a very simple goroutine around calls into
-// the platform. In some cases, we have seen HCS APIs not returning due to
-// various bugs, and the goroutine making the syscall ends up not returning,
-// prior to its async callback. By spinning up a syscallWatcher, it allows
-// us to at least log a warning if a syscall doesn't complete in a reasonable
-// amount of time.
-//
-// Usage is:
-//
-// completed := false
-// go syscallWatcher("some description", &completed)
-// <syscall>
-// completed = true
-//
-func syscallWatcher(description string, syscallCompleted *bool) {
-	time.Sleep(timeout.SyscallWatcher)
-	if *syscallCompleted {
-		return
-	}
-	logrus.Warnf("%s: Did not complete within %s. This may indicate a platform issue. If it appears to be making no forward progress, obtain the stacks and see is there is a syscall stuck in the platform API for a significant length of time.", description, timeout.SyscallWatcher)
-}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/zsyscall_windows.go
deleted file mode 100644
index 48d5cd32b99fe..0000000000000
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/zsyscall_windows.go
+++ /dev/null
@@ -1,441 +0,0 @@
-// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
-
-package hcs
-
-import (
-	"syscall"
-	"unsafe"
-
-	"github.com/Microsoft/hcsshim/internal/interop"
-	"golang.org/x/sys/windows"
-)
-
-var _ unsafe.Pointer
-
-// Do the interface allocations only once for common
-// Errno values.
-const (
-	errnoERROR_IO_PENDING = 997
-)
-
-var (
-	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
-)
-
-// errnoErr returns common boxed Errno values, to prevent
-// allocations at runtime.
-func errnoErr(e syscall.Errno) error {
-	switch e {
-	case 0:
-		return nil
-	case errnoERROR_IO_PENDING:
-		return errERROR_IO_PENDING
-	}
-	// TODO: add more here, after collecting data on the common
-	// error values see on Windows. (perhaps when running
-	// all.bat?)
-	return e
-}
-
-var (
-	modvmcompute = windows.NewLazySystemDLL("vmcompute.dll")
-
-	procHcsEnumerateComputeSystems         = modvmcompute.NewProc("HcsEnumerateComputeSystems")
-	procHcsCreateComputeSystem             = modvmcompute.NewProc("HcsCreateComputeSystem")
-	procHcsOpenComputeSystem               = modvmcompute.NewProc("HcsOpenComputeSystem")
-	procHcsCloseComputeSystem              = modvmcompute.NewProc("HcsCloseComputeSystem")
-	procHcsStartComputeSystem              = modvmcompute.NewProc("HcsStartComputeSystem")
-	procHcsShutdownComputeSystem           = modvmcompute.NewProc("HcsShutdownComputeSystem")
-	procHcsTerminateComputeSystem          = modvmcompute.NewProc("HcsTerminateComputeSystem")
-	procHcsPauseComputeSystem              = modvmcompute.NewProc("HcsPauseComputeSystem")
-	procHcsResumeComputeSystem             = modvmcompute.NewProc("HcsResumeComputeSystem")
-	procHcsGetComputeSystemProperties      = modvmcompute.NewProc("HcsGetComputeSystemProperties")
-	procHcsModifyComputeSystem             = modvmcompute.NewProc("HcsModifyComputeSystem")
-	procHcsRegisterComputeSystemCallback   = modvmcompute.NewProc("HcsRegisterComputeSystemCallback")
-	procHcsUnregisterComputeSystemCallback = modvmcompute.NewProc("HcsUnregisterComputeSystemCallback")
-	procHcsCreateProcess                   = modvmcompute.NewProc("HcsCreateProcess")
-	procHcsOpenProcess                     = modvmcompute.NewProc("HcsOpenProcess")
-	procHcsCloseProcess                    = modvmcompute.NewProc("HcsCloseProcess")
-	procHcsTerminateProcess                = modvmcompute.NewProc("HcsTerminateProcess")
-	procHcsGetProcessInfo                  = modvmcompute.NewProc("HcsGetProcessInfo")
-	procHcsGetProcessProperties            = modvmcompute.NewProc("HcsGetProcessProperties")
-	procHcsModifyProcess                   = modvmcompute.NewProc("HcsModifyProcess")
-	procHcsGetServiceProperties            = modvmcompute.NewProc("HcsGetServiceProperties")
-	procHcsRegisterProcessCallback         = modvmcompute.NewProc("HcsRegisterProcessCallback")
-	procHcsUnregisterProcessCallback       = modvmcompute.NewProc("HcsUnregisterProcessCallback")
-)
-
-func hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(query)
-	if hr != nil {
-		return
-	}
-	return _hcsEnumerateComputeSystems(_p0, computeSystems, result)
-}
-
-func _hcsEnumerateComputeSystems(query *uint16, computeSystems **uint16, result **uint16) (hr error) {
-	if hr = procHcsEnumerateComputeSystems.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsEnumerateComputeSystems.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(computeSystems)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *hcsSystem, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(id)
-	if hr != nil {
-		return
-	}
-	var _p1 *uint16
-	_p1, hr = syscall.UTF16PtrFromString(configuration)
-	if hr != nil {
-		return
-	}
-	return _hcsCreateComputeSystem(_p0, _p1, identity, computeSystem, result)
-}
-
-func _hcsCreateComputeSystem(id *uint16, configuration *uint16, identity syscall.Handle, computeSystem *hcsSystem, result **uint16) (hr error) {
-	if hr = procHcsCreateComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procHcsCreateComputeSystem.Addr(), 5, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(configuration)), uintptr(identity), uintptr(unsafe.Pointer(computeSystem)), uintptr(unsafe.Pointer(result)), 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsOpenComputeSystem(id string, computeSystem *hcsSystem, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(id)
-	if hr != nil {
-		return
-	}
-	return _hcsOpenComputeSystem(_p0, computeSystem, result)
-}
-
-func _hcsOpenComputeSystem(id *uint16, computeSystem *hcsSystem, result **uint16) (hr error) {
-	if hr = procHcsOpenComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsOpenComputeSystem.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(computeSystem)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsCloseComputeSystem(computeSystem hcsSystem) (hr error) {
-	if hr = procHcsCloseComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsCloseComputeSystem.Addr(), 1, uintptr(computeSystem), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsStartComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(options)
-	if hr != nil {
-		return
-	}
-	return _hcsStartComputeSystem(computeSystem, _p0, result)
-}
-
-func _hcsStartComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
-	if hr = procHcsStartComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsStartComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsShutdownComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(options)
-	if hr != nil {
-		return
-	}
-	return _hcsShutdownComputeSystem(computeSystem, _p0, result)
-}
-
-func _hcsShutdownComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
-	if hr = procHcsShutdownComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsShutdownComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsTerminateComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(options)
-	if hr != nil {
-		return
-	}
-	return _hcsTerminateComputeSystem(computeSystem, _p0, result)
-}
-
-func _hcsTerminateComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
-	if hr = procHcsTerminateComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsTerminateComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsPauseComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(options)
-	if hr != nil {
-		return
-	}
-	return _hcsPauseComputeSystem(computeSystem, _p0, result)
-}
-
-func _hcsPauseComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
-	if hr = procHcsPauseComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsPauseComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsResumeComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(options)
-	if hr != nil {
-		return
-	}
-	return _hcsResumeComputeSystem(computeSystem, _p0, result)
-}
-
-func _hcsResumeComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
-	if hr = procHcsResumeComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsResumeComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(propertyQuery)
-	if hr != nil {
-		return
-	}
-	return _hcsGetComputeSystemProperties(computeSystem, _p0, properties, result)
-}
-
-func _hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery *uint16, properties **uint16, result **uint16) (hr error) {
-	if hr = procHcsGetComputeSystemProperties.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procHcsGetComputeSystemProperties.Addr(), 4, uintptr(computeSystem), uintptr(unsafe.Pointer(propertyQuery)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsModifyComputeSystem(computeSystem hcsSystem, configuration string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(configuration)
-	if hr != nil {
-		return
-	}
-	return _hcsModifyComputeSystem(computeSystem, _p0, result)
-}
-
-func _hcsModifyComputeSystem(computeSystem hcsSystem, configuration *uint16, result **uint16) (hr error) {
-	if hr = procHcsModifyComputeSystem.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsModifyComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(configuration)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsRegisterComputeSystemCallback(computeSystem hcsSystem, callback uintptr, context uintptr, callbackHandle *hcsCallback) (hr error) {
-	if hr = procHcsRegisterComputeSystemCallback.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procHcsRegisterComputeSystemCallback.Addr(), 4, uintptr(computeSystem), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsUnregisterComputeSystemCallback(callbackHandle hcsCallback) (hr error) {
-	if hr = procHcsUnregisterComputeSystemCallback.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsUnregisterComputeSystemCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsCreateProcess(computeSystem hcsSystem, processParameters string, processInformation *hcsProcessInformation, process *hcsProcess, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(processParameters)
-	if hr != nil {
-		return
-	}
-	return _hcsCreateProcess(computeSystem, _p0, processInformation, process, result)
-}
-
-func _hcsCreateProcess(computeSystem hcsSystem, processParameters *uint16, processInformation *hcsProcessInformation, process *hcsProcess, result **uint16) (hr error) {
-	if hr = procHcsCreateProcess.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procHcsCreateProcess.Addr(), 5, uintptr(computeSystem), uintptr(unsafe.Pointer(processParameters)), uintptr(unsafe.Pointer(processInformation)), uintptr(unsafe.Pointer(process)), uintptr(unsafe.Pointer(result)), 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsOpenProcess(computeSystem hcsSystem, pid uint32, process *hcsProcess, result **uint16) (hr error) {
-	if hr = procHcsOpenProcess.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procHcsOpenProcess.Addr(), 4, uintptr(computeSystem), uintptr(pid), uintptr(unsafe.Pointer(process)), uintptr(unsafe.Pointer(result)), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsCloseProcess(process hcsProcess) (hr error) {
-	if hr = procHcsCloseProcess.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsCloseProcess.Addr(), 1, uintptr(process), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsTerminateProcess(process hcsProcess, result **uint16) (hr error) {
-	if hr = procHcsTerminateProcess.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsTerminateProcess.Addr(), 2, uintptr(process), uintptr(unsafe.Pointer(result)), 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsGetProcessInfo(process hcsProcess, processInformation *hcsProcessInformation, result **uint16) (hr error) {
-	if hr = procHcsGetProcessInfo.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsGetProcessInfo.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(processInformation)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsGetProcessProperties(process hcsProcess, processProperties **uint16, result **uint16) (hr error) {
-	if hr = procHcsGetProcessProperties.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsGetProcessProperties.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(processProperties)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsModifyProcess(process hcsProcess, settings string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(settings)
-	if hr != nil {
-		return
-	}
-	return _hcsModifyProcess(process, _p0, result)
-}
-
-func _hcsModifyProcess(process hcsProcess, settings *uint16, result **uint16) (hr error) {
-	if hr = procHcsModifyProcess.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsModifyProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsGetServiceProperties(propertyQuery string, properties **uint16, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(propertyQuery)
-	if hr != nil {
-		return
-	}
-	return _hcsGetServiceProperties(_p0, properties, result)
-}
-
-func _hcsGetServiceProperties(propertyQuery *uint16, properties **uint16, result **uint16) (hr error) {
-	if hr = procHcsGetServiceProperties.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsGetServiceProperties.Addr(), 3, uintptr(unsafe.Pointer(propertyQuery)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsRegisterProcessCallback(process hcsProcess, callback uintptr, context uintptr, callbackHandle *hcsCallback) (hr error) {
-	if hr = procHcsRegisterProcessCallback.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procHcsRegisterProcessCallback.Addr(), 4, uintptr(process), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func hcsUnregisterProcessCallback(callbackHandle hcsCallback) (hr error) {
-	if hr = procHcsUnregisterProcessCallback.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsUnregisterProcessCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go
index c8d362c66cba4..921c2c8556c2f 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go
@@ -36,10 +36,6 @@ func New(err error, title, rest string) error {
 	return &HcsError{title, rest, err}
 }
 
-func Errorf(err error, title, format string, a ...interface{}) error {
-	return New(err, title, fmt.Sprintf(format, a...))
-}
-
 func Win32FromError(err error) uint32 {
 	if herr, ok := err.(*HcsError); ok {
 		return Win32FromError(herr.Err)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go
index ce636458c0065..262714b4d0f4c 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go
@@ -3,6 +3,7 @@ package hns
 import (
 	"encoding/json"
 	"net"
+	"strings"
 
 	"github.com/sirupsen/logrus"
 )
@@ -16,14 +17,20 @@ type HNSEndpoint struct {
 	Policies           []json.RawMessage `json:",omitempty"`
 	MacAddress         string            `json:",omitempty"`
 	IPAddress          net.IP            `json:",omitempty"`
+	IPv6Address        net.IP            `json:",omitempty"`
 	DNSSuffix          string            `json:",omitempty"`
 	DNSServerList      string            `json:",omitempty"`
 	GatewayAddress     string            `json:",omitempty"`
+	GatewayAddressV6   string            `json:",omitempty"`
 	EnableInternalDNS  bool              `json:",omitempty"`
 	DisableICC         bool              `json:",omitempty"`
 	PrefixLength       uint8             `json:",omitempty"`
+	IPv6PrefixLength   uint8             `json:",omitempty"`
 	IsRemoteEndpoint   bool              `json:",omitempty"`
+	EnableLowMetric    bool              `json:",omitempty"`
 	Namespace          *Namespace        `json:",omitempty"`
+	EncapOverhead      uint16            `json:",omitempty"`
+	SharedContainers   []string          `json:",omitempty"`
 }
 
 //SystemType represents the type of the system on which actions are done
@@ -51,6 +58,18 @@ type EndpointResquestResponse struct {
 	Error   string
 }
 
+// EndpointStats is the object that has stats for a given endpoint
+type EndpointStats struct {
+	BytesReceived          uint64 `json:"BytesReceived"`
+	BytesSent              uint64 `json:"BytesSent"`
+	DroppedPacketsIncoming uint64 `json:"DroppedPacketsIncoming"`
+	DroppedPacketsOutgoing uint64 `json:"DroppedPacketsOutgoing"`
+	EndpointID             string `json:"EndpointId"`
+	InstanceID             string `json:"InstanceId"`
+	PacketsReceived        uint64 `json:"PacketsReceived"`
+	PacketsSent            uint64 `json:"PacketsSent"`
+}
+
 // HNSEndpointRequest makes a HNS call to modify/query a network endpoint
 func HNSEndpointRequest(method, path, request string) (*HNSEndpoint, error) {
 	endpoint := &HNSEndpoint{}
@@ -73,11 +92,27 @@ func HNSListEndpointRequest() ([]HNSEndpoint, error) {
 	return endpoint, nil
 }
 
+// hnsEndpointStatsRequest makes a HNS call to query the stats for a given endpoint ID
+func hnsEndpointStatsRequest(id string) (*EndpointStats, error) {
+	var stats EndpointStats
+	err := hnsCall("GET", "/endpointstats/"+id, "", &stats)
+	if err != nil {
+		return nil, err
+	}
+
+	return &stats, nil
+}
+
 // GetHNSEndpointByID get the Endpoint by ID
 func GetHNSEndpointByID(endpointID string) (*HNSEndpoint, error) {
 	return HNSEndpointRequest("GET", endpointID, "")
 }
 
+// GetHNSEndpointStats get the stats for a n Endpoint by ID
+func GetHNSEndpointStats(endpointID string) (*EndpointStats, error) {
+	return hnsEndpointStatsRequest(endpointID)
+}
+
 // GetHNSEndpointByName gets the endpoint filtered by Name
 func GetHNSEndpointByName(endpointName string) (*HNSEndpoint, error) {
 	hnsResponse, err := HNSListEndpointRequest()
@@ -92,6 +127,27 @@ func GetHNSEndpointByName(endpointName string) (*HNSEndpoint, error) {
 	return nil, EndpointNotFoundError{EndpointName: endpointName}
 }
 
+type endpointAttachInfo struct {
+	SharedContainers json.RawMessage `json:",omitempty"`
+}
+
+func (endpoint *HNSEndpoint) IsAttached(vID string) (bool, error) {
+	attachInfo := endpointAttachInfo{}
+	err := hnsCall("GET", "/endpoints/"+endpoint.Id, "", &attachInfo)
+
+	// Return false allows us to just return the err
+	if err != nil {
+		return false, err
+	}
+
+	if strings.Contains(strings.ToLower(string(attachInfo.SharedContainers)), strings.ToLower(vID)) {
+		return true, nil
+	}
+
+	return false, nil
+
+}
+
 // Create Endpoint by sending EndpointRequest to HNS. TODO: Create a separate HNS interface to place all these methods
 func (endpoint *HNSEndpoint) Create() (*HNSEndpoint, error) {
 	operation := "Create"
@@ -149,6 +205,27 @@ func (endpoint *HNSEndpoint) ApplyACLPolicy(policies ...*ACLPolicy) error {
 	return err
 }
 
+// ApplyProxyPolicy applies a set of Proxy Policies on the Endpoint
+func (endpoint *HNSEndpoint) ApplyProxyPolicy(policies ...*ProxyPolicy) error {
+	operation := "ApplyProxyPolicy"
+	title := "hcsshim::HNSEndpoint::" + operation
+	logrus.Debugf(title+" id=%s", endpoint.Id)
+
+	for _, policy := range policies {
+		if policy == nil {
+			continue
+		}
+		jsonString, err := json.Marshal(policy)
+		if err != nil {
+			return err
+		}
+		endpoint.Policies = append(endpoint.Policies, jsonString)
+	}
+
+	_, err := endpoint.Update()
+	return err
+}
+
 // ContainerAttach attaches an endpoint to container
 func (endpoint *HNSEndpoint) ContainerAttach(containerID string, compartmentID uint16) error {
 	operation := "ContainerAttach"
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go
index 969d1b263bcbe..2df4a57f56c71 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go
@@ -9,23 +9,30 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func hnsCall(method, path, request string, returnResponse interface{}) error {
+func hnsCallRawResponse(method, path, request string) (*hnsResponse, error) {
 	var responseBuffer *uint16
 	logrus.Debugf("[%s]=>[%s] Request : %s", method, path, request)
 
 	err := _hnsCall(method, path, request, &responseBuffer)
 	if err != nil {
-		return hcserror.New(err, "hnsCall ", "")
+		return nil, hcserror.New(err, "hnsCall ", "")
 	}
 	response := interop.ConvertAndFreeCoTaskMemString(responseBuffer)
 
 	hnsresponse := &hnsResponse{}
 	if err = json.Unmarshal([]byte(response), &hnsresponse); err != nil {
-		return err
+		return nil, err
 	}
+	return hnsresponse, nil
+}
 
+func hnsCall(method, path, request string, returnResponse interface{}) error {
+	hnsresponse, err := hnsCallRawResponse(method, path, request)
+	if err != nil {
+		return fmt.Errorf("failed during hnsCallRawResponse: %v", err)
+	}
 	if !hnsresponse.Success {
-		return fmt.Errorf("HNS failed with error : %s", hnsresponse.Error)
+		return fmt.Errorf("hns failed with error : %s", hnsresponse.Error)
 	}
 
 	if len(hnsresponse.Output) == 0 {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go
index 7e859de9124b3..f12d3ab0411a6 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go
@@ -2,9 +2,9 @@ package hns
 
 import (
 	"encoding/json"
-	"net"
-
+	"errors"
 	"github.com/sirupsen/logrus"
+	"net"
 )
 
 // Subnet is assoicated with a network and represents a list
@@ -39,12 +39,6 @@ type HNSNetwork struct {
 	AutomaticDNS         bool              `json:",omitempty"`
 }
 
-type hnsNetworkResponse struct {
-	Success bool
-	Error   string
-	Output  HNSNetwork
-}
-
 type hnsResponse struct {
 	Success bool
 	Error   string
@@ -98,6 +92,12 @@ func (network *HNSNetwork) Create() (*HNSNetwork, error) {
 	title := "hcsshim::HNSNetwork::" + operation
 	logrus.Debugf(title+" id=%s", network.Id)
 
+	for _, subnet := range network.Subnets {
+		if (subnet.AddressPrefix != "") && (subnet.GatewayAddress == "") {
+			return nil, errors.New("network create error, subnet has address prefix but no gateway specified")
+		}
+	}
+
 	jsonString, err := json.Marshal(network)
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go
index 2318a4fce2b67..6765aaead5eee 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go
@@ -17,6 +17,7 @@ const (
 	OutboundNat          PolicyType = "OutBoundNAT"
 	ExternalLoadBalancer PolicyType = "ELB"
 	Route                PolicyType = "ROUTE"
+	Proxy                PolicyType = "PROXY"
 )
 
 type NatPolicy struct {
@@ -55,8 +56,18 @@ type PaPolicy struct {
 
 type OutboundNatPolicy struct {
 	Policy
-	VIP        string   `json:"VIP,omitempty"`
-	Exceptions []string `json:"ExceptionList,omitempty"`
+	VIP          string   `json:"VIP,omitempty"`
+	Exceptions   []string `json:"ExceptionList,omitempty"`
+	Destinations []string `json:",omitempty"`
+}
+
+type ProxyPolicy struct {
+	Type          PolicyType `json:"Type"`
+	IP            string     `json:",omitempty"`
+	Port          string     `json:",omitempty"`
+	ExceptionList []string   `json:",omitempty"`
+	Destination   string     `json:",omitempty"`
+	OutboundNat   bool       `json:",omitempty"`
 }
 
 type ActionType string
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go
index ff7369e6ff9d3..31322a68167c5 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go
@@ -20,6 +20,7 @@ type ELBPolicy struct {
 	SourceVIP string   `json:"SourceVIP,omitempty"`
 	VIPs      []string `json:"VIPs,omitempty"`
 	ILB       bool     `json:"ILB,omitempty"`
+	DSR       bool     `json:"IsDSR,omitempty"`
 }
 
 // LBPolicy is a structure defining schema for LoadBalancing based Policy
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go
index 45e2281b07810..d3b04eefe0cd6 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go
@@ -27,9 +27,10 @@ type namespaceResourceRequest struct {
 }
 
 type Namespace struct {
-	ID           string
-	IsDefault    bool                `json:",omitempty"`
-	ResourceList []NamespaceResource `json:",omitempty"`
+	ID            string
+	IsDefault     bool                `json:",omitempty"`
+	ResourceList  []NamespaceResource `json:",omitempty"`
+	CompartmentId uint32              `json:",omitempty"`
 }
 
 func issueNamespaceRequest(id *string, method, subpath string, request interface{}) (*Namespace, error) {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go
index 863e3429c7804..204633a4887d7 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go
@@ -1,4 +1,4 @@
-// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
+// Code generated mksyscall_windows.exe DO NOT EDIT
 
 package hns
 
@@ -6,7 +6,6 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
 	"golang.org/x/sys/windows"
 )
 
@@ -68,7 +67,10 @@ func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16)
 	}
 	r0, _, _ := syscall.Syscall6(procHNSCall.Addr(), 4, uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go b/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go
index f10c88d08cb0d..922f7c679e063 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go
@@ -5,9 +5,9 @@ import (
 	"unsafe"
 )
 
-//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go interop.go
+//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go interop.go
 
-//sys coTaskMemFree(buffer unsafe.Pointer) = ole32.CoTaskMemFree
+//sys coTaskMemFree(buffer unsafe.Pointer) = api_ms_win_core_com_l1_1_0.CoTaskMemFree
 
 func ConvertAndFreeCoTaskMemString(buffer *uint16) string {
 	str := syscall.UTF16ToString((*[1 << 29]uint16)(unsafe.Pointer(buffer))[:])
@@ -15,10 +15,6 @@ func ConvertAndFreeCoTaskMemString(buffer *uint16) string {
 	return str
 }
 
-func ConvertAndFreeCoTaskMemBytes(buffer *uint16) []byte {
-	return []byte(ConvertAndFreeCoTaskMemString(buffer))
-}
-
 func Win32FromHresult(hr uintptr) syscall.Errno {
 	if hr&0x1fff0000 == 0x00070000 {
 		return syscall.Errno(hr & 0xffff)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go
index 2f5bf8f555bb4..12b0c71c5ae0e 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go
@@ -1,4 +1,4 @@
-// Code generated by 'go generate'; DO NOT EDIT.
+// Code generated mksyscall_windows.exe DO NOT EDIT
 
 package interop
 
@@ -37,9 +37,9 @@ func errnoErr(e syscall.Errno) error {
 }
 
 var (
-	modole32 = windows.NewLazySystemDLL("ole32.dll")
+	modapi_ms_win_core_com_l1_1_0 = windows.NewLazySystemDLL("api-ms-win-core-com-l1-1-0.dll")
 
-	procCoTaskMemFree = modole32.NewProc("CoTaskMemFree")
+	procCoTaskMemFree = modapi_ms_win_core_com_l1_1_0.NewProc("CoTaskMemFree")
 )
 
 func coTaskMemFree(buffer unsafe.Pointer) {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/g.go b/vendor/github.com/Microsoft/hcsshim/internal/log/g.go
new file mode 100644
index 0000000000000..ba6b1a4a53a7a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/g.go
@@ -0,0 +1,23 @@
+package log
+
+import (
+	"context"
+
+	"github.com/sirupsen/logrus"
+	"go.opencensus.io/trace"
+)
+
+// G returns a `logrus.Entry` with the `TraceID, SpanID` from `ctx` if `ctx`
+// contains an OpenCensus `trace.Span`.
+func G(ctx context.Context) *logrus.Entry {
+	span := trace.FromContext(ctx)
+	if span != nil {
+		sctx := span.SpanContext()
+		return logrus.WithFields(logrus.Fields{
+			"traceID": sctx.TraceID.String(),
+			"spanID":  sctx.SpanID.String(),
+			// "parentSpanID": TODO: JTERRY75 - Try to convince OC to export this?
+		})
+	}
+	return logrus.NewEntry(logrus.StandardLogger())
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go b/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go
new file mode 100644
index 0000000000000..cf2c166d9b832
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go
@@ -0,0 +1,32 @@
+package logfields
+
+const (
+	// Identifiers
+
+	ContainerID = "cid"
+	UVMID       = "uvm-id"
+	ProcessID   = "pid"
+
+	// Common Misc
+
+	// Timeout represents an operation timeout.
+	Timeout = "timeout"
+	JSON    = "json"
+
+	// Keys/values
+
+	Field         = "field"
+	OCIAnnotation = "oci-annotation"
+	Value         = "value"
+
+	// Golang type's
+
+	ExpectedType = "expected-type"
+	Bool         = "bool"
+	Uint32       = "uint32"
+	Uint64       = "uint64"
+
+	// runhcs
+
+	VMShimOperation = "vmshim-op"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go b/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go
new file mode 100644
index 0000000000000..f428bdaf720e8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go
@@ -0,0 +1,43 @@
+package oc
+
+import (
+	"github.com/sirupsen/logrus"
+	"go.opencensus.io/trace"
+)
+
+var _ = (trace.Exporter)(&LogrusExporter{})
+
+// LogrusExporter is an OpenCensus `trace.Exporter` that exports
+// `trace.SpanData` to logrus output.
+type LogrusExporter struct {
+}
+
+// ExportSpan exports `s` based on the the following rules:
+//
+// 1. All output will contain `s.Attributes`, `s.TraceID`, `s.SpanID`,
+// `s.ParentSpanID` for correlation
+//
+// 2. Any calls to .Annotate will not be supported.
+//
+// 3. The span itself will be written at `logrus.InfoLevel` unless
+// `s.Status.Code != 0` in which case it will be written at `logrus.ErrorLevel`
+// providing `s.Status.Message` as the error value.
+func (le *LogrusExporter) ExportSpan(s *trace.SpanData) {
+	// Combine all span annotations with traceID, spanID, parentSpanID
+	baseEntry := logrus.WithFields(logrus.Fields(s.Attributes))
+	baseEntry.Data["traceID"] = s.TraceID.String()
+	baseEntry.Data["spanID"] = s.SpanID.String()
+	baseEntry.Data["parentSpanID"] = s.ParentSpanID.String()
+	baseEntry.Data["startTime"] = s.StartTime
+	baseEntry.Data["endTime"] = s.EndTime
+	baseEntry.Data["duration"] = s.EndTime.Sub(s.StartTime).String()
+	baseEntry.Data["name"] = s.Name
+	baseEntry.Time = s.StartTime
+
+	level := logrus.InfoLevel
+	if s.Status.Code != 0 {
+		level = logrus.ErrorLevel
+		baseEntry.Data[logrus.ErrorKey] = s.Status.Message
+	}
+	baseEntry.Log(level, "Span")
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go b/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go
new file mode 100644
index 0000000000000..fee4765cbc49d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go
@@ -0,0 +1,17 @@
+package oc
+
+import (
+	"go.opencensus.io/trace"
+)
+
+// SetSpanStatus sets `span.SetStatus` to the proper status depending on `err`. If
+// `err` is `nil` assumes `trace.StatusCodeOk`.
+func SetSpanStatus(span *trace.Span, err error) {
+	status := trace.Status{}
+	if err != nil {
+		// TODO: JTERRY75 - Handle errors in a non-generic way
+		status.Code = trace.StatusCodeUnknown
+		status.Message = err.Error()
+	}
+	span.SetStatus(status)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go b/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go
index 0c0b1159f284d..66b8d7e03537f 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go
@@ -11,72 +11,11 @@ import (
 	"unsafe"
 
 	"github.com/Microsoft/hcsshim/internal/longpath"
+	"github.com/Microsoft/hcsshim/internal/winapi"
 
 	winio "github.com/Microsoft/go-winio"
 )
 
-//go:generate go run $GOROOT\src\syscall\mksyscall_windows.go -output zsyscall_windows.go safeopen.go
-
-//sys ntCreateFile(handle *uintptr, accessMask uint32, oa *objectAttributes, iosb *ioStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) = ntdll.NtCreateFile
-//sys ntSetInformationFile(handle uintptr, iosb *ioStatusBlock, information uintptr, length uint32, class uint32) (status uint32) = ntdll.NtSetInformationFile
-//sys rtlNtStatusToDosError(status uint32) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb
-//sys localAlloc(flags uint32, size int) (ptr uintptr) = kernel32.LocalAlloc
-//sys localFree(ptr uintptr) = kernel32.LocalFree
-
-type ioStatusBlock struct {
-	Status, Information uintptr
-}
-
-type objectAttributes struct {
-	Length             uintptr
-	RootDirectory      uintptr
-	ObjectName         uintptr
-	Attributes         uintptr
-	SecurityDescriptor uintptr
-	SecurityQoS        uintptr
-}
-
-type unicodeString struct {
-	Length        uint16
-	MaximumLength uint16
-	Buffer        uintptr
-}
-
-type fileLinkInformation struct {
-	ReplaceIfExists bool
-	RootDirectory   uintptr
-	FileNameLength  uint32
-	FileName        [1]uint16
-}
-
-type fileDispositionInformationEx struct {
-	Flags uintptr
-}
-
-const (
-	_FileLinkInformation          = 11
-	_FileDispositionInformationEx = 64
-
-	FILE_READ_ATTRIBUTES  = 0x0080
-	FILE_WRITE_ATTRIBUTES = 0x0100
-	DELETE                = 0x10000
-
-	FILE_OPEN   = 1
-	FILE_CREATE = 2
-
-	FILE_DIRECTORY_FILE          = 0x00000001
-	FILE_SYNCHRONOUS_IO_NONALERT = 0x00000020
-	FILE_DELETE_ON_CLOSE         = 0x00001000
-	FILE_OPEN_FOR_BACKUP_INTENT  = 0x00004000
-	FILE_OPEN_REPARSE_POINT      = 0x00200000
-
-	FILE_DISPOSITION_DELETE = 0x00000001
-
-	_OBJ_DONT_REPARSE = 0x1000
-
-	_STATUS_REPARSE_POINT_ENCOUNTERED = 0xC000050B
-)
-
 func OpenRoot(path string) (*os.File, error) {
 	longpath, err := longpath.LongAbs(path)
 	if err != nil {
@@ -85,16 +24,24 @@ func OpenRoot(path string) (*os.File, error) {
 	return winio.OpenForBackup(longpath, syscall.GENERIC_READ, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, syscall.OPEN_EXISTING)
 }
 
-func ntRelativePath(path string) ([]uint16, error) {
+func cleanGoStringRelativePath(path string) (string, error) {
 	path = filepath.Clean(path)
-	if strings.Contains(":", path) {
+	if strings.Contains(path, ":") {
 		// Since alternate data streams must follow the file they
 		// are attached to, finding one here (out of order) is invalid.
-		return nil, errors.New("path contains invalid character `:`")
+		return "", errors.New("path contains invalid character `:`")
 	}
 	fspath := filepath.FromSlash(path)
 	if len(fspath) > 0 && fspath[0] == '\\' {
-		return nil, errors.New("expected relative path")
+		return "", errors.New("expected relative path")
+	}
+	return fspath, nil
+}
+
+func ntRelativePath(path string) ([]uint16, error) {
+	fspath, err := cleanGoStringRelativePath(path)
+	if err != nil {
+		return nil, err
 	}
 
 	path16 := utf16.Encode(([]rune)(fspath))
@@ -110,11 +57,11 @@ func ntRelativePath(path string) ([]uint16, error) {
 func openRelativeInternal(path string, root *os.File, accessMask uint32, shareFlags uint32, createDisposition uint32, flags uint32) (*os.File, error) {
 	var (
 		h    uintptr
-		iosb ioStatusBlock
-		oa   objectAttributes
+		iosb winapi.IOStatusBlock
+		oa   winapi.ObjectAttributes
 	)
 
-	path16, err := ntRelativePath(path)
+	cleanRelativePath, err := cleanGoStringRelativePath(path)
 	if err != nil {
 		return nil, err
 	}
@@ -123,20 +70,16 @@ func openRelativeInternal(path string, root *os.File, accessMask uint32, shareFl
 		return nil, errors.New("missing root directory")
 	}
 
-	upathBuffer := localAlloc(0, int(unsafe.Sizeof(unicodeString{}))+len(path16)*2)
-	defer localFree(upathBuffer)
-
-	upath := (*unicodeString)(unsafe.Pointer(upathBuffer))
-	upath.Length = uint16(len(path16) * 2)
-	upath.MaximumLength = upath.Length
-	upath.Buffer = upathBuffer + unsafe.Sizeof(*upath)
-	copy((*[32768]uint16)(unsafe.Pointer(upath.Buffer))[:], path16)
+	pathUnicode, err := winapi.NewUnicodeString(cleanRelativePath)
+	if err != nil {
+		return nil, err
+	}
 
 	oa.Length = unsafe.Sizeof(oa)
-	oa.ObjectName = upathBuffer
+	oa.ObjectName = pathUnicode
 	oa.RootDirectory = uintptr(root.Fd())
-	oa.Attributes = _OBJ_DONT_REPARSE
-	status := ntCreateFile(
+	oa.Attributes = winapi.OBJ_DONT_REPARSE
+	status := winapi.NtCreateFile(
 		&h,
 		accessMask|syscall.SYNCHRONIZE,
 		&oa,
@@ -145,12 +88,12 @@ func openRelativeInternal(path string, root *os.File, accessMask uint32, shareFl
 		0,
 		shareFlags,
 		createDisposition,
-		FILE_OPEN_FOR_BACKUP_INTENT|FILE_SYNCHRONOUS_IO_NONALERT|flags,
+		winapi.FILE_OPEN_FOR_BACKUP_INTENT|winapi.FILE_SYNCHRONOUS_IO_NONALERT|flags,
 		nil,
 		0,
 	)
 	if status != 0 {
-		return nil, rtlNtStatusToDosError(status)
+		return nil, winapi.RtlNtStatusToDosError(status)
 	}
 
 	fullPath, err := longpath.LongAbs(filepath.Join(root.Name(), path))
@@ -182,7 +125,7 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os.
 		oldroot,
 		syscall.FILE_WRITE_ATTRIBUTES,
 		syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
-		FILE_OPEN,
+		winapi.FILE_OPEN,
 		0,
 	)
 	if err != nil {
@@ -199,8 +142,8 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os.
 			newroot,
 			syscall.GENERIC_READ,
 			syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
-			FILE_OPEN,
-			FILE_DIRECTORY_FILE)
+			winapi.FILE_OPEN,
+			winapi.FILE_DIRECTORY_FILE)
 		if err != nil {
 			return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: err}
 		}
@@ -211,7 +154,7 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os.
 			return err
 		}
 		if (fi.FileAttributes & syscall.FILE_ATTRIBUTE_REPARSE_POINT) != 0 {
-			return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: rtlNtStatusToDosError(_STATUS_REPARSE_POINT_ENCOUNTERED)}
+			return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: winapi.RtlNtStatusToDosError(winapi.STATUS_REPARSE_POINT_ENCOUNTERED)}
 		}
 
 	} else {
@@ -227,24 +170,25 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os.
 		return err
 	}
 
-	size := int(unsafe.Offsetof(fileLinkInformation{}.FileName)) + len(newbase16)*2
-	linkinfoBuffer := localAlloc(0, size)
-	defer localFree(linkinfoBuffer)
-	linkinfo := (*fileLinkInformation)(unsafe.Pointer(linkinfoBuffer))
+	size := int(unsafe.Offsetof(winapi.FileLinkInformation{}.FileName)) + len(newbase16)*2
+	linkinfoBuffer := winapi.LocalAlloc(0, size)
+	defer winapi.LocalFree(linkinfoBuffer)
+
+	linkinfo := (*winapi.FileLinkInformation)(unsafe.Pointer(linkinfoBuffer))
 	linkinfo.RootDirectory = parent.Fd()
 	linkinfo.FileNameLength = uint32(len(newbase16) * 2)
-	copy((*[32768]uint16)(unsafe.Pointer(&linkinfo.FileName[0]))[:], newbase16)
+	copy(winapi.Uint16BufferToSlice(&linkinfo.FileName[0], len(newbase16)), newbase16)
 
-	var iosb ioStatusBlock
-	status := ntSetInformationFile(
+	var iosb winapi.IOStatusBlock
+	status := winapi.NtSetInformationFile(
 		oldf.Fd(),
 		&iosb,
 		linkinfoBuffer,
 		uint32(size),
-		_FileLinkInformation,
+		winapi.FileLinkInformationClass,
 	)
 	if status != 0 {
-		return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(parent.Name(), newbase), Err: rtlNtStatusToDosError(status)}
+		return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(parent.Name(), newbase), Err: winapi.RtlNtStatusToDosError(status)}
 	}
 
 	return nil
@@ -252,17 +196,17 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os.
 
 // deleteOnClose marks a file to be deleted when the handle is closed.
 func deleteOnClose(f *os.File) error {
-	disposition := fileDispositionInformationEx{Flags: FILE_DISPOSITION_DELETE}
-	var iosb ioStatusBlock
-	status := ntSetInformationFile(
+	disposition := winapi.FileDispositionInformationEx{Flags: winapi.FILE_DISPOSITION_DELETE}
+	var iosb winapi.IOStatusBlock
+	status := winapi.NtSetInformationFile(
 		f.Fd(),
 		&iosb,
 		uintptr(unsafe.Pointer(&disposition)),
 		uint32(unsafe.Sizeof(disposition)),
-		_FileDispositionInformationEx,
+		winapi.FileDispositionInformationExClass,
 	)
 	if status != 0 {
-		return rtlNtStatusToDosError(status)
+		return winapi.RtlNtStatusToDosError(status)
 	}
 	return nil
 }
@@ -291,16 +235,16 @@ func RemoveRelative(path string, root *os.File) error {
 	f, err := openRelativeInternal(
 		path,
 		root,
-		FILE_READ_ATTRIBUTES|FILE_WRITE_ATTRIBUTES|DELETE,
+		winapi.FILE_READ_ATTRIBUTES|winapi.FILE_WRITE_ATTRIBUTES|winapi.DELETE,
 		syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
-		FILE_OPEN,
-		FILE_OPEN_REPARSE_POINT)
+		winapi.FILE_OPEN,
+		winapi.FILE_OPEN_REPARSE_POINT)
 	if err == nil {
 		defer f.Close()
 		err = deleteOnClose(f)
 		if err == syscall.ERROR_ACCESS_DENIED {
 			// Maybe the file is marked readonly. Clear the bit and retry.
-			clearReadOnly(f)
+			_ = clearReadOnly(f)
 			err = deleteOnClose(f)
 		}
 	}
@@ -385,8 +329,8 @@ func MkdirRelative(path string, root *os.File) error {
 		root,
 		0,
 		syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
-		FILE_CREATE,
-		FILE_DIRECTORY_FILE)
+		winapi.FILE_CREATE,
+		winapi.FILE_DIRECTORY_FILE)
 	if err == nil {
 		f.Close()
 	} else {
@@ -401,10 +345,10 @@ func LstatRelative(path string, root *os.File) (os.FileInfo, error) {
 	f, err := openRelativeInternal(
 		path,
 		root,
-		FILE_READ_ATTRIBUTES,
+		winapi.FILE_READ_ATTRIBUTES,
 		syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
-		FILE_OPEN,
-		FILE_OPEN_REPARSE_POINT)
+		winapi.FILE_OPEN,
+		winapi.FILE_OPEN_REPARSE_POINT)
 	if err != nil {
 		return nil, &os.PathError{Op: "stat", Path: filepath.Join(root.Name(), path), Err: err}
 	}
@@ -421,7 +365,7 @@ func EnsureNotReparsePointRelative(path string, root *os.File) error {
 		root,
 		0,
 		syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
-		FILE_OPEN,
+		winapi.FILE_OPEN,
 		0)
 	if err != nil {
 		return err
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/safefile/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/safefile/zsyscall_windows.go
deleted file mode 100644
index 709b9d3475d10..0000000000000
--- a/vendor/github.com/Microsoft/hcsshim/internal/safefile/zsyscall_windows.go
+++ /dev/null
@@ -1,79 +0,0 @@
-// Code generated by 'go generate'; DO NOT EDIT.
-
-package safefile
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-var _ unsafe.Pointer
-
-// Do the interface allocations only once for common
-// Errno values.
-const (
-	errnoERROR_IO_PENDING = 997
-)
-
-var (
-	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
-)
-
-// errnoErr returns common boxed Errno values, to prevent
-// allocations at runtime.
-func errnoErr(e syscall.Errno) error {
-	switch e {
-	case 0:
-		return nil
-	case errnoERROR_IO_PENDING:
-		return errERROR_IO_PENDING
-	}
-	// TODO: add more here, after collecting data on the common
-	// error values see on Windows. (perhaps when running
-	// all.bat?)
-	return e
-}
-
-var (
-	modntdll    = windows.NewLazySystemDLL("ntdll.dll")
-	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
-
-	procNtCreateFile               = modntdll.NewProc("NtCreateFile")
-	procNtSetInformationFile       = modntdll.NewProc("NtSetInformationFile")
-	procRtlNtStatusToDosErrorNoTeb = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
-	procLocalAlloc                 = modkernel32.NewProc("LocalAlloc")
-	procLocalFree                  = modkernel32.NewProc("LocalFree")
-)
-
-func ntCreateFile(handle *uintptr, accessMask uint32, oa *objectAttributes, iosb *ioStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) {
-	r0, _, _ := syscall.Syscall12(procNtCreateFile.Addr(), 11, uintptr(unsafe.Pointer(handle)), uintptr(accessMask), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(fileAttributes), uintptr(shareAccess), uintptr(createDisposition), uintptr(createOptions), uintptr(unsafe.Pointer(eaBuffer)), uintptr(eaLength), 0)
-	status = uint32(r0)
-	return
-}
-
-func ntSetInformationFile(handle uintptr, iosb *ioStatusBlock, information uintptr, length uint32, class uint32) (status uint32) {
-	r0, _, _ := syscall.Syscall6(procNtSetInformationFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(iosb)), uintptr(information), uintptr(length), uintptr(class), 0)
-	status = uint32(r0)
-	return
-}
-
-func rtlNtStatusToDosError(status uint32) (winerr error) {
-	r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(status), 0, 0)
-	if r0 != 0 {
-		winerr = syscall.Errno(r0)
-	}
-	return
-}
-
-func localAlloc(flags uint32, size int) (ptr uintptr) {
-	r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(flags), uintptr(size), 0)
-	ptr = uintptr(r0)
-	return
-}
-
-func localFree(ptr uintptr) {
-	syscall.Syscall(procLocalFree.Addr(), 1, uintptr(ptr), 0, 0)
-	return
-}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/timeout/timeout.go b/vendor/github.com/Microsoft/hcsshim/internal/timeout/timeout.go
index ff3b6572e659b..eaf39fa513274 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/timeout/timeout.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/timeout/timeout.go
@@ -29,6 +29,9 @@ var (
 	// SystemResume is the timeout for resuming a compute system
 	SystemResume time.Duration = defaultTimeout
 
+	// SystemSave is the timeout for saving a compute system
+	SystemSave time.Duration = defaultTimeout
+
 	// SyscallWatcher is the timeout before warning of a potential stuck platform syscall.
 	SyscallWatcher time.Duration = defaultTimeout
 
@@ -51,6 +54,7 @@ func init() {
 	SystemStart = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMSTART", SystemStart)
 	SystemPause = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMPAUSE", SystemPause)
 	SystemResume = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMRESUME", SystemResume)
+	SystemSave = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMSAVE", SystemSave)
 	SyscallWatcher = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSCALLWATCHER", SyscallWatcher)
 	Tar2VHD = durationFromEnvironment("HCSSHIM_TIMEOUT_TAR2VHD", Tar2VHD)
 	ExternalCommandToStart = durationFromEnvironment("HCSSHIM_TIMEOUT_EXTERNALCOMMANDSTART", ExternalCommandToStart)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go
new file mode 100644
index 0000000000000..e7f114b67aaa0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go
@@ -0,0 +1,610 @@
+package vmcompute
+
+import (
+	gcontext "context"
+	"syscall"
+	"time"
+
+	"github.com/Microsoft/hcsshim/internal/interop"
+	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/internal/logfields"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/internal/timeout"
+	"go.opencensus.io/trace"
+)
+
+//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go vmcompute.go
+
+//sys hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) = vmcompute.HcsEnumerateComputeSystems?
+//sys hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) = vmcompute.HcsCreateComputeSystem?
+//sys hcsOpenComputeSystem(id string, computeSystem *HcsSystem, result **uint16) (hr error) = vmcompute.HcsOpenComputeSystem?
+//sys hcsCloseComputeSystem(computeSystem HcsSystem) (hr error) = vmcompute.HcsCloseComputeSystem?
+//sys hcsStartComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsStartComputeSystem?
+//sys hcsShutdownComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsShutdownComputeSystem?
+//sys hcsTerminateComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsTerminateComputeSystem?
+//sys hcsPauseComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsPauseComputeSystem?
+//sys hcsResumeComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsResumeComputeSystem?
+//sys hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetComputeSystemProperties?
+//sys hcsModifyComputeSystem(computeSystem HcsSystem, configuration string, result **uint16) (hr error) = vmcompute.HcsModifyComputeSystem?
+//sys hcsModifyServiceSettings(settings string, result **uint16) (hr error) = vmcompute.HcsModifyServiceSettings?
+//sys hcsRegisterComputeSystemCallback(computeSystem HcsSystem, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) = vmcompute.HcsRegisterComputeSystemCallback?
+//sys hcsUnregisterComputeSystemCallback(callbackHandle HcsCallback) (hr error) = vmcompute.HcsUnregisterComputeSystemCallback?
+//sys hcsSaveComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsSaveComputeSystem?
+
+//sys hcsCreateProcess(computeSystem HcsSystem, processParameters string, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) = vmcompute.HcsCreateProcess?
+//sys hcsOpenProcess(computeSystem HcsSystem, pid uint32, process *HcsProcess, result **uint16) (hr error) = vmcompute.HcsOpenProcess?
+//sys hcsCloseProcess(process HcsProcess) (hr error) = vmcompute.HcsCloseProcess?
+//sys hcsTerminateProcess(process HcsProcess, result **uint16) (hr error) = vmcompute.HcsTerminateProcess?
+//sys hcsSignalProcess(process HcsProcess, options string, result **uint16) (hr error) = vmcompute.HcsSignalProcess?
+//sys hcsGetProcessInfo(process HcsProcess, processInformation *HcsProcessInformation, result **uint16) (hr error) = vmcompute.HcsGetProcessInfo?
+//sys hcsGetProcessProperties(process HcsProcess, processProperties **uint16, result **uint16) (hr error) = vmcompute.HcsGetProcessProperties?
+//sys hcsModifyProcess(process HcsProcess, settings string, result **uint16) (hr error) = vmcompute.HcsModifyProcess?
+//sys hcsGetServiceProperties(propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetServiceProperties?
+//sys hcsRegisterProcessCallback(process HcsProcess, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) = vmcompute.HcsRegisterProcessCallback?
+//sys hcsUnregisterProcessCallback(callbackHandle HcsCallback) (hr error) = vmcompute.HcsUnregisterProcessCallback?
+
+// errVmcomputeOperationPending is an error encountered when the operation is being completed asynchronously
+const errVmcomputeOperationPending = syscall.Errno(0xC0370103)
+
+// HcsSystem is the handle associated with a created compute system.
+type HcsSystem syscall.Handle
+
+// HcsProcess is the handle associated with a created process in a compute
+// system.
+type HcsProcess syscall.Handle
+
+// HcsCallback is the handle associated with the function to call when events
+// occur.
+type HcsCallback syscall.Handle
+
+// HcsProcessInformation is the structure used when creating or getting process
+// info.
+type HcsProcessInformation struct {
+	// ProcessId is the pid of the created process.
+	ProcessId uint32
+	reserved  uint32 //nolint:structcheck
+	// StdInput is the handle associated with the stdin of the process.
+	StdInput syscall.Handle
+	// StdOutput is the handle associated with the stdout of the process.
+	StdOutput syscall.Handle
+	// StdError is the handle associated with the stderr of the process.
+	StdError syscall.Handle
+}
+
+func execute(ctx gcontext.Context, timeout time.Duration, f func() error) error {
+	if timeout > 0 {
+		var cancel gcontext.CancelFunc
+		ctx, cancel = gcontext.WithTimeout(ctx, timeout)
+		defer cancel()
+	}
+
+	done := make(chan error, 1)
+	go func() {
+		done <- f()
+	}()
+	select {
+	case <-ctx.Done():
+		if ctx.Err() == gcontext.DeadlineExceeded {
+			log.G(ctx).WithField(logfields.Timeout, timeout).
+				Warning("Syscall did not complete within operation timeout. This may indicate a platform issue. If it appears to be making no forward progress, obtain the stacks and see if there is a syscall stuck in the platform API for a significant length of time.")
+		}
+		return ctx.Err()
+	case err := <-done:
+		return err
+	}
+}
+
+func HcsEnumerateComputeSystems(ctx gcontext.Context, query string) (computeSystems, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsEnumerateComputeSystems")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("query", query))
+
+	return computeSystems, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var (
+			computeSystemsp *uint16
+			resultp         *uint16
+		)
+		err := hcsEnumerateComputeSystems(query, &computeSystemsp, &resultp)
+		if computeSystemsp != nil {
+			computeSystems = interop.ConvertAndFreeCoTaskMemString(computeSystemsp)
+		}
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsCreateComputeSystem(ctx gcontext.Context, id string, configuration string, identity syscall.Handle) (computeSystem HcsSystem, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsCreateComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(
+		trace.StringAttribute("id", id),
+		trace.StringAttribute("configuration", configuration))
+
+	return computeSystem, result, execute(ctx, timeout.SystemCreate, func() error {
+		var resultp *uint16
+		err := hcsCreateComputeSystem(id, configuration, identity, &computeSystem, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsOpenComputeSystem(ctx gcontext.Context, id string) (computeSystem HcsSystem, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsOpenComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+
+	return computeSystem, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsOpenComputeSystem(id, &computeSystem, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsCloseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem) (hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsCloseComputeSystem")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsCloseComputeSystem(computeSystem)
+	})
+}
+
+func HcsStartComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsStartComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SystemStart, func() error {
+		var resultp *uint16
+		err := hcsStartComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsShutdownComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsShutdownComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsShutdownComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsTerminateComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsTerminateComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsTerminateComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsPauseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsPauseComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SystemPause, func() error {
+		var resultp *uint16
+		err := hcsPauseComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsResumeComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsResumeComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SystemResume, func() error {
+		var resultp *uint16
+		err := hcsResumeComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsGetComputeSystemProperties(ctx gcontext.Context, computeSystem HcsSystem, propertyQuery string) (properties, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsGetComputeSystemProperties")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("propertyQuery", propertyQuery))
+
+	return properties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var (
+			propertiesp *uint16
+			resultp     *uint16
+		)
+		err := hcsGetComputeSystemProperties(computeSystem, propertyQuery, &propertiesp, &resultp)
+		if propertiesp != nil {
+			properties = interop.ConvertAndFreeCoTaskMemString(propertiesp)
+		}
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsModifyComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, configuration string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsModifyComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("configuration", configuration))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsModifyComputeSystem(computeSystem, configuration, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsModifyServiceSettings(ctx gcontext.Context, settings string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsModifyServiceSettings")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("settings", settings))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsModifyServiceSettings(settings, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsRegisterComputeSystemCallback(ctx gcontext.Context, computeSystem HcsSystem, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsRegisterComputeSystemCallback")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return callbackHandle, execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsRegisterComputeSystemCallback(computeSystem, callback, context, &callbackHandle)
+	})
+}
+
+func HcsUnregisterComputeSystemCallback(ctx gcontext.Context, callbackHandle HcsCallback) (hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsUnregisterComputeSystemCallback")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsUnregisterComputeSystemCallback(callbackHandle)
+	})
+}
+
+func HcsCreateProcess(ctx gcontext.Context, computeSystem HcsSystem, processParameters string) (processInformation HcsProcessInformation, process HcsProcess, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsCreateProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("processParameters", processParameters))
+
+	return processInformation, process, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsCreateProcess(computeSystem, processParameters, &processInformation, &process, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsOpenProcess(ctx gcontext.Context, computeSystem HcsSystem, pid uint32) (process HcsProcess, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsOpenProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.Int64Attribute("pid", int64(pid)))
+
+	return process, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsOpenProcess(computeSystem, pid, &process, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsCloseProcess(ctx gcontext.Context, process HcsProcess) (hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsCloseProcess")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsCloseProcess(process)
+	})
+}
+
+func HcsTerminateProcess(ctx gcontext.Context, process HcsProcess) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsTerminateProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsTerminateProcess(process, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsSignalProcess(ctx gcontext.Context, process HcsProcess, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsSignalProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsSignalProcess(process, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsGetProcessInfo(ctx gcontext.Context, process HcsProcess) (processInformation HcsProcessInformation, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsGetProcessInfo")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+
+	return processInformation, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsGetProcessInfo(process, &processInformation, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsGetProcessProperties(ctx gcontext.Context, process HcsProcess) (processProperties, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsGetProcessProperties")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+
+	return processProperties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var (
+			processPropertiesp *uint16
+			resultp            *uint16
+		)
+		err := hcsGetProcessProperties(process, &processPropertiesp, &resultp)
+		if processPropertiesp != nil {
+			processProperties = interop.ConvertAndFreeCoTaskMemString(processPropertiesp)
+		}
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsModifyProcess(ctx gcontext.Context, process HcsProcess, settings string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsModifyProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("settings", settings))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsModifyProcess(process, settings, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsGetServiceProperties(ctx gcontext.Context, propertyQuery string) (properties, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsGetServiceProperties")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("propertyQuery", propertyQuery))
+
+	return properties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var (
+			propertiesp *uint16
+			resultp     *uint16
+		)
+		err := hcsGetServiceProperties(propertyQuery, &propertiesp, &resultp)
+		if propertiesp != nil {
+			properties = interop.ConvertAndFreeCoTaskMemString(propertiesp)
+		}
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsRegisterProcessCallback(ctx gcontext.Context, process HcsProcess, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsRegisterProcessCallback")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return callbackHandle, execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsRegisterProcessCallback(process, callback, context, &callbackHandle)
+	})
+}
+
+func HcsUnregisterProcessCallback(ctx gcontext.Context, callbackHandle HcsCallback) (hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsUnregisterProcessCallback")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsUnregisterProcessCallback(callbackHandle)
+	})
+}
+
+func HcsSaveComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsSaveComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsSaveComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go
new file mode 100644
index 0000000000000..cae55058deb81
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go
@@ -0,0 +1,581 @@
+// Code generated mksyscall_windows.exe DO NOT EDIT
+
+package vmcompute
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modvmcompute = windows.NewLazySystemDLL("vmcompute.dll")
+
+	procHcsEnumerateComputeSystems         = modvmcompute.NewProc("HcsEnumerateComputeSystems")
+	procHcsCreateComputeSystem             = modvmcompute.NewProc("HcsCreateComputeSystem")
+	procHcsOpenComputeSystem               = modvmcompute.NewProc("HcsOpenComputeSystem")
+	procHcsCloseComputeSystem              = modvmcompute.NewProc("HcsCloseComputeSystem")
+	procHcsStartComputeSystem              = modvmcompute.NewProc("HcsStartComputeSystem")
+	procHcsShutdownComputeSystem           = modvmcompute.NewProc("HcsShutdownComputeSystem")
+	procHcsTerminateComputeSystem          = modvmcompute.NewProc("HcsTerminateComputeSystem")
+	procHcsPauseComputeSystem              = modvmcompute.NewProc("HcsPauseComputeSystem")
+	procHcsResumeComputeSystem             = modvmcompute.NewProc("HcsResumeComputeSystem")
+	procHcsGetComputeSystemProperties      = modvmcompute.NewProc("HcsGetComputeSystemProperties")
+	procHcsModifyComputeSystem             = modvmcompute.NewProc("HcsModifyComputeSystem")
+	procHcsModifyServiceSettings           = modvmcompute.NewProc("HcsModifyServiceSettings")
+	procHcsRegisterComputeSystemCallback   = modvmcompute.NewProc("HcsRegisterComputeSystemCallback")
+	procHcsUnregisterComputeSystemCallback = modvmcompute.NewProc("HcsUnregisterComputeSystemCallback")
+	procHcsSaveComputeSystem               = modvmcompute.NewProc("HcsSaveComputeSystem")
+	procHcsCreateProcess                   = modvmcompute.NewProc("HcsCreateProcess")
+	procHcsOpenProcess                     = modvmcompute.NewProc("HcsOpenProcess")
+	procHcsCloseProcess                    = modvmcompute.NewProc("HcsCloseProcess")
+	procHcsTerminateProcess                = modvmcompute.NewProc("HcsTerminateProcess")
+	procHcsSignalProcess                   = modvmcompute.NewProc("HcsSignalProcess")
+	procHcsGetProcessInfo                  = modvmcompute.NewProc("HcsGetProcessInfo")
+	procHcsGetProcessProperties            = modvmcompute.NewProc("HcsGetProcessProperties")
+	procHcsModifyProcess                   = modvmcompute.NewProc("HcsModifyProcess")
+	procHcsGetServiceProperties            = modvmcompute.NewProc("HcsGetServiceProperties")
+	procHcsRegisterProcessCallback         = modvmcompute.NewProc("HcsRegisterProcessCallback")
+	procHcsUnregisterProcessCallback       = modvmcompute.NewProc("HcsUnregisterProcessCallback")
+)
+
+func hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(query)
+	if hr != nil {
+		return
+	}
+	return _hcsEnumerateComputeSystems(_p0, computeSystems, result)
+}
+
+func _hcsEnumerateComputeSystems(query *uint16, computeSystems **uint16, result **uint16) (hr error) {
+	if hr = procHcsEnumerateComputeSystems.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsEnumerateComputeSystems.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(computeSystems)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(id)
+	if hr != nil {
+		return
+	}
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(configuration)
+	if hr != nil {
+		return
+	}
+	return _hcsCreateComputeSystem(_p0, _p1, identity, computeSystem, result)
+}
+
+func _hcsCreateComputeSystem(id *uint16, configuration *uint16, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) {
+	if hr = procHcsCreateComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcsCreateComputeSystem.Addr(), 5, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(configuration)), uintptr(identity), uintptr(unsafe.Pointer(computeSystem)), uintptr(unsafe.Pointer(result)), 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsOpenComputeSystem(id string, computeSystem *HcsSystem, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(id)
+	if hr != nil {
+		return
+	}
+	return _hcsOpenComputeSystem(_p0, computeSystem, result)
+}
+
+func _hcsOpenComputeSystem(id *uint16, computeSystem *HcsSystem, result **uint16) (hr error) {
+	if hr = procHcsOpenComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsOpenComputeSystem.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(computeSystem)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsCloseComputeSystem(computeSystem HcsSystem) (hr error) {
+	if hr = procHcsCloseComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsCloseComputeSystem.Addr(), 1, uintptr(computeSystem), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsStartComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsStartComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsStartComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+	if hr = procHcsStartComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsStartComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsShutdownComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsShutdownComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsShutdownComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+	if hr = procHcsShutdownComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsShutdownComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsTerminateComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsTerminateComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsTerminateComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+	if hr = procHcsTerminateComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsTerminateComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsPauseComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsPauseComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsPauseComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+	if hr = procHcsPauseComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsPauseComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsResumeComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsResumeComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsResumeComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+	if hr = procHcsResumeComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsResumeComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(propertyQuery)
+	if hr != nil {
+		return
+	}
+	return _hcsGetComputeSystemProperties(computeSystem, _p0, properties, result)
+}
+
+func _hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery *uint16, properties **uint16, result **uint16) (hr error) {
+	if hr = procHcsGetComputeSystemProperties.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcsGetComputeSystemProperties.Addr(), 4, uintptr(computeSystem), uintptr(unsafe.Pointer(propertyQuery)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsModifyComputeSystem(computeSystem HcsSystem, configuration string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(configuration)
+	if hr != nil {
+		return
+	}
+	return _hcsModifyComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsModifyComputeSystem(computeSystem HcsSystem, configuration *uint16, result **uint16) (hr error) {
+	if hr = procHcsModifyComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsModifyComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(configuration)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsModifyServiceSettings(settings string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(settings)
+	if hr != nil {
+		return
+	}
+	return _hcsModifyServiceSettings(_p0, result)
+}
+
+func _hcsModifyServiceSettings(settings *uint16, result **uint16) (hr error) {
+	if hr = procHcsModifyServiceSettings.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsModifyServiceSettings.Addr(), 2, uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)), 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsRegisterComputeSystemCallback(computeSystem HcsSystem, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) {
+	if hr = procHcsRegisterComputeSystemCallback.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcsRegisterComputeSystemCallback.Addr(), 4, uintptr(computeSystem), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsUnregisterComputeSystemCallback(callbackHandle HcsCallback) (hr error) {
+	if hr = procHcsUnregisterComputeSystemCallback.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsUnregisterComputeSystemCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsSaveComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsSaveComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsSaveComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+	if hr = procHcsSaveComputeSystem.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsSaveComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsCreateProcess(computeSystem HcsSystem, processParameters string, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(processParameters)
+	if hr != nil {
+		return
+	}
+	return _hcsCreateProcess(computeSystem, _p0, processInformation, process, result)
+}
+
+func _hcsCreateProcess(computeSystem HcsSystem, processParameters *uint16, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) {
+	if hr = procHcsCreateProcess.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcsCreateProcess.Addr(), 5, uintptr(computeSystem), uintptr(unsafe.Pointer(processParameters)), uintptr(unsafe.Pointer(processInformation)), uintptr(unsafe.Pointer(process)), uintptr(unsafe.Pointer(result)), 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsOpenProcess(computeSystem HcsSystem, pid uint32, process *HcsProcess, result **uint16) (hr error) {
+	if hr = procHcsOpenProcess.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcsOpenProcess.Addr(), 4, uintptr(computeSystem), uintptr(pid), uintptr(unsafe.Pointer(process)), uintptr(unsafe.Pointer(result)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsCloseProcess(process HcsProcess) (hr error) {
+	if hr = procHcsCloseProcess.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsCloseProcess.Addr(), 1, uintptr(process), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsTerminateProcess(process HcsProcess, result **uint16) (hr error) {
+	if hr = procHcsTerminateProcess.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsTerminateProcess.Addr(), 2, uintptr(process), uintptr(unsafe.Pointer(result)), 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsSignalProcess(process HcsProcess, options string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(options)
+	if hr != nil {
+		return
+	}
+	return _hcsSignalProcess(process, _p0, result)
+}
+
+func _hcsSignalProcess(process HcsProcess, options *uint16, result **uint16) (hr error) {
+	if hr = procHcsSignalProcess.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsSignalProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsGetProcessInfo(process HcsProcess, processInformation *HcsProcessInformation, result **uint16) (hr error) {
+	if hr = procHcsGetProcessInfo.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsGetProcessInfo.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(processInformation)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsGetProcessProperties(process HcsProcess, processProperties **uint16, result **uint16) (hr error) {
+	if hr = procHcsGetProcessProperties.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsGetProcessProperties.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(processProperties)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsModifyProcess(process HcsProcess, settings string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(settings)
+	if hr != nil {
+		return
+	}
+	return _hcsModifyProcess(process, _p0, result)
+}
+
+func _hcsModifyProcess(process HcsProcess, settings *uint16, result **uint16) (hr error) {
+	if hr = procHcsModifyProcess.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsModifyProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsGetServiceProperties(propertyQuery string, properties **uint16, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(propertyQuery)
+	if hr != nil {
+		return
+	}
+	return _hcsGetServiceProperties(_p0, properties, result)
+}
+
+func _hcsGetServiceProperties(propertyQuery *uint16, properties **uint16, result **uint16) (hr error) {
+	if hr = procHcsGetServiceProperties.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsGetServiceProperties.Addr(), 3, uintptr(unsafe.Pointer(propertyQuery)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsRegisterProcessCallback(process HcsProcess, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) {
+	if hr = procHcsRegisterProcessCallback.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcsRegisterProcessCallback.Addr(), 4, uintptr(process), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsUnregisterProcessCallback(callbackHandle HcsCallback) (hr error) {
+	if hr = procHcsUnregisterProcessCallback.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsUnregisterProcessCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go
index 3a0d4bc58ef36..ff81ac2c15637 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go
@@ -1,25 +1,27 @@
 package wclayer
 
 import (
+	"context"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // ActivateLayer will find the layer with the given id and mount it's filesystem.
 // For a read/write layer, the mounted filesystem will appear as a volume on the
 // host, while a read-only layer is generally expected to be a no-op.
 // An activated layer must later be deactivated via DeactivateLayer.
-func ActivateLayer(path string) error {
-	title := "hcsshim::ActivateLayer "
-	logrus.Debugf(title+"path %s", path)
+func ActivateLayer(ctx context.Context, path string) (err error) {
+	title := "hcsshim::ActivateLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
 
-	err := activateLayer(&stdDriverInfo, path)
+	err = activateLayer(&stdDriverInfo, path)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+" - succeeded path=%s", path)
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go
index 5784241dfa03f..3ec708d1ed35c 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go
@@ -1,6 +1,7 @@
 package wclayer
 
 import (
+	"context"
 	"errors"
 	"os"
 	"path/filepath"
@@ -8,10 +9,16 @@ import (
 
 	"github.com/Microsoft/go-winio"
 	"github.com/Microsoft/hcsshim/internal/hcserror"
+	"github.com/Microsoft/hcsshim/internal/oc"
 	"github.com/Microsoft/hcsshim/internal/safefile"
+	"github.com/Microsoft/hcsshim/internal/winapi"
+	"go.opencensus.io/trace"
 )
 
 type baseLayerWriter struct {
+	ctx context.Context
+	s   *trace.Span
+
 	root         *os.File
 	f            *os.File
 	bw           *winio.BackupFileWriter
@@ -31,7 +38,7 @@ type dirInfo struct {
 func reapplyDirectoryTimes(root *os.File, dis []dirInfo) error {
 	for i := range dis {
 		di := &dis[len(dis)-i-1] // reverse order: process child directories first
-		f, err := safefile.OpenRelative(di.path, root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, safefile.FILE_OPEN, safefile.FILE_DIRECTORY_FILE)
+		f, err := safefile.OpenRelative(di.path, root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, winapi.FILE_OPEN, winapi.FILE_DIRECTORY_FILE|syscall.FILE_FLAG_OPEN_REPARSE_POINT)
 		if err != nil {
 			return err
 		}
@@ -41,6 +48,7 @@ func reapplyDirectoryTimes(root *os.File, dis []dirInfo) error {
 		if err != nil {
 			return err
 		}
+
 	}
 	return nil
 }
@@ -86,14 +94,12 @@ func (w *baseLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) (err e
 
 	extraFlags := uint32(0)
 	if fileInfo.FileAttributes&syscall.FILE_ATTRIBUTE_DIRECTORY != 0 {
-		extraFlags |= safefile.FILE_DIRECTORY_FILE
-		if fileInfo.FileAttributes&syscall.FILE_ATTRIBUTE_REPARSE_POINT == 0 {
-			w.dirInfo = append(w.dirInfo, dirInfo{name, *fileInfo})
-		}
+		extraFlags |= winapi.FILE_DIRECTORY_FILE
+		w.dirInfo = append(w.dirInfo, dirInfo{name, *fileInfo})
 	}
 
 	mode := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | winio.WRITE_DAC | winio.WRITE_OWNER | winio.ACCESS_SYSTEM_SECURITY)
-	f, err = safefile.OpenRelative(name, w.root, mode, syscall.FILE_SHARE_READ, safefile.FILE_CREATE, extraFlags)
+	f, err = safefile.OpenRelative(name, w.root, mode, syscall.FILE_SHARE_READ, winapi.FILE_CREATE, extraFlags)
 	if err != nil {
 		return hcserror.New(err, "Failed to safefile.OpenRelative", name)
 	}
@@ -136,12 +142,15 @@ func (w *baseLayerWriter) Write(b []byte) (int, error) {
 	return n, err
 }
 
-func (w *baseLayerWriter) Close() error {
+func (w *baseLayerWriter) Close() (err error) {
+	defer w.s.End()
+	defer func() { oc.SetSpanStatus(w.s, err) }()
 	defer func() {
 		w.root.Close()
 		w.root = nil
 	}()
-	err := w.closeCurrentFile()
+
+	err = w.closeCurrentFile()
 	if err != nil {
 		return err
 	}
@@ -153,7 +162,7 @@ func (w *baseLayerWriter) Close() error {
 			return err
 		}
 
-		err = ProcessBaseLayer(w.root.Name())
+		err = ProcessBaseLayer(w.ctx, w.root.Name())
 		if err != nil {
 			return err
 		}
@@ -163,7 +172,7 @@ func (w *baseLayerWriter) Close() error {
 			if err != nil {
 				return err
 			}
-			err = ProcessUtilityVMImage(filepath.Join(w.root.Name(), "UtilityVM"))
+			err = ProcessUtilityVMImage(w.ctx, filepath.Join(w.root.Name(), "UtilityVM"))
 			if err != nil {
 				return err
 			}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go
index d158177308858..ffee31ab1261e 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go
@@ -1,23 +1,27 @@
 package wclayer
 
 import (
+	"context"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // CreateLayer creates a new, empty, read-only layer on the filesystem based on
 // the parent layer provided.
-func CreateLayer(path, parent string) error {
-	title := "hcsshim::CreateLayer "
-	logrus.Debugf(title+"ID %s parent %s", path, parent)
+func CreateLayer(ctx context.Context, path, parent string) (err error) {
+	title := "hcsshim::CreateLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("path", path),
+		trace.StringAttribute("parent", parent))
 
-	err := createLayer(&stdDriverInfo, path, parent)
+	err = createLayer(&stdDriverInfo, path, parent)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s parent=%s", path, parent)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"- succeeded path=%s parent=%s", path, parent)
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go
index bf2fece19869b..5a3809ae2292d 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go
@@ -1,31 +1,34 @@
 package wclayer
 
 import (
+	"context"
+	"strings"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // CreateScratchLayer creates and populates new read-write layer for use by a container.
-// This requires both the id of the direct parent layer, as well as the full list
-// of paths to all parent layers up to the base (and including the direct parent
-// whose id was provided).
-func CreateScratchLayer(path string, parentLayerPaths []string) error {
-	title := "hcsshim::CreateScratchLayer "
-	logrus.Debugf(title+"path %s", path)
+// This requires the full list of paths to all parent layers up to the base
+func CreateScratchLayer(ctx context.Context, path string, parentLayerPaths []string) (err error) {
+	title := "hcsshim::CreateScratchLayer"
+	ctx, span := trace.StartSpan(ctx, title)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("path", path),
+		trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
 
 	// Generate layer descriptors
-	layers, err := layerPathsToDescriptors(parentLayerPaths)
+	layers, err := layerPathsToDescriptors(ctx, parentLayerPaths)
 	if err != nil {
 		return err
 	}
 
 	err = createSandboxLayer(&stdDriverInfo, path, 0, layers)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"- succeeded path=%s", path)
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go
index b998f8a193e0f..d5bf2f5bdc5f7 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go
@@ -1,22 +1,24 @@
 package wclayer
 
 import (
+	"context"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // DeactivateLayer will dismount a layer that was mounted via ActivateLayer.
-func DeactivateLayer(path string) error {
-	title := "hcsshim::DeactivateLayer "
-	logrus.Debugf(title+"path %s", path)
+func DeactivateLayer(ctx context.Context, path string) (err error) {
+	title := "hcsshim::DeactivateLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
 
-	err := deactivateLayer(&stdDriverInfo, path)
+	err = deactivateLayer(&stdDriverInfo, path)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+"- failed", "")
 	}
-
-	logrus.Debugf(title+"succeeded path=%s", path)
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go
index dc14cecc47e35..787054e794101 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go
@@ -1,23 +1,25 @@
 package wclayer
 
 import (
+	"context"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // DestroyLayer will remove the on-disk files representing the layer with the given
 // path, including that layer's containing folder, if any.
-func DestroyLayer(path string) error {
-	title := "hcsshim::DestroyLayer "
-	logrus.Debugf(title+"path %s", path)
+func DestroyLayer(ctx context.Context, path string) (err error) {
+	title := "hcsshim::DestroyLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
 
-	err := destroyLayer(&stdDriverInfo, path)
+	err = destroyLayer(&stdDriverInfo, path)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"succeeded path=%s", path)
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go
index 7832bb452e2fb..22f7605beee69 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go
@@ -1,22 +1,140 @@
 package wclayer
 
 import (
+	"context"
+	"os"
+	"path/filepath"
+	"syscall"
+	"unsafe"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/osversion"
+	"go.opencensus.io/trace"
 )
 
 // ExpandScratchSize expands the size of a layer to at least size bytes.
-func ExpandScratchSize(path string, size uint64) error {
-	title := "hcsshim::ExpandScratchSize "
-	logrus.Debugf(title+"path=%s size=%d", path, size)
+func ExpandScratchSize(ctx context.Context, path string, size uint64) (err error) {
+	title := "hcsshim::ExpandScratchSize"
+	ctx, span := trace.StartSpan(ctx, title)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("path", path),
+		trace.Int64Attribute("size", int64(size)))
+
+	err = expandSandboxSize(&stdDriverInfo, path, size)
+	if err != nil {
+		return hcserror.New(err, title+" - failed", "")
+	}
+
+	// Manually expand the volume now in order to work around bugs in 19H1 and
+	// prerelease versions of Vb. Remove once this is fixed in Windows.
+	if build := osversion.Build(); build >= osversion.V19H1 && build < 19020 {
+		err = expandSandboxVolume(ctx, path)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+type virtualStorageType struct {
+	DeviceID uint32
+	VendorID [16]byte
+}
+
+type openVersion2 struct {
+	GetInfoOnly    int32    // bool but 4-byte aligned
+	ReadOnly       int32    // bool but 4-byte aligned
+	ResiliencyGUID [16]byte // GUID
+}
+
+type openVirtualDiskParameters struct {
+	Version  uint32 // Must always be set to 2
+	Version2 openVersion2
+}
+
+func attachVhd(path string) (syscall.Handle, error) {
+	var (
+		defaultType virtualStorageType
+		handle      syscall.Handle
+	)
+	parameters := openVirtualDiskParameters{Version: 2}
+	err := openVirtualDisk(
+		&defaultType,
+		path,
+		0,
+		0,
+		&parameters,
+		&handle)
+	if err != nil {
+		return 0, &os.PathError{Op: "OpenVirtualDisk", Path: path, Err: err}
+	}
+	err = attachVirtualDisk(handle, 0, 0, 0, 0, 0)
+	if err != nil {
+		syscall.Close(handle)
+		return 0, &os.PathError{Op: "AttachVirtualDisk", Path: path, Err: err}
+	}
+	return handle, nil
+}
 
-	err := expandSandboxSize(&stdDriverInfo, path, size)
+func expandSandboxVolume(ctx context.Context, path string) error {
+	// Mount the sandbox VHD temporarily.
+	vhdPath := filepath.Join(path, "sandbox.vhdx")
+	vhd, err := attachVhd(vhdPath)
+	if err != nil {
+		return &os.PathError{Op: "OpenVirtualDisk", Path: vhdPath, Err: err}
+	}
+	defer syscall.Close(vhd)
+
+	// Open the volume.
+	volumePath, err := GetLayerMountPath(ctx, path)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s size=%d", path, size)
-		logrus.Error(err)
 		return err
 	}
+	if volumePath[len(volumePath)-1] == '\\' {
+		volumePath = volumePath[:len(volumePath)-1]
+	}
+	volume, err := os.OpenFile(volumePath, os.O_RDWR, 0)
+	if err != nil {
+		return err
+	}
+	defer volume.Close()
+
+	// Get the volume's underlying partition size in NTFS clusters.
+	var (
+		partitionSize int64
+		bytes         uint32
+	)
+	const _IOCTL_DISK_GET_LENGTH_INFO = 0x0007405C
+	err = syscall.DeviceIoControl(syscall.Handle(volume.Fd()), _IOCTL_DISK_GET_LENGTH_INFO, nil, 0, (*byte)(unsafe.Pointer(&partitionSize)), 8, &bytes, nil)
+	if err != nil {
+		return &os.PathError{Op: "IOCTL_DISK_GET_LENGTH_INFO", Path: volume.Name(), Err: err}
+	}
+	const (
+		clusterSize = 4096
+		sectorSize  = 512
+	)
+	targetClusters := partitionSize / clusterSize
 
-	logrus.Debugf(title+"- succeeded path=%s size=%d", path, size)
+	// Get the volume's current size in NTFS clusters.
+	var volumeSize int64
+	err = getDiskFreeSpaceEx(volume.Name()+"\\", nil, &volumeSize, nil)
+	if err != nil {
+		return &os.PathError{Op: "GetDiskFreeSpaceEx", Path: volume.Name(), Err: err}
+	}
+	volumeClusters := volumeSize / clusterSize
+
+	// Only resize the volume if there is space to grow, otherwise this will
+	// fail with invalid parameter. NTFS reserves one cluster.
+	if volumeClusters+1 < targetClusters {
+		targetSectors := targetClusters * (clusterSize / sectorSize)
+		const _FSCTL_EXTEND_VOLUME = 0x000900F0
+		err = syscall.DeviceIoControl(syscall.Handle(volume.Fd()), _FSCTL_EXTEND_VOLUME, (*byte)(unsafe.Pointer(&targetSectors)), 8, nil, 0, &bytes, nil)
+		if err != nil {
+			return &os.PathError{Op: "FSCTL_EXTEND_VOLUME", Path: volume.Name(), Err: err}
+		}
+	}
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go
index c6b3480ce7a88..09f0de1a4464d 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go
@@ -1,15 +1,15 @@
 package wclayer
 
 import (
-	"io"
+	"context"
 	"io/ioutil"
 	"os"
-	"syscall"
+	"strings"
 
 	"github.com/Microsoft/go-winio"
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/Microsoft/hcsshim/internal/interop"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // ExportLayer will create a folder at exportFolderPath and fill that folder with
@@ -17,24 +17,26 @@ import (
 // format includes any metadata required for later importing the layer (using
 // ImportLayer), and requires the full list of parent layer paths in order to
 // perform the export.
-func ExportLayer(path string, exportFolderPath string, parentLayerPaths []string) error {
-	title := "hcsshim::ExportLayer "
-	logrus.Debugf(title+"path %s folder %s", path, exportFolderPath)
+func ExportLayer(ctx context.Context, path string, exportFolderPath string, parentLayerPaths []string) (err error) {
+	title := "hcsshim::ExportLayer"
+	ctx, span := trace.StartSpan(ctx, title)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("path", path),
+		trace.StringAttribute("exportFolderPath", exportFolderPath),
+		trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
 
 	// Generate layer descriptors
-	layers, err := layerPathsToDescriptors(parentLayerPaths)
+	layers, err := layerPathsToDescriptors(ctx, parentLayerPaths)
 	if err != nil {
 		return err
 	}
 
 	err = exportLayer(&stdDriverInfo, path, exportFolderPath, layers)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s folder=%s", path, exportFolderPath)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"succeeded path=%s folder=%s", path, exportFolderPath)
 	return nil
 }
 
@@ -44,104 +46,49 @@ type LayerReader interface {
 	Close() error
 }
 
-// FilterLayerReader provides an interface for extracting the contents of an on-disk layer.
-type FilterLayerReader struct {
-	context uintptr
-}
-
-// Next reads the next available file from a layer, ensuring that parent directories are always read
-// before child files and directories.
-//
-// Next returns the file's relative path, size, and basic file metadata. Read() should be used to
-// extract a Win32 backup stream with the remainder of the metadata and the data.
-func (r *FilterLayerReader) Next() (string, int64, *winio.FileBasicInfo, error) {
-	var fileNamep *uint16
-	fileInfo := &winio.FileBasicInfo{}
-	var deleted uint32
-	var fileSize int64
-	err := exportLayerNext(r.context, &fileNamep, fileInfo, &fileSize, &deleted)
-	if err != nil {
-		if err == syscall.ERROR_NO_MORE_FILES {
-			err = io.EOF
-		} else {
-			err = hcserror.New(err, "ExportLayerNext", "")
-		}
-		return "", 0, nil, err
-	}
-	fileName := interop.ConvertAndFreeCoTaskMemString(fileNamep)
-	if deleted != 0 {
-		fileInfo = nil
-	}
-	if fileName[0] == '\\' {
-		fileName = fileName[1:]
-	}
-	return fileName, fileSize, fileInfo, nil
-}
-
-// Read reads from the current file's Win32 backup stream.
-func (r *FilterLayerReader) Read(b []byte) (int, error) {
-	var bytesRead uint32
-	err := exportLayerRead(r.context, b, &bytesRead)
-	if err != nil {
-		return 0, hcserror.New(err, "ExportLayerRead", "")
-	}
-	if bytesRead == 0 {
-		return 0, io.EOF
-	}
-	return int(bytesRead), nil
-}
-
-// Close frees resources associated with the layer reader. It will return an
-// error if there was an error while reading the layer or of the layer was not
-// completely read.
-func (r *FilterLayerReader) Close() (err error) {
-	if r.context != 0 {
-		err = exportLayerEnd(r.context)
-		if err != nil {
-			err = hcserror.New(err, "ExportLayerEnd", "")
-		}
-		r.context = 0
-	}
-	return
-}
-
 // NewLayerReader returns a new layer reader for reading the contents of an on-disk layer.
 // The caller must have taken the SeBackupPrivilege privilege
 // to call this and any methods on the resulting LayerReader.
-func NewLayerReader(path string, parentLayerPaths []string) (LayerReader, error) {
-	if procExportLayerBegin.Find() != nil {
-		// The new layer reader is not available on this Windows build. Fall back to the
-		// legacy export code path.
-		exportPath, err := ioutil.TempDir("", "hcs")
+func NewLayerReader(ctx context.Context, path string, parentLayerPaths []string) (_ LayerReader, err error) {
+	ctx, span := trace.StartSpan(ctx, "hcsshim::NewLayerReader")
+	defer func() {
 		if err != nil {
-			return nil, err
+			oc.SetSpanStatus(span, err)
+			span.End()
 		}
-		err = ExportLayer(path, exportPath, parentLayerPaths)
-		if err != nil {
-			os.RemoveAll(exportPath)
-			return nil, err
-		}
-		return &legacyLayerReaderWrapper{newLegacyLayerReader(exportPath)}, nil
-	}
+	}()
+	span.AddAttributes(
+		trace.StringAttribute("path", path),
+		trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
 
-	layers, err := layerPathsToDescriptors(parentLayerPaths)
+	exportPath, err := ioutil.TempDir("", "hcs")
 	if err != nil {
 		return nil, err
 	}
-	r := &FilterLayerReader{}
-	err = exportLayerBegin(&stdDriverInfo, path, layers, &r.context)
+	err = ExportLayer(ctx, path, exportPath, parentLayerPaths)
 	if err != nil {
-		return nil, hcserror.New(err, "ExportLayerBegin", "")
+		os.RemoveAll(exportPath)
+		return nil, err
 	}
-	return r, err
+	return &legacyLayerReaderWrapper{
+		ctx:               ctx,
+		s:                 span,
+		legacyLayerReader: newLegacyLayerReader(exportPath),
+	}, nil
 }
 
 type legacyLayerReaderWrapper struct {
+	ctx context.Context
+	s   *trace.Span
+
 	*legacyLayerReader
 }
 
-func (r *legacyLayerReaderWrapper) Close() error {
-	err := r.legacyLayerReader.Close()
+func (r *legacyLayerReaderWrapper) Close() (err error) {
+	defer r.s.End()
+	defer func() { oc.SetSpanStatus(r.s, err) }()
+
+	err = r.legacyLayerReader.Close()
 	os.RemoveAll(r.root)
 	return err
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go
index 8c37549a0eb4b..4d22d0ecf3df7 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go
@@ -1,30 +1,33 @@
 package wclayer
 
 import (
+	"context"
 	"syscall"
 
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // GetLayerMountPath will look for a mounted layer with the given path and return
 // the path at which that layer can be accessed.  This path may be a volume path
 // if the layer is a mounted read-write layer, otherwise it is expected to be the
 // folder path at which the layer is stored.
-func GetLayerMountPath(path string) (string, error) {
-	title := "hcsshim::GetLayerMountPath "
-	logrus.Debugf(title+"path %s", path)
+func GetLayerMountPath(ctx context.Context, path string) (_ string, err error) {
+	title := "hcsshim::GetLayerMountPath"
+	ctx, span := trace.StartSpan(ctx, title)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
 
-	var mountPathLength uintptr
-	mountPathLength = 0
+	var mountPathLength uintptr = 0
 
 	// Call the procedure itself.
-	logrus.Debugf("Calling proc (1)")
-	err := getLayerMountPath(&stdDriverInfo, path, &mountPathLength, nil)
+	log.G(ctx).Debug("Calling proc (1)")
+	err = getLayerMountPath(&stdDriverInfo, path, &mountPathLength, nil)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "(first call) path=%s", path)
-		logrus.Error(err)
-		return "", err
+		return "", hcserror.New(err, title+" - failed", "(first call)")
 	}
 
 	// Allocate a mount path of the returned length.
@@ -35,15 +38,13 @@ func GetLayerMountPath(path string) (string, error) {
 	mountPathp[0] = 0
 
 	// Call the procedure again
-	logrus.Debugf("Calling proc (2)")
+	log.G(ctx).Debug("Calling proc (2)")
 	err = getLayerMountPath(&stdDriverInfo, path, &mountPathLength, &mountPathp[0])
 	if err != nil {
-		err = hcserror.Errorf(err, title, "(second call) path=%s", path)
-		logrus.Error(err)
-		return "", err
+		return "", hcserror.New(err, title+" - failed", "(second call)")
 	}
 
 	mountPath := syscall.UTF16ToString(mountPathp[0:])
-	logrus.Debugf(title+"succeeded path=%s mountPath=%s", path, mountPath)
+	span.AddAttributes(trace.StringAttribute("mountPath", mountPath))
 	return mountPath, nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go
index 10899c68af77c..bcc8fbd423932 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go
@@ -1,26 +1,29 @@
 package wclayer
 
 import (
+	"context"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
 	"github.com/Microsoft/hcsshim/internal/interop"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // GetSharedBaseImages will enumerate the images stored in the common central
 // image store and return descriptive info about those images for the purpose
 // of registering them with the graphdriver, graph, and tagstore.
-func GetSharedBaseImages() (imageData string, err error) {
-	title := "hcsshim::GetSharedBaseImages "
+func GetSharedBaseImages(ctx context.Context) (_ string, err error) {
+	title := "hcsshim::GetSharedBaseImages"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
 
-	logrus.Debugf("Calling proc")
 	var buffer *uint16
 	err = getBaseImages(&buffer)
 	if err != nil {
-		err = hcserror.New(err, title, "")
-		logrus.Error(err)
-		return
+		return "", hcserror.New(err, title+" - failed", "")
 	}
-	imageData = interop.ConvertAndFreeCoTaskMemString(buffer)
-	logrus.Debugf(title+" - succeeded output=%s", imageData)
-	return
+	imageData := interop.ConvertAndFreeCoTaskMemString(buffer)
+	span.AddAttributes(trace.StringAttribute("imageData", imageData))
+	return imageData, nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go
index d86e6782756a6..3eaca27808e1c 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go
@@ -1,24 +1,26 @@
 package wclayer
 
 import (
-	"fmt"
+	"context"
 
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // GrantVmAccess adds access to a file for a given VM
-func GrantVmAccess(vmid string, filepath string) error {
-	title := fmt.Sprintf("hcsshim::GrantVmAccess id:%s path:%s ", vmid, filepath)
-	logrus.Debugf(title)
+func GrantVmAccess(ctx context.Context, vmid string, filepath string) (err error) {
+	title := "hcsshim::GrantVmAccess"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("vm-id", vmid),
+		trace.StringAttribute("path", filepath))
 
-	err := grantVmAccess(vmid, filepath)
+	err = grantVmAccess(vmid, filepath)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", filepath)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title + " - succeeded")
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go
index c978450f8284f..b3c150d66fe7a 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go
@@ -1,39 +1,43 @@
 package wclayer
 
 import (
-	"errors"
+	"context"
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/Microsoft/go-winio"
 	"github.com/Microsoft/hcsshim/internal/hcserror"
+	"github.com/Microsoft/hcsshim/internal/oc"
 	"github.com/Microsoft/hcsshim/internal/safefile"
-	"github.com/sirupsen/logrus"
+	"go.opencensus.io/trace"
 )
 
 // ImportLayer will take the contents of the folder at importFolderPath and import
 // that into a layer with the id layerId.  Note that in order to correctly populate
 // the layer and interperet the transport format, all parent layers must already
 // be present on the system at the paths provided in parentLayerPaths.
-func ImportLayer(path string, importFolderPath string, parentLayerPaths []string) error {
-	title := "hcsshim::ImportLayer "
-	logrus.Debugf(title+"path %s folder %s", path, importFolderPath)
+func ImportLayer(ctx context.Context, path string, importFolderPath string, parentLayerPaths []string) (err error) {
+	title := "hcsshim::ImportLayer"
+	ctx, span := trace.StartSpan(ctx, title)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("path", path),
+		trace.StringAttribute("importFolderPath", importFolderPath),
+		trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
 
 	// Generate layer descriptors
-	layers, err := layerPathsToDescriptors(parentLayerPaths)
+	layers, err := layerPathsToDescriptors(ctx, parentLayerPaths)
 	if err != nil {
 		return err
 	}
 
 	err = importLayer(&stdDriverInfo, path, importFolderPath, layers)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s folder=%s", path, importFolderPath)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"succeeded path=%s folder=%s", path, importFolderPath)
 	return nil
 }
 
@@ -52,84 +56,27 @@ type LayerWriter interface {
 	Close() error
 }
 
-// FilterLayerWriter provides an interface to write the contents of a layer to the file system.
-type FilterLayerWriter struct {
-	context uintptr
-}
-
-// Add adds a file or directory to the layer. The file's parent directory must have already been added.
-//
-// name contains the file's relative path. fileInfo contains file times and file attributes; the rest
-// of the file metadata and the file data must be written as a Win32 backup stream to the Write() method.
-// winio.BackupStreamWriter can be used to facilitate this.
-func (w *FilterLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) error {
-	if name[0] != '\\' {
-		name = `\` + name
-	}
-	err := importLayerNext(w.context, name, fileInfo)
-	if err != nil {
-		return hcserror.New(err, "ImportLayerNext", "")
-	}
-	return nil
-}
-
-// AddLink adds a hard link to the layer. The target of the link must have already been added.
-func (w *FilterLayerWriter) AddLink(name string, target string) error {
-	return errors.New("hard links not yet supported")
-}
-
-// Remove removes a file from the layer. The file must have been present in the parent layer.
-//
-// name contains the file's relative path.
-func (w *FilterLayerWriter) Remove(name string) error {
-	if name[0] != '\\' {
-		name = `\` + name
-	}
-	err := importLayerNext(w.context, name, nil)
-	if err != nil {
-		return hcserror.New(err, "ImportLayerNext", "")
-	}
-	return nil
-}
-
-// Write writes more backup stream data to the current file.
-func (w *FilterLayerWriter) Write(b []byte) (int, error) {
-	err := importLayerWrite(w.context, b)
-	if err != nil {
-		err = hcserror.New(err, "ImportLayerWrite", "")
-		return 0, err
-	}
-	return len(b), err
-}
-
-// Close completes the layer write operation. The error must be checked to ensure that the
-// operation was successful.
-func (w *FilterLayerWriter) Close() (err error) {
-	if w.context != 0 {
-		err = importLayerEnd(w.context)
-		if err != nil {
-			err = hcserror.New(err, "ImportLayerEnd", "")
-		}
-		w.context = 0
-	}
-	return
-}
-
 type legacyLayerWriterWrapper struct {
+	ctx context.Context
+	s   *trace.Span
+
 	*legacyLayerWriter
 	path             string
 	parentLayerPaths []string
 }
 
-func (r *legacyLayerWriterWrapper) Close() error {
+func (r *legacyLayerWriterWrapper) Close() (err error) {
+	defer r.s.End()
+	defer func() { oc.SetSpanStatus(r.s, err) }()
 	defer os.RemoveAll(r.root.Name())
 	defer r.legacyLayerWriter.CloseRoots()
-	err := r.legacyLayerWriter.Close()
+
+	err = r.legacyLayerWriter.Close()
 	if err != nil {
 		return err
 	}
 
-	if err = ImportLayer(r.destRoot.Name(), r.path, r.parentLayerPaths); err != nil {
+	if err = ImportLayer(r.ctx, r.destRoot.Name(), r.path, r.parentLayerPaths); err != nil {
 		return err
 	}
 	for _, name := range r.Tombstones {
@@ -146,13 +93,26 @@ func (r *legacyLayerWriterWrapper) Close() error {
 			return err
 		}
 	}
+
+	// The reapplyDirectoryTimes must be called AFTER we are done with Tombstone
+	// deletion and hard link creation. This is because Tombstone deletion and hard link
+	// creation updates the directory last write timestamps so that will change the
+	// timestamps added by the `Add` call. Some container applications depend on the
+	// correctness of these timestamps and so we should change the timestamps back to
+	// the original value (i.e the value provided in the Add call) after this
+	// processing is done.
+	err = reapplyDirectoryTimes(r.destRoot, r.changedDi)
+	if err != nil {
+		return err
+	}
+
 	// Prepare the utility VM for use if one is present in the layer.
 	if r.HasUtilityVM {
 		err := safefile.EnsureNotReparsePointRelative("UtilityVM", r.destRoot)
 		if err != nil {
 			return err
 		}
-		err = ProcessUtilityVMImage(filepath.Join(r.destRoot.Name(), "UtilityVM"))
+		err = ProcessUtilityVMImage(r.ctx, filepath.Join(r.destRoot.Name(), "UtilityVM"))
 		if err != nil {
 			return err
 		}
@@ -163,7 +123,18 @@ func (r *legacyLayerWriterWrapper) Close() error {
 // NewLayerWriter returns a new layer writer for creating a layer on disk.
 // The caller must have taken the SeBackupPrivilege and SeRestorePrivilege privileges
 // to call this and any methods on the resulting LayerWriter.
-func NewLayerWriter(path string, parentLayerPaths []string) (LayerWriter, error) {
+func NewLayerWriter(ctx context.Context, path string, parentLayerPaths []string) (_ LayerWriter, err error) {
+	ctx, span := trace.StartSpan(ctx, "hcsshim::NewLayerWriter")
+	defer func() {
+		if err != nil {
+			oc.SetSpanStatus(span, err)
+			span.End()
+		}
+	}()
+	span.AddAttributes(
+		trace.StringAttribute("path", path),
+		trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
+
 	if len(parentLayerPaths) == 0 {
 		// This is a base layer. It gets imported differently.
 		f, err := safefile.OpenRoot(path)
@@ -171,36 +142,25 @@ func NewLayerWriter(path string, parentLayerPaths []string) (LayerWriter, error)
 			return nil, err
 		}
 		return &baseLayerWriter{
+			ctx:  ctx,
+			s:    span,
 			root: f,
 		}, nil
 	}
 
-	if procImportLayerBegin.Find() != nil {
-		// The new layer reader is not available on this Windows build. Fall back to the
-		// legacy export code path.
-		importPath, err := ioutil.TempDir("", "hcs")
-		if err != nil {
-			return nil, err
-		}
-		w, err := newLegacyLayerWriter(importPath, parentLayerPaths, path)
-		if err != nil {
-			return nil, err
-		}
-		return &legacyLayerWriterWrapper{
-			legacyLayerWriter: w,
-			path:              importPath,
-			parentLayerPaths:  parentLayerPaths,
-		}, nil
-	}
-	layers, err := layerPathsToDescriptors(parentLayerPaths)
+	importPath, err := ioutil.TempDir("", "hcs")
 	if err != nil {
 		return nil, err
 	}
-
-	w := &FilterLayerWriter{}
-	err = importLayerBegin(&stdDriverInfo, path, layers, &w.context)
+	w, err := newLegacyLayerWriter(importPath, parentLayerPaths, path)
 	if err != nil {
-		return nil, hcserror.New(err, "ImportLayerStart", "")
+		return nil, err
 	}
-	return w, nil
+	return &legacyLayerWriterWrapper{
+		ctx:               ctx,
+		s:                 span,
+		legacyLayerWriter: w,
+		path:              importPath,
+		parentLayerPaths:  parentLayerPaths,
+	}, nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go
index 71287ff8a7597..c6999973cb805 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go
@@ -1,25 +1,28 @@
 package wclayer
 
 import (
+	"context"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // LayerExists will return true if a layer with the given id exists and is known
 // to the system.
-func LayerExists(path string) (bool, error) {
-	title := "hcsshim::LayerExists "
-	logrus.Debugf(title+"path %s", path)
+func LayerExists(ctx context.Context, path string) (_ bool, err error) {
+	title := "hcsshim::LayerExists"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
 
 	// Call the procedure itself.
 	var exists uint32
-	err := layerExists(&stdDriverInfo, path, &exists)
+	err = layerExists(&stdDriverInfo, path, &exists)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return false, err
+		return false, hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"succeeded path=%s exists=%d", path, exists)
+	span.AddAttributes(trace.BoolAttribute("layer-exists", exists != 0))
 	return exists != 0, nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go
index 90df3bedceb65..0ce34a30f86a9 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go
@@ -1,13 +1,22 @@
 package wclayer
 
 import (
+	"context"
 	"path/filepath"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // LayerID returns the layer ID of a layer on disk.
-func LayerID(path string) (guid.GUID, error) {
+func LayerID(ctx context.Context, path string) (_ guid.GUID, err error) {
+	title := "hcsshim::LayerID"
+	ctx, span := trace.StartSpan(ctx, title)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
+
 	_, file := filepath.Split(path)
-	return NameToGuid(file)
+	return NameToGuid(ctx, file)
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go
index a1b8b9882662f..1ec893c6af7a8 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go
@@ -4,9 +4,10 @@ package wclayer
 // functionality.
 
 import (
+	"context"
 	"syscall"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
 	"github.com/sirupsen/logrus"
 )
 
@@ -68,20 +69,20 @@ type WC_LAYER_DESCRIPTOR struct {
 	Pathp   *uint16
 }
 
-func layerPathsToDescriptors(parentLayerPaths []string) ([]WC_LAYER_DESCRIPTOR, error) {
+func layerPathsToDescriptors(ctx context.Context, parentLayerPaths []string) ([]WC_LAYER_DESCRIPTOR, error) {
 	// Array of descriptors that gets constructed.
 	var layers []WC_LAYER_DESCRIPTOR
 
 	for i := 0; i < len(parentLayerPaths); i++ {
-		g, err := LayerID(parentLayerPaths[i])
+		g, err := LayerID(ctx, parentLayerPaths[i])
 		if err != nil {
-			logrus.Debugf("Failed to convert name to guid %s", err)
+			logrus.WithError(err).Debug("Failed to convert name to guid")
 			return nil, err
 		}
 
 		p, err := syscall.UTF16PtrFromString(parentLayerPaths[i])
 		if err != nil {
-			logrus.Debugf("Failed conversion of parentLayerPath to pointer %s", err)
+			logrus.WithError(err).Debug("Failed conversion of parentLayerPath to pointer")
 			return nil, err
 		}
 
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go
index b8ea5d2632ea0..83ba72cfadac3 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go
@@ -15,6 +15,7 @@ import (
 	"github.com/Microsoft/go-winio"
 	"github.com/Microsoft/hcsshim/internal/longpath"
 	"github.com/Microsoft/hcsshim/internal/safefile"
+	"github.com/Microsoft/hcsshim/internal/winapi"
 )
 
 var errorIterationCanceled = errors.New("")
@@ -341,7 +342,7 @@ type legacyLayerWriter struct {
 	backupWriter    *winio.BackupFileWriter
 	Tombstones      []string
 	HasUtilityVM    bool
-	uvmDi           []dirInfo
+	changedDi       []dirInfo
 	addedFiles      map[string]bool
 	PendingLinks    []pendingLink
 	pendingDirs     []pendingDir
@@ -389,7 +390,7 @@ func (w *legacyLayerWriter) CloseRoots() {
 		w.destRoot = nil
 	}
 	for i := range w.parentRoots {
-		w.parentRoots[i].Close()
+		_ = w.parentRoots[i].Close()
 	}
 	w.parentRoots = nil
 }
@@ -472,8 +473,8 @@ func copyFileWithMetadata(srcRoot, destRoot *os.File, subPath string, isDir bool
 		srcRoot,
 		syscall.GENERIC_READ|winio.ACCESS_SYSTEM_SECURITY,
 		syscall.FILE_SHARE_READ,
-		safefile.FILE_OPEN,
-		safefile.FILE_OPEN_REPARSE_POINT)
+		winapi.FILE_OPEN,
+		winapi.FILE_OPEN_REPARSE_POINT)
 	if err != nil {
 		return nil, err
 	}
@@ -488,14 +489,14 @@ func copyFileWithMetadata(srcRoot, destRoot *os.File, subPath string, isDir bool
 
 	extraFlags := uint32(0)
 	if isDir {
-		extraFlags |= safefile.FILE_DIRECTORY_FILE
+		extraFlags |= winapi.FILE_DIRECTORY_FILE
 	}
 	dest, err := safefile.OpenRelative(
 		subPath,
 		destRoot,
 		syscall.GENERIC_READ|syscall.GENERIC_WRITE|winio.WRITE_DAC|winio.WRITE_OWNER|winio.ACCESS_SYSTEM_SECURITY,
 		syscall.FILE_SHARE_READ,
-		safefile.FILE_CREATE,
+		winapi.FILE_CREATE,
 		extraFlags)
 	if err != nil {
 		return nil, err
@@ -555,7 +556,7 @@ func cloneTree(srcRoot *os.File, destRoot *os.File, subPath string, mutatedFiles
 			if err != nil {
 				return err
 			}
-			if isDir && !isReparsePoint {
+			if isDir {
 				di = append(di, dirInfo{path: relPath, fileInfo: *fi})
 			}
 		} else {
@@ -583,6 +584,10 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
 		return w.initUtilityVM()
 	}
 
+	if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
+		w.changedDi = append(w.changedDi, dirInfo{path: name, fileInfo: *fileInfo})
+	}
+
 	name = filepath.Clean(name)
 	if hasPathPrefix(name, utilityVMPath) {
 		if !w.HasUtilityVM {
@@ -591,7 +596,7 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
 		if !hasPathPrefix(name, utilityVMFilesPath) && name != utilityVMFilesPath {
 			return errors.New("invalid UtilityVM layer")
 		}
-		createDisposition := uint32(safefile.FILE_OPEN)
+		createDisposition := uint32(winapi.FILE_OPEN)
 		if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
 			st, err := safefile.LstatRelative(name, w.destRoot)
 			if err != nil && !os.IsNotExist(err) {
@@ -612,16 +617,13 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
 					return err
 				}
 			}
-			if fileInfo.FileAttributes&syscall.FILE_ATTRIBUTE_REPARSE_POINT == 0 {
-				w.uvmDi = append(w.uvmDi, dirInfo{path: name, fileInfo: *fileInfo})
-			}
 		} else {
 			// Overwrite any existing hard link.
 			err := safefile.RemoveRelative(name, w.destRoot)
 			if err != nil && !os.IsNotExist(err) {
 				return err
 			}
-			createDisposition = safefile.FILE_CREATE
+			createDisposition = winapi.FILE_CREATE
 		}
 
 		f, err := safefile.OpenRelative(
@@ -630,7 +632,7 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
 			syscall.GENERIC_READ|syscall.GENERIC_WRITE|winio.WRITE_DAC|winio.WRITE_OWNER|winio.ACCESS_SYSTEM_SECURITY,
 			syscall.FILE_SHARE_READ,
 			createDisposition,
-			safefile.FILE_OPEN_REPARSE_POINT,
+			winapi.FILE_OPEN_REPARSE_POINT,
 		)
 		if err != nil {
 			return err
@@ -638,7 +640,7 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
 		defer func() {
 			if f != nil {
 				f.Close()
-				safefile.RemoveRelative(name, w.destRoot)
+				_ = safefile.RemoveRelative(name, w.destRoot)
 			}
 		}()
 
@@ -667,14 +669,14 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
 		w.currentIsDir = true
 	}
 
-	f, err := safefile.OpenRelative(fname, w.root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, safefile.FILE_CREATE, 0)
+	f, err := safefile.OpenRelative(fname, w.root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, winapi.FILE_CREATE, 0)
 	if err != nil {
 		return err
 	}
 	defer func() {
 		if f != nil {
 			f.Close()
-			safefile.RemoveRelative(fname, w.root)
+			_ = safefile.RemoveRelative(fname, w.root)
 		}
 	}()
 
@@ -805,11 +807,5 @@ func (w *legacyLayerWriter) Close() error {
 			return err
 		}
 	}
-	if w.HasUtilityVM {
-		err := reapplyDirectoryTimes(w.destRoot, w.uvmDi)
-		if err != nil {
-			return err
-		}
-	}
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go
index 741994ba4dca0..bcf39c6b86c24 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go
@@ -1,24 +1,29 @@
 package wclayer
 
 import (
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"context"
+
+	"github.com/Microsoft/go-winio/pkg/guid"
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // NameToGuid converts the given string into a GUID using the algorithm in the
 // Host Compute Service, ensuring GUIDs generated with the same string are common
 // across all clients.
-func NameToGuid(name string) (id guid.GUID, err error) {
-	title := "hcsshim::NameToGuid "
+func NameToGuid(ctx context.Context, name string) (_ guid.GUID, err error) {
+	title := "hcsshim::NameToGuid"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("name", name))
 
+	var id guid.GUID
 	err = nameToGuid(name, &id)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "name=%s", name)
-		logrus.Error(err)
-		return
+		return guid.GUID{}, hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"name:%s guid:%s", name, id.String())
-	return
+	span.AddAttributes(trace.StringAttribute("guid", id.String()))
+	return id, nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go
index bd4005dc4f659..55f7730d0c181 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go
@@ -1,10 +1,13 @@
 package wclayer
 
 import (
+	"context"
+	"strings"
 	"sync"
 
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 var prepareLayerLock sync.Mutex
@@ -14,12 +17,17 @@ var prepareLayerLock sync.Mutex
 // parent layers, and is necessary in order to view or interact with the layer
 // as an actual filesystem (reading and writing files, creating directories, etc).
 // Disabling the filter must be done via UnprepareLayer.
-func PrepareLayer(path string, parentLayerPaths []string) error {
-	title := "hcsshim::PrepareLayer "
-	logrus.Debugf(title+"path %s", path)
+func PrepareLayer(ctx context.Context, path string, parentLayerPaths []string) (err error) {
+	title := "hcsshim::PrepareLayer"
+	ctx, span := trace.StartSpan(ctx, title)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("path", path),
+		trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
 
 	// Generate layer descriptors
-	layers, err := layerPathsToDescriptors(parentLayerPaths)
+	layers, err := layerPathsToDescriptors(ctx, parentLayerPaths)
 	if err != nil {
 		return err
 	}
@@ -30,11 +38,7 @@ func PrepareLayer(path string, parentLayerPaths []string) error {
 	defer prepareLayerLock.Unlock()
 	err = prepareLayer(&stdDriverInfo, path, layers)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"succeeded path=%s", path)
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go
index 884207c3edb77..30bcdff5f5539 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go
@@ -1,23 +1,41 @@
 package wclayer
 
-import "os"
+import (
+	"context"
+	"os"
+
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
+)
 
 // ProcessBaseLayer post-processes a base layer that has had its files extracted.
 // The files should have been extracted to <path>\Files.
-func ProcessBaseLayer(path string) error {
-	err := processBaseImage(path)
+func ProcessBaseLayer(ctx context.Context, path string) (err error) {
+	title := "hcsshim::ProcessBaseLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
+
+	err = processBaseImage(path)
 	if err != nil {
-		return &os.PathError{Op: "ProcessBaseLayer", Path: path, Err: err}
+		return &os.PathError{Op: title, Path: path, Err: err}
 	}
 	return nil
 }
 
 // ProcessUtilityVMImage post-processes a utility VM image that has had its files extracted.
 // The files should have been extracted to <path>\Files.
-func ProcessUtilityVMImage(path string) error {
-	err := processUtilityImage(path)
+func ProcessUtilityVMImage(ctx context.Context, path string) (err error) {
+	title := "hcsshim::ProcessUtilityVMImage"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
+
+	err = processUtilityImage(path)
 	if err != nil {
-		return &os.PathError{Op: "ProcessUtilityVMImage", Path: path, Err: err}
+		return &os.PathError{Op: title, Path: path, Err: err}
 	}
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go
index 5f1b4f4f4ec79..79fb986786cd9 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go
@@ -1,23 +1,25 @@
 package wclayer
 
 import (
+	"context"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"go.opencensus.io/trace"
 )
 
 // UnprepareLayer disables the filesystem filter for the read-write layer with
 // the given id.
-func UnprepareLayer(path string) error {
-	title := "hcsshim::UnprepareLayer "
-	logrus.Debugf(title+"path %s", path)
+func UnprepareLayer(ctx context.Context, path string) (err error) {
+	title := "hcsshim::UnprepareLayer"
+	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("path", path))
 
-	err := unprepareLayer(&stdDriverInfo, path)
+	err = unprepareLayer(&stdDriverInfo, path)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
+		return hcserror.New(err, title+" - failed", "")
 	}
-
-	logrus.Debugf(title+"succeeded path=%s", path)
 	return nil
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go
index 768a6f2f16116..9b1e06d50c5d7 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go
@@ -1,8 +1,11 @@
+// Package wclayer provides bindings to HCS's legacy layer management API and
+// provides a higher level interface around these calls for container layer
+// management.
 package wclayer
 
-import "github.com/Microsoft/hcsshim/internal/guid"
+import "github.com/Microsoft/go-winio/pkg/guid"
 
-//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go -winio wclayer.go
+//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go wclayer.go
 
 //sys activateLayer(info *driverInfo, id string) (hr error) = vmcompute.ActivateLayer?
 //sys copyLayer(info *driverInfo, srcId string, dstId string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) = vmcompute.CopyLayer?
@@ -22,16 +25,11 @@ import "github.com/Microsoft/hcsshim/internal/guid"
 //sys processBaseImage(path string) (hr error) = vmcompute.ProcessBaseImage?
 //sys processUtilityImage(path string) (hr error) = vmcompute.ProcessUtilityImage?
 
-//sys importLayerBegin(info *driverInfo, id string, descriptors []WC_LAYER_DESCRIPTOR, context *uintptr) (hr error) = vmcompute.ImportLayerBegin?
-//sys importLayerNext(context uintptr, fileName string, fileInfo *winio.FileBasicInfo) (hr error) = vmcompute.ImportLayerNext?
-//sys importLayerWrite(context uintptr, buffer []byte) (hr error) = vmcompute.ImportLayerWrite?
-//sys importLayerEnd(context uintptr) (hr error) = vmcompute.ImportLayerEnd?
+//sys grantVmAccess(vmid string, filepath string) (hr error) = vmcompute.GrantVmAccess?
 
-//sys exportLayerBegin(info *driverInfo, id string, descriptors []WC_LAYER_DESCRIPTOR, context *uintptr) (hr error) = vmcompute.ExportLayerBegin?
-//sys exportLayerNext(context uintptr, fileName **uint16, fileInfo *winio.FileBasicInfo, fileSize *int64, deleted *uint32) (hr error) = vmcompute.ExportLayerNext?
-//sys exportLayerRead(context uintptr, buffer []byte, bytesRead *uint32) (hr error) = vmcompute.ExportLayerRead?
-//sys exportLayerEnd(context uintptr) (hr error) = vmcompute.ExportLayerEnd?
+//sys openVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) [failretval != 0] = virtdisk.OpenVirtualDisk
+//sys attachVirtualDisk(handle syscall.Handle, sd uintptr, flags uint32, providerFlags uint32, params uintptr, overlapped uintptr) (err error) [failretval != 0] = virtdisk.AttachVirtualDisk
 
-//sys grantVmAccess(vmid string, filepath string) (hr error) = vmcompute.GrantVmAccess?
+//sys getDiskFreeSpaceEx(directoryName string, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) = GetDiskFreeSpaceExW
 
 type _guid = guid.GUID
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go
index cb813aa3d43f5..67f917f07e615 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go
@@ -1,4 +1,4 @@
-// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
+// Code generated mksyscall_windows.exe DO NOT EDIT
 
 package wclayer
 
@@ -6,8 +6,6 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/Microsoft/go-winio"
-	"github.com/Microsoft/hcsshim/internal/interop"
 	"golang.org/x/sys/windows"
 )
 
@@ -40,6 +38,8 @@ func errnoErr(e syscall.Errno) error {
 
 var (
 	modvmcompute = windows.NewLazySystemDLL("vmcompute.dll")
+	modvirtdisk  = windows.NewLazySystemDLL("virtdisk.dll")
+	modkernel32  = windows.NewLazySystemDLL("kernel32.dll")
 
 	procActivateLayer       = modvmcompute.NewProc("ActivateLayer")
 	procCopyLayer           = modvmcompute.NewProc("CopyLayer")
@@ -58,15 +58,10 @@ var (
 	procUnprepareLayer      = modvmcompute.NewProc("UnprepareLayer")
 	procProcessBaseImage    = modvmcompute.NewProc("ProcessBaseImage")
 	procProcessUtilityImage = modvmcompute.NewProc("ProcessUtilityImage")
-	procImportLayerBegin    = modvmcompute.NewProc("ImportLayerBegin")
-	procImportLayerNext     = modvmcompute.NewProc("ImportLayerNext")
-	procImportLayerWrite    = modvmcompute.NewProc("ImportLayerWrite")
-	procImportLayerEnd      = modvmcompute.NewProc("ImportLayerEnd")
-	procExportLayerBegin    = modvmcompute.NewProc("ExportLayerBegin")
-	procExportLayerNext     = modvmcompute.NewProc("ExportLayerNext")
-	procExportLayerRead     = modvmcompute.NewProc("ExportLayerRead")
-	procExportLayerEnd      = modvmcompute.NewProc("ExportLayerEnd")
 	procGrantVmAccess       = modvmcompute.NewProc("GrantVmAccess")
+	procOpenVirtualDisk     = modvirtdisk.NewProc("OpenVirtualDisk")
+	procAttachVirtualDisk   = modvirtdisk.NewProc("AttachVirtualDisk")
+	procGetDiskFreeSpaceExW = modkernel32.NewProc("GetDiskFreeSpaceExW")
 )
 
 func activateLayer(info *driverInfo, id string) (hr error) {
@@ -84,7 +79,10 @@ func _activateLayer(info *driverInfo, id *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procActivateLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -113,7 +111,10 @@ func _copyLayer(info *driverInfo, srcId *uint16, dstId *uint16, descriptors []WC
 	}
 	r0, _, _ := syscall.Syscall6(procCopyLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(srcId)), uintptr(unsafe.Pointer(dstId)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -138,7 +139,10 @@ func _createLayer(info *driverInfo, id *uint16, parent *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procCreateLayer.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(parent)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -162,7 +166,10 @@ func _createSandboxLayer(info *driverInfo, id *uint16, parent uintptr, descripto
 	}
 	r0, _, _ := syscall.Syscall6(procCreateSandboxLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(parent), uintptr(unsafe.Pointer(_p1)), uintptr(len(descriptors)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -182,7 +189,10 @@ func _expandSandboxSize(info *driverInfo, id *uint16, size uint64) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procExpandSandboxSize.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(size))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -202,7 +212,10 @@ func _deactivateLayer(info *driverInfo, id *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procDeactivateLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -222,7 +235,10 @@ func _destroyLayer(info *driverInfo, id *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procDestroyLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -251,7 +267,10 @@ func _exportLayer(info *driverInfo, id *uint16, path *uint16, descriptors []WC_L
 	}
 	r0, _, _ := syscall.Syscall6(procExportLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -271,7 +290,10 @@ func _getLayerMountPath(info *driverInfo, id *uint16, length *uintptr, buffer *u
 	}
 	r0, _, _ := syscall.Syscall6(procGetLayerMountPath.Addr(), 4, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(length)), uintptr(unsafe.Pointer(buffer)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -282,7 +304,10 @@ func getBaseImages(buffer **uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procGetBaseImages.Addr(), 1, uintptr(unsafe.Pointer(buffer)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -311,7 +336,10 @@ func _importLayer(info *driverInfo, id *uint16, path *uint16, descriptors []WC_L
 	}
 	r0, _, _ := syscall.Syscall6(procImportLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -331,7 +359,10 @@ func _layerExists(info *driverInfo, id *uint16, exists *uint32) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procLayerExists.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(exists)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -351,7 +382,10 @@ func _nameToGuid(name *uint16, guid *_guid) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procNameToGuid.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(guid)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -375,7 +409,10 @@ func _prepareLayer(info *driverInfo, id *uint16, descriptors []WC_LAYER_DESCRIPT
 	}
 	r0, _, _ := syscall.Syscall6(procPrepareLayer.Addr(), 4, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(_p1)), uintptr(len(descriptors)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -395,7 +432,10 @@ func _unprepareLayer(info *driverInfo, id *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procUnprepareLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -415,7 +455,10 @@ func _processBaseImage(path *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procProcessBaseImage.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -435,163 +478,92 @@ func _processUtilityImage(path *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procProcessUtilityImage.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
 
-func importLayerBegin(info *driverInfo, id string, descriptors []WC_LAYER_DESCRIPTOR, context *uintptr) (hr error) {
+func grantVmAccess(vmid string, filepath string) (hr error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(id)
+	_p0, hr = syscall.UTF16PtrFromString(vmid)
 	if hr != nil {
 		return
 	}
-	return _importLayerBegin(info, _p0, descriptors, context)
-}
-
-func _importLayerBegin(info *driverInfo, id *uint16, descriptors []WC_LAYER_DESCRIPTOR, context *uintptr) (hr error) {
-	var _p1 *WC_LAYER_DESCRIPTOR
-	if len(descriptors) > 0 {
-		_p1 = &descriptors[0]
-	}
-	if hr = procImportLayerBegin.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procImportLayerBegin.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(_p1)), uintptr(len(descriptors)), uintptr(unsafe.Pointer(context)), 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func importLayerNext(context uintptr, fileName string, fileInfo *winio.FileBasicInfo) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(fileName)
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(filepath)
 	if hr != nil {
 		return
 	}
-	return _importLayerNext(context, _p0, fileInfo)
-}
-
-func _importLayerNext(context uintptr, fileName *uint16, fileInfo *winio.FileBasicInfo) (hr error) {
-	if hr = procImportLayerNext.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procImportLayerNext.Addr(), 3, uintptr(context), uintptr(unsafe.Pointer(fileName)), uintptr(unsafe.Pointer(fileInfo)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func importLayerWrite(context uintptr, buffer []byte) (hr error) {
-	var _p0 *byte
-	if len(buffer) > 0 {
-		_p0 = &buffer[0]
-	}
-	if hr = procImportLayerWrite.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procImportLayerWrite.Addr(), 3, uintptr(context), uintptr(unsafe.Pointer(_p0)), uintptr(len(buffer)))
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
+	return _grantVmAccess(_p0, _p1)
 }
 
-func importLayerEnd(context uintptr) (hr error) {
-	if hr = procImportLayerEnd.Find(); hr != nil {
+func _grantVmAccess(vmid *uint16, filepath *uint16) (hr error) {
+	if hr = procGrantVmAccess.Find(); hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procImportLayerEnd.Addr(), 1, uintptr(context), 0, 0)
+	r0, _, _ := syscall.Syscall(procGrantVmAccess.Addr(), 2, uintptr(unsafe.Pointer(vmid)), uintptr(unsafe.Pointer(filepath)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
 
-func exportLayerBegin(info *driverInfo, id string, descriptors []WC_LAYER_DESCRIPTOR, context *uintptr) (hr error) {
+func openVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(id)
-	if hr != nil {
+	_p0, err = syscall.UTF16PtrFromString(path)
+	if err != nil {
 		return
 	}
-	return _exportLayerBegin(info, _p0, descriptors, context)
+	return _openVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, flags, parameters, handle)
 }
 
-func _exportLayerBegin(info *driverInfo, id *uint16, descriptors []WC_LAYER_DESCRIPTOR, context *uintptr) (hr error) {
-	var _p1 *WC_LAYER_DESCRIPTOR
-	if len(descriptors) > 0 {
-		_p1 = &descriptors[0]
-	}
-	if hr = procExportLayerBegin.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procExportLayerBegin.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(_p1)), uintptr(len(descriptors)), uintptr(unsafe.Pointer(context)), 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func exportLayerNext(context uintptr, fileName **uint16, fileInfo *winio.FileBasicInfo, fileSize *int64, deleted *uint32) (hr error) {
-	if hr = procExportLayerNext.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procExportLayerNext.Addr(), 5, uintptr(context), uintptr(unsafe.Pointer(fileName)), uintptr(unsafe.Pointer(fileInfo)), uintptr(unsafe.Pointer(fileSize)), uintptr(unsafe.Pointer(deleted)), 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
-	}
-	return
-}
-
-func exportLayerRead(context uintptr, buffer []byte, bytesRead *uint32) (hr error) {
-	var _p0 *byte
-	if len(buffer) > 0 {
-		_p0 = &buffer[0]
-	}
-	if hr = procExportLayerRead.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procExportLayerRead.Addr(), 4, uintptr(context), uintptr(unsafe.Pointer(_p0)), uintptr(len(buffer)), uintptr(unsafe.Pointer(bytesRead)), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+func _openVirtualDisk(virtualStorageType *virtualStorageType, path *uint16, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) {
+	r1, _, e1 := syscall.Syscall6(procOpenVirtualDisk.Addr(), 6, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(flags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(handle)))
+	if r1 != 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
 	}
 	return
 }
 
-func exportLayerEnd(context uintptr) (hr error) {
-	if hr = procExportLayerEnd.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procExportLayerEnd.Addr(), 1, uintptr(context), 0, 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+func attachVirtualDisk(handle syscall.Handle, sd uintptr, flags uint32, providerFlags uint32, params uintptr, overlapped uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall6(procAttachVirtualDisk.Addr(), 6, uintptr(handle), uintptr(sd), uintptr(flags), uintptr(providerFlags), uintptr(params), uintptr(overlapped))
+	if r1 != 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
 	}
 	return
 }
 
-func grantVmAccess(vmid string, filepath string) (hr error) {
+func getDiskFreeSpaceEx(directoryName string, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(vmid)
-	if hr != nil {
-		return
-	}
-	var _p1 *uint16
-	_p1, hr = syscall.UTF16PtrFromString(filepath)
-	if hr != nil {
+	_p0, err = syscall.UTF16PtrFromString(directoryName)
+	if err != nil {
 		return
 	}
-	return _grantVmAccess(_p0, _p1)
+	return _getDiskFreeSpaceEx(_p0, freeBytesAvailableToCaller, totalNumberOfBytes, totalNumberOfFreeBytes)
 }
 
-func _grantVmAccess(vmid *uint16, filepath *uint16) (hr error) {
-	if hr = procGrantVmAccess.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procGrantVmAccess.Addr(), 2, uintptr(unsafe.Pointer(vmid)), uintptr(unsafe.Pointer(filepath)), 0)
-	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+func _getDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetDiskFreeSpaceExW.Addr(), 4, uintptr(unsafe.Pointer(directoryName)), uintptr(unsafe.Pointer(freeBytesAvailableToCaller)), uintptr(unsafe.Pointer(totalNumberOfBytes)), uintptr(unsafe.Pointer(totalNumberOfFreeBytes)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
 	}
 	return
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go
new file mode 100644
index 0000000000000..df28ea24216d1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go
@@ -0,0 +1,13 @@
+package winapi
+
+import "github.com/Microsoft/go-winio/pkg/guid"
+
+//sys CMGetDeviceIDListSize(pulLen *uint32, pszFilter *byte, uFlags uint32) (hr error) = cfgmgr32.CM_Get_Device_ID_List_SizeA
+//sys CMGetDeviceIDList(pszFilter *byte, buffer *byte, bufferLen uint32, uFlags uint32) (hr error)= cfgmgr32.CM_Get_Device_ID_ListA
+//sys CMLocateDevNode(pdnDevInst *uint32, pDeviceID string, uFlags uint32) (hr error) = cfgmgr32.CM_Locate_DevNodeW
+//sys CMGetDevNodeProperty(dnDevInst uint32, propertyKey *DevPropKey, propertyType *uint32, propertyBuffer *uint16, propertyBufferSize *uint32, uFlags uint32) (hr error) = cfgmgr32.CM_Get_DevNode_PropertyW
+
+type DevPropKey struct {
+	Fmtid guid.GUID
+	Pid   uint32
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go
new file mode 100644
index 0000000000000..4e80ef68c92c5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go
@@ -0,0 +1,15 @@
+package winapi
+
+import "syscall"
+
+//sys RtlNtStatusToDosError(status uint32) (winerr error) = ntdll.RtlNtStatusToDosError
+
+const (
+	STATUS_REPARSE_POINT_ENCOUNTERED               = 0xC000050B
+	ERROR_NO_MORE_ITEMS                            = 0x103
+	ERROR_MORE_DATA                  syscall.Errno = 234
+)
+
+func NTSuccess(status uint32) bool {
+	return status == 0
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go
new file mode 100644
index 0000000000000..7ce52afd5e18a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go
@@ -0,0 +1,110 @@
+package winapi
+
+//sys NtCreateFile(handle *uintptr, accessMask uint32, oa *ObjectAttributes, iosb *IOStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) = ntdll.NtCreateFile
+//sys NtSetInformationFile(handle uintptr, iosb *IOStatusBlock, information uintptr, length uint32, class uint32) (status uint32) = ntdll.NtSetInformationFile
+
+//sys NtOpenDirectoryObject(handle *uintptr, accessMask uint32, oa *ObjectAttributes) (status uint32) = ntdll.NtOpenDirectoryObject
+//sys NtQueryDirectoryObject(handle uintptr, buffer *byte, length uint32, singleEntry bool, restartScan bool, context *uint32, returnLength *uint32)(status uint32) = ntdll.NtQueryDirectoryObject
+
+const (
+	FileLinkInformationClass          = 11
+	FileDispositionInformationExClass = 64
+
+	FILE_READ_ATTRIBUTES  = 0x0080
+	FILE_WRITE_ATTRIBUTES = 0x0100
+	DELETE                = 0x10000
+
+	FILE_OPEN   = 1
+	FILE_CREATE = 2
+
+	FILE_LIST_DIRECTORY          = 0x00000001
+	FILE_DIRECTORY_FILE          = 0x00000001
+	FILE_SYNCHRONOUS_IO_NONALERT = 0x00000020
+	FILE_OPEN_FOR_BACKUP_INTENT  = 0x00004000
+	FILE_OPEN_REPARSE_POINT      = 0x00200000
+
+	FILE_DISPOSITION_DELETE = 0x00000001
+
+	OBJ_DONT_REPARSE = 0x1000
+
+	STATUS_MORE_ENTRIES    = 0x105
+	STATUS_NO_MORE_ENTRIES = 0x8000001a
+)
+
+// Select entries from FILE_INFO_BY_HANDLE_CLASS.
+//
+// C declaration:
+//   typedef enum _FILE_INFO_BY_HANDLE_CLASS {
+//       FileBasicInfo,
+//       FileStandardInfo,
+//       FileNameInfo,
+//       FileRenameInfo,
+//       FileDispositionInfo,
+//       FileAllocationInfo,
+//       FileEndOfFileInfo,
+//       FileStreamInfo,
+//       FileCompressionInfo,
+//       FileAttributeTagInfo,
+//       FileIdBothDirectoryInfo,
+//       FileIdBothDirectoryRestartInfo,
+//       FileIoPriorityHintInfo,
+//       FileRemoteProtocolInfo,
+//       FileFullDirectoryInfo,
+//       FileFullDirectoryRestartInfo,
+//       FileStorageInfo,
+//       FileAlignmentInfo,
+//       FileIdInfo,
+//       FileIdExtdDirectoryInfo,
+//       FileIdExtdDirectoryRestartInfo,
+//       FileDispositionInfoEx,
+//       FileRenameInfoEx,
+//       FileCaseSensitiveInfo,
+//       FileNormalizedNameInfo,
+//       MaximumFileInfoByHandleClass
+//   } FILE_INFO_BY_HANDLE_CLASS, *PFILE_INFO_BY_HANDLE_CLASS;
+//
+// Documentation: https://docs.microsoft.com/en-us/windows/win32/api/minwinbase/ne-minwinbase-file_info_by_handle_class
+const (
+	FileIdInfo = 18
+)
+
+type FileDispositionInformationEx struct {
+	Flags uintptr
+}
+
+type IOStatusBlock struct {
+	Status, Information uintptr
+}
+
+type ObjectAttributes struct {
+	Length             uintptr
+	RootDirectory      uintptr
+	ObjectName         *UnicodeString
+	Attributes         uintptr
+	SecurityDescriptor uintptr
+	SecurityQoS        uintptr
+}
+
+type ObjectDirectoryInformation struct {
+	Name     UnicodeString
+	TypeName UnicodeString
+}
+
+type FileLinkInformation struct {
+	ReplaceIfExists bool
+	RootDirectory   uintptr
+	FileNameLength  uint32
+	FileName        [1]uint16
+}
+
+// C declaration:
+//   typedef struct _FILE_ID_INFO {
+//       ULONGLONG   VolumeSerialNumber;
+//       FILE_ID_128 FileId;
+//   } FILE_ID_INFO, *PFILE_ID_INFO;
+//
+// Documentation: https://docs.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-file_id_info
+type FILE_ID_INFO struct {
+	VolumeSerialNumber uint64
+	FileID             [16]byte
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/iocp.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/iocp.go
new file mode 100644
index 0000000000000..4e609cbf1cdb5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/iocp.go
@@ -0,0 +1,3 @@
+package winapi
+
+//sys GetQueuedCompletionStatus(cphandle windows.Handle, qty *uint32, key *uintptr, overlapped **windows.Overlapped, timeout uint32) (err error)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
new file mode 100644
index 0000000000000..ba12b1ad92e34
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
@@ -0,0 +1,215 @@
+package winapi
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+// Messages that can be received from an assigned io completion port.
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_associate_completion_port
+const (
+	JOB_OBJECT_MSG_END_OF_JOB_TIME       uint32 = 1
+	JOB_OBJECT_MSG_END_OF_PROCESS_TIME   uint32 = 2
+	JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT  uint32 = 3
+	JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO   uint32 = 4
+	JOB_OBJECT_MSG_NEW_PROCESS           uint32 = 6
+	JOB_OBJECT_MSG_EXIT_PROCESS          uint32 = 7
+	JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS uint32 = 8
+	JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT  uint32 = 9
+	JOB_OBJECT_MSG_JOB_MEMORY_LIMIT      uint32 = 10
+	JOB_OBJECT_MSG_NOTIFICATION_LIMIT    uint32 = 11
+)
+
+// Access rights for creating or opening job objects.
+//
+// https://docs.microsoft.com/en-us/windows/win32/procthread/job-object-security-and-access-rights
+const JOB_OBJECT_ALL_ACCESS = 0x1F001F
+
+// IO limit flags
+//
+// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/ns-jobapi2-jobobject_io_rate_control_information
+const JOB_OBJECT_IO_RATE_CONTROL_ENABLE = 0x1
+
+const JOBOBJECT_IO_ATTRIBUTION_CONTROL_ENABLE uint32 = 0x1
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_cpu_rate_control_information
+const (
+	JOB_OBJECT_CPU_RATE_CONTROL_ENABLE uint32 = 1 << iota
+	JOB_OBJECT_CPU_RATE_CONTROL_WEIGHT_BASED
+	JOB_OBJECT_CPU_RATE_CONTROL_HARD_CAP
+	JOB_OBJECT_CPU_RATE_CONTROL_NOTIFY
+	JOB_OBJECT_CPU_RATE_CONTROL_MIN_MAX_RATE
+)
+
+// JobObjectInformationClass values. Used for a call to QueryInformationJobObject
+//
+// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/nf-jobapi2-queryinformationjobobject
+const (
+	JobObjectBasicAccountingInformation      uint32 = 1
+	JobObjectBasicProcessIdList              uint32 = 3
+	JobObjectBasicAndIoAccountingInformation uint32 = 8
+	JobObjectLimitViolationInformation       uint32 = 13
+	JobObjectMemoryUsageInformation          uint32 = 28
+	JobObjectNotificationLimitInformation2   uint32 = 33
+	JobObjectIoAttribution                   uint32 = 42
+)
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_limit_information
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+	PerProcessUserTimeLimit int64
+	PerJobUserTimeLimit     int64
+	LimitFlags              uint32
+	MinimumWorkingSetSize   uintptr
+	MaximumWorkingSetSize   uintptr
+	ActiveProcessLimit      uint32
+	Affinity                uintptr
+	PriorityClass           uint32
+	SchedulingClass         uint32
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_cpu_rate_control_information
+type JOBOBJECT_CPU_RATE_CONTROL_INFORMATION struct {
+	ControlFlags uint32
+	Value        uint32
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/ns-jobapi2-jobobject_io_rate_control_information
+type JOBOBJECT_IO_RATE_CONTROL_INFORMATION struct {
+	MaxIops         int64
+	MaxBandwidth    int64
+	ReservationIops int64
+	BaseIOSize      uint32
+	VolumeName      string
+	ControlFlags    uint32
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_process_id_list
+type JOBOBJECT_BASIC_PROCESS_ID_LIST struct {
+	NumberOfAssignedProcesses uint32
+	NumberOfProcessIdsInList  uint32
+	ProcessIdList             [1]uintptr
+}
+
+// AllPids returns all the process Ids in the job object.
+func (p *JOBOBJECT_BASIC_PROCESS_ID_LIST) AllPids() []uintptr {
+	return (*[(1 << 27) - 1]uintptr)(unsafe.Pointer(&p.ProcessIdList[0]))[:p.NumberOfProcessIdsInList]
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_accounting_information
+type JOBOBJECT_BASIC_ACCOUNTING_INFORMATION struct {
+	TotalUserTime             int64
+	TotalKernelTime           int64
+	ThisPeriodTotalUserTime   int64
+	ThisPeriodTotalKernelTime int64
+	TotalPageFaultCount       uint32
+	TotalProcesses            uint32
+	ActiveProcesses           uint32
+	TotalTerminateProcesses   uint32
+}
+
+//https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_and_io_accounting_information
+type JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION struct {
+	BasicInfo JOBOBJECT_BASIC_ACCOUNTING_INFORMATION
+	IoInfo    windows.IO_COUNTERS
+}
+
+// typedef struct _JOBOBJECT_MEMORY_USAGE_INFORMATION {
+//     ULONG64 JobMemory;
+//     ULONG64 PeakJobMemoryUsed;
+// } JOBOBJECT_MEMORY_USAGE_INFORMATION, *PJOBOBJECT_MEMORY_USAGE_INFORMATION;
+//
+type JOBOBJECT_MEMORY_USAGE_INFORMATION struct {
+	JobMemory         uint64
+	PeakJobMemoryUsed uint64
+}
+
+// typedef struct _JOBOBJECT_IO_ATTRIBUTION_STATS {
+//     ULONG_PTR IoCount;
+//     ULONGLONG TotalNonOverlappedQueueTime;
+//     ULONGLONG TotalNonOverlappedServiceTime;
+//     ULONGLONG TotalSize;
+// } JOBOBJECT_IO_ATTRIBUTION_STATS, *PJOBOBJECT_IO_ATTRIBUTION_STATS;
+//
+type JOBOBJECT_IO_ATTRIBUTION_STATS struct {
+	IoCount                       uintptr
+	TotalNonOverlappedQueueTime   uint64
+	TotalNonOverlappedServiceTime uint64
+	TotalSize                     uint64
+}
+
+// typedef struct _JOBOBJECT_IO_ATTRIBUTION_INFORMATION {
+//     ULONG ControlFlags;
+//     JOBOBJECT_IO_ATTRIBUTION_STATS ReadStats;
+//     JOBOBJECT_IO_ATTRIBUTION_STATS WriteStats;
+// } JOBOBJECT_IO_ATTRIBUTION_INFORMATION, *PJOBOBJECT_IO_ATTRIBUTION_INFORMATION;
+//
+type JOBOBJECT_IO_ATTRIBUTION_INFORMATION struct {
+	ControlFlags uint32
+	ReadStats    JOBOBJECT_IO_ATTRIBUTION_STATS
+	WriteStats   JOBOBJECT_IO_ATTRIBUTION_STATS
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_associate_completion_port
+type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct {
+	CompletionKey  windows.Handle
+	CompletionPort windows.Handle
+}
+
+// BOOL IsProcessInJob(
+// 		HANDLE ProcessHandle,
+// 		HANDLE JobHandle,
+// 		PBOOL  Result
+// );
+//
+//sys IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result *bool) (err error) = kernel32.IsProcessInJob
+
+// BOOL QueryInformationJobObject(
+//		HANDLE             hJob,
+//		JOBOBJECTINFOCLASS JobObjectInformationClass,
+//		LPVOID             lpJobObjectInformation,
+//		DWORD              cbJobObjectInformationLength,
+//		LPDWORD            lpReturnLength
+// );
+//
+//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject
+
+// HANDLE OpenJobObjectW(
+//		DWORD   dwDesiredAccess,
+//		BOOL    bInheritHandle,
+//		LPCWSTR lpName
+// );
+//
+//sys OpenJobObject(desiredAccess uint32, inheritHandle bool, lpName *uint16) (handle windows.Handle, err error) = kernel32.OpenJobObjectW
+
+// DWORD SetIoRateControlInformationJobObject(
+//		HANDLE                                hJob,
+//		JOBOBJECT_IO_RATE_CONTROL_INFORMATION *IoRateControlInfo
+// );
+//
+//sys SetIoRateControlInformationJobObject(jobHandle windows.Handle, ioRateControlInfo *JOBOBJECT_IO_RATE_CONTROL_INFORMATION) (ret uint32, err error) = kernel32.SetIoRateControlInformationJobObject
+
+// DWORD QueryIoRateControlInformationJobObject(
+// 		HANDLE                                hJob,
+// 		PCWSTR                                VolumeName,
+//		JOBOBJECT_IO_RATE_CONTROL_INFORMATION **InfoBlocks,
+// 		ULONG                                 *InfoBlockCount
+// );
+//sys QueryIoRateControlInformationJobObject(jobHandle windows.Handle, volumeName *uint16, ioRateControlInfo **JOBOBJECT_IO_RATE_CONTROL_INFORMATION, infoBlockCount *uint32) (ret uint32, err error) = kernel32.QueryIoRateControlInformationJobObject
+
+// NTSTATUS
+// NtOpenJobObject (
+//     _Out_ PHANDLE JobHandle,
+//     _In_ ACCESS_MASK DesiredAccess,
+//     _In_ POBJECT_ATTRIBUTES ObjectAttributes
+// );
+//sys NtOpenJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) = ntdll.NtOpenJobObject
+
+// NTSTATUS
+// NTAPI
+// NtCreateJobObject (
+//     _Out_ PHANDLE JobHandle,
+//     _In_ ACCESS_MASK DesiredAccess,
+//     _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
+// );
+//sys NtCreateJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) = ntdll.NtCreateJobObject
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go
new file mode 100644
index 0000000000000..b6e7cfd4601d2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go
@@ -0,0 +1,30 @@
+package winapi
+
+// BOOL LogonUserA(
+// 	LPCWSTR  lpszUsername,
+// 	LPCWSTR  lpszDomain,
+// 	LPCWSTR  lpszPassword,
+// 	DWORD   dwLogonType,
+// 	DWORD   dwLogonProvider,
+// 	PHANDLE phToken
+// );
+//
+//sys LogonUser(username *uint16, domain *uint16, password *uint16, logonType uint32, logonProvider uint32, token *windows.Token) (err error) = advapi32.LogonUserW
+
+// Logon types
+const (
+	LOGON32_LOGON_INTERACTIVE       uint32 = 2
+	LOGON32_LOGON_NETWORK           uint32 = 3
+	LOGON32_LOGON_BATCH             uint32 = 4
+	LOGON32_LOGON_SERVICE           uint32 = 5
+	LOGON32_LOGON_UNLOCK            uint32 = 7
+	LOGON32_LOGON_NETWORK_CLEARTEXT uint32 = 8
+	LOGON32_LOGON_NEW_CREDENTIALS   uint32 = 9
+)
+
+// Logon providers
+const (
+	LOGON32_PROVIDER_DEFAULT uint32 = 0
+	LOGON32_PROVIDER_WINNT40 uint32 = 2
+	LOGON32_PROVIDER_WINNT50 uint32 = 3
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go
new file mode 100644
index 0000000000000..83f7040644655
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go
@@ -0,0 +1,27 @@
+package winapi
+
+// VOID RtlMoveMemory(
+// 	_Out_       VOID UNALIGNED *Destination,
+// 	_In_  const VOID UNALIGNED *Source,
+// 	_In_        SIZE_T         Length
+// );
+//sys RtlMoveMemory(destination *byte, source *byte, length uintptr) (err error) = kernel32.RtlMoveMemory
+
+//sys LocalAlloc(flags uint32, size int) (ptr uintptr) = kernel32.LocalAlloc
+//sys LocalFree(ptr uintptr) = kernel32.LocalFree
+
+// BOOL QueryWorkingSet(
+//	HANDLE hProcess,
+//	PVOID  pv,
+//	DWORD  cb
+// );
+//sys QueryWorkingSet(handle windows.Handle, pv uintptr, cb uint32) (err error) = psapi.QueryWorkingSet
+
+type PSAPI_WORKING_SET_INFORMATION struct {
+	NumberOfEntries uintptr
+	WorkingSetInfo  [1]PSAPI_WORKING_SET_BLOCK
+}
+
+type PSAPI_WORKING_SET_BLOCK struct {
+	Flags uintptr
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/net.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/net.go
new file mode 100644
index 0000000000000..f37910024f72c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/net.go
@@ -0,0 +1,3 @@
+package winapi
+
+//sys SetJobCompartmentId(handle windows.Handle, compartmentId uint32) (win32Err error) = iphlpapi.SetJobCompartmentId
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go
new file mode 100644
index 0000000000000..908920e8722a4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go
@@ -0,0 +1,11 @@
+package winapi
+
+// DWORD SearchPathW(
+// 	LPCWSTR lpPath,
+// 	LPCWSTR lpFileName,
+// 	LPCWSTR lpExtension,
+// 	DWORD   nBufferLength,
+// 	LPWSTR  lpBuffer,
+// 	LPWSTR  *lpFilePart
+// );
+//sys SearchPath(lpPath *uint16, lpFileName *uint16, lpExtension *uint16, nBufferLength uint32, lpBuffer *uint16, lpFilePath *uint16) (size uint32, err error) = kernel32.SearchPathW
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
new file mode 100644
index 0000000000000..b87068327ccde
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
@@ -0,0 +1,10 @@
+package winapi
+
+const PROCESS_ALL_ACCESS uint32 = 2097151
+
+// DWORD GetProcessImageFileNameW(
+//	HANDLE hProcess,
+//	LPWSTR lpImageFileName,
+//	DWORD  nSize
+// );
+//sys GetProcessImageFileName(hProcess windows.Handle, imageFileName *uint16, nSize uint32) (size uint32, err error) = kernel32.GetProcessImageFileNameW
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go
new file mode 100644
index 0000000000000..ce79ac2cdb8ad
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go
@@ -0,0 +1,7 @@
+package winapi
+
+// Get count from all processor groups.
+// https://docs.microsoft.com/en-us/windows/win32/procthread/processor-groups
+const ALL_PROCESSOR_GROUPS = 0xFFFF
+
+//sys GetActiveProcessorCount(groupNumber uint16) (amount uint32) = kernel32.GetActiveProcessorCount
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
new file mode 100644
index 0000000000000..327f57d7c296c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
@@ -0,0 +1,52 @@
+package winapi
+
+import "golang.org/x/sys/windows"
+
+const SystemProcessInformation = 5
+
+const STATUS_INFO_LENGTH_MISMATCH = 0xC0000004
+
+// __kernel_entry NTSTATUS NtQuerySystemInformation(
+// 	SYSTEM_INFORMATION_CLASS SystemInformationClass,
+// 	PVOID                    SystemInformation,
+// 	ULONG                    SystemInformationLength,
+// 	PULONG                   ReturnLength
+// );
+//sys NtQuerySystemInformation(systemInfoClass int, systemInformation uintptr, systemInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQuerySystemInformation
+
+type SYSTEM_PROCESS_INFORMATION struct {
+	NextEntryOffset              uint32         // ULONG
+	NumberOfThreads              uint32         // ULONG
+	WorkingSetPrivateSize        int64          // LARGE_INTEGER
+	HardFaultCount               uint32         // ULONG
+	NumberOfThreadsHighWatermark uint32         // ULONG
+	CycleTime                    uint64         // ULONGLONG
+	CreateTime                   int64          // LARGE_INTEGER
+	UserTime                     int64          // LARGE_INTEGER
+	KernelTime                   int64          // LARGE_INTEGER
+	ImageName                    UnicodeString  // UNICODE_STRING
+	BasePriority                 int32          // KPRIORITY
+	UniqueProcessID              windows.Handle // HANDLE
+	InheritedFromUniqueProcessID windows.Handle // HANDLE
+	HandleCount                  uint32         // ULONG
+	SessionID                    uint32         // ULONG
+	UniqueProcessKey             *uint32        // ULONG_PTR
+	PeakVirtualSize              uintptr        // SIZE_T
+	VirtualSize                  uintptr        // SIZE_T
+	PageFaultCount               uint32         // ULONG
+	PeakWorkingSetSize           uintptr        // SIZE_T
+	WorkingSetSize               uintptr        // SIZE_T
+	QuotaPeakPagedPoolUsage      uintptr        // SIZE_T
+	QuotaPagedPoolUsage          uintptr        // SIZE_T
+	QuotaPeakNonPagedPoolUsage   uintptr        // SIZE_T
+	QuotaNonPagedPoolUsage       uintptr        // SIZE_T
+	PagefileUsage                uintptr        // SIZE_T
+	PeakPagefileUsage            uintptr        // SIZE_T
+	PrivatePageCount             uintptr        // SIZE_T
+	ReadOperationCount           int64          // LARGE_INTEGER
+	WriteOperationCount          int64          // LARGE_INTEGER
+	OtherOperationCount          int64          // LARGE_INTEGER
+	ReadTransferCount            int64          // LARGE_INTEGER
+	WriteTransferCount           int64          // LARGE_INTEGER
+	OtherTransferCount           int64          // LARGE_INTEGER
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go
new file mode 100644
index 0000000000000..4724713e3e41c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go
@@ -0,0 +1,12 @@
+package winapi
+
+// HANDLE CreateRemoteThread(
+// 	HANDLE                 hProcess,
+// 	LPSECURITY_ATTRIBUTES  lpThreadAttributes,
+// 	SIZE_T                 dwStackSize,
+// 	LPTHREAD_START_ROUTINE lpStartAddress,
+// 	LPVOID                 lpParameter,
+// 	DWORD                  dwCreationFlags,
+// 	LPDWORD                lpThreadId
+// );
+//sys CreateRemoteThread(process windows.Handle, sa *windows.SecurityAttributes, stackSize uint32, startAddr uintptr, parameter uintptr, creationFlags uint32, threadID *uint32) (handle windows.Handle, err error) = kernel32.CreateRemoteThread
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go
new file mode 100644
index 0000000000000..db59567d08952
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go
@@ -0,0 +1,75 @@
+package winapi
+
+import (
+	"errors"
+	"reflect"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+// Uint16BufferToSlice wraps a uint16 pointer-and-length into a slice
+// for easier interop with Go APIs
+func Uint16BufferToSlice(buffer *uint16, bufferLength int) (result []uint16) {
+	hdr := (*reflect.SliceHeader)(unsafe.Pointer(&result))
+	hdr.Data = uintptr(unsafe.Pointer(buffer))
+	hdr.Cap = bufferLength
+	hdr.Len = bufferLength
+
+	return
+}
+
+type UnicodeString struct {
+	Length        uint16
+	MaximumLength uint16
+	Buffer        *uint16
+}
+
+//String converts a UnicodeString to a golang string
+func (uni UnicodeString) String() string {
+	// UnicodeString is not guaranteed to be null terminated, therefore
+	// use the UnicodeString's Length field
+	return syscall.UTF16ToString(Uint16BufferToSlice(uni.Buffer, int(uni.Length/2)))
+}
+
+// NewUnicodeString allocates a new UnicodeString and copies `s` into
+// the buffer of the new UnicodeString.
+func NewUnicodeString(s string) (*UnicodeString, error) {
+	// Get length of original `s` to use in the UnicodeString since the `buf`
+	// created later will have an additional trailing null character
+	length := len(s)
+	if length > 32767 {
+		return nil, syscall.ENAMETOOLONG
+	}
+
+	buf, err := windows.UTF16FromString(s)
+	if err != nil {
+		return nil, err
+	}
+	uni := &UnicodeString{
+		Length:        uint16(length * 2),
+		MaximumLength: uint16(length * 2),
+		Buffer:        &buf[0],
+	}
+	return uni, nil
+}
+
+// ConvertStringSetToSlice is a helper function used to convert the contents of
+// `buf` into a string slice. `buf` contains a set of null terminated strings
+// with an additional null at the end to indicate the end of the set.
+func ConvertStringSetToSlice(buf []byte) ([]string, error) {
+	var results []string
+	prev := 0
+	for i := range buf {
+		if buf[i] == 0 {
+			if prev == i {
+				// found two null characters in a row, return result
+				return results, nil
+			}
+			results = append(results, string(buf[prev:i]))
+			prev = i + 1
+		}
+	}
+	return nil, errors.New("string set malformed: missing null terminator at end of buffer")
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go
new file mode 100644
index 0000000000000..ec88c0d2128b6
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go
@@ -0,0 +1,5 @@
+// Package winapi contains various low-level bindings to Windows APIs. It can
+// be thought of as an extension to golang.org/x/sys/windows.
+package winapi
+
+//go:generate go run ..\..\mksyscall_windows.go -output zsyscall_windows.go system.go net.go path.go thread.go iocp.go jobobject.go logon.go memory.go process.go processor.go devices.go filesystem.go errors.go
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
new file mode 100644
index 0000000000000..2941b0f9809ce
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
@@ -0,0 +1,371 @@
+// Code generated mksyscall_windows.exe DO NOT EDIT
+
+package winapi
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modntdll    = windows.NewLazySystemDLL("ntdll.dll")
+	modiphlpapi = windows.NewLazySystemDLL("iphlpapi.dll")
+	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
+	modpsapi    = windows.NewLazySystemDLL("psapi.dll")
+	modcfgmgr32 = windows.NewLazySystemDLL("cfgmgr32.dll")
+
+	procNtQuerySystemInformation               = modntdll.NewProc("NtQuerySystemInformation")
+	procSetJobCompartmentId                    = modiphlpapi.NewProc("SetJobCompartmentId")
+	procSearchPathW                            = modkernel32.NewProc("SearchPathW")
+	procCreateRemoteThread                     = modkernel32.NewProc("CreateRemoteThread")
+	procGetQueuedCompletionStatus              = modkernel32.NewProc("GetQueuedCompletionStatus")
+	procIsProcessInJob                         = modkernel32.NewProc("IsProcessInJob")
+	procQueryInformationJobObject              = modkernel32.NewProc("QueryInformationJobObject")
+	procOpenJobObjectW                         = modkernel32.NewProc("OpenJobObjectW")
+	procSetIoRateControlInformationJobObject   = modkernel32.NewProc("SetIoRateControlInformationJobObject")
+	procQueryIoRateControlInformationJobObject = modkernel32.NewProc("QueryIoRateControlInformationJobObject")
+	procNtOpenJobObject                        = modntdll.NewProc("NtOpenJobObject")
+	procNtCreateJobObject                      = modntdll.NewProc("NtCreateJobObject")
+	procLogonUserW                             = modadvapi32.NewProc("LogonUserW")
+	procRtlMoveMemory                          = modkernel32.NewProc("RtlMoveMemory")
+	procLocalAlloc                             = modkernel32.NewProc("LocalAlloc")
+	procLocalFree                              = modkernel32.NewProc("LocalFree")
+	procQueryWorkingSet                        = modpsapi.NewProc("QueryWorkingSet")
+	procGetProcessImageFileNameW               = modkernel32.NewProc("GetProcessImageFileNameW")
+	procGetActiveProcessorCount                = modkernel32.NewProc("GetActiveProcessorCount")
+	procCM_Get_Device_ID_List_SizeA            = modcfgmgr32.NewProc("CM_Get_Device_ID_List_SizeA")
+	procCM_Get_Device_ID_ListA                 = modcfgmgr32.NewProc("CM_Get_Device_ID_ListA")
+	procCM_Locate_DevNodeW                     = modcfgmgr32.NewProc("CM_Locate_DevNodeW")
+	procCM_Get_DevNode_PropertyW               = modcfgmgr32.NewProc("CM_Get_DevNode_PropertyW")
+	procNtCreateFile                           = modntdll.NewProc("NtCreateFile")
+	procNtSetInformationFile                   = modntdll.NewProc("NtSetInformationFile")
+	procNtOpenDirectoryObject                  = modntdll.NewProc("NtOpenDirectoryObject")
+	procNtQueryDirectoryObject                 = modntdll.NewProc("NtQueryDirectoryObject")
+	procRtlNtStatusToDosError                  = modntdll.NewProc("RtlNtStatusToDosError")
+)
+
+func NtQuerySystemInformation(systemInfoClass int, systemInformation uintptr, systemInfoLength uint32, returnLength *uint32) (status uint32) {
+	r0, _, _ := syscall.Syscall6(procNtQuerySystemInformation.Addr(), 4, uintptr(systemInfoClass), uintptr(systemInformation), uintptr(systemInfoLength), uintptr(unsafe.Pointer(returnLength)), 0, 0)
+	status = uint32(r0)
+	return
+}
+
+func SetJobCompartmentId(handle windows.Handle, compartmentId uint32) (win32Err error) {
+	r0, _, _ := syscall.Syscall(procSetJobCompartmentId.Addr(), 2, uintptr(handle), uintptr(compartmentId), 0)
+	if r0 != 0 {
+		win32Err = syscall.Errno(r0)
+	}
+	return
+}
+
+func SearchPath(lpPath *uint16, lpFileName *uint16, lpExtension *uint16, nBufferLength uint32, lpBuffer *uint16, lpFilePath *uint16) (size uint32, err error) {
+	r0, _, e1 := syscall.Syscall6(procSearchPathW.Addr(), 6, uintptr(unsafe.Pointer(lpPath)), uintptr(unsafe.Pointer(lpFileName)), uintptr(unsafe.Pointer(lpExtension)), uintptr(nBufferLength), uintptr(unsafe.Pointer(lpBuffer)), uintptr(unsafe.Pointer(lpFilePath)))
+	size = uint32(r0)
+	if size == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateRemoteThread(process windows.Handle, sa *windows.SecurityAttributes, stackSize uint32, startAddr uintptr, parameter uintptr, creationFlags uint32, threadID *uint32) (handle windows.Handle, err error) {
+	r0, _, e1 := syscall.Syscall9(procCreateRemoteThread.Addr(), 7, uintptr(process), uintptr(unsafe.Pointer(sa)), uintptr(stackSize), uintptr(startAddr), uintptr(parameter), uintptr(creationFlags), uintptr(unsafe.Pointer(threadID)), 0, 0)
+	handle = windows.Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetQueuedCompletionStatus(cphandle windows.Handle, qty *uint32, key *uintptr, overlapped **windows.Overlapped, timeout uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(cphandle), uintptr(unsafe.Pointer(qty)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(overlapped)), uintptr(timeout), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result *bool) (err error) {
+	r1, _, e1 := syscall.Syscall(procIsProcessInJob.Addr(), 3, uintptr(procHandle), uintptr(jobHandle), uintptr(unsafe.Pointer(result)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(jobHandle), uintptr(infoClass), uintptr(jobObjectInfo), uintptr(jobObjectInformationLength), uintptr(unsafe.Pointer(lpReturnLength)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenJobObject(desiredAccess uint32, inheritHandle bool, lpName *uint16) (handle windows.Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, e1 := syscall.Syscall(procOpenJobObjectW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(lpName)))
+	handle = windows.Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetIoRateControlInformationJobObject(jobHandle windows.Handle, ioRateControlInfo *JOBOBJECT_IO_RATE_CONTROL_INFORMATION) (ret uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procSetIoRateControlInformationJobObject.Addr(), 2, uintptr(jobHandle), uintptr(unsafe.Pointer(ioRateControlInfo)), 0)
+	ret = uint32(r0)
+	if ret == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryIoRateControlInformationJobObject(jobHandle windows.Handle, volumeName *uint16, ioRateControlInfo **JOBOBJECT_IO_RATE_CONTROL_INFORMATION, infoBlockCount *uint32) (ret uint32, err error) {
+	r0, _, e1 := syscall.Syscall6(procQueryIoRateControlInformationJobObject.Addr(), 4, uintptr(jobHandle), uintptr(unsafe.Pointer(volumeName)), uintptr(unsafe.Pointer(ioRateControlInfo)), uintptr(unsafe.Pointer(infoBlockCount)), 0, 0)
+	ret = uint32(r0)
+	if ret == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func NtOpenJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) {
+	r0, _, _ := syscall.Syscall(procNtOpenJobObject.Addr(), 3, uintptr(unsafe.Pointer(jobHandle)), uintptr(desiredAccess), uintptr(unsafe.Pointer(objAttributes)))
+	status = uint32(r0)
+	return
+}
+
+func NtCreateJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) {
+	r0, _, _ := syscall.Syscall(procNtCreateJobObject.Addr(), 3, uintptr(unsafe.Pointer(jobHandle)), uintptr(desiredAccess), uintptr(unsafe.Pointer(objAttributes)))
+	status = uint32(r0)
+	return
+}
+
+func LogonUser(username *uint16, domain *uint16, password *uint16, logonType uint32, logonProvider uint32, token *windows.Token) (err error) {
+	r1, _, e1 := syscall.Syscall6(procLogonUserW.Addr(), 6, uintptr(unsafe.Pointer(username)), uintptr(unsafe.Pointer(domain)), uintptr(unsafe.Pointer(password)), uintptr(logonType), uintptr(logonProvider), uintptr(unsafe.Pointer(token)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func RtlMoveMemory(destination *byte, source *byte, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procRtlMoveMemory.Addr(), 3, uintptr(unsafe.Pointer(destination)), uintptr(unsafe.Pointer(source)), uintptr(length))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func LocalAlloc(flags uint32, size int) (ptr uintptr) {
+	r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(flags), uintptr(size), 0)
+	ptr = uintptr(r0)
+	return
+}
+
+func LocalFree(ptr uintptr) {
+	syscall.Syscall(procLocalFree.Addr(), 1, uintptr(ptr), 0, 0)
+	return
+}
+
+func QueryWorkingSet(handle windows.Handle, pv uintptr, cb uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procQueryWorkingSet.Addr(), 3, uintptr(handle), uintptr(pv), uintptr(cb))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetProcessImageFileName(hProcess windows.Handle, imageFileName *uint16, nSize uint32) (size uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetProcessImageFileNameW.Addr(), 3, uintptr(hProcess), uintptr(unsafe.Pointer(imageFileName)), uintptr(nSize))
+	size = uint32(r0)
+	if size == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetActiveProcessorCount(groupNumber uint16) (amount uint32) {
+	r0, _, _ := syscall.Syscall(procGetActiveProcessorCount.Addr(), 1, uintptr(groupNumber), 0, 0)
+	amount = uint32(r0)
+	return
+}
+
+func CMGetDeviceIDListSize(pulLen *uint32, pszFilter *byte, uFlags uint32) (hr error) {
+	r0, _, _ := syscall.Syscall(procCM_Get_Device_ID_List_SizeA.Addr(), 3, uintptr(unsafe.Pointer(pulLen)), uintptr(unsafe.Pointer(pszFilter)), uintptr(uFlags))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func CMGetDeviceIDList(pszFilter *byte, buffer *byte, bufferLen uint32, uFlags uint32) (hr error) {
+	r0, _, _ := syscall.Syscall6(procCM_Get_Device_ID_ListA.Addr(), 4, uintptr(unsafe.Pointer(pszFilter)), uintptr(unsafe.Pointer(buffer)), uintptr(bufferLen), uintptr(uFlags), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func CMLocateDevNode(pdnDevInst *uint32, pDeviceID string, uFlags uint32) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(pDeviceID)
+	if hr != nil {
+		return
+	}
+	return _CMLocateDevNode(pdnDevInst, _p0, uFlags)
+}
+
+func _CMLocateDevNode(pdnDevInst *uint32, pDeviceID *uint16, uFlags uint32) (hr error) {
+	r0, _, _ := syscall.Syscall(procCM_Locate_DevNodeW.Addr(), 3, uintptr(unsafe.Pointer(pdnDevInst)), uintptr(unsafe.Pointer(pDeviceID)), uintptr(uFlags))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func CMGetDevNodeProperty(dnDevInst uint32, propertyKey *DevPropKey, propertyType *uint32, propertyBuffer *uint16, propertyBufferSize *uint32, uFlags uint32) (hr error) {
+	r0, _, _ := syscall.Syscall6(procCM_Get_DevNode_PropertyW.Addr(), 6, uintptr(dnDevInst), uintptr(unsafe.Pointer(propertyKey)), uintptr(unsafe.Pointer(propertyType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(unsafe.Pointer(propertyBufferSize)), uintptr(uFlags))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func NtCreateFile(handle *uintptr, accessMask uint32, oa *ObjectAttributes, iosb *IOStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) {
+	r0, _, _ := syscall.Syscall12(procNtCreateFile.Addr(), 11, uintptr(unsafe.Pointer(handle)), uintptr(accessMask), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(fileAttributes), uintptr(shareAccess), uintptr(createDisposition), uintptr(createOptions), uintptr(unsafe.Pointer(eaBuffer)), uintptr(eaLength), 0)
+	status = uint32(r0)
+	return
+}
+
+func NtSetInformationFile(handle uintptr, iosb *IOStatusBlock, information uintptr, length uint32, class uint32) (status uint32) {
+	r0, _, _ := syscall.Syscall6(procNtSetInformationFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(iosb)), uintptr(information), uintptr(length), uintptr(class), 0)
+	status = uint32(r0)
+	return
+}
+
+func NtOpenDirectoryObject(handle *uintptr, accessMask uint32, oa *ObjectAttributes) (status uint32) {
+	r0, _, _ := syscall.Syscall(procNtOpenDirectoryObject.Addr(), 3, uintptr(unsafe.Pointer(handle)), uintptr(accessMask), uintptr(unsafe.Pointer(oa)))
+	status = uint32(r0)
+	return
+}
+
+func NtQueryDirectoryObject(handle uintptr, buffer *byte, length uint32, singleEntry bool, restartScan bool, context *uint32, returnLength *uint32) (status uint32) {
+	var _p0 uint32
+	if singleEntry {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	var _p1 uint32
+	if restartScan {
+		_p1 = 1
+	} else {
+		_p1 = 0
+	}
+	r0, _, _ := syscall.Syscall9(procNtQueryDirectoryObject.Addr(), 7, uintptr(handle), uintptr(unsafe.Pointer(buffer)), uintptr(length), uintptr(_p0), uintptr(_p1), uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(returnLength)), 0, 0)
+	status = uint32(r0)
+	return
+}
+
+func RtlNtStatusToDosError(status uint32) (winerr error) {
+	r0, _, _ := syscall.Syscall(procRtlNtStatusToDosError.Addr(), 1, uintptr(status), 0, 0)
+	if r0 != 0 {
+		winerr = syscall.Errno(r0)
+	}
+	return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/layer.go b/vendor/github.com/Microsoft/hcsshim/layer.go
index 8cdc247dcdb51..8916163706cfe 100644
--- a/vendor/github.com/Microsoft/hcsshim/layer.go
+++ b/vendor/github.com/Microsoft/hcsshim/layer.go
@@ -1,11 +1,11 @@
 package hcsshim
 
 import (
+	"context"
 	"crypto/sha1"
 	"path/filepath"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
-
+	"github.com/Microsoft/go-winio/pkg/guid"
 	"github.com/Microsoft/hcsshim/internal/wclayer"
 )
 
@@ -14,57 +14,59 @@ func layerPath(info *DriverInfo, id string) string {
 }
 
 func ActivateLayer(info DriverInfo, id string) error {
-	return wclayer.ActivateLayer(layerPath(&info, id))
+	return wclayer.ActivateLayer(context.Background(), layerPath(&info, id))
 }
 func CreateLayer(info DriverInfo, id, parent string) error {
-	return wclayer.CreateLayer(layerPath(&info, id), parent)
+	return wclayer.CreateLayer(context.Background(), layerPath(&info, id), parent)
 }
+
 // New clients should use CreateScratchLayer instead. Kept in to preserve API compatibility.
 func CreateSandboxLayer(info DriverInfo, layerId, parentId string, parentLayerPaths []string) error {
-	return wclayer.CreateScratchLayer(layerPath(&info, layerId), parentLayerPaths)
+	return wclayer.CreateScratchLayer(context.Background(), layerPath(&info, layerId), parentLayerPaths)
 }
 func CreateScratchLayer(info DriverInfo, layerId, parentId string, parentLayerPaths []string) error {
-	return wclayer.CreateScratchLayer(layerPath(&info, layerId), parentLayerPaths)
+	return wclayer.CreateScratchLayer(context.Background(), layerPath(&info, layerId), parentLayerPaths)
 }
 func DeactivateLayer(info DriverInfo, id string) error {
-	return wclayer.DeactivateLayer(layerPath(&info, id))
+	return wclayer.DeactivateLayer(context.Background(), layerPath(&info, id))
 }
 func DestroyLayer(info DriverInfo, id string) error {
-	return wclayer.DestroyLayer(layerPath(&info, id))
+	return wclayer.DestroyLayer(context.Background(), layerPath(&info, id))
 }
+
 // New clients should use ExpandScratchSize instead. Kept in to preserve API compatibility.
 func ExpandSandboxSize(info DriverInfo, layerId string, size uint64) error {
-	return wclayer.ExpandScratchSize(layerPath(&info, layerId), size)
+	return wclayer.ExpandScratchSize(context.Background(), layerPath(&info, layerId), size)
 }
 func ExpandScratchSize(info DriverInfo, layerId string, size uint64) error {
-	return wclayer.ExpandScratchSize(layerPath(&info, layerId), size)
+	return wclayer.ExpandScratchSize(context.Background(), layerPath(&info, layerId), size)
 }
 func ExportLayer(info DriverInfo, layerId string, exportFolderPath string, parentLayerPaths []string) error {
-	return wclayer.ExportLayer(layerPath(&info, layerId), exportFolderPath, parentLayerPaths)
+	return wclayer.ExportLayer(context.Background(), layerPath(&info, layerId), exportFolderPath, parentLayerPaths)
 }
 func GetLayerMountPath(info DriverInfo, id string) (string, error) {
-	return wclayer.GetLayerMountPath(layerPath(&info, id))
+	return wclayer.GetLayerMountPath(context.Background(), layerPath(&info, id))
 }
 func GetSharedBaseImages() (imageData string, err error) {
-	return wclayer.GetSharedBaseImages()
+	return wclayer.GetSharedBaseImages(context.Background())
 }
 func ImportLayer(info DriverInfo, layerID string, importFolderPath string, parentLayerPaths []string) error {
-	return wclayer.ImportLayer(layerPath(&info, layerID), importFolderPath, parentLayerPaths)
+	return wclayer.ImportLayer(context.Background(), layerPath(&info, layerID), importFolderPath, parentLayerPaths)
 }
 func LayerExists(info DriverInfo, id string) (bool, error) {
-	return wclayer.LayerExists(layerPath(&info, id))
+	return wclayer.LayerExists(context.Background(), layerPath(&info, id))
 }
 func PrepareLayer(info DriverInfo, layerId string, parentLayerPaths []string) error {
-	return wclayer.PrepareLayer(layerPath(&info, layerId), parentLayerPaths)
+	return wclayer.PrepareLayer(context.Background(), layerPath(&info, layerId), parentLayerPaths)
 }
 func ProcessBaseLayer(path string) error {
-	return wclayer.ProcessBaseLayer(path)
+	return wclayer.ProcessBaseLayer(context.Background(), path)
 }
 func ProcessUtilityVMImage(path string) error {
-	return wclayer.ProcessUtilityVMImage(path)
+	return wclayer.ProcessUtilityVMImage(context.Background(), path)
 }
 func UnprepareLayer(info DriverInfo, layerId string) error {
-	return wclayer.UnprepareLayer(layerPath(&info, layerId))
+	return wclayer.UnprepareLayer(context.Background(), layerPath(&info, layerId))
 }
 
 type DriverInfo struct {
@@ -72,14 +74,11 @@ type DriverInfo struct {
 	HomeDir string
 }
 
-type FilterLayerReader = wclayer.FilterLayerReader
-type FilterLayerWriter = wclayer.FilterLayerWriter
-
 type GUID [16]byte
 
 func NameToGuid(name string) (id GUID, err error) {
-	g, err := wclayer.NameToGuid(name)
-	return GUID(g), err
+	g, err := wclayer.NameToGuid(context.Background(), name)
+	return g.ToWindowsArray(), err
 }
 
 func NewGUID(source string) *GUID {
@@ -90,19 +89,19 @@ func NewGUID(source string) *GUID {
 }
 
 func (g *GUID) ToString() string {
-	return (guid.GUID)(*g).String()
+	return guid.FromWindowsArray(*g).String()
 }
 
 type LayerReader = wclayer.LayerReader
 
 func NewLayerReader(info DriverInfo, layerID string, parentLayerPaths []string) (LayerReader, error) {
-	return wclayer.NewLayerReader(layerPath(&info, layerID), parentLayerPaths)
+	return wclayer.NewLayerReader(context.Background(), layerPath(&info, layerID), parentLayerPaths)
 }
 
 type LayerWriter = wclayer.LayerWriter
 
 func NewLayerWriter(info DriverInfo, layerID string, parentLayerPaths []string) (LayerWriter, error) {
-	return wclayer.NewLayerWriter(layerPath(&info, layerID), parentLayerPaths)
+	return wclayer.NewLayerWriter(context.Background(), layerPath(&info, layerID), parentLayerPaths)
 }
 
 type WC_LAYER_DESCRIPTOR = wclayer.WC_LAYER_DESCRIPTOR
diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go b/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go
new file mode 100644
index 0000000000000..3ab3bcd89a118
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go
@@ -0,0 +1,50 @@
+package osversion
+
+import (
+	"fmt"
+	"sync"
+
+	"golang.org/x/sys/windows"
+)
+
+// OSVersion is a wrapper for Windows version information
+// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
+type OSVersion struct {
+	Version      uint32
+	MajorVersion uint8
+	MinorVersion uint8
+	Build        uint16
+}
+
+var (
+	osv  OSVersion
+	once sync.Once
+)
+
+// Get gets the operating system version on Windows.
+// The calling application must be manifested to get the correct version information.
+func Get() OSVersion {
+	once.Do(func() {
+		var err error
+		osv = OSVersion{}
+		osv.Version, err = windows.GetVersion()
+		if err != nil {
+			// GetVersion never fails.
+			panic(err)
+		}
+		osv.MajorVersion = uint8(osv.Version & 0xFF)
+		osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF)
+		osv.Build = uint16(osv.Version >> 16)
+	})
+	return osv
+}
+
+// Build gets the build-number on Windows
+// The calling application must be manifested to get the correct version information.
+func Build() uint16 {
+	return Get().Build
+}
+
+func (osv OSVersion) ToString() string {
+	return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go b/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go
new file mode 100644
index 0000000000000..e9267b9554f29
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go
@@ -0,0 +1,38 @@
+package osversion
+
+const (
+	// RS1 (version 1607, codename "Redstone 1") corresponds to Windows Server
+	// 2016 (ltsc2016) and Windows 10 (Anniversary Update).
+	RS1 = 14393
+
+	// RS2 (version 1703, codename "Redstone 2") was a client-only update, and
+	// corresponds to Windows 10 (Creators Update).
+	RS2 = 15063
+
+	// RS3 (version 1709, codename "Redstone 3") corresponds to Windows Server
+	// 1709 (Semi-Annual Channel (SAC)), and Windows 10 (Fall Creators Update).
+	RS3 = 16299
+
+	// RS4 (version 1803, codename "Redstone 4") corresponds to Windows Server
+	// 1803 (Semi-Annual Channel (SAC)), and Windows 10 (April 2018 Update).
+	RS4 = 17134
+
+	// RS5 (version 1809, codename "Redstone 5") corresponds to Windows Server
+	// 2019 (ltsc2019), and Windows 10 (October 2018 Update).
+	RS5 = 17763
+
+	// V19H1 (version 1903) corresponds to Windows Server 1903 (semi-annual
+	// channel).
+	V19H1 = 18362
+
+	// V19H2 (version 1909) corresponds to Windows Server 1909 (semi-annual
+	// channel).
+	V19H2 = 18363
+
+	// V20H1 (version 2004) corresponds to Windows Server 2004 (semi-annual
+	// channel).
+	V20H1 = 19041
+
+	// V20H2 corresponds to Windows Server 20H2 (semi-annual channel).
+	V20H2 = 19042
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/export.go b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/export.go
new file mode 100644
index 0000000000000..e3f1be333db36
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/export.go
@@ -0,0 +1,88 @@
+// Package ociwclayer provides functions for importing and exporting Windows
+// container layers from and to their OCI tar representation.
+package ociwclayer
+
+import (
+	"archive/tar"
+	"context"
+	"io"
+	"path/filepath"
+
+	"github.com/Microsoft/go-winio/backuptar"
+	"github.com/Microsoft/hcsshim"
+)
+
+var driverInfo = hcsshim.DriverInfo{}
+
+// ExportLayerToTar writes an OCI layer tar stream from the provided on-disk layer.
+// The caller must specify the parent layers, if any, ordered from lowest to
+// highest layer.
+//
+// The layer will be mounted for this process, so the caller should ensure that
+// it is not currently mounted.
+func ExportLayerToTar(ctx context.Context, w io.Writer, path string, parentLayerPaths []string) error {
+	err := hcsshim.ActivateLayer(driverInfo, path)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		_ = hcsshim.DeactivateLayer(driverInfo, path)
+	}()
+
+	// Prepare and unprepare the layer to ensure that it has been initialized.
+	err = hcsshim.PrepareLayer(driverInfo, path, parentLayerPaths)
+	if err != nil {
+		return err
+	}
+	err = hcsshim.UnprepareLayer(driverInfo, path)
+	if err != nil {
+		return err
+	}
+
+	r, err := hcsshim.NewLayerReader(driverInfo, path, parentLayerPaths)
+	if err != nil {
+		return err
+	}
+
+	err = writeTarFromLayer(ctx, r, w)
+	cerr := r.Close()
+	if err != nil {
+		return err
+	}
+	return cerr
+}
+
+func writeTarFromLayer(ctx context.Context, r hcsshim.LayerReader, w io.Writer) error {
+	t := tar.NewWriter(w)
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
+		name, size, fileInfo, err := r.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return err
+		}
+		if fileInfo == nil {
+			// Write a whiteout file.
+			hdr := &tar.Header{
+				Name: filepath.ToSlash(filepath.Join(filepath.Dir(name), whiteoutPrefix+filepath.Base(name))),
+			}
+			err := t.WriteHeader(hdr)
+			if err != nil {
+				return err
+			}
+		} else {
+			err = backuptar.WriteTarFileFromBackupStream(t, r, name, size, fileInfo)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return t.Close()
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/import.go b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/import.go
new file mode 100644
index 0000000000000..e74a6b5946c47
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/import.go
@@ -0,0 +1,148 @@
+package ociwclayer
+
+import (
+	"archive/tar"
+	"bufio"
+	"context"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+
+	winio "github.com/Microsoft/go-winio"
+	"github.com/Microsoft/go-winio/backuptar"
+	"github.com/Microsoft/hcsshim"
+)
+
+const whiteoutPrefix = ".wh."
+
+var (
+	// mutatedFiles is a list of files that are mutated by the import process
+	// and must be backed up and restored.
+	mutatedFiles = map[string]string{
+		"UtilityVM/Files/EFI/Microsoft/Boot/BCD":      "bcd.bak",
+		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG":  "bcd.log.bak",
+		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG1": "bcd.log1.bak",
+		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG2": "bcd.log2.bak",
+	}
+)
+
+// ImportLayerFromTar  reads a layer from an OCI layer tar stream and extracts it to the
+// specified path. The caller must specify the parent layers, if any, ordered
+// from lowest to highest layer.
+//
+// The caller must ensure that the thread or process has acquired backup and
+// restore privileges.
+//
+// This function returns the total size of the layer's files, in bytes.
+func ImportLayerFromTar(ctx context.Context, r io.Reader, path string, parentLayerPaths []string) (int64, error) {
+	err := os.MkdirAll(path, 0)
+	if err != nil {
+		return 0, err
+	}
+	w, err := hcsshim.NewLayerWriter(hcsshim.DriverInfo{}, path, parentLayerPaths)
+	if err != nil {
+		return 0, err
+	}
+	n, err := writeLayerFromTar(ctx, r, w, path)
+	cerr := w.Close()
+	if err != nil {
+		return 0, err
+	}
+	if cerr != nil {
+		return 0, cerr
+	}
+	return n, nil
+}
+
+func writeLayerFromTar(ctx context.Context, r io.Reader, w hcsshim.LayerWriter, root string) (int64, error) {
+	t := tar.NewReader(r)
+	hdr, err := t.Next()
+	totalSize := int64(0)
+	buf := bufio.NewWriter(nil)
+	for err == nil {
+		select {
+		case <-ctx.Done():
+			return 0, ctx.Err()
+		default:
+		}
+
+		base := path.Base(hdr.Name)
+		if strings.HasPrefix(base, whiteoutPrefix) {
+			name := path.Join(path.Dir(hdr.Name), base[len(whiteoutPrefix):])
+			err = w.Remove(filepath.FromSlash(name))
+			if err != nil {
+				return 0, err
+			}
+			hdr, err = t.Next()
+		} else if hdr.Typeflag == tar.TypeLink {
+			err = w.AddLink(filepath.FromSlash(hdr.Name), filepath.FromSlash(hdr.Linkname))
+			if err != nil {
+				return 0, err
+			}
+			hdr, err = t.Next()
+		} else {
+			var (
+				name     string
+				size     int64
+				fileInfo *winio.FileBasicInfo
+			)
+			name, size, fileInfo, err = backuptar.FileInfoFromHeader(hdr)
+			if err != nil {
+				return 0, err
+			}
+			err = w.Add(filepath.FromSlash(name), fileInfo)
+			if err != nil {
+				return 0, err
+			}
+			hdr, err = writeBackupStreamFromTarAndSaveMutatedFiles(buf, w, t, hdr, root)
+			totalSize += size
+		}
+	}
+	if err != io.EOF {
+		return 0, err
+	}
+	return totalSize, nil
+}
+
+// writeBackupStreamFromTarAndSaveMutatedFiles reads data from a tar stream and
+// writes it to a backup stream, and also saves any files that will be mutated
+// by the import layer process to a backup location.
+func writeBackupStreamFromTarAndSaveMutatedFiles(buf *bufio.Writer, w io.Writer, t *tar.Reader, hdr *tar.Header, root string) (nextHdr *tar.Header, err error) {
+	var bcdBackup *os.File
+	var bcdBackupWriter *winio.BackupFileWriter
+	if backupPath, ok := mutatedFiles[hdr.Name]; ok {
+		bcdBackup, err = os.Create(filepath.Join(root, backupPath))
+		if err != nil {
+			return nil, err
+		}
+		defer func() {
+			cerr := bcdBackup.Close()
+			if err == nil {
+				err = cerr
+			}
+		}()
+
+		bcdBackupWriter = winio.NewBackupFileWriter(bcdBackup, false)
+		defer func() {
+			cerr := bcdBackupWriter.Close()
+			if err == nil {
+				err = cerr
+			}
+		}()
+
+		buf.Reset(io.MultiWriter(w, bcdBackupWriter))
+	} else {
+		buf.Reset(w)
+	}
+
+	defer func() {
+		ferr := buf.Flush()
+		if err == nil {
+			err = ferr
+		}
+	}()
+
+	return backuptar.WriteBackupStreamFromTarFile(buf, t, hdr)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/process.go b/vendor/github.com/Microsoft/hcsshim/process.go
index ca8acbb7c2563..3362c683357a9 100644
--- a/vendor/github.com/Microsoft/hcsshim/process.go
+++ b/vendor/github.com/Microsoft/hcsshim/process.go
@@ -1,7 +1,9 @@
 package hcsshim
 
 import (
+	"context"
 	"io"
+	"sync"
 	"time"
 
 	"github.com/Microsoft/hcsshim/internal/hcs"
@@ -9,7 +11,10 @@ import (
 
 // ContainerError is an error encountered in HCS
 type process struct {
-	p *hcs.Process
+	p        *hcs.Process
+	waitOnce sync.Once
+	waitCh   chan struct{}
+	waitErr  error
 }
 
 // Pid returns the process ID of the process within the container.
@@ -19,7 +24,14 @@ func (process *process) Pid() int {
 
 // Kill signals the process to terminate but does not wait for it to finish terminating.
 func (process *process) Kill() error {
-	return convertProcessError(process.p.Kill(), process)
+	found, err := process.p.Kill(context.Background())
+	if err != nil {
+		return convertProcessError(err, process)
+	}
+	if !found {
+		return &ProcessError{Process: process, Err: ErrElementNotFound, Operation: "hcsshim::Process::Kill"}
+	}
+	return nil
 }
 
 // Wait waits for the process to exit.
@@ -30,7 +42,21 @@ func (process *process) Wait() error {
 // WaitTimeout waits for the process to exit or the duration to elapse. It returns
 // false if timeout occurs.
 func (process *process) WaitTimeout(timeout time.Duration) error {
-	return convertProcessError(process.p.WaitTimeout(timeout), process)
+	process.waitOnce.Do(func() {
+		process.waitCh = make(chan struct{})
+		go func() {
+			process.waitErr = process.Wait()
+			close(process.waitCh)
+		}()
+	})
+	t := time.NewTimer(timeout)
+	defer t.Stop()
+	select {
+	case <-t.C:
+		return &ProcessError{Process: process, Err: ErrTimeout, Operation: "hcsshim::Process::Wait"}
+	case <-process.waitCh:
+		return process.waitErr
+	}
 }
 
 // ExitCode returns the exit code of the process. The process must have
@@ -45,14 +71,14 @@ func (process *process) ExitCode() (int, error) {
 
 // ResizeConsole resizes the console of the process.
 func (process *process) ResizeConsole(width, height uint16) error {
-	return convertProcessError(process.p.ResizeConsole(width, height), process)
+	return convertProcessError(process.p.ResizeConsole(context.Background(), width, height), process)
 }
 
 // Stdio returns the stdin, stdout, and stderr pipes, respectively. Closing
 // these pipes does not close the underlying pipes; it should be possible to
 // call this multiple times to get multiple interfaces.
 func (process *process) Stdio() (io.WriteCloser, io.ReadCloser, io.ReadCloser, error) {
-	stdin, stdout, stderr, err := process.p.Stdio()
+	stdin, stdout, stderr, err := process.p.StdioLegacy()
 	if err != nil {
 		err = convertProcessError(err, process)
 	}
@@ -62,7 +88,7 @@ func (process *process) Stdio() (io.WriteCloser, io.ReadCloser, io.ReadCloser, e
 // CloseStdin closes the write side of the stdin pipe so that the process is
 // notified on the read side that there is no more data in stdin.
 func (process *process) CloseStdin() error {
-	return convertProcessError(process.p.CloseStdin(), process)
+	return convertProcessError(process.p.CloseStdin(context.Background()), process)
 }
 
 // Close cleans up any state associated with the process but does not kill
diff --git a/vendor/github.com/Microsoft/hcsshim/version.go b/vendor/github.com/Microsoft/hcsshim/version.go
deleted file mode 100644
index 9ebb257b3e4c1..0000000000000
--- a/vendor/github.com/Microsoft/hcsshim/version.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package hcsshim
-
-// IsTP4 returns whether the currently running Windows build is at least TP4.
-func IsTP4() bool {
-	return false
-}
diff --git a/vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go
index cd471295b83f7..8bed848573831 100644
--- a/vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go
@@ -1,4 +1,4 @@
-// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
+// Code generated mksyscall_windows.exe DO NOT EDIT
 
 package hcsshim
 
@@ -6,7 +6,6 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
 	"golang.org/x/sys/windows"
 )
 
@@ -46,7 +45,10 @@ var (
 func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
 	r0, _, _ := syscall.Syscall(procSetCurrentThreadCompartmentId.Addr(), 1, uintptr(compartmentId), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
diff --git a/vendor/github.com/Microsoft/opengcs/LICENSE b/vendor/github.com/Microsoft/opengcs/LICENSE
deleted file mode 100644
index 4b1ad51b2f0ef..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-    MIT License
-
-    Copyright (c) Microsoft Corporation. All rights reserved.
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE
diff --git a/vendor/github.com/Microsoft/opengcs/README.md b/vendor/github.com/Microsoft/opengcs/README.md
deleted file mode 100644
index e931fde8f3e8e..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/README.md
+++ /dev/null
@@ -1,14 +0,0 @@
-
-# Open Guest Compute Service (opengcs) [![Build Status](https://travis-ci.org/Microsoft/opengcs.svg?branch=master)](https://travis-ci.org/Microsoft/opengcs)
-
-Open Guest Compute Service is a Linux open source project to further the development of a production quality implementation of Linux Hyper-V container on Windows (LCOW).  It's designed to run inside a custom Linux OS for supporting Linux container payload.
-
-# Getting Started
-
-  [How to build GCS binaries](./docs/gcsbuildinstructions.md/)
-
-  [How to build custom Linux OS images](./docs/customosbuildinstructions.md/)
-
-# Contributing
-
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
diff --git a/vendor/github.com/Microsoft/opengcs/client/config.go b/vendor/github.com/Microsoft/opengcs/client/config.go
deleted file mode 100644
index c2f6b21631422..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/config.go
+++ /dev/null
@@ -1,274 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/sirupsen/logrus"
-)
-
-// Mode is the operational mode, both requested, and actual after verification
-type Mode uint
-
-const (
-	// Constants for the actual mode after validation
-
-	// ModeActualError means an error has occurred during validation
-	ModeActualError = iota
-	// ModeActualVhdx means that we are going to use VHDX boot after validation
-	ModeActualVhdx
-	// ModeActualKernelInitrd means that we are going to use kernel+initrd for boot after validation
-	ModeActualKernelInitrd
-
-	// Constants for the requested mode
-
-	// ModeRequestAuto means auto-select the boot mode for a utility VM
-	ModeRequestAuto = iota // VHDX will be priority over kernel+initrd
-	// ModeRequestVhdx means request VHDX boot if possible
-	ModeRequestVhdx
-	// ModeRequestKernelInitrd means request Kernel+initrd boot if possible
-	ModeRequestKernelInitrd
-
-	// defaultUvmTimeoutSeconds is the default time to wait for utility VM operations
-	defaultUvmTimeoutSeconds = 5 * 60
-
-	// DefaultVhdxSizeGB is the size of the default sandbox & scratch in GB
-	DefaultVhdxSizeGB = 20
-
-	// defaultVhdxBlockSizeMB is the block-size for the sandbox/scratch VHDx's this package can create.
-	defaultVhdxBlockSizeMB = 1
-)
-
-// Config is the structure used to configuring a utility VM. There are two ways
-// of starting. Either supply a VHD, or a Kernel+Initrd. For the latter, both
-// must be supplied, and both must be in the same directory.
-//
-// VHD is the priority.
-type Config struct {
-	Options                                        // Configuration options
-	Name               string                      // Name of the utility VM
-	RequestedMode      Mode                        // What mode is preferred when validating
-	ActualMode         Mode                        // What mode was obtained during validation
-	UvmTimeoutSeconds  int                         // How long to wait for the utility VM to respond in seconds
-	Uvm                hcsshim.Container           // The actual container
-	MappedVirtualDisks []hcsshim.MappedVirtualDisk // Data-disks to be attached
-}
-
-// Options is the structure used by a client to define configurable options for a utility VM.
-type Options struct {
-	KirdPath       string // Path to where kernel/initrd are found (defaults to %PROGRAMFILES%\Linux Containers)
-	KernelFile     string // Kernel for Utility VM (embedded in a UEFI bootloader) - does NOT include full path, just filename
-	InitrdFile     string // Initrd image for Utility VM - does NOT include full path, just filename
-	Vhdx           string // VHD for booting the utility VM - is a full path
-	TimeoutSeconds int    // Requested time for the utility VM to respond in seconds (may be over-ridden by environment)
-	BootParameters string // Additional boot parameters for initrd booting (not VHDx)
-}
-
-// ParseOptions parses a set of K-V pairs into options used by opengcs. Note
-// for consistency with the LCOW graphdriver in docker, we keep the same
-// convention of an `lcow.` prefix.
-func ParseOptions(options []string) (Options, error) {
-	rOpts := Options{TimeoutSeconds: 0}
-	for _, v := range options {
-		opt := strings.SplitN(v, "=", 2)
-		if len(opt) == 2 {
-			switch strings.ToLower(opt[0]) {
-			case "lcow.kirdpath":
-				rOpts.KirdPath = opt[1]
-			case "lcow.kernel":
-				rOpts.KernelFile = opt[1]
-			case "lcow.initrd":
-				rOpts.InitrdFile = opt[1]
-			case "lcow.vhdx":
-				rOpts.Vhdx = opt[1]
-			case "lcow.bootparameters":
-				rOpts.BootParameters = opt[1]
-			case "lcow.timeout":
-				var err error
-				if rOpts.TimeoutSeconds, err = strconv.Atoi(opt[1]); err != nil {
-					return rOpts, fmt.Errorf("lcow.timeout option could not be interpreted as an integer")
-				}
-				if rOpts.TimeoutSeconds < 0 {
-					return rOpts, fmt.Errorf("lcow.timeout option cannot be negative")
-				}
-			}
-		}
-	}
-
-	// Set default values if not supplied
-	if rOpts.KirdPath == "" {
-		rOpts.KirdPath = filepath.Join(os.Getenv("ProgramFiles"), "Linux Containers")
-	}
-	if rOpts.Vhdx == "" {
-		rOpts.Vhdx = filepath.Join(rOpts.KirdPath, `uvm.vhdx`)
-	}
-	if rOpts.KernelFile == "" {
-		rOpts.KernelFile = `kernel`
-	}
-	if rOpts.InitrdFile == "" {
-		rOpts.InitrdFile = `initrd.img`
-	}
-
-	return rOpts, nil
-}
-
-// GenerateDefault generates a default config from a set of options
-// If baseDir is not supplied, defaults to $env:ProgramFiles\Linux Containers
-func (config *Config) GenerateDefault(options []string) error {
-	// Parse the options that the user supplied.
-	var err error
-	config.Options, err = ParseOptions(options)
-	if err != nil {
-		return err
-	}
-
-	// Get the timeout from the environment
-	envTimeoutSeconds := 0
-	envTimeout := os.Getenv("OPENGCS_UVM_TIMEOUT_SECONDS")
-	if len(envTimeout) > 0 {
-		var err error
-		if envTimeoutSeconds, err = strconv.Atoi(envTimeout); err != nil {
-			return fmt.Errorf("OPENGCS_UVM_TIMEOUT_SECONDS could not be interpreted as an integer")
-		}
-		if envTimeoutSeconds < 0 {
-			return fmt.Errorf("OPENGCS_UVM_TIMEOUT_SECONDS cannot be negative")
-		}
-	}
-
-	// Priority to the requested timeout from the options.
-	if config.TimeoutSeconds != 0 {
-		config.UvmTimeoutSeconds = config.TimeoutSeconds
-		return nil
-	}
-
-	// Next priority, the environment
-	if envTimeoutSeconds != 0 {
-		config.UvmTimeoutSeconds = envTimeoutSeconds
-		return nil
-	}
-
-	// Last priority is the default timeout
-	config.UvmTimeoutSeconds = defaultUvmTimeoutSeconds
-
-	// Set the default requested mode
-	config.RequestedMode = ModeRequestAuto
-
-	return nil
-}
-
-// Validate validates a Config structure for starting a utility VM.
-func (config *Config) Validate() error {
-	config.ActualMode = ModeActualError
-
-	if config.RequestedMode == ModeRequestVhdx && config.Vhdx == "" {
-		return fmt.Errorf("VHDx mode must supply a VHDx")
-	}
-	if config.RequestedMode == ModeRequestKernelInitrd && (config.KernelFile == "" || config.InitrdFile == "") {
-		return fmt.Errorf("kernel+initrd mode must supply both kernel and initrd")
-	}
-
-	// Validate that if VHDX requested or auto, it exists.
-	if config.RequestedMode == ModeRequestAuto || config.RequestedMode == ModeRequestVhdx {
-		if _, err := os.Stat(config.Vhdx); os.IsNotExist(err) {
-			if config.RequestedMode == ModeRequestVhdx {
-				return fmt.Errorf("VHDx '%s' not found", config.Vhdx)
-			}
-		} else {
-			config.ActualMode = ModeActualVhdx
-
-			// Can't specify boot parameters with VHDx
-			if config.BootParameters != "" {
-				return fmt.Errorf("Boot parameters cannot be specified in VHDx mode")
-			}
-			return nil
-		}
-	}
-
-	// So must be kernel+initrd, or auto where we fallback as the VHDX doesn't exist
-	if config.InitrdFile == "" || config.KernelFile == "" {
-		if config.RequestedMode == ModeRequestKernelInitrd {
-			return fmt.Errorf("initrd and kernel options must be supplied")
-		}
-		return fmt.Errorf("opengcs: configuration is invalid")
-	}
-
-	if _, err := os.Stat(filepath.Join(config.KirdPath, config.KernelFile)); os.IsNotExist(err) {
-		return fmt.Errorf("kernel '%s' not found", filepath.Join(config.KirdPath, config.KernelFile))
-	}
-	if _, err := os.Stat(filepath.Join(config.KirdPath, config.InitrdFile)); os.IsNotExist(err) {
-		return fmt.Errorf("initrd '%s' not found", filepath.Join(config.KirdPath, config.InitrdFile))
-	}
-
-	config.ActualMode = ModeActualKernelInitrd
-
-	// Ensure all the MappedVirtualDisks exist on the host
-	for _, mvd := range config.MappedVirtualDisks {
-		if _, err := os.Stat(mvd.HostPath); err != nil {
-			return fmt.Errorf("mapped virtual disk '%s' not found", mvd.HostPath)
-		}
-		if mvd.ContainerPath == "" {
-			return fmt.Errorf("mapped virtual disk '%s' requested without a container path", mvd.HostPath)
-		}
-	}
-
-	return nil
-}
-
-// StartUtilityVM creates and starts a utility VM from a configuration.
-func (config *Config) StartUtilityVM() error {
-	logrus.Debugf("opengcs: StartUtilityVM: %+v", config)
-
-	if err := config.Validate(); err != nil {
-		return err
-	}
-
-	configuration := &hcsshim.ContainerConfig{
-		HvPartition:                 true,
-		Name:                        config.Name,
-		SystemType:                  "container",
-		ContainerType:               "linux",
-		TerminateOnLastHandleClosed: true,
-		MappedVirtualDisks:          config.MappedVirtualDisks,
-	}
-
-	if config.ActualMode == ModeActualVhdx {
-		configuration.HvRuntime = &hcsshim.HvRuntime{
-			ImagePath:          config.Vhdx,
-			BootSource:         "Vhd",
-			WritableBootSource: false,
-		}
-	} else {
-		configuration.HvRuntime = &hcsshim.HvRuntime{
-			ImagePath:           config.KirdPath,
-			LinuxInitrdFile:     config.InitrdFile,
-			LinuxKernelFile:     config.KernelFile,
-			LinuxBootParameters: config.BootParameters,
-		}
-	}
-
-	configurationS, _ := json.Marshal(configuration)
-	logrus.Debugf("opengcs: StartUtilityVM: calling HCS with '%s'", string(configurationS))
-	uvm, err := hcsshim.CreateContainer(config.Name, configuration)
-	if err != nil {
-		return err
-	}
-	logrus.Debugf("opengcs: StartUtilityVM: uvm created, starting...")
-	err = uvm.Start()
-	if err != nil {
-		logrus.Debugf("opengcs: StartUtilityVM: uvm failed to start: %s", err)
-		// Make sure we don't leave it laying around as it's been created in HCS
-		uvm.Terminate()
-		return err
-	}
-
-	config.Uvm = uvm
-	logrus.Debugf("opengcs StartUtilityVM: uvm %s is running", config.Name)
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/createext4vhdx.go b/vendor/github.com/Microsoft/opengcs/client/createext4vhdx.go
deleted file mode 100644
index 8fb7520b41a4a..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/createext4vhdx.go
+++ /dev/null
@@ -1,167 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"bytes"
-	"fmt"
-	"os"
-	"strings"
-	"time"
-
-	winio "github.com/Microsoft/go-winio/vhd"
-	//	"github.com/Microsoft/hcsshim"
-	"github.com/sirupsen/logrus"
-)
-
-// dismount is a simple utility function wrapping a conditional HotRemove. It would
-// have been easier if you could cancel a deferred function, but this works just
-// as well.
-func (config *Config) dismount(file string) error {
-	logrus.Debugf("opengcs: CreateExt4Vhdx: hot-remove of %s", file)
-	err := config.HotRemoveVhd(file)
-	if err != nil {
-		logrus.Warnf("failed to hot-remove: %s", err)
-	}
-	return err
-}
-
-// CreateExt4Vhdx does what it says on the tin. It is the responsibility of the caller to synchronise
-// simultaneous attempts to create the cache file.
-func (config *Config) CreateExt4Vhdx(destFile string, sizeGB uint32, cacheFile string) error {
-	// Smallest we can accept is the default sandbox size as we can't size down, only expand.
-	if sizeGB < DefaultVhdxSizeGB {
-		sizeGB = DefaultVhdxSizeGB
-	}
-
-	logrus.Debugf("opengcs: CreateExt4Vhdx: %s size:%dGB cache:%s", destFile, sizeGB, cacheFile)
-
-	// Retrieve from cache if the default size and already on disk
-	if cacheFile != "" && sizeGB == DefaultVhdxSizeGB {
-		if _, err := os.Stat(cacheFile); err == nil {
-			if err := CopyFile(cacheFile, destFile, false); err != nil {
-				return fmt.Errorf("failed to copy cached file '%s' to '%s': %s", cacheFile, destFile, err)
-			}
-			logrus.Debugf("opengcs: CreateExt4Vhdx: %s fulfilled from cache", destFile)
-			return nil
-		}
-	}
-
-	// Must have a utility VM to operate on
-	if config.Uvm == nil {
-		return fmt.Errorf("no utility VM")
-	}
-
-	// Create the VHDX
-	if err := winio.CreateVhdx(destFile, sizeGB, defaultVhdxBlockSizeMB); err != nil {
-		return fmt.Errorf("failed to create VHDx %s: %s", destFile, err)
-	}
-
-	defer config.DebugGCS()
-
-	// Attach it to the utility VM, but don't mount it (as there's no filesystem on it)
-	if err := config.HotAddVhd(destFile, "", false, false); err != nil {
-		return fmt.Errorf("opengcs: CreateExt4Vhdx: failed to hot-add %s to utility VM: %s", cacheFile, err)
-	}
-
-	// Get the list of mapped virtual disks to find the controller and LUN IDs
-	logrus.Debugf("opengcs: CreateExt4Vhdx: %s querying mapped virtual disks", destFile)
-	mvdControllers, err := config.Uvm.MappedVirtualDisks()
-	if err != nil {
-		return fmt.Errorf("failed to get mapped virtual disks: %s", err)
-	}
-
-	// Find our mapped disk from the list of all currently added.
-	controller := -1
-	lun := -1
-	for controllerNumber, controllerElement := range mvdControllers {
-		for diskNumber, diskElement := range controllerElement.MappedVirtualDisks {
-			if diskElement.HostPath == destFile {
-				controller = controllerNumber
-				lun = diskNumber
-				break
-			}
-		}
-	}
-	if controller == -1 || lun == -1 {
-		config.dismount(destFile)
-		return fmt.Errorf("failed to find %s in mapped virtual disks after hot-adding", destFile)
-	}
-	logrus.Debugf("opengcs: CreateExt4Vhdx: %s at C=%d L=%d", destFile, controller, lun)
-
-	// Validate /sys/bus/scsi/devices/C:0:0:L exists as a directory
-	testdCommand := fmt.Sprintf(`test -d /sys/bus/scsi/devices/%d:0:0:%d`, controller, lun)
-	testdProc, err := config.RunProcess(testdCommand, nil, nil, nil)
-	if err != nil {
-		config.dismount(destFile)
-		return fmt.Errorf("failed to `%s` following hot-add %s to utility VM: %s", testdCommand, destFile, err)
-	}
-	defer testdProc.Close()
-	testdProc.WaitTimeout(time.Second * time.Duration(config.UvmTimeoutSeconds))
-	testdExitCode, err := testdProc.ExitCode()
-	if err != nil {
-		config.dismount(destFile)
-		return fmt.Errorf("failed to get exit code from `%s` following hot-add %s to utility VM: %s", testdCommand, destFile, err)
-	}
-	if testdExitCode != 0 {
-		config.dismount(destFile)
-		return fmt.Errorf("`%s` return non-zero exit code (%d) following hot-add %s to utility VM", testdCommand, testdExitCode, destFile)
-	}
-
-	// Get the device from under the block subdirectory by doing a simple ls. This will come back as (eg) `sda`
-	lsCommand := fmt.Sprintf(`ls /sys/bus/scsi/devices/%d:0:0:%d/block`, controller, lun)
-	var lsOutput bytes.Buffer
-	lsProc, err := config.RunProcess(lsCommand, nil, &lsOutput, nil)
-	if err != nil {
-		config.dismount(destFile)
-		return fmt.Errorf("failed to `%s` following hot-add %s to utility VM: %s", lsCommand, destFile, err)
-	}
-	defer lsProc.Close()
-	lsProc.WaitTimeout(time.Second * time.Duration(config.UvmTimeoutSeconds))
-	lsExitCode, err := lsProc.ExitCode()
-	if err != nil {
-		config.dismount(destFile)
-		return fmt.Errorf("failed to get exit code from `%s` following hot-add %s to utility VM: %s", lsCommand, destFile, err)
-	}
-	if lsExitCode != 0 {
-		config.dismount(destFile)
-		return fmt.Errorf("`%s` return non-zero exit code (%d) following hot-add %s to utility VM", lsCommand, lsExitCode, destFile)
-	}
-	device := fmt.Sprintf(`/dev/%s`, strings.TrimSpace(lsOutput.String()))
-	logrus.Debugf("opengcs: CreateExt4Vhdx: %s: device at %s", destFile, device)
-
-	// Format it ext4
-	mkfsCommand := fmt.Sprintf(`mkfs.ext4 -q -E lazy_itable_init=1 -O ^has_journal,sparse_super2,uninit_bg,^resize_inode %s`, device)
-	var mkfsStderr bytes.Buffer
-	mkfsProc, err := config.RunProcess(mkfsCommand, nil, nil, &mkfsStderr)
-	if err != nil {
-		config.dismount(destFile)
-		return fmt.Errorf("failed to RunProcess %q following hot-add %s to utility VM: %s", destFile, mkfsCommand, err)
-	}
-	defer mkfsProc.Close()
-	mkfsProc.WaitTimeout(time.Second * time.Duration(config.UvmTimeoutSeconds))
-	mkfsExitCode, err := mkfsProc.ExitCode()
-	if err != nil {
-		config.dismount(destFile)
-		return fmt.Errorf("failed to get exit code from `%s` following hot-add %s to utility VM: %s", mkfsCommand, destFile, err)
-	}
-	if mkfsExitCode != 0 {
-		config.dismount(destFile)
-		return fmt.Errorf("`%s` return non-zero exit code (%d) following hot-add %s to utility VM: %s", mkfsCommand, mkfsExitCode, destFile, strings.TrimSpace(mkfsStderr.String()))
-	}
-
-	// Dismount before we copy it
-	if err := config.dismount(destFile); err != nil {
-		return fmt.Errorf("failed to hot-remove: %s", err)
-	}
-
-	// Populate the cache.
-	if cacheFile != "" && (sizeGB == DefaultVhdxSizeGB) {
-		if err := CopyFile(destFile, cacheFile, true); err != nil {
-			return fmt.Errorf("failed to seed cache '%s' from '%s': %s", destFile, cacheFile, err)
-		}
-	}
-
-	logrus.Debugf("opengcs: CreateExt4Vhdx: %s created (non-cache)", destFile)
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/hotaddvhd.go b/vendor/github.com/Microsoft/opengcs/client/hotaddvhd.go
deleted file mode 100644
index ef1e51fd65090..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/hotaddvhd.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"fmt"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/sirupsen/logrus"
-)
-
-// HotAddVhd hot-adds a VHD to a utility VM. This is used in the global one-utility-VM-
-// service-VM per host scenario. In order to do a graphdriver `Diff`, we hot-add the
-// sandbox to /mnt/<id> so that we can run `exportSandbox` inside the utility VM to
-// get a tar-stream of the sandboxes contents back to the daemon.
-func (config *Config) HotAddVhd(hostPath string, containerPath string, readOnly bool, mount bool) error {
-	logrus.Debugf("opengcs: HotAddVhd: %s: %s", hostPath, containerPath)
-
-	if config.Uvm == nil {
-		return fmt.Errorf("cannot hot-add VHD as no utility VM is in configuration")
-	}
-
-	defer config.DebugGCS()
-
-	modification := &hcsshim.ResourceModificationRequestResponse{
-		Resource: "MappedVirtualDisk",
-		Data: hcsshim.MappedVirtualDisk{
-			HostPath:          hostPath,
-			ContainerPath:     containerPath,
-			CreateInUtilityVM: true,
-			ReadOnly:          readOnly,
-			AttachOnly:        !mount,
-		},
-		Request: "Add",
-	}
-
-	if err := config.Uvm.Modify(modification); err != nil {
-		return fmt.Errorf("failed to modify utility VM configuration for hot-add: %s", err)
-	}
-	logrus.Debugf("opengcs: HotAddVhd: %s added successfully", hostPath)
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/hotremovevhd.go b/vendor/github.com/Microsoft/opengcs/client/hotremovevhd.go
deleted file mode 100644
index be631891731b4..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/hotremovevhd.go
+++ /dev/null
@@ -1,36 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"fmt"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/sirupsen/logrus"
-)
-
-// HotRemoveVhd hot-removes a VHD from a utility VM. This is used in the global one-utility-VM-
-// service-VM per host scenario.
-func (config *Config) HotRemoveVhd(hostPath string) error {
-	logrus.Debugf("opengcs: HotRemoveVhd: %s", hostPath)
-
-	if config.Uvm == nil {
-		return fmt.Errorf("cannot hot-add VHD as no utility VM is in configuration")
-	}
-
-	defer config.DebugGCS()
-
-	modification := &hcsshim.ResourceModificationRequestResponse{
-		Resource: "MappedVirtualDisk",
-		Data: hcsshim.MappedVirtualDisk{
-			HostPath:          hostPath,
-			CreateInUtilityVM: true,
-		},
-		Request: "Remove",
-	}
-	if err := config.Uvm.Modify(modification); err != nil {
-		return fmt.Errorf("failed modifying utility VM for hot-remove %s: %s", hostPath, err)
-	}
-	logrus.Debugf("opengcs: HotRemoveVhd: %s removed successfully", hostPath)
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/init.go b/vendor/github.com/Microsoft/opengcs/client/init.go
deleted file mode 100644
index 246ac185e9f89..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/init.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"os"
-	"strconv"
-)
-
-var (
-	logDataFromUVM int64
-)
-
-func init() {
-	bytes := os.Getenv("OPENGCS_LOG_DATA_FROM_UVM")
-	if len(bytes) == 0 {
-		return
-	}
-	u, err := strconv.ParseUint(bytes, 10, 32)
-	if err != nil {
-		return
-	}
-	logDataFromUVM = int64(u)
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/layervhddetails.go b/vendor/github.com/Microsoft/opengcs/client/layervhddetails.go
deleted file mode 100644
index 010780069ae0b..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/layervhddetails.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-)
-
-// LayerVhdDetails is a utility for getting a file name, size and indication of
-// sandbox for a VHD(x) in a folder. A read-only layer will be layer.vhd. A
-// read-write layer will be sandbox.vhdx.
-func LayerVhdDetails(folder string) (string, int64, bool, error) {
-	var fileInfo os.FileInfo
-	isSandbox := false
-	filename := filepath.Join(folder, "layer.vhd")
-	var err error
-
-	if fileInfo, err = os.Stat(filename); err != nil {
-		filename = filepath.Join(folder, "sandbox.vhdx")
-		if fileInfo, err = os.Stat(filename); err != nil {
-			if os.IsNotExist(err) {
-				return "", 0, isSandbox, fmt.Errorf("could not find layer or sandbox in %s", folder)
-			}
-			return "", 0, isSandbox, fmt.Errorf("error locating layer or sandbox in %s: %s", folder, err)
-		}
-		isSandbox = true
-	}
-	return filename, fileInfo.Size(), isSandbox, nil
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/process.go b/vendor/github.com/Microsoft/opengcs/client/process.go
deleted file mode 100644
index a8ffdf98e61d1..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/process.go
+++ /dev/null
@@ -1,164 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/sirupsen/logrus"
-)
-
-// Process is the structure pertaining to a process running in a utility VM.
-type process struct {
-	Process hcsshim.Process
-	Stdin   io.WriteCloser
-	Stdout  io.ReadCloser
-	Stderr  io.ReadCloser
-}
-
-// createUtilsProcess is a convenient wrapper for hcsshim.createUtilsProcess to use when
-// communicating with a utility VM.
-func (config *Config) createUtilsProcess(commandLine string) (process, error) {
-	logrus.Debugf("opengcs: createUtilsProcess")
-
-	if config.Uvm == nil {
-		return process{}, fmt.Errorf("cannot create utils process as no utility VM is in configuration")
-	}
-
-	var (
-		err  error
-		proc process
-	)
-
-	env := make(map[string]string)
-	env["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
-	processConfig := &hcsshim.ProcessConfig{
-		EmulateConsole:    false,
-		CreateStdInPipe:   true,
-		CreateStdOutPipe:  true,
-		CreateStdErrPipe:  true,
-		CreateInUtilityVm: true,
-		WorkingDirectory:  "/bin",
-		Environment:       env,
-		CommandLine:       commandLine,
-	}
-	proc.Process, err = config.Uvm.CreateProcess(processConfig)
-	if err != nil {
-		return process{}, fmt.Errorf("failed to create process (%+v) in utility VM: %s", config, err)
-	}
-
-	if proc.Stdin, proc.Stdout, proc.Stderr, err = proc.Process.Stdio(); err != nil {
-		proc.Process.Kill() // Should this have a timeout?
-		proc.Process.Close()
-		return process{}, fmt.Errorf("failed to get stdio pipes for process %+v: %s", config, err)
-	}
-
-	logrus.Debugf("opengcs: createUtilsProcess success: pid %d", proc.Process.Pid())
-	return proc, nil
-}
-
-// RunProcess runs the given command line program in the utilityVM. It takes in
-// an input to the reader to feed into stdin and returns stdout to output.
-// IMPORTANT: It is the responsibility of the caller to call Close() on the returned process.
-func (config *Config) RunProcess(commandLine string, stdin io.Reader, stdout io.Writer, stderr io.Writer) (hcsshim.Process, error) {
-	logrus.Debugf("opengcs: RunProcess: %s", commandLine)
-	process, err := config.createUtilsProcess(commandLine)
-	if err != nil {
-		return nil, err
-	}
-
-	// Send the data into the process's stdin
-	if stdin != nil {
-		if _, err = copyWithTimeout(process.Stdin,
-			stdin,
-			0,
-			config.UvmTimeoutSeconds,
-			fmt.Sprintf("send to stdin of %s", commandLine)); err != nil {
-			return nil, err
-		}
-
-		// Don't need stdin now we've sent everything. This signals GCS that we are finished sending data.
-		if err := process.Process.CloseStdin(); err != nil && !hcsshim.IsNotExist(err) && !hcsshim.IsAlreadyClosed(err) {
-			// This error will occur if the compute system is currently shutting down
-			if perr, ok := err.(*hcsshim.ProcessError); ok && perr.Err != hcsshim.ErrVmcomputeOperationInvalidState {
-				return nil, err
-			}
-		}
-	}
-
-	if stdout != nil {
-		// Copy the data over to the writer.
-		if _, err := copyWithTimeout(stdout,
-			process.Stdout,
-			0,
-			config.UvmTimeoutSeconds,
-			fmt.Sprintf("RunProcess: copy back from %s", commandLine)); err != nil {
-			return nil, err
-		}
-	}
-
-	if stderr != nil {
-		// Copy the data over to the writer.
-		if _, err := copyWithTimeout(stderr,
-			process.Stderr,
-			0,
-			config.UvmTimeoutSeconds,
-			fmt.Sprintf("RunProcess: copy back from %s", commandLine)); err != nil {
-			return nil, err
-		}
-	}
-
-	logrus.Debugf("opengcs: runProcess success: %s", commandLine)
-	return process.Process, nil
-}
-
-func debugCommand(s string) string {
-	return fmt.Sprintf(`echo -e 'DEBUG COMMAND: %s\\n--------------\\n';%s;echo -e '\\n\\n';`, s, s)
-}
-
-// DebugGCS extracts logs from the GCS. It's a useful hack for debugging,
-// but not necessarily optimal, but all that is available to us in RS3.
-func (config *Config) DebugGCS() {
-	if logrus.GetLevel() < logrus.DebugLevel || len(os.Getenv("OPENGCS_DEBUG_ENABLE")) == 0 {
-		return
-	}
-
-	var out bytes.Buffer
-	cmd := os.Getenv("OPENGCS_DEBUG_COMMAND")
-	if cmd == "" {
-		cmd = `sh -c "`
-		cmd += debugCommand("kill -10 `pidof gcs`") // SIGUSR1 for stackdump
-		cmd += debugCommand("ls -l /tmp")
-		cmd += debugCommand("cat /tmp/gcs.log")
-		cmd += debugCommand("cat /tmp/gcs/gcs-stacks*")
-		cmd += debugCommand("cat /tmp/gcs/paniclog*")
-		cmd += debugCommand("ls -l /tmp/gcs")
-		cmd += debugCommand("ls -l /tmp/gcs/*")
-		cmd += debugCommand("cat /tmp/gcs/*/config.json")
-		cmd += debugCommand("ls -lR /var/run/gcsrunc")
-		cmd += debugCommand("cat /tmp/gcs/global-runc.log")
-		cmd += debugCommand("cat /tmp/gcs/*/runc.log")
-		cmd += debugCommand("ps -ef")
-		cmd += `"`
-	}
-	proc, err := config.RunProcess(cmd, nil, &out, nil)
-	defer func() {
-		if proc != nil {
-			proc.Kill()
-			proc.Close()
-		}
-	}()
-	if err != nil {
-		logrus.Debugln("benign failure getting gcs logs: ", err)
-	}
-	if proc != nil {
-		proc.WaitTimeout(time.Second * 30)
-	}
-	logrus.Debugf("GCS Debugging:\n%s\n\nEnd GCS Debugging", strings.TrimSpace(out.String()))
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/tartovhd.go b/vendor/github.com/Microsoft/opengcs/client/tartovhd.go
deleted file mode 100644
index 29ee48957aa84..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/tartovhd.go
+++ /dev/null
@@ -1,46 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"fmt"
-	"io"
-
-	"github.com/sirupsen/logrus"
-)
-
-// TarToVhd streams a tarstream contained in an io.Reader to a fixed vhd file
-func (config *Config) TarToVhd(targetVHDFile string, reader io.Reader) (int64, error) {
-	logrus.Debugf("opengcs: TarToVhd: %s", targetVHDFile)
-
-	if config.Uvm == nil {
-		return 0, fmt.Errorf("cannot Tar2Vhd as no utility VM is in configuration")
-	}
-
-	defer config.DebugGCS()
-
-	process, err := config.createUtilsProcess("tar2vhd")
-	if err != nil {
-		return 0, fmt.Errorf("failed to start tar2vhd for %s: %s", targetVHDFile, err)
-	}
-	defer process.Process.Close()
-
-	// Send the tarstream into the `tar2vhd`s stdin
-	if _, err = copyWithTimeout(process.Stdin, reader, 0, config.UvmTimeoutSeconds, fmt.Sprintf("stdin of tar2vhd for generating %s", targetVHDFile)); err != nil {
-		return 0, fmt.Errorf("failed sending to tar2vhd for %s: %s", targetVHDFile, err)
-	}
-
-	// Don't need stdin now we've sent everything. This signals GCS that we are finished sending data.
-	if err := process.Process.CloseStdin(); err != nil {
-		return 0, fmt.Errorf("failed closing stdin handle for %s: %s", targetVHDFile, err)
-	}
-
-	// Write stdout contents of `tar2vhd` to the VHD file
-	payloadSize, err := writeFileFromReader(targetVHDFile, process.Stdout, config.UvmTimeoutSeconds, fmt.Sprintf("stdout of tar2vhd to %s", targetVHDFile))
-	if err != nil {
-		return 0, fmt.Errorf("failed to write %s during tar2vhd: %s", targetVHDFile, err)
-	}
-
-	logrus.Debugf("opengcs: TarToVhd: %s created, %d bytes", targetVHDFile, payloadSize)
-	return payloadSize, err
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/unsupported.go b/vendor/github.com/Microsoft/opengcs/client/unsupported.go
deleted file mode 100644
index 63b7067dce043..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/unsupported.go
+++ /dev/null
@@ -1,3 +0,0 @@
-// +build !windows
-
-package client
diff --git a/vendor/github.com/Microsoft/opengcs/client/utilities.go b/vendor/github.com/Microsoft/opengcs/client/utilities.go
deleted file mode 100644
index 8441d960f409d..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/utilities.go
+++ /dev/null
@@ -1,122 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"bytes"
-	"encoding/hex"
-	"fmt"
-	"io"
-	"os"
-	"syscall"
-	"time"
-	"unsafe"
-
-	"github.com/sirupsen/logrus"
-)
-
-var (
-	modkernel32   = syscall.NewLazyDLL("kernel32.dll")
-	procCopyFileW = modkernel32.NewProc("CopyFileW")
-)
-
-// writeFileFromReader writes an output file from an io.Reader
-func writeFileFromReader(path string, reader io.Reader, timeoutSeconds int, context string) (int64, error) {
-	outFile, err := os.Create(path)
-	if err != nil {
-		return 0, fmt.Errorf("opengcs: writeFileFromReader: failed to create %s: %s", path, err)
-	}
-	defer outFile.Close()
-	return copyWithTimeout(outFile, reader, 0, timeoutSeconds, context)
-}
-
-// copyWithTimeout is a wrapper for io.Copy using a timeout duration
-func copyWithTimeout(dst io.Writer, src io.Reader, size int64, timeoutSeconds int, context string) (int64, error) {
-	logrus.Debugf("opengcs: copywithtimeout: size %d: timeout %d: (%s)", size, timeoutSeconds, context)
-
-	type resultType struct {
-		err   error
-		bytes int64
-	}
-
-	done := make(chan resultType, 1)
-	go func() {
-		result := resultType{}
-		if logrus.GetLevel() < logrus.DebugLevel || logDataFromUVM == 0 {
-			result.bytes, result.err = io.Copy(dst, src)
-		} else {
-			// In advanced debug mode where we log (hexdump format) what is copied
-			// up to the number of bytes defined by environment variable
-			// OPENGCS_LOG_DATA_FROM_UVM
-			var buf bytes.Buffer
-			tee := io.TeeReader(src, &buf)
-			result.bytes, result.err = io.Copy(dst, tee)
-			if result.err == nil {
-				size := result.bytes
-				if size > logDataFromUVM {
-					size = logDataFromUVM
-				}
-				if size > 0 {
-					bytes := make([]byte, size)
-					if _, err := buf.Read(bytes); err == nil {
-						logrus.Debugf(fmt.Sprintf("opengcs: copyWithTimeout\n%s", hex.Dump(bytes)))
-					}
-				}
-			}
-		}
-		done <- result
-	}()
-
-	var result resultType
-	timedout := time.After(time.Duration(timeoutSeconds) * time.Second)
-
-	select {
-	case <-timedout:
-		return 0, fmt.Errorf("opengcs: copyWithTimeout: timed out (%s)", context)
-	case result = <-done:
-		if result.err != nil && result.err != io.EOF {
-			// See https://github.com/golang/go/blob/f3f29d1dea525f48995c1693c609f5e67c046893/src/os/exec/exec_windows.go for a clue as to why we are doing this :)
-			if se, ok := result.err.(syscall.Errno); ok {
-				const (
-					errNoData     = syscall.Errno(232)
-					errBrokenPipe = syscall.Errno(109)
-				)
-				if se == errNoData || se == errBrokenPipe {
-					logrus.Debugf("opengcs: copyWithTimeout: hit NoData or BrokenPipe: %d: %s", se, context)
-					return result.bytes, nil
-				}
-			}
-			return 0, fmt.Errorf("opengcs: copyWithTimeout: error reading: '%s' after %d bytes (%s)", result.err, result.bytes, context)
-		}
-	}
-	logrus.Debugf("opengcs: copyWithTimeout: success - copied %d bytes (%s)", result.bytes, context)
-	return result.bytes, nil
-}
-
-// CopyFile is a utility for copying a file - used for the sandbox cache.
-// Uses CopyFileW win32 API for performance
-func CopyFile(srcFile, destFile string, overwrite bool) error {
-	var bFailIfExists uint32 = 1
-	if overwrite {
-		bFailIfExists = 0
-	}
-
-	lpExistingFileName, err := syscall.UTF16PtrFromString(srcFile)
-	if err != nil {
-		return err
-	}
-	lpNewFileName, err := syscall.UTF16PtrFromString(destFile)
-	if err != nil {
-		return err
-	}
-	r1, _, err := syscall.Syscall(
-		procCopyFileW.Addr(),
-		3,
-		uintptr(unsafe.Pointer(lpExistingFileName)),
-		uintptr(unsafe.Pointer(lpNewFileName)),
-		uintptr(bFailIfExists))
-	if r1 == 0 {
-		return fmt.Errorf("failed CopyFileW Win32 call from '%s' to '%s': %s", srcFile, destFile, err)
-	}
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/opengcs/client/vhdtotar.go b/vendor/github.com/Microsoft/opengcs/client/vhdtotar.go
deleted file mode 100644
index 72e9a24ff978a..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/client/vhdtotar.go
+++ /dev/null
@@ -1,69 +0,0 @@
-// +build windows
-
-package client
-
-import (
-	"fmt"
-	"io"
-	"os"
-
-	"github.com/sirupsen/logrus"
-)
-
-// VhdToTar does what is says - it exports a VHD in a specified
-// folder (either a read-only layer.vhd, or a read-write sandbox.vhd) to a
-// ReadCloser containing a tar-stream of the layers contents.
-func (config *Config) VhdToTar(vhdFile string, uvmMountPath string, isSandbox bool, vhdSize int64) (io.ReadCloser, error) {
-	logrus.Debugf("opengcs: VhdToTar: %s isSandbox: %t", vhdFile, isSandbox)
-
-	if config.Uvm == nil {
-		return nil, fmt.Errorf("cannot VhdToTar as no utility VM is in configuration")
-	}
-
-	defer config.DebugGCS()
-
-	vhdHandle, err := os.Open(vhdFile)
-	if err != nil {
-		return nil, fmt.Errorf("opengcs: VhdToTar: failed to open %s: %s", vhdFile, err)
-	}
-	defer vhdHandle.Close()
-	logrus.Debugf("opengcs: VhdToTar: exporting %s, size %d, isSandbox %t", vhdHandle.Name(), vhdSize, isSandbox)
-
-	// Different binary depending on whether a RO layer or a RW sandbox
-	command := "vhd2tar"
-	if isSandbox {
-		command = fmt.Sprintf("exportSandbox -path %s", uvmMountPath)
-	}
-
-	// Start the binary in the utility VM
-	process, err := config.createUtilsProcess(command)
-	if err != nil {
-		return nil, fmt.Errorf("opengcs: VhdToTar: %s: failed to create utils process %s: %s", vhdHandle.Name(), command, err)
-	}
-
-	if !isSandbox {
-		// Send the VHD contents to the utility VM processes stdin handle if not a sandbox
-		logrus.Debugf("opengcs: VhdToTar: copying the layer VHD into the utility VM")
-		if _, err = copyWithTimeout(process.Stdin, vhdHandle, vhdSize, config.UvmTimeoutSeconds, fmt.Sprintf("vhdtotarstream: sending %s to %s", vhdHandle.Name(), command)); err != nil {
-			process.Process.Close()
-			return nil, fmt.Errorf("opengcs: VhdToTar: %s: failed to copyWithTimeout on the stdin pipe (to utility VM): %s", vhdHandle.Name(), err)
-		}
-	}
-
-	// Start a goroutine which copies the stdout (ie the tar stream)
-	reader, writer := io.Pipe()
-	go func() {
-		defer writer.Close()
-		defer process.Process.Close()
-		logrus.Debugf("opengcs: VhdToTar: copying tar stream back from the utility VM")
-		bytes, err := copyWithTimeout(writer, process.Stdout, vhdSize, config.UvmTimeoutSeconds, fmt.Sprintf("vhdtotarstream: copy tarstream from %s", command))
-		if err != nil {
-			logrus.Errorf("opengcs: VhdToTar: %s:  copyWithTimeout on the stdout pipe (from utility VM) failed: %s", vhdHandle.Name(), err)
-		}
-		logrus.Debugf("opengcs: VhdToTar: copied %d bytes of the tarstream of %s from the utility VM", bytes, vhdHandle.Name())
-	}()
-
-	// Return the read-side of the pipe connected to the goroutine which is reading from the stdout of the process in the utility VM
-	return reader, nil
-
-}
diff --git a/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/defs.go b/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/defs.go
deleted file mode 100644
index f1f2c04a45d23..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/defs.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package remotefs
-
-import (
-	"errors"
-	"os"
-	"time"
-)
-
-// RemotefsCmd is the name of the remotefs meta command
-const RemotefsCmd = "remotefs"
-
-// Name of the commands when called from the cli context (remotefs <CMD> ...)
-const (
-	StatCmd           = "stat"
-	LstatCmd          = "lstat"
-	ReadlinkCmd       = "readlink"
-	MkdirCmd          = "mkdir"
-	MkdirAllCmd       = "mkdirall"
-	RemoveCmd         = "remove"
-	RemoveAllCmd      = "removeall"
-	LinkCmd           = "link"
-	SymlinkCmd        = "symlink"
-	LchmodCmd         = "lchmod"
-	LchownCmd         = "lchown"
-	MknodCmd          = "mknod"
-	MkfifoCmd         = "mkfifo"
-	OpenFileCmd       = "openfile"
-	ReadFileCmd       = "readfile"
-	WriteFileCmd      = "writefile"
-	ReadDirCmd        = "readdir"
-	ResolvePathCmd    = "resolvepath"
-	ExtractArchiveCmd = "extractarchive"
-	ArchivePathCmd    = "archivepath"
-)
-
-// ErrInvalid is returned if the parameters are invalid
-var ErrInvalid = errors.New("invalid arguments")
-
-// ErrUnknown is returned for an unknown remotefs command
-var ErrUnknown = errors.New("unkown command")
-
-// ExportedError is the serialized version of the a Go error.
-// It also provides a trivial implementation of the error interface.
-type ExportedError struct {
-	ErrString string
-	ErrNum    int `json:",omitempty"`
-}
-
-// Error returns an error string
-func (ee *ExportedError) Error() string {
-	return ee.ErrString
-}
-
-// FileInfo is the stat struct returned by the remotefs system. It
-// fulfills the os.FileInfo interface.
-type FileInfo struct {
-	NameVar    string
-	SizeVar    int64
-	ModeVar    os.FileMode
-	ModTimeVar int64 // Serialization of time.Time breaks in travis, so use an int
-	IsDirVar   bool
-}
-
-var _ os.FileInfo = &FileInfo{}
-
-// Name returns the filename from a FileInfo structure
-func (f *FileInfo) Name() string { return f.NameVar }
-
-// Size returns the size from a FileInfo structure
-func (f *FileInfo) Size() int64 { return f.SizeVar }
-
-// Mode returns the mode from a FileInfo structure
-func (f *FileInfo) Mode() os.FileMode { return f.ModeVar }
-
-// ModTime returns the modification time from a FileInfo structure
-func (f *FileInfo) ModTime() time.Time { return time.Unix(0, f.ModTimeVar) }
-
-// IsDir returns the is-directory indicator from a FileInfo structure
-func (f *FileInfo) IsDir() bool { return f.IsDirVar }
-
-// Sys provides an interface to a FileInfo structure
-func (f *FileInfo) Sys() interface{} { return nil }
-
-// FileHeader is a header for remote *os.File operations for remotefs.OpenFile
-type FileHeader struct {
-	Cmd  uint32
-	Size uint64
-}
-
-const (
-	// Read request command.
-	Read uint32 = iota
-	// Write request command.
-	Write
-	// Seek request command.
-	Seek
-	// Close request command.
-	Close
-	// CmdOK is a response meaning request succeeded.
-	CmdOK
-	// CmdFailed is a response meaning request failed.
-	CmdFailed
-)
-
-// SeekHeader is header for the Seek operation for remotefs.OpenFile
-type SeekHeader struct {
-	Offset int64
-	Whence int32
-}
diff --git a/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/remotefs.go b/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/remotefs.go
deleted file mode 100644
index ebc9e01df2fa6..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/remotefs.go
+++ /dev/null
@@ -1,578 +0,0 @@
-// +build !windows
-
-package remotefs
-
-import (
-	"bytes"
-	"encoding/binary"
-	"encoding/json"
-	"io"
-	"os"
-	"path/filepath"
-	"strconv"
-
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/symlink"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
-)
-
-// Func is the function definition for a generic remote fs function
-// The input to the function is any serialized structs / data from in and the string slice
-// from args. The output of the function will be serialized and written to out.
-type Func func(stdin io.Reader, stdout io.Writer, args []string) error
-
-// Commands provide a string -> remotefs function mapping.
-// This is useful for commandline programs that will receive a string
-// as the function to execute.
-var Commands = map[string]Func{
-	StatCmd:           Stat,
-	LstatCmd:          Lstat,
-	ReadlinkCmd:       Readlink,
-	MkdirCmd:          Mkdir,
-	MkdirAllCmd:       MkdirAll,
-	RemoveCmd:         Remove,
-	RemoveAllCmd:      RemoveAll,
-	LinkCmd:           Link,
-	SymlinkCmd:        Symlink,
-	LchmodCmd:         Lchmod,
-	LchownCmd:         Lchown,
-	MknodCmd:          Mknod,
-	MkfifoCmd:         Mkfifo,
-	OpenFileCmd:       OpenFile,
-	ReadFileCmd:       ReadFile,
-	WriteFileCmd:      WriteFile,
-	ReadDirCmd:        ReadDir,
-	ResolvePathCmd:    ResolvePath,
-	ExtractArchiveCmd: ExtractArchive,
-	ArchivePathCmd:    ArchivePath,
-}
-
-// Stat functions like os.Stat.
-// Args:
-// - args[0] is the path
-// Out:
-// - out = FileInfo object
-func Stat(in io.Reader, out io.Writer, args []string) error {
-	return stat(in, out, args, os.Stat)
-}
-
-// Lstat functions like os.Lstat.
-// Args:
-// - args[0] is the path
-// Out:
-// - out = FileInfo object
-func Lstat(in io.Reader, out io.Writer, args []string) error {
-	return stat(in, out, args, os.Lstat)
-}
-
-func stat(in io.Reader, out io.Writer, args []string, statfunc func(string) (os.FileInfo, error)) error {
-	if len(args) < 1 {
-		return ErrInvalid
-	}
-
-	fi, err := statfunc(args[0])
-	if err != nil {
-		return err
-	}
-
-	info := FileInfo{
-		NameVar:    fi.Name(),
-		SizeVar:    fi.Size(),
-		ModeVar:    fi.Mode(),
-		ModTimeVar: fi.ModTime().UnixNano(),
-		IsDirVar:   fi.IsDir(),
-	}
-
-	buf, err := json.Marshal(info)
-	if err != nil {
-		return err
-	}
-
-	if _, err := out.Write(buf); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Readlink works like os.Readlink
-// In:
-//  - args[0] is path
-// Out:
-//  - Write link result to out
-func Readlink(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 1 {
-		return ErrInvalid
-	}
-
-	l, err := os.Readlink(args[0])
-	if err != nil {
-		return err
-	}
-
-	if _, err := out.Write([]byte(l)); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Mkdir works like os.Mkdir
-// Args:
-// - args[0] is the path
-// - args[1] is the permissions in octal (like 0755)
-func Mkdir(in io.Reader, out io.Writer, args []string) error {
-	return mkdir(in, out, args, os.Mkdir)
-}
-
-// MkdirAll works like os.MkdirAll.
-// Args:
-// - args[0] is the path
-// - args[1] is the permissions in octal (like 0755)
-func MkdirAll(in io.Reader, out io.Writer, args []string) error {
-	return mkdir(in, out, args, os.MkdirAll)
-}
-
-func mkdir(in io.Reader, out io.Writer, args []string, mkdirFunc func(string, os.FileMode) error) error {
-	if len(args) < 2 {
-		return ErrInvalid
-	}
-
-	perm, err := strconv.ParseUint(args[1], 8, 32)
-	if err != nil {
-		return err
-	}
-	return mkdirFunc(args[0], os.FileMode(perm))
-}
-
-// Remove works like os.Remove
-// Args:
-//	- args[0] is the path
-func Remove(in io.Reader, out io.Writer, args []string) error {
-	return remove(in, out, args, os.Remove)
-}
-
-// RemoveAll works like os.RemoveAll
-// Args:
-//  - args[0] is the path
-func RemoveAll(in io.Reader, out io.Writer, args []string) error {
-	return remove(in, out, args, os.RemoveAll)
-}
-
-func remove(in io.Reader, out io.Writer, args []string, removefunc func(string) error) error {
-	if len(args) < 1 {
-		return ErrInvalid
-	}
-	return removefunc(args[0])
-}
-
-// Link works like os.Link
-// Args:
-//  - args[0] = old path name (link source)
-//  - args[1] = new path name (link dest)
-func Link(in io.Reader, out io.Writer, args []string) error {
-	return link(in, out, args, os.Link)
-}
-
-// Symlink works like os.Symlink
-// Args:
-//  - args[0] = old path name (link source)
-//  - args[1] = new path name (link dest)
-func Symlink(in io.Reader, out io.Writer, args []string) error {
-	return link(in, out, args, os.Symlink)
-}
-
-func link(in io.Reader, out io.Writer, args []string, linkfunc func(string, string) error) error {
-	if len(args) < 2 {
-		return ErrInvalid
-	}
-	return linkfunc(args[0], args[1])
-}
-
-// Lchmod changes permission of the given file without following symlinks
-// Args:
-//  - args[0] = path
-//  - args[1] = permission mode in octal (like 0755)
-func Lchmod(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 2 {
-		return ErrInvalid
-	}
-
-	perm, err := strconv.ParseUint(args[1], 8, 32)
-	if err != nil {
-		return err
-	}
-
-	path := args[0]
-	if !filepath.IsAbs(path) {
-		path, err = filepath.Abs(path)
-		if err != nil {
-			return err
-		}
-	}
-	return unix.Fchmodat(0, path, uint32(perm), unix.AT_SYMLINK_NOFOLLOW)
-}
-
-// Lchown works like os.Lchown
-// Args:
-//  - args[0] = path
-//  - args[1] = uid in base 10
-//  - args[2] = gid in base 10
-func Lchown(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 3 {
-		return ErrInvalid
-	}
-
-	uid, err := strconv.ParseInt(args[1], 10, 64)
-	if err != nil {
-		return err
-	}
-
-	gid, err := strconv.ParseInt(args[2], 10, 64)
-	if err != nil {
-		return err
-	}
-	return os.Lchown(args[0], int(uid), int(gid))
-}
-
-// Mknod works like syscall.Mknod
-// Args:
-//  - args[0] = path
-//  - args[1] = permission mode in octal (like 0755)
-//  - args[2] = major device number in base 10
-//  - args[3] = minor device number in base 10
-func Mknod(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 4 {
-		return ErrInvalid
-	}
-
-	perm, err := strconv.ParseUint(args[1], 8, 32)
-	if err != nil {
-		return err
-	}
-
-	major, err := strconv.ParseInt(args[2], 10, 32)
-	if err != nil {
-		return err
-	}
-
-	minor, err := strconv.ParseInt(args[3], 10, 32)
-	if err != nil {
-		return err
-	}
-
-	dev := unix.Mkdev(uint32(major), uint32(minor))
-	return unix.Mknod(args[0], uint32(perm), int(dev))
-}
-
-// Mkfifo creates a FIFO special file with the given path name and permissions
-// Args:
-// 	- args[0] = path
-//  - args[1] = permission mode in octal (like 0755)
-func Mkfifo(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 2 {
-		return ErrInvalid
-	}
-
-	perm, err := strconv.ParseUint(args[1], 8, 32)
-	if err != nil {
-		return err
-	}
-	return unix.Mkfifo(args[0], uint32(perm))
-}
-
-// OpenFile works like os.OpenFile. To manage the file pointer state,
-// this function acts as a single file "file server" with Read/Write/Close
-// being serialized control codes from in.
-// Args:
-//  - args[0] = path
-//  - args[1] = flag in base 10
-//  - args[2] = permission mode in octal (like 0755)
-func OpenFile(in io.Reader, out io.Writer, args []string) (err error) {
-	logrus.Debugf("OpenFile: %v", args)
-
-	defer func() {
-		if err != nil {
-			logrus.Errorf("OpenFile: return is non-nil, so writing cmdFailed back: %v", err)
-			// error code will be serialized by the caller, so don't write it here
-			WriteFileHeader(out, &FileHeader{Cmd: CmdFailed}, nil)
-		}
-	}()
-
-	if len(args) < 3 {
-		logrus.Errorf("OpenFile: Not enough parameters")
-		return ErrInvalid
-	}
-
-	flag, err := strconv.ParseInt(args[1], 10, 32)
-	if err != nil {
-		logrus.Errorf("OpenFile: Invalid flag: %v", err)
-		return err
-	}
-
-	perm, err := strconv.ParseUint(args[2], 8, 32)
-	if err != nil {
-		logrus.Errorf("OpenFile: Invalid permission: %v", err)
-		return err
-	}
-
-	f, err := os.OpenFile(args[0], int(flag), os.FileMode(perm))
-	if err != nil {
-		logrus.Errorf("OpenFile: Failed to open: %v", err)
-		return err
-	}
-
-	// Signal the client that OpenFile succeeded
-	logrus.Debugf("OpenFile: Sending OK header")
-	if err := WriteFileHeader(out, &FileHeader{Cmd: CmdOK}, nil); err != nil {
-		return err
-	}
-
-	for {
-		logrus.Debugf("OpenFile: reading header")
-		hdr, err := ReadFileHeader(in)
-		if err != nil {
-			logrus.Errorf("OpenFile: Failed to ReadFileHeader: %v", err)
-			return err
-		}
-		logrus.Debugf("OpenFile: Header: %+v", hdr)
-
-		var buf []byte
-		switch hdr.Cmd {
-		case Read:
-			logrus.Debugf("OpenFile: Read command")
-			buf = make([]byte, hdr.Size, hdr.Size)
-			n, err := f.Read(buf)
-			logrus.Debugf("OpenFile: Issued a read for %d, got %d bytes and error %v", hdr.Size, n, err)
-			if err != nil {
-				logrus.Errorf("OpenFile: Read failed: %v", err)
-				return err
-			}
-			buf = buf[:n]
-		case Write:
-			logrus.Debugf("OpenFile: Write command")
-			if _, err := io.CopyN(f, in, int64(hdr.Size)); err != nil {
-				logrus.Errorf("OpenFile: Write CopyN() failed: %v", err)
-				return err
-			}
-		case Seek:
-			logrus.Debugf("OpenFile: Seek command")
-			seekHdr := &SeekHeader{}
-			if err := binary.Read(in, binary.BigEndian, seekHdr); err != nil {
-				logrus.Errorf("OpenFile: Seek Read() failed: %v", err)
-				return err
-			}
-			res, err := f.Seek(seekHdr.Offset, int(seekHdr.Whence))
-			if err != nil {
-				logrus.Errorf("OpenFile: Seek Seek() failed: %v", err)
-				return err
-			}
-			buffer := &bytes.Buffer{}
-			if err := binary.Write(buffer, binary.BigEndian, res); err != nil {
-				logrus.Errorf("OpenFile: Seek Write() failed: %v", err)
-				return err
-			}
-			buf = buffer.Bytes()
-		case Close:
-			logrus.Debugf("OpenFile: Close command")
-			if err := f.Close(); err != nil {
-				return err
-			}
-		default:
-			logrus.Errorf("OpenFile: unknown command")
-			return ErrUnknown
-		}
-
-		logrus.Debugf("OpenFile: Writing back OK header of size %d", len(buf))
-		retHdr := &FileHeader{
-			Cmd:  CmdOK,
-			Size: uint64(len(buf)),
-		}
-		if err := WriteFileHeader(out, retHdr, buf); err != nil {
-			logrus.Errorf("OpenFile: WriteFileHeader() failed: %v", err)
-			return err
-		}
-
-		if hdr.Cmd == Close {
-			break
-		}
-	}
-	logrus.Debugf("OpenFile: Done, no error")
-	return nil
-}
-
-// ReadFile works like ioutil.ReadFile but instead writes the file to a writer
-// Args:
-//  - args[0] = path
-// Out:
-//  - Write file contents to out
-func ReadFile(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 1 {
-		return ErrInvalid
-	}
-
-	f, err := os.Open(args[0])
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	if _, err := io.Copy(out, f); err != nil {
-		return nil
-	}
-	return nil
-}
-
-// WriteFile works like ioutil.WriteFile but instead reads the file from a reader
-// Args:
-//  - args[0] = path
-//  - args[1] = permission mode in octal (like 0755)
-//  - input data stream from in
-func WriteFile(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 2 {
-		return ErrInvalid
-	}
-
-	perm, err := strconv.ParseUint(args[1], 8, 32)
-	if err != nil {
-		return err
-	}
-
-	f, err := os.OpenFile(args[0], os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.FileMode(perm))
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	if _, err := io.Copy(f, in); err != nil {
-		return err
-	}
-	return nil
-}
-
-// ReadDir works like *os.File.Readdir but instead writes the result to a writer
-// Args:
-//  - args[0] = path
-//  - args[1] = number of directory entries to return. If <= 0, return all entries in directory
-func ReadDir(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 2 {
-		return ErrInvalid
-	}
-
-	n, err := strconv.ParseInt(args[1], 10, 32)
-	if err != nil {
-		return err
-	}
-
-	f, err := os.Open(args[0])
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	infos, err := f.Readdir(int(n))
-	if err != nil {
-		return err
-	}
-
-	fileInfos := make([]FileInfo, len(infos))
-	for i := range infos {
-		fileInfos[i] = FileInfo{
-			NameVar:    infos[i].Name(),
-			SizeVar:    infos[i].Size(),
-			ModeVar:    infos[i].Mode(),
-			ModTimeVar: infos[i].ModTime().UnixNano(),
-			IsDirVar:   infos[i].IsDir(),
-		}
-	}
-
-	buf, err := json.Marshal(fileInfos)
-	if err != nil {
-		return err
-	}
-
-	if _, err := out.Write(buf); err != nil {
-		return err
-	}
-	return nil
-}
-
-// ResolvePath works like docker's symlink.FollowSymlinkInScope.
-// It takens in a `path` and a `root` and evaluates symlinks in `path`
-// as if they were scoped in `root`. `path` must be a child path of `root`.
-// In other words, `path` must have `root` as a prefix.
-// Example:
-// path=/foo/bar -> /baz
-// root=/foo,
-// Expected result = /foo/baz
-//
-// Args:
-// - args[0] is `path`
-// - args[1] is `root`
-// Out:
-// - Write resolved path to stdout
-func ResolvePath(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 2 {
-		return ErrInvalid
-	}
-	res, err := symlink.FollowSymlinkInScope(args[0], args[1])
-	if err != nil {
-		return err
-	}
-	if _, err = out.Write([]byte(res)); err != nil {
-		return err
-	}
-	return nil
-}
-
-// ExtractArchive extracts the archive read from in.
-// Args:
-// - in = size of json | json of archive.TarOptions | input tar stream
-// - args[0] = extract directory name
-func ExtractArchive(in io.Reader, out io.Writer, args []string) error {
-	logrus.Debugln("ExtractArchive:", args)
-	if len(args) < 1 {
-		logrus.Errorln("ExtractArchive: invalid args")
-		return ErrInvalid
-	}
-
-	opts, err := ReadTarOptions(in)
-	if err != nil {
-		logrus.Errorf("ExtractArchive: Failed to read tar options: %v", err)
-		return err
-	}
-
-	logrus.Debugf("ExtractArchive: Tar options: %+v", opts)
-	if err := archive.Untar(in, args[0], opts); err != nil {
-		logrus.Errorf("ExtractArchive: Failed to Untar: %v", err)
-		return err
-	}
-	logrus.Debugf("ExtractArchive: Success")
-	return nil
-}
-
-// ArchivePath archives the given directory and writes it to out.
-// Args:
-// - in = size of json | json of archive.TarOptions
-// - args[0] = source directory name
-// Out:
-// - out = tar file of the archive
-func ArchivePath(in io.Reader, out io.Writer, args []string) error {
-	if len(args) < 1 {
-		return ErrInvalid
-	}
-
-	opts, err := ReadTarOptions(in)
-	if err != nil {
-		return err
-	}
-
-	r, err := archive.TarWithOptions(args[0], opts)
-	if err != nil {
-		return err
-	}
-
-	if _, err := io.Copy(out, r); err != nil {
-		return err
-	}
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/utils.go b/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/utils.go
deleted file mode 100644
index 727fd50e5ad3d..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/service/gcsutils/remotefs/utils.go
+++ /dev/null
@@ -1,170 +0,0 @@
-package remotefs
-
-import (
-	"bytes"
-	"encoding/binary"
-	"encoding/json"
-	"io"
-	"io/ioutil"
-	"os"
-	"syscall"
-
-	"github.com/docker/docker/pkg/archive"
-)
-
-// ReadError is an utility function that reads a serialized error from the given reader
-// and deserializes it.
-func ReadError(in io.Reader) (*ExportedError, error) {
-	b, err := ioutil.ReadAll(in)
-	if err != nil {
-		return nil, err
-	}
-
-	// No error
-	if len(b) == 0 {
-		return nil, nil
-	}
-
-	var exportedErr ExportedError
-	if err := json.Unmarshal(b, &exportedErr); err != nil {
-		return nil, err
-	}
-
-	return &exportedErr, nil
-}
-
-// ExportedToError will convert a ExportedError to an error. It will try to match
-// the error to any existing known error like os.ErrNotExist. Otherwise, it will just
-// return an implementation of the error interface.
-func ExportedToError(ee *ExportedError) error {
-	if ee.Error() == os.ErrNotExist.Error() {
-		return os.ErrNotExist
-	} else if ee.Error() == os.ErrExist.Error() {
-		return os.ErrExist
-	} else if ee.Error() == os.ErrPermission.Error() {
-		return os.ErrPermission
-	} else if ee.Error() == io.EOF.Error() {
-		return io.EOF
-	}
-	return ee
-}
-
-// WriteError is an utility function that serializes the error
-// and writes it to the output writer.
-func WriteError(err error, out io.Writer) error {
-	if err == nil {
-		return nil
-	}
-	err = fixOSError(err)
-
-	var errno int
-	switch typedError := err.(type) {
-	case *os.PathError:
-		if se, ok := typedError.Err.(syscall.Errno); ok {
-			errno = int(se)
-		}
-	case *os.LinkError:
-		if se, ok := typedError.Err.(syscall.Errno); ok {
-			errno = int(se)
-		}
-	case *os.SyscallError:
-		if se, ok := typedError.Err.(syscall.Errno); ok {
-			errno = int(se)
-		}
-	}
-
-	exportedError := &ExportedError{
-		ErrString: err.Error(),
-		ErrNum:    errno,
-	}
-
-	b, err1 := json.Marshal(exportedError)
-	if err1 != nil {
-		return err1
-	}
-
-	_, err1 = out.Write(b)
-	if err1 != nil {
-		return err1
-	}
-	return nil
-}
-
-// fixOSError converts possible platform dependent error into the portable errors in the
-// Go os package if possible.
-func fixOSError(err error) error {
-	// The os.IsExist, os.IsNotExist, and os.IsPermissions functions are platform
-	// dependent, so sending the raw error might break those functions on a different OS.
-	// Go defines portable errors for these.
-	if os.IsExist(err) {
-		return os.ErrExist
-	} else if os.IsNotExist(err) {
-		return os.ErrNotExist
-	} else if os.IsPermission(err) {
-		return os.ErrPermission
-	}
-	return err
-}
-
-// ReadTarOptions reads from the specified reader and deserializes an archive.TarOptions struct.
-func ReadTarOptions(r io.Reader) (*archive.TarOptions, error) {
-	var size uint64
-	if err := binary.Read(r, binary.BigEndian, &size); err != nil {
-		return nil, err
-	}
-
-	rawJSON := make([]byte, size)
-	if _, err := io.ReadFull(r, rawJSON); err != nil {
-		return nil, err
-	}
-
-	var opts archive.TarOptions
-	if err := json.Unmarshal(rawJSON, &opts); err != nil {
-		return nil, err
-	}
-	return &opts, nil
-}
-
-// WriteTarOptions serializes a archive.TarOptions struct and writes it to the writer.
-func WriteTarOptions(w io.Writer, opts *archive.TarOptions) error {
-	optsBuf, err := json.Marshal(opts)
-	if err != nil {
-		return err
-	}
-
-	optsSize := uint64(len(optsBuf))
-	optsSizeBuf := &bytes.Buffer{}
-	if err := binary.Write(optsSizeBuf, binary.BigEndian, optsSize); err != nil {
-		return err
-	}
-
-	if _, err := optsSizeBuf.WriteTo(w); err != nil {
-		return err
-	}
-
-	if _, err := w.Write(optsBuf); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// ReadFileHeader reads from r and returns a deserialized FileHeader
-func ReadFileHeader(r io.Reader) (*FileHeader, error) {
-	hdr := &FileHeader{}
-	if err := binary.Read(r, binary.BigEndian, hdr); err != nil {
-		return nil, err
-	}
-	return hdr, nil
-}
-
-// WriteFileHeader serializes a FileHeader and writes it to w, along with any extra data
-func WriteFileHeader(w io.Writer, hdr *FileHeader, extraData []byte) error {
-	if err := binary.Write(w, binary.BigEndian, hdr); err != nil {
-		return err
-	}
-	if _, err := w.Write(extraData); err != nil {
-		return err
-	}
-	return nil
-}
diff --git a/vendor/github.com/Microsoft/opengcs/vsockexec/vsockexec.c b/vendor/github.com/Microsoft/opengcs/vsockexec/vsockexec.c
deleted file mode 100644
index 7a26d4c0da250..0000000000000
--- a/vendor/github.com/Microsoft/opengcs/vsockexec/vsockexec.c
+++ /dev/null
@@ -1,129 +0,0 @@
-// vsockexec opens vsock connections for the specified stdio descriptors and
-// then execs the specified process.
-
-#include <errno.h>
-#include <sys/socket.h>
-#include <linux/vm_sockets.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#ifdef USE_TCP
-static const int tcpmode = 1;
-#else
-static const int tcpmode;
-#endif
-
-static int openvsock(unsigned int cid, unsigned int port)
-{
-    int s = socket(AF_VSOCK, SOCK_STREAM, 0);
-    if (s < 0) {
-        perror("socket: AF_VSOCK");
-        return -1;
-    }
-
-    struct sockaddr_vm addr = {0};
-    addr.svm_family = AF_VSOCK;
-    addr.svm_port = port;
-    addr.svm_cid = cid;
-    if (connect(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
-        fprintf(stderr, "connect: port %u: %s", port, strerror(errno));
-        return -1;
-    }
-
-    return s;
-}
-
-static int opentcp(unsigned short port)
-{
-    int s = socket(AF_INET, SOCK_STREAM, 0);
-    if (s < 0) {
-        perror("socket: AF_INET");
-        return -1;
-    }
-
-    struct sockaddr_in addr = {0};
-    addr.sin_family = AF_INET;
-    addr.sin_port = htons(port);
-    addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-    if (connect(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
-        fprintf(stderr, "connect: port %u: %s\n", port, strerror(errno));
-        return -1;
-    }
-
-    return s;
-}
-
-_Noreturn static void usage(const char *argv0)
-{
-    fprintf(stderr, "%s [-i port] [-o port] [-e port] -- program [args...]\n", argv0);
-    exit(1);
-}
-
-int main(int argc, char **argv)
-{
-    unsigned int ports[3] = {0};
-    int sockets[3] = {-1, -1, -1};
-    int c;
-    while ((c = getopt(argc, argv, "+i:o:e:")) != -1) {
-        switch (c) {
-        case 'i':
-            ports[0] = strtoul(optarg, NULL, 10);
-            break;
-
-        case 'o':
-            ports[1] = strtoul(optarg, NULL, 10);
-            break;
-
-        case 'e':
-            ports[2] = strtoul(optarg, NULL, 10);
-            break;
-
-        default:
-            usage(argv[0]);
-        }
-    }
-
-    if (optind == argc) {
-        fprintf(stderr, "%s: missing program argument\n", argv[0]);
-        usage(argv[0]);
-    }
-
-    for (int i = 0; i < 3; i++) {
-        if (ports[i] != 0) {
-            int j;
-            for (j = 0; j < i; j++) {
-                if (ports[i] == ports[j]) {
-                    int s = dup(sockets[j]);
-                    if (s < 0) {
-                        perror("dup");
-                        return 1;
-                    }
-                    sockets[i] = s;
-                    break;
-                }
-            }
-
-            if (j == i) {
-                int s = tcpmode ? opentcp(ports[i]) : openvsock(VMADDR_CID_HOST, ports[i]);
-                if (s < 0) {
-                    return 1;
-                }
-                sockets[i] = s;
-            }
-        }
-    }
-
-    for (int i = 0; i < 3; i++) {
-        if (sockets[i] >= 0) {
-            dup2(sockets[i], i);
-            close(sockets[i]);
-        }
-    }
-
-    execvp(argv[optind], argv + optind);
-    fprintf(stderr, "execvp: %s: %s\n", argv[optind], strerror(errno));
-    return 1;
-}
diff --git a/vendor/github.com/Nvveen/Gotty/LICENSE b/vendor/github.com/Nvveen/Gotty/LICENSE
deleted file mode 100644
index 0b71c97360eb9..0000000000000
--- a/vendor/github.com/Nvveen/Gotty/LICENSE
+++ /dev/null
@@ -1,26 +0,0 @@
-Copyright (c) 2012, Neal van Veen (nealvanveen@gmail.com)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met: 
-
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer. 
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution. 
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-The views and conclusions contained in the software and documentation are those
-of the authors and should not be interpreted as representing official policies, 
-either expressed or implied, of the FreeBSD Project.
diff --git a/vendor/github.com/Nvveen/Gotty/README b/vendor/github.com/Nvveen/Gotty/README
deleted file mode 100644
index a6b0d9a8fe25e..0000000000000
--- a/vendor/github.com/Nvveen/Gotty/README
+++ /dev/null
@@ -1,5 +0,0 @@
-Gotty is a library written in Go that determines and reads termcap database
-files to produce an interface for interacting with the capabilities of a
-terminal.
-See the godoc documentation or the source code for more information about
-function usage.
diff --git a/vendor/github.com/Nvveen/Gotty/attributes.go b/vendor/github.com/Nvveen/Gotty/attributes.go
deleted file mode 100644
index a4c005fae5836..0000000000000
--- a/vendor/github.com/Nvveen/Gotty/attributes.go
+++ /dev/null
@@ -1,514 +0,0 @@
-// Copyright 2012 Neal van Veen. All rights reserved.
-// Usage of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package gotty
-
-// Boolean capabilities
-var BoolAttr = [...]string{
-	"auto_left_margin", "bw",
-	"auto_right_margin", "am",
-	"no_esc_ctlc", "xsb",
-	"ceol_standout_glitch", "xhp",
-	"eat_newline_glitch", "xenl",
-	"erase_overstrike", "eo",
-	"generic_type", "gn",
-	"hard_copy", "hc",
-	"has_meta_key", "km",
-	"has_status_line", "hs",
-	"insert_null_glitch", "in",
-	"memory_above", "da",
-	"memory_below", "db",
-	"move_insert_mode", "mir",
-	"move_standout_mode", "msgr",
-	"over_strike", "os",
-	"status_line_esc_ok", "eslok",
-	"dest_tabs_magic_smso", "xt",
-	"tilde_glitch", "hz",
-	"transparent_underline", "ul",
-	"xon_xoff", "nxon",
-	"needs_xon_xoff", "nxon",
-	"prtr_silent", "mc5i",
-	"hard_cursor", "chts",
-	"non_rev_rmcup", "nrrmc",
-	"no_pad_char", "npc",
-	"non_dest_scroll_region", "ndscr",
-	"can_change", "ccc",
-	"back_color_erase", "bce",
-	"hue_lightness_saturation", "hls",
-	"col_addr_glitch", "xhpa",
-	"cr_cancels_micro_mode", "crxm",
-	"has_print_wheel", "daisy",
-	"row_addr_glitch", "xvpa",
-	"semi_auto_right_margin", "sam",
-	"cpi_changes_res", "cpix",
-	"lpi_changes_res", "lpix",
-	"backspaces_with_bs", "",
-	"crt_no_scrolling", "",
-	"no_correctly_working_cr", "",
-	"gnu_has_meta_key", "",
-	"linefeed_is_newline", "",
-	"has_hardware_tabs", "",
-	"return_does_clr_eol", "",
-}
-
-// Numerical capabilities
-var NumAttr = [...]string{
-	"columns", "cols",
-	"init_tabs", "it",
-	"lines", "lines",
-	"lines_of_memory", "lm",
-	"magic_cookie_glitch", "xmc",
-	"padding_baud_rate", "pb",
-	"virtual_terminal", "vt",
-	"width_status_line", "wsl",
-	"num_labels", "nlab",
-	"label_height", "lh",
-	"label_width", "lw",
-	"max_attributes", "ma",
-	"maximum_windows", "wnum",
-	"max_colors", "colors",
-	"max_pairs", "pairs",
-	"no_color_video", "ncv",
-	"buffer_capacity", "bufsz",
-	"dot_vert_spacing", "spinv",
-	"dot_horz_spacing", "spinh",
-	"max_micro_address", "maddr",
-	"max_micro_jump", "mjump",
-	"micro_col_size", "mcs",
-	"micro_line_size", "mls",
-	"number_of_pins", "npins",
-	"output_res_char", "orc",
-	"output_res_line", "orl",
-	"output_res_horz_inch", "orhi",
-	"output_res_vert_inch", "orvi",
-	"print_rate", "cps",
-	"wide_char_size", "widcs",
-	"buttons", "btns",
-	"bit_image_entwining", "bitwin",
-	"bit_image_type", "bitype",
-	"magic_cookie_glitch_ul", "",
-	"carriage_return_delay", "",
-	"new_line_delay", "",
-	"backspace_delay", "",
-	"horizontal_tab_delay", "",
-	"number_of_function_keys", "",
-}
-
-// String capabilities
-var StrAttr = [...]string{
-	"back_tab", "cbt",
-	"bell", "bel",
-	"carriage_return", "cr",
-	"change_scroll_region", "csr",
-	"clear_all_tabs", "tbc",
-	"clear_screen", "clear",
-	"clr_eol", "el",
-	"clr_eos", "ed",
-	"column_address", "hpa",
-	"command_character", "cmdch",
-	"cursor_address", "cup",
-	"cursor_down", "cud1",
-	"cursor_home", "home",
-	"cursor_invisible", "civis",
-	"cursor_left", "cub1",
-	"cursor_mem_address", "mrcup",
-	"cursor_normal", "cnorm",
-	"cursor_right", "cuf1",
-	"cursor_to_ll", "ll",
-	"cursor_up", "cuu1",
-	"cursor_visible", "cvvis",
-	"delete_character", "dch1",
-	"delete_line", "dl1",
-	"dis_status_line", "dsl",
-	"down_half_line", "hd",
-	"enter_alt_charset_mode", "smacs",
-	"enter_blink_mode", "blink",
-	"enter_bold_mode", "bold",
-	"enter_ca_mode", "smcup",
-	"enter_delete_mode", "smdc",
-	"enter_dim_mode", "dim",
-	"enter_insert_mode", "smir",
-	"enter_secure_mode", "invis",
-	"enter_protected_mode", "prot",
-	"enter_reverse_mode", "rev",
-	"enter_standout_mode", "smso",
-	"enter_underline_mode", "smul",
-	"erase_chars", "ech",
-	"exit_alt_charset_mode", "rmacs",
-	"exit_attribute_mode", "sgr0",
-	"exit_ca_mode", "rmcup",
-	"exit_delete_mode", "rmdc",
-	"exit_insert_mode", "rmir",
-	"exit_standout_mode", "rmso",
-	"exit_underline_mode", "rmul",
-	"flash_screen", "flash",
-	"form_feed", "ff",
-	"from_status_line", "fsl",
-	"init_1string", "is1",
-	"init_2string", "is2",
-	"init_3string", "is3",
-	"init_file", "if",
-	"insert_character", "ich1",
-	"insert_line", "il1",
-	"insert_padding", "ip",
-	"key_backspace", "kbs",
-	"key_catab", "ktbc",
-	"key_clear", "kclr",
-	"key_ctab", "kctab",
-	"key_dc", "kdch1",
-	"key_dl", "kdl1",
-	"key_down", "kcud1",
-	"key_eic", "krmir",
-	"key_eol", "kel",
-	"key_eos", "ked",
-	"key_f0", "kf0",
-	"key_f1", "kf1",
-	"key_f10", "kf10",
-	"key_f2", "kf2",
-	"key_f3", "kf3",
-	"key_f4", "kf4",
-	"key_f5", "kf5",
-	"key_f6", "kf6",
-	"key_f7", "kf7",
-	"key_f8", "kf8",
-	"key_f9", "kf9",
-	"key_home", "khome",
-	"key_ic", "kich1",
-	"key_il", "kil1",
-	"key_left", "kcub1",
-	"key_ll", "kll",
-	"key_npage", "knp",
-	"key_ppage", "kpp",
-	"key_right", "kcuf1",
-	"key_sf", "kind",
-	"key_sr", "kri",
-	"key_stab", "khts",
-	"key_up", "kcuu1",
-	"keypad_local", "rmkx",
-	"keypad_xmit", "smkx",
-	"lab_f0", "lf0",
-	"lab_f1", "lf1",
-	"lab_f10", "lf10",
-	"lab_f2", "lf2",
-	"lab_f3", "lf3",
-	"lab_f4", "lf4",
-	"lab_f5", "lf5",
-	"lab_f6", "lf6",
-	"lab_f7", "lf7",
-	"lab_f8", "lf8",
-	"lab_f9", "lf9",
-	"meta_off", "rmm",
-	"meta_on", "smm",
-	"newline", "_glitch",
-	"pad_char", "npc",
-	"parm_dch", "dch",
-	"parm_delete_line", "dl",
-	"parm_down_cursor", "cud",
-	"parm_ich", "ich",
-	"parm_index", "indn",
-	"parm_insert_line", "il",
-	"parm_left_cursor", "cub",
-	"parm_right_cursor", "cuf",
-	"parm_rindex", "rin",
-	"parm_up_cursor", "cuu",
-	"pkey_key", "pfkey",
-	"pkey_local", "pfloc",
-	"pkey_xmit", "pfx",
-	"print_screen", "mc0",
-	"prtr_off", "mc4",
-	"prtr_on", "mc5",
-	"repeat_char", "rep",
-	"reset_1string", "rs1",
-	"reset_2string", "rs2",
-	"reset_3string", "rs3",
-	"reset_file", "rf",
-	"restore_cursor", "rc",
-	"row_address", "mvpa",
-	"save_cursor", "row_address",
-	"scroll_forward", "ind",
-	"scroll_reverse", "ri",
-	"set_attributes", "sgr",
-	"set_tab", "hts",
-	"set_window", "wind",
-	"tab", "s_magic_smso",
-	"to_status_line", "tsl",
-	"underline_char", "uc",
-	"up_half_line", "hu",
-	"init_prog", "iprog",
-	"key_a1", "ka1",
-	"key_a3", "ka3",
-	"key_b2", "kb2",
-	"key_c1", "kc1",
-	"key_c3", "kc3",
-	"prtr_non", "mc5p",
-	"char_padding", "rmp",
-	"acs_chars", "acsc",
-	"plab_norm", "pln",
-	"key_btab", "kcbt",
-	"enter_xon_mode", "smxon",
-	"exit_xon_mode", "rmxon",
-	"enter_am_mode", "smam",
-	"exit_am_mode", "rmam",
-	"xon_character", "xonc",
-	"xoff_character", "xoffc",
-	"ena_acs", "enacs",
-	"label_on", "smln",
-	"label_off", "rmln",
-	"key_beg", "kbeg",
-	"key_cancel", "kcan",
-	"key_close", "kclo",
-	"key_command", "kcmd",
-	"key_copy", "kcpy",
-	"key_create", "kcrt",
-	"key_end", "kend",
-	"key_enter", "kent",
-	"key_exit", "kext",
-	"key_find", "kfnd",
-	"key_help", "khlp",
-	"key_mark", "kmrk",
-	"key_message", "kmsg",
-	"key_move", "kmov",
-	"key_next", "knxt",
-	"key_open", "kopn",
-	"key_options", "kopt",
-	"key_previous", "kprv",
-	"key_print", "kprt",
-	"key_redo", "krdo",
-	"key_reference", "kref",
-	"key_refresh", "krfr",
-	"key_replace", "krpl",
-	"key_restart", "krst",
-	"key_resume", "kres",
-	"key_save", "ksav",
-	"key_suspend", "kspd",
-	"key_undo", "kund",
-	"key_sbeg", "kBEG",
-	"key_scancel", "kCAN",
-	"key_scommand", "kCMD",
-	"key_scopy", "kCPY",
-	"key_screate", "kCRT",
-	"key_sdc", "kDC",
-	"key_sdl", "kDL",
-	"key_select", "kslt",
-	"key_send", "kEND",
-	"key_seol", "kEOL",
-	"key_sexit", "kEXT",
-	"key_sfind", "kFND",
-	"key_shelp", "kHLP",
-	"key_shome", "kHOM",
-	"key_sic", "kIC",
-	"key_sleft", "kLFT",
-	"key_smessage", "kMSG",
-	"key_smove", "kMOV",
-	"key_snext", "kNXT",
-	"key_soptions", "kOPT",
-	"key_sprevious", "kPRV",
-	"key_sprint", "kPRT",
-	"key_sredo", "kRDO",
-	"key_sreplace", "kRPL",
-	"key_sright", "kRIT",
-	"key_srsume", "kRES",
-	"key_ssave", "kSAV",
-	"key_ssuspend", "kSPD",
-	"key_sundo", "kUND",
-	"req_for_input", "rfi",
-	"key_f11", "kf11",
-	"key_f12", "kf12",
-	"key_f13", "kf13",
-	"key_f14", "kf14",
-	"key_f15", "kf15",
-	"key_f16", "kf16",
-	"key_f17", "kf17",
-	"key_f18", "kf18",
-	"key_f19", "kf19",
-	"key_f20", "kf20",
-	"key_f21", "kf21",
-	"key_f22", "kf22",
-	"key_f23", "kf23",
-	"key_f24", "kf24",
-	"key_f25", "kf25",
-	"key_f26", "kf26",
-	"key_f27", "kf27",
-	"key_f28", "kf28",
-	"key_f29", "kf29",
-	"key_f30", "kf30",
-	"key_f31", "kf31",
-	"key_f32", "kf32",
-	"key_f33", "kf33",
-	"key_f34", "kf34",
-	"key_f35", "kf35",
-	"key_f36", "kf36",
-	"key_f37", "kf37",
-	"key_f38", "kf38",
-	"key_f39", "kf39",
-	"key_f40", "kf40",
-	"key_f41", "kf41",
-	"key_f42", "kf42",
-	"key_f43", "kf43",
-	"key_f44", "kf44",
-	"key_f45", "kf45",
-	"key_f46", "kf46",
-	"key_f47", "kf47",
-	"key_f48", "kf48",
-	"key_f49", "kf49",
-	"key_f50", "kf50",
-	"key_f51", "kf51",
-	"key_f52", "kf52",
-	"key_f53", "kf53",
-	"key_f54", "kf54",
-	"key_f55", "kf55",
-	"key_f56", "kf56",
-	"key_f57", "kf57",
-	"key_f58", "kf58",
-	"key_f59", "kf59",
-	"key_f60", "kf60",
-	"key_f61", "kf61",
-	"key_f62", "kf62",
-	"key_f63", "kf63",
-	"clr_bol", "el1",
-	"clear_margins", "mgc",
-	"set_left_margin", "smgl",
-	"set_right_margin", "smgr",
-	"label_format", "fln",
-	"set_clock", "sclk",
-	"display_clock", "dclk",
-	"remove_clock", "rmclk",
-	"create_window", "cwin",
-	"goto_window", "wingo",
-	"hangup", "hup",
-	"dial_phone", "dial",
-	"quick_dial", "qdial",
-	"tone", "tone",
-	"pulse", "pulse",
-	"flash_hook", "hook",
-	"fixed_pause", "pause",
-	"wait_tone", "wait",
-	"user0", "u0",
-	"user1", "u1",
-	"user2", "u2",
-	"user3", "u3",
-	"user4", "u4",
-	"user5", "u5",
-	"user6", "u6",
-	"user7", "u7",
-	"user8", "u8",
-	"user9", "u9",
-	"orig_pair", "op",
-	"orig_colors", "oc",
-	"initialize_color", "initc",
-	"initialize_pair", "initp",
-	"set_color_pair", "scp",
-	"set_foreground", "setf",
-	"set_background", "setb",
-	"change_char_pitch", "cpi",
-	"change_line_pitch", "lpi",
-	"change_res_horz", "chr",
-	"change_res_vert", "cvr",
-	"define_char", "defc",
-	"enter_doublewide_mode", "swidm",
-	"enter_draft_quality", "sdrfq",
-	"enter_italics_mode", "sitm",
-	"enter_leftward_mode", "slm",
-	"enter_micro_mode", "smicm",
-	"enter_near_letter_quality", "snlq",
-	"enter_normal_quality", "snrmq",
-	"enter_shadow_mode", "sshm",
-	"enter_subscript_mode", "ssubm",
-	"enter_superscript_mode", "ssupm",
-	"enter_upward_mode", "sum",
-	"exit_doublewide_mode", "rwidm",
-	"exit_italics_mode", "ritm",
-	"exit_leftward_mode", "rlm",
-	"exit_micro_mode", "rmicm",
-	"exit_shadow_mode", "rshm",
-	"exit_subscript_mode", "rsubm",
-	"exit_superscript_mode", "rsupm",
-	"exit_upward_mode", "rum",
-	"micro_column_address", "mhpa",
-	"micro_down", "mcud1",
-	"micro_left", "mcub1",
-	"micro_right", "mcuf1",
-	"micro_row_address", "mvpa",
-	"micro_up", "mcuu1",
-	"order_of_pins", "porder",
-	"parm_down_micro", "mcud",
-	"parm_left_micro", "mcub",
-	"parm_right_micro", "mcuf",
-	"parm_up_micro", "mcuu",
-	"select_char_set", "scs",
-	"set_bottom_margin", "smgb",
-	"set_bottom_margin_parm", "smgbp",
-	"set_left_margin_parm", "smglp",
-	"set_right_margin_parm", "smgrp",
-	"set_top_margin", "smgt",
-	"set_top_margin_parm", "smgtp",
-	"start_bit_image", "sbim",
-	"start_char_set_def", "scsd",
-	"stop_bit_image", "rbim",
-	"stop_char_set_def", "rcsd",
-	"subscript_characters", "subcs",
-	"superscript_characters", "supcs",
-	"these_cause_cr", "docr",
-	"zero_motion", "zerom",
-	"char_set_names", "csnm",
-	"key_mouse", "kmous",
-	"mouse_info", "minfo",
-	"req_mouse_pos", "reqmp",
-	"get_mouse", "getm",
-	"set_a_foreground", "setaf",
-	"set_a_background", "setab",
-	"pkey_plab", "pfxl",
-	"device_type", "devt",
-	"code_set_init", "csin",
-	"set0_des_seq", "s0ds",
-	"set1_des_seq", "s1ds",
-	"set2_des_seq", "s2ds",
-	"set3_des_seq", "s3ds",
-	"set_lr_margin", "smglr",
-	"set_tb_margin", "smgtb",
-	"bit_image_repeat", "birep",
-	"bit_image_newline", "binel",
-	"bit_image_carriage_return", "bicr",
-	"color_names", "colornm",
-	"define_bit_image_region", "defbi",
-	"end_bit_image_region", "endbi",
-	"set_color_band", "setcolor",
-	"set_page_length", "slines",
-	"display_pc_char", "dispc",
-	"enter_pc_charset_mode", "smpch",
-	"exit_pc_charset_mode", "rmpch",
-	"enter_scancode_mode", "smsc",
-	"exit_scancode_mode", "rmsc",
-	"pc_term_options", "pctrm",
-	"scancode_escape", "scesc",
-	"alt_scancode_esc", "scesa",
-	"enter_horizontal_hl_mode", "ehhlm",
-	"enter_left_hl_mode", "elhlm",
-	"enter_low_hl_mode", "elohlm",
-	"enter_right_hl_mode", "erhlm",
-	"enter_top_hl_mode", "ethlm",
-	"enter_vertical_hl_mode", "evhlm",
-	"set_a_attributes", "sgr1",
-	"set_pglen_inch", "slength",
-	"termcap_init2", "",
-	"termcap_reset", "",
-	"linefeed_if_not_lf", "",
-	"backspace_if_not_bs", "",
-	"other_non_function_keys", "",
-	"arrow_key_map", "",
-	"acs_ulcorner", "",
-	"acs_llcorner", "",
-	"acs_urcorner", "",
-	"acs_lrcorner", "",
-	"acs_ltee", "",
-	"acs_rtee", "",
-	"acs_btee", "",
-	"acs_ttee", "",
-	"acs_hline", "",
-	"acs_vline", "",
-	"acs_plus", "",
-	"memory_lock", "",
-	"memory_unlock", "",
-	"box_chars_1", "",
-}
diff --git a/vendor/github.com/Nvveen/Gotty/gotty.go b/vendor/github.com/Nvveen/Gotty/gotty.go
deleted file mode 100644
index c329778a1d0fe..0000000000000
--- a/vendor/github.com/Nvveen/Gotty/gotty.go
+++ /dev/null
@@ -1,244 +0,0 @@
-// Copyright 2012 Neal van Veen. All rights reserved.
-// Usage of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Gotty is a Go-package for reading and parsing the terminfo database
-package gotty
-
-// TODO add more concurrency to name lookup, look for more opportunities.
-
-import (
-	"bytes"
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"os"
-	"path"
-	"reflect"
-	"strings"
-	"sync"
-)
-
-// Open a terminfo file by the name given and construct a TermInfo object.
-// If something went wrong reading the terminfo database file, an error is
-// returned.
-func OpenTermInfo(termName string) (*TermInfo, error) {
-	if len(termName) == 0 {
-		return nil, errors.New("No termname given")
-	}
-	// Find the environment variables
-	if termloc := os.Getenv("TERMINFO"); len(termloc) > 0 {
-		return readTermInfo(path.Join(termloc, string(termName[0]), termName))
-	} else {
-		// Search like ncurses
-		locations := []string{}
-		if h := os.Getenv("HOME"); len(h) > 0 {
-			locations = append(locations, path.Join(h, ".terminfo"))
-		}
-		locations = append(locations,
-			"/etc/terminfo/",
-			"/lib/terminfo/",
-			"/usr/share/terminfo/")
-		for _, str := range locations {
-			term, err := readTermInfo(path.Join(str, string(termName[0]), termName))
-			if err == nil {
-				return term, nil
-			}
-		}
-		return nil, errors.New("No terminfo file(-location) found")
-	}
-}
-
-// Open a terminfo file from the environment variable containing the current
-// terminal name and construct a TermInfo object. If something went wrong
-// reading the terminfo database file, an error is returned.
-func OpenTermInfoEnv() (*TermInfo, error) {
-	termenv := os.Getenv("TERM")
-	return OpenTermInfo(termenv)
-}
-
-// Return an attribute by the name attr provided. If none can be found,
-// an error is returned.
-func (term *TermInfo) GetAttribute(attr string) (stacker, error) {
-	// Channel to store the main value in.
-	var value stacker
-	// Add a blocking WaitGroup
-	var block sync.WaitGroup
-	// Keep track of variable being written.
-	written := false
-	// Function to put into goroutine.
-	f := func(ats interface{}) {
-		var ok bool
-		var v stacker
-		// Switch on type of map to use and assign value to it.
-		switch reflect.TypeOf(ats).Elem().Kind() {
-		case reflect.Bool:
-			v, ok = ats.(map[string]bool)[attr]
-		case reflect.Int16:
-			v, ok = ats.(map[string]int16)[attr]
-		case reflect.String:
-			v, ok = ats.(map[string]string)[attr]
-		}
-		// If ok, a value is found, so we can write.
-		if ok {
-			value = v
-			written = true
-		}
-		// Goroutine is done
-		block.Done()
-	}
-	block.Add(3)
-	// Go for all 3 attribute lists.
-	go f(term.boolAttributes)
-	go f(term.numAttributes)
-	go f(term.strAttributes)
-	// Wait until every goroutine is done.
-	block.Wait()
-	// If a value has been written, return it.
-	if written {
-		return value, nil
-	}
-	// Otherwise, error.
-	return nil, fmt.Errorf("Erorr finding attribute")
-}
-
-// Return an attribute by the name attr provided. If none can be found,
-// an error is returned. A name is first converted to its termcap value.
-func (term *TermInfo) GetAttributeName(name string) (stacker, error) {
-	tc := GetTermcapName(name)
-	return term.GetAttribute(tc)
-}
-
-// A utility function that finds and returns the termcap equivalent of a
-// variable name.
-func GetTermcapName(name string) string {
-	// Termcap name
-	var tc string
-	// Blocking group
-	var wait sync.WaitGroup
-	// Function to put into a goroutine
-	f := func(attrs []string) {
-		// Find the string corresponding to the name
-		for i, s := range attrs {
-			if s == name {
-				tc = attrs[i+1]
-			}
-		}
-		// Goroutine is finished
-		wait.Done()
-	}
-	wait.Add(3)
-	// Go for all 3 attribute lists
-	go f(BoolAttr[:])
-	go f(NumAttr[:])
-	go f(StrAttr[:])
-	// Wait until every goroutine is done
-	wait.Wait()
-	// Return the termcap name
-	return tc
-}
-
-// This function takes a path to a terminfo file and reads it in binary
-// form to construct the actual TermInfo file.
-func readTermInfo(path string) (*TermInfo, error) {
-	// Open the terminfo file
-	file, err := os.Open(path)
-	defer file.Close()
-	if err != nil {
-		return nil, err
-	}
-
-	// magic, nameSize, boolSize, nrSNum, nrOffsetsStr, strSize
-	// Header is composed of the magic 0432 octal number, size of the name
-	// section, size of the boolean section, the amount of number values,
-	// the number of offsets of strings, and the size of the string section.
-	var header [6]int16
-	// Byte array is used to read in byte values
-	var byteArray []byte
-	// Short array is used to read in short values
-	var shArray []int16
-	// TermInfo object to store values
-	var term TermInfo
-
-	// Read in the header
-	err = binary.Read(file, binary.LittleEndian, &header)
-	if err != nil {
-		return nil, err
-	}
-	// If magic number isn't there or isn't correct, we have the wrong filetype
-	if header[0] != 0432 {
-		return nil, errors.New(fmt.Sprintf("Wrong filetype"))
-	}
-
-	// Read in the names
-	byteArray = make([]byte, header[1])
-	err = binary.Read(file, binary.LittleEndian, &byteArray)
-	if err != nil {
-		return nil, err
-	}
-	term.Names = strings.Split(string(byteArray), "|")
-
-	// Read in the booleans
-	byteArray = make([]byte, header[2])
-	err = binary.Read(file, binary.LittleEndian, &byteArray)
-	if err != nil {
-		return nil, err
-	}
-	term.boolAttributes = make(map[string]bool)
-	for i, b := range byteArray {
-		if b == 1 {
-			term.boolAttributes[BoolAttr[i*2+1]] = true
-		}
-	}
-	// If the number of bytes read is not even, a byte for alignment is added
-	// We know the header is an even number of bytes so only need to check the
-	// total of the names and booleans.
-	if (header[1]+header[2])%2 != 0 {
-		err = binary.Read(file, binary.LittleEndian, make([]byte, 1))
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	// Read in shorts
-	shArray = make([]int16, header[3])
-	err = binary.Read(file, binary.LittleEndian, &shArray)
-	if err != nil {
-		return nil, err
-	}
-	term.numAttributes = make(map[string]int16)
-	for i, n := range shArray {
-		if n != 0377 && n > -1 {
-			term.numAttributes[NumAttr[i*2+1]] = n
-		}
-	}
-
-	// Read the offsets into the short array
-	shArray = make([]int16, header[4])
-	err = binary.Read(file, binary.LittleEndian, &shArray)
-	if err != nil {
-		return nil, err
-	}
-	// Read the actual strings in the byte array
-	byteArray = make([]byte, header[5])
-	err = binary.Read(file, binary.LittleEndian, &byteArray)
-	if err != nil {
-		return nil, err
-	}
-	term.strAttributes = make(map[string]string)
-	// We get an offset, and then iterate until the string is null-terminated
-	for i, offset := range shArray {
-		if offset > -1 {
-			if int(offset) >= len(byteArray) {
-				return nil, errors.New("array out of bounds reading string section")
-			}
-			r := bytes.IndexByte(byteArray[offset:], 0)
-			if r == -1 {
-				return nil, errors.New("missing nul byte reading string section")
-			}
-			r += int(offset)
-			term.strAttributes[StrAttr[i*2+1]] = string(byteArray[offset:r])
-		}
-	}
-	return &term, nil
-}
diff --git a/vendor/github.com/Nvveen/Gotty/parser.go b/vendor/github.com/Nvveen/Gotty/parser.go
deleted file mode 100644
index a9d5d23c5425d..0000000000000
--- a/vendor/github.com/Nvveen/Gotty/parser.go
+++ /dev/null
@@ -1,362 +0,0 @@
-// Copyright 2012 Neal van Veen. All rights reserved.
-// Usage of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package gotty
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"regexp"
-	"strconv"
-	"strings"
-)
-
-var exp = [...]string{
-	"%%",
-	"%c",
-	"%s",
-	"%p(\\d)",
-	"%P([A-z])",
-	"%g([A-z])",
-	"%'(.)'",
-	"%{([0-9]+)}",
-	"%l",
-	"%\\+|%-|%\\*|%/|%m",
-	"%&|%\\||%\\^",
-	"%=|%>|%<",
-	"%A|%O",
-	"%!|%~",
-	"%i",
-	"%(:[\\ #\\-\\+]{0,4})?(\\d+\\.\\d+|\\d+)?[doxXs]",
-	"%\\?(.*?);",
-}
-
-var regex *regexp.Regexp
-var staticVar map[byte]stacker
-
-// Parses the attribute that is received with name attr and parameters params.
-func (term *TermInfo) Parse(attr string, params ...interface{}) (string, error) {
-	// Get the attribute name first.
-	iface, err := term.GetAttribute(attr)
-	str, ok := iface.(string)
-	if err != nil {
-		return "", err
-	}
-	if !ok {
-		return str, errors.New("Only string capabilities can be parsed.")
-	}
-	// Construct the hidden parser struct so we can use a recursive stack based
-	// parser.
-	ps := &parser{}
-	// Dynamic variables only exist in this context.
-	ps.dynamicVar = make(map[byte]stacker, 26)
-	ps.parameters = make([]stacker, len(params))
-	// Convert the parameters to insert them into the parser struct.
-	for i, x := range params {
-		ps.parameters[i] = x
-	}
-	// Recursively walk and return.
-	result, err := ps.walk(str)
-	return result, err
-}
-
-// Parses the attribute that is received with name attr and parameters params.
-// Only works on full name of a capability that is given, which it uses to
-// search for the termcap name.
-func (term *TermInfo) ParseName(attr string, params ...interface{}) (string, error) {
-	tc := GetTermcapName(attr)
-	return term.Parse(tc, params)
-}
-
-// Identify each token in a stack based manner and do the actual parsing.
-func (ps *parser) walk(attr string) (string, error) {
-	// We use a buffer to get the modified string.
-	var buf bytes.Buffer
-	// Next, find and identify all tokens by their indices and strings.
-	tokens := regex.FindAllStringSubmatch(attr, -1)
-	if len(tokens) == 0 {
-		return attr, nil
-	}
-	indices := regex.FindAllStringIndex(attr, -1)
-	q := 0 // q counts the matches of one token
-	// Iterate through the string per character.
-	for i := 0; i < len(attr); i++ {
-		// If the current position is an identified token, execute the following
-		// steps.
-		if q < len(indices) && i >= indices[q][0] && i < indices[q][1] {
-			// Switch on token.
-			switch {
-			case tokens[q][0][:2] == "%%":
-				// Literal percentage character.
-				buf.WriteByte('%')
-			case tokens[q][0][:2] == "%c":
-				// Pop a character.
-				c, err := ps.st.pop()
-				if err != nil {
-					return buf.String(), err
-				}
-				buf.WriteByte(c.(byte))
-			case tokens[q][0][:2] == "%s":
-				// Pop a string.
-				str, err := ps.st.pop()
-				if err != nil {
-					return buf.String(), err
-				}
-				if _, ok := str.(string); !ok {
-					return buf.String(), errors.New("Stack head is not a string")
-				}
-				buf.WriteString(str.(string))
-			case tokens[q][0][:2] == "%p":
-				// Push a parameter on the stack.
-				index, err := strconv.ParseInt(tokens[q][1], 10, 8)
-				index--
-				if err != nil {
-					return buf.String(), err
-				}
-				if int(index) >= len(ps.parameters) {
-					return buf.String(), errors.New("Parameters index out of bound")
-				}
-				ps.st.push(ps.parameters[index])
-			case tokens[q][0][:2] == "%P":
-				// Pop a variable from the stack as a dynamic or static variable.
-				val, err := ps.st.pop()
-				if err != nil {
-					return buf.String(), err
-				}
-				index := tokens[q][2]
-				if len(index) > 1 {
-					errorStr := fmt.Sprintf("%s is not a valid dynamic variables index",
-						index)
-					return buf.String(), errors.New(errorStr)
-				}
-				// Specify either dynamic or static.
-				if index[0] >= 'a' && index[0] <= 'z' {
-					ps.dynamicVar[index[0]] = val
-				} else if index[0] >= 'A' && index[0] <= 'Z' {
-					staticVar[index[0]] = val
-				}
-			case tokens[q][0][:2] == "%g":
-				// Push a variable from the stack as a dynamic or static variable.
-				index := tokens[q][3]
-				if len(index) > 1 {
-					errorStr := fmt.Sprintf("%s is not a valid static variables index",
-						index)
-					return buf.String(), errors.New(errorStr)
-				}
-				var val stacker
-				if index[0] >= 'a' && index[0] <= 'z' {
-					val = ps.dynamicVar[index[0]]
-				} else if index[0] >= 'A' && index[0] <= 'Z' {
-					val = staticVar[index[0]]
-				}
-				ps.st.push(val)
-			case tokens[q][0][:2] == "%'":
-				// Push a character constant.
-				con := tokens[q][4]
-				if len(con) > 1 {
-					errorStr := fmt.Sprintf("%s is not a valid character constant", con)
-					return buf.String(), errors.New(errorStr)
-				}
-				ps.st.push(con[0])
-			case tokens[q][0][:2] == "%{":
-				// Push an integer constant.
-				con, err := strconv.ParseInt(tokens[q][5], 10, 32)
-				if err != nil {
-					return buf.String(), err
-				}
-				ps.st.push(con)
-			case tokens[q][0][:2] == "%l":
-				// Push the length of the string that is popped from the stack.
-				popStr, err := ps.st.pop()
-				if err != nil {
-					return buf.String(), err
-				}
-				if _, ok := popStr.(string); !ok {
-					errStr := fmt.Sprintf("Stack head is not a string")
-					return buf.String(), errors.New(errStr)
-				}
-				ps.st.push(len(popStr.(string)))
-			case tokens[q][0][:2] == "%?":
-				// If-then-else construct. First, the whole string is identified and
-				// then inside this substring, we can specify which parts to switch on.
-				ifReg, _ := regexp.Compile("%\\?(.*)%t(.*)%e(.*);|%\\?(.*)%t(.*);")
-				ifTokens := ifReg.FindStringSubmatch(tokens[q][0])
-				var (
-					ifStr string
-					err   error
-				)
-				// Parse the if-part to determine if-else.
-				if len(ifTokens[1]) > 0 {
-					ifStr, err = ps.walk(ifTokens[1])
-				} else { // else
-					ifStr, err = ps.walk(ifTokens[4])
-				}
-				// Return any errors
-				if err != nil {
-					return buf.String(), err
-				} else if len(ifStr) > 0 {
-					// Self-defined limitation, not sure if this is correct, but didn't
-					// seem like it.
-					return buf.String(), errors.New("If-clause cannot print statements")
-				}
-				var thenStr string
-				// Pop the first value that is set by parsing the if-clause.
-				choose, err := ps.st.pop()
-				if err != nil {
-					return buf.String(), err
-				}
-				// Switch to if or else.
-				if choose.(int) == 0 && len(ifTokens[1]) > 0 {
-					thenStr, err = ps.walk(ifTokens[3])
-				} else if choose.(int) != 0 {
-					if len(ifTokens[1]) > 0 {
-						thenStr, err = ps.walk(ifTokens[2])
-					} else {
-						thenStr, err = ps.walk(ifTokens[5])
-					}
-				}
-				if err != nil {
-					return buf.String(), err
-				}
-				buf.WriteString(thenStr)
-			case tokens[q][0][len(tokens[q][0])-1] == 'd': // Fallthrough for printing
-				fallthrough
-			case tokens[q][0][len(tokens[q][0])-1] == 'o': // digits.
-				fallthrough
-			case tokens[q][0][len(tokens[q][0])-1] == 'x':
-				fallthrough
-			case tokens[q][0][len(tokens[q][0])-1] == 'X':
-				fallthrough
-			case tokens[q][0][len(tokens[q][0])-1] == 's':
-				token := tokens[q][0]
-				// Remove the : that comes before a flag.
-				if token[1] == ':' {
-					token = token[:1] + token[2:]
-				}
-				digit, err := ps.st.pop()
-				if err != nil {
-					return buf.String(), err
-				}
-				// The rest is determined like the normal formatted prints.
-				digitStr := fmt.Sprintf(token, digit.(int))
-				buf.WriteString(digitStr)
-			case tokens[q][0][:2] == "%i":
-				// Increment the parameters by one.
-				if len(ps.parameters) < 2 {
-					return buf.String(), errors.New("Not enough parameters to increment.")
-				}
-				val1, val2 := ps.parameters[0].(int), ps.parameters[1].(int)
-				val1++
-				val2++
-				ps.parameters[0], ps.parameters[1] = val1, val2
-			default:
-				// The rest of the tokens is a special case, where two values are
-				// popped and then operated on by the token that comes after them.
-				op1, err := ps.st.pop()
-				if err != nil {
-					return buf.String(), err
-				}
-				op2, err := ps.st.pop()
-				if err != nil {
-					return buf.String(), err
-				}
-				var result stacker
-				switch tokens[q][0][:2] {
-				case "%+":
-					// Addition
-					result = op2.(int) + op1.(int)
-				case "%-":
-					// Subtraction
-					result = op2.(int) - op1.(int)
-				case "%*":
-					// Multiplication
-					result = op2.(int) * op1.(int)
-				case "%/":
-					// Division
-					result = op2.(int) / op1.(int)
-				case "%m":
-					// Modulo
-					result = op2.(int) % op1.(int)
-				case "%&":
-					// Bitwise AND
-					result = op2.(int) & op1.(int)
-				case "%|":
-					// Bitwise OR
-					result = op2.(int) | op1.(int)
-				case "%^":
-					// Bitwise XOR
-					result = op2.(int) ^ op1.(int)
-				case "%=":
-					// Equals
-					result = op2 == op1
-				case "%>":
-					// Greater-than
-					result = op2.(int) > op1.(int)
-				case "%<":
-					// Lesser-than
-					result = op2.(int) < op1.(int)
-				case "%A":
-					// Logical AND
-					result = op2.(bool) && op1.(bool)
-				case "%O":
-					// Logical OR
-					result = op2.(bool) || op1.(bool)
-				case "%!":
-					// Logical complement
-					result = !op1.(bool)
-				case "%~":
-					// Bitwise complement
-					result = ^(op1.(int))
-				}
-				ps.st.push(result)
-			}
-
-			i = indices[q][1] - 1
-			q++
-		} else {
-			// We are not "inside" a token, so just skip until the end or the next
-			// token, and add all characters to the buffer.
-			j := i
-			if q != len(indices) {
-				for !(j >= indices[q][0] && j < indices[q][1]) {
-					j++
-				}
-			} else {
-				j = len(attr)
-			}
-			buf.WriteString(string(attr[i:j]))
-			i = j
-		}
-	}
-	// Return the buffer as a string.
-	return buf.String(), nil
-}
-
-// Push a stacker-value onto the stack.
-func (st *stack) push(s stacker) {
-	*st = append(*st, s)
-}
-
-// Pop a stacker-value from the stack.
-func (st *stack) pop() (stacker, error) {
-	if len(*st) == 0 {
-		return nil, errors.New("Stack is empty.")
-	}
-	newStack := make(stack, len(*st)-1)
-	val := (*st)[len(*st)-1]
-	copy(newStack, (*st)[:len(*st)-1])
-	*st = newStack
-	return val, nil
-}
-
-// Initialize regexes and the static vars (that don't get changed between
-// calls.
-func init() {
-	// Initialize the main regex.
-	expStr := strings.Join(exp[:], "|")
-	regex, _ = regexp.Compile(expStr)
-	// Initialize the static variables.
-	staticVar = make(map[byte]stacker, 26)
-}
diff --git a/vendor/github.com/Nvveen/Gotty/types.go b/vendor/github.com/Nvveen/Gotty/types.go
deleted file mode 100644
index 9bcc65e9b889d..0000000000000
--- a/vendor/github.com/Nvveen/Gotty/types.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2012 Neal van Veen. All rights reserved.
-// Usage of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package gotty
-
-type TermInfo struct {
-	boolAttributes map[string]bool
-	numAttributes  map[string]int16
-	strAttributes  map[string]string
-	// The various names of the TermInfo file.
-	Names []string
-}
-
-type stacker interface {
-}
-type stack []stacker
-
-type parser struct {
-	st         stack
-	parameters []stacker
-	dynamicVar map[byte]stacker
-}
diff --git a/vendor/github.com/RackSec/srslog/README.md b/vendor/github.com/RackSec/srslog/README.md
index 1ae1fd4ef8930..dcacc34881a91 100644
--- a/vendor/github.com/RackSec/srslog/README.md
+++ b/vendor/github.com/RackSec/srslog/README.md
@@ -90,6 +90,22 @@ w.Debug("this is debug")
 w.Write([]byte("these are some bytes"))
 ```
 
+If you need further control over connection attempts, you can use the DialWithCustomDialer
+function. To continue with the DialWithTLSConfig example:
+
+```
+netDialer := &net.Dialer{Timeout: time.Second*5} // easy timeouts
+realNetwork := "tcp" // real network, other vars your dail func can close over
+dial := func(network, addr string) (net.Conn, error) {
+    // cannot use "network" here as it'll simply be "custom" which will fail
+    return tls.DialWithDialer(netDialer, realNetwork, addr, &config)
+}
+
+w, err := DialWithCustomDialer("custom", "192.168.0.52:514", syslog.LOG_ERR, "testtag", dial)
+```
+
+Your custom dial func can set timeouts, proxy connections, and do whatever else it needs before returning a net.Conn.
+
 # Generating TLS Certificates
 
 We've provided a script that you can use to generate a self-signed keypair:
diff --git a/vendor/github.com/RackSec/srslog/dialer.go b/vendor/github.com/RackSec/srslog/dialer.go
index 47a7b2beafce5..fc7e53860f40c 100644
--- a/vendor/github.com/RackSec/srslog/dialer.go
+++ b/vendor/github.com/RackSec/srslog/dialer.go
@@ -37,6 +37,7 @@ func (w *Writer) getDialer() dialerFunctionWrapper {
 	dialers := map[string]dialerFunctionWrapper{
 		"":        dialerFunctionWrapper{"unixDialer", w.unixDialer},
 		"tcp+tls": dialerFunctionWrapper{"tlsDialer", w.tlsDialer},
+		"custom":  dialerFunctionWrapper{"customDialer", w.customDialer},
 	}
 	dialer, ok := dialers[w.network]
 	if !ok {
@@ -85,3 +86,19 @@ func (w *Writer) basicDialer() (serverConn, string, error) {
 	}
 	return sc, hostname, err
 }
+
+// customDialer uses the custom dialer when the Writer was created
+// giving developers total control over how connections are made and returned.
+// Note it does not check if cdialer is nil, as it should only be referenced from getDialer.
+func (w *Writer) customDialer() (serverConn, string, error) {
+	c, err := w.customDial(w.network, w.raddr)
+	var sc serverConn
+	hostname := w.hostname
+	if err == nil {
+		sc = &netConn{conn: c}
+		if hostname == "" {
+			hostname = c.LocalAddr().String()
+		}
+	}
+	return sc, hostname, err
+}
diff --git a/vendor/github.com/RackSec/srslog/formatter.go b/vendor/github.com/RackSec/srslog/formatter.go
index 7852ad37e4c42..e306fd671305c 100644
--- a/vendor/github.com/RackSec/srslog/formatter.go
+++ b/vendor/github.com/RackSec/srslog/formatter.go
@@ -6,6 +6,8 @@ import (
 	"time"
 )
 
+const appNameMaxLength = 48 // limit to 48 chars as per RFC5424
+
 // Formatter is a type of function that takes the consituent parts of a
 // syslog message and returns a formatted string. A different Formatter is
 // defined for each different syslog protocol we support.
@@ -37,12 +39,20 @@ func RFC3164Formatter(p Priority, hostname, tag, content string) string {
 	return msg
 }
 
+// if string's length is greater than max, then use the last part
+func truncateStartStr(s string, max int) string {
+	if (len(s) > max) {
+		return s[len(s) - max:]
+	}
+	return s
+}
+
 // RFC5424Formatter provides an RFC 5424 compliant message.
 func RFC5424Formatter(p Priority, hostname, tag, content string) string {
 	timestamp := time.Now().Format(time.RFC3339)
 	pid := os.Getpid()
-	appName := os.Args[0]
-	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s %s",
+	appName := truncateStartStr(os.Args[0], appNameMaxLength)
+	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s - %s",
 		p, 1, timestamp, hostname, appName, pid, tag, content)
 	return msg
 }
diff --git a/vendor/github.com/RackSec/srslog/srslog.go b/vendor/github.com/RackSec/srslog/srslog.go
index b404dff7c5c7e..b47ad72df4d0e 100644
--- a/vendor/github.com/RackSec/srslog/srslog.go
+++ b/vendor/github.com/RackSec/srslog/srslog.go
@@ -3,8 +3,10 @@ package srslog
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"io/ioutil"
 	"log"
+	"net"
 	"os"
 )
 
@@ -15,6 +17,10 @@ type serverConn interface {
 	close() error
 }
 
+// DialFunc is the function signature to be used for a custom dialer callback
+// with DialWithCustomDialer
+type DialFunc func(string, string) (net.Conn, error)
+
 // New establishes a new connection to the system log daemon.  Each
 // write to the returned Writer sends a log message with the given
 // priority and prefix.
@@ -31,6 +37,22 @@ func Dial(network, raddr string, priority Priority, tag string) (*Writer, error)
 	return DialWithTLSConfig(network, raddr, priority, tag, nil)
 }
 
+// ErrNilDialFunc is returned from DialWithCustomDialer when a nil DialFunc is passed,
+// avoiding a nil pointer deference panic.
+var ErrNilDialFunc = errors.New("srslog: nil DialFunc passed to DialWithCustomDialer")
+
+// DialWithCustomDialer establishes a connection by calling customDial.
+// Each write to the returned Writer sends a log message with the given facility, severity and tag.
+// Network must be "custom" in order for this package to use customDial.
+// While network and raddr will be passed to customDial, it is allowed for customDial to ignore them.
+// If customDial is nil, this function returns ErrNilDialFunc.
+func DialWithCustomDialer(network, raddr string, priority Priority, tag string, customDial DialFunc) (*Writer, error) {
+	if customDial == nil {
+		return nil, ErrNilDialFunc
+	}
+	return dialAllParameters(network, raddr, priority, tag, nil, customDial)
+}
+
 // DialWithTLSCertPath establishes a secure connection to a log daemon by connecting to
 // address raddr on the specified network. It uses certPath to load TLS certificates and configure
 // the secure connection.
@@ -59,6 +81,11 @@ func DialWithTLSCert(network, raddr string, priority Priority, tag string, serve
 // DialWithTLSConfig establishes a secure connection to a log daemon by connecting to
 // address raddr on the specified network. It uses tlsConfig to configure the secure connection.
 func DialWithTLSConfig(network, raddr string, priority Priority, tag string, tlsConfig *tls.Config) (*Writer, error) {
+	return dialAllParameters(network, raddr, priority, tag, tlsConfig, nil)
+}
+
+// implementation of the various functions above
+func dialAllParameters(network, raddr string, priority Priority, tag string, tlsConfig *tls.Config, customDial DialFunc) (*Writer, error) {
 	if err := validatePriority(priority); err != nil {
 		return nil, err
 	}
@@ -69,12 +96,13 @@ func DialWithTLSConfig(network, raddr string, priority Priority, tag string, tls
 	hostname, _ := os.Hostname()
 
 	w := &Writer{
-		priority:  priority,
-		tag:       tag,
-		hostname:  hostname,
-		network:   network,
-		raddr:     raddr,
-		tlsConfig: tlsConfig,
+		priority:   priority,
+		tag:        tag,
+		hostname:   hostname,
+		network:    network,
+		raddr:      raddr,
+		tlsConfig:  tlsConfig,
+		customDial: customDial,
 	}
 
 	_, err := w.connect()
diff --git a/vendor/github.com/RackSec/srslog/writer.go b/vendor/github.com/RackSec/srslog/writer.go
index ce3d86763544c..86bccba157504 100644
--- a/vendor/github.com/RackSec/srslog/writer.go
+++ b/vendor/github.com/RackSec/srslog/writer.go
@@ -17,6 +17,9 @@ type Writer struct {
 	framer    Framer
 	formatter Formatter
 
+	//non-nil if custom dialer set, used in getDialer
+	customDial DialFunc
+
 	mu   sync.RWMutex // guards conn
 	conn serverConn
 }
@@ -71,15 +74,20 @@ func (w *Writer) SetFramer(f Framer) {
 	w.framer = f
 }
 
+// SetHostname changes the hostname for syslog messages if needed.
+func (w *Writer) SetHostname(hostname string) {
+	w.hostname = hostname
+}
+
 // Write sends a log message to the syslog daemon using the default priority
 // passed into `srslog.New` or the `srslog.Dial*` functions.
 func (w *Writer) Write(b []byte) (int, error) {
 	return w.writeAndRetry(w.priority, string(b))
 }
 
-// WriteWithPriority sends a log message with a custom priority
+// WriteWithPriority sends a log message with a custom priority.
 func (w *Writer) WriteWithPriority(p Priority, b []byte) (int, error) {
-	return w.writeAndRetry(p, string(b))
+	return w.writeAndRetryWithPriority(p, string(b))
 }
 
 // Close closes a connection to the syslog daemon.
@@ -149,12 +157,20 @@ func (w *Writer) Debug(m string) (err error) {
 	return err
 }
 
-func (w *Writer) writeAndRetry(p Priority, s string) (int, error) {
-	pr := (w.priority & facilityMask) | (p & severityMask)
+// writeAndRetry takes a severity and the string to write. Any facility passed to
+// it as part of the severity Priority will be ignored.
+func (w *Writer) writeAndRetry(severity Priority, s string) (int, error) {
+	pr := (w.priority & facilityMask) | (severity & severityMask)
+
+	return w.writeAndRetryWithPriority(pr, s)
+}
 
+// writeAndRetryWithPriority differs from writeAndRetry in that it allows setting
+// of both the facility and the severity.
+func (w *Writer) writeAndRetryWithPriority(p Priority, s string) (int, error) {
 	conn := w.getConn()
 	if conn != nil {
-		if n, err := w.write(conn, pr, s); err == nil {
+		if n, err := w.write(conn, p, s); err == nil {
 			return n, err
 		}
 	}
@@ -163,7 +179,7 @@ func (w *Writer) writeAndRetry(p Priority, s string) (int, error) {
 	if conn, err = w.connect(); err != nil {
 		return 0, err
 	}
-	return w.write(conn, pr, s)
+	return w.write(conn, p, s)
 }
 
 // write generates and writes a syslog formatted string. It formats the
diff --git a/vendor/github.com/aws/aws-sdk-go/NOTICE.txt b/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
index 5f14d1162ed45..899129ecc465b 100644
--- a/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
+++ b/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
@@ -1,3 +1,3 @@
 AWS SDK for Go
-Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved. 
+Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 Copyright 2014-2015 Stripe, Inc.
diff --git a/vendor/github.com/aws/aws-sdk-go/README.md b/vendor/github.com/aws/aws-sdk-go/README.md
index c32774491c7c3..27e1aee45a9cc 100644
--- a/vendor/github.com/aws/aws-sdk-go/README.md
+++ b/vendor/github.com/aws/aws-sdk-go/README.md
@@ -1,35 +1,61 @@
-[![API Reference](http://img.shields.io/badge/api-reference-blue.svg)](http://docs.aws.amazon.com/sdk-for-go/api) [![Join the chat at https://gitter.im/aws/aws-sdk-go](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/aws/aws-sdk-go?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Build Status](https://img.shields.io/travis/aws/aws-sdk-go.svg)](https://travis-ci.org/aws/aws-sdk-go) [![Apache V2 License](http://img.shields.io/badge/license-Apache%20V2-blue.svg)](https://github.com/aws/aws-sdk-go/blob/master/LICENSE.txt)
+[![API Reference](https://img.shields.io/badge/api-reference-blue.svg)](https://docs.aws.amazon.com/sdk-for-go/api) [![Join the chat at https://gitter.im/aws/aws-sdk-go](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/aws/aws-sdk-go?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Build Status](https://img.shields.io/travis/aws/aws-sdk-go.svg)](https://travis-ci.org/aws/aws-sdk-go) [![Apache V2 License](https://img.shields.io/badge/license-Apache%20V2-blue.svg)](https://github.com/aws/aws-sdk-go/blob/master/LICENSE.txt)
 
 # AWS SDK for Go
 
 aws-sdk-go is the official AWS SDK for the Go programming language.
 
-Checkout our [release notes](https://github.com/aws/aws-sdk-go/releases) for information about the latest bug fixes, updates, and features added to the SDK.
+Checkout our [release notes](https://github.com/aws/aws-sdk-go/releases) for
+information about the latest bug fixes, updates, and features added to the SDK.
 
-We [announced](https://aws.amazon.com/blogs/developer/aws-sdk-for-go-2-0-developer-preview/) the Developer Preview for the [v2 AWS SDK for Go](). The v2 SDK is available at https://github.com/aws/aws-sdk-go-v2, and `go get github.com/aws/aws-sdk-go-v2` via `go get`. Check out the v2 SDK's [changes and updates](https://github.com/aws/aws-sdk-go-v2/blob/master/CHANGELOG.md), and let us know what you think. We want your feedback. 
+We [announced](https://aws.amazon.com/blogs/developer/aws-sdk-for-go-2-0-developer-preview/) the Developer Preview for the [v2 AWS SDK for Go](https://github.com/aws/aws-sdk-go-v2). The v2 SDK source is available at https://github.com/aws/aws-sdk-go-v2, and add it to your project with `go get github.com/aws/aws-sdk-go-v2`. Check out the v2 SDK's [changes and updates](https://github.com/aws/aws-sdk-go-v2/blob/master/CHANGELOG.md), and let us know what you think. We want your feedback.
+
+We have a pilot redesign of the [AWS SDK for Go API reference documentation](https://docs.aws.amazon.com/sdk-for-go/v1/api/gosdk-apiref.html). Let us know what you think.
 
 ## Installing
 
-If you are using Go 1.5 with the `GO15VENDOREXPERIMENT=1` vendoring flag, or 1.6 and higher you can use the following command to retrieve the SDK. The SDK's non-testing dependencies will be included and are vendored in the `vendor` folder.
+Use `go get` to retrieve the SDK to add it to your `GOPATH` workspace, or
+project's Go module dependencies.
+
+	go get github.com/aws/aws-sdk-go
+
+To update the SDK use `go get -u` to retrieve the latest version of the SDK.
+
+	go get -u github.com/aws/aws-sdk-go
+
+### Dependencies
+
+The SDK includes a `vendor` folder containing the runtime dependencies of the
+SDK. The metadata of the SDK's dependencies can be found in the Go module file
+`go.mod` or Dep file `Gopkg.toml`.
 
-    go get -u github.com/aws/aws-sdk-go
+### Go Modules
 
-Otherwise if your Go environment does not have vendoring support enabled, or you do not want to include the vendored SDK's dependencies you can use the following command to retrieve the SDK and its non-testing dependencies using `go get`.
+If you are using Go modules, your `go get` will default to the latest tagged
+release version of the SDK. To get a specific release version of the SDK use
+`@<tag>` in your `go get` command.
 
-    go get -u github.com/aws/aws-sdk-go/aws/...
-    go get -u github.com/aws/aws-sdk-go/service/...
+	go get github.com/aws/aws-sdk-go@v1.15.77
 
-If you're looking to retrieve just the SDK without any dependencies use the following command.
+To get the latest SDK repository change use `@latest`.
 
-    go get -d github.com/aws/aws-sdk-go/
+	go get github.com/aws/aws-sdk-go@latest
 
-These two processes will still include the `vendor` folder and it should be deleted if its not going to be used by your environment.
+### Go 1.5
+
+If you are using Go 1.5 without vendoring enabled, (`GO15VENDOREXPERIMENT=1`),
+you will need to use `...` when retrieving the SDK to get its dependencies.
+
+	go get github.com/aws/aws-sdk-go/...
+
+This will still include the `vendor` folder. The `vendor` folder can be deleted
+if not used by your environment.
 
     rm -rf $GOPATH/src/github.com/aws/aws-sdk-go/vendor
 
 ## Getting Help
 
-Please use these community resources for getting help. We use the GitHub issues for tracking bugs and feature requests.
+Please use these community resources for getting help. We use the GitHub issues
+for tracking bugs and feature requests.
 
 * Ask a question on [StackOverflow](http://stackoverflow.com/) and tag it with the [`aws-sdk-go`](http://stackoverflow.com/questions/tagged/aws-sdk-go) tag.
 * Come join the AWS SDK for Go community chat on [gitter](https://gitter.im/aws/aws-sdk-go).
@@ -38,19 +64,43 @@ Please use these community resources for getting help. We use the GitHub issues
 
 ## Opening Issues
 
-If you encounter a bug with the AWS SDK for Go we would like to hear about it. Search the [existing issues](https://github.com/aws/aws-sdk-go/issues) and see if others are also experiencing the issue before opening a new issue. Please include the version of AWS SDK for Go, Go language, and OS you’re using. Please also include repro case when appropriate.
+If you encounter a bug with the AWS SDK for Go we would like to hear about it.
+Search the [existing issues](https://github.com/aws/aws-sdk-go/issues) and see
+if others are also experiencing the issue before opening a new issue. Please
+include the version of AWS SDK for Go, Go language, and OS you’re using. Please
+also include reproduction case when appropriate.
 
-The GitHub issues are intended for bug reports and feature requests. For help and questions with using AWS SDK for GO please make use of the resources listed in the [Getting Help](https://github.com/aws/aws-sdk-go#getting-help) section. Keeping the list of open issues lean will help us respond in a timely manner.
+The GitHub issues are intended for bug reports and feature requests. For help
+and questions with using AWS SDK for GO please make use of the resources listed
+in the [Getting Help](https://github.com/aws/aws-sdk-go#getting-help) section.
+Keeping the list of open issues lean will help us respond in a timely manner.
 
 ## Reference Documentation
 
-[`Getting Started Guide`](https://aws.amazon.com/sdk-for-go/) - This document is a general introduction how to configure and make requests with the SDK. If this is your first time using the SDK, this documentation and the API documentation will help you get started. This document focuses on the syntax and behavior of the SDK. The [Service Developer Guide](https://aws.amazon.com/documentation/) will help you get started using specific AWS services.
-
-[`SDK API Reference Documentation`](https://docs.aws.amazon.com/sdk-for-go/api/) - Use this document to look up all API operation input and output parameters for AWS services supported by the SDK. The API reference also includes documentation of the SDK, and examples how to using the SDK, service client API operations, and API operation require parameters.
-
-[`Service Developer Guide`](https://aws.amazon.com/documentation/) - Use this documentation to learn how to interface with an AWS service. These are great guides both, if you're getting started with a service, or looking for more information on a service. You should not need this document for coding, though in some cases, services may supply helpful samples that you might want to look out for.
-
-[`SDK Examples`](https://github.com/aws/aws-sdk-go/tree/master/example) - Included in the SDK's repo are a several hand crafted examples using the SDK features and AWS services.
+[`Getting Started Guide`](https://aws.amazon.com/sdk-for-go/) - This document
+is a general introduction on how to configure and make requests with the SDK.
+If this is your first time using the SDK, this documentation and the API
+documentation will help you get started. This document focuses on the syntax
+and behavior of the SDK. The [Service Developer
+Guide](https://aws.amazon.com/documentation/) will help you get started using
+specific AWS services.
+
+[`SDK API Reference
+Documentation`](https://docs.aws.amazon.com/sdk-for-go/api/) - Use this
+document to look up all API operation input and output parameters for AWS
+services supported by the SDK. The API reference also includes documentation of
+the SDK, and examples how to using the SDK, service client API operations, and
+API operation require parameters.
+
+[`Service Developer Guide`](https://aws.amazon.com/documentation/) - Use this
+documentation to learn how to interface with AWS services. These guides are
+great for getting started with a service, or when looking for more 
+information about a service. While this document is not required for coding, 
+services may supply helpful samples to look out for.
+
+[`SDK Examples`](https://github.com/aws/aws-sdk-go/tree/master/example) -
+Included in the SDK's repo are several hand crafted examples using the SDK
+features and AWS services.
 
 ## Overview of SDK's Packages
 
@@ -94,8 +144,7 @@ package under the service folder at the root of the SDK.
 
 The SDK includes the Go types and utilities you can use to make requests to
 AWS service APIs. Within the service folder at the root of the SDK you'll find
-a package for each AWS service the SDK supports. All service clients follows
-a common pattern of creation and usage.
+a package for each AWS service the SDK supports. All service clients follow common pattern of creation and usage.
 
 When creating a client for an AWS service you'll first need to have a Session
 value constructed. The Session provides shared configuration that can be shared
@@ -334,7 +383,7 @@ take a callback function that will be called for each page of the API's response
 ```
 
 Waiter helper methods provide the functionality to wait for an AWS resource
-state. These methods abstract the logic needed to to check the state of an
+state. These methods abstract the logic needed to check the state of an
 AWS resource, and wait until that resource is in a desired state. The waiter
 will block until the resource is in the state that is desired, an error occurs,
 or the waiter times out. If a resource times out the error code returned will
@@ -420,7 +469,9 @@ response.
   	}
   	// Ensure the context is canceled to prevent leaking.
   	// See context package for more information, https://golang.org/pkg/context/
-  	defer cancelFn()
+	if cancelFn != nil {
+  		defer cancelFn()
+	}
 
   	// Uploads the object to S3. The Context will interrupt the request if the
   	// timeout expires.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
index 56fdfc2bfc76c..99849c0e19c00 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
@@ -138,8 +138,27 @@ type RequestFailure interface {
 	RequestID() string
 }
 
-// NewRequestFailure returns a new request error wrapper for the given Error
-// provided.
+// NewRequestFailure returns a wrapped error with additional information for
+// request status code, and service requestID.
+//
+// Should be used to wrap all request which involve service requests. Even if
+// the request failed without a service response, but had an HTTP status code
+// that may be meaningful.
 func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure {
 	return newRequestError(err, statusCode, reqID)
 }
+
+// UnmarshalError provides the interface for the SDK failing to unmarshal data.
+type UnmarshalError interface {
+	awsError
+	Bytes() []byte
+}
+
+// NewUnmarshalError returns an initialized UnmarshalError error wrapper adding
+// the bytes that fail to unmarshal to the error.
+func NewUnmarshalError(err error, msg string, bytes []byte) UnmarshalError {
+	return &unmarshalError{
+		awsError: New("UnmarshalError", msg, err),
+		bytes:    bytes,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
index 0202a008f5d7d..9cf7eaf4007f5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
@@ -1,6 +1,9 @@
 package awserr
 
-import "fmt"
+import (
+	"encoding/hex"
+	"fmt"
+)
 
 // SprintError returns a string of the formatted error code.
 //
@@ -119,6 +122,7 @@ type requestError struct {
 	awsError
 	statusCode int
 	requestID  string
+	bytes      []byte
 }
 
 // newRequestError returns a wrapped error with additional information for
@@ -170,6 +174,29 @@ func (r requestError) OrigErrs() []error {
 	return []error{r.OrigErr()}
 }
 
+type unmarshalError struct {
+	awsError
+	bytes []byte
+}
+
+// Error returns the string representation of the error.
+// Satisfies the error interface.
+func (e unmarshalError) Error() string {
+	extra := hex.Dump(e.bytes)
+	return SprintError(e.Code(), e.Message(), extra, e.OrigErr())
+}
+
+// String returns the string representation of the error.
+// Alias for Error to satisfy the stringer interface.
+func (e unmarshalError) String() string {
+	return e.Error()
+}
+
+// Bytes returns the bytes that failed to unmarshal.
+func (e unmarshalError) Bytes() []byte {
+	return e.bytes
+}
+
 // An error list that satisfies the golang interface
 type errorList []error
 
@@ -181,7 +208,7 @@ func (e errorList) Error() string {
 	// How do we want to handle the array size being zero
 	if size := len(e); size > 0 {
 		for i := 0; i < size; i++ {
-			msg += fmt.Sprintf("%s", e[i].Error())
+			msg += e[i].Error()
 			// We check the next index to see if it is within the slice.
 			// If it is, then we append a newline. We do this, because unit tests
 			// could be broken with the additional '\n'
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
index 59fa4a558a9ac..142a7a01c527d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
@@ -15,7 +15,7 @@ func DeepEqual(a, b interface{}) bool {
 	rb := reflect.Indirect(reflect.ValueOf(b))
 
 	if raValid, rbValid := ra.IsValid(), rb.IsValid(); !raValid && !rbValid {
-		// If the elements are both nil, and of the same type the are equal
+		// If the elements are both nil, and of the same type they are equal
 		// If they are of different types they are not equal
 		return reflect.TypeOf(a) == reflect.TypeOf(b)
 	} else if raValid != rbValid {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
index 11c52c3896874..a4eb6a7f43aae 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
@@ -70,7 +70,7 @@ func rValuesAtPath(v interface{}, path string, createPath, caseSensitive, nilTer
 			value = value.FieldByNameFunc(func(name string) bool {
 				if c == name {
 					return true
-				} else if !caseSensitive && strings.ToLower(name) == strings.ToLower(c) {
+				} else if !caseSensitive && strings.EqualFold(name, c) {
 					return true
 				}
 				return false
@@ -185,13 +185,12 @@ func ValuesAtPath(i interface{}, path string) ([]interface{}, error) {
 // SetValueAtPath sets a value at the case insensitive lexical path inside
 // of a structure.
 func SetValueAtPath(i interface{}, path string, v interface{}) {
-	if rvals := rValuesAtPath(i, path, true, false, v == nil); rvals != nil {
-		for _, rval := range rvals {
-			if rval.Kind() == reflect.Ptr && rval.IsNil() {
-				continue
-			}
-			setValue(rval, v)
+	rvals := rValuesAtPath(i, path, true, false, v == nil)
+	for _, rval := range rvals {
+		if rval.Kind() == reflect.Ptr && rval.IsNil() {
+			continue
 		}
+		setValue(rval, v)
 	}
 }
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
index b6432f1a1188d..645df2450fc5b 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
@@ -23,28 +23,27 @@ func stringValue(v reflect.Value, indent int, buf *bytes.Buffer) {
 	case reflect.Struct:
 		buf.WriteString("{\n")
 
-		names := []string{}
 		for i := 0; i < v.Type().NumField(); i++ {
-			name := v.Type().Field(i).Name
-			f := v.Field(i)
-			if name[0:1] == strings.ToLower(name[0:1]) {
+			ft := v.Type().Field(i)
+			fv := v.Field(i)
+
+			if ft.Name[0:1] == strings.ToLower(ft.Name[0:1]) {
 				continue // ignore unexported fields
 			}
-			if (f.Kind() == reflect.Ptr || f.Kind() == reflect.Slice) && f.IsNil() {
+			if (fv.Kind() == reflect.Ptr || fv.Kind() == reflect.Slice) && fv.IsNil() {
 				continue // ignore unset fields
 			}
-			names = append(names, name)
-		}
 
-		for i, n := range names {
-			val := v.FieldByName(n)
 			buf.WriteString(strings.Repeat(" ", indent+2))
-			buf.WriteString(n + ": ")
-			stringValue(val, indent+2, buf)
+			buf.WriteString(ft.Name + ": ")
 
-			if i < len(names)-1 {
-				buf.WriteString(",\n")
+			if tag := ft.Tag.Get("sensitive"); tag == "true" {
+				buf.WriteString("<sensitive>")
+			} else {
+				stringValue(fv, indent+2, buf)
 			}
+
+			buf.WriteString(",\n")
 		}
 
 		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
index 788fe6e279b27..03334d69207b8 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
@@ -12,9 +12,16 @@ import (
 type Config struct {
 	Config        *aws.Config
 	Handlers      request.Handlers
+	PartitionID   string
 	Endpoint      string
 	SigningRegion string
 	SigningName   string
+
+	// States that the signing name did not come from a modeled source but
+	// was derived based on other data. Used by service client constructors
+	// to determine if the signin name can be overridden based on metadata the
+	// service has.
+	SigningNameDerived bool
 }
 
 // ConfigProvider provides a generic way for a service client to receive
@@ -58,7 +65,7 @@ func New(cfg aws.Config, info metadata.ClientInfo, handlers request.Handlers, op
 	default:
 		maxRetries := aws.IntValue(cfg.MaxRetries)
 		if cfg.MaxRetries == nil || maxRetries == aws.UseServiceDefaultRetries {
-			maxRetries = 3
+			maxRetries = DefaultRetryerMaxNumRetries
 		}
 		svc.Retryer = DefaultRetryer{NumMaxRetries: maxRetries}
 	}
@@ -85,6 +92,6 @@ func (c *Client) AddDebugHandlers() {
 		return
 	}
 
-	c.Handlers.Send.PushFrontNamed(request.NamedHandler{Name: "awssdk.client.LogRequest", Fn: logRequest})
-	c.Handlers.Send.PushBackNamed(request.NamedHandler{Name: "awssdk.client.LogResponse", Fn: logResponse})
+	c.Handlers.Send.PushFrontNamed(LogHTTPRequestHandler)
+	c.Handlers.Send.PushBackNamed(LogHTTPResponseHandler)
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
index 63d2df67c63ea..9f6af19dd459e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
@@ -1,93 +1,151 @@
 package client
 
 import (
-	"math/rand"
+	"math"
 	"strconv"
-	"sync"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkrand"
 )
 
 // DefaultRetryer implements basic retry logic using exponential backoff for
-// most services. If you want to implement custom retry logic, implement the
-// request.Retryer interface or create a structure type that composes this
-// struct and override the specific methods. For example, to override only
-// the MaxRetries method:
+// most services. If you want to implement custom retry logic, you can implement the
+// request.Retryer interface.
 //
-//		type retryer struct {
-//      client.DefaultRetryer
-//    }
-//
-//    // This implementation always has 100 max retries
-//    func (d retryer) MaxRetries() int { return 100 }
 type DefaultRetryer struct {
+	// Num max Retries is the number of max retries that will be performed.
+	// By default, this is zero.
 	NumMaxRetries int
+
+	// MinRetryDelay is the minimum retry delay after which retry will be performed.
+	// If not set, the value is 0ns.
+	MinRetryDelay time.Duration
+
+	// MinThrottleRetryDelay is the minimum retry delay when throttled.
+	// If not set, the value is 0ns.
+	MinThrottleDelay time.Duration
+
+	// MaxRetryDelay is the maximum retry delay before which retry must be performed.
+	// If not set, the value is 0ns.
+	MaxRetryDelay time.Duration
+
+	// MaxThrottleDelay is the maximum retry delay when throttled.
+	// If not set, the value is 0ns.
+	MaxThrottleDelay time.Duration
 }
 
+const (
+	// DefaultRetryerMaxNumRetries sets maximum number of retries
+	DefaultRetryerMaxNumRetries = 3
+
+	// DefaultRetryerMinRetryDelay sets minimum retry delay
+	DefaultRetryerMinRetryDelay = 30 * time.Millisecond
+
+	// DefaultRetryerMinThrottleDelay sets minimum delay when throttled
+	DefaultRetryerMinThrottleDelay = 500 * time.Millisecond
+
+	// DefaultRetryerMaxRetryDelay sets maximum retry delay
+	DefaultRetryerMaxRetryDelay = 300 * time.Second
+
+	// DefaultRetryerMaxThrottleDelay sets maximum delay when throttled
+	DefaultRetryerMaxThrottleDelay = 300 * time.Second
+)
+
 // MaxRetries returns the number of maximum returns the service will use to make
 // an individual API request.
 func (d DefaultRetryer) MaxRetries() int {
 	return d.NumMaxRetries
 }
 
-var seededRand = rand.New(&lockedSource{src: rand.NewSource(time.Now().UnixNano())})
+// setRetryerDefaults sets the default values of the retryer if not set
+func (d *DefaultRetryer) setRetryerDefaults() {
+	if d.MinRetryDelay == 0 {
+		d.MinRetryDelay = DefaultRetryerMinRetryDelay
+	}
+	if d.MaxRetryDelay == 0 {
+		d.MaxRetryDelay = DefaultRetryerMaxRetryDelay
+	}
+	if d.MinThrottleDelay == 0 {
+		d.MinThrottleDelay = DefaultRetryerMinThrottleDelay
+	}
+	if d.MaxThrottleDelay == 0 {
+		d.MaxThrottleDelay = DefaultRetryerMaxThrottleDelay
+	}
+}
 
 // RetryRules returns the delay duration before retrying this request again
 func (d DefaultRetryer) RetryRules(r *request.Request) time.Duration {
-	// Set the upper limit of delay in retrying at ~five minutes
-	minTime := 30
-	throttle := d.shouldThrottle(r)
-	if throttle {
-		if delay, ok := getRetryDelay(r); ok {
-			return delay
-		}
 
-		minTime = 500
+	// if number of max retries is zero, no retries will be performed.
+	if d.NumMaxRetries == 0 {
+		return 0
+	}
+
+	// Sets default value for retryer members
+	d.setRetryerDefaults()
+
+	// minDelay is the minimum retryer delay
+	minDelay := d.MinRetryDelay
+
+	var initialDelay time.Duration
+
+	isThrottle := r.IsErrorThrottle()
+	if isThrottle {
+		if delay, ok := getRetryAfterDelay(r); ok {
+			initialDelay = delay
+		}
+		minDelay = d.MinThrottleDelay
 	}
 
 	retryCount := r.RetryCount
-	if throttle && retryCount > 8 {
-		retryCount = 8
-	} else if retryCount > 13 {
-		retryCount = 13
+
+	// maxDelay the maximum retryer delay
+	maxDelay := d.MaxRetryDelay
+
+	if isThrottle {
+		maxDelay = d.MaxThrottleDelay
 	}
 
-	delay := (1 << uint(retryCount)) * (seededRand.Intn(minTime) + minTime)
-	return time.Duration(delay) * time.Millisecond
+	var delay time.Duration
+
+	// Logic to cap the retry count based on the minDelay provided
+	actualRetryCount := int(math.Log2(float64(minDelay))) + 1
+	if actualRetryCount < 63-retryCount {
+		delay = time.Duration(1<<uint64(retryCount)) * getJitterDelay(minDelay)
+		if delay > maxDelay {
+			delay = getJitterDelay(maxDelay / 2)
+		}
+	} else {
+		delay = getJitterDelay(maxDelay / 2)
+	}
+	return delay + initialDelay
+}
+
+// getJitterDelay returns a jittered delay for retry
+func getJitterDelay(duration time.Duration) time.Duration {
+	return time.Duration(sdkrand.SeededRand.Int63n(int64(duration)) + int64(duration))
 }
 
 // ShouldRetry returns true if the request should be retried.
 func (d DefaultRetryer) ShouldRetry(r *request.Request) bool {
+
+	// ShouldRetry returns false if number of max retries is 0.
+	if d.NumMaxRetries == 0 {
+		return false
+	}
+
 	// If one of the other handlers already set the retry state
 	// we don't want to override it based on the service's state
 	if r.Retryable != nil {
 		return *r.Retryable
 	}
-
-	if r.HTTPResponse.StatusCode >= 500 {
-		return true
-	}
-	return r.IsErrorRetryable() || d.shouldThrottle(r)
-}
-
-// ShouldThrottle returns true if the request should be throttled.
-func (d DefaultRetryer) shouldThrottle(r *request.Request) bool {
-	switch r.HTTPResponse.StatusCode {
-	case 429:
-	case 502:
-	case 503:
-	case 504:
-	default:
-		return r.IsErrorThrottle()
-	}
-
-	return true
+	return r.IsErrorRetryable() || r.IsErrorThrottle()
 }
 
 // This will look in the Retry-After header, RFC 7231, for how long
 // it will wait before attempting another request
-func getRetryDelay(r *request.Request) (time.Duration, bool) {
+func getRetryAfterDelay(r *request.Request) (time.Duration, bool) {
 	if !canUseRetryAfterHeader(r) {
 		return 0, false
 	}
@@ -117,22 +175,3 @@ func canUseRetryAfterHeader(r *request.Request) bool {
 
 	return true
 }
-
-// lockedSource is a thread-safe implementation of rand.Source
-type lockedSource struct {
-	lk  sync.Mutex
-	src rand.Source
-}
-
-func (r *lockedSource) Int63() (n int64) {
-	r.lk.Lock()
-	n = r.src.Int63()
-	r.lk.Unlock()
-	return
-}
-
-func (r *lockedSource) Seed(seed int64) {
-	r.lk.Lock()
-	r.src.Seed(seed)
-	r.lk.Unlock()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
index 1f39c91f2e990..8958c32d4e9fb 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
@@ -44,22 +44,61 @@ func (reader *teeReaderCloser) Close() error {
 	return reader.Source.Close()
 }
 
+// LogHTTPRequestHandler is a SDK request handler to log the HTTP request sent
+// to a service. Will include the HTTP request body if the LogLevel of the
+// request matches LogDebugWithHTTPBody.
+var LogHTTPRequestHandler = request.NamedHandler{
+	Name: "awssdk.client.LogRequest",
+	Fn:   logRequest,
+}
+
 func logRequest(r *request.Request) {
 	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
-	dumpedBody, err := httputil.DumpRequestOut(r.HTTPRequest, logBody)
+	bodySeekable := aws.IsReaderSeekable(r.Body)
+
+	b, err := httputil.DumpRequestOut(r.HTTPRequest, logBody)
 	if err != nil {
-		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg, r.ClientInfo.ServiceName, r.Operation.Name, err))
+		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
+			r.ClientInfo.ServiceName, r.Operation.Name, err))
 		return
 	}
 
 	if logBody {
-		// Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's
-		// Body as a NoOpCloser and will not be reset after read by the HTTP
-		// client reader.
-		r.ResetBody()
+		if !bodySeekable {
+			r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body))
+		}
+		// Reset the request body because dumpRequest will re-wrap the
+		// r.HTTPRequest's Body as a NoOpCloser and will not be reset after
+		// read by the HTTP client reader.
+		if err := r.Error; err != nil {
+			r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
+				r.ClientInfo.ServiceName, r.Operation.Name, err))
+			return
+		}
+	}
+
+	r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
+		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
+}
+
+// LogHTTPRequestHeaderHandler is a SDK request handler to log the HTTP request sent
+// to a service. Will only log the HTTP request's headers. The request payload
+// will not be read.
+var LogHTTPRequestHeaderHandler = request.NamedHandler{
+	Name: "awssdk.client.LogRequestHeader",
+	Fn:   logRequestHeader,
+}
+
+func logRequestHeader(r *request.Request) {
+	b, err := httputil.DumpRequestOut(r.HTTPRequest, false)
+	if err != nil {
+		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
+			r.ClientInfo.ServiceName, r.Operation.Name, err))
+		return
 	}
 
-	r.Config.Logger.Log(fmt.Sprintf(logReqMsg, r.ClientInfo.ServiceName, r.Operation.Name, string(dumpedBody)))
+	r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
+		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
 }
 
 const logRespMsg = `DEBUG: Response %s/%s Details:
@@ -72,27 +111,50 @@ const logRespErrMsg = `DEBUG ERROR: Response %s/%s:
 %s
 -----------------------------------------------------`
 
+// LogHTTPResponseHandler is a SDK request handler to log the HTTP response
+// received from a service. Will include the HTTP response body if the LogLevel
+// of the request matches LogDebugWithHTTPBody.
+var LogHTTPResponseHandler = request.NamedHandler{
+	Name: "awssdk.client.LogResponse",
+	Fn:   logResponse,
+}
+
 func logResponse(r *request.Request) {
 	lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)}
-	r.HTTPResponse.Body = &teeReaderCloser{
-		Reader: io.TeeReader(r.HTTPResponse.Body, lw),
-		Source: r.HTTPResponse.Body,
+
+	if r.HTTPResponse == nil {
+		lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
+			r.ClientInfo.ServiceName, r.Operation.Name, "request's HTTPResponse is nil"))
+		return
 	}
 
-	handlerFn := func(req *request.Request) {
-		body, err := httputil.DumpResponse(req.HTTPResponse, false)
-		if err != nil {
-			lw.Logger.Log(fmt.Sprintf(logRespErrMsg, req.ClientInfo.ServiceName, req.Operation.Name, err))
-			return
+	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
+	if logBody {
+		r.HTTPResponse.Body = &teeReaderCloser{
+			Reader: io.TeeReader(r.HTTPResponse.Body, lw),
+			Source: r.HTTPResponse.Body,
 		}
+	}
 
-		b, err := ioutil.ReadAll(lw.buf)
+	handlerFn := func(req *request.Request) {
+		b, err := httputil.DumpResponse(req.HTTPResponse, false)
 		if err != nil {
-			lw.Logger.Log(fmt.Sprintf(logRespErrMsg, req.ClientInfo.ServiceName, req.Operation.Name, err))
+			lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
+				req.ClientInfo.ServiceName, req.Operation.Name, err))
 			return
 		}
-		lw.Logger.Log(fmt.Sprintf(logRespMsg, req.ClientInfo.ServiceName, req.Operation.Name, string(body)))
-		if req.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody) {
+
+		lw.Logger.Log(fmt.Sprintf(logRespMsg,
+			req.ClientInfo.ServiceName, req.Operation.Name, string(b)))
+
+		if logBody {
+			b, err := ioutil.ReadAll(lw.buf)
+			if err != nil {
+				lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
+					req.ClientInfo.ServiceName, req.Operation.Name, err))
+				return
+			}
+
 			lw.Logger.Log(string(b))
 		}
 	}
@@ -106,3 +168,27 @@ func logResponse(r *request.Request) {
 		Name: handlerName, Fn: handlerFn,
 	})
 }
+
+// LogHTTPResponseHeaderHandler is a SDK request handler to log the HTTP
+// response received from a service. Will only log the HTTP response's headers.
+// The response payload will not be read.
+var LogHTTPResponseHeaderHandler = request.NamedHandler{
+	Name: "awssdk.client.LogResponseHeader",
+	Fn:   logResponseHeader,
+}
+
+func logResponseHeader(r *request.Request) {
+	if r.Config.Logger == nil {
+		return
+	}
+
+	b, err := httputil.DumpResponse(r.HTTPResponse, false)
+	if err != nil {
+		r.Config.Logger.Log(fmt.Sprintf(logRespErrMsg,
+			r.ClientInfo.ServiceName, r.Operation.Name, err))
+		return
+	}
+
+	r.Config.Logger.Log(fmt.Sprintf(logRespMsg,
+		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
index 4778056ddfdae..0c48f72e08e44 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
@@ -3,7 +3,9 @@ package metadata
 // ClientInfo wraps immutable data from the client.Client structure.
 type ClientInfo struct {
 	ServiceName   string
+	ServiceID     string
 	APIVersion    string
+	PartitionID   string
 	Endpoint      string
 	SigningName   string
 	SigningRegion string
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
new file mode 100644
index 0000000000000..881d575f01018
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
@@ -0,0 +1,28 @@
+package client
+
+import (
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// NoOpRetryer provides a retryer that performs no retries.
+// It should be used when we do not want retries to be performed.
+type NoOpRetryer struct{}
+
+// MaxRetries returns the number of maximum returns the service will use to make
+// an individual API; For NoOpRetryer the MaxRetries will always be zero.
+func (d NoOpRetryer) MaxRetries() int {
+	return 0
+}
+
+// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
+func (d NoOpRetryer) ShouldRetry(_ *request.Request) bool {
+	return false
+}
+
+// RetryRules returns the delay duration before retrying this request again;
+// since NoOpRetryer does not retry, RetryRules always returns 0.
+func (d NoOpRetryer) RetryRules(_ *request.Request) time.Duration {
+	return 0
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go
index 4fd0d072474d8..2def23fa1d1c6 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go
@@ -18,9 +18,9 @@ const UseServiceDefaultRetries = -1
 type RequestRetryer interface{}
 
 // A Config provides service configuration for service clients. By default,
-// all clients will use the defaults.DefaultConfig tructure.
+// all clients will use the defaults.DefaultConfig structure.
 //
-//     // Create Session with MaxRetry configuration to be shared by multiple
+//     // Create Session with MaxRetries configuration to be shared by multiple
 //     // service clients.
 //     sess := session.Must(session.NewSession(&aws.Config{
 //         MaxRetries: aws.Int(3),
@@ -45,8 +45,8 @@ type Config struct {
 	// that overrides the default generated endpoint for a client. Set this
 	// to `""` to use the default generated endpoint.
 	//
-	// @note You must still provide a `Region` value when specifying an
-	//   endpoint for a client.
+	// Note: You must still provide a `Region` value when specifying an
+	// endpoint for a client.
 	Endpoint *string
 
 	// The resolver to use for looking up endpoints for AWS service clients
@@ -65,8 +65,8 @@ type Config struct {
 	// noted. A full list of regions is found in the "Regions and Endpoints"
 	// document.
 	//
-	// @see http://docs.aws.amazon.com/general/latest/gr/rande.html
-	//   AWS Regions and Endpoints
+	// See http://docs.aws.amazon.com/general/latest/gr/rande.html for AWS
+	// Regions and Endpoints.
 	Region *string
 
 	// Set this to `true` to disable SSL when sending requests. Defaults
@@ -120,9 +120,10 @@ type Config struct {
 	// will use virtual hosted bucket addressing when possible
 	// (`http://BUCKET.s3.amazonaws.com/KEY`).
 	//
-	// @note This configuration option is specific to the Amazon S3 service.
-	// @see http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
-	//   Amazon S3: Virtual Hosting of Buckets
+	// Note: This configuration option is specific to the Amazon S3 service.
+	//
+	// See http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
+	// for Amazon S3: Virtual Hosting of Buckets
 	S3ForcePathStyle *bool
 
 	// Set this to `true` to disable the SDK adding the `Expect: 100-Continue`
@@ -151,6 +152,26 @@ type Config struct {
 	// with accelerate.
 	S3UseAccelerate *bool
 
+	// S3DisableContentMD5Validation config option is temporarily disabled,
+	// For S3 GetObject API calls, #1837.
+	//
+	// Set this to `true` to disable the S3 service client from automatically
+	// adding the ContentMD5 to S3 Object Put and Upload API calls. This option
+	// will also disable the SDK from performing object ContentMD5 validation
+	// on GetObject API calls.
+	S3DisableContentMD5Validation *bool
+
+	// Set this to `true` to have the S3 service client to use the region specified
+	// in the ARN, when an ARN is provided as an argument to a bucket parameter.
+	S3UseARNRegion *bool
+
+	// Set this to `true` to enable the SDK to unmarshal API response header maps to
+	// normalized lower case map keys.
+	//
+	// For example S3's X-Amz-Meta prefixed header will be unmarshaled to lower case
+	// Metadata member's map keys. The value of the header in the map is unaffected.
+	LowerCaseHeaderMaps *bool
+
 	// Set this to `true` to disable the EC2Metadata client from overriding the
 	// default http.Client's Timeout. This is helpful if you do not want the
 	// EC2Metadata client to create a new http.Client. This options is only
@@ -214,12 +235,40 @@ type Config struct {
 	//    	Key: aws.String("//foo//bar//moo"),
 	//    })
 	DisableRestProtocolURICleaning *bool
+
+	// EnableEndpointDiscovery will allow for endpoint discovery on operations that
+	// have the definition in its model. By default, endpoint discovery is off.
+	//
+	// Example:
+	//    sess := session.Must(session.NewSession(&aws.Config{
+	//         EnableEndpointDiscovery: aws.Bool(true),
+	//    }))
+	//
+	//    svc := s3.New(sess)
+	//    out, err := svc.GetObject(&s3.GetObjectInput {
+	//    	Bucket: aws.String("bucketname"),
+	//    	Key: aws.String("/foo/bar/moo"),
+	//    })
+	EnableEndpointDiscovery *bool
+
+	// DisableEndpointHostPrefix will disable the SDK's behavior of prefixing
+	// request endpoint hosts with modeled information.
+	//
+	// Disabling this feature is useful when you want to use local endpoints
+	// for testing that do not support the modeled host prefix pattern.
+	DisableEndpointHostPrefix *bool
+
+	// STSRegionalEndpoint will enable regional or legacy endpoint resolving
+	STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+	// S3UsEast1RegionalEndpoint will enable regional or legacy endpoint resolving
+	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
 }
 
 // NewConfig returns a new Config pointer that can be chained with builder
 // methods to set multiple configuration values inline without using pointers.
 //
-//     // Create Session with MaxRetry configuration to be shared by multiple
+//     // Create Session with MaxRetries configuration to be shared by multiple
 //     // service clients.
 //     sess := session.Must(session.NewSession(aws.NewConfig().
 //         WithMaxRetries(3),
@@ -336,6 +385,22 @@ func (c *Config) WithS3Disable100Continue(disable bool) *Config {
 func (c *Config) WithS3UseAccelerate(enable bool) *Config {
 	c.S3UseAccelerate = &enable
 	return c
+
+}
+
+// WithS3DisableContentMD5Validation sets a config
+// S3DisableContentMD5Validation value returning a Config pointer for chaining.
+func (c *Config) WithS3DisableContentMD5Validation(enable bool) *Config {
+	c.S3DisableContentMD5Validation = &enable
+	return c
+
+}
+
+// WithS3UseARNRegion sets a config S3UseARNRegion value and
+// returning a Config pointer for chaining
+func (c *Config) WithS3UseARNRegion(enable bool) *Config {
+	c.S3UseARNRegion = &enable
+	return c
 }
 
 // WithUseDualStack sets a config UseDualStack value returning a Config
@@ -359,6 +424,19 @@ func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config {
 	return c
 }
 
+// WithEndpointDiscovery will set whether or not to use endpoint discovery.
+func (c *Config) WithEndpointDiscovery(t bool) *Config {
+	c.EnableEndpointDiscovery = &t
+	return c
+}
+
+// WithDisableEndpointHostPrefix will set whether or not to use modeled host prefix
+// when making requests.
+func (c *Config) WithDisableEndpointHostPrefix(t bool) *Config {
+	c.DisableEndpointHostPrefix = &t
+	return c
+}
+
 // MergeIn merges the passed in configs into the existing config object.
 func (c *Config) MergeIn(cfgs ...*Config) {
 	for _, other := range cfgs {
@@ -366,6 +444,20 @@ func (c *Config) MergeIn(cfgs ...*Config) {
 	}
 }
 
+// WithSTSRegionalEndpoint will set whether or not to use regional endpoint flag
+// when resolving the endpoint for a service
+func (c *Config) WithSTSRegionalEndpoint(sre endpoints.STSRegionalEndpoint) *Config {
+	c.STSRegionalEndpoint = sre
+	return c
+}
+
+// WithS3UsEast1RegionalEndpoint will set whether or not to use regional endpoint flag
+// when resolving the endpoint for a service
+func (c *Config) WithS3UsEast1RegionalEndpoint(sre endpoints.S3UsEast1RegionalEndpoint) *Config {
+	c.S3UsEast1RegionalEndpoint = sre
+	return c
+}
+
 func mergeInConfig(dst *Config, other *Config) {
 	if other == nil {
 		return
@@ -435,6 +527,14 @@ func mergeInConfig(dst *Config, other *Config) {
 		dst.S3UseAccelerate = other.S3UseAccelerate
 	}
 
+	if other.S3DisableContentMD5Validation != nil {
+		dst.S3DisableContentMD5Validation = other.S3DisableContentMD5Validation
+	}
+
+	if other.S3UseARNRegion != nil {
+		dst.S3UseARNRegion = other.S3UseARNRegion
+	}
+
 	if other.UseDualStack != nil {
 		dst.UseDualStack = other.UseDualStack
 	}
@@ -454,6 +554,22 @@ func mergeInConfig(dst *Config, other *Config) {
 	if other.EnforceShouldRetryCheck != nil {
 		dst.EnforceShouldRetryCheck = other.EnforceShouldRetryCheck
 	}
+
+	if other.EnableEndpointDiscovery != nil {
+		dst.EnableEndpointDiscovery = other.EnableEndpointDiscovery
+	}
+
+	if other.DisableEndpointHostPrefix != nil {
+		dst.DisableEndpointHostPrefix = other.DisableEndpointHostPrefix
+	}
+
+	if other.STSRegionalEndpoint != endpoints.UnsetSTSEndpoint {
+		dst.STSRegionalEndpoint = other.STSRegionalEndpoint
+	}
+
+	if other.S3UsEast1RegionalEndpoint != endpoints.UnsetS3UsEast1Endpoint {
+		dst.S3UsEast1RegionalEndpoint = other.S3UsEast1RegionalEndpoint
+	}
 }
 
 // Copy will return a shallow copy of the Config object. If any additional
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context.go b/vendor/github.com/aws/aws-sdk-go/aws/context.go
deleted file mode 100644
index 79f426853b5d8..0000000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package aws
-
-import (
-	"time"
-)
-
-// Context is an copy of the Go v1.7 stdlib's context.Context interface.
-// It is represented as a SDK interface to enable you to use the "WithContext"
-// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
-//
-// See https://golang.org/pkg/context on how to use contexts.
-type Context interface {
-	// Deadline returns the time when work done on behalf of this context
-	// should be canceled. Deadline returns ok==false when no deadline is
-	// set. Successive calls to Deadline return the same results.
-	Deadline() (deadline time.Time, ok bool)
-
-	// Done returns a channel that's closed when work done on behalf of this
-	// context should be canceled. Done may return nil if this context can
-	// never be canceled. Successive calls to Done return the same value.
-	Done() <-chan struct{}
-
-	// Err returns a non-nil error value after Done is closed. Err returns
-	// Canceled if the context was canceled or DeadlineExceeded if the
-	// context's deadline passed. No other values for Err are defined.
-	// After Done is closed, successive calls to Err return the same value.
-	Err() error
-
-	// Value returns the value associated with this context for key, or nil
-	// if no value is associated with key. Successive calls to Value with
-	// the same key returns the same result.
-	//
-	// Use context values only for request-scoped data that transits
-	// processes and API boundaries, not for passing optional parameters to
-	// functions.
-	Value(key interface{}) interface{}
-}
-
-// BackgroundContext returns a context that will never be canceled, has no
-// values, and no deadline. This context is used by the SDK to provide
-// backwards compatibility with non-context API operations and functionality.
-//
-// Go 1.6 and before:
-// This context function is equivalent to context.Background in the Go stdlib.
-//
-// Go 1.7 and later:
-// The context returned will be the value returned by context.Background()
-//
-// See https://golang.org/pkg/context for more information on Contexts.
-func BackgroundContext() Context {
-	return backgroundCtx
-}
-
-// SleepWithContext will wait for the timer duration to expire, or the context
-// is canceled. Which ever happens first. If the context is canceled the Context's
-// error will be returned.
-//
-// Expects Context to always return a non-nil error if the Done channel is closed.
-func SleepWithContext(ctx Context, dur time.Duration) error {
-	t := time.NewTimer(dur)
-	defer t.Stop()
-
-	select {
-	case <-t.C:
-		break
-	case <-ctx.Done():
-		return ctx.Err()
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
new file mode 100644
index 0000000000000..2866f9a7fb9d7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
@@ -0,0 +1,37 @@
+// +build !go1.9
+
+package aws
+
+import "time"
+
+// Context is an copy of the Go v1.7 stdlib's context.Context interface.
+// It is represented as a SDK interface to enable you to use the "WithContext"
+// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context interface {
+	// Deadline returns the time when work done on behalf of this context
+	// should be canceled. Deadline returns ok==false when no deadline is
+	// set. Successive calls to Deadline return the same results.
+	Deadline() (deadline time.Time, ok bool)
+
+	// Done returns a channel that's closed when work done on behalf of this
+	// context should be canceled. Done may return nil if this context can
+	// never be canceled. Successive calls to Done return the same value.
+	Done() <-chan struct{}
+
+	// Err returns a non-nil error value after Done is closed. Err returns
+	// Canceled if the context was canceled or DeadlineExceeded if the
+	// context's deadline passed. No other values for Err are defined.
+	// After Done is closed, successive calls to Err return the same value.
+	Err() error
+
+	// Value returns the value associated with this context for key, or nil
+	// if no value is associated with key. Successive calls to Value with
+	// the same key returns the same result.
+	//
+	// Use context values only for request-scoped data that transits
+	// processes and API boundaries, not for passing optional parameters to
+	// functions.
+	Value(key interface{}) interface{}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_6.go
deleted file mode 100644
index 8fdda53033809..0000000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_6.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// +build !go1.7
-
-package aws
-
-import "time"
-
-// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
-// provide a 1.6 and 1.5 safe version of context that is compatible with Go
-// 1.7's Context.
-//
-// An emptyCtx is never canceled, has no values, and has no deadline. It is not
-// struct{}, since vars of this type must have distinct addresses.
-type emptyCtx int
-
-func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
-	return
-}
-
-func (*emptyCtx) Done() <-chan struct{} {
-	return nil
-}
-
-func (*emptyCtx) Err() error {
-	return nil
-}
-
-func (*emptyCtx) Value(key interface{}) interface{} {
-	return nil
-}
-
-func (e *emptyCtx) String() string {
-	switch e {
-	case backgroundCtx:
-		return "aws.BackgroundContext"
-	}
-	return "unknown empty Context"
-}
-
-var (
-	backgroundCtx = new(emptyCtx)
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_7.go
deleted file mode 100644
index 064f75c925cc5..0000000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_7.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// +build go1.7
-
-package aws
-
-import "context"
-
-var (
-	backgroundCtx = context.Background()
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
new file mode 100644
index 0000000000000..3718b26e1019b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
@@ -0,0 +1,11 @@
+// +build go1.9
+
+package aws
+
+import "context"
+
+// Context is an alias of the Go stdlib's context.Context interface.
+// It can be used within the SDK's API operation "WithContext" methods.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context = context.Context
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
new file mode 100644
index 0000000000000..66c5945db15ea
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
@@ -0,0 +1,56 @@
+// +build !go1.7
+
+package aws
+
+import "time"
+
+// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
+// provide a 1.6 and 1.5 safe version of context that is compatible with Go
+// 1.7's Context.
+//
+// An emptyCtx is never canceled, has no values, and has no deadline. It is not
+// struct{}, since vars of this type must have distinct addresses.
+type emptyCtx int
+
+func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
+	return
+}
+
+func (*emptyCtx) Done() <-chan struct{} {
+	return nil
+}
+
+func (*emptyCtx) Err() error {
+	return nil
+}
+
+func (*emptyCtx) Value(key interface{}) interface{} {
+	return nil
+}
+
+func (e *emptyCtx) String() string {
+	switch e {
+	case backgroundCtx:
+		return "aws.BackgroundContext"
+	}
+	return "unknown empty Context"
+}
+
+var (
+	backgroundCtx = new(emptyCtx)
+)
+
+// BackgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func BackgroundContext() Context {
+	return backgroundCtx
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
new file mode 100644
index 0000000000000..9c29f29af17a0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
@@ -0,0 +1,20 @@
+// +build go1.7
+
+package aws
+
+import "context"
+
+// BackgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func BackgroundContext() Context {
+	return context.Background()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go b/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
new file mode 100644
index 0000000000000..304fd156120c1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
@@ -0,0 +1,24 @@
+package aws
+
+import (
+	"time"
+)
+
+// SleepWithContext will wait for the timer duration to expire, or the context
+// is canceled. Which ever happens first. If the context is canceled the Context's
+// error will be returned.
+//
+// Expects Context to always return a non-nil error if the Done channel is closed.
+func SleepWithContext(ctx Context, dur time.Duration) error {
+	t := time.NewTimer(dur)
+	defer t.Stop()
+
+	select {
+	case <-t.C:
+		break
+	case <-ctx.Done():
+		return ctx.Err()
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go b/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
index ff5d58e068318..4e076c1837a74 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
@@ -179,6 +179,242 @@ func IntValueMap(src map[string]*int) map[string]int {
 	return dst
 }
 
+// Uint returns a pointer to the uint value passed in.
+func Uint(v uint) *uint {
+	return &v
+}
+
+// UintValue returns the value of the uint pointer passed in or
+// 0 if the pointer is nil.
+func UintValue(v *uint) uint {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// UintSlice converts a slice of uint values uinto a slice of
+// uint pointers
+func UintSlice(src []uint) []*uint {
+	dst := make([]*uint, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// UintValueSlice converts a slice of uint pointers uinto a slice of
+// uint values
+func UintValueSlice(src []*uint) []uint {
+	dst := make([]uint, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// UintMap converts a string map of uint values uinto a string
+// map of uint pointers
+func UintMap(src map[string]uint) map[string]*uint {
+	dst := make(map[string]*uint)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// UintValueMap converts a string map of uint pointers uinto a string
+// map of uint values
+func UintValueMap(src map[string]*uint) map[string]uint {
+	dst := make(map[string]uint)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int8 returns a pointer to the int8 value passed in.
+func Int8(v int8) *int8 {
+	return &v
+}
+
+// Int8Value returns the value of the int8 pointer passed in or
+// 0 if the pointer is nil.
+func Int8Value(v *int8) int8 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int8Slice converts a slice of int8 values into a slice of
+// int8 pointers
+func Int8Slice(src []int8) []*int8 {
+	dst := make([]*int8, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int8ValueSlice converts a slice of int8 pointers into a slice of
+// int8 values
+func Int8ValueSlice(src []*int8) []int8 {
+	dst := make([]int8, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int8Map converts a string map of int8 values into a string
+// map of int8 pointers
+func Int8Map(src map[string]int8) map[string]*int8 {
+	dst := make(map[string]*int8)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int8ValueMap converts a string map of int8 pointers into a string
+// map of int8 values
+func Int8ValueMap(src map[string]*int8) map[string]int8 {
+	dst := make(map[string]int8)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int16 returns a pointer to the int16 value passed in.
+func Int16(v int16) *int16 {
+	return &v
+}
+
+// Int16Value returns the value of the int16 pointer passed in or
+// 0 if the pointer is nil.
+func Int16Value(v *int16) int16 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int16Slice converts a slice of int16 values into a slice of
+// int16 pointers
+func Int16Slice(src []int16) []*int16 {
+	dst := make([]*int16, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int16ValueSlice converts a slice of int16 pointers into a slice of
+// int16 values
+func Int16ValueSlice(src []*int16) []int16 {
+	dst := make([]int16, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int16Map converts a string map of int16 values into a string
+// map of int16 pointers
+func Int16Map(src map[string]int16) map[string]*int16 {
+	dst := make(map[string]*int16)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int16ValueMap converts a string map of int16 pointers into a string
+// map of int16 values
+func Int16ValueMap(src map[string]*int16) map[string]int16 {
+	dst := make(map[string]int16)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int32 returns a pointer to the int32 value passed in.
+func Int32(v int32) *int32 {
+	return &v
+}
+
+// Int32Value returns the value of the int32 pointer passed in or
+// 0 if the pointer is nil.
+func Int32Value(v *int32) int32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int32Slice converts a slice of int32 values into a slice of
+// int32 pointers
+func Int32Slice(src []int32) []*int32 {
+	dst := make([]*int32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int32ValueSlice converts a slice of int32 pointers into a slice of
+// int32 values
+func Int32ValueSlice(src []*int32) []int32 {
+	dst := make([]int32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int32Map converts a string map of int32 values into a string
+// map of int32 pointers
+func Int32Map(src map[string]int32) map[string]*int32 {
+	dst := make(map[string]*int32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int32ValueMap converts a string map of int32 pointers into a string
+// map of int32 values
+func Int32ValueMap(src map[string]*int32) map[string]int32 {
+	dst := make(map[string]int32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
 // Int64 returns a pointer to the int64 value passed in.
 func Int64(v int64) *int64 {
 	return &v
@@ -238,6 +474,301 @@ func Int64ValueMap(src map[string]*int64) map[string]int64 {
 	return dst
 }
 
+// Uint8 returns a pointer to the uint8 value passed in.
+func Uint8(v uint8) *uint8 {
+	return &v
+}
+
+// Uint8Value returns the value of the uint8 pointer passed in or
+// 0 if the pointer is nil.
+func Uint8Value(v *uint8) uint8 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint8Slice converts a slice of uint8 values into a slice of
+// uint8 pointers
+func Uint8Slice(src []uint8) []*uint8 {
+	dst := make([]*uint8, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint8ValueSlice converts a slice of uint8 pointers into a slice of
+// uint8 values
+func Uint8ValueSlice(src []*uint8) []uint8 {
+	dst := make([]uint8, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint8Map converts a string map of uint8 values into a string
+// map of uint8 pointers
+func Uint8Map(src map[string]uint8) map[string]*uint8 {
+	dst := make(map[string]*uint8)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint8ValueMap converts a string map of uint8 pointers into a string
+// map of uint8 values
+func Uint8ValueMap(src map[string]*uint8) map[string]uint8 {
+	dst := make(map[string]uint8)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint16 returns a pointer to the uint16 value passed in.
+func Uint16(v uint16) *uint16 {
+	return &v
+}
+
+// Uint16Value returns the value of the uint16 pointer passed in or
+// 0 if the pointer is nil.
+func Uint16Value(v *uint16) uint16 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint16Slice converts a slice of uint16 values into a slice of
+// uint16 pointers
+func Uint16Slice(src []uint16) []*uint16 {
+	dst := make([]*uint16, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint16ValueSlice converts a slice of uint16 pointers into a slice of
+// uint16 values
+func Uint16ValueSlice(src []*uint16) []uint16 {
+	dst := make([]uint16, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint16Map converts a string map of uint16 values into a string
+// map of uint16 pointers
+func Uint16Map(src map[string]uint16) map[string]*uint16 {
+	dst := make(map[string]*uint16)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint16ValueMap converts a string map of uint16 pointers into a string
+// map of uint16 values
+func Uint16ValueMap(src map[string]*uint16) map[string]uint16 {
+	dst := make(map[string]uint16)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint32 returns a pointer to the uint32 value passed in.
+func Uint32(v uint32) *uint32 {
+	return &v
+}
+
+// Uint32Value returns the value of the uint32 pointer passed in or
+// 0 if the pointer is nil.
+func Uint32Value(v *uint32) uint32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint32Slice converts a slice of uint32 values into a slice of
+// uint32 pointers
+func Uint32Slice(src []uint32) []*uint32 {
+	dst := make([]*uint32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint32ValueSlice converts a slice of uint32 pointers into a slice of
+// uint32 values
+func Uint32ValueSlice(src []*uint32) []uint32 {
+	dst := make([]uint32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint32Map converts a string map of uint32 values into a string
+// map of uint32 pointers
+func Uint32Map(src map[string]uint32) map[string]*uint32 {
+	dst := make(map[string]*uint32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint32ValueMap converts a string map of uint32 pointers into a string
+// map of uint32 values
+func Uint32ValueMap(src map[string]*uint32) map[string]uint32 {
+	dst := make(map[string]uint32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint64 returns a pointer to the uint64 value passed in.
+func Uint64(v uint64) *uint64 {
+	return &v
+}
+
+// Uint64Value returns the value of the uint64 pointer passed in or
+// 0 if the pointer is nil.
+func Uint64Value(v *uint64) uint64 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint64Slice converts a slice of uint64 values into a slice of
+// uint64 pointers
+func Uint64Slice(src []uint64) []*uint64 {
+	dst := make([]*uint64, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint64ValueSlice converts a slice of uint64 pointers into a slice of
+// uint64 values
+func Uint64ValueSlice(src []*uint64) []uint64 {
+	dst := make([]uint64, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint64Map converts a string map of uint64 values into a string
+// map of uint64 pointers
+func Uint64Map(src map[string]uint64) map[string]*uint64 {
+	dst := make(map[string]*uint64)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint64ValueMap converts a string map of uint64 pointers into a string
+// map of uint64 values
+func Uint64ValueMap(src map[string]*uint64) map[string]uint64 {
+	dst := make(map[string]uint64)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Float32 returns a pointer to the float32 value passed in.
+func Float32(v float32) *float32 {
+	return &v
+}
+
+// Float32Value returns the value of the float32 pointer passed in or
+// 0 if the pointer is nil.
+func Float32Value(v *float32) float32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Float32Slice converts a slice of float32 values into a slice of
+// float32 pointers
+func Float32Slice(src []float32) []*float32 {
+	dst := make([]*float32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Float32ValueSlice converts a slice of float32 pointers into a slice of
+// float32 values
+func Float32ValueSlice(src []*float32) []float32 {
+	dst := make([]float32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Float32Map converts a string map of float32 values into a string
+// map of float32 pointers
+func Float32Map(src map[string]float32) map[string]*float32 {
+	dst := make(map[string]*float32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Float32ValueMap converts a string map of float32 pointers into a string
+// map of float32 values
+func Float32ValueMap(src map[string]*float32) map[string]float32 {
+	dst := make(map[string]float32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
 // Float64 returns a pointer to the float64 value passed in.
 func Float64(v float64) *float64 {
 	return &v
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
index 495e3ef62ca9c..aa902d70837f8 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
@@ -3,12 +3,10 @@ package corehandlers
 import (
 	"bytes"
 	"fmt"
-	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"regexp"
-	"runtime"
 	"strconv"
 	"time"
 
@@ -36,18 +34,13 @@ var BuildContentLengthHandler = request.NamedHandler{Name: "core.BuildContentLen
 	if slength := r.HTTPRequest.Header.Get("Content-Length"); slength != "" {
 		length, _ = strconv.ParseInt(slength, 10, 64)
 	} else {
-		switch body := r.Body.(type) {
-		case nil:
-			length = 0
-		case lener:
-			length = int64(body.Len())
-		case io.Seeker:
-			r.BodyStart, _ = body.Seek(0, 1)
-			end, _ := body.Seek(0, 2)
-			body.Seek(r.BodyStart, 0) // make sure to seek back to original location
-			length = end - r.BodyStart
-		default:
-			panic("Cannot get length of body, must provide `ContentLength`")
+		if r.Body != nil {
+			var err error
+			length, err = aws.SeekerLen(r.Body)
+			if err != nil {
+				r.Error = awserr.New(request.ErrCodeSerialization, "failed to get request body's length", err)
+				return
+			}
 		}
 	}
 
@@ -60,13 +53,6 @@ var BuildContentLengthHandler = request.NamedHandler{Name: "core.BuildContentLen
 	}
 }}
 
-// SDKVersionUserAgentHandler is a request handler for adding the SDK Version to the user agent.
-var SDKVersionUserAgentHandler = request.NamedHandler{
-	Name: "core.SDKVersionUserAgentHandler",
-	Fn: request.MakeAddToUserAgentHandler(aws.SDKName, aws.SDKVersion,
-		runtime.Version(), runtime.GOOS, runtime.GOARCH),
-}
-
 var reStatusCode = regexp.MustCompile(`^(\d{3})`)
 
 // ValidateReqSigHandler is a request handler to ensure that the request's
@@ -86,9 +72,9 @@ var ValidateReqSigHandler = request.NamedHandler{
 			signedTime = r.LastSignedAt
 		}
 
-		// 10 minutes to allow for some clock skew/delays in transmission.
+		// 5 minutes to allow for some clock skew/delays in transmission.
 		// Would be improved with aws/aws-sdk-go#423
-		if signedTime.Add(10 * time.Minute).After(time.Now()) {
+		if signedTime.Add(5 * time.Minute).After(time.Now()) {
 			return
 		}
 
@@ -173,9 +159,9 @@ func handleSendError(r *request.Request, err error) {
 			Body:       ioutil.NopCloser(bytes.NewReader([]byte{})),
 		}
 	}
-	// Catch all other request errors.
-	r.Error = awserr.New("RequestError", "send request failed", err)
-	r.Retryable = aws.Bool(true) // network errors are retryable
+	// Catch all request errors, and let the default retrier determine
+	// if the error is retryable.
+	r.Error = awserr.New(request.ErrCodeRequestError, "send request failed", err)
 
 	// Override the error with a context canceled error, if that was canceled.
 	ctx := r.Context()
@@ -198,37 +184,39 @@ var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseH
 
 // AfterRetryHandler performs final checks to determine if the request should
 // be retried and how long to delay.
-var AfterRetryHandler = request.NamedHandler{Name: "core.AfterRetryHandler", Fn: func(r *request.Request) {
-	// If one of the other handlers already set the retry state
-	// we don't want to override it based on the service's state
-	if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) {
-		r.Retryable = aws.Bool(r.ShouldRetry(r))
-	}
+var AfterRetryHandler = request.NamedHandler{
+	Name: "core.AfterRetryHandler",
+	Fn: func(r *request.Request) {
+		// If one of the other handlers already set the retry state
+		// we don't want to override it based on the service's state
+		if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) {
+			r.Retryable = aws.Bool(r.ShouldRetry(r))
+		}
 
-	if r.WillRetry() {
-		r.RetryDelay = r.RetryRules(r)
+		if r.WillRetry() {
+			r.RetryDelay = r.RetryRules(r)
+
+			if sleepFn := r.Config.SleepDelay; sleepFn != nil {
+				// Support SleepDelay for backwards compatibility and testing
+				sleepFn(r.RetryDelay)
+			} else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil {
+				r.Error = awserr.New(request.CanceledErrorCode,
+					"request context canceled", err)
+				r.Retryable = aws.Bool(false)
+				return
+			}
 
-		if sleepFn := r.Config.SleepDelay; sleepFn != nil {
-			// Support SleepDelay for backwards compatibility and testing
-			sleepFn(r.RetryDelay)
-		} else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil {
-			r.Error = awserr.New(request.CanceledErrorCode,
-				"request context canceled", err)
-			r.Retryable = aws.Bool(false)
-			return
-		}
+			// when the expired token exception occurs the credentials
+			// need to be expired locally so that the next request to
+			// get credentials will trigger a credentials refresh.
+			if r.IsErrorExpired() {
+				r.Config.Credentials.Expire()
+			}
 
-		// when the expired token exception occurs the credentials
-		// need to be expired locally so that the next request to
-		// get credentials will trigger a credentials refresh.
-		if r.IsErrorExpired() {
-			r.Config.Credentials.Expire()
+			r.RetryCount++
+			r.Error = nil
 		}
-
-		r.RetryCount++
-		r.Error = nil
-	}
-}}
+	}}
 
 // ValidateEndpointHandler is a request handler to validate a request had the
 // appropriate Region and Endpoint set. Will set r.Error if the endpoint or
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
new file mode 100644
index 0000000000000..ab69c7a6f3889
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
@@ -0,0 +1,37 @@
+package corehandlers
+
+import (
+	"os"
+	"runtime"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// SDKVersionUserAgentHandler is a request handler for adding the SDK Version
+// to the user agent.
+var SDKVersionUserAgentHandler = request.NamedHandler{
+	Name: "core.SDKVersionUserAgentHandler",
+	Fn: request.MakeAddToUserAgentHandler(aws.SDKName, aws.SDKVersion,
+		runtime.Version(), runtime.GOOS, runtime.GOARCH),
+}
+
+const execEnvVar = `AWS_EXECUTION_ENV`
+const execEnvUAKey = `exec-env`
+
+// AddHostExecEnvUserAgentHander is a request handler appending the SDK's
+// execution environment to the user agent.
+//
+// If the environment variable AWS_EXECUTION_ENV is set, its value will be
+// appended to the user agent string.
+var AddHostExecEnvUserAgentHander = request.NamedHandler{
+	Name: "core.AddHostExecEnvUserAgentHander",
+	Fn: func(r *request.Request) {
+		v := os.Getenv(execEnvVar)
+		if len(v) == 0 {
+			return
+		}
+
+		request.AddToUserAgent(r, execEnvUAKey+"/"+v)
+	},
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
index f298d6596268b..3ad1e798df80e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
@@ -9,9 +9,7 @@ var (
 	// providers in the ChainProvider.
 	//
 	// This has been deprecated. For verbose error messaging set
-	// aws.Config.CredentialsChainVerboseErrors to true
-	//
-	// @readonly
+	// aws.Config.CredentialsChainVerboseErrors to true.
 	ErrNoValidProvidersFoundInChain = awserr.New("NoCredentialProviders",
 		`no valid providers in chain. Deprecated.
 	For verbose messaging see aws.Config.CredentialsChainVerboseErrors`,
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
index 42416fc2f0fcc..4af592158144c 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
@@ -49,8 +49,11 @@
 package credentials
 
 import (
+	"fmt"
 	"sync"
 	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
 )
 
 // AnonymousCredentials is an empty Credential object that can be used as
@@ -64,8 +67,6 @@ import (
 //       Credentials: credentials.AnonymousCredentials,
 //     })))
 //     // Access public S3 buckets.
-//
-// @readonly
 var AnonymousCredentials = NewStaticCredentials("", "", "")
 
 // A Value is the AWS credentials value for individual credential fields.
@@ -83,6 +84,12 @@ type Value struct {
 	ProviderName string
 }
 
+// HasKeys returns if the credentials Value has both AccessKeyID and
+// SecretAccessKey value set.
+func (v Value) HasKeys() bool {
+	return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0
+}
+
 // A Provider is the interface for any component which will provide credentials
 // Value. A provider is required to manage its own Expired state, and what to
 // be expired means.
@@ -99,6 +106,14 @@ type Provider interface {
 	IsExpired() bool
 }
 
+// An Expirer is an interface that Providers can implement to expose the expiration
+// time, if known.  If the Provider cannot accurately provide this info,
+// it should not implement this interface.
+type Expirer interface {
+	// The time at which the credentials are no longer valid
+	ExpiresAt() time.Time
+}
+
 // An ErrorProvider is a stub credentials provider that always returns an error
 // this is used by the SDK when construction a known provider is not possible
 // due to an error.
@@ -158,13 +173,19 @@ func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
 
 // IsExpired returns if the credentials are expired.
 func (e *Expiry) IsExpired() bool {
-	if e.CurrentTime == nil {
-		e.CurrentTime = time.Now
+	curTime := e.CurrentTime
+	if curTime == nil {
+		curTime = time.Now
 	}
-	return e.expiration.Before(e.CurrentTime())
+	return e.expiration.Before(curTime())
+}
+
+// ExpiresAt returns the expiration time of the credential
+func (e *Expiry) ExpiresAt() time.Time {
+	return e.expiration
 }
 
-// A Credentials provides synchronous safe retrieval of AWS credentials Value.
+// A Credentials provides concurrency safe retrieval of AWS credentials Value.
 // Credentials will cache the credentials value until they expire. Once the value
 // expires the next Get will attempt to retrieve valid credentials.
 //
@@ -178,7 +199,8 @@ func (e *Expiry) IsExpired() bool {
 type Credentials struct {
 	creds        Value
 	forceRefresh bool
-	m            sync.Mutex
+
+	m sync.RWMutex
 
 	provider Provider
 }
@@ -201,6 +223,17 @@ func NewCredentials(provider Provider) *Credentials {
 // If Credentials.Expire() was called the credentials Value will be force
 // expired, and the next call to Get() will cause them to be refreshed.
 func (c *Credentials) Get() (Value, error) {
+	// Check the cached credentials first with just the read lock.
+	c.m.RLock()
+	if !c.isExpired() {
+		creds := c.creds
+		c.m.RUnlock()
+		return creds, nil
+	}
+	c.m.RUnlock()
+
+	// Credentials are expired need to retrieve the credentials taking the full
+	// lock.
 	c.m.Lock()
 	defer c.m.Unlock()
 
@@ -234,8 +267,8 @@ func (c *Credentials) Expire() {
 // If the Credentials were forced to be expired with Expire() this will
 // reflect that override.
 func (c *Credentials) IsExpired() bool {
-	c.m.Lock()
-	defer c.m.Unlock()
+	c.m.RLock()
+	defer c.m.RUnlock()
 
 	return c.isExpired()
 }
@@ -244,3 +277,23 @@ func (c *Credentials) IsExpired() bool {
 func (c *Credentials) isExpired() bool {
 	return c.forceRefresh || c.provider.IsExpired()
 }
+
+// ExpiresAt provides access to the functionality of the Expirer interface of
+// the underlying Provider, if it supports that interface.  Otherwise, it returns
+// an error.
+func (c *Credentials) ExpiresAt() (time.Time, error) {
+	c.m.RLock()
+	defer c.m.RUnlock()
+
+	expirer, ok := c.provider.(Expirer)
+	if !ok {
+		return time.Time{}, awserr.New("ProviderNotExpirer",
+			fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.ProviderName),
+			nil)
+	}
+	if c.forceRefresh {
+		// set expiration time to the distant past
+		return time.Time{}, nil
+	}
+	return expirer.ExpiresAt(), nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
index c39749524ecac..43d4ed386ab85 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"encoding/json"
 	"fmt"
-	"path"
 	"strings"
 	"time"
 
@@ -12,6 +11,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkuri"
 )
 
 // ProviderName provides a name of EC2Role provider
@@ -125,7 +126,7 @@ type ec2RoleCredRespBody struct {
 	Message string
 }
 
-const iamSecurityCredsPath = "/iam/security-credentials"
+const iamSecurityCredsPath = "iam/security-credentials/"
 
 // requestCredList requests a list of credentials from the EC2 service.
 // If there are no credentials, or there is an error making or receiving the request
@@ -142,7 +143,8 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
 	}
 
 	if err := s.Err(); err != nil {
-		return nil, awserr.New("SerializationError", "failed to read EC2 instance role from metadata service", err)
+		return nil, awserr.New(request.ErrCodeSerialization,
+			"failed to read EC2 instance role from metadata service", err)
 	}
 
 	return credsList, nil
@@ -153,7 +155,7 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
 // If the credentials cannot be found, or there is an error reading the response
 // and error will be returned.
 func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCredRespBody, error) {
-	resp, err := client.GetMetadata(path.Join(iamSecurityCredsPath, credsName))
+	resp, err := client.GetMetadata(sdkuri.PathJoin(iamSecurityCredsPath, credsName))
 	if err != nil {
 		return ec2RoleCredRespBody{},
 			awserr.New("EC2RoleRequestError",
@@ -164,7 +166,7 @@ func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCred
 	respCreds := ec2RoleCredRespBody{}
 	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil {
 		return ec2RoleCredRespBody{},
-			awserr.New("SerializationError",
+			awserr.New(request.ErrCodeSerialization,
 				fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName),
 				err)
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
index a4cec5c553a48..1a7af53a4da17 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
@@ -39,6 +39,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client/metadata"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
 )
 
 // ProviderName is the name of the credentials provider.
@@ -65,6 +66,10 @@ type Provider struct {
 	//
 	// If ExpiryWindow is 0 or less it will be ignored.
 	ExpiryWindow time.Duration
+
+	// Optional authorization token value if set will be used as the value of
+	// the Authorization header of the endpoint credential request.
+	AuthorizationToken string
 }
 
 // NewProviderClient returns a credentials Provider for retrieving AWS credentials
@@ -93,8 +98,8 @@ func NewProviderClient(cfg aws.Config, handlers request.Handlers, endpoint strin
 	return p
 }
 
-// NewCredentialsClient returns a Credentials wrapper for retrieving credentials
-// from an arbitrary endpoint concurrently. The client will request the
+// NewCredentialsClient returns a pointer to a new Credentials object
+// wrapping the endpoint credentials Provider.
 func NewCredentialsClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) *credentials.Credentials {
 	return credentials.NewCredentials(NewProviderClient(cfg, handlers, endpoint, options...))
 }
@@ -152,6 +157,9 @@ func (p *Provider) getCredentials() (*getCredentialsOutput, error) {
 	out := &getCredentialsOutput{}
 	req := p.Client.NewRequest(op, nil, out)
 	req.HTTPRequest.Header.Set("Accept", "application/json")
+	if authToken := p.AuthorizationToken; len(authToken) != 0 {
+		req.HTTPRequest.Header.Set("Authorization", authToken)
+	}
 
 	return out, req.Send()
 }
@@ -167,7 +175,7 @@ func unmarshalHandler(r *request.Request) {
 
 	out := r.Data.(*getCredentialsOutput)
 	if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil {
-		r.Error = awserr.New("SerializationError",
+		r.Error = awserr.New(request.ErrCodeSerialization,
 			"failed to decode endpoint credentials",
 			err,
 		)
@@ -178,11 +186,15 @@ func unmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
 
 	var errOut errorOutput
-	if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&errOut); err != nil {
-		r.Error = awserr.New("SerializationError",
-			"failed to decode endpoint credentials",
-			err,
+	err := jsonutil.UnmarshalJSONError(&errOut, r.HTTPResponse.Body)
+	if err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization,
+				"failed to decode error message", err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
 		)
+		return
 	}
 
 	// Response body format is not consistent between metadata endpoints.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
index c14231a16f2b4..54c5cf7333ffc 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
@@ -12,14 +12,10 @@ const EnvProviderName = "EnvProvider"
 var (
 	// ErrAccessKeyIDNotFound is returned when the AWS Access Key ID can't be
 	// found in the process's environment.
-	//
-	// @readonly
 	ErrAccessKeyIDNotFound = awserr.New("EnvAccessKeyNotFound", "AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment", nil)
 
 	// ErrSecretAccessKeyNotFound is returned when the AWS Secret Access Key
 	// can't be found in the process's environment.
-	//
-	// @readonly
 	ErrSecretAccessKeyNotFound = awserr.New("EnvSecretNotFound", "AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environment", nil)
 )
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
new file mode 100644
index 0000000000000..e62483600299c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
@@ -0,0 +1,426 @@
+/*
+Package processcreds is a credential Provider to retrieve `credential_process`
+credentials.
+
+WARNING: The following describes a method of sourcing credentials from an external
+process. This can potentially be dangerous, so proceed with caution. Other
+credential providers should be preferred if at all possible. If using this
+option, you should make sure that the config file is as locked down as possible
+using security best practices for your operating system.
+
+You can use credentials from a `credential_process` in a variety of ways.
+
+One way is to setup your shared config file, located in the default
+location, with the `credential_process` key and the command you want to be
+called. You also need to set the AWS_SDK_LOAD_CONFIG environment variable
+(e.g., `export AWS_SDK_LOAD_CONFIG=1`) to use the shared config file.
+
+    [default]
+    credential_process = /command/to/call
+
+Creating a new session will use the credential process to retrieve credentials.
+NOTE: If there are credentials in the profile you are using, the credential
+process will not be used.
+
+    // Initialize a session to load credentials.
+    sess, _ := session.NewSession(&aws.Config{
+        Region: aws.String("us-east-1")},
+    )
+
+    // Create S3 service client to use the credentials.
+    svc := s3.New(sess)
+
+Another way to use the `credential_process` method is by using
+`credentials.NewCredentials()` and providing a command to be executed to
+retrieve credentials:
+
+    // Create credentials using the ProcessProvider.
+    creds := processcreds.NewCredentials("/path/to/command")
+
+    // Create service client value configured for credentials.
+    svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+You can set a non-default timeout for the `credential_process` with another
+constructor, `credentials.NewCredentialsTimeout()`, providing the timeout. To
+set a one minute timeout:
+
+    // Create credentials using the ProcessProvider.
+    creds := processcreds.NewCredentialsTimeout(
+        "/path/to/command",
+        time.Duration(500) * time.Millisecond)
+
+If you need more control, you can set any configurable options in the
+credentials using one or more option functions. For example, you can set a two
+minute timeout, a credential duration of 60 minutes, and a maximum stdout
+buffer size of 2k.
+
+    creds := processcreds.NewCredentials(
+        "/path/to/command",
+        func(opt *ProcessProvider) {
+            opt.Timeout = time.Duration(2) * time.Minute
+            opt.Duration = time.Duration(60) * time.Minute
+            opt.MaxBufSize = 2048
+        })
+
+You can also use your own `exec.Cmd`:
+
+	// Create an exec.Cmd
+	myCommand := exec.Command("/path/to/command")
+
+	// Create credentials using your exec.Cmd and custom timeout
+	creds := processcreds.NewCredentialsCommand(
+		myCommand,
+		func(opt *processcreds.ProcessProvider) {
+			opt.Timeout = time.Duration(1) * time.Second
+		})
+*/
+package processcreds
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
+)
+
+const (
+	// ProviderName is the name this credentials provider will label any
+	// returned credentials Value with.
+	ProviderName = `ProcessProvider`
+
+	// ErrCodeProcessProviderParse error parsing process output
+	ErrCodeProcessProviderParse = "ProcessProviderParseError"
+
+	// ErrCodeProcessProviderVersion version error in output
+	ErrCodeProcessProviderVersion = "ProcessProviderVersionError"
+
+	// ErrCodeProcessProviderRequired required attribute missing in output
+	ErrCodeProcessProviderRequired = "ProcessProviderRequiredError"
+
+	// ErrCodeProcessProviderExecution execution of command failed
+	ErrCodeProcessProviderExecution = "ProcessProviderExecutionError"
+
+	// errMsgProcessProviderTimeout process took longer than allowed
+	errMsgProcessProviderTimeout = "credential process timed out"
+
+	// errMsgProcessProviderProcess process error
+	errMsgProcessProviderProcess = "error in credential_process"
+
+	// errMsgProcessProviderParse problem parsing output
+	errMsgProcessProviderParse = "parse failed of credential_process output"
+
+	// errMsgProcessProviderVersion version error in output
+	errMsgProcessProviderVersion = "wrong version in process output (not 1)"
+
+	// errMsgProcessProviderMissKey missing access key id in output
+	errMsgProcessProviderMissKey = "missing AccessKeyId in process output"
+
+	// errMsgProcessProviderMissSecret missing secret acess key in output
+	errMsgProcessProviderMissSecret = "missing SecretAccessKey in process output"
+
+	// errMsgProcessProviderPrepareCmd prepare of command failed
+	errMsgProcessProviderPrepareCmd = "failed to prepare command"
+
+	// errMsgProcessProviderEmptyCmd command must not be empty
+	errMsgProcessProviderEmptyCmd = "command must not be empty"
+
+	// errMsgProcessProviderPipe failed to initialize pipe
+	errMsgProcessProviderPipe = "failed to initialize pipe"
+
+	// DefaultDuration is the default amount of time in minutes that the
+	// credentials will be valid for.
+	DefaultDuration = time.Duration(15) * time.Minute
+
+	// DefaultBufSize limits buffer size from growing to an enormous
+	// amount due to a faulty process.
+	DefaultBufSize = int(8 * sdkio.KibiByte)
+
+	// DefaultTimeout default limit on time a process can run.
+	DefaultTimeout = time.Duration(1) * time.Minute
+)
+
+// ProcessProvider satisfies the credentials.Provider interface, and is a
+// client to retrieve credentials from a process.
+type ProcessProvider struct {
+	staticCreds bool
+	credentials.Expiry
+	originalCommand []string
+
+	// Expiry duration of the credentials. Defaults to 15 minutes if not set.
+	Duration time.Duration
+
+	// ExpiryWindow will allow the credentials to trigger refreshing prior to
+	// the credentials actually expiring. This is beneficial so race conditions
+	// with expiring credentials do not cause request to fail unexpectedly
+	// due to ExpiredTokenException exceptions.
+	//
+	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
+	// 10 seconds before the credentials are actually expired.
+	//
+	// If ExpiryWindow is 0 or less it will be ignored.
+	ExpiryWindow time.Duration
+
+	// A string representing an os command that should return a JSON with
+	// credential information.
+	command *exec.Cmd
+
+	// MaxBufSize limits memory usage from growing to an enormous
+	// amount due to a faulty process.
+	MaxBufSize int
+
+	// Timeout limits the time a process can run.
+	Timeout time.Duration
+}
+
+// NewCredentials returns a pointer to a new Credentials object wrapping the
+// ProcessProvider. The credentials will expire every 15 minutes by default.
+func NewCredentials(command string, options ...func(*ProcessProvider)) *credentials.Credentials {
+	p := &ProcessProvider{
+		command:    exec.Command(command),
+		Duration:   DefaultDuration,
+		Timeout:    DefaultTimeout,
+		MaxBufSize: DefaultBufSize,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// NewCredentialsTimeout returns a pointer to a new Credentials object with
+// the specified command and timeout, and default duration and max buffer size.
+func NewCredentialsTimeout(command string, timeout time.Duration) *credentials.Credentials {
+	p := NewCredentials(command, func(opt *ProcessProvider) {
+		opt.Timeout = timeout
+	})
+
+	return p
+}
+
+// NewCredentialsCommand returns a pointer to a new Credentials object with
+// the specified command, and default timeout, duration and max buffer size.
+func NewCredentialsCommand(command *exec.Cmd, options ...func(*ProcessProvider)) *credentials.Credentials {
+	p := &ProcessProvider{
+		command:    command,
+		Duration:   DefaultDuration,
+		Timeout:    DefaultTimeout,
+		MaxBufSize: DefaultBufSize,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+type credentialProcessResponse struct {
+	Version         int
+	AccessKeyID     string `json:"AccessKeyId"`
+	SecretAccessKey string
+	SessionToken    string
+	Expiration      *time.Time
+}
+
+// Retrieve executes the 'credential_process' and returns the credentials.
+func (p *ProcessProvider) Retrieve() (credentials.Value, error) {
+	out, err := p.executeCredentialProcess()
+	if err != nil {
+		return credentials.Value{ProviderName: ProviderName}, err
+	}
+
+	// Serialize and validate response
+	resp := &credentialProcessResponse{}
+	if err = json.Unmarshal(out, resp); err != nil {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderParse,
+			fmt.Sprintf("%s: %s", errMsgProcessProviderParse, string(out)),
+			err)
+	}
+
+	if resp.Version != 1 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderVersion,
+			errMsgProcessProviderVersion,
+			nil)
+	}
+
+	if len(resp.AccessKeyID) == 0 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderRequired,
+			errMsgProcessProviderMissKey,
+			nil)
+	}
+
+	if len(resp.SecretAccessKey) == 0 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderRequired,
+			errMsgProcessProviderMissSecret,
+			nil)
+	}
+
+	// Handle expiration
+	p.staticCreds = resp.Expiration == nil
+	if resp.Expiration != nil {
+		p.SetExpiration(*resp.Expiration, p.ExpiryWindow)
+	}
+
+	return credentials.Value{
+		ProviderName:    ProviderName,
+		AccessKeyID:     resp.AccessKeyID,
+		SecretAccessKey: resp.SecretAccessKey,
+		SessionToken:    resp.SessionToken,
+	}, nil
+}
+
+// IsExpired returns true if the credentials retrieved are expired, or not yet
+// retrieved.
+func (p *ProcessProvider) IsExpired() bool {
+	if p.staticCreds {
+		return false
+	}
+	return p.Expiry.IsExpired()
+}
+
+// prepareCommand prepares the command to be executed.
+func (p *ProcessProvider) prepareCommand() error {
+
+	var cmdArgs []string
+	if runtime.GOOS == "windows" {
+		cmdArgs = []string{"cmd.exe", "/C"}
+	} else {
+		cmdArgs = []string{"sh", "-c"}
+	}
+
+	if len(p.originalCommand) == 0 {
+		p.originalCommand = make([]string, len(p.command.Args))
+		copy(p.originalCommand, p.command.Args)
+
+		// check for empty command because it succeeds
+		if len(strings.TrimSpace(p.originalCommand[0])) < 1 {
+			return awserr.New(
+				ErrCodeProcessProviderExecution,
+				fmt.Sprintf(
+					"%s: %s",
+					errMsgProcessProviderPrepareCmd,
+					errMsgProcessProviderEmptyCmd),
+				nil)
+		}
+	}
+
+	cmdArgs = append(cmdArgs, p.originalCommand...)
+	p.command = exec.Command(cmdArgs[0], cmdArgs[1:]...)
+	p.command.Env = os.Environ()
+
+	return nil
+}
+
+// executeCredentialProcess starts the credential process on the OS and
+// returns the results or an error.
+func (p *ProcessProvider) executeCredentialProcess() ([]byte, error) {
+
+	if err := p.prepareCommand(); err != nil {
+		return nil, err
+	}
+
+	// Setup the pipes
+	outReadPipe, outWritePipe, err := os.Pipe()
+	if err != nil {
+		return nil, awserr.New(
+			ErrCodeProcessProviderExecution,
+			errMsgProcessProviderPipe,
+			err)
+	}
+
+	p.command.Stderr = os.Stderr    // display stderr on console for MFA
+	p.command.Stdout = outWritePipe // get creds json on process's stdout
+	p.command.Stdin = os.Stdin      // enable stdin for MFA
+
+	output := bytes.NewBuffer(make([]byte, 0, p.MaxBufSize))
+
+	stdoutCh := make(chan error, 1)
+	go readInput(
+		io.LimitReader(outReadPipe, int64(p.MaxBufSize)),
+		output,
+		stdoutCh)
+
+	execCh := make(chan error, 1)
+	go executeCommand(*p.command, execCh)
+
+	finished := false
+	var errors []error
+	for !finished {
+		select {
+		case readError := <-stdoutCh:
+			errors = appendError(errors, readError)
+			finished = true
+		case execError := <-execCh:
+			err := outWritePipe.Close()
+			errors = appendError(errors, err)
+			errors = appendError(errors, execError)
+			if errors != nil {
+				return output.Bytes(), awserr.NewBatchError(
+					ErrCodeProcessProviderExecution,
+					errMsgProcessProviderProcess,
+					errors)
+			}
+		case <-time.After(p.Timeout):
+			finished = true
+			return output.Bytes(), awserr.NewBatchError(
+				ErrCodeProcessProviderExecution,
+				errMsgProcessProviderTimeout,
+				errors) // errors can be nil
+		}
+	}
+
+	out := output.Bytes()
+
+	if runtime.GOOS == "windows" {
+		// windows adds slashes to quotes
+		out = []byte(strings.Replace(string(out), `\"`, `"`, -1))
+	}
+
+	return out, nil
+}
+
+// appendError conveniently checks for nil before appending slice
+func appendError(errors []error, err error) []error {
+	if err != nil {
+		return append(errors, err)
+	}
+	return errors
+}
+
+func executeCommand(cmd exec.Cmd, exec chan error) {
+	// Start the command
+	err := cmd.Start()
+	if err == nil {
+		err = cmd.Wait()
+	}
+
+	exec <- err
+}
+
+func readInput(r io.Reader, w io.Writer, read chan error) {
+	tee := io.TeeReader(r, w)
+
+	_, err := ioutil.ReadAll(tee)
+
+	if err == io.EOF {
+		err = nil
+	}
+
+	read <- err // will only arrive here when write end of pipe is closed
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
index 51e21e0f38f65..e1551495812ab 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
@@ -4,9 +4,8 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/go-ini/ini"
-
 	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/internal/ini"
 	"github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
@@ -77,36 +76,37 @@ func (p *SharedCredentialsProvider) IsExpired() bool {
 // The credentials retrieved from the profile will be returned or error. Error will be
 // returned if it fails to read from the file, or the data is invalid.
 func loadProfile(filename, profile string) (Value, error) {
-	config, err := ini.Load(filename)
+	config, err := ini.OpenFile(filename)
 	if err != nil {
 		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to load shared credentials file", err)
 	}
-	iniProfile, err := config.GetSection(profile)
-	if err != nil {
-		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to get profile", err)
+
+	iniProfile, ok := config.GetSection(profile)
+	if !ok {
+		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to get profile", nil)
 	}
 
-	id, err := iniProfile.GetKey("aws_access_key_id")
-	if err != nil {
+	id := iniProfile.String("aws_access_key_id")
+	if len(id) == 0 {
 		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsAccessKey",
 			fmt.Sprintf("shared credentials %s in %s did not contain aws_access_key_id", profile, filename),
-			err)
+			nil)
 	}
 
-	secret, err := iniProfile.GetKey("aws_secret_access_key")
-	if err != nil {
+	secret := iniProfile.String("aws_secret_access_key")
+	if len(secret) == 0 {
 		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsSecret",
 			fmt.Sprintf("shared credentials %s in %s did not contain aws_secret_access_key", profile, filename),
 			nil)
 	}
 
 	// Default to empty string if not found
-	token := iniProfile.Key("aws_session_token")
+	token := iniProfile.String("aws_session_token")
 
 	return Value{
-		AccessKeyID:     id.String(),
-		SecretAccessKey: secret.String(),
-		SessionToken:    token.String(),
+		AccessKeyID:     id,
+		SecretAccessKey: secret,
+		SessionToken:    token,
 		ProviderName:    SharedCredsProviderName,
 	}, nil
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
index 4f5dab3fcc477..531139e3971a2 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
@@ -9,8 +9,6 @@ const StaticProviderName = "StaticProvider"
 
 var (
 	// ErrStaticCredentialsEmpty is emitted when static credentials are empty.
-	//
-	// @readonly
 	ErrStaticCredentialsEmpty = awserr.New("EmptyStaticCreds", "static credentials are empty", nil)
 )
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
index 4108e433e64a1..9f37f44bcfa32 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@@ -80,16 +80,18 @@ package stscreds
 
 import (
 	"fmt"
+	"os"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/internal/sdkrand"
 	"github.com/aws/aws-sdk-go/service/sts"
 )
 
-// StdinTokenProvider will prompt on stdout and read from stdin for a string value.
+// StdinTokenProvider will prompt on stderr and read from stdin for a string value.
 // An error is returned if reading from stdin fails.
 //
 // Use this function go read MFA tokens from stdin. The function makes no attempt
@@ -102,7 +104,7 @@ import (
 // Will wait forever until something is provided on the stdin.
 func StdinTokenProvider() (string, error) {
 	var v string
-	fmt.Printf("Assume Role MFA token code: ")
+	fmt.Fprintf(os.Stderr, "Assume Role MFA token code: ")
 	_, err := fmt.Scanln(&v)
 
 	return v, err
@@ -142,6 +144,13 @@ type AssumeRoleProvider struct {
 	// Session name, if you wish to reuse the credentials elsewhere.
 	RoleSessionName string
 
+	// Optional, you can pass tag key-value pairs to your session. These tags are called session tags.
+	Tags []*sts.Tag
+
+	// A list of keys for session tags that you want to set as transitive.
+	// If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
+	TransitiveTagKeys []*string
+
 	// Expiry duration of the STS credentials. Defaults to 15 minutes if not set.
 	Duration time.Duration
 
@@ -193,6 +202,18 @@ type AssumeRoleProvider struct {
 	//
 	// If ExpiryWindow is 0 or less it will be ignored.
 	ExpiryWindow time.Duration
+
+	// MaxJitterFrac reduces the effective Duration of each credential requested
+	// by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must
+	// have a value between 0 and 1. Any other value may lead to expected behavior.
+	// With a MaxJitterFrac value of 0, default) will no jitter will be used.
+	//
+	// For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the
+	// AssumeRole call will be made with an arbitrary Duration between 27m and
+	// 30m.
+	//
+	// MaxJitterFrac should not be negative.
+	MaxJitterFrac float64
 }
 
 // NewCredentials returns a pointer to a new Credentials object wrapping the
@@ -244,7 +265,6 @@ func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(*
 
 // Retrieve generates a new set of temporary credentials using STS.
 func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
-
 	// Apply defaults where parameters are not set.
 	if p.RoleSessionName == "" {
 		// Try to work out a role name that will hopefully end up unique.
@@ -254,11 +274,14 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
 		// Expire as often as AWS permits.
 		p.Duration = DefaultDuration
 	}
+	jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration))
 	input := &sts.AssumeRoleInput{
-		DurationSeconds: aws.Int64(int64(p.Duration / time.Second)),
-		RoleArn:         aws.String(p.RoleARN),
-		RoleSessionName: aws.String(p.RoleSessionName),
-		ExternalId:      p.ExternalID,
+		DurationSeconds:   aws.Int64(int64((p.Duration - jitter) / time.Second)),
+		RoleArn:           aws.String(p.RoleARN),
+		RoleSessionName:   aws.String(p.RoleSessionName),
+		ExternalId:        p.ExternalID,
+		Tags:              p.Tags,
+		TransitiveTagKeys: p.TransitiveTagKeys,
 	}
 	if p.Policy != nil {
 		input.Policy = p.Policy
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
new file mode 100644
index 0000000000000..b20b63394847c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
@@ -0,0 +1,100 @@
+package stscreds
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/aws/aws-sdk-go/service/sts/stsiface"
+)
+
+const (
+	// ErrCodeWebIdentity will be used as an error code when constructing
+	// a new error to be returned during session creation or retrieval.
+	ErrCodeWebIdentity = "WebIdentityErr"
+
+	// WebIdentityProviderName is the web identity provider name
+	WebIdentityProviderName = "WebIdentityCredentials"
+)
+
+// now is used to return a time.Time object representing
+// the current time. This can be used to easily test and
+// compare test values.
+var now = time.Now
+
+// WebIdentityRoleProvider is used to retrieve credentials using
+// an OIDC token.
+type WebIdentityRoleProvider struct {
+	credentials.Expiry
+
+	client       stsiface.STSAPI
+	ExpiryWindow time.Duration
+
+	tokenFilePath   string
+	roleARN         string
+	roleSessionName string
+}
+
+// NewWebIdentityCredentials will return a new set of credentials with a given
+// configuration, role arn, and token file path.
+func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
+	svc := sts.New(c)
+	p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
+	return credentials.NewCredentials(p)
+}
+
+// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
+// provided stsiface.STSAPI
+func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
+	return &WebIdentityRoleProvider{
+		client:          svc,
+		tokenFilePath:   path,
+		roleARN:         roleARN,
+		roleSessionName: roleSessionName,
+	}
+}
+
+// Retrieve will attempt to assume a role from a token which is located at
+// 'WebIdentityTokenFilePath' specified destination and if that is empty an
+// error will be returned.
+func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
+	b, err := ioutil.ReadFile(p.tokenFilePath)
+	if err != nil {
+		errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath)
+		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err)
+	}
+
+	sessionName := p.roleSessionName
+	if len(sessionName) == 0 {
+		// session name is used to uniquely identify a session. This simply
+		// uses unix time in nanoseconds to uniquely identify sessions.
+		sessionName = strconv.FormatInt(now().UnixNano(), 10)
+	}
+	req, resp := p.client.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{
+		RoleArn:          &p.roleARN,
+		RoleSessionName:  &sessionName,
+		WebIdentityToken: aws.String(string(b)),
+	})
+	// InvalidIdentityToken error is a temporary error that can occur
+	// when assuming an Role with a JWT web identity token.
+	req.RetryErrorCodes = append(req.RetryErrorCodes, sts.ErrCodeInvalidIdentityTokenException)
+	if err := req.Send(); err != nil {
+		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err)
+	}
+
+	p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow)
+
+	value := credentials.Value{
+		AccessKeyID:     aws.StringValue(resp.Credentials.AccessKeyId),
+		SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey),
+		SessionToken:    aws.StringValue(resp.Credentials.SessionToken),
+		ProviderName:    WebIdentityProviderName,
+	}
+	return value, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
new file mode 100644
index 0000000000000..25a66d1dda22d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
@@ -0,0 +1,69 @@
+// Package csm provides the Client Side Monitoring (CSM) client which enables
+// sending metrics via UDP connection to the CSM agent. This package provides
+// control options, and configuration for the CSM client. The client can be
+// controlled manually, or automatically via the SDK's Session configuration.
+//
+// Enabling CSM client via SDK's Session configuration
+//
+// The CSM client can be enabled automatically via SDK's Session configuration.
+// The SDK's session configuration enables the CSM client if the AWS_CSM_PORT
+// environment variable is set to a non-empty value.
+//
+// The configuration options for the CSM client via the SDK's session
+// configuration are:
+//
+//	* AWS_CSM_PORT=<port number>
+//	  The port number the CSM agent will receive metrics on.
+//
+//	* AWS_CSM_HOST=<hostname or ip>
+//	  The hostname, or IP address the CSM agent will receive metrics on.
+//	  Without port number.
+//
+// Manually enabling the CSM client
+//
+// The CSM client can be started, paused, and resumed manually. The Start
+// function will enable the CSM client to publish metrics to the CSM agent. It
+// is safe to call Start concurrently, but if Start is called additional times
+// with different ClientID or address it will panic.
+//
+//		r, err := csm.Start("clientID", ":31000")
+//		if err != nil {
+//			panic(fmt.Errorf("failed starting CSM:  %v", err))
+//		}
+//
+// When controlling the CSM client manually, you must also inject its request
+// handlers into the SDK's Session configuration for the SDK's API clients to
+// publish metrics.
+//
+//		sess, err := session.NewSession(&aws.Config{})
+//		if err != nil {
+//			panic(fmt.Errorf("failed loading session: %v", err))
+//		}
+//
+//		// Add CSM client's metric publishing request handlers to the SDK's
+//		// Session Configuration.
+//		r.InjectHandlers(&sess.Handlers)
+//
+// Controlling CSM client
+//
+// Once the CSM client has been enabled the Get function will return a Reporter
+// value that you can use to pause and resume the metrics published to the CSM
+// agent. If Get function is called before the reporter is enabled with the
+// Start function or via SDK's Session configuration nil will be returned.
+//
+// The Pause method can be called to stop the CSM client publishing metrics to
+// the CSM agent. The Continue method will resume metric publishing.
+//
+//		// Get the CSM client Reporter.
+//		r := csm.Get()
+//
+//		// Will pause monitoring
+//		r.Pause()
+//		resp, err = client.GetObject(&s3.GetObjectInput{
+//			Bucket: aws.String("bucket"),
+//			Key: aws.String("key"),
+//		})
+//
+//		// Resume monitoring
+//		r.Continue()
+package csm
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
new file mode 100644
index 0000000000000..4b19e2800e3c8
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
@@ -0,0 +1,89 @@
+package csm
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+)
+
+var (
+	lock sync.Mutex
+)
+
+const (
+	// DefaultPort is used when no port is specified.
+	DefaultPort = "31000"
+
+	// DefaultHost is the host that will be used when none is specified.
+	DefaultHost = "127.0.0.1"
+)
+
+// AddressWithDefaults returns a CSM address built from the host and port
+// values. If the host or port is not set, default values will be used
+// instead. If host is "localhost" it will be replaced with "127.0.0.1".
+func AddressWithDefaults(host, port string) string {
+	if len(host) == 0 || strings.EqualFold(host, "localhost") {
+		host = DefaultHost
+	}
+
+	if len(port) == 0 {
+		port = DefaultPort
+	}
+
+	// Only IP6 host can contain a colon
+	if strings.Contains(host, ":") {
+		return "[" + host + "]:" + port
+	}
+
+	return host + ":" + port
+}
+
+// Start will start a long running go routine to capture
+// client side metrics. Calling start multiple time will only
+// start the metric listener once and will panic if a different
+// client ID or port is passed in.
+//
+//		r, err := csm.Start("clientID", "127.0.0.1:31000")
+//		if err != nil {
+//			panic(fmt.Errorf("expected no error, but received %v", err))
+//		}
+//		sess := session.NewSession()
+//		r.InjectHandlers(sess.Handlers)
+//
+//		svc := s3.New(sess)
+//		out, err := svc.GetObject(&s3.GetObjectInput{
+//			Bucket: aws.String("bucket"),
+//			Key: aws.String("key"),
+//		})
+func Start(clientID string, url string) (*Reporter, error) {
+	lock.Lock()
+	defer lock.Unlock()
+
+	if sender == nil {
+		sender = newReporter(clientID, url)
+	} else {
+		if sender.clientID != clientID {
+			panic(fmt.Errorf("inconsistent client IDs. %q was expected, but received %q", sender.clientID, clientID))
+		}
+
+		if sender.url != url {
+			panic(fmt.Errorf("inconsistent URLs. %q was expected, but received %q", sender.url, url))
+		}
+	}
+
+	if err := connect(url); err != nil {
+		sender = nil
+		return nil, err
+	}
+
+	return sender, nil
+}
+
+// Get will return a reporter if one exists, if one does not exist, nil will
+// be returned.
+func Get() *Reporter {
+	lock.Lock()
+	defer lock.Unlock()
+
+	return sender
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
new file mode 100644
index 0000000000000..5bacc791a1e9b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
@@ -0,0 +1,109 @@
+package csm
+
+import (
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+type metricTime time.Time
+
+func (t metricTime) MarshalJSON() ([]byte, error) {
+	ns := time.Duration(time.Time(t).UnixNano())
+	return []byte(strconv.FormatInt(int64(ns/time.Millisecond), 10)), nil
+}
+
+type metric struct {
+	ClientID  *string     `json:"ClientId,omitempty"`
+	API       *string     `json:"Api,omitempty"`
+	Service   *string     `json:"Service,omitempty"`
+	Timestamp *metricTime `json:"Timestamp,omitempty"`
+	Type      *string     `json:"Type,omitempty"`
+	Version   *int        `json:"Version,omitempty"`
+
+	AttemptCount *int `json:"AttemptCount,omitempty"`
+	Latency      *int `json:"Latency,omitempty"`
+
+	Fqdn           *string `json:"Fqdn,omitempty"`
+	UserAgent      *string `json:"UserAgent,omitempty"`
+	AttemptLatency *int    `json:"AttemptLatency,omitempty"`
+
+	SessionToken   *string `json:"SessionToken,omitempty"`
+	Region         *string `json:"Region,omitempty"`
+	AccessKey      *string `json:"AccessKey,omitempty"`
+	HTTPStatusCode *int    `json:"HttpStatusCode,omitempty"`
+	XAmzID2        *string `json:"XAmzId2,omitempty"`
+	XAmzRequestID  *string `json:"XAmznRequestId,omitempty"`
+
+	AWSException        *string `json:"AwsException,omitempty"`
+	AWSExceptionMessage *string `json:"AwsExceptionMessage,omitempty"`
+	SDKException        *string `json:"SdkException,omitempty"`
+	SDKExceptionMessage *string `json:"SdkExceptionMessage,omitempty"`
+
+	FinalHTTPStatusCode      *int    `json:"FinalHttpStatusCode,omitempty"`
+	FinalAWSException        *string `json:"FinalAwsException,omitempty"`
+	FinalAWSExceptionMessage *string `json:"FinalAwsExceptionMessage,omitempty"`
+	FinalSDKException        *string `json:"FinalSdkException,omitempty"`
+	FinalSDKExceptionMessage *string `json:"FinalSdkExceptionMessage,omitempty"`
+
+	DestinationIP    *string `json:"DestinationIp,omitempty"`
+	ConnectionReused *int    `json:"ConnectionReused,omitempty"`
+
+	AcquireConnectionLatency *int `json:"AcquireConnectionLatency,omitempty"`
+	ConnectLatency           *int `json:"ConnectLatency,omitempty"`
+	RequestLatency           *int `json:"RequestLatency,omitempty"`
+	DNSLatency               *int `json:"DnsLatency,omitempty"`
+	TCPLatency               *int `json:"TcpLatency,omitempty"`
+	SSLLatency               *int `json:"SslLatency,omitempty"`
+
+	MaxRetriesExceeded *int `json:"MaxRetriesExceeded,omitempty"`
+}
+
+func (m *metric) TruncateFields() {
+	m.ClientID = truncateString(m.ClientID, 255)
+	m.UserAgent = truncateString(m.UserAgent, 256)
+
+	m.AWSException = truncateString(m.AWSException, 128)
+	m.AWSExceptionMessage = truncateString(m.AWSExceptionMessage, 512)
+
+	m.SDKException = truncateString(m.SDKException, 128)
+	m.SDKExceptionMessage = truncateString(m.SDKExceptionMessage, 512)
+
+	m.FinalAWSException = truncateString(m.FinalAWSException, 128)
+	m.FinalAWSExceptionMessage = truncateString(m.FinalAWSExceptionMessage, 512)
+
+	m.FinalSDKException = truncateString(m.FinalSDKException, 128)
+	m.FinalSDKExceptionMessage = truncateString(m.FinalSDKExceptionMessage, 512)
+}
+
+func truncateString(v *string, l int) *string {
+	if v != nil && len(*v) > l {
+		nv := (*v)[:l]
+		return &nv
+	}
+
+	return v
+}
+
+func (m *metric) SetException(e metricException) {
+	switch te := e.(type) {
+	case awsException:
+		m.AWSException = aws.String(te.exception)
+		m.AWSExceptionMessage = aws.String(te.message)
+	case sdkException:
+		m.SDKException = aws.String(te.exception)
+		m.SDKExceptionMessage = aws.String(te.message)
+	}
+}
+
+func (m *metric) SetFinalException(e metricException) {
+	switch te := e.(type) {
+	case awsException:
+		m.FinalAWSException = aws.String(te.exception)
+		m.FinalAWSExceptionMessage = aws.String(te.message)
+	case sdkException:
+		m.FinalSDKException = aws.String(te.exception)
+		m.FinalSDKExceptionMessage = aws.String(te.message)
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
new file mode 100644
index 0000000000000..82a3e345e936a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
@@ -0,0 +1,55 @@
+package csm
+
+import (
+	"sync/atomic"
+)
+
+const (
+	runningEnum = iota
+	pausedEnum
+)
+
+var (
+	// MetricsChannelSize of metrics to hold in the channel
+	MetricsChannelSize = 100
+)
+
+type metricChan struct {
+	ch     chan metric
+	paused *int64
+}
+
+func newMetricChan(size int) metricChan {
+	return metricChan{
+		ch:     make(chan metric, size),
+		paused: new(int64),
+	}
+}
+
+func (ch *metricChan) Pause() {
+	atomic.StoreInt64(ch.paused, pausedEnum)
+}
+
+func (ch *metricChan) Continue() {
+	atomic.StoreInt64(ch.paused, runningEnum)
+}
+
+func (ch *metricChan) IsPaused() bool {
+	v := atomic.LoadInt64(ch.paused)
+	return v == pausedEnum
+}
+
+// Push will push metrics to the metric channel if the channel
+// is not paused
+func (ch *metricChan) Push(m metric) bool {
+	if ch.IsPaused() {
+		return false
+	}
+
+	select {
+	case ch.ch <- m:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
new file mode 100644
index 0000000000000..54a99280ce9c1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
@@ -0,0 +1,26 @@
+package csm
+
+type metricException interface {
+	Exception() string
+	Message() string
+}
+
+type requestException struct {
+	exception string
+	message   string
+}
+
+func (e requestException) Exception() string {
+	return e.exception
+}
+func (e requestException) Message() string {
+	return e.message
+}
+
+type awsException struct {
+	requestException
+}
+
+type sdkException struct {
+	requestException
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
new file mode 100644
index 0000000000000..835bcd49cbaf1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
@@ -0,0 +1,264 @@
+package csm
+
+import (
+	"encoding/json"
+	"net"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// Reporter will gather metrics of API requests made and
+// send those metrics to the CSM endpoint.
+type Reporter struct {
+	clientID  string
+	url       string
+	conn      net.Conn
+	metricsCh metricChan
+	done      chan struct{}
+}
+
+var (
+	sender *Reporter
+)
+
+func connect(url string) error {
+	const network = "udp"
+	if err := sender.connect(network, url); err != nil {
+		return err
+	}
+
+	if sender.done == nil {
+		sender.done = make(chan struct{})
+		go sender.start()
+	}
+
+	return nil
+}
+
+func newReporter(clientID, url string) *Reporter {
+	return &Reporter{
+		clientID:  clientID,
+		url:       url,
+		metricsCh: newMetricChan(MetricsChannelSize),
+	}
+}
+
+func (rep *Reporter) sendAPICallAttemptMetric(r *request.Request) {
+	if rep == nil {
+		return
+	}
+
+	now := time.Now()
+	creds, _ := r.Config.Credentials.Get()
+
+	m := metric{
+		ClientID:  aws.String(rep.clientID),
+		API:       aws.String(r.Operation.Name),
+		Service:   aws.String(r.ClientInfo.ServiceID),
+		Timestamp: (*metricTime)(&now),
+		UserAgent: aws.String(r.HTTPRequest.Header.Get("User-Agent")),
+		Region:    r.Config.Region,
+		Type:      aws.String("ApiCallAttempt"),
+		Version:   aws.Int(1),
+
+		XAmzRequestID: aws.String(r.RequestID),
+
+		AttemptLatency: aws.Int(int(now.Sub(r.AttemptTime).Nanoseconds() / int64(time.Millisecond))),
+		AccessKey:      aws.String(creds.AccessKeyID),
+	}
+
+	if r.HTTPResponse != nil {
+		m.HTTPStatusCode = aws.Int(r.HTTPResponse.StatusCode)
+	}
+
+	if r.Error != nil {
+		if awserr, ok := r.Error.(awserr.Error); ok {
+			m.SetException(getMetricException(awserr))
+		}
+	}
+
+	m.TruncateFields()
+	rep.metricsCh.Push(m)
+}
+
+func getMetricException(err awserr.Error) metricException {
+	msg := err.Error()
+	code := err.Code()
+
+	switch code {
+	case request.ErrCodeRequestError,
+		request.ErrCodeSerialization,
+		request.CanceledErrorCode:
+		return sdkException{
+			requestException{exception: code, message: msg},
+		}
+	default:
+		return awsException{
+			requestException{exception: code, message: msg},
+		}
+	}
+}
+
+func (rep *Reporter) sendAPICallMetric(r *request.Request) {
+	if rep == nil {
+		return
+	}
+
+	now := time.Now()
+	m := metric{
+		ClientID:           aws.String(rep.clientID),
+		API:                aws.String(r.Operation.Name),
+		Service:            aws.String(r.ClientInfo.ServiceID),
+		Timestamp:          (*metricTime)(&now),
+		UserAgent:          aws.String(r.HTTPRequest.Header.Get("User-Agent")),
+		Type:               aws.String("ApiCall"),
+		AttemptCount:       aws.Int(r.RetryCount + 1),
+		Region:             r.Config.Region,
+		Latency:            aws.Int(int(time.Since(r.Time) / time.Millisecond)),
+		XAmzRequestID:      aws.String(r.RequestID),
+		MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())),
+	}
+
+	if r.HTTPResponse != nil {
+		m.FinalHTTPStatusCode = aws.Int(r.HTTPResponse.StatusCode)
+	}
+
+	if r.Error != nil {
+		if awserr, ok := r.Error.(awserr.Error); ok {
+			m.SetFinalException(getMetricException(awserr))
+		}
+	}
+
+	m.TruncateFields()
+
+	// TODO: Probably want to figure something out for logging dropped
+	// metrics
+	rep.metricsCh.Push(m)
+}
+
+func (rep *Reporter) connect(network, url string) error {
+	if rep.conn != nil {
+		rep.conn.Close()
+	}
+
+	conn, err := net.Dial(network, url)
+	if err != nil {
+		return awserr.New("UDPError", "Could not connect", err)
+	}
+
+	rep.conn = conn
+
+	return nil
+}
+
+func (rep *Reporter) close() {
+	if rep.done != nil {
+		close(rep.done)
+	}
+
+	rep.metricsCh.Pause()
+}
+
+func (rep *Reporter) start() {
+	defer func() {
+		rep.metricsCh.Pause()
+	}()
+
+	for {
+		select {
+		case <-rep.done:
+			rep.done = nil
+			return
+		case m := <-rep.metricsCh.ch:
+			// TODO: What to do with this error? Probably should just log
+			b, err := json.Marshal(m)
+			if err != nil {
+				continue
+			}
+
+			rep.conn.Write(b)
+		}
+	}
+}
+
+// Pause will pause the metric channel preventing any new metrics from being
+// added. It is safe to call concurrently with other calls to Pause, but if
+// called concurently with Continue can lead to unexpected state.
+func (rep *Reporter) Pause() {
+	lock.Lock()
+	defer lock.Unlock()
+
+	if rep == nil {
+		return
+	}
+
+	rep.close()
+}
+
+// Continue will reopen the metric channel and allow for monitoring to be
+// resumed. It is safe to call concurrently with other calls to Continue, but
+// if called concurently with Pause can lead to unexpected state.
+func (rep *Reporter) Continue() {
+	lock.Lock()
+	defer lock.Unlock()
+	if rep == nil {
+		return
+	}
+
+	if !rep.metricsCh.IsPaused() {
+		return
+	}
+
+	rep.metricsCh.Continue()
+}
+
+// Client side metric handler names
+const (
+	APICallMetricHandlerName        = "awscsm.SendAPICallMetric"
+	APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
+)
+
+// InjectHandlers will will enable client side metrics and inject the proper
+// handlers to handle how metrics are sent.
+//
+// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers
+// multiple times may lead to unexpected behavior, (e.g. duplicate metrics).
+//
+//		// Start must be called in order to inject the correct handlers
+//		r, err := csm.Start("clientID", "127.0.0.1:8094")
+//		if err != nil {
+//			panic(fmt.Errorf("expected no error, but received %v", err))
+//		}
+//
+//		sess := session.NewSession()
+//		r.InjectHandlers(&sess.Handlers)
+//
+//		// create a new service client with our client side metric session
+//		svc := s3.New(sess)
+func (rep *Reporter) InjectHandlers(handlers *request.Handlers) {
+	if rep == nil {
+		return
+	}
+
+	handlers.Complete.PushFrontNamed(request.NamedHandler{
+		Name: APICallMetricHandlerName,
+		Fn:   rep.sendAPICallMetric,
+	})
+
+	handlers.CompleteAttempt.PushFrontNamed(request.NamedHandler{
+		Name: APICallAttemptMetricHandlerName,
+		Fn:   rep.sendAPICallAttemptMetric,
+	})
+}
+
+// boolIntValue return 1 for true and 0 for false.
+func boolIntValue(b bool) int {
+	if b {
+		return 1
+	}
+
+	return 0
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
index 2cb08182fb035..23bb639e01867 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
@@ -24,6 +24,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
 // A Defaults provides a collection of default values for SDK clients.
@@ -73,6 +74,7 @@ func Handlers() request.Handlers {
 	handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler)
 	handlers.Validate.AfterEachFn = request.HandlerListStopOnError
 	handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
+	handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander)
 	handlers.Build.AfterEachFn = request.HandlerListStopOnError
 	handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler)
 	handlers.Send.PushBackNamed(corehandlers.ValidateReqSigHandler)
@@ -91,17 +93,28 @@ func Handlers() request.Handlers {
 func CredChain(cfg *aws.Config, handlers request.Handlers) *credentials.Credentials {
 	return credentials.NewCredentials(&credentials.ChainProvider{
 		VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
-		Providers: []credentials.Provider{
-			&credentials.EnvProvider{},
-			&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
-			RemoteCredProvider(*cfg, handlers),
-		},
+		Providers:     CredProviders(cfg, handlers),
 	})
 }
 
+// CredProviders returns the slice of providers used in
+// the default credential chain.
+//
+// For applications that need to use some other provider (for example use
+// different  environment variables for legacy reasons) but still fall back
+// on the default chain of providers. This allows that default chaint to be
+// automatically updated
+func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Provider {
+	return []credentials.Provider{
+		&credentials.EnvProvider{},
+		&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
+		RemoteCredProvider(*cfg, handlers),
+	}
+}
+
 const (
-	httpProviderEnvVar     = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
-	ecsCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+	httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
+	httpProviderEnvVar              = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
 )
 
 // RemoteCredProvider returns a credentials provider for the default remote
@@ -111,8 +124,8 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P
 		return localHTTPCredProvider(cfg, handlers, u)
 	}
 
-	if uri := os.Getenv(ecsCredsProviderEnvVar); len(uri) > 0 {
-		u := fmt.Sprintf("http://169.254.170.2%s", uri)
+	if uri := os.Getenv(shareddefaults.ECSCredsProviderEnvVar); len(uri) > 0 {
+		u := fmt.Sprintf("%s%s", shareddefaults.ECSContainerCredentialsURI, uri)
 		return httpCredProvider(cfg, handlers, u)
 	}
 
@@ -175,6 +188,7 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede
 	return endpointcreds.NewProviderClient(cfg, handlers, u,
 		func(p *endpointcreds.Provider) {
 			p.ExpiryWindow = 5 * time.Minute
+			p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
 		},
 	)
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
index 984407a580f47..12897eef6265c 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
@@ -4,28 +4,63 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"path"
+	"strconv"
 	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkuri"
 )
 
+// getToken uses the duration to return a token for EC2 metadata service,
+// or an error if the request failed.
+func (c *EC2Metadata) getToken(duration time.Duration) (tokenOutput, error) {
+	op := &request.Operation{
+		Name:       "GetToken",
+		HTTPMethod: "PUT",
+		HTTPPath:   "/api/token",
+	}
+
+	var output tokenOutput
+	req := c.NewRequest(op, nil, &output)
+
+	// remove the fetch token handler from the request handlers to avoid infinite recursion
+	req.Handlers.Sign.RemoveByName(fetchTokenHandlerName)
+
+	// Swap the unmarshalMetadataHandler with unmarshalTokenHandler on this request.
+	req.Handlers.Unmarshal.Swap(unmarshalMetadataHandlerName, unmarshalTokenHandler)
+
+	ttl := strconv.FormatInt(int64(duration/time.Second), 10)
+	req.HTTPRequest.Header.Set(ttlHeader, ttl)
+
+	err := req.Send()
+
+	// Errors with bad request status should be returned.
+	if err != nil {
+		err = awserr.NewRequestFailure(
+			awserr.New(req.HTTPResponse.Status, http.StatusText(req.HTTPResponse.StatusCode), err),
+			req.HTTPResponse.StatusCode, req.RequestID)
+	}
+
+	return output, err
+}
+
 // GetMetadata uses the path provided to request information from the EC2
-// instance metdata service. The content will be returned as a string, or
+// instance metadata service. The content will be returned as a string, or
 // error if the request failed.
 func (c *EC2Metadata) GetMetadata(p string) (string, error) {
 	op := &request.Operation{
 		Name:       "GetMetadata",
 		HTTPMethod: "GET",
-		HTTPPath:   path.Join("/", "meta-data", p),
+		HTTPPath:   sdkuri.PathJoin("/meta-data", p),
 	}
-
 	output := &metadataOutput{}
+
 	req := c.NewRequest(op, nil, output)
 
-	return output.Content, req.Send()
+	err := req.Send()
+	return output.Content, err
 }
 
 // GetUserData returns the userdata that was configured for the service. If
@@ -35,18 +70,14 @@ func (c *EC2Metadata) GetUserData() (string, error) {
 	op := &request.Operation{
 		Name:       "GetUserData",
 		HTTPMethod: "GET",
-		HTTPPath:   path.Join("/", "user-data"),
+		HTTPPath:   "/user-data",
 	}
 
 	output := &metadataOutput{}
 	req := c.NewRequest(op, nil, output)
-	req.Handlers.UnmarshalError.PushBack(func(r *request.Request) {
-		if r.HTTPResponse.StatusCode == http.StatusNotFound {
-			r.Error = awserr.New("NotFoundError", "user-data not found", r.Error)
-		}
-	})
 
-	return output.Content, req.Send()
+	err := req.Send()
+	return output.Content, err
 }
 
 // GetDynamicData uses the path provided to request information from the EC2
@@ -56,13 +87,14 @@ func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
 	op := &request.Operation{
 		Name:       "GetDynamicData",
 		HTTPMethod: "GET",
-		HTTPPath:   path.Join("/", "dynamic", p),
+		HTTPPath:   sdkuri.PathJoin("/dynamic", p),
 	}
 
 	output := &metadataOutput{}
 	req := c.NewRequest(op, nil, output)
 
-	return output.Content, req.Send()
+	err := req.Send()
+	return output.Content, err
 }
 
 // GetInstanceIdentityDocument retrieves an identity document describing an
@@ -79,7 +111,7 @@ func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument
 	doc := EC2InstanceIdentityDocument{}
 	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil {
 		return EC2InstanceIdentityDocument{},
-			awserr.New("SerializationError",
+			awserr.New(request.ErrCodeSerialization,
 				"failed to decode EC2 instance identity document", err)
 	}
 
@@ -98,7 +130,7 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
 	info := EC2IAMInfo{}
 	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil {
 		return EC2IAMInfo{},
-			awserr.New("SerializationError",
+			awserr.New(request.ErrCodeSerialization,
 				"failed to decode EC2 IAM info", err)
 	}
 
@@ -113,13 +145,17 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
 
 // Region returns the region the instance is running in.
 func (c *EC2Metadata) Region() (string, error) {
-	resp, err := c.GetMetadata("placement/availability-zone")
+	ec2InstanceIdentityDocument, err := c.GetInstanceIdentityDocument()
 	if err != nil {
 		return "", err
 	}
-
-	// returns region without the suffix. Eg: us-west-2a becomes us-west-2
-	return resp[:len(resp)-1], nil
+	// extract region from the ec2InstanceIdentityDocument
+	region := ec2InstanceIdentityDocument.Region
+	if len(region) == 0 {
+		return "", awserr.New("EC2MetadataError", "invalid region received for ec2metadata instance", nil)
+	}
+	// returns region
+	return region, nil
 }
 
 // Available returns if the application has access to the EC2 Metadata service.
@@ -145,18 +181,19 @@ type EC2IAMInfo struct {
 // An EC2InstanceIdentityDocument provides the shape for unmarshaling
 // an instance identity document
 type EC2InstanceIdentityDocument struct {
-	DevpayProductCodes []string  `json:"devpayProductCodes"`
-	AvailabilityZone   string    `json:"availabilityZone"`
-	PrivateIP          string    `json:"privateIp"`
-	Version            string    `json:"version"`
-	Region             string    `json:"region"`
-	InstanceID         string    `json:"instanceId"`
-	BillingProducts    []string  `json:"billingProducts"`
-	InstanceType       string    `json:"instanceType"`
-	AccountID          string    `json:"accountId"`
-	PendingTime        time.Time `json:"pendingTime"`
-	ImageID            string    `json:"imageId"`
-	KernelID           string    `json:"kernelId"`
-	RamdiskID          string    `json:"ramdiskId"`
-	Architecture       string    `json:"architecture"`
+	DevpayProductCodes      []string  `json:"devpayProductCodes"`
+	MarketplaceProductCodes []string  `json:"marketplaceProductCodes"`
+	AvailabilityZone        string    `json:"availabilityZone"`
+	PrivateIP               string    `json:"privateIp"`
+	Version                 string    `json:"version"`
+	Region                  string    `json:"region"`
+	InstanceID              string    `json:"instanceId"`
+	BillingProducts         []string  `json:"billingProducts"`
+	InstanceType            string    `json:"instanceType"`
+	AccountID               string    `json:"accountId"`
+	PendingTime             time.Time `json:"pendingTime"`
+	ImageID                 string    `json:"imageId"`
+	KernelID                string    `json:"kernelId"`
+	RamdiskID               string    `json:"ramdiskId"`
+	Architecture            string    `json:"architecture"`
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
index 5b4379dbd8ed0..b8b2940d74460 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
@@ -1,5 +1,10 @@
 // Package ec2metadata provides the client for making API calls to the
 // EC2 Metadata service.
+//
+// This package's client can be disabled completely by setting the environment
+// variable "AWS_EC2_METADATA_DISABLED=true". This environment variable set to
+// true instructs the SDK to disable the EC2 Metadata client. The client cannot
+// be used while the environment variable is set to true, (case insensitive).
 package ec2metadata
 
 import (
@@ -7,17 +12,38 @@ import (
 	"errors"
 	"io"
 	"net/http"
+	"os"
+	"strconv"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/corehandlers"
 	"github.com/aws/aws-sdk-go/aws/request"
 )
 
-// ServiceName is the name of the service.
-const ServiceName = "ec2metadata"
+const (
+	// ServiceName is the name of the service.
+	ServiceName          = "ec2metadata"
+	disableServiceEnvVar = "AWS_EC2_METADATA_DISABLED"
+
+	// Headers for Token and TTL
+	ttlHeader   = "x-aws-ec2-metadata-token-ttl-seconds"
+	tokenHeader = "x-aws-ec2-metadata-token"
+
+	// Named Handler constants
+	fetchTokenHandlerName          = "FetchTokenHandler"
+	unmarshalMetadataHandlerName   = "unmarshalMetadataHandler"
+	unmarshalTokenHandlerName      = "unmarshalTokenHandler"
+	enableTokenProviderHandlerName = "enableTokenProviderHandler"
+
+	// TTL constants
+	defaultTTL = 21600 * time.Second
+	ttlExpirationWindow = 30 * time.Second
+)
 
 // A EC2Metadata is an EC2 Metadata service Client.
 type EC2Metadata struct {
@@ -54,8 +80,10 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 			// use a shorter timeout than default because the metadata
 			// service is local if it is running, and to fail faster
 			// if not running on an ec2 instance.
-			Timeout: 5 * time.Second,
+			Timeout: 1 * time.Second,
 		}
+		// max number of retries on the client operation
+		cfg.MaxRetries = aws.Int(2)
 	}
 
 	svc := &EC2Metadata{
@@ -63,6 +91,7 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 			cfg,
 			metadata.ClientInfo{
 				ServiceName: ServiceName,
+				ServiceID:   ServiceName,
 				Endpoint:    endpoint,
 				APIVersion:  "latest",
 			},
@@ -70,16 +99,47 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 		),
 	}
 
-	svc.Handlers.Unmarshal.PushBack(unmarshalHandler)
+	// token provider instance
+	tp := newTokenProvider(svc, defaultTTL)
+
+	// NamedHandler for fetching token
+	svc.Handlers.Sign.PushBackNamed(request.NamedHandler{
+		Name: fetchTokenHandlerName,
+		Fn:   tp.fetchTokenHandler,
+	})
+	// NamedHandler for enabling token provider
+	svc.Handlers.Complete.PushBackNamed(request.NamedHandler{
+		Name: enableTokenProviderHandlerName,
+		Fn:   tp.enableTokenProviderHandler,
+	})
+
+	svc.Handlers.Unmarshal.PushBackNamed(unmarshalHandler)
 	svc.Handlers.UnmarshalError.PushBack(unmarshalError)
 	svc.Handlers.Validate.Clear()
 	svc.Handlers.Validate.PushBack(validateEndpointHandler)
 
+	// Disable the EC2 Metadata service if the environment variable is set.
+	// This short-circuits the service's functionality to always fail to send
+	// requests.
+	if strings.ToLower(os.Getenv(disableServiceEnvVar)) == "true" {
+		svc.Handlers.Send.SwapNamed(request.NamedHandler{
+			Name: corehandlers.SendHandler.Name,
+			Fn: func(r *request.Request) {
+				r.HTTPResponse = &http.Response{
+					Header: http.Header{},
+				}
+				r.Error = awserr.New(
+					request.CanceledErrorCode,
+					"EC2 IMDS access disabled via "+disableServiceEnvVar+" env var",
+					nil)
+			},
+		})
+	}
+
 	// Add additional options to the service config
 	for _, option := range opts {
 		option(svc.Client)
 	}
-
 	return svc
 }
 
@@ -91,30 +151,74 @@ type metadataOutput struct {
 	Content string
 }
 
-func unmarshalHandler(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-	b := &bytes.Buffer{}
-	if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
-		r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata respose", err)
-		return
-	}
+type tokenOutput struct {
+	Token string
+	TTL   time.Duration
+}
 
-	if data, ok := r.Data.(*metadataOutput); ok {
-		data.Content = b.String()
-	}
+// unmarshal token handler is used to parse the response of a getToken operation
+var unmarshalTokenHandler = request.NamedHandler{
+	Name: unmarshalTokenHandlerName,
+	Fn: func(r *request.Request) {
+		defer r.HTTPResponse.Body.Close()
+		var b bytes.Buffer
+		if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+			r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
+				"unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
+			return
+		}
+
+		v := r.HTTPResponse.Header.Get(ttlHeader)
+		data, ok := r.Data.(*tokenOutput)
+		if !ok {
+			return
+		}
+
+		data.Token = b.String()
+		// TTL is in seconds
+		i, err := strconv.ParseInt(v, 10, 64)
+		if err != nil {
+			r.Error = awserr.NewRequestFailure(awserr.New(request.ParamFormatErrCode,
+				"unable to parse EC2 token TTL response", err), r.HTTPResponse.StatusCode, r.RequestID)
+			return
+		}
+		t := time.Duration(i) * time.Second
+		data.TTL = t
+	},
+}
+
+var unmarshalHandler = request.NamedHandler{
+	Name: unmarshalMetadataHandlerName,
+	Fn: func(r *request.Request) {
+		defer r.HTTPResponse.Body.Close()
+		var b bytes.Buffer
+		if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+			r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
+				"unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
+			return
+		}
+
+		if data, ok := r.Data.(*metadataOutput); ok {
+			data.Content = b.String()
+		}
+	},
 }
 
 func unmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
-	b := &bytes.Buffer{}
-	if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
-		r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata error respose", err)
+	var b bytes.Buffer
+
+	if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error response", err),
+			r.HTTPResponse.StatusCode, r.RequestID)
 		return
 	}
 
 	// Response body format is not consistent between metadata endpoints.
 	// Grab the error message as a string and include that as the source error
-	r.Error = awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String()))
+	r.Error = awserr.NewRequestFailure(awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String())),
+		r.HTTPResponse.StatusCode, r.RequestID)
 }
 
 func validateEndpointHandler(r *request.Request) {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
new file mode 100644
index 0000000000000..663372a9154ec
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
@@ -0,0 +1,92 @@
+package ec2metadata
+
+import (
+	"net/http"
+	"sync/atomic"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// A tokenProvider struct provides access to EC2Metadata client
+// and atomic instance of a token, along with configuredTTL for it.
+// tokenProvider also provides an atomic flag to disable the
+// fetch token operation.
+// The disabled member will use 0 as false, and 1 as true.
+type tokenProvider struct {
+	client        *EC2Metadata
+	token         atomic.Value
+	configuredTTL time.Duration
+	disabled      uint32
+}
+
+// A ec2Token struct helps use of token in EC2 Metadata service ops
+type ec2Token struct {
+	token string
+	credentials.Expiry
+}
+
+// newTokenProvider provides a pointer to a tokenProvider instance
+func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider {
+	return &tokenProvider{client: c, configuredTTL: duration}
+}
+
+// fetchTokenHandler fetches token for EC2Metadata service client by default.
+func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
+
+	// short-circuits to insecure data flow if tokenProvider is disabled.
+	if v := atomic.LoadUint32(&t.disabled); v == 1 {
+		return
+	}
+
+	if ec2Token, ok := t.token.Load().(ec2Token); ok && !ec2Token.IsExpired() {
+		r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
+		return
+	}
+
+	output, err := t.client.getToken(t.configuredTTL)
+
+	if err != nil {
+
+		// change the disabled flag on token provider to true,
+		// when error is request timeout error.
+		if requestFailureError, ok := err.(awserr.RequestFailure); ok {
+			switch requestFailureError.StatusCode() {
+			case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
+				atomic.StoreUint32(&t.disabled, 1)
+			case http.StatusBadRequest:
+				r.Error = requestFailureError
+			}
+
+			// Check if request timed out while waiting for response
+			if e, ok := requestFailureError.OrigErr().(awserr.Error); ok {
+				if e.Code() == request.ErrCodeRequestError {
+					atomic.StoreUint32(&t.disabled, 1)
+				}
+			}
+		}
+		return
+	}
+
+	newToken := ec2Token{
+		token: output.Token,
+	}
+	newToken.SetExpiration(time.Now().Add(output.TTL), ttlExpirationWindow)
+	t.token.Store(newToken)
+
+	// Inject token header to the request.
+	if ec2Token, ok := t.token.Load().(ec2Token); ok {
+		r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
+	}
+}
+
+// enableTokenProviderHandler enables the token provider
+func (t *tokenProvider) enableTokenProviderHandler(r *request.Request) {
+	// If the error code status is 401, we enable the token provider
+	if e, ok := r.Error.(awserr.RequestFailure); ok && e != nil &&
+		e.StatusCode() == http.StatusUnauthorized {
+		atomic.StoreUint32(&t.disabled, 0)
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
index 74f72de07356e..343a2106f81a4 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
@@ -83,7 +83,10 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
 		p := &ps[i]
 		custAddEC2Metadata(p)
 		custAddS3DualStack(p)
+		custRegionalS3(p)
 		custRmIotDataService(p)
+		custFixAppAutoscalingChina(p)
+		custFixAppAutoscalingUsGov(p)
 	}
 
 	return ps, nil
@@ -94,7 +97,39 @@ func custAddS3DualStack(p *partition) {
 		return
 	}
 
-	s, ok := p.Services["s3"]
+	custAddDualstack(p, "s3")
+	custAddDualstack(p, "s3-control")
+}
+
+func custRegionalS3(p *partition) {
+	if p.ID != "aws" {
+		return
+	}
+
+	service, ok := p.Services["s3"]
+	if !ok {
+		return
+	}
+
+	// If global endpoint already exists no customization needed.
+	if _, ok := service.Endpoints["aws-global"]; ok {
+		return
+	}
+
+	service.PartitionEndpoint = "aws-global"
+	service.Endpoints["us-east-1"] = endpoint{}
+	service.Endpoints["aws-global"] = endpoint{
+		Hostname: "s3.amazonaws.com",
+		CredentialScope: credentialScope{
+			Region: "us-east-1",
+		},
+	}
+
+	p.Services["s3"] = service
+}
+
+func custAddDualstack(p *partition, svcName string) {
+	s, ok := p.Services[svcName]
 	if !ok {
 		return
 	}
@@ -102,7 +137,7 @@ func custAddS3DualStack(p *partition) {
 	s.Defaults.HasDualStack = boxedTrue
 	s.Defaults.DualStackHostname = "{service}.dualstack.{region}.{dnsSuffix}"
 
-	p.Services["s3"] = s
+	p.Services[svcName] = s
 }
 
 func custAddEC2Metadata(p *partition) {
@@ -122,6 +157,54 @@ func custRmIotDataService(p *partition) {
 	delete(p.Services, "data.iot")
 }
 
+func custFixAppAutoscalingChina(p *partition) {
+	if p.ID != "aws-cn" {
+		return
+	}
+
+	const serviceName = "application-autoscaling"
+	s, ok := p.Services[serviceName]
+	if !ok {
+		return
+	}
+
+	const expectHostname = `autoscaling.{region}.amazonaws.com`
+	if e, a := s.Defaults.Hostname, expectHostname; e != a {
+		fmt.Printf("custFixAppAutoscalingChina: ignoring customization, expected %s, got %s\n", e, a)
+		return
+	}
+
+	s.Defaults.Hostname = expectHostname + ".cn"
+	p.Services[serviceName] = s
+}
+
+func custFixAppAutoscalingUsGov(p *partition) {
+	if p.ID != "aws-us-gov" {
+		return
+	}
+
+	const serviceName = "application-autoscaling"
+	s, ok := p.Services[serviceName]
+	if !ok {
+		return
+	}
+
+	if a := s.Defaults.CredentialScope.Service; a != "" {
+		fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty credential scope service, got %s\n", a)
+		return
+	}
+
+	if a := s.Defaults.Hostname; a != "" {
+		fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty hostname, got %s\n", a)
+		return
+	}
+
+	s.Defaults.CredentialScope.Service = "application-autoscaling"
+	s.Defaults.Hostname = "autoscaling.{region}.amazonaws.com"
+
+	p.Services[serviceName] = s
+}
+
 type decodeModelError struct {
 	awsError
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index 5470a8c080f79..9088b3e32ad14 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -11,10 +11,13 @@ const (
 	AwsPartitionID      = "aws"        // AWS Standard partition.
 	AwsCnPartitionID    = "aws-cn"     // AWS China partition.
 	AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition.
+	AwsIsoPartitionID   = "aws-iso"    // AWS ISO (US) partition.
+	AwsIsoBPartitionID  = "aws-iso-b"  // AWS ISOB (US) partition.
 )
 
 // AWS Standard partition's regions.
 const (
+	ApEast1RegionID      = "ap-east-1"      // Asia Pacific (Hong Kong).
 	ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo).
 	ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul).
 	ApSouth1RegionID     = "ap-south-1"     // Asia Pacific (Mumbai).
@@ -22,9 +25,11 @@ const (
 	ApSoutheast2RegionID = "ap-southeast-2" // Asia Pacific (Sydney).
 	CaCentral1RegionID   = "ca-central-1"   // Canada (Central).
 	EuCentral1RegionID   = "eu-central-1"   // EU (Frankfurt).
+	EuNorth1RegionID     = "eu-north-1"     // EU (Stockholm).
 	EuWest1RegionID      = "eu-west-1"      // EU (Ireland).
 	EuWest2RegionID      = "eu-west-2"      // EU (London).
 	EuWest3RegionID      = "eu-west-3"      // EU (Paris).
+	MeSouth1RegionID     = "me-south-1"     // Middle East (Bahrain).
 	SaEast1RegionID      = "sa-east-1"      // South America (Sao Paulo).
 	UsEast1RegionID      = "us-east-1"      // US East (N. Virginia).
 	UsEast2RegionID      = "us-east-2"      // US East (Ohio).
@@ -40,119 +45,22 @@ const (
 
 // AWS GovCloud (US) partition's regions.
 const (
+	UsGovEast1RegionID = "us-gov-east-1" // AWS GovCloud (US-East).
 	UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US).
 )
 
-// Service identifiers
+// AWS ISO (US) partition's regions.
 const (
-	AcmServiceID                          = "acm"                          // Acm.
-	ApiPricingServiceID                   = "api.pricing"                  // ApiPricing.
-	ApigatewayServiceID                   = "apigateway"                   // Apigateway.
-	ApplicationAutoscalingServiceID       = "application-autoscaling"      // ApplicationAutoscaling.
-	Appstream2ServiceID                   = "appstream2"                   // Appstream2.
-	AthenaServiceID                       = "athena"                       // Athena.
-	AutoscalingServiceID                  = "autoscaling"                  // Autoscaling.
-	BatchServiceID                        = "batch"                        // Batch.
-	BudgetsServiceID                      = "budgets"                      // Budgets.
-	ClouddirectoryServiceID               = "clouddirectory"               // Clouddirectory.
-	CloudformationServiceID               = "cloudformation"               // Cloudformation.
-	CloudfrontServiceID                   = "cloudfront"                   // Cloudfront.
-	CloudhsmServiceID                     = "cloudhsm"                     // Cloudhsm.
-	Cloudhsmv2ServiceID                   = "cloudhsmv2"                   // Cloudhsmv2.
-	CloudsearchServiceID                  = "cloudsearch"                  // Cloudsearch.
-	CloudtrailServiceID                   = "cloudtrail"                   // Cloudtrail.
-	CodebuildServiceID                    = "codebuild"                    // Codebuild.
-	CodecommitServiceID                   = "codecommit"                   // Codecommit.
-	CodedeployServiceID                   = "codedeploy"                   // Codedeploy.
-	CodepipelineServiceID                 = "codepipeline"                 // Codepipeline.
-	CodestarServiceID                     = "codestar"                     // Codestar.
-	CognitoIdentityServiceID              = "cognito-identity"             // CognitoIdentity.
-	CognitoIdpServiceID                   = "cognito-idp"                  // CognitoIdp.
-	CognitoSyncServiceID                  = "cognito-sync"                 // CognitoSync.
-	ConfigServiceID                       = "config"                       // Config.
-	CurServiceID                          = "cur"                          // Cur.
-	DatapipelineServiceID                 = "datapipeline"                 // Datapipeline.
-	DaxServiceID                          = "dax"                          // Dax.
-	DevicefarmServiceID                   = "devicefarm"                   // Devicefarm.
-	DirectconnectServiceID                = "directconnect"                // Directconnect.
-	DiscoveryServiceID                    = "discovery"                    // Discovery.
-	DmsServiceID                          = "dms"                          // Dms.
-	DsServiceID                           = "ds"                           // Ds.
-	DynamodbServiceID                     = "dynamodb"                     // Dynamodb.
-	Ec2ServiceID                          = "ec2"                          // Ec2.
-	Ec2metadataServiceID                  = "ec2metadata"                  // Ec2metadata.
-	EcrServiceID                          = "ecr"                          // Ecr.
-	EcsServiceID                          = "ecs"                          // Ecs.
-	ElasticacheServiceID                  = "elasticache"                  // Elasticache.
-	ElasticbeanstalkServiceID             = "elasticbeanstalk"             // Elasticbeanstalk.
-	ElasticfilesystemServiceID            = "elasticfilesystem"            // Elasticfilesystem.
-	ElasticloadbalancingServiceID         = "elasticloadbalancing"         // Elasticloadbalancing.
-	ElasticmapreduceServiceID             = "elasticmapreduce"             // Elasticmapreduce.
-	ElastictranscoderServiceID            = "elastictranscoder"            // Elastictranscoder.
-	EmailServiceID                        = "email"                        // Email.
-	EntitlementMarketplaceServiceID       = "entitlement.marketplace"      // EntitlementMarketplace.
-	EsServiceID                           = "es"                           // Es.
-	EventsServiceID                       = "events"                       // Events.
-	FirehoseServiceID                     = "firehose"                     // Firehose.
-	GameliftServiceID                     = "gamelift"                     // Gamelift.
-	GlacierServiceID                      = "glacier"                      // Glacier.
-	GlueServiceID                         = "glue"                         // Glue.
-	GreengrassServiceID                   = "greengrass"                   // Greengrass.
-	HealthServiceID                       = "health"                       // Health.
-	IamServiceID                          = "iam"                          // Iam.
-	ImportexportServiceID                 = "importexport"                 // Importexport.
-	InspectorServiceID                    = "inspector"                    // Inspector.
-	IotServiceID                          = "iot"                          // Iot.
-	KinesisServiceID                      = "kinesis"                      // Kinesis.
-	KinesisanalyticsServiceID             = "kinesisanalytics"             // Kinesisanalytics.
-	KmsServiceID                          = "kms"                          // Kms.
-	LambdaServiceID                       = "lambda"                       // Lambda.
-	LightsailServiceID                    = "lightsail"                    // Lightsail.
-	LogsServiceID                         = "logs"                         // Logs.
-	MachinelearningServiceID              = "machinelearning"              // Machinelearning.
-	MarketplacecommerceanalyticsServiceID = "marketplacecommerceanalytics" // Marketplacecommerceanalytics.
-	MeteringMarketplaceServiceID          = "metering.marketplace"         // MeteringMarketplace.
-	MghServiceID                          = "mgh"                          // Mgh.
-	MobileanalyticsServiceID              = "mobileanalytics"              // Mobileanalytics.
-	ModelsLexServiceID                    = "models.lex"                   // ModelsLex.
-	MonitoringServiceID                   = "monitoring"                   // Monitoring.
-	MturkRequesterServiceID               = "mturk-requester"              // MturkRequester.
-	OpsworksServiceID                     = "opsworks"                     // Opsworks.
-	OpsworksCmServiceID                   = "opsworks-cm"                  // OpsworksCm.
-	OrganizationsServiceID                = "organizations"                // Organizations.
-	PinpointServiceID                     = "pinpoint"                     // Pinpoint.
-	PollyServiceID                        = "polly"                        // Polly.
-	RdsServiceID                          = "rds"                          // Rds.
-	RedshiftServiceID                     = "redshift"                     // Redshift.
-	RekognitionServiceID                  = "rekognition"                  // Rekognition.
-	Route53ServiceID                      = "route53"                      // Route53.
-	Route53domainsServiceID               = "route53domains"               // Route53domains.
-	RuntimeLexServiceID                   = "runtime.lex"                  // RuntimeLex.
-	S3ServiceID                           = "s3"                           // S3.
-	SdbServiceID                          = "sdb"                          // Sdb.
-	ServicecatalogServiceID               = "servicecatalog"               // Servicecatalog.
-	ShieldServiceID                       = "shield"                       // Shield.
-	SmsServiceID                          = "sms"                          // Sms.
-	SnowballServiceID                     = "snowball"                     // Snowball.
-	SnsServiceID                          = "sns"                          // Sns.
-	SqsServiceID                          = "sqs"                          // Sqs.
-	SsmServiceID                          = "ssm"                          // Ssm.
-	StatesServiceID                       = "states"                       // States.
-	StoragegatewayServiceID               = "storagegateway"               // Storagegateway.
-	StreamsDynamodbServiceID              = "streams.dynamodb"             // StreamsDynamodb.
-	StsServiceID                          = "sts"                          // Sts.
-	SupportServiceID                      = "support"                      // Support.
-	SwfServiceID                          = "swf"                          // Swf.
-	TaggingServiceID                      = "tagging"                      // Tagging.
-	WafServiceID                          = "waf"                          // Waf.
-	WafRegionalServiceID                  = "waf-regional"                 // WafRegional.
-	WorkdocsServiceID                     = "workdocs"                     // Workdocs.
-	WorkspacesServiceID                   = "workspaces"                   // Workspaces.
-	XrayServiceID                         = "xray"                         // Xray.
+	UsIsoEast1RegionID = "us-iso-east-1" // US ISO East.
+)
+
+// AWS ISOB (US) partition's regions.
+const (
+	UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio).
 )
 
 // DefaultResolver returns an Endpoint resolver that will be able
-// to resolve endpoints for: AWS Standard, AWS China, and AWS GovCloud (US).
+// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
 //
 // Use DefaultPartitions() to get the list of the default partitions.
 func DefaultResolver() Resolver {
@@ -160,7 +68,7 @@ func DefaultResolver() Resolver {
 }
 
 // DefaultPartitions returns a list of the partitions the SDK is bundled
-// with. The available partitions are: AWS Standard, AWS China, and AWS GovCloud (US).
+// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
 //
 //    partitions := endpoints.DefaultPartitions
 //    for _, p := range partitions {
@@ -174,6 +82,8 @@ var defaultPartitions = partitions{
 	awsPartition,
 	awscnPartition,
 	awsusgovPartition,
+	awsisoPartition,
+	awsisobPartition,
 }
 
 // AwsPartition returns the Resolver for AWS Standard.
@@ -187,7 +97,7 @@ var awsPartition = partition{
 	DNSSuffix: "amazonaws.com",
 	RegionRegex: regionRegex{
 		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^(us|eu|ap|sa|ca)\\-\\w+\\-\\d+$")
+			reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me)\\-\\w+\\-\\d+$")
 			return reg
 		}(),
 	},
@@ -197,6 +107,9 @@ var awsPartition = partition{
 		SignatureVersions: []string{"v4"},
 	},
 	Regions: regions{
+		"ap-east-1": region{
+			Description: "Asia Pacific (Hong Kong)",
+		},
 		"ap-northeast-1": region{
 			Description: "Asia Pacific (Tokyo)",
 		},
@@ -218,6 +131,9 @@ var awsPartition = partition{
 		"eu-central-1": region{
 			Description: "EU (Frankfurt)",
 		},
+		"eu-north-1": region{
+			Description: "EU (Stockholm)",
+		},
 		"eu-west-1": region{
 			Description: "EU (Ireland)",
 		},
@@ -227,6 +143,9 @@ var awsPartition = partition{
 		"eu-west-3": region{
 			Description: "EU (Paris)",
 		},
+		"me-south-1": region{
+			Description: "Middle East (Bahrain)",
+		},
 		"sa-east-1": region{
 			Description: "South America (Sao Paulo)",
 		},
@@ -244,9 +163,16 @@ var awsPartition = partition{
 		},
 	},
 	Services: services{
-		"acm": service{
+		"a4b": service{
+
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
+		"access-analyzer": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -254,9 +180,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -264,46 +192,65 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"api.pricing": service{
-			Defaults: endpoint{
-				CredentialScope: credentialScope{
-					Service: "pricing",
-				},
-			},
-			Endpoints: endpoints{
-				"ap-south-1": endpoint{},
-				"us-east-1":  endpoint{},
-			},
-		},
-		"apigateway": service{
+		"acm": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"ca-central-1-fips": endpoint{
+					Hostname: "acm-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{},
+				"eu-north-1":   endpoint{},
+				"eu-west-1":    endpoint{},
+				"eu-west-2":    endpoint{},
+				"eu-west-3":    endpoint{},
+				"me-south-1":   endpoint{},
+				"sa-east-1":    endpoint{},
+				"us-east-1":    endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "acm-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "acm-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "acm-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "acm-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
 			},
 		},
-		"application-autoscaling": service{
+		"acm-pca": service{
 			Defaults: endpoint{
-				Hostname:  "autoscaling.{region}.amazonaws.com",
-				Protocols: []string{"http", "https"},
-				CredentialScope: credentialScope{
-					Service: "application-autoscaling",
-				},
+				Protocols: []string{"https"},
 			},
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -311,31 +258,162 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"appstream2": service{
-			Defaults: endpoint{
-				Protocols: []string{"https"},
-				CredentialScope: credentialScope{
-					Service: "appstream",
+				"fips-ca-central-1": endpoint{
+					Hostname: "acm-pca-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"fips-us-east-1": endpoint{
+					Hostname: "acm-pca-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"fips-us-east-2": endpoint{
+					Hostname: "acm-pca-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"fips-us-west-1": endpoint{
+					Hostname: "acm-pca-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"fips-us-west-2": endpoint{
+					Hostname: "acm-pca-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
 				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1":  endpoint{},
+				"us-east-2":  endpoint{},
+				"us-west-1":  endpoint{},
+				"us-west-2":  endpoint{},
 			},
+		},
+		"api.ecr": service{
+
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"eu-west-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"ap-east-1": endpoint{
+					Hostname: "api.ecr.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				"ap-northeast-1": endpoint{
+					Hostname: "api.ecr.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				"ap-northeast-2": endpoint{
+					Hostname: "api.ecr.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				"ap-south-1": endpoint{
+					Hostname: "api.ecr.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				"ap-southeast-1": endpoint{
+					Hostname: "api.ecr.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				"ap-southeast-2": endpoint{
+					Hostname: "api.ecr.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				"ca-central-1": endpoint{
+					Hostname: "api.ecr.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{
+					Hostname: "api.ecr.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				"eu-north-1": endpoint{
+					Hostname: "api.ecr.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				"eu-west-1": endpoint{
+					Hostname: "api.ecr.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				"eu-west-2": endpoint{
+					Hostname: "api.ecr.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				"eu-west-3": endpoint{
+					Hostname: "api.ecr.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				"me-south-1": endpoint{
+					Hostname: "api.ecr.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				"sa-east-1": endpoint{
+					Hostname: "api.ecr.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				"us-east-1": endpoint{
+					Hostname: "api.ecr.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{
+					Hostname: "api.ecr.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{
+					Hostname: "api.ecr.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{
+					Hostname: "api.ecr.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
 			},
 		},
-		"athena": service{
+		"api.mediatailor": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
@@ -344,15 +422,24 @@ var awsPartition = partition{
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"autoscaling": service{
+		"api.pricing": service{
 			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
+				CredentialScope: credentialScope{
+					Service: "pricing",
+				},
+			},
+			Endpoints: endpoints{
+				"ap-south-1": endpoint{},
+				"us-east-1":  endpoint{},
 			},
+		},
+		"api.sagemaker": service{
+
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -360,56 +447,91 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
 			},
 		},
-		"batch": service{
+		"apigateway": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"budgets": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-
-			Endpoints: endpoints{
-				"aws-global": endpoint{
-					Hostname: "budgets.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
+		"application-autoscaling": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
 			},
-		},
-		"clouddirectory": service{
-
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"cloudformation": service{
+		"appmesh": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
@@ -422,76 +544,81 @@ var awsPartition = partition{
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"cloudfront": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-
-			Endpoints: endpoints{
-				"aws-global": endpoint{
-					Hostname:  "cloudfront.amazonaws.com",
-					Protocols: []string{"http", "https"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
+		"appstream2": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+				CredentialScope: credentialScope{
+					Service: "appstream",
 				},
 			},
-		},
-		"cloudhsm": service{
-
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"fips": endpoint{
+					Hostname: "appstream2-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				"us-east-1": endpoint{},
+				"us-west-2": endpoint{},
 			},
 		},
-		"cloudhsmv2": service{
+		"appsync": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"cloudsearch": service{
+		"athena": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"cloudtrail": service{
-
+		"autoscaling": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -499,9 +626,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -509,11 +638,14 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"codebuild": service{
-
+		"autoscaling-plans": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
@@ -526,9 +658,10 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"codecommit": service{
+		"backup": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -536,8 +669,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -545,9 +681,10 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"codedeploy": service{
+		"batch": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -555,9 +692,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -565,7 +704,50 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"codepipeline": service{
+		"budgets": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "budgets.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"ce": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "ce.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"chime": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Defaults: endpoint{
+				SSLCommonName: "service.chime.aws.amazon.com",
+				Protocols:     []string{"https"},
+			},
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname:  "service.chime.aws.amazon.com",
+					Protocols: []string{"https"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"cloud9": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
@@ -575,19 +757,17 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"codestar": service{
+		"clouddirectory": service{
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
@@ -596,61 +776,69 @@ var awsPartition = partition{
 				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"cognito-identity": service{
+		"cloudformation": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"cognito-idp": service{
+		"cloudfront": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-2":      endpoint{},
+				"aws-global": endpoint{
+					Hostname:  "cloudfront.amazonaws.com",
+					Protocols: []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
 			},
 		},
-		"cognito-sync": service{
+		"cloudhsm": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"config": service{
-
+		"cloudhsmv2": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "cloudhsm",
+				},
+			},
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -658,9 +846,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -668,27 +858,14 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"cur": service{
-
-			Endpoints: endpoints{
-				"us-east-1": endpoint{},
-			},
-		},
-		"datapipeline": service{
+		"cloudsearch": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"eu-west-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"dax": service{
-
-			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-south-1":     endpoint{},
+				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
@@ -696,15 +873,10 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"devicefarm": service{
-
-			Endpoints: endpoints{
-				"us-west-2": endpoint{},
-			},
-		},
-		"directconnect": service{
+		"cloudtrail": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -712,9 +884,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -722,15 +896,10 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"discovery": service{
-
-			Endpoints: endpoints{
-				"us-west-2": endpoint{},
-			},
-		},
-		"dms": service{
+		"codebuild": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -738,19 +907,46 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "codebuild-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "codebuild-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "codebuild-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "codebuild-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
 			},
 		},
-		"ds": service{
+		"codecommit": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -758,20 +954,28 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"sa-east-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"fips": endpoint{
+					Hostname: "codecommit-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1":  endpoint{},
+				"us-east-2":  endpoint{},
+				"us-west-1":  endpoint{},
+				"us-west-2":  endpoint{},
 			},
 		},
-		"dynamodb": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
-			},
+		"codedeploy": service{
+
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -779,27 +983,44 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
-				"local": endpoint{
-					Hostname:  "localhost:8000",
-					Protocols: []string{"http"},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "codedeploy-fips.us-east-1.amazonaws.com",
 					CredentialScope: credentialScope{
 						Region: "us-east-1",
 					},
 				},
-				"sa-east-1": endpoint{},
-				"us-east-1": endpoint{},
 				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "codedeploy-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
 				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "codedeploy-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
 				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "codedeploy-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
 			},
 		},
-		"ec2": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
-			},
+		"codepipeline": service{
+
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
@@ -808,6 +1029,7 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
@@ -818,38 +1040,24 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"ec2metadata": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-
-			Endpoints: endpoints{
-				"aws-global": endpoint{
-					Hostname:  "169.254.169.254/latest",
-					Protocols: []string{"http"},
-				},
-			},
-		},
-		"ecr": service{
+		"codestar": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"ecs": service{
+		"cognito-identity": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
@@ -861,15 +1069,12 @@ var awsPartition = partition{
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"elasticache": service{
+		"cognito-idp": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
@@ -881,15 +1086,12 @@ var awsPartition = partition{
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"elasticbeanstalk": service{
+		"cognito-sync": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
@@ -897,112 +1099,46 @@ var awsPartition = partition{
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"elasticfilesystem": service{
-
-			Endpoints: endpoints{
-				"ap-southeast-2": endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"elasticloadbalancing": service{
+		"comprehend": service{
 			Defaults: endpoint{
 				Protocols: []string{"https"},
 			},
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"elasticmapreduce": service{
-			Defaults: endpoint{
-				SSLCommonName: "{region}.{service}.{dnsSuffix}",
-				Protocols:     []string{"http", "https"},
-			},
-			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
-				"eu-central-1": endpoint{
-					SSLCommonName: "{service}.{region}.{dnsSuffix}",
-				},
-				"eu-west-1": endpoint{},
-				"eu-west-2": endpoint{},
-				"eu-west-3": endpoint{},
-				"sa-east-1": endpoint{},
-				"us-east-1": endpoint{
-					SSLCommonName: "{service}.{region}.{dnsSuffix}",
-				},
-				"us-east-2": endpoint{},
-				"us-west-1": endpoint{},
-				"us-west-2": endpoint{},
-			},
-		},
-		"elastictranscoder": service{
+		"comprehendmedical": service{
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
-				"us-west-1":      endpoint{},
+				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"email": service{
-
-			Endpoints: endpoints{
-				"eu-west-1": endpoint{},
-				"us-east-1": endpoint{},
-				"us-west-2": endpoint{},
-			},
-		},
-		"entitlement.marketplace": service{
-			Defaults: endpoint{
-				CredentialScope: credentialScope{
-					Service: "aws-marketplace",
-				},
-			},
-			Endpoints: endpoints{
-				"us-east-1": endpoint{},
-			},
-		},
-		"es": service{
+		"config": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1010,9 +1146,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1020,179 +1158,117 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"events": service{
+		"connect": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"firehose": service{
+		"cur": service{
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"us-east-1": endpoint{},
 			},
 		},
-		"gamelift": service{
+		"data.mediastore": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"glacier": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
-			},
+		"dataexchange": service{
+
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"glue": service{
+		"datapipeline": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
 				"eu-west-1":      endpoint{},
 				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"greengrass": service{
-			IsRegionalized: boxedTrue,
-			Defaults: endpoint{
-				Protocols: []string{"https"},
-			},
+		"datasync": service{
+
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
-				"us-east-1":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"health": service{
-
-			Endpoints: endpoints{
-				"us-east-1": endpoint{},
-			},
-		},
-		"iam": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-
-			Endpoints: endpoints{
-				"aws-global": endpoint{
-					Hostname: "iam.amazonaws.com",
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"fips-us-east-1": endpoint{
+					Hostname: "datasync-fips.us-east-1.amazonaws.com",
 					CredentialScope: credentialScope{
 						Region: "us-east-1",
 					},
 				},
-			},
-		},
-		"importexport": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-
-			Endpoints: endpoints{
-				"aws-global": endpoint{
-					Hostname:          "importexport.amazonaws.com",
-					SignatureVersions: []string{"v2", "v4"},
+				"fips-us-east-2": endpoint{
+					Hostname: "datasync-fips.us-east-2.amazonaws.com",
 					CredentialScope: credentialScope{
-						Region:  "us-east-1",
-						Service: "IngestionService",
+						Region: "us-east-2",
 					},
 				},
-			},
-		},
-		"inspector": service{
-
-			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-2": endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"iot": service{
-			Defaults: endpoint{
-				CredentialScope: credentialScope{
-					Service: "execute-api",
+				"fips-us-west-1": endpoint{
+					Hostname: "datasync-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
 				},
-			},
-			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-2":      endpoint{},
+				"fips-us-west-2": endpoint{
+					Hostname: "datasync-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1":  endpoint{},
+				"us-east-2":  endpoint{},
+				"us-west-1":  endpoint{},
+				"us-west-2":  endpoint{},
 			},
 		},
-		"kinesis": service{
+		"dax": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
@@ -1204,17 +1280,16 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"kinesisanalytics": service{
+		"devicefarm": service{
 
 			Endpoints: endpoints{
-				"eu-west-1": endpoint{},
-				"us-east-1": endpoint{},
 				"us-west-2": endpoint{},
 			},
 		},
-		"kms": service{
+		"directconnect": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1222,9 +1297,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1232,9 +1309,17 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"lambda": service{
+		"discovery": service{
+
+			Endpoints: endpoints{
+				"eu-central-1": endpoint{},
+				"us-west-2":    endpoint{},
+			},
+		},
+		"dms": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1242,9 +1327,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1252,31 +1339,101 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"lightsail": service{
-
-			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"logs": service{
+		"docdb": service{
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
+				"ap-northeast-1": endpoint{
+					Hostname: "rds.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				"ap-northeast-2": endpoint{
+					Hostname: "rds.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				"ap-south-1": endpoint{
+					Hostname: "rds.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				"ap-southeast-1": endpoint{
+					Hostname: "rds.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				"ap-southeast-2": endpoint{
+					Hostname: "rds.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				"ca-central-1": endpoint{
+					Hostname: "rds.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{
+					Hostname: "rds.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				"eu-west-1": endpoint{
+					Hostname: "rds.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				"eu-west-2": endpoint{
+					Hostname: "rds.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				"eu-west-3": endpoint{
+					Hostname: "rds.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				"us-east-1": endpoint{
+					Hostname: "rds.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{
+					Hostname: "rds.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-2": endpoint{
+					Hostname: "rds.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"ds": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
@@ -1287,69 +1444,74 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"machinelearning": service{
-
-			Endpoints: endpoints{
-				"eu-west-1": endpoint{},
-				"us-east-1": endpoint{},
-			},
-		},
-		"marketplacecommerceanalytics": service{
-
-			Endpoints: endpoints{
-				"us-east-1": endpoint{},
-			},
-		},
-		"metering.marketplace": service{
+		"dynamodb": service{
 			Defaults: endpoint{
-				CredentialScope: credentialScope{
-					Service: "aws-marketplace",
-				},
+				Protocols: []string{"http", "https"},
 			},
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"sa-east-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"mgh": service{
-
-			Endpoints: endpoints{
+				"ca-central-1-fips": endpoint{
+					Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{},
+				"eu-north-1":   endpoint{},
+				"eu-west-1":    endpoint{},
+				"eu-west-2":    endpoint{},
+				"eu-west-3":    endpoint{},
+				"local": endpoint{
+					Hostname:  "localhost:8000",
+					Protocols: []string{"http"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1":  endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
 				"us-west-2": endpoint{},
-			},
-		},
-		"mobileanalytics": service{
-
-			Endpoints: endpoints{
-				"us-east-1": endpoint{},
-			},
-		},
-		"models.lex": service{
-			Defaults: endpoint{
-				CredentialScope: credentialScope{
-					Service: "lex",
+				"us-west-2-fips": endpoint{
+					Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
 				},
 			},
-			Endpoints: endpoints{
-				"us-east-1": endpoint{},
-			},
 		},
-		"monitoring": service{
+		"ec2": service{
 			Defaults: endpoint{
 				Protocols: []string{"http", "https"},
 			},
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1357,9 +1519,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1367,28 +1531,33 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"mturk-requester": service{
-			IsRegionalized: boxedFalse,
+		"ec2metadata": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
 
 			Endpoints: endpoints{
-				"sandbox": endpoint{
-					Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com",
+				"aws-global": endpoint{
+					Hostname:  "169.254.169.254/latest",
+					Protocols: []string{"http"},
 				},
-				"us-east-1": endpoint{},
 			},
 		},
-		"opsworks": service{
+		"ecs": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1396,40 +1565,39 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"opsworks-cm": service{
-
-			Endpoints: endpoints{
-				"eu-west-1": endpoint{},
-				"us-east-1": endpoint{},
-				"us-west-2": endpoint{},
-			},
-		},
-		"organizations": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
+		"elasticache": service{
 
 			Endpoints: endpoints{
-				"aws-global": endpoint{
-					Hostname: "organizations.us-east-1.amazonaws.com",
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"fips": endpoint{
+					Hostname: "elasticache-fips.us-west-1.amazonaws.com",
 					CredentialScope: credentialScope{
-						Region: "us-east-1",
+						Region: "us-west-1",
 					},
 				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1":  endpoint{},
+				"us-east-2":  endpoint{},
+				"us-west-1":  endpoint{},
+				"us-west-2":  endpoint{},
 			},
 		},
-		"pinpoint": service{
-			Defaults: endpoint{
-				CredentialScope: credentialScope{
-					Service: "mobiletargeting",
-				},
-			},
-			Endpoints: endpoints{
-				"us-east-1": endpoint{},
-			},
-		},
-		"polly": service{
+		"elasticbeanstalk": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1437,9 +1605,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1447,9 +1617,10 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"rds": service{
+		"elasticfilesystem": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1457,21 +1628,24 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
-				"us-east-1": endpoint{
-					SSLCommonName: "{service}.{dnsSuffix}",
-				},
-				"us-east-2": endpoint{},
-				"us-west-1": endpoint{},
-				"us-west-2": endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
 		},
-		"redshift": service{
-
+		"elasticloadbalancing": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1479,9 +1653,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1489,125 +1665,126 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"rekognition": service{
-
+		"elasticmapreduce": service{
+			Defaults: endpoint{
+				SSLCommonName: "{region}.{service}.{dnsSuffix}",
+				Protocols:     []string{"https"},
+			},
 			Endpoints: endpoints{
-				"eu-west-1": endpoint{},
-				"us-east-1": endpoint{},
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1": endpoint{
+					SSLCommonName: "{service}.{region}.{dnsSuffix}",
+				},
+				"eu-north-1": endpoint{},
+				"eu-west-1":  endpoint{},
+				"eu-west-2":  endpoint{},
+				"eu-west-3":  endpoint{},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1": endpoint{
+					SSLCommonName: "{service}.{region}.{dnsSuffix}",
+				},
 				"us-east-2": endpoint{},
+				"us-west-1": endpoint{},
 				"us-west-2": endpoint{},
 			},
 		},
-		"route53": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
+		"elastictranscoder": service{
 
 			Endpoints: endpoints{
-				"aws-global": endpoint{
-					Hostname: "route53.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
+				"ap-northeast-1": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
 		},
-		"route53domains": service{
+		"email": service{
 
 			Endpoints: endpoints{
-				"us-east-1": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
 		},
-		"runtime.lex": service{
+		"entitlement.marketplace": service{
 			Defaults: endpoint{
 				CredentialScope: credentialScope{
-					Service: "lex",
+					Service: "aws-marketplace",
 				},
 			},
 			Endpoints: endpoints{
-				"eu-west-1": endpoint{},
 				"us-east-1": endpoint{},
 			},
 		},
-		"s3": service{
-			PartitionEndpoint: "us-east-1",
-			IsRegionalized:    boxedTrue,
-			Defaults: endpoint{
-				Protocols:         []string{"http", "https"},
-				SignatureVersions: []string{"s3v4"},
+		"es": service{
 
-				HasDualStack:      boxedTrue,
-				DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
-			},
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{
-					Hostname:          "s3.ap-northeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{
-					Hostname:          "s3.ap-southeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				"ap-southeast-2": endpoint{
-					Hostname:          "s3.ap-southeast-2.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				"ca-central-1": endpoint{},
-				"eu-central-1": endpoint{},
-				"eu-west-1": endpoint{
-					Hostname:          "s3.eu-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				"eu-west-2": endpoint{},
-				"eu-west-3": endpoint{},
-				"s3-external-1": endpoint{
-					Hostname:          "s3-external-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"fips": endpoint{
+					Hostname: "es-fips.us-west-1.amazonaws.com",
 					CredentialScope: credentialScope{
-						Region: "us-east-1",
+						Region: "us-west-1",
 					},
 				},
-				"sa-east-1": endpoint{
-					Hostname:          "s3.sa-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				"us-east-1": endpoint{
-					Hostname:          "s3.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				"us-east-2": endpoint{},
-				"us-west-1": endpoint{
-					Hostname:          "s3.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				"us-west-2": endpoint{
-					Hostname:          "s3.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1":  endpoint{},
+				"us-east-2":  endpoint{},
+				"us-west-1":  endpoint{},
+				"us-west-2":  endpoint{},
 			},
 		},
-		"sdb": service{
-			Defaults: endpoint{
-				Protocols:         []string{"http", "https"},
-				SignatureVersions: []string{"v2"},
-			},
+		"events": service{
+
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
-				"us-east-1": endpoint{
-					Hostname: "sdb.amazonaws.com",
-				},
-				"us-west-1": endpoint{},
-				"us-west-2": endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
 		},
-		"servicecatalog": service{
+		"firehose": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1615,9 +1792,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1625,77 +1804,70 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"shield": service{
-			IsRegionalized: boxedFalse,
+		"fms": service{
 			Defaults: endpoint{
-				SSLCommonName: "Shield.us-east-1.amazonaws.com",
-				Protocols:     []string{"https"},
-			},
-			Endpoints: endpoints{
-				"us-east-1": endpoint{},
+				Protocols: []string{"https"},
 			},
-		},
-		"sms": service{
-
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"snowball": service{
+		"forecast": service{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-2": endpoint{},
-				"eu-central-1":   endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-1": endpoint{},
 				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"sns": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
+		"forecastquery": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
+		},
+		"fsx": service{
+
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"sqs": service{
-			Defaults: endpoint{
-				SSLCommonName: "{region}.queue.{dnsSuffix}",
-				Protocols:     []string{"http", "https"},
-			},
+		"gamelift": service{
+
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
@@ -1706,19 +1878,19 @@ var awsPartition = partition{
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
 				"sa-east-1":      endpoint{},
-				"us-east-1": endpoint{
-					SSLCommonName: "queue.{dnsSuffix}",
-				},
-				"us-east-2": endpoint{},
-				"us-west-1": endpoint{},
-				"us-west-2": endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
 		},
-		"ssm": service{
-
+		"glacier": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1726,9 +1898,11 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1736,47 +1910,64 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"states": service{
+		"glue": service{
 
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"storagegateway": service{
-
+		"greengrass": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
-		"streams.dynamodb": service{
+		"groundstation": service{
+
+			Endpoints: endpoints{
+				"eu-north-1": endpoint{},
+				"me-south-1": endpoint{},
+				"us-east-2":  endpoint{},
+				"us-west-2":  endpoint{},
+			},
+		},
+		"guardduty": service{
+			IsRegionalized: boxedTrue,
 			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
-				CredentialScope: credentialScope{
-					Service: "dynamodb",
-				},
+				Protocols: []string{"https"},
 			},
 			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -1784,133 +1975,3796 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
-				"local": endpoint{
-					Hostname:  "localhost:8000",
-					Protocols: []string{"http"},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "guardduty-fips.us-east-1.amazonaws.com",
 					CredentialScope: credentialScope{
 						Region: "us-east-1",
 					},
 				},
-				"sa-east-1": endpoint{},
-				"us-east-1": endpoint{},
 				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "guardduty-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
 				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "guardduty-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
 				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "guardduty-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
 			},
 		},
-		"sts": service{
+		"health": service{
+
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
+		"iam": service{
 			PartitionEndpoint: "aws-global",
-			Defaults: endpoint{
-				Hostname: "sts.amazonaws.com",
-				CredentialScope: credentialScope{
-					Region: "us-east-1",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "iam.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
 				},
 			},
+		},
+		"importexport": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{
-					Hostname: "sts.ap-northeast-2.amazonaws.com",
+				"aws-global": endpoint{
+					Hostname:          "importexport.amazonaws.com",
+					SignatureVersions: []string{"v2", "v4"},
 					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
+						Region:  "us-east-1",
+						Service: "IngestionService",
 					},
 				},
+			},
+		},
+		"inspector": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
-				"aws-global":     endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
-				"us-east-1-fips": endpoint{
-					Hostname: "sts-fips.us-east-1.amazonaws.com",
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"iot": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "execute-api",
+				},
+			},
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"iotanalytics": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"iotevents": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"ioteventsdata": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{
+					Hostname: "data.iotevents.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				"ap-northeast-2": endpoint{
+					Hostname: "data.iotevents.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				"ap-southeast-1": endpoint{
+					Hostname: "data.iotevents.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				"ap-southeast-2": endpoint{
+					Hostname: "data.iotevents.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				"eu-central-1": endpoint{
+					Hostname: "data.iotevents.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				"eu-west-1": endpoint{
+					Hostname: "data.iotevents.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				"eu-west-2": endpoint{
+					Hostname: "data.iotevents.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				"us-east-1": endpoint{
+					Hostname: "data.iotevents.us-east-1.amazonaws.com",
 					CredentialScope: credentialScope{
 						Region: "us-east-1",
 					},
 				},
-				"us-east-2": endpoint{},
-				"us-east-2-fips": endpoint{
-					Hostname: "sts-fips.us-east-2.amazonaws.com",
+				"us-east-2": endpoint{
+					Hostname: "data.iotevents.us-east-2.amazonaws.com",
 					CredentialScope: credentialScope{
 						Region: "us-east-2",
 					},
 				},
-				"us-west-1": endpoint{},
-				"us-west-1-fips": endpoint{
-					Hostname: "sts-fips.us-west-1.amazonaws.com",
+				"us-west-2": endpoint{
+					Hostname: "data.iotevents.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"iotsecuredtunneling": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"iotthingsgraph": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "iotthingsgraph",
+				},
+			},
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"kafka": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"kinesis": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"kinesisanalytics": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"kinesisvideo": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"kms": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"lakeformation": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"lambda": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"license-manager": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"lightsail": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"logs": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"machinelearning": service{
+
+			Endpoints: endpoints{
+				"eu-west-1": endpoint{},
+				"us-east-1": endpoint{},
+			},
+		},
+		"marketplacecommerceanalytics": service{
+
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
+		"mediaconnect": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"mediaconvert": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"medialive": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"mediapackage": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"mediastore": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"metering.marketplace": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "aws-marketplace",
+				},
+			},
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"mgh": service{
+
+			Endpoints: endpoints{
+				"eu-central-1": endpoint{},
+				"us-west-2":    endpoint{},
+			},
+		},
+		"mobileanalytics": service{
+
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
+		"models.lex": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "lex",
+				},
+			},
+			Endpoints: endpoints{
+				"ap-southeast-2": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"monitoring": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"mq": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"fips-us-east-1": endpoint{
+					Hostname: "mq-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"fips-us-east-2": endpoint{
+					Hostname: "mq-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"fips-us-west-1": endpoint{
+					Hostname: "mq-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"fips-us-west-2": endpoint{
+					Hostname: "mq-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				"sa-east-1": endpoint{},
+				"us-east-1": endpoint{},
+				"us-east-2": endpoint{},
+				"us-west-1": endpoint{},
+				"us-west-2": endpoint{},
+			},
+		},
+		"mturk-requester": service{
+			IsRegionalized: boxedFalse,
+
+			Endpoints: endpoints{
+				"sandbox": endpoint{
+					Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com",
+				},
+				"us-east-1": endpoint{},
+			},
+		},
+		"neptune": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{
+					Hostname: "rds.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				"ap-northeast-2": endpoint{
+					Hostname: "rds.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				"ap-south-1": endpoint{
+					Hostname: "rds.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				"ap-southeast-1": endpoint{
+					Hostname: "rds.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				"ap-southeast-2": endpoint{
+					Hostname: "rds.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				"ca-central-1": endpoint{
+					Hostname: "rds.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{
+					Hostname: "rds.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				"eu-north-1": endpoint{
+					Hostname: "rds.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				"eu-west-1": endpoint{
+					Hostname: "rds.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				"eu-west-2": endpoint{
+					Hostname: "rds.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				"me-south-1": endpoint{
+					Hostname: "rds.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				"us-east-1": endpoint{
+					Hostname: "rds.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{
+					Hostname: "rds.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-2": endpoint{
+					Hostname: "rds.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"oidc": service{
+
+			Endpoints: endpoints{
+				"ap-southeast-1": endpoint{
+					Hostname: "oidc.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				"ap-southeast-2": endpoint{
+					Hostname: "oidc.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				"ca-central-1": endpoint{
+					Hostname: "oidc.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{
+					Hostname: "oidc.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				"eu-west-1": endpoint{
+					Hostname: "oidc.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				"eu-west-2": endpoint{
+					Hostname: "oidc.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				"us-east-1": endpoint{
+					Hostname: "oidc.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{
+					Hostname: "oidc.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-2": endpoint{
+					Hostname: "oidc.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"opsworks": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"opsworks-cm": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"organizations": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "organizations.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"outposts": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"pinpoint": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "mobiletargeting",
+				},
+			},
+			Endpoints: endpoints{
+				"ap-south-1":     endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"fips-us-east-1": endpoint{
+					Hostname: "pinpoint-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"fips-us-west-2": endpoint{
+					Hostname: "pinpoint-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				"us-east-1": endpoint{
+					Hostname: "pinpoint.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-west-2": endpoint{
+					Hostname: "pinpoint.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"polly": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"portal.sso": service{
+
+			Endpoints: endpoints{
+				"ap-southeast-1": endpoint{
+					Hostname: "portal.sso.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				"ap-southeast-2": endpoint{
+					Hostname: "portal.sso.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				"ca-central-1": endpoint{
+					Hostname: "portal.sso.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{
+					Hostname: "portal.sso.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				"eu-west-1": endpoint{
+					Hostname: "portal.sso.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				"eu-west-2": endpoint{
+					Hostname: "portal.sso.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				"us-east-1": endpoint{
+					Hostname: "portal.sso.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{
+					Hostname: "portal.sso.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-2": endpoint{
+					Hostname: "portal.sso.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"projects.iot1click": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"qldb": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"ram": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"rds": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1": endpoint{
+					SSLCommonName: "{service}.{dnsSuffix}",
+				},
+				"us-east-2": endpoint{},
+				"us-west-1": endpoint{},
+				"us-west-2": endpoint{},
+			},
+		},
+		"redshift": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"rekognition": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"resource-groups": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"fips-us-east-1": endpoint{
+					Hostname: "resource-groups-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"fips-us-east-2": endpoint{
+					Hostname: "resource-groups-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"fips-us-west-1": endpoint{
+					Hostname: "resource-groups-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"fips-us-west-2": endpoint{
+					Hostname: "resource-groups-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1":  endpoint{},
+				"us-east-2":  endpoint{},
+				"us-west-1":  endpoint{},
+				"us-west-2":  endpoint{},
+			},
+		},
+		"robomaker": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"route53": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "route53.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"route53domains": service{
+
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
+		"route53resolver": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"runtime.lex": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "lex",
+				},
+			},
+			Endpoints: endpoints{
+				"ap-southeast-2": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"runtime.sagemaker": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"s3": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedTrue,
+			Defaults: endpoint{
+				Protocols:         []string{"http", "https"},
+				SignatureVersions: []string{"s3v4"},
+
+				HasDualStack:      boxedTrue,
+				DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+			},
+			Endpoints: endpoints{
+				"ap-east-1": endpoint{},
+				"ap-northeast-1": endpoint{
+					Hostname:          "s3.ap-northeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{
+					Hostname:          "s3.ap-southeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				"ap-southeast-2": endpoint{
+					Hostname:          "s3.ap-southeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				"aws-global": endpoint{
+					Hostname:          "s3.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"ca-central-1": endpoint{},
+				"eu-central-1": endpoint{},
+				"eu-north-1":   endpoint{},
+				"eu-west-1": endpoint{
+					Hostname:          "s3.eu-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				"eu-west-2":  endpoint{},
+				"eu-west-3":  endpoint{},
+				"me-south-1": endpoint{},
+				"s3-external-1": endpoint{
+					Hostname:          "s3-external-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"sa-east-1": endpoint{
+					Hostname:          "s3.sa-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				"us-east-1": endpoint{
+					Hostname:          "s3.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				"us-east-2": endpoint{},
+				"us-west-1": endpoint{
+					Hostname:          "s3.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				"us-west-2": endpoint{
+					Hostname:          "s3.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+			},
+		},
+		"s3-control": service{
+			Defaults: endpoint{
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"s3v4"},
+
+				HasDualStack:      boxedTrue,
+				DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+			},
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{
+					Hostname:          "s3-control.ap-northeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				"ap-northeast-2": endpoint{
+					Hostname:          "s3-control.ap-northeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				"ap-south-1": endpoint{
+					Hostname:          "s3-control.ap-south-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				"ap-southeast-1": endpoint{
+					Hostname:          "s3-control.ap-southeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				"ap-southeast-2": endpoint{
+					Hostname:          "s3-control.ap-southeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				"ca-central-1": endpoint{
+					Hostname:          "s3-control.ca-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{
+					Hostname:          "s3-control.eu-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				"eu-north-1": endpoint{
+					Hostname:          "s3-control.eu-north-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				"eu-west-1": endpoint{
+					Hostname:          "s3-control.eu-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				"eu-west-2": endpoint{
+					Hostname:          "s3-control.eu-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				"eu-west-3": endpoint{
+					Hostname:          "s3-control.eu-west-3.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				"sa-east-1": endpoint{
+					Hostname:          "s3-control.sa-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				"us-east-1": endpoint{
+					Hostname:          "s3-control.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-1-fips": endpoint{
+					Hostname:          "s3-control-fips.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{
+					Hostname:          "s3-control.us-east-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-east-2-fips": endpoint{
+					Hostname:          "s3-control-fips.us-east-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{
+					Hostname:          "s3-control.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-1-fips": endpoint{
+					Hostname:          "s3-control-fips.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{
+					Hostname:          "s3-control.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				"us-west-2-fips": endpoint{
+					Hostname:          "s3-control-fips.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"savingsplans": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "savingsplans.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"schemas": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"sdb": service{
+			Defaults: endpoint{
+				Protocols:         []string{"http", "https"},
+				SignatureVersions: []string{"v2"},
+			},
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-west-1":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1": endpoint{
+					Hostname: "sdb.amazonaws.com",
+				},
+				"us-west-1": endpoint{},
+				"us-west-2": endpoint{},
+			},
+		},
+		"secretsmanager": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"securityhub": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"serverlessrepo": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"ap-east-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"ap-northeast-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"ap-northeast-2": endpoint{
+					Protocols: []string{"https"},
+				},
+				"ap-south-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"ap-southeast-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"ap-southeast-2": endpoint{
+					Protocols: []string{"https"},
+				},
+				"ca-central-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"eu-central-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"eu-north-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"eu-west-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"eu-west-2": endpoint{
+					Protocols: []string{"https"},
+				},
+				"eu-west-3": endpoint{
+					Protocols: []string{"https"},
+				},
+				"me-south-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"sa-east-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"us-east-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"us-east-2": endpoint{
+					Protocols: []string{"https"},
+				},
+				"us-west-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"us-west-2": endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"servicecatalog": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "servicecatalog-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "servicecatalog-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "servicecatalog-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "servicecatalog-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"servicediscovery": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"session.qldb": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"shield": service{
+			IsRegionalized: boxedFalse,
+			Defaults: endpoint{
+				SSLCommonName: "shield.us-east-1.amazonaws.com",
+				Protocols:     []string{"https"},
+			},
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
+		"sms": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"snowball": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"sns": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"sqs": service{
+			Defaults: endpoint{
+				SSLCommonName: "{region}.queue.{dnsSuffix}",
+				Protocols:     []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"fips-us-east-1": endpoint{
+					Hostname: "sqs-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"fips-us-east-2": endpoint{
+					Hostname: "sqs-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"fips-us-west-1": endpoint{
+					Hostname: "sqs-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"fips-us-west-2": endpoint{
+					Hostname: "sqs-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1": endpoint{
+					SSLCommonName: "queue.{dnsSuffix}",
+				},
+				"us-east-2": endpoint{},
+				"us-west-1": endpoint{},
+				"us-west-2": endpoint{},
+			},
+		},
+		"ssm": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"states": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"storagegateway": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"streams.dynamodb": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+				CredentialScope: credentialScope{
+					Service: "dynamodb",
+				},
+			},
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"ca-central-1-fips": endpoint{
+					Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"eu-central-1": endpoint{},
+				"eu-north-1":   endpoint{},
+				"eu-west-1":    endpoint{},
+				"eu-west-2":    endpoint{},
+				"eu-west-3":    endpoint{},
+				"local": endpoint{
+					Hostname:  "localhost:8000",
+					Protocols: []string{"http"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"me-south-1": endpoint{},
+				"sa-east-1":  endpoint{},
+				"us-east-1":  endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"sts": service{
+			PartitionEndpoint: "aws-global",
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"aws-global": endpoint{
+					Hostname: "sts.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"ca-central-1": endpoint{},
+				"eu-central-1": endpoint{},
+				"eu-north-1":   endpoint{},
+				"eu-west-1":    endpoint{},
+				"eu-west-2":    endpoint{},
+				"eu-west-3":    endpoint{},
+				"me-south-1":   endpoint{},
+				"sa-east-1":    endpoint{},
+				"us-east-1":    endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "sts-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "sts-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "sts-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "sts-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-global",
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "support.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"swf": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"tagging": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"transcribe": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"transcribestreaming": service{
+
+			Endpoints: endpoints{
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"transfer": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"translate": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "translate-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "translate-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"us-west-1": endpoint{},
+				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "translate-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"waf": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "waf.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"waf-regional": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"workdocs": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"workmail": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"eu-west-1": endpoint{},
+				"us-east-1": endpoint{},
+				"us-west-2": endpoint{},
+			},
+		},
+		"workspaces": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"xray": service{
+
+			Endpoints: endpoints{
+				"ap-east-1":      endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-north-1":     endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
+				"me-south-1":     endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+	},
+}
+
+// AwsCnPartition returns the Resolver for AWS China.
+func AwsCnPartition() Partition {
+	return awscnPartition.Partition()
+}
+
+var awscnPartition = partition{
+	ID:        "aws-cn",
+	Name:      "AWS China",
+	DNSSuffix: "amazonaws.com.cn",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^cn\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpoint{
+		Hostname:          "{service}.{region}.{dnsSuffix}",
+		Protocols:         []string{"https"},
+		SignatureVersions: []string{"v4"},
+	},
+	Regions: regions{
+		"cn-north-1": region{
+			Description: "China (Beijing)",
+		},
+		"cn-northwest-1": region{
+			Description: "China (Ningxia)",
+		},
+	},
+	Services: services{
+		"api.ecr": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{
+					Hostname: "api.ecr.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				"cn-northwest-1": endpoint{
+					Hostname: "api.ecr.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"apigateway": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"application-autoscaling": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"appsync": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
+		"athena": service{
+
+			Endpoints: endpoints{
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"autoscaling": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"batch": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"cloudformation": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"cloudfront": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-cn-global": endpoint{
+					Hostname:  "cloudfront.cn-northwest-1.amazonaws.com.cn",
+					Protocols: []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"cloudtrail": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"codebuild": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"codedeploy": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"cognito-identity": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
+		"config": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"dax": service{
+
+			Endpoints: endpoints{
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"directconnect": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"dms": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"ds": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"dynamodb": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"ec2": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"ec2metadata": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname:  "169.254.169.254/latest",
+					Protocols: []string{"http"},
+				},
+			},
+		},
+		"ecs": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"elasticache": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"elasticbeanstalk": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"elasticfilesystem": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"elasticloadbalancing": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"elasticmapreduce": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"es": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"events": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"firehose": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"gamelift": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
+		"glacier": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"glue": service{
+
+			Endpoints: endpoints{
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"greengrass": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
+		"health": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"iam": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-cn-global": endpoint{
+					Hostname: "iam.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+			},
+		},
+		"iot": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "execute-api",
+				},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"kinesis": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"kms": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"lambda": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"license-manager": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"logs": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"mediaconvert": service{
+
+			Endpoints: endpoints{
+				"cn-northwest-1": endpoint{
+					Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"monitoring": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"neptune": service{
+
+			Endpoints: endpoints{
+				"cn-northwest-1": endpoint{
+					Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"polly": service{
+
+			Endpoints: endpoints{
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"rds": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"redshift": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"s3": service{
+			Defaults: endpoint{
+				Protocols:         []string{"http", "https"},
+				SignatureVersions: []string{"s3v4"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"s3-control": service{
+			Defaults: endpoint{
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"s3v4"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{
+					Hostname:          "s3-control.cn-north-1.amazonaws.com.cn",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				"cn-northwest-1": endpoint{
+					Hostname:          "s3-control.cn-northwest-1.amazonaws.com.cn",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"secretsmanager": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"serverlessrepo": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"cn-northwest-1": endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"sms": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"snowball": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
+		"sns": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"sqs": service{
+			Defaults: endpoint{
+				SSLCommonName: "{region}.queue.{dnsSuffix}",
+				Protocols:     []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"ssm": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"states": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"storagegateway": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
+		"streams.dynamodb": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+				CredentialScope: credentialScope{
+					Service: "dynamodb",
+				},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"sts": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-cn-global",
+
+			Endpoints: endpoints{
+				"aws-cn-global": endpoint{
+					Hostname: "support.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+			},
+		},
+		"swf": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"tagging": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"transcribe": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{
+					Hostname: "cn.transcribe.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				"cn-northwest-1": endpoint{
+					Hostname: "cn.transcribe.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"workspaces": service{
+
+			Endpoints: endpoints{
+				"cn-northwest-1": endpoint{},
+			},
+		},
+		"xray": service{
+
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
+	},
+}
+
+// AwsUsGovPartition returns the Resolver for AWS GovCloud (US).
+func AwsUsGovPartition() Partition {
+	return awsusgovPartition.Partition()
+}
+
+var awsusgovPartition = partition{
+	ID:        "aws-us-gov",
+	Name:      "AWS GovCloud (US)",
+	DNSSuffix: "amazonaws.com",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^us\\-gov\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpoint{
+		Hostname:          "{service}.{region}.{dnsSuffix}",
+		Protocols:         []string{"https"},
+		SignatureVersions: []string{"v4"},
+	},
+	Regions: regions{
+		"us-gov-east-1": region{
+			Description: "AWS GovCloud (US-East)",
+		},
+		"us-gov-west-1": region{
+			Description: "AWS GovCloud (US)",
+		},
+	},
+	Services: services{
+		"access-analyzer": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"acm": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"acm-pca": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"api.ecr": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{
+					Hostname: "api.ecr.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"us-gov-west-1": endpoint{
+					Hostname: "api.ecr.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"api.sagemaker": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"apigateway": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"application-autoscaling": service{
+			Defaults: endpoint{
+				Hostname:  "autoscaling.{region}.amazonaws.com",
+				Protocols: []string{"http", "https"},
+				CredentialScope: credentialScope{
+					Service: "application-autoscaling",
+				},
+			},
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"appstream2": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+				CredentialScope: credentialScope{
+					Service: "appstream",
+				},
+			},
+			Endpoints: endpoints{
+				"fips": endpoint{
+					Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"athena": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"autoscaling": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"autoscaling-plans": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"batch": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"clouddirectory": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"cloudformation": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"cloudhsm": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"cloudhsmv2": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "cloudhsm",
+				},
+			},
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"cloudtrail": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"codebuild": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"codecommit": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"codedeploy": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-east-1-fips": endpoint{
+					Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"comprehend": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"comprehendmedical": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"config": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"datasync": service{
+
+			Endpoints: endpoints{
+				"fips-us-gov-west-1": endpoint{
+					Hostname: "datasync-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"directconnect": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"dms": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"ds": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"dynamodb": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-east-1-fips": endpoint{
+					Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"ec2": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"ec2metadata": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname:  "169.254.169.254/latest",
+					Protocols: []string{"http"},
+				},
+			},
+		},
+		"ecs": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"elasticache": service{
+
+			Endpoints: endpoints{
+				"fips": endpoint{
+					Hostname: "elasticache-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"elasticbeanstalk": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"elasticfilesystem": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"elasticloadbalancing": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"elasticmapreduce": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"es": service{
+
+			Endpoints: endpoints{
+				"fips": endpoint{
+					Hostname: "es-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"events": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"firehose": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"glacier": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"glue": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"greengrass": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"guardduty": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"health": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"iam": service{
+			PartitionEndpoint: "aws-us-gov-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-us-gov-global": endpoint{
+					Hostname: "iam.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"inspector": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"iot": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "execute-api",
+				},
+			},
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"kinesis": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"kms": service{
+
+			Endpoints: endpoints{
+				"ProdFips": endpoint{
+					Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"lambda": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"license-manager": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"logs": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"mediaconvert": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"metering.marketplace": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "aws-marketplace",
+				},
+			},
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"monitoring": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"neptune": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{
+					Hostname: "rds.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"us-gov-west-1": endpoint{
+					Hostname: "rds.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"organizations": service{
+			PartitionEndpoint: "aws-us-gov-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-us-gov-global": endpoint{
+					Hostname: "organizations.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"polly": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"ram": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"rds": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"redshift": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"rekognition": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"resource-groups": service{
+
+			Endpoints: endpoints{
+				"fips-us-gov-east-1": endpoint{
+					Hostname: "resource-groups.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"fips-us-gov-west-1": endpoint{
+					Hostname: "resource-groups.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"route53": service{
+			PartitionEndpoint: "aws-us-gov-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-us-gov-global": endpoint{
+					Hostname: "route53.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"route53resolver": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"runtime.sagemaker": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"s3": service{
+			Defaults: endpoint{
+				SignatureVersions: []string{"s3", "s3v4"},
+			},
+			Endpoints: endpoints{
+				"fips-us-gov-west-1": endpoint{
+					Hostname: "s3-fips-us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				"us-gov-east-1": endpoint{
+					Hostname:  "s3.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				"us-gov-west-1": endpoint{
+					Hostname:  "s3.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"s3-control": service{
+			Defaults: endpoint{
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"s3v4"},
+			},
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{
+					Hostname:          "s3-control.us-gov-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"us-gov-east-1-fips": endpoint{
+					Hostname:          "s3-control-fips.us-gov-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"us-gov-west-1": endpoint{
+					Hostname:          "s3-control.us-gov-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				"us-gov-west-1-fips": endpoint{
+					Hostname:          "s3-control-fips.us-gov-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"secretsmanager": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-east-1-fips": endpoint{
+					Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"serverlessrepo": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{
+					Protocols: []string{"https"},
+				},
+				"us-gov-west-1": endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"servicecatalog": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"sms": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"snowball": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"sns": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"sqs": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{
+					SSLCommonName: "{region}.queue.{dnsSuffix}",
+					Protocols:     []string{"http", "https"},
+				},
+			},
+		},
+		"ssm": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"states": service{
+
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"storagegateway": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"streams.dynamodb": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "dynamodb",
+				},
+			},
+			Endpoints: endpoints{
+				"us-gov-east-1": endpoint{},
+				"us-gov-east-1-fips": endpoint{
+					Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
 					CredentialScope: credentialScope{
-						Region: "us-west-1",
+						Region: "us-gov-east-1",
 					},
 				},
-				"us-west-2": endpoint{},
-				"us-west-2-fips": endpoint{
-					Hostname: "sts-fips.us-west-2.amazonaws.com",
+				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
 					CredentialScope: credentialScope{
-						Region: "us-west-2",
+						Region: "us-gov-west-1",
 					},
 				},
 			},
 		},
-		"support": service{
+		"sts": service{
 
 			Endpoints: endpoints{
-				"us-east-1": endpoint{},
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
 			},
 		},
 		"swf": service{
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"eu-west-3":      endpoint{},
-				"sa-east-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
 			},
 		},
 		"tagging": service{
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"sa-east-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
 			},
 		},
-		"waf": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-
+		"transcribe": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
 			Endpoints: endpoints{
-				"aws-global": endpoint{
-					Hostname: "waf.amazonaws.com",
+				"us-gov-east-1": endpoint{},
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"translate": service{
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "translate-fips.us-gov-west-1.amazonaws.com",
 					CredentialScope: credentialScope{
-						Region: "us-east-1",
+						Region: "us-gov-west-1",
 					},
 				},
 			},
@@ -1918,71 +5772,30 @@ var awsPartition = partition{
 		"waf-regional": service{
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"eu-west-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"workdocs": service{
-
-			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"eu-west-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"us-gov-west-1": endpoint{},
 			},
 		},
 		"workspaces": service{
 
 			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-west-2":      endpoint{},
-			},
-		},
-		"xray": service{
-
-			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"ap-northeast-2": endpoint{},
-				"ap-south-1":     endpoint{},
-				"ap-southeast-1": endpoint{},
-				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
-				"eu-central-1":   endpoint{},
-				"eu-west-1":      endpoint{},
-				"eu-west-2":      endpoint{},
-				"sa-east-1":      endpoint{},
-				"us-east-1":      endpoint{},
-				"us-east-2":      endpoint{},
-				"us-west-1":      endpoint{},
-				"us-west-2":      endpoint{},
+				"us-gov-west-1": endpoint{},
 			},
 		},
 	},
 }
 
-// AwsCnPartition returns the Resolver for AWS China.
-func AwsCnPartition() Partition {
-	return awscnPartition.Partition()
+// AwsIsoPartition returns the Resolver for AWS ISO (US).
+func AwsIsoPartition() Partition {
+	return awsisoPartition.Partition()
 }
 
-var awscnPartition = partition{
-	ID:        "aws-cn",
-	Name:      "AWS China",
-	DNSSuffix: "amazonaws.com.cn",
+var awsisoPartition = partition{
+	ID:        "aws-iso",
+	Name:      "AWS ISO (US)",
+	DNSSuffix: "c2s.ic.gov",
 	RegionRegex: regionRegex{
 		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^cn\\-\\w+\\-\\d+$")
+			reg, _ := regexp.Compile("^us\\-iso\\-\\w+\\-\\d+$")
 			return reg
 		}(),
 	},
@@ -1992,99 +5805,110 @@ var awscnPartition = partition{
 		SignatureVersions: []string{"v4"},
 	},
 	Regions: regions{
-		"cn-north-1": region{
-			Description: "China (Beijing)",
-		},
-		"cn-northwest-1": region{
-			Description: "China (Ningxia)",
+		"us-iso-east-1": region{
+			Description: "US ISO East",
 		},
 	},
 	Services: services{
+		"api.ecr": service{
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{
+					Hostname: "api.ecr.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+				},
+			},
+		},
+		"api.sagemaker": service{
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{},
+			},
+		},
 		"apigateway": service{
 
 			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"application-autoscaling": service{
 			Defaults: endpoint{
-				Hostname:  "autoscaling.{region}.amazonaws.com",
 				Protocols: []string{"http", "https"},
-				CredentialScope: credentialScope{
-					Service: "application-autoscaling",
-				},
 			},
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"autoscaling": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
-			},
+
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
 			},
 		},
 		"cloudformation": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"cloudtrail": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"codedeploy": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
-		"cognito-identity": service{
+		"config": service{
 
 			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
-		"config": service{
+		"datapipeline": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"directconnect": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
-		"dynamodb": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
+		"dms": service{
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{},
 			},
+		},
+		"ds": service{
+
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
-		"ec2": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
+		"dynamodb": service{
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
 			},
+		},
+		"ec2": service{
+
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"ec2metadata": service{
@@ -2098,184 +5922,171 @@ var awscnPartition = partition{
 				},
 			},
 		},
-		"ecr": service{
-
-			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
-			},
-		},
 		"ecs": service{
 
 			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"elasticache": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
-			},
-		},
-		"elasticbeanstalk": service{
-
-			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"elasticloadbalancing": service{
-			Defaults: endpoint{
-				Protocols: []string{"https"},
-			},
+
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
 			},
 		},
 		"elasticmapreduce": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
-			},
-			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
-			},
-		},
-		"es": service{
 
 			Endpoints: endpoints{
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{
+					Protocols: []string{"https"},
+				},
 			},
 		},
 		"events": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"glacier": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
 			},
+		},
+		"health": service{
+
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"iam": service{
-			PartitionEndpoint: "aws-cn-global",
+			PartitionEndpoint: "aws-iso-global",
 			IsRegionalized:    boxedFalse,
 
 			Endpoints: endpoints{
-				"aws-cn-global": endpoint{
-					Hostname: "iam.cn-north-1.amazonaws.com.cn",
+				"aws-iso-global": endpoint{
+					Hostname: "iam.us-iso-east-1.c2s.ic.gov",
 					CredentialScope: credentialScope{
-						Region: "cn-north-1",
+						Region: "us-iso-east-1",
 					},
 				},
 			},
 		},
-		"iot": service{
-			Defaults: endpoint{
-				CredentialScope: credentialScope{
-					Service: "execute-api",
-				},
-			},
+		"kinesis": service{
+
 			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
-		"kinesis": service{
+		"kms": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"ProdFips": endpoint{
+					Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+				},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"lambda": service{
 
 			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"logs": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"monitoring": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
-			},
+
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"rds": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"redshift": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
+			},
+		},
+		"route53": service{
+			PartitionEndpoint: "aws-iso-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-iso-global": endpoint{
+					Hostname: "route53.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+				},
+			},
+		},
+		"runtime.sagemaker": service{
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"s3": service{
 			Defaults: endpoint{
-				Protocols:         []string{"http", "https"},
 				SignatureVersions: []string{"s3v4"},
 			},
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"s3v4"},
+				},
 			},
 		},
 		"snowball": service{
 
 			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"sns": service{
-			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
-			},
+
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
 			},
 		},
 		"sqs": service{
-			Defaults: endpoint{
-				SSLCommonName: "{region}.queue.{dnsSuffix}",
-				Protocols:     []string{"http", "https"},
-			},
-			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
-			},
-		},
-		"ssm": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
 			},
 		},
-		"storagegateway": service{
+		"states": service{
 
 			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 		"streams.dynamodb": service{
@@ -2286,45 +6097,56 @@ var awscnPartition = partition{
 				},
 			},
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{
+					Protocols: []string{"http", "https"},
+				},
 			},
 		},
 		"sts": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-iso-global",
+
+			Endpoints: endpoints{
+				"aws-iso-global": endpoint{
+					Hostname: "support.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+				},
 			},
 		},
 		"swf": service{
 
 			Endpoints: endpoints{
-				"cn-north-1":     endpoint{},
-				"cn-northwest-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
-		"tagging": service{
+		"workspaces": service{
 
 			Endpoints: endpoints{
-				"cn-north-1": endpoint{},
+				"us-iso-east-1": endpoint{},
 			},
 		},
 	},
 }
 
-// AwsUsGovPartition returns the Resolver for AWS GovCloud (US).
-func AwsUsGovPartition() Partition {
-	return awsusgovPartition.Partition()
+// AwsIsoBPartition returns the Resolver for AWS ISOB (US).
+func AwsIsoBPartition() Partition {
+	return awsisobPartition.Partition()
 }
 
-var awsusgovPartition = partition{
-	ID:        "aws-us-gov",
-	Name:      "AWS GovCloud (US)",
-	DNSSuffix: "amazonaws.com",
+var awsisobPartition = partition{
+	ID:        "aws-iso-b",
+	Name:      "AWS ISOB (US)",
+	DNSSuffix: "sc2s.sgov.gov",
 	RegionRegex: regionRegex{
 		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^us\\-gov\\-\\w+\\-\\d+$")
+			reg, _ := regexp.Compile("^us\\-isob\\-\\w+\\-\\d+$")
 			return reg
 		}(),
 	},
@@ -2334,89 +6156,71 @@ var awsusgovPartition = partition{
 		SignatureVersions: []string{"v4"},
 	},
 	Regions: regions{
-		"us-gov-west-1": region{
-			Description: "AWS GovCloud (US)",
+		"us-isob-east-1": region{
+			Description: "US ISOB East (Ohio)",
 		},
 	},
 	Services: services{
-		"acm": service{
-
-			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+		"application-autoscaling": service{
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
 			},
-		},
-		"apigateway": service{
-
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"autoscaling": service{
-
-			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{
-					Protocols: []string{"http", "https"},
-				},
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
 			},
-		},
-		"cloudformation": service{
-
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
-		"cloudhsm": service{
+		"cloudformation": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"cloudtrail": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
-			},
-		},
-		"codedeploy": service{
-
-			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"config": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"directconnect": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"dms": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"dynamodb": service{
-
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
-				"us-gov-west-1-fips": endpoint{
-					Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"ec2": service{
-
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"ec2metadata": service{
@@ -2433,54 +6237,50 @@ var awsusgovPartition = partition{
 		"elasticache": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
-			},
-		},
-		"elasticbeanstalk": service{
-
-			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"elasticloadbalancing": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{
-					Protocols: []string{"http", "https"},
+				"us-isob-east-1": endpoint{
+					Protocols: []string{"https"},
 				},
 			},
 		},
 		"elasticmapreduce": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{
-					Protocols: []string{"http", "https"},
-				},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"events": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"glacier": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{
-					Protocols: []string{"http", "https"},
-				},
+				"us-isob-east-1": endpoint{},
+			},
+		},
+		"health": service{
+
+			Endpoints: endpoints{
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"iam": service{
-			PartitionEndpoint: "aws-us-gov-global",
+			PartitionEndpoint: "aws-iso-b-global",
 			IsRegionalized:    boxedFalse,
 
 			Endpoints: endpoints{
-				"aws-us-gov-global": endpoint{
-					Hostname: "iam.us-gov.amazonaws.com",
+				"aws-iso-b-global": endpoint{
+					Hostname: "iam.us-isob-east-1.sc2s.sgov.gov",
 					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
+						Region: "us-isob-east-1",
 					},
 				},
 			},
@@ -2488,129 +6288,116 @@ var awsusgovPartition = partition{
 		"kinesis": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"kms": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
-			},
-		},
-		"lambda": service{
-
-			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"ProdFips": endpoint{
+					Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+				},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"logs": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"monitoring": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"rds": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"redshift": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
-			},
-		},
-		"rekognition": service{
-
-			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"s3": service{
 			Defaults: endpoint{
-				SignatureVersions: []string{"s3", "s3v4"},
-			},
-			Endpoints: endpoints{
-				"fips-us-gov-west-1": endpoint{
-					Hostname: "s3-fips-us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				"us-gov-west-1": endpoint{
-					Hostname:  "s3.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
+				Protocols:         []string{"http", "https"},
+				SignatureVersions: []string{"s3v4"},
 			},
-		},
-		"sms": service{
-
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"snowball": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"sns": service{
-
+			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
+			},
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{
-					Protocols: []string{"http", "https"},
-				},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"sqs": service{
-
+			Defaults: endpoint{
+				SSLCommonName: "{region}.queue.{dnsSuffix}",
+				Protocols:     []string{"http", "https"},
+			},
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{
-					SSLCommonName: "{region}.queue.{dnsSuffix}",
-					Protocols:     []string{"http", "https"},
-				},
+				"us-isob-east-1": endpoint{},
 			},
 		},
-		"ssm": service{
+		"states": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"streams.dynamodb": service{
 			Defaults: endpoint{
+				Protocols: []string{"http", "https"},
 				CredentialScope: credentialScope{
 					Service: "dynamodb",
 				},
 			},
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
-				"us-gov-west-1-fips": endpoint{
-					Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 		"sts": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-iso-b-global",
+
+			Endpoints: endpoints{
+				"aws-iso-b-global": endpoint{
+					Hostname: "support.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+				},
 			},
 		},
 		"swf": service{
 
 			Endpoints: endpoints{
-				"us-gov-west-1": endpoint{},
+				"us-isob-east-1": endpoint{},
 			},
 		},
 	},
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
new file mode 100644
index 0000000000000..ca8fc828e1598
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
@@ -0,0 +1,141 @@
+package endpoints
+
+// Service identifiers
+//
+// Deprecated: Use client package's EndpointsID value instead of these
+// ServiceIDs. These IDs are not maintained, and are out of date.
+const (
+	A4bServiceID                          = "a4b"                          // A4b.
+	AcmServiceID                          = "acm"                          // Acm.
+	AcmPcaServiceID                       = "acm-pca"                      // AcmPca.
+	ApiMediatailorServiceID               = "api.mediatailor"              // ApiMediatailor.
+	ApiPricingServiceID                   = "api.pricing"                  // ApiPricing.
+	ApiSagemakerServiceID                 = "api.sagemaker"                // ApiSagemaker.
+	ApigatewayServiceID                   = "apigateway"                   // Apigateway.
+	ApplicationAutoscalingServiceID       = "application-autoscaling"      // ApplicationAutoscaling.
+	Appstream2ServiceID                   = "appstream2"                   // Appstream2.
+	AppsyncServiceID                      = "appsync"                      // Appsync.
+	AthenaServiceID                       = "athena"                       // Athena.
+	AutoscalingServiceID                  = "autoscaling"                  // Autoscaling.
+	AutoscalingPlansServiceID             = "autoscaling-plans"            // AutoscalingPlans.
+	BatchServiceID                        = "batch"                        // Batch.
+	BudgetsServiceID                      = "budgets"                      // Budgets.
+	CeServiceID                           = "ce"                           // Ce.
+	ChimeServiceID                        = "chime"                        // Chime.
+	Cloud9ServiceID                       = "cloud9"                       // Cloud9.
+	ClouddirectoryServiceID               = "clouddirectory"               // Clouddirectory.
+	CloudformationServiceID               = "cloudformation"               // Cloudformation.
+	CloudfrontServiceID                   = "cloudfront"                   // Cloudfront.
+	CloudhsmServiceID                     = "cloudhsm"                     // Cloudhsm.
+	Cloudhsmv2ServiceID                   = "cloudhsmv2"                   // Cloudhsmv2.
+	CloudsearchServiceID                  = "cloudsearch"                  // Cloudsearch.
+	CloudtrailServiceID                   = "cloudtrail"                   // Cloudtrail.
+	CodebuildServiceID                    = "codebuild"                    // Codebuild.
+	CodecommitServiceID                   = "codecommit"                   // Codecommit.
+	CodedeployServiceID                   = "codedeploy"                   // Codedeploy.
+	CodepipelineServiceID                 = "codepipeline"                 // Codepipeline.
+	CodestarServiceID                     = "codestar"                     // Codestar.
+	CognitoIdentityServiceID              = "cognito-identity"             // CognitoIdentity.
+	CognitoIdpServiceID                   = "cognito-idp"                  // CognitoIdp.
+	CognitoSyncServiceID                  = "cognito-sync"                 // CognitoSync.
+	ComprehendServiceID                   = "comprehend"                   // Comprehend.
+	ConfigServiceID                       = "config"                       // Config.
+	CurServiceID                          = "cur"                          // Cur.
+	DatapipelineServiceID                 = "datapipeline"                 // Datapipeline.
+	DaxServiceID                          = "dax"                          // Dax.
+	DevicefarmServiceID                   = "devicefarm"                   // Devicefarm.
+	DirectconnectServiceID                = "directconnect"                // Directconnect.
+	DiscoveryServiceID                    = "discovery"                    // Discovery.
+	DmsServiceID                          = "dms"                          // Dms.
+	DsServiceID                           = "ds"                           // Ds.
+	DynamodbServiceID                     = "dynamodb"                     // Dynamodb.
+	Ec2ServiceID                          = "ec2"                          // Ec2.
+	Ec2metadataServiceID                  = "ec2metadata"                  // Ec2metadata.
+	EcrServiceID                          = "ecr"                          // Ecr.
+	EcsServiceID                          = "ecs"                          // Ecs.
+	ElasticacheServiceID                  = "elasticache"                  // Elasticache.
+	ElasticbeanstalkServiceID             = "elasticbeanstalk"             // Elasticbeanstalk.
+	ElasticfilesystemServiceID            = "elasticfilesystem"            // Elasticfilesystem.
+	ElasticloadbalancingServiceID         = "elasticloadbalancing"         // Elasticloadbalancing.
+	ElasticmapreduceServiceID             = "elasticmapreduce"             // Elasticmapreduce.
+	ElastictranscoderServiceID            = "elastictranscoder"            // Elastictranscoder.
+	EmailServiceID                        = "email"                        // Email.
+	EntitlementMarketplaceServiceID       = "entitlement.marketplace"      // EntitlementMarketplace.
+	EsServiceID                           = "es"                           // Es.
+	EventsServiceID                       = "events"                       // Events.
+	FirehoseServiceID                     = "firehose"                     // Firehose.
+	FmsServiceID                          = "fms"                          // Fms.
+	GameliftServiceID                     = "gamelift"                     // Gamelift.
+	GlacierServiceID                      = "glacier"                      // Glacier.
+	GlueServiceID                         = "glue"                         // Glue.
+	GreengrassServiceID                   = "greengrass"                   // Greengrass.
+	GuarddutyServiceID                    = "guardduty"                    // Guardduty.
+	HealthServiceID                       = "health"                       // Health.
+	IamServiceID                          = "iam"                          // Iam.
+	ImportexportServiceID                 = "importexport"                 // Importexport.
+	InspectorServiceID                    = "inspector"                    // Inspector.
+	IotServiceID                          = "iot"                          // Iot.
+	IotanalyticsServiceID                 = "iotanalytics"                 // Iotanalytics.
+	KinesisServiceID                      = "kinesis"                      // Kinesis.
+	KinesisanalyticsServiceID             = "kinesisanalytics"             // Kinesisanalytics.
+	KinesisvideoServiceID                 = "kinesisvideo"                 // Kinesisvideo.
+	KmsServiceID                          = "kms"                          // Kms.
+	LambdaServiceID                       = "lambda"                       // Lambda.
+	LightsailServiceID                    = "lightsail"                    // Lightsail.
+	LogsServiceID                         = "logs"                         // Logs.
+	MachinelearningServiceID              = "machinelearning"              // Machinelearning.
+	MarketplacecommerceanalyticsServiceID = "marketplacecommerceanalytics" // Marketplacecommerceanalytics.
+	MediaconvertServiceID                 = "mediaconvert"                 // Mediaconvert.
+	MedialiveServiceID                    = "medialive"                    // Medialive.
+	MediapackageServiceID                 = "mediapackage"                 // Mediapackage.
+	MediastoreServiceID                   = "mediastore"                   // Mediastore.
+	MeteringMarketplaceServiceID          = "metering.marketplace"         // MeteringMarketplace.
+	MghServiceID                          = "mgh"                          // Mgh.
+	MobileanalyticsServiceID              = "mobileanalytics"              // Mobileanalytics.
+	ModelsLexServiceID                    = "models.lex"                   // ModelsLex.
+	MonitoringServiceID                   = "monitoring"                   // Monitoring.
+	MturkRequesterServiceID               = "mturk-requester"              // MturkRequester.
+	NeptuneServiceID                      = "neptune"                      // Neptune.
+	OpsworksServiceID                     = "opsworks"                     // Opsworks.
+	OpsworksCmServiceID                   = "opsworks-cm"                  // OpsworksCm.
+	OrganizationsServiceID                = "organizations"                // Organizations.
+	PinpointServiceID                     = "pinpoint"                     // Pinpoint.
+	PollyServiceID                        = "polly"                        // Polly.
+	RdsServiceID                          = "rds"                          // Rds.
+	RedshiftServiceID                     = "redshift"                     // Redshift.
+	RekognitionServiceID                  = "rekognition"                  // Rekognition.
+	ResourceGroupsServiceID               = "resource-groups"              // ResourceGroups.
+	Route53ServiceID                      = "route53"                      // Route53.
+	Route53domainsServiceID               = "route53domains"               // Route53domains.
+	RuntimeLexServiceID                   = "runtime.lex"                  // RuntimeLex.
+	RuntimeSagemakerServiceID             = "runtime.sagemaker"            // RuntimeSagemaker.
+	S3ServiceID                           = "s3"                           // S3.
+	S3ControlServiceID                    = "s3-control"                   // S3Control.
+	SagemakerServiceID                    = "api.sagemaker"                // Sagemaker.
+	SdbServiceID                          = "sdb"                          // Sdb.
+	SecretsmanagerServiceID               = "secretsmanager"               // Secretsmanager.
+	ServerlessrepoServiceID               = "serverlessrepo"               // Serverlessrepo.
+	ServicecatalogServiceID               = "servicecatalog"               // Servicecatalog.
+	ServicediscoveryServiceID             = "servicediscovery"             // Servicediscovery.
+	ShieldServiceID                       = "shield"                       // Shield.
+	SmsServiceID                          = "sms"                          // Sms.
+	SnowballServiceID                     = "snowball"                     // Snowball.
+	SnsServiceID                          = "sns"                          // Sns.
+	SqsServiceID                          = "sqs"                          // Sqs.
+	SsmServiceID                          = "ssm"                          // Ssm.
+	StatesServiceID                       = "states"                       // States.
+	StoragegatewayServiceID               = "storagegateway"               // Storagegateway.
+	StreamsDynamodbServiceID              = "streams.dynamodb"             // StreamsDynamodb.
+	StsServiceID                          = "sts"                          // Sts.
+	SupportServiceID                      = "support"                      // Support.
+	SwfServiceID                          = "swf"                          // Swf.
+	TaggingServiceID                      = "tagging"                      // Tagging.
+	TransferServiceID                     = "transfer"                     // Transfer.
+	TranslateServiceID                    = "translate"                    // Translate.
+	WafServiceID                          = "waf"                          // Waf.
+	WafRegionalServiceID                  = "waf-regional"                 // WafRegional.
+	WorkdocsServiceID                     = "workdocs"                     // Workdocs.
+	WorkmailServiceID                     = "workmail"                     // Workmail.
+	WorkspacesServiceID                   = "workspaces"                   // Workspaces.
+	XrayServiceID                         = "xray"                         // Xray.
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
index 9c3eedb48d5df..ca956e5f12aff 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
@@ -3,6 +3,7 @@ package endpoints
 import (
 	"fmt"
 	"regexp"
+	"strings"
 
 	"github.com/aws/aws-sdk-go/aws/awserr"
 )
@@ -35,7 +36,7 @@ type Options struct {
 	//
 	// If resolving an endpoint on the partition list the provided region will
 	// be used to determine which partition's domain name pattern to the service
-	// endpoint ID with. If both the service and region are unkonwn and resolving
+	// endpoint ID with. If both the service and region are unknown and resolving
 	// the endpoint on partition list an UnknownEndpointError error will be returned.
 	//
 	// If resolving and endpoint on a partition specific resolver that partition's
@@ -46,6 +47,108 @@ type Options struct {
 	//
 	// This option is ignored if StrictMatching is enabled.
 	ResolveUnknownService bool
+
+	// STS Regional Endpoint flag helps with resolving the STS endpoint
+	STSRegionalEndpoint STSRegionalEndpoint
+
+	// S3 Regional Endpoint flag helps with resolving the S3 endpoint
+	S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint
+}
+
+// STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint
+// options.
+type STSRegionalEndpoint int
+
+func (e STSRegionalEndpoint) String() string {
+	switch e {
+	case LegacySTSEndpoint:
+		return "legacy"
+	case RegionalSTSEndpoint:
+		return "regional"
+	case UnsetSTSEndpoint:
+		return ""
+	default:
+		return "unknown"
+	}
+}
+
+const (
+
+	// UnsetSTSEndpoint represents that STS Regional Endpoint flag is not specified.
+	UnsetSTSEndpoint STSRegionalEndpoint = iota
+
+	// LegacySTSEndpoint represents when STS Regional Endpoint flag is specified
+	// to use legacy endpoints.
+	LegacySTSEndpoint
+
+	// RegionalSTSEndpoint represents when STS Regional Endpoint flag is specified
+	// to use regional endpoints.
+	RegionalSTSEndpoint
+)
+
+// GetSTSRegionalEndpoint function returns the STSRegionalEndpointFlag based
+// on the input string provided in env config or shared config by the user.
+//
+// `legacy`, `regional` are the only case-insensitive valid strings for
+// resolving the STS regional Endpoint flag.
+func GetSTSRegionalEndpoint(s string) (STSRegionalEndpoint, error) {
+	switch {
+	case strings.EqualFold(s, "legacy"):
+		return LegacySTSEndpoint, nil
+	case strings.EqualFold(s, "regional"):
+		return RegionalSTSEndpoint, nil
+	default:
+		return UnsetSTSEndpoint, fmt.Errorf("unable to resolve the value of STSRegionalEndpoint for %v", s)
+	}
+}
+
+// S3UsEast1RegionalEndpoint is an enum for the states of the S3 us-east-1
+// Regional Endpoint options.
+type S3UsEast1RegionalEndpoint int
+
+func (e S3UsEast1RegionalEndpoint) String() string {
+	switch e {
+	case LegacyS3UsEast1Endpoint:
+		return "legacy"
+	case RegionalS3UsEast1Endpoint:
+		return "regional"
+	case UnsetS3UsEast1Endpoint:
+		return ""
+	default:
+		return "unknown"
+	}
+}
+
+const (
+
+	// UnsetS3UsEast1Endpoint represents that S3 Regional Endpoint flag is not
+	// specified.
+	UnsetS3UsEast1Endpoint S3UsEast1RegionalEndpoint = iota
+
+	// LegacyS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
+	// specified to use legacy endpoints.
+	LegacyS3UsEast1Endpoint
+
+	// RegionalS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
+	// specified to use regional endpoints.
+	RegionalS3UsEast1Endpoint
+)
+
+// GetS3UsEast1RegionalEndpoint function returns the S3UsEast1RegionalEndpointFlag based
+// on the input string provided in env config or shared config by the user.
+//
+// `legacy`, `regional` are the only case-insensitive valid strings for
+// resolving the S3 regional Endpoint flag.
+func GetS3UsEast1RegionalEndpoint(s string) (S3UsEast1RegionalEndpoint, error) {
+	switch {
+	case strings.EqualFold(s, "legacy"):
+		return LegacyS3UsEast1Endpoint, nil
+	case strings.EqualFold(s, "regional"):
+		return RegionalS3UsEast1Endpoint, nil
+	default:
+		return UnsetS3UsEast1Endpoint,
+			fmt.Errorf("unable to resolve the value of S3UsEast1RegionalEndpoint for %v", s)
+	}
 }
 
 // Set combines all of the option functions together.
@@ -79,6 +182,12 @@ func ResolveUnknownServiceOption(o *Options) {
 	o.ResolveUnknownService = true
 }
 
+// STSRegionalEndpointOption enables the STS endpoint resolver behavior to resolve
+// STS endpoint to their regional endpoint, instead of the global endpoint.
+func STSRegionalEndpointOption(o *Options) {
+	o.STSRegionalEndpoint = RegionalSTSEndpoint
+}
+
 // A Resolver provides the interface for functionality to resolve endpoints.
 // The build in Partition and DefaultResolver return value satisfy this interface.
 type Resolver interface {
@@ -170,10 +279,13 @@ func PartitionForRegion(ps []Partition, regionID string) (Partition, bool) {
 // A Partition provides the ability to enumerate the partition's regions
 // and services.
 type Partition struct {
-	id string
-	p  *partition
+	id, dnsSuffix string
+	p             *partition
 }
 
+// DNSSuffix returns the base domain name of the partition.
+func (p Partition) DNSSuffix() string { return p.dnsSuffix }
+
 // ID returns the identifier of the partition.
 func (p Partition) ID() string { return p.id }
 
@@ -191,7 +303,7 @@ func (p Partition) ID() string { return p.id }
 // require the provided service and region to be known by the partition.
 // If the endpoint cannot be strictly resolved an error will be returned. This
 // mode is useful to ensure the endpoint resolved is valid. Without
-// StrictMatching enabled the endpoint returned my look valid but may not work.
+// StrictMatching enabled the endpoint returned may look valid but may not work.
 // StrictMatching requires the SDK to be updated if you want to take advantage
 // of new regions and services expansions.
 //
@@ -205,11 +317,12 @@ func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (
 // Regions returns a map of Regions indexed by their ID. This is useful for
 // enumerating over the regions in a partition.
 func (p Partition) Regions() map[string]Region {
-	rs := map[string]Region{}
-	for id := range p.p.Regions {
+	rs := make(map[string]Region, len(p.p.Regions))
+	for id, r := range p.p.Regions {
 		rs[id] = Region{
-			id: id,
-			p:  p.p,
+			id:   id,
+			desc: r.Description,
+			p:    p.p,
 		}
 	}
 
@@ -219,7 +332,7 @@ func (p Partition) Regions() map[string]Region {
 // Services returns a map of Service indexed by their ID. This is useful for
 // enumerating over the services in a partition.
 func (p Partition) Services() map[string]Service {
-	ss := map[string]Service{}
+	ss := make(map[string]Service, len(p.p.Services))
 	for id := range p.p.Services {
 		ss[id] = Service{
 			id: id,
@@ -240,6 +353,10 @@ type Region struct {
 // ID returns the region's identifier.
 func (r Region) ID() string { return r.id }
 
+// Description returns the region's description. The region description
+// is free text, it can be empty, and it may change between SDK releases.
+func (r Region) Description() string { return r.desc }
+
 // ResolveEndpoint resolves an endpoint from the context of the region given
 // a service. See Partition.EndpointFor for usage and errors that can be returned.
 func (r Region) ResolveEndpoint(service string, opts ...func(*Options)) (ResolvedEndpoint, error) {
@@ -284,10 +401,11 @@ func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (Resolve
 func (s Service) Regions() map[string]Region {
 	rs := map[string]Region{}
 	for id := range s.p.Services[s.id].Endpoints {
-		if _, ok := s.p.Regions[id]; ok {
+		if r, ok := s.p.Regions[id]; ok {
 			rs[id] = Region{
-				id: id,
-				p:  s.p,
+				id:   id,
+				desc: r.Description,
+				p:    s.p,
 			}
 		}
 	}
@@ -301,7 +419,7 @@ func (s Service) Regions() map[string]Region {
 // A region is the AWS region the service exists in. Whereas a Endpoint is
 // an URL that can be resolved to a instance of a service.
 func (s Service) Endpoints() map[string]Endpoint {
-	es := map[string]Endpoint{}
+	es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints))
 	for id := range s.p.Services[s.id].Endpoints {
 		es[id] = Endpoint{
 			id:        id,
@@ -341,12 +459,19 @@ type ResolvedEndpoint struct {
 	// The endpoint URL
 	URL string
 
+	// The endpoint partition
+	PartitionID string
+
 	// The region that should be used for signing requests.
 	SigningRegion string
 
 	// The service name that should be used for signing requests.
 	SigningName string
 
+	// States that the signing name for this endpoint was derived from metadata
+	// passed in, but was not explicitly modeled.
+	SigningNameDerived bool
+
 	// The signing method that should be used for signing requests.
 	SigningMethod string
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
new file mode 100644
index 0000000000000..df75e899adbe8
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
@@ -0,0 +1,24 @@
+package endpoints
+
+var legacyGlobalRegions = map[string]map[string]struct{}{
+	"sts": {
+		"ap-northeast-1": {},
+		"ap-south-1":     {},
+		"ap-southeast-1": {},
+		"ap-southeast-2": {},
+		"ca-central-1":   {},
+		"eu-central-1":   {},
+		"eu-north-1":     {},
+		"eu-west-1":      {},
+		"eu-west-2":      {},
+		"eu-west-3":      {},
+		"sa-east-1":      {},
+		"us-east-1":      {},
+		"us-east-2":      {},
+		"us-west-1":      {},
+		"us-west-2":      {},
+	},
+	"s3": {
+		"us-east-1": {},
+	},
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
index 13d968a249e38..eb2ac83c99275 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
@@ -54,8 +54,9 @@ type partition struct {
 
 func (p partition) Partition() Partition {
 	return Partition{
-		id: p.ID,
-		p:  &p,
+		dnsSuffix: p.DNSSuffix,
+		id:        p.ID,
+		p:         &p,
 	}
 }
 
@@ -74,24 +75,56 @@ func (p partition) canResolveEndpoint(service, region string, strictMatch bool)
 	return p.RegionRegex.MatchString(region)
 }
 
+func allowLegacyEmptyRegion(service string) bool {
+	legacy := map[string]struct{}{
+		"budgets":       {},
+		"ce":            {},
+		"chime":         {},
+		"cloudfront":    {},
+		"ec2metadata":   {},
+		"iam":           {},
+		"importexport":  {},
+		"organizations": {},
+		"route53":       {},
+		"sts":           {},
+		"support":       {},
+		"waf":           {},
+	}
+
+	_, allowed := legacy[service]
+	return allowed
+}
+
 func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (resolved ResolvedEndpoint, err error) {
 	var opt Options
 	opt.Set(opts...)
 
 	s, hasService := p.Services[service]
-	if !(hasService || opt.ResolveUnknownService) {
+	if len(service) == 0 || !(hasService || opt.ResolveUnknownService) {
 		// Only return error if the resolver will not fallback to creating
 		// endpoint based on service endpoint ID passed in.
 		return resolved, NewUnknownServiceError(p.ID, service, serviceList(p.Services))
 	}
 
+	if len(region) == 0 && allowLegacyEmptyRegion(service) && len(s.PartitionEndpoint) != 0 {
+		region = s.PartitionEndpoint
+	}
+
+	if (service == "sts" && opt.STSRegionalEndpoint != RegionalSTSEndpoint) ||
+		(service == "s3" && opt.S3UsEast1RegionalEndpoint != RegionalS3UsEast1Endpoint) {
+		if _, ok := legacyGlobalRegions[service][region]; ok {
+			region = "aws-global"
+		}
+	}
+
 	e, hasEndpoint := s.endpointForRegion(region)
-	if !hasEndpoint && opt.StrictMatching {
+	if len(region) == 0 || (!hasEndpoint && opt.StrictMatching) {
 		return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(s.Endpoints))
 	}
 
 	defs := []endpoint{p.Defaults, s.Defaults}
-	return e.resolve(service, region, p.DNSSuffix, defs, opt), nil
+
+	return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt), nil
 }
 
 func serviceList(ss services) []string {
@@ -200,7 +233,7 @@ func getByPriority(s []string, p []string, def string) string {
 	return s[0]
 }
 
-func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, opts Options) ResolvedEndpoint {
+func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs []endpoint, opts Options) ResolvedEndpoint {
 	var merged endpoint
 	for _, def := range defs {
 		merged.mergeIn(def)
@@ -208,11 +241,23 @@ func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, op
 	merged.mergeIn(e)
 	e = merged
 
-	hostname := e.Hostname
+	signingRegion := e.CredentialScope.Region
+	if len(signingRegion) == 0 {
+		signingRegion = region
+	}
+
+	signingName := e.CredentialScope.Service
+	var signingNameDerived bool
+	if len(signingName) == 0 {
+		signingName = service
+		signingNameDerived = true
+	}
 
+	hostname := e.Hostname
 	// Offset the hostname for dualstack if enabled
 	if opts.UseDualStack && e.HasDualStack == boxedTrue {
 		hostname = e.DualStackHostname
+		region = signingRegion
 	}
 
 	u := strings.Replace(hostname, "{service}", service, 1)
@@ -222,20 +267,13 @@ func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, op
 	scheme := getEndpointScheme(e.Protocols, opts.DisableSSL)
 	u = fmt.Sprintf("%s://%s", scheme, u)
 
-	signingRegion := e.CredentialScope.Region
-	if len(signingRegion) == 0 {
-		signingRegion = region
-	}
-	signingName := e.CredentialScope.Service
-	if len(signingName) == 0 {
-		signingName = service
-	}
-
 	return ResolvedEndpoint{
-		URL:           u,
-		SigningRegion: signingRegion,
-		SigningName:   signingName,
-		SigningMethod: getByPriority(e.SignatureVersions, signerPriority, defaultSigner),
+		URL:                u,
+		PartitionID:        partitionID,
+		SigningRegion:      signingRegion,
+		SigningName:        signingName,
+		SigningNameDerived: signingNameDerived,
+		SigningMethod:      getByPriority(e.SignatureVersions, signerPriority, defaultSigner),
 	}
 }
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
index 05e92df22af22..0fdfcc56e05d1 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
@@ -16,6 +16,10 @@ import (
 type CodeGenOptions struct {
 	// Options for how the model will be decoded.
 	DecodeModelOptions DecodeModelOptions
+
+	// Disables code generation of the service endpoint prefix IDs defined in
+	// the model.
+	DisableGenerateServiceIDs bool
 }
 
 // Set combines all of the option functions together
@@ -39,8 +43,16 @@ func CodeGenModel(modelFile io.Reader, outFile io.Writer, optFns ...func(*CodeGe
 		return err
 	}
 
+	v := struct {
+		Resolver
+		CodeGenOptions
+	}{
+		Resolver:       resolver,
+		CodeGenOptions: opts,
+	}
+
 	tmpl := template.Must(template.New("tmpl").Funcs(funcMap).Parse(v3Tmpl))
-	if err := tmpl.ExecuteTemplate(outFile, "defaults", resolver); err != nil {
+	if err := tmpl.ExecuteTemplate(outFile, "defaults", v); err != nil {
 		return fmt.Errorf("failed to execute template, %v", err)
 	}
 
@@ -166,15 +178,17 @@ import (
 	"regexp"
 )
 
-	{{ template "partition consts" . }}
+	{{ template "partition consts" $.Resolver }}
 
-	{{ range $_, $partition := . }}
+	{{ range $_, $partition := $.Resolver }}
 		{{ template "partition region consts" $partition }}
 	{{ end }}
 
-	{{ template "service consts" . }}
+	{{ if not $.DisableGenerateServiceIDs -}}
+	{{ template "service consts" $.Resolver }}
+	{{- end }}
 	
-	{{ template "endpoint resolvers" . }}
+	{{ template "endpoint resolvers" $.Resolver }}
 {{- end }}
 
 {{ define "partition consts" }}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/errors.go b/vendor/github.com/aws/aws-sdk-go/aws/errors.go
index 57663616868fc..fa06f7a8f8b80 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/errors.go
@@ -5,13 +5,9 @@ import "github.com/aws/aws-sdk-go/aws/awserr"
 var (
 	// ErrMissingRegion is an error that is returned if region configuration is
 	// not found.
-	//
-	// @readonly
 	ErrMissingRegion = awserr.New("MissingRegion", "could not find region configuration", nil)
 
 	// ErrMissingEndpoint is an error that is returned if an endpoint cannot be
 	// resolved for a service.
-	//
-	// @readonly
 	ErrMissingEndpoint = awserr.New("MissingEndpoint", "'Endpoint' configuration is required for this service", nil)
 )
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/logger.go
index 3babb5abdb69e..6ed15b2ecc26d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/logger.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/logger.go
@@ -71,6 +71,12 @@ const (
 	// LogDebugWithRequestErrors states the SDK should log when service requests fail
 	// to build, send, validate, or unmarshal.
 	LogDebugWithRequestErrors
+
+	// LogDebugWithEventStreamBody states the SDK should log EventStream
+	// request and response bodys. This should be used to log the EventStream
+	// wire unmarshaled message content of requests and responses made while
+	// using the SDK Will also enable LogDebug.
+	LogDebugWithEventStreamBody
 )
 
 // A Logger is a minimalistic interface for the SDK to log messages to. Should
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
index 271da432ce177..d9b37f4d32ad0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
@@ -1,18 +1,17 @@
-// +build !appengine,!plan9
-
 package request
 
 import (
-	"net"
-	"os"
-	"syscall"
+	"strings"
 )
 
 func isErrConnectionReset(err error) bool {
-	if opErr, ok := err.(*net.OpError); ok {
-		if sysErr, ok := opErr.Err.(*os.SyscallError); ok {
-			return sysErr.Err == syscall.ECONNRESET
-		}
+	if strings.Contains(err.Error(), "read: connection reset") {
+		return false
+	}
+
+	if strings.Contains(err.Error(), "connection reset") ||
+		strings.Contains(err.Error(), "broken pipe") {
+		return true
 	}
 
 	return false
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go
deleted file mode 100644
index daf9eca437347..0000000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build appengine plan9
-
-package request
-
-import (
-	"strings"
-)
-
-func isErrConnectionReset(err error) bool {
-	return strings.Contains(err.Error(), "connection reset")
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
index 802ac88ad5cd6..e819ab6c0e875 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
@@ -10,49 +10,106 @@ import (
 type Handlers struct {
 	Validate         HandlerList
 	Build            HandlerList
+	BuildStream      HandlerList
 	Sign             HandlerList
 	Send             HandlerList
 	ValidateResponse HandlerList
 	Unmarshal        HandlerList
+	UnmarshalStream  HandlerList
 	UnmarshalMeta    HandlerList
 	UnmarshalError   HandlerList
 	Retry            HandlerList
 	AfterRetry       HandlerList
+	CompleteAttempt  HandlerList
 	Complete         HandlerList
 }
 
-// Copy returns of this handler's lists.
+// Copy returns a copy of this handler's lists.
 func (h *Handlers) Copy() Handlers {
 	return Handlers{
 		Validate:         h.Validate.copy(),
 		Build:            h.Build.copy(),
+		BuildStream:      h.BuildStream.copy(),
 		Sign:             h.Sign.copy(),
 		Send:             h.Send.copy(),
 		ValidateResponse: h.ValidateResponse.copy(),
 		Unmarshal:        h.Unmarshal.copy(),
+		UnmarshalStream:  h.UnmarshalStream.copy(),
 		UnmarshalError:   h.UnmarshalError.copy(),
 		UnmarshalMeta:    h.UnmarshalMeta.copy(),
 		Retry:            h.Retry.copy(),
 		AfterRetry:       h.AfterRetry.copy(),
+		CompleteAttempt:  h.CompleteAttempt.copy(),
 		Complete:         h.Complete.copy(),
 	}
 }
 
-// Clear removes callback functions for all handlers
+// Clear removes callback functions for all handlers.
 func (h *Handlers) Clear() {
 	h.Validate.Clear()
 	h.Build.Clear()
+	h.BuildStream.Clear()
 	h.Send.Clear()
 	h.Sign.Clear()
 	h.Unmarshal.Clear()
+	h.UnmarshalStream.Clear()
 	h.UnmarshalMeta.Clear()
 	h.UnmarshalError.Clear()
 	h.ValidateResponse.Clear()
 	h.Retry.Clear()
 	h.AfterRetry.Clear()
+	h.CompleteAttempt.Clear()
 	h.Complete.Clear()
 }
 
+// IsEmpty returns if there are no handlers in any of the handlerlists.
+func (h *Handlers) IsEmpty() bool {
+	if h.Validate.Len() != 0 {
+		return false
+	}
+	if h.Build.Len() != 0 {
+		return false
+	}
+	if h.BuildStream.Len() != 0 {
+		return false
+	}
+	if h.Send.Len() != 0 {
+		return false
+	}
+	if h.Sign.Len() != 0 {
+		return false
+	}
+	if h.Unmarshal.Len() != 0 {
+		return false
+	}
+	if h.UnmarshalStream.Len() != 0 {
+		return false
+	}
+	if h.UnmarshalMeta.Len() != 0 {
+		return false
+	}
+	if h.UnmarshalError.Len() != 0 {
+		return false
+	}
+	if h.ValidateResponse.Len() != 0 {
+		return false
+	}
+	if h.Retry.Len() != 0 {
+		return false
+	}
+	if h.AfterRetry.Len() != 0 {
+		return false
+	}
+	if h.CompleteAttempt.Len() != 0 {
+		return false
+	}
+	if h.Complete.Len() != 0 {
+		return false
+	}
+
+	return true
+}
+
 // A HandlerListRunItem represents an entry in the HandlerList which
 // is being run.
 type HandlerListRunItem struct {
@@ -172,6 +229,21 @@ func (l *HandlerList) SwapNamed(n NamedHandler) (swapped bool) {
 	return swapped
 }
 
+// Swap will swap out all handlers matching the name passed in. The matched
+// handlers will be swapped in. True is returned if the handlers were swapped.
+func (l *HandlerList) Swap(name string, replace NamedHandler) bool {
+	var swapped bool
+
+	for i := 0; i < len(l.list); i++ {
+		if l.list[i].Name == name {
+			l.list[i] = replace
+			swapped = true
+		}
+	}
+
+	return swapped
+}
+
 // SetBackNamed will replace the named handler if it exists in the handler list.
 // If the handler does not exist the handler will be added to the end of the list.
 func (l *HandlerList) SetBackNamed(n NamedHandler) {
@@ -254,3 +326,18 @@ func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) {
 		AddToUserAgent(r, s)
 	}
 }
+
+// WithSetRequestHeaders updates the operation request's HTTP header to contain
+// the header key value pairs provided. If the header key already exists in the
+// request's HTTP header set, the existing value(s) will be replaced.
+func WithSetRequestHeaders(h map[string]string) Option {
+	return withRequestHeader(h).SetRequestHeaders
+}
+
+type withRequestHeader map[string]string
+
+func (h withRequestHeader) SetRequestHeaders(r *Request) {
+	for k, v := range h {
+		r.HTTPRequest.Header[k] = []string{v}
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
index 02f07f4a462f7..9370fa50c3827 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
@@ -3,6 +3,8 @@ package request
 import (
 	"io"
 	"sync"
+
+	"github.com/aws/aws-sdk-go/internal/sdkio"
 )
 
 // offsetReader is a thread-safe io.ReadCloser to prevent racing
@@ -13,12 +15,15 @@ type offsetReader struct {
 	closed bool
 }
 
-func newOffsetReader(buf io.ReadSeeker, offset int64) *offsetReader {
+func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) {
 	reader := &offsetReader{}
-	buf.Seek(offset, 0)
+	_, err := buf.Seek(offset, sdkio.SeekStart)
+	if err != nil {
+		return nil, err
+	}
 
 	reader.buf = buf
-	return reader
+	return reader, nil
 }
 
 // Close will close the instance of the offset reader's access to
@@ -52,7 +57,9 @@ func (o *offsetReader) Seek(offset int64, whence int) (int64, error) {
 
 // CloseAndCopy will return a new offsetReader with a copy of the old buffer
 // and close the old buffer.
-func (o *offsetReader) CloseAndCopy(offset int64) *offsetReader {
-	o.Close()
+func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) {
+	if err := o.Close(); err != nil {
+		return nil, err
+	}
 	return newOffsetReader(o.buf, offset)
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
index 5c7db4982c969..5050db4e3d1e6 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"net"
 	"net/http"
 	"net/url"
 	"reflect"
@@ -14,6 +13,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
 )
 
 const (
@@ -36,6 +36,10 @@ const (
 	// API request that was canceled. Requests given a aws.Context may
 	// return this error when canceled.
 	CanceledErrorCode = "RequestCanceled"
+
+	// ErrCodeRequestError is an error preventing the SDK from continuing to
+	// process the request.
+	ErrCodeRequestError = "RequestError"
 )
 
 // A Request is the service request to be made.
@@ -45,11 +49,13 @@ type Request struct {
 	Handlers   Handlers
 
 	Retryer
+	AttemptTime            time.Time
 	Time                   time.Time
 	Operation              *Operation
 	HTTPRequest            *http.Request
 	HTTPResponse           *http.Response
 	Body                   io.ReadSeeker
+	streamingBody          io.ReadCloser
 	BodyStart              int64 // offset from beginning of Body that the request body starts
 	Params                 interface{}
 	Error                  error
@@ -63,6 +69,15 @@ type Request struct {
 	LastSignedAt           time.Time
 	DisableFollowRedirects bool
 
+	// Additional API error codes that should be retried. IsErrorRetryable
+	// will consider these codes in addition to its built in cases.
+	RetryErrorCodes []string
+
+	// Additional API error codes that should be retried with throttle backoff
+	// delay. IsErrorThrottle will consider these codes in addition to its
+	// built in cases.
+	ThrottleErrorCodes []string
+
 	// A value greater than 0 instructs the request to be signed as Presigned URL
 	// You should not set this field directly. Instead use Request's
 	// Presign or PresignRequest methods.
@@ -89,8 +104,12 @@ type Operation struct {
 	BeforePresignFn func(r *Request) error
 }
 
-// New returns a new Request pointer for the service API
-// operation and parameters.
+// New returns a new Request pointer for the service API operation and
+// parameters.
+//
+// A Retryer should be provided to direct how the request is retried. If
+// Retryer is nil, a default no retry value will be used. You can use
+// NoOpRetryer in the Client package to disable retry behavior directly.
 //
 // Params is any value of input parameters to be the request payload.
 // Data is pointer value to an object which the request's response
@@ -98,6 +117,10 @@ type Operation struct {
 func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
 	retryer Retryer, operation *Operation, params interface{}, data interface{}) *Request {
 
+	if retryer == nil {
+		retryer = noOpRetryer{}
+	}
+
 	method := operation.HTTPMethod
 	if method == "" {
 		method = "POST"
@@ -112,8 +135,6 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
 		err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err)
 	}
 
-	SanitizeHostForHeader(httpReq)
-
 	r := &Request{
 		Config:     cfg,
 		ClientInfo: clientInfo,
@@ -224,9 +245,16 @@ func (r *Request) SetContext(ctx aws.Context) {
 
 // WillRetry returns if the request's can be retried.
 func (r *Request) WillRetry() bool {
+	if !aws.IsReaderSeekable(r.Body) && r.HTTPRequest.Body != NoBody {
+		return false
+	}
 	return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries()
 }
 
+func fmtAttemptCount(retryCount, maxRetries int) string {
+	return fmt.Sprintf("attempt %v/%v", retryCount, maxRetries)
+}
+
 // ParamsFilled returns if the request's parameters have been populated
 // and the parameters are valid. False is returned if no parameters are
 // provided or invalid.
@@ -255,11 +283,32 @@ func (r *Request) SetStringBody(s string) {
 // SetReaderBody will set the request's body reader.
 func (r *Request) SetReaderBody(reader io.ReadSeeker) {
 	r.Body = reader
+
+	if aws.IsReaderSeekable(reader) {
+		var err error
+		// Get the Bodies current offset so retries will start from the same
+		// initial position.
+		r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent)
+		if err != nil {
+			r.Error = awserr.New(ErrCodeSerialization,
+				"failed to determine start of request body", err)
+			return
+		}
+	}
 	r.ResetBody()
 }
 
+// SetStreamingBody set the reader to be used for the request that will stream
+// bytes to the server. Request's Body must not be set to any reader.
+func (r *Request) SetStreamingBody(reader io.ReadCloser) {
+	r.streamingBody = reader
+	r.SetReaderBody(aws.ReadSeekCloser(reader))
+}
+
 // Presign returns the request's signed URL. Error will be returned
-// if the signing fails.
+// if the signing fails. The expire parameter is only used for presigned Amazon
+// S3 API requests. All other AWS services will use a fixed expiration
+// time of 15 minutes.
 //
 // It is invalid to create a presigned URL with a expire duration 0 or less. An
 // error is returned if expire duration is 0 or less.
@@ -276,7 +325,9 @@ func (r *Request) Presign(expire time.Duration) (string, error) {
 }
 
 // PresignRequest behaves just like presign, with the addition of returning a
-// set of headers that were signed.
+// set of headers that were signed. The expire parameter is only used for
+// presigned Amazon S3 API requests. All other AWS services will use a fixed
+// expiration time of 15 minutes.
 //
 // It is invalid to create a presigned URL with a expire duration 0 or less. An
 // error is returned if expire duration is 0 or less.
@@ -292,6 +343,11 @@ func (r *Request) PresignRequest(expire time.Duration) (string, http.Header, err
 	return getPresignedURL(r, expire)
 }
 
+// IsPresigned returns true if the request represents a presigned API url.
+func (r *Request) IsPresigned() bool {
+	return r.ExpireTime != 0
+}
+
 func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, error) {
 	if expire <= 0 {
 		return "", nil, awserr.New(
@@ -316,23 +372,22 @@ func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, err
 	return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil
 }
 
-func debugLogReqError(r *Request, stage string, retrying bool, err error) {
+const (
+	notRetrying = "not retrying"
+)
+
+func debugLogReqError(r *Request, stage, retryStr string, err error) {
 	if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) {
 		return
 	}
 
-	retryStr := "not retrying"
-	if retrying {
-		retryStr = "will retry"
-	}
-
 	r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v",
 		stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err))
 }
 
 // Build will build the request's object so it can be signed and sent
 // to the service. Build will also validate all the request's parameters.
-// Anny additional build Handlers set on this request will be run
+// Any additional build Handlers set on this request will be run
 // in the order they were set.
 //
 // The request will only be built once. Multiple calls to build will have
@@ -344,12 +399,12 @@ func (r *Request) Build() error {
 	if !r.built {
 		r.Handlers.Validate.Run(r)
 		if r.Error != nil {
-			debugLogReqError(r, "Validate Request", false, r.Error)
+			debugLogReqError(r, "Validate Request", notRetrying, r.Error)
 			return r.Error
 		}
 		r.Handlers.Build.Run(r)
 		if r.Error != nil {
-			debugLogReqError(r, "Build Request", false, r.Error)
+			debugLogReqError(r, "Build Request", notRetrying, r.Error)
 			return r.Error
 		}
 		r.built = true
@@ -358,27 +413,37 @@ func (r *Request) Build() error {
 	return r.Error
 }
 
-// Sign will sign the request returning error if errors are encountered.
+// Sign will sign the request, returning error if errors are encountered.
 //
-// Send will build the request prior to signing. All Sign Handlers will
+// Sign will build the request prior to signing. All Sign Handlers will
 // be executed in the order they were set.
 func (r *Request) Sign() error {
 	r.Build()
 	if r.Error != nil {
-		debugLogReqError(r, "Build Request", false, r.Error)
+		debugLogReqError(r, "Build Request", notRetrying, r.Error)
 		return r.Error
 	}
 
+	SanitizeHostForHeader(r.HTTPRequest)
+
 	r.Handlers.Sign.Run(r)
 	return r.Error
 }
 
-func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
+func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) {
+	if r.streamingBody != nil {
+		return r.streamingBody, nil
+	}
+
 	if r.safeBody != nil {
 		r.safeBody.Close()
 	}
 
-	r.safeBody = newOffsetReader(r.Body, r.BodyStart)
+	r.safeBody, err = newOffsetReader(r.Body, r.BodyStart)
+	if err != nil {
+		return nil, awserr.New(ErrCodeSerialization,
+			"failed to get next request body reader", err)
+	}
 
 	// Go 1.8 tightened and clarified the rules code needs to use when building
 	// requests with the http package. Go 1.8 removed the automatic detection
@@ -393,12 +458,12 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
 	// of the SDK if they used that field.
 	//
 	// Related golang/go#18257
-	l, err := computeBodyLength(r.Body)
+	l, err := aws.SeekerLen(r.Body)
 	if err != nil {
-		return nil, awserr.New(ErrCodeSerialization, "failed to compute request body size", err)
+		return nil, awserr.New(ErrCodeSerialization,
+			"failed to compute request body size", err)
 	}
 
-	var body io.ReadCloser
 	if l == 0 {
 		body = NoBody
 	} else if l > 0 {
@@ -411,7 +476,8 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
 		// Transfer-Encoding: chunked bodies for these methods.
 		//
 		// This would only happen if a aws.ReaderSeekerCloser was used with
-		// a io.Reader that was not also an io.Seeker.
+		// a io.Reader that was not also an io.Seeker, or did not implement
+		// Len() method.
 		switch r.Operation.HTTPMethod {
 		case "GET", "HEAD", "DELETE":
 			body = NoBody
@@ -423,49 +489,13 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
 	return body, nil
 }
 
-// Attempts to compute the length of the body of the reader using the
-// io.Seeker interface. If the value is not seekable because of being
-// a ReaderSeekerCloser without an unerlying Seeker -1 will be returned.
-// If no error occurs the length of the body will be returned.
-func computeBodyLength(r io.ReadSeeker) (int64, error) {
-	seekable := true
-	// Determine if the seeker is actually seekable. ReaderSeekerCloser
-	// hides the fact that a io.Readers might not actually be seekable.
-	switch v := r.(type) {
-	case aws.ReaderSeekerCloser:
-		seekable = v.IsSeeker()
-	case *aws.ReaderSeekerCloser:
-		seekable = v.IsSeeker()
-	}
-	if !seekable {
-		return -1, nil
-	}
-
-	curOffset, err := r.Seek(0, 1)
-	if err != nil {
-		return 0, err
-	}
-
-	endOffset, err := r.Seek(0, 2)
-	if err != nil {
-		return 0, err
-	}
-
-	_, err = r.Seek(curOffset, 0)
-	if err != nil {
-		return 0, err
-	}
-
-	return endOffset - curOffset, nil
-}
-
 // GetBody will return an io.ReadSeeker of the Request's underlying
 // input body with a concurrency safe wrapper.
 func (r *Request) GetBody() io.ReadSeeker {
 	return r.safeBody
 }
 
-// Send will send the request returning error if errors are encountered.
+// Send will send the request, returning error if errors are encountered.
 //
 // Send will sign the request prior to sending. All Send Handlers will
 // be executed in the order they were set.
@@ -485,79 +515,90 @@ func (r *Request) Send() error {
 		r.Handlers.Complete.Run(r)
 	}()
 
+	if err := r.Error; err != nil {
+		return err
+	}
+
 	for {
-		if aws.BoolValue(r.Retryable) {
-			if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
-				r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
-					r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
-			}
-
-			// The previous http.Request will have a reference to the r.Body
-			// and the HTTP Client's Transport may still be reading from
-			// the request's body even though the Client's Do returned.
-			r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
-			r.ResetBody()
-
-			// Closing response body to ensure that no response body is leaked
-			// between retry attempts.
-			if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
-				r.HTTPResponse.Body.Close()
-			}
-		}
+		r.Error = nil
+		r.AttemptTime = time.Now()
 
-		r.Sign()
-		if r.Error != nil {
-			return r.Error
+		if err := r.Sign(); err != nil {
+			debugLogReqError(r, "Sign Request", notRetrying, err)
+			return err
 		}
 
-		r.Retryable = nil
-
-		r.Handlers.Send.Run(r)
-		if r.Error != nil {
-			if !shouldRetryCancel(r) {
-				return r.Error
-			}
-
-			err := r.Error
-			r.Handlers.Retry.Run(r)
-			r.Handlers.AfterRetry.Run(r)
-			if r.Error != nil {
-				debugLogReqError(r, "Send Request", false, err)
-				return r.Error
-			}
-			debugLogReqError(r, "Send Request", true, err)
-			continue
+		if err := r.sendRequest(); err == nil {
+			return nil
 		}
-		r.Handlers.UnmarshalMeta.Run(r)
-		r.Handlers.ValidateResponse.Run(r)
-		if r.Error != nil {
-			r.Handlers.UnmarshalError.Run(r)
-			err := r.Error
-
-			r.Handlers.Retry.Run(r)
-			r.Handlers.AfterRetry.Run(r)
-			if r.Error != nil {
-				debugLogReqError(r, "Validate Response", false, err)
-				return r.Error
-			}
-			debugLogReqError(r, "Validate Response", true, err)
-			continue
+		r.Handlers.Retry.Run(r)
+		r.Handlers.AfterRetry.Run(r)
+
+		if r.Error != nil || !aws.BoolValue(r.Retryable) {
+			return r.Error
 		}
 
-		r.Handlers.Unmarshal.Run(r)
-		if r.Error != nil {
-			err := r.Error
-			r.Handlers.Retry.Run(r)
-			r.Handlers.AfterRetry.Run(r)
-			if r.Error != nil {
-				debugLogReqError(r, "Unmarshal Response", false, err)
-				return r.Error
-			}
-			debugLogReqError(r, "Unmarshal Response", true, err)
-			continue
+		if err := r.prepareRetry(); err != nil {
+			r.Error = err
+			return err
 		}
+	}
+}
+
+func (r *Request) prepareRetry() error {
+	if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
+		r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
+			r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
+	}
+
+	// The previous http.Request will have a reference to the r.Body
+	// and the HTTP Client's Transport may still be reading from
+	// the request's body even though the Client's Do returned.
+	r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
+	r.ResetBody()
+	if err := r.Error; err != nil {
+		return awserr.New(ErrCodeSerialization,
+			"failed to prepare body for retry", err)
 
-		break
+	}
+
+	// Closing response body to ensure that no response body is leaked
+	// between retry attempts.
+	if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
+		r.HTTPResponse.Body.Close()
+	}
+
+	return nil
+}
+
+func (r *Request) sendRequest() (sendErr error) {
+	defer r.Handlers.CompleteAttempt.Run(r)
+
+	r.Retryable = nil
+	r.Handlers.Send.Run(r)
+	if r.Error != nil {
+		debugLogReqError(r, "Send Request",
+			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+			r.Error)
+		return r.Error
+	}
+
+	r.Handlers.UnmarshalMeta.Run(r)
+	r.Handlers.ValidateResponse.Run(r)
+	if r.Error != nil {
+		r.Handlers.UnmarshalError.Run(r)
+		debugLogReqError(r, "Validate Response",
+			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+			r.Error)
+		return r.Error
+	}
+
+	r.Handlers.Unmarshal.Run(r)
+	if r.Error != nil {
+		debugLogReqError(r, "Unmarshal Response",
+			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+			r.Error)
+		return r.Error
 	}
 
 	return nil
@@ -583,32 +624,6 @@ func AddToUserAgent(r *Request, s string) {
 	r.HTTPRequest.Header.Set("User-Agent", s)
 }
 
-func shouldRetryCancel(r *Request) bool {
-	awsErr, ok := r.Error.(awserr.Error)
-	timeoutErr := false
-	errStr := r.Error.Error()
-	if ok {
-		if awsErr.Code() == CanceledErrorCode {
-			return false
-		}
-		err := awsErr.OrigErr()
-		netErr, netOK := err.(net.Error)
-		timeoutErr = netOK && netErr.Temporary()
-		if urlErr, ok := err.(*url.Error); !timeoutErr && ok {
-			errStr = urlErr.Err.Error()
-		}
-	}
-
-	// There can be two types of canceled errors here.
-	// The first being a net.Error and the other being an error.
-	// If the request was timed out, we want to continue the retry
-	// process. Otherwise, return the canceled error.
-	return timeoutErr ||
-		(errStr != "net/http: request canceled" &&
-			errStr != "net/http: request canceled while waiting for connection")
-
-}
-
 // SanitizeHostForHeader removes default port from host and updates request.Host
 func SanitizeHostForHeader(r *http.Request) {
 	host := getHost(r)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
index 869b97a1a0fa7..e36e468b7c61d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
@@ -21,7 +21,7 @@ func (noBody) WriteTo(io.Writer) (int64, error) { return 0, nil }
 var NoBody = noBody{}
 
 // ResetBody rewinds the request body back to its starting position, and
-// set's the HTTP Request body reference. When the body is read prior
+// sets the HTTP Request body reference. When the body is read prior
 // to being sent in the HTTP request it will need to be rewound.
 //
 // ResetBody will automatically be called by the SDK's build handler, but if
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
index c32fc69bc56fe..de1292f45a23d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
@@ -4,6 +4,8 @@ package request
 
 import (
 	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
 )
 
 // NoBody is a http.NoBody reader instructing Go HTTP client to not include
@@ -11,7 +13,7 @@ import (
 var NoBody = http.NoBody
 
 // ResetBody rewinds the request body back to its starting position, and
-// set's the HTTP Request body reference. When the body is read prior
+// sets the HTTP Request body reference. When the body is read prior
 // to being sent in the HTTP request it will need to be rewound.
 //
 // ResetBody will automatically be called by the SDK's build handler, but if
@@ -24,7 +26,8 @@ var NoBody = http.NoBody
 func (r *Request) ResetBody() {
 	body, err := r.getNextRequestBody()
 	if err != nil {
-		r.Error = err
+		r.Error = awserr.New(ErrCodeSerialization,
+			"failed to reset request body", err)
 		return
 	}
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
index 59de6736b6119..64784e16f3dec 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
@@ -17,11 +17,13 @@ import (
 // does the pagination between API operations, and Paginator defines the
 // configuration that will be used per page request.
 //
-//     cont := true
-//     for p.Next() && cont {
+//     for p.Next() {
 //         data := p.Page().(*s3.ListObjectsOutput)
 //         // process the page's data
+//         // ...
+//         // break out of loop to stop fetching additional pages
 //     }
+//
 //     return p.Err()
 //
 // See service client API operation Pages methods for examples how the SDK will
@@ -35,8 +37,12 @@ type Pagination struct {
 	// NewRequest should always be built from the same API operations. It is
 	// undefined if different API operations are returned on subsequent calls.
 	NewRequest func() (*Request, error)
+	// EndPageOnSameToken, when enabled, will allow the paginator to stop on
+	// token that are the same as its previous tokens.
+	EndPageOnSameToken bool
 
 	started    bool
+	prevTokens []interface{}
 	nextTokens []interface{}
 
 	err     error
@@ -49,7 +55,15 @@ type Pagination struct {
 //
 // Will always return true if Next has not been called yet.
 func (p *Pagination) HasNextPage() bool {
-	return !(p.started && len(p.nextTokens) == 0)
+	if !p.started {
+		return true
+	}
+
+	hasNextPage := len(p.nextTokens) != 0
+	if p.EndPageOnSameToken {
+		return hasNextPage && !awsutil.DeepEqual(p.nextTokens, p.prevTokens)
+	}
+	return hasNextPage
 }
 
 // Err returns the error Pagination encountered when retrieving the next page.
@@ -96,6 +110,7 @@ func (p *Pagination) Next() bool {
 		return false
 	}
 
+	p.prevTokens = p.nextTokens
 	p.nextTokens = req.nextPageTokens()
 	p.curPage = req.Data
 
@@ -133,7 +148,7 @@ func (r *Request) nextPageTokens() []interface{} {
 				return nil
 			}
 		case bool:
-			if v == false {
+			if !v {
 				return nil
 			}
 		}
@@ -142,13 +157,28 @@ func (r *Request) nextPageTokens() []interface{} {
 	tokens := []interface{}{}
 	tokenAdded := false
 	for _, outToken := range r.Operation.OutputTokens {
-		v, _ := awsutil.ValuesAtPath(r.Data, outToken)
-		if len(v) > 0 {
-			tokens = append(tokens, v[0])
-			tokenAdded = true
-		} else {
+		vs, _ := awsutil.ValuesAtPath(r.Data, outToken)
+		if len(vs) == 0 {
 			tokens = append(tokens, nil)
+			continue
 		}
+		v := vs[0]
+
+		switch tv := v.(type) {
+		case *string:
+			if len(aws.StringValue(tv)) == 0 {
+				tokens = append(tokens, nil)
+				continue
+			}
+		case string:
+			if len(tv) == 0 {
+				tokens = append(tokens, nil)
+				continue
+			}
+		}
+
+		tokenAdded = true
+		tokens = append(tokens, v)
 	}
 	if !tokenAdded {
 		return nil
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
index f35fef213ed96..752ae47f8459a 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
@@ -1,32 +1,81 @@
 package request
 
 import (
+	"net"
+	"net/url"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 )
 
-// Retryer is an interface to control retry logic for a given service.
-// The default implementation used by most services is the client.DefaultRetryer
-// structure, which contains basic retry logic using exponential backoff.
+// Retryer provides the interface drive the SDK's request retry behavior. The
+// Retryer implementation is responsible for implementing exponential backoff,
+// and determine if a request API error should be retried.
+//
+// client.DefaultRetryer is the SDK's default implementation of the Retryer. It
+// uses the which uses the Request.IsErrorRetryable and Request.IsErrorThrottle
+// methods to determine if the request is retried.
 type Retryer interface {
+	// RetryRules return the retry delay that should be used by the SDK before
+	// making another request attempt for the failed request.
 	RetryRules(*Request) time.Duration
+
+	// ShouldRetry returns if the failed request is retryable.
+	//
+	// Implementations may consider request attempt count when determining if a
+	// request is retryable, but the SDK will use MaxRetries to limit the
+	// number of attempts a request are made.
 	ShouldRetry(*Request) bool
+
+	// MaxRetries is the number of times a request may be retried before
+	// failing.
 	MaxRetries() int
 }
 
-// WithRetryer sets a config Retryer value to the given Config returning it
-// for chaining.
+// WithRetryer sets a Retryer value to the given Config returning the Config
+// value for chaining. The value must not be nil.
 func WithRetryer(cfg *aws.Config, retryer Retryer) *aws.Config {
+	if retryer == nil {
+		if cfg.Logger != nil {
+			cfg.Logger.Log("ERROR: Request.WithRetryer called with nil retryer. Replacing with retry disabled Retryer.")
+		}
+		retryer = noOpRetryer{}
+	}
 	cfg.Retryer = retryer
 	return cfg
+
+}
+
+// noOpRetryer is a internal no op retryer used when a request is created
+// without a retryer.
+//
+// Provides a retryer that performs no retries.
+// It should be used when we do not want retries to be performed.
+type noOpRetryer struct{}
+
+// MaxRetries returns the number of maximum returns the service will use to make
+// an individual API; For NoOpRetryer the MaxRetries will always be zero.
+func (d noOpRetryer) MaxRetries() int {
+	return 0
+}
+
+// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
+func (d noOpRetryer) ShouldRetry(_ *Request) bool {
+	return false
+}
+
+// RetryRules returns the delay duration before retrying this request again;
+// since NoOpRetryer does not retry, RetryRules always returns 0.
+func (d noOpRetryer) RetryRules(_ *Request) time.Duration {
+	return 0
 }
 
 // retryableCodes is a collection of service response codes which are retry-able
 // without any further action.
 var retryableCodes = map[string]struct{}{
-	"RequestError":            {},
+	ErrCodeRequestError:       {},
 	"RequestTimeout":          {},
 	ErrCodeResponseTimeout:    {},
 	"RequestTimeoutException": {}, // Glacier's flavor of RequestTimeout
@@ -34,12 +83,16 @@ var retryableCodes = map[string]struct{}{
 
 var throttleCodes = map[string]struct{}{
 	"ProvisionedThroughputExceededException": {},
+	"ThrottledException":                     {}, // SNS, XRay, ResourceGroupsTagging API
 	"Throttling":                             {},
 	"ThrottlingException":                    {},
 	"RequestLimitExceeded":                   {},
 	"RequestThrottled":                       {},
+	"RequestThrottledException":              {},
 	"TooManyRequestsException":               {}, // Lambda functions
 	"PriorRequestNotComplete":                {}, // Route53
+	"TransactionInProgressException":         {},
+	"EC2ThrottledException":                  {}, // EC2
 }
 
 // credsExpiredCodes is a collection of error codes which signify the credentials
@@ -74,10 +127,6 @@ var validParentCodes = map[string]struct{}{
 	ErrCodeRead:          {},
 }
 
-type temporaryError interface {
-	Temporary() bool
-}
-
 func isNestedErrorRetryable(parentErr awserr.Error) bool {
 	if parentErr == nil {
 		return false
@@ -96,8 +145,8 @@ func isNestedErrorRetryable(parentErr awserr.Error) bool {
 		return isCodeRetryable(aerr.Code())
 	}
 
-	if t, ok := err.(temporaryError); ok {
-		return t.Temporary()
+	if t, ok := err.(temporary); ok {
+		return t.Temporary() || isErrConnectionReset(err)
 	}
 
 	return isErrConnectionReset(err)
@@ -106,32 +155,90 @@ func isNestedErrorRetryable(parentErr awserr.Error) bool {
 // IsErrorRetryable returns whether the error is retryable, based on its Code.
 // Returns false if error is nil.
 func IsErrorRetryable(err error) bool {
-	if err != nil {
-		if aerr, ok := err.(awserr.Error); ok {
-			return isCodeRetryable(aerr.Code()) || isNestedErrorRetryable(aerr)
+	if err == nil {
+		return false
+	}
+	return shouldRetryError(err)
+}
+
+type temporary interface {
+	Temporary() bool
+}
+
+func shouldRetryError(origErr error) bool {
+	switch err := origErr.(type) {
+	case awserr.Error:
+		if err.Code() == CanceledErrorCode {
+			return false
 		}
+		if isNestedErrorRetryable(err) {
+			return true
+		}
+
+		origErr := err.OrigErr()
+		var shouldRetry bool
+		if origErr != nil {
+			shouldRetry = shouldRetryError(origErr)
+			if err.Code() == ErrCodeRequestError && !shouldRetry {
+				return false
+			}
+		}
+		if isCodeRetryable(err.Code()) {
+			return true
+		}
+		return shouldRetry
+
+	case *url.Error:
+		if strings.Contains(err.Error(), "connection refused") {
+			// Refused connections should be retried as the service may not yet
+			// be running on the port. Go TCP dial considers refused
+			// connections as not temporary.
+			return true
+		}
+		// *url.Error only implements Temporary after golang 1.6 but since
+		// url.Error only wraps the error:
+		return shouldRetryError(err.Err)
+
+	case temporary:
+		if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" {
+			return true
+		}
+		// If the error is temporary, we want to allow continuation of the
+		// retry process
+		return err.Temporary() || isErrConnectionReset(origErr)
+
+	case nil:
+		// `awserr.Error.OrigErr()` can be nil, meaning there was an error but
+		// because we don't know the cause, it is marked as retryable. See
+		// TestRequest4xxUnretryable for an example.
+		return true
+
+	default:
+		switch err.Error() {
+		case "net/http: request canceled",
+			"net/http: request canceled while waiting for connection":
+			// known 1.5 error case when an http request is cancelled
+			return false
+		}
+		// here we don't know the error; so we allow a retry.
+		return true
 	}
-	return false
 }
 
 // IsErrorThrottle returns whether the error is to be throttled based on its code.
 // Returns false if error is nil.
 func IsErrorThrottle(err error) bool {
-	if err != nil {
-		if aerr, ok := err.(awserr.Error); ok {
-			return isCodeThrottle(aerr.Code())
-		}
+	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+		return isCodeThrottle(aerr.Code())
 	}
 	return false
 }
 
-// IsErrorExpiredCreds returns whether the error code is a credential expiry error.
-// Returns false if error is nil.
+// IsErrorExpiredCreds returns whether the error code is a credential expiry
+// error. Returns false if error is nil.
 func IsErrorExpiredCreds(err error) bool {
-	if err != nil {
-		if aerr, ok := err.(awserr.Error); ok {
-			return isCodeExpiredCreds(aerr.Code())
-		}
+	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+		return isCodeExpiredCreds(aerr.Code())
 	}
 	return false
 }
@@ -141,17 +248,58 @@ func IsErrorExpiredCreds(err error) bool {
 //
 // Alias for the utility function IsErrorRetryable
 func (r *Request) IsErrorRetryable() bool {
+	if isErrCode(r.Error, r.RetryErrorCodes) {
+		return true
+	}
+
+	// HTTP response status code 501 should not be retried.
+	// 501 represents Not Implemented which means the request method is not
+	// supported by the server and cannot be handled.
+	if r.HTTPResponse != nil {
+		// HTTP response status code 500 represents internal server error and
+		// should be retried without any throttle.
+		if r.HTTPResponse.StatusCode == 500 {
+			return true
+		}
+	}
 	return IsErrorRetryable(r.Error)
 }
 
-// IsErrorThrottle returns whether the error is to be throttled based on its code.
-// Returns false if the request has no Error set
+// IsErrorThrottle returns whether the error is to be throttled based on its
+// code. Returns false if the request has no Error set.
 //
 // Alias for the utility function IsErrorThrottle
 func (r *Request) IsErrorThrottle() bool {
+	if isErrCode(r.Error, r.ThrottleErrorCodes) {
+		return true
+	}
+
+	if r.HTTPResponse != nil {
+		switch r.HTTPResponse.StatusCode {
+		case
+			429, // error caused due to too many requests
+			502, // Bad Gateway error should be throttled
+			503, // caused when service is unavailable
+			504: // error occurred due to gateway timeout
+			return true
+		}
+	}
+
 	return IsErrorThrottle(r.Error)
 }
 
+func isErrCode(err error, codes []string) bool {
+	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+		for _, code := range codes {
+			if code == aerr.Code() {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
 // IsErrorExpired returns whether the error code is a credential expiry error.
 // Returns false if the request has no Error set.
 //
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go b/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
index 4012462282197..8630683f3174b 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
@@ -17,6 +17,12 @@ const (
 	ParamMinValueErrCode = "ParamMinValueError"
 	// ParamMinLenErrCode is the error code for fields without enough elements.
 	ParamMinLenErrCode = "ParamMinLenError"
+	// ParamMaxLenErrCode is the error code for value being too long.
+	ParamMaxLenErrCode = "ParamMaxLenError"
+
+	// ParamFormatErrCode is the error code for a field with invalid
+	// format or characters.
+	ParamFormatErrCode = "ParamFormatInvalidError"
 )
 
 // Validator provides a way for types to perform validation logic on their
@@ -232,3 +238,49 @@ func NewErrParamMinLen(field string, min int) *ErrParamMinLen {
 func (e *ErrParamMinLen) MinLen() int {
 	return e.min
 }
+
+// An ErrParamMaxLen represents a maximum length parameter error.
+type ErrParamMaxLen struct {
+	errInvalidParam
+	max int
+}
+
+// NewErrParamMaxLen creates a new maximum length parameter error.
+func NewErrParamMaxLen(field string, max int, value string) *ErrParamMaxLen {
+	return &ErrParamMaxLen{
+		errInvalidParam: errInvalidParam{
+			code:  ParamMaxLenErrCode,
+			field: field,
+			msg:   fmt.Sprintf("maximum size of %v, %v", max, value),
+		},
+		max: max,
+	}
+}
+
+// MaxLen returns the field's required minimum length.
+func (e *ErrParamMaxLen) MaxLen() int {
+	return e.max
+}
+
+// An ErrParamFormat represents a invalid format parameter error.
+type ErrParamFormat struct {
+	errInvalidParam
+	format string
+}
+
+// NewErrParamFormat creates a new invalid format parameter error.
+func NewErrParamFormat(field string, format, value string) *ErrParamFormat {
+	return &ErrParamFormat{
+		errInvalidParam: errInvalidParam{
+			code:  ParamFormatErrCode,
+			field: field,
+			msg:   fmt.Sprintf("format %v, %v", format, value),
+		},
+		format: format,
+	}
+}
+
+// Format returns the field's required format.
+func (e *ErrParamFormat) Format() string {
+	return e.format
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go
new file mode 100644
index 0000000000000..ea9ebb6f6a25d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go
@@ -0,0 +1,26 @@
+// +build go1.7
+
+package session
+
+import (
+	"net"
+	"net/http"
+	"time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCABundleTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go
new file mode 100644
index 0000000000000..fec39dfc1264e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go
@@ -0,0 +1,22 @@
+// +build !go1.6,go1.5
+
+package session
+
+import (
+	"net"
+	"net/http"
+	"time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCABundleTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go
new file mode 100644
index 0000000000000..1c5a5391e658b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go
@@ -0,0 +1,23 @@
+// +build !go1.7,go1.6
+
+package session
+
+import (
+	"net"
+	"net/http"
+	"time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCABundleTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
new file mode 100644
index 0000000000000..cc64e24f1d563
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
@@ -0,0 +1,259 @@
+package session
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/processcreds"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/aws/aws-sdk-go/aws/defaults"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
+)
+
+func resolveCredentials(cfg *aws.Config,
+	envCfg envConfig, sharedCfg sharedConfig,
+	handlers request.Handlers,
+	sessOpts Options,
+) (*credentials.Credentials, error) {
+
+	switch {
+	case len(sessOpts.Profile) != 0:
+		// User explicitly provided an Profile in the session's configuration
+		// so load that profile from shared config first.
+		// Github(aws/aws-sdk-go#2727)
+		return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
+
+	case envCfg.Creds.HasKeys():
+		// Environment credentials
+		return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil
+
+	case len(envCfg.WebIdentityTokenFilePath) != 0:
+		// Web identity token from environment, RoleARN required to also be
+		// set.
+		return assumeWebIdentity(cfg, handlers,
+			envCfg.WebIdentityTokenFilePath,
+			envCfg.RoleARN,
+			envCfg.RoleSessionName,
+		)
+
+	default:
+		// Fallback to the "default" credential resolution chain.
+		return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
+	}
+}
+
+// WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but
+// 'AWS_ROLE_ARN' was not set.
+var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil)
+
+// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_ROLE_ARN' was set but
+// 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set.
+var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil)
+
+func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
+	filepath string,
+	roleARN, sessionName string,
+) (*credentials.Credentials, error) {
+
+	if len(filepath) == 0 {
+		return nil, WebIdentityEmptyTokenFilePathErr
+	}
+
+	if len(roleARN) == 0 {
+		return nil, WebIdentityEmptyRoleARNErr
+	}
+
+	creds := stscreds.NewWebIdentityCredentials(
+		&Session{
+			Config:   cfg,
+			Handlers: handlers.Copy(),
+		},
+		roleARN,
+		sessionName,
+		filepath,
+	)
+
+	return creds, nil
+}
+
+func resolveCredsFromProfile(cfg *aws.Config,
+	envCfg envConfig, sharedCfg sharedConfig,
+	handlers request.Handlers,
+	sessOpts Options,
+) (creds *credentials.Credentials, err error) {
+
+	switch {
+	case sharedCfg.SourceProfile != nil:
+		// Assume IAM role with credentials source from a different profile.
+		creds, err = resolveCredsFromProfile(cfg, envCfg,
+			*sharedCfg.SourceProfile, handlers, sessOpts,
+		)
+
+	case sharedCfg.Creds.HasKeys():
+		// Static Credentials from Shared Config/Credentials file.
+		creds = credentials.NewStaticCredentialsFromCreds(
+			sharedCfg.Creds,
+		)
+
+	case len(sharedCfg.CredentialProcess) != 0:
+		// Get credentials from CredentialProcess
+		creds = processcreds.NewCredentials(sharedCfg.CredentialProcess)
+
+	case len(sharedCfg.CredentialSource) != 0:
+		creds, err = resolveCredsFromSource(cfg, envCfg,
+			sharedCfg, handlers, sessOpts,
+		)
+
+	case len(sharedCfg.WebIdentityTokenFile) != 0:
+		// Credentials from Assume Web Identity token require an IAM Role, and
+		// that roll will be assumed. May be wrapped with another assume role
+		// via SourceProfile.
+		return assumeWebIdentity(cfg, handlers,
+			sharedCfg.WebIdentityTokenFile,
+			sharedCfg.RoleARN,
+			sharedCfg.RoleSessionName,
+		)
+
+	default:
+		// Fallback to default credentials provider, include mock errors for
+		// the credential chain so user can identify why credentials failed to
+		// be retrieved.
+		creds = credentials.NewCredentials(&credentials.ChainProvider{
+			VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
+			Providers: []credentials.Provider{
+				&credProviderError{
+					Err: awserr.New("EnvAccessKeyNotFound",
+						"failed to find credentials in the environment.", nil),
+				},
+				&credProviderError{
+					Err: awserr.New("SharedCredsLoad",
+						fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil),
+				},
+				defaults.RemoteCredProvider(*cfg, handlers),
+			},
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if len(sharedCfg.RoleARN) > 0 {
+		cfgCp := *cfg
+		cfgCp.Credentials = creds
+		return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts)
+	}
+
+	return creds, nil
+}
+
+// valid credential source values
+const (
+	credSourceEc2Metadata  = "Ec2InstanceMetadata"
+	credSourceEnvironment  = "Environment"
+	credSourceECSContainer = "EcsContainer"
+)
+
+func resolveCredsFromSource(cfg *aws.Config,
+	envCfg envConfig, sharedCfg sharedConfig,
+	handlers request.Handlers,
+	sessOpts Options,
+) (creds *credentials.Credentials, err error) {
+
+	switch sharedCfg.CredentialSource {
+	case credSourceEc2Metadata:
+		p := defaults.RemoteCredProvider(*cfg, handlers)
+		creds = credentials.NewCredentials(p)
+
+	case credSourceEnvironment:
+		creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds)
+
+	case credSourceECSContainer:
+		if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
+			return nil, ErrSharedConfigECSContainerEnvVarEmpty
+		}
+
+		p := defaults.RemoteCredProvider(*cfg, handlers)
+		creds = credentials.NewCredentials(p)
+
+	default:
+		return nil, ErrSharedConfigInvalidCredSource
+	}
+
+	return creds, nil
+}
+
+func credsFromAssumeRole(cfg aws.Config,
+	handlers request.Handlers,
+	sharedCfg sharedConfig,
+	sessOpts Options,
+) (*credentials.Credentials, error) {
+
+	if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil {
+		// AssumeRole Token provider is required if doing Assume Role
+		// with MFA.
+		return nil, AssumeRoleTokenProviderNotSetError{}
+	}
+
+	return stscreds.NewCredentials(
+		&Session{
+			Config:   &cfg,
+			Handlers: handlers.Copy(),
+		},
+		sharedCfg.RoleARN,
+		func(opt *stscreds.AssumeRoleProvider) {
+			opt.RoleSessionName = sharedCfg.RoleSessionName
+			opt.Duration = sessOpts.AssumeRoleDuration
+
+			// Assume role with external ID
+			if len(sharedCfg.ExternalID) > 0 {
+				opt.ExternalID = aws.String(sharedCfg.ExternalID)
+			}
+
+			// Assume role with MFA
+			if len(sharedCfg.MFASerial) > 0 {
+				opt.SerialNumber = aws.String(sharedCfg.MFASerial)
+				opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
+			}
+		},
+	), nil
+}
+
+// AssumeRoleTokenProviderNotSetError is an error returned when creating a
+// session when the MFAToken option is not set when shared config is configured
+// load assume a role with an MFA token.
+type AssumeRoleTokenProviderNotSetError struct{}
+
+// Code is the short id of the error.
+func (e AssumeRoleTokenProviderNotSetError) Code() string {
+	return "AssumeRoleTokenProviderNotSetError"
+}
+
+// Message is the description of the error
+func (e AssumeRoleTokenProviderNotSetError) Message() string {
+	return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
+	return nil
+}
+
+// Error satisfies the error interface.
+func (e AssumeRoleTokenProviderNotSetError) Error() string {
+	return awserr.SprintError(e.Code(), e.Message(), "", nil)
+}
+
+type credProviderError struct {
+	Err error
+}
+
+func (c credProviderError) Retrieve() (credentials.Value, error) {
+	return credentials.Value{}, c.Err
+}
+func (c credProviderError) IsExpired() bool {
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
index ea7b886f81f56..7ec66e7e589ae 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
@@ -1,97 +1,93 @@
 /*
-Package session provides configuration for the SDK's service clients.
-
-Sessions can be shared across all service clients that share the same base
-configuration.  The Session is built from the SDK's default configuration and
-request handlers.
-
-Sessions should be cached when possible, because creating a new Session will
-load all configuration values from the environment, and config files each time
-the Session is created. Sharing the Session value across all of your service
-clients will ensure the configuration is loaded the fewest number of times possible.
-
-Concurrency
+Package session provides configuration for the SDK's service clients. Sessions
+can be shared across service clients that share the same base configuration.
 
 Sessions are safe to use concurrently as long as the Session is not being
-modified. The SDK will not modify the Session once the Session has been created.
-Creating service clients concurrently from a shared Session is safe.
-
-Sessions from Shared Config
-
-Sessions can be created using the method above that will only load the
-additional config if the AWS_SDK_LOAD_CONFIG environment variable is set.
-Alternatively you can explicitly create a Session with shared config enabled.
-To do this you can use NewSessionWithOptions to configure how the Session will
-be created. Using the NewSessionWithOptions with SharedConfigState set to
-SharedConfigEnable will create the session as if the AWS_SDK_LOAD_CONFIG
-environment variable was set.
+modified. Sessions should be cached when possible, because creating a new
+Session will load all configuration values from the environment, and config
+files each time the Session is created. Sharing the Session value across all of
+your service clients will ensure the configuration is loaded the fewest number
+of times possible.
 
-Creating Sessions
-
-When creating Sessions optional aws.Config values can be passed in that will
-override the default, or loaded config values the Session is being created
-with. This allows you to provide additional, or case based, configuration
-as needed.
+Sessions options from Shared Config
 
 By default NewSession will only load credentials from the shared credentials
 file (~/.aws/credentials). If the AWS_SDK_LOAD_CONFIG environment variable is
 set to a truthy value the Session will be created from the configuration
 values from the shared config (~/.aws/config) and shared credentials
-(~/.aws/credentials) files. See the section Sessions from Shared Config for
-more information.
+(~/.aws/credentials) files. Using the NewSessionWithOptions with
+SharedConfigState set to SharedConfigEnable will create the session as if the
+AWS_SDK_LOAD_CONFIG environment variable was set.
 
-Create a Session with the default config and request handlers. With credentials
-region, and profile loaded from the environment and shared config automatically.
-Requires the AWS_PROFILE to be set, or "default" is used.
+Credential and config loading order
 
-	// Create Session
-	sess := session.Must(session.NewSession())
+The Session will attempt to load configuration and credentials from the
+environment, configuration files, and other credential sources. The order
+configuration is loaded in is:
 
-	// Create a Session with a custom region
-	sess := session.Must(session.NewSession(&aws.Config{
-		Region: aws.String("us-east-1"),
-	}))
+  * Environment Variables
+  * Shared Credentials file
+  * Shared Configuration file (if SharedConfig is enabled)
+  * EC2 Instance Metadata (credentials only)
 
-	// Create a S3 client instance from a session
-	sess := session.Must(session.NewSession())
+The Environment variables for credentials will have precedence over shared
+config even if SharedConfig is enabled. To override this behavior, and use
+shared config credentials instead specify the session.Options.Profile, (e.g.
+when using credential_source=Environment to assume a role).
+
+  sess, err := session.NewSessionWithOptions(session.Options{
+	  Profile: "myProfile",
+  })
 
-	svc := s3.New(sess)
+Creating Sessions
 
-Create Session With Option Overrides
+Creating a Session without additional options will load credentials region, and
+profile loaded from the environment and shared config automatically. See,
+"Environment Variables" section for information on environment variables used
+by Session.
 
-In addition to NewSession, Sessions can be created using NewSessionWithOptions.
-This func allows you to control and override how the Session will be created
-through code instead of being driven by environment variables only.
+	// Create Session
+	sess, err := session.NewSession()
 
-Use NewSessionWithOptions when you want to provide the config profile, or
-override the shared config state (AWS_SDK_LOAD_CONFIG).
+
+When creating Sessions optional aws.Config values can be passed in that will
+override the default, or loaded, config values the Session is being created
+with. This allows you to provide additional, or case based, configuration
+as needed.
+
+	// Create a Session with a custom region
+	sess, err := session.NewSession(&aws.Config{
+		Region: aws.String("us-west-2"),
+	})
+
+Use NewSessionWithOptions to provide additional configuration driving how the
+Session's configuration will be loaded. Such as, specifying shared config
+profile, or override the shared config state,  (AWS_SDK_LOAD_CONFIG).
 
 	// Equivalent to session.NewSession()
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
+	sess, err := session.NewSessionWithOptions(session.Options{
 		// Options
-	}))
+	})
 
-	// Specify profile to load for the session's config
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
-		 Profile: "profile_name",
-	}))
+	sess, err := session.NewSessionWithOptions(session.Options{
+		// Specify profile to load for the session's config
+		Profile: "profile_name",
 
-	// Specify profile for config and region for requests
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
-		 Config: aws.Config{Region: aws.String("us-east-1")},
-		 Profile: "profile_name",
-	}))
+		// Provide SDK Config options, such as Region.
+		Config: aws.Config{
+			Region: aws.String("us-west-2"),
+		},
 
-	// Force enable Shared Config support
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
+		// Force enable Shared Config support
 		SharedConfigState: session.SharedConfigEnable,
-	}))
+	})
 
 Adding Handlers
 
-You can add handlers to a session for processing HTTP requests. All service
-clients that use the session inherit the handlers. For example, the following
-handler logs every request and its payload made by a service client:
+You can add handlers to a session to decorate API operation, (e.g. adding HTTP
+headers). All clients that use the Session receive a copy of the Session's
+handlers. For example, the following request handler added to the Session logs
+every requests made.
 
 	// Create a session, and add additional handlers for all service
 	// clients created with the Session to inherit. Adds logging handler.
@@ -99,22 +95,15 @@ handler logs every request and its payload made by a service client:
 
 	sess.Handlers.Send.PushFront(func(r *request.Request) {
 		// Log every request made and its payload
-		logger.Println("Request: %s/%s, Payload: %s",
+		logger.Printf("Request: %s/%s, Params: %s",
 			r.ClientInfo.ServiceName, r.Operation, r.Params)
 	})
 
-Deprecated "New" function
-
-The New session function has been deprecated because it does not provide good
-way to return errors that occur when loading the configuration files and values.
-Because of this, NewSession was created so errors can be retrieved when
-creating a session fails.
-
 Shared Config Fields
 
-By default the SDK will only load the shared credentials file's (~/.aws/credentials)
-credentials values, and all other config is provided by the environment variables,
-SDK defaults, and user provided aws.Config values.
+By default the SDK will only load the shared credentials file's
+(~/.aws/credentials) credentials values, and all other config is provided by
+the environment variables, SDK defaults, and user provided aws.Config values.
 
 If the AWS_SDK_LOAD_CONFIG environment variable is set, or SharedConfigEnable
 option is used to create the Session the full shared config values will be
@@ -125,24 +114,31 @@ files have the same format.
 
 If both config files are present the configuration from both files will be
 read. The Session will be created from configuration values from the shared
-credentials file (~/.aws/credentials) over those in the shared config file (~/.aws/config).
+credentials file (~/.aws/credentials) over those in the shared config file
+(~/.aws/config).
 
-Credentials are the values the SDK should use for authenticating requests with
-AWS Services. They arfrom a configuration file will need to include both
-aws_access_key_id and aws_secret_access_key must be provided together in the
-same file to be considered valid. The values will be ignored if not a complete
-group. aws_session_token is an optional field that can be provided if both of
-the other two fields are also provided.
+Credentials are the values the SDK uses to authenticating requests with AWS
+Services. When specified in a file, both aws_access_key_id and
+aws_secret_access_key must be provided together in the same file to be
+considered valid. They will be ignored if both are not present.
+aws_session_token is an optional field that can be provided in addition to the
+other two fields.
 
 	aws_access_key_id = AKID
 	aws_secret_access_key = SECRET
 	aws_session_token = TOKEN
 
-Assume Role values allow you to configure the SDK to assume an IAM role using
-a set of credentials provided in a config file via the source_profile field.
-Both "role_arn" and "source_profile" are required. The SDK supports assuming
-a role with MFA token if the session option AssumeRoleTokenProvider
-is set.
+	; region only supported if SharedConfigEnabled.
+	region = us-east-1
+
+Assume Role configuration
+
+The role_arn field allows you to configure the SDK to assume an IAM role using
+a set of credentials from another source. Such as when paired with static
+credentials, "profile_source", "credential_process", or "credential_source"
+fields. If "role_arn" is provided, a source of credentials must also be
+specified, such as "source_profile", "credential_source", or
+"credential_process".
 
 	role_arn = arn:aws:iam::<account_number>:role/<role_name>
 	source_profile = profile_with_creds
@@ -150,40 +146,16 @@ is set.
 	mfa_serial = <serial or mfa arn>
 	role_session_name = session_name
 
-Region is the region the SDK should use for looking up AWS service endpoints
-and signing requests.
-
-	region = us-east-1
-
-Assume Role with MFA token
 
-To create a session with support for assuming an IAM role with MFA set the
-session option AssumeRoleTokenProvider to a function that will prompt for the
-MFA token code when the SDK assumes the role and refreshes the role's credentials.
-This allows you to configure the SDK via the shared config to assumea role
-with MFA tokens.
-
-In order for the SDK to assume a role with MFA the SharedConfigState
-session option must be set to SharedConfigEnable, or AWS_SDK_LOAD_CONFIG
-environment variable set.
-
-The shared configuration instructs the SDK to assume an IAM role with MFA
-when the mfa_serial configuration field is set in the shared config
-(~/.aws/config) or shared credentials (~/.aws/credentials) file.
-
-If mfa_serial is set in the configuration, the SDK will assume the role, and
-the AssumeRoleTokenProvider session option is not set an an error will
-be returned when creating the session.
+The SDK supports assuming a role with MFA token. If "mfa_serial" is set, you
+must also set the Session Option.AssumeRoleTokenProvider. The Session will fail
+to load if the AssumeRoleTokenProvider is not specified.
 
     sess := session.Must(session.NewSessionWithOptions(session.Options{
         AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
     }))
 
-    // Create service client value configured for credentials
-    // from assumed role.
-    svc := s3.New(sess)
-
-To setup assume role outside of a session see the stscrds.AssumeRoleProvider
+To setup Assume Role outside of a session see the stscreds.AssumeRoleProvider
 documentation.
 
 Environment Variables
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
index f1adcf4819829..c1e0e9c9543da 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
@@ -1,10 +1,15 @@
 package session
 
 import (
+	"fmt"
 	"os"
 	"strconv"
+	"strings"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/defaults"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
 )
 
 // EnvProviderName provides a name of the provider when config is loaded from environment.
@@ -78,7 +83,7 @@ type envConfig struct {
 	//	AWS_CONFIG_FILE=$HOME/my_shared_config
 	SharedConfigFile string
 
-	// Sets the path to a custom Credentials Authroity (CA) Bundle PEM file
+	// Sets the path to a custom Credentials Authority (CA) Bundle PEM file
 	// that the SDK will use instead of the system's root CA bundle.
 	// Only use this if you want to configure the SDK to use a custom set
 	// of CAs.
@@ -95,9 +100,69 @@ type envConfig struct {
 	//
 	//  AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
 	CustomCABundle string
+
+	csmEnabled  string
+	CSMEnabled  *bool
+	CSMPort     string
+	CSMHost     string
+	CSMClientID string
+
+	// Enables endpoint discovery via environment variables.
+	//
+	//	AWS_ENABLE_ENDPOINT_DISCOVERY=true
+	EnableEndpointDiscovery *bool
+	enableEndpointDiscovery string
+
+	// Specifies the WebIdentity token the SDK should use to assume a role
+	// with.
+	//
+	//  AWS_WEB_IDENTITY_TOKEN_FILE=file_path
+	WebIdentityTokenFilePath string
+
+	// Specifies the IAM role arn to use when assuming an role.
+	//
+	//  AWS_ROLE_ARN=role_arn
+	RoleARN string
+
+	// Specifies the IAM role session name to use when assuming a role.
+	//
+	//  AWS_ROLE_SESSION_NAME=session_name
+	RoleSessionName string
+
+	// Specifies the STS Regional Endpoint flag for the SDK to resolve the endpoint
+	// for a service.
+	//
+	// AWS_STS_REGIONAL_ENDPOINTS=regional
+	// This can take value as `regional` or `legacy`
+	STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+	// Specifies the S3 Regional Endpoint flag for the SDK to resolve the
+	// endpoint for a service.
+	//
+	// AWS_S3_US_EAST_1_REGIONAL_ENDPOINT=regional
+	// This can take value as `regional` or `legacy`
+	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+
+	// Specifies if the S3 service should allow ARNs to direct the region
+	// the client's requests are sent to.
+	//
+	// AWS_S3_USE_ARN_REGION=true
+	S3UseARNRegion bool
 }
 
 var (
+	csmEnabledEnvKey = []string{
+		"AWS_CSM_ENABLED",
+	}
+	csmHostEnvKey = []string{
+		"AWS_CSM_HOST",
+	}
+	csmPortEnvKey = []string{
+		"AWS_CSM_PORT",
+	}
+	csmClientIDEnvKey = []string{
+		"AWS_CSM_CLIENT_ID",
+	}
 	credAccessEnvKey = []string{
 		"AWS_ACCESS_KEY_ID",
 		"AWS_ACCESS_KEY",
@@ -110,6 +175,10 @@ var (
 		"AWS_SESSION_TOKEN",
 	}
 
+	enableEndpointDiscoveryEnvKey = []string{
+		"AWS_ENABLE_ENDPOINT_DISCOVERY",
+	}
+
 	regionEnvKeys = []string{
 		"AWS_REGION",
 		"AWS_DEFAULT_REGION", // Only read if AWS_SDK_LOAD_CONFIG is also set
@@ -124,6 +193,24 @@ var (
 	sharedConfigFileEnvKey = []string{
 		"AWS_CONFIG_FILE",
 	}
+	webIdentityTokenFilePathEnvKey = []string{
+		"AWS_WEB_IDENTITY_TOKEN_FILE",
+	}
+	roleARNEnvKey = []string{
+		"AWS_ROLE_ARN",
+	}
+	roleSessionNameEnvKey = []string{
+		"AWS_ROLE_SESSION_NAME",
+	}
+	stsRegionalEndpointKey = []string{
+		"AWS_STS_REGIONAL_ENDPOINTS",
+	}
+	s3UsEast1RegionalEndpoint = []string{
+		"AWS_S3_US_EAST_1_REGIONAL_ENDPOINT",
+	}
+	s3UseARNRegionEnvKey = []string{
+		"AWS_S3_USE_ARN_REGION",
+	}
 )
 
 // loadEnvConfig retrieves the SDK's environment configuration.
@@ -132,7 +219,7 @@ var (
 // If the environment variable `AWS_SDK_LOAD_CONFIG` is set to a truthy value
 // the shared SDK config will be loaded in addition to the SDK's specific
 // configuration values.
-func loadEnvConfig() envConfig {
+func loadEnvConfig() (envConfig, error) {
 	enableSharedConfig, _ := strconv.ParseBool(os.Getenv("AWS_SDK_LOAD_CONFIG"))
 	return envConfigLoad(enableSharedConfig)
 }
@@ -143,24 +230,42 @@ func loadEnvConfig() envConfig {
 // Loads the shared configuration in addition to the SDK's specific configuration.
 // This will load the same values as `loadEnvConfig` if the `AWS_SDK_LOAD_CONFIG`
 // environment variable is set.
-func loadSharedEnvConfig() envConfig {
+func loadSharedEnvConfig() (envConfig, error) {
 	return envConfigLoad(true)
 }
 
-func envConfigLoad(enableSharedConfig bool) envConfig {
+func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
 	cfg := envConfig{}
 
 	cfg.EnableSharedConfig = enableSharedConfig
 
-	setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey)
-	setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey)
-	setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey)
+	// Static environment credentials
+	var creds credentials.Value
+	setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey)
+	setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey)
+	setFromEnvVal(&creds.SessionToken, credSessionEnvKey)
+	if creds.HasKeys() {
+		// Require logical grouping of credentials
+		creds.ProviderName = EnvProviderName
+		cfg.Creds = creds
+	}
+
+	// Role Metadata
+	setFromEnvVal(&cfg.RoleARN, roleARNEnvKey)
+	setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey)
 
-	// Require logical grouping of credentials
-	if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 {
-		cfg.Creds = credentials.Value{}
-	} else {
-		cfg.Creds.ProviderName = EnvProviderName
+	// Web identity environment variables
+	setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey)
+
+	// CSM environment variables
+	setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey)
+	setFromEnvVal(&cfg.CSMHost, csmHostEnvKey)
+	setFromEnvVal(&cfg.CSMPort, csmPortEnvKey)
+	setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey)
+
+	if len(cfg.csmEnabled) != 0 {
+		v, _ := strconv.ParseBool(cfg.csmEnabled)
+		cfg.CSMEnabled = &v
 	}
 
 	regionKeys := regionEnvKeys
@@ -173,17 +278,66 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
 	setFromEnvVal(&cfg.Region, regionKeys)
 	setFromEnvVal(&cfg.Profile, profileKeys)
 
+	// endpoint discovery is in reference to it being enabled.
+	setFromEnvVal(&cfg.enableEndpointDiscovery, enableEndpointDiscoveryEnvKey)
+	if len(cfg.enableEndpointDiscovery) > 0 {
+		cfg.EnableEndpointDiscovery = aws.Bool(cfg.enableEndpointDiscovery != "false")
+	}
+
 	setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey)
 	setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey)
 
+	if len(cfg.SharedCredentialsFile) == 0 {
+		cfg.SharedCredentialsFile = defaults.SharedCredentialsFilename()
+	}
+	if len(cfg.SharedConfigFile) == 0 {
+		cfg.SharedConfigFile = defaults.SharedConfigFilename()
+	}
+
 	cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE")
 
-	return cfg
+	var err error
+	// STS Regional Endpoint variable
+	for _, k := range stsRegionalEndpointKey {
+		if v := os.Getenv(k); len(v) != 0 {
+			cfg.STSRegionalEndpoint, err = endpoints.GetSTSRegionalEndpoint(v)
+			if err != nil {
+				return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
+			}
+		}
+	}
+
+	// S3 Regional Endpoint variable
+	for _, k := range s3UsEast1RegionalEndpoint {
+		if v := os.Getenv(k); len(v) != 0 {
+			cfg.S3UsEast1RegionalEndpoint, err = endpoints.GetS3UsEast1RegionalEndpoint(v)
+			if err != nil {
+				return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
+			}
+		}
+	}
+
+	var s3UseARNRegion string
+	setFromEnvVal(&s3UseARNRegion, s3UseARNRegionEnvKey)
+	if len(s3UseARNRegion) != 0 {
+		switch {
+		case strings.EqualFold(s3UseARNRegion, "false"):
+			cfg.S3UseARNRegion = false
+		case strings.EqualFold(s3UseARNRegion, "true"):
+			cfg.S3UseARNRegion = true
+		default:
+			return envConfig{}, fmt.Errorf(
+				"invalid value for environment variable, %s=%s, need true or false",
+				s3UseARNRegionEnvKey[0], s3UseARNRegion)
+		}
+	}
+
+	return cfg, nil
 }
 
 func setFromEnvVal(dst *string, keys []string) {
 	for _, k := range keys {
-		if v := os.Getenv(k); len(v) > 0 {
+		if v := os.Getenv(k); len(v) != 0 {
 			*dst = v
 			break
 		}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
index 9f75d5ac58893..0ff4996051012 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
@@ -8,25 +8,43 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/corehandlers"
 	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/aws/aws-sdk-go/aws/csm"
 	"github.com/aws/aws-sdk-go/aws/defaults"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
 )
 
+const (
+	// ErrCodeSharedConfig represents an error that occurs in the shared
+	// configuration logic
+	ErrCodeSharedConfig = "SharedConfigErr"
+)
+
+// ErrSharedConfigSourceCollision will be returned if a section contains both
+// source_profile and credential_source
+var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only source profile or credential source can be specified, not both", nil)
+
+// ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment
+// variables are empty and Environment was set as the credential source
+var ErrSharedConfigECSContainerEnvVarEmpty = awserr.New(ErrCodeSharedConfig, "EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set", nil)
+
+// ErrSharedConfigInvalidCredSource will be returned if an invalid credential source was provided
+var ErrSharedConfigInvalidCredSource = awserr.New(ErrCodeSharedConfig, "credential source values must be EcsContainer, Ec2InstanceMetadata, or Environment", nil)
+
 // A Session provides a central location to create service clients from and
 // store configurations and request handlers for those services.
 //
 // Sessions are safe to create service clients concurrently, but it is not safe
 // to mutate the Session concurrently.
 //
-// The Session satisfies the service client's client.ClientConfigProvider.
+// The Session satisfies the service client's client.ConfigProvider.
 type Session struct {
 	Config   *aws.Config
 	Handlers request.Handlers
@@ -55,10 +73,15 @@ type Session struct {
 // func is called instead of waiting to receive an error until a request is made.
 func New(cfgs ...*aws.Config) *Session {
 	// load initial config from environment
-	envCfg := loadEnvConfig()
+	envCfg, envErr := loadEnvConfig()
 
 	if envCfg.EnableSharedConfig {
-		s, err := newSession(Options{}, envCfg, cfgs...)
+		var cfg aws.Config
+		cfg.MergeIn(cfgs...)
+		s, err := NewSessionWithOptions(Options{
+			Config:            cfg,
+			SharedConfigState: SharedConfigEnable,
+		})
 		if err != nil {
 			// Old session.New expected all errors to be discovered when
 			// a request is made, and would report the errors then. This
@@ -70,16 +93,31 @@ func New(cfgs ...*aws.Config) *Session {
 			// Session creation failed, need to report the error and prevent
 			// any requests from succeeding.
 			s = &Session{Config: defaults.Config()}
-			s.Config.MergeIn(cfgs...)
-			s.Config.Logger.Log("ERROR:", msg, "Error:", err)
-			s.Handlers.Validate.PushBack(func(r *request.Request) {
-				r.Error = err
-			})
+			s.logDeprecatedNewSessionError(msg, err, cfgs)
 		}
+
 		return s
 	}
 
-	return deprecatedNewSession(cfgs...)
+	s := deprecatedNewSession(cfgs...)
+	if envErr != nil {
+		msg := "failed to load env config"
+		s.logDeprecatedNewSessionError(msg, envErr, cfgs)
+	}
+
+	if csmCfg, err := loadCSMConfig(envCfg, []string{}); err != nil {
+		if l := s.Config.Logger; l != nil {
+			l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err))
+		}
+	} else if csmCfg.Enabled {
+		err := enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
+		if err != nil {
+			msg := "failed to enable CSM"
+			s.logDeprecatedNewSessionError(msg, err, cfgs)
+		}
+	}
+
+	return s
 }
 
 // NewSession returns a new Session created from SDK defaults, config files,
@@ -95,7 +133,7 @@ func New(cfgs ...*aws.Config) *Session {
 // to be built with retrieving credentials with AssumeRole set in the config.
 //
 // See the NewSessionWithOptions func for information on how to override or
-// control through code how the Session will be created. Such as specifying the
+// control through code how the Session will be created, such as specifying the
 // config profile, and controlling if shared config is enabled or not.
 func NewSession(cfgs ...*aws.Config) (*Session, error) {
 	opts := Options{}
@@ -179,6 +217,12 @@ type Options struct {
 	// the config enables assume role wit MFA via the mfa_serial field.
 	AssumeRoleTokenProvider func() (string, error)
 
+	// When the SDK's shared config is configured to assume a role this option
+	// may be provided to set the expiry duration of the STS credentials.
+	// Defaults to 15 minutes if not set as documented in the
+	// stscreds.AssumeRoleProvider.
+	AssumeRoleDuration time.Duration
+
 	// Reader for a custom Credentials Authority (CA) bundle in PEM format that
 	// the SDK will use instead of the default system's root CA bundle. Use this
 	// only if you want to replace the CA bundle the SDK uses for TLS requests.
@@ -193,6 +237,12 @@ type Options struct {
 	// to also enable this feature. CustomCABundle session option field has priority
 	// over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
 	CustomCABundle io.Reader
+
+	// The handlers that the session and all API clients will be created with.
+	// This must be a complete set of handlers. Use the defaults.Handlers()
+	// function to initialize this value before changing the handlers to be
+	// used by the SDK.
+	Handlers request.Handlers
 }
 
 // NewSessionWithOptions returns a new Session created from SDK defaults, config files,
@@ -226,13 +276,20 @@ type Options struct {
 //     }))
 func NewSessionWithOptions(opts Options) (*Session, error) {
 	var envCfg envConfig
+	var err error
 	if opts.SharedConfigState == SharedConfigEnable {
-		envCfg = loadSharedEnvConfig()
+		envCfg, err = loadSharedEnvConfig()
+		if err != nil {
+			return nil, fmt.Errorf("failed to load shared config, %v", err)
+		}
 	} else {
-		envCfg = loadEnvConfig()
+		envCfg, err = loadEnvConfig()
+		if err != nil {
+			return nil, fmt.Errorf("failed to load environment config, %v", err)
+		}
 	}
 
-	if len(opts.Profile) > 0 {
+	if len(opts.Profile) != 0 {
 		envCfg.Profile = opts.Profile
 	}
 
@@ -243,13 +300,6 @@ func NewSessionWithOptions(opts Options) (*Session, error) {
 		envCfg.EnableSharedConfig = true
 	}
 
-	if len(envCfg.SharedCredentialsFile) == 0 {
-		envCfg.SharedCredentialsFile = defaults.SharedCredentialsFilename()
-	}
-	if len(envCfg.SharedConfigFile) == 0 {
-		envCfg.SharedConfigFile = defaults.SharedConfigFilename()
-	}
-
 	// Only use AWS_CA_BUNDLE if session option is not provided.
 	if len(envCfg.CustomCABundle) != 0 && opts.CustomCABundle == nil {
 		f, err := os.Open(envCfg.CustomCABundle)
@@ -302,18 +352,36 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session {
 	}
 
 	initHandlers(s)
-
 	return s
 }
 
+func enableCSM(handlers *request.Handlers, cfg csmConfig, logger aws.Logger) error {
+	if logger != nil {
+		logger.Log("Enabling CSM")
+	}
+
+	r, err := csm.Start(cfg.ClientID, csm.AddressWithDefaults(cfg.Host, cfg.Port))
+	if err != nil {
+		return err
+	}
+	r.InjectHandlers(handlers)
+
+	return nil
+}
+
 func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
 	cfg := defaults.Config()
-	handlers := defaults.Handlers()
+
+	handlers := opts.Handlers
+	if handlers.IsEmpty() {
+		handlers = defaults.Handlers()
+	}
 
 	// Get a merged version of the user provided config to determine if
 	// credentials were.
 	userCfg := &aws.Config{}
 	userCfg.MergeIn(cfgs...)
+	cfg.MergeIn(userCfg)
 
 	// Ordered config files will be loaded in with later files overwriting
 	// previous config file values.
@@ -330,9 +398,17 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
 	}
 
 	// Load additional config from file(s)
-	sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles)
+	sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig)
 	if err != nil {
-		return nil, err
+		if len(envCfg.Profile) == 0 && !envCfg.EnableSharedConfig && (envCfg.Creds.HasKeys() || userCfg.Credentials != nil) {
+			// Special case where the user has not explicitly specified an AWS_PROFILE,
+			// or session.Options.profile, shared config is not enabled, and the
+			// environment has credentials, allow the shared config file to fail to
+			// load since the user has already provided credentials, and nothing else
+			// is required to be read file. Github(aws/aws-sdk-go#2455)
+		} else if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
+			return nil, err
+		}
 	}
 
 	if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil {
@@ -346,6 +422,17 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
 
 	initHandlers(s)
 
+	if csmCfg, err := loadCSMConfig(envCfg, cfgFiles); err != nil {
+		if l := s.Config.Logger; l != nil {
+			l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err))
+		}
+	} else if csmCfg.Enabled {
+		err = enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	// Setup HTTP client with custom cert bundle if enabled
 	if opts.CustomCABundle != nil {
 		if err := loadCustomCABundle(s, opts.CustomCABundle); err != nil {
@@ -356,6 +443,46 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
 	return s, nil
 }
 
+type csmConfig struct {
+	Enabled  bool
+	Host     string
+	Port     string
+	ClientID string
+}
+
+var csmProfileName = "aws_csm"
+
+func loadCSMConfig(envCfg envConfig, cfgFiles []string) (csmConfig, error) {
+	if envCfg.CSMEnabled != nil {
+		if *envCfg.CSMEnabled {
+			return csmConfig{
+				Enabled:  true,
+				ClientID: envCfg.CSMClientID,
+				Host:     envCfg.CSMHost,
+				Port:     envCfg.CSMPort,
+			}, nil
+		}
+		return csmConfig{}, nil
+	}
+
+	sharedCfg, err := loadSharedConfig(csmProfileName, cfgFiles, false)
+	if err != nil {
+		if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
+			return csmConfig{}, err
+		}
+	}
+	if sharedCfg.CSMEnabled != nil && *sharedCfg.CSMEnabled == true {
+		return csmConfig{
+			Enabled:  true,
+			ClientID: sharedCfg.CSMClientID,
+			Host:     sharedCfg.CSMHost,
+			Port:     sharedCfg.CSMPort,
+		}, nil
+	}
+
+	return csmConfig{}, nil
+}
+
 func loadCustomCABundle(s *Session, bundle io.Reader) error {
 	var t *http.Transport
 	switch v := s.Config.HTTPClient.Transport.(type) {
@@ -368,7 +495,10 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error {
 		}
 	}
 	if t == nil {
-		t = &http.Transport{}
+		// Nil transport implies `http.DefaultTransport` should be used. Since
+		// the SDK cannot modify, nor copy the `DefaultTransport` specifying
+		// the values the next closest behavior.
+		t = getCABundleTransport()
 	}
 
 	p, err := loadCertPool(bundle)
@@ -401,9 +531,11 @@ func loadCertPool(r io.Reader) (*x509.CertPool, error) {
 	return p, nil
 }
 
-func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options) error {
-	// Merge in user provided configuration
-	cfg.MergeIn(userCfg)
+func mergeConfigSrcs(cfg, userCfg *aws.Config,
+	envCfg envConfig, sharedCfg sharedConfig,
+	handlers request.Handlers,
+	sessOpts Options,
+) error {
 
 	// Region if not already set by user
 	if len(aws.StringValue(cfg.Region)) == 0 {
@@ -414,101 +546,67 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
 		}
 	}
 
-	// Configure credentials if not already set
-	if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
-		if len(envCfg.Creds.AccessKeyID) > 0 {
-			cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
-				envCfg.Creds,
-			)
-		} else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil {
-			cfgCp := *cfg
-			cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds(
-				sharedCfg.AssumeRoleSource.Creds,
-			)
-			if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
-				// AssumeRole Token provider is required if doing Assume Role
-				// with MFA.
-				return AssumeRoleTokenProviderNotSetError{}
-			}
-			cfg.Credentials = stscreds.NewCredentials(
-				&Session{
-					Config:   &cfgCp,
-					Handlers: handlers.Copy(),
-				},
-				sharedCfg.AssumeRole.RoleARN,
-				func(opt *stscreds.AssumeRoleProvider) {
-					opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
-
-					// Assume role with external ID
-					if len(sharedCfg.AssumeRole.ExternalID) > 0 {
-						opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
-					}
-
-					// Assume role with MFA
-					if len(sharedCfg.AssumeRole.MFASerial) > 0 {
-						opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
-						opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
-					}
-				},
-			)
-		} else if len(sharedCfg.Creds.AccessKeyID) > 0 {
-			cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
-				sharedCfg.Creds,
-			)
-		} else {
-			// Fallback to default credentials provider, include mock errors
-			// for the credential chain so user can identify why credentials
-			// failed to be retrieved.
-			cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{
-				VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
-				Providers: []credentials.Provider{
-					&credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)},
-					&credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)},
-					defaults.RemoteCredProvider(*cfg, handlers),
-				},
-			})
+	if cfg.EnableEndpointDiscovery == nil {
+		if envCfg.EnableEndpointDiscovery != nil {
+			cfg.WithEndpointDiscovery(*envCfg.EnableEndpointDiscovery)
+		} else if envCfg.EnableSharedConfig && sharedCfg.EnableEndpointDiscovery != nil {
+			cfg.WithEndpointDiscovery(*sharedCfg.EnableEndpointDiscovery)
 		}
 	}
 
-	return nil
-}
-
-// AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the
-// MFAToken option is not set when shared config is configured load assume a
-// role with an MFA token.
-type AssumeRoleTokenProviderNotSetError struct{}
-
-// Code is the short id of the error.
-func (e AssumeRoleTokenProviderNotSetError) Code() string {
-	return "AssumeRoleTokenProviderNotSetError"
-}
+	// Regional Endpoint flag for STS endpoint resolving
+	mergeSTSRegionalEndpointConfig(cfg, []endpoints.STSRegionalEndpoint{
+		userCfg.STSRegionalEndpoint,
+		envCfg.STSRegionalEndpoint,
+		sharedCfg.STSRegionalEndpoint,
+		endpoints.LegacySTSEndpoint,
+	})
+
+	// Regional Endpoint flag for S3 endpoint resolving
+	mergeS3UsEast1RegionalEndpointConfig(cfg, []endpoints.S3UsEast1RegionalEndpoint{
+		userCfg.S3UsEast1RegionalEndpoint,
+		envCfg.S3UsEast1RegionalEndpoint,
+		sharedCfg.S3UsEast1RegionalEndpoint,
+		endpoints.LegacyS3UsEast1Endpoint,
+	})
+
+	// Configure credentials if not already set by the user when creating the
+	// Session.
+	if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
+		creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts)
+		if err != nil {
+			return err
+		}
+		cfg.Credentials = creds
+	}
 
-// Message is the description of the error
-func (e AssumeRoleTokenProviderNotSetError) Message() string {
-	return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
-}
+	cfg.S3UseARNRegion = userCfg.S3UseARNRegion
+	if cfg.S3UseARNRegion == nil {
+		cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
+	}
+	if cfg.S3UseARNRegion == nil {
+		cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion
+	}
 
-// OrigErr is the underlying error that caused the failure.
-func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
 	return nil
 }
 
-// Error satisfies the error interface.
-func (e AssumeRoleTokenProviderNotSetError) Error() string {
-	return awserr.SprintError(e.Code(), e.Message(), "", nil)
-}
-
-type credProviderError struct {
-	Err error
+func mergeSTSRegionalEndpointConfig(cfg *aws.Config, values []endpoints.STSRegionalEndpoint) {
+	for _, v := range values {
+		if v != endpoints.UnsetSTSEndpoint {
+			cfg.STSRegionalEndpoint = v
+			break
+		}
+	}
 }
 
-var emptyCreds = credentials.Value{}
-
-func (c credProviderError) Retrieve() (credentials.Value, error) {
-	return credentials.Value{}, c.Err
-}
-func (c credProviderError) IsExpired() bool {
-	return true
+func mergeS3UsEast1RegionalEndpointConfig(cfg *aws.Config, values []endpoints.S3UsEast1RegionalEndpoint) {
+	for _, v := range values {
+		if v != endpoints.UnsetS3UsEast1Endpoint {
+			cfg.S3UsEast1RegionalEndpoint = v
+			break
+		}
+	}
 }
 
 func initHandlers(s *Session) {
@@ -519,7 +617,7 @@ func initHandlers(s *Session) {
 	}
 }
 
-// Copy creates and returns a copy of the current Session, coping the config
+// Copy creates and returns a copy of the current Session, copying the config
 // and handlers. If any additional configs are provided they will be merged
 // on top of the Session's copied config.
 //
@@ -539,46 +637,67 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session {
 // ClientConfig satisfies the client.ConfigProvider interface and is used to
 // configure the service client instances. Passing the Session to the service
 // client's constructor (New) will use this method to configure the client.
-func (s *Session) ClientConfig(serviceName string, cfgs ...*aws.Config) client.Config {
-	// Backwards compatibility, the error will be eaten if user calls ClientConfig
-	// directly. All SDK services will use ClientconfigWithError.
-	cfg, _ := s.clientConfigWithErr(serviceName, cfgs...)
-
-	return cfg
-}
-
-func (s *Session) clientConfigWithErr(serviceName string, cfgs ...*aws.Config) (client.Config, error) {
+func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Config {
 	s = s.Copy(cfgs...)
 
-	var resolved endpoints.ResolvedEndpoint
-	var err error
-
 	region := aws.StringValue(s.Config.Region)
+	resolved, err := s.resolveEndpoint(service, region, s.Config)
+	if err != nil {
+		s.Handlers.Validate.PushBack(func(r *request.Request) {
+			if len(r.ClientInfo.Endpoint) != 0 {
+				// Error occurred while resolving endpoint, but the request
+				// being invoked has had an endpoint specified after the client
+				// was created.
+				return
+			}
+			r.Error = err
+		})
+	}
 
-	if endpoint := aws.StringValue(s.Config.Endpoint); len(endpoint) != 0 {
-		resolved.URL = endpoints.AddScheme(endpoint, aws.BoolValue(s.Config.DisableSSL))
-		resolved.SigningRegion = region
-	} else {
-		resolved, err = s.Config.EndpointResolver.EndpointFor(
-			serviceName, region,
-			func(opt *endpoints.Options) {
-				opt.DisableSSL = aws.BoolValue(s.Config.DisableSSL)
-				opt.UseDualStack = aws.BoolValue(s.Config.UseDualStack)
+	return client.Config{
+		Config:             s.Config,
+		Handlers:           s.Handlers,
+		PartitionID:        resolved.PartitionID,
+		Endpoint:           resolved.URL,
+		SigningRegion:      resolved.SigningRegion,
+		SigningNameDerived: resolved.SigningNameDerived,
+		SigningName:        resolved.SigningName,
+	}
+}
+
+func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
 
-				// Support the condition where the service is modeled but its
-				// endpoint metadata is not available.
-				opt.ResolveUnknownService = true
-			},
-		)
+	if ep := aws.StringValue(cfg.Endpoint); len(ep) != 0 {
+		return endpoints.ResolvedEndpoint{
+			URL:           endpoints.AddScheme(ep, aws.BoolValue(cfg.DisableSSL)),
+			SigningRegion: region,
+		}, nil
 	}
 
-	return client.Config{
-		Config:        s.Config,
-		Handlers:      s.Handlers,
-		Endpoint:      resolved.URL,
-		SigningRegion: resolved.SigningRegion,
-		SigningName:   resolved.SigningName,
-	}, err
+	resolved, err := cfg.EndpointResolver.EndpointFor(service, region,
+		func(opt *endpoints.Options) {
+			opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
+			opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
+			// Support for STSRegionalEndpoint where the STSRegionalEndpoint is
+			// provided in envConfig or sharedConfig with envConfig getting
+			// precedence.
+			opt.STSRegionalEndpoint = cfg.STSRegionalEndpoint
+
+			// Support for S3UsEast1RegionalEndpoint where the S3UsEast1RegionalEndpoint is
+			// provided in envConfig or sharedConfig with envConfig getting
+			// precedence.
+			opt.S3UsEast1RegionalEndpoint = cfg.S3UsEast1RegionalEndpoint
+
+			// Support the condition where the service is modeled but its
+			// endpoint metadata is not available.
+			opt.ResolveUnknownService = true
+		},
+	)
+	if err != nil {
+		return endpoints.ResolvedEndpoint{}, err
+	}
+
+	return resolved, nil
 }
 
 // ClientConfigNoResolveEndpoint is the same as ClientConfig with the exception
@@ -588,19 +707,28 @@ func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Conf
 	s = s.Copy(cfgs...)
 
 	var resolved endpoints.ResolvedEndpoint
-
-	region := aws.StringValue(s.Config.Region)
-
 	if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
 		resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
-		resolved.SigningRegion = region
+		resolved.SigningRegion = aws.StringValue(s.Config.Region)
 	}
 
 	return client.Config{
-		Config:        s.Config,
-		Handlers:      s.Handlers,
-		Endpoint:      resolved.URL,
-		SigningRegion: resolved.SigningRegion,
-		SigningName:   resolved.SigningName,
+		Config:             s.Config,
+		Handlers:           s.Handlers,
+		Endpoint:           resolved.URL,
+		SigningRegion:      resolved.SigningRegion,
+		SigningNameDerived: resolved.SigningNameDerived,
+		SigningName:        resolved.SigningName,
 	}
 }
+
+// logDeprecatedNewSessionError function enables error handling for session
+func (s *Session) logDeprecatedNewSessionError(msg string, err error, cfgs []*aws.Config) {
+	// Session creation failed, need to report the error and prevent
+	// any requests from succeeding.
+	s.Config.MergeIn(cfgs...)
+	s.Config.Logger.Log("ERROR:", msg, "Error:", err)
+	s.Handlers.Validate.PushBack(func(r *request.Request) {
+		r.Error = err
+	})
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
index 09c8e5bc7abef..a8ed880760073 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
@@ -2,11 +2,11 @@ package session
 
 import (
 	"fmt"
-	"io/ioutil"
 
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/go-ini/ini"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/internal/ini"
 )
 
 const (
@@ -16,68 +16,125 @@ const (
 	sessionTokenKey = `aws_session_token`     // optional
 
 	// Assume Role Credentials group
-	roleArnKey         = `role_arn`          // group required
-	sourceProfileKey   = `source_profile`    // group required
-	externalIDKey      = `external_id`       // optional
-	mfaSerialKey       = `mfa_serial`        // optional
-	roleSessionNameKey = `role_session_name` // optional
+	roleArnKey          = `role_arn`          // group required
+	sourceProfileKey    = `source_profile`    // group required (or credential_source)
+	credentialSourceKey = `credential_source` // group required (or source_profile)
+	externalIDKey       = `external_id`       // optional
+	mfaSerialKey        = `mfa_serial`        // optional
+	roleSessionNameKey  = `role_session_name` // optional
+
+	// CSM options
+	csmEnabledKey  = `csm_enabled`
+	csmHostKey     = `csm_host`
+	csmPortKey     = `csm_port`
+	csmClientIDKey = `csm_client_id`
 
 	// Additional Config fields
 	regionKey = `region`
 
+	// endpoint discovery group
+	enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
+
+	// External Credential Process
+	credentialProcessKey = `credential_process` // optional
+
+	// Web Identity Token File
+	webIdentityTokenFileKey = `web_identity_token_file` // optional
+
+	// Additional config fields for regional or legacy endpoints
+	stsRegionalEndpointSharedKey = `sts_regional_endpoints`
+
+	// Additional config fields for regional or legacy endpoints
+	s3UsEast1RegionalSharedKey = `s3_us_east_1_regional_endpoint`
+
 	// DefaultSharedConfigProfile is the default profile to be used when
 	// loading configuration from the config files if another profile name
 	// is not provided.
 	DefaultSharedConfigProfile = `default`
-)
 
-type assumeRoleConfig struct {
-	RoleARN         string
-	SourceProfile   string
-	ExternalID      string
-	MFASerial       string
-	RoleSessionName string
-}
+	// S3 ARN Region Usage
+	s3UseARNRegionKey = "s3_use_arn_region"
+)
 
 // sharedConfig represents the configuration fields of the SDK config files.
 type sharedConfig struct {
-	// Credentials values from the config file. Both aws_access_key_id
-	// and aws_secret_access_key must be provided together in the same file
-	// to be considered valid. The values will be ignored if not a complete group.
-	// aws_session_token is an optional field that can be provided if both of the
-	// other two fields are also provided.
+	// Credentials values from the config file. Both aws_access_key_id and
+	// aws_secret_access_key must be provided together in the same file to be
+	// considered valid. The values will be ignored if not a complete group.
+	// aws_session_token is an optional field that can be provided if both of
+	// the other two fields are also provided.
 	//
 	//	aws_access_key_id
 	//	aws_secret_access_key
 	//	aws_session_token
 	Creds credentials.Value
 
-	AssumeRole       assumeRoleConfig
-	AssumeRoleSource *sharedConfig
+	CredentialSource     string
+	CredentialProcess    string
+	WebIdentityTokenFile string
 
-	// Region is the region the SDK should use for looking up AWS service endpoints
-	// and signing requests.
+	RoleARN         string
+	RoleSessionName string
+	ExternalID      string
+	MFASerial       string
+
+	SourceProfileName string
+	SourceProfile     *sharedConfig
+
+	// Region is the region the SDK should use for looking up AWS service
+	// endpoints and signing requests.
 	//
 	//	region
 	Region string
+
+	// EnableEndpointDiscovery can be enabled in the shared config by setting
+	// endpoint_discovery_enabled to true
+	//
+	//	endpoint_discovery_enabled = true
+	EnableEndpointDiscovery *bool
+
+	// CSM Options
+	CSMEnabled  *bool
+	CSMHost     string
+	CSMPort     string
+	CSMClientID string
+
+	// Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
+	//
+	// sts_regional_endpoints = regional
+	// This can take value as `LegacySTSEndpoint` or `RegionalSTSEndpoint`
+	STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+	// Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
+	//
+	// s3_us_east_1_regional_endpoint = regional
+	// This can take value as `LegacyS3UsEast1Endpoint` or `RegionalS3UsEast1Endpoint`
+	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+
+	// Specifies if the S3 service should allow ARNs to direct the region
+	// the client's requests are sent to.
+	//
+	// s3_use_arn_region=true
+	S3UseARNRegion bool
 }
 
 type sharedConfigFile struct {
 	Filename string
-	IniData  *ini.File
+	IniData  ini.Sections
 }
 
-// loadSharedConfig retrieves the configuration from the list of files
-// using the profile provided. The order the files are listed will determine
+// loadSharedConfig retrieves the configuration from the list of files using
+// the profile provided. The order the files are listed will determine
 // precedence. Values in subsequent files will overwrite values defined in
 // earlier files.
 //
 // For example, given two files A and B. Both define credentials. If the order
-// of the files are A then B, B's credential values will be used instead of A's.
+// of the files are A then B, B's credential values will be used instead of
+// A's.
 //
 // See sharedConfig.setFromFile for information how the config files
 // will be loaded.
-func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) {
+func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) {
 	if len(profile) == 0 {
 		profile = DefaultSharedConfigProfile
 	}
@@ -88,16 +145,11 @@ func loadSharedConfig(profile string, filenames []string) (sharedConfig, error)
 	}
 
 	cfg := sharedConfig{}
-	if err = cfg.setFromIniFiles(profile, files); err != nil {
+	profiles := map[string]struct{}{}
+	if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil {
 		return sharedConfig{}, err
 	}
 
-	if len(cfg.AssumeRole.SourceProfile) > 0 {
-		if err := cfg.setAssumeRoleSource(profile, files); err != nil {
-			return sharedConfig{}, err
-		}
-	}
-
 	return cfg, nil
 }
 
@@ -105,114 +157,278 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
 	files := make([]sharedConfigFile, 0, len(filenames))
 
 	for _, filename := range filenames {
-		b, err := ioutil.ReadFile(filename)
-		if err != nil {
+		sections, err := ini.OpenFile(filename)
+		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ini.ErrCodeUnableToReadFile {
 			// Skip files which can't be opened and read for whatever reason
 			continue
-		}
-
-		f, err := ini.Load(b)
-		if err != nil {
+		} else if err != nil {
 			return nil, SharedConfigLoadError{Filename: filename, Err: err}
 		}
 
 		files = append(files, sharedConfigFile{
-			Filename: filename, IniData: f,
+			Filename: filename, IniData: sections,
 		})
 	}
 
 	return files, nil
 }
 
-func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error {
-	var assumeRoleSrc sharedConfig
+func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error {
+	// Trim files from the list that don't exist.
+	var skippedFiles int
+	var profileNotFoundErr error
+	for _, f := range files {
+		if err := cfg.setFromIniFile(profile, f, exOpts); err != nil {
+			if _, ok := err.(SharedConfigProfileNotExistsError); ok {
+				// Ignore profiles not defined in individual files.
+				profileNotFoundErr = err
+				skippedFiles++
+				continue
+			}
+			return err
+		}
+	}
+	if skippedFiles == len(files) {
+		// If all files were skipped because the profile is not found, return
+		// the original profile not found error.
+		return profileNotFoundErr
+	}
 
-	// Multiple level assume role chains are not support
-	if cfg.AssumeRole.SourceProfile == origProfile {
-		assumeRoleSrc = *cfg
-		assumeRoleSrc.AssumeRole = assumeRoleConfig{}
+	if _, ok := profiles[profile]; ok {
+		// if this is the second instance of the profile the Assume Role
+		// options must be cleared because they are only valid for the
+		// first reference of a profile. The self linked instance of the
+		// profile only have credential provider options.
+		cfg.clearAssumeRoleOptions()
 	} else {
-		err := assumeRoleSrc.setFromIniFiles(cfg.AssumeRole.SourceProfile, files)
-		if err != nil {
+		// First time a profile has been seen, It must either be a assume role
+		// or credentials. Assert if the credential type requires a role ARN,
+		// the ARN is also set.
+		if err := cfg.validateCredentialsRequireARN(profile); err != nil {
 			return err
 		}
 	}
+	profiles[profile] = struct{}{}
 
-	if len(assumeRoleSrc.Creds.AccessKeyID) == 0 {
-		return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN}
+	if err := cfg.validateCredentialType(); err != nil {
+		return err
 	}
 
-	cfg.AssumeRoleSource = &assumeRoleSrc
-
-	return nil
-}
+	// Link source profiles for assume roles
+	if len(cfg.SourceProfileName) != 0 {
+		// Linked profile via source_profile ignore credential provider
+		// options, the source profile must provide the credentials.
+		cfg.clearCredentialOptions()
 
-func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFile) error {
-	// Trim files from the list that don't exist.
-	for _, f := range files {
-		if err := cfg.setFromIniFile(profile, f); err != nil {
+		srcCfg := &sharedConfig{}
+		err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts)
+		if err != nil {
+			// SourceProfile that doesn't exist is an error in configuration.
 			if _, ok := err.(SharedConfigProfileNotExistsError); ok {
-				// Ignore proviles missings
-				continue
+				err = SharedConfigAssumeRoleError{
+					RoleARN:       cfg.RoleARN,
+					SourceProfile: cfg.SourceProfileName,
+				}
 			}
 			return err
 		}
+
+		if !srcCfg.hasCredentials() {
+			return SharedConfigAssumeRoleError{
+				RoleARN:       cfg.RoleARN,
+				SourceProfile: cfg.SourceProfileName,
+			}
+		}
+
+		cfg.SourceProfile = srcCfg
 	}
 
 	return nil
 }
 
-// setFromFile loads the configuration from the file using
-// the profile provided. A sharedConfig pointer type value is used so that
-// multiple config file loadings can be chained.
+// setFromFile loads the configuration from the file using the profile
+// provided. A sharedConfig pointer type value is used so that multiple config
+// file loadings can be chained.
 //
 // Only loads complete logically grouped values, and will not set fields in cfg
-// for incomplete grouped values in the config. Such as credentials. For example
-// if a config file only includes aws_access_key_id but no aws_secret_access_key
-// the aws_access_key_id will be ignored.
-func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error {
-	section, err := file.IniData.GetSection(profile)
-	if err != nil {
+// for incomplete grouped values in the config. Such as credentials. For
+// example if a config file only includes aws_access_key_id but no
+// aws_secret_access_key the aws_access_key_id will be ignored.
+func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error {
+	section, ok := file.IniData.GetSection(profile)
+	if !ok {
 		// Fallback to to alternate profile name: profile <name>
-		section, err = file.IniData.GetSection(fmt.Sprintf("profile %s", profile))
-		if err != nil {
-			return SharedConfigProfileNotExistsError{Profile: profile, Err: err}
+		section, ok = file.IniData.GetSection(fmt.Sprintf("profile %s", profile))
+		if !ok {
+			return SharedConfigProfileNotExistsError{Profile: profile, Err: nil}
 		}
 	}
 
-	// Shared Credentials
-	akid := section.Key(accessKeyIDKey).String()
-	secret := section.Key(secretAccessKey).String()
-	if len(akid) > 0 && len(secret) > 0 {
-		cfg.Creds = credentials.Value{
-			AccessKeyID:     akid,
-			SecretAccessKey: secret,
-			SessionToken:    section.Key(sessionTokenKey).String(),
-			ProviderName:    fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
+	if exOpts {
+		// Assume Role Parameters
+		updateString(&cfg.RoleARN, section, roleArnKey)
+		updateString(&cfg.ExternalID, section, externalIDKey)
+		updateString(&cfg.MFASerial, section, mfaSerialKey)
+		updateString(&cfg.RoleSessionName, section, roleSessionNameKey)
+		updateString(&cfg.SourceProfileName, section, sourceProfileKey)
+		updateString(&cfg.CredentialSource, section, credentialSourceKey)
+		updateString(&cfg.Region, section, regionKey)
+
+		if v := section.String(stsRegionalEndpointSharedKey); len(v) != 0 {
+			sre, err := endpoints.GetSTSRegionalEndpoint(v)
+			if err != nil {
+				return fmt.Errorf("failed to load %s from shared config, %s, %v",
+					stsRegionalEndpointSharedKey, file.Filename, err)
+			}
+			cfg.STSRegionalEndpoint = sre
 		}
+
+		if v := section.String(s3UsEast1RegionalSharedKey); len(v) != 0 {
+			sre, err := endpoints.GetS3UsEast1RegionalEndpoint(v)
+			if err != nil {
+				return fmt.Errorf("failed to load %s from shared config, %s, %v",
+					s3UsEast1RegionalSharedKey, file.Filename, err)
+			}
+			cfg.S3UsEast1RegionalEndpoint = sre
+		}
+	}
+
+	updateString(&cfg.CredentialProcess, section, credentialProcessKey)
+	updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey)
+
+	// Shared Credentials
+	creds := credentials.Value{
+		AccessKeyID:     section.String(accessKeyIDKey),
+		SecretAccessKey: section.String(secretAccessKey),
+		SessionToken:    section.String(sessionTokenKey),
+		ProviderName:    fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
+	}
+	if creds.HasKeys() {
+		cfg.Creds = creds
+	}
+
+	// Endpoint discovery
+	updateBoolPtr(&cfg.EnableEndpointDiscovery, section, enableEndpointDiscoveryKey)
+
+	// CSM options
+	updateBoolPtr(&cfg.CSMEnabled, section, csmEnabledKey)
+	updateString(&cfg.CSMHost, section, csmHostKey)
+	updateString(&cfg.CSMPort, section, csmPortKey)
+	updateString(&cfg.CSMClientID, section, csmClientIDKey)
+
+	updateBool(&cfg.S3UseARNRegion, section, s3UseARNRegionKey)
+
+	return nil
+}
+
+func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error {
+	var credSource string
+
+	switch {
+	case len(cfg.SourceProfileName) != 0:
+		credSource = sourceProfileKey
+	case len(cfg.CredentialSource) != 0:
+		credSource = credentialSourceKey
+	case len(cfg.WebIdentityTokenFile) != 0:
+		credSource = webIdentityTokenFileKey
 	}
 
-	// Assume Role
-	roleArn := section.Key(roleArnKey).String()
-	srcProfile := section.Key(sourceProfileKey).String()
-	if len(roleArn) > 0 && len(srcProfile) > 0 {
-		cfg.AssumeRole = assumeRoleConfig{
-			RoleARN:         roleArn,
-			SourceProfile:   srcProfile,
-			ExternalID:      section.Key(externalIDKey).String(),
-			MFASerial:       section.Key(mfaSerialKey).String(),
-			RoleSessionName: section.Key(roleSessionNameKey).String(),
+	if len(credSource) != 0 && len(cfg.RoleARN) == 0 {
+		return CredentialRequiresARNError{
+			Type:    credSource,
+			Profile: profile,
 		}
 	}
 
-	// Region
-	if v := section.Key(regionKey).String(); len(v) > 0 {
-		cfg.Region = v
+	return nil
+}
+
+func (cfg *sharedConfig) validateCredentialType() error {
+	// Only one or no credential type can be defined.
+	if !oneOrNone(
+		len(cfg.SourceProfileName) != 0,
+		len(cfg.CredentialSource) != 0,
+		len(cfg.CredentialProcess) != 0,
+		len(cfg.WebIdentityTokenFile) != 0,
+	) {
+		return ErrSharedConfigSourceCollision
 	}
 
 	return nil
 }
 
+func (cfg *sharedConfig) hasCredentials() bool {
+	switch {
+	case len(cfg.SourceProfileName) != 0:
+	case len(cfg.CredentialSource) != 0:
+	case len(cfg.CredentialProcess) != 0:
+	case len(cfg.WebIdentityTokenFile) != 0:
+	case cfg.Creds.HasKeys():
+	default:
+		return false
+	}
+
+	return true
+}
+
+func (cfg *sharedConfig) clearCredentialOptions() {
+	cfg.CredentialSource = ""
+	cfg.CredentialProcess = ""
+	cfg.WebIdentityTokenFile = ""
+	cfg.Creds = credentials.Value{}
+}
+
+func (cfg *sharedConfig) clearAssumeRoleOptions() {
+	cfg.RoleARN = ""
+	cfg.ExternalID = ""
+	cfg.MFASerial = ""
+	cfg.RoleSessionName = ""
+	cfg.SourceProfileName = ""
+}
+
+func oneOrNone(bs ...bool) bool {
+	var count int
+
+	for _, b := range bs {
+		if b {
+			count++
+			if count > 1 {
+				return false
+			}
+		}
+	}
+
+	return true
+}
+
+// updateString will only update the dst with the value in the section key, key
+// is present in the section.
+func updateString(dst *string, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+	*dst = section.String(key)
+}
+
+// updateBool will only update the dst with the value in the section key, key
+// is present in the section.
+func updateBool(dst *bool, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+	*dst = section.Bool(key)
+}
+
+// updateBoolPtr will only update the dst with the value in the section key,
+// key is present in the section.
+func updateBoolPtr(dst **bool, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+	*dst = new(bool)
+	**dst = section.Bool(key)
+}
+
 // SharedConfigLoadError is an error for the shared config file failed to load.
 type SharedConfigLoadError struct {
 	Filename string
@@ -270,7 +486,8 @@ func (e SharedConfigProfileNotExistsError) Error() string {
 // profile contains assume role information, but that information is invalid
 // or not complete.
 type SharedConfigAssumeRoleError struct {
-	RoleARN string
+	RoleARN       string
+	SourceProfile string
 }
 
 // Code is the short id of the error.
@@ -280,8 +497,10 @@ func (e SharedConfigAssumeRoleError) Code() string {
 
 // Message is the description of the error
 func (e SharedConfigAssumeRoleError) Message() string {
-	return fmt.Sprintf("failed to load assume role for %s, source profile has no shared credentials",
-		e.RoleARN)
+	return fmt.Sprintf(
+		"failed to load assume role for %s, source profile %s has no shared credentials",
+		e.RoleARN, e.SourceProfile,
+	)
 }
 
 // OrigErr is the underlying error that caused the failure.
@@ -293,3 +512,36 @@ func (e SharedConfigAssumeRoleError) OrigErr() error {
 func (e SharedConfigAssumeRoleError) Error() string {
 	return awserr.SprintError(e.Code(), e.Message(), "", nil)
 }
+
+// CredentialRequiresARNError provides the error for shared config credentials
+// that are incorrectly configured in the shared config or credentials file.
+type CredentialRequiresARNError struct {
+	// type of credentials that were configured.
+	Type string
+
+	// Profile name the credentials were in.
+	Profile string
+}
+
+// Code is the short id of the error.
+func (e CredentialRequiresARNError) Code() string {
+	return "CredentialRequiresARNError"
+}
+
+// Message is the description of the error
+func (e CredentialRequiresARNError) Message() string {
+	return fmt.Sprintf(
+		"credential type %s requires role_arn, profile %s",
+		e.Type, e.Profile,
+	)
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e CredentialRequiresARNError) OrigErr() error {
+	return nil
+}
+
+// Error satisfies the error interface.
+func (e CredentialRequiresARNError) Error() string {
+	return awserr.SprintError(e.Code(), e.Message(), "", nil)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
index 244c86da0543a..07ea799fbd37e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
@@ -1,8 +1,7 @@
 package v4
 
 import (
-	"net/http"
-	"strings"
+	"github.com/aws/aws-sdk-go/internal/strings"
 )
 
 // validator houses a set of rule needed for validation of a
@@ -61,7 +60,7 @@ type patterns []string
 // been found
 func (p patterns) IsValid(value string) bool {
 	for _, pattern := range p {
-		if strings.HasPrefix(http.CanonicalHeaderKey(value), pattern) {
+		if strings.HasPrefixFold(value, pattern) {
 			return true
 		}
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
new file mode 100644
index 0000000000000..02cbd97e23412
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
@@ -0,0 +1,63 @@
+package v4
+
+import (
+	"encoding/hex"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/credentials"
+)
+
+type credentialValueProvider interface {
+	Get() (credentials.Value, error)
+}
+
+// StreamSigner implements signing of event stream encoded payloads
+type StreamSigner struct {
+	region  string
+	service string
+
+	credentials credentialValueProvider
+
+	prevSig []byte
+}
+
+// NewStreamSigner creates a SigV4 signer used to sign Event Stream encoded messages
+func NewStreamSigner(region, service string, seedSignature []byte, credentials *credentials.Credentials) *StreamSigner {
+	return &StreamSigner{
+		region:      region,
+		service:     service,
+		credentials: credentials,
+		prevSig:     seedSignature,
+	}
+}
+
+// GetSignature takes an event stream encoded headers and payload and returns a signature
+func (s *StreamSigner) GetSignature(headers, payload []byte, date time.Time) ([]byte, error) {
+	credValue, err := s.credentials.Get()
+	if err != nil {
+		return nil, err
+	}
+
+	sigKey := deriveSigningKey(s.region, s.service, credValue.SecretAccessKey, date)
+
+	keyPath := buildSigningScope(s.region, s.service, date)
+
+	stringToSign := buildEventStreamStringToSign(headers, payload, s.prevSig, keyPath, date)
+
+	signature := hmacSHA256(sigKey, []byte(stringToSign))
+	s.prevSig = signature
+
+	return signature, nil
+}
+
+func buildEventStreamStringToSign(headers, payload, prevSig []byte, scope string, date time.Time) string {
+	return strings.Join([]string{
+		"AWS4-HMAC-SHA256-PAYLOAD",
+		formatTime(date),
+		scope,
+		hex.EncodeToString(prevSig),
+		hex.EncodeToString(hashSHA256(headers)),
+		hex.EncodeToString(hashSHA256(payload)),
+	}, "\n")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
index ccc88b4ac1c4a..b97334c7f28ef 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
@@ -71,13 +71,19 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
 	"github.com/aws/aws-sdk-go/private/protocol/rest"
 )
 
 const (
+	authorizationHeader     = "Authorization"
+	authHeaderSignatureElem = "Signature="
+	signatureQueryKey       = "X-Amz-Signature"
+
 	authHeaderPrefix = "AWS4-HMAC-SHA256"
 	timeFormat       = "20060102T150405Z"
 	shortTimeFormat  = "20060102"
+	awsV4Request     = "aws4_request"
 
 	// emptyStringSHA256 is a SHA256 of an empty string
 	emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
@@ -86,9 +92,9 @@ const (
 var ignoredHeaders = rules{
 	blacklist{
 		mapRule{
-			"Authorization":   struct{}{},
-			"User-Agent":      struct{}{},
-			"X-Amzn-Trace-Id": struct{}{},
+			authorizationHeader: struct{}{},
+			"User-Agent":        struct{}{},
+			"X-Amzn-Trace-Id":   struct{}{},
 		},
 	},
 }
@@ -97,25 +103,25 @@ var ignoredHeaders = rules{
 var requiredSignedHeaders = rules{
 	whitelist{
 		mapRule{
-			"Cache-Control":                                               struct{}{},
-			"Content-Disposition":                                         struct{}{},
-			"Content-Encoding":                                            struct{}{},
-			"Content-Language":                                            struct{}{},
-			"Content-Md5":                                                 struct{}{},
-			"Content-Type":                                                struct{}{},
-			"Expires":                                                     struct{}{},
-			"If-Match":                                                    struct{}{},
-			"If-Modified-Since":                                           struct{}{},
-			"If-None-Match":                                               struct{}{},
-			"If-Unmodified-Since":                                         struct{}{},
-			"Range":                                                       struct{}{},
-			"X-Amz-Acl":                                                   struct{}{},
-			"X-Amz-Copy-Source":                                           struct{}{},
-			"X-Amz-Copy-Source-If-Match":                                  struct{}{},
-			"X-Amz-Copy-Source-If-Modified-Since":                         struct{}{},
-			"X-Amz-Copy-Source-If-None-Match":                             struct{}{},
-			"X-Amz-Copy-Source-If-Unmodified-Since":                       struct{}{},
-			"X-Amz-Copy-Source-Range":                                     struct{}{},
+			"Cache-Control":                         struct{}{},
+			"Content-Disposition":                   struct{}{},
+			"Content-Encoding":                      struct{}{},
+			"Content-Language":                      struct{}{},
+			"Content-Md5":                           struct{}{},
+			"Content-Type":                          struct{}{},
+			"Expires":                               struct{}{},
+			"If-Match":                              struct{}{},
+			"If-Modified-Since":                     struct{}{},
+			"If-None-Match":                         struct{}{},
+			"If-Unmodified-Since":                   struct{}{},
+			"Range":                                 struct{}{},
+			"X-Amz-Acl":                             struct{}{},
+			"X-Amz-Copy-Source":                     struct{}{},
+			"X-Amz-Copy-Source-If-Match":            struct{}{},
+			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
+			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
+			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
+			"X-Amz-Copy-Source-Range":               struct{}{},
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
@@ -133,7 +139,9 @@ var requiredSignedHeaders = rules{
 			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
 			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
 			"X-Amz-Storage-Class":                                         struct{}{},
+			"X-Amz-Tagging":                                               struct{}{},
 			"X-Amz-Website-Redirect-Location":                             struct{}{},
+			"X-Amz-Content-Sha256":                                        struct{}{},
 		},
 	},
 	patterns{"X-Amz-Meta-"},
@@ -179,7 +187,7 @@ type Signer struct {
 	// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
 	DisableURIPathEscaping bool
 
-	// Disales the automatical setting of the HTTP request's Body field with the
+	// Disables the automatical setting of the HTTP request's Body field with the
 	// io.ReadSeeker passed in to the signer. This is useful if you're using a
 	// custom wrapper around the body for the io.ReadSeeker and want to preserve
 	// the Body value on the Request.Body.
@@ -226,11 +234,9 @@ type signingCtx struct {
 
 	DisableURIPathEscaping bool
 
-	credValues         credentials.Value
-	isPresign          bool
-	formattedTime      string
-	formattedShortTime string
-	unsignedPayload    bool
+	credValues      credentials.Value
+	isPresign       bool
+	unsignedPayload bool
 
 	bodyDigest       string
 	signedHeaders    string
@@ -341,7 +347,9 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi
 
 	ctx.sanitizeHostForHeader()
 	ctx.assignAmzQueryValues()
-	ctx.build(v4.DisableHeaderHoisting)
+	if err := ctx.build(v4.DisableHeaderHoisting); err != nil {
+		return nil, err
+	}
 
 	// If the request is not presigned the body should be attached to it. This
 	// prevents the confusion of wanting to send a signed request without
@@ -417,7 +425,7 @@ var SignRequestHandler = request.NamedHandler{
 // If the credentials of the request's config are set to
 // credentials.AnonymousCredentials the request will not be signed.
 func SignSDKRequest(req *request.Request) {
-	signSDKRequestWithCurrTime(req, time.Now)
+	SignSDKRequestWithCurrentTime(req, time.Now)
 }
 
 // BuildNamedHandler will build a generic handler for signing.
@@ -425,12 +433,15 @@ func BuildNamedHandler(name string, opts ...func(*Signer)) request.NamedHandler
 	return request.NamedHandler{
 		Name: name,
 		Fn: func(req *request.Request) {
-			signSDKRequestWithCurrTime(req, time.Now, opts...)
+			SignSDKRequestWithCurrentTime(req, time.Now, opts...)
 		},
 	}
 }
 
-func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
+// SignSDKRequestWithCurrentTime will sign the SDK's request using the time
+// function passed in. Behaves the same as SignSDKRequest with the exception
+// the request is signed with the value returned by the current time function.
+func SignSDKRequestWithCurrentTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
 	// If the request does not need to be signed ignore the signing of the
 	// request if the AnonymousCredentials object is used.
 	if req.Config.Credentials == credentials.AnonymousCredentials {
@@ -466,13 +477,9 @@ func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time
 		opt(v4)
 	}
 
-	signingTime := req.Time
-	if !req.LastSignedAt.IsZero() {
-		signingTime = req.LastSignedAt
-	}
-
+	curTime := curTimeFn()
 	signedHeaders, err := v4.signWithBody(req.HTTPRequest, req.GetBody(),
-		name, region, req.ExpireTime, req.ExpireTime > 0, signingTime,
+		name, region, req.ExpireTime, req.ExpireTime > 0, curTime,
 	)
 	if err != nil {
 		req.Error = err
@@ -481,7 +488,7 @@ func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time
 	}
 
 	req.SignedHeaderVals = signedHeaders
-	req.LastSignedAt = curTimeFn()
+	req.LastSignedAt = curTime
 }
 
 const logSignInfoMsg = `DEBUG: Request Signature:
@@ -503,11 +510,13 @@ func (v4 *Signer) logSigningInfo(ctx *signingCtx) {
 	v4.Logger.Log(msg)
 }
 
-func (ctx *signingCtx) build(disableHeaderHoisting bool) {
+func (ctx *signingCtx) build(disableHeaderHoisting bool) error {
 	ctx.buildTime()             // no depends
 	ctx.buildCredentialString() // no depends
 
-	ctx.buildBodyDigest()
+	if err := ctx.buildBodyDigest(); err != nil {
+		return err
+	}
 
 	unsignedHeaders := ctx.Request.Header
 	if ctx.isPresign {
@@ -526,37 +535,56 @@ func (ctx *signingCtx) build(disableHeaderHoisting bool) {
 	ctx.buildSignature()       // depends on string to sign
 
 	if ctx.isPresign {
-		ctx.Request.URL.RawQuery += "&X-Amz-Signature=" + ctx.signature
+		ctx.Request.URL.RawQuery += "&" + signatureQueryKey + "=" + ctx.signature
 	} else {
 		parts := []string{
 			authHeaderPrefix + " Credential=" + ctx.credValues.AccessKeyID + "/" + ctx.credentialString,
 			"SignedHeaders=" + ctx.signedHeaders,
-			"Signature=" + ctx.signature,
+			authHeaderSignatureElem + ctx.signature,
 		}
-		ctx.Request.Header.Set("Authorization", strings.Join(parts, ", "))
+		ctx.Request.Header.Set(authorizationHeader, strings.Join(parts, ", "))
 	}
+
+	return nil
 }
 
-func (ctx *signingCtx) buildTime() {
-	ctx.formattedTime = ctx.Time.UTC().Format(timeFormat)
-	ctx.formattedShortTime = ctx.Time.UTC().Format(shortTimeFormat)
+// GetSignedRequestSignature attempts to extract the signature of the request.
+// Returning an error if the request is unsigned, or unable to extract the
+// signature.
+func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
+
+	if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
+		ps := strings.Split(auth, ", ")
+		for _, p := range ps {
+			if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
+				sig := p[len(authHeaderSignatureElem):]
+				if len(sig) == 0 {
+					return nil, fmt.Errorf("invalid request signature authorization header")
+				}
+				return hex.DecodeString(sig)
+			}
+		}
+	}
+
+	if sig := r.URL.Query().Get("X-Amz-Signature"); len(sig) != 0 {
+		return hex.DecodeString(sig)
+	}
+
+	return nil, fmt.Errorf("request not signed")
+}
 
+func (ctx *signingCtx) buildTime() {
 	if ctx.isPresign {
 		duration := int64(ctx.ExpireTime / time.Second)
-		ctx.Query.Set("X-Amz-Date", ctx.formattedTime)
+		ctx.Query.Set("X-Amz-Date", formatTime(ctx.Time))
 		ctx.Query.Set("X-Amz-Expires", strconv.FormatInt(duration, 10))
 	} else {
-		ctx.Request.Header.Set("X-Amz-Date", ctx.formattedTime)
+		ctx.Request.Header.Set("X-Amz-Date", formatTime(ctx.Time))
 	}
 }
 
 func (ctx *signingCtx) buildCredentialString() {
-	ctx.credentialString = strings.Join([]string{
-		ctx.formattedShortTime,
-		ctx.Region,
-		ctx.ServiceName,
-		"aws4_request",
-	}, "/")
+	ctx.credentialString = buildSigningScope(ctx.Region, ctx.ServiceName, ctx.Time)
 
 	if ctx.isPresign {
 		ctx.Query.Set("X-Amz-Credential", ctx.credValues.AccessKeyID+"/"+ctx.credentialString)
@@ -580,8 +608,7 @@ func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) {
 	var headers []string
 	headers = append(headers, "host")
 	for k, v := range header {
-		canonicalKey := http.CanonicalHeaderKey(k)
-		if !r.IsValid(canonicalKey) {
+		if !r.IsValid(k) {
 			continue // ignored header
 		}
 		if ctx.SignedHeaderVals == nil {
@@ -645,37 +672,50 @@ func (ctx *signingCtx) buildCanonicalString() {
 func (ctx *signingCtx) buildStringToSign() {
 	ctx.stringToSign = strings.Join([]string{
 		authHeaderPrefix,
-		ctx.formattedTime,
+		formatTime(ctx.Time),
 		ctx.credentialString,
-		hex.EncodeToString(makeSha256([]byte(ctx.canonicalString))),
+		hex.EncodeToString(hashSHA256([]byte(ctx.canonicalString))),
 	}, "\n")
 }
 
 func (ctx *signingCtx) buildSignature() {
-	secret := ctx.credValues.SecretAccessKey
-	date := makeHmac([]byte("AWS4"+secret), []byte(ctx.formattedShortTime))
-	region := makeHmac(date, []byte(ctx.Region))
-	service := makeHmac(region, []byte(ctx.ServiceName))
-	credentials := makeHmac(service, []byte("aws4_request"))
-	signature := makeHmac(credentials, []byte(ctx.stringToSign))
+	creds := deriveSigningKey(ctx.Region, ctx.ServiceName, ctx.credValues.SecretAccessKey, ctx.Time)
+	signature := hmacSHA256(creds, []byte(ctx.stringToSign))
 	ctx.signature = hex.EncodeToString(signature)
 }
 
-func (ctx *signingCtx) buildBodyDigest() {
+func (ctx *signingCtx) buildBodyDigest() error {
 	hash := ctx.Request.Header.Get("X-Amz-Content-Sha256")
 	if hash == "" {
-		if ctx.unsignedPayload || (ctx.isPresign && ctx.ServiceName == "s3") {
+		includeSHA256Header := ctx.unsignedPayload ||
+			ctx.ServiceName == "s3" ||
+			ctx.ServiceName == "glacier"
+
+		s3Presign := ctx.isPresign && ctx.ServiceName == "s3"
+
+		if ctx.unsignedPayload || s3Presign {
 			hash = "UNSIGNED-PAYLOAD"
+			includeSHA256Header = !s3Presign
 		} else if ctx.Body == nil {
 			hash = emptyStringSHA256
 		} else {
-			hash = hex.EncodeToString(makeSha256Reader(ctx.Body))
+			if !aws.IsReaderSeekable(ctx.Body) {
+				return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body)
+			}
+			hashBytes, err := makeSha256Reader(ctx.Body)
+			if err != nil {
+				return err
+			}
+			hash = hex.EncodeToString(hashBytes)
 		}
-		if ctx.unsignedPayload || ctx.ServiceName == "s3" || ctx.ServiceName == "glacier" {
+
+		if includeSHA256Header {
 			ctx.Request.Header.Set("X-Amz-Content-Sha256", hash)
 		}
 	}
 	ctx.bodyDigest = hash
+
+	return nil
 }
 
 // isRequestSigned returns if the request is currently signed or presigned
@@ -701,31 +741,45 @@ func (ctx *signingCtx) removePresign() {
 	ctx.Query.Del("X-Amz-SignedHeaders")
 }
 
-func makeHmac(key []byte, data []byte) []byte {
+func hmacSHA256(key []byte, data []byte) []byte {
 	hash := hmac.New(sha256.New, key)
 	hash.Write(data)
 	return hash.Sum(nil)
 }
 
-func makeSha256(data []byte) []byte {
+func hashSHA256(data []byte) []byte {
 	hash := sha256.New()
 	hash.Write(data)
 	return hash.Sum(nil)
 }
 
-func makeSha256Reader(reader io.ReadSeeker) []byte {
+func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) {
 	hash := sha256.New()
-	start, _ := reader.Seek(0, 1)
-	defer reader.Seek(start, 0)
+	start, err := reader.Seek(0, sdkio.SeekCurrent)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		// ensure error is return if unable to seek back to start of payload.
+		_, err = reader.Seek(start, sdkio.SeekStart)
+	}()
 
-	io.Copy(hash, reader)
-	return hash.Sum(nil)
+	// Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies
+	// smaller than 32KB. Fall back to io.Copy if we fail to determine the size.
+	size, err := aws.SeekerLen(reader)
+	if err != nil {
+		io.Copy(hash, reader)
+	} else {
+		io.CopyN(hash, reader, size)
+	}
+
+	return hash.Sum(nil), nil
 }
 
 const doubleSpace = "  "
 
 // stripExcessSpaces will rewrite the passed in slice's string values to not
-// contain muliple side-by-side spaces.
+// contain multiple side-by-side spaces.
 func stripExcessSpaces(vals []string) {
 	var j, k, l, m, spaces int
 	for i, str := range vals {
@@ -765,3 +819,28 @@ func stripExcessSpaces(vals []string) {
 		vals[i] = string(buf[:m])
 	}
 }
+
+func buildSigningScope(region, service string, dt time.Time) string {
+	return strings.Join([]string{
+		formatShortTime(dt),
+		region,
+		service,
+		awsV4Request,
+	}, "/")
+}
+
+func deriveSigningKey(region, service, secretKey string, dt time.Time) []byte {
+	kDate := hmacSHA256([]byte("AWS4"+secretKey), []byte(formatShortTime(dt)))
+	kRegion := hmacSHA256(kDate, []byte(region))
+	kService := hmacSHA256(kRegion, []byte(service))
+	signingKey := hmacSHA256(kService, []byte(awsV4Request))
+	return signingKey
+}
+
+func formatShortTime(dt time.Time) string {
+	return dt.UTC().Format(shortTimeFormat)
+}
+
+func formatTime(dt time.Time) string {
+	return dt.UTC().Format(timeFormat)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go
index 0e2d864e10a8e..d542ef01bc89d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go
@@ -2,16 +2,24 @@ package aws
 
 import (
 	"io"
+	"strings"
 	"sync"
+
+	"github.com/aws/aws-sdk-go/internal/sdkio"
 )
 
-// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Should
-// only be used with an io.Reader that is also an io.Seeker. Doing so may
-// cause request signature errors, or request body's not sent for GET, HEAD
-// and DELETE HTTP methods.
+// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Allows the
+// SDK to accept an io.Reader that is not also an io.Seeker for unsigned
+// streaming payload API operations.
+//
+// A ReadSeekCloser wrapping an nonseekable io.Reader used in an API
+// operation's input will prevent that operation being retried in the case of
+// network errors, and cause operation requests to fail if the operation
+// requires payload signing.
 //
-// Deprecated: Should only be used with io.ReadSeeker. If using for
-// S3 PutObject to stream content use s3manager.Uploader instead.
+// Note: If using With S3 PutObject to stream an object upload The SDK's S3
+// Upload manager (s3manager.Uploader) provides support for streaming with the
+// ability to retry network errors.
 func ReadSeekCloser(r io.Reader) ReaderSeekerCloser {
 	return ReaderSeekerCloser{r}
 }
@@ -22,10 +30,27 @@ type ReaderSeekerCloser struct {
 	r io.Reader
 }
 
+// IsReaderSeekable returns if the underlying reader type can be seeked. A
+// io.Reader might not actually be seekable if it is the ReaderSeekerCloser
+// type.
+func IsReaderSeekable(r io.Reader) bool {
+	switch v := r.(type) {
+	case ReaderSeekerCloser:
+		return v.IsSeeker()
+	case *ReaderSeekerCloser:
+		return v.IsSeeker()
+	case io.ReadSeeker:
+		return true
+	default:
+		return false
+	}
+}
+
 // Read reads from the reader up to size of p. The number of bytes read, and
 // error if it occurred will be returned.
 //
-// If the reader is not an io.Reader zero bytes read, and nil error will be returned.
+// If the reader is not an io.Reader zero bytes read, and nil error will be
+// returned.
 //
 // Performs the same functionality as io.Reader Read
 func (r ReaderSeekerCloser) Read(p []byte) (int, error) {
@@ -56,6 +81,71 @@ func (r ReaderSeekerCloser) IsSeeker() bool {
 	return ok
 }
 
+// HasLen returns the length of the underlying reader if the value implements
+// the Len() int method.
+func (r ReaderSeekerCloser) HasLen() (int, bool) {
+	type lenner interface {
+		Len() int
+	}
+
+	if lr, ok := r.r.(lenner); ok {
+		return lr.Len(), true
+	}
+
+	return 0, false
+}
+
+// GetLen returns the length of the bytes remaining in the underlying reader.
+// Checks first for Len(), then io.Seeker to determine the size of the
+// underlying reader.
+//
+// Will return -1 if the length cannot be determined.
+func (r ReaderSeekerCloser) GetLen() (int64, error) {
+	if l, ok := r.HasLen(); ok {
+		return int64(l), nil
+	}
+
+	if s, ok := r.r.(io.Seeker); ok {
+		return seekerLen(s)
+	}
+
+	return -1, nil
+}
+
+// SeekerLen attempts to get the number of bytes remaining at the seeker's
+// current position.  Returns the number of bytes remaining or error.
+func SeekerLen(s io.Seeker) (int64, error) {
+	// Determine if the seeker is actually seekable. ReaderSeekerCloser
+	// hides the fact that a io.Readers might not actually be seekable.
+	switch v := s.(type) {
+	case ReaderSeekerCloser:
+		return v.GetLen()
+	case *ReaderSeekerCloser:
+		return v.GetLen()
+	}
+
+	return seekerLen(s)
+}
+
+func seekerLen(s io.Seeker) (int64, error) {
+	curOffset, err := s.Seek(0, sdkio.SeekCurrent)
+	if err != nil {
+		return 0, err
+	}
+
+	endOffset, err := s.Seek(0, sdkio.SeekEnd)
+	if err != nil {
+		return 0, err
+	}
+
+	_, err = s.Seek(curOffset, sdkio.SeekStart)
+	if err != nil {
+		return 0, err
+	}
+
+	return endOffset - curOffset, nil
+}
+
 // Close closes the ReaderSeekerCloser.
 //
 // If the ReaderSeekerCloser is not an io.Closer nothing will be done.
@@ -116,3 +206,36 @@ func (b *WriteAtBuffer) Bytes() []byte {
 	defer b.m.Unlock()
 	return b.buf
 }
+
+// MultiCloser is a utility to close multiple io.Closers within a single
+// statement.
+type MultiCloser []io.Closer
+
+// Close closes all of the io.Closers making up the MultiClosers. Any
+// errors that occur while closing will be returned in the order they
+// occur.
+func (m MultiCloser) Close() error {
+	var errs errors
+	for _, c := range m {
+		err := c.Close()
+		if err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) != 0 {
+		return errs
+	}
+
+	return nil
+}
+
+type errors []error
+
+func (es errors) Error() string {
+	var parts []string
+	for _, e := range es {
+		parts = append(parts, e.Error())
+	}
+
+	return strings.Join(parts, "\n")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index 7bd32f3d66be5..34d4d1ee62ca5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.12.66"
+const SDKVersion = "1.28.11"
diff --git a/vendor/github.com/aws/aws-sdk-go/go.mod b/vendor/github.com/aws/aws-sdk-go/go.mod
new file mode 100644
index 0000000000000..329c3ea439116
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/go.mod
@@ -0,0 +1,3 @@
+module github.com/aws/aws-sdk-go
+
+require github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
new file mode 100644
index 0000000000000..e83a99886bccd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
@@ -0,0 +1,120 @@
+package ini
+
+// ASTKind represents different states in the parse table
+// and the type of AST that is being constructed
+type ASTKind int
+
+// ASTKind* is used in the parse table to transition between
+// the different states
+const (
+	ASTKindNone = ASTKind(iota)
+	ASTKindStart
+	ASTKindExpr
+	ASTKindEqualExpr
+	ASTKindStatement
+	ASTKindSkipStatement
+	ASTKindExprStatement
+	ASTKindSectionStatement
+	ASTKindNestedSectionStatement
+	ASTKindCompletedNestedSectionStatement
+	ASTKindCommentStatement
+	ASTKindCompletedSectionStatement
+)
+
+func (k ASTKind) String() string {
+	switch k {
+	case ASTKindNone:
+		return "none"
+	case ASTKindStart:
+		return "start"
+	case ASTKindExpr:
+		return "expr"
+	case ASTKindStatement:
+		return "stmt"
+	case ASTKindSectionStatement:
+		return "section_stmt"
+	case ASTKindExprStatement:
+		return "expr_stmt"
+	case ASTKindCommentStatement:
+		return "comment"
+	case ASTKindNestedSectionStatement:
+		return "nested_section_stmt"
+	case ASTKindCompletedSectionStatement:
+		return "completed_stmt"
+	case ASTKindSkipStatement:
+		return "skip"
+	default:
+		return ""
+	}
+}
+
+// AST interface allows us to determine what kind of node we
+// are on and casting may not need to be necessary.
+//
+// The root is always the first node in Children
+type AST struct {
+	Kind      ASTKind
+	Root      Token
+	RootToken bool
+	Children  []AST
+}
+
+func newAST(kind ASTKind, root AST, children ...AST) AST {
+	return AST{
+		Kind:     kind,
+		Children: append([]AST{root}, children...),
+	}
+}
+
+func newASTWithRootToken(kind ASTKind, root Token, children ...AST) AST {
+	return AST{
+		Kind:      kind,
+		Root:      root,
+		RootToken: true,
+		Children:  children,
+	}
+}
+
+// AppendChild will append to the list of children an AST has.
+func (a *AST) AppendChild(child AST) {
+	a.Children = append(a.Children, child)
+}
+
+// GetRoot will return the root AST which can be the first entry
+// in the children list or a token.
+func (a *AST) GetRoot() AST {
+	if a.RootToken {
+		return *a
+	}
+
+	if len(a.Children) == 0 {
+		return AST{}
+	}
+
+	return a.Children[0]
+}
+
+// GetChildren will return the current AST's list of children
+func (a *AST) GetChildren() []AST {
+	if len(a.Children) == 0 {
+		return []AST{}
+	}
+
+	if a.RootToken {
+		return a.Children
+	}
+
+	return a.Children[1:]
+}
+
+// SetChildren will set and override all children of the AST.
+func (a *AST) SetChildren(children []AST) {
+	if a.RootToken {
+		a.Children = children
+	} else {
+		a.Children = append(a.Children[:1], children...)
+	}
+}
+
+// Start is used to indicate the starting state of the parse table.
+var Start = newAST(ASTKindStart, AST{})
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
new file mode 100644
index 0000000000000..0895d53cbe656
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
@@ -0,0 +1,11 @@
+package ini
+
+var commaRunes = []rune(",")
+
+func isComma(b rune) bool {
+	return b == ','
+}
+
+func newCommaToken() Token {
+	return newToken(TokenComma, commaRunes, NoneType)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
new file mode 100644
index 0000000000000..0b76999ba1f37
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
@@ -0,0 +1,35 @@
+package ini
+
+// isComment will return whether or not the next byte(s) is a
+// comment.
+func isComment(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case ';':
+		return true
+	case '#':
+		return true
+	}
+
+	return false
+}
+
+// newCommentToken will create a comment token and
+// return how many bytes were read.
+func newCommentToken(b []rune) (Token, int, error) {
+	i := 0
+	for ; i < len(b); i++ {
+		if b[i] == '\n' {
+			break
+		}
+
+		if len(b)-i > 2 && b[i] == '\r' && b[i+1] == '\n' {
+			break
+		}
+	}
+
+	return newToken(TokenComment, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
new file mode 100644
index 0000000000000..25ce0fe134deb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
@@ -0,0 +1,29 @@
+// Package ini is an LL(1) parser for configuration files.
+//
+//	Example:
+//	sections, err := ini.OpenFile("/path/to/file")
+//	if err != nil {
+//		panic(err)
+//	}
+//
+//	profile := "foo"
+//	section, ok := sections.GetSection(profile)
+//	if !ok {
+//		fmt.Printf("section %q could not be found", profile)
+//	}
+//
+// Below is the BNF that describes this parser
+//	Grammar:
+//	stmt -> value stmt'
+//	stmt' -> epsilon | op stmt
+//	value -> number | string | boolean | quoted_string
+//
+//	section -> [ section'
+//	section' -> value section_close
+//	section_close -> ]
+//
+//	SkipState will skip (NL WS)+
+//
+//	comment -> # comment' | ; comment'
+//	comment' -> epsilon | value
+package ini
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
new file mode 100644
index 0000000000000..04345a54c20d5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
@@ -0,0 +1,4 @@
+package ini
+
+// emptyToken is used to satisfy the Token interface
+var emptyToken = newToken(TokenNone, []rune{}, NoneType)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
new file mode 100644
index 0000000000000..91ba2a59dd5e7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
@@ -0,0 +1,24 @@
+package ini
+
+// newExpression will return an expression AST.
+// Expr represents an expression
+//
+//	grammar:
+//	expr -> string | number
+func newExpression(tok Token) AST {
+	return newASTWithRootToken(ASTKindExpr, tok)
+}
+
+func newEqualExpr(left AST, tok Token) AST {
+	return newASTWithRootToken(ASTKindEqualExpr, tok, left)
+}
+
+// EqualExprKey will return a LHS value in the equal expr
+func EqualExprKey(ast AST) string {
+	children := ast.GetChildren()
+	if len(children) == 0 || ast.Kind != ASTKindEqualExpr {
+		return ""
+	}
+
+	return string(children[0].Root.Raw())
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
new file mode 100644
index 0000000000000..8d462f77e24f7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
@@ -0,0 +1,17 @@
+// +build gofuzz
+
+package ini
+
+import (
+	"bytes"
+)
+
+func Fuzz(data []byte) int {
+	b := bytes.NewReader(data)
+
+	if _, err := Parse(b); err != nil {
+		return 0
+	}
+
+	return 1
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
new file mode 100644
index 0000000000000..3b0ca7afe3b25
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
@@ -0,0 +1,51 @@
+package ini
+
+import (
+	"io"
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// OpenFile takes a path to a given file, and will open  and parse
+// that file.
+func OpenFile(path string) (Sections, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return Sections{}, awserr.New(ErrCodeUnableToReadFile, "unable to open file", err)
+	}
+	defer f.Close()
+
+	return Parse(f)
+}
+
+// Parse will parse the given file using the shared config
+// visitor.
+func Parse(f io.Reader) (Sections, error) {
+	tree, err := ParseAST(f)
+	if err != nil {
+		return Sections{}, err
+	}
+
+	v := NewDefaultVisitor()
+	if err = Walk(tree, v); err != nil {
+		return Sections{}, err
+	}
+
+	return v.Sections, nil
+}
+
+// ParseBytes will parse the given bytes and return the parsed sections.
+func ParseBytes(b []byte) (Sections, error) {
+	tree, err := ParseASTBytes(b)
+	if err != nil {
+		return Sections{}, err
+	}
+
+	v := NewDefaultVisitor()
+	if err = Walk(tree, v); err != nil {
+		return Sections{}, err
+	}
+
+	return v.Sections, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
new file mode 100644
index 0000000000000..582c024ad1583
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
@@ -0,0 +1,165 @@
+package ini
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+const (
+	// ErrCodeUnableToReadFile is used when a file is failed to be
+	// opened or read from.
+	ErrCodeUnableToReadFile = "FailedRead"
+)
+
+// TokenType represents the various different tokens types
+type TokenType int
+
+func (t TokenType) String() string {
+	switch t {
+	case TokenNone:
+		return "none"
+	case TokenLit:
+		return "literal"
+	case TokenSep:
+		return "sep"
+	case TokenOp:
+		return "op"
+	case TokenWS:
+		return "ws"
+	case TokenNL:
+		return "newline"
+	case TokenComment:
+		return "comment"
+	case TokenComma:
+		return "comma"
+	default:
+		return ""
+	}
+}
+
+// TokenType enums
+const (
+	TokenNone = TokenType(iota)
+	TokenLit
+	TokenSep
+	TokenComma
+	TokenOp
+	TokenWS
+	TokenNL
+	TokenComment
+)
+
+type iniLexer struct{}
+
+// Tokenize will return a list of tokens during lexical analysis of the
+// io.Reader.
+func (l *iniLexer) Tokenize(r io.Reader) ([]Token, error) {
+	b, err := ioutil.ReadAll(r)
+	if err != nil {
+		return nil, awserr.New(ErrCodeUnableToReadFile, "unable to read file", err)
+	}
+
+	return l.tokenize(b)
+}
+
+func (l *iniLexer) tokenize(b []byte) ([]Token, error) {
+	runes := bytes.Runes(b)
+	var err error
+	n := 0
+	tokenAmount := countTokens(runes)
+	tokens := make([]Token, tokenAmount)
+	count := 0
+
+	for len(runes) > 0 && count < tokenAmount {
+		switch {
+		case isWhitespace(runes[0]):
+			tokens[count], n, err = newWSToken(runes)
+		case isComma(runes[0]):
+			tokens[count], n = newCommaToken(), 1
+		case isComment(runes):
+			tokens[count], n, err = newCommentToken(runes)
+		case isNewline(runes):
+			tokens[count], n, err = newNewlineToken(runes)
+		case isSep(runes):
+			tokens[count], n, err = newSepToken(runes)
+		case isOp(runes):
+			tokens[count], n, err = newOpToken(runes)
+		default:
+			tokens[count], n, err = newLitToken(runes)
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		count++
+
+		runes = runes[n:]
+	}
+
+	return tokens[:count], nil
+}
+
+func countTokens(runes []rune) int {
+	count, n := 0, 0
+	var err error
+
+	for len(runes) > 0 {
+		switch {
+		case isWhitespace(runes[0]):
+			_, n, err = newWSToken(runes)
+		case isComma(runes[0]):
+			_, n = newCommaToken(), 1
+		case isComment(runes):
+			_, n, err = newCommentToken(runes)
+		case isNewline(runes):
+			_, n, err = newNewlineToken(runes)
+		case isSep(runes):
+			_, n, err = newSepToken(runes)
+		case isOp(runes):
+			_, n, err = newOpToken(runes)
+		default:
+			_, n, err = newLitToken(runes)
+		}
+
+		if err != nil {
+			return 0
+		}
+
+		count++
+		runes = runes[n:]
+	}
+
+	return count + 1
+}
+
+// Token indicates a metadata about a given value.
+type Token struct {
+	t         TokenType
+	ValueType ValueType
+	base      int
+	raw       []rune
+}
+
+var emptyValue = Value{}
+
+func newToken(t TokenType, raw []rune, v ValueType) Token {
+	return Token{
+		t:         t,
+		raw:       raw,
+		ValueType: v,
+	}
+}
+
+// Raw return the raw runes that were consumed
+func (tok Token) Raw() []rune {
+	return tok.raw
+}
+
+// Type returns the token type
+func (tok Token) Type() TokenType {
+	return tok.t
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
new file mode 100644
index 0000000000000..cf9fad81e704d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
@@ -0,0 +1,356 @@
+package ini
+
+import (
+	"fmt"
+	"io"
+)
+
+// State enums for the parse table
+const (
+	InvalidState = iota
+	// stmt -> value stmt'
+	StatementState
+	// stmt' -> MarkComplete | op stmt
+	StatementPrimeState
+	// value -> number | string | boolean | quoted_string
+	ValueState
+	// section -> [ section'
+	OpenScopeState
+	// section' -> value section_close
+	SectionState
+	// section_close -> ]
+	CloseScopeState
+	// SkipState will skip (NL WS)+
+	SkipState
+	// SkipTokenState will skip any token and push the previous
+	// state onto the stack.
+	SkipTokenState
+	// comment -> # comment' | ; comment'
+	// comment' -> MarkComplete | value
+	CommentState
+	// MarkComplete state will complete statements and move that
+	// to the completed AST list
+	MarkCompleteState
+	// TerminalState signifies that the tokens have been fully parsed
+	TerminalState
+)
+
+// parseTable is a state machine to dictate the grammar above.
+var parseTable = map[ASTKind]map[TokenType]int{
+	ASTKindStart: map[TokenType]int{
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+	},
+	ASTKindCommentStatement: map[TokenType]int{
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindExpr: map[TokenType]int{
+		TokenOp:      StatementPrimeState,
+		TokenLit:     ValueState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      ValueState,
+		TokenNL:      SkipState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindEqualExpr: map[TokenType]int{
+		TokenLit: ValueState,
+		TokenWS:  SkipTokenState,
+		TokenNL:  SkipState,
+	},
+	ASTKindStatement: map[TokenType]int{
+		TokenLit:     SectionState,
+		TokenSep:     CloseScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindExprStatement: map[TokenType]int{
+		TokenLit:     ValueState,
+		TokenSep:     OpenScopeState,
+		TokenOp:      ValueState,
+		TokenWS:      ValueState,
+		TokenNL:      MarkCompleteState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+		TokenComma:   SkipState,
+	},
+	ASTKindSectionStatement: map[TokenType]int{
+		TokenLit: SectionState,
+		TokenOp:  SectionState,
+		TokenSep: CloseScopeState,
+		TokenWS:  SectionState,
+		TokenNL:  SkipTokenState,
+	},
+	ASTKindCompletedSectionStatement: map[TokenType]int{
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindSkipStatement: map[TokenType]int{
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+	},
+}
+
+// ParseAST will parse input from an io.Reader using
+// an LL(1) parser.
+func ParseAST(r io.Reader) ([]AST, error) {
+	lexer := iniLexer{}
+	tokens, err := lexer.Tokenize(r)
+	if err != nil {
+		return []AST{}, err
+	}
+
+	return parse(tokens)
+}
+
+// ParseASTBytes will parse input from a byte slice using
+// an LL(1) parser.
+func ParseASTBytes(b []byte) ([]AST, error) {
+	lexer := iniLexer{}
+	tokens, err := lexer.tokenize(b)
+	if err != nil {
+		return []AST{}, err
+	}
+
+	return parse(tokens)
+}
+
+func parse(tokens []Token) ([]AST, error) {
+	start := Start
+	stack := newParseStack(3, len(tokens))
+
+	stack.Push(start)
+	s := newSkipper()
+
+loop:
+	for stack.Len() > 0 {
+		k := stack.Pop()
+
+		var tok Token
+		if len(tokens) == 0 {
+			// this occurs when all the tokens have been processed
+			// but reduction of what's left on the stack needs to
+			// occur.
+			tok = emptyToken
+		} else {
+			tok = tokens[0]
+		}
+
+		step := parseTable[k.Kind][tok.Type()]
+		if s.ShouldSkip(tok) {
+			// being in a skip state with no tokens will break out of
+			// the parse loop since there is nothing left to process.
+			if len(tokens) == 0 {
+				break loop
+			}
+			// if should skip is true, we skip the tokens until should skip is set to false.
+			step = SkipTokenState
+		}
+
+		switch step {
+		case TerminalState:
+			// Finished parsing. Push what should be the last
+			// statement to the stack. If there is anything left
+			// on the stack, an error in parsing has occurred.
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+			break loop
+		case SkipTokenState:
+			// When skipping a token, the previous state was popped off the stack.
+			// To maintain the correct state, the previous state will be pushed
+			// onto the stack.
+			stack.Push(k)
+		case StatementState:
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+			expr := newExpression(tok)
+			stack.Push(expr)
+		case StatementPrimeState:
+			if tok.Type() != TokenOp {
+				stack.MarkComplete(k)
+				continue
+			}
+
+			if k.Kind != ASTKindExpr {
+				return nil, NewParseError(
+					fmt.Sprintf("invalid expression: expected Expr type, but found %T type", k),
+				)
+			}
+
+			k = trimSpaces(k)
+			expr := newEqualExpr(k, tok)
+			stack.Push(expr)
+		case ValueState:
+			// ValueState requires the previous state to either be an equal expression
+			// or an expression statement.
+			//
+			// This grammar occurs when the RHS is a number, word, or quoted string.
+			// equal_expr -> lit op equal_expr'
+			// equal_expr' -> number | string | quoted_string
+			// quoted_string -> " quoted_string'
+			// quoted_string' -> string quoted_string_end
+			// quoted_string_end -> "
+			//
+			// otherwise
+			// expr_stmt -> equal_expr (expr_stmt')*
+			// expr_stmt' -> ws S | op S | MarkComplete
+			// S -> equal_expr' expr_stmt'
+			switch k.Kind {
+			case ASTKindEqualExpr:
+				// assigning a value to some key
+				k.AppendChild(newExpression(tok))
+				stack.Push(newExprStatement(k))
+			case ASTKindExpr:
+				k.Root.raw = append(k.Root.raw, tok.Raw()...)
+				stack.Push(k)
+			case ASTKindExprStatement:
+				root := k.GetRoot()
+				children := root.GetChildren()
+				if len(children) == 0 {
+					return nil, NewParseError(
+						fmt.Sprintf("invalid expression: AST contains no children %s", k.Kind),
+					)
+				}
+
+				rhs := children[len(children)-1]
+
+				if rhs.Root.ValueType != QuotedStringType {
+					rhs.Root.ValueType = StringType
+					rhs.Root.raw = append(rhs.Root.raw, tok.Raw()...)
+
+				}
+
+				children[len(children)-1] = rhs
+				k.SetChildren(children)
+
+				stack.Push(k)
+			}
+		case OpenScopeState:
+			if !runeCompare(tok.Raw(), openBrace) {
+				return nil, NewParseError("expected '['")
+			}
+			// If OpenScopeState is not at the start, we must mark the previous ast as complete
+			//
+			// for example: if previous ast was a skip statement;
+			// we should mark it as complete before we create a new statement
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+
+			stmt := newStatement()
+			stack.Push(stmt)
+		case CloseScopeState:
+			if !runeCompare(tok.Raw(), closeBrace) {
+				return nil, NewParseError("expected ']'")
+			}
+
+			k = trimSpaces(k)
+			stack.Push(newCompletedSectionStatement(k))
+		case SectionState:
+			var stmt AST
+
+			switch k.Kind {
+			case ASTKindStatement:
+				// If there are multiple literals inside of a scope declaration,
+				// then the current token's raw value will be appended to the Name.
+				//
+				// This handles cases like [ profile default ]
+				//
+				// k will represent a SectionStatement with the children representing
+				// the label of the section
+				stmt = newSectionStatement(tok)
+			case ASTKindSectionStatement:
+				k.Root.raw = append(k.Root.raw, tok.Raw()...)
+				stmt = k
+			default:
+				return nil, NewParseError(
+					fmt.Sprintf("invalid statement: expected statement: %v", k.Kind),
+				)
+			}
+
+			stack.Push(stmt)
+		case MarkCompleteState:
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+
+			if stack.Len() == 0 {
+				stack.Push(start)
+			}
+		case SkipState:
+			stack.Push(newSkipStatement(k))
+			s.Skip()
+		case CommentState:
+			if k.Kind == ASTKindStart {
+				stack.Push(k)
+			} else {
+				stack.MarkComplete(k)
+			}
+
+			stmt := newCommentStatement(tok)
+			stack.Push(stmt)
+		default:
+			return nil, NewParseError(
+				fmt.Sprintf("invalid state with ASTKind %v and TokenType %v",
+					k, tok.Type()))
+		}
+
+		if len(tokens) > 0 {
+			tokens = tokens[1:]
+		}
+	}
+
+	// this occurs when a statement has not been completed
+	if stack.top > 1 {
+		return nil, NewParseError(fmt.Sprintf("incomplete ini expression"))
+	}
+
+	// returns a sublist which excludes the start symbol
+	return stack.List(), nil
+}
+
+// trimSpaces will trim spaces on the left and right hand side of
+// the literal.
+func trimSpaces(k AST) AST {
+	// trim left hand side of spaces
+	for i := 0; i < len(k.Root.raw); i++ {
+		if !isWhitespace(k.Root.raw[i]) {
+			break
+		}
+
+		k.Root.raw = k.Root.raw[1:]
+		i--
+	}
+
+	// trim right hand side of spaces
+	for i := len(k.Root.raw) - 1; i >= 0; i-- {
+		if !isWhitespace(k.Root.raw[i]) {
+			break
+		}
+
+		k.Root.raw = k.Root.raw[:len(k.Root.raw)-1]
+	}
+
+	return k
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
new file mode 100644
index 0000000000000..24df543d38cc2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
@@ -0,0 +1,324 @@
+package ini
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+var (
+	runesTrue  = []rune("true")
+	runesFalse = []rune("false")
+)
+
+var literalValues = [][]rune{
+	runesTrue,
+	runesFalse,
+}
+
+func isBoolValue(b []rune) bool {
+	for _, lv := range literalValues {
+		if isLitValue(lv, b) {
+			return true
+		}
+	}
+	return false
+}
+
+func isLitValue(want, have []rune) bool {
+	if len(have) < len(want) {
+		return false
+	}
+
+	for i := 0; i < len(want); i++ {
+		if want[i] != have[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+// isNumberValue will return whether not the leading characters in
+// a byte slice is a number. A number is delimited by whitespace or
+// the newline token.
+//
+// A number is defined to be in a binary, octal, decimal (int | float), hex format,
+// or in scientific notation.
+func isNumberValue(b []rune) bool {
+	negativeIndex := 0
+	helper := numberHelper{}
+	needDigit := false
+
+	for i := 0; i < len(b); i++ {
+		negativeIndex++
+
+		switch b[i] {
+		case '-':
+			if helper.IsNegative() || negativeIndex != 1 {
+				return false
+			}
+			helper.Determine(b[i])
+			needDigit = true
+			continue
+		case 'e', 'E':
+			if err := helper.Determine(b[i]); err != nil {
+				return false
+			}
+			negativeIndex = 0
+			needDigit = true
+			continue
+		case 'b':
+			if helper.numberFormat == hex {
+				break
+			}
+			fallthrough
+		case 'o', 'x':
+			needDigit = true
+			if i == 0 {
+				return false
+			}
+
+			fallthrough
+		case '.':
+			if err := helper.Determine(b[i]); err != nil {
+				return false
+			}
+			needDigit = true
+			continue
+		}
+
+		if i > 0 && (isNewline(b[i:]) || isWhitespace(b[i])) {
+			return !needDigit
+		}
+
+		if !helper.CorrectByte(b[i]) {
+			return false
+		}
+		needDigit = false
+	}
+
+	return !needDigit
+}
+
+func isValid(b []rune) (bool, int, error) {
+	if len(b) == 0 {
+		// TODO: should probably return an error
+		return false, 0, nil
+	}
+
+	return isValidRune(b[0]), 1, nil
+}
+
+func isValidRune(r rune) bool {
+	return r != ':' && r != '=' && r != '[' && r != ']' && r != ' ' && r != '\n'
+}
+
+// ValueType is an enum that will signify what type
+// the Value is
+type ValueType int
+
+func (v ValueType) String() string {
+	switch v {
+	case NoneType:
+		return "NONE"
+	case DecimalType:
+		return "FLOAT"
+	case IntegerType:
+		return "INT"
+	case StringType:
+		return "STRING"
+	case BoolType:
+		return "BOOL"
+	}
+
+	return ""
+}
+
+// ValueType enums
+const (
+	NoneType = ValueType(iota)
+	DecimalType
+	IntegerType
+	StringType
+	QuotedStringType
+	BoolType
+)
+
+// Value is a union container
+type Value struct {
+	Type ValueType
+	raw  []rune
+
+	integer int64
+	decimal float64
+	boolean bool
+	str     string
+}
+
+func newValue(t ValueType, base int, raw []rune) (Value, error) {
+	v := Value{
+		Type: t,
+		raw:  raw,
+	}
+	var err error
+
+	switch t {
+	case DecimalType:
+		v.decimal, err = strconv.ParseFloat(string(raw), 64)
+	case IntegerType:
+		if base != 10 {
+			raw = raw[2:]
+		}
+
+		v.integer, err = strconv.ParseInt(string(raw), base, 64)
+	case StringType:
+		v.str = string(raw)
+	case QuotedStringType:
+		v.str = string(raw[1 : len(raw)-1])
+	case BoolType:
+		v.boolean = runeCompare(v.raw, runesTrue)
+	}
+
+	// issue 2253
+	//
+	// if the value trying to be parsed is too large, then we will use
+	// the 'StringType' and raw value instead.
+	if nerr, ok := err.(*strconv.NumError); ok && nerr.Err == strconv.ErrRange {
+		v.Type = StringType
+		v.str = string(raw)
+		err = nil
+	}
+
+	return v, err
+}
+
+// Append will append values and change the type to a string
+// type.
+func (v *Value) Append(tok Token) {
+	r := tok.Raw()
+	if v.Type != QuotedStringType {
+		v.Type = StringType
+		r = tok.raw[1 : len(tok.raw)-1]
+	}
+	if tok.Type() != TokenLit {
+		v.raw = append(v.raw, tok.Raw()...)
+	} else {
+		v.raw = append(v.raw, r...)
+	}
+}
+
+func (v Value) String() string {
+	switch v.Type {
+	case DecimalType:
+		return fmt.Sprintf("decimal: %f", v.decimal)
+	case IntegerType:
+		return fmt.Sprintf("integer: %d", v.integer)
+	case StringType:
+		return fmt.Sprintf("string: %s", string(v.raw))
+	case QuotedStringType:
+		return fmt.Sprintf("quoted string: %s", string(v.raw))
+	case BoolType:
+		return fmt.Sprintf("bool: %t", v.boolean)
+	default:
+		return "union not set"
+	}
+}
+
+func newLitToken(b []rune) (Token, int, error) {
+	n := 0
+	var err error
+
+	token := Token{}
+	if b[0] == '"' {
+		n, err = getStringValue(b)
+		if err != nil {
+			return token, n, err
+		}
+
+		token = newToken(TokenLit, b[:n], QuotedStringType)
+	} else if isNumberValue(b) {
+		var base int
+		base, n, err = getNumericalValue(b)
+		if err != nil {
+			return token, 0, err
+		}
+
+		value := b[:n]
+		vType := IntegerType
+		if contains(value, '.') || hasExponent(value) {
+			vType = DecimalType
+		}
+		token = newToken(TokenLit, value, vType)
+		token.base = base
+	} else if isBoolValue(b) {
+		n, err = getBoolValue(b)
+
+		token = newToken(TokenLit, b[:n], BoolType)
+	} else {
+		n, err = getValue(b)
+		token = newToken(TokenLit, b[:n], StringType)
+	}
+
+	return token, n, err
+}
+
+// IntValue returns an integer value
+func (v Value) IntValue() int64 {
+	return v.integer
+}
+
+// FloatValue returns a float value
+func (v Value) FloatValue() float64 {
+	return v.decimal
+}
+
+// BoolValue returns a bool value
+func (v Value) BoolValue() bool {
+	return v.boolean
+}
+
+func isTrimmable(r rune) bool {
+	switch r {
+	case '\n', ' ':
+		return true
+	}
+	return false
+}
+
+// StringValue returns the string value
+func (v Value) StringValue() string {
+	switch v.Type {
+	case StringType:
+		return strings.TrimFunc(string(v.raw), isTrimmable)
+	case QuotedStringType:
+		// preserve all characters in the quotes
+		return string(removeEscapedCharacters(v.raw[1 : len(v.raw)-1]))
+	default:
+		return strings.TrimFunc(string(v.raw), isTrimmable)
+	}
+}
+
+func contains(runes []rune, c rune) bool {
+	for i := 0; i < len(runes); i++ {
+		if runes[i] == c {
+			return true
+		}
+	}
+
+	return false
+}
+
+func runeCompare(v1 []rune, v2 []rune) bool {
+	if len(v1) != len(v2) {
+		return false
+	}
+
+	for i := 0; i < len(v1); i++ {
+		if v1[i] != v2[i] {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
new file mode 100644
index 0000000000000..e52ac399f17d4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
@@ -0,0 +1,30 @@
+package ini
+
+func isNewline(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	if b[0] == '\n' {
+		return true
+	}
+
+	if len(b) < 2 {
+		return false
+	}
+
+	return b[0] == '\r' && b[1] == '\n'
+}
+
+func newNewlineToken(b []rune) (Token, int, error) {
+	i := 1
+	if b[0] == '\r' && isNewline(b[1:]) {
+		i++
+	}
+
+	if !isNewline([]rune(b[:i])) {
+		return emptyToken, 0, NewParseError("invalid new line token")
+	}
+
+	return newToken(TokenNL, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
new file mode 100644
index 0000000000000..a45c0bc56622a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
@@ -0,0 +1,152 @@
+package ini
+
+import (
+	"bytes"
+	"fmt"
+	"strconv"
+)
+
+const (
+	none = numberFormat(iota)
+	binary
+	octal
+	decimal
+	hex
+	exponent
+)
+
+type numberFormat int
+
+// numberHelper is used to dictate what format a number is in
+// and what to do for negative values. Since -1e-4 is a valid
+// number, we cannot just simply check for duplicate negatives.
+type numberHelper struct {
+	numberFormat numberFormat
+
+	negative         bool
+	negativeExponent bool
+}
+
+func (b numberHelper) Exists() bool {
+	return b.numberFormat != none
+}
+
+func (b numberHelper) IsNegative() bool {
+	return b.negative || b.negativeExponent
+}
+
+func (b *numberHelper) Determine(c rune) error {
+	if b.Exists() {
+		return NewParseError(fmt.Sprintf("multiple number formats: 0%v", string(c)))
+	}
+
+	switch c {
+	case 'b':
+		b.numberFormat = binary
+	case 'o':
+		b.numberFormat = octal
+	case 'x':
+		b.numberFormat = hex
+	case 'e', 'E':
+		b.numberFormat = exponent
+	case '-':
+		if b.numberFormat != exponent {
+			b.negative = true
+		} else {
+			b.negativeExponent = true
+		}
+	case '.':
+		b.numberFormat = decimal
+	default:
+		return NewParseError(fmt.Sprintf("invalid number character: %v", string(c)))
+	}
+
+	return nil
+}
+
+func (b numberHelper) CorrectByte(c rune) bool {
+	switch {
+	case b.numberFormat == binary:
+		if !isBinaryByte(c) {
+			return false
+		}
+	case b.numberFormat == octal:
+		if !isOctalByte(c) {
+			return false
+		}
+	case b.numberFormat == hex:
+		if !isHexByte(c) {
+			return false
+		}
+	case b.numberFormat == decimal:
+		if !isDigit(c) {
+			return false
+		}
+	case b.numberFormat == exponent:
+		if !isDigit(c) {
+			return false
+		}
+	case b.negativeExponent:
+		if !isDigit(c) {
+			return false
+		}
+	case b.negative:
+		if !isDigit(c) {
+			return false
+		}
+	default:
+		if !isDigit(c) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (b numberHelper) Base() int {
+	switch b.numberFormat {
+	case binary:
+		return 2
+	case octal:
+		return 8
+	case hex:
+		return 16
+	default:
+		return 10
+	}
+}
+
+func (b numberHelper) String() string {
+	buf := bytes.Buffer{}
+	i := 0
+
+	switch b.numberFormat {
+	case binary:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": binary format\n")
+	case octal:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": octal format\n")
+	case hex:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": hex format\n")
+	case exponent:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": exponent format\n")
+	default:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": integer format\n")
+	}
+
+	if b.negative {
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": negative format\n")
+	}
+
+	if b.negativeExponent {
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": negative exponent format\n")
+	}
+
+	return buf.String()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
new file mode 100644
index 0000000000000..8a84c7cbe0809
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
@@ -0,0 +1,39 @@
+package ini
+
+import (
+	"fmt"
+)
+
+var (
+	equalOp      = []rune("=")
+	equalColonOp = []rune(":")
+)
+
+func isOp(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case '=':
+		return true
+	case ':':
+		return true
+	default:
+		return false
+	}
+}
+
+func newOpToken(b []rune) (Token, int, error) {
+	tok := Token{}
+
+	switch b[0] {
+	case '=':
+		tok = newToken(TokenOp, equalOp, NoneType)
+	case ':':
+		tok = newToken(TokenOp, equalColonOp, NoneType)
+	default:
+		return tok, 0, NewParseError(fmt.Sprintf("unexpected op type, %v", b[0]))
+	}
+	return tok, 1, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
new file mode 100644
index 0000000000000..45728701931ce
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
@@ -0,0 +1,43 @@
+package ini
+
+import "fmt"
+
+const (
+	// ErrCodeParseError is returned when a parsing error
+	// has occurred.
+	ErrCodeParseError = "INIParseError"
+)
+
+// ParseError is an error which is returned during any part of
+// the parsing process.
+type ParseError struct {
+	msg string
+}
+
+// NewParseError will return a new ParseError where message
+// is the description of the error.
+func NewParseError(message string) *ParseError {
+	return &ParseError{
+		msg: message,
+	}
+}
+
+// Code will return the ErrCodeParseError
+func (err *ParseError) Code() string {
+	return ErrCodeParseError
+}
+
+// Message returns the error's message
+func (err *ParseError) Message() string {
+	return err.msg
+}
+
+// OrigError return nothing since there will never be any
+// original error.
+func (err *ParseError) OrigError() error {
+	return nil
+}
+
+func (err *ParseError) Error() string {
+	return fmt.Sprintf("%s: %s", err.Code(), err.Message())
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
new file mode 100644
index 0000000000000..7f01cf7c70367
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
@@ -0,0 +1,60 @@
+package ini
+
+import (
+	"bytes"
+	"fmt"
+)
+
+// ParseStack is a stack that contains a container, the stack portion,
+// and the list which is the list of ASTs that have been successfully
+// parsed.
+type ParseStack struct {
+	top       int
+	container []AST
+	list      []AST
+	index     int
+}
+
+func newParseStack(sizeContainer, sizeList int) ParseStack {
+	return ParseStack{
+		container: make([]AST, sizeContainer),
+		list:      make([]AST, sizeList),
+	}
+}
+
+// Pop will return and truncate the last container element.
+func (s *ParseStack) Pop() AST {
+	s.top--
+	return s.container[s.top]
+}
+
+// Push will add the new AST to the container
+func (s *ParseStack) Push(ast AST) {
+	s.container[s.top] = ast
+	s.top++
+}
+
+// MarkComplete will append the AST to the list of completed statements
+func (s *ParseStack) MarkComplete(ast AST) {
+	s.list[s.index] = ast
+	s.index++
+}
+
+// List will return the completed statements
+func (s ParseStack) List() []AST {
+	return s.list[:s.index]
+}
+
+// Len will return the length of the container
+func (s *ParseStack) Len() int {
+	return s.top
+}
+
+func (s ParseStack) String() string {
+	buf := bytes.Buffer{}
+	for i, node := range s.list {
+		buf.WriteString(fmt.Sprintf("%d: %v\n", i+1, node))
+	}
+
+	return buf.String()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
new file mode 100644
index 0000000000000..f82095ba2594e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
@@ -0,0 +1,41 @@
+package ini
+
+import (
+	"fmt"
+)
+
+var (
+	emptyRunes = []rune{}
+)
+
+func isSep(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case '[', ']':
+		return true
+	default:
+		return false
+	}
+}
+
+var (
+	openBrace  = []rune("[")
+	closeBrace = []rune("]")
+)
+
+func newSepToken(b []rune) (Token, int, error) {
+	tok := Token{}
+
+	switch b[0] {
+	case '[':
+		tok = newToken(TokenSep, openBrace, NoneType)
+	case ']':
+		tok = newToken(TokenSep, closeBrace, NoneType)
+	default:
+		return tok, 0, NewParseError(fmt.Sprintf("unexpected sep type, %v", b[0]))
+	}
+	return tok, 1, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
new file mode 100644
index 0000000000000..da7a4049cfae5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
@@ -0,0 +1,45 @@
+package ini
+
+// skipper is used to skip certain blocks of an ini file.
+// Currently skipper is used to skip nested blocks of ini
+// files. See example below
+//
+//	[ foo ]
+//	nested = ; this section will be skipped
+//		a=b
+//		c=d
+//	bar=baz ; this will be included
+type skipper struct {
+	shouldSkip bool
+	TokenSet   bool
+	prevTok    Token
+}
+
+func newSkipper() skipper {
+	return skipper{
+		prevTok: emptyToken,
+	}
+}
+
+func (s *skipper) ShouldSkip(tok Token) bool {
+	// should skip state will be modified only if previous token was new line (NL);
+	// and the current token is not WhiteSpace (WS).
+	if s.shouldSkip &&
+		s.prevTok.Type() == TokenNL &&
+		tok.Type() != TokenWS {
+		s.Continue()
+		return false
+	}
+	s.prevTok = tok
+	return s.shouldSkip
+}
+
+func (s *skipper) Skip() {
+	s.shouldSkip = true
+}
+
+func (s *skipper) Continue() {
+	s.shouldSkip = false
+	// empty token is assigned as we return to default state, when should skip is false
+	s.prevTok = emptyToken
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
new file mode 100644
index 0000000000000..18f3fe893170c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
@@ -0,0 +1,35 @@
+package ini
+
+// Statement is an empty AST mostly used for transitioning states.
+func newStatement() AST {
+	return newAST(ASTKindStatement, AST{})
+}
+
+// SectionStatement represents a section AST
+func newSectionStatement(tok Token) AST {
+	return newASTWithRootToken(ASTKindSectionStatement, tok)
+}
+
+// ExprStatement represents a completed expression AST
+func newExprStatement(ast AST) AST {
+	return newAST(ASTKindExprStatement, ast)
+}
+
+// CommentStatement represents a comment in the ini definition.
+//
+//	grammar:
+//	comment -> #comment' | ;comment'
+//	comment' -> epsilon | value
+func newCommentStatement(tok Token) AST {
+	return newAST(ASTKindCommentStatement, newExpression(tok))
+}
+
+// CompletedSectionStatement represents a completed section
+func newCompletedSectionStatement(ast AST) AST {
+	return newAST(ASTKindCompletedSectionStatement, ast)
+}
+
+// SkipStatement is used to skip whole statements
+func newSkipStatement(ast AST) AST {
+	return newAST(ASTKindSkipStatement, ast)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
new file mode 100644
index 0000000000000..305999d29be08
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
@@ -0,0 +1,284 @@
+package ini
+
+import (
+	"fmt"
+)
+
+// getStringValue will return a quoted string and the amount
+// of bytes read
+//
+// an error will be returned if the string is not properly formatted
+func getStringValue(b []rune) (int, error) {
+	if b[0] != '"' {
+		return 0, NewParseError("strings must start with '\"'")
+	}
+
+	endQuote := false
+	i := 1
+
+	for ; i < len(b) && !endQuote; i++ {
+		if escaped := isEscaped(b[:i], b[i]); b[i] == '"' && !escaped {
+			endQuote = true
+			break
+		} else if escaped {
+			/*c, err := getEscapedByte(b[i])
+			if err != nil {
+				return 0, err
+			}
+
+			b[i-1] = c
+			b = append(b[:i], b[i+1:]...)
+			i--*/
+
+			continue
+		}
+	}
+
+	if !endQuote {
+		return 0, NewParseError("missing '\"' in string value")
+	}
+
+	return i + 1, nil
+}
+
+// getBoolValue will return a boolean and the amount
+// of bytes read
+//
+// an error will be returned if the boolean is not of a correct
+// value
+func getBoolValue(b []rune) (int, error) {
+	if len(b) < 4 {
+		return 0, NewParseError("invalid boolean value")
+	}
+
+	n := 0
+	for _, lv := range literalValues {
+		if len(lv) > len(b) {
+			continue
+		}
+
+		if isLitValue(lv, b) {
+			n = len(lv)
+		}
+	}
+
+	if n == 0 {
+		return 0, NewParseError("invalid boolean value")
+	}
+
+	return n, nil
+}
+
+// getNumericalValue will return a numerical string, the amount
+// of bytes read, and the base of the number
+//
+// an error will be returned if the number is not of a correct
+// value
+func getNumericalValue(b []rune) (int, int, error) {
+	if !isDigit(b[0]) {
+		return 0, 0, NewParseError("invalid digit value")
+	}
+
+	i := 0
+	helper := numberHelper{}
+
+loop:
+	for negativeIndex := 0; i < len(b); i++ {
+		negativeIndex++
+
+		if !isDigit(b[i]) {
+			switch b[i] {
+			case '-':
+				if helper.IsNegative() || negativeIndex != 1 {
+					return 0, 0, NewParseError("parse error '-'")
+				}
+
+				n := getNegativeNumber(b[i:])
+				i += (n - 1)
+				helper.Determine(b[i])
+				continue
+			case '.':
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+			case 'e', 'E':
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+
+				negativeIndex = 0
+			case 'b':
+				if helper.numberFormat == hex {
+					break
+				}
+				fallthrough
+			case 'o', 'x':
+				if i == 0 && b[i] != '0' {
+					return 0, 0, NewParseError("incorrect base format, expected leading '0'")
+				}
+
+				if i != 1 {
+					return 0, 0, NewParseError(fmt.Sprintf("incorrect base format found %s at %d index", string(b[i]), i))
+				}
+
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+			default:
+				if isWhitespace(b[i]) {
+					break loop
+				}
+
+				if isNewline(b[i:]) {
+					break loop
+				}
+
+				if !(helper.numberFormat == hex && isHexByte(b[i])) {
+					if i+2 < len(b) && !isNewline(b[i:i+2]) {
+						return 0, 0, NewParseError("invalid numerical character")
+					} else if !isNewline([]rune{b[i]}) {
+						return 0, 0, NewParseError("invalid numerical character")
+					}
+
+					break loop
+				}
+			}
+		}
+	}
+
+	return helper.Base(), i, nil
+}
+
+// isDigit will return whether or not something is an integer
+func isDigit(b rune) bool {
+	return b >= '0' && b <= '9'
+}
+
+func hasExponent(v []rune) bool {
+	return contains(v, 'e') || contains(v, 'E')
+}
+
+func isBinaryByte(b rune) bool {
+	switch b {
+	case '0', '1':
+		return true
+	default:
+		return false
+	}
+}
+
+func isOctalByte(b rune) bool {
+	switch b {
+	case '0', '1', '2', '3', '4', '5', '6', '7':
+		return true
+	default:
+		return false
+	}
+}
+
+func isHexByte(b rune) bool {
+	if isDigit(b) {
+		return true
+	}
+	return (b >= 'A' && b <= 'F') ||
+		(b >= 'a' && b <= 'f')
+}
+
+func getValue(b []rune) (int, error) {
+	i := 0
+
+	for i < len(b) {
+		if isNewline(b[i:]) {
+			break
+		}
+
+		if isOp(b[i:]) {
+			break
+		}
+
+		valid, n, err := isValid(b[i:])
+		if err != nil {
+			return 0, err
+		}
+
+		if !valid {
+			break
+		}
+
+		i += n
+	}
+
+	return i, nil
+}
+
+// getNegativeNumber will return a negative number from a
+// byte slice. This will iterate through all characters until
+// a non-digit has been found.
+func getNegativeNumber(b []rune) int {
+	if b[0] != '-' {
+		return 0
+	}
+
+	i := 1
+	for ; i < len(b); i++ {
+		if !isDigit(b[i]) {
+			return i
+		}
+	}
+
+	return i
+}
+
+// isEscaped will return whether or not the character is an escaped
+// character.
+func isEscaped(value []rune, b rune) bool {
+	if len(value) == 0 {
+		return false
+	}
+
+	switch b {
+	case '\'': // single quote
+	case '"': // quote
+	case 'n': // newline
+	case 't': // tab
+	case '\\': // backslash
+	default:
+		return false
+	}
+
+	return value[len(value)-1] == '\\'
+}
+
+func getEscapedByte(b rune) (rune, error) {
+	switch b {
+	case '\'': // single quote
+		return '\'', nil
+	case '"': // quote
+		return '"', nil
+	case 'n': // newline
+		return '\n', nil
+	case 't': // table
+		return '\t', nil
+	case '\\': // backslash
+		return '\\', nil
+	default:
+		return b, NewParseError(fmt.Sprintf("invalid escaped character %c", b))
+	}
+}
+
+func removeEscapedCharacters(b []rune) []rune {
+	for i := 0; i < len(b); i++ {
+		if isEscaped(b[:i], b[i]) {
+			c, err := getEscapedByte(b[i])
+			if err != nil {
+				return b
+			}
+
+			b[i-1] = c
+			b = append(b[:i], b[i+1:]...)
+			i--
+		}
+	}
+
+	return b
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
new file mode 100644
index 0000000000000..94841c32443c8
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
@@ -0,0 +1,166 @@
+package ini
+
+import (
+	"fmt"
+	"sort"
+)
+
+// Visitor is an interface used by walkers that will
+// traverse an array of ASTs.
+type Visitor interface {
+	VisitExpr(AST) error
+	VisitStatement(AST) error
+}
+
+// DefaultVisitor is used to visit statements and expressions
+// and ensure that they are both of the correct format.
+// In addition, upon visiting this will build sections and populate
+// the Sections field which can be used to retrieve profile
+// configuration.
+type DefaultVisitor struct {
+	scope    string
+	Sections Sections
+}
+
+// NewDefaultVisitor return a DefaultVisitor
+func NewDefaultVisitor() *DefaultVisitor {
+	return &DefaultVisitor{
+		Sections: Sections{
+			container: map[string]Section{},
+		},
+	}
+}
+
+// VisitExpr visits expressions...
+func (v *DefaultVisitor) VisitExpr(expr AST) error {
+	t := v.Sections.container[v.scope]
+	if t.values == nil {
+		t.values = values{}
+	}
+
+	switch expr.Kind {
+	case ASTKindExprStatement:
+		opExpr := expr.GetRoot()
+		switch opExpr.Kind {
+		case ASTKindEqualExpr:
+			children := opExpr.GetChildren()
+			if len(children) <= 1 {
+				return NewParseError("unexpected token type")
+			}
+
+			rhs := children[1]
+
+			if rhs.Root.Type() != TokenLit {
+				return NewParseError("unexpected token type")
+			}
+
+			key := EqualExprKey(opExpr)
+			v, err := newValue(rhs.Root.ValueType, rhs.Root.base, rhs.Root.Raw())
+			if err != nil {
+				return err
+			}
+
+			t.values[key] = v
+		default:
+			return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
+		}
+	default:
+		return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
+	}
+
+	v.Sections.container[v.scope] = t
+	return nil
+}
+
+// VisitStatement visits statements...
+func (v *DefaultVisitor) VisitStatement(stmt AST) error {
+	switch stmt.Kind {
+	case ASTKindCompletedSectionStatement:
+		child := stmt.GetRoot()
+		if child.Kind != ASTKindSectionStatement {
+			return NewParseError(fmt.Sprintf("unsupported child statement: %T", child))
+		}
+
+		name := string(child.Root.Raw())
+		v.Sections.container[name] = Section{}
+		v.scope = name
+	default:
+		return NewParseError(fmt.Sprintf("unsupported statement: %s", stmt.Kind))
+	}
+
+	return nil
+}
+
+// Sections is a map of Section structures that represent
+// a configuration.
+type Sections struct {
+	container map[string]Section
+}
+
+// GetSection will return section p. If section p does not exist,
+// false will be returned in the second parameter.
+func (t Sections) GetSection(p string) (Section, bool) {
+	v, ok := t.container[p]
+	return v, ok
+}
+
+// values represents a map of union values.
+type values map[string]Value
+
+// List will return a list of all sections that were successfully
+// parsed.
+func (t Sections) List() []string {
+	keys := make([]string, len(t.container))
+	i := 0
+	for k := range t.container {
+		keys[i] = k
+		i++
+	}
+
+	sort.Strings(keys)
+	return keys
+}
+
+// Section contains a name and values. This represent
+// a sectioned entry in a configuration file.
+type Section struct {
+	Name   string
+	values values
+}
+
+// Has will return whether or not an entry exists in a given section
+func (t Section) Has(k string) bool {
+	_, ok := t.values[k]
+	return ok
+}
+
+// ValueType will returned what type the union is set to. If
+// k was not found, the NoneType will be returned.
+func (t Section) ValueType(k string) (ValueType, bool) {
+	v, ok := t.values[k]
+	return v.Type, ok
+}
+
+// Bool returns a bool value at k
+func (t Section) Bool(k string) bool {
+	return t.values[k].BoolValue()
+}
+
+// Int returns an integer value at k
+func (t Section) Int(k string) int64 {
+	return t.values[k].IntValue()
+}
+
+// Float64 returns a float value at k
+func (t Section) Float64(k string) float64 {
+	return t.values[k].FloatValue()
+}
+
+// String returns the string value at k
+func (t Section) String(k string) string {
+	_, ok := t.values[k]
+	if !ok {
+		return ""
+	}
+	return t.values[k].StringValue()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
new file mode 100644
index 0000000000000..99915f7f777ce
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
@@ -0,0 +1,25 @@
+package ini
+
+// Walk will traverse the AST using the v, the Visitor.
+func Walk(tree []AST, v Visitor) error {
+	for _, node := range tree {
+		switch node.Kind {
+		case ASTKindExpr,
+			ASTKindExprStatement:
+
+			if err := v.VisitExpr(node); err != nil {
+				return err
+			}
+		case ASTKindStatement,
+			ASTKindCompletedSectionStatement,
+			ASTKindNestedSectionStatement,
+			ASTKindCompletedNestedSectionStatement:
+
+			if err := v.VisitStatement(node); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
new file mode 100644
index 0000000000000..7ffb4ae06ff0c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
@@ -0,0 +1,24 @@
+package ini
+
+import (
+	"unicode"
+)
+
+// isWhitespace will return whether or not the character is
+// a whitespace character.
+//
+// Whitespace is defined as a space or tab.
+func isWhitespace(c rune) bool {
+	return unicode.IsSpace(c) && c != '\n' && c != '\r'
+}
+
+func newWSToken(b []rune) (Token, int, error) {
+	i := 0
+	for ; i < len(b); i++ {
+		if !isWhitespace(b[i]) {
+			break
+		}
+	}
+
+	return newToken(TokenWS, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
new file mode 100644
index 0000000000000..6c443988bbc9a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
@@ -0,0 +1,12 @@
+package sdkio
+
+const (
+	// Byte is 8 bits
+	Byte int64 = 1
+	// KibiByte (KiB) is 1024 Bytes
+	KibiByte = Byte * 1024
+	// MebiByte (MiB) is 1024 KiB
+	MebiByte = KibiByte * 1024
+	// GibiByte (GiB) is 1024 MiB
+	GibiByte = MebiByte * 1024
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
new file mode 100644
index 0000000000000..5aa9137e0f936
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
@@ -0,0 +1,10 @@
+// +build !go1.7
+
+package sdkio
+
+// Copy of Go 1.7 io package's Seeker constants.
+const (
+	SeekStart   = 0 // seek relative to the origin of the file
+	SeekCurrent = 1 // seek relative to the current offset
+	SeekEnd     = 2 // seek relative to the end
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
new file mode 100644
index 0000000000000..e5f005613b796
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
@@ -0,0 +1,12 @@
+// +build go1.7
+
+package sdkio
+
+import "io"
+
+// Alias for Go 1.7 io package Seeker constants
+const (
+	SeekStart   = io.SeekStart   // seek relative to the origin of the file
+	SeekCurrent = io.SeekCurrent // seek relative to the current offset
+	SeekEnd     = io.SeekEnd     // seek relative to the end
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
new file mode 100644
index 0000000000000..44898eed0fdd7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
@@ -0,0 +1,15 @@
+// +build go1.10
+
+package sdkmath
+
+import "math"
+
+// Round returns the nearest integer, rounding half away from zero.
+//
+// Special cases are:
+//	Round(±0) = ±0
+//	Round(±Inf) = ±Inf
+//	Round(NaN) = NaN
+func Round(x float64) float64 {
+	return math.Round(x)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
new file mode 100644
index 0000000000000..810ec7f08b004
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
@@ -0,0 +1,56 @@
+// +build !go1.10
+
+package sdkmath
+
+import "math"
+
+// Copied from the Go standard library's (Go 1.12) math/floor.go for use in
+// Go version prior to Go 1.10.
+const (
+	uvone    = 0x3FF0000000000000
+	mask     = 0x7FF
+	shift    = 64 - 11 - 1
+	bias     = 1023
+	signMask = 1 << 63
+	fracMask = 1<<shift - 1
+)
+
+// Round returns the nearest integer, rounding half away from zero.
+//
+// Special cases are:
+//	Round(±0) = ±0
+//	Round(±Inf) = ±Inf
+//	Round(NaN) = NaN
+//
+// Copied from the Go standard library's (Go 1.12) math/floor.go for use in
+// Go version prior to Go 1.10.
+func Round(x float64) float64 {
+	// Round is a faster implementation of:
+	//
+	// func Round(x float64) float64 {
+	//   t := Trunc(x)
+	//   if Abs(x-t) >= 0.5 {
+	//     return t + Copysign(1, x)
+	//   }
+	//   return t
+	// }
+	bits := math.Float64bits(x)
+	e := uint(bits>>shift) & mask
+	if e < bias {
+		// Round abs(x) < 1 including denormals.
+		bits &= signMask // +-0
+		if e == bias-1 {
+			bits |= uvone // +-1
+		}
+	} else if e < bias+shift {
+		// Round any abs(x) >= 1 containing a fractional component [0,1).
+		//
+		// Numbers with larger exponents are returned unchanged since they
+		// must be either an integer, infinity, or NaN.
+		const half = 1 << (shift - 1)
+		e -= bias
+		bits += half >> e
+		bits &^= fracMask >> e
+	}
+	return math.Float64frombits(bits)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go
new file mode 100644
index 0000000000000..0c9802d877066
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go
@@ -0,0 +1,29 @@
+package sdkrand
+
+import (
+	"math/rand"
+	"sync"
+	"time"
+)
+
+// lockedSource is a thread-safe implementation of rand.Source
+type lockedSource struct {
+	lk  sync.Mutex
+	src rand.Source
+}
+
+func (r *lockedSource) Int63() (n int64) {
+	r.lk.Lock()
+	n = r.src.Int63()
+	r.lk.Unlock()
+	return
+}
+
+func (r *lockedSource) Seed(seed int64) {
+	r.lk.Lock()
+	r.src.Seed(seed)
+	r.lk.Unlock()
+}
+
+// SeededRand is a new RNG using a thread safe implementation of rand.Source
+var SeededRand = rand.New(&lockedSource{src: rand.NewSource(time.Now().UnixNano())})
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
new file mode 100644
index 0000000000000..f4651da2da58b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
@@ -0,0 +1,11 @@
+// +build go1.6
+
+package sdkrand
+
+import "math/rand"
+
+// Read provides the stub for math.Rand.Read method support for go version's
+// 1.6 and greater.
+func Read(r *rand.Rand, p []byte) (int, error) {
+	return r.Read(p)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
new file mode 100644
index 0000000000000..b1d93a33d48a3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
@@ -0,0 +1,24 @@
+// +build !go1.6
+
+package sdkrand
+
+import "math/rand"
+
+// Read backfills Go 1.6's math.Rand.Reader for Go 1.5
+func Read(r *rand.Rand, p []byte) (n int, err error) {
+	// Copy of Go standard libraries math package's read function not added to
+	// standard library until Go 1.6.
+	var pos int8
+	var val int64
+	for n = 0; n < len(p); n++ {
+		if pos == 0 {
+			val = r.Int63()
+			pos = 7
+		}
+		p[n] = byte(val)
+		val >>= 8
+		pos--
+	}
+
+	return n, err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go
new file mode 100644
index 0000000000000..38ea61afeaa63
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go
@@ -0,0 +1,23 @@
+package sdkuri
+
+import (
+	"path"
+	"strings"
+)
+
+// PathJoin will join the elements of the path delimited by the "/"
+// character. Similar to path.Join with the exception the trailing "/"
+// character is preserved if present.
+func PathJoin(elems ...string) string {
+	if len(elems) == 0 {
+		return ""
+	}
+
+	hasTrailing := strings.HasSuffix(elems[len(elems)-1], "/")
+	str := path.Join(elems...)
+	if hasTrailing && str != "/" {
+		str += "/"
+	}
+
+	return str
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
new file mode 100644
index 0000000000000..7da8a49ce522a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
@@ -0,0 +1,12 @@
+package shareddefaults
+
+const (
+	// ECSCredsProviderEnvVar is an environmental variable key used to
+	// determine which path needs to be hit.
+	ECSCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+)
+
+// ECSContainerCredentialsURI is the endpoint to retrieve container
+// credentials. This can be overridden to test to ensure the credential process
+// is behaving correctly.
+var ECSContainerCredentialsURI = "http://169.254.170.2"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
new file mode 100644
index 0000000000000..d008ae27cb319
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
@@ -0,0 +1,11 @@
+package strings
+
+import (
+	"strings"
+)
+
+// HasPrefixFold tests whether the string s begins with prefix, interpreted as UTF-8 strings,
+// under Unicode case-folding.
+func HasPrefixFold(s, prefix string) bool {
+	return len(s) >= len(prefix) && strings.EqualFold(s[0:len(prefix)], prefix)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
new file mode 100644
index 0000000000000..d7d42db0a6a5e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
@@ -0,0 +1,68 @@
+package protocol
+
+import (
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// ValidateEndpointHostHandler is a request handler that will validate the
+// request endpoint's hosts is a valid RFC 3986 host.
+var ValidateEndpointHostHandler = request.NamedHandler{
+	Name: "awssdk.protocol.ValidateEndpointHostHandler",
+	Fn: func(r *request.Request) {
+		err := ValidateEndpointHost(r.Operation.Name, r.HTTPRequest.URL.Host)
+		if err != nil {
+			r.Error = err
+		}
+	},
+}
+
+// ValidateEndpointHost validates that the host string passed in is a valid RFC
+// 3986 host. Returns error if the host is not valid.
+func ValidateEndpointHost(opName, host string) error {
+	paramErrs := request.ErrInvalidParams{Context: opName}
+	labels := strings.Split(host, ".")
+
+	for i, label := range labels {
+		if i == len(labels)-1 && len(label) == 0 {
+			// Allow trailing dot for FQDN hosts.
+			continue
+		}
+
+		if !ValidHostLabel(label) {
+			paramErrs.Add(request.NewErrParamFormat(
+				"endpoint host label", "[a-zA-Z0-9-]{1,63}", label))
+		}
+	}
+
+	if len(host) > 255 {
+		paramErrs.Add(request.NewErrParamMaxLen(
+			"endpoint host", 255, host,
+		))
+	}
+
+	if paramErrs.Len() > 0 {
+		return paramErrs
+	}
+	return nil
+}
+
+// ValidHostLabel returns if the label is a valid RFC 3986 host label.
+func ValidHostLabel(label string) bool {
+	if l := len(label); l == 0 || l > 63 {
+		return false
+	}
+	for _, r := range label {
+		switch {
+		case r >= '0' && r <= '9':
+		case r >= 'A' && r <= 'Z':
+		case r >= 'a' && r <= 'z':
+		case r == '-':
+		default:
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
new file mode 100644
index 0000000000000..915b0fcafd73f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
@@ -0,0 +1,54 @@
+package protocol
+
+import (
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// HostPrefixHandlerName is the handler name for the host prefix request
+// handler.
+const HostPrefixHandlerName = "awssdk.endpoint.HostPrefixHandler"
+
+// NewHostPrefixHandler constructs a build handler
+func NewHostPrefixHandler(prefix string, labelsFn func() map[string]string) request.NamedHandler {
+	builder := HostPrefixBuilder{
+		Prefix:   prefix,
+		LabelsFn: labelsFn,
+	}
+
+	return request.NamedHandler{
+		Name: HostPrefixHandlerName,
+		Fn:   builder.Build,
+	}
+}
+
+// HostPrefixBuilder provides the request handler to expand and prepend
+// the host prefix into the operation's request endpoint host.
+type HostPrefixBuilder struct {
+	Prefix   string
+	LabelsFn func() map[string]string
+}
+
+// Build updates the passed in Request with the HostPrefix template expanded.
+func (h HostPrefixBuilder) Build(r *request.Request) {
+	if aws.BoolValue(r.Config.DisableEndpointHostPrefix) {
+		return
+	}
+
+	var labels map[string]string
+	if h.LabelsFn != nil {
+		labels = h.LabelsFn()
+	}
+
+	prefix := h.Prefix
+	for name, value := range labels {
+		prefix = strings.Replace(prefix, "{"+name+"}", value, -1)
+	}
+
+	r.HTTPRequest.URL.Host = prefix + r.HTTPRequest.URL.Host
+	if len(r.HTTPRequest.Host) > 0 {
+		r.HTTPRequest.Host = prefix + r.HTTPRequest.Host
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
index ec765ba257ed5..864fb6704b479 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
@@ -216,7 +216,17 @@ func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) erro
 	default:
 		switch converted := value.Interface().(type) {
 		case time.Time:
-			buf.Write(strconv.AppendInt(scratch[:0], converted.UTC().Unix(), 10))
+			format := tag.Get("timestampFormat")
+			if len(format) == 0 {
+				format = protocol.UnixTimeFormatName
+			}
+
+			ts := protocol.FormatTime(format, converted)
+			if format != protocol.UnixTimeFormatName {
+				ts = `"` + ts + `"`
+			}
+
+			buf.WriteString(ts)
 		case []byte:
 			if !value.IsNil() {
 				buf.WriteByte('"')
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
index 037e1e7be78df..5e9499699bace 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
@@ -1,39 +1,76 @@
 package jsonutil
 
 import (
+	"bytes"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
+// UnmarshalJSONError unmarshal's the reader's JSON document into the passed in
+// type. The value to unmarshal the json document into must be a pointer to the
+// type.
+func UnmarshalJSONError(v interface{}, stream io.Reader) error {
+	var errBuf bytes.Buffer
+	body := io.TeeReader(stream, &errBuf)
+
+	err := json.NewDecoder(body).Decode(v)
+	if err != nil {
+		msg := "failed decoding error message"
+		if err == io.EOF {
+			msg = "error message missing"
+			err = nil
+		}
+		return awserr.NewUnmarshalError(err, msg, errBuf.Bytes())
+	}
+
+	return nil
+}
+
 // UnmarshalJSON reads a stream and unmarshals the results in object v.
 func UnmarshalJSON(v interface{}, stream io.Reader) error {
 	var out interface{}
 
-	b, err := ioutil.ReadAll(stream)
-	if err != nil {
+	err := json.NewDecoder(stream).Decode(&out)
+	if err == io.EOF {
+		return nil
+	} else if err != nil {
 		return err
 	}
 
-	if len(b) == 0 {
-		return nil
-	}
+	return unmarshaler{}.unmarshalAny(reflect.ValueOf(v), out, "")
+}
+
+// UnmarshalJSONCaseInsensitive reads a stream and unmarshals the result into the
+// object v. Ignores casing for structure members.
+func UnmarshalJSONCaseInsensitive(v interface{}, stream io.Reader) error {
+	var out interface{}
 
-	if err := json.Unmarshal(b, &out); err != nil {
+	err := json.NewDecoder(stream).Decode(&out)
+	if err == io.EOF {
+		return nil
+	} else if err != nil {
 		return err
 	}
 
-	return unmarshalAny(reflect.ValueOf(v), out, "")
+	return unmarshaler{
+		caseInsensitive: true,
+	}.unmarshalAny(reflect.ValueOf(v), out, "")
+}
+
+type unmarshaler struct {
+	caseInsensitive bool
 }
 
-func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
 	vtype := value.Type()
 	if vtype.Kind() == reflect.Ptr {
 		vtype = vtype.Elem() // check kind of actual element type
@@ -65,17 +102,17 @@ func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag)
 		if field, ok := vtype.FieldByName("_"); ok {
 			tag = field.Tag
 		}
-		return unmarshalStruct(value, data, tag)
+		return u.unmarshalStruct(value, data, tag)
 	case "list":
-		return unmarshalList(value, data, tag)
+		return u.unmarshalList(value, data, tag)
 	case "map":
-		return unmarshalMap(value, data, tag)
+		return u.unmarshalMap(value, data, tag)
 	default:
-		return unmarshalScalar(value, data, tag)
+		return u.unmarshalScalar(value, data, tag)
 	}
 }
 
-func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
 	if data == nil {
 		return nil
 	}
@@ -99,7 +136,7 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
 	// unwrap any payloads
 	if payload := tag.Get("payload"); payload != "" {
 		field, _ := t.FieldByName(payload)
-		return unmarshalAny(value.FieldByName(payload), data, field.Tag)
+		return u.unmarshalAny(value.FieldByName(payload), data, field.Tag)
 	}
 
 	for i := 0; i < t.NumField(); i++ {
@@ -113,9 +150,19 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
 		if locName := field.Tag.Get("locationName"); locName != "" {
 			name = locName
 		}
+		if u.caseInsensitive {
+			if _, ok := mapData[name]; !ok {
+				// Fallback to uncased name search if the exact name didn't match.
+				for kn, v := range mapData {
+					if strings.EqualFold(kn, name) {
+						mapData[name] = v
+					}
+				}
+			}
+		}
 
 		member := value.FieldByIndex(field.Index)
-		err := unmarshalAny(member, mapData[name], field.Tag)
+		err := u.unmarshalAny(member, mapData[name], field.Tag)
 		if err != nil {
 			return err
 		}
@@ -123,7 +170,7 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
 	return nil
 }
 
-func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
 	if data == nil {
 		return nil
 	}
@@ -138,7 +185,7 @@ func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag)
 	}
 
 	for i, c := range listData {
-		err := unmarshalAny(value.Index(i), c, "")
+		err := u.unmarshalAny(value.Index(i), c, "")
 		if err != nil {
 			return err
 		}
@@ -147,7 +194,7 @@ func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag)
 	return nil
 }
 
-func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
 	if data == nil {
 		return nil
 	}
@@ -164,17 +211,14 @@ func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag)
 		kvalue := reflect.ValueOf(k)
 		vvalue := reflect.New(value.Type().Elem()).Elem()
 
-		unmarshalAny(vvalue, v, "")
+		u.unmarshalAny(vvalue, v, "")
 		value.SetMapIndex(kvalue, vvalue)
 	}
 
 	return nil
 }
 
-func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
-	errf := func() error {
-		return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
-	}
+func (u unmarshaler) unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
 
 	switch d := data.(type) {
 	case nil:
@@ -189,6 +233,17 @@ func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTa
 				return err
 			}
 			value.Set(reflect.ValueOf(b))
+		case *time.Time:
+			format := tag.Get("timestampFormat")
+			if len(format) == 0 {
+				format = protocol.ISO8601TimeFormatName
+			}
+
+			t, err := protocol.ParseTime(format, d)
+			if err != nil {
+				return err
+			}
+			value.Set(reflect.ValueOf(&t))
 		case aws.JSONValue:
 			// No need to use escaping as the value is a non-quoted string.
 			v, err := protocol.DecodeJSONValue(d, protocol.NoEscape)
@@ -197,7 +252,7 @@ func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTa
 			}
 			value.Set(reflect.ValueOf(v))
 		default:
-			return errf()
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
 		}
 	case float64:
 		switch value.Interface().(type) {
@@ -207,17 +262,18 @@ func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTa
 		case *float64:
 			value.Set(reflect.ValueOf(&d))
 		case *time.Time:
+			// Time unmarshaled from a float64 can only be epoch seconds
 			t := time.Unix(int64(d), 0).UTC()
 			value.Set(reflect.ValueOf(&t))
 		default:
-			return errf()
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
 		}
 	case bool:
 		switch value.Interface().(type) {
 		case *bool:
 			value.Set(reflect.ValueOf(&d))
 		default:
-			return errf()
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
 		}
 	default:
 		return fmt.Errorf("unsupported JSON value (%v)", data)
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
index 56af4dc4426c5..89cfda75f668e 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
@@ -6,10 +6,6 @@ package jsonrpc
 //go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/json.json unmarshal_test.go
 
 import (
-	"encoding/json"
-	"io/ioutil"
-	"strings"
-
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
@@ -18,17 +14,26 @@ import (
 
 var emptyJSON = []byte("{}")
 
-// BuildHandler is a named request handler for building jsonrpc protocol requests
-var BuildHandler = request.NamedHandler{Name: "awssdk.jsonrpc.Build", Fn: Build}
-
-// UnmarshalHandler is a named request handler for unmarshaling jsonrpc protocol requests
-var UnmarshalHandler = request.NamedHandler{Name: "awssdk.jsonrpc.Unmarshal", Fn: Unmarshal}
+// BuildHandler is a named request handler for building jsonrpc protocol
+// requests
+var BuildHandler = request.NamedHandler{
+	Name: "awssdk.jsonrpc.Build",
+	Fn:   Build,
+}
 
-// UnmarshalMetaHandler is a named request handler for unmarshaling jsonrpc protocol request metadata
-var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.jsonrpc.UnmarshalMeta", Fn: UnmarshalMeta}
+// UnmarshalHandler is a named request handler for unmarshaling jsonrpc
+// protocol requests
+var UnmarshalHandler = request.NamedHandler{
+	Name: "awssdk.jsonrpc.Unmarshal",
+	Fn:   Unmarshal,
+}
 
-// UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc protocol request errors
-var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.jsonrpc.UnmarshalError", Fn: UnmarshalError}
+// UnmarshalMetaHandler is a named request handler for unmarshaling jsonrpc
+// protocol request metadata
+var UnmarshalMetaHandler = request.NamedHandler{
+	Name: "awssdk.jsonrpc.UnmarshalMeta",
+	Fn:   UnmarshalMeta,
+}
 
 // Build builds a JSON payload for a JSON RPC request.
 func Build(req *request.Request) {
@@ -37,7 +42,7 @@ func Build(req *request.Request) {
 	if req.ParamsFilled() {
 		buf, err = jsonutil.BuildJSON(req.Params)
 		if err != nil {
-			req.Error = awserr.New("SerializationError", "failed encoding JSON RPC request", err)
+			req.Error = awserr.New(request.ErrCodeSerialization, "failed encoding JSON RPC request", err)
 			return
 		}
 	} else {
@@ -52,9 +57,12 @@ func Build(req *request.Request) {
 		target := req.ClientInfo.TargetPrefix + "." + req.Operation.Name
 		req.HTTPRequest.Header.Add("X-Amz-Target", target)
 	}
-	if req.ClientInfo.JSONVersion != "" {
+
+	// Only set the content type if one is not already specified and an
+	// JSONVersion is specified.
+	if ct, v := req.HTTPRequest.Header.Get("Content-Type"), req.ClientInfo.JSONVersion; len(ct) == 0 && len(v) != 0 {
 		jsonVersion := req.ClientInfo.JSONVersion
-		req.HTTPRequest.Header.Add("Content-Type", "application/x-amz-json-"+jsonVersion)
+		req.HTTPRequest.Header.Set("Content-Type", "application/x-amz-json-"+jsonVersion)
 	}
 }
 
@@ -64,7 +72,11 @@ func Unmarshal(req *request.Request) {
 	if req.DataFilled() {
 		err := jsonutil.UnmarshalJSON(req.Data, req.HTTPResponse.Body)
 		if err != nil {
-			req.Error = awserr.New("SerializationError", "failed decoding JSON RPC response", err)
+			req.Error = awserr.NewRequestFailure(
+				awserr.New(request.ErrCodeSerialization, "failed decoding JSON RPC response", err),
+				req.HTTPResponse.StatusCode,
+				req.RequestID,
+			)
 		}
 	}
 	return
@@ -74,38 +86,3 @@ func Unmarshal(req *request.Request) {
 func UnmarshalMeta(req *request.Request) {
 	rest.UnmarshalMeta(req)
 }
-
-// UnmarshalError unmarshals an error response for a JSON RPC service.
-func UnmarshalError(req *request.Request) {
-	defer req.HTTPResponse.Body.Close()
-	bodyBytes, err := ioutil.ReadAll(req.HTTPResponse.Body)
-	if err != nil {
-		req.Error = awserr.New("SerializationError", "failed reading JSON RPC error response", err)
-		return
-	}
-	if len(bodyBytes) == 0 {
-		req.Error = awserr.NewRequestFailure(
-			awserr.New("SerializationError", req.HTTPResponse.Status, nil),
-			req.HTTPResponse.StatusCode,
-			"",
-		)
-		return
-	}
-	var jsonErr jsonErrorResponse
-	if err := json.Unmarshal(bodyBytes, &jsonErr); err != nil {
-		req.Error = awserr.New("SerializationError", "failed decoding JSON RPC error response", err)
-		return
-	}
-
-	codes := strings.SplitN(jsonErr.Code, "#", 2)
-	req.Error = awserr.NewRequestFailure(
-		awserr.New(codes[len(codes)-1], jsonErr.Message, nil),
-		req.HTTPResponse.StatusCode,
-		req.RequestID,
-	)
-}
-
-type jsonErrorResponse struct {
-	Code    string `json:"__type"`
-	Message string `json:"message"`
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
new file mode 100644
index 0000000000000..c0c52e2db0f37
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
@@ -0,0 +1,107 @@
+package jsonrpc
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol"
+	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
+)
+
+// UnmarshalTypedError provides unmarshaling errors API response errors
+// for both typed and untyped errors.
+type UnmarshalTypedError struct {
+	exceptions map[string]func(protocol.ResponseMetadata) error
+}
+
+// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
+// set of exception names to the error unmarshalers
+func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
+	return &UnmarshalTypedError{
+		exceptions: exceptions,
+	}
+}
+
+// UnmarshalError attempts to unmarshal the HTTP response error as a known
+// error type. If unable to unmarshal the error type, the generic SDK error
+// type will be used.
+func (u *UnmarshalTypedError) UnmarshalError(
+	resp *http.Response,
+	respMeta protocol.ResponseMetadata,
+) (error, error) {
+
+	var buf bytes.Buffer
+	var jsonErr jsonErrorResponse
+	teeReader := io.TeeReader(resp.Body, &buf)
+	err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader)
+	if err != nil {
+		return nil, err
+	}
+	body := ioutil.NopCloser(&buf)
+
+	// Code may be separated by hash(#), with the last element being the code
+	// used by the SDK.
+	codeParts := strings.SplitN(jsonErr.Code, "#", 2)
+	code := codeParts[len(codeParts)-1]
+	msg := jsonErr.Message
+
+	if fn, ok := u.exceptions[code]; ok {
+		// If exception code is know, use associated constructor to get a value
+		// for the exception that the JSON body can be unmarshaled into.
+		v := fn(respMeta)
+		err := jsonutil.UnmarshalJSONCaseInsensitive(v, body)
+		if err != nil {
+			return nil, err
+		}
+
+		return v, nil
+	}
+
+	// fallback to unmodeled generic exceptions
+	return awserr.NewRequestFailure(
+		awserr.New(code, msg, nil),
+		respMeta.StatusCode,
+		respMeta.RequestID,
+	), nil
+}
+
+// UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc
+// protocol request errors
+var UnmarshalErrorHandler = request.NamedHandler{
+	Name: "awssdk.jsonrpc.UnmarshalError",
+	Fn:   UnmarshalError,
+}
+
+// UnmarshalError unmarshals an error response for a JSON RPC service.
+func UnmarshalError(req *request.Request) {
+	defer req.HTTPResponse.Body.Close()
+
+	var jsonErr jsonErrorResponse
+	err := jsonutil.UnmarshalJSONError(&jsonErr, req.HTTPResponse.Body)
+	if err != nil {
+		req.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization,
+				"failed to unmarshal error message", err),
+			req.HTTPResponse.StatusCode,
+			req.RequestID,
+		)
+		return
+	}
+
+	codes := strings.SplitN(jsonErr.Code, "#", 2)
+	req.Error = awserr.NewRequestFailure(
+		awserr.New(codes[len(codes)-1], jsonErr.Message, nil),
+		req.HTTPResponse.StatusCode,
+		req.RequestID,
+	)
+}
+
+type jsonErrorResponse struct {
+	Code    string `json:"__type"`
+	Message string `json:"message"`
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
new file mode 100644
index 0000000000000..0ea0647a57dff
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
@@ -0,0 +1,81 @@
+package protocol
+
+import (
+	"io"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// PayloadUnmarshaler provides the interface for unmarshaling a payload's
+// reader into a SDK shape.
+type PayloadUnmarshaler interface {
+	UnmarshalPayload(io.Reader, interface{}) error
+}
+
+// HandlerPayloadUnmarshal implements the PayloadUnmarshaler from a
+// HandlerList. This provides the support for unmarshaling a payload reader to
+// a shape without needing a SDK request first.
+type HandlerPayloadUnmarshal struct {
+	Unmarshalers request.HandlerList
+}
+
+// UnmarshalPayload unmarshals the io.Reader payload into the SDK shape using
+// the Unmarshalers HandlerList provided. Returns an error if unable
+// unmarshaling fails.
+func (h HandlerPayloadUnmarshal) UnmarshalPayload(r io.Reader, v interface{}) error {
+	req := &request.Request{
+		HTTPRequest: &http.Request{},
+		HTTPResponse: &http.Response{
+			StatusCode: 200,
+			Header:     http.Header{},
+			Body:       ioutil.NopCloser(r),
+		},
+		Data: v,
+	}
+
+	h.Unmarshalers.Run(req)
+
+	return req.Error
+}
+
+// PayloadMarshaler provides the interface for marshaling a SDK shape into and
+// io.Writer.
+type PayloadMarshaler interface {
+	MarshalPayload(io.Writer, interface{}) error
+}
+
+// HandlerPayloadMarshal implements the PayloadMarshaler from a HandlerList.
+// This provides support for marshaling a SDK shape into an io.Writer without
+// needing a SDK request first.
+type HandlerPayloadMarshal struct {
+	Marshalers request.HandlerList
+}
+
+// MarshalPayload marshals the SDK shape into the io.Writer using the
+// Marshalers HandlerList provided. Returns an error if unable if marshal
+// fails.
+func (h HandlerPayloadMarshal) MarshalPayload(w io.Writer, v interface{}) error {
+	req := request.New(
+		aws.Config{},
+		metadata.ClientInfo{},
+		request.Handlers{},
+		nil,
+		&request.Operation{HTTPMethod: "PUT"},
+		v,
+		nil,
+	)
+
+	h.Marshalers.Run(req)
+
+	if req.Error != nil {
+		return req.Error
+	}
+
+	io.Copy(w, req.GetBody())
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
new file mode 100644
index 0000000000000..9d521dcb950ae
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
@@ -0,0 +1,49 @@
+package protocol
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// RequireHTTPMinProtocol request handler is used to enforce that
+// the target endpoint supports the given major and minor HTTP protocol version.
+type RequireHTTPMinProtocol struct {
+	Major, Minor int
+}
+
+// Handler will mark the request.Request with an error if the
+// target endpoint did not connect with the required HTTP protocol
+// major and minor version.
+func (p RequireHTTPMinProtocol) Handler(r *request.Request) {
+	if r.Error != nil || r.HTTPResponse == nil {
+		return
+	}
+
+	if !strings.HasPrefix(r.HTTPResponse.Proto, "HTTP") {
+		r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
+	}
+
+	if r.HTTPResponse.ProtoMajor < p.Major || r.HTTPResponse.ProtoMinor < p.Minor {
+		r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
+	}
+}
+
+// ErrCodeMinimumHTTPProtocolError error code is returned when the target endpoint
+// did not match the required HTTP major and minor protocol version.
+const ErrCodeMinimumHTTPProtocolError = "MinimumHTTPProtocolError"
+
+func newMinHTTPProtoError(major, minor int, r *request.Request) error {
+	return awserr.NewRequestFailure(
+		awserr.New("MinimumHTTPProtocolError",
+			fmt.Sprintf(
+				"operation requires minimum HTTP protocol of HTTP/%d.%d, but was %s",
+				major, minor, r.HTTPResponse.Proto,
+			),
+			nil,
+		),
+		r.HTTPResponse.StatusCode, r.RequestID,
+	)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
index 18169f0f8ce49..0cb99eb579682 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
@@ -21,11 +21,11 @@ func Build(r *request.Request) {
 		"Version": {r.ClientInfo.APIVersion},
 	}
 	if err := queryutil.Parse(body, r.Params, false); err != nil {
-		r.Error = awserr.New("SerializationError", "failed encoding Query request", err)
+		r.Error = awserr.New(request.ErrCodeSerialization, "failed encoding Query request", err)
 		return
 	}
 
-	if r.ExpireTime == 0 {
+	if !r.IsPresigned() {
 		r.HTTPRequest.Method = "POST"
 		r.HTTPRequest.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
 		r.SetBufferBody([]byte(body.Encode()))
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
index 5ce9cba329153..75866d0121842 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
@@ -233,7 +233,12 @@ func (q *queryParser) parseScalar(v url.Values, r reflect.Value, name string, ta
 		v.Set(name, strconv.FormatFloat(float64(value), 'f', -1, 32))
 	case time.Time:
 		const ISO8601UTC = "2006-01-02T15:04:05Z"
-		v.Set(name, value.UTC().Format(ISO8601UTC))
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		v.Set(name, protocol.FormatTime(format, value))
 	default:
 		return fmt.Errorf("unsupported value for param %s: %v (%s)", name, r.Interface(), r.Type().Name())
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
index e0f4d5a541941..f69c1efc93ad2 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
@@ -23,7 +23,11 @@ func Unmarshal(r *request.Request) {
 		decoder := xml.NewDecoder(r.HTTPResponse.Body)
 		err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result")
 		if err != nil {
-			r.Error = awserr.New("SerializationError", "failed decoding Query response", err)
+			r.Error = awserr.NewRequestFailure(
+				awserr.New(request.ErrCodeSerialization, "failed decoding Query response", err),
+				r.HTTPResponse.StatusCode,
+				r.RequestID,
+			)
 			return
 		}
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
index f2142961717e0..831b0110c54bd 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
@@ -2,65 +2,68 @@ package query
 
 import (
 	"encoding/xml"
-	"io/ioutil"
+	"fmt"
 
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
 )
 
+// UnmarshalErrorHandler is a name request handler to unmarshal request errors
+var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError}
+
 type xmlErrorResponse struct {
-	XMLName   xml.Name `xml:"ErrorResponse"`
-	Code      string   `xml:"Error>Code"`
-	Message   string   `xml:"Error>Message"`
-	RequestID string   `xml:"RequestId"`
+	Code      string `xml:"Error>Code"`
+	Message   string `xml:"Error>Message"`
+	RequestID string `xml:"RequestId"`
 }
 
-type xmlServiceUnavailableResponse struct {
-	XMLName xml.Name `xml:"ServiceUnavailableException"`
+type xmlResponseError struct {
+	xmlErrorResponse
 }
 
-// UnmarshalErrorHandler is a name request handler to unmarshal request errors
-var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError}
+func (e *xmlResponseError) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
+	const svcUnavailableTagName = "ServiceUnavailableException"
+	const errorResponseTagName = "ErrorResponse"
+
+	switch start.Name.Local {
+	case svcUnavailableTagName:
+		e.Code = svcUnavailableTagName
+		e.Message = "service is unavailable"
+		return d.Skip()
+
+	case errorResponseTagName:
+		return d.DecodeElement(&e.xmlErrorResponse, &start)
+
+	default:
+		return fmt.Errorf("unknown error response tag, %v", start)
+	}
+}
 
 // UnmarshalError unmarshals an error response for an AWS Query service.
 func UnmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
 
-	bodyBytes, err := ioutil.ReadAll(r.HTTPResponse.Body)
+	var respErr xmlResponseError
+	err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body)
 	if err != nil {
-		r.Error = awserr.New("SerializationError", "failed to read from query HTTP response body", err)
-		return
-	}
-
-	// First check for specific error
-	resp := xmlErrorResponse{}
-	decodeErr := xml.Unmarshal(bodyBytes, &resp)
-	if decodeErr == nil {
-		reqID := resp.RequestID
-		if reqID == "" {
-			reqID = r.RequestID
-		}
 		r.Error = awserr.NewRequestFailure(
-			awserr.New(resp.Code, resp.Message, nil),
+			awserr.New(request.ErrCodeSerialization,
+				"failed to unmarshal error message", err),
 			r.HTTPResponse.StatusCode,
-			reqID,
+			r.RequestID,
 		)
 		return
 	}
 
-	// Check for unhandled error
-	servUnavailResp := xmlServiceUnavailableResponse{}
-	unavailErr := xml.Unmarshal(bodyBytes, &servUnavailResp)
-	if unavailErr == nil {
-		r.Error = awserr.NewRequestFailure(
-			awserr.New("ServiceUnavailableException", "service is unavailable", nil),
-			r.HTTPResponse.StatusCode,
-			r.RequestID,
-		)
-		return
+	reqID := respErr.RequestID
+	if len(reqID) == 0 {
+		reqID = r.RequestID
 	}
 
-	// Failed to retrieve any error message from the response body
-	r.Error = awserr.New("SerializationError",
-		"failed to decode query XML error response", decodeErr)
+	r.Error = awserr.NewRequestFailure(
+		awserr.New(respErr.Code, respErr.Message, nil),
+		r.HTTPResponse.StatusCode,
+		reqID,
+	)
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
index c405288d74233..1301b149d35e8 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
@@ -20,14 +20,13 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
-// RFC822 returns an RFC822 formatted timestamp for AWS protocols
-const RFC822 = "Mon, 2 Jan 2006 15:04:05 GMT"
-
 // Whether the byte value can be sent without escaping in AWS URLs
 var noEscape [256]bool
 
 var errValueNotSet = fmt.Errorf("value not set")
 
+var byteSliceType = reflect.TypeOf([]byte{})
+
 func init() {
 	for i := 0; i < len(noEscape); i++ {
 		// AWS expects every character except these to be escaped
@@ -97,6 +96,14 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
 				continue
 			}
 
+			// Support the ability to customize values to be marshaled as a
+			// blob even though they were modeled as a string. Required for S3
+			// API operations like SSECustomerKey is modeled as stirng but
+			// required to be base64 encoded in request.
+			if field.Tag.Get("marshal-as") == "blob" {
+				m = m.Convert(byteSliceType)
+			}
+
 			var err error
 			switch field.Tag.Get("location") {
 			case "headers": // header maps
@@ -140,7 +147,7 @@ func buildBody(r *request.Request, v reflect.Value) {
 					case string:
 						r.SetStringBody(reader)
 					default:
-						r.Error = awserr.New("SerializationError",
+						r.Error = awserr.New(request.ErrCodeSerialization,
 							"failed to encode REST request",
 							fmt.Errorf("unknown payload type %s", payload.Type()))
 					}
@@ -155,9 +162,12 @@ func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect.
 	if err == errValueNotSet {
 		return nil
 	} else if err != nil {
-		return awserr.New("SerializationError", "failed to encode REST request", err)
+		return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
 	}
 
+	name = strings.TrimSpace(name)
+	str = strings.TrimSpace(str)
+
 	header.Add(name, str)
 
 	return nil
@@ -170,11 +180,13 @@ func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag)
 		if err == errValueNotSet {
 			continue
 		} else if err != nil {
-			return awserr.New("SerializationError", "failed to encode REST request", err)
+			return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
 
 		}
+		keyStr := strings.TrimSpace(key.String())
+		str = strings.TrimSpace(str)
 
-		header.Add(prefix+key.String(), str)
+		header.Add(prefix+keyStr, str)
 	}
 	return nil
 }
@@ -184,7 +196,7 @@ func buildURI(u *url.URL, v reflect.Value, name string, tag reflect.StructTag) e
 	if err == errValueNotSet {
 		return nil
 	} else if err != nil {
-		return awserr.New("SerializationError", "failed to encode REST request", err)
+		return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
 	}
 
 	u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1)
@@ -217,7 +229,7 @@ func buildQueryString(query url.Values, v reflect.Value, name string, tag reflec
 		if err == errValueNotSet {
 			return nil
 		} else if err != nil {
-			return awserr.New("SerializationError", "failed to encode REST request", err)
+			return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
 		}
 		query.Set(name, str)
 	}
@@ -270,7 +282,14 @@ func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error)
 	case float64:
 		str = strconv.FormatFloat(value, 'f', -1, 64)
 	case time.Time:
-		str = value.UTC().Format(RFC822)
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.RFC822TimeFormatName
+			if tag.Get("location") == "querystring" {
+				format = protocol.ISO8601TimeFormatName
+			}
+		}
+		str = protocol.FormatTime(format, value)
 	case aws.JSONValue:
 		if len(value) == 0 {
 			return "", errValueNotSet
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
index 823f045eed798..92f8b4d9a48a6 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
@@ -15,6 +15,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
+	awsStrings "github.com/aws/aws-sdk-go/internal/strings"
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
@@ -28,7 +29,9 @@ var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.rest.UnmarshalMeta
 func Unmarshal(r *request.Request) {
 	if r.DataFilled() {
 		v := reflect.Indirect(reflect.ValueOf(r.Data))
-		unmarshalBody(r, v)
+		if err := unmarshalBody(r, v); err != nil {
+			r.Error = err
+		}
 	}
 }
 
@@ -40,12 +43,21 @@ func UnmarshalMeta(r *request.Request) {
 		r.RequestID = r.HTTPResponse.Header.Get("X-Amz-Request-Id")
 	}
 	if r.DataFilled() {
-		v := reflect.Indirect(reflect.ValueOf(r.Data))
-		unmarshalLocationElements(r, v)
+		if err := UnmarshalResponse(r.HTTPResponse, r.Data, aws.BoolValue(r.Config.LowerCaseHeaderMaps)); err != nil {
+			r.Error = err
+		}
 	}
 }
 
-func unmarshalBody(r *request.Request, v reflect.Value) {
+// UnmarshalResponse attempts to unmarshal the REST response headers to
+// the data type passed in. The type must be a pointer. An error is returned
+// with any error unmarshaling the response into the target datatype.
+func UnmarshalResponse(resp *http.Response, data interface{}, lowerCaseHeaderMaps bool) error {
+	v := reflect.Indirect(reflect.ValueOf(data))
+	return unmarshalLocationElements(resp, v, lowerCaseHeaderMaps)
+}
+
+func unmarshalBody(r *request.Request, v reflect.Value) error {
 	if field, ok := v.Type().FieldByName("_"); ok {
 		if payloadName := field.Tag.Get("payload"); payloadName != "" {
 			pfield, _ := v.Type().FieldByName(payloadName)
@@ -57,35 +69,38 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
 						defer r.HTTPResponse.Body.Close()
 						b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 						if err != nil {
-							r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
-						} else {
-							payload.Set(reflect.ValueOf(b))
+							return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
 						}
+
+						payload.Set(reflect.ValueOf(b))
+
 					case *string:
 						defer r.HTTPResponse.Body.Close()
 						b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 						if err != nil {
-							r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
-						} else {
-							str := string(b)
-							payload.Set(reflect.ValueOf(&str))
+							return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
 						}
+
+						str := string(b)
+						payload.Set(reflect.ValueOf(&str))
+
 					default:
 						switch payload.Type().String() {
 						case "io.ReadCloser":
 							payload.Set(reflect.ValueOf(r.HTTPResponse.Body))
+
 						case "io.ReadSeeker":
 							b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 							if err != nil {
-								r.Error = awserr.New("SerializationError",
+								return awserr.New(request.ErrCodeSerialization,
 									"failed to read response body", err)
-								return
 							}
 							payload.Set(reflect.ValueOf(ioutil.NopCloser(bytes.NewReader(b))))
+
 						default:
 							io.Copy(ioutil.Discard, r.HTTPResponse.Body)
-							defer r.HTTPResponse.Body.Close()
-							r.Error = awserr.New("SerializationError",
+							r.HTTPResponse.Body.Close()
+							return awserr.New(request.ErrCodeSerialization,
 								"failed to decode REST response",
 								fmt.Errorf("unknown payload type %s", payload.Type()))
 						}
@@ -94,9 +109,11 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
 			}
 		}
 	}
+
+	return nil
 }
 
-func unmarshalLocationElements(r *request.Request, v reflect.Value) {
+func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHeaderMaps bool) error {
 	for i := 0; i < v.NumField(); i++ {
 		m, field := v.Field(i), v.Type().Field(i)
 		if n := field.Name; n[0:1] == strings.ToLower(n[0:1]) {
@@ -111,26 +128,25 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) {
 
 			switch field.Tag.Get("location") {
 			case "statusCode":
-				unmarshalStatusCode(m, r.HTTPResponse.StatusCode)
+				unmarshalStatusCode(m, resp.StatusCode)
+
 			case "header":
-				err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag)
+				err := unmarshalHeader(m, resp.Header.Get(name), field.Tag)
 				if err != nil {
-					r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
-					break
+					return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
 				}
+
 			case "headers":
 				prefix := field.Tag.Get("locationName")
-				err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix)
+				err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps)
 				if err != nil {
-					r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
-					break
+					awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
 				}
 			}
 		}
-		if r.Error != nil {
-			return
-		}
 	}
+
+	return nil
 }
 
 func unmarshalStatusCode(v reflect.Value, statusCode int) {
@@ -145,29 +161,45 @@ func unmarshalStatusCode(v reflect.Value, statusCode int) {
 	}
 }
 
-func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) error {
+func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string, normalize bool) error {
+	if len(headers) == 0 {
+		return nil
+	}
 	switch r.Interface().(type) {
 	case map[string]*string: // we only support string map value types
 		out := map[string]*string{}
 		for k, v := range headers {
-			k = http.CanonicalHeaderKey(k)
-			if strings.HasPrefix(strings.ToLower(k), strings.ToLower(prefix)) {
+			if awsStrings.HasPrefixFold(k, prefix) {
+				if normalize == true {
+					k = strings.ToLower(k)
+				} else {
+					k = http.CanonicalHeaderKey(k)
+				}
 				out[k[len(prefix):]] = &v[0]
 			}
 		}
-		r.Set(reflect.ValueOf(out))
+		if len(out) != 0 {
+			r.Set(reflect.ValueOf(out))
+		}
+
 	}
 	return nil
 }
 
 func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) error {
-	isJSONValue := tag.Get("type") == "jsonvalue"
-	if isJSONValue {
+	switch tag.Get("type") {
+	case "jsonvalue":
 		if len(header) == 0 {
 			return nil
 		}
-	} else if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) {
-		return nil
+	case "blob":
+		if len(header) == 0 {
+			return nil
+		}
+	default:
+		if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) {
+			return nil
+		}
 	}
 
 	switch v.Interface().(type) {
@@ -178,7 +210,7 @@ func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) erro
 		if err != nil {
 			return err
 		}
-		v.Set(reflect.ValueOf(&b))
+		v.Set(reflect.ValueOf(b))
 	case *bool:
 		b, err := strconv.ParseBool(header)
 		if err != nil {
@@ -198,7 +230,11 @@ func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) erro
 		}
 		v.Set(reflect.ValueOf(&f))
 	case *time.Time:
-		t, err := time.Parse(RFC822, header)
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.RFC822TimeFormatName
+		}
+		t, err := protocol.ParseTime(format, header)
 		if err != nil {
 			return err
 		}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
new file mode 100644
index 0000000000000..05d4ff5192583
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
@@ -0,0 +1,84 @@
+package protocol
+
+import (
+	"math"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/internal/sdkmath"
+)
+
+// Names of time formats supported by the SDK
+const (
+	RFC822TimeFormatName  = "rfc822"
+	ISO8601TimeFormatName = "iso8601"
+	UnixTimeFormatName    = "unixTimestamp"
+)
+
+// Time formats supported by the SDK
+// Output time is intended to not contain decimals
+const (
+	// RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT
+	RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT"
+
+	// This format is used for output time without seconds precision
+	RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT"
+
+	// RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z
+	ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z"
+
+	// This format is used for output time without seconds precision
+	ISO8601OutputTimeFormat = "2006-01-02T15:04:05Z"
+)
+
+// IsKnownTimestampFormat returns if the timestamp format name
+// is know to the SDK's protocols.
+func IsKnownTimestampFormat(name string) bool {
+	switch name {
+	case RFC822TimeFormatName:
+		fallthrough
+	case ISO8601TimeFormatName:
+		fallthrough
+	case UnixTimeFormatName:
+		return true
+	default:
+		return false
+	}
+}
+
+// FormatTime returns a string value of the time.
+func FormatTime(name string, t time.Time) string {
+	t = t.UTC()
+
+	switch name {
+	case RFC822TimeFormatName:
+		return t.Format(RFC822OutputTimeFormat)
+	case ISO8601TimeFormatName:
+		return t.Format(ISO8601OutputTimeFormat)
+	case UnixTimeFormatName:
+		return strconv.FormatInt(t.Unix(), 10)
+	default:
+		panic("unknown timestamp format name, " + name)
+	}
+}
+
+// ParseTime attempts to parse the time given the format. Returns
+// the time if it was able to be parsed, and fails otherwise.
+func ParseTime(formatName, value string) (time.Time, error) {
+	switch formatName {
+	case RFC822TimeFormatName:
+		return time.Parse(RFC822TimeFormat, value)
+	case ISO8601TimeFormatName:
+		return time.Parse(ISO8601TimeFormat, value)
+	case UnixTimeFormatName:
+		v, err := strconv.ParseFloat(value, 64)
+		_, dec := math.Modf(v)
+		dec = sdkmath.Round(dec*1e3) / 1e3 //Rounds 0.1229999 to 0.123
+		if err != nil {
+			return time.Time{}, err
+		}
+		return time.Unix(int64(v), int64(dec*(1e9))), nil
+	default:
+		panic("unknown timestamp format name, " + formatName)
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
index da1a68111db49..f614ef898be87 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
@@ -19,3 +19,9 @@ func UnmarshalDiscardBody(r *request.Request) {
 	io.Copy(ioutil.Discard, r.HTTPResponse.Body)
 	r.HTTPResponse.Body.Close()
 }
+
+// ResponseMetadata provides the SDK response metadata attributes.
+type ResponseMetadata struct {
+	StatusCode int
+	RequestID  string
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
new file mode 100644
index 0000000000000..cc857f136c53c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
@@ -0,0 +1,65 @@
+package protocol
+
+import (
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// UnmarshalErrorHandler provides unmarshaling errors API response errors for
+// both typed and untyped errors.
+type UnmarshalErrorHandler struct {
+	unmarshaler ErrorUnmarshaler
+}
+
+// ErrorUnmarshaler is an abstract interface for concrete implementations to
+// unmarshal protocol specific response errors.
+type ErrorUnmarshaler interface {
+	UnmarshalError(*http.Response, ResponseMetadata) (error, error)
+}
+
+// NewUnmarshalErrorHandler returns an UnmarshalErrorHandler
+// initialized for the set of exception names to the error unmarshalers
+func NewUnmarshalErrorHandler(unmarshaler ErrorUnmarshaler) *UnmarshalErrorHandler {
+	return &UnmarshalErrorHandler{
+		unmarshaler: unmarshaler,
+	}
+}
+
+// UnmarshalErrorHandlerName is the name of the named handler.
+const UnmarshalErrorHandlerName = "awssdk.protocol.UnmarshalError"
+
+// NamedHandler returns a NamedHandler for the unmarshaler using the set of
+// errors the unmarshaler was initialized for.
+func (u *UnmarshalErrorHandler) NamedHandler() request.NamedHandler {
+	return request.NamedHandler{
+		Name: UnmarshalErrorHandlerName,
+		Fn:   u.UnmarshalError,
+	}
+}
+
+// UnmarshalError will attempt to unmarshal the API response's error message
+// into either a generic SDK error type, or a typed error corresponding to the
+// errors exception name.
+func (u *UnmarshalErrorHandler) UnmarshalError(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+
+	respMeta := ResponseMetadata{
+		StatusCode: r.HTTPResponse.StatusCode,
+		RequestID:  r.RequestID,
+	}
+
+	v, err := u.unmarshaler.UnmarshalError(r.HTTPResponse, respMeta)
+	if err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization,
+				"failed to unmarshal response error", err),
+			respMeta.StatusCode,
+			respMeta.RequestID,
+		)
+		return
+	}
+
+	r.Error = v
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
index 7091b456d180a..cf981fe951324 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
@@ -13,9 +13,13 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
-// BuildXML will serialize params into an xml.Encoder.
-// Error will be returned if the serialization of any of the params or nested values fails.
+// BuildXML will serialize params into an xml.Encoder. Error will be returned
+// if the serialization of any of the params or nested values fails.
 func BuildXML(params interface{}, e *xml.Encoder) error {
+	return buildXML(params, e, false)
+}
+
+func buildXML(params interface{}, e *xml.Encoder, sorted bool) error {
 	b := xmlBuilder{encoder: e, namespaces: map[string]string{}}
 	root := NewXMLElement(xml.Name{})
 	if err := b.buildValue(reflect.ValueOf(params), root, ""); err != nil {
@@ -23,7 +27,7 @@ func BuildXML(params interface{}, e *xml.Encoder) error {
 	}
 	for _, c := range root.Children {
 		for _, v := range c {
-			return StructToXML(e, v, false)
+			return StructToXML(e, v, sorted)
 		}
 	}
 	return nil
@@ -83,15 +87,13 @@ func (b *xmlBuilder) buildValue(value reflect.Value, current *XMLNode, tag refle
 	}
 }
 
-// buildStruct adds a struct and its fields to the current XMLNode. All fields any any nested
+// buildStruct adds a struct and its fields to the current XMLNode. All fields and any nested
 // types are converted to XMLNodes also.
 func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
 	if !value.IsValid() {
 		return nil
 	}
 
-	fieldAdded := false
-
 	// unwrap payloads
 	if payload := tag.Get("payload"); payload != "" {
 		field, _ := value.Type().FieldByName(payload)
@@ -119,6 +121,8 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 		child.Attr = append(child.Attr, ns)
 	}
 
+	var payloadFields, nonPayloadFields int
+
 	t := value.Type()
 	for i := 0; i < value.NumField(); i++ {
 		member := elemOf(value.Field(i))
@@ -133,8 +137,10 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 
 		mTag := field.Tag
 		if mTag.Get("location") != "" { // skip non-body members
+			nonPayloadFields++
 			continue
 		}
+		payloadFields++
 
 		if protocol.CanSetIdempotencyToken(value.Field(i), field) {
 			token := protocol.GetIdempotencyToken()
@@ -149,11 +155,11 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 		if err := b.buildValue(member, child, mTag); err != nil {
 			return err
 		}
-
-		fieldAdded = true
 	}
 
-	if fieldAdded { // only append this child if we have one ore more valid members
+	// Only case where the child shape is not added is if the shape only contains
+	// non-payload fields, e.g headers/query.
+	if !(payloadFields == 0 && nonPayloadFields > 0) {
 		current.AddChild(child)
 	}
 
@@ -278,8 +284,12 @@ func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag refl
 	case float32:
 		str = strconv.FormatFloat(float64(converted), 'f', -1, 32)
 	case time.Time:
-		const ISO8601UTC = "2006-01-02T15:04:05Z"
-		str = converted.UTC().Format(ISO8601UTC)
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		str = protocol.FormatTime(format, converted)
 	default:
 		return fmt.Errorf("unsupported value for param %s: %v (%s)",
 			tag.Get("locationName"), value.Interface(), value.Type().Name())
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
new file mode 100644
index 0000000000000..c1a511851f6ee
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
@@ -0,0 +1,32 @@
+package xmlutil
+
+import (
+	"encoding/xml"
+	"strings"
+)
+
+type xmlAttrSlice []xml.Attr
+
+func (x xmlAttrSlice) Len() int {
+	return len(x)
+}
+
+func (x xmlAttrSlice) Less(i, j int) bool {
+	spaceI, spaceJ := x[i].Name.Space, x[j].Name.Space
+	localI, localJ := x[i].Name.Local, x[j].Name.Local
+	valueI, valueJ := x[i].Value, x[j].Value
+
+	spaceCmp := strings.Compare(spaceI, spaceJ)
+	localCmp := strings.Compare(localI, localJ)
+	valueCmp := strings.Compare(valueI, valueJ)
+
+	if spaceCmp == -1 || (spaceCmp == 0 && (localCmp == -1 || (localCmp == 0 && valueCmp == -1))) {
+		return true
+	}
+
+	return false
+}
+
+func (x xmlAttrSlice) Swap(i, j int) {
+	x[i], x[j] = x[j], x[i]
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
index 87584628a2b22..7108d38009371 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
@@ -1,6 +1,7 @@
 package xmlutil
 
 import (
+	"bytes"
 	"encoding/base64"
 	"encoding/xml"
 	"fmt"
@@ -9,8 +10,28 @@ import (
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
+// UnmarshalXMLError unmarshals the XML error from the stream into the value
+// type specified. The value must be a pointer. If the message fails to
+// unmarshal, the message content will be included in the returned error as a
+// awserr.UnmarshalError.
+func UnmarshalXMLError(v interface{}, stream io.Reader) error {
+	var errBuf bytes.Buffer
+	body := io.TeeReader(stream, &errBuf)
+
+	err := xml.NewDecoder(body).Decode(v)
+	if err != nil && err != io.EOF {
+		return awserr.NewUnmarshalError(err,
+			"failed to unmarshal error message", errBuf.Bytes())
+	}
+
+	return nil
+}
+
 // UnmarshalXML deserializes an xml.Decoder into the container v. V
 // needs to match the shape of the XML expected to be decoded.
 // If the shape doesn't match unmarshaling will fail.
@@ -52,9 +73,15 @@ func parse(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
 	if t == "" {
 		switch rtype.Kind() {
 		case reflect.Struct:
-			t = "structure"
+			// also it can't be a time object
+			if _, ok := r.Interface().(*time.Time); !ok {
+				t = "structure"
+			}
 		case reflect.Slice:
-			t = "list"
+			// also it can't be a byte slice
+			if _, ok := r.Interface().([]byte); !ok {
+				t = "list"
+			}
 		case reflect.Map:
 			t = "map"
 		}
@@ -247,8 +274,12 @@ func parseScalar(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
 		}
 		r.Set(reflect.ValueOf(&v))
 	case *time.Time:
-		const ISO8601UTC = "2006-01-02T15:04:05Z"
-		t, err := time.Parse(ISO8601UTC, node.Text)
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		t, err := protocol.ParseTime(format, node.Text)
 		if err != nil {
 			return err
 		}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
index 3e970b629daef..42f71648eee31 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
@@ -29,6 +29,7 @@ func NewXMLElement(name xml.Name) *XMLNode {
 
 // AddChild adds child to the XMLNode.
 func (n *XMLNode) AddChild(child *XMLNode) {
+	child.parent = n
 	if _, ok := n.Children[child.Name.Local]; !ok {
 		n.Children[child.Name.Local] = []*XMLNode{}
 	}
@@ -118,7 +119,18 @@ func (n *XMLNode) findElem(name string) (string, bool) {
 
 // StructToXML writes an XMLNode to a xml.Encoder as tokens.
 func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error {
-	e.EncodeToken(xml.StartElement{Name: node.Name, Attr: node.Attr})
+	// Sort Attributes
+	attrs := node.Attr
+	if sorted {
+		sortedAttrs := make([]xml.Attr, len(attrs))
+		for _, k := range node.Attr {
+			sortedAttrs = append(sortedAttrs, k)
+		}
+		sort.Sort(xmlAttrSlice(sortedAttrs))
+		attrs = sortedAttrs
+	}
+
+	e.EncodeToken(xml.StartElement{Name: node.Name, Attr: attrs})
 
 	if node.Text != "" {
 		e.EncodeToken(xml.CharData([]byte(node.Text)))
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go
index 94f06d10bd486..594ec846d09f6 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go
@@ -16,8 +16,8 @@ const opAssociateKmsKey = "AssociateKmsKey"
 
 // AssociateKmsKeyRequest generates a "aws/request.Request" representing the
 // client's request for the AssociateKmsKey operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -51,8 +51,7 @@ func (c *CloudWatchLogs) AssociateKmsKeyRequest(input *AssociateKmsKeyInput) (re
 
 	output = &AssociateKmsKeyOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -68,6 +67,10 @@ func (c *CloudWatchLogs) AssociateKmsKeyRequest(input *AssociateKmsKeyInput) (re
 // within Amazon CloudWatch Logs. This enables Amazon CloudWatch Logs to decrypt
 // this data whenever it is requested.
 //
+// Important: CloudWatch Logs supports only symmetric CMKs. Do not use an associate
+// an asymmetric CMK with your log group. For more information, see Using Symmetric
+// and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html).
+//
 // Note that it can take up to 5 minutes for this operation to take effect.
 //
 // If you attempt to associate a CMK with a log group but the CMK does not exist
@@ -80,17 +83,17 @@ func (c *CloudWatchLogs) AssociateKmsKeyRequest(input *AssociateKmsKeyInput) (re
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation AssociateKmsKey for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AssociateKmsKey
@@ -119,8 +122,8 @@ const opCancelExportTask = "CancelExportTask"
 
 // CancelExportTaskRequest generates a "aws/request.Request" representing the
 // client's request for the CancelExportTask operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -154,8 +157,7 @@ func (c *CloudWatchLogs) CancelExportTaskRequest(input *CancelExportTaskInput) (
 
 	output = &CancelExportTaskOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -172,17 +174,17 @@ func (c *CloudWatchLogs) CancelExportTaskRequest(input *CancelExportTaskInput) (
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation CancelExportTask for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeInvalidOperationException "InvalidOperationException"
+//   * InvalidOperationException
 //   The operation is not valid on the specified resource.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CancelExportTask
@@ -211,8 +213,8 @@ const opCreateExportTask = "CreateExportTask"
 
 // CreateExportTaskRequest generates a "aws/request.Request" representing the
 // client's request for the CreateExportTask operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -264,6 +266,9 @@ func (c *CloudWatchLogs) CreateExportTaskRequest(input *CreateExportTaskInput) (
 // same S3 bucket. To separate out log data for each export task, you can specify
 // a prefix to be used as the Amazon S3 key prefix for all exported objects.
 //
+// Exporting to S3 buckets that are encrypted with AES-256 is supported. Exporting
+// to S3 buckets encrypted with SSE-KMS is not supported.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -271,23 +276,23 @@ func (c *CloudWatchLogs) CreateExportTaskRequest(input *CreateExportTaskInput) (
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation CreateExportTask for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeLimitExceededException "LimitExceededException"
+//   * LimitExceededException
 //   You have reached the maximum number of resources that can be created.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeResourceAlreadyExistsException "ResourceAlreadyExistsException"
+//   * ResourceAlreadyExistsException
 //   The specified resource already exists.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateExportTask
@@ -316,8 +321,8 @@ const opCreateLogGroup = "CreateLogGroup"
 
 // CreateLogGroupRequest generates a "aws/request.Request" representing the
 // client's request for the CreateLogGroup operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -351,8 +356,7 @@ func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req
 
 	output = &CreateLogGroupOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -360,7 +364,7 @@ func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req
 //
 // Creates a log group with the specified name.
 //
-// You can create up to 5000 log groups per account.
+// You can create up to 20,000 log groups per account.
 //
 // You must use the following guidelines when naming a log group:
 //
@@ -369,7 +373,8 @@ func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req
 //    * Log group names can be between 1 and 512 characters long.
 //
 //    * Log group names consist of the following characters: a-z, A-Z, 0-9,
-//    '_' (underscore), '-' (hyphen), '/' (forward slash), and '.' (period).
+//    '_' (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and
+//    '#' (number sign)
 //
 // If you associate a AWS Key Management Service (AWS KMS) customer master key
 // (CMK) with the log group, ingested data is encrypted using the CMK. This
@@ -381,6 +386,10 @@ func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req
 // exist or the CMK is disabled, you will receive an InvalidParameterException
 // error.
 //
+// Important: CloudWatch Logs supports only symmetric CMKs. Do not associate
+// an asymmetric CMK with your log group. For more information, see Using Symmetric
+// and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html).
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -388,20 +397,20 @@ func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation CreateLogGroup for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceAlreadyExistsException "ResourceAlreadyExistsException"
+//   * ResourceAlreadyExistsException
 //   The specified resource already exists.
 //
-//   * ErrCodeLimitExceededException "LimitExceededException"
+//   * LimitExceededException
 //   You have reached the maximum number of resources that can be created.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogGroup
@@ -430,8 +439,8 @@ const opCreateLogStream = "CreateLogStream"
 
 // CreateLogStreamRequest generates a "aws/request.Request" representing the
 // client's request for the CreateLogStream operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -465,8 +474,7 @@ func (c *CloudWatchLogs) CreateLogStreamRequest(input *CreateLogStreamInput) (re
 
 	output = &CreateLogStreamOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -475,7 +483,8 @@ func (c *CloudWatchLogs) CreateLogStreamRequest(input *CreateLogStreamInput) (re
 // Creates a log stream for the specified log group.
 //
 // There is no limit on the number of log streams that you can create for a
-// log group.
+// log group. There is a limit of 50 TPS on CreateLogStream operations, after
+// which transactions are throttled.
 //
 // You must use the following guidelines when naming a log stream:
 //
@@ -492,17 +501,17 @@ func (c *CloudWatchLogs) CreateLogStreamRequest(input *CreateLogStreamInput) (re
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation CreateLogStream for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceAlreadyExistsException "ResourceAlreadyExistsException"
+//   * ResourceAlreadyExistsException
 //   The specified resource already exists.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogStream
@@ -531,8 +540,8 @@ const opDeleteDestination = "DeleteDestination"
 
 // DeleteDestinationRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteDestination operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -566,8 +575,7 @@ func (c *CloudWatchLogs) DeleteDestinationRequest(input *DeleteDestinationInput)
 
 	output = &DeleteDestinationOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -584,17 +592,17 @@ func (c *CloudWatchLogs) DeleteDestinationRequest(input *DeleteDestinationInput)
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DeleteDestination for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDestination
@@ -623,8 +631,8 @@ const opDeleteLogGroup = "DeleteLogGroup"
 
 // DeleteLogGroupRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteLogGroup operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -658,8 +666,7 @@ func (c *CloudWatchLogs) DeleteLogGroupRequest(input *DeleteLogGroupInput) (req
 
 	output = &DeleteLogGroupOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -675,17 +682,17 @@ func (c *CloudWatchLogs) DeleteLogGroupRequest(input *DeleteLogGroupInput) (req
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DeleteLogGroup for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogGroup
@@ -714,8 +721,8 @@ const opDeleteLogStream = "DeleteLogStream"
 
 // DeleteLogStreamRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteLogStream operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -749,8 +756,7 @@ func (c *CloudWatchLogs) DeleteLogStreamRequest(input *DeleteLogStreamInput) (re
 
 	output = &DeleteLogStreamOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -766,17 +772,17 @@ func (c *CloudWatchLogs) DeleteLogStreamRequest(input *DeleteLogStreamInput) (re
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DeleteLogStream for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogStream
@@ -805,8 +811,8 @@ const opDeleteMetricFilter = "DeleteMetricFilter"
 
 // DeleteMetricFilterRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteMetricFilter operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -840,8 +846,7 @@ func (c *CloudWatchLogs) DeleteMetricFilterRequest(input *DeleteMetricFilterInpu
 
 	output = &DeleteMetricFilterOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -856,17 +861,17 @@ func (c *CloudWatchLogs) DeleteMetricFilterRequest(input *DeleteMetricFilterInpu
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DeleteMetricFilter for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteMetricFilter
@@ -895,8 +900,8 @@ const opDeleteResourcePolicy = "DeleteResourcePolicy"
 
 // DeleteResourcePolicyRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteResourcePolicy operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -930,8 +935,7 @@ func (c *CloudWatchLogs) DeleteResourcePolicyRequest(input *DeleteResourcePolicy
 
 	output = &DeleteResourcePolicyOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -947,14 +951,14 @@ func (c *CloudWatchLogs) DeleteResourcePolicyRequest(input *DeleteResourcePolicy
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DeleteResourcePolicy for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteResourcePolicy
@@ -983,8 +987,8 @@ const opDeleteRetentionPolicy = "DeleteRetentionPolicy"
 
 // DeleteRetentionPolicyRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteRetentionPolicy operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1018,8 +1022,7 @@ func (c *CloudWatchLogs) DeleteRetentionPolicyRequest(input *DeleteRetentionPoli
 
 	output = &DeleteRetentionPolicyOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -1037,17 +1040,17 @@ func (c *CloudWatchLogs) DeleteRetentionPolicyRequest(input *DeleteRetentionPoli
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DeleteRetentionPolicy for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteRetentionPolicy
@@ -1076,8 +1079,8 @@ const opDeleteSubscriptionFilter = "DeleteSubscriptionFilter"
 
 // DeleteSubscriptionFilterRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteSubscriptionFilter operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1111,8 +1114,7 @@ func (c *CloudWatchLogs) DeleteSubscriptionFilterRequest(input *DeleteSubscripti
 
 	output = &DeleteSubscriptionFilterOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -1127,17 +1129,17 @@ func (c *CloudWatchLogs) DeleteSubscriptionFilterRequest(input *DeleteSubscripti
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DeleteSubscriptionFilter for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteSubscriptionFilter
@@ -1166,8 +1168,8 @@ const opDescribeDestinations = "DescribeDestinations"
 
 // DescribeDestinationsRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeDestinations operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1222,11 +1224,11 @@ func (c *CloudWatchLogs) DescribeDestinationsRequest(input *DescribeDestinations
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DescribeDestinations for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDestinations
@@ -1262,7 +1264,7 @@ func (c *CloudWatchLogs) DescribeDestinationsWithContext(ctx aws.Context, input
 //    // Example iterating over at most 3 pages of a DescribeDestinations operation.
 //    pageNum := 0
 //    err := client.DescribeDestinationsPages(params,
-//        func(page *DescribeDestinationsOutput, lastPage bool) bool {
+//        func(page *cloudwatchlogs.DescribeDestinationsOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@@ -1281,6 +1283,7 @@ func (c *CloudWatchLogs) DescribeDestinationsPages(input *DescribeDestinationsIn
 // for more information on using Contexts.
 func (c *CloudWatchLogs) DescribeDestinationsPagesWithContext(ctx aws.Context, input *DescribeDestinationsInput, fn func(*DescribeDestinationsOutput, bool) bool, opts ...request.Option) error {
 	p := request.Pagination{
+		EndPageOnSameToken: true,
 		NewRequest: func() (*request.Request, error) {
 			var inCpy *DescribeDestinationsInput
 			if input != nil {
@@ -1294,10 +1297,12 @@ func (c *CloudWatchLogs) DescribeDestinationsPagesWithContext(ctx aws.Context, i
 		},
 	}
 
-	cont := true
-	for p.Next() && cont {
-		cont = fn(p.Page().(*DescribeDestinationsOutput), !p.HasNextPage())
+	for p.Next() {
+		if !fn(p.Page().(*DescribeDestinationsOutput), !p.HasNextPage()) {
+			break
+		}
 	}
+
 	return p.Err()
 }
 
@@ -1305,8 +1310,8 @@ const opDescribeExportTasks = "DescribeExportTasks"
 
 // DescribeExportTasksRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeExportTasks operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1355,11 +1360,11 @@ func (c *CloudWatchLogs) DescribeExportTasksRequest(input *DescribeExportTasksIn
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DescribeExportTasks for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeExportTasks
@@ -1388,8 +1393,8 @@ const opDescribeLogGroups = "DescribeLogGroups"
 
 // DescribeLogGroupsRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeLogGroups operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1444,11 +1449,11 @@ func (c *CloudWatchLogs) DescribeLogGroupsRequest(input *DescribeLogGroupsInput)
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DescribeLogGroups for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups
@@ -1484,7 +1489,7 @@ func (c *CloudWatchLogs) DescribeLogGroupsWithContext(ctx aws.Context, input *De
 //    // Example iterating over at most 3 pages of a DescribeLogGroups operation.
 //    pageNum := 0
 //    err := client.DescribeLogGroupsPages(params,
-//        func(page *DescribeLogGroupsOutput, lastPage bool) bool {
+//        func(page *cloudwatchlogs.DescribeLogGroupsOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@@ -1503,6 +1508,7 @@ func (c *CloudWatchLogs) DescribeLogGroupsPages(input *DescribeLogGroupsInput, f
 // for more information on using Contexts.
 func (c *CloudWatchLogs) DescribeLogGroupsPagesWithContext(ctx aws.Context, input *DescribeLogGroupsInput, fn func(*DescribeLogGroupsOutput, bool) bool, opts ...request.Option) error {
 	p := request.Pagination{
+		EndPageOnSameToken: true,
 		NewRequest: func() (*request.Request, error) {
 			var inCpy *DescribeLogGroupsInput
 			if input != nil {
@@ -1516,10 +1522,12 @@ func (c *CloudWatchLogs) DescribeLogGroupsPagesWithContext(ctx aws.Context, inpu
 		},
 	}
 
-	cont := true
-	for p.Next() && cont {
-		cont = fn(p.Page().(*DescribeLogGroupsOutput), !p.HasNextPage())
+	for p.Next() {
+		if !fn(p.Page().(*DescribeLogGroupsOutput), !p.HasNextPage()) {
+			break
+		}
 	}
+
 	return p.Err()
 }
 
@@ -1527,8 +1535,8 @@ const opDescribeLogStreams = "DescribeLogStreams"
 
 // DescribeLogStreamsRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeLogStreams operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1587,14 +1595,14 @@ func (c *CloudWatchLogs) DescribeLogStreamsRequest(input *DescribeLogStreamsInpu
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DescribeLogStreams for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogStreams
@@ -1630,7 +1638,7 @@ func (c *CloudWatchLogs) DescribeLogStreamsWithContext(ctx aws.Context, input *D
 //    // Example iterating over at most 3 pages of a DescribeLogStreams operation.
 //    pageNum := 0
 //    err := client.DescribeLogStreamsPages(params,
-//        func(page *DescribeLogStreamsOutput, lastPage bool) bool {
+//        func(page *cloudwatchlogs.DescribeLogStreamsOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@@ -1649,6 +1657,7 @@ func (c *CloudWatchLogs) DescribeLogStreamsPages(input *DescribeLogStreamsInput,
 // for more information on using Contexts.
 func (c *CloudWatchLogs) DescribeLogStreamsPagesWithContext(ctx aws.Context, input *DescribeLogStreamsInput, fn func(*DescribeLogStreamsOutput, bool) bool, opts ...request.Option) error {
 	p := request.Pagination{
+		EndPageOnSameToken: true,
 		NewRequest: func() (*request.Request, error) {
 			var inCpy *DescribeLogStreamsInput
 			if input != nil {
@@ -1662,10 +1671,12 @@ func (c *CloudWatchLogs) DescribeLogStreamsPagesWithContext(ctx aws.Context, inp
 		},
 	}
 
-	cont := true
-	for p.Next() && cont {
-		cont = fn(p.Page().(*DescribeLogStreamsOutput), !p.HasNextPage())
+	for p.Next() {
+		if !fn(p.Page().(*DescribeLogStreamsOutput), !p.HasNextPage()) {
+			break
+		}
 	}
+
 	return p.Err()
 }
 
@@ -1673,8 +1684,8 @@ const opDescribeMetricFilters = "DescribeMetricFilters"
 
 // DescribeMetricFiltersRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeMetricFilters operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1730,14 +1741,14 @@ func (c *CloudWatchLogs) DescribeMetricFiltersRequest(input *DescribeMetricFilte
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DescribeMetricFilters for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeMetricFilters
@@ -1773,7 +1784,7 @@ func (c *CloudWatchLogs) DescribeMetricFiltersWithContext(ctx aws.Context, input
 //    // Example iterating over at most 3 pages of a DescribeMetricFilters operation.
 //    pageNum := 0
 //    err := client.DescribeMetricFiltersPages(params,
-//        func(page *DescribeMetricFiltersOutput, lastPage bool) bool {
+//        func(page *cloudwatchlogs.DescribeMetricFiltersOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@@ -1792,6 +1803,7 @@ func (c *CloudWatchLogs) DescribeMetricFiltersPages(input *DescribeMetricFilters
 // for more information on using Contexts.
 func (c *CloudWatchLogs) DescribeMetricFiltersPagesWithContext(ctx aws.Context, input *DescribeMetricFiltersInput, fn func(*DescribeMetricFiltersOutput, bool) bool, opts ...request.Option) error {
 	p := request.Pagination{
+		EndPageOnSameToken: true,
 		NewRequest: func() (*request.Request, error) {
 			var inCpy *DescribeMetricFiltersInput
 			if input != nil {
@@ -1805,19 +1817,109 @@ func (c *CloudWatchLogs) DescribeMetricFiltersPagesWithContext(ctx aws.Context,
 		},
 	}
 
-	cont := true
-	for p.Next() && cont {
-		cont = fn(p.Page().(*DescribeMetricFiltersOutput), !p.HasNextPage())
+	for p.Next() {
+		if !fn(p.Page().(*DescribeMetricFiltersOutput), !p.HasNextPage()) {
+			break
+		}
 	}
+
 	return p.Err()
 }
 
+const opDescribeQueries = "DescribeQueries"
+
+// DescribeQueriesRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeQueries operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeQueries for more information on using the DescribeQueries
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DescribeQueriesRequest method.
+//    req, resp := client.DescribeQueriesRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueries
+func (c *CloudWatchLogs) DescribeQueriesRequest(input *DescribeQueriesInput) (req *request.Request, output *DescribeQueriesOutput) {
+	op := &request.Operation{
+		Name:       opDescribeQueries,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DescribeQueriesInput{}
+	}
+
+	output = &DescribeQueriesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DescribeQueries API operation for Amazon CloudWatch Logs.
+//
+// Returns a list of CloudWatch Logs Insights queries that are scheduled, executing,
+// or have been executed recently in this account. You can request all queries,
+// or limit it to queries of a specific log group or queries with a certain
+// status.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon CloudWatch Logs's
+// API operation DescribeQueries for usage and error information.
+//
+// Returned Error Types:
+//   * InvalidParameterException
+//   A parameter is specified incorrectly.
+//
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
+//
+//   * ServiceUnavailableException
+//   The service cannot complete the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueries
+func (c *CloudWatchLogs) DescribeQueries(input *DescribeQueriesInput) (*DescribeQueriesOutput, error) {
+	req, out := c.DescribeQueriesRequest(input)
+	return out, req.Send()
+}
+
+// DescribeQueriesWithContext is the same as DescribeQueries with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeQueries for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CloudWatchLogs) DescribeQueriesWithContext(ctx aws.Context, input *DescribeQueriesInput, opts ...request.Option) (*DescribeQueriesOutput, error) {
+	req, out := c.DescribeQueriesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDescribeResourcePolicies = "DescribeResourcePolicies"
 
 // DescribeResourcePoliciesRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeResourcePolicies operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1865,11 +1967,11 @@ func (c *CloudWatchLogs) DescribeResourcePoliciesRequest(input *DescribeResource
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DescribeResourcePolicies for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeResourcePolicies
@@ -1898,8 +2000,8 @@ const opDescribeSubscriptionFilters = "DescribeSubscriptionFilters"
 
 // DescribeSubscriptionFiltersRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeSubscriptionFilters operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1955,14 +2057,14 @@ func (c *CloudWatchLogs) DescribeSubscriptionFiltersRequest(input *DescribeSubsc
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DescribeSubscriptionFilters for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeSubscriptionFilters
@@ -1998,7 +2100,7 @@ func (c *CloudWatchLogs) DescribeSubscriptionFiltersWithContext(ctx aws.Context,
 //    // Example iterating over at most 3 pages of a DescribeSubscriptionFilters operation.
 //    pageNum := 0
 //    err := client.DescribeSubscriptionFiltersPages(params,
-//        func(page *DescribeSubscriptionFiltersOutput, lastPage bool) bool {
+//        func(page *cloudwatchlogs.DescribeSubscriptionFiltersOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@@ -2017,6 +2119,7 @@ func (c *CloudWatchLogs) DescribeSubscriptionFiltersPages(input *DescribeSubscri
 // for more information on using Contexts.
 func (c *CloudWatchLogs) DescribeSubscriptionFiltersPagesWithContext(ctx aws.Context, input *DescribeSubscriptionFiltersInput, fn func(*DescribeSubscriptionFiltersOutput, bool) bool, opts ...request.Option) error {
 	p := request.Pagination{
+		EndPageOnSameToken: true,
 		NewRequest: func() (*request.Request, error) {
 			var inCpy *DescribeSubscriptionFiltersInput
 			if input != nil {
@@ -2030,10 +2133,12 @@ func (c *CloudWatchLogs) DescribeSubscriptionFiltersPagesWithContext(ctx aws.Con
 		},
 	}
 
-	cont := true
-	for p.Next() && cont {
-		cont = fn(p.Page().(*DescribeSubscriptionFiltersOutput), !p.HasNextPage())
+	for p.Next() {
+		if !fn(p.Page().(*DescribeSubscriptionFiltersOutput), !p.HasNextPage()) {
+			break
+		}
 	}
+
 	return p.Err()
 }
 
@@ -2041,8 +2146,8 @@ const opDisassociateKmsKey = "DisassociateKmsKey"
 
 // DisassociateKmsKeyRequest generates a "aws/request.Request" representing the
 // client's request for the DisassociateKmsKey operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2076,8 +2181,7 @@ func (c *CloudWatchLogs) DisassociateKmsKeyRequest(input *DisassociateKmsKeyInpu
 
 	output = &DisassociateKmsKeyOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
@@ -2100,17 +2204,17 @@ func (c *CloudWatchLogs) DisassociateKmsKeyRequest(input *DisassociateKmsKeyInpu
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation DisassociateKmsKey for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DisassociateKmsKey
@@ -2139,8 +2243,8 @@ const opFilterLogEvents = "FilterLogEvents"
 
 // FilterLogEventsRequest generates a "aws/request.Request" representing the
 // client's request for the FilterLogEvents operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2202,14 +2306,14 @@ func (c *CloudWatchLogs) FilterLogEventsRequest(input *FilterLogEventsInput) (re
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation FilterLogEvents for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FilterLogEvents
@@ -2245,7 +2349,7 @@ func (c *CloudWatchLogs) FilterLogEventsWithContext(ctx aws.Context, input *Filt
 //    // Example iterating over at most 3 pages of a FilterLogEvents operation.
 //    pageNum := 0
 //    err := client.FilterLogEventsPages(params,
-//        func(page *FilterLogEventsOutput, lastPage bool) bool {
+//        func(page *cloudwatchlogs.FilterLogEventsOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@@ -2264,6 +2368,7 @@ func (c *CloudWatchLogs) FilterLogEventsPages(input *FilterLogEventsInput, fn fu
 // for more information on using Contexts.
 func (c *CloudWatchLogs) FilterLogEventsPagesWithContext(ctx aws.Context, input *FilterLogEventsInput, fn func(*FilterLogEventsOutput, bool) bool, opts ...request.Option) error {
 	p := request.Pagination{
+		EndPageOnSameToken: true,
 		NewRequest: func() (*request.Request, error) {
 			var inCpy *FilterLogEventsInput
 			if input != nil {
@@ -2277,10 +2382,12 @@ func (c *CloudWatchLogs) FilterLogEventsPagesWithContext(ctx aws.Context, input
 		},
 	}
 
-	cont := true
-	for p.Next() && cont {
-		cont = fn(p.Page().(*FilterLogEventsOutput), !p.HasNextPage())
+	for p.Next() {
+		if !fn(p.Page().(*FilterLogEventsOutput), !p.HasNextPage()) {
+			break
+		}
 	}
+
 	return p.Err()
 }
 
@@ -2288,8 +2395,8 @@ const opGetLogEvents = "GetLogEvents"
 
 // GetLogEventsRequest generates a "aws/request.Request" representing the
 // client's request for the GetLogEvents operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2348,14 +2455,14 @@ func (c *CloudWatchLogs) GetLogEventsRequest(input *GetLogEventsInput) (req *req
 // See the AWS API reference guide for Amazon CloudWatch Logs's
 // API operation GetLogEvents for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogEvents
@@ -2391,7 +2498,7 @@ func (c *CloudWatchLogs) GetLogEventsWithContext(ctx aws.Context, input *GetLogE
 //    // Example iterating over at most 3 pages of a GetLogEvents operation.
 //    pageNum := 0
 //    err := client.GetLogEventsPages(params,
-//        func(page *GetLogEventsOutput, lastPage bool) bool {
+//        func(page *cloudwatchlogs.GetLogEventsOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@@ -2410,6 +2517,7 @@ func (c *CloudWatchLogs) GetLogEventsPages(input *GetLogEventsInput, fn func(*Ge
 // for more information on using Contexts.
 func (c *CloudWatchLogs) GetLogEventsPagesWithContext(ctx aws.Context, input *GetLogEventsInput, fn func(*GetLogEventsOutput, bool) bool, opts ...request.Option) error {
 	p := request.Pagination{
+		EndPageOnSameToken: true,
 		NewRequest: func() (*request.Request, error) {
 			var inCpy *GetLogEventsInput
 			if input != nil {
@@ -2423,1148 +2531,2468 @@ func (c *CloudWatchLogs) GetLogEventsPagesWithContext(ctx aws.Context, input *Ge
 		},
 	}
 
-	cont := true
-	for p.Next() && cont {
-		cont = fn(p.Page().(*GetLogEventsOutput), !p.HasNextPage())
+	for p.Next() {
+		if !fn(p.Page().(*GetLogEventsOutput), !p.HasNextPage()) {
+			break
+		}
 	}
+
 	return p.Err()
 }
 
-const opListTagsLogGroup = "ListTagsLogGroup"
+const opGetLogGroupFields = "GetLogGroupFields"
 
-// ListTagsLogGroupRequest generates a "aws/request.Request" representing the
-// client's request for the ListTagsLogGroup operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// GetLogGroupFieldsRequest generates a "aws/request.Request" representing the
+// client's request for the GetLogGroupFields operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See ListTagsLogGroup for more information on using the ListTagsLogGroup
+// See GetLogGroupFields for more information on using the GetLogGroupFields
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the ListTagsLogGroupRequest method.
-//    req, resp := client.ListTagsLogGroupRequest(params)
+//    // Example sending a request using the GetLogGroupFieldsRequest method.
+//    req, resp := client.GetLogGroupFieldsRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroup
-func (c *CloudWatchLogs) ListTagsLogGroupRequest(input *ListTagsLogGroupInput) (req *request.Request, output *ListTagsLogGroupOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogGroupFields
+func (c *CloudWatchLogs) GetLogGroupFieldsRequest(input *GetLogGroupFieldsInput) (req *request.Request, output *GetLogGroupFieldsOutput) {
 	op := &request.Operation{
-		Name:       opListTagsLogGroup,
+		Name:       opGetLogGroupFields,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &ListTagsLogGroupInput{}
+		input = &GetLogGroupFieldsInput{}
 	}
 
-	output = &ListTagsLogGroupOutput{}
+	output = &GetLogGroupFieldsOutput{}
 	req = c.newRequest(op, input, output)
 	return
 }
 
-// ListTagsLogGroup API operation for Amazon CloudWatch Logs.
+// GetLogGroupFields API operation for Amazon CloudWatch Logs.
 //
-// Lists the tags for the specified log group.
+// Returns a list of the fields that are included in log events in the specified
+// log group, along with the percentage of log events that contain each field.
+// The search is limited to a time period that you specify.
+//
+// In the results, fields that start with @ are fields generated by CloudWatch
+// Logs. For example, @timestamp is the timestamp of each log event.
+//
+// The response results are sorted by the frequency percentage, starting with
+// the highest percentage.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation ListTagsLogGroup for usage and error information.
+// API operation GetLogGroupFields for usage and error information.
+//
+// Returned Error Types:
+//   * InvalidParameterException
+//   A parameter is specified incorrectly.
+//
+//   * LimitExceededException
+//   You have reached the maximum number of resources that can be created.
 //
-// Returned Error Codes:
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroup
-func (c *CloudWatchLogs) ListTagsLogGroup(input *ListTagsLogGroupInput) (*ListTagsLogGroupOutput, error) {
-	req, out := c.ListTagsLogGroupRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogGroupFields
+func (c *CloudWatchLogs) GetLogGroupFields(input *GetLogGroupFieldsInput) (*GetLogGroupFieldsOutput, error) {
+	req, out := c.GetLogGroupFieldsRequest(input)
 	return out, req.Send()
 }
 
-// ListTagsLogGroupWithContext is the same as ListTagsLogGroup with the addition of
+// GetLogGroupFieldsWithContext is the same as GetLogGroupFields with the addition of
 // the ability to pass a context and additional request options.
 //
-// See ListTagsLogGroup for details on how to use this API operation.
+// See GetLogGroupFields for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) ListTagsLogGroupWithContext(ctx aws.Context, input *ListTagsLogGroupInput, opts ...request.Option) (*ListTagsLogGroupOutput, error) {
-	req, out := c.ListTagsLogGroupRequest(input)
+func (c *CloudWatchLogs) GetLogGroupFieldsWithContext(ctx aws.Context, input *GetLogGroupFieldsInput, opts ...request.Option) (*GetLogGroupFieldsOutput, error) {
+	req, out := c.GetLogGroupFieldsRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opPutDestination = "PutDestination"
+const opGetLogRecord = "GetLogRecord"
 
-// PutDestinationRequest generates a "aws/request.Request" representing the
-// client's request for the PutDestination operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// GetLogRecordRequest generates a "aws/request.Request" representing the
+// client's request for the GetLogRecord operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See PutDestination for more information on using the PutDestination
+// See GetLogRecord for more information on using the GetLogRecord
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the PutDestinationRequest method.
-//    req, resp := client.PutDestinationRequest(params)
+//    // Example sending a request using the GetLogRecordRequest method.
+//    req, resp := client.GetLogRecordRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestination
-func (c *CloudWatchLogs) PutDestinationRequest(input *PutDestinationInput) (req *request.Request, output *PutDestinationOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogRecord
+func (c *CloudWatchLogs) GetLogRecordRequest(input *GetLogRecordInput) (req *request.Request, output *GetLogRecordOutput) {
 	op := &request.Operation{
-		Name:       opPutDestination,
+		Name:       opGetLogRecord,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &PutDestinationInput{}
+		input = &GetLogRecordInput{}
 	}
 
-	output = &PutDestinationOutput{}
+	output = &GetLogRecordOutput{}
 	req = c.newRequest(op, input, output)
 	return
 }
 
-// PutDestination API operation for Amazon CloudWatch Logs.
+// GetLogRecord API operation for Amazon CloudWatch Logs.
 //
-// Creates or updates a destination. A destination encapsulates a physical resource
-// (such as an Amazon Kinesis stream) and enables you to subscribe to a real-time
-// stream of log events for a different account, ingested using PutLogEvents.
-// Currently, the only supported physical resource is a Kinesis stream belonging
-// to the same account as the destination.
+// Retrieves all the fields and values of a single log event. All fields are
+// retrieved, even if the original query that produced the logRecordPointer
+// retrieved only a subset of fields. Fields are returned as field name/field
+// value pairs.
 //
-// Through an access policy, a destination controls what is written to its Kinesis
-// stream. By default, PutDestination does not set any access policy with the
-// destination, which means a cross-account user cannot call PutSubscriptionFilter
-// against this destination. To enable this, the destination owner must call
-// PutDestinationPolicy after PutDestination.
+// Additionally, the entire unparsed log event is returned within @message.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation PutDestination for usage and error information.
+// API operation GetLogRecord for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
-//   Multiple requests to update the same resource were in conflict.
+//   * LimitExceededException
+//   You have reached the maximum number of resources that can be created.
+//
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestination
-func (c *CloudWatchLogs) PutDestination(input *PutDestinationInput) (*PutDestinationOutput, error) {
-	req, out := c.PutDestinationRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogRecord
+func (c *CloudWatchLogs) GetLogRecord(input *GetLogRecordInput) (*GetLogRecordOutput, error) {
+	req, out := c.GetLogRecordRequest(input)
 	return out, req.Send()
 }
 
-// PutDestinationWithContext is the same as PutDestination with the addition of
+// GetLogRecordWithContext is the same as GetLogRecord with the addition of
 // the ability to pass a context and additional request options.
 //
-// See PutDestination for details on how to use this API operation.
+// See GetLogRecord for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) PutDestinationWithContext(ctx aws.Context, input *PutDestinationInput, opts ...request.Option) (*PutDestinationOutput, error) {
-	req, out := c.PutDestinationRequest(input)
+func (c *CloudWatchLogs) GetLogRecordWithContext(ctx aws.Context, input *GetLogRecordInput, opts ...request.Option) (*GetLogRecordOutput, error) {
+	req, out := c.GetLogRecordRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opPutDestinationPolicy = "PutDestinationPolicy"
+const opGetQueryResults = "GetQueryResults"
 
-// PutDestinationPolicyRequest generates a "aws/request.Request" representing the
-// client's request for the PutDestinationPolicy operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// GetQueryResultsRequest generates a "aws/request.Request" representing the
+// client's request for the GetQueryResults operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See PutDestinationPolicy for more information on using the PutDestinationPolicy
+// See GetQueryResults for more information on using the GetQueryResults
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the PutDestinationPolicyRequest method.
-//    req, resp := client.PutDestinationPolicyRequest(params)
+//    // Example sending a request using the GetQueryResultsRequest method.
+//    req, resp := client.GetQueryResultsRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicy
-func (c *CloudWatchLogs) PutDestinationPolicyRequest(input *PutDestinationPolicyInput) (req *request.Request, output *PutDestinationPolicyOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetQueryResults
+func (c *CloudWatchLogs) GetQueryResultsRequest(input *GetQueryResultsInput) (req *request.Request, output *GetQueryResultsOutput) {
 	op := &request.Operation{
-		Name:       opPutDestinationPolicy,
+		Name:       opGetQueryResults,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &PutDestinationPolicyInput{}
+		input = &GetQueryResultsInput{}
 	}
 
-	output = &PutDestinationPolicyOutput{}
+	output = &GetQueryResultsOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
-// PutDestinationPolicy API operation for Amazon CloudWatch Logs.
+// GetQueryResults API operation for Amazon CloudWatch Logs.
 //
-// Creates or updates an access policy associated with an existing destination.
-// An access policy is an IAM policy document (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html)
-// that is used to authorize claims to register a subscription filter against
-// a given destination.
+// Returns the results from the specified query.
+//
+// Only the fields requested in the query are returned, along with a @ptr field
+// which is the identifier for the log record. You can use the value of @ptr
+// in a operation to get the full log record.
+//
+// GetQueryResults does not start a query execution. To run a query, use .
+//
+// If the value of the Status field in the output is Running, this operation
+// returns only partial results. If you see a value of Scheduled or Running
+// for the status, you can retry the operation later to see the final results.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation PutDestinationPolicy for usage and error information.
+// API operation GetQueryResults for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
-//   Multiple requests to update the same resource were in conflict.
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicy
-func (c *CloudWatchLogs) PutDestinationPolicy(input *PutDestinationPolicyInput) (*PutDestinationPolicyOutput, error) {
-	req, out := c.PutDestinationPolicyRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetQueryResults
+func (c *CloudWatchLogs) GetQueryResults(input *GetQueryResultsInput) (*GetQueryResultsOutput, error) {
+	req, out := c.GetQueryResultsRequest(input)
 	return out, req.Send()
 }
 
-// PutDestinationPolicyWithContext is the same as PutDestinationPolicy with the addition of
+// GetQueryResultsWithContext is the same as GetQueryResults with the addition of
 // the ability to pass a context and additional request options.
 //
-// See PutDestinationPolicy for details on how to use this API operation.
+// See GetQueryResults for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) PutDestinationPolicyWithContext(ctx aws.Context, input *PutDestinationPolicyInput, opts ...request.Option) (*PutDestinationPolicyOutput, error) {
-	req, out := c.PutDestinationPolicyRequest(input)
+func (c *CloudWatchLogs) GetQueryResultsWithContext(ctx aws.Context, input *GetQueryResultsInput, opts ...request.Option) (*GetQueryResultsOutput, error) {
+	req, out := c.GetQueryResultsRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opPutLogEvents = "PutLogEvents"
+const opListTagsLogGroup = "ListTagsLogGroup"
 
-// PutLogEventsRequest generates a "aws/request.Request" representing the
-// client's request for the PutLogEvents operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// ListTagsLogGroupRequest generates a "aws/request.Request" representing the
+// client's request for the ListTagsLogGroup operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See PutLogEvents for more information on using the PutLogEvents
+// See ListTagsLogGroup for more information on using the ListTagsLogGroup
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the PutLogEventsRequest method.
-//    req, resp := client.PutLogEventsRequest(params)
+//    // Example sending a request using the ListTagsLogGroupRequest method.
+//    req, resp := client.ListTagsLogGroupRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEvents
-func (c *CloudWatchLogs) PutLogEventsRequest(input *PutLogEventsInput) (req *request.Request, output *PutLogEventsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroup
+func (c *CloudWatchLogs) ListTagsLogGroupRequest(input *ListTagsLogGroupInput) (req *request.Request, output *ListTagsLogGroupOutput) {
 	op := &request.Operation{
-		Name:       opPutLogEvents,
+		Name:       opListTagsLogGroup,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &PutLogEventsInput{}
+		input = &ListTagsLogGroupInput{}
 	}
 
-	output = &PutLogEventsOutput{}
+	output = &ListTagsLogGroupOutput{}
 	req = c.newRequest(op, input, output)
 	return
 }
 
-// PutLogEvents API operation for Amazon CloudWatch Logs.
-//
-// Uploads a batch of log events to the specified log stream.
-//
-// You must include the sequence token obtained from the response of the previous
-// call. An upload in a newly created log stream does not require a sequence
-// token. You can also get the sequence token using DescribeLogStreams. If you
-// call PutLogEvents twice within a narrow time period using the same value
-// for sequenceToken, both calls may be successful, or one may be rejected.
-//
-// The batch of events must satisfy the following constraints:
-//
-//    * The maximum batch size is 1,048,576 bytes, and this size is calculated
-//    as the sum of all event messages in UTF-8, plus 26 bytes for each log
-//    event.
-//
-//    * None of the log events in the batch can be more than 2 hours in the
-//    future.
-//
-//    * None of the log events in the batch can be older than 14 days or the
-//    retention period of the log group.
-//
-//    * The log events in the batch must be in chronological ordered by their
-//    time stamp (the time the event occurred, expressed as the number of milliseconds
-//    after Jan 1, 1970 00:00:00 UTC).
-//
-//    * The maximum number of log events in a batch is 10,000.
+// ListTagsLogGroup API operation for Amazon CloudWatch Logs.
 //
-//    * A batch of log events in a single request cannot span more than 24 hours.
-//    Otherwise, the operation fails.
+// Lists the tags for the specified log group.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation PutLogEvents for usage and error information.
-//
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
-//   A parameter is specified incorrectly.
-//
-//   * ErrCodeInvalidSequenceTokenException "InvalidSequenceTokenException"
-//   The sequence token is not valid.
-//
-//   * ErrCodeDataAlreadyAcceptedException "DataAlreadyAcceptedException"
-//   The event was already logged.
+// API operation ListTagsLogGroup for usage and error information.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+// Returned Error Types:
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEvents
-func (c *CloudWatchLogs) PutLogEvents(input *PutLogEventsInput) (*PutLogEventsOutput, error) {
-	req, out := c.PutLogEventsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroup
+func (c *CloudWatchLogs) ListTagsLogGroup(input *ListTagsLogGroupInput) (*ListTagsLogGroupOutput, error) {
+	req, out := c.ListTagsLogGroupRequest(input)
 	return out, req.Send()
 }
 
-// PutLogEventsWithContext is the same as PutLogEvents with the addition of
+// ListTagsLogGroupWithContext is the same as ListTagsLogGroup with the addition of
 // the ability to pass a context and additional request options.
 //
-// See PutLogEvents for details on how to use this API operation.
+// See ListTagsLogGroup for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) PutLogEventsWithContext(ctx aws.Context, input *PutLogEventsInput, opts ...request.Option) (*PutLogEventsOutput, error) {
-	req, out := c.PutLogEventsRequest(input)
+func (c *CloudWatchLogs) ListTagsLogGroupWithContext(ctx aws.Context, input *ListTagsLogGroupInput, opts ...request.Option) (*ListTagsLogGroupOutput, error) {
+	req, out := c.ListTagsLogGroupRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opPutMetricFilter = "PutMetricFilter"
+const opPutDestination = "PutDestination"
 
-// PutMetricFilterRequest generates a "aws/request.Request" representing the
-// client's request for the PutMetricFilter operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// PutDestinationRequest generates a "aws/request.Request" representing the
+// client's request for the PutDestination operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See PutMetricFilter for more information on using the PutMetricFilter
+// See PutDestination for more information on using the PutDestination
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the PutMetricFilterRequest method.
-//    req, resp := client.PutMetricFilterRequest(params)
+//    // Example sending a request using the PutDestinationRequest method.
+//    req, resp := client.PutDestinationRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter
-func (c *CloudWatchLogs) PutMetricFilterRequest(input *PutMetricFilterInput) (req *request.Request, output *PutMetricFilterOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestination
+func (c *CloudWatchLogs) PutDestinationRequest(input *PutDestinationInput) (req *request.Request, output *PutDestinationOutput) {
 	op := &request.Operation{
-		Name:       opPutMetricFilter,
+		Name:       opPutDestination,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &PutMetricFilterInput{}
+		input = &PutDestinationInput{}
 	}
 
-	output = &PutMetricFilterOutput{}
+	output = &PutDestinationOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
-// PutMetricFilter API operation for Amazon CloudWatch Logs.
+// PutDestination API operation for Amazon CloudWatch Logs.
 //
-// Creates or updates a metric filter and associates it with the specified log
-// group. Metric filters allow you to configure rules to extract metric data
-// from log events ingested through PutLogEvents.
+// Creates or updates a destination. This operation is used only to create destinations
+// for cross-account subscriptions.
 //
-// The maximum number of metric filters that can be associated with a log group
-// is 100.
+// A destination encapsulates a physical resource (such as an Amazon Kinesis
+// stream) and enables you to subscribe to a real-time stream of log events
+// for a different account, ingested using PutLogEvents.
+//
+// Through an access policy, a destination controls what is written to it. By
+// default, PutDestination does not set any access policy with the destination,
+// which means a cross-account user cannot call PutSubscriptionFilter against
+// this destination. To enable this, the destination owner must call PutDestinationPolicy
+// after PutDestination.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation PutMetricFilter for usage and error information.
+// API operation PutDestination for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
-//   The specified resource does not exist.
-//
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeLimitExceededException "LimitExceededException"
-//   You have reached the maximum number of resources that can be created.
-//
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter
-func (c *CloudWatchLogs) PutMetricFilter(input *PutMetricFilterInput) (*PutMetricFilterOutput, error) {
-	req, out := c.PutMetricFilterRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestination
+func (c *CloudWatchLogs) PutDestination(input *PutDestinationInput) (*PutDestinationOutput, error) {
+	req, out := c.PutDestinationRequest(input)
 	return out, req.Send()
 }
 
-// PutMetricFilterWithContext is the same as PutMetricFilter with the addition of
+// PutDestinationWithContext is the same as PutDestination with the addition of
 // the ability to pass a context and additional request options.
 //
-// See PutMetricFilter for details on how to use this API operation.
+// See PutDestination for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) PutMetricFilterWithContext(ctx aws.Context, input *PutMetricFilterInput, opts ...request.Option) (*PutMetricFilterOutput, error) {
-	req, out := c.PutMetricFilterRequest(input)
+func (c *CloudWatchLogs) PutDestinationWithContext(ctx aws.Context, input *PutDestinationInput, opts ...request.Option) (*PutDestinationOutput, error) {
+	req, out := c.PutDestinationRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opPutResourcePolicy = "PutResourcePolicy"
+const opPutDestinationPolicy = "PutDestinationPolicy"
 
-// PutResourcePolicyRequest generates a "aws/request.Request" representing the
-// client's request for the PutResourcePolicy operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// PutDestinationPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the PutDestinationPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See PutResourcePolicy for more information on using the PutResourcePolicy
+// See PutDestinationPolicy for more information on using the PutDestinationPolicy
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the PutResourcePolicyRequest method.
-//    req, resp := client.PutResourcePolicyRequest(params)
+//    // Example sending a request using the PutDestinationPolicyRequest method.
+//    req, resp := client.PutDestinationPolicyRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicy
-func (c *CloudWatchLogs) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicy
+func (c *CloudWatchLogs) PutDestinationPolicyRequest(input *PutDestinationPolicyInput) (req *request.Request, output *PutDestinationPolicyOutput) {
 	op := &request.Operation{
-		Name:       opPutResourcePolicy,
+		Name:       opPutDestinationPolicy,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &PutResourcePolicyInput{}
+		input = &PutDestinationPolicyInput{}
 	}
 
-	output = &PutResourcePolicyOutput{}
+	output = &PutDestinationPolicyOutput{}
 	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
-// PutResourcePolicy API operation for Amazon CloudWatch Logs.
+// PutDestinationPolicy API operation for Amazon CloudWatch Logs.
 //
-// Creates or updates a resource policy allowing other AWS services to put log
-// events to this account, such as Amazon Route 53. An account can have up to
-// 50 resource policies per region.
+// Creates or updates an access policy associated with an existing destination.
+// An access policy is an IAM policy document (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html)
+// that is used to authorize claims to register a subscription filter against
+// a given destination.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation PutResourcePolicy for usage and error information.
+// API operation PutDestinationPolicy for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeLimitExceededException "LimitExceededException"
-//   You have reached the maximum number of resources that can be created.
+//   * OperationAbortedException
+//   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicy
-func (c *CloudWatchLogs) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) {
-	req, out := c.PutResourcePolicyRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicy
+func (c *CloudWatchLogs) PutDestinationPolicy(input *PutDestinationPolicyInput) (*PutDestinationPolicyOutput, error) {
+	req, out := c.PutDestinationPolicyRequest(input)
 	return out, req.Send()
 }
 
-// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of
+// PutDestinationPolicyWithContext is the same as PutDestinationPolicy with the addition of
 // the ability to pass a context and additional request options.
 //
-// See PutResourcePolicy for details on how to use this API operation.
+// See PutDestinationPolicy for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) {
-	req, out := c.PutResourcePolicyRequest(input)
+func (c *CloudWatchLogs) PutDestinationPolicyWithContext(ctx aws.Context, input *PutDestinationPolicyInput, opts ...request.Option) (*PutDestinationPolicyOutput, error) {
+	req, out := c.PutDestinationPolicyRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opPutRetentionPolicy = "PutRetentionPolicy"
+const opPutLogEvents = "PutLogEvents"
 
-// PutRetentionPolicyRequest generates a "aws/request.Request" representing the
-// client's request for the PutRetentionPolicy operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// PutLogEventsRequest generates a "aws/request.Request" representing the
+// client's request for the PutLogEvents operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See PutRetentionPolicy for more information on using the PutRetentionPolicy
+// See PutLogEvents for more information on using the PutLogEvents
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the PutRetentionPolicyRequest method.
-//    req, resp := client.PutRetentionPolicyRequest(params)
+//    // Example sending a request using the PutLogEventsRequest method.
+//    req, resp := client.PutLogEventsRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicy
-func (c *CloudWatchLogs) PutRetentionPolicyRequest(input *PutRetentionPolicyInput) (req *request.Request, output *PutRetentionPolicyOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEvents
+func (c *CloudWatchLogs) PutLogEventsRequest(input *PutLogEventsInput) (req *request.Request, output *PutLogEventsOutput) {
 	op := &request.Operation{
-		Name:       opPutRetentionPolicy,
+		Name:       opPutLogEvents,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &PutRetentionPolicyInput{}
+		input = &PutLogEventsInput{}
 	}
 
-	output = &PutRetentionPolicyOutput{}
+	output = &PutLogEventsOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
-// PutRetentionPolicy API operation for Amazon CloudWatch Logs.
+// PutLogEvents API operation for Amazon CloudWatch Logs.
 //
-// Sets the retention of the specified log group. A retention policy allows
-// you to configure the number of days for which to retain log events in the
-// specified log group.
+// Uploads a batch of log events to the specified log stream.
+//
+// You must include the sequence token obtained from the response of the previous
+// call. An upload in a newly created log stream does not require a sequence
+// token. You can also get the sequence token in the expectedSequenceToken field
+// from InvalidSequenceTokenException. If you call PutLogEvents twice within
+// a narrow time period using the same value for sequenceToken, both calls may
+// be successful, or one may be rejected.
+//
+// The batch of events must satisfy the following constraints:
+//
+//    * The maximum batch size is 1,048,576 bytes, and this size is calculated
+//    as the sum of all event messages in UTF-8, plus 26 bytes for each log
+//    event.
+//
+//    * None of the log events in the batch can be more than 2 hours in the
+//    future.
+//
+//    * None of the log events in the batch can be older than 14 days or older
+//    than the retention period of the log group.
+//
+//    * The log events in the batch must be in chronological ordered by their
+//    timestamp. The timestamp is the time the event occurred, expressed as
+//    the number of milliseconds after Jan 1, 1970 00:00:00 UTC. (In AWS Tools
+//    for PowerShell and the AWS SDK for .NET, the timestamp is specified in
+//    .NET format: yyyy-mm-ddThh:mm:ss. For example, 2017-09-15T13:45:30.)
+//
+//    * A batch of log events in a single request cannot span more than 24 hours.
+//    Otherwise, the operation fails.
+//
+//    * The maximum number of log events in a batch is 10,000.
+//
+//    * There is a quota of 5 requests per second per log stream. Additional
+//    requests are throttled. This quota can't be changed.
+//
+// If a call to PutLogEvents returns "UnrecognizedClientException" the most
+// likely cause is an invalid AWS access key ID or secret key.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation PutRetentionPolicy for usage and error information.
+// API operation PutLogEvents for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
-//   The specified resource does not exist.
+//   * InvalidSequenceTokenException
+//   The sequence token is not valid. You can get the correct sequence token in
+//   the expectedSequenceToken field in the InvalidSequenceTokenException message.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
-//   Multiple requests to update the same resource were in conflict.
+//   * DataAlreadyAcceptedException
+//   The event was already logged.
+//
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicy
-func (c *CloudWatchLogs) PutRetentionPolicy(input *PutRetentionPolicyInput) (*PutRetentionPolicyOutput, error) {
-	req, out := c.PutRetentionPolicyRequest(input)
+//   * UnrecognizedClientException
+//   The most likely cause is an invalid AWS access key ID or secret key.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEvents
+func (c *CloudWatchLogs) PutLogEvents(input *PutLogEventsInput) (*PutLogEventsOutput, error) {
+	req, out := c.PutLogEventsRequest(input)
 	return out, req.Send()
 }
 
-// PutRetentionPolicyWithContext is the same as PutRetentionPolicy with the addition of
+// PutLogEventsWithContext is the same as PutLogEvents with the addition of
 // the ability to pass a context and additional request options.
 //
-// See PutRetentionPolicy for details on how to use this API operation.
+// See PutLogEvents for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) PutRetentionPolicyWithContext(ctx aws.Context, input *PutRetentionPolicyInput, opts ...request.Option) (*PutRetentionPolicyOutput, error) {
-	req, out := c.PutRetentionPolicyRequest(input)
+func (c *CloudWatchLogs) PutLogEventsWithContext(ctx aws.Context, input *PutLogEventsInput, opts ...request.Option) (*PutLogEventsOutput, error) {
+	req, out := c.PutLogEventsRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opPutSubscriptionFilter = "PutSubscriptionFilter"
+const opPutMetricFilter = "PutMetricFilter"
 
-// PutSubscriptionFilterRequest generates a "aws/request.Request" representing the
-// client's request for the PutSubscriptionFilter operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// PutMetricFilterRequest generates a "aws/request.Request" representing the
+// client's request for the PutMetricFilter operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See PutSubscriptionFilter for more information on using the PutSubscriptionFilter
+// See PutMetricFilter for more information on using the PutMetricFilter
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the PutSubscriptionFilterRequest method.
-//    req, resp := client.PutSubscriptionFilterRequest(params)
+//    // Example sending a request using the PutMetricFilterRequest method.
+//    req, resp := client.PutMetricFilterRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter
-func (c *CloudWatchLogs) PutSubscriptionFilterRequest(input *PutSubscriptionFilterInput) (req *request.Request, output *PutSubscriptionFilterOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter
+func (c *CloudWatchLogs) PutMetricFilterRequest(input *PutMetricFilterInput) (req *request.Request, output *PutMetricFilterOutput) {
 	op := &request.Operation{
-		Name:       opPutSubscriptionFilter,
+		Name:       opPutMetricFilter,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &PutSubscriptionFilterInput{}
+		input = &PutMetricFilterInput{}
 	}
 
-	output = &PutSubscriptionFilterOutput{}
+	output = &PutMetricFilterOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
-// PutSubscriptionFilter API operation for Amazon CloudWatch Logs.
-//
-// Creates or updates a subscription filter and associates it with the specified
-// log group. Subscription filters allow you to subscribe to a real-time stream
-// of log events ingested through PutLogEvents and have them delivered to a
-// specific destination. Currently, the supported destinations are:
-//
-//    * An Amazon Kinesis stream belonging to the same account as the subscription
-//    filter, for same-account delivery.
-//
-//    * A logical destination that belongs to a different account, for cross-account
-//    delivery.
-//
-//    * An Amazon Kinesis Firehose delivery stream that belongs to the same
-//    account as the subscription filter, for same-account delivery.
+// PutMetricFilter API operation for Amazon CloudWatch Logs.
 //
-//    * An AWS Lambda function that belongs to the same account as the subscription
-//    filter, for same-account delivery.
+// Creates or updates a metric filter and associates it with the specified log
+// group. Metric filters allow you to configure rules to extract metric data
+// from log events ingested through PutLogEvents.
 //
-// There can only be one subscription filter associated with a log group. If
-// you are updating an existing filter, you must specify the correct name in
-// filterName. Otherwise, the call fails because you cannot associate a second
-// filter with a log group.
+// The maximum number of metric filters that can be associated with a log group
+// is 100.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation PutSubscriptionFilter for usage and error information.
+// API operation PutMetricFilter for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-//   * ErrCodeOperationAbortedException "OperationAbortedException"
+//   * OperationAbortedException
 //   Multiple requests to update the same resource were in conflict.
 //
-//   * ErrCodeLimitExceededException "LimitExceededException"
+//   * LimitExceededException
 //   You have reached the maximum number of resources that can be created.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter
-func (c *CloudWatchLogs) PutSubscriptionFilter(input *PutSubscriptionFilterInput) (*PutSubscriptionFilterOutput, error) {
-	req, out := c.PutSubscriptionFilterRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter
+func (c *CloudWatchLogs) PutMetricFilter(input *PutMetricFilterInput) (*PutMetricFilterOutput, error) {
+	req, out := c.PutMetricFilterRequest(input)
 	return out, req.Send()
 }
 
-// PutSubscriptionFilterWithContext is the same as PutSubscriptionFilter with the addition of
+// PutMetricFilterWithContext is the same as PutMetricFilter with the addition of
 // the ability to pass a context and additional request options.
 //
-// See PutSubscriptionFilter for details on how to use this API operation.
+// See PutMetricFilter for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) PutSubscriptionFilterWithContext(ctx aws.Context, input *PutSubscriptionFilterInput, opts ...request.Option) (*PutSubscriptionFilterOutput, error) {
-	req, out := c.PutSubscriptionFilterRequest(input)
+func (c *CloudWatchLogs) PutMetricFilterWithContext(ctx aws.Context, input *PutMetricFilterInput, opts ...request.Option) (*PutMetricFilterOutput, error) {
+	req, out := c.PutMetricFilterRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opTagLogGroup = "TagLogGroup"
+const opPutResourcePolicy = "PutResourcePolicy"
 
-// TagLogGroupRequest generates a "aws/request.Request" representing the
-// client's request for the TagLogGroup operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// PutResourcePolicyRequest generates a "aws/request.Request" representing the
+// client's request for the PutResourcePolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See TagLogGroup for more information on using the TagLogGroup
+// See PutResourcePolicy for more information on using the PutResourcePolicy
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the TagLogGroupRequest method.
-//    req, resp := client.TagLogGroupRequest(params)
+//    // Example sending a request using the PutResourcePolicyRequest method.
+//    req, resp := client.PutResourcePolicyRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroup
-func (c *CloudWatchLogs) TagLogGroupRequest(input *TagLogGroupInput) (req *request.Request, output *TagLogGroupOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicy
+func (c *CloudWatchLogs) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) {
 	op := &request.Operation{
-		Name:       opTagLogGroup,
+		Name:       opPutResourcePolicy,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &TagLogGroupInput{}
+		input = &PutResourcePolicyInput{}
 	}
 
-	output = &TagLogGroupOutput{}
+	output = &PutResourcePolicyOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
-// TagLogGroup API operation for Amazon CloudWatch Logs.
-//
-// Adds or updates the specified tags for the specified log group.
-//
-// To list the tags for a log group, use ListTagsLogGroup. To remove tags, use
-// UntagLogGroup.
+// PutResourcePolicy API operation for Amazon CloudWatch Logs.
 //
-// For more information about tags, see Tag Log Groups in Amazon CloudWatch
-// Logs (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/log-group-tagging.html)
-// in the Amazon CloudWatch Logs User Guide.
+// Creates or updates a resource policy allowing other AWS services to put log
+// events to this account, such as Amazon Route 53. An account can have up to
+// 10 resource policies per region.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation TagLogGroup for usage and error information.
-//
-// Returned Error Codes:
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
-//   The specified resource does not exist.
+// API operation PutResourcePolicy for usage and error information.
 //
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroup
-func (c *CloudWatchLogs) TagLogGroup(input *TagLogGroupInput) (*TagLogGroupOutput, error) {
-	req, out := c.TagLogGroupRequest(input)
+//   * LimitExceededException
+//   You have reached the maximum number of resources that can be created.
+//
+//   * ServiceUnavailableException
+//   The service cannot complete the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicy
+func (c *CloudWatchLogs) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) {
+	req, out := c.PutResourcePolicyRequest(input)
 	return out, req.Send()
 }
 
-// TagLogGroupWithContext is the same as TagLogGroup with the addition of
+// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of
 // the ability to pass a context and additional request options.
 //
-// See TagLogGroup for details on how to use this API operation.
+// See PutResourcePolicy for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) TagLogGroupWithContext(ctx aws.Context, input *TagLogGroupInput, opts ...request.Option) (*TagLogGroupOutput, error) {
-	req, out := c.TagLogGroupRequest(input)
+func (c *CloudWatchLogs) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) {
+	req, out := c.PutResourcePolicyRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opTestMetricFilter = "TestMetricFilter"
+const opPutRetentionPolicy = "PutRetentionPolicy"
 
-// TestMetricFilterRequest generates a "aws/request.Request" representing the
-// client's request for the TestMetricFilter operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// PutRetentionPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the PutRetentionPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See TestMetricFilter for more information on using the TestMetricFilter
+// See PutRetentionPolicy for more information on using the PutRetentionPolicy
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the TestMetricFilterRequest method.
-//    req, resp := client.TestMetricFilterRequest(params)
+//    // Example sending a request using the PutRetentionPolicyRequest method.
+//    req, resp := client.PutRetentionPolicyRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilter
-func (c *CloudWatchLogs) TestMetricFilterRequest(input *TestMetricFilterInput) (req *request.Request, output *TestMetricFilterOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicy
+func (c *CloudWatchLogs) PutRetentionPolicyRequest(input *PutRetentionPolicyInput) (req *request.Request, output *PutRetentionPolicyOutput) {
 	op := &request.Operation{
-		Name:       opTestMetricFilter,
+		Name:       opPutRetentionPolicy,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &TestMetricFilterInput{}
+		input = &PutRetentionPolicyInput{}
 	}
 
-	output = &TestMetricFilterOutput{}
+	output = &PutRetentionPolicyOutput{}
 	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
-// TestMetricFilter API operation for Amazon CloudWatch Logs.
+// PutRetentionPolicy API operation for Amazon CloudWatch Logs.
 //
-// Tests the filter pattern of a metric filter against a sample of log event
-// messages. You can use this operation to validate the correctness of a metric
-// filter pattern.
+// Sets the retention of the specified log group. A retention policy allows
+// you to configure the number of days for which to retain log events in the
+// specified log group.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation TestMetricFilter for usage and error information.
+// API operation PutRetentionPolicy for usage and error information.
 //
-// Returned Error Codes:
-//   * ErrCodeInvalidParameterException "InvalidParameterException"
+// Returned Error Types:
+//   * InvalidParameterException
 //   A parameter is specified incorrectly.
 //
-//   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
+//
+//   * OperationAbortedException
+//   Multiple requests to update the same resource were in conflict.
+//
+//   * ServiceUnavailableException
 //   The service cannot complete the request.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilter
-func (c *CloudWatchLogs) TestMetricFilter(input *TestMetricFilterInput) (*TestMetricFilterOutput, error) {
-	req, out := c.TestMetricFilterRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicy
+func (c *CloudWatchLogs) PutRetentionPolicy(input *PutRetentionPolicyInput) (*PutRetentionPolicyOutput, error) {
+	req, out := c.PutRetentionPolicyRequest(input)
 	return out, req.Send()
 }
 
-// TestMetricFilterWithContext is the same as TestMetricFilter with the addition of
+// PutRetentionPolicyWithContext is the same as PutRetentionPolicy with the addition of
 // the ability to pass a context and additional request options.
 //
-// See TestMetricFilter for details on how to use this API operation.
+// See PutRetentionPolicy for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) TestMetricFilterWithContext(ctx aws.Context, input *TestMetricFilterInput, opts ...request.Option) (*TestMetricFilterOutput, error) {
-	req, out := c.TestMetricFilterRequest(input)
+func (c *CloudWatchLogs) PutRetentionPolicyWithContext(ctx aws.Context, input *PutRetentionPolicyInput, opts ...request.Option) (*PutRetentionPolicyOutput, error) {
+	req, out := c.PutRetentionPolicyRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opUntagLogGroup = "UntagLogGroup"
+const opPutSubscriptionFilter = "PutSubscriptionFilter"
 
-// UntagLogGroupRequest generates a "aws/request.Request" representing the
-// client's request for the UntagLogGroup operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// PutSubscriptionFilterRequest generates a "aws/request.Request" representing the
+// client's request for the PutSubscriptionFilter operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See UntagLogGroup for more information on using the UntagLogGroup
+// See PutSubscriptionFilter for more information on using the PutSubscriptionFilter
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the UntagLogGroupRequest method.
-//    req, resp := client.UntagLogGroupRequest(params)
+//    // Example sending a request using the PutSubscriptionFilterRequest method.
+//    req, resp := client.PutSubscriptionFilterRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroup
-func (c *CloudWatchLogs) UntagLogGroupRequest(input *UntagLogGroupInput) (req *request.Request, output *UntagLogGroupOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter
+func (c *CloudWatchLogs) PutSubscriptionFilterRequest(input *PutSubscriptionFilterInput) (req *request.Request, output *PutSubscriptionFilterOutput) {
 	op := &request.Operation{
-		Name:       opUntagLogGroup,
+		Name:       opPutSubscriptionFilter,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &UntagLogGroupInput{}
+		input = &PutSubscriptionFilterInput{}
 	}
 
-	output = &UntagLogGroupOutput{}
+	output = &PutSubscriptionFilterOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }
 
-// UntagLogGroup API operation for Amazon CloudWatch Logs.
+// PutSubscriptionFilter API operation for Amazon CloudWatch Logs.
 //
-// Removes the specified tags from the specified log group.
+// Creates or updates a subscription filter and associates it with the specified
+// log group. Subscription filters allow you to subscribe to a real-time stream
+// of log events ingested through PutLogEvents and have them delivered to a
+// specific destination. Currently, the supported destinations are:
 //
-// To list the tags for a log group, use ListTagsLogGroup. To add tags, use
-// UntagLogGroup.
+//    * An Amazon Kinesis stream belonging to the same account as the subscription
+//    filter, for same-account delivery.
+//
+//    * A logical destination that belongs to a different account, for cross-account
+//    delivery.
+//
+//    * An Amazon Kinesis Firehose delivery stream that belongs to the same
+//    account as the subscription filter, for same-account delivery.
+//
+//    * An AWS Lambda function that belongs to the same account as the subscription
+//    filter, for same-account delivery.
+//
+// There can only be one subscription filter associated with a log group. If
+// you are updating an existing filter, you must specify the correct name in
+// filterName. Otherwise, the call fails because you cannot associate a second
+// filter with a log group.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon CloudWatch Logs's
-// API operation UntagLogGroup for usage and error information.
+// API operation PutSubscriptionFilter for usage and error information.
+//
+// Returned Error Types:
+//   * InvalidParameterException
+//   A parameter is specified incorrectly.
 //
-// Returned Error Codes:
-//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   * ResourceNotFoundException
 //   The specified resource does not exist.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroup
-func (c *CloudWatchLogs) UntagLogGroup(input *UntagLogGroupInput) (*UntagLogGroupOutput, error) {
-	req, out := c.UntagLogGroupRequest(input)
+//   * OperationAbortedException
+//   Multiple requests to update the same resource were in conflict.
+//
+//   * LimitExceededException
+//   You have reached the maximum number of resources that can be created.
+//
+//   * ServiceUnavailableException
+//   The service cannot complete the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter
+func (c *CloudWatchLogs) PutSubscriptionFilter(input *PutSubscriptionFilterInput) (*PutSubscriptionFilterOutput, error) {
+	req, out := c.PutSubscriptionFilterRequest(input)
 	return out, req.Send()
 }
 
-// UntagLogGroupWithContext is the same as UntagLogGroup with the addition of
+// PutSubscriptionFilterWithContext is the same as PutSubscriptionFilter with the addition of
 // the ability to pass a context and additional request options.
 //
-// See UntagLogGroup for details on how to use this API operation.
+// See PutSubscriptionFilter for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CloudWatchLogs) UntagLogGroupWithContext(ctx aws.Context, input *UntagLogGroupInput, opts ...request.Option) (*UntagLogGroupOutput, error) {
-	req, out := c.UntagLogGroupRequest(input)
+func (c *CloudWatchLogs) PutSubscriptionFilterWithContext(ctx aws.Context, input *PutSubscriptionFilterInput, opts ...request.Option) (*PutSubscriptionFilterOutput, error) {
+	req, out := c.PutSubscriptionFilterRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AssociateKmsKeyRequest
-type AssociateKmsKeyInput struct {
-	_ struct{} `type:"structure"`
+const opStartQuery = "StartQuery"
 
-	// The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
-	// For more information, see Amazon Resource Names - AWS Key Management Service
-	// (AWS KMS) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms).
-	//
-	// KmsKeyId is a required field
-	KmsKeyId *string `locationName:"kmsKeyId" type:"string" required:"true"`
+// StartQueryRequest generates a "aws/request.Request" representing the
+// client's request for the StartQuery operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StartQuery for more information on using the StartQuery
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the StartQueryRequest method.
+//    req, resp := client.StartQueryRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartQuery
+func (c *CloudWatchLogs) StartQueryRequest(input *StartQueryInput) (req *request.Request, output *StartQueryOutput) {
+	op := &request.Operation{
+		Name:       opStartQuery,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	if input == nil {
+		input = &StartQueryInput{}
+	}
+
+	output = &StartQueryOutput{}
+	req = c.newRequest(op, input, output)
+	return
 }
 
-// String returns the string representation
-func (s AssociateKmsKeyInput) String() string {
-	return awsutil.Prettify(s)
+// StartQuery API operation for Amazon CloudWatch Logs.
+//
+// Schedules a query of a log group using CloudWatch Logs Insights. You specify
+// the log group and time range to query, and the query string to use.
+//
+// For more information, see CloudWatch Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).
+//
+// Queries time out after 15 minutes of execution. If your queries are timing
+// out, reduce the time range being searched, or partition your query into a
+// number of queries.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon CloudWatch Logs's
+// API operation StartQuery for usage and error information.
+//
+// Returned Error Types:
+//   * MalformedQueryException
+//   The query string is not valid. Details about this error are displayed in
+//   a QueryCompileError object. For more information, see .
+//
+//   For more information about valid query syntax, see CloudWatch Logs Insights
+//   Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).
+//
+//   * InvalidParameterException
+//   A parameter is specified incorrectly.
+//
+//   * LimitExceededException
+//   You have reached the maximum number of resources that can be created.
+//
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
+//
+//   * ServiceUnavailableException
+//   The service cannot complete the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartQuery
+func (c *CloudWatchLogs) StartQuery(input *StartQueryInput) (*StartQueryOutput, error) {
+	req, out := c.StartQueryRequest(input)
+	return out, req.Send()
 }
 
-// GoString returns the string representation
-func (s AssociateKmsKeyInput) GoString() string {
-	return s.String()
+// StartQueryWithContext is the same as StartQuery with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StartQuery for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CloudWatchLogs) StartQueryWithContext(ctx aws.Context, input *StartQueryInput, opts ...request.Option) (*StartQueryOutput, error) {
+	req, out := c.StartQueryRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AssociateKmsKeyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AssociateKmsKeyInput"}
-	if s.KmsKeyId == nil {
-		invalidParams.Add(request.NewErrParamRequired("KmsKeyId"))
-	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+const opStopQuery = "StopQuery"
+
+// StopQueryRequest generates a "aws/request.Request" representing the
+// client's request for the StopQuery operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StopQuery for more information on using the StopQuery
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the StopQueryRequest method.
+//    req, resp := client.StopQueryRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StopQuery
+func (c *CloudWatchLogs) StopQueryRequest(input *StopQueryInput) (req *request.Request, output *StopQueryOutput) {
+	op := &request.Operation{
+		Name:       opStopQuery,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
 	}
 
-	if invalidParams.Len() > 0 {
-		return invalidParams
+	if input == nil {
+		input = &StopQueryInput{}
 	}
-	return nil
-}
 
-// SetKmsKeyId sets the KmsKeyId field's value.
-func (s *AssociateKmsKeyInput) SetKmsKeyId(v string) *AssociateKmsKeyInput {
-	s.KmsKeyId = &v
-	return s
+	output = &StopQueryOutput{}
+	req = c.newRequest(op, input, output)
+	return
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *AssociateKmsKeyInput) SetLogGroupName(v string) *AssociateKmsKeyInput {
-	s.LogGroupName = &v
-	return s
+// StopQuery API operation for Amazon CloudWatch Logs.
+//
+// Stops a CloudWatch Logs Insights query that is in progress. If the query
+// has already ended, the operation returns an error indicating that the specified
+// query is not running.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon CloudWatch Logs's
+// API operation StopQuery for usage and error information.
+//
+// Returned Error Types:
+//   * InvalidParameterException
+//   A parameter is specified incorrectly.
+//
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
+//
+//   * ServiceUnavailableException
+//   The service cannot complete the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StopQuery
+func (c *CloudWatchLogs) StopQuery(input *StopQueryInput) (*StopQueryOutput, error) {
+	req, out := c.StopQueryRequest(input)
+	return out, req.Send()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AssociateKmsKeyOutput
-type AssociateKmsKeyOutput struct {
-	_ struct{} `type:"structure"`
-}
+// StopQueryWithContext is the same as StopQuery with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StopQuery for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CloudWatchLogs) StopQueryWithContext(ctx aws.Context, input *StopQueryInput, opts ...request.Option) (*StopQueryOutput, error) {
+	req, out := c.StopQueryRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opTagLogGroup = "TagLogGroup"
+
+// TagLogGroupRequest generates a "aws/request.Request" representing the
+// client's request for the TagLogGroup operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TagLogGroup for more information on using the TagLogGroup
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the TagLogGroupRequest method.
+//    req, resp := client.TagLogGroupRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroup
+func (c *CloudWatchLogs) TagLogGroupRequest(input *TagLogGroupInput) (req *request.Request, output *TagLogGroupOutput) {
+	op := &request.Operation{
+		Name:       opTagLogGroup,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &TagLogGroupInput{}
+	}
+
+	output = &TagLogGroupOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// TagLogGroup API operation for Amazon CloudWatch Logs.
+//
+// Adds or updates the specified tags for the specified log group.
+//
+// To list the tags for a log group, use ListTagsLogGroup. To remove tags, use
+// UntagLogGroup.
+//
+// For more information about tags, see Tag Log Groups in Amazon CloudWatch
+// Logs (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/log-group-tagging.html)
+// in the Amazon CloudWatch Logs User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon CloudWatch Logs's
+// API operation TagLogGroup for usage and error information.
+//
+// Returned Error Types:
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
+//
+//   * InvalidParameterException
+//   A parameter is specified incorrectly.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroup
+func (c *CloudWatchLogs) TagLogGroup(input *TagLogGroupInput) (*TagLogGroupOutput, error) {
+	req, out := c.TagLogGroupRequest(input)
+	return out, req.Send()
+}
+
+// TagLogGroupWithContext is the same as TagLogGroup with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TagLogGroup for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CloudWatchLogs) TagLogGroupWithContext(ctx aws.Context, input *TagLogGroupInput, opts ...request.Option) (*TagLogGroupOutput, error) {
+	req, out := c.TagLogGroupRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opTestMetricFilter = "TestMetricFilter"
+
+// TestMetricFilterRequest generates a "aws/request.Request" representing the
+// client's request for the TestMetricFilter operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TestMetricFilter for more information on using the TestMetricFilter
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the TestMetricFilterRequest method.
+//    req, resp := client.TestMetricFilterRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilter
+func (c *CloudWatchLogs) TestMetricFilterRequest(input *TestMetricFilterInput) (req *request.Request, output *TestMetricFilterOutput) {
+	op := &request.Operation{
+		Name:       opTestMetricFilter,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &TestMetricFilterInput{}
+	}
+
+	output = &TestMetricFilterOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// TestMetricFilter API operation for Amazon CloudWatch Logs.
+//
+// Tests the filter pattern of a metric filter against a sample of log event
+// messages. You can use this operation to validate the correctness of a metric
+// filter pattern.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon CloudWatch Logs's
+// API operation TestMetricFilter for usage and error information.
+//
+// Returned Error Types:
+//   * InvalidParameterException
+//   A parameter is specified incorrectly.
+//
+//   * ServiceUnavailableException
+//   The service cannot complete the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilter
+func (c *CloudWatchLogs) TestMetricFilter(input *TestMetricFilterInput) (*TestMetricFilterOutput, error) {
+	req, out := c.TestMetricFilterRequest(input)
+	return out, req.Send()
+}
+
+// TestMetricFilterWithContext is the same as TestMetricFilter with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TestMetricFilter for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CloudWatchLogs) TestMetricFilterWithContext(ctx aws.Context, input *TestMetricFilterInput, opts ...request.Option) (*TestMetricFilterOutput, error) {
+	req, out := c.TestMetricFilterRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opUntagLogGroup = "UntagLogGroup"
+
+// UntagLogGroupRequest generates a "aws/request.Request" representing the
+// client's request for the UntagLogGroup operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UntagLogGroup for more information on using the UntagLogGroup
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UntagLogGroupRequest method.
+//    req, resp := client.UntagLogGroupRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroup
+func (c *CloudWatchLogs) UntagLogGroupRequest(input *UntagLogGroupInput) (req *request.Request, output *UntagLogGroupOutput) {
+	op := &request.Operation{
+		Name:       opUntagLogGroup,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &UntagLogGroupInput{}
+	}
+
+	output = &UntagLogGroupOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// UntagLogGroup API operation for Amazon CloudWatch Logs.
+//
+// Removes the specified tags from the specified log group.
+//
+// To list the tags for a log group, use ListTagsLogGroup. To add tags, use
+// UntagLogGroup.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon CloudWatch Logs's
+// API operation UntagLogGroup for usage and error information.
+//
+// Returned Error Types:
+//   * ResourceNotFoundException
+//   The specified resource does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroup
+func (c *CloudWatchLogs) UntagLogGroup(input *UntagLogGroupInput) (*UntagLogGroupOutput, error) {
+	req, out := c.UntagLogGroupRequest(input)
+	return out, req.Send()
+}
+
+// UntagLogGroupWithContext is the same as UntagLogGroup with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UntagLogGroup for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CloudWatchLogs) UntagLogGroupWithContext(ctx aws.Context, input *UntagLogGroupInput, opts ...request.Option) (*UntagLogGroupOutput, error) {
+	req, out := c.UntagLogGroupRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+type AssociateKmsKeyInput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
+	// This must be a symmetric CMK. For more information, see Amazon Resource Names
+	// - AWS Key Management Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms)
+	// and Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html).
+	//
+	// KmsKeyId is a required field
+	KmsKeyId *string `locationName:"kmsKeyId" type:"string" required:"true"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s AssociateKmsKeyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s AssociateKmsKeyInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssociateKmsKeyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AssociateKmsKeyInput"}
+	if s.KmsKeyId == nil {
+		invalidParams.Add(request.NewErrParamRequired("KmsKeyId"))
+	}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKmsKeyId sets the KmsKeyId field's value.
+func (s *AssociateKmsKeyInput) SetKmsKeyId(v string) *AssociateKmsKeyInput {
+	s.KmsKeyId = &v
+	return s
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *AssociateKmsKeyInput) SetLogGroupName(v string) *AssociateKmsKeyInput {
+	s.LogGroupName = &v
+	return s
+}
+
+type AssociateKmsKeyOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s AssociateKmsKeyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s AssociateKmsKeyOutput) GoString() string {
+	return s.String()
+}
+
+type CancelExportTaskInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the export task.
+	//
+	// TaskId is a required field
+	TaskId *string `locationName:"taskId" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s CancelExportTaskInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CancelExportTaskInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CancelExportTaskInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CancelExportTaskInput"}
+	if s.TaskId == nil {
+		invalidParams.Add(request.NewErrParamRequired("TaskId"))
+	}
+	if s.TaskId != nil && len(*s.TaskId) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TaskId", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetTaskId sets the TaskId field's value.
+func (s *CancelExportTaskInput) SetTaskId(v string) *CancelExportTaskInput {
+	s.TaskId = &v
+	return s
+}
+
+type CancelExportTaskOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s CancelExportTaskOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CancelExportTaskOutput) GoString() string {
+	return s.String()
+}
+
+type CreateExportTaskInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of S3 bucket for the exported log data. The bucket must be in the
+	// same AWS region.
+	//
+	// Destination is a required field
+	Destination *string `locationName:"destination" min:"1" type:"string" required:"true"`
+
+	// The prefix used as the start of the key for every object exported. If you
+	// don't specify a value, the default is exportedlogs.
+	DestinationPrefix *string `locationName:"destinationPrefix" type:"string"`
+
+	// The start time of the range for the request, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC. Events with a timestamp earlier than this
+	// time are not exported.
+	//
+	// From is a required field
+	From *int64 `locationName:"from" type:"long" required:"true"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+
+	// Export only log streams that match the provided prefix. If you don't specify
+	// a value, no prefix filter is applied.
+	LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"`
+
+	// The name of the export task.
+	TaskName *string `locationName:"taskName" min:"1" type:"string"`
+
+	// The end time of the range for the request, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time
+	// are not exported.
+	//
+	// To is a required field
+	To *int64 `locationName:"to" type:"long" required:"true"`
+}
+
+// String returns the string representation
+func (s CreateExportTaskInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateExportTaskInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateExportTaskInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateExportTaskInput"}
+	if s.Destination == nil {
+		invalidParams.Add(request.NewErrParamRequired("Destination"))
+	}
+	if s.Destination != nil && len(*s.Destination) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Destination", 1))
+	}
+	if s.From == nil {
+		invalidParams.Add(request.NewErrParamRequired("From"))
+	}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+	if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1))
+	}
+	if s.TaskName != nil && len(*s.TaskName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TaskName", 1))
+	}
+	if s.To == nil {
+		invalidParams.Add(request.NewErrParamRequired("To"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDestination sets the Destination field's value.
+func (s *CreateExportTaskInput) SetDestination(v string) *CreateExportTaskInput {
+	s.Destination = &v
+	return s
+}
+
+// SetDestinationPrefix sets the DestinationPrefix field's value.
+func (s *CreateExportTaskInput) SetDestinationPrefix(v string) *CreateExportTaskInput {
+	s.DestinationPrefix = &v
+	return s
+}
+
+// SetFrom sets the From field's value.
+func (s *CreateExportTaskInput) SetFrom(v int64) *CreateExportTaskInput {
+	s.From = &v
+	return s
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *CreateExportTaskInput) SetLogGroupName(v string) *CreateExportTaskInput {
+	s.LogGroupName = &v
+	return s
+}
+
+// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value.
+func (s *CreateExportTaskInput) SetLogStreamNamePrefix(v string) *CreateExportTaskInput {
+	s.LogStreamNamePrefix = &v
+	return s
+}
+
+// SetTaskName sets the TaskName field's value.
+func (s *CreateExportTaskInput) SetTaskName(v string) *CreateExportTaskInput {
+	s.TaskName = &v
+	return s
+}
+
+// SetTo sets the To field's value.
+func (s *CreateExportTaskInput) SetTo(v int64) *CreateExportTaskInput {
+	s.To = &v
+	return s
+}
+
+type CreateExportTaskOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the export task.
+	TaskId *string `locationName:"taskId" min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s CreateExportTaskOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateExportTaskOutput) GoString() string {
+	return s.String()
+}
+
+// SetTaskId sets the TaskId field's value.
+func (s *CreateExportTaskOutput) SetTaskId(v string) *CreateExportTaskOutput {
+	s.TaskId = &v
+	return s
+}
+
+type CreateLogGroupInput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
+	// For more information, see Amazon Resource Names - AWS Key Management Service
+	// (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms).
+	KmsKeyId *string `locationName:"kmsKeyId" type:"string"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+
+	// The key-value pairs to use for the tags.
+	Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+}
+
+// String returns the string representation
+func (s CreateLogGroupInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateLogGroupInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateLogGroupInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateLogGroupInput"}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+	if s.Tags != nil && len(s.Tags) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKmsKeyId sets the KmsKeyId field's value.
+func (s *CreateLogGroupInput) SetKmsKeyId(v string) *CreateLogGroupInput {
+	s.KmsKeyId = &v
+	return s
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *CreateLogGroupInput) SetLogGroupName(v string) *CreateLogGroupInput {
+	s.LogGroupName = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *CreateLogGroupInput) SetTags(v map[string]*string) *CreateLogGroupInput {
+	s.Tags = v
+	return s
+}
+
+type CreateLogGroupOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s CreateLogGroupOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateLogGroupOutput) GoString() string {
+	return s.String()
+}
+
+type CreateLogStreamInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+
+	// The name of the log stream.
+	//
+	// LogStreamName is a required field
+	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s CreateLogStreamInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateLogStreamInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateLogStreamInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateLogStreamInput"}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+	if s.LogStreamName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogStreamName"))
+	}
+	if s.LogStreamName != nil && len(*s.LogStreamName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *CreateLogStreamInput) SetLogGroupName(v string) *CreateLogStreamInput {
+	s.LogGroupName = &v
+	return s
+}
+
+// SetLogStreamName sets the LogStreamName field's value.
+func (s *CreateLogStreamInput) SetLogStreamName(v string) *CreateLogStreamInput {
+	s.LogStreamName = &v
+	return s
+}
+
+type CreateLogStreamOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s CreateLogStreamOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateLogStreamOutput) GoString() string {
+	return s.String()
+}
+
+// The event was already logged.
+type DataAlreadyAcceptedException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
+
+	ExpectedSequenceToken *string `locationName:"expectedSequenceToken" min:"1" type:"string"`
+
+	Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation
+func (s DataAlreadyAcceptedException) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DataAlreadyAcceptedException) GoString() string {
+	return s.String()
+}
+
+func newErrorDataAlreadyAcceptedException(v protocol.ResponseMetadata) error {
+	return &DataAlreadyAcceptedException{
+		respMetadata: v,
+	}
+}
+
+// Code returns the exception type name.
+func (s DataAlreadyAcceptedException) Code() string {
+	return "DataAlreadyAcceptedException"
+}
+
+// Message returns the exception's message.
+func (s DataAlreadyAcceptedException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s DataAlreadyAcceptedException) OrigErr() error {
+	return nil
+}
+
+func (s DataAlreadyAcceptedException) Error() string {
+	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s DataAlreadyAcceptedException) StatusCode() int {
+	return s.respMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s DataAlreadyAcceptedException) RequestID() string {
+	return s.respMetadata.RequestID
+}
+
+type DeleteDestinationInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the destination.
+	//
+	// DestinationName is a required field
+	DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteDestinationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteDestinationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteDestinationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteDestinationInput"}
+	if s.DestinationName == nil {
+		invalidParams.Add(request.NewErrParamRequired("DestinationName"))
+	}
+	if s.DestinationName != nil && len(*s.DestinationName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDestinationName sets the DestinationName field's value.
+func (s *DeleteDestinationInput) SetDestinationName(v string) *DeleteDestinationInput {
+	s.DestinationName = &v
+	return s
+}
+
+type DeleteDestinationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteDestinationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteDestinationOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteLogGroupInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteLogGroupInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteLogGroupInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteLogGroupInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteLogGroupInput"}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *DeleteLogGroupInput) SetLogGroupName(v string) *DeleteLogGroupInput {
+	s.LogGroupName = &v
+	return s
+}
+
+type DeleteLogGroupOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteLogGroupOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteLogGroupOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteLogStreamInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+
+	// The name of the log stream.
+	//
+	// LogStreamName is a required field
+	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteLogStreamInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteLogStreamInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteLogStreamInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteLogStreamInput"}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+	if s.LogStreamName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogStreamName"))
+	}
+	if s.LogStreamName != nil && len(*s.LogStreamName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *DeleteLogStreamInput) SetLogGroupName(v string) *DeleteLogStreamInput {
+	s.LogGroupName = &v
+	return s
+}
+
+// SetLogStreamName sets the LogStreamName field's value.
+func (s *DeleteLogStreamInput) SetLogStreamName(v string) *DeleteLogStreamInput {
+	s.LogStreamName = &v
+	return s
+}
+
+type DeleteLogStreamOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteLogStreamOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteLogStreamOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteMetricFilterInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the metric filter.
+	//
+	// FilterName is a required field
+	FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteMetricFilterInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteMetricFilterInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteMetricFilterInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteMetricFilterInput"}
+	if s.FilterName == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterName"))
+	}
+	if s.FilterName != nil && len(*s.FilterName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("FilterName", 1))
+	}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetFilterName sets the FilterName field's value.
+func (s *DeleteMetricFilterInput) SetFilterName(v string) *DeleteMetricFilterInput {
+	s.FilterName = &v
+	return s
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *DeleteMetricFilterInput) SetLogGroupName(v string) *DeleteMetricFilterInput {
+	s.LogGroupName = &v
+	return s
+}
+
+type DeleteMetricFilterOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteMetricFilterOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteMetricFilterOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteResourcePolicyInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the policy to be revoked. This parameter is required.
+	PolicyName *string `locationName:"policyName" type:"string"`
+}
+
+// String returns the string representation
+func (s DeleteResourcePolicyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteResourcePolicyInput) GoString() string {
+	return s.String()
+}
+
+// SetPolicyName sets the PolicyName field's value.
+func (s *DeleteResourcePolicyInput) SetPolicyName(v string) *DeleteResourcePolicyInput {
+	s.PolicyName = &v
+	return s
+}
+
+type DeleteResourcePolicyOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteResourcePolicyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteResourcePolicyOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteRetentionPolicyInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteRetentionPolicyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteRetentionPolicyInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteRetentionPolicyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteRetentionPolicyInput"}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *DeleteRetentionPolicyInput) SetLogGroupName(v string) *DeleteRetentionPolicyInput {
+	s.LogGroupName = &v
+	return s
+}
+
+type DeleteRetentionPolicyOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteRetentionPolicyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteRetentionPolicyOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteSubscriptionFilterInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the subscription filter.
+	//
+	// FilterName is a required field
+	FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"`
+
+	// The name of the log group.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteSubscriptionFilterInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteSubscriptionFilterInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteSubscriptionFilterInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteSubscriptionFilterInput"}
+	if s.FilterName == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterName"))
+	}
+	if s.FilterName != nil && len(*s.FilterName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("FilterName", 1))
+	}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetFilterName sets the FilterName field's value.
+func (s *DeleteSubscriptionFilterInput) SetFilterName(v string) *DeleteSubscriptionFilterInput {
+	s.FilterName = &v
+	return s
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *DeleteSubscriptionFilterInput) SetLogGroupName(v string) *DeleteSubscriptionFilterInput {
+	s.LogGroupName = &v
+	return s
+}
+
+type DeleteSubscriptionFilterOutput struct {
+	_ struct{} `type:"structure"`
+}
 
 // String returns the string representation
-func (s AssociateKmsKeyOutput) String() string {
+func (s DeleteSubscriptionFilterOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s AssociateKmsKeyOutput) GoString() string {
+func (s DeleteSubscriptionFilterOutput) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CancelExportTaskRequest
-type CancelExportTaskInput struct {
+type DescribeDestinationsInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the export task.
-	//
-	// TaskId is a required field
-	TaskId *string `locationName:"taskId" min:"1" type:"string" required:"true"`
+	// The prefix to match. If you don't specify a value, no prefix filter is applied.
+	DestinationNamePrefix *string `min:"1" type:"string"`
+
+	// The maximum number of items returned. If you don't specify a value, the default
+	// is up to 50 items.
+	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+
+	// The token for the next set of items to return. (You received this token from
+	// a previous call.)
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s CancelExportTaskInput) String() string {
+func (s DescribeDestinationsInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s CancelExportTaskInput) GoString() string {
+func (s DescribeDestinationsInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *CancelExportTaskInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CancelExportTaskInput"}
-	if s.TaskId == nil {
-		invalidParams.Add(request.NewErrParamRequired("TaskId"))
+func (s *DescribeDestinationsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeDestinationsInput"}
+	if s.DestinationNamePrefix != nil && len(*s.DestinationNamePrefix) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("DestinationNamePrefix", 1))
 	}
-	if s.TaskId != nil && len(*s.TaskId) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("TaskId", 1))
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
+	}
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -3573,104 +5001,199 @@ func (s *CancelExportTaskInput) Validate() error {
 	return nil
 }
 
-// SetTaskId sets the TaskId field's value.
-func (s *CancelExportTaskInput) SetTaskId(v string) *CancelExportTaskInput {
-	s.TaskId = &v
+// SetDestinationNamePrefix sets the DestinationNamePrefix field's value.
+func (s *DescribeDestinationsInput) SetDestinationNamePrefix(v string) *DescribeDestinationsInput {
+	s.DestinationNamePrefix = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CancelExportTaskOutput
-type CancelExportTaskOutput struct {
+// SetLimit sets the Limit field's value.
+func (s *DescribeDestinationsInput) SetLimit(v int64) *DescribeDestinationsInput {
+	s.Limit = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeDestinationsInput) SetNextToken(v string) *DescribeDestinationsInput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeDestinationsOutput struct {
 	_ struct{} `type:"structure"`
+
+	// The destinations.
+	Destinations []*Destination `locationName:"destinations" type:"list"`
+
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s CancelExportTaskOutput) String() string {
+func (s DescribeDestinationsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s CancelExportTaskOutput) GoString() string {
+func (s DescribeDestinationsOutput) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateExportTaskRequest
-type CreateExportTaskInput struct {
+// SetDestinations sets the Destinations field's value.
+func (s *DescribeDestinationsOutput) SetDestinations(v []*Destination) *DescribeDestinationsOutput {
+	s.Destinations = v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeDestinationsOutput) SetNextToken(v string) *DescribeDestinationsOutput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeExportTasksInput struct {
 	_ struct{} `type:"structure"`
 
-	// The name of S3 bucket for the exported log data. The bucket must be in the
-	// same AWS region.
-	//
-	// Destination is a required field
-	Destination *string `locationName:"destination" min:"1" type:"string" required:"true"`
+	// The maximum number of items returned. If you don't specify a value, the default
+	// is up to 50 items.
+	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
 
-	// The prefix used as the start of the key for every object exported. If you
-	// don't specify a value, the default is exportedlogs.
-	DestinationPrefix *string `locationName:"destinationPrefix" type:"string"`
+	// The token for the next set of items to return. (You received this token from
+	// a previous call.)
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 
-	// The start time of the range for the request, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC. Events with a time stamp earlier than this
-	// time are not exported.
-	//
-	// From is a required field
-	From *int64 `locationName:"from" type:"long" required:"true"`
+	// The status code of the export task. Specifying a status code filters the
+	// results to zero or more export tasks.
+	StatusCode *string `locationName:"statusCode" type:"string" enum:"ExportTaskStatusCode"`
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// The ID of the export task. Specifying a task ID filters the results to zero
+	// or one export tasks.
+	TaskId *string `locationName:"taskId" min:"1" type:"string"`
+}
 
-	// Export only log streams that match the provided prefix. If you don't specify
-	// a value, no prefix filter is applied.
-	LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"`
+// String returns the string representation
+func (s DescribeExportTasksInput) String() string {
+	return awsutil.Prettify(s)
+}
 
-	// The name of the export task.
-	TaskName *string `locationName:"taskName" min:"1" type:"string"`
+// GoString returns the string representation
+func (s DescribeExportTasksInput) GoString() string {
+	return s.String()
+}
 
-	// The end time of the range for the request, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC. Events with a time stamp later than this
-	// time are not exported.
-	//
-	// To is a required field
-	To *int64 `locationName:"to" type:"long" required:"true"`
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeExportTasksInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeExportTasksInput"}
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
+	}
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+	}
+	if s.TaskId != nil && len(*s.TaskId) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TaskId", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLimit sets the Limit field's value.
+func (s *DescribeExportTasksInput) SetLimit(v int64) *DescribeExportTasksInput {
+	s.Limit = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeExportTasksInput) SetNextToken(v string) *DescribeExportTasksInput {
+	s.NextToken = &v
+	return s
+}
+
+// SetStatusCode sets the StatusCode field's value.
+func (s *DescribeExportTasksInput) SetStatusCode(v string) *DescribeExportTasksInput {
+	s.StatusCode = &v
+	return s
+}
+
+// SetTaskId sets the TaskId field's value.
+func (s *DescribeExportTasksInput) SetTaskId(v string) *DescribeExportTasksInput {
+	s.TaskId = &v
+	return s
+}
+
+type DescribeExportTasksOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The export tasks.
+	ExportTasks []*ExportTask `locationName:"exportTasks" type:"list"`
+
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s DescribeExportTasksOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeExportTasksOutput) GoString() string {
+	return s.String()
+}
+
+// SetExportTasks sets the ExportTasks field's value.
+func (s *DescribeExportTasksOutput) SetExportTasks(v []*ExportTask) *DescribeExportTasksOutput {
+	s.ExportTasks = v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeExportTasksOutput) SetNextToken(v string) *DescribeExportTasksOutput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeLogGroupsInput struct {
+	_ struct{} `type:"structure"`
+
+	// The maximum number of items returned. If you don't specify a value, the default
+	// is up to 50 items.
+	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+
+	// The prefix to match.
+	LogGroupNamePrefix *string `locationName:"logGroupNamePrefix" min:"1" type:"string"`
+
+	// The token for the next set of items to return. (You received this token from
+	// a previous call.)
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s CreateExportTaskInput) String() string {
+func (s DescribeLogGroupsInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s CreateExportTaskInput) GoString() string {
+func (s DescribeLogGroupsInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *CreateExportTaskInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CreateExportTaskInput"}
-	if s.Destination == nil {
-		invalidParams.Add(request.NewErrParamRequired("Destination"))
-	}
-	if s.Destination != nil && len(*s.Destination) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Destination", 1))
-	}
-	if s.From == nil {
-		invalidParams.Add(request.NewErrParamRequired("From"))
-	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1))
+func (s *DescribeLogGroupsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeLogGroupsInput"}
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
 	}
-	if s.TaskName != nil && len(*s.TaskName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("TaskName", 1))
+	if s.LogGroupNamePrefix != nil && len(*s.LogGroupNamePrefix) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupNamePrefix", 1))
 	}
-	if s.To == nil {
-		invalidParams.Add(request.NewErrParamRequired("To"))
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -3679,111 +5202,125 @@ func (s *CreateExportTaskInput) Validate() error {
 	return nil
 }
 
-// SetDestination sets the Destination field's value.
-func (s *CreateExportTaskInput) SetDestination(v string) *CreateExportTaskInput {
-	s.Destination = &v
-	return s
-}
-
-// SetDestinationPrefix sets the DestinationPrefix field's value.
-func (s *CreateExportTaskInput) SetDestinationPrefix(v string) *CreateExportTaskInput {
-	s.DestinationPrefix = &v
-	return s
-}
-
-// SetFrom sets the From field's value.
-func (s *CreateExportTaskInput) SetFrom(v int64) *CreateExportTaskInput {
-	s.From = &v
-	return s
-}
-
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *CreateExportTaskInput) SetLogGroupName(v string) *CreateExportTaskInput {
-	s.LogGroupName = &v
-	return s
-}
-
-// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value.
-func (s *CreateExportTaskInput) SetLogStreamNamePrefix(v string) *CreateExportTaskInput {
-	s.LogStreamNamePrefix = &v
+// SetLimit sets the Limit field's value.
+func (s *DescribeLogGroupsInput) SetLimit(v int64) *DescribeLogGroupsInput {
+	s.Limit = &v
 	return s
 }
 
-// SetTaskName sets the TaskName field's value.
-func (s *CreateExportTaskInput) SetTaskName(v string) *CreateExportTaskInput {
-	s.TaskName = &v
+// SetLogGroupNamePrefix sets the LogGroupNamePrefix field's value.
+func (s *DescribeLogGroupsInput) SetLogGroupNamePrefix(v string) *DescribeLogGroupsInput {
+	s.LogGroupNamePrefix = &v
 	return s
 }
 
-// SetTo sets the To field's value.
-func (s *CreateExportTaskInput) SetTo(v int64) *CreateExportTaskInput {
-	s.To = &v
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeLogGroupsInput) SetNextToken(v string) *DescribeLogGroupsInput {
+	s.NextToken = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateExportTaskResponse
-type CreateExportTaskOutput struct {
+type DescribeLogGroupsOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the export task.
-	TaskId *string `locationName:"taskId" min:"1" type:"string"`
+	// The log groups.
+	LogGroups []*LogGroup `locationName:"logGroups" type:"list"`
+
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s CreateExportTaskOutput) String() string {
+func (s DescribeLogGroupsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s CreateExportTaskOutput) GoString() string {
+func (s DescribeLogGroupsOutput) GoString() string {
 	return s.String()
 }
 
-// SetTaskId sets the TaskId field's value.
-func (s *CreateExportTaskOutput) SetTaskId(v string) *CreateExportTaskOutput {
-	s.TaskId = &v
+// SetLogGroups sets the LogGroups field's value.
+func (s *DescribeLogGroupsOutput) SetLogGroups(v []*LogGroup) *DescribeLogGroupsOutput {
+	s.LogGroups = v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogGroupRequest
-type CreateLogGroupInput struct {
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeLogGroupsOutput) SetNextToken(v string) *DescribeLogGroupsOutput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeLogStreamsInput struct {
 	_ struct{} `type:"structure"`
 
-	// The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
-	// For more information, see Amazon Resource Names - AWS Key Management Service
-	// (AWS KMS) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms).
-	KmsKeyId *string `locationName:"kmsKeyId" type:"string"`
+	// If the value is true, results are returned in descending order. If the value
+	// is to false, results are returned in ascending order. The default value is
+	// false.
+	Descending *bool `locationName:"descending" type:"boolean"`
+
+	// The maximum number of items returned. If you don't specify a value, the default
+	// is up to 50 items.
+	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
 
 	// The name of the log group.
 	//
 	// LogGroupName is a required field
 	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
 
-	// The key-value pairs to use for the tags.
-	Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+	// The prefix to match.
+	//
+	// If orderBy is LastEventTime,you cannot specify this parameter.
+	LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"`
+
+	// The token for the next set of items to return. (You received this token from
+	// a previous call.)
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+
+	// If the value is LogStreamName, the results are ordered by log stream name.
+	// If the value is LastEventTime, the results are ordered by the event time.
+	// The default value is LogStreamName.
+	//
+	// If you order the results by event time, you cannot specify the logStreamNamePrefix
+	// parameter.
+	//
+	// lastEventTimestamp represents the time of the most recent log event in the
+	// log stream in CloudWatch Logs. This number is expressed as the number of
+	// milliseconds after Jan 1, 1970 00:00:00 UTC. lastEventTimeStamp updates on
+	// an eventual consistency basis. It typically updates in less than an hour
+	// from ingestion, but may take longer in some rare situations.
+	OrderBy *string `locationName:"orderBy" type:"string" enum:"OrderBy"`
 }
 
 // String returns the string representation
-func (s CreateLogGroupInput) String() string {
+func (s DescribeLogStreamsInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s CreateLogGroupInput) GoString() string {
+func (s DescribeLogStreamsInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *CreateLogGroupInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CreateLogGroupInput"}
+func (s *DescribeLogStreamsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeLogStreamsInput"}
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
+	}
 	if s.LogGroupName == nil {
 		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
 	}
 	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
 	}
-	if s.Tags != nil && len(s.Tags) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
+	if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1))
+	}
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -3792,78 +5329,127 @@ func (s *CreateLogGroupInput) Validate() error {
 	return nil
 }
 
-// SetKmsKeyId sets the KmsKeyId field's value.
-func (s *CreateLogGroupInput) SetKmsKeyId(v string) *CreateLogGroupInput {
-	s.KmsKeyId = &v
+// SetDescending sets the Descending field's value.
+func (s *DescribeLogStreamsInput) SetDescending(v bool) *DescribeLogStreamsInput {
+	s.Descending = &v
+	return s
+}
+
+// SetLimit sets the Limit field's value.
+func (s *DescribeLogStreamsInput) SetLimit(v int64) *DescribeLogStreamsInput {
+	s.Limit = &v
 	return s
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *CreateLogGroupInput) SetLogGroupName(v string) *CreateLogGroupInput {
+func (s *DescribeLogStreamsInput) SetLogGroupName(v string) *DescribeLogStreamsInput {
 	s.LogGroupName = &v
 	return s
 }
 
-// SetTags sets the Tags field's value.
-func (s *CreateLogGroupInput) SetTags(v map[string]*string) *CreateLogGroupInput {
-	s.Tags = v
+// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value.
+func (s *DescribeLogStreamsInput) SetLogStreamNamePrefix(v string) *DescribeLogStreamsInput {
+	s.LogStreamNamePrefix = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogGroupOutput
-type CreateLogGroupOutput struct {
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeLogStreamsInput) SetNextToken(v string) *DescribeLogStreamsInput {
+	s.NextToken = &v
+	return s
+}
+
+// SetOrderBy sets the OrderBy field's value.
+func (s *DescribeLogStreamsInput) SetOrderBy(v string) *DescribeLogStreamsInput {
+	s.OrderBy = &v
+	return s
+}
+
+type DescribeLogStreamsOutput struct {
 	_ struct{} `type:"structure"`
+
+	// The log streams.
+	LogStreams []*LogStream `locationName:"logStreams" type:"list"`
+
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s CreateLogGroupOutput) String() string {
+func (s DescribeLogStreamsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s CreateLogGroupOutput) GoString() string {
+func (s DescribeLogStreamsOutput) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogStreamRequest
-type CreateLogStreamInput struct {
+// SetLogStreams sets the LogStreams field's value.
+func (s *DescribeLogStreamsOutput) SetLogStreams(v []*LogStream) *DescribeLogStreamsOutput {
+	s.LogStreams = v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeLogStreamsOutput) SetNextToken(v string) *DescribeLogStreamsOutput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeMetricFiltersInput struct {
 	_ struct{} `type:"structure"`
 
+	// The prefix to match.
+	FilterNamePrefix *string `locationName:"filterNamePrefix" min:"1" type:"string"`
+
+	// The maximum number of items returned. If you don't specify a value, the default
+	// is up to 50 items.
+	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+
 	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
 
-	// The name of the log stream.
-	//
-	// LogStreamName is a required field
-	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"`
+	// Filters results to include only those with the specified metric name. If
+	// you include this parameter in your request, you must also include the metricNamespace
+	// parameter.
+	MetricName *string `locationName:"metricName" type:"string"`
+
+	// Filters results to include only those in the specified namespace. If you
+	// include this parameter in your request, you must also include the metricName
+	// parameter.
+	MetricNamespace *string `locationName:"metricNamespace" type:"string"`
+
+	// The token for the next set of items to return. (You received this token from
+	// a previous call.)
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s CreateLogStreamInput) String() string {
+func (s DescribeMetricFiltersInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s CreateLogStreamInput) GoString() string {
+func (s DescribeMetricFiltersInput) GoString() string {
 	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *CreateLogStreamInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CreateLogStreamInput"}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeMetricFiltersInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeMetricFiltersInput"}
+	if s.FilterNamePrefix != nil && len(*s.FilterNamePrefix) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("FilterNamePrefix", 1))
+	}
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
 	}
 	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
 	}
-	if s.LogStreamName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogStreamName"))
-	}
-	if s.LogStreamName != nil && len(*s.LogStreamName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1))
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -3872,119 +5458,115 @@ func (s *CreateLogStreamInput) Validate() error {
 	return nil
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *CreateLogStreamInput) SetLogGroupName(v string) *CreateLogStreamInput {
-	s.LogGroupName = &v
+// SetFilterNamePrefix sets the FilterNamePrefix field's value.
+func (s *DescribeMetricFiltersInput) SetFilterNamePrefix(v string) *DescribeMetricFiltersInput {
+	s.FilterNamePrefix = &v
 	return s
 }
 
-// SetLogStreamName sets the LogStreamName field's value.
-func (s *CreateLogStreamInput) SetLogStreamName(v string) *CreateLogStreamInput {
-	s.LogStreamName = &v
+// SetLimit sets the Limit field's value.
+func (s *DescribeMetricFiltersInput) SetLimit(v int64) *DescribeMetricFiltersInput {
+	s.Limit = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogStreamOutput
-type CreateLogStreamOutput struct {
-	_ struct{} `type:"structure"`
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *DescribeMetricFiltersInput) SetLogGroupName(v string) *DescribeMetricFiltersInput {
+	s.LogGroupName = &v
+	return s
 }
 
-// String returns the string representation
-func (s CreateLogStreamOutput) String() string {
-	return awsutil.Prettify(s)
+// SetMetricName sets the MetricName field's value.
+func (s *DescribeMetricFiltersInput) SetMetricName(v string) *DescribeMetricFiltersInput {
+	s.MetricName = &v
+	return s
 }
 
-// GoString returns the string representation
-func (s CreateLogStreamOutput) GoString() string {
-	return s.String()
+// SetMetricNamespace sets the MetricNamespace field's value.
+func (s *DescribeMetricFiltersInput) SetMetricNamespace(v string) *DescribeMetricFiltersInput {
+	s.MetricNamespace = &v
+	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDestinationRequest
-type DeleteDestinationInput struct {
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeMetricFiltersInput) SetNextToken(v string) *DescribeMetricFiltersInput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeMetricFiltersOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the destination.
-	//
-	// DestinationName is a required field
-	DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"`
+	// The metric filters.
+	MetricFilters []*MetricFilter `locationName:"metricFilters" type:"list"`
+
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s DeleteDestinationInput) String() string {
+func (s DescribeMetricFiltersOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteDestinationInput) GoString() string {
+func (s DescribeMetricFiltersOutput) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteDestinationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteDestinationInput"}
-	if s.DestinationName == nil {
-		invalidParams.Add(request.NewErrParamRequired("DestinationName"))
-	}
-	if s.DestinationName != nil && len(*s.DestinationName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
+// SetMetricFilters sets the MetricFilters field's value.
+func (s *DescribeMetricFiltersOutput) SetMetricFilters(v []*MetricFilter) *DescribeMetricFiltersOutput {
+	s.MetricFilters = v
+	return s
 }
 
-// SetDestinationName sets the DestinationName field's value.
-func (s *DeleteDestinationInput) SetDestinationName(v string) *DeleteDestinationInput {
-	s.DestinationName = &v
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeMetricFiltersOutput) SetNextToken(v string) *DescribeMetricFiltersOutput {
+	s.NextToken = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDestinationOutput
-type DeleteDestinationOutput struct {
+type DescribeQueriesInput struct {
 	_ struct{} `type:"structure"`
-}
 
-// String returns the string representation
-func (s DeleteDestinationOutput) String() string {
-	return awsutil.Prettify(s)
-}
+	// Limits the returned queries to only those for the specified log group.
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
 
-// GoString returns the string representation
-func (s DeleteDestinationOutput) GoString() string {
-	return s.String()
-}
+	// Limits the number of returned queries to the specified number.
+	MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogGroupRequest
-type DeleteLogGroupInput struct {
-	_ struct{} `type:"structure"`
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// Limits the returned queries to only those that have the specified status.
+	// Valid values are Cancelled, Complete, Failed, Running, and Scheduled.
+	Status *string `locationName:"status" type:"string" enum:"QueryStatus"`
 }
 
 // String returns the string representation
-func (s DeleteLogGroupInput) String() string {
+func (s DescribeQueriesInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteLogGroupInput) GoString() string {
+func (s DescribeQueriesInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteLogGroupInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteLogGroupInput"}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
+func (s *DescribeQueriesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeQueriesInput"}
 	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
 	}
+	if s.MaxResults != nil && *s.MaxResults < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+	}
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -3993,65 +5575,92 @@ func (s *DeleteLogGroupInput) Validate() error {
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *DeleteLogGroupInput) SetLogGroupName(v string) *DeleteLogGroupInput {
+func (s *DescribeQueriesInput) SetLogGroupName(v string) *DescribeQueriesInput {
 	s.LogGroupName = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogGroupOutput
-type DeleteLogGroupOutput struct {
+// SetMaxResults sets the MaxResults field's value.
+func (s *DescribeQueriesInput) SetMaxResults(v int64) *DescribeQueriesInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeQueriesInput) SetNextToken(v string) *DescribeQueriesInput {
+	s.NextToken = &v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *DescribeQueriesInput) SetStatus(v string) *DescribeQueriesInput {
+	s.Status = &v
+	return s
+}
+
+type DescribeQueriesOutput struct {
 	_ struct{} `type:"structure"`
+
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+
+	// The list of queries that match the request.
+	Queries []*QueryInfo `locationName:"queries" type:"list"`
 }
 
 // String returns the string representation
-func (s DeleteLogGroupOutput) String() string {
+func (s DescribeQueriesOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteLogGroupOutput) GoString() string {
+func (s DescribeQueriesOutput) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogStreamRequest
-type DeleteLogStreamInput struct {
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeQueriesOutput) SetNextToken(v string) *DescribeQueriesOutput {
+	s.NextToken = &v
+	return s
+}
+
+// SetQueries sets the Queries field's value.
+func (s *DescribeQueriesOutput) SetQueries(v []*QueryInfo) *DescribeQueriesOutput {
+	s.Queries = v
+	return s
+}
+
+type DescribeResourcePoliciesInput struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// The maximum number of resource policies to be displayed with one call of
+	// this API.
+	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
 
-	// The name of the log stream.
-	//
-	// LogStreamName is a required field
-	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"`
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s DeleteLogStreamInput) String() string {
+func (s DescribeResourcePoliciesInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteLogStreamInput) GoString() string {
+func (s DescribeResourcePoliciesInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteLogStreamInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteLogStreamInput"}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.LogStreamName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogStreamName"))
+func (s *DescribeResourcePoliciesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeResourcePoliciesInput"}
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
 	}
-	if s.LogStreamName != nil && len(*s.LogStreamName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1))
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -4060,66 +5669,89 @@ func (s *DeleteLogStreamInput) Validate() error {
 	return nil
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *DeleteLogStreamInput) SetLogGroupName(v string) *DeleteLogStreamInput {
-	s.LogGroupName = &v
+// SetLimit sets the Limit field's value.
+func (s *DescribeResourcePoliciesInput) SetLimit(v int64) *DescribeResourcePoliciesInput {
+	s.Limit = &v
 	return s
 }
 
-// SetLogStreamName sets the LogStreamName field's value.
-func (s *DeleteLogStreamInput) SetLogStreamName(v string) *DeleteLogStreamInput {
-	s.LogStreamName = &v
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeResourcePoliciesInput) SetNextToken(v string) *DescribeResourcePoliciesInput {
+	s.NextToken = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogStreamOutput
-type DeleteLogStreamOutput struct {
+type DescribeResourcePoliciesOutput struct {
 	_ struct{} `type:"structure"`
+
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+
+	// The resource policies that exist in this account.
+	ResourcePolicies []*ResourcePolicy `locationName:"resourcePolicies" type:"list"`
 }
 
 // String returns the string representation
-func (s DeleteLogStreamOutput) String() string {
+func (s DescribeResourcePoliciesOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteLogStreamOutput) GoString() string {
+func (s DescribeResourcePoliciesOutput) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteMetricFilterRequest
-type DeleteMetricFilterInput struct {
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeResourcePoliciesOutput) SetNextToken(v string) *DescribeResourcePoliciesOutput {
+	s.NextToken = &v
+	return s
+}
+
+// SetResourcePolicies sets the ResourcePolicies field's value.
+func (s *DescribeResourcePoliciesOutput) SetResourcePolicies(v []*ResourcePolicy) *DescribeResourcePoliciesOutput {
+	s.ResourcePolicies = v
+	return s
+}
+
+type DescribeSubscriptionFiltersInput struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the metric filter.
-	//
-	// FilterName is a required field
-	FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"`
+	// The prefix to match. If you don't specify a value, no prefix filter is applied.
+	FilterNamePrefix *string `locationName:"filterNamePrefix" min:"1" type:"string"`
+
+	// The maximum number of items returned. If you don't specify a value, the default
+	// is up to 50 items.
+	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
 
 	// The name of the log group.
 	//
 	// LogGroupName is a required field
 	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+
+	// The token for the next set of items to return. (You received this token from
+	// a previous call.)
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s DeleteMetricFilterInput) String() string {
+func (s DescribeSubscriptionFiltersInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteMetricFilterInput) GoString() string {
+func (s DescribeSubscriptionFiltersInput) GoString() string {
 	return s.String()
 }
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteMetricFilterInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteMetricFilterInput"}
-	if s.FilterName == nil {
-		invalidParams.Add(request.NewErrParamRequired("FilterName"))
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeSubscriptionFiltersInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeSubscriptionFiltersInput"}
+	if s.FilterNamePrefix != nil && len(*s.FilterNamePrefix) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("FilterNamePrefix", 1))
 	}
-	if s.FilterName != nil && len(*s.FilterName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("FilterName", 1))
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
 	}
 	if s.LogGroupName == nil {
 		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
@@ -4127,6 +5759,9 @@ func (s *DeleteMetricFilterInput) Validate() error {
 	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
 	}
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -4134,74 +5769,136 @@ func (s *DeleteMetricFilterInput) Validate() error {
 	return nil
 }
 
-// SetFilterName sets the FilterName field's value.
-func (s *DeleteMetricFilterInput) SetFilterName(v string) *DeleteMetricFilterInput {
-	s.FilterName = &v
+// SetFilterNamePrefix sets the FilterNamePrefix field's value.
+func (s *DescribeSubscriptionFiltersInput) SetFilterNamePrefix(v string) *DescribeSubscriptionFiltersInput {
+	s.FilterNamePrefix = &v
+	return s
+}
+
+// SetLimit sets the Limit field's value.
+func (s *DescribeSubscriptionFiltersInput) SetLimit(v int64) *DescribeSubscriptionFiltersInput {
+	s.Limit = &v
 	return s
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *DeleteMetricFilterInput) SetLogGroupName(v string) *DeleteMetricFilterInput {
+func (s *DescribeSubscriptionFiltersInput) SetLogGroupName(v string) *DescribeSubscriptionFiltersInput {
 	s.LogGroupName = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteMetricFilterOutput
-type DeleteMetricFilterOutput struct {
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeSubscriptionFiltersInput) SetNextToken(v string) *DescribeSubscriptionFiltersInput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeSubscriptionFiltersOutput struct {
 	_ struct{} `type:"structure"`
+
+	// The token for the next set of items to return. The token expires after 24
+	// hours.
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+
+	// The subscription filters.
+	SubscriptionFilters []*SubscriptionFilter `locationName:"subscriptionFilters" type:"list"`
 }
 
 // String returns the string representation
-func (s DeleteMetricFilterOutput) String() string {
+func (s DescribeSubscriptionFiltersOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteMetricFilterOutput) GoString() string {
+func (s DescribeSubscriptionFiltersOutput) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteResourcePolicyRequest
-type DeleteResourcePolicyInput struct {
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeSubscriptionFiltersOutput) SetNextToken(v string) *DescribeSubscriptionFiltersOutput {
+	s.NextToken = &v
+	return s
+}
+
+// SetSubscriptionFilters sets the SubscriptionFilters field's value.
+func (s *DescribeSubscriptionFiltersOutput) SetSubscriptionFilters(v []*SubscriptionFilter) *DescribeSubscriptionFiltersOutput {
+	s.SubscriptionFilters = v
+	return s
+}
+
+// Represents a cross-account destination that receives subscription log events.
+type Destination struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the policy to be revoked. This parameter is required.
-	PolicyName *string `locationName:"policyName" type:"string"`
+	// An IAM policy document that governs which AWS accounts can create subscription
+	// filters against this destination.
+	AccessPolicy *string `locationName:"accessPolicy" min:"1" type:"string"`
+
+	// The ARN of this destination.
+	Arn *string `locationName:"arn" type:"string"`
+
+	// The creation time of the destination, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC.
+	CreationTime *int64 `locationName:"creationTime" type:"long"`
+
+	// The name of the destination.
+	DestinationName *string `locationName:"destinationName" min:"1" type:"string"`
+
+	// A role for impersonation, used when delivering log events to the target.
+	RoleArn *string `locationName:"roleArn" min:"1" type:"string"`
+
+	// The Amazon Resource Name (ARN) of the physical target to where the log events
+	// are delivered (for example, a Kinesis stream).
+	TargetArn *string `locationName:"targetArn" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s DeleteResourcePolicyInput) String() string {
+func (s Destination) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteResourcePolicyInput) GoString() string {
+func (s Destination) GoString() string {
 	return s.String()
 }
 
-// SetPolicyName sets the PolicyName field's value.
-func (s *DeleteResourcePolicyInput) SetPolicyName(v string) *DeleteResourcePolicyInput {
-	s.PolicyName = &v
+// SetAccessPolicy sets the AccessPolicy field's value.
+func (s *Destination) SetAccessPolicy(v string) *Destination {
+	s.AccessPolicy = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteResourcePolicyOutput
-type DeleteResourcePolicyOutput struct {
-	_ struct{} `type:"structure"`
+// SetArn sets the Arn field's value.
+func (s *Destination) SetArn(v string) *Destination {
+	s.Arn = &v
+	return s
 }
 
-// String returns the string representation
-func (s DeleteResourcePolicyOutput) String() string {
-	return awsutil.Prettify(s)
+// SetCreationTime sets the CreationTime field's value.
+func (s *Destination) SetCreationTime(v int64) *Destination {
+	s.CreationTime = &v
+	return s
 }
 
-// GoString returns the string representation
-func (s DeleteResourcePolicyOutput) GoString() string {
-	return s.String()
+// SetDestinationName sets the DestinationName field's value.
+func (s *Destination) SetDestinationName(v string) *Destination {
+	s.DestinationName = &v
+	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteRetentionPolicyRequest
-type DeleteRetentionPolicyInput struct {
+// SetRoleArn sets the RoleArn field's value.
+func (s *Destination) SetRoleArn(v string) *Destination {
+	s.RoleArn = &v
+	return s
+}
+
+// SetTargetArn sets the TargetArn field's value.
+func (s *Destination) SetTargetArn(v string) *Destination {
+	s.TargetArn = &v
+	return s
+}
+
+type DisassociateKmsKeyInput struct {
 	_ struct{} `type:"structure"`
 
 	// The name of the log group.
@@ -4211,18 +5908,18 @@ type DeleteRetentionPolicyInput struct {
 }
 
 // String returns the string representation
-func (s DeleteRetentionPolicyInput) String() string {
+func (s DisassociateKmsKeyInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteRetentionPolicyInput) GoString() string {
+func (s DisassociateKmsKeyInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteRetentionPolicyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteRetentionPolicyInput"}
+func (s *DisassociateKmsKeyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DisassociateKmsKeyInput"}
 	if s.LogGroupName == nil {
 		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
 	}
@@ -4237,240 +5934,281 @@ func (s *DeleteRetentionPolicyInput) Validate() error {
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *DeleteRetentionPolicyInput) SetLogGroupName(v string) *DeleteRetentionPolicyInput {
+func (s *DisassociateKmsKeyInput) SetLogGroupName(v string) *DisassociateKmsKeyInput {
 	s.LogGroupName = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteRetentionPolicyOutput
-type DeleteRetentionPolicyOutput struct {
+type DisassociateKmsKeyOutput struct {
 	_ struct{} `type:"structure"`
 }
 
 // String returns the string representation
-func (s DeleteRetentionPolicyOutput) String() string {
+func (s DisassociateKmsKeyOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteRetentionPolicyOutput) GoString() string {
+func (s DisassociateKmsKeyOutput) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteSubscriptionFilterRequest
-type DeleteSubscriptionFilterInput struct {
+// Represents an export task.
+type ExportTask struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the subscription filter.
-	//
-	// FilterName is a required field
-	FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"`
+	// The name of Amazon S3 bucket to which the log data was exported.
+	Destination *string `locationName:"destination" min:"1" type:"string"`
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// The prefix that was used as the start of Amazon S3 key for every object exported.
+	DestinationPrefix *string `locationName:"destinationPrefix" type:"string"`
+
+	// Execution info about the export task.
+	ExecutionInfo *ExportTaskExecutionInfo `locationName:"executionInfo" type:"structure"`
+
+	// The start time, expressed as the number of milliseconds after Jan 1, 1970
+	// 00:00:00 UTC. Events with a timestamp before this time are not exported.
+	From *int64 `locationName:"from" type:"long"`
+
+	// The name of the log group from which logs data was exported.
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
+
+	// The status of the export task.
+	Status *ExportTaskStatus `locationName:"status" type:"structure"`
+
+	// The ID of the export task.
+	TaskId *string `locationName:"taskId" min:"1" type:"string"`
+
+	// The name of the export task.
+	TaskName *string `locationName:"taskName" min:"1" type:"string"`
+
+	// The end time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00
+	// UTC. Events with a timestamp later than this time are not exported.
+	To *int64 `locationName:"to" type:"long"`
 }
 
 // String returns the string representation
-func (s DeleteSubscriptionFilterInput) String() string {
+func (s ExportTask) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteSubscriptionFilterInput) GoString() string {
+func (s ExportTask) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteSubscriptionFilterInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteSubscriptionFilterInput"}
-	if s.FilterName == nil {
-		invalidParams.Add(request.NewErrParamRequired("FilterName"))
-	}
-	if s.FilterName != nil && len(*s.FilterName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("FilterName", 1))
-	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
+// SetDestination sets the Destination field's value.
+func (s *ExportTask) SetDestination(v string) *ExportTask {
+	s.Destination = &v
+	return s
+}
 
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
+// SetDestinationPrefix sets the DestinationPrefix field's value.
+func (s *ExportTask) SetDestinationPrefix(v string) *ExportTask {
+	s.DestinationPrefix = &v
+	return s
 }
 
-// SetFilterName sets the FilterName field's value.
-func (s *DeleteSubscriptionFilterInput) SetFilterName(v string) *DeleteSubscriptionFilterInput {
-	s.FilterName = &v
+// SetExecutionInfo sets the ExecutionInfo field's value.
+func (s *ExportTask) SetExecutionInfo(v *ExportTaskExecutionInfo) *ExportTask {
+	s.ExecutionInfo = v
+	return s
+}
+
+// SetFrom sets the From field's value.
+func (s *ExportTask) SetFrom(v int64) *ExportTask {
+	s.From = &v
 	return s
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *DeleteSubscriptionFilterInput) SetLogGroupName(v string) *DeleteSubscriptionFilterInput {
+func (s *ExportTask) SetLogGroupName(v string) *ExportTask {
 	s.LogGroupName = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteSubscriptionFilterOutput
-type DeleteSubscriptionFilterOutput struct {
-	_ struct{} `type:"structure"`
+// SetStatus sets the Status field's value.
+func (s *ExportTask) SetStatus(v *ExportTaskStatus) *ExportTask {
+	s.Status = v
+	return s
 }
 
-// String returns the string representation
-func (s DeleteSubscriptionFilterOutput) String() string {
-	return awsutil.Prettify(s)
+// SetTaskId sets the TaskId field's value.
+func (s *ExportTask) SetTaskId(v string) *ExportTask {
+	s.TaskId = &v
+	return s
 }
 
-// GoString returns the string representation
-func (s DeleteSubscriptionFilterOutput) GoString() string {
-	return s.String()
+// SetTaskName sets the TaskName field's value.
+func (s *ExportTask) SetTaskName(v string) *ExportTask {
+	s.TaskName = &v
+	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDestinationsRequest
-type DescribeDestinationsInput struct {
-	_ struct{} `type:"structure"`
+// SetTo sets the To field's value.
+func (s *ExportTask) SetTo(v int64) *ExportTask {
+	s.To = &v
+	return s
+}
 
-	// The prefix to match. If you don't specify a value, no prefix filter is applied.
-	DestinationNamePrefix *string `min:"1" type:"string"`
+// Represents the status of an export task.
+type ExportTaskExecutionInfo struct {
+	_ struct{} `type:"structure"`
 
-	// The maximum number of items returned. If you don't specify a value, the default
-	// is up to 50 items.
-	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+	// The completion time of the export task, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC.
+	CompletionTime *int64 `locationName:"completionTime" type:"long"`
 
-	// The token for the next set of items to return. (You received this token from
-	// a previous call.)
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	// The creation time of the export task, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC.
+	CreationTime *int64 `locationName:"creationTime" type:"long"`
 }
 
 // String returns the string representation
-func (s DescribeDestinationsInput) String() string {
+func (s ExportTaskExecutionInfo) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeDestinationsInput) GoString() string {
+func (s ExportTaskExecutionInfo) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DescribeDestinationsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DescribeDestinationsInput"}
-	if s.DestinationNamePrefix != nil && len(*s.DestinationNamePrefix) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("DestinationNamePrefix", 1))
-	}
-	if s.Limit != nil && *s.Limit < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
-	}
-	if s.NextToken != nil && len(*s.NextToken) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDestinationNamePrefix sets the DestinationNamePrefix field's value.
-func (s *DescribeDestinationsInput) SetDestinationNamePrefix(v string) *DescribeDestinationsInput {
-	s.DestinationNamePrefix = &v
-	return s
-}
-
-// SetLimit sets the Limit field's value.
-func (s *DescribeDestinationsInput) SetLimit(v int64) *DescribeDestinationsInput {
-	s.Limit = &v
+// SetCompletionTime sets the CompletionTime field's value.
+func (s *ExportTaskExecutionInfo) SetCompletionTime(v int64) *ExportTaskExecutionInfo {
+	s.CompletionTime = &v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeDestinationsInput) SetNextToken(v string) *DescribeDestinationsInput {
-	s.NextToken = &v
+// SetCreationTime sets the CreationTime field's value.
+func (s *ExportTaskExecutionInfo) SetCreationTime(v int64) *ExportTaskExecutionInfo {
+	s.CreationTime = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDestinationsResponse
-type DescribeDestinationsOutput struct {
+// Represents the status of an export task.
+type ExportTaskStatus struct {
 	_ struct{} `type:"structure"`
 
-	// The destinations.
-	Destinations []*Destination `locationName:"destinations" type:"list"`
+	// The status code of the export task.
+	Code *string `locationName:"code" type:"string" enum:"ExportTaskStatusCode"`
 
-	// The token for the next set of items to return. The token expires after 24
-	// hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	// The status message related to the status code.
+	Message *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s DescribeDestinationsOutput) String() string {
+func (s ExportTaskStatus) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeDestinationsOutput) GoString() string {
+func (s ExportTaskStatus) GoString() string {
 	return s.String()
 }
 
-// SetDestinations sets the Destinations field's value.
-func (s *DescribeDestinationsOutput) SetDestinations(v []*Destination) *DescribeDestinationsOutput {
-	s.Destinations = v
+// SetCode sets the Code field's value.
+func (s *ExportTaskStatus) SetCode(v string) *ExportTaskStatus {
+	s.Code = &v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeDestinationsOutput) SetNextToken(v string) *DescribeDestinationsOutput {
-	s.NextToken = &v
+// SetMessage sets the Message field's value.
+func (s *ExportTaskStatus) SetMessage(v string) *ExportTaskStatus {
+	s.Message = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeExportTasksRequest
-type DescribeExportTasksInput struct {
+type FilterLogEventsInput struct {
 	_ struct{} `type:"structure"`
 
-	// The maximum number of items returned. If you don't specify a value, the default
-	// is up to 50 items.
+	// The end of the time range, expressed as the number of milliseconds after
+	// Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time are
+	// not returned.
+	EndTime *int64 `locationName:"endTime" type:"long"`
+
+	// The filter pattern to use. For more information, see Filter and Pattern Syntax
+	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html).
+	//
+	// If not provided, all the events are matched.
+	FilterPattern *string `locationName:"filterPattern" type:"string"`
+
+	// If the value is true, the operation makes a best effort to provide responses
+	// that contain events from multiple log streams within the log group, interleaved
+	// in a single response. If the value is false, all the matched log events in
+	// the first log stream are searched first, then those in the next log stream,
+	// and so on. The default is false.
+	//
+	// IMPORTANT: Starting on June 17, 2019, this parameter will be ignored and
+	// the value will be assumed to be true. The response from this operation will
+	// always interleave events from multiple log streams within a log group.
+	//
+	// Deprecated: Starting on June 17, 2019, this parameter will be ignored and the value will be assumed to be true. The response from this operation will always interleave events from multiple log streams within a log group.
+	Interleaved *bool `locationName:"interleaved" deprecated:"true" type:"boolean"`
+
+	// The maximum number of events to return. The default is 10,000 events.
 	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
 
-	// The token for the next set of items to return. (You received this token from
-	// a previous call.)
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	// The name of the log group to search.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
 
-	// The status code of the export task. Specifying a status code filters the
-	// results to zero or more export tasks.
-	StatusCode *string `locationName:"statusCode" type:"string" enum:"ExportTaskStatusCode"`
+	// Filters the results to include only events from log streams that have names
+	// starting with this prefix.
+	//
+	// If you specify a value for both logStreamNamePrefix and logStreamNames, but
+	// the value for logStreamNamePrefix does not match any log stream names specified
+	// in logStreamNames, the action returns an InvalidParameterException error.
+	LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"`
 
-	// The ID of the export task. Specifying a task ID filters the results to zero
-	// or one export tasks.
-	TaskId *string `locationName:"taskId" min:"1" type:"string"`
+	// Filters the results to only logs from the log streams in this list.
+	//
+	// If you specify a value for both logStreamNamePrefix and logStreamNames, the
+	// action returns an InvalidParameterException error.
+	LogStreamNames []*string `locationName:"logStreamNames" min:"1" type:"list"`
+
+	// The token for the next set of events to return. (You received this token
+	// from a previous call.)
+	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+
+	// The start of the time range, expressed as the number of milliseconds after
+	// Jan 1, 1970 00:00:00 UTC. Events with a timestamp before this time are not
+	// returned.
+	StartTime *int64 `locationName:"startTime" type:"long"`
 }
 
 // String returns the string representation
-func (s DescribeExportTasksInput) String() string {
+func (s FilterLogEventsInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeExportTasksInput) GoString() string {
+func (s FilterLogEventsInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DescribeExportTasksInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DescribeExportTasksInput"}
+func (s *FilterLogEventsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "FilterLogEventsInput"}
 	if s.Limit != nil && *s.Limit < 1 {
 		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
 	}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+	if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1))
+	}
+	if s.LogStreamNames != nil && len(s.LogStreamNames) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogStreamNames", 1))
+	}
 	if s.NextToken != nil && len(*s.NextToken) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
 	}
-	if s.TaskId != nil && len(*s.TaskId) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("TaskId", 1))
-	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -4478,172 +6216,176 @@ func (s *DescribeExportTasksInput) Validate() error {
 	return nil
 }
 
-// SetLimit sets the Limit field's value.
-func (s *DescribeExportTasksInput) SetLimit(v int64) *DescribeExportTasksInput {
-	s.Limit = &v
+// SetEndTime sets the EndTime field's value.
+func (s *FilterLogEventsInput) SetEndTime(v int64) *FilterLogEventsInput {
+	s.EndTime = &v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeExportTasksInput) SetNextToken(v string) *DescribeExportTasksInput {
-	s.NextToken = &v
+// SetFilterPattern sets the FilterPattern field's value.
+func (s *FilterLogEventsInput) SetFilterPattern(v string) *FilterLogEventsInput {
+	s.FilterPattern = &v
 	return s
 }
 
-// SetStatusCode sets the StatusCode field's value.
-func (s *DescribeExportTasksInput) SetStatusCode(v string) *DescribeExportTasksInput {
-	s.StatusCode = &v
+// SetInterleaved sets the Interleaved field's value.
+func (s *FilterLogEventsInput) SetInterleaved(v bool) *FilterLogEventsInput {
+	s.Interleaved = &v
 	return s
 }
 
-// SetTaskId sets the TaskId field's value.
-func (s *DescribeExportTasksInput) SetTaskId(v string) *DescribeExportTasksInput {
-	s.TaskId = &v
+// SetLimit sets the Limit field's value.
+func (s *FilterLogEventsInput) SetLimit(v int64) *FilterLogEventsInput {
+	s.Limit = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeExportTasksResponse
-type DescribeExportTasksOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The export tasks.
-	ExportTasks []*ExportTask `locationName:"exportTasks" type:"list"`
-
-	// The token for the next set of items to return. The token expires after 24
-	// hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
-}
-
-// String returns the string representation
-func (s DescribeExportTasksOutput) String() string {
-	return awsutil.Prettify(s)
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *FilterLogEventsInput) SetLogGroupName(v string) *FilterLogEventsInput {
+	s.LogGroupName = &v
+	return s
 }
 
-// GoString returns the string representation
-func (s DescribeExportTasksOutput) GoString() string {
-	return s.String()
+// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value.
+func (s *FilterLogEventsInput) SetLogStreamNamePrefix(v string) *FilterLogEventsInput {
+	s.LogStreamNamePrefix = &v
+	return s
 }
 
-// SetExportTasks sets the ExportTasks field's value.
-func (s *DescribeExportTasksOutput) SetExportTasks(v []*ExportTask) *DescribeExportTasksOutput {
-	s.ExportTasks = v
+// SetLogStreamNames sets the LogStreamNames field's value.
+func (s *FilterLogEventsInput) SetLogStreamNames(v []*string) *FilterLogEventsInput {
+	s.LogStreamNames = v
 	return s
 }
 
 // SetNextToken sets the NextToken field's value.
-func (s *DescribeExportTasksOutput) SetNextToken(v string) *DescribeExportTasksOutput {
+func (s *FilterLogEventsInput) SetNextToken(v string) *FilterLogEventsInput {
 	s.NextToken = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroupsRequest
-type DescribeLogGroupsInput struct {
-	_ struct{} `type:"structure"`
+// SetStartTime sets the StartTime field's value.
+func (s *FilterLogEventsInput) SetStartTime(v int64) *FilterLogEventsInput {
+	s.StartTime = &v
+	return s
+}
 
-	// The maximum number of items returned. If you don't specify a value, the default
-	// is up to 50 items.
-	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+type FilterLogEventsOutput struct {
+	_ struct{} `type:"structure"`
 
-	// The prefix to match.
-	LogGroupNamePrefix *string `locationName:"logGroupNamePrefix" min:"1" type:"string"`
+	// The matched events.
+	Events []*FilteredLogEvent `locationName:"events" type:"list"`
 
-	// The token for the next set of items to return. (You received this token from
-	// a previous call.)
+	// The token to use when requesting the next set of items. The token expires
+	// after 24 hours.
 	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
-}
-
-// String returns the string representation
-func (s DescribeLogGroupsInput) String() string {
-	return awsutil.Prettify(s)
-}
 
-// GoString returns the string representation
-func (s DescribeLogGroupsInput) GoString() string {
-	return s.String()
+	// Indicates which log streams have been searched and whether each has been
+	// searched completely.
+	SearchedLogStreams []*SearchedLogStream `locationName:"searchedLogStreams" type:"list"`
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DescribeLogGroupsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DescribeLogGroupsInput"}
-	if s.Limit != nil && *s.Limit < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
-	}
-	if s.LogGroupNamePrefix != nil && len(*s.LogGroupNamePrefix) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupNamePrefix", 1))
-	}
-	if s.NextToken != nil && len(*s.NextToken) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
+// String returns the string representation
+func (s FilterLogEventsOutput) String() string {
+	return awsutil.Prettify(s)
 }
 
-// SetLimit sets the Limit field's value.
-func (s *DescribeLogGroupsInput) SetLimit(v int64) *DescribeLogGroupsInput {
-	s.Limit = &v
-	return s
+// GoString returns the string representation
+func (s FilterLogEventsOutput) GoString() string {
+	return s.String()
 }
 
-// SetLogGroupNamePrefix sets the LogGroupNamePrefix field's value.
-func (s *DescribeLogGroupsInput) SetLogGroupNamePrefix(v string) *DescribeLogGroupsInput {
-	s.LogGroupNamePrefix = &v
+// SetEvents sets the Events field's value.
+func (s *FilterLogEventsOutput) SetEvents(v []*FilteredLogEvent) *FilterLogEventsOutput {
+	s.Events = v
 	return s
 }
 
 // SetNextToken sets the NextToken field's value.
-func (s *DescribeLogGroupsInput) SetNextToken(v string) *DescribeLogGroupsInput {
+func (s *FilterLogEventsOutput) SetNextToken(v string) *FilterLogEventsOutput {
 	s.NextToken = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroupsResponse
-type DescribeLogGroupsOutput struct {
+// SetSearchedLogStreams sets the SearchedLogStreams field's value.
+func (s *FilterLogEventsOutput) SetSearchedLogStreams(v []*SearchedLogStream) *FilterLogEventsOutput {
+	s.SearchedLogStreams = v
+	return s
+}
+
+// Represents a matched event.
+type FilteredLogEvent struct {
 	_ struct{} `type:"structure"`
 
-	// The log groups.
-	LogGroups []*LogGroup `locationName:"logGroups" type:"list"`
+	// The ID of the event.
+	EventId *string `locationName:"eventId" type:"string"`
 
-	// The token for the next set of items to return. The token expires after 24
-	// hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	// The time the event was ingested, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC.
+	IngestionTime *int64 `locationName:"ingestionTime" type:"long"`
+
+	// The name of the log stream to which this event belongs.
+	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"`
+
+	// The data contained in the log event.
+	Message *string `locationName:"message" min:"1" type:"string"`
+
+	// The time the event occurred, expressed as the number of milliseconds after
+	// Jan 1, 1970 00:00:00 UTC.
+	Timestamp *int64 `locationName:"timestamp" type:"long"`
 }
 
 // String returns the string representation
-func (s DescribeLogGroupsOutput) String() string {
+func (s FilteredLogEvent) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeLogGroupsOutput) GoString() string {
+func (s FilteredLogEvent) GoString() string {
 	return s.String()
 }
 
-// SetLogGroups sets the LogGroups field's value.
-func (s *DescribeLogGroupsOutput) SetLogGroups(v []*LogGroup) *DescribeLogGroupsOutput {
-	s.LogGroups = v
+// SetEventId sets the EventId field's value.
+func (s *FilteredLogEvent) SetEventId(v string) *FilteredLogEvent {
+	s.EventId = &v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeLogGroupsOutput) SetNextToken(v string) *DescribeLogGroupsOutput {
-	s.NextToken = &v
+// SetIngestionTime sets the IngestionTime field's value.
+func (s *FilteredLogEvent) SetIngestionTime(v int64) *FilteredLogEvent {
+	s.IngestionTime = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogStreamsRequest
-type DescribeLogStreamsInput struct {
+// SetLogStreamName sets the LogStreamName field's value.
+func (s *FilteredLogEvent) SetLogStreamName(v string) *FilteredLogEvent {
+	s.LogStreamName = &v
+	return s
+}
+
+// SetMessage sets the Message field's value.
+func (s *FilteredLogEvent) SetMessage(v string) *FilteredLogEvent {
+	s.Message = &v
+	return s
+}
+
+// SetTimestamp sets the Timestamp field's value.
+func (s *FilteredLogEvent) SetTimestamp(v int64) *FilteredLogEvent {
+	s.Timestamp = &v
+	return s
+}
+
+type GetLogEventsInput struct {
 	_ struct{} `type:"structure"`
 
-	// If the value is true, results are returned in descending order. If the value
-	// is to false, results are returned in ascending order. The default value is
-	// false.
-	Descending *bool `locationName:"descending" type:"boolean"`
+	// The end of the time range, expressed as the number of milliseconds after
+	// Jan 1, 1970 00:00:00 UTC. Events with a timestamp equal to or later than
+	// this time are not included.
+	EndTime *int64 `locationName:"endTime" type:"long"`
 
-	// The maximum number of items returned. If you don't specify a value, the default
-	// is up to 50 items.
+	// The maximum number of log events returned. If you don't specify a value,
+	// the maximum is as many log events as can fit in a response size of 1 MB,
+	// up to 10,000 log events.
 	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
 
 	// The name of the log group.
@@ -4651,43 +6393,44 @@ type DescribeLogStreamsInput struct {
 	// LogGroupName is a required field
 	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
 
-	// The prefix to match.
+	// The name of the log stream.
 	//
-	// iIf orderBy is LastEventTime,you cannot specify this parameter.
-	LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"`
+	// LogStreamName is a required field
+	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"`
 
 	// The token for the next set of items to return. (You received this token from
 	// a previous call.)
+	//
+	// Using this token works only when you specify true for startFromHead.
 	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
 
-	// If the value is LogStreamName, the results are ordered by log stream name.
-	// If the value is LastEventTime, the results are ordered by the event time.
-	// The default value is LogStreamName.
-	//
-	// If you order the results by event time, you cannot specify the logStreamNamePrefix
-	// parameter.
+	// If the value is true, the earliest log events are returned first. If the
+	// value is false, the latest log events are returned first. The default value
+	// is false.
 	//
-	// lastEventTimestamp represents the time of the most recent log event in the
-	// log stream in CloudWatch Logs. This number is expressed as the number of
-	// milliseconds after Jan 1, 1970 00:00:00 UTC. lastEventTimeStamp updates on
-	// an eventual consistency basis. It typically updates in less than an hour
-	// from ingestion, but may take longer in some rare situations.
-	OrderBy *string `locationName:"orderBy" type:"string" enum:"OrderBy"`
+	// If you are using nextToken in this operation, you must specify true for startFromHead.
+	StartFromHead *bool `locationName:"startFromHead" type:"boolean"`
+
+	// The start of the time range, expressed as the number of milliseconds after
+	// Jan 1, 1970 00:00:00 UTC. Events with a timestamp equal to this time or later
+	// than this time are included. Events with a timestamp earlier than this time
+	// are not included.
+	StartTime *int64 `locationName:"startTime" type:"long"`
 }
 
 // String returns the string representation
-func (s DescribeLogStreamsInput) String() string {
+func (s GetLogEventsInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeLogStreamsInput) GoString() string {
+func (s GetLogEventsInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DescribeLogStreamsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DescribeLogStreamsInput"}
+func (s *GetLogEventsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetLogEventsInput"}
 	if s.Limit != nil && *s.Limit < 1 {
 		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
 	}
@@ -4697,8 +6440,11 @@ func (s *DescribeLogStreamsInput) Validate() error {
 	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
 	}
-	if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1))
+	if s.LogStreamName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogStreamName"))
+	}
+	if s.LogStreamName != nil && len(*s.LogStreamName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1))
 	}
 	if s.NextToken != nil && len(*s.NextToken) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
@@ -4710,126 +6456,200 @@ func (s *DescribeLogStreamsInput) Validate() error {
 	return nil
 }
 
-// SetDescending sets the Descending field's value.
-func (s *DescribeLogStreamsInput) SetDescending(v bool) *DescribeLogStreamsInput {
-	s.Descending = &v
+// SetEndTime sets the EndTime field's value.
+func (s *GetLogEventsInput) SetEndTime(v int64) *GetLogEventsInput {
+	s.EndTime = &v
 	return s
 }
 
 // SetLimit sets the Limit field's value.
-func (s *DescribeLogStreamsInput) SetLimit(v int64) *DescribeLogStreamsInput {
+func (s *GetLogEventsInput) SetLimit(v int64) *GetLogEventsInput {
 	s.Limit = &v
 	return s
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *DescribeLogStreamsInput) SetLogGroupName(v string) *DescribeLogStreamsInput {
+func (s *GetLogEventsInput) SetLogGroupName(v string) *GetLogEventsInput {
 	s.LogGroupName = &v
 	return s
 }
 
-// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value.
-func (s *DescribeLogStreamsInput) SetLogStreamNamePrefix(v string) *DescribeLogStreamsInput {
-	s.LogStreamNamePrefix = &v
+// SetLogStreamName sets the LogStreamName field's value.
+func (s *GetLogEventsInput) SetLogStreamName(v string) *GetLogEventsInput {
+	s.LogStreamName = &v
 	return s
 }
 
 // SetNextToken sets the NextToken field's value.
-func (s *DescribeLogStreamsInput) SetNextToken(v string) *DescribeLogStreamsInput {
+func (s *GetLogEventsInput) SetNextToken(v string) *GetLogEventsInput {
 	s.NextToken = &v
 	return s
 }
 
-// SetOrderBy sets the OrderBy field's value.
-func (s *DescribeLogStreamsInput) SetOrderBy(v string) *DescribeLogStreamsInput {
-	s.OrderBy = &v
+// SetStartFromHead sets the StartFromHead field's value.
+func (s *GetLogEventsInput) SetStartFromHead(v bool) *GetLogEventsInput {
+	s.StartFromHead = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogStreamsResponse
-type DescribeLogStreamsOutput struct {
+// SetStartTime sets the StartTime field's value.
+func (s *GetLogEventsInput) SetStartTime(v int64) *GetLogEventsInput {
+	s.StartTime = &v
+	return s
+}
+
+type GetLogEventsOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The log streams.
-	LogStreams []*LogStream `locationName:"logStreams" type:"list"`
+	// The events.
+	Events []*OutputLogEvent `locationName:"events" type:"list"`
 
-	// The token for the next set of items to return. The token expires after 24
-	// hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	// The token for the next set of items in the backward direction. The token
+	// expires after 24 hours. This token will never be null. If you have reached
+	// the end of the stream, it will return the same token you passed in.
+	NextBackwardToken *string `locationName:"nextBackwardToken" min:"1" type:"string"`
+
+	// The token for the next set of items in the forward direction. The token expires
+	// after 24 hours. If you have reached the end of the stream, it will return
+	// the same token you passed in.
+	NextForwardToken *string `locationName:"nextForwardToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s DescribeLogStreamsOutput) String() string {
+func (s GetLogEventsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeLogStreamsOutput) GoString() string {
+func (s GetLogEventsOutput) GoString() string {
 	return s.String()
 }
 
-// SetLogStreams sets the LogStreams field's value.
-func (s *DescribeLogStreamsOutput) SetLogStreams(v []*LogStream) *DescribeLogStreamsOutput {
-	s.LogStreams = v
+// SetEvents sets the Events field's value.
+func (s *GetLogEventsOutput) SetEvents(v []*OutputLogEvent) *GetLogEventsOutput {
+	s.Events = v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeLogStreamsOutput) SetNextToken(v string) *DescribeLogStreamsOutput {
-	s.NextToken = &v
+// SetNextBackwardToken sets the NextBackwardToken field's value.
+func (s *GetLogEventsOutput) SetNextBackwardToken(v string) *GetLogEventsOutput {
+	s.NextBackwardToken = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeMetricFiltersRequest
-type DescribeMetricFiltersInput struct {
+// SetNextForwardToken sets the NextForwardToken field's value.
+func (s *GetLogEventsOutput) SetNextForwardToken(v string) *GetLogEventsOutput {
+	s.NextForwardToken = &v
+	return s
+}
+
+type GetLogGroupFieldsInput struct {
 	_ struct{} `type:"structure"`
 
-	// The prefix to match.
-	FilterNamePrefix *string `locationName:"filterNamePrefix" min:"1" type:"string"`
+	// The name of the log group to search.
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
 
-	// The maximum number of items returned. If you don't specify a value, the default
-	// is up to 50 items.
-	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+	// The time to set as the center of the query. If you specify time, the 8 minutes
+	// before and 8 minutes after this time are searched. If you omit time, the
+	// past 15 minutes are queried.
+	//
+	// The time value is specified as epoch time, the number of seconds since January
+	// 1, 1970, 00:00:00 UTC.
+	Time *int64 `locationName:"time" type:"long"`
+}
 
-	// The name of the log group.
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
+// String returns the string representation
+func (s GetLogGroupFieldsInput) String() string {
+	return awsutil.Prettify(s)
+}
 
-	// The name of the CloudWatch metric to which the monitored log information
-	// should be published. For example, you may publish to a metric called ErrorCount.
-	MetricName *string `locationName:"metricName" type:"string"`
+// GoString returns the string representation
+func (s GetLogGroupFieldsInput) GoString() string {
+	return s.String()
+}
 
-	// The namespace of the CloudWatch metric.
-	MetricNamespace *string `locationName:"metricNamespace" type:"string"`
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetLogGroupFieldsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetLogGroupFieldsInput"}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *GetLogGroupFieldsInput) SetLogGroupName(v string) *GetLogGroupFieldsInput {
+	s.LogGroupName = &v
+	return s
+}
+
+// SetTime sets the Time field's value.
+func (s *GetLogGroupFieldsInput) SetTime(v int64) *GetLogGroupFieldsInput {
+	s.Time = &v
+	return s
+}
+
+type GetLogGroupFieldsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The array of fields found in the query. Each object in the array contains
+	// the name of the field, along with the percentage of time it appeared in the
+	// log events that were queried.
+	LogGroupFields []*LogGroupField `locationName:"logGroupFields" type:"list"`
+}
+
+// String returns the string representation
+func (s GetLogGroupFieldsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetLogGroupFieldsOutput) GoString() string {
+	return s.String()
+}
+
+// SetLogGroupFields sets the LogGroupFields field's value.
+func (s *GetLogGroupFieldsOutput) SetLogGroupFields(v []*LogGroupField) *GetLogGroupFieldsOutput {
+	s.LogGroupFields = v
+	return s
+}
 
-	// The token for the next set of items to return. (You received this token from
-	// a previous call.)
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+type GetLogRecordInput struct {
+	_ struct{} `type:"structure"`
+
+	// The pointer corresponding to the log event record you want to retrieve. You
+	// get this from the response of a GetQueryResults operation. In that response,
+	// the value of the @ptr field for a log event is the value to use as logRecordPointer
+	// to retrieve that complete log event record.
+	//
+	// LogRecordPointer is a required field
+	LogRecordPointer *string `locationName:"logRecordPointer" type:"string" required:"true"`
 }
 
 // String returns the string representation
-func (s DescribeMetricFiltersInput) String() string {
+func (s GetLogRecordInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeMetricFiltersInput) GoString() string {
+func (s GetLogRecordInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DescribeMetricFiltersInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DescribeMetricFiltersInput"}
-	if s.FilterNamePrefix != nil && len(*s.FilterNamePrefix) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("FilterNamePrefix", 1))
-	}
-	if s.Limit != nil && *s.Limit < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.NextToken != nil && len(*s.NextToken) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+func (s *GetLogRecordInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetLogRecordInput"}
+	if s.LogRecordPointer == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogRecordPointer"))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -4838,107 +6658,164 @@ func (s *DescribeMetricFiltersInput) Validate() error {
 	return nil
 }
 
-// SetFilterNamePrefix sets the FilterNamePrefix field's value.
-func (s *DescribeMetricFiltersInput) SetFilterNamePrefix(v string) *DescribeMetricFiltersInput {
-	s.FilterNamePrefix = &v
+// SetLogRecordPointer sets the LogRecordPointer field's value.
+func (s *GetLogRecordInput) SetLogRecordPointer(v string) *GetLogRecordInput {
+	s.LogRecordPointer = &v
 	return s
 }
 
-// SetLimit sets the Limit field's value.
-func (s *DescribeMetricFiltersInput) SetLimit(v int64) *DescribeMetricFiltersInput {
-	s.Limit = &v
-	return s
+type GetLogRecordOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The requested log event, as a JSON string.
+	LogRecord map[string]*string `locationName:"logRecord" type:"map"`
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *DescribeMetricFiltersInput) SetLogGroupName(v string) *DescribeMetricFiltersInput {
-	s.LogGroupName = &v
-	return s
+// String returns the string representation
+func (s GetLogRecordOutput) String() string {
+	return awsutil.Prettify(s)
 }
 
-// SetMetricName sets the MetricName field's value.
-func (s *DescribeMetricFiltersInput) SetMetricName(v string) *DescribeMetricFiltersInput {
-	s.MetricName = &v
-	return s
+// GoString returns the string representation
+func (s GetLogRecordOutput) GoString() string {
+	return s.String()
 }
 
-// SetMetricNamespace sets the MetricNamespace field's value.
-func (s *DescribeMetricFiltersInput) SetMetricNamespace(v string) *DescribeMetricFiltersInput {
-	s.MetricNamespace = &v
+// SetLogRecord sets the LogRecord field's value.
+func (s *GetLogRecordOutput) SetLogRecord(v map[string]*string) *GetLogRecordOutput {
+	s.LogRecord = v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeMetricFiltersInput) SetNextToken(v string) *DescribeMetricFiltersInput {
-	s.NextToken = &v
+type GetQueryResultsInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID number of the query.
+	//
+	// QueryId is a required field
+	QueryId *string `locationName:"queryId" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetQueryResultsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetQueryResultsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetQueryResultsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetQueryResultsInput"}
+	if s.QueryId == nil {
+		invalidParams.Add(request.NewErrParamRequired("QueryId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetQueryId sets the QueryId field's value.
+func (s *GetQueryResultsInput) SetQueryId(v string) *GetQueryResultsInput {
+	s.QueryId = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeMetricFiltersResponse
-type DescribeMetricFiltersOutput struct {
+type GetQueryResultsOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The metric filters.
-	MetricFilters []*MetricFilter `locationName:"metricFilters" type:"list"`
-
-	// The token for the next set of items to return. The token expires after 24
-	// hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	// The log events that matched the query criteria during the most recent time
+	// it ran.
+	//
+	// The results value is an array of arrays. Each log event is one object in
+	// the top-level array. Each of these log event objects is an array of field/value
+	// pairs.
+	Results [][]*ResultField `locationName:"results" type:"list"`
+
+	// Includes the number of log events scanned by the query, the number of log
+	// events that matched the query criteria, and the total number of bytes in
+	// the log events that were scanned.
+	Statistics *QueryStatistics `locationName:"statistics" type:"structure"`
+
+	// The status of the most recent running of the query. Possible values are Cancelled,
+	// Complete, Failed, Running, Scheduled, Timeout, and Unknown.
+	//
+	// Queries time out after 15 minutes of execution. To avoid having your queries
+	// time out, reduce the time range being searched, or partition your query into
+	// a number of queries.
+	Status *string `locationName:"status" type:"string" enum:"QueryStatus"`
 }
 
 // String returns the string representation
-func (s DescribeMetricFiltersOutput) String() string {
+func (s GetQueryResultsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeMetricFiltersOutput) GoString() string {
+func (s GetQueryResultsOutput) GoString() string {
 	return s.String()
 }
 
-// SetMetricFilters sets the MetricFilters field's value.
-func (s *DescribeMetricFiltersOutput) SetMetricFilters(v []*MetricFilter) *DescribeMetricFiltersOutput {
-	s.MetricFilters = v
+// SetResults sets the Results field's value.
+func (s *GetQueryResultsOutput) SetResults(v [][]*ResultField) *GetQueryResultsOutput {
+	s.Results = v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeMetricFiltersOutput) SetNextToken(v string) *DescribeMetricFiltersOutput {
-	s.NextToken = &v
+// SetStatistics sets the Statistics field's value.
+func (s *GetQueryResultsOutput) SetStatistics(v *QueryStatistics) *GetQueryResultsOutput {
+	s.Statistics = v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeResourcePoliciesRequest
-type DescribeResourcePoliciesInput struct {
+// SetStatus sets the Status field's value.
+func (s *GetQueryResultsOutput) SetStatus(v string) *GetQueryResultsOutput {
+	s.Status = &v
+	return s
+}
+
+// Represents a log event, which is a record of activity that was recorded by
+// the application or resource being monitored.
+type InputLogEvent struct {
 	_ struct{} `type:"structure"`
 
-	// The maximum number of resource policies to be displayed with one call of
-	// this API.
-	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+	// The raw event message.
+	//
+	// Message is a required field
+	Message *string `locationName:"message" min:"1" type:"string" required:"true"`
 
-	// The token for the next set of items to return. The token expires after 24
-	// hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	// The time the event occurred, expressed as the number of milliseconds after
+	// Jan 1, 1970 00:00:00 UTC.
+	//
+	// Timestamp is a required field
+	Timestamp *int64 `locationName:"timestamp" type:"long" required:"true"`
 }
 
 // String returns the string representation
-func (s DescribeResourcePoliciesInput) String() string {
+func (s InputLogEvent) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeResourcePoliciesInput) GoString() string {
+func (s InputLogEvent) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DescribeResourcePoliciesInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DescribeResourcePoliciesInput"}
-	if s.Limit != nil && *s.Limit < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
+func (s *InputLogEvent) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "InputLogEvent"}
+	if s.Message == nil {
+		invalidParams.Add(request.NewErrParamRequired("Message"))
 	}
-	if s.NextToken != nil && len(*s.NextToken) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+	if s.Message != nil && len(*s.Message) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Message", 1))
+	}
+	if s.Timestamp == nil {
+		invalidParams.Add(request.NewErrParamRequired("Timestamp"))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -4947,241 +6824,246 @@ func (s *DescribeResourcePoliciesInput) Validate() error {
 	return nil
 }
 
-// SetLimit sets the Limit field's value.
-func (s *DescribeResourcePoliciesInput) SetLimit(v int64) *DescribeResourcePoliciesInput {
-	s.Limit = &v
+// SetMessage sets the Message field's value.
+func (s *InputLogEvent) SetMessage(v string) *InputLogEvent {
+	s.Message = &v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeResourcePoliciesInput) SetNextToken(v string) *DescribeResourcePoliciesInput {
-	s.NextToken = &v
+// SetTimestamp sets the Timestamp field's value.
+func (s *InputLogEvent) SetTimestamp(v int64) *InputLogEvent {
+	s.Timestamp = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeResourcePoliciesResponse
-type DescribeResourcePoliciesOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The token for the next set of items to return. The token expires after 24
-	// hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+// The operation is not valid on the specified resource.
+type InvalidOperationException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
 
-	// The resource policies that exist in this account.
-	ResourcePolicies []*ResourcePolicy `locationName:"resourcePolicies" type:"list"`
+	Message_ *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s DescribeResourcePoliciesOutput) String() string {
+func (s InvalidOperationException) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeResourcePoliciesOutput) GoString() string {
+func (s InvalidOperationException) GoString() string {
 	return s.String()
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeResourcePoliciesOutput) SetNextToken(v string) *DescribeResourcePoliciesOutput {
-	s.NextToken = &v
-	return s
+func newErrorInvalidOperationException(v protocol.ResponseMetadata) error {
+	return &InvalidOperationException{
+		respMetadata: v,
+	}
 }
 
-// SetResourcePolicies sets the ResourcePolicies field's value.
-func (s *DescribeResourcePoliciesOutput) SetResourcePolicies(v []*ResourcePolicy) *DescribeResourcePoliciesOutput {
-	s.ResourcePolicies = v
-	return s
+// Code returns the exception type name.
+func (s InvalidOperationException) Code() string {
+	return "InvalidOperationException"
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeSubscriptionFiltersRequest
-type DescribeSubscriptionFiltersInput struct {
-	_ struct{} `type:"structure"`
+// Message returns the exception's message.
+func (s InvalidOperationException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
 
-	// The prefix to match. If you don't specify a value, no prefix filter is applied.
-	FilterNamePrefix *string `locationName:"filterNamePrefix" min:"1" type:"string"`
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s InvalidOperationException) OrigErr() error {
+	return nil
+}
 
-	// The maximum number of items returned. If you don't specify a value, the default
-	// is up to 50 items.
-	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+func (s InvalidOperationException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+// Status code returns the HTTP status code for the request's response error.
+func (s InvalidOperationException) StatusCode() int {
+	return s.respMetadata.StatusCode
+}
 
-	// The token for the next set of items to return. (You received this token from
-	// a previous call.)
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+// RequestID returns the service's response RequestID for request.
+func (s InvalidOperationException) RequestID() string {
+	return s.respMetadata.RequestID
+}
+
+// A parameter is specified incorrectly.
+type InvalidParameterException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
+
+	Message_ *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s DescribeSubscriptionFiltersInput) String() string {
+func (s InvalidParameterException) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeSubscriptionFiltersInput) GoString() string {
+func (s InvalidParameterException) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DescribeSubscriptionFiltersInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DescribeSubscriptionFiltersInput"}
-	if s.FilterNamePrefix != nil && len(*s.FilterNamePrefix) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("FilterNamePrefix", 1))
-	}
-	if s.Limit != nil && *s.Limit < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
-	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.NextToken != nil && len(*s.NextToken) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+func newErrorInvalidParameterException(v protocol.ResponseMetadata) error {
+	return &InvalidParameterException{
+		respMetadata: v,
 	}
+}
 
-	if invalidParams.Len() > 0 {
-		return invalidParams
+// Code returns the exception type name.
+func (s InvalidParameterException) Code() string {
+	return "InvalidParameterException"
+}
+
+// Message returns the exception's message.
+func (s InvalidParameterException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
 	}
-	return nil
+	return ""
 }
 
-// SetFilterNamePrefix sets the FilterNamePrefix field's value.
-func (s *DescribeSubscriptionFiltersInput) SetFilterNamePrefix(v string) *DescribeSubscriptionFiltersInput {
-	s.FilterNamePrefix = &v
-	return s
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s InvalidParameterException) OrigErr() error {
+	return nil
 }
 
-// SetLimit sets the Limit field's value.
-func (s *DescribeSubscriptionFiltersInput) SetLimit(v int64) *DescribeSubscriptionFiltersInput {
-	s.Limit = &v
-	return s
+func (s InvalidParameterException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *DescribeSubscriptionFiltersInput) SetLogGroupName(v string) *DescribeSubscriptionFiltersInput {
-	s.LogGroupName = &v
-	return s
+// Status code returns the HTTP status code for the request's response error.
+func (s InvalidParameterException) StatusCode() int {
+	return s.respMetadata.StatusCode
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeSubscriptionFiltersInput) SetNextToken(v string) *DescribeSubscriptionFiltersInput {
-	s.NextToken = &v
-	return s
+// RequestID returns the service's response RequestID for request.
+func (s InvalidParameterException) RequestID() string {
+	return s.respMetadata.RequestID
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeSubscriptionFiltersResponse
-type DescribeSubscriptionFiltersOutput struct {
-	_ struct{} `type:"structure"`
+// The sequence token is not valid. You can get the correct sequence token in
+// the expectedSequenceToken field in the InvalidSequenceTokenException message.
+type InvalidSequenceTokenException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
 
-	// The token for the next set of items to return. The token expires after 24
-	// hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	ExpectedSequenceToken *string `locationName:"expectedSequenceToken" min:"1" type:"string"`
 
-	// The subscription filters.
-	SubscriptionFilters []*SubscriptionFilter `locationName:"subscriptionFilters" type:"list"`
+	Message_ *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s DescribeSubscriptionFiltersOutput) String() string {
+func (s InvalidSequenceTokenException) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DescribeSubscriptionFiltersOutput) GoString() string {
+func (s InvalidSequenceTokenException) GoString() string {
 	return s.String()
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *DescribeSubscriptionFiltersOutput) SetNextToken(v string) *DescribeSubscriptionFiltersOutput {
-	s.NextToken = &v
-	return s
+func newErrorInvalidSequenceTokenException(v protocol.ResponseMetadata) error {
+	return &InvalidSequenceTokenException{
+		respMetadata: v,
+	}
 }
 
-// SetSubscriptionFilters sets the SubscriptionFilters field's value.
-func (s *DescribeSubscriptionFiltersOutput) SetSubscriptionFilters(v []*SubscriptionFilter) *DescribeSubscriptionFiltersOutput {
-	s.SubscriptionFilters = v
-	return s
+// Code returns the exception type name.
+func (s InvalidSequenceTokenException) Code() string {
+	return "InvalidSequenceTokenException"
 }
 
-// Represents a cross-account destination that receives subscription log events.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/Destination
-type Destination struct {
-	_ struct{} `type:"structure"`
+// Message returns the exception's message.
+func (s InvalidSequenceTokenException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
 
-	// An IAM policy document that governs which AWS accounts can create subscription
-	// filters against this destination.
-	AccessPolicy *string `locationName:"accessPolicy" min:"1" type:"string"`
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s InvalidSequenceTokenException) OrigErr() error {
+	return nil
+}
 
-	// The ARN of this destination.
-	Arn *string `locationName:"arn" type:"string"`
+func (s InvalidSequenceTokenException) Error() string {
+	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
 
-	// The creation time of the destination, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC.
-	CreationTime *int64 `locationName:"creationTime" type:"long"`
+// Status code returns the HTTP status code for the request's response error.
+func (s InvalidSequenceTokenException) StatusCode() int {
+	return s.respMetadata.StatusCode
+}
 
-	// The name of the destination.
-	DestinationName *string `locationName:"destinationName" min:"1" type:"string"`
+// RequestID returns the service's response RequestID for request.
+func (s InvalidSequenceTokenException) RequestID() string {
+	return s.respMetadata.RequestID
+}
 
-	// A role for impersonation, used when delivering log events to the target.
-	RoleArn *string `locationName:"roleArn" min:"1" type:"string"`
+// You have reached the maximum number of resources that can be created.
+type LimitExceededException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
 
-	// The Amazon Resource Name (ARN) of the physical target to where the log events
-	// are delivered (for example, a Kinesis stream).
-	TargetArn *string `locationName:"targetArn" min:"1" type:"string"`
+	Message_ *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s Destination) String() string {
+func (s LimitExceededException) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s Destination) GoString() string {
+func (s LimitExceededException) GoString() string {
 	return s.String()
 }
 
-// SetAccessPolicy sets the AccessPolicy field's value.
-func (s *Destination) SetAccessPolicy(v string) *Destination {
-	s.AccessPolicy = &v
-	return s
+func newErrorLimitExceededException(v protocol.ResponseMetadata) error {
+	return &LimitExceededException{
+		respMetadata: v,
+	}
 }
 
-// SetArn sets the Arn field's value.
-func (s *Destination) SetArn(v string) *Destination {
-	s.Arn = &v
-	return s
+// Code returns the exception type name.
+func (s LimitExceededException) Code() string {
+	return "LimitExceededException"
 }
 
-// SetCreationTime sets the CreationTime field's value.
-func (s *Destination) SetCreationTime(v int64) *Destination {
-	s.CreationTime = &v
-	return s
+// Message returns the exception's message.
+func (s LimitExceededException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
 }
 
-// SetDestinationName sets the DestinationName field's value.
-func (s *Destination) SetDestinationName(v string) *Destination {
-	s.DestinationName = &v
-	return s
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s LimitExceededException) OrigErr() error {
+	return nil
 }
 
-// SetRoleArn sets the RoleArn field's value.
-func (s *Destination) SetRoleArn(v string) *Destination {
-	s.RoleArn = &v
-	return s
+func (s LimitExceededException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 }
 
-// SetTargetArn sets the TargetArn field's value.
-func (s *Destination) SetTargetArn(v string) *Destination {
-	s.TargetArn = &v
-	return s
+// Status code returns the HTTP status code for the request's response error.
+func (s LimitExceededException) StatusCode() int {
+	return s.respMetadata.StatusCode
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DisassociateKmsKeyRequest
-type DisassociateKmsKeyInput struct {
+// RequestID returns the service's response RequestID for request.
+func (s LimitExceededException) RequestID() string {
+	return s.respMetadata.RequestID
+}
+
+type ListTagsLogGroupInput struct {
 	_ struct{} `type:"structure"`
 
 	// The name of the log group.
@@ -5191,18 +7073,18 @@ type DisassociateKmsKeyInput struct {
 }
 
 // String returns the string representation
-func (s DisassociateKmsKeyInput) String() string {
+func (s ListTagsLogGroupInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DisassociateKmsKeyInput) GoString() string {
+func (s ListTagsLogGroupInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DisassociateKmsKeyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DisassociateKmsKeyInput"}
+func (s *ListTagsLogGroupInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListTagsLogGroupInput"}
 	if s.LogGroupName == nil {
 		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
 	}
@@ -5217,494 +7099,468 @@ func (s *DisassociateKmsKeyInput) Validate() error {
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *DisassociateKmsKeyInput) SetLogGroupName(v string) *DisassociateKmsKeyInput {
+func (s *ListTagsLogGroupInput) SetLogGroupName(v string) *ListTagsLogGroupInput {
 	s.LogGroupName = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DisassociateKmsKeyOutput
-type DisassociateKmsKeyOutput struct {
+type ListTagsLogGroupOutput struct {
 	_ struct{} `type:"structure"`
+
+	// The tags for the log group.
+	Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
 }
 
 // String returns the string representation
-func (s DisassociateKmsKeyOutput) String() string {
+func (s ListTagsLogGroupOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DisassociateKmsKeyOutput) GoString() string {
+func (s ListTagsLogGroupOutput) GoString() string {
 	return s.String()
 }
 
-// Represents an export task.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ExportTask
-type ExportTask struct {
-	_ struct{} `type:"structure"`
+// SetTags sets the Tags field's value.
+func (s *ListTagsLogGroupOutput) SetTags(v map[string]*string) *ListTagsLogGroupOutput {
+	s.Tags = v
+	return s
+}
 
-	// The name of Amazon S3 bucket to which the log data was exported.
-	Destination *string `locationName:"destination" min:"1" type:"string"`
+// Represents a log group.
+type LogGroup struct {
+	_ struct{} `type:"structure"`
 
-	// The prefix that was used as the start of Amazon S3 key for every object exported.
-	DestinationPrefix *string `locationName:"destinationPrefix" type:"string"`
+	// The Amazon Resource Name (ARN) of the log group.
+	Arn *string `locationName:"arn" type:"string"`
 
-	// Execution info about the export task.
-	ExecutionInfo *ExportTaskExecutionInfo `locationName:"executionInfo" type:"structure"`
+	// The creation time of the log group, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC.
+	CreationTime *int64 `locationName:"creationTime" type:"long"`
 
-	// The start time, expressed as the number of milliseconds after Jan 1, 1970
-	// 00:00:00 UTC. Events with a time stamp before this time are not exported.
-	From *int64 `locationName:"from" type:"long"`
+	// The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
+	KmsKeyId *string `locationName:"kmsKeyId" type:"string"`
 
-	// The name of the log group from which logs data was exported.
+	// The name of the log group.
 	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
 
-	// The status of the export task.
-	Status *ExportTaskStatus `locationName:"status" type:"structure"`
-
-	// The ID of the export task.
-	TaskId *string `locationName:"taskId" min:"1" type:"string"`
+	// The number of metric filters.
+	MetricFilterCount *int64 `locationName:"metricFilterCount" type:"integer"`
 
-	// The name of the export task.
-	TaskName *string `locationName:"taskName" min:"1" type:"string"`
+	// The number of days to retain the log events in the specified log group. Possible
+	// values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731,
+	// 1827, and 3653.
+	RetentionInDays *int64 `locationName:"retentionInDays" type:"integer"`
 
-	// The end time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00
-	// UTC. Events with a time stamp later than this time are not exported.
-	To *int64 `locationName:"to" type:"long"`
+	// The number of bytes stored.
+	StoredBytes *int64 `locationName:"storedBytes" type:"long"`
 }
 
 // String returns the string representation
-func (s ExportTask) String() string {
+func (s LogGroup) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s ExportTask) GoString() string {
+func (s LogGroup) GoString() string {
 	return s.String()
 }
 
-// SetDestination sets the Destination field's value.
-func (s *ExportTask) SetDestination(v string) *ExportTask {
-	s.Destination = &v
+// SetArn sets the Arn field's value.
+func (s *LogGroup) SetArn(v string) *LogGroup {
+	s.Arn = &v
 	return s
 }
 
-// SetDestinationPrefix sets the DestinationPrefix field's value.
-func (s *ExportTask) SetDestinationPrefix(v string) *ExportTask {
-	s.DestinationPrefix = &v
+// SetCreationTime sets the CreationTime field's value.
+func (s *LogGroup) SetCreationTime(v int64) *LogGroup {
+	s.CreationTime = &v
 	return s
 }
 
-// SetExecutionInfo sets the ExecutionInfo field's value.
-func (s *ExportTask) SetExecutionInfo(v *ExportTaskExecutionInfo) *ExportTask {
-	s.ExecutionInfo = v
+// SetKmsKeyId sets the KmsKeyId field's value.
+func (s *LogGroup) SetKmsKeyId(v string) *LogGroup {
+	s.KmsKeyId = &v
 	return s
 }
 
-// SetFrom sets the From field's value.
-func (s *ExportTask) SetFrom(v int64) *ExportTask {
-	s.From = &v
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *LogGroup) SetLogGroupName(v string) *LogGroup {
+	s.LogGroupName = &v
 	return s
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *ExportTask) SetLogGroupName(v string) *ExportTask {
-	s.LogGroupName = &v
+// SetMetricFilterCount sets the MetricFilterCount field's value.
+func (s *LogGroup) SetMetricFilterCount(v int64) *LogGroup {
+	s.MetricFilterCount = &v
 	return s
 }
 
-// SetStatus sets the Status field's value.
-func (s *ExportTask) SetStatus(v *ExportTaskStatus) *ExportTask {
-	s.Status = v
+// SetRetentionInDays sets the RetentionInDays field's value.
+func (s *LogGroup) SetRetentionInDays(v int64) *LogGroup {
+	s.RetentionInDays = &v
 	return s
 }
 
-// SetTaskId sets the TaskId field's value.
-func (s *ExportTask) SetTaskId(v string) *ExportTask {
-	s.TaskId = &v
+// SetStoredBytes sets the StoredBytes field's value.
+func (s *LogGroup) SetStoredBytes(v int64) *LogGroup {
+	s.StoredBytes = &v
 	return s
 }
 
-// SetTaskName sets the TaskName field's value.
-func (s *ExportTask) SetTaskName(v string) *ExportTask {
-	s.TaskName = &v
+// The fields contained in log events found by a GetLogGroupFields operation,
+// along with the percentage of queried log events in which each field appears.
+type LogGroupField struct {
+	_ struct{} `type:"structure"`
+
+	// The name of a log field.
+	Name *string `locationName:"name" type:"string"`
+
+	// The percentage of log events queried that contained the field.
+	Percent *int64 `locationName:"percent" type:"integer"`
+}
+
+// String returns the string representation
+func (s LogGroupField) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s LogGroupField) GoString() string {
+	return s.String()
+}
+
+// SetName sets the Name field's value.
+func (s *LogGroupField) SetName(v string) *LogGroupField {
+	s.Name = &v
 	return s
 }
 
-// SetTo sets the To field's value.
-func (s *ExportTask) SetTo(v int64) *ExportTask {
-	s.To = &v
+// SetPercent sets the Percent field's value.
+func (s *LogGroupField) SetPercent(v int64) *LogGroupField {
+	s.Percent = &v
 	return s
 }
 
-// Represents the status of an export task.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ExportTaskExecutionInfo
-type ExportTaskExecutionInfo struct {
+// Represents a log stream, which is a sequence of log events from a single
+// emitter of logs.
+type LogStream struct {
 	_ struct{} `type:"structure"`
 
-	// The completion time of the export task, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC.
-	CompletionTime *int64 `locationName:"completionTime" type:"long"`
+	// The Amazon Resource Name (ARN) of the log stream.
+	Arn *string `locationName:"arn" type:"string"`
 
-	// The creation time of the export task, expressed as the number of milliseconds
+	// The creation time of the stream, expressed as the number of milliseconds
 	// after Jan 1, 1970 00:00:00 UTC.
 	CreationTime *int64 `locationName:"creationTime" type:"long"`
+
+	// The time of the first event, expressed as the number of milliseconds after
+	// Jan 1, 1970 00:00:00 UTC.
+	FirstEventTimestamp *int64 `locationName:"firstEventTimestamp" type:"long"`
+
+	// The time of the most recent log event in the log stream in CloudWatch Logs.
+	// This number is expressed as the number of milliseconds after Jan 1, 1970
+	// 00:00:00 UTC. The lastEventTime value updates on an eventual consistency
+	// basis. It typically updates in less than an hour from ingestion, but may
+	// take longer in some rare situations.
+	LastEventTimestamp *int64 `locationName:"lastEventTimestamp" type:"long"`
+
+	// The ingestion time, expressed as the number of milliseconds after Jan 1,
+	// 1970 00:00:00 UTC.
+	LastIngestionTime *int64 `locationName:"lastIngestionTime" type:"long"`
+
+	// The name of the log stream.
+	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"`
+
+	// The number of bytes stored.
+	//
+	// IMPORTANT:On June 17, 2019, this parameter was deprecated for log streams,
+	// and is always reported as zero. This change applies only to log streams.
+	// The storedBytes parameter for log groups is not affected.
+	//
+	// Deprecated: Starting on June 17, 2019, this parameter will be deprecated for log streams, and will be reported as zero. This change applies only to log streams. The storedBytes parameter for log groups is not affected.
+	StoredBytes *int64 `locationName:"storedBytes" deprecated:"true" type:"long"`
+
+	// The sequence token.
+	UploadSequenceToken *string `locationName:"uploadSequenceToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s ExportTaskExecutionInfo) String() string {
+func (s LogStream) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s ExportTaskExecutionInfo) GoString() string {
+func (s LogStream) GoString() string {
 	return s.String()
 }
 
-// SetCompletionTime sets the CompletionTime field's value.
-func (s *ExportTaskExecutionInfo) SetCompletionTime(v int64) *ExportTaskExecutionInfo {
-	s.CompletionTime = &v
+// SetArn sets the Arn field's value.
+func (s *LogStream) SetArn(v string) *LogStream {
+	s.Arn = &v
 	return s
 }
 
 // SetCreationTime sets the CreationTime field's value.
-func (s *ExportTaskExecutionInfo) SetCreationTime(v int64) *ExportTaskExecutionInfo {
+func (s *LogStream) SetCreationTime(v int64) *LogStream {
 	s.CreationTime = &v
 	return s
 }
 
-// Represents the status of an export task.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ExportTaskStatus
-type ExportTaskStatus struct {
-	_ struct{} `type:"structure"`
-
-	// The status code of the export task.
-	Code *string `locationName:"code" type:"string" enum:"ExportTaskStatusCode"`
+// SetFirstEventTimestamp sets the FirstEventTimestamp field's value.
+func (s *LogStream) SetFirstEventTimestamp(v int64) *LogStream {
+	s.FirstEventTimestamp = &v
+	return s
+}
 
-	// The status message related to the status code.
-	Message *string `locationName:"message" type:"string"`
+// SetLastEventTimestamp sets the LastEventTimestamp field's value.
+func (s *LogStream) SetLastEventTimestamp(v int64) *LogStream {
+	s.LastEventTimestamp = &v
+	return s
 }
 
-// String returns the string representation
-func (s ExportTaskStatus) String() string {
-	return awsutil.Prettify(s)
+// SetLastIngestionTime sets the LastIngestionTime field's value.
+func (s *LogStream) SetLastIngestionTime(v int64) *LogStream {
+	s.LastIngestionTime = &v
+	return s
 }
 
-// GoString returns the string representation
-func (s ExportTaskStatus) GoString() string {
-	return s.String()
+// SetLogStreamName sets the LogStreamName field's value.
+func (s *LogStream) SetLogStreamName(v string) *LogStream {
+	s.LogStreamName = &v
+	return s
 }
 
-// SetCode sets the Code field's value.
-func (s *ExportTaskStatus) SetCode(v string) *ExportTaskStatus {
-	s.Code = &v
+// SetStoredBytes sets the StoredBytes field's value.
+func (s *LogStream) SetStoredBytes(v int64) *LogStream {
+	s.StoredBytes = &v
 	return s
 }
 
-// SetMessage sets the Message field's value.
-func (s *ExportTaskStatus) SetMessage(v string) *ExportTaskStatus {
-	s.Message = &v
+// SetUploadSequenceToken sets the UploadSequenceToken field's value.
+func (s *LogStream) SetUploadSequenceToken(v string) *LogStream {
+	s.UploadSequenceToken = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FilterLogEventsRequest
-type FilterLogEventsInput struct {
-	_ struct{} `type:"structure"`
-
-	// The end of the time range, expressed as the number of milliseconds after
-	// Jan 1, 1970 00:00:00 UTC. Events with a time stamp later than this time are
-	// not returned.
-	EndTime *int64 `locationName:"endTime" type:"long"`
-
-	// The filter pattern to use. If not provided, all the events are matched.
-	FilterPattern *string `locationName:"filterPattern" type:"string"`
-
-	// If the value is true, the operation makes a best effort to provide responses
-	// that contain events from multiple log streams within the log group, interleaved
-	// in a single response. If the value is false, all the matched log events in
-	// the first log stream are searched first, then those in the next log stream,
-	// and so on. The default is false.
-	Interleaved *bool `locationName:"interleaved" type:"boolean"`
-
-	// The maximum number of events to return. The default is 10,000 events.
-	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
-
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
-
-	// Optional list of log stream names.
-	LogStreamNames []*string `locationName:"logStreamNames" min:"1" type:"list"`
+// The query string is not valid. Details about this error are displayed in
+// a QueryCompileError object. For more information, see .
+//
+// For more information about valid query syntax, see CloudWatch Logs Insights
+// Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).
+type MalformedQueryException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
 
-	// The token for the next set of events to return. (You received this token
-	// from a previous call.)
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	Message_ *string `locationName:"message" type:"string"`
 
-	// The start of the time range, expressed as the number of milliseconds after
-	// Jan 1, 1970 00:00:00 UTC. Events with a time stamp before this time are not
-	// returned.
-	StartTime *int64 `locationName:"startTime" type:"long"`
+	// Reserved.
+	QueryCompileError *QueryCompileError `locationName:"queryCompileError" type:"structure"`
 }
 
 // String returns the string representation
-func (s FilterLogEventsInput) String() string {
+func (s MalformedQueryException) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s FilterLogEventsInput) GoString() string {
+func (s MalformedQueryException) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *FilterLogEventsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "FilterLogEventsInput"}
-	if s.Limit != nil && *s.Limit < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
-	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.LogStreamNames != nil && len(s.LogStreamNames) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogStreamNames", 1))
-	}
-	if s.NextToken != nil && len(*s.NextToken) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
+func newErrorMalformedQueryException(v protocol.ResponseMetadata) error {
+	return &MalformedQueryException{
+		respMetadata: v,
 	}
-	return nil
 }
 
-// SetEndTime sets the EndTime field's value.
-func (s *FilterLogEventsInput) SetEndTime(v int64) *FilterLogEventsInput {
-	s.EndTime = &v
-	return s
+// Code returns the exception type name.
+func (s MalformedQueryException) Code() string {
+	return "MalformedQueryException"
 }
 
-// SetFilterPattern sets the FilterPattern field's value.
-func (s *FilterLogEventsInput) SetFilterPattern(v string) *FilterLogEventsInput {
-	s.FilterPattern = &v
-	return s
+// Message returns the exception's message.
+func (s MalformedQueryException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
 }
 
-// SetInterleaved sets the Interleaved field's value.
-func (s *FilterLogEventsInput) SetInterleaved(v bool) *FilterLogEventsInput {
-	s.Interleaved = &v
-	return s
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s MalformedQueryException) OrigErr() error {
+	return nil
 }
 
-// SetLimit sets the Limit field's value.
-func (s *FilterLogEventsInput) SetLimit(v int64) *FilterLogEventsInput {
-	s.Limit = &v
-	return s
+func (s MalformedQueryException) Error() string {
+	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *FilterLogEventsInput) SetLogGroupName(v string) *FilterLogEventsInput {
-	s.LogGroupName = &v
-	return s
+// Status code returns the HTTP status code for the request's response error.
+func (s MalformedQueryException) StatusCode() int {
+	return s.respMetadata.StatusCode
 }
 
-// SetLogStreamNames sets the LogStreamNames field's value.
-func (s *FilterLogEventsInput) SetLogStreamNames(v []*string) *FilterLogEventsInput {
-	s.LogStreamNames = v
-	return s
+// RequestID returns the service's response RequestID for request.
+func (s MalformedQueryException) RequestID() string {
+	return s.respMetadata.RequestID
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *FilterLogEventsInput) SetNextToken(v string) *FilterLogEventsInput {
-	s.NextToken = &v
-	return s
-}
+// Metric filters express how CloudWatch Logs would extract metric observations
+// from ingested log events and transform them into metric data in a CloudWatch
+// metric.
+type MetricFilter struct {
+	_ struct{} `type:"structure"`
 
-// SetStartTime sets the StartTime field's value.
-func (s *FilterLogEventsInput) SetStartTime(v int64) *FilterLogEventsInput {
-	s.StartTime = &v
-	return s
-}
+	// The creation time of the metric filter, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC.
+	CreationTime *int64 `locationName:"creationTime" type:"long"`
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FilterLogEventsResponse
-type FilterLogEventsOutput struct {
-	_ struct{} `type:"structure"`
+	// The name of the metric filter.
+	FilterName *string `locationName:"filterName" min:"1" type:"string"`
 
-	// The matched events.
-	Events []*FilteredLogEvent `locationName:"events" type:"list"`
+	// A symbolic description of how CloudWatch Logs should interpret the data in
+	// each log event. For example, a log event may contain timestamps, IP addresses,
+	// strings, and so on. You use the filter pattern to specify what to look for
+	// in the log event message.
+	FilterPattern *string `locationName:"filterPattern" type:"string"`
 
-	// The token to use when requesting the next set of items. The token expires
-	// after 24 hours.
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
+	// The name of the log group.
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
 
-	// Indicates which log streams have been searched and whether each has been
-	// searched completely.
-	SearchedLogStreams []*SearchedLogStream `locationName:"searchedLogStreams" type:"list"`
+	// The metric transformations.
+	MetricTransformations []*MetricTransformation `locationName:"metricTransformations" min:"1" type:"list"`
 }
 
 // String returns the string representation
-func (s FilterLogEventsOutput) String() string {
+func (s MetricFilter) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s FilterLogEventsOutput) GoString() string {
+func (s MetricFilter) GoString() string {
 	return s.String()
 }
 
-// SetEvents sets the Events field's value.
-func (s *FilterLogEventsOutput) SetEvents(v []*FilteredLogEvent) *FilterLogEventsOutput {
-	s.Events = v
+// SetCreationTime sets the CreationTime field's value.
+func (s *MetricFilter) SetCreationTime(v int64) *MetricFilter {
+	s.CreationTime = &v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *FilterLogEventsOutput) SetNextToken(v string) *FilterLogEventsOutput {
-	s.NextToken = &v
+// SetFilterName sets the FilterName field's value.
+func (s *MetricFilter) SetFilterName(v string) *MetricFilter {
+	s.FilterName = &v
 	return s
 }
 
-// SetSearchedLogStreams sets the SearchedLogStreams field's value.
-func (s *FilterLogEventsOutput) SetSearchedLogStreams(v []*SearchedLogStream) *FilterLogEventsOutput {
-	s.SearchedLogStreams = v
+// SetFilterPattern sets the FilterPattern field's value.
+func (s *MetricFilter) SetFilterPattern(v string) *MetricFilter {
+	s.FilterPattern = &v
 	return s
 }
 
-// Represents a matched event.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FilteredLogEvent
-type FilteredLogEvent struct {
-	_ struct{} `type:"structure"`
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *MetricFilter) SetLogGroupName(v string) *MetricFilter {
+	s.LogGroupName = &v
+	return s
+}
 
-	// The ID of the event.
-	EventId *string `locationName:"eventId" type:"string"`
+// SetMetricTransformations sets the MetricTransformations field's value.
+func (s *MetricFilter) SetMetricTransformations(v []*MetricTransformation) *MetricFilter {
+	s.MetricTransformations = v
+	return s
+}
 
-	// The time the event was ingested, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC.
-	IngestionTime *int64 `locationName:"ingestionTime" type:"long"`
+// Represents a matched event.
+type MetricFilterMatchRecord struct {
+	_ struct{} `type:"structure"`
 
-	// The name of the log stream this event belongs to.
-	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"`
+	// The raw event data.
+	EventMessage *string `locationName:"eventMessage" min:"1" type:"string"`
 
-	// The data contained in the log event.
-	Message *string `locationName:"message" min:"1" type:"string"`
+	// The event number.
+	EventNumber *int64 `locationName:"eventNumber" type:"long"`
 
-	// The time the event occurred, expressed as the number of milliseconds after
-	// Jan 1, 1970 00:00:00 UTC.
-	Timestamp *int64 `locationName:"timestamp" type:"long"`
+	// The values extracted from the event data by the filter.
+	ExtractedValues map[string]*string `locationName:"extractedValues" type:"map"`
 }
 
 // String returns the string representation
-func (s FilteredLogEvent) String() string {
+func (s MetricFilterMatchRecord) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s FilteredLogEvent) GoString() string {
+func (s MetricFilterMatchRecord) GoString() string {
 	return s.String()
 }
 
-// SetEventId sets the EventId field's value.
-func (s *FilteredLogEvent) SetEventId(v string) *FilteredLogEvent {
-	s.EventId = &v
-	return s
-}
-
-// SetIngestionTime sets the IngestionTime field's value.
-func (s *FilteredLogEvent) SetIngestionTime(v int64) *FilteredLogEvent {
-	s.IngestionTime = &v
-	return s
-}
-
-// SetLogStreamName sets the LogStreamName field's value.
-func (s *FilteredLogEvent) SetLogStreamName(v string) *FilteredLogEvent {
-	s.LogStreamName = &v
+// SetEventMessage sets the EventMessage field's value.
+func (s *MetricFilterMatchRecord) SetEventMessage(v string) *MetricFilterMatchRecord {
+	s.EventMessage = &v
 	return s
 }
 
-// SetMessage sets the Message field's value.
-func (s *FilteredLogEvent) SetMessage(v string) *FilteredLogEvent {
-	s.Message = &v
+// SetEventNumber sets the EventNumber field's value.
+func (s *MetricFilterMatchRecord) SetEventNumber(v int64) *MetricFilterMatchRecord {
+	s.EventNumber = &v
 	return s
 }
 
-// SetTimestamp sets the Timestamp field's value.
-func (s *FilteredLogEvent) SetTimestamp(v int64) *FilteredLogEvent {
-	s.Timestamp = &v
+// SetExtractedValues sets the ExtractedValues field's value.
+func (s *MetricFilterMatchRecord) SetExtractedValues(v map[string]*string) *MetricFilterMatchRecord {
+	s.ExtractedValues = v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogEventsRequest
-type GetLogEventsInput struct {
+// Indicates how to transform ingested log events to metric data in a CloudWatch
+// metric.
+type MetricTransformation struct {
 	_ struct{} `type:"structure"`
 
-	// The end of the time range, expressed as the number of milliseconds after
-	// Jan 1, 1970 00:00:00 UTC. Events with a time stamp later than this time are
-	// not included.
-	EndTime *int64 `locationName:"endTime" type:"long"`
-
-	// The maximum number of log events returned. If you don't specify a value,
-	// the maximum is as many log events as can fit in a response size of 1 MB,
-	// up to 10,000 log events.
-	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
+	// (Optional) The value to emit when a filter pattern does not match a log event.
+	// This value can be null.
+	DefaultValue *float64 `locationName:"defaultValue" type:"double"`
 
-	// The name of the log group.
+	// The name of the CloudWatch metric.
 	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// MetricName is a required field
+	MetricName *string `locationName:"metricName" type:"string" required:"true"`
 
-	// The name of the log stream.
+	// The namespace of the CloudWatch metric.
 	//
-	// LogStreamName is a required field
-	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"`
-
-	// The token for the next set of items to return. (You received this token from
-	// a previous call.)
-	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
-
-	// If the value is true, the earliest log events are returned first. If the
-	// value is false, the latest log events are returned first. The default value
-	// is false.
-	StartFromHead *bool `locationName:"startFromHead" type:"boolean"`
+	// MetricNamespace is a required field
+	MetricNamespace *string `locationName:"metricNamespace" type:"string" required:"true"`
 
-	// The start of the time range, expressed as the number of milliseconds after
-	// Jan 1, 1970 00:00:00 UTC. Events with a time stamp earlier than this time
-	// are not included.
-	StartTime *int64 `locationName:"startTime" type:"long"`
+	// The value to publish to the CloudWatch metric when a filter pattern matches
+	// a log event.
+	//
+	// MetricValue is a required field
+	MetricValue *string `locationName:"metricValue" type:"string" required:"true"`
 }
 
 // String returns the string representation
-func (s GetLogEventsInput) String() string {
+func (s MetricTransformation) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s GetLogEventsInput) GoString() string {
+func (s MetricTransformation) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *GetLogEventsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetLogEventsInput"}
-	if s.Limit != nil && *s.Limit < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
-	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.LogStreamName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogStreamName"))
+func (s *MetricTransformation) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "MetricTransformation"}
+	if s.MetricName == nil {
+		invalidParams.Add(request.NewErrParamRequired("MetricName"))
 	}
-	if s.LogStreamName != nil && len(*s.LogStreamName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1))
+	if s.MetricNamespace == nil {
+		invalidParams.Add(request.NewErrParamRequired("MetricNamespace"))
 	}
-	if s.NextToken != nil && len(*s.NextToken) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+	if s.MetricValue == nil {
+		invalidParams.Add(request.NewErrParamRequired("MetricValue"))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -5713,131 +7569,180 @@ func (s *GetLogEventsInput) Validate() error {
 	return nil
 }
 
-// SetEndTime sets the EndTime field's value.
-func (s *GetLogEventsInput) SetEndTime(v int64) *GetLogEventsInput {
-	s.EndTime = &v
+// SetDefaultValue sets the DefaultValue field's value.
+func (s *MetricTransformation) SetDefaultValue(v float64) *MetricTransformation {
+	s.DefaultValue = &v
 	return s
 }
 
-// SetLimit sets the Limit field's value.
-func (s *GetLogEventsInput) SetLimit(v int64) *GetLogEventsInput {
-	s.Limit = &v
+// SetMetricName sets the MetricName field's value.
+func (s *MetricTransformation) SetMetricName(v string) *MetricTransformation {
+	s.MetricName = &v
 	return s
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *GetLogEventsInput) SetLogGroupName(v string) *GetLogEventsInput {
-	s.LogGroupName = &v
+// SetMetricNamespace sets the MetricNamespace field's value.
+func (s *MetricTransformation) SetMetricNamespace(v string) *MetricTransformation {
+	s.MetricNamespace = &v
 	return s
 }
 
-// SetLogStreamName sets the LogStreamName field's value.
-func (s *GetLogEventsInput) SetLogStreamName(v string) *GetLogEventsInput {
-	s.LogStreamName = &v
+// SetMetricValue sets the MetricValue field's value.
+func (s *MetricTransformation) SetMetricValue(v string) *MetricTransformation {
+	s.MetricValue = &v
 	return s
 }
 
-// SetNextToken sets the NextToken field's value.
-func (s *GetLogEventsInput) SetNextToken(v string) *GetLogEventsInput {
-	s.NextToken = &v
-	return s
+// Multiple requests to update the same resource were in conflict.
+type OperationAbortedException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
+
+	Message_ *string `locationName:"message" type:"string"`
 }
 
-// SetStartFromHead sets the StartFromHead field's value.
-func (s *GetLogEventsInput) SetStartFromHead(v bool) *GetLogEventsInput {
-	s.StartFromHead = &v
-	return s
+// String returns the string representation
+func (s OperationAbortedException) String() string {
+	return awsutil.Prettify(s)
 }
 
-// SetStartTime sets the StartTime field's value.
-func (s *GetLogEventsInput) SetStartTime(v int64) *GetLogEventsInput {
-	s.StartTime = &v
-	return s
+// GoString returns the string representation
+func (s OperationAbortedException) GoString() string {
+	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogEventsResponse
-type GetLogEventsOutput struct {
+func newErrorOperationAbortedException(v protocol.ResponseMetadata) error {
+	return &OperationAbortedException{
+		respMetadata: v,
+	}
+}
+
+// Code returns the exception type name.
+func (s OperationAbortedException) Code() string {
+	return "OperationAbortedException"
+}
+
+// Message returns the exception's message.
+func (s OperationAbortedException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s OperationAbortedException) OrigErr() error {
+	return nil
+}
+
+func (s OperationAbortedException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s OperationAbortedException) StatusCode() int {
+	return s.respMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s OperationAbortedException) RequestID() string {
+	return s.respMetadata.RequestID
+}
+
+// Represents a log event.
+type OutputLogEvent struct {
 	_ struct{} `type:"structure"`
 
-	// The events.
-	Events []*OutputLogEvent `locationName:"events" type:"list"`
+	// The time the event was ingested, expressed as the number of milliseconds
+	// after Jan 1, 1970 00:00:00 UTC.
+	IngestionTime *int64 `locationName:"ingestionTime" type:"long"`
 
-	// The token for the next set of items in the backward direction. The token
-	// expires after 24 hours.
-	NextBackwardToken *string `locationName:"nextBackwardToken" min:"1" type:"string"`
+	// The data contained in the log event.
+	Message *string `locationName:"message" min:"1" type:"string"`
 
-	// The token for the next set of items in the forward direction. The token expires
-	// after 24 hours.
-	NextForwardToken *string `locationName:"nextForwardToken" min:"1" type:"string"`
+	// The time the event occurred, expressed as the number of milliseconds after
+	// Jan 1, 1970 00:00:00 UTC.
+	Timestamp *int64 `locationName:"timestamp" type:"long"`
 }
 
 // String returns the string representation
-func (s GetLogEventsOutput) String() string {
+func (s OutputLogEvent) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s GetLogEventsOutput) GoString() string {
+func (s OutputLogEvent) GoString() string {
 	return s.String()
 }
 
-// SetEvents sets the Events field's value.
-func (s *GetLogEventsOutput) SetEvents(v []*OutputLogEvent) *GetLogEventsOutput {
-	s.Events = v
+// SetIngestionTime sets the IngestionTime field's value.
+func (s *OutputLogEvent) SetIngestionTime(v int64) *OutputLogEvent {
+	s.IngestionTime = &v
 	return s
 }
 
-// SetNextBackwardToken sets the NextBackwardToken field's value.
-func (s *GetLogEventsOutput) SetNextBackwardToken(v string) *GetLogEventsOutput {
-	s.NextBackwardToken = &v
+// SetMessage sets the Message field's value.
+func (s *OutputLogEvent) SetMessage(v string) *OutputLogEvent {
+	s.Message = &v
 	return s
 }
 
-// SetNextForwardToken sets the NextForwardToken field's value.
-func (s *GetLogEventsOutput) SetNextForwardToken(v string) *GetLogEventsOutput {
-	s.NextForwardToken = &v
+// SetTimestamp sets the Timestamp field's value.
+func (s *OutputLogEvent) SetTimestamp(v int64) *OutputLogEvent {
+	s.Timestamp = &v
 	return s
 }
 
-// Represents a log event, which is a record of activity that was recorded by
-// the application or resource being monitored.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/InputLogEvent
-type InputLogEvent struct {
+type PutDestinationInput struct {
 	_ struct{} `type:"structure"`
 
-	// The raw event message.
+	// A name for the destination.
 	//
-	// Message is a required field
-	Message *string `locationName:"message" min:"1" type:"string" required:"true"`
+	// DestinationName is a required field
+	DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"`
 
-	// The time the event occurred, expressed as the number of milliseconds fter
-	// Jan 1, 1970 00:00:00 UTC.
+	// The ARN of an IAM role that grants CloudWatch Logs permissions to call the
+	// Amazon Kinesis PutRecord operation on the destination stream.
 	//
-	// Timestamp is a required field
-	Timestamp *int64 `locationName:"timestamp" type:"long" required:"true"`
+	// RoleArn is a required field
+	RoleArn *string `locationName:"roleArn" min:"1" type:"string" required:"true"`
+
+	// The ARN of an Amazon Kinesis stream to which to deliver matching log events.
+	//
+	// TargetArn is a required field
+	TargetArn *string `locationName:"targetArn" min:"1" type:"string" required:"true"`
 }
 
 // String returns the string representation
-func (s InputLogEvent) String() string {
+func (s PutDestinationInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s InputLogEvent) GoString() string {
+func (s PutDestinationInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *InputLogEvent) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "InputLogEvent"}
-	if s.Message == nil {
-		invalidParams.Add(request.NewErrParamRequired("Message"))
+func (s *PutDestinationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutDestinationInput"}
+	if s.DestinationName == nil {
+		invalidParams.Add(request.NewErrParamRequired("DestinationName"))
 	}
-	if s.Message != nil && len(*s.Message) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Message", 1))
+	if s.DestinationName != nil && len(*s.DestinationName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1))
 	}
-	if s.Timestamp == nil {
-		invalidParams.Add(request.NewErrParamRequired("Timestamp"))
+	if s.RoleArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+	}
+	if s.RoleArn != nil && len(*s.RoleArn) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1))
+	}
+	if s.TargetArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("TargetArn"))
+	}
+	if s.TargetArn != nil && len(*s.TargetArn) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TargetArn", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -5846,46 +7751,86 @@ func (s *InputLogEvent) Validate() error {
 	return nil
 }
 
-// SetMessage sets the Message field's value.
-func (s *InputLogEvent) SetMessage(v string) *InputLogEvent {
-	s.Message = &v
+// SetDestinationName sets the DestinationName field's value.
+func (s *PutDestinationInput) SetDestinationName(v string) *PutDestinationInput {
+	s.DestinationName = &v
 	return s
 }
 
-// SetTimestamp sets the Timestamp field's value.
-func (s *InputLogEvent) SetTimestamp(v int64) *InputLogEvent {
-	s.Timestamp = &v
+// SetRoleArn sets the RoleArn field's value.
+func (s *PutDestinationInput) SetRoleArn(v string) *PutDestinationInput {
+	s.RoleArn = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroupRequest
-type ListTagsLogGroupInput struct {
+// SetTargetArn sets the TargetArn field's value.
+func (s *PutDestinationInput) SetTargetArn(v string) *PutDestinationInput {
+	s.TargetArn = &v
+	return s
+}
+
+type PutDestinationOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the log group.
+	// The destination.
+	Destination *Destination `locationName:"destination" type:"structure"`
+}
+
+// String returns the string representation
+func (s PutDestinationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutDestinationOutput) GoString() string {
+	return s.String()
+}
+
+// SetDestination sets the Destination field's value.
+func (s *PutDestinationOutput) SetDestination(v *Destination) *PutDestinationOutput {
+	s.Destination = v
+	return s
+}
+
+type PutDestinationPolicyInput struct {
+	_ struct{} `type:"structure"`
+
+	// An IAM policy document that authorizes cross-account users to deliver their
+	// log events to the associated destination.
 	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// AccessPolicy is a required field
+	AccessPolicy *string `locationName:"accessPolicy" min:"1" type:"string" required:"true"`
+
+	// A name for an existing destination.
+	//
+	// DestinationName is a required field
+	DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"`
 }
 
 // String returns the string representation
-func (s ListTagsLogGroupInput) String() string {
+func (s PutDestinationPolicyInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s ListTagsLogGroupInput) GoString() string {
+func (s PutDestinationPolicyInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *ListTagsLogGroupInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListTagsLogGroupInput"}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+func (s *PutDestinationPolicyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutDestinationPolicyInput"}
+	if s.AccessPolicy == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccessPolicy"))
 	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	if s.AccessPolicy != nil && len(*s.AccessPolicy) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("AccessPolicy", 1))
+	}
+	if s.DestinationName == nil {
+		invalidParams.Add(request.NewErrParamRequired("DestinationName"))
+	}
+	if s.DestinationName != nil && len(*s.DestinationName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -5894,372 +7839,393 @@ func (s *ListTagsLogGroupInput) Validate() error {
 	return nil
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *ListTagsLogGroupInput) SetLogGroupName(v string) *ListTagsLogGroupInput {
-	s.LogGroupName = &v
+// SetAccessPolicy sets the AccessPolicy field's value.
+func (s *PutDestinationPolicyInput) SetAccessPolicy(v string) *PutDestinationPolicyInput {
+	s.AccessPolicy = &v
+	return s
+}
+
+// SetDestinationName sets the DestinationName field's value.
+func (s *PutDestinationPolicyInput) SetDestinationName(v string) *PutDestinationPolicyInput {
+	s.DestinationName = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroupResponse
-type ListTagsLogGroupOutput struct {
+type PutDestinationPolicyOutput struct {
 	_ struct{} `type:"structure"`
-
-	// The tags for the log group.
-	Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
 }
 
 // String returns the string representation
-func (s ListTagsLogGroupOutput) String() string {
+func (s PutDestinationPolicyOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s ListTagsLogGroupOutput) GoString() string {
+func (s PutDestinationPolicyOutput) GoString() string {
 	return s.String()
 }
 
-// SetTags sets the Tags field's value.
-func (s *ListTagsLogGroupOutput) SetTags(v map[string]*string) *ListTagsLogGroupOutput {
-	s.Tags = v
-	return s
-}
-
-// Represents a log group.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/LogGroup
-type LogGroup struct {
+type PutLogEventsInput struct {
 	_ struct{} `type:"structure"`
 
-	// The Amazon Resource Name (ARN) of the log group.
-	Arn *string `locationName:"arn" type:"string"`
-
-	// The creation time of the log group, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC.
-	CreationTime *int64 `locationName:"creationTime" type:"long"`
-
-	// The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
-	KmsKeyId *string `locationName:"kmsKeyId" type:"string"`
+	// The log events.
+	//
+	// LogEvents is a required field
+	LogEvents []*InputLogEvent `locationName:"logEvents" min:"1" type:"list" required:"true"`
 
 	// The name of the log group.
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
-
-	// The number of metric filters.
-	MetricFilterCount *int64 `locationName:"metricFilterCount" type:"integer"`
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
 
-	// The number of days to retain the log events in the specified log group. Possible
-	// values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731,
-	// 1827, and 3653.
-	RetentionInDays *int64 `locationName:"retentionInDays" type:"integer"`
+	// The name of the log stream.
+	//
+	// LogStreamName is a required field
+	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"`
 
-	// The number of bytes stored.
-	StoredBytes *int64 `locationName:"storedBytes" type:"long"`
+	// The sequence token obtained from the response of the previous PutLogEvents
+	// call. An upload in a newly created log stream does not require a sequence
+	// token. You can also get the sequence token using DescribeLogStreams. If you
+	// call PutLogEvents twice within a narrow time period using the same value
+	// for sequenceToken, both calls may be successful, or one may be rejected.
+	SequenceToken *string `locationName:"sequenceToken" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s LogGroup) String() string {
+func (s PutLogEventsInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s LogGroup) GoString() string {
+func (s PutLogEventsInput) GoString() string {
 	return s.String()
 }
 
-// SetArn sets the Arn field's value.
-func (s *LogGroup) SetArn(v string) *LogGroup {
-	s.Arn = &v
-	return s
-}
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutLogEventsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutLogEventsInput"}
+	if s.LogEvents == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogEvents"))
+	}
+	if s.LogEvents != nil && len(s.LogEvents) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogEvents", 1))
+	}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+	if s.LogStreamName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogStreamName"))
+	}
+	if s.LogStreamName != nil && len(*s.LogStreamName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1))
+	}
+	if s.SequenceToken != nil && len(*s.SequenceToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("SequenceToken", 1))
+	}
+	if s.LogEvents != nil {
+		for i, v := range s.LogEvents {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "LogEvents", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
 
-// SetCreationTime sets the CreationTime field's value.
-func (s *LogGroup) SetCreationTime(v int64) *LogGroup {
-	s.CreationTime = &v
-	return s
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
 }
 
-// SetKmsKeyId sets the KmsKeyId field's value.
-func (s *LogGroup) SetKmsKeyId(v string) *LogGroup {
-	s.KmsKeyId = &v
+// SetLogEvents sets the LogEvents field's value.
+func (s *PutLogEventsInput) SetLogEvents(v []*InputLogEvent) *PutLogEventsInput {
+	s.LogEvents = v
 	return s
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *LogGroup) SetLogGroupName(v string) *LogGroup {
+func (s *PutLogEventsInput) SetLogGroupName(v string) *PutLogEventsInput {
 	s.LogGroupName = &v
 	return s
 }
 
-// SetMetricFilterCount sets the MetricFilterCount field's value.
-func (s *LogGroup) SetMetricFilterCount(v int64) *LogGroup {
-	s.MetricFilterCount = &v
-	return s
-}
-
-// SetRetentionInDays sets the RetentionInDays field's value.
-func (s *LogGroup) SetRetentionInDays(v int64) *LogGroup {
-	s.RetentionInDays = &v
+// SetLogStreamName sets the LogStreamName field's value.
+func (s *PutLogEventsInput) SetLogStreamName(v string) *PutLogEventsInput {
+	s.LogStreamName = &v
 	return s
 }
 
-// SetStoredBytes sets the StoredBytes field's value.
-func (s *LogGroup) SetStoredBytes(v int64) *LogGroup {
-	s.StoredBytes = &v
+// SetSequenceToken sets the SequenceToken field's value.
+func (s *PutLogEventsInput) SetSequenceToken(v string) *PutLogEventsInput {
+	s.SequenceToken = &v
 	return s
 }
 
-// Represents a log stream, which is a sequence of log events from a single
-// emitter of logs.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/LogStream
-type LogStream struct {
+type PutLogEventsOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The Amazon Resource Name (ARN) of the log stream.
-	Arn *string `locationName:"arn" type:"string"`
-
-	// The creation time of the stream, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC.
-	CreationTime *int64 `locationName:"creationTime" type:"long"`
-
-	// The time of the first event, expressed as the number of milliseconds after
-	// Jan 1, 1970 00:00:00 UTC.
-	FirstEventTimestamp *int64 `locationName:"firstEventTimestamp" type:"long"`
-
-	// the time of the most recent log event in the log stream in CloudWatch Logs.
-	// This number is expressed as the number of milliseconds after Jan 1, 1970
-	// 00:00:00 UTC. lastEventTime updates on an eventual consistency basis. It
-	// typically updates in less than an hour from ingestion, but may take longer
-	// in some rare situations.
-	LastEventTimestamp *int64 `locationName:"lastEventTimestamp" type:"long"`
-
-	// The ingestion time, expressed as the number of milliseconds after Jan 1,
-	// 1970 00:00:00 UTC.
-	LastIngestionTime *int64 `locationName:"lastIngestionTime" type:"long"`
-
-	// The name of the log stream.
-	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"`
-
-	// The number of bytes stored.
-	StoredBytes *int64 `locationName:"storedBytes" type:"long"`
+	// The next sequence token.
+	NextSequenceToken *string `locationName:"nextSequenceToken" min:"1" type:"string"`
 
-	// The sequence token.
-	UploadSequenceToken *string `locationName:"uploadSequenceToken" min:"1" type:"string"`
+	// The rejected events.
+	RejectedLogEventsInfo *RejectedLogEventsInfo `locationName:"rejectedLogEventsInfo" type:"structure"`
 }
 
 // String returns the string representation
-func (s LogStream) String() string {
+func (s PutLogEventsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s LogStream) GoString() string {
+func (s PutLogEventsOutput) GoString() string {
 	return s.String()
 }
 
-// SetArn sets the Arn field's value.
-func (s *LogStream) SetArn(v string) *LogStream {
-	s.Arn = &v
-	return s
-}
-
-// SetCreationTime sets the CreationTime field's value.
-func (s *LogStream) SetCreationTime(v int64) *LogStream {
-	s.CreationTime = &v
-	return s
-}
-
-// SetFirstEventTimestamp sets the FirstEventTimestamp field's value.
-func (s *LogStream) SetFirstEventTimestamp(v int64) *LogStream {
-	s.FirstEventTimestamp = &v
-	return s
-}
-
-// SetLastEventTimestamp sets the LastEventTimestamp field's value.
-func (s *LogStream) SetLastEventTimestamp(v int64) *LogStream {
-	s.LastEventTimestamp = &v
-	return s
-}
-
-// SetLastIngestionTime sets the LastIngestionTime field's value.
-func (s *LogStream) SetLastIngestionTime(v int64) *LogStream {
-	s.LastIngestionTime = &v
-	return s
-}
-
-// SetLogStreamName sets the LogStreamName field's value.
-func (s *LogStream) SetLogStreamName(v string) *LogStream {
-	s.LogStreamName = &v
-	return s
-}
-
-// SetStoredBytes sets the StoredBytes field's value.
-func (s *LogStream) SetStoredBytes(v int64) *LogStream {
-	s.StoredBytes = &v
+// SetNextSequenceToken sets the NextSequenceToken field's value.
+func (s *PutLogEventsOutput) SetNextSequenceToken(v string) *PutLogEventsOutput {
+	s.NextSequenceToken = &v
 	return s
 }
 
-// SetUploadSequenceToken sets the UploadSequenceToken field's value.
-func (s *LogStream) SetUploadSequenceToken(v string) *LogStream {
-	s.UploadSequenceToken = &v
+// SetRejectedLogEventsInfo sets the RejectedLogEventsInfo field's value.
+func (s *PutLogEventsOutput) SetRejectedLogEventsInfo(v *RejectedLogEventsInfo) *PutLogEventsOutput {
+	s.RejectedLogEventsInfo = v
 	return s
 }
 
-// Metric filters express how CloudWatch Logs would extract metric observations
-// from ingested log events and transform them into metric data in a CloudWatch
-// metric.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/MetricFilter
-type MetricFilter struct {
+type PutMetricFilterInput struct {
 	_ struct{} `type:"structure"`
 
-	// The creation time of the metric filter, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC.
-	CreationTime *int64 `locationName:"creationTime" type:"long"`
-
-	// The name of the metric filter.
-	FilterName *string `locationName:"filterName" min:"1" type:"string"`
+	// A name for the metric filter.
+	//
+	// FilterName is a required field
+	FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"`
 
-	// A symbolic description of how CloudWatch Logs should interpret the data in
-	// each log event. For example, a log event may contain time stamps, IP addresses,
-	// strings, and so on. You use the filter pattern to specify what to look for
-	// in the log event message.
-	FilterPattern *string `locationName:"filterPattern" type:"string"`
+	// A filter pattern for extracting metric data out of ingested log events.
+	//
+	// FilterPattern is a required field
+	FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"`
 
 	// The name of the log group.
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
+	//
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
 
-	// The metric transformations.
-	MetricTransformations []*MetricTransformation `locationName:"metricTransformations" min:"1" type:"list"`
+	// A collection of information that defines how metric data gets emitted.
+	//
+	// MetricTransformations is a required field
+	MetricTransformations []*MetricTransformation `locationName:"metricTransformations" min:"1" type:"list" required:"true"`
 }
 
 // String returns the string representation
-func (s MetricFilter) String() string {
+func (s PutMetricFilterInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s MetricFilter) GoString() string {
+func (s PutMetricFilterInput) GoString() string {
 	return s.String()
 }
 
-// SetCreationTime sets the CreationTime field's value.
-func (s *MetricFilter) SetCreationTime(v int64) *MetricFilter {
-	s.CreationTime = &v
-	return s
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutMetricFilterInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutMetricFilterInput"}
+	if s.FilterName == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterName"))
+	}
+	if s.FilterName != nil && len(*s.FilterName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("FilterName", 1))
+	}
+	if s.FilterPattern == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterPattern"))
+	}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+	if s.MetricTransformations == nil {
+		invalidParams.Add(request.NewErrParamRequired("MetricTransformations"))
+	}
+	if s.MetricTransformations != nil && len(s.MetricTransformations) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("MetricTransformations", 1))
+	}
+	if s.MetricTransformations != nil {
+		for i, v := range s.MetricTransformations {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "MetricTransformations", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
 }
 
 // SetFilterName sets the FilterName field's value.
-func (s *MetricFilter) SetFilterName(v string) *MetricFilter {
+func (s *PutMetricFilterInput) SetFilterName(v string) *PutMetricFilterInput {
 	s.FilterName = &v
 	return s
 }
 
 // SetFilterPattern sets the FilterPattern field's value.
-func (s *MetricFilter) SetFilterPattern(v string) *MetricFilter {
+func (s *PutMetricFilterInput) SetFilterPattern(v string) *PutMetricFilterInput {
 	s.FilterPattern = &v
 	return s
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *MetricFilter) SetLogGroupName(v string) *MetricFilter {
+func (s *PutMetricFilterInput) SetLogGroupName(v string) *PutMetricFilterInput {
 	s.LogGroupName = &v
 	return s
 }
 
 // SetMetricTransformations sets the MetricTransformations field's value.
-func (s *MetricFilter) SetMetricTransformations(v []*MetricTransformation) *MetricFilter {
+func (s *PutMetricFilterInput) SetMetricTransformations(v []*MetricTransformation) *PutMetricFilterInput {
 	s.MetricTransformations = v
 	return s
 }
 
-// Represents a matched event.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/MetricFilterMatchRecord
-type MetricFilterMatchRecord struct {
+type PutMetricFilterOutput struct {
 	_ struct{} `type:"structure"`
+}
 
-	// The raw event data.
-	EventMessage *string `locationName:"eventMessage" min:"1" type:"string"`
+// String returns the string representation
+func (s PutMetricFilterOutput) String() string {
+	return awsutil.Prettify(s)
+}
 
-	// The event number.
-	EventNumber *int64 `locationName:"eventNumber" type:"long"`
+// GoString returns the string representation
+func (s PutMetricFilterOutput) GoString() string {
+	return s.String()
+}
 
-	// The values extracted from the event data by the filter.
-	ExtractedValues map[string]*string `locationName:"extractedValues" type:"map"`
+type PutResourcePolicyInput struct {
+	_ struct{} `type:"structure"`
+
+	// Details of the new policy, including the identity of the principal that is
+	// enabled to put logs to this account. This is formatted as a JSON string.
+	// This parameter is required.
+	//
+	// The following example creates a resource policy enabling the Route 53 service
+	// to put DNS query logs in to the specified log group. Replace "logArn" with
+	// the ARN of your CloudWatch Logs resource, such as a log group or log stream.
+	//
+	// { "Version": "2012-10-17", "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs",
+	// "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ]
+	// }, "Action":"logs:PutLogEvents", "Resource": "logArn" } ] }
+	PolicyDocument *string `locationName:"policyDocument" min:"1" type:"string"`
+
+	// Name of the new policy. This parameter is required.
+	PolicyName *string `locationName:"policyName" type:"string"`
 }
 
 // String returns the string representation
-func (s MetricFilterMatchRecord) String() string {
+func (s PutResourcePolicyInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s MetricFilterMatchRecord) GoString() string {
+func (s PutResourcePolicyInput) GoString() string {
 	return s.String()
 }
 
-// SetEventMessage sets the EventMessage field's value.
-func (s *MetricFilterMatchRecord) SetEventMessage(v string) *MetricFilterMatchRecord {
-	s.EventMessage = &v
-	return s
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutResourcePolicyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"}
+	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
 }
 
-// SetEventNumber sets the EventNumber field's value.
-func (s *MetricFilterMatchRecord) SetEventNumber(v int64) *MetricFilterMatchRecord {
-	s.EventNumber = &v
+// SetPolicyDocument sets the PolicyDocument field's value.
+func (s *PutResourcePolicyInput) SetPolicyDocument(v string) *PutResourcePolicyInput {
+	s.PolicyDocument = &v
 	return s
 }
 
-// SetExtractedValues sets the ExtractedValues field's value.
-func (s *MetricFilterMatchRecord) SetExtractedValues(v map[string]*string) *MetricFilterMatchRecord {
-	s.ExtractedValues = v
+// SetPolicyName sets the PolicyName field's value.
+func (s *PutResourcePolicyInput) SetPolicyName(v string) *PutResourcePolicyInput {
+	s.PolicyName = &v
 	return s
 }
 
-// Indicates how to transform ingested log events in to metric data in a CloudWatch
-// metric.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/MetricTransformation
-type MetricTransformation struct {
+type PutResourcePolicyOutput struct {
 	_ struct{} `type:"structure"`
 
-	// (Optional) The value to emit when a filter pattern does not match a log event.
-	// This value can be null.
-	DefaultValue *float64 `locationName:"defaultValue" type:"double"`
+	// The new policy.
+	ResourcePolicy *ResourcePolicy `locationName:"resourcePolicy" type:"structure"`
+}
 
-	// The name of the CloudWatch metric.
-	//
-	// MetricName is a required field
-	MetricName *string `locationName:"metricName" type:"string" required:"true"`
+// String returns the string representation
+func (s PutResourcePolicyOutput) String() string {
+	return awsutil.Prettify(s)
+}
 
-	// The namespace of the CloudWatch metric.
+// GoString returns the string representation
+func (s PutResourcePolicyOutput) GoString() string {
+	return s.String()
+}
+
+// SetResourcePolicy sets the ResourcePolicy field's value.
+func (s *PutResourcePolicyOutput) SetResourcePolicy(v *ResourcePolicy) *PutResourcePolicyOutput {
+	s.ResourcePolicy = v
+	return s
+}
+
+type PutRetentionPolicyInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the log group.
 	//
-	// MetricNamespace is a required field
-	MetricNamespace *string `locationName:"metricNamespace" type:"string" required:"true"`
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
 
-	// The value to publish to the CloudWatch metric when a filter pattern matches
-	// a log event.
+	// The number of days to retain the log events in the specified log group. Possible
+	// values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731,
+	// 1827, and 3653.
 	//
-	// MetricValue is a required field
-	MetricValue *string `locationName:"metricValue" type:"string" required:"true"`
+	// RetentionInDays is a required field
+	RetentionInDays *int64 `locationName:"retentionInDays" type:"integer" required:"true"`
 }
 
 // String returns the string representation
-func (s MetricTransformation) String() string {
+func (s PutRetentionPolicyInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s MetricTransformation) GoString() string {
+func (s PutRetentionPolicyInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *MetricTransformation) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "MetricTransformation"}
-	if s.MetricName == nil {
-		invalidParams.Add(request.NewErrParamRequired("MetricName"))
+func (s *PutRetentionPolicyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutRetentionPolicyInput"}
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
 	}
-	if s.MetricNamespace == nil {
-		invalidParams.Add(request.NewErrParamRequired("MetricNamespace"))
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
 	}
-	if s.MetricValue == nil {
-		invalidParams.Add(request.NewErrParamRequired("MetricValue"))
+	if s.RetentionInDays == nil {
+		invalidParams.Add(request.NewErrParamRequired("RetentionInDays"))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -6268,126 +8234,120 @@ func (s *MetricTransformation) Validate() error {
 	return nil
 }
 
-// SetDefaultValue sets the DefaultValue field's value.
-func (s *MetricTransformation) SetDefaultValue(v float64) *MetricTransformation {
-	s.DefaultValue = &v
-	return s
-}
-
-// SetMetricName sets the MetricName field's value.
-func (s *MetricTransformation) SetMetricName(v string) *MetricTransformation {
-	s.MetricName = &v
-	return s
-}
-
-// SetMetricNamespace sets the MetricNamespace field's value.
-func (s *MetricTransformation) SetMetricNamespace(v string) *MetricTransformation {
-	s.MetricNamespace = &v
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *PutRetentionPolicyInput) SetLogGroupName(v string) *PutRetentionPolicyInput {
+	s.LogGroupName = &v
 	return s
 }
 
-// SetMetricValue sets the MetricValue field's value.
-func (s *MetricTransformation) SetMetricValue(v string) *MetricTransformation {
-	s.MetricValue = &v
+// SetRetentionInDays sets the RetentionInDays field's value.
+func (s *PutRetentionPolicyInput) SetRetentionInDays(v int64) *PutRetentionPolicyInput {
+	s.RetentionInDays = &v
 	return s
 }
 
-// Represents a log event.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OutputLogEvent
-type OutputLogEvent struct {
+type PutRetentionPolicyOutput struct {
 	_ struct{} `type:"structure"`
-
-	// The time the event was ingested, expressed as the number of milliseconds
-	// after Jan 1, 1970 00:00:00 UTC.
-	IngestionTime *int64 `locationName:"ingestionTime" type:"long"`
-
-	// The data contained in the log event.
-	Message *string `locationName:"message" min:"1" type:"string"`
-
-	// The time the event occurred, expressed as the number of milliseconds after
-	// Jan 1, 1970 00:00:00 UTC.
-	Timestamp *int64 `locationName:"timestamp" type:"long"`
 }
 
 // String returns the string representation
-func (s OutputLogEvent) String() string {
+func (s PutRetentionPolicyOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s OutputLogEvent) GoString() string {
+func (s PutRetentionPolicyOutput) GoString() string {
 	return s.String()
 }
 
-// SetIngestionTime sets the IngestionTime field's value.
-func (s *OutputLogEvent) SetIngestionTime(v int64) *OutputLogEvent {
-	s.IngestionTime = &v
-	return s
-}
-
-// SetMessage sets the Message field's value.
-func (s *OutputLogEvent) SetMessage(v string) *OutputLogEvent {
-	s.Message = &v
-	return s
-}
+type PutSubscriptionFilterInput struct {
+	_ struct{} `type:"structure"`
 
-// SetTimestamp sets the Timestamp field's value.
-func (s *OutputLogEvent) SetTimestamp(v int64) *OutputLogEvent {
-	s.Timestamp = &v
-	return s
-}
+	// The ARN of the destination to deliver matching log events to. Currently,
+	// the supported destinations are:
+	//
+	//    * An Amazon Kinesis stream belonging to the same account as the subscription
+	//    filter, for same-account delivery.
+	//
+	//    * A logical destination (specified using an ARN) belonging to a different
+	//    account, for cross-account delivery.
+	//
+	//    * An Amazon Kinesis Firehose delivery stream belonging to the same account
+	//    as the subscription filter, for same-account delivery.
+	//
+	//    * An AWS Lambda function belonging to the same account as the subscription
+	//    filter, for same-account delivery.
+	//
+	// DestinationArn is a required field
+	DestinationArn *string `locationName:"destinationArn" min:"1" type:"string" required:"true"`
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationRequest
-type PutDestinationInput struct {
-	_ struct{} `type:"structure"`
+	// The method used to distribute log data to the destination. By default log
+	// data is grouped by log stream, but the grouping can be set to random for
+	// a more even distribution. This property is only applicable when the destination
+	// is an Amazon Kinesis stream.
+	Distribution *string `locationName:"distribution" type:"string" enum:"Distribution"`
 
-	// A name for the destination.
+	// A name for the subscription filter. If you are updating an existing filter,
+	// you must specify the correct name in filterName. Otherwise, the call fails
+	// because you cannot associate a second filter with a log group. To find the
+	// name of the filter currently associated with a log group, use DescribeSubscriptionFilters.
 	//
-	// DestinationName is a required field
-	DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"`
+	// FilterName is a required field
+	FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"`
 
-	// The ARN of an IAM role that grants CloudWatch Logs permissions to call the
-	// Amazon Kinesis PutRecord operation on the destination stream.
+	// A filter pattern for subscribing to a filtered stream of log events.
 	//
-	// RoleArn is a required field
-	RoleArn *string `locationName:"roleArn" min:"1" type:"string" required:"true"`
+	// FilterPattern is a required field
+	FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"`
 
-	// The ARN of an Amazon Kinesis stream to which to deliver matching log events.
+	// The name of the log group.
 	//
-	// TargetArn is a required field
-	TargetArn *string `locationName:"targetArn" min:"1" type:"string" required:"true"`
+	// LogGroupName is a required field
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+
+	// The ARN of an IAM role that grants CloudWatch Logs permissions to deliver
+	// ingested log events to the destination stream. You don't need to provide
+	// the ARN when you are working with a logical destination for cross-account
+	// delivery.
+	RoleArn *string `locationName:"roleArn" min:"1" type:"string"`
 }
 
 // String returns the string representation
-func (s PutDestinationInput) String() string {
+func (s PutSubscriptionFilterInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutDestinationInput) GoString() string {
+func (s PutSubscriptionFilterInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *PutDestinationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutDestinationInput"}
-	if s.DestinationName == nil {
-		invalidParams.Add(request.NewErrParamRequired("DestinationName"))
+func (s *PutSubscriptionFilterInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutSubscriptionFilterInput"}
+	if s.DestinationArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("DestinationArn"))
 	}
-	if s.DestinationName != nil && len(*s.DestinationName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1))
+	if s.DestinationArn != nil && len(*s.DestinationArn) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("DestinationArn", 1))
 	}
-	if s.RoleArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+	if s.FilterName == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterName"))
 	}
-	if s.RoleArn != nil && len(*s.RoleArn) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1))
+	if s.FilterName != nil && len(*s.FilterName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("FilterName", 1))
 	}
-	if s.TargetArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("TargetArn"))
+	if s.FilterPattern == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterPattern"))
 	}
-	if s.TargetArn != nil && len(*s.TargetArn) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("TargetArn", 1))
+	if s.LogGroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	}
+	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
+	}
+	if s.RoleArn != nil && len(*s.RoleArn) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -6396,614 +8356,617 @@ func (s *PutDestinationInput) Validate() error {
 	return nil
 }
 
-// SetDestinationName sets the DestinationName field's value.
-func (s *PutDestinationInput) SetDestinationName(v string) *PutDestinationInput {
-	s.DestinationName = &v
+// SetDestinationArn sets the DestinationArn field's value.
+func (s *PutSubscriptionFilterInput) SetDestinationArn(v string) *PutSubscriptionFilterInput {
+	s.DestinationArn = &v
 	return s
 }
 
-// SetRoleArn sets the RoleArn field's value.
-func (s *PutDestinationInput) SetRoleArn(v string) *PutDestinationInput {
-	s.RoleArn = &v
+// SetDistribution sets the Distribution field's value.
+func (s *PutSubscriptionFilterInput) SetDistribution(v string) *PutSubscriptionFilterInput {
+	s.Distribution = &v
 	return s
 }
 
-// SetTargetArn sets the TargetArn field's value.
-func (s *PutDestinationInput) SetTargetArn(v string) *PutDestinationInput {
-	s.TargetArn = &v
+// SetFilterName sets the FilterName field's value.
+func (s *PutSubscriptionFilterInput) SetFilterName(v string) *PutSubscriptionFilterInput {
+	s.FilterName = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationResponse
-type PutDestinationOutput struct {
-	_ struct{} `type:"structure"`
+// SetFilterPattern sets the FilterPattern field's value.
+func (s *PutSubscriptionFilterInput) SetFilterPattern(v string) *PutSubscriptionFilterInput {
+	s.FilterPattern = &v
+	return s
+}
 
-	// The destination.
-	Destination *Destination `locationName:"destination" type:"structure"`
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *PutSubscriptionFilterInput) SetLogGroupName(v string) *PutSubscriptionFilterInput {
+	s.LogGroupName = &v
+	return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *PutSubscriptionFilterInput) SetRoleArn(v string) *PutSubscriptionFilterInput {
+	s.RoleArn = &v
+	return s
+}
+
+type PutSubscriptionFilterOutput struct {
+	_ struct{} `type:"structure"`
 }
 
 // String returns the string representation
-func (s PutDestinationOutput) String() string {
+func (s PutSubscriptionFilterOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutDestinationOutput) GoString() string {
+func (s PutSubscriptionFilterOutput) GoString() string {
 	return s.String()
 }
 
-// SetDestination sets the Destination field's value.
-func (s *PutDestinationOutput) SetDestination(v *Destination) *PutDestinationOutput {
-	s.Destination = v
-	return s
-}
-
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicyRequest
-type PutDestinationPolicyInput struct {
+// Reserved.
+type QueryCompileError struct {
 	_ struct{} `type:"structure"`
 
-	// An IAM policy document that authorizes cross-account users to deliver their
-	// log events to the associated destination.
-	//
-	// AccessPolicy is a required field
-	AccessPolicy *string `locationName:"accessPolicy" min:"1" type:"string" required:"true"`
+	// Reserved.
+	Location *QueryCompileErrorLocation `locationName:"location" type:"structure"`
 
-	// A name for an existing destination.
-	//
-	// DestinationName is a required field
-	DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"`
+	// Reserved.
+	Message *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s PutDestinationPolicyInput) String() string {
+func (s QueryCompileError) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutDestinationPolicyInput) GoString() string {
+func (s QueryCompileError) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutDestinationPolicyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutDestinationPolicyInput"}
-	if s.AccessPolicy == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccessPolicy"))
-	}
-	if s.AccessPolicy != nil && len(*s.AccessPolicy) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("AccessPolicy", 1))
-	}
-	if s.DestinationName == nil {
-		invalidParams.Add(request.NewErrParamRequired("DestinationName"))
-	}
-	if s.DestinationName != nil && len(*s.DestinationName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessPolicy sets the AccessPolicy field's value.
-func (s *PutDestinationPolicyInput) SetAccessPolicy(v string) *PutDestinationPolicyInput {
-	s.AccessPolicy = &v
+// SetLocation sets the Location field's value.
+func (s *QueryCompileError) SetLocation(v *QueryCompileErrorLocation) *QueryCompileError {
+	s.Location = v
 	return s
 }
 
-// SetDestinationName sets the DestinationName field's value.
-func (s *PutDestinationPolicyInput) SetDestinationName(v string) *PutDestinationPolicyInput {
-	s.DestinationName = &v
+// SetMessage sets the Message field's value.
+func (s *QueryCompileError) SetMessage(v string) *QueryCompileError {
+	s.Message = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicyOutput
-type PutDestinationPolicyOutput struct {
+// Reserved.
+type QueryCompileErrorLocation struct {
 	_ struct{} `type:"structure"`
+
+	// Reserved.
+	EndCharOffset *int64 `locationName:"endCharOffset" type:"integer"`
+
+	// Reserved.
+	StartCharOffset *int64 `locationName:"startCharOffset" type:"integer"`
 }
 
 // String returns the string representation
-func (s PutDestinationPolicyOutput) String() string {
+func (s QueryCompileErrorLocation) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutDestinationPolicyOutput) GoString() string {
+func (s QueryCompileErrorLocation) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEventsRequest
-type PutLogEventsInput struct {
+// SetEndCharOffset sets the EndCharOffset field's value.
+func (s *QueryCompileErrorLocation) SetEndCharOffset(v int64) *QueryCompileErrorLocation {
+	s.EndCharOffset = &v
+	return s
+}
+
+// SetStartCharOffset sets the StartCharOffset field's value.
+func (s *QueryCompileErrorLocation) SetStartCharOffset(v int64) *QueryCompileErrorLocation {
+	s.StartCharOffset = &v
+	return s
+}
+
+// Information about one CloudWatch Logs Insights query that matches the request
+// in a DescribeQueries operation.
+type QueryInfo struct {
 	_ struct{} `type:"structure"`
 
-	// The log events.
-	//
-	// LogEvents is a required field
-	LogEvents []*InputLogEvent `locationName:"logEvents" min:"1" type:"list" required:"true"`
+	// The date and time that this query was created.
+	CreateTime *int64 `locationName:"createTime" type:"long"`
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// The name of the log group scanned by this query.
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
 
-	// The name of the log stream.
-	//
-	// LogStreamName is a required field
-	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"`
+	// The unique ID number of this query.
+	QueryId *string `locationName:"queryId" type:"string"`
 
-	// The sequence token obtained from the response of the previous PutLogEvents
-	// call. An upload in a newly created log stream does not require a sequence
-	// token. You can also get the sequence token using DescribeLogStreams. If you
-	// call PutLogEvents twice within a narrow time period using the same value
-	// for sequenceToken, both calls may be successful, or one may be rejected.
-	SequenceToken *string `locationName:"sequenceToken" min:"1" type:"string"`
+	// The query string used in this query.
+	QueryString *string `locationName:"queryString" type:"string"`
+
+	// The status of this query. Possible values are Cancelled, Complete, Failed,
+	// Running, Scheduled, and Unknown.
+	Status *string `locationName:"status" type:"string" enum:"QueryStatus"`
 }
 
 // String returns the string representation
-func (s PutLogEventsInput) String() string {
+func (s QueryInfo) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutLogEventsInput) GoString() string {
+func (s QueryInfo) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutLogEventsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutLogEventsInput"}
-	if s.LogEvents == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogEvents"))
-	}
-	if s.LogEvents != nil && len(s.LogEvents) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogEvents", 1))
-	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.LogStreamName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogStreamName"))
-	}
-	if s.LogStreamName != nil && len(*s.LogStreamName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1))
-	}
-	if s.SequenceToken != nil && len(*s.SequenceToken) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("SequenceToken", 1))
-	}
-	if s.LogEvents != nil {
-		for i, v := range s.LogEvents {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "LogEvents", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
+// SetCreateTime sets the CreateTime field's value.
+func (s *QueryInfo) SetCreateTime(v int64) *QueryInfo {
+	s.CreateTime = &v
+	return s
 }
 
-// SetLogEvents sets the LogEvents field's value.
-func (s *PutLogEventsInput) SetLogEvents(v []*InputLogEvent) *PutLogEventsInput {
-	s.LogEvents = v
+// SetLogGroupName sets the LogGroupName field's value.
+func (s *QueryInfo) SetLogGroupName(v string) *QueryInfo {
+	s.LogGroupName = &v
 	return s
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *PutLogEventsInput) SetLogGroupName(v string) *PutLogEventsInput {
-	s.LogGroupName = &v
+// SetQueryId sets the QueryId field's value.
+func (s *QueryInfo) SetQueryId(v string) *QueryInfo {
+	s.QueryId = &v
 	return s
 }
 
-// SetLogStreamName sets the LogStreamName field's value.
-func (s *PutLogEventsInput) SetLogStreamName(v string) *PutLogEventsInput {
-	s.LogStreamName = &v
+// SetQueryString sets the QueryString field's value.
+func (s *QueryInfo) SetQueryString(v string) *QueryInfo {
+	s.QueryString = &v
 	return s
 }
 
-// SetSequenceToken sets the SequenceToken field's value.
-func (s *PutLogEventsInput) SetSequenceToken(v string) *PutLogEventsInput {
-	s.SequenceToken = &v
+// SetStatus sets the Status field's value.
+func (s *QueryInfo) SetStatus(v string) *QueryInfo {
+	s.Status = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEventsResponse
-type PutLogEventsOutput struct {
+// Contains the number of log events scanned by the query, the number of log
+// events that matched the query criteria, and the total number of bytes in
+// the log events that were scanned.
+type QueryStatistics struct {
 	_ struct{} `type:"structure"`
 
-	// The next sequence token.
-	NextSequenceToken *string `locationName:"nextSequenceToken" min:"1" type:"string"`
+	// The total number of bytes in the log events scanned during the query.
+	BytesScanned *float64 `locationName:"bytesScanned" type:"double"`
 
-	// The rejected events.
-	RejectedLogEventsInfo *RejectedLogEventsInfo `locationName:"rejectedLogEventsInfo" type:"structure"`
+	// The number of log events that matched the query string.
+	RecordsMatched *float64 `locationName:"recordsMatched" type:"double"`
+
+	// The total number of log events scanned during the query.
+	RecordsScanned *float64 `locationName:"recordsScanned" type:"double"`
 }
 
 // String returns the string representation
-func (s PutLogEventsOutput) String() string {
+func (s QueryStatistics) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutLogEventsOutput) GoString() string {
+func (s QueryStatistics) GoString() string {
 	return s.String()
 }
 
-// SetNextSequenceToken sets the NextSequenceToken field's value.
-func (s *PutLogEventsOutput) SetNextSequenceToken(v string) *PutLogEventsOutput {
-	s.NextSequenceToken = &v
+// SetBytesScanned sets the BytesScanned field's value.
+func (s *QueryStatistics) SetBytesScanned(v float64) *QueryStatistics {
+	s.BytesScanned = &v
 	return s
 }
 
-// SetRejectedLogEventsInfo sets the RejectedLogEventsInfo field's value.
-func (s *PutLogEventsOutput) SetRejectedLogEventsInfo(v *RejectedLogEventsInfo) *PutLogEventsOutput {
-	s.RejectedLogEventsInfo = v
+// SetRecordsMatched sets the RecordsMatched field's value.
+func (s *QueryStatistics) SetRecordsMatched(v float64) *QueryStatistics {
+	s.RecordsMatched = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilterRequest
-type PutMetricFilterInput struct {
+// SetRecordsScanned sets the RecordsScanned field's value.
+func (s *QueryStatistics) SetRecordsScanned(v float64) *QueryStatistics {
+	s.RecordsScanned = &v
+	return s
+}
+
+// Represents the rejected events.
+type RejectedLogEventsInfo struct {
 	_ struct{} `type:"structure"`
 
-	// A name for the metric filter.
-	//
-	// FilterName is a required field
-	FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"`
+	// The expired log events.
+	ExpiredLogEventEndIndex *int64 `locationName:"expiredLogEventEndIndex" type:"integer"`
 
-	// A filter pattern for extracting metric data out of ingested log events.
-	//
-	// FilterPattern is a required field
-	FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"`
+	// The log events that are too new.
+	TooNewLogEventStartIndex *int64 `locationName:"tooNewLogEventStartIndex" type:"integer"`
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// The log events that are too old.
+	TooOldLogEventEndIndex *int64 `locationName:"tooOldLogEventEndIndex" type:"integer"`
+}
 
-	// A collection of information that defines how metric data gets emitted.
-	//
-	// MetricTransformations is a required field
-	MetricTransformations []*MetricTransformation `locationName:"metricTransformations" min:"1" type:"list" required:"true"`
+// String returns the string representation
+func (s RejectedLogEventsInfo) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s RejectedLogEventsInfo) GoString() string {
+	return s.String()
+}
+
+// SetExpiredLogEventEndIndex sets the ExpiredLogEventEndIndex field's value.
+func (s *RejectedLogEventsInfo) SetExpiredLogEventEndIndex(v int64) *RejectedLogEventsInfo {
+	s.ExpiredLogEventEndIndex = &v
+	return s
+}
+
+// SetTooNewLogEventStartIndex sets the TooNewLogEventStartIndex field's value.
+func (s *RejectedLogEventsInfo) SetTooNewLogEventStartIndex(v int64) *RejectedLogEventsInfo {
+	s.TooNewLogEventStartIndex = &v
+	return s
+}
+
+// SetTooOldLogEventEndIndex sets the TooOldLogEventEndIndex field's value.
+func (s *RejectedLogEventsInfo) SetTooOldLogEventEndIndex(v int64) *RejectedLogEventsInfo {
+	s.TooOldLogEventEndIndex = &v
+	return s
+}
+
+// The specified resource already exists.
+type ResourceAlreadyExistsException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
+
+	Message_ *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s PutMetricFilterInput) String() string {
+func (s ResourceAlreadyExistsException) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutMetricFilterInput) GoString() string {
+func (s ResourceAlreadyExistsException) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutMetricFilterInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutMetricFilterInput"}
-	if s.FilterName == nil {
-		invalidParams.Add(request.NewErrParamRequired("FilterName"))
-	}
-	if s.FilterName != nil && len(*s.FilterName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("FilterName", 1))
-	}
-	if s.FilterPattern == nil {
-		invalidParams.Add(request.NewErrParamRequired("FilterPattern"))
-	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.MetricTransformations == nil {
-		invalidParams.Add(request.NewErrParamRequired("MetricTransformations"))
-	}
-	if s.MetricTransformations != nil && len(s.MetricTransformations) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("MetricTransformations", 1))
-	}
-	if s.MetricTransformations != nil {
-		for i, v := range s.MetricTransformations {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "MetricTransformations", i), err.(request.ErrInvalidParams))
-			}
-		}
+func newErrorResourceAlreadyExistsException(v protocol.ResponseMetadata) error {
+	return &ResourceAlreadyExistsException{
+		respMetadata: v,
 	}
+}
 
-	if invalidParams.Len() > 0 {
-		return invalidParams
+// Code returns the exception type name.
+func (s ResourceAlreadyExistsException) Code() string {
+	return "ResourceAlreadyExistsException"
+}
+
+// Message returns the exception's message.
+func (s ResourceAlreadyExistsException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
 	}
-	return nil
+	return ""
 }
 
-// SetFilterName sets the FilterName field's value.
-func (s *PutMetricFilterInput) SetFilterName(v string) *PutMetricFilterInput {
-	s.FilterName = &v
-	return s
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s ResourceAlreadyExistsException) OrigErr() error {
+	return nil
 }
 
-// SetFilterPattern sets the FilterPattern field's value.
-func (s *PutMetricFilterInput) SetFilterPattern(v string) *PutMetricFilterInput {
-	s.FilterPattern = &v
-	return s
+func (s ResourceAlreadyExistsException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *PutMetricFilterInput) SetLogGroupName(v string) *PutMetricFilterInput {
-	s.LogGroupName = &v
-	return s
+// Status code returns the HTTP status code for the request's response error.
+func (s ResourceAlreadyExistsException) StatusCode() int {
+	return s.respMetadata.StatusCode
 }
 
-// SetMetricTransformations sets the MetricTransformations field's value.
-func (s *PutMetricFilterInput) SetMetricTransformations(v []*MetricTransformation) *PutMetricFilterInput {
-	s.MetricTransformations = v
-	return s
+// RequestID returns the service's response RequestID for request.
+func (s ResourceAlreadyExistsException) RequestID() string {
+	return s.respMetadata.RequestID
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilterOutput
-type PutMetricFilterOutput struct {
-	_ struct{} `type:"structure"`
+// The specified resource does not exist.
+type ResourceNotFoundException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
+
+	Message_ *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s PutMetricFilterOutput) String() string {
+func (s ResourceNotFoundException) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutMetricFilterOutput) GoString() string {
+func (s ResourceNotFoundException) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicyRequest
-type PutResourcePolicyInput struct {
+func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
+	return &ResourceNotFoundException{
+		respMetadata: v,
+	}
+}
+
+// Code returns the exception type name.
+func (s ResourceNotFoundException) Code() string {
+	return "ResourceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s ResourceNotFoundException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s ResourceNotFoundException) OrigErr() error {
+	return nil
+}
+
+func (s ResourceNotFoundException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s ResourceNotFoundException) StatusCode() int {
+	return s.respMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s ResourceNotFoundException) RequestID() string {
+	return s.respMetadata.RequestID
+}
+
+// A policy enabling one or more entities to put logs to a log group in this
+// account.
+type ResourcePolicy struct {
 	_ struct{} `type:"structure"`
 
-	// Details of the new policy, including the identity of the principal that is
-	// enabled to put logs to this account. This is formatted as a JSON string.
-	//
-	// The following example creates a resource policy enabling the Route 53 service
-	// to put DNS query logs in to the specified log group. Replace "logArn" with
-	// the ARN of your CloudWatch Logs resource, such as a log group or log stream.
-	//
-	// { "Version": "2012-10-17" "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs",
-	// "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ]
-	// }, "Action":"logs:PutLogEvents", "Resource": logArn } ] }
+	// Timestamp showing when this policy was last updated, expressed as the number
+	// of milliseconds after Jan 1, 1970 00:00:00 UTC.
+	LastUpdatedTime *int64 `locationName:"lastUpdatedTime" type:"long"`
+
+	// The details of the policy.
 	PolicyDocument *string `locationName:"policyDocument" min:"1" type:"string"`
 
-	// Name of the new policy. This parameter is required.
+	// The name of the resource policy.
 	PolicyName *string `locationName:"policyName" type:"string"`
 }
 
 // String returns the string representation
-func (s PutResourcePolicyInput) String() string {
+func (s ResourcePolicy) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutResourcePolicyInput) GoString() string {
+func (s ResourcePolicy) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutResourcePolicyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"}
-	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
+// SetLastUpdatedTime sets the LastUpdatedTime field's value.
+func (s *ResourcePolicy) SetLastUpdatedTime(v int64) *ResourcePolicy {
+	s.LastUpdatedTime = &v
+	return s
 }
 
 // SetPolicyDocument sets the PolicyDocument field's value.
-func (s *PutResourcePolicyInput) SetPolicyDocument(v string) *PutResourcePolicyInput {
+func (s *ResourcePolicy) SetPolicyDocument(v string) *ResourcePolicy {
 	s.PolicyDocument = &v
 	return s
 }
 
 // SetPolicyName sets the PolicyName field's value.
-func (s *PutResourcePolicyInput) SetPolicyName(v string) *PutResourcePolicyInput {
+func (s *ResourcePolicy) SetPolicyName(v string) *ResourcePolicy {
 	s.PolicyName = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicyResponse
-type PutResourcePolicyOutput struct {
+// Contains one field from one log event returned by a CloudWatch Logs Insights
+// query, along with the value of that field.
+type ResultField struct {
 	_ struct{} `type:"structure"`
 
-	// The new policy.
-	ResourcePolicy *ResourcePolicy `locationName:"resourcePolicy" type:"structure"`
+	// The log event field.
+	Field *string `locationName:"field" type:"string"`
+
+	// The value of this field.
+	Value *string `locationName:"value" type:"string"`
 }
 
 // String returns the string representation
-func (s PutResourcePolicyOutput) String() string {
+func (s ResultField) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutResourcePolicyOutput) GoString() string {
+func (s ResultField) GoString() string {
 	return s.String()
 }
 
-// SetResourcePolicy sets the ResourcePolicy field's value.
-func (s *PutResourcePolicyOutput) SetResourcePolicy(v *ResourcePolicy) *PutResourcePolicyOutput {
-	s.ResourcePolicy = v
+// SetField sets the Field field's value.
+func (s *ResultField) SetField(v string) *ResultField {
+	s.Field = &v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicyRequest
-type PutRetentionPolicyInput struct {
+// SetValue sets the Value field's value.
+func (s *ResultField) SetValue(v string) *ResultField {
+	s.Value = &v
+	return s
+}
+
+// Represents the search status of a log stream.
+type SearchedLogStream struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the log group.
-	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// The name of the log stream.
+	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"`
 
-	// The number of days to retain the log events in the specified log group. Possible
-	// values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731,
-	// 1827, and 3653.
-	//
-	// RetentionInDays is a required field
-	RetentionInDays *int64 `locationName:"retentionInDays" type:"integer" required:"true"`
+	// Indicates whether all the events in this log stream were searched.
+	SearchedCompletely *bool `locationName:"searchedCompletely" type:"boolean"`
+}
+
+// String returns the string representation
+func (s SearchedLogStream) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s SearchedLogStream) GoString() string {
+	return s.String()
+}
+
+// SetLogStreamName sets the LogStreamName field's value.
+func (s *SearchedLogStream) SetLogStreamName(v string) *SearchedLogStream {
+	s.LogStreamName = &v
+	return s
+}
+
+// SetSearchedCompletely sets the SearchedCompletely field's value.
+func (s *SearchedLogStream) SetSearchedCompletely(v bool) *SearchedLogStream {
+	s.SearchedCompletely = &v
+	return s
+}
+
+// The service cannot complete the request.
+type ServiceUnavailableException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
+
+	Message_ *string `locationName:"message" type:"string"`
 }
 
 // String returns the string representation
-func (s PutRetentionPolicyInput) String() string {
+func (s ServiceUnavailableException) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutRetentionPolicyInput) GoString() string {
+func (s ServiceUnavailableException) GoString() string {
 	return s.String()
 }
 
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutRetentionPolicyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutRetentionPolicyInput"}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
-	}
-	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
-	}
-	if s.RetentionInDays == nil {
-		invalidParams.Add(request.NewErrParamRequired("RetentionInDays"))
+func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error {
+	return &ServiceUnavailableException{
+		respMetadata: v,
 	}
+}
 
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
+// Code returns the exception type name.
+func (s ServiceUnavailableException) Code() string {
+	return "ServiceUnavailableException"
 }
 
-// SetLogGroupName sets the LogGroupName field's value.
-func (s *PutRetentionPolicyInput) SetLogGroupName(v string) *PutRetentionPolicyInput {
-	s.LogGroupName = &v
-	return s
+// Message returns the exception's message.
+func (s ServiceUnavailableException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
 }
 
-// SetRetentionInDays sets the RetentionInDays field's value.
-func (s *PutRetentionPolicyInput) SetRetentionInDays(v int64) *PutRetentionPolicyInput {
-	s.RetentionInDays = &v
-	return s
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s ServiceUnavailableException) OrigErr() error {
+	return nil
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicyOutput
-type PutRetentionPolicyOutput struct {
-	_ struct{} `type:"structure"`
+func (s ServiceUnavailableException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 }
 
-// String returns the string representation
-func (s PutRetentionPolicyOutput) String() string {
-	return awsutil.Prettify(s)
+// Status code returns the HTTP status code for the request's response error.
+func (s ServiceUnavailableException) StatusCode() int {
+	return s.respMetadata.StatusCode
 }
 
-// GoString returns the string representation
-func (s PutRetentionPolicyOutput) GoString() string {
-	return s.String()
+// RequestID returns the service's response RequestID for request.
+func (s ServiceUnavailableException) RequestID() string {
+	return s.respMetadata.RequestID
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilterRequest
-type PutSubscriptionFilterInput struct {
+type StartQueryInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ARN of the destination to deliver matching log events to. Currently,
-	// the supported destinations are:
-	//
-	//    * An Amazon Kinesis stream belonging to the same account as the subscription
-	//    filter, for same-account delivery.
-	//
-	//    * A logical destination (specified using an ARN) belonging to a different
-	//    account, for cross-account delivery.
-	//
-	//    * An Amazon Kinesis Firehose delivery stream belonging to the same account
-	//    as the subscription filter, for same-account delivery.
-	//
-	//    * An AWS Lambda function belonging to the same account as the subscription
-	//    filter, for same-account delivery.
+	// The end of the time range to query. The range is inclusive, so the specified
+	// end time is included in the query. Specified as epoch time, the number of
+	// seconds since January 1, 1970, 00:00:00 UTC.
 	//
-	// DestinationArn is a required field
-	DestinationArn *string `locationName:"destinationArn" min:"1" type:"string" required:"true"`
+	// EndTime is a required field
+	EndTime *int64 `locationName:"endTime" type:"long" required:"true"`
 
-	// The method used to distribute log data to the destination. By default log
-	// data is grouped by log stream, but the grouping can be set to random for
-	// a more even distribution. This property is only applicable when the destination
-	// is an Amazon Kinesis stream.
-	Distribution *string `locationName:"distribution" type:"string" enum:"Distribution"`
+	// The maximum number of log events to return in the query. If the query string
+	// uses the fields command, only the specified fields and their values are returned.
+	// The default is 1000.
+	Limit *int64 `locationName:"limit" min:"1" type:"integer"`
 
-	// A name for the subscription filter. If you are updating an existing filter,
-	// you must specify the correct name in filterName. Otherwise, the call fails
-	// because you cannot associate a second filter with a log group. To find the
-	// name of the filter currently associated with a log group, use DescribeSubscriptionFilters.
+	// The log group on which to perform the query.
 	//
-	// FilterName is a required field
-	FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"`
+	// A StartQuery operation must include a logGroupNames or a logGroupName parameter,
+	// but not both.
+	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"`
 
-	// A filter pattern for subscribing to a filtered stream of log events.
+	// The list of log groups to be queried. You can include up to 20 log groups.
 	//
-	// FilterPattern is a required field
-	FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"`
+	// A StartQuery operation must include a logGroupNames or a logGroupName parameter,
+	// but not both.
+	LogGroupNames []*string `locationName:"logGroupNames" type:"list"`
 
-	// The name of the log group.
+	// The query string to use. For more information, see CloudWatch Logs Insights
+	// Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).
 	//
-	// LogGroupName is a required field
-	LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"`
+	// QueryString is a required field
+	QueryString *string `locationName:"queryString" type:"string" required:"true"`
 
-	// The ARN of an IAM role that grants CloudWatch Logs permissions to deliver
-	// ingested log events to the destination stream. You don't need to provide
-	// the ARN when you are working with a logical destination for cross-account
-	// delivery.
-	RoleArn *string `locationName:"roleArn" min:"1" type:"string"`
+	// The beginning of the time range to query. The range is inclusive, so the
+	// specified start time is included in the query. Specified as epoch time, the
+	// number of seconds since January 1, 1970, 00:00:00 UTC.
+	//
+	// StartTime is a required field
+	StartTime *int64 `locationName:"startTime" type:"long" required:"true"`
 }
 
 // String returns the string representation
-func (s PutSubscriptionFilterInput) String() string {
+func (s StartQueryInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s PutSubscriptionFilterInput) GoString() string {
+func (s StartQueryInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *PutSubscriptionFilterInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutSubscriptionFilterInput"}
-	if s.DestinationArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("DestinationArn"))
-	}
-	if s.DestinationArn != nil && len(*s.DestinationArn) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("DestinationArn", 1))
-	}
-	if s.FilterName == nil {
-		invalidParams.Add(request.NewErrParamRequired("FilterName"))
-	}
-	if s.FilterName != nil && len(*s.FilterName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("FilterName", 1))
-	}
-	if s.FilterPattern == nil {
-		invalidParams.Add(request.NewErrParamRequired("FilterPattern"))
+func (s *StartQueryInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "StartQueryInput"}
+	if s.EndTime == nil {
+		invalidParams.Add(request.NewErrParamRequired("EndTime"))
 	}
-	if s.LogGroupName == nil {
-		invalidParams.Add(request.NewErrParamRequired("LogGroupName"))
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
 	}
 	if s.LogGroupName != nil && len(*s.LogGroupName) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1))
 	}
-	if s.RoleArn != nil && len(*s.RoleArn) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1))
+	if s.QueryString == nil {
+		invalidParams.Add(request.NewErrParamRequired("QueryString"))
+	}
+	if s.StartTime == nil {
+		invalidParams.Add(request.NewErrParamRequired("StartTime"))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -7012,181 +8975,128 @@ func (s *PutSubscriptionFilterInput) Validate() error {
 	return nil
 }
 
-// SetDestinationArn sets the DestinationArn field's value.
-func (s *PutSubscriptionFilterInput) SetDestinationArn(v string) *PutSubscriptionFilterInput {
-	s.DestinationArn = &v
-	return s
-}
-
-// SetDistribution sets the Distribution field's value.
-func (s *PutSubscriptionFilterInput) SetDistribution(v string) *PutSubscriptionFilterInput {
-	s.Distribution = &v
-	return s
-}
-
-// SetFilterName sets the FilterName field's value.
-func (s *PutSubscriptionFilterInput) SetFilterName(v string) *PutSubscriptionFilterInput {
-	s.FilterName = &v
+// SetEndTime sets the EndTime field's value.
+func (s *StartQueryInput) SetEndTime(v int64) *StartQueryInput {
+	s.EndTime = &v
 	return s
 }
 
-// SetFilterPattern sets the FilterPattern field's value.
-func (s *PutSubscriptionFilterInput) SetFilterPattern(v string) *PutSubscriptionFilterInput {
-	s.FilterPattern = &v
+// SetLimit sets the Limit field's value.
+func (s *StartQueryInput) SetLimit(v int64) *StartQueryInput {
+	s.Limit = &v
 	return s
 }
 
 // SetLogGroupName sets the LogGroupName field's value.
-func (s *PutSubscriptionFilterInput) SetLogGroupName(v string) *PutSubscriptionFilterInput {
+func (s *StartQueryInput) SetLogGroupName(v string) *StartQueryInput {
 	s.LogGroupName = &v
 	return s
 }
 
-// SetRoleArn sets the RoleArn field's value.
-func (s *PutSubscriptionFilterInput) SetRoleArn(v string) *PutSubscriptionFilterInput {
-	s.RoleArn = &v
+// SetLogGroupNames sets the LogGroupNames field's value.
+func (s *StartQueryInput) SetLogGroupNames(v []*string) *StartQueryInput {
+	s.LogGroupNames = v
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilterOutput
-type PutSubscriptionFilterOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation
-func (s PutSubscriptionFilterOutput) String() string {
-	return awsutil.Prettify(s)
+// SetQueryString sets the QueryString field's value.
+func (s *StartQueryInput) SetQueryString(v string) *StartQueryInput {
+	s.QueryString = &v
+	return s
 }
 
-// GoString returns the string representation
-func (s PutSubscriptionFilterOutput) GoString() string {
-	return s.String()
+// SetStartTime sets the StartTime field's value.
+func (s *StartQueryInput) SetStartTime(v int64) *StartQueryInput {
+	s.StartTime = &v
+	return s
 }
 
-// Represents the rejected events.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/RejectedLogEventsInfo
-type RejectedLogEventsInfo struct {
+type StartQueryOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The expired log events.
-	ExpiredLogEventEndIndex *int64 `locationName:"expiredLogEventEndIndex" type:"integer"`
-
-	// The log events that are too new.
-	TooNewLogEventStartIndex *int64 `locationName:"tooNewLogEventStartIndex" type:"integer"`
-
-	// The log events that are too old.
-	TooOldLogEventEndIndex *int64 `locationName:"tooOldLogEventEndIndex" type:"integer"`
+	// The unique ID of the query.
+	QueryId *string `locationName:"queryId" type:"string"`
 }
 
 // String returns the string representation
-func (s RejectedLogEventsInfo) String() string {
+func (s StartQueryOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s RejectedLogEventsInfo) GoString() string {
+func (s StartQueryOutput) GoString() string {
 	return s.String()
 }
 
-// SetExpiredLogEventEndIndex sets the ExpiredLogEventEndIndex field's value.
-func (s *RejectedLogEventsInfo) SetExpiredLogEventEndIndex(v int64) *RejectedLogEventsInfo {
-	s.ExpiredLogEventEndIndex = &v
-	return s
-}
-
-// SetTooNewLogEventStartIndex sets the TooNewLogEventStartIndex field's value.
-func (s *RejectedLogEventsInfo) SetTooNewLogEventStartIndex(v int64) *RejectedLogEventsInfo {
-	s.TooNewLogEventStartIndex = &v
-	return s
-}
-
-// SetTooOldLogEventEndIndex sets the TooOldLogEventEndIndex field's value.
-func (s *RejectedLogEventsInfo) SetTooOldLogEventEndIndex(v int64) *RejectedLogEventsInfo {
-	s.TooOldLogEventEndIndex = &v
+// SetQueryId sets the QueryId field's value.
+func (s *StartQueryOutput) SetQueryId(v string) *StartQueryOutput {
+	s.QueryId = &v
 	return s
 }
 
-// A policy enabling one or more entities to put logs to a log group in this
-// account.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ResourcePolicy
-type ResourcePolicy struct {
+type StopQueryInput struct {
 	_ struct{} `type:"structure"`
 
-	// Time stamp showing when this policy was last updated, expressed as the number
-	// of milliseconds after Jan 1, 1970 00:00:00 UTC.
-	LastUpdatedTime *int64 `locationName:"lastUpdatedTime" type:"long"`
-
-	// The details of the policy.
-	PolicyDocument *string `locationName:"policyDocument" min:"1" type:"string"`
-
-	// The name of the resource policy.
-	PolicyName *string `locationName:"policyName" type:"string"`
+	// The ID number of the query to stop. If necessary, you can use DescribeQueries
+	// to find this ID number.
+	//
+	// QueryId is a required field
+	QueryId *string `locationName:"queryId" type:"string" required:"true"`
 }
 
 // String returns the string representation
-func (s ResourcePolicy) String() string {
+func (s StopQueryInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s ResourcePolicy) GoString() string {
+func (s StopQueryInput) GoString() string {
 	return s.String()
 }
 
-// SetLastUpdatedTime sets the LastUpdatedTime field's value.
-func (s *ResourcePolicy) SetLastUpdatedTime(v int64) *ResourcePolicy {
-	s.LastUpdatedTime = &v
-	return s
-}
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StopQueryInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "StopQueryInput"}
+	if s.QueryId == nil {
+		invalidParams.Add(request.NewErrParamRequired("QueryId"))
+	}
 
-// SetPolicyDocument sets the PolicyDocument field's value.
-func (s *ResourcePolicy) SetPolicyDocument(v string) *ResourcePolicy {
-	s.PolicyDocument = &v
-	return s
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
 }
 
-// SetPolicyName sets the PolicyName field's value.
-func (s *ResourcePolicy) SetPolicyName(v string) *ResourcePolicy {
-	s.PolicyName = &v
+// SetQueryId sets the QueryId field's value.
+func (s *StopQueryInput) SetQueryId(v string) *StopQueryInput {
+	s.QueryId = &v
 	return s
 }
 
-// Represents the search status of a log stream.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/SearchedLogStream
-type SearchedLogStream struct {
+type StopQueryOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the log stream.
-	LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"`
-
-	// Indicates whether all the events in this log stream were searched.
-	SearchedCompletely *bool `locationName:"searchedCompletely" type:"boolean"`
+	// This is true if the query was stopped by the StopQuery operation.
+	Success *bool `locationName:"success" type:"boolean"`
 }
 
 // String returns the string representation
-func (s SearchedLogStream) String() string {
+func (s StopQueryOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s SearchedLogStream) GoString() string {
+func (s StopQueryOutput) GoString() string {
 	return s.String()
 }
 
-// SetLogStreamName sets the LogStreamName field's value.
-func (s *SearchedLogStream) SetLogStreamName(v string) *SearchedLogStream {
-	s.LogStreamName = &v
-	return s
-}
-
-// SetSearchedCompletely sets the SearchedCompletely field's value.
-func (s *SearchedLogStream) SetSearchedCompletely(v bool) *SearchedLogStream {
-	s.SearchedCompletely = &v
+// SetSuccess sets the Success field's value.
+func (s *StopQueryOutput) SetSuccess(v bool) *StopQueryOutput {
+	s.Success = &v
 	return s
 }
 
 // Represents a subscription filter.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/SubscriptionFilter
 type SubscriptionFilter struct {
 	_ struct{} `type:"structure"`
 
@@ -7205,7 +9115,7 @@ type SubscriptionFilter struct {
 	FilterName *string `locationName:"filterName" min:"1" type:"string"`
 
 	// A symbolic description of how CloudWatch Logs should interpret the data in
-	// each log event. For example, a log event may contain time stamps, IP addresses,
+	// each log event. For example, a log event may contain timestamps, IP addresses,
 	// strings, and so on. You use the filter pattern to specify what to look for
 	// in the log event message.
 	FilterPattern *string `locationName:"filterPattern" type:"string"`
@@ -7268,7 +9178,6 @@ func (s *SubscriptionFilter) SetRoleArn(v string) *SubscriptionFilter {
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroupRequest
 type TagLogGroupInput struct {
 	_ struct{} `type:"structure"`
 
@@ -7327,7 +9236,6 @@ func (s *TagLogGroupInput) SetTags(v map[string]*string) *TagLogGroupInput {
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroupOutput
 type TagLogGroupOutput struct {
 	_ struct{} `type:"structure"`
 }
@@ -7342,12 +9250,11 @@ func (s TagLogGroupOutput) GoString() string {
 	return s.String()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilterRequest
 type TestMetricFilterInput struct {
 	_ struct{} `type:"structure"`
 
 	// A symbolic description of how CloudWatch Logs should interpret the data in
-	// each log event. For example, a log event may contain time stamps, IP addresses,
+	// each log event. For example, a log event may contain timestamps, IP addresses,
 	// strings, and so on. You use the filter pattern to specify what to look for
 	// in the log event message.
 	//
@@ -7401,7 +9308,6 @@ func (s *TestMetricFilterInput) SetLogEventMessages(v []*string) *TestMetricFilt
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilterResponse
 type TestMetricFilterOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -7425,7 +9331,62 @@ func (s *TestMetricFilterOutput) SetMatches(v []*MetricFilterMatchRecord) *TestM
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroupRequest
+// The most likely cause is an invalid AWS access key ID or secret key.
+type UnrecognizedClientException struct {
+	_            struct{} `type:"structure"`
+	respMetadata protocol.ResponseMetadata
+
+	Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation
+func (s UnrecognizedClientException) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UnrecognizedClientException) GoString() string {
+	return s.String()
+}
+
+func newErrorUnrecognizedClientException(v protocol.ResponseMetadata) error {
+	return &UnrecognizedClientException{
+		respMetadata: v,
+	}
+}
+
+// Code returns the exception type name.
+func (s UnrecognizedClientException) Code() string {
+	return "UnrecognizedClientException"
+}
+
+// Message returns the exception's message.
+func (s UnrecognizedClientException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s UnrecognizedClientException) OrigErr() error {
+	return nil
+}
+
+func (s UnrecognizedClientException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s UnrecognizedClientException) StatusCode() int {
+	return s.respMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s UnrecognizedClientException) RequestID() string {
+	return s.respMetadata.RequestID
+}
+
 type UntagLogGroupInput struct {
 	_ struct{} `type:"structure"`
 
@@ -7484,7 +9445,6 @@ func (s *UntagLogGroupInput) SetTags(v []*string) *UntagLogGroupInput {
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroupOutput
 type UntagLogGroupOutput struct {
 	_ struct{} `type:"structure"`
 }
@@ -7536,3 +9496,20 @@ const (
 	// OrderByLastEventTime is a OrderBy enum value
 	OrderByLastEventTime = "LastEventTime"
 )
+
+const (
+	// QueryStatusScheduled is a QueryStatus enum value
+	QueryStatusScheduled = "Scheduled"
+
+	// QueryStatusRunning is a QueryStatus enum value
+	QueryStatusRunning = "Running"
+
+	// QueryStatusComplete is a QueryStatus enum value
+	QueryStatusComplete = "Complete"
+
+	// QueryStatusFailed is a QueryStatus enum value
+	QueryStatusFailed = "Failed"
+
+	// QueryStatusCancelled is a QueryStatus enum value
+	QueryStatusCancelled = "Cancelled"
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/errors.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/errors.go
index 772141f53a70d..c6e23336d00ac 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/errors.go
@@ -2,6 +2,10 @@
 
 package cloudwatchlogs
 
+import (
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
 const (
 
 	// ErrCodeDataAlreadyAcceptedException for service response error code
@@ -25,7 +29,8 @@ const (
 	// ErrCodeInvalidSequenceTokenException for service response error code
 	// "InvalidSequenceTokenException".
 	//
-	// The sequence token is not valid.
+	// The sequence token is not valid. You can get the correct sequence token in
+	// the expectedSequenceToken field in the InvalidSequenceTokenException message.
 	ErrCodeInvalidSequenceTokenException = "InvalidSequenceTokenException"
 
 	// ErrCodeLimitExceededException for service response error code
@@ -34,6 +39,16 @@ const (
 	// You have reached the maximum number of resources that can be created.
 	ErrCodeLimitExceededException = "LimitExceededException"
 
+	// ErrCodeMalformedQueryException for service response error code
+	// "MalformedQueryException".
+	//
+	// The query string is not valid. Details about this error are displayed in
+	// a QueryCompileError object. For more information, see .
+	//
+	// For more information about valid query syntax, see CloudWatch Logs Insights
+	// Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).
+	ErrCodeMalformedQueryException = "MalformedQueryException"
+
 	// ErrCodeOperationAbortedException for service response error code
 	// "OperationAbortedException".
 	//
@@ -57,4 +72,24 @@ const (
 	//
 	// The service cannot complete the request.
 	ErrCodeServiceUnavailableException = "ServiceUnavailableException"
+
+	// ErrCodeUnrecognizedClientException for service response error code
+	// "UnrecognizedClientException".
+	//
+	// The most likely cause is an invalid AWS access key ID or secret key.
+	ErrCodeUnrecognizedClientException = "UnrecognizedClientException"
 )
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+	"DataAlreadyAcceptedException":   newErrorDataAlreadyAcceptedException,
+	"InvalidOperationException":      newErrorInvalidOperationException,
+	"InvalidParameterException":      newErrorInvalidParameterException,
+	"InvalidSequenceTokenException":  newErrorInvalidSequenceTokenException,
+	"LimitExceededException":         newErrorLimitExceededException,
+	"MalformedQueryException":        newErrorMalformedQueryException,
+	"OperationAbortedException":      newErrorOperationAbortedException,
+	"ResourceAlreadyExistsException": newErrorResourceAlreadyExistsException,
+	"ResourceNotFoundException":      newErrorResourceNotFoundException,
+	"ServiceUnavailableException":    newErrorServiceUnavailableException,
+	"UnrecognizedClientException":    newErrorUnrecognizedClientException,
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/service.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/service.go
index 8e6094d58a5f1..41520eda94688 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/service.go
@@ -8,6 +8,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client/metadata"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/aws/aws-sdk-go/private/protocol"
 	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
 )
 
@@ -29,8 +30,9 @@ var initRequest func(*request.Request)
 
 // Service information constants
 const (
-	ServiceName = "logs"      // Service endpoint prefix API calls made to.
-	EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata.
+	ServiceName = "logs"            // Name of service.
+	EndpointsID = ServiceName       // ID to lookup a service endpoint with.
+	ServiceID   = "CloudWatch Logs" // ServiceID is a unique identifier of a specific service.
 )
 
 // New creates a new instance of the CloudWatchLogs client with a session.
@@ -38,6 +40,8 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
+//     mySession := session.Must(session.NewSession())
+//
 //     // Create a CloudWatchLogs client from just a session.
 //     svc := cloudwatchlogs.New(mySession)
 //
@@ -45,18 +49,20 @@ const (
 //     svc := cloudwatchlogs.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *CloudWatchLogs {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *CloudWatchLogs {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *CloudWatchLogs {
 	svc := &CloudWatchLogs{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
 				ServiceName:   ServiceName,
+				ServiceID:     ServiceID,
 				SigningName:   signingName,
 				SigningRegion: signingRegion,
+				PartitionID:   partitionID,
 				Endpoint:      endpoint,
 				APIVersion:    "2014-03-28",
 				JSONVersion:   "1.1",
@@ -71,7 +77,9 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 	svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
 	svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
 	svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
-	svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(
+		protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+	)
 
 	// Run custom client initialization if present
 	if initClient != nil {
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
index 23f0a06db8abc..7f60d4aa1851e 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -3,10 +3,12 @@
 package sts
 
 import (
+	"fmt"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/request"
 )
 
@@ -14,8 +16,8 @@ const opAssumeRole = "AssumeRole"
 
 // AssumeRoleRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRole operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -54,95 +56,123 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 
 // AssumeRole API operation for AWS Security Token Service.
 //
-// Returns a set of temporary security credentials (consisting of an access
-// key ID, a secret access key, and a security token) that you can use to access
-// AWS resources that you might not normally have access to. Typically, you
-// use AssumeRole for cross-account access or federation. For a comparison of
-// AssumeRole with the other APIs that produce temporary credentials, see Requesting
-// Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// Returns a set of temporary security credentials that you can use to access
+// AWS resources that you might not normally have access to. These temporary
+// credentials consist of an access key ID, a secret access key, and a security
+// token. Typically, you use AssumeRole within your account or for cross-account
+// access. For a comparison of AssumeRole with other API operations that produce
+// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
-// Important: You cannot call AssumeRole by using AWS root account credentials;
-// access is denied. You must use credentials for an IAM user or an IAM role
-// to call AssumeRole.
+// You cannot use AWS account root user credentials to call AssumeRole. You
+// must use credentials for an IAM user or an IAM role to call AssumeRole.
 //
 // For cross-account access, imagine that you own multiple accounts and need
 // to access resources in each account. You could create long-term credentials
 // in each account to access those resources. However, managing all those credentials
 // and remembering which one can access which account can be time consuming.
-// Instead, you can create one set of long-term credentials in one account and
-// then use temporary security credentials to access all the other accounts
+// Instead, you can create one set of long-term credentials in one account.
+// Then use temporary security credentials to access all the other accounts
 // by assuming roles in those accounts. For more information about roles, see
-// IAM Roles (Delegation and Federation) (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html)
+// IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
 // in the IAM User Guide.
 //
-// For federation, you can, for example, grant single sign-on access to the
-// AWS Management Console. If you already have an identity and authentication
-// system in your corporate network, you don't have to recreate user identities
-// in AWS in order to grant those user identities access to AWS. Instead, after
-// a user has been authenticated, you call AssumeRole (and specify the role
-// with the appropriate permissions) to get temporary security credentials for
-// that user. With those temporary security credentials, you construct a sign-in
-// URL that users can use to access the console. For more information, see Common
-// Scenarios for Temporary Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction)
+// Session Duration
+//
+// By default, the temporary security credentials created by AssumeRole last
+// for one hour. However, you can use the optional DurationSeconds parameter
+// to specify the duration of your session. You can provide a value from 900
+// seconds (15 minutes) up to the maximum session duration setting for the role.
+// This setting can have a value from 1 hour to 12 hours. To learn how to view
+// the maximum value for your role, see View the Maximum Session Duration Setting
+// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI commands. However
+// the limit does not apply when you use those operations to create a console
+// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
 // in the IAM User Guide.
 //
-// The temporary security credentials are valid for the duration that you specified
-// when calling AssumeRole, which can be from 900 seconds (15 minutes) to a
-// maximum of 3600 seconds (1 hour). The default is 1 hour.
+// Permissions
 //
 // The temporary security credentials created by AssumeRole can be used to make
-// API calls to any AWS service with the following exception: you cannot call
-// the STS service's GetFederationToken or GetSessionToken APIs.
-//
-// Optionally, you can pass an IAM access policy to this operation. If you choose
-// not to pass a policy, the temporary security credentials that are returned
-// by the operation have the permissions that are defined in the access policy
-// of the role that is being assumed. If you pass a policy to this operation,
-// the temporary security credentials that are returned by the operation have
-// the permissions that are allowed by both the access policy of the role that
-// is being assumed, and the policy that you pass. This gives you a way to further
-// restrict the permissions for the resulting temporary security credentials.
-// You cannot use the passed policy to grant permissions that are in excess
-// of those allowed by the access policy of the role that is being assumed.
-// For more information, see Permissions for AssumeRole, AssumeRoleWithSAML,
-// and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
+// API calls to any AWS service with the following exception: You cannot call
+// the AWS STS GetFederationToken or GetSessionToken API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policies to
+// use as managed session policies. The plain text that you use for both inline
+// and managed session policies can't exceed 2,048 characters. Passing policies
+// to this operation returns new temporary credentials. The resulting session's
+// permissions are the intersection of the role's identity-based policy and
+// the session policies. You can use the role's temporary credentials in subsequent
+// AWS API calls to access resources in the account that owns the role. You
+// cannot use session policies to grant more permissions than those allowed
+// by the identity-based policy of the role that is being assumed. For more
+// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide.
+//
+// To assume a role from a different account, your AWS account must be trusted
+// by the role. The trust relationship is defined in the role's trust policy
+// when the role is created. That trust policy states which accounts are allowed
+// to delegate that access to users in the account.
+//
+// A user who wants to access a role in a different account must also have permissions
+// that are delegated from the user account administrator. The administrator
+// must attach a policy that allows the user to call AssumeRole for the ARN
+// of the role in the other account. If the user is in the same account as the
+// role, then you can do either of the following:
+//
+//    * Attach a policy to the user (identical to the previous user in a different
+//    account).
+//
+//    * Add the user as a principal directly in the role's trust policy.
+//
+// In this case, the trust policy acts as an IAM resource-based policy. Users
+// in the same account as the role do not need explicit permission to assume
+// the role. For more information about trust policies and resource-based policies,
+// see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+// in the IAM User Guide.
+//
+// Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These tags are
+// called session tags. For more information about session tags, see Passing
+// Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
 // in the IAM User Guide.
 //
-// To assume a role, your AWS account must be trusted by the role. The trust
-// relationship is defined in the role's trust policy when the role is created.
-// That trust policy states which accounts are allowed to delegate access to
-// this account's role.
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
 //
-// The user who wants to access the role must also have permissions delegated
-// from the role's administrator. If the user is in a different account than
-// the role, then the user's administrator must attach a policy that allows
-// the user to call AssumeRole on the ARN of the role in the other account.
-// If the user is in the same account as the role, then you can either attach
-// a policy to the user (identical to the previous different account user),
-// or you can add the user as a principal directly in the role's trust policy
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
 //
 // Using MFA with AssumeRole
 //
-// You can optionally include multi-factor authentication (MFA) information
-// when you call AssumeRole. This is useful for cross-account scenarios in which
-// you want to make sure that the user who is assuming the role has been authenticated
-// using an AWS MFA device. In that scenario, the trust policy of the role being
-// assumed includes a condition that tests for MFA authentication; if the caller
-// does not include valid MFA information, the request to assume the role is
-// denied. The condition in a trust policy that tests for MFA authentication
-// might look like the following example.
+// (Optional) You can include multi-factor authentication (MFA) information
+// when you call AssumeRole. This is useful for cross-account scenarios to ensure
+// that the user that assumes the role has been authenticated with an AWS MFA
+// device. In that scenario, the trust policy of the role being assumed includes
+// a condition that tests for MFA authentication. If the caller does not include
+// valid MFA information, the request to assume the role is denied. The condition
+// in a trust policy that tests for MFA authentication might look like the following
+// example.
 //
 // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
 //
-// For more information, see Configuring MFA-Protected API Access (http://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
+// For more information, see Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
 // in the IAM User Guide guide.
 //
 // To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode
 // parameters. The SerialNumber value identifies the user's hardware or virtual
 // MFA device. The TokenCode is the time-based one-time password (TOTP) that
-// the MFA devices produces.
+// the MFA device produces.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -157,15 +187,24 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 //   message describes the specific error.
 //
 //   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-//   The request was rejected because the policy document was too large. The error
-//   message describes how big the policy document is, in packed form, as a percentage
-//   of what the API allows.
+//   The request was rejected because the total packed size of the session policies
+//   and session tags combined was too large. An AWS conversion compresses the
+//   session policy document, session policy ARNs, and session tags into a packed
+//   binary format that has a separate limit. The error message indicates by percentage
+//   how close the policies and tags are to the upper size limit. For more information,
+//   see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+//   in the IAM User Guide.
+//
+//   You could receive this error even though you meet other defined session policy
+//   and session tag limits. For more information, see IAM and STS Entity Character
+//   Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   in the IAM User Guide.
 //
 //   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
-//   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
@@ -194,8 +233,8 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
 
 // AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithSAML operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -229,6 +268,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 
 	output = &AssumeRoleWithSAMLOutput{}
 	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
 	return
 }
 
@@ -238,46 +278,52 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // via a SAML authentication response. This operation provides a mechanism for
 // tying an enterprise identity store or directory to role-based AWS access
 // without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML
-// with the other APIs that produce temporary credentials, see Requesting Temporary
-// Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// with the other API operations that produce temporary credentials, see Requesting
+// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
 // The temporary security credentials returned by this operation consist of
 // an access key ID, a secret access key, and a security token. Applications
 // can use these temporary security credentials to sign calls to AWS services.
 //
-// The temporary security credentials are valid for the duration that you specified
-// when calling AssumeRole, or until the time specified in the SAML authentication
-// response's SessionNotOnOrAfter value, whichever is shorter. The duration
-// can be from 900 seconds (15 minutes) to a maximum of 3600 seconds (1 hour).
-// The default is 1 hour.
+// Session Duration
+//
+// By default, the temporary security credentials created by AssumeRoleWithSAML
+// last for one hour. However, you can use the optional DurationSeconds parameter
+// to specify the duration of your session. Your role session lasts for the
+// duration that you specify, or until the time specified in the SAML authentication
+// response's SessionNotOnOrAfter value, whichever is shorter. You can provide
+// a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
+// duration setting for the role. This setting can have a value from 1 hour
+// to 12 hours. To learn how to view the maximum value for your role, see View
+// the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI commands. However
+// the limit does not apply when you use those operations to create a console
+// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
+//
+// Permissions
 //
 // The temporary security credentials created by AssumeRoleWithSAML can be used
 // to make API calls to any AWS service with the following exception: you cannot
-// call the STS service's GetFederationToken or GetSessionToken APIs.
-//
-// Optionally, you can pass an IAM access policy to this operation. If you choose
-// not to pass a policy, the temporary security credentials that are returned
-// by the operation have the permissions that are defined in the access policy
-// of the role that is being assumed. If you pass a policy to this operation,
-// the temporary security credentials that are returned by the operation have
-// the permissions that are allowed by the intersection of both the access policy
-// of the role that is being assumed, and the policy that you pass. This means
-// that both policies must grant the permission for the action to be allowed.
-// This gives you a way to further restrict the permissions for the resulting
-// temporary security credentials. You cannot use the passed policy to grant
-// permissions that are in excess of those allowed by the access policy of the
-// role that is being assumed. For more information, see Permissions for AssumeRole,
-// AssumeRoleWithSAML, and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
+// call the STS GetFederationToken or GetSessionToken API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policies to
+// use as managed session policies. The plain text that you use for both inline
+// and managed session policies can't exceed 2,048 characters. Passing policies
+// to this operation returns new temporary credentials. The resulting session's
+// permissions are the intersection of the role's identity-based policy and
+// the session policies. You can use the role's temporary credentials in subsequent
+// AWS API calls to access resources in the account that owns the role. You
+// cannot use session policies to grant more permissions than those allowed
+// by the identity-based policy of the role that is being assumed. For more
+// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide.
 //
-// Before your application can call AssumeRoleWithSAML, you must configure your
-// SAML identity provider (IdP) to issue the claims required by AWS. Additionally,
-// you must use AWS Identity and Access Management (IAM) to create a SAML provider
-// entity in your AWS account that represents your identity provider, and create
-// an IAM role that specifies this SAML provider in its trust policy.
-//
 // Calling AssumeRoleWithSAML does not require the use of AWS security credentials.
 // The identity of the caller is validated by using keys in the metadata document
 // that is uploaded for the SAML provider entity for your identity provider.
@@ -285,21 +331,63 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail
 // logs. The entry includes the value in the NameID element of the SAML assertion.
 // We recommend that you use a NameIDType that is not associated with any personally
-// identifiable information (PII). For example, you could instead use the Persistent
-// Identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
+// identifiable information (PII). For example, you could instead use the persistent
+// identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
+//
+// Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your SAML assertion
+// as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plain text session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An AWS conversion compresses the passed session policies and session tags
+// into a packed binary format that has a separate limit. Your request can fail
+// for this limit even if your plain text meets the other requirements. The
+// PackedPolicySize response element indicates by percentage how close the policies
+// and tags for your request are to the upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, session tags override the role's tags with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// SAML Configuration
+//
+// Before your application can call AssumeRoleWithSAML, you must configure your
+// SAML identity provider (IdP) to issue the claims required by AWS. Additionally,
+// you must use AWS Identity and Access Management (IAM) to create a SAML provider
+// entity in your AWS account that represents your identity provider. You must
+// also create an IAM role that specifies this SAML provider in its trust policy.
 //
 // For more information, see the following resources:
 //
-//    * About SAML 2.0-based Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
+//    * About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
 //    in the IAM User Guide.
 //
-//    * Creating SAML Identity Providers (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
+//    * Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
 //    in the IAM User Guide.
 //
-//    * Configuring a Relying Party and Claims (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
+//    * Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
 //    in the IAM User Guide.
 //
-//    * Creating a Role for SAML 2.0 Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
+//    * Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
 //    in the IAM User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -315,9 +403,18 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 //   message describes the specific error.
 //
 //   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-//   The request was rejected because the policy document was too large. The error
-//   message describes how big the policy document is, in packed form, as a percentage
-//   of what the API allows.
+//   The request was rejected because the total packed size of the session policies
+//   and session tags combined was too large. An AWS conversion compresses the
+//   session policy document, session policy ARNs, and session tags into a packed
+//   binary format that has a separate limit. The error message indicates by percentage
+//   how close the policies and tags are to the upper size limit. For more information,
+//   see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+//   in the IAM User Guide.
+//
+//   You could receive this error even though you meet other defined session policy
+//   and session tag limits. For more information, see IAM and STS Entity Character
+//   Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   in the IAM User Guide.
 //
 //   * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
 //   The identity provider (IdP) reported that authentication failed. This might
@@ -338,7 +435,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
-//   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
@@ -367,8 +464,8 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
 
 // AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithWebIdentity operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -402,64 +499,114 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 
 	output = &AssumeRoleWithWebIdentityOutput{}
 	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
 	return
 }
 
 // AssumeRoleWithWebIdentity API operation for AWS Security Token Service.
 //
 // Returns a set of temporary security credentials for users who have been authenticated
-// in a mobile or web application with a web identity provider, such as Amazon
-// Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible
-// identity provider.
+// in a mobile or web application with a web identity provider. Example providers
+// include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID
+// Connect-compatible identity provider.
 //
 // For mobile applications, we recommend that you use Amazon Cognito. You can
-// use Amazon Cognito with the AWS SDK for iOS (http://aws.amazon.com/sdkforios/)
-// and the AWS SDK for Android (http://aws.amazon.com/sdkforandroid/) to uniquely
-// identify a user and supply the user with a consistent identity throughout
-// the lifetime of an application.
-//
-// To learn more about Amazon Cognito, see Amazon Cognito Overview (http://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
-// in the AWS SDK for Android Developer Guide guide and Amazon Cognito Overview
-// (http://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
+// use Amazon Cognito with the AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
+// and the AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
+// to uniquely identify a user. You can also supply the user with a consistent
+// identity throughout the lifetime of an application.
+//
+// To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
+// in AWS SDK for Android Developer Guide and Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
 // in the AWS SDK for iOS Developer Guide.
 //
 // Calling AssumeRoleWithWebIdentity does not require the use of AWS security
 // credentials. Therefore, you can distribute an application (for example, on
 // mobile devices) that requests temporary security credentials without including
-// long-term AWS credentials in the application, and without deploying server-based
-// proxy services that use long-term AWS credentials. Instead, the identity
-// of the caller is validated by using a token from the web identity provider.
-// For a comparison of AssumeRoleWithWebIdentity with the other APIs that produce
-// temporary credentials, see Requesting Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// long-term AWS credentials in the application. You also don't need to deploy
+// server-based proxy services that use long-term AWS credentials. Instead,
+// the identity of the caller is validated by using a token from the web identity
+// provider. For a comparison of AssumeRoleWithWebIdentity with the other API
+// operations that produce temporary credentials, see Requesting Temporary Security
+// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
 // The temporary security credentials returned by this API consist of an access
 // key ID, a secret access key, and a security token. Applications can use these
-// temporary security credentials to sign calls to AWS service APIs.
+// temporary security credentials to sign calls to AWS service API operations.
+//
+// Session Duration
+//
+// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
+// last for one hour. However, you can use the optional DurationSeconds parameter
+// to specify the duration of your session. You can provide a value from 900
+// seconds (15 minutes) up to the maximum session duration setting for the role.
+// This setting can have a value from 1 hour to 12 hours. To learn how to view
+// the maximum value for your role, see View the Maximum Session Duration Setting
+// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI commands. However
+// the limit does not apply when you use those operations to create a console
+// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
 //
-// The credentials are valid for the duration that you specified when calling
-// AssumeRoleWithWebIdentity, which can be from 900 seconds (15 minutes) to
-// a maximum of 3600 seconds (1 hour). The default is 1 hour.
+// Permissions
 //
 // The temporary security credentials created by AssumeRoleWithWebIdentity can
 // be used to make API calls to any AWS service with the following exception:
-// you cannot call the STS service's GetFederationToken or GetSessionToken APIs.
-//
-// Optionally, you can pass an IAM access policy to this operation. If you choose
-// not to pass a policy, the temporary security credentials that are returned
-// by the operation have the permissions that are defined in the access policy
-// of the role that is being assumed. If you pass a policy to this operation,
-// the temporary security credentials that are returned by the operation have
-// the permissions that are allowed by both the access policy of the role that
-// is being assumed, and the policy that you pass. This gives you a way to further
-// restrict the permissions for the resulting temporary security credentials.
-// You cannot use the passed policy to grant permissions that are in excess
-// of those allowed by the access policy of the role that is being assumed.
-// For more information, see Permissions for AssumeRole, AssumeRoleWithSAML,
-// and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
+// you cannot call the STS GetFederationToken or GetSessionToken API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policies to
+// use as managed session policies. The plain text that you use for both inline
+// and managed session policies can't exceed 2,048 characters. Passing policies
+// to this operation returns new temporary credentials. The resulting session's
+// permissions are the intersection of the role's identity-based policy and
+// the session policies. You can use the role's temporary credentials in subsequent
+// AWS API calls to access resources in the account that owns the role. You
+// cannot use session policies to grant more permissions than those allowed
+// by the identity-based policy of the role that is being assumed. For more
+// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide.
+//
+// Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your web identity
+// token as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
 // in the IAM User Guide.
 //
+// You can pass up to 50 session tags. The plain text session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An AWS conversion compresses the passed session policies and session tags
+// into a packed binary format that has a separate limit. Your request can fail
+// for this limit even if your plain text meets the other requirements. The
+// PackedPolicySize response element indicates by percentage how close the policies
+// and tags for your request are to the upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, the session tag overrides the role tag with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// Identities
+//
 // Before your application can call AssumeRoleWithWebIdentity, you must have
 // an identity token from a supported identity provider and create a role that
 // the application can assume. The role that your application assumes must trust
@@ -476,23 +623,21 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // For more information about how to use web identity federation and the AssumeRoleWithWebIdentity
 // API, see the following resources:
 //
-//    * Using Web Identity Federation APIs for Mobile Apps (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
-//    and Federation Through a Web-based Identity Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
-//
+//    * Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
+//    and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
 //
-//    *  Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html).
-//    This interactive website lets you walk through the process of authenticating
-//    via Login with Amazon, Facebook, or Google, getting temporary security
-//    credentials, and then using those credentials to make a request to AWS.
+//    * Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html).
+//    Walk through the process of authenticating through Login with Amazon,
+//    Facebook, or Google, getting temporary security credentials, and then
+//    using those credentials to make a request to AWS.
 //
+//    * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and
+//    AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
+//    These toolkits contain sample apps that show how to invoke the identity
+//    providers. The toolkits then show how to use the information from these
+//    providers to get and use temporary security credentials.
 //
-//    * AWS SDK for iOS (http://aws.amazon.com/sdkforios/) and AWS SDK for Android
-//    (http://aws.amazon.com/sdkforandroid/). These toolkits contain sample
-//    apps that show how to invoke the identity providers, and then how to use
-//    the information from these providers to get and use temporary security
-//    credentials.
-//
-//    * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/4617974389850313).
+//    * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
 //    This article discusses web identity federation and shows an example of
 //    how to use web identity federation to get access to content in Amazon
 //    S3.
@@ -510,9 +655,18 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 //   message describes the specific error.
 //
 //   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-//   The request was rejected because the policy document was too large. The error
-//   message describes how big the policy document is, in packed form, as a percentage
-//   of what the API allows.
+//   The request was rejected because the total packed size of the session policies
+//   and session tags combined was too large. An AWS conversion compresses the
+//   session policy document, session policy ARNs, and session tags into a packed
+//   binary format that has a separate limit. The error message indicates by percentage
+//   how close the policies and tags are to the upper size limit. For more information,
+//   see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+//   in the IAM User Guide.
+//
+//   You could receive this error even though you meet other defined session policy
+//   and session tag limits. For more information, see IAM and STS Entity Character
+//   Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   in the IAM User Guide.
 //
 //   * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
 //   The identity provider (IdP) reported that authentication failed. This might
@@ -522,11 +676,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 //   can also mean that the claim has expired or has been explicitly revoked.
 //
 //   * ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
-//   The request could not be fulfilled because the non-AWS identity provider
-//   (IDP) that was asked to verify the incoming identity token could not be reached.
-//   This is often a transient error caused by network conditions. Retry the request
+//   The request could not be fulfilled because the identity provider (IDP) that
+//   was asked to verify the incoming identity token could not be reached. This
+//   is often a transient error caused by network conditions. Retry the request
 //   a limited number of times so that you don't exceed the request rate. If the
-//   error persists, the non-AWS identity provider might be down or not responding.
+//   error persists, the identity provider might be down or not responding.
 //
 //   * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
 //   The web identity token that was passed could not be validated by AWS. Get
@@ -540,7 +694,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
-//   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
@@ -569,8 +723,8 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
 
 // DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
 // client's request for the DecodeAuthorizationMessage operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -612,17 +766,17 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 // Decodes additional information about the authorization status of a request
 // from an encoded message returned in response to an AWS request.
 //
-// For example, if a user is not authorized to perform an action that he or
-// she has requested, the request returns a Client.UnauthorizedOperation response
-// (an HTTP 403 response). Some AWS actions additionally return an encoded message
-// that can provide details about this authorization failure.
+// For example, if a user is not authorized to perform an operation that he
+// or she has requested, the request returns a Client.UnauthorizedOperation
+// response (an HTTP 403 response). Some AWS operations additionally return
+// an encoded message that can provide details about this authorization failure.
 //
-// Only certain AWS actions return an encoded authorization message. The documentation
-// for an individual action indicates whether that action returns an encoded
-// message in addition to returning an HTTP code.
+// Only certain AWS operations return an encoded authorization message. The
+// documentation for an individual operation indicates whether that operation
+// returns an encoded message in addition to returning an HTTP code.
 //
 // The message is encoded because the details of the authorization status can
-// constitute privileged information that the user who requested the action
+// constitute privileged information that the user who requested the operation
 // should not see. To decode an authorization status message, a user must be
 // granted permissions via an IAM policy to request the DecodeAuthorizationMessage
 // (sts:DecodeAuthorizationMessage) action.
@@ -631,7 +785,7 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 //
 //    * Whether the request was denied due to an explicit deny or due to the
 //    absence of an explicit allow. For more information, see Determining Whether
-//    a Request is Allowed or Denied (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
+//    a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
 //    in the IAM User Guide.
 //
 //    * The principal who made the request.
@@ -677,12 +831,109 @@ func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *Deco
 	return out, req.Send()
 }
 
+const opGetAccessKeyInfo = "GetAccessKeyInfo"
+
+// GetAccessKeyInfoRequest generates a "aws/request.Request" representing the
+// client's request for the GetAccessKeyInfo operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetAccessKeyInfo for more information on using the GetAccessKeyInfo
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetAccessKeyInfoRequest method.
+//    req, resp := client.GetAccessKeyInfoRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
+func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) {
+	op := &request.Operation{
+		Name:       opGetAccessKeyInfo,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &GetAccessKeyInfoInput{}
+	}
+
+	output = &GetAccessKeyInfoOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetAccessKeyInfo API operation for AWS Security Token Service.
+//
+// Returns the account identifier for the specified access key ID.
+//
+// Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE)
+// and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
+// For more information about access keys, see Managing Access Keys for IAM
+// Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
+// in the IAM User Guide.
+//
+// When you pass an access key ID to this operation, it returns the ID of the
+// AWS account to which the keys belong. Access key IDs beginning with AKIA
+// are long-term credentials for an IAM user or the AWS account root user. Access
+// key IDs beginning with ASIA are temporary credentials that are created using
+// STS operations. If the account in the response belongs to you, you can sign
+// in as the root user and review your root user access keys. Then, you can
+// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
+// to learn which IAM user owns the keys. To learn who requested the temporary
+// credentials for an ASIA access key, view the STS events in your CloudTrail
+// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
+// in the IAM User Guide.
+//
+// This operation does not indicate the state of the access key. The key might
+// be active, inactive, or deleted. Active keys might not have permissions to
+// perform an operation. Providing a deleted access key might return an error
+// that the key doesn't exist.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetAccessKeyInfo for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
+func (c *STS) GetAccessKeyInfo(input *GetAccessKeyInfoInput) (*GetAccessKeyInfoOutput, error) {
+	req, out := c.GetAccessKeyInfoRequest(input)
+	return out, req.Send()
+}
+
+// GetAccessKeyInfoWithContext is the same as GetAccessKeyInfo with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetAccessKeyInfo for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetAccessKeyInfoWithContext(ctx aws.Context, input *GetAccessKeyInfoInput, opts ...request.Option) (*GetAccessKeyInfoOutput, error) {
+	req, out := c.GetAccessKeyInfoRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opGetCallerIdentity = "GetCallerIdentity"
 
 // GetCallerIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the GetCallerIdentity operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -721,8 +972,16 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
 
 // GetCallerIdentity API operation for AWS Security Token Service.
 //
-// Returns details about the IAM identity whose credentials are used to call
-// the API.
+// Returns details about the IAM user or role whose credentials are used to
+// call the operation.
+//
+// No permissions are required to perform this operation. If an administrator
+// adds a policy to your IAM user or role that explicitly denies access to the
+// sts:GetCallerIdentity action, you can still perform this operation. Permissions
+// are not required because the same information is returned when an IAM user
+// or role is denied access. To view an example response, see I Am Not Authorized
+// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
+// in the IAM User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -756,8 +1015,8 @@ const opGetFederationToken = "GetFederationToken"
 
 // GetFederationTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetFederationToken operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -799,81 +1058,92 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // Returns a set of temporary security credentials (consisting of an access
 // key ID, a secret access key, and a security token) for a federated user.
 // A typical use is in a proxy application that gets temporary security credentials
-// on behalf of distributed applications inside a corporate network. Because
-// you must call the GetFederationToken action using the long-term security
-// credentials of an IAM user, this call is appropriate in contexts where those
+// on behalf of distributed applications inside a corporate network. You must
+// call the GetFederationToken operation using the long-term security credentials
+// of an IAM user. As a result, this call is appropriate in contexts where those
 // credentials can be safely stored, usually in a server-based application.
-// For a comparison of GetFederationToken with the other APIs that produce temporary
-// credentials, see Requesting Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// For a comparison of GetFederationToken with the other API operations that
+// produce temporary credentials, see Requesting Temporary Security Credentials
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
-// If you are creating a mobile-based or browser-based app that can authenticate
+// You can create a mobile-based or browser-based app that can authenticate
 // users using a web identity provider like Login with Amazon, Facebook, Google,
-// or an OpenID Connect-compatible identity provider, we recommend that you
-// use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
+// or an OpenID Connect-compatible identity provider. In this case, we recommend
+// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
 // For more information, see Federation Through a Web-based Identity Provider
-// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
-//
-// The GetFederationToken action must be called by using the long-term AWS security
-// credentials of an IAM user. You can also call GetFederationToken using the
-// security credentials of an AWS root account, but we do not recommended it.
-// Instead, we recommend that you create an IAM user for the purpose of the
-// proxy application and then attach a policy to the IAM user that limits federated
-// users to only the actions and resources that they need access to. For more
-// information, see IAM Best Practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
 // in the IAM User Guide.
 //
-// The temporary security credentials that are obtained by using the long-term
-// credentials of an IAM user are valid for the specified duration, from 900
-// seconds (15 minutes) up to a maximium of 129600 seconds (36 hours). The default
-// is 43200 seconds (12 hours). Temporary credentials that are obtained by using
-// AWS root account credentials have a maximum duration of 3600 seconds (1 hour).
-//
-// The temporary security credentials created by GetFederationToken can be used
-// to make API calls to any AWS service with the following exceptions:
+// You can also call GetFederationToken using the security credentials of an
+// AWS account root user, but we do not recommend it. Instead, we recommend
+// that you create an IAM user for the purpose of the proxy application. Then
+// attach a policy to the IAM user that limits federated users to only the actions
+// and resources that they need to access. For more information, see IAM Best
+// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
+// in the IAM User Guide.
 //
-//    * You cannot use these credentials to call any IAM APIs.
+// Session duration
 //
-//    * You cannot call any STS APIs except GetCallerIdentity.
+// The temporary credentials are valid for the specified duration, from 900
+// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
+// session duration is 43,200 seconds (12 hours). Temporary credentials that
+// are obtained by using AWS account root user credentials have a maximum duration
+// of 3,600 seconds (1 hour).
 //
 // Permissions
 //
-// The permissions for the temporary security credentials returned by GetFederationToken
-// are determined by a combination of the following:
-//
-//    * The policy or policies that are attached to the IAM user whose credentials
-//    are used to call GetFederationToken.
-//
-//    * The policy that is passed as a parameter in the call.
-//
-// The passed policy is attached to the temporary security credentials that
-// result from the GetFederationToken API call--that is, to the federated user.
-// When the federated user makes an AWS request, AWS evaluates the policy attached
-// to the federated user in combination with the policy or policies attached
-// to the IAM user whose credentials were used to call GetFederationToken. AWS
-// allows the federated user's request only when both the federated user and
-// the IAM user are explicitly allowed to perform the requested action. The
-// passed policy cannot grant more permissions than those that are defined in
-// the IAM user policy.
-//
-// A typical use case is that the permissions of the IAM user whose credentials
-// are used to call GetFederationToken are designed to allow access to all the
-// actions and resources that any federated user will need. Then, for individual
-// users, you pass a policy to the operation that scopes down the permissions
-// to a level that's appropriate to that individual user, using a policy that
-// allows only a subset of permissions that are granted to the IAM user.
-//
-// If you do not pass a policy, the resulting temporary security credentials
-// have no effective permissions. The only exception is when the temporary security
-// credentials are used to access a resource that has a resource-based policy
-// that specifically allows the federated user to access the resource.
-//
-// For more information about how permissions work, see Permissions for GetFederationToken
-// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html).
-// For information about using GetFederationToken to create temporary security
-// credentials, see GetFederationToken—Federation Through a Custom Identity
-// Broker (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
+// You can use the temporary credentials created by GetFederationToken in any
+// AWS service except the following:
+//
+//    * You cannot call any IAM operations using the AWS CLI or the AWS API.
+//
+//    * You cannot call any STS operations except GetCallerIdentity.
+//
+// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policies to
+// use as managed session policies. The plain text that you use for both inline
+// and managed session policies can't exceed 2,048 characters.
+//
+// Though the session policy parameters are optional, if you do not pass a policy,
+// then the resulting federated user session has no permissions. When you pass
+// session policies, the session permissions are the intersection of the IAM
+// user policies and the session policies that you pass. This gives you a way
+// to further restrict the permissions for a federated user. You cannot use
+// session policies to grant more permissions than those that are defined in
+// the permissions policy of the IAM user. For more information, see Session
+// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide. For information about using GetFederationToken to
+// create temporary security credentials, see GetFederationToken—Federation
+// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
+//
+// You can use the credentials to access a resource that has a resource-based
+// policy. If that policy specifically references the federated user session
+// in the Principal element of the policy, the session has the permissions allowed
+// by the policy. These permissions are granted in addition to the permissions
+// granted by the session policies.
+//
+// Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These are called
+// session tags. For more information about session tags, see Passing Session
+// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// Tag key–value pairs are not case sensitive, but case is preserved. This
+// means that you cannot have separate Department and department tag keys. Assume
+// that the user that you are federating has the Department=Marketing tag and
+// you pass the department=engineering session tag. Department and department
+// are not saved as separate tags, and the session tag passed in the request
+// takes precedence over the user tag.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -888,15 +1158,24 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 //   message describes the specific error.
 //
 //   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-//   The request was rejected because the policy document was too large. The error
-//   message describes how big the policy document is, in packed form, as a percentage
-//   of what the API allows.
+//   The request was rejected because the total packed size of the session policies
+//   and session tags combined was too large. An AWS conversion compresses the
+//   session policy document, session policy ARNs, and session tags into a packed
+//   binary format that has a separate limit. The error message indicates by percentage
+//   how close the policies and tags are to the upper size limit. For more information,
+//   see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+//   in the IAM User Guide.
+//
+//   You could receive this error even though you meet other defined session policy
+//   and session tag limits. For more information, see IAM and STS Entity Character
+//   Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   in the IAM User Guide.
 //
 //   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
-//   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
@@ -925,8 +1204,8 @@ const opGetSessionToken = "GetSessionToken"
 
 // GetSessionTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetSessionToken operation. The "output" return
-// value will be populated with the request's response once the request complets
-// successfuly.
+// value will be populated with the request's response once the request completes
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -968,48 +1247,51 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // Returns a set of temporary credentials for an AWS account or IAM user. The
 // credentials consist of an access key ID, a secret access key, and a security
 // token. Typically, you use GetSessionToken if you want to use MFA to protect
-// programmatic calls to specific AWS APIs like Amazon EC2 StopInstances. MFA-enabled
-// IAM users would need to call GetSessionToken and submit an MFA code that
-// is associated with their MFA device. Using the temporary security credentials
-// that are returned from the call, IAM users can then make programmatic calls
-// to APIs that require MFA authentication. If you do not supply a correct MFA
-// code, then the API returns an access denied error. For a comparison of GetSessionToken
-// with the other APIs that produce temporary credentials, see Requesting Temporary
-// Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// programmatic calls to specific AWS API operations like Amazon EC2 StopInstances.
+// MFA-enabled IAM users would need to call GetSessionToken and submit an MFA
+// code that is associated with their MFA device. Using the temporary security
+// credentials that are returned from the call, IAM users can then make programmatic
+// calls to API operations that require MFA authentication. If you do not supply
+// a correct MFA code, then the API returns an access denied error. For a comparison
+// of GetSessionToken with the other API operations that produce temporary credentials,
+// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
-// The GetSessionToken action must be called by using the long-term AWS security
-// credentials of the AWS account or an IAM user. Credentials that are created
-// by IAM users are valid for the duration that you specify, from 900 seconds
-// (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default
-// of 43200 seconds (12 hours); credentials that are created by using account
-// credentials can range from 900 seconds (15 minutes) up to a maximum of 3600
-// seconds (1 hour), with a default of 1 hour.
+// Session Duration
+//
+// The GetSessionToken operation must be called by using the long-term AWS security
+// credentials of the AWS account root user or an IAM user. Credentials that
+// are created by IAM users are valid for the duration that you specify. This
+// duration can range from 900 seconds (15 minutes) up to a maximum of 129,600
+// seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials
+// based on account credentials can range from 900 seconds (15 minutes) up to
+// 3,600 seconds (1 hour), with a default of 1 hour.
+//
+// Permissions
 //
 // The temporary security credentials created by GetSessionToken can be used
 // to make API calls to any AWS service with the following exceptions:
 //
-//    * You cannot call any IAM APIs unless MFA authentication information is
-//    included in the request.
+//    * You cannot call any IAM API operations unless MFA authentication information
+//    is included in the request.
 //
-//    * You cannot call any STS API exceptAssumeRole or GetCallerIdentity.
+//    * You cannot call any STS API except AssumeRole or GetCallerIdentity.
 //
-// We recommend that you do not call GetSessionToken with root account credentials.
-// Instead, follow our best practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
+// We recommend that you do not call GetSessionToken with AWS account root user
+// credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
 // by creating one or more IAM users, giving them the necessary permissions,
 // and using IAM users for everyday interaction with AWS.
 //
-// The permissions associated with the temporary security credentials returned
-// by GetSessionToken are based on the permissions associated with account or
-// IAM user whose credentials are used to call the action. If GetSessionToken
-// is called using root account credentials, the temporary credentials have
-// root account permissions. Similarly, if GetSessionToken is called using the
-// credentials of an IAM user, the temporary credentials have the same permissions
-// as the IAM user.
+// The credentials that are returned by GetSessionToken are based on permissions
+// associated with the user whose credentials were used to call the operation.
+// If GetSessionToken is called using AWS account root user credentials, the
+// temporary credentials have root user permissions. Similarly, if GetSessionToken
+// is called using the credentials of an IAM user, the temporary credentials
+// have the same permissions as the IAM user.
 //
 // For more information about using GetSessionToken to create temporary credentials,
-// go to Temporary Credentials for Users in Untrusted Environments (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
+// go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
 // in the IAM User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -1024,7 +1306,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
-//   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//   and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
@@ -1049,64 +1331,97 @@ func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionToken
 	return out, req.Send()
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest
 type AssumeRoleInput struct {
 	_ struct{} `type:"structure"`
 
 	// The duration, in seconds, of the role session. The value can range from 900
-	// seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
-	// to 3600 seconds.
-	//
-	// This is separate from the duration of a console session that you might request
-	// using the returned credentials. The request to the federation endpoint for
-	// a console sign-in token takes a SessionDuration parameter that specifies
-	// the maximum length of the console session, separately from the DurationSeconds
-	// parameter on this API. For more information, see Creating a URL that Enables
-	// Federated Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+	// seconds (15 minutes) up to the maximum session duration setting for the role.
+	// This setting can have a value from 1 hour to 12 hours. If you specify a value
+	// higher than this setting, the operation fails. For example, if you specify
+	// a session duration of 12 hours, but your administrator set the maximum session
+	// duration to 6 hours, your operation fails. To learn how to view the maximum
+	// value for your role, see View the Maximum Session Duration Setting for a
+	// Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// in the IAM User Guide.
+	//
+	// By default, the value is set to 3600 seconds.
+	//
+	// The DurationSeconds parameter is separate from the duration of a console
+	// session that you might request using the returned credentials. The request
+	// to the federation endpoint for a console sign-in token takes a SessionDuration
+	// parameter that specifies the maximum length of the console session. For more
+	// information, see Creating a URL that Enables Federated Users to Access the
+	// AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
 	// in the IAM User Guide.
 	DurationSeconds *int64 `min:"900" type:"integer"`
 
-	// A unique identifier that is used by third parties when assuming roles in
-	// their customers' accounts. For each role that the third party can assume,
-	// they should instruct their customers to ensure the role's trust policy checks
-	// for the external ID that the third party generated. Each time the third party
-	// assumes the role, they should pass the customer's external ID. The external
-	// ID is useful in order to help third parties bind a role to the customer who
-	// created it. For more information about the external ID, see How to Use an
-	// External ID When Granting Access to Your AWS Resources to a Third Party (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
+	// A unique identifier that might be required when you assume a role in another
+	// account. If the administrator of the account to which the role belongs provided
+	// you with an external ID, then provide that value in the ExternalId parameter.
+	// This value can be any string, such as a passphrase or account number. A cross-account
+	// role is usually set up to trust everyone in an account. Therefore, the administrator
+	// of the trusting account might send an external ID to the administrator of
+	// the trusted account. That way, only someone with the ID can assume the role,
+	// rather than everyone in the account. For more information about the external
+	// ID, see How to Use an External ID When Granting Access to Your AWS Resources
+	// to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
 	// in the IAM User Guide.
 	//
-	// The regex used to validated this parameter is a string of characters consisting
+	// The regex used to validate this parameter is a string of characters consisting
 	// of upper- and lower-case alphanumeric characters with no spaces. You can
 	// also include underscores or any of the following characters: =,.@:/-
 	ExternalId *string `min:"2" type:"string"`
 
-	// An IAM policy in JSON format.
-	//
-	// This parameter is optional. If you pass a policy, the temporary security
-	// credentials that are returned by the operation have the permissions that
-	// are allowed by both (the intersection of) the access policy of the role that
-	// is being assumed, and the policy that you pass. This gives you a way to further
-	// restrict the permissions for the resulting temporary security credentials.
-	// You cannot use the passed policy to grant permissions that are in excess
-	// of those allowed by the access policy of the role that is being assumed.
-	// For more information, see Permissions for AssumeRole, AssumeRoleWithSAML,
-	// and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
+	// An IAM policy in JSON format that you want to use as an inline session policy.
+	//
+	// This parameter is optional. Passing policies to this operation returns new
+	// temporary credentials. The resulting session's permissions are the intersection
+	// of the role's identity-based policy and the session policies. You can use
+	// the role's temporary credentials in subsequent AWS API calls to access resources
+	// in the account that owns the role. You cannot use session policies to grant
+	// more permissions than those allowed by the identity-based policy of the role
+	// that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
-	// of characters up to 2048 characters in length. The characters can be any
-	// ASCII character from the space character to the end of the valid character
-	// list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A),
+	// The plain text that you use for both inline and managed session policies
+	// can't exceed 2,048 characters. The JSON policy characters can be any ASCII
+	// character from the space character to the end of the valid character list
+	// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
 	// and carriage return (\u000D) characters.
 	//
-	// The policy plain text must be 2048 bytes or shorter. However, an internal
-	// conversion compresses it into a packed binary format with a separate limit.
-	// The PackedPolicySize response element indicates by percentage how close to
-	// the upper size limit the policy is, with 100% equaling the maximum allowed
-	// size.
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
 	Policy *string `min:"1" type:"string"`
 
+	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+	// to use as managed session policies. The policies must exist in the same account
+	// as the role.
+	//
+	// This parameter is optional. You can provide up to 10 managed policy ARNs.
+	// However, the plain text that you use for both inline and managed session
+	// policies can't exceed 2,048 characters. For more information about ARNs,
+	// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the AWS General Reference.
+	//
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
+	//
+	// Passing policies to this operation returns new temporary credentials. The
+	// resulting session's permissions are the intersection of the role's identity-based
+	// policy and the session policies. You can use the role's temporary credentials
+	// in subsequent AWS API calls to access resources in the account that owns
+	// the role. You cannot use session policies to grant more permissions than
+	// those allowed by the identity-based policy of the role that is being assumed.
+	// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	PolicyArns []*PolicyDescriptorType `type:"list"`
+
 	// The Amazon Resource Name (ARN) of the role to assume.
 	//
 	// RoleArn is a required field
@@ -1119,8 +1434,8 @@ type AssumeRoleInput struct {
 	// scenarios, the role session name is visible to, and can be logged by the
 	// account that owns the role. The role session name is also used in the ARN
 	// of the assumed role principal. This means that subsequent cross-account API
-	// requests using the temporary security credentials will expose the role session
-	// name to the external account in their CloudTrail logs.
+	// requests that use the temporary security credentials will expose the role
+	// session name to the external account in their AWS CloudTrail logs.
 	//
 	// The regex used to validate this parameter is a string of characters consisting
 	// of upper- and lower-case alphanumeric characters with no spaces. You can
@@ -1140,6 +1455,41 @@ type AssumeRoleInput struct {
 	// also include underscores or any of the following characters: =,.@-
 	SerialNumber *string `min:"9" type:"string"`
 
+	// A list of session tags that you want to pass. Each session tag consists of
+	// a key name and an associated value. For more information about session tags,
+	// see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// in the IAM User Guide.
+	//
+	// This parameter is optional. You can pass up to 50 session tags. The plain
+	// text session tag keys can’t exceed 128 characters, and the values can’t
+	// exceed 256 characters. For these and additional limits, see IAM and STS Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	//
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
+	//
+	// You can pass a session tag with the same key as a tag that is already attached
+	// to the role. When you do, session tags override a role tag with the same
+	// key.
+	//
+	// Tag key–value pairs are not case sensitive, but case is preserved. This
+	// means that you cannot have separate Department and department tag keys. Assume
+	// that the role has the Department=Marketing tag and you pass the department=engineering
+	// session tag. Department and department are not saved as separate tags, and
+	// the session tag passed in the request takes precedence over the role tag.
+	//
+	// Additionally, if you used temporary credentials to perform this operation,
+	// the new session inherits any transitive session tags from the calling session.
+	// If you pass a session tag with the same key as an inherited tag, the operation
+	// fails. To view the inherited tags for a session, see the AWS CloudTrail logs.
+	// For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs)
+	// in the IAM User Guide.
+	Tags []*Tag `type:"list"`
+
 	// The value provided by the MFA device, if the trust policy of the role being
 	// assumed requires MFA (that is, if the policy includes a condition that tests
 	// for MFA). If the role being assumed requires MFA and if the TokenCode value
@@ -1148,6 +1498,19 @@ type AssumeRoleInput struct {
 	// The format for this parameter, as described by its regex pattern, is a sequence
 	// of six numeric digits.
 	TokenCode *string `min:"6" type:"string"`
+
+	// A list of keys for session tags that you want to set as transitive. If you
+	// set a tag key as transitive, the corresponding key and value passes to subsequent
+	// sessions in a role chain. For more information, see Chaining Roles with Session
+	// Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+	// in the IAM User Guide.
+	//
+	// This parameter is optional. When you set session tags as transitive, the
+	// session policy and session tags packed binary limit is not affected.
+	//
+	// If you choose not to specify a transitive tag key, then no tags are passed
+	// from this session to any subsequent sessions.
+	TransitiveTagKeys []*string `type:"list"`
 }
 
 // String returns the string representation
@@ -1190,6 +1553,26 @@ func (s *AssumeRoleInput) Validate() error {
 	if s.TokenCode != nil && len(*s.TokenCode) < 6 {
 		invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
 	}
+	if s.PolicyArns != nil {
+		for i, v := range s.PolicyArns {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -1215,6 +1598,12 @@ func (s *AssumeRoleInput) SetPolicy(v string) *AssumeRoleInput {
 	return s
 }
 
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleInput {
+	s.PolicyArns = v
+	return s
+}
+
 // SetRoleArn sets the RoleArn field's value.
 func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput {
 	s.RoleArn = &v
@@ -1233,15 +1622,26 @@ func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput {
 	return s
 }
 
+// SetTags sets the Tags field's value.
+func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput {
+	s.Tags = v
+	return s
+}
+
 // SetTokenCode sets the TokenCode field's value.
 func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput {
 	s.TokenCode = &v
 	return s
 }
 
+// SetTransitiveTagKeys sets the TransitiveTagKeys field's value.
+func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput {
+	s.TransitiveTagKeys = v
+	return s
+}
+
 // Contains the response to a successful AssumeRole request, including temporary
 // AWS credentials that can be used to make AWS requests.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse
 type AssumeRoleOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1255,15 +1655,14 @@ type AssumeRoleOutput struct {
 	// The temporary security credentials, which include an access key ID, a secret
 	// access key, and a security (or session) token.
 	//
-	// Note: The size of the security token that STS APIs return is not fixed. We
-	// strongly recommend that you make no assumptions about the maximum size. As
-	// of this writing, the typical size is less than 4096 bytes, but that can vary.
-	// Also, future updates to AWS might require larger sizes.
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
 	Credentials *Credentials `type:"structure"`
 
-	// A percentage value that indicates the size of the policy in packed form.
-	// The service rejects any policy with a packed size greater than 100 percent,
-	// which means the policy exceeded the allowed space.
+	// A percentage value that indicates the packed size of the session policies
+	// and session tags combined passed in the request. The request fails if the
+	// packed size is greater than 100 percent, which means the policies and tags
+	// exceeded the allowed space.
 	PackedPolicySize *int64 `type:"integer"`
 }
 
@@ -1295,51 +1694,83 @@ func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput {
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLRequest
 type AssumeRoleWithSAMLInput struct {
 	_ struct{} `type:"structure"`
 
-	// The duration, in seconds, of the role session. The value can range from 900
-	// seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
-	// to 3600 seconds. An expiration can also be specified in the SAML authentication
-	// response's SessionNotOnOrAfter value. The actual expiration time is whichever
-	// value is shorter.
-	//
-	// This is separate from the duration of a console session that you might request
-	// using the returned credentials. The request to the federation endpoint for
-	// a console sign-in token takes a SessionDuration parameter that specifies
-	// the maximum length of the console session, separately from the DurationSeconds
-	// parameter on this API. For more information, see Enabling SAML 2.0 Federated
-	// Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html)
+	// The duration, in seconds, of the role session. Your role session lasts for
+	// the duration that you specify for the DurationSeconds parameter, or until
+	// the time specified in the SAML authentication response's SessionNotOnOrAfter
+	// value, whichever is shorter. You can provide a DurationSeconds value from
+	// 900 seconds (15 minutes) up to the maximum session duration setting for the
+	// role. This setting can have a value from 1 hour to 12 hours. If you specify
+	// a value higher than this setting, the operation fails. For example, if you
+	// specify a session duration of 12 hours, but your administrator set the maximum
+	// session duration to 6 hours, your operation fails. To learn how to view the
+	// maximum value for your role, see View the Maximum Session Duration Setting
+	// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// in the IAM User Guide.
+	//
+	// By default, the value is set to 3600 seconds.
+	//
+	// The DurationSeconds parameter is separate from the duration of a console
+	// session that you might request using the returned credentials. The request
+	// to the federation endpoint for a console sign-in token takes a SessionDuration
+	// parameter that specifies the maximum length of the console session. For more
+	// information, see Creating a URL that Enables Federated Users to Access the
+	// AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
 	// in the IAM User Guide.
 	DurationSeconds *int64 `min:"900" type:"integer"`
 
-	// An IAM policy in JSON format.
-	//
-	// The policy parameter is optional. If you pass a policy, the temporary security
-	// credentials that are returned by the operation have the permissions that
-	// are allowed by both the access policy of the role that is being assumed,
-	// and the policy that you pass. This gives you a way to further restrict the
-	// permissions for the resulting temporary security credentials. You cannot
-	// use the passed policy to grant permissions that are in excess of those allowed
-	// by the access policy of the role that is being assumed. For more information,
-	// Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity
-	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
+	// An IAM policy in JSON format that you want to use as an inline session policy.
+	//
+	// This parameter is optional. Passing policies to this operation returns new
+	// temporary credentials. The resulting session's permissions are the intersection
+	// of the role's identity-based policy and the session policies. You can use
+	// the role's temporary credentials in subsequent AWS API calls to access resources
+	// in the account that owns the role. You cannot use session policies to grant
+	// more permissions than those allowed by the identity-based policy of the role
+	// that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
-	// of characters up to 2048 characters in length. The characters can be any
-	// ASCII character from the space character to the end of the valid character
-	// list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A),
+	// The plain text that you use for both inline and managed session policies
+	// can't exceed 2,048 characters. The JSON policy characters can be any ASCII
+	// character from the space character to the end of the valid character list
+	// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
 	// and carriage return (\u000D) characters.
 	//
-	// The policy plain text must be 2048 bytes or shorter. However, an internal
-	// conversion compresses it into a packed binary format with a separate limit.
-	// The PackedPolicySize response element indicates by percentage how close to
-	// the upper size limit the policy is, with 100% equaling the maximum allowed
-	// size.
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
 	Policy *string `min:"1" type:"string"`
 
+	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+	// to use as managed session policies. The policies must exist in the same account
+	// as the role.
+	//
+	// This parameter is optional. You can provide up to 10 managed policy ARNs.
+	// However, the plain text that you use for both inline and managed session
+	// policies can't exceed 2,048 characters. For more information about ARNs,
+	// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the AWS General Reference.
+	//
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
+	//
+	// Passing policies to this operation returns new temporary credentials. The
+	// resulting session's permissions are the intersection of the role's identity-based
+	// policy and the session policies. You can use the role's temporary credentials
+	// in subsequent AWS API calls to access resources in the account that owns
+	// the role. You cannot use session policies to grant more permissions than
+	// those allowed by the identity-based policy of the role that is being assumed.
+	// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	PolicyArns []*PolicyDescriptorType `type:"list"`
+
 	// The Amazon Resource Name (ARN) of the SAML provider in IAM that describes
 	// the IdP.
 	//
@@ -1353,8 +1784,8 @@ type AssumeRoleWithSAMLInput struct {
 
 	// The base-64 encoded SAML authentication response provided by the IdP.
 	//
-	// For more information, see Configuring a Relying Party and Adding Claims (http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
-	// in the Using IAM guide.
+	// For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
+	// in the IAM User Guide.
 	//
 	// SAMLAssertion is a required field
 	SAMLAssertion *string `min:"4" type:"string" required:"true"`
@@ -1397,6 +1828,16 @@ func (s *AssumeRoleWithSAMLInput) Validate() error {
 	if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 {
 		invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4))
 	}
+	if s.PolicyArns != nil {
+		for i, v := range s.PolicyArns {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -1416,6 +1857,12 @@ func (s *AssumeRoleWithSAMLInput) SetPolicy(v string) *AssumeRoleWithSAMLInput {
 	return s
 }
 
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleWithSAMLInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithSAMLInput {
+	s.PolicyArns = v
+	return s
+}
+
 // SetPrincipalArn sets the PrincipalArn field's value.
 func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput {
 	s.PrincipalArn = &v
@@ -1436,7 +1883,6 @@ func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAML
 
 // Contains the response to a successful AssumeRoleWithSAML request, including
 // temporary AWS credentials that can be used to make AWS requests.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLResponse
 type AssumeRoleWithSAMLOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1451,10 +1897,8 @@ type AssumeRoleWithSAMLOutput struct {
 	// The temporary security credentials, which include an access key ID, a secret
 	// access key, and a security (or session) token.
 	//
-	// Note: The size of the security token that STS APIs return is not fixed. We
-	// strongly recommend that you make no assumptions about the maximum size. As
-	// of this writing, the typical size is less than 4096 bytes, but that can vary.
-	// Also, future updates to AWS might require larger sizes.
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
 	Credentials *Credentials `type:"structure"`
 
 	// The value of the Issuer element of the SAML assertion.
@@ -1471,9 +1915,10 @@ type AssumeRoleWithSAMLOutput struct {
 	// ) )
 	NameQualifier *string `type:"string"`
 
-	// A percentage value that indicates the size of the policy in packed form.
-	// The service rejects any policy with a packed size greater than 100 percent,
-	// which means the policy exceeded the allowed space.
+	// A percentage value that indicates the packed size of the session policies
+	// and session tags combined passed in the request. The request fails if the
+	// packed size is greater than 100 percent, which means the policies and tags
+	// exceeded the allowed space.
 	PackedPolicySize *int64 `type:"integer"`
 
 	// The value of the NameID element in the Subject element of the SAML assertion.
@@ -1548,48 +1993,80 @@ func (s *AssumeRoleWithSAMLOutput) SetSubjectType(v string) *AssumeRoleWithSAMLO
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityRequest
 type AssumeRoleWithWebIdentityInput struct {
 	_ struct{} `type:"structure"`
 
 	// The duration, in seconds, of the role session. The value can range from 900
-	// seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
-	// to 3600 seconds.
-	//
-	// This is separate from the duration of a console session that you might request
-	// using the returned credentials. The request to the federation endpoint for
-	// a console sign-in token takes a SessionDuration parameter that specifies
-	// the maximum length of the console session, separately from the DurationSeconds
-	// parameter on this API. For more information, see Creating a URL that Enables
-	// Federated Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+	// seconds (15 minutes) up to the maximum session duration setting for the role.
+	// This setting can have a value from 1 hour to 12 hours. If you specify a value
+	// higher than this setting, the operation fails. For example, if you specify
+	// a session duration of 12 hours, but your administrator set the maximum session
+	// duration to 6 hours, your operation fails. To learn how to view the maximum
+	// value for your role, see View the Maximum Session Duration Setting for a
+	// Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// in the IAM User Guide.
+	//
+	// By default, the value is set to 3600 seconds.
+	//
+	// The DurationSeconds parameter is separate from the duration of a console
+	// session that you might request using the returned credentials. The request
+	// to the federation endpoint for a console sign-in token takes a SessionDuration
+	// parameter that specifies the maximum length of the console session. For more
+	// information, see Creating a URL that Enables Federated Users to Access the
+	// AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
 	// in the IAM User Guide.
 	DurationSeconds *int64 `min:"900" type:"integer"`
 
-	// An IAM policy in JSON format.
+	// An IAM policy in JSON format that you want to use as an inline session policy.
 	//
-	// The policy parameter is optional. If you pass a policy, the temporary security
-	// credentials that are returned by the operation have the permissions that
-	// are allowed by both the access policy of the role that is being assumed,
-	// and the policy that you pass. This gives you a way to further restrict the
-	// permissions for the resulting temporary security credentials. You cannot
-	// use the passed policy to grant permissions that are in excess of those allowed
-	// by the access policy of the role that is being assumed. For more information,
-	// see Permissions for AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
+	// This parameter is optional. Passing policies to this operation returns new
+	// temporary credentials. The resulting session's permissions are the intersection
+	// of the role's identity-based policy and the session policies. You can use
+	// the role's temporary credentials in subsequent AWS API calls to access resources
+	// in the account that owns the role. You cannot use session policies to grant
+	// more permissions than those allowed by the identity-based policy of the role
+	// that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
-	// of characters up to 2048 characters in length. The characters can be any
-	// ASCII character from the space character to the end of the valid character
-	// list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A),
+	// The plain text that you use for both inline and managed session policies
+	// can't exceed 2,048 characters. The JSON policy characters can be any ASCII
+	// character from the space character to the end of the valid character list
+	// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
 	// and carriage return (\u000D) characters.
 	//
-	// The policy plain text must be 2048 bytes or shorter. However, an internal
-	// conversion compresses it into a packed binary format with a separate limit.
-	// The PackedPolicySize response element indicates by percentage how close to
-	// the upper size limit the policy is, with 100% equaling the maximum allowed
-	// size.
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
 	Policy *string `min:"1" type:"string"`
 
+	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+	// to use as managed session policies. The policies must exist in the same account
+	// as the role.
+	//
+	// This parameter is optional. You can provide up to 10 managed policy ARNs.
+	// However, the plain text that you use for both inline and managed session
+	// policies can't exceed 2,048 characters. For more information about ARNs,
+	// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the AWS General Reference.
+	//
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
+	//
+	// Passing policies to this operation returns new temporary credentials. The
+	// resulting session's permissions are the intersection of the role's identity-based
+	// policy and the session policies. You can use the role's temporary credentials
+	// in subsequent AWS API calls to access resources in the account that owns
+	// the role. You cannot use session policies to grant more permissions than
+	// those allowed by the identity-based policy of the role that is being assumed.
+	// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	PolicyArns []*PolicyDescriptorType `type:"list"`
+
 	// The fully qualified host component of the domain name of the identity provider.
 	//
 	// Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com
@@ -1666,6 +2143,16 @@ func (s *AssumeRoleWithWebIdentityInput) Validate() error {
 	if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 {
 		invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4))
 	}
+	if s.PolicyArns != nil {
+		for i, v := range s.PolicyArns {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -1685,6 +2172,12 @@ func (s *AssumeRoleWithWebIdentityInput) SetPolicy(v string) *AssumeRoleWithWebI
 	return s
 }
 
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithWebIdentityInput {
+	s.PolicyArns = v
+	return s
+}
+
 // SetProviderId sets the ProviderId field's value.
 func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput {
 	s.ProviderId = &v
@@ -1711,7 +2204,6 @@ func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRo
 
 // Contains the response to a successful AssumeRoleWithWebIdentity request,
 // including temporary AWS credentials that can be used to make AWS requests.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityResponse
 type AssumeRoleWithWebIdentityOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1730,19 +2222,18 @@ type AssumeRoleWithWebIdentityOutput struct {
 	// The temporary security credentials, which include an access key ID, a secret
 	// access key, and a security token.
 	//
-	// Note: The size of the security token that STS APIs return is not fixed. We
-	// strongly recommend that you make no assumptions about the maximum size. As
-	// of this writing, the typical size is less than 4096 bytes, but that can vary.
-	// Also, future updates to AWS might require larger sizes.
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
 	Credentials *Credentials `type:"structure"`
 
-	// A percentage value that indicates the size of the policy in packed form.
-	// The service rejects any policy with a packed size greater than 100 percent,
-	// which means the policy exceeded the allowed space.
+	// A percentage value that indicates the packed size of the session policies
+	// and session tags combined passed in the request. The request fails if the
+	// packed size is greater than 100 percent, which means the policies and tags
+	// exceeded the allowed space.
 	PackedPolicySize *int64 `type:"integer"`
 
 	// The issuing authority of the web identity token presented. For OpenID Connect
-	// ID Tokens this contains the value of the iss field. For OAuth 2.0 access
+	// ID tokens, this contains the value of the iss field. For OAuth 2.0 access
 	// tokens, this contains the value of the ProviderId parameter that was passed
 	// in the AssumeRoleWithWebIdentity request.
 	Provider *string `type:"string"`
@@ -1804,14 +2295,13 @@ func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v strin
 
 // The identifiers for the temporary security credentials that the operation
 // returns.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser
 type AssumedRoleUser struct {
 	_ struct{} `type:"structure"`
 
 	// The ARN of the temporary security credentials that are returned from the
 	// AssumeRole action. For more information about ARNs and how to use them in
-	// policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
-	// in Using IAM.
+	// policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
+	// in the IAM User Guide.
 	//
 	// Arn is a required field
 	Arn *string `min:"20" type:"string" required:"true"`
@@ -1847,7 +2337,6 @@ func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser {
 }
 
 // AWS credentials for API authentication.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Credentials
 type Credentials struct {
 	_ struct{} `type:"structure"`
 
@@ -1859,7 +2348,7 @@ type Credentials struct {
 	// The date on which the current credentials expire.
 	//
 	// Expiration is a required field
-	Expiration *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`
+	Expiration *time.Time `type:"timestamp" required:"true"`
 
 	// The secret access key that can be used to sign requests.
 	//
@@ -1906,7 +2395,6 @@ func (s *Credentials) SetSessionToken(v string) *Credentials {
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageRequest
 type DecodeAuthorizationMessageInput struct {
 	_ struct{} `type:"structure"`
 
@@ -1951,7 +2439,6 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut
 // A document that contains additional information about the authorization status
 // of a request from an encoded message that is returned in response to an AWS
 // request.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse
 type DecodeAuthorizationMessageOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1976,14 +2463,13 @@ func (s *DecodeAuthorizationMessageOutput) SetDecodedMessage(v string) *DecodeAu
 }
 
 // Identifiers for the federated user that is associated with the credentials.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/FederatedUser
 type FederatedUser struct {
 	_ struct{} `type:"structure"`
 
 	// The ARN that specifies the federated user that is associated with the credentials.
 	// For more information about ARNs and how to use them in policies, see IAM
-	// Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
-	// in Using IAM.
+	// Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
+	// in the IAM User Guide.
 	//
 	// Arn is a required field
 	Arn *string `min:"20" type:"string" required:"true"`
@@ -2017,7 +2503,73 @@ func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser {
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityRequest
+type GetAccessKeyInfoInput struct {
+	_ struct{} `type:"structure"`
+
+	// The identifier of an access key.
+	//
+	// This parameter allows (through its regex pattern) a string of characters
+	// that can consist of any upper- or lowercase letter or digit.
+	//
+	// AccessKeyId is a required field
+	AccessKeyId *string `min:"16" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetAccessKeyInfoInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetAccessKeyInfoInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetAccessKeyInfoInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyInfoInput"}
+	if s.AccessKeyId == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
+	}
+	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
+		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput {
+	s.AccessKeyId = &v
+	return s
+}
+
+type GetAccessKeyInfoOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The number used to identify the AWS account.
+	Account *string `type:"string"`
+}
+
+// String returns the string representation
+func (s GetAccessKeyInfoOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetAccessKeyInfoOutput) GoString() string {
+	return s.String()
+}
+
+// SetAccount sets the Account field's value.
+func (s *GetAccessKeyInfoOutput) SetAccount(v string) *GetAccessKeyInfoOutput {
+	s.Account = &v
+	return s
+}
+
 type GetCallerIdentityInput struct {
 	_ struct{} `type:"structure"`
 }
@@ -2034,7 +2586,6 @@ func (s GetCallerIdentityInput) GoString() string {
 
 // Contains the response to a successful GetCallerIdentity request, including
 // information about the entity making the request.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityResponse
 type GetCallerIdentityOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -2046,8 +2597,8 @@ type GetCallerIdentityOutput struct {
 	Arn *string `min:"20" type:"string"`
 
 	// The unique identifier of the calling entity. The exact value depends on the
-	// type of entity making the call. The values returned are those listed in the
-	// aws:userid column in the Principal table (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
+	// type of entity that is making the call. The values returned are those listed
+	// in the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
 	// found on the Policy Variables reference page in the IAM User Guide.
 	UserId *string `type:"string"`
 }
@@ -2080,17 +2631,15 @@ func (s *GetCallerIdentityOutput) SetUserId(v string) *GetCallerIdentityOutput {
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest
 type GetFederationTokenInput struct {
 	_ struct{} `type:"structure"`
 
 	// The duration, in seconds, that the session should last. Acceptable durations
-	// for federation sessions range from 900 seconds (15 minutes) to 129600 seconds
-	// (36 hours), with 43200 seconds (12 hours) as the default. Sessions obtained
-	// using AWS account (root) credentials are restricted to a maximum of 3600
+	// for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
+	// (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
+	// using AWS account root user credentials are restricted to a maximum of 3,600
 	// seconds (one hour). If the specified duration is longer than one hour, the
-	// session obtained by using AWS account (root) credentials defaults to one
-	// hour.
+	// session obtained by using root user credentials defaults to one hour.
 	DurationSeconds *int64 `min:"900" type:"integer"`
 
 	// The name of the federated user. The name is used as an identifier for the
@@ -2105,36 +2654,107 @@ type GetFederationTokenInput struct {
 	// Name is a required field
 	Name *string `min:"2" type:"string" required:"true"`
 
-	// An IAM policy in JSON format that is passed with the GetFederationToken call
-	// and evaluated along with the policy or policies that are attached to the
-	// IAM user whose credentials are used to call GetFederationToken. The passed
-	// policy is used to scope down the permissions that are available to the IAM
-	// user, by allowing only a subset of the permissions that are granted to the
-	// IAM user. The passed policy cannot grant more permissions than those granted
-	// to the IAM user. The final permissions for the federated user are the most
-	// restrictive set based on the intersection of the passed policy and the IAM
-	// user policy.
-	//
-	// If you do not pass a policy, the resulting temporary security credentials
-	// have no effective permissions. The only exception is when the temporary security
-	// credentials are used to access a resource that has a resource-based policy
-	// that specifically allows the federated user to access the resource.
-	//
-	// The format for this parameter, as described by its regex pattern, is a string
-	// of characters up to 2048 characters in length. The characters can be any
-	// ASCII character from the space character to the end of the valid character
-	// list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A),
-	// and carriage return (\u000D) characters.
+	// An IAM policy in JSON format that you want to use as an inline session policy.
+	//
+	// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// to this operation. You can pass a single JSON policy document to use as an
+	// inline session policy. You can also specify up to 10 managed policies to
+	// use as managed session policies.
+	//
+	// This parameter is optional. However, if you do not pass any session policies,
+	// then the resulting federated user session has no permissions.
 	//
-	// The policy plain text must be 2048 bytes or shorter. However, an internal
-	// conversion compresses it into a packed binary format with a separate limit.
-	// The PackedPolicySize response element indicates by percentage how close to
-	// the upper size limit the policy is, with 100% equaling the maximum allowed
-	// size.
+	// When you pass session policies, the session permissions are the intersection
+	// of the IAM user policies and the session policies that you pass. This gives
+	// you a way to further restrict the permissions for a federated user. You cannot
+	// use session policies to grant more permissions than those that are defined
+	// in the permissions policy of the IAM user. For more information, see Session
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	//
+	// The resulting credentials can be used to access a resource that has a resource-based
+	// policy. If that policy specifically references the federated user session
+	// in the Principal element of the policy, the session has the permissions allowed
+	// by the policy. These permissions are granted in addition to the permissions
+	// that are granted by the session policies.
 	//
-	// For more information about how permissions work, see Permissions for GetFederationToken
-	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html).
+	// The plain text that you use for both inline and managed session policies
+	// can't exceed 2,048 characters. The JSON policy characters can be any ASCII
+	// character from the space character to the end of the valid character list
+	// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
+	// and carriage return (\u000D) characters.
+	//
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
 	Policy *string `min:"1" type:"string"`
+
+	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+	// to use as a managed session policy. The policies must exist in the same account
+	// as the IAM user that is requesting federated access.
+	//
+	// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// to this operation. You can pass a single JSON policy document to use as an
+	// inline session policy. You can also specify up to 10 managed policies to
+	// use as managed session policies. The plain text that you use for both inline
+	// and managed session policies can't exceed 2,048 characters. You can provide
+	// up to 10 managed policy ARNs. For more information about ARNs, see Amazon
+	// Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the AWS General Reference.
+	//
+	// This parameter is optional. However, if you do not pass any session policies,
+	// then the resulting federated user session has no permissions.
+	//
+	// When you pass session policies, the session permissions are the intersection
+	// of the IAM user policies and the session policies that you pass. This gives
+	// you a way to further restrict the permissions for a federated user. You cannot
+	// use session policies to grant more permissions than those that are defined
+	// in the permissions policy of the IAM user. For more information, see Session
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	//
+	// The resulting credentials can be used to access a resource that has a resource-based
+	// policy. If that policy specifically references the federated user session
+	// in the Principal element of the policy, the session has the permissions allowed
+	// by the policy. These permissions are granted in addition to the permissions
+	// that are granted by the session policies.
+	//
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
+	PolicyArns []*PolicyDescriptorType `type:"list"`
+
+	// A list of session tags. Each session tag consists of a key name and an associated
+	// value. For more information about session tags, see Passing Session Tags
+	// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// in the IAM User Guide.
+	//
+	// This parameter is optional. You can pass up to 50 session tags. The plain
+	// text session tag keys can’t exceed 128 characters and the values can’t
+	// exceed 256 characters. For these and additional limits, see IAM and STS Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	//
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
+	//
+	// You can pass a session tag with the same key as a tag that is already attached
+	// to the user you are federating. When you do, session tags override a user
+	// tag with the same key.
+	//
+	// Tag key–value pairs are not case sensitive, but case is preserved. This
+	// means that you cannot have separate Department and department tag keys. Assume
+	// that the role has the Department=Marketing tag and you pass the department=engineering
+	// session tag. Department and department are not saved as separate tags, and
+	// the session tag passed in the request takes precedence over the role tag.
+	Tags []*Tag `type:"list"`
 }
 
 // String returns the string representation
@@ -2162,6 +2782,26 @@ func (s *GetFederationTokenInput) Validate() error {
 	if s.Policy != nil && len(*s.Policy) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
 	}
+	if s.PolicyArns != nil {
+		for i, v := range s.PolicyArns {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -2187,19 +2827,28 @@ func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput {
 	return s
 }
 
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetFederationTokenInput {
+	s.PolicyArns = v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput {
+	s.Tags = v
+	return s
+}
+
 // Contains the response to a successful GetFederationToken request, including
 // temporary AWS credentials that can be used to make AWS requests.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenResponse
 type GetFederationTokenOutput struct {
 	_ struct{} `type:"structure"`
 
 	// The temporary security credentials, which include an access key ID, a secret
 	// access key, and a security (or session) token.
 	//
-	// Note: The size of the security token that STS APIs return is not fixed. We
-	// strongly recommend that you make no assumptions about the maximum size. As
-	// of this writing, the typical size is less than 4096 bytes, but that can vary.
-	// Also, future updates to AWS might require larger sizes.
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
 	Credentials *Credentials `type:"structure"`
 
 	// Identifiers for the federated user associated with the credentials (such
@@ -2208,9 +2857,10 @@ type GetFederationTokenOutput struct {
 	// an Amazon S3 bucket policy.
 	FederatedUser *FederatedUser `type:"structure"`
 
-	// A percentage value indicating the size of the policy in packed form. The
-	// service rejects policies for which the packed size is greater than 100 percent
-	// of the allowed value.
+	// A percentage value that indicates the packed size of the session policies
+	// and session tags combined passed in the request. The request fails if the
+	// packed size is greater than 100 percent, which means the policies and tags
+	// exceeded the allowed space.
 	PackedPolicySize *int64 `type:"integer"`
 }
 
@@ -2242,16 +2892,15 @@ func (s *GetFederationTokenOutput) SetPackedPolicySize(v int64) *GetFederationTo
 	return s
 }
 
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenRequest
 type GetSessionTokenInput struct {
 	_ struct{} `type:"structure"`
 
 	// The duration, in seconds, that the credentials should remain valid. Acceptable
-	// durations for IAM user sessions range from 900 seconds (15 minutes) to 129600
-	// seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions
-	// for AWS account owners are restricted to a maximum of 3600 seconds (one hour).
-	// If the duration is longer than one hour, the session for AWS account owners
-	// defaults to one hour.
+	// durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600
+	// seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
+	// for AWS account owners are restricted to a maximum of 3,600 seconds (one
+	// hour). If the duration is longer than one hour, the session for AWS account
+	// owners defaults to one hour.
 	DurationSeconds *int64 `min:"900" type:"integer"`
 
 	// The identification number of the MFA device that is associated with the IAM
@@ -2262,16 +2911,16 @@ type GetSessionTokenInput struct {
 	// You can find the device for an IAM user by going to the AWS Management Console
 	// and viewing the user's security credentials.
 	//
-	// The regex used to validated this parameter is a string of characters consisting
+	// The regex used to validate this parameter is a string of characters consisting
 	// of upper- and lower-case alphanumeric characters with no spaces. You can
 	// also include underscores or any of the following characters: =,.@:/-
 	SerialNumber *string `min:"9" type:"string"`
 
 	// The value provided by the MFA device, if MFA is required. If any policy requires
 	// the IAM user to submit an MFA code, specify this value. If MFA authentication
-	// is required, and the user does not provide a code when requesting a set of
-	// temporary security credentials, the user will receive an "access denied"
-	// response when requesting resources that require MFA authentication.
+	// is required, the user must provide a code when requesting a set of temporary
+	// security credentials. A user who fails to provide the code receives an "access
+	// denied" response when requesting resources that require MFA authentication.
 	//
 	// The format for this parameter, as described by its regex pattern, is a sequence
 	// of six numeric digits.
@@ -2327,17 +2976,14 @@ func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput {
 
 // Contains the response to a successful GetSessionToken request, including
 // temporary AWS credentials that can be used to make AWS requests.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenResponse
 type GetSessionTokenOutput struct {
 	_ struct{} `type:"structure"`
 
 	// The temporary security credentials, which include an access key ID, a secret
 	// access key, and a security (or session) token.
 	//
-	// Note: The size of the security token that STS APIs return is not fixed. We
-	// strongly recommend that you make no assumptions about the maximum size. As
-	// of this writing, the typical size is less than 4096 bytes, but that can vary.
-	// Also, future updates to AWS might require larger sizes.
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
 	Credentials *Credentials `type:"structure"`
 }
 
@@ -2356,3 +3002,114 @@ func (s *GetSessionTokenOutput) SetCredentials(v *Credentials) *GetSessionTokenO
 	s.Credentials = v
 	return s
 }
+
+// A reference to the IAM managed policy that is passed as a session policy
+// for a role session or a federated user session.
+type PolicyDescriptorType struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
+	// policy for the role. For more information about ARNs, see Amazon Resource
+	// Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the AWS General Reference.
+	Arn *string `locationName:"arn" min:"20" type:"string"`
+}
+
+// String returns the string representation
+func (s PolicyDescriptorType) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PolicyDescriptorType) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PolicyDescriptorType) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PolicyDescriptorType"}
+	if s.Arn != nil && len(*s.Arn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("Arn", 20))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetArn sets the Arn field's value.
+func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
+	s.Arn = &v
+	return s
+}
+
+// You can pass custom key-value pair attributes when you assume a role or federate
+// a user. These are called session tags. You can then use the session tags
+// to control access to resources. For more information, see Tagging AWS STS
+// Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+type Tag struct {
+	_ struct{} `type:"structure"`
+
+	// The key for a session tag.
+	//
+	// You can pass up to 50 session tags. The plain text session tag keys can’t
+	// exceed 128 characters. For these and additional limits, see IAM and STS Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	//
+	// Key is a required field
+	Key *string `min:"1" type:"string" required:"true"`
+
+	// The value for a session tag.
+	//
+	// You can pass up to 50 session tags. The plain text session tag values can’t
+	// exceed 256 characters. For these and additional limits, see IAM and STS Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	//
+	// Value is a required field
+	Value *string `type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s Tag) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s Tag) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tag) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Tag"}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.Value == nil {
+		invalidParams.Add(request.NewErrParamRequired("Value"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+	s.Key = &v
+	return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+	s.Value = &v
+	return s
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
index 4010cc7fa147d..d5307fcaa0f3a 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
@@ -3,10 +3,9 @@ package sts
 import "github.com/aws/aws-sdk-go/aws/request"
 
 func init() {
-	initRequest = func(r *request.Request) {
-		switch r.Operation.Name {
-		case opAssumeRoleWithSAML, opAssumeRoleWithWebIdentity:
-			r.Handlers.Sign.Clear() // these operations are unsigned
-		}
-	}
+	initRequest = customizeRequest
+}
+
+func customizeRequest(r *request.Request) {
+	r.RetryErrorCodes = append(r.RetryErrorCodes, ErrCodeIDPCommunicationErrorException)
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
index ef681ab0c63c6..fcb720dcac6dd 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
@@ -7,22 +7,14 @@
 // request temporary, limited-privilege credentials for AWS Identity and Access
 // Management (IAM) users or for users that you authenticate (federated users).
 // This guide provides descriptions of the STS API. For more detailed information
-// about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
-//
-// As an alternative to using the API, you can use one of the AWS SDKs, which
-// consist of libraries and sample code for various programming languages and
-// platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient
-// way to create programmatic access to STS. For example, the SDKs take care
-// of cryptographically signing requests, managing errors, and retrying requests
-// automatically. For information about the AWS SDKs, including how to download
-// and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/).
+// about using this service, go to Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
 //
 // For information about setting up signatures and authorization through the
-// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
+// API, go to Signing AWS API Requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
 // in the AWS General Reference. For general information about the Query API,
-// go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
+// go to Making Query Requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
 // in Using IAM. For information about using security tokens with other AWS
-// products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
+// products, go to AWS Services That Work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
 // in the IAM User Guide.
 //
 // If you're new to AWS and need additional technical information about a specific
@@ -31,14 +23,38 @@
 //
 // Endpoints
 //
-// The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com
-// that maps to the US East (N. Virginia) region. Additional regions are available
-// and are activated by default. For more information, see Activating and Deactivating
-// AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// By default, AWS Security Token Service (STS) is available as a global service,
+// and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com.
+// Global requests map to the US East (N. Virginia) region. AWS recommends using
+// Regional AWS STS endpoints instead of the global endpoint to reduce latency,
+// build in redundancy, and increase session token validity. For more information,
+// see Managing AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
+//
+// Most AWS Regions are enabled for operations in all AWS services by default.
+// Those Regions are automatically activated for use with AWS STS. Some Regions,
+// such as Asia Pacific (Hong Kong), must be manually enabled. To learn more
+// about enabling and disabling AWS Regions, see Managing AWS Regions (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html)
+// in the AWS General Reference. When you enable these AWS Regions, they are
+// automatically activated for use with AWS STS. You cannot activate the STS
+// endpoint for a Region that is disabled. Tokens that are valid in all AWS
+// Regions are longer than tokens that are valid in Regions that are enabled
+// by default. Changing this setting might affect existing systems where you
+// temporarily store tokens. For more information, see Managing Global Endpoint
+// Session Tokens (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-manage-tokens)
 // in the IAM User Guide.
 //
-// For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region)
-// in the AWS General Reference.
+// After you activate a Region for use with AWS STS, you can direct AWS STS
+// API calls to that Region. AWS STS recommends that you provide both the Region
+// and endpoint when you make calls to a Regional endpoint. You can provide
+// the Region alone for manually enabled Regions, such as Asia Pacific (Hong
+// Kong). In this case, the calls are directed to the STS Regional endpoint.
+// However, if you provide the Region alone for Regions enabled by default,
+// the calls are directed to the global endpoint of https://sts.amazonaws.com.
+//
+// To view the list of AWS STS endpoints and whether they are active by default,
+// see Writing Code to Use AWS STS Regions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#id_credentials_temp_enable-regions_writing_code)
+// in the IAM User Guide.
 //
 // Recording API requests
 //
@@ -46,8 +62,28 @@
 // your AWS account and delivers log files to an Amazon S3 bucket. By using
 // information collected by CloudTrail, you can determine what requests were
 // successfully made to STS, who made the request, when it was made, and so
-// on. To learn more about CloudTrail, including how to turn it on and find
-// your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
+// on.
+//
+// If you activate AWS STS endpoints in Regions other than the default global
+// endpoint, then you must also turn on CloudTrail logging in those Regions.
+// This is necessary to record any AWS STS API calls that are made in those
+// Regions. For more information, see Turning On CloudTrail in Additional Regions
+// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/aggregating_logs_regions_turn_on_ct.html)
+// in the AWS CloudTrail User Guide.
+//
+// AWS Security Token Service (STS) is a global service with a single endpoint
+// at https://sts.amazonaws.com. Calls to this endpoint are logged as calls
+// to a global service. However, because this endpoint is physically located
+// in the US East (N. Virginia) Region, your logs list us-east-1 as the event
+// Region. CloudTrail does not write these logs to the US East (Ohio) Region
+// unless you choose to include global service logs in that Region. CloudTrail
+// writes calls to all Regional endpoints to their respective Regions. For example,
+// calls to sts.us-east-2.amazonaws.com are published to the US East (Ohio)
+// Region and calls to sts.eu-central-1.amazonaws.com are published to the EU
+// (Frankfurt) Region.
+//
+// To learn more about CloudTrail, including how to turn it on and find your
+// log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
 //
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
index e24884ef371a9..a233f542ef293 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
@@ -14,11 +14,11 @@ const (
 	// ErrCodeIDPCommunicationErrorException for service response error code
 	// "IDPCommunicationError".
 	//
-	// The request could not be fulfilled because the non-AWS identity provider
-	// (IDP) that was asked to verify the incoming identity token could not be reached.
-	// This is often a transient error caused by network conditions. Retry the request
+	// The request could not be fulfilled because the identity provider (IDP) that
+	// was asked to verify the incoming identity token could not be reached. This
+	// is often a transient error caused by network conditions. Retry the request
 	// a limited number of times so that you don't exceed the request rate. If the
-	// error persists, the non-AWS identity provider might be down or not responding.
+	// error persists, the identity provider might be down or not responding.
 	ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
 
 	// ErrCodeIDPRejectedClaimException for service response error code
@@ -56,9 +56,18 @@ const (
 	// ErrCodePackedPolicyTooLargeException for service response error code
 	// "PackedPolicyTooLarge".
 	//
-	// The request was rejected because the policy document was too large. The error
-	// message describes how big the policy document is, in packed form, as a percentage
-	// of what the API allows.
+	// The request was rejected because the total packed size of the session policies
+	// and session tags combined was too large. An AWS conversion compresses the
+	// session policy document, session policy ARNs, and session tags into a packed
+	// binary format that has a separate limit. The error message indicates by percentage
+	// how close the policies and tags are to the upper size limit. For more information,
+	// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// in the IAM User Guide.
+	//
+	// You could receive this error even though you meet other defined session policy
+	// and session tag limits. For more information, see IAM and STS Entity Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+	// in the IAM User Guide.
 	ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
 
 	// ErrCodeRegionDisabledException for service response error code
@@ -67,7 +76,7 @@ const (
 	// STS is not activated in the requested region for the account that is being
 	// asked to generate credentials. The account administrator must use the IAM
 	// console to activate STS in that region. For more information, see Activating
-	// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+	// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 	// in the IAM User Guide.
 	ErrCodeRegionDisabledException = "RegionDisabledException"
 )
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
index 1ee5839e0462b..d34a6855331bc 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
@@ -29,8 +29,9 @@ var initRequest func(*request.Request)
 
 // Service information constants
 const (
-	ServiceName = "sts"       // Service endpoint prefix API calls made to.
-	EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata.
+	ServiceName = "sts"       // Name of service.
+	EndpointsID = ServiceName // ID to lookup a service endpoint with.
+	ServiceID   = "STS"       // ServiceID is a unique identifier of a specific service.
 )
 
 // New creates a new instance of the STS client with a session.
@@ -38,6 +39,8 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
+//     mySession := session.Must(session.NewSession())
+//
 //     // Create a STS client from just a session.
 //     svc := sts.New(mySession)
 //
@@ -45,18 +48,20 @@ const (
 //     svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *STS {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *STS {
 	svc := &STS{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
 				ServiceName:   ServiceName,
+				ServiceID:     ServiceID,
 				SigningName:   signingName,
 				SigningRegion: signingRegion,
+				PartitionID:   partitionID,
 				Endpoint:      endpoint,
 				APIVersion:    "2011-06-15",
 			},
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
new file mode 100644
index 0000000000000..e2e1d6efe55f0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
@@ -0,0 +1,96 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package stsiface provides an interface to enable mocking the AWS Security Token Service service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package stsiface
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/service/sts"
+)
+
+// STSAPI provides an interface to enable mocking the
+// sts.STS service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+//    // myFunc uses an SDK service client to make a request to
+//    // AWS Security Token Service.
+//    func myFunc(svc stsiface.STSAPI) bool {
+//        // Make svc.AssumeRole request
+//    }
+//
+//    func main() {
+//        sess := session.New()
+//        svc := sts.New(sess)
+//
+//        myFunc(svc)
+//    }
+//
+// In your _test.go file:
+//
+//    // Define a mock struct to be used in your unit tests of myFunc.
+//    type mockSTSClient struct {
+//        stsiface.STSAPI
+//    }
+//    func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+//        // mock response/functionality
+//    }
+//
+//    func TestMyFunc(t *testing.T) {
+//        // Setup Test
+//        mockSvc := &mockSTSClient{}
+//
+//        myfunc(mockSvc)
+//
+//        // Verify myFunc's functionality
+//    }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type STSAPI interface {
+	AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
+	AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
+	AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput)
+
+	AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error)
+	AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error)
+	AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput)
+
+	AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error)
+	AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error)
+	AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput)
+
+	DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error)
+	DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error)
+	DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput)
+
+	GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error)
+	GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error)
+	GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput)
+
+	GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error)
+	GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error)
+	GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput)
+
+	GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error)
+	GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error)
+	GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput)
+
+	GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error)
+	GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error)
+	GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput)
+}
+
+var _ STSAPI = (*sts.STS)(nil)
diff --git a/vendor/github.com/beorn7/perks/go.mod b/vendor/github.com/beorn7/perks/go.mod
new file mode 100644
index 0000000000000..c4022f2127a94
--- /dev/null
+++ b/vendor/github.com/beorn7/perks/go.mod
@@ -0,0 +1,3 @@
+module github.com/beorn7/perks
+
+go 1.11
diff --git a/vendor/github.com/cespare/xxhash/v2/LICENSE.txt b/vendor/github.com/cespare/xxhash/v2/LICENSE.txt
new file mode 100644
index 0000000000000..24b53065f40b5
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/LICENSE.txt
@@ -0,0 +1,22 @@
+Copyright (c) 2016 Caleb Spare
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/cespare/xxhash/v2/README.md b/vendor/github.com/cespare/xxhash/v2/README.md
new file mode 100644
index 0000000000000..2fd8693c21b20
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/README.md
@@ -0,0 +1,67 @@
+# xxhash
+
+[![GoDoc](https://godoc.org/github.com/cespare/xxhash?status.svg)](https://godoc.org/github.com/cespare/xxhash)
+[![Build Status](https://travis-ci.org/cespare/xxhash.svg?branch=master)](https://travis-ci.org/cespare/xxhash)
+
+xxhash is a Go implementation of the 64-bit
+[xxHash](http://cyan4973.github.io/xxHash/) algorithm, XXH64. This is a
+high-quality hashing algorithm that is much faster than anything in the Go
+standard library.
+
+This package provides a straightforward API:
+
+```
+func Sum64(b []byte) uint64
+func Sum64String(s string) uint64
+type Digest struct{ ... }
+    func New() *Digest
+```
+
+The `Digest` type implements hash.Hash64. Its key methods are:
+
+```
+func (*Digest) Write([]byte) (int, error)
+func (*Digest) WriteString(string) (int, error)
+func (*Digest) Sum64() uint64
+```
+
+This implementation provides a fast pure-Go implementation and an even faster
+assembly implementation for amd64.
+
+## Compatibility
+
+This package is in a module and the latest code is in version 2 of the module.
+You need a version of Go with at least "minimal module compatibility" to use
+github.com/cespare/xxhash/v2:
+
+* 1.9.7+ for Go 1.9
+* 1.10.3+ for Go 1.10
+* Go 1.11 or later
+
+I recommend using the latest release of Go.
+
+## Benchmarks
+
+Here are some quick benchmarks comparing the pure-Go and assembly
+implementations of Sum64.
+
+| input size | purego | asm |
+| --- | --- | --- |
+| 5 B   |  979.66 MB/s |  1291.17 MB/s  |
+| 100 B | 7475.26 MB/s | 7973.40 MB/s  |
+| 4 KB  | 17573.46 MB/s | 17602.65 MB/s |
+| 10 MB | 17131.46 MB/s | 17142.16 MB/s |
+
+These numbers were generated on Ubuntu 18.04 with an Intel i7-8700K CPU using
+the following commands under Go 1.11.2:
+
+```
+$ go test -tags purego -benchtime 10s -bench '/xxhash,direct,bytes'
+$ go test -benchtime 10s -bench '/xxhash,direct,bytes'
+```
+
+## Projects using this package
+
+- [InfluxDB](https://github.com/influxdata/influxdb)
+- [Prometheus](https://github.com/prometheus/prometheus)
+- [FreeCache](https://github.com/coocood/freecache)
diff --git a/vendor/github.com/cespare/xxhash/v2/go.mod b/vendor/github.com/cespare/xxhash/v2/go.mod
new file mode 100644
index 0000000000000..49f67608bf6bb
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/go.mod
@@ -0,0 +1,3 @@
+module github.com/cespare/xxhash/v2
+
+go 1.11
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash.go b/vendor/github.com/cespare/xxhash/v2/xxhash.go
new file mode 100644
index 0000000000000..db0b35fbe39f0
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash.go
@@ -0,0 +1,236 @@
+// Package xxhash implements the 64-bit variant of xxHash (XXH64) as described
+// at http://cyan4973.github.io/xxHash/.
+package xxhash
+
+import (
+	"encoding/binary"
+	"errors"
+	"math/bits"
+)
+
+const (
+	prime1 uint64 = 11400714785074694791
+	prime2 uint64 = 14029467366897019727
+	prime3 uint64 = 1609587929392839161
+	prime4 uint64 = 9650029242287828579
+	prime5 uint64 = 2870177450012600261
+)
+
+// NOTE(caleb): I'm using both consts and vars of the primes. Using consts where
+// possible in the Go code is worth a small (but measurable) performance boost
+// by avoiding some MOVQs. Vars are needed for the asm and also are useful for
+// convenience in the Go code in a few places where we need to intentionally
+// avoid constant arithmetic (e.g., v1 := prime1 + prime2 fails because the
+// result overflows a uint64).
+var (
+	prime1v = prime1
+	prime2v = prime2
+	prime3v = prime3
+	prime4v = prime4
+	prime5v = prime5
+)
+
+// Digest implements hash.Hash64.
+type Digest struct {
+	v1    uint64
+	v2    uint64
+	v3    uint64
+	v4    uint64
+	total uint64
+	mem   [32]byte
+	n     int // how much of mem is used
+}
+
+// New creates a new Digest that computes the 64-bit xxHash algorithm.
+func New() *Digest {
+	var d Digest
+	d.Reset()
+	return &d
+}
+
+// Reset clears the Digest's state so that it can be reused.
+func (d *Digest) Reset() {
+	d.v1 = prime1v + prime2
+	d.v2 = prime2
+	d.v3 = 0
+	d.v4 = -prime1v
+	d.total = 0
+	d.n = 0
+}
+
+// Size always returns 8 bytes.
+func (d *Digest) Size() int { return 8 }
+
+// BlockSize always returns 32 bytes.
+func (d *Digest) BlockSize() int { return 32 }
+
+// Write adds more data to d. It always returns len(b), nil.
+func (d *Digest) Write(b []byte) (n int, err error) {
+	n = len(b)
+	d.total += uint64(n)
+
+	if d.n+n < 32 {
+		// This new data doesn't even fill the current block.
+		copy(d.mem[d.n:], b)
+		d.n += n
+		return
+	}
+
+	if d.n > 0 {
+		// Finish off the partial block.
+		copy(d.mem[d.n:], b)
+		d.v1 = round(d.v1, u64(d.mem[0:8]))
+		d.v2 = round(d.v2, u64(d.mem[8:16]))
+		d.v3 = round(d.v3, u64(d.mem[16:24]))
+		d.v4 = round(d.v4, u64(d.mem[24:32]))
+		b = b[32-d.n:]
+		d.n = 0
+	}
+
+	if len(b) >= 32 {
+		// One or more full blocks left.
+		nw := writeBlocks(d, b)
+		b = b[nw:]
+	}
+
+	// Store any remaining partial block.
+	copy(d.mem[:], b)
+	d.n = len(b)
+
+	return
+}
+
+// Sum appends the current hash to b and returns the resulting slice.
+func (d *Digest) Sum(b []byte) []byte {
+	s := d.Sum64()
+	return append(
+		b,
+		byte(s>>56),
+		byte(s>>48),
+		byte(s>>40),
+		byte(s>>32),
+		byte(s>>24),
+		byte(s>>16),
+		byte(s>>8),
+		byte(s),
+	)
+}
+
+// Sum64 returns the current hash.
+func (d *Digest) Sum64() uint64 {
+	var h uint64
+
+	if d.total >= 32 {
+		v1, v2, v3, v4 := d.v1, d.v2, d.v3, d.v4
+		h = rol1(v1) + rol7(v2) + rol12(v3) + rol18(v4)
+		h = mergeRound(h, v1)
+		h = mergeRound(h, v2)
+		h = mergeRound(h, v3)
+		h = mergeRound(h, v4)
+	} else {
+		h = d.v3 + prime5
+	}
+
+	h += d.total
+
+	i, end := 0, d.n
+	for ; i+8 <= end; i += 8 {
+		k1 := round(0, u64(d.mem[i:i+8]))
+		h ^= k1
+		h = rol27(h)*prime1 + prime4
+	}
+	if i+4 <= end {
+		h ^= uint64(u32(d.mem[i:i+4])) * prime1
+		h = rol23(h)*prime2 + prime3
+		i += 4
+	}
+	for i < end {
+		h ^= uint64(d.mem[i]) * prime5
+		h = rol11(h) * prime1
+		i++
+	}
+
+	h ^= h >> 33
+	h *= prime2
+	h ^= h >> 29
+	h *= prime3
+	h ^= h >> 32
+
+	return h
+}
+
+const (
+	magic         = "xxh\x06"
+	marshaledSize = len(magic) + 8*5 + 32
+)
+
+// MarshalBinary implements the encoding.BinaryMarshaler interface.
+func (d *Digest) MarshalBinary() ([]byte, error) {
+	b := make([]byte, 0, marshaledSize)
+	b = append(b, magic...)
+	b = appendUint64(b, d.v1)
+	b = appendUint64(b, d.v2)
+	b = appendUint64(b, d.v3)
+	b = appendUint64(b, d.v4)
+	b = appendUint64(b, d.total)
+	b = append(b, d.mem[:d.n]...)
+	b = b[:len(b)+len(d.mem)-d.n]
+	return b, nil
+}
+
+// UnmarshalBinary implements the encoding.BinaryUnmarshaler interface.
+func (d *Digest) UnmarshalBinary(b []byte) error {
+	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+		return errors.New("xxhash: invalid hash state identifier")
+	}
+	if len(b) != marshaledSize {
+		return errors.New("xxhash: invalid hash state size")
+	}
+	b = b[len(magic):]
+	b, d.v1 = consumeUint64(b)
+	b, d.v2 = consumeUint64(b)
+	b, d.v3 = consumeUint64(b)
+	b, d.v4 = consumeUint64(b)
+	b, d.total = consumeUint64(b)
+	copy(d.mem[:], b)
+	b = b[len(d.mem):]
+	d.n = int(d.total % uint64(len(d.mem)))
+	return nil
+}
+
+func appendUint64(b []byte, x uint64) []byte {
+	var a [8]byte
+	binary.LittleEndian.PutUint64(a[:], x)
+	return append(b, a[:]...)
+}
+
+func consumeUint64(b []byte) ([]byte, uint64) {
+	x := u64(b)
+	return b[8:], x
+}
+
+func u64(b []byte) uint64 { return binary.LittleEndian.Uint64(b) }
+func u32(b []byte) uint32 { return binary.LittleEndian.Uint32(b) }
+
+func round(acc, input uint64) uint64 {
+	acc += input * prime2
+	acc = rol31(acc)
+	acc *= prime1
+	return acc
+}
+
+func mergeRound(acc, val uint64) uint64 {
+	val = round(0, val)
+	acc ^= val
+	acc = acc*prime1 + prime4
+	return acc
+}
+
+func rol1(x uint64) uint64  { return bits.RotateLeft64(x, 1) }
+func rol7(x uint64) uint64  { return bits.RotateLeft64(x, 7) }
+func rol11(x uint64) uint64 { return bits.RotateLeft64(x, 11) }
+func rol12(x uint64) uint64 { return bits.RotateLeft64(x, 12) }
+func rol18(x uint64) uint64 { return bits.RotateLeft64(x, 18) }
+func rol23(x uint64) uint64 { return bits.RotateLeft64(x, 23) }
+func rol27(x uint64) uint64 { return bits.RotateLeft64(x, 27) }
+func rol31(x uint64) uint64 { return bits.RotateLeft64(x, 31) }
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go b/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go
new file mode 100644
index 0000000000000..ad14b807f4d96
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go
@@ -0,0 +1,13 @@
+// +build !appengine
+// +build gc
+// +build !purego
+
+package xxhash
+
+// Sum64 computes the 64-bit xxHash digest of b.
+//
+//go:noescape
+func Sum64(b []byte) uint64
+
+//go:noescape
+func writeBlocks(d *Digest, b []byte) int
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s b/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
new file mode 100644
index 0000000000000..d580e32aed4af
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
@@ -0,0 +1,215 @@
+// +build !appengine
+// +build gc
+// +build !purego
+
+#include "textflag.h"
+
+// Register allocation:
+// AX	h
+// CX	pointer to advance through b
+// DX	n
+// BX	loop end
+// R8	v1, k1
+// R9	v2
+// R10	v3
+// R11	v4
+// R12	tmp
+// R13	prime1v
+// R14	prime2v
+// R15	prime4v
+
+// round reads from and advances the buffer pointer in CX.
+// It assumes that R13 has prime1v and R14 has prime2v.
+#define round(r) \
+	MOVQ  (CX), R12 \
+	ADDQ  $8, CX    \
+	IMULQ R14, R12  \
+	ADDQ  R12, r    \
+	ROLQ  $31, r    \
+	IMULQ R13, r
+
+// mergeRound applies a merge round on the two registers acc and val.
+// It assumes that R13 has prime1v, R14 has prime2v, and R15 has prime4v.
+#define mergeRound(acc, val) \
+	IMULQ R14, val \
+	ROLQ  $31, val \
+	IMULQ R13, val \
+	XORQ  val, acc \
+	IMULQ R13, acc \
+	ADDQ  R15, acc
+
+// func Sum64(b []byte) uint64
+TEXT ·Sum64(SB), NOSPLIT, $0-32
+	// Load fixed primes.
+	MOVQ ·prime1v(SB), R13
+	MOVQ ·prime2v(SB), R14
+	MOVQ ·prime4v(SB), R15
+
+	// Load slice.
+	MOVQ b_base+0(FP), CX
+	MOVQ b_len+8(FP), DX
+	LEAQ (CX)(DX*1), BX
+
+	// The first loop limit will be len(b)-32.
+	SUBQ $32, BX
+
+	// Check whether we have at least one block.
+	CMPQ DX, $32
+	JLT  noBlocks
+
+	// Set up initial state (v1, v2, v3, v4).
+	MOVQ R13, R8
+	ADDQ R14, R8
+	MOVQ R14, R9
+	XORQ R10, R10
+	XORQ R11, R11
+	SUBQ R13, R11
+
+	// Loop until CX > BX.
+blockLoop:
+	round(R8)
+	round(R9)
+	round(R10)
+	round(R11)
+
+	CMPQ CX, BX
+	JLE  blockLoop
+
+	MOVQ R8, AX
+	ROLQ $1, AX
+	MOVQ R9, R12
+	ROLQ $7, R12
+	ADDQ R12, AX
+	MOVQ R10, R12
+	ROLQ $12, R12
+	ADDQ R12, AX
+	MOVQ R11, R12
+	ROLQ $18, R12
+	ADDQ R12, AX
+
+	mergeRound(AX, R8)
+	mergeRound(AX, R9)
+	mergeRound(AX, R10)
+	mergeRound(AX, R11)
+
+	JMP afterBlocks
+
+noBlocks:
+	MOVQ ·prime5v(SB), AX
+
+afterBlocks:
+	ADDQ DX, AX
+
+	// Right now BX has len(b)-32, and we want to loop until CX > len(b)-8.
+	ADDQ $24, BX
+
+	CMPQ CX, BX
+	JG   fourByte
+
+wordLoop:
+	// Calculate k1.
+	MOVQ  (CX), R8
+	ADDQ  $8, CX
+	IMULQ R14, R8
+	ROLQ  $31, R8
+	IMULQ R13, R8
+
+	XORQ  R8, AX
+	ROLQ  $27, AX
+	IMULQ R13, AX
+	ADDQ  R15, AX
+
+	CMPQ CX, BX
+	JLE  wordLoop
+
+fourByte:
+	ADDQ $4, BX
+	CMPQ CX, BX
+	JG   singles
+
+	MOVL  (CX), R8
+	ADDQ  $4, CX
+	IMULQ R13, R8
+	XORQ  R8, AX
+
+	ROLQ  $23, AX
+	IMULQ R14, AX
+	ADDQ  ·prime3v(SB), AX
+
+singles:
+	ADDQ $4, BX
+	CMPQ CX, BX
+	JGE  finalize
+
+singlesLoop:
+	MOVBQZX (CX), R12
+	ADDQ    $1, CX
+	IMULQ   ·prime5v(SB), R12
+	XORQ    R12, AX
+
+	ROLQ  $11, AX
+	IMULQ R13, AX
+
+	CMPQ CX, BX
+	JL   singlesLoop
+
+finalize:
+	MOVQ  AX, R12
+	SHRQ  $33, R12
+	XORQ  R12, AX
+	IMULQ R14, AX
+	MOVQ  AX, R12
+	SHRQ  $29, R12
+	XORQ  R12, AX
+	IMULQ ·prime3v(SB), AX
+	MOVQ  AX, R12
+	SHRQ  $32, R12
+	XORQ  R12, AX
+
+	MOVQ AX, ret+24(FP)
+	RET
+
+// writeBlocks uses the same registers as above except that it uses AX to store
+// the d pointer.
+
+// func writeBlocks(d *Digest, b []byte) int
+TEXT ·writeBlocks(SB), NOSPLIT, $0-40
+	// Load fixed primes needed for round.
+	MOVQ ·prime1v(SB), R13
+	MOVQ ·prime2v(SB), R14
+
+	// Load slice.
+	MOVQ b_base+8(FP), CX
+	MOVQ b_len+16(FP), DX
+	LEAQ (CX)(DX*1), BX
+	SUBQ $32, BX
+
+	// Load vN from d.
+	MOVQ d+0(FP), AX
+	MOVQ 0(AX), R8   // v1
+	MOVQ 8(AX), R9   // v2
+	MOVQ 16(AX), R10 // v3
+	MOVQ 24(AX), R11 // v4
+
+	// We don't need to check the loop condition here; this function is
+	// always called with at least one block of data to process.
+blockLoop:
+	round(R8)
+	round(R9)
+	round(R10)
+	round(R11)
+
+	CMPQ CX, BX
+	JLE  blockLoop
+
+	// Copy vN back to d.
+	MOVQ R8, 0(AX)
+	MOVQ R9, 8(AX)
+	MOVQ R10, 16(AX)
+	MOVQ R11, 24(AX)
+
+	// The number of bytes written is CX minus the old base pointer.
+	SUBQ b_base+8(FP), CX
+	MOVQ CX, ret+32(FP)
+
+	RET
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_other.go b/vendor/github.com/cespare/xxhash/v2/xxhash_other.go
new file mode 100644
index 0000000000000..4a5a821603e5b
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_other.go
@@ -0,0 +1,76 @@
+// +build !amd64 appengine !gc purego
+
+package xxhash
+
+// Sum64 computes the 64-bit xxHash digest of b.
+func Sum64(b []byte) uint64 {
+	// A simpler version would be
+	//   d := New()
+	//   d.Write(b)
+	//   return d.Sum64()
+	// but this is faster, particularly for small inputs.
+
+	n := len(b)
+	var h uint64
+
+	if n >= 32 {
+		v1 := prime1v + prime2
+		v2 := prime2
+		v3 := uint64(0)
+		v4 := -prime1v
+		for len(b) >= 32 {
+			v1 = round(v1, u64(b[0:8:len(b)]))
+			v2 = round(v2, u64(b[8:16:len(b)]))
+			v3 = round(v3, u64(b[16:24:len(b)]))
+			v4 = round(v4, u64(b[24:32:len(b)]))
+			b = b[32:len(b):len(b)]
+		}
+		h = rol1(v1) + rol7(v2) + rol12(v3) + rol18(v4)
+		h = mergeRound(h, v1)
+		h = mergeRound(h, v2)
+		h = mergeRound(h, v3)
+		h = mergeRound(h, v4)
+	} else {
+		h = prime5
+	}
+
+	h += uint64(n)
+
+	i, end := 0, len(b)
+	for ; i+8 <= end; i += 8 {
+		k1 := round(0, u64(b[i:i+8:len(b)]))
+		h ^= k1
+		h = rol27(h)*prime1 + prime4
+	}
+	if i+4 <= end {
+		h ^= uint64(u32(b[i:i+4:len(b)])) * prime1
+		h = rol23(h)*prime2 + prime3
+		i += 4
+	}
+	for ; i < end; i++ {
+		h ^= uint64(b[i]) * prime5
+		h = rol11(h) * prime1
+	}
+
+	h ^= h >> 33
+	h *= prime2
+	h ^= h >> 29
+	h *= prime3
+	h ^= h >> 32
+
+	return h
+}
+
+func writeBlocks(d *Digest, b []byte) int {
+	v1, v2, v3, v4 := d.v1, d.v2, d.v3, d.v4
+	n := len(b)
+	for len(b) >= 32 {
+		v1 = round(v1, u64(b[0:8:len(b)]))
+		v2 = round(v2, u64(b[8:16:len(b)]))
+		v3 = round(v3, u64(b[16:24:len(b)]))
+		v4 = round(v4, u64(b[24:32:len(b)]))
+		b = b[32:len(b):len(b)]
+	}
+	d.v1, d.v2, d.v3, d.v4 = v1, v2, v3, v4
+	return n - len(b)
+}
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go b/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
new file mode 100644
index 0000000000000..fc9bea7a31f2b
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
@@ -0,0 +1,15 @@
+// +build appengine
+
+// This file contains the safe implementations of otherwise unsafe-using code.
+
+package xxhash
+
+// Sum64String computes the 64-bit xxHash digest of s.
+func Sum64String(s string) uint64 {
+	return Sum64([]byte(s))
+}
+
+// WriteString adds more data to d. It always returns len(s), nil.
+func (d *Digest) WriteString(s string) (n int, err error) {
+	return d.Write([]byte(s))
+}
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go b/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
new file mode 100644
index 0000000000000..53bf76efbc247
--- /dev/null
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
@@ -0,0 +1,46 @@
+// +build !appengine
+
+// This file encapsulates usage of unsafe.
+// xxhash_safe.go contains the safe implementations.
+
+package xxhash
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// Notes:
+//
+// See https://groups.google.com/d/msg/golang-nuts/dcjzJy-bSpw/tcZYBzQqAQAJ
+// for some discussion about these unsafe conversions.
+//
+// In the future it's possible that compiler optimizations will make these
+// unsafe operations unnecessary: https://golang.org/issue/2205.
+//
+// Both of these wrapper functions still incur function call overhead since they
+// will not be inlined. We could write Go/asm copies of Sum64 and Digest.Write
+// for strings to squeeze out a bit more speed. Mid-stack inlining should
+// eventually fix this.
+
+// Sum64String computes the 64-bit xxHash digest of s.
+// It may be faster than Sum64([]byte(s)) by avoiding a copy.
+func Sum64String(s string) uint64 {
+	var b []byte
+	bh := (*reflect.SliceHeader)(unsafe.Pointer(&b))
+	bh.Data = (*reflect.StringHeader)(unsafe.Pointer(&s)).Data
+	bh.Len = len(s)
+	bh.Cap = len(s)
+	return Sum64(b)
+}
+
+// WriteString adds more data to d. It always returns len(s), nil.
+// It may be faster than Write([]byte(s)) by avoiding a copy.
+func (d *Digest) WriteString(s string) (n int, err error) {
+	var b []byte
+	bh := (*reflect.SliceHeader)(unsafe.Pointer(&b))
+	bh.Data = (*reflect.StringHeader)(unsafe.Pointer(&s)).Data
+	bh.Len = len(s)
+	bh.Cap = len(s)
+	return d.Write(b)
+}
diff --git a/vendor/github.com/cilium/ebpf/LICENSE b/vendor/github.com/cilium/ebpf/LICENSE
new file mode 100644
index 0000000000000..c637ae99c26d2
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/LICENSE
@@ -0,0 +1,23 @@
+MIT License
+
+Copyright (c) 2017 Nathan Sweet
+Copyright (c) 2018, 2019 Cloudflare
+Copyright (c) 2019 Authors of Cilium
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md
new file mode 100644
index 0000000000000..76c3c303bb1be
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/README.md
@@ -0,0 +1,62 @@
+# eBPF
+
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/cilium/ebpf)](https://pkg.go.dev/github.com/cilium/ebpf)
+
+eBPF is a pure Go library that provides utilities for loading, compiling, and
+debugging eBPF programs. It has minimal external dependencies and is intended to
+be used in long running processes.
+
+* [asm](https://pkg.go.dev/github.com/cilium/ebpf/asm) contains a basic
+  assembler
+* [link](https://pkg.go.dev/github.com/cilium/ebpf/link) allows attaching eBPF
+  to various hooks
+* [perf](https://pkg.go.dev/github.com/cilium/ebpf/perf) allows reading from a
+  `PERF_EVENT_ARRAY`
+* [cmd/bpf2go](https://pkg.go.dev/github.com/cilium/ebpf/cmd/bpf2go) allows
+  compiling and embedding eBPF programs in Go code
+
+The library is maintained by [Cloudflare](https://www.cloudflare.com) and
+[Cilium](https://www.cilium.io). Feel free to
+[join](https://cilium.herokuapp.com/) the
+[#libbpf-go](https://cilium.slack.com/messages/libbpf-go) channel on Slack.
+
+## Current status
+
+The package is production ready, but **the API is explicitly unstable right
+now**. Expect to update your code if you want to follow along.
+
+## Getting Started
+
+A small collection of Go and eBPF programs that serve as examples for building
+your own tools can be found under [examples/](examples/).
+
+Contributions are highly encouraged, as they highlight certain use cases of
+eBPF and the library, and help shape the future of the project.
+
+## Requirements
+
+* A version of Go that is [supported by
+  upstream](https://golang.org/doc/devel/release.html#policy)
+* Linux 4.9, 4.19 or 5.4 (versions in-between should work, but are not tested)
+
+## Useful resources
+
+* [eBPF.io](https://ebpf.io) (recommended)
+* [Cilium eBPF documentation](https://docs.cilium.io/en/latest/bpf/#bpf-guide)
+  (recommended)
+* [Linux documentation on
+  BPF](https://www.kernel.org/doc/html/latest/networking/filter.html)
+* [eBPF features by Linux
+  version](https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md)
+
+## Regenerating Testdata
+
+Run `make` in the root of this repository to rebuild testdata in all
+subpackages. This requires Docker, as it relies on a standardized build
+environment to keep the build output stable.
+
+The toolchain image build files are kept in [testdata/docker/](testdata/docker/).
+
+## License
+
+MIT
diff --git a/vendor/github.com/cilium/ebpf/asm/alu.go b/vendor/github.com/cilium/ebpf/asm/alu.go
new file mode 100644
index 0000000000000..70ccc4d1518dc
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/alu.go
@@ -0,0 +1,149 @@
+package asm
+
+//go:generate stringer -output alu_string.go -type=Source,Endianness,ALUOp
+
+// Source of ALU / ALU64 / Branch operations
+//
+//    msb      lsb
+//    +----+-+---+
+//    |op  |S|cls|
+//    +----+-+---+
+type Source uint8
+
+const sourceMask OpCode = 0x08
+
+// Source bitmask
+const (
+	// InvalidSource is returned by getters when invoked
+	// on non ALU / branch OpCodes.
+	InvalidSource Source = 0xff
+	// ImmSource src is from constant
+	ImmSource Source = 0x00
+	// RegSource src is from register
+	RegSource Source = 0x08
+)
+
+// The Endianness of a byte swap instruction.
+type Endianness uint8
+
+const endianMask = sourceMask
+
+// Endian flags
+const (
+	InvalidEndian Endianness = 0xff
+	// Convert to little endian
+	LE Endianness = 0x00
+	// Convert to big endian
+	BE Endianness = 0x08
+)
+
+// ALUOp are ALU / ALU64 operations
+//
+//    msb      lsb
+//    +----+-+---+
+//    |OP  |s|cls|
+//    +----+-+---+
+type ALUOp uint8
+
+const aluMask OpCode = 0xf0
+
+const (
+	// InvalidALUOp is returned by getters when invoked
+	// on non ALU OpCodes
+	InvalidALUOp ALUOp = 0xff
+	// Add - addition
+	Add ALUOp = 0x00
+	// Sub - subtraction
+	Sub ALUOp = 0x10
+	// Mul - multiplication
+	Mul ALUOp = 0x20
+	// Div - division
+	Div ALUOp = 0x30
+	// Or - bitwise or
+	Or ALUOp = 0x40
+	// And - bitwise and
+	And ALUOp = 0x50
+	// LSh - bitwise shift left
+	LSh ALUOp = 0x60
+	// RSh - bitwise shift right
+	RSh ALUOp = 0x70
+	// Neg - sign/unsign signing bit
+	Neg ALUOp = 0x80
+	// Mod - modulo
+	Mod ALUOp = 0x90
+	// Xor - bitwise xor
+	Xor ALUOp = 0xa0
+	// Mov - move value from one place to another
+	Mov ALUOp = 0xb0
+	// ArSh - arithmatic shift
+	ArSh ALUOp = 0xc0
+	// Swap - endian conversions
+	Swap ALUOp = 0xd0
+)
+
+// HostTo converts from host to another endianness.
+func HostTo(endian Endianness, dst Register, size Size) Instruction {
+	var imm int64
+	switch size {
+	case Half:
+		imm = 16
+	case Word:
+		imm = 32
+	case DWord:
+		imm = 64
+	default:
+		return Instruction{OpCode: InvalidOpCode}
+	}
+
+	return Instruction{
+		OpCode:   OpCode(ALUClass).SetALUOp(Swap).SetSource(Source(endian)),
+		Dst:      dst,
+		Constant: imm,
+	}
+}
+
+// Op returns the OpCode for an ALU operation with a given source.
+func (op ALUOp) Op(source Source) OpCode {
+	return OpCode(ALU64Class).SetALUOp(op).SetSource(source)
+}
+
+// Reg emits `dst (op) src`.
+func (op ALUOp) Reg(dst, src Register) Instruction {
+	return Instruction{
+		OpCode: op.Op(RegSource),
+		Dst:    dst,
+		Src:    src,
+	}
+}
+
+// Imm emits `dst (op) value`.
+func (op ALUOp) Imm(dst Register, value int32) Instruction {
+	return Instruction{
+		OpCode:   op.Op(ImmSource),
+		Dst:      dst,
+		Constant: int64(value),
+	}
+}
+
+// Op32 returns the OpCode for a 32-bit ALU operation with a given source.
+func (op ALUOp) Op32(source Source) OpCode {
+	return OpCode(ALUClass).SetALUOp(op).SetSource(source)
+}
+
+// Reg32 emits `dst (op) src`, zeroing the upper 32 bit of dst.
+func (op ALUOp) Reg32(dst, src Register) Instruction {
+	return Instruction{
+		OpCode: op.Op32(RegSource),
+		Dst:    dst,
+		Src:    src,
+	}
+}
+
+// Imm32 emits `dst (op) value`, zeroing the upper 32 bit of dst.
+func (op ALUOp) Imm32(dst Register, value int32) Instruction {
+	return Instruction{
+		OpCode:   op.Op32(ImmSource),
+		Dst:      dst,
+		Constant: int64(value),
+	}
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/alu_string.go b/vendor/github.com/cilium/ebpf/asm/alu_string.go
new file mode 100644
index 0000000000000..72d3fe6292ea6
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/alu_string.go
@@ -0,0 +1,107 @@
+// Code generated by "stringer -output alu_string.go -type=Source,Endianness,ALUOp"; DO NOT EDIT.
+
+package asm
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[InvalidSource-255]
+	_ = x[ImmSource-0]
+	_ = x[RegSource-8]
+}
+
+const (
+	_Source_name_0 = "ImmSource"
+	_Source_name_1 = "RegSource"
+	_Source_name_2 = "InvalidSource"
+)
+
+func (i Source) String() string {
+	switch {
+	case i == 0:
+		return _Source_name_0
+	case i == 8:
+		return _Source_name_1
+	case i == 255:
+		return _Source_name_2
+	default:
+		return "Source(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[InvalidEndian-255]
+	_ = x[LE-0]
+	_ = x[BE-8]
+}
+
+const (
+	_Endianness_name_0 = "LE"
+	_Endianness_name_1 = "BE"
+	_Endianness_name_2 = "InvalidEndian"
+)
+
+func (i Endianness) String() string {
+	switch {
+	case i == 0:
+		return _Endianness_name_0
+	case i == 8:
+		return _Endianness_name_1
+	case i == 255:
+		return _Endianness_name_2
+	default:
+		return "Endianness(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[InvalidALUOp-255]
+	_ = x[Add-0]
+	_ = x[Sub-16]
+	_ = x[Mul-32]
+	_ = x[Div-48]
+	_ = x[Or-64]
+	_ = x[And-80]
+	_ = x[LSh-96]
+	_ = x[RSh-112]
+	_ = x[Neg-128]
+	_ = x[Mod-144]
+	_ = x[Xor-160]
+	_ = x[Mov-176]
+	_ = x[ArSh-192]
+	_ = x[Swap-208]
+}
+
+const _ALUOp_name = "AddSubMulDivOrAndLShRShNegModXorMovArShSwapInvalidALUOp"
+
+var _ALUOp_map = map[ALUOp]string{
+	0:   _ALUOp_name[0:3],
+	16:  _ALUOp_name[3:6],
+	32:  _ALUOp_name[6:9],
+	48:  _ALUOp_name[9:12],
+	64:  _ALUOp_name[12:14],
+	80:  _ALUOp_name[14:17],
+	96:  _ALUOp_name[17:20],
+	112: _ALUOp_name[20:23],
+	128: _ALUOp_name[23:26],
+	144: _ALUOp_name[26:29],
+	160: _ALUOp_name[29:32],
+	176: _ALUOp_name[32:35],
+	192: _ALUOp_name[35:39],
+	208: _ALUOp_name[39:43],
+	255: _ALUOp_name[43:55],
+}
+
+func (i ALUOp) String() string {
+	if str, ok := _ALUOp_map[i]; ok {
+		return str
+	}
+	return "ALUOp(" + strconv.FormatInt(int64(i), 10) + ")"
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/doc.go b/vendor/github.com/cilium/ebpf/asm/doc.go
new file mode 100644
index 0000000000000..7031bdc2768a9
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/doc.go
@@ -0,0 +1,2 @@
+// Package asm is an assembler for eBPF bytecode.
+package asm
diff --git a/vendor/github.com/cilium/ebpf/asm/func.go b/vendor/github.com/cilium/ebpf/asm/func.go
new file mode 100644
index 0000000000000..aee2c7ac81062
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/func.go
@@ -0,0 +1,195 @@
+package asm
+
+//go:generate stringer -output func_string.go -type=BuiltinFunc
+
+// BuiltinFunc is a built-in eBPF function.
+type BuiltinFunc int32
+
+// eBPF built-in functions
+//
+// You can regenerate this list using the following gawk script:
+//
+//    /FN\(.+\),/ {
+//      match($1, /\((.+)\)/, r)
+//      split(r[1], p, "_")
+//      printf "Fn"
+//      for (i in p) {
+//        printf "%s%s", toupper(substr(p[i], 1, 1)), substr(p[i], 2)
+//      }
+//      print ""
+//    }
+//
+// The script expects include/uapi/linux/bpf.h as it's input.
+const (
+	FnUnspec BuiltinFunc = iota
+	FnMapLookupElem
+	FnMapUpdateElem
+	FnMapDeleteElem
+	FnProbeRead
+	FnKtimeGetNs
+	FnTracePrintk
+	FnGetPrandomU32
+	FnGetSmpProcessorId
+	FnSkbStoreBytes
+	FnL3CsumReplace
+	FnL4CsumReplace
+	FnTailCall
+	FnCloneRedirect
+	FnGetCurrentPidTgid
+	FnGetCurrentUidGid
+	FnGetCurrentComm
+	FnGetCgroupClassid
+	FnSkbVlanPush
+	FnSkbVlanPop
+	FnSkbGetTunnelKey
+	FnSkbSetTunnelKey
+	FnPerfEventRead
+	FnRedirect
+	FnGetRouteRealm
+	FnPerfEventOutput
+	FnSkbLoadBytes
+	FnGetStackid
+	FnCsumDiff
+	FnSkbGetTunnelOpt
+	FnSkbSetTunnelOpt
+	FnSkbChangeProto
+	FnSkbChangeType
+	FnSkbUnderCgroup
+	FnGetHashRecalc
+	FnGetCurrentTask
+	FnProbeWriteUser
+	FnCurrentTaskUnderCgroup
+	FnSkbChangeTail
+	FnSkbPullData
+	FnCsumUpdate
+	FnSetHashInvalid
+	FnGetNumaNodeId
+	FnSkbChangeHead
+	FnXdpAdjustHead
+	FnProbeReadStr
+	FnGetSocketCookie
+	FnGetSocketUid
+	FnSetHash
+	FnSetsockopt
+	FnSkbAdjustRoom
+	FnRedirectMap
+	FnSkRedirectMap
+	FnSockMapUpdate
+	FnXdpAdjustMeta
+	FnPerfEventReadValue
+	FnPerfProgReadValue
+	FnGetsockopt
+	FnOverrideReturn
+	FnSockOpsCbFlagsSet
+	FnMsgRedirectMap
+	FnMsgApplyBytes
+	FnMsgCorkBytes
+	FnMsgPullData
+	FnBind
+	FnXdpAdjustTail
+	FnSkbGetXfrmState
+	FnGetStack
+	FnSkbLoadBytesRelative
+	FnFibLookup
+	FnSockHashUpdate
+	FnMsgRedirectHash
+	FnSkRedirectHash
+	FnLwtPushEncap
+	FnLwtSeg6StoreBytes
+	FnLwtSeg6AdjustSrh
+	FnLwtSeg6Action
+	FnRcRepeat
+	FnRcKeydown
+	FnSkbCgroupId
+	FnGetCurrentCgroupId
+	FnGetLocalStorage
+	FnSkSelectReuseport
+	FnSkbAncestorCgroupId
+	FnSkLookupTcp
+	FnSkLookupUdp
+	FnSkRelease
+	FnMapPushElem
+	FnMapPopElem
+	FnMapPeekElem
+	FnMsgPushData
+	FnMsgPopData
+	FnRcPointerRel
+	FnSpinLock
+	FnSpinUnlock
+	FnSkFullsock
+	FnTcpSock
+	FnSkbEcnSetCe
+	FnGetListenerSock
+	FnSkcLookupTcp
+	FnTcpCheckSyncookie
+	FnSysctlGetName
+	FnSysctlGetCurrentValue
+	FnSysctlGetNewValue
+	FnSysctlSetNewValue
+	FnStrtol
+	FnStrtoul
+	FnSkStorageGet
+	FnSkStorageDelete
+	FnSendSignal
+	FnTcpGenSyncookie
+	FnSkbOutput
+	FnProbeReadUser
+	FnProbeReadKernel
+	FnProbeReadUserStr
+	FnProbeReadKernelStr
+	FnTcpSendAck
+	FnSendSignalThread
+	FnJiffies64
+	FnReadBranchRecords
+	FnGetNsCurrentPidTgid
+	FnXdpOutput
+	FnGetNetnsCookie
+	FnGetCurrentAncestorCgroupId
+	FnSkAssign
+	FnKtimeGetBootNs
+	FnSeqPrintf
+	FnSeqWrite
+	FnSkCgroupId
+	FnSkAncestorCgroupId
+	FnRingbufOutput
+	FnRingbufReserve
+	FnRingbufSubmit
+	FnRingbufDiscard
+	FnRingbufQuery
+	FnCsumLevel
+	FnSkcToTcp6Sock
+	FnSkcToTcpSock
+	FnSkcToTcpTimewaitSock
+	FnSkcToTcpRequestSock
+	FnSkcToUdp6Sock
+	FnGetTaskStack
+	FnLoadHdrOpt
+	FnStoreHdrOpt
+	FnReserveHdrOpt
+	FnInodeStorageGet
+	FnInodeStorageDelete
+	FnDPath
+	FnCopyFromUser
+	FnSnprintfBtf
+	FnSeqPrintfBtf
+	FnSkbCgroupClassid
+	FnRedirectNeigh
+	FnPerCpuPtr
+	FnThisCpuPtr
+	FnRedirectPeer
+	FnTaskStorageGet
+	FnTaskStorageDelete
+	FnGetCurrentTaskBtf
+	FnBprmOptsSet
+	FnKtimeGetCoarseNs
+	FnImaInodeHash
+	FnSockFromFile
+)
+
+// Call emits a function call.
+func (fn BuiltinFunc) Call() Instruction {
+	return Instruction{
+		OpCode:   OpCode(JumpClass).SetJumpOp(Call),
+		Constant: int64(fn),
+	}
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/func_string.go b/vendor/github.com/cilium/ebpf/asm/func_string.go
new file mode 100644
index 0000000000000..a712c5da8af99
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/func_string.go
@@ -0,0 +1,185 @@
+// Code generated by "stringer -output func_string.go -type=BuiltinFunc"; DO NOT EDIT.
+
+package asm
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[FnUnspec-0]
+	_ = x[FnMapLookupElem-1]
+	_ = x[FnMapUpdateElem-2]
+	_ = x[FnMapDeleteElem-3]
+	_ = x[FnProbeRead-4]
+	_ = x[FnKtimeGetNs-5]
+	_ = x[FnTracePrintk-6]
+	_ = x[FnGetPrandomU32-7]
+	_ = x[FnGetSmpProcessorId-8]
+	_ = x[FnSkbStoreBytes-9]
+	_ = x[FnL3CsumReplace-10]
+	_ = x[FnL4CsumReplace-11]
+	_ = x[FnTailCall-12]
+	_ = x[FnCloneRedirect-13]
+	_ = x[FnGetCurrentPidTgid-14]
+	_ = x[FnGetCurrentUidGid-15]
+	_ = x[FnGetCurrentComm-16]
+	_ = x[FnGetCgroupClassid-17]
+	_ = x[FnSkbVlanPush-18]
+	_ = x[FnSkbVlanPop-19]
+	_ = x[FnSkbGetTunnelKey-20]
+	_ = x[FnSkbSetTunnelKey-21]
+	_ = x[FnPerfEventRead-22]
+	_ = x[FnRedirect-23]
+	_ = x[FnGetRouteRealm-24]
+	_ = x[FnPerfEventOutput-25]
+	_ = x[FnSkbLoadBytes-26]
+	_ = x[FnGetStackid-27]
+	_ = x[FnCsumDiff-28]
+	_ = x[FnSkbGetTunnelOpt-29]
+	_ = x[FnSkbSetTunnelOpt-30]
+	_ = x[FnSkbChangeProto-31]
+	_ = x[FnSkbChangeType-32]
+	_ = x[FnSkbUnderCgroup-33]
+	_ = x[FnGetHashRecalc-34]
+	_ = x[FnGetCurrentTask-35]
+	_ = x[FnProbeWriteUser-36]
+	_ = x[FnCurrentTaskUnderCgroup-37]
+	_ = x[FnSkbChangeTail-38]
+	_ = x[FnSkbPullData-39]
+	_ = x[FnCsumUpdate-40]
+	_ = x[FnSetHashInvalid-41]
+	_ = x[FnGetNumaNodeId-42]
+	_ = x[FnSkbChangeHead-43]
+	_ = x[FnXdpAdjustHead-44]
+	_ = x[FnProbeReadStr-45]
+	_ = x[FnGetSocketCookie-46]
+	_ = x[FnGetSocketUid-47]
+	_ = x[FnSetHash-48]
+	_ = x[FnSetsockopt-49]
+	_ = x[FnSkbAdjustRoom-50]
+	_ = x[FnRedirectMap-51]
+	_ = x[FnSkRedirectMap-52]
+	_ = x[FnSockMapUpdate-53]
+	_ = x[FnXdpAdjustMeta-54]
+	_ = x[FnPerfEventReadValue-55]
+	_ = x[FnPerfProgReadValue-56]
+	_ = x[FnGetsockopt-57]
+	_ = x[FnOverrideReturn-58]
+	_ = x[FnSockOpsCbFlagsSet-59]
+	_ = x[FnMsgRedirectMap-60]
+	_ = x[FnMsgApplyBytes-61]
+	_ = x[FnMsgCorkBytes-62]
+	_ = x[FnMsgPullData-63]
+	_ = x[FnBind-64]
+	_ = x[FnXdpAdjustTail-65]
+	_ = x[FnSkbGetXfrmState-66]
+	_ = x[FnGetStack-67]
+	_ = x[FnSkbLoadBytesRelative-68]
+	_ = x[FnFibLookup-69]
+	_ = x[FnSockHashUpdate-70]
+	_ = x[FnMsgRedirectHash-71]
+	_ = x[FnSkRedirectHash-72]
+	_ = x[FnLwtPushEncap-73]
+	_ = x[FnLwtSeg6StoreBytes-74]
+	_ = x[FnLwtSeg6AdjustSrh-75]
+	_ = x[FnLwtSeg6Action-76]
+	_ = x[FnRcRepeat-77]
+	_ = x[FnRcKeydown-78]
+	_ = x[FnSkbCgroupId-79]
+	_ = x[FnGetCurrentCgroupId-80]
+	_ = x[FnGetLocalStorage-81]
+	_ = x[FnSkSelectReuseport-82]
+	_ = x[FnSkbAncestorCgroupId-83]
+	_ = x[FnSkLookupTcp-84]
+	_ = x[FnSkLookupUdp-85]
+	_ = x[FnSkRelease-86]
+	_ = x[FnMapPushElem-87]
+	_ = x[FnMapPopElem-88]
+	_ = x[FnMapPeekElem-89]
+	_ = x[FnMsgPushData-90]
+	_ = x[FnMsgPopData-91]
+	_ = x[FnRcPointerRel-92]
+	_ = x[FnSpinLock-93]
+	_ = x[FnSpinUnlock-94]
+	_ = x[FnSkFullsock-95]
+	_ = x[FnTcpSock-96]
+	_ = x[FnSkbEcnSetCe-97]
+	_ = x[FnGetListenerSock-98]
+	_ = x[FnSkcLookupTcp-99]
+	_ = x[FnTcpCheckSyncookie-100]
+	_ = x[FnSysctlGetName-101]
+	_ = x[FnSysctlGetCurrentValue-102]
+	_ = x[FnSysctlGetNewValue-103]
+	_ = x[FnSysctlSetNewValue-104]
+	_ = x[FnStrtol-105]
+	_ = x[FnStrtoul-106]
+	_ = x[FnSkStorageGet-107]
+	_ = x[FnSkStorageDelete-108]
+	_ = x[FnSendSignal-109]
+	_ = x[FnTcpGenSyncookie-110]
+	_ = x[FnSkbOutput-111]
+	_ = x[FnProbeReadUser-112]
+	_ = x[FnProbeReadKernel-113]
+	_ = x[FnProbeReadUserStr-114]
+	_ = x[FnProbeReadKernelStr-115]
+	_ = x[FnTcpSendAck-116]
+	_ = x[FnSendSignalThread-117]
+	_ = x[FnJiffies64-118]
+	_ = x[FnReadBranchRecords-119]
+	_ = x[FnGetNsCurrentPidTgid-120]
+	_ = x[FnXdpOutput-121]
+	_ = x[FnGetNetnsCookie-122]
+	_ = x[FnGetCurrentAncestorCgroupId-123]
+	_ = x[FnSkAssign-124]
+	_ = x[FnKtimeGetBootNs-125]
+	_ = x[FnSeqPrintf-126]
+	_ = x[FnSeqWrite-127]
+	_ = x[FnSkCgroupId-128]
+	_ = x[FnSkAncestorCgroupId-129]
+	_ = x[FnRingbufOutput-130]
+	_ = x[FnRingbufReserve-131]
+	_ = x[FnRingbufSubmit-132]
+	_ = x[FnRingbufDiscard-133]
+	_ = x[FnRingbufQuery-134]
+	_ = x[FnCsumLevel-135]
+	_ = x[FnSkcToTcp6Sock-136]
+	_ = x[FnSkcToTcpSock-137]
+	_ = x[FnSkcToTcpTimewaitSock-138]
+	_ = x[FnSkcToTcpRequestSock-139]
+	_ = x[FnSkcToUdp6Sock-140]
+	_ = x[FnGetTaskStack-141]
+	_ = x[FnLoadHdrOpt-142]
+	_ = x[FnStoreHdrOpt-143]
+	_ = x[FnReserveHdrOpt-144]
+	_ = x[FnInodeStorageGet-145]
+	_ = x[FnInodeStorageDelete-146]
+	_ = x[FnDPath-147]
+	_ = x[FnCopyFromUser-148]
+	_ = x[FnSnprintfBtf-149]
+	_ = x[FnSeqPrintfBtf-150]
+	_ = x[FnSkbCgroupClassid-151]
+	_ = x[FnRedirectNeigh-152]
+	_ = x[FnPerCpuPtr-153]
+	_ = x[FnThisCpuPtr-154]
+	_ = x[FnRedirectPeer-155]
+	_ = x[FnTaskStorageGet-156]
+	_ = x[FnTaskStorageDelete-157]
+	_ = x[FnGetCurrentTaskBtf-158]
+	_ = x[FnBprmOptsSet-159]
+	_ = x[FnKtimeGetCoarseNs-160]
+	_ = x[FnImaInodeHash-161]
+	_ = x[FnSockFromFile-162]
+}
+
+const _BuiltinFunc_name = "FnUnspecFnMapLookupElemFnMapUpdateElemFnMapDeleteElemFnProbeReadFnKtimeGetNsFnTracePrintkFnGetPrandomU32FnGetSmpProcessorIdFnSkbStoreBytesFnL3CsumReplaceFnL4CsumReplaceFnTailCallFnCloneRedirectFnGetCurrentPidTgidFnGetCurrentUidGidFnGetCurrentCommFnGetCgroupClassidFnSkbVlanPushFnSkbVlanPopFnSkbGetTunnelKeyFnSkbSetTunnelKeyFnPerfEventReadFnRedirectFnGetRouteRealmFnPerfEventOutputFnSkbLoadBytesFnGetStackidFnCsumDiffFnSkbGetTunnelOptFnSkbSetTunnelOptFnSkbChangeProtoFnSkbChangeTypeFnSkbUnderCgroupFnGetHashRecalcFnGetCurrentTaskFnProbeWriteUserFnCurrentTaskUnderCgroupFnSkbChangeTailFnSkbPullDataFnCsumUpdateFnSetHashInvalidFnGetNumaNodeIdFnSkbChangeHeadFnXdpAdjustHeadFnProbeReadStrFnGetSocketCookieFnGetSocketUidFnSetHashFnSetsockoptFnSkbAdjustRoomFnRedirectMapFnSkRedirectMapFnSockMapUpdateFnXdpAdjustMetaFnPerfEventReadValueFnPerfProgReadValueFnGetsockoptFnOverrideReturnFnSockOpsCbFlagsSetFnMsgRedirectMapFnMsgApplyBytesFnMsgCorkBytesFnMsgPullDataFnBindFnXdpAdjustTailFnSkbGetXfrmStateFnGetStackFnSkbLoadBytesRelativeFnFibLookupFnSockHashUpdateFnMsgRedirectHashFnSkRedirectHashFnLwtPushEncapFnLwtSeg6StoreBytesFnLwtSeg6AdjustSrhFnLwtSeg6ActionFnRcRepeatFnRcKeydownFnSkbCgroupIdFnGetCurrentCgroupIdFnGetLocalStorageFnSkSelectReuseportFnSkbAncestorCgroupIdFnSkLookupTcpFnSkLookupUdpFnSkReleaseFnMapPushElemFnMapPopElemFnMapPeekElemFnMsgPushDataFnMsgPopDataFnRcPointerRelFnSpinLockFnSpinUnlockFnSkFullsockFnTcpSockFnSkbEcnSetCeFnGetListenerSockFnSkcLookupTcpFnTcpCheckSyncookieFnSysctlGetNameFnSysctlGetCurrentValueFnSysctlGetNewValueFnSysctlSetNewValueFnStrtolFnStrtoulFnSkStorageGetFnSkStorageDeleteFnSendSignalFnTcpGenSyncookieFnSkbOutputFnProbeReadUserFnProbeReadKernelFnProbeReadUserStrFnProbeReadKernelStrFnTcpSendAckFnSendSignalThreadFnJiffies64FnReadBranchRecordsFnGetNsCurrentPidTgidFnXdpOutputFnGetNetnsCookieFnGetCurrentAncestorCgroupIdFnSkAssignFnKtimeGetBootNsFnSeqPrintfFnSeqWriteFnSkCgroupIdFnSkAncestorCgroupIdFnRingbufOutputFnRingbufReserveFnRingbufSubmitFnRingbufDiscardFnRingbufQueryFnCsumLevelFnSkcToTcp6SockFnSkcToTcpSockFnSkcToTcpTimewaitSockFnSkcToTcpRequestSockFnSkcToUdp6SockFnGetTaskStackFnLoadHdrOptFnStoreHdrOptFnReserveHdrOptFnInodeStorageGetFnInodeStorageDeleteFnDPathFnCopyFromUserFnSnprintfBtfFnSeqPrintfBtfFnSkbCgroupClassidFnRedirectNeighFnPerCpuPtrFnThisCpuPtrFnRedirectPeerFnTaskStorageGetFnTaskStorageDeleteFnGetCurrentTaskBtfFnBprmOptsSetFnKtimeGetCoarseNsFnImaInodeHashFnSockFromFile"
+
+var _BuiltinFunc_index = [...]uint16{0, 8, 23, 38, 53, 64, 76, 89, 104, 123, 138, 153, 168, 178, 193, 212, 230, 246, 264, 277, 289, 306, 323, 338, 348, 363, 380, 394, 406, 416, 433, 450, 466, 481, 497, 512, 528, 544, 568, 583, 596, 608, 624, 639, 654, 669, 683, 700, 714, 723, 735, 750, 763, 778, 793, 808, 828, 847, 859, 875, 894, 910, 925, 939, 952, 958, 973, 990, 1000, 1022, 1033, 1049, 1066, 1082, 1096, 1115, 1133, 1148, 1158, 1169, 1182, 1202, 1219, 1238, 1259, 1272, 1285, 1296, 1309, 1321, 1334, 1347, 1359, 1373, 1383, 1395, 1407, 1416, 1429, 1446, 1460, 1479, 1494, 1517, 1536, 1555, 1563, 1572, 1586, 1603, 1615, 1632, 1643, 1658, 1675, 1693, 1713, 1725, 1743, 1754, 1773, 1794, 1805, 1821, 1849, 1859, 1875, 1886, 1896, 1908, 1928, 1943, 1959, 1974, 1990, 2004, 2015, 2030, 2044, 2066, 2087, 2102, 2116, 2128, 2141, 2156, 2173, 2193, 2200, 2214, 2227, 2241, 2259, 2274, 2285, 2297, 2311, 2327, 2346, 2365, 2378, 2396, 2410, 2424}
+
+func (i BuiltinFunc) String() string {
+	if i < 0 || i >= BuiltinFunc(len(_BuiltinFunc_index)-1) {
+		return "BuiltinFunc(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _BuiltinFunc_name[_BuiltinFunc_index[i]:_BuiltinFunc_index[i+1]]
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go
new file mode 100644
index 0000000000000..e7ac0109e2dcc
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/instruction.go
@@ -0,0 +1,506 @@
+package asm
+
+import (
+	"crypto/sha1"
+	"encoding/binary"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"strings"
+
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// InstructionSize is the size of a BPF instruction in bytes
+const InstructionSize = 8
+
+// RawInstructionOffset is an offset in units of raw BPF instructions.
+type RawInstructionOffset uint64
+
+// Bytes returns the offset of an instruction in bytes.
+func (rio RawInstructionOffset) Bytes() uint64 {
+	return uint64(rio) * InstructionSize
+}
+
+// Instruction is a single eBPF instruction.
+type Instruction struct {
+	OpCode    OpCode
+	Dst       Register
+	Src       Register
+	Offset    int16
+	Constant  int64
+	Reference string
+	Symbol    string
+}
+
+// Sym creates a symbol.
+func (ins Instruction) Sym(name string) Instruction {
+	ins.Symbol = name
+	return ins
+}
+
+// Unmarshal decodes a BPF instruction.
+func (ins *Instruction) Unmarshal(r io.Reader, bo binary.ByteOrder) (uint64, error) {
+	var bi bpfInstruction
+	err := binary.Read(r, bo, &bi)
+	if err != nil {
+		return 0, err
+	}
+
+	ins.OpCode = bi.OpCode
+	ins.Offset = bi.Offset
+	ins.Constant = int64(bi.Constant)
+	ins.Dst, ins.Src, err = bi.Registers.Unmarshal(bo)
+	if err != nil {
+		return 0, fmt.Errorf("can't unmarshal registers: %s", err)
+	}
+
+	if !bi.OpCode.IsDWordLoad() {
+		return InstructionSize, nil
+	}
+
+	var bi2 bpfInstruction
+	if err := binary.Read(r, bo, &bi2); err != nil {
+		// No Wrap, to avoid io.EOF clash
+		return 0, errors.New("64bit immediate is missing second half")
+	}
+	if bi2.OpCode != 0 || bi2.Offset != 0 || bi2.Registers != 0 {
+		return 0, errors.New("64bit immediate has non-zero fields")
+	}
+	ins.Constant = int64(uint64(uint32(bi2.Constant))<<32 | uint64(uint32(bi.Constant)))
+
+	return 2 * InstructionSize, nil
+}
+
+// Marshal encodes a BPF instruction.
+func (ins Instruction) Marshal(w io.Writer, bo binary.ByteOrder) (uint64, error) {
+	if ins.OpCode == InvalidOpCode {
+		return 0, errors.New("invalid opcode")
+	}
+
+	isDWordLoad := ins.OpCode.IsDWordLoad()
+
+	cons := int32(ins.Constant)
+	if isDWordLoad {
+		// Encode least significant 32bit first for 64bit operations.
+		cons = int32(uint32(ins.Constant))
+	}
+
+	regs, err := newBPFRegisters(ins.Dst, ins.Src, bo)
+	if err != nil {
+		return 0, fmt.Errorf("can't marshal registers: %s", err)
+	}
+
+	bpfi := bpfInstruction{
+		ins.OpCode,
+		regs,
+		ins.Offset,
+		cons,
+	}
+
+	if err := binary.Write(w, bo, &bpfi); err != nil {
+		return 0, err
+	}
+
+	if !isDWordLoad {
+		return InstructionSize, nil
+	}
+
+	bpfi = bpfInstruction{
+		Constant: int32(ins.Constant >> 32),
+	}
+
+	if err := binary.Write(w, bo, &bpfi); err != nil {
+		return 0, err
+	}
+
+	return 2 * InstructionSize, nil
+}
+
+// RewriteMapPtr changes an instruction to use a new map fd.
+//
+// Returns an error if the instruction doesn't load a map.
+func (ins *Instruction) RewriteMapPtr(fd int) error {
+	if !ins.OpCode.IsDWordLoad() {
+		return fmt.Errorf("%s is not a 64 bit load", ins.OpCode)
+	}
+
+	if ins.Src != PseudoMapFD && ins.Src != PseudoMapValue {
+		return errors.New("not a load from a map")
+	}
+
+	// Preserve the offset value for direct map loads.
+	offset := uint64(ins.Constant) & (math.MaxUint32 << 32)
+	rawFd := uint64(uint32(fd))
+	ins.Constant = int64(offset | rawFd)
+	return nil
+}
+
+// MapPtr returns the map fd for this instruction.
+//
+// The result is undefined if the instruction is not a load from a map,
+// see IsLoadFromMap.
+func (ins *Instruction) MapPtr() int {
+	return int(int32(uint64(ins.Constant) & math.MaxUint32))
+}
+
+// RewriteMapOffset changes the offset of a direct load from a map.
+//
+// Returns an error if the instruction is not a direct load.
+func (ins *Instruction) RewriteMapOffset(offset uint32) error {
+	if !ins.OpCode.IsDWordLoad() {
+		return fmt.Errorf("%s is not a 64 bit load", ins.OpCode)
+	}
+
+	if ins.Src != PseudoMapValue {
+		return errors.New("not a direct load from a map")
+	}
+
+	fd := uint64(ins.Constant) & math.MaxUint32
+	ins.Constant = int64(uint64(offset)<<32 | fd)
+	return nil
+}
+
+func (ins *Instruction) mapOffset() uint32 {
+	return uint32(uint64(ins.Constant) >> 32)
+}
+
+// IsLoadFromMap returns true if the instruction loads from a map.
+//
+// This covers both loading the map pointer and direct map value loads.
+func (ins *Instruction) IsLoadFromMap() bool {
+	return ins.OpCode == LoadImmOp(DWord) && (ins.Src == PseudoMapFD || ins.Src == PseudoMapValue)
+}
+
+// IsFunctionCall returns true if the instruction calls another BPF function.
+//
+// This is not the same thing as a BPF helper call.
+func (ins *Instruction) IsFunctionCall() bool {
+	return ins.OpCode.JumpOp() == Call && ins.Src == PseudoCall
+}
+
+// IsConstantLoad returns true if the instruction loads a constant of the
+// given size.
+func (ins *Instruction) IsConstantLoad(size Size) bool {
+	return ins.OpCode == LoadImmOp(size) && ins.Src == R0 && ins.Offset == 0
+}
+
+// Format implements fmt.Formatter.
+func (ins Instruction) Format(f fmt.State, c rune) {
+	if c != 'v' {
+		fmt.Fprintf(f, "{UNRECOGNIZED: %c}", c)
+		return
+	}
+
+	op := ins.OpCode
+
+	if op == InvalidOpCode {
+		fmt.Fprint(f, "INVALID")
+		return
+	}
+
+	// Omit trailing space for Exit
+	if op.JumpOp() == Exit {
+		fmt.Fprint(f, op)
+		return
+	}
+
+	if ins.IsLoadFromMap() {
+		fd := ins.MapPtr()
+		switch ins.Src {
+		case PseudoMapFD:
+			fmt.Fprintf(f, "LoadMapPtr dst: %s fd: %d", ins.Dst, fd)
+
+		case PseudoMapValue:
+			fmt.Fprintf(f, "LoadMapValue dst: %s, fd: %d off: %d", ins.Dst, fd, ins.mapOffset())
+		}
+
+		goto ref
+	}
+
+	fmt.Fprintf(f, "%v ", op)
+	switch cls := op.Class(); cls {
+	case LdClass, LdXClass, StClass, StXClass:
+		switch op.Mode() {
+		case ImmMode:
+			fmt.Fprintf(f, "dst: %s imm: %d", ins.Dst, ins.Constant)
+		case AbsMode:
+			fmt.Fprintf(f, "imm: %d", ins.Constant)
+		case IndMode:
+			fmt.Fprintf(f, "dst: %s src: %s imm: %d", ins.Dst, ins.Src, ins.Constant)
+		case MemMode:
+			fmt.Fprintf(f, "dst: %s src: %s off: %d imm: %d", ins.Dst, ins.Src, ins.Offset, ins.Constant)
+		case XAddMode:
+			fmt.Fprintf(f, "dst: %s src: %s", ins.Dst, ins.Src)
+		}
+
+	case ALU64Class, ALUClass:
+		fmt.Fprintf(f, "dst: %s ", ins.Dst)
+		if op.ALUOp() == Swap || op.Source() == ImmSource {
+			fmt.Fprintf(f, "imm: %d", ins.Constant)
+		} else {
+			fmt.Fprintf(f, "src: %s", ins.Src)
+		}
+
+	case JumpClass:
+		switch jop := op.JumpOp(); jop {
+		case Call:
+			if ins.Src == PseudoCall {
+				// bpf-to-bpf call
+				fmt.Fprint(f, ins.Constant)
+			} else {
+				fmt.Fprint(f, BuiltinFunc(ins.Constant))
+			}
+
+		default:
+			fmt.Fprintf(f, "dst: %s off: %d ", ins.Dst, ins.Offset)
+			if op.Source() == ImmSource {
+				fmt.Fprintf(f, "imm: %d", ins.Constant)
+			} else {
+				fmt.Fprintf(f, "src: %s", ins.Src)
+			}
+		}
+	}
+
+ref:
+	if ins.Reference != "" {
+		fmt.Fprintf(f, " <%s>", ins.Reference)
+	}
+}
+
+// Instructions is an eBPF program.
+type Instructions []Instruction
+
+func (insns Instructions) String() string {
+	return fmt.Sprint(insns)
+}
+
+// RewriteMapPtr rewrites all loads of a specific map pointer to a new fd.
+//
+// Returns an error if the symbol isn't used, see IsUnreferencedSymbol.
+func (insns Instructions) RewriteMapPtr(symbol string, fd int) error {
+	if symbol == "" {
+		return errors.New("empty symbol")
+	}
+
+	found := false
+	for i := range insns {
+		ins := &insns[i]
+		if ins.Reference != symbol {
+			continue
+		}
+
+		if err := ins.RewriteMapPtr(fd); err != nil {
+			return err
+		}
+
+		found = true
+	}
+
+	if !found {
+		return &unreferencedSymbolError{symbol}
+	}
+
+	return nil
+}
+
+// SymbolOffsets returns the set of symbols and their offset in
+// the instructions.
+func (insns Instructions) SymbolOffsets() (map[string]int, error) {
+	offsets := make(map[string]int)
+
+	for i, ins := range insns {
+		if ins.Symbol == "" {
+			continue
+		}
+
+		if _, ok := offsets[ins.Symbol]; ok {
+			return nil, fmt.Errorf("duplicate symbol %s", ins.Symbol)
+		}
+
+		offsets[ins.Symbol] = i
+	}
+
+	return offsets, nil
+}
+
+// ReferenceOffsets returns the set of references and their offset in
+// the instructions.
+func (insns Instructions) ReferenceOffsets() map[string][]int {
+	offsets := make(map[string][]int)
+
+	for i, ins := range insns {
+		if ins.Reference == "" {
+			continue
+		}
+
+		offsets[ins.Reference] = append(offsets[ins.Reference], i)
+	}
+
+	return offsets
+}
+
+// Format implements fmt.Formatter.
+//
+// You can control indentation of symbols by
+// specifying a width. Setting a precision controls the indentation of
+// instructions.
+// The default character is a tab, which can be overridden by specifying
+// the ' ' space flag.
+func (insns Instructions) Format(f fmt.State, c rune) {
+	if c != 's' && c != 'v' {
+		fmt.Fprintf(f, "{UNKNOWN FORMAT '%c'}", c)
+		return
+	}
+
+	// Precision is better in this case, because it allows
+	// specifying 0 padding easily.
+	padding, ok := f.Precision()
+	if !ok {
+		padding = 1
+	}
+
+	indent := strings.Repeat("\t", padding)
+	if f.Flag(' ') {
+		indent = strings.Repeat(" ", padding)
+	}
+
+	symPadding, ok := f.Width()
+	if !ok {
+		symPadding = padding - 1
+	}
+	if symPadding < 0 {
+		symPadding = 0
+	}
+
+	symIndent := strings.Repeat("\t", symPadding)
+	if f.Flag(' ') {
+		symIndent = strings.Repeat(" ", symPadding)
+	}
+
+	// Guess how many digits we need at most, by assuming that all instructions
+	// are double wide.
+	highestOffset := len(insns) * 2
+	offsetWidth := int(math.Ceil(math.Log10(float64(highestOffset))))
+
+	iter := insns.Iterate()
+	for iter.Next() {
+		if iter.Ins.Symbol != "" {
+			fmt.Fprintf(f, "%s%s:\n", symIndent, iter.Ins.Symbol)
+		}
+		fmt.Fprintf(f, "%s%*d: %v\n", indent, offsetWidth, iter.Offset, iter.Ins)
+	}
+}
+
+// Marshal encodes a BPF program into the kernel format.
+func (insns Instructions) Marshal(w io.Writer, bo binary.ByteOrder) error {
+	for i, ins := range insns {
+		_, err := ins.Marshal(w, bo)
+		if err != nil {
+			return fmt.Errorf("instruction %d: %w", i, err)
+		}
+	}
+	return nil
+}
+
+// Tag calculates the kernel tag for a series of instructions.
+//
+// It mirrors bpf_prog_calc_tag in the kernel and so can be compared
+// to ProgramInfo.Tag to figure out whether a loaded program matches
+// certain instructions.
+func (insns Instructions) Tag(bo binary.ByteOrder) (string, error) {
+	h := sha1.New()
+	for i, ins := range insns {
+		if ins.IsLoadFromMap() {
+			ins.Constant = 0
+		}
+		_, err := ins.Marshal(h, bo)
+		if err != nil {
+			return "", fmt.Errorf("instruction %d: %w", i, err)
+		}
+	}
+	return hex.EncodeToString(h.Sum(nil)[:unix.BPF_TAG_SIZE]), nil
+}
+
+// Iterate allows iterating a BPF program while keeping track of
+// various offsets.
+//
+// Modifying the instruction slice will lead to undefined behaviour.
+func (insns Instructions) Iterate() *InstructionIterator {
+	return &InstructionIterator{insns: insns}
+}
+
+// InstructionIterator iterates over a BPF program.
+type InstructionIterator struct {
+	insns Instructions
+	// The instruction in question.
+	Ins *Instruction
+	// The index of the instruction in the original instruction slice.
+	Index int
+	// The offset of the instruction in raw BPF instructions. This accounts
+	// for double-wide instructions.
+	Offset RawInstructionOffset
+}
+
+// Next returns true as long as there are any instructions remaining.
+func (iter *InstructionIterator) Next() bool {
+	if len(iter.insns) == 0 {
+		return false
+	}
+
+	if iter.Ins != nil {
+		iter.Index++
+		iter.Offset += RawInstructionOffset(iter.Ins.OpCode.rawInstructions())
+	}
+	iter.Ins = &iter.insns[0]
+	iter.insns = iter.insns[1:]
+	return true
+}
+
+type bpfInstruction struct {
+	OpCode    OpCode
+	Registers bpfRegisters
+	Offset    int16
+	Constant  int32
+}
+
+type bpfRegisters uint8
+
+func newBPFRegisters(dst, src Register, bo binary.ByteOrder) (bpfRegisters, error) {
+	switch bo {
+	case binary.LittleEndian:
+		return bpfRegisters((src << 4) | (dst & 0xF)), nil
+	case binary.BigEndian:
+		return bpfRegisters((dst << 4) | (src & 0xF)), nil
+	default:
+		return 0, fmt.Errorf("unrecognized ByteOrder %T", bo)
+	}
+}
+
+func (r bpfRegisters) Unmarshal(bo binary.ByteOrder) (dst, src Register, err error) {
+	switch bo {
+	case binary.LittleEndian:
+		return Register(r & 0xF), Register(r >> 4), nil
+	case binary.BigEndian:
+		return Register(r >> 4), Register(r & 0xf), nil
+	default:
+		return 0, 0, fmt.Errorf("unrecognized ByteOrder %T", bo)
+	}
+}
+
+type unreferencedSymbolError struct {
+	symbol string
+}
+
+func (use *unreferencedSymbolError) Error() string {
+	return fmt.Sprintf("unreferenced symbol %s", use.symbol)
+}
+
+// IsUnreferencedSymbol returns true if err was caused by
+// an unreferenced symbol.
+func IsUnreferencedSymbol(err error) bool {
+	_, ok := err.(*unreferencedSymbolError)
+	return ok
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/jump.go b/vendor/github.com/cilium/ebpf/asm/jump.go
new file mode 100644
index 0000000000000..7757179de6491
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/jump.go
@@ -0,0 +1,109 @@
+package asm
+
+//go:generate stringer -output jump_string.go -type=JumpOp
+
+// JumpOp affect control flow.
+//
+//    msb      lsb
+//    +----+-+---+
+//    |OP  |s|cls|
+//    +----+-+---+
+type JumpOp uint8
+
+const jumpMask OpCode = aluMask
+
+const (
+	// InvalidJumpOp is returned by getters when invoked
+	// on non branch OpCodes
+	InvalidJumpOp JumpOp = 0xff
+	// Ja jumps by offset unconditionally
+	Ja JumpOp = 0x00
+	// JEq jumps by offset if r == imm
+	JEq JumpOp = 0x10
+	// JGT jumps by offset if r > imm
+	JGT JumpOp = 0x20
+	// JGE jumps by offset if r >= imm
+	JGE JumpOp = 0x30
+	// JSet jumps by offset if r & imm
+	JSet JumpOp = 0x40
+	// JNE jumps by offset if r != imm
+	JNE JumpOp = 0x50
+	// JSGT jumps by offset if signed r > signed imm
+	JSGT JumpOp = 0x60
+	// JSGE jumps by offset if signed r >= signed imm
+	JSGE JumpOp = 0x70
+	// Call builtin or user defined function from imm
+	Call JumpOp = 0x80
+	// Exit ends execution, with value in r0
+	Exit JumpOp = 0x90
+	// JLT jumps by offset if r < imm
+	JLT JumpOp = 0xa0
+	// JLE jumps by offset if r <= imm
+	JLE JumpOp = 0xb0
+	// JSLT jumps by offset if signed r < signed imm
+	JSLT JumpOp = 0xc0
+	// JSLE jumps by offset if signed r <= signed imm
+	JSLE JumpOp = 0xd0
+)
+
+// Return emits an exit instruction.
+//
+// Requires a return value in R0.
+func Return() Instruction {
+	return Instruction{
+		OpCode: OpCode(JumpClass).SetJumpOp(Exit),
+	}
+}
+
+// Op returns the OpCode for a given jump source.
+func (op JumpOp) Op(source Source) OpCode {
+	return OpCode(JumpClass).SetJumpOp(op).SetSource(source)
+}
+
+// Imm compares dst to value, and adjusts PC by offset if the condition is fulfilled.
+func (op JumpOp) Imm(dst Register, value int32, label string) Instruction {
+	if op == Exit || op == Call || op == Ja {
+		return Instruction{OpCode: InvalidOpCode}
+	}
+
+	return Instruction{
+		OpCode:    OpCode(JumpClass).SetJumpOp(op).SetSource(ImmSource),
+		Dst:       dst,
+		Offset:    -1,
+		Constant:  int64(value),
+		Reference: label,
+	}
+}
+
+// Reg compares dst to src, and adjusts PC by offset if the condition is fulfilled.
+func (op JumpOp) Reg(dst, src Register, label string) Instruction {
+	if op == Exit || op == Call || op == Ja {
+		return Instruction{OpCode: InvalidOpCode}
+	}
+
+	return Instruction{
+		OpCode:    OpCode(JumpClass).SetJumpOp(op).SetSource(RegSource),
+		Dst:       dst,
+		Src:       src,
+		Offset:    -1,
+		Reference: label,
+	}
+}
+
+// Label adjusts PC to the address of the label.
+func (op JumpOp) Label(label string) Instruction {
+	if op == Call {
+		return Instruction{
+			OpCode:    OpCode(JumpClass).SetJumpOp(Call),
+			Src:       PseudoCall,
+			Constant:  -1,
+			Reference: label,
+		}
+	}
+
+	return Instruction{
+		OpCode:    OpCode(JumpClass).SetJumpOp(op),
+		Offset:    -1,
+		Reference: label,
+	}
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/jump_string.go b/vendor/github.com/cilium/ebpf/asm/jump_string.go
new file mode 100644
index 0000000000000..85a4aaffa5700
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/jump_string.go
@@ -0,0 +1,53 @@
+// Code generated by "stringer -output jump_string.go -type=JumpOp"; DO NOT EDIT.
+
+package asm
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[InvalidJumpOp-255]
+	_ = x[Ja-0]
+	_ = x[JEq-16]
+	_ = x[JGT-32]
+	_ = x[JGE-48]
+	_ = x[JSet-64]
+	_ = x[JNE-80]
+	_ = x[JSGT-96]
+	_ = x[JSGE-112]
+	_ = x[Call-128]
+	_ = x[Exit-144]
+	_ = x[JLT-160]
+	_ = x[JLE-176]
+	_ = x[JSLT-192]
+	_ = x[JSLE-208]
+}
+
+const _JumpOp_name = "JaJEqJGTJGEJSetJNEJSGTJSGECallExitJLTJLEJSLTJSLEInvalidJumpOp"
+
+var _JumpOp_map = map[JumpOp]string{
+	0:   _JumpOp_name[0:2],
+	16:  _JumpOp_name[2:5],
+	32:  _JumpOp_name[5:8],
+	48:  _JumpOp_name[8:11],
+	64:  _JumpOp_name[11:15],
+	80:  _JumpOp_name[15:18],
+	96:  _JumpOp_name[18:22],
+	112: _JumpOp_name[22:26],
+	128: _JumpOp_name[26:30],
+	144: _JumpOp_name[30:34],
+	160: _JumpOp_name[34:37],
+	176: _JumpOp_name[37:40],
+	192: _JumpOp_name[40:44],
+	208: _JumpOp_name[44:48],
+	255: _JumpOp_name[48:61],
+}
+
+func (i JumpOp) String() string {
+	if str, ok := _JumpOp_map[i]; ok {
+		return str
+	}
+	return "JumpOp(" + strconv.FormatInt(int64(i), 10) + ")"
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/load_store.go b/vendor/github.com/cilium/ebpf/asm/load_store.go
new file mode 100644
index 0000000000000..85ed286b02b06
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/load_store.go
@@ -0,0 +1,204 @@
+package asm
+
+//go:generate stringer -output load_store_string.go -type=Mode,Size
+
+// Mode for load and store operations
+//
+//    msb      lsb
+//    +---+--+---+
+//    |MDE|sz|cls|
+//    +---+--+---+
+type Mode uint8
+
+const modeMask OpCode = 0xe0
+
+const (
+	// InvalidMode is returned by getters when invoked
+	// on non load / store OpCodes
+	InvalidMode Mode = 0xff
+	// ImmMode - immediate value
+	ImmMode Mode = 0x00
+	// AbsMode - immediate value + offset
+	AbsMode Mode = 0x20
+	// IndMode - indirect (imm+src)
+	IndMode Mode = 0x40
+	// MemMode - load from memory
+	MemMode Mode = 0x60
+	// XAddMode - add atomically across processors.
+	XAddMode Mode = 0xc0
+)
+
+// Size of load and store operations
+//
+//    msb      lsb
+//    +---+--+---+
+//    |mde|SZ|cls|
+//    +---+--+---+
+type Size uint8
+
+const sizeMask OpCode = 0x18
+
+const (
+	// InvalidSize is returned by getters when invoked
+	// on non load / store OpCodes
+	InvalidSize Size = 0xff
+	// DWord - double word; 64 bits
+	DWord Size = 0x18
+	// Word - word; 32 bits
+	Word Size = 0x00
+	// Half - half-word; 16 bits
+	Half Size = 0x08
+	// Byte - byte; 8 bits
+	Byte Size = 0x10
+)
+
+// Sizeof returns the size in bytes.
+func (s Size) Sizeof() int {
+	switch s {
+	case DWord:
+		return 8
+	case Word:
+		return 4
+	case Half:
+		return 2
+	case Byte:
+		return 1
+	default:
+		return -1
+	}
+}
+
+// LoadMemOp returns the OpCode to load a value of given size from memory.
+func LoadMemOp(size Size) OpCode {
+	return OpCode(LdXClass).SetMode(MemMode).SetSize(size)
+}
+
+// LoadMem emits `dst = *(size *)(src + offset)`.
+func LoadMem(dst, src Register, offset int16, size Size) Instruction {
+	return Instruction{
+		OpCode: LoadMemOp(size),
+		Dst:    dst,
+		Src:    src,
+		Offset: offset,
+	}
+}
+
+// LoadImmOp returns the OpCode to load an immediate of given size.
+//
+// As of kernel 4.20, only DWord size is accepted.
+func LoadImmOp(size Size) OpCode {
+	return OpCode(LdClass).SetMode(ImmMode).SetSize(size)
+}
+
+// LoadImm emits `dst = (size)value`.
+//
+// As of kernel 4.20, only DWord size is accepted.
+func LoadImm(dst Register, value int64, size Size) Instruction {
+	return Instruction{
+		OpCode:   LoadImmOp(size),
+		Dst:      dst,
+		Constant: value,
+	}
+}
+
+// LoadMapPtr stores a pointer to a map in dst.
+func LoadMapPtr(dst Register, fd int) Instruction {
+	if fd < 0 {
+		return Instruction{OpCode: InvalidOpCode}
+	}
+
+	return Instruction{
+		OpCode:   LoadImmOp(DWord),
+		Dst:      dst,
+		Src:      PseudoMapFD,
+		Constant: int64(uint32(fd)),
+	}
+}
+
+// LoadMapValue stores a pointer to the value at a certain offset of a map.
+func LoadMapValue(dst Register, fd int, offset uint32) Instruction {
+	if fd < 0 {
+		return Instruction{OpCode: InvalidOpCode}
+	}
+
+	fdAndOffset := (uint64(offset) << 32) | uint64(uint32(fd))
+	return Instruction{
+		OpCode:   LoadImmOp(DWord),
+		Dst:      dst,
+		Src:      PseudoMapValue,
+		Constant: int64(fdAndOffset),
+	}
+}
+
+// LoadIndOp returns the OpCode for loading a value of given size from an sk_buff.
+func LoadIndOp(size Size) OpCode {
+	return OpCode(LdClass).SetMode(IndMode).SetSize(size)
+}
+
+// LoadInd emits `dst = ntoh(*(size *)(((sk_buff *)R6)->data + src + offset))`.
+func LoadInd(dst, src Register, offset int32, size Size) Instruction {
+	return Instruction{
+		OpCode:   LoadIndOp(size),
+		Dst:      dst,
+		Src:      src,
+		Constant: int64(offset),
+	}
+}
+
+// LoadAbsOp returns the OpCode for loading a value of given size from an sk_buff.
+func LoadAbsOp(size Size) OpCode {
+	return OpCode(LdClass).SetMode(AbsMode).SetSize(size)
+}
+
+// LoadAbs emits `r0 = ntoh(*(size *)(((sk_buff *)R6)->data + offset))`.
+func LoadAbs(offset int32, size Size) Instruction {
+	return Instruction{
+		OpCode:   LoadAbsOp(size),
+		Dst:      R0,
+		Constant: int64(offset),
+	}
+}
+
+// StoreMemOp returns the OpCode for storing a register of given size in memory.
+func StoreMemOp(size Size) OpCode {
+	return OpCode(StXClass).SetMode(MemMode).SetSize(size)
+}
+
+// StoreMem emits `*(size *)(dst + offset) = src`
+func StoreMem(dst Register, offset int16, src Register, size Size) Instruction {
+	return Instruction{
+		OpCode: StoreMemOp(size),
+		Dst:    dst,
+		Src:    src,
+		Offset: offset,
+	}
+}
+
+// StoreImmOp returns the OpCode for storing an immediate of given size in memory.
+func StoreImmOp(size Size) OpCode {
+	return OpCode(StClass).SetMode(MemMode).SetSize(size)
+}
+
+// StoreImm emits `*(size *)(dst + offset) = value`.
+func StoreImm(dst Register, offset int16, value int64, size Size) Instruction {
+	return Instruction{
+		OpCode:   StoreImmOp(size),
+		Dst:      dst,
+		Offset:   offset,
+		Constant: value,
+	}
+}
+
+// StoreXAddOp returns the OpCode to atomically add a register to a value in memory.
+func StoreXAddOp(size Size) OpCode {
+	return OpCode(StXClass).SetMode(XAddMode).SetSize(size)
+}
+
+// StoreXAdd atomically adds src to *dst.
+func StoreXAdd(dst, src Register, size Size) Instruction {
+	return Instruction{
+		OpCode: StoreXAddOp(size),
+		Dst:    dst,
+		Src:    src,
+	}
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/load_store_string.go b/vendor/github.com/cilium/ebpf/asm/load_store_string.go
new file mode 100644
index 0000000000000..76d29a0756c6e
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/load_store_string.go
@@ -0,0 +1,80 @@
+// Code generated by "stringer -output load_store_string.go -type=Mode,Size"; DO NOT EDIT.
+
+package asm
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[InvalidMode-255]
+	_ = x[ImmMode-0]
+	_ = x[AbsMode-32]
+	_ = x[IndMode-64]
+	_ = x[MemMode-96]
+	_ = x[XAddMode-192]
+}
+
+const (
+	_Mode_name_0 = "ImmMode"
+	_Mode_name_1 = "AbsMode"
+	_Mode_name_2 = "IndMode"
+	_Mode_name_3 = "MemMode"
+	_Mode_name_4 = "XAddMode"
+	_Mode_name_5 = "InvalidMode"
+)
+
+func (i Mode) String() string {
+	switch {
+	case i == 0:
+		return _Mode_name_0
+	case i == 32:
+		return _Mode_name_1
+	case i == 64:
+		return _Mode_name_2
+	case i == 96:
+		return _Mode_name_3
+	case i == 192:
+		return _Mode_name_4
+	case i == 255:
+		return _Mode_name_5
+	default:
+		return "Mode(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[InvalidSize-255]
+	_ = x[DWord-24]
+	_ = x[Word-0]
+	_ = x[Half-8]
+	_ = x[Byte-16]
+}
+
+const (
+	_Size_name_0 = "Word"
+	_Size_name_1 = "Half"
+	_Size_name_2 = "Byte"
+	_Size_name_3 = "DWord"
+	_Size_name_4 = "InvalidSize"
+)
+
+func (i Size) String() string {
+	switch {
+	case i == 0:
+		return _Size_name_0
+	case i == 8:
+		return _Size_name_1
+	case i == 16:
+		return _Size_name_2
+	case i == 24:
+		return _Size_name_3
+	case i == 255:
+		return _Size_name_4
+	default:
+		return "Size(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/opcode.go b/vendor/github.com/cilium/ebpf/asm/opcode.go
new file mode 100644
index 0000000000000..6edc3cf5917d0
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/opcode.go
@@ -0,0 +1,237 @@
+package asm
+
+import (
+	"fmt"
+	"strings"
+)
+
+//go:generate stringer -output opcode_string.go -type=Class
+
+type encoding int
+
+const (
+	unknownEncoding encoding = iota
+	loadOrStore
+	jumpOrALU
+)
+
+// Class of operations
+//
+//    msb      lsb
+//    +---+--+---+
+//    |  ??  |CLS|
+//    +---+--+---+
+type Class uint8
+
+const classMask OpCode = 0x07
+
+const (
+	// LdClass load memory
+	LdClass Class = 0x00
+	// LdXClass load memory from constant
+	LdXClass Class = 0x01
+	// StClass load register from memory
+	StClass Class = 0x02
+	// StXClass load register from constant
+	StXClass Class = 0x03
+	// ALUClass arithmetic operators
+	ALUClass Class = 0x04
+	// JumpClass jump operators
+	JumpClass Class = 0x05
+	// ALU64Class arithmetic in 64 bit mode
+	ALU64Class Class = 0x07
+)
+
+func (cls Class) encoding() encoding {
+	switch cls {
+	case LdClass, LdXClass, StClass, StXClass:
+		return loadOrStore
+	case ALU64Class, ALUClass, JumpClass:
+		return jumpOrALU
+	default:
+		return unknownEncoding
+	}
+}
+
+// OpCode is a packed eBPF opcode.
+//
+// Its encoding is defined by a Class value:
+//
+//    msb      lsb
+//    +----+-+---+
+//    | ???? |CLS|
+//    +----+-+---+
+type OpCode uint8
+
+// InvalidOpCode is returned by setters on OpCode
+const InvalidOpCode OpCode = 0xff
+
+// rawInstructions returns the number of BPF instructions required
+// to encode this opcode.
+func (op OpCode) rawInstructions() int {
+	if op.IsDWordLoad() {
+		return 2
+	}
+	return 1
+}
+
+func (op OpCode) IsDWordLoad() bool {
+	return op == LoadImmOp(DWord)
+}
+
+// Class returns the class of operation.
+func (op OpCode) Class() Class {
+	return Class(op & classMask)
+}
+
+// Mode returns the mode for load and store operations.
+func (op OpCode) Mode() Mode {
+	if op.Class().encoding() != loadOrStore {
+		return InvalidMode
+	}
+	return Mode(op & modeMask)
+}
+
+// Size returns the size for load and store operations.
+func (op OpCode) Size() Size {
+	if op.Class().encoding() != loadOrStore {
+		return InvalidSize
+	}
+	return Size(op & sizeMask)
+}
+
+// Source returns the source for branch and ALU operations.
+func (op OpCode) Source() Source {
+	if op.Class().encoding() != jumpOrALU || op.ALUOp() == Swap {
+		return InvalidSource
+	}
+	return Source(op & sourceMask)
+}
+
+// ALUOp returns the ALUOp.
+func (op OpCode) ALUOp() ALUOp {
+	if op.Class().encoding() != jumpOrALU {
+		return InvalidALUOp
+	}
+	return ALUOp(op & aluMask)
+}
+
+// Endianness returns the Endianness for a byte swap instruction.
+func (op OpCode) Endianness() Endianness {
+	if op.ALUOp() != Swap {
+		return InvalidEndian
+	}
+	return Endianness(op & endianMask)
+}
+
+// JumpOp returns the JumpOp.
+func (op OpCode) JumpOp() JumpOp {
+	if op.Class().encoding() != jumpOrALU {
+		return InvalidJumpOp
+	}
+	return JumpOp(op & jumpMask)
+}
+
+// SetMode sets the mode on load and store operations.
+//
+// Returns InvalidOpCode if op is of the wrong class.
+func (op OpCode) SetMode(mode Mode) OpCode {
+	if op.Class().encoding() != loadOrStore || !valid(OpCode(mode), modeMask) {
+		return InvalidOpCode
+	}
+	return (op & ^modeMask) | OpCode(mode)
+}
+
+// SetSize sets the size on load and store operations.
+//
+// Returns InvalidOpCode if op is of the wrong class.
+func (op OpCode) SetSize(size Size) OpCode {
+	if op.Class().encoding() != loadOrStore || !valid(OpCode(size), sizeMask) {
+		return InvalidOpCode
+	}
+	return (op & ^sizeMask) | OpCode(size)
+}
+
+// SetSource sets the source on jump and ALU operations.
+//
+// Returns InvalidOpCode if op is of the wrong class.
+func (op OpCode) SetSource(source Source) OpCode {
+	if op.Class().encoding() != jumpOrALU || !valid(OpCode(source), sourceMask) {
+		return InvalidOpCode
+	}
+	return (op & ^sourceMask) | OpCode(source)
+}
+
+// SetALUOp sets the ALUOp on ALU operations.
+//
+// Returns InvalidOpCode if op is of the wrong class.
+func (op OpCode) SetALUOp(alu ALUOp) OpCode {
+	class := op.Class()
+	if (class != ALUClass && class != ALU64Class) || !valid(OpCode(alu), aluMask) {
+		return InvalidOpCode
+	}
+	return (op & ^aluMask) | OpCode(alu)
+}
+
+// SetJumpOp sets the JumpOp on jump operations.
+//
+// Returns InvalidOpCode if op is of the wrong class.
+func (op OpCode) SetJumpOp(jump JumpOp) OpCode {
+	if op.Class() != JumpClass || !valid(OpCode(jump), jumpMask) {
+		return InvalidOpCode
+	}
+	return (op & ^jumpMask) | OpCode(jump)
+}
+
+func (op OpCode) String() string {
+	var f strings.Builder
+
+	switch class := op.Class(); class {
+	case LdClass, LdXClass, StClass, StXClass:
+		f.WriteString(strings.TrimSuffix(class.String(), "Class"))
+
+		mode := op.Mode()
+		f.WriteString(strings.TrimSuffix(mode.String(), "Mode"))
+
+		switch op.Size() {
+		case DWord:
+			f.WriteString("DW")
+		case Word:
+			f.WriteString("W")
+		case Half:
+			f.WriteString("H")
+		case Byte:
+			f.WriteString("B")
+		}
+
+	case ALU64Class, ALUClass:
+		f.WriteString(op.ALUOp().String())
+
+		if op.ALUOp() == Swap {
+			// Width for Endian is controlled by Constant
+			f.WriteString(op.Endianness().String())
+		} else {
+			if class == ALUClass {
+				f.WriteString("32")
+			}
+
+			f.WriteString(strings.TrimSuffix(op.Source().String(), "Source"))
+		}
+
+	case JumpClass:
+		f.WriteString(op.JumpOp().String())
+		if jop := op.JumpOp(); jop != Exit && jop != Call {
+			f.WriteString(strings.TrimSuffix(op.Source().String(), "Source"))
+		}
+
+	default:
+		fmt.Fprintf(&f, "OpCode(%#x)", uint8(op))
+	}
+
+	return f.String()
+}
+
+// valid returns true if all bits in value are covered by mask.
+func valid(value, mask OpCode) bool {
+	return value & ^mask == 0
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/opcode_string.go b/vendor/github.com/cilium/ebpf/asm/opcode_string.go
new file mode 100644
index 0000000000000..079ce1db0b83a
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/opcode_string.go
@@ -0,0 +1,38 @@
+// Code generated by "stringer -output opcode_string.go -type=Class"; DO NOT EDIT.
+
+package asm
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[LdClass-0]
+	_ = x[LdXClass-1]
+	_ = x[StClass-2]
+	_ = x[StXClass-3]
+	_ = x[ALUClass-4]
+	_ = x[JumpClass-5]
+	_ = x[ALU64Class-7]
+}
+
+const (
+	_Class_name_0 = "LdClassLdXClassStClassStXClassALUClassJumpClass"
+	_Class_name_1 = "ALU64Class"
+)
+
+var (
+	_Class_index_0 = [...]uint8{0, 7, 15, 22, 30, 38, 47}
+)
+
+func (i Class) String() string {
+	switch {
+	case 0 <= i && i <= 5:
+		return _Class_name_0[_Class_index_0[i]:_Class_index_0[i+1]]
+	case i == 7:
+		return _Class_name_1
+	default:
+		return "Class(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+}
diff --git a/vendor/github.com/cilium/ebpf/asm/register.go b/vendor/github.com/cilium/ebpf/asm/register.go
new file mode 100644
index 0000000000000..76cb44bffc716
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/asm/register.go
@@ -0,0 +1,49 @@
+package asm
+
+import (
+	"fmt"
+)
+
+// Register is the source or destination of most operations.
+type Register uint8
+
+// R0 contains return values.
+const R0 Register = 0
+
+// Registers for function arguments.
+const (
+	R1 Register = R0 + 1 + iota
+	R2
+	R3
+	R4
+	R5
+)
+
+// Callee saved registers preserved by function calls.
+const (
+	R6 Register = R5 + 1 + iota
+	R7
+	R8
+	R9
+)
+
+// Read-only frame pointer to access stack.
+const (
+	R10 Register = R9 + 1
+	RFP          = R10
+)
+
+// Pseudo registers used by 64bit loads and jumps
+const (
+	PseudoMapFD    = R1 // BPF_PSEUDO_MAP_FD
+	PseudoMapValue = R2 // BPF_PSEUDO_MAP_VALUE
+	PseudoCall     = R1 // BPF_PSEUDO_CALL
+)
+
+func (r Register) String() string {
+	v := uint8(r)
+	if v == 10 {
+		return "rfp"
+	}
+	return fmt.Sprintf("r%d", v)
+}
diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go
new file mode 100644
index 0000000000000..17cc69492ea95
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/collection.go
@@ -0,0 +1,616 @@
+package ebpf
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"reflect"
+	"strings"
+
+	"github.com/cilium/ebpf/asm"
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/btf"
+)
+
+// CollectionOptions control loading a collection into the kernel.
+//
+// Maps and Programs are passed to NewMapWithOptions and NewProgramsWithOptions.
+type CollectionOptions struct {
+	Maps     MapOptions
+	Programs ProgramOptions
+}
+
+// CollectionSpec describes a collection.
+type CollectionSpec struct {
+	Maps     map[string]*MapSpec
+	Programs map[string]*ProgramSpec
+}
+
+// Copy returns a recursive copy of the spec.
+func (cs *CollectionSpec) Copy() *CollectionSpec {
+	if cs == nil {
+		return nil
+	}
+
+	cpy := CollectionSpec{
+		Maps:     make(map[string]*MapSpec, len(cs.Maps)),
+		Programs: make(map[string]*ProgramSpec, len(cs.Programs)),
+	}
+
+	for name, spec := range cs.Maps {
+		cpy.Maps[name] = spec.Copy()
+	}
+
+	for name, spec := range cs.Programs {
+		cpy.Programs[name] = spec.Copy()
+	}
+
+	return &cpy
+}
+
+// RewriteMaps replaces all references to specific maps.
+//
+// Use this function to use pre-existing maps instead of creating new ones
+// when calling NewCollection. Any named maps are removed from CollectionSpec.Maps.
+//
+// Returns an error if a named map isn't used in at least one program.
+func (cs *CollectionSpec) RewriteMaps(maps map[string]*Map) error {
+	for symbol, m := range maps {
+		// have we seen a program that uses this symbol / map
+		seen := false
+		fd := m.FD()
+		for progName, progSpec := range cs.Programs {
+			err := progSpec.Instructions.RewriteMapPtr(symbol, fd)
+
+			switch {
+			case err == nil:
+				seen = true
+
+			case asm.IsUnreferencedSymbol(err):
+				// Not all programs need to use the map
+
+			default:
+				return fmt.Errorf("program %s: %w", progName, err)
+			}
+		}
+
+		if !seen {
+			return fmt.Errorf("map %s not referenced by any programs", symbol)
+		}
+
+		// Prevent NewCollection from creating rewritten maps
+		delete(cs.Maps, symbol)
+	}
+
+	return nil
+}
+
+// RewriteConstants replaces the value of multiple constants.
+//
+// The constant must be defined like so in the C program:
+//
+//    volatile const type foobar;
+//    volatile const type foobar = default;
+//
+// Replacement values must be of the same length as the C sizeof(type).
+// If necessary, they are marshalled according to the same rules as
+// map values.
+//
+// From Linux 5.5 the verifier will use constants to eliminate dead code.
+//
+// Returns an error if a constant doesn't exist.
+func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error {
+	rodata := cs.Maps[".rodata"]
+	if rodata == nil {
+		return errors.New("missing .rodata section")
+	}
+
+	if rodata.BTF == nil {
+		return errors.New(".rodata section has no BTF")
+	}
+
+	if n := len(rodata.Contents); n != 1 {
+		return fmt.Errorf("expected one key in .rodata, found %d", n)
+	}
+
+	kv := rodata.Contents[0]
+	value, ok := kv.Value.([]byte)
+	if !ok {
+		return fmt.Errorf("first value in .rodata is %T not []byte", kv.Value)
+	}
+
+	buf := make([]byte, len(value))
+	copy(buf, value)
+
+	err := patchValue(buf, btf.MapValue(rodata.BTF), consts)
+	if err != nil {
+		return err
+	}
+
+	rodata.Contents[0] = MapKV{kv.Key, buf}
+	return nil
+}
+
+// Assign the contents of a CollectionSpec to a struct.
+//
+// This function is a short-cut to manually checking the presence
+// of maps and programs in a collection spec. Consider using bpf2go if this
+// sounds useful.
+//
+// The argument to must be a pointer to a struct. A field of the
+// struct is updated with values from Programs or Maps if it
+// has an `ebpf` tag and its type is *ProgramSpec or *MapSpec.
+// The tag gives the name of the program or map as found in
+// the CollectionSpec.
+//
+//    struct {
+//        Foo     *ebpf.ProgramSpec `ebpf:"xdp_foo"`
+//        Bar     *ebpf.MapSpec     `ebpf:"bar_map"`
+//        Ignored int
+//    }
+//
+// Returns an error if any of the fields can't be found, or
+// if the same map or program is assigned multiple times.
+func (cs *CollectionSpec) Assign(to interface{}) error {
+	valueOf := func(typ reflect.Type, name string) (reflect.Value, error) {
+		switch typ {
+		case reflect.TypeOf((*ProgramSpec)(nil)):
+			p := cs.Programs[name]
+			if p == nil {
+				return reflect.Value{}, fmt.Errorf("missing program %q", name)
+			}
+			return reflect.ValueOf(p), nil
+		case reflect.TypeOf((*MapSpec)(nil)):
+			m := cs.Maps[name]
+			if m == nil {
+				return reflect.Value{}, fmt.Errorf("missing map %q", name)
+			}
+			return reflect.ValueOf(m), nil
+		default:
+			return reflect.Value{}, fmt.Errorf("unsupported type %s", typ)
+		}
+	}
+
+	return assignValues(to, valueOf)
+}
+
+// LoadAndAssign maps and programs into the kernel and assign them to a struct.
+//
+// This function is a short-cut to manually checking the presence
+// of maps and programs in a collection spec. Consider using bpf2go if this
+// sounds useful.
+//
+// The argument to must be a pointer to a struct. A field of the
+// struct is updated with values from Programs or Maps if it
+// has an `ebpf` tag and its type is *Program or *Map.
+// The tag gives the name of the program or map as found in
+// the CollectionSpec.
+//
+//    struct {
+//        Foo     *ebpf.Program `ebpf:"xdp_foo"`
+//        Bar     *ebpf.Map     `ebpf:"bar_map"`
+//        Ignored int
+//    }
+//
+// opts may be nil.
+//
+// Returns an error if any of the fields can't be found, or
+// if the same map or program is assigned multiple times.
+func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) error {
+	if opts == nil {
+		opts = &CollectionOptions{}
+	}
+
+	loadMap, loadProgram, done, cleanup := lazyLoadCollection(cs, opts)
+	defer cleanup()
+
+	valueOf := func(typ reflect.Type, name string) (reflect.Value, error) {
+		switch typ {
+		case reflect.TypeOf((*Program)(nil)):
+			p, err := loadProgram(name)
+			if err != nil {
+				return reflect.Value{}, err
+			}
+			return reflect.ValueOf(p), nil
+		case reflect.TypeOf((*Map)(nil)):
+			m, err := loadMap(name)
+			if err != nil {
+				return reflect.Value{}, err
+			}
+			return reflect.ValueOf(m), nil
+		default:
+			return reflect.Value{}, fmt.Errorf("unsupported type %s", typ)
+		}
+	}
+
+	if err := assignValues(to, valueOf); err != nil {
+		return err
+	}
+
+	done()
+	return nil
+}
+
+// Collection is a collection of Programs and Maps associated
+// with their symbols
+type Collection struct {
+	Programs map[string]*Program
+	Maps     map[string]*Map
+}
+
+// NewCollection creates a Collection from a specification.
+func NewCollection(spec *CollectionSpec) (*Collection, error) {
+	return NewCollectionWithOptions(spec, CollectionOptions{})
+}
+
+// NewCollectionWithOptions creates a Collection from a specification.
+func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Collection, error) {
+	loadMap, loadProgram, done, cleanup := lazyLoadCollection(spec, &opts)
+	defer cleanup()
+
+	for mapName := range spec.Maps {
+		_, err := loadMap(mapName)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	for progName := range spec.Programs {
+		_, err := loadProgram(progName)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	maps, progs := done()
+	return &Collection{
+		progs,
+		maps,
+	}, nil
+}
+
+type handleCache struct {
+	btfHandles map[*btf.Spec]*btf.Handle
+	btfSpecs   map[io.ReaderAt]*btf.Spec
+}
+
+func newHandleCache() *handleCache {
+	return &handleCache{
+		btfHandles: make(map[*btf.Spec]*btf.Handle),
+		btfSpecs:   make(map[io.ReaderAt]*btf.Spec),
+	}
+}
+
+func (hc handleCache) btfHandle(spec *btf.Spec) (*btf.Handle, error) {
+	if hc.btfHandles[spec] != nil {
+		return hc.btfHandles[spec], nil
+	}
+
+	handle, err := btf.NewHandle(spec)
+	if err != nil {
+		return nil, err
+	}
+
+	hc.btfHandles[spec] = handle
+	return handle, nil
+}
+
+func (hc handleCache) btfSpec(rd io.ReaderAt) (*btf.Spec, error) {
+	if hc.btfSpecs[rd] != nil {
+		return hc.btfSpecs[rd], nil
+	}
+
+	spec, err := btf.LoadSpecFromReader(rd)
+	if err != nil {
+		return nil, err
+	}
+
+	hc.btfSpecs[rd] = spec
+	return spec, nil
+}
+
+func (hc handleCache) close() {
+	for _, handle := range hc.btfHandles {
+		handle.Close()
+	}
+	hc.btfHandles = nil
+	hc.btfSpecs = nil
+}
+
+func lazyLoadCollection(coll *CollectionSpec, opts *CollectionOptions) (
+	loadMap func(string) (*Map, error),
+	loadProgram func(string) (*Program, error),
+	done func() (map[string]*Map, map[string]*Program),
+	cleanup func(),
+) {
+	var (
+		maps             = make(map[string]*Map)
+		progs            = make(map[string]*Program)
+		handles          = newHandleCache()
+		skipMapsAndProgs = false
+	)
+
+	cleanup = func() {
+		handles.close()
+
+		if skipMapsAndProgs {
+			return
+		}
+
+		for _, m := range maps {
+			m.Close()
+		}
+
+		for _, p := range progs {
+			p.Close()
+		}
+	}
+
+	done = func() (map[string]*Map, map[string]*Program) {
+		skipMapsAndProgs = true
+		return maps, progs
+	}
+
+	loadMap = func(mapName string) (*Map, error) {
+		if m := maps[mapName]; m != nil {
+			return m, nil
+		}
+
+		mapSpec := coll.Maps[mapName]
+		if mapSpec == nil {
+			return nil, fmt.Errorf("missing map %s", mapName)
+		}
+
+		m, err := newMapWithOptions(mapSpec, opts.Maps, handles)
+		if err != nil {
+			return nil, fmt.Errorf("map %s: %w", mapName, err)
+		}
+
+		maps[mapName] = m
+		return m, nil
+	}
+
+	loadProgram = func(progName string) (*Program, error) {
+		if prog := progs[progName]; prog != nil {
+			return prog, nil
+		}
+
+		progSpec := coll.Programs[progName]
+		if progSpec == nil {
+			return nil, fmt.Errorf("unknown program %s", progName)
+		}
+
+		progSpec = progSpec.Copy()
+
+		// Rewrite any reference to a valid map.
+		for i := range progSpec.Instructions {
+			ins := &progSpec.Instructions[i]
+
+			if !ins.IsLoadFromMap() || ins.Reference == "" {
+				continue
+			}
+
+			if uint32(ins.Constant) != math.MaxUint32 {
+				// Don't overwrite maps already rewritten, users can
+				// rewrite programs in the spec themselves
+				continue
+			}
+
+			m, err := loadMap(ins.Reference)
+			if err != nil {
+				return nil, fmt.Errorf("program %s: %w", progName, err)
+			}
+
+			fd := m.FD()
+			if fd < 0 {
+				return nil, fmt.Errorf("map %s: %w", ins.Reference, internal.ErrClosedFd)
+			}
+			if err := ins.RewriteMapPtr(m.FD()); err != nil {
+				return nil, fmt.Errorf("progam %s: map %s: %w", progName, ins.Reference, err)
+			}
+		}
+
+		prog, err := newProgramWithOptions(progSpec, opts.Programs, handles)
+		if err != nil {
+			return nil, fmt.Errorf("program %s: %w", progName, err)
+		}
+
+		progs[progName] = prog
+		return prog, nil
+	}
+
+	return
+}
+
+// LoadCollection parses an object file and converts it to a collection.
+func LoadCollection(file string) (*Collection, error) {
+	spec, err := LoadCollectionSpec(file)
+	if err != nil {
+		return nil, err
+	}
+	return NewCollection(spec)
+}
+
+// Close frees all maps and programs associated with the collection.
+//
+// The collection mustn't be used afterwards.
+func (coll *Collection) Close() {
+	for _, prog := range coll.Programs {
+		prog.Close()
+	}
+	for _, m := range coll.Maps {
+		m.Close()
+	}
+}
+
+// DetachMap removes the named map from the Collection.
+//
+// This means that a later call to Close() will not affect this map.
+//
+// Returns nil if no map of that name exists.
+func (coll *Collection) DetachMap(name string) *Map {
+	m := coll.Maps[name]
+	delete(coll.Maps, name)
+	return m
+}
+
+// DetachProgram removes the named program from the Collection.
+//
+// This means that a later call to Close() will not affect this program.
+//
+// Returns nil if no program of that name exists.
+func (coll *Collection) DetachProgram(name string) *Program {
+	p := coll.Programs[name]
+	delete(coll.Programs, name)
+	return p
+}
+
+// Assign the contents of a collection to a struct.
+//
+// Deprecated: use CollectionSpec.Assign instead. It provides the same
+// functionality but creates only the maps and programs requested.
+func (coll *Collection) Assign(to interface{}) error {
+	assignedMaps := make(map[string]struct{})
+	assignedPrograms := make(map[string]struct{})
+	valueOf := func(typ reflect.Type, name string) (reflect.Value, error) {
+		switch typ {
+		case reflect.TypeOf((*Program)(nil)):
+			p := coll.Programs[name]
+			if p == nil {
+				return reflect.Value{}, fmt.Errorf("missing program %q", name)
+			}
+			assignedPrograms[name] = struct{}{}
+			return reflect.ValueOf(p), nil
+		case reflect.TypeOf((*Map)(nil)):
+			m := coll.Maps[name]
+			if m == nil {
+				return reflect.Value{}, fmt.Errorf("missing map %q", name)
+			}
+			assignedMaps[name] = struct{}{}
+			return reflect.ValueOf(m), nil
+		default:
+			return reflect.Value{}, fmt.Errorf("unsupported type %s", typ)
+		}
+	}
+
+	if err := assignValues(to, valueOf); err != nil {
+		return err
+	}
+
+	for name := range assignedPrograms {
+		coll.DetachProgram(name)
+	}
+
+	for name := range assignedMaps {
+		coll.DetachMap(name)
+	}
+
+	return nil
+}
+
+func assignValues(to interface{}, valueOf func(reflect.Type, string) (reflect.Value, error)) error {
+	type structField struct {
+		reflect.StructField
+		value reflect.Value
+	}
+
+	var (
+		fields        []structField
+		visitedTypes  = make(map[reflect.Type]bool)
+		flattenStruct func(reflect.Value) error
+	)
+
+	flattenStruct = func(structVal reflect.Value) error {
+		structType := structVal.Type()
+		if structType.Kind() != reflect.Struct {
+			return fmt.Errorf("%s is not a struct", structType)
+		}
+
+		if visitedTypes[structType] {
+			return fmt.Errorf("recursion on type %s", structType)
+		}
+
+		for i := 0; i < structType.NumField(); i++ {
+			field := structField{structType.Field(i), structVal.Field(i)}
+
+			name := field.Tag.Get("ebpf")
+			if name != "" {
+				fields = append(fields, field)
+				continue
+			}
+
+			var err error
+			switch field.Type.Kind() {
+			case reflect.Ptr:
+				if field.Type.Elem().Kind() != reflect.Struct {
+					continue
+				}
+
+				if field.value.IsNil() {
+					return fmt.Errorf("nil pointer to %s", structType)
+				}
+
+				err = flattenStruct(field.value.Elem())
+
+			case reflect.Struct:
+				err = flattenStruct(field.value)
+
+			default:
+				continue
+			}
+
+			if err != nil {
+				return fmt.Errorf("field %s: %w", field.Name, err)
+			}
+		}
+
+		return nil
+	}
+
+	toValue := reflect.ValueOf(to)
+	if toValue.Type().Kind() != reflect.Ptr {
+		return fmt.Errorf("%T is not a pointer to struct", to)
+	}
+
+	if toValue.IsNil() {
+		return fmt.Errorf("nil pointer to %T", to)
+	}
+
+	if err := flattenStruct(toValue.Elem()); err != nil {
+		return err
+	}
+
+	type elem struct {
+		// Either *Map or *Program
+		typ  reflect.Type
+		name string
+	}
+
+	assignedTo := make(map[elem]string)
+	for _, field := range fields {
+		name := field.Tag.Get("ebpf")
+		if strings.Contains(name, ",") {
+			return fmt.Errorf("field %s: ebpf tag contains a comma", field.Name)
+		}
+
+		e := elem{field.Type, name}
+		if assignedField := assignedTo[e]; assignedField != "" {
+			return fmt.Errorf("field %s: %q was already assigned to %s", field.Name, name, assignedField)
+		}
+
+		value, err := valueOf(field.Type, name)
+		if err != nil {
+			return fmt.Errorf("field %s: %w", field.Name, err)
+		}
+
+		if !field.value.CanSet() {
+			return fmt.Errorf("field %s: can't set value", field.Name)
+		}
+
+		field.value.Set(value)
+		assignedTo[e] = field.Name
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/cilium/ebpf/doc.go b/vendor/github.com/cilium/ebpf/doc.go
new file mode 100644
index 0000000000000..f7f34da8f44c2
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/doc.go
@@ -0,0 +1,16 @@
+// Package ebpf is a toolkit for working with eBPF programs.
+//
+// eBPF programs are small snippets of code which are executed directly
+// in a VM in the Linux kernel, which makes them very fast and flexible.
+// Many Linux subsystems now accept eBPF programs. This makes it possible
+// to implement highly application specific logic inside the kernel,
+// without having to modify the actual kernel itself.
+//
+// This package is designed for long-running processes which
+// want to use eBPF to implement part of their application logic. It has no
+// run-time dependencies outside of the library and the Linux kernel itself.
+// eBPF code should be compiled ahead of time using clang, and shipped with
+// your application as any other resource.
+//
+// Use the link subpackage to attach a loaded program to a hook in the kernel.
+package ebpf
diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go
new file mode 100644
index 0000000000000..c2afbc36a5a9e
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/elf_reader.go
@@ -0,0 +1,953 @@
+package ebpf
+
+import (
+	"bufio"
+	"bytes"
+	"debug/elf"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"os"
+	"strings"
+
+	"github.com/cilium/ebpf/asm"
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/btf"
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// elfCode is a convenience to reduce the amount of arguments that have to
+// be passed around explicitly. You should treat it's contents as immutable.
+type elfCode struct {
+	*internal.SafeELFFile
+	sections map[elf.SectionIndex]*elfSection
+	license  string
+	version  uint32
+	btf      *btf.Spec
+}
+
+// LoadCollectionSpec parses an ELF file into a CollectionSpec.
+func LoadCollectionSpec(file string) (*CollectionSpec, error) {
+	f, err := os.Open(file)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	spec, err := LoadCollectionSpecFromReader(f)
+	if err != nil {
+		return nil, fmt.Errorf("file %s: %w", file, err)
+	}
+	return spec, nil
+}
+
+// LoadCollectionSpecFromReader parses an ELF file into a CollectionSpec.
+func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) {
+	f, err := internal.NewSafeELFFile(rd)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	var (
+		licenseSection *elf.Section
+		versionSection *elf.Section
+		sections       = make(map[elf.SectionIndex]*elfSection)
+		relSections    = make(map[elf.SectionIndex]*elf.Section)
+	)
+
+	// This is the target of relocations generated by inline assembly.
+	sections[elf.SHN_UNDEF] = newElfSection(new(elf.Section), undefSection)
+
+	// Collect all the sections we're interested in. This includes relocations
+	// which we parse later.
+	for i, sec := range f.Sections {
+		idx := elf.SectionIndex(i)
+
+		switch {
+		case strings.HasPrefix(sec.Name, "license"):
+			licenseSection = sec
+		case strings.HasPrefix(sec.Name, "version"):
+			versionSection = sec
+		case strings.HasPrefix(sec.Name, "maps"):
+			sections[idx] = newElfSection(sec, mapSection)
+		case sec.Name == ".maps":
+			sections[idx] = newElfSection(sec, btfMapSection)
+		case sec.Name == ".bss" || sec.Name == ".data" || strings.HasPrefix(sec.Name, ".rodata"):
+			sections[idx] = newElfSection(sec, dataSection)
+		case sec.Type == elf.SHT_REL:
+			// Store relocations under the section index of the target
+			relSections[elf.SectionIndex(sec.Info)] = sec
+		case sec.Type == elf.SHT_PROGBITS && (sec.Flags&elf.SHF_EXECINSTR) != 0 && sec.Size > 0:
+			sections[idx] = newElfSection(sec, programSection)
+		}
+	}
+
+	license, err := loadLicense(licenseSection)
+	if err != nil {
+		return nil, fmt.Errorf("load license: %w", err)
+	}
+
+	version, err := loadVersion(versionSection, f.ByteOrder)
+	if err != nil {
+		return nil, fmt.Errorf("load version: %w", err)
+	}
+
+	btfSpec, err := btf.LoadSpecFromReader(rd)
+	if err != nil && !errors.Is(err, btf.ErrNotFound) {
+		return nil, fmt.Errorf("load BTF: %w", err)
+	}
+
+	// Assign symbols to all the sections we're interested in.
+	symbols, err := f.Symbols()
+	if err != nil {
+		return nil, fmt.Errorf("load symbols: %v", err)
+	}
+
+	for _, symbol := range symbols {
+		idx := symbol.Section
+		symType := elf.ST_TYPE(symbol.Info)
+
+		section := sections[idx]
+		if section == nil {
+			continue
+		}
+
+		// Older versions of LLVM don't tag symbols correctly, so keep
+		// all NOTYPE ones.
+		keep := symType == elf.STT_NOTYPE
+		switch section.kind {
+		case mapSection, btfMapSection, dataSection:
+			keep = keep || symType == elf.STT_OBJECT
+		case programSection:
+			keep = keep || symType == elf.STT_FUNC
+		}
+		if !keep || symbol.Name == "" {
+			continue
+		}
+
+		section.symbols[symbol.Value] = symbol
+	}
+
+	ec := &elfCode{
+		SafeELFFile: f,
+		sections:    sections,
+		license:     license,
+		version:     version,
+		btf:         btfSpec,
+	}
+
+	// Go through relocation sections, and parse the ones for sections we're
+	// interested in. Make sure that relocations point at valid sections.
+	for idx, relSection := range relSections {
+		section := sections[idx]
+		if section == nil {
+			continue
+		}
+
+		rels, err := ec.loadRelocations(relSection, symbols)
+		if err != nil {
+			return nil, fmt.Errorf("relocation for section %q: %w", section.Name, err)
+		}
+
+		for _, rel := range rels {
+			target := sections[rel.Section]
+			if target == nil {
+				return nil, fmt.Errorf("section %q: reference to %q in section %s: %w", section.Name, rel.Name, rel.Section, ErrNotSupported)
+			}
+
+			if target.Flags&elf.SHF_STRINGS > 0 {
+				return nil, fmt.Errorf("section %q: string is not stack allocated: %w", section.Name, ErrNotSupported)
+			}
+
+			target.references++
+		}
+
+		section.relocations = rels
+	}
+
+	// Collect all the various ways to define maps.
+	maps := make(map[string]*MapSpec)
+	if err := ec.loadMaps(maps); err != nil {
+		return nil, fmt.Errorf("load maps: %w", err)
+	}
+
+	if err := ec.loadBTFMaps(maps); err != nil {
+		return nil, fmt.Errorf("load BTF maps: %w", err)
+	}
+
+	if err := ec.loadDataSections(maps); err != nil {
+		return nil, fmt.Errorf("load data sections: %w", err)
+	}
+
+	// Finally, collect programs and link them.
+	progs, err := ec.loadPrograms()
+	if err != nil {
+		return nil, fmt.Errorf("load programs: %w", err)
+	}
+
+	return &CollectionSpec{maps, progs}, nil
+}
+
+func loadLicense(sec *elf.Section) (string, error) {
+	if sec == nil {
+		return "", nil
+	}
+
+	data, err := sec.Data()
+	if err != nil {
+		return "", fmt.Errorf("section %s: %v", sec.Name, err)
+	}
+	return string(bytes.TrimRight(data, "\000")), nil
+}
+
+func loadVersion(sec *elf.Section, bo binary.ByteOrder) (uint32, error) {
+	if sec == nil {
+		return 0, nil
+	}
+
+	var version uint32
+	if err := binary.Read(sec.Open(), bo, &version); err != nil {
+		return 0, fmt.Errorf("section %s: %v", sec.Name, err)
+	}
+	return version, nil
+}
+
+type elfSectionKind int
+
+const (
+	undefSection elfSectionKind = iota
+	mapSection
+	btfMapSection
+	programSection
+	dataSection
+)
+
+type elfSection struct {
+	*elf.Section
+	kind elfSectionKind
+	// Offset from the start of the section to a symbol
+	symbols map[uint64]elf.Symbol
+	// Offset from the start of the section to a relocation, which points at
+	// a symbol in another section.
+	relocations map[uint64]elf.Symbol
+	// The number of relocations pointing at this section.
+	references int
+}
+
+func newElfSection(section *elf.Section, kind elfSectionKind) *elfSection {
+	return &elfSection{
+		section,
+		kind,
+		make(map[uint64]elf.Symbol),
+		make(map[uint64]elf.Symbol),
+		0,
+	}
+}
+
+func (ec *elfCode) loadPrograms() (map[string]*ProgramSpec, error) {
+	var (
+		progs []*ProgramSpec
+		libs  []*ProgramSpec
+	)
+
+	for _, sec := range ec.sections {
+		if sec.kind != programSection {
+			continue
+		}
+
+		if len(sec.symbols) == 0 {
+			return nil, fmt.Errorf("section %v: missing symbols", sec.Name)
+		}
+
+		funcSym, ok := sec.symbols[0]
+		if !ok {
+			return nil, fmt.Errorf("section %v: no label at start", sec.Name)
+		}
+
+		insns, length, err := ec.loadInstructions(sec)
+		if err != nil {
+			return nil, fmt.Errorf("program %s: %w", funcSym.Name, err)
+		}
+
+		progType, attachType, progFlags, attachTo := getProgType(sec.Name)
+
+		spec := &ProgramSpec{
+			Name:          funcSym.Name,
+			Type:          progType,
+			Flags:         progFlags,
+			AttachType:    attachType,
+			AttachTo:      attachTo,
+			License:       ec.license,
+			KernelVersion: ec.version,
+			Instructions:  insns,
+			ByteOrder:     ec.ByteOrder,
+		}
+
+		if ec.btf != nil {
+			spec.BTF, err = ec.btf.Program(sec.Name, length)
+			if err != nil && !errors.Is(err, btf.ErrNoExtendedInfo) {
+				return nil, fmt.Errorf("program %s: %w", funcSym.Name, err)
+			}
+		}
+
+		if spec.Type == UnspecifiedProgram {
+			// There is no single name we can use for "library" sections,
+			// since they may contain multiple functions. We'll decode the
+			// labels they contain later on, and then link sections that way.
+			libs = append(libs, spec)
+		} else {
+			progs = append(progs, spec)
+		}
+	}
+
+	res := make(map[string]*ProgramSpec, len(progs))
+	for _, prog := range progs {
+		err := link(prog, libs)
+		if err != nil {
+			return nil, fmt.Errorf("program %s: %w", prog.Name, err)
+		}
+		res[prog.Name] = prog
+	}
+
+	return res, nil
+}
+
+func (ec *elfCode) loadInstructions(section *elfSection) (asm.Instructions, uint64, error) {
+	var (
+		r      = bufio.NewReader(section.Open())
+		insns  asm.Instructions
+		offset uint64
+	)
+	for {
+		var ins asm.Instruction
+		n, err := ins.Unmarshal(r, ec.ByteOrder)
+		if err == io.EOF {
+			return insns, offset, nil
+		}
+		if err != nil {
+			return nil, 0, fmt.Errorf("offset %d: %w", offset, err)
+		}
+
+		ins.Symbol = section.symbols[offset].Name
+
+		if rel, ok := section.relocations[offset]; ok {
+			if err = ec.relocateInstruction(&ins, rel); err != nil {
+				return nil, 0, fmt.Errorf("offset %d: relocate instruction: %w", offset, err)
+			}
+		}
+
+		insns = append(insns, ins)
+		offset += n
+	}
+}
+
+func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) error {
+	var (
+		typ  = elf.ST_TYPE(rel.Info)
+		bind = elf.ST_BIND(rel.Info)
+		name = rel.Name
+	)
+
+	target := ec.sections[rel.Section]
+
+	switch target.kind {
+	case mapSection, btfMapSection:
+		if bind != elf.STB_GLOBAL {
+			return fmt.Errorf("possible erroneous static qualifier on map definition: found reference to %q", name)
+		}
+
+		if typ != elf.STT_OBJECT && typ != elf.STT_NOTYPE {
+			// STT_NOTYPE is generated on clang < 8 which doesn't tag
+			// relocations appropriately.
+			return fmt.Errorf("map load: incorrect relocation type %v", typ)
+		}
+
+		ins.Src = asm.PseudoMapFD
+
+		// Mark the instruction as needing an update when creating the
+		// collection.
+		if err := ins.RewriteMapPtr(-1); err != nil {
+			return err
+		}
+
+	case dataSection:
+		var offset uint32
+		switch typ {
+		case elf.STT_SECTION:
+			if bind != elf.STB_LOCAL {
+				return fmt.Errorf("direct load: %s: unsupported relocation %s", name, bind)
+			}
+
+			// This is really a reference to a static symbol, which clang doesn't
+			// emit a symbol table entry for. Instead it encodes the offset in
+			// the instruction itself.
+			offset = uint32(uint64(ins.Constant))
+
+		case elf.STT_OBJECT:
+			if bind != elf.STB_GLOBAL {
+				return fmt.Errorf("direct load: %s: unsupported relocation %s", name, bind)
+			}
+
+			offset = uint32(rel.Value)
+
+		default:
+			return fmt.Errorf("incorrect relocation type %v for direct map load", typ)
+		}
+
+		// We rely on using the name of the data section as the reference. It
+		// would be nicer to keep the real name in case of an STT_OBJECT, but
+		// it's not clear how to encode that into Instruction.
+		name = target.Name
+
+		// The kernel expects the offset in the second basic BPF instruction.
+		ins.Constant = int64(uint64(offset) << 32)
+		ins.Src = asm.PseudoMapValue
+
+		// Mark the instruction as needing an update when creating the
+		// collection.
+		if err := ins.RewriteMapPtr(-1); err != nil {
+			return err
+		}
+
+	case programSection:
+		if ins.OpCode.JumpOp() != asm.Call {
+			return fmt.Errorf("not a call instruction: %s", ins)
+		}
+
+		if ins.Src != asm.PseudoCall {
+			return fmt.Errorf("call: %s: incorrect source register", name)
+		}
+
+		switch typ {
+		case elf.STT_NOTYPE, elf.STT_FUNC:
+			if bind != elf.STB_GLOBAL {
+				return fmt.Errorf("call: %s: unsupported binding: %s", name, bind)
+			}
+
+		case elf.STT_SECTION:
+			if bind != elf.STB_LOCAL {
+				return fmt.Errorf("call: %s: unsupported binding: %s", name, bind)
+			}
+
+			// The function we want to call is in the indicated section,
+			// at the offset encoded in the instruction itself. Reverse
+			// the calculation to find the real function we're looking for.
+			// A value of -1 references the first instruction in the section.
+			offset := int64(int32(ins.Constant)+1) * asm.InstructionSize
+			if offset < 0 {
+				return fmt.Errorf("call: %s: invalid offset %d", name, offset)
+			}
+
+			sym, ok := target.symbols[uint64(offset)]
+			if !ok {
+				return fmt.Errorf("call: %s: no symbol at offset %d", name, offset)
+			}
+
+			ins.Constant = -1
+			name = sym.Name
+
+		default:
+			return fmt.Errorf("call: %s: invalid symbol type %s", name, typ)
+		}
+
+	case undefSection:
+		if bind != elf.STB_GLOBAL {
+			return fmt.Errorf("asm relocation: %s: unsupported binding: %s", name, bind)
+		}
+
+		if typ != elf.STT_NOTYPE {
+			return fmt.Errorf("asm relocation: %s: unsupported type %s", name, typ)
+		}
+
+		// There is nothing to do here but set ins.Reference.
+
+	default:
+		return fmt.Errorf("relocation to %q: %w", target.Name, ErrNotSupported)
+	}
+
+	ins.Reference = name
+	return nil
+}
+
+func (ec *elfCode) loadMaps(maps map[string]*MapSpec) error {
+	for _, sec := range ec.sections {
+		if sec.kind != mapSection {
+			continue
+		}
+
+		nSym := len(sec.symbols)
+		if nSym == 0 {
+			return fmt.Errorf("section %v: no symbols", sec.Name)
+		}
+
+		if sec.Size%uint64(nSym) != 0 {
+			return fmt.Errorf("section %v: map descriptors are not of equal size", sec.Name)
+		}
+
+		var (
+			r    = bufio.NewReader(sec.Open())
+			size = sec.Size / uint64(nSym)
+		)
+		for i, offset := 0, uint64(0); i < nSym; i, offset = i+1, offset+size {
+			mapSym, ok := sec.symbols[offset]
+			if !ok {
+				return fmt.Errorf("section %s: missing symbol for map at offset %d", sec.Name, offset)
+			}
+
+			mapName := mapSym.Name
+			if maps[mapName] != nil {
+				return fmt.Errorf("section %v: map %v already exists", sec.Name, mapSym)
+			}
+
+			lr := io.LimitReader(r, int64(size))
+
+			spec := MapSpec{
+				Name: SanitizeName(mapName, -1),
+			}
+			switch {
+			case binary.Read(lr, ec.ByteOrder, &spec.Type) != nil:
+				return fmt.Errorf("map %s: missing type", mapName)
+			case binary.Read(lr, ec.ByteOrder, &spec.KeySize) != nil:
+				return fmt.Errorf("map %s: missing key size", mapName)
+			case binary.Read(lr, ec.ByteOrder, &spec.ValueSize) != nil:
+				return fmt.Errorf("map %s: missing value size", mapName)
+			case binary.Read(lr, ec.ByteOrder, &spec.MaxEntries) != nil:
+				return fmt.Errorf("map %s: missing max entries", mapName)
+			case binary.Read(lr, ec.ByteOrder, &spec.Flags) != nil:
+				return fmt.Errorf("map %s: missing flags", mapName)
+			}
+
+			if _, err := io.Copy(internal.DiscardZeroes{}, lr); err != nil {
+				return fmt.Errorf("map %s: unknown and non-zero fields in definition", mapName)
+			}
+
+			if err := spec.clampPerfEventArraySize(); err != nil {
+				return fmt.Errorf("map %s: %w", mapName, err)
+			}
+
+			maps[mapName] = &spec
+		}
+	}
+
+	return nil
+}
+
+func (ec *elfCode) loadBTFMaps(maps map[string]*MapSpec) error {
+	for _, sec := range ec.sections {
+		if sec.kind != btfMapSection {
+			continue
+		}
+
+		if ec.btf == nil {
+			return fmt.Errorf("missing BTF")
+		}
+
+		_, err := io.Copy(internal.DiscardZeroes{}, bufio.NewReader(sec.Open()))
+		if err != nil {
+			return fmt.Errorf("section %v: initializing BTF map definitions: %w", sec.Name, internal.ErrNotSupported)
+		}
+
+		var ds btf.Datasec
+		if err := ec.btf.FindType(sec.Name, &ds); err != nil {
+			return fmt.Errorf("cannot find section '%s' in BTF: %w", sec.Name, err)
+		}
+
+		for _, vs := range ds.Vars {
+			v, ok := vs.Type.(*btf.Var)
+			if !ok {
+				return fmt.Errorf("section %v: unexpected type %s", sec.Name, vs.Type)
+			}
+			name := string(v.Name)
+
+			if maps[name] != nil {
+				return fmt.Errorf("section %v: map %s already exists", sec.Name, name)
+			}
+
+			mapStruct, ok := v.Type.(*btf.Struct)
+			if !ok {
+				return fmt.Errorf("expected struct, got %s", v.Type)
+			}
+
+			mapSpec, err := mapSpecFromBTF(name, mapStruct, false, ec.btf)
+			if err != nil {
+				return fmt.Errorf("map %v: %w", name, err)
+			}
+
+			if err := mapSpec.clampPerfEventArraySize(); err != nil {
+				return fmt.Errorf("map %v: %w", name, err)
+			}
+
+			maps[name] = mapSpec
+		}
+	}
+
+	return nil
+}
+
+// mapSpecFromBTF produces a MapSpec based on a btf.Struct def representing
+// a BTF map definition. The name and spec arguments will be copied to the
+// resulting MapSpec, and inner must be true on any resursive invocations.
+func mapSpecFromBTF(name string, def *btf.Struct, inner bool, spec *btf.Spec) (*MapSpec, error) {
+
+	var (
+		key, value                 btf.Type
+		keySize, valueSize         uint32
+		mapType, flags, maxEntries uint32
+		pinType                    PinType
+		innerMapSpec               *MapSpec
+		err                        error
+	)
+
+	for i, member := range def.Members {
+		switch member.Name {
+		case "type":
+			mapType, err = uintFromBTF(member.Type)
+			if err != nil {
+				return nil, fmt.Errorf("can't get type: %w", err)
+			}
+
+		case "map_flags":
+			flags, err = uintFromBTF(member.Type)
+			if err != nil {
+				return nil, fmt.Errorf("can't get BTF map flags: %w", err)
+			}
+
+		case "max_entries":
+			maxEntries, err = uintFromBTF(member.Type)
+			if err != nil {
+				return nil, fmt.Errorf("can't get BTF map max entries: %w", err)
+			}
+
+		case "key":
+			if keySize != 0 {
+				return nil, errors.New("both key and key_size given")
+			}
+
+			pk, ok := member.Type.(*btf.Pointer)
+			if !ok {
+				return nil, fmt.Errorf("key type is not a pointer: %T", member.Type)
+			}
+
+			key = pk.Target
+
+			size, err := btf.Sizeof(pk.Target)
+			if err != nil {
+				return nil, fmt.Errorf("can't get size of BTF key: %w", err)
+			}
+
+			keySize = uint32(size)
+
+		case "value":
+			if valueSize != 0 {
+				return nil, errors.New("both value and value_size given")
+			}
+
+			vk, ok := member.Type.(*btf.Pointer)
+			if !ok {
+				return nil, fmt.Errorf("value type is not a pointer: %T", member.Type)
+			}
+
+			value = vk.Target
+
+			size, err := btf.Sizeof(vk.Target)
+			if err != nil {
+				return nil, fmt.Errorf("can't get size of BTF value: %w", err)
+			}
+
+			valueSize = uint32(size)
+
+		case "key_size":
+			// Key needs to be nil and keySize needs to be 0 for key_size to be
+			// considered a valid member.
+			if key != nil || keySize != 0 {
+				return nil, errors.New("both key and key_size given")
+			}
+
+			keySize, err = uintFromBTF(member.Type)
+			if err != nil {
+				return nil, fmt.Errorf("can't get BTF key size: %w", err)
+			}
+
+		case "value_size":
+			// Value needs to be nil and valueSize needs to be 0 for value_size to be
+			// considered a valid member.
+			if value != nil || valueSize != 0 {
+				return nil, errors.New("both value and value_size given")
+			}
+
+			valueSize, err = uintFromBTF(member.Type)
+			if err != nil {
+				return nil, fmt.Errorf("can't get BTF value size: %w", err)
+			}
+
+		case "pinning":
+			if inner {
+				return nil, errors.New("inner maps can't be pinned")
+			}
+
+			pinning, err := uintFromBTF(member.Type)
+			if err != nil {
+				return nil, fmt.Errorf("can't get pinning: %w", err)
+			}
+
+			pinType = PinType(pinning)
+
+		case "values":
+			// The 'values' field in BTF map definitions is used for declaring map
+			// value types that are references to other BPF objects, like other maps
+			// or programs. It is always expected to be an array of pointers.
+			if i != len(def.Members)-1 {
+				return nil, errors.New("'values' must be the last member in a BTF map definition")
+			}
+
+			if valueSize != 0 && valueSize != 4 {
+				return nil, errors.New("value_size must be 0 or 4")
+			}
+			valueSize = 4
+
+			valueType, err := resolveBTFArrayMacro(member.Type)
+			if err != nil {
+				return nil, fmt.Errorf("can't resolve type of member 'values': %w", err)
+			}
+
+			switch t := valueType.(type) {
+			case *btf.Struct:
+				// The values member pointing to an array of structs means we're expecting
+				// a map-in-map declaration.
+				if MapType(mapType) != ArrayOfMaps && MapType(mapType) != HashOfMaps {
+					return nil, errors.New("outer map needs to be an array or a hash of maps")
+				}
+				if inner {
+					return nil, fmt.Errorf("nested inner maps are not supported")
+				}
+
+				// This inner map spec is used as a map template, but it needs to be
+				// created as a traditional map before it can be used to do so.
+				// libbpf names the inner map template '<outer_name>.inner', but we
+				// opted for _inner to simplify validation logic. (dots only supported
+				// on kernels 5.2 and up)
+				// Pass the BTF spec from the parent object, since both parent and
+				// child must be created from the same BTF blob (on kernels that support BTF).
+				innerMapSpec, err = mapSpecFromBTF(name+"_inner", t, true, spec)
+				if err != nil {
+					return nil, fmt.Errorf("can't parse BTF map definition of inner map: %w", err)
+				}
+
+			default:
+				return nil, fmt.Errorf("unsupported value type %q in 'values' field", t)
+			}
+
+		default:
+			return nil, fmt.Errorf("unrecognized field %s in BTF map definition", member.Name)
+		}
+	}
+
+	bm := btf.NewMap(spec, key, value)
+
+	return &MapSpec{
+		Name:       SanitizeName(name, -1),
+		Type:       MapType(mapType),
+		KeySize:    keySize,
+		ValueSize:  valueSize,
+		MaxEntries: maxEntries,
+		Flags:      flags,
+		BTF:        &bm,
+		Pinning:    pinType,
+		InnerMap:   innerMapSpec,
+	}, nil
+}
+
+// uintFromBTF resolves the __uint macro, which is a pointer to a sized
+// array, e.g. for int (*foo)[10], this function will return 10.
+func uintFromBTF(typ btf.Type) (uint32, error) {
+	ptr, ok := typ.(*btf.Pointer)
+	if !ok {
+		return 0, fmt.Errorf("not a pointer: %v", typ)
+	}
+
+	arr, ok := ptr.Target.(*btf.Array)
+	if !ok {
+		return 0, fmt.Errorf("not a pointer to array: %v", typ)
+	}
+
+	return arr.Nelems, nil
+}
+
+// resolveBTFArrayMacro resolves the __array macro, which declares an array
+// of pointers to a given type. This function returns the target Type of
+// the pointers in the array.
+func resolveBTFArrayMacro(typ btf.Type) (btf.Type, error) {
+	arr, ok := typ.(*btf.Array)
+	if !ok {
+		return nil, fmt.Errorf("not an array: %v", typ)
+	}
+
+	ptr, ok := arr.Type.(*btf.Pointer)
+	if !ok {
+		return nil, fmt.Errorf("not an array of pointers: %v", typ)
+	}
+
+	return ptr.Target, nil
+}
+
+func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error {
+	for _, sec := range ec.sections {
+		if sec.kind != dataSection {
+			continue
+		}
+
+		if sec.references == 0 {
+			// Prune data sections which are not referenced by any
+			// instructions.
+			continue
+		}
+
+		if ec.btf == nil {
+			return errors.New("data sections require BTF, make sure all consts are marked as static")
+		}
+
+		btfMap, err := ec.btf.Datasec(sec.Name)
+		if err != nil {
+			return err
+		}
+
+		data, err := sec.Data()
+		if err != nil {
+			return fmt.Errorf("data section %s: can't get contents: %w", sec.Name, err)
+		}
+
+		if uint64(len(data)) > math.MaxUint32 {
+			return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name)
+		}
+
+		mapSpec := &MapSpec{
+			Name:       SanitizeName(sec.Name, -1),
+			Type:       Array,
+			KeySize:    4,
+			ValueSize:  uint32(len(data)),
+			MaxEntries: 1,
+			Contents:   []MapKV{{uint32(0), data}},
+			BTF:        btfMap,
+		}
+
+		switch sec.Name {
+		case ".rodata":
+			mapSpec.Flags = unix.BPF_F_RDONLY_PROG
+			mapSpec.Freeze = true
+		case ".bss":
+			// The kernel already zero-initializes the map
+			mapSpec.Contents = nil
+		}
+
+		maps[sec.Name] = mapSpec
+	}
+	return nil
+}
+
+func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) {
+	types := map[string]struct {
+		progType   ProgramType
+		attachType AttachType
+		progFlags  uint32
+	}{
+		// From https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/libbpf.c
+		"socket":                {SocketFilter, AttachNone, 0},
+		"seccomp":               {SocketFilter, AttachNone, 0},
+		"kprobe/":               {Kprobe, AttachNone, 0},
+		"uprobe/":               {Kprobe, AttachNone, 0},
+		"kretprobe/":            {Kprobe, AttachNone, 0},
+		"uretprobe/":            {Kprobe, AttachNone, 0},
+		"tracepoint/":           {TracePoint, AttachNone, 0},
+		"raw_tracepoint/":       {RawTracepoint, AttachNone, 0},
+		"raw_tp/":               {RawTracepoint, AttachNone, 0},
+		"tp_btf/":               {Tracing, AttachTraceRawTp, 0},
+		"xdp":                   {XDP, AttachNone, 0},
+		"perf_event":            {PerfEvent, AttachNone, 0},
+		"lwt_in":                {LWTIn, AttachNone, 0},
+		"lwt_out":               {LWTOut, AttachNone, 0},
+		"lwt_xmit":              {LWTXmit, AttachNone, 0},
+		"lwt_seg6local":         {LWTSeg6Local, AttachNone, 0},
+		"sockops":               {SockOps, AttachCGroupSockOps, 0},
+		"sk_skb/stream_parser":  {SkSKB, AttachSkSKBStreamParser, 0},
+		"sk_skb/stream_verdict": {SkSKB, AttachSkSKBStreamParser, 0},
+		"sk_msg":                {SkMsg, AttachSkSKBStreamVerdict, 0},
+		"lirc_mode2":            {LircMode2, AttachLircMode2, 0},
+		"flow_dissector":        {FlowDissector, AttachFlowDissector, 0},
+		"iter/":                 {Tracing, AttachTraceIter, 0},
+		"fentry/":               {Tracing, AttachTraceFEntry, 0},
+		"fmod_ret/":             {Tracing, AttachModifyReturn, 0},
+		"fexit/":                {Tracing, AttachTraceFExit, 0},
+		"fentry.s/":             {Tracing, AttachTraceFEntry, unix.BPF_F_SLEEPABLE},
+		"fmod_ret.s/":           {Tracing, AttachModifyReturn, unix.BPF_F_SLEEPABLE},
+		"fexit.s/":              {Tracing, AttachTraceFExit, unix.BPF_F_SLEEPABLE},
+		"sk_lookup/":            {SkLookup, AttachSkLookup, 0},
+		"lsm/":                  {LSM, AttachLSMMac, 0},
+		"lsm.s/":                {LSM, AttachLSMMac, unix.BPF_F_SLEEPABLE},
+
+		"cgroup_skb/ingress": {CGroupSKB, AttachCGroupInetIngress, 0},
+		"cgroup_skb/egress":  {CGroupSKB, AttachCGroupInetEgress, 0},
+		"cgroup/dev":         {CGroupDevice, AttachCGroupDevice, 0},
+		"cgroup/skb":         {CGroupSKB, AttachNone, 0},
+		"cgroup/sock":        {CGroupSock, AttachCGroupInetSockCreate, 0},
+		"cgroup/post_bind4":  {CGroupSock, AttachCGroupInet4PostBind, 0},
+		"cgroup/post_bind6":  {CGroupSock, AttachCGroupInet6PostBind, 0},
+		"cgroup/bind4":       {CGroupSockAddr, AttachCGroupInet4Bind, 0},
+		"cgroup/bind6":       {CGroupSockAddr, AttachCGroupInet6Bind, 0},
+		"cgroup/connect4":    {CGroupSockAddr, AttachCGroupInet4Connect, 0},
+		"cgroup/connect6":    {CGroupSockAddr, AttachCGroupInet6Connect, 0},
+		"cgroup/sendmsg4":    {CGroupSockAddr, AttachCGroupUDP4Sendmsg, 0},
+		"cgroup/sendmsg6":    {CGroupSockAddr, AttachCGroupUDP6Sendmsg, 0},
+		"cgroup/recvmsg4":    {CGroupSockAddr, AttachCGroupUDP4Recvmsg, 0},
+		"cgroup/recvmsg6":    {CGroupSockAddr, AttachCGroupUDP6Recvmsg, 0},
+		"cgroup/sysctl":      {CGroupSysctl, AttachCGroupSysctl, 0},
+		"cgroup/getsockopt":  {CGroupSockopt, AttachCGroupGetsockopt, 0},
+		"cgroup/setsockopt":  {CGroupSockopt, AttachCGroupSetsockopt, 0},
+		"classifier":         {SchedCLS, AttachNone, 0},
+		"action":             {SchedACT, AttachNone, 0},
+	}
+
+	for prefix, t := range types {
+		if !strings.HasPrefix(sectionName, prefix) {
+			continue
+		}
+
+		if !strings.HasSuffix(prefix, "/") {
+			return t.progType, t.attachType, t.progFlags, ""
+		}
+
+		return t.progType, t.attachType, t.progFlags, sectionName[len(prefix):]
+	}
+
+	return UnspecifiedProgram, AttachNone, 0, ""
+}
+
+func (ec *elfCode) loadRelocations(sec *elf.Section, symbols []elf.Symbol) (map[uint64]elf.Symbol, error) {
+	rels := make(map[uint64]elf.Symbol)
+
+	if sec.Entsize < 16 {
+		return nil, fmt.Errorf("section %s: relocations are less than 16 bytes", sec.Name)
+	}
+
+	r := bufio.NewReader(sec.Open())
+	for off := uint64(0); off < sec.Size; off += sec.Entsize {
+		ent := io.LimitReader(r, int64(sec.Entsize))
+
+		var rel elf.Rel64
+		if binary.Read(ent, ec.ByteOrder, &rel) != nil {
+			return nil, fmt.Errorf("can't parse relocation at offset %v", off)
+		}
+
+		symNo := int(elf.R_SYM64(rel.Info) - 1)
+		if symNo >= len(symbols) {
+			return nil, fmt.Errorf("offset %d: symbol %d doesn't exist", off, symNo)
+		}
+
+		symbol := symbols[symNo]
+		rels[rel.Off] = symbol
+	}
+
+	return rels, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/elf_reader_fuzz.go b/vendor/github.com/cilium/ebpf/elf_reader_fuzz.go
new file mode 100644
index 0000000000000..d46d135f2fcd1
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/elf_reader_fuzz.go
@@ -0,0 +1,21 @@
+// +build gofuzz
+
+// Use with https://github.com/dvyukov/go-fuzz
+
+package ebpf
+
+import "bytes"
+
+func FuzzLoadCollectionSpec(data []byte) int {
+	spec, err := LoadCollectionSpecFromReader(bytes.NewReader(data))
+	if err != nil {
+		if spec != nil {
+			panic("spec is not nil")
+		}
+		return 0
+	}
+	if spec == nil {
+		panic("spec is nil")
+	}
+	return 1
+}
diff --git a/vendor/github.com/cilium/ebpf/examples/README.md b/vendor/github.com/cilium/ebpf/examples/README.md
new file mode 100644
index 0000000000000..1765e3ce2e8d9
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/examples/README.md
@@ -0,0 +1,13 @@
+# eBPF Examples
+
+- [kprobe](kprobe/) - Attach a program to the entry or exit of an arbitrary kernel symbol (function).
+- [uretprobe](uretprobe/) - Like a kprobe, but for symbols in userspace binaries (e.g. `bash`).
+- [tracepoint](tracepoint/) - Attach a program to predetermined kernel tracepoints.
+- Add your use case(s) here!
+
+## How to run
+
+```bash
+cd ebpf/examples/
+go run -exec sudo [./kprobe, ./uretprobe, ./tracepoint, ...]
+```
diff --git a/vendor/github.com/cilium/ebpf/examples/go.mod b/vendor/github.com/cilium/ebpf/examples/go.mod
new file mode 100644
index 0000000000000..6722dfd3c4ff5
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/examples/go.mod
@@ -0,0 +1,8 @@
+module github.com/cilium/ebpf/examples
+
+go 1.15
+
+require (
+	github.com/cilium/ebpf v0.6.1-0.20210610105443-1e7f01c7124c
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+)
diff --git a/vendor/github.com/cilium/ebpf/examples/headers/bpf_helper_defs.h b/vendor/github.com/cilium/ebpf/examples/headers/bpf_helper_defs.h
new file mode 100644
index 0000000000000..5ac02ece119eb
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/examples/headers/bpf_helper_defs.h
@@ -0,0 +1,3265 @@
+/* This is auto-generated file. See bpf_helpers_doc.py for details. */
+
+/* Forward declarations of BPF structs */
+struct bpf_fib_lookup;
+struct bpf_sk_lookup;
+struct bpf_perf_event_data;
+struct bpf_perf_event_value;
+struct bpf_pidns_info;
+struct bpf_sock;
+struct bpf_sock_addr;
+struct bpf_sock_ops;
+struct bpf_sock_tuple;
+struct bpf_spin_lock;
+struct bpf_sysctl;
+struct bpf_tcp_sock;
+struct bpf_tunnel_key;
+struct bpf_xfrm_state;
+struct pt_regs;
+struct sk_reuseport_md;
+struct sockaddr;
+struct tcphdr;
+struct seq_file;
+struct tcp6_sock;
+struct tcp_sock;
+struct tcp_timewait_sock;
+struct tcp_request_sock;
+struct udp6_sock;
+struct task_struct;
+struct __sk_buff;
+struct sk_msg_md;
+struct xdp_md;
+
+/*
+ * bpf_map_lookup_elem
+ *
+ * 	Perform a lookup in *map* for an entry associated to *key*.
+ *
+ * Returns
+ * 	Map value associated to *key*, or **NULL** if no entry was
+ * 	found.
+ */
+static void *(*bpf_map_lookup_elem)(void *map, const void *key) = (void *) 1;
+
+/*
+ * bpf_map_update_elem
+ *
+ * 	Add or update the value of the entry associated to *key* in
+ * 	*map* with *value*. *flags* is one of:
+ *
+ * 	**BPF_NOEXIST**
+ * 		The entry for *key* must not exist in the map.
+ * 	**BPF_EXIST**
+ * 		The entry for *key* must already exist in the map.
+ * 	**BPF_ANY**
+ * 		No condition on the existence of the entry for *key*.
+ *
+ * 	Flag value **BPF_NOEXIST** cannot be used for maps of types
+ * 	**BPF_MAP_TYPE_ARRAY** or **BPF_MAP_TYPE_PERCPU_ARRAY**  (all
+ * 	elements always exist), the helper would return an error.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_map_update_elem)(void *map, const void *key, const void *value, __u64 flags) = (void *) 2;
+
+/*
+ * bpf_map_delete_elem
+ *
+ * 	Delete entry with *key* from *map*.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_map_delete_elem)(void *map, const void *key) = (void *) 3;
+
+/*
+ * bpf_probe_read
+ *
+ * 	For tracing programs, safely attempt to read *size* bytes from
+ * 	kernel space address *unsafe_ptr* and store the data in *dst*.
+ *
+ * 	Generally, use **bpf_probe_read_user**\ () or
+ * 	**bpf_probe_read_kernel**\ () instead.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_probe_read)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 4;
+
+/*
+ * bpf_ktime_get_ns
+ *
+ * 	Return the time elapsed since system boot, in nanoseconds.
+ * 	Does not include time the system was suspended.
+ * 	See: **clock_gettime**\ (**CLOCK_MONOTONIC**)
+ *
+ * Returns
+ * 	Current *ktime*.
+ */
+static __u64 (*bpf_ktime_get_ns)(void) = (void *) 5;
+
+/*
+ * bpf_trace_printk
+ *
+ * 	This helper is a "printk()-like" facility for debugging. It
+ * 	prints a message defined by format *fmt* (of size *fmt_size*)
+ * 	to file *\/sys/kernel/debug/tracing/trace* from DebugFS, if
+ * 	available. It can take up to three additional **u64**
+ * 	arguments (as an eBPF helpers, the total number of arguments is
+ * 	limited to five).
+ *
+ * 	Each time the helper is called, it appends a line to the trace.
+ * 	Lines are discarded while *\/sys/kernel/debug/tracing/trace* is
+ * 	open, use *\/sys/kernel/debug/tracing/trace_pipe* to avoid this.
+ * 	The format of the trace is customizable, and the exact output
+ * 	one will get depends on the options set in
+ * 	*\/sys/kernel/debug/tracing/trace_options* (see also the
+ * 	*README* file under the same directory). However, it usually
+ * 	defaults to something like:
+ *
+ * 	::
+ *
+ * 		telnet-470   [001] .N.. 419421.045894: 0x00000001: <formatted msg>
+ *
+ * 	In the above:
+ *
+ * 		* ``telnet`` is the name of the current task.
+ * 		* ``470`` is the PID of the current task.
+ * 		* ``001`` is the CPU number on which the task is
+ * 		  running.
+ * 		* In ``.N..``, each character refers to a set of
+ * 		  options (whether irqs are enabled, scheduling
+ * 		  options, whether hard/softirqs are running, level of
+ * 		  preempt_disabled respectively). **N** means that
+ * 		  **TIF_NEED_RESCHED** and **PREEMPT_NEED_RESCHED**
+ * 		  are set.
+ * 		* ``419421.045894`` is a timestamp.
+ * 		* ``0x00000001`` is a fake value used by BPF for the
+ * 		  instruction pointer register.
+ * 		* ``<formatted msg>`` is the message formatted with
+ * 		  *fmt*.
+ *
+ * 	The conversion specifiers supported by *fmt* are similar, but
+ * 	more limited than for printk(). They are **%d**, **%i**,
+ * 	**%u**, **%x**, **%ld**, **%li**, **%lu**, **%lx**, **%lld**,
+ * 	**%lli**, **%llu**, **%llx**, **%p**, **%s**. No modifier (size
+ * 	of field, padding with zeroes, etc.) is available, and the
+ * 	helper will return **-EINVAL** (but print nothing) if it
+ * 	encounters an unknown specifier.
+ *
+ * 	Also, note that **bpf_trace_printk**\ () is slow, and should
+ * 	only be used for debugging purposes. For this reason, a notice
+ * 	bloc (spanning several lines) is printed to kernel logs and
+ * 	states that the helper should not be used "for production use"
+ * 	the first time this helper is used (or more precisely, when
+ * 	**trace_printk**\ () buffers are allocated). For passing values
+ * 	to user space, perf events should be preferred.
+ *
+ * Returns
+ * 	The number of bytes written to the buffer, or a negative error
+ * 	in case of failure.
+ */
+static long (*bpf_trace_printk)(const char *fmt, __u32 fmt_size, ...) = (void *) 6;
+
+/*
+ * bpf_get_prandom_u32
+ *
+ * 	Get a pseudo-random number.
+ *
+ * 	From a security point of view, this helper uses its own
+ * 	pseudo-random internal state, and cannot be used to infer the
+ * 	seed of other random functions in the kernel. However, it is
+ * 	essential to note that the generator used by the helper is not
+ * 	cryptographically secure.
+ *
+ * Returns
+ * 	A random 32-bit unsigned value.
+ */
+static __u32 (*bpf_get_prandom_u32)(void) = (void *) 7;
+
+/*
+ * bpf_get_smp_processor_id
+ *
+ * 	Get the SMP (symmetric multiprocessing) processor id. Note that
+ * 	all programs run with preemption disabled, which means that the
+ * 	SMP processor id is stable during all the execution of the
+ * 	program.
+ *
+ * Returns
+ * 	The SMP id of the processor running the program.
+ */
+static __u32 (*bpf_get_smp_processor_id)(void) = (void *) 8;
+
+/*
+ * bpf_skb_store_bytes
+ *
+ * 	Store *len* bytes from address *from* into the packet
+ * 	associated to *skb*, at *offset*. *flags* are a combination of
+ * 	**BPF_F_RECOMPUTE_CSUM** (automatically recompute the
+ * 	checksum for the packet after storing the bytes) and
+ * 	**BPF_F_INVALIDATE_HASH** (set *skb*\ **->hash**, *skb*\
+ * 	**->swhash** and *skb*\ **->l4hash** to 0).
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_store_bytes)(struct __sk_buff *skb, __u32 offset, const void *from, __u32 len, __u64 flags) = (void *) 9;
+
+/*
+ * bpf_l3_csum_replace
+ *
+ * 	Recompute the layer 3 (e.g. IP) checksum for the packet
+ * 	associated to *skb*. Computation is incremental, so the helper
+ * 	must know the former value of the header field that was
+ * 	modified (*from*), the new value of this field (*to*), and the
+ * 	number of bytes (2 or 4) for this field, stored in *size*.
+ * 	Alternatively, it is possible to store the difference between
+ * 	the previous and the new values of the header field in *to*, by
+ * 	setting *from* and *size* to 0. For both methods, *offset*
+ * 	indicates the location of the IP checksum within the packet.
+ *
+ * 	This helper works in combination with **bpf_csum_diff**\ (),
+ * 	which does not update the checksum in-place, but offers more
+ * 	flexibility and can handle sizes larger than 2 or 4 for the
+ * 	checksum to update.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10;
+
+/*
+ * bpf_l4_csum_replace
+ *
+ * 	Recompute the layer 4 (e.g. TCP, UDP or ICMP) checksum for the
+ * 	packet associated to *skb*. Computation is incremental, so the
+ * 	helper must know the former value of the header field that was
+ * 	modified (*from*), the new value of this field (*to*), and the
+ * 	number of bytes (2 or 4) for this field, stored on the lowest
+ * 	four bits of *flags*. Alternatively, it is possible to store
+ * 	the difference between the previous and the new values of the
+ * 	header field in *to*, by setting *from* and the four lowest
+ * 	bits of *flags* to 0. For both methods, *offset* indicates the
+ * 	location of the IP checksum within the packet. In addition to
+ * 	the size of the field, *flags* can be added (bitwise OR) actual
+ * 	flags. With **BPF_F_MARK_MANGLED_0**, a null checksum is left
+ * 	untouched (unless **BPF_F_MARK_ENFORCE** is added as well), and
+ * 	for updates resulting in a null checksum the value is set to
+ * 	**CSUM_MANGLED_0** instead. Flag **BPF_F_PSEUDO_HDR** indicates
+ * 	the checksum is to be computed against a pseudo-header.
+ *
+ * 	This helper works in combination with **bpf_csum_diff**\ (),
+ * 	which does not update the checksum in-place, but offers more
+ * 	flexibility and can handle sizes larger than 2 or 4 for the
+ * 	checksum to update.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11;
+
+/*
+ * bpf_tail_call
+ *
+ * 	This special helper is used to trigger a "tail call", or in
+ * 	other words, to jump into another eBPF program. The same stack
+ * 	frame is used (but values on stack and in registers for the
+ * 	caller are not accessible to the callee). This mechanism allows
+ * 	for program chaining, either for raising the maximum number of
+ * 	available eBPF instructions, or to execute given programs in
+ * 	conditional blocks. For security reasons, there is an upper
+ * 	limit to the number of successive tail calls that can be
+ * 	performed.
+ *
+ * 	Upon call of this helper, the program attempts to jump into a
+ * 	program referenced at index *index* in *prog_array_map*, a
+ * 	special map of type **BPF_MAP_TYPE_PROG_ARRAY**, and passes
+ * 	*ctx*, a pointer to the context.
+ *
+ * 	If the call succeeds, the kernel immediately runs the first
+ * 	instruction of the new program. This is not a function call,
+ * 	and it never returns to the previous program. If the call
+ * 	fails, then the helper has no effect, and the caller continues
+ * 	to run its subsequent instructions. A call can fail if the
+ * 	destination program for the jump does not exist (i.e. *index*
+ * 	is superior to the number of entries in *prog_array_map*), or
+ * 	if the maximum number of tail calls has been reached for this
+ * 	chain of programs. This limit is defined in the kernel by the
+ * 	macro **MAX_TAIL_CALL_CNT** (not accessible to user space),
+ * 	which is currently set to 32.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_tail_call)(void *ctx, void *prog_array_map, __u32 index) = (void *) 12;
+
+/*
+ * bpf_clone_redirect
+ *
+ * 	Clone and redirect the packet associated to *skb* to another
+ * 	net device of index *ifindex*. Both ingress and egress
+ * 	interfaces can be used for redirection. The **BPF_F_INGRESS**
+ * 	value in *flags* is used to make the distinction (ingress path
+ * 	is selected if the flag is present, egress path otherwise).
+ * 	This is the only flag supported for now.
+ *
+ * 	In comparison with **bpf_redirect**\ () helper,
+ * 	**bpf_clone_redirect**\ () has the associated cost of
+ * 	duplicating the packet buffer, but this can be executed out of
+ * 	the eBPF program. Conversely, **bpf_redirect**\ () is more
+ * 	efficient, but it is handled through an action code where the
+ * 	redirection happens only after the eBPF program has returned.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_clone_redirect)(struct __sk_buff *skb, __u32 ifindex, __u64 flags) = (void *) 13;
+
+/*
+ * bpf_get_current_pid_tgid
+ *
+ *
+ * Returns
+ * 	A 64-bit integer containing the current tgid and pid, and
+ * 	created as such:
+ * 	*current_task*\ **->tgid << 32 \|**
+ * 	*current_task*\ **->pid**.
+ */
+static __u64 (*bpf_get_current_pid_tgid)(void) = (void *) 14;
+
+/*
+ * bpf_get_current_uid_gid
+ *
+ *
+ * Returns
+ * 	A 64-bit integer containing the current GID and UID, and
+ * 	created as such: *current_gid* **<< 32 \|** *current_uid*.
+ */
+static __u64 (*bpf_get_current_uid_gid)(void) = (void *) 15;
+
+/*
+ * bpf_get_current_comm
+ *
+ * 	Copy the **comm** attribute of the current task into *buf* of
+ * 	*size_of_buf*. The **comm** attribute contains the name of
+ * 	the executable (excluding the path) for the current task. The
+ * 	*size_of_buf* must be strictly positive. On success, the
+ * 	helper makes sure that the *buf* is NUL-terminated. On failure,
+ * 	it is filled with zeroes.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_get_current_comm)(void *buf, __u32 size_of_buf) = (void *) 16;
+
+/*
+ * bpf_get_cgroup_classid
+ *
+ * 	Retrieve the classid for the current task, i.e. for the net_cls
+ * 	cgroup to which *skb* belongs.
+ *
+ * 	This helper can be used on TC egress path, but not on ingress.
+ *
+ * 	The net_cls cgroup provides an interface to tag network packets
+ * 	based on a user-provided identifier for all traffic coming from
+ * 	the tasks belonging to the related cgroup. See also the related
+ * 	kernel documentation, available from the Linux sources in file
+ * 	*Documentation/admin-guide/cgroup-v1/net_cls.rst*.
+ *
+ * 	The Linux kernel has two versions for cgroups: there are
+ * 	cgroups v1 and cgroups v2. Both are available to users, who can
+ * 	use a mixture of them, but note that the net_cls cgroup is for
+ * 	cgroup v1 only. This makes it incompatible with BPF programs
+ * 	run on cgroups, which is a cgroup-v2-only feature (a socket can
+ * 	only hold data for one version of cgroups at a time).
+ *
+ * 	This helper is only available is the kernel was compiled with
+ * 	the **CONFIG_CGROUP_NET_CLASSID** configuration option set to
+ * 	"**y**" or to "**m**".
+ *
+ * Returns
+ * 	The classid, or 0 for the default unconfigured classid.
+ */
+static __u32 (*bpf_get_cgroup_classid)(struct __sk_buff *skb) = (void *) 17;
+
+/*
+ * bpf_skb_vlan_push
+ *
+ * 	Push a *vlan_tci* (VLAN tag control information) of protocol
+ * 	*vlan_proto* to the packet associated to *skb*, then update
+ * 	the checksum. Note that if *vlan_proto* is different from
+ * 	**ETH_P_8021Q** and **ETH_P_8021AD**, it is considered to
+ * 	be **ETH_P_8021Q**.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_vlan_push)(struct __sk_buff *skb, __be16 vlan_proto, __u16 vlan_tci) = (void *) 18;
+
+/*
+ * bpf_skb_vlan_pop
+ *
+ * 	Pop a VLAN header from the packet associated to *skb*.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_vlan_pop)(struct __sk_buff *skb) = (void *) 19;
+
+/*
+ * bpf_skb_get_tunnel_key
+ *
+ * 	Get tunnel metadata. This helper takes a pointer *key* to an
+ * 	empty **struct bpf_tunnel_key** of **size**, that will be
+ * 	filled with tunnel metadata for the packet associated to *skb*.
+ * 	The *flags* can be set to **BPF_F_TUNINFO_IPV6**, which
+ * 	indicates that the tunnel is based on IPv6 protocol instead of
+ * 	IPv4.
+ *
+ * 	The **struct bpf_tunnel_key** is an object that generalizes the
+ * 	principal parameters used by various tunneling protocols into a
+ * 	single struct. This way, it can be used to easily make a
+ * 	decision based on the contents of the encapsulation header,
+ * 	"summarized" in this struct. In particular, it holds the IP
+ * 	address of the remote end (IPv4 or IPv6, depending on the case)
+ * 	in *key*\ **->remote_ipv4** or *key*\ **->remote_ipv6**. Also,
+ * 	this struct exposes the *key*\ **->tunnel_id**, which is
+ * 	generally mapped to a VNI (Virtual Network Identifier), making
+ * 	it programmable together with the **bpf_skb_set_tunnel_key**\
+ * 	() helper.
+ *
+ * 	Let's imagine that the following code is part of a program
+ * 	attached to the TC ingress interface, on one end of a GRE
+ * 	tunnel, and is supposed to filter out all messages coming from
+ * 	remote ends with IPv4 address other than 10.0.0.1:
+ *
+ * 	::
+ *
+ * 		int ret;
+ * 		struct bpf_tunnel_key key = {};
+ * 		
+ * 		ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
+ * 		if (ret < 0)
+ * 			return TC_ACT_SHOT;	// drop packet
+ * 		
+ * 		if (key.remote_ipv4 != 0x0a000001)
+ * 			return TC_ACT_SHOT;	// drop packet
+ * 		
+ * 		return TC_ACT_OK;		// accept packet
+ *
+ * 	This interface can also be used with all encapsulation devices
+ * 	that can operate in "collect metadata" mode: instead of having
+ * 	one network device per specific configuration, the "collect
+ * 	metadata" mode only requires a single device where the
+ * 	configuration can be extracted from this helper.
+ *
+ * 	This can be used together with various tunnels such as VXLan,
+ * 	Geneve, GRE or IP in IP (IPIP).
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_get_tunnel_key)(struct __sk_buff *skb, struct bpf_tunnel_key *key, __u32 size, __u64 flags) = (void *) 20;
+
+/*
+ * bpf_skb_set_tunnel_key
+ *
+ * 	Populate tunnel metadata for packet associated to *skb.* The
+ * 	tunnel metadata is set to the contents of *key*, of *size*. The
+ * 	*flags* can be set to a combination of the following values:
+ *
+ * 	**BPF_F_TUNINFO_IPV6**
+ * 		Indicate that the tunnel is based on IPv6 protocol
+ * 		instead of IPv4.
+ * 	**BPF_F_ZERO_CSUM_TX**
+ * 		For IPv4 packets, add a flag to tunnel metadata
+ * 		indicating that checksum computation should be skipped
+ * 		and checksum set to zeroes.
+ * 	**BPF_F_DONT_FRAGMENT**
+ * 		Add a flag to tunnel metadata indicating that the
+ * 		packet should not be fragmented.
+ * 	**BPF_F_SEQ_NUMBER**
+ * 		Add a flag to tunnel metadata indicating that a
+ * 		sequence number should be added to tunnel header before
+ * 		sending the packet. This flag was added for GRE
+ * 		encapsulation, but might be used with other protocols
+ * 		as well in the future.
+ *
+ * 	Here is a typical usage on the transmit path:
+ *
+ * 	::
+ *
+ * 		struct bpf_tunnel_key key;
+ * 		     populate key ...
+ * 		bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0);
+ * 		bpf_clone_redirect(skb, vxlan_dev_ifindex, 0);
+ *
+ * 	See also the description of the **bpf_skb_get_tunnel_key**\ ()
+ * 	helper for additional information.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_set_tunnel_key)(struct __sk_buff *skb, struct bpf_tunnel_key *key, __u32 size, __u64 flags) = (void *) 21;
+
+/*
+ * bpf_perf_event_read
+ *
+ * 	Read the value of a perf event counter. This helper relies on a
+ * 	*map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. The nature of
+ * 	the perf event counter is selected when *map* is updated with
+ * 	perf event file descriptors. The *map* is an array whose size
+ * 	is the number of available CPUs, and each cell contains a value
+ * 	relative to one CPU. The value to retrieve is indicated by
+ * 	*flags*, that contains the index of the CPU to look up, masked
+ * 	with **BPF_F_INDEX_MASK**. Alternatively, *flags* can be set to
+ * 	**BPF_F_CURRENT_CPU** to indicate that the value for the
+ * 	current CPU should be retrieved.
+ *
+ * 	Note that before Linux 4.13, only hardware perf event can be
+ * 	retrieved.
+ *
+ * 	Also, be aware that the newer helper
+ * 	**bpf_perf_event_read_value**\ () is recommended over
+ * 	**bpf_perf_event_read**\ () in general. The latter has some ABI
+ * 	quirks where error and counter value are used as a return code
+ * 	(which is wrong to do since ranges may overlap). This issue is
+ * 	fixed with **bpf_perf_event_read_value**\ (), which at the same
+ * 	time provides more features over the **bpf_perf_event_read**\
+ * 	() interface. Please refer to the description of
+ * 	**bpf_perf_event_read_value**\ () for details.
+ *
+ * Returns
+ * 	The value of the perf event counter read from the map, or a
+ * 	negative error code in case of failure.
+ */
+static __u64 (*bpf_perf_event_read)(void *map, __u64 flags) = (void *) 22;
+
+/*
+ * bpf_redirect
+ *
+ * 	Redirect the packet to another net device of index *ifindex*.
+ * 	This helper is somewhat similar to **bpf_clone_redirect**\
+ * 	(), except that the packet is not cloned, which provides
+ * 	increased performance.
+ *
+ * 	Except for XDP, both ingress and egress interfaces can be used
+ * 	for redirection. The **BPF_F_INGRESS** value in *flags* is used
+ * 	to make the distinction (ingress path is selected if the flag
+ * 	is present, egress path otherwise). Currently, XDP only
+ * 	supports redirection to the egress interface, and accepts no
+ * 	flag at all.
+ *
+ * 	The same effect can also be attained with the more generic
+ * 	**bpf_redirect_map**\ (), which uses a BPF map to store the
+ * 	redirect target instead of providing it directly to the helper.
+ *
+ * Returns
+ * 	For XDP, the helper returns **XDP_REDIRECT** on success or
+ * 	**XDP_ABORTED** on error. For other program types, the values
+ * 	are **TC_ACT_REDIRECT** on success or **TC_ACT_SHOT** on
+ * 	error.
+ */
+static long (*bpf_redirect)(__u32 ifindex, __u64 flags) = (void *) 23;
+
+/*
+ * bpf_get_route_realm
+ *
+ * 	Retrieve the realm or the route, that is to say the
+ * 	**tclassid** field of the destination for the *skb*. The
+ * 	indentifier retrieved is a user-provided tag, similar to the
+ * 	one used with the net_cls cgroup (see description for
+ * 	**bpf_get_cgroup_classid**\ () helper), but here this tag is
+ * 	held by a route (a destination entry), not by a task.
+ *
+ * 	Retrieving this identifier works with the clsact TC egress hook
+ * 	(see also **tc-bpf(8)**), or alternatively on conventional
+ * 	classful egress qdiscs, but not on TC ingress path. In case of
+ * 	clsact TC egress hook, this has the advantage that, internally,
+ * 	the destination entry has not been dropped yet in the transmit
+ * 	path. Therefore, the destination entry does not need to be
+ * 	artificially held via **netif_keep_dst**\ () for a classful
+ * 	qdisc until the *skb* is freed.
+ *
+ * 	This helper is available only if the kernel was compiled with
+ * 	**CONFIG_IP_ROUTE_CLASSID** configuration option.
+ *
+ * Returns
+ * 	The realm of the route for the packet associated to *skb*, or 0
+ * 	if none was found.
+ */
+static __u32 (*bpf_get_route_realm)(struct __sk_buff *skb) = (void *) 24;
+
+/*
+ * bpf_perf_event_output
+ *
+ * 	Write raw *data* blob into a special BPF perf event held by
+ * 	*map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This perf
+ * 	event must have the following attributes: **PERF_SAMPLE_RAW**
+ * 	as **sample_type**, **PERF_TYPE_SOFTWARE** as **type**, and
+ * 	**PERF_COUNT_SW_BPF_OUTPUT** as **config**.
+ *
+ * 	The *flags* are used to indicate the index in *map* for which
+ * 	the value must be put, masked with **BPF_F_INDEX_MASK**.
+ * 	Alternatively, *flags* can be set to **BPF_F_CURRENT_CPU**
+ * 	to indicate that the index of the current CPU core should be
+ * 	used.
+ *
+ * 	The value to write, of *size*, is passed through eBPF stack and
+ * 	pointed by *data*.
+ *
+ * 	The context of the program *ctx* needs also be passed to the
+ * 	helper.
+ *
+ * 	On user space, a program willing to read the values needs to
+ * 	call **perf_event_open**\ () on the perf event (either for
+ * 	one or for all CPUs) and to store the file descriptor into the
+ * 	*map*. This must be done before the eBPF program can send data
+ * 	into it. An example is available in file
+ * 	*samples/bpf/trace_output_user.c* in the Linux kernel source
+ * 	tree (the eBPF program counterpart is in
+ * 	*samples/bpf/trace_output_kern.c*).
+ *
+ * 	**bpf_perf_event_output**\ () achieves better performance
+ * 	than **bpf_trace_printk**\ () for sharing data with user
+ * 	space, and is much better suitable for streaming data from eBPF
+ * 	programs.
+ *
+ * 	Note that this helper is not restricted to tracing use cases
+ * 	and can be used with programs attached to TC or XDP as well,
+ * 	where it allows for passing data to user space listeners. Data
+ * 	can be:
+ *
+ * 	* Only custom structs,
+ * 	* Only the packet payload, or
+ * 	* A combination of both.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_perf_event_output)(void *ctx, void *map, __u64 flags, void *data, __u64 size) = (void *) 25;
+
+/*
+ * bpf_skb_load_bytes
+ *
+ * 	This helper was provided as an easy way to load data from a
+ * 	packet. It can be used to load *len* bytes from *offset* from
+ * 	the packet associated to *skb*, into the buffer pointed by
+ * 	*to*.
+ *
+ * 	Since Linux 4.7, usage of this helper has mostly been replaced
+ * 	by "direct packet access", enabling packet data to be
+ * 	manipulated with *skb*\ **->data** and *skb*\ **->data_end**
+ * 	pointing respectively to the first byte of packet data and to
+ * 	the byte after the last byte of packet data. However, it
+ * 	remains useful if one wishes to read large quantities of data
+ * 	at once from a packet into the eBPF stack.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_load_bytes)(const void *skb, __u32 offset, void *to, __u32 len) = (void *) 26;
+
+/*
+ * bpf_get_stackid
+ *
+ * 	Walk a user or a kernel stack and return its id. To achieve
+ * 	this, the helper needs *ctx*, which is a pointer to the context
+ * 	on which the tracing program is executed, and a pointer to a
+ * 	*map* of type **BPF_MAP_TYPE_STACK_TRACE**.
+ *
+ * 	The last argument, *flags*, holds the number of stack frames to
+ * 	skip (from 0 to 255), masked with
+ * 	**BPF_F_SKIP_FIELD_MASK**. The next bits can be used to set
+ * 	a combination of the following flags:
+ *
+ * 	**BPF_F_USER_STACK**
+ * 		Collect a user space stack instead of a kernel stack.
+ * 	**BPF_F_FAST_STACK_CMP**
+ * 		Compare stacks by hash only.
+ * 	**BPF_F_REUSE_STACKID**
+ * 		If two different stacks hash into the same *stackid*,
+ * 		discard the old one.
+ *
+ * 	The stack id retrieved is a 32 bit long integer handle which
+ * 	can be further combined with other data (including other stack
+ * 	ids) and used as a key into maps. This can be useful for
+ * 	generating a variety of graphs (such as flame graphs or off-cpu
+ * 	graphs).
+ *
+ * 	For walking a stack, this helper is an improvement over
+ * 	**bpf_probe_read**\ (), which can be used with unrolled loops
+ * 	but is not efficient and consumes a lot of eBPF instructions.
+ * 	Instead, **bpf_get_stackid**\ () can collect up to
+ * 	**PERF_MAX_STACK_DEPTH** both kernel and user frames. Note that
+ * 	this limit can be controlled with the **sysctl** program, and
+ * 	that it should be manually increased in order to profile long
+ * 	user stacks (such as stacks for Java programs). To do so, use:
+ *
+ * 	::
+ *
+ * 		# sysctl kernel.perf_event_max_stack=<new value>
+ *
+ * Returns
+ * 	The positive or null stack id on success, or a negative error
+ * 	in case of failure.
+ */
+static long (*bpf_get_stackid)(void *ctx, void *map, __u64 flags) = (void *) 27;
+
+/*
+ * bpf_csum_diff
+ *
+ * 	Compute a checksum difference, from the raw buffer pointed by
+ * 	*from*, of length *from_size* (that must be a multiple of 4),
+ * 	towards the raw buffer pointed by *to*, of size *to_size*
+ * 	(same remark). An optional *seed* can be added to the value
+ * 	(this can be cascaded, the seed may come from a previous call
+ * 	to the helper).
+ *
+ * 	This is flexible enough to be used in several ways:
+ *
+ * 	* With *from_size* == 0, *to_size* > 0 and *seed* set to
+ * 	  checksum, it can be used when pushing new data.
+ * 	* With *from_size* > 0, *to_size* == 0 and *seed* set to
+ * 	  checksum, it can be used when removing data from a packet.
+ * 	* With *from_size* > 0, *to_size* > 0 and *seed* set to 0, it
+ * 	  can be used to compute a diff. Note that *from_size* and
+ * 	  *to_size* do not need to be equal.
+ *
+ * 	This helper can be used in combination with
+ * 	**bpf_l3_csum_replace**\ () and **bpf_l4_csum_replace**\ (), to
+ * 	which one can feed in the difference computed with
+ * 	**bpf_csum_diff**\ ().
+ *
+ * Returns
+ * 	The checksum result, or a negative error code in case of
+ * 	failure.
+ */
+static __s64 (*bpf_csum_diff)(__be32 *from, __u32 from_size, __be32 *to, __u32 to_size, __wsum seed) = (void *) 28;
+
+/*
+ * bpf_skb_get_tunnel_opt
+ *
+ * 	Retrieve tunnel options metadata for the packet associated to
+ * 	*skb*, and store the raw tunnel option data to the buffer *opt*
+ * 	of *size*.
+ *
+ * 	This helper can be used with encapsulation devices that can
+ * 	operate in "collect metadata" mode (please refer to the related
+ * 	note in the description of **bpf_skb_get_tunnel_key**\ () for
+ * 	more details). A particular example where this can be used is
+ * 	in combination with the Geneve encapsulation protocol, where it
+ * 	allows for pushing (with **bpf_skb_get_tunnel_opt**\ () helper)
+ * 	and retrieving arbitrary TLVs (Type-Length-Value headers) from
+ * 	the eBPF program. This allows for full customization of these
+ * 	headers.
+ *
+ * Returns
+ * 	The size of the option data retrieved.
+ */
+static long (*bpf_skb_get_tunnel_opt)(struct __sk_buff *skb, void *opt, __u32 size) = (void *) 29;
+
+/*
+ * bpf_skb_set_tunnel_opt
+ *
+ * 	Set tunnel options metadata for the packet associated to *skb*
+ * 	to the option data contained in the raw buffer *opt* of *size*.
+ *
+ * 	See also the description of the **bpf_skb_get_tunnel_opt**\ ()
+ * 	helper for additional information.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_set_tunnel_opt)(struct __sk_buff *skb, void *opt, __u32 size) = (void *) 30;
+
+/*
+ * bpf_skb_change_proto
+ *
+ * 	Change the protocol of the *skb* to *proto*. Currently
+ * 	supported are transition from IPv4 to IPv6, and from IPv6 to
+ * 	IPv4. The helper takes care of the groundwork for the
+ * 	transition, including resizing the socket buffer. The eBPF
+ * 	program is expected to fill the new headers, if any, via
+ * 	**skb_store_bytes**\ () and to recompute the checksums with
+ * 	**bpf_l3_csum_replace**\ () and **bpf_l4_csum_replace**\
+ * 	(). The main case for this helper is to perform NAT64
+ * 	operations out of an eBPF program.
+ *
+ * 	Internally, the GSO type is marked as dodgy so that headers are
+ * 	checked and segments are recalculated by the GSO/GRO engine.
+ * 	The size for GSO target is adapted as well.
+ *
+ * 	All values for *flags* are reserved for future usage, and must
+ * 	be left at zero.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_change_proto)(struct __sk_buff *skb, __be16 proto, __u64 flags) = (void *) 31;
+
+/*
+ * bpf_skb_change_type
+ *
+ * 	Change the packet type for the packet associated to *skb*. This
+ * 	comes down to setting *skb*\ **->pkt_type** to *type*, except
+ * 	the eBPF program does not have a write access to *skb*\
+ * 	**->pkt_type** beside this helper. Using a helper here allows
+ * 	for graceful handling of errors.
+ *
+ * 	The major use case is to change incoming *skb*s to
+ * 	**PACKET_HOST** in a programmatic way instead of having to
+ * 	recirculate via **redirect**\ (..., **BPF_F_INGRESS**), for
+ * 	example.
+ *
+ * 	Note that *type* only allows certain values. At this time, they
+ * 	are:
+ *
+ * 	**PACKET_HOST**
+ * 		Packet is for us.
+ * 	**PACKET_BROADCAST**
+ * 		Send packet to all.
+ * 	**PACKET_MULTICAST**
+ * 		Send packet to group.
+ * 	**PACKET_OTHERHOST**
+ * 		Send packet to someone else.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_change_type)(struct __sk_buff *skb, __u32 type) = (void *) 32;
+
+/*
+ * bpf_skb_under_cgroup
+ *
+ * 	Check whether *skb* is a descendant of the cgroup2 held by
+ * 	*map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*.
+ *
+ * Returns
+ * 	The return value depends on the result of the test, and can be:
+ *
+ * 	* 0, if the *skb* failed the cgroup2 descendant test.
+ * 	* 1, if the *skb* succeeded the cgroup2 descendant test.
+ * 	* A negative error code, if an error occurred.
+ */
+static long (*bpf_skb_under_cgroup)(struct __sk_buff *skb, void *map, __u32 index) = (void *) 33;
+
+/*
+ * bpf_get_hash_recalc
+ *
+ * 	Retrieve the hash of the packet, *skb*\ **->hash**. If it is
+ * 	not set, in particular if the hash was cleared due to mangling,
+ * 	recompute this hash. Later accesses to the hash can be done
+ * 	directly with *skb*\ **->hash**.
+ *
+ * 	Calling **bpf_set_hash_invalid**\ (), changing a packet
+ * 	prototype with **bpf_skb_change_proto**\ (), or calling
+ * 	**bpf_skb_store_bytes**\ () with the
+ * 	**BPF_F_INVALIDATE_HASH** are actions susceptible to clear
+ * 	the hash and to trigger a new computation for the next call to
+ * 	**bpf_get_hash_recalc**\ ().
+ *
+ * Returns
+ * 	The 32-bit hash.
+ */
+static __u32 (*bpf_get_hash_recalc)(struct __sk_buff *skb) = (void *) 34;
+
+/*
+ * bpf_get_current_task
+ *
+ *
+ * Returns
+ * 	A pointer to the current task struct.
+ */
+static __u64 (*bpf_get_current_task)(void) = (void *) 35;
+
+/*
+ * bpf_probe_write_user
+ *
+ * 	Attempt in a safe way to write *len* bytes from the buffer
+ * 	*src* to *dst* in memory. It only works for threads that are in
+ * 	user context, and *dst* must be a valid user space address.
+ *
+ * 	This helper should not be used to implement any kind of
+ * 	security mechanism because of TOC-TOU attacks, but rather to
+ * 	debug, divert, and manipulate execution of semi-cooperative
+ * 	processes.
+ *
+ * 	Keep in mind that this feature is meant for experiments, and it
+ * 	has a risk of crashing the system and running programs.
+ * 	Therefore, when an eBPF program using this helper is attached,
+ * 	a warning including PID and process name is printed to kernel
+ * 	logs.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_probe_write_user)(void *dst, const void *src, __u32 len) = (void *) 36;
+
+/*
+ * bpf_current_task_under_cgroup
+ *
+ * 	Check whether the probe is being run is the context of a given
+ * 	subset of the cgroup2 hierarchy. The cgroup2 to test is held by
+ * 	*map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*.
+ *
+ * Returns
+ * 	The return value depends on the result of the test, and can be:
+ *
+ * 	* 0, if the *skb* task belongs to the cgroup2.
+ * 	* 1, if the *skb* task does not belong to the cgroup2.
+ * 	* A negative error code, if an error occurred.
+ */
+static long (*bpf_current_task_under_cgroup)(void *map, __u32 index) = (void *) 37;
+
+/*
+ * bpf_skb_change_tail
+ *
+ * 	Resize (trim or grow) the packet associated to *skb* to the
+ * 	new *len*. The *flags* are reserved for future usage, and must
+ * 	be left at zero.
+ *
+ * 	The basic idea is that the helper performs the needed work to
+ * 	change the size of the packet, then the eBPF program rewrites
+ * 	the rest via helpers like **bpf_skb_store_bytes**\ (),
+ * 	**bpf_l3_csum_replace**\ (), **bpf_l3_csum_replace**\ ()
+ * 	and others. This helper is a slow path utility intended for
+ * 	replies with control messages. And because it is targeted for
+ * 	slow path, the helper itself can afford to be slow: it
+ * 	implicitly linearizes, unclones and drops offloads from the
+ * 	*skb*.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_change_tail)(struct __sk_buff *skb, __u32 len, __u64 flags) = (void *) 38;
+
+/*
+ * bpf_skb_pull_data
+ *
+ * 	Pull in non-linear data in case the *skb* is non-linear and not
+ * 	all of *len* are part of the linear section. Make *len* bytes
+ * 	from *skb* readable and writable. If a zero value is passed for
+ * 	*len*, then the whole length of the *skb* is pulled.
+ *
+ * 	This helper is only needed for reading and writing with direct
+ * 	packet access.
+ *
+ * 	For direct packet access, testing that offsets to access
+ * 	are within packet boundaries (test on *skb*\ **->data_end**) is
+ * 	susceptible to fail if offsets are invalid, or if the requested
+ * 	data is in non-linear parts of the *skb*. On failure the
+ * 	program can just bail out, or in the case of a non-linear
+ * 	buffer, use a helper to make the data available. The
+ * 	**bpf_skb_load_bytes**\ () helper is a first solution to access
+ * 	the data. Another one consists in using **bpf_skb_pull_data**
+ * 	to pull in once the non-linear parts, then retesting and
+ * 	eventually access the data.
+ *
+ * 	At the same time, this also makes sure the *skb* is uncloned,
+ * 	which is a necessary condition for direct write. As this needs
+ * 	to be an invariant for the write part only, the verifier
+ * 	detects writes and adds a prologue that is calling
+ * 	**bpf_skb_pull_data()** to effectively unclone the *skb* from
+ * 	the very beginning in case it is indeed cloned.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_pull_data)(struct __sk_buff *skb, __u32 len) = (void *) 39;
+
+/*
+ * bpf_csum_update
+ *
+ * 	Add the checksum *csum* into *skb*\ **->csum** in case the
+ * 	driver has supplied a checksum for the entire packet into that
+ * 	field. Return an error otherwise. This helper is intended to be
+ * 	used in combination with **bpf_csum_diff**\ (), in particular
+ * 	when the checksum needs to be updated after data has been
+ * 	written into the packet through direct packet access.
+ *
+ * Returns
+ * 	The checksum on success, or a negative error code in case of
+ * 	failure.
+ */
+static __s64 (*bpf_csum_update)(struct __sk_buff *skb, __wsum csum) = (void *) 40;
+
+/*
+ * bpf_set_hash_invalid
+ *
+ * 	Invalidate the current *skb*\ **->hash**. It can be used after
+ * 	mangling on headers through direct packet access, in order to
+ * 	indicate that the hash is outdated and to trigger a
+ * 	recalculation the next time the kernel tries to access this
+ * 	hash or when the **bpf_get_hash_recalc**\ () helper is called.
+ *
+ */
+static void (*bpf_set_hash_invalid)(struct __sk_buff *skb) = (void *) 41;
+
+/*
+ * bpf_get_numa_node_id
+ *
+ * 	Return the id of the current NUMA node. The primary use case
+ * 	for this helper is the selection of sockets for the local NUMA
+ * 	node, when the program is attached to sockets using the
+ * 	**SO_ATTACH_REUSEPORT_EBPF** option (see also **socket(7)**),
+ * 	but the helper is also available to other eBPF program types,
+ * 	similarly to **bpf_get_smp_processor_id**\ ().
+ *
+ * Returns
+ * 	The id of current NUMA node.
+ */
+static long (*bpf_get_numa_node_id)(void) = (void *) 42;
+
+/*
+ * bpf_skb_change_head
+ *
+ * 	Grows headroom of packet associated to *skb* and adjusts the
+ * 	offset of the MAC header accordingly, adding *len* bytes of
+ * 	space. It automatically extends and reallocates memory as
+ * 	required.
+ *
+ * 	This helper can be used on a layer 3 *skb* to push a MAC header
+ * 	for redirection into a layer 2 device.
+ *
+ * 	All values for *flags* are reserved for future usage, and must
+ * 	be left at zero.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_change_head)(struct __sk_buff *skb, __u32 len, __u64 flags) = (void *) 43;
+
+/*
+ * bpf_xdp_adjust_head
+ *
+ * 	Adjust (move) *xdp_md*\ **->data** by *delta* bytes. Note that
+ * 	it is possible to use a negative value for *delta*. This helper
+ * 	can be used to prepare the packet for pushing or popping
+ * 	headers.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_xdp_adjust_head)(struct xdp_md *xdp_md, int delta) = (void *) 44;
+
+/*
+ * bpf_probe_read_str
+ *
+ * 	Copy a NUL terminated string from an unsafe kernel address
+ * 	*unsafe_ptr* to *dst*. See **bpf_probe_read_kernel_str**\ () for
+ * 	more details.
+ *
+ * 	Generally, use **bpf_probe_read_user_str**\ () or
+ * 	**bpf_probe_read_kernel_str**\ () instead.
+ *
+ * Returns
+ * 	On success, the strictly positive length of the string,
+ * 	including the trailing NUL character. On error, a negative
+ * 	value.
+ */
+static long (*bpf_probe_read_str)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 45;
+
+/*
+ * bpf_get_socket_cookie
+ *
+ * 	If the **struct sk_buff** pointed by *skb* has a known socket,
+ * 	retrieve the cookie (generated by the kernel) of this socket.
+ * 	If no cookie has been set yet, generate a new cookie. Once
+ * 	generated, the socket cookie remains stable for the life of the
+ * 	socket. This helper can be useful for monitoring per socket
+ * 	networking traffic statistics as it provides a global socket
+ * 	identifier that can be assumed unique.
+ *
+ * Returns
+ * 	A 8-byte long non-decreasing number on success, or 0 if the
+ * 	socket field is missing inside *skb*.
+ */
+static __u64 (*bpf_get_socket_cookie)(void *ctx) = (void *) 46;
+
+/*
+ * bpf_get_socket_uid
+ *
+ *
+ * Returns
+ * 	The owner UID of the socket associated to *skb*. If the socket
+ * 	is **NULL**, or if it is not a full socket (i.e. if it is a
+ * 	time-wait or a request socket instead), **overflowuid** value
+ * 	is returned (note that **overflowuid** might also be the actual
+ * 	UID value for the socket).
+ */
+static __u32 (*bpf_get_socket_uid)(struct __sk_buff *skb) = (void *) 47;
+
+/*
+ * bpf_set_hash
+ *
+ * 	Set the full hash for *skb* (set the field *skb*\ **->hash**)
+ * 	to value *hash*.
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_set_hash)(struct __sk_buff *skb, __u32 hash) = (void *) 48;
+
+/*
+ * bpf_setsockopt
+ *
+ * 	Emulate a call to **setsockopt()** on the socket associated to
+ * 	*bpf_socket*, which must be a full socket. The *level* at
+ * 	which the option resides and the name *optname* of the option
+ * 	must be specified, see **setsockopt(2)** for more information.
+ * 	The option value of length *optlen* is pointed by *optval*.
+ *
+ * 	*bpf_socket* should be one of the following:
+ *
+ * 	* **struct bpf_sock_ops** for **BPF_PROG_TYPE_SOCK_OPS**.
+ * 	* **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT**
+ * 	  and **BPF_CGROUP_INET6_CONNECT**.
+ *
+ * 	This helper actually implements a subset of **setsockopt()**.
+ * 	It supports the following *level*\ s:
+ *
+ * 	* **SOL_SOCKET**, which supports the following *optname*\ s:
+ * 	  **SO_RCVBUF**, **SO_SNDBUF**, **SO_MAX_PACING_RATE**,
+ * 	  **SO_PRIORITY**, **SO_RCVLOWAT**, **SO_MARK**,
+ * 	  **SO_BINDTODEVICE**, **SO_KEEPALIVE**.
+ * 	* **IPPROTO_TCP**, which supports the following *optname*\ s:
+ * 	  **TCP_CONGESTION**, **TCP_BPF_IW**,
+ * 	  **TCP_BPF_SNDCWND_CLAMP**, **TCP_SAVE_SYN**,
+ * 	  **TCP_KEEPIDLE**, **TCP_KEEPINTVL**, **TCP_KEEPCNT**,
+ * 	  **TCP_SYNCNT**, **TCP_USER_TIMEOUT**.
+ * 	* **IPPROTO_IP**, which supports *optname* **IP_TOS**.
+ * 	* **IPPROTO_IPV6**, which supports *optname* **IPV6_TCLASS**.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_setsockopt)(void *bpf_socket, int level, int optname, void *optval, int optlen) = (void *) 49;
+
+/*
+ * bpf_skb_adjust_room
+ *
+ * 	Grow or shrink the room for data in the packet associated to
+ * 	*skb* by *len_diff*, and according to the selected *mode*.
+ *
+ * 	By default, the helper will reset any offloaded checksum
+ * 	indicator of the skb to CHECKSUM_NONE. This can be avoided
+ * 	by the following flag:
+ *
+ * 	* **BPF_F_ADJ_ROOM_NO_CSUM_RESET**: Do not reset offloaded
+ * 	  checksum data of the skb to CHECKSUM_NONE.
+ *
+ * 	There are two supported modes at this time:
+ *
+ * 	* **BPF_ADJ_ROOM_MAC**: Adjust room at the mac layer
+ * 	  (room space is added or removed below the layer 2 header).
+ *
+ * 	* **BPF_ADJ_ROOM_NET**: Adjust room at the network layer
+ * 	  (room space is added or removed below the layer 3 header).
+ *
+ * 	The following flags are supported at this time:
+ *
+ * 	* **BPF_F_ADJ_ROOM_FIXED_GSO**: Do not adjust gso_size.
+ * 	  Adjusting mss in this way is not allowed for datagrams.
+ *
+ * 	* **BPF_F_ADJ_ROOM_ENCAP_L3_IPV4**,
+ * 	  **BPF_F_ADJ_ROOM_ENCAP_L3_IPV6**:
+ * 	  Any new space is reserved to hold a tunnel header.
+ * 	  Configure skb offsets and other fields accordingly.
+ *
+ * 	* **BPF_F_ADJ_ROOM_ENCAP_L4_GRE**,
+ * 	  **BPF_F_ADJ_ROOM_ENCAP_L4_UDP**:
+ * 	  Use with ENCAP_L3 flags to further specify the tunnel type.
+ *
+ * 	* **BPF_F_ADJ_ROOM_ENCAP_L2**\ (*len*):
+ * 	  Use with ENCAP_L3/L4 flags to further specify the tunnel
+ * 	  type; *len* is the length of the inner MAC header.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_adjust_room)(struct __sk_buff *skb, __s32 len_diff, __u32 mode, __u64 flags) = (void *) 50;
+
+/*
+ * bpf_redirect_map
+ *
+ * 	Redirect the packet to the endpoint referenced by *map* at
+ * 	index *key*. Depending on its type, this *map* can contain
+ * 	references to net devices (for forwarding packets through other
+ * 	ports), or to CPUs (for redirecting XDP frames to another CPU;
+ * 	but this is only implemented for native XDP (with driver
+ * 	support) as of this writing).
+ *
+ * 	The lower two bits of *flags* are used as the return code if
+ * 	the map lookup fails. This is so that the return value can be
+ * 	one of the XDP program return codes up to **XDP_TX**, as chosen
+ * 	by the caller. Any higher bits in the *flags* argument must be
+ * 	unset.
+ *
+ * 	See also **bpf_redirect**\ (), which only supports redirecting
+ * 	to an ifindex, but doesn't require a map to do so.
+ *
+ * Returns
+ * 	**XDP_REDIRECT** on success, or the value of the two lower bits
+ * 	of the *flags* argument on error.
+ */
+static long (*bpf_redirect_map)(void *map, __u32 key, __u64 flags) = (void *) 51;
+
+/*
+ * bpf_sk_redirect_map
+ *
+ * 	Redirect the packet to the socket referenced by *map* (of type
+ * 	**BPF_MAP_TYPE_SOCKMAP**) at index *key*. Both ingress and
+ * 	egress interfaces can be used for redirection. The
+ * 	**BPF_F_INGRESS** value in *flags* is used to make the
+ * 	distinction (ingress path is selected if the flag is present,
+ * 	egress path otherwise). This is the only flag supported for now.
+ *
+ * Returns
+ * 	**SK_PASS** on success, or **SK_DROP** on error.
+ */
+static long (*bpf_sk_redirect_map)(struct __sk_buff *skb, void *map, __u32 key, __u64 flags) = (void *) 52;
+
+/*
+ * bpf_sock_map_update
+ *
+ * 	Add an entry to, or update a *map* referencing sockets. The
+ * 	*skops* is used as a new value for the entry associated to
+ * 	*key*. *flags* is one of:
+ *
+ * 	**BPF_NOEXIST**
+ * 		The entry for *key* must not exist in the map.
+ * 	**BPF_EXIST**
+ * 		The entry for *key* must already exist in the map.
+ * 	**BPF_ANY**
+ * 		No condition on the existence of the entry for *key*.
+ *
+ * 	If the *map* has eBPF programs (parser and verdict), those will
+ * 	be inherited by the socket being added. If the socket is
+ * 	already attached to eBPF programs, this results in an error.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_sock_map_update)(struct bpf_sock_ops *skops, void *map, void *key, __u64 flags) = (void *) 53;
+
+/*
+ * bpf_xdp_adjust_meta
+ *
+ * 	Adjust the address pointed by *xdp_md*\ **->data_meta** by
+ * 	*delta* (which can be positive or negative). Note that this
+ * 	operation modifies the address stored in *xdp_md*\ **->data**,
+ * 	so the latter must be loaded only after the helper has been
+ * 	called.
+ *
+ * 	The use of *xdp_md*\ **->data_meta** is optional and programs
+ * 	are not required to use it. The rationale is that when the
+ * 	packet is processed with XDP (e.g. as DoS filter), it is
+ * 	possible to push further meta data along with it before passing
+ * 	to the stack, and to give the guarantee that an ingress eBPF
+ * 	program attached as a TC classifier on the same device can pick
+ * 	this up for further post-processing. Since TC works with socket
+ * 	buffers, it remains possible to set from XDP the **mark** or
+ * 	**priority** pointers, or other pointers for the socket buffer.
+ * 	Having this scratch space generic and programmable allows for
+ * 	more flexibility as the user is free to store whatever meta
+ * 	data they need.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_xdp_adjust_meta)(struct xdp_md *xdp_md, int delta) = (void *) 54;
+
+/*
+ * bpf_perf_event_read_value
+ *
+ * 	Read the value of a perf event counter, and store it into *buf*
+ * 	of size *buf_size*. This helper relies on a *map* of type
+ * 	**BPF_MAP_TYPE_PERF_EVENT_ARRAY**. The nature of the perf event
+ * 	counter is selected when *map* is updated with perf event file
+ * 	descriptors. The *map* is an array whose size is the number of
+ * 	available CPUs, and each cell contains a value relative to one
+ * 	CPU. The value to retrieve is indicated by *flags*, that
+ * 	contains the index of the CPU to look up, masked with
+ * 	**BPF_F_INDEX_MASK**. Alternatively, *flags* can be set to
+ * 	**BPF_F_CURRENT_CPU** to indicate that the value for the
+ * 	current CPU should be retrieved.
+ *
+ * 	This helper behaves in a way close to
+ * 	**bpf_perf_event_read**\ () helper, save that instead of
+ * 	just returning the value observed, it fills the *buf*
+ * 	structure. This allows for additional data to be retrieved: in
+ * 	particular, the enabled and running times (in *buf*\
+ * 	**->enabled** and *buf*\ **->running**, respectively) are
+ * 	copied. In general, **bpf_perf_event_read_value**\ () is
+ * 	recommended over **bpf_perf_event_read**\ (), which has some
+ * 	ABI issues and provides fewer functionalities.
+ *
+ * 	These values are interesting, because hardware PMU (Performance
+ * 	Monitoring Unit) counters are limited resources. When there are
+ * 	more PMU based perf events opened than available counters,
+ * 	kernel will multiplex these events so each event gets certain
+ * 	percentage (but not all) of the PMU time. In case that
+ * 	multiplexing happens, the number of samples or counter value
+ * 	will not reflect the case compared to when no multiplexing
+ * 	occurs. This makes comparison between different runs difficult.
+ * 	Typically, the counter value should be normalized before
+ * 	comparing to other experiments. The usual normalization is done
+ * 	as follows.
+ *
+ * 	::
+ *
+ * 		normalized_counter = counter * t_enabled / t_running
+ *
+ * 	Where t_enabled is the time enabled for event and t_running is
+ * 	the time running for event since last normalization. The
+ * 	enabled and running times are accumulated since the perf event
+ * 	open. To achieve scaling factor between two invocations of an
+ * 	eBPF program, users can use CPU id as the key (which is
+ * 	typical for perf array usage model) to remember the previous
+ * 	value and do the calculation inside the eBPF program.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_perf_event_read_value)(void *map, __u64 flags, struct bpf_perf_event_value *buf, __u32 buf_size) = (void *) 55;
+
+/*
+ * bpf_perf_prog_read_value
+ *
+ * 	For en eBPF program attached to a perf event, retrieve the
+ * 	value of the event counter associated to *ctx* and store it in
+ * 	the structure pointed by *buf* and of size *buf_size*. Enabled
+ * 	and running times are also stored in the structure (see
+ * 	description of helper **bpf_perf_event_read_value**\ () for
+ * 	more details).
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_perf_prog_read_value)(struct bpf_perf_event_data *ctx, struct bpf_perf_event_value *buf, __u32 buf_size) = (void *) 56;
+
+/*
+ * bpf_getsockopt
+ *
+ * 	Emulate a call to **getsockopt()** on the socket associated to
+ * 	*bpf_socket*, which must be a full socket. The *level* at
+ * 	which the option resides and the name *optname* of the option
+ * 	must be specified, see **getsockopt(2)** for more information.
+ * 	The retrieved value is stored in the structure pointed by
+ * 	*opval* and of length *optlen*.
+ *
+ * 	*bpf_socket* should be one of the following:
+ *
+ * 	* **struct bpf_sock_ops** for **BPF_PROG_TYPE_SOCK_OPS**.
+ * 	* **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT**
+ * 	  and **BPF_CGROUP_INET6_CONNECT**.
+ *
+ * 	This helper actually implements a subset of **getsockopt()**.
+ * 	It supports the following *level*\ s:
+ *
+ * 	* **IPPROTO_TCP**, which supports *optname*
+ * 	  **TCP_CONGESTION**.
+ * 	* **IPPROTO_IP**, which supports *optname* **IP_TOS**.
+ * 	* **IPPROTO_IPV6**, which supports *optname* **IPV6_TCLASS**.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_getsockopt)(void *bpf_socket, int level, int optname, void *optval, int optlen) = (void *) 57;
+
+/*
+ * bpf_override_return
+ *
+ * 	Used for error injection, this helper uses kprobes to override
+ * 	the return value of the probed function, and to set it to *rc*.
+ * 	The first argument is the context *regs* on which the kprobe
+ * 	works.
+ *
+ * 	This helper works by setting the PC (program counter)
+ * 	to an override function which is run in place of the original
+ * 	probed function. This means the probed function is not run at
+ * 	all. The replacement function just returns with the required
+ * 	value.
+ *
+ * 	This helper has security implications, and thus is subject to
+ * 	restrictions. It is only available if the kernel was compiled
+ * 	with the **CONFIG_BPF_KPROBE_OVERRIDE** configuration
+ * 	option, and in this case it only works on functions tagged with
+ * 	**ALLOW_ERROR_INJECTION** in the kernel code.
+ *
+ * 	Also, the helper is only available for the architectures having
+ * 	the CONFIG_FUNCTION_ERROR_INJECTION option. As of this writing,
+ * 	x86 architecture is the only one to support this feature.
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_override_return)(struct pt_regs *regs, __u64 rc) = (void *) 58;
+
+/*
+ * bpf_sock_ops_cb_flags_set
+ *
+ * 	Attempt to set the value of the **bpf_sock_ops_cb_flags** field
+ * 	for the full TCP socket associated to *bpf_sock_ops* to
+ * 	*argval*.
+ *
+ * 	The primary use of this field is to determine if there should
+ * 	be calls to eBPF programs of type
+ * 	**BPF_PROG_TYPE_SOCK_OPS** at various points in the TCP
+ * 	code. A program of the same type can change its value, per
+ * 	connection and as necessary, when the connection is
+ * 	established. This field is directly accessible for reading, but
+ * 	this helper must be used for updates in order to return an
+ * 	error if an eBPF program tries to set a callback that is not
+ * 	supported in the current kernel.
+ *
+ * 	*argval* is a flag array which can combine these flags:
+ *
+ * 	* **BPF_SOCK_OPS_RTO_CB_FLAG** (retransmission time out)
+ * 	* **BPF_SOCK_OPS_RETRANS_CB_FLAG** (retransmission)
+ * 	* **BPF_SOCK_OPS_STATE_CB_FLAG** (TCP state change)
+ * 	* **BPF_SOCK_OPS_RTT_CB_FLAG** (every RTT)
+ *
+ * 	Therefore, this function can be used to clear a callback flag by
+ * 	setting the appropriate bit to zero. e.g. to disable the RTO
+ * 	callback:
+ *
+ * 	**bpf_sock_ops_cb_flags_set(bpf_sock,**
+ * 		**bpf_sock->bpf_sock_ops_cb_flags & ~BPF_SOCK_OPS_RTO_CB_FLAG)**
+ *
+ * 	Here are some examples of where one could call such eBPF
+ * 	program:
+ *
+ * 	* When RTO fires.
+ * 	* When a packet is retransmitted.
+ * 	* When the connection terminates.
+ * 	* When a packet is sent.
+ * 	* When a packet is received.
+ *
+ * Returns
+ * 	Code **-EINVAL** if the socket is not a full TCP socket;
+ * 	otherwise, a positive number containing the bits that could not
+ * 	be set is returned (which comes down to 0 if all bits were set
+ * 	as required).
+ */
+static long (*bpf_sock_ops_cb_flags_set)(struct bpf_sock_ops *bpf_sock, int argval) = (void *) 59;
+
+/*
+ * bpf_msg_redirect_map
+ *
+ * 	This helper is used in programs implementing policies at the
+ * 	socket level. If the message *msg* is allowed to pass (i.e. if
+ * 	the verdict eBPF program returns **SK_PASS**), redirect it to
+ * 	the socket referenced by *map* (of type
+ * 	**BPF_MAP_TYPE_SOCKMAP**) at index *key*. Both ingress and
+ * 	egress interfaces can be used for redirection. The
+ * 	**BPF_F_INGRESS** value in *flags* is used to make the
+ * 	distinction (ingress path is selected if the flag is present,
+ * 	egress path otherwise). This is the only flag supported for now.
+ *
+ * Returns
+ * 	**SK_PASS** on success, or **SK_DROP** on error.
+ */
+static long (*bpf_msg_redirect_map)(struct sk_msg_md *msg, void *map, __u32 key, __u64 flags) = (void *) 60;
+
+/*
+ * bpf_msg_apply_bytes
+ *
+ * 	For socket policies, apply the verdict of the eBPF program to
+ * 	the next *bytes* (number of bytes) of message *msg*.
+ *
+ * 	For example, this helper can be used in the following cases:
+ *
+ * 	* A single **sendmsg**\ () or **sendfile**\ () system call
+ * 	  contains multiple logical messages that the eBPF program is
+ * 	  supposed to read and for which it should apply a verdict.
+ * 	* An eBPF program only cares to read the first *bytes* of a
+ * 	  *msg*. If the message has a large payload, then setting up
+ * 	  and calling the eBPF program repeatedly for all bytes, even
+ * 	  though the verdict is already known, would create unnecessary
+ * 	  overhead.
+ *
+ * 	When called from within an eBPF program, the helper sets a
+ * 	counter internal to the BPF infrastructure, that is used to
+ * 	apply the last verdict to the next *bytes*. If *bytes* is
+ * 	smaller than the current data being processed from a
+ * 	**sendmsg**\ () or **sendfile**\ () system call, the first
+ * 	*bytes* will be sent and the eBPF program will be re-run with
+ * 	the pointer for start of data pointing to byte number *bytes*
+ * 	**+ 1**. If *bytes* is larger than the current data being
+ * 	processed, then the eBPF verdict will be applied to multiple
+ * 	**sendmsg**\ () or **sendfile**\ () calls until *bytes* are
+ * 	consumed.
+ *
+ * 	Note that if a socket closes with the internal counter holding
+ * 	a non-zero value, this is not a problem because data is not
+ * 	being buffered for *bytes* and is sent as it is received.
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_msg_apply_bytes)(struct sk_msg_md *msg, __u32 bytes) = (void *) 61;
+
+/*
+ * bpf_msg_cork_bytes
+ *
+ * 	For socket policies, prevent the execution of the verdict eBPF
+ * 	program for message *msg* until *bytes* (byte number) have been
+ * 	accumulated.
+ *
+ * 	This can be used when one needs a specific number of bytes
+ * 	before a verdict can be assigned, even if the data spans
+ * 	multiple **sendmsg**\ () or **sendfile**\ () calls. The extreme
+ * 	case would be a user calling **sendmsg**\ () repeatedly with
+ * 	1-byte long message segments. Obviously, this is bad for
+ * 	performance, but it is still valid. If the eBPF program needs
+ * 	*bytes* bytes to validate a header, this helper can be used to
+ * 	prevent the eBPF program to be called again until *bytes* have
+ * 	been accumulated.
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_msg_cork_bytes)(struct sk_msg_md *msg, __u32 bytes) = (void *) 62;
+
+/*
+ * bpf_msg_pull_data
+ *
+ * 	For socket policies, pull in non-linear data from user space
+ * 	for *msg* and set pointers *msg*\ **->data** and *msg*\
+ * 	**->data_end** to *start* and *end* bytes offsets into *msg*,
+ * 	respectively.
+ *
+ * 	If a program of type **BPF_PROG_TYPE_SK_MSG** is run on a
+ * 	*msg* it can only parse data that the (**data**, **data_end**)
+ * 	pointers have already consumed. For **sendmsg**\ () hooks this
+ * 	is likely the first scatterlist element. But for calls relying
+ * 	on the **sendpage** handler (e.g. **sendfile**\ ()) this will
+ * 	be the range (**0**, **0**) because the data is shared with
+ * 	user space and by default the objective is to avoid allowing
+ * 	user space to modify data while (or after) eBPF verdict is
+ * 	being decided. This helper can be used to pull in data and to
+ * 	set the start and end pointer to given values. Data will be
+ * 	copied if necessary (i.e. if data was not linear and if start
+ * 	and end pointers do not point to the same chunk).
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * 	All values for *flags* are reserved for future usage, and must
+ * 	be left at zero.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_msg_pull_data)(struct sk_msg_md *msg, __u32 start, __u32 end, __u64 flags) = (void *) 63;
+
+/*
+ * bpf_bind
+ *
+ * 	Bind the socket associated to *ctx* to the address pointed by
+ * 	*addr*, of length *addr_len*. This allows for making outgoing
+ * 	connection from the desired IP address, which can be useful for
+ * 	example when all processes inside a cgroup should use one
+ * 	single IP address on a host that has multiple IP configured.
+ *
+ * 	This helper works for IPv4 and IPv6, TCP and UDP sockets. The
+ * 	domain (*addr*\ **->sa_family**) must be **AF_INET** (or
+ * 	**AF_INET6**). It's advised to pass zero port (**sin_port**
+ * 	or **sin6_port**) which triggers IP_BIND_ADDRESS_NO_PORT-like
+ * 	behavior and lets the kernel efficiently pick up an unused
+ * 	port as long as 4-tuple is unique. Passing non-zero port might
+ * 	lead to degraded performance.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_bind)(struct bpf_sock_addr *ctx, struct sockaddr *addr, int addr_len) = (void *) 64;
+
+/*
+ * bpf_xdp_adjust_tail
+ *
+ * 	Adjust (move) *xdp_md*\ **->data_end** by *delta* bytes. It is
+ * 	possible to both shrink and grow the packet tail.
+ * 	Shrink done via *delta* being a negative integer.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_xdp_adjust_tail)(struct xdp_md *xdp_md, int delta) = (void *) 65;
+
+/*
+ * bpf_skb_get_xfrm_state
+ *
+ * 	Retrieve the XFRM state (IP transform framework, see also
+ * 	**ip-xfrm(8)**) at *index* in XFRM "security path" for *skb*.
+ *
+ * 	The retrieved value is stored in the **struct bpf_xfrm_state**
+ * 	pointed by *xfrm_state* and of length *size*.
+ *
+ * 	All values for *flags* are reserved for future usage, and must
+ * 	be left at zero.
+ *
+ * 	This helper is available only if the kernel was compiled with
+ * 	**CONFIG_XFRM** configuration option.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_get_xfrm_state)(struct __sk_buff *skb, __u32 index, struct bpf_xfrm_state *xfrm_state, __u32 size, __u64 flags) = (void *) 66;
+
+/*
+ * bpf_get_stack
+ *
+ * 	Return a user or a kernel stack in bpf program provided buffer.
+ * 	To achieve this, the helper needs *ctx*, which is a pointer
+ * 	to the context on which the tracing program is executed.
+ * 	To store the stacktrace, the bpf program provides *buf* with
+ * 	a nonnegative *size*.
+ *
+ * 	The last argument, *flags*, holds the number of stack frames to
+ * 	skip (from 0 to 255), masked with
+ * 	**BPF_F_SKIP_FIELD_MASK**. The next bits can be used to set
+ * 	the following flags:
+ *
+ * 	**BPF_F_USER_STACK**
+ * 		Collect a user space stack instead of a kernel stack.
+ * 	**BPF_F_USER_BUILD_ID**
+ * 		Collect buildid+offset instead of ips for user stack,
+ * 		only valid if **BPF_F_USER_STACK** is also specified.
+ *
+ * 	**bpf_get_stack**\ () can collect up to
+ * 	**PERF_MAX_STACK_DEPTH** both kernel and user frames, subject
+ * 	to sufficient large buffer size. Note that
+ * 	this limit can be controlled with the **sysctl** program, and
+ * 	that it should be manually increased in order to profile long
+ * 	user stacks (such as stacks for Java programs). To do so, use:
+ *
+ * 	::
+ *
+ * 		# sysctl kernel.perf_event_max_stack=<new value>
+ *
+ * Returns
+ * 	A non-negative value equal to or less than *size* on success,
+ * 	or a negative error in case of failure.
+ */
+static long (*bpf_get_stack)(void *ctx, void *buf, __u32 size, __u64 flags) = (void *) 67;
+
+/*
+ * bpf_skb_load_bytes_relative
+ *
+ * 	This helper is similar to **bpf_skb_load_bytes**\ () in that
+ * 	it provides an easy way to load *len* bytes from *offset*
+ * 	from the packet associated to *skb*, into the buffer pointed
+ * 	by *to*. The difference to **bpf_skb_load_bytes**\ () is that
+ * 	a fifth argument *start_header* exists in order to select a
+ * 	base offset to start from. *start_header* can be one of:
+ *
+ * 	**BPF_HDR_START_MAC**
+ * 		Base offset to load data from is *skb*'s mac header.
+ * 	**BPF_HDR_START_NET**
+ * 		Base offset to load data from is *skb*'s network header.
+ *
+ * 	In general, "direct packet access" is the preferred method to
+ * 	access packet data, however, this helper is in particular useful
+ * 	in socket filters where *skb*\ **->data** does not always point
+ * 	to the start of the mac header and where "direct packet access"
+ * 	is not available.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_load_bytes_relative)(const void *skb, __u32 offset, void *to, __u32 len, __u32 start_header) = (void *) 68;
+
+/*
+ * bpf_fib_lookup
+ *
+ * 	Do FIB lookup in kernel tables using parameters in *params*.
+ * 	If lookup is successful and result shows packet is to be
+ * 	forwarded, the neighbor tables are searched for the nexthop.
+ * 	If successful (ie., FIB lookup shows forwarding and nexthop
+ * 	is resolved), the nexthop address is returned in ipv4_dst
+ * 	or ipv6_dst based on family, smac is set to mac address of
+ * 	egress device, dmac is set to nexthop mac address, rt_metric
+ * 	is set to metric from route (IPv4/IPv6 only), and ifindex
+ * 	is set to the device index of the nexthop from the FIB lookup.
+ *
+ * 	*plen* argument is the size of the passed in struct.
+ * 	*flags* argument can be a combination of one or more of the
+ * 	following values:
+ *
+ * 	**BPF_FIB_LOOKUP_DIRECT**
+ * 		Do a direct table lookup vs full lookup using FIB
+ * 		rules.
+ * 	**BPF_FIB_LOOKUP_OUTPUT**
+ * 		Perform lookup from an egress perspective (default is
+ * 		ingress).
+ *
+ * 	*ctx* is either **struct xdp_md** for XDP programs or
+ * 	**struct sk_buff** tc cls_act programs.
+ *
+ * Returns
+ * 	* < 0 if any input argument is invalid
+ * 	*   0 on success (packet is forwarded, nexthop neighbor exists)
+ * 	* > 0 one of **BPF_FIB_LKUP_RET_** codes explaining why the
+ * 	  packet is not forwarded or needs assist from full stack
+ */
+static long (*bpf_fib_lookup)(void *ctx, struct bpf_fib_lookup *params, int plen, __u32 flags) = (void *) 69;
+
+/*
+ * bpf_sock_hash_update
+ *
+ * 	Add an entry to, or update a sockhash *map* referencing sockets.
+ * 	The *skops* is used as a new value for the entry associated to
+ * 	*key*. *flags* is one of:
+ *
+ * 	**BPF_NOEXIST**
+ * 		The entry for *key* must not exist in the map.
+ * 	**BPF_EXIST**
+ * 		The entry for *key* must already exist in the map.
+ * 	**BPF_ANY**
+ * 		No condition on the existence of the entry for *key*.
+ *
+ * 	If the *map* has eBPF programs (parser and verdict), those will
+ * 	be inherited by the socket being added. If the socket is
+ * 	already attached to eBPF programs, this results in an error.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_sock_hash_update)(struct bpf_sock_ops *skops, void *map, void *key, __u64 flags) = (void *) 70;
+
+/*
+ * bpf_msg_redirect_hash
+ *
+ * 	This helper is used in programs implementing policies at the
+ * 	socket level. If the message *msg* is allowed to pass (i.e. if
+ * 	the verdict eBPF program returns **SK_PASS**), redirect it to
+ * 	the socket referenced by *map* (of type
+ * 	**BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and
+ * 	egress interfaces can be used for redirection. The
+ * 	**BPF_F_INGRESS** value in *flags* is used to make the
+ * 	distinction (ingress path is selected if the flag is present,
+ * 	egress path otherwise). This is the only flag supported for now.
+ *
+ * Returns
+ * 	**SK_PASS** on success, or **SK_DROP** on error.
+ */
+static long (*bpf_msg_redirect_hash)(struct sk_msg_md *msg, void *map, void *key, __u64 flags) = (void *) 71;
+
+/*
+ * bpf_sk_redirect_hash
+ *
+ * 	This helper is used in programs implementing policies at the
+ * 	skb socket level. If the sk_buff *skb* is allowed to pass (i.e.
+ * 	if the verdeict eBPF program returns **SK_PASS**), redirect it
+ * 	to the socket referenced by *map* (of type
+ * 	**BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and
+ * 	egress interfaces can be used for redirection. The
+ * 	**BPF_F_INGRESS** value in *flags* is used to make the
+ * 	distinction (ingress path is selected if the flag is present,
+ * 	egress otherwise). This is the only flag supported for now.
+ *
+ * Returns
+ * 	**SK_PASS** on success, or **SK_DROP** on error.
+ */
+static long (*bpf_sk_redirect_hash)(struct __sk_buff *skb, void *map, void *key, __u64 flags) = (void *) 72;
+
+/*
+ * bpf_lwt_push_encap
+ *
+ * 	Encapsulate the packet associated to *skb* within a Layer 3
+ * 	protocol header. This header is provided in the buffer at
+ * 	address *hdr*, with *len* its size in bytes. *type* indicates
+ * 	the protocol of the header and can be one of:
+ *
+ * 	**BPF_LWT_ENCAP_SEG6**
+ * 		IPv6 encapsulation with Segment Routing Header
+ * 		(**struct ipv6_sr_hdr**). *hdr* only contains the SRH,
+ * 		the IPv6 header is computed by the kernel.
+ * 	**BPF_LWT_ENCAP_SEG6_INLINE**
+ * 		Only works if *skb* contains an IPv6 packet. Insert a
+ * 		Segment Routing Header (**struct ipv6_sr_hdr**) inside
+ * 		the IPv6 header.
+ * 	**BPF_LWT_ENCAP_IP**
+ * 		IP encapsulation (GRE/GUE/IPIP/etc). The outer header
+ * 		must be IPv4 or IPv6, followed by zero or more
+ * 		additional headers, up to **LWT_BPF_MAX_HEADROOM**
+ * 		total bytes in all prepended headers. Please note that
+ * 		if **skb_is_gso**\ (*skb*) is true, no more than two
+ * 		headers can be prepended, and the inner header, if
+ * 		present, should be either GRE or UDP/GUE.
+ *
+ * 	**BPF_LWT_ENCAP_SEG6**\ \* types can be called by BPF programs
+ * 	of type **BPF_PROG_TYPE_LWT_IN**; **BPF_LWT_ENCAP_IP** type can
+ * 	be called by bpf programs of types **BPF_PROG_TYPE_LWT_IN** and
+ * 	**BPF_PROG_TYPE_LWT_XMIT**.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_lwt_push_encap)(struct __sk_buff *skb, __u32 type, void *hdr, __u32 len) = (void *) 73;
+
+/*
+ * bpf_lwt_seg6_store_bytes
+ *
+ * 	Store *len* bytes from address *from* into the packet
+ * 	associated to *skb*, at *offset*. Only the flags, tag and TLVs
+ * 	inside the outermost IPv6 Segment Routing Header can be
+ * 	modified through this helper.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_lwt_seg6_store_bytes)(struct __sk_buff *skb, __u32 offset, const void *from, __u32 len) = (void *) 74;
+
+/*
+ * bpf_lwt_seg6_adjust_srh
+ *
+ * 	Adjust the size allocated to TLVs in the outermost IPv6
+ * 	Segment Routing Header contained in the packet associated to
+ * 	*skb*, at position *offset* by *delta* bytes. Only offsets
+ * 	after the segments are accepted. *delta* can be as well
+ * 	positive (growing) as negative (shrinking).
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_lwt_seg6_adjust_srh)(struct __sk_buff *skb, __u32 offset, __s32 delta) = (void *) 75;
+
+/*
+ * bpf_lwt_seg6_action
+ *
+ * 	Apply an IPv6 Segment Routing action of type *action* to the
+ * 	packet associated to *skb*. Each action takes a parameter
+ * 	contained at address *param*, and of length *param_len* bytes.
+ * 	*action* can be one of:
+ *
+ * 	**SEG6_LOCAL_ACTION_END_X**
+ * 		End.X action: Endpoint with Layer-3 cross-connect.
+ * 		Type of *param*: **struct in6_addr**.
+ * 	**SEG6_LOCAL_ACTION_END_T**
+ * 		End.T action: Endpoint with specific IPv6 table lookup.
+ * 		Type of *param*: **int**.
+ * 	**SEG6_LOCAL_ACTION_END_B6**
+ * 		End.B6 action: Endpoint bound to an SRv6 policy.
+ * 		Type of *param*: **struct ipv6_sr_hdr**.
+ * 	**SEG6_LOCAL_ACTION_END_B6_ENCAP**
+ * 		End.B6.Encap action: Endpoint bound to an SRv6
+ * 		encapsulation policy.
+ * 		Type of *param*: **struct ipv6_sr_hdr**.
+ *
+ * 	A call to this helper is susceptible to change the underlying
+ * 	packet buffer. Therefore, at load time, all checks on pointers
+ * 	previously done by the verifier are invalidated and must be
+ * 	performed again, if the helper is used in combination with
+ * 	direct packet access.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_lwt_seg6_action)(struct __sk_buff *skb, __u32 action, void *param, __u32 param_len) = (void *) 76;
+
+/*
+ * bpf_rc_repeat
+ *
+ * 	This helper is used in programs implementing IR decoding, to
+ * 	report a successfully decoded repeat key message. This delays
+ * 	the generation of a key up event for previously generated
+ * 	key down event.
+ *
+ * 	Some IR protocols like NEC have a special IR message for
+ * 	repeating last button, for when a button is held down.
+ *
+ * 	The *ctx* should point to the lirc sample as passed into
+ * 	the program.
+ *
+ * 	This helper is only available is the kernel was compiled with
+ * 	the **CONFIG_BPF_LIRC_MODE2** configuration option set to
+ * 	"**y**".
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_rc_repeat)(void *ctx) = (void *) 77;
+
+/*
+ * bpf_rc_keydown
+ *
+ * 	This helper is used in programs implementing IR decoding, to
+ * 	report a successfully decoded key press with *scancode*,
+ * 	*toggle* value in the given *protocol*. The scancode will be
+ * 	translated to a keycode using the rc keymap, and reported as
+ * 	an input key down event. After a period a key up event is
+ * 	generated. This period can be extended by calling either
+ * 	**bpf_rc_keydown**\ () again with the same values, or calling
+ * 	**bpf_rc_repeat**\ ().
+ *
+ * 	Some protocols include a toggle bit, in case the button was
+ * 	released and pressed again between consecutive scancodes.
+ *
+ * 	The *ctx* should point to the lirc sample as passed into
+ * 	the program.
+ *
+ * 	The *protocol* is the decoded protocol number (see
+ * 	**enum rc_proto** for some predefined values).
+ *
+ * 	This helper is only available is the kernel was compiled with
+ * 	the **CONFIG_BPF_LIRC_MODE2** configuration option set to
+ * 	"**y**".
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_rc_keydown)(void *ctx, __u32 protocol, __u64 scancode, __u32 toggle) = (void *) 78;
+
+/*
+ * bpf_skb_cgroup_id
+ *
+ * 	Return the cgroup v2 id of the socket associated with the *skb*.
+ * 	This is roughly similar to the **bpf_get_cgroup_classid**\ ()
+ * 	helper for cgroup v1 by providing a tag resp. identifier that
+ * 	can be matched on or used for map lookups e.g. to implement
+ * 	policy. The cgroup v2 id of a given path in the hierarchy is
+ * 	exposed in user space through the f_handle API in order to get
+ * 	to the same 64-bit id.
+ *
+ * 	This helper can be used on TC egress path, but not on ingress,
+ * 	and is available only if the kernel was compiled with the
+ * 	**CONFIG_SOCK_CGROUP_DATA** configuration option.
+ *
+ * Returns
+ * 	The id is returned or 0 in case the id could not be retrieved.
+ */
+static __u64 (*bpf_skb_cgroup_id)(struct __sk_buff *skb) = (void *) 79;
+
+/*
+ * bpf_get_current_cgroup_id
+ *
+ *
+ * Returns
+ * 	A 64-bit integer containing the current cgroup id based
+ * 	on the cgroup within which the current task is running.
+ */
+static __u64 (*bpf_get_current_cgroup_id)(void) = (void *) 80;
+
+/*
+ * bpf_get_local_storage
+ *
+ * 	Get the pointer to the local storage area.
+ * 	The type and the size of the local storage is defined
+ * 	by the *map* argument.
+ * 	The *flags* meaning is specific for each map type,
+ * 	and has to be 0 for cgroup local storage.
+ *
+ * 	Depending on the BPF program type, a local storage area
+ * 	can be shared between multiple instances of the BPF program,
+ * 	running simultaneously.
+ *
+ * 	A user should care about the synchronization by himself.
+ * 	For example, by using the **BPF_STX_XADD** instruction to alter
+ * 	the shared data.
+ *
+ * Returns
+ * 	A pointer to the local storage area.
+ */
+static void *(*bpf_get_local_storage)(void *map, __u64 flags) = (void *) 81;
+
+/*
+ * bpf_sk_select_reuseport
+ *
+ * 	Select a **SO_REUSEPORT** socket from a
+ * 	**BPF_MAP_TYPE_REUSEPORT_ARRAY** *map*.
+ * 	It checks the selected socket is matching the incoming
+ * 	request in the socket buffer.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_sk_select_reuseport)(struct sk_reuseport_md *reuse, void *map, void *key, __u64 flags) = (void *) 82;
+
+/*
+ * bpf_skb_ancestor_cgroup_id
+ *
+ * 	Return id of cgroup v2 that is ancestor of cgroup associated
+ * 	with the *skb* at the *ancestor_level*.  The root cgroup is at
+ * 	*ancestor_level* zero and each step down the hierarchy
+ * 	increments the level. If *ancestor_level* == level of cgroup
+ * 	associated with *skb*, then return value will be same as that
+ * 	of **bpf_skb_cgroup_id**\ ().
+ *
+ * 	The helper is useful to implement policies based on cgroups
+ * 	that are upper in hierarchy than immediate cgroup associated
+ * 	with *skb*.
+ *
+ * 	The format of returned id and helper limitations are same as in
+ * 	**bpf_skb_cgroup_id**\ ().
+ *
+ * Returns
+ * 	The id is returned or 0 in case the id could not be retrieved.
+ */
+static __u64 (*bpf_skb_ancestor_cgroup_id)(struct __sk_buff *skb, int ancestor_level) = (void *) 83;
+
+/*
+ * bpf_sk_lookup_tcp
+ *
+ * 	Look for TCP socket matching *tuple*, optionally in a child
+ * 	network namespace *netns*. The return value must be checked,
+ * 	and if non-**NULL**, released via **bpf_sk_release**\ ().
+ *
+ * 	The *ctx* should point to the context of the program, such as
+ * 	the skb or socket (depending on the hook in use). This is used
+ * 	to determine the base network namespace for the lookup.
+ *
+ * 	*tuple_size* must be one of:
+ *
+ * 	**sizeof**\ (*tuple*\ **->ipv4**)
+ * 		Look for an IPv4 socket.
+ * 	**sizeof**\ (*tuple*\ **->ipv6**)
+ * 		Look for an IPv6 socket.
+ *
+ * 	If the *netns* is a negative signed 32-bit integer, then the
+ * 	socket lookup table in the netns associated with the *ctx*
+ * 	will be used. For the TC hooks, this is the netns of the device
+ * 	in the skb. For socket hooks, this is the netns of the socket.
+ * 	If *netns* is any other signed 32-bit value greater than or
+ * 	equal to zero then it specifies the ID of the netns relative to
+ * 	the netns associated with the *ctx*. *netns* values beyond the
+ * 	range of 32-bit integers are reserved for future use.
+ *
+ * 	All values for *flags* are reserved for future usage, and must
+ * 	be left at zero.
+ *
+ * 	This helper is available only if the kernel was compiled with
+ * 	**CONFIG_NET** configuration option.
+ *
+ * Returns
+ * 	Pointer to **struct bpf_sock**, or **NULL** in case of failure.
+ * 	For sockets with reuseport option, the **struct bpf_sock**
+ * 	result is from *reuse*\ **->socks**\ [] using the hash of the
+ * 	tuple.
+ */
+static struct bpf_sock *(*bpf_sk_lookup_tcp)(void *ctx, struct bpf_sock_tuple *tuple, __u32 tuple_size, __u64 netns, __u64 flags) = (void *) 84;
+
+/*
+ * bpf_sk_lookup_udp
+ *
+ * 	Look for UDP socket matching *tuple*, optionally in a child
+ * 	network namespace *netns*. The return value must be checked,
+ * 	and if non-**NULL**, released via **bpf_sk_release**\ ().
+ *
+ * 	The *ctx* should point to the context of the program, such as
+ * 	the skb or socket (depending on the hook in use). This is used
+ * 	to determine the base network namespace for the lookup.
+ *
+ * 	*tuple_size* must be one of:
+ *
+ * 	**sizeof**\ (*tuple*\ **->ipv4**)
+ * 		Look for an IPv4 socket.
+ * 	**sizeof**\ (*tuple*\ **->ipv6**)
+ * 		Look for an IPv6 socket.
+ *
+ * 	If the *netns* is a negative signed 32-bit integer, then the
+ * 	socket lookup table in the netns associated with the *ctx*
+ * 	will be used. For the TC hooks, this is the netns of the device
+ * 	in the skb. For socket hooks, this is the netns of the socket.
+ * 	If *netns* is any other signed 32-bit value greater than or
+ * 	equal to zero then it specifies the ID of the netns relative to
+ * 	the netns associated with the *ctx*. *netns* values beyond the
+ * 	range of 32-bit integers are reserved for future use.
+ *
+ * 	All values for *flags* are reserved for future usage, and must
+ * 	be left at zero.
+ *
+ * 	This helper is available only if the kernel was compiled with
+ * 	**CONFIG_NET** configuration option.
+ *
+ * Returns
+ * 	Pointer to **struct bpf_sock**, or **NULL** in case of failure.
+ * 	For sockets with reuseport option, the **struct bpf_sock**
+ * 	result is from *reuse*\ **->socks**\ [] using the hash of the
+ * 	tuple.
+ */
+static struct bpf_sock *(*bpf_sk_lookup_udp)(void *ctx, struct bpf_sock_tuple *tuple, __u32 tuple_size, __u64 netns, __u64 flags) = (void *) 85;
+
+/*
+ * bpf_sk_release
+ *
+ * 	Release the reference held by *sock*. *sock* must be a
+ * 	non-**NULL** pointer that was returned from
+ * 	**bpf_sk_lookup_xxx**\ ().
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_sk_release)(struct bpf_sock *sock) = (void *) 86;
+
+/*
+ * bpf_map_push_elem
+ *
+ * 	Push an element *value* in *map*. *flags* is one of:
+ *
+ * 	**BPF_EXIST**
+ * 		If the queue/stack is full, the oldest element is
+ * 		removed to make room for this.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_map_push_elem)(void *map, const void *value, __u64 flags) = (void *) 87;
+
+/*
+ * bpf_map_pop_elem
+ *
+ * 	Pop an element from *map*.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_map_pop_elem)(void *map, void *value) = (void *) 88;
+
+/*
+ * bpf_map_peek_elem
+ *
+ * 	Get an element from *map* without removing it.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_map_peek_elem)(void *map, void *value) = (void *) 89;
+
+/*
+ * bpf_msg_push_data
+ *
+ * 	For socket policies, insert *len* bytes into *msg* at offset
+ * 	*start*.
+ *
+ * 	If a program of type **BPF_PROG_TYPE_SK_MSG** is run on a
+ * 	*msg* it may want to insert metadata or options into the *msg*.
+ * 	This can later be read and used by any of the lower layer BPF
+ * 	hooks.
+ *
+ * 	This helper may fail if under memory pressure (a malloc
+ * 	fails) in these cases BPF programs will get an appropriate
+ * 	error and BPF programs will need to handle them.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_msg_push_data)(struct sk_msg_md *msg, __u32 start, __u32 len, __u64 flags) = (void *) 90;
+
+/*
+ * bpf_msg_pop_data
+ *
+ * 	Will remove *len* bytes from a *msg* starting at byte *start*.
+ * 	This may result in **ENOMEM** errors under certain situations if
+ * 	an allocation and copy are required due to a full ring buffer.
+ * 	However, the helper will try to avoid doing the allocation
+ * 	if possible. Other errors can occur if input parameters are
+ * 	invalid either due to *start* byte not being valid part of *msg*
+ * 	payload and/or *pop* value being to large.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_msg_pop_data)(struct sk_msg_md *msg, __u32 start, __u32 len, __u64 flags) = (void *) 91;
+
+/*
+ * bpf_rc_pointer_rel
+ *
+ * 	This helper is used in programs implementing IR decoding, to
+ * 	report a successfully decoded pointer movement.
+ *
+ * 	The *ctx* should point to the lirc sample as passed into
+ * 	the program.
+ *
+ * 	This helper is only available is the kernel was compiled with
+ * 	the **CONFIG_BPF_LIRC_MODE2** configuration option set to
+ * 	"**y**".
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_rc_pointer_rel)(void *ctx, __s32 rel_x, __s32 rel_y) = (void *) 92;
+
+/*
+ * bpf_spin_lock
+ *
+ * 	Acquire a spinlock represented by the pointer *lock*, which is
+ * 	stored as part of a value of a map. Taking the lock allows to
+ * 	safely update the rest of the fields in that value. The
+ * 	spinlock can (and must) later be released with a call to
+ * 	**bpf_spin_unlock**\ (\ *lock*\ ).
+ *
+ * 	Spinlocks in BPF programs come with a number of restrictions
+ * 	and constraints:
+ *
+ * 	* **bpf_spin_lock** objects are only allowed inside maps of
+ * 	  types **BPF_MAP_TYPE_HASH** and **BPF_MAP_TYPE_ARRAY** (this
+ * 	  list could be extended in the future).
+ * 	* BTF description of the map is mandatory.
+ * 	* The BPF program can take ONE lock at a time, since taking two
+ * 	  or more could cause dead locks.
+ * 	* Only one **struct bpf_spin_lock** is allowed per map element.
+ * 	* When the lock is taken, calls (either BPF to BPF or helpers)
+ * 	  are not allowed.
+ * 	* The **BPF_LD_ABS** and **BPF_LD_IND** instructions are not
+ * 	  allowed inside a spinlock-ed region.
+ * 	* The BPF program MUST call **bpf_spin_unlock**\ () to release
+ * 	  the lock, on all execution paths, before it returns.
+ * 	* The BPF program can access **struct bpf_spin_lock** only via
+ * 	  the **bpf_spin_lock**\ () and **bpf_spin_unlock**\ ()
+ * 	  helpers. Loading or storing data into the **struct
+ * 	  bpf_spin_lock** *lock*\ **;** field of a map is not allowed.
+ * 	* To use the **bpf_spin_lock**\ () helper, the BTF description
+ * 	  of the map value must be a struct and have **struct
+ * 	  bpf_spin_lock** *anyname*\ **;** field at the top level.
+ * 	  Nested lock inside another struct is not allowed.
+ * 	* The **struct bpf_spin_lock** *lock* field in a map value must
+ * 	  be aligned on a multiple of 4 bytes in that value.
+ * 	* Syscall with command **BPF_MAP_LOOKUP_ELEM** does not copy
+ * 	  the **bpf_spin_lock** field to user space.
+ * 	* Syscall with command **BPF_MAP_UPDATE_ELEM**, or update from
+ * 	  a BPF program, do not update the **bpf_spin_lock** field.
+ * 	* **bpf_spin_lock** cannot be on the stack or inside a
+ * 	  networking packet (it can only be inside of a map values).
+ * 	* **bpf_spin_lock** is available to root only.
+ * 	* Tracing programs and socket filter programs cannot use
+ * 	  **bpf_spin_lock**\ () due to insufficient preemption checks
+ * 	  (but this may change in the future).
+ * 	* **bpf_spin_lock** is not allowed in inner maps of map-in-map.
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_spin_lock)(struct bpf_spin_lock *lock) = (void *) 93;
+
+/*
+ * bpf_spin_unlock
+ *
+ * 	Release the *lock* previously locked by a call to
+ * 	**bpf_spin_lock**\ (\ *lock*\ ).
+ *
+ * Returns
+ * 	0
+ */
+static long (*bpf_spin_unlock)(struct bpf_spin_lock *lock) = (void *) 94;
+
+/*
+ * bpf_sk_fullsock
+ *
+ * 	This helper gets a **struct bpf_sock** pointer such
+ * 	that all the fields in this **bpf_sock** can be accessed.
+ *
+ * Returns
+ * 	A **struct bpf_sock** pointer on success, or **NULL** in
+ * 	case of failure.
+ */
+static struct bpf_sock *(*bpf_sk_fullsock)(struct bpf_sock *sk) = (void *) 95;
+
+/*
+ * bpf_tcp_sock
+ *
+ * 	This helper gets a **struct bpf_tcp_sock** pointer from a
+ * 	**struct bpf_sock** pointer.
+ *
+ * Returns
+ * 	A **struct bpf_tcp_sock** pointer on success, or **NULL** in
+ * 	case of failure.
+ */
+static struct bpf_tcp_sock *(*bpf_tcp_sock)(struct bpf_sock *sk) = (void *) 96;
+
+/*
+ * bpf_skb_ecn_set_ce
+ *
+ * 	Set ECN (Explicit Congestion Notification) field of IP header
+ * 	to **CE** (Congestion Encountered) if current value is **ECT**
+ * 	(ECN Capable Transport). Otherwise, do nothing. Works with IPv6
+ * 	and IPv4.
+ *
+ * Returns
+ * 	1 if the **CE** flag is set (either by the current helper call
+ * 	or because it was already present), 0 if it is not set.
+ */
+static long (*bpf_skb_ecn_set_ce)(struct __sk_buff *skb) = (void *) 97;
+
+/*
+ * bpf_get_listener_sock
+ *
+ * 	Return a **struct bpf_sock** pointer in **TCP_LISTEN** state.
+ * 	**bpf_sk_release**\ () is unnecessary and not allowed.
+ *
+ * Returns
+ * 	A **struct bpf_sock** pointer on success, or **NULL** in
+ * 	case of failure.
+ */
+static struct bpf_sock *(*bpf_get_listener_sock)(struct bpf_sock *sk) = (void *) 98;
+
+/*
+ * bpf_skc_lookup_tcp
+ *
+ * 	Look for TCP socket matching *tuple*, optionally in a child
+ * 	network namespace *netns*. The return value must be checked,
+ * 	and if non-**NULL**, released via **bpf_sk_release**\ ().
+ *
+ * 	This function is identical to **bpf_sk_lookup_tcp**\ (), except
+ * 	that it also returns timewait or request sockets. Use
+ * 	**bpf_sk_fullsock**\ () or **bpf_tcp_sock**\ () to access the
+ * 	full structure.
+ *
+ * 	This helper is available only if the kernel was compiled with
+ * 	**CONFIG_NET** configuration option.
+ *
+ * Returns
+ * 	Pointer to **struct bpf_sock**, or **NULL** in case of failure.
+ * 	For sockets with reuseport option, the **struct bpf_sock**
+ * 	result is from *reuse*\ **->socks**\ [] using the hash of the
+ * 	tuple.
+ */
+static struct bpf_sock *(*bpf_skc_lookup_tcp)(void *ctx, struct bpf_sock_tuple *tuple, __u32 tuple_size, __u64 netns, __u64 flags) = (void *) 99;
+
+/*
+ * bpf_tcp_check_syncookie
+ *
+ * 	Check whether *iph* and *th* contain a valid SYN cookie ACK for
+ * 	the listening socket in *sk*.
+ *
+ * 	*iph* points to the start of the IPv4 or IPv6 header, while
+ * 	*iph_len* contains **sizeof**\ (**struct iphdr**) or
+ * 	**sizeof**\ (**struct ip6hdr**).
+ *
+ * 	*th* points to the start of the TCP header, while *th_len*
+ * 	contains **sizeof**\ (**struct tcphdr**).
+ *
+ * Returns
+ * 	0 if *iph* and *th* are a valid SYN cookie ACK, or a negative
+ * 	error otherwise.
+ */
+static long (*bpf_tcp_check_syncookie)(struct bpf_sock *sk, void *iph, __u32 iph_len, struct tcphdr *th, __u32 th_len) = (void *) 100;
+
+/*
+ * bpf_sysctl_get_name
+ *
+ * 	Get name of sysctl in /proc/sys/ and copy it into provided by
+ * 	program buffer *buf* of size *buf_len*.
+ *
+ * 	The buffer is always NUL terminated, unless it's zero-sized.
+ *
+ * 	If *flags* is zero, full name (e.g. "net/ipv4/tcp_mem") is
+ * 	copied. Use **BPF_F_SYSCTL_BASE_NAME** flag to copy base name
+ * 	only (e.g. "tcp_mem").
+ *
+ * Returns
+ * 	Number of character copied (not including the trailing NUL).
+ *
+ * 	**-E2BIG** if the buffer wasn't big enough (*buf* will contain
+ * 	truncated name in this case).
+ */
+static long (*bpf_sysctl_get_name)(struct bpf_sysctl *ctx, char *buf, unsigned long buf_len, __u64 flags) = (void *) 101;
+
+/*
+ * bpf_sysctl_get_current_value
+ *
+ * 	Get current value of sysctl as it is presented in /proc/sys
+ * 	(incl. newline, etc), and copy it as a string into provided
+ * 	by program buffer *buf* of size *buf_len*.
+ *
+ * 	The whole value is copied, no matter what file position user
+ * 	space issued e.g. sys_read at.
+ *
+ * 	The buffer is always NUL terminated, unless it's zero-sized.
+ *
+ * Returns
+ * 	Number of character copied (not including the trailing NUL).
+ *
+ * 	**-E2BIG** if the buffer wasn't big enough (*buf* will contain
+ * 	truncated name in this case).
+ *
+ * 	**-EINVAL** if current value was unavailable, e.g. because
+ * 	sysctl is uninitialized and read returns -EIO for it.
+ */
+static long (*bpf_sysctl_get_current_value)(struct bpf_sysctl *ctx, char *buf, unsigned long buf_len) = (void *) 102;
+
+/*
+ * bpf_sysctl_get_new_value
+ *
+ * 	Get new value being written by user space to sysctl (before
+ * 	the actual write happens) and copy it as a string into
+ * 	provided by program buffer *buf* of size *buf_len*.
+ *
+ * 	User space may write new value at file position > 0.
+ *
+ * 	The buffer is always NUL terminated, unless it's zero-sized.
+ *
+ * Returns
+ * 	Number of character copied (not including the trailing NUL).
+ *
+ * 	**-E2BIG** if the buffer wasn't big enough (*buf* will contain
+ * 	truncated name in this case).
+ *
+ * 	**-EINVAL** if sysctl is being read.
+ */
+static long (*bpf_sysctl_get_new_value)(struct bpf_sysctl *ctx, char *buf, unsigned long buf_len) = (void *) 103;
+
+/*
+ * bpf_sysctl_set_new_value
+ *
+ * 	Override new value being written by user space to sysctl with
+ * 	value provided by program in buffer *buf* of size *buf_len*.
+ *
+ * 	*buf* should contain a string in same form as provided by user
+ * 	space on sysctl write.
+ *
+ * 	User space may write new value at file position > 0. To override
+ * 	the whole sysctl value file position should be set to zero.
+ *
+ * Returns
+ * 	0 on success.
+ *
+ * 	**-E2BIG** if the *buf_len* is too big.
+ *
+ * 	**-EINVAL** if sysctl is being read.
+ */
+static long (*bpf_sysctl_set_new_value)(struct bpf_sysctl *ctx, const char *buf, unsigned long buf_len) = (void *) 104;
+
+/*
+ * bpf_strtol
+ *
+ * 	Convert the initial part of the string from buffer *buf* of
+ * 	size *buf_len* to a long integer according to the given base
+ * 	and save the result in *res*.
+ *
+ * 	The string may begin with an arbitrary amount of white space
+ * 	(as determined by **isspace**\ (3)) followed by a single
+ * 	optional '**-**' sign.
+ *
+ * 	Five least significant bits of *flags* encode base, other bits
+ * 	are currently unused.
+ *
+ * 	Base must be either 8, 10, 16 or 0 to detect it automatically
+ * 	similar to user space **strtol**\ (3).
+ *
+ * Returns
+ * 	Number of characters consumed on success. Must be positive but
+ * 	no more than *buf_len*.
+ *
+ * 	**-EINVAL** if no valid digits were found or unsupported base
+ * 	was provided.
+ *
+ * 	**-ERANGE** if resulting value was out of range.
+ */
+static long (*bpf_strtol)(const char *buf, unsigned long buf_len, __u64 flags, long *res) = (void *) 105;
+
+/*
+ * bpf_strtoul
+ *
+ * 	Convert the initial part of the string from buffer *buf* of
+ * 	size *buf_len* to an unsigned long integer according to the
+ * 	given base and save the result in *res*.
+ *
+ * 	The string may begin with an arbitrary amount of white space
+ * 	(as determined by **isspace**\ (3)).
+ *
+ * 	Five least significant bits of *flags* encode base, other bits
+ * 	are currently unused.
+ *
+ * 	Base must be either 8, 10, 16 or 0 to detect it automatically
+ * 	similar to user space **strtoul**\ (3).
+ *
+ * Returns
+ * 	Number of characters consumed on success. Must be positive but
+ * 	no more than *buf_len*.
+ *
+ * 	**-EINVAL** if no valid digits were found or unsupported base
+ * 	was provided.
+ *
+ * 	**-ERANGE** if resulting value was out of range.
+ */
+static long (*bpf_strtoul)(const char *buf, unsigned long buf_len, __u64 flags, unsigned long *res) = (void *) 106;
+
+/*
+ * bpf_sk_storage_get
+ *
+ * 	Get a bpf-local-storage from a *sk*.
+ *
+ * 	Logically, it could be thought of getting the value from
+ * 	a *map* with *sk* as the **key**.  From this
+ * 	perspective,  the usage is not much different from
+ * 	**bpf_map_lookup_elem**\ (*map*, **&**\ *sk*) except this
+ * 	helper enforces the key must be a full socket and the map must
+ * 	be a **BPF_MAP_TYPE_SK_STORAGE** also.
+ *
+ * 	Underneath, the value is stored locally at *sk* instead of
+ * 	the *map*.  The *map* is used as the bpf-local-storage
+ * 	"type". The bpf-local-storage "type" (i.e. the *map*) is
+ * 	searched against all bpf-local-storages residing at *sk*.
+ *
+ * 	An optional *flags* (**BPF_SK_STORAGE_GET_F_CREATE**) can be
+ * 	used such that a new bpf-local-storage will be
+ * 	created if one does not exist.  *value* can be used
+ * 	together with **BPF_SK_STORAGE_GET_F_CREATE** to specify
+ * 	the initial value of a bpf-local-storage.  If *value* is
+ * 	**NULL**, the new bpf-local-storage will be zero initialized.
+ *
+ * Returns
+ * 	A bpf-local-storage pointer is returned on success.
+ *
+ * 	**NULL** if not found or there was an error in adding
+ * 	a new bpf-local-storage.
+ */
+static void *(*bpf_sk_storage_get)(void *map, struct bpf_sock *sk, void *value, __u64 flags) = (void *) 107;
+
+/*
+ * bpf_sk_storage_delete
+ *
+ * 	Delete a bpf-local-storage from a *sk*.
+ *
+ * Returns
+ * 	0 on success.
+ *
+ * 	**-ENOENT** if the bpf-local-storage cannot be found.
+ */
+static long (*bpf_sk_storage_delete)(void *map, struct bpf_sock *sk) = (void *) 108;
+
+/*
+ * bpf_send_signal
+ *
+ * 	Send signal *sig* to the process of the current task.
+ * 	The signal may be delivered to any of this process's threads.
+ *
+ * Returns
+ * 	0 on success or successfully queued.
+ *
+ * 	**-EBUSY** if work queue under nmi is full.
+ *
+ * 	**-EINVAL** if *sig* is invalid.
+ *
+ * 	**-EPERM** if no permission to send the *sig*.
+ *
+ * 	**-EAGAIN** if bpf program can try again.
+ */
+static long (*bpf_send_signal)(__u32 sig) = (void *) 109;
+
+/*
+ * bpf_tcp_gen_syncookie
+ *
+ * 	Try to issue a SYN cookie for the packet with corresponding
+ * 	IP/TCP headers, *iph* and *th*, on the listening socket in *sk*.
+ *
+ * 	*iph* points to the start of the IPv4 or IPv6 header, while
+ * 	*iph_len* contains **sizeof**\ (**struct iphdr**) or
+ * 	**sizeof**\ (**struct ip6hdr**).
+ *
+ * 	*th* points to the start of the TCP header, while *th_len*
+ * 	contains the length of the TCP header.
+ *
+ * Returns
+ * 	On success, lower 32 bits hold the generated SYN cookie in
+ * 	followed by 16 bits which hold the MSS value for that cookie,
+ * 	and the top 16 bits are unused.
+ *
+ * 	On failure, the returned value is one of the following:
+ *
+ * 	**-EINVAL** SYN cookie cannot be issued due to error
+ *
+ * 	**-ENOENT** SYN cookie should not be issued (no SYN flood)
+ *
+ * 	**-EOPNOTSUPP** kernel configuration does not enable SYN cookies
+ *
+ * 	**-EPROTONOSUPPORT** IP packet version is not 4 or 6
+ */
+static __s64 (*bpf_tcp_gen_syncookie)(struct bpf_sock *sk, void *iph, __u32 iph_len, struct tcphdr *th, __u32 th_len) = (void *) 110;
+
+/*
+ * bpf_skb_output
+ *
+ * 	Write raw *data* blob into a special BPF perf event held by
+ * 	*map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This perf
+ * 	event must have the following attributes: **PERF_SAMPLE_RAW**
+ * 	as **sample_type**, **PERF_TYPE_SOFTWARE** as **type**, and
+ * 	**PERF_COUNT_SW_BPF_OUTPUT** as **config**.
+ *
+ * 	The *flags* are used to indicate the index in *map* for which
+ * 	the value must be put, masked with **BPF_F_INDEX_MASK**.
+ * 	Alternatively, *flags* can be set to **BPF_F_CURRENT_CPU**
+ * 	to indicate that the index of the current CPU core should be
+ * 	used.
+ *
+ * 	The value to write, of *size*, is passed through eBPF stack and
+ * 	pointed by *data*.
+ *
+ * 	*ctx* is a pointer to in-kernel struct sk_buff.
+ *
+ * 	This helper is similar to **bpf_perf_event_output**\ () but
+ * 	restricted to raw_tracepoint bpf programs.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_skb_output)(void *ctx, void *map, __u64 flags, void *data, __u64 size) = (void *) 111;
+
+/*
+ * bpf_probe_read_user
+ *
+ * 	Safely attempt to read *size* bytes from user space address
+ * 	*unsafe_ptr* and store the data in *dst*.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_probe_read_user)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 112;
+
+/*
+ * bpf_probe_read_kernel
+ *
+ * 	Safely attempt to read *size* bytes from kernel space address
+ * 	*unsafe_ptr* and store the data in *dst*.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_probe_read_kernel)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 113;
+
+/*
+ * bpf_probe_read_user_str
+ *
+ * 	Copy a NUL terminated string from an unsafe user address
+ * 	*unsafe_ptr* to *dst*. The *size* should include the
+ * 	terminating NUL byte. In case the string length is smaller than
+ * 	*size*, the target is not padded with further NUL bytes. If the
+ * 	string length is larger than *size*, just *size*-1 bytes are
+ * 	copied and the last byte is set to NUL.
+ *
+ * 	On success, the length of the copied string is returned. This
+ * 	makes this helper useful in tracing programs for reading
+ * 	strings, and more importantly to get its length at runtime. See
+ * 	the following snippet:
+ *
+ * 	::
+ *
+ * 		SEC("kprobe/sys_open")
+ * 		void bpf_sys_open(struct pt_regs *ctx)
+ * 		{
+ * 		        char buf[PATHLEN]; // PATHLEN is defined to 256
+ * 		        int res = bpf_probe_read_user_str(buf, sizeof(buf),
+ * 			                                  ctx->di);
+ *
+ * 			// Consume buf, for example push it to
+ * 			// userspace via bpf_perf_event_output(); we
+ * 			// can use res (the string length) as event
+ * 			// size, after checking its boundaries.
+ * 		}
+ *
+ * 	In comparison, using **bpf_probe_read_user**\ () helper here
+ * 	instead to read the string would require to estimate the length
+ * 	at compile time, and would often result in copying more memory
+ * 	than necessary.
+ *
+ * 	Another useful use case is when parsing individual process
+ * 	arguments or individual environment variables navigating
+ * 	*current*\ **->mm->arg_start** and *current*\
+ * 	**->mm->env_start**: using this helper and the return value,
+ * 	one can quickly iterate at the right offset of the memory area.
+ *
+ * Returns
+ * 	On success, the strictly positive length of the string,
+ * 	including the trailing NUL character. On error, a negative
+ * 	value.
+ */
+static long (*bpf_probe_read_user_str)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 114;
+
+/*
+ * bpf_probe_read_kernel_str
+ *
+ * 	Copy a NUL terminated string from an unsafe kernel address *unsafe_ptr*
+ * 	to *dst*. Same semantics as with **bpf_probe_read_user_str**\ () apply.
+ *
+ * Returns
+ * 	On success, the strictly positive length of the string, including
+ * 	the trailing NUL character. On error, a negative value.
+ */
+static long (*bpf_probe_read_kernel_str)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 115;
+
+/*
+ * bpf_tcp_send_ack
+ *
+ * 	Send out a tcp-ack. *tp* is the in-kernel struct **tcp_sock**.
+ * 	*rcv_nxt* is the ack_seq to be sent out.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_tcp_send_ack)(void *tp, __u32 rcv_nxt) = (void *) 116;
+
+/*
+ * bpf_send_signal_thread
+ *
+ * 	Send signal *sig* to the thread corresponding to the current task.
+ *
+ * Returns
+ * 	0 on success or successfully queued.
+ *
+ * 	**-EBUSY** if work queue under nmi is full.
+ *
+ * 	**-EINVAL** if *sig* is invalid.
+ *
+ * 	**-EPERM** if no permission to send the *sig*.
+ *
+ * 	**-EAGAIN** if bpf program can try again.
+ */
+static long (*bpf_send_signal_thread)(__u32 sig) = (void *) 117;
+
+/*
+ * bpf_jiffies64
+ *
+ * 	Obtain the 64bit jiffies
+ *
+ * Returns
+ * 	The 64 bit jiffies
+ */
+static __u64 (*bpf_jiffies64)(void) = (void *) 118;
+
+/*
+ * bpf_read_branch_records
+ *
+ * 	For an eBPF program attached to a perf event, retrieve the
+ * 	branch records (**struct perf_branch_entry**) associated to *ctx*
+ * 	and store it in the buffer pointed by *buf* up to size
+ * 	*size* bytes.
+ *
+ * Returns
+ * 	On success, number of bytes written to *buf*. On error, a
+ * 	negative value.
+ *
+ * 	The *flags* can be set to **BPF_F_GET_BRANCH_RECORDS_SIZE** to
+ * 	instead return the number of bytes required to store all the
+ * 	branch entries. If this flag is set, *buf* may be NULL.
+ *
+ * 	**-EINVAL** if arguments invalid or **size** not a multiple
+ * 	of **sizeof**\ (**struct perf_branch_entry**\ ).
+ *
+ * 	**-ENOENT** if architecture does not support branch records.
+ */
+static long (*bpf_read_branch_records)(struct bpf_perf_event_data *ctx, void *buf, __u32 size, __u64 flags) = (void *) 119;
+
+/*
+ * bpf_get_ns_current_pid_tgid
+ *
+ * 	Returns 0 on success, values for *pid* and *tgid* as seen from the current
+ * 	*namespace* will be returned in *nsdata*.
+ *
+ * Returns
+ * 	0 on success, or one of the following in case of failure:
+ *
+ * 	**-EINVAL** if dev and inum supplied don't match dev_t and inode number
+ * 	with nsfs of current task, or if dev conversion to dev_t lost high bits.
+ *
+ * 	**-ENOENT** if pidns does not exists for the current task.
+ */
+static long (*bpf_get_ns_current_pid_tgid)(__u64 dev, __u64 ino, struct bpf_pidns_info *nsdata, __u32 size) = (void *) 120;
+
+/*
+ * bpf_xdp_output
+ *
+ * 	Write raw *data* blob into a special BPF perf event held by
+ * 	*map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This perf
+ * 	event must have the following attributes: **PERF_SAMPLE_RAW**
+ * 	as **sample_type**, **PERF_TYPE_SOFTWARE** as **type**, and
+ * 	**PERF_COUNT_SW_BPF_OUTPUT** as **config**.
+ *
+ * 	The *flags* are used to indicate the index in *map* for which
+ * 	the value must be put, masked with **BPF_F_INDEX_MASK**.
+ * 	Alternatively, *flags* can be set to **BPF_F_CURRENT_CPU**
+ * 	to indicate that the index of the current CPU core should be
+ * 	used.
+ *
+ * 	The value to write, of *size*, is passed through eBPF stack and
+ * 	pointed by *data*.
+ *
+ * 	*ctx* is a pointer to in-kernel struct xdp_buff.
+ *
+ * 	This helper is similar to **bpf_perf_eventoutput**\ () but
+ * 	restricted to raw_tracepoint bpf programs.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_xdp_output)(void *ctx, void *map, __u64 flags, void *data, __u64 size) = (void *) 121;
+
+/*
+ * bpf_get_netns_cookie
+ *
+ * 	Retrieve the cookie (generated by the kernel) of the network
+ * 	namespace the input *ctx* is associated with. The network
+ * 	namespace cookie remains stable for its lifetime and provides
+ * 	a global identifier that can be assumed unique. If *ctx* is
+ * 	NULL, then the helper returns the cookie for the initial
+ * 	network namespace. The cookie itself is very similar to that
+ * 	of **bpf_get_socket_cookie**\ () helper, but for network
+ * 	namespaces instead of sockets.
+ *
+ * Returns
+ * 	A 8-byte long opaque number.
+ */
+static __u64 (*bpf_get_netns_cookie)(void *ctx) = (void *) 122;
+
+/*
+ * bpf_get_current_ancestor_cgroup_id
+ *
+ * 	Return id of cgroup v2 that is ancestor of the cgroup associated
+ * 	with the current task at the *ancestor_level*. The root cgroup
+ * 	is at *ancestor_level* zero and each step down the hierarchy
+ * 	increments the level. If *ancestor_level* == level of cgroup
+ * 	associated with the current task, then return value will be the
+ * 	same as that of **bpf_get_current_cgroup_id**\ ().
+ *
+ * 	The helper is useful to implement policies based on cgroups
+ * 	that are upper in hierarchy than immediate cgroup associated
+ * 	with the current task.
+ *
+ * 	The format of returned id and helper limitations are same as in
+ * 	**bpf_get_current_cgroup_id**\ ().
+ *
+ * Returns
+ * 	The id is returned or 0 in case the id could not be retrieved.
+ */
+static __u64 (*bpf_get_current_ancestor_cgroup_id)(int ancestor_level) = (void *) 123;
+
+/*
+ * bpf_sk_assign
+ *
+ * 	Helper is overloaded depending on BPF program type. This
+ * 	description applies to **BPF_PROG_TYPE_SCHED_CLS** and
+ * 	**BPF_PROG_TYPE_SCHED_ACT** programs.
+ *
+ * 	Assign the *sk* to the *skb*. When combined with appropriate
+ * 	routing configuration to receive the packet towards the socket,
+ * 	will cause *skb* to be delivered to the specified socket.
+ * 	Subsequent redirection of *skb* via  **bpf_redirect**\ (),
+ * 	**bpf_clone_redirect**\ () or other methods outside of BPF may
+ * 	interfere with successful delivery to the socket.
+ *
+ * 	This operation is only valid from TC ingress path.
+ *
+ * 	The *flags* argument must be zero.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure:
+ *
+ * 	**-EINVAL** if specified *flags* are not supported.
+ *
+ * 	**-ENOENT** if the socket is unavailable for assignment.
+ *
+ * 	**-ENETUNREACH** if the socket is unreachable (wrong netns).
+ *
+ * 	**-EOPNOTSUPP** if the operation is not supported, for example
+ * 	a call from outside of TC ingress.
+ *
+ * 	**-ESOCKTNOSUPPORT** if the socket type is not supported
+ * 	(reuseport).
+ */
+static long (*bpf_sk_assign)(void *ctx, struct bpf_sock *sk, __u64 flags) = (void *) 124;
+
+/*
+ * bpf_ktime_get_boot_ns
+ *
+ * 	Return the time elapsed since system boot, in nanoseconds.
+ * 	Does include the time the system was suspended.
+ * 	See: **clock_gettime**\ (**CLOCK_BOOTTIME**)
+ *
+ * Returns
+ * 	Current *ktime*.
+ */
+static __u64 (*bpf_ktime_get_boot_ns)(void) = (void *) 125;
+
+/*
+ * bpf_seq_printf
+ *
+ * 	**bpf_seq_printf**\ () uses seq_file **seq_printf**\ () to print
+ * 	out the format string.
+ * 	The *m* represents the seq_file. The *fmt* and *fmt_size* are for
+ * 	the format string itself. The *data* and *data_len* are format string
+ * 	arguments. The *data* are a **u64** array and corresponding format string
+ * 	values are stored in the array. For strings and pointers where pointees
+ * 	are accessed, only the pointer values are stored in the *data* array.
+ * 	The *data_len* is the size of *data* in bytes.
+ *
+ * 	Formats **%s**, **%p{i,I}{4,6}** requires to read kernel memory.
+ * 	Reading kernel memory may fail due to either invalid address or
+ * 	valid address but requiring a major memory fault. If reading kernel memory
+ * 	fails, the string for **%s** will be an empty string, and the ip
+ * 	address for **%p{i,I}{4,6}** will be 0. Not returning error to
+ * 	bpf program is consistent with what **bpf_trace_printk**\ () does for now.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure:
+ *
+ * 	**-EBUSY** if per-CPU memory copy buffer is busy, can try again
+ * 	by returning 1 from bpf program.
+ *
+ * 	**-EINVAL** if arguments are invalid, or if *fmt* is invalid/unsupported.
+ *
+ * 	**-E2BIG** if *fmt* contains too many format specifiers.
+ *
+ * 	**-EOVERFLOW** if an overflow happened: The same object will be tried again.
+ */
+static long (*bpf_seq_printf)(struct seq_file *m, const char *fmt, __u32 fmt_size, const void *data, __u32 data_len) = (void *) 126;
+
+/*
+ * bpf_seq_write
+ *
+ * 	**bpf_seq_write**\ () uses seq_file **seq_write**\ () to write the data.
+ * 	The *m* represents the seq_file. The *data* and *len* represent the
+ * 	data to write in bytes.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure:
+ *
+ * 	**-EOVERFLOW** if an overflow happened: The same object will be tried again.
+ */
+static long (*bpf_seq_write)(struct seq_file *m, const void *data, __u32 len) = (void *) 127;
+
+/*
+ * bpf_sk_cgroup_id
+ *
+ * 	Return the cgroup v2 id of the socket *sk*.
+ *
+ * 	*sk* must be a non-**NULL** pointer to a full socket, e.g. one
+ * 	returned from **bpf_sk_lookup_xxx**\ (),
+ * 	**bpf_sk_fullsock**\ (), etc. The format of returned id is
+ * 	same as in **bpf_skb_cgroup_id**\ ().
+ *
+ * 	This helper is available only if the kernel was compiled with
+ * 	the **CONFIG_SOCK_CGROUP_DATA** configuration option.
+ *
+ * Returns
+ * 	The id is returned or 0 in case the id could not be retrieved.
+ */
+static __u64 (*bpf_sk_cgroup_id)(struct bpf_sock *sk) = (void *) 128;
+
+/*
+ * bpf_sk_ancestor_cgroup_id
+ *
+ * 	Return id of cgroup v2 that is ancestor of cgroup associated
+ * 	with the *sk* at the *ancestor_level*.  The root cgroup is at
+ * 	*ancestor_level* zero and each step down the hierarchy
+ * 	increments the level. If *ancestor_level* == level of cgroup
+ * 	associated with *sk*, then return value will be same as that
+ * 	of **bpf_sk_cgroup_id**\ ().
+ *
+ * 	The helper is useful to implement policies based on cgroups
+ * 	that are upper in hierarchy than immediate cgroup associated
+ * 	with *sk*.
+ *
+ * 	The format of returned id and helper limitations are same as in
+ * 	**bpf_sk_cgroup_id**\ ().
+ *
+ * Returns
+ * 	The id is returned or 0 in case the id could not be retrieved.
+ */
+static __u64 (*bpf_sk_ancestor_cgroup_id)(struct bpf_sock *sk, int ancestor_level) = (void *) 129;
+
+/*
+ * bpf_ringbuf_output
+ *
+ * 	Copy *size* bytes from *data* into a ring buffer *ringbuf*.
+ * 	If **BPF_RB_NO_WAKEUP** is specified in *flags*, no notification
+ * 	of new data availability is sent.
+ * 	If **BPF_RB_FORCE_WAKEUP** is specified in *flags*, notification
+ * 	of new data availability is sent unconditionally.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure.
+ */
+static long (*bpf_ringbuf_output)(void *ringbuf, void *data, __u64 size, __u64 flags) = (void *) 130;
+
+/*
+ * bpf_ringbuf_reserve
+ *
+ * 	Reserve *size* bytes of payload in a ring buffer *ringbuf*.
+ *
+ * Returns
+ * 	Valid pointer with *size* bytes of memory available; NULL,
+ * 	otherwise.
+ */
+static void *(*bpf_ringbuf_reserve)(void *ringbuf, __u64 size, __u64 flags) = (void *) 131;
+
+/*
+ * bpf_ringbuf_submit
+ *
+ * 	Submit reserved ring buffer sample, pointed to by *data*.
+ * 	If **BPF_RB_NO_WAKEUP** is specified in *flags*, no notification
+ * 	of new data availability is sent.
+ * 	If **BPF_RB_FORCE_WAKEUP** is specified in *flags*, notification
+ * 	of new data availability is sent unconditionally.
+ *
+ * Returns
+ * 	Nothing. Always succeeds.
+ */
+static void (*bpf_ringbuf_submit)(void *data, __u64 flags) = (void *) 132;
+
+/*
+ * bpf_ringbuf_discard
+ *
+ * 	Discard reserved ring buffer sample, pointed to by *data*.
+ * 	If **BPF_RB_NO_WAKEUP** is specified in *flags*, no notification
+ * 	of new data availability is sent.
+ * 	If **BPF_RB_FORCE_WAKEUP** is specified in *flags*, notification
+ * 	of new data availability is sent unconditionally.
+ *
+ * Returns
+ * 	Nothing. Always succeeds.
+ */
+static void (*bpf_ringbuf_discard)(void *data, __u64 flags) = (void *) 133;
+
+/*
+ * bpf_ringbuf_query
+ *
+ * 	Query various characteristics of provided ring buffer. What
+ * 	exactly is queries is determined by *flags*:
+ *
+ * 	* **BPF_RB_AVAIL_DATA**: Amount of data not yet consumed.
+ * 	* **BPF_RB_RING_SIZE**: The size of ring buffer.
+ * 	* **BPF_RB_CONS_POS**: Consumer position (can wrap around).
+ * 	* **BPF_RB_PROD_POS**: Producer(s) position (can wrap around).
+ *
+ * 	Data returned is just a momentary snapshot of actual values
+ * 	and could be inaccurate, so this facility should be used to
+ * 	power heuristics and for reporting, not to make 100% correct
+ * 	calculation.
+ *
+ * Returns
+ * 	Requested value, or 0, if *flags* are not recognized.
+ */
+static __u64 (*bpf_ringbuf_query)(void *ringbuf, __u64 flags) = (void *) 134;
+
+/*
+ * bpf_csum_level
+ *
+ * 	Change the skbs checksum level by one layer up or down, or
+ * 	reset it entirely to none in order to have the stack perform
+ * 	checksum validation. The level is applicable to the following
+ * 	protocols: TCP, UDP, GRE, SCTP, FCOE. For example, a decap of
+ * 	| ETH | IP | UDP | GUE | IP | TCP | into | ETH | IP | TCP |
+ * 	through **bpf_skb_adjust_room**\ () helper with passing in
+ * 	**BPF_F_ADJ_ROOM_NO_CSUM_RESET** flag would require one	call
+ * 	to **bpf_csum_level**\ () with **BPF_CSUM_LEVEL_DEC** since
+ * 	the UDP header is removed. Similarly, an encap of the latter
+ * 	into the former could be accompanied by a helper call to
+ * 	**bpf_csum_level**\ () with **BPF_CSUM_LEVEL_INC** if the
+ * 	skb is still intended to be processed in higher layers of the
+ * 	stack instead of just egressing at tc.
+ *
+ * 	There are three supported level settings at this time:
+ *
+ * 	* **BPF_CSUM_LEVEL_INC**: Increases skb->csum_level for skbs
+ * 	  with CHECKSUM_UNNECESSARY.
+ * 	* **BPF_CSUM_LEVEL_DEC**: Decreases skb->csum_level for skbs
+ * 	  with CHECKSUM_UNNECESSARY.
+ * 	* **BPF_CSUM_LEVEL_RESET**: Resets skb->csum_level to 0 and
+ * 	  sets CHECKSUM_NONE to force checksum validation by the stack.
+ * 	* **BPF_CSUM_LEVEL_QUERY**: No-op, returns the current
+ * 	  skb->csum_level.
+ *
+ * Returns
+ * 	0 on success, or a negative error in case of failure. In the
+ * 	case of **BPF_CSUM_LEVEL_QUERY**, the current skb->csum_level
+ * 	is returned or the error code -EACCES in case the skb is not
+ * 	subject to CHECKSUM_UNNECESSARY.
+ */
+static long (*bpf_csum_level)(struct __sk_buff *skb, __u64 level) = (void *) 135;
+
+/*
+ * bpf_skc_to_tcp6_sock
+ *
+ * 	Dynamically cast a *sk* pointer to a *tcp6_sock* pointer.
+ *
+ * Returns
+ * 	*sk* if casting is valid, or NULL otherwise.
+ */
+static struct tcp6_sock *(*bpf_skc_to_tcp6_sock)(void *sk) = (void *) 136;
+
+/*
+ * bpf_skc_to_tcp_sock
+ *
+ * 	Dynamically cast a *sk* pointer to a *tcp_sock* pointer.
+ *
+ * Returns
+ * 	*sk* if casting is valid, or NULL otherwise.
+ */
+static struct tcp_sock *(*bpf_skc_to_tcp_sock)(void *sk) = (void *) 137;
+
+/*
+ * bpf_skc_to_tcp_timewait_sock
+ *
+ * 	Dynamically cast a *sk* pointer to a *tcp_timewait_sock* pointer.
+ *
+ * Returns
+ * 	*sk* if casting is valid, or NULL otherwise.
+ */
+static struct tcp_timewait_sock *(*bpf_skc_to_tcp_timewait_sock)(void *sk) = (void *) 138;
+
+/*
+ * bpf_skc_to_tcp_request_sock
+ *
+ * 	Dynamically cast a *sk* pointer to a *tcp_request_sock* pointer.
+ *
+ * Returns
+ * 	*sk* if casting is valid, or NULL otherwise.
+ */
+static struct tcp_request_sock *(*bpf_skc_to_tcp_request_sock)(void *sk) = (void *) 139;
+
+/*
+ * bpf_skc_to_udp6_sock
+ *
+ * 	Dynamically cast a *sk* pointer to a *udp6_sock* pointer.
+ *
+ * Returns
+ * 	*sk* if casting is valid, or NULL otherwise.
+ */
+static struct udp6_sock *(*bpf_skc_to_udp6_sock)(void *sk) = (void *) 140;
+
+/*
+ * bpf_get_task_stack
+ *
+ * 	Return a user or a kernel stack in bpf program provided buffer.
+ * 	To achieve this, the helper needs *task*, which is a valid
+ * 	pointer to struct task_struct. To store the stacktrace, the
+ * 	bpf program provides *buf* with	a nonnegative *size*.
+ *
+ * 	The last argument, *flags*, holds the number of stack frames to
+ * 	skip (from 0 to 255), masked with
+ * 	**BPF_F_SKIP_FIELD_MASK**. The next bits can be used to set
+ * 	the following flags:
+ *
+ * 	**BPF_F_USER_STACK**
+ * 		Collect a user space stack instead of a kernel stack.
+ * 	**BPF_F_USER_BUILD_ID**
+ * 		Collect buildid+offset instead of ips for user stack,
+ * 		only valid if **BPF_F_USER_STACK** is also specified.
+ *
+ * 	**bpf_get_task_stack**\ () can collect up to
+ * 	**PERF_MAX_STACK_DEPTH** both kernel and user frames, subject
+ * 	to sufficient large buffer size. Note that
+ * 	this limit can be controlled with the **sysctl** program, and
+ * 	that it should be manually increased in order to profile long
+ * 	user stacks (such as stacks for Java programs). To do so, use:
+ *
+ * 	::
+ *
+ * 		# sysctl kernel.perf_event_max_stack=<new value>
+ *
+ * Returns
+ * 	A non-negative value equal to or less than *size* on success,
+ * 	or a negative error in case of failure.
+ */
+static long (*bpf_get_task_stack)(struct task_struct *task, void *buf, __u32 size, __u64 flags) = (void *) 141;
+
+
diff --git a/vendor/github.com/cilium/ebpf/examples/headers/bpf_helpers.h b/vendor/github.com/cilium/ebpf/examples/headers/bpf_helpers.h
new file mode 100644
index 0000000000000..bc14db706b88a
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/examples/headers/bpf_helpers.h
@@ -0,0 +1,80 @@
+/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */
+#ifndef __BPF_HELPERS__
+#define __BPF_HELPERS__
+
+/*
+ * Note that bpf programs need to include either
+ * vmlinux.h (auto-generated from BTF) or linux/types.h
+ * in advance since bpf_helper_defs.h uses such types
+ * as __u64.
+ */
+#include "bpf_helper_defs.h"
+
+#define __uint(name, val) int (*name)[val]
+#define __type(name, val) typeof(val) *name
+#define __array(name, val) typeof(val) *name[]
+
+/* Helper macro to print out debug messages */
+#define bpf_printk(fmt, ...)				\
+({							\
+	char ____fmt[] = fmt;				\
+	bpf_trace_printk(____fmt, sizeof(____fmt),	\
+			 ##__VA_ARGS__);		\
+})
+
+/*
+ * Helper macro to place programs, maps, license in
+ * different sections in elf_bpf file. Section names
+ * are interpreted by elf_bpf loader
+ */
+#define SEC(NAME) __attribute__((section(NAME), used))
+
+#ifndef __always_inline
+#define __always_inline __attribute__((always_inline))
+#endif
+#ifndef __weak
+#define __weak __attribute__((weak))
+#endif
+
+/*
+ * Helper macro to manipulate data structures
+ */
+#ifndef offsetof
+#define offsetof(TYPE, MEMBER)  __builtin_offsetof(TYPE, MEMBER)
+#endif
+#ifndef container_of
+#define container_of(ptr, type, member)				\
+	({							\
+		void *__mptr = (void *)(ptr);			\
+		((type *)(__mptr - offsetof(type, member)));	\
+	})
+#endif
+
+/*
+ * Helper structure used by eBPF C program
+ * to describe BPF map attributes to libbpf loader
+ */
+struct bpf_map_def {
+	unsigned int type;
+	unsigned int key_size;
+	unsigned int value_size;
+	unsigned int max_entries;
+	unsigned int map_flags;
+};
+
+enum libbpf_pin_type {
+	LIBBPF_PIN_NONE,
+	/* PIN_BY_NAME: pin maps by name (in /sys/fs/bpf by default) */
+	LIBBPF_PIN_BY_NAME,
+};
+
+enum libbpf_tristate {
+	TRI_NO = 0,
+	TRI_YES = 1,
+	TRI_MODULE = 2,
+};
+
+#define __kconfig __attribute__((section(".kconfig")))
+#define __ksym __attribute__((section(".ksyms")))
+
+#endif
diff --git a/vendor/github.com/cilium/ebpf/examples/headers/common.h b/vendor/github.com/cilium/ebpf/examples/headers/common.h
new file mode 100644
index 0000000000000..1a3d58a13c98b
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/examples/headers/common.h
@@ -0,0 +1,107 @@
+// This is a compact version of `vmlinux.h` to be used in the examples using C code.
+
+#ifndef __VMLINUX_H__
+#define __VMLINUX_H__
+
+typedef unsigned char __u8;
+typedef short int __s16;
+typedef short unsigned int __u16;
+typedef int __s32;
+typedef unsigned int __u32;
+typedef long long int __s64;
+typedef long long unsigned int __u64;
+typedef __u8 u8;
+typedef __s16 s16;
+typedef __u16 u16;
+typedef __s32 s32;
+typedef __u32 u32;
+typedef __s64 s64;
+typedef __u64 u64;
+typedef __u16 __le16;
+typedef __u16 __be16;
+typedef __u32 __be32;
+typedef __u64 __be64;
+typedef __u32 __wsum;
+
+enum bpf_map_type {
+	BPF_MAP_TYPE_UNSPEC = 0,
+	BPF_MAP_TYPE_HASH = 1,
+	BPF_MAP_TYPE_ARRAY = 2,
+	BPF_MAP_TYPE_PROG_ARRAY = 3,
+	BPF_MAP_TYPE_PERF_EVENT_ARRAY = 4,
+	BPF_MAP_TYPE_PERCPU_HASH = 5,
+	BPF_MAP_TYPE_PERCPU_ARRAY = 6,
+	BPF_MAP_TYPE_STACK_TRACE = 7,
+	BPF_MAP_TYPE_CGROUP_ARRAY = 8,
+	BPF_MAP_TYPE_LRU_HASH = 9,
+	BPF_MAP_TYPE_LRU_PERCPU_HASH = 10,
+	BPF_MAP_TYPE_LPM_TRIE = 11,
+	BPF_MAP_TYPE_ARRAY_OF_MAPS = 12,
+	BPF_MAP_TYPE_HASH_OF_MAPS = 13,
+	BPF_MAP_TYPE_DEVMAP = 14,
+	BPF_MAP_TYPE_SOCKMAP = 15,
+	BPF_MAP_TYPE_CPUMAP = 16,
+	BPF_MAP_TYPE_XSKMAP = 17,
+	BPF_MAP_TYPE_SOCKHASH = 18,
+	BPF_MAP_TYPE_CGROUP_STORAGE = 19,
+	BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 20,
+	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 21,
+	BPF_MAP_TYPE_QUEUE = 22,
+	BPF_MAP_TYPE_STACK = 23,
+	BPF_MAP_TYPE_SK_STORAGE = 24,
+	BPF_MAP_TYPE_DEVMAP_HASH = 25,
+	BPF_MAP_TYPE_STRUCT_OPS = 26,
+	BPF_MAP_TYPE_RINGBUF = 27,
+	BPF_MAP_TYPE_INODE_STORAGE = 28,
+};
+
+enum {
+	BPF_ANY = 0,
+	BPF_NOEXIST = 1,
+	BPF_EXIST = 2,
+	BPF_F_LOCK = 4,
+};
+
+/* BPF_FUNC_perf_event_output, BPF_FUNC_perf_event_read and
+ * BPF_FUNC_perf_event_read_value flags.
+ */
+#define BPF_F_INDEX_MASK 0xffffffffULL
+#define BPF_F_CURRENT_CPU BPF_F_INDEX_MASK
+
+#define PT_REGS_RC(x) ((x)->rax)
+struct pt_regs {
+/*
+ * C ABI says these regs are callee-preserved. They aren't saved on kernel entry
+ * unless syscall needs a complete, fully filled "struct pt_regs".
+ */
+	unsigned long r15;
+	unsigned long r14;
+	unsigned long r13;
+	unsigned long r12;
+	unsigned long rbp;
+	unsigned long rbx;
+/* These regs are callee-clobbered. Always saved on kernel entry. */
+	unsigned long r11;
+	unsigned long r10;
+	unsigned long r9;
+	unsigned long r8;
+	unsigned long rax;
+	unsigned long rcx;
+	unsigned long rdx;
+	unsigned long rsi;
+	unsigned long rdi;
+/*
+ * On syscall entry, this is syscall#. On CPU exception, this is error code.
+ * On hw interrupt, it's IRQ number:
+ */
+	unsigned long orig_rax;
+/* Return frame for iretq */
+	unsigned long rip;
+	unsigned long cs;
+	unsigned long eflags;
+	unsigned long rsp;
+	unsigned long ss;
+/* top of stack page */
+};
+
+#endif /* __VMLINUX_H__ */
diff --git a/vendor/github.com/cilium/ebpf/examples/kprobe/bpf/kprobe_example.c b/vendor/github.com/cilium/ebpf/examples/kprobe/bpf/kprobe_example.c
new file mode 100644
index 0000000000000..04f7a33dcc6b1
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/examples/kprobe/bpf/kprobe_example.c
@@ -0,0 +1,26 @@
+#include "common.h"
+#include "bpf_helpers.h"
+
+char __license[] SEC("license") = "Dual MIT/GPL";
+
+struct bpf_map_def SEC("maps") kprobe_map = {
+    .type = BPF_MAP_TYPE_ARRAY,
+    .key_size = sizeof(u32),
+    .value_size = sizeof(u64),
+    .max_entries = 1,
+};
+
+SEC("kprobe/sys_execve")
+int kprobe_execve() {
+    u32 key = 0;
+    u64 initval = 1, *valp;
+
+    valp = bpf_map_lookup_elem(&kprobe_map, &key);
+    if (!valp) {
+        bpf_map_update_elem(&kprobe_map, &key, &initval, BPF_ANY);
+        return 0;
+    }
+    __sync_fetch_and_add(valp, 1);
+
+    return 0;
+}
diff --git a/vendor/github.com/cilium/ebpf/examples/uretprobe/bpf/uretprobe_example.c b/vendor/github.com/cilium/ebpf/examples/uretprobe/bpf/uretprobe_example.c
new file mode 100644
index 0000000000000..94766ea4139e8
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/examples/uretprobe/bpf/uretprobe_example.c
@@ -0,0 +1,25 @@
+#include "common.h"
+#include "bpf_helpers.h"
+
+char __license[] SEC("license") = "Dual MIT/GPL";
+
+struct event_t {
+	u32 pid;
+	char str[80];
+};
+
+struct {
+	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+} events SEC(".maps");
+
+SEC("uretprobe/bash_readline")
+int uretprobe_bash_readline(struct pt_regs *ctx) {
+	struct event_t event;
+
+	event.pid = bpf_get_current_pid_tgid();
+	bpf_probe_read(&event.str, sizeof(event.str), (void *)PT_REGS_RC(ctx));
+
+	bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event, sizeof(event));
+
+	return 0;
+}
diff --git a/vendor/github.com/cilium/ebpf/go.mod b/vendor/github.com/cilium/ebpf/go.mod
new file mode 100644
index 0000000000000..df8139621c3e5
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/go.mod
@@ -0,0 +1,9 @@
+module github.com/cilium/ebpf
+
+go 1.15
+
+require (
+	github.com/frankban/quicktest v1.11.3
+	github.com/google/go-cmp v0.5.4
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+)
diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go
new file mode 100644
index 0000000000000..b95131ef57262
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/info.go
@@ -0,0 +1,239 @@
+package ebpf
+
+import (
+	"bufio"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/cilium/ebpf/internal"
+)
+
+// MapInfo describes a map.
+type MapInfo struct {
+	Type       MapType
+	id         MapID
+	KeySize    uint32
+	ValueSize  uint32
+	MaxEntries uint32
+	Flags      uint32
+	// Name as supplied by user space at load time.
+	Name string
+}
+
+func newMapInfoFromFd(fd *internal.FD) (*MapInfo, error) {
+	info, err := bpfGetMapInfoByFD(fd)
+	if errors.Is(err, syscall.EINVAL) {
+		return newMapInfoFromProc(fd)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return &MapInfo{
+		MapType(info.map_type),
+		MapID(info.id),
+		info.key_size,
+		info.value_size,
+		info.max_entries,
+		info.map_flags,
+		// name is available from 4.15.
+		internal.CString(info.name[:]),
+	}, nil
+}
+
+func newMapInfoFromProc(fd *internal.FD) (*MapInfo, error) {
+	var mi MapInfo
+	err := scanFdInfo(fd, map[string]interface{}{
+		"map_type":    &mi.Type,
+		"key_size":    &mi.KeySize,
+		"value_size":  &mi.ValueSize,
+		"max_entries": &mi.MaxEntries,
+		"map_flags":   &mi.Flags,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &mi, nil
+}
+
+// ID returns the map ID.
+//
+// Available from 4.13.
+//
+// The bool return value indicates whether this optional field is available.
+func (mi *MapInfo) ID() (MapID, bool) {
+	return mi.id, mi.id > 0
+}
+
+// programStats holds statistics of a program.
+type programStats struct {
+	// Total accumulated runtime of the program ins ns.
+	runtime time.Duration
+	// Total number of times the program was called.
+	runCount uint64
+}
+
+// ProgramInfo describes a program.
+type ProgramInfo struct {
+	Type ProgramType
+	id   ProgramID
+	// Truncated hash of the BPF bytecode.
+	Tag string
+	// Name as supplied by user space at load time.
+	Name string
+
+	stats *programStats
+}
+
+func newProgramInfoFromFd(fd *internal.FD) (*ProgramInfo, error) {
+	info, err := bpfGetProgInfoByFD(fd)
+	if errors.Is(err, syscall.EINVAL) {
+		return newProgramInfoFromProc(fd)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return &ProgramInfo{
+		Type: ProgramType(info.prog_type),
+		id:   ProgramID(info.id),
+		// tag is available if the kernel supports BPF_PROG_GET_INFO_BY_FD.
+		Tag: hex.EncodeToString(info.tag[:]),
+		// name is available from 4.15.
+		Name: internal.CString(info.name[:]),
+		stats: &programStats{
+			runtime:  time.Duration(info.run_time_ns),
+			runCount: info.run_cnt,
+		},
+	}, nil
+}
+
+func newProgramInfoFromProc(fd *internal.FD) (*ProgramInfo, error) {
+	var info ProgramInfo
+	err := scanFdInfo(fd, map[string]interface{}{
+		"prog_type": &info.Type,
+		"prog_tag":  &info.Tag,
+	})
+	if errors.Is(err, errMissingFields) {
+		return nil, &internal.UnsupportedFeatureError{
+			Name:           "reading program info from /proc/self/fdinfo",
+			MinimumVersion: internal.Version{4, 10, 0},
+		}
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return &info, nil
+}
+
+// ID returns the program ID.
+//
+// Available from 4.13.
+//
+// The bool return value indicates whether this optional field is available.
+func (pi *ProgramInfo) ID() (ProgramID, bool) {
+	return pi.id, pi.id > 0
+}
+
+// RunCount returns the total number of times the program was called.
+//
+// Can return 0 if the collection of statistics is not enabled. See EnableStats().
+// The bool return value indicates whether this optional field is available.
+func (pi *ProgramInfo) RunCount() (uint64, bool) {
+	if pi.stats != nil {
+		return pi.stats.runCount, true
+	}
+	return 0, false
+}
+
+// Runtime returns the total accumulated runtime of the program.
+//
+// Can return 0 if the collection of statistics is not enabled. See EnableStats().
+// The bool return value indicates whether this optional field is available.
+func (pi *ProgramInfo) Runtime() (time.Duration, bool) {
+	if pi.stats != nil {
+		return pi.stats.runtime, true
+	}
+	return time.Duration(0), false
+}
+
+func scanFdInfo(fd *internal.FD, fields map[string]interface{}) error {
+	raw, err := fd.Value()
+	if err != nil {
+		return err
+	}
+
+	fh, err := os.Open(fmt.Sprintf("/proc/self/fdinfo/%d", raw))
+	if err != nil {
+		return err
+	}
+	defer fh.Close()
+
+	if err := scanFdInfoReader(fh, fields); err != nil {
+		return fmt.Errorf("%s: %w", fh.Name(), err)
+	}
+	return nil
+}
+
+var errMissingFields = errors.New("missing fields")
+
+func scanFdInfoReader(r io.Reader, fields map[string]interface{}) error {
+	var (
+		scanner = bufio.NewScanner(r)
+		scanned int
+	)
+
+	for scanner.Scan() {
+		parts := strings.SplitN(scanner.Text(), "\t", 2)
+		if len(parts) != 2 {
+			continue
+		}
+
+		name := strings.TrimSuffix(parts[0], ":")
+		field, ok := fields[string(name)]
+		if !ok {
+			continue
+		}
+
+		if n, err := fmt.Sscanln(parts[1], field); err != nil || n != 1 {
+			return fmt.Errorf("can't parse field %s: %v", name, err)
+		}
+
+		scanned++
+	}
+
+	if err := scanner.Err(); err != nil {
+		return err
+	}
+
+	if scanned != len(fields) {
+		return errMissingFields
+	}
+
+	return nil
+}
+
+// EnableStats starts the measuring of the runtime
+// and run counts of eBPF programs.
+//
+// Collecting statistics can have an impact on the performance.
+//
+// Requires at least 5.8.
+func EnableStats(which uint32) (io.Closer, error) {
+	attr := internal.BPFEnableStatsAttr{
+		StatsType: which,
+	}
+
+	fd, err := internal.BPFEnableStats(&attr)
+	if err != nil {
+		return nil, err
+	}
+	return fd, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/btf.go b/vendor/github.com/cilium/ebpf/internal/btf/btf.go
new file mode 100644
index 0000000000000..5da9e11921a3b
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/btf.go
@@ -0,0 +1,799 @@
+package btf
+
+import (
+	"bytes"
+	"debug/elf"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math"
+	"os"
+	"reflect"
+	"sync"
+	"unsafe"
+
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+const btfMagic = 0xeB9F
+
+// Errors returned by BTF functions.
+var (
+	ErrNotSupported   = internal.ErrNotSupported
+	ErrNotFound       = errors.New("not found")
+	ErrNoExtendedInfo = errors.New("no extended info")
+)
+
+// Spec represents decoded BTF.
+type Spec struct {
+	rawTypes   []rawType
+	strings    stringTable
+	types      []Type
+	namedTypes map[string][]namedType
+	funcInfos  map[string]extInfo
+	lineInfos  map[string]extInfo
+	coreRelos  map[string]coreRelos
+	byteOrder  binary.ByteOrder
+}
+
+type btfHeader struct {
+	Magic   uint16
+	Version uint8
+	Flags   uint8
+	HdrLen  uint32
+
+	TypeOff   uint32
+	TypeLen   uint32
+	StringOff uint32
+	StringLen uint32
+}
+
+// LoadSpecFromReader reads BTF sections from an ELF.
+//
+// Returns ErrNotFound if the reader contains no BTF.
+func LoadSpecFromReader(rd io.ReaderAt) (*Spec, error) {
+	file, err := internal.NewSafeELFFile(rd)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	btfSection, btfExtSection, sectionSizes, err := findBtfSections(file)
+	if err != nil {
+		return nil, err
+	}
+
+	if btfSection == nil {
+		return nil, fmt.Errorf("btf: %w", ErrNotFound)
+	}
+
+	symbols, err := file.Symbols()
+	if err != nil {
+		return nil, fmt.Errorf("can't read symbols: %v", err)
+	}
+
+	variableOffsets := make(map[variable]uint32)
+	for _, symbol := range symbols {
+		if idx := symbol.Section; idx >= elf.SHN_LORESERVE && idx <= elf.SHN_HIRESERVE {
+			// Ignore things like SHN_ABS
+			continue
+		}
+
+		if int(symbol.Section) >= len(file.Sections) {
+			return nil, fmt.Errorf("symbol %s: invalid section %d", symbol.Name, symbol.Section)
+		}
+
+		secName := file.Sections[symbol.Section].Name
+		if _, ok := sectionSizes[secName]; !ok {
+			continue
+		}
+
+		if symbol.Value > math.MaxUint32 {
+			return nil, fmt.Errorf("section %s: symbol %s: size exceeds maximum", secName, symbol.Name)
+		}
+
+		variableOffsets[variable{secName, symbol.Name}] = uint32(symbol.Value)
+	}
+
+	spec, err := loadNakedSpec(btfSection.Open(), file.ByteOrder, sectionSizes, variableOffsets)
+	if err != nil {
+		return nil, err
+	}
+
+	if btfExtSection == nil {
+		return spec, nil
+	}
+
+	spec.funcInfos, spec.lineInfos, spec.coreRelos, err = parseExtInfos(btfExtSection.Open(), file.ByteOrder, spec.strings)
+	if err != nil {
+		return nil, fmt.Errorf("can't read ext info: %w", err)
+	}
+
+	return spec, nil
+}
+
+func findBtfSections(file *internal.SafeELFFile) (*elf.Section, *elf.Section, map[string]uint32, error) {
+	var (
+		btfSection    *elf.Section
+		btfExtSection *elf.Section
+		sectionSizes  = make(map[string]uint32)
+	)
+
+	for _, sec := range file.Sections {
+		switch sec.Name {
+		case ".BTF":
+			btfSection = sec
+		case ".BTF.ext":
+			btfExtSection = sec
+		default:
+			if sec.Type != elf.SHT_PROGBITS && sec.Type != elf.SHT_NOBITS {
+				break
+			}
+
+			if sec.Size > math.MaxUint32 {
+				return nil, nil, nil, fmt.Errorf("section %s exceeds maximum size", sec.Name)
+			}
+
+			sectionSizes[sec.Name] = uint32(sec.Size)
+		}
+	}
+	return btfSection, btfExtSection, sectionSizes, nil
+}
+
+func loadSpecFromVmlinux(rd io.ReaderAt) (*Spec, error) {
+	file, err := internal.NewSafeELFFile(rd)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	btfSection, _, _, err := findBtfSections(file)
+	if err != nil {
+		return nil, fmt.Errorf(".BTF ELF section: %s", err)
+	}
+	if btfSection == nil {
+		return nil, fmt.Errorf("unable to find .BTF ELF section")
+	}
+	return loadNakedSpec(btfSection.Open(), file.ByteOrder, nil, nil)
+}
+
+func loadNakedSpec(btf io.ReadSeeker, bo binary.ByteOrder, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) (*Spec, error) {
+	rawTypes, rawStrings, err := parseBTF(btf, bo)
+	if err != nil {
+		return nil, err
+	}
+
+	err = fixupDatasec(rawTypes, rawStrings, sectionSizes, variableOffsets)
+	if err != nil {
+		return nil, err
+	}
+
+	types, typesByName, err := inflateRawTypes(rawTypes, rawStrings)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Spec{
+		rawTypes:   rawTypes,
+		namedTypes: typesByName,
+		types:      types,
+		strings:    rawStrings,
+		byteOrder:  bo,
+	}, nil
+}
+
+var kernelBTF struct {
+	sync.Mutex
+	*Spec
+}
+
+// LoadKernelSpec returns the current kernel's BTF information.
+//
+// Requires a >= 5.5 kernel with CONFIG_DEBUG_INFO_BTF enabled. Returns
+// ErrNotSupported if BTF is not enabled.
+func LoadKernelSpec() (*Spec, error) {
+	kernelBTF.Lock()
+	defer kernelBTF.Unlock()
+
+	if kernelBTF.Spec != nil {
+		return kernelBTF.Spec, nil
+	}
+
+	var err error
+	kernelBTF.Spec, err = loadKernelSpec()
+	return kernelBTF.Spec, err
+}
+
+func loadKernelSpec() (*Spec, error) {
+	release, err := unix.KernelRelease()
+	if err != nil {
+		return nil, fmt.Errorf("can't read kernel release number: %w", err)
+	}
+
+	fh, err := os.Open("/sys/kernel/btf/vmlinux")
+	if err == nil {
+		defer fh.Close()
+
+		return loadNakedSpec(fh, internal.NativeEndian, nil, nil)
+	}
+
+	// use same list of locations as libbpf
+	// https://github.com/libbpf/libbpf/blob/9a3a42608dbe3731256a5682a125ac1e23bced8f/src/btf.c#L3114-L3122
+	locations := []string{
+		"/boot/vmlinux-%s",
+		"/lib/modules/%s/vmlinux-%[1]s",
+		"/lib/modules/%s/build/vmlinux",
+		"/usr/lib/modules/%s/kernel/vmlinux",
+		"/usr/lib/debug/boot/vmlinux-%s",
+		"/usr/lib/debug/boot/vmlinux-%s.debug",
+		"/usr/lib/debug/lib/modules/%s/vmlinux",
+	}
+
+	for _, loc := range locations {
+		path := fmt.Sprintf(loc, release)
+
+		fh, err := os.Open(path)
+		if err != nil {
+			continue
+		}
+		defer fh.Close()
+
+		return loadSpecFromVmlinux(fh)
+	}
+
+	return nil, fmt.Errorf("no BTF for kernel version %s: %w", release, internal.ErrNotSupported)
+}
+
+func parseBTF(btf io.ReadSeeker, bo binary.ByteOrder) ([]rawType, stringTable, error) {
+	rawBTF, err := ioutil.ReadAll(btf)
+	if err != nil {
+		return nil, nil, fmt.Errorf("can't read BTF: %v", err)
+	}
+
+	rd := bytes.NewReader(rawBTF)
+
+	var header btfHeader
+	if err := binary.Read(rd, bo, &header); err != nil {
+		return nil, nil, fmt.Errorf("can't read header: %v", err)
+	}
+
+	if header.Magic != btfMagic {
+		return nil, nil, fmt.Errorf("incorrect magic value %v", header.Magic)
+	}
+
+	if header.Version != 1 {
+		return nil, nil, fmt.Errorf("unexpected version %v", header.Version)
+	}
+
+	if header.Flags != 0 {
+		return nil, nil, fmt.Errorf("unsupported flags %v", header.Flags)
+	}
+
+	remainder := int64(header.HdrLen) - int64(binary.Size(&header))
+	if remainder < 0 {
+		return nil, nil, errors.New("header is too short")
+	}
+
+	if _, err := io.CopyN(internal.DiscardZeroes{}, rd, remainder); err != nil {
+		return nil, nil, fmt.Errorf("header padding: %v", err)
+	}
+
+	if _, err := rd.Seek(int64(header.HdrLen+header.StringOff), io.SeekStart); err != nil {
+		return nil, nil, fmt.Errorf("can't seek to start of string section: %v", err)
+	}
+
+	rawStrings, err := readStringTable(io.LimitReader(rd, int64(header.StringLen)))
+	if err != nil {
+		return nil, nil, fmt.Errorf("can't read type names: %w", err)
+	}
+
+	if _, err := rd.Seek(int64(header.HdrLen+header.TypeOff), io.SeekStart); err != nil {
+		return nil, nil, fmt.Errorf("can't seek to start of type section: %v", err)
+	}
+
+	rawTypes, err := readTypes(io.LimitReader(rd, int64(header.TypeLen)), bo)
+	if err != nil {
+		return nil, nil, fmt.Errorf("can't read types: %w", err)
+	}
+
+	return rawTypes, rawStrings, nil
+}
+
+type variable struct {
+	section string
+	name    string
+}
+
+func fixupDatasec(rawTypes []rawType, rawStrings stringTable, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) error {
+	for i, rawType := range rawTypes {
+		if rawType.Kind() != kindDatasec {
+			continue
+		}
+
+		name, err := rawStrings.Lookup(rawType.NameOff)
+		if err != nil {
+			return err
+		}
+
+		if name == ".kconfig" || name == ".ksyms" {
+			return fmt.Errorf("reference to %s: %w", name, ErrNotSupported)
+		}
+
+		if rawTypes[i].SizeType != 0 {
+			continue
+		}
+
+		size, ok := sectionSizes[name]
+		if !ok {
+			return fmt.Errorf("data section %s: missing size", name)
+		}
+
+		rawTypes[i].SizeType = size
+
+		secinfos := rawType.data.([]btfVarSecinfo)
+		for j, secInfo := range secinfos {
+			id := int(secInfo.Type - 1)
+			if id >= len(rawTypes) {
+				return fmt.Errorf("data section %s: invalid type id %d for variable %d", name, id, j)
+			}
+
+			varName, err := rawStrings.Lookup(rawTypes[id].NameOff)
+			if err != nil {
+				return fmt.Errorf("data section %s: can't get name for type %d: %w", name, id, err)
+			}
+
+			offset, ok := variableOffsets[variable{name, varName}]
+			if !ok {
+				return fmt.Errorf("data section %s: missing offset for variable %s", name, varName)
+			}
+
+			secinfos[j].Offset = offset
+		}
+	}
+
+	return nil
+}
+
+type marshalOpts struct {
+	ByteOrder        binary.ByteOrder
+	StripFuncLinkage bool
+}
+
+func (s *Spec) marshal(opts marshalOpts) ([]byte, error) {
+	var (
+		buf       bytes.Buffer
+		header    = new(btfHeader)
+		headerLen = binary.Size(header)
+	)
+
+	// Reserve space for the header. We have to write it last since
+	// we don't know the size of the type section yet.
+	_, _ = buf.Write(make([]byte, headerLen))
+
+	// Write type section, just after the header.
+	for _, raw := range s.rawTypes {
+		switch {
+		case opts.StripFuncLinkage && raw.Kind() == kindFunc:
+			raw.SetLinkage(StaticFunc)
+		}
+
+		if err := raw.Marshal(&buf, opts.ByteOrder); err != nil {
+			return nil, fmt.Errorf("can't marshal BTF: %w", err)
+		}
+	}
+
+	typeLen := uint32(buf.Len() - headerLen)
+
+	// Write string section after type section.
+	_, _ = buf.Write(s.strings)
+
+	// Fill out the header, and write it out.
+	header = &btfHeader{
+		Magic:     btfMagic,
+		Version:   1,
+		Flags:     0,
+		HdrLen:    uint32(headerLen),
+		TypeOff:   0,
+		TypeLen:   typeLen,
+		StringOff: typeLen,
+		StringLen: uint32(len(s.strings)),
+	}
+
+	raw := buf.Bytes()
+	err := binary.Write(sliceWriter(raw[:headerLen]), opts.ByteOrder, header)
+	if err != nil {
+		return nil, fmt.Errorf("can't write header: %v", err)
+	}
+
+	return raw, nil
+}
+
+type sliceWriter []byte
+
+func (sw sliceWriter) Write(p []byte) (int, error) {
+	if len(p) != len(sw) {
+		return 0, errors.New("size doesn't match")
+	}
+
+	return copy(sw, p), nil
+}
+
+// Program finds the BTF for a specific section.
+//
+// Length is the number of bytes in the raw BPF instruction stream.
+//
+// Returns an error which may wrap ErrNoExtendedInfo if the Spec doesn't
+// contain extended BTF info.
+func (s *Spec) Program(name string, length uint64) (*Program, error) {
+	if length == 0 {
+		return nil, errors.New("length musn't be zero")
+	}
+
+	if s.funcInfos == nil && s.lineInfos == nil && s.coreRelos == nil {
+		return nil, fmt.Errorf("BTF for section %s: %w", name, ErrNoExtendedInfo)
+	}
+
+	funcInfos, funcOK := s.funcInfos[name]
+	lineInfos, lineOK := s.lineInfos[name]
+	relos, coreOK := s.coreRelos[name]
+
+	if !funcOK && !lineOK && !coreOK {
+		return nil, fmt.Errorf("no extended BTF info for section %s", name)
+	}
+
+	return &Program{s, length, funcInfos, lineInfos, relos}, nil
+}
+
+// Datasec returns the BTF required to create maps which represent data sections.
+func (s *Spec) Datasec(name string) (*Map, error) {
+	var datasec Datasec
+	if err := s.FindType(name, &datasec); err != nil {
+		return nil, fmt.Errorf("data section %s: can't get BTF: %w", name, err)
+	}
+
+	m := NewMap(s, &Void{}, &datasec)
+	return &m, nil
+}
+
+// FindType searches for a type with a specific name.
+//
+// hint determines the type of the returned Type.
+//
+// Returns an error wrapping ErrNotFound if no matching
+// type exists in spec.
+func (s *Spec) FindType(name string, typ Type) error {
+	var (
+		wanted    = reflect.TypeOf(typ)
+		candidate Type
+	)
+
+	for _, typ := range s.namedTypes[essentialName(name)] {
+		if reflect.TypeOf(typ) != wanted {
+			continue
+		}
+
+		// Match against the full name, not just the essential one.
+		if typ.name() != name {
+			continue
+		}
+
+		if candidate != nil {
+			return fmt.Errorf("type %s: multiple candidates for %T", name, typ)
+		}
+
+		candidate = typ
+	}
+
+	if candidate == nil {
+		return fmt.Errorf("type %s: %w", name, ErrNotFound)
+	}
+
+	cpy, _ := copyType(candidate, nil)
+	value := reflect.Indirect(reflect.ValueOf(cpy))
+	reflect.Indirect(reflect.ValueOf(typ)).Set(value)
+	return nil
+}
+
+// Handle is a reference to BTF loaded into the kernel.
+type Handle struct {
+	fd *internal.FD
+}
+
+// NewHandle loads BTF into the kernel.
+//
+// Returns ErrNotSupported if BTF is not supported.
+func NewHandle(spec *Spec) (*Handle, error) {
+	if err := haveBTF(); err != nil {
+		return nil, err
+	}
+
+	if spec.byteOrder != internal.NativeEndian {
+		return nil, fmt.Errorf("can't load %s BTF on %s", spec.byteOrder, internal.NativeEndian)
+	}
+
+	btf, err := spec.marshal(marshalOpts{
+		ByteOrder:        internal.NativeEndian,
+		StripFuncLinkage: haveFuncLinkage() != nil,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("can't marshal BTF: %w", err)
+	}
+
+	if uint64(len(btf)) > math.MaxUint32 {
+		return nil, errors.New("BTF exceeds the maximum size")
+	}
+
+	attr := &bpfLoadBTFAttr{
+		btf:     internal.NewSlicePointer(btf),
+		btfSize: uint32(len(btf)),
+	}
+
+	fd, err := bpfLoadBTF(attr)
+	if err != nil {
+		logBuf := make([]byte, 64*1024)
+		attr.logBuf = internal.NewSlicePointer(logBuf)
+		attr.btfLogSize = uint32(len(logBuf))
+		attr.btfLogLevel = 1
+		_, logErr := bpfLoadBTF(attr)
+		return nil, internal.ErrorWithLog(err, logBuf, logErr)
+	}
+
+	return &Handle{fd}, nil
+}
+
+// Close destroys the handle.
+//
+// Subsequent calls to FD will return an invalid value.
+func (h *Handle) Close() error {
+	return h.fd.Close()
+}
+
+// FD returns the file descriptor for the handle.
+func (h *Handle) FD() int {
+	value, err := h.fd.Value()
+	if err != nil {
+		return -1
+	}
+
+	return int(value)
+}
+
+// Map is the BTF for a map.
+type Map struct {
+	spec       *Spec
+	key, value Type
+}
+
+// NewMap returns a new Map containing the given values.
+// The key and value arguments are initialized to Void if nil values are given.
+func NewMap(spec *Spec, key Type, value Type) Map {
+	if key == nil {
+		key = &Void{}
+	}
+	if value == nil {
+		value = &Void{}
+	}
+
+	return Map{
+		spec:  spec,
+		key:   key,
+		value: value,
+	}
+}
+
+// MapSpec should be a method on Map, but is a free function
+// to hide it from users of the ebpf package.
+func MapSpec(m *Map) *Spec {
+	return m.spec
+}
+
+// MapKey should be a method on Map, but is a free function
+// to hide it from users of the ebpf package.
+func MapKey(m *Map) Type {
+	return m.key
+}
+
+// MapValue should be a method on Map, but is a free function
+// to hide it from users of the ebpf package.
+func MapValue(m *Map) Type {
+	return m.value
+}
+
+// Program is the BTF information for a stream of instructions.
+type Program struct {
+	spec                 *Spec
+	length               uint64
+	funcInfos, lineInfos extInfo
+	coreRelos            coreRelos
+}
+
+// ProgramSpec returns the Spec needed for loading function and line infos into the kernel.
+//
+// This is a free function instead of a method to hide it from users
+// of package ebpf.
+func ProgramSpec(s *Program) *Spec {
+	return s.spec
+}
+
+// ProgramAppend the information from other to the Program.
+//
+// This is a free function instead of a method to hide it from users
+// of package ebpf.
+func ProgramAppend(s, other *Program) error {
+	funcInfos, err := s.funcInfos.append(other.funcInfos, s.length)
+	if err != nil {
+		return fmt.Errorf("func infos: %w", err)
+	}
+
+	lineInfos, err := s.lineInfos.append(other.lineInfos, s.length)
+	if err != nil {
+		return fmt.Errorf("line infos: %w", err)
+	}
+
+	s.funcInfos = funcInfos
+	s.lineInfos = lineInfos
+	s.coreRelos = s.coreRelos.append(other.coreRelos, s.length)
+	s.length += other.length
+	return nil
+}
+
+// ProgramFuncInfos returns the binary form of BTF function infos.
+//
+// This is a free function instead of a method to hide it from users
+// of package ebpf.
+func ProgramFuncInfos(s *Program) (recordSize uint32, bytes []byte, err error) {
+	bytes, err = s.funcInfos.MarshalBinary()
+	if err != nil {
+		return 0, nil, err
+	}
+
+	return s.funcInfos.recordSize, bytes, nil
+}
+
+// ProgramLineInfos returns the binary form of BTF line infos.
+//
+// This is a free function instead of a method to hide it from users
+// of package ebpf.
+func ProgramLineInfos(s *Program) (recordSize uint32, bytes []byte, err error) {
+	bytes, err = s.lineInfos.MarshalBinary()
+	if err != nil {
+		return 0, nil, err
+	}
+
+	return s.lineInfos.recordSize, bytes, nil
+}
+
+// ProgramFixups returns the changes required to adjust the program to the target.
+//
+// This is a free function instead of a method to hide it from users
+// of package ebpf.
+func ProgramFixups(s *Program, target *Spec) (COREFixups, error) {
+	if len(s.coreRelos) == 0 {
+		return nil, nil
+	}
+
+	if target == nil {
+		var err error
+		target, err = LoadKernelSpec()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return coreRelocate(s.spec, target, s.coreRelos)
+}
+
+type bpfLoadBTFAttr struct {
+	btf         internal.Pointer
+	logBuf      internal.Pointer
+	btfSize     uint32
+	btfLogSize  uint32
+	btfLogLevel uint32
+}
+
+func bpfLoadBTF(attr *bpfLoadBTFAttr) (*internal.FD, error) {
+	fd, err := internal.BPF(internal.BPF_BTF_LOAD, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	if err != nil {
+		return nil, err
+	}
+
+	return internal.NewFD(uint32(fd)), nil
+}
+
+func marshalBTF(types interface{}, strings []byte, bo binary.ByteOrder) []byte {
+	const minHeaderLength = 24
+
+	typesLen := uint32(binary.Size(types))
+	header := btfHeader{
+		Magic:     btfMagic,
+		Version:   1,
+		HdrLen:    minHeaderLength,
+		TypeOff:   0,
+		TypeLen:   typesLen,
+		StringOff: typesLen,
+		StringLen: uint32(len(strings)),
+	}
+
+	buf := new(bytes.Buffer)
+	_ = binary.Write(buf, bo, &header)
+	_ = binary.Write(buf, bo, types)
+	buf.Write(strings)
+
+	return buf.Bytes()
+}
+
+var haveBTF = internal.FeatureTest("BTF", "5.1", func() error {
+	var (
+		types struct {
+			Integer btfType
+			Var     btfType
+			btfVar  struct{ Linkage uint32 }
+		}
+		strings = []byte{0, 'a', 0}
+	)
+
+	// We use a BTF_KIND_VAR here, to make sure that
+	// the kernel understands BTF at least as well as we
+	// do. BTF_KIND_VAR was introduced ~5.1.
+	types.Integer.SetKind(kindPointer)
+	types.Var.NameOff = 1
+	types.Var.SetKind(kindVar)
+	types.Var.SizeType = 1
+
+	btf := marshalBTF(&types, strings, internal.NativeEndian)
+
+	fd, err := bpfLoadBTF(&bpfLoadBTFAttr{
+		btf:     internal.NewSlicePointer(btf),
+		btfSize: uint32(len(btf)),
+	})
+	if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) {
+		// Treat both EINVAL and EPERM as not supported: loading the program
+		// might still succeed without BTF.
+		return internal.ErrNotSupported
+	}
+	if err != nil {
+		return err
+	}
+
+	fd.Close()
+	return nil
+})
+
+var haveFuncLinkage = internal.FeatureTest("BTF func linkage", "5.6", func() error {
+	if err := haveBTF(); err != nil {
+		return err
+	}
+
+	var (
+		types struct {
+			FuncProto btfType
+			Func      btfType
+		}
+		strings = []byte{0, 'a', 0}
+	)
+
+	types.FuncProto.SetKind(kindFuncProto)
+	types.Func.SetKind(kindFunc)
+	types.Func.SizeType = 1 // aka FuncProto
+	types.Func.NameOff = 1
+	types.Func.SetLinkage(GlobalFunc)
+
+	btf := marshalBTF(&types, strings, internal.NativeEndian)
+
+	fd, err := bpfLoadBTF(&bpfLoadBTFAttr{
+		btf:     internal.NewSlicePointer(btf),
+		btfSize: uint32(len(btf)),
+	})
+	if errors.Is(err, unix.EINVAL) {
+		return internal.ErrNotSupported
+	}
+	if err != nil {
+		return err
+	}
+
+	fd.Close()
+	return nil
+})
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/btf_types.go b/vendor/github.com/cilium/ebpf/internal/btf/btf_types.go
new file mode 100644
index 0000000000000..a5ef945120138
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/btf_types.go
@@ -0,0 +1,282 @@
+package btf
+
+import (
+	"encoding/binary"
+	"fmt"
+	"io"
+)
+
+//go:generate stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage
+
+// btfKind describes a Type.
+type btfKind uint8
+
+// Equivalents of the BTF_KIND_* constants.
+const (
+	kindUnknown btfKind = iota
+	kindInt
+	kindPointer
+	kindArray
+	kindStruct
+	kindUnion
+	kindEnum
+	kindForward
+	kindTypedef
+	kindVolatile
+	kindConst
+	kindRestrict
+	// Added ~4.20
+	kindFunc
+	kindFuncProto
+	// Added ~5.1
+	kindVar
+	kindDatasec
+)
+
+// FuncLinkage describes BTF function linkage metadata.
+type FuncLinkage int
+
+// Equivalent of enum btf_func_linkage.
+const (
+	StaticFunc FuncLinkage = iota // static
+	GlobalFunc                    // global
+	ExternFunc                    // extern
+)
+
+// VarLinkage describes BTF variable linkage metadata.
+type VarLinkage int
+
+const (
+	StaticVar VarLinkage = iota // static
+	GlobalVar                   // global
+	ExternVar                   // extern
+)
+
+const (
+	btfTypeKindShift     = 24
+	btfTypeKindLen       = 4
+	btfTypeVlenShift     = 0
+	btfTypeVlenMask      = 16
+	btfTypeKindFlagShift = 31
+	btfTypeKindFlagMask  = 1
+)
+
+// btfType is equivalent to struct btf_type in Documentation/bpf/btf.rst.
+type btfType struct {
+	NameOff uint32
+	/* "info" bits arrangement
+	 * bits  0-15: vlen (e.g. # of struct's members), linkage
+	 * bits 16-23: unused
+	 * bits 24-27: kind (e.g. int, ptr, array...etc)
+	 * bits 28-30: unused
+	 * bit     31: kind_flag, currently used by
+	 *             struct, union and fwd
+	 */
+	Info uint32
+	/* "size" is used by INT, ENUM, STRUCT and UNION.
+	 * "size" tells the size of the type it is describing.
+	 *
+	 * "type" is used by PTR, TYPEDEF, VOLATILE, CONST, RESTRICT,
+	 * FUNC and FUNC_PROTO.
+	 * "type" is a type_id referring to another type.
+	 */
+	SizeType uint32
+}
+
+func (k btfKind) String() string {
+	switch k {
+	case kindUnknown:
+		return "Unknown"
+	case kindInt:
+		return "Integer"
+	case kindPointer:
+		return "Pointer"
+	case kindArray:
+		return "Array"
+	case kindStruct:
+		return "Struct"
+	case kindUnion:
+		return "Union"
+	case kindEnum:
+		return "Enumeration"
+	case kindForward:
+		return "Forward"
+	case kindTypedef:
+		return "Typedef"
+	case kindVolatile:
+		return "Volatile"
+	case kindConst:
+		return "Const"
+	case kindRestrict:
+		return "Restrict"
+	case kindFunc:
+		return "Function"
+	case kindFuncProto:
+		return "Function Proto"
+	case kindVar:
+		return "Variable"
+	case kindDatasec:
+		return "Section"
+	default:
+		return fmt.Sprintf("Unknown (%d)", k)
+	}
+}
+
+func mask(len uint32) uint32 {
+	return (1 << len) - 1
+}
+
+func (bt *btfType) info(len, shift uint32) uint32 {
+	return (bt.Info >> shift) & mask(len)
+}
+
+func (bt *btfType) setInfo(value, len, shift uint32) {
+	bt.Info &^= mask(len) << shift
+	bt.Info |= (value & mask(len)) << shift
+}
+
+func (bt *btfType) Kind() btfKind {
+	return btfKind(bt.info(btfTypeKindLen, btfTypeKindShift))
+}
+
+func (bt *btfType) SetKind(kind btfKind) {
+	bt.setInfo(uint32(kind), btfTypeKindLen, btfTypeKindShift)
+}
+
+func (bt *btfType) Vlen() int {
+	return int(bt.info(btfTypeVlenMask, btfTypeVlenShift))
+}
+
+func (bt *btfType) SetVlen(vlen int) {
+	bt.setInfo(uint32(vlen), btfTypeVlenMask, btfTypeVlenShift)
+}
+
+func (bt *btfType) KindFlag() bool {
+	return bt.info(btfTypeKindFlagMask, btfTypeKindFlagShift) == 1
+}
+
+func (bt *btfType) Linkage() FuncLinkage {
+	return FuncLinkage(bt.info(btfTypeVlenMask, btfTypeVlenShift))
+}
+
+func (bt *btfType) SetLinkage(linkage FuncLinkage) {
+	bt.setInfo(uint32(linkage), btfTypeVlenMask, btfTypeVlenShift)
+}
+
+func (bt *btfType) Type() TypeID {
+	// TODO: Panic here if wrong kind?
+	return TypeID(bt.SizeType)
+}
+
+func (bt *btfType) Size() uint32 {
+	// TODO: Panic here if wrong kind?
+	return bt.SizeType
+}
+
+type rawType struct {
+	btfType
+	data interface{}
+}
+
+func (rt *rawType) Marshal(w io.Writer, bo binary.ByteOrder) error {
+	if err := binary.Write(w, bo, &rt.btfType); err != nil {
+		return err
+	}
+
+	if rt.data == nil {
+		return nil
+	}
+
+	return binary.Write(w, bo, rt.data)
+}
+
+type btfArray struct {
+	Type      TypeID
+	IndexType TypeID
+	Nelems    uint32
+}
+
+type btfMember struct {
+	NameOff uint32
+	Type    TypeID
+	Offset  uint32
+}
+
+type btfVarSecinfo struct {
+	Type   TypeID
+	Offset uint32
+	Size   uint32
+}
+
+type btfVariable struct {
+	Linkage uint32
+}
+
+type btfEnum struct {
+	NameOff uint32
+	Val     int32
+}
+
+type btfParam struct {
+	NameOff uint32
+	Type    TypeID
+}
+
+func readTypes(r io.Reader, bo binary.ByteOrder) ([]rawType, error) {
+	var (
+		header btfType
+		types  []rawType
+	)
+
+	for id := TypeID(1); ; id++ {
+		if err := binary.Read(r, bo, &header); err == io.EOF {
+			return types, nil
+		} else if err != nil {
+			return nil, fmt.Errorf("can't read type info for id %v: %v", id, err)
+		}
+
+		var data interface{}
+		switch header.Kind() {
+		case kindInt:
+			data = new(uint32)
+		case kindPointer:
+		case kindArray:
+			data = new(btfArray)
+		case kindStruct:
+			fallthrough
+		case kindUnion:
+			data = make([]btfMember, header.Vlen())
+		case kindEnum:
+			data = make([]btfEnum, header.Vlen())
+		case kindForward:
+		case kindTypedef:
+		case kindVolatile:
+		case kindConst:
+		case kindRestrict:
+		case kindFunc:
+		case kindFuncProto:
+			data = make([]btfParam, header.Vlen())
+		case kindVar:
+			data = new(btfVariable)
+		case kindDatasec:
+			data = make([]btfVarSecinfo, header.Vlen())
+		default:
+			return nil, fmt.Errorf("type id %v: unknown kind: %v", id, header.Kind())
+		}
+
+		if data == nil {
+			types = append(types, rawType{header, nil})
+			continue
+		}
+
+		if err := binary.Read(r, bo, data); err != nil {
+			return nil, fmt.Errorf("type id %d: kind %v: can't read %T: %v", id, header.Kind(), data, err)
+		}
+
+		types = append(types, rawType{header, data})
+	}
+}
+
+func intEncoding(raw uint32) (IntEncoding, uint32, byte) {
+	return IntEncoding((raw & 0x0f000000) >> 24), (raw & 0x00ff0000) >> 16, byte(raw & 0x000000ff)
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/btf_types_string.go b/vendor/github.com/cilium/ebpf/internal/btf/btf_types_string.go
new file mode 100644
index 0000000000000..0e0c17d68ba92
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/btf_types_string.go
@@ -0,0 +1,44 @@
+// Code generated by "stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage"; DO NOT EDIT.
+
+package btf
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[StaticFunc-0]
+	_ = x[GlobalFunc-1]
+	_ = x[ExternFunc-2]
+}
+
+const _FuncLinkage_name = "staticglobalextern"
+
+var _FuncLinkage_index = [...]uint8{0, 6, 12, 18}
+
+func (i FuncLinkage) String() string {
+	if i < 0 || i >= FuncLinkage(len(_FuncLinkage_index)-1) {
+		return "FuncLinkage(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _FuncLinkage_name[_FuncLinkage_index[i]:_FuncLinkage_index[i+1]]
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[StaticVar-0]
+	_ = x[GlobalVar-1]
+	_ = x[ExternVar-2]
+}
+
+const _VarLinkage_name = "staticglobalextern"
+
+var _VarLinkage_index = [...]uint8{0, 6, 12, 18}
+
+func (i VarLinkage) String() string {
+	if i < 0 || i >= VarLinkage(len(_VarLinkage_index)-1) {
+		return "VarLinkage(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _VarLinkage_name[_VarLinkage_index[i]:_VarLinkage_index[i+1]]
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/core.go b/vendor/github.com/cilium/ebpf/internal/btf/core.go
new file mode 100644
index 0000000000000..7c888f602d0df
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/core.go
@@ -0,0 +1,887 @@
+package btf
+
+import (
+	"errors"
+	"fmt"
+	"math"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/cilium/ebpf/asm"
+)
+
+// Code in this file is derived from libbpf, which is available under a BSD
+// 2-Clause license.
+
+// COREFixup is the result of computing a CO-RE relocation for a target.
+type COREFixup struct {
+	Kind   COREKind
+	Local  uint32
+	Target uint32
+	Poison bool
+}
+
+func (f COREFixup) equal(other COREFixup) bool {
+	return f.Local == other.Local && f.Target == other.Target
+}
+
+func (f COREFixup) String() string {
+	if f.Poison {
+		return fmt.Sprintf("%s=poison", f.Kind)
+	}
+	return fmt.Sprintf("%s=%d->%d", f.Kind, f.Local, f.Target)
+}
+
+func (f COREFixup) apply(ins *asm.Instruction) error {
+	if f.Poison {
+		return errors.New("can't poison individual instruction")
+	}
+
+	switch class := ins.OpCode.Class(); class {
+	case asm.LdXClass, asm.StClass, asm.StXClass:
+		if want := int16(f.Local); want != ins.Offset {
+			return fmt.Errorf("invalid offset %d, expected %d", ins.Offset, want)
+		}
+
+		if f.Target > math.MaxInt16 {
+			return fmt.Errorf("offset %d exceeds MaxInt16", f.Target)
+		}
+
+		ins.Offset = int16(f.Target)
+
+	case asm.LdClass:
+		if !ins.IsConstantLoad(asm.DWord) {
+			return fmt.Errorf("not a dword-sized immediate load")
+		}
+
+		if want := int64(f.Local); want != ins.Constant {
+			return fmt.Errorf("invalid immediate %d, expected %d", ins.Constant, want)
+		}
+
+		ins.Constant = int64(f.Target)
+
+	case asm.ALUClass:
+		if ins.OpCode.ALUOp() == asm.Swap {
+			return fmt.Errorf("relocation against swap")
+		}
+
+		fallthrough
+
+	case asm.ALU64Class:
+		if src := ins.OpCode.Source(); src != asm.ImmSource {
+			return fmt.Errorf("invalid source %s", src)
+		}
+
+		if want := int64(f.Local); want != ins.Constant {
+			return fmt.Errorf("invalid immediate %d, expected %d", ins.Constant, want)
+		}
+
+		if f.Target > math.MaxInt32 {
+			return fmt.Errorf("immediate %d exceeds MaxInt32", f.Target)
+		}
+
+		ins.Constant = int64(f.Target)
+
+	default:
+		return fmt.Errorf("invalid class %s", class)
+	}
+
+	return nil
+}
+
+func (f COREFixup) isNonExistant() bool {
+	return f.Kind.checksForExistence() && f.Target == 0
+}
+
+type COREFixups map[uint64]COREFixup
+
+// Apply a set of CO-RE relocations to a BPF program.
+func (fs COREFixups) Apply(insns asm.Instructions) (asm.Instructions, error) {
+	if len(fs) == 0 {
+		cpy := make(asm.Instructions, len(insns))
+		copy(cpy, insns)
+		return insns, nil
+	}
+
+	cpy := make(asm.Instructions, 0, len(insns))
+	iter := insns.Iterate()
+	for iter.Next() {
+		fixup, ok := fs[iter.Offset.Bytes()]
+		if !ok {
+			cpy = append(cpy, *iter.Ins)
+			continue
+		}
+
+		ins := *iter.Ins
+		if fixup.Poison {
+			const badRelo = asm.BuiltinFunc(0xbad2310)
+
+			cpy = append(cpy, badRelo.Call())
+			if ins.OpCode.IsDWordLoad() {
+				// 64 bit constant loads occupy two raw bpf instructions, so
+				// we need to add another instruction as padding.
+				cpy = append(cpy, badRelo.Call())
+			}
+
+			continue
+		}
+
+		if err := fixup.apply(&ins); err != nil {
+			return nil, fmt.Errorf("instruction %d, offset %d: %s: %w", iter.Index, iter.Offset.Bytes(), fixup.Kind, err)
+		}
+
+		cpy = append(cpy, ins)
+	}
+
+	return cpy, nil
+}
+
+// COREKind is the type of CO-RE relocation
+type COREKind uint32
+
+const (
+	reloFieldByteOffset COREKind = iota /* field byte offset */
+	reloFieldByteSize                   /* field size in bytes */
+	reloFieldExists                     /* field existence in target kernel */
+	reloFieldSigned                     /* field signedness (0 - unsigned, 1 - signed) */
+	reloFieldLShiftU64                  /* bitfield-specific left bitshift */
+	reloFieldRShiftU64                  /* bitfield-specific right bitshift */
+	reloTypeIDLocal                     /* type ID in local BPF object */
+	reloTypeIDTarget                    /* type ID in target kernel */
+	reloTypeExists                      /* type existence in target kernel */
+	reloTypeSize                        /* type size in bytes */
+	reloEnumvalExists                   /* enum value existence in target kernel */
+	reloEnumvalValue                    /* enum value integer value */
+)
+
+func (k COREKind) String() string {
+	switch k {
+	case reloFieldByteOffset:
+		return "byte_off"
+	case reloFieldByteSize:
+		return "byte_sz"
+	case reloFieldExists:
+		return "field_exists"
+	case reloFieldSigned:
+		return "signed"
+	case reloFieldLShiftU64:
+		return "lshift_u64"
+	case reloFieldRShiftU64:
+		return "rshift_u64"
+	case reloTypeIDLocal:
+		return "local_type_id"
+	case reloTypeIDTarget:
+		return "target_type_id"
+	case reloTypeExists:
+		return "type_exists"
+	case reloTypeSize:
+		return "type_size"
+	case reloEnumvalExists:
+		return "enumval_exists"
+	case reloEnumvalValue:
+		return "enumval_value"
+	default:
+		return "unknown"
+	}
+}
+
+func (k COREKind) checksForExistence() bool {
+	return k == reloEnumvalExists || k == reloTypeExists || k == reloFieldExists
+}
+
+func coreRelocate(local, target *Spec, relos coreRelos) (COREFixups, error) {
+	if local.byteOrder != target.byteOrder {
+		return nil, fmt.Errorf("can't relocate %s against %s", local.byteOrder, target.byteOrder)
+	}
+
+	var ids []TypeID
+	relosByID := make(map[TypeID]coreRelos)
+	result := make(COREFixups, len(relos))
+	for _, relo := range relos {
+		if relo.kind == reloTypeIDLocal {
+			// Filtering out reloTypeIDLocal here makes our lives a lot easier
+			// down the line, since it doesn't have a target at all.
+			if len(relo.accessor) > 1 || relo.accessor[0] != 0 {
+				return nil, fmt.Errorf("%s: unexpected accessor %v", relo.kind, relo.accessor)
+			}
+
+			result[uint64(relo.insnOff)] = COREFixup{
+				relo.kind,
+				uint32(relo.typeID),
+				uint32(relo.typeID),
+				false,
+			}
+			continue
+		}
+
+		relos, ok := relosByID[relo.typeID]
+		if !ok {
+			ids = append(ids, relo.typeID)
+		}
+		relosByID[relo.typeID] = append(relos, relo)
+	}
+
+	// Ensure we work on relocations in a deterministic order.
+	sort.Slice(ids, func(i, j int) bool {
+		return ids[i] < ids[j]
+	})
+
+	for _, id := range ids {
+		if int(id) >= len(local.types) {
+			return nil, fmt.Errorf("invalid type id %d", id)
+		}
+
+		localType := local.types[id]
+		named, ok := localType.(namedType)
+		if !ok || named.name() == "" {
+			return nil, fmt.Errorf("relocate unnamed or anonymous type %s: %w", localType, ErrNotSupported)
+		}
+
+		relos := relosByID[id]
+		targets := target.namedTypes[named.essentialName()]
+		fixups, err := coreCalculateFixups(localType, targets, relos)
+		if err != nil {
+			return nil, fmt.Errorf("relocate %s: %w", localType, err)
+		}
+
+		for i, relo := range relos {
+			result[uint64(relo.insnOff)] = fixups[i]
+		}
+	}
+
+	return result, nil
+}
+
+var errAmbiguousRelocation = errors.New("ambiguous relocation")
+var errImpossibleRelocation = errors.New("impossible relocation")
+
+// coreCalculateFixups calculates the fixups for the given relocations using
+// the "best" target.
+//
+// The best target is determined by scoring: the less poisoning we have to do
+// the better the target is.
+func coreCalculateFixups(local Type, targets []namedType, relos coreRelos) ([]COREFixup, error) {
+	localID := local.ID()
+	local, err := copyType(local, skipQualifierAndTypedef)
+	if err != nil {
+		return nil, err
+	}
+
+	bestScore := len(relos)
+	var bestFixups []COREFixup
+	for i := range targets {
+		targetID := targets[i].ID()
+		target, err := copyType(targets[i], skipQualifierAndTypedef)
+		if err != nil {
+			return nil, err
+		}
+
+		score := 0 // lower is better
+		fixups := make([]COREFixup, 0, len(relos))
+		for _, relo := range relos {
+			fixup, err := coreCalculateFixup(local, localID, target, targetID, relo)
+			if err != nil {
+				return nil, fmt.Errorf("target %s: %w", target, err)
+			}
+			if fixup.Poison || fixup.isNonExistant() {
+				score++
+			}
+			fixups = append(fixups, fixup)
+		}
+
+		if score > bestScore {
+			// We have a better target already, ignore this one.
+			continue
+		}
+
+		if score < bestScore {
+			// This is the best target yet, use it.
+			bestScore = score
+			bestFixups = fixups
+			continue
+		}
+
+		// Some other target has the same score as the current one. Make sure
+		// the fixups agree with each other.
+		for i, fixup := range bestFixups {
+			if !fixup.equal(fixups[i]) {
+				return nil, fmt.Errorf("%s: multiple types match: %w", fixup.Kind, errAmbiguousRelocation)
+			}
+		}
+	}
+
+	if bestFixups == nil {
+		// Nothing at all matched, probably because there are no suitable
+		// targets at all. Poison everything!
+		bestFixups = make([]COREFixup, len(relos))
+		for i, relo := range relos {
+			bestFixups[i] = COREFixup{Kind: relo.kind, Poison: true}
+		}
+	}
+
+	return bestFixups, nil
+}
+
+// coreCalculateFixup calculates the fixup for a single local type, target type
+// and relocation.
+func coreCalculateFixup(local Type, localID TypeID, target Type, targetID TypeID, relo coreRelo) (COREFixup, error) {
+	fixup := func(local, target uint32) (COREFixup, error) {
+		return COREFixup{relo.kind, local, target, false}, nil
+	}
+	poison := func() (COREFixup, error) {
+		if relo.kind.checksForExistence() {
+			return fixup(1, 0)
+		}
+		return COREFixup{relo.kind, 0, 0, true}, nil
+	}
+	zero := COREFixup{}
+
+	switch relo.kind {
+	case reloTypeIDTarget, reloTypeSize, reloTypeExists:
+		if len(relo.accessor) > 1 || relo.accessor[0] != 0 {
+			return zero, fmt.Errorf("%s: unexpected accessor %v", relo.kind, relo.accessor)
+		}
+
+		err := coreAreTypesCompatible(local, target)
+		if errors.Is(err, errImpossibleRelocation) {
+			return poison()
+		}
+		if err != nil {
+			return zero, fmt.Errorf("relocation %s: %w", relo.kind, err)
+		}
+
+		switch relo.kind {
+		case reloTypeExists:
+			return fixup(1, 1)
+
+		case reloTypeIDTarget:
+			return fixup(uint32(localID), uint32(targetID))
+
+		case reloTypeSize:
+			localSize, err := Sizeof(local)
+			if err != nil {
+				return zero, err
+			}
+
+			targetSize, err := Sizeof(target)
+			if err != nil {
+				return zero, err
+			}
+
+			return fixup(uint32(localSize), uint32(targetSize))
+		}
+
+	case reloEnumvalValue, reloEnumvalExists:
+		localValue, targetValue, err := coreFindEnumValue(local, relo.accessor, target)
+		if errors.Is(err, errImpossibleRelocation) {
+			return poison()
+		}
+		if err != nil {
+			return zero, fmt.Errorf("relocation %s: %w", relo.kind, err)
+		}
+
+		switch relo.kind {
+		case reloEnumvalExists:
+			return fixup(1, 1)
+
+		case reloEnumvalValue:
+			return fixup(uint32(localValue.Value), uint32(targetValue.Value))
+		}
+
+	case reloFieldByteOffset, reloFieldByteSize, reloFieldExists:
+		if _, ok := target.(*Fwd); ok {
+			// We can't relocate fields using a forward declaration, so
+			// skip it. If a non-forward declaration is present in the BTF
+			// we'll find it in one of the other iterations.
+			return poison()
+		}
+
+		localField, targetField, err := coreFindField(local, relo.accessor, target)
+		if errors.Is(err, errImpossibleRelocation) {
+			return poison()
+		}
+		if err != nil {
+			return zero, fmt.Errorf("target %s: %w", target, err)
+		}
+
+		switch relo.kind {
+		case reloFieldExists:
+			return fixup(1, 1)
+
+		case reloFieldByteOffset:
+			return fixup(localField.offset/8, targetField.offset/8)
+
+		case reloFieldByteSize:
+			localSize, err := Sizeof(localField.Type)
+			if err != nil {
+				return zero, err
+			}
+
+			targetSize, err := Sizeof(targetField.Type)
+			if err != nil {
+				return zero, err
+			}
+
+			return fixup(uint32(localSize), uint32(targetSize))
+
+		}
+	}
+
+	return zero, fmt.Errorf("relocation %s: %w", relo.kind, ErrNotSupported)
+}
+
+/* coreAccessor contains a path through a struct. It contains at least one index.
+ *
+ * The interpretation depends on the kind of the relocation. The following is
+ * taken from struct bpf_core_relo in libbpf_internal.h:
+ *
+ * - for field-based relocations, string encodes an accessed field using
+ *   a sequence of field and array indices, separated by colon (:). It's
+ *   conceptually very close to LLVM's getelementptr ([0]) instruction's
+ *   arguments for identifying offset to a field.
+ * - for type-based relocations, strings is expected to be just "0";
+ * - for enum value-based relocations, string contains an index of enum
+ *   value within its enum type;
+ *
+ * Example to provide a better feel.
+ *
+ *   struct sample {
+ *       int a;
+ *       struct {
+ *           int b[10];
+ *       };
+ *   };
+ *
+ *   struct sample s = ...;
+ *   int x = &s->a;     // encoded as "0:0" (a is field #0)
+ *   int y = &s->b[5];  // encoded as "0:1:0:5" (anon struct is field #1,
+ *                      // b is field #0 inside anon struct, accessing elem #5)
+ *   int z = &s[10]->b; // encoded as "10:1" (ptr is used as an array)
+ */
+type coreAccessor []int
+
+func parseCoreAccessor(accessor string) (coreAccessor, error) {
+	if accessor == "" {
+		return nil, fmt.Errorf("empty accessor")
+	}
+
+	var result coreAccessor
+	parts := strings.Split(accessor, ":")
+	for _, part := range parts {
+		// 31 bits to avoid overflowing int on 32 bit platforms.
+		index, err := strconv.ParseUint(part, 10, 31)
+		if err != nil {
+			return nil, fmt.Errorf("accessor index %q: %s", part, err)
+		}
+
+		result = append(result, int(index))
+	}
+
+	return result, nil
+}
+
+func (ca coreAccessor) String() string {
+	strs := make([]string, 0, len(ca))
+	for _, i := range ca {
+		strs = append(strs, strconv.Itoa(i))
+	}
+	return strings.Join(strs, ":")
+}
+
+func (ca coreAccessor) enumValue(t Type) (*EnumValue, error) {
+	e, ok := t.(*Enum)
+	if !ok {
+		return nil, fmt.Errorf("not an enum: %s", t)
+	}
+
+	if len(ca) > 1 {
+		return nil, fmt.Errorf("invalid accessor %s for enum", ca)
+	}
+
+	i := ca[0]
+	if i >= len(e.Values) {
+		return nil, fmt.Errorf("invalid index %d for %s", i, e)
+	}
+
+	return &e.Values[i], nil
+}
+
+type coreField struct {
+	Type   Type
+	offset uint32
+}
+
+func adjustOffset(base uint32, t Type, n int) (uint32, error) {
+	size, err := Sizeof(t)
+	if err != nil {
+		return 0, err
+	}
+
+	return base + (uint32(n) * uint32(size) * 8), nil
+}
+
+// coreFindField descends into the local type using the accessor and tries to
+// find an equivalent field in target at each step.
+//
+// Returns the field and the offset of the field from the start of
+// target in bits.
+func coreFindField(local Type, localAcc coreAccessor, target Type) (_, _ coreField, _ error) {
+	// The first index is used to offset a pointer of the base type like
+	// when accessing an array.
+	localOffset, err := adjustOffset(0, local, localAcc[0])
+	if err != nil {
+		return coreField{}, coreField{}, err
+	}
+
+	targetOffset, err := adjustOffset(0, target, localAcc[0])
+	if err != nil {
+		return coreField{}, coreField{}, err
+	}
+
+	if err := coreAreMembersCompatible(local, target); err != nil {
+		return coreField{}, coreField{}, fmt.Errorf("fields: %w", err)
+	}
+
+	var localMaybeFlex, targetMaybeFlex bool
+	for _, acc := range localAcc[1:] {
+		switch localType := local.(type) {
+		case composite:
+			// For composite types acc is used to find the field in the local type,
+			// and then we try to find a field in target with the same name.
+			localMembers := localType.members()
+			if acc >= len(localMembers) {
+				return coreField{}, coreField{}, fmt.Errorf("invalid accessor %d for %s", acc, local)
+			}
+
+			localMember := localMembers[acc]
+			if localMember.Name == "" {
+				_, ok := localMember.Type.(composite)
+				if !ok {
+					return coreField{}, coreField{}, fmt.Errorf("unnamed field with type %s: %s", localMember.Type, ErrNotSupported)
+				}
+
+				// This is an anonymous struct or union, ignore it.
+				local = localMember.Type
+				localOffset += localMember.Offset
+				localMaybeFlex = false
+				continue
+			}
+
+			targetType, ok := target.(composite)
+			if !ok {
+				return coreField{}, coreField{}, fmt.Errorf("target not composite: %w", errImpossibleRelocation)
+			}
+
+			targetMember, last, err := coreFindMember(targetType, localMember.Name)
+			if err != nil {
+				return coreField{}, coreField{}, err
+			}
+
+			if targetMember.BitfieldSize > 0 {
+				return coreField{}, coreField{}, fmt.Errorf("field %q is a bitfield: %w", targetMember.Name, ErrNotSupported)
+			}
+
+			local = localMember.Type
+			localMaybeFlex = acc == len(localMembers)-1
+			localOffset += localMember.Offset
+			target = targetMember.Type
+			targetMaybeFlex = last
+			targetOffset += targetMember.Offset
+
+		case *Array:
+			// For arrays, acc is the index in the target.
+			targetType, ok := target.(*Array)
+			if !ok {
+				return coreField{}, coreField{}, fmt.Errorf("target not array: %w", errImpossibleRelocation)
+			}
+
+			if localType.Nelems == 0 && !localMaybeFlex {
+				return coreField{}, coreField{}, fmt.Errorf("local type has invalid flexible array")
+			}
+			if targetType.Nelems == 0 && !targetMaybeFlex {
+				return coreField{}, coreField{}, fmt.Errorf("target type has invalid flexible array")
+			}
+
+			if localType.Nelems > 0 && acc >= int(localType.Nelems) {
+				return coreField{}, coreField{}, fmt.Errorf("invalid access of %s at index %d", localType, acc)
+			}
+			if targetType.Nelems > 0 && acc >= int(targetType.Nelems) {
+				return coreField{}, coreField{}, fmt.Errorf("out of bounds access of target: %w", errImpossibleRelocation)
+			}
+
+			local = localType.Type
+			localMaybeFlex = false
+			localOffset, err = adjustOffset(localOffset, local, acc)
+			if err != nil {
+				return coreField{}, coreField{}, err
+			}
+
+			target = targetType.Type
+			targetMaybeFlex = false
+			targetOffset, err = adjustOffset(targetOffset, target, acc)
+			if err != nil {
+				return coreField{}, coreField{}, err
+			}
+
+		default:
+			return coreField{}, coreField{}, fmt.Errorf("relocate field of %T: %w", localType, ErrNotSupported)
+		}
+
+		if err := coreAreMembersCompatible(local, target); err != nil {
+			return coreField{}, coreField{}, err
+		}
+	}
+
+	return coreField{local, localOffset}, coreField{target, targetOffset}, nil
+}
+
+// coreFindMember finds a member in a composite type while handling anonymous
+// structs and unions.
+func coreFindMember(typ composite, name Name) (Member, bool, error) {
+	if name == "" {
+		return Member{}, false, errors.New("can't search for anonymous member")
+	}
+
+	type offsetTarget struct {
+		composite
+		offset uint32
+	}
+
+	targets := []offsetTarget{{typ, 0}}
+	visited := make(map[composite]bool)
+
+	for i := 0; i < len(targets); i++ {
+		target := targets[i]
+
+		// Only visit targets once to prevent infinite recursion.
+		if visited[target] {
+			continue
+		}
+		if len(visited) >= maxTypeDepth {
+			// This check is different than libbpf, which restricts the entire
+			// path to BPF_CORE_SPEC_MAX_LEN items.
+			return Member{}, false, fmt.Errorf("type is nested too deep")
+		}
+		visited[target] = true
+
+		members := target.members()
+		for j, member := range members {
+			if member.Name == name {
+				// NB: This is safe because member is a copy.
+				member.Offset += target.offset
+				return member, j == len(members)-1, nil
+			}
+
+			// The names don't match, but this member could be an anonymous struct
+			// or union.
+			if member.Name != "" {
+				continue
+			}
+
+			comp, ok := member.Type.(composite)
+			if !ok {
+				return Member{}, false, fmt.Errorf("anonymous non-composite type %T not allowed", member.Type)
+			}
+
+			targets = append(targets, offsetTarget{comp, target.offset + member.Offset})
+		}
+	}
+
+	return Member{}, false, fmt.Errorf("no matching member: %w", errImpossibleRelocation)
+}
+
+// coreFindEnumValue follows localAcc to find the equivalent enum value in target.
+func coreFindEnumValue(local Type, localAcc coreAccessor, target Type) (localValue, targetValue *EnumValue, _ error) {
+	localValue, err := localAcc.enumValue(local)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	targetEnum, ok := target.(*Enum)
+	if !ok {
+		return nil, nil, errImpossibleRelocation
+	}
+
+	localName := localValue.Name.essentialName()
+	for i, targetValue := range targetEnum.Values {
+		if targetValue.Name.essentialName() != localName {
+			continue
+		}
+
+		return localValue, &targetEnum.Values[i], nil
+	}
+
+	return nil, nil, errImpossibleRelocation
+}
+
+/* The comment below is from bpf_core_types_are_compat in libbpf.c:
+ *
+ * Check local and target types for compatibility. This check is used for
+ * type-based CO-RE relocations and follow slightly different rules than
+ * field-based relocations. This function assumes that root types were already
+ * checked for name match. Beyond that initial root-level name check, names
+ * are completely ignored. Compatibility rules are as follows:
+ *   - any two STRUCTs/UNIONs/FWDs/ENUMs/INTs are considered compatible, but
+ *     kind should match for local and target types (i.e., STRUCT is not
+ *     compatible with UNION);
+ *   - for ENUMs, the size is ignored;
+ *   - for INT, size and signedness are ignored;
+ *   - for ARRAY, dimensionality is ignored, element types are checked for
+ *     compatibility recursively;
+ *   - CONST/VOLATILE/RESTRICT modifiers are ignored;
+ *   - TYPEDEFs/PTRs are compatible if types they pointing to are compatible;
+ *   - FUNC_PROTOs are compatible if they have compatible signature: same
+ *     number of input args and compatible return and argument types.
+ * These rules are not set in stone and probably will be adjusted as we get
+ * more experience with using BPF CO-RE relocations.
+ *
+ * Returns errImpossibleRelocation if types are not compatible.
+ */
+func coreAreTypesCompatible(localType Type, targetType Type) error {
+	var (
+		localTs, targetTs typeDeque
+		l, t              = &localType, &targetType
+		depth             = 0
+	)
+
+	for ; l != nil && t != nil; l, t = localTs.shift(), targetTs.shift() {
+		if depth >= maxTypeDepth {
+			return errors.New("types are nested too deep")
+		}
+
+		localType = *l
+		targetType = *t
+
+		if reflect.TypeOf(localType) != reflect.TypeOf(targetType) {
+			return fmt.Errorf("type mismatch: %w", errImpossibleRelocation)
+		}
+
+		switch lv := (localType).(type) {
+		case *Void, *Struct, *Union, *Enum, *Fwd:
+			// Nothing to do here
+
+		case *Int:
+			tv := targetType.(*Int)
+			if lv.isBitfield() || tv.isBitfield() {
+				return fmt.Errorf("bitfield: %w", errImpossibleRelocation)
+			}
+
+		case *Pointer, *Array:
+			depth++
+			localType.walk(&localTs)
+			targetType.walk(&targetTs)
+
+		case *FuncProto:
+			tv := targetType.(*FuncProto)
+			if len(lv.Params) != len(tv.Params) {
+				return fmt.Errorf("function param mismatch: %w", errImpossibleRelocation)
+			}
+
+			depth++
+			localType.walk(&localTs)
+			targetType.walk(&targetTs)
+
+		default:
+			return fmt.Errorf("unsupported type %T", localType)
+		}
+	}
+
+	if l != nil {
+		return fmt.Errorf("dangling local type %T", *l)
+	}
+
+	if t != nil {
+		return fmt.Errorf("dangling target type %T", *t)
+	}
+
+	return nil
+}
+
+/* coreAreMembersCompatible checks two types for field-based relocation compatibility.
+ *
+ * The comment below is from bpf_core_fields_are_compat in libbpf.c:
+ *
+ * Check two types for compatibility for the purpose of field access
+ * relocation. const/volatile/restrict and typedefs are skipped to ensure we
+ * are relocating semantically compatible entities:
+ *   - any two STRUCTs/UNIONs are compatible and can be mixed;
+ *   - any two FWDs are compatible, if their names match (modulo flavor suffix);
+ *   - any two PTRs are always compatible;
+ *   - for ENUMs, names should be the same (ignoring flavor suffix) or at
+ *     least one of enums should be anonymous;
+ *   - for ENUMs, check sizes, names are ignored;
+ *   - for INT, size and signedness are ignored;
+ *   - for ARRAY, dimensionality is ignored, element types are checked for
+ *     compatibility recursively;
+ *     [ NB: coreAreMembersCompatible doesn't recurse, this check is done
+ *       by coreFindField. ]
+ *   - everything else shouldn't be ever a target of relocation.
+ * These rules are not set in stone and probably will be adjusted as we get
+ * more experience with using BPF CO-RE relocations.
+ *
+ * Returns errImpossibleRelocation if the members are not compatible.
+ */
+func coreAreMembersCompatible(localType Type, targetType Type) error {
+	doNamesMatch := func(a, b string) error {
+		if a == "" || b == "" {
+			// allow anonymous and named type to match
+			return nil
+		}
+
+		if essentialName(a) == essentialName(b) {
+			return nil
+		}
+
+		return fmt.Errorf("names don't match: %w", errImpossibleRelocation)
+	}
+
+	_, lok := localType.(composite)
+	_, tok := targetType.(composite)
+	if lok && tok {
+		return nil
+	}
+
+	if reflect.TypeOf(localType) != reflect.TypeOf(targetType) {
+		return fmt.Errorf("type mismatch: %w", errImpossibleRelocation)
+	}
+
+	switch lv := localType.(type) {
+	case *Array, *Pointer:
+		return nil
+
+	case *Enum:
+		tv := targetType.(*Enum)
+		return doNamesMatch(lv.name(), tv.name())
+
+	case *Fwd:
+		tv := targetType.(*Fwd)
+		return doNamesMatch(lv.name(), tv.name())
+
+	case *Int:
+		tv := targetType.(*Int)
+		if lv.isBitfield() || tv.isBitfield() {
+			return fmt.Errorf("bitfield: %w", errImpossibleRelocation)
+		}
+		return nil
+
+	default:
+		return fmt.Errorf("type %s: %w", localType, ErrNotSupported)
+	}
+}
+
+func skipQualifierAndTypedef(typ Type) (Type, error) {
+	result := typ
+	for depth := 0; depth <= maxTypeDepth; depth++ {
+		switch v := (result).(type) {
+		case qualifier:
+			result = v.qualify()
+		case *Typedef:
+			result = v.Type
+		default:
+			return result, nil
+		}
+	}
+	return nil, errors.New("exceeded type depth")
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/doc.go b/vendor/github.com/cilium/ebpf/internal/btf/doc.go
new file mode 100644
index 0000000000000..ad2576cb23c48
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/doc.go
@@ -0,0 +1,8 @@
+// Package btf handles data encoded according to the BPF Type Format.
+//
+// The canonical documentation lives in the Linux kernel repository and is
+// available at https://www.kernel.org/doc/html/latest/bpf/btf.html
+//
+// The API is very much unstable. You should only use this via the main
+// ebpf library.
+package btf
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/ext_info.go b/vendor/github.com/cilium/ebpf/internal/btf/ext_info.go
new file mode 100644
index 0000000000000..beba1bce6980b
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/ext_info.go
@@ -0,0 +1,303 @@
+package btf
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+
+	"github.com/cilium/ebpf/asm"
+	"github.com/cilium/ebpf/internal"
+)
+
+type btfExtHeader struct {
+	Magic   uint16
+	Version uint8
+	Flags   uint8
+	HdrLen  uint32
+
+	FuncInfoOff uint32
+	FuncInfoLen uint32
+	LineInfoOff uint32
+	LineInfoLen uint32
+}
+
+type btfExtCoreHeader struct {
+	CoreReloOff uint32
+	CoreReloLen uint32
+}
+
+func parseExtInfos(r io.ReadSeeker, bo binary.ByteOrder, strings stringTable) (funcInfo, lineInfo map[string]extInfo, relos map[string]coreRelos, err error) {
+	var header btfExtHeader
+	var coreHeader btfExtCoreHeader
+	if err := binary.Read(r, bo, &header); err != nil {
+		return nil, nil, nil, fmt.Errorf("can't read header: %v", err)
+	}
+
+	if header.Magic != btfMagic {
+		return nil, nil, nil, fmt.Errorf("incorrect magic value %v", header.Magic)
+	}
+
+	if header.Version != 1 {
+		return nil, nil, nil, fmt.Errorf("unexpected version %v", header.Version)
+	}
+
+	if header.Flags != 0 {
+		return nil, nil, nil, fmt.Errorf("unsupported flags %v", header.Flags)
+	}
+
+	remainder := int64(header.HdrLen) - int64(binary.Size(&header))
+	if remainder < 0 {
+		return nil, nil, nil, errors.New("header is too short")
+	}
+
+	coreHdrSize := int64(binary.Size(&coreHeader))
+	if remainder >= coreHdrSize {
+		if err := binary.Read(r, bo, &coreHeader); err != nil {
+			return nil, nil, nil, fmt.Errorf("can't read CO-RE relocation header: %v", err)
+		}
+		remainder -= coreHdrSize
+	}
+
+	// Of course, the .BTF.ext header has different semantics than the
+	// .BTF ext header. We need to ignore non-null values.
+	_, err = io.CopyN(ioutil.Discard, r, remainder)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("header padding: %v", err)
+	}
+
+	if _, err := r.Seek(int64(header.HdrLen+header.FuncInfoOff), io.SeekStart); err != nil {
+		return nil, nil, nil, fmt.Errorf("can't seek to function info section: %v", err)
+	}
+
+	buf := bufio.NewReader(io.LimitReader(r, int64(header.FuncInfoLen)))
+	funcInfo, err = parseExtInfo(buf, bo, strings)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("function info: %w", err)
+	}
+
+	if _, err := r.Seek(int64(header.HdrLen+header.LineInfoOff), io.SeekStart); err != nil {
+		return nil, nil, nil, fmt.Errorf("can't seek to line info section: %v", err)
+	}
+
+	buf = bufio.NewReader(io.LimitReader(r, int64(header.LineInfoLen)))
+	lineInfo, err = parseExtInfo(buf, bo, strings)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("line info: %w", err)
+	}
+
+	if coreHeader.CoreReloOff > 0 && coreHeader.CoreReloLen > 0 {
+		if _, err := r.Seek(int64(header.HdrLen+coreHeader.CoreReloOff), io.SeekStart); err != nil {
+			return nil, nil, nil, fmt.Errorf("can't seek to CO-RE relocation section: %v", err)
+		}
+
+		relos, err = parseExtInfoRelos(io.LimitReader(r, int64(coreHeader.CoreReloLen)), bo, strings)
+		if err != nil {
+			return nil, nil, nil, fmt.Errorf("CO-RE relocation info: %w", err)
+		}
+	}
+
+	return funcInfo, lineInfo, relos, nil
+}
+
+type btfExtInfoSec struct {
+	SecNameOff uint32
+	NumInfo    uint32
+}
+
+type extInfoRecord struct {
+	InsnOff uint64
+	Opaque  []byte
+}
+
+type extInfo struct {
+	recordSize uint32
+	records    []extInfoRecord
+}
+
+func (ei extInfo) append(other extInfo, offset uint64) (extInfo, error) {
+	if other.recordSize != ei.recordSize {
+		return extInfo{}, fmt.Errorf("ext_info record size mismatch, want %d (got %d)", ei.recordSize, other.recordSize)
+	}
+
+	records := make([]extInfoRecord, 0, len(ei.records)+len(other.records))
+	records = append(records, ei.records...)
+	for _, info := range other.records {
+		records = append(records, extInfoRecord{
+			InsnOff: info.InsnOff + offset,
+			Opaque:  info.Opaque,
+		})
+	}
+	return extInfo{ei.recordSize, records}, nil
+}
+
+func (ei extInfo) MarshalBinary() ([]byte, error) {
+	if len(ei.records) == 0 {
+		return nil, nil
+	}
+
+	buf := bytes.NewBuffer(make([]byte, 0, int(ei.recordSize)*len(ei.records)))
+	for _, info := range ei.records {
+		// The kernel expects offsets in number of raw bpf instructions,
+		// while the ELF tracks it in bytes.
+		insnOff := uint32(info.InsnOff / asm.InstructionSize)
+		if err := binary.Write(buf, internal.NativeEndian, insnOff); err != nil {
+			return nil, fmt.Errorf("can't write instruction offset: %v", err)
+		}
+
+		buf.Write(info.Opaque)
+	}
+
+	return buf.Bytes(), nil
+}
+
+func parseExtInfo(r io.Reader, bo binary.ByteOrder, strings stringTable) (map[string]extInfo, error) {
+	const maxRecordSize = 256
+
+	var recordSize uint32
+	if err := binary.Read(r, bo, &recordSize); err != nil {
+		return nil, fmt.Errorf("can't read record size: %v", err)
+	}
+
+	if recordSize < 4 {
+		// Need at least insnOff
+		return nil, errors.New("record size too short")
+	}
+	if recordSize > maxRecordSize {
+		return nil, fmt.Errorf("record size %v exceeds %v", recordSize, maxRecordSize)
+	}
+
+	result := make(map[string]extInfo)
+	for {
+		secName, infoHeader, err := parseExtInfoHeader(r, bo, strings)
+		if errors.Is(err, io.EOF) {
+			return result, nil
+		}
+
+		var records []extInfoRecord
+		for i := uint32(0); i < infoHeader.NumInfo; i++ {
+			var byteOff uint32
+			if err := binary.Read(r, bo, &byteOff); err != nil {
+				return nil, fmt.Errorf("section %v: can't read extended info offset: %v", secName, err)
+			}
+
+			buf := make([]byte, int(recordSize-4))
+			if _, err := io.ReadFull(r, buf); err != nil {
+				return nil, fmt.Errorf("section %v: can't read record: %v", secName, err)
+			}
+
+			if byteOff%asm.InstructionSize != 0 {
+				return nil, fmt.Errorf("section %v: offset %v is not aligned with instruction size", secName, byteOff)
+			}
+
+			records = append(records, extInfoRecord{uint64(byteOff), buf})
+		}
+
+		result[secName] = extInfo{
+			recordSize,
+			records,
+		}
+	}
+}
+
+// bpfCoreRelo matches `struct bpf_core_relo` from the kernel
+type bpfCoreRelo struct {
+	InsnOff      uint32
+	TypeID       TypeID
+	AccessStrOff uint32
+	Kind         COREKind
+}
+
+type coreRelo struct {
+	insnOff  uint32
+	typeID   TypeID
+	accessor coreAccessor
+	kind     COREKind
+}
+
+type coreRelos []coreRelo
+
+// append two slices of extInfoRelo to each other. The InsnOff of b are adjusted
+// by offset.
+func (r coreRelos) append(other coreRelos, offset uint64) coreRelos {
+	result := make([]coreRelo, 0, len(r)+len(other))
+	result = append(result, r...)
+	for _, relo := range other {
+		relo.insnOff += uint32(offset)
+		result = append(result, relo)
+	}
+	return result
+}
+
+var extInfoReloSize = binary.Size(bpfCoreRelo{})
+
+func parseExtInfoRelos(r io.Reader, bo binary.ByteOrder, strings stringTable) (map[string]coreRelos, error) {
+	var recordSize uint32
+	if err := binary.Read(r, bo, &recordSize); err != nil {
+		return nil, fmt.Errorf("read record size: %v", err)
+	}
+
+	if recordSize != uint32(extInfoReloSize) {
+		return nil, fmt.Errorf("expected record size %d, got %d", extInfoReloSize, recordSize)
+	}
+
+	result := make(map[string]coreRelos)
+	for {
+		secName, infoHeader, err := parseExtInfoHeader(r, bo, strings)
+		if errors.Is(err, io.EOF) {
+			return result, nil
+		}
+
+		var relos coreRelos
+		for i := uint32(0); i < infoHeader.NumInfo; i++ {
+			var relo bpfCoreRelo
+			if err := binary.Read(r, bo, &relo); err != nil {
+				return nil, fmt.Errorf("section %v: read record: %v", secName, err)
+			}
+
+			if relo.InsnOff%asm.InstructionSize != 0 {
+				return nil, fmt.Errorf("section %v: offset %v is not aligned with instruction size", secName, relo.InsnOff)
+			}
+
+			accessorStr, err := strings.Lookup(relo.AccessStrOff)
+			if err != nil {
+				return nil, err
+			}
+
+			accessor, err := parseCoreAccessor(accessorStr)
+			if err != nil {
+				return nil, fmt.Errorf("accessor %q: %s", accessorStr, err)
+			}
+
+			relos = append(relos, coreRelo{
+				relo.InsnOff,
+				relo.TypeID,
+				accessor,
+				relo.Kind,
+			})
+		}
+
+		result[secName] = relos
+	}
+}
+
+func parseExtInfoHeader(r io.Reader, bo binary.ByteOrder, strings stringTable) (string, *btfExtInfoSec, error) {
+	var infoHeader btfExtInfoSec
+	if err := binary.Read(r, bo, &infoHeader); err != nil {
+		return "", nil, fmt.Errorf("read ext info header: %w", err)
+	}
+
+	secName, err := strings.Lookup(infoHeader.SecNameOff)
+	if err != nil {
+		return "", nil, fmt.Errorf("get section name: %w", err)
+	}
+
+	if infoHeader.NumInfo == 0 {
+		return "", nil, fmt.Errorf("section %s has zero records", secName)
+	}
+
+	return secName, &infoHeader, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/fuzz.go b/vendor/github.com/cilium/ebpf/internal/btf/fuzz.go
new file mode 100644
index 0000000000000..37e043fd378c7
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/fuzz.go
@@ -0,0 +1,49 @@
+// +build gofuzz
+
+// Use with https://github.com/dvyukov/go-fuzz
+
+package btf
+
+import (
+	"bytes"
+	"encoding/binary"
+
+	"github.com/cilium/ebpf/internal"
+)
+
+func FuzzSpec(data []byte) int {
+	if len(data) < binary.Size(btfHeader{}) {
+		return -1
+	}
+
+	spec, err := loadNakedSpec(bytes.NewReader(data), internal.NativeEndian, nil, nil)
+	if err != nil {
+		if spec != nil {
+			panic("spec is not nil")
+		}
+		return 0
+	}
+	if spec == nil {
+		panic("spec is nil")
+	}
+	return 1
+}
+
+func FuzzExtInfo(data []byte) int {
+	if len(data) < binary.Size(btfExtHeader{}) {
+		return -1
+	}
+
+	table := stringTable("\x00foo\x00barfoo\x00")
+	info, err := parseExtInfo(bytes.NewReader(data), internal.NativeEndian, table)
+	if err != nil {
+		if info != nil {
+			panic("info is not nil")
+		}
+		return 0
+	}
+	if info == nil {
+		panic("info is nil")
+	}
+	return 1
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/strings.go b/vendor/github.com/cilium/ebpf/internal/btf/strings.go
new file mode 100644
index 0000000000000..8782643a043ef
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/strings.go
@@ -0,0 +1,60 @@
+package btf
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+)
+
+type stringTable []byte
+
+func readStringTable(r io.Reader) (stringTable, error) {
+	contents, err := ioutil.ReadAll(r)
+	if err != nil {
+		return nil, fmt.Errorf("can't read string table: %v", err)
+	}
+
+	if len(contents) < 1 {
+		return nil, errors.New("string table is empty")
+	}
+
+	if contents[0] != '\x00' {
+		return nil, errors.New("first item in string table is non-empty")
+	}
+
+	if contents[len(contents)-1] != '\x00' {
+		return nil, errors.New("string table isn't null terminated")
+	}
+
+	return stringTable(contents), nil
+}
+
+func (st stringTable) Lookup(offset uint32) (string, error) {
+	if int64(offset) > int64(^uint(0)>>1) {
+		return "", fmt.Errorf("offset %d overflows int", offset)
+	}
+
+	pos := int(offset)
+	if pos >= len(st) {
+		return "", fmt.Errorf("offset %d is out of bounds", offset)
+	}
+
+	if pos > 0 && st[pos-1] != '\x00' {
+		return "", fmt.Errorf("offset %d isn't start of a string", offset)
+	}
+
+	str := st[pos:]
+	end := bytes.IndexByte(str, '\x00')
+	if end == -1 {
+		return "", fmt.Errorf("offset %d isn't null terminated", offset)
+	}
+
+	return string(str[:end]), nil
+}
+
+func (st stringTable) LookupName(offset uint32) (Name, error) {
+	str, err := st.Lookup(offset)
+	return Name(str), err
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/btf/types.go b/vendor/github.com/cilium/ebpf/internal/btf/types.go
new file mode 100644
index 0000000000000..62aa31bcd7819
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/btf/types.go
@@ -0,0 +1,893 @@
+package btf
+
+import (
+	"fmt"
+	"math"
+	"strings"
+)
+
+const maxTypeDepth = 32
+
+// TypeID identifies a type in a BTF section.
+type TypeID uint32
+
+// ID implements part of the Type interface.
+func (tid TypeID) ID() TypeID {
+	return tid
+}
+
+// Type represents a type described by BTF.
+type Type interface {
+	ID() TypeID
+
+	String() string
+
+	// Make a copy of the type, without copying Type members.
+	copy() Type
+
+	// Enumerate all nested Types. Repeated calls must visit nested
+	// types in the same order.
+	walk(*typeDeque)
+}
+
+// namedType is a type with a name.
+//
+// Most named types simply embed Name.
+type namedType interface {
+	Type
+	name() string
+	essentialName() string
+}
+
+// Name identifies a type.
+//
+// Anonymous types have an empty name.
+type Name string
+
+func (n Name) name() string {
+	return string(n)
+}
+
+func (n Name) essentialName() string {
+	return essentialName(string(n))
+}
+
+// Void is the unit type of BTF.
+type Void struct{}
+
+func (v *Void) ID() TypeID      { return 0 }
+func (v *Void) String() string  { return "void#0" }
+func (v *Void) size() uint32    { return 0 }
+func (v *Void) copy() Type      { return (*Void)(nil) }
+func (v *Void) walk(*typeDeque) {}
+
+type IntEncoding byte
+
+const (
+	Signed IntEncoding = 1 << iota
+	Char
+	Bool
+)
+
+// Int is an integer of a given length.
+type Int struct {
+	TypeID
+	Name
+
+	// The size of the integer in bytes.
+	Size     uint32
+	Encoding IntEncoding
+	// Offset is the starting bit offset. Currently always 0.
+	// See https://www.kernel.org/doc/html/latest/bpf/btf.html#btf-kind-int
+	Offset uint32
+	Bits   byte
+}
+
+var _ namedType = (*Int)(nil)
+
+func (i *Int) String() string {
+	var s strings.Builder
+
+	switch {
+	case i.Encoding&Char != 0:
+		s.WriteString("char")
+	case i.Encoding&Bool != 0:
+		s.WriteString("bool")
+	default:
+		if i.Encoding&Signed == 0 {
+			s.WriteRune('u')
+		}
+		s.WriteString("int")
+		fmt.Fprintf(&s, "%d", i.Size*8)
+	}
+
+	fmt.Fprintf(&s, "#%d", i.TypeID)
+
+	if i.Bits > 0 {
+		fmt.Fprintf(&s, "[bits=%d]", i.Bits)
+	}
+
+	return s.String()
+}
+
+func (i *Int) size() uint32    { return i.Size }
+func (i *Int) walk(*typeDeque) {}
+func (i *Int) copy() Type {
+	cpy := *i
+	return &cpy
+}
+
+func (i *Int) isBitfield() bool {
+	return i.Offset > 0
+}
+
+// Pointer is a pointer to another type.
+type Pointer struct {
+	TypeID
+	Target Type
+}
+
+func (p *Pointer) String() string {
+	return fmt.Sprintf("pointer#%d[target=#%d]", p.TypeID, p.Target.ID())
+}
+
+func (p *Pointer) size() uint32        { return 8 }
+func (p *Pointer) walk(tdq *typeDeque) { tdq.push(&p.Target) }
+func (p *Pointer) copy() Type {
+	cpy := *p
+	return &cpy
+}
+
+// Array is an array with a fixed number of elements.
+type Array struct {
+	TypeID
+	Type   Type
+	Nelems uint32
+}
+
+func (arr *Array) String() string {
+	return fmt.Sprintf("array#%d[type=#%d n=%d]", arr.TypeID, arr.Type.ID(), arr.Nelems)
+}
+
+func (arr *Array) walk(tdq *typeDeque) { tdq.push(&arr.Type) }
+func (arr *Array) copy() Type {
+	cpy := *arr
+	return &cpy
+}
+
+// Struct is a compound type of consecutive members.
+type Struct struct {
+	TypeID
+	Name
+	// The size of the struct including padding, in bytes
+	Size    uint32
+	Members []Member
+}
+
+func (s *Struct) String() string {
+	return fmt.Sprintf("struct#%d[%q]", s.TypeID, s.Name)
+}
+
+func (s *Struct) size() uint32 { return s.Size }
+
+func (s *Struct) walk(tdq *typeDeque) {
+	for i := range s.Members {
+		tdq.push(&s.Members[i].Type)
+	}
+}
+
+func (s *Struct) copy() Type {
+	cpy := *s
+	cpy.Members = copyMembers(s.Members)
+	return &cpy
+}
+
+func (s *Struct) members() []Member {
+	return s.Members
+}
+
+// Union is a compound type where members occupy the same memory.
+type Union struct {
+	TypeID
+	Name
+	// The size of the union including padding, in bytes.
+	Size    uint32
+	Members []Member
+}
+
+func (u *Union) String() string {
+	return fmt.Sprintf("union#%d[%q]", u.TypeID, u.Name)
+}
+
+func (u *Union) size() uint32 { return u.Size }
+
+func (u *Union) walk(tdq *typeDeque) {
+	for i := range u.Members {
+		tdq.push(&u.Members[i].Type)
+	}
+}
+
+func (u *Union) copy() Type {
+	cpy := *u
+	cpy.Members = copyMembers(u.Members)
+	return &cpy
+}
+
+func (u *Union) members() []Member {
+	return u.Members
+}
+
+func copyMembers(orig []Member) []Member {
+	cpy := make([]Member, len(orig))
+	copy(cpy, orig)
+	return cpy
+}
+
+type composite interface {
+	members() []Member
+}
+
+var (
+	_ composite = (*Struct)(nil)
+	_ composite = (*Union)(nil)
+)
+
+// Member is part of a Struct or Union.
+//
+// It is not a valid Type.
+type Member struct {
+	Name
+	Type Type
+	// Offset is the bit offset of this member
+	Offset       uint32
+	BitfieldSize uint32
+}
+
+// Enum lists possible values.
+type Enum struct {
+	TypeID
+	Name
+	Values []EnumValue
+}
+
+func (e *Enum) String() string {
+	return fmt.Sprintf("enum#%d[%q]", e.TypeID, e.Name)
+}
+
+// EnumValue is part of an Enum
+//
+// Is is not a valid Type
+type EnumValue struct {
+	Name
+	Value int32
+}
+
+func (e *Enum) size() uint32    { return 4 }
+func (e *Enum) walk(*typeDeque) {}
+func (e *Enum) copy() Type {
+	cpy := *e
+	cpy.Values = make([]EnumValue, len(e.Values))
+	copy(cpy.Values, e.Values)
+	return &cpy
+}
+
+// FwdKind is the type of forward declaration.
+type FwdKind int
+
+// Valid types of forward declaration.
+const (
+	FwdStruct FwdKind = iota
+	FwdUnion
+)
+
+func (fk FwdKind) String() string {
+	switch fk {
+	case FwdStruct:
+		return "struct"
+	case FwdUnion:
+		return "union"
+	default:
+		return fmt.Sprintf("%T(%d)", fk, int(fk))
+	}
+}
+
+// Fwd is a forward declaration of a Type.
+type Fwd struct {
+	TypeID
+	Name
+	Kind FwdKind
+}
+
+func (f *Fwd) String() string {
+	return fmt.Sprintf("fwd#%d[%s %q]", f.TypeID, f.Kind, f.Name)
+}
+
+func (f *Fwd) walk(*typeDeque) {}
+func (f *Fwd) copy() Type {
+	cpy := *f
+	return &cpy
+}
+
+// Typedef is an alias of a Type.
+type Typedef struct {
+	TypeID
+	Name
+	Type Type
+}
+
+func (td *Typedef) String() string {
+	return fmt.Sprintf("typedef#%d[%q #%d]", td.TypeID, td.Name, td.Type.ID())
+}
+
+func (td *Typedef) walk(tdq *typeDeque) { tdq.push(&td.Type) }
+func (td *Typedef) copy() Type {
+	cpy := *td
+	return &cpy
+}
+
+// Volatile is a qualifier.
+type Volatile struct {
+	TypeID
+	Type Type
+}
+
+func (v *Volatile) String() string {
+	return fmt.Sprintf("volatile#%d[#%d]", v.TypeID, v.Type.ID())
+}
+
+func (v *Volatile) qualify() Type       { return v.Type }
+func (v *Volatile) walk(tdq *typeDeque) { tdq.push(&v.Type) }
+func (v *Volatile) copy() Type {
+	cpy := *v
+	return &cpy
+}
+
+// Const is a qualifier.
+type Const struct {
+	TypeID
+	Type Type
+}
+
+func (c *Const) String() string {
+	return fmt.Sprintf("const#%d[#%d]", c.TypeID, c.Type.ID())
+}
+
+func (c *Const) qualify() Type       { return c.Type }
+func (c *Const) walk(tdq *typeDeque) { tdq.push(&c.Type) }
+func (c *Const) copy() Type {
+	cpy := *c
+	return &cpy
+}
+
+// Restrict is a qualifier.
+type Restrict struct {
+	TypeID
+	Type Type
+}
+
+func (r *Restrict) String() string {
+	return fmt.Sprintf("restrict#%d[#%d]", r.TypeID, r.Type.ID())
+}
+
+func (r *Restrict) qualify() Type       { return r.Type }
+func (r *Restrict) walk(tdq *typeDeque) { tdq.push(&r.Type) }
+func (r *Restrict) copy() Type {
+	cpy := *r
+	return &cpy
+}
+
+// Func is a function definition.
+type Func struct {
+	TypeID
+	Name
+	Type    Type
+	Linkage FuncLinkage
+}
+
+func (f *Func) String() string {
+	return fmt.Sprintf("func#%d[%s %q proto=#%d]", f.TypeID, f.Linkage, f.Name, f.Type.ID())
+}
+
+func (f *Func) walk(tdq *typeDeque) { tdq.push(&f.Type) }
+func (f *Func) copy() Type {
+	cpy := *f
+	return &cpy
+}
+
+// FuncProto is a function declaration.
+type FuncProto struct {
+	TypeID
+	Return Type
+	Params []FuncParam
+}
+
+func (fp *FuncProto) String() string {
+	var s strings.Builder
+	fmt.Fprintf(&s, "proto#%d[", fp.TypeID)
+	for _, param := range fp.Params {
+		fmt.Fprintf(&s, "%q=#%d, ", param.Name, param.Type.ID())
+	}
+	fmt.Fprintf(&s, "return=#%d]", fp.Return.ID())
+	return s.String()
+}
+
+func (fp *FuncProto) walk(tdq *typeDeque) {
+	tdq.push(&fp.Return)
+	for i := range fp.Params {
+		tdq.push(&fp.Params[i].Type)
+	}
+}
+
+func (fp *FuncProto) copy() Type {
+	cpy := *fp
+	cpy.Params = make([]FuncParam, len(fp.Params))
+	copy(cpy.Params, fp.Params)
+	return &cpy
+}
+
+type FuncParam struct {
+	Name
+	Type Type
+}
+
+// Var is a global variable.
+type Var struct {
+	TypeID
+	Name
+	Type    Type
+	Linkage VarLinkage
+}
+
+func (v *Var) String() string {
+	return fmt.Sprintf("var#%d[%s %q]", v.TypeID, v.Linkage, v.Name)
+}
+
+func (v *Var) walk(tdq *typeDeque) { tdq.push(&v.Type) }
+func (v *Var) copy() Type {
+	cpy := *v
+	return &cpy
+}
+
+// Datasec is a global program section containing data.
+type Datasec struct {
+	TypeID
+	Name
+	Size uint32
+	Vars []VarSecinfo
+}
+
+func (ds *Datasec) String() string {
+	return fmt.Sprintf("section#%d[%q]", ds.TypeID, ds.Name)
+}
+
+func (ds *Datasec) size() uint32 { return ds.Size }
+
+func (ds *Datasec) walk(tdq *typeDeque) {
+	for i := range ds.Vars {
+		tdq.push(&ds.Vars[i].Type)
+	}
+}
+
+func (ds *Datasec) copy() Type {
+	cpy := *ds
+	cpy.Vars = make([]VarSecinfo, len(ds.Vars))
+	copy(cpy.Vars, ds.Vars)
+	return &cpy
+}
+
+// VarSecinfo describes variable in a Datasec
+//
+// It is not a valid Type.
+type VarSecinfo struct {
+	Type   Type
+	Offset uint32
+	Size   uint32
+}
+
+type sizer interface {
+	size() uint32
+}
+
+var (
+	_ sizer = (*Int)(nil)
+	_ sizer = (*Pointer)(nil)
+	_ sizer = (*Struct)(nil)
+	_ sizer = (*Union)(nil)
+	_ sizer = (*Enum)(nil)
+	_ sizer = (*Datasec)(nil)
+)
+
+type qualifier interface {
+	qualify() Type
+}
+
+var (
+	_ qualifier = (*Const)(nil)
+	_ qualifier = (*Restrict)(nil)
+	_ qualifier = (*Volatile)(nil)
+)
+
+// Sizeof returns the size of a type in bytes.
+//
+// Returns an error if the size can't be computed.
+func Sizeof(typ Type) (int, error) {
+	var (
+		n    = int64(1)
+		elem int64
+	)
+
+	for i := 0; i < maxTypeDepth; i++ {
+		switch v := typ.(type) {
+		case *Array:
+			if n > 0 && int64(v.Nelems) > math.MaxInt64/n {
+				return 0, fmt.Errorf("type %s: overflow", typ)
+			}
+
+			// Arrays may be of zero length, which allows
+			// n to be zero as well.
+			n *= int64(v.Nelems)
+			typ = v.Type
+			continue
+
+		case sizer:
+			elem = int64(v.size())
+
+		case *Typedef:
+			typ = v.Type
+			continue
+
+		case qualifier:
+			typ = v.qualify()
+			continue
+
+		default:
+			return 0, fmt.Errorf("unsized type %T", typ)
+		}
+
+		if n > 0 && elem > math.MaxInt64/n {
+			return 0, fmt.Errorf("type %s: overflow", typ)
+		}
+
+		size := n * elem
+		if int64(int(size)) != size {
+			return 0, fmt.Errorf("type %s: overflow", typ)
+		}
+
+		return int(size), nil
+	}
+
+	return 0, fmt.Errorf("type %s: exceeded type depth", typ)
+}
+
+// copy a Type recursively.
+//
+// typ may form a cycle.
+//
+// Returns any errors from transform verbatim.
+func copyType(typ Type, transform func(Type) (Type, error)) (Type, error) {
+	var (
+		copies = make(map[Type]Type)
+		work   typeDeque
+	)
+
+	for t := &typ; t != nil; t = work.pop() {
+		// *t is the identity of the type.
+		if cpy := copies[*t]; cpy != nil {
+			*t = cpy
+			continue
+		}
+
+		var cpy Type
+		if transform != nil {
+			tf, err := transform(*t)
+			if err != nil {
+				return nil, fmt.Errorf("copy %s: %w", typ, err)
+			}
+			cpy = tf.copy()
+		} else {
+			cpy = (*t).copy()
+		}
+
+		copies[*t] = cpy
+		*t = cpy
+
+		// Mark any nested types for copying.
+		cpy.walk(&work)
+	}
+
+	return typ, nil
+}
+
+// typeDeque keeps track of pointers to types which still
+// need to be visited.
+type typeDeque struct {
+	types       []*Type
+	read, write uint64
+	mask        uint64
+}
+
+// push adds a type to the stack.
+func (dq *typeDeque) push(t *Type) {
+	if dq.write-dq.read < uint64(len(dq.types)) {
+		dq.types[dq.write&dq.mask] = t
+		dq.write++
+		return
+	}
+
+	new := len(dq.types) * 2
+	if new == 0 {
+		new = 8
+	}
+
+	types := make([]*Type, new)
+	pivot := dq.read & dq.mask
+	n := copy(types, dq.types[pivot:])
+	n += copy(types[n:], dq.types[:pivot])
+	types[n] = t
+
+	dq.types = types
+	dq.mask = uint64(new) - 1
+	dq.read, dq.write = 0, uint64(n+1)
+}
+
+// shift returns the first element or null.
+func (dq *typeDeque) shift() *Type {
+	if dq.read == dq.write {
+		return nil
+	}
+
+	index := dq.read & dq.mask
+	t := dq.types[index]
+	dq.types[index] = nil
+	dq.read++
+	return t
+}
+
+// pop returns the last element or null.
+func (dq *typeDeque) pop() *Type {
+	if dq.read == dq.write {
+		return nil
+	}
+
+	dq.write--
+	index := dq.write & dq.mask
+	t := dq.types[index]
+	dq.types[index] = nil
+	return t
+}
+
+// all returns all elements.
+//
+// The deque is empty after calling this method.
+func (dq *typeDeque) all() []*Type {
+	length := dq.write - dq.read
+	types := make([]*Type, 0, length)
+	for t := dq.shift(); t != nil; t = dq.shift() {
+		types = append(types, t)
+	}
+	return types
+}
+
+// inflateRawTypes takes a list of raw btf types linked via type IDs, and turns
+// it into a graph of Types connected via pointers.
+//
+// Returns a map of named types (so, where NameOff is non-zero) and a slice of types
+// indexed by TypeID. Since BTF ignores compilation units, multiple types may share
+// the same name. A Type may form a cyclic graph by pointing at itself.
+func inflateRawTypes(rawTypes []rawType, rawStrings stringTable) (types []Type, namedTypes map[string][]namedType, err error) {
+	type fixupDef struct {
+		id           TypeID
+		expectedKind btfKind
+		typ          *Type
+	}
+
+	var fixups []fixupDef
+	fixup := func(id TypeID, expectedKind btfKind, typ *Type) {
+		fixups = append(fixups, fixupDef{id, expectedKind, typ})
+	}
+
+	convertMembers := func(raw []btfMember, kindFlag bool) ([]Member, error) {
+		// NB: The fixup below relies on pre-allocating this array to
+		// work, since otherwise append might re-allocate members.
+		members := make([]Member, 0, len(raw))
+		for i, btfMember := range raw {
+			name, err := rawStrings.LookupName(btfMember.NameOff)
+			if err != nil {
+				return nil, fmt.Errorf("can't get name for member %d: %w", i, err)
+			}
+			m := Member{
+				Name:   name,
+				Offset: btfMember.Offset,
+			}
+			if kindFlag {
+				m.BitfieldSize = btfMember.Offset >> 24
+				m.Offset &= 0xffffff
+			}
+			members = append(members, m)
+		}
+		for i := range members {
+			fixup(raw[i].Type, kindUnknown, &members[i].Type)
+		}
+		return members, nil
+	}
+
+	types = make([]Type, 0, len(rawTypes))
+	types = append(types, (*Void)(nil))
+	namedTypes = make(map[string][]namedType)
+
+	for i, raw := range rawTypes {
+		var (
+			// Void is defined to always be type ID 0, and is thus
+			// omitted from BTF.
+			id  = TypeID(i + 1)
+			typ Type
+		)
+
+		name, err := rawStrings.LookupName(raw.NameOff)
+		if err != nil {
+			return nil, nil, fmt.Errorf("get name for type id %d: %w", id, err)
+		}
+
+		switch raw.Kind() {
+		case kindInt:
+			encoding, offset, bits := intEncoding(*raw.data.(*uint32))
+			typ = &Int{id, name, raw.Size(), encoding, offset, bits}
+
+		case kindPointer:
+			ptr := &Pointer{id, nil}
+			fixup(raw.Type(), kindUnknown, &ptr.Target)
+			typ = ptr
+
+		case kindArray:
+			btfArr := raw.data.(*btfArray)
+
+			// IndexType is unused according to btf.rst.
+			// Don't make it available right now.
+			arr := &Array{id, nil, btfArr.Nelems}
+			fixup(btfArr.Type, kindUnknown, &arr.Type)
+			typ = arr
+
+		case kindStruct:
+			members, err := convertMembers(raw.data.([]btfMember), raw.KindFlag())
+			if err != nil {
+				return nil, nil, fmt.Errorf("struct %s (id %d): %w", name, id, err)
+			}
+			typ = &Struct{id, name, raw.Size(), members}
+
+		case kindUnion:
+			members, err := convertMembers(raw.data.([]btfMember), raw.KindFlag())
+			if err != nil {
+				return nil, nil, fmt.Errorf("union %s (id %d): %w", name, id, err)
+			}
+			typ = &Union{id, name, raw.Size(), members}
+
+		case kindEnum:
+			rawvals := raw.data.([]btfEnum)
+			vals := make([]EnumValue, 0, len(rawvals))
+			for i, btfVal := range rawvals {
+				name, err := rawStrings.LookupName(btfVal.NameOff)
+				if err != nil {
+					return nil, nil, fmt.Errorf("get name for enum value %d: %s", i, err)
+				}
+				vals = append(vals, EnumValue{
+					Name:  name,
+					Value: btfVal.Val,
+				})
+			}
+			typ = &Enum{id, name, vals}
+
+		case kindForward:
+			if raw.KindFlag() {
+				typ = &Fwd{id, name, FwdUnion}
+			} else {
+				typ = &Fwd{id, name, FwdStruct}
+			}
+
+		case kindTypedef:
+			typedef := &Typedef{id, name, nil}
+			fixup(raw.Type(), kindUnknown, &typedef.Type)
+			typ = typedef
+
+		case kindVolatile:
+			volatile := &Volatile{id, nil}
+			fixup(raw.Type(), kindUnknown, &volatile.Type)
+			typ = volatile
+
+		case kindConst:
+			cnst := &Const{id, nil}
+			fixup(raw.Type(), kindUnknown, &cnst.Type)
+			typ = cnst
+
+		case kindRestrict:
+			restrict := &Restrict{id, nil}
+			fixup(raw.Type(), kindUnknown, &restrict.Type)
+			typ = restrict
+
+		case kindFunc:
+			fn := &Func{id, name, nil, raw.Linkage()}
+			fixup(raw.Type(), kindFuncProto, &fn.Type)
+			typ = fn
+
+		case kindFuncProto:
+			rawparams := raw.data.([]btfParam)
+			params := make([]FuncParam, 0, len(rawparams))
+			for i, param := range rawparams {
+				name, err := rawStrings.LookupName(param.NameOff)
+				if err != nil {
+					return nil, nil, fmt.Errorf("get name for func proto parameter %d: %s", i, err)
+				}
+				params = append(params, FuncParam{
+					Name: name,
+				})
+			}
+			for i := range params {
+				fixup(rawparams[i].Type, kindUnknown, &params[i].Type)
+			}
+
+			fp := &FuncProto{id, nil, params}
+			fixup(raw.Type(), kindUnknown, &fp.Return)
+			typ = fp
+
+		case kindVar:
+			variable := raw.data.(*btfVariable)
+			v := &Var{id, name, nil, VarLinkage(variable.Linkage)}
+			fixup(raw.Type(), kindUnknown, &v.Type)
+			typ = v
+
+		case kindDatasec:
+			btfVars := raw.data.([]btfVarSecinfo)
+			vars := make([]VarSecinfo, 0, len(btfVars))
+			for _, btfVar := range btfVars {
+				vars = append(vars, VarSecinfo{
+					Offset: btfVar.Offset,
+					Size:   btfVar.Size,
+				})
+			}
+			for i := range vars {
+				fixup(btfVars[i].Type, kindVar, &vars[i].Type)
+			}
+			typ = &Datasec{id, name, raw.SizeType, vars}
+
+		default:
+			return nil, nil, fmt.Errorf("type id %d: unknown kind: %v", id, raw.Kind())
+		}
+
+		types = append(types, typ)
+
+		if named, ok := typ.(namedType); ok {
+			if name := essentialName(named.name()); name != "" {
+				namedTypes[name] = append(namedTypes[name], named)
+			}
+		}
+	}
+
+	for _, fixup := range fixups {
+		i := int(fixup.id)
+		if i >= len(types) {
+			return nil, nil, fmt.Errorf("reference to invalid type id: %d", fixup.id)
+		}
+
+		// Default void (id 0) to unknown
+		rawKind := kindUnknown
+		if i > 0 {
+			rawKind = rawTypes[i-1].Kind()
+		}
+
+		if expected := fixup.expectedKind; expected != kindUnknown && rawKind != expected {
+			return nil, nil, fmt.Errorf("expected type id %d to have kind %s, found %s", fixup.id, expected, rawKind)
+		}
+
+		*fixup.typ = types[i]
+	}
+
+	return types, namedTypes, nil
+}
+
+// essentialName returns name without a ___ suffix.
+func essentialName(name string) string {
+	lastIdx := strings.LastIndex(name, "___")
+	if lastIdx > 0 {
+		return name[:lastIdx]
+	}
+	return name
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/cpu.go b/vendor/github.com/cilium/ebpf/internal/cpu.go
new file mode 100644
index 0000000000000..d3424ba4345d1
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/cpu.go
@@ -0,0 +1,62 @@
+package internal
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strings"
+	"sync"
+)
+
+var sysCPU struct {
+	once sync.Once
+	err  error
+	num  int
+}
+
+// PossibleCPUs returns the max number of CPUs a system may possibly have
+// Logical CPU numbers must be of the form 0-n
+func PossibleCPUs() (int, error) {
+	sysCPU.once.Do(func() {
+		sysCPU.num, sysCPU.err = parseCPUsFromFile("/sys/devices/system/cpu/possible")
+	})
+
+	return sysCPU.num, sysCPU.err
+}
+
+func parseCPUsFromFile(path string) (int, error) {
+	spec, err := ioutil.ReadFile(path)
+	if err != nil {
+		return 0, err
+	}
+
+	n, err := parseCPUs(string(spec))
+	if err != nil {
+		return 0, fmt.Errorf("can't parse %s: %v", path, err)
+	}
+
+	return n, nil
+}
+
+// parseCPUs parses the number of cpus from a string produced
+// by bitmap_list_string() in the Linux kernel.
+// Multiple ranges are rejected, since they can't be unified
+// into a single number.
+// This is the format of /sys/devices/system/cpu/possible, it
+// is not suitable for /sys/devices/system/cpu/online, etc.
+func parseCPUs(spec string) (int, error) {
+	if strings.Trim(spec, "\n") == "0" {
+		return 1, nil
+	}
+
+	var low, high int
+	n, err := fmt.Sscanf(spec, "%d-%d\n", &low, &high)
+	if n != 2 || err != nil {
+		return 0, fmt.Errorf("invalid format: %s", spec)
+	}
+	if low != 0 {
+		return 0, fmt.Errorf("CPU spec doesn't start at zero: %s", spec)
+	}
+
+	// cpus is 0 indexed
+	return high + 1, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/elf.go b/vendor/github.com/cilium/ebpf/internal/elf.go
new file mode 100644
index 0000000000000..54a4313130a42
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/elf.go
@@ -0,0 +1,68 @@
+package internal
+
+import (
+	"debug/elf"
+	"fmt"
+	"io"
+)
+
+type SafeELFFile struct {
+	*elf.File
+}
+
+// NewSafeELFFile reads an ELF safely.
+//
+// Any panic during parsing is turned into an error. This is necessary since
+// there are a bunch of unfixed bugs in debug/elf.
+//
+// https://github.com/golang/go/issues?q=is%3Aissue+is%3Aopen+debug%2Felf+in%3Atitle
+func NewSafeELFFile(r io.ReaderAt) (safe *SafeELFFile, err error) {
+	defer func() {
+		r := recover()
+		if r == nil {
+			return
+		}
+
+		safe = nil
+		err = fmt.Errorf("reading ELF file panicked: %s", r)
+	}()
+
+	file, err := elf.NewFile(r)
+	if err != nil {
+		return nil, err
+	}
+
+	return &SafeELFFile{file}, nil
+}
+
+// Symbols is the safe version of elf.File.Symbols.
+func (se *SafeELFFile) Symbols() (syms []elf.Symbol, err error) {
+	defer func() {
+		r := recover()
+		if r == nil {
+			return
+		}
+
+		syms = nil
+		err = fmt.Errorf("reading ELF symbols panicked: %s", r)
+	}()
+
+	syms, err = se.File.Symbols()
+	return
+}
+
+// DynamicSymbols is the safe version of elf.File.DynamicSymbols.
+func (se *SafeELFFile) DynamicSymbols() (syms []elf.Symbol, err error) {
+	defer func() {
+		r := recover()
+		if r == nil {
+			return
+		}
+
+		syms = nil
+		err = fmt.Errorf("reading ELF dynamic symbols panicked: %s", r)
+	}()
+
+	syms, err = se.File.DynamicSymbols()
+	return
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/endian.go b/vendor/github.com/cilium/ebpf/internal/endian.go
new file mode 100644
index 0000000000000..6ae99fcd5f3b4
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/endian.go
@@ -0,0 +1,29 @@
+package internal
+
+import (
+	"encoding/binary"
+	"unsafe"
+)
+
+// NativeEndian is set to either binary.BigEndian or binary.LittleEndian,
+// depending on the host's endianness.
+var NativeEndian binary.ByteOrder
+
+// Clang is set to either "el" or "eb" depending on the host's endianness.
+var ClangEndian string
+
+func init() {
+	if isBigEndian() {
+		NativeEndian = binary.BigEndian
+		ClangEndian = "eb"
+	} else {
+		NativeEndian = binary.LittleEndian
+		ClangEndian = "el"
+	}
+}
+
+func isBigEndian() (ret bool) {
+	i := int(0x1)
+	bs := (*[int(unsafe.Sizeof(i))]byte)(unsafe.Pointer(&i))
+	return bs[0] == 0
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go
new file mode 100644
index 0000000000000..877bd72ee2661
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/errors.go
@@ -0,0 +1,51 @@
+package internal
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// ErrorWithLog returns an error that includes logs from the
+// kernel verifier.
+//
+// logErr should be the error returned by the syscall that generated
+// the log. It is used to check for truncation of the output.
+func ErrorWithLog(err error, log []byte, logErr error) error {
+	logStr := strings.Trim(CString(log), "\t\r\n ")
+	if errors.Is(logErr, unix.ENOSPC) {
+		logStr += " (truncated...)"
+	}
+
+	return &VerifierError{err, logStr}
+}
+
+// VerifierError includes information from the eBPF verifier.
+type VerifierError struct {
+	cause error
+	log   string
+}
+
+func (le *VerifierError) Unwrap() error {
+	return le.cause
+}
+
+func (le *VerifierError) Error() string {
+	if le.log == "" {
+		return le.cause.Error()
+	}
+
+	return fmt.Sprintf("%s: %s", le.cause, le.log)
+}
+
+// CString turns a NUL / zero terminated byte buffer into a string.
+func CString(in []byte) string {
+	inLen := bytes.IndexByte(in, 0)
+	if inLen == -1 {
+		return ""
+	}
+	return string(in[:inLen])
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/fd.go b/vendor/github.com/cilium/ebpf/internal/fd.go
new file mode 100644
index 0000000000000..af04955bd531b
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/fd.go
@@ -0,0 +1,69 @@
+package internal
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"runtime"
+	"strconv"
+
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+var ErrClosedFd = errors.New("use of closed file descriptor")
+
+type FD struct {
+	raw int64
+}
+
+func NewFD(value uint32) *FD {
+	fd := &FD{int64(value)}
+	runtime.SetFinalizer(fd, (*FD).Close)
+	return fd
+}
+
+func (fd *FD) String() string {
+	return strconv.FormatInt(fd.raw, 10)
+}
+
+func (fd *FD) Value() (uint32, error) {
+	if fd.raw < 0 {
+		return 0, ErrClosedFd
+	}
+
+	return uint32(fd.raw), nil
+}
+
+func (fd *FD) Close() error {
+	if fd.raw < 0 {
+		return nil
+	}
+
+	value := int(fd.raw)
+	fd.raw = -1
+
+	fd.Forget()
+	return unix.Close(value)
+}
+
+func (fd *FD) Forget() {
+	runtime.SetFinalizer(fd, nil)
+}
+
+func (fd *FD) Dup() (*FD, error) {
+	if fd.raw < 0 {
+		return nil, ErrClosedFd
+	}
+
+	dup, err := unix.FcntlInt(uintptr(fd.raw), unix.F_DUPFD_CLOEXEC, 0)
+	if err != nil {
+		return nil, fmt.Errorf("can't dup fd: %v", err)
+	}
+
+	return NewFD(uint32(dup)), nil
+}
+
+func (fd *FD) File(name string) *os.File {
+	fd.Forget()
+	return os.NewFile(uintptr(fd.raw), name)
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go
new file mode 100644
index 0000000000000..c94a2e1ee018c
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/feature.go
@@ -0,0 +1,100 @@
+package internal
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+)
+
+// ErrNotSupported indicates that a feature is not supported by the current kernel.
+var ErrNotSupported = errors.New("not supported")
+
+// UnsupportedFeatureError is returned by FeatureTest() functions.
+type UnsupportedFeatureError struct {
+	// The minimum Linux mainline version required for this feature.
+	// Used for the error string, and for sanity checking during testing.
+	MinimumVersion Version
+
+	// The name of the feature that isn't supported.
+	Name string
+}
+
+func (ufe *UnsupportedFeatureError) Error() string {
+	if ufe.MinimumVersion.Unspecified() {
+		return fmt.Sprintf("%s not supported", ufe.Name)
+	}
+	return fmt.Sprintf("%s not supported (requires >= %s)", ufe.Name, ufe.MinimumVersion)
+}
+
+// Is indicates that UnsupportedFeatureError is ErrNotSupported.
+func (ufe *UnsupportedFeatureError) Is(target error) bool {
+	return target == ErrNotSupported
+}
+
+type featureTest struct {
+	sync.RWMutex
+	successful bool
+	result     error
+}
+
+// FeatureTestFn is used to determine whether the kernel supports
+// a certain feature.
+//
+// The return values have the following semantics:
+//
+//   err == ErrNotSupported: the feature is not available
+//   err == nil: the feature is available
+//   err != nil: the test couldn't be executed
+type FeatureTestFn func() error
+
+// FeatureTest wraps a function so that it is run at most once.
+//
+// name should identify the tested feature, while version must be in the
+// form Major.Minor[.Patch].
+//
+// Returns an error wrapping ErrNotSupported if the feature is not supported.
+func FeatureTest(name, version string, fn FeatureTestFn) func() error {
+	v, err := NewVersion(version)
+	if err != nil {
+		return func() error { return err }
+	}
+
+	ft := new(featureTest)
+	return func() error {
+		ft.RLock()
+		if ft.successful {
+			defer ft.RUnlock()
+			return ft.result
+		}
+		ft.RUnlock()
+		ft.Lock()
+		defer ft.Unlock()
+		// check one more time on the off
+		// chance that two go routines
+		// were able to call into the write
+		// lock
+		if ft.successful {
+			return ft.result
+		}
+		err := fn()
+		switch {
+		case errors.Is(err, ErrNotSupported):
+			ft.result = &UnsupportedFeatureError{
+				MinimumVersion: v,
+				Name:           name,
+			}
+			fallthrough
+
+		case err == nil:
+			ft.successful = true
+
+		default:
+			// We couldn't execute the feature test to a point
+			// where it could make a determination.
+			// Don't cache the result, just return it.
+			return fmt.Errorf("detect support for %s: %w", name, err)
+		}
+
+		return ft.result
+	}
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/io.go b/vendor/github.com/cilium/ebpf/internal/io.go
new file mode 100644
index 0000000000000..fa7402782d7a2
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/io.go
@@ -0,0 +1,16 @@
+package internal
+
+import "errors"
+
+// DiscardZeroes makes sure that all written bytes are zero
+// before discarding them.
+type DiscardZeroes struct{}
+
+func (DiscardZeroes) Write(p []byte) (int, error) {
+	for _, b := range p {
+		if b != 0 {
+			return 0, errors.New("encountered non-zero byte")
+		}
+	}
+	return len(p), nil
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/pinning.go b/vendor/github.com/cilium/ebpf/internal/pinning.go
new file mode 100644
index 0000000000000..5329b432d72e6
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/pinning.go
@@ -0,0 +1,44 @@
+package internal
+
+import (
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+func Pin(currentPath, newPath string, fd *FD) error {
+	if newPath == "" {
+		return errors.New("given pinning path cannot be empty")
+	}
+	if currentPath == newPath {
+		return nil
+	}
+	if currentPath == "" {
+		return BPFObjPin(newPath, fd)
+	}
+	var err error
+	// Renameat2 is used instead of os.Rename to disallow the new path replacing
+	// an existing path.
+	if err = unix.Renameat2(unix.AT_FDCWD, currentPath, unix.AT_FDCWD, newPath, unix.RENAME_NOREPLACE); err == nil {
+		// Object is now moved to the new pinning path.
+		return nil
+	}
+	if !os.IsNotExist(err) {
+		return fmt.Errorf("unable to move pinned object to new path %v: %w", newPath, err)
+	}
+	// Internal state not in sync with the file system so let's fix it.
+	return BPFObjPin(newPath, fd)
+}
+
+func Unpin(pinnedPath string) error {
+	if pinnedPath == "" {
+		return nil
+	}
+	err := os.Remove(pinnedPath)
+	if err == nil || os.IsNotExist(err) {
+		return nil
+	}
+	return err
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/ptr.go b/vendor/github.com/cilium/ebpf/internal/ptr.go
new file mode 100644
index 0000000000000..f295de72cfebe
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/ptr.go
@@ -0,0 +1,31 @@
+package internal
+
+import (
+	"unsafe"
+
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// NewPointer creates a 64-bit pointer from an unsafe Pointer.
+func NewPointer(ptr unsafe.Pointer) Pointer {
+	return Pointer{ptr: ptr}
+}
+
+// NewSlicePointer creates a 64-bit pointer from a byte slice.
+func NewSlicePointer(buf []byte) Pointer {
+	if len(buf) == 0 {
+		return Pointer{}
+	}
+
+	return Pointer{ptr: unsafe.Pointer(&buf[0])}
+}
+
+// NewStringPointer creates a 64-bit pointer from a string.
+func NewStringPointer(str string) Pointer {
+	p, err := unix.BytePtrFromString(str)
+	if err != nil {
+		return Pointer{}
+	}
+
+	return Pointer{ptr: unsafe.Pointer(p)}
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/ptr_32_be.go b/vendor/github.com/cilium/ebpf/internal/ptr_32_be.go
new file mode 100644
index 0000000000000..a56fbcc8e01b2
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/ptr_32_be.go
@@ -0,0 +1,14 @@
+// +build armbe mips mips64p32
+
+package internal
+
+import (
+	"unsafe"
+)
+
+// Pointer wraps an unsafe.Pointer to be 64bit to
+// conform to the syscall specification.
+type Pointer struct {
+	pad uint32
+	ptr unsafe.Pointer
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/ptr_32_le.go b/vendor/github.com/cilium/ebpf/internal/ptr_32_le.go
new file mode 100644
index 0000000000000..be2ecfca7313f
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/ptr_32_le.go
@@ -0,0 +1,14 @@
+// +build 386 amd64p32 arm mipsle mips64p32le
+
+package internal
+
+import (
+	"unsafe"
+)
+
+// Pointer wraps an unsafe.Pointer to be 64bit to
+// conform to the syscall specification.
+type Pointer struct {
+	ptr unsafe.Pointer
+	pad uint32
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/ptr_64.go b/vendor/github.com/cilium/ebpf/internal/ptr_64.go
new file mode 100644
index 0000000000000..69452dceb9a03
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/ptr_64.go
@@ -0,0 +1,14 @@
+// +build !386,!amd64p32,!arm,!mipsle,!mips64p32le
+// +build !armbe,!mips,!mips64p32
+
+package internal
+
+import (
+	"unsafe"
+)
+
+// Pointer wraps an unsafe.Pointer to be 64bit to
+// conform to the syscall specification.
+type Pointer struct {
+	ptr unsafe.Pointer
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/syscall.go b/vendor/github.com/cilium/ebpf/internal/syscall.go
new file mode 100644
index 0000000000000..b766e643e07af
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/syscall.go
@@ -0,0 +1,245 @@
+package internal
+
+import (
+	"fmt"
+	"path/filepath"
+	"runtime"
+	"syscall"
+	"unsafe"
+
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+//go:generate stringer -output syscall_string.go -type=BPFCmd
+
+// BPFCmd identifies a subcommand of the bpf syscall.
+type BPFCmd int
+
+// Well known BPF commands.
+const (
+	BPF_MAP_CREATE BPFCmd = iota
+	BPF_MAP_LOOKUP_ELEM
+	BPF_MAP_UPDATE_ELEM
+	BPF_MAP_DELETE_ELEM
+	BPF_MAP_GET_NEXT_KEY
+	BPF_PROG_LOAD
+	BPF_OBJ_PIN
+	BPF_OBJ_GET
+	BPF_PROG_ATTACH
+	BPF_PROG_DETACH
+	BPF_PROG_TEST_RUN
+	BPF_PROG_GET_NEXT_ID
+	BPF_MAP_GET_NEXT_ID
+	BPF_PROG_GET_FD_BY_ID
+	BPF_MAP_GET_FD_BY_ID
+	BPF_OBJ_GET_INFO_BY_FD
+	BPF_PROG_QUERY
+	BPF_RAW_TRACEPOINT_OPEN
+	BPF_BTF_LOAD
+	BPF_BTF_GET_FD_BY_ID
+	BPF_TASK_FD_QUERY
+	BPF_MAP_LOOKUP_AND_DELETE_ELEM
+	BPF_MAP_FREEZE
+	BPF_BTF_GET_NEXT_ID
+	BPF_MAP_LOOKUP_BATCH
+	BPF_MAP_LOOKUP_AND_DELETE_BATCH
+	BPF_MAP_UPDATE_BATCH
+	BPF_MAP_DELETE_BATCH
+	BPF_LINK_CREATE
+	BPF_LINK_UPDATE
+	BPF_LINK_GET_FD_BY_ID
+	BPF_LINK_GET_NEXT_ID
+	BPF_ENABLE_STATS
+	BPF_ITER_CREATE
+)
+
+// BPF wraps SYS_BPF.
+//
+// Any pointers contained in attr must use the Pointer type from this package.
+func BPF(cmd BPFCmd, attr unsafe.Pointer, size uintptr) (uintptr, error) {
+	r1, _, errNo := unix.Syscall(unix.SYS_BPF, uintptr(cmd), uintptr(attr), size)
+	runtime.KeepAlive(attr)
+
+	var err error
+	if errNo != 0 {
+		err = wrappedErrno{errNo}
+	}
+
+	return r1, err
+}
+
+type BPFProgAttachAttr struct {
+	TargetFd     uint32
+	AttachBpfFd  uint32
+	AttachType   uint32
+	AttachFlags  uint32
+	ReplaceBpfFd uint32
+}
+
+func BPFProgAttach(attr *BPFProgAttachAttr) error {
+	_, err := BPF(BPF_PROG_ATTACH, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	return err
+}
+
+type BPFProgDetachAttr struct {
+	TargetFd    uint32
+	AttachBpfFd uint32
+	AttachType  uint32
+}
+
+func BPFProgDetach(attr *BPFProgDetachAttr) error {
+	_, err := BPF(BPF_PROG_DETACH, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	return err
+}
+
+type BPFEnableStatsAttr struct {
+	StatsType uint32
+}
+
+func BPFEnableStats(attr *BPFEnableStatsAttr) (*FD, error) {
+	ptr, err := BPF(BPF_ENABLE_STATS, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	if err != nil {
+		return nil, fmt.Errorf("enable stats: %w", err)
+	}
+	return NewFD(uint32(ptr)), nil
+
+}
+
+type bpfObjAttr struct {
+	fileName  Pointer
+	fd        uint32
+	fileFlags uint32
+}
+
+const bpfFSType = 0xcafe4a11
+
+// BPFObjPin wraps BPF_OBJ_PIN.
+func BPFObjPin(fileName string, fd *FD) error {
+	dirName := filepath.Dir(fileName)
+	var statfs unix.Statfs_t
+	if err := unix.Statfs(dirName, &statfs); err != nil {
+		return err
+	}
+	if uint64(statfs.Type) != bpfFSType {
+		return fmt.Errorf("%s is not on a bpf filesystem", fileName)
+	}
+
+	value, err := fd.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := bpfObjAttr{
+		fileName: NewStringPointer(fileName),
+		fd:       value,
+	}
+	_, err = BPF(BPF_OBJ_PIN, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	if err != nil {
+		return fmt.Errorf("pin object %s: %w", fileName, err)
+	}
+	return nil
+}
+
+// BPFObjGet wraps BPF_OBJ_GET.
+func BPFObjGet(fileName string, flags uint32) (*FD, error) {
+	attr := bpfObjAttr{
+		fileName:  NewStringPointer(fileName),
+		fileFlags: flags,
+	}
+	ptr, err := BPF(BPF_OBJ_GET, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	if err != nil {
+		return nil, fmt.Errorf("get object %s: %w", fileName, err)
+	}
+	return NewFD(uint32(ptr)), nil
+}
+
+type bpfObjGetInfoByFDAttr struct {
+	fd      uint32
+	infoLen uint32
+	info    Pointer
+}
+
+// BPFObjGetInfoByFD wraps BPF_OBJ_GET_INFO_BY_FD.
+//
+// Available from 4.13.
+func BPFObjGetInfoByFD(fd *FD, info unsafe.Pointer, size uintptr) error {
+	value, err := fd.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := bpfObjGetInfoByFDAttr{
+		fd:      value,
+		infoLen: uint32(size),
+		info:    NewPointer(info),
+	}
+	_, err = BPF(BPF_OBJ_GET_INFO_BY_FD, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	if err != nil {
+		return fmt.Errorf("fd %v: %w", fd, err)
+	}
+	return nil
+}
+
+// BPFObjName is a null-terminated string made up of
+// 'A-Za-z0-9_' characters.
+type BPFObjName [unix.BPF_OBJ_NAME_LEN]byte
+
+// NewBPFObjName truncates the result if it is too long.
+func NewBPFObjName(name string) BPFObjName {
+	var result BPFObjName
+	copy(result[:unix.BPF_OBJ_NAME_LEN-1], name)
+	return result
+}
+
+type BPFMapCreateAttr struct {
+	MapType        uint32
+	KeySize        uint32
+	ValueSize      uint32
+	MaxEntries     uint32
+	Flags          uint32
+	InnerMapFd     uint32     // since 4.12 56f668dfe00d
+	NumaNode       uint32     // since 4.14 96eabe7a40aa
+	MapName        BPFObjName // since 4.15 ad5b177bd73f
+	MapIfIndex     uint32
+	BTFFd          uint32
+	BTFKeyTypeID   uint32
+	BTFValueTypeID uint32
+}
+
+func BPFMapCreate(attr *BPFMapCreateAttr) (*FD, error) {
+	fd, err := BPF(BPF_MAP_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	if err != nil {
+		return nil, err
+	}
+
+	return NewFD(uint32(fd)), nil
+}
+
+// wrappedErrno wraps syscall.Errno to prevent direct comparisons with
+// syscall.E* or unix.E* constants.
+//
+// You should never export an error of this type.
+type wrappedErrno struct {
+	syscall.Errno
+}
+
+func (we wrappedErrno) Unwrap() error {
+	return we.Errno
+}
+
+type syscallError struct {
+	error
+	errno syscall.Errno
+}
+
+func SyscallError(err error, errno syscall.Errno) error {
+	return &syscallError{err, errno}
+}
+
+func (se *syscallError) Is(target error) bool {
+	return target == se.error
+}
+
+func (se *syscallError) Unwrap() error {
+	return se.errno
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/syscall_string.go b/vendor/github.com/cilium/ebpf/internal/syscall_string.go
new file mode 100644
index 0000000000000..85df047797314
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/syscall_string.go
@@ -0,0 +1,56 @@
+// Code generated by "stringer -output syscall_string.go -type=BPFCmd"; DO NOT EDIT.
+
+package internal
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[BPF_MAP_CREATE-0]
+	_ = x[BPF_MAP_LOOKUP_ELEM-1]
+	_ = x[BPF_MAP_UPDATE_ELEM-2]
+	_ = x[BPF_MAP_DELETE_ELEM-3]
+	_ = x[BPF_MAP_GET_NEXT_KEY-4]
+	_ = x[BPF_PROG_LOAD-5]
+	_ = x[BPF_OBJ_PIN-6]
+	_ = x[BPF_OBJ_GET-7]
+	_ = x[BPF_PROG_ATTACH-8]
+	_ = x[BPF_PROG_DETACH-9]
+	_ = x[BPF_PROG_TEST_RUN-10]
+	_ = x[BPF_PROG_GET_NEXT_ID-11]
+	_ = x[BPF_MAP_GET_NEXT_ID-12]
+	_ = x[BPF_PROG_GET_FD_BY_ID-13]
+	_ = x[BPF_MAP_GET_FD_BY_ID-14]
+	_ = x[BPF_OBJ_GET_INFO_BY_FD-15]
+	_ = x[BPF_PROG_QUERY-16]
+	_ = x[BPF_RAW_TRACEPOINT_OPEN-17]
+	_ = x[BPF_BTF_LOAD-18]
+	_ = x[BPF_BTF_GET_FD_BY_ID-19]
+	_ = x[BPF_TASK_FD_QUERY-20]
+	_ = x[BPF_MAP_LOOKUP_AND_DELETE_ELEM-21]
+	_ = x[BPF_MAP_FREEZE-22]
+	_ = x[BPF_BTF_GET_NEXT_ID-23]
+	_ = x[BPF_MAP_LOOKUP_BATCH-24]
+	_ = x[BPF_MAP_LOOKUP_AND_DELETE_BATCH-25]
+	_ = x[BPF_MAP_UPDATE_BATCH-26]
+	_ = x[BPF_MAP_DELETE_BATCH-27]
+	_ = x[BPF_LINK_CREATE-28]
+	_ = x[BPF_LINK_UPDATE-29]
+	_ = x[BPF_LINK_GET_FD_BY_ID-30]
+	_ = x[BPF_LINK_GET_NEXT_ID-31]
+	_ = x[BPF_ENABLE_STATS-32]
+	_ = x[BPF_ITER_CREATE-33]
+}
+
+const _BPFCmd_name = "BPF_MAP_CREATEBPF_MAP_LOOKUP_ELEMBPF_MAP_UPDATE_ELEMBPF_MAP_DELETE_ELEMBPF_MAP_GET_NEXT_KEYBPF_PROG_LOADBPF_OBJ_PINBPF_OBJ_GETBPF_PROG_ATTACHBPF_PROG_DETACHBPF_PROG_TEST_RUNBPF_PROG_GET_NEXT_IDBPF_MAP_GET_NEXT_IDBPF_PROG_GET_FD_BY_IDBPF_MAP_GET_FD_BY_IDBPF_OBJ_GET_INFO_BY_FDBPF_PROG_QUERYBPF_RAW_TRACEPOINT_OPENBPF_BTF_LOADBPF_BTF_GET_FD_BY_IDBPF_TASK_FD_QUERYBPF_MAP_LOOKUP_AND_DELETE_ELEMBPF_MAP_FREEZEBPF_BTF_GET_NEXT_IDBPF_MAP_LOOKUP_BATCHBPF_MAP_LOOKUP_AND_DELETE_BATCHBPF_MAP_UPDATE_BATCHBPF_MAP_DELETE_BATCHBPF_LINK_CREATEBPF_LINK_UPDATEBPF_LINK_GET_FD_BY_IDBPF_LINK_GET_NEXT_IDBPF_ENABLE_STATSBPF_ITER_CREATE"
+
+var _BPFCmd_index = [...]uint16{0, 14, 33, 52, 71, 91, 104, 115, 126, 141, 156, 173, 193, 212, 233, 253, 275, 289, 312, 324, 344, 361, 391, 405, 424, 444, 475, 495, 515, 530, 545, 566, 586, 602, 617}
+
+func (i BPFCmd) String() string {
+	if i < 0 || i >= BPFCmd(len(_BPFCmd_index)-1) {
+		return "BPFCmd(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _BPFCmd_name[_BPFCmd_index[i]:_BPFCmd_index[i+1]]
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go
new file mode 100644
index 0000000000000..0a18eaf0cf84d
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go
@@ -0,0 +1,204 @@
+// +build linux
+
+package unix
+
+import (
+	"bytes"
+	"syscall"
+
+	linux "golang.org/x/sys/unix"
+)
+
+const (
+	ENOENT  = linux.ENOENT
+	EEXIST  = linux.EEXIST
+	EAGAIN  = linux.EAGAIN
+	ENOSPC  = linux.ENOSPC
+	EINVAL  = linux.EINVAL
+	EPOLLIN = linux.EPOLLIN
+	EINTR   = linux.EINTR
+	EPERM   = linux.EPERM
+	ESRCH   = linux.ESRCH
+	ENODEV  = linux.ENODEV
+	// ENOTSUPP is not the same as ENOTSUP or EOPNOTSUP
+	ENOTSUPP = syscall.Errno(0x20c)
+
+	EBADF                    = linux.EBADF
+	BPF_F_NO_PREALLOC        = linux.BPF_F_NO_PREALLOC
+	BPF_F_NUMA_NODE          = linux.BPF_F_NUMA_NODE
+	BPF_F_RDONLY             = linux.BPF_F_RDONLY
+	BPF_F_WRONLY             = linux.BPF_F_WRONLY
+	BPF_F_RDONLY_PROG        = linux.BPF_F_RDONLY_PROG
+	BPF_F_WRONLY_PROG        = linux.BPF_F_WRONLY_PROG
+	BPF_F_SLEEPABLE          = linux.BPF_F_SLEEPABLE
+	BPF_F_MMAPABLE           = linux.BPF_F_MMAPABLE
+	BPF_F_INNER_MAP          = linux.BPF_F_INNER_MAP
+	BPF_OBJ_NAME_LEN         = linux.BPF_OBJ_NAME_LEN
+	BPF_TAG_SIZE             = linux.BPF_TAG_SIZE
+	SYS_BPF                  = linux.SYS_BPF
+	F_DUPFD_CLOEXEC          = linux.F_DUPFD_CLOEXEC
+	EPOLL_CTL_ADD            = linux.EPOLL_CTL_ADD
+	EPOLL_CLOEXEC            = linux.EPOLL_CLOEXEC
+	O_CLOEXEC                = linux.O_CLOEXEC
+	O_NONBLOCK               = linux.O_NONBLOCK
+	PROT_READ                = linux.PROT_READ
+	PROT_WRITE               = linux.PROT_WRITE
+	MAP_SHARED               = linux.MAP_SHARED
+	PERF_ATTR_SIZE_VER1      = linux.PERF_ATTR_SIZE_VER1
+	PERF_TYPE_SOFTWARE       = linux.PERF_TYPE_SOFTWARE
+	PERF_TYPE_TRACEPOINT     = linux.PERF_TYPE_TRACEPOINT
+	PERF_COUNT_SW_BPF_OUTPUT = linux.PERF_COUNT_SW_BPF_OUTPUT
+	PERF_EVENT_IOC_DISABLE   = linux.PERF_EVENT_IOC_DISABLE
+	PERF_EVENT_IOC_ENABLE    = linux.PERF_EVENT_IOC_ENABLE
+	PERF_EVENT_IOC_SET_BPF   = linux.PERF_EVENT_IOC_SET_BPF
+	PerfBitWatermark         = linux.PerfBitWatermark
+	PERF_SAMPLE_RAW          = linux.PERF_SAMPLE_RAW
+	PERF_FLAG_FD_CLOEXEC     = linux.PERF_FLAG_FD_CLOEXEC
+	RLIM_INFINITY            = linux.RLIM_INFINITY
+	RLIMIT_MEMLOCK           = linux.RLIMIT_MEMLOCK
+	BPF_STATS_RUN_TIME       = linux.BPF_STATS_RUN_TIME
+	PERF_RECORD_LOST         = linux.PERF_RECORD_LOST
+	PERF_RECORD_SAMPLE       = linux.PERF_RECORD_SAMPLE
+	AT_FDCWD                 = linux.AT_FDCWD
+	RENAME_NOREPLACE         = linux.RENAME_NOREPLACE
+)
+
+// Statfs_t is a wrapper
+type Statfs_t = linux.Statfs_t
+
+// Rlimit is a wrapper
+type Rlimit = linux.Rlimit
+
+// Setrlimit is a wrapper
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	return linux.Setrlimit(resource, rlim)
+}
+
+// Syscall is a wrapper
+func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return linux.Syscall(trap, a1, a2, a3)
+}
+
+// FcntlInt is a wrapper
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+	return linux.FcntlInt(fd, cmd, arg)
+}
+
+// IoctlSetInt is a wrapper
+func IoctlSetInt(fd int, req uint, value int) error {
+	return linux.IoctlSetInt(fd, req, value)
+}
+
+// Statfs is a wrapper
+func Statfs(path string, buf *Statfs_t) (err error) {
+	return linux.Statfs(path, buf)
+}
+
+// Close is a wrapper
+func Close(fd int) (err error) {
+	return linux.Close(fd)
+}
+
+// EpollEvent is a wrapper
+type EpollEvent = linux.EpollEvent
+
+// EpollWait is a wrapper
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	return linux.EpollWait(epfd, events, msec)
+}
+
+// EpollCtl is a wrapper
+func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	return linux.EpollCtl(epfd, op, fd, event)
+}
+
+// Eventfd is a wrapper
+func Eventfd(initval uint, flags int) (fd int, err error) {
+	return linux.Eventfd(initval, flags)
+}
+
+// Write is a wrapper
+func Write(fd int, p []byte) (n int, err error) {
+	return linux.Write(fd, p)
+}
+
+// EpollCreate1 is a wrapper
+func EpollCreate1(flag int) (fd int, err error) {
+	return linux.EpollCreate1(flag)
+}
+
+// PerfEventMmapPage is a wrapper
+type PerfEventMmapPage linux.PerfEventMmapPage
+
+// SetNonblock is a wrapper
+func SetNonblock(fd int, nonblocking bool) (err error) {
+	return linux.SetNonblock(fd, nonblocking)
+}
+
+// Mmap is a wrapper
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return linux.Mmap(fd, offset, length, prot, flags)
+}
+
+// Munmap is a wrapper
+func Munmap(b []byte) (err error) {
+	return linux.Munmap(b)
+}
+
+// PerfEventAttr is a wrapper
+type PerfEventAttr = linux.PerfEventAttr
+
+// PerfEventOpen is a wrapper
+func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
+	return linux.PerfEventOpen(attr, pid, cpu, groupFd, flags)
+}
+
+// Utsname is a wrapper
+type Utsname = linux.Utsname
+
+// Uname is a wrapper
+func Uname(buf *Utsname) (err error) {
+	return linux.Uname(buf)
+}
+
+// Getpid is a wrapper
+func Getpid() int {
+	return linux.Getpid()
+}
+
+// Gettid is a wrapper
+func Gettid() int {
+	return linux.Gettid()
+}
+
+// Tgkill is a wrapper
+func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
+	return linux.Tgkill(tgid, tid, sig)
+}
+
+// BytePtrFromString is a wrapper
+func BytePtrFromString(s string) (*byte, error) {
+	return linux.BytePtrFromString(s)
+}
+
+// ByteSliceToString is a wrapper
+func ByteSliceToString(s []byte) string {
+	return linux.ByteSliceToString(s)
+}
+
+// Renameat2 is a wrapper
+func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) error {
+	return linux.Renameat2(olddirfd, oldpath, newdirfd, newpath, flags)
+}
+
+func KernelRelease() (string, error) {
+	var uname Utsname
+	err := Uname(&uname)
+	if err != nil {
+		return "", err
+	}
+
+	end := bytes.IndexByte(uname.Release[:], 0)
+	release := string(uname.Release[:end])
+	return release, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go
new file mode 100644
index 0000000000000..1b06defc0a095
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go
@@ -0,0 +1,263 @@
+// +build !linux
+
+package unix
+
+import (
+	"fmt"
+	"runtime"
+	"syscall"
+)
+
+var errNonLinux = fmt.Errorf("unsupported platform %s/%s", runtime.GOOS, runtime.GOARCH)
+
+const (
+	ENOENT = syscall.ENOENT
+	EEXIST = syscall.EEXIST
+	EAGAIN = syscall.EAGAIN
+	ENOSPC = syscall.ENOSPC
+	EINVAL = syscall.EINVAL
+	EINTR  = syscall.EINTR
+	EPERM  = syscall.EPERM
+	ESRCH  = syscall.ESRCH
+	ENODEV = syscall.ENODEV
+	EBADF  = syscall.Errno(0)
+	// ENOTSUPP is not the same as ENOTSUP or EOPNOTSUP
+	ENOTSUPP = syscall.Errno(0x20c)
+
+	BPF_F_NO_PREALLOC        = 0
+	BPF_F_NUMA_NODE          = 0
+	BPF_F_RDONLY             = 0
+	BPF_F_WRONLY             = 0
+	BPF_F_RDONLY_PROG        = 0
+	BPF_F_WRONLY_PROG        = 0
+	BPF_F_SLEEPABLE          = 0
+	BPF_F_MMAPABLE           = 0
+	BPF_F_INNER_MAP          = 0
+	BPF_OBJ_NAME_LEN         = 0x10
+	BPF_TAG_SIZE             = 0x8
+	SYS_BPF                  = 321
+	F_DUPFD_CLOEXEC          = 0x406
+	EPOLLIN                  = 0x1
+	EPOLL_CTL_ADD            = 0x1
+	EPOLL_CLOEXEC            = 0x80000
+	O_CLOEXEC                = 0x80000
+	O_NONBLOCK               = 0x800
+	PROT_READ                = 0x1
+	PROT_WRITE               = 0x2
+	MAP_SHARED               = 0x1
+	PERF_ATTR_SIZE_VER1      = 0
+	PERF_TYPE_SOFTWARE       = 0x1
+	PERF_TYPE_TRACEPOINT     = 0
+	PERF_COUNT_SW_BPF_OUTPUT = 0xa
+	PERF_EVENT_IOC_DISABLE   = 0
+	PERF_EVENT_IOC_ENABLE    = 0
+	PERF_EVENT_IOC_SET_BPF   = 0
+	PerfBitWatermark         = 0x4000
+	PERF_SAMPLE_RAW          = 0x400
+	PERF_FLAG_FD_CLOEXEC     = 0x8
+	RLIM_INFINITY            = 0x7fffffffffffffff
+	RLIMIT_MEMLOCK           = 8
+	BPF_STATS_RUN_TIME       = 0
+	PERF_RECORD_LOST         = 2
+	PERF_RECORD_SAMPLE       = 9
+	AT_FDCWD                 = -0x2
+	RENAME_NOREPLACE         = 0x1
+)
+
+// Statfs_t is a wrapper
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    [2]int32
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
+}
+
+// Rlimit is a wrapper
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+// Setrlimit is a wrapper
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	return errNonLinux
+}
+
+// Syscall is a wrapper
+func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return 0, 0, syscall.Errno(1)
+}
+
+// FcntlInt is a wrapper
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+	return -1, errNonLinux
+}
+
+// IoctlSetInt is a wrapper
+func IoctlSetInt(fd int, req uint, value int) error {
+	return errNonLinux
+}
+
+// Statfs is a wrapper
+func Statfs(path string, buf *Statfs_t) error {
+	return errNonLinux
+}
+
+// Close is a wrapper
+func Close(fd int) (err error) {
+	return errNonLinux
+}
+
+// EpollEvent is a wrapper
+type EpollEvent struct {
+	Events uint32
+	Fd     int32
+	Pad    int32
+}
+
+// EpollWait is a wrapper
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	return 0, errNonLinux
+}
+
+// EpollCtl is a wrapper
+func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	return errNonLinux
+}
+
+// Eventfd is a wrapper
+func Eventfd(initval uint, flags int) (fd int, err error) {
+	return 0, errNonLinux
+}
+
+// Write is a wrapper
+func Write(fd int, p []byte) (n int, err error) {
+	return 0, errNonLinux
+}
+
+// EpollCreate1 is a wrapper
+func EpollCreate1(flag int) (fd int, err error) {
+	return 0, errNonLinux
+}
+
+// PerfEventMmapPage is a wrapper
+type PerfEventMmapPage struct {
+	Version        uint32
+	Compat_version uint32
+	Lock           uint32
+	Index          uint32
+	Offset         int64
+	Time_enabled   uint64
+	Time_running   uint64
+	Capabilities   uint64
+	Pmc_width      uint16
+	Time_shift     uint16
+	Time_mult      uint32
+	Time_offset    uint64
+	Time_zero      uint64
+	Size           uint32
+
+	Data_head   uint64
+	Data_tail   uint64
+	Data_offset uint64
+	Data_size   uint64
+	Aux_head    uint64
+	Aux_tail    uint64
+	Aux_offset  uint64
+	Aux_size    uint64
+}
+
+// SetNonblock is a wrapper
+func SetNonblock(fd int, nonblocking bool) (err error) {
+	return errNonLinux
+}
+
+// Mmap is a wrapper
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return []byte{}, errNonLinux
+}
+
+// Munmap is a wrapper
+func Munmap(b []byte) (err error) {
+	return errNonLinux
+}
+
+// PerfEventAttr is a wrapper
+type PerfEventAttr struct {
+	Type               uint32
+	Size               uint32
+	Config             uint64
+	Sample             uint64
+	Sample_type        uint64
+	Read_format        uint64
+	Bits               uint64
+	Wakeup             uint32
+	Bp_type            uint32
+	Ext1               uint64
+	Ext2               uint64
+	Branch_sample_type uint64
+	Sample_regs_user   uint64
+	Sample_stack_user  uint32
+	Clockid            int32
+	Sample_regs_intr   uint64
+	Aux_watermark      uint32
+	Sample_max_stack   uint16
+}
+
+// PerfEventOpen is a wrapper
+func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
+	return 0, errNonLinux
+}
+
+// Utsname is a wrapper
+type Utsname struct {
+	Release [65]byte
+	Version [65]byte
+}
+
+// Uname is a wrapper
+func Uname(buf *Utsname) (err error) {
+	return errNonLinux
+}
+
+// Getpid is a wrapper
+func Getpid() int {
+	return -1
+}
+
+// Gettid is a wrapper
+func Gettid() int {
+	return -1
+}
+
+// Tgkill is a wrapper
+func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
+	return errNonLinux
+}
+
+// BytePtrFromString is a wrapper
+func BytePtrFromString(s string) (*byte, error) {
+	return nil, errNonLinux
+}
+
+// ByteSliceToString is a wrapper
+func ByteSliceToString(s []byte) string {
+	return ""
+}
+
+// Renameat2 is a wrapper
+func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) error {
+	return errNonLinux
+}
+
+func KernelRelease() (string, error) {
+	return "", errNonLinux
+}
diff --git a/vendor/github.com/cilium/ebpf/internal/version.go b/vendor/github.com/cilium/ebpf/internal/version.go
new file mode 100644
index 0000000000000..1a678bfe65749
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/internal/version.go
@@ -0,0 +1,163 @@
+package internal
+
+import (
+	"fmt"
+	"io/ioutil"
+	"regexp"
+	"sync"
+
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+const (
+	// Version constant used in ELF binaries indicating that the loader needs to
+	// substitute the eBPF program's version with the value of the kernel's
+	// KERNEL_VERSION compile-time macro. Used for compatibility with BCC, gobpf
+	// and RedSift.
+	MagicKernelVersion = 0xFFFFFFFE
+)
+
+var (
+	// Match between one and three decimals separated by dots, with the last
+	// segment (patch level) being optional on some kernels.
+	// The x.y.z string must appear at the start of a string or right after
+	// whitespace to prevent sequences like 'x.y.z-a.b.c' from matching 'a.b.c'.
+	rgxKernelVersion = regexp.MustCompile(`(?:\A|\s)\d{1,3}\.\d{1,3}(?:\.\d{1,3})?`)
+
+	kernelVersion = struct {
+		once    sync.Once
+		version Version
+		err     error
+	}{}
+)
+
+// A Version in the form Major.Minor.Patch.
+type Version [3]uint16
+
+// NewVersion creates a version from a string like "Major.Minor.Patch".
+//
+// Patch is optional.
+func NewVersion(ver string) (Version, error) {
+	var major, minor, patch uint16
+	n, _ := fmt.Sscanf(ver, "%d.%d.%d", &major, &minor, &patch)
+	if n < 2 {
+		return Version{}, fmt.Errorf("invalid version: %s", ver)
+	}
+	return Version{major, minor, patch}, nil
+}
+
+func (v Version) String() string {
+	if v[2] == 0 {
+		return fmt.Sprintf("v%d.%d", v[0], v[1])
+	}
+	return fmt.Sprintf("v%d.%d.%d", v[0], v[1], v[2])
+}
+
+// Less returns true if the version is less than another version.
+func (v Version) Less(other Version) bool {
+	for i, a := range v {
+		if a == other[i] {
+			continue
+		}
+		return a < other[i]
+	}
+	return false
+}
+
+// Unspecified returns true if the version is all zero.
+func (v Version) Unspecified() bool {
+	return v[0] == 0 && v[1] == 0 && v[2] == 0
+}
+
+// Kernel implements the kernel's KERNEL_VERSION macro from linux/version.h.
+// It represents the kernel version and patch level as a single value.
+func (v Version) Kernel() uint32 {
+
+	// Kernels 4.4 and 4.9 have their SUBLEVEL clamped to 255 to avoid
+	// overflowing into PATCHLEVEL.
+	// See kernel commit 9b82f13e7ef3 ("kbuild: clamp SUBLEVEL to 255").
+	s := v[2]
+	if s > 255 {
+		s = 255
+	}
+
+	// Truncate members to uint8 to prevent them from spilling over into
+	// each other when overflowing 8 bits.
+	return uint32(uint8(v[0]))<<16 | uint32(uint8(v[1]))<<8 | uint32(uint8(s))
+}
+
+// KernelVersion returns the version of the currently running kernel.
+func KernelVersion() (Version, error) {
+	kernelVersion.once.Do(func() {
+		kernelVersion.version, kernelVersion.err = detectKernelVersion()
+	})
+
+	if kernelVersion.err != nil {
+		return Version{}, kernelVersion.err
+	}
+	return kernelVersion.version, nil
+}
+
+// detectKernelVersion returns the version of the running kernel. It scans the
+// following sources in order: /proc/version_signature, uname -v, uname -r.
+// In each of those locations, the last-appearing x.y(.z) value is selected
+// for parsing. The first location that yields a usable version number is
+// returned.
+func detectKernelVersion() (Version, error) {
+
+	// Try reading /proc/version_signature for Ubuntu compatibility.
+	// Example format: Ubuntu 4.15.0-91.92-generic 4.15.18
+	// This method exists in the kernel itself, see d18acd15c
+	// ("perf tools: Fix kernel version error in ubuntu").
+	if pvs, err := ioutil.ReadFile("/proc/version_signature"); err == nil {
+		// If /proc/version_signature exists, failing to parse it is an error.
+		// It only exists on Ubuntu, where the real patch level is not obtainable
+		// through any other method.
+		v, err := findKernelVersion(string(pvs))
+		if err != nil {
+			return Version{}, err
+		}
+		return v, nil
+	}
+
+	var uname unix.Utsname
+	if err := unix.Uname(&uname); err != nil {
+		return Version{}, fmt.Errorf("calling uname: %w", err)
+	}
+
+	// Debian puts the version including the patch level in uname.Version.
+	// It is not an error if there's no version number in uname.Version,
+	// as most distributions don't use it. Parsing can continue on uname.Release.
+	// Example format: #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08)
+	if v, err := findKernelVersion(unix.ByteSliceToString(uname.Version[:])); err == nil {
+		return v, nil
+	}
+
+	// Most other distributions have the full kernel version including patch
+	// level in uname.Release.
+	// Example format: 4.19.0-5-amd64, 5.5.10-arch1-1
+	v, err := findKernelVersion(unix.ByteSliceToString(uname.Release[:]))
+	if err != nil {
+		return Version{}, err
+	}
+
+	return v, nil
+}
+
+// findKernelVersion matches s against rgxKernelVersion and parses the result
+// into a Version. If s contains multiple matches, the last entry is selected.
+func findKernelVersion(s string) (Version, error) {
+	m := rgxKernelVersion.FindAllString(s, -1)
+	if m == nil {
+		return Version{}, fmt.Errorf("no kernel version in string: %s", s)
+	}
+	// Pick the last match of the string in case there are multiple.
+	s = m[len(m)-1]
+
+	v, err := NewVersion(s)
+	if err != nil {
+		return Version{}, fmt.Errorf("parsing version string %s: %w", s, err)
+	}
+
+	return v, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/link/cgroup.go b/vendor/github.com/cilium/ebpf/link/cgroup.go
new file mode 100644
index 0000000000000..5540bb068cd20
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/cgroup.go
@@ -0,0 +1,171 @@
+package link
+
+import (
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/cilium/ebpf"
+)
+
+type cgroupAttachFlags uint32
+
+// cgroup attach flags
+const (
+	flagAllowOverride cgroupAttachFlags = 1 << iota
+	flagAllowMulti
+	flagReplace
+)
+
+type CgroupOptions struct {
+	// Path to a cgroupv2 folder.
+	Path string
+	// One of the AttachCgroup* constants
+	Attach ebpf.AttachType
+	// Program must be of type CGroup*, and the attach type must match Attach.
+	Program *ebpf.Program
+}
+
+// AttachCgroup links a BPF program to a cgroup.
+func AttachCgroup(opts CgroupOptions) (Link, error) {
+	cgroup, err := os.Open(opts.Path)
+	if err != nil {
+		return nil, fmt.Errorf("can't open cgroup: %s", err)
+	}
+
+	clone, err := opts.Program.Clone()
+	if err != nil {
+		cgroup.Close()
+		return nil, err
+	}
+
+	var cg Link
+	cg, err = newLinkCgroup(cgroup, opts.Attach, clone)
+	if errors.Is(err, ErrNotSupported) {
+		cg, err = newProgAttachCgroup(cgroup, opts.Attach, clone, flagAllowMulti)
+	}
+	if errors.Is(err, ErrNotSupported) {
+		cg, err = newProgAttachCgroup(cgroup, opts.Attach, clone, flagAllowOverride)
+	}
+	if err != nil {
+		cgroup.Close()
+		clone.Close()
+		return nil, err
+	}
+
+	return cg, nil
+}
+
+// LoadPinnedCgroup loads a pinned cgroup from a bpffs.
+func LoadPinnedCgroup(fileName string, opts *ebpf.LoadPinOptions) (Link, error) {
+	link, err := LoadPinnedRawLink(fileName, CgroupType, opts)
+	if err != nil {
+		return nil, err
+	}
+
+	return &linkCgroup{*link}, nil
+}
+
+type progAttachCgroup struct {
+	cgroup     *os.File
+	current    *ebpf.Program
+	attachType ebpf.AttachType
+	flags      cgroupAttachFlags
+}
+
+var _ Link = (*progAttachCgroup)(nil)
+
+func (cg *progAttachCgroup) isLink() {}
+
+func newProgAttachCgroup(cgroup *os.File, attach ebpf.AttachType, prog *ebpf.Program, flags cgroupAttachFlags) (*progAttachCgroup, error) {
+	if flags&flagAllowMulti > 0 {
+		if err := haveProgAttachReplace(); err != nil {
+			return nil, fmt.Errorf("can't support multiple programs: %w", err)
+		}
+	}
+
+	err := RawAttachProgram(RawAttachProgramOptions{
+		Target:  int(cgroup.Fd()),
+		Program: prog,
+		Flags:   uint32(flags),
+		Attach:  attach,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("cgroup: %w", err)
+	}
+
+	return &progAttachCgroup{cgroup, prog, attach, flags}, nil
+}
+
+func (cg *progAttachCgroup) Close() error {
+	defer cg.cgroup.Close()
+	defer cg.current.Close()
+
+	err := RawDetachProgram(RawDetachProgramOptions{
+		Target:  int(cg.cgroup.Fd()),
+		Program: cg.current,
+		Attach:  cg.attachType,
+	})
+	if err != nil {
+		return fmt.Errorf("close cgroup: %s", err)
+	}
+	return nil
+}
+
+func (cg *progAttachCgroup) Update(prog *ebpf.Program) error {
+	new, err := prog.Clone()
+	if err != nil {
+		return err
+	}
+
+	args := RawAttachProgramOptions{
+		Target:  int(cg.cgroup.Fd()),
+		Program: prog,
+		Attach:  cg.attachType,
+		Flags:   uint32(cg.flags),
+	}
+
+	if cg.flags&flagAllowMulti > 0 {
+		// Atomically replacing multiple programs requires at least
+		// 5.5 (commit 7dd68b3279f17921 "bpf: Support replacing cgroup-bpf
+		// program in MULTI mode")
+		args.Flags |= uint32(flagReplace)
+		args.Replace = cg.current
+	}
+
+	if err := RawAttachProgram(args); err != nil {
+		new.Close()
+		return fmt.Errorf("can't update cgroup: %s", err)
+	}
+
+	cg.current.Close()
+	cg.current = new
+	return nil
+}
+
+func (cg *progAttachCgroup) Pin(string) error {
+	return fmt.Errorf("can't pin cgroup: %w", ErrNotSupported)
+}
+
+func (cg *progAttachCgroup) Unpin() error {
+	return fmt.Errorf("can't pin cgroup: %w", ErrNotSupported)
+}
+
+type linkCgroup struct {
+	RawLink
+}
+
+var _ Link = (*linkCgroup)(nil)
+
+func newLinkCgroup(cgroup *os.File, attach ebpf.AttachType, prog *ebpf.Program) (*linkCgroup, error) {
+	link, err := AttachRawLink(RawLinkOptions{
+		Target:  int(cgroup.Fd()),
+		Program: prog,
+		Attach:  attach,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &linkCgroup{*link}, err
+}
diff --git a/vendor/github.com/cilium/ebpf/link/doc.go b/vendor/github.com/cilium/ebpf/link/doc.go
new file mode 100644
index 0000000000000..2bde35ed7a265
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/doc.go
@@ -0,0 +1,2 @@
+// Package link allows attaching eBPF programs to various kernel hooks.
+package link
diff --git a/vendor/github.com/cilium/ebpf/link/iter.go b/vendor/github.com/cilium/ebpf/link/iter.go
new file mode 100644
index 0000000000000..654d34ef8482e
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/iter.go
@@ -0,0 +1,100 @@
+package link
+
+import (
+	"fmt"
+	"io"
+	"unsafe"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/internal"
+)
+
+type IterOptions struct {
+	// Program must be of type Tracing with attach type
+	// AttachTraceIter. The kind of iterator to attach to is
+	// determined at load time via the AttachTo field.
+	//
+	// AttachTo requires the kernel to include BTF of itself,
+	// and it to be compiled with a recent pahole (>= 1.16).
+	Program *ebpf.Program
+
+	// Map specifies the target map for bpf_map_elem and sockmap iterators.
+	// It may be nil.
+	Map *ebpf.Map
+}
+
+// AttachIter attaches a BPF seq_file iterator.
+func AttachIter(opts IterOptions) (*Iter, error) {
+	if err := haveBPFLink(); err != nil {
+		return nil, err
+	}
+
+	progFd := opts.Program.FD()
+	if progFd < 0 {
+		return nil, fmt.Errorf("invalid program: %s", internal.ErrClosedFd)
+	}
+
+	var info bpfIterLinkInfoMap
+	if opts.Map != nil {
+		mapFd := opts.Map.FD()
+		if mapFd < 0 {
+			return nil, fmt.Errorf("invalid map: %w", internal.ErrClosedFd)
+		}
+		info.map_fd = uint32(mapFd)
+	}
+
+	attr := bpfLinkCreateIterAttr{
+		prog_fd:       uint32(progFd),
+		attach_type:   ebpf.AttachTraceIter,
+		iter_info:     internal.NewPointer(unsafe.Pointer(&info)),
+		iter_info_len: uint32(unsafe.Sizeof(info)),
+	}
+
+	fd, err := bpfLinkCreateIter(&attr)
+	if err != nil {
+		return nil, fmt.Errorf("can't link iterator: %w", err)
+	}
+
+	return &Iter{RawLink{fd, ""}}, err
+}
+
+// LoadPinnedIter loads a pinned iterator from a bpffs.
+func LoadPinnedIter(fileName string, opts *ebpf.LoadPinOptions) (*Iter, error) {
+	link, err := LoadPinnedRawLink(fileName, IterType, opts)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Iter{*link}, err
+}
+
+// Iter represents an attached bpf_iter.
+type Iter struct {
+	RawLink
+}
+
+// Open creates a new instance of the iterator.
+//
+// Reading from the returned reader triggers the BPF program.
+func (it *Iter) Open() (io.ReadCloser, error) {
+	linkFd, err := it.fd.Value()
+	if err != nil {
+		return nil, err
+	}
+
+	attr := &bpfIterCreateAttr{
+		linkFd: linkFd,
+	}
+
+	fd, err := bpfIterCreate(attr)
+	if err != nil {
+		return nil, fmt.Errorf("can't create iterator: %w", err)
+	}
+
+	return fd.File("bpf_iter"), nil
+}
+
+// union bpf_iter_link_info.map
+type bpfIterLinkInfoMap struct {
+	map_fd uint32
+}
diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go
new file mode 100644
index 0000000000000..ea71d6d608a82
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/kprobe.go
@@ -0,0 +1,438 @@
+package link
+
+import (
+	"bytes"
+	"crypto/rand"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sync"
+	"unsafe"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+var (
+	kprobeEventsPath = filepath.Join(tracefsPath, "kprobe_events")
+
+	kprobeRetprobeBit = struct {
+		once  sync.Once
+		value uint64
+		err   error
+	}{}
+)
+
+type probeType uint8
+
+const (
+	kprobeType probeType = iota
+	uprobeType
+)
+
+func (pt probeType) String() string {
+	if pt == kprobeType {
+		return "kprobe"
+	}
+	return "uprobe"
+}
+
+func (pt probeType) EventsPath() string {
+	if pt == kprobeType {
+		return kprobeEventsPath
+	}
+	return uprobeEventsPath
+}
+
+func (pt probeType) PerfEventType(ret bool) perfEventType {
+	if pt == kprobeType {
+		if ret {
+			return kretprobeEvent
+		}
+		return kprobeEvent
+	}
+	if ret {
+		return uretprobeEvent
+	}
+	return uprobeEvent
+}
+
+func (pt probeType) RetprobeBit() (uint64, error) {
+	if pt == kprobeType {
+		return kretprobeBit()
+	}
+	return uretprobeBit()
+}
+
+// Kprobe attaches the given eBPF program to a perf event that fires when the
+// given kernel symbol starts executing. See /proc/kallsyms for available
+// symbols. For example, printk():
+//
+//	Kprobe("printk", prog)
+//
+// The resulting Link must be Closed during program shutdown to avoid leaking
+// system resources.
+func Kprobe(symbol string, prog *ebpf.Program) (Link, error) {
+	k, err := kprobe(symbol, prog, false)
+	if err != nil {
+		return nil, err
+	}
+
+	err = k.attach(prog)
+	if err != nil {
+		k.Close()
+		return nil, err
+	}
+
+	return k, nil
+}
+
+// Kretprobe attaches the given eBPF program to a perf event that fires right
+// before the given kernel symbol exits, with the function stack left intact.
+// See /proc/kallsyms for available symbols. For example, printk():
+//
+//	Kretprobe("printk", prog)
+//
+// The resulting Link must be Closed during program shutdown to avoid leaking
+// system resources.
+func Kretprobe(symbol string, prog *ebpf.Program) (Link, error) {
+	k, err := kprobe(symbol, prog, true)
+	if err != nil {
+		return nil, err
+	}
+
+	err = k.attach(prog)
+	if err != nil {
+		k.Close()
+		return nil, err
+	}
+
+	return k, nil
+}
+
+// kprobe opens a perf event on the given symbol and attaches prog to it.
+// If ret is true, create a kretprobe.
+func kprobe(symbol string, prog *ebpf.Program, ret bool) (*perfEvent, error) {
+	if symbol == "" {
+		return nil, fmt.Errorf("symbol name cannot be empty: %w", errInvalidInput)
+	}
+	if prog == nil {
+		return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput)
+	}
+	if !rgxTraceEvent.MatchString(symbol) {
+		return nil, fmt.Errorf("symbol '%s' must be alphanumeric or underscore: %w", symbol, errInvalidInput)
+	}
+	if prog.Type() != ebpf.Kprobe {
+		return nil, fmt.Errorf("eBPF program type %s is not a Kprobe: %w", prog.Type(), errInvalidInput)
+	}
+
+	// Use kprobe PMU if the kernel has it available.
+	tp, err := pmuKprobe(platformPrefix(symbol), ret)
+	if errors.Is(err, os.ErrNotExist) {
+		tp, err = pmuKprobe(symbol, ret)
+	}
+	if err == nil {
+		return tp, nil
+	}
+	if err != nil && !errors.Is(err, ErrNotSupported) {
+		return nil, fmt.Errorf("creating perf_kprobe PMU: %w", err)
+	}
+
+	// Use tracefs if kprobe PMU is missing.
+	tp, err = tracefsKprobe(platformPrefix(symbol), ret)
+	if errors.Is(err, os.ErrNotExist) {
+		tp, err = tracefsKprobe(symbol, ret)
+	}
+	if err != nil {
+		return nil, fmt.Errorf("creating trace event '%s' in tracefs: %w", symbol, err)
+	}
+
+	return tp, nil
+}
+
+// pmuKprobe opens a perf event based on the kprobe PMU.
+// Returns os.ErrNotExist if the given symbol does not exist in the kernel.
+func pmuKprobe(symbol string, ret bool) (*perfEvent, error) {
+	return pmuProbe(kprobeType, symbol, "", 0, ret)
+}
+
+// pmuProbe opens a perf event based on a Performance Monitoring Unit.
+//
+// Requires at least a 4.17 kernel.
+// e12f03d7031a "perf/core: Implement the 'perf_kprobe' PMU"
+// 33ea4b24277b "perf/core: Implement the 'perf_uprobe' PMU"
+//
+// Returns ErrNotSupported if the kernel doesn't support perf_[k,u]probe PMU
+func pmuProbe(typ probeType, symbol, path string, offset uint64, ret bool) (*perfEvent, error) {
+	// Getting the PMU type will fail if the kernel doesn't support
+	// the perf_[k,u]probe PMU.
+	et, err := getPMUEventType(typ)
+	if err != nil {
+		return nil, err
+	}
+
+	var config uint64
+	if ret {
+		bit, err := typ.RetprobeBit()
+		if err != nil {
+			return nil, err
+		}
+		config |= 1 << bit
+	}
+
+	var (
+		attr unix.PerfEventAttr
+		sp   unsafe.Pointer
+	)
+	switch typ {
+	case kprobeType:
+		// Create a pointer to a NUL-terminated string for the kernel.
+		sp, err := unsafeStringPtr(symbol)
+		if err != nil {
+			return nil, err
+		}
+
+		attr = unix.PerfEventAttr{
+			Type:   uint32(et),          // PMU event type read from sysfs
+			Ext1:   uint64(uintptr(sp)), // Kernel symbol to trace
+			Config: config,              // Retprobe flag
+		}
+	case uprobeType:
+		sp, err := unsafeStringPtr(path)
+		if err != nil {
+			return nil, err
+		}
+
+		attr = unix.PerfEventAttr{
+			// The minimum size required for PMU uprobes is PERF_ATTR_SIZE_VER1,
+			// since it added the config2 (Ext2) field. The Size field controls the
+			// size of the internal buffer the kernel allocates for reading the
+			// perf_event_attr argument from userspace.
+			Size:   unix.PERF_ATTR_SIZE_VER1,
+			Type:   uint32(et),          // PMU event type read from sysfs
+			Ext1:   uint64(uintptr(sp)), // Uprobe path
+			Ext2:   offset,              // Uprobe offset
+			Config: config,              // Retprobe flag
+		}
+	}
+
+	fd, err := unix.PerfEventOpen(&attr, perfAllThreads, 0, -1, unix.PERF_FLAG_FD_CLOEXEC)
+
+	// Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL
+	// when trying to create a kretprobe for a missing symbol. Make sure ENOENT
+	// is returned to the caller.
+	if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) {
+		return nil, fmt.Errorf("symbol '%s' not found: %w", symbol, os.ErrNotExist)
+	}
+	if err != nil {
+		return nil, fmt.Errorf("opening perf event: %w", err)
+	}
+
+	// Ensure the string pointer is not collected before PerfEventOpen returns.
+	runtime.KeepAlive(sp)
+
+	// Kernel has perf_[k,u]probe PMU available, initialize perf event.
+	return &perfEvent{
+		fd:    internal.NewFD(uint32(fd)),
+		pmuID: et,
+		name:  symbol,
+		typ:   typ.PerfEventType(ret),
+	}, nil
+}
+
+// tracefsKprobe creates a Kprobe tracefs entry.
+func tracefsKprobe(symbol string, ret bool) (*perfEvent, error) {
+	return tracefsProbe(kprobeType, symbol, "", 0, ret)
+}
+
+// tracefsProbe creates a trace event by writing an entry to <tracefs>/[k,u]probe_events.
+// A new trace event group name is generated on every call to support creating
+// multiple trace events for the same kernel or userspace symbol.
+// Path and offset are only set in the case of uprobe(s) and are used to set
+// the executable/library path on the filesystem and the offset where the probe is inserted.
+// A perf event is then opened on the newly-created trace event and returned to the caller.
+func tracefsProbe(typ probeType, symbol, path string, offset uint64, ret bool) (*perfEvent, error) {
+	// Generate a random string for each trace event we attempt to create.
+	// This value is used as the 'group' token in tracefs to allow creating
+	// multiple kprobe trace events with the same name.
+	group, err := randomGroup("ebpf")
+	if err != nil {
+		return nil, fmt.Errorf("randomizing group name: %w", err)
+	}
+
+	// Before attempting to create a trace event through tracefs,
+	// check if an event with the same group and name already exists.
+	// Kernels 4.x and earlier don't return os.ErrExist on writing a duplicate
+	// entry, so we need to rely on reads for detecting uniqueness.
+	_, err = getTraceEventID(group, symbol)
+	if err == nil {
+		return nil, fmt.Errorf("trace event already exists: %s/%s", group, symbol)
+	}
+	if err != nil && !errors.Is(err, os.ErrNotExist) {
+		return nil, fmt.Errorf("checking trace event %s/%s: %w", group, symbol, err)
+	}
+
+	// Create the [k,u]probe trace event using tracefs.
+	if err := createTraceFSProbeEvent(typ, group, symbol, path, offset, ret); err != nil {
+		return nil, fmt.Errorf("creating probe entry on tracefs: %w", err)
+	}
+
+	// Get the newly-created trace event's id.
+	tid, err := getTraceEventID(group, symbol)
+	if err != nil {
+		return nil, fmt.Errorf("getting trace event id: %w", err)
+	}
+
+	// Kprobes are ephemeral tracepoints and share the same perf event type.
+	fd, err := openTracepointPerfEvent(tid)
+	if err != nil {
+		return nil, err
+	}
+
+	return &perfEvent{
+		fd:        fd,
+		group:     group,
+		name:      symbol,
+		tracefsID: tid,
+		typ:       typ.PerfEventType(ret),
+	}, nil
+}
+
+// createTraceFSProbeEvent creates a new ephemeral trace event by writing to
+// <tracefs>/[k,u]probe_events. Returns os.ErrNotExist if symbol is not a valid
+// kernel symbol, or if it is not traceable with kprobes. Returns os.ErrExist
+// if a probe with the same group and symbol already exists.
+func createTraceFSProbeEvent(typ probeType, group, symbol, path string, offset uint64, ret bool) error {
+	// Open the kprobe_events file in tracefs.
+	f, err := os.OpenFile(typ.EventsPath(), os.O_APPEND|os.O_WRONLY, 0666)
+	if err != nil {
+		return fmt.Errorf("error opening '%s': %w", typ.EventsPath(), err)
+	}
+	defer f.Close()
+
+	var pe string
+	switch typ {
+	case kprobeType:
+		// The kprobe_events syntax is as follows (see Documentation/trace/kprobetrace.txt):
+		// p[:[GRP/]EVENT] [MOD:]SYM[+offs]|MEMADDR [FETCHARGS] : Set a probe
+		// r[MAXACTIVE][:[GRP/]EVENT] [MOD:]SYM[+0] [FETCHARGS] : Set a return probe
+		// -:[GRP/]EVENT                                        : Clear a probe
+		//
+		// Some examples:
+		// r:ebpf_1234/r_my_kretprobe nf_conntrack_destroy
+		// p:ebpf_5678/p_my_kprobe __x64_sys_execve
+		//
+		// Leaving the kretprobe's MAXACTIVE set to 0 (or absent) will make the
+		// kernel default to NR_CPUS. This is desired in most eBPF cases since
+		// subsampling or rate limiting logic can be more accurately implemented in
+		// the eBPF program itself.
+		// See Documentation/kprobes.txt for more details.
+		pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(ret), group, symbol, symbol)
+	case uprobeType:
+		// The uprobe_events syntax is as follows:
+		// p[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a probe
+		// r[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a return probe
+		// -:[GRP/]EVENT                           : Clear a probe
+		//
+		// Some examples:
+		// r:ebpf_1234/readline /bin/bash:0x12345
+		// p:ebpf_5678/main_mySymbol /bin/mybin:0x12345
+		//
+		// See Documentation/trace/uprobetracer.txt for more details.
+		pathOffset := uprobePathOffset(path, offset)
+		pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(ret), group, symbol, pathOffset)
+	}
+	_, err = f.WriteString(pe)
+	// Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL
+	// when trying to create a kretprobe for a missing symbol. Make sure ENOENT
+	// is returned to the caller.
+	if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) {
+		return fmt.Errorf("symbol %s not found: %w", symbol, os.ErrNotExist)
+	}
+	if err != nil {
+		return fmt.Errorf("writing '%s' to '%s': %w", pe, typ.EventsPath(), err)
+	}
+
+	return nil
+}
+
+// closeTraceFSProbeEvent removes the [k,u]probe with the given type, group and symbol
+// from <tracefs>/[k,u]probe_events.
+func closeTraceFSProbeEvent(typ probeType, group, symbol string) error {
+	f, err := os.OpenFile(typ.EventsPath(), os.O_APPEND|os.O_WRONLY, 0666)
+	if err != nil {
+		return fmt.Errorf("error opening %s: %w", typ.EventsPath(), err)
+	}
+	defer f.Close()
+
+	// See [k,u]probe_events syntax above. The probe type does not need to be specified
+	// for removals.
+	pe := fmt.Sprintf("-:%s/%s", group, symbol)
+	if _, err = f.WriteString(pe); err != nil {
+		return fmt.Errorf("writing '%s' to '%s': %w", pe, typ.EventsPath(), err)
+	}
+
+	return nil
+}
+
+// randomGroup generates a pseudorandom string for use as a tracefs group name.
+// Returns an error when the output string would exceed 63 characters (kernel
+// limitation), when rand.Read() fails or when prefix contains characters not
+// allowed by rgxTraceEvent.
+func randomGroup(prefix string) (string, error) {
+	if !rgxTraceEvent.MatchString(prefix) {
+		return "", fmt.Errorf("prefix '%s' must be alphanumeric or underscore: %w", prefix, errInvalidInput)
+	}
+
+	b := make([]byte, 8)
+	if _, err := rand.Read(b); err != nil {
+		return "", fmt.Errorf("reading random bytes: %w", err)
+	}
+
+	group := fmt.Sprintf("%s_%x", prefix, b)
+	if len(group) > 63 {
+		return "", fmt.Errorf("group name '%s' cannot be longer than 63 characters: %w", group, errInvalidInput)
+	}
+
+	return group, nil
+}
+
+func probePrefix(ret bool) string {
+	if ret {
+		return "r"
+	}
+	return "p"
+}
+
+// determineRetprobeBit reads a Performance Monitoring Unit's retprobe bit
+// from /sys/bus/event_source/devices/<pmu>/format/retprobe.
+func determineRetprobeBit(typ probeType) (uint64, error) {
+	p := filepath.Join("/sys/bus/event_source/devices/", typ.String(), "/format/retprobe")
+
+	data, err := ioutil.ReadFile(p)
+	if err != nil {
+		return 0, err
+	}
+
+	var rp uint64
+	n, err := fmt.Sscanf(string(bytes.TrimSpace(data)), "config:%d", &rp)
+	if err != nil {
+		return 0, fmt.Errorf("parse retprobe bit: %w", err)
+	}
+	if n != 1 {
+		return 0, fmt.Errorf("parse retprobe bit: expected 1 item, got %d", n)
+	}
+
+	return rp, nil
+}
+
+func kretprobeBit() (uint64, error) {
+	kprobeRetprobeBit.once.Do(func() {
+		kprobeRetprobeBit.value, kprobeRetprobeBit.err = determineRetprobeBit(kprobeType)
+	})
+	return kprobeRetprobeBit.value, kprobeRetprobeBit.err
+}
diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go
new file mode 100644
index 0000000000000..16cfff415dd40
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/link.go
@@ -0,0 +1,229 @@
+package link
+
+import (
+	"fmt"
+	"unsafe"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/internal"
+)
+
+var ErrNotSupported = internal.ErrNotSupported
+
+// Link represents a Program attached to a BPF hook.
+type Link interface {
+	// Replace the current program with a new program.
+	//
+	// Passing a nil program is an error. May return an error wrapping ErrNotSupported.
+	Update(*ebpf.Program) error
+
+	// Persist a link by pinning it into a bpffs.
+	//
+	// May return an error wrapping ErrNotSupported.
+	Pin(string) error
+
+	// Undo a previous call to Pin.
+	//
+	// May return an error wrapping ErrNotSupported.
+	Unpin() error
+
+	// Close frees resources.
+	//
+	// The link will be broken unless it has been pinned. A link
+	// may continue past the lifetime of the process if Close is
+	// not called.
+	Close() error
+
+	// Prevent external users from implementing this interface.
+	isLink()
+}
+
+// ID uniquely identifies a BPF link.
+type ID uint32
+
+// RawLinkOptions control the creation of a raw link.
+type RawLinkOptions struct {
+	// File descriptor to attach to. This differs for each attach type.
+	Target int
+	// Program to attach.
+	Program *ebpf.Program
+	// Attach must match the attach type of Program.
+	Attach ebpf.AttachType
+}
+
+// RawLinkInfo contains metadata on a link.
+type RawLinkInfo struct {
+	Type    Type
+	ID      ID
+	Program ebpf.ProgramID
+}
+
+// RawLink is the low-level API to bpf_link.
+//
+// You should consider using the higher level interfaces in this
+// package instead.
+type RawLink struct {
+	fd         *internal.FD
+	pinnedPath string
+}
+
+// AttachRawLink creates a raw link.
+func AttachRawLink(opts RawLinkOptions) (*RawLink, error) {
+	if err := haveBPFLink(); err != nil {
+		return nil, err
+	}
+
+	if opts.Target < 0 {
+		return nil, fmt.Errorf("invalid target: %s", internal.ErrClosedFd)
+	}
+
+	progFd := opts.Program.FD()
+	if progFd < 0 {
+		return nil, fmt.Errorf("invalid program: %s", internal.ErrClosedFd)
+	}
+
+	attr := bpfLinkCreateAttr{
+		targetFd:   uint32(opts.Target),
+		progFd:     uint32(progFd),
+		attachType: opts.Attach,
+	}
+	fd, err := bpfLinkCreate(&attr)
+	if err != nil {
+		return nil, fmt.Errorf("can't create link: %s", err)
+	}
+
+	return &RawLink{fd, ""}, nil
+}
+
+// LoadPinnedRawLink loads a persisted link from a bpffs.
+//
+// Returns an error if the pinned link type doesn't match linkType. Pass
+// UnspecifiedType to disable this behaviour.
+func LoadPinnedRawLink(fileName string, linkType Type, opts *ebpf.LoadPinOptions) (*RawLink, error) {
+	fd, err := internal.BPFObjGet(fileName, opts.Marshal())
+	if err != nil {
+		return nil, fmt.Errorf("load pinned link: %w", err)
+	}
+
+	link := &RawLink{fd, fileName}
+	if linkType == UnspecifiedType {
+		return link, nil
+	}
+
+	info, err := link.Info()
+	if err != nil {
+		link.Close()
+		return nil, fmt.Errorf("get pinned link info: %s", err)
+	}
+
+	if info.Type != linkType {
+		link.Close()
+		return nil, fmt.Errorf("link type %v doesn't match %v", info.Type, linkType)
+	}
+
+	return link, nil
+}
+
+func (l *RawLink) isLink() {}
+
+// FD returns the raw file descriptor.
+func (l *RawLink) FD() int {
+	fd, err := l.fd.Value()
+	if err != nil {
+		return -1
+	}
+	return int(fd)
+}
+
+// Close breaks the link.
+//
+// Use Pin if you want to make the link persistent.
+func (l *RawLink) Close() error {
+	return l.fd.Close()
+}
+
+// Pin persists a link past the lifetime of the process.
+//
+// Calling Close on a pinned Link will not break the link
+// until the pin is removed.
+func (l *RawLink) Pin(fileName string) error {
+	if err := internal.Pin(l.pinnedPath, fileName, l.fd); err != nil {
+		return err
+	}
+	l.pinnedPath = fileName
+	return nil
+}
+
+// Unpin implements the Link interface.
+func (l *RawLink) Unpin() error {
+	if err := internal.Unpin(l.pinnedPath); err != nil {
+		return err
+	}
+	l.pinnedPath = ""
+	return nil
+}
+
+// Update implements the Link interface.
+func (l *RawLink) Update(new *ebpf.Program) error {
+	return l.UpdateArgs(RawLinkUpdateOptions{
+		New: new,
+	})
+}
+
+// RawLinkUpdateOptions control the behaviour of RawLink.UpdateArgs.
+type RawLinkUpdateOptions struct {
+	New   *ebpf.Program
+	Old   *ebpf.Program
+	Flags uint32
+}
+
+// UpdateArgs updates a link based on args.
+func (l *RawLink) UpdateArgs(opts RawLinkUpdateOptions) error {
+	newFd := opts.New.FD()
+	if newFd < 0 {
+		return fmt.Errorf("invalid program: %s", internal.ErrClosedFd)
+	}
+
+	var oldFd int
+	if opts.Old != nil {
+		oldFd = opts.Old.FD()
+		if oldFd < 0 {
+			return fmt.Errorf("invalid replacement program: %s", internal.ErrClosedFd)
+		}
+	}
+
+	linkFd, err := l.fd.Value()
+	if err != nil {
+		return fmt.Errorf("can't update link: %s", err)
+	}
+
+	attr := bpfLinkUpdateAttr{
+		linkFd:    linkFd,
+		newProgFd: uint32(newFd),
+		oldProgFd: uint32(oldFd),
+		flags:     opts.Flags,
+	}
+	return bpfLinkUpdate(&attr)
+}
+
+// struct bpf_link_info
+type bpfLinkInfo struct {
+	typ     uint32
+	id      uint32
+	prog_id uint32
+}
+
+// Info returns metadata about the link.
+func (l *RawLink) Info() (*RawLinkInfo, error) {
+	var info bpfLinkInfo
+	err := internal.BPFObjGetInfoByFD(l.fd, unsafe.Pointer(&info), unsafe.Sizeof(info))
+	if err != nil {
+		return nil, fmt.Errorf("link info: %s", err)
+	}
+
+	return &RawLinkInfo{
+		Type(info.typ),
+		ID(info.id),
+		ebpf.ProgramID(info.prog_id),
+	}, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/link/netns.go b/vendor/github.com/cilium/ebpf/link/netns.go
new file mode 100644
index 0000000000000..37e5b84c4ddfd
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/netns.go
@@ -0,0 +1,60 @@
+package link
+
+import (
+	"fmt"
+
+	"github.com/cilium/ebpf"
+)
+
+// NetNsInfo contains metadata about a network namespace link.
+type NetNsInfo struct {
+	RawLinkInfo
+}
+
+// NetNsLink is a program attached to a network namespace.
+type NetNsLink struct {
+	*RawLink
+}
+
+// AttachNetNs attaches a program to a network namespace.
+func AttachNetNs(ns int, prog *ebpf.Program) (*NetNsLink, error) {
+	var attach ebpf.AttachType
+	switch t := prog.Type(); t {
+	case ebpf.FlowDissector:
+		attach = ebpf.AttachFlowDissector
+	case ebpf.SkLookup:
+		attach = ebpf.AttachSkLookup
+	default:
+		return nil, fmt.Errorf("can't attach %v to network namespace", t)
+	}
+
+	link, err := AttachRawLink(RawLinkOptions{
+		Target:  ns,
+		Program: prog,
+		Attach:  attach,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &NetNsLink{link}, nil
+}
+
+// LoadPinnedNetNs loads a network namespace link from bpffs.
+func LoadPinnedNetNs(fileName string, opts *ebpf.LoadPinOptions) (*NetNsLink, error) {
+	link, err := LoadPinnedRawLink(fileName, NetNsType, opts)
+	if err != nil {
+		return nil, err
+	}
+
+	return &NetNsLink{link}, nil
+}
+
+// Info returns information about the link.
+func (nns *NetNsLink) Info() (*NetNsInfo, error) {
+	info, err := nns.RawLink.Info()
+	if err != nil {
+		return nil, err
+	}
+	return &NetNsInfo{*info}, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go
new file mode 100644
index 0000000000000..5267a47ec9bbd
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/perf_event.go
@@ -0,0 +1,273 @@
+package link
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"regexp"
+	"runtime"
+	"strconv"
+	"strings"
+	"unsafe"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// Getting the terminology right is usually the hardest part. For posterity and
+// for staying sane during implementation:
+//
+// - trace event: Representation of a kernel runtime hook. Filesystem entries
+//   under <tracefs>/events. Can be tracepoints (static), kprobes or uprobes.
+//   Can be instantiated into perf events (see below).
+// - tracepoint: A predetermined hook point in the kernel. Exposed as trace
+//   events in (sub)directories under <tracefs>/events. Cannot be closed or
+//   removed, they are static.
+// - k(ret)probe: Ephemeral trace events based on entry or exit points of
+//   exported kernel symbols. kprobe-based (tracefs) trace events can be
+//   created system-wide by writing to the <tracefs>/kprobe_events file, or
+//   they can be scoped to the current process by creating PMU perf events.
+// - u(ret)probe: Ephemeral trace events based on user provides ELF binaries
+//   and offsets. uprobe-based (tracefs) trace events can be
+//   created system-wide by writing to the <tracefs>/uprobe_events file, or
+//   they can be scoped to the current process by creating PMU perf events.
+// - perf event: An object instantiated based on an existing trace event or
+//   kernel symbol. Referred to by fd in userspace.
+//   Exactly one eBPF program can be attached to a perf event. Multiple perf
+//   events can be created from a single trace event. Closing a perf event
+//   stops any further invocations of the attached eBPF program.
+
+var (
+	tracefsPath = "/sys/kernel/debug/tracing"
+
+	// Trace event groups, names and kernel symbols must adhere to this set
+	// of characters. Non-empty, first character must not be a number, all
+	// characters must be alphanumeric or underscore.
+	rgxTraceEvent = regexp.MustCompile("^[a-zA-Z_][0-9a-zA-Z_]*$")
+
+	errInvalidInput = errors.New("invalid input")
+)
+
+const (
+	perfAllThreads = -1
+)
+
+type perfEventType uint8
+
+const (
+	tracepointEvent perfEventType = iota
+	kprobeEvent
+	kretprobeEvent
+	uprobeEvent
+	uretprobeEvent
+)
+
+// A perfEvent represents a perf event kernel object. Exactly one eBPF program
+// can be attached to it. It is created based on a tracefs trace event or a
+// Performance Monitoring Unit (PMU).
+type perfEvent struct {
+
+	// Group and name of the tracepoint/kprobe/uprobe.
+	group string
+	name  string
+
+	// PMU event ID read from sysfs. Valid IDs are non-zero.
+	pmuID uint64
+	// ID of the trace event read from tracefs. Valid IDs are non-zero.
+	tracefsID uint64
+
+	// The event type determines the types of programs that can be attached.
+	typ perfEventType
+
+	fd *internal.FD
+}
+
+func (pe *perfEvent) isLink() {}
+
+func (pe *perfEvent) Pin(string) error {
+	return fmt.Errorf("pin perf event: %w", ErrNotSupported)
+}
+
+func (pe *perfEvent) Unpin() error {
+	return fmt.Errorf("unpin perf event: %w", ErrNotSupported)
+}
+
+// Since 4.15 (e87c6bc3852b "bpf: permit multiple bpf attachments for a single perf event"),
+// calling PERF_EVENT_IOC_SET_BPF appends the given program to a prog_array
+// owned by the perf event, which means multiple programs can be attached
+// simultaneously.
+//
+// Before 4.15, calling PERF_EVENT_IOC_SET_BPF more than once on a perf event
+// returns EEXIST.
+//
+// Detaching a program from a perf event is currently not possible, so a
+// program replacement mechanism cannot be implemented for perf events.
+func (pe *perfEvent) Update(prog *ebpf.Program) error {
+	return fmt.Errorf("can't replace eBPF program in perf event: %w", ErrNotSupported)
+}
+
+func (pe *perfEvent) Close() error {
+	if pe.fd == nil {
+		return nil
+	}
+
+	pfd, err := pe.fd.Value()
+	if err != nil {
+		return fmt.Errorf("getting perf event fd: %w", err)
+	}
+
+	err = unix.IoctlSetInt(int(pfd), unix.PERF_EVENT_IOC_DISABLE, 0)
+	if err != nil {
+		return fmt.Errorf("disabling perf event: %w", err)
+	}
+
+	err = pe.fd.Close()
+	if err != nil {
+		return fmt.Errorf("closing perf event fd: %w", err)
+	}
+
+	switch pe.typ {
+	case kprobeEvent, kretprobeEvent:
+		// Clean up kprobe tracefs entry.
+		if pe.tracefsID != 0 {
+			return closeTraceFSProbeEvent(kprobeType, pe.group, pe.name)
+		}
+	case uprobeEvent, uretprobeEvent:
+		// Clean up uprobe tracefs entry.
+		if pe.tracefsID != 0 {
+			return closeTraceFSProbeEvent(uprobeType, pe.group, pe.name)
+		}
+	case tracepointEvent:
+		// Tracepoint trace events don't hold any extra resources.
+		return nil
+	}
+
+	return nil
+}
+
+// attach the given eBPF prog to the perf event stored in pe.
+// pe must contain a valid perf event fd.
+// prog's type must match the program type stored in pe.
+func (pe *perfEvent) attach(prog *ebpf.Program) error {
+	if prog == nil {
+		return errors.New("cannot attach a nil program")
+	}
+	if pe.fd == nil {
+		return errors.New("cannot attach to nil perf event")
+	}
+	if prog.FD() < 0 {
+		return fmt.Errorf("invalid program: %w", internal.ErrClosedFd)
+	}
+	switch pe.typ {
+	case kprobeEvent, kretprobeEvent, uprobeEvent, uretprobeEvent:
+		if t := prog.Type(); t != ebpf.Kprobe {
+			return fmt.Errorf("invalid program type (expected %s): %s", ebpf.Kprobe, t)
+		}
+	case tracepointEvent:
+		if t := prog.Type(); t != ebpf.TracePoint {
+			return fmt.Errorf("invalid program type (expected %s): %s", ebpf.TracePoint, t)
+		}
+	default:
+		return fmt.Errorf("unknown perf event type: %d", pe.typ)
+	}
+
+	// The ioctl below will fail when the fd is invalid.
+	kfd, _ := pe.fd.Value()
+
+	// Assign the eBPF program to the perf event.
+	err := unix.IoctlSetInt(int(kfd), unix.PERF_EVENT_IOC_SET_BPF, prog.FD())
+	if err != nil {
+		return fmt.Errorf("setting perf event bpf program: %w", err)
+	}
+
+	// PERF_EVENT_IOC_ENABLE and _DISABLE ignore their given values.
+	if err := unix.IoctlSetInt(int(kfd), unix.PERF_EVENT_IOC_ENABLE, 0); err != nil {
+		return fmt.Errorf("enable perf event: %s", err)
+	}
+
+	// Close the perf event when its reference is lost to avoid leaking system resources.
+	runtime.SetFinalizer(pe, (*perfEvent).Close)
+	return nil
+}
+
+// unsafeStringPtr returns an unsafe.Pointer to a NUL-terminated copy of str.
+func unsafeStringPtr(str string) (unsafe.Pointer, error) {
+	p, err := unix.BytePtrFromString(str)
+	if err != nil {
+		return nil, err
+	}
+	return unsafe.Pointer(p), nil
+}
+
+// getTraceEventID reads a trace event's ID from tracefs given its group and name.
+// group and name must be alphanumeric or underscore, as required by the kernel.
+func getTraceEventID(group, name string) (uint64, error) {
+	tid, err := uint64FromFile(tracefsPath, "events", group, name, "id")
+	if errors.Is(err, os.ErrNotExist) {
+		return 0, fmt.Errorf("trace event %s/%s: %w", group, name, os.ErrNotExist)
+	}
+	if err != nil {
+		return 0, fmt.Errorf("reading trace event ID of %s/%s: %w", group, name, err)
+	}
+
+	return tid, nil
+}
+
+// getPMUEventType reads a Performance Monitoring Unit's type (numeric identifier)
+// from /sys/bus/event_source/devices/<pmu>/type.
+//
+// Returns ErrNotSupported if the pmu type is not supported.
+func getPMUEventType(typ probeType) (uint64, error) {
+	et, err := uint64FromFile("/sys/bus/event_source/devices", typ.String(), "type")
+	if errors.Is(err, os.ErrNotExist) {
+		return 0, fmt.Errorf("pmu type %s: %w", typ, ErrNotSupported)
+	}
+	if err != nil {
+		return 0, fmt.Errorf("reading pmu type %s: %w", typ, err)
+	}
+
+	return et, nil
+}
+
+// openTracepointPerfEvent opens a tracepoint-type perf event. System-wide
+// [k,u]probes created by writing to <tracefs>/[k,u]probe_events are tracepoints
+// behind the scenes, and can be attached to using these perf events.
+func openTracepointPerfEvent(tid uint64) (*internal.FD, error) {
+	attr := unix.PerfEventAttr{
+		Type:        unix.PERF_TYPE_TRACEPOINT,
+		Config:      tid,
+		Sample_type: unix.PERF_SAMPLE_RAW,
+		Sample:      1,
+		Wakeup:      1,
+	}
+
+	fd, err := unix.PerfEventOpen(&attr, perfAllThreads, 0, -1, unix.PERF_FLAG_FD_CLOEXEC)
+	if err != nil {
+		return nil, fmt.Errorf("opening tracepoint perf event: %w", err)
+	}
+
+	return internal.NewFD(uint32(fd)), nil
+}
+
+// uint64FromFile reads a uint64 from a file. All elements of path are sanitized
+// and joined onto base. Returns error if base no longer prefixes the path after
+// joining all components.
+func uint64FromFile(base string, path ...string) (uint64, error) {
+	l := filepath.Join(path...)
+	p := filepath.Join(base, l)
+	if !strings.HasPrefix(p, base) {
+		return 0, fmt.Errorf("path '%s' attempts to escape base path '%s': %w", l, base, errInvalidInput)
+	}
+
+	data, err := ioutil.ReadFile(p)
+	if err != nil {
+		return 0, fmt.Errorf("reading file %s: %w", p, err)
+	}
+
+	et := bytes.TrimSpace(data)
+	return strconv.ParseUint(string(et), 10, 64)
+}
diff --git a/vendor/github.com/cilium/ebpf/link/platform.go b/vendor/github.com/cilium/ebpf/link/platform.go
new file mode 100644
index 0000000000000..eb6f7b7a37690
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/platform.go
@@ -0,0 +1,25 @@
+package link
+
+import (
+	"fmt"
+	"runtime"
+)
+
+func platformPrefix(symbol string) string {
+
+	prefix := runtime.GOARCH
+
+	// per https://github.com/golang/go/blob/master/src/go/build/syslist.go
+	switch prefix {
+	case "386":
+		prefix = "ia32"
+	case "amd64", "amd64p32":
+		prefix = "x64"
+	case "arm64", "arm64be":
+		prefix = "arm64"
+	default:
+		return symbol
+	}
+
+	return fmt.Sprintf("__%s_%s", prefix, symbol)
+}
diff --git a/vendor/github.com/cilium/ebpf/link/program.go b/vendor/github.com/cilium/ebpf/link/program.go
new file mode 100644
index 0000000000000..b90c4574676e8
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/program.go
@@ -0,0 +1,76 @@
+package link
+
+import (
+	"fmt"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/internal"
+)
+
+type RawAttachProgramOptions struct {
+	// File descriptor to attach to. This differs for each attach type.
+	Target int
+	// Program to attach.
+	Program *ebpf.Program
+	// Program to replace (cgroups).
+	Replace *ebpf.Program
+	// Attach must match the attach type of Program (and Replace).
+	Attach ebpf.AttachType
+	// Flags control the attach behaviour. This differs for each attach type.
+	Flags uint32
+}
+
+// RawAttachProgram is a low level wrapper around BPF_PROG_ATTACH.
+//
+// You should use one of the higher level abstractions available in this
+// package if possible.
+func RawAttachProgram(opts RawAttachProgramOptions) error {
+	if err := haveProgAttach(); err != nil {
+		return err
+	}
+
+	var replaceFd uint32
+	if opts.Replace != nil {
+		replaceFd = uint32(opts.Replace.FD())
+	}
+
+	attr := internal.BPFProgAttachAttr{
+		TargetFd:     uint32(opts.Target),
+		AttachBpfFd:  uint32(opts.Program.FD()),
+		ReplaceBpfFd: replaceFd,
+		AttachType:   uint32(opts.Attach),
+		AttachFlags:  uint32(opts.Flags),
+	}
+
+	if err := internal.BPFProgAttach(&attr); err != nil {
+		return fmt.Errorf("can't attach program: %w", err)
+	}
+	return nil
+}
+
+type RawDetachProgramOptions struct {
+	Target  int
+	Program *ebpf.Program
+	Attach  ebpf.AttachType
+}
+
+// RawDetachProgram is a low level wrapper around BPF_PROG_DETACH.
+//
+// You should use one of the higher level abstractions available in this
+// package if possible.
+func RawDetachProgram(opts RawDetachProgramOptions) error {
+	if err := haveProgAttach(); err != nil {
+		return err
+	}
+
+	attr := internal.BPFProgDetachAttr{
+		TargetFd:    uint32(opts.Target),
+		AttachBpfFd: uint32(opts.Program.FD()),
+		AttachType:  uint32(opts.Attach),
+	}
+	if err := internal.BPFProgDetach(&attr); err != nil {
+		return fmt.Errorf("can't detach program: %w", err)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/cilium/ebpf/link/raw_tracepoint.go b/vendor/github.com/cilium/ebpf/link/raw_tracepoint.go
new file mode 100644
index 0000000000000..f4beb1e07863f
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/raw_tracepoint.go
@@ -0,0 +1,61 @@
+package link
+
+import (
+	"fmt"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/internal"
+)
+
+type RawTracepointOptions struct {
+	// Tracepoint name.
+	Name string
+	// Program must be of type RawTracepoint*
+	Program *ebpf.Program
+}
+
+// AttachRawTracepoint links a BPF program to a raw_tracepoint.
+//
+// Requires at least Linux 4.17.
+func AttachRawTracepoint(opts RawTracepointOptions) (Link, error) {
+	if t := opts.Program.Type(); t != ebpf.RawTracepoint && t != ebpf.RawTracepointWritable {
+		return nil, fmt.Errorf("invalid program type %s, expected RawTracepoint(Writable)", t)
+	}
+	if opts.Program.FD() < 0 {
+		return nil, fmt.Errorf("invalid program: %w", internal.ErrClosedFd)
+	}
+
+	fd, err := bpfRawTracepointOpen(&bpfRawTracepointOpenAttr{
+		name: internal.NewStringPointer(opts.Name),
+		fd:   uint32(opts.Program.FD()),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &progAttachRawTracepoint{fd: fd}, nil
+}
+
+type progAttachRawTracepoint struct {
+	fd *internal.FD
+}
+
+var _ Link = (*progAttachRawTracepoint)(nil)
+
+func (rt *progAttachRawTracepoint) isLink() {}
+
+func (rt *progAttachRawTracepoint) Close() error {
+	return rt.fd.Close()
+}
+
+func (rt *progAttachRawTracepoint) Update(_ *ebpf.Program) error {
+	return fmt.Errorf("can't update raw_tracepoint: %w", ErrNotSupported)
+}
+
+func (rt *progAttachRawTracepoint) Pin(_ string) error {
+	return fmt.Errorf("can't pin raw_tracepoint: %w", ErrNotSupported)
+}
+
+func (rt *progAttachRawTracepoint) Unpin() error {
+	return fmt.Errorf("unpin raw_tracepoint: %w", ErrNotSupported)
+}
diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go
new file mode 100644
index 0000000000000..30e8a88050723
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/syscalls.go
@@ -0,0 +1,190 @@
+package link
+
+import (
+	"errors"
+	"unsafe"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/asm"
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// Type is the kind of link.
+type Type uint32
+
+// Valid link types.
+//
+// Equivalent to enum bpf_link_type.
+const (
+	UnspecifiedType Type = iota
+	RawTracepointType
+	TracingType
+	CgroupType
+	IterType
+	NetNsType
+	XDPType
+)
+
+var haveProgAttach = internal.FeatureTest("BPF_PROG_ATTACH", "4.10", func() error {
+	prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
+		Type:       ebpf.CGroupSKB,
+		AttachType: ebpf.AttachCGroupInetIngress,
+		License:    "MIT",
+		Instructions: asm.Instructions{
+			asm.Mov.Imm(asm.R0, 0),
+			asm.Return(),
+		},
+	})
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+
+	// BPF_PROG_ATTACH was introduced at the same time as CGgroupSKB,
+	// so being able to load the program is enough to infer that we
+	// have the syscall.
+	prog.Close()
+	return nil
+})
+
+var haveProgAttachReplace = internal.FeatureTest("BPF_PROG_ATTACH atomic replacement", "5.5", func() error {
+	if err := haveProgAttach(); err != nil {
+		return err
+	}
+
+	prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
+		Type:       ebpf.CGroupSKB,
+		AttachType: ebpf.AttachCGroupInetIngress,
+		License:    "MIT",
+		Instructions: asm.Instructions{
+			asm.Mov.Imm(asm.R0, 0),
+			asm.Return(),
+		},
+	})
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+	defer prog.Close()
+
+	// We know that we have BPF_PROG_ATTACH since we can load CGroupSKB programs.
+	// If passing BPF_F_REPLACE gives us EINVAL we know that the feature isn't
+	// present.
+	attr := internal.BPFProgAttachAttr{
+		// We rely on this being checked after attachFlags.
+		TargetFd:    ^uint32(0),
+		AttachBpfFd: uint32(prog.FD()),
+		AttachType:  uint32(ebpf.AttachCGroupInetIngress),
+		AttachFlags: uint32(flagReplace),
+	}
+
+	err = internal.BPFProgAttach(&attr)
+	if errors.Is(err, unix.EINVAL) {
+		return internal.ErrNotSupported
+	}
+	if errors.Is(err, unix.EBADF) {
+		return nil
+	}
+	return err
+})
+
+type bpfLinkCreateAttr struct {
+	progFd     uint32
+	targetFd   uint32
+	attachType ebpf.AttachType
+	flags      uint32
+}
+
+func bpfLinkCreate(attr *bpfLinkCreateAttr) (*internal.FD, error) {
+	ptr, err := internal.BPF(internal.BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	if err != nil {
+		return nil, err
+	}
+	return internal.NewFD(uint32(ptr)), nil
+}
+
+type bpfLinkCreateIterAttr struct {
+	prog_fd       uint32
+	target_fd     uint32
+	attach_type   ebpf.AttachType
+	flags         uint32
+	iter_info     internal.Pointer
+	iter_info_len uint32
+}
+
+func bpfLinkCreateIter(attr *bpfLinkCreateIterAttr) (*internal.FD, error) {
+	ptr, err := internal.BPF(internal.BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	if err != nil {
+		return nil, err
+	}
+	return internal.NewFD(uint32(ptr)), nil
+}
+
+type bpfLinkUpdateAttr struct {
+	linkFd    uint32
+	newProgFd uint32
+	flags     uint32
+	oldProgFd uint32
+}
+
+func bpfLinkUpdate(attr *bpfLinkUpdateAttr) error {
+	_, err := internal.BPF(internal.BPF_LINK_UPDATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	return err
+}
+
+var haveBPFLink = internal.FeatureTest("bpf_link", "5.7", func() error {
+	prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
+		Type:       ebpf.CGroupSKB,
+		AttachType: ebpf.AttachCGroupInetIngress,
+		License:    "MIT",
+		Instructions: asm.Instructions{
+			asm.Mov.Imm(asm.R0, 0),
+			asm.Return(),
+		},
+	})
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+	defer prog.Close()
+
+	attr := bpfLinkCreateAttr{
+		// This is a hopefully invalid file descriptor, which triggers EBADF.
+		targetFd:   ^uint32(0),
+		progFd:     uint32(prog.FD()),
+		attachType: ebpf.AttachCGroupInetIngress,
+	}
+	_, err = bpfLinkCreate(&attr)
+	if errors.Is(err, unix.EINVAL) {
+		return internal.ErrNotSupported
+	}
+	if errors.Is(err, unix.EBADF) {
+		return nil
+	}
+	return err
+})
+
+type bpfIterCreateAttr struct {
+	linkFd uint32
+	flags  uint32
+}
+
+func bpfIterCreate(attr *bpfIterCreateAttr) (*internal.FD, error) {
+	ptr, err := internal.BPF(internal.BPF_ITER_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	if err == nil {
+		return internal.NewFD(uint32(ptr)), nil
+	}
+	return nil, err
+}
+
+type bpfRawTracepointOpenAttr struct {
+	name internal.Pointer
+	fd   uint32
+	_    uint32
+}
+
+func bpfRawTracepointOpen(attr *bpfRawTracepointOpenAttr) (*internal.FD, error) {
+	ptr, err := internal.BPF(internal.BPF_RAW_TRACEPOINT_OPEN, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	if err == nil {
+		return internal.NewFD(uint32(ptr)), nil
+	}
+	return nil, err
+}
diff --git a/vendor/github.com/cilium/ebpf/link/tracepoint.go b/vendor/github.com/cilium/ebpf/link/tracepoint.go
new file mode 100644
index 0000000000000..b8ae04bf0a058
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/tracepoint.go
@@ -0,0 +1,56 @@
+package link
+
+import (
+	"fmt"
+
+	"github.com/cilium/ebpf"
+)
+
+// Tracepoint attaches the given eBPF program to the tracepoint with the given
+// group and name. See /sys/kernel/debug/tracing/events to find available
+// tracepoints. The top-level directory is the group, the event's subdirectory
+// is the name. Example:
+//
+//	Tracepoint("syscalls", "sys_enter_fork", prog)
+//
+// Note that attaching eBPF programs to syscalls (sys_enter_*/sys_exit_*) is
+// only possible as of kernel 4.14 (commit cf5f5ce).
+func Tracepoint(group, name string, prog *ebpf.Program) (Link, error) {
+	if group == "" || name == "" {
+		return nil, fmt.Errorf("group and name cannot be empty: %w", errInvalidInput)
+	}
+	if prog == nil {
+		return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput)
+	}
+	if !rgxTraceEvent.MatchString(group) || !rgxTraceEvent.MatchString(name) {
+		return nil, fmt.Errorf("group and name '%s/%s' must be alphanumeric or underscore: %w", group, name, errInvalidInput)
+	}
+	if prog.Type() != ebpf.TracePoint {
+		return nil, fmt.Errorf("eBPF program type %s is not a Tracepoint: %w", prog.Type(), errInvalidInput)
+	}
+
+	tid, err := getTraceEventID(group, name)
+	if err != nil {
+		return nil, err
+	}
+
+	fd, err := openTracepointPerfEvent(tid)
+	if err != nil {
+		return nil, err
+	}
+
+	pe := &perfEvent{
+		fd:        fd,
+		tracefsID: tid,
+		group:     group,
+		name:      name,
+		typ:       tracepointEvent,
+	}
+
+	if err := pe.attach(prog); err != nil {
+		pe.Close()
+		return nil, err
+	}
+
+	return pe, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go
new file mode 100644
index 0000000000000..2bc395ee3cd2e
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/link/uprobe.go
@@ -0,0 +1,237 @@
+package link
+
+import (
+	"debug/elf"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+	"sync"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/internal"
+)
+
+var (
+	uprobeEventsPath = filepath.Join(tracefsPath, "uprobe_events")
+
+	// rgxUprobeSymbol is used to strip invalid characters from the uprobe symbol
+	// as they are not allowed to be used as the EVENT token in tracefs.
+	rgxUprobeSymbol = regexp.MustCompile("[^a-zA-Z0-9]+")
+
+	uprobeRetprobeBit = struct {
+		once  sync.Once
+		value uint64
+		err   error
+	}{}
+)
+
+// Executable defines an executable program on the filesystem.
+type Executable struct {
+	// Path of the executable on the filesystem.
+	path string
+	// Parsed ELF symbols and dynamic symbols.
+	symbols map[string]elf.Symbol
+}
+
+// UprobeOptions defines additional parameters that will be used
+// when loading Uprobes.
+type UprobeOptions struct {
+	// Symbol offset. Must be provided in case of external symbols (shared libs).
+	// If set, overrides the offset eventually parsed from the executable.
+	Offset uint64
+}
+
+// To open a new Executable, use:
+//
+//	OpenExecutable("/bin/bash")
+//
+// The returned value can then be used to open Uprobe(s).
+func OpenExecutable(path string) (*Executable, error) {
+	if path == "" {
+		return nil, fmt.Errorf("path cannot be empty")
+	}
+
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, fmt.Errorf("open file '%s': %w", path, err)
+	}
+	defer f.Close()
+
+	se, err := internal.NewSafeELFFile(f)
+	if err != nil {
+		return nil, fmt.Errorf("parse ELF file: %w", err)
+	}
+
+	var ex = Executable{
+		path:    path,
+		symbols: make(map[string]elf.Symbol),
+	}
+	if err := ex.addSymbols(se.Symbols); err != nil {
+		return nil, err
+	}
+
+	if err := ex.addSymbols(se.DynamicSymbols); err != nil {
+		return nil, err
+	}
+
+	return &ex, nil
+}
+
+func (ex *Executable) addSymbols(f func() ([]elf.Symbol, error)) error {
+	// elf.Symbols and elf.DynamicSymbols return ErrNoSymbols if the section is not found.
+	syms, err := f()
+	if err != nil && !errors.Is(err, elf.ErrNoSymbols) {
+		return err
+	}
+	for _, s := range syms {
+		if elf.ST_TYPE(s.Info) != elf.STT_FUNC {
+			// Symbol not associated with a function or other executable code.
+			continue
+		}
+		ex.symbols[s.Name] = s
+	}
+	return nil
+}
+
+func (ex *Executable) symbol(symbol string) (*elf.Symbol, error) {
+	if s, ok := ex.symbols[symbol]; ok {
+		return &s, nil
+	}
+	return nil, fmt.Errorf("symbol %s not found", symbol)
+}
+
+// Uprobe attaches the given eBPF program to a perf event that fires when the
+// given symbol starts executing in the given Executable.
+// For example, /bin/bash::main():
+//
+//  ex, _ = OpenExecutable("/bin/bash")
+//  ex.Uprobe("main", prog, nil)
+//
+// When using symbols which belongs to shared libraries,
+// an offset must be provided via options:
+//
+//  ex.Uprobe("main", prog, &UprobeOptions{Offset: 0x123})
+//
+// The resulting Link must be Closed during program shutdown to avoid leaking
+// system resources. Functions provided by shared libraries can currently not
+// be traced and will result in an ErrNotSupported.
+func (ex *Executable) Uprobe(symbol string, prog *ebpf.Program, opts *UprobeOptions) (Link, error) {
+	u, err := ex.uprobe(symbol, prog, opts, false)
+	if err != nil {
+		return nil, err
+	}
+
+	err = u.attach(prog)
+	if err != nil {
+		u.Close()
+		return nil, err
+	}
+
+	return u, nil
+}
+
+// Uretprobe attaches the given eBPF program to a perf event that fires right
+// before the given symbol exits. For example, /bin/bash::main():
+//
+//  ex, _ = OpenExecutable("/bin/bash")
+//  ex.Uretprobe("main", prog, nil)
+//
+// When using symbols which belongs to shared libraries,
+// an offset must be provided via options:
+//
+//  ex.Uretprobe("main", prog, &UprobeOptions{Offset: 0x123})
+//
+// The resulting Link must be Closed during program shutdown to avoid leaking
+// system resources. Functions provided by shared libraries can currently not
+// be traced and will result in an ErrNotSupported.
+func (ex *Executable) Uretprobe(symbol string, prog *ebpf.Program, opts *UprobeOptions) (Link, error) {
+	u, err := ex.uprobe(symbol, prog, opts, true)
+	if err != nil {
+		return nil, err
+	}
+
+	err = u.attach(prog)
+	if err != nil {
+		u.Close()
+		return nil, err
+	}
+
+	return u, nil
+}
+
+// uprobe opens a perf event for the given binary/symbol and attaches prog to it.
+// If ret is true, create a uretprobe.
+func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOptions, ret bool) (*perfEvent, error) {
+	if prog == nil {
+		return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput)
+	}
+	if prog.Type() != ebpf.Kprobe {
+		return nil, fmt.Errorf("eBPF program type %s is not Kprobe: %w", prog.Type(), errInvalidInput)
+	}
+
+	var offset uint64
+	if opts != nil && opts.Offset != 0 {
+		offset = opts.Offset
+	} else {
+		sym, err := ex.symbol(symbol)
+		if err != nil {
+			return nil, fmt.Errorf("symbol '%s' not found: %w", symbol, err)
+		}
+
+		// Symbols with location 0 from section undef are shared library calls and
+		// are relocated before the binary is executed. Dynamic linking is not
+		// implemented by the library, so mark this as unsupported for now.
+		if sym.Section == elf.SHN_UNDEF && sym.Value == 0 {
+			return nil, fmt.Errorf("cannot resolve %s library call '%s', "+
+				"consider providing the offset via options: %w", ex.path, symbol, ErrNotSupported)
+		}
+
+		offset = sym.Value
+	}
+
+	// Use uprobe PMU if the kernel has it available.
+	tp, err := pmuUprobe(symbol, ex.path, offset, ret)
+	if err == nil {
+		return tp, nil
+	}
+	if err != nil && !errors.Is(err, ErrNotSupported) {
+		return nil, fmt.Errorf("creating perf_uprobe PMU: %w", err)
+	}
+
+	// Use tracefs if uprobe PMU is missing.
+	tp, err = tracefsUprobe(uprobeSanitizedSymbol(symbol), ex.path, offset, ret)
+	if err != nil {
+		return nil, fmt.Errorf("creating trace event '%s:%s' in tracefs: %w", ex.path, symbol, err)
+	}
+
+	return tp, nil
+}
+
+// pmuUprobe opens a perf event based on the uprobe PMU.
+func pmuUprobe(symbol, path string, offset uint64, ret bool) (*perfEvent, error) {
+	return pmuProbe(uprobeType, symbol, path, offset, ret)
+}
+
+// tracefsUprobe creates a Uprobe tracefs entry.
+func tracefsUprobe(symbol, path string, offset uint64, ret bool) (*perfEvent, error) {
+	return tracefsProbe(uprobeType, symbol, path, offset, ret)
+}
+
+// uprobeSanitizedSymbol replaces every invalid characted for the tracefs api with an underscore.
+func uprobeSanitizedSymbol(symbol string) string {
+	return rgxUprobeSymbol.ReplaceAllString(symbol, "_")
+}
+
+// uprobePathOffset creates the PATH:OFFSET token for the tracefs api.
+func uprobePathOffset(path string, offset uint64) string {
+	return fmt.Sprintf("%s:%#x", path, offset)
+}
+
+func uretprobeBit() (uint64, error) {
+	uprobeRetprobeBit.once.Do(func() {
+		uprobeRetprobeBit.value, uprobeRetprobeBit.err = determineRetprobeBit(uprobeType)
+	})
+	return uprobeRetprobeBit.value, uprobeRetprobeBit.err
+}
diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go
new file mode 100644
index 0000000000000..6c2efef9e42c8
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/linker.go
@@ -0,0 +1,140 @@
+package ebpf
+
+import (
+	"fmt"
+
+	"github.com/cilium/ebpf/asm"
+	"github.com/cilium/ebpf/internal/btf"
+)
+
+// link resolves bpf-to-bpf calls.
+//
+// Each library may contain multiple functions / labels, and is only linked
+// if prog references one of these functions.
+//
+// Libraries also linked.
+func link(prog *ProgramSpec, libs []*ProgramSpec) error {
+	var (
+		linked  = make(map[*ProgramSpec]bool)
+		pending = []asm.Instructions{prog.Instructions}
+		insns   asm.Instructions
+	)
+	for len(pending) > 0 {
+		insns, pending = pending[0], pending[1:]
+		for _, lib := range libs {
+			if linked[lib] {
+				continue
+			}
+
+			needed, err := needSection(insns, lib.Instructions)
+			if err != nil {
+				return fmt.Errorf("linking %s: %w", lib.Name, err)
+			}
+
+			if !needed {
+				continue
+			}
+
+			linked[lib] = true
+			prog.Instructions = append(prog.Instructions, lib.Instructions...)
+			pending = append(pending, lib.Instructions)
+
+			if prog.BTF != nil && lib.BTF != nil {
+				if err := btf.ProgramAppend(prog.BTF, lib.BTF); err != nil {
+					return fmt.Errorf("linking BTF of %s: %w", lib.Name, err)
+				}
+			}
+		}
+	}
+
+	return nil
+}
+
+func needSection(insns, section asm.Instructions) (bool, error) {
+	// A map of symbols to the libraries which contain them.
+	symbols, err := section.SymbolOffsets()
+	if err != nil {
+		return false, err
+	}
+
+	for _, ins := range insns {
+		if ins.Reference == "" {
+			continue
+		}
+
+		if ins.OpCode.JumpOp() != asm.Call || ins.Src != asm.PseudoCall {
+			continue
+		}
+
+		if ins.Constant != -1 {
+			// This is already a valid call, no need to link again.
+			continue
+		}
+
+		if _, ok := symbols[ins.Reference]; !ok {
+			// Symbol isn't available in this section
+			continue
+		}
+
+		// At this point we know that at least one function in the
+		// library is called from insns, so we have to link it.
+		return true, nil
+	}
+
+	// None of the functions in the section are called.
+	return false, nil
+}
+
+func fixupJumpsAndCalls(insns asm.Instructions) error {
+	symbolOffsets := make(map[string]asm.RawInstructionOffset)
+	iter := insns.Iterate()
+	for iter.Next() {
+		ins := iter.Ins
+
+		if ins.Symbol == "" {
+			continue
+		}
+
+		if _, ok := symbolOffsets[ins.Symbol]; ok {
+			return fmt.Errorf("duplicate symbol %s", ins.Symbol)
+		}
+
+		symbolOffsets[ins.Symbol] = iter.Offset
+	}
+
+	iter = insns.Iterate()
+	for iter.Next() {
+		i := iter.Index
+		offset := iter.Offset
+		ins := iter.Ins
+
+		if ins.Reference == "" {
+			continue
+		}
+
+		switch {
+		case ins.IsFunctionCall() && ins.Constant == -1:
+			// Rewrite bpf to bpf call
+			callOffset, ok := symbolOffsets[ins.Reference]
+			if !ok {
+				return fmt.Errorf("call at %d: reference to missing symbol %q", i, ins.Reference)
+			}
+
+			ins.Constant = int64(callOffset - offset - 1)
+
+		case ins.OpCode.Class() == asm.JumpClass && ins.Offset == -1:
+			// Rewrite jump to label
+			jumpOffset, ok := symbolOffsets[ins.Reference]
+			if !ok {
+				return fmt.Errorf("jump at %d: reference to missing symbol %q", i, ins.Reference)
+			}
+
+			ins.Offset = int16(jumpOffset - offset - 1)
+
+		case ins.IsLoadFromMap() && ins.MapPtr() == -1:
+			return fmt.Errorf("map %s: %w", ins.Reference, errUnsatisfiedReference)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go
new file mode 100644
index 0000000000000..f257d88c03e3c
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/map.go
@@ -0,0 +1,1232 @@
+package ebpf
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"path/filepath"
+	"reflect"
+	"strings"
+
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/btf"
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// Errors returned by Map and MapIterator methods.
+var (
+	ErrKeyNotExist      = errors.New("key does not exist")
+	ErrKeyExist         = errors.New("key already exists")
+	ErrIterationAborted = errors.New("iteration aborted")
+	ErrMapIncompatible  = errors.New("map's spec is incompatible with pinned map")
+)
+
+// MapOptions control loading a map into the kernel.
+type MapOptions struct {
+	// The base path to pin maps in if requested via PinByName.
+	// Existing maps will be re-used if they are compatible, otherwise an
+	// error is returned.
+	PinPath        string
+	LoadPinOptions LoadPinOptions
+}
+
+// MapID represents the unique ID of an eBPF map
+type MapID uint32
+
+// MapSpec defines a Map.
+type MapSpec struct {
+	// Name is passed to the kernel as a debug aid. Must only contain
+	// alpha numeric and '_' characters.
+	Name       string
+	Type       MapType
+	KeySize    uint32
+	ValueSize  uint32
+	MaxEntries uint32
+
+	// Flags is passed to the kernel and specifies additional map
+	// creation attributes.
+	Flags uint32
+
+	// Automatically pin and load a map from MapOptions.PinPath.
+	// Generates an error if an existing pinned map is incompatible with the MapSpec.
+	Pinning PinType
+
+	// Specify numa node during map creation
+	// (effective only if unix.BPF_F_NUMA_NODE flag is set,
+	// which can be imported from golang.org/x/sys/unix)
+	NumaNode uint32
+
+	// The initial contents of the map. May be nil.
+	Contents []MapKV
+
+	// Whether to freeze a map after setting its initial contents.
+	Freeze bool
+
+	// InnerMap is used as a template for ArrayOfMaps and HashOfMaps
+	InnerMap *MapSpec
+
+	// The BTF associated with this map.
+	BTF *btf.Map
+}
+
+func (ms *MapSpec) String() string {
+	return fmt.Sprintf("%s(keySize=%d, valueSize=%d, maxEntries=%d, flags=%d)", ms.Type, ms.KeySize, ms.ValueSize, ms.MaxEntries, ms.Flags)
+}
+
+// Copy returns a copy of the spec.
+//
+// MapSpec.Contents is a shallow copy.
+func (ms *MapSpec) Copy() *MapSpec {
+	if ms == nil {
+		return nil
+	}
+
+	cpy := *ms
+	cpy.Contents = make([]MapKV, len(ms.Contents))
+	copy(cpy.Contents, ms.Contents)
+	cpy.InnerMap = ms.InnerMap.Copy()
+	return &cpy
+}
+
+func (ms *MapSpec) clampPerfEventArraySize() error {
+	if ms.Type != PerfEventArray {
+		return nil
+	}
+
+	n, err := internal.PossibleCPUs()
+	if err != nil {
+		return fmt.Errorf("perf event array: %w", err)
+	}
+
+	if n := uint32(n); ms.MaxEntries > n {
+		ms.MaxEntries = n
+	}
+
+	return nil
+}
+
+// MapKV is used to initialize the contents of a Map.
+type MapKV struct {
+	Key   interface{}
+	Value interface{}
+}
+
+func (ms *MapSpec) checkCompatibility(m *Map) error {
+	switch {
+	case m.typ != ms.Type:
+		return fmt.Errorf("expected type %v, got %v: %w", ms.Type, m.typ, ErrMapIncompatible)
+
+	case m.keySize != ms.KeySize:
+		return fmt.Errorf("expected key size %v, got %v: %w", ms.KeySize, m.keySize, ErrMapIncompatible)
+
+	case m.valueSize != ms.ValueSize:
+		return fmt.Errorf("expected value size %v, got %v: %w", ms.ValueSize, m.valueSize, ErrMapIncompatible)
+
+	case m.maxEntries != ms.MaxEntries:
+		return fmt.Errorf("expected max entries %v, got %v: %w", ms.MaxEntries, m.maxEntries, ErrMapIncompatible)
+
+	case m.flags != ms.Flags:
+		return fmt.Errorf("expected flags %v, got %v: %w", ms.Flags, m.flags, ErrMapIncompatible)
+	}
+	return nil
+}
+
+// Map represents a Map file descriptor.
+//
+// It is not safe to close a map which is used by other goroutines.
+//
+// Methods which take interface{} arguments by default encode
+// them using binary.Read/Write in the machine's native endianness.
+//
+// Implement encoding.BinaryMarshaler or encoding.BinaryUnmarshaler
+// if you require custom encoding.
+type Map struct {
+	name       string
+	fd         *internal.FD
+	typ        MapType
+	keySize    uint32
+	valueSize  uint32
+	maxEntries uint32
+	flags      uint32
+	pinnedPath string
+	// Per CPU maps return values larger than the size in the spec
+	fullValueSize int
+}
+
+// NewMapFromFD creates a map from a raw fd.
+//
+// You should not use fd after calling this function.
+func NewMapFromFD(fd int) (*Map, error) {
+	if fd < 0 {
+		return nil, errors.New("invalid fd")
+	}
+
+	return newMapFromFD(internal.NewFD(uint32(fd)))
+}
+
+func newMapFromFD(fd *internal.FD) (*Map, error) {
+	info, err := newMapInfoFromFd(fd)
+	if err != nil {
+		fd.Close()
+		return nil, fmt.Errorf("get map info: %s", err)
+	}
+
+	return newMap(fd, info.Name, info.Type, info.KeySize, info.ValueSize, info.MaxEntries, info.Flags)
+}
+
+// NewMap creates a new Map.
+//
+// It's equivalent to calling NewMapWithOptions with default options.
+func NewMap(spec *MapSpec) (*Map, error) {
+	return NewMapWithOptions(spec, MapOptions{})
+}
+
+// NewMapWithOptions creates a new Map.
+//
+// Creating a map for the first time will perform feature detection
+// by creating small, temporary maps.
+//
+// The caller is responsible for ensuring the process' rlimit is set
+// sufficiently high for locking memory during map creation. This can be done
+// by calling unix.Setrlimit with unix.RLIMIT_MEMLOCK prior to calling NewMapWithOptions.
+//
+// May return an error wrapping ErrMapIncompatible.
+func NewMapWithOptions(spec *MapSpec, opts MapOptions) (*Map, error) {
+	handles := newHandleCache()
+	defer handles.close()
+
+	return newMapWithOptions(spec, opts, handles)
+}
+
+func newMapWithOptions(spec *MapSpec, opts MapOptions, handles *handleCache) (_ *Map, err error) {
+	closeOnError := func(c io.Closer) {
+		if err != nil {
+			c.Close()
+		}
+	}
+
+	switch spec.Pinning {
+	case PinByName:
+		if spec.Name == "" || opts.PinPath == "" {
+			return nil, fmt.Errorf("pin by name: missing Name or PinPath")
+		}
+
+		path := filepath.Join(opts.PinPath, spec.Name)
+		m, err := LoadPinnedMap(path, &opts.LoadPinOptions)
+		if errors.Is(err, unix.ENOENT) {
+			break
+		}
+		if err != nil {
+			return nil, fmt.Errorf("load pinned map: %w", err)
+		}
+		defer closeOnError(m)
+
+		if err := spec.checkCompatibility(m); err != nil {
+			return nil, fmt.Errorf("use pinned map %s: %w", spec.Name, err)
+		}
+
+		return m, nil
+
+	case PinNone:
+		// Nothing to do here
+
+	default:
+		return nil, fmt.Errorf("pin type %d: %w", int(spec.Pinning), ErrNotSupported)
+	}
+
+	var innerFd *internal.FD
+	if spec.Type == ArrayOfMaps || spec.Type == HashOfMaps {
+		if spec.InnerMap == nil {
+			return nil, fmt.Errorf("%s requires InnerMap", spec.Type)
+		}
+
+		if spec.InnerMap.Pinning != PinNone {
+			return nil, errors.New("inner maps cannot be pinned")
+		}
+
+		template, err := createMap(spec.InnerMap, nil, opts, handles)
+		if err != nil {
+			return nil, err
+		}
+		defer template.Close()
+
+		innerFd = template.fd
+	}
+
+	m, err := createMap(spec, innerFd, opts, handles)
+	if err != nil {
+		return nil, err
+	}
+	defer closeOnError(m)
+
+	if spec.Pinning == PinByName {
+		path := filepath.Join(opts.PinPath, spec.Name)
+		if err := m.Pin(path); err != nil {
+			return nil, fmt.Errorf("pin map: %s", err)
+		}
+	}
+
+	return m, nil
+}
+
+func createMap(spec *MapSpec, inner *internal.FD, opts MapOptions, handles *handleCache) (_ *Map, err error) {
+	closeOnError := func(closer io.Closer) {
+		if err != nil {
+			closer.Close()
+		}
+	}
+
+	spec = spec.Copy()
+
+	switch spec.Type {
+	case ArrayOfMaps:
+		fallthrough
+	case HashOfMaps:
+		if err := haveNestedMaps(); err != nil {
+			return nil, err
+		}
+
+		if spec.ValueSize != 0 && spec.ValueSize != 4 {
+			return nil, errors.New("ValueSize must be zero or four for map of map")
+		}
+		spec.ValueSize = 4
+
+	case PerfEventArray:
+		if spec.KeySize != 0 && spec.KeySize != 4 {
+			return nil, errors.New("KeySize must be zero or four for perf event array")
+		}
+		spec.KeySize = 4
+
+		if spec.ValueSize != 0 && spec.ValueSize != 4 {
+			return nil, errors.New("ValueSize must be zero or four for perf event array")
+		}
+		spec.ValueSize = 4
+
+		if spec.MaxEntries == 0 {
+			n, err := internal.PossibleCPUs()
+			if err != nil {
+				return nil, fmt.Errorf("perf event array: %w", err)
+			}
+			spec.MaxEntries = uint32(n)
+		}
+	}
+
+	if spec.Flags&(unix.BPF_F_RDONLY_PROG|unix.BPF_F_WRONLY_PROG) > 0 || spec.Freeze {
+		if err := haveMapMutabilityModifiers(); err != nil {
+			return nil, fmt.Errorf("map create: %w", err)
+		}
+	}
+	if spec.Flags&unix.BPF_F_MMAPABLE > 0 {
+		if err := haveMmapableMaps(); err != nil {
+			return nil, fmt.Errorf("map create: %w", err)
+		}
+	}
+	if spec.Flags&unix.BPF_F_INNER_MAP > 0 {
+		if err := haveInnerMaps(); err != nil {
+			return nil, fmt.Errorf("map create: %w", err)
+		}
+	}
+
+	attr := internal.BPFMapCreateAttr{
+		MapType:    uint32(spec.Type),
+		KeySize:    spec.KeySize,
+		ValueSize:  spec.ValueSize,
+		MaxEntries: spec.MaxEntries,
+		Flags:      spec.Flags,
+		NumaNode:   spec.NumaNode,
+	}
+
+	if inner != nil {
+		var err error
+		attr.InnerMapFd, err = inner.Value()
+		if err != nil {
+			return nil, fmt.Errorf("map create: %w", err)
+		}
+	}
+
+	if haveObjName() == nil {
+		attr.MapName = internal.NewBPFObjName(spec.Name)
+	}
+
+	var btfDisabled bool
+	if spec.BTF != nil {
+		handle, err := handles.btfHandle(btf.MapSpec(spec.BTF))
+		btfDisabled = errors.Is(err, btf.ErrNotSupported)
+		if err != nil && !btfDisabled {
+			return nil, fmt.Errorf("load BTF: %w", err)
+		}
+
+		if handle != nil {
+			attr.BTFFd = uint32(handle.FD())
+			attr.BTFKeyTypeID = uint32(btf.MapKey(spec.BTF).ID())
+			attr.BTFValueTypeID = uint32(btf.MapValue(spec.BTF).ID())
+		}
+	}
+
+	fd, err := internal.BPFMapCreate(&attr)
+	if err != nil {
+		if errors.Is(err, unix.EPERM) {
+			return nil, fmt.Errorf("map create: RLIMIT_MEMLOCK may be too low: %w", err)
+		}
+		if btfDisabled {
+			return nil, fmt.Errorf("map create without BTF: %w", err)
+		}
+		return nil, fmt.Errorf("map create: %w", err)
+	}
+	defer closeOnError(fd)
+
+	m, err := newMap(fd, spec.Name, spec.Type, spec.KeySize, spec.ValueSize, spec.MaxEntries, spec.Flags)
+	if err != nil {
+		return nil, fmt.Errorf("map create: %w", err)
+	}
+
+	if err := m.populate(spec.Contents); err != nil {
+		return nil, fmt.Errorf("map create: can't set initial contents: %w", err)
+	}
+
+	if spec.Freeze {
+		if err := m.Freeze(); err != nil {
+			return nil, fmt.Errorf("can't freeze map: %w", err)
+		}
+	}
+
+	return m, nil
+}
+
+func newMap(fd *internal.FD, name string, typ MapType, keySize, valueSize, maxEntries, flags uint32) (*Map, error) {
+	m := &Map{
+		name,
+		fd,
+		typ,
+		keySize,
+		valueSize,
+		maxEntries,
+		flags,
+		"",
+		int(valueSize),
+	}
+
+	if !typ.hasPerCPUValue() {
+		return m, nil
+	}
+
+	possibleCPUs, err := internal.PossibleCPUs()
+	if err != nil {
+		return nil, err
+	}
+
+	m.fullValueSize = align(int(valueSize), 8) * possibleCPUs
+	return m, nil
+}
+
+func (m *Map) String() string {
+	if m.name != "" {
+		return fmt.Sprintf("%s(%s)#%v", m.typ, m.name, m.fd)
+	}
+	return fmt.Sprintf("%s#%v", m.typ, m.fd)
+}
+
+// Type returns the underlying type of the map.
+func (m *Map) Type() MapType {
+	return m.typ
+}
+
+// KeySize returns the size of the map key in bytes.
+func (m *Map) KeySize() uint32 {
+	return m.keySize
+}
+
+// ValueSize returns the size of the map value in bytes.
+func (m *Map) ValueSize() uint32 {
+	return m.valueSize
+}
+
+// MaxEntries returns the maximum number of elements the map can hold.
+func (m *Map) MaxEntries() uint32 {
+	return m.maxEntries
+}
+
+// Flags returns the flags of the map.
+func (m *Map) Flags() uint32 {
+	return m.flags
+}
+
+// Info returns metadata about the map.
+func (m *Map) Info() (*MapInfo, error) {
+	return newMapInfoFromFd(m.fd)
+}
+
+// Lookup retrieves a value from a Map.
+//
+// Calls Close() on valueOut if it is of type **Map or **Program,
+// and *valueOut is not nil.
+//
+// Returns an error if the key doesn't exist, see ErrKeyNotExist.
+func (m *Map) Lookup(key, valueOut interface{}) error {
+	valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize)
+	if err := m.lookup(key, valuePtr); err != nil {
+		return err
+	}
+
+	return m.unmarshalValue(valueOut, valueBytes)
+}
+
+// LookupAndDelete retrieves and deletes a value from a Map.
+//
+// Returns ErrKeyNotExist if the key doesn't exist.
+func (m *Map) LookupAndDelete(key, valueOut interface{}) error {
+	valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize)
+
+	keyPtr, err := m.marshalKey(key)
+	if err != nil {
+		return fmt.Errorf("can't marshal key: %w", err)
+	}
+
+	if err := bpfMapLookupAndDelete(m.fd, keyPtr, valuePtr); err != nil {
+		return fmt.Errorf("lookup and delete failed: %w", err)
+	}
+
+	return m.unmarshalValue(valueOut, valueBytes)
+}
+
+// LookupBytes gets a value from Map.
+//
+// Returns a nil value if a key doesn't exist.
+func (m *Map) LookupBytes(key interface{}) ([]byte, error) {
+	valueBytes := make([]byte, m.fullValueSize)
+	valuePtr := internal.NewSlicePointer(valueBytes)
+
+	err := m.lookup(key, valuePtr)
+	if errors.Is(err, ErrKeyNotExist) {
+		return nil, nil
+	}
+
+	return valueBytes, err
+}
+
+func (m *Map) lookup(key interface{}, valueOut internal.Pointer) error {
+	keyPtr, err := m.marshalKey(key)
+	if err != nil {
+		return fmt.Errorf("can't marshal key: %w", err)
+	}
+
+	if err = bpfMapLookupElem(m.fd, keyPtr, valueOut); err != nil {
+		return fmt.Errorf("lookup failed: %w", err)
+	}
+	return nil
+}
+
+// MapUpdateFlags controls the behaviour of the Map.Update call.
+//
+// The exact semantics depend on the specific MapType.
+type MapUpdateFlags uint64
+
+const (
+	// UpdateAny creates a new element or update an existing one.
+	UpdateAny MapUpdateFlags = iota
+	// UpdateNoExist creates a new element.
+	UpdateNoExist MapUpdateFlags = 1 << (iota - 1)
+	// UpdateExist updates an existing element.
+	UpdateExist
+)
+
+// Put replaces or creates a value in map.
+//
+// It is equivalent to calling Update with UpdateAny.
+func (m *Map) Put(key, value interface{}) error {
+	return m.Update(key, value, UpdateAny)
+}
+
+// Update changes the value of a key.
+func (m *Map) Update(key, value interface{}, flags MapUpdateFlags) error {
+	keyPtr, err := m.marshalKey(key)
+	if err != nil {
+		return fmt.Errorf("can't marshal key: %w", err)
+	}
+
+	valuePtr, err := m.marshalValue(value)
+	if err != nil {
+		return fmt.Errorf("can't marshal value: %w", err)
+	}
+
+	if err = bpfMapUpdateElem(m.fd, keyPtr, valuePtr, uint64(flags)); err != nil {
+		return fmt.Errorf("update failed: %w", err)
+	}
+
+	return nil
+}
+
+// Delete removes a value.
+//
+// Returns ErrKeyNotExist if the key does not exist.
+func (m *Map) Delete(key interface{}) error {
+	keyPtr, err := m.marshalKey(key)
+	if err != nil {
+		return fmt.Errorf("can't marshal key: %w", err)
+	}
+
+	if err = bpfMapDeleteElem(m.fd, keyPtr); err != nil {
+		return fmt.Errorf("delete failed: %w", err)
+	}
+	return nil
+}
+
+// NextKey finds the key following an initial key.
+//
+// See NextKeyBytes for details.
+//
+// Returns ErrKeyNotExist if there is no next key.
+func (m *Map) NextKey(key, nextKeyOut interface{}) error {
+	nextKeyPtr, nextKeyBytes := makeBuffer(nextKeyOut, int(m.keySize))
+
+	if err := m.nextKey(key, nextKeyPtr); err != nil {
+		return err
+	}
+
+	if err := m.unmarshalKey(nextKeyOut, nextKeyBytes); err != nil {
+		return fmt.Errorf("can't unmarshal next key: %w", err)
+	}
+	return nil
+}
+
+// NextKeyBytes returns the key following an initial key as a byte slice.
+//
+// Passing nil will return the first key.
+//
+// Use Iterate if you want to traverse all entries in the map.
+//
+// Returns nil if there are no more keys.
+func (m *Map) NextKeyBytes(key interface{}) ([]byte, error) {
+	nextKey := make([]byte, m.keySize)
+	nextKeyPtr := internal.NewSlicePointer(nextKey)
+
+	err := m.nextKey(key, nextKeyPtr)
+	if errors.Is(err, ErrKeyNotExist) {
+		return nil, nil
+	}
+
+	return nextKey, err
+}
+
+func (m *Map) nextKey(key interface{}, nextKeyOut internal.Pointer) error {
+	var (
+		keyPtr internal.Pointer
+		err    error
+	)
+
+	if key != nil {
+		keyPtr, err = m.marshalKey(key)
+		if err != nil {
+			return fmt.Errorf("can't marshal key: %w", err)
+		}
+	}
+
+	if err = bpfMapGetNextKey(m.fd, keyPtr, nextKeyOut); err != nil {
+		return fmt.Errorf("next key failed: %w", err)
+	}
+	return nil
+}
+
+// BatchLookup looks up many elements in a map at once.
+//
+// "keysOut" and "valuesOut" must be of type slice, a pointer
+// to a slice or buffer will not work.
+// "prevKey" is the key to start the batch lookup from, it will
+// *not* be included in the results. Use nil to start at the first key.
+//
+// ErrKeyNotExist is returned when the batch lookup has reached
+// the end of all possible results, even when partial results
+// are returned. It should be used to evaluate when lookup is "done".
+func (m *Map) BatchLookup(prevKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) {
+	return m.batchLookup(internal.BPF_MAP_LOOKUP_BATCH, prevKey, nextKeyOut, keysOut, valuesOut, opts)
+}
+
+// BatchLookupAndDelete looks up many elements in a map at once,
+//
+// It then deletes all those elements.
+// "keysOut" and "valuesOut" must be of type slice, a pointer
+// to a slice or buffer will not work.
+// "prevKey" is the key to start the batch lookup from, it will
+// *not* be included in the results. Use nil to start at the first key.
+//
+// ErrKeyNotExist is returned when the batch lookup has reached
+// the end of all possible results, even when partial results
+// are returned. It should be used to evaluate when lookup is "done".
+func (m *Map) BatchLookupAndDelete(prevKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) {
+	return m.batchLookup(internal.BPF_MAP_LOOKUP_AND_DELETE_BATCH, prevKey, nextKeyOut, keysOut, valuesOut, opts)
+}
+
+func (m *Map) batchLookup(cmd internal.BPFCmd, startKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) {
+	if err := haveBatchAPI(); err != nil {
+		return 0, err
+	}
+	if m.typ.hasPerCPUValue() {
+		return 0, ErrNotSupported
+	}
+	keysValue := reflect.ValueOf(keysOut)
+	if keysValue.Kind() != reflect.Slice {
+		return 0, fmt.Errorf("keys must be a slice")
+	}
+	valuesValue := reflect.ValueOf(valuesOut)
+	if valuesValue.Kind() != reflect.Slice {
+		return 0, fmt.Errorf("valuesOut must be a slice")
+	}
+	count := keysValue.Len()
+	if count != valuesValue.Len() {
+		return 0, fmt.Errorf("keysOut and valuesOut must be the same length")
+	}
+	keyBuf := make([]byte, count*int(m.keySize))
+	keyPtr := internal.NewSlicePointer(keyBuf)
+	valueBuf := make([]byte, count*int(m.fullValueSize))
+	valuePtr := internal.NewSlicePointer(valueBuf)
+
+	var (
+		startPtr internal.Pointer
+		err      error
+		retErr   error
+	)
+	if startKey != nil {
+		startPtr, err = marshalPtr(startKey, int(m.keySize))
+		if err != nil {
+			return 0, err
+		}
+	}
+	nextPtr, nextBuf := makeBuffer(nextKeyOut, int(m.keySize))
+
+	ct, err := bpfMapBatch(cmd, m.fd, startPtr, nextPtr, keyPtr, valuePtr, uint32(count), opts)
+	if err != nil {
+		if !errors.Is(err, ErrKeyNotExist) {
+			return 0, err
+		}
+		retErr = ErrKeyNotExist
+	}
+
+	err = m.unmarshalKey(nextKeyOut, nextBuf)
+	if err != nil {
+		return 0, err
+	}
+	err = unmarshalBytes(keysOut, keyBuf)
+	if err != nil {
+		return 0, err
+	}
+	err = unmarshalBytes(valuesOut, valueBuf)
+	if err != nil {
+		retErr = err
+	}
+	return int(ct), retErr
+}
+
+// BatchUpdate updates the map with multiple keys and values
+// simultaneously.
+// "keys" and "values" must be of type slice, a pointer
+// to a slice or buffer will not work.
+func (m *Map) BatchUpdate(keys, values interface{}, opts *BatchOptions) (int, error) {
+	if err := haveBatchAPI(); err != nil {
+		return 0, err
+	}
+	if m.typ.hasPerCPUValue() {
+		return 0, ErrNotSupported
+	}
+	keysValue := reflect.ValueOf(keys)
+	if keysValue.Kind() != reflect.Slice {
+		return 0, fmt.Errorf("keys must be a slice")
+	}
+	valuesValue := reflect.ValueOf(values)
+	if valuesValue.Kind() != reflect.Slice {
+		return 0, fmt.Errorf("values must be a slice")
+	}
+	var (
+		count    = keysValue.Len()
+		valuePtr internal.Pointer
+		err      error
+	)
+	if count != valuesValue.Len() {
+		return 0, fmt.Errorf("keys and values must be the same length")
+	}
+	keyPtr, err := marshalPtr(keys, count*int(m.keySize))
+	if err != nil {
+		return 0, err
+	}
+	valuePtr, err = marshalPtr(values, count*int(m.valueSize))
+	if err != nil {
+		return 0, err
+	}
+	var nilPtr internal.Pointer
+	ct, err := bpfMapBatch(internal.BPF_MAP_UPDATE_BATCH, m.fd, nilPtr, nilPtr, keyPtr, valuePtr, uint32(count), opts)
+	return int(ct), err
+}
+
+// BatchDelete batch deletes entries in the map by keys.
+// "keys" must be of type slice, a pointer to a slice or buffer will not work.
+func (m *Map) BatchDelete(keys interface{}, opts *BatchOptions) (int, error) {
+	if err := haveBatchAPI(); err != nil {
+		return 0, err
+	}
+	if m.typ.hasPerCPUValue() {
+		return 0, ErrNotSupported
+	}
+	keysValue := reflect.ValueOf(keys)
+	if keysValue.Kind() != reflect.Slice {
+		return 0, fmt.Errorf("keys must be a slice")
+	}
+	count := keysValue.Len()
+	keyPtr, err := marshalPtr(keys, count*int(m.keySize))
+	if err != nil {
+		return 0, fmt.Errorf("cannot marshal keys: %v", err)
+	}
+	var nilPtr internal.Pointer
+	ct, err := bpfMapBatch(internal.BPF_MAP_DELETE_BATCH, m.fd, nilPtr, nilPtr, keyPtr, nilPtr, uint32(count), opts)
+	return int(ct), err
+}
+
+// Iterate traverses a map.
+//
+// It's safe to create multiple iterators at the same time.
+//
+// It's not possible to guarantee that all keys in a map will be
+// returned if there are concurrent modifications to the map.
+func (m *Map) Iterate() *MapIterator {
+	return newMapIterator(m)
+}
+
+// Close removes a Map
+func (m *Map) Close() error {
+	if m == nil {
+		// This makes it easier to clean up when iterating maps
+		// of maps / programs.
+		return nil
+	}
+
+	return m.fd.Close()
+}
+
+// FD gets the file descriptor of the Map.
+//
+// Calling this function is invalid after Close has been called.
+func (m *Map) FD() int {
+	fd, err := m.fd.Value()
+	if err != nil {
+		// Best effort: -1 is the number most likely to be an
+		// invalid file descriptor.
+		return -1
+	}
+
+	return int(fd)
+}
+
+// Clone creates a duplicate of the Map.
+//
+// Closing the duplicate does not affect the original, and vice versa.
+// Changes made to the map are reflected by both instances however.
+// If the original map was pinned, the cloned map will not be pinned by default.
+//
+// Cloning a nil Map returns nil.
+func (m *Map) Clone() (*Map, error) {
+	if m == nil {
+		return nil, nil
+	}
+
+	dup, err := m.fd.Dup()
+	if err != nil {
+		return nil, fmt.Errorf("can't clone map: %w", err)
+	}
+
+	return &Map{
+		m.name,
+		dup,
+		m.typ,
+		m.keySize,
+		m.valueSize,
+		m.maxEntries,
+		m.flags,
+		"",
+		m.fullValueSize,
+	}, nil
+}
+
+// Pin persists the map on the BPF virtual file system past the lifetime of
+// the process that created it .
+//
+// Calling Pin on a previously pinned map will overwrite the path, except when
+// the new path already exists. Re-pinning across filesystems is not supported.
+// You can Clone a map to pin it to a different path.
+//
+// This requires bpffs to be mounted above fileName. See https://docs.cilium.io/en/k8s-doc/admin/#admin-mount-bpffs
+func (m *Map) Pin(fileName string) error {
+	if err := internal.Pin(m.pinnedPath, fileName, m.fd); err != nil {
+		return err
+	}
+	m.pinnedPath = fileName
+	return nil
+}
+
+// Unpin removes the persisted state for the map from the BPF virtual filesystem.
+//
+// Failed calls to Unpin will not alter the state returned by IsPinned.
+//
+// Unpinning an unpinned Map returns nil.
+func (m *Map) Unpin() error {
+	if err := internal.Unpin(m.pinnedPath); err != nil {
+		return err
+	}
+	m.pinnedPath = ""
+	return nil
+}
+
+// IsPinned returns true if the map has a non-empty pinned path.
+func (m *Map) IsPinned() bool {
+	return m.pinnedPath != ""
+}
+
+// Freeze prevents a map to be modified from user space.
+//
+// It makes no changes to kernel-side restrictions.
+func (m *Map) Freeze() error {
+	if err := haveMapMutabilityModifiers(); err != nil {
+		return fmt.Errorf("can't freeze map: %w", err)
+	}
+
+	if err := bpfMapFreeze(m.fd); err != nil {
+		return fmt.Errorf("can't freeze map: %w", err)
+	}
+	return nil
+}
+
+func (m *Map) populate(contents []MapKV) error {
+	for _, kv := range contents {
+		if err := m.Put(kv.Key, kv.Value); err != nil {
+			return fmt.Errorf("key %v: %w", kv.Key, err)
+		}
+	}
+	return nil
+}
+
+func (m *Map) marshalKey(data interface{}) (internal.Pointer, error) {
+	if data == nil {
+		if m.keySize == 0 {
+			// Queues have a key length of zero, so passing nil here is valid.
+			return internal.NewPointer(nil), nil
+		}
+		return internal.Pointer{}, errors.New("can't use nil as key of map")
+	}
+
+	return marshalPtr(data, int(m.keySize))
+}
+
+func (m *Map) unmarshalKey(data interface{}, buf []byte) error {
+	if buf == nil {
+		// This is from a makeBuffer call, nothing do do here.
+		return nil
+	}
+
+	return unmarshalBytes(data, buf)
+}
+
+func (m *Map) marshalValue(data interface{}) (internal.Pointer, error) {
+	if m.typ.hasPerCPUValue() {
+		return marshalPerCPUValue(data, int(m.valueSize))
+	}
+
+	var (
+		buf []byte
+		err error
+	)
+
+	switch value := data.(type) {
+	case *Map:
+		if !m.typ.canStoreMap() {
+			return internal.Pointer{}, fmt.Errorf("can't store map in %s", m.typ)
+		}
+		buf, err = marshalMap(value, int(m.valueSize))
+
+	case *Program:
+		if !m.typ.canStoreProgram() {
+			return internal.Pointer{}, fmt.Errorf("can't store program in %s", m.typ)
+		}
+		buf, err = marshalProgram(value, int(m.valueSize))
+
+	default:
+		return marshalPtr(data, int(m.valueSize))
+	}
+
+	if err != nil {
+		return internal.Pointer{}, err
+	}
+
+	return internal.NewSlicePointer(buf), nil
+}
+
+func (m *Map) unmarshalValue(value interface{}, buf []byte) error {
+	if buf == nil {
+		// This is from a makeBuffer call, nothing do do here.
+		return nil
+	}
+
+	if m.typ.hasPerCPUValue() {
+		return unmarshalPerCPUValue(value, int(m.valueSize), buf)
+	}
+
+	switch value := value.(type) {
+	case **Map:
+		if !m.typ.canStoreMap() {
+			return fmt.Errorf("can't read a map from %s", m.typ)
+		}
+
+		other, err := unmarshalMap(buf)
+		if err != nil {
+			return err
+		}
+
+		// The caller might close the map externally, so ignore errors.
+		_ = (*value).Close()
+
+		*value = other
+		return nil
+
+	case *Map:
+		if !m.typ.canStoreMap() {
+			return fmt.Errorf("can't read a map from %s", m.typ)
+		}
+		return errors.New("require pointer to *Map")
+
+	case **Program:
+		if !m.typ.canStoreProgram() {
+			return fmt.Errorf("can't read a program from %s", m.typ)
+		}
+
+		other, err := unmarshalProgram(buf)
+		if err != nil {
+			return err
+		}
+
+		// The caller might close the program externally, so ignore errors.
+		_ = (*value).Close()
+
+		*value = other
+		return nil
+
+	case *Program:
+		if !m.typ.canStoreProgram() {
+			return fmt.Errorf("can't read a program from %s", m.typ)
+		}
+		return errors.New("require pointer to *Program")
+	}
+
+	return unmarshalBytes(value, buf)
+}
+
+// LoadPinnedMap loads a Map from a BPF file.
+func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) {
+	fd, err := internal.BPFObjGet(fileName, opts.Marshal())
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := newMapFromFD(fd)
+	if err == nil {
+		m.pinnedPath = fileName
+	}
+
+	return m, err
+}
+
+// unmarshalMap creates a map from a map ID encoded in host endianness.
+func unmarshalMap(buf []byte) (*Map, error) {
+	if len(buf) != 4 {
+		return nil, errors.New("map id requires 4 byte value")
+	}
+
+	id := internal.NativeEndian.Uint32(buf)
+	return NewMapFromID(MapID(id))
+}
+
+// marshalMap marshals the fd of a map into a buffer in host endianness.
+func marshalMap(m *Map, length int) ([]byte, error) {
+	if length != 4 {
+		return nil, fmt.Errorf("can't marshal map to %d bytes", length)
+	}
+
+	fd, err := m.fd.Value()
+	if err != nil {
+		return nil, err
+	}
+
+	buf := make([]byte, 4)
+	internal.NativeEndian.PutUint32(buf, fd)
+	return buf, nil
+}
+
+func patchValue(value []byte, typ btf.Type, replacements map[string]interface{}) error {
+	replaced := make(map[string]bool)
+	replace := func(name string, offset, size int, replacement interface{}) error {
+		if offset+size > len(value) {
+			return fmt.Errorf("%s: offset %d(+%d) is out of bounds", name, offset, size)
+		}
+
+		buf, err := marshalBytes(replacement, size)
+		if err != nil {
+			return fmt.Errorf("marshal %s: %w", name, err)
+		}
+
+		copy(value[offset:offset+size], buf)
+		replaced[name] = true
+		return nil
+	}
+
+	switch parent := typ.(type) {
+	case *btf.Datasec:
+		for _, secinfo := range parent.Vars {
+			name := string(secinfo.Type.(*btf.Var).Name)
+			replacement, ok := replacements[name]
+			if !ok {
+				continue
+			}
+
+			err := replace(name, int(secinfo.Offset), int(secinfo.Size), replacement)
+			if err != nil {
+				return err
+			}
+		}
+
+	default:
+		return fmt.Errorf("patching %T is not supported", typ)
+	}
+
+	if len(replaced) == len(replacements) {
+		return nil
+	}
+
+	var missing []string
+	for name := range replacements {
+		if !replaced[name] {
+			missing = append(missing, name)
+		}
+	}
+
+	if len(missing) == 1 {
+		return fmt.Errorf("unknown field: %s", missing[0])
+	}
+
+	return fmt.Errorf("unknown fields: %s", strings.Join(missing, ","))
+}
+
+// MapIterator iterates a Map.
+//
+// See Map.Iterate.
+type MapIterator struct {
+	target            *Map
+	prevKey           interface{}
+	prevBytes         []byte
+	count, maxEntries uint32
+	done              bool
+	err               error
+}
+
+func newMapIterator(target *Map) *MapIterator {
+	return &MapIterator{
+		target:     target,
+		maxEntries: target.maxEntries,
+		prevBytes:  make([]byte, target.keySize),
+	}
+}
+
+// Next decodes the next key and value.
+//
+// Iterating a hash map from which keys are being deleted is not
+// safe. You may see the same key multiple times. Iteration may
+// also abort with an error, see IsIterationAborted.
+//
+// Returns false if there are no more entries. You must check
+// the result of Err afterwards.
+//
+// See Map.Get for further caveats around valueOut.
+func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool {
+	if mi.err != nil || mi.done {
+		return false
+	}
+
+	// For array-like maps NextKeyBytes returns nil only on after maxEntries
+	// iterations.
+	for mi.count <= mi.maxEntries {
+		var nextBytes []byte
+		nextBytes, mi.err = mi.target.NextKeyBytes(mi.prevKey)
+		if mi.err != nil {
+			return false
+		}
+
+		if nextBytes == nil {
+			mi.done = true
+			return false
+		}
+
+		// The user can get access to nextBytes since unmarshalBytes
+		// does not copy when unmarshaling into a []byte.
+		// Make a copy to prevent accidental corruption of
+		// iterator state.
+		copy(mi.prevBytes, nextBytes)
+		mi.prevKey = mi.prevBytes
+
+		mi.count++
+		mi.err = mi.target.Lookup(nextBytes, valueOut)
+		if errors.Is(mi.err, ErrKeyNotExist) {
+			// Even though the key should be valid, we couldn't look up
+			// its value. If we're iterating a hash map this is probably
+			// because a concurrent delete removed the value before we
+			// could get it. This means that the next call to NextKeyBytes
+			// is very likely to restart iteration.
+			// If we're iterating one of the fd maps like
+			// ProgramArray it means that a given slot doesn't have
+			// a valid fd associated. It's OK to continue to the next slot.
+			continue
+		}
+		if mi.err != nil {
+			return false
+		}
+
+		mi.err = mi.target.unmarshalKey(keyOut, nextBytes)
+		return mi.err == nil
+	}
+
+	mi.err = fmt.Errorf("%w", ErrIterationAborted)
+	return false
+}
+
+// Err returns any encountered error.
+//
+// The method must be called after Next returns nil.
+//
+// Returns ErrIterationAborted if it wasn't possible to do a full iteration.
+func (mi *MapIterator) Err() error {
+	return mi.err
+}
+
+// MapGetNextID returns the ID of the next eBPF map.
+//
+// Returns ErrNotExist, if there is no next eBPF map.
+func MapGetNextID(startID MapID) (MapID, error) {
+	id, err := objGetNextID(internal.BPF_MAP_GET_NEXT_ID, uint32(startID))
+	return MapID(id), err
+}
+
+// NewMapFromID returns the map for a given id.
+//
+// Returns ErrNotExist, if there is no eBPF map with the given id.
+func NewMapFromID(id MapID) (*Map, error) {
+	fd, err := bpfObjGetFDByID(internal.BPF_MAP_GET_FD_BY_ID, uint32(id))
+	if err != nil {
+		return nil, err
+	}
+
+	return newMapFromFD(fd)
+}
+
+// ID returns the systemwide unique ID of the map.
+//
+// Deprecated: use MapInfo.ID() instead.
+func (m *Map) ID() (MapID, error) {
+	info, err := bpfGetMapInfoByFD(m.fd)
+	if err != nil {
+		return MapID(0), err
+	}
+	return MapID(info.id), nil
+}
diff --git a/vendor/github.com/cilium/ebpf/marshalers.go b/vendor/github.com/cilium/ebpf/marshalers.go
new file mode 100644
index 0000000000000..f2610eff9c781
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/marshalers.go
@@ -0,0 +1,218 @@
+package ebpf
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"reflect"
+	"runtime"
+	"unsafe"
+
+	"github.com/cilium/ebpf/internal"
+)
+
+// marshalPtr converts an arbitrary value into a pointer suitable
+// to be passed to the kernel.
+//
+// As an optimization, it returns the original value if it is an
+// unsafe.Pointer.
+func marshalPtr(data interface{}, length int) (internal.Pointer, error) {
+	if ptr, ok := data.(unsafe.Pointer); ok {
+		return internal.NewPointer(ptr), nil
+	}
+
+	buf, err := marshalBytes(data, length)
+	if err != nil {
+		return internal.Pointer{}, err
+	}
+
+	return internal.NewSlicePointer(buf), nil
+}
+
+// marshalBytes converts an arbitrary value into a byte buffer.
+//
+// Prefer using Map.marshalKey and Map.marshalValue if possible, since
+// those have special cases that allow more types to be encoded.
+//
+// Returns an error if the given value isn't representable in exactly
+// length bytes.
+func marshalBytes(data interface{}, length int) (buf []byte, err error) {
+	switch value := data.(type) {
+	case encoding.BinaryMarshaler:
+		buf, err = value.MarshalBinary()
+	case string:
+		buf = []byte(value)
+	case []byte:
+		buf = value
+	case unsafe.Pointer:
+		err = errors.New("can't marshal from unsafe.Pointer")
+	case Map, *Map, Program, *Program:
+		err = fmt.Errorf("can't marshal %T", value)
+	default:
+		var wr bytes.Buffer
+		err = binary.Write(&wr, internal.NativeEndian, value)
+		if err != nil {
+			err = fmt.Errorf("encoding %T: %v", value, err)
+		}
+		buf = wr.Bytes()
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if len(buf) != length {
+		return nil, fmt.Errorf("%T doesn't marshal to %d bytes", data, length)
+	}
+	return buf, nil
+}
+
+func makeBuffer(dst interface{}, length int) (internal.Pointer, []byte) {
+	if ptr, ok := dst.(unsafe.Pointer); ok {
+		return internal.NewPointer(ptr), nil
+	}
+
+	buf := make([]byte, length)
+	return internal.NewSlicePointer(buf), buf
+}
+
+// unmarshalBytes converts a byte buffer into an arbitrary value.
+//
+// Prefer using Map.unmarshalKey and Map.unmarshalValue if possible, since
+// those have special cases that allow more types to be encoded.
+func unmarshalBytes(data interface{}, buf []byte) error {
+	switch value := data.(type) {
+	case unsafe.Pointer:
+		// This could be solved in Go 1.17 by unsafe.Slice instead. (https://github.com/golang/go/issues/19367)
+		// We could opt for removing unsafe.Pointer support in the lib as well.
+		sh := &reflect.SliceHeader{ //nolint:govet
+			Data: uintptr(value),
+			Len:  len(buf),
+			Cap:  len(buf),
+		}
+
+		dst := *(*[]byte)(unsafe.Pointer(sh))
+		copy(dst, buf)
+		runtime.KeepAlive(value)
+		return nil
+	case Map, *Map, Program, *Program:
+		return fmt.Errorf("can't unmarshal into %T", value)
+	case encoding.BinaryUnmarshaler:
+		return value.UnmarshalBinary(buf)
+	case *string:
+		*value = string(buf)
+		return nil
+	case *[]byte:
+		*value = buf
+		return nil
+	case string:
+		return errors.New("require pointer to string")
+	case []byte:
+		return errors.New("require pointer to []byte")
+	default:
+		rd := bytes.NewReader(buf)
+		if err := binary.Read(rd, internal.NativeEndian, value); err != nil {
+			return fmt.Errorf("decoding %T: %v", value, err)
+		}
+		return nil
+	}
+}
+
+// marshalPerCPUValue encodes a slice containing one value per
+// possible CPU into a buffer of bytes.
+//
+// Values are initialized to zero if the slice has less elements than CPUs.
+//
+// slice must have a type like []elementType.
+func marshalPerCPUValue(slice interface{}, elemLength int) (internal.Pointer, error) {
+	sliceType := reflect.TypeOf(slice)
+	if sliceType.Kind() != reflect.Slice {
+		return internal.Pointer{}, errors.New("per-CPU value requires slice")
+	}
+
+	possibleCPUs, err := internal.PossibleCPUs()
+	if err != nil {
+		return internal.Pointer{}, err
+	}
+
+	sliceValue := reflect.ValueOf(slice)
+	sliceLen := sliceValue.Len()
+	if sliceLen > possibleCPUs {
+		return internal.Pointer{}, fmt.Errorf("per-CPU value exceeds number of CPUs")
+	}
+
+	alignedElemLength := align(elemLength, 8)
+	buf := make([]byte, alignedElemLength*possibleCPUs)
+
+	for i := 0; i < sliceLen; i++ {
+		elem := sliceValue.Index(i).Interface()
+		elemBytes, err := marshalBytes(elem, elemLength)
+		if err != nil {
+			return internal.Pointer{}, err
+		}
+
+		offset := i * alignedElemLength
+		copy(buf[offset:offset+elemLength], elemBytes)
+	}
+
+	return internal.NewSlicePointer(buf), nil
+}
+
+// unmarshalPerCPUValue decodes a buffer into a slice containing one value per
+// possible CPU.
+//
+// valueOut must have a type like *[]elementType
+func unmarshalPerCPUValue(slicePtr interface{}, elemLength int, buf []byte) error {
+	slicePtrType := reflect.TypeOf(slicePtr)
+	if slicePtrType.Kind() != reflect.Ptr || slicePtrType.Elem().Kind() != reflect.Slice {
+		return fmt.Errorf("per-cpu value requires pointer to slice")
+	}
+
+	possibleCPUs, err := internal.PossibleCPUs()
+	if err != nil {
+		return err
+	}
+
+	sliceType := slicePtrType.Elem()
+	slice := reflect.MakeSlice(sliceType, possibleCPUs, possibleCPUs)
+
+	sliceElemType := sliceType.Elem()
+	sliceElemIsPointer := sliceElemType.Kind() == reflect.Ptr
+	if sliceElemIsPointer {
+		sliceElemType = sliceElemType.Elem()
+	}
+
+	step := len(buf) / possibleCPUs
+	if step < elemLength {
+		return fmt.Errorf("per-cpu element length is larger than available data")
+	}
+	for i := 0; i < possibleCPUs; i++ {
+		var elem interface{}
+		if sliceElemIsPointer {
+			newElem := reflect.New(sliceElemType)
+			slice.Index(i).Set(newElem)
+			elem = newElem.Interface()
+		} else {
+			elem = slice.Index(i).Addr().Interface()
+		}
+
+		// Make a copy, since unmarshal can hold on to itemBytes
+		elemBytes := make([]byte, elemLength)
+		copy(elemBytes, buf[:elemLength])
+
+		err := unmarshalBytes(elem, elemBytes)
+		if err != nil {
+			return fmt.Errorf("cpu %d: %w", i, err)
+		}
+
+		buf = buf[step:]
+	}
+
+	reflect.ValueOf(slicePtr).Elem().Set(slice)
+	return nil
+}
+
+func align(n, alignment int) int {
+	return (int(n) + alignment - 1) / alignment * alignment
+}
diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go
new file mode 100644
index 0000000000000..13bdb6ddad1e2
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/prog.go
@@ -0,0 +1,728 @@
+package ebpf
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/cilium/ebpf/asm"
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/btf"
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// ErrNotSupported is returned whenever the kernel doesn't support a feature.
+var ErrNotSupported = internal.ErrNotSupported
+
+var errUnsatisfiedReference = errors.New("unsatisfied reference")
+
+// ProgramID represents the unique ID of an eBPF program.
+type ProgramID uint32
+
+const (
+	// Number of bytes to pad the output buffer for BPF_PROG_TEST_RUN.
+	// This is currently the maximum of spare space allocated for SKB
+	// and XDP programs, and equal to XDP_PACKET_HEADROOM + NET_IP_ALIGN.
+	outputPad = 256 + 2
+)
+
+// DefaultVerifierLogSize is the default number of bytes allocated for the
+// verifier log.
+const DefaultVerifierLogSize = 64 * 1024
+
+// ProgramOptions control loading a program into the kernel.
+type ProgramOptions struct {
+	// Controls the detail emitted by the kernel verifier. Set to non-zero
+	// to enable logging.
+	LogLevel uint32
+	// Controls the output buffer size for the verifier. Defaults to
+	// DefaultVerifierLogSize.
+	LogSize int
+	// An ELF containing the target BTF for this program. It is used both to
+	// find the correct function to trace and to apply CO-RE relocations.
+	// This is useful in environments where the kernel BTF is not available
+	// (containers) or where it is in a non-standard location. Defaults to
+	// use the kernel BTF from a well-known location.
+	TargetBTF io.ReaderAt
+}
+
+// ProgramSpec defines a Program.
+type ProgramSpec struct {
+	// Name is passed to the kernel as a debug aid. Must only contain
+	// alpha numeric and '_' characters.
+	Name string
+	// Type determines at which hook in the kernel a program will run.
+	Type       ProgramType
+	AttachType AttachType
+	// Name of a kernel data structure to attach to. It's interpretation
+	// depends on Type and AttachType.
+	AttachTo     string
+	Instructions asm.Instructions
+	// Flags is passed to the kernel and specifies additional program
+	// load attributes.
+	Flags uint32
+	// License of the program. Some helpers are only available if
+	// the license is deemed compatible with the GPL.
+	//
+	// See https://www.kernel.org/doc/html/latest/process/license-rules.html#id1
+	License string
+
+	// Version used by Kprobe programs.
+	//
+	// Deprecated on kernels 5.0 and later. Leave empty to let the library
+	// detect this value automatically.
+	KernelVersion uint32
+
+	// The BTF associated with this program. Changing Instructions
+	// will most likely invalidate the contained data, and may
+	// result in errors when attempting to load it into the kernel.
+	BTF *btf.Program
+
+	// The byte order this program was compiled for, may be nil.
+	ByteOrder binary.ByteOrder
+}
+
+// Copy returns a copy of the spec.
+func (ps *ProgramSpec) Copy() *ProgramSpec {
+	if ps == nil {
+		return nil
+	}
+
+	cpy := *ps
+	cpy.Instructions = make(asm.Instructions, len(ps.Instructions))
+	copy(cpy.Instructions, ps.Instructions)
+	return &cpy
+}
+
+// Tag calculates the kernel tag for a series of instructions.
+//
+// Use asm.Instructions.Tag if you need to calculate for non-native endianness.
+func (ps *ProgramSpec) Tag() (string, error) {
+	return ps.Instructions.Tag(internal.NativeEndian)
+}
+
+// Program represents BPF program loaded into the kernel.
+//
+// It is not safe to close a Program which is used by other goroutines.
+type Program struct {
+	// Contains the output of the kernel verifier if enabled,
+	// otherwise it is empty.
+	VerifierLog string
+
+	fd         *internal.FD
+	name       string
+	pinnedPath string
+	typ        ProgramType
+}
+
+// NewProgram creates a new Program.
+//
+// Loading a program for the first time will perform
+// feature detection by loading small, temporary programs.
+func NewProgram(spec *ProgramSpec) (*Program, error) {
+	return NewProgramWithOptions(spec, ProgramOptions{})
+}
+
+// NewProgramWithOptions creates a new Program.
+//
+// Loading a program for the first time will perform
+// feature detection by loading small, temporary programs.
+func NewProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, error) {
+	handles := newHandleCache()
+	defer handles.close()
+
+	prog, err := newProgramWithOptions(spec, opts, handles)
+	if errors.Is(err, errUnsatisfiedReference) {
+		return nil, fmt.Errorf("cannot load program without loading its whole collection: %w", err)
+	}
+	return prog, err
+}
+
+func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *handleCache) (*Program, error) {
+	if len(spec.Instructions) == 0 {
+		return nil, errors.New("Instructions cannot be empty")
+	}
+
+	if spec.ByteOrder != nil && spec.ByteOrder != internal.NativeEndian {
+		return nil, fmt.Errorf("can't load %s program on %s", spec.ByteOrder, internal.NativeEndian)
+	}
+
+	// Kernels before 5.0 (6c4fc209fcf9 "bpf: remove useless version check for prog load")
+	// require the version field to be set to the value of the KERNEL_VERSION
+	// macro for kprobe-type programs.
+	// Overwrite Kprobe program version if set to zero or the magic version constant.
+	kv := spec.KernelVersion
+	if spec.Type == Kprobe && (kv == 0 || kv == internal.MagicKernelVersion) {
+		v, err := internal.KernelVersion()
+		if err != nil {
+			return nil, fmt.Errorf("detecting kernel version: %w", err)
+		}
+		kv = v.Kernel()
+	}
+
+	attr := &bpfProgLoadAttr{
+		progType:           spec.Type,
+		progFlags:          spec.Flags,
+		expectedAttachType: spec.AttachType,
+		license:            internal.NewStringPointer(spec.License),
+		kernelVersion:      kv,
+	}
+
+	if haveObjName() == nil {
+		attr.progName = internal.NewBPFObjName(spec.Name)
+	}
+
+	var err error
+	var targetBTF *btf.Spec
+	if opts.TargetBTF != nil {
+		targetBTF, err = handles.btfSpec(opts.TargetBTF)
+		if err != nil {
+			return nil, fmt.Errorf("load target BTF: %w", err)
+		}
+	}
+
+	var btfDisabled bool
+	var core btf.COREFixups
+	if spec.BTF != nil {
+		core, err = btf.ProgramFixups(spec.BTF, targetBTF)
+		if err != nil {
+			return nil, fmt.Errorf("CO-RE relocations: %w", err)
+		}
+
+		handle, err := handles.btfHandle(btf.ProgramSpec(spec.BTF))
+		btfDisabled = errors.Is(err, btf.ErrNotSupported)
+		if err != nil && !btfDisabled {
+			return nil, fmt.Errorf("load BTF: %w", err)
+		}
+
+		if handle != nil {
+			attr.progBTFFd = uint32(handle.FD())
+
+			recSize, bytes, err := btf.ProgramLineInfos(spec.BTF)
+			if err != nil {
+				return nil, fmt.Errorf("get BTF line infos: %w", err)
+			}
+			attr.lineInfoRecSize = recSize
+			attr.lineInfoCnt = uint32(uint64(len(bytes)) / uint64(recSize))
+			attr.lineInfo = internal.NewSlicePointer(bytes)
+
+			recSize, bytes, err = btf.ProgramFuncInfos(spec.BTF)
+			if err != nil {
+				return nil, fmt.Errorf("get BTF function infos: %w", err)
+			}
+			attr.funcInfoRecSize = recSize
+			attr.funcInfoCnt = uint32(uint64(len(bytes)) / uint64(recSize))
+			attr.funcInfo = internal.NewSlicePointer(bytes)
+		}
+	}
+
+	insns, err := core.Apply(spec.Instructions)
+	if err != nil {
+		return nil, fmt.Errorf("CO-RE fixup: %w", err)
+	}
+
+	if err := fixupJumpsAndCalls(insns); err != nil {
+		return nil, err
+	}
+
+	buf := bytes.NewBuffer(make([]byte, 0, len(spec.Instructions)*asm.InstructionSize))
+	err = insns.Marshal(buf, internal.NativeEndian)
+	if err != nil {
+		return nil, err
+	}
+
+	bytecode := buf.Bytes()
+	attr.instructions = internal.NewSlicePointer(bytecode)
+	attr.insCount = uint32(len(bytecode) / asm.InstructionSize)
+
+	if spec.AttachTo != "" {
+		target, err := resolveBTFType(targetBTF, spec.AttachTo, spec.Type, spec.AttachType)
+		if err != nil {
+			return nil, err
+		}
+		if target != nil {
+			attr.attachBTFID = target.ID()
+		}
+	}
+
+	logSize := DefaultVerifierLogSize
+	if opts.LogSize > 0 {
+		logSize = opts.LogSize
+	}
+
+	var logBuf []byte
+	if opts.LogLevel > 0 {
+		logBuf = make([]byte, logSize)
+		attr.logLevel = opts.LogLevel
+		attr.logSize = uint32(len(logBuf))
+		attr.logBuf = internal.NewSlicePointer(logBuf)
+	}
+
+	fd, err := bpfProgLoad(attr)
+	if err == nil {
+		return &Program{internal.CString(logBuf), fd, spec.Name, "", spec.Type}, nil
+	}
+
+	logErr := err
+	if opts.LogLevel == 0 && opts.LogSize >= 0 {
+		// Re-run with the verifier enabled to get better error messages.
+		logBuf = make([]byte, logSize)
+		attr.logLevel = 1
+		attr.logSize = uint32(len(logBuf))
+		attr.logBuf = internal.NewSlicePointer(logBuf)
+
+		_, logErr = bpfProgLoad(attr)
+	}
+
+	if errors.Is(logErr, unix.EPERM) && logBuf[0] == 0 {
+		// EPERM due to RLIMIT_MEMLOCK happens before the verifier, so we can
+		// check that the log is empty to reduce false positives.
+		return nil, fmt.Errorf("load program: RLIMIT_MEMLOCK may be too low: %w", logErr)
+	}
+
+	err = internal.ErrorWithLog(err, logBuf, logErr)
+	if btfDisabled {
+		return nil, fmt.Errorf("load program without BTF: %w", err)
+	}
+	return nil, fmt.Errorf("load program: %w", err)
+}
+
+// NewProgramFromFD creates a program from a raw fd.
+//
+// You should not use fd after calling this function.
+//
+// Requires at least Linux 4.10.
+func NewProgramFromFD(fd int) (*Program, error) {
+	if fd < 0 {
+		return nil, errors.New("invalid fd")
+	}
+
+	return newProgramFromFD(internal.NewFD(uint32(fd)))
+}
+
+// NewProgramFromID returns the program for a given id.
+//
+// Returns ErrNotExist, if there is no eBPF program with the given id.
+func NewProgramFromID(id ProgramID) (*Program, error) {
+	fd, err := bpfObjGetFDByID(internal.BPF_PROG_GET_FD_BY_ID, uint32(id))
+	if err != nil {
+		return nil, fmt.Errorf("get program by id: %w", err)
+	}
+
+	return newProgramFromFD(fd)
+}
+
+func newProgramFromFD(fd *internal.FD) (*Program, error) {
+	info, err := newProgramInfoFromFd(fd)
+	if err != nil {
+		fd.Close()
+		return nil, fmt.Errorf("discover program type: %w", err)
+	}
+
+	return &Program{"", fd, "", "", info.Type}, nil
+}
+
+func (p *Program) String() string {
+	if p.name != "" {
+		return fmt.Sprintf("%s(%s)#%v", p.typ, p.name, p.fd)
+	}
+	return fmt.Sprintf("%s(%v)", p.typ, p.fd)
+}
+
+// Type returns the underlying type of the program.
+func (p *Program) Type() ProgramType {
+	return p.typ
+}
+
+// Info returns metadata about the program.
+//
+// Requires at least 4.10.
+func (p *Program) Info() (*ProgramInfo, error) {
+	return newProgramInfoFromFd(p.fd)
+}
+
+// FD gets the file descriptor of the Program.
+//
+// It is invalid to call this function after Close has been called.
+func (p *Program) FD() int {
+	fd, err := p.fd.Value()
+	if err != nil {
+		// Best effort: -1 is the number most likely to be an
+		// invalid file descriptor.
+		return -1
+	}
+
+	return int(fd)
+}
+
+// Clone creates a duplicate of the Program.
+//
+// Closing the duplicate does not affect the original, and vice versa.
+//
+// Cloning a nil Program returns nil.
+func (p *Program) Clone() (*Program, error) {
+	if p == nil {
+		return nil, nil
+	}
+
+	dup, err := p.fd.Dup()
+	if err != nil {
+		return nil, fmt.Errorf("can't clone program: %w", err)
+	}
+
+	return &Program{p.VerifierLog, dup, p.name, "", p.typ}, nil
+}
+
+// Pin persists the Program on the BPF virtual file system past the lifetime of
+// the process that created it
+//
+// Calling Pin on a previously pinned program will overwrite the path, except when
+// the new path already exists. Re-pinning across filesystems is not supported.
+//
+// This requires bpffs to be mounted above fileName. See https://docs.cilium.io/en/k8s-doc/admin/#admin-mount-bpffs
+func (p *Program) Pin(fileName string) error {
+	if err := internal.Pin(p.pinnedPath, fileName, p.fd); err != nil {
+		return err
+	}
+	p.pinnedPath = fileName
+	return nil
+}
+
+// Unpin removes the persisted state for the Program from the BPF virtual filesystem.
+//
+// Failed calls to Unpin will not alter the state returned by IsPinned.
+//
+// Unpinning an unpinned Program returns nil.
+func (p *Program) Unpin() error {
+	if err := internal.Unpin(p.pinnedPath); err != nil {
+		return err
+	}
+	p.pinnedPath = ""
+	return nil
+}
+
+// IsPinned returns true if the Program has a non-empty pinned path.
+func (p *Program) IsPinned() bool {
+	return p.pinnedPath != ""
+}
+
+// Close unloads the program from the kernel.
+func (p *Program) Close() error {
+	if p == nil {
+		return nil
+	}
+
+	return p.fd.Close()
+}
+
+// Test runs the Program in the kernel with the given input and returns the
+// value returned by the eBPF program. outLen may be zero.
+//
+// Note: the kernel expects at least 14 bytes input for an ethernet header for
+// XDP and SKB programs.
+//
+// This function requires at least Linux 4.12.
+func (p *Program) Test(in []byte) (uint32, []byte, error) {
+	ret, out, _, err := p.testRun(in, 1, nil)
+	if err != nil {
+		return ret, nil, fmt.Errorf("can't test program: %w", err)
+	}
+	return ret, out, nil
+}
+
+// Benchmark runs the Program with the given input for a number of times
+// and returns the time taken per iteration.
+//
+// Returns the result of the last execution of the program and the time per
+// run or an error. reset is called whenever the benchmark syscall is
+// interrupted, and should be set to testing.B.ResetTimer or similar.
+//
+// Note: profiling a call to this function will skew it's results, see
+// https://github.com/cilium/ebpf/issues/24
+//
+// This function requires at least Linux 4.12.
+func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.Duration, error) {
+	ret, _, total, err := p.testRun(in, repeat, reset)
+	if err != nil {
+		return ret, total, fmt.Errorf("can't benchmark program: %w", err)
+	}
+	return ret, total, nil
+}
+
+var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() error {
+	prog, err := NewProgram(&ProgramSpec{
+		Type: SocketFilter,
+		Instructions: asm.Instructions{
+			asm.LoadImm(asm.R0, 0, asm.DWord),
+			asm.Return(),
+		},
+		License: "MIT",
+	})
+	if err != nil {
+		// This may be because we lack sufficient permissions, etc.
+		return err
+	}
+	defer prog.Close()
+
+	// Programs require at least 14 bytes input
+	in := make([]byte, 14)
+	attr := bpfProgTestRunAttr{
+		fd:         uint32(prog.FD()),
+		dataSizeIn: uint32(len(in)),
+		dataIn:     internal.NewSlicePointer(in),
+	}
+
+	err = bpfProgTestRun(&attr)
+	if errors.Is(err, unix.EINVAL) {
+		// Check for EINVAL specifically, rather than err != nil since we
+		// otherwise misdetect due to insufficient permissions.
+		return internal.ErrNotSupported
+	}
+	if errors.Is(err, unix.EINTR) {
+		// We know that PROG_TEST_RUN is supported if we get EINTR.
+		return nil
+	}
+	return err
+})
+
+func (p *Program) testRun(in []byte, repeat int, reset func()) (uint32, []byte, time.Duration, error) {
+	if uint(repeat) > math.MaxUint32 {
+		return 0, nil, 0, fmt.Errorf("repeat is too high")
+	}
+
+	if len(in) == 0 {
+		return 0, nil, 0, fmt.Errorf("missing input")
+	}
+
+	if uint(len(in)) > math.MaxUint32 {
+		return 0, nil, 0, fmt.Errorf("input is too long")
+	}
+
+	if err := haveProgTestRun(); err != nil {
+		return 0, nil, 0, err
+	}
+
+	// Older kernels ignore the dataSizeOut argument when copying to user space.
+	// Combined with things like bpf_xdp_adjust_head() we don't really know what the final
+	// size will be. Hence we allocate an output buffer which we hope will always be large
+	// enough, and panic if the kernel wrote past the end of the allocation.
+	// See https://patchwork.ozlabs.org/cover/1006822/
+	out := make([]byte, len(in)+outputPad)
+
+	fd, err := p.fd.Value()
+	if err != nil {
+		return 0, nil, 0, err
+	}
+
+	attr := bpfProgTestRunAttr{
+		fd:          fd,
+		dataSizeIn:  uint32(len(in)),
+		dataSizeOut: uint32(len(out)),
+		dataIn:      internal.NewSlicePointer(in),
+		dataOut:     internal.NewSlicePointer(out),
+		repeat:      uint32(repeat),
+	}
+
+	for {
+		err = bpfProgTestRun(&attr)
+		if err == nil {
+			break
+		}
+
+		if errors.Is(err, unix.EINTR) {
+			if reset != nil {
+				reset()
+			}
+			continue
+		}
+
+		return 0, nil, 0, fmt.Errorf("can't run test: %w", err)
+	}
+
+	if int(attr.dataSizeOut) > cap(out) {
+		// Houston, we have a problem. The program created more data than we allocated,
+		// and the kernel wrote past the end of our buffer.
+		panic("kernel wrote past end of output buffer")
+	}
+	out = out[:int(attr.dataSizeOut)]
+
+	total := time.Duration(attr.duration) * time.Nanosecond
+	return attr.retval, out, total, nil
+}
+
+func unmarshalProgram(buf []byte) (*Program, error) {
+	if len(buf) != 4 {
+		return nil, errors.New("program id requires 4 byte value")
+	}
+
+	// Looking up an entry in a nested map or prog array returns an id,
+	// not an fd.
+	id := internal.NativeEndian.Uint32(buf)
+	return NewProgramFromID(ProgramID(id))
+}
+
+func marshalProgram(p *Program, length int) ([]byte, error) {
+	if length != 4 {
+		return nil, fmt.Errorf("can't marshal program to %d bytes", length)
+	}
+
+	value, err := p.fd.Value()
+	if err != nil {
+		return nil, err
+	}
+
+	buf := make([]byte, 4)
+	internal.NativeEndian.PutUint32(buf, value)
+	return buf, nil
+}
+
+// Attach a Program.
+//
+// Deprecated: use link.RawAttachProgram instead.
+func (p *Program) Attach(fd int, typ AttachType, flags AttachFlags) error {
+	if fd < 0 {
+		return errors.New("invalid fd")
+	}
+
+	pfd, err := p.fd.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := internal.BPFProgAttachAttr{
+		TargetFd:    uint32(fd),
+		AttachBpfFd: pfd,
+		AttachType:  uint32(typ),
+		AttachFlags: uint32(flags),
+	}
+
+	return internal.BPFProgAttach(&attr)
+}
+
+// Detach a Program.
+//
+// Deprecated: use link.RawDetachProgram instead.
+func (p *Program) Detach(fd int, typ AttachType, flags AttachFlags) error {
+	if fd < 0 {
+		return errors.New("invalid fd")
+	}
+
+	if flags != 0 {
+		return errors.New("flags must be zero")
+	}
+
+	pfd, err := p.fd.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := internal.BPFProgDetachAttr{
+		TargetFd:    uint32(fd),
+		AttachBpfFd: pfd,
+		AttachType:  uint32(typ),
+	}
+
+	return internal.BPFProgDetach(&attr)
+}
+
+// LoadPinnedProgram loads a Program from a BPF file.
+//
+// Requires at least Linux 4.11.
+func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) {
+	fd, err := internal.BPFObjGet(fileName, opts.Marshal())
+	if err != nil {
+		return nil, err
+	}
+
+	info, err := newProgramInfoFromFd(fd)
+	if err != nil {
+		_ = fd.Close()
+		return nil, fmt.Errorf("info for %s: %w", fileName, err)
+	}
+
+	return &Program{"", fd, filepath.Base(fileName), fileName, info.Type}, nil
+}
+
+// SanitizeName replaces all invalid characters in name with replacement.
+// Passing a negative value for replacement will delete characters instead
+// of replacing them. Use this to automatically generate valid names for maps
+// and programs at runtime.
+//
+// The set of allowed characters depends on the running kernel version.
+// Dots are only allowed as of kernel 5.2.
+func SanitizeName(name string, replacement rune) string {
+	return strings.Map(func(char rune) rune {
+		if invalidBPFObjNameChar(char) {
+			return replacement
+		}
+		return char
+	}, name)
+}
+
+// ProgramGetNextID returns the ID of the next eBPF program.
+//
+// Returns ErrNotExist, if there is no next eBPF program.
+func ProgramGetNextID(startID ProgramID) (ProgramID, error) {
+	id, err := objGetNextID(internal.BPF_PROG_GET_NEXT_ID, uint32(startID))
+	return ProgramID(id), err
+}
+
+// ID returns the systemwide unique ID of the program.
+//
+// Deprecated: use ProgramInfo.ID() instead.
+func (p *Program) ID() (ProgramID, error) {
+	info, err := bpfGetProgInfoByFD(p.fd)
+	if err != nil {
+		return ProgramID(0), err
+	}
+	return ProgramID(info.id), nil
+}
+
+func resolveBTFType(kernel *btf.Spec, name string, progType ProgramType, attachType AttachType) (btf.Type, error) {
+	type match struct {
+		p ProgramType
+		a AttachType
+	}
+
+	var target btf.Type
+	var typeName, featureName string
+	switch (match{progType, attachType}) {
+	case match{LSM, AttachLSMMac}:
+		target = new(btf.Func)
+		typeName = "bpf_lsm_" + name
+		featureName = name + " LSM hook"
+
+	case match{Tracing, AttachTraceIter}:
+		target = new(btf.Func)
+		typeName = "bpf_iter_" + name
+		featureName = name + " iterator"
+
+	default:
+		return nil, nil
+	}
+
+	if kernel == nil {
+		var err error
+		kernel, err = btf.LoadKernelSpec()
+		if err != nil {
+			return nil, fmt.Errorf("load kernel spec: %w", err)
+		}
+	}
+
+	err := kernel.FindType(typeName, target)
+	if errors.Is(err, btf.ErrNotFound) {
+		return nil, &internal.UnsupportedFeatureError{
+			Name: featureName,
+		}
+	}
+	if err != nil {
+		return nil, fmt.Errorf("resolve BTF for %s: %w", featureName, err)
+	}
+	return target, nil
+}
diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go
new file mode 100644
index 0000000000000..f5a38549bb7cf
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/syscalls.go
@@ -0,0 +1,480 @@
+package ebpf
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"unsafe"
+
+	"github.com/cilium/ebpf/internal"
+	"github.com/cilium/ebpf/internal/btf"
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+// ErrNotExist is returned when loading a non-existing map or program.
+//
+// Deprecated: use os.ErrNotExist instead.
+var ErrNotExist = os.ErrNotExist
+
+// invalidBPFObjNameChar returns true if char may not appear in
+// a BPF object name.
+func invalidBPFObjNameChar(char rune) bool {
+	dotAllowed := objNameAllowsDot() == nil
+
+	switch {
+	case char >= 'A' && char <= 'Z':
+		return false
+	case char >= 'a' && char <= 'z':
+		return false
+	case char >= '0' && char <= '9':
+		return false
+	case dotAllowed && char == '.':
+		return false
+	case char == '_':
+		return false
+	default:
+		return true
+	}
+}
+
+type bpfMapOpAttr struct {
+	mapFd   uint32
+	padding uint32
+	key     internal.Pointer
+	value   internal.Pointer
+	flags   uint64
+}
+
+type bpfBatchMapOpAttr struct {
+	inBatch   internal.Pointer
+	outBatch  internal.Pointer
+	keys      internal.Pointer
+	values    internal.Pointer
+	count     uint32
+	mapFd     uint32
+	elemFlags uint64
+	flags     uint64
+}
+
+type bpfMapInfo struct {
+	map_type                  uint32 // since 4.12 1e2709769086
+	id                        uint32
+	key_size                  uint32
+	value_size                uint32
+	max_entries               uint32
+	map_flags                 uint32
+	name                      internal.BPFObjName // since 4.15 ad5b177bd73f
+	ifindex                   uint32              // since 4.16 52775b33bb50
+	btf_vmlinux_value_type_id uint32              // since 5.6  85d33df357b6
+	netns_dev                 uint64              // since 4.16 52775b33bb50
+	netns_ino                 uint64
+	btf_id                    uint32 // since 4.18 78958fca7ead
+	btf_key_type_id           uint32 // since 4.18 9b2cf328b2ec
+	btf_value_type_id         uint32
+}
+
+type bpfProgLoadAttr struct {
+	progType           ProgramType
+	insCount           uint32
+	instructions       internal.Pointer
+	license            internal.Pointer
+	logLevel           uint32
+	logSize            uint32
+	logBuf             internal.Pointer
+	kernelVersion      uint32              // since 4.1  2541517c32be
+	progFlags          uint32              // since 4.11 e07b98d9bffe
+	progName           internal.BPFObjName // since 4.15 067cae47771c
+	progIfIndex        uint32              // since 4.15 1f6f4cb7ba21
+	expectedAttachType AttachType          // since 4.17 5e43f899b03a
+	progBTFFd          uint32
+	funcInfoRecSize    uint32
+	funcInfo           internal.Pointer
+	funcInfoCnt        uint32
+	lineInfoRecSize    uint32
+	lineInfo           internal.Pointer
+	lineInfoCnt        uint32
+	attachBTFID        btf.TypeID
+	attachProgFd       uint32
+}
+
+type bpfProgInfo struct {
+	prog_type                uint32
+	id                       uint32
+	tag                      [unix.BPF_TAG_SIZE]byte
+	jited_prog_len           uint32
+	xlated_prog_len          uint32
+	jited_prog_insns         internal.Pointer
+	xlated_prog_insns        internal.Pointer
+	load_time                uint64 // since 4.15 cb4d2b3f03d8
+	created_by_uid           uint32
+	nr_map_ids               uint32
+	map_ids                  internal.Pointer
+	name                     internal.BPFObjName // since 4.15 067cae47771c
+	ifindex                  uint32
+	gpl_compatible           uint32
+	netns_dev                uint64
+	netns_ino                uint64
+	nr_jited_ksyms           uint32
+	nr_jited_func_lens       uint32
+	jited_ksyms              internal.Pointer
+	jited_func_lens          internal.Pointer
+	btf_id                   uint32
+	func_info_rec_size       uint32
+	func_info                internal.Pointer
+	nr_func_info             uint32
+	nr_line_info             uint32
+	line_info                internal.Pointer
+	jited_line_info          internal.Pointer
+	nr_jited_line_info       uint32
+	line_info_rec_size       uint32
+	jited_line_info_rec_size uint32
+	nr_prog_tags             uint32
+	prog_tags                internal.Pointer
+	run_time_ns              uint64
+	run_cnt                  uint64
+}
+
+type bpfProgTestRunAttr struct {
+	fd          uint32
+	retval      uint32
+	dataSizeIn  uint32
+	dataSizeOut uint32
+	dataIn      internal.Pointer
+	dataOut     internal.Pointer
+	repeat      uint32
+	duration    uint32
+}
+
+type bpfGetFDByIDAttr struct {
+	id   uint32
+	next uint32
+}
+
+type bpfMapFreezeAttr struct {
+	mapFd uint32
+}
+
+type bpfObjGetNextIDAttr struct {
+	startID   uint32
+	nextID    uint32
+	openFlags uint32
+}
+
+func bpfProgLoad(attr *bpfProgLoadAttr) (*internal.FD, error) {
+	for {
+		fd, err := internal.BPF(internal.BPF_PROG_LOAD, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+		// As of ~4.20 the verifier can be interrupted by a signal,
+		// and returns EAGAIN in that case.
+		if errors.Is(err, unix.EAGAIN) {
+			continue
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		return internal.NewFD(uint32(fd)), nil
+	}
+}
+
+func bpfProgTestRun(attr *bpfProgTestRunAttr) error {
+	_, err := internal.BPF(internal.BPF_PROG_TEST_RUN, unsafe.Pointer(attr), unsafe.Sizeof(*attr))
+	return err
+}
+
+var haveNestedMaps = internal.FeatureTest("nested maps", "4.12", func() error {
+	_, err := internal.BPFMapCreate(&internal.BPFMapCreateAttr{
+		MapType:    uint32(ArrayOfMaps),
+		KeySize:    4,
+		ValueSize:  4,
+		MaxEntries: 1,
+		// Invalid file descriptor.
+		InnerMapFd: ^uint32(0),
+	})
+	if errors.Is(err, unix.EINVAL) {
+		return internal.ErrNotSupported
+	}
+	if errors.Is(err, unix.EBADF) {
+		return nil
+	}
+	return err
+})
+
+var haveMapMutabilityModifiers = internal.FeatureTest("read- and write-only maps", "5.2", func() error {
+	// This checks BPF_F_RDONLY_PROG and BPF_F_WRONLY_PROG. Since
+	// BPF_MAP_FREEZE appeared in 5.2 as well we don't do a separate check.
+	m, err := internal.BPFMapCreate(&internal.BPFMapCreateAttr{
+		MapType:    uint32(Array),
+		KeySize:    4,
+		ValueSize:  4,
+		MaxEntries: 1,
+		Flags:      unix.BPF_F_RDONLY_PROG,
+	})
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+	_ = m.Close()
+	return nil
+})
+
+var haveMmapableMaps = internal.FeatureTest("mmapable maps", "5.5", func() error {
+	// This checks BPF_F_MMAPABLE, which appeared in 5.5 for array maps.
+	m, err := internal.BPFMapCreate(&internal.BPFMapCreateAttr{
+		MapType:    uint32(Array),
+		KeySize:    4,
+		ValueSize:  4,
+		MaxEntries: 1,
+		Flags:      unix.BPF_F_MMAPABLE,
+	})
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+	_ = m.Close()
+	return nil
+})
+
+var haveInnerMaps = internal.FeatureTest("inner maps", "5.10", func() error {
+	// This checks BPF_F_INNER_MAP, which appeared in 5.10.
+	m, err := internal.BPFMapCreate(&internal.BPFMapCreateAttr{
+		MapType:    uint32(Array),
+		KeySize:    4,
+		ValueSize:  4,
+		MaxEntries: 1,
+		Flags:      unix.BPF_F_INNER_MAP,
+	})
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+	_ = m.Close()
+	return nil
+})
+
+func bpfMapLookupElem(m *internal.FD, key, valueOut internal.Pointer) error {
+	fd, err := m.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := bpfMapOpAttr{
+		mapFd: fd,
+		key:   key,
+		value: valueOut,
+	}
+	_, err = internal.BPF(internal.BPF_MAP_LOOKUP_ELEM, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	return wrapMapError(err)
+}
+
+func bpfMapLookupAndDelete(m *internal.FD, key, valueOut internal.Pointer) error {
+	fd, err := m.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := bpfMapOpAttr{
+		mapFd: fd,
+		key:   key,
+		value: valueOut,
+	}
+	_, err = internal.BPF(internal.BPF_MAP_LOOKUP_AND_DELETE_ELEM, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	return wrapMapError(err)
+}
+
+func bpfMapUpdateElem(m *internal.FD, key, valueOut internal.Pointer, flags uint64) error {
+	fd, err := m.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := bpfMapOpAttr{
+		mapFd: fd,
+		key:   key,
+		value: valueOut,
+		flags: flags,
+	}
+	_, err = internal.BPF(internal.BPF_MAP_UPDATE_ELEM, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	return wrapMapError(err)
+}
+
+func bpfMapDeleteElem(m *internal.FD, key internal.Pointer) error {
+	fd, err := m.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := bpfMapOpAttr{
+		mapFd: fd,
+		key:   key,
+	}
+	_, err = internal.BPF(internal.BPF_MAP_DELETE_ELEM, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	return wrapMapError(err)
+}
+
+func bpfMapGetNextKey(m *internal.FD, key, nextKeyOut internal.Pointer) error {
+	fd, err := m.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := bpfMapOpAttr{
+		mapFd: fd,
+		key:   key,
+		value: nextKeyOut,
+	}
+	_, err = internal.BPF(internal.BPF_MAP_GET_NEXT_KEY, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	return wrapMapError(err)
+}
+
+func objGetNextID(cmd internal.BPFCmd, start uint32) (uint32, error) {
+	attr := bpfObjGetNextIDAttr{
+		startID: start,
+	}
+	_, err := internal.BPF(cmd, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	return attr.nextID, err
+}
+
+func bpfMapBatch(cmd internal.BPFCmd, m *internal.FD, inBatch, outBatch, keys, values internal.Pointer, count uint32, opts *BatchOptions) (uint32, error) {
+	fd, err := m.Value()
+	if err != nil {
+		return 0, err
+	}
+
+	attr := bpfBatchMapOpAttr{
+		inBatch:  inBatch,
+		outBatch: outBatch,
+		keys:     keys,
+		values:   values,
+		count:    count,
+		mapFd:    fd,
+	}
+	if opts != nil {
+		attr.elemFlags = opts.ElemFlags
+		attr.flags = opts.Flags
+	}
+	_, err = internal.BPF(cmd, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	// always return count even on an error, as things like update might partially be fulfilled.
+	return attr.count, wrapMapError(err)
+}
+
+func wrapMapError(err error) error {
+	if err == nil {
+		return nil
+	}
+
+	if errors.Is(err, unix.ENOENT) {
+		return internal.SyscallError(ErrKeyNotExist, unix.ENOENT)
+	}
+
+	if errors.Is(err, unix.EEXIST) {
+		return internal.SyscallError(ErrKeyExist, unix.EEXIST)
+	}
+
+	if errors.Is(err, unix.ENOTSUPP) {
+		return internal.SyscallError(ErrNotSupported, unix.ENOTSUPP)
+	}
+
+	return err
+}
+
+func bpfMapFreeze(m *internal.FD) error {
+	fd, err := m.Value()
+	if err != nil {
+		return err
+	}
+
+	attr := bpfMapFreezeAttr{
+		mapFd: fd,
+	}
+	_, err = internal.BPF(internal.BPF_MAP_FREEZE, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	return err
+}
+
+func bpfGetProgInfoByFD(fd *internal.FD) (*bpfProgInfo, error) {
+	var info bpfProgInfo
+	if err := internal.BPFObjGetInfoByFD(fd, unsafe.Pointer(&info), unsafe.Sizeof(info)); err != nil {
+		return nil, fmt.Errorf("can't get program info: %w", err)
+	}
+	return &info, nil
+}
+
+func bpfGetMapInfoByFD(fd *internal.FD) (*bpfMapInfo, error) {
+	var info bpfMapInfo
+	err := internal.BPFObjGetInfoByFD(fd, unsafe.Pointer(&info), unsafe.Sizeof(info))
+	if err != nil {
+		return nil, fmt.Errorf("can't get map info: %w", err)
+	}
+	return &info, nil
+}
+
+var haveObjName = internal.FeatureTest("object names", "4.15", func() error {
+	attr := internal.BPFMapCreateAttr{
+		MapType:    uint32(Array),
+		KeySize:    4,
+		ValueSize:  4,
+		MaxEntries: 1,
+		MapName:    internal.NewBPFObjName("feature_test"),
+	}
+
+	fd, err := internal.BPFMapCreate(&attr)
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+
+	_ = fd.Close()
+	return nil
+})
+
+var objNameAllowsDot = internal.FeatureTest("dot in object names", "5.2", func() error {
+	if err := haveObjName(); err != nil {
+		return err
+	}
+
+	attr := internal.BPFMapCreateAttr{
+		MapType:    uint32(Array),
+		KeySize:    4,
+		ValueSize:  4,
+		MaxEntries: 1,
+		MapName:    internal.NewBPFObjName(".test"),
+	}
+
+	fd, err := internal.BPFMapCreate(&attr)
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+
+	_ = fd.Close()
+	return nil
+})
+
+var haveBatchAPI = internal.FeatureTest("map batch api", "5.6", func() error {
+	var maxEntries uint32 = 2
+	attr := internal.BPFMapCreateAttr{
+		MapType:    uint32(Hash),
+		KeySize:    4,
+		ValueSize:  4,
+		MaxEntries: maxEntries,
+	}
+
+	fd, err := internal.BPFMapCreate(&attr)
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+	defer fd.Close()
+	keys := []uint32{1, 2}
+	values := []uint32{3, 4}
+	kp, _ := marshalPtr(keys, 8)
+	vp, _ := marshalPtr(values, 8)
+	nilPtr := internal.NewPointer(nil)
+	_, err = bpfMapBatch(internal.BPF_MAP_UPDATE_BATCH, fd, nilPtr, nilPtr, kp, vp, maxEntries, nil)
+	if err != nil {
+		return internal.ErrNotSupported
+	}
+	return nil
+})
+
+func bpfObjGetFDByID(cmd internal.BPFCmd, id uint32) (*internal.FD, error) {
+	attr := bpfGetFDByIDAttr{
+		id: id,
+	}
+	ptr, err := internal.BPF(cmd, unsafe.Pointer(&attr), unsafe.Sizeof(attr))
+	return internal.NewFD(uint32(ptr)), err
+}
diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go
new file mode 100644
index 0000000000000..441a82fe4c1c6
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/types.go
@@ -0,0 +1,248 @@
+package ebpf
+
+import (
+	"github.com/cilium/ebpf/internal/unix"
+)
+
+//go:generate stringer -output types_string.go -type=MapType,ProgramType,AttachType,PinType
+
+// MapType indicates the type map structure
+// that will be initialized in the kernel.
+type MapType uint32
+
+// All the various map types that can be created
+const (
+	UnspecifiedMap MapType = iota
+	// Hash is a hash map
+	Hash
+	// Array is an array map
+	Array
+	// ProgramArray - A program array map is a special kind of array map whose map
+	// values contain only file descriptors referring to other eBPF
+	// programs.  Thus, both the key_size and value_size must be
+	// exactly four bytes.  This map is used in conjunction with the
+	// TailCall helper.
+	ProgramArray
+	// PerfEventArray - A perf event array is used in conjunction with PerfEventRead
+	// and PerfEventOutput calls, to read the raw bpf_perf_data from the registers.
+	PerfEventArray
+	// PerCPUHash - This data structure is useful for people who have high performance
+	// network needs and can reconcile adds at the end of some cycle, so that
+	// hashes can be lock free without the use of XAdd, which can be costly.
+	PerCPUHash
+	// PerCPUArray - This data structure is useful for people who have high performance
+	// network needs and can reconcile adds at the end of some cycle, so that
+	// hashes can be lock free without the use of XAdd, which can be costly.
+	// Each CPU gets a copy of this hash, the contents of all of which can be reconciled
+	// later.
+	PerCPUArray
+	// StackTrace - This holds whole user and kernel stack traces, it can be retrieved with
+	// GetStackID
+	StackTrace
+	// CGroupArray - This is a very niche structure used to help SKBInCGroup determine
+	// if an skb is from a socket belonging to a specific cgroup
+	CGroupArray
+	// LRUHash - This allows you to create a small hash structure that will purge the
+	// least recently used items rather than thow an error when you run out of memory
+	LRUHash
+	// LRUCPUHash - This is NOT like PerCPUHash, this structure is shared among the CPUs,
+	// it has more to do with including the CPU id with the LRU calculation so that if a
+	// particular CPU is using a value over-and-over again, then it will be saved, but if
+	// a value is being retrieved a lot but sparsely across CPUs it is not as important, basically
+	// giving weight to CPU locality over overall usage.
+	LRUCPUHash
+	// LPMTrie - This is an implementation of Longest-Prefix-Match Trie structure. It is useful,
+	// for storing things like IP addresses which can be bit masked allowing for keys of differing
+	// values to refer to the same reference based on their masks. See wikipedia for more details.
+	LPMTrie
+	// ArrayOfMaps - Each item in the array is another map. The inner map mustn't be a map of maps
+	// itself.
+	ArrayOfMaps
+	// HashOfMaps - Each item in the hash map is another map. The inner map mustn't be a map of maps
+	// itself.
+	HashOfMaps
+	// DevMap - Specialized map to store references to network devices.
+	DevMap
+	// SockMap - Specialized map to store references to sockets.
+	SockMap
+	// CPUMap - Specialized map to store references to CPUs.
+	CPUMap
+	// XSKMap - Specialized map for XDP programs to store references to open sockets.
+	XSKMap
+	// SockHash - Specialized hash to store references to sockets.
+	SockHash
+	// CGroupStorage - Special map for CGroups.
+	CGroupStorage
+	// ReusePortSockArray - Specialized map to store references to sockets that can be reused.
+	ReusePortSockArray
+	// PerCPUCGroupStorage - Special per CPU map for CGroups.
+	PerCPUCGroupStorage
+	// Queue - FIFO storage for BPF programs.
+	Queue
+	// Stack - LIFO storage for BPF programs.
+	Stack
+	// SkStorage - Specialized map for local storage at SK for BPF programs.
+	SkStorage
+	// DevMapHash - Hash-based indexing scheme for references to network devices.
+	DevMapHash
+	StructOpts
+	RingBuf
+	InodeStorage
+	TaskStorage
+)
+
+// hasPerCPUValue returns true if the Map stores a value per CPU.
+func (mt MapType) hasPerCPUValue() bool {
+	return mt == PerCPUHash || mt == PerCPUArray || mt == LRUCPUHash
+}
+
+// canStoreMap returns true if the map type accepts a map fd
+// for update and returns a map id for lookup.
+func (mt MapType) canStoreMap() bool {
+	return mt == ArrayOfMaps || mt == HashOfMaps
+}
+
+// canStoreProgram returns true if the map type accepts a program fd
+// for update and returns a program id for lookup.
+func (mt MapType) canStoreProgram() bool {
+	return mt == ProgramArray
+}
+
+// ProgramType of the eBPF program
+type ProgramType uint32
+
+// eBPF program types
+const (
+	UnspecifiedProgram ProgramType = iota
+	SocketFilter
+	Kprobe
+	SchedCLS
+	SchedACT
+	TracePoint
+	XDP
+	PerfEvent
+	CGroupSKB
+	CGroupSock
+	LWTIn
+	LWTOut
+	LWTXmit
+	SockOps
+	SkSKB
+	CGroupDevice
+	SkMsg
+	RawTracepoint
+	CGroupSockAddr
+	LWTSeg6Local
+	LircMode2
+	SkReuseport
+	FlowDissector
+	CGroupSysctl
+	RawTracepointWritable
+	CGroupSockopt
+	Tracing
+	StructOps
+	Extension
+	LSM
+	SkLookup
+)
+
+// AttachType of the eBPF program, needed to differentiate allowed context accesses in
+// some newer program types like CGroupSockAddr. Should be set to AttachNone if not required.
+// Will cause invalid argument (EINVAL) at program load time if set incorrectly.
+type AttachType uint32
+
+// AttachNone is an alias for AttachCGroupInetIngress for readability reasons.
+const AttachNone AttachType = 0
+
+const (
+	AttachCGroupInetIngress AttachType = iota
+	AttachCGroupInetEgress
+	AttachCGroupInetSockCreate
+	AttachCGroupSockOps
+	AttachSkSKBStreamParser
+	AttachSkSKBStreamVerdict
+	AttachCGroupDevice
+	AttachSkMsgVerdict
+	AttachCGroupInet4Bind
+	AttachCGroupInet6Bind
+	AttachCGroupInet4Connect
+	AttachCGroupInet6Connect
+	AttachCGroupInet4PostBind
+	AttachCGroupInet6PostBind
+	AttachCGroupUDP4Sendmsg
+	AttachCGroupUDP6Sendmsg
+	AttachLircMode2
+	AttachFlowDissector
+	AttachCGroupSysctl
+	AttachCGroupUDP4Recvmsg
+	AttachCGroupUDP6Recvmsg
+	AttachCGroupGetsockopt
+	AttachCGroupSetsockopt
+	AttachTraceRawTp
+	AttachTraceFEntry
+	AttachTraceFExit
+	AttachModifyReturn
+	AttachLSMMac
+	AttachTraceIter
+	AttachCgroupInet4GetPeername
+	AttachCgroupInet6GetPeername
+	AttachCgroupInet4GetSockname
+	AttachCgroupInet6GetSockname
+	AttachXDPDevMap
+	AttachCgroupInetSockRelease
+	AttachXDPCPUMap
+	AttachSkLookup
+	AttachXDP
+)
+
+// AttachFlags of the eBPF program used in BPF_PROG_ATTACH command
+type AttachFlags uint32
+
+// PinType determines whether a map is pinned into a BPFFS.
+type PinType int
+
+// Valid pin types.
+//
+// Mirrors enum libbpf_pin_type.
+const (
+	PinNone PinType = iota
+	// Pin an object by using its name as the filename.
+	PinByName
+)
+
+// LoadPinOptions control how a pinned object is loaded.
+type LoadPinOptions struct {
+	// Request a read-only or write-only object. The default is a read-write
+	// object. Only one of the flags may be set.
+	ReadOnly  bool
+	WriteOnly bool
+
+	// Raw flags for the syscall. Other fields of this struct take precedence.
+	Flags uint32
+}
+
+// Marshal returns a value suitable for BPF_OBJ_GET syscall file_flags parameter.
+func (lpo *LoadPinOptions) Marshal() uint32 {
+	if lpo == nil {
+		return 0
+	}
+
+	flags := lpo.Flags
+	if lpo.ReadOnly {
+		flags |= unix.BPF_F_RDONLY
+	}
+	if lpo.WriteOnly {
+		flags |= unix.BPF_F_WRONLY
+	}
+	return flags
+}
+
+// BatchOptions batch map operations options
+//
+// Mirrors libbpf struct bpf_map_batch_opts
+// Currently BPF_F_FLAG is the only supported
+// flag (for ElemFlags).
+type BatchOptions struct {
+	ElemFlags uint64
+	Flags     uint64
+}
diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go
new file mode 100644
index 0000000000000..c25f7656479bf
--- /dev/null
+++ b/vendor/github.com/cilium/ebpf/types_string.go
@@ -0,0 +1,172 @@
+// Code generated by "stringer -output types_string.go -type=MapType,ProgramType,AttachType,PinType"; DO NOT EDIT.
+
+package ebpf
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[UnspecifiedMap-0]
+	_ = x[Hash-1]
+	_ = x[Array-2]
+	_ = x[ProgramArray-3]
+	_ = x[PerfEventArray-4]
+	_ = x[PerCPUHash-5]
+	_ = x[PerCPUArray-6]
+	_ = x[StackTrace-7]
+	_ = x[CGroupArray-8]
+	_ = x[LRUHash-9]
+	_ = x[LRUCPUHash-10]
+	_ = x[LPMTrie-11]
+	_ = x[ArrayOfMaps-12]
+	_ = x[HashOfMaps-13]
+	_ = x[DevMap-14]
+	_ = x[SockMap-15]
+	_ = x[CPUMap-16]
+	_ = x[XSKMap-17]
+	_ = x[SockHash-18]
+	_ = x[CGroupStorage-19]
+	_ = x[ReusePortSockArray-20]
+	_ = x[PerCPUCGroupStorage-21]
+	_ = x[Queue-22]
+	_ = x[Stack-23]
+	_ = x[SkStorage-24]
+	_ = x[DevMapHash-25]
+	_ = x[StructOpts-26]
+	_ = x[RingBuf-27]
+	_ = x[InodeStorage-28]
+	_ = x[TaskStorage-29]
+}
+
+const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOptsRingBufInodeStorageTaskStorage"
+
+var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 258, 265, 277, 288}
+
+func (i MapType) String() string {
+	if i >= MapType(len(_MapType_index)-1) {
+		return "MapType(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _MapType_name[_MapType_index[i]:_MapType_index[i+1]]
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[UnspecifiedProgram-0]
+	_ = x[SocketFilter-1]
+	_ = x[Kprobe-2]
+	_ = x[SchedCLS-3]
+	_ = x[SchedACT-4]
+	_ = x[TracePoint-5]
+	_ = x[XDP-6]
+	_ = x[PerfEvent-7]
+	_ = x[CGroupSKB-8]
+	_ = x[CGroupSock-9]
+	_ = x[LWTIn-10]
+	_ = x[LWTOut-11]
+	_ = x[LWTXmit-12]
+	_ = x[SockOps-13]
+	_ = x[SkSKB-14]
+	_ = x[CGroupDevice-15]
+	_ = x[SkMsg-16]
+	_ = x[RawTracepoint-17]
+	_ = x[CGroupSockAddr-18]
+	_ = x[LWTSeg6Local-19]
+	_ = x[LircMode2-20]
+	_ = x[SkReuseport-21]
+	_ = x[FlowDissector-22]
+	_ = x[CGroupSysctl-23]
+	_ = x[RawTracepointWritable-24]
+	_ = x[CGroupSockopt-25]
+	_ = x[Tracing-26]
+	_ = x[StructOps-27]
+	_ = x[Extension-28]
+	_ = x[LSM-29]
+	_ = x[SkLookup-30]
+}
+
+const _ProgramType_name = "UnspecifiedProgramSocketFilterKprobeSchedCLSSchedACTTracePointXDPPerfEventCGroupSKBCGroupSockLWTInLWTOutLWTXmitSockOpsSkSKBCGroupDeviceSkMsgRawTracepointCGroupSockAddrLWTSeg6LocalLircMode2SkReuseportFlowDissectorCGroupSysctlRawTracepointWritableCGroupSockoptTracingStructOpsExtensionLSMSkLookup"
+
+var _ProgramType_index = [...]uint16{0, 18, 30, 36, 44, 52, 62, 65, 74, 83, 93, 98, 104, 111, 118, 123, 135, 140, 153, 167, 179, 188, 199, 212, 224, 245, 258, 265, 274, 283, 286, 294}
+
+func (i ProgramType) String() string {
+	if i >= ProgramType(len(_ProgramType_index)-1) {
+		return "ProgramType(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _ProgramType_name[_ProgramType_index[i]:_ProgramType_index[i+1]]
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[AttachNone-0]
+	_ = x[AttachCGroupInetIngress-0]
+	_ = x[AttachCGroupInetEgress-1]
+	_ = x[AttachCGroupInetSockCreate-2]
+	_ = x[AttachCGroupSockOps-3]
+	_ = x[AttachSkSKBStreamParser-4]
+	_ = x[AttachSkSKBStreamVerdict-5]
+	_ = x[AttachCGroupDevice-6]
+	_ = x[AttachSkMsgVerdict-7]
+	_ = x[AttachCGroupInet4Bind-8]
+	_ = x[AttachCGroupInet6Bind-9]
+	_ = x[AttachCGroupInet4Connect-10]
+	_ = x[AttachCGroupInet6Connect-11]
+	_ = x[AttachCGroupInet4PostBind-12]
+	_ = x[AttachCGroupInet6PostBind-13]
+	_ = x[AttachCGroupUDP4Sendmsg-14]
+	_ = x[AttachCGroupUDP6Sendmsg-15]
+	_ = x[AttachLircMode2-16]
+	_ = x[AttachFlowDissector-17]
+	_ = x[AttachCGroupSysctl-18]
+	_ = x[AttachCGroupUDP4Recvmsg-19]
+	_ = x[AttachCGroupUDP6Recvmsg-20]
+	_ = x[AttachCGroupGetsockopt-21]
+	_ = x[AttachCGroupSetsockopt-22]
+	_ = x[AttachTraceRawTp-23]
+	_ = x[AttachTraceFEntry-24]
+	_ = x[AttachTraceFExit-25]
+	_ = x[AttachModifyReturn-26]
+	_ = x[AttachLSMMac-27]
+	_ = x[AttachTraceIter-28]
+	_ = x[AttachCgroupInet4GetPeername-29]
+	_ = x[AttachCgroupInet6GetPeername-30]
+	_ = x[AttachCgroupInet4GetSockname-31]
+	_ = x[AttachCgroupInet6GetSockname-32]
+	_ = x[AttachXDPDevMap-33]
+	_ = x[AttachCgroupInetSockRelease-34]
+	_ = x[AttachXDPCPUMap-35]
+	_ = x[AttachSkLookup-36]
+	_ = x[AttachXDP-37]
+}
+
+const _AttachType_name = "AttachNoneAttachCGroupInetEgressAttachCGroupInetSockCreateAttachCGroupSockOpsAttachSkSKBStreamParserAttachSkSKBStreamVerdictAttachCGroupDeviceAttachSkMsgVerdictAttachCGroupInet4BindAttachCGroupInet6BindAttachCGroupInet4ConnectAttachCGroupInet6ConnectAttachCGroupInet4PostBindAttachCGroupInet6PostBindAttachCGroupUDP4SendmsgAttachCGroupUDP6SendmsgAttachLircMode2AttachFlowDissectorAttachCGroupSysctlAttachCGroupUDP4RecvmsgAttachCGroupUDP6RecvmsgAttachCGroupGetsockoptAttachCGroupSetsockoptAttachTraceRawTpAttachTraceFEntryAttachTraceFExitAttachModifyReturnAttachLSMMacAttachTraceIterAttachCgroupInet4GetPeernameAttachCgroupInet6GetPeernameAttachCgroupInet4GetSocknameAttachCgroupInet6GetSocknameAttachXDPDevMapAttachCgroupInetSockReleaseAttachXDPCPUMapAttachSkLookupAttachXDP"
+
+var _AttachType_index = [...]uint16{0, 10, 32, 58, 77, 100, 124, 142, 160, 181, 202, 226, 250, 275, 300, 323, 346, 361, 380, 398, 421, 444, 466, 488, 504, 521, 537, 555, 567, 582, 610, 638, 666, 694, 709, 736, 751, 765, 774}
+
+func (i AttachType) String() string {
+	if i >= AttachType(len(_AttachType_index)-1) {
+		return "AttachType(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _AttachType_name[_AttachType_index[i]:_AttachType_index[i+1]]
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[PinNone-0]
+	_ = x[PinByName-1]
+}
+
+const _PinType_name = "PinNonePinByName"
+
+var _PinType_index = [...]uint8{0, 7, 16}
+
+func (i PinType) String() string {
+	if i < 0 || i >= PinType(len(_PinType_index)-1) {
+		return "PinType(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _PinType_name[_PinType_index[i]:_PinType_index[i+1]]
+}
diff --git a/vendor/github.com/containerd/cgroups/README.md b/vendor/github.com/containerd/cgroups/README.md
index 69e932a9f7559..d4b09f3d61046 100644
--- a/vendor/github.com/containerd/cgroups/README.md
+++ b/vendor/github.com/containerd/cgroups/README.md
@@ -1,8 +1,9 @@
 # cgroups
 
-[![Build Status](https://travis-ci.org/containerd/cgroups.svg?branch=master)](https://travis-ci.org/containerd/cgroups)
-
+[![Build Status](https://github.com/containerd/cgroups/workflows/CI/badge.svg)](https://github.com/containerd/cgroups/actions?query=workflow%3ACI)
 [![codecov](https://codecov.io/gh/containerd/cgroups/branch/master/graph/badge.svg)](https://codecov.io/gh/containerd/cgroups)
+[![GoDoc](https://godoc.org/github.com/containerd/cgroups?status.svg)](https://godoc.org/github.com/containerd/cgroups)
+[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/cgroups)](https://goreportcard.com/report/github.com/containerd/cgroups)
 
 Go package for creating, managing, inspecting, and destroying cgroups.
 The resources format for settings on the cgroup uses the OCI runtime-spec found
@@ -64,7 +65,7 @@ To update the resources applied in the cgroup
 ```go
 shares = uint64(200)
 if err := control.Update(&specs.LinuxResources{
-    CPU: &specs.CPU{
+    CPU: &specs.LinuxCPU{
         Shares: &shares,
     },
 }); err != nil {
@@ -110,3 +111,39 @@ err := control.MoveTo(destination)
 ```go
 subCgroup, err := control.New("child", resources)
 ```
+
+### Registering for memory events
+
+This allows you to get notified by an eventfd for v1 memory cgroups events.
+
+```go
+event := cgroups.MemoryThresholdEvent(50 * 1024 * 1024, false)
+efd, err := control.RegisterMemoryEvent(event)
+```
+
+```go
+event := cgroups.MemoryPressureEvent(cgroups.MediumPressure, cgroups.DefaultMode)
+efd, err := control.RegisterMemoryEvent(event)
+```
+
+```go
+efd, err := control.OOMEventFD()
+// or by using RegisterMemoryEvent
+event := cgroups.OOMEvent()
+efd, err := control.RegisterMemoryEvent(event)
+```
+
+### Attention
+
+All static path should not include `/sys/fs/cgroup/` prefix, it should start with your own cgroups name
+
+## Project details
+
+Cgroups is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
+As a containerd sub-project, you will find the:
+
+ * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/cgroups/blkio.go b/vendor/github.com/containerd/cgroups/blkio.go
index fc1e689cbdcee..a837e19fbffa2 100644
--- a/vendor/github.com/containerd/cgroups/blkio.go
+++ b/vendor/github.com/containerd/cgroups/blkio.go
@@ -20,23 +20,38 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func NewBlkio(root string) *blkioController {
-	return &blkioController{
-		root: filepath.Join(root, string(Blkio)),
+// NewBlkio returns a Blkio controller given the root folder of cgroups.
+// It may optionally accept other configuration options, such as ProcRoot(path)
+func NewBlkio(root string, options ...func(controller *blkioController)) *blkioController {
+	ctrl := &blkioController{
+		root:     filepath.Join(root, string(Blkio)),
+		procRoot: "/proc",
+	}
+	for _, opt := range options {
+		opt(ctrl)
+	}
+	return ctrl
+}
+
+// ProcRoot overrides the default location of the "/proc" filesystem
+func ProcRoot(path string) func(controller *blkioController) {
+	return func(c *blkioController) {
+		c.procRoot = path
 	}
 }
 
 type blkioController struct {
-	root string
+	root     string
+	procRoot string
 }
 
 func (b *blkioController) Name() Name {
@@ -56,8 +71,8 @@ func (b *blkioController) Create(path string, resources *specs.LinuxResources) e
 	}
 	for _, t := range createBlkioSettings(resources.BlockIO) {
 		if t.value != nil {
-			if err := ioutil.WriteFile(
-				filepath.Join(b.Path(path), fmt.Sprintf("blkio.%s", t.name)),
+			if err := retryingWriteFile(
+				filepath.Join(b.Path(path), "blkio."+t.name),
 				t.format(t.value),
 				defaultFilePerm,
 			); err != nil {
@@ -72,56 +87,50 @@ func (b *blkioController) Update(path string, resources *specs.LinuxResources) e
 	return b.Create(path, resources)
 }
 
-func (b *blkioController) Stat(path string, stats *Metrics) error {
-	stats.Blkio = &BlkIOStat{}
-	settings := []blkioStatSettings{
-		{
-			name:  "throttle.io_serviced",
-			entry: &stats.Blkio.IoServicedRecursive,
-		},
-		{
-			name:  "throttle.io_service_bytes",
-			entry: &stats.Blkio.IoServiceBytesRecursive,
-		},
-	}
+func (b *blkioController) Stat(path string, stats *v1.Metrics) error {
+	stats.Blkio = &v1.BlkIOStat{}
+
+	var settings []blkioStatSettings
+
 	// Try to read CFQ stats available on all CFQ enabled kernels first
-	if _, err := os.Lstat(filepath.Join(b.Path(path), fmt.Sprintf("blkio.io_serviced_recursive"))); err == nil {
-		settings = append(settings,
-			blkioStatSettings{
+	if _, err := os.Lstat(filepath.Join(b.Path(path), "blkio.io_serviced_recursive")); err == nil {
+		settings = []blkioStatSettings{
+			{
 				name:  "sectors_recursive",
 				entry: &stats.Blkio.SectorsRecursive,
 			},
-			blkioStatSettings{
+			{
 				name:  "io_service_bytes_recursive",
 				entry: &stats.Blkio.IoServiceBytesRecursive,
 			},
-			blkioStatSettings{
+			{
 				name:  "io_serviced_recursive",
 				entry: &stats.Blkio.IoServicedRecursive,
 			},
-			blkioStatSettings{
+			{
 				name:  "io_queued_recursive",
 				entry: &stats.Blkio.IoQueuedRecursive,
 			},
-			blkioStatSettings{
+			{
 				name:  "io_service_time_recursive",
 				entry: &stats.Blkio.IoServiceTimeRecursive,
 			},
-			blkioStatSettings{
+			{
 				name:  "io_wait_time_recursive",
 				entry: &stats.Blkio.IoWaitTimeRecursive,
 			},
-			blkioStatSettings{
+			{
 				name:  "io_merged_recursive",
 				entry: &stats.Blkio.IoMergedRecursive,
 			},
-			blkioStatSettings{
+			{
 				name:  "time_recursive",
 				entry: &stats.Blkio.IoTimeRecursive,
 			},
-		)
+		}
 	}
-	f, err := os.Open("/proc/diskstats")
+
+	f, err := os.Open(filepath.Join(b.procRoot, "diskstats"))
 	if err != nil {
 		return err
 	}
@@ -132,6 +141,29 @@ func (b *blkioController) Stat(path string, stats *Metrics) error {
 		return err
 	}
 
+	var size int
+	for _, t := range settings {
+		if err := b.readEntry(devices, path, t.name, t.entry); err != nil {
+			return err
+		}
+		size += len(*t.entry)
+	}
+	if size > 0 {
+		return nil
+	}
+
+	// Even the kernel is compiled with the CFQ scheduler, the cgroup may not use
+	// block devices with the CFQ scheduler. If so, we should fallback to throttle.* files.
+	settings = []blkioStatSettings{
+		{
+			name:  "throttle.io_serviced",
+			entry: &stats.Blkio.IoServicedRecursive,
+		},
+		{
+			name:  "throttle.io_service_bytes",
+			entry: &stats.Blkio.IoServiceBytesRecursive,
+		},
+	}
 	for _, t := range settings {
 		if err := b.readEntry(devices, path, t.name, t.entry); err != nil {
 			return err
@@ -140,17 +172,14 @@ func (b *blkioController) Stat(path string, stats *Metrics) error {
 	return nil
 }
 
-func (b *blkioController) readEntry(devices map[deviceKey]string, path, name string, entry *[]*BlkIOEntry) error {
-	f, err := os.Open(filepath.Join(b.Path(path), fmt.Sprintf("blkio.%s", name)))
+func (b *blkioController) readEntry(devices map[deviceKey]string, path, name string, entry *[]*v1.BlkIOEntry) error {
+	f, err := os.Open(filepath.Join(b.Path(path), "blkio."+name))
 	if err != nil {
 		return err
 	}
 	defer f.Close()
 	sc := bufio.NewScanner(f)
 	for sc.Scan() {
-		if err := sc.Err(); err != nil {
-			return err
-		}
 		// format: dev type amount
 		fields := strings.FieldsFunc(sc.Text(), splitBlkIOStatLine)
 		if len(fields) < 3 {
@@ -158,7 +187,7 @@ func (b *blkioController) readEntry(devices map[deviceKey]string, path, name str
 				// skip total line
 				continue
 			} else {
-				return fmt.Errorf("Invalid line found while parsing %s: %s", path, sc.Text())
+				return fmt.Errorf("invalid line found while parsing %s: %s", path, sc.Text())
 			}
 		}
 		major, err := strconv.ParseUint(fields[0], 10, 64)
@@ -179,7 +208,7 @@ func (b *blkioController) readEntry(devices map[deviceKey]string, path, name str
 		if err != nil {
 			return err
 		}
-		*entry = append(*entry, &BlkIOEntry{
+		*entry = append(*entry, &v1.BlkIOEntry{
 			Device: devices[deviceKey{major, minor}],
 			Major:  major,
 			Minor:  minor,
@@ -187,35 +216,46 @@ func (b *blkioController) readEntry(devices map[deviceKey]string, path, name str
 			Value:  v,
 		})
 	}
-	return nil
+	return sc.Err()
 }
 
 func createBlkioSettings(blkio *specs.LinuxBlockIO) []blkioSettings {
-	settings := []blkioSettings{
-		{
-			name:   "weight",
-			value:  blkio.Weight,
-			format: uintf,
-		},
-		{
-			name:   "leaf_weight",
-			value:  blkio.LeafWeight,
-			format: uintf,
-		},
-	}
-	for _, wd := range blkio.WeightDevice {
+	settings := []blkioSettings{}
+
+	if blkio.Weight != nil {
 		settings = append(settings,
 			blkioSettings{
-				name:   "weight_device",
-				value:  wd,
-				format: weightdev,
-			},
+				name:   "weight",
+				value:  blkio.Weight,
+				format: uintf,
+			})
+	}
+	if blkio.LeafWeight != nil {
+		settings = append(settings,
 			blkioSettings{
-				name:   "leaf_weight_device",
-				value:  wd,
-				format: weightleafdev,
+				name:   "leaf_weight",
+				value:  blkio.LeafWeight,
+				format: uintf,
 			})
 	}
+	for _, wd := range blkio.WeightDevice {
+		if wd.Weight != nil {
+			settings = append(settings,
+				blkioSettings{
+					name:   "weight_device",
+					value:  wd,
+					format: weightdev,
+				})
+		}
+		if wd.LeafWeight != nil {
+			settings = append(settings,
+				blkioSettings{
+					name:   "leaf_weight_device",
+					value:  wd,
+					format: weightleafdev,
+				})
+		}
+	}
 	for _, t := range []struct {
 		name string
 		list []specs.LinuxThrottleDevice
@@ -256,7 +296,7 @@ type blkioSettings struct {
 
 type blkioStatSettings struct {
 	name  string
-	entry *[]*BlkIOEntry
+	entry *[]*v1.BlkIOEntry
 }
 
 func uintf(v interface{}) []byte {
@@ -265,12 +305,12 @@ func uintf(v interface{}) []byte {
 
 func weightdev(v interface{}) []byte {
 	wd := v.(specs.LinuxWeightDevice)
-	return []byte(fmt.Sprintf("%d:%d %d", wd.Major, wd.Minor, wd.Weight))
+	return []byte(fmt.Sprintf("%d:%d %d", wd.Major, wd.Minor, *wd.Weight))
 }
 
 func weightleafdev(v interface{}) []byte {
 	wd := v.(specs.LinuxWeightDevice)
-	return []byte(fmt.Sprintf("%d:%d %d", wd.Major, wd.Minor, wd.LeafWeight))
+	return []byte(fmt.Sprintf("%d:%d %d", wd.Major, wd.Minor, *wd.LeafWeight))
 }
 
 func throttleddev(v interface{}) []byte {
@@ -316,11 +356,3 @@ func getDevices(r io.Reader) (map[deviceKey]string, error) {
 	}
 	return devices, s.Err()
 }
-
-func major(devNumber uint64) uint64 {
-	return (devNumber >> 8) & 0xfff
-}
-
-func minor(devNumber uint64) uint64 {
-	return (devNumber & 0xff) | ((devNumber >> 12) & 0xfff00)
-}
diff --git a/vendor/github.com/containerd/cgroups/cgroup.go b/vendor/github.com/containerd/cgroups/cgroup.go
index 7959feb490376..e0e014b282f4f 100644
--- a/vendor/github.com/containerd/cgroups/cgroup.go
+++ b/vendor/github.com/containerd/cgroups/cgroup.go
@@ -18,59 +18,101 @@ package cgroups
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
 
 // New returns a new control via the cgroup cgroups interface
-func New(hierarchy Hierarchy, path Path, resources *specs.LinuxResources) (Cgroup, error) {
+func New(hierarchy Hierarchy, path Path, resources *specs.LinuxResources, opts ...InitOpts) (Cgroup, error) {
+	config := newInitConfig()
+	for _, o := range opts {
+		if err := o(config); err != nil {
+			return nil, err
+		}
+	}
 	subsystems, err := hierarchy()
 	if err != nil {
 		return nil, err
 	}
+	var active []Subsystem
 	for _, s := range subsystems {
+		// check if subsystem exists
 		if err := initializeSubsystem(s, path, resources); err != nil {
+			if err == ErrControllerNotActive {
+				if config.InitCheck != nil {
+					if skerr := config.InitCheck(s, path, err); skerr != nil {
+						if skerr != ErrIgnoreSubsystem {
+							return nil, skerr
+						}
+					}
+				}
+				continue
+			}
 			return nil, err
 		}
+		active = append(active, s)
 	}
 	return &cgroup{
 		path:       path,
-		subsystems: subsystems,
+		subsystems: active,
 	}, nil
 }
 
 // Load will load an existing cgroup and allow it to be controlled
-func Load(hierarchy Hierarchy, path Path) (Cgroup, error) {
+// All static path should not include `/sys/fs/cgroup/` prefix, it should start with your own cgroups name
+func Load(hierarchy Hierarchy, path Path, opts ...InitOpts) (Cgroup, error) {
+	config := newInitConfig()
+	for _, o := range opts {
+		if err := o(config); err != nil {
+			return nil, err
+		}
+	}
+	var activeSubsystems []Subsystem
 	subsystems, err := hierarchy()
 	if err != nil {
 		return nil, err
 	}
-	// check the the subsystems still exist
+	// check that the subsystems still exist, and keep only those that actually exist
 	for _, s := range pathers(subsystems) {
 		p, err := path(s.Name())
 		if err != nil {
 			if os.IsNotExist(errors.Cause(err)) {
 				return nil, ErrCgroupDeleted
 			}
+			if err == ErrControllerNotActive {
+				if config.InitCheck != nil {
+					if skerr := config.InitCheck(s, path, err); skerr != nil {
+						if skerr != ErrIgnoreSubsystem {
+							return nil, skerr
+						}
+					}
+				}
+				continue
+			}
 			return nil, err
 		}
 		if _, err := os.Lstat(s.Path(p)); err != nil {
 			if os.IsNotExist(err) {
-				return nil, ErrCgroupDeleted
+				continue
 			}
 			return nil, err
 		}
+		activeSubsystems = append(activeSubsystems, s)
+	}
+	// if we do not have any active systems then the cgroup is deleted
+	if len(activeSubsystems) == 0 {
+		return nil, ErrCgroupDeleted
 	}
 	return &cgroup{
 		path:       path,
-		subsystems: subsystems,
+		subsystems: activeSubsystems,
 	}, nil
 }
 
@@ -126,7 +168,7 @@ func (c *cgroup) add(process Process) error {
 		if err != nil {
 			return err
 		}
-		if err := ioutil.WriteFile(
+		if err := retryingWriteFile(
 			filepath.Join(s.Path(p), cgroupProcs),
 			[]byte(strconv.Itoa(process.Pid)),
 			defaultFilePerm,
@@ -156,7 +198,7 @@ func (c *cgroup) addTask(process Process) error {
 		if err != nil {
 			return err
 		}
-		if err := ioutil.WriteFile(
+		if err := retryingWriteFile(
 			filepath.Join(s.Path(p), cgroupTasks),
 			[]byte(strconv.Itoa(process.Pid)),
 			defaultFilePerm,
@@ -174,7 +216,7 @@ func (c *cgroup) Delete() error {
 	if c.err != nil {
 		return c.err
 	}
-	var errors []string
+	var errs []string
 	for _, s := range c.subsystems {
 		if d, ok := s.(deleter); ok {
 			sp, err := c.path(s.Name())
@@ -182,7 +224,7 @@ func (c *cgroup) Delete() error {
 				return err
 			}
 			if err := d.Delete(sp); err != nil {
-				errors = append(errors, string(s.Name()))
+				errs = append(errs, string(s.Name()))
 			}
 			continue
 		}
@@ -193,19 +235,19 @@ func (c *cgroup) Delete() error {
 			}
 			path := p.Path(sp)
 			if err := remove(path); err != nil {
-				errors = append(errors, path)
+				errs = append(errs, path)
 			}
 		}
 	}
-	if len(errors) > 0 {
-		return fmt.Errorf("cgroups: unable to remove paths %s", strings.Join(errors, ", "))
+	if len(errs) > 0 {
+		return fmt.Errorf("cgroups: unable to remove paths %s", strings.Join(errs, ", "))
 	}
 	c.err = ErrCgroupDeleted
 	return nil
 }
 
 // Stat returns the current metrics for the cgroup
-func (c *cgroup) Stat(handlers ...ErrorHandler) (*Metrics, error) {
+func (c *cgroup) Stat(handlers ...ErrorHandler) (*v1.Metrics, error) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	if c.err != nil {
@@ -215,10 +257,10 @@ func (c *cgroup) Stat(handlers ...ErrorHandler) (*Metrics, error) {
 		handlers = append(handlers, errPassthrough)
 	}
 	var (
-		stats = &Metrics{
-			CPU: &CPUStat{
-				Throttling: &Throttle{},
-				Usage:      &CPUUsage{},
+		stats = &v1.Metrics{
+			CPU: &v1.CPUStat{
+				Throttling: &v1.Throttle{},
+				Usage:      &v1.CPUUsage{},
 			},
 		}
 		wg   = &sync.WaitGroup{}
@@ -319,6 +361,49 @@ func (c *cgroup) processes(subsystem Name, recursive bool) ([]Process, error) {
 	return processes, err
 }
 
+// Tasks returns the tasks running inside the cgroup along
+// with the subsystem used, pid, and path
+func (c *cgroup) Tasks(subsystem Name, recursive bool) ([]Task, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.err != nil {
+		return nil, c.err
+	}
+	return c.tasks(subsystem, recursive)
+}
+
+func (c *cgroup) tasks(subsystem Name, recursive bool) ([]Task, error) {
+	s := c.getSubsystem(subsystem)
+	sp, err := c.path(subsystem)
+	if err != nil {
+		return nil, err
+	}
+	path := s.(pather).Path(sp)
+	var tasks []Task
+	err = filepath.Walk(path, func(p string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if !recursive && info.IsDir() {
+			if p == path {
+				return nil
+			}
+			return filepath.SkipDir
+		}
+		dir, name := filepath.Split(p)
+		if name != cgroupTasks {
+			return nil
+		}
+		procs, err := readTasksPids(dir, subsystem)
+		if err != nil {
+			return err
+		}
+		tasks = append(tasks, procs...)
+		return nil
+	})
+	return tasks, err
+}
+
 // Freeze freezes the entire cgroup and all the processes inside it
 func (c *cgroup) Freeze() error {
 	c.mu.Lock()
@@ -372,7 +457,26 @@ func (c *cgroup) OOMEventFD() (uintptr, error) {
 	if err != nil {
 		return 0, err
 	}
-	return s.(*memoryController).OOMEventFD(sp)
+	return s.(*memoryController).memoryEvent(sp, OOMEvent())
+}
+
+// RegisterMemoryEvent allows the ability to register for all v1 memory cgroups
+// notifications.
+func (c *cgroup) RegisterMemoryEvent(event MemoryEvent) (uintptr, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.err != nil {
+		return 0, c.err
+	}
+	s := c.getSubsystem(Memory)
+	if s == nil {
+		return 0, ErrMemoryNotSupported
+	}
+	sp, err := c.path(Memory)
+	if err != nil {
+		return 0, err
+	}
+	return s.(*memoryController).memoryEvent(sp, event)
 }
 
 // State returns the state of the cgroup and its processes
@@ -413,6 +517,9 @@ func (c *cgroup) MoveTo(destination Cgroup) error {
 		}
 		for _, p := range processes {
 			if err := destination.Add(p); err != nil {
+				if strings.Contains(err.Error(), "no such process") {
+					continue
+				}
 				return err
 			}
 		}
diff --git a/vendor/github.com/containerd/cgroups/control.go b/vendor/github.com/containerd/cgroups/control.go
index 63e2df93dd9d2..a4cb9b8324658 100644
--- a/vendor/github.com/containerd/cgroups/control.go
+++ b/vendor/github.com/containerd/cgroups/control.go
@@ -19,6 +19,7 @@ package cgroups
 import (
 	"os"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -44,6 +45,15 @@ type Process struct {
 	Path string
 }
 
+type Task struct {
+	// Subsystem is the name of the subsystem that the task is in
+	Subsystem Name
+	// Pid is the process id of the task
+	Pid int
+	// Path is the full path of the subsystem and location that the task is in
+	Path string
+}
+
 // Cgroup handles interactions with the individual groups to perform
 // actions on them as them main interface to this cgroup package
 type Cgroup interface {
@@ -59,17 +69,22 @@ type Cgroup interface {
 	// subsystems are moved one at a time
 	MoveTo(Cgroup) error
 	// Stat returns the stats for all subsystems in the cgroup
-	Stat(...ErrorHandler) (*Metrics, error)
+	Stat(...ErrorHandler) (*v1.Metrics, error)
 	// Update updates all the subsystems with the provided resource changes
 	Update(resources *specs.LinuxResources) error
 	// Processes returns all the processes in a select subsystem for the cgroup
 	Processes(Name, bool) ([]Process, error)
+	// Tasks returns all the tasks in a select subsystem for the cgroup
+	Tasks(Name, bool) ([]Task, error)
 	// Freeze freezes or pauses all processes inside the cgroup
 	Freeze() error
 	// Thaw thaw or resumes all processes inside the cgroup
 	Thaw() error
 	// OOMEventFD returns the memory subsystem's event fd for OOM events
 	OOMEventFD() (uintptr, error)
+	// RegisterMemoryEvent returns the memory subsystems event fd for whatever memory event was
+	// registered for. Can alternatively register for the oom event with this method.
+	RegisterMemoryEvent(MemoryEvent) (uintptr, error)
 	// State returns the cgroups current state
 	State() State
 	// Subsystems returns all the subsystems in the cgroup
diff --git a/vendor/github.com/containerd/cgroups/cpu.go b/vendor/github.com/containerd/cgroups/cpu.go
index 431cd3e51e468..27024f17b826c 100644
--- a/vendor/github.com/containerd/cgroups/cpu.go
+++ b/vendor/github.com/containerd/cgroups/cpu.go
@@ -18,12 +18,11 @@ package cgroups
 
 import (
 	"bufio"
-	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -83,8 +82,8 @@ func (c *cpuController) Create(path string, resources *specs.LinuxResources) err
 				value = []byte(strconv.FormatInt(*t.ivalue, 10))
 			}
 			if value != nil {
-				if err := ioutil.WriteFile(
-					filepath.Join(c.Path(path), fmt.Sprintf("cpu.%s", t.name)),
+				if err := retryingWriteFile(
+					filepath.Join(c.Path(path), "cpu."+t.name),
 					value,
 					defaultFilePerm,
 				); err != nil {
@@ -100,7 +99,7 @@ func (c *cpuController) Update(path string, resources *specs.LinuxResources) err
 	return c.Create(path, resources)
 }
 
-func (c *cpuController) Stat(path string, stats *Metrics) error {
+func (c *cpuController) Stat(path string, stats *v1.Metrics) error {
 	f, err := os.Open(filepath.Join(c.Path(path), "cpu.stat"))
 	if err != nil {
 		return err
@@ -109,9 +108,6 @@ func (c *cpuController) Stat(path string, stats *Metrics) error {
 	// get or create the cpu field because cpuacct can also set values on this struct
 	sc := bufio.NewScanner(f)
 	for sc.Scan() {
-		if err := sc.Err(); err != nil {
-			return err
-		}
 		key, v, err := parseKV(sc.Text())
 		if err != nil {
 			return err
@@ -125,5 +121,5 @@ func (c *cpuController) Stat(path string, stats *Metrics) error {
 			stats.CPU.Throttling.ThrottledTime = v
 		}
 	}
-	return nil
+	return sc.Err()
 }
diff --git a/vendor/github.com/containerd/cgroups/cpuacct.go b/vendor/github.com/containerd/cgroups/cpuacct.go
index 42a490a87e7c9..e5fc864bd7546 100644
--- a/vendor/github.com/containerd/cgroups/cpuacct.go
+++ b/vendor/github.com/containerd/cgroups/cpuacct.go
@@ -22,6 +22,8 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
+
+	v1 "github.com/containerd/cgroups/stats/v1"
 )
 
 const nanosecondsInSecond = 1000000000
@@ -46,7 +48,7 @@ func (c *cpuacctController) Path(path string) string {
 	return filepath.Join(c.root, path)
 }
 
-func (c *cpuacctController) Stat(path string, stats *Metrics) error {
+func (c *cpuacctController) Stat(path string, stats *v1.Metrics) error {
 	user, kernel, err := c.getUsage(path)
 	if err != nil {
 		return err
diff --git a/vendor/github.com/containerd/cgroups/cpuset.go b/vendor/github.com/containerd/cgroups/cpuset.go
index f182aa68c100e..3cae173bdd1b4 100644
--- a/vendor/github.com/containerd/cgroups/cpuset.go
+++ b/vendor/github.com/containerd/cgroups/cpuset.go
@@ -26,7 +26,7 @@ import (
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func NewCputset(root string) *cpusetController {
+func NewCpuset(root string) *cpusetController {
 	return &cpusetController{
 		root: filepath.Join(root, string(Cpuset)),
 	}
@@ -57,21 +57,21 @@ func (c *cpusetController) Create(path string, resources *specs.LinuxResources)
 	if resources.CPU != nil {
 		for _, t := range []struct {
 			name  string
-			value *string
+			value string
 		}{
 			{
 				name:  "cpus",
-				value: &resources.CPU.Cpus,
+				value: resources.CPU.Cpus,
 			},
 			{
 				name:  "mems",
-				value: &resources.CPU.Mems,
+				value: resources.CPU.Mems,
 			},
 		} {
-			if t.value != nil {
-				if err := ioutil.WriteFile(
-					filepath.Join(c.Path(path), fmt.Sprintf("cpuset.%s", t.name)),
-					[]byte(*t.value),
+			if t.value != "" {
+				if err := retryingWriteFile(
+					filepath.Join(c.Path(path), "cpuset."+t.name),
+					[]byte(t.value),
 					defaultFilePerm,
 				); err != nil {
 					return err
@@ -134,7 +134,7 @@ func (c *cpusetController) copyIfNeeded(current, parent string) error {
 		return err
 	}
 	if isEmpty(currentCpus) {
-		if err := ioutil.WriteFile(
+		if err := retryingWriteFile(
 			filepath.Join(current, "cpuset.cpus"),
 			parentCpus,
 			defaultFilePerm,
@@ -143,7 +143,7 @@ func (c *cpusetController) copyIfNeeded(current, parent string) error {
 		}
 	}
 	if isEmpty(currentMems) {
-		if err := ioutil.WriteFile(
+		if err := retryingWriteFile(
 			filepath.Join(current, "cpuset.mems"),
 			parentMems,
 			defaultFilePerm,
diff --git a/vendor/github.com/containerd/cgroups/devices.go b/vendor/github.com/containerd/cgroups/devices.go
index f9a118b22710c..7792566d5ee40 100644
--- a/vendor/github.com/containerd/cgroups/devices.go
+++ b/vendor/github.com/containerd/cgroups/devices.go
@@ -18,7 +18,6 @@ package cgroups
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -58,7 +57,10 @@ func (d *devicesController) Create(path string, resources *specs.LinuxResources)
 		if device.Allow {
 			file = allowDeviceFile
 		}
-		if err := ioutil.WriteFile(
+		if device.Type == "" {
+			device.Type = "a"
+		}
+		if err := retryingWriteFile(
 			filepath.Join(d.Path(path), file),
 			[]byte(deviceString(device)),
 			defaultFilePerm,
diff --git a/vendor/github.com/containerd/cgroups/freezer.go b/vendor/github.com/containerd/cgroups/freezer.go
index 5e668408a274a..59a7e71283682 100644
--- a/vendor/github.com/containerd/cgroups/freezer.go
+++ b/vendor/github.com/containerd/cgroups/freezer.go
@@ -50,7 +50,7 @@ func (f *freezerController) Thaw(path string) error {
 }
 
 func (f *freezerController) changeState(path string, state State) error {
-	return ioutil.WriteFile(
+	return retryingWriteFile(
 		filepath.Join(f.root, path, "freezer.state"),
 		[]byte(strings.ToUpper(string(state))),
 		defaultFilePerm,
diff --git a/vendor/github.com/containerd/cgroups/go.mod b/vendor/github.com/containerd/cgroups/go.mod
new file mode 100644
index 0000000000000..eed71ffb485e4
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/go.mod
@@ -0,0 +1,18 @@
+module github.com/containerd/cgroups
+
+go 1.13
+
+require (
+	github.com/cilium/ebpf v0.4.0
+	github.com/coreos/go-systemd/v22 v22.1.0
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
+	github.com/docker/go-units v0.4.0
+	github.com/godbus/dbus/v5 v5.0.3
+	github.com/gogo/protobuf v1.3.2
+	github.com/opencontainers/runtime-spec v1.0.2
+	github.com/pkg/errors v0.9.1
+	github.com/sirupsen/logrus v1.7.0
+	github.com/stretchr/testify v1.6.1
+	github.com/urfave/cli v1.22.2
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+)
diff --git a/vendor/github.com/containerd/cgroups/hierarchy.go b/vendor/github.com/containerd/cgroups/hierarchy.go
index 9221bf3f15c28..ca3f1b9380b75 100644
--- a/vendor/github.com/containerd/cgroups/hierarchy.go
+++ b/vendor/github.com/containerd/cgroups/hierarchy.go
@@ -16,5 +16,5 @@
 
 package cgroups
 
-// Hierarchy enableds both unified and split hierarchy for cgroups
+// Hierarchy enables both unified and split hierarchy for cgroups
 type Hierarchy func() ([]Subsystem, error)
diff --git a/vendor/github.com/containerd/cgroups/hugetlb.go b/vendor/github.com/containerd/cgroups/hugetlb.go
index 3718706d7b458..c0eb03b24da3a 100644
--- a/vendor/github.com/containerd/cgroups/hugetlb.go
+++ b/vendor/github.com/containerd/cgroups/hugetlb.go
@@ -17,12 +17,12 @@
 package cgroups
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -56,7 +56,7 @@ func (h *hugetlbController) Create(path string, resources *specs.LinuxResources)
 		return err
 	}
 	for _, limit := range resources.HugepageLimits {
-		if err := ioutil.WriteFile(
+		if err := retryingWriteFile(
 			filepath.Join(h.Path(path), strings.Join([]string{"hugetlb", limit.Pagesize, "limit_in_bytes"}, ".")),
 			[]byte(strconv.FormatUint(limit.Limit, 10)),
 			defaultFilePerm,
@@ -67,7 +67,7 @@ func (h *hugetlbController) Create(path string, resources *specs.LinuxResources)
 	return nil
 }
 
-func (h *hugetlbController) Stat(path string, stats *Metrics) error {
+func (h *hugetlbController) Stat(path string, stats *v1.Metrics) error {
 	for _, size := range h.sizes {
 		s, err := h.readSizeStat(path, size)
 		if err != nil {
@@ -78,8 +78,8 @@ func (h *hugetlbController) Stat(path string, stats *Metrics) error {
 	return nil
 }
 
-func (h *hugetlbController) readSizeStat(path, size string) (*HugetlbStat, error) {
-	s := HugetlbStat{
+func (h *hugetlbController) readSizeStat(path, size string) (*v1.HugetlbStat, error) {
+	s := v1.HugetlbStat{
 		Pagesize: size,
 	}
 	for _, t := range []struct {
diff --git a/vendor/github.com/containerd/cgroups/memory.go b/vendor/github.com/containerd/cgroups/memory.go
index ce15ca2b9a336..e271866ef94fc 100644
--- a/vendor/github.com/containerd/cgroups/memory.go
+++ b/vendor/github.com/containerd/cgroups/memory.go
@@ -20,26 +20,175 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
-	"syscall"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"golang.org/x/sys/unix"
+)
 
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+// MemoryEvent is an interface that V1 memory Cgroup notifications implement. Arg returns the
+// file name whose fd should be written to "cgroups.event_control". EventFile returns the name of
+// the file that supports the notification api e.g. "memory.usage_in_bytes".
+type MemoryEvent interface {
+	Arg() string
+	EventFile() string
+}
+
+type memoryThresholdEvent struct {
+	threshold uint64
+	swap      bool
+}
+
+// MemoryThresholdEvent returns a new memory threshold event to be used with RegisterMemoryEvent.
+// If swap is true, the event will be registered using memory.memsw.usage_in_bytes
+func MemoryThresholdEvent(threshold uint64, swap bool) MemoryEvent {
+	return &memoryThresholdEvent{
+		threshold,
+		swap,
+	}
+}
+
+func (m *memoryThresholdEvent) Arg() string {
+	return strconv.FormatUint(m.threshold, 10)
+}
+
+func (m *memoryThresholdEvent) EventFile() string {
+	if m.swap {
+		return "memory.memsw.usage_in_bytes"
+	}
+	return "memory.usage_in_bytes"
+}
+
+type oomEvent struct{}
+
+// OOMEvent returns a new oom event to be used with RegisterMemoryEvent.
+func OOMEvent() MemoryEvent {
+	return &oomEvent{}
+}
+
+func (oom *oomEvent) Arg() string {
+	return ""
+}
+
+func (oom *oomEvent) EventFile() string {
+	return "memory.oom_control"
+}
+
+type memoryPressureEvent struct {
+	pressureLevel MemoryPressureLevel
+	hierarchy     EventNotificationMode
+}
+
+// MemoryPressureEvent returns a new memory pressure event to be used with RegisterMemoryEvent.
+func MemoryPressureEvent(pressureLevel MemoryPressureLevel, hierarchy EventNotificationMode) MemoryEvent {
+	return &memoryPressureEvent{
+		pressureLevel,
+		hierarchy,
+	}
+}
+
+func (m *memoryPressureEvent) Arg() string {
+	return string(m.pressureLevel) + "," + string(m.hierarchy)
+}
+
+func (m *memoryPressureEvent) EventFile() string {
+	return "memory.pressure_level"
+}
+
+// MemoryPressureLevel corresponds to the memory pressure levels defined
+// for memory cgroups.
+type MemoryPressureLevel string
+
+// The three memory pressure levels are as follows.
+//  - The "low" level means that the system is reclaiming memory for new
+//    allocations. Monitoring this reclaiming activity might be useful for
+//    maintaining cache level. Upon notification, the program (typically
+//    "Activity Manager") might analyze vmstat and act in advance (i.e.
+//    prematurely shutdown unimportant services).
+//  - The "medium" level means that the system is experiencing medium memory
+//    pressure, the system might be making swap, paging out active file caches,
+//    etc. Upon this event applications may decide to further analyze
+//    vmstat/zoneinfo/memcg or internal memory usage statistics and free any
+//    resources that can be easily reconstructed or re-read from a disk.
+//  - The "critical" level means that the system is actively thrashing, it is
+//    about to out of memory (OOM) or even the in-kernel OOM killer is on its
+//    way to trigger. Applications should do whatever they can to help the
+//    system. It might be too late to consult with vmstat or any other
+//    statistics, so it is advisable to take an immediate action.
+//    "https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt" Section 11
+const (
+	LowPressure      MemoryPressureLevel = "low"
+	MediumPressure   MemoryPressureLevel = "medium"
+	CriticalPressure MemoryPressureLevel = "critical"
+)
+
+// EventNotificationMode corresponds to the notification modes
+// for the memory cgroups pressure level notifications.
+type EventNotificationMode string
+
+// There are three optional modes that specify different propagation behavior:
+//  - "default": this is the default behavior specified above. This mode is the
+//    same as omitting the optional mode parameter, preserved by backwards
+//    compatibility.
+//  - "hierarchy": events always propagate up to the root, similar to the default
+//    behavior, except that propagation continues regardless of whether there are
+//    event listeners at each level, with the "hierarchy" mode. In the above
+//    example, groups A, B, and C will receive notification of memory pressure.
+//  - "local": events are pass-through, i.e. they only receive notifications when
+//    memory pressure is experienced in the memcg for which the notification is
+//    registered. In the above example, group C will receive notification if
+//    registered for "local" notification and the group experiences memory
+//    pressure. However, group B will never receive notification, regardless if
+//    there is an event listener for group C or not, if group B is registered for
+//    local notification.
+//    "https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt" Section 11
+const (
+	DefaultMode   EventNotificationMode = "default"
+	LocalMode     EventNotificationMode = "local"
+	HierarchyMode EventNotificationMode = "hierarchy"
 )
 
-func NewMemory(root string) *memoryController {
-	return &memoryController{
-		root: filepath.Join(root, string(Memory)),
+// NewMemory returns a Memory controller given the root folder of cgroups.
+// It may optionally accept other configuration options, such as IgnoreModules(...)
+func NewMemory(root string, options ...func(*memoryController)) *memoryController {
+	mc := &memoryController{
+		root:    filepath.Join(root, string(Memory)),
+		ignored: map[string]struct{}{},
+	}
+	for _, opt := range options {
+		opt(mc)
+	}
+	return mc
+}
+
+// IgnoreModules configure the memory controller to not read memory metrics for some
+// module names (e.g. passing "memsw" would avoid all the memory.memsw.* entries)
+func IgnoreModules(names ...string) func(*memoryController) {
+	return func(mc *memoryController) {
+		for _, name := range names {
+			mc.ignored[name] = struct{}{}
+		}
+	}
+}
+
+// OptionalSwap allows the memory controller to not fail if cgroups is not accounting
+// Swap memory (there are no memory.memsw.* entries)
+func OptionalSwap() func(*memoryController) {
+	return func(mc *memoryController) {
+		_, err := os.Stat(filepath.Join(mc.root, "memory.memsw.usage_in_bytes"))
+		if os.IsNotExist(err) {
+			mc.ignored["memsw"] = struct{}{}
+		}
 	}
 }
 
 type memoryController struct {
-	root string
+	root    string
+	ignored map[string]struct{}
 }
 
 func (m *memoryController) Name() Name {
@@ -57,21 +206,6 @@ func (m *memoryController) Create(path string, resources *specs.LinuxResources)
 	if resources.Memory == nil {
 		return nil
 	}
-	if resources.Memory.Kernel != nil {
-		// Check if kernel memory is enabled
-		// We have to limit the kernel memory here as it won't be accounted at all
-		// until a limit is set on the cgroup and limit cannot be set once the
-		// cgroup has children, or if there are already tasks in the cgroup.
-		for _, i := range []int64{1, -1} {
-			if err := ioutil.WriteFile(
-				filepath.Join(m.Path(path), "memory.kmem.limit_in_bytes"),
-				[]byte(strconv.FormatInt(i, 10)),
-				defaultFilePerm,
-			); err != nil {
-				return checkEBUSY(err)
-			}
-		}
-	}
 	return m.set(path, getMemorySettings(resources))
 }
 
@@ -97,24 +231,34 @@ func (m *memoryController) Update(path string, resources *specs.LinuxResources)
 	return m.set(path, settings)
 }
 
-func (m *memoryController) Stat(path string, stats *Metrics) error {
-	f, err := os.Open(filepath.Join(m.Path(path), "memory.stat"))
+func (m *memoryController) Stat(path string, stats *v1.Metrics) error {
+	fMemStat, err := os.Open(filepath.Join(m.Path(path), "memory.stat"))
 	if err != nil {
 		return err
 	}
-	defer f.Close()
-	stats.Memory = &MemoryStat{
-		Usage:     &MemoryEntry{},
-		Swap:      &MemoryEntry{},
-		Kernel:    &MemoryEntry{},
-		KernelTCP: &MemoryEntry{},
+	defer fMemStat.Close()
+	stats.Memory = &v1.MemoryStat{
+		Usage:     &v1.MemoryEntry{},
+		Swap:      &v1.MemoryEntry{},
+		Kernel:    &v1.MemoryEntry{},
+		KernelTCP: &v1.MemoryEntry{},
+	}
+	if err := m.parseStats(fMemStat, stats.Memory); err != nil {
+		return err
+	}
+
+	fMemOomControl, err := os.Open(filepath.Join(m.Path(path), "memory.oom_control"))
+	if err != nil {
+		return err
 	}
-	if err := m.parseStats(f, stats.Memory); err != nil {
+	defer fMemOomControl.Close()
+	stats.MemoryOomControl = &v1.MemoryOomControl{}
+	if err := m.parseOomControlStats(fMemOomControl, stats.MemoryOomControl); err != nil {
 		return err
 	}
 	for _, t := range []struct {
 		module string
-		entry  *MemoryEntry
+		entry  *v1.MemoryEntry
 	}{
 		{
 			module: "",
@@ -133,6 +277,9 @@ func (m *memoryController) Stat(path string, stats *Metrics) error {
 			entry:  stats.Memory.KernelTCP,
 		},
 	} {
+		if _, ok := m.ignored[t.module]; ok {
+			continue
+		}
 		for _, tt := range []struct {
 			name  string
 			value *uint64
@@ -169,44 +316,13 @@ func (m *memoryController) Stat(path string, stats *Metrics) error {
 	return nil
 }
 
-func (m *memoryController) OOMEventFD(path string) (uintptr, error) {
-	root := m.Path(path)
-	f, err := os.Open(filepath.Join(root, "memory.oom_control"))
-	if err != nil {
-		return 0, err
-	}
-	defer f.Close()
-	fd, _, serr := unix.RawSyscall(unix.SYS_EVENTFD2, 0, unix.EFD_CLOEXEC, 0)
-	if serr != 0 {
-		return 0, serr
-	}
-	if err := writeEventFD(root, f.Fd(), fd); err != nil {
-		unix.Close(int(fd))
-		return 0, err
-	}
-	return fd, nil
-}
-
-func writeEventFD(root string, cfd, efd uintptr) error {
-	f, err := os.OpenFile(filepath.Join(root, "cgroup.event_control"), os.O_WRONLY, 0)
-	if err != nil {
-		return err
-	}
-	_, err = f.WriteString(fmt.Sprintf("%d %d", efd, cfd))
-	f.Close()
-	return err
-}
-
-func (m *memoryController) parseStats(r io.Reader, stat *MemoryStat) error {
+func (m *memoryController) parseStats(r io.Reader, stat *v1.MemoryStat) error {
 	var (
 		raw  = make(map[string]uint64)
 		sc   = bufio.NewScanner(r)
 		line int
 	)
 	for sc.Scan() {
-		if err := sc.Err(); err != nil {
-			return err
-		}
 		key, v, err := parseKV(sc.Text())
 		if err != nil {
 			return fmt.Errorf("%d: %v", line, err)
@@ -214,6 +330,9 @@ func (m *memoryController) parseStats(r io.Reader, stat *MemoryStat) error {
 		raw[key] = v
 		line++
 	}
+	if err := sc.Err(); err != nil {
+		return err
+	}
 	stat.Cache = raw["cache"]
 	stat.RSS = raw["rss"]
 	stat.RSSHuge = raw["rss_huge"]
@@ -249,11 +368,34 @@ func (m *memoryController) parseStats(r io.Reader, stat *MemoryStat) error {
 	return nil
 }
 
+func (m *memoryController) parseOomControlStats(r io.Reader, stat *v1.MemoryOomControl) error {
+	var (
+		raw  = make(map[string]uint64)
+		sc   = bufio.NewScanner(r)
+		line int
+	)
+	for sc.Scan() {
+		key, v, err := parseKV(sc.Text())
+		if err != nil {
+			return fmt.Errorf("%d: %v", line, err)
+		}
+		raw[key] = v
+		line++
+	}
+	if err := sc.Err(); err != nil {
+		return err
+	}
+	stat.OomKillDisable = raw["oom_kill_disable"]
+	stat.UnderOom = raw["under_oom"]
+	stat.OomKill = raw["oom_kill"]
+	return nil
+}
+
 func (m *memoryController) set(path string, settings []memorySettings) error {
 	for _, t := range settings {
 		if t.value != nil {
-			if err := ioutil.WriteFile(
-				filepath.Join(m.Path(path), fmt.Sprintf("memory.%s", t.name)),
+			if err := retryingWriteFile(
+				filepath.Join(m.Path(path), "memory."+t.name),
 				[]byte(strconv.FormatInt(*t.value, 10)),
 				defaultFilePerm,
 			); err != nil {
@@ -281,6 +423,10 @@ func getMemorySettings(resources *specs.LinuxResources) []memorySettings {
 			name:  "limit_in_bytes",
 			value: mem.Limit,
 		},
+		{
+			name:  "soft_limit_in_bytes",
+			value: mem.Reservation,
+		},
 		{
 			name:  "memsw.limit_in_bytes",
 			value: mem.Swap,
@@ -304,18 +450,6 @@ func getMemorySettings(resources *specs.LinuxResources) []memorySettings {
 	}
 }
 
-func checkEBUSY(err error) error {
-	if pathErr, ok := err.(*os.PathError); ok {
-		if errNo, ok := pathErr.Err.(syscall.Errno); ok {
-			if errNo == unix.EBUSY {
-				return fmt.Errorf(
-					"failed to set memory.kmem.limit_in_bytes, because either tasks have already joined this cgroup or it has children")
-			}
-		}
-	}
-	return err
-}
-
 func getOomControlValue(mem *specs.LinuxMemory) *int64 {
 	if mem.DisableOOMKiller != nil && *mem.DisableOOMKiller {
 		i := int64(1)
@@ -323,3 +457,24 @@ func getOomControlValue(mem *specs.LinuxMemory) *int64 {
 	}
 	return nil
 }
+
+func (m *memoryController) memoryEvent(path string, event MemoryEvent) (uintptr, error) {
+	root := m.Path(path)
+	efd, err := unix.Eventfd(0, unix.EFD_CLOEXEC)
+	if err != nil {
+		return 0, err
+	}
+	evtFile, err := os.Open(filepath.Join(root, event.EventFile()))
+	if err != nil {
+		unix.Close(efd)
+		return 0, err
+	}
+	defer evtFile.Close()
+	data := fmt.Sprintf("%d %d %s", efd, evtFile.Fd(), event.Arg())
+	evctlPath := filepath.Join(root, "cgroup.event_control")
+	if err := retryingWriteFile(evctlPath, []byte(data), 0700); err != nil {
+		unix.Close(efd)
+		return 0, err
+	}
+	return uintptr(efd), nil
+}
diff --git a/vendor/github.com/containerd/cgroups/metrics.pb.go b/vendor/github.com/containerd/cgroups/metrics.pb.go
deleted file mode 100644
index 6043a8f7db02b..0000000000000
--- a/vendor/github.com/containerd/cgroups/metrics.pb.go
+++ /dev/null
@@ -1,4288 +0,0 @@
-// Code generated by protoc-gen-gogo.
-// source: github.com/containerd/cgroups/metrics.proto
-// DO NOT EDIT!
-
-/*
-	Package cgroups is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/cgroups/metrics.proto
-
-	It has these top-level messages:
-		Metrics
-		HugetlbStat
-		PidsStat
-		CPUStat
-		CPUUsage
-		Throttle
-		MemoryStat
-		MemoryEntry
-		BlkIOStat
-		BlkIOEntry
-		RdmaStat
-		RdmaEntry
-*/
-package cgroups
-
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
-
-type Metrics struct {
-	Hugetlb []*HugetlbStat `protobuf:"bytes,1,rep,name=hugetlb" json:"hugetlb,omitempty"`
-	Pids    *PidsStat      `protobuf:"bytes,2,opt,name=pids" json:"pids,omitempty"`
-	CPU     *CPUStat       `protobuf:"bytes,3,opt,name=cpu" json:"cpu,omitempty"`
-	Memory  *MemoryStat    `protobuf:"bytes,4,opt,name=memory" json:"memory,omitempty"`
-	Blkio   *BlkIOStat     `protobuf:"bytes,5,opt,name=blkio" json:"blkio,omitempty"`
-	Rdma    *RdmaStat      `protobuf:"bytes,6,opt,name=rdma" json:"rdma,omitempty"`
-}
-
-func (m *Metrics) Reset()                    { *m = Metrics{} }
-func (*Metrics) ProtoMessage()               {}
-func (*Metrics) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{0} }
-
-type HugetlbStat struct {
-	Usage    uint64 `protobuf:"varint,1,opt,name=usage,proto3" json:"usage,omitempty"`
-	Max      uint64 `protobuf:"varint,2,opt,name=max,proto3" json:"max,omitempty"`
-	Failcnt  uint64 `protobuf:"varint,3,opt,name=failcnt,proto3" json:"failcnt,omitempty"`
-	Pagesize string `protobuf:"bytes,4,opt,name=pagesize,proto3" json:"pagesize,omitempty"`
-}
-
-func (m *HugetlbStat) Reset()                    { *m = HugetlbStat{} }
-func (*HugetlbStat) ProtoMessage()               {}
-func (*HugetlbStat) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{1} }
-
-type PidsStat struct {
-	Current uint64 `protobuf:"varint,1,opt,name=current,proto3" json:"current,omitempty"`
-	Limit   uint64 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"`
-}
-
-func (m *PidsStat) Reset()                    { *m = PidsStat{} }
-func (*PidsStat) ProtoMessage()               {}
-func (*PidsStat) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{2} }
-
-type CPUStat struct {
-	Usage      *CPUUsage `protobuf:"bytes,1,opt,name=usage" json:"usage,omitempty"`
-	Throttling *Throttle `protobuf:"bytes,2,opt,name=throttling" json:"throttling,omitempty"`
-}
-
-func (m *CPUStat) Reset()                    { *m = CPUStat{} }
-func (*CPUStat) ProtoMessage()               {}
-func (*CPUStat) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{3} }
-
-type CPUUsage struct {
-	// values in nanoseconds
-	Total  uint64   `protobuf:"varint,1,opt,name=total,proto3" json:"total,omitempty"`
-	Kernel uint64   `protobuf:"varint,2,opt,name=kernel,proto3" json:"kernel,omitempty"`
-	User   uint64   `protobuf:"varint,3,opt,name=user,proto3" json:"user,omitempty"`
-	PerCPU []uint64 `protobuf:"varint,4,rep,packed,name=per_cpu,json=perCpu" json:"per_cpu,omitempty"`
-}
-
-func (m *CPUUsage) Reset()                    { *m = CPUUsage{} }
-func (*CPUUsage) ProtoMessage()               {}
-func (*CPUUsage) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{4} }
-
-type Throttle struct {
-	Periods          uint64 `protobuf:"varint,1,opt,name=periods,proto3" json:"periods,omitempty"`
-	ThrottledPeriods uint64 `protobuf:"varint,2,opt,name=throttled_periods,json=throttledPeriods,proto3" json:"throttled_periods,omitempty"`
-	ThrottledTime    uint64 `protobuf:"varint,3,opt,name=throttled_time,json=throttledTime,proto3" json:"throttled_time,omitempty"`
-}
-
-func (m *Throttle) Reset()                    { *m = Throttle{} }
-func (*Throttle) ProtoMessage()               {}
-func (*Throttle) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{5} }
-
-type MemoryStat struct {
-	Cache                   uint64       `protobuf:"varint,1,opt,name=cache,proto3" json:"cache,omitempty"`
-	RSS                     uint64       `protobuf:"varint,2,opt,name=rss,proto3" json:"rss,omitempty"`
-	RSSHuge                 uint64       `protobuf:"varint,3,opt,name=rss_huge,json=rssHuge,proto3" json:"rss_huge,omitempty"`
-	MappedFile              uint64       `protobuf:"varint,4,opt,name=mapped_file,json=mappedFile,proto3" json:"mapped_file,omitempty"`
-	Dirty                   uint64       `protobuf:"varint,5,opt,name=dirty,proto3" json:"dirty,omitempty"`
-	Writeback               uint64       `protobuf:"varint,6,opt,name=writeback,proto3" json:"writeback,omitempty"`
-	PgPgIn                  uint64       `protobuf:"varint,7,opt,name=pg_pg_in,json=pgPgIn,proto3" json:"pg_pg_in,omitempty"`
-	PgPgOut                 uint64       `protobuf:"varint,8,opt,name=pg_pg_out,json=pgPgOut,proto3" json:"pg_pg_out,omitempty"`
-	PgFault                 uint64       `protobuf:"varint,9,opt,name=pg_fault,json=pgFault,proto3" json:"pg_fault,omitempty"`
-	PgMajFault              uint64       `protobuf:"varint,10,opt,name=pg_maj_fault,json=pgMajFault,proto3" json:"pg_maj_fault,omitempty"`
-	InactiveAnon            uint64       `protobuf:"varint,11,opt,name=inactive_anon,json=inactiveAnon,proto3" json:"inactive_anon,omitempty"`
-	ActiveAnon              uint64       `protobuf:"varint,12,opt,name=active_anon,json=activeAnon,proto3" json:"active_anon,omitempty"`
-	InactiveFile            uint64       `protobuf:"varint,13,opt,name=inactive_file,json=inactiveFile,proto3" json:"inactive_file,omitempty"`
-	ActiveFile              uint64       `protobuf:"varint,14,opt,name=active_file,json=activeFile,proto3" json:"active_file,omitempty"`
-	Unevictable             uint64       `protobuf:"varint,15,opt,name=unevictable,proto3" json:"unevictable,omitempty"`
-	HierarchicalMemoryLimit uint64       `protobuf:"varint,16,opt,name=hierarchical_memory_limit,json=hierarchicalMemoryLimit,proto3" json:"hierarchical_memory_limit,omitempty"`
-	HierarchicalSwapLimit   uint64       `protobuf:"varint,17,opt,name=hierarchical_swap_limit,json=hierarchicalSwapLimit,proto3" json:"hierarchical_swap_limit,omitempty"`
-	TotalCache              uint64       `protobuf:"varint,18,opt,name=total_cache,json=totalCache,proto3" json:"total_cache,omitempty"`
-	TotalRSS                uint64       `protobuf:"varint,19,opt,name=total_rss,json=totalRss,proto3" json:"total_rss,omitempty"`
-	TotalRSSHuge            uint64       `protobuf:"varint,20,opt,name=total_rss_huge,json=totalRssHuge,proto3" json:"total_rss_huge,omitempty"`
-	TotalMappedFile         uint64       `protobuf:"varint,21,opt,name=total_mapped_file,json=totalMappedFile,proto3" json:"total_mapped_file,omitempty"`
-	TotalDirty              uint64       `protobuf:"varint,22,opt,name=total_dirty,json=totalDirty,proto3" json:"total_dirty,omitempty"`
-	TotalWriteback          uint64       `protobuf:"varint,23,opt,name=total_writeback,json=totalWriteback,proto3" json:"total_writeback,omitempty"`
-	TotalPgPgIn             uint64       `protobuf:"varint,24,opt,name=total_pg_pg_in,json=totalPgPgIn,proto3" json:"total_pg_pg_in,omitempty"`
-	TotalPgPgOut            uint64       `protobuf:"varint,25,opt,name=total_pg_pg_out,json=totalPgPgOut,proto3" json:"total_pg_pg_out,omitempty"`
-	TotalPgFault            uint64       `protobuf:"varint,26,opt,name=total_pg_fault,json=totalPgFault,proto3" json:"total_pg_fault,omitempty"`
-	TotalPgMajFault         uint64       `protobuf:"varint,27,opt,name=total_pg_maj_fault,json=totalPgMajFault,proto3" json:"total_pg_maj_fault,omitempty"`
-	TotalInactiveAnon       uint64       `protobuf:"varint,28,opt,name=total_inactive_anon,json=totalInactiveAnon,proto3" json:"total_inactive_anon,omitempty"`
-	TotalActiveAnon         uint64       `protobuf:"varint,29,opt,name=total_active_anon,json=totalActiveAnon,proto3" json:"total_active_anon,omitempty"`
-	TotalInactiveFile       uint64       `protobuf:"varint,30,opt,name=total_inactive_file,json=totalInactiveFile,proto3" json:"total_inactive_file,omitempty"`
-	TotalActiveFile         uint64       `protobuf:"varint,31,opt,name=total_active_file,json=totalActiveFile,proto3" json:"total_active_file,omitempty"`
-	TotalUnevictable        uint64       `protobuf:"varint,32,opt,name=total_unevictable,json=totalUnevictable,proto3" json:"total_unevictable,omitempty"`
-	Usage                   *MemoryEntry `protobuf:"bytes,33,opt,name=usage" json:"usage,omitempty"`
-	Swap                    *MemoryEntry `protobuf:"bytes,34,opt,name=swap" json:"swap,omitempty"`
-	Kernel                  *MemoryEntry `protobuf:"bytes,35,opt,name=kernel" json:"kernel,omitempty"`
-	KernelTCP               *MemoryEntry `protobuf:"bytes,36,opt,name=kernel_tcp,json=kernelTcp" json:"kernel_tcp,omitempty"`
-}
-
-func (m *MemoryStat) Reset()                    { *m = MemoryStat{} }
-func (*MemoryStat) ProtoMessage()               {}
-func (*MemoryStat) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{6} }
-
-type MemoryEntry struct {
-	Limit   uint64 `protobuf:"varint,1,opt,name=limit,proto3" json:"limit,omitempty"`
-	Usage   uint64 `protobuf:"varint,2,opt,name=usage,proto3" json:"usage,omitempty"`
-	Max     uint64 `protobuf:"varint,3,opt,name=max,proto3" json:"max,omitempty"`
-	Failcnt uint64 `protobuf:"varint,4,opt,name=failcnt,proto3" json:"failcnt,omitempty"`
-}
-
-func (m *MemoryEntry) Reset()                    { *m = MemoryEntry{} }
-func (*MemoryEntry) ProtoMessage()               {}
-func (*MemoryEntry) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{7} }
-
-type BlkIOStat struct {
-	IoServiceBytesRecursive []*BlkIOEntry `protobuf:"bytes,1,rep,name=io_service_bytes_recursive,json=ioServiceBytesRecursive" json:"io_service_bytes_recursive,omitempty"`
-	IoServicedRecursive     []*BlkIOEntry `protobuf:"bytes,2,rep,name=io_serviced_recursive,json=ioServicedRecursive" json:"io_serviced_recursive,omitempty"`
-	IoQueuedRecursive       []*BlkIOEntry `protobuf:"bytes,3,rep,name=io_queued_recursive,json=ioQueuedRecursive" json:"io_queued_recursive,omitempty"`
-	IoServiceTimeRecursive  []*BlkIOEntry `protobuf:"bytes,4,rep,name=io_service_time_recursive,json=ioServiceTimeRecursive" json:"io_service_time_recursive,omitempty"`
-	IoWaitTimeRecursive     []*BlkIOEntry `protobuf:"bytes,5,rep,name=io_wait_time_recursive,json=ioWaitTimeRecursive" json:"io_wait_time_recursive,omitempty"`
-	IoMergedRecursive       []*BlkIOEntry `protobuf:"bytes,6,rep,name=io_merged_recursive,json=ioMergedRecursive" json:"io_merged_recursive,omitempty"`
-	IoTimeRecursive         []*BlkIOEntry `protobuf:"bytes,7,rep,name=io_time_recursive,json=ioTimeRecursive" json:"io_time_recursive,omitempty"`
-	SectorsRecursive        []*BlkIOEntry `protobuf:"bytes,8,rep,name=sectors_recursive,json=sectorsRecursive" json:"sectors_recursive,omitempty"`
-}
-
-func (m *BlkIOStat) Reset()                    { *m = BlkIOStat{} }
-func (*BlkIOStat) ProtoMessage()               {}
-func (*BlkIOStat) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{8} }
-
-type BlkIOEntry struct {
-	Op     string `protobuf:"bytes,1,opt,name=op,proto3" json:"op,omitempty"`
-	Device string `protobuf:"bytes,2,opt,name=device,proto3" json:"device,omitempty"`
-	Major  uint64 `protobuf:"varint,3,opt,name=major,proto3" json:"major,omitempty"`
-	Minor  uint64 `protobuf:"varint,4,opt,name=minor,proto3" json:"minor,omitempty"`
-	Value  uint64 `protobuf:"varint,5,opt,name=value,proto3" json:"value,omitempty"`
-}
-
-func (m *BlkIOEntry) Reset()                    { *m = BlkIOEntry{} }
-func (*BlkIOEntry) ProtoMessage()               {}
-func (*BlkIOEntry) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{9} }
-
-type RdmaStat struct {
-	Current []*RdmaEntry `protobuf:"bytes,1,rep,name=current" json:"current,omitempty"`
-	Limit   []*RdmaEntry `protobuf:"bytes,2,rep,name=limit" json:"limit,omitempty"`
-}
-
-func (m *RdmaStat) Reset()                    { *m = RdmaStat{} }
-func (*RdmaStat) ProtoMessage()               {}
-func (*RdmaStat) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{10} }
-
-type RdmaEntry struct {
-	Device     string `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"`
-	HcaHandles uint32 `protobuf:"varint,2,opt,name=hca_handles,json=hcaHandles,proto3" json:"hca_handles,omitempty"`
-	HcaObjects uint32 `protobuf:"varint,3,opt,name=hca_objects,json=hcaObjects,proto3" json:"hca_objects,omitempty"`
-}
-
-func (m *RdmaEntry) Reset()                    { *m = RdmaEntry{} }
-func (*RdmaEntry) ProtoMessage()               {}
-func (*RdmaEntry) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{11} }
-
-func init() {
-	proto.RegisterType((*Metrics)(nil), "io.containerd.cgroups.v1.Metrics")
-	proto.RegisterType((*HugetlbStat)(nil), "io.containerd.cgroups.v1.HugetlbStat")
-	proto.RegisterType((*PidsStat)(nil), "io.containerd.cgroups.v1.PidsStat")
-	proto.RegisterType((*CPUStat)(nil), "io.containerd.cgroups.v1.CPUStat")
-	proto.RegisterType((*CPUUsage)(nil), "io.containerd.cgroups.v1.CPUUsage")
-	proto.RegisterType((*Throttle)(nil), "io.containerd.cgroups.v1.Throttle")
-	proto.RegisterType((*MemoryStat)(nil), "io.containerd.cgroups.v1.MemoryStat")
-	proto.RegisterType((*MemoryEntry)(nil), "io.containerd.cgroups.v1.MemoryEntry")
-	proto.RegisterType((*BlkIOStat)(nil), "io.containerd.cgroups.v1.BlkIOStat")
-	proto.RegisterType((*BlkIOEntry)(nil), "io.containerd.cgroups.v1.BlkIOEntry")
-	proto.RegisterType((*RdmaStat)(nil), "io.containerd.cgroups.v1.RdmaStat")
-	proto.RegisterType((*RdmaEntry)(nil), "io.containerd.cgroups.v1.RdmaEntry")
-}
-func (m *Metrics) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *Metrics) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Hugetlb) > 0 {
-		for _, msg := range m.Hugetlb {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if m.Pids != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Pids.Size()))
-		n1, err := m.Pids.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
-	}
-	if m.CPU != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.CPU.Size()))
-		n2, err := m.CPU.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n2
-	}
-	if m.Memory != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Memory.Size()))
-		n3, err := m.Memory.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n3
-	}
-	if m.Blkio != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Blkio.Size()))
-		n4, err := m.Blkio.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n4
-	}
-	if m.Rdma != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Rdma.Size()))
-		n5, err := m.Rdma.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n5
-	}
-	return i, nil
-}
-
-func (m *HugetlbStat) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *HugetlbStat) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Usage != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Usage))
-	}
-	if m.Max != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Max))
-	}
-	if m.Failcnt != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Failcnt))
-	}
-	if len(m.Pagesize) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Pagesize)))
-		i += copy(dAtA[i:], m.Pagesize)
-	}
-	return i, nil
-}
-
-func (m *PidsStat) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *PidsStat) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Current != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Current))
-	}
-	if m.Limit != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Limit))
-	}
-	return i, nil
-}
-
-func (m *CPUStat) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *CPUStat) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Usage != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Usage.Size()))
-		n5, err := m.Usage.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n5
-	}
-	if m.Throttling != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Throttling.Size()))
-		n6, err := m.Throttling.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n6
-	}
-	return i, nil
-}
-
-func (m *CPUUsage) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *CPUUsage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Total != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Total))
-	}
-	if m.Kernel != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Kernel))
-	}
-	if m.User != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.User))
-	}
-	if len(m.PerCPU) > 0 {
-		dAtA8 := make([]byte, len(m.PerCPU)*10)
-		var j7 int
-		for _, num := range m.PerCPU {
-			for num >= 1<<7 {
-				dAtA8[j7] = uint8(uint64(num)&0x7f | 0x80)
-				num >>= 7
-				j7++
-			}
-			dAtA8[j7] = uint8(num)
-			j7++
-		}
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(j7))
-		i += copy(dAtA[i:], dAtA8[:j7])
-	}
-	return i, nil
-}
-
-func (m *Throttle) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *Throttle) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Periods != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Periods))
-	}
-	if m.ThrottledPeriods != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.ThrottledPeriods))
-	}
-	if m.ThrottledTime != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.ThrottledTime))
-	}
-	return i, nil
-}
-
-func (m *MemoryStat) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *MemoryStat) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Cache != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Cache))
-	}
-	if m.RSS != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.RSS))
-	}
-	if m.RSSHuge != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.RSSHuge))
-	}
-	if m.MappedFile != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.MappedFile))
-	}
-	if m.Dirty != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Dirty))
-	}
-	if m.Writeback != 0 {
-		dAtA[i] = 0x30
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Writeback))
-	}
-	if m.PgPgIn != 0 {
-		dAtA[i] = 0x38
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.PgPgIn))
-	}
-	if m.PgPgOut != 0 {
-		dAtA[i] = 0x40
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.PgPgOut))
-	}
-	if m.PgFault != 0 {
-		dAtA[i] = 0x48
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.PgFault))
-	}
-	if m.PgMajFault != 0 {
-		dAtA[i] = 0x50
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.PgMajFault))
-	}
-	if m.InactiveAnon != 0 {
-		dAtA[i] = 0x58
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.InactiveAnon))
-	}
-	if m.ActiveAnon != 0 {
-		dAtA[i] = 0x60
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.ActiveAnon))
-	}
-	if m.InactiveFile != 0 {
-		dAtA[i] = 0x68
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.InactiveFile))
-	}
-	if m.ActiveFile != 0 {
-		dAtA[i] = 0x70
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.ActiveFile))
-	}
-	if m.Unevictable != 0 {
-		dAtA[i] = 0x78
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Unevictable))
-	}
-	if m.HierarchicalMemoryLimit != 0 {
-		dAtA[i] = 0x80
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.HierarchicalMemoryLimit))
-	}
-	if m.HierarchicalSwapLimit != 0 {
-		dAtA[i] = 0x88
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.HierarchicalSwapLimit))
-	}
-	if m.TotalCache != 0 {
-		dAtA[i] = 0x90
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalCache))
-	}
-	if m.TotalRSS != 0 {
-		dAtA[i] = 0x98
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalRSS))
-	}
-	if m.TotalRSSHuge != 0 {
-		dAtA[i] = 0xa0
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalRSSHuge))
-	}
-	if m.TotalMappedFile != 0 {
-		dAtA[i] = 0xa8
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalMappedFile))
-	}
-	if m.TotalDirty != 0 {
-		dAtA[i] = 0xb0
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalDirty))
-	}
-	if m.TotalWriteback != 0 {
-		dAtA[i] = 0xb8
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalWriteback))
-	}
-	if m.TotalPgPgIn != 0 {
-		dAtA[i] = 0xc0
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalPgPgIn))
-	}
-	if m.TotalPgPgOut != 0 {
-		dAtA[i] = 0xc8
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalPgPgOut))
-	}
-	if m.TotalPgFault != 0 {
-		dAtA[i] = 0xd0
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalPgFault))
-	}
-	if m.TotalPgMajFault != 0 {
-		dAtA[i] = 0xd8
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalPgMajFault))
-	}
-	if m.TotalInactiveAnon != 0 {
-		dAtA[i] = 0xe0
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalInactiveAnon))
-	}
-	if m.TotalActiveAnon != 0 {
-		dAtA[i] = 0xe8
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalActiveAnon))
-	}
-	if m.TotalInactiveFile != 0 {
-		dAtA[i] = 0xf0
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalInactiveFile))
-	}
-	if m.TotalActiveFile != 0 {
-		dAtA[i] = 0xf8
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalActiveFile))
-	}
-	if m.TotalUnevictable != 0 {
-		dAtA[i] = 0x80
-		i++
-		dAtA[i] = 0x2
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalUnevictable))
-	}
-	if m.Usage != nil {
-		dAtA[i] = 0x8a
-		i++
-		dAtA[i] = 0x2
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Usage.Size()))
-		n9, err := m.Usage.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n9
-	}
-	if m.Swap != nil {
-		dAtA[i] = 0x92
-		i++
-		dAtA[i] = 0x2
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Swap.Size()))
-		n10, err := m.Swap.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n10
-	}
-	if m.Kernel != nil {
-		dAtA[i] = 0x9a
-		i++
-		dAtA[i] = 0x2
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Kernel.Size()))
-		n11, err := m.Kernel.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n11
-	}
-	if m.KernelTCP != nil {
-		dAtA[i] = 0xa2
-		i++
-		dAtA[i] = 0x2
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.KernelTCP.Size()))
-		n12, err := m.KernelTCP.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n12
-	}
-	return i, nil
-}
-
-func (m *MemoryEntry) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *MemoryEntry) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-
-	if m.Limit != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Limit))
-	}
-	if m.Usage != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Usage))
-	}
-	if m.Max != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Max))
-	}
-	if m.Failcnt != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Failcnt))
-	}
-	return i, nil
-}
-
-func (m *BlkIOStat) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *BlkIOStat) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.IoServiceBytesRecursive) > 0 {
-		for _, msg := range m.IoServiceBytesRecursive {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.IoServicedRecursive) > 0 {
-		for _, msg := range m.IoServicedRecursive {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.IoQueuedRecursive) > 0 {
-		for _, msg := range m.IoQueuedRecursive {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.IoServiceTimeRecursive) > 0 {
-		for _, msg := range m.IoServiceTimeRecursive {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.IoWaitTimeRecursive) > 0 {
-		for _, msg := range m.IoWaitTimeRecursive {
-			dAtA[i] = 0x2a
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.IoMergedRecursive) > 0 {
-		for _, msg := range m.IoMergedRecursive {
-			dAtA[i] = 0x32
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.IoTimeRecursive) > 0 {
-		for _, msg := range m.IoTimeRecursive {
-			dAtA[i] = 0x3a
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.SectorsRecursive) > 0 {
-		for _, msg := range m.SectorsRecursive {
-			dAtA[i] = 0x42
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	return i, nil
-}
-
-func (m *BlkIOEntry) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *BlkIOEntry) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Op) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Op)))
-		i += copy(dAtA[i:], m.Op)
-	}
-	if len(m.Device) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Device)))
-		i += copy(dAtA[i:], m.Device)
-	}
-	if m.Major != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Major))
-	}
-	if m.Minor != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Minor))
-	}
-	if m.Value != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Value))
-	}
-	return i, nil
-}
-
-func (m *RdmaStat) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *RdmaStat) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Current) > 0 {
-		for _, msg := range m.Current {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.Limit) > 0 {
-		for _, msg := range m.Limit {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintMetrics(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	return i, nil
-}
-
-func (m *RdmaEntry) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *RdmaEntry) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Device) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Device)))
-		i += copy(dAtA[i:], m.Device)
-	}
-	if m.HcaHandles != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.HcaHandles))
-	}
-	if m.HcaObjects != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.HcaObjects))
-	}
-	return i, nil
-}
-
-func encodeFixed64Metrics(dAtA []byte, offset int, v uint64) int {
-	dAtA[offset] = uint8(v)
-	dAtA[offset+1] = uint8(v >> 8)
-	dAtA[offset+2] = uint8(v >> 16)
-	dAtA[offset+3] = uint8(v >> 24)
-	dAtA[offset+4] = uint8(v >> 32)
-	dAtA[offset+5] = uint8(v >> 40)
-	dAtA[offset+6] = uint8(v >> 48)
-	dAtA[offset+7] = uint8(v >> 56)
-	return offset + 8
-}
-func encodeFixed32Metrics(dAtA []byte, offset int, v uint32) int {
-	dAtA[offset] = uint8(v)
-	dAtA[offset+1] = uint8(v >> 8)
-	dAtA[offset+2] = uint8(v >> 16)
-	dAtA[offset+3] = uint8(v >> 24)
-	return offset + 4
-}
-func encodeVarintMetrics(dAtA []byte, offset int, v uint64) int {
-	for v >= 1<<7 {
-		dAtA[offset] = uint8(v&0x7f | 0x80)
-		v >>= 7
-		offset++
-	}
-	dAtA[offset] = uint8(v)
-	return offset + 1
-}
-func (m *Metrics) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Hugetlb) > 0 {
-		for _, e := range m.Hugetlb {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if m.Pids != nil {
-		l = m.Pids.Size()
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	if m.CPU != nil {
-		l = m.CPU.Size()
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	if m.Memory != nil {
-		l = m.Memory.Size()
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	if m.Blkio != nil {
-		l = m.Blkio.Size()
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	if m.Rdma != nil {
-		l = m.Rdma.Size()
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	return n
-}
-
-func (m *HugetlbStat) Size() (n int) {
-	var l int
-	_ = l
-	if m.Usage != 0 {
-		n += 1 + sovMetrics(uint64(m.Usage))
-	}
-	if m.Max != 0 {
-		n += 1 + sovMetrics(uint64(m.Max))
-	}
-	if m.Failcnt != 0 {
-		n += 1 + sovMetrics(uint64(m.Failcnt))
-	}
-	l = len(m.Pagesize)
-	if l > 0 {
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	return n
-}
-
-func (m *PidsStat) Size() (n int) {
-	var l int
-	_ = l
-	if m.Current != 0 {
-		n += 1 + sovMetrics(uint64(m.Current))
-	}
-	if m.Limit != 0 {
-		n += 1 + sovMetrics(uint64(m.Limit))
-	}
-	return n
-}
-
-func (m *CPUStat) Size() (n int) {
-	var l int
-	_ = l
-	if m.Usage != nil {
-		l = m.Usage.Size()
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	if m.Throttling != nil {
-		l = m.Throttling.Size()
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	return n
-}
-
-func (m *CPUUsage) Size() (n int) {
-	var l int
-	_ = l
-	if m.Total != 0 {
-		n += 1 + sovMetrics(uint64(m.Total))
-	}
-	if m.Kernel != 0 {
-		n += 1 + sovMetrics(uint64(m.Kernel))
-	}
-	if m.User != 0 {
-		n += 1 + sovMetrics(uint64(m.User))
-	}
-	if len(m.PerCPU) > 0 {
-		l = 0
-		for _, e := range m.PerCPU {
-			l += sovMetrics(uint64(e))
-		}
-		n += 1 + sovMetrics(uint64(l)) + l
-	}
-	return n
-}
-
-func (m *Throttle) Size() (n int) {
-	var l int
-	_ = l
-	if m.Periods != 0 {
-		n += 1 + sovMetrics(uint64(m.Periods))
-	}
-	if m.ThrottledPeriods != 0 {
-		n += 1 + sovMetrics(uint64(m.ThrottledPeriods))
-	}
-	if m.ThrottledTime != 0 {
-		n += 1 + sovMetrics(uint64(m.ThrottledTime))
-	}
-	return n
-}
-
-func (m *MemoryStat) Size() (n int) {
-	var l int
-	_ = l
-	if m.Cache != 0 {
-		n += 1 + sovMetrics(uint64(m.Cache))
-	}
-	if m.RSS != 0 {
-		n += 1 + sovMetrics(uint64(m.RSS))
-	}
-	if m.RSSHuge != 0 {
-		n += 1 + sovMetrics(uint64(m.RSSHuge))
-	}
-	if m.MappedFile != 0 {
-		n += 1 + sovMetrics(uint64(m.MappedFile))
-	}
-	if m.Dirty != 0 {
-		n += 1 + sovMetrics(uint64(m.Dirty))
-	}
-	if m.Writeback != 0 {
-		n += 1 + sovMetrics(uint64(m.Writeback))
-	}
-	if m.PgPgIn != 0 {
-		n += 1 + sovMetrics(uint64(m.PgPgIn))
-	}
-	if m.PgPgOut != 0 {
-		n += 1 + sovMetrics(uint64(m.PgPgOut))
-	}
-	if m.PgFault != 0 {
-		n += 1 + sovMetrics(uint64(m.PgFault))
-	}
-	if m.PgMajFault != 0 {
-		n += 1 + sovMetrics(uint64(m.PgMajFault))
-	}
-	if m.InactiveAnon != 0 {
-		n += 1 + sovMetrics(uint64(m.InactiveAnon))
-	}
-	if m.ActiveAnon != 0 {
-		n += 1 + sovMetrics(uint64(m.ActiveAnon))
-	}
-	if m.InactiveFile != 0 {
-		n += 1 + sovMetrics(uint64(m.InactiveFile))
-	}
-	if m.ActiveFile != 0 {
-		n += 1 + sovMetrics(uint64(m.ActiveFile))
-	}
-	if m.Unevictable != 0 {
-		n += 1 + sovMetrics(uint64(m.Unevictable))
-	}
-	if m.HierarchicalMemoryLimit != 0 {
-		n += 2 + sovMetrics(uint64(m.HierarchicalMemoryLimit))
-	}
-	if m.HierarchicalSwapLimit != 0 {
-		n += 2 + sovMetrics(uint64(m.HierarchicalSwapLimit))
-	}
-	if m.TotalCache != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalCache))
-	}
-	if m.TotalRSS != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalRSS))
-	}
-	if m.TotalRSSHuge != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalRSSHuge))
-	}
-	if m.TotalMappedFile != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalMappedFile))
-	}
-	if m.TotalDirty != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalDirty))
-	}
-	if m.TotalWriteback != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalWriteback))
-	}
-	if m.TotalPgPgIn != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalPgPgIn))
-	}
-	if m.TotalPgPgOut != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalPgPgOut))
-	}
-	if m.TotalPgFault != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalPgFault))
-	}
-	if m.TotalPgMajFault != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalPgMajFault))
-	}
-	if m.TotalInactiveAnon != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalInactiveAnon))
-	}
-	if m.TotalActiveAnon != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalActiveAnon))
-	}
-	if m.TotalInactiveFile != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalInactiveFile))
-	}
-	if m.TotalActiveFile != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalActiveFile))
-	}
-	if m.TotalUnevictable != 0 {
-		n += 2 + sovMetrics(uint64(m.TotalUnevictable))
-	}
-	if m.Usage != nil {
-		l = m.Usage.Size()
-		n += 2 + l + sovMetrics(uint64(l))
-	}
-	if m.Swap != nil {
-		l = m.Swap.Size()
-		n += 2 + l + sovMetrics(uint64(l))
-	}
-	if m.Kernel != nil {
-		l = m.Kernel.Size()
-		n += 2 + l + sovMetrics(uint64(l))
-	}
-	if m.KernelTCP != nil {
-		l = m.KernelTCP.Size()
-		n += 2 + l + sovMetrics(uint64(l))
-	}
-	return n
-}
-
-func (m *MemoryEntry) Size() (n int) {
-	var l int
-	_ = l
-	if m.Limit != 0 {
-		n += 1 + sovMetrics(uint64(m.Limit))
-	}
-	if m.Usage != 0 {
-		n += 1 + sovMetrics(uint64(m.Usage))
-	}
-	if m.Max != 0 {
-		n += 1 + sovMetrics(uint64(m.Max))
-	}
-	if m.Failcnt != 0 {
-		n += 1 + sovMetrics(uint64(m.Failcnt))
-	}
-	return n
-}
-
-func (m *BlkIOStat) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.IoServiceBytesRecursive) > 0 {
-		for _, e := range m.IoServiceBytesRecursive {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if len(m.IoServicedRecursive) > 0 {
-		for _, e := range m.IoServicedRecursive {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if len(m.IoQueuedRecursive) > 0 {
-		for _, e := range m.IoQueuedRecursive {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if len(m.IoServiceTimeRecursive) > 0 {
-		for _, e := range m.IoServiceTimeRecursive {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if len(m.IoWaitTimeRecursive) > 0 {
-		for _, e := range m.IoWaitTimeRecursive {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if len(m.IoMergedRecursive) > 0 {
-		for _, e := range m.IoMergedRecursive {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if len(m.IoTimeRecursive) > 0 {
-		for _, e := range m.IoTimeRecursive {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if len(m.SectorsRecursive) > 0 {
-		for _, e := range m.SectorsRecursive {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	return n
-}
-
-func (m *BlkIOEntry) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Op)
-	if l > 0 {
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	l = len(m.Device)
-	if l > 0 {
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	if m.Major != 0 {
-		n += 1 + sovMetrics(uint64(m.Major))
-	}
-	if m.Minor != 0 {
-		n += 1 + sovMetrics(uint64(m.Minor))
-	}
-	if m.Value != 0 {
-		n += 1 + sovMetrics(uint64(m.Value))
-	}
-	return n
-}
-
-func (m *RdmaStat) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Current) > 0 {
-		for _, e := range m.Current {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	if len(m.Limit) > 0 {
-		for _, e := range m.Limit {
-			l = e.Size()
-			n += 1 + l + sovMetrics(uint64(l))
-		}
-	}
-	return n
-}
-
-func (m *RdmaEntry) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Device)
-	if l > 0 {
-		n += 1 + l + sovMetrics(uint64(l))
-	}
-	if m.HcaHandles != 0 {
-		n += 1 + sovMetrics(uint64(m.HcaHandles))
-	}
-	if m.HcaObjects != 0 {
-		n += 1 + sovMetrics(uint64(m.HcaObjects))
-	}
-	return n
-}
-
-func sovMetrics(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
-}
-func sozMetrics(x uint64) (n int) {
-	return sovMetrics(uint64((x << 1) ^ uint64((int64(x) >> 63))))
-}
-func (this *Metrics) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&Metrics{`,
-		`Hugetlb:` + strings.Replace(fmt.Sprintf("%v", this.Hugetlb), "HugetlbStat", "HugetlbStat", 1) + `,`,
-		`Pids:` + strings.Replace(fmt.Sprintf("%v", this.Pids), "PidsStat", "PidsStat", 1) + `,`,
-		`CPU:` + strings.Replace(fmt.Sprintf("%v", this.CPU), "CPUStat", "CPUStat", 1) + `,`,
-		`Memory:` + strings.Replace(fmt.Sprintf("%v", this.Memory), "MemoryStat", "MemoryStat", 1) + `,`,
-		`Blkio:` + strings.Replace(fmt.Sprintf("%v", this.Blkio), "BlkIOStat", "BlkIOStat", 1) + `,`,
-		`Rdma:` + strings.Replace(fmt.Sprintf("%v", this.Rdma), "RdmaStat", "RdmaStat", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *HugetlbStat) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&HugetlbStat{`,
-		`Usage:` + fmt.Sprintf("%v", this.Usage) + `,`,
-		`Max:` + fmt.Sprintf("%v", this.Max) + `,`,
-		`Failcnt:` + fmt.Sprintf("%v", this.Failcnt) + `,`,
-		`Pagesize:` + fmt.Sprintf("%v", this.Pagesize) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *PidsStat) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&PidsStat{`,
-		`Current:` + fmt.Sprintf("%v", this.Current) + `,`,
-		`Limit:` + fmt.Sprintf("%v", this.Limit) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CPUStat) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&CPUStat{`,
-		`Usage:` + strings.Replace(fmt.Sprintf("%v", this.Usage), "CPUUsage", "CPUUsage", 1) + `,`,
-		`Throttling:` + strings.Replace(fmt.Sprintf("%v", this.Throttling), "Throttle", "Throttle", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CPUUsage) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&CPUUsage{`,
-		`Total:` + fmt.Sprintf("%v", this.Total) + `,`,
-		`Kernel:` + fmt.Sprintf("%v", this.Kernel) + `,`,
-		`User:` + fmt.Sprintf("%v", this.User) + `,`,
-		`PerCPU:` + fmt.Sprintf("%v", this.PerCPU) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *Throttle) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&Throttle{`,
-		`Periods:` + fmt.Sprintf("%v", this.Periods) + `,`,
-		`ThrottledPeriods:` + fmt.Sprintf("%v", this.ThrottledPeriods) + `,`,
-		`ThrottledTime:` + fmt.Sprintf("%v", this.ThrottledTime) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *MemoryStat) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&MemoryStat{`,
-		`Cache:` + fmt.Sprintf("%v", this.Cache) + `,`,
-		`RSS:` + fmt.Sprintf("%v", this.RSS) + `,`,
-		`RSSHuge:` + fmt.Sprintf("%v", this.RSSHuge) + `,`,
-		`MappedFile:` + fmt.Sprintf("%v", this.MappedFile) + `,`,
-		`Dirty:` + fmt.Sprintf("%v", this.Dirty) + `,`,
-		`Writeback:` + fmt.Sprintf("%v", this.Writeback) + `,`,
-		`PgPgIn:` + fmt.Sprintf("%v", this.PgPgIn) + `,`,
-		`PgPgOut:` + fmt.Sprintf("%v", this.PgPgOut) + `,`,
-		`PgFault:` + fmt.Sprintf("%v", this.PgFault) + `,`,
-		`PgMajFault:` + fmt.Sprintf("%v", this.PgMajFault) + `,`,
-		`InactiveAnon:` + fmt.Sprintf("%v", this.InactiveAnon) + `,`,
-		`ActiveAnon:` + fmt.Sprintf("%v", this.ActiveAnon) + `,`,
-		`InactiveFile:` + fmt.Sprintf("%v", this.InactiveFile) + `,`,
-		`ActiveFile:` + fmt.Sprintf("%v", this.ActiveFile) + `,`,
-		`Unevictable:` + fmt.Sprintf("%v", this.Unevictable) + `,`,
-		`HierarchicalMemoryLimit:` + fmt.Sprintf("%v", this.HierarchicalMemoryLimit) + `,`,
-		`HierarchicalSwapLimit:` + fmt.Sprintf("%v", this.HierarchicalSwapLimit) + `,`,
-		`TotalCache:` + fmt.Sprintf("%v", this.TotalCache) + `,`,
-		`TotalRSS:` + fmt.Sprintf("%v", this.TotalRSS) + `,`,
-		`TotalRSSHuge:` + fmt.Sprintf("%v", this.TotalRSSHuge) + `,`,
-		`TotalMappedFile:` + fmt.Sprintf("%v", this.TotalMappedFile) + `,`,
-		`TotalDirty:` + fmt.Sprintf("%v", this.TotalDirty) + `,`,
-		`TotalWriteback:` + fmt.Sprintf("%v", this.TotalWriteback) + `,`,
-		`TotalPgPgIn:` + fmt.Sprintf("%v", this.TotalPgPgIn) + `,`,
-		`TotalPgPgOut:` + fmt.Sprintf("%v", this.TotalPgPgOut) + `,`,
-		`TotalPgFault:` + fmt.Sprintf("%v", this.TotalPgFault) + `,`,
-		`TotalPgMajFault:` + fmt.Sprintf("%v", this.TotalPgMajFault) + `,`,
-		`TotalInactiveAnon:` + fmt.Sprintf("%v", this.TotalInactiveAnon) + `,`,
-		`TotalActiveAnon:` + fmt.Sprintf("%v", this.TotalActiveAnon) + `,`,
-		`TotalInactiveFile:` + fmt.Sprintf("%v", this.TotalInactiveFile) + `,`,
-		`TotalActiveFile:` + fmt.Sprintf("%v", this.TotalActiveFile) + `,`,
-		`TotalUnevictable:` + fmt.Sprintf("%v", this.TotalUnevictable) + `,`,
-		`Usage:` + strings.Replace(fmt.Sprintf("%v", this.Usage), "MemoryEntry", "MemoryEntry", 1) + `,`,
-		`Swap:` + strings.Replace(fmt.Sprintf("%v", this.Swap), "MemoryEntry", "MemoryEntry", 1) + `,`,
-		`Kernel:` + strings.Replace(fmt.Sprintf("%v", this.Kernel), "MemoryEntry", "MemoryEntry", 1) + `,`,
-		`KernelTCP:` + strings.Replace(fmt.Sprintf("%v", this.KernelTCP), "MemoryEntry", "MemoryEntry", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *MemoryEntry) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&MemoryEntry{`,
-		`Limit:` + fmt.Sprintf("%v", this.Limit) + `,`,
-		`Usage:` + fmt.Sprintf("%v", this.Usage) + `,`,
-		`Max:` + fmt.Sprintf("%v", this.Max) + `,`,
-		`Failcnt:` + fmt.Sprintf("%v", this.Failcnt) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *BlkIOStat) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&BlkIOStat{`,
-		`IoServiceBytesRecursive:` + strings.Replace(fmt.Sprintf("%v", this.IoServiceBytesRecursive), "BlkIOEntry", "BlkIOEntry", 1) + `,`,
-		`IoServicedRecursive:` + strings.Replace(fmt.Sprintf("%v", this.IoServicedRecursive), "BlkIOEntry", "BlkIOEntry", 1) + `,`,
-		`IoQueuedRecursive:` + strings.Replace(fmt.Sprintf("%v", this.IoQueuedRecursive), "BlkIOEntry", "BlkIOEntry", 1) + `,`,
-		`IoServiceTimeRecursive:` + strings.Replace(fmt.Sprintf("%v", this.IoServiceTimeRecursive), "BlkIOEntry", "BlkIOEntry", 1) + `,`,
-		`IoWaitTimeRecursive:` + strings.Replace(fmt.Sprintf("%v", this.IoWaitTimeRecursive), "BlkIOEntry", "BlkIOEntry", 1) + `,`,
-		`IoMergedRecursive:` + strings.Replace(fmt.Sprintf("%v", this.IoMergedRecursive), "BlkIOEntry", "BlkIOEntry", 1) + `,`,
-		`IoTimeRecursive:` + strings.Replace(fmt.Sprintf("%v", this.IoTimeRecursive), "BlkIOEntry", "BlkIOEntry", 1) + `,`,
-		`SectorsRecursive:` + strings.Replace(fmt.Sprintf("%v", this.SectorsRecursive), "BlkIOEntry", "BlkIOEntry", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *BlkIOEntry) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&BlkIOEntry{`,
-		`Op:` + fmt.Sprintf("%v", this.Op) + `,`,
-		`Device:` + fmt.Sprintf("%v", this.Device) + `,`,
-		`Major:` + fmt.Sprintf("%v", this.Major) + `,`,
-		`Minor:` + fmt.Sprintf("%v", this.Minor) + `,`,
-		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *RdmaStat) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&RdmaStat{`,
-		`Current:` + strings.Replace(fmt.Sprintf("%v", this.Current), "RdmaEntry", "RdmaEntry", 1) + `,`,
-		`Limit:` + strings.Replace(fmt.Sprintf("%v", this.Limit), "RdmaEntry", "RdmaEntry", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *RdmaEntry) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&RdmaEntry{`,
-		`Device:` + fmt.Sprintf("%v", this.Device) + `,`,
-		`HcaHandles:` + fmt.Sprintf("%v", this.HcaHandles) + `,`,
-		`HcaObjects:` + fmt.Sprintf("%v", this.HcaObjects) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func valueToStringMetrics(v interface{}) string {
-	rv := reflect.ValueOf(v)
-	if rv.IsNil() {
-		return "nil"
-	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("*%v", pv)
-}
-func (m *Metrics) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: Metrics: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Metrics: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Hugetlb", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Hugetlb = append(m.Hugetlb, &HugetlbStat{})
-			if err := m.Hugetlb[len(m.Hugetlb)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Pids", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Pids == nil {
-				m.Pids = &PidsStat{}
-			}
-			if err := m.Pids.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field CPU", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.CPU == nil {
-				m.CPU = &CPUStat{}
-			}
-			if err := m.CPU.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Memory", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Memory == nil {
-				m.Memory = &MemoryStat{}
-			}
-			if err := m.Memory.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 5:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Blkio", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Blkio == nil {
-				m.Blkio = &BlkIOStat{}
-			}
-			if err := m.Blkio.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 6:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Rdma", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Rdma == nil {
-				m.Rdma = &RdmaStat{}
-			}
-			if err := m.Rdma.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *HugetlbStat) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: HugetlbStat: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: HugetlbStat: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
-			}
-			m.Usage = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Usage |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Max", wireType)
-			}
-			m.Max = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Max |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Failcnt", wireType)
-			}
-			m.Failcnt = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Failcnt |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Pagesize", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Pagesize = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *PidsStat) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: PidsStat: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: PidsStat: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Current", wireType)
-			}
-			m.Current = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Current |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType)
-			}
-			m.Limit = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Limit |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *CPUStat) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: CPUStat: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CPUStat: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Usage == nil {
-				m.Usage = &CPUUsage{}
-			}
-			if err := m.Usage.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Throttling", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Throttling == nil {
-				m.Throttling = &Throttle{}
-			}
-			if err := m.Throttling.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *CPUUsage) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: CPUUsage: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CPUUsage: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Total", wireType)
-			}
-			m.Total = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Total |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Kernel", wireType)
-			}
-			m.Kernel = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Kernel |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field User", wireType)
-			}
-			m.User = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.User |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 4:
-			if wireType == 0 {
-				var v uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowMetrics
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					v |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				m.PerCPU = append(m.PerCPU, v)
-			} else if wireType == 2 {
-				var packedLen int
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowMetrics
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				if packedLen < 0 {
-					return ErrInvalidLengthMetrics
-				}
-				postIndex := iNdEx + packedLen
-				if postIndex > l {
-					return io.ErrUnexpectedEOF
-				}
-				for iNdEx < postIndex {
-					var v uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowMetrics
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						v |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					m.PerCPU = append(m.PerCPU, v)
-				}
-			} else {
-				return fmt.Errorf("proto: wrong wireType = %d for field PerCPU", wireType)
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *Throttle) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: Throttle: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Throttle: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Periods", wireType)
-			}
-			m.Periods = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Periods |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ThrottledPeriods", wireType)
-			}
-			m.ThrottledPeriods = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.ThrottledPeriods |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ThrottledTime", wireType)
-			}
-			m.ThrottledTime = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.ThrottledTime |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *MemoryStat) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: MemoryStat: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MemoryStat: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Cache", wireType)
-			}
-			m.Cache = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Cache |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field RSS", wireType)
-			}
-			m.RSS = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.RSS |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field RSSHuge", wireType)
-			}
-			m.RSSHuge = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.RSSHuge |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MappedFile", wireType)
-			}
-			m.MappedFile = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.MappedFile |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 5:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Dirty", wireType)
-			}
-			m.Dirty = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Dirty |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 6:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Writeback", wireType)
-			}
-			m.Writeback = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Writeback |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 7:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field PgPgIn", wireType)
-			}
-			m.PgPgIn = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.PgPgIn |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 8:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field PgPgOut", wireType)
-			}
-			m.PgPgOut = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.PgPgOut |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 9:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field PgFault", wireType)
-			}
-			m.PgFault = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.PgFault |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 10:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field PgMajFault", wireType)
-			}
-			m.PgMajFault = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.PgMajFault |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 11:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field InactiveAnon", wireType)
-			}
-			m.InactiveAnon = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.InactiveAnon |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 12:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ActiveAnon", wireType)
-			}
-			m.ActiveAnon = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.ActiveAnon |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 13:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field InactiveFile", wireType)
-			}
-			m.InactiveFile = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.InactiveFile |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 14:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ActiveFile", wireType)
-			}
-			m.ActiveFile = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.ActiveFile |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 15:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Unevictable", wireType)
-			}
-			m.Unevictable = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Unevictable |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 16:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field HierarchicalMemoryLimit", wireType)
-			}
-			m.HierarchicalMemoryLimit = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.HierarchicalMemoryLimit |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 17:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field HierarchicalSwapLimit", wireType)
-			}
-			m.HierarchicalSwapLimit = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.HierarchicalSwapLimit |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 18:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalCache", wireType)
-			}
-			m.TotalCache = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalCache |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 19:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalRSS", wireType)
-			}
-			m.TotalRSS = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalRSS |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 20:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalRSSHuge", wireType)
-			}
-			m.TotalRSSHuge = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalRSSHuge |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 21:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalMappedFile", wireType)
-			}
-			m.TotalMappedFile = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalMappedFile |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 22:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalDirty", wireType)
-			}
-			m.TotalDirty = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalDirty |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 23:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalWriteback", wireType)
-			}
-			m.TotalWriteback = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalWriteback |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 24:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalPgPgIn", wireType)
-			}
-			m.TotalPgPgIn = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalPgPgIn |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 25:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalPgPgOut", wireType)
-			}
-			m.TotalPgPgOut = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalPgPgOut |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 26:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalPgFault", wireType)
-			}
-			m.TotalPgFault = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalPgFault |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 27:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalPgMajFault", wireType)
-			}
-			m.TotalPgMajFault = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalPgMajFault |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 28:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalInactiveAnon", wireType)
-			}
-			m.TotalInactiveAnon = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalInactiveAnon |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 29:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalActiveAnon", wireType)
-			}
-			m.TotalActiveAnon = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalActiveAnon |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 30:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalInactiveFile", wireType)
-			}
-			m.TotalInactiveFile = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalInactiveFile |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 31:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalActiveFile", wireType)
-			}
-			m.TotalActiveFile = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalActiveFile |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 32:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TotalUnevictable", wireType)
-			}
-			m.TotalUnevictable = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.TotalUnevictable |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 33:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Usage == nil {
-				m.Usage = &MemoryEntry{}
-			}
-			if err := m.Usage.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 34:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Swap", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Swap == nil {
-				m.Swap = &MemoryEntry{}
-			}
-			if err := m.Swap.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 35:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Kernel", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Kernel == nil {
-				m.Kernel = &MemoryEntry{}
-			}
-			if err := m.Kernel.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 36:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field KernelTCP", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.KernelTCP == nil {
-				m.KernelTCP = &MemoryEntry{}
-			}
-			if err := m.KernelTCP.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *MemoryEntry) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: MemoryEntry: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MemoryEntry: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType)
-			}
-			m.Limit = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Limit |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
-			}
-			m.Usage = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Usage |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Max", wireType)
-			}
-			m.Max = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Max |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Failcnt", wireType)
-			}
-			m.Failcnt = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Failcnt |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *BlkIOStat) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: BlkIOStat: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: BlkIOStat: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IoServiceBytesRecursive", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IoServiceBytesRecursive = append(m.IoServiceBytesRecursive, &BlkIOEntry{})
-			if err := m.IoServiceBytesRecursive[len(m.IoServiceBytesRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IoServicedRecursive", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IoServicedRecursive = append(m.IoServicedRecursive, &BlkIOEntry{})
-			if err := m.IoServicedRecursive[len(m.IoServicedRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IoQueuedRecursive", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IoQueuedRecursive = append(m.IoQueuedRecursive, &BlkIOEntry{})
-			if err := m.IoQueuedRecursive[len(m.IoQueuedRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IoServiceTimeRecursive", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IoServiceTimeRecursive = append(m.IoServiceTimeRecursive, &BlkIOEntry{})
-			if err := m.IoServiceTimeRecursive[len(m.IoServiceTimeRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 5:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IoWaitTimeRecursive", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IoWaitTimeRecursive = append(m.IoWaitTimeRecursive, &BlkIOEntry{})
-			if err := m.IoWaitTimeRecursive[len(m.IoWaitTimeRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 6:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IoMergedRecursive", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IoMergedRecursive = append(m.IoMergedRecursive, &BlkIOEntry{})
-			if err := m.IoMergedRecursive[len(m.IoMergedRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 7:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IoTimeRecursive", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IoTimeRecursive = append(m.IoTimeRecursive, &BlkIOEntry{})
-			if err := m.IoTimeRecursive[len(m.IoTimeRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 8:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SectorsRecursive", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.SectorsRecursive = append(m.SectorsRecursive, &BlkIOEntry{})
-			if err := m.SectorsRecursive[len(m.SectorsRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *BlkIOEntry) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: BlkIOEntry: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: BlkIOEntry: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Op", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Op = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Device = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Major", wireType)
-			}
-			m.Major = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Major |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Minor", wireType)
-			}
-			m.Minor = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Minor |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 5:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType)
-			}
-			m.Value = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Value |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *RdmaStat) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: RdmaStat: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RdmaStat: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Current", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Current = append(m.Current, &RdmaEntry{})
-			if err := m.Current[len(m.Current)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Limit = append(m.Limit, &RdmaEntry{})
-			if err := m.Limit[len(m.Limit)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *RdmaEntry) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: RdmaEntry: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RdmaEntry: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Device = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field HcaHandles", wireType)
-			}
-			m.HcaHandles = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.HcaHandles |= (uint32(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field HcaObjects", wireType)
-			}
-			m.HcaObjects = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.HcaObjects |= (uint32(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipMetrics(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthMetrics
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-
-func skipMetrics(dAtA []byte) (n int, err error) {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return 0, ErrIntOverflowMetrics
-			}
-			if iNdEx >= l {
-				return 0, io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		wireType := int(wire & 0x7)
-		switch wireType {
-		case 0:
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return 0, ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return 0, io.ErrUnexpectedEOF
-				}
-				iNdEx++
-				if dAtA[iNdEx-1] < 0x80 {
-					break
-				}
-			}
-			return iNdEx, nil
-		case 1:
-			iNdEx += 8
-			return iNdEx, nil
-		case 2:
-			var length int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return 0, ErrIntOverflowMetrics
-				}
-				if iNdEx >= l {
-					return 0, io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				length |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			iNdEx += length
-			if length < 0 {
-				return 0, ErrInvalidLengthMetrics
-			}
-			return iNdEx, nil
-		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowMetrics
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipMetrics(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
-		case 4:
-			return iNdEx, nil
-		case 5:
-			iNdEx += 4
-			return iNdEx, nil
-		default:
-			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
-		}
-	}
-	panic("unreachable")
-}
-
-var (
-	ErrInvalidLengthMetrics = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowMetrics   = fmt.Errorf("proto: integer overflow")
-)
-
-func init() { proto.RegisterFile("github.com/containerd/cgroups/metrics.proto", fileDescriptorMetrics) }
-
-var fileDescriptorMetrics = []byte{
-	// 1325 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x57, 0x4d, 0x6f, 0x1b, 0xb7,
-	0x16, 0x8d, 0xac, 0xb1, 0x3e, 0xae, 0x6c, 0xc7, 0xa6, 0x13, 0x67, 0xec, 0x97, 0x27, 0x29, 0xb2,
-	0xfd, 0x9e, 0x5b, 0x03, 0x32, 0x9a, 0x02, 0x41, 0x93, 0xa6, 0x28, 0x22, 0xb7, 0x41, 0x83, 0xd6,
-	0x88, 0x32, 0xb2, 0x91, 0x76, 0x35, 0x18, 0x8d, 0x98, 0x31, 0xe3, 0xd1, 0x70, 0xc2, 0xe1, 0xc8,
-	0x71, 0x57, 0xdd, 0xf5, 0x37, 0xf5, 0x1f, 0x64, 0xd9, 0x4d, 0x81, 0x76, 0x63, 0x34, 0xfa, 0x25,
-	0x05, 0x2f, 0xe7, 0x4b, 0x49, 0xdc, 0x40, 0xbb, 0xb9, 0xbc, 0xe7, 0x1c, 0x5e, 0x5e, 0x1e, 0x8a,
-	0x14, 0xec, 0x7b, 0x4c, 0x9e, 0xc6, 0xc3, 0xae, 0xcb, 0xc7, 0x07, 0x2e, 0x0f, 0xa4, 0xc3, 0x02,
-	0x2a, 0x46, 0x07, 0xae, 0x27, 0x78, 0x1c, 0x46, 0x07, 0x63, 0x2a, 0x05, 0x73, 0xa3, 0x6e, 0x28,
-	0xb8, 0xe4, 0xc4, 0x64, 0xbc, 0x9b, 0x83, 0xba, 0x09, 0xa8, 0x3b, 0xf9, 0x6c, 0xeb, 0x86, 0xc7,
-	0x3d, 0x8e, 0xa0, 0x03, 0xf5, 0xa5, 0xf1, 0x9d, 0xdf, 0x16, 0xa0, 0x7a, 0xa4, 0x15, 0xc8, 0xd7,
-	0x50, 0x3d, 0x8d, 0x3d, 0x2a, 0xfd, 0xa1, 0x59, 0x6a, 0x97, 0xf7, 0x1a, 0x77, 0x77, 0xbb, 0x57,
-	0xa9, 0x75, 0xbf, 0xd3, 0xc0, 0x81, 0x74, 0xa4, 0x95, 0xb2, 0xc8, 0x3d, 0x30, 0x42, 0x36, 0x8a,
-	0xcc, 0x85, 0x76, 0x69, 0xaf, 0x71, 0xb7, 0x73, 0x35, 0xbb, 0xcf, 0x46, 0x11, 0x52, 0x11, 0x4f,
-	0x1e, 0x42, 0xd9, 0x0d, 0x63, 0xb3, 0x8c, 0xb4, 0x3b, 0x57, 0xd3, 0x0e, 0xfb, 0x27, 0x8a, 0xd5,
-	0xab, 0x4e, 0x2f, 0x5b, 0xe5, 0xc3, 0xfe, 0x89, 0xa5, 0x68, 0xe4, 0x21, 0x54, 0xc6, 0x74, 0xcc,
-	0xc5, 0x85, 0x69, 0xa0, 0xc0, 0xce, 0xd5, 0x02, 0x47, 0x88, 0xc3, 0x99, 0x13, 0x0e, 0xb9, 0x0f,
-	0x8b, 0x43, 0xff, 0x8c, 0x71, 0x73, 0x11, 0xc9, 0xdb, 0x57, 0x93, 0x7b, 0xfe, 0xd9, 0x93, 0xa7,
-	0xc8, 0xd5, 0x8c, 0xce, 0x19, 0x34, 0x0a, 0x6d, 0x20, 0x37, 0x60, 0x31, 0x8e, 0x1c, 0x8f, 0x9a,
-	0xa5, 0x76, 0x69, 0xcf, 0xb0, 0x74, 0x40, 0x56, 0xa1, 0x3c, 0x76, 0x5e, 0x63, 0x4b, 0x0c, 0x4b,
-	0x7d, 0x12, 0x13, 0xaa, 0x2f, 0x1c, 0xe6, 0xbb, 0x81, 0xc4, 0x15, 0x1b, 0x56, 0x1a, 0x92, 0x2d,
-	0xa8, 0x85, 0x8e, 0x47, 0x23, 0xf6, 0x33, 0xc5, 0xb5, 0xd4, 0xad, 0x2c, 0xee, 0x3c, 0x80, 0x5a,
-	0xda, 0x35, 0xa5, 0xe0, 0xc6, 0x42, 0xd0, 0x40, 0x26, 0x73, 0xa5, 0xa1, 0xaa, 0xc1, 0x67, 0x63,
-	0x26, 0x93, 0xf9, 0x74, 0xd0, 0xf9, 0xb5, 0x04, 0xd5, 0xa4, 0x77, 0xe4, 0x8b, 0x62, 0x95, 0xff,
-	0xba, 0x49, 0x87, 0xfd, 0x93, 0x13, 0x85, 0x4c, 0x57, 0xd2, 0x03, 0x90, 0xa7, 0x82, 0x4b, 0xe9,
-	0xb3, 0xc0, 0xfb, 0xf8, 0x1e, 0x1f, 0x6b, 0x2c, 0xb5, 0x0a, 0xac, 0xce, 0x2b, 0xa8, 0xa5, 0xb2,
-	0xaa, 0x56, 0xc9, 0xa5, 0xe3, 0xa7, 0xfd, 0xc2, 0x80, 0x6c, 0x40, 0xe5, 0x8c, 0x8a, 0x80, 0xfa,
-	0xc9, 0x12, 0x92, 0x88, 0x10, 0x30, 0xe2, 0x88, 0x8a, 0xa4, 0x65, 0xf8, 0x4d, 0xb6, 0xa1, 0x1a,
-	0x52, 0x61, 0x2b, 0xef, 0x18, 0xed, 0xf2, 0x9e, 0xd1, 0x83, 0xe9, 0x65, 0xab, 0xd2, 0xa7, 0x42,
-	0x79, 0xa3, 0x12, 0x52, 0x71, 0x18, 0xc6, 0x9d, 0xd7, 0x50, 0x4b, 0x4b, 0x51, 0x8d, 0x0b, 0xa9,
-	0x60, 0x7c, 0x14, 0xa5, 0x8d, 0x4b, 0x42, 0xb2, 0x0f, 0x6b, 0x49, 0x99, 0x74, 0x64, 0xa7, 0x18,
-	0x5d, 0xc1, 0x6a, 0x96, 0xe8, 0x27, 0xe0, 0x5d, 0x58, 0xc9, 0xc1, 0x92, 0x8d, 0x69, 0x52, 0xd5,
-	0x72, 0x36, 0x7a, 0xcc, 0xc6, 0xb4, 0xf3, 0x57, 0x03, 0x20, 0x77, 0x9c, 0x5a, 0xaf, 0xeb, 0xb8,
-	0xa7, 0x99, 0x3f, 0x30, 0x20, 0x9b, 0x50, 0x16, 0x51, 0x32, 0x95, 0x36, 0xb6, 0x35, 0x18, 0x58,
-	0x6a, 0x8c, 0xfc, 0x0f, 0x6a, 0x22, 0x8a, 0x6c, 0x75, 0xba, 0xf4, 0x04, 0xbd, 0xc6, 0xf4, 0xb2,
-	0x55, 0xb5, 0x06, 0x03, 0x65, 0x3b, 0xab, 0x2a, 0xa2, 0x48, 0x7d, 0x90, 0x16, 0x34, 0xc6, 0x4e,
-	0x18, 0xd2, 0x91, 0xfd, 0x82, 0xf9, 0xda, 0x39, 0x86, 0x05, 0x7a, 0xe8, 0x31, 0xf3, 0xb1, 0xd3,
-	0x23, 0x26, 0xe4, 0x05, 0x7a, 0xdc, 0xb0, 0x74, 0x40, 0x6e, 0x43, 0xfd, 0x5c, 0x30, 0x49, 0x87,
-	0x8e, 0x7b, 0x66, 0x56, 0x30, 0x93, 0x0f, 0x10, 0x13, 0x6a, 0xa1, 0x67, 0x87, 0x9e, 0xcd, 0x02,
-	0xb3, 0xaa, 0x77, 0x22, 0xf4, 0xfa, 0xde, 0x93, 0x80, 0x6c, 0x41, 0x5d, 0x67, 0x78, 0x2c, 0xcd,
-	0x5a, 0xd2, 0x46, 0xaf, 0xef, 0x3d, 0x8d, 0x25, 0xd9, 0x44, 0xd6, 0x0b, 0x27, 0xf6, 0xa5, 0x59,
-	0x4f, 0x53, 0x8f, 0x55, 0x48, 0xda, 0xb0, 0x14, 0x7a, 0xf6, 0xd8, 0x79, 0x99, 0xa4, 0x41, 0x97,
-	0x19, 0x7a, 0x47, 0xce, 0x4b, 0x8d, 0xd8, 0x86, 0x65, 0x16, 0x38, 0xae, 0x64, 0x13, 0x6a, 0x3b,
-	0x01, 0x0f, 0xcc, 0x06, 0x42, 0x96, 0xd2, 0xc1, 0x47, 0x01, 0x0f, 0xd4, 0x62, 0x8b, 0x90, 0x25,
-	0xad, 0x52, 0x00, 0x14, 0x55, 0xb0, 0x1f, 0xcb, 0xb3, 0x2a, 0xd8, 0x91, 0x5c, 0x05, 0x21, 0x2b,
-	0x45, 0x15, 0x04, 0xb4, 0xa1, 0x11, 0x07, 0x74, 0xc2, 0x5c, 0xe9, 0x0c, 0x7d, 0x6a, 0x5e, 0x47,
-	0x40, 0x71, 0x88, 0x3c, 0x80, 0xcd, 0x53, 0x46, 0x85, 0x23, 0xdc, 0x53, 0xe6, 0x3a, 0xbe, 0xad,
-	0x7f, 0x4f, 0x6c, 0x7d, 0xfc, 0x56, 0x11, 0x7f, 0xab, 0x08, 0xd0, 0x4e, 0xf8, 0x41, 0xa5, 0xc9,
-	0x3d, 0x98, 0x49, 0xd9, 0xd1, 0xb9, 0x13, 0x26, 0xcc, 0x35, 0x64, 0xde, 0x2c, 0xa6, 0x07, 0xe7,
-	0x4e, 0xa8, 0x79, 0x2d, 0x68, 0xe0, 0x29, 0xb1, 0xb5, 0x91, 0x88, 0x2e, 0x1b, 0x87, 0x0e, 0xd1,
-	0x4d, 0x9f, 0x40, 0x5d, 0x03, 0x94, 0xa7, 0xd6, 0xd1, 0x33, 0x4b, 0xd3, 0xcb, 0x56, 0xed, 0x58,
-	0x0d, 0x2a, 0x63, 0xd5, 0x30, 0x6d, 0x45, 0x11, 0xb9, 0x07, 0x2b, 0x19, 0x54, 0x7b, 0xec, 0x06,
-	0xe2, 0x57, 0xa7, 0x97, 0xad, 0xa5, 0x14, 0x8f, 0x46, 0x5b, 0x4a, 0x39, 0xe8, 0xb6, 0x4f, 0x61,
-	0x4d, 0xf3, 0x8a, 0x9e, 0xbb, 0x89, 0x95, 0x5c, 0xc7, 0xc4, 0x51, 0x6e, 0xbc, 0xac, 0x5e, 0x6d,
-	0xbf, 0x8d, 0x42, 0xbd, 0xdf, 0xa0, 0x07, 0xff, 0x0f, 0x9a, 0x63, 0xe7, 0x4e, 0xbc, 0x85, 0x20,
-	0x5d, 0xdb, 0xf3, 0xcc, 0x8e, 0xdb, 0x69, 0xb5, 0x99, 0x29, 0x4d, 0xbd, 0x25, 0x38, 0xda, 0xd7,
-	0xce, 0xdc, 0x4d, 0xd5, 0x72, 0x7f, 0x6e, 0xea, 0xcd, 0xcf, 0x50, 0xca, 0xa4, 0x3b, 0x05, 0x2d,
-	0xed, 0xc5, 0xad, 0x19, 0x94, 0x76, 0xe3, 0x3e, 0x90, 0x0c, 0x95, 0xbb, 0xf6, 0x3f, 0x85, 0x85,
-	0xf6, 0x73, 0xeb, 0x76, 0x61, 0x5d, 0x83, 0x67, 0x0d, 0x7c, 0x1b, 0xd1, 0xba, 0x5f, 0x4f, 0x8a,
-	0x2e, 0xce, 0x9a, 0x58, 0x44, 0xff, 0xb7, 0xa0, 0xfd, 0x28, 0xc7, 0xbe, 0xaf, 0x8d, 0x2d, 0x6f,
-	0x7e, 0x40, 0x1b, 0x9b, 0xfe, 0xae, 0x36, 0xa2, 0x5b, 0xef, 0x69, 0x23, 0x76, 0x3f, 0xc5, 0x16,
-	0xcd, 0xde, 0x4e, 0x7e, 0xf6, 0x54, 0xe2, 0xa4, 0xe0, 0xf8, 0x2f, 0xd3, 0xab, 0xe3, 0x0e, 0xfe,
-	0xf6, 0xef, 0x7e, 0xec, 0x9e, 0xfd, 0x36, 0x90, 0xe2, 0x22, 0xbd, 0x3d, 0xee, 0x83, 0xa1, 0x5c,
-	0x6e, 0x76, 0xe6, 0xe1, 0x22, 0x85, 0x7c, 0x95, 0x5d, 0x09, 0xdb, 0xf3, 0x90, 0xd3, 0x9b, 0x63,
-	0x00, 0xa0, 0xbf, 0x6c, 0xe9, 0x86, 0xe6, 0xce, 0x1c, 0x12, 0xbd, 0xe5, 0xe9, 0x65, 0xab, 0xfe,
-	0x3d, 0x92, 0x8f, 0x0f, 0xfb, 0x56, 0x5d, 0xeb, 0x1c, 0xbb, 0x61, 0x87, 0x42, 0xa3, 0x00, 0xcc,
-	0xef, 0xdd, 0x52, 0xe1, 0xde, 0xcd, 0x5f, 0x04, 0x0b, 0x1f, 0x78, 0x11, 0x94, 0x3f, 0xf8, 0x22,
-	0x30, 0x66, 0x5e, 0x04, 0x9d, 0x3f, 0x16, 0xa1, 0x9e, 0xbd, 0x3b, 0x88, 0x03, 0x5b, 0x8c, 0xdb,
-	0x11, 0x15, 0x13, 0xe6, 0x52, 0x7b, 0x78, 0x21, 0x69, 0x64, 0x0b, 0xea, 0xc6, 0x22, 0x62, 0x13,
-	0x9a, 0xbc, 0xd9, 0x76, 0x3e, 0xf2, 0x80, 0xd1, 0xbd, 0xb9, 0xc5, 0xf8, 0x40, 0xcb, 0xf4, 0x94,
-	0x8a, 0x95, 0x8a, 0x90, 0x1f, 0xe1, 0x66, 0x3e, 0xc5, 0xa8, 0xa0, 0xbe, 0x30, 0x87, 0xfa, 0x7a,
-	0xa6, 0x3e, 0xca, 0x95, 0x8f, 0x61, 0x9d, 0x71, 0xfb, 0x55, 0x4c, 0xe3, 0x19, 0xdd, 0xf2, 0x1c,
-	0xba, 0x6b, 0x8c, 0x3f, 0x43, 0x7e, 0xae, 0x6a, 0xc3, 0x66, 0xa1, 0x25, 0xea, 0x2e, 0x2e, 0x68,
-	0x1b, 0x73, 0x68, 0x6f, 0x64, 0x35, 0xab, 0xbb, 0x3b, 0x9f, 0xe0, 0x27, 0xd8, 0x60, 0xdc, 0x3e,
-	0x77, 0x98, 0x7c, 0x57, 0x7d, 0x71, 0xbe, 0x8e, 0x3c, 0x77, 0x98, 0x9c, 0x95, 0xd6, 0x1d, 0x19,
-	0x53, 0xe1, 0xcd, 0x74, 0xa4, 0x32, 0x5f, 0x47, 0x8e, 0x90, 0x9f, 0xab, 0xf6, 0x61, 0x8d, 0xf1,
-	0x77, 0x6b, 0xad, 0xce, 0xa1, 0x79, 0x9d, 0xf1, 0xd9, 0x3a, 0x9f, 0xc1, 0x5a, 0x44, 0x5d, 0xc9,
-	0x45, 0xd1, 0x6d, 0xb5, 0x39, 0x14, 0x57, 0x13, 0x7a, 0x26, 0xd9, 0x99, 0x00, 0xe4, 0x79, 0xb2,
-	0x02, 0x0b, 0x3c, 0xc4, 0xa3, 0x53, 0xb7, 0x16, 0x78, 0xa8, 0xde, 0x80, 0x23, 0xf5, 0xb3, 0xa3,
-	0x0f, 0x4e, 0xdd, 0x4a, 0x22, 0x75, 0x9e, 0xc6, 0xce, 0x4b, 0x9e, 0x3e, 0x02, 0x75, 0x80, 0xa3,
-	0x2c, 0xe0, 0x22, 0x39, 0x3b, 0x3a, 0x50, 0xa3, 0x13, 0xc7, 0x8f, 0x69, 0xfa, 0xe6, 0xc1, 0xa0,
-	0x67, 0xbe, 0x79, 0xdb, 0xbc, 0xf6, 0xe7, 0xdb, 0xe6, 0xb5, 0x5f, 0xa6, 0xcd, 0xd2, 0x9b, 0x69,
-	0xb3, 0xf4, 0xfb, 0xb4, 0x59, 0xfa, 0x7b, 0xda, 0x2c, 0x0d, 0x2b, 0xf8, 0x7f, 0xe8, 0xf3, 0x7f,
-	0x02, 0x00, 0x00, 0xff, 0xff, 0xb2, 0x21, 0x0b, 0xcd, 0x6e, 0x0d, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/cgroups/metrics.proto b/vendor/github.com/containerd/cgroups/metrics.proto
deleted file mode 100644
index 642623fcee45d..0000000000000
--- a/vendor/github.com/containerd/cgroups/metrics.proto
+++ /dev/null
@@ -1,123 +0,0 @@
-syntax = "proto3";
-
-package io.containerd.cgroups.v1;
-
-import "gogoproto/gogo.proto";
-
-message Metrics {
-	repeated HugetlbStat hugetlb = 1;
-	PidsStat pids = 2;
-	CPUStat cpu = 3 [(gogoproto.customname) = "CPU"];
-	MemoryStat memory = 4;
-	BlkIOStat blkio = 5;
-	RdmaStat rdma = 6;
-}
-
-message HugetlbStat {
-	uint64 usage = 1;
-	uint64 max = 2;
-	uint64 failcnt = 3;
-	string pagesize = 4;
-}
-
-message PidsStat {
-	uint64 current = 1;
-	uint64 limit = 2;
-}
-
-message CPUStat {
-	CPUUsage usage = 1;
-	Throttle throttling = 2;
-}
-
-message CPUUsage {
-	// values in nanoseconds
-	uint64 total = 1;
-	uint64 kernel = 2;
-	uint64 user = 3;
-	repeated uint64 per_cpu = 4 [(gogoproto.customname) = "PerCPU"];
-
-}
-
-message Throttle {
-	uint64 periods = 1;
-	uint64 throttled_periods = 2;
-	uint64 throttled_time = 3;
-}
-
-message MemoryStat {
-	uint64 cache = 1;
-	uint64 rss = 2 [(gogoproto.customname) = "RSS"];
-	uint64 rss_huge = 3 [(gogoproto.customname) = "RSSHuge"];
-	uint64 mapped_file = 4;
-	uint64 dirty = 5;
-	uint64 writeback = 6;
-	uint64 pg_pg_in = 7;
-	uint64 pg_pg_out = 8;
-	uint64 pg_fault = 9;
-	uint64 pg_maj_fault = 10;
-	uint64 inactive_anon = 11;
-	uint64 active_anon = 12;
-	uint64 inactive_file = 13;
-	uint64 active_file = 14;
-	uint64 unevictable = 15;
-	uint64 hierarchical_memory_limit = 16;
-	uint64 hierarchical_swap_limit = 17;
-	uint64 total_cache = 18;
-	uint64 total_rss = 19 [(gogoproto.customname) = "TotalRSS"];
-	uint64 total_rss_huge = 20 [(gogoproto.customname) = "TotalRSSHuge"];
-	uint64 total_mapped_file = 21;
-	uint64 total_dirty = 22;
-	uint64 total_writeback = 23;
-	uint64 total_pg_pg_in = 24;
-	uint64 total_pg_pg_out = 25;
-	uint64 total_pg_fault = 26;
-	uint64 total_pg_maj_fault = 27;
-	uint64 total_inactive_anon = 28;
-	uint64 total_active_anon = 29;
-	uint64 total_inactive_file = 30;
-	uint64 total_active_file = 31;
-	uint64 total_unevictable = 32;
-	MemoryEntry usage = 33;
-	MemoryEntry swap = 34;
-	MemoryEntry kernel = 35;
-	MemoryEntry kernel_tcp = 36 [(gogoproto.customname) = "KernelTCP"];
-
-}
-
-message MemoryEntry {
-	uint64 limit = 1;
-	uint64 usage = 2;
-	uint64 max = 3;
-	uint64 failcnt = 4;
-}
-
-message BlkIOStat {
-	repeated BlkIOEntry io_service_bytes_recursive = 1;
-	repeated BlkIOEntry io_serviced_recursive = 2;
-	repeated BlkIOEntry io_queued_recursive = 3;
-	repeated BlkIOEntry io_service_time_recursive = 4;
-	repeated BlkIOEntry io_wait_time_recursive = 5;
-	repeated BlkIOEntry io_merged_recursive = 6;
-	repeated BlkIOEntry io_time_recursive = 7;
-	repeated BlkIOEntry sectors_recursive = 8;
-}
-
-message BlkIOEntry {
-	string op = 1;
-	string device = 2;
-	uint64 major = 3;
-	uint64 minor = 4;
-	uint64 value = 5;
-}
-
-message RdmaStat {
-	repeated RdmaEntry current = 1;
-	repeated RdmaEntry limit = 2;
-}
-
-message RdmaEntry {
-	string device = 1;
-	uint32 hca_handles = 2;
-	uint32 hca_objects = 3;
-}
diff --git a/vendor/github.com/containerd/cgroups/net_cls.go b/vendor/github.com/containerd/cgroups/net_cls.go
index 8f1a2651f84e2..839b06de080b1 100644
--- a/vendor/github.com/containerd/cgroups/net_cls.go
+++ b/vendor/github.com/containerd/cgroups/net_cls.go
@@ -17,7 +17,6 @@
 package cgroups
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -48,7 +47,7 @@ func (n *netclsController) Create(path string, resources *specs.LinuxResources)
 		return err
 	}
 	if resources.Network != nil && resources.Network.ClassID != nil && *resources.Network.ClassID > 0 {
-		return ioutil.WriteFile(
+		return retryingWriteFile(
 			filepath.Join(n.Path(path), "net_cls.classid"),
 			[]byte(strconv.FormatUint(uint64(*resources.Network.ClassID), 10)),
 			defaultFilePerm,
@@ -56,3 +55,7 @@ func (n *netclsController) Create(path string, resources *specs.LinuxResources)
 	}
 	return nil
 }
+
+func (n *netclsController) Update(path string, resources *specs.LinuxResources) error {
+	return n.Create(path, resources)
+}
diff --git a/vendor/github.com/containerd/cgroups/net_prio.go b/vendor/github.com/containerd/cgroups/net_prio.go
index c77169215c0f4..6362fd084f716 100644
--- a/vendor/github.com/containerd/cgroups/net_prio.go
+++ b/vendor/github.com/containerd/cgroups/net_prio.go
@@ -18,7 +18,6 @@ package cgroups
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -49,8 +48,8 @@ func (n *netprioController) Create(path string, resources *specs.LinuxResources)
 	}
 	if resources.Network != nil {
 		for _, prio := range resources.Network.Priorities {
-			if err := ioutil.WriteFile(
-				filepath.Join(n.Path(path), "net_prio_ifpriomap"),
+			if err := retryingWriteFile(
+				filepath.Join(n.Path(path), "net_prio.ifpriomap"),
 				formatPrio(prio.Name, prio.Priority),
 				defaultFilePerm,
 			); err != nil {
diff --git a/vendor/github.com/containerd/cgroups/opts.go b/vendor/github.com/containerd/cgroups/opts.go
new file mode 100644
index 0000000000000..a1449e298d0ef
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/opts.go
@@ -0,0 +1,61 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package cgroups
+
+import (
+	"github.com/pkg/errors"
+)
+
+var (
+	// ErrIgnoreSubsystem allows the specific subsystem to be skipped
+	ErrIgnoreSubsystem = errors.New("skip subsystem")
+	// ErrDevicesRequired is returned when the devices subsystem is required but
+	// does not exist or is not active
+	ErrDevicesRequired = errors.New("devices subsystem is required")
+)
+
+// InitOpts allows configuration for the creation or loading of a cgroup
+type InitOpts func(*InitConfig) error
+
+// InitConfig provides configuration options for the creation
+// or loading of a cgroup and its subsystems
+type InitConfig struct {
+	// InitCheck can be used to check initialization errors from the subsystem
+	InitCheck InitCheck
+}
+
+func newInitConfig() *InitConfig {
+	return &InitConfig{
+		InitCheck: RequireDevices,
+	}
+}
+
+// InitCheck allows subsystems errors to be checked when initialized or loaded
+type InitCheck func(Subsystem, Path, error) error
+
+// AllowAny allows any subsystem errors to be skipped
+func AllowAny(_ Subsystem, _ Path, _ error) error {
+	return ErrIgnoreSubsystem
+}
+
+// RequireDevices requires the device subsystem but no others
+func RequireDevices(s Subsystem, _ Path, _ error) error {
+	if s.Name() == Devices {
+		return ErrDevicesRequired
+	}
+	return ErrIgnoreSubsystem
+}
diff --git a/vendor/github.com/containerd/cgroups/paths.go b/vendor/github.com/containerd/cgroups/paths.go
index 455ce857f9835..27197ecad795c 100644
--- a/vendor/github.com/containerd/cgroups/paths.go
+++ b/vendor/github.com/containerd/cgroups/paths.go
@@ -25,7 +25,7 @@ import (
 
 type Path func(subsystem Name) (string, error)
 
-func RootPath(subsysem Name) (string, error) {
+func RootPath(subsystem Name) (string, error) {
 	return "/", nil
 }
 
@@ -57,10 +57,13 @@ func PidPath(pid int) Path {
 	return existingPath(paths, "")
 }
 
+// ErrControllerNotActive is returned when a controller is not supported or enabled
+var ErrControllerNotActive = errors.New("controller is not supported")
+
 func existingPath(paths map[string]string, suffix string) Path {
 	// localize the paths based on the root mount dest for nested cgroups
 	for n, p := range paths {
-		dest, err := getCgroupDestination(string(n))
+		dest, err := getCgroupDestination(n)
 		if err != nil {
 			return errorPath(err)
 		}
@@ -76,8 +79,8 @@ func existingPath(paths map[string]string, suffix string) Path {
 	return func(name Name) (string, error) {
 		root, ok := paths[string(name)]
 		if !ok {
-			if root, ok = paths[fmt.Sprintf("name=%s", name)]; !ok {
-				return "", fmt.Errorf("unable to find %q in controller set", name)
+			if root, ok = paths["name="+string(name)]; !ok {
+				return "", ErrControllerNotActive
 			}
 		}
 		if suffix != "" {
diff --git a/vendor/github.com/containerd/cgroups/pids.go b/vendor/github.com/containerd/cgroups/pids.go
index a1cfcb88d4069..ce78e44c18905 100644
--- a/vendor/github.com/containerd/cgroups/pids.go
+++ b/vendor/github.com/containerd/cgroups/pids.go
@@ -23,6 +23,7 @@ import (
 	"strconv"
 	"strings"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -49,7 +50,7 @@ func (p *pidsController) Create(path string, resources *specs.LinuxResources) er
 		return err
 	}
 	if resources.Pids != nil && resources.Pids.Limit > 0 {
-		return ioutil.WriteFile(
+		return retryingWriteFile(
 			filepath.Join(p.Path(path), "pids.max"),
 			[]byte(strconv.FormatInt(resources.Pids.Limit, 10)),
 			defaultFilePerm,
@@ -62,7 +63,7 @@ func (p *pidsController) Update(path string, resources *specs.LinuxResources) er
 	return p.Create(path, resources)
 }
 
-func (p *pidsController) Stat(path string, stats *Metrics) error {
+func (p *pidsController) Stat(path string, stats *v1.Metrics) error {
 	current, err := readUint(filepath.Join(p.Path(path), "pids.current"))
 	if err != nil {
 		return err
@@ -77,7 +78,7 @@ func (p *pidsController) Stat(path string, stats *Metrics) error {
 			return err
 		}
 	}
-	stats.Pids = &PidsStat{
+	stats.Pids = &v1.PidsStat{
 		Current: current,
 		Limit:   max,
 	}
diff --git a/vendor/github.com/containerd/cgroups/rdma.go b/vendor/github.com/containerd/cgroups/rdma.go
index 4f423d33a0c39..b6f0d416c7f48 100644
--- a/vendor/github.com/containerd/cgroups/rdma.go
+++ b/vendor/github.com/containerd/cgroups/rdma.go
@@ -24,6 +24,7 @@ import (
 	"strconv"
 	"strings"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -66,7 +67,7 @@ func (p *rdmaController) Create(path string, resources *specs.LinuxResources) er
 
 	for device, limit := range resources.Rdma {
 		if device != "" && (limit.HcaHandles != nil || limit.HcaObjects != nil) {
-			return ioutil.WriteFile(
+			return retryingWriteFile(
 				filepath.Join(p.Path(path), "rdma.max"),
 				[]byte(createCmdString(device, &limit)),
 				defaultFilePerm,
@@ -80,7 +81,7 @@ func (p *rdmaController) Update(path string, resources *specs.LinuxResources) er
 	return p.Create(path, resources)
 }
 
-func parseRdmaKV(raw string, entry *RdmaEntry) {
+func parseRdmaKV(raw string, entry *v1.RdmaEntry) {
 	var value uint64
 	var err error
 
@@ -103,13 +104,13 @@ func parseRdmaKV(raw string, entry *RdmaEntry) {
 	}
 }
 
-func toRdmaEntry(strEntries []string) []*RdmaEntry {
-	var rdmaEntries []*RdmaEntry
+func toRdmaEntry(strEntries []string) []*v1.RdmaEntry {
+	var rdmaEntries []*v1.RdmaEntry
 	for i := range strEntries {
 		parts := strings.Fields(strEntries[i])
 		switch len(parts) {
 		case 3:
-			entry := new(RdmaEntry)
+			entry := new(v1.RdmaEntry)
 			entry.Device = parts[0]
 			parseRdmaKV(parts[1], entry)
 			parseRdmaKV(parts[2], entry)
@@ -122,7 +123,7 @@ func toRdmaEntry(strEntries []string) []*RdmaEntry {
 	return rdmaEntries
 }
 
-func (p *rdmaController) Stat(path string, stats *Metrics) error {
+func (p *rdmaController) Stat(path string, stats *v1.Metrics) error {
 
 	currentData, err := ioutil.ReadFile(filepath.Join(p.Path(path), "rdma.current"))
 	if err != nil {
@@ -145,7 +146,7 @@ func (p *rdmaController) Stat(path string, stats *Metrics) error {
 	currentEntries := toRdmaEntry(currentPerDevices)
 	maxEntries := toRdmaEntry(maxPerDevices)
 
-	stats.Rdma = &RdmaStat{
+	stats.Rdma = &v1.RdmaStat{
 		Current: currentEntries,
 		Limit:   maxEntries,
 	}
diff --git a/vendor/github.com/containerd/cgroups/stats/v1/doc.go b/vendor/github.com/containerd/cgroups/stats/v1/doc.go
new file mode 100644
index 0000000000000..23f3cdd4b376f
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/stats/v1/doc.go
@@ -0,0 +1,17 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v1
diff --git a/vendor/github.com/containerd/cgroups/stats/v1/metrics.pb.go b/vendor/github.com/containerd/cgroups/stats/v1/metrics.pb.go
new file mode 100644
index 0000000000000..6d2d41770b99c
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/stats/v1/metrics.pb.go
@@ -0,0 +1,6125 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: github.com/containerd/cgroups/stats/v1/metrics.proto
+
+package v1
+
+import (
+	fmt "fmt"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
+type Metrics struct {
+	Hugetlb              []*HugetlbStat    `protobuf:"bytes,1,rep,name=hugetlb,proto3" json:"hugetlb,omitempty"`
+	Pids                 *PidsStat         `protobuf:"bytes,2,opt,name=pids,proto3" json:"pids,omitempty"`
+	CPU                  *CPUStat          `protobuf:"bytes,3,opt,name=cpu,proto3" json:"cpu,omitempty"`
+	Memory               *MemoryStat       `protobuf:"bytes,4,opt,name=memory,proto3" json:"memory,omitempty"`
+	Blkio                *BlkIOStat        `protobuf:"bytes,5,opt,name=blkio,proto3" json:"blkio,omitempty"`
+	Rdma                 *RdmaStat         `protobuf:"bytes,6,opt,name=rdma,proto3" json:"rdma,omitempty"`
+	Network              []*NetworkStat    `protobuf:"bytes,7,rep,name=network,proto3" json:"network,omitempty"`
+	CgroupStats          *CgroupStats      `protobuf:"bytes,8,opt,name=cgroup_stats,json=cgroupStats,proto3" json:"cgroup_stats,omitempty"`
+	MemoryOomControl     *MemoryOomControl `protobuf:"bytes,9,opt,name=memory_oom_control,json=memoryOomControl,proto3" json:"memory_oom_control,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Metrics) Reset()      { *m = Metrics{} }
+func (*Metrics) ProtoMessage() {}
+func (*Metrics) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{0}
+}
+func (m *Metrics) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Metrics) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Metrics.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Metrics) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Metrics.Merge(m, src)
+}
+func (m *Metrics) XXX_Size() int {
+	return m.Size()
+}
+func (m *Metrics) XXX_DiscardUnknown() {
+	xxx_messageInfo_Metrics.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Metrics proto.InternalMessageInfo
+
+type HugetlbStat struct {
+	Usage                uint64   `protobuf:"varint,1,opt,name=usage,proto3" json:"usage,omitempty"`
+	Max                  uint64   `protobuf:"varint,2,opt,name=max,proto3" json:"max,omitempty"`
+	Failcnt              uint64   `protobuf:"varint,3,opt,name=failcnt,proto3" json:"failcnt,omitempty"`
+	Pagesize             string   `protobuf:"bytes,4,opt,name=pagesize,proto3" json:"pagesize,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *HugetlbStat) Reset()      { *m = HugetlbStat{} }
+func (*HugetlbStat) ProtoMessage() {}
+func (*HugetlbStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{1}
+}
+func (m *HugetlbStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HugetlbStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_HugetlbStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *HugetlbStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HugetlbStat.Merge(m, src)
+}
+func (m *HugetlbStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *HugetlbStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_HugetlbStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HugetlbStat proto.InternalMessageInfo
+
+type PidsStat struct {
+	Current              uint64   `protobuf:"varint,1,opt,name=current,proto3" json:"current,omitempty"`
+	Limit                uint64   `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PidsStat) Reset()      { *m = PidsStat{} }
+func (*PidsStat) ProtoMessage() {}
+func (*PidsStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{2}
+}
+func (m *PidsStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PidsStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PidsStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PidsStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PidsStat.Merge(m, src)
+}
+func (m *PidsStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *PidsStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_PidsStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PidsStat proto.InternalMessageInfo
+
+type CPUStat struct {
+	Usage                *CPUUsage `protobuf:"bytes,1,opt,name=usage,proto3" json:"usage,omitempty"`
+	Throttling           *Throttle `protobuf:"bytes,2,opt,name=throttling,proto3" json:"throttling,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *CPUStat) Reset()      { *m = CPUStat{} }
+func (*CPUStat) ProtoMessage() {}
+func (*CPUStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{3}
+}
+func (m *CPUStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CPUStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CPUStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CPUStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CPUStat.Merge(m, src)
+}
+func (m *CPUStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *CPUStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_CPUStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CPUStat proto.InternalMessageInfo
+
+type CPUUsage struct {
+	// values in nanoseconds
+	Total                uint64   `protobuf:"varint,1,opt,name=total,proto3" json:"total,omitempty"`
+	Kernel               uint64   `protobuf:"varint,2,opt,name=kernel,proto3" json:"kernel,omitempty"`
+	User                 uint64   `protobuf:"varint,3,opt,name=user,proto3" json:"user,omitempty"`
+	PerCPU               []uint64 `protobuf:"varint,4,rep,packed,name=per_cpu,json=perCpu,proto3" json:"per_cpu,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CPUUsage) Reset()      { *m = CPUUsage{} }
+func (*CPUUsage) ProtoMessage() {}
+func (*CPUUsage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{4}
+}
+func (m *CPUUsage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CPUUsage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CPUUsage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CPUUsage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CPUUsage.Merge(m, src)
+}
+func (m *CPUUsage) XXX_Size() int {
+	return m.Size()
+}
+func (m *CPUUsage) XXX_DiscardUnknown() {
+	xxx_messageInfo_CPUUsage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CPUUsage proto.InternalMessageInfo
+
+type Throttle struct {
+	Periods              uint64   `protobuf:"varint,1,opt,name=periods,proto3" json:"periods,omitempty"`
+	ThrottledPeriods     uint64   `protobuf:"varint,2,opt,name=throttled_periods,json=throttledPeriods,proto3" json:"throttled_periods,omitempty"`
+	ThrottledTime        uint64   `protobuf:"varint,3,opt,name=throttled_time,json=throttledTime,proto3" json:"throttled_time,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Throttle) Reset()      { *m = Throttle{} }
+func (*Throttle) ProtoMessage() {}
+func (*Throttle) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{5}
+}
+func (m *Throttle) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Throttle) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Throttle.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Throttle) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Throttle.Merge(m, src)
+}
+func (m *Throttle) XXX_Size() int {
+	return m.Size()
+}
+func (m *Throttle) XXX_DiscardUnknown() {
+	xxx_messageInfo_Throttle.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Throttle proto.InternalMessageInfo
+
+type MemoryStat struct {
+	Cache                   uint64       `protobuf:"varint,1,opt,name=cache,proto3" json:"cache,omitempty"`
+	RSS                     uint64       `protobuf:"varint,2,opt,name=rss,proto3" json:"rss,omitempty"`
+	RSSHuge                 uint64       `protobuf:"varint,3,opt,name=rss_huge,json=rssHuge,proto3" json:"rss_huge,omitempty"`
+	MappedFile              uint64       `protobuf:"varint,4,opt,name=mapped_file,json=mappedFile,proto3" json:"mapped_file,omitempty"`
+	Dirty                   uint64       `protobuf:"varint,5,opt,name=dirty,proto3" json:"dirty,omitempty"`
+	Writeback               uint64       `protobuf:"varint,6,opt,name=writeback,proto3" json:"writeback,omitempty"`
+	PgPgIn                  uint64       `protobuf:"varint,7,opt,name=pg_pg_in,json=pgPgIn,proto3" json:"pg_pg_in,omitempty"`
+	PgPgOut                 uint64       `protobuf:"varint,8,opt,name=pg_pg_out,json=pgPgOut,proto3" json:"pg_pg_out,omitempty"`
+	PgFault                 uint64       `protobuf:"varint,9,opt,name=pg_fault,json=pgFault,proto3" json:"pg_fault,omitempty"`
+	PgMajFault              uint64       `protobuf:"varint,10,opt,name=pg_maj_fault,json=pgMajFault,proto3" json:"pg_maj_fault,omitempty"`
+	InactiveAnon            uint64       `protobuf:"varint,11,opt,name=inactive_anon,json=inactiveAnon,proto3" json:"inactive_anon,omitempty"`
+	ActiveAnon              uint64       `protobuf:"varint,12,opt,name=active_anon,json=activeAnon,proto3" json:"active_anon,omitempty"`
+	InactiveFile            uint64       `protobuf:"varint,13,opt,name=inactive_file,json=inactiveFile,proto3" json:"inactive_file,omitempty"`
+	ActiveFile              uint64       `protobuf:"varint,14,opt,name=active_file,json=activeFile,proto3" json:"active_file,omitempty"`
+	Unevictable             uint64       `protobuf:"varint,15,opt,name=unevictable,proto3" json:"unevictable,omitempty"`
+	HierarchicalMemoryLimit uint64       `protobuf:"varint,16,opt,name=hierarchical_memory_limit,json=hierarchicalMemoryLimit,proto3" json:"hierarchical_memory_limit,omitempty"`
+	HierarchicalSwapLimit   uint64       `protobuf:"varint,17,opt,name=hierarchical_swap_limit,json=hierarchicalSwapLimit,proto3" json:"hierarchical_swap_limit,omitempty"`
+	TotalCache              uint64       `protobuf:"varint,18,opt,name=total_cache,json=totalCache,proto3" json:"total_cache,omitempty"`
+	TotalRSS                uint64       `protobuf:"varint,19,opt,name=total_rss,json=totalRss,proto3" json:"total_rss,omitempty"`
+	TotalRSSHuge            uint64       `protobuf:"varint,20,opt,name=total_rss_huge,json=totalRssHuge,proto3" json:"total_rss_huge,omitempty"`
+	TotalMappedFile         uint64       `protobuf:"varint,21,opt,name=total_mapped_file,json=totalMappedFile,proto3" json:"total_mapped_file,omitempty"`
+	TotalDirty              uint64       `protobuf:"varint,22,opt,name=total_dirty,json=totalDirty,proto3" json:"total_dirty,omitempty"`
+	TotalWriteback          uint64       `protobuf:"varint,23,opt,name=total_writeback,json=totalWriteback,proto3" json:"total_writeback,omitempty"`
+	TotalPgPgIn             uint64       `protobuf:"varint,24,opt,name=total_pg_pg_in,json=totalPgPgIn,proto3" json:"total_pg_pg_in,omitempty"`
+	TotalPgPgOut            uint64       `protobuf:"varint,25,opt,name=total_pg_pg_out,json=totalPgPgOut,proto3" json:"total_pg_pg_out,omitempty"`
+	TotalPgFault            uint64       `protobuf:"varint,26,opt,name=total_pg_fault,json=totalPgFault,proto3" json:"total_pg_fault,omitempty"`
+	TotalPgMajFault         uint64       `protobuf:"varint,27,opt,name=total_pg_maj_fault,json=totalPgMajFault,proto3" json:"total_pg_maj_fault,omitempty"`
+	TotalInactiveAnon       uint64       `protobuf:"varint,28,opt,name=total_inactive_anon,json=totalInactiveAnon,proto3" json:"total_inactive_anon,omitempty"`
+	TotalActiveAnon         uint64       `protobuf:"varint,29,opt,name=total_active_anon,json=totalActiveAnon,proto3" json:"total_active_anon,omitempty"`
+	TotalInactiveFile       uint64       `protobuf:"varint,30,opt,name=total_inactive_file,json=totalInactiveFile,proto3" json:"total_inactive_file,omitempty"`
+	TotalActiveFile         uint64       `protobuf:"varint,31,opt,name=total_active_file,json=totalActiveFile,proto3" json:"total_active_file,omitempty"`
+	TotalUnevictable        uint64       `protobuf:"varint,32,opt,name=total_unevictable,json=totalUnevictable,proto3" json:"total_unevictable,omitempty"`
+	Usage                   *MemoryEntry `protobuf:"bytes,33,opt,name=usage,proto3" json:"usage,omitempty"`
+	Swap                    *MemoryEntry `protobuf:"bytes,34,opt,name=swap,proto3" json:"swap,omitempty"`
+	Kernel                  *MemoryEntry `protobuf:"bytes,35,opt,name=kernel,proto3" json:"kernel,omitempty"`
+	KernelTCP               *MemoryEntry `protobuf:"bytes,36,opt,name=kernel_tcp,json=kernelTcp,proto3" json:"kernel_tcp,omitempty"`
+	XXX_NoUnkeyedLiteral    struct{}     `json:"-"`
+	XXX_unrecognized        []byte       `json:"-"`
+	XXX_sizecache           int32        `json:"-"`
+}
+
+func (m *MemoryStat) Reset()      { *m = MemoryStat{} }
+func (*MemoryStat) ProtoMessage() {}
+func (*MemoryStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{6}
+}
+func (m *MemoryStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MemoryStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MemoryStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MemoryStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MemoryStat.Merge(m, src)
+}
+func (m *MemoryStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *MemoryStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_MemoryStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MemoryStat proto.InternalMessageInfo
+
+type MemoryEntry struct {
+	Limit                uint64   `protobuf:"varint,1,opt,name=limit,proto3" json:"limit,omitempty"`
+	Usage                uint64   `protobuf:"varint,2,opt,name=usage,proto3" json:"usage,omitempty"`
+	Max                  uint64   `protobuf:"varint,3,opt,name=max,proto3" json:"max,omitempty"`
+	Failcnt              uint64   `protobuf:"varint,4,opt,name=failcnt,proto3" json:"failcnt,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *MemoryEntry) Reset()      { *m = MemoryEntry{} }
+func (*MemoryEntry) ProtoMessage() {}
+func (*MemoryEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{7}
+}
+func (m *MemoryEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MemoryEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MemoryEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MemoryEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MemoryEntry.Merge(m, src)
+}
+func (m *MemoryEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *MemoryEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_MemoryEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MemoryEntry proto.InternalMessageInfo
+
+type MemoryOomControl struct {
+	OomKillDisable       uint64   `protobuf:"varint,1,opt,name=oom_kill_disable,json=oomKillDisable,proto3" json:"oom_kill_disable,omitempty"`
+	UnderOom             uint64   `protobuf:"varint,2,opt,name=under_oom,json=underOom,proto3" json:"under_oom,omitempty"`
+	OomKill              uint64   `protobuf:"varint,3,opt,name=oom_kill,json=oomKill,proto3" json:"oom_kill,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *MemoryOomControl) Reset()      { *m = MemoryOomControl{} }
+func (*MemoryOomControl) ProtoMessage() {}
+func (*MemoryOomControl) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{8}
+}
+func (m *MemoryOomControl) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MemoryOomControl) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MemoryOomControl.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MemoryOomControl) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MemoryOomControl.Merge(m, src)
+}
+func (m *MemoryOomControl) XXX_Size() int {
+	return m.Size()
+}
+func (m *MemoryOomControl) XXX_DiscardUnknown() {
+	xxx_messageInfo_MemoryOomControl.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MemoryOomControl proto.InternalMessageInfo
+
+type BlkIOStat struct {
+	IoServiceBytesRecursive []*BlkIOEntry `protobuf:"bytes,1,rep,name=io_service_bytes_recursive,json=ioServiceBytesRecursive,proto3" json:"io_service_bytes_recursive,omitempty"`
+	IoServicedRecursive     []*BlkIOEntry `protobuf:"bytes,2,rep,name=io_serviced_recursive,json=ioServicedRecursive,proto3" json:"io_serviced_recursive,omitempty"`
+	IoQueuedRecursive       []*BlkIOEntry `protobuf:"bytes,3,rep,name=io_queued_recursive,json=ioQueuedRecursive,proto3" json:"io_queued_recursive,omitempty"`
+	IoServiceTimeRecursive  []*BlkIOEntry `protobuf:"bytes,4,rep,name=io_service_time_recursive,json=ioServiceTimeRecursive,proto3" json:"io_service_time_recursive,omitempty"`
+	IoWaitTimeRecursive     []*BlkIOEntry `protobuf:"bytes,5,rep,name=io_wait_time_recursive,json=ioWaitTimeRecursive,proto3" json:"io_wait_time_recursive,omitempty"`
+	IoMergedRecursive       []*BlkIOEntry `protobuf:"bytes,6,rep,name=io_merged_recursive,json=ioMergedRecursive,proto3" json:"io_merged_recursive,omitempty"`
+	IoTimeRecursive         []*BlkIOEntry `protobuf:"bytes,7,rep,name=io_time_recursive,json=ioTimeRecursive,proto3" json:"io_time_recursive,omitempty"`
+	SectorsRecursive        []*BlkIOEntry `protobuf:"bytes,8,rep,name=sectors_recursive,json=sectorsRecursive,proto3" json:"sectors_recursive,omitempty"`
+	XXX_NoUnkeyedLiteral    struct{}      `json:"-"`
+	XXX_unrecognized        []byte        `json:"-"`
+	XXX_sizecache           int32         `json:"-"`
+}
+
+func (m *BlkIOStat) Reset()      { *m = BlkIOStat{} }
+func (*BlkIOStat) ProtoMessage() {}
+func (*BlkIOStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{9}
+}
+func (m *BlkIOStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BlkIOStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BlkIOStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BlkIOStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BlkIOStat.Merge(m, src)
+}
+func (m *BlkIOStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *BlkIOStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_BlkIOStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_BlkIOStat proto.InternalMessageInfo
+
+type BlkIOEntry struct {
+	Op                   string   `protobuf:"bytes,1,opt,name=op,proto3" json:"op,omitempty"`
+	Device               string   `protobuf:"bytes,2,opt,name=device,proto3" json:"device,omitempty"`
+	Major                uint64   `protobuf:"varint,3,opt,name=major,proto3" json:"major,omitempty"`
+	Minor                uint64   `protobuf:"varint,4,opt,name=minor,proto3" json:"minor,omitempty"`
+	Value                uint64   `protobuf:"varint,5,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *BlkIOEntry) Reset()      { *m = BlkIOEntry{} }
+func (*BlkIOEntry) ProtoMessage() {}
+func (*BlkIOEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{10}
+}
+func (m *BlkIOEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BlkIOEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BlkIOEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BlkIOEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BlkIOEntry.Merge(m, src)
+}
+func (m *BlkIOEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *BlkIOEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_BlkIOEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_BlkIOEntry proto.InternalMessageInfo
+
+type RdmaStat struct {
+	Current              []*RdmaEntry `protobuf:"bytes,1,rep,name=current,proto3" json:"current,omitempty"`
+	Limit                []*RdmaEntry `protobuf:"bytes,2,rep,name=limit,proto3" json:"limit,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
+	XXX_unrecognized     []byte       `json:"-"`
+	XXX_sizecache        int32        `json:"-"`
+}
+
+func (m *RdmaStat) Reset()      { *m = RdmaStat{} }
+func (*RdmaStat) ProtoMessage() {}
+func (*RdmaStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{11}
+}
+func (m *RdmaStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RdmaStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RdmaStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RdmaStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RdmaStat.Merge(m, src)
+}
+func (m *RdmaStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *RdmaStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_RdmaStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RdmaStat proto.InternalMessageInfo
+
+type RdmaEntry struct {
+	Device               string   `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"`
+	HcaHandles           uint32   `protobuf:"varint,2,opt,name=hca_handles,json=hcaHandles,proto3" json:"hca_handles,omitempty"`
+	HcaObjects           uint32   `protobuf:"varint,3,opt,name=hca_objects,json=hcaObjects,proto3" json:"hca_objects,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *RdmaEntry) Reset()      { *m = RdmaEntry{} }
+func (*RdmaEntry) ProtoMessage() {}
+func (*RdmaEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{12}
+}
+func (m *RdmaEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RdmaEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RdmaEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RdmaEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RdmaEntry.Merge(m, src)
+}
+func (m *RdmaEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *RdmaEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_RdmaEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RdmaEntry proto.InternalMessageInfo
+
+type NetworkStat struct {
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	RxBytes              uint64   `protobuf:"varint,2,opt,name=rx_bytes,json=rxBytes,proto3" json:"rx_bytes,omitempty"`
+	RxPackets            uint64   `protobuf:"varint,3,opt,name=rx_packets,json=rxPackets,proto3" json:"rx_packets,omitempty"`
+	RxErrors             uint64   `protobuf:"varint,4,opt,name=rx_errors,json=rxErrors,proto3" json:"rx_errors,omitempty"`
+	RxDropped            uint64   `protobuf:"varint,5,opt,name=rx_dropped,json=rxDropped,proto3" json:"rx_dropped,omitempty"`
+	TxBytes              uint64   `protobuf:"varint,6,opt,name=tx_bytes,json=txBytes,proto3" json:"tx_bytes,omitempty"`
+	TxPackets            uint64   `protobuf:"varint,7,opt,name=tx_packets,json=txPackets,proto3" json:"tx_packets,omitempty"`
+	TxErrors             uint64   `protobuf:"varint,8,opt,name=tx_errors,json=txErrors,proto3" json:"tx_errors,omitempty"`
+	TxDropped            uint64   `protobuf:"varint,9,opt,name=tx_dropped,json=txDropped,proto3" json:"tx_dropped,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *NetworkStat) Reset()      { *m = NetworkStat{} }
+func (*NetworkStat) ProtoMessage() {}
+func (*NetworkStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{13}
+}
+func (m *NetworkStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NetworkStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NetworkStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NetworkStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NetworkStat.Merge(m, src)
+}
+func (m *NetworkStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *NetworkStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_NetworkStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NetworkStat proto.InternalMessageInfo
+
+// CgroupStats exports per-cgroup statistics.
+type CgroupStats struct {
+	// number of tasks sleeping
+	NrSleeping uint64 `protobuf:"varint,1,opt,name=nr_sleeping,json=nrSleeping,proto3" json:"nr_sleeping,omitempty"`
+	// number of tasks running
+	NrRunning uint64 `protobuf:"varint,2,opt,name=nr_running,json=nrRunning,proto3" json:"nr_running,omitempty"`
+	// number of tasks in stopped state
+	NrStopped uint64 `protobuf:"varint,3,opt,name=nr_stopped,json=nrStopped,proto3" json:"nr_stopped,omitempty"`
+	// number of tasks in uninterruptible state
+	NrUninterruptible uint64 `protobuf:"varint,4,opt,name=nr_uninterruptible,json=nrUninterruptible,proto3" json:"nr_uninterruptible,omitempty"`
+	// number of tasks waiting on IO
+	NrIoWait             uint64   `protobuf:"varint,5,opt,name=nr_io_wait,json=nrIoWait,proto3" json:"nr_io_wait,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CgroupStats) Reset()      { *m = CgroupStats{} }
+func (*CgroupStats) ProtoMessage() {}
+func (*CgroupStats) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{14}
+}
+func (m *CgroupStats) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CgroupStats) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CgroupStats.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CgroupStats) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CgroupStats.Merge(m, src)
+}
+func (m *CgroupStats) XXX_Size() int {
+	return m.Size()
+}
+func (m *CgroupStats) XXX_DiscardUnknown() {
+	xxx_messageInfo_CgroupStats.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CgroupStats proto.InternalMessageInfo
+
+func init() {
+	proto.RegisterType((*Metrics)(nil), "io.containerd.cgroups.v1.Metrics")
+	proto.RegisterType((*HugetlbStat)(nil), "io.containerd.cgroups.v1.HugetlbStat")
+	proto.RegisterType((*PidsStat)(nil), "io.containerd.cgroups.v1.PidsStat")
+	proto.RegisterType((*CPUStat)(nil), "io.containerd.cgroups.v1.CPUStat")
+	proto.RegisterType((*CPUUsage)(nil), "io.containerd.cgroups.v1.CPUUsage")
+	proto.RegisterType((*Throttle)(nil), "io.containerd.cgroups.v1.Throttle")
+	proto.RegisterType((*MemoryStat)(nil), "io.containerd.cgroups.v1.MemoryStat")
+	proto.RegisterType((*MemoryEntry)(nil), "io.containerd.cgroups.v1.MemoryEntry")
+	proto.RegisterType((*MemoryOomControl)(nil), "io.containerd.cgroups.v1.MemoryOomControl")
+	proto.RegisterType((*BlkIOStat)(nil), "io.containerd.cgroups.v1.BlkIOStat")
+	proto.RegisterType((*BlkIOEntry)(nil), "io.containerd.cgroups.v1.BlkIOEntry")
+	proto.RegisterType((*RdmaStat)(nil), "io.containerd.cgroups.v1.RdmaStat")
+	proto.RegisterType((*RdmaEntry)(nil), "io.containerd.cgroups.v1.RdmaEntry")
+	proto.RegisterType((*NetworkStat)(nil), "io.containerd.cgroups.v1.NetworkStat")
+	proto.RegisterType((*CgroupStats)(nil), "io.containerd.cgroups.v1.CgroupStats")
+}
+
+func init() {
+	proto.RegisterFile("github.com/containerd/cgroups/stats/v1/metrics.proto", fileDescriptor_a17b2d87c332bfaa)
+}
+
+var fileDescriptor_a17b2d87c332bfaa = []byte{
+	// 1749 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x58, 0xcd, 0x72, 0xe3, 0xc6,
+	0x11, 0x36, 0x45, 0x48, 0x24, 0x9a, 0x92, 0x56, 0x9a, 0xfd, 0x83, 0xe4, 0xb5, 0x28, 0x53, 0xbb,
+	0x89, 0xe2, 0xad, 0x48, 0x65, 0x27, 0xb5, 0x95, 0x75, 0xec, 0x4a, 0x59, 0x5a, 0xbb, 0x76, 0xcb,
+	0x51, 0x44, 0x83, 0x52, 0xd9, 0x39, 0xa1, 0x40, 0x70, 0x16, 0x9c, 0x15, 0x80, 0x81, 0x07, 0x03,
+	0x89, 0xca, 0x29, 0x87, 0x54, 0xe5, 0x94, 0x07, 0xca, 0x1b, 0xf8, 0x98, 0x4b, 0x52, 0xc9, 0x45,
+	0x15, 0xf3, 0x49, 0x52, 0x33, 0x3d, 0xf8, 0xa1, 0xbc, 0x5a, 0x85, 0x37, 0x76, 0xcf, 0xd7, 0x5f,
+	0xf7, 0x34, 0xbe, 0x19, 0x34, 0x08, 0xbf, 0x0e, 0x99, 0x1c, 0xe7, 0xc3, 0xbd, 0x80, 0xc7, 0xfb,
+	0x01, 0x4f, 0xa4, 0xcf, 0x12, 0x2a, 0x46, 0xfb, 0x41, 0x28, 0x78, 0x9e, 0x66, 0xfb, 0x99, 0xf4,
+	0x65, 0xb6, 0x7f, 0xfe, 0xf1, 0x7e, 0x4c, 0xa5, 0x60, 0x41, 0xb6, 0x97, 0x0a, 0x2e, 0x39, 0x71,
+	0x18, 0xdf, 0xab, 0xd0, 0x7b, 0x06, 0xbd, 0x77, 0xfe, 0xf1, 0xe6, 0xbd, 0x90, 0x87, 0x5c, 0x83,
+	0xf6, 0xd5, 0x2f, 0xc4, 0xf7, 0xfe, 0x65, 0x41, 0xeb, 0x08, 0x19, 0xc8, 0xef, 0xa0, 0x35, 0xce,
+	0x43, 0x2a, 0xa3, 0xa1, 0xd3, 0xd8, 0x6e, 0xee, 0x76, 0x3e, 0x79, 0xb2, 0x77, 0x13, 0xdb, 0xde,
+	0x4b, 0x04, 0x0e, 0xa4, 0x2f, 0xdd, 0x22, 0x8a, 0x3c, 0x03, 0x2b, 0x65, 0xa3, 0xcc, 0x59, 0xd8,
+	0x6e, 0xec, 0x76, 0x3e, 0xe9, 0xdd, 0x1c, 0xdd, 0x67, 0xa3, 0x4c, 0x87, 0x6a, 0x3c, 0xf9, 0x0c,
+	0x9a, 0x41, 0x9a, 0x3b, 0x4d, 0x1d, 0xf6, 0xe1, 0xcd, 0x61, 0x87, 0xfd, 0x53, 0x15, 0x75, 0xd0,
+	0x9a, 0x5e, 0x75, 0x9b, 0x87, 0xfd, 0x53, 0x57, 0x85, 0x91, 0xcf, 0x60, 0x29, 0xa6, 0x31, 0x17,
+	0x97, 0x8e, 0xa5, 0x09, 0x1e, 0xdf, 0x4c, 0x70, 0xa4, 0x71, 0x3a, 0xb3, 0x89, 0x21, 0xcf, 0x61,
+	0x71, 0x18, 0x9d, 0x31, 0xee, 0x2c, 0xea, 0xe0, 0x9d, 0x9b, 0x83, 0x0f, 0xa2, 0xb3, 0x57, 0xc7,
+	0x3a, 0x16, 0x23, 0xd4, 0x76, 0xc5, 0x28, 0xf6, 0x9d, 0xa5, 0xdb, 0xb6, 0xeb, 0x8e, 0x62, 0x1f,
+	0xb7, 0xab, 0xf0, 0xaa, 0xcf, 0x09, 0x95, 0x17, 0x5c, 0x9c, 0x39, 0xad, 0xdb, 0xfa, 0xfc, 0x07,
+	0x04, 0x62, 0x9f, 0x4d, 0x14, 0x79, 0x09, 0xcb, 0x08, 0xf1, 0xb4, 0x0a, 0x9c, 0xb6, 0x2e, 0xe0,
+	0x1d, 0x2c, 0x87, 0xfa, 0xa7, 0x22, 0xc9, 0xdc, 0x4e, 0x50, 0x19, 0xe4, 0x3b, 0x20, 0xd8, 0x07,
+	0x8f, 0xf3, 0xd8, 0x53, 0xc1, 0x82, 0x47, 0x8e, 0xad, 0xf9, 0x3e, 0xba, 0xad, 0x8f, 0xc7, 0x3c,
+	0x3e, 0xc4, 0x08, 0x77, 0x2d, 0xbe, 0xe6, 0xe9, 0x9d, 0x41, 0xa7, 0xa6, 0x11, 0x72, 0x0f, 0x16,
+	0xf3, 0xcc, 0x0f, 0xa9, 0xd3, 0xd8, 0x6e, 0xec, 0x5a, 0x2e, 0x1a, 0x64, 0x0d, 0x9a, 0xb1, 0x3f,
+	0xd1, 0x7a, 0xb1, 0x5c, 0xf5, 0x93, 0x38, 0xd0, 0x7a, 0xed, 0xb3, 0x28, 0x48, 0xa4, 0x96, 0x83,
+	0xe5, 0x16, 0x26, 0xd9, 0x84, 0x76, 0xea, 0x87, 0x34, 0x63, 0x7f, 0xa2, 0xfa, 0x41, 0xdb, 0x6e,
+	0x69, 0xf7, 0x3e, 0x85, 0x76, 0x21, 0x29, 0xc5, 0x10, 0xe4, 0x42, 0xd0, 0x44, 0x9a, 0x5c, 0x85,
+	0xa9, 0x6a, 0x88, 0x58, 0xcc, 0xa4, 0xc9, 0x87, 0x46, 0xef, 0xaf, 0x0d, 0x68, 0x19, 0x61, 0x91,
+	0xdf, 0xd4, 0xab, 0x7c, 0xe7, 0x23, 0x3d, 0xec, 0x9f, 0x9e, 0x2a, 0x64, 0xb1, 0x93, 0x03, 0x00,
+	0x39, 0x16, 0x5c, 0xca, 0x88, 0x25, 0xe1, 0xed, 0x07, 0xe0, 0x04, 0xb1, 0xd4, 0xad, 0x45, 0xf5,
+	0xbe, 0x87, 0x76, 0x41, 0xab, 0x6a, 0x95, 0x5c, 0xfa, 0x51, 0xd1, 0x2f, 0x6d, 0x90, 0x07, 0xb0,
+	0x74, 0x46, 0x45, 0x42, 0x23, 0xb3, 0x05, 0x63, 0x11, 0x02, 0x56, 0x9e, 0x51, 0x61, 0x5a, 0xa6,
+	0x7f, 0x93, 0x1d, 0x68, 0xa5, 0x54, 0x78, 0xea, 0x60, 0x59, 0xdb, 0xcd, 0x5d, 0xeb, 0x00, 0xa6,
+	0x57, 0xdd, 0xa5, 0x3e, 0x15, 0xea, 0xe0, 0x2c, 0xa5, 0x54, 0x1c, 0xa6, 0x79, 0x6f, 0x02, 0xed,
+	0xa2, 0x14, 0xd5, 0xb8, 0x94, 0x0a, 0xc6, 0x47, 0x59, 0xd1, 0x38, 0x63, 0x92, 0xa7, 0xb0, 0x6e,
+	0xca, 0xa4, 0x23, 0xaf, 0xc0, 0x60, 0x05, 0x6b, 0xe5, 0x42, 0xdf, 0x80, 0x9f, 0xc0, 0x6a, 0x05,
+	0x96, 0x2c, 0xa6, 0xa6, 0xaa, 0x95, 0xd2, 0x7b, 0xc2, 0x62, 0xda, 0xfb, 0x4f, 0x07, 0xa0, 0x3a,
+	0x8e, 0x6a, 0xbf, 0x81, 0x1f, 0x8c, 0x4b, 0x7d, 0x68, 0x83, 0x6c, 0x40, 0x53, 0x64, 0x26, 0x15,
+	0x9e, 0x7a, 0x77, 0x30, 0x70, 0x95, 0x8f, 0xfc, 0x0c, 0xda, 0x22, 0xcb, 0x3c, 0x75, 0xf5, 0x60,
+	0x82, 0x83, 0xce, 0xf4, 0xaa, 0xdb, 0x72, 0x07, 0x03, 0x25, 0x3b, 0xb7, 0x25, 0xb2, 0x4c, 0xfd,
+	0x20, 0x5d, 0xe8, 0xc4, 0x7e, 0x9a, 0xd2, 0x91, 0xf7, 0x9a, 0x45, 0xa8, 0x1c, 0xcb, 0x05, 0x74,
+	0x7d, 0xc5, 0x22, 0xdd, 0xe9, 0x11, 0x13, 0xf2, 0x52, 0x5f, 0x00, 0x96, 0x8b, 0x06, 0x79, 0x04,
+	0xf6, 0x85, 0x60, 0x92, 0x0e, 0xfd, 0xe0, 0x4c, 0x1f, 0x70, 0xcb, 0xad, 0x1c, 0xc4, 0x81, 0x76,
+	0x1a, 0x7a, 0x69, 0xe8, 0xb1, 0xc4, 0x69, 0xe1, 0x93, 0x48, 0xc3, 0x7e, 0xf8, 0x2a, 0x21, 0x9b,
+	0x60, 0xe3, 0x0a, 0xcf, 0xa5, 0x3e, 0x97, 0xaa, 0x8d, 0x61, 0x3f, 0x3c, 0xce, 0x25, 0xd9, 0xd0,
+	0x51, 0xaf, 0xfd, 0x3c, 0x92, 0xfa, 0x88, 0xe9, 0xa5, 0xaf, 0x94, 0x49, 0xb6, 0x61, 0x39, 0x0d,
+	0xbd, 0xd8, 0x7f, 0x63, 0x96, 0x01, 0xcb, 0x4c, 0xc3, 0x23, 0xff, 0x0d, 0x22, 0x76, 0x60, 0x85,
+	0x25, 0x7e, 0x20, 0xd9, 0x39, 0xf5, 0xfc, 0x84, 0x27, 0x4e, 0x47, 0x43, 0x96, 0x0b, 0xe7, 0x17,
+	0x09, 0x4f, 0xd4, 0x66, 0xeb, 0x90, 0x65, 0x64, 0xa9, 0x01, 0xea, 0x2c, 0xba, 0x1f, 0x2b, 0xb3,
+	0x2c, 0xba, 0x23, 0x15, 0x8b, 0x86, 0xac, 0xd6, 0x59, 0x34, 0x60, 0x1b, 0x3a, 0x79, 0x42, 0xcf,
+	0x59, 0x20, 0xfd, 0x61, 0x44, 0x9d, 0x3b, 0x1a, 0x50, 0x77, 0x91, 0x4f, 0x61, 0x63, 0xcc, 0xa8,
+	0xf0, 0x45, 0x30, 0x66, 0x81, 0x1f, 0x79, 0xe6, 0x92, 0xc1, 0xe3, 0xb7, 0xa6, 0xf1, 0x0f, 0xeb,
+	0x00, 0x54, 0xc2, 0xef, 0xd5, 0x32, 0x79, 0x06, 0x33, 0x4b, 0x5e, 0x76, 0xe1, 0xa7, 0x26, 0x72,
+	0x5d, 0x47, 0xde, 0xaf, 0x2f, 0x0f, 0x2e, 0xfc, 0x14, 0xe3, 0xba, 0xd0, 0xd1, 0xa7, 0xc4, 0x43,
+	0x21, 0x11, 0x2c, 0x5b, 0xbb, 0x0e, 0xb5, 0x9a, 0x7e, 0x01, 0x36, 0x02, 0x94, 0xa6, 0xee, 0x6a,
+	0xcd, 0x2c, 0x4f, 0xaf, 0xba, 0xed, 0x13, 0xe5, 0x54, 0xc2, 0x6a, 0xeb, 0x65, 0x37, 0xcb, 0xc8,
+	0x33, 0x58, 0x2d, 0xa1, 0xa8, 0xb1, 0x7b, 0x1a, 0xbf, 0x36, 0xbd, 0xea, 0x2e, 0x17, 0x78, 0x2d,
+	0xb4, 0xe5, 0x22, 0x46, 0xab, 0xed, 0x23, 0x58, 0xc7, 0xb8, 0xba, 0xe6, 0xee, 0xeb, 0x4a, 0xee,
+	0xe8, 0x85, 0xa3, 0x4a, 0x78, 0x65, 0xbd, 0x28, 0xbf, 0x07, 0xb5, 0x7a, 0x5f, 0x68, 0x0d, 0xfe,
+	0x1c, 0x30, 0xc6, 0xab, 0x94, 0xf8, 0x50, 0x83, 0xb0, 0xb6, 0x6f, 0x4b, 0x39, 0xee, 0x14, 0xd5,
+	0x96, 0xa2, 0x74, 0xf0, 0x91, 0x68, 0x6f, 0x1f, 0x95, 0xf9, 0xa4, 0x60, 0xab, 0xf4, 0xb9, 0x81,
+	0x0f, 0xbf, 0x44, 0x29, 0x91, 0x3e, 0xae, 0x71, 0xa1, 0x16, 0x37, 0x67, 0x50, 0xa8, 0xc6, 0xa7,
+	0x40, 0x4a, 0x54, 0xa5, 0xda, 0xf7, 0x6b, 0x1b, 0xed, 0x57, 0xd2, 0xdd, 0x83, 0xbb, 0x08, 0x9e,
+	0x15, 0xf0, 0x23, 0x8d, 0xc6, 0x7e, 0xbd, 0xaa, 0xab, 0xb8, 0x6c, 0x62, 0x1d, 0xfd, 0x41, 0x8d,
+	0xfb, 0x8b, 0x0a, 0xfb, 0x53, 0x6e, 0xdd, 0xf2, 0xad, 0xb7, 0x70, 0xeb, 0xa6, 0x5f, 0xe7, 0xd6,
+	0xe8, 0xee, 0x4f, 0xb8, 0x35, 0xf6, 0x69, 0x81, 0xad, 0x8b, 0x7d, 0xdb, 0x5c, 0x7b, 0x6a, 0xe1,
+	0xb4, 0xa6, 0xf8, 0xdf, 0x16, 0xaf, 0x8e, 0x0f, 0x6f, 0x7b, 0x19, 0xa3, 0xd6, 0xbf, 0x4c, 0xa4,
+	0xb8, 0x2c, 0xde, 0x1e, 0xcf, 0xc1, 0x52, 0x2a, 0x77, 0x7a, 0xf3, 0xc4, 0xea, 0x10, 0xf2, 0x79,
+	0xf9, 0x4a, 0xd8, 0x99, 0x27, 0xb8, 0x78, 0x73, 0x0c, 0x00, 0xf0, 0x97, 0x27, 0x83, 0xd4, 0x79,
+	0x3c, 0x07, 0xc5, 0xc1, 0xca, 0xf4, 0xaa, 0x6b, 0x7f, 0xad, 0x83, 0x4f, 0x0e, 0xfb, 0xae, 0x8d,
+	0x3c, 0x27, 0x41, 0xda, 0xa3, 0xd0, 0xa9, 0x01, 0xab, 0xf7, 0x6e, 0xa3, 0xf6, 0xde, 0xad, 0x26,
+	0x82, 0x85, 0xb7, 0x4c, 0x04, 0xcd, 0xb7, 0x4e, 0x04, 0xd6, 0xcc, 0x44, 0xd0, 0x93, 0xb0, 0x76,
+	0x7d, 0x10, 0x21, 0xbb, 0xb0, 0xa6, 0x26, 0x99, 0x33, 0x16, 0xa9, 0x73, 0x95, 0xe9, 0x47, 0x86,
+	0x69, 0x57, 0x39, 0x8f, 0xbf, 0x66, 0x51, 0xf4, 0x02, 0xbd, 0xe4, 0x7d, 0xb0, 0xf3, 0x64, 0x44,
+	0x85, 0x9a, 0x7c, 0x4c, 0x0d, 0x6d, 0xed, 0x38, 0xe6, 0xb1, 0xba, 0xaa, 0x0b, 0x9a, 0x62, 0x0e,
+	0x31, 0xe1, 0xbd, 0x7f, 0x2e, 0x82, 0x5d, 0x8e, 0x82, 0xc4, 0x87, 0x4d, 0xc6, 0xbd, 0x8c, 0x8a,
+	0x73, 0x16, 0x50, 0x6f, 0x78, 0x29, 0x69, 0xe6, 0x09, 0x1a, 0xe4, 0x22, 0x63, 0xe7, 0xd4, 0x8c,
+	0xd1, 0x8f, 0x6f, 0x99, 0x29, 0xf1, 0x89, 0x3c, 0x64, 0x7c, 0x80, 0x34, 0x07, 0x8a, 0xc5, 0x2d,
+	0x48, 0xc8, 0x77, 0x70, 0xbf, 0x4a, 0x31, 0xaa, 0xb1, 0x2f, 0xcc, 0xc1, 0x7e, 0xb7, 0x64, 0x1f,
+	0x55, 0xcc, 0x27, 0x70, 0x97, 0x71, 0xef, 0xfb, 0x9c, 0xe6, 0x33, 0xbc, 0xcd, 0x39, 0x78, 0xd7,
+	0x19, 0xff, 0x46, 0xc7, 0x57, 0xac, 0x1e, 0x6c, 0xd4, 0x5a, 0xa2, 0x26, 0x80, 0x1a, 0xb7, 0x35,
+	0x07, 0xf7, 0x83, 0xb2, 0x66, 0x35, 0x31, 0x54, 0x09, 0xfe, 0x08, 0x0f, 0x18, 0xf7, 0x2e, 0x7c,
+	0x26, 0xaf, 0xb3, 0x2f, 0xce, 0xd7, 0x91, 0x6f, 0x7d, 0x26, 0x67, 0xa9, 0xb1, 0x23, 0x31, 0x15,
+	0xe1, 0x4c, 0x47, 0x96, 0xe6, 0xeb, 0xc8, 0x91, 0x8e, 0xaf, 0x58, 0xfb, 0xb0, 0xce, 0xf8, 0xf5,
+	0x5a, 0x5b, 0x73, 0x70, 0xde, 0x61, 0x7c, 0xb6, 0xce, 0x6f, 0x60, 0x3d, 0xa3, 0x81, 0xe4, 0xa2,
+	0xae, 0xb6, 0xf6, 0x1c, 0x8c, 0x6b, 0x26, 0xbc, 0xa4, 0xec, 0x9d, 0x03, 0x54, 0xeb, 0x64, 0x15,
+	0x16, 0x78, 0xaa, 0x4f, 0x8e, 0xed, 0x2e, 0xf0, 0x54, 0x4d, 0x9e, 0x23, 0x75, 0xd9, 0xe1, 0x71,
+	0xb5, 0x5d, 0x63, 0xa9, 0x53, 0x1c, 0xfb, 0x6f, 0x78, 0x31, 0x7a, 0xa2, 0xa1, 0xbd, 0x2c, 0xe1,
+	0xc2, 0x9c, 0x58, 0x34, 0x94, 0xf7, 0xdc, 0x8f, 0x72, 0x5a, 0x4c, 0x5a, 0xda, 0xe8, 0xfd, 0xa5,
+	0x01, 0xed, 0xe2, 0x03, 0x89, 0x7c, 0x5e, 0x1f, 0xde, 0x9b, 0xef, 0xfe, 0x1e, 0x53, 0x41, 0xb8,
+	0x99, 0x72, 0xc2, 0x7f, 0x5e, 0x4d, 0xf8, 0xff, 0x77, 0xb0, 0xf9, 0x0c, 0xa0, 0x60, 0x97, 0xbe,
+	0xda, 0x6e, 0x1b, 0x33, 0xbb, 0xed, 0x42, 0x67, 0x1c, 0xf8, 0xde, 0xd8, 0x4f, 0x46, 0x11, 0xc5,
+	0xb9, 0x74, 0xc5, 0x85, 0x71, 0xe0, 0xbf, 0x44, 0x4f, 0x01, 0xe0, 0xc3, 0x37, 0x34, 0x90, 0x99,
+	0x6e, 0x0a, 0x02, 0x8e, 0xd1, 0xd3, 0xfb, 0xdb, 0x02, 0x74, 0x6a, 0xdf, 0x74, 0x6a, 0x72, 0x4f,
+	0xfc, 0xb8, 0xc8, 0xa3, 0x7f, 0xab, 0xcb, 0x47, 0x4c, 0xf0, 0x2e, 0x31, 0x17, 0x53, 0x4b, 0x4c,
+	0xf4, 0xa5, 0x40, 0x3e, 0x00, 0x10, 0x13, 0x2f, 0xf5, 0x83, 0x33, 0x6a, 0xe8, 0x2d, 0xd7, 0x16,
+	0x93, 0x3e, 0x3a, 0xd4, 0x9d, 0x26, 0x26, 0x1e, 0x15, 0x82, 0x8b, 0xcc, 0xf4, 0xbe, 0x2d, 0x26,
+	0x5f, 0x6a, 0xdb, 0xc4, 0x8e, 0x04, 0x57, 0x13, 0x88, 0x79, 0x06, 0xb6, 0x98, 0xbc, 0x40, 0x87,
+	0xca, 0x2a, 0x8b, 0xac, 0x38, 0xf0, 0xb6, 0x64, 0x95, 0x55, 0x56, 0x59, 0x71, 0xe0, 0xb5, 0x65,
+	0x3d, 0xab, 0x2c, 0xb3, 0xe2, 0xcc, 0xdb, 0x96, 0xb5, 0xac, 0xb2, 0xca, 0x6a, 0x17, 0xb1, 0x26,
+	0x6b, 0xef, 0xef, 0x0d, 0xe8, 0xd4, 0xbe, 0x4e, 0x55, 0x03, 0x13, 0xe1, 0x65, 0x11, 0xa5, 0xa9,
+	0xfa, 0x90, 0xc2, 0xab, 0x1b, 0x12, 0x31, 0x30, 0x1e, 0xc5, 0x97, 0x08, 0x4f, 0xe4, 0x49, 0x52,
+	0x7c, 0x68, 0x59, 0xae, 0x9d, 0x08, 0x17, 0x1d, 0x66, 0x39, 0x93, 0x98, 0xae, 0x59, 0x2c, 0x0f,
+	0xd0, 0x41, 0x7e, 0x09, 0x24, 0x11, 0x5e, 0x9e, 0xb0, 0x44, 0x52, 0x21, 0xf2, 0x54, 0xb2, 0x61,
+	0xf9, 0x51, 0xb0, 0x9e, 0x88, 0xd3, 0xd9, 0x05, 0xf2, 0x48, 0xb3, 0x99, 0xcb, 0xc6, 0xb4, 0xac,
+	0x9d, 0x88, 0x57, 0xfa, 0xe6, 0x38, 0x70, 0x7e, 0xf8, 0x71, 0xeb, 0xbd, 0x7f, 0xff, 0xb8, 0xf5,
+	0xde, 0x9f, 0xa7, 0x5b, 0x8d, 0x1f, 0xa6, 0x5b, 0x8d, 0x7f, 0x4c, 0xb7, 0x1a, 0xff, 0x9d, 0x6e,
+	0x35, 0x86, 0x4b, 0xfa, 0xcf, 0x95, 0x5f, 0xfd, 0x2f, 0x00, 0x00, 0xff, 0xff, 0xc4, 0x4e, 0x24,
+	0x22, 0xc4, 0x11, 0x00, 0x00,
+}
+
+func (m *Metrics) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Metrics) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Metrics) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.MemoryOomControl != nil {
+		{
+			size, err := m.MemoryOomControl.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x4a
+	}
+	if m.CgroupStats != nil {
+		{
+			size, err := m.CgroupStats.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x42
+	}
+	if len(m.Network) > 0 {
+		for iNdEx := len(m.Network) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Network[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
+	if m.Rdma != nil {
+		{
+			size, err := m.Rdma.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x32
+	}
+	if m.Blkio != nil {
+		{
+			size, err := m.Blkio.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
+	}
+	if m.Memory != nil {
+		{
+			size, err := m.Memory.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.CPU != nil {
+		{
+			size, err := m.CPU.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.Pids != nil {
+		{
+			size, err := m.Pids.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Hugetlb) > 0 {
+		for iNdEx := len(m.Hugetlb) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Hugetlb[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *HugetlbStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *HugetlbStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HugetlbStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Pagesize) > 0 {
+		i -= len(m.Pagesize)
+		copy(dAtA[i:], m.Pagesize)
+		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Pagesize)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.Failcnt != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Failcnt))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Max != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Max))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Usage != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Usage))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *PidsStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PidsStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PidsStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Limit != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Limit))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Current != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Current))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *CPUStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CPUStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CPUStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Throttling != nil {
+		{
+			size, err := m.Throttling.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Usage != nil {
+		{
+			size, err := m.Usage.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *CPUUsage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CPUUsage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CPUUsage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.PerCPU) > 0 {
+		dAtA11 := make([]byte, len(m.PerCPU)*10)
+		var j10 int
+		for _, num := range m.PerCPU {
+			for num >= 1<<7 {
+				dAtA11[j10] = uint8(uint64(num)&0x7f | 0x80)
+				num >>= 7
+				j10++
+			}
+			dAtA11[j10] = uint8(num)
+			j10++
+		}
+		i -= j10
+		copy(dAtA[i:], dAtA11[:j10])
+		i = encodeVarintMetrics(dAtA, i, uint64(j10))
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.User != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.User))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Kernel != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Kernel))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Total != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Total))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Throttle) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Throttle) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Throttle) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.ThrottledTime != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ThrottledTime))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.ThrottledPeriods != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ThrottledPeriods))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Periods != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Periods))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *MemoryStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *MemoryStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MemoryStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.KernelTCP != nil {
+		{
+			size, err := m.KernelTCP.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0xa2
+	}
+	if m.Kernel != nil {
+		{
+			size, err := m.Kernel.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0x9a
+	}
+	if m.Swap != nil {
+		{
+			size, err := m.Swap.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0x92
+	}
+	if m.Usage != nil {
+		{
+			size, err := m.Usage.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0x8a
+	}
+	if m.TotalUnevictable != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalUnevictable))
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0x80
+	}
+	if m.TotalActiveFile != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalActiveFile))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xf8
+	}
+	if m.TotalInactiveFile != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalInactiveFile))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xf0
+	}
+	if m.TotalActiveAnon != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalActiveAnon))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xe8
+	}
+	if m.TotalInactiveAnon != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalInactiveAnon))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xe0
+	}
+	if m.TotalPgMajFault != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalPgMajFault))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xd8
+	}
+	if m.TotalPgFault != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalPgFault))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xd0
+	}
+	if m.TotalPgPgOut != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalPgPgOut))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc8
+	}
+	if m.TotalPgPgIn != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalPgPgIn))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc0
+	}
+	if m.TotalWriteback != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalWriteback))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xb8
+	}
+	if m.TotalDirty != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalDirty))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xb0
+	}
+	if m.TotalMappedFile != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalMappedFile))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xa8
+	}
+	if m.TotalRSSHuge != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalRSSHuge))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xa0
+	}
+	if m.TotalRSS != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalRSS))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x98
+	}
+	if m.TotalCache != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TotalCache))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x90
+	}
+	if m.HierarchicalSwapLimit != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.HierarchicalSwapLimit))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x88
+	}
+	if m.HierarchicalMemoryLimit != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.HierarchicalMemoryLimit))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x80
+	}
+	if m.Unevictable != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Unevictable))
+		i--
+		dAtA[i] = 0x78
+	}
+	if m.ActiveFile != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ActiveFile))
+		i--
+		dAtA[i] = 0x70
+	}
+	if m.InactiveFile != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.InactiveFile))
+		i--
+		dAtA[i] = 0x68
+	}
+	if m.ActiveAnon != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ActiveAnon))
+		i--
+		dAtA[i] = 0x60
+	}
+	if m.InactiveAnon != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.InactiveAnon))
+		i--
+		dAtA[i] = 0x58
+	}
+	if m.PgMajFault != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.PgMajFault))
+		i--
+		dAtA[i] = 0x50
+	}
+	if m.PgFault != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.PgFault))
+		i--
+		dAtA[i] = 0x48
+	}
+	if m.PgPgOut != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.PgPgOut))
+		i--
+		dAtA[i] = 0x40
+	}
+	if m.PgPgIn != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.PgPgIn))
+		i--
+		dAtA[i] = 0x38
+	}
+	if m.Writeback != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Writeback))
+		i--
+		dAtA[i] = 0x30
+	}
+	if m.Dirty != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Dirty))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.MappedFile != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.MappedFile))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.RSSHuge != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.RSSHuge))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.RSS != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.RSS))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Cache != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Cache))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *MemoryEntry) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *MemoryEntry) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MemoryEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Failcnt != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Failcnt))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Max != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Max))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Usage != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Usage))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Limit != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Limit))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *MemoryOomControl) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *MemoryOomControl) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MemoryOomControl) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.OomKill != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.OomKill))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.UnderOom != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.UnderOom))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.OomKillDisable != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.OomKillDisable))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *BlkIOStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *BlkIOStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BlkIOStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.SectorsRecursive) > 0 {
+		for iNdEx := len(m.SectorsRecursive) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.SectorsRecursive[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x42
+		}
+	}
+	if len(m.IoTimeRecursive) > 0 {
+		for iNdEx := len(m.IoTimeRecursive) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.IoTimeRecursive[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
+	if len(m.IoMergedRecursive) > 0 {
+		for iNdEx := len(m.IoMergedRecursive) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.IoMergedRecursive[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x32
+		}
+	}
+	if len(m.IoWaitTimeRecursive) > 0 {
+		for iNdEx := len(m.IoWaitTimeRecursive) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.IoWaitTimeRecursive[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x2a
+		}
+	}
+	if len(m.IoServiceTimeRecursive) > 0 {
+		for iNdEx := len(m.IoServiceTimeRecursive) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.IoServiceTimeRecursive[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
+		}
+	}
+	if len(m.IoQueuedRecursive) > 0 {
+		for iNdEx := len(m.IoQueuedRecursive) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.IoQueuedRecursive[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.IoServicedRecursive) > 0 {
+		for iNdEx := len(m.IoServicedRecursive) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.IoServicedRecursive[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.IoServiceBytesRecursive) > 0 {
+		for iNdEx := len(m.IoServiceBytesRecursive) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.IoServiceBytesRecursive[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *BlkIOEntry) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *BlkIOEntry) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BlkIOEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Value != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Value))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Minor != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Minor))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Major != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Major))
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.Device) > 0 {
+		i -= len(m.Device)
+		copy(dAtA[i:], m.Device)
+		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Device)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Op) > 0 {
+		i -= len(m.Op)
+		copy(dAtA[i:], m.Op)
+		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Op)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *RdmaStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RdmaStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RdmaStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Limit) > 0 {
+		for iNdEx := len(m.Limit) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Limit[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Current) > 0 {
+		for iNdEx := len(m.Current) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Current[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *RdmaEntry) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RdmaEntry) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RdmaEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.HcaObjects != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.HcaObjects))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.HcaHandles != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.HcaHandles))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Device) > 0 {
+		i -= len(m.Device)
+		copy(dAtA[i:], m.Device)
+		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Device)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *NetworkStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *NetworkStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NetworkStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.TxDropped != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TxDropped))
+		i--
+		dAtA[i] = 0x48
+	}
+	if m.TxErrors != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TxErrors))
+		i--
+		dAtA[i] = 0x40
+	}
+	if m.TxPackets != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TxPackets))
+		i--
+		dAtA[i] = 0x38
+	}
+	if m.TxBytes != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.TxBytes))
+		i--
+		dAtA[i] = 0x30
+	}
+	if m.RxDropped != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.RxDropped))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.RxErrors != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.RxErrors))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.RxPackets != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.RxPackets))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.RxBytes != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.RxBytes))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *CgroupStats) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CgroupStats) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CgroupStats) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.NrIoWait != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.NrIoWait))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.NrUninterruptible != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.NrUninterruptible))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.NrStopped != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.NrStopped))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.NrRunning != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.NrRunning))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NrSleeping != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.NrSleeping))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintMetrics(dAtA []byte, offset int, v uint64) int {
+	offset -= sovMetrics(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func (m *Metrics) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Hugetlb) > 0 {
+		for _, e := range m.Hugetlb {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if m.Pids != nil {
+		l = m.Pids.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.CPU != nil {
+		l = m.CPU.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.Memory != nil {
+		l = m.Memory.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.Blkio != nil {
+		l = m.Blkio.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.Rdma != nil {
+		l = m.Rdma.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if len(m.Network) > 0 {
+		for _, e := range m.Network {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if m.CgroupStats != nil {
+		l = m.CgroupStats.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.MemoryOomControl != nil {
+		l = m.MemoryOomControl.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *HugetlbStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Usage != 0 {
+		n += 1 + sovMetrics(uint64(m.Usage))
+	}
+	if m.Max != 0 {
+		n += 1 + sovMetrics(uint64(m.Max))
+	}
+	if m.Failcnt != 0 {
+		n += 1 + sovMetrics(uint64(m.Failcnt))
+	}
+	l = len(m.Pagesize)
+	if l > 0 {
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *PidsStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Current != 0 {
+		n += 1 + sovMetrics(uint64(m.Current))
+	}
+	if m.Limit != 0 {
+		n += 1 + sovMetrics(uint64(m.Limit))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *CPUStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Usage != nil {
+		l = m.Usage.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.Throttling != nil {
+		l = m.Throttling.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *CPUUsage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Total != 0 {
+		n += 1 + sovMetrics(uint64(m.Total))
+	}
+	if m.Kernel != 0 {
+		n += 1 + sovMetrics(uint64(m.Kernel))
+	}
+	if m.User != 0 {
+		n += 1 + sovMetrics(uint64(m.User))
+	}
+	if len(m.PerCPU) > 0 {
+		l = 0
+		for _, e := range m.PerCPU {
+			l += sovMetrics(uint64(e))
+		}
+		n += 1 + sovMetrics(uint64(l)) + l
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *Throttle) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Periods != 0 {
+		n += 1 + sovMetrics(uint64(m.Periods))
+	}
+	if m.ThrottledPeriods != 0 {
+		n += 1 + sovMetrics(uint64(m.ThrottledPeriods))
+	}
+	if m.ThrottledTime != 0 {
+		n += 1 + sovMetrics(uint64(m.ThrottledTime))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *MemoryStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Cache != 0 {
+		n += 1 + sovMetrics(uint64(m.Cache))
+	}
+	if m.RSS != 0 {
+		n += 1 + sovMetrics(uint64(m.RSS))
+	}
+	if m.RSSHuge != 0 {
+		n += 1 + sovMetrics(uint64(m.RSSHuge))
+	}
+	if m.MappedFile != 0 {
+		n += 1 + sovMetrics(uint64(m.MappedFile))
+	}
+	if m.Dirty != 0 {
+		n += 1 + sovMetrics(uint64(m.Dirty))
+	}
+	if m.Writeback != 0 {
+		n += 1 + sovMetrics(uint64(m.Writeback))
+	}
+	if m.PgPgIn != 0 {
+		n += 1 + sovMetrics(uint64(m.PgPgIn))
+	}
+	if m.PgPgOut != 0 {
+		n += 1 + sovMetrics(uint64(m.PgPgOut))
+	}
+	if m.PgFault != 0 {
+		n += 1 + sovMetrics(uint64(m.PgFault))
+	}
+	if m.PgMajFault != 0 {
+		n += 1 + sovMetrics(uint64(m.PgMajFault))
+	}
+	if m.InactiveAnon != 0 {
+		n += 1 + sovMetrics(uint64(m.InactiveAnon))
+	}
+	if m.ActiveAnon != 0 {
+		n += 1 + sovMetrics(uint64(m.ActiveAnon))
+	}
+	if m.InactiveFile != 0 {
+		n += 1 + sovMetrics(uint64(m.InactiveFile))
+	}
+	if m.ActiveFile != 0 {
+		n += 1 + sovMetrics(uint64(m.ActiveFile))
+	}
+	if m.Unevictable != 0 {
+		n += 1 + sovMetrics(uint64(m.Unevictable))
+	}
+	if m.HierarchicalMemoryLimit != 0 {
+		n += 2 + sovMetrics(uint64(m.HierarchicalMemoryLimit))
+	}
+	if m.HierarchicalSwapLimit != 0 {
+		n += 2 + sovMetrics(uint64(m.HierarchicalSwapLimit))
+	}
+	if m.TotalCache != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalCache))
+	}
+	if m.TotalRSS != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalRSS))
+	}
+	if m.TotalRSSHuge != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalRSSHuge))
+	}
+	if m.TotalMappedFile != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalMappedFile))
+	}
+	if m.TotalDirty != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalDirty))
+	}
+	if m.TotalWriteback != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalWriteback))
+	}
+	if m.TotalPgPgIn != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalPgPgIn))
+	}
+	if m.TotalPgPgOut != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalPgPgOut))
+	}
+	if m.TotalPgFault != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalPgFault))
+	}
+	if m.TotalPgMajFault != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalPgMajFault))
+	}
+	if m.TotalInactiveAnon != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalInactiveAnon))
+	}
+	if m.TotalActiveAnon != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalActiveAnon))
+	}
+	if m.TotalInactiveFile != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalInactiveFile))
+	}
+	if m.TotalActiveFile != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalActiveFile))
+	}
+	if m.TotalUnevictable != 0 {
+		n += 2 + sovMetrics(uint64(m.TotalUnevictable))
+	}
+	if m.Usage != nil {
+		l = m.Usage.Size()
+		n += 2 + l + sovMetrics(uint64(l))
+	}
+	if m.Swap != nil {
+		l = m.Swap.Size()
+		n += 2 + l + sovMetrics(uint64(l))
+	}
+	if m.Kernel != nil {
+		l = m.Kernel.Size()
+		n += 2 + l + sovMetrics(uint64(l))
+	}
+	if m.KernelTCP != nil {
+		l = m.KernelTCP.Size()
+		n += 2 + l + sovMetrics(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *MemoryEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Limit != 0 {
+		n += 1 + sovMetrics(uint64(m.Limit))
+	}
+	if m.Usage != 0 {
+		n += 1 + sovMetrics(uint64(m.Usage))
+	}
+	if m.Max != 0 {
+		n += 1 + sovMetrics(uint64(m.Max))
+	}
+	if m.Failcnt != 0 {
+		n += 1 + sovMetrics(uint64(m.Failcnt))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *MemoryOomControl) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.OomKillDisable != 0 {
+		n += 1 + sovMetrics(uint64(m.OomKillDisable))
+	}
+	if m.UnderOom != 0 {
+		n += 1 + sovMetrics(uint64(m.UnderOom))
+	}
+	if m.OomKill != 0 {
+		n += 1 + sovMetrics(uint64(m.OomKill))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *BlkIOStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.IoServiceBytesRecursive) > 0 {
+		for _, e := range m.IoServiceBytesRecursive {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.IoServicedRecursive) > 0 {
+		for _, e := range m.IoServicedRecursive {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.IoQueuedRecursive) > 0 {
+		for _, e := range m.IoQueuedRecursive {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.IoServiceTimeRecursive) > 0 {
+		for _, e := range m.IoServiceTimeRecursive {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.IoWaitTimeRecursive) > 0 {
+		for _, e := range m.IoWaitTimeRecursive {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.IoMergedRecursive) > 0 {
+		for _, e := range m.IoMergedRecursive {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.IoTimeRecursive) > 0 {
+		for _, e := range m.IoTimeRecursive {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.SectorsRecursive) > 0 {
+		for _, e := range m.SectorsRecursive {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *BlkIOEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Op)
+	if l > 0 {
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	l = len(m.Device)
+	if l > 0 {
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.Major != 0 {
+		n += 1 + sovMetrics(uint64(m.Major))
+	}
+	if m.Minor != 0 {
+		n += 1 + sovMetrics(uint64(m.Minor))
+	}
+	if m.Value != 0 {
+		n += 1 + sovMetrics(uint64(m.Value))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *RdmaStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Current) > 0 {
+		for _, e := range m.Current {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.Limit) > 0 {
+		for _, e := range m.Limit {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *RdmaEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Device)
+	if l > 0 {
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.HcaHandles != 0 {
+		n += 1 + sovMetrics(uint64(m.HcaHandles))
+	}
+	if m.HcaObjects != 0 {
+		n += 1 + sovMetrics(uint64(m.HcaObjects))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *NetworkStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.RxBytes != 0 {
+		n += 1 + sovMetrics(uint64(m.RxBytes))
+	}
+	if m.RxPackets != 0 {
+		n += 1 + sovMetrics(uint64(m.RxPackets))
+	}
+	if m.RxErrors != 0 {
+		n += 1 + sovMetrics(uint64(m.RxErrors))
+	}
+	if m.RxDropped != 0 {
+		n += 1 + sovMetrics(uint64(m.RxDropped))
+	}
+	if m.TxBytes != 0 {
+		n += 1 + sovMetrics(uint64(m.TxBytes))
+	}
+	if m.TxPackets != 0 {
+		n += 1 + sovMetrics(uint64(m.TxPackets))
+	}
+	if m.TxErrors != 0 {
+		n += 1 + sovMetrics(uint64(m.TxErrors))
+	}
+	if m.TxDropped != 0 {
+		n += 1 + sovMetrics(uint64(m.TxDropped))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *CgroupStats) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NrSleeping != 0 {
+		n += 1 + sovMetrics(uint64(m.NrSleeping))
+	}
+	if m.NrRunning != 0 {
+		n += 1 + sovMetrics(uint64(m.NrRunning))
+	}
+	if m.NrStopped != 0 {
+		n += 1 + sovMetrics(uint64(m.NrStopped))
+	}
+	if m.NrUninterruptible != 0 {
+		n += 1 + sovMetrics(uint64(m.NrUninterruptible))
+	}
+	if m.NrIoWait != 0 {
+		n += 1 + sovMetrics(uint64(m.NrIoWait))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func sovMetrics(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozMetrics(x uint64) (n int) {
+	return sovMetrics(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *Metrics) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForHugetlb := "[]*HugetlbStat{"
+	for _, f := range this.Hugetlb {
+		repeatedStringForHugetlb += strings.Replace(f.String(), "HugetlbStat", "HugetlbStat", 1) + ","
+	}
+	repeatedStringForHugetlb += "}"
+	repeatedStringForNetwork := "[]*NetworkStat{"
+	for _, f := range this.Network {
+		repeatedStringForNetwork += strings.Replace(f.String(), "NetworkStat", "NetworkStat", 1) + ","
+	}
+	repeatedStringForNetwork += "}"
+	s := strings.Join([]string{`&Metrics{`,
+		`Hugetlb:` + repeatedStringForHugetlb + `,`,
+		`Pids:` + strings.Replace(this.Pids.String(), "PidsStat", "PidsStat", 1) + `,`,
+		`CPU:` + strings.Replace(this.CPU.String(), "CPUStat", "CPUStat", 1) + `,`,
+		`Memory:` + strings.Replace(this.Memory.String(), "MemoryStat", "MemoryStat", 1) + `,`,
+		`Blkio:` + strings.Replace(this.Blkio.String(), "BlkIOStat", "BlkIOStat", 1) + `,`,
+		`Rdma:` + strings.Replace(this.Rdma.String(), "RdmaStat", "RdmaStat", 1) + `,`,
+		`Network:` + repeatedStringForNetwork + `,`,
+		`CgroupStats:` + strings.Replace(this.CgroupStats.String(), "CgroupStats", "CgroupStats", 1) + `,`,
+		`MemoryOomControl:` + strings.Replace(this.MemoryOomControl.String(), "MemoryOomControl", "MemoryOomControl", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *HugetlbStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&HugetlbStat{`,
+		`Usage:` + fmt.Sprintf("%v", this.Usage) + `,`,
+		`Max:` + fmt.Sprintf("%v", this.Max) + `,`,
+		`Failcnt:` + fmt.Sprintf("%v", this.Failcnt) + `,`,
+		`Pagesize:` + fmt.Sprintf("%v", this.Pagesize) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *PidsStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&PidsStat{`,
+		`Current:` + fmt.Sprintf("%v", this.Current) + `,`,
+		`Limit:` + fmt.Sprintf("%v", this.Limit) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CPUStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CPUStat{`,
+		`Usage:` + strings.Replace(this.Usage.String(), "CPUUsage", "CPUUsage", 1) + `,`,
+		`Throttling:` + strings.Replace(this.Throttling.String(), "Throttle", "Throttle", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CPUUsage) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CPUUsage{`,
+		`Total:` + fmt.Sprintf("%v", this.Total) + `,`,
+		`Kernel:` + fmt.Sprintf("%v", this.Kernel) + `,`,
+		`User:` + fmt.Sprintf("%v", this.User) + `,`,
+		`PerCPU:` + fmt.Sprintf("%v", this.PerCPU) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Throttle) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Throttle{`,
+		`Periods:` + fmt.Sprintf("%v", this.Periods) + `,`,
+		`ThrottledPeriods:` + fmt.Sprintf("%v", this.ThrottledPeriods) + `,`,
+		`ThrottledTime:` + fmt.Sprintf("%v", this.ThrottledTime) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MemoryStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&MemoryStat{`,
+		`Cache:` + fmt.Sprintf("%v", this.Cache) + `,`,
+		`RSS:` + fmt.Sprintf("%v", this.RSS) + `,`,
+		`RSSHuge:` + fmt.Sprintf("%v", this.RSSHuge) + `,`,
+		`MappedFile:` + fmt.Sprintf("%v", this.MappedFile) + `,`,
+		`Dirty:` + fmt.Sprintf("%v", this.Dirty) + `,`,
+		`Writeback:` + fmt.Sprintf("%v", this.Writeback) + `,`,
+		`PgPgIn:` + fmt.Sprintf("%v", this.PgPgIn) + `,`,
+		`PgPgOut:` + fmt.Sprintf("%v", this.PgPgOut) + `,`,
+		`PgFault:` + fmt.Sprintf("%v", this.PgFault) + `,`,
+		`PgMajFault:` + fmt.Sprintf("%v", this.PgMajFault) + `,`,
+		`InactiveAnon:` + fmt.Sprintf("%v", this.InactiveAnon) + `,`,
+		`ActiveAnon:` + fmt.Sprintf("%v", this.ActiveAnon) + `,`,
+		`InactiveFile:` + fmt.Sprintf("%v", this.InactiveFile) + `,`,
+		`ActiveFile:` + fmt.Sprintf("%v", this.ActiveFile) + `,`,
+		`Unevictable:` + fmt.Sprintf("%v", this.Unevictable) + `,`,
+		`HierarchicalMemoryLimit:` + fmt.Sprintf("%v", this.HierarchicalMemoryLimit) + `,`,
+		`HierarchicalSwapLimit:` + fmt.Sprintf("%v", this.HierarchicalSwapLimit) + `,`,
+		`TotalCache:` + fmt.Sprintf("%v", this.TotalCache) + `,`,
+		`TotalRSS:` + fmt.Sprintf("%v", this.TotalRSS) + `,`,
+		`TotalRSSHuge:` + fmt.Sprintf("%v", this.TotalRSSHuge) + `,`,
+		`TotalMappedFile:` + fmt.Sprintf("%v", this.TotalMappedFile) + `,`,
+		`TotalDirty:` + fmt.Sprintf("%v", this.TotalDirty) + `,`,
+		`TotalWriteback:` + fmt.Sprintf("%v", this.TotalWriteback) + `,`,
+		`TotalPgPgIn:` + fmt.Sprintf("%v", this.TotalPgPgIn) + `,`,
+		`TotalPgPgOut:` + fmt.Sprintf("%v", this.TotalPgPgOut) + `,`,
+		`TotalPgFault:` + fmt.Sprintf("%v", this.TotalPgFault) + `,`,
+		`TotalPgMajFault:` + fmt.Sprintf("%v", this.TotalPgMajFault) + `,`,
+		`TotalInactiveAnon:` + fmt.Sprintf("%v", this.TotalInactiveAnon) + `,`,
+		`TotalActiveAnon:` + fmt.Sprintf("%v", this.TotalActiveAnon) + `,`,
+		`TotalInactiveFile:` + fmt.Sprintf("%v", this.TotalInactiveFile) + `,`,
+		`TotalActiveFile:` + fmt.Sprintf("%v", this.TotalActiveFile) + `,`,
+		`TotalUnevictable:` + fmt.Sprintf("%v", this.TotalUnevictable) + `,`,
+		`Usage:` + strings.Replace(this.Usage.String(), "MemoryEntry", "MemoryEntry", 1) + `,`,
+		`Swap:` + strings.Replace(this.Swap.String(), "MemoryEntry", "MemoryEntry", 1) + `,`,
+		`Kernel:` + strings.Replace(this.Kernel.String(), "MemoryEntry", "MemoryEntry", 1) + `,`,
+		`KernelTCP:` + strings.Replace(this.KernelTCP.String(), "MemoryEntry", "MemoryEntry", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MemoryEntry) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&MemoryEntry{`,
+		`Limit:` + fmt.Sprintf("%v", this.Limit) + `,`,
+		`Usage:` + fmt.Sprintf("%v", this.Usage) + `,`,
+		`Max:` + fmt.Sprintf("%v", this.Max) + `,`,
+		`Failcnt:` + fmt.Sprintf("%v", this.Failcnt) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MemoryOomControl) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&MemoryOomControl{`,
+		`OomKillDisable:` + fmt.Sprintf("%v", this.OomKillDisable) + `,`,
+		`UnderOom:` + fmt.Sprintf("%v", this.UnderOom) + `,`,
+		`OomKill:` + fmt.Sprintf("%v", this.OomKill) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *BlkIOStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForIoServiceBytesRecursive := "[]*BlkIOEntry{"
+	for _, f := range this.IoServiceBytesRecursive {
+		repeatedStringForIoServiceBytesRecursive += strings.Replace(f.String(), "BlkIOEntry", "BlkIOEntry", 1) + ","
+	}
+	repeatedStringForIoServiceBytesRecursive += "}"
+	repeatedStringForIoServicedRecursive := "[]*BlkIOEntry{"
+	for _, f := range this.IoServicedRecursive {
+		repeatedStringForIoServicedRecursive += strings.Replace(f.String(), "BlkIOEntry", "BlkIOEntry", 1) + ","
+	}
+	repeatedStringForIoServicedRecursive += "}"
+	repeatedStringForIoQueuedRecursive := "[]*BlkIOEntry{"
+	for _, f := range this.IoQueuedRecursive {
+		repeatedStringForIoQueuedRecursive += strings.Replace(f.String(), "BlkIOEntry", "BlkIOEntry", 1) + ","
+	}
+	repeatedStringForIoQueuedRecursive += "}"
+	repeatedStringForIoServiceTimeRecursive := "[]*BlkIOEntry{"
+	for _, f := range this.IoServiceTimeRecursive {
+		repeatedStringForIoServiceTimeRecursive += strings.Replace(f.String(), "BlkIOEntry", "BlkIOEntry", 1) + ","
+	}
+	repeatedStringForIoServiceTimeRecursive += "}"
+	repeatedStringForIoWaitTimeRecursive := "[]*BlkIOEntry{"
+	for _, f := range this.IoWaitTimeRecursive {
+		repeatedStringForIoWaitTimeRecursive += strings.Replace(f.String(), "BlkIOEntry", "BlkIOEntry", 1) + ","
+	}
+	repeatedStringForIoWaitTimeRecursive += "}"
+	repeatedStringForIoMergedRecursive := "[]*BlkIOEntry{"
+	for _, f := range this.IoMergedRecursive {
+		repeatedStringForIoMergedRecursive += strings.Replace(f.String(), "BlkIOEntry", "BlkIOEntry", 1) + ","
+	}
+	repeatedStringForIoMergedRecursive += "}"
+	repeatedStringForIoTimeRecursive := "[]*BlkIOEntry{"
+	for _, f := range this.IoTimeRecursive {
+		repeatedStringForIoTimeRecursive += strings.Replace(f.String(), "BlkIOEntry", "BlkIOEntry", 1) + ","
+	}
+	repeatedStringForIoTimeRecursive += "}"
+	repeatedStringForSectorsRecursive := "[]*BlkIOEntry{"
+	for _, f := range this.SectorsRecursive {
+		repeatedStringForSectorsRecursive += strings.Replace(f.String(), "BlkIOEntry", "BlkIOEntry", 1) + ","
+	}
+	repeatedStringForSectorsRecursive += "}"
+	s := strings.Join([]string{`&BlkIOStat{`,
+		`IoServiceBytesRecursive:` + repeatedStringForIoServiceBytesRecursive + `,`,
+		`IoServicedRecursive:` + repeatedStringForIoServicedRecursive + `,`,
+		`IoQueuedRecursive:` + repeatedStringForIoQueuedRecursive + `,`,
+		`IoServiceTimeRecursive:` + repeatedStringForIoServiceTimeRecursive + `,`,
+		`IoWaitTimeRecursive:` + repeatedStringForIoWaitTimeRecursive + `,`,
+		`IoMergedRecursive:` + repeatedStringForIoMergedRecursive + `,`,
+		`IoTimeRecursive:` + repeatedStringForIoTimeRecursive + `,`,
+		`SectorsRecursive:` + repeatedStringForSectorsRecursive + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *BlkIOEntry) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&BlkIOEntry{`,
+		`Op:` + fmt.Sprintf("%v", this.Op) + `,`,
+		`Device:` + fmt.Sprintf("%v", this.Device) + `,`,
+		`Major:` + fmt.Sprintf("%v", this.Major) + `,`,
+		`Minor:` + fmt.Sprintf("%v", this.Minor) + `,`,
+		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RdmaStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForCurrent := "[]*RdmaEntry{"
+	for _, f := range this.Current {
+		repeatedStringForCurrent += strings.Replace(f.String(), "RdmaEntry", "RdmaEntry", 1) + ","
+	}
+	repeatedStringForCurrent += "}"
+	repeatedStringForLimit := "[]*RdmaEntry{"
+	for _, f := range this.Limit {
+		repeatedStringForLimit += strings.Replace(f.String(), "RdmaEntry", "RdmaEntry", 1) + ","
+	}
+	repeatedStringForLimit += "}"
+	s := strings.Join([]string{`&RdmaStat{`,
+		`Current:` + repeatedStringForCurrent + `,`,
+		`Limit:` + repeatedStringForLimit + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RdmaEntry) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RdmaEntry{`,
+		`Device:` + fmt.Sprintf("%v", this.Device) + `,`,
+		`HcaHandles:` + fmt.Sprintf("%v", this.HcaHandles) + `,`,
+		`HcaObjects:` + fmt.Sprintf("%v", this.HcaObjects) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *NetworkStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&NetworkStat{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`RxBytes:` + fmt.Sprintf("%v", this.RxBytes) + `,`,
+		`RxPackets:` + fmt.Sprintf("%v", this.RxPackets) + `,`,
+		`RxErrors:` + fmt.Sprintf("%v", this.RxErrors) + `,`,
+		`RxDropped:` + fmt.Sprintf("%v", this.RxDropped) + `,`,
+		`TxBytes:` + fmt.Sprintf("%v", this.TxBytes) + `,`,
+		`TxPackets:` + fmt.Sprintf("%v", this.TxPackets) + `,`,
+		`TxErrors:` + fmt.Sprintf("%v", this.TxErrors) + `,`,
+		`TxDropped:` + fmt.Sprintf("%v", this.TxDropped) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CgroupStats) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CgroupStats{`,
+		`NrSleeping:` + fmt.Sprintf("%v", this.NrSleeping) + `,`,
+		`NrRunning:` + fmt.Sprintf("%v", this.NrRunning) + `,`,
+		`NrStopped:` + fmt.Sprintf("%v", this.NrStopped) + `,`,
+		`NrUninterruptible:` + fmt.Sprintf("%v", this.NrUninterruptible) + `,`,
+		`NrIoWait:` + fmt.Sprintf("%v", this.NrIoWait) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringMetrics(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *Metrics) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Metrics: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Metrics: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Hugetlb", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Hugetlb = append(m.Hugetlb, &HugetlbStat{})
+			if err := m.Hugetlb[len(m.Hugetlb)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pids", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Pids == nil {
+				m.Pids = &PidsStat{}
+			}
+			if err := m.Pids.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CPU", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.CPU == nil {
+				m.CPU = &CPUStat{}
+			}
+			if err := m.CPU.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Memory", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Memory == nil {
+				m.Memory = &MemoryStat{}
+			}
+			if err := m.Memory.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Blkio", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Blkio == nil {
+				m.Blkio = &BlkIOStat{}
+			}
+			if err := m.Blkio.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rdma", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Rdma == nil {
+				m.Rdma = &RdmaStat{}
+			}
+			if err := m.Rdma.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Network = append(m.Network, &NetworkStat{})
+			if err := m.Network[len(m.Network)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CgroupStats", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.CgroupStats == nil {
+				m.CgroupStats = &CgroupStats{}
+			}
+			if err := m.CgroupStats.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MemoryOomControl", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.MemoryOomControl == nil {
+				m.MemoryOomControl = &MemoryOomControl{}
+			}
+			if err := m.MemoryOomControl.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *HugetlbStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: HugetlbStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: HugetlbStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
+			}
+			m.Usage = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Usage |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Max", wireType)
+			}
+			m.Max = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Max |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Failcnt", wireType)
+			}
+			m.Failcnt = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Failcnt |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pagesize", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Pagesize = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *PidsStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: PidsStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: PidsStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Current", wireType)
+			}
+			m.Current = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Current |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType)
+			}
+			m.Limit = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Limit |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CPUStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CPUStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CPUStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Usage == nil {
+				m.Usage = &CPUUsage{}
+			}
+			if err := m.Usage.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Throttling", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Throttling == nil {
+				m.Throttling = &Throttle{}
+			}
+			if err := m.Throttling.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CPUUsage) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CPUUsage: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CPUUsage: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Total", wireType)
+			}
+			m.Total = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Total |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Kernel", wireType)
+			}
+			m.Kernel = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Kernel |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field User", wireType)
+			}
+			m.User = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.User |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType == 0 {
+				var v uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowMetrics
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					v |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				m.PerCPU = append(m.PerCPU, v)
+			} else if wireType == 2 {
+				var packedLen int
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowMetrics
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					packedLen |= int(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				if packedLen < 0 {
+					return ErrInvalidLengthMetrics
+				}
+				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthMetrics
+				}
+				if postIndex > l {
+					return io.ErrUnexpectedEOF
+				}
+				var elementCount int
+				var count int
+				for _, integer := range dAtA[iNdEx:postIndex] {
+					if integer < 128 {
+						count++
+					}
+				}
+				elementCount = count
+				if elementCount != 0 && len(m.PerCPU) == 0 {
+					m.PerCPU = make([]uint64, 0, elementCount)
+				}
+				for iNdEx < postIndex {
+					var v uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowMetrics
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						v |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					m.PerCPU = append(m.PerCPU, v)
+				}
+			} else {
+				return fmt.Errorf("proto: wrong wireType = %d for field PerCPU", wireType)
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Throttle) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Throttle: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Throttle: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Periods", wireType)
+			}
+			m.Periods = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Periods |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ThrottledPeriods", wireType)
+			}
+			m.ThrottledPeriods = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ThrottledPeriods |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ThrottledTime", wireType)
+			}
+			m.ThrottledTime = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ThrottledTime |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MemoryStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MemoryStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MemoryStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Cache", wireType)
+			}
+			m.Cache = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Cache |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RSS", wireType)
+			}
+			m.RSS = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.RSS |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RSSHuge", wireType)
+			}
+			m.RSSHuge = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.RSSHuge |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MappedFile", wireType)
+			}
+			m.MappedFile = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.MappedFile |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Dirty", wireType)
+			}
+			m.Dirty = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Dirty |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Writeback", wireType)
+			}
+			m.Writeback = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Writeback |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PgPgIn", wireType)
+			}
+			m.PgPgIn = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.PgPgIn |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PgPgOut", wireType)
+			}
+			m.PgPgOut = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.PgPgOut |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PgFault", wireType)
+			}
+			m.PgFault = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.PgFault |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 10:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PgMajFault", wireType)
+			}
+			m.PgMajFault = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.PgMajFault |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 11:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field InactiveAnon", wireType)
+			}
+			m.InactiveAnon = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.InactiveAnon |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 12:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ActiveAnon", wireType)
+			}
+			m.ActiveAnon = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ActiveAnon |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 13:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field InactiveFile", wireType)
+			}
+			m.InactiveFile = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.InactiveFile |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 14:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ActiveFile", wireType)
+			}
+			m.ActiveFile = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ActiveFile |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 15:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Unevictable", wireType)
+			}
+			m.Unevictable = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Unevictable |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 16:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HierarchicalMemoryLimit", wireType)
+			}
+			m.HierarchicalMemoryLimit = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.HierarchicalMemoryLimit |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 17:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HierarchicalSwapLimit", wireType)
+			}
+			m.HierarchicalSwapLimit = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.HierarchicalSwapLimit |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 18:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalCache", wireType)
+			}
+			m.TotalCache = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalCache |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 19:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalRSS", wireType)
+			}
+			m.TotalRSS = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalRSS |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 20:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalRSSHuge", wireType)
+			}
+			m.TotalRSSHuge = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalRSSHuge |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 21:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalMappedFile", wireType)
+			}
+			m.TotalMappedFile = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalMappedFile |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 22:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalDirty", wireType)
+			}
+			m.TotalDirty = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalDirty |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 23:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalWriteback", wireType)
+			}
+			m.TotalWriteback = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalWriteback |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 24:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalPgPgIn", wireType)
+			}
+			m.TotalPgPgIn = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalPgPgIn |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 25:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalPgPgOut", wireType)
+			}
+			m.TotalPgPgOut = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalPgPgOut |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 26:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalPgFault", wireType)
+			}
+			m.TotalPgFault = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalPgFault |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 27:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalPgMajFault", wireType)
+			}
+			m.TotalPgMajFault = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalPgMajFault |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 28:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalInactiveAnon", wireType)
+			}
+			m.TotalInactiveAnon = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalInactiveAnon |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 29:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalActiveAnon", wireType)
+			}
+			m.TotalActiveAnon = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalActiveAnon |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 30:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalInactiveFile", wireType)
+			}
+			m.TotalInactiveFile = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalInactiveFile |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 31:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalActiveFile", wireType)
+			}
+			m.TotalActiveFile = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalActiveFile |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 32:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalUnevictable", wireType)
+			}
+			m.TotalUnevictable = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TotalUnevictable |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 33:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Usage == nil {
+				m.Usage = &MemoryEntry{}
+			}
+			if err := m.Usage.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 34:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Swap", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Swap == nil {
+				m.Swap = &MemoryEntry{}
+			}
+			if err := m.Swap.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 35:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Kernel", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Kernel == nil {
+				m.Kernel = &MemoryEntry{}
+			}
+			if err := m.Kernel.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 36:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field KernelTCP", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.KernelTCP == nil {
+				m.KernelTCP = &MemoryEntry{}
+			}
+			if err := m.KernelTCP.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MemoryEntry) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MemoryEntry: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MemoryEntry: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType)
+			}
+			m.Limit = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Limit |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
+			}
+			m.Usage = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Usage |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Max", wireType)
+			}
+			m.Max = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Max |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Failcnt", wireType)
+			}
+			m.Failcnt = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Failcnt |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MemoryOomControl) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MemoryOomControl: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MemoryOomControl: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OomKillDisable", wireType)
+			}
+			m.OomKillDisable = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.OomKillDisable |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UnderOom", wireType)
+			}
+			m.UnderOom = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.UnderOom |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OomKill", wireType)
+			}
+			m.OomKill = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.OomKill |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *BlkIOStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: BlkIOStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: BlkIOStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoServiceBytesRecursive", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IoServiceBytesRecursive = append(m.IoServiceBytesRecursive, &BlkIOEntry{})
+			if err := m.IoServiceBytesRecursive[len(m.IoServiceBytesRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoServicedRecursive", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IoServicedRecursive = append(m.IoServicedRecursive, &BlkIOEntry{})
+			if err := m.IoServicedRecursive[len(m.IoServicedRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoQueuedRecursive", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IoQueuedRecursive = append(m.IoQueuedRecursive, &BlkIOEntry{})
+			if err := m.IoQueuedRecursive[len(m.IoQueuedRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoServiceTimeRecursive", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IoServiceTimeRecursive = append(m.IoServiceTimeRecursive, &BlkIOEntry{})
+			if err := m.IoServiceTimeRecursive[len(m.IoServiceTimeRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoWaitTimeRecursive", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IoWaitTimeRecursive = append(m.IoWaitTimeRecursive, &BlkIOEntry{})
+			if err := m.IoWaitTimeRecursive[len(m.IoWaitTimeRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoMergedRecursive", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IoMergedRecursive = append(m.IoMergedRecursive, &BlkIOEntry{})
+			if err := m.IoMergedRecursive[len(m.IoMergedRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoTimeRecursive", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IoTimeRecursive = append(m.IoTimeRecursive, &BlkIOEntry{})
+			if err := m.IoTimeRecursive[len(m.IoTimeRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SectorsRecursive", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.SectorsRecursive = append(m.SectorsRecursive, &BlkIOEntry{})
+			if err := m.SectorsRecursive[len(m.SectorsRecursive)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *BlkIOEntry) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: BlkIOEntry: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: BlkIOEntry: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Op", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Op = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Device = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Major", wireType)
+			}
+			m.Major = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Major |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Minor", wireType)
+			}
+			m.Minor = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Minor |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType)
+			}
+			m.Value = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Value |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RdmaStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RdmaStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RdmaStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Current", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Current = append(m.Current, &RdmaEntry{})
+			if err := m.Current[len(m.Current)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Limit = append(m.Limit, &RdmaEntry{})
+			if err := m.Limit[len(m.Limit)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RdmaEntry) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RdmaEntry: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RdmaEntry: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Device = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HcaHandles", wireType)
+			}
+			m.HcaHandles = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.HcaHandles |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HcaObjects", wireType)
+			}
+			m.HcaObjects = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.HcaObjects |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *NetworkStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: NetworkStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: NetworkStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RxBytes", wireType)
+			}
+			m.RxBytes = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.RxBytes |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RxPackets", wireType)
+			}
+			m.RxPackets = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.RxPackets |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RxErrors", wireType)
+			}
+			m.RxErrors = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.RxErrors |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RxDropped", wireType)
+			}
+			m.RxDropped = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.RxDropped |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TxBytes", wireType)
+			}
+			m.TxBytes = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TxBytes |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TxPackets", wireType)
+			}
+			m.TxPackets = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TxPackets |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TxErrors", wireType)
+			}
+			m.TxErrors = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TxErrors |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TxDropped", wireType)
+			}
+			m.TxDropped = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TxDropped |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CgroupStats) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CgroupStats: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CgroupStats: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NrSleeping", wireType)
+			}
+			m.NrSleeping = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.NrSleeping |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NrRunning", wireType)
+			}
+			m.NrRunning = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.NrRunning |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NrStopped", wireType)
+			}
+			m.NrStopped = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.NrStopped |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NrUninterruptible", wireType)
+			}
+			m.NrUninterruptible = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.NrUninterruptible |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NrIoWait", wireType)
+			}
+			m.NrIoWait = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.NrIoWait |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipMetrics(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	depth := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+		case 1:
+			iNdEx += 8
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if length < 0 {
+				return 0, ErrInvalidLengthMetrics
+			}
+			iNdEx += length
+		case 3:
+			depth++
+		case 4:
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupMetrics
+			}
+			depth--
+		case 5:
+			iNdEx += 4
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthMetrics
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
+	}
+	return 0, io.ErrUnexpectedEOF
+}
+
+var (
+	ErrInvalidLengthMetrics        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowMetrics          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupMetrics = fmt.Errorf("proto: unexpected end of group")
+)
diff --git a/vendor/github.com/containerd/cgroups/stats/v1/metrics.proto b/vendor/github.com/containerd/cgroups/stats/v1/metrics.proto
new file mode 100644
index 0000000000000..b3f6cc37d8c98
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/stats/v1/metrics.proto
@@ -0,0 +1,158 @@
+syntax = "proto3";
+
+package io.containerd.cgroups.v1;
+
+import "gogoproto/gogo.proto";
+
+message Metrics {
+	repeated HugetlbStat hugetlb = 1;
+	PidsStat pids = 2;
+	CPUStat cpu = 3 [(gogoproto.customname) = "CPU"];
+	MemoryStat memory = 4;
+	BlkIOStat blkio = 5;
+	RdmaStat rdma = 6;
+	repeated NetworkStat network = 7;
+	CgroupStats cgroup_stats = 8;
+	MemoryOomControl memory_oom_control = 9;
+}
+
+message HugetlbStat {
+	uint64 usage = 1;
+	uint64 max = 2;
+	uint64 failcnt = 3;
+	string pagesize = 4;
+}
+
+message PidsStat {
+	uint64 current = 1;
+	uint64 limit = 2;
+}
+
+message CPUStat {
+	CPUUsage usage = 1;
+	Throttle throttling = 2;
+}
+
+message CPUUsage {
+	// values in nanoseconds
+	uint64 total = 1;
+	uint64 kernel = 2;
+	uint64 user = 3;
+	repeated uint64 per_cpu = 4 [(gogoproto.customname) = "PerCPU"];
+
+}
+
+message Throttle {
+	uint64 periods = 1;
+	uint64 throttled_periods = 2;
+	uint64 throttled_time = 3;
+}
+
+message MemoryStat {
+	uint64 cache = 1;
+	uint64 rss = 2 [(gogoproto.customname) = "RSS"];
+	uint64 rss_huge = 3 [(gogoproto.customname) = "RSSHuge"];
+	uint64 mapped_file = 4;
+	uint64 dirty = 5;
+	uint64 writeback = 6;
+	uint64 pg_pg_in = 7;
+	uint64 pg_pg_out = 8;
+	uint64 pg_fault = 9;
+	uint64 pg_maj_fault = 10;
+	uint64 inactive_anon = 11;
+	uint64 active_anon = 12;
+	uint64 inactive_file = 13;
+	uint64 active_file = 14;
+	uint64 unevictable = 15;
+	uint64 hierarchical_memory_limit = 16;
+	uint64 hierarchical_swap_limit = 17;
+	uint64 total_cache = 18;
+	uint64 total_rss = 19 [(gogoproto.customname) = "TotalRSS"];
+	uint64 total_rss_huge = 20 [(gogoproto.customname) = "TotalRSSHuge"];
+	uint64 total_mapped_file = 21;
+	uint64 total_dirty = 22;
+	uint64 total_writeback = 23;
+	uint64 total_pg_pg_in = 24;
+	uint64 total_pg_pg_out = 25;
+	uint64 total_pg_fault = 26;
+	uint64 total_pg_maj_fault = 27;
+	uint64 total_inactive_anon = 28;
+	uint64 total_active_anon = 29;
+	uint64 total_inactive_file = 30;
+	uint64 total_active_file = 31;
+	uint64 total_unevictable = 32;
+	MemoryEntry usage = 33;
+	MemoryEntry swap = 34;
+	MemoryEntry kernel = 35;
+	MemoryEntry kernel_tcp = 36 [(gogoproto.customname) = "KernelTCP"];
+
+}
+
+message MemoryEntry {
+	uint64 limit = 1;
+	uint64 usage = 2;
+	uint64 max = 3;
+	uint64 failcnt = 4;
+}
+
+message MemoryOomControl {
+	uint64 oom_kill_disable = 1;
+	uint64 under_oom = 2;
+	uint64 oom_kill = 3;
+}
+
+message BlkIOStat {
+	repeated BlkIOEntry io_service_bytes_recursive = 1;
+	repeated BlkIOEntry io_serviced_recursive = 2;
+	repeated BlkIOEntry io_queued_recursive = 3;
+	repeated BlkIOEntry io_service_time_recursive = 4;
+	repeated BlkIOEntry io_wait_time_recursive = 5;
+	repeated BlkIOEntry io_merged_recursive = 6;
+	repeated BlkIOEntry io_time_recursive = 7;
+	repeated BlkIOEntry sectors_recursive = 8;
+}
+
+message BlkIOEntry {
+	string op = 1;
+	string device = 2;
+	uint64 major = 3;
+	uint64 minor = 4;
+	uint64 value = 5;
+}
+
+message RdmaStat {
+	repeated RdmaEntry current = 1;
+	repeated RdmaEntry limit = 2;
+}
+
+message RdmaEntry {
+	string device = 1;
+	uint32 hca_handles = 2;
+	uint32 hca_objects = 3;
+}
+
+message NetworkStat {
+	string name = 1;
+	uint64 rx_bytes = 2;
+	uint64 rx_packets = 3;
+	uint64 rx_errors  = 4;
+	uint64 rx_dropped = 5;
+	uint64 tx_bytes = 6;
+	uint64 tx_packets = 7;
+	uint64 tx_errors = 8;
+	uint64 tx_dropped = 9;
+}
+
+// CgroupStats exports per-cgroup statistics.
+message CgroupStats {
+	// number of tasks sleeping
+	uint64 nr_sleeping = 1;
+	// number of tasks running
+	uint64 nr_running = 2;
+	// number of tasks in stopped state
+	uint64 nr_stopped = 3;
+	// number of tasks in uninterruptible state
+	uint64 nr_uninterruptible = 4;
+	// number of tasks waiting on IO
+	uint64 nr_io_wait = 5;
+}
diff --git a/vendor/github.com/containerd/cgroups/subsystem.go b/vendor/github.com/containerd/cgroups/subsystem.go
index 933a6c38d6b20..b2f41854d2c51 100644
--- a/vendor/github.com/containerd/cgroups/subsystem.go
+++ b/vendor/github.com/containerd/cgroups/subsystem.go
@@ -18,7 +18,9 @@ package cgroups
 
 import (
 	"fmt"
+	"os"
 
+	v1 "github.com/containerd/cgroups/stats/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -42,10 +44,9 @@ const (
 )
 
 // Subsystems returns a complete list of the default cgroups
-// avaliable on most linux systems
+// available on most linux systems
 func Subsystems() []Name {
 	n := []Name{
-		Hugetlb,
 		Freezer,
 		Pids,
 		NetCLS,
@@ -58,9 +59,12 @@ func Subsystems() []Name {
 		Blkio,
 		Rdma,
 	}
-	if !isUserNS {
+	if !RunningInUserNS() {
 		n = append(n, Devices)
 	}
+	if _, err := os.Stat("/sys/kernel/mm/hugepages"); err == nil {
+		n = append(n, Hugetlb)
+	}
 	return n
 }
 
@@ -85,7 +89,7 @@ type deleter interface {
 
 type stater interface {
 	Subsystem
-	Stat(path string, stats *Metrics) error
+	Stat(path string, stats *v1.Metrics) error
 }
 
 type updater interface {
diff --git a/vendor/github.com/containerd/cgroups/systemd.go b/vendor/github.com/containerd/cgroups/systemd.go
index 8153d744ce8b1..c17f34a62607f 100644
--- a/vendor/github.com/containerd/cgroups/systemd.go
+++ b/vendor/github.com/containerd/cgroups/systemd.go
@@ -17,13 +17,12 @@
 package cgroups
 
 import (
-	"fmt"
 	"path/filepath"
 	"strings"
 	"sync"
 
-	systemdDbus "github.com/coreos/go-systemd/dbus"
-	"github.com/godbus/dbus"
+	systemdDbus "github.com/coreos/go-systemd/v22/dbus"
+	"github.com/godbus/dbus/v5"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -32,6 +31,11 @@ const (
 	defaultSlice      = "system.slice"
 )
 
+var (
+	canDelegate bool
+	once        sync.Once
+)
+
 func Systemd() ([]Subsystem, error) {
 	root, err := v1MountPoint()
 	if err != nil {
@@ -54,7 +58,7 @@ func Slice(slice, name string) Path {
 		slice = defaultSlice
 	}
 	return func(subsystem Name) (string, error) {
-		return filepath.Join(slice, unitName(name)), nil
+		return filepath.Join(slice, name), nil
 	}
 }
 
@@ -73,22 +77,46 @@ func (s *SystemdController) Name() Name {
 	return SystemdDbus
 }
 
-func (s *SystemdController) Create(path string, resources *specs.LinuxResources) error {
+func (s *SystemdController) Create(path string, _ *specs.LinuxResources) error {
 	conn, err := systemdDbus.New()
 	if err != nil {
 		return err
 	}
 	defer conn.Close()
 	slice, name := splitName(path)
+	// We need to see if systemd can handle the delegate property
+	// Systemd will return an error if it cannot handle delegate regardless
+	// of its bool setting.
+	checkDelegate := func() {
+		canDelegate = true
+		dlSlice := newProperty("Delegate", true)
+		if _, err := conn.StartTransientUnit(slice, "testdelegate", []systemdDbus.Property{dlSlice}, nil); err != nil {
+			if dbusError, ok := err.(dbus.Error); ok {
+				// Starting with systemd v237, Delegate is not even a property of slices anymore,
+				// so the D-Bus call fails with "InvalidArgs" error.
+				if strings.Contains(dbusError.Name, "org.freedesktop.DBus.Error.PropertyReadOnly") || strings.Contains(dbusError.Name, "org.freedesktop.DBus.Error.InvalidArgs") {
+					canDelegate = false
+				}
+			}
+		}
+
+		conn.StopUnit(slice, "testDelegate", nil)
+	}
+	once.Do(checkDelegate)
 	properties := []systemdDbus.Property{
-		systemdDbus.PropDescription(fmt.Sprintf("cgroup %s", name)),
+		systemdDbus.PropDescription("cgroup " + name),
 		systemdDbus.PropWants(slice),
 		newProperty("DefaultDependencies", false),
-		newProperty("Delegate", true),
 		newProperty("MemoryAccounting", true),
 		newProperty("CPUAccounting", true),
 		newProperty("BlockIOAccounting", true),
 	}
+
+	// If we can delegate, we add the property back in
+	if canDelegate {
+		properties = append(properties, newProperty("Delegate", true))
+	}
+
 	ch := make(chan string)
 	_, err = conn.StartTransientUnit(name, "replace", properties, ch)
 	if err != nil {
@@ -121,10 +149,6 @@ func newProperty(name string, units interface{}) systemdDbus.Property {
 	}
 }
 
-func unitName(name string) string {
-	return fmt.Sprintf("%s.slice", name)
-}
-
 func splitName(path string) (slice string, unit string) {
 	slice, unit = filepath.Split(path)
 	return strings.TrimSuffix(slice, "/"), unit
diff --git a/vendor/github.com/containerd/cgroups/utils.go b/vendor/github.com/containerd/cgroups/utils.go
index 345be4e463c0e..ed894b3ec46db 100644
--- a/vendor/github.com/containerd/cgroups/utils.go
+++ b/vendor/github.com/containerd/cgroups/utils.go
@@ -18,6 +18,7 @@ package cgroups
 
 import (
 	"bufio"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -25,41 +26,93 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
+	"sync"
+	"syscall"
 	"time"
 
 	units "github.com/docker/go-units"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"golang.org/x/sys/unix"
 )
 
-var isUserNS = runningInUserNS()
+var (
+	nsOnce    sync.Once
+	inUserNS  bool
+	checkMode sync.Once
+	cgMode    CGMode
+)
+
+const unifiedMountpoint = "/sys/fs/cgroup"
+
+// CGMode is the cgroups mode of the host system
+type CGMode int
+
+const (
+	// Unavailable cgroup mountpoint
+	Unavailable CGMode = iota
+	// Legacy cgroups v1
+	Legacy
+	// Hybrid with cgroups v1 and v2 controllers mounted
+	Hybrid
+	// Unified with only cgroups v2 mounted
+	Unified
+)
+
+// Mode returns the cgroups mode running on the host
+func Mode() CGMode {
+	checkMode.Do(func() {
+		var st unix.Statfs_t
+		if err := unix.Statfs(unifiedMountpoint, &st); err != nil {
+			cgMode = Unavailable
+			return
+		}
+		switch st.Type {
+		case unix.CGROUP2_SUPER_MAGIC:
+			cgMode = Unified
+		default:
+			cgMode = Legacy
+			if err := unix.Statfs(filepath.Join(unifiedMountpoint, "unified"), &st); err != nil {
+				return
+			}
+			if st.Type == unix.CGROUP2_SUPER_MAGIC {
+				cgMode = Hybrid
+			}
+		}
+	})
+	return cgMode
+}
 
-// runningInUserNS detects whether we are currently running in a user namespace.
+// RunningInUserNS detects whether we are currently running in a user namespace.
 // Copied from github.com/lxc/lxd/shared/util.go
-func runningInUserNS() bool {
-	file, err := os.Open("/proc/self/uid_map")
-	if err != nil {
-		// This kernel-provided file only exists if user namespaces are supported
-		return false
-	}
-	defer file.Close()
+func RunningInUserNS() bool {
+	nsOnce.Do(func() {
+		file, err := os.Open("/proc/self/uid_map")
+		if err != nil {
+			// This kernel-provided file only exists if user namespaces are supported
+			return
+		}
+		defer file.Close()
 
-	buf := bufio.NewReader(file)
-	l, _, err := buf.ReadLine()
-	if err != nil {
-		return false
-	}
+		buf := bufio.NewReader(file)
+		l, _, err := buf.ReadLine()
+		if err != nil {
+			return
+		}
 
-	line := string(l)
-	var a, b, c int64
-	fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
-	/*
-	 * We assume we are in the initial user namespace if we have a full
-	 * range - 4294967295 uids starting at uid 0.
-	 */
-	if a == 0 && b == 0 && c == 4294967295 {
-		return false
-	}
-	return true
+		line := string(l)
+		var a, b, c int64
+		fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
+
+		/*
+		 * We assume we are in the initial user namespace if we have a full
+		 * range - 4294967295 uids starting at uid 0.
+		 */
+		if a == 0 && b == 0 && c == 4294967295 {
+			return
+		}
+		inUserNS = true
+	})
+	return inUserNS
 }
 
 // defaults returns all known groups
@@ -75,7 +128,7 @@ func defaults(root string) ([]Subsystem, error) {
 		NewNetCls(root),
 		NewNetPrio(root),
 		NewPerfEvent(root),
-		NewCputset(root),
+		NewCpuset(root),
 		NewCpu(root),
 		NewCpuacct(root),
 		NewMemory(root),
@@ -84,7 +137,7 @@ func defaults(root string) ([]Subsystem, error) {
 	}
 	// only add the devices cgroup if we are not in a user namespace
 	// because modifications are not allowed
-	if !isUserNS {
+	if !RunningInUserNS() {
 		s = append(s, NewDevices(root))
 	}
 	// add the hugetlb cgroup if error wasn't due to missing hugetlb
@@ -111,7 +164,7 @@ func remove(path string) error {
 	return fmt.Errorf("cgroups: unable to remove path %q", path)
 }
 
-// readPids will read all the pids in a cgroup by the provided path
+// readPids will read all the pids of processes in a cgroup by the provided path
 func readPids(path string, subsystem Name) ([]Process, error) {
 	f, err := os.Open(filepath.Join(path, cgroupProcs))
 	if err != nil {
@@ -135,13 +188,47 @@ func readPids(path string, subsystem Name) ([]Process, error) {
 			})
 		}
 	}
+	if err := s.Err(); err != nil {
+		// failed to read all pids?
+		return nil, err
+	}
+	return out, nil
+}
+
+// readTasksPids will read all the pids of tasks in a cgroup by the provided path
+func readTasksPids(path string, subsystem Name) ([]Task, error) {
+	f, err := os.Open(filepath.Join(path, cgroupTasks))
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	var (
+		out []Task
+		s   = bufio.NewScanner(f)
+	)
+	for s.Scan() {
+		if t := s.Text(); t != "" {
+			pid, err := strconv.Atoi(t)
+			if err != nil {
+				return nil, err
+			}
+			out = append(out, Task{
+				Pid:       pid,
+				Subsystem: subsystem,
+				Path:      path,
+			})
+		}
+	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
 	return out, nil
 }
 
 func hugePageSizes() ([]string, error) {
 	var (
 		pageSizes []string
-		sizeList  = []string{"B", "kB", "MB", "GB", "TB", "PB"}
+		sizeList  = []string{"B", "KB", "MB", "GB", "TB", "PB"}
 	)
 	files, err := ioutil.ReadDir("/sys/kernel/mm/hugepages")
 	if err != nil {
@@ -213,9 +300,6 @@ func parseCgroupFromReader(r io.Reader) (map[string]string, error) {
 		s       = bufio.NewScanner(r)
 	)
 	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
 		var (
 			text  = s.Text()
 			parts = strings.SplitN(text, ":", 3)
@@ -229,6 +313,9 @@ func parseCgroupFromReader(r io.Reader) (map[string]string, error) {
 			}
 		}
 	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
 	return cgroups, nil
 }
 
@@ -240,16 +327,23 @@ func getCgroupDestination(subsystem string) (string, error) {
 	defer f.Close()
 	s := bufio.NewScanner(f)
 	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return "", err
+		fields := strings.Split(s.Text(), " ")
+		if len(fields) < 10 {
+			// broken mountinfo?
+			continue
+		}
+		if fields[len(fields)-3] != "cgroup" {
+			continue
 		}
-		fields := strings.Fields(s.Text())
 		for _, opt := range strings.Split(fields[len(fields)-1], ",") {
 			if opt == subsystem {
 				return fields[3], nil
 			}
 		}
 	}
+	if err := s.Err(); err != nil {
+		return "", err
+	}
 	return "", ErrNoCgroupMountDestination
 }
 
@@ -293,5 +387,18 @@ func cleanPath(path string) string {
 	if !filepath.IsAbs(path) {
 		path, _ = filepath.Rel(string(os.PathSeparator), filepath.Clean(string(os.PathSeparator)+path))
 	}
-	return filepath.Clean(path)
+	return path
+}
+
+func retryingWriteFile(path string, data []byte, mode os.FileMode) error {
+	// Retry writes on EINTR; see:
+	//    https://github.com/golang/go/issues/38033
+	for {
+		err := ioutil.WriteFile(path, data, mode)
+		if err == nil {
+			return nil
+		} else if !errors.Is(err, syscall.EINTR) {
+			return err
+		}
+	}
 }
diff --git a/vendor/github.com/containerd/cgroups/v1.go b/vendor/github.com/containerd/cgroups/v1.go
index a076d4692efd3..2ec215c06f424 100644
--- a/vendor/github.com/containerd/cgroups/v1.go
+++ b/vendor/github.com/containerd/cgroups/v1.go
@@ -54,28 +54,20 @@ func v1MountPoint() (string, error) {
 	defer f.Close()
 	scanner := bufio.NewScanner(f)
 	for scanner.Scan() {
-		if err := scanner.Err(); err != nil {
-			return "", err
-		}
 		var (
-			text   = scanner.Text()
-			fields = strings.Split(text, " ")
-			// safe as mountinfo encodes mountpoints with spaces as \040.
-			index               = strings.Index(text, " - ")
-			postSeparatorFields = strings.Fields(text[index+3:])
-			numPostFields       = len(postSeparatorFields)
+			text      = scanner.Text()
+			fields    = strings.Split(text, " ")
+			numFields = len(fields)
 		)
-		// this is an error as we can't detect if the mount is for "cgroup"
-		if numPostFields == 0 {
-			return "", fmt.Errorf("Found no fields post '-' in %q", text)
+		if numFields < 10 {
+			return "", fmt.Errorf("mountinfo: bad entry %q", text)
 		}
-		if postSeparatorFields[0] == "cgroup" {
-			// check that the mount is properly formated.
-			if numPostFields < 3 {
-				return "", fmt.Errorf("Error found less than 3 fields post '-' in %q", text)
-			}
+		if fields[numFields-3] == "cgroup" {
 			return filepath.Dir(fields[4]), nil
 		}
 	}
+	if err := scanner.Err(); err != nil {
+		return "", err
+	}
 	return "", ErrMountPointNotExist
 }
diff --git a/vendor/github.com/containerd/cgroups/v2/cpu.go b/vendor/github.com/containerd/cgroups/v2/cpu.go
new file mode 100644
index 0000000000000..65282ff082d21
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/cpu.go
@@ -0,0 +1,83 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import (
+	"math"
+	"strconv"
+	"strings"
+)
+
+type CPUMax string
+
+func NewCPUMax(quota *int64, period *uint64) CPUMax {
+	max := "max"
+	if quota != nil {
+		max = strconv.FormatInt(*quota, 10)
+	}
+	return CPUMax(strings.Join([]string{max, strconv.FormatUint(*period, 10)}, " "))
+}
+
+type CPU struct {
+	Weight *uint64
+	Max    CPUMax
+	Cpus   string
+	Mems   string
+}
+
+func (c CPUMax) extractQuotaAndPeriod() (int64, uint64) {
+	var (
+		quota  int64
+		period uint64
+	)
+	values := strings.Split(string(c), " ")
+	if values[0] == "max" {
+		quota = math.MaxInt64
+	} else {
+		quota, _ = strconv.ParseInt(values[0], 10, 64)
+	}
+	period, _ = strconv.ParseUint(values[1], 10, 64)
+	return quota, period
+}
+
+func (r *CPU) Values() (o []Value) {
+	if r.Weight != nil {
+		o = append(o, Value{
+			filename: "cpu.weight",
+			value:    *r.Weight,
+		})
+	}
+	if r.Max != "" {
+		o = append(o, Value{
+			filename: "cpu.max",
+			value:    r.Max,
+		})
+	}
+	if r.Cpus != "" {
+		o = append(o, Value{
+			filename: "cpuset.cpus",
+			value:    r.Cpus,
+		})
+	}
+	if r.Mems != "" {
+		o = append(o, Value{
+			filename: "cpuset.mems",
+			value:    r.Mems,
+		})
+	}
+	return o
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/devicefilter.go b/vendor/github.com/containerd/cgroups/v2/devicefilter.go
new file mode 100644
index 0000000000000..4b8c32be92860
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/devicefilter.go
@@ -0,0 +1,199 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+// Devicefilter containes eBPF device filter program
+//
+// The implementation is based on https://github.com/containers/crun/blob/0.10.2/src/libcrun/ebpf.c
+//
+// Although ebpf.c is originally licensed under LGPL-3.0-or-later, the author (Giuseppe Scrivano)
+// agreed to relicense the file in Apache License 2.0: https://github.com/opencontainers/runc/issues/2144#issuecomment-543116397
+//
+// This particular Go implementation based on runc version
+// https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/ebpf/devicefilter/devicefilter.go
+package v2
+
+import (
+	"fmt"
+	"math"
+
+	"github.com/cilium/ebpf/asm"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	// license string format is same as kernel MODULE_LICENSE macro
+	license = "Apache"
+)
+
+// DeviceFilter returns eBPF device filter program and its license string
+func DeviceFilter(devices []specs.LinuxDeviceCgroup) (asm.Instructions, string, error) {
+	p := &program{}
+	p.init()
+	for i := len(devices) - 1; i >= 0; i-- {
+		if err := p.appendDevice(devices[i]); err != nil {
+			return nil, "", err
+		}
+	}
+	insts, err := p.finalize()
+	return insts, license, err
+}
+
+type program struct {
+	insts       asm.Instructions
+	hasWildCard bool
+	blockID     int
+}
+
+func (p *program) init() {
+	// struct bpf_cgroup_dev_ctx: https://elixir.bootlin.com/linux/v5.3.6/source/include/uapi/linux/bpf.h#L3423
+	/*
+		u32 access_type
+		u32 major
+		u32 minor
+	*/
+	// R2 <- type (lower 16 bit of u32 access_type at R1[0])
+	p.insts = append(p.insts,
+		asm.LoadMem(asm.R2, asm.R1, 0, asm.Half))
+
+	// R3 <- access (upper 16 bit of u32 access_type at R1[0])
+	p.insts = append(p.insts,
+		asm.LoadMem(asm.R3, asm.R1, 0, asm.Word),
+		// RSh: bitwise shift right
+		asm.RSh.Imm32(asm.R3, 16))
+
+	// R4 <- major (u32 major at R1[4])
+	p.insts = append(p.insts,
+		asm.LoadMem(asm.R4, asm.R1, 4, asm.Word))
+
+	// R5 <- minor (u32 minor at R1[8])
+	p.insts = append(p.insts,
+		asm.LoadMem(asm.R5, asm.R1, 8, asm.Word))
+}
+
+// appendDevice needs to be called from the last element of OCI linux.resources.devices to the head element.
+func (p *program) appendDevice(dev specs.LinuxDeviceCgroup) error {
+	if p.blockID < 0 {
+		return errors.New("the program is finalized")
+	}
+	if p.hasWildCard {
+		// All entries after wildcard entry are ignored
+		return nil
+	}
+
+	bpfType := int32(-1)
+	hasType := true
+	switch dev.Type {
+	case string('c'):
+		bpfType = int32(unix.BPF_DEVCG_DEV_CHAR)
+	case string('b'):
+		bpfType = int32(unix.BPF_DEVCG_DEV_BLOCK)
+	case string('a'):
+		hasType = false
+	default:
+		// if not specified in OCI json, typ is set to DeviceTypeAll
+		return errors.Errorf("invalid DeviceType %q", dev.Type)
+	}
+	if *dev.Major > math.MaxUint32 {
+		return errors.Errorf("invalid major %d", *dev.Major)
+	}
+	if *dev.Minor > math.MaxUint32 {
+		return errors.Errorf("invalid minor %d", *dev.Major)
+	}
+	hasMajor := *dev.Major >= 0 // if not specified in OCI json, major is set to -1
+	hasMinor := *dev.Minor >= 0
+	bpfAccess := int32(0)
+	for _, r := range dev.Access {
+		switch r {
+		case 'r':
+			bpfAccess |= unix.BPF_DEVCG_ACC_READ
+		case 'w':
+			bpfAccess |= unix.BPF_DEVCG_ACC_WRITE
+		case 'm':
+			bpfAccess |= unix.BPF_DEVCG_ACC_MKNOD
+		default:
+			return errors.Errorf("unknown device access %v", r)
+		}
+	}
+	// If the access is rwm, skip the check.
+	hasAccess := bpfAccess != (unix.BPF_DEVCG_ACC_READ | unix.BPF_DEVCG_ACC_WRITE | unix.BPF_DEVCG_ACC_MKNOD)
+
+	blockSym := fmt.Sprintf("block-%d", p.blockID)
+	nextBlockSym := fmt.Sprintf("block-%d", p.blockID+1)
+	prevBlockLastIdx := len(p.insts) - 1
+	if hasType {
+		p.insts = append(p.insts,
+			// if (R2 != bpfType) goto next
+			asm.JNE.Imm(asm.R2, bpfType, nextBlockSym),
+		)
+	}
+	if hasAccess {
+		p.insts = append(p.insts,
+			// if (R3 & bpfAccess == 0 /* use R1 as a temp var */) goto next
+			asm.Mov.Reg32(asm.R1, asm.R3),
+			asm.And.Imm32(asm.R1, bpfAccess),
+			asm.JEq.Imm(asm.R1, 0, nextBlockSym),
+		)
+	}
+	if hasMajor {
+		p.insts = append(p.insts,
+			// if (R4 != major) goto next
+			asm.JNE.Imm(asm.R4, int32(*dev.Major), nextBlockSym),
+		)
+	}
+	if hasMinor {
+		p.insts = append(p.insts,
+			// if (R5 != minor) goto next
+			asm.JNE.Imm(asm.R5, int32(*dev.Minor), nextBlockSym),
+		)
+	}
+	if !hasType && !hasAccess && !hasMajor && !hasMinor {
+		p.hasWildCard = true
+	}
+	p.insts = append(p.insts, acceptBlock(dev.Allow)...)
+	// set blockSym to the first instruction we added in this iteration
+	p.insts[prevBlockLastIdx+1] = p.insts[prevBlockLastIdx+1].Sym(blockSym)
+	p.blockID++
+	return nil
+}
+
+func (p *program) finalize() (asm.Instructions, error) {
+	if p.hasWildCard {
+		// acceptBlock with asm.Return() is already inserted
+		return p.insts, nil
+	}
+	blockSym := fmt.Sprintf("block-%d", p.blockID)
+	p.insts = append(p.insts,
+		// R0 <- 0
+		asm.Mov.Imm32(asm.R0, 0).Sym(blockSym),
+		asm.Return(),
+	)
+	p.blockID = -1
+	return p.insts, nil
+}
+
+func acceptBlock(accept bool) asm.Instructions {
+	v := int32(0)
+	if accept {
+		v = 1
+	}
+	return []asm.Instruction{
+		// R0 <- v
+		asm.Mov.Imm32(asm.R0, v),
+		asm.Return(),
+	}
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/ebpf.go b/vendor/github.com/containerd/cgroups/v2/ebpf.go
new file mode 100644
index 0000000000000..bd384818c527a
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/ebpf.go
@@ -0,0 +1,95 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import (
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/asm"
+	"github.com/cilium/ebpf/link"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+// LoadAttachCgroupDeviceFilter installs eBPF device filter program to /sys/fs/cgroup/<foo> directory.
+//
+// Requires the system to be running in cgroup2 unified-mode with kernel >= 4.15 .
+//
+// https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92
+func LoadAttachCgroupDeviceFilter(insts asm.Instructions, license string, dirFD int) (func() error, error) {
+	nilCloser := func() error {
+		return nil
+	}
+	spec := &ebpf.ProgramSpec{
+		Type:         ebpf.CGroupDevice,
+		Instructions: insts,
+		License:      license,
+	}
+	prog, err := ebpf.NewProgram(spec)
+	if err != nil {
+		return nilCloser, err
+	}
+	err = link.RawAttachProgram(link.RawAttachProgramOptions{
+		Target:  dirFD,
+		Program: prog,
+		Attach:  ebpf.AttachCGroupDevice,
+		Flags:   unix.BPF_F_ALLOW_MULTI,
+	})
+	if err != nil {
+		return nilCloser, errors.Wrap(err, "failed to call BPF_PROG_ATTACH (BPF_CGROUP_DEVICE, BPF_F_ALLOW_MULTI)")
+	}
+	closer := func() error {
+		err = link.RawDetachProgram(link.RawDetachProgramOptions{
+			Target:  dirFD,
+			Program: prog,
+			Attach:  ebpf.AttachCGroupDevice,
+		})
+		if err != nil {
+			return errors.Wrap(err, "failed to call BPF_PROG_DETACH (BPF_CGROUP_DEVICE)")
+		}
+		return nil
+	}
+	return closer, nil
+}
+
+func isRWM(cgroupPermissions string) bool {
+	r := false
+	w := false
+	m := false
+	for _, rn := range cgroupPermissions {
+		switch rn {
+		case 'r':
+			r = true
+		case 'w':
+			w = true
+		case 'm':
+			m = true
+		}
+	}
+	return r && w && m
+}
+
+// the logic is from runc
+// https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/fs/devices_v2.go#L44
+func canSkipEBPFError(devices []specs.LinuxDeviceCgroup) bool {
+	for _, dev := range devices {
+		if dev.Allow || !isRWM(dev.Access) {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/errors.go b/vendor/github.com/containerd/cgroups/v2/errors.go
new file mode 100644
index 0000000000000..dfab548e35ef8
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/errors.go
@@ -0,0 +1,46 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import (
+	"errors"
+	"os"
+)
+
+var (
+	ErrInvalidPid               = errors.New("cgroups: pid must be greater than 0")
+	ErrMountPointNotExist       = errors.New("cgroups: cgroup mountpoint does not exist")
+	ErrInvalidFormat            = errors.New("cgroups: parsing file with invalid format failed")
+	ErrFreezerNotSupported      = errors.New("cgroups: freezer cgroup (v2) not supported on this system")
+	ErrMemoryNotSupported       = errors.New("cgroups: memory cgroup (v2) not supported on this system")
+	ErrPidsNotSupported         = errors.New("cgroups: pids cgroup (v2) not supported on this system")
+	ErrCPUNotSupported          = errors.New("cgroups: cpu cgroup (v2) not supported on this system")
+	ErrCgroupDeleted            = errors.New("cgroups: cgroup deleted")
+	ErrNoCgroupMountDestination = errors.New("cgroups: cannot find cgroup mount destination")
+	ErrInvalidGroupPath         = errors.New("cgroups: invalid group path")
+)
+
+// ErrorHandler is a function that handles and acts on errors
+type ErrorHandler func(err error) error
+
+// IgnoreNotExist ignores any errors that are for not existing files
+func IgnoreNotExist(err error) error {
+	if os.IsNotExist(err) {
+		return nil
+	}
+	return err
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/hugetlb.go b/vendor/github.com/containerd/cgroups/v2/hugetlb.go
new file mode 100644
index 0000000000000..16b35bd780be7
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/hugetlb.go
@@ -0,0 +1,37 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import "strings"
+
+type HugeTlb []HugeTlbEntry
+
+type HugeTlbEntry struct {
+	HugePageSize string
+	Limit        uint64
+}
+
+func (r *HugeTlb) Values() (o []Value) {
+	for _, e := range *r {
+		o = append(o, Value{
+			filename: strings.Join([]string{"hugetlb", e.HugePageSize, "max"}, "."),
+			value:    e.Limit,
+		})
+	}
+
+	return o
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/io.go b/vendor/github.com/containerd/cgroups/v2/io.go
new file mode 100644
index 0000000000000..70078d576ec38
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/io.go
@@ -0,0 +1,64 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import "fmt"
+
+type IOType string
+
+const (
+	ReadBPS   IOType = "rbps"
+	WriteBPS  IOType = "wbps"
+	ReadIOPS  IOType = "riops"
+	WriteIOPS IOType = "wiops"
+)
+
+type BFQ struct {
+	Weight uint16
+}
+
+type Entry struct {
+	Type  IOType
+	Major int64
+	Minor int64
+	Rate  uint64
+}
+
+func (e Entry) String() string {
+	return fmt.Sprintf("%d:%d %s=%d", e.Major, e.Minor, e.Type, e.Rate)
+}
+
+type IO struct {
+	BFQ BFQ
+	Max []Entry
+}
+
+func (i *IO) Values() (o []Value) {
+	if i.BFQ.Weight != 0 {
+		o = append(o, Value{
+			filename: "io.bfq.weight",
+			value:    i.BFQ.Weight,
+		})
+	}
+	for _, e := range i.Max {
+		o = append(o, Value{
+			filename: "io.max",
+			value:    e.String(),
+		})
+	}
+	return o
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/manager.go b/vendor/github.com/containerd/cgroups/v2/manager.go
new file mode 100644
index 0000000000000..3bb546cb66e18
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/manager.go
@@ -0,0 +1,782 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import (
+	"bufio"
+	"io/ioutil"
+	"math"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/containerd/cgroups/v2/stats"
+	systemdDbus "github.com/coreos/go-systemd/v22/dbus"
+	"github.com/godbus/dbus/v5"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	subtreeControl     = "cgroup.subtree_control"
+	controllersFile    = "cgroup.controllers"
+	defaultCgroup2Path = "/sys/fs/cgroup"
+	defaultSlice       = "system.slice"
+)
+
+var (
+	canDelegate bool
+)
+
+type Event struct {
+	Low     uint64
+	High    uint64
+	Max     uint64
+	OOM     uint64
+	OOMKill uint64
+}
+
+// Resources for a cgroups v2 unified hierarchy
+type Resources struct {
+	CPU     *CPU
+	Memory  *Memory
+	Pids    *Pids
+	IO      *IO
+	RDMA    *RDMA
+	HugeTlb *HugeTlb
+	// When len(Devices) is zero, devices are not controlled
+	Devices []specs.LinuxDeviceCgroup
+}
+
+// Values returns the raw filenames and values that
+// can be written to the unified hierarchy
+func (r *Resources) Values() (o []Value) {
+	if r.CPU != nil {
+		o = append(o, r.CPU.Values()...)
+	}
+	if r.Memory != nil {
+		o = append(o, r.Memory.Values()...)
+	}
+	if r.Pids != nil {
+		o = append(o, r.Pids.Values()...)
+	}
+	if r.IO != nil {
+		o = append(o, r.IO.Values()...)
+	}
+	if r.RDMA != nil {
+		o = append(o, r.RDMA.Values()...)
+	}
+	if r.HugeTlb != nil {
+		o = append(o, r.HugeTlb.Values()...)
+	}
+	return o
+}
+
+// EnabledControllers returns the list of all not nil resource controllers
+func (r *Resources) EnabledControllers() (c []string) {
+	if r.CPU != nil {
+		c = append(c, "cpu")
+		c = append(c, "cpuset")
+	}
+	if r.Memory != nil {
+		c = append(c, "memory")
+	}
+	if r.Pids != nil {
+		c = append(c, "pids")
+	}
+	if r.IO != nil {
+		c = append(c, "io")
+	}
+	if r.RDMA != nil {
+		c = append(c, "rdma")
+	}
+	if r.HugeTlb != nil {
+		c = append(c, "hugetlb")
+	}
+	return
+}
+
+// Value of a cgroup setting
+type Value struct {
+	filename string
+	value    interface{}
+}
+
+// write the value to the full, absolute path, of a unified hierarchy
+func (c *Value) write(path string, perm os.FileMode) error {
+	var data []byte
+	switch t := c.value.(type) {
+	case uint64:
+		data = []byte(strconv.FormatUint(t, 10))
+	case uint16:
+		data = []byte(strconv.FormatUint(uint64(t), 10))
+	case int64:
+		data = []byte(strconv.FormatInt(t, 10))
+	case []byte:
+		data = t
+	case string:
+		data = []byte(t)
+	case CPUMax:
+		data = []byte(t)
+	default:
+		return ErrInvalidFormat
+	}
+
+	// Retry writes on EINTR; see:
+	//    https://github.com/golang/go/issues/38033
+	for {
+		err := ioutil.WriteFile(
+			filepath.Join(path, c.filename),
+			data,
+			perm,
+		)
+		if err == nil {
+			return nil
+		} else if !errors.Is(err, syscall.EINTR) {
+			return err
+		}
+	}
+}
+
+func writeValues(path string, values []Value) error {
+	for _, o := range values {
+		if err := o.write(path, defaultFilePerm); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func NewManager(mountpoint string, group string, resources *Resources) (*Manager, error) {
+	if resources == nil {
+		return nil, errors.New("resources reference is nil")
+	}
+	if err := VerifyGroupPath(group); err != nil {
+		return nil, err
+	}
+	path := filepath.Join(mountpoint, group)
+	if err := os.MkdirAll(path, defaultDirPerm); err != nil {
+		return nil, err
+	}
+	m := Manager{
+		unifiedMountpoint: mountpoint,
+		path:              path,
+	}
+	if err := m.ToggleControllers(resources.EnabledControllers(), Enable); err != nil {
+		// clean up cgroup dir on failure
+		os.Remove(path)
+		return nil, err
+	}
+	if err := setResources(path, resources); err != nil {
+		os.Remove(path)
+		return nil, err
+	}
+	return &m, nil
+}
+
+func LoadManager(mountpoint string, group string) (*Manager, error) {
+	if err := VerifyGroupPath(group); err != nil {
+		return nil, err
+	}
+	path := filepath.Join(mountpoint, group)
+	return &Manager{
+		unifiedMountpoint: mountpoint,
+		path:              path,
+	}, nil
+}
+
+type Manager struct {
+	unifiedMountpoint string
+	path              string
+}
+
+func setResources(path string, resources *Resources) error {
+	if resources != nil {
+		if err := writeValues(path, resources.Values()); err != nil {
+			return err
+		}
+		if err := setDevices(path, resources.Devices); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *Manager) RootControllers() ([]string, error) {
+	b, err := ioutil.ReadFile(filepath.Join(c.unifiedMountpoint, controllersFile))
+	if err != nil {
+		return nil, err
+	}
+	return strings.Fields(string(b)), nil
+}
+
+func (c *Manager) Controllers() ([]string, error) {
+	b, err := ioutil.ReadFile(filepath.Join(c.path, controllersFile))
+	if err != nil {
+		return nil, err
+	}
+	return strings.Fields(string(b)), nil
+}
+
+type ControllerToggle int
+
+const (
+	Enable ControllerToggle = iota + 1
+	Disable
+)
+
+func toggleFunc(controllers []string, prefix string) []string {
+	out := make([]string, len(controllers))
+	for i, c := range controllers {
+		out[i] = prefix + c
+	}
+	return out
+}
+
+func (c *Manager) ToggleControllers(controllers []string, t ControllerToggle) error {
+	// when c.path is like /foo/bar/baz, the following files need to be written:
+	// * /sys/fs/cgroup/cgroup.subtree_control
+	// * /sys/fs/cgroup/foo/cgroup.subtree_control
+	// * /sys/fs/cgroup/foo/bar/cgroup.subtree_control
+	// Note that /sys/fs/cgroup/foo/bar/baz/cgroup.subtree_control does not need to be written.
+	split := strings.Split(c.path, "/")
+	var lastErr error
+	for i := range split {
+		f := strings.Join(split[:i], "/")
+		if !strings.HasPrefix(f, c.unifiedMountpoint) || f == c.path {
+			continue
+		}
+		filePath := filepath.Join(f, subtreeControl)
+		if err := c.writeSubtreeControl(filePath, controllers, t); err != nil {
+			// When running as rootless, the user may face EPERM on parent groups, but it is neglible when the
+			// controller is already written.
+			// So we only return the last error.
+			lastErr = errors.Wrapf(err, "failed to write subtree controllers %+v to %q", controllers, filePath)
+		}
+	}
+	return lastErr
+}
+
+func (c *Manager) writeSubtreeControl(filePath string, controllers []string, t ControllerToggle) error {
+	f, err := os.OpenFile(filePath, os.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	switch t {
+	case Enable:
+		controllers = toggleFunc(controllers, "+")
+	case Disable:
+		controllers = toggleFunc(controllers, "-")
+	}
+	_, err = f.WriteString(strings.Join(controllers, " "))
+	return err
+}
+
+func (c *Manager) NewChild(name string, resources *Resources) (*Manager, error) {
+	if strings.HasPrefix(name, "/") {
+		return nil, errors.New("name must be relative")
+	}
+	path := filepath.Join(c.path, name)
+	if err := os.MkdirAll(path, defaultDirPerm); err != nil {
+		return nil, err
+	}
+	if err := setResources(path, resources); err != nil {
+		// clean up cgroup dir on failure
+		os.Remove(path)
+		return nil, err
+	}
+	return &Manager{
+		unifiedMountpoint: c.unifiedMountpoint,
+		path:              path,
+	}, nil
+}
+
+func (c *Manager) AddProc(pid uint64) error {
+	v := Value{
+		filename: cgroupProcs,
+		value:    pid,
+	}
+	return writeValues(c.path, []Value{v})
+}
+
+func (c *Manager) Delete() error {
+	return remove(c.path)
+}
+
+func (c *Manager) Procs(recursive bool) ([]uint64, error) {
+	var processes []uint64
+	err := filepath.Walk(c.path, func(p string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if !recursive && info.IsDir() {
+			if p == c.path {
+				return nil
+			}
+			return filepath.SkipDir
+		}
+		_, name := filepath.Split(p)
+		if name != cgroupProcs {
+			return nil
+		}
+		procs, err := parseCgroupProcsFile(p)
+		if err != nil {
+			return err
+		}
+		processes = append(processes, procs...)
+		return nil
+	})
+	return processes, err
+}
+
+var singleValueFiles = []string{
+	"pids.current",
+	"pids.max",
+}
+
+func (c *Manager) Stat() (*stats.Metrics, error) {
+	controllers, err := c.Controllers()
+	if err != nil {
+		return nil, err
+	}
+	out := make(map[string]interface{})
+	for _, controller := range controllers {
+		switch controller {
+		case "cpu", "memory":
+			if err := readKVStatsFile(c.path, controller+".stat", out); err != nil {
+				if os.IsNotExist(err) {
+					continue
+				}
+				return nil, err
+			}
+		}
+	}
+	for _, name := range singleValueFiles {
+		if err := readSingleFile(c.path, name, out); err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, err
+		}
+	}
+	memoryEvents := make(map[string]interface{})
+	if err := readKVStatsFile(c.path, "memory.events", memoryEvents); err != nil {
+		if !os.IsNotExist(err) {
+			return nil, err
+		}
+	}
+	var metrics stats.Metrics
+
+	metrics.Pids = &stats.PidsStat{
+		Current: getPidValue("pids.current", out),
+		Limit:   getPidValue("pids.max", out),
+	}
+	metrics.CPU = &stats.CPUStat{
+		UsageUsec:     getUint64Value("usage_usec", out),
+		UserUsec:      getUint64Value("user_usec", out),
+		SystemUsec:    getUint64Value("system_usec", out),
+		NrPeriods:     getUint64Value("nr_periods", out),
+		NrThrottled:   getUint64Value("nr_throttled", out),
+		ThrottledUsec: getUint64Value("throttled_usec", out),
+	}
+	metrics.Memory = &stats.MemoryStat{
+		Anon:                  getUint64Value("anon", out),
+		File:                  getUint64Value("file", out),
+		KernelStack:           getUint64Value("kernel_stack", out),
+		Slab:                  getUint64Value("slab", out),
+		Sock:                  getUint64Value("sock", out),
+		Shmem:                 getUint64Value("shmem", out),
+		FileMapped:            getUint64Value("file_mapped", out),
+		FileDirty:             getUint64Value("file_dirty", out),
+		FileWriteback:         getUint64Value("file_writeback", out),
+		AnonThp:               getUint64Value("anon_thp", out),
+		InactiveAnon:          getUint64Value("inactive_anon", out),
+		ActiveAnon:            getUint64Value("active_anon", out),
+		InactiveFile:          getUint64Value("inactive_file", out),
+		ActiveFile:            getUint64Value("active_file", out),
+		Unevictable:           getUint64Value("unevictable", out),
+		SlabReclaimable:       getUint64Value("slab_reclaimable", out),
+		SlabUnreclaimable:     getUint64Value("slab_unreclaimable", out),
+		Pgfault:               getUint64Value("pgfault", out),
+		Pgmajfault:            getUint64Value("pgmajfault", out),
+		WorkingsetRefault:     getUint64Value("workingset_refault", out),
+		WorkingsetActivate:    getUint64Value("workingset_activate", out),
+		WorkingsetNodereclaim: getUint64Value("workingset_nodereclaim", out),
+		Pgrefill:              getUint64Value("pgrefill", out),
+		Pgscan:                getUint64Value("pgscan", out),
+		Pgsteal:               getUint64Value("pgsteal", out),
+		Pgactivate:            getUint64Value("pgactivate", out),
+		Pgdeactivate:          getUint64Value("pgdeactivate", out),
+		Pglazyfree:            getUint64Value("pglazyfree", out),
+		Pglazyfreed:           getUint64Value("pglazyfreed", out),
+		ThpFaultAlloc:         getUint64Value("thp_fault_alloc", out),
+		ThpCollapseAlloc:      getUint64Value("thp_collapse_alloc", out),
+		Usage:                 getStatFileContentUint64(filepath.Join(c.path, "memory.current")),
+		UsageLimit:            getStatFileContentUint64(filepath.Join(c.path, "memory.max")),
+		SwapUsage:             getStatFileContentUint64(filepath.Join(c.path, "memory.swap.current")),
+		SwapLimit:             getStatFileContentUint64(filepath.Join(c.path, "memory.swap.max")),
+	}
+	if len(memoryEvents) > 0 {
+		metrics.MemoryEvents = &stats.MemoryEvents{
+			Low:     getUint64Value("low", memoryEvents),
+			High:    getUint64Value("high", memoryEvents),
+			Max:     getUint64Value("max", memoryEvents),
+			Oom:     getUint64Value("oom", memoryEvents),
+			OomKill: getUint64Value("oom_kill", memoryEvents),
+		}
+	}
+	metrics.Io = &stats.IOStat{Usage: readIoStats(c.path)}
+	metrics.Rdma = &stats.RdmaStat{
+		Current: rdmaStats(filepath.Join(c.path, "rdma.current")),
+		Limit:   rdmaStats(filepath.Join(c.path, "rdma.max")),
+	}
+	metrics.Hugetlb = readHugeTlbStats(c.path)
+
+	return &metrics, nil
+}
+
+func getUint64Value(key string, out map[string]interface{}) uint64 {
+	v, ok := out[key]
+	if !ok {
+		return 0
+	}
+	switch t := v.(type) {
+	case uint64:
+		return t
+	}
+	return 0
+}
+
+func getPidValue(key string, out map[string]interface{}) uint64 {
+	v, ok := out[key]
+	if !ok {
+		return 0
+	}
+	switch t := v.(type) {
+	case uint64:
+		return t
+	case string:
+		if t == "max" {
+			return math.MaxUint64
+		}
+	}
+	return 0
+}
+
+func readSingleFile(path string, file string, out map[string]interface{}) error {
+	f, err := os.Open(filepath.Join(path, file))
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	data, err := ioutil.ReadAll(f)
+	if err != nil {
+		return err
+	}
+	s := strings.TrimSpace(string(data))
+	v, err := parseUint(s, 10, 64)
+	if err != nil {
+		// if we cannot parse as a uint, parse as a string
+		out[file] = s
+		return nil
+	}
+	out[file] = v
+	return nil
+}
+
+func readKVStatsFile(path string, file string, out map[string]interface{}) error {
+	f, err := os.Open(filepath.Join(path, file))
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		name, value, err := parseKV(s.Text())
+		if err != nil {
+			return errors.Wrapf(err, "error while parsing %s (line=%q)", filepath.Join(path, file), s.Text())
+		}
+		out[name] = value
+	}
+	return s.Err()
+}
+
+func (c *Manager) Freeze() error {
+	return c.freeze(c.path, Frozen)
+}
+
+func (c *Manager) Thaw() error {
+	return c.freeze(c.path, Thawed)
+}
+
+func (c *Manager) freeze(path string, state State) error {
+	values := state.Values()
+	for {
+		if err := writeValues(path, values); err != nil {
+			return err
+		}
+		current, err := fetchState(path)
+		if err != nil {
+			return err
+		}
+		if current == state {
+			return nil
+		}
+		time.Sleep(1 * time.Millisecond)
+	}
+}
+
+// MemoryEventFD returns inotify file descriptor and 'memory.events' inotify watch descriptor
+func (c *Manager) MemoryEventFD() (int, uint32, error) {
+	fpath := filepath.Join(c.path, "memory.events")
+	fd, err := syscall.InotifyInit()
+	if err != nil {
+		return 0, 0, errors.Errorf("Failed to create inotify fd")
+	}
+	wd, err := syscall.InotifyAddWatch(fd, fpath, unix.IN_MODIFY)
+	if wd < 0 {
+		syscall.Close(fd)
+		return 0, 0, errors.Errorf("Failed to add inotify watch for %q", fpath)
+	}
+
+	return fd, uint32(wd), nil
+}
+
+func (c *Manager) EventChan() (<-chan Event, <-chan error) {
+	ec := make(chan Event)
+	errCh := make(chan error)
+	go c.waitForEvents(ec, errCh)
+
+	return ec, nil
+}
+
+func (c *Manager) waitForEvents(ec chan<- Event, errCh chan<- error) {
+	fd, wd, err := c.MemoryEventFD()
+
+	defer syscall.InotifyRmWatch(fd, wd)
+	defer syscall.Close(fd)
+
+	if err != nil {
+		errCh <- err
+		return
+	}
+
+	for {
+		buffer := make([]byte, syscall.SizeofInotifyEvent*10)
+		bytesRead, err := syscall.Read(fd, buffer)
+		if err != nil {
+			errCh <- err
+			return
+		}
+		if bytesRead >= syscall.SizeofInotifyEvent {
+			out := make(map[string]interface{})
+			if err := readKVStatsFile(c.path, "memory.events", out); err == nil {
+				e := Event{}
+				if v, ok := out["high"]; ok {
+					e.High, ok = v.(uint64)
+					if !ok {
+						errCh <- errors.Errorf("cannot convert high to uint64: %+v", v)
+						return
+					}
+				}
+				if v, ok := out["low"]; ok {
+					e.Low, ok = v.(uint64)
+					if !ok {
+						errCh <- errors.Errorf("cannot convert low to uint64: %+v", v)
+						return
+					}
+				}
+				if v, ok := out["max"]; ok {
+					e.Max, ok = v.(uint64)
+					if !ok {
+						errCh <- errors.Errorf("cannot convert max to uint64: %+v", v)
+						return
+					}
+				}
+				if v, ok := out["oom"]; ok {
+					e.OOM, ok = v.(uint64)
+					if !ok {
+						errCh <- errors.Errorf("cannot convert oom to uint64: %+v", v)
+						return
+					}
+				}
+				if v, ok := out["oom_kill"]; ok {
+					e.OOMKill, ok = v.(uint64)
+					if !ok {
+						errCh <- errors.Errorf("cannot convert oom_kill to uint64: %+v", v)
+						return
+					}
+				}
+				ec <- e
+			} else {
+				errCh <- err
+				return
+			}
+		}
+	}
+}
+
+func setDevices(path string, devices []specs.LinuxDeviceCgroup) error {
+	if len(devices) == 0 {
+		return nil
+	}
+	insts, license, err := DeviceFilter(devices)
+	if err != nil {
+		return err
+	}
+	dirFD, err := unix.Open(path, unix.O_DIRECTORY|unix.O_RDONLY, 0600)
+	if err != nil {
+		return errors.Errorf("cannot get dir FD for %s", path)
+	}
+	defer unix.Close(dirFD)
+	if _, err := LoadAttachCgroupDeviceFilter(insts, license, dirFD); err != nil {
+		if !canSkipEBPFError(devices) {
+			return err
+		}
+	}
+	return nil
+}
+
+func NewSystemd(slice, group string, pid int, resources *Resources) (*Manager, error) {
+	if slice == "" {
+		slice = defaultSlice
+	}
+	path := filepath.Join(defaultCgroup2Path, slice, group)
+	conn, err := systemdDbus.New()
+	if err != nil {
+		return &Manager{}, err
+	}
+	defer conn.Close()
+
+	properties := []systemdDbus.Property{
+		systemdDbus.PropDescription("cgroup " + group),
+		newSystemdProperty("DefaultDependencies", false),
+		newSystemdProperty("MemoryAccounting", true),
+		newSystemdProperty("CPUAccounting", true),
+		newSystemdProperty("IOAccounting", true),
+	}
+
+	// if we create a slice, the parent is defined via a Wants=
+	if strings.HasSuffix(group, ".slice") {
+		properties = append(properties, systemdDbus.PropWants(defaultSlice))
+	} else {
+		// otherwise, we use Slice=
+		properties = append(properties, systemdDbus.PropSlice(defaultSlice))
+	}
+
+	// only add pid if its valid, -1 is used w/ general slice creation.
+	if pid != -1 {
+		properties = append(properties, newSystemdProperty("PIDs", []uint32{uint32(pid)}))
+	}
+
+	if resources.Memory != nil && *resources.Memory.Max != 0 {
+		properties = append(properties,
+			newSystemdProperty("MemoryMax", uint64(*resources.Memory.Max)))
+	}
+
+	if resources.CPU != nil && *resources.CPU.Weight != 0 {
+		properties = append(properties,
+			newSystemdProperty("CPUWeight", *resources.CPU.Weight))
+	}
+
+	if resources.CPU != nil && resources.CPU.Max != "" {
+		quota, period := resources.CPU.Max.extractQuotaAndPeriod()
+		// cpu.cfs_quota_us and cpu.cfs_period_us are controlled by systemd.
+		// corresponds to USEC_INFINITY in systemd
+		// if USEC_INFINITY is provided, CPUQuota is left unbound by systemd
+		// always setting a property value ensures we can apply a quota and remove it later
+		cpuQuotaPerSecUSec := uint64(math.MaxUint64)
+		if quota > 0 {
+			// systemd converts CPUQuotaPerSecUSec (microseconds per CPU second) to CPUQuota
+			// (integer percentage of CPU) internally.  This means that if a fractional percent of
+			// CPU is indicated by Resources.CpuQuota, we need to round up to the nearest
+			// 10ms (1% of a second) such that child cgroups can set the cpu.cfs_quota_us they expect.
+			cpuQuotaPerSecUSec = uint64(quota*1000000) / period
+			if cpuQuotaPerSecUSec%10000 != 0 {
+				cpuQuotaPerSecUSec = ((cpuQuotaPerSecUSec / 10000) + 1) * 10000
+			}
+		}
+		properties = append(properties,
+			newSystemdProperty("CPUQuotaPerSecUSec", cpuQuotaPerSecUSec))
+	}
+
+	// If we can delegate, we add the property back in
+	if canDelegate {
+		properties = append(properties, newSystemdProperty("Delegate", true))
+	}
+
+	if resources.Pids != nil && resources.Pids.Max > 0 {
+		properties = append(properties,
+			newSystemdProperty("TasksAccounting", true),
+			newSystemdProperty("TasksMax", uint64(resources.Pids.Max)))
+	}
+
+	statusChan := make(chan string, 1)
+	if _, err := conn.StartTransientUnit(group, "replace", properties, statusChan); err == nil {
+		select {
+		case <-statusChan:
+		case <-time.After(time.Second):
+			logrus.Warnf("Timed out while waiting for StartTransientUnit(%s) completion signal from dbus. Continuing...", group)
+		}
+	} else if !isUnitExists(err) {
+		return &Manager{}, err
+	}
+
+	return &Manager{
+		path: path,
+	}, nil
+}
+
+func LoadSystemd(slice, group string) (*Manager, error) {
+	if slice == "" {
+		slice = defaultSlice
+	}
+	group = filepath.Join(defaultCgroup2Path, slice, group)
+	return &Manager{
+		path: group,
+	}, nil
+}
+
+func (c *Manager) DeleteSystemd() error {
+	conn, err := systemdDbus.New()
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+	group := systemdUnitFromPath(c.path)
+	ch := make(chan string)
+	_, err = conn.StopUnit(group, "replace", ch)
+	if err != nil {
+		return err
+	}
+	<-ch
+	return nil
+}
+
+func newSystemdProperty(name string, units interface{}) systemdDbus.Property {
+	return systemdDbus.Property{
+		Name:  name,
+		Value: dbus.MakeVariant(units),
+	}
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/memory.go b/vendor/github.com/containerd/cgroups/v2/memory.go
new file mode 100644
index 0000000000000..72f94b738b8f3
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/memory.go
@@ -0,0 +1,52 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+type Memory struct {
+	Swap *int64
+	Max  *int64
+	Low  *int64
+	High *int64
+}
+
+func (r *Memory) Values() (o []Value) {
+	if r.Swap != nil {
+		o = append(o, Value{
+			filename: "memory.swap.max",
+			value:    *r.Swap,
+		})
+	}
+	if r.Max != nil {
+		o = append(o, Value{
+			filename: "memory.max",
+			value:    *r.Max,
+		})
+	}
+	if r.Low != nil {
+		o = append(o, Value{
+			filename: "memory.low",
+			value:    *r.Low,
+		})
+	}
+	if r.High != nil {
+		o = append(o, Value{
+			filename: "memory.high",
+			value:    *r.High,
+		})
+	}
+	return o
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/paths.go b/vendor/github.com/containerd/cgroups/v2/paths.go
new file mode 100644
index 0000000000000..c4778c14244be
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/paths.go
@@ -0,0 +1,60 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+)
+
+// NestedGroupPath will nest the cgroups based on the calling processes cgroup
+// placing its child processes inside its own path
+func NestedGroupPath(suffix string) (string, error) {
+	path, err := parseCgroupFile("/proc/self/cgroup")
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(path, suffix), nil
+}
+
+// PidGroupPath will return the correct cgroup paths for an existing process running inside a cgroup
+// This is commonly used for the Load function to restore an existing container
+func PidGroupPath(pid int) (string, error) {
+	p := fmt.Sprintf("/proc/%d/cgroup", pid)
+	return parseCgroupFile(p)
+}
+
+// VerifyGroupPath verifies the format of group path string g.
+// The format is same as the third field in /proc/PID/cgroup.
+// e.g. "/user.slice/user-1001.slice/session-1.scope"
+//
+// g must be a "clean" absolute path starts with "/", and must not contain "/sys/fs/cgroup" prefix.
+//
+// VerifyGroupPath doesn't verify whether g actually exists on the system.
+func VerifyGroupPath(g string) error {
+	if !strings.HasPrefix(g, "/") {
+		return ErrInvalidGroupPath
+	}
+	if filepath.Clean(g) != g {
+		return ErrInvalidGroupPath
+	}
+	if strings.HasPrefix(g, "/sys/fs/cgroup") {
+		return ErrInvalidGroupPath
+	}
+	return nil
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/pids.go b/vendor/github.com/containerd/cgroups/v2/pids.go
new file mode 100644
index 0000000000000..0b5aa0c3bf782
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/pids.go
@@ -0,0 +1,37 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import "strconv"
+
+type Pids struct {
+	Max int64
+}
+
+func (r *Pids) Values() (o []Value) {
+	if r.Max != 0 {
+		limit := "max"
+		if r.Max > 0 {
+			limit = strconv.FormatInt(r.Max, 10)
+		}
+		o = append(o, Value{
+			filename: "pids.max",
+			value:    limit,
+		})
+	}
+	return o
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/rdma.go b/vendor/github.com/containerd/cgroups/v2/rdma.go
new file mode 100644
index 0000000000000..44caa4f57a3ca
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/rdma.go
@@ -0,0 +1,46 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import (
+	"fmt"
+)
+
+type RDMA struct {
+	Limit []RDMAEntry
+}
+
+type RDMAEntry struct {
+	Device     string
+	HcaHandles uint32
+	HcaObjects uint32
+}
+
+func (r RDMAEntry) String() string {
+	return fmt.Sprintf("%s hca_handle=%d hca_object=%d", r.Device, r.HcaHandles, r.HcaObjects)
+}
+
+func (r *RDMA) Values() (o []Value) {
+	for _, e := range r.Limit {
+		o = append(o, Value{
+			filename: "rdma.max",
+			value:    e.String(),
+		})
+	}
+
+	return o
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/state.go b/vendor/github.com/containerd/cgroups/v2/state.go
new file mode 100644
index 0000000000000..09b75b6c3dd32
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/state.go
@@ -0,0 +1,65 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import (
+	"io/ioutil"
+	"path/filepath"
+	"strings"
+)
+
+// State is a type that represents the state of the current cgroup
+type State string
+
+const (
+	Unknown State = ""
+	Thawed  State = "thawed"
+	Frozen  State = "frozen"
+	Deleted State = "deleted"
+
+	cgroupFreeze = "cgroup.freeze"
+)
+
+func (s State) Values() []Value {
+	v := Value{
+		filename: cgroupFreeze,
+	}
+	switch s {
+	case Frozen:
+		v.value = "1"
+	case Thawed:
+		v.value = "0"
+	}
+	return []Value{
+		v,
+	}
+}
+
+func fetchState(path string) (State, error) {
+	current, err := ioutil.ReadFile(filepath.Join(path, cgroupFreeze))
+	if err != nil {
+		return Unknown, err
+	}
+	switch strings.TrimSpace(string(current)) {
+	case "1":
+		return Frozen, nil
+	case "0":
+		return Thawed, nil
+	default:
+		return Unknown, nil
+	}
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/stats/doc.go b/vendor/github.com/containerd/cgroups/v2/stats/doc.go
new file mode 100644
index 0000000000000..e51e12f800400
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/stats/doc.go
@@ -0,0 +1,17 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package stats
diff --git a/vendor/github.com/containerd/cgroups/v2/stats/metrics.pb.go b/vendor/github.com/containerd/cgroups/v2/stats/metrics.pb.go
new file mode 100644
index 0000000000000..0bd493998f71f
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/stats/metrics.pb.go
@@ -0,0 +1,3992 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: github.com/containerd/cgroups/v2/stats/metrics.proto
+
+package stats
+
+import (
+	fmt "fmt"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
+type Metrics struct {
+	Pids                 *PidsStat      `protobuf:"bytes,1,opt,name=pids,proto3" json:"pids,omitempty"`
+	CPU                  *CPUStat       `protobuf:"bytes,2,opt,name=cpu,proto3" json:"cpu,omitempty"`
+	Memory               *MemoryStat    `protobuf:"bytes,4,opt,name=memory,proto3" json:"memory,omitempty"`
+	Rdma                 *RdmaStat      `protobuf:"bytes,5,opt,name=rdma,proto3" json:"rdma,omitempty"`
+	Io                   *IOStat        `protobuf:"bytes,6,opt,name=io,proto3" json:"io,omitempty"`
+	Hugetlb              []*HugeTlbStat `protobuf:"bytes,7,rep,name=hugetlb,proto3" json:"hugetlb,omitempty"`
+	MemoryEvents         *MemoryEvents  `protobuf:"bytes,8,opt,name=memory_events,json=memoryEvents,proto3" json:"memory_events,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *Metrics) Reset()      { *m = Metrics{} }
+func (*Metrics) ProtoMessage() {}
+func (*Metrics) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{0}
+}
+func (m *Metrics) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Metrics) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Metrics.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Metrics) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Metrics.Merge(m, src)
+}
+func (m *Metrics) XXX_Size() int {
+	return m.Size()
+}
+func (m *Metrics) XXX_DiscardUnknown() {
+	xxx_messageInfo_Metrics.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Metrics proto.InternalMessageInfo
+
+type PidsStat struct {
+	Current              uint64   `protobuf:"varint,1,opt,name=current,proto3" json:"current,omitempty"`
+	Limit                uint64   `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PidsStat) Reset()      { *m = PidsStat{} }
+func (*PidsStat) ProtoMessage() {}
+func (*PidsStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{1}
+}
+func (m *PidsStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PidsStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PidsStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PidsStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PidsStat.Merge(m, src)
+}
+func (m *PidsStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *PidsStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_PidsStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PidsStat proto.InternalMessageInfo
+
+type CPUStat struct {
+	UsageUsec            uint64   `protobuf:"varint,1,opt,name=usage_usec,json=usageUsec,proto3" json:"usage_usec,omitempty"`
+	UserUsec             uint64   `protobuf:"varint,2,opt,name=user_usec,json=userUsec,proto3" json:"user_usec,omitempty"`
+	SystemUsec           uint64   `protobuf:"varint,3,opt,name=system_usec,json=systemUsec,proto3" json:"system_usec,omitempty"`
+	NrPeriods            uint64   `protobuf:"varint,4,opt,name=nr_periods,json=nrPeriods,proto3" json:"nr_periods,omitempty"`
+	NrThrottled          uint64   `protobuf:"varint,5,opt,name=nr_throttled,json=nrThrottled,proto3" json:"nr_throttled,omitempty"`
+	ThrottledUsec        uint64   `protobuf:"varint,6,opt,name=throttled_usec,json=throttledUsec,proto3" json:"throttled_usec,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CPUStat) Reset()      { *m = CPUStat{} }
+func (*CPUStat) ProtoMessage() {}
+func (*CPUStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{2}
+}
+func (m *CPUStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CPUStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CPUStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CPUStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CPUStat.Merge(m, src)
+}
+func (m *CPUStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *CPUStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_CPUStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CPUStat proto.InternalMessageInfo
+
+type MemoryStat struct {
+	Anon                  uint64   `protobuf:"varint,1,opt,name=anon,proto3" json:"anon,omitempty"`
+	File                  uint64   `protobuf:"varint,2,opt,name=file,proto3" json:"file,omitempty"`
+	KernelStack           uint64   `protobuf:"varint,3,opt,name=kernel_stack,json=kernelStack,proto3" json:"kernel_stack,omitempty"`
+	Slab                  uint64   `protobuf:"varint,4,opt,name=slab,proto3" json:"slab,omitempty"`
+	Sock                  uint64   `protobuf:"varint,5,opt,name=sock,proto3" json:"sock,omitempty"`
+	Shmem                 uint64   `protobuf:"varint,6,opt,name=shmem,proto3" json:"shmem,omitempty"`
+	FileMapped            uint64   `protobuf:"varint,7,opt,name=file_mapped,json=fileMapped,proto3" json:"file_mapped,omitempty"`
+	FileDirty             uint64   `protobuf:"varint,8,opt,name=file_dirty,json=fileDirty,proto3" json:"file_dirty,omitempty"`
+	FileWriteback         uint64   `protobuf:"varint,9,opt,name=file_writeback,json=fileWriteback,proto3" json:"file_writeback,omitempty"`
+	AnonThp               uint64   `protobuf:"varint,10,opt,name=anon_thp,json=anonThp,proto3" json:"anon_thp,omitempty"`
+	InactiveAnon          uint64   `protobuf:"varint,11,opt,name=inactive_anon,json=inactiveAnon,proto3" json:"inactive_anon,omitempty"`
+	ActiveAnon            uint64   `protobuf:"varint,12,opt,name=active_anon,json=activeAnon,proto3" json:"active_anon,omitempty"`
+	InactiveFile          uint64   `protobuf:"varint,13,opt,name=inactive_file,json=inactiveFile,proto3" json:"inactive_file,omitempty"`
+	ActiveFile            uint64   `protobuf:"varint,14,opt,name=active_file,json=activeFile,proto3" json:"active_file,omitempty"`
+	Unevictable           uint64   `protobuf:"varint,15,opt,name=unevictable,proto3" json:"unevictable,omitempty"`
+	SlabReclaimable       uint64   `protobuf:"varint,16,opt,name=slab_reclaimable,json=slabReclaimable,proto3" json:"slab_reclaimable,omitempty"`
+	SlabUnreclaimable     uint64   `protobuf:"varint,17,opt,name=slab_unreclaimable,json=slabUnreclaimable,proto3" json:"slab_unreclaimable,omitempty"`
+	Pgfault               uint64   `protobuf:"varint,18,opt,name=pgfault,proto3" json:"pgfault,omitempty"`
+	Pgmajfault            uint64   `protobuf:"varint,19,opt,name=pgmajfault,proto3" json:"pgmajfault,omitempty"`
+	WorkingsetRefault     uint64   `protobuf:"varint,20,opt,name=workingset_refault,json=workingsetRefault,proto3" json:"workingset_refault,omitempty"`
+	WorkingsetActivate    uint64   `protobuf:"varint,21,opt,name=workingset_activate,json=workingsetActivate,proto3" json:"workingset_activate,omitempty"`
+	WorkingsetNodereclaim uint64   `protobuf:"varint,22,opt,name=workingset_nodereclaim,json=workingsetNodereclaim,proto3" json:"workingset_nodereclaim,omitempty"`
+	Pgrefill              uint64   `protobuf:"varint,23,opt,name=pgrefill,proto3" json:"pgrefill,omitempty"`
+	Pgscan                uint64   `protobuf:"varint,24,opt,name=pgscan,proto3" json:"pgscan,omitempty"`
+	Pgsteal               uint64   `protobuf:"varint,25,opt,name=pgsteal,proto3" json:"pgsteal,omitempty"`
+	Pgactivate            uint64   `protobuf:"varint,26,opt,name=pgactivate,proto3" json:"pgactivate,omitempty"`
+	Pgdeactivate          uint64   `protobuf:"varint,27,opt,name=pgdeactivate,proto3" json:"pgdeactivate,omitempty"`
+	Pglazyfree            uint64   `protobuf:"varint,28,opt,name=pglazyfree,proto3" json:"pglazyfree,omitempty"`
+	Pglazyfreed           uint64   `protobuf:"varint,29,opt,name=pglazyfreed,proto3" json:"pglazyfreed,omitempty"`
+	ThpFaultAlloc         uint64   `protobuf:"varint,30,opt,name=thp_fault_alloc,json=thpFaultAlloc,proto3" json:"thp_fault_alloc,omitempty"`
+	ThpCollapseAlloc      uint64   `protobuf:"varint,31,opt,name=thp_collapse_alloc,json=thpCollapseAlloc,proto3" json:"thp_collapse_alloc,omitempty"`
+	Usage                 uint64   `protobuf:"varint,32,opt,name=usage,proto3" json:"usage,omitempty"`
+	UsageLimit            uint64   `protobuf:"varint,33,opt,name=usage_limit,json=usageLimit,proto3" json:"usage_limit,omitempty"`
+	SwapUsage             uint64   `protobuf:"varint,34,opt,name=swap_usage,json=swapUsage,proto3" json:"swap_usage,omitempty"`
+	SwapLimit             uint64   `protobuf:"varint,35,opt,name=swap_limit,json=swapLimit,proto3" json:"swap_limit,omitempty"`
+	XXX_NoUnkeyedLiteral  struct{} `json:"-"`
+	XXX_unrecognized      []byte   `json:"-"`
+	XXX_sizecache         int32    `json:"-"`
+}
+
+func (m *MemoryStat) Reset()      { *m = MemoryStat{} }
+func (*MemoryStat) ProtoMessage() {}
+func (*MemoryStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{3}
+}
+func (m *MemoryStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MemoryStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MemoryStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MemoryStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MemoryStat.Merge(m, src)
+}
+func (m *MemoryStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *MemoryStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_MemoryStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MemoryStat proto.InternalMessageInfo
+
+type MemoryEvents struct {
+	Low                  uint64   `protobuf:"varint,1,opt,name=low,proto3" json:"low,omitempty"`
+	High                 uint64   `protobuf:"varint,2,opt,name=high,proto3" json:"high,omitempty"`
+	Max                  uint64   `protobuf:"varint,3,opt,name=max,proto3" json:"max,omitempty"`
+	Oom                  uint64   `protobuf:"varint,4,opt,name=oom,proto3" json:"oom,omitempty"`
+	OomKill              uint64   `protobuf:"varint,5,opt,name=oom_kill,json=oomKill,proto3" json:"oom_kill,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *MemoryEvents) Reset()      { *m = MemoryEvents{} }
+func (*MemoryEvents) ProtoMessage() {}
+func (*MemoryEvents) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{4}
+}
+func (m *MemoryEvents) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MemoryEvents) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MemoryEvents.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MemoryEvents) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MemoryEvents.Merge(m, src)
+}
+func (m *MemoryEvents) XXX_Size() int {
+	return m.Size()
+}
+func (m *MemoryEvents) XXX_DiscardUnknown() {
+	xxx_messageInfo_MemoryEvents.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MemoryEvents proto.InternalMessageInfo
+
+type RdmaStat struct {
+	Current              []*RdmaEntry `protobuf:"bytes,1,rep,name=current,proto3" json:"current,omitempty"`
+	Limit                []*RdmaEntry `protobuf:"bytes,2,rep,name=limit,proto3" json:"limit,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
+	XXX_unrecognized     []byte       `json:"-"`
+	XXX_sizecache        int32        `json:"-"`
+}
+
+func (m *RdmaStat) Reset()      { *m = RdmaStat{} }
+func (*RdmaStat) ProtoMessage() {}
+func (*RdmaStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{5}
+}
+func (m *RdmaStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RdmaStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RdmaStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RdmaStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RdmaStat.Merge(m, src)
+}
+func (m *RdmaStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *RdmaStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_RdmaStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RdmaStat proto.InternalMessageInfo
+
+type RdmaEntry struct {
+	Device               string   `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"`
+	HcaHandles           uint32   `protobuf:"varint,2,opt,name=hca_handles,json=hcaHandles,proto3" json:"hca_handles,omitempty"`
+	HcaObjects           uint32   `protobuf:"varint,3,opt,name=hca_objects,json=hcaObjects,proto3" json:"hca_objects,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *RdmaEntry) Reset()      { *m = RdmaEntry{} }
+func (*RdmaEntry) ProtoMessage() {}
+func (*RdmaEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{6}
+}
+func (m *RdmaEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RdmaEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RdmaEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RdmaEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RdmaEntry.Merge(m, src)
+}
+func (m *RdmaEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *RdmaEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_RdmaEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RdmaEntry proto.InternalMessageInfo
+
+type IOStat struct {
+	Usage                []*IOEntry `protobuf:"bytes,1,rep,name=usage,proto3" json:"usage,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *IOStat) Reset()      { *m = IOStat{} }
+func (*IOStat) ProtoMessage() {}
+func (*IOStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{7}
+}
+func (m *IOStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *IOStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_IOStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *IOStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_IOStat.Merge(m, src)
+}
+func (m *IOStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *IOStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_IOStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_IOStat proto.InternalMessageInfo
+
+type IOEntry struct {
+	Major                uint64   `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"`
+	Minor                uint64   `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"`
+	Rbytes               uint64   `protobuf:"varint,3,opt,name=rbytes,proto3" json:"rbytes,omitempty"`
+	Wbytes               uint64   `protobuf:"varint,4,opt,name=wbytes,proto3" json:"wbytes,omitempty"`
+	Rios                 uint64   `protobuf:"varint,5,opt,name=rios,proto3" json:"rios,omitempty"`
+	Wios                 uint64   `protobuf:"varint,6,opt,name=wios,proto3" json:"wios,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *IOEntry) Reset()      { *m = IOEntry{} }
+func (*IOEntry) ProtoMessage() {}
+func (*IOEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{8}
+}
+func (m *IOEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *IOEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_IOEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *IOEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_IOEntry.Merge(m, src)
+}
+func (m *IOEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *IOEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_IOEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_IOEntry proto.InternalMessageInfo
+
+type HugeTlbStat struct {
+	Current              uint64   `protobuf:"varint,1,opt,name=current,proto3" json:"current,omitempty"`
+	Max                  uint64   `protobuf:"varint,2,opt,name=max,proto3" json:"max,omitempty"`
+	Pagesize             string   `protobuf:"bytes,3,opt,name=pagesize,proto3" json:"pagesize,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *HugeTlbStat) Reset()      { *m = HugeTlbStat{} }
+func (*HugeTlbStat) ProtoMessage() {}
+func (*HugeTlbStat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2fc6005842049e6b, []int{9}
+}
+func (m *HugeTlbStat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HugeTlbStat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_HugeTlbStat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *HugeTlbStat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HugeTlbStat.Merge(m, src)
+}
+func (m *HugeTlbStat) XXX_Size() int {
+	return m.Size()
+}
+func (m *HugeTlbStat) XXX_DiscardUnknown() {
+	xxx_messageInfo_HugeTlbStat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HugeTlbStat proto.InternalMessageInfo
+
+func init() {
+	proto.RegisterType((*Metrics)(nil), "io.containerd.cgroups.v2.Metrics")
+	proto.RegisterType((*PidsStat)(nil), "io.containerd.cgroups.v2.PidsStat")
+	proto.RegisterType((*CPUStat)(nil), "io.containerd.cgroups.v2.CPUStat")
+	proto.RegisterType((*MemoryStat)(nil), "io.containerd.cgroups.v2.MemoryStat")
+	proto.RegisterType((*MemoryEvents)(nil), "io.containerd.cgroups.v2.MemoryEvents")
+	proto.RegisterType((*RdmaStat)(nil), "io.containerd.cgroups.v2.RdmaStat")
+	proto.RegisterType((*RdmaEntry)(nil), "io.containerd.cgroups.v2.RdmaEntry")
+	proto.RegisterType((*IOStat)(nil), "io.containerd.cgroups.v2.IOStat")
+	proto.RegisterType((*IOEntry)(nil), "io.containerd.cgroups.v2.IOEntry")
+	proto.RegisterType((*HugeTlbStat)(nil), "io.containerd.cgroups.v2.HugeTlbStat")
+}
+
+func init() {
+	proto.RegisterFile("github.com/containerd/cgroups/v2/stats/metrics.proto", fileDescriptor_2fc6005842049e6b)
+}
+
+var fileDescriptor_2fc6005842049e6b = []byte{
+	// 1198 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0x4d, 0x73, 0xd4, 0x46,
+	0x13, 0x66, 0xed, 0xc5, 0xeb, 0xed, 0xb5, 0xc1, 0x0c, 0x86, 0x57, 0xc0, 0xcb, 0xda, 0x5e, 0x02,
+	0x45, 0xaa, 0x92, 0xdd, 0x94, 0xf3, 0x55, 0x49, 0x91, 0x4a, 0x19, 0x02, 0x45, 0x8a, 0x10, 0x5c,
+	0x02, 0x57, 0x8e, 0xaa, 0x59, 0x69, 0x2c, 0x0d, 0x96, 0x34, 0xaa, 0x99, 0x91, 0x1d, 0x73, 0xca,
+	0x21, 0xd7, 0x54, 0x7e, 0x4d, 0xfe, 0x03, 0xb7, 0xe4, 0x98, 0x53, 0x2a, 0xf8, 0x97, 0xa4, 0xba,
+	0x67, 0x64, 0x29, 0x07, 0x43, 0x6e, 0xd3, 0x4f, 0x3f, 0xdd, 0xea, 0x8f, 0x99, 0x6e, 0xc1, 0x27,
+	0xa9, 0xb4, 0x59, 0x3d, 0x9f, 0xc6, 0xaa, 0x98, 0xc5, 0xaa, 0xb4, 0x5c, 0x96, 0x42, 0x27, 0xb3,
+	0x38, 0xd5, 0xaa, 0xae, 0xcc, 0xec, 0x70, 0x7b, 0x66, 0x2c, 0xb7, 0x66, 0x56, 0x08, 0xab, 0x65,
+	0x6c, 0xa6, 0x95, 0x56, 0x56, 0xb1, 0x40, 0xaa, 0x69, 0xcb, 0x9e, 0x7a, 0xf6, 0xf4, 0x70, 0xfb,
+	0xfa, 0x7a, 0xaa, 0x52, 0x45, 0xa4, 0x19, 0x9e, 0x1c, 0x7f, 0xf2, 0xdb, 0x22, 0x0c, 0x9e, 0x3a,
+	0x0f, 0xec, 0x33, 0xe8, 0x57, 0x32, 0x31, 0x41, 0x6f, 0xb3, 0x77, 0x77, 0xb4, 0x3d, 0x99, 0x9e,
+	0xe5, 0x6a, 0xba, 0x2b, 0x13, 0xf3, 0xdc, 0x72, 0x1b, 0x12, 0x9f, 0xdd, 0x83, 0xc5, 0xb8, 0xaa,
+	0x83, 0x05, 0x32, 0xdb, 0x3a, 0xdb, 0xec, 0xc1, 0xee, 0x1e, 0x5a, 0xdd, 0x1f, 0x9c, 0xfc, 0xb5,
+	0xb1, 0xf8, 0x60, 0x77, 0x2f, 0x44, 0x33, 0x76, 0x0f, 0x96, 0x0a, 0x51, 0x28, 0x7d, 0x1c, 0xf4,
+	0xc9, 0xc1, 0x7b, 0x67, 0x3b, 0x78, 0x4a, 0x3c, 0xfa, 0xb2, 0xb7, 0xc1, 0x98, 0x75, 0x52, 0xf0,
+	0xe0, 0xfc, 0xbb, 0x62, 0x0e, 0x93, 0x82, 0xbb, 0x98, 0x91, 0xcf, 0x3e, 0x82, 0x05, 0xa9, 0x82,
+	0x25, 0xb2, 0xda, 0x3c, 0xdb, 0xea, 0xdb, 0x67, 0x64, 0xb3, 0x20, 0x15, 0xfb, 0x1a, 0x06, 0x59,
+	0x9d, 0x0a, 0x9b, 0xcf, 0x83, 0xc1, 0xe6, 0xe2, 0xdd, 0xd1, 0xf6, 0xed, 0xb3, 0xcd, 0x1e, 0xd7,
+	0xa9, 0x78, 0x91, 0xcf, 0xc9, 0xb6, 0xb1, 0x62, 0x4f, 0x60, 0xd5, 0x05, 0x1d, 0x89, 0x43, 0x51,
+	0x5a, 0x13, 0x2c, 0xd3, 0xd7, 0xef, 0xbc, 0x2b, 0xdf, 0x87, 0xc4, 0x0e, 0x57, 0x8a, 0x8e, 0x34,
+	0xf9, 0x12, 0x96, 0x9b, 0x2e, 0xb0, 0x00, 0x06, 0x71, 0xad, 0xb5, 0x28, 0x2d, 0xb5, 0xae, 0x1f,
+	0x36, 0x22, 0x5b, 0x87, 0xf3, 0xb9, 0x2c, 0xa4, 0xa5, 0xde, 0xf4, 0x43, 0x27, 0x4c, 0x7e, 0xef,
+	0xc1, 0xc0, 0xf7, 0x82, 0xdd, 0x04, 0xa8, 0x0d, 0x4f, 0x45, 0x54, 0x1b, 0x11, 0x7b, 0xf3, 0x21,
+	0x21, 0x7b, 0x46, 0xc4, 0xec, 0x06, 0x0c, 0x6b, 0x23, 0xb4, 0xd3, 0x3a, 0x27, 0xcb, 0x08, 0x90,
+	0x72, 0x03, 0x46, 0xe6, 0xd8, 0x58, 0x51, 0x38, 0xf5, 0x22, 0xa9, 0xc1, 0x41, 0x44, 0xb8, 0x09,
+	0x50, 0xea, 0xa8, 0x12, 0x5a, 0xaa, 0xc4, 0x50, 0x7b, 0xfb, 0xe1, 0xb0, 0xd4, 0xbb, 0x0e, 0x60,
+	0x5b, 0xb0, 0x52, 0xea, 0xc8, 0x66, 0x5a, 0x59, 0x9b, 0x8b, 0x84, 0x7a, 0xd8, 0x0f, 0x47, 0xa5,
+	0x7e, 0xd1, 0x40, 0xec, 0x36, 0x5c, 0x38, 0xd5, 0xbb, 0xaf, 0x2c, 0x11, 0x69, 0xf5, 0x14, 0xc5,
+	0x0f, 0x4d, 0x7e, 0x1d, 0x02, 0xb4, 0x97, 0x83, 0x31, 0xe8, 0xf3, 0x52, 0x95, 0x3e, 0x1d, 0x3a,
+	0x23, 0xb6, 0x2f, 0x73, 0xe1, 0x93, 0xa0, 0x33, 0x06, 0x70, 0x20, 0x74, 0x29, 0xf2, 0xc8, 0x58,
+	0x1e, 0x1f, 0xf8, 0x0c, 0x46, 0x0e, 0x7b, 0x8e, 0x10, 0x9a, 0x99, 0x9c, 0xcf, 0x7d, 0xf0, 0x74,
+	0x26, 0x4c, 0xc5, 0x07, 0x3e, 0x5e, 0x3a, 0x63, 0xa5, 0x4d, 0x56, 0x88, 0xc2, 0xc7, 0xe7, 0x04,
+	0xac, 0x10, 0x7e, 0x28, 0x2a, 0x78, 0x55, 0x89, 0x24, 0x18, 0xb8, 0x0a, 0x21, 0xf4, 0x94, 0x10,
+	0xac, 0x10, 0x11, 0x12, 0xa9, 0xed, 0x31, 0x5d, 0x88, 0x7e, 0x38, 0x44, 0xe4, 0x1b, 0x04, 0x30,
+	0x7d, 0x52, 0x1f, 0x69, 0x69, 0xc5, 0x1c, 0x43, 0x1c, 0xba, 0xf4, 0x11, 0xfd, 0xa1, 0x01, 0xd9,
+	0x35, 0x58, 0xc6, 0x1c, 0x23, 0x9b, 0x55, 0x01, 0xb8, 0x1b, 0x80, 0xf2, 0x8b, 0xac, 0x62, 0xb7,
+	0x60, 0x55, 0x96, 0x3c, 0xb6, 0xf2, 0x50, 0x44, 0x54, 0x93, 0x11, 0xe9, 0x57, 0x1a, 0x70, 0x07,
+	0x6b, 0xb3, 0x01, 0xa3, 0x2e, 0x65, 0xc5, 0x85, 0xd9, 0x21, 0x74, 0xbd, 0x50, 0x15, 0x57, 0xff,
+	0xed, 0xe5, 0x11, 0x56, 0xb3, 0xf5, 0x42, 0x94, 0x0b, 0x5d, 0x2f, 0x44, 0xd8, 0x84, 0x51, 0x5d,
+	0x8a, 0x43, 0x19, 0x5b, 0x3e, 0xcf, 0x45, 0x70, 0xd1, 0x55, 0xbb, 0x03, 0xb1, 0xf7, 0x61, 0x0d,
+	0x2b, 0x1c, 0x69, 0x11, 0xe7, 0x5c, 0x16, 0x44, 0x5b, 0x23, 0xda, 0x45, 0xc4, 0xc3, 0x16, 0x66,
+	0x1f, 0x02, 0x23, 0x6a, 0x5d, 0x76, 0xc9, 0x97, 0x88, 0x7c, 0x09, 0x35, 0x7b, 0x5d, 0x05, 0xbe,
+	0x91, 0x2a, 0xdd, 0xe7, 0x75, 0x6e, 0x03, 0xe6, 0x2a, 0xe4, 0x45, 0x36, 0x06, 0xa8, 0xd2, 0x82,
+	0xbf, 0x74, 0xca, 0xcb, 0x2e, 0xea, 0x16, 0xc1, 0x0f, 0x1d, 0x29, 0x7d, 0x20, 0xcb, 0xd4, 0x08,
+	0x1b, 0x69, 0xe1, 0x78, 0xeb, 0xee, 0x43, 0xad, 0x26, 0x74, 0x0a, 0x36, 0x83, 0xcb, 0x1d, 0x3a,
+	0x65, 0xcf, 0xad, 0x08, 0xae, 0x10, 0xbf, 0xe3, 0x69, 0xc7, 0x6b, 0xd8, 0xa7, 0x70, 0xb5, 0x63,
+	0x50, 0xaa, 0x44, 0xf8, 0xb8, 0x83, 0xab, 0x64, 0x73, 0xa5, 0xd5, 0x7e, 0xdf, 0x2a, 0xd9, 0x75,
+	0x58, 0xae, 0x52, 0x2d, 0xf6, 0x65, 0x9e, 0x07, 0xff, 0x73, 0x0f, 0xb3, 0x91, 0xd9, 0x55, 0x58,
+	0xaa, 0x52, 0x13, 0xf3, 0x32, 0x08, 0x48, 0xe3, 0x25, 0x57, 0x04, 0x63, 0x05, 0xcf, 0x83, 0x6b,
+	0x4d, 0x11, 0x48, 0x74, 0x45, 0x38, 0x0d, 0xf6, 0x7a, 0x53, 0x84, 0x06, 0x61, 0x13, 0x58, 0xa9,
+	0xd2, 0x44, 0x9c, 0x32, 0x6e, 0xb8, 0xfe, 0x77, 0x31, 0xe7, 0x23, 0xe7, 0xaf, 0x8e, 0xf7, 0xb5,
+	0x10, 0xc1, 0xff, 0x1b, 0x1f, 0x0d, 0x82, 0xed, 0x6f, 0xa5, 0x24, 0xb8, 0xe9, 0xda, 0xdf, 0x81,
+	0xd8, 0x1d, 0xb8, 0x68, 0xb3, 0x2a, 0xa2, 0x42, 0x46, 0x3c, 0xcf, 0x55, 0x1c, 0x8c, 0x9b, 0xe7,
+	0x5e, 0x3d, 0x42, 0x74, 0x07, 0x41, 0xf6, 0x01, 0x30, 0xe4, 0xc5, 0x2a, 0xcf, 0x79, 0x65, 0x84,
+	0xa7, 0x6e, 0x10, 0x75, 0xcd, 0x66, 0xd5, 0x03, 0xaf, 0x70, 0xec, 0x75, 0x38, 0x4f, 0x03, 0x2d,
+	0xd8, 0x74, 0x4f, 0x93, 0x04, 0xbc, 0xad, 0x6e, 0xf0, 0xb9, 0x01, 0xb9, 0xe5, 0xc2, 0x25, 0xe8,
+	0x3b, 0x44, 0xf0, 0x69, 0x9a, 0x23, 0x5e, 0x45, 0xce, 0x76, 0xe2, 0x9e, 0x26, 0x22, 0x7b, 0x64,
+	0xdf, 0xa8, 0x9d, 0xf9, 0xad, 0x56, 0x4d, 0xd6, 0x13, 0x03, 0x2b, 0xdd, 0xe9, 0xcd, 0xd6, 0x60,
+	0x31, 0x57, 0x47, 0x7e, 0x22, 0xe1, 0x11, 0xa7, 0x48, 0x26, 0xd3, 0xac, 0x19, 0x48, 0x78, 0x46,
+	0x56, 0xc1, 0x7f, 0xf4, 0x73, 0x08, 0x8f, 0x88, 0x28, 0x55, 0xf8, 0xf1, 0x83, 0x47, 0x7c, 0xec,
+	0x4a, 0x15, 0xd1, 0x01, 0x36, 0xde, 0x4d, 0xa0, 0x81, 0x52, 0xc5, 0x13, 0x99, 0xe7, 0x93, 0x9f,
+	0x7b, 0xb0, 0xdc, 0xec, 0x39, 0xf6, 0x55, 0x77, 0x2b, 0xe0, 0xbe, 0xba, 0xf5, 0xf6, 0xe5, 0xf8,
+	0xb0, 0xb4, 0xfa, 0xb8, 0x5d, 0x1d, 0x5f, 0xb4, 0xab, 0xe3, 0x3f, 0x1b, 0xfb, 0xfd, 0x22, 0x60,
+	0x78, 0x8a, 0xe1, 0x5d, 0x4c, 0xf0, 0x81, 0x0b, 0xca, 0x7d, 0x18, 0x7a, 0x09, 0xeb, 0x9f, 0xc5,
+	0x3c, 0xca, 0x78, 0x99, 0xe4, 0xc2, 0x50, 0x15, 0x56, 0x43, 0xc8, 0x62, 0xfe, 0xd8, 0x21, 0x0d,
+	0x41, 0xcd, 0x5f, 0x8a, 0xd8, 0x1a, 0xaa, 0x89, 0x23, 0x3c, 0x73, 0xc8, 0x64, 0x07, 0x96, 0xdc,
+	0x7a, 0x66, 0x9f, 0x37, 0x1d, 0x76, 0x89, 0x6e, 0xbd, 0x6d, 0x9f, 0xfb, 0x48, 0x89, 0x3f, 0xf9,
+	0xa5, 0x07, 0x03, 0x0f, 0xe1, 0x35, 0x29, 0xf8, 0x4b, 0xa5, 0x7d, 0x8f, 0x9c, 0x40, 0xa8, 0x2c,
+	0x95, 0x6e, 0x36, 0x28, 0x09, 0x98, 0x94, 0x9e, 0x1f, 0x5b, 0x61, 0x7c, 0xab, 0xbc, 0x84, 0xf8,
+	0x91, 0xc3, 0x5d, 0xc3, 0xbc, 0x84, 0xbd, 0xd6, 0x52, 0x99, 0x66, 0x63, 0xe0, 0x19, 0xb1, 0x23,
+	0xc4, 0xdc, 0xc2, 0xa0, 0xf3, 0x64, 0x0f, 0x46, 0x9d, 0x5f, 0x87, 0xb7, 0x2c, 0x76, 0x7f, 0x51,
+	0x16, 0xda, 0x8b, 0x82, 0xf3, 0x80, 0xa7, 0xc2, 0xc8, 0x57, 0x82, 0x82, 0x1a, 0x86, 0xa7, 0xf2,
+	0xfd, 0xe0, 0xf5, 0x9b, 0xf1, 0xb9, 0x3f, 0xdf, 0x8c, 0xcf, 0xfd, 0x74, 0x32, 0xee, 0xbd, 0x3e,
+	0x19, 0xf7, 0xfe, 0x38, 0x19, 0xf7, 0xfe, 0x3e, 0x19, 0xf7, 0xe6, 0x4b, 0xf4, 0x17, 0xf8, 0xf1,
+	0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x4f, 0x2b, 0x30, 0xd6, 0x6d, 0x0a, 0x00, 0x00,
+}
+
+func (m *Metrics) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Metrics) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Metrics) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.MemoryEvents != nil {
+		{
+			size, err := m.MemoryEvents.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x42
+	}
+	if len(m.Hugetlb) > 0 {
+		for iNdEx := len(m.Hugetlb) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Hugetlb[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
+	if m.Io != nil {
+		{
+			size, err := m.Io.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x32
+	}
+	if m.Rdma != nil {
+		{
+			size, err := m.Rdma.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
+	}
+	if m.Memory != nil {
+		{
+			size, err := m.Memory.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.CPU != nil {
+		{
+			size, err := m.CPU.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Pids != nil {
+		{
+			size, err := m.Pids.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *PidsStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PidsStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PidsStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Limit != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Limit))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Current != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Current))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *CPUStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CPUStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CPUStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.ThrottledUsec != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ThrottledUsec))
+		i--
+		dAtA[i] = 0x30
+	}
+	if m.NrThrottled != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.NrThrottled))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.NrPeriods != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.NrPeriods))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.SystemUsec != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.SystemUsec))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.UserUsec != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.UserUsec))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.UsageUsec != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.UsageUsec))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *MemoryStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *MemoryStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MemoryStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.SwapLimit != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.SwapLimit))
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0x98
+	}
+	if m.SwapUsage != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.SwapUsage))
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0x90
+	}
+	if m.UsageLimit != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.UsageLimit))
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0x88
+	}
+	if m.Usage != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Usage))
+		i--
+		dAtA[i] = 0x2
+		i--
+		dAtA[i] = 0x80
+	}
+	if m.ThpCollapseAlloc != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ThpCollapseAlloc))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xf8
+	}
+	if m.ThpFaultAlloc != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ThpFaultAlloc))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xf0
+	}
+	if m.Pglazyfreed != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pglazyfreed))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xe8
+	}
+	if m.Pglazyfree != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pglazyfree))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xe0
+	}
+	if m.Pgdeactivate != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pgdeactivate))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xd8
+	}
+	if m.Pgactivate != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pgactivate))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xd0
+	}
+	if m.Pgsteal != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pgsteal))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc8
+	}
+	if m.Pgscan != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pgscan))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc0
+	}
+	if m.Pgrefill != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pgrefill))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xb8
+	}
+	if m.WorkingsetNodereclaim != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.WorkingsetNodereclaim))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xb0
+	}
+	if m.WorkingsetActivate != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.WorkingsetActivate))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xa8
+	}
+	if m.WorkingsetRefault != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.WorkingsetRefault))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xa0
+	}
+	if m.Pgmajfault != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pgmajfault))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x98
+	}
+	if m.Pgfault != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Pgfault))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x90
+	}
+	if m.SlabUnreclaimable != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.SlabUnreclaimable))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x88
+	}
+	if m.SlabReclaimable != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.SlabReclaimable))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x80
+	}
+	if m.Unevictable != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Unevictable))
+		i--
+		dAtA[i] = 0x78
+	}
+	if m.ActiveFile != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ActiveFile))
+		i--
+		dAtA[i] = 0x70
+	}
+	if m.InactiveFile != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.InactiveFile))
+		i--
+		dAtA[i] = 0x68
+	}
+	if m.ActiveAnon != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.ActiveAnon))
+		i--
+		dAtA[i] = 0x60
+	}
+	if m.InactiveAnon != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.InactiveAnon))
+		i--
+		dAtA[i] = 0x58
+	}
+	if m.AnonThp != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.AnonThp))
+		i--
+		dAtA[i] = 0x50
+	}
+	if m.FileWriteback != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.FileWriteback))
+		i--
+		dAtA[i] = 0x48
+	}
+	if m.FileDirty != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.FileDirty))
+		i--
+		dAtA[i] = 0x40
+	}
+	if m.FileMapped != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.FileMapped))
+		i--
+		dAtA[i] = 0x38
+	}
+	if m.Shmem != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Shmem))
+		i--
+		dAtA[i] = 0x30
+	}
+	if m.Sock != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Sock))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Slab != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Slab))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.KernelStack != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.KernelStack))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.File != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.File))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Anon != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Anon))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *MemoryEvents) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *MemoryEvents) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MemoryEvents) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.OomKill != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.OomKill))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Oom != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Oom))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Max != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Max))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.High != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.High))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Low != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Low))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *RdmaStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RdmaStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RdmaStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Limit) > 0 {
+		for iNdEx := len(m.Limit) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Limit[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Current) > 0 {
+		for iNdEx := len(m.Current) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Current[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *RdmaEntry) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RdmaEntry) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RdmaEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.HcaObjects != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.HcaObjects))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.HcaHandles != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.HcaHandles))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Device) > 0 {
+		i -= len(m.Device)
+		copy(dAtA[i:], m.Device)
+		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Device)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *IOStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *IOStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *IOStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Usage) > 0 {
+		for iNdEx := len(m.Usage) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Usage[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintMetrics(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *IOEntry) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *IOEntry) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *IOEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Wios != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Wios))
+		i--
+		dAtA[i] = 0x30
+	}
+	if m.Rios != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Rios))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Wbytes != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Wbytes))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Rbytes != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Rbytes))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Minor != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Minor))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Major != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Major))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *HugeTlbStat) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *HugeTlbStat) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HugeTlbStat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Pagesize) > 0 {
+		i -= len(m.Pagesize)
+		copy(dAtA[i:], m.Pagesize)
+		i = encodeVarintMetrics(dAtA, i, uint64(len(m.Pagesize)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.Max != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Max))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Current != 0 {
+		i = encodeVarintMetrics(dAtA, i, uint64(m.Current))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintMetrics(dAtA []byte, offset int, v uint64) int {
+	offset -= sovMetrics(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func (m *Metrics) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Pids != nil {
+		l = m.Pids.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.CPU != nil {
+		l = m.CPU.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.Memory != nil {
+		l = m.Memory.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.Rdma != nil {
+		l = m.Rdma.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.Io != nil {
+		l = m.Io.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if len(m.Hugetlb) > 0 {
+		for _, e := range m.Hugetlb {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if m.MemoryEvents != nil {
+		l = m.MemoryEvents.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *PidsStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Current != 0 {
+		n += 1 + sovMetrics(uint64(m.Current))
+	}
+	if m.Limit != 0 {
+		n += 1 + sovMetrics(uint64(m.Limit))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *CPUStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.UsageUsec != 0 {
+		n += 1 + sovMetrics(uint64(m.UsageUsec))
+	}
+	if m.UserUsec != 0 {
+		n += 1 + sovMetrics(uint64(m.UserUsec))
+	}
+	if m.SystemUsec != 0 {
+		n += 1 + sovMetrics(uint64(m.SystemUsec))
+	}
+	if m.NrPeriods != 0 {
+		n += 1 + sovMetrics(uint64(m.NrPeriods))
+	}
+	if m.NrThrottled != 0 {
+		n += 1 + sovMetrics(uint64(m.NrThrottled))
+	}
+	if m.ThrottledUsec != 0 {
+		n += 1 + sovMetrics(uint64(m.ThrottledUsec))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *MemoryStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Anon != 0 {
+		n += 1 + sovMetrics(uint64(m.Anon))
+	}
+	if m.File != 0 {
+		n += 1 + sovMetrics(uint64(m.File))
+	}
+	if m.KernelStack != 0 {
+		n += 1 + sovMetrics(uint64(m.KernelStack))
+	}
+	if m.Slab != 0 {
+		n += 1 + sovMetrics(uint64(m.Slab))
+	}
+	if m.Sock != 0 {
+		n += 1 + sovMetrics(uint64(m.Sock))
+	}
+	if m.Shmem != 0 {
+		n += 1 + sovMetrics(uint64(m.Shmem))
+	}
+	if m.FileMapped != 0 {
+		n += 1 + sovMetrics(uint64(m.FileMapped))
+	}
+	if m.FileDirty != 0 {
+		n += 1 + sovMetrics(uint64(m.FileDirty))
+	}
+	if m.FileWriteback != 0 {
+		n += 1 + sovMetrics(uint64(m.FileWriteback))
+	}
+	if m.AnonThp != 0 {
+		n += 1 + sovMetrics(uint64(m.AnonThp))
+	}
+	if m.InactiveAnon != 0 {
+		n += 1 + sovMetrics(uint64(m.InactiveAnon))
+	}
+	if m.ActiveAnon != 0 {
+		n += 1 + sovMetrics(uint64(m.ActiveAnon))
+	}
+	if m.InactiveFile != 0 {
+		n += 1 + sovMetrics(uint64(m.InactiveFile))
+	}
+	if m.ActiveFile != 0 {
+		n += 1 + sovMetrics(uint64(m.ActiveFile))
+	}
+	if m.Unevictable != 0 {
+		n += 1 + sovMetrics(uint64(m.Unevictable))
+	}
+	if m.SlabReclaimable != 0 {
+		n += 2 + sovMetrics(uint64(m.SlabReclaimable))
+	}
+	if m.SlabUnreclaimable != 0 {
+		n += 2 + sovMetrics(uint64(m.SlabUnreclaimable))
+	}
+	if m.Pgfault != 0 {
+		n += 2 + sovMetrics(uint64(m.Pgfault))
+	}
+	if m.Pgmajfault != 0 {
+		n += 2 + sovMetrics(uint64(m.Pgmajfault))
+	}
+	if m.WorkingsetRefault != 0 {
+		n += 2 + sovMetrics(uint64(m.WorkingsetRefault))
+	}
+	if m.WorkingsetActivate != 0 {
+		n += 2 + sovMetrics(uint64(m.WorkingsetActivate))
+	}
+	if m.WorkingsetNodereclaim != 0 {
+		n += 2 + sovMetrics(uint64(m.WorkingsetNodereclaim))
+	}
+	if m.Pgrefill != 0 {
+		n += 2 + sovMetrics(uint64(m.Pgrefill))
+	}
+	if m.Pgscan != 0 {
+		n += 2 + sovMetrics(uint64(m.Pgscan))
+	}
+	if m.Pgsteal != 0 {
+		n += 2 + sovMetrics(uint64(m.Pgsteal))
+	}
+	if m.Pgactivate != 0 {
+		n += 2 + sovMetrics(uint64(m.Pgactivate))
+	}
+	if m.Pgdeactivate != 0 {
+		n += 2 + sovMetrics(uint64(m.Pgdeactivate))
+	}
+	if m.Pglazyfree != 0 {
+		n += 2 + sovMetrics(uint64(m.Pglazyfree))
+	}
+	if m.Pglazyfreed != 0 {
+		n += 2 + sovMetrics(uint64(m.Pglazyfreed))
+	}
+	if m.ThpFaultAlloc != 0 {
+		n += 2 + sovMetrics(uint64(m.ThpFaultAlloc))
+	}
+	if m.ThpCollapseAlloc != 0 {
+		n += 2 + sovMetrics(uint64(m.ThpCollapseAlloc))
+	}
+	if m.Usage != 0 {
+		n += 2 + sovMetrics(uint64(m.Usage))
+	}
+	if m.UsageLimit != 0 {
+		n += 2 + sovMetrics(uint64(m.UsageLimit))
+	}
+	if m.SwapUsage != 0 {
+		n += 2 + sovMetrics(uint64(m.SwapUsage))
+	}
+	if m.SwapLimit != 0 {
+		n += 2 + sovMetrics(uint64(m.SwapLimit))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *MemoryEvents) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Low != 0 {
+		n += 1 + sovMetrics(uint64(m.Low))
+	}
+	if m.High != 0 {
+		n += 1 + sovMetrics(uint64(m.High))
+	}
+	if m.Max != 0 {
+		n += 1 + sovMetrics(uint64(m.Max))
+	}
+	if m.Oom != 0 {
+		n += 1 + sovMetrics(uint64(m.Oom))
+	}
+	if m.OomKill != 0 {
+		n += 1 + sovMetrics(uint64(m.OomKill))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *RdmaStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Current) > 0 {
+		for _, e := range m.Current {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if len(m.Limit) > 0 {
+		for _, e := range m.Limit {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *RdmaEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Device)
+	if l > 0 {
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.HcaHandles != 0 {
+		n += 1 + sovMetrics(uint64(m.HcaHandles))
+	}
+	if m.HcaObjects != 0 {
+		n += 1 + sovMetrics(uint64(m.HcaObjects))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *IOStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Usage) > 0 {
+		for _, e := range m.Usage {
+			l = e.Size()
+			n += 1 + l + sovMetrics(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *IOEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Major != 0 {
+		n += 1 + sovMetrics(uint64(m.Major))
+	}
+	if m.Minor != 0 {
+		n += 1 + sovMetrics(uint64(m.Minor))
+	}
+	if m.Rbytes != 0 {
+		n += 1 + sovMetrics(uint64(m.Rbytes))
+	}
+	if m.Wbytes != 0 {
+		n += 1 + sovMetrics(uint64(m.Wbytes))
+	}
+	if m.Rios != 0 {
+		n += 1 + sovMetrics(uint64(m.Rios))
+	}
+	if m.Wios != 0 {
+		n += 1 + sovMetrics(uint64(m.Wios))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *HugeTlbStat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Current != 0 {
+		n += 1 + sovMetrics(uint64(m.Current))
+	}
+	if m.Max != 0 {
+		n += 1 + sovMetrics(uint64(m.Max))
+	}
+	l = len(m.Pagesize)
+	if l > 0 {
+		n += 1 + l + sovMetrics(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func sovMetrics(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozMetrics(x uint64) (n int) {
+	return sovMetrics(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *Metrics) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForHugetlb := "[]*HugeTlbStat{"
+	for _, f := range this.Hugetlb {
+		repeatedStringForHugetlb += strings.Replace(f.String(), "HugeTlbStat", "HugeTlbStat", 1) + ","
+	}
+	repeatedStringForHugetlb += "}"
+	s := strings.Join([]string{`&Metrics{`,
+		`Pids:` + strings.Replace(this.Pids.String(), "PidsStat", "PidsStat", 1) + `,`,
+		`CPU:` + strings.Replace(this.CPU.String(), "CPUStat", "CPUStat", 1) + `,`,
+		`Memory:` + strings.Replace(this.Memory.String(), "MemoryStat", "MemoryStat", 1) + `,`,
+		`Rdma:` + strings.Replace(this.Rdma.String(), "RdmaStat", "RdmaStat", 1) + `,`,
+		`Io:` + strings.Replace(this.Io.String(), "IOStat", "IOStat", 1) + `,`,
+		`Hugetlb:` + repeatedStringForHugetlb + `,`,
+		`MemoryEvents:` + strings.Replace(this.MemoryEvents.String(), "MemoryEvents", "MemoryEvents", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *PidsStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&PidsStat{`,
+		`Current:` + fmt.Sprintf("%v", this.Current) + `,`,
+		`Limit:` + fmt.Sprintf("%v", this.Limit) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CPUStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CPUStat{`,
+		`UsageUsec:` + fmt.Sprintf("%v", this.UsageUsec) + `,`,
+		`UserUsec:` + fmt.Sprintf("%v", this.UserUsec) + `,`,
+		`SystemUsec:` + fmt.Sprintf("%v", this.SystemUsec) + `,`,
+		`NrPeriods:` + fmt.Sprintf("%v", this.NrPeriods) + `,`,
+		`NrThrottled:` + fmt.Sprintf("%v", this.NrThrottled) + `,`,
+		`ThrottledUsec:` + fmt.Sprintf("%v", this.ThrottledUsec) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MemoryStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&MemoryStat{`,
+		`Anon:` + fmt.Sprintf("%v", this.Anon) + `,`,
+		`File:` + fmt.Sprintf("%v", this.File) + `,`,
+		`KernelStack:` + fmt.Sprintf("%v", this.KernelStack) + `,`,
+		`Slab:` + fmt.Sprintf("%v", this.Slab) + `,`,
+		`Sock:` + fmt.Sprintf("%v", this.Sock) + `,`,
+		`Shmem:` + fmt.Sprintf("%v", this.Shmem) + `,`,
+		`FileMapped:` + fmt.Sprintf("%v", this.FileMapped) + `,`,
+		`FileDirty:` + fmt.Sprintf("%v", this.FileDirty) + `,`,
+		`FileWriteback:` + fmt.Sprintf("%v", this.FileWriteback) + `,`,
+		`AnonThp:` + fmt.Sprintf("%v", this.AnonThp) + `,`,
+		`InactiveAnon:` + fmt.Sprintf("%v", this.InactiveAnon) + `,`,
+		`ActiveAnon:` + fmt.Sprintf("%v", this.ActiveAnon) + `,`,
+		`InactiveFile:` + fmt.Sprintf("%v", this.InactiveFile) + `,`,
+		`ActiveFile:` + fmt.Sprintf("%v", this.ActiveFile) + `,`,
+		`Unevictable:` + fmt.Sprintf("%v", this.Unevictable) + `,`,
+		`SlabReclaimable:` + fmt.Sprintf("%v", this.SlabReclaimable) + `,`,
+		`SlabUnreclaimable:` + fmt.Sprintf("%v", this.SlabUnreclaimable) + `,`,
+		`Pgfault:` + fmt.Sprintf("%v", this.Pgfault) + `,`,
+		`Pgmajfault:` + fmt.Sprintf("%v", this.Pgmajfault) + `,`,
+		`WorkingsetRefault:` + fmt.Sprintf("%v", this.WorkingsetRefault) + `,`,
+		`WorkingsetActivate:` + fmt.Sprintf("%v", this.WorkingsetActivate) + `,`,
+		`WorkingsetNodereclaim:` + fmt.Sprintf("%v", this.WorkingsetNodereclaim) + `,`,
+		`Pgrefill:` + fmt.Sprintf("%v", this.Pgrefill) + `,`,
+		`Pgscan:` + fmt.Sprintf("%v", this.Pgscan) + `,`,
+		`Pgsteal:` + fmt.Sprintf("%v", this.Pgsteal) + `,`,
+		`Pgactivate:` + fmt.Sprintf("%v", this.Pgactivate) + `,`,
+		`Pgdeactivate:` + fmt.Sprintf("%v", this.Pgdeactivate) + `,`,
+		`Pglazyfree:` + fmt.Sprintf("%v", this.Pglazyfree) + `,`,
+		`Pglazyfreed:` + fmt.Sprintf("%v", this.Pglazyfreed) + `,`,
+		`ThpFaultAlloc:` + fmt.Sprintf("%v", this.ThpFaultAlloc) + `,`,
+		`ThpCollapseAlloc:` + fmt.Sprintf("%v", this.ThpCollapseAlloc) + `,`,
+		`Usage:` + fmt.Sprintf("%v", this.Usage) + `,`,
+		`UsageLimit:` + fmt.Sprintf("%v", this.UsageLimit) + `,`,
+		`SwapUsage:` + fmt.Sprintf("%v", this.SwapUsage) + `,`,
+		`SwapLimit:` + fmt.Sprintf("%v", this.SwapLimit) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MemoryEvents) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&MemoryEvents{`,
+		`Low:` + fmt.Sprintf("%v", this.Low) + `,`,
+		`High:` + fmt.Sprintf("%v", this.High) + `,`,
+		`Max:` + fmt.Sprintf("%v", this.Max) + `,`,
+		`Oom:` + fmt.Sprintf("%v", this.Oom) + `,`,
+		`OomKill:` + fmt.Sprintf("%v", this.OomKill) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RdmaStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForCurrent := "[]*RdmaEntry{"
+	for _, f := range this.Current {
+		repeatedStringForCurrent += strings.Replace(f.String(), "RdmaEntry", "RdmaEntry", 1) + ","
+	}
+	repeatedStringForCurrent += "}"
+	repeatedStringForLimit := "[]*RdmaEntry{"
+	for _, f := range this.Limit {
+		repeatedStringForLimit += strings.Replace(f.String(), "RdmaEntry", "RdmaEntry", 1) + ","
+	}
+	repeatedStringForLimit += "}"
+	s := strings.Join([]string{`&RdmaStat{`,
+		`Current:` + repeatedStringForCurrent + `,`,
+		`Limit:` + repeatedStringForLimit + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RdmaEntry) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RdmaEntry{`,
+		`Device:` + fmt.Sprintf("%v", this.Device) + `,`,
+		`HcaHandles:` + fmt.Sprintf("%v", this.HcaHandles) + `,`,
+		`HcaObjects:` + fmt.Sprintf("%v", this.HcaObjects) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *IOStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForUsage := "[]*IOEntry{"
+	for _, f := range this.Usage {
+		repeatedStringForUsage += strings.Replace(f.String(), "IOEntry", "IOEntry", 1) + ","
+	}
+	repeatedStringForUsage += "}"
+	s := strings.Join([]string{`&IOStat{`,
+		`Usage:` + repeatedStringForUsage + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *IOEntry) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&IOEntry{`,
+		`Major:` + fmt.Sprintf("%v", this.Major) + `,`,
+		`Minor:` + fmt.Sprintf("%v", this.Minor) + `,`,
+		`Rbytes:` + fmt.Sprintf("%v", this.Rbytes) + `,`,
+		`Wbytes:` + fmt.Sprintf("%v", this.Wbytes) + `,`,
+		`Rios:` + fmt.Sprintf("%v", this.Rios) + `,`,
+		`Wios:` + fmt.Sprintf("%v", this.Wios) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *HugeTlbStat) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&HugeTlbStat{`,
+		`Current:` + fmt.Sprintf("%v", this.Current) + `,`,
+		`Max:` + fmt.Sprintf("%v", this.Max) + `,`,
+		`Pagesize:` + fmt.Sprintf("%v", this.Pagesize) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringMetrics(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *Metrics) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Metrics: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Metrics: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pids", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Pids == nil {
+				m.Pids = &PidsStat{}
+			}
+			if err := m.Pids.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CPU", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.CPU == nil {
+				m.CPU = &CPUStat{}
+			}
+			if err := m.CPU.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Memory", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Memory == nil {
+				m.Memory = &MemoryStat{}
+			}
+			if err := m.Memory.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rdma", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Rdma == nil {
+				m.Rdma = &RdmaStat{}
+			}
+			if err := m.Rdma.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Io", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Io == nil {
+				m.Io = &IOStat{}
+			}
+			if err := m.Io.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Hugetlb", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Hugetlb = append(m.Hugetlb, &HugeTlbStat{})
+			if err := m.Hugetlb[len(m.Hugetlb)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MemoryEvents", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.MemoryEvents == nil {
+				m.MemoryEvents = &MemoryEvents{}
+			}
+			if err := m.MemoryEvents.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *PidsStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: PidsStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: PidsStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Current", wireType)
+			}
+			m.Current = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Current |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType)
+			}
+			m.Limit = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Limit |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CPUStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CPUStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CPUStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UsageUsec", wireType)
+			}
+			m.UsageUsec = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.UsageUsec |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UserUsec", wireType)
+			}
+			m.UserUsec = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.UserUsec |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SystemUsec", wireType)
+			}
+			m.SystemUsec = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.SystemUsec |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NrPeriods", wireType)
+			}
+			m.NrPeriods = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.NrPeriods |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NrThrottled", wireType)
+			}
+			m.NrThrottled = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.NrThrottled |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ThrottledUsec", wireType)
+			}
+			m.ThrottledUsec = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ThrottledUsec |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MemoryStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MemoryStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MemoryStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Anon", wireType)
+			}
+			m.Anon = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Anon |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field File", wireType)
+			}
+			m.File = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.File |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field KernelStack", wireType)
+			}
+			m.KernelStack = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.KernelStack |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Slab", wireType)
+			}
+			m.Slab = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Slab |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Sock", wireType)
+			}
+			m.Sock = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Sock |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Shmem", wireType)
+			}
+			m.Shmem = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Shmem |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FileMapped", wireType)
+			}
+			m.FileMapped = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.FileMapped |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FileDirty", wireType)
+			}
+			m.FileDirty = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.FileDirty |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FileWriteback", wireType)
+			}
+			m.FileWriteback = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.FileWriteback |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 10:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AnonThp", wireType)
+			}
+			m.AnonThp = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.AnonThp |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 11:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field InactiveAnon", wireType)
+			}
+			m.InactiveAnon = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.InactiveAnon |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 12:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ActiveAnon", wireType)
+			}
+			m.ActiveAnon = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ActiveAnon |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 13:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field InactiveFile", wireType)
+			}
+			m.InactiveFile = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.InactiveFile |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 14:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ActiveFile", wireType)
+			}
+			m.ActiveFile = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ActiveFile |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 15:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Unevictable", wireType)
+			}
+			m.Unevictable = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Unevictable |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 16:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SlabReclaimable", wireType)
+			}
+			m.SlabReclaimable = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.SlabReclaimable |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 17:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SlabUnreclaimable", wireType)
+			}
+			m.SlabUnreclaimable = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.SlabUnreclaimable |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 18:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pgfault", wireType)
+			}
+			m.Pgfault = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pgfault |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 19:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pgmajfault", wireType)
+			}
+			m.Pgmajfault = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pgmajfault |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 20:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field WorkingsetRefault", wireType)
+			}
+			m.WorkingsetRefault = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.WorkingsetRefault |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 21:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field WorkingsetActivate", wireType)
+			}
+			m.WorkingsetActivate = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.WorkingsetActivate |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 22:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field WorkingsetNodereclaim", wireType)
+			}
+			m.WorkingsetNodereclaim = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.WorkingsetNodereclaim |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 23:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pgrefill", wireType)
+			}
+			m.Pgrefill = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pgrefill |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 24:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pgscan", wireType)
+			}
+			m.Pgscan = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pgscan |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 25:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pgsteal", wireType)
+			}
+			m.Pgsteal = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pgsteal |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 26:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pgactivate", wireType)
+			}
+			m.Pgactivate = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pgactivate |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 27:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pgdeactivate", wireType)
+			}
+			m.Pgdeactivate = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pgdeactivate |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 28:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pglazyfree", wireType)
+			}
+			m.Pglazyfree = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pglazyfree |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 29:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pglazyfreed", wireType)
+			}
+			m.Pglazyfreed = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Pglazyfreed |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 30:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ThpFaultAlloc", wireType)
+			}
+			m.ThpFaultAlloc = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ThpFaultAlloc |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 31:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ThpCollapseAlloc", wireType)
+			}
+			m.ThpCollapseAlloc = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ThpCollapseAlloc |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 32:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
+			}
+			m.Usage = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Usage |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 33:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UsageLimit", wireType)
+			}
+			m.UsageLimit = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.UsageLimit |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 34:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SwapUsage", wireType)
+			}
+			m.SwapUsage = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.SwapUsage |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 35:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SwapLimit", wireType)
+			}
+			m.SwapLimit = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.SwapLimit |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MemoryEvents) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MemoryEvents: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MemoryEvents: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Low", wireType)
+			}
+			m.Low = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Low |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field High", wireType)
+			}
+			m.High = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.High |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Max", wireType)
+			}
+			m.Max = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Max |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Oom", wireType)
+			}
+			m.Oom = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Oom |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OomKill", wireType)
+			}
+			m.OomKill = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.OomKill |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RdmaStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RdmaStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RdmaStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Current", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Current = append(m.Current, &RdmaEntry{})
+			if err := m.Current[len(m.Current)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Limit = append(m.Limit, &RdmaEntry{})
+			if err := m.Limit[len(m.Limit)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RdmaEntry) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RdmaEntry: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RdmaEntry: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Device = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HcaHandles", wireType)
+			}
+			m.HcaHandles = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.HcaHandles |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HcaObjects", wireType)
+			}
+			m.HcaObjects = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.HcaObjects |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *IOStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: IOStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: IOStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Usage = append(m.Usage, &IOEntry{})
+			if err := m.Usage[len(m.Usage)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *IOEntry) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: IOEntry: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: IOEntry: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Major", wireType)
+			}
+			m.Major = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Major |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Minor", wireType)
+			}
+			m.Minor = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Minor |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rbytes", wireType)
+			}
+			m.Rbytes = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Rbytes |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Wbytes", wireType)
+			}
+			m.Wbytes = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Wbytes |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rios", wireType)
+			}
+			m.Rios = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Rios |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Wios", wireType)
+			}
+			m.Wios = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Wios |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *HugeTlbStat) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: HugeTlbStat: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: HugeTlbStat: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Current", wireType)
+			}
+			m.Current = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Current |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Max", wireType)
+			}
+			m.Max = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Max |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Pagesize", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Pagesize = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipMetrics(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	depth := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+		case 1:
+			iNdEx += 8
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if length < 0 {
+				return 0, ErrInvalidLengthMetrics
+			}
+			iNdEx += length
+		case 3:
+			depth++
+		case 4:
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupMetrics
+			}
+			depth--
+		case 5:
+			iNdEx += 4
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthMetrics
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
+	}
+	return 0, io.ErrUnexpectedEOF
+}
+
+var (
+	ErrInvalidLengthMetrics        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowMetrics          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupMetrics = fmt.Errorf("proto: unexpected end of group")
+)
diff --git a/vendor/github.com/containerd/cgroups/v2/stats/metrics.proto b/vendor/github.com/containerd/cgroups/v2/stats/metrics.proto
new file mode 100644
index 0000000000000..8ac472e464593
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/stats/metrics.proto
@@ -0,0 +1,105 @@
+syntax = "proto3";
+
+package io.containerd.cgroups.v2;
+
+ import "gogoproto/gogo.proto";
+
+message Metrics {
+	PidsStat pids = 1;
+	CPUStat cpu = 2 [(gogoproto.customname) = "CPU"];
+	MemoryStat memory = 4;
+	RdmaStat rdma = 5;
+	IOStat io = 6;
+	repeated HugeTlbStat hugetlb = 7;
+	MemoryEvents memory_events = 8;
+}
+
+message PidsStat {
+	uint64 current = 1;
+	uint64 limit = 2;
+}
+
+message CPUStat {
+	uint64 usage_usec  = 1;
+	uint64 user_usec = 2;
+	uint64 system_usec = 3;
+	uint64 nr_periods = 4;
+	uint64 nr_throttled = 5;
+	uint64 throttled_usec = 6;
+}
+
+message MemoryStat {
+	uint64 anon = 1;
+	uint64 file = 2;
+	uint64 kernel_stack = 3;
+	uint64 slab = 4;
+	uint64 sock = 5;
+	uint64 shmem = 6;
+	uint64 file_mapped = 7;
+	uint64 file_dirty = 8;
+	uint64 file_writeback = 9;
+	uint64 anon_thp = 10;
+	uint64 inactive_anon = 11;
+	uint64 active_anon = 12;
+	uint64 inactive_file = 13;
+	uint64 active_file = 14;
+	uint64 unevictable = 15;
+	uint64 slab_reclaimable = 16;
+	uint64 slab_unreclaimable = 17;
+	uint64 pgfault = 18;
+	uint64 pgmajfault = 19;
+	uint64 workingset_refault = 20;
+	uint64 workingset_activate = 21;
+	uint64 workingset_nodereclaim = 22;
+	uint64 pgrefill = 23;
+	uint64 pgscan = 24;
+	uint64 pgsteal = 25;
+	uint64 pgactivate = 26;
+	uint64 pgdeactivate = 27;
+	uint64 pglazyfree = 28;
+	uint64 pglazyfreed = 29;
+	uint64 thp_fault_alloc = 30;
+	uint64 thp_collapse_alloc = 31;
+	uint64 usage = 32;
+	uint64 usage_limit = 33;
+	uint64 swap_usage = 34;
+	uint64 swap_limit = 35;
+}
+
+message MemoryEvents {
+	uint64 low = 1;
+	uint64 high = 2;
+	uint64 max = 3;
+	uint64 oom = 4;
+	uint64 oom_kill = 5;
+}
+
+message RdmaStat {
+	repeated RdmaEntry current = 1;
+	repeated RdmaEntry limit = 2;
+}
+
+message RdmaEntry {
+	string device = 1;
+	uint32 hca_handles = 2;
+	uint32 hca_objects = 3;
+}
+
+message IOStat {
+	repeated IOEntry usage = 1;
+}
+
+message IOEntry {
+	uint64 major = 1;
+	uint64 minor = 2;
+	uint64 rbytes = 3;
+	uint64 wbytes = 4;
+	uint64 rios = 5;
+	uint64 wios = 6;
+}
+
+message HugeTlbStat {
+	uint64 current = 1;
+	uint64 max = 2;
+	string pagesize = 3;
+}
diff --git a/vendor/github.com/containerd/cgroups/v2/utils.go b/vendor/github.com/containerd/cgroups/v2/utils.go
new file mode 100644
index 0000000000000..8b8d654d6c9a1
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v2/utils.go
@@ -0,0 +1,436 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v2
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/containerd/cgroups/v2/stats"
+	"github.com/godbus/dbus/v5"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	cgroupProcs    = "cgroup.procs"
+	defaultDirPerm = 0755
+)
+
+// defaultFilePerm is a var so that the test framework can change the filemode
+// of all files created when the tests are running.  The difference between the
+// tests and real world use is that files like "cgroup.procs" will exist when writing
+// to a read cgroup filesystem and do not exist prior when running in the tests.
+// this is set to a non 0 value in the test code
+var defaultFilePerm = os.FileMode(0)
+
+// remove will remove a cgroup path handling EAGAIN and EBUSY errors and
+// retrying the remove after a exp timeout
+func remove(path string) error {
+	var err error
+	delay := 10 * time.Millisecond
+	for i := 0; i < 5; i++ {
+		if i != 0 {
+			time.Sleep(delay)
+			delay *= 2
+		}
+		if err = os.RemoveAll(path); err == nil {
+			return nil
+		}
+	}
+	return errors.Wrapf(err, "cgroups: unable to remove path %q", path)
+}
+
+// parseCgroupProcsFile parses /sys/fs/cgroup/$GROUPPATH/cgroup.procs
+func parseCgroupProcsFile(path string) ([]uint64, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	var (
+		out []uint64
+		s   = bufio.NewScanner(f)
+	)
+	for s.Scan() {
+		if t := s.Text(); t != "" {
+			pid, err := strconv.ParseUint(t, 10, 0)
+			if err != nil {
+				return nil, err
+			}
+			out = append(out, pid)
+		}
+	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func parseKV(raw string) (string, interface{}, error) {
+	parts := strings.Fields(raw)
+	switch len(parts) {
+	case 2:
+		v, err := parseUint(parts[1], 10, 64)
+		if err != nil {
+			// if we cannot parse as a uint, parse as a string
+			return parts[0], parts[1], nil
+		}
+		return parts[0], v, nil
+	default:
+		return "", 0, ErrInvalidFormat
+	}
+}
+
+func parseUint(s string, base, bitSize int) (uint64, error) {
+	v, err := strconv.ParseUint(s, base, bitSize)
+	if err != nil {
+		intValue, intErr := strconv.ParseInt(s, base, bitSize)
+		// 1. Handle negative values greater than MinInt64 (and)
+		// 2. Handle negative values lesser than MinInt64
+		if intErr == nil && intValue < 0 {
+			return 0, nil
+		} else if intErr != nil &&
+			intErr.(*strconv.NumError).Err == strconv.ErrRange &&
+			intValue < 0 {
+			return 0, nil
+		}
+		return 0, err
+	}
+	return v, nil
+}
+
+// parseCgroupFile parses /proc/PID/cgroup file and return string
+func parseCgroupFile(path string) (string, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+	return parseCgroupFromReader(f)
+}
+
+func parseCgroupFromReader(r io.Reader) (string, error) {
+	var (
+		s = bufio.NewScanner(r)
+	)
+	for s.Scan() {
+		var (
+			text  = s.Text()
+			parts = strings.SplitN(text, ":", 3)
+		)
+		if len(parts) < 3 {
+			return "", fmt.Errorf("invalid cgroup entry: %q", text)
+		}
+		// text is like "0::/user.slice/user-1001.slice/session-1.scope"
+		if parts[0] == "0" && parts[1] == "" {
+			return parts[2], nil
+		}
+	}
+	if err := s.Err(); err != nil {
+		return "", err
+	}
+	return "", fmt.Errorf("cgroup path not found")
+}
+
+// ToResources converts the oci LinuxResources struct into a
+// v2 Resources type for use with this package.
+//
+// converting cgroups configuration from v1 to v2
+// ref: https://github.com/containers/crun/blob/master/crun.1.md#cgroup-v2
+func ToResources(spec *specs.LinuxResources) *Resources {
+	var resources Resources
+	if cpu := spec.CPU; cpu != nil {
+		resources.CPU = &CPU{
+			Cpus: cpu.Cpus,
+			Mems: cpu.Mems,
+		}
+		if shares := cpu.Shares; shares != nil {
+			convertedWeight := 1 + ((*shares-2)*9999)/262142
+			resources.CPU.Weight = &convertedWeight
+		}
+		if period := cpu.Period; period != nil {
+			resources.CPU.Max = NewCPUMax(cpu.Quota, period)
+		}
+	}
+	if mem := spec.Memory; mem != nil {
+		resources.Memory = &Memory{}
+		if swap := mem.Swap; swap != nil {
+			resources.Memory.Swap = swap
+		}
+		if l := mem.Limit; l != nil {
+			resources.Memory.Max = l
+		}
+		if l := mem.Reservation; l != nil {
+			resources.Memory.Low = l
+		}
+	}
+	if hugetlbs := spec.HugepageLimits; hugetlbs != nil {
+		hugeTlbUsage := HugeTlb{}
+		for _, hugetlb := range hugetlbs {
+			hugeTlbUsage = append(hugeTlbUsage, HugeTlbEntry{
+				HugePageSize: hugetlb.Pagesize,
+				Limit:        hugetlb.Limit,
+			})
+		}
+		resources.HugeTlb = &hugeTlbUsage
+	}
+	if pids := spec.Pids; pids != nil {
+		resources.Pids = &Pids{
+			Max: pids.Limit,
+		}
+	}
+	if i := spec.BlockIO; i != nil {
+		resources.IO = &IO{}
+		if i.Weight != nil {
+			resources.IO.BFQ.Weight = 1 + (*i.Weight-10)*9999/990
+		}
+		for t, devices := range map[IOType][]specs.LinuxThrottleDevice{
+			ReadBPS:   i.ThrottleReadBpsDevice,
+			WriteBPS:  i.ThrottleWriteBpsDevice,
+			ReadIOPS:  i.ThrottleReadIOPSDevice,
+			WriteIOPS: i.ThrottleWriteIOPSDevice,
+		} {
+			for _, d := range devices {
+				resources.IO.Max = append(resources.IO.Max, Entry{
+					Type:  t,
+					Major: d.Major,
+					Minor: d.Minor,
+					Rate:  d.Rate,
+				})
+			}
+		}
+	}
+	if i := spec.Rdma; i != nil {
+		resources.RDMA = &RDMA{}
+		for device, value := range spec.Rdma {
+			if device != "" && (value.HcaHandles != nil || value.HcaObjects != nil) {
+				resources.RDMA.Limit = append(resources.RDMA.Limit, RDMAEntry{
+					Device:     device,
+					HcaHandles: *value.HcaHandles,
+					HcaObjects: *value.HcaObjects,
+				})
+			}
+		}
+	}
+
+	return &resources
+}
+
+// Gets uint64 parsed content of single value cgroup stat file
+func getStatFileContentUint64(filePath string) uint64 {
+	contents, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		return 0
+	}
+	trimmed := strings.TrimSpace(string(contents))
+	if trimmed == "max" {
+		return math.MaxUint64
+	}
+
+	res, err := parseUint(trimmed, 10, 64)
+	if err != nil {
+		logrus.Errorf("unable to parse %q as a uint from Cgroup file %q", string(contents), filePath)
+		return res
+	}
+
+	return res
+}
+
+func readIoStats(path string) []*stats.IOEntry {
+	// more details on the io.stat file format: https://www.kernel.org/doc/Documentation/cgroup-v2.txt
+	var usage []*stats.IOEntry
+	fpath := filepath.Join(path, "io.stat")
+	currentData, err := ioutil.ReadFile(fpath)
+	if err != nil {
+		return usage
+	}
+	entries := strings.Split(string(currentData), "\n")
+
+	for _, entry := range entries {
+		parts := strings.Split(entry, " ")
+		if len(parts) < 2 {
+			continue
+		}
+		majmin := strings.Split(parts[0], ":")
+		if len(majmin) != 2 {
+			continue
+		}
+		major, err := strconv.ParseUint(majmin[0], 10, 0)
+		if err != nil {
+			return usage
+		}
+		minor, err := strconv.ParseUint(majmin[1], 10, 0)
+		if err != nil {
+			return usage
+		}
+		parts = parts[1:]
+		ioEntry := stats.IOEntry{
+			Major: major,
+			Minor: minor,
+		}
+		for _, s := range parts {
+			keyPairValue := strings.Split(s, "=")
+			if len(keyPairValue) != 2 {
+				continue
+			}
+			v, err := strconv.ParseUint(keyPairValue[1], 10, 0)
+			if err != nil {
+				continue
+			}
+			switch keyPairValue[0] {
+			case "rbytes":
+				ioEntry.Rbytes = v
+			case "wbytes":
+				ioEntry.Wbytes = v
+			case "rios":
+				ioEntry.Rios = v
+			case "wios":
+				ioEntry.Wios = v
+			}
+		}
+		usage = append(usage, &ioEntry)
+	}
+	return usage
+}
+
+func rdmaStats(filepath string) []*stats.RdmaEntry {
+	currentData, err := ioutil.ReadFile(filepath)
+	if err != nil {
+		return []*stats.RdmaEntry{}
+	}
+	return toRdmaEntry(strings.Split(string(currentData), "\n"))
+}
+
+func parseRdmaKV(raw string, entry *stats.RdmaEntry) {
+	var value uint64
+	var err error
+
+	parts := strings.Split(raw, "=")
+	switch len(parts) {
+	case 2:
+		if parts[1] == "max" {
+			value = math.MaxUint32
+		} else {
+			value, err = parseUint(parts[1], 10, 32)
+			if err != nil {
+				return
+			}
+		}
+		if parts[0] == "hca_handle" {
+			entry.HcaHandles = uint32(value)
+		} else if parts[0] == "hca_object" {
+			entry.HcaObjects = uint32(value)
+		}
+	}
+}
+
+func toRdmaEntry(strEntries []string) []*stats.RdmaEntry {
+	var rdmaEntries []*stats.RdmaEntry
+	for i := range strEntries {
+		parts := strings.Fields(strEntries[i])
+		switch len(parts) {
+		case 3:
+			entry := new(stats.RdmaEntry)
+			entry.Device = parts[0]
+			parseRdmaKV(parts[1], entry)
+			parseRdmaKV(parts[2], entry)
+
+			rdmaEntries = append(rdmaEntries, entry)
+		default:
+			continue
+		}
+	}
+	return rdmaEntries
+}
+
+// isUnitExists returns true if the error is that a systemd unit already exists.
+func isUnitExists(err error) bool {
+	if err != nil {
+		if dbusError, ok := err.(dbus.Error); ok {
+			return strings.Contains(dbusError.Name, "org.freedesktop.systemd1.UnitExists")
+		}
+	}
+	return false
+}
+
+func systemdUnitFromPath(path string) string {
+	_, unit := filepath.Split(path)
+	return unit
+}
+
+func readHugeTlbStats(path string) []*stats.HugeTlbStat {
+	var usage = []*stats.HugeTlbStat{}
+	var keyUsage = make(map[string]*stats.HugeTlbStat)
+	f, err := os.Open(path)
+	if err != nil {
+		return usage
+	}
+	files, err := f.Readdir(-1)
+	f.Close()
+	if err != nil {
+		return usage
+	}
+
+	for _, file := range files {
+		if strings.Contains(file.Name(), "hugetlb") &&
+			(strings.HasSuffix(file.Name(), "max") || strings.HasSuffix(file.Name(), "current")) {
+			var hugeTlb *stats.HugeTlbStat
+			var ok bool
+			fileName := strings.Split(file.Name(), ".")
+			pageSize := fileName[1]
+			if hugeTlb, ok = keyUsage[pageSize]; !ok {
+				hugeTlb = &stats.HugeTlbStat{}
+			}
+			hugeTlb.Pagesize = pageSize
+			out, err := ioutil.ReadFile(filepath.Join(path, file.Name()))
+			if err != nil {
+				continue
+			}
+			var value uint64
+			stringVal := strings.TrimSpace(string(out))
+			if stringVal == "max" {
+				value = math.MaxUint64
+			} else {
+				value, err = strconv.ParseUint(stringVal, 10, 64)
+			}
+			if err != nil {
+				continue
+			}
+			switch fileName[2] {
+			case "max":
+				hugeTlb.Max = value
+			case "current":
+				hugeTlb.Current = value
+			}
+			keyUsage[pageSize] = hugeTlb
+		}
+	}
+	for _, entry := range keyUsage {
+		usage = append(usage, entry)
+	}
+	return usage
+}
diff --git a/vendor/github.com/containerd/console/LICENSE b/vendor/github.com/containerd/console/LICENSE
index 261eeb9e9f8b2..584149b6ee28c 100644
--- a/vendor/github.com/containerd/console/LICENSE
+++ b/vendor/github.com/containerd/console/LICENSE
@@ -1,6 +1,7 @@
+
                                  Apache License
                            Version 2.0, January 2004
-                        http://www.apache.org/licenses/
+                        https://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
@@ -175,24 +176,13 @@
 
    END OF TERMS AND CONDITIONS
 
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
+   Copyright The containerd Authors
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at
 
-       http://www.apache.org/licenses/LICENSE-2.0
+       https://www.apache.org/licenses/LICENSE-2.0
 
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/vendor/github.com/containerd/console/README.md b/vendor/github.com/containerd/console/README.md
index 4c56d9d134a9b..580b461a73dbb 100644
--- a/vendor/github.com/containerd/console/README.md
+++ b/vendor/github.com/containerd/console/README.md
@@ -1,6 +1,8 @@
 # console
 
-[![Build Status](https://travis-ci.org/containerd/console.svg?branch=master)](https://travis-ci.org/containerd/console)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/containerd/console)](https://pkg.go.dev/github.com/containerd/console)
+[![Build Status](https://github.com/containerd/console/workflows/CI/badge.svg)](https://github.com/containerd/console/actions?query=workflow%3ACI)
+[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/console)](https://goreportcard.com/report/github.com/containerd/console)
 
 Golang package for dealing with consoles.  Light on deps and a simple API.
 
@@ -15,3 +17,13 @@ if err := current.SetRaw(); err != nil {
 ws, err := current.Size()
 current.Resize(ws)
 ```
+
+## Project details
+
+console is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
+As a containerd sub-project, you will find the:
+ * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/console/console.go b/vendor/github.com/containerd/console/console.go
index c187a9b412e42..f989d28a41cd4 100644
--- a/vendor/github.com/containerd/console/console.go
+++ b/vendor/github.com/containerd/console/console.go
@@ -24,10 +24,17 @@ import (
 
 var ErrNotAConsole = errors.New("provided file is not a console")
 
+type File interface {
+	io.ReadWriteCloser
+
+	// Fd returns its file descriptor
+	Fd() uintptr
+	// Name returns its file name
+	Name() string
+}
+
 type Console interface {
-	io.Reader
-	io.Writer
-	io.Closer
+	File
 
 	// Resize resizes the console to the provided window size
 	Resize(WinSize) error
@@ -42,10 +49,6 @@ type Console interface {
 	Reset() error
 	// Size returns the window size of the console
 	Size() (WinSize, error)
-	// Fd returns the console's file descriptor
-	Fd() uintptr
-	// Name returns the console's file name
-	Name() string
 }
 
 // WinSize specifies the window size of the console
@@ -58,19 +61,25 @@ type WinSize struct {
 	y     uint16
 }
 
-// Current returns the current processes console
-func Current() Console {
-	c, err := ConsoleFromFile(os.Stdin)
-	if err != nil {
-		// stdin should always be a console for the design
-		// of this function
-		panic(err)
+// Current returns the current process' console
+func Current() (c Console) {
+	var err error
+	// Usually all three streams (stdin, stdout, and stderr)
+	// are open to the same console, but some might be redirected,
+	// so try all three.
+	for _, s := range []*os.File{os.Stderr, os.Stdout, os.Stdin} {
+		if c, err = ConsoleFromFile(s); err == nil {
+			return c
+		}
 	}
-	return c
+	// One of the std streams should always be a console
+	// for the design of this function.
+	panic(err)
 }
 
 // ConsoleFromFile returns a console using the provided file
-func ConsoleFromFile(f *os.File) (Console, error) {
+// nolint:golint
+func ConsoleFromFile(f File) (Console, error) {
 	if err := checkConsole(f); err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/containerd/console/console_linux.go b/vendor/github.com/containerd/console/console_linux.go
index 42274e100e687..c1c839ee3ae02 100644
--- a/vendor/github.com/containerd/console/console_linux.go
+++ b/vendor/github.com/containerd/console/console_linux.go
@@ -58,6 +58,7 @@ type Epoller struct {
 	efd       int
 	mu        sync.Mutex
 	fdMapping map[int]*EpollConsole
+	closeOnce sync.Once
 }
 
 // NewEpoller returns an instance of epoller with a valid epoll fd.
@@ -151,7 +152,11 @@ func (e *Epoller) getConsole(sysfd int) *EpollConsole {
 
 // Close closes the epoll fd
 func (e *Epoller) Close() error {
-	return unix.Close(e.efd)
+	closeErr := os.ErrClosed // default to "file already closed"
+	e.closeOnce.Do(func() {
+		closeErr = unix.Close(e.efd)
+	})
+	return closeErr
 }
 
 // EpollConsole acts like a console but registers its file descriptor with an
diff --git a/vendor/github.com/containerd/console/console_unix.go b/vendor/github.com/containerd/console/console_unix.go
index a4a8d1267b9f5..a08117695e320 100644
--- a/vendor/github.com/containerd/console/console_unix.go
+++ b/vendor/github.com/containerd/console/console_unix.go
@@ -1,4 +1,4 @@
-// +build darwin freebsd linux openbsd solaris
+// +build darwin freebsd linux netbsd openbsd solaris
 
 /*
    Copyright The containerd Authors.
@@ -19,8 +19,6 @@
 package console
 
 import (
-	"os"
-
 	"golang.org/x/sys/unix"
 )
 
@@ -28,7 +26,7 @@ import (
 // The master is returned as the first console and a string
 // with the path to the pty slave is returned as the second
 func NewPty() (Console, string, error) {
-	f, err := os.OpenFile("/dev/ptmx", unix.O_RDWR|unix.O_NOCTTY|unix.O_CLOEXEC, 0)
+	f, err := openpt()
 	if err != nil {
 		return nil, "", err
 	}
@@ -47,7 +45,7 @@ func NewPty() (Console, string, error) {
 }
 
 type master struct {
-	f        *os.File
+	f        File
 	original *unix.Termios
 }
 
@@ -122,7 +120,7 @@ func (m *master) Name() string {
 }
 
 // checkConsole checks if the provided file is a console
-func checkConsole(f *os.File) error {
+func checkConsole(f File) error {
 	var termios unix.Termios
 	if tcget(f.Fd(), &termios) != nil {
 		return ErrNotAConsole
@@ -130,7 +128,7 @@ func checkConsole(f *os.File) error {
 	return nil
 }
 
-func newMaster(f *os.File) (Console, error) {
+func newMaster(f File) (Console, error) {
 	m := &master{
 		f: f,
 	}
diff --git a/vendor/github.com/containerd/console/console_windows.go b/vendor/github.com/containerd/console/console_windows.go
index 62dbe1c033594..129a92883ddb6 100644
--- a/vendor/github.com/containerd/console/console_windows.go
+++ b/vendor/github.com/containerd/console/console_windows.go
@@ -198,7 +198,7 @@ func makeInputRaw(fd windows.Handle, mode uint32) error {
 	return nil
 }
 
-func checkConsole(f *os.File) error {
+func checkConsole(f File) error {
 	var mode uint32
 	if err := windows.GetConsoleMode(windows.Handle(f.Fd()), &mode); err != nil {
 		return err
@@ -206,7 +206,7 @@ func checkConsole(f *os.File) error {
 	return nil
 }
 
-func newMaster(f *os.File) (Console, error) {
+func newMaster(f File) (Console, error) {
 	if f != os.Stdin && f != os.Stdout && f != os.Stderr {
 		return nil, errors.New("creating a console from a file is not supported on windows")
 	}
diff --git a/vendor/github.com/containerd/console/go.mod b/vendor/github.com/containerd/console/go.mod
new file mode 100644
index 0000000000000..7fca0a9a3ac19
--- /dev/null
+++ b/vendor/github.com/containerd/console/go.mod
@@ -0,0 +1,8 @@
+module github.com/containerd/console
+
+go 1.13
+
+require (
+	github.com/pkg/errors v0.9.1
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+)
diff --git a/vendor/github.com/containerd/console/pty_freebsd_cgo.go b/vendor/github.com/containerd/console/pty_freebsd_cgo.go
new file mode 100644
index 0000000000000..cbd3cd7ea43d8
--- /dev/null
+++ b/vendor/github.com/containerd/console/pty_freebsd_cgo.go
@@ -0,0 +1,45 @@
+// +build freebsd,cgo
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package console
+
+import (
+	"fmt"
+	"os"
+)
+
+/*
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+*/
+import "C"
+
+// openpt allocates a new pseudo-terminal and establishes a connection with its
+// control device.
+func openpt() (*os.File, error) {
+	fd, err := C.posix_openpt(C.O_RDWR)
+	if err != nil {
+		return nil, fmt.Errorf("posix_openpt: %w", err)
+	}
+	if _, err := C.grantpt(fd); err != nil {
+		C.close(fd)
+		return nil, fmt.Errorf("grantpt: %w", err)
+	}
+	return os.NewFile(uintptr(fd), ""), nil
+}
diff --git a/vendor/github.com/containerd/console/pty_freebsd_nocgo.go b/vendor/github.com/containerd/console/pty_freebsd_nocgo.go
new file mode 100644
index 0000000000000..b5e43181d4f36
--- /dev/null
+++ b/vendor/github.com/containerd/console/pty_freebsd_nocgo.go
@@ -0,0 +1,36 @@
+// +build freebsd,!cgo
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package console
+
+import (
+	"os"
+)
+
+//
+// Implementing the functions below requires cgo support.  Non-cgo stubs
+// versions are defined below to enable cross-compilation of source code
+// that depends on these functions, but the resultant cross-compiled
+// binaries cannot actually be used.  If the stub function(s) below are
+// actually invoked they will display an error message and cause the
+// calling process to exit.
+//
+
+func openpt() (*os.File, error) {
+	panic("openpt() support requires cgo.")
+}
diff --git a/vendor/github.com/containerd/console/pty_unix.go b/vendor/github.com/containerd/console/pty_unix.go
new file mode 100644
index 0000000000000..d5a6bd8ca2e80
--- /dev/null
+++ b/vendor/github.com/containerd/console/pty_unix.go
@@ -0,0 +1,30 @@
+// +build darwin linux netbsd openbsd solaris
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package console
+
+import (
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+// openpt allocates a new pseudo-terminal by opening the /dev/ptmx device
+func openpt() (*os.File, error) {
+	return os.OpenFile("/dev/ptmx", unix.O_RDWR|unix.O_NOCTTY|unix.O_CLOEXEC, 0)
+}
diff --git a/vendor/github.com/containerd/console/tc_darwin.go b/vendor/github.com/containerd/console/tc_darwin.go
index b0128abb0c62b..787154580f6c2 100644
--- a/vendor/github.com/containerd/console/tc_darwin.go
+++ b/vendor/github.com/containerd/console/tc_darwin.go
@@ -19,7 +19,6 @@ package console
 import (
 	"fmt"
 	"os"
-	"unsafe"
 
 	"golang.org/x/sys/unix"
 )
@@ -29,18 +28,10 @@ const (
 	cmdTcSet = unix.TIOCSETA
 )
 
-func ioctl(fd, flag, data uintptr) error {
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, flag, data); err != 0 {
-		return err
-	}
-	return nil
-}
-
 // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
 // unlockpt should be called before opening the slave side of a pty.
 func unlockpt(f *os.File) error {
-	var u int32
-	return ioctl(f.Fd(), unix.TIOCPTYUNLK, uintptr(unsafe.Pointer(&u)))
+	return unix.IoctlSetPointerInt(int(f.Fd()), unix.TIOCPTYUNLK, 0)
 }
 
 // ptsname retrieves the name of the first available pts for the given master.
diff --git a/vendor/github.com/containerd/console/tc_freebsd.go b/vendor/github.com/containerd/console/tc_freebsd.go
deleted file mode 100644
index 04583a6156989..0000000000000
--- a/vendor/github.com/containerd/console/tc_freebsd.go
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"fmt"
-	"os"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	cmdTcGet = unix.TIOCGETA
-	cmdTcSet = unix.TIOCSETA
-)
-
-// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
-// unlockpt should be called before opening the slave side of a pty.
-// This does not exist on FreeBSD, it does not allocate controlling terminals on open
-func unlockpt(f *os.File) error {
-	return nil
-}
-
-// ptsname retrieves the name of the first available pts for the given master.
-func ptsname(f *os.File) (string, error) {
-	n, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCGPTN)
-	if err != nil {
-		return "", err
-	}
-	return fmt.Sprintf("/dev/pts/%d", n), nil
-}
diff --git a/vendor/github.com/containerd/console/tc_freebsd_cgo.go b/vendor/github.com/containerd/console/tc_freebsd_cgo.go
new file mode 100644
index 0000000000000..0f3d27273094c
--- /dev/null
+++ b/vendor/github.com/containerd/console/tc_freebsd_cgo.go
@@ -0,0 +1,57 @@
+// +build freebsd,cgo
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package console
+
+import (
+	"fmt"
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+/*
+#include <stdlib.h>
+#include <unistd.h>
+*/
+import "C"
+
+const (
+	cmdTcGet = unix.TIOCGETA
+	cmdTcSet = unix.TIOCSETA
+)
+
+// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
+// unlockpt should be called before opening the slave side of a pty.
+func unlockpt(f *os.File) error {
+	fd := C.int(f.Fd())
+	if _, err := C.unlockpt(fd); err != nil {
+		C.close(fd)
+		return fmt.Errorf("unlockpt: %w", err)
+	}
+	return nil
+}
+
+// ptsname retrieves the name of the first available pts for the given master.
+func ptsname(f *os.File) (string, error) {
+	n, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCGPTN)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("/dev/pts/%d", n), nil
+}
diff --git a/vendor/github.com/containerd/console/tc_freebsd_nocgo.go b/vendor/github.com/containerd/console/tc_freebsd_nocgo.go
new file mode 100644
index 0000000000000..087fc158a1696
--- /dev/null
+++ b/vendor/github.com/containerd/console/tc_freebsd_nocgo.go
@@ -0,0 +1,55 @@
+// +build freebsd,!cgo
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package console
+
+import (
+	"fmt"
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+const (
+	cmdTcGet = unix.TIOCGETA
+	cmdTcSet = unix.TIOCSETA
+)
+
+//
+// Implementing the functions below requires cgo support.  Non-cgo stubs
+// versions are defined below to enable cross-compilation of source code
+// that depends on these functions, but the resultant cross-compiled
+// binaries cannot actually be used.  If the stub function(s) below are
+// actually invoked they will display an error message and cause the
+// calling process to exit.
+//
+
+// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
+// unlockpt should be called before opening the slave side of a pty.
+func unlockpt(f *os.File) error {
+	panic("unlockpt() support requires cgo.")
+}
+
+// ptsname retrieves the name of the first available pts for the given master.
+func ptsname(f *os.File) (string, error) {
+	n, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCGPTN)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("/dev/pts/%d", n), nil
+}
diff --git a/vendor/github.com/containerd/console/tc_linux.go b/vendor/github.com/containerd/console/tc_linux.go
index 1bdd68e6d55b6..7d552ea4ba137 100644
--- a/vendor/github.com/containerd/console/tc_linux.go
+++ b/vendor/github.com/containerd/console/tc_linux.go
@@ -33,6 +33,7 @@ const (
 // unlockpt should be called before opening the slave side of a pty.
 func unlockpt(f *os.File) error {
 	var u int32
+	// XXX do not use unix.IoctlSetPointerInt here, see commit dbd69c59b81.
 	if _, _, err := unix.Syscall(unix.SYS_IOCTL, f.Fd(), unix.TIOCSPTLCK, uintptr(unsafe.Pointer(&u))); err != 0 {
 		return err
 	}
@@ -42,6 +43,7 @@ func unlockpt(f *os.File) error {
 // ptsname retrieves the name of the first available pts for the given master.
 func ptsname(f *os.File) (string, error) {
 	var u uint32
+	// XXX do not use unix.IoctlGetInt here, see commit dbd69c59b81.
 	if _, _, err := unix.Syscall(unix.SYS_IOCTL, f.Fd(), unix.TIOCGPTN, uintptr(unsafe.Pointer(&u))); err != 0 {
 		return "", err
 	}
diff --git a/vendor/github.com/containerd/console/tc_netbsd.go b/vendor/github.com/containerd/console/tc_netbsd.go
new file mode 100644
index 0000000000000..71227aefdffdb
--- /dev/null
+++ b/vendor/github.com/containerd/console/tc_netbsd.go
@@ -0,0 +1,45 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package console
+
+import (
+	"bytes"
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+const (
+	cmdTcGet = unix.TIOCGETA
+	cmdTcSet = unix.TIOCSETA
+)
+
+// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
+// unlockpt should be called before opening the slave side of a pty.
+// This does not exist on NetBSD, it does not allocate controlling terminals on open
+func unlockpt(f *os.File) error {
+	return nil
+}
+
+// ptsname retrieves the name of the first available pts for the given master.
+func ptsname(f *os.File) (string, error) {
+	ptm, err := unix.IoctlGetPtmget(int(f.Fd()), unix.TIOCPTSNAME)
+	if err != nil {
+		return "", err
+	}
+	return string(ptm.Sn[:bytes.IndexByte(ptm.Sn[:], 0)]), nil
+}
diff --git a/vendor/github.com/containerd/console/tc_unix.go b/vendor/github.com/containerd/console/tc_unix.go
index 7ae773c53eaaa..5cd4c550ce884 100644
--- a/vendor/github.com/containerd/console/tc_unix.go
+++ b/vendor/github.com/containerd/console/tc_unix.go
@@ -1,4 +1,4 @@
-// +build darwin freebsd linux openbsd solaris
+// +build darwin freebsd linux netbsd openbsd solaris
 
 /*
    Copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/containerd/README.md b/vendor/github.com/containerd/containerd/README.md
index c4d9dffdbdc58..1ecec1ff04b16 100644
--- a/vendor/github.com/containerd/containerd/README.md
+++ b/vendor/github.com/containerd/containerd/README.md
@@ -1,18 +1,32 @@
-![banner](https://github.com/containerd/containerd.io/blob/master/static/img/containerd-dark.png?raw=true)
+![containerd banner](https://raw.githubusercontent.com/cncf/artwork/master/projects/containerd/horizontal/color/containerd-horizontal-color.png)
 
-[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd)
-[![Build Status](https://travis-ci.org/containerd/containerd.svg?branch=master)](https://travis-ci.org/containerd/containerd)
-[![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/containerd/containerd)](https://pkg.go.dev/github.com/containerd/containerd)
+[![Build Status](https://github.com/containerd/containerd/workflows/CI/badge.svg)](https://github.com/containerd/containerd/actions?query=workflow%3ACI)
+[![Nightlies](https://github.com/containerd/containerd/workflows/Nightly/badge.svg)](https://github.com/containerd/containerd/actions?query=workflow%3ANightly)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield)
 [![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271)
 
 containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.
 
+containerd is a member of CNCF with ['graduated'](https://landscape.cncf.io/selected=containerd) status.
+
 containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.
 
 ![architecture](design/architecture.png)
 
+## Now Recruiting
+
+We are a large inclusive OSS project that is welcoming help of any kind shape or form:
+* Documentation help is needed to make the product easier to consume and extend.
+* We need OSS community outreach / organizing help to get the word out; manage
+and create messaging and educational content; and to help with social media, community forums/groups, and google groups.
+* We are actively inviting new [security advisors](https://github.com/containerd/project/blob/master/GOVERNANCE.md#security-advisors) to join the team.
+* New sub-projects are being created, core and non-core that could use additional development help.
+* Each of the [containerd projects](https://github.com/containerd) has a list of issues currently being worked on or that need help resolving.
+  - If the issue has not already been assigned to someone, or has not made recent progress and you are interested, please inquire.
+  - If you are interested in starting with a smaller / beginner level issue, look for issues with an `exp/beginner` tag, for example [containerd/containerd beginner issues.](https://github.com/containerd/containerd/issues?q=is%3Aissue+is%3Aopen+label%3Aexp%2Fbeginner)
+
 ## Getting Started
 
 See our documentation on [containerd.io](https://containerd.io):
@@ -24,12 +38,19 @@ See how to build containerd from source at [BUILDING](BUILDING.md).
 
 If you are interested in trying out containerd see our example at [Getting Started](docs/getting-started.md).
 
+## Nightly builds
+
+There are nightly builds available for download [here](https://github.com/containerd/containerd/actions?query=workflow%3ANightly).
+Binaries are generated from `master` branch every night for `Linux` and `Windows`.
+
+Please be aware: nightly builds might have critical bugs, it's not recommended for use in production and no support provided.
 
 ## Runtime Requirements
 
 Runtime requirements for containerd are very minimal. Most interactions with
 the Linux and Windows container feature sets are handled via [runc](https://github.com/opencontainers/runc) and/or
-OS-specific libraries (e.g. [hcsshim](https://github.com/Microsoft/hcsshim) for Microsoft). The current required version of `runc` is always listed in [RUNC.md](/RUNC.md).
+OS-specific libraries (e.g. [hcsshim](https://github.com/Microsoft/hcsshim) for Microsoft).
+The current required version of `runc` is described in [RUNC.md](docs/RUNC.md).
 
 There are specific features
 used by containerd core code and snapshotters that will require a minimum kernel
@@ -119,7 +140,7 @@ redis, err := client.NewContainer(context, "redis-master", containerd.WithNewSpe
 
 ### Root Filesystems
 
-containerd allows you to use overlay or snapshot filesystems with your containers.  It comes with builtin support for overlayfs and btrfs.
+containerd allows you to use overlay or snapshot filesystems with your containers.  It comes with built in support for overlayfs and btrfs.
 
 ```go
 // pull an image and unpack it into the configured snapshotter
@@ -147,10 +168,10 @@ Taking a container object and turning it into a runnable process on a system is
 
 ```go
 // create a new task
-task, err := redis.NewTask(context, cio.Stdio)
+task, err := redis.NewTask(context, cio.NewCreator(cio.WithStdio))
 defer task.Delete(context)
 
-// the task is now running and has a pid that can be use to setup networking
+// the task is now running and has a pid that can be used to setup networking
 // or other runtime settings outside of containerd
 pid := task.Pid()
 
@@ -163,7 +184,7 @@ status, err := task.Wait(context)
 
 ### Checkpoint and Restore
 
-If you have [criu](https://criu.org/Main_Page) installed on your machine you can checkpoint and restore containers and their tasks.  This allow you to clone and/or live migrate containers to other machines.
+If you have [criu](https://criu.org/Main_Page) installed on your machine you can checkpoint and restore containers and their tasks.  This allows you to clone and/or live migrate containers to other machines.
 
 ```go
 // checkpoint the task then push it to a registry
@@ -172,14 +193,12 @@ checkpoint, err := task.Checkpoint(context)
 err := client.Push(context, "myregistry/checkpoints/redis:master", checkpoint)
 
 // on a new machine pull the checkpoint and restore the redis container
-image, err := client.Pull(context, "myregistry/checkpoints/redis:master")
-
-checkpoint := image.Target()
+checkpoint, err := client.Pull(context, "myregistry/checkpoints/redis:master")
 
-redis, err = client.NewContainer(context, "redis-master", containerd.WithCheckpoint(checkpoint, "redis-rootfs"))
+redis, err = client.NewContainer(context, "redis-master", containerd.WithNewSnapshot("redis-rootfs", checkpoint))
 defer container.Delete(context)
 
-task, err = redis.NewTask(context, cio.Stdio, containerd.WithTaskCheckpoint(checkpoint))
+task, err = redis.NewTask(context, cio.NewCreator(cio.WithStdio), containerd.WithTaskCheckpoint(checkpoint))
 defer task.Delete(context)
 
 err := task.Start(context)
@@ -205,26 +224,83 @@ effect.
     address =  "/var/run/mysnapshotter.sock"
 ```
 
-See [PLUGINS.md](PLUGINS.md) for how to create plugins
+See [PLUGINS.md](/docs/PLUGINS.md) for how to create plugins
 
 ### Releases and API Stability
 
 Please see [RELEASES.md](RELEASES.md) for details on versioning and stability
 of containerd components.
 
-### Development reports.
+Downloadable 64-bit Intel/AMD binaries of all official releases are available on
+our [releases page](https://github.com/containerd/containerd/releases).
+
+For other architectures and distribution support, you will find that many
+Linux distributions package their own containerd and provide it across several
+architectures, such as [Canonical's Ubuntu packaging](https://launchpad.net/ubuntu/bionic/+package/containerd).
+
+#### Enabling command auto-completion
+
+Starting with containerd 1.4, the urfave client feature for auto-creation of bash and zsh
+autocompletion data is enabled. To use the autocomplete feature in a bash shell for example, source
+the autocomplete/ctr file in your `.bashrc`, or manually like:
+
+```
+$ source ./contrib/autocomplete/ctr
+```
+
+#### Distribution of `ctr` autocomplete for bash and zsh
+
+For bash, copy the `contrib/autocomplete/ctr` script into
+`/etc/bash_completion.d/` and rename it to `ctr`. The `zsh_autocomplete`
+file is also available and can be used similarly for zsh users.
+
+Provide documentation to users to `source` this file into their shell if
+you don't place the autocomplete file in a location where it is automatically
+loaded for the user's shell environment.
+
+### CRI
 
-Weekly summary on the progress and what is being worked on.
-https://github.com/containerd/containerd/tree/master/reports
+`cri` is a [containerd](https://containerd.io/) plugin implementation of the Kubernetes [container runtime interface (CRI)](https://github.com/kubernetes/cri-api/blob/master/pkg/apis/runtime/v1alpha2/api.proto). With it, you are able to use containerd as the container runtime for a Kubernetes cluster.
+
+![cri](./docs/cri/cri.png)
+
+#### CRI Status
+
+`cri` is a native plugin of containerd. Since containerd 1.1, the cri plugin is built into the release binaries and enabled by default.
+
+> **Note:** As of containerd 1.5, the `cri` plugin is merged into the containerd/containerd repo. For example, the source code previously stored under [`containerd/cri/pkg`](https://github.com/containerd/cri/tree/release/1.4/pkg)
+was moved to [`containerd/containerd/pkg/cri` package](https://github.com/containerd/containerd/tree/master/pkg/cri).
+
+The `cri` plugin has reached GA status, representing that it is:
+* Feature complete
+* Works with Kubernetes 1.10 and above
+* Passes all [CRI validation tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-node/cri-validation.md).
+* Passes all [node e2e tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-node/e2e-node-tests.md).
+* Passes all [e2e tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-testing/e2e-tests.md).
+
+See results on the containerd k8s [test dashboard](https://k8s-testgrid.appspot.com/sig-node-containerd)
+
+#### Validating Your `cri` Setup
+A Kubernetes incubator project, [cri-tools](https://github.com/kubernetes-sigs/cri-tools), includes programs for exercising CRI implementations. More importantly, cri-tools includes the program `critest` which is used for running [CRI Validation Testing](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-node/cri-validation.md).
+
+#### CRI Guides
+* [Installing with Ansible and Kubeadm](contrib/ansible/README.md)
+* [For Non-Ansible Users, Preforming a Custom Installation Using the Release Tarball and Kubeadm](docs/cri/installation.md)
+* [CRI Plugin Testing Guide](./docs/cri/testing.md)
+* [Debugging Pods, Containers, and Images with `crictl`](./docs/cri/crictl.md)
+* [Configuring `cri` Plugins](./docs/cri/config.md)
+* [Configuring containerd](https://github.com/containerd/containerd/blob/master/docs/man/containerd-config.8.md)
 
 ### Communication
 
 For async communication and long running discussions please use issues and pull requests on the github repo.
 This will be the best place to discuss design and implementation.
 
-For sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development.
+For sync communication catch us in the `#containerd` and `#containerd-dev` slack channels on Cloud Native Computing Foundation's (CNCF) slack - `cloud-native.slack.com`. Everyone is welcome to join and chat. [Get Invite to CNCF slack.](https://slack.cncf.io)
 
-**Slack:** https://join.slack.com/t/dockercommunity/shared_invite/enQtNDM4NjAwNDMyOTUwLWZlMDZmYWRjZjk4Zjc5ZGQ5NWZkOWI1Yjk2NGE3ZWVlYjYxM2VhYjczOWIyZDFhZTE3NTUwZWQzMjhmNGYyZTg
+### Security audit
+
+A third party security audit was performed by Cure53 in 4Q2018; the [full report](docs/SECURITY_AUDIT.pdf) is available in our docs/ directory.
 
 ### Reporting security issues
 
@@ -232,7 +308,25 @@ __If you are reporting a security issue, please reach out discreetly at security
 
 ## Licenses
 
-The containerd codebase is released under the [Apache 2.0 license](LICENSE.code).
+The containerd codebase is released under the [Apache 2.0 license](LICENSE).
 The README.md file, and files in the "docs" folder are licensed under the
 Creative Commons Attribution 4.0 International License. You may obtain a
 copy of the license, titled CC-BY-4.0, at http://creativecommons.org/licenses/by/4.0/.
+
+## Project details
+
+**containerd** is the primary open source project within the broader containerd GitHub repository.
+However, all projects within the repo have common maintainership, governance, and contributing
+guidelines which are stored in a `project` repository commonly for all containerd projects.
+
+Please find all these core project documents, including the:
+ * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.
+
+## Adoption
+
+Interested to see who is using containerd? Are you using containerd in a project?
+Please add yourself via pull request to our [ADOPTERS.md](./ADOPTERS.md) file.
diff --git a/vendor/github.com/containerd/containerd/api/events/container.pb.go b/vendor/github.com/containerd/containerd/api/events/container.pb.go
index c89d97f3ee9f7..fe002e0736c26 100644
--- a/vendor/github.com/containerd/containerd/api/events/container.pb.go
+++ b/vendor/github.com/containerd/containerd/api/events/container.pb.go
@@ -1,60 +1,20 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/events/container.proto
 
-/*
-	Package events is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/events/container.proto
-		github.com/containerd/containerd/api/events/content.proto
-		github.com/containerd/containerd/api/events/image.proto
-		github.com/containerd/containerd/api/events/namespace.proto
-		github.com/containerd/containerd/api/events/snapshot.proto
-		github.com/containerd/containerd/api/events/task.proto
-
-	It has these top-level messages:
-		ContainerCreate
-		ContainerUpdate
-		ContainerDelete
-		ContentDelete
-		ImageCreate
-		ImageUpdate
-		ImageDelete
-		NamespaceCreate
-		NamespaceUpdate
-		NamespaceDelete
-		SnapshotPrepare
-		SnapshotCommit
-		SnapshotRemove
-		TaskCreate
-		TaskStart
-		TaskDelete
-		TaskIO
-		TaskExit
-		TaskOOM
-		TaskExecAdded
-		TaskExecStarted
-		TaskPaused
-		TaskResumed
-		TaskCheckpointed
-*/
 package events
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/types"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-// skipping weak import containerd_plugin "github.com/containerd/containerd/protobuf/plugin"
-
-import typeurl "github.com/containerd/typeurl"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	fmt "fmt"
+	github_com_containerd_typeurl "github.com/containerd/typeurl"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -65,55 +25,212 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type ContainerCreate struct {
-	ID      string                   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Image   string                   `protobuf:"bytes,2,opt,name=image,proto3" json:"image,omitempty"`
-	Runtime *ContainerCreate_Runtime `protobuf:"bytes,3,opt,name=runtime" json:"runtime,omitempty"`
+	ID                   string                   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Image                string                   `protobuf:"bytes,2,opt,name=image,proto3" json:"image,omitempty"`
+	Runtime              *ContainerCreate_Runtime `protobuf:"bytes,3,opt,name=runtime,proto3" json:"runtime,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
+	XXX_unrecognized     []byte                   `json:"-"`
+	XXX_sizecache        int32                    `json:"-"`
 }
 
-func (m *ContainerCreate) Reset()                    { *m = ContainerCreate{} }
-func (*ContainerCreate) ProtoMessage()               {}
-func (*ContainerCreate) Descriptor() ([]byte, []int) { return fileDescriptorContainer, []int{0} }
+func (m *ContainerCreate) Reset()      { *m = ContainerCreate{} }
+func (*ContainerCreate) ProtoMessage() {}
+func (*ContainerCreate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0d1f05b8626f83ea, []int{0}
+}
+func (m *ContainerCreate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerCreate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerCreate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerCreate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerCreate.Merge(m, src)
+}
+func (m *ContainerCreate) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContainerCreate) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerCreate.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ContainerCreate proto.InternalMessageInfo
 
 type ContainerCreate_Runtime struct {
-	Name    string               `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Options *google_protobuf.Any `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
+	Name                 string     `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Options              *types.Any `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
 }
 
 func (m *ContainerCreate_Runtime) Reset()      { *m = ContainerCreate_Runtime{} }
 func (*ContainerCreate_Runtime) ProtoMessage() {}
 func (*ContainerCreate_Runtime) Descriptor() ([]byte, []int) {
-	return fileDescriptorContainer, []int{0, 0}
+	return fileDescriptor_0d1f05b8626f83ea, []int{0, 0}
+}
+func (m *ContainerCreate_Runtime) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerCreate_Runtime) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerCreate_Runtime.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerCreate_Runtime) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerCreate_Runtime.Merge(m, src)
+}
+func (m *ContainerCreate_Runtime) XXX_Size() int {
+	return m.Size()
 }
+func (m *ContainerCreate_Runtime) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerCreate_Runtime.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ContainerCreate_Runtime proto.InternalMessageInfo
 
 type ContainerUpdate struct {
-	ID          string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Image       string            `protobuf:"bytes,2,opt,name=image,proto3" json:"image,omitempty"`
-	Labels      map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	SnapshotKey string            `protobuf:"bytes,4,opt,name=snapshot_key,json=snapshotKey,proto3" json:"snapshot_key,omitempty"`
+	ID                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Image                string            `protobuf:"bytes,2,opt,name=image,proto3" json:"image,omitempty"`
+	Labels               map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	SnapshotKey          string            `protobuf:"bytes,4,opt,name=snapshot_key,json=snapshotKey,proto3" json:"snapshot_key,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *ContainerUpdate) Reset()      { *m = ContainerUpdate{} }
+func (*ContainerUpdate) ProtoMessage() {}
+func (*ContainerUpdate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0d1f05b8626f83ea, []int{1}
+}
+func (m *ContainerUpdate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerUpdate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerUpdate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerUpdate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerUpdate.Merge(m, src)
+}
+func (m *ContainerUpdate) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContainerUpdate) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerUpdate.DiscardUnknown(m)
 }
 
-func (m *ContainerUpdate) Reset()                    { *m = ContainerUpdate{} }
-func (*ContainerUpdate) ProtoMessage()               {}
-func (*ContainerUpdate) Descriptor() ([]byte, []int) { return fileDescriptorContainer, []int{1} }
+var xxx_messageInfo_ContainerUpdate proto.InternalMessageInfo
 
 type ContainerDelete struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ContainerDelete) Reset()      { *m = ContainerDelete{} }
+func (*ContainerDelete) ProtoMessage() {}
+func (*ContainerDelete) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0d1f05b8626f83ea, []int{2}
+}
+func (m *ContainerDelete) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerDelete) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerDelete.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerDelete) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerDelete.Merge(m, src)
+}
+func (m *ContainerDelete) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContainerDelete) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerDelete.DiscardUnknown(m)
 }
 
-func (m *ContainerDelete) Reset()                    { *m = ContainerDelete{} }
-func (*ContainerDelete) ProtoMessage()               {}
-func (*ContainerDelete) Descriptor() ([]byte, []int) { return fileDescriptorContainer, []int{2} }
+var xxx_messageInfo_ContainerDelete proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*ContainerCreate)(nil), "containerd.events.ContainerCreate")
 	proto.RegisterType((*ContainerCreate_Runtime)(nil), "containerd.events.ContainerCreate.Runtime")
 	proto.RegisterType((*ContainerUpdate)(nil), "containerd.events.ContainerUpdate")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.events.ContainerUpdate.LabelsEntry")
 	proto.RegisterType((*ContainerDelete)(nil), "containerd.events.ContainerDelete")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/events/container.proto", fileDescriptor_0d1f05b8626f83ea)
+}
+
+var fileDescriptor_0d1f05b8626f83ea = []byte{
+	// 413 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x92, 0xc1, 0x0a, 0xd3, 0x30,
+	0x18, 0xc7, 0x97, 0x76, 0x6e, 0x98, 0x0a, 0x6a, 0x18, 0x52, 0x7b, 0xa8, 0x73, 0xa7, 0xe9, 0x21,
+	0x85, 0x7a, 0x51, 0x77, 0xd1, 0x6d, 0x0a, 0xa2, 0x82, 0x14, 0x84, 0xe1, 0x45, 0xd2, 0x35, 0xeb,
+	0x82, 0x6d, 0x52, 0xda, 0x74, 0xd0, 0x9b, 0x8f, 0xe2, 0xe3, 0xec, 0xe8, 0xc1, 0x83, 0x27, 0x71,
+	0x05, 0xdf, 0xc0, 0x07, 0x90, 0x26, 0xeb, 0x56, 0x14, 0x95, 0x9d, 0xfa, 0xcf, 0xd7, 0xff, 0x3f,
+	0xdf, 0xf7, 0xfb, 0x08, 0x9c, 0xc5, 0x4c, 0x6e, 0xcb, 0x10, 0xaf, 0x45, 0xea, 0xad, 0x05, 0x97,
+	0x84, 0x71, 0x9a, 0x47, 0x5d, 0x49, 0x32, 0xe6, 0xd1, 0x1d, 0xe5, 0xb2, 0x38, 0x57, 0x71, 0x96,
+	0x0b, 0x29, 0xd0, 0xcd, 0xb3, 0x0d, 0x6b, 0x8b, 0x73, 0x3b, 0x16, 0x22, 0x4e, 0xa8, 0xa7, 0x0c,
+	0x61, 0xb9, 0xf1, 0x08, 0xaf, 0xb4, 0xdb, 0x19, 0xc5, 0x22, 0x16, 0x4a, 0x7a, 0x8d, 0x3a, 0x56,
+	0x9f, 0xfc, 0x77, 0x80, 0xd3, 0x55, 0x59, 0x52, 0xc6, 0x8c, 0x7b, 0x1b, 0x46, 0x93, 0x28, 0x23,
+	0x72, 0xab, 0x6f, 0x98, 0x7c, 0x01, 0xf0, 0xfa, 0xa2, 0xb5, 0x2f, 0x72, 0x4a, 0x24, 0x45, 0xb7,
+	0xa0, 0xc1, 0x22, 0x1b, 0x8c, 0xc1, 0xf4, 0xea, 0x7c, 0x50, 0x7f, 0xbb, 0x63, 0xbc, 0x58, 0x06,
+	0x06, 0x8b, 0xd0, 0x08, 0x5e, 0x61, 0x29, 0x89, 0xa9, 0x6d, 0x34, 0xbf, 0x02, 0x7d, 0x40, 0x4b,
+	0x38, 0xcc, 0x4b, 0x2e, 0x59, 0x4a, 0x6d, 0x73, 0x0c, 0xa6, 0x96, 0x7f, 0x1f, 0xff, 0x41, 0x86,
+	0x7f, 0x6b, 0x81, 0x03, 0x9d, 0x08, 0xda, 0xa8, 0xf3, 0x1a, 0x0e, 0x8f, 0x35, 0x84, 0x60, 0x9f,
+	0x93, 0x94, 0xea, 0x01, 0x02, 0xa5, 0x11, 0x86, 0x43, 0x91, 0x49, 0x26, 0x78, 0xa1, 0x9a, 0x5b,
+	0xfe, 0x08, 0xeb, 0x5d, 0xe1, 0x16, 0x10, 0x3f, 0xe5, 0x55, 0xd0, 0x9a, 0x26, 0x3f, 0xba, 0x58,
+	0x6f, 0xb3, 0xe8, 0x72, 0xac, 0xe7, 0x70, 0x90, 0x90, 0x90, 0x26, 0x85, 0x6d, 0x8e, 0xcd, 0xa9,
+	0xe5, 0xe3, 0x7f, 0x51, 0xe9, 0x0e, 0xf8, 0x95, 0x0a, 0x3c, 0xe3, 0x32, 0xaf, 0x82, 0x63, 0x1a,
+	0xdd, 0x85, 0xd7, 0x0a, 0x4e, 0xb2, 0x62, 0x2b, 0xe4, 0xfb, 0x0f, 0xb4, 0xb2, 0xfb, 0xaa, 0x89,
+	0xd5, 0xd6, 0x5e, 0xd2, 0xca, 0x79, 0x04, 0xad, 0x4e, 0x12, 0xdd, 0x80, 0x66, 0x63, 0xd4, 0xf8,
+	0x8d, 0x6c, 0x26, 0xdc, 0x91, 0xa4, 0x3c, 0x4d, 0xa8, 0x0e, 0x8f, 0x8d, 0x87, 0x60, 0x72, 0xaf,
+	0x83, 0xb9, 0xa4, 0x09, 0xfd, 0x3b, 0xe6, 0xfc, 0xcd, 0xfe, 0xe0, 0xf6, 0xbe, 0x1e, 0xdc, 0xde,
+	0xc7, 0xda, 0x05, 0xfb, 0xda, 0x05, 0x9f, 0x6b, 0x17, 0x7c, 0xaf, 0x5d, 0xf0, 0xe9, 0xa7, 0x0b,
+	0xde, 0xf9, 0x17, 0x3c, 0xe5, 0x99, 0xfe, 0xac, 0xc0, 0xca, 0x08, 0x07, 0x6a, 0xff, 0x0f, 0x7e,
+	0x05, 0x00, 0x00, 0xff, 0xff, 0xf5, 0x09, 0xe0, 0xd6, 0x0b, 0x03, 0x00, 0x00,
+}
+
 // Field returns the value for the given fieldpath as a string, if defined.
 // If the value is not defined, the second value will be false.
 func (m *ContainerCreate) Field(fieldpath []string) (string, bool) {
@@ -153,7 +270,7 @@ func (m *ContainerCreate_Runtime) Field(fieldpath []string) (string, bool) {
 	case "name":
 		return string(m.Name), len(m.Name) > 0
 	case "options":
-		decoded, err := typeurl.UnmarshalAny(m.Options)
+		decoded, err := github_com_containerd_typeurl.UnmarshalAny(m.Options)
 		if err != nil {
 			return "", false
 		}
@@ -209,7 +326,7 @@ func (m *ContainerDelete) Field(fieldpath []string) (string, bool) {
 func (m *ContainerCreate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -217,39 +334,52 @@ func (m *ContainerCreate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContainerCreate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContainer(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Runtime != nil {
+		{
+			size, err := m.Runtime.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContainer(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.Image) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Image)
+		copy(dAtA[i:], m.Image)
 		i = encodeVarintContainer(dAtA, i, uint64(len(m.Image)))
-		i += copy(dAtA[i:], m.Image)
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Runtime != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintContainer(dAtA, i, uint64(m.Runtime.Size()))
-		n1, err := m.Runtime.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintContainer(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ContainerCreate_Runtime) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -257,33 +387,45 @@ func (m *ContainerCreate_Runtime) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContainerCreate_Runtime) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerCreate_Runtime) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContainer(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Options != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintContainer(dAtA, i, uint64(m.Options.Size()))
-		n2, err := m.Options.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContainer(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintContainer(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ContainerUpdate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -291,52 +433,66 @@ func (m *ContainerUpdate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContainerUpdate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContainer(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Image) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintContainer(dAtA, i, uint64(len(m.Image)))
-		i += copy(dAtA[i:], m.Image)
+	if len(m.SnapshotKey) > 0 {
+		i -= len(m.SnapshotKey)
+		copy(dAtA[i:], m.SnapshotKey)
+		i = encodeVarintContainer(dAtA, i, uint64(len(m.SnapshotKey)))
+		i--
+		dAtA[i] = 0x22
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovContainer(uint64(len(k))) + 1 + len(v) + sovContainer(uint64(len(v)))
-			i = encodeVarintContainer(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintContainer(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintContainer(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintContainer(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintContainer(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if len(m.SnapshotKey) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintContainer(dAtA, i, uint64(len(m.SnapshotKey)))
-		i += copy(dAtA[i:], m.SnapshotKey)
+	if len(m.Image) > 0 {
+		i -= len(m.Image)
+		copy(dAtA[i:], m.Image)
+		i = encodeVarintContainer(dAtA, i, uint64(len(m.Image)))
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintContainer(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ContainerDelete) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -344,29 +500,44 @@ func (m *ContainerDelete) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContainerDelete) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintContainer(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintContainer(dAtA []byte, offset int, v uint64) int {
+	offset -= sovContainer(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *ContainerCreate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -381,10 +552,16 @@ func (m *ContainerCreate) Size() (n int) {
 		l = m.Runtime.Size()
 		n += 1 + l + sovContainer(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ContainerCreate_Runtime) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -395,10 +572,16 @@ func (m *ContainerCreate_Runtime) Size() (n int) {
 		l = m.Options.Size()
 		n += 1 + l + sovContainer(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ContainerUpdate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -421,28 +604,30 @@ func (m *ContainerUpdate) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovContainer(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ContainerDelete) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovContainer(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovContainer(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozContainer(x uint64) (n int) {
 	return sovContainer(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -455,6 +640,7 @@ func (this *ContainerCreate) String() string {
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Image:` + fmt.Sprintf("%v", this.Image) + `,`,
 		`Runtime:` + strings.Replace(fmt.Sprintf("%v", this.Runtime), "ContainerCreate_Runtime", "ContainerCreate_Runtime", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -465,7 +651,8 @@ func (this *ContainerCreate_Runtime) String() string {
 	}
 	s := strings.Join([]string{`&ContainerCreate_Runtime{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "google_protobuf.Any", 1) + `,`,
+		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "types.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -478,7 +665,7 @@ func (this *ContainerUpdate) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -489,6 +676,7 @@ func (this *ContainerUpdate) String() string {
 		`Image:` + fmt.Sprintf("%v", this.Image) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
 		`SnapshotKey:` + fmt.Sprintf("%v", this.SnapshotKey) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -499,6 +687,7 @@ func (this *ContainerDelete) String() string {
 	}
 	s := strings.Join([]string{`&ContainerDelete{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -526,7 +715,7 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -554,7 +743,7 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -564,6 +753,9 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -583,7 +775,7 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -593,6 +785,9 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -612,7 +807,7 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -621,6 +816,9 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -637,12 +835,13 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainer
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -667,7 +866,7 @@ func (m *ContainerCreate_Runtime) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -695,7 +894,7 @@ func (m *ContainerCreate_Runtime) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -705,6 +904,9 @@ func (m *ContainerCreate_Runtime) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -724,7 +926,7 @@ func (m *ContainerCreate_Runtime) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -733,11 +935,14 @@ func (m *ContainerCreate_Runtime) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Options == nil {
-				m.Options = &google_protobuf.Any{}
+				m.Options = &types.Any{}
 			}
 			if err := m.Options.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -749,12 +954,13 @@ func (m *ContainerCreate_Runtime) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainer
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -779,7 +985,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -807,7 +1013,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -817,6 +1023,9 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -836,7 +1045,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -846,6 +1055,9 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -865,7 +1077,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -874,6 +1086,9 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -894,7 +1109,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -911,7 +1126,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -921,6 +1136,9 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContainer
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthContainer
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -937,7 +1155,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -947,6 +1165,9 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContainer
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthContainer
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -958,7 +1179,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthContainer
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -983,7 +1204,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -993,6 +1214,9 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1004,12 +1228,13 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainer
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1034,7 +1259,7 @@ func (m *ContainerDelete) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1062,7 +1287,7 @@ func (m *ContainerDelete) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1072,6 +1297,9 @@ func (m *ContainerDelete) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainer
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainer
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1083,12 +1311,13 @@ func (m *ContainerDelete) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainer
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1101,6 +1330,7 @@ func (m *ContainerDelete) Unmarshal(dAtA []byte) error {
 func skipContainer(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1132,10 +1362,8 @@ func skipContainer(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1152,87 +1380,34 @@ func skipContainer(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthContainer
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowContainer
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipContainer(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupContainer
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthContainer
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthContainer = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowContainer   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthContainer        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowContainer          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupContainer = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/events/container.proto", fileDescriptorContainer)
-}
-
-var fileDescriptorContainer = []byte{
-	// 413 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x92, 0xc1, 0x0a, 0xd3, 0x30,
-	0x18, 0xc7, 0x97, 0x76, 0x6e, 0x98, 0x0a, 0x6a, 0x18, 0x52, 0x7b, 0xa8, 0x73, 0xa7, 0xe9, 0x21,
-	0x85, 0x7a, 0x51, 0x77, 0xd1, 0x6d, 0x0a, 0xa2, 0x82, 0x14, 0x84, 0xe1, 0x45, 0xd2, 0x35, 0xeb,
-	0x82, 0x6d, 0x52, 0xda, 0x74, 0xd0, 0x9b, 0x8f, 0xe2, 0xe3, 0xec, 0xe8, 0xc1, 0x83, 0x27, 0x71,
-	0x05, 0xdf, 0xc0, 0x07, 0x90, 0x26, 0xeb, 0x56, 0x14, 0x95, 0x9d, 0xfa, 0xcf, 0xd7, 0xff, 0x3f,
-	0xdf, 0xf7, 0xfb, 0x08, 0x9c, 0xc5, 0x4c, 0x6e, 0xcb, 0x10, 0xaf, 0x45, 0xea, 0xad, 0x05, 0x97,
-	0x84, 0x71, 0x9a, 0x47, 0x5d, 0x49, 0x32, 0xe6, 0xd1, 0x1d, 0xe5, 0xb2, 0x38, 0x57, 0x71, 0x96,
-	0x0b, 0x29, 0xd0, 0xcd, 0xb3, 0x0d, 0x6b, 0x8b, 0x73, 0x3b, 0x16, 0x22, 0x4e, 0xa8, 0xa7, 0x0c,
-	0x61, 0xb9, 0xf1, 0x08, 0xaf, 0xb4, 0xdb, 0x19, 0xc5, 0x22, 0x16, 0x4a, 0x7a, 0x8d, 0x3a, 0x56,
-	0x9f, 0xfc, 0x77, 0x80, 0xd3, 0x55, 0x59, 0x52, 0xc6, 0x8c, 0x7b, 0x1b, 0x46, 0x93, 0x28, 0x23,
-	0x72, 0xab, 0x6f, 0x98, 0x7c, 0x01, 0xf0, 0xfa, 0xa2, 0xb5, 0x2f, 0x72, 0x4a, 0x24, 0x45, 0xb7,
-	0xa0, 0xc1, 0x22, 0x1b, 0x8c, 0xc1, 0xf4, 0xea, 0x7c, 0x50, 0x7f, 0xbb, 0x63, 0xbc, 0x58, 0x06,
-	0x06, 0x8b, 0xd0, 0x08, 0x5e, 0x61, 0x29, 0x89, 0xa9, 0x6d, 0x34, 0xbf, 0x02, 0x7d, 0x40, 0x4b,
-	0x38, 0xcc, 0x4b, 0x2e, 0x59, 0x4a, 0x6d, 0x73, 0x0c, 0xa6, 0x96, 0x7f, 0x1f, 0xff, 0x41, 0x86,
-	0x7f, 0x6b, 0x81, 0x03, 0x9d, 0x08, 0xda, 0xa8, 0xf3, 0x1a, 0x0e, 0x8f, 0x35, 0x84, 0x60, 0x9f,
-	0x93, 0x94, 0xea, 0x01, 0x02, 0xa5, 0x11, 0x86, 0x43, 0x91, 0x49, 0x26, 0x78, 0xa1, 0x9a, 0x5b,
-	0xfe, 0x08, 0xeb, 0x5d, 0xe1, 0x16, 0x10, 0x3f, 0xe5, 0x55, 0xd0, 0x9a, 0x26, 0x3f, 0xba, 0x58,
-	0x6f, 0xb3, 0xe8, 0x72, 0xac, 0xe7, 0x70, 0x90, 0x90, 0x90, 0x26, 0x85, 0x6d, 0x8e, 0xcd, 0xa9,
-	0xe5, 0xe3, 0x7f, 0x51, 0xe9, 0x0e, 0xf8, 0x95, 0x0a, 0x3c, 0xe3, 0x32, 0xaf, 0x82, 0x63, 0x1a,
-	0xdd, 0x85, 0xd7, 0x0a, 0x4e, 0xb2, 0x62, 0x2b, 0xe4, 0xfb, 0x0f, 0xb4, 0xb2, 0xfb, 0xaa, 0x89,
-	0xd5, 0xd6, 0x5e, 0xd2, 0xca, 0x79, 0x04, 0xad, 0x4e, 0x12, 0xdd, 0x80, 0x66, 0x63, 0xd4, 0xf8,
-	0x8d, 0x6c, 0x26, 0xdc, 0x91, 0xa4, 0x3c, 0x4d, 0xa8, 0x0e, 0x8f, 0x8d, 0x87, 0x60, 0x72, 0xaf,
-	0x83, 0xb9, 0xa4, 0x09, 0xfd, 0x3b, 0xe6, 0xfc, 0xcd, 0xfe, 0xe0, 0xf6, 0xbe, 0x1e, 0xdc, 0xde,
-	0xc7, 0xda, 0x05, 0xfb, 0xda, 0x05, 0x9f, 0x6b, 0x17, 0x7c, 0xaf, 0x5d, 0xf0, 0xe9, 0xa7, 0x0b,
-	0xde, 0xf9, 0x17, 0x3c, 0xe5, 0x99, 0xfe, 0xac, 0xc0, 0xca, 0x08, 0x07, 0x6a, 0xff, 0x0f, 0x7e,
-	0x05, 0x00, 0x00, 0xff, 0xff, 0xf5, 0x09, 0xe0, 0xd6, 0x0b, 0x03, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/events/container.proto b/vendor/github.com/containerd/containerd/api/events/container.proto
index 13aa5848c067b..dfeca308ea314 100644
--- a/vendor/github.com/containerd/containerd/api/events/container.proto
+++ b/vendor/github.com/containerd/containerd/api/events/container.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.events;
diff --git a/vendor/github.com/containerd/containerd/api/events/content.pb.go b/vendor/github.com/containerd/containerd/api/events/content.pb.go
index 87648d1938cfa..0a7ec9325d351 100644
--- a/vendor/github.com/containerd/containerd/api/events/content.pb.go
+++ b/vendor/github.com/containerd/containerd/api/events/content.pb.go
@@ -3,37 +3,94 @@
 
 package events
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-// skipping weak import containerd_plugin "github.com/containerd/containerd/protobuf/plugin"
-
-import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type ContentDelete struct {
-	Digest github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	Digest               github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
+}
+
+func (m *ContentDelete) Reset()      { *m = ContentDelete{} }
+func (*ContentDelete) ProtoMessage() {}
+func (*ContentDelete) Descriptor() ([]byte, []int) {
+	return fileDescriptor_dfb34b8b808e2ecd, []int{0}
+}
+func (m *ContentDelete) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContentDelete) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContentDelete.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContentDelete) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContentDelete.Merge(m, src)
+}
+func (m *ContentDelete) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContentDelete) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContentDelete.DiscardUnknown(m)
 }
 
-func (m *ContentDelete) Reset()                    { *m = ContentDelete{} }
-func (*ContentDelete) ProtoMessage()               {}
-func (*ContentDelete) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{0} }
+var xxx_messageInfo_ContentDelete proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*ContentDelete)(nil), "containerd.events.ContentDelete")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/events/content.proto", fileDescriptor_dfb34b8b808e2ecd)
+}
+
+var fileDescriptor_dfb34b8b808e2ecd = []byte{
+	// 228 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4c, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0xa7, 0x96, 0xa5, 0xe6, 0x95, 0x14, 0x83, 0x45, 0x53,
+	0xf3, 0x4a, 0xf4, 0x0a, 0x8a, 0xf2, 0x4b, 0xf2, 0x85, 0x04, 0x11, 0x8a, 0xf4, 0x20, 0x0a, 0xa4,
+	0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0xb2, 0xfa, 0x20, 0x16, 0x44, 0xa1, 0x94, 0x03, 0x41, 0x3b,
+	0xc0, 0xea, 0x92, 0x4a, 0xd3, 0xf4, 0x0b, 0x72, 0x4a, 0xd3, 0x33, 0xf3, 0xf4, 0xd3, 0x32, 0x53,
+	0x73, 0x52, 0x0a, 0x12, 0x4b, 0x32, 0x20, 0x26, 0x28, 0x45, 0x73, 0xf1, 0x3a, 0x43, 0xec, 0x76,
+	0x49, 0xcd, 0x49, 0x2d, 0x49, 0x15, 0xf2, 0xe2, 0x62, 0x4b, 0xc9, 0x4c, 0x4f, 0x2d, 0x2e, 0x91,
+	0x60, 0x54, 0x60, 0xd4, 0xe0, 0x74, 0x32, 0x3a, 0x71, 0x4f, 0x9e, 0xe1, 0xd6, 0x3d, 0x79, 0x2d,
+	0x24, 0xab, 0xf2, 0x0b, 0x52, 0xf3, 0xe0, 0x76, 0x14, 0xeb, 0xa7, 0xe7, 0xeb, 0x42, 0xb4, 0xe8,
+	0xb9, 0x80, 0xa9, 0x20, 0xa8, 0x09, 0x4e, 0x01, 0x27, 0x1e, 0xca, 0x31, 0xdc, 0x78, 0x28, 0xc7,
+	0xd0, 0xf0, 0x48, 0x8e, 0xf1, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x1f, 0x3c, 0x92,
+	0x63, 0x5c, 0xf0, 0x45, 0x8e, 0x31, 0xca, 0x88, 0x84, 0x00, 0xb2, 0x86, 0x50, 0x11, 0x0c, 0x11,
+	0x8c, 0x49, 0x6c, 0x60, 0x97, 0x1b, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, 0x4b, 0x78, 0x99, 0xee,
+	0x61, 0x01, 0x00, 0x00,
+}
+
 // Field returns the value for the given fieldpath as a string, if defined.
 // If the value is not defined, the second value will be false.
 func (m *ContentDelete) Field(fieldpath []string) (string, bool) {
@@ -50,7 +107,7 @@ func (m *ContentDelete) Field(fieldpath []string) (string, bool) {
 func (m *ContentDelete) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -58,47 +115,58 @@ func (m *ContentDelete) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContentDelete) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContentDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
 		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintContent(dAtA []byte, offset int, v uint64) int {
+	offset -= sovContent(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *ContentDelete) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Digest)
 	if l > 0 {
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovContent(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozContent(x uint64) (n int) {
 	return sovContent(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -109,6 +177,7 @@ func (this *ContentDelete) String() string {
 	}
 	s := strings.Join([]string{`&ContentDelete{`,
 		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -136,7 +205,7 @@ func (m *ContentDelete) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -164,7 +233,7 @@ func (m *ContentDelete) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -174,6 +243,9 @@ func (m *ContentDelete) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -185,12 +257,13 @@ func (m *ContentDelete) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -203,6 +276,7 @@ func (m *ContentDelete) Unmarshal(dAtA []byte) error {
 func skipContent(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -234,10 +308,8 @@ func skipContent(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -254,76 +326,34 @@ func skipContent(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthContent
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowContent
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipContent(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupContent
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthContent
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthContent = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowContent   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthContent        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowContent          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupContent = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/events/content.proto", fileDescriptorContent)
-}
-
-var fileDescriptorContent = []byte{
-	// 228 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4c, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0xa7, 0x96, 0xa5, 0xe6, 0x95, 0x14, 0x83, 0x45, 0x53,
-	0xf3, 0x4a, 0xf4, 0x0a, 0x8a, 0xf2, 0x4b, 0xf2, 0x85, 0x04, 0x11, 0x8a, 0xf4, 0x20, 0x0a, 0xa4,
-	0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0xb2, 0xfa, 0x20, 0x16, 0x44, 0xa1, 0x94, 0x03, 0x41, 0x3b,
-	0xc0, 0xea, 0x92, 0x4a, 0xd3, 0xf4, 0x0b, 0x72, 0x4a, 0xd3, 0x33, 0xf3, 0xf4, 0xd3, 0x32, 0x53,
-	0x73, 0x52, 0x0a, 0x12, 0x4b, 0x32, 0x20, 0x26, 0x28, 0x45, 0x73, 0xf1, 0x3a, 0x43, 0xec, 0x76,
-	0x49, 0xcd, 0x49, 0x2d, 0x49, 0x15, 0xf2, 0xe2, 0x62, 0x4b, 0xc9, 0x4c, 0x4f, 0x2d, 0x2e, 0x91,
-	0x60, 0x54, 0x60, 0xd4, 0xe0, 0x74, 0x32, 0x3a, 0x71, 0x4f, 0x9e, 0xe1, 0xd6, 0x3d, 0x79, 0x2d,
-	0x24, 0xab, 0xf2, 0x0b, 0x52, 0xf3, 0xe0, 0x76, 0x14, 0xeb, 0xa7, 0xe7, 0xeb, 0x42, 0xb4, 0xe8,
-	0xb9, 0x80, 0xa9, 0x20, 0xa8, 0x09, 0x4e, 0x01, 0x27, 0x1e, 0xca, 0x31, 0xdc, 0x78, 0x28, 0xc7,
-	0xd0, 0xf0, 0x48, 0x8e, 0xf1, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x1f, 0x3c, 0x92,
-	0x63, 0x5c, 0xf0, 0x45, 0x8e, 0x31, 0xca, 0x88, 0x84, 0x00, 0xb2, 0x86, 0x50, 0x11, 0x0c, 0x11,
-	0x8c, 0x49, 0x6c, 0x60, 0x97, 0x1b, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, 0x4b, 0x78, 0x99, 0xee,
-	0x61, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/events/content.proto b/vendor/github.com/containerd/containerd/api/events/content.proto
index aba50716f22d9..b8f84bc89b736 100644
--- a/vendor/github.com/containerd/containerd/api/events/content.proto
+++ b/vendor/github.com/containerd/containerd/api/events/content.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.events;
diff --git a/vendor/github.com/containerd/containerd/api/events/image.pb.go b/vendor/github.com/containerd/containerd/api/events/image.pb.go
index 8197005b6e1a3..747026945449d 100644
--- a/vendor/github.com/containerd/containerd/api/events/image.pb.go
+++ b/vendor/github.com/containerd/containerd/api/events/image.pb.go
@@ -3,55 +3,182 @@
 
 package events
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import containerd_plugin "github.com/containerd/containerd/protobuf/plugin"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type ImageCreate struct {
-	Name   string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Name                 string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
 }
 
-func (m *ImageCreate) Reset()                    { *m = ImageCreate{} }
-func (*ImageCreate) ProtoMessage()               {}
-func (*ImageCreate) Descriptor() ([]byte, []int) { return fileDescriptorImage, []int{0} }
+func (m *ImageCreate) Reset()      { *m = ImageCreate{} }
+func (*ImageCreate) ProtoMessage() {}
+func (*ImageCreate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7085610f7b33e042, []int{0}
+}
+func (m *ImageCreate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ImageCreate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ImageCreate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ImageCreate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ImageCreate.Merge(m, src)
+}
+func (m *ImageCreate) XXX_Size() int {
+	return m.Size()
+}
+func (m *ImageCreate) XXX_DiscardUnknown() {
+	xxx_messageInfo_ImageCreate.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ImageCreate proto.InternalMessageInfo
 
 type ImageUpdate struct {
-	Name   string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Name                 string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *ImageUpdate) Reset()      { *m = ImageUpdate{} }
+func (*ImageUpdate) ProtoMessage() {}
+func (*ImageUpdate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7085610f7b33e042, []int{1}
+}
+func (m *ImageUpdate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ImageUpdate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ImageUpdate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ImageUpdate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ImageUpdate.Merge(m, src)
+}
+func (m *ImageUpdate) XXX_Size() int {
+	return m.Size()
+}
+func (m *ImageUpdate) XXX_DiscardUnknown() {
+	xxx_messageInfo_ImageUpdate.DiscardUnknown(m)
 }
 
-func (m *ImageUpdate) Reset()                    { *m = ImageUpdate{} }
-func (*ImageUpdate) ProtoMessage()               {}
-func (*ImageUpdate) Descriptor() ([]byte, []int) { return fileDescriptorImage, []int{1} }
+var xxx_messageInfo_ImageUpdate proto.InternalMessageInfo
 
 type ImageDelete struct {
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *ImageDelete) Reset()                    { *m = ImageDelete{} }
-func (*ImageDelete) ProtoMessage()               {}
-func (*ImageDelete) Descriptor() ([]byte, []int) { return fileDescriptorImage, []int{2} }
+func (m *ImageDelete) Reset()      { *m = ImageDelete{} }
+func (*ImageDelete) ProtoMessage() {}
+func (*ImageDelete) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7085610f7b33e042, []int{2}
+}
+func (m *ImageDelete) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ImageDelete) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ImageDelete.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ImageDelete) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ImageDelete.Merge(m, src)
+}
+func (m *ImageDelete) XXX_Size() int {
+	return m.Size()
+}
+func (m *ImageDelete) XXX_DiscardUnknown() {
+	xxx_messageInfo_ImageDelete.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ImageDelete proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*ImageCreate)(nil), "containerd.services.images.v1.ImageCreate")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.images.v1.ImageCreate.LabelsEntry")
 	proto.RegisterType((*ImageUpdate)(nil), "containerd.services.images.v1.ImageUpdate")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.images.v1.ImageUpdate.LabelsEntry")
 	proto.RegisterType((*ImageDelete)(nil), "containerd.services.images.v1.ImageDelete")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/events/image.proto", fileDescriptor_7085610f7b33e042)
+}
+
+var fileDescriptor_7085610f7b33e042 = []byte{
+	// 292 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x32, 0x4f, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0xa7, 0x96, 0xa5, 0xe6, 0x95, 0x14, 0xeb, 0x67, 0xe6,
+	0x26, 0xa6, 0xa7, 0xea, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0xc9, 0x22, 0x94, 0xe8, 0x15, 0xa7,
+	0x16, 0x95, 0x65, 0x26, 0xa7, 0x16, 0xeb, 0x81, 0x15, 0x14, 0xeb, 0x95, 0x19, 0x4a, 0x39, 0x10,
+	0x34, 0x17, 0x6c, 0x4c, 0x52, 0x69, 0x9a, 0x7e, 0x41, 0x4e, 0x69, 0x7a, 0x66, 0x9e, 0x7e, 0x5a,
+	0x66, 0x6a, 0x4e, 0x4a, 0x41, 0x62, 0x49, 0x06, 0xc4, 0x02, 0xa5, 0x35, 0x8c, 0x5c, 0xdc, 0x9e,
+	0x20, 0xf3, 0x9c, 0x8b, 0x52, 0x13, 0x4b, 0x52, 0x85, 0x84, 0xb8, 0x58, 0xf2, 0x12, 0x73, 0x53,
+	0x25, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0xc0, 0x6c, 0x21, 0x3f, 0x2e, 0xb6, 0x9c, 0xc4, 0xa4,
+	0xd4, 0x9c, 0x62, 0x09, 0x26, 0x05, 0x66, 0x0d, 0x6e, 0x23, 0x33, 0x3d, 0xbc, 0xae, 0xd2, 0x43,
+	0x32, 0x4f, 0xcf, 0x07, 0xac, 0xd1, 0x35, 0xaf, 0xa4, 0xa8, 0x32, 0x08, 0x6a, 0x8a, 0x94, 0x25,
+	0x17, 0x37, 0x92, 0xb0, 0x90, 0x00, 0x17, 0x73, 0x76, 0x6a, 0x25, 0xd4, 0x46, 0x10, 0x53, 0x48,
+	0x84, 0x8b, 0xb5, 0x2c, 0x31, 0xa7, 0x34, 0x55, 0x82, 0x09, 0x2c, 0x06, 0xe1, 0x58, 0x31, 0x59,
+	0x30, 0x22, 0x9c, 0x1b, 0x5a, 0x90, 0x42, 0x55, 0xe7, 0x42, 0xcc, 0xa3, 0xb6, 0x73, 0x15, 0xa1,
+	0xae, 0x75, 0x49, 0xcd, 0x49, 0xc5, 0xee, 0x5a, 0xa7, 0x80, 0x13, 0x0f, 0xe5, 0x18, 0x6e, 0x3c,
+	0x94, 0x63, 0x68, 0x78, 0x24, 0xc7, 0x78, 0xe2, 0x91, 0x1c, 0xe3, 0x85, 0x47, 0x72, 0x8c, 0x0f,
+	0x1e, 0xc9, 0x31, 0x2e, 0xf8, 0x22, 0xc7, 0x18, 0x65, 0x44, 0x42, 0xc2, 0xb1, 0x86, 0x50, 0x11,
+	0x0c, 0x49, 0x6c, 0xe0, 0xb8, 0x35, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x41, 0x80, 0x92, 0x17,
+	0x77, 0x02, 0x00, 0x00,
+}
+
 // Field returns the value for the given fieldpath as a string, if defined.
 // If the value is not defined, the second value will be false.
 func (m *ImageCreate) Field(fieldpath []string) (string, bool) {
@@ -112,7 +239,7 @@ func (m *ImageDelete) Field(fieldpath []string) (string, bool) {
 func (m *ImageCreate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -120,40 +247,52 @@ func (m *ImageCreate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ImageCreate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ImageCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintImage(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovImage(uint64(len(k))) + 1 + len(v) + sovImage(uint64(len(v)))
-			i = encodeVarintImage(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintImage(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintImage(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintImage(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintImage(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintImage(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ImageUpdate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -161,40 +300,52 @@ func (m *ImageUpdate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ImageUpdate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ImageUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintImage(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovImage(uint64(len(k))) + 1 + len(v) + sovImage(uint64(len(v)))
-			i = encodeVarintImage(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintImage(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintImage(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintImage(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintImage(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintImage(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ImageDelete) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -202,29 +353,44 @@ func (m *ImageDelete) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ImageDelete) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ImageDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
 		i = encodeVarintImage(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintImage(dAtA []byte, offset int, v uint64) int {
+	offset -= sovImage(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *ImageCreate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -239,10 +405,16 @@ func (m *ImageCreate) Size() (n int) {
 			n += mapEntrySize + 1 + sovImage(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ImageUpdate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -257,28 +429,30 @@ func (m *ImageUpdate) Size() (n int) {
 			n += mapEntrySize + 1 + sovImage(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ImageDelete) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
 	if l > 0 {
 		n += 1 + l + sovImage(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovImage(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozImage(x uint64) (n int) {
 	return sovImage(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -291,7 +465,7 @@ func (this *ImageCreate) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -300,6 +474,7 @@ func (this *ImageCreate) String() string {
 	s := strings.Join([]string{`&ImageCreate{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -312,7 +487,7 @@ func (this *ImageUpdate) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -321,6 +496,7 @@ func (this *ImageUpdate) String() string {
 	s := strings.Join([]string{`&ImageUpdate{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -331,6 +507,7 @@ func (this *ImageDelete) String() string {
 	}
 	s := strings.Join([]string{`&ImageDelete{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -358,7 +535,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -386,7 +563,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -396,6 +573,9 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImage
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthImage
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -415,7 +595,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -424,6 +604,9 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImage
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImage
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -444,7 +627,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -461,7 +644,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -471,6 +654,9 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthImage
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthImage
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -487,7 +673,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -497,6 +683,9 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthImage
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthImage
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -508,7 +697,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthImage
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -525,12 +714,13 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImage
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -555,7 +745,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -583,7 +773,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -593,6 +783,9 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImage
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthImage
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -612,7 +805,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -621,6 +814,9 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImage
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImage
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -641,7 +837,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -658,7 +854,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -668,6 +864,9 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthImage
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthImage
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -684,7 +883,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -694,6 +893,9 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthImage
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthImage
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -705,7 +907,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthImage
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -722,12 +924,13 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImage
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -752,7 +955,7 @@ func (m *ImageDelete) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -780,7 +983,7 @@ func (m *ImageDelete) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -790,6 +993,9 @@ func (m *ImageDelete) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImage
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthImage
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -801,12 +1007,13 @@ func (m *ImageDelete) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImage
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -819,6 +1026,7 @@ func (m *ImageDelete) Unmarshal(dAtA []byte) error {
 func skipImage(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -850,10 +1058,8 @@ func skipImage(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -870,80 +1076,34 @@ func skipImage(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthImage
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowImage
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipImage(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupImage
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthImage
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthImage = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowImage   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthImage        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowImage          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupImage = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/events/image.proto", fileDescriptorImage)
-}
-
-var fileDescriptorImage = []byte{
-	// 292 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x32, 0x4f, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0xa7, 0x96, 0xa5, 0xe6, 0x95, 0x14, 0xeb, 0x67, 0xe6,
-	0x26, 0xa6, 0xa7, 0xea, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0xc9, 0x22, 0x94, 0xe8, 0x15, 0xa7,
-	0x16, 0x95, 0x65, 0x26, 0xa7, 0x16, 0xeb, 0x81, 0x15, 0x14, 0xeb, 0x95, 0x19, 0x4a, 0x39, 0x10,
-	0x34, 0x17, 0x6c, 0x4c, 0x52, 0x69, 0x9a, 0x7e, 0x41, 0x4e, 0x69, 0x7a, 0x66, 0x9e, 0x7e, 0x5a,
-	0x66, 0x6a, 0x4e, 0x4a, 0x41, 0x62, 0x49, 0x06, 0xc4, 0x02, 0xa5, 0x35, 0x8c, 0x5c, 0xdc, 0x9e,
-	0x20, 0xf3, 0x9c, 0x8b, 0x52, 0x13, 0x4b, 0x52, 0x85, 0x84, 0xb8, 0x58, 0xf2, 0x12, 0x73, 0x53,
-	0x25, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0xc0, 0x6c, 0x21, 0x3f, 0x2e, 0xb6, 0x9c, 0xc4, 0xa4,
-	0xd4, 0x9c, 0x62, 0x09, 0x26, 0x05, 0x66, 0x0d, 0x6e, 0x23, 0x33, 0x3d, 0xbc, 0xae, 0xd2, 0x43,
-	0x32, 0x4f, 0xcf, 0x07, 0xac, 0xd1, 0x35, 0xaf, 0xa4, 0xa8, 0x32, 0x08, 0x6a, 0x8a, 0x94, 0x25,
-	0x17, 0x37, 0x92, 0xb0, 0x90, 0x00, 0x17, 0x73, 0x76, 0x6a, 0x25, 0xd4, 0x46, 0x10, 0x53, 0x48,
-	0x84, 0x8b, 0xb5, 0x2c, 0x31, 0xa7, 0x34, 0x55, 0x82, 0x09, 0x2c, 0x06, 0xe1, 0x58, 0x31, 0x59,
-	0x30, 0x22, 0x9c, 0x1b, 0x5a, 0x90, 0x42, 0x55, 0xe7, 0x42, 0xcc, 0xa3, 0xb6, 0x73, 0x15, 0xa1,
-	0xae, 0x75, 0x49, 0xcd, 0x49, 0xc5, 0xee, 0x5a, 0xa7, 0x80, 0x13, 0x0f, 0xe5, 0x18, 0x6e, 0x3c,
-	0x94, 0x63, 0x68, 0x78, 0x24, 0xc7, 0x78, 0xe2, 0x91, 0x1c, 0xe3, 0x85, 0x47, 0x72, 0x8c, 0x0f,
-	0x1e, 0xc9, 0x31, 0x2e, 0xf8, 0x22, 0xc7, 0x18, 0x65, 0x44, 0x42, 0xc2, 0xb1, 0x86, 0x50, 0x11,
-	0x0c, 0x49, 0x6c, 0xe0, 0xb8, 0x35, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x41, 0x80, 0x92, 0x17,
-	0x77, 0x02, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/events/image.proto b/vendor/github.com/containerd/containerd/api/events/image.proto
index 470c3a2fa44a1..fe455b54cab22 100644
--- a/vendor/github.com/containerd/containerd/api/events/image.proto
+++ b/vendor/github.com/containerd/containerd/api/events/image.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.images.v1;
diff --git a/vendor/github.com/containerd/containerd/api/events/namespace.pb.go b/vendor/github.com/containerd/containerd/api/events/namespace.pb.go
index 1c81f9fc44cf9..d406a987e98d1 100644
--- a/vendor/github.com/containerd/containerd/api/events/namespace.pb.go
+++ b/vendor/github.com/containerd/containerd/api/events/namespace.pb.go
@@ -3,56 +3,182 @@
 
 package events
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-// skipping weak import containerd_plugin "github.com/containerd/containerd/protobuf/plugin"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type NamespaceCreate struct {
-	Name   string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Name                 string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
 }
 
-func (m *NamespaceCreate) Reset()                    { *m = NamespaceCreate{} }
-func (*NamespaceCreate) ProtoMessage()               {}
-func (*NamespaceCreate) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{0} }
+func (m *NamespaceCreate) Reset()      { *m = NamespaceCreate{} }
+func (*NamespaceCreate) ProtoMessage() {}
+func (*NamespaceCreate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6cd45d1d5adffe29, []int{0}
+}
+func (m *NamespaceCreate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NamespaceCreate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NamespaceCreate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NamespaceCreate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NamespaceCreate.Merge(m, src)
+}
+func (m *NamespaceCreate) XXX_Size() int {
+	return m.Size()
+}
+func (m *NamespaceCreate) XXX_DiscardUnknown() {
+	xxx_messageInfo_NamespaceCreate.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NamespaceCreate proto.InternalMessageInfo
 
 type NamespaceUpdate struct {
-	Name   string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Name                 string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *NamespaceUpdate) Reset()      { *m = NamespaceUpdate{} }
+func (*NamespaceUpdate) ProtoMessage() {}
+func (*NamespaceUpdate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6cd45d1d5adffe29, []int{1}
+}
+func (m *NamespaceUpdate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NamespaceUpdate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NamespaceUpdate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NamespaceUpdate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NamespaceUpdate.Merge(m, src)
+}
+func (m *NamespaceUpdate) XXX_Size() int {
+	return m.Size()
+}
+func (m *NamespaceUpdate) XXX_DiscardUnknown() {
+	xxx_messageInfo_NamespaceUpdate.DiscardUnknown(m)
 }
 
-func (m *NamespaceUpdate) Reset()                    { *m = NamespaceUpdate{} }
-func (*NamespaceUpdate) ProtoMessage()               {}
-func (*NamespaceUpdate) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{1} }
+var xxx_messageInfo_NamespaceUpdate proto.InternalMessageInfo
 
 type NamespaceDelete struct {
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *NamespaceDelete) Reset()                    { *m = NamespaceDelete{} }
-func (*NamespaceDelete) ProtoMessage()               {}
-func (*NamespaceDelete) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{2} }
+func (m *NamespaceDelete) Reset()      { *m = NamespaceDelete{} }
+func (*NamespaceDelete) ProtoMessage() {}
+func (*NamespaceDelete) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6cd45d1d5adffe29, []int{2}
+}
+func (m *NamespaceDelete) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NamespaceDelete) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NamespaceDelete.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NamespaceDelete) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NamespaceDelete.Merge(m, src)
+}
+func (m *NamespaceDelete) XXX_Size() int {
+	return m.Size()
+}
+func (m *NamespaceDelete) XXX_DiscardUnknown() {
+	xxx_messageInfo_NamespaceDelete.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NamespaceDelete proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*NamespaceCreate)(nil), "containerd.events.NamespaceCreate")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.events.NamespaceCreate.LabelsEntry")
 	proto.RegisterType((*NamespaceUpdate)(nil), "containerd.events.NamespaceUpdate")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.events.NamespaceUpdate.LabelsEntry")
 	proto.RegisterType((*NamespaceDelete)(nil), "containerd.events.NamespaceDelete")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/events/namespace.proto", fileDescriptor_6cd45d1d5adffe29)
+}
+
+var fileDescriptor_6cd45d1d5adffe29 = []byte{
+	// 296 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4e, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0xa7, 0x96, 0xa5, 0xe6, 0x95, 0x14, 0xeb, 0xe7, 0x25,
+	0xe6, 0xa6, 0x16, 0x17, 0x24, 0x26, 0xa7, 0xea, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x22,
+	0x94, 0xe9, 0x41, 0x94, 0x48, 0x89, 0xa4, 0xe7, 0xa7, 0xe7, 0x83, 0x65, 0xf5, 0x41, 0x2c, 0x88,
+	0x42, 0x29, 0x07, 0x82, 0xb6, 0x80, 0xd5, 0x25, 0x95, 0xa6, 0xe9, 0x17, 0xe4, 0x94, 0xa6, 0x67,
+	0xe6, 0xe9, 0xa7, 0x65, 0xa6, 0xe6, 0xa4, 0x14, 0x24, 0x96, 0x64, 0x40, 0x4c, 0x50, 0x5a, 0xc1,
+	0xc8, 0xc5, 0xef, 0x07, 0xb3, 0xde, 0xb9, 0x28, 0x35, 0xb1, 0x24, 0x55, 0x48, 0x88, 0x8b, 0x05,
+	0xe4, 0x22, 0x09, 0x46, 0x05, 0x46, 0x0d, 0xce, 0x20, 0x30, 0x5b, 0xc8, 0x8d, 0x8b, 0x2d, 0x27,
+	0x31, 0x29, 0x35, 0xa7, 0x58, 0x82, 0x49, 0x81, 0x59, 0x83, 0xdb, 0x48, 0x4f, 0x0f, 0xc3, 0x8d,
+	0x7a, 0x68, 0xe6, 0xe8, 0xf9, 0x80, 0x35, 0xb8, 0xe6, 0x95, 0x14, 0x55, 0x06, 0x41, 0x75, 0x4b,
+	0x59, 0x72, 0x71, 0x23, 0x09, 0x0b, 0x09, 0x70, 0x31, 0x67, 0xa7, 0x56, 0x42, 0x6d, 0x02, 0x31,
+	0x85, 0x44, 0xb8, 0x58, 0xcb, 0x12, 0x73, 0x4a, 0x53, 0x25, 0x98, 0xc0, 0x62, 0x10, 0x8e, 0x15,
+	0x93, 0x05, 0x23, 0xaa, 0x53, 0x43, 0x0b, 0x52, 0xa8, 0xe2, 0x54, 0x88, 0x39, 0xd4, 0x76, 0xaa,
+	0x2a, 0x92, 0x4b, 0x5d, 0x52, 0x73, 0x52, 0xb1, 0xbb, 0xd4, 0x29, 0xe0, 0xc4, 0x43, 0x39, 0x86,
+	0x1b, 0x0f, 0xe5, 0x18, 0x1a, 0x1e, 0xc9, 0x31, 0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c,
+	0xe3, 0x83, 0x47, 0x72, 0x8c, 0x0b, 0xbe, 0xc8, 0x31, 0x46, 0x19, 0x91, 0x90, 0x84, 0xac, 0x21,
+	0x54, 0x04, 0x43, 0x04, 0x63, 0x12, 0x1b, 0x38, 0x66, 0x8d, 0x01, 0x01, 0x00, 0x00, 0xff, 0xff,
+	0x00, 0x50, 0x87, 0x59, 0x83, 0x02, 0x00, 0x00,
+}
+
 // Field returns the value for the given fieldpath as a string, if defined.
 // If the value is not defined, the second value will be false.
 func (m *NamespaceCreate) Field(fieldpath []string) (string, bool) {
@@ -113,7 +239,7 @@ func (m *NamespaceDelete) Field(fieldpath []string) (string, bool) {
 func (m *NamespaceCreate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -121,40 +247,52 @@ func (m *NamespaceCreate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NamespaceCreate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NamespaceCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovNamespace(uint64(len(k))) + 1 + len(v) + sovNamespace(uint64(len(v)))
-			i = encodeVarintNamespace(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintNamespace(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintNamespace(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintNamespace(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintNamespace(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *NamespaceUpdate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -162,40 +300,52 @@ func (m *NamespaceUpdate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NamespaceUpdate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NamespaceUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovNamespace(uint64(len(k))) + 1 + len(v) + sovNamespace(uint64(len(v)))
-			i = encodeVarintNamespace(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintNamespace(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintNamespace(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintNamespace(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintNamespace(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *NamespaceDelete) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -203,29 +353,44 @@ func (m *NamespaceDelete) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NamespaceDelete) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NamespaceDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
 		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintNamespace(dAtA []byte, offset int, v uint64) int {
+	offset -= sovNamespace(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *NamespaceCreate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -240,10 +405,16 @@ func (m *NamespaceCreate) Size() (n int) {
 			n += mapEntrySize + 1 + sovNamespace(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *NamespaceUpdate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -258,28 +429,30 @@ func (m *NamespaceUpdate) Size() (n int) {
 			n += mapEntrySize + 1 + sovNamespace(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *NamespaceDelete) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
 	if l > 0 {
 		n += 1 + l + sovNamespace(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovNamespace(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozNamespace(x uint64) (n int) {
 	return sovNamespace(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -292,7 +465,7 @@ func (this *NamespaceCreate) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -301,6 +474,7 @@ func (this *NamespaceCreate) String() string {
 	s := strings.Join([]string{`&NamespaceCreate{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -313,7 +487,7 @@ func (this *NamespaceUpdate) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -322,6 +496,7 @@ func (this *NamespaceUpdate) String() string {
 	s := strings.Join([]string{`&NamespaceUpdate{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -332,6 +507,7 @@ func (this *NamespaceDelete) String() string {
 	}
 	s := strings.Join([]string{`&NamespaceDelete{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -359,7 +535,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -387,7 +563,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -397,6 +573,9 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -416,7 +595,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -425,6 +604,9 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -445,7 +627,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -462,7 +644,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -472,6 +654,9 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthNamespace
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthNamespace
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -488,7 +673,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -498,6 +683,9 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthNamespace
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthNamespace
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -509,7 +697,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthNamespace
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -526,12 +714,13 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -556,7 +745,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -584,7 +773,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -594,6 +783,9 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -613,7 +805,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -622,6 +814,9 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -642,7 +837,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -659,7 +854,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -669,6 +864,9 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthNamespace
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthNamespace
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -685,7 +883,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -695,6 +893,9 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthNamespace
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthNamespace
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -706,7 +907,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthNamespace
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -723,12 +924,13 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -753,7 +955,7 @@ func (m *NamespaceDelete) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -781,7 +983,7 @@ func (m *NamespaceDelete) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -791,6 +993,9 @@ func (m *NamespaceDelete) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -802,12 +1007,13 @@ func (m *NamespaceDelete) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -820,6 +1026,7 @@ func (m *NamespaceDelete) Unmarshal(dAtA []byte) error {
 func skipNamespace(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -851,10 +1058,8 @@ func skipNamespace(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -871,80 +1076,34 @@ func skipNamespace(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthNamespace
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowNamespace
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipNamespace(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupNamespace
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthNamespace
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthNamespace = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowNamespace   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthNamespace        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowNamespace          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupNamespace = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/events/namespace.proto", fileDescriptorNamespace)
-}
-
-var fileDescriptorNamespace = []byte{
-	// 296 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4e, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0xa7, 0x96, 0xa5, 0xe6, 0x95, 0x14, 0xeb, 0xe7, 0x25,
-	0xe6, 0xa6, 0x16, 0x17, 0x24, 0x26, 0xa7, 0xea, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x22,
-	0x94, 0xe9, 0x41, 0x94, 0x48, 0x89, 0xa4, 0xe7, 0xa7, 0xe7, 0x83, 0x65, 0xf5, 0x41, 0x2c, 0x88,
-	0x42, 0x29, 0x07, 0x82, 0xb6, 0x80, 0xd5, 0x25, 0x95, 0xa6, 0xe9, 0x17, 0xe4, 0x94, 0xa6, 0x67,
-	0xe6, 0xe9, 0xa7, 0x65, 0xa6, 0xe6, 0xa4, 0x14, 0x24, 0x96, 0x64, 0x40, 0x4c, 0x50, 0x5a, 0xc1,
-	0xc8, 0xc5, 0xef, 0x07, 0xb3, 0xde, 0xb9, 0x28, 0x35, 0xb1, 0x24, 0x55, 0x48, 0x88, 0x8b, 0x05,
-	0xe4, 0x22, 0x09, 0x46, 0x05, 0x46, 0x0d, 0xce, 0x20, 0x30, 0x5b, 0xc8, 0x8d, 0x8b, 0x2d, 0x27,
-	0x31, 0x29, 0x35, 0xa7, 0x58, 0x82, 0x49, 0x81, 0x59, 0x83, 0xdb, 0x48, 0x4f, 0x0f, 0xc3, 0x8d,
-	0x7a, 0x68, 0xe6, 0xe8, 0xf9, 0x80, 0x35, 0xb8, 0xe6, 0x95, 0x14, 0x55, 0x06, 0x41, 0x75, 0x4b,
-	0x59, 0x72, 0x71, 0x23, 0x09, 0x0b, 0x09, 0x70, 0x31, 0x67, 0xa7, 0x56, 0x42, 0x6d, 0x02, 0x31,
-	0x85, 0x44, 0xb8, 0x58, 0xcb, 0x12, 0x73, 0x4a, 0x53, 0x25, 0x98, 0xc0, 0x62, 0x10, 0x8e, 0x15,
-	0x93, 0x05, 0x23, 0xaa, 0x53, 0x43, 0x0b, 0x52, 0xa8, 0xe2, 0x54, 0x88, 0x39, 0xd4, 0x76, 0xaa,
-	0x2a, 0x92, 0x4b, 0x5d, 0x52, 0x73, 0x52, 0xb1, 0xbb, 0xd4, 0x29, 0xe0, 0xc4, 0x43, 0x39, 0x86,
-	0x1b, 0x0f, 0xe5, 0x18, 0x1a, 0x1e, 0xc9, 0x31, 0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c,
-	0xe3, 0x83, 0x47, 0x72, 0x8c, 0x0b, 0xbe, 0xc8, 0x31, 0x46, 0x19, 0x91, 0x90, 0x84, 0xac, 0x21,
-	0x54, 0x04, 0x43, 0x04, 0x63, 0x12, 0x1b, 0x38, 0x66, 0x8d, 0x01, 0x01, 0x00, 0x00, 0xff, 0xff,
-	0x00, 0x50, 0x87, 0x59, 0x83, 0x02, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/events/namespace.proto b/vendor/github.com/containerd/containerd/api/events/namespace.proto
index 45deae79a482c..53a8ee6306afd 100644
--- a/vendor/github.com/containerd/containerd/api/events/namespace.proto
+++ b/vendor/github.com/containerd/containerd/api/events/namespace.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.events;
diff --git a/vendor/github.com/containerd/containerd/api/events/snapshot.pb.go b/vendor/github.com/containerd/containerd/api/events/snapshot.pb.go
index e1f8f5c5886bc..bec25c3a7c991 100644
--- a/vendor/github.com/containerd/containerd/api/events/snapshot.pb.go
+++ b/vendor/github.com/containerd/containerd/api/events/snapshot.pb.go
@@ -3,47 +3,145 @@
 
 package events
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import containerd_plugin "github.com/containerd/containerd/protobuf/plugin"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type SnapshotPrepare struct {
-	Key    string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
-	Parent string `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
+	Key                  string   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	Parent               string   `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *SnapshotPrepare) Reset()      { *m = SnapshotPrepare{} }
+func (*SnapshotPrepare) ProtoMessage() {}
+func (*SnapshotPrepare) Descriptor() ([]byte, []int) {
+	return fileDescriptor_bd6c184d3d9aa5f2, []int{0}
+}
+func (m *SnapshotPrepare) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SnapshotPrepare) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SnapshotPrepare.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SnapshotPrepare) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SnapshotPrepare.Merge(m, src)
+}
+func (m *SnapshotPrepare) XXX_Size() int {
+	return m.Size()
+}
+func (m *SnapshotPrepare) XXX_DiscardUnknown() {
+	xxx_messageInfo_SnapshotPrepare.DiscardUnknown(m)
 }
 
-func (m *SnapshotPrepare) Reset()                    { *m = SnapshotPrepare{} }
-func (*SnapshotPrepare) ProtoMessage()               {}
-func (*SnapshotPrepare) Descriptor() ([]byte, []int) { return fileDescriptorSnapshot, []int{0} }
+var xxx_messageInfo_SnapshotPrepare proto.InternalMessageInfo
 
 type SnapshotCommit struct {
-	Key  string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
-	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Key                  string   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	Name                 string   `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *SnapshotCommit) Reset()      { *m = SnapshotCommit{} }
+func (*SnapshotCommit) ProtoMessage() {}
+func (*SnapshotCommit) Descriptor() ([]byte, []int) {
+	return fileDescriptor_bd6c184d3d9aa5f2, []int{1}
+}
+func (m *SnapshotCommit) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SnapshotCommit) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SnapshotCommit.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SnapshotCommit) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SnapshotCommit.Merge(m, src)
+}
+func (m *SnapshotCommit) XXX_Size() int {
+	return m.Size()
+}
+func (m *SnapshotCommit) XXX_DiscardUnknown() {
+	xxx_messageInfo_SnapshotCommit.DiscardUnknown(m)
 }
 
-func (m *SnapshotCommit) Reset()                    { *m = SnapshotCommit{} }
-func (*SnapshotCommit) ProtoMessage()               {}
-func (*SnapshotCommit) Descriptor() ([]byte, []int) { return fileDescriptorSnapshot, []int{1} }
+var xxx_messageInfo_SnapshotCommit proto.InternalMessageInfo
 
 type SnapshotRemove struct {
-	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	Key                  string   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *SnapshotRemove) Reset()      { *m = SnapshotRemove{} }
+func (*SnapshotRemove) ProtoMessage() {}
+func (*SnapshotRemove) Descriptor() ([]byte, []int) {
+	return fileDescriptor_bd6c184d3d9aa5f2, []int{2}
+}
+func (m *SnapshotRemove) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SnapshotRemove) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SnapshotRemove.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SnapshotRemove) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SnapshotRemove.Merge(m, src)
+}
+func (m *SnapshotRemove) XXX_Size() int {
+	return m.Size()
+}
+func (m *SnapshotRemove) XXX_DiscardUnknown() {
+	xxx_messageInfo_SnapshotRemove.DiscardUnknown(m)
 }
 
-func (m *SnapshotRemove) Reset()                    { *m = SnapshotRemove{} }
-func (*SnapshotRemove) ProtoMessage()               {}
-func (*SnapshotRemove) Descriptor() ([]byte, []int) { return fileDescriptorSnapshot, []int{2} }
+var xxx_messageInfo_SnapshotRemove proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*SnapshotPrepare)(nil), "containerd.events.SnapshotPrepare")
@@ -51,6 +149,29 @@ func init() {
 	proto.RegisterType((*SnapshotRemove)(nil), "containerd.events.SnapshotRemove")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/events/snapshot.proto", fileDescriptor_bd6c184d3d9aa5f2)
+}
+
+var fileDescriptor_bd6c184d3d9aa5f2 = []byte{
+	// 235 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4a, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0xa7, 0x96, 0xa5, 0xe6, 0x95, 0x14, 0xeb, 0x17, 0xe7,
+	0x25, 0x16, 0x14, 0x67, 0xe4, 0x97, 0xe8, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x22, 0x54,
+	0xe9, 0x41, 0x54, 0x48, 0x39, 0x10, 0x34, 0x0e, 0xac, 0x35, 0xa9, 0x34, 0x4d, 0xbf, 0x20, 0xa7,
+	0x34, 0x3d, 0x33, 0x4f, 0x3f, 0x2d, 0x33, 0x35, 0x27, 0xa5, 0x20, 0xb1, 0x24, 0x03, 0x62, 0xa8,
+	0x92, 0x35, 0x17, 0x7f, 0x30, 0xd4, 0x9a, 0x80, 0xa2, 0xd4, 0x82, 0xc4, 0xa2, 0x54, 0x21, 0x01,
+	0x2e, 0xe6, 0xec, 0xd4, 0x4a, 0x09, 0x46, 0x05, 0x46, 0x0d, 0xce, 0x20, 0x10, 0x53, 0x48, 0x8c,
+	0x8b, 0x0d, 0x24, 0x93, 0x57, 0x22, 0xc1, 0x04, 0x16, 0x84, 0xf2, 0x94, 0xcc, 0xb8, 0xf8, 0x60,
+	0x9a, 0x9d, 0xf3, 0x73, 0x73, 0x33, 0x4b, 0xb0, 0xe8, 0x15, 0xe2, 0x62, 0xc9, 0x4b, 0xcc, 0x4d,
+	0x85, 0xea, 0x04, 0xb3, 0x95, 0x94, 0x10, 0xfa, 0x82, 0x52, 0x73, 0xf3, 0xcb, 0xb0, 0xd8, 0xe9,
+	0x14, 0x70, 0xe2, 0xa1, 0x1c, 0xc3, 0x8d, 0x87, 0x72, 0x0c, 0x0d, 0x8f, 0xe4, 0x18, 0x4f, 0x3c,
+	0x92, 0x63, 0xbc, 0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x05, 0x5f, 0xe4, 0x18, 0xa3,
+	0x8c, 0x48, 0x08, 0x47, 0x6b, 0x08, 0x15, 0xc1, 0x90, 0xc4, 0x06, 0xf6, 0xb3, 0x31, 0x20, 0x00,
+	0x00, 0xff, 0xff, 0x69, 0x66, 0xa9, 0x2a, 0x86, 0x01, 0x00, 0x00,
+}
+
 // Field returns the value for the given fieldpath as a string, if defined.
 // If the value is not defined, the second value will be false.
 func (m *SnapshotPrepare) Field(fieldpath []string) (string, bool) {
@@ -99,7 +220,7 @@ func (m *SnapshotRemove) Field(fieldpath []string) (string, bool) {
 func (m *SnapshotPrepare) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -107,29 +228,40 @@ func (m *SnapshotPrepare) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SnapshotPrepare) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SnapshotPrepare) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Key) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshot(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Parent) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Parent)
+		copy(dAtA[i:], m.Parent)
 		i = encodeVarintSnapshot(dAtA, i, uint64(len(m.Parent)))
-		i += copy(dAtA[i:], m.Parent)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Key) > 0 {
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
+		i = encodeVarintSnapshot(dAtA, i, uint64(len(m.Key)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SnapshotCommit) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -137,29 +269,40 @@ func (m *SnapshotCommit) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SnapshotCommit) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SnapshotCommit) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Key) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshot(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Name) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
 		i = encodeVarintSnapshot(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Key) > 0 {
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
+		i = encodeVarintSnapshot(dAtA, i, uint64(len(m.Key)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SnapshotRemove) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -167,29 +310,44 @@ func (m *SnapshotRemove) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SnapshotRemove) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SnapshotRemove) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Key) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
 		i = encodeVarintSnapshot(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintSnapshot(dAtA []byte, offset int, v uint64) int {
+	offset -= sovSnapshot(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *SnapshotPrepare) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Key)
@@ -200,10 +358,16 @@ func (m *SnapshotPrepare) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovSnapshot(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *SnapshotCommit) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Key)
@@ -214,28 +378,30 @@ func (m *SnapshotCommit) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovSnapshot(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *SnapshotRemove) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Key)
 	if l > 0 {
 		n += 1 + l + sovSnapshot(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovSnapshot(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozSnapshot(x uint64) (n int) {
 	return sovSnapshot(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -247,6 +413,7 @@ func (this *SnapshotPrepare) String() string {
 	s := strings.Join([]string{`&SnapshotPrepare{`,
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
 		`Parent:` + fmt.Sprintf("%v", this.Parent) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -258,6 +425,7 @@ func (this *SnapshotCommit) String() string {
 	s := strings.Join([]string{`&SnapshotCommit{`,
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -268,6 +436,7 @@ func (this *SnapshotRemove) String() string {
 	}
 	s := strings.Join([]string{`&SnapshotRemove{`,
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -295,7 +464,7 @@ func (m *SnapshotPrepare) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -323,7 +492,7 @@ func (m *SnapshotPrepare) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -333,6 +502,9 @@ func (m *SnapshotPrepare) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -352,7 +524,7 @@ func (m *SnapshotPrepare) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -362,6 +534,9 @@ func (m *SnapshotPrepare) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -373,12 +548,13 @@ func (m *SnapshotPrepare) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshot
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -403,7 +579,7 @@ func (m *SnapshotCommit) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -431,7 +607,7 @@ func (m *SnapshotCommit) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -441,6 +617,9 @@ func (m *SnapshotCommit) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -460,7 +639,7 @@ func (m *SnapshotCommit) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -470,6 +649,9 @@ func (m *SnapshotCommit) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -481,12 +663,13 @@ func (m *SnapshotCommit) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshot
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -511,7 +694,7 @@ func (m *SnapshotRemove) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -539,7 +722,7 @@ func (m *SnapshotRemove) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -549,6 +732,9 @@ func (m *SnapshotRemove) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -560,12 +746,13 @@ func (m *SnapshotRemove) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshot
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -578,6 +765,7 @@ func (m *SnapshotRemove) Unmarshal(dAtA []byte) error {
 func skipSnapshot(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -609,10 +797,8 @@ func skipSnapshot(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -629,76 +815,34 @@ func skipSnapshot(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthSnapshot
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowSnapshot
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipSnapshot(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupSnapshot
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthSnapshot
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthSnapshot = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowSnapshot   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthSnapshot        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowSnapshot          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupSnapshot = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/events/snapshot.proto", fileDescriptorSnapshot)
-}
-
-var fileDescriptorSnapshot = []byte{
-	// 235 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4a, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0xa7, 0x96, 0xa5, 0xe6, 0x95, 0x14, 0xeb, 0x17, 0xe7,
-	0x25, 0x16, 0x14, 0x67, 0xe4, 0x97, 0xe8, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x22, 0x54,
-	0xe9, 0x41, 0x54, 0x48, 0x39, 0x10, 0x34, 0x0e, 0xac, 0x35, 0xa9, 0x34, 0x4d, 0xbf, 0x20, 0xa7,
-	0x34, 0x3d, 0x33, 0x4f, 0x3f, 0x2d, 0x33, 0x35, 0x27, 0xa5, 0x20, 0xb1, 0x24, 0x03, 0x62, 0xa8,
-	0x92, 0x35, 0x17, 0x7f, 0x30, 0xd4, 0x9a, 0x80, 0xa2, 0xd4, 0x82, 0xc4, 0xa2, 0x54, 0x21, 0x01,
-	0x2e, 0xe6, 0xec, 0xd4, 0x4a, 0x09, 0x46, 0x05, 0x46, 0x0d, 0xce, 0x20, 0x10, 0x53, 0x48, 0x8c,
-	0x8b, 0x0d, 0x24, 0x93, 0x57, 0x22, 0xc1, 0x04, 0x16, 0x84, 0xf2, 0x94, 0xcc, 0xb8, 0xf8, 0x60,
-	0x9a, 0x9d, 0xf3, 0x73, 0x73, 0x33, 0x4b, 0xb0, 0xe8, 0x15, 0xe2, 0x62, 0xc9, 0x4b, 0xcc, 0x4d,
-	0x85, 0xea, 0x04, 0xb3, 0x95, 0x94, 0x10, 0xfa, 0x82, 0x52, 0x73, 0xf3, 0xcb, 0xb0, 0xd8, 0xe9,
-	0x14, 0x70, 0xe2, 0xa1, 0x1c, 0xc3, 0x8d, 0x87, 0x72, 0x0c, 0x0d, 0x8f, 0xe4, 0x18, 0x4f, 0x3c,
-	0x92, 0x63, 0xbc, 0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x05, 0x5f, 0xe4, 0x18, 0xa3,
-	0x8c, 0x48, 0x08, 0x47, 0x6b, 0x08, 0x15, 0xc1, 0x90, 0xc4, 0x06, 0xf6, 0xb3, 0x31, 0x20, 0x00,
-	0x00, 0xff, 0xff, 0x69, 0x66, 0xa9, 0x2a, 0x86, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/events/snapshot.proto b/vendor/github.com/containerd/containerd/api/events/snapshot.proto
index 425eeec8e0e0d..eb1f06725c702 100644
--- a/vendor/github.com/containerd/containerd/api/events/snapshot.proto
+++ b/vendor/github.com/containerd/containerd/api/events/snapshot.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.events;
diff --git a/vendor/github.com/containerd/containerd/api/events/task.pb.go b/vendor/github.com/containerd/containerd/api/events/task.pb.go
index b0a6c2c242ddb..f8f3a3f3d3070 100644
--- a/vendor/github.com/containerd/containerd/api/events/task.pb.go
+++ b/vendor/github.com/containerd/containerd/api/events/task.pb.go
@@ -3,24 +3,19 @@
 
 package events
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/gogo/protobuf/types"
-import containerd_types "github.com/containerd/containerd/api/types"
-
-// skipping weak import containerd_plugin "github.com/containerd/containerd/protobuf/plugin"
-
-import time "time"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	types "github.com/containerd/containerd/api/types"
+	proto "github.com/gogo/protobuf/proto"
+	_ "github.com/gogo/protobuf/types"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -28,113 +23,463 @@ var _ = fmt.Errorf
 var _ = math.Inf
 var _ = time.Kitchen
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type TaskCreate struct {
-	ContainerID string                    `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	Bundle      string                    `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"`
-	Rootfs      []*containerd_types.Mount `protobuf:"bytes,3,rep,name=rootfs" json:"rootfs,omitempty"`
-	IO          *TaskIO                   `protobuf:"bytes,4,opt,name=io" json:"io,omitempty"`
-	Checkpoint  string                    `protobuf:"bytes,5,opt,name=checkpoint,proto3" json:"checkpoint,omitempty"`
-	Pid         uint32                    `protobuf:"varint,6,opt,name=pid,proto3" json:"pid,omitempty"`
+	ContainerID          string         `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	Bundle               string         `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"`
+	Rootfs               []*types.Mount `protobuf:"bytes,3,rep,name=rootfs,proto3" json:"rootfs,omitempty"`
+	IO                   *TaskIO        `protobuf:"bytes,4,opt,name=io,proto3" json:"io,omitempty"`
+	Checkpoint           string         `protobuf:"bytes,5,opt,name=checkpoint,proto3" json:"checkpoint,omitempty"`
+	Pid                  uint32         `protobuf:"varint,6,opt,name=pid,proto3" json:"pid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *TaskCreate) Reset()      { *m = TaskCreate{} }
+func (*TaskCreate) ProtoMessage() {}
+func (*TaskCreate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{0}
+}
+func (m *TaskCreate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskCreate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskCreate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskCreate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskCreate.Merge(m, src)
+}
+func (m *TaskCreate) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskCreate) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskCreate.DiscardUnknown(m)
 }
 
-func (m *TaskCreate) Reset()                    { *m = TaskCreate{} }
-func (*TaskCreate) ProtoMessage()               {}
-func (*TaskCreate) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{0} }
+var xxx_messageInfo_TaskCreate proto.InternalMessageInfo
 
 type TaskStart struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	Pid         uint32 `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	Pid                  uint32   `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskStart) Reset()      { *m = TaskStart{} }
+func (*TaskStart) ProtoMessage() {}
+func (*TaskStart) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{1}
+}
+func (m *TaskStart) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskStart) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskStart.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskStart) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskStart.Merge(m, src)
+}
+func (m *TaskStart) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskStart) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskStart.DiscardUnknown(m)
 }
 
-func (m *TaskStart) Reset()                    { *m = TaskStart{} }
-func (*TaskStart) ProtoMessage()               {}
-func (*TaskStart) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{1} }
+var xxx_messageInfo_TaskStart proto.InternalMessageInfo
 
 type TaskDelete struct {
 	ContainerID string    `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
 	Pid         uint32    `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
 	ExitStatus  uint32    `protobuf:"varint,3,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
-	ExitedAt    time.Time `protobuf:"bytes,4,opt,name=exited_at,json=exitedAt,stdtime" json:"exited_at"`
+	ExitedAt    time.Time `protobuf:"bytes,4,opt,name=exited_at,json=exitedAt,proto3,stdtime" json:"exited_at"`
+	// id is the specific exec. By default if omitted will be `""` thus matches
+	// the init exec of the task matching `container_id`.
+	ID                   string   `protobuf:"bytes,5,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskDelete) Reset()      { *m = TaskDelete{} }
+func (*TaskDelete) ProtoMessage() {}
+func (*TaskDelete) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{2}
+}
+func (m *TaskDelete) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskDelete) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskDelete.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskDelete) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskDelete.Merge(m, src)
+}
+func (m *TaskDelete) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskDelete) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskDelete.DiscardUnknown(m)
 }
 
-func (m *TaskDelete) Reset()                    { *m = TaskDelete{} }
-func (*TaskDelete) ProtoMessage()               {}
-func (*TaskDelete) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{2} }
+var xxx_messageInfo_TaskDelete proto.InternalMessageInfo
 
 type TaskIO struct {
-	Stdin    string `protobuf:"bytes,1,opt,name=stdin,proto3" json:"stdin,omitempty"`
-	Stdout   string `protobuf:"bytes,2,opt,name=stdout,proto3" json:"stdout,omitempty"`
-	Stderr   string `protobuf:"bytes,3,opt,name=stderr,proto3" json:"stderr,omitempty"`
-	Terminal bool   `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	Stdin                string   `protobuf:"bytes,1,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	Stdout               string   `protobuf:"bytes,2,opt,name=stdout,proto3" json:"stdout,omitempty"`
+	Stderr               string   `protobuf:"bytes,3,opt,name=stderr,proto3" json:"stderr,omitempty"`
+	Terminal             bool     `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskIO) Reset()      { *m = TaskIO{} }
+func (*TaskIO) ProtoMessage() {}
+func (*TaskIO) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{3}
+}
+func (m *TaskIO) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskIO) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskIO.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskIO) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskIO.Merge(m, src)
+}
+func (m *TaskIO) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskIO) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskIO.DiscardUnknown(m)
 }
 
-func (m *TaskIO) Reset()                    { *m = TaskIO{} }
-func (*TaskIO) ProtoMessage()               {}
-func (*TaskIO) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{3} }
+var xxx_messageInfo_TaskIO proto.InternalMessageInfo
 
 type TaskExit struct {
-	ContainerID string    `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ID          string    `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
-	Pid         uint32    `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
-	ExitStatus  uint32    `protobuf:"varint,4,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
-	ExitedAt    time.Time `protobuf:"bytes,5,opt,name=exited_at,json=exitedAt,stdtime" json:"exited_at"`
+	ContainerID          string    `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ID                   string    `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
+	Pid                  uint32    `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
+	ExitStatus           uint32    `protobuf:"varint,4,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
+	ExitedAt             time.Time `protobuf:"bytes,5,opt,name=exited_at,json=exitedAt,proto3,stdtime" json:"exited_at"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *TaskExit) Reset()      { *m = TaskExit{} }
+func (*TaskExit) ProtoMessage() {}
+func (*TaskExit) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{4}
+}
+func (m *TaskExit) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskExit) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskExit.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskExit) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskExit.Merge(m, src)
+}
+func (m *TaskExit) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskExit) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskExit.DiscardUnknown(m)
 }
 
-func (m *TaskExit) Reset()                    { *m = TaskExit{} }
-func (*TaskExit) ProtoMessage()               {}
-func (*TaskExit) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{4} }
+var xxx_messageInfo_TaskExit proto.InternalMessageInfo
 
 type TaskOOM struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskOOM) Reset()      { *m = TaskOOM{} }
+func (*TaskOOM) ProtoMessage() {}
+func (*TaskOOM) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{5}
+}
+func (m *TaskOOM) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskOOM) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskOOM.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskOOM) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskOOM.Merge(m, src)
+}
+func (m *TaskOOM) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskOOM) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskOOM.DiscardUnknown(m)
 }
 
-func (m *TaskOOM) Reset()                    { *m = TaskOOM{} }
-func (*TaskOOM) ProtoMessage()               {}
-func (*TaskOOM) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{5} }
+var xxx_messageInfo_TaskOOM proto.InternalMessageInfo
 
 type TaskExecAdded struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskExecAdded) Reset()      { *m = TaskExecAdded{} }
+func (*TaskExecAdded) ProtoMessage() {}
+func (*TaskExecAdded) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{6}
+}
+func (m *TaskExecAdded) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskExecAdded) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskExecAdded.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskExecAdded) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskExecAdded.Merge(m, src)
+}
+func (m *TaskExecAdded) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskExecAdded) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskExecAdded.DiscardUnknown(m)
 }
 
-func (m *TaskExecAdded) Reset()                    { *m = TaskExecAdded{} }
-func (*TaskExecAdded) ProtoMessage()               {}
-func (*TaskExecAdded) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{6} }
+var xxx_messageInfo_TaskExecAdded proto.InternalMessageInfo
 
 type TaskExecStarted struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
-	Pid         uint32 `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	Pid                  uint32   `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskExecStarted) Reset()      { *m = TaskExecStarted{} }
+func (*TaskExecStarted) ProtoMessage() {}
+func (*TaskExecStarted) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{7}
+}
+func (m *TaskExecStarted) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskExecStarted) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskExecStarted.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskExecStarted) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskExecStarted.Merge(m, src)
+}
+func (m *TaskExecStarted) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskExecStarted) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskExecStarted.DiscardUnknown(m)
 }
 
-func (m *TaskExecStarted) Reset()                    { *m = TaskExecStarted{} }
-func (*TaskExecStarted) ProtoMessage()               {}
-func (*TaskExecStarted) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{7} }
+var xxx_messageInfo_TaskExecStarted proto.InternalMessageInfo
 
 type TaskPaused struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskPaused) Reset()      { *m = TaskPaused{} }
+func (*TaskPaused) ProtoMessage() {}
+func (*TaskPaused) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{8}
+}
+func (m *TaskPaused) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskPaused) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskPaused.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskPaused) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskPaused.Merge(m, src)
+}
+func (m *TaskPaused) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskPaused) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskPaused.DiscardUnknown(m)
 }
 
-func (m *TaskPaused) Reset()                    { *m = TaskPaused{} }
-func (*TaskPaused) ProtoMessage()               {}
-func (*TaskPaused) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{8} }
+var xxx_messageInfo_TaskPaused proto.InternalMessageInfo
 
 type TaskResumed struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskResumed) Reset()      { *m = TaskResumed{} }
+func (*TaskResumed) ProtoMessage() {}
+func (*TaskResumed) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{9}
+}
+func (m *TaskResumed) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskResumed) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskResumed.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskResumed) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskResumed.Merge(m, src)
+}
+func (m *TaskResumed) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskResumed) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskResumed.DiscardUnknown(m)
 }
 
-func (m *TaskResumed) Reset()                    { *m = TaskResumed{} }
-func (*TaskResumed) ProtoMessage()               {}
-func (*TaskResumed) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{9} }
+var xxx_messageInfo_TaskResumed proto.InternalMessageInfo
 
 type TaskCheckpointed struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	Checkpoint  string `protobuf:"bytes,2,opt,name=checkpoint,proto3" json:"checkpoint,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	Checkpoint           string   `protobuf:"bytes,2,opt,name=checkpoint,proto3" json:"checkpoint,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TaskCheckpointed) Reset()      { *m = TaskCheckpointed{} }
+func (*TaskCheckpointed) ProtoMessage() {}
+func (*TaskCheckpointed) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8db0813f7adfb63c, []int{10}
+}
+func (m *TaskCheckpointed) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskCheckpointed) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskCheckpointed.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskCheckpointed) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskCheckpointed.Merge(m, src)
+}
+func (m *TaskCheckpointed) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskCheckpointed) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskCheckpointed.DiscardUnknown(m)
 }
 
-func (m *TaskCheckpointed) Reset()                    { *m = TaskCheckpointed{} }
-func (*TaskCheckpointed) ProtoMessage()               {}
-func (*TaskCheckpointed) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{10} }
+var xxx_messageInfo_TaskCheckpointed proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*TaskCreate)(nil), "containerd.events.TaskCreate")
@@ -150,6 +495,55 @@ func init() {
 	proto.RegisterType((*TaskCheckpointed)(nil), "containerd.events.TaskCheckpointed")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/events/task.proto", fileDescriptor_8db0813f7adfb63c)
+}
+
+var fileDescriptor_8db0813f7adfb63c = []byte{
+	// 644 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x95, 0xcd, 0x6e, 0xd3, 0x40,
+	0x10, 0xc7, 0x63, 0xa7, 0x75, 0xd3, 0x09, 0x55, 0x8b, 0x55, 0x95, 0x90, 0x83, 0x1d, 0x99, 0x4b,
+	0x4e, 0xb6, 0x08, 0x12, 0x17, 0x84, 0xd4, 0xa4, 0xe1, 0x90, 0x43, 0x95, 0xe2, 0xf6, 0x50, 0x71,
+	0x89, 0x36, 0xd9, 0x4d, 0xb2, 0x34, 0xf1, 0x5a, 0xf6, 0x18, 0x15, 0x89, 0x03, 0x8f, 0xc0, 0x23,
+	0xf0, 0x38, 0x3d, 0x20, 0xc4, 0x91, 0x53, 0xa0, 0x7e, 0x00, 0x4e, 0x3c, 0x00, 0x5a, 0xaf, 0x93,
+	0xb6, 0x54, 0x7c, 0x59, 0xe2, 0x94, 0x9d, 0xd9, 0xd9, 0xff, 0xec, 0xfc, 0x76, 0x3c, 0x81, 0xc7,
+	0x13, 0x8e, 0xd3, 0x64, 0xe8, 0x8e, 0xc4, 0xdc, 0x1b, 0x89, 0x00, 0x09, 0x0f, 0x58, 0x44, 0xaf,
+	0x2f, 0x49, 0xc8, 0x3d, 0xf6, 0x8a, 0x05, 0x18, 0x7b, 0x48, 0xe2, 0x33, 0x37, 0x8c, 0x04, 0x0a,
+	0xf3, 0xee, 0x55, 0x84, 0xab, 0x76, 0xeb, 0xbb, 0x13, 0x31, 0x11, 0xd9, 0xae, 0x27, 0x57, 0x2a,
+	0xb0, 0x6e, 0x4f, 0x84, 0x98, 0xcc, 0x98, 0x97, 0x59, 0xc3, 0x64, 0xec, 0x21, 0x9f, 0xb3, 0x18,
+	0xc9, 0x3c, 0xcc, 0x03, 0xfe, 0xee, 0x06, 0xf8, 0x3a, 0x64, 0xb1, 0x37, 0x17, 0x49, 0x80, 0xf9,
+	0xb9, 0xfd, 0x3f, 0x9e, 0x5b, 0xa5, 0x0c, 0x67, 0xc9, 0x84, 0x07, 0xde, 0x98, 0xb3, 0x19, 0x0d,
+	0x09, 0x4e, 0x95, 0x82, 0xf3, 0x4d, 0x03, 0x38, 0x21, 0xf1, 0xd9, 0x41, 0xc4, 0x08, 0x32, 0xb3,
+	0x05, 0x77, 0x56, 0x87, 0x07, 0x9c, 0xd6, 0xb4, 0x86, 0xd6, 0xdc, 0xec, 0x6c, 0xa7, 0x0b, 0xbb,
+	0x7a, 0xb0, 0xf4, 0xf7, 0xba, 0x7e, 0x75, 0x15, 0xd4, 0xa3, 0xe6, 0x1e, 0x18, 0xc3, 0x24, 0xa0,
+	0x33, 0x56, 0xd3, 0x65, 0xb4, 0x9f, 0x5b, 0xa6, 0x07, 0x46, 0x24, 0x04, 0x8e, 0xe3, 0x5a, 0xb9,
+	0x51, 0x6e, 0x56, 0x5b, 0xf7, 0xdc, 0x6b, 0xbc, 0xb2, 0x5a, 0xdc, 0x43, 0x59, 0x8b, 0x9f, 0x87,
+	0x99, 0x0f, 0x41, 0xe7, 0xa2, 0xb6, 0xd6, 0xd0, 0x9a, 0xd5, 0xd6, 0x7d, 0xf7, 0x16, 0x5c, 0x57,
+	0xde, 0xb3, 0xd7, 0xef, 0x18, 0xe9, 0xc2, 0xd6, 0x7b, 0x7d, 0x5f, 0xe7, 0xc2, 0xb4, 0x00, 0x46,
+	0x53, 0x36, 0x3a, 0x0b, 0x05, 0x0f, 0xb0, 0xb6, 0x9e, 0xe5, 0xbf, 0xe6, 0x31, 0x77, 0xa0, 0x1c,
+	0x72, 0x5a, 0x33, 0x1a, 0x5a, 0x73, 0xcb, 0x97, 0x4b, 0xe7, 0x39, 0x6c, 0x4a, 0x9d, 0x63, 0x24,
+	0x11, 0x16, 0x2a, 0x37, 0x97, 0xd4, 0xaf, 0x24, 0x3f, 0xe6, 0x0c, 0xbb, 0x6c, 0xc6, 0x0a, 0x32,
+	0xbc, 0x25, 0x6a, 0xda, 0x50, 0x65, 0xe7, 0x1c, 0x07, 0x31, 0x12, 0x4c, 0x24, 0x42, 0xb9, 0x03,
+	0xd2, 0x75, 0x9c, 0x79, 0xcc, 0x36, 0x6c, 0x4a, 0x8b, 0xd1, 0x01, 0xc1, 0x1c, 0x5a, 0xdd, 0x55,
+	0x8d, 0xe6, 0x2e, 0x5f, 0xdd, 0x3d, 0x59, 0x36, 0x5a, 0xa7, 0x72, 0xb1, 0xb0, 0x4b, 0xef, 0xbe,
+	0xd8, 0x9a, 0x5f, 0x51, 0xc7, 0xda, 0x68, 0xee, 0x81, 0xce, 0xa9, 0xa2, 0x96, 0x53, 0xed, 0xfa,
+	0x3a, 0xa7, 0xce, 0x4b, 0x30, 0x14, 0x6b, 0x73, 0x17, 0xd6, 0x63, 0xa4, 0x3c, 0x50, 0x45, 0xf8,
+	0xca, 0x90, 0x2f, 0x1e, 0x23, 0x15, 0x09, 0x2e, 0x5f, 0x5c, 0x59, 0xb9, 0x9f, 0x45, 0x51, 0x76,
+	0x5d, 0xe5, 0x67, 0x51, 0x64, 0xd6, 0xa1, 0x82, 0x2c, 0x9a, 0xf3, 0x80, 0xcc, 0xb2, 0x9b, 0x56,
+	0xfc, 0x95, 0xed, 0x7c, 0xd0, 0xa0, 0x22, 0x93, 0x3d, 0x3b, 0xe7, 0x58, 0xb0, 0xfd, 0xf4, 0x9c,
+	0xdc, 0x8d, 0x22, 0x96, 0x48, 0xcb, 0xbf, 0x44, 0xba, 0xf6, 0x7b, 0xa4, 0xeb, 0x45, 0x90, 0x3a,
+	0x4f, 0x61, 0x43, 0x56, 0xd3, 0xef, 0x1f, 0x16, 0x29, 0xc6, 0x99, 0xc2, 0x96, 0x82, 0xc1, 0x46,
+	0x6d, 0x4a, 0x19, 0x2d, 0x44, 0xe4, 0x01, 0x6c, 0xb0, 0x73, 0x36, 0x1a, 0xac, 0xb0, 0x40, 0xba,
+	0xb0, 0x0d, 0xa9, 0xd9, 0xeb, 0xfa, 0x86, 0xdc, 0xea, 0x51, 0xe7, 0x0d, 0x6c, 0x2f, 0x33, 0x65,
+	0xdf, 0xc2, 0x7f, 0xcc, 0x75, 0xfb, 0x29, 0x9c, 0x7d, 0xf5, 0xc5, 0x1c, 0x91, 0x24, 0x2e, 0x96,
+	0xd8, 0x69, 0x43, 0x55, 0x2a, 0xf8, 0x2c, 0x4e, 0xe6, 0x05, 0x25, 0xc6, 0xb0, 0x93, 0x8d, 0xbe,
+	0xd5, 0xb8, 0x28, 0xc8, 0xe0, 0xe6, 0x10, 0xd2, 0x7f, 0x1e, 0x42, 0x9d, 0xa3, 0x8b, 0x4b, 0xab,
+	0xf4, 0xf9, 0xd2, 0x2a, 0xbd, 0x4d, 0x2d, 0xed, 0x22, 0xb5, 0xb4, 0x4f, 0xa9, 0xa5, 0x7d, 0x4d,
+	0x2d, 0xed, 0xfd, 0x77, 0x4b, 0x7b, 0xd1, 0xfa, 0x87, 0x7f, 0x9f, 0x27, 0xea, 0xe7, 0xb4, 0x74,
+	0x5a, 0x1e, 0x1a, 0x59, 0x47, 0x3e, 0xfa, 0x11, 0x00, 0x00, 0xff, 0xff, 0xc5, 0x58, 0x0f, 0xec,
+	0xbe, 0x06, 0x00, 0x00,
+}
+
 // Field returns the value for the given fieldpath as a string, if defined.
 // If the value is not defined, the second value will be false.
 func (m *TaskCreate) Field(fieldpath []string) (string, bool) {
@@ -210,6 +604,8 @@ func (m *TaskDelete) Field(fieldpath []string) (string, bool) {
 	// unhandled: exited_at
 	case "container_id":
 		return string(m.ContainerID), len(m.ContainerID) > 0
+	case "id":
+		return string(m.ID), len(m.ID) > 0
 	}
 	return "", false
 }
@@ -346,7 +742,7 @@ func (m *TaskCheckpointed) Field(fieldpath []string) (string, bool) {
 func (m *TaskCreate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -354,62 +750,78 @@ func (m *TaskCreate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskCreate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Bundle) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.Bundle)))
-		i += copy(dAtA[i:], m.Bundle)
+	if m.Pid != 0 {
+		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x30
 	}
-	if len(m.Rootfs) > 0 {
-		for _, msg := range m.Rootfs {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintTask(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if len(m.Checkpoint) > 0 {
+		i -= len(m.Checkpoint)
+		copy(dAtA[i:], m.Checkpoint)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.Checkpoint)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if m.IO != nil {
+		{
+			size, err := m.IO.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintTask(dAtA, i, uint64(size))
 		}
-	}
-	if m.IO != nil {
+		i--
 		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.IO.Size()))
-		n1, err := m.IO.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	if len(m.Rootfs) > 0 {
+		for iNdEx := len(m.Rootfs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Rootfs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTask(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
 		}
-		i += n1
 	}
-	if len(m.Checkpoint) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.Checkpoint)))
-		i += copy(dAtA[i:], m.Checkpoint)
+	if len(m.Bundle) > 0 {
+		i -= len(m.Bundle)
+		copy(dAtA[i:], m.Bundle)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.Bundle)))
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Pid != 0 {
-		dAtA[i] = 0x30
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskStart) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -417,28 +829,38 @@ func (m *TaskStart) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskStart) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskStart) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Pid != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x10
 	}
-	return i, nil
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskDelete) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -446,41 +868,58 @@ func (m *TaskDelete) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskDelete) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.Pid != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0x2a
 	}
+	n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExitedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt):])
+	if err2 != nil {
+		return 0, err2
+	}
+	i -= n2
+	i = encodeVarintTask(dAtA, i, uint64(n2))
+	i--
+	dAtA[i] = 0x22
 	if m.ExitStatus != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintTask(dAtA, i, uint64(m.ExitStatus))
+		i--
+		dAtA[i] = 0x18
 	}
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintTask(dAtA, i, uint64(types.SizeOfStdTime(m.ExitedAt)))
-	n2, err := types.StdTimeMarshalTo(m.ExitedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Pid != 0 {
+		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x10
 	}
-	i += n2
-	return i, nil
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskIO) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -488,45 +927,57 @@ func (m *TaskIO) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskIO) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskIO) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Stdin) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.Stdin)))
-		i += copy(dAtA[i:], m.Stdin)
-	}
-	if len(m.Stdout) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.Stdout)))
-		i += copy(dAtA[i:], m.Stdout)
-	}
-	if len(m.Stderr) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.Stderr)))
-		i += copy(dAtA[i:], m.Stderr)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Terminal {
-		dAtA[i] = 0x20
-		i++
+		i--
 		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
+	}
+	if len(m.Stderr) > 0 {
+		i -= len(m.Stderr)
+		copy(dAtA[i:], m.Stderr)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.Stderr)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Stdout) > 0 {
+		i -= len(m.Stdout)
+		copy(dAtA[i:], m.Stdout)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.Stdout)))
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Stdin) > 0 {
+		i -= len(m.Stdin)
+		copy(dAtA[i:], m.Stdin)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.Stdin)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskExit) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -534,47 +985,58 @@ func (m *TaskExit) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskExit) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskExit) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.ID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	n3, err3 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExitedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt):])
+	if err3 != nil {
+		return 0, err3
+	}
+	i -= n3
+	i = encodeVarintTask(dAtA, i, uint64(n3))
+	i--
+	dAtA[i] = 0x2a
+	if m.ExitStatus != 0 {
+		i = encodeVarintTask(dAtA, i, uint64(m.ExitStatus))
+		i--
+		dAtA[i] = 0x20
 	}
 	if m.Pid != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.ExitStatus != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.ExitStatus))
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0x12
 	}
-	dAtA[i] = 0x2a
-	i++
-	i = encodeVarintTask(dAtA, i, uint64(types.SizeOfStdTime(m.ExitedAt)))
-	n3, err := types.StdTimeMarshalTo(m.ExitedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	i += n3
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskOOM) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -582,23 +1044,33 @@ func (m *TaskOOM) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskOOM) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskOOM) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskExecAdded) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -606,29 +1078,40 @@ func (m *TaskExecAdded) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskExecAdded) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskExecAdded) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
 		i = encodeVarintTask(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskExecStarted) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -636,34 +1119,45 @@ func (m *TaskExecStarted) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskExecStarted) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskExecStarted) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Pid != 0 {
+		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x18
 	}
 	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
 		i = encodeVarintTask(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Pid != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskPaused) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -671,23 +1165,33 @@ func (m *TaskPaused) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskPaused) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskPaused) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskResumed) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -695,23 +1199,33 @@ func (m *TaskResumed) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskResumed) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskResumed) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskCheckpointed) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -719,35 +1233,51 @@ func (m *TaskCheckpointed) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskCheckpointed) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskCheckpointed) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Checkpoint) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Checkpoint)
+		copy(dAtA[i:], m.Checkpoint)
 		i = encodeVarintTask(dAtA, i, uint64(len(m.Checkpoint)))
-		i += copy(dAtA[i:], m.Checkpoint)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintTask(dAtA []byte, offset int, v uint64) int {
+	offset -= sovTask(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *TaskCreate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -775,10 +1305,16 @@ func (m *TaskCreate) Size() (n int) {
 	if m.Pid != 0 {
 		n += 1 + sovTask(uint64(m.Pid))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskStart) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -788,10 +1324,16 @@ func (m *TaskStart) Size() (n int) {
 	if m.Pid != 0 {
 		n += 1 + sovTask(uint64(m.Pid))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskDelete) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -804,12 +1346,22 @@ func (m *TaskDelete) Size() (n int) {
 	if m.ExitStatus != 0 {
 		n += 1 + sovTask(uint64(m.ExitStatus))
 	}
-	l = types.SizeOfStdTime(m.ExitedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt)
 	n += 1 + l + sovTask(uint64(l))
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovTask(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskIO) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Stdin)
@@ -827,10 +1379,16 @@ func (m *TaskIO) Size() (n int) {
 	if m.Terminal {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskExit) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -847,22 +1405,34 @@ func (m *TaskExit) Size() (n int) {
 	if m.ExitStatus != 0 {
 		n += 1 + sovTask(uint64(m.ExitStatus))
 	}
-	l = types.SizeOfStdTime(m.ExitedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt)
 	n += 1 + l + sovTask(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskOOM) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
 	if l > 0 {
 		n += 1 + l + sovTask(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskExecAdded) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -873,10 +1443,16 @@ func (m *TaskExecAdded) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovTask(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskExecStarted) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -890,30 +1466,48 @@ func (m *TaskExecStarted) Size() (n int) {
 	if m.Pid != 0 {
 		n += 1 + sovTask(uint64(m.Pid))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskPaused) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
 	if l > 0 {
 		n += 1 + l + sovTask(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskResumed) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
 	if l > 0 {
 		n += 1 + l + sovTask(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *TaskCheckpointed) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -924,18 +1518,14 @@ func (m *TaskCheckpointed) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovTask(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovTask(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozTask(x uint64) (n int) {
 	return sovTask(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -944,13 +1534,19 @@ func (this *TaskCreate) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForRootfs := "[]*Mount{"
+	for _, f := range this.Rootfs {
+		repeatedStringForRootfs += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForRootfs += "}"
 	s := strings.Join([]string{`&TaskCreate{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`Bundle:` + fmt.Sprintf("%v", this.Bundle) + `,`,
-		`Rootfs:` + strings.Replace(fmt.Sprintf("%v", this.Rootfs), "Mount", "containerd_types.Mount", 1) + `,`,
-		`IO:` + strings.Replace(fmt.Sprintf("%v", this.IO), "TaskIO", "TaskIO", 1) + `,`,
+		`Rootfs:` + repeatedStringForRootfs + `,`,
+		`IO:` + strings.Replace(this.IO.String(), "TaskIO", "TaskIO", 1) + `,`,
 		`Checkpoint:` + fmt.Sprintf("%v", this.Checkpoint) + `,`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -962,6 +1558,7 @@ func (this *TaskStart) String() string {
 	s := strings.Join([]string{`&TaskStart{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -974,7 +1571,9 @@ func (this *TaskDelete) String() string {
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
 		`ExitStatus:` + fmt.Sprintf("%v", this.ExitStatus) + `,`,
-		`ExitedAt:` + strings.Replace(strings.Replace(this.ExitedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ExitedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExitedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -988,6 +1587,7 @@ func (this *TaskIO) String() string {
 		`Stdout:` + fmt.Sprintf("%v", this.Stdout) + `,`,
 		`Stderr:` + fmt.Sprintf("%v", this.Stderr) + `,`,
 		`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1001,7 +1601,8 @@ func (this *TaskExit) String() string {
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
 		`ExitStatus:` + fmt.Sprintf("%v", this.ExitStatus) + `,`,
-		`ExitedAt:` + strings.Replace(strings.Replace(this.ExitedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ExitedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExitedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1012,6 +1613,7 @@ func (this *TaskOOM) String() string {
 	}
 	s := strings.Join([]string{`&TaskOOM{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1023,6 +1625,7 @@ func (this *TaskExecAdded) String() string {
 	s := strings.Join([]string{`&TaskExecAdded{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1035,6 +1638,7 @@ func (this *TaskExecStarted) String() string {
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1045,6 +1649,7 @@ func (this *TaskPaused) String() string {
 	}
 	s := strings.Join([]string{`&TaskPaused{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1055,6 +1660,7 @@ func (this *TaskResumed) String() string {
 	}
 	s := strings.Join([]string{`&TaskResumed{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1066,6 +1672,7 @@ func (this *TaskCheckpointed) String() string {
 	s := strings.Join([]string{`&TaskCheckpointed{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`Checkpoint:` + fmt.Sprintf("%v", this.Checkpoint) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1093,7 +1700,7 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1121,7 +1728,7 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1131,6 +1738,9 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1150,7 +1760,7 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1160,6 +1770,9 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1179,7 +1792,7 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1188,10 +1801,13 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Rootfs = append(m.Rootfs, &containerd_types.Mount{})
+			m.Rootfs = append(m.Rootfs, &types.Mount{})
 			if err := m.Rootfs[len(m.Rootfs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -1210,7 +1826,7 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1219,6 +1835,9 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1243,7 +1862,7 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1253,6 +1872,9 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1272,7 +1894,7 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1283,12 +1905,13 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1313,7 +1936,7 @@ func (m *TaskStart) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1341,7 +1964,7 @@ func (m *TaskStart) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1351,6 +1974,9 @@ func (m *TaskStart) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1370,7 +1996,7 @@ func (m *TaskStart) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1381,12 +2007,13 @@ func (m *TaskStart) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1411,7 +2038,7 @@ func (m *TaskDelete) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1439,7 +2066,7 @@ func (m *TaskDelete) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1449,6 +2076,9 @@ func (m *TaskDelete) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1468,7 +2098,7 @@ func (m *TaskDelete) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1487,7 +2117,7 @@ func (m *TaskDelete) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitStatus |= (uint32(b) & 0x7F) << shift
+				m.ExitStatus |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1506,7 +2136,7 @@ func (m *TaskDelete) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1515,25 +2145,61 @@ func (m *TaskDelete) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTask
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthTask
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTask(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1558,7 +2224,7 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1586,7 +2252,7 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1596,6 +2262,9 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1615,7 +2284,7 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1625,6 +2294,9 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1644,7 +2316,7 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1654,6 +2326,9 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1673,7 +2348,7 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1685,12 +2360,13 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1715,7 +2391,7 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1743,7 +2419,7 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1753,6 +2429,9 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1772,7 +2451,7 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1782,6 +2461,9 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1801,7 +2483,7 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1820,7 +2502,7 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitStatus |= (uint32(b) & 0x7F) << shift
+				m.ExitStatus |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1839,7 +2521,7 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1848,10 +2530,13 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -1861,12 +2546,13 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1891,7 +2577,7 @@ func (m *TaskOOM) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1919,7 +2605,7 @@ func (m *TaskOOM) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1929,6 +2615,9 @@ func (m *TaskOOM) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1940,12 +2629,13 @@ func (m *TaskOOM) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1970,7 +2660,7 @@ func (m *TaskExecAdded) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1998,7 +2688,7 @@ func (m *TaskExecAdded) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2008,6 +2698,9 @@ func (m *TaskExecAdded) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2027,7 +2720,7 @@ func (m *TaskExecAdded) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2037,6 +2730,9 @@ func (m *TaskExecAdded) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2048,12 +2744,13 @@ func (m *TaskExecAdded) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2078,7 +2775,7 @@ func (m *TaskExecStarted) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2106,7 +2803,7 @@ func (m *TaskExecStarted) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2116,6 +2813,9 @@ func (m *TaskExecStarted) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2135,7 +2835,7 @@ func (m *TaskExecStarted) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2145,6 +2845,9 @@ func (m *TaskExecStarted) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2164,7 +2867,7 @@ func (m *TaskExecStarted) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2175,12 +2878,13 @@ func (m *TaskExecStarted) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2205,7 +2909,7 @@ func (m *TaskPaused) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2233,7 +2937,7 @@ func (m *TaskPaused) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2243,6 +2947,9 @@ func (m *TaskPaused) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2254,12 +2961,13 @@ func (m *TaskPaused) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2284,7 +2992,7 @@ func (m *TaskResumed) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2312,7 +3020,7 @@ func (m *TaskResumed) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2322,6 +3030,9 @@ func (m *TaskResumed) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2333,12 +3044,13 @@ func (m *TaskResumed) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2363,7 +3075,7 @@ func (m *TaskCheckpointed) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2391,7 +3103,7 @@ func (m *TaskCheckpointed) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2401,6 +3113,9 @@ func (m *TaskCheckpointed) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2420,7 +3135,7 @@ func (m *TaskCheckpointed) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2430,6 +3145,9 @@ func (m *TaskCheckpointed) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2441,12 +3159,13 @@ func (m *TaskCheckpointed) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2459,6 +3178,7 @@ func (m *TaskCheckpointed) Unmarshal(dAtA []byte) error {
 func skipTask(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -2490,10 +3210,8 @@ func skipTask(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -2510,101 +3228,34 @@ func skipTask(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthTask
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowTask
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipTask(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupTask
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthTask
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthTask = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowTask   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthTask        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowTask          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupTask = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/events/task.proto", fileDescriptorTask)
-}
-
-var fileDescriptorTask = []byte{
-	// 637 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x95, 0xcd, 0x6e, 0xd3, 0x40,
-	0x10, 0xc7, 0x63, 0xa7, 0x75, 0x93, 0x09, 0x55, 0x8b, 0x55, 0x41, 0xc8, 0xc1, 0x8e, 0xcc, 0x25,
-	0x27, 0x5b, 0x04, 0x89, 0x0b, 0x42, 0x6a, 0xd2, 0x70, 0xc8, 0xa1, 0x4a, 0x71, 0x7b, 0xa8, 0xb8,
-	0x44, 0x4e, 0x76, 0x93, 0x2c, 0x8d, 0xbd, 0x96, 0x3d, 0x46, 0x45, 0xe2, 0xc0, 0x23, 0xf0, 0x08,
-	0x3c, 0x05, 0xcf, 0xd0, 0x03, 0x07, 0x8e, 0x9c, 0x02, 0xf5, 0x03, 0x70, 0xe2, 0x01, 0xd0, 0x7a,
-	0x1d, 0xb7, 0x50, 0xf1, 0x65, 0x89, 0x53, 0x76, 0x66, 0x67, 0xff, 0x33, 0xf3, 0xdb, 0xc9, 0x1a,
-	0x1e, 0xcd, 0x19, 0x2e, 0x92, 0x89, 0x3d, 0xe5, 0xbe, 0x33, 0xe5, 0x01, 0x7a, 0x2c, 0xa0, 0x11,
-	0xb9, 0xbe, 0xf4, 0x42, 0xe6, 0xd0, 0x97, 0x34, 0xc0, 0xd8, 0x41, 0x2f, 0x3e, 0xb3, 0xc3, 0x88,
-	0x23, 0xd7, 0x6f, 0x5f, 0x45, 0xd8, 0x72, 0xb7, 0xb5, 0x37, 0xe7, 0x73, 0x9e, 0xed, 0x3a, 0x62,
-	0x25, 0x03, 0x5b, 0xe6, 0x9c, 0xf3, 0xf9, 0x92, 0x3a, 0x99, 0x35, 0x49, 0x66, 0x0e, 0x32, 0x9f,
-	0xc6, 0xe8, 0xf9, 0x61, 0x1e, 0xf0, 0x77, 0x15, 0xe0, 0xab, 0x90, 0xc6, 0x8e, 0xcf, 0x93, 0x00,
-	0xf3, 0x73, 0xfb, 0x7f, 0x3c, 0x57, 0xa4, 0x0c, 0x97, 0xc9, 0x9c, 0x05, 0xce, 0x8c, 0xd1, 0x25,
-	0x09, 0x3d, 0x5c, 0x48, 0x05, 0xeb, 0xab, 0x02, 0x70, 0xe2, 0xc5, 0x67, 0x07, 0x11, 0xf5, 0x90,
-	0xea, 0x5d, 0xb8, 0x55, 0x1c, 0x1e, 0x33, 0xd2, 0x54, 0xda, 0x4a, 0xa7, 0xde, 0xdf, 0x49, 0x57,
-	0x66, 0xe3, 0x60, 0xed, 0x1f, 0x0e, 0xdc, 0x46, 0x11, 0x34, 0x24, 0xfa, 0x1d, 0xd0, 0x26, 0x49,
-	0x40, 0x96, 0xb4, 0xa9, 0x8a, 0x68, 0x37, 0xb7, 0x74, 0x07, 0xb4, 0x88, 0x73, 0x9c, 0xc5, 0xcd,
-	0x6a, 0xbb, 0xda, 0x69, 0x74, 0xef, 0xda, 0xd7, 0x78, 0x65, 0xbd, 0xd8, 0x87, 0xa2, 0x17, 0x37,
-	0x0f, 0xd3, 0x1f, 0x80, 0xca, 0x78, 0x73, 0xa3, 0xad, 0x74, 0x1a, 0xdd, 0x7b, 0xf6, 0x0d, 0xb8,
-	0xb6, 0xa8, 0x73, 0x38, 0xea, 0x6b, 0xe9, 0xca, 0x54, 0x87, 0x23, 0x57, 0x65, 0x5c, 0x37, 0x00,
-	0xa6, 0x0b, 0x3a, 0x3d, 0x0b, 0x39, 0x0b, 0xb0, 0xb9, 0x99, 0xe5, 0xbf, 0xe6, 0xd1, 0x77, 0xa1,
-	0x1a, 0x32, 0xd2, 0xd4, 0xda, 0x4a, 0x67, 0xdb, 0x15, 0x4b, 0xeb, 0x19, 0xd4, 0x85, 0xce, 0x31,
-	0x7a, 0x11, 0x96, 0x6a, 0x37, 0x97, 0x54, 0xaf, 0x24, 0xdf, 0xe7, 0x0c, 0x07, 0x74, 0x49, 0x4b,
-	0x32, 0xbc, 0x21, 0xaa, 0x9b, 0xd0, 0xa0, 0xe7, 0x0c, 0xc7, 0x31, 0x7a, 0x98, 0x08, 0x84, 0x62,
-	0x07, 0x84, 0xeb, 0x38, 0xf3, 0xe8, 0x3d, 0xa8, 0x0b, 0x8b, 0x92, 0xb1, 0x87, 0x39, 0xb4, 0x96,
-	0x2d, 0x07, 0xcd, 0x5e, 0xdf, 0xba, 0x7d, 0xb2, 0x1e, 0xb4, 0x7e, 0xed, 0x62, 0x65, 0x56, 0xde,
-	0x7e, 0x36, 0x15, 0xb7, 0x26, 0x8f, 0xf5, 0xd0, 0x7a, 0x01, 0x9a, 0x64, 0xaa, 0xef, 0xc1, 0x66,
-	0x8c, 0x84, 0x05, 0xb2, 0x58, 0x57, 0x1a, 0xe2, 0x66, 0x63, 0x24, 0x3c, 0xc1, 0xf5, 0xcd, 0x4a,
-	0x2b, 0xf7, 0xd3, 0x28, 0xca, 0xca, 0x92, 0x7e, 0x1a, 0x45, 0x7a, 0x0b, 0x6a, 0x48, 0x23, 0x9f,
-	0x05, 0xde, 0x32, 0xab, 0xa8, 0xe6, 0x16, 0xb6, 0xf5, 0x41, 0x81, 0x9a, 0x48, 0xf6, 0xf4, 0x9c,
-	0x61, 0xc9, 0x31, 0x53, 0x73, 0x42, 0xf5, 0x7c, 0x04, 0x06, 0xae, 0xca, 0x0a, 0x74, 0xd5, 0x5f,
-	0xa2, 0xdb, 0xf8, 0x3d, 0xba, 0xcd, 0x52, 0xe8, 0x9e, 0xc0, 0x96, 0xe8, 0x66, 0x34, 0x3a, 0x2c,
-	0xd3, 0x8c, 0xb5, 0x80, 0x6d, 0x09, 0x83, 0x4e, 0x7b, 0x84, 0x50, 0x52, 0x8a, 0xc8, 0x7d, 0xd8,
-	0xa2, 0xe7, 0x74, 0x3a, 0x2e, 0xb0, 0x40, 0xba, 0x32, 0x35, 0xa1, 0x39, 0x1c, 0xb8, 0x9a, 0xd8,
-	0x1a, 0x12, 0xeb, 0x35, 0xec, 0xac, 0x33, 0x65, 0x33, 0xff, 0x1f, 0x73, 0xdd, 0xbc, 0x0a, 0x6b,
-	0x5f, 0xfe, 0x33, 0x8e, 0xbc, 0x24, 0x2e, 0x97, 0xd8, 0xea, 0x41, 0x43, 0x28, 0xb8, 0x34, 0x4e,
-	0xfc, 0x92, 0x12, 0x33, 0xd8, 0xcd, 0x9e, 0xb8, 0xe2, 0x59, 0x28, 0xc9, 0xe0, 0xc7, 0xc7, 0x46,
-	0xfd, 0xf9, 0xb1, 0xe9, 0x1f, 0x5d, 0x5c, 0x1a, 0x95, 0x4f, 0x97, 0x46, 0xe5, 0x4d, 0x6a, 0x28,
-	0x17, 0xa9, 0xa1, 0x7c, 0x4c, 0x0d, 0xe5, 0x4b, 0x6a, 0x28, 0xef, 0xbe, 0x19, 0xca, 0xf3, 0xee,
-	0x3f, 0x7c, 0x65, 0x1e, 0xcb, 0x9f, 0xd3, 0xca, 0x69, 0x75, 0xa2, 0x65, 0x13, 0xf9, 0xf0, 0x7b,
-	0x00, 0x00, 0x00, 0xff, 0xff, 0x07, 0x69, 0x62, 0x9d, 0xa6, 0x06, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/events/task.proto b/vendor/github.com/containerd/containerd/api/events/task.proto
index d69921365ddd6..3cbbbf00a03a7 100644
--- a/vendor/github.com/containerd/containerd/api/events/task.proto
+++ b/vendor/github.com/containerd/containerd/api/events/task.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.events;
@@ -29,6 +45,9 @@ message TaskDelete {
 	uint32 pid = 2;
 	uint32 exit_status = 3;
 	google.protobuf.Timestamp exited_at = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	// id is the specific exec. By default if omitted will be `""` thus matches
+	// the init exec of the task matching `container_id`.
+	string id = 5;
 }
 
 message TaskIO {
diff --git a/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.pb.go b/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.pb.go
index 4d9322164e384..af56c7de2badb 100644
--- a/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.pb.go
@@ -1,49 +1,25 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/containers/v1/containers.proto
 
-/*
-	Package containers is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/containers/v1/containers.proto
-
-	It has these top-level messages:
-		Container
-		GetContainerRequest
-		GetContainerResponse
-		ListContainersRequest
-		ListContainersResponse
-		CreateContainerRequest
-		CreateContainerResponse
-		UpdateContainerRequest
-		UpdateContainerResponse
-		DeleteContainerRequest
-		ListContainerMessage
-*/
 package containers
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import google_protobuf2 "github.com/gogo/protobuf/types"
-import google_protobuf3 "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/types"
-
-import time "time"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -55,7 +31,7 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Container struct {
 	// ID is the user-specified identifier.
@@ -68,16 +44,16 @@ type Container struct {
 	//
 	// Note that to add a new value to this field, read the existing set and
 	// include the entire result in the update call.
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Image contains the reference of the image used to build the
 	// specification and snapshots for running this container.
 	//
 	// If this field is updated, the spec and rootfs needed to updated, as well.
 	Image string `protobuf:"bytes,3,opt,name=image,proto3" json:"image,omitempty"`
 	// Runtime specifies which runtime to use for executing this container.
-	Runtime *Container_Runtime `protobuf:"bytes,4,opt,name=runtime" json:"runtime,omitempty"`
+	Runtime *Container_Runtime `protobuf:"bytes,4,opt,name=runtime,proto3" json:"runtime,omitempty"`
 	// Spec to be used when creating the container. This is runtime specific.
-	Spec *google_protobuf1.Any `protobuf:"bytes,5,opt,name=spec" json:"spec,omitempty"`
+	Spec *types.Any `protobuf:"bytes,5,opt,name=spec,proto3" json:"spec,omitempty"`
 	// Snapshotter specifies the snapshotter name used for rootfs
 	Snapshotter string `protobuf:"bytes,6,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
 	// SnapshotKey specifies the snapshot key to use for the container's root
@@ -92,9 +68,9 @@ type Container struct {
 	// This field may be updated.
 	SnapshotKey string `protobuf:"bytes,7,opt,name=snapshot_key,json=snapshotKey,proto3" json:"snapshot_key,omitempty"`
 	// CreatedAt is the time the container was first created.
-	CreatedAt time.Time `protobuf:"bytes,8,opt,name=created_at,json=createdAt,stdtime" json:"created_at"`
+	CreatedAt time.Time `protobuf:"bytes,8,opt,name=created_at,json=createdAt,proto3,stdtime" json:"created_at"`
 	// UpdatedAt is the last time the container was mutated.
-	UpdatedAt time.Time `protobuf:"bytes,9,opt,name=updated_at,json=updatedAt,stdtime" json:"updated_at"`
+	UpdatedAt time.Time `protobuf:"bytes,9,opt,name=updated_at,json=updatedAt,proto3,stdtime" json:"updated_at"`
 	// Extensions allow clients to provide zero or more blobs that are directly
 	// associated with the container. One may provide protobuf, json, or other
 	// encoding formats. The primary use of this is to further decorate the
@@ -104,39 +80,163 @@ type Container struct {
 	// that should be unique against other extensions. When updating extension
 	// data, one should only update the specified extension using field paths
 	// to select a specific map key.
-	Extensions map[string]google_protobuf1.Any `protobuf:"bytes,10,rep,name=extensions" json:"extensions" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value"`
+	Extensions           map[string]types.Any `protobuf:"bytes,10,rep,name=extensions,proto3" json:"extensions" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
+	XXX_unrecognized     []byte               `json:"-"`
+	XXX_sizecache        int32                `json:"-"`
+}
+
+func (m *Container) Reset()      { *m = Container{} }
+func (*Container) ProtoMessage() {}
+func (*Container) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{0}
+}
+func (m *Container) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Container) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Container.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Container) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Container.Merge(m, src)
+}
+func (m *Container) XXX_Size() int {
+	return m.Size()
+}
+func (m *Container) XXX_DiscardUnknown() {
+	xxx_messageInfo_Container.DiscardUnknown(m)
 }
 
-func (m *Container) Reset()                    { *m = Container{} }
-func (*Container) ProtoMessage()               {}
-func (*Container) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{0} }
+var xxx_messageInfo_Container proto.InternalMessageInfo
 
 type Container_Runtime struct {
 	// Name is the name of the runtime.
 	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// Options specify additional runtime initialization options.
-	Options *google_protobuf1.Any `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
+	Options              *types.Any `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *Container_Runtime) Reset()      { *m = Container_Runtime{} }
+func (*Container_Runtime) ProtoMessage() {}
+func (*Container_Runtime) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{0, 1}
+}
+func (m *Container_Runtime) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Container_Runtime) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Container_Runtime.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Container_Runtime) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Container_Runtime.Merge(m, src)
+}
+func (m *Container_Runtime) XXX_Size() int {
+	return m.Size()
+}
+func (m *Container_Runtime) XXX_DiscardUnknown() {
+	xxx_messageInfo_Container_Runtime.DiscardUnknown(m)
 }
 
-func (m *Container_Runtime) Reset()                    { *m = Container_Runtime{} }
-func (*Container_Runtime) ProtoMessage()               {}
-func (*Container_Runtime) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{0, 1} }
+var xxx_messageInfo_Container_Runtime proto.InternalMessageInfo
 
 type GetContainerRequest struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetContainerRequest) Reset()      { *m = GetContainerRequest{} }
+func (*GetContainerRequest) ProtoMessage() {}
+func (*GetContainerRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{1}
+}
+func (m *GetContainerRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetContainerRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetContainerRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetContainerRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetContainerRequest.Merge(m, src)
+}
+func (m *GetContainerRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetContainerRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetContainerRequest.DiscardUnknown(m)
 }
 
-func (m *GetContainerRequest) Reset()                    { *m = GetContainerRequest{} }
-func (*GetContainerRequest) ProtoMessage()               {}
-func (*GetContainerRequest) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{1} }
+var xxx_messageInfo_GetContainerRequest proto.InternalMessageInfo
 
 type GetContainerResponse struct {
-	Container Container `protobuf:"bytes,1,opt,name=container" json:"container"`
+	Container            Container `protobuf:"bytes,1,opt,name=container,proto3" json:"container"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *GetContainerResponse) Reset()      { *m = GetContainerResponse{} }
+func (*GetContainerResponse) ProtoMessage() {}
+func (*GetContainerResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{2}
+}
+func (m *GetContainerResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetContainerResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetContainerResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetContainerResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetContainerResponse.Merge(m, src)
+}
+func (m *GetContainerResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetContainerResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetContainerResponse.DiscardUnknown(m)
 }
 
-func (m *GetContainerResponse) Reset()                    { *m = GetContainerResponse{} }
-func (*GetContainerResponse) ProtoMessage()               {}
-func (*GetContainerResponse) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{2} }
+var xxx_messageInfo_GetContainerResponse proto.InternalMessageInfo
 
 type ListContainersRequest struct {
 	// Filters contains one or more filters using the syntax defined in the
@@ -149,38 +249,160 @@ type ListContainersRequest struct {
 	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
-	Filters []string `protobuf:"bytes,1,rep,name=filters" json:"filters,omitempty"`
+	Filters              []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListContainersRequest) Reset()      { *m = ListContainersRequest{} }
+func (*ListContainersRequest) ProtoMessage() {}
+func (*ListContainersRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{3}
+}
+func (m *ListContainersRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListContainersRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListContainersRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListContainersRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListContainersRequest.Merge(m, src)
+}
+func (m *ListContainersRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListContainersRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListContainersRequest.DiscardUnknown(m)
 }
 
-func (m *ListContainersRequest) Reset()                    { *m = ListContainersRequest{} }
-func (*ListContainersRequest) ProtoMessage()               {}
-func (*ListContainersRequest) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{3} }
+var xxx_messageInfo_ListContainersRequest proto.InternalMessageInfo
 
 type ListContainersResponse struct {
-	Containers []Container `protobuf:"bytes,1,rep,name=containers" json:"containers"`
+	Containers           []Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *ListContainersResponse) Reset()      { *m = ListContainersResponse{} }
+func (*ListContainersResponse) ProtoMessage() {}
+func (*ListContainersResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{4}
+}
+func (m *ListContainersResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListContainersResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListContainersResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListContainersResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListContainersResponse.Merge(m, src)
+}
+func (m *ListContainersResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListContainersResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListContainersResponse.DiscardUnknown(m)
 }
 
-func (m *ListContainersResponse) Reset()                    { *m = ListContainersResponse{} }
-func (*ListContainersResponse) ProtoMessage()               {}
-func (*ListContainersResponse) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{4} }
+var xxx_messageInfo_ListContainersResponse proto.InternalMessageInfo
 
 type CreateContainerRequest struct {
-	Container Container `protobuf:"bytes,1,opt,name=container" json:"container"`
+	Container            Container `protobuf:"bytes,1,opt,name=container,proto3" json:"container"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *CreateContainerRequest) Reset()      { *m = CreateContainerRequest{} }
+func (*CreateContainerRequest) ProtoMessage() {}
+func (*CreateContainerRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{5}
+}
+func (m *CreateContainerRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateContainerRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateContainerRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateContainerRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateContainerRequest.Merge(m, src)
+}
+func (m *CreateContainerRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateContainerRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateContainerRequest.DiscardUnknown(m)
 }
 
-func (m *CreateContainerRequest) Reset()                    { *m = CreateContainerRequest{} }
-func (*CreateContainerRequest) ProtoMessage()               {}
-func (*CreateContainerRequest) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{5} }
+var xxx_messageInfo_CreateContainerRequest proto.InternalMessageInfo
 
 type CreateContainerResponse struct {
-	Container Container `protobuf:"bytes,1,opt,name=container" json:"container"`
+	Container            Container `protobuf:"bytes,1,opt,name=container,proto3" json:"container"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
 }
 
 func (m *CreateContainerResponse) Reset()      { *m = CreateContainerResponse{} }
 func (*CreateContainerResponse) ProtoMessage() {}
 func (*CreateContainerResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptorContainers, []int{6}
+	return fileDescriptor_311afb8e15951042, []int{6}
+}
+func (m *CreateContainerResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateContainerResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateContainerResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateContainerResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateContainerResponse.Merge(m, src)
+}
+func (m *CreateContainerResponse) XXX_Size() int {
+	return m.Size()
 }
+func (m *CreateContainerResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateContainerResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateContainerResponse proto.InternalMessageInfo
 
 // UpdateContainerRequest updates the metadata on one or more container.
 //
@@ -191,44 +413,168 @@ type UpdateContainerRequest struct {
 	// Container provides the target values, as declared by the mask, for the update.
 	//
 	// The ID field must be set.
-	Container Container `protobuf:"bytes,1,opt,name=container" json:"container"`
+	Container Container `protobuf:"bytes,1,opt,name=container,proto3" json:"container"`
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
-	UpdateMask *google_protobuf3.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask" json:"update_mask,omitempty"`
+	UpdateMask           *types.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
+	XXX_unrecognized     []byte           `json:"-"`
+	XXX_sizecache        int32            `json:"-"`
+}
+
+func (m *UpdateContainerRequest) Reset()      { *m = UpdateContainerRequest{} }
+func (*UpdateContainerRequest) ProtoMessage() {}
+func (*UpdateContainerRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{7}
+}
+func (m *UpdateContainerRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateContainerRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateContainerRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateContainerRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateContainerRequest.Merge(m, src)
+}
+func (m *UpdateContainerRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateContainerRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateContainerRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateContainerRequest) Reset()                    { *m = UpdateContainerRequest{} }
-func (*UpdateContainerRequest) ProtoMessage()               {}
-func (*UpdateContainerRequest) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{7} }
+var xxx_messageInfo_UpdateContainerRequest proto.InternalMessageInfo
 
 type UpdateContainerResponse struct {
-	Container Container `protobuf:"bytes,1,opt,name=container" json:"container"`
+	Container            Container `protobuf:"bytes,1,opt,name=container,proto3" json:"container"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
 }
 
 func (m *UpdateContainerResponse) Reset()      { *m = UpdateContainerResponse{} }
 func (*UpdateContainerResponse) ProtoMessage() {}
 func (*UpdateContainerResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptorContainers, []int{8}
+	return fileDescriptor_311afb8e15951042, []int{8}
+}
+func (m *UpdateContainerResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateContainerResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateContainerResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateContainerResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateContainerResponse.Merge(m, src)
+}
+func (m *UpdateContainerResponse) XXX_Size() int {
+	return m.Size()
 }
+func (m *UpdateContainerResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateContainerResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateContainerResponse proto.InternalMessageInfo
 
 type DeleteContainerRequest struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteContainerRequest) Reset()      { *m = DeleteContainerRequest{} }
+func (*DeleteContainerRequest) ProtoMessage() {}
+func (*DeleteContainerRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{9}
+}
+func (m *DeleteContainerRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteContainerRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteContainerRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteContainerRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteContainerRequest.Merge(m, src)
+}
+func (m *DeleteContainerRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteContainerRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteContainerRequest.DiscardUnknown(m)
 }
 
-func (m *DeleteContainerRequest) Reset()                    { *m = DeleteContainerRequest{} }
-func (*DeleteContainerRequest) ProtoMessage()               {}
-func (*DeleteContainerRequest) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{9} }
+var xxx_messageInfo_DeleteContainerRequest proto.InternalMessageInfo
 
 type ListContainerMessage struct {
-	Container *Container `protobuf:"bytes,1,opt,name=container" json:"container,omitempty"`
+	Container            *Container `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *ListContainerMessage) Reset()      { *m = ListContainerMessage{} }
+func (*ListContainerMessage) ProtoMessage() {}
+func (*ListContainerMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_311afb8e15951042, []int{10}
+}
+func (m *ListContainerMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListContainerMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListContainerMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListContainerMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListContainerMessage.Merge(m, src)
+}
+func (m *ListContainerMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListContainerMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListContainerMessage.DiscardUnknown(m)
 }
 
-func (m *ListContainerMessage) Reset()                    { *m = ListContainerMessage{} }
-func (*ListContainerMessage) ProtoMessage()               {}
-func (*ListContainerMessage) Descriptor() ([]byte, []int) { return fileDescriptorContainers, []int{10} }
+var xxx_messageInfo_ListContainerMessage proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Container)(nil), "containerd.services.containers.v1.Container")
+	proto.RegisterMapType((map[string]types.Any)(nil), "containerd.services.containers.v1.Container.ExtensionsEntry")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.containers.v1.Container.LabelsEntry")
 	proto.RegisterType((*Container_Runtime)(nil), "containerd.services.containers.v1.Container.Runtime")
 	proto.RegisterType((*GetContainerRequest)(nil), "containerd.services.containers.v1.GetContainerRequest")
 	proto.RegisterType((*GetContainerResponse)(nil), "containerd.services.containers.v1.GetContainerResponse")
@@ -242,6 +588,66 @@ func init() {
 	proto.RegisterType((*ListContainerMessage)(nil), "containerd.services.containers.v1.ListContainerMessage")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/containers/v1/containers.proto", fileDescriptor_311afb8e15951042)
+}
+
+var fileDescriptor_311afb8e15951042 = []byte{
+	// 820 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xcb, 0x6e, 0x13, 0x49,
+	0x14, 0x75, 0xdb, 0x4e, 0x3b, 0xbe, 0x1e, 0x69, 0x46, 0x35, 0x1e, 0x4f, 0x4f, 0x8f, 0x64, 0x3b,
+	0x5e, 0x59, 0xa3, 0xa1, 0x9d, 0x18, 0x44, 0x5e, 0x6c, 0xe2, 0xbc, 0x04, 0x24, 0x28, 0xea, 0x80,
+	0x84, 0x60, 0x11, 0xda, 0x76, 0xc5, 0x69, 0xdc, 0x2f, 0xba, 0xca, 0x16, 0x16, 0x8b, 0xc0, 0x1f,
+	0xb0, 0xe3, 0x13, 0xf8, 0x95, 0x2c, 0x59, 0xb2, 0x0a, 0xc4, 0xe2, 0x43, 0x50, 0x57, 0x57, 0xbb,
+	0x3b, 0x7e, 0x80, 0x9d, 0x90, 0x5d, 0x5d, 0xd7, 0x3d, 0xf7, 0x9e, 0x3a, 0xb7, 0x4e, 0xb9, 0x61,
+	0xaf, 0xa5, 0xd3, 0x93, 0x4e, 0x5d, 0x69, 0xd8, 0x66, 0xa5, 0x61, 0x5b, 0x54, 0xd3, 0x2d, 0xec,
+	0x36, 0xa3, 0x4b, 0xcd, 0xd1, 0x2b, 0x04, 0xbb, 0x5d, 0xbd, 0x81, 0x49, 0xf8, 0x3b, 0xa9, 0x74,
+	0x97, 0x22, 0x91, 0xe2, 0xb8, 0x36, 0xb5, 0xd1, 0x42, 0x88, 0x53, 0x02, 0x8c, 0x12, 0xc9, 0xea,
+	0x2e, 0xc9, 0xd9, 0x96, 0xdd, 0xb2, 0x59, 0x76, 0xc5, 0x5b, 0xf9, 0x40, 0xf9, 0x9f, 0x96, 0x6d,
+	0xb7, 0x0c, 0x5c, 0x61, 0x51, 0xbd, 0x73, 0x5c, 0xd1, 0xac, 0x1e, 0xdf, 0xfa, 0x77, 0x78, 0x0b,
+	0x9b, 0x0e, 0x0d, 0x36, 0x8b, 0xc3, 0x9b, 0xc7, 0x3a, 0x36, 0x9a, 0x47, 0xa6, 0x46, 0xda, 0x3c,
+	0xa3, 0x30, 0x9c, 0x41, 0x75, 0x13, 0x13, 0xaa, 0x99, 0x8e, 0x9f, 0x50, 0xfa, 0x20, 0x42, 0x7a,
+	0x33, 0xa0, 0x88, 0x72, 0x10, 0xd7, 0x9b, 0x92, 0x50, 0x14, 0xca, 0xe9, 0x9a, 0xd8, 0x3f, 0x2f,
+	0xc4, 0xef, 0x6f, 0xa9, 0x71, 0xbd, 0x89, 0x0e, 0x40, 0x34, 0xb4, 0x3a, 0x36, 0x88, 0x14, 0x2f,
+	0x26, 0xca, 0x99, 0xea, 0x8a, 0xf2, 0xd3, 0xa3, 0x2a, 0x83, 0xaa, 0xca, 0x1e, 0x83, 0x6e, 0x5b,
+	0xd4, 0xed, 0xa9, 0xbc, 0x0e, 0xca, 0xc2, 0x9c, 0x6e, 0x6a, 0x2d, 0x2c, 0x25, 0xbc, 0x66, 0xaa,
+	0x1f, 0xa0, 0x47, 0x90, 0x72, 0x3b, 0x96, 0xc7, 0x51, 0x4a, 0x16, 0x85, 0x72, 0xa6, 0x7a, 0x67,
+	0xa6, 0x46, 0xaa, 0x8f, 0x55, 0x83, 0x22, 0xa8, 0x0c, 0x49, 0xe2, 0xe0, 0x86, 0x34, 0xc7, 0x8a,
+	0x65, 0x15, 0x5f, 0x0d, 0x25, 0x50, 0x43, 0xd9, 0xb0, 0x7a, 0x2a, 0xcb, 0x40, 0x45, 0xc8, 0x10,
+	0x4b, 0x73, 0xc8, 0x89, 0x4d, 0x29, 0x76, 0x25, 0x91, 0xb1, 0x8a, 0xfe, 0x84, 0x16, 0xe0, 0xb7,
+	0x20, 0x3c, 0x6a, 0xe3, 0x9e, 0x94, 0xba, 0x9c, 0xf2, 0x10, 0xf7, 0xd0, 0x26, 0x40, 0xc3, 0xc5,
+	0x1a, 0xc5, 0xcd, 0x23, 0x8d, 0x4a, 0xf3, 0xac, 0xa9, 0x3c, 0xd2, 0xf4, 0x71, 0x30, 0x82, 0xda,
+	0xfc, 0xd9, 0x79, 0x21, 0xf6, 0xfe, 0x4b, 0x41, 0x50, 0xd3, 0x1c, 0xb7, 0x41, 0xbd, 0x22, 0x1d,
+	0xa7, 0x19, 0x14, 0x49, 0xcf, 0x52, 0x84, 0xe3, 0x36, 0x28, 0xaa, 0x03, 0xe0, 0xd7, 0x14, 0x5b,
+	0x44, 0xb7, 0x2d, 0x22, 0x01, 0x1b, 0xda, 0xbd, 0x99, 0xb4, 0xdc, 0x1e, 0xc0, 0xd9, 0xe0, 0x6a,
+	0x49, 0xaf, 0x8d, 0x1a, 0xa9, 0x2a, 0xaf, 0x42, 0x26, 0x32, 0x59, 0xf4, 0x07, 0x24, 0x3c, 0x59,
+	0xd8, 0xe5, 0x51, 0xbd, 0xa5, 0x37, 0xe3, 0xae, 0x66, 0x74, 0xb0, 0x14, 0xf7, 0x67, 0xcc, 0x82,
+	0xb5, 0xf8, 0x8a, 0x20, 0xef, 0x43, 0x8a, 0xcf, 0x0a, 0x21, 0x48, 0x5a, 0x9a, 0x89, 0x39, 0x8e,
+	0xad, 0x91, 0x02, 0x29, 0xdb, 0xa1, 0x8c, 0x7a, 0xfc, 0x07, 0x93, 0x0b, 0x92, 0xe4, 0x43, 0xf8,
+	0x7d, 0x88, 0xee, 0x18, 0x36, 0xff, 0x45, 0xd9, 0x4c, 0x2a, 0x19, 0x72, 0x2c, 0xdd, 0x82, 0x3f,
+	0x77, 0x31, 0x1d, 0x08, 0xa2, 0xe2, 0x57, 0x1d, 0x4c, 0xe8, 0x24, 0x8b, 0x94, 0x4e, 0x20, 0x7b,
+	0x39, 0x9d, 0x38, 0xb6, 0x45, 0x30, 0x3a, 0x80, 0xf4, 0x40, 0x62, 0x06, 0xcb, 0x54, 0xff, 0x9f,
+	0x65, 0x10, 0x5c, 0xf8, 0xb0, 0x48, 0x69, 0x09, 0xfe, 0xda, 0xd3, 0x49, 0xd8, 0x8a, 0x04, 0xd4,
+	0x24, 0x48, 0x1d, 0xeb, 0x06, 0xc5, 0x2e, 0x91, 0x84, 0x62, 0xa2, 0x9c, 0x56, 0x83, 0xb0, 0x64,
+	0x40, 0x6e, 0x18, 0xc2, 0xe9, 0xa9, 0x00, 0x61, 0x63, 0x06, 0xbb, 0x1a, 0xbf, 0x48, 0x95, 0xd2,
+	0x4b, 0xc8, 0x6d, 0xb2, 0xeb, 0x3c, 0x22, 0xde, 0xaf, 0x17, 0xa3, 0x0d, 0x7f, 0x8f, 0xf4, 0xba,
+	0x31, 0xe5, 0x3f, 0x0a, 0x90, 0x7b, 0xc2, 0x3c, 0x76, 0xf3, 0x27, 0x43, 0xeb, 0x90, 0xf1, 0xfd,
+	0xcc, 0xde, 0x73, 0x7e, 0x6b, 0x47, 0x1f, 0x82, 0x1d, 0xef, 0xc9, 0xdf, 0xd7, 0x48, 0x5b, 0xe5,
+	0xcf, 0x86, 0xb7, 0xf6, 0x64, 0x19, 0x21, 0x7a, 0x63, 0xb2, 0x2c, 0x42, 0x6e, 0x0b, 0x1b, 0x78,
+	0x8c, 0x2a, 0x93, 0xcc, 0x52, 0x87, 0xec, 0xa5, 0xfb, 0xb8, 0x8f, 0x09, 0xf1, 0xde, 0xff, 0x07,
+	0xd7, 0xe4, 0x16, 0x61, 0x55, 0xfd, 0x36, 0x07, 0x10, 0x5e, 0x78, 0xd4, 0x85, 0xc4, 0x2e, 0xa6,
+	0xe8, 0xee, 0x14, 0xe5, 0xc6, 0xd8, 0x5e, 0x5e, 0x9e, 0x19, 0xc7, 0xe5, 0x7e, 0x03, 0x49, 0xef,
+	0xa8, 0x68, 0x9a, 0xbf, 0xcc, 0xb1, 0xb6, 0x96, 0x57, 0xaf, 0x80, 0xe4, 0xcd, 0xdf, 0x09, 0x00,
+	0xde, 0xd6, 0x21, 0x75, 0xb1, 0x66, 0x5e, 0x83, 0xc3, 0xf2, 0xac, 0x48, 0x3e, 0xd1, 0x45, 0x01,
+	0x9d, 0x82, 0xe8, 0x3b, 0x14, 0x4d, 0x73, 0x90, 0xf1, 0x0f, 0x87, 0xbc, 0x76, 0x15, 0x28, 0x17,
+	0xe1, 0x14, 0x44, 0xdf, 0x0b, 0x53, 0x11, 0x18, 0xef, 0xef, 0xa9, 0x08, 0x4c, 0x72, 0xdc, 0x73,
+	0x10, 0x7d, 0x7f, 0x4c, 0x45, 0x60, 0xbc, 0x95, 0xe4, 0xdc, 0x88, 0xf3, 0xb7, 0xbd, 0x2f, 0xc1,
+	0xda, 0x8b, 0xb3, 0x8b, 0x7c, 0xec, 0xf3, 0x45, 0x3e, 0xf6, 0xb6, 0x9f, 0x17, 0xce, 0xfa, 0x79,
+	0xe1, 0x53, 0x3f, 0x2f, 0x7c, 0xed, 0xe7, 0x85, 0x67, 0x3b, 0xd7, 0xf8, 0xb8, 0x5d, 0x0f, 0xa3,
+	0xa7, 0xb1, 0xba, 0xc8, 0x7a, 0xde, 0xfe, 0x1e, 0x00, 0x00, 0xff, 0xff, 0xd0, 0xae, 0xca, 0xcb,
+	0x2f, 0x0b, 0x00, 0x00,
+}
+
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ grpc.ClientConn
@@ -250,15 +656,16 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Containers service
-
+// ContainersClient is the client API for Containers service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type ContainersClient interface {
 	Get(ctx context.Context, in *GetContainerRequest, opts ...grpc.CallOption) (*GetContainerResponse, error)
 	List(ctx context.Context, in *ListContainersRequest, opts ...grpc.CallOption) (*ListContainersResponse, error)
 	ListStream(ctx context.Context, in *ListContainersRequest, opts ...grpc.CallOption) (Containers_ListStreamClient, error)
 	Create(ctx context.Context, in *CreateContainerRequest, opts ...grpc.CallOption) (*CreateContainerResponse, error)
 	Update(ctx context.Context, in *UpdateContainerRequest, opts ...grpc.CallOption) (*UpdateContainerResponse, error)
-	Delete(ctx context.Context, in *DeleteContainerRequest, opts ...grpc.CallOption) (*google_protobuf2.Empty, error)
+	Delete(ctx context.Context, in *DeleteContainerRequest, opts ...grpc.CallOption) (*types.Empty, error)
 }
 
 type containersClient struct {
@@ -271,7 +678,7 @@ func NewContainersClient(cc *grpc.ClientConn) ContainersClient {
 
 func (c *containersClient) Get(ctx context.Context, in *GetContainerRequest, opts ...grpc.CallOption) (*GetContainerResponse, error) {
 	out := new(GetContainerResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.containers.v1.Containers/Get", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.containers.v1.Containers/Get", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -280,7 +687,7 @@ func (c *containersClient) Get(ctx context.Context, in *GetContainerRequest, opt
 
 func (c *containersClient) List(ctx context.Context, in *ListContainersRequest, opts ...grpc.CallOption) (*ListContainersResponse, error) {
 	out := new(ListContainersResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.containers.v1.Containers/List", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.containers.v1.Containers/List", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -288,7 +695,7 @@ func (c *containersClient) List(ctx context.Context, in *ListContainersRequest,
 }
 
 func (c *containersClient) ListStream(ctx context.Context, in *ListContainersRequest, opts ...grpc.CallOption) (Containers_ListStreamClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Containers_serviceDesc.Streams[0], c.cc, "/containerd.services.containers.v1.Containers/ListStream", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Containers_serviceDesc.Streams[0], "/containerd.services.containers.v1.Containers/ListStream", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -321,7 +728,7 @@ func (x *containersListStreamClient) Recv() (*ListContainerMessage, error) {
 
 func (c *containersClient) Create(ctx context.Context, in *CreateContainerRequest, opts ...grpc.CallOption) (*CreateContainerResponse, error) {
 	out := new(CreateContainerResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.containers.v1.Containers/Create", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.containers.v1.Containers/Create", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -330,31 +737,53 @@ func (c *containersClient) Create(ctx context.Context, in *CreateContainerReques
 
 func (c *containersClient) Update(ctx context.Context, in *UpdateContainerRequest, opts ...grpc.CallOption) (*UpdateContainerResponse, error) {
 	out := new(UpdateContainerResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.containers.v1.Containers/Update", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.containers.v1.Containers/Update", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *containersClient) Delete(ctx context.Context, in *DeleteContainerRequest, opts ...grpc.CallOption) (*google_protobuf2.Empty, error) {
-	out := new(google_protobuf2.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.containers.v1.Containers/Delete", in, out, c.cc, opts...)
+func (c *containersClient) Delete(ctx context.Context, in *DeleteContainerRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.containers.v1.Containers/Delete", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Containers service
-
+// ContainersServer is the server API for Containers service.
 type ContainersServer interface {
 	Get(context.Context, *GetContainerRequest) (*GetContainerResponse, error)
 	List(context.Context, *ListContainersRequest) (*ListContainersResponse, error)
 	ListStream(*ListContainersRequest, Containers_ListStreamServer) error
 	Create(context.Context, *CreateContainerRequest) (*CreateContainerResponse, error)
 	Update(context.Context, *UpdateContainerRequest) (*UpdateContainerResponse, error)
-	Delete(context.Context, *DeleteContainerRequest) (*google_protobuf2.Empty, error)
+	Delete(context.Context, *DeleteContainerRequest) (*types.Empty, error)
+}
+
+// UnimplementedContainersServer can be embedded to have forward compatible implementations.
+type UnimplementedContainersServer struct {
+}
+
+func (*UnimplementedContainersServer) Get(ctx context.Context, req *GetContainerRequest) (*GetContainerResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Get not implemented")
+}
+func (*UnimplementedContainersServer) List(ctx context.Context, req *ListContainersRequest) (*ListContainersResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+func (*UnimplementedContainersServer) ListStream(req *ListContainersRequest, srv Containers_ListStreamServer) error {
+	return status.Errorf(codes.Unimplemented, "method ListStream not implemented")
+}
+func (*UnimplementedContainersServer) Create(ctx context.Context, req *CreateContainerRequest) (*CreateContainerResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Create not implemented")
+}
+func (*UnimplementedContainersServer) Update(ctx context.Context, req *UpdateContainerRequest) (*UpdateContainerResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Update not implemented")
+}
+func (*UnimplementedContainersServer) Delete(ctx context.Context, req *DeleteContainerRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented")
 }
 
 func RegisterContainersServer(s *grpc.Server, srv ContainersServer) {
@@ -510,7 +939,7 @@ var _Containers_serviceDesc = grpc.ServiceDesc{
 func (m *Container) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -518,120 +947,137 @@ func (m *Container) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Container) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Container) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
+	if len(m.Extensions) > 0 {
+		for k := range m.Extensions {
+			v := m.Extensions[k]
+			baseI := i
+			{
+				size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintContainers(dAtA, i, uint64(size))
+			}
+			i--
 			dAtA[i] = 0x12
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovContainers(uint64(len(k))) + 1 + len(v) + sovContainers(uint64(len(v)))
-			i = encodeVarintContainers(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintContainers(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintContainers(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintContainers(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x52
 		}
 	}
-	if len(m.Image) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(len(m.Image)))
-		i += copy(dAtA[i:], m.Image)
+	n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt):])
+	if err2 != nil {
+		return 0, err2
 	}
-	if m.Runtime != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(m.Runtime.Size()))
-		n1, err := m.Runtime.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
+	i -= n2
+	i = encodeVarintContainers(dAtA, i, uint64(n2))
+	i--
+	dAtA[i] = 0x4a
+	n3, err3 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):])
+	if err3 != nil {
+		return 0, err3
 	}
-	if m.Spec != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(m.Spec.Size()))
-		n2, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n2
+	i -= n3
+	i = encodeVarintContainers(dAtA, i, uint64(n3))
+	i--
+	dAtA[i] = 0x42
+	if len(m.SnapshotKey) > 0 {
+		i -= len(m.SnapshotKey)
+		copy(dAtA[i:], m.SnapshotKey)
+		i = encodeVarintContainers(dAtA, i, uint64(len(m.SnapshotKey)))
+		i--
+		dAtA[i] = 0x3a
 	}
 	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0x32
-		i++
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
 		i = encodeVarintContainers(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
+		i--
+		dAtA[i] = 0x32
 	}
-	if len(m.SnapshotKey) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(len(m.SnapshotKey)))
-		i += copy(dAtA[i:], m.SnapshotKey)
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContainers(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	dAtA[i] = 0x42
-	i++
-	i = encodeVarintContainers(dAtA, i, uint64(types.SizeOfStdTime(m.CreatedAt)))
-	n3, err := types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Runtime != nil {
+		{
+			size, err := m.Runtime.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContainers(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
 	}
-	i += n3
-	dAtA[i] = 0x4a
-	i++
-	i = encodeVarintContainers(dAtA, i, uint64(types.SizeOfStdTime(m.UpdatedAt)))
-	n4, err := types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Image) > 0 {
+		i -= len(m.Image)
+		copy(dAtA[i:], m.Image)
+		i = encodeVarintContainers(dAtA, i, uint64(len(m.Image)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	i += n4
-	if len(m.Extensions) > 0 {
-		for k, _ := range m.Extensions {
-			dAtA[i] = 0x52
-			i++
-			v := m.Extensions[k]
-			msgSize := 0
-			if (&v) != nil {
-				msgSize = (&v).Size()
-				msgSize += 1 + sovContainers(uint64(msgSize))
-			}
-			mapSize := 1 + len(k) + sovContainers(uint64(len(k))) + msgSize
-			i = encodeVarintContainers(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintContainers(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintContainers(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintContainers(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintContainers(dAtA, i, uint64((&v).Size()))
-			n5, err := (&v).MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n5
 		}
 	}
-	return i, nil
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintContainers(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *Container_Runtime) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -639,33 +1085,45 @@ func (m *Container_Runtime) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Container_Runtime) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Container_Runtime) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Options != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(m.Options.Size()))
-		n6, err := m.Options.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContainers(dAtA, i, uint64(size))
 		}
-		i += n6
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintContainers(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetContainerRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -673,23 +1131,33 @@ func (m *GetContainerRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetContainerRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetContainerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintContainers(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetContainerResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -697,58 +1165,72 @@ func (m *GetContainerResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetContainerResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetContainerResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContainers(dAtA, i, uint64(m.Container.Size()))
-	n7, err := m.Container.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n7
-	return i, nil
+	{
+		size, err := m.Container.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintContainers(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *ListContainersRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *ListContainersRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *ListContainersRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListContainersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintContainers(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListContainersResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -756,29 +1238,40 @@ func (m *ListContainersResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListContainersResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListContainersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Containers) > 0 {
-		for _, msg := range m.Containers {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintContainers(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Containers) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Containers[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintContainers(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateContainerRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -786,25 +1279,36 @@ func (m *CreateContainerRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateContainerRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateContainerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContainers(dAtA, i, uint64(m.Container.Size()))
-	n8, err := m.Container.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Container.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintContainers(dAtA, i, uint64(size))
 	}
-	i += n8
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateContainerResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -812,25 +1316,36 @@ func (m *CreateContainerResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateContainerResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateContainerResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContainers(dAtA, i, uint64(m.Container.Size()))
-	n9, err := m.Container.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Container.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintContainers(dAtA, i, uint64(size))
 	}
-	i += n9
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateContainerRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -838,35 +1353,48 @@ func (m *UpdateContainerRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateContainerRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateContainerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContainers(dAtA, i, uint64(m.Container.Size()))
-	n10, err := m.Container.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n10
 	if m.UpdateMask != nil {
+		{
+			size, err := m.UpdateMask.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContainers(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(m.UpdateMask.Size()))
-		n11, err := m.UpdateMask.MarshalTo(dAtA[i:])
+	}
+	{
+		size, err := m.Container.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n11
+		i -= size
+		i = encodeVarintContainers(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateContainerResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -874,25 +1402,36 @@ func (m *UpdateContainerResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateContainerResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateContainerResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContainers(dAtA, i, uint64(m.Container.Size()))
-	n12, err := m.Container.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Container.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintContainers(dAtA, i, uint64(size))
 	}
-	i += n12
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteContainerRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -900,23 +1439,33 @@ func (m *DeleteContainerRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteContainerRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteContainerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintContainers(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListContainerMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -924,33 +1473,49 @@ func (m *ListContainerMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListContainerMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListContainerMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Container != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContainers(dAtA, i, uint64(m.Container.Size()))
-		n13, err := m.Container.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Container.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContainers(dAtA, i, uint64(size))
 		}
-		i += n13
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintContainers(dAtA []byte, offset int, v uint64) int {
+	offset -= sovContainers(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Container) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -985,9 +1550,9 @@ func (m *Container) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovContainers(uint64(l))
 	}
-	l = types.SizeOfStdTime(m.CreatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)
 	n += 1 + l + sovContainers(uint64(l))
-	l = types.SizeOfStdTime(m.UpdatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt)
 	n += 1 + l + sovContainers(uint64(l))
 	if len(m.Extensions) > 0 {
 		for k, v := range m.Extensions {
@@ -998,10 +1563,16 @@ func (m *Container) Size() (n int) {
 			n += mapEntrySize + 1 + sovContainers(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Container_Runtime) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -1012,28 +1583,46 @@ func (m *Container_Runtime) Size() (n int) {
 		l = m.Options.Size()
 		n += 1 + l + sovContainers(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GetContainerRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovContainers(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GetContainerResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Container.Size()
 	n += 1 + l + sovContainers(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListContainersRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filters) > 0 {
@@ -1042,10 +1631,16 @@ func (m *ListContainersRequest) Size() (n int) {
 			n += 1 + l + sovContainers(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListContainersResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Containers) > 0 {
@@ -1054,26 +1649,44 @@ func (m *ListContainersResponse) Size() (n int) {
 			n += 1 + l + sovContainers(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateContainerRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Container.Size()
 	n += 1 + l + sovContainers(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateContainerResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Container.Size()
 	n += 1 + l + sovContainers(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateContainerRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Container.Size()
@@ -1082,46 +1695,60 @@ func (m *UpdateContainerRequest) Size() (n int) {
 		l = m.UpdateMask.Size()
 		n += 1 + l + sovContainers(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateContainerResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Container.Size()
 	n += 1 + l + sovContainers(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteContainerRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovContainers(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListContainerMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Container != nil {
 		l = m.Container.Size()
 		n += 1 + l + sovContainers(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovContainers(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozContainers(x uint64) (n int) {
 	return sovContainers(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -1134,7 +1761,7 @@ func (this *Container) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -1144,8 +1771,8 @@ func (this *Container) String() string {
 	for k, _ := range this.Extensions {
 		keysForExtensions = append(keysForExtensions, k)
 	}
-	sortkeys.Strings(keysForExtensions)
-	mapStringForExtensions := "map[string]google_protobuf1.Any{"
+	github_com_gogo_protobuf_sortkeys.Strings(keysForExtensions)
+	mapStringForExtensions := "map[string]types.Any{"
 	for _, k := range keysForExtensions {
 		mapStringForExtensions += fmt.Sprintf("%v: %v,", k, this.Extensions[k])
 	}
@@ -1155,12 +1782,13 @@ func (this *Container) String() string {
 		`Labels:` + mapStringForLabels + `,`,
 		`Image:` + fmt.Sprintf("%v", this.Image) + `,`,
 		`Runtime:` + strings.Replace(fmt.Sprintf("%v", this.Runtime), "Container_Runtime", "Container_Runtime", 1) + `,`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "Any", "types.Any", 1) + `,`,
 		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
 		`SnapshotKey:` + fmt.Sprintf("%v", this.SnapshotKey) + `,`,
-		`CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "google_protobuf4.Timestamp", 1), `&`, ``, 1) + `,`,
-		`UpdatedAt:` + strings.Replace(strings.Replace(this.UpdatedAt.String(), "Timestamp", "google_protobuf4.Timestamp", 1), `&`, ``, 1) + `,`,
+		`CreatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
+		`UpdatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.UpdatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
 		`Extensions:` + mapStringForExtensions + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1171,7 +1799,8 @@ func (this *Container_Runtime) String() string {
 	}
 	s := strings.Join([]string{`&Container_Runtime{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "types.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1182,6 +1811,7 @@ func (this *GetContainerRequest) String() string {
 	}
 	s := strings.Join([]string{`&GetContainerRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1192,6 +1822,7 @@ func (this *GetContainerResponse) String() string {
 	}
 	s := strings.Join([]string{`&GetContainerResponse{`,
 		`Container:` + strings.Replace(strings.Replace(this.Container.String(), "Container", "Container", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1202,6 +1833,7 @@ func (this *ListContainersRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListContainersRequest{`,
 		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1210,8 +1842,14 @@ func (this *ListContainersResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForContainers := "[]Container{"
+	for _, f := range this.Containers {
+		repeatedStringForContainers += strings.Replace(strings.Replace(f.String(), "Container", "Container", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForContainers += "}"
 	s := strings.Join([]string{`&ListContainersResponse{`,
-		`Containers:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Containers), "Container", "Container", 1), `&`, ``, 1) + `,`,
+		`Containers:` + repeatedStringForContainers + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1222,6 +1860,7 @@ func (this *CreateContainerRequest) String() string {
 	}
 	s := strings.Join([]string{`&CreateContainerRequest{`,
 		`Container:` + strings.Replace(strings.Replace(this.Container.String(), "Container", "Container", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1232,6 +1871,7 @@ func (this *CreateContainerResponse) String() string {
 	}
 	s := strings.Join([]string{`&CreateContainerResponse{`,
 		`Container:` + strings.Replace(strings.Replace(this.Container.String(), "Container", "Container", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1242,7 +1882,8 @@ func (this *UpdateContainerRequest) String() string {
 	}
 	s := strings.Join([]string{`&UpdateContainerRequest{`,
 		`Container:` + strings.Replace(strings.Replace(this.Container.String(), "Container", "Container", 1), `&`, ``, 1) + `,`,
-		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "google_protobuf3.FieldMask", 1) + `,`,
+		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "types.FieldMask", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1253,6 +1894,7 @@ func (this *UpdateContainerResponse) String() string {
 	}
 	s := strings.Join([]string{`&UpdateContainerResponse{`,
 		`Container:` + strings.Replace(strings.Replace(this.Container.String(), "Container", "Container", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1263,6 +1905,7 @@ func (this *DeleteContainerRequest) String() string {
 	}
 	s := strings.Join([]string{`&DeleteContainerRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1272,7 +1915,8 @@ func (this *ListContainerMessage) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&ListContainerMessage{`,
-		`Container:` + strings.Replace(fmt.Sprintf("%v", this.Container), "Container", "Container", 1) + `,`,
+		`Container:` + strings.Replace(this.Container.String(), "Container", "Container", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1300,7 +1944,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1328,7 +1972,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1338,6 +1982,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1357,7 +2004,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1366,6 +2013,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1386,7 +2036,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1403,7 +2053,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1413,6 +2063,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContainers
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthContainers
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1429,7 +2082,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1439,6 +2092,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContainers
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthContainers
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1450,7 +2106,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthContainers
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -1475,7 +2131,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1485,6 +2141,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1504,7 +2163,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1513,6 +2172,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1537,7 +2199,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1546,11 +2208,14 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Spec == nil {
-				m.Spec = &google_protobuf1.Any{}
+				m.Spec = &types.Any{}
 			}
 			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -1570,7 +2235,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1580,6 +2245,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1599,7 +2267,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1609,6 +2277,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1628,7 +2299,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1637,10 +2308,13 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -1658,7 +2332,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1667,10 +2341,13 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -1688,7 +2365,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1697,14 +2374,17 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Extensions == nil {
-				m.Extensions = make(map[string]google_protobuf1.Any)
+				m.Extensions = make(map[string]types.Any)
 			}
 			var mapkey string
-			mapvalue := &google_protobuf1.Any{}
+			mapvalue := &types.Any{}
 			for iNdEx < postIndex {
 				entryPreIndex := iNdEx
 				var wire uint64
@@ -1717,7 +2397,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1734,7 +2414,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1744,6 +2424,9 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContainers
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthContainers
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1760,7 +2443,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						mapmsglen |= (int(b) & 0x7F) << shift
+						mapmsglen |= int(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1769,13 +2452,13 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContainers
 					}
 					postmsgIndex := iNdEx + mapmsglen
-					if mapmsglen < 0 {
+					if postmsgIndex < 0 {
 						return ErrInvalidLengthContainers
 					}
 					if postmsgIndex > l {
 						return io.ErrUnexpectedEOF
 					}
-					mapvalue = &google_protobuf1.Any{}
+					mapvalue = &types.Any{}
 					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
 						return err
 					}
@@ -1786,7 +2469,7 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthContainers
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -1803,12 +2486,13 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1833,7 +2517,7 @@ func (m *Container_Runtime) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1861,7 +2545,7 @@ func (m *Container_Runtime) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1871,6 +2555,9 @@ func (m *Container_Runtime) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1890,7 +2577,7 @@ func (m *Container_Runtime) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1899,11 +2586,14 @@ func (m *Container_Runtime) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Options == nil {
-				m.Options = &google_protobuf1.Any{}
+				m.Options = &types.Any{}
 			}
 			if err := m.Options.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -1915,12 +2605,13 @@ func (m *Container_Runtime) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1945,7 +2636,7 @@ func (m *GetContainerRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1973,7 +2664,7 @@ func (m *GetContainerRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1983,6 +2674,9 @@ func (m *GetContainerRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1994,12 +2688,13 @@ func (m *GetContainerRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2024,7 +2719,7 @@ func (m *GetContainerResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2052,7 +2747,7 @@ func (m *GetContainerResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2061,6 +2756,9 @@ func (m *GetContainerResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2074,12 +2772,13 @@ func (m *GetContainerResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2104,7 +2803,7 @@ func (m *ListContainersRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2132,7 +2831,7 @@ func (m *ListContainersRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2142,6 +2841,9 @@ func (m *ListContainersRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2153,12 +2855,13 @@ func (m *ListContainersRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2183,7 +2886,7 @@ func (m *ListContainersResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2211,7 +2914,7 @@ func (m *ListContainersResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2220,6 +2923,9 @@ func (m *ListContainersResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2234,12 +2940,13 @@ func (m *ListContainersResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2264,7 +2971,7 @@ func (m *CreateContainerRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2292,7 +2999,7 @@ func (m *CreateContainerRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2301,6 +3008,9 @@ func (m *CreateContainerRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2314,12 +3024,13 @@ func (m *CreateContainerRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2344,7 +3055,7 @@ func (m *CreateContainerResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2372,7 +3083,7 @@ func (m *CreateContainerResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2381,6 +3092,9 @@ func (m *CreateContainerResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2394,12 +3108,13 @@ func (m *CreateContainerResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2424,7 +3139,7 @@ func (m *UpdateContainerRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2452,7 +3167,7 @@ func (m *UpdateContainerRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2461,6 +3176,9 @@ func (m *UpdateContainerRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2482,7 +3200,7 @@ func (m *UpdateContainerRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2491,11 +3209,14 @@ func (m *UpdateContainerRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.UpdateMask == nil {
-				m.UpdateMask = &google_protobuf3.FieldMask{}
+				m.UpdateMask = &types.FieldMask{}
 			}
 			if err := m.UpdateMask.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2507,12 +3228,13 @@ func (m *UpdateContainerRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2537,7 +3259,7 @@ func (m *UpdateContainerResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2565,7 +3287,7 @@ func (m *UpdateContainerResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2574,6 +3296,9 @@ func (m *UpdateContainerResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2587,12 +3312,13 @@ func (m *UpdateContainerResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2617,7 +3343,7 @@ func (m *DeleteContainerRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2645,7 +3371,7 @@ func (m *DeleteContainerRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2655,6 +3381,9 @@ func (m *DeleteContainerRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2666,12 +3395,13 @@ func (m *DeleteContainerRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2696,7 +3426,7 @@ func (m *ListContainerMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2724,7 +3454,7 @@ func (m *ListContainerMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2733,6 +3463,9 @@ func (m *ListContainerMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContainers
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContainers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2749,12 +3482,13 @@ func (m *ListContainerMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContainers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2767,6 +3501,7 @@ func (m *ListContainerMessage) Unmarshal(dAtA []byte) error {
 func skipContainers(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -2798,10 +3533,8 @@ func skipContainers(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -2818,113 +3551,34 @@ func skipContainers(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthContainers
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowContainers
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipContainers(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupContainers
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthContainers
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthContainers = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowContainers   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthContainers        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowContainers          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupContainers = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/containers/v1/containers.proto", fileDescriptorContainers)
-}
-
-var fileDescriptorContainers = []byte{
-	// 820 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xcb, 0x6e, 0x13, 0x49,
-	0x14, 0x75, 0xdb, 0x4e, 0x3b, 0xbe, 0x1e, 0x69, 0x46, 0x35, 0x1e, 0x4f, 0x4f, 0x8f, 0x64, 0x3b,
-	0x5e, 0x59, 0xa3, 0xa1, 0x9d, 0x18, 0x44, 0x5e, 0x6c, 0xe2, 0xbc, 0x04, 0x24, 0x28, 0xea, 0x80,
-	0x84, 0x60, 0x11, 0xda, 0x76, 0xc5, 0x69, 0xdc, 0x2f, 0xba, 0xca, 0x16, 0x16, 0x8b, 0xc0, 0x1f,
-	0xb0, 0xe3, 0x13, 0xf8, 0x95, 0x2c, 0x59, 0xb2, 0x0a, 0xc4, 0xe2, 0x43, 0x50, 0x57, 0x57, 0xbb,
-	0x3b, 0x7e, 0x80, 0x9d, 0x90, 0x5d, 0x5d, 0xd7, 0x3d, 0xf7, 0x9e, 0x3a, 0xb7, 0x4e, 0xb9, 0x61,
-	0xaf, 0xa5, 0xd3, 0x93, 0x4e, 0x5d, 0x69, 0xd8, 0x66, 0xa5, 0x61, 0x5b, 0x54, 0xd3, 0x2d, 0xec,
-	0x36, 0xa3, 0x4b, 0xcd, 0xd1, 0x2b, 0x04, 0xbb, 0x5d, 0xbd, 0x81, 0x49, 0xf8, 0x3b, 0xa9, 0x74,
-	0x97, 0x22, 0x91, 0xe2, 0xb8, 0x36, 0xb5, 0xd1, 0x42, 0x88, 0x53, 0x02, 0x8c, 0x12, 0xc9, 0xea,
-	0x2e, 0xc9, 0xd9, 0x96, 0xdd, 0xb2, 0x59, 0x76, 0xc5, 0x5b, 0xf9, 0x40, 0xf9, 0x9f, 0x96, 0x6d,
-	0xb7, 0x0c, 0x5c, 0x61, 0x51, 0xbd, 0x73, 0x5c, 0xd1, 0xac, 0x1e, 0xdf, 0xfa, 0x77, 0x78, 0x0b,
-	0x9b, 0x0e, 0x0d, 0x36, 0x8b, 0xc3, 0x9b, 0xc7, 0x3a, 0x36, 0x9a, 0x47, 0xa6, 0x46, 0xda, 0x3c,
-	0xa3, 0x30, 0x9c, 0x41, 0x75, 0x13, 0x13, 0xaa, 0x99, 0x8e, 0x9f, 0x50, 0xfa, 0x20, 0x42, 0x7a,
-	0x33, 0xa0, 0x88, 0x72, 0x10, 0xd7, 0x9b, 0x92, 0x50, 0x14, 0xca, 0xe9, 0x9a, 0xd8, 0x3f, 0x2f,
-	0xc4, 0xef, 0x6f, 0xa9, 0x71, 0xbd, 0x89, 0x0e, 0x40, 0x34, 0xb4, 0x3a, 0x36, 0x88, 0x14, 0x2f,
-	0x26, 0xca, 0x99, 0xea, 0x8a, 0xf2, 0xd3, 0xa3, 0x2a, 0x83, 0xaa, 0xca, 0x1e, 0x83, 0x6e, 0x5b,
-	0xd4, 0xed, 0xa9, 0xbc, 0x0e, 0xca, 0xc2, 0x9c, 0x6e, 0x6a, 0x2d, 0x2c, 0x25, 0xbc, 0x66, 0xaa,
-	0x1f, 0xa0, 0x47, 0x90, 0x72, 0x3b, 0x96, 0xc7, 0x51, 0x4a, 0x16, 0x85, 0x72, 0xa6, 0x7a, 0x67,
-	0xa6, 0x46, 0xaa, 0x8f, 0x55, 0x83, 0x22, 0xa8, 0x0c, 0x49, 0xe2, 0xe0, 0x86, 0x34, 0xc7, 0x8a,
-	0x65, 0x15, 0x5f, 0x0d, 0x25, 0x50, 0x43, 0xd9, 0xb0, 0x7a, 0x2a, 0xcb, 0x40, 0x45, 0xc8, 0x10,
-	0x4b, 0x73, 0xc8, 0x89, 0x4d, 0x29, 0x76, 0x25, 0x91, 0xb1, 0x8a, 0xfe, 0x84, 0x16, 0xe0, 0xb7,
-	0x20, 0x3c, 0x6a, 0xe3, 0x9e, 0x94, 0xba, 0x9c, 0xf2, 0x10, 0xf7, 0xd0, 0x26, 0x40, 0xc3, 0xc5,
-	0x1a, 0xc5, 0xcd, 0x23, 0x8d, 0x4a, 0xf3, 0xac, 0xa9, 0x3c, 0xd2, 0xf4, 0x71, 0x30, 0x82, 0xda,
-	0xfc, 0xd9, 0x79, 0x21, 0xf6, 0xfe, 0x4b, 0x41, 0x50, 0xd3, 0x1c, 0xb7, 0x41, 0xbd, 0x22, 0x1d,
-	0xa7, 0x19, 0x14, 0x49, 0xcf, 0x52, 0x84, 0xe3, 0x36, 0x28, 0xaa, 0x03, 0xe0, 0xd7, 0x14, 0x5b,
-	0x44, 0xb7, 0x2d, 0x22, 0x01, 0x1b, 0xda, 0xbd, 0x99, 0xb4, 0xdc, 0x1e, 0xc0, 0xd9, 0xe0, 0x6a,
-	0x49, 0xaf, 0x8d, 0x1a, 0xa9, 0x2a, 0xaf, 0x42, 0x26, 0x32, 0x59, 0xf4, 0x07, 0x24, 0x3c, 0x59,
-	0xd8, 0xe5, 0x51, 0xbd, 0xa5, 0x37, 0xe3, 0xae, 0x66, 0x74, 0xb0, 0x14, 0xf7, 0x67, 0xcc, 0x82,
-	0xb5, 0xf8, 0x8a, 0x20, 0xef, 0x43, 0x8a, 0xcf, 0x0a, 0x21, 0x48, 0x5a, 0x9a, 0x89, 0x39, 0x8e,
-	0xad, 0x91, 0x02, 0x29, 0xdb, 0xa1, 0x8c, 0x7a, 0xfc, 0x07, 0x93, 0x0b, 0x92, 0xe4, 0x43, 0xf8,
-	0x7d, 0x88, 0xee, 0x18, 0x36, 0xff, 0x45, 0xd9, 0x4c, 0x2a, 0x19, 0x72, 0x2c, 0xdd, 0x82, 0x3f,
-	0x77, 0x31, 0x1d, 0x08, 0xa2, 0xe2, 0x57, 0x1d, 0x4c, 0xe8, 0x24, 0x8b, 0x94, 0x4e, 0x20, 0x7b,
-	0x39, 0x9d, 0x38, 0xb6, 0x45, 0x30, 0x3a, 0x80, 0xf4, 0x40, 0x62, 0x06, 0xcb, 0x54, 0xff, 0x9f,
-	0x65, 0x10, 0x5c, 0xf8, 0xb0, 0x48, 0x69, 0x09, 0xfe, 0xda, 0xd3, 0x49, 0xd8, 0x8a, 0x04, 0xd4,
-	0x24, 0x48, 0x1d, 0xeb, 0x06, 0xc5, 0x2e, 0x91, 0x84, 0x62, 0xa2, 0x9c, 0x56, 0x83, 0xb0, 0x64,
-	0x40, 0x6e, 0x18, 0xc2, 0xe9, 0xa9, 0x00, 0x61, 0x63, 0x06, 0xbb, 0x1a, 0xbf, 0x48, 0x95, 0xd2,
-	0x4b, 0xc8, 0x6d, 0xb2, 0xeb, 0x3c, 0x22, 0xde, 0xaf, 0x17, 0xa3, 0x0d, 0x7f, 0x8f, 0xf4, 0xba,
-	0x31, 0xe5, 0x3f, 0x0a, 0x90, 0x7b, 0xc2, 0x3c, 0x76, 0xf3, 0x27, 0x43, 0xeb, 0x90, 0xf1, 0xfd,
-	0xcc, 0xde, 0x73, 0x7e, 0x6b, 0x47, 0x1f, 0x82, 0x1d, 0xef, 0xc9, 0xdf, 0xd7, 0x48, 0x5b, 0xe5,
-	0xcf, 0x86, 0xb7, 0xf6, 0x64, 0x19, 0x21, 0x7a, 0x63, 0xb2, 0x2c, 0x42, 0x6e, 0x0b, 0x1b, 0x78,
-	0x8c, 0x2a, 0x93, 0xcc, 0x52, 0x87, 0xec, 0xa5, 0xfb, 0xb8, 0x8f, 0x09, 0xf1, 0xde, 0xff, 0x07,
-	0xd7, 0xe4, 0x16, 0x61, 0x55, 0xfd, 0x36, 0x07, 0x10, 0x5e, 0x78, 0xd4, 0x85, 0xc4, 0x2e, 0xa6,
-	0xe8, 0xee, 0x14, 0xe5, 0xc6, 0xd8, 0x5e, 0x5e, 0x9e, 0x19, 0xc7, 0xe5, 0x7e, 0x03, 0x49, 0xef,
-	0xa8, 0x68, 0x9a, 0xbf, 0xcc, 0xb1, 0xb6, 0x96, 0x57, 0xaf, 0x80, 0xe4, 0xcd, 0xdf, 0x09, 0x00,
-	0xde, 0xd6, 0x21, 0x75, 0xb1, 0x66, 0x5e, 0x83, 0xc3, 0xf2, 0xac, 0x48, 0x3e, 0xd1, 0x45, 0x01,
-	0x9d, 0x82, 0xe8, 0x3b, 0x14, 0x4d, 0x73, 0x90, 0xf1, 0x0f, 0x87, 0xbc, 0x76, 0x15, 0x28, 0x17,
-	0xe1, 0x14, 0x44, 0xdf, 0x0b, 0x53, 0x11, 0x18, 0xef, 0xef, 0xa9, 0x08, 0x4c, 0x72, 0xdc, 0x73,
-	0x10, 0x7d, 0x7f, 0x4c, 0x45, 0x60, 0xbc, 0x95, 0xe4, 0xdc, 0x88, 0xf3, 0xb7, 0xbd, 0x2f, 0xc1,
-	0xda, 0x8b, 0xb3, 0x8b, 0x7c, 0xec, 0xf3, 0x45, 0x3e, 0xf6, 0xb6, 0x9f, 0x17, 0xce, 0xfa, 0x79,
-	0xe1, 0x53, 0x3f, 0x2f, 0x7c, 0xed, 0xe7, 0x85, 0x67, 0x3b, 0xd7, 0xf8, 0xb8, 0x5d, 0x0f, 0xa3,
-	0xa7, 0xb1, 0xba, 0xc8, 0x7a, 0xde, 0xfe, 0x1e, 0x00, 0x00, 0xff, 0xff, 0xd0, 0xae, 0xca, 0xcb,
-	0x2f, 0x0b, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.proto b/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.proto
index d491f46cfa1cf..36ab177de7781 100644
--- a/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.proto
+++ b/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.containers.v1;
diff --git a/vendor/github.com/containerd/containerd/api/services/content/v1/content.pb.go b/vendor/github.com/containerd/containerd/api/services/content/v1/content.pb.go
index ec08c3b233d27..97c7d4a92b360 100644
--- a/vendor/github.com/containerd/containerd/api/services/content/v1/content.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/content/v1/content.pb.go
@@ -1,56 +1,26 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/content/v1/content.proto
 
-/*
-	Package content is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/content/v1/content.proto
-
-	It has these top-level messages:
-		Info
-		InfoRequest
-		InfoResponse
-		UpdateRequest
-		UpdateResponse
-		ListContentRequest
-		ListContentResponse
-		DeleteContentRequest
-		ReadContentRequest
-		ReadContentResponse
-		Status
-		StatusRequest
-		StatusResponse
-		ListStatusesRequest
-		ListStatusesResponse
-		WriteContentRequest
-		WriteContentResponse
-		AbortRequest
-*/
 package content
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/types"
-import google_protobuf3 "github.com/gogo/protobuf/types"
-
-import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
-import time "time"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types "github.com/gogo/protobuf/types"
+	github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -62,7 +32,7 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // WriteAction defines the behavior of a WriteRequest.
 type WriteAction int32
@@ -93,6 +63,7 @@ var WriteAction_name = map[int32]string{
 	1: "WRITE",
 	2: "COMMIT",
 }
+
 var WriteAction_value = map[string]int32{
 	"STAT":   0,
 	"WRITE":  1,
@@ -102,7 +73,10 @@ var WriteAction_value = map[string]int32{
 func (x WriteAction) String() string {
 	return proto.EnumName(WriteAction_name, int32(x))
 }
-func (WriteAction) EnumDescriptor() ([]byte, []int) { return fileDescriptorContent, []int{0} }
+
+func (WriteAction) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{0}
+}
 
 type Info struct {
 	// Digest is the hash identity of the blob.
@@ -110,57 +84,212 @@ type Info struct {
 	// Size is the total number of bytes in the blob.
 	Size_ int64 `protobuf:"varint,2,opt,name=size,proto3" json:"size,omitempty"`
 	// CreatedAt provides the time at which the blob was committed.
-	CreatedAt time.Time `protobuf:"bytes,3,opt,name=created_at,json=createdAt,stdtime" json:"created_at"`
+	CreatedAt time.Time `protobuf:"bytes,3,opt,name=created_at,json=createdAt,proto3,stdtime" json:"created_at"`
 	// UpdatedAt provides the time the info was last updated.
-	UpdatedAt time.Time `protobuf:"bytes,4,opt,name=updated_at,json=updatedAt,stdtime" json:"updated_at"`
+	UpdatedAt time.Time `protobuf:"bytes,4,opt,name=updated_at,json=updatedAt,proto3,stdtime" json:"updated_at"`
 	// Labels are arbitrary data on snapshots.
 	//
 	// The combined size of a key/value pair cannot exceed 4096 bytes.
-	Labels map[string]string `protobuf:"bytes,5,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels               map[string]string `protobuf:"bytes,5,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Info) Reset()      { *m = Info{} }
+func (*Info) ProtoMessage() {}
+func (*Info) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{0}
+}
+func (m *Info) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Info) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Info.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Info) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Info.Merge(m, src)
+}
+func (m *Info) XXX_Size() int {
+	return m.Size()
+}
+func (m *Info) XXX_DiscardUnknown() {
+	xxx_messageInfo_Info.DiscardUnknown(m)
 }
 
-func (m *Info) Reset()                    { *m = Info{} }
-func (*Info) ProtoMessage()               {}
-func (*Info) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{0} }
+var xxx_messageInfo_Info proto.InternalMessageInfo
 
 type InfoRequest struct {
-	Digest github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	Digest               github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
+}
+
+func (m *InfoRequest) Reset()      { *m = InfoRequest{} }
+func (*InfoRequest) ProtoMessage() {}
+func (*InfoRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{1}
+}
+func (m *InfoRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *InfoRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_InfoRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *InfoRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_InfoRequest.Merge(m, src)
+}
+func (m *InfoRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *InfoRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_InfoRequest.DiscardUnknown(m)
 }
 
-func (m *InfoRequest) Reset()                    { *m = InfoRequest{} }
-func (*InfoRequest) ProtoMessage()               {}
-func (*InfoRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{1} }
+var xxx_messageInfo_InfoRequest proto.InternalMessageInfo
 
 type InfoResponse struct {
-	Info Info `protobuf:"bytes,1,opt,name=info" json:"info"`
+	Info                 Info     `protobuf:"bytes,1,opt,name=info,proto3" json:"info"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *InfoResponse) Reset()      { *m = InfoResponse{} }
+func (*InfoResponse) ProtoMessage() {}
+func (*InfoResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{2}
+}
+func (m *InfoResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *InfoResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_InfoResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *InfoResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_InfoResponse.Merge(m, src)
+}
+func (m *InfoResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *InfoResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_InfoResponse.DiscardUnknown(m)
 }
 
-func (m *InfoResponse) Reset()                    { *m = InfoResponse{} }
-func (*InfoResponse) ProtoMessage()               {}
-func (*InfoResponse) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{2} }
+var xxx_messageInfo_InfoResponse proto.InternalMessageInfo
 
 type UpdateRequest struct {
-	Info Info `protobuf:"bytes,1,opt,name=info" json:"info"`
+	Info Info `protobuf:"bytes,1,opt,name=info,proto3" json:"info"`
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
 	//
 	// In info, Digest, Size, and CreatedAt are immutable,
 	// other field may be updated using this mask.
 	// If no mask is provided, all mutable field are updated.
-	UpdateMask *google_protobuf1.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask" json:"update_mask,omitempty"`
+	UpdateMask           *types.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
+	XXX_unrecognized     []byte           `json:"-"`
+	XXX_sizecache        int32            `json:"-"`
+}
+
+func (m *UpdateRequest) Reset()      { *m = UpdateRequest{} }
+func (*UpdateRequest) ProtoMessage() {}
+func (*UpdateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{3}
+}
+func (m *UpdateRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateRequest.Merge(m, src)
+}
+func (m *UpdateRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateRequest) Reset()                    { *m = UpdateRequest{} }
-func (*UpdateRequest) ProtoMessage()               {}
-func (*UpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{3} }
+var xxx_messageInfo_UpdateRequest proto.InternalMessageInfo
 
 type UpdateResponse struct {
-	Info Info `protobuf:"bytes,1,opt,name=info" json:"info"`
+	Info                 Info     `protobuf:"bytes,1,opt,name=info,proto3" json:"info"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UpdateResponse) Reset()      { *m = UpdateResponse{} }
+func (*UpdateResponse) ProtoMessage() {}
+func (*UpdateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{4}
+}
+func (m *UpdateResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateResponse.Merge(m, src)
+}
+func (m *UpdateResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateResponse) Reset()                    { *m = UpdateResponse{} }
-func (*UpdateResponse) ProtoMessage()               {}
-func (*UpdateResponse) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{4} }
+var xxx_messageInfo_UpdateResponse proto.InternalMessageInfo
 
 type ListContentRequest struct {
 	// Filters contains one or more filters using the syntax defined in the
@@ -173,29 +302,122 @@ type ListContentRequest struct {
 	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
-	Filters []string `protobuf:"bytes,1,rep,name=filters" json:"filters,omitempty"`
+	Filters              []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListContentRequest) Reset()      { *m = ListContentRequest{} }
+func (*ListContentRequest) ProtoMessage() {}
+func (*ListContentRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{5}
+}
+func (m *ListContentRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListContentRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListContentRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListContentRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListContentRequest.Merge(m, src)
+}
+func (m *ListContentRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListContentRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListContentRequest.DiscardUnknown(m)
 }
 
-func (m *ListContentRequest) Reset()                    { *m = ListContentRequest{} }
-func (*ListContentRequest) ProtoMessage()               {}
-func (*ListContentRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{5} }
+var xxx_messageInfo_ListContentRequest proto.InternalMessageInfo
 
 type ListContentResponse struct {
-	Info []Info `protobuf:"bytes,1,rep,name=info" json:"info"`
+	Info                 []Info   `protobuf:"bytes,1,rep,name=info,proto3" json:"info"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListContentResponse) Reset()      { *m = ListContentResponse{} }
+func (*ListContentResponse) ProtoMessage() {}
+func (*ListContentResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{6}
+}
+func (m *ListContentResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListContentResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListContentResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListContentResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListContentResponse.Merge(m, src)
+}
+func (m *ListContentResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListContentResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListContentResponse.DiscardUnknown(m)
 }
 
-func (m *ListContentResponse) Reset()                    { *m = ListContentResponse{} }
-func (*ListContentResponse) ProtoMessage()               {}
-func (*ListContentResponse) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{6} }
+var xxx_messageInfo_ListContentResponse proto.InternalMessageInfo
 
 type DeleteContentRequest struct {
 	// Digest specifies which content to delete.
-	Digest github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	Digest               github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
+}
+
+func (m *DeleteContentRequest) Reset()      { *m = DeleteContentRequest{} }
+func (*DeleteContentRequest) ProtoMessage() {}
+func (*DeleteContentRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{7}
+}
+func (m *DeleteContentRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteContentRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteContentRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteContentRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteContentRequest.Merge(m, src)
+}
+func (m *DeleteContentRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteContentRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteContentRequest.DiscardUnknown(m)
 }
 
-func (m *DeleteContentRequest) Reset()                    { *m = DeleteContentRequest{} }
-func (*DeleteContentRequest) ProtoMessage()               {}
-func (*DeleteContentRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{7} }
+var xxx_messageInfo_DeleteContentRequest proto.InternalMessageInfo
 
 // ReadContentRequest defines the fields that make up a request to read a portion of
 // data from a stored object.
@@ -208,67 +430,284 @@ type ReadContentRequest struct {
 	Offset int64 `protobuf:"varint,2,opt,name=offset,proto3" json:"offset,omitempty"`
 	// size is the total size of the read. If zero, the entire blob will be
 	// returned by the service.
-	Size_ int64 `protobuf:"varint,3,opt,name=size,proto3" json:"size,omitempty"`
+	Size_                int64    `protobuf:"varint,3,opt,name=size,proto3" json:"size,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReadContentRequest) Reset()      { *m = ReadContentRequest{} }
+func (*ReadContentRequest) ProtoMessage() {}
+func (*ReadContentRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{8}
+}
+func (m *ReadContentRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReadContentRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReadContentRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReadContentRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReadContentRequest.Merge(m, src)
+}
+func (m *ReadContentRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReadContentRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReadContentRequest.DiscardUnknown(m)
 }
 
-func (m *ReadContentRequest) Reset()                    { *m = ReadContentRequest{} }
-func (*ReadContentRequest) ProtoMessage()               {}
-func (*ReadContentRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{8} }
+var xxx_messageInfo_ReadContentRequest proto.InternalMessageInfo
 
 // ReadContentResponse carries byte data for a read request.
 type ReadContentResponse struct {
-	Offset int64  `protobuf:"varint,1,opt,name=offset,proto3" json:"offset,omitempty"`
-	Data   []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+	Offset               int64    `protobuf:"varint,1,opt,name=offset,proto3" json:"offset,omitempty"`
+	Data                 []byte   `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReadContentResponse) Reset()      { *m = ReadContentResponse{} }
+func (*ReadContentResponse) ProtoMessage() {}
+func (*ReadContentResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{9}
+}
+func (m *ReadContentResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReadContentResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReadContentResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReadContentResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReadContentResponse.Merge(m, src)
+}
+func (m *ReadContentResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReadContentResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReadContentResponse.DiscardUnknown(m)
 }
 
-func (m *ReadContentResponse) Reset()                    { *m = ReadContentResponse{} }
-func (*ReadContentResponse) ProtoMessage()               {}
-func (*ReadContentResponse) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{9} }
+var xxx_messageInfo_ReadContentResponse proto.InternalMessageInfo
 
 type Status struct {
-	StartedAt time.Time                                  `protobuf:"bytes,1,opt,name=started_at,json=startedAt,stdtime" json:"started_at"`
-	UpdatedAt time.Time                                  `protobuf:"bytes,2,opt,name=updated_at,json=updatedAt,stdtime" json:"updated_at"`
-	Ref       string                                     `protobuf:"bytes,3,opt,name=ref,proto3" json:"ref,omitempty"`
-	Offset    int64                                      `protobuf:"varint,4,opt,name=offset,proto3" json:"offset,omitempty"`
-	Total     int64                                      `protobuf:"varint,5,opt,name=total,proto3" json:"total,omitempty"`
-	Expected  github_com_opencontainers_go_digest.Digest `protobuf:"bytes,6,opt,name=expected,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"expected"`
+	StartedAt            time.Time                                  `protobuf:"bytes,1,opt,name=started_at,json=startedAt,proto3,stdtime" json:"started_at"`
+	UpdatedAt            time.Time                                  `protobuf:"bytes,2,opt,name=updated_at,json=updatedAt,proto3,stdtime" json:"updated_at"`
+	Ref                  string                                     `protobuf:"bytes,3,opt,name=ref,proto3" json:"ref,omitempty"`
+	Offset               int64                                      `protobuf:"varint,4,opt,name=offset,proto3" json:"offset,omitempty"`
+	Total                int64                                      `protobuf:"varint,5,opt,name=total,proto3" json:"total,omitempty"`
+	Expected             github_com_opencontainers_go_digest.Digest `protobuf:"bytes,6,opt,name=expected,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"expected"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
+}
+
+func (m *Status) Reset()      { *m = Status{} }
+func (*Status) ProtoMessage() {}
+func (*Status) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{10}
+}
+func (m *Status) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Status) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Status.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Status) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Status.Merge(m, src)
+}
+func (m *Status) XXX_Size() int {
+	return m.Size()
+}
+func (m *Status) XXX_DiscardUnknown() {
+	xxx_messageInfo_Status.DiscardUnknown(m)
 }
 
-func (m *Status) Reset()                    { *m = Status{} }
-func (*Status) ProtoMessage()               {}
-func (*Status) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{10} }
+var xxx_messageInfo_Status proto.InternalMessageInfo
 
 type StatusRequest struct {
-	Ref string `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
+	Ref                  string   `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StatusRequest) Reset()      { *m = StatusRequest{} }
+func (*StatusRequest) ProtoMessage() {}
+func (*StatusRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{11}
+}
+func (m *StatusRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StatusRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StatusRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StatusRequest.Merge(m, src)
+}
+func (m *StatusRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *StatusRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_StatusRequest.DiscardUnknown(m)
 }
 
-func (m *StatusRequest) Reset()                    { *m = StatusRequest{} }
-func (*StatusRequest) ProtoMessage()               {}
-func (*StatusRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{11} }
+var xxx_messageInfo_StatusRequest proto.InternalMessageInfo
 
 type StatusResponse struct {
-	Status *Status `protobuf:"bytes,1,opt,name=status" json:"status,omitempty"`
+	Status               *Status  `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StatusResponse) Reset()      { *m = StatusResponse{} }
+func (*StatusResponse) ProtoMessage() {}
+func (*StatusResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{12}
+}
+func (m *StatusResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StatusResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StatusResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StatusResponse.Merge(m, src)
+}
+func (m *StatusResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *StatusResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_StatusResponse.DiscardUnknown(m)
 }
 
-func (m *StatusResponse) Reset()                    { *m = StatusResponse{} }
-func (*StatusResponse) ProtoMessage()               {}
-func (*StatusResponse) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{12} }
+var xxx_messageInfo_StatusResponse proto.InternalMessageInfo
 
 type ListStatusesRequest struct {
-	Filters []string `protobuf:"bytes,1,rep,name=filters" json:"filters,omitempty"`
+	Filters              []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListStatusesRequest) Reset()      { *m = ListStatusesRequest{} }
+func (*ListStatusesRequest) ProtoMessage() {}
+func (*ListStatusesRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{13}
+}
+func (m *ListStatusesRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListStatusesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListStatusesRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListStatusesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListStatusesRequest.Merge(m, src)
+}
+func (m *ListStatusesRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListStatusesRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListStatusesRequest.DiscardUnknown(m)
 }
 
-func (m *ListStatusesRequest) Reset()                    { *m = ListStatusesRequest{} }
-func (*ListStatusesRequest) ProtoMessage()               {}
-func (*ListStatusesRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{13} }
+var xxx_messageInfo_ListStatusesRequest proto.InternalMessageInfo
 
 type ListStatusesResponse struct {
-	Statuses []Status `protobuf:"bytes,1,rep,name=statuses" json:"statuses"`
+	Statuses             []Status `protobuf:"bytes,1,rep,name=statuses,proto3" json:"statuses"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListStatusesResponse) Reset()      { *m = ListStatusesResponse{} }
+func (*ListStatusesResponse) ProtoMessage() {}
+func (*ListStatusesResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{14}
+}
+func (m *ListStatusesResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListStatusesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListStatusesResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListStatusesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListStatusesResponse.Merge(m, src)
+}
+func (m *ListStatusesResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListStatusesResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListStatusesResponse.DiscardUnknown(m)
 }
 
-func (m *ListStatusesResponse) Reset()                    { *m = ListStatusesResponse{} }
-func (*ListStatusesResponse) ProtoMessage()               {}
-func (*ListStatusesResponse) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{14} }
+var xxx_messageInfo_ListStatusesResponse proto.InternalMessageInfo
 
 // WriteContentRequest writes data to the request ref at offset.
 type WriteContentRequest struct {
@@ -324,12 +763,43 @@ type WriteContentRequest struct {
 	// Labels are arbitrary data on snapshots.
 	//
 	// The combined size of a key/value pair cannot exceed 4096 bytes.
-	Labels map[string]string `protobuf:"bytes,7,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels               map[string]string `protobuf:"bytes,7,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *WriteContentRequest) Reset()      { *m = WriteContentRequest{} }
+func (*WriteContentRequest) ProtoMessage() {}
+func (*WriteContentRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{15}
+}
+func (m *WriteContentRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WriteContentRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WriteContentRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WriteContentRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WriteContentRequest.Merge(m, src)
+}
+func (m *WriteContentRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *WriteContentRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_WriteContentRequest.DiscardUnknown(m)
 }
 
-func (m *WriteContentRequest) Reset()                    { *m = WriteContentRequest{} }
-func (*WriteContentRequest) ProtoMessage()               {}
-func (*WriteContentRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{15} }
+var xxx_messageInfo_WriteContentRequest proto.InternalMessageInfo
 
 // WriteContentResponse is returned on the culmination of a write call.
 type WriteContentResponse struct {
@@ -340,12 +810,12 @@ type WriteContentResponse struct {
 	//
 	// This must be set for stat and commit write actions. All other write
 	// actions may omit this.
-	StartedAt time.Time `protobuf:"bytes,2,opt,name=started_at,json=startedAt,stdtime" json:"started_at"`
+	StartedAt time.Time `protobuf:"bytes,2,opt,name=started_at,json=startedAt,proto3,stdtime" json:"started_at"`
 	// UpdatedAt provides the last time of a successful write.
 	//
 	// This must be set for stat and commit write actions. All other write
 	// actions may omit this.
-	UpdatedAt time.Time `protobuf:"bytes,3,opt,name=updated_at,json=updatedAt,stdtime" json:"updated_at"`
+	UpdatedAt time.Time `protobuf:"bytes,3,opt,name=updated_at,json=updatedAt,proto3,stdtime" json:"updated_at"`
 	// Offset is the current committed size for the write.
 	Offset int64 `protobuf:"varint,4,opt,name=offset,proto3" json:"offset,omitempty"`
 	// Total provides the current, expected total size of the write.
@@ -358,23 +828,87 @@ type WriteContentResponse struct {
 	// Digest, if present, includes the digest up to the currently committed
 	// bytes. If action is commit, this field will be set. It is implementation
 	// defined if this is set for other actions.
-	Digest github_com_opencontainers_go_digest.Digest `protobuf:"bytes,6,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	Digest               github_com_opencontainers_go_digest.Digest `protobuf:"bytes,6,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
+}
+
+func (m *WriteContentResponse) Reset()      { *m = WriteContentResponse{} }
+func (*WriteContentResponse) ProtoMessage() {}
+func (*WriteContentResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{16}
+}
+func (m *WriteContentResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WriteContentResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WriteContentResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WriteContentResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WriteContentResponse.Merge(m, src)
+}
+func (m *WriteContentResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *WriteContentResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_WriteContentResponse.DiscardUnknown(m)
 }
 
-func (m *WriteContentResponse) Reset()                    { *m = WriteContentResponse{} }
-func (*WriteContentResponse) ProtoMessage()               {}
-func (*WriteContentResponse) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{16} }
+var xxx_messageInfo_WriteContentResponse proto.InternalMessageInfo
 
 type AbortRequest struct {
-	Ref string `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
+	Ref                  string   `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *AbortRequest) Reset()      { *m = AbortRequest{} }
+func (*AbortRequest) ProtoMessage() {}
+func (*AbortRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_468430ba3e400391, []int{17}
+}
+func (m *AbortRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AbortRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AbortRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AbortRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AbortRequest.Merge(m, src)
+}
+func (m *AbortRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *AbortRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_AbortRequest.DiscardUnknown(m)
 }
 
-func (m *AbortRequest) Reset()                    { *m = AbortRequest{} }
-func (*AbortRequest) ProtoMessage()               {}
-func (*AbortRequest) Descriptor() ([]byte, []int) { return fileDescriptorContent, []int{17} }
+var xxx_messageInfo_AbortRequest proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("containerd.services.content.v1.WriteAction", WriteAction_name, WriteAction_value)
 	proto.RegisterType((*Info)(nil), "containerd.services.content.v1.Info")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.content.v1.Info.LabelsEntry")
 	proto.RegisterType((*InfoRequest)(nil), "containerd.services.content.v1.InfoRequest")
 	proto.RegisterType((*InfoResponse)(nil), "containerd.services.content.v1.InfoResponse")
 	proto.RegisterType((*UpdateRequest)(nil), "containerd.services.content.v1.UpdateRequest")
@@ -390,9 +924,85 @@ func init() {
 	proto.RegisterType((*ListStatusesRequest)(nil), "containerd.services.content.v1.ListStatusesRequest")
 	proto.RegisterType((*ListStatusesResponse)(nil), "containerd.services.content.v1.ListStatusesResponse")
 	proto.RegisterType((*WriteContentRequest)(nil), "containerd.services.content.v1.WriteContentRequest")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.content.v1.WriteContentRequest.LabelsEntry")
 	proto.RegisterType((*WriteContentResponse)(nil), "containerd.services.content.v1.WriteContentResponse")
 	proto.RegisterType((*AbortRequest)(nil), "containerd.services.content.v1.AbortRequest")
-	proto.RegisterEnum("containerd.services.content.v1.WriteAction", WriteAction_name, WriteAction_value)
+}
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/content/v1/content.proto", fileDescriptor_468430ba3e400391)
+}
+
+var fileDescriptor_468430ba3e400391 = []byte{
+	// 1081 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0xcd, 0x6f, 0x1b, 0x45,
+	0x14, 0xf7, 0x78, 0xed, 0x4d, 0xf2, 0x9c, 0x16, 0x33, 0x31, 0x95, 0xb5, 0x08, 0x67, 0xbb, 0x42,
+	0xc8, 0x6a, 0xc9, 0x3a, 0x75, 0x7a, 0x00, 0x2a, 0x01, 0x8e, 0x9b, 0xaa, 0x41, 0x4d, 0x41, 0x5b,
+	0x97, 0x40, 0x2f, 0x65, 0x6d, 0x8f, 0xcd, 0x2a, 0xb6, 0xd7, 0xdd, 0x19, 0x5b, 0x84, 0x13, 0x17,
+	0x24, 0x14, 0xf5, 0x80, 0xb8, 0xe7, 0x02, 0xfc, 0x15, 0x1c, 0x38, 0xe7, 0xc8, 0x11, 0x71, 0x68,
+	0x69, 0xfe, 0x07, 0xee, 0x68, 0x66, 0x67, 0xed, 0xf5, 0x47, 0x58, 0xdb, 0x31, 0x27, 0xbf, 0x99,
+	0x7d, 0xbf, 0xf7, 0xfd, 0x31, 0x86, 0x7b, 0x4d, 0x87, 0x7d, 0xdd, 0xab, 0x9a, 0x35, 0xb7, 0x5d,
+	0xa8, 0xb9, 0x1d, 0x66, 0x3b, 0x1d, 0xe2, 0xd5, 0xc3, 0xa4, 0xdd, 0x75, 0x0a, 0x94, 0x78, 0x7d,
+	0xa7, 0x46, 0xa8, 0xb8, 0x27, 0x1d, 0x56, 0xe8, 0xdf, 0x0a, 0x48, 0xb3, 0xeb, 0xb9, 0xcc, 0xc5,
+	0xb9, 0x21, 0xc2, 0x0c, 0xb8, 0xcd, 0x80, 0xa5, 0x7f, 0x4b, 0xcb, 0x34, 0xdd, 0xa6, 0x2b, 0x58,
+	0x0b, 0x9c, 0xf2, 0x51, 0x9a, 0xde, 0x74, 0xdd, 0x66, 0x8b, 0x14, 0xc4, 0xa9, 0xda, 0x6b, 0x14,
+	0x1a, 0x0e, 0x69, 0xd5, 0x9f, 0xb6, 0x6d, 0x7a, 0x24, 0x39, 0x36, 0xc7, 0x39, 0x98, 0xd3, 0x26,
+	0x94, 0xd9, 0xed, 0xae, 0x64, 0x78, 0x73, 0x9c, 0x81, 0xb4, 0xbb, 0xec, 0xd8, 0xff, 0x68, 0xfc,
+	0x13, 0x87, 0xc4, 0x7e, 0xa7, 0xe1, 0xe2, 0x4f, 0x40, 0xad, 0x3b, 0x4d, 0x42, 0x59, 0x16, 0xe9,
+	0x28, 0xbf, 0xb6, 0x5b, 0x3c, 0x7b, 0xb1, 0x19, 0xfb, 0xeb, 0xc5, 0xe6, 0x8d, 0x90, 0xfb, 0x6e,
+	0x97, 0x74, 0x06, 0x5e, 0xd0, 0x42, 0xd3, 0xdd, 0xf2, 0x21, 0xe6, 0x5d, 0xf1, 0x63, 0x49, 0x09,
+	0x18, 0x43, 0x82, 0x3a, 0xdf, 0x92, 0x6c, 0x5c, 0x47, 0x79, 0xc5, 0x12, 0x34, 0x2e, 0x03, 0xd4,
+	0x3c, 0x62, 0x33, 0x52, 0x7f, 0x6a, 0xb3, 0xac, 0xa2, 0xa3, 0x7c, 0xaa, 0xa8, 0x99, 0xbe, 0x69,
+	0x66, 0x60, 0x9a, 0x59, 0x09, 0x6c, 0xdf, 0x5d, 0xe5, 0xfa, 0x7f, 0x7c, 0xb9, 0x89, 0xac, 0x35,
+	0x89, 0x2b, 0x31, 0x2e, 0xa4, 0xd7, 0xad, 0x07, 0x42, 0x12, 0xf3, 0x08, 0x91, 0xb8, 0x12, 0xc3,
+	0xf7, 0x41, 0x6d, 0xd9, 0x55, 0xd2, 0xa2, 0xd9, 0xa4, 0xae, 0xe4, 0x53, 0xc5, 0x6d, 0xf3, 0xbf,
+	0x33, 0x63, 0xf2, 0xf8, 0x98, 0x0f, 0x04, 0x64, 0xaf, 0xc3, 0xbc, 0x63, 0x4b, 0xe2, 0xb5, 0xf7,
+	0x21, 0x15, 0xba, 0xc6, 0x69, 0x50, 0x8e, 0xc8, 0xb1, 0x1f, 0x3f, 0x8b, 0x93, 0x38, 0x03, 0xc9,
+	0xbe, 0xdd, 0xea, 0xf9, 0x91, 0x58, 0xb3, 0xfc, 0xc3, 0x07, 0xf1, 0xf7, 0x90, 0xf1, 0x25, 0xa4,
+	0xb8, 0x58, 0x8b, 0x3c, 0xeb, 0xf1, 0x88, 0x2d, 0x31, 0xfa, 0xc6, 0x43, 0x58, 0xf7, 0x45, 0xd3,
+	0xae, 0xdb, 0xa1, 0x04, 0x7f, 0x08, 0x09, 0xa7, 0xd3, 0x70, 0x85, 0xe4, 0x54, 0xf1, 0xed, 0x59,
+	0xbc, 0xdd, 0x4d, 0x70, 0xfd, 0x96, 0xc0, 0x19, 0xcf, 0x11, 0x5c, 0x79, 0x2c, 0xa2, 0x17, 0x58,
+	0x7b, 0x49, 0x89, 0xf8, 0x0e, 0xa4, 0xfc, 0x74, 0x88, 0x3a, 0x16, 0xc1, 0x99, 0x96, 0xc7, 0x7b,
+	0xbc, 0xd4, 0x0f, 0x6c, 0x7a, 0x64, 0xc9, 0xac, 0x73, 0xda, 0xf8, 0x0c, 0xae, 0x06, 0xd6, 0x2c,
+	0xc9, 0x41, 0x13, 0xf0, 0x03, 0x87, 0xb2, 0xb2, 0xcf, 0x12, 0x38, 0x99, 0x85, 0x95, 0x86, 0xd3,
+	0x62, 0xc4, 0xa3, 0x59, 0xa4, 0x2b, 0xf9, 0x35, 0x2b, 0x38, 0x1a, 0x8f, 0x61, 0x63, 0x84, 0x7f,
+	0xc2, 0x0c, 0x65, 0x21, 0x33, 0xaa, 0x90, 0xb9, 0x4b, 0x5a, 0x84, 0x91, 0x31, 0x43, 0x96, 0x59,
+	0x1b, 0xcf, 0x11, 0x60, 0x8b, 0xd8, 0xf5, 0xff, 0x4f, 0x05, 0xbe, 0x06, 0xaa, 0xdb, 0x68, 0x50,
+	0xc2, 0x64, 0xfb, 0xcb, 0xd3, 0x60, 0x28, 0x28, 0xc3, 0xa1, 0x60, 0x94, 0x60, 0x63, 0xc4, 0x1a,
+	0x19, 0xc9, 0xa1, 0x08, 0x34, 0x2e, 0xa2, 0x6e, 0x33, 0x5b, 0x08, 0x5e, 0xb7, 0x04, 0x6d, 0xfc,
+	0x1c, 0x07, 0xf5, 0x11, 0xb3, 0x59, 0x8f, 0xf2, 0xe9, 0x40, 0x99, 0xed, 0xc9, 0xe9, 0x80, 0xe6,
+	0x99, 0x0e, 0x12, 0x37, 0x31, 0x62, 0xe2, 0x8b, 0x8d, 0x98, 0x34, 0x28, 0x1e, 0x69, 0x08, 0x57,
+	0xd7, 0x2c, 0x4e, 0x86, 0x5c, 0x4a, 0x8c, 0xb8, 0x94, 0x81, 0x24, 0x73, 0x99, 0xdd, 0xca, 0x26,
+	0xc5, 0xb5, 0x7f, 0xc0, 0x0f, 0x61, 0x95, 0x7c, 0xd3, 0x25, 0x35, 0x46, 0xea, 0x59, 0x75, 0xe1,
+	0x8c, 0x0c, 0x64, 0x18, 0xd7, 0xe1, 0x8a, 0x1f, 0xa3, 0x20, 0xe1, 0xd2, 0x40, 0x34, 0x30, 0x90,
+	0xb7, 0x55, 0xc0, 0x32, 0xa8, 0x67, 0x95, 0x8a, 0x1b, 0x19, 0xca, 0x77, 0xa2, 0x2a, 0x5a, 0xe2,
+	0x25, 0xca, 0x28, 0xf8, 0x6d, 0xe2, 0xdf, 0x12, 0x1a, 0xdd, 0x57, 0x5f, 0x41, 0x66, 0x14, 0x20,
+	0x0d, 0xb9, 0x0f, 0xab, 0x54, 0xde, 0xc9, 0xe6, 0x9a, 0xd1, 0x14, 0xd9, 0x5e, 0x03, 0xb4, 0xf1,
+	0x93, 0x02, 0x1b, 0x87, 0x9e, 0x33, 0xd1, 0x62, 0x65, 0x50, 0xed, 0x1a, 0x73, 0xdc, 0x8e, 0x70,
+	0xf5, 0x6a, 0xf1, 0x66, 0x94, 0x7c, 0x21, 0xa4, 0x24, 0x20, 0x96, 0x84, 0x06, 0x31, 0x8d, 0x0f,
+	0x93, 0x3e, 0x48, 0xae, 0x72, 0x51, 0x72, 0x13, 0x97, 0x4f, 0x6e, 0xa8, 0xb4, 0x92, 0x53, 0xbb,
+	0x45, 0x1d, 0x76, 0x0b, 0x3e, 0x1c, 0xec, 0xbe, 0x15, 0x11, 0xc8, 0x8f, 0x66, 0x72, 0x74, 0x34,
+	0x5a, 0xcb, 0x5e, 0x85, 0x2f, 0xe3, 0x90, 0x19, 0x55, 0x23, 0xf3, 0xbe, 0x94, 0xac, 0x8c, 0x0e,
+	0x85, 0xf8, 0x32, 0x86, 0x82, 0xb2, 0xd8, 0x50, 0x98, 0x6f, 0x04, 0x0c, 0x47, 0xb2, 0x7a, 0xe9,
+	0xa9, 0xaf, 0xc3, 0x7a, 0xa9, 0xea, 0x7a, 0xec, 0xc2, 0xee, 0xbf, 0xf1, 0x3d, 0x82, 0x54, 0x28,
+	0x7a, 0xf8, 0x2d, 0x48, 0x3c, 0xaa, 0x94, 0x2a, 0xe9, 0x98, 0xb6, 0x71, 0x72, 0xaa, 0xbf, 0x16,
+	0xfa, 0xc4, 0x3b, 0x0b, 0x6f, 0x42, 0xf2, 0xd0, 0xda, 0xaf, 0xec, 0xa5, 0x91, 0x96, 0x39, 0x39,
+	0xd5, 0xd3, 0xa1, 0xef, 0x82, 0xc4, 0xd7, 0x41, 0x2d, 0x7f, 0x7a, 0x70, 0xb0, 0x5f, 0x49, 0xc7,
+	0xb5, 0x37, 0x4e, 0x4e, 0xf5, 0xd7, 0x43, 0x1c, 0x65, 0xb7, 0xdd, 0x76, 0x98, 0xb6, 0xf1, 0xc3,
+	0x2f, 0xb9, 0xd8, 0x6f, 0xbf, 0xe6, 0xc2, 0x7a, 0x8b, 0xbf, 0xaf, 0xc0, 0x8a, 0x2c, 0x03, 0x6c,
+	0xcb, 0x97, 0xe9, 0xcd, 0x59, 0x36, 0xa9, 0x74, 0x4d, 0x7b, 0x77, 0x36, 0x66, 0x59, 0x61, 0x4d,
+	0x50, 0xfd, 0xb7, 0x04, 0xde, 0x8a, 0xc2, 0x8d, 0xbc, 0x80, 0x34, 0x73, 0x56, 0x76, 0xa9, 0xe8,
+	0x19, 0x24, 0xf8, 0x68, 0xc3, 0xc5, 0x28, 0xdc, 0xe4, 0x43, 0x44, 0xdb, 0x99, 0x0b, 0xe3, 0x2b,
+	0xdc, 0x46, 0xf8, 0x73, 0x50, 0xfd, 0xe7, 0x04, 0xbe, 0x1d, 0x25, 0x60, 0xda, 0xb3, 0x43, 0xbb,
+	0x36, 0x51, 0xdf, 0x7b, 0xfc, 0x7f, 0x03, 0x77, 0x85, 0xef, 0xec, 0x68, 0x57, 0x26, 0xdf, 0x19,
+	0xd1, 0xae, 0x4c, 0x79, 0x0d, 0x6c, 0x23, 0x9e, 0x26, 0xb9, 0xe2, 0xb7, 0x66, 0xdc, 0x41, 0xb3,
+	0xa6, 0x69, 0x6c, 0xe5, 0x1d, 0xc3, 0x7a, 0x78, 0x03, 0xe1, 0x99, 0x42, 0x3f, 0xb6, 0xe0, 0xb4,
+	0xdb, 0xf3, 0x81, 0xa4, 0xea, 0x3e, 0x24, 0xfd, 0xd6, 0xd9, 0x59, 0x60, 0x24, 0x47, 0xeb, 0x9c,
+	0x36, 0x60, 0xf3, 0x68, 0x1b, 0xe1, 0x03, 0x48, 0x8a, 0xd9, 0x80, 0x23, 0x3b, 0x27, 0x3c, 0x42,
+	0x2e, 0xaa, 0x8e, 0xdd, 0x27, 0x67, 0xaf, 0x72, 0xb1, 0x3f, 0x5f, 0xe5, 0x62, 0xdf, 0x9d, 0xe7,
+	0xd0, 0xd9, 0x79, 0x0e, 0xfd, 0x71, 0x9e, 0x43, 0x7f, 0x9f, 0xe7, 0xd0, 0x93, 0x8f, 0x17, 0xfd,
+	0x1f, 0x7d, 0x47, 0x92, 0x5f, 0xc4, 0xaa, 0xaa, 0xd0, 0xb6, 0xf3, 0x6f, 0x00, 0x00, 0x00, 0xff,
+	0xff, 0xc0, 0xc2, 0x35, 0xb1, 0x94, 0x0f, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -403,8 +1013,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Content service
-
+// ContentClient is the client API for Content service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type ContentClient interface {
 	// Info returns information about a committed object.
 	//
@@ -425,7 +1036,7 @@ type ContentClient interface {
 	// set.
 	List(ctx context.Context, in *ListContentRequest, opts ...grpc.CallOption) (Content_ListClient, error)
 	// Delete will delete the referenced object.
-	Delete(ctx context.Context, in *DeleteContentRequest, opts ...grpc.CallOption) (*google_protobuf3.Empty, error)
+	Delete(ctx context.Context, in *DeleteContentRequest, opts ...grpc.CallOption) (*types.Empty, error)
 	// Read allows one to read an object based on the offset into the content.
 	//
 	// The requested data may be returned in one or more messages.
@@ -458,7 +1069,7 @@ type ContentClient interface {
 	Write(ctx context.Context, opts ...grpc.CallOption) (Content_WriteClient, error)
 	// Abort cancels the ongoing write named in the request. Any resources
 	// associated with the write will be collected.
-	Abort(ctx context.Context, in *AbortRequest, opts ...grpc.CallOption) (*google_protobuf3.Empty, error)
+	Abort(ctx context.Context, in *AbortRequest, opts ...grpc.CallOption) (*types.Empty, error)
 }
 
 type contentClient struct {
@@ -471,7 +1082,7 @@ func NewContentClient(cc *grpc.ClientConn) ContentClient {
 
 func (c *contentClient) Info(ctx context.Context, in *InfoRequest, opts ...grpc.CallOption) (*InfoResponse, error) {
 	out := new(InfoResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.content.v1.Content/Info", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.content.v1.Content/Info", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -480,7 +1091,7 @@ func (c *contentClient) Info(ctx context.Context, in *InfoRequest, opts ...grpc.
 
 func (c *contentClient) Update(ctx context.Context, in *UpdateRequest, opts ...grpc.CallOption) (*UpdateResponse, error) {
 	out := new(UpdateResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.content.v1.Content/Update", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.content.v1.Content/Update", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -488,7 +1099,7 @@ func (c *contentClient) Update(ctx context.Context, in *UpdateRequest, opts ...g
 }
 
 func (c *contentClient) List(ctx context.Context, in *ListContentRequest, opts ...grpc.CallOption) (Content_ListClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Content_serviceDesc.Streams[0], c.cc, "/containerd.services.content.v1.Content/List", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Content_serviceDesc.Streams[0], "/containerd.services.content.v1.Content/List", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -519,9 +1130,9 @@ func (x *contentListClient) Recv() (*ListContentResponse, error) {
 	return m, nil
 }
 
-func (c *contentClient) Delete(ctx context.Context, in *DeleteContentRequest, opts ...grpc.CallOption) (*google_protobuf3.Empty, error) {
-	out := new(google_protobuf3.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.content.v1.Content/Delete", in, out, c.cc, opts...)
+func (c *contentClient) Delete(ctx context.Context, in *DeleteContentRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.content.v1.Content/Delete", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -529,7 +1140,7 @@ func (c *contentClient) Delete(ctx context.Context, in *DeleteContentRequest, op
 }
 
 func (c *contentClient) Read(ctx context.Context, in *ReadContentRequest, opts ...grpc.CallOption) (Content_ReadClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Content_serviceDesc.Streams[1], c.cc, "/containerd.services.content.v1.Content/Read", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Content_serviceDesc.Streams[1], "/containerd.services.content.v1.Content/Read", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -562,7 +1173,7 @@ func (x *contentReadClient) Recv() (*ReadContentResponse, error) {
 
 func (c *contentClient) Status(ctx context.Context, in *StatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
 	out := new(StatusResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.content.v1.Content/Status", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.content.v1.Content/Status", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -571,7 +1182,7 @@ func (c *contentClient) Status(ctx context.Context, in *StatusRequest, opts ...g
 
 func (c *contentClient) ListStatuses(ctx context.Context, in *ListStatusesRequest, opts ...grpc.CallOption) (*ListStatusesResponse, error) {
 	out := new(ListStatusesResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.content.v1.Content/ListStatuses", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.content.v1.Content/ListStatuses", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -579,7 +1190,7 @@ func (c *contentClient) ListStatuses(ctx context.Context, in *ListStatusesReques
 }
 
 func (c *contentClient) Write(ctx context.Context, opts ...grpc.CallOption) (Content_WriteClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Content_serviceDesc.Streams[2], c.cc, "/containerd.services.content.v1.Content/Write", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Content_serviceDesc.Streams[2], "/containerd.services.content.v1.Content/Write", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -609,17 +1220,16 @@ func (x *contentWriteClient) Recv() (*WriteContentResponse, error) {
 	return m, nil
 }
 
-func (c *contentClient) Abort(ctx context.Context, in *AbortRequest, opts ...grpc.CallOption) (*google_protobuf3.Empty, error) {
-	out := new(google_protobuf3.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.content.v1.Content/Abort", in, out, c.cc, opts...)
+func (c *contentClient) Abort(ctx context.Context, in *AbortRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.content.v1.Content/Abort", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Content service
-
+// ContentServer is the server API for Content service.
 type ContentServer interface {
 	// Info returns information about a committed object.
 	//
@@ -640,7 +1250,7 @@ type ContentServer interface {
 	// set.
 	List(*ListContentRequest, Content_ListServer) error
 	// Delete will delete the referenced object.
-	Delete(context.Context, *DeleteContentRequest) (*google_protobuf3.Empty, error)
+	Delete(context.Context, *DeleteContentRequest) (*types.Empty, error)
 	// Read allows one to read an object based on the offset into the content.
 	//
 	// The requested data may be returned in one or more messages.
@@ -673,7 +1283,39 @@ type ContentServer interface {
 	Write(Content_WriteServer) error
 	// Abort cancels the ongoing write named in the request. Any resources
 	// associated with the write will be collected.
-	Abort(context.Context, *AbortRequest) (*google_protobuf3.Empty, error)
+	Abort(context.Context, *AbortRequest) (*types.Empty, error)
+}
+
+// UnimplementedContentServer can be embedded to have forward compatible implementations.
+type UnimplementedContentServer struct {
+}
+
+func (*UnimplementedContentServer) Info(ctx context.Context, req *InfoRequest) (*InfoResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Info not implemented")
+}
+func (*UnimplementedContentServer) Update(ctx context.Context, req *UpdateRequest) (*UpdateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Update not implemented")
+}
+func (*UnimplementedContentServer) List(req *ListContentRequest, srv Content_ListServer) error {
+	return status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+func (*UnimplementedContentServer) Delete(ctx context.Context, req *DeleteContentRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented")
+}
+func (*UnimplementedContentServer) Read(req *ReadContentRequest, srv Content_ReadServer) error {
+	return status.Errorf(codes.Unimplemented, "method Read not implemented")
+}
+func (*UnimplementedContentServer) Status(ctx context.Context, req *StatusRequest) (*StatusResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Status not implemented")
+}
+func (*UnimplementedContentServer) ListStatuses(ctx context.Context, req *ListStatusesRequest) (*ListStatusesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListStatuses not implemented")
+}
+func (*UnimplementedContentServer) Write(srv Content_WriteServer) error {
+	return status.Errorf(codes.Unimplemented, "method Write not implemented")
+}
+func (*UnimplementedContentServer) Abort(ctx context.Context, req *AbortRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Abort not implemented")
 }
 
 func RegisterContentServer(s *grpc.Server, srv ContentServer) {
@@ -909,7 +1551,7 @@ var _Content_serviceDesc = grpc.ServiceDesc{
 func (m *Info) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -917,61 +1559,73 @@ func (m *Info) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Info) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Info) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.Size_ != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Size_))
-	}
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(types.SizeOfStdTime(m.CreatedAt)))
-	n1, err := types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n1
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(types.SizeOfStdTime(m.UpdatedAt)))
-	n2, err := types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n2
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x2a
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovContent(uint64(len(k))) + 1 + len(v) + sovContent(uint64(len(v)))
-			i = encodeVarintContent(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintContent(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintContent(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintContent(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintContent(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x2a
 		}
 	}
-	return i, nil
+	n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt):])
+	if err1 != nil {
+		return 0, err1
+	}
+	i -= n1
+	i = encodeVarintContent(dAtA, i, uint64(n1))
+	i--
+	dAtA[i] = 0x22
+	n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):])
+	if err2 != nil {
+		return 0, err2
+	}
+	i -= n2
+	i = encodeVarintContent(dAtA, i, uint64(n2))
+	i--
+	dAtA[i] = 0x1a
+	if m.Size_ != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Size_))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Digest) > 0 {
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
+		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *InfoRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -979,23 +1633,33 @@ func (m *InfoRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *InfoRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *InfoRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
 		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *InfoResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1003,25 +1667,36 @@ func (m *InfoResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *InfoResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *InfoResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(m.Info.Size()))
-	n3, err := m.Info.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Info.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintContent(dAtA, i, uint64(size))
 	}
-	i += n3
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1029,35 +1704,48 @@ func (m *UpdateRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(m.Info.Size()))
-	n4, err := m.Info.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n4
 	if m.UpdateMask != nil {
+		{
+			size, err := m.UpdateMask.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContent(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.UpdateMask.Size()))
-		n5, err := m.UpdateMask.MarshalTo(dAtA[i:])
+	}
+	{
+		size, err := m.Info.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n5
+		i -= size
+		i = encodeVarintContent(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1065,25 +1753,36 @@ func (m *UpdateResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(m.Info.Size()))
-	n6, err := m.Info.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Info.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintContent(dAtA, i, uint64(size))
 	}
-	i += n6
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *ListContentRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1091,32 +1790,35 @@ func (m *ListContentRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListContentRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListContentRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintContent(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListContentResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1124,29 +1826,40 @@ func (m *ListContentResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListContentResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListContentResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Info) > 0 {
-		for _, msg := range m.Info {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintContent(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Info) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Info[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintContent(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteContentRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1154,23 +1867,33 @@ func (m *DeleteContentRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteContentRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteContentRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
 		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ReadContentRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1178,33 +1901,43 @@ func (m *ReadContentRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ReadContentRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReadContentRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Size_ != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Size_))
+		i--
+		dAtA[i] = 0x18
 	}
 	if m.Offset != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintContent(dAtA, i, uint64(m.Offset))
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.Size_ != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Size_))
+	if len(m.Digest) > 0 {
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
+		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ReadContentResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1212,28 +1945,38 @@ func (m *ReadContentResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ReadContentResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReadContentResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Offset != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Offset))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Data) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintContent(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if m.Offset != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Offset))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *Status) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1241,55 +1984,66 @@ func (m *Status) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Status) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Status) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(types.SizeOfStdTime(m.StartedAt)))
-	n7, err := types.StdTimeMarshalTo(m.StartedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n7
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(types.SizeOfStdTime(m.UpdatedAt)))
-	n8, err := types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Expected) > 0 {
+		i -= len(m.Expected)
+		copy(dAtA[i:], m.Expected)
+		i = encodeVarintContent(dAtA, i, uint64(len(m.Expected)))
+		i--
+		dAtA[i] = 0x32
 	}
-	i += n8
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
+	if m.Total != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Total))
+		i--
+		dAtA[i] = 0x28
 	}
 	if m.Offset != 0 {
-		dAtA[i] = 0x20
-		i++
 		i = encodeVarintContent(dAtA, i, uint64(m.Offset))
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.Total != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Total))
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintContent(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.Expected) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(len(m.Expected)))
-		i += copy(dAtA[i:], m.Expected)
+	n7, err7 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt):])
+	if err7 != nil {
+		return 0, err7
+	}
+	i -= n7
+	i = encodeVarintContent(dAtA, i, uint64(n7))
+	i--
+	dAtA[i] = 0x12
+	n8, err8 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartedAt):])
+	if err8 != nil {
+		return 0, err8
 	}
-	return i, nil
+	i -= n8
+	i = encodeVarintContent(dAtA, i, uint64(n8))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *StatusRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1297,23 +2051,33 @@ func (m *StatusRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StatusRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StatusRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
 		i = encodeVarintContent(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StatusResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1321,27 +2085,38 @@ func (m *StatusResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StatusResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StatusResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Status != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Status.Size()))
-		n9, err := m.Status.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintContent(dAtA, i, uint64(size))
 		}
-		i += n9
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListStatusesRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1349,32 +2124,35 @@ func (m *ListStatusesRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListStatusesRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListStatusesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintContent(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListStatusesResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1382,29 +2160,40 @@ func (m *ListStatusesResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListStatusesResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListStatusesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Statuses) > 0 {
-		for _, msg := range m.Statuses {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintContent(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Statuses) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Statuses[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintContent(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WriteContentRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1412,67 +2201,81 @@ func (m *WriteContentRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WriteContentRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WriteContentRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Action != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Action))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintContent(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintContent(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintContent(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x3a
+		}
 	}
-	if m.Total != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Total))
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintContent(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0x32
+	}
+	if m.Offset != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Offset))
+		i--
+		dAtA[i] = 0x28
 	}
 	if len(m.Expected) > 0 {
-		dAtA[i] = 0x22
-		i++
+		i -= len(m.Expected)
+		copy(dAtA[i:], m.Expected)
 		i = encodeVarintContent(dAtA, i, uint64(len(m.Expected)))
-		i += copy(dAtA[i:], m.Expected)
+		i--
+		dAtA[i] = 0x22
 	}
-	if m.Offset != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Offset))
+	if m.Total != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Total))
+		i--
+		dAtA[i] = 0x18
 	}
-	if len(m.Data) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintContent(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x3a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovContent(uint64(len(k))) + 1 + len(v) + sovContent(uint64(len(v)))
-			i = encodeVarintContent(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintContent(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintContent(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+	if m.Action != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Action))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WriteContentResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1480,54 +2283,64 @@ func (m *WriteContentResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WriteContentResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WriteContentResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Action != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Action))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(types.SizeOfStdTime(m.StartedAt)))
-	n10, err := types.StdTimeMarshalTo(m.StartedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Digest) > 0 {
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
+		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
+		i--
+		dAtA[i] = 0x32
 	}
-	i += n10
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintContent(dAtA, i, uint64(types.SizeOfStdTime(m.UpdatedAt)))
-	n11, err := types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Total != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Total))
+		i--
+		dAtA[i] = 0x28
 	}
-	i += n11
 	if m.Offset != 0 {
-		dAtA[i] = 0x20
-		i++
 		i = encodeVarintContent(dAtA, i, uint64(m.Offset))
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.Total != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(m.Total))
+	n10, err10 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt):])
+	if err10 != nil {
+		return 0, err10
 	}
-	if len(m.Digest) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintContent(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+	i -= n10
+	i = encodeVarintContent(dAtA, i, uint64(n10))
+	i--
+	dAtA[i] = 0x1a
+	n11, err11 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartedAt):])
+	if err11 != nil {
+		return 0, err11
+	}
+	i -= n11
+	i = encodeVarintContent(dAtA, i, uint64(n11))
+	i--
+	dAtA[i] = 0x12
+	if m.Action != 0 {
+		i = encodeVarintContent(dAtA, i, uint64(m.Action))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *AbortRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1535,29 +2348,44 @@ func (m *AbortRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *AbortRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AbortRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
 		i = encodeVarintContent(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintContent(dAtA []byte, offset int, v uint64) int {
+	offset -= sovContent(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Info) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Digest)
@@ -1567,9 +2395,9 @@ func (m *Info) Size() (n int) {
 	if m.Size_ != 0 {
 		n += 1 + sovContent(uint64(m.Size_))
 	}
-	l = types.SizeOfStdTime(m.CreatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)
 	n += 1 + l + sovContent(uint64(l))
-	l = types.SizeOfStdTime(m.UpdatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt)
 	n += 1 + l + sovContent(uint64(l))
 	if len(m.Labels) > 0 {
 		for k, v := range m.Labels {
@@ -1579,28 +2407,46 @@ func (m *Info) Size() (n int) {
 			n += mapEntrySize + 1 + sovContent(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *InfoRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Digest)
 	if l > 0 {
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *InfoResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Info.Size()
 	n += 1 + l + sovContent(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Info.Size()
@@ -1609,18 +2455,30 @@ func (m *UpdateRequest) Size() (n int) {
 		l = m.UpdateMask.Size()
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Info.Size()
 	n += 1 + l + sovContent(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListContentRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filters) > 0 {
@@ -1629,10 +2487,16 @@ func (m *ListContentRequest) Size() (n int) {
 			n += 1 + l + sovContent(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListContentResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Info) > 0 {
@@ -1641,20 +2505,32 @@ func (m *ListContentResponse) Size() (n int) {
 			n += 1 + l + sovContent(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteContentRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Digest)
 	if l > 0 {
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ReadContentRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Digest)
@@ -1667,10 +2543,16 @@ func (m *ReadContentRequest) Size() (n int) {
 	if m.Size_ != 0 {
 		n += 1 + sovContent(uint64(m.Size_))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ReadContentResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Offset != 0 {
@@ -1680,15 +2562,21 @@ func (m *ReadContentResponse) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Status) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
-	l = types.SizeOfStdTime(m.StartedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.StartedAt)
 	n += 1 + l + sovContent(uint64(l))
-	l = types.SizeOfStdTime(m.UpdatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt)
 	n += 1 + l + sovContent(uint64(l))
 	l = len(m.Ref)
 	if l > 0 {
@@ -1704,30 +2592,48 @@ func (m *Status) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StatusRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Ref)
 	if l > 0 {
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StatusResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Status != nil {
 		l = m.Status.Size()
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListStatusesRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filters) > 0 {
@@ -1736,10 +2642,16 @@ func (m *ListStatusesRequest) Size() (n int) {
 			n += 1 + l + sovContent(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListStatusesResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Statuses) > 0 {
@@ -1748,10 +2660,16 @@ func (m *ListStatusesResponse) Size() (n int) {
 			n += 1 + l + sovContent(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *WriteContentRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Action != 0 {
@@ -1783,18 +2701,24 @@ func (m *WriteContentRequest) Size() (n int) {
 			n += mapEntrySize + 1 + sovContent(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *WriteContentResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Action != 0 {
 		n += 1 + sovContent(uint64(m.Action))
 	}
-	l = types.SizeOfStdTime(m.StartedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.StartedAt)
 	n += 1 + l + sovContent(uint64(l))
-	l = types.SizeOfStdTime(m.UpdatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt)
 	n += 1 + l + sovContent(uint64(l))
 	if m.Offset != 0 {
 		n += 1 + sovContent(uint64(m.Offset))
@@ -1806,28 +2730,30 @@ func (m *WriteContentResponse) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *AbortRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Ref)
 	if l > 0 {
 		n += 1 + l + sovContent(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovContent(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozContent(x uint64) (n int) {
 	return sovContent(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -1840,7 +2766,7 @@ func (this *Info) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -1849,9 +2775,10 @@ func (this *Info) String() string {
 	s := strings.Join([]string{`&Info{`,
 		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
 		`Size_:` + fmt.Sprintf("%v", this.Size_) + `,`,
-		`CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
-		`UpdatedAt:` + strings.Replace(strings.Replace(this.UpdatedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
+		`CreatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
+		`UpdatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.UpdatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1862,6 +2789,7 @@ func (this *InfoRequest) String() string {
 	}
 	s := strings.Join([]string{`&InfoRequest{`,
 		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1872,6 +2800,7 @@ func (this *InfoResponse) String() string {
 	}
 	s := strings.Join([]string{`&InfoResponse{`,
 		`Info:` + strings.Replace(strings.Replace(this.Info.String(), "Info", "Info", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1882,7 +2811,8 @@ func (this *UpdateRequest) String() string {
 	}
 	s := strings.Join([]string{`&UpdateRequest{`,
 		`Info:` + strings.Replace(strings.Replace(this.Info.String(), "Info", "Info", 1), `&`, ``, 1) + `,`,
-		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "google_protobuf1.FieldMask", 1) + `,`,
+		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "types.FieldMask", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1893,6 +2823,7 @@ func (this *UpdateResponse) String() string {
 	}
 	s := strings.Join([]string{`&UpdateResponse{`,
 		`Info:` + strings.Replace(strings.Replace(this.Info.String(), "Info", "Info", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1903,6 +2834,7 @@ func (this *ListContentRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListContentRequest{`,
 		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1911,8 +2843,14 @@ func (this *ListContentResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForInfo := "[]Info{"
+	for _, f := range this.Info {
+		repeatedStringForInfo += strings.Replace(strings.Replace(f.String(), "Info", "Info", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForInfo += "}"
 	s := strings.Join([]string{`&ListContentResponse{`,
-		`Info:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Info), "Info", "Info", 1), `&`, ``, 1) + `,`,
+		`Info:` + repeatedStringForInfo + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1923,6 +2861,7 @@ func (this *DeleteContentRequest) String() string {
 	}
 	s := strings.Join([]string{`&DeleteContentRequest{`,
 		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1935,6 +2874,7 @@ func (this *ReadContentRequest) String() string {
 		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
 		`Offset:` + fmt.Sprintf("%v", this.Offset) + `,`,
 		`Size_:` + fmt.Sprintf("%v", this.Size_) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1946,6 +2886,7 @@ func (this *ReadContentResponse) String() string {
 	s := strings.Join([]string{`&ReadContentResponse{`,
 		`Offset:` + fmt.Sprintf("%v", this.Offset) + `,`,
 		`Data:` + fmt.Sprintf("%v", this.Data) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1955,12 +2896,13 @@ func (this *Status) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&Status{`,
-		`StartedAt:` + strings.Replace(strings.Replace(this.StartedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
-		`UpdatedAt:` + strings.Replace(strings.Replace(this.UpdatedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
+		`StartedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.StartedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
+		`UpdatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.UpdatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
 		`Ref:` + fmt.Sprintf("%v", this.Ref) + `,`,
 		`Offset:` + fmt.Sprintf("%v", this.Offset) + `,`,
 		`Total:` + fmt.Sprintf("%v", this.Total) + `,`,
 		`Expected:` + fmt.Sprintf("%v", this.Expected) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1971,6 +2913,7 @@ func (this *StatusRequest) String() string {
 	}
 	s := strings.Join([]string{`&StatusRequest{`,
 		`Ref:` + fmt.Sprintf("%v", this.Ref) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1980,7 +2923,8 @@ func (this *StatusResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&StatusResponse{`,
-		`Status:` + strings.Replace(fmt.Sprintf("%v", this.Status), "Status", "Status", 1) + `,`,
+		`Status:` + strings.Replace(this.Status.String(), "Status", "Status", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1991,6 +2935,7 @@ func (this *ListStatusesRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListStatusesRequest{`,
 		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1999,8 +2944,14 @@ func (this *ListStatusesResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForStatuses := "[]Status{"
+	for _, f := range this.Statuses {
+		repeatedStringForStatuses += strings.Replace(strings.Replace(f.String(), "Status", "Status", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForStatuses += "}"
 	s := strings.Join([]string{`&ListStatusesResponse{`,
-		`Statuses:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Statuses), "Status", "Status", 1), `&`, ``, 1) + `,`,
+		`Statuses:` + repeatedStringForStatuses + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2013,7 +2964,7 @@ func (this *WriteContentRequest) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -2027,6 +2978,7 @@ func (this *WriteContentRequest) String() string {
 		`Offset:` + fmt.Sprintf("%v", this.Offset) + `,`,
 		`Data:` + fmt.Sprintf("%v", this.Data) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2037,11 +2989,12 @@ func (this *WriteContentResponse) String() string {
 	}
 	s := strings.Join([]string{`&WriteContentResponse{`,
 		`Action:` + fmt.Sprintf("%v", this.Action) + `,`,
-		`StartedAt:` + strings.Replace(strings.Replace(this.StartedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
-		`UpdatedAt:` + strings.Replace(strings.Replace(this.UpdatedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
+		`StartedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.StartedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
+		`UpdatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.UpdatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
 		`Offset:` + fmt.Sprintf("%v", this.Offset) + `,`,
 		`Total:` + fmt.Sprintf("%v", this.Total) + `,`,
 		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2052,6 +3005,7 @@ func (this *AbortRequest) String() string {
 	}
 	s := strings.Join([]string{`&AbortRequest{`,
 		`Ref:` + fmt.Sprintf("%v", this.Ref) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2079,7 +3033,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2107,7 +3061,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2117,6 +3071,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2136,7 +3093,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Size_ |= (int64(b) & 0x7F) << shift
+				m.Size_ |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2155,7 +3112,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2164,10 +3121,13 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2185,7 +3145,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2194,10 +3154,13 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2215,7 +3178,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2224,6 +3187,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2244,7 +3210,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -2261,7 +3227,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2271,6 +3237,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContent
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthContent
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -2287,7 +3256,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2297,6 +3266,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContent
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthContent
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -2308,7 +3280,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthContent
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -2325,12 +3297,13 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2355,7 +3328,7 @@ func (m *InfoRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2383,7 +3356,7 @@ func (m *InfoRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2393,6 +3366,9 @@ func (m *InfoRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2404,12 +3380,13 @@ func (m *InfoRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2434,7 +3411,7 @@ func (m *InfoResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2462,7 +3439,7 @@ func (m *InfoResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2471,6 +3448,9 @@ func (m *InfoResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2484,12 +3464,13 @@ func (m *InfoResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2514,7 +3495,7 @@ func (m *UpdateRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2542,7 +3523,7 @@ func (m *UpdateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2551,6 +3532,9 @@ func (m *UpdateRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2572,7 +3556,7 @@ func (m *UpdateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2581,11 +3565,14 @@ func (m *UpdateRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.UpdateMask == nil {
-				m.UpdateMask = &google_protobuf1.FieldMask{}
+				m.UpdateMask = &types.FieldMask{}
 			}
 			if err := m.UpdateMask.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2597,12 +3584,13 @@ func (m *UpdateRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2627,7 +3615,7 @@ func (m *UpdateResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2655,7 +3643,7 @@ func (m *UpdateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2664,6 +3652,9 @@ func (m *UpdateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2677,12 +3668,13 @@ func (m *UpdateResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2707,7 +3699,7 @@ func (m *ListContentRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2735,7 +3727,7 @@ func (m *ListContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2745,6 +3737,9 @@ func (m *ListContentRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2756,12 +3751,13 @@ func (m *ListContentRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2786,7 +3782,7 @@ func (m *ListContentResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2814,7 +3810,7 @@ func (m *ListContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2823,6 +3819,9 @@ func (m *ListContentResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2837,12 +3836,13 @@ func (m *ListContentResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2867,7 +3867,7 @@ func (m *DeleteContentRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2895,7 +3895,7 @@ func (m *DeleteContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2905,6 +3905,9 @@ func (m *DeleteContentRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2916,12 +3919,13 @@ func (m *DeleteContentRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2946,7 +3950,7 @@ func (m *ReadContentRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2974,7 +3978,7 @@ func (m *ReadContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2984,6 +3988,9 @@ func (m *ReadContentRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3003,7 +4010,7 @@ func (m *ReadContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Offset |= (int64(b) & 0x7F) << shift
+				m.Offset |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3022,7 +4029,7 @@ func (m *ReadContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Size_ |= (int64(b) & 0x7F) << shift
+				m.Size_ |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3033,12 +4040,13 @@ func (m *ReadContentRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3063,7 +4071,7 @@ func (m *ReadContentResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3091,7 +4099,7 @@ func (m *ReadContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Offset |= (int64(b) & 0x7F) << shift
+				m.Offset |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3110,7 +4118,7 @@ func (m *ReadContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3119,6 +4127,9 @@ func (m *ReadContentResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3133,12 +4144,13 @@ func (m *ReadContentResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3163,7 +4175,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3191,7 +4203,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3200,10 +4212,13 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.StartedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -3221,7 +4236,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3230,10 +4245,13 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -3251,7 +4269,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3261,6 +4279,9 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3280,7 +4301,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Offset |= (int64(b) & 0x7F) << shift
+				m.Offset |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3299,7 +4320,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Total |= (int64(b) & 0x7F) << shift
+				m.Total |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3318,7 +4339,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3328,6 +4349,9 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3339,12 +4363,13 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3369,7 +4394,7 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3397,7 +4422,7 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3407,6 +4432,9 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3418,12 +4446,13 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3448,7 +4477,7 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3476,7 +4505,7 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3485,6 +4514,9 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3501,12 +4533,13 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3531,7 +4564,7 @@ func (m *ListStatusesRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3559,7 +4592,7 @@ func (m *ListStatusesRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3569,6 +4602,9 @@ func (m *ListStatusesRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3580,12 +4616,13 @@ func (m *ListStatusesRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3610,7 +4647,7 @@ func (m *ListStatusesResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3638,7 +4675,7 @@ func (m *ListStatusesResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3647,6 +4684,9 @@ func (m *ListStatusesResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3661,12 +4701,13 @@ func (m *ListStatusesResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3691,7 +4732,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3719,7 +4760,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Action |= (WriteAction(b) & 0x7F) << shift
+				m.Action |= WriteAction(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3738,7 +4779,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3748,6 +4789,9 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3767,7 +4811,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Total |= (int64(b) & 0x7F) << shift
+				m.Total |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3786,7 +4830,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3796,6 +4840,9 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3815,7 +4862,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Offset |= (int64(b) & 0x7F) << shift
+				m.Offset |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3834,7 +4881,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3843,6 +4890,9 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3865,7 +4915,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3874,6 +4924,9 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3894,7 +4947,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -3911,7 +4964,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3921,6 +4974,9 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContent
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthContent
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3937,7 +4993,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3947,6 +5003,9 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthContent
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthContent
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3958,7 +5017,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthContent
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -3975,12 +5034,13 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4005,7 +5065,7 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4033,7 +5093,7 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Action |= (WriteAction(b) & 0x7F) << shift
+				m.Action |= WriteAction(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4052,7 +5112,7 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4061,10 +5121,13 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.StartedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -4082,7 +5145,7 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4091,10 +5154,13 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -4112,7 +5178,7 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Offset |= (int64(b) & 0x7F) << shift
+				m.Offset |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4131,7 +5197,7 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Total |= (int64(b) & 0x7F) << shift
+				m.Total |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4150,7 +5216,7 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4160,6 +5226,9 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4171,12 +5240,13 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4201,7 +5271,7 @@ func (m *AbortRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4229,7 +5299,7 @@ func (m *AbortRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4239,6 +5309,9 @@ func (m *AbortRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthContent
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthContent
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4250,12 +5323,13 @@ func (m *AbortRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthContent
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4268,6 +5342,7 @@ func (m *AbortRequest) Unmarshal(dAtA []byte) error {
 func skipContent(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -4299,10 +5374,8 @@ func skipContent(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -4319,129 +5392,34 @@ func skipContent(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthContent
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowContent
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipContent(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupContent
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthContent
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthContent = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowContent   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthContent        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowContent          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupContent = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/content/v1/content.proto", fileDescriptorContent)
-}
-
-var fileDescriptorContent = []byte{
-	// 1081 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0xcd, 0x6f, 0x1b, 0x45,
-	0x14, 0xf7, 0x78, 0xed, 0x4d, 0xf2, 0x9c, 0x16, 0x33, 0x31, 0x95, 0xb5, 0x08, 0x67, 0xbb, 0x42,
-	0xc8, 0x6a, 0xc9, 0x3a, 0x75, 0x7a, 0x00, 0x2a, 0x01, 0x8e, 0x9b, 0xaa, 0x41, 0x4d, 0x41, 0x5b,
-	0x97, 0x40, 0x2f, 0x65, 0x6d, 0x8f, 0xcd, 0x2a, 0xb6, 0xd7, 0xdd, 0x19, 0x5b, 0x84, 0x13, 0x17,
-	0x24, 0x14, 0xf5, 0x80, 0xb8, 0xe7, 0x02, 0xfc, 0x15, 0x1c, 0x38, 0xe7, 0xc8, 0x11, 0x71, 0x68,
-	0x69, 0xfe, 0x07, 0xee, 0x68, 0x66, 0x67, 0xed, 0xf5, 0x47, 0x58, 0xdb, 0x31, 0x27, 0xbf, 0x99,
-	0x7d, 0xbf, 0xf7, 0xfd, 0x31, 0x86, 0x7b, 0x4d, 0x87, 0x7d, 0xdd, 0xab, 0x9a, 0x35, 0xb7, 0x5d,
-	0xa8, 0xb9, 0x1d, 0x66, 0x3b, 0x1d, 0xe2, 0xd5, 0xc3, 0xa4, 0xdd, 0x75, 0x0a, 0x94, 0x78, 0x7d,
-	0xa7, 0x46, 0xa8, 0xb8, 0x27, 0x1d, 0x56, 0xe8, 0xdf, 0x0a, 0x48, 0xb3, 0xeb, 0xb9, 0xcc, 0xc5,
-	0xb9, 0x21, 0xc2, 0x0c, 0xb8, 0xcd, 0x80, 0xa5, 0x7f, 0x4b, 0xcb, 0x34, 0xdd, 0xa6, 0x2b, 0x58,
-	0x0b, 0x9c, 0xf2, 0x51, 0x9a, 0xde, 0x74, 0xdd, 0x66, 0x8b, 0x14, 0xc4, 0xa9, 0xda, 0x6b, 0x14,
-	0x1a, 0x0e, 0x69, 0xd5, 0x9f, 0xb6, 0x6d, 0x7a, 0x24, 0x39, 0x36, 0xc7, 0x39, 0x98, 0xd3, 0x26,
-	0x94, 0xd9, 0xed, 0xae, 0x64, 0x78, 0x73, 0x9c, 0x81, 0xb4, 0xbb, 0xec, 0xd8, 0xff, 0x68, 0xfc,
-	0x13, 0x87, 0xc4, 0x7e, 0xa7, 0xe1, 0xe2, 0x4f, 0x40, 0xad, 0x3b, 0x4d, 0x42, 0x59, 0x16, 0xe9,
-	0x28, 0xbf, 0xb6, 0x5b, 0x3c, 0x7b, 0xb1, 0x19, 0xfb, 0xeb, 0xc5, 0xe6, 0x8d, 0x90, 0xfb, 0x6e,
-	0x97, 0x74, 0x06, 0x5e, 0xd0, 0x42, 0xd3, 0xdd, 0xf2, 0x21, 0xe6, 0x5d, 0xf1, 0x63, 0x49, 0x09,
-	0x18, 0x43, 0x82, 0x3a, 0xdf, 0x92, 0x6c, 0x5c, 0x47, 0x79, 0xc5, 0x12, 0x34, 0x2e, 0x03, 0xd4,
-	0x3c, 0x62, 0x33, 0x52, 0x7f, 0x6a, 0xb3, 0xac, 0xa2, 0xa3, 0x7c, 0xaa, 0xa8, 0x99, 0xbe, 0x69,
-	0x66, 0x60, 0x9a, 0x59, 0x09, 0x6c, 0xdf, 0x5d, 0xe5, 0xfa, 0x7f, 0x7c, 0xb9, 0x89, 0xac, 0x35,
-	0x89, 0x2b, 0x31, 0x2e, 0xa4, 0xd7, 0xad, 0x07, 0x42, 0x12, 0xf3, 0x08, 0x91, 0xb8, 0x12, 0xc3,
-	0xf7, 0x41, 0x6d, 0xd9, 0x55, 0xd2, 0xa2, 0xd9, 0xa4, 0xae, 0xe4, 0x53, 0xc5, 0x6d, 0xf3, 0xbf,
-	0x33, 0x63, 0xf2, 0xf8, 0x98, 0x0f, 0x04, 0x64, 0xaf, 0xc3, 0xbc, 0x63, 0x4b, 0xe2, 0xb5, 0xf7,
-	0x21, 0x15, 0xba, 0xc6, 0x69, 0x50, 0x8e, 0xc8, 0xb1, 0x1f, 0x3f, 0x8b, 0x93, 0x38, 0x03, 0xc9,
-	0xbe, 0xdd, 0xea, 0xf9, 0x91, 0x58, 0xb3, 0xfc, 0xc3, 0x07, 0xf1, 0xf7, 0x90, 0xf1, 0x25, 0xa4,
-	0xb8, 0x58, 0x8b, 0x3c, 0xeb, 0xf1, 0x88, 0x2d, 0x31, 0xfa, 0xc6, 0x43, 0x58, 0xf7, 0x45, 0xd3,
-	0xae, 0xdb, 0xa1, 0x04, 0x7f, 0x08, 0x09, 0xa7, 0xd3, 0x70, 0x85, 0xe4, 0x54, 0xf1, 0xed, 0x59,
-	0xbc, 0xdd, 0x4d, 0x70, 0xfd, 0x96, 0xc0, 0x19, 0xcf, 0x11, 0x5c, 0x79, 0x2c, 0xa2, 0x17, 0x58,
-	0x7b, 0x49, 0x89, 0xf8, 0x0e, 0xa4, 0xfc, 0x74, 0x88, 0x3a, 0x16, 0xc1, 0x99, 0x96, 0xc7, 0x7b,
-	0xbc, 0xd4, 0x0f, 0x6c, 0x7a, 0x64, 0xc9, 0xac, 0x73, 0xda, 0xf8, 0x0c, 0xae, 0x06, 0xd6, 0x2c,
-	0xc9, 0x41, 0x13, 0xf0, 0x03, 0x87, 0xb2, 0xb2, 0xcf, 0x12, 0x38, 0x99, 0x85, 0x95, 0x86, 0xd3,
-	0x62, 0xc4, 0xa3, 0x59, 0xa4, 0x2b, 0xf9, 0x35, 0x2b, 0x38, 0x1a, 0x8f, 0x61, 0x63, 0x84, 0x7f,
-	0xc2, 0x0c, 0x65, 0x21, 0x33, 0xaa, 0x90, 0xb9, 0x4b, 0x5a, 0x84, 0x91, 0x31, 0x43, 0x96, 0x59,
-	0x1b, 0xcf, 0x11, 0x60, 0x8b, 0xd8, 0xf5, 0xff, 0x4f, 0x05, 0xbe, 0x06, 0xaa, 0xdb, 0x68, 0x50,
-	0xc2, 0x64, 0xfb, 0xcb, 0xd3, 0x60, 0x28, 0x28, 0xc3, 0xa1, 0x60, 0x94, 0x60, 0x63, 0xc4, 0x1a,
-	0x19, 0xc9, 0xa1, 0x08, 0x34, 0x2e, 0xa2, 0x6e, 0x33, 0x5b, 0x08, 0x5e, 0xb7, 0x04, 0x6d, 0xfc,
-	0x1c, 0x07, 0xf5, 0x11, 0xb3, 0x59, 0x8f, 0xf2, 0xe9, 0x40, 0x99, 0xed, 0xc9, 0xe9, 0x80, 0xe6,
-	0x99, 0x0e, 0x12, 0x37, 0x31, 0x62, 0xe2, 0x8b, 0x8d, 0x98, 0x34, 0x28, 0x1e, 0x69, 0x08, 0x57,
-	0xd7, 0x2c, 0x4e, 0x86, 0x5c, 0x4a, 0x8c, 0xb8, 0x94, 0x81, 0x24, 0x73, 0x99, 0xdd, 0xca, 0x26,
-	0xc5, 0xb5, 0x7f, 0xc0, 0x0f, 0x61, 0x95, 0x7c, 0xd3, 0x25, 0x35, 0x46, 0xea, 0x59, 0x75, 0xe1,
-	0x8c, 0x0c, 0x64, 0x18, 0xd7, 0xe1, 0x8a, 0x1f, 0xa3, 0x20, 0xe1, 0xd2, 0x40, 0x34, 0x30, 0x90,
-	0xb7, 0x55, 0xc0, 0x32, 0xa8, 0x67, 0x95, 0x8a, 0x1b, 0x19, 0xca, 0x77, 0xa2, 0x2a, 0x5a, 0xe2,
-	0x25, 0xca, 0x28, 0xf8, 0x6d, 0xe2, 0xdf, 0x12, 0x1a, 0xdd, 0x57, 0x5f, 0x41, 0x66, 0x14, 0x20,
-	0x0d, 0xb9, 0x0f, 0xab, 0x54, 0xde, 0xc9, 0xe6, 0x9a, 0xd1, 0x14, 0xd9, 0x5e, 0x03, 0xb4, 0xf1,
-	0x93, 0x02, 0x1b, 0x87, 0x9e, 0x33, 0xd1, 0x62, 0x65, 0x50, 0xed, 0x1a, 0x73, 0xdc, 0x8e, 0x70,
-	0xf5, 0x6a, 0xf1, 0x66, 0x94, 0x7c, 0x21, 0xa4, 0x24, 0x20, 0x96, 0x84, 0x06, 0x31, 0x8d, 0x0f,
-	0x93, 0x3e, 0x48, 0xae, 0x72, 0x51, 0x72, 0x13, 0x97, 0x4f, 0x6e, 0xa8, 0xb4, 0x92, 0x53, 0xbb,
-	0x45, 0x1d, 0x76, 0x0b, 0x3e, 0x1c, 0xec, 0xbe, 0x15, 0x11, 0xc8, 0x8f, 0x66, 0x72, 0x74, 0x34,
-	0x5a, 0xcb, 0x5e, 0x85, 0x2f, 0xe3, 0x90, 0x19, 0x55, 0x23, 0xf3, 0xbe, 0x94, 0xac, 0x8c, 0x0e,
-	0x85, 0xf8, 0x32, 0x86, 0x82, 0xb2, 0xd8, 0x50, 0x98, 0x6f, 0x04, 0x0c, 0x47, 0xb2, 0x7a, 0xe9,
-	0xa9, 0xaf, 0xc3, 0x7a, 0xa9, 0xea, 0x7a, 0xec, 0xc2, 0xee, 0xbf, 0xf1, 0x3d, 0x82, 0x54, 0x28,
-	0x7a, 0xf8, 0x2d, 0x48, 0x3c, 0xaa, 0x94, 0x2a, 0xe9, 0x98, 0xb6, 0x71, 0x72, 0xaa, 0xbf, 0x16,
-	0xfa, 0xc4, 0x3b, 0x0b, 0x6f, 0x42, 0xf2, 0xd0, 0xda, 0xaf, 0xec, 0xa5, 0x91, 0x96, 0x39, 0x39,
-	0xd5, 0xd3, 0xa1, 0xef, 0x82, 0xc4, 0xd7, 0x41, 0x2d, 0x7f, 0x7a, 0x70, 0xb0, 0x5f, 0x49, 0xc7,
-	0xb5, 0x37, 0x4e, 0x4e, 0xf5, 0xd7, 0x43, 0x1c, 0x65, 0xb7, 0xdd, 0x76, 0x98, 0xb6, 0xf1, 0xc3,
-	0x2f, 0xb9, 0xd8, 0x6f, 0xbf, 0xe6, 0xc2, 0x7a, 0x8b, 0xbf, 0xaf, 0xc0, 0x8a, 0x2c, 0x03, 0x6c,
-	0xcb, 0x97, 0xe9, 0xcd, 0x59, 0x36, 0xa9, 0x74, 0x4d, 0x7b, 0x77, 0x36, 0x66, 0x59, 0x61, 0x4d,
-	0x50, 0xfd, 0xb7, 0x04, 0xde, 0x8a, 0xc2, 0x8d, 0xbc, 0x80, 0x34, 0x73, 0x56, 0x76, 0xa9, 0xe8,
-	0x19, 0x24, 0xf8, 0x68, 0xc3, 0xc5, 0x28, 0xdc, 0xe4, 0x43, 0x44, 0xdb, 0x99, 0x0b, 0xe3, 0x2b,
-	0xdc, 0x46, 0xf8, 0x73, 0x50, 0xfd, 0xe7, 0x04, 0xbe, 0x1d, 0x25, 0x60, 0xda, 0xb3, 0x43, 0xbb,
-	0x36, 0x51, 0xdf, 0x7b, 0xfc, 0x7f, 0x03, 0x77, 0x85, 0xef, 0xec, 0x68, 0x57, 0x26, 0xdf, 0x19,
-	0xd1, 0xae, 0x4c, 0x79, 0x0d, 0x6c, 0x23, 0x9e, 0x26, 0xb9, 0xe2, 0xb7, 0x66, 0xdc, 0x41, 0xb3,
-	0xa6, 0x69, 0x6c, 0xe5, 0x1d, 0xc3, 0x7a, 0x78, 0x03, 0xe1, 0x99, 0x42, 0x3f, 0xb6, 0xe0, 0xb4,
-	0xdb, 0xf3, 0x81, 0xa4, 0xea, 0x3e, 0x24, 0xfd, 0xd6, 0xd9, 0x59, 0x60, 0x24, 0x47, 0xeb, 0x9c,
-	0x36, 0x60, 0xf3, 0x68, 0x1b, 0xe1, 0x03, 0x48, 0x8a, 0xd9, 0x80, 0x23, 0x3b, 0x27, 0x3c, 0x42,
-	0x2e, 0xaa, 0x8e, 0xdd, 0x27, 0x67, 0xaf, 0x72, 0xb1, 0x3f, 0x5f, 0xe5, 0x62, 0xdf, 0x9d, 0xe7,
-	0xd0, 0xd9, 0x79, 0x0e, 0xfd, 0x71, 0x9e, 0x43, 0x7f, 0x9f, 0xe7, 0xd0, 0x93, 0x8f, 0x17, 0xfd,
-	0x1f, 0x7d, 0x47, 0x92, 0x5f, 0xc4, 0xaa, 0xaa, 0xd0, 0xb6, 0xf3, 0x6f, 0x00, 0x00, 0x00, 0xff,
-	0xff, 0xc0, 0xc2, 0x35, 0xb1, 0x94, 0x0f, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/content/v1/content.proto b/vendor/github.com/containerd/containerd/api/services/content/v1/content.proto
index 086b3e39b1fe7..b33ea5b2e8c4f 100644
--- a/vendor/github.com/containerd/containerd/api/services/content/v1/content.proto
+++ b/vendor/github.com/containerd/containerd/api/services/content/v1/content.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.content.v1;
diff --git a/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.pb.go b/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.pb.go
index 6eba311ffb485..b1450ceb82f64 100644
--- a/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.pb.go
@@ -1,36 +1,24 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/diff/v1/diff.proto
 
-/*
-	Package diff is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/diff/v1/diff.proto
-
-	It has these top-level messages:
-		ApplyRequest
-		ApplyResponse
-		DiffRequest
-		DiffResponse
-*/
 package diff
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import containerd_types "github.com/containerd/containerd/api/types"
-import containerd_types1 "github.com/containerd/containerd/api/types"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	types "github.com/containerd/containerd/api/types"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	types1 "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -41,36 +29,99 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type ApplyRequest struct {
 	// Diff is the descriptor of the diff to be extracted
-	Diff   *containerd_types1.Descriptor `protobuf:"bytes,1,opt,name=diff" json:"diff,omitempty"`
-	Mounts []*containerd_types.Mount     `protobuf:"bytes,2,rep,name=mounts" json:"mounts,omitempty"`
+	Diff                 *types.Descriptor      `protobuf:"bytes,1,opt,name=diff,proto3" json:"diff,omitempty"`
+	Mounts               []*types.Mount         `protobuf:"bytes,2,rep,name=mounts,proto3" json:"mounts,omitempty"`
+	Payloads             map[string]*types1.Any `protobuf:"bytes,3,rep,name=payloads,proto3" json:"payloads,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
+	XXX_unrecognized     []byte                 `json:"-"`
+	XXX_sizecache        int32                  `json:"-"`
+}
+
+func (m *ApplyRequest) Reset()      { *m = ApplyRequest{} }
+func (*ApplyRequest) ProtoMessage() {}
+func (*ApplyRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_3b36a99e6faaa935, []int{0}
+}
+func (m *ApplyRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ApplyRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ApplyRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ApplyRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ApplyRequest.Merge(m, src)
+}
+func (m *ApplyRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ApplyRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ApplyRequest.DiscardUnknown(m)
 }
 
-func (m *ApplyRequest) Reset()                    { *m = ApplyRequest{} }
-func (*ApplyRequest) ProtoMessage()               {}
-func (*ApplyRequest) Descriptor() ([]byte, []int) { return fileDescriptorDiff, []int{0} }
+var xxx_messageInfo_ApplyRequest proto.InternalMessageInfo
 
 type ApplyResponse struct {
 	// Applied is the descriptor for the object which was applied.
 	// If the input was a compressed blob then the result will be
 	// the descriptor for the uncompressed blob.
-	Applied *containerd_types1.Descriptor `protobuf:"bytes,1,opt,name=applied" json:"applied,omitempty"`
+	Applied              *types.Descriptor `protobuf:"bytes,1,opt,name=applied,proto3" json:"applied,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
 }
 
-func (m *ApplyResponse) Reset()                    { *m = ApplyResponse{} }
-func (*ApplyResponse) ProtoMessage()               {}
-func (*ApplyResponse) Descriptor() ([]byte, []int) { return fileDescriptorDiff, []int{1} }
+func (m *ApplyResponse) Reset()      { *m = ApplyResponse{} }
+func (*ApplyResponse) ProtoMessage() {}
+func (*ApplyResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_3b36a99e6faaa935, []int{1}
+}
+func (m *ApplyResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ApplyResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ApplyResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ApplyResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ApplyResponse.Merge(m, src)
+}
+func (m *ApplyResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ApplyResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ApplyResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ApplyResponse proto.InternalMessageInfo
 
 type DiffRequest struct {
 	// Left are the mounts which represent the older copy
 	// in which is the base of the computed changes.
-	Left []*containerd_types.Mount `protobuf:"bytes,1,rep,name=left" json:"left,omitempty"`
+	Left []*types.Mount `protobuf:"bytes,1,rep,name=left,proto3" json:"left,omitempty"`
 	// Right are the mounts which represents the newer copy
 	// in which changes from the left were made into.
-	Right []*containerd_types.Mount `protobuf:"bytes,2,rep,name=right" json:"right,omitempty"`
+	Right []*types.Mount `protobuf:"bytes,2,rep,name=right,proto3" json:"right,omitempty"`
 	// MediaType is the media type descriptor for the created diff
 	// object
 	MediaType string `protobuf:"bytes,3,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"`
@@ -79,29 +130,134 @@ type DiffRequest struct {
 	Ref string `protobuf:"bytes,4,opt,name=ref,proto3" json:"ref,omitempty"`
 	// Labels are the labels to apply to the generated content
 	// on content store commit.
-	Labels map[string]string `protobuf:"bytes,5,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels               map[string]string `protobuf:"bytes,5,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
 }
 
-func (m *DiffRequest) Reset()                    { *m = DiffRequest{} }
-func (*DiffRequest) ProtoMessage()               {}
-func (*DiffRequest) Descriptor() ([]byte, []int) { return fileDescriptorDiff, []int{2} }
+func (m *DiffRequest) Reset()      { *m = DiffRequest{} }
+func (*DiffRequest) ProtoMessage() {}
+func (*DiffRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_3b36a99e6faaa935, []int{2}
+}
+func (m *DiffRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DiffRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DiffRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DiffRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DiffRequest.Merge(m, src)
+}
+func (m *DiffRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DiffRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DiffRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_DiffRequest proto.InternalMessageInfo
 
 type DiffResponse struct {
 	// Diff is the descriptor of the diff which can be applied
-	Diff *containerd_types1.Descriptor `protobuf:"bytes,3,opt,name=diff" json:"diff,omitempty"`
+	Diff                 *types.Descriptor `protobuf:"bytes,3,opt,name=diff,proto3" json:"diff,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
 }
 
-func (m *DiffResponse) Reset()                    { *m = DiffResponse{} }
-func (*DiffResponse) ProtoMessage()               {}
-func (*DiffResponse) Descriptor() ([]byte, []int) { return fileDescriptorDiff, []int{3} }
+func (m *DiffResponse) Reset()      { *m = DiffResponse{} }
+func (*DiffResponse) ProtoMessage() {}
+func (*DiffResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_3b36a99e6faaa935, []int{3}
+}
+func (m *DiffResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DiffResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DiffResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DiffResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DiffResponse.Merge(m, src)
+}
+func (m *DiffResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *DiffResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_DiffResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_DiffResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*ApplyRequest)(nil), "containerd.services.diff.v1.ApplyRequest")
+	proto.RegisterMapType((map[string]*types1.Any)(nil), "containerd.services.diff.v1.ApplyRequest.PayloadsEntry")
 	proto.RegisterType((*ApplyResponse)(nil), "containerd.services.diff.v1.ApplyResponse")
 	proto.RegisterType((*DiffRequest)(nil), "containerd.services.diff.v1.DiffRequest")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.diff.v1.DiffRequest.LabelsEntry")
 	proto.RegisterType((*DiffResponse)(nil), "containerd.services.diff.v1.DiffResponse")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/diff/v1/diff.proto", fileDescriptor_3b36a99e6faaa935)
+}
+
+var fileDescriptor_3b36a99e6faaa935 = []byte{
+	// 526 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x54, 0x41, 0x6f, 0xd3, 0x4c,
+	0x10, 0x8d, 0xed, 0x24, 0xdf, 0x97, 0x49, 0x2b, 0xa1, 0x55, 0x24, 0x8c, 0x01, 0xab, 0xca, 0x29,
+	0x2d, 0x62, 0x4d, 0x03, 0x2a, 0xd0, 0x5e, 0x5a, 0x54, 0xc4, 0xa5, 0x48, 0x60, 0x7a, 0x40, 0x20,
+	0x81, 0x9c, 0x78, 0xed, 0xae, 0x70, 0xbc, 0x8b, 0x77, 0x1d, 0xc9, 0x37, 0xfe, 0x06, 0x67, 0x7e,
+	0x0a, 0x97, 0x1e, 0x39, 0x72, 0xa4, 0xf9, 0x25, 0xc8, 0xeb, 0x75, 0x31, 0x02, 0x05, 0xc3, 0xc9,
+	0x9b, 0x9d, 0xf7, 0xde, 0xce, 0xbc, 0x37, 0x0a, 0x1c, 0xc6, 0x54, 0x9e, 0xe5, 0x33, 0x3c, 0x67,
+	0x0b, 0x6f, 0xce, 0x52, 0x19, 0xd0, 0x94, 0x64, 0x61, 0xf3, 0x18, 0x70, 0xea, 0x09, 0x92, 0x2d,
+	0xe9, 0x9c, 0x08, 0x2f, 0xa4, 0x51, 0xe4, 0x2d, 0x77, 0xd5, 0x17, 0xf3, 0x8c, 0x49, 0x86, 0xae,
+	0xff, 0xc0, 0xe2, 0x1a, 0x87, 0x55, 0x7d, 0xb9, 0xeb, 0x8c, 0x62, 0x16, 0x33, 0x85, 0xf3, 0xca,
+	0x53, 0x45, 0x71, 0xae, 0xc5, 0x8c, 0xc5, 0x09, 0xf1, 0xd4, 0xaf, 0x59, 0x1e, 0x79, 0x41, 0x5a,
+	0xe8, 0xd2, 0x5e, 0xab, 0x7e, 0x64, 0xc1, 0x89, 0xf0, 0x16, 0x2c, 0x4f, 0xa5, 0xe6, 0x1d, 0xfc,
+	0x05, 0x2f, 0x24, 0x62, 0x9e, 0x51, 0x2e, 0x59, 0x56, 0x91, 0xc7, 0x1f, 0x4d, 0xd8, 0x38, 0xe2,
+	0x3c, 0x29, 0x7c, 0xf2, 0x3e, 0x27, 0x42, 0xa2, 0x3b, 0xd0, 0x2d, 0x27, 0xb0, 0x8d, 0x2d, 0x63,
+	0x32, 0x9c, 0xde, 0xc0, 0x8d, 0x11, 0x95, 0x04, 0x3e, 0xbe, 0x94, 0xf0, 0x15, 0x12, 0x79, 0xd0,
+	0x57, 0xed, 0x08, 0xdb, 0xdc, 0xb2, 0x26, 0xc3, 0xe9, 0xd5, 0x5f, 0x39, 0x4f, 0xcb, 0xba, 0xaf,
+	0x61, 0xe8, 0x05, 0xfc, 0xcf, 0x83, 0x22, 0x61, 0x41, 0x28, 0x6c, 0x4b, 0x51, 0xee, 0xe3, 0x35,
+	0x4e, 0xe2, 0x66, 0x7f, 0xf8, 0x99, 0x66, 0x3e, 0x4e, 0x65, 0x56, 0xf8, 0x97, 0x42, 0xce, 0x73,
+	0xd8, 0xfc, 0xa9, 0x84, 0xae, 0x80, 0xf5, 0x8e, 0x14, 0x6a, 0x8e, 0x81, 0x5f, 0x1e, 0xd1, 0x0e,
+	0xf4, 0x96, 0x41, 0x92, 0x13, 0xdb, 0x54, 0xb3, 0x8d, 0x70, 0x95, 0x05, 0xae, 0xb3, 0xc0, 0x47,
+	0x69, 0xe1, 0x57, 0x90, 0x7d, 0xf3, 0x81, 0x31, 0x7e, 0x02, 0x9b, 0xfa, 0x69, 0xc1, 0x59, 0x2a,
+	0x08, 0xda, 0x83, 0xff, 0x02, 0xce, 0x13, 0x4a, 0xc2, 0x56, 0xf6, 0xd4, 0xe0, 0xf1, 0x27, 0x13,
+	0x86, 0xc7, 0x34, 0x8a, 0x6a, 0x8f, 0x6f, 0x41, 0x37, 0x21, 0x91, 0xb4, 0x8d, 0xf5, 0x7e, 0x29,
+	0x10, 0xba, 0x0d, 0xbd, 0x8c, 0xc6, 0x67, 0xf2, 0x4f, 0xee, 0x56, 0x28, 0x74, 0x13, 0x60, 0x41,
+	0x42, 0x1a, 0xbc, 0x2d, 0x6b, 0xb6, 0xa5, 0xa6, 0x1f, 0xa8, 0x9b, 0xd3, 0x82, 0x93, 0xd2, 0x95,
+	0x8c, 0x44, 0x76, 0xb7, 0x72, 0x25, 0x23, 0x11, 0x3a, 0x81, 0x7e, 0x12, 0xcc, 0x48, 0x22, 0xec,
+	0x9e, 0x7a, 0xe0, 0xde, 0xda, 0x2c, 0x1a, 0x63, 0xe0, 0x13, 0x45, 0xab, 0x82, 0xd0, 0x1a, 0xce,
+	0x43, 0x18, 0x36, 0xae, 0x7f, 0x13, 0xc2, 0xa8, 0x19, 0xc2, 0xa0, 0x69, 0xf7, 0x21, 0x6c, 0x54,
+	0xea, 0xda, 0xed, 0x7a, 0x13, 0xad, 0xb6, 0x9b, 0x38, 0xfd, 0x6c, 0x40, 0xb7, 0x94, 0x40, 0x6f,
+	0xa0, 0xa7, 0x92, 0x43, 0xdb, 0xad, 0x17, 0xcb, 0xd9, 0x69, 0x03, 0xd5, 0xad, 0xbd, 0xd6, 0xef,
+	0x4c, 0xda, 0x7a, 0xe5, 0x6c, 0xb7, 0x40, 0x56, 0xe2, 0x8f, 0x4e, 0xcf, 0x2f, 0xdc, 0xce, 0xd7,
+	0x0b, 0xb7, 0xf3, 0x61, 0xe5, 0x1a, 0xe7, 0x2b, 0xd7, 0xf8, 0xb2, 0x72, 0x8d, 0x6f, 0x2b, 0xd7,
+	0x78, 0xb5, 0xff, 0x4f, 0xff, 0x58, 0x07, 0xe5, 0xf7, 0x65, 0x67, 0xd6, 0x57, 0x7b, 0x7e, 0xf7,
+	0x7b, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf7, 0x85, 0x25, 0xb8, 0xf8, 0x04, 0x00, 0x00,
+}
+
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ grpc.ClientConn
@@ -110,8 +266,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Diff service
-
+// DiffClient is the client API for Diff service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type DiffClient interface {
 	// Apply applies the content associated with the provided digests onto
 	// the provided mounts. Archive content will be extracted and
@@ -132,7 +289,7 @@ func NewDiffClient(cc *grpc.ClientConn) DiffClient {
 
 func (c *diffClient) Apply(ctx context.Context, in *ApplyRequest, opts ...grpc.CallOption) (*ApplyResponse, error) {
 	out := new(ApplyResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.diff.v1.Diff/Apply", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.diff.v1.Diff/Apply", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -141,15 +298,14 @@ func (c *diffClient) Apply(ctx context.Context, in *ApplyRequest, opts ...grpc.C
 
 func (c *diffClient) Diff(ctx context.Context, in *DiffRequest, opts ...grpc.CallOption) (*DiffResponse, error) {
 	out := new(DiffResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.diff.v1.Diff/Diff", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.diff.v1.Diff/Diff", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Diff service
-
+// DiffServer is the server API for Diff service.
 type DiffServer interface {
 	// Apply applies the content associated with the provided digests onto
 	// the provided mounts. Archive content will be extracted and
@@ -160,6 +316,17 @@ type DiffServer interface {
 	Diff(context.Context, *DiffRequest) (*DiffResponse, error)
 }
 
+// UnimplementedDiffServer can be embedded to have forward compatible implementations.
+type UnimplementedDiffServer struct {
+}
+
+func (*UnimplementedDiffServer) Apply(ctx context.Context, req *ApplyRequest) (*ApplyResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Apply not implemented")
+}
+func (*UnimplementedDiffServer) Diff(ctx context.Context, req *DiffRequest) (*DiffResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Diff not implemented")
+}
+
 func RegisterDiffServer(s *grpc.Server, srv DiffServer) {
 	s.RegisterService(&_Diff_serviceDesc, srv)
 }
@@ -220,7 +387,7 @@ var _Diff_serviceDesc = grpc.ServiceDesc{
 func (m *ApplyRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -228,39 +395,78 @@ func (m *ApplyRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ApplyRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ApplyRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Diff != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDiff(dAtA, i, uint64(m.Diff.Size()))
-		n1, err := m.Diff.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Payloads) > 0 {
+		for k := range m.Payloads {
+			v := m.Payloads[k]
+			baseI := i
+			if v != nil {
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintDiff(dAtA, i, uint64(size))
+				}
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintDiff(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintDiff(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
-		i += n1
 	}
 	if len(m.Mounts) > 0 {
-		for _, msg := range m.Mounts {
+		for iNdEx := len(m.Mounts) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Mounts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintDiff(dAtA, i, uint64(size))
+			}
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintDiff(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+		}
+	}
+	if m.Diff != nil {
+		{
+			size, err := m.Diff.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintDiff(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ApplyResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -268,27 +474,38 @@ func (m *ApplyResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ApplyResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ApplyResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Applied != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDiff(dAtA, i, uint64(m.Applied.Size()))
-		n2, err := m.Applied.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Applied.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintDiff(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DiffRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -296,70 +513,87 @@ func (m *DiffRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DiffRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DiffRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Left) > 0 {
-		for _, msg := range m.Left {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintDiff(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Right) > 0 {
-		for _, msg := range m.Right {
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintDiff(dAtA, i, uint64(len(v)))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintDiff(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintDiff(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintDiff(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x2a
 		}
 	}
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintDiff(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0x22
+	}
 	if len(m.MediaType) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.MediaType)
+		copy(dAtA[i:], m.MediaType)
 		i = encodeVarintDiff(dAtA, i, uint64(len(m.MediaType)))
-		i += copy(dAtA[i:], m.MediaType)
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintDiff(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
+	if len(m.Right) > 0 {
+		for iNdEx := len(m.Right) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Right[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintDiff(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
 	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x2a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovDiff(uint64(len(k))) + 1 + len(v) + sovDiff(uint64(len(v)))
-			i = encodeVarintDiff(dAtA, i, uint64(mapSize))
+	if len(m.Left) > 0 {
+		for iNdEx := len(m.Left) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Left[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintDiff(dAtA, i, uint64(size))
+			}
+			i--
 			dAtA[i] = 0xa
-			i++
-			i = encodeVarintDiff(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintDiff(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DiffResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -367,33 +601,49 @@ func (m *DiffResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DiffResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DiffResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Diff != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintDiff(dAtA, i, uint64(m.Diff.Size()))
-		n3, err := m.Diff.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Diff.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintDiff(dAtA, i, uint64(size))
 		}
-		i += n3
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintDiff(dAtA []byte, offset int, v uint64) int {
+	offset -= sovDiff(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *ApplyRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Diff != nil {
@@ -406,20 +656,45 @@ func (m *ApplyRequest) Size() (n int) {
 			n += 1 + l + sovDiff(uint64(l))
 		}
 	}
+	if len(m.Payloads) > 0 {
+		for k, v := range m.Payloads {
+			_ = k
+			_ = v
+			l = 0
+			if v != nil {
+				l = v.Size()
+				l += 1 + sovDiff(uint64(l))
+			}
+			mapEntrySize := 1 + len(k) + sovDiff(uint64(len(k))) + l
+			n += mapEntrySize + 1 + sovDiff(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ApplyResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Applied != nil {
 		l = m.Applied.Size()
 		n += 1 + l + sovDiff(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DiffRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Left) > 0 {
@@ -450,28 +725,30 @@ func (m *DiffRequest) Size() (n int) {
 			n += mapEntrySize + 1 + sovDiff(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DiffResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Diff != nil {
 		l = m.Diff.Size()
 		n += 1 + l + sovDiff(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovDiff(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozDiff(x uint64) (n int) {
 	return sovDiff(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -480,9 +757,26 @@ func (this *ApplyRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMounts := "[]*Mount{"
+	for _, f := range this.Mounts {
+		repeatedStringForMounts += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForMounts += "}"
+	keysForPayloads := make([]string, 0, len(this.Payloads))
+	for k, _ := range this.Payloads {
+		keysForPayloads = append(keysForPayloads, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForPayloads)
+	mapStringForPayloads := "map[string]*types1.Any{"
+	for _, k := range keysForPayloads {
+		mapStringForPayloads += fmt.Sprintf("%v: %v,", k, this.Payloads[k])
+	}
+	mapStringForPayloads += "}"
 	s := strings.Join([]string{`&ApplyRequest{`,
-		`Diff:` + strings.Replace(fmt.Sprintf("%v", this.Diff), "Descriptor", "containerd_types1.Descriptor", 1) + `,`,
-		`Mounts:` + strings.Replace(fmt.Sprintf("%v", this.Mounts), "Mount", "containerd_types.Mount", 1) + `,`,
+		`Diff:` + strings.Replace(fmt.Sprintf("%v", this.Diff), "Descriptor", "types.Descriptor", 1) + `,`,
+		`Mounts:` + repeatedStringForMounts + `,`,
+		`Payloads:` + mapStringForPayloads + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -492,7 +786,8 @@ func (this *ApplyResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&ApplyResponse{`,
-		`Applied:` + strings.Replace(fmt.Sprintf("%v", this.Applied), "Descriptor", "containerd_types1.Descriptor", 1) + `,`,
+		`Applied:` + strings.Replace(fmt.Sprintf("%v", this.Applied), "Descriptor", "types.Descriptor", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -501,22 +796,33 @@ func (this *DiffRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForLeft := "[]*Mount{"
+	for _, f := range this.Left {
+		repeatedStringForLeft += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForLeft += "}"
+	repeatedStringForRight := "[]*Mount{"
+	for _, f := range this.Right {
+		repeatedStringForRight += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForRight += "}"
 	keysForLabels := make([]string, 0, len(this.Labels))
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
 	}
 	mapStringForLabels += "}"
 	s := strings.Join([]string{`&DiffRequest{`,
-		`Left:` + strings.Replace(fmt.Sprintf("%v", this.Left), "Mount", "containerd_types.Mount", 1) + `,`,
-		`Right:` + strings.Replace(fmt.Sprintf("%v", this.Right), "Mount", "containerd_types.Mount", 1) + `,`,
+		`Left:` + repeatedStringForLeft + `,`,
+		`Right:` + repeatedStringForRight + `,`,
 		`MediaType:` + fmt.Sprintf("%v", this.MediaType) + `,`,
 		`Ref:` + fmt.Sprintf("%v", this.Ref) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -526,7 +832,8 @@ func (this *DiffResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&DiffResponse{`,
-		`Diff:` + strings.Replace(fmt.Sprintf("%v", this.Diff), "Descriptor", "containerd_types1.Descriptor", 1) + `,`,
+		`Diff:` + strings.Replace(fmt.Sprintf("%v", this.Diff), "Descriptor", "types.Descriptor", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -554,7 +861,7 @@ func (m *ApplyRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -582,7 +889,7 @@ func (m *ApplyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -591,11 +898,14 @@ func (m *ApplyRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Diff == nil {
-				m.Diff = &containerd_types1.Descriptor{}
+				m.Diff = &types.Descriptor{}
 			}
 			if err := m.Diff.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -615,7 +925,7 @@ func (m *ApplyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -624,26 +934,159 @@ func (m *ApplyRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Mounts = append(m.Mounts, &containerd_types.Mount{})
+			m.Mounts = append(m.Mounts, &types.Mount{})
 			if err := m.Mounts[len(m.Mounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Payloads", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowDiff
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthDiff
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Payloads == nil {
+				m.Payloads = make(map[string]*types1.Any)
+			}
+			var mapkey string
+			var mapvalue *types1.Any
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowDiff
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowDiff
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthDiff
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthDiff
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowDiff
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthDiff
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthDiff
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &types1.Any{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipDiff(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthDiff
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Payloads[mapkey] = mapvalue
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipDiff(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDiff
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -668,7 +1111,7 @@ func (m *ApplyResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -696,7 +1139,7 @@ func (m *ApplyResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -705,11 +1148,14 @@ func (m *ApplyResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Applied == nil {
-				m.Applied = &containerd_types1.Descriptor{}
+				m.Applied = &types.Descriptor{}
 			}
 			if err := m.Applied.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -721,12 +1167,13 @@ func (m *ApplyResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDiff
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -751,7 +1198,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -779,7 +1226,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -788,10 +1235,13 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Left = append(m.Left, &containerd_types.Mount{})
+			m.Left = append(m.Left, &types.Mount{})
 			if err := m.Left[len(m.Left)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -810,7 +1260,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -819,10 +1269,13 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Right = append(m.Right, &containerd_types.Mount{})
+			m.Right = append(m.Right, &types.Mount{})
 			if err := m.Right[len(m.Right)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -841,7 +1294,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -851,6 +1304,9 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -870,7 +1326,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -880,6 +1336,9 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -899,7 +1358,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -908,6 +1367,9 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -928,7 +1390,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -945,7 +1407,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -955,6 +1417,9 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthDiff
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthDiff
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -971,7 +1436,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -981,6 +1446,9 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthDiff
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthDiff
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -992,7 +1460,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthDiff
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -1009,12 +1477,13 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDiff
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1039,7 +1508,7 @@ func (m *DiffResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1067,7 +1536,7 @@ func (m *DiffResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1076,11 +1545,14 @@ func (m *DiffResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDiff
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDiff
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Diff == nil {
-				m.Diff = &containerd_types1.Descriptor{}
+				m.Diff = &types.Descriptor{}
 			}
 			if err := m.Diff.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -1092,12 +1564,13 @@ func (m *DiffResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDiff
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1110,6 +1583,7 @@ func (m *DiffResponse) Unmarshal(dAtA []byte) error {
 func skipDiff(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1141,10 +1615,8 @@ func skipDiff(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1161,90 +1633,34 @@ func skipDiff(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthDiff
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowDiff
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipDiff(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupDiff
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthDiff
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthDiff = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowDiff   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthDiff        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowDiff          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupDiff = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/diff/v1/diff.proto", fileDescriptorDiff)
-}
-
-var fileDescriptorDiff = []byte{
-	// 457 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x53, 0x4f, 0x6f, 0xd3, 0x30,
-	0x14, 0xaf, 0xfb, 0x0f, 0xf5, 0x75, 0x48, 0xc8, 0x9a, 0x44, 0x14, 0x20, 0xaa, 0x7a, 0xea, 0x40,
-	0x38, 0xac, 0xa0, 0x09, 0xb6, 0xcb, 0x40, 0x43, 0x5c, 0xc6, 0x25, 0xda, 0x01, 0x81, 0x04, 0x4a,
-	0x9b, 0x97, 0xce, 0x22, 0x8d, 0xbd, 0xd8, 0xad, 0x94, 0x1b, 0xdf, 0x85, 0x8f, 0xc2, 0x65, 0x47,
-	0x8e, 0x1c, 0x69, 0x3f, 0x09, 0xb2, 0x93, 0x40, 0x24, 0xa4, 0x12, 0x76, 0xca, 0xcb, 0xf3, 0xef,
-	0x9f, 0xfd, 0x6c, 0x38, 0x5d, 0x70, 0x7d, 0xb9, 0x9a, 0xb1, 0xb9, 0x58, 0xfa, 0x73, 0x91, 0xea,
-	0x90, 0xa7, 0x98, 0x45, 0xf5, 0x32, 0x94, 0xdc, 0x57, 0x98, 0xad, 0xf9, 0x1c, 0x95, 0x1f, 0xf1,
-	0x38, 0xf6, 0xd7, 0x87, 0xf6, 0xcb, 0x64, 0x26, 0xb4, 0xa0, 0xf7, 0xfe, 0x60, 0x59, 0x85, 0x63,
-	0x76, 0x7d, 0x7d, 0xe8, 0xee, 0x2f, 0xc4, 0x42, 0x58, 0x9c, 0x6f, 0xaa, 0x82, 0xe2, 0x1e, 0x35,
-	0x32, 0xd5, 0xb9, 0x44, 0xe5, 0x2f, 0xc5, 0x2a, 0xd5, 0x25, 0xef, 0xe4, 0x3f, 0x78, 0x11, 0xaa,
-	0x79, 0xc6, 0xa5, 0x16, 0x59, 0x41, 0x1e, 0x5f, 0xc1, 0xde, 0x4b, 0x29, 0x93, 0x3c, 0xc0, 0xab,
-	0x15, 0x2a, 0x4d, 0x9f, 0x40, 0xd7, 0xa4, 0x74, 0xc8, 0x88, 0x4c, 0x86, 0xd3, 0xfb, 0xac, 0xb6,
-	0x0d, 0xab, 0xc0, 0xce, 0x7e, 0x2b, 0x04, 0x16, 0x49, 0x7d, 0xe8, 0xdb, 0x34, 0xca, 0x69, 0x8f,
-	0x3a, 0x93, 0xe1, 0xf4, 0xee, 0xdf, 0x9c, 0xb7, 0x66, 0x3d, 0x28, 0x61, 0xe3, 0x37, 0x70, 0xbb,
-	0xb4, 0x54, 0x52, 0xa4, 0x0a, 0xe9, 0x11, 0xdc, 0x0a, 0xa5, 0x4c, 0x38, 0x46, 0x8d, 0x6c, 0x2b,
-	0xf0, 0xf8, 0x6b, 0x1b, 0x86, 0x67, 0x3c, 0x8e, 0xab, 0xec, 0x8f, 0xa0, 0x9b, 0x60, 0xac, 0x1d,
-	0xb2, 0x3b, 0x87, 0x05, 0xd1, 0xc7, 0xd0, 0xcb, 0xf8, 0xe2, 0x52, 0xff, 0x2b, 0x75, 0x81, 0xa2,
-	0x0f, 0x00, 0x96, 0x18, 0xf1, 0xf0, 0x93, 0x59, 0x73, 0x3a, 0x23, 0x32, 0x19, 0x04, 0x03, 0xdb,
-	0xb9, 0xc8, 0x25, 0xd2, 0x3b, 0xd0, 0xc9, 0x30, 0x76, 0xba, 0xb6, 0x6f, 0x4a, 0x7a, 0x0e, 0xfd,
-	0x24, 0x9c, 0x61, 0xa2, 0x9c, 0x9e, 0x35, 0x78, 0xc6, 0x76, 0xdc, 0x08, 0x56, 0xdb, 0x06, 0x3b,
-	0xb7, 0xb4, 0xd7, 0xa9, 0xce, 0xf2, 0xa0, 0xd4, 0x70, 0x5f, 0xc0, 0xb0, 0xd6, 0x36, 0x76, 0x9f,
-	0x31, 0xb7, 0xa7, 0x35, 0x08, 0x4c, 0x49, 0xf7, 0xa1, 0xb7, 0x0e, 0x93, 0x15, 0x3a, 0x6d, 0xdb,
-	0x2b, 0x7e, 0x8e, 0xdb, 0xcf, 0xc9, 0xf8, 0x14, 0xf6, 0x0a, 0xf5, 0xf2, 0xb4, 0xab, 0x09, 0x77,
-	0x9a, 0x4e, 0x78, 0xfa, 0x8d, 0x40, 0xd7, 0x48, 0xd0, 0x8f, 0xd0, 0xb3, 0x93, 0xa3, 0x07, 0x3b,
-	0x37, 0x53, 0xbf, 0x50, 0xee, 0xc3, 0x26, 0xd0, 0x32, 0xda, 0x87, 0xd2, 0x67, 0xd2, 0xf4, 0xac,
-	0xdc, 0x83, 0x06, 0xc8, 0x42, 0xfc, 0xd5, 0xc5, 0xf5, 0xc6, 0x6b, 0xfd, 0xd8, 0x78, 0xad, 0x2f,
-	0x5b, 0x8f, 0x5c, 0x6f, 0x3d, 0xf2, 0x7d, 0xeb, 0x91, 0x9f, 0x5b, 0x8f, 0xbc, 0x3f, 0xbe, 0xd1,
-	0x6b, 0x3f, 0x31, 0xdf, 0x77, 0xad, 0x59, 0xdf, 0x3e, 0xa4, 0xa7, 0xbf, 0x02, 0x00, 0x00, 0xff,
-	0xff, 0x61, 0xd1, 0x6e, 0x9e, 0x34, 0x04, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.proto b/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.proto
index 66d7ecb19f6b3..cc24e3f2caa02 100644
--- a/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.proto
+++ b/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.proto
@@ -1,8 +1,25 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.diff.v1;
 
 import weak "gogoproto/gogo.proto";
+import "google/protobuf/any.proto";
 import "github.com/containerd/containerd/api/types/mount.proto";
 import "github.com/containerd/containerd/api/types/descriptor.proto";
 
@@ -25,6 +42,8 @@ message ApplyRequest {
 	containerd.types.Descriptor diff = 1;
 
 	repeated containerd.types.Mount mounts = 2;
+
+	map<string, google.protobuf.Any> payloads = 3;
 }
 
 message ApplyResponse {
diff --git a/vendor/github.com/containerd/containerd/api/services/events/v1/events.pb.go b/vendor/github.com/containerd/containerd/api/services/events/v1/events.pb.go
index d6a7b38a87419..4373f3bf2fc6d 100644
--- a/vendor/github.com/containerd/containerd/api/services/events/v1/events.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/events/v1/events.pb.go
@@ -1,43 +1,25 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/events/v1/events.proto
 
-/*
-	Package events is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/events/v1/events.proto
-
-	It has these top-level messages:
-		PublishRequest
-		ForwardRequest
-		SubscribeRequest
-		Envelope
-*/
 package events
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import containerd_plugin "github.com/containerd/containerd/protobuf/plugin"
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import google_protobuf2 "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/types"
-
-import time "time"
-
-import typeurl "github.com/containerd/typeurl"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	github_com_containerd_typeurl "github.com/containerd/typeurl"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -49,43 +31,167 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type PublishRequest struct {
-	Topic string                `protobuf:"bytes,1,opt,name=topic,proto3" json:"topic,omitempty"`
-	Event *google_protobuf1.Any `protobuf:"bytes,2,opt,name=event" json:"event,omitempty"`
+	Topic                string     `protobuf:"bytes,1,opt,name=topic,proto3" json:"topic,omitempty"`
+	Event                *types.Any `protobuf:"bytes,2,opt,name=event,proto3" json:"event,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *PublishRequest) Reset()      { *m = PublishRequest{} }
+func (*PublishRequest) ProtoMessage() {}
+func (*PublishRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_43fcd20dc1642376, []int{0}
+}
+func (m *PublishRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PublishRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PublishRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PublishRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PublishRequest.Merge(m, src)
+}
+func (m *PublishRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *PublishRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PublishRequest.DiscardUnknown(m)
 }
 
-func (m *PublishRequest) Reset()                    { *m = PublishRequest{} }
-func (*PublishRequest) ProtoMessage()               {}
-func (*PublishRequest) Descriptor() ([]byte, []int) { return fileDescriptorEvents, []int{0} }
+var xxx_messageInfo_PublishRequest proto.InternalMessageInfo
 
 type ForwardRequest struct {
-	Envelope *Envelope `protobuf:"bytes,1,opt,name=envelope" json:"envelope,omitempty"`
+	Envelope             *Envelope `protobuf:"bytes,1,opt,name=envelope,proto3" json:"envelope,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
 }
 
-func (m *ForwardRequest) Reset()                    { *m = ForwardRequest{} }
-func (*ForwardRequest) ProtoMessage()               {}
-func (*ForwardRequest) Descriptor() ([]byte, []int) { return fileDescriptorEvents, []int{1} }
+func (m *ForwardRequest) Reset()      { *m = ForwardRequest{} }
+func (*ForwardRequest) ProtoMessage() {}
+func (*ForwardRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_43fcd20dc1642376, []int{1}
+}
+func (m *ForwardRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ForwardRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ForwardRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ForwardRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ForwardRequest.Merge(m, src)
+}
+func (m *ForwardRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ForwardRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ForwardRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ForwardRequest proto.InternalMessageInfo
 
 type SubscribeRequest struct {
-	Filters []string `protobuf:"bytes,1,rep,name=filters" json:"filters,omitempty"`
+	Filters              []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *SubscribeRequest) Reset()                    { *m = SubscribeRequest{} }
-func (*SubscribeRequest) ProtoMessage()               {}
-func (*SubscribeRequest) Descriptor() ([]byte, []int) { return fileDescriptorEvents, []int{2} }
+func (m *SubscribeRequest) Reset()      { *m = SubscribeRequest{} }
+func (*SubscribeRequest) ProtoMessage() {}
+func (*SubscribeRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_43fcd20dc1642376, []int{2}
+}
+func (m *SubscribeRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SubscribeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SubscribeRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SubscribeRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SubscribeRequest.Merge(m, src)
+}
+func (m *SubscribeRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *SubscribeRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_SubscribeRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SubscribeRequest proto.InternalMessageInfo
 
 type Envelope struct {
-	Timestamp time.Time             `protobuf:"bytes,1,opt,name=timestamp,stdtime" json:"timestamp"`
-	Namespace string                `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
-	Topic     string                `protobuf:"bytes,3,opt,name=topic,proto3" json:"topic,omitempty"`
-	Event     *google_protobuf1.Any `protobuf:"bytes,4,opt,name=event" json:"event,omitempty"`
+	Timestamp            time.Time  `protobuf:"bytes,1,opt,name=timestamp,proto3,stdtime" json:"timestamp"`
+	Namespace            string     `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Topic                string     `protobuf:"bytes,3,opt,name=topic,proto3" json:"topic,omitempty"`
+	Event                *types.Any `protobuf:"bytes,4,opt,name=event,proto3" json:"event,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
 }
 
-func (m *Envelope) Reset()                    { *m = Envelope{} }
-func (*Envelope) ProtoMessage()               {}
-func (*Envelope) Descriptor() ([]byte, []int) { return fileDescriptorEvents, []int{3} }
+func (m *Envelope) Reset()      { *m = Envelope{} }
+func (*Envelope) ProtoMessage() {}
+func (*Envelope) Descriptor() ([]byte, []int) {
+	return fileDescriptor_43fcd20dc1642376, []int{3}
+}
+func (m *Envelope) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Envelope) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Envelope.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Envelope) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Envelope.Merge(m, src)
+}
+func (m *Envelope) XXX_Size() int {
+	return m.Size()
+}
+func (m *Envelope) XXX_DiscardUnknown() {
+	xxx_messageInfo_Envelope.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Envelope proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*PublishRequest)(nil), "containerd.services.events.v1.PublishRequest")
@@ -94,6 +200,44 @@ func init() {
 	proto.RegisterType((*Envelope)(nil), "containerd.services.events.v1.Envelope")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/events/v1/events.proto", fileDescriptor_43fcd20dc1642376)
+}
+
+var fileDescriptor_43fcd20dc1642376 = []byte{
+	// 466 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x93, 0xcd, 0x8e, 0xd3, 0x30,
+	0x14, 0x85, 0xeb, 0xf9, 0x6d, 0x3c, 0xd2, 0x08, 0x45, 0x15, 0x2a, 0x01, 0xd2, 0xaa, 0x1b, 0x2a,
+	0x04, 0x0e, 0x53, 0x76, 0x20, 0x21, 0x28, 0x94, 0xf5, 0x28, 0x80, 0x54, 0xb1, 0x4b, 0xd2, 0xdb,
+	0xd4, 0x52, 0x62, 0x9b, 0xd8, 0x09, 0x9a, 0xdd, 0x3c, 0x02, 0x1b, 0xde, 0x84, 0x0d, 0x6f, 0xd0,
+	0x25, 0x4b, 0x56, 0xc0, 0xf4, 0x49, 0x50, 0x13, 0xbb, 0x61, 0x3a, 0x40, 0x10, 0xbb, 0x6b, 0xdf,
+	0xe3, 0xcf, 0xb9, 0xe7, 0x38, 0xf8, 0x45, 0x4c, 0xd5, 0x22, 0x0f, 0x49, 0xc4, 0x53, 0x2f, 0xe2,
+	0x4c, 0x05, 0x94, 0x41, 0x36, 0xfb, 0xb5, 0x0c, 0x04, 0xf5, 0x24, 0x64, 0x05, 0x8d, 0x40, 0x7a,
+	0x50, 0x00, 0x53, 0xd2, 0x2b, 0x4e, 0x74, 0x45, 0x44, 0xc6, 0x15, 0xb7, 0x6f, 0xd7, 0x7a, 0x62,
+	0xb4, 0x44, 0x2b, 0x8a, 0x13, 0xe7, 0x69, 0xe3, 0x25, 0x25, 0x26, 0xcc, 0xe7, 0x9e, 0x48, 0xf2,
+	0x98, 0x32, 0x6f, 0x4e, 0x21, 0x99, 0x89, 0x40, 0x2d, 0xaa, 0x0b, 0x9c, 0x4e, 0xcc, 0x63, 0x5e,
+	0x96, 0xde, 0xba, 0xd2, 0xbb, 0x37, 0x62, 0xce, 0xe3, 0x04, 0xea, 0xd3, 0x01, 0x3b, 0xd3, 0xad,
+	0x9b, 0xdb, 0x2d, 0x48, 0x85, 0x32, 0xcd, 0xde, 0x76, 0x53, 0xd1, 0x14, 0xa4, 0x0a, 0x52, 0x51,
+	0x09, 0x06, 0x3e, 0x3e, 0x3e, 0xcd, 0xc3, 0x84, 0xca, 0x85, 0x0f, 0xef, 0x72, 0x90, 0xca, 0xee,
+	0xe0, 0x7d, 0xc5, 0x05, 0x8d, 0xba, 0xa8, 0x8f, 0x86, 0x96, 0x5f, 0x2d, 0xec, 0xbb, 0x78, 0xbf,
+	0x9c, 0xb2, 0xbb, 0xd3, 0x47, 0xc3, 0xa3, 0x51, 0x87, 0x54, 0x60, 0x62, 0xc0, 0xe4, 0x19, 0x3b,
+	0xf3, 0x2b, 0xc9, 0xe0, 0x0d, 0x3e, 0x7e, 0xc9, 0xb3, 0xf7, 0x41, 0x36, 0x33, 0xcc, 0xe7, 0xb8,
+	0x0d, 0xac, 0x80, 0x84, 0x0b, 0x28, 0xb1, 0x47, 0xa3, 0x3b, 0xe4, 0xaf, 0x46, 0x92, 0x89, 0x96,
+	0xfb, 0x9b, 0x83, 0x83, 0x7b, 0xf8, 0xda, 0xab, 0x3c, 0x94, 0x51, 0x46, 0x43, 0x30, 0xe0, 0x2e,
+	0x3e, 0x9c, 0xd3, 0x44, 0x41, 0x26, 0xbb, 0xa8, 0xbf, 0x3b, 0xb4, 0x7c, 0xb3, 0x1c, 0x7c, 0x42,
+	0xb8, 0x6d, 0x20, 0xf6, 0x18, 0x5b, 0x9b, 0xc1, 0xf5, 0x07, 0x38, 0x57, 0x26, 0x78, 0x6d, 0x14,
+	0xe3, 0xf6, 0xf2, 0x5b, 0xaf, 0xf5, 0xe1, 0x7b, 0x0f, 0xf9, 0xf5, 0x31, 0xfb, 0x16, 0xb6, 0x58,
+	0x90, 0x82, 0x14, 0x41, 0x04, 0xa5, 0x0b, 0x96, 0x5f, 0x6f, 0xd4, 0xae, 0xed, 0xfe, 0xd6, 0xb5,
+	0xbd, 0x46, 0xd7, 0x1e, 0xed, 0x9d, 0x7f, 0xee, 0xa1, 0xd1, 0xc7, 0x1d, 0x7c, 0x30, 0x29, 0x5d,
+	0xb0, 0x4f, 0xf1, 0xa1, 0x8e, 0xc6, 0xbe, 0xdf, 0xe0, 0xd6, 0xe5, 0x08, 0x9d, 0xeb, 0x57, 0xee,
+	0x99, 0xac, 0xdf, 0xc4, 0x9a, 0xa8, 0x83, 0x69, 0x24, 0x5e, 0x0e, 0xf0, 0x8f, 0xc4, 0x18, 0x5b,
+	0x9b, 0x4c, 0x6c, 0xaf, 0x81, 0xb9, 0x9d, 0x9e, 0xf3, 0xaf, 0x8f, 0xe0, 0x01, 0x1a, 0x4f, 0x97,
+	0x17, 0x6e, 0xeb, 0xeb, 0x85, 0xdb, 0x3a, 0x5f, 0xb9, 0x68, 0xb9, 0x72, 0xd1, 0x97, 0x95, 0x8b,
+	0x7e, 0xac, 0x5c, 0xf4, 0xf6, 0xc9, 0x7f, 0xfe, 0xd7, 0x8f, 0xab, 0x6a, 0xda, 0x9a, 0xa2, 0xf0,
+	0xa0, 0x1c, 0xeb, 0xe1, 0xcf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xe6, 0xbf, 0x19, 0xa6, 0x24, 0x04,
+	0x00, 0x00,
+}
+
 // Field returns the value for the given fieldpath as a string, if defined.
 // If the value is not defined, the second value will be false.
 func (m *Envelope) Field(fieldpath []string) (string, bool) {
@@ -108,7 +252,7 @@ func (m *Envelope) Field(fieldpath []string) (string, bool) {
 	case "topic":
 		return string(m.Topic), len(m.Topic) > 0
 	case "event":
-		decoded, err := typeurl.UnmarshalAny(m.Event)
+		decoded, err := github_com_containerd_typeurl.UnmarshalAny(m.Event)
 		if err != nil {
 			return "", false
 		}
@@ -130,20 +274,21 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Events service
-
+// EventsClient is the client API for Events service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type EventsClient interface {
 	// Publish an event to a topic.
 	//
 	// The event will be packed into a timestamp envelope with the namespace
 	// introspected from the context. The envelope will then be dispatched.
-	Publish(ctx context.Context, in *PublishRequest, opts ...grpc.CallOption) (*google_protobuf2.Empty, error)
+	Publish(ctx context.Context, in *PublishRequest, opts ...grpc.CallOption) (*types.Empty, error)
 	// Forward sends an event that has already been packaged into an envelope
 	// with a timestamp and namespace.
 	//
 	// This is useful if earlier timestamping is required or when forwarding on
 	// behalf of another component, namespace or publisher.
-	Forward(ctx context.Context, in *ForwardRequest, opts ...grpc.CallOption) (*google_protobuf2.Empty, error)
+	Forward(ctx context.Context, in *ForwardRequest, opts ...grpc.CallOption) (*types.Empty, error)
 	// Subscribe to a stream of events, possibly returning only that match any
 	// of the provided filters.
 	//
@@ -162,18 +307,18 @@ func NewEventsClient(cc *grpc.ClientConn) EventsClient {
 	return &eventsClient{cc}
 }
 
-func (c *eventsClient) Publish(ctx context.Context, in *PublishRequest, opts ...grpc.CallOption) (*google_protobuf2.Empty, error) {
-	out := new(google_protobuf2.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.events.v1.Events/Publish", in, out, c.cc, opts...)
+func (c *eventsClient) Publish(ctx context.Context, in *PublishRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.events.v1.Events/Publish", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *eventsClient) Forward(ctx context.Context, in *ForwardRequest, opts ...grpc.CallOption) (*google_protobuf2.Empty, error) {
-	out := new(google_protobuf2.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.events.v1.Events/Forward", in, out, c.cc, opts...)
+func (c *eventsClient) Forward(ctx context.Context, in *ForwardRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.events.v1.Events/Forward", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -181,7 +326,7 @@ func (c *eventsClient) Forward(ctx context.Context, in *ForwardRequest, opts ...
 }
 
 func (c *eventsClient) Subscribe(ctx context.Context, in *SubscribeRequest, opts ...grpc.CallOption) (Events_SubscribeClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Events_serviceDesc.Streams[0], c.cc, "/containerd.services.events.v1.Events/Subscribe", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Events_serviceDesc.Streams[0], "/containerd.services.events.v1.Events/Subscribe", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -212,20 +357,19 @@ func (x *eventsSubscribeClient) Recv() (*Envelope, error) {
 	return m, nil
 }
 
-// Server API for Events service
-
+// EventsServer is the server API for Events service.
 type EventsServer interface {
 	// Publish an event to a topic.
 	//
 	// The event will be packed into a timestamp envelope with the namespace
 	// introspected from the context. The envelope will then be dispatched.
-	Publish(context.Context, *PublishRequest) (*google_protobuf2.Empty, error)
+	Publish(context.Context, *PublishRequest) (*types.Empty, error)
 	// Forward sends an event that has already been packaged into an envelope
 	// with a timestamp and namespace.
 	//
 	// This is useful if earlier timestamping is required or when forwarding on
 	// behalf of another component, namespace or publisher.
-	Forward(context.Context, *ForwardRequest) (*google_protobuf2.Empty, error)
+	Forward(context.Context, *ForwardRequest) (*types.Empty, error)
 	// Subscribe to a stream of events, possibly returning only that match any
 	// of the provided filters.
 	//
@@ -236,6 +380,20 @@ type EventsServer interface {
 	Subscribe(*SubscribeRequest, Events_SubscribeServer) error
 }
 
+// UnimplementedEventsServer can be embedded to have forward compatible implementations.
+type UnimplementedEventsServer struct {
+}
+
+func (*UnimplementedEventsServer) Publish(ctx context.Context, req *PublishRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Publish not implemented")
+}
+func (*UnimplementedEventsServer) Forward(ctx context.Context, req *ForwardRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Forward not implemented")
+}
+func (*UnimplementedEventsServer) Subscribe(req *SubscribeRequest, srv Events_SubscribeServer) error {
+	return status.Errorf(codes.Unimplemented, "method Subscribe not implemented")
+}
+
 func RegisterEventsServer(s *grpc.Server, srv EventsServer) {
 	s.RegisterService(&_Events_serviceDesc, srv)
 }
@@ -323,7 +481,7 @@ var _Events_serviceDesc = grpc.ServiceDesc{
 func (m *PublishRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -331,33 +489,45 @@ func (m *PublishRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PublishRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PublishRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Topic) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintEvents(dAtA, i, uint64(len(m.Topic)))
-		i += copy(dAtA[i:], m.Topic)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Event != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintEvents(dAtA, i, uint64(m.Event.Size()))
-		n1, err := m.Event.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Event.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintEvents(dAtA, i, uint64(size))
 		}
-		i += n1
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Topic) > 0 {
+		i -= len(m.Topic)
+		copy(dAtA[i:], m.Topic)
+		i = encodeVarintEvents(dAtA, i, uint64(len(m.Topic)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ForwardRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -365,27 +535,38 @@ func (m *ForwardRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ForwardRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ForwardRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Envelope != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintEvents(dAtA, i, uint64(m.Envelope.Size()))
-		n2, err := m.Envelope.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Envelope.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintEvents(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SubscribeRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -393,32 +574,35 @@ func (m *SubscribeRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SubscribeRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SubscribeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintEvents(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Envelope) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -426,53 +610,71 @@ func (m *Envelope) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Envelope) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Envelope) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintEvents(dAtA, i, uint64(types.SizeOfStdTime(m.Timestamp)))
-	n3, err := types.StdTimeMarshalTo(m.Timestamp, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n3
-	if len(m.Namespace) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintEvents(dAtA, i, uint64(len(m.Namespace)))
-		i += copy(dAtA[i:], m.Namespace)
+	if m.Event != nil {
+		{
+			size, err := m.Event.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintEvents(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
 	}
 	if len(m.Topic) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.Topic)
+		copy(dAtA[i:], m.Topic)
 		i = encodeVarintEvents(dAtA, i, uint64(len(m.Topic)))
-		i += copy(dAtA[i:], m.Topic)
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.Event != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintEvents(dAtA, i, uint64(m.Event.Size()))
-		n4, err := m.Event.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n4
+	if len(m.Namespace) > 0 {
+		i -= len(m.Namespace)
+		copy(dAtA[i:], m.Namespace)
+		i = encodeVarintEvents(dAtA, i, uint64(len(m.Namespace)))
+		i--
+		dAtA[i] = 0x12
+	}
+	n4, err4 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):])
+	if err4 != nil {
+		return 0, err4
 	}
-	return i, nil
+	i -= n4
+	i = encodeVarintEvents(dAtA, i, uint64(n4))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintEvents(dAtA []byte, offset int, v uint64) int {
+	offset -= sovEvents(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *PublishRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Topic)
@@ -483,20 +685,32 @@ func (m *PublishRequest) Size() (n int) {
 		l = m.Event.Size()
 		n += 1 + l + sovEvents(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ForwardRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Envelope != nil {
 		l = m.Envelope.Size()
 		n += 1 + l + sovEvents(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *SubscribeRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filters) > 0 {
@@ -505,13 +719,19 @@ func (m *SubscribeRequest) Size() (n int) {
 			n += 1 + l + sovEvents(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Envelope) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
-	l = types.SizeOfStdTime(m.Timestamp)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp)
 	n += 1 + l + sovEvents(uint64(l))
 	l = len(m.Namespace)
 	if l > 0 {
@@ -525,18 +745,14 @@ func (m *Envelope) Size() (n int) {
 		l = m.Event.Size()
 		n += 1 + l + sovEvents(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovEvents(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozEvents(x uint64) (n int) {
 	return sovEvents(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -547,7 +763,8 @@ func (this *PublishRequest) String() string {
 	}
 	s := strings.Join([]string{`&PublishRequest{`,
 		`Topic:` + fmt.Sprintf("%v", this.Topic) + `,`,
-		`Event:` + strings.Replace(fmt.Sprintf("%v", this.Event), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Event:` + strings.Replace(fmt.Sprintf("%v", this.Event), "Any", "types.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -557,7 +774,8 @@ func (this *ForwardRequest) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&ForwardRequest{`,
-		`Envelope:` + strings.Replace(fmt.Sprintf("%v", this.Envelope), "Envelope", "Envelope", 1) + `,`,
+		`Envelope:` + strings.Replace(this.Envelope.String(), "Envelope", "Envelope", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -568,6 +786,7 @@ func (this *SubscribeRequest) String() string {
 	}
 	s := strings.Join([]string{`&SubscribeRequest{`,
 		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -577,10 +796,11 @@ func (this *Envelope) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&Envelope{`,
-		`Timestamp:` + strings.Replace(strings.Replace(this.Timestamp.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
+		`Timestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Timestamp), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
 		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
 		`Topic:` + fmt.Sprintf("%v", this.Topic) + `,`,
-		`Event:` + strings.Replace(fmt.Sprintf("%v", this.Event), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Event:` + strings.Replace(fmt.Sprintf("%v", this.Event), "Any", "types.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -608,7 +828,7 @@ func (m *PublishRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -636,7 +856,7 @@ func (m *PublishRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -646,6 +866,9 @@ func (m *PublishRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEvents
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthEvents
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -665,7 +888,7 @@ func (m *PublishRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -674,11 +897,14 @@ func (m *PublishRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEvents
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthEvents
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Event == nil {
-				m.Event = &google_protobuf1.Any{}
+				m.Event = &types.Any{}
 			}
 			if err := m.Event.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -690,12 +916,13 @@ func (m *PublishRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthEvents
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -720,7 +947,7 @@ func (m *ForwardRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -748,7 +975,7 @@ func (m *ForwardRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -757,6 +984,9 @@ func (m *ForwardRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEvents
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthEvents
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -773,12 +1003,13 @@ func (m *ForwardRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthEvents
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -803,7 +1034,7 @@ func (m *SubscribeRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -831,7 +1062,7 @@ func (m *SubscribeRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -841,6 +1072,9 @@ func (m *SubscribeRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEvents
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthEvents
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -852,12 +1086,13 @@ func (m *SubscribeRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthEvents
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -882,7 +1117,7 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -910,7 +1145,7 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -919,10 +1154,13 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEvents
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthEvents
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -940,7 +1178,7 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -950,6 +1188,9 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEvents
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthEvents
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -969,7 +1210,7 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -979,6 +1220,9 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEvents
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthEvents
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -998,7 +1242,7 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1007,11 +1251,14 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEvents
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthEvents
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Event == nil {
-				m.Event = &google_protobuf1.Any{}
+				m.Event = &types.Any{}
 			}
 			if err := m.Event.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -1023,12 +1270,13 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthEvents
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1041,6 +1289,7 @@ func (m *Envelope) Unmarshal(dAtA []byte) error {
 func skipEvents(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1072,10 +1321,8 @@ func skipEvents(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1092,91 +1339,34 @@ func skipEvents(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthEvents
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowEvents
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipEvents(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupEvents
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthEvents
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthEvents = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowEvents   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthEvents        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowEvents          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupEvents = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/events/v1/events.proto", fileDescriptorEvents)
-}
-
-var fileDescriptorEvents = []byte{
-	// 466 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x93, 0xcd, 0x8e, 0xd3, 0x30,
-	0x14, 0x85, 0xeb, 0xf9, 0x6d, 0x3c, 0xd2, 0x08, 0x45, 0x15, 0x2a, 0x01, 0xd2, 0xaa, 0x1b, 0x2a,
-	0x04, 0x0e, 0x53, 0x76, 0x20, 0x21, 0x28, 0x94, 0xf5, 0x28, 0x80, 0x54, 0xb1, 0x4b, 0xd2, 0xdb,
-	0xd4, 0x52, 0x62, 0x9b, 0xd8, 0x09, 0x9a, 0xdd, 0x3c, 0x02, 0x1b, 0xde, 0x84, 0x0d, 0x6f, 0xd0,
-	0x25, 0x4b, 0x56, 0xc0, 0xf4, 0x49, 0x50, 0x13, 0xbb, 0x61, 0x3a, 0x40, 0x10, 0xbb, 0x6b, 0xdf,
-	0xe3, 0xcf, 0xb9, 0xe7, 0x38, 0xf8, 0x45, 0x4c, 0xd5, 0x22, 0x0f, 0x49, 0xc4, 0x53, 0x2f, 0xe2,
-	0x4c, 0x05, 0x94, 0x41, 0x36, 0xfb, 0xb5, 0x0c, 0x04, 0xf5, 0x24, 0x64, 0x05, 0x8d, 0x40, 0x7a,
-	0x50, 0x00, 0x53, 0xd2, 0x2b, 0x4e, 0x74, 0x45, 0x44, 0xc6, 0x15, 0xb7, 0x6f, 0xd7, 0x7a, 0x62,
-	0xb4, 0x44, 0x2b, 0x8a, 0x13, 0xe7, 0x69, 0xe3, 0x25, 0x25, 0x26, 0xcc, 0xe7, 0x9e, 0x48, 0xf2,
-	0x98, 0x32, 0x6f, 0x4e, 0x21, 0x99, 0x89, 0x40, 0x2d, 0xaa, 0x0b, 0x9c, 0x4e, 0xcc, 0x63, 0x5e,
-	0x96, 0xde, 0xba, 0xd2, 0xbb, 0x37, 0x62, 0xce, 0xe3, 0x04, 0xea, 0xd3, 0x01, 0x3b, 0xd3, 0xad,
-	0x9b, 0xdb, 0x2d, 0x48, 0x85, 0x32, 0xcd, 0xde, 0x76, 0x53, 0xd1, 0x14, 0xa4, 0x0a, 0x52, 0x51,
-	0x09, 0x06, 0x3e, 0x3e, 0x3e, 0xcd, 0xc3, 0x84, 0xca, 0x85, 0x0f, 0xef, 0x72, 0x90, 0xca, 0xee,
-	0xe0, 0x7d, 0xc5, 0x05, 0x8d, 0xba, 0xa8, 0x8f, 0x86, 0x96, 0x5f, 0x2d, 0xec, 0xbb, 0x78, 0xbf,
-	0x9c, 0xb2, 0xbb, 0xd3, 0x47, 0xc3, 0xa3, 0x51, 0x87, 0x54, 0x60, 0x62, 0xc0, 0xe4, 0x19, 0x3b,
-	0xf3, 0x2b, 0xc9, 0xe0, 0x0d, 0x3e, 0x7e, 0xc9, 0xb3, 0xf7, 0x41, 0x36, 0x33, 0xcc, 0xe7, 0xb8,
-	0x0d, 0xac, 0x80, 0x84, 0x0b, 0x28, 0xb1, 0x47, 0xa3, 0x3b, 0xe4, 0xaf, 0x46, 0x92, 0x89, 0x96,
-	0xfb, 0x9b, 0x83, 0x83, 0x7b, 0xf8, 0xda, 0xab, 0x3c, 0x94, 0x51, 0x46, 0x43, 0x30, 0xe0, 0x2e,
-	0x3e, 0x9c, 0xd3, 0x44, 0x41, 0x26, 0xbb, 0xa8, 0xbf, 0x3b, 0xb4, 0x7c, 0xb3, 0x1c, 0x7c, 0x42,
-	0xb8, 0x6d, 0x20, 0xf6, 0x18, 0x5b, 0x9b, 0xc1, 0xf5, 0x07, 0x38, 0x57, 0x26, 0x78, 0x6d, 0x14,
-	0xe3, 0xf6, 0xf2, 0x5b, 0xaf, 0xf5, 0xe1, 0x7b, 0x0f, 0xf9, 0xf5, 0x31, 0xfb, 0x16, 0xb6, 0x58,
-	0x90, 0x82, 0x14, 0x41, 0x04, 0xa5, 0x0b, 0x96, 0x5f, 0x6f, 0xd4, 0xae, 0xed, 0xfe, 0xd6, 0xb5,
-	0xbd, 0x46, 0xd7, 0x1e, 0xed, 0x9d, 0x7f, 0xee, 0xa1, 0xd1, 0xc7, 0x1d, 0x7c, 0x30, 0x29, 0x5d,
-	0xb0, 0x4f, 0xf1, 0xa1, 0x8e, 0xc6, 0xbe, 0xdf, 0xe0, 0xd6, 0xe5, 0x08, 0x9d, 0xeb, 0x57, 0xee,
-	0x99, 0xac, 0xdf, 0xc4, 0x9a, 0xa8, 0x83, 0x69, 0x24, 0x5e, 0x0e, 0xf0, 0x8f, 0xc4, 0x18, 0x5b,
-	0x9b, 0x4c, 0x6c, 0xaf, 0x81, 0xb9, 0x9d, 0x9e, 0xf3, 0xaf, 0x8f, 0xe0, 0x01, 0x1a, 0x4f, 0x97,
-	0x17, 0x6e, 0xeb, 0xeb, 0x85, 0xdb, 0x3a, 0x5f, 0xb9, 0x68, 0xb9, 0x72, 0xd1, 0x97, 0x95, 0x8b,
-	0x7e, 0xac, 0x5c, 0xf4, 0xf6, 0xc9, 0x7f, 0xfe, 0xd7, 0x8f, 0xab, 0x6a, 0xda, 0x9a, 0xa2, 0xf0,
-	0xa0, 0x1c, 0xeb, 0xe1, 0xcf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xe6, 0xbf, 0x19, 0xa6, 0x24, 0x04,
-	0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/events/v1/events.proto b/vendor/github.com/containerd/containerd/api/services/events/v1/events.proto
index 1959c8e39551b..9a2444e54ca10 100644
--- a/vendor/github.com/containerd/containerd/api/services/events/v1/events.proto
+++ b/vendor/github.com/containerd/containerd/api/services/events/v1/events.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.events.v1;
diff --git a/vendor/github.com/containerd/containerd/api/services/images/v1/images.pb.go b/vendor/github.com/containerd/containerd/api/services/images/v1/images.pb.go
index 08090748e654c..de08cc08358a5 100644
--- a/vendor/github.com/containerd/containerd/api/services/images/v1/images.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/images/v1/images.pb.go
@@ -1,48 +1,26 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/images/v1/images.proto
 
-/*
-	Package images is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/images/v1/images.proto
-
-	It has these top-level messages:
-		Image
-		GetImageRequest
-		GetImageResponse
-		CreateImageRequest
-		CreateImageResponse
-		UpdateImageRequest
-		UpdateImageResponse
-		ListImagesRequest
-		ListImagesResponse
-		DeleteImageRequest
-*/
 package images
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import google_protobuf2 "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/types"
-import containerd_types "github.com/containerd/containerd/api/types"
-
-import time "time"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	types "github.com/containerd/containerd/api/types"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types1 "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -54,7 +32,7 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Image struct {
 	// Name provides a unique name for the image.
@@ -66,72 +44,289 @@ type Image struct {
 	//
 	// Labels may be updated using the field mask.
 	// The combined size of a key/value pair cannot exceed 4096 bytes.
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Target describes the content entry point of the image.
-	Target containerd_types.Descriptor `protobuf:"bytes,3,opt,name=target" json:"target"`
+	Target types.Descriptor `protobuf:"bytes,3,opt,name=target,proto3" json:"target"`
 	// CreatedAt is the time the image was first created.
-	CreatedAt time.Time `protobuf:"bytes,7,opt,name=created_at,json=createdAt,stdtime" json:"created_at"`
+	CreatedAt time.Time `protobuf:"bytes,7,opt,name=created_at,json=createdAt,proto3,stdtime" json:"created_at"`
 	// UpdatedAt is the last time the image was mutated.
-	UpdatedAt time.Time `protobuf:"bytes,8,opt,name=updated_at,json=updatedAt,stdtime" json:"updated_at"`
+	UpdatedAt            time.Time `protobuf:"bytes,8,opt,name=updated_at,json=updatedAt,proto3,stdtime" json:"updated_at"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *Image) Reset()      { *m = Image{} }
+func (*Image) ProtoMessage() {}
+func (*Image) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{0}
+}
+func (m *Image) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Image) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Image.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Image) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Image.Merge(m, src)
+}
+func (m *Image) XXX_Size() int {
+	return m.Size()
+}
+func (m *Image) XXX_DiscardUnknown() {
+	xxx_messageInfo_Image.DiscardUnknown(m)
 }
 
-func (m *Image) Reset()                    { *m = Image{} }
-func (*Image) ProtoMessage()               {}
-func (*Image) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{0} }
+var xxx_messageInfo_Image proto.InternalMessageInfo
 
 type GetImageRequest struct {
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetImageRequest) Reset()      { *m = GetImageRequest{} }
+func (*GetImageRequest) ProtoMessage() {}
+func (*GetImageRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{1}
+}
+func (m *GetImageRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetImageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetImageRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetImageRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetImageRequest.Merge(m, src)
+}
+func (m *GetImageRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetImageRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetImageRequest.DiscardUnknown(m)
 }
 
-func (m *GetImageRequest) Reset()                    { *m = GetImageRequest{} }
-func (*GetImageRequest) ProtoMessage()               {}
-func (*GetImageRequest) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{1} }
+var xxx_messageInfo_GetImageRequest proto.InternalMessageInfo
 
 type GetImageResponse struct {
-	Image *Image `protobuf:"bytes,1,opt,name=image" json:"image,omitempty"`
+	Image                *Image   `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetImageResponse) Reset()      { *m = GetImageResponse{} }
+func (*GetImageResponse) ProtoMessage() {}
+func (*GetImageResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{2}
+}
+func (m *GetImageResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetImageResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetImageResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetImageResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetImageResponse.Merge(m, src)
+}
+func (m *GetImageResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetImageResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetImageResponse.DiscardUnknown(m)
 }
 
-func (m *GetImageResponse) Reset()                    { *m = GetImageResponse{} }
-func (*GetImageResponse) ProtoMessage()               {}
-func (*GetImageResponse) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{2} }
+var xxx_messageInfo_GetImageResponse proto.InternalMessageInfo
 
 type CreateImageRequest struct {
-	Image Image `protobuf:"bytes,1,opt,name=image" json:"image"`
+	Image                Image    `protobuf:"bytes,1,opt,name=image,proto3" json:"image"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateImageRequest) Reset()      { *m = CreateImageRequest{} }
+func (*CreateImageRequest) ProtoMessage() {}
+func (*CreateImageRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{3}
+}
+func (m *CreateImageRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateImageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateImageRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateImageRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateImageRequest.Merge(m, src)
+}
+func (m *CreateImageRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateImageRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateImageRequest.DiscardUnknown(m)
 }
 
-func (m *CreateImageRequest) Reset()                    { *m = CreateImageRequest{} }
-func (*CreateImageRequest) ProtoMessage()               {}
-func (*CreateImageRequest) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{3} }
+var xxx_messageInfo_CreateImageRequest proto.InternalMessageInfo
 
 type CreateImageResponse struct {
-	Image Image `protobuf:"bytes,1,opt,name=image" json:"image"`
+	Image                Image    `protobuf:"bytes,1,opt,name=image,proto3" json:"image"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateImageResponse) Reset()      { *m = CreateImageResponse{} }
+func (*CreateImageResponse) ProtoMessage() {}
+func (*CreateImageResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{4}
+}
+func (m *CreateImageResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateImageResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateImageResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateImageResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateImageResponse.Merge(m, src)
+}
+func (m *CreateImageResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateImageResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateImageResponse.DiscardUnknown(m)
 }
 
-func (m *CreateImageResponse) Reset()                    { *m = CreateImageResponse{} }
-func (*CreateImageResponse) ProtoMessage()               {}
-func (*CreateImageResponse) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{4} }
+var xxx_messageInfo_CreateImageResponse proto.InternalMessageInfo
 
 type UpdateImageRequest struct {
 	// Image provides a full or partial image for update.
 	//
 	// The name field must be set or an error will be returned.
-	Image Image `protobuf:"bytes,1,opt,name=image" json:"image"`
+	Image Image `protobuf:"bytes,1,opt,name=image,proto3" json:"image"`
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
-	UpdateMask *google_protobuf2.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask" json:"update_mask,omitempty"`
+	UpdateMask           *types1.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *UpdateImageRequest) Reset()      { *m = UpdateImageRequest{} }
+func (*UpdateImageRequest) ProtoMessage() {}
+func (*UpdateImageRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{5}
+}
+func (m *UpdateImageRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateImageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateImageRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateImageRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateImageRequest.Merge(m, src)
+}
+func (m *UpdateImageRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateImageRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateImageRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateImageRequest) Reset()                    { *m = UpdateImageRequest{} }
-func (*UpdateImageRequest) ProtoMessage()               {}
-func (*UpdateImageRequest) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{5} }
+var xxx_messageInfo_UpdateImageRequest proto.InternalMessageInfo
 
 type UpdateImageResponse struct {
-	Image Image `protobuf:"bytes,1,opt,name=image" json:"image"`
+	Image                Image    `protobuf:"bytes,1,opt,name=image,proto3" json:"image"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UpdateImageResponse) Reset()      { *m = UpdateImageResponse{} }
+func (*UpdateImageResponse) ProtoMessage() {}
+func (*UpdateImageResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{6}
+}
+func (m *UpdateImageResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateImageResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateImageResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateImageResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateImageResponse.Merge(m, src)
+}
+func (m *UpdateImageResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateImageResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateImageResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateImageResponse) Reset()                    { *m = UpdateImageResponse{} }
-func (*UpdateImageResponse) ProtoMessage()               {}
-func (*UpdateImageResponse) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{6} }
+var xxx_messageInfo_UpdateImageResponse proto.InternalMessageInfo
 
 type ListImagesRequest struct {
 	// Filters contains one or more filters using the syntax defined in the
@@ -144,20 +339,82 @@ type ListImagesRequest struct {
 	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
-	Filters []string `protobuf:"bytes,1,rep,name=filters" json:"filters,omitempty"`
+	Filters              []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListImagesRequest) Reset()      { *m = ListImagesRequest{} }
+func (*ListImagesRequest) ProtoMessage() {}
+func (*ListImagesRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{7}
+}
+func (m *ListImagesRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListImagesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListImagesRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListImagesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListImagesRequest.Merge(m, src)
+}
+func (m *ListImagesRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListImagesRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListImagesRequest.DiscardUnknown(m)
 }
 
-func (m *ListImagesRequest) Reset()                    { *m = ListImagesRequest{} }
-func (*ListImagesRequest) ProtoMessage()               {}
-func (*ListImagesRequest) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{7} }
+var xxx_messageInfo_ListImagesRequest proto.InternalMessageInfo
 
 type ListImagesResponse struct {
-	Images []Image `protobuf:"bytes,1,rep,name=images" json:"images"`
+	Images               []Image  `protobuf:"bytes,1,rep,name=images,proto3" json:"images"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListImagesResponse) Reset()      { *m = ListImagesResponse{} }
+func (*ListImagesResponse) ProtoMessage() {}
+func (*ListImagesResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{8}
+}
+func (m *ListImagesResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListImagesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListImagesResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListImagesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListImagesResponse.Merge(m, src)
+}
+func (m *ListImagesResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListImagesResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListImagesResponse.DiscardUnknown(m)
 }
 
-func (m *ListImagesResponse) Reset()                    { *m = ListImagesResponse{} }
-func (*ListImagesResponse) ProtoMessage()               {}
-func (*ListImagesResponse) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{8} }
+var xxx_messageInfo_ListImagesResponse proto.InternalMessageInfo
 
 type DeleteImageRequest struct {
 	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
@@ -165,15 +422,47 @@ type DeleteImageRequest struct {
 	// synchronously before returning to the caller
 	//
 	// Default is false
-	Sync bool `protobuf:"varint,2,opt,name=sync,proto3" json:"sync,omitempty"`
+	Sync                 bool     `protobuf:"varint,2,opt,name=sync,proto3" json:"sync,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteImageRequest) Reset()      { *m = DeleteImageRequest{} }
+func (*DeleteImageRequest) ProtoMessage() {}
+func (*DeleteImageRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8666fa071128ae5f, []int{9}
+}
+func (m *DeleteImageRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteImageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteImageRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteImageRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteImageRequest.Merge(m, src)
+}
+func (m *DeleteImageRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteImageRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteImageRequest.DiscardUnknown(m)
 }
 
-func (m *DeleteImageRequest) Reset()                    { *m = DeleteImageRequest{} }
-func (*DeleteImageRequest) ProtoMessage()               {}
-func (*DeleteImageRequest) Descriptor() ([]byte, []int) { return fileDescriptorImages, []int{9} }
+var xxx_messageInfo_DeleteImageRequest proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Image)(nil), "containerd.services.images.v1.Image")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.images.v1.Image.LabelsEntry")
 	proto.RegisterType((*GetImageRequest)(nil), "containerd.services.images.v1.GetImageRequest")
 	proto.RegisterType((*GetImageResponse)(nil), "containerd.services.images.v1.GetImageResponse")
 	proto.RegisterType((*CreateImageRequest)(nil), "containerd.services.images.v1.CreateImageRequest")
@@ -185,6 +474,56 @@ func init() {
 	proto.RegisterType((*DeleteImageRequest)(nil), "containerd.services.images.v1.DeleteImageRequest")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/images/v1/images.proto", fileDescriptor_8666fa071128ae5f)
+}
+
+var fileDescriptor_8666fa071128ae5f = []byte{
+	// 659 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0xcd, 0x6e, 0xd3, 0x40,
+	0x10, 0x8e, 0x93, 0xd4, 0x6d, 0x27, 0x07, 0xca, 0x52, 0x21, 0xcb, 0x40, 0x1a, 0x45, 0x20, 0xe5,
+	0xc2, 0x9a, 0x86, 0x0b, 0xb4, 0x08, 0xd1, 0xb4, 0xa5, 0x20, 0x15, 0x0e, 0xe6, 0xaf, 0xe2, 0x52,
+	0x6d, 0x92, 0x89, 0xb1, 0x62, 0xc7, 0xc6, 0xbb, 0x89, 0x94, 0x1b, 0x8f, 0x80, 0x04, 0x0f, 0xd5,
+	0x23, 0x47, 0x4e, 0x40, 0x73, 0xe0, 0x39, 0x90, 0x77, 0x37, 0x34, 0x4d, 0x22, 0x92, 0x94, 0xde,
+	0x66, 0xed, 0xef, 0x9b, 0x9f, 0x6f, 0x66, 0x76, 0x61, 0xcf, 0xf3, 0xc5, 0x87, 0x6e, 0x9d, 0x36,
+	0xa2, 0xd0, 0x69, 0x44, 0x1d, 0xc1, 0xfc, 0x0e, 0x26, 0xcd, 0x51, 0x93, 0xc5, 0xbe, 0xc3, 0x31,
+	0xe9, 0xf9, 0x0d, 0xe4, 0x8e, 0x1f, 0x32, 0x0f, 0xb9, 0xd3, 0xdb, 0xd4, 0x16, 0x8d, 0x93, 0x48,
+	0x44, 0xe4, 0xd6, 0x19, 0x9e, 0x0e, 0xb1, 0x54, 0x23, 0x7a, 0x9b, 0xf6, 0xba, 0x17, 0x79, 0x91,
+	0x44, 0x3a, 0xa9, 0xa5, 0x48, 0xf6, 0x0d, 0x2f, 0x8a, 0xbc, 0x00, 0x1d, 0x79, 0xaa, 0x77, 0x5b,
+	0x0e, 0x86, 0xb1, 0xe8, 0xeb, 0x9f, 0xa5, 0xf1, 0x9f, 0x2d, 0x1f, 0x83, 0xe6, 0x71, 0xc8, 0x78,
+	0x5b, 0x23, 0x36, 0xc6, 0x11, 0xc2, 0x0f, 0x91, 0x0b, 0x16, 0xc6, 0x1a, 0xb0, 0x3d, 0x57, 0x69,
+	0xa2, 0x1f, 0x23, 0x77, 0x9a, 0xc8, 0x1b, 0x89, 0x1f, 0x8b, 0x28, 0x51, 0xe4, 0xf2, 0xef, 0x2c,
+	0x2c, 0x3d, 0x4f, 0x0b, 0x20, 0x04, 0xf2, 0x1d, 0x16, 0xa2, 0x65, 0x94, 0x8c, 0xca, 0xaa, 0x2b,
+	0x6d, 0xf2, 0x0c, 0xcc, 0x80, 0xd5, 0x31, 0xe0, 0x56, 0xb6, 0x94, 0xab, 0x14, 0xaa, 0xf7, 0xe8,
+	0x3f, 0x05, 0xa0, 0xd2, 0x13, 0x3d, 0x94, 0x94, 0xfd, 0x8e, 0x48, 0xfa, 0xae, 0xe6, 0x93, 0x2d,
+	0x30, 0x05, 0x4b, 0x3c, 0x14, 0x56, 0xae, 0x64, 0x54, 0x0a, 0xd5, 0x9b, 0xa3, 0x9e, 0x64, 0x6e,
+	0x74, 0xef, 0x6f, 0x6e, 0xb5, 0xfc, 0xc9, 0x8f, 0x8d, 0x8c, 0xab, 0x19, 0x64, 0x17, 0xa0, 0x91,
+	0x20, 0x13, 0xd8, 0x3c, 0x66, 0xc2, 0x5a, 0x96, 0x7c, 0x9b, 0x2a, 0x59, 0xe8, 0x50, 0x16, 0xfa,
+	0x7a, 0x28, 0x4b, 0x6d, 0x25, 0x65, 0x7f, 0xfe, 0xb9, 0x61, 0xb8, 0xab, 0x9a, 0xb7, 0x23, 0x9d,
+	0x74, 0xe3, 0xe6, 0xd0, 0xc9, 0xca, 0x22, 0x4e, 0x34, 0x6f, 0x47, 0xd8, 0x0f, 0xa1, 0x30, 0x52,
+	0x1c, 0x59, 0x83, 0x5c, 0x1b, 0xfb, 0x5a, 0xb1, 0xd4, 0x24, 0xeb, 0xb0, 0xd4, 0x63, 0x41, 0x17,
+	0xad, 0xac, 0xfc, 0xa6, 0x0e, 0x5b, 0xd9, 0x07, 0x46, 0xf9, 0x0e, 0x5c, 0x39, 0x40, 0x21, 0x05,
+	0x72, 0xf1, 0x63, 0x17, 0xb9, 0x98, 0xa6, 0x78, 0xf9, 0x25, 0xac, 0x9d, 0xc1, 0x78, 0x1c, 0x75,
+	0x38, 0x92, 0x2d, 0x58, 0x92, 0x12, 0x4b, 0x60, 0xa1, 0x7a, 0x7b, 0x9e, 0x26, 0xb8, 0x8a, 0x52,
+	0x7e, 0x0b, 0x64, 0x57, 0x6a, 0x70, 0x2e, 0xf2, 0x93, 0x0b, 0x78, 0xd4, 0x4d, 0xd1, 0x7e, 0xdf,
+	0xc1, 0xb5, 0x73, 0x7e, 0x75, 0xaa, 0xff, 0xef, 0xf8, 0x8b, 0x01, 0xe4, 0x8d, 0x14, 0xfc, 0x72,
+	0x33, 0x26, 0xdb, 0x50, 0x50, 0x8d, 0x94, 0xcb, 0x25, 0x1b, 0x34, 0x6d, 0x02, 0x9e, 0xa6, 0xfb,
+	0xf7, 0x82, 0xf1, 0xb6, 0xab, 0xe7, 0x25, 0xb5, 0xd3, 0x72, 0xcf, 0x25, 0x75, 0x69, 0xe5, 0xde,
+	0x85, 0xab, 0x87, 0x3e, 0x57, 0x0d, 0xe7, 0xc3, 0x62, 0x2d, 0x58, 0x6e, 0xf9, 0x81, 0xc0, 0x84,
+	0x5b, 0x46, 0x29, 0x57, 0x59, 0x75, 0x87, 0xc7, 0xf2, 0x11, 0x90, 0x51, 0xb8, 0x4e, 0xa3, 0x06,
+	0xa6, 0x0a, 0x22, 0xe1, 0x8b, 0xe5, 0xa1, 0x99, 0xe5, 0x47, 0x40, 0xf6, 0x30, 0xc0, 0x31, 0xd9,
+	0xa7, 0x5d, 0x0a, 0x04, 0xf2, 0xbc, 0xdf, 0x69, 0x48, 0x05, 0x57, 0x5c, 0x69, 0x57, 0xbf, 0xe6,
+	0xc1, 0x54, 0x49, 0x91, 0x16, 0xe4, 0x0e, 0x50, 0x10, 0x3a, 0x23, 0x87, 0xb1, 0x65, 0xb0, 0x9d,
+	0xb9, 0xf1, 0xba, 0xe8, 0x36, 0xe4, 0x53, 0x29, 0xc8, 0xac, 0x3b, 0x69, 0x42, 0x5e, 0x7b, 0x73,
+	0x01, 0x86, 0x0e, 0x16, 0x81, 0xa9, 0xc6, 0x9d, 0xcc, 0x22, 0x4f, 0x6e, 0x9b, 0x5d, 0x5d, 0x84,
+	0x72, 0x16, 0x50, 0x0d, 0xdc, 0xcc, 0x80, 0x93, 0xcb, 0x32, 0x33, 0xe0, 0xb4, 0x51, 0x7e, 0x05,
+	0xa6, 0xea, 0xff, 0xcc, 0x80, 0x93, 0x63, 0x62, 0x5f, 0x9f, 0x58, 0xa3, 0xfd, 0xf4, 0x8d, 0xab,
+	0x1d, 0x9d, 0x9c, 0x16, 0x33, 0xdf, 0x4f, 0x8b, 0x99, 0x4f, 0x83, 0xa2, 0x71, 0x32, 0x28, 0x1a,
+	0xdf, 0x06, 0x45, 0xe3, 0xd7, 0xa0, 0x68, 0xbc, 0x7f, 0x7c, 0xc1, 0xf7, 0x78, 0x5b, 0x59, 0x47,
+	0x99, 0xba, 0x29, 0x63, 0xdd, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x24, 0x4e, 0xca, 0x64, 0xda,
+	0x07, 0x00, 0x00,
+}
+
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ grpc.ClientConn
@@ -193,8 +532,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Images service
-
+// ImagesClient is the client API for Images service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type ImagesClient interface {
 	// Get returns an image by name.
 	Get(ctx context.Context, in *GetImageRequest, opts ...grpc.CallOption) (*GetImageResponse, error)
@@ -208,7 +548,7 @@ type ImagesClient interface {
 	// image.
 	Update(ctx context.Context, in *UpdateImageRequest, opts ...grpc.CallOption) (*UpdateImageResponse, error)
 	// Delete deletes the image by name.
-	Delete(ctx context.Context, in *DeleteImageRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
+	Delete(ctx context.Context, in *DeleteImageRequest, opts ...grpc.CallOption) (*types1.Empty, error)
 }
 
 type imagesClient struct {
@@ -221,7 +561,7 @@ func NewImagesClient(cc *grpc.ClientConn) ImagesClient {
 
 func (c *imagesClient) Get(ctx context.Context, in *GetImageRequest, opts ...grpc.CallOption) (*GetImageResponse, error) {
 	out := new(GetImageResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.images.v1.Images/Get", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.images.v1.Images/Get", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -230,7 +570,7 @@ func (c *imagesClient) Get(ctx context.Context, in *GetImageRequest, opts ...grp
 
 func (c *imagesClient) List(ctx context.Context, in *ListImagesRequest, opts ...grpc.CallOption) (*ListImagesResponse, error) {
 	out := new(ListImagesResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.images.v1.Images/List", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.images.v1.Images/List", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -239,7 +579,7 @@ func (c *imagesClient) List(ctx context.Context, in *ListImagesRequest, opts ...
 
 func (c *imagesClient) Create(ctx context.Context, in *CreateImageRequest, opts ...grpc.CallOption) (*CreateImageResponse, error) {
 	out := new(CreateImageResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.images.v1.Images/Create", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.images.v1.Images/Create", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -248,24 +588,23 @@ func (c *imagesClient) Create(ctx context.Context, in *CreateImageRequest, opts
 
 func (c *imagesClient) Update(ctx context.Context, in *UpdateImageRequest, opts ...grpc.CallOption) (*UpdateImageResponse, error) {
 	out := new(UpdateImageResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.images.v1.Images/Update", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.images.v1.Images/Update", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *imagesClient) Delete(ctx context.Context, in *DeleteImageRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
-	out := new(google_protobuf1.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.images.v1.Images/Delete", in, out, c.cc, opts...)
+func (c *imagesClient) Delete(ctx context.Context, in *DeleteImageRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.images.v1.Images/Delete", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Images service
-
+// ImagesServer is the server API for Images service.
 type ImagesServer interface {
 	// Get returns an image by name.
 	Get(context.Context, *GetImageRequest) (*GetImageResponse, error)
@@ -279,7 +618,27 @@ type ImagesServer interface {
 	// image.
 	Update(context.Context, *UpdateImageRequest) (*UpdateImageResponse, error)
 	// Delete deletes the image by name.
-	Delete(context.Context, *DeleteImageRequest) (*google_protobuf1.Empty, error)
+	Delete(context.Context, *DeleteImageRequest) (*types1.Empty, error)
+}
+
+// UnimplementedImagesServer can be embedded to have forward compatible implementations.
+type UnimplementedImagesServer struct {
+}
+
+func (*UnimplementedImagesServer) Get(ctx context.Context, req *GetImageRequest) (*GetImageResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Get not implemented")
+}
+func (*UnimplementedImagesServer) List(ctx context.Context, req *ListImagesRequest) (*ListImagesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+func (*UnimplementedImagesServer) Create(ctx context.Context, req *CreateImageRequest) (*CreateImageResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Create not implemented")
+}
+func (*UnimplementedImagesServer) Update(ctx context.Context, req *UpdateImageRequest) (*UpdateImageResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Update not implemented")
+}
+func (*UnimplementedImagesServer) Delete(ctx context.Context, req *DeleteImageRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented")
 }
 
 func RegisterImagesServer(s *grpc.Server, srv ImagesServer) {
@@ -408,7 +767,7 @@ var _Images_serviceDesc = grpc.ServiceDesc{
 func (m *Image) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -416,64 +775,78 @@ func (m *Image) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Image) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Image) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintImages(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt):])
+	if err1 != nil {
+		return 0, err1
+	}
+	i -= n1
+	i = encodeVarintImages(dAtA, i, uint64(n1))
+	i--
+	dAtA[i] = 0x42
+	n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):])
+	if err2 != nil {
+		return 0, err2
+	}
+	i -= n2
+	i = encodeVarintImages(dAtA, i, uint64(n2))
+	i--
+	dAtA[i] = 0x3a
+	{
+		size, err := m.Target.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintImages(dAtA, i, uint64(size))
 	}
+	i--
+	dAtA[i] = 0x1a
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovImages(uint64(len(k))) + 1 + len(v) + sovImages(uint64(len(v)))
-			i = encodeVarintImages(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintImages(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintImages(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintImages(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintImages(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintImages(dAtA, i, uint64(m.Target.Size()))
-	n1, err := m.Target.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n1
-	dAtA[i] = 0x3a
-	i++
-	i = encodeVarintImages(dAtA, i, uint64(types.SizeOfStdTime(m.CreatedAt)))
-	n2, err := types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n2
-	dAtA[i] = 0x42
-	i++
-	i = encodeVarintImages(dAtA, i, uint64(types.SizeOfStdTime(m.UpdatedAt)))
-	n3, err := types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintImages(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
-	i += n3
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetImageRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -481,23 +854,33 @@ func (m *GetImageRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetImageRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetImageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
 		i = encodeVarintImages(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetImageResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -505,27 +888,38 @@ func (m *GetImageResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetImageResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetImageResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Image != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintImages(dAtA, i, uint64(m.Image.Size()))
-		n4, err := m.Image.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Image.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintImages(dAtA, i, uint64(size))
 		}
-		i += n4
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateImageRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -533,25 +927,36 @@ func (m *CreateImageRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateImageRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateImageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintImages(dAtA, i, uint64(m.Image.Size()))
-	n5, err := m.Image.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Image.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintImages(dAtA, i, uint64(size))
 	}
-	i += n5
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateImageResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -559,25 +964,36 @@ func (m *CreateImageResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateImageResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateImageResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintImages(dAtA, i, uint64(m.Image.Size()))
-	n6, err := m.Image.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n6
-	return i, nil
+	{
+		size, err := m.Image.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintImages(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateImageRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -585,35 +1001,48 @@ func (m *UpdateImageRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateImageRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateImageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintImages(dAtA, i, uint64(m.Image.Size()))
-	n7, err := m.Image.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n7
 	if m.UpdateMask != nil {
+		{
+			size, err := m.UpdateMask.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintImages(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintImages(dAtA, i, uint64(m.UpdateMask.Size()))
-		n8, err := m.UpdateMask.MarshalTo(dAtA[i:])
+	}
+	{
+		size, err := m.Image.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n8
+		i -= size
+		i = encodeVarintImages(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateImageResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -621,25 +1050,36 @@ func (m *UpdateImageResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateImageResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateImageResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintImages(dAtA, i, uint64(m.Image.Size()))
-	n9, err := m.Image.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Image.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintImages(dAtA, i, uint64(size))
 	}
-	i += n9
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *ListImagesRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -647,32 +1087,35 @@ func (m *ListImagesRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListImagesRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListImagesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintImages(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListImagesResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -680,29 +1123,40 @@ func (m *ListImagesResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListImagesResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListImagesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Images) > 0 {
-		for _, msg := range m.Images {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintImages(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Images) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Images[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintImages(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteImageRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -710,39 +1164,54 @@ func (m *DeleteImageRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteImageRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteImageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintImages(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Sync {
-		dAtA[i] = 0x10
-		i++
+		i--
 		if m.Sync {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintImages(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintImages(dAtA []byte, offset int, v uint64) int {
+	offset -= sovImages(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Image) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -759,50 +1228,80 @@ func (m *Image) Size() (n int) {
 	}
 	l = m.Target.Size()
 	n += 1 + l + sovImages(uint64(l))
-	l = types.SizeOfStdTime(m.CreatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)
 	n += 1 + l + sovImages(uint64(l))
-	l = types.SizeOfStdTime(m.UpdatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt)
 	n += 1 + l + sovImages(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GetImageRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
 	if l > 0 {
 		n += 1 + l + sovImages(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GetImageResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Image != nil {
 		l = m.Image.Size()
 		n += 1 + l + sovImages(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateImageRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Image.Size()
 	n += 1 + l + sovImages(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateImageResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Image.Size()
 	n += 1 + l + sovImages(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateImageRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Image.Size()
@@ -811,18 +1310,30 @@ func (m *UpdateImageRequest) Size() (n int) {
 		l = m.UpdateMask.Size()
 		n += 1 + l + sovImages(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateImageResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Image.Size()
 	n += 1 + l + sovImages(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListImagesRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filters) > 0 {
@@ -831,10 +1342,16 @@ func (m *ListImagesRequest) Size() (n int) {
 			n += 1 + l + sovImages(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListImagesResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Images) > 0 {
@@ -843,10 +1360,16 @@ func (m *ListImagesResponse) Size() (n int) {
 			n += 1 + l + sovImages(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteImageRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -856,18 +1379,14 @@ func (m *DeleteImageRequest) Size() (n int) {
 	if m.Sync {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovImages(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozImages(x uint64) (n int) {
 	return sovImages(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -880,7 +1399,7 @@ func (this *Image) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -889,9 +1408,10 @@ func (this *Image) String() string {
 	s := strings.Join([]string{`&Image{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
-		`Target:` + strings.Replace(strings.Replace(this.Target.String(), "Descriptor", "containerd_types.Descriptor", 1), `&`, ``, 1) + `,`,
-		`CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
-		`UpdatedAt:` + strings.Replace(strings.Replace(this.UpdatedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
+		`Target:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Target), "Descriptor", "types.Descriptor", 1), `&`, ``, 1) + `,`,
+		`CreatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`UpdatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.UpdatedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -902,6 +1422,7 @@ func (this *GetImageRequest) String() string {
 	}
 	s := strings.Join([]string{`&GetImageRequest{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -911,7 +1432,8 @@ func (this *GetImageResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&GetImageResponse{`,
-		`Image:` + strings.Replace(fmt.Sprintf("%v", this.Image), "Image", "Image", 1) + `,`,
+		`Image:` + strings.Replace(this.Image.String(), "Image", "Image", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -922,6 +1444,7 @@ func (this *CreateImageRequest) String() string {
 	}
 	s := strings.Join([]string{`&CreateImageRequest{`,
 		`Image:` + strings.Replace(strings.Replace(this.Image.String(), "Image", "Image", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -932,6 +1455,7 @@ func (this *CreateImageResponse) String() string {
 	}
 	s := strings.Join([]string{`&CreateImageResponse{`,
 		`Image:` + strings.Replace(strings.Replace(this.Image.String(), "Image", "Image", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -942,7 +1466,8 @@ func (this *UpdateImageRequest) String() string {
 	}
 	s := strings.Join([]string{`&UpdateImageRequest{`,
 		`Image:` + strings.Replace(strings.Replace(this.Image.String(), "Image", "Image", 1), `&`, ``, 1) + `,`,
-		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "google_protobuf2.FieldMask", 1) + `,`,
+		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "types1.FieldMask", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -953,6 +1478,7 @@ func (this *UpdateImageResponse) String() string {
 	}
 	s := strings.Join([]string{`&UpdateImageResponse{`,
 		`Image:` + strings.Replace(strings.Replace(this.Image.String(), "Image", "Image", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -963,6 +1489,7 @@ func (this *ListImagesRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListImagesRequest{`,
 		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -971,8 +1498,14 @@ func (this *ListImagesResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForImages := "[]Image{"
+	for _, f := range this.Images {
+		repeatedStringForImages += strings.Replace(strings.Replace(f.String(), "Image", "Image", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForImages += "}"
 	s := strings.Join([]string{`&ListImagesResponse{`,
-		`Images:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Images), "Image", "Image", 1), `&`, ``, 1) + `,`,
+		`Images:` + repeatedStringForImages + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -984,6 +1517,7 @@ func (this *DeleteImageRequest) String() string {
 	s := strings.Join([]string{`&DeleteImageRequest{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Sync:` + fmt.Sprintf("%v", this.Sync) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1011,7 +1545,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1039,7 +1573,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1049,6 +1583,9 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1068,7 +1605,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1077,6 +1614,9 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1097,7 +1637,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1114,7 +1654,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1124,6 +1664,9 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthImages
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthImages
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1140,7 +1683,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1150,6 +1693,9 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthImages
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthImages
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1161,7 +1707,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthImages
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -1186,7 +1732,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1195,6 +1741,9 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1216,7 +1765,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1225,10 +1774,13 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -1246,7 +1798,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1255,10 +1807,13 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -1268,12 +1823,13 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1298,7 +1854,7 @@ func (m *GetImageRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1326,7 +1882,7 @@ func (m *GetImageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1336,6 +1892,9 @@ func (m *GetImageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1347,12 +1906,13 @@ func (m *GetImageRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1377,7 +1937,7 @@ func (m *GetImageResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1405,7 +1965,7 @@ func (m *GetImageResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1414,6 +1974,9 @@ func (m *GetImageResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1430,12 +1993,13 @@ func (m *GetImageResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1460,7 +2024,7 @@ func (m *CreateImageRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1488,7 +2052,7 @@ func (m *CreateImageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1497,6 +2061,9 @@ func (m *CreateImageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1510,12 +2077,13 @@ func (m *CreateImageRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1540,7 +2108,7 @@ func (m *CreateImageResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1568,7 +2136,7 @@ func (m *CreateImageResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1577,6 +2145,9 @@ func (m *CreateImageResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1590,12 +2161,13 @@ func (m *CreateImageResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1620,7 +2192,7 @@ func (m *UpdateImageRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1648,7 +2220,7 @@ func (m *UpdateImageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1657,6 +2229,9 @@ func (m *UpdateImageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1678,7 +2253,7 @@ func (m *UpdateImageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1687,11 +2262,14 @@ func (m *UpdateImageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.UpdateMask == nil {
-				m.UpdateMask = &google_protobuf2.FieldMask{}
+				m.UpdateMask = &types1.FieldMask{}
 			}
 			if err := m.UpdateMask.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -1703,12 +2281,13 @@ func (m *UpdateImageRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1733,7 +2312,7 @@ func (m *UpdateImageResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1761,7 +2340,7 @@ func (m *UpdateImageResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1770,6 +2349,9 @@ func (m *UpdateImageResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1783,12 +2365,13 @@ func (m *UpdateImageResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1813,7 +2396,7 @@ func (m *ListImagesRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1841,7 +2424,7 @@ func (m *ListImagesRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1851,6 +2434,9 @@ func (m *ListImagesRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1862,12 +2448,13 @@ func (m *ListImagesRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1892,7 +2479,7 @@ func (m *ListImagesResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1920,7 +2507,7 @@ func (m *ListImagesResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1929,6 +2516,9 @@ func (m *ListImagesResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1943,12 +2533,13 @@ func (m *ListImagesResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1973,7 +2564,7 @@ func (m *DeleteImageRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2001,7 +2592,7 @@ func (m *DeleteImageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2011,6 +2602,9 @@ func (m *DeleteImageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthImages
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthImages
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2030,7 +2624,7 @@ func (m *DeleteImageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2042,12 +2636,13 @@ func (m *DeleteImageRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthImages
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2060,6 +2655,7 @@ func (m *DeleteImageRequest) Unmarshal(dAtA []byte) error {
 func skipImages(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -2091,10 +2687,8 @@ func skipImages(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -2111,103 +2705,34 @@ func skipImages(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthImages
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowImages
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipImages(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupImages
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthImages
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthImages = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowImages   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthImages        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowImages          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupImages = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/images/v1/images.proto", fileDescriptorImages)
-}
-
-var fileDescriptorImages = []byte{
-	// 659 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0xcd, 0x6e, 0xd3, 0x40,
-	0x10, 0x8e, 0x93, 0xd4, 0x6d, 0x27, 0x07, 0xca, 0x52, 0x21, 0xcb, 0x40, 0x1a, 0x45, 0x20, 0xe5,
-	0xc2, 0x9a, 0x86, 0x0b, 0xb4, 0x08, 0xd1, 0xb4, 0xa5, 0x20, 0x15, 0x0e, 0xe6, 0xaf, 0xe2, 0x52,
-	0x6d, 0x92, 0x89, 0xb1, 0x62, 0xc7, 0xc6, 0xbb, 0x89, 0x94, 0x1b, 0x8f, 0x80, 0x04, 0x0f, 0xd5,
-	0x23, 0x47, 0x4e, 0x40, 0x73, 0xe0, 0x39, 0x90, 0x77, 0x37, 0x34, 0x4d, 0x22, 0x92, 0x94, 0xde,
-	0x66, 0xed, 0xef, 0x9b, 0x9f, 0x6f, 0x66, 0x76, 0x61, 0xcf, 0xf3, 0xc5, 0x87, 0x6e, 0x9d, 0x36,
-	0xa2, 0xd0, 0x69, 0x44, 0x1d, 0xc1, 0xfc, 0x0e, 0x26, 0xcd, 0x51, 0x93, 0xc5, 0xbe, 0xc3, 0x31,
-	0xe9, 0xf9, 0x0d, 0xe4, 0x8e, 0x1f, 0x32, 0x0f, 0xb9, 0xd3, 0xdb, 0xd4, 0x16, 0x8d, 0x93, 0x48,
-	0x44, 0xe4, 0xd6, 0x19, 0x9e, 0x0e, 0xb1, 0x54, 0x23, 0x7a, 0x9b, 0xf6, 0xba, 0x17, 0x79, 0x91,
-	0x44, 0x3a, 0xa9, 0xa5, 0x48, 0xf6, 0x0d, 0x2f, 0x8a, 0xbc, 0x00, 0x1d, 0x79, 0xaa, 0x77, 0x5b,
-	0x0e, 0x86, 0xb1, 0xe8, 0xeb, 0x9f, 0xa5, 0xf1, 0x9f, 0x2d, 0x1f, 0x83, 0xe6, 0x71, 0xc8, 0x78,
-	0x5b, 0x23, 0x36, 0xc6, 0x11, 0xc2, 0x0f, 0x91, 0x0b, 0x16, 0xc6, 0x1a, 0xb0, 0x3d, 0x57, 0x69,
-	0xa2, 0x1f, 0x23, 0x77, 0x9a, 0xc8, 0x1b, 0x89, 0x1f, 0x8b, 0x28, 0x51, 0xe4, 0xf2, 0xef, 0x2c,
-	0x2c, 0x3d, 0x4f, 0x0b, 0x20, 0x04, 0xf2, 0x1d, 0x16, 0xa2, 0x65, 0x94, 0x8c, 0xca, 0xaa, 0x2b,
-	0x6d, 0xf2, 0x0c, 0xcc, 0x80, 0xd5, 0x31, 0xe0, 0x56, 0xb6, 0x94, 0xab, 0x14, 0xaa, 0xf7, 0xe8,
-	0x3f, 0x05, 0xa0, 0xd2, 0x13, 0x3d, 0x94, 0x94, 0xfd, 0x8e, 0x48, 0xfa, 0xae, 0xe6, 0x93, 0x2d,
-	0x30, 0x05, 0x4b, 0x3c, 0x14, 0x56, 0xae, 0x64, 0x54, 0x0a, 0xd5, 0x9b, 0xa3, 0x9e, 0x64, 0x6e,
-	0x74, 0xef, 0x6f, 0x6e, 0xb5, 0xfc, 0xc9, 0x8f, 0x8d, 0x8c, 0xab, 0x19, 0x64, 0x17, 0xa0, 0x91,
-	0x20, 0x13, 0xd8, 0x3c, 0x66, 0xc2, 0x5a, 0x96, 0x7c, 0x9b, 0x2a, 0x59, 0xe8, 0x50, 0x16, 0xfa,
-	0x7a, 0x28, 0x4b, 0x6d, 0x25, 0x65, 0x7f, 0xfe, 0xb9, 0x61, 0xb8, 0xab, 0x9a, 0xb7, 0x23, 0x9d,
-	0x74, 0xe3, 0xe6, 0xd0, 0xc9, 0xca, 0x22, 0x4e, 0x34, 0x6f, 0x47, 0xd8, 0x0f, 0xa1, 0x30, 0x52,
-	0x1c, 0x59, 0x83, 0x5c, 0x1b, 0xfb, 0x5a, 0xb1, 0xd4, 0x24, 0xeb, 0xb0, 0xd4, 0x63, 0x41, 0x17,
-	0xad, 0xac, 0xfc, 0xa6, 0x0e, 0x5b, 0xd9, 0x07, 0x46, 0xf9, 0x0e, 0x5c, 0x39, 0x40, 0x21, 0x05,
-	0x72, 0xf1, 0x63, 0x17, 0xb9, 0x98, 0xa6, 0x78, 0xf9, 0x25, 0xac, 0x9d, 0xc1, 0x78, 0x1c, 0x75,
-	0x38, 0x92, 0x2d, 0x58, 0x92, 0x12, 0x4b, 0x60, 0xa1, 0x7a, 0x7b, 0x9e, 0x26, 0xb8, 0x8a, 0x52,
-	0x7e, 0x0b, 0x64, 0x57, 0x6a, 0x70, 0x2e, 0xf2, 0x93, 0x0b, 0x78, 0xd4, 0x4d, 0xd1, 0x7e, 0xdf,
-	0xc1, 0xb5, 0x73, 0x7e, 0x75, 0xaa, 0xff, 0xef, 0xf8, 0x8b, 0x01, 0xe4, 0x8d, 0x14, 0xfc, 0x72,
-	0x33, 0x26, 0xdb, 0x50, 0x50, 0x8d, 0x94, 0xcb, 0x25, 0x1b, 0x34, 0x6d, 0x02, 0x9e, 0xa6, 0xfb,
-	0xf7, 0x82, 0xf1, 0xb6, 0xab, 0xe7, 0x25, 0xb5, 0xd3, 0x72, 0xcf, 0x25, 0x75, 0x69, 0xe5, 0xde,
-	0x85, 0xab, 0x87, 0x3e, 0x57, 0x0d, 0xe7, 0xc3, 0x62, 0x2d, 0x58, 0x6e, 0xf9, 0x81, 0xc0, 0x84,
-	0x5b, 0x46, 0x29, 0x57, 0x59, 0x75, 0x87, 0xc7, 0xf2, 0x11, 0x90, 0x51, 0xb8, 0x4e, 0xa3, 0x06,
-	0xa6, 0x0a, 0x22, 0xe1, 0x8b, 0xe5, 0xa1, 0x99, 0xe5, 0x47, 0x40, 0xf6, 0x30, 0xc0, 0x31, 0xd9,
-	0xa7, 0x5d, 0x0a, 0x04, 0xf2, 0xbc, 0xdf, 0x69, 0x48, 0x05, 0x57, 0x5c, 0x69, 0x57, 0xbf, 0xe6,
-	0xc1, 0x54, 0x49, 0x91, 0x16, 0xe4, 0x0e, 0x50, 0x10, 0x3a, 0x23, 0x87, 0xb1, 0x65, 0xb0, 0x9d,
-	0xb9, 0xf1, 0xba, 0xe8, 0x36, 0xe4, 0x53, 0x29, 0xc8, 0xac, 0x3b, 0x69, 0x42, 0x5e, 0x7b, 0x73,
-	0x01, 0x86, 0x0e, 0x16, 0x81, 0xa9, 0xc6, 0x9d, 0xcc, 0x22, 0x4f, 0x6e, 0x9b, 0x5d, 0x5d, 0x84,
-	0x72, 0x16, 0x50, 0x0d, 0xdc, 0xcc, 0x80, 0x93, 0xcb, 0x32, 0x33, 0xe0, 0xb4, 0x51, 0x7e, 0x05,
-	0xa6, 0xea, 0xff, 0xcc, 0x80, 0x93, 0x63, 0x62, 0x5f, 0x9f, 0x58, 0xa3, 0xfd, 0xf4, 0x8d, 0xab,
-	0x1d, 0x9d, 0x9c, 0x16, 0x33, 0xdf, 0x4f, 0x8b, 0x99, 0x4f, 0x83, 0xa2, 0x71, 0x32, 0x28, 0x1a,
-	0xdf, 0x06, 0x45, 0xe3, 0xd7, 0xa0, 0x68, 0xbc, 0x7f, 0x7c, 0xc1, 0xf7, 0x78, 0x5b, 0x59, 0x47,
-	0x99, 0xba, 0x29, 0x63, 0xdd, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x24, 0x4e, 0xca, 0x64, 0xda,
-	0x07, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/images/v1/images.proto b/vendor/github.com/containerd/containerd/api/services/images/v1/images.proto
index 152ade2a08753..338f4fb08d78e 100644
--- a/vendor/github.com/containerd/containerd/api/services/images/v1/images.proto
+++ b/vendor/github.com/containerd/containerd/api/services/images/v1/images.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.images.v1;
diff --git a/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.pb.go b/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.pb.go
index 02bac622da3b3..d23c8b61a8e22 100644
--- a/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.pb.go
@@ -1,35 +1,25 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/introspection/v1/introspection.proto
 
-/*
-	Package introspection is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/introspection/v1/introspection.proto
-
-	It has these top-level messages:
-		Plugin
-		PluginsRequest
-		PluginsResponse
-*/
 package introspection
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import containerd_types "github.com/containerd/containerd/api/types"
-import google_rpc "github.com/gogo/googleapis/google/rpc"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	types "github.com/containerd/containerd/api/types"
+	rpc "github.com/gogo/googleapis/google/rpc"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	types1 "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -40,7 +30,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Plugin struct {
 	// Type defines the type of plugin.
@@ -51,7 +41,7 @@ type Plugin struct {
 	// ID identifies the plugin uniquely in the system.
 	ID string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
 	// Requires lists the plugin types required by this plugin.
-	Requires []string `protobuf:"bytes,3,rep,name=requires" json:"requires,omitempty"`
+	Requires []string `protobuf:"bytes,3,rep,name=requires,proto3" json:"requires,omitempty"`
 	// Platforms enumerates the platforms this plugin will support.
 	//
 	// If values are provided here, the plugin will only be operable under the
@@ -61,30 +51,61 @@ type Plugin struct {
 	//
 	// If the plugin prefers certain platforms over others, they should be
 	// listed from most to least preferred.
-	Platforms []containerd_types.Platform `protobuf:"bytes,4,rep,name=platforms" json:"platforms"`
+	Platforms []types.Platform `protobuf:"bytes,4,rep,name=platforms,proto3" json:"platforms"`
 	// Exports allows plugins to provide values about state or configuration to
 	// interested parties.
 	//
 	// One example is exposing the configured path of a snapshotter plugin.
-	Exports map[string]string `protobuf:"bytes,5,rep,name=exports" json:"exports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Exports map[string]string `protobuf:"bytes,5,rep,name=exports,proto3" json:"exports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Capabilities allows plugins to communicate feature switches to allow
 	// clients to detect features that may not be on be default or may be
 	// different from version to version.
 	//
 	// Use this sparingly.
-	Capabilities []string `protobuf:"bytes,6,rep,name=capabilities" json:"capabilities,omitempty"`
+	Capabilities []string `protobuf:"bytes,6,rep,name=capabilities,proto3" json:"capabilities,omitempty"`
 	// InitErr will be set if the plugin fails initialization.
 	//
 	// This means the plugin may have been registered but a non-terminal error
 	// was encountered during initialization.
 	//
 	// Plugins that have this value set cannot be used.
-	InitErr *google_rpc.Status `protobuf:"bytes,7,opt,name=init_err,json=initErr" json:"init_err,omitempty"`
+	InitErr              *rpc.Status `protobuf:"bytes,7,opt,name=init_err,json=initErr,proto3" json:"init_err,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
 }
 
-func (m *Plugin) Reset()                    { *m = Plugin{} }
-func (*Plugin) ProtoMessage()               {}
-func (*Plugin) Descriptor() ([]byte, []int) { return fileDescriptorIntrospection, []int{0} }
+func (m *Plugin) Reset()      { *m = Plugin{} }
+func (*Plugin) ProtoMessage() {}
+func (*Plugin) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1a14fda866f10715, []int{0}
+}
+func (m *Plugin) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Plugin) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Plugin.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Plugin) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Plugin.Merge(m, src)
+}
+func (m *Plugin) XXX_Size() int {
+	return m.Size()
+}
+func (m *Plugin) XXX_DiscardUnknown() {
+	xxx_messageInfo_Plugin.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Plugin proto.InternalMessageInfo
 
 type PluginsRequest struct {
 	// Filters contains one or more filters using the syntax defined in the
@@ -97,25 +118,171 @@ type PluginsRequest struct {
 	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
-	Filters []string `protobuf:"bytes,1,rep,name=filters" json:"filters,omitempty"`
+	Filters              []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PluginsRequest) Reset()      { *m = PluginsRequest{} }
+func (*PluginsRequest) ProtoMessage() {}
+func (*PluginsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1a14fda866f10715, []int{1}
+}
+func (m *PluginsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PluginsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PluginsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PluginsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PluginsRequest.Merge(m, src)
+}
+func (m *PluginsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *PluginsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PluginsRequest.DiscardUnknown(m)
 }
 
-func (m *PluginsRequest) Reset()                    { *m = PluginsRequest{} }
-func (*PluginsRequest) ProtoMessage()               {}
-func (*PluginsRequest) Descriptor() ([]byte, []int) { return fileDescriptorIntrospection, []int{1} }
+var xxx_messageInfo_PluginsRequest proto.InternalMessageInfo
 
 type PluginsResponse struct {
-	Plugins []Plugin `protobuf:"bytes,1,rep,name=plugins" json:"plugins"`
+	Plugins              []Plugin `protobuf:"bytes,1,rep,name=plugins,proto3" json:"plugins"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *PluginsResponse) Reset()                    { *m = PluginsResponse{} }
-func (*PluginsResponse) ProtoMessage()               {}
-func (*PluginsResponse) Descriptor() ([]byte, []int) { return fileDescriptorIntrospection, []int{2} }
+func (m *PluginsResponse) Reset()      { *m = PluginsResponse{} }
+func (*PluginsResponse) ProtoMessage() {}
+func (*PluginsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1a14fda866f10715, []int{2}
+}
+func (m *PluginsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PluginsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PluginsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PluginsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PluginsResponse.Merge(m, src)
+}
+func (m *PluginsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *PluginsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_PluginsResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PluginsResponse proto.InternalMessageInfo
+
+type ServerResponse struct {
+	UUID                 string   `protobuf:"bytes,1,opt,name=uuid,proto3" json:"uuid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ServerResponse) Reset()      { *m = ServerResponse{} }
+func (*ServerResponse) ProtoMessage() {}
+func (*ServerResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1a14fda866f10715, []int{3}
+}
+func (m *ServerResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ServerResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ServerResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ServerResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServerResponse.Merge(m, src)
+}
+func (m *ServerResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ServerResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ServerResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ServerResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Plugin)(nil), "containerd.services.introspection.v1.Plugin")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.introspection.v1.Plugin.ExportsEntry")
 	proto.RegisterType((*PluginsRequest)(nil), "containerd.services.introspection.v1.PluginsRequest")
 	proto.RegisterType((*PluginsResponse)(nil), "containerd.services.introspection.v1.PluginsResponse")
+	proto.RegisterType((*ServerResponse)(nil), "containerd.services.introspection.v1.ServerResponse")
+}
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/introspection/v1/introspection.proto", fileDescriptor_1a14fda866f10715)
+}
+
+var fileDescriptor_1a14fda866f10715 = []byte{
+	// 549 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0xc1, 0x6e, 0xd3, 0x40,
+	0x10, 0xad, 0x9d, 0x34, 0x6e, 0x37, 0xa5, 0xa0, 0x55, 0x55, 0x2c, 0x83, 0x9c, 0x28, 0xe2, 0x10,
+	0x21, 0x58, 0xab, 0x01, 0x24, 0x5a, 0x24, 0x0e, 0x51, 0x73, 0x88, 0xd4, 0x43, 0xe5, 0xa8, 0x08,
+	0x71, 0xa9, 0x1c, 0x67, 0x63, 0x56, 0x38, 0xde, 0xed, 0xee, 0xda, 0x22, 0x37, 0x3e, 0x2f, 0x47,
+	0x8e, 0x9c, 0x02, 0xf5, 0x37, 0xf0, 0x01, 0xc8, 0xbb, 0x76, 0x9a, 0xdc, 0x12, 0x71, 0x9b, 0x79,
+	0x33, 0x6f, 0xe6, 0xcd, 0xf3, 0xca, 0xc0, 0x8f, 0x88, 0xfc, 0x9a, 0x8e, 0x51, 0x48, 0x67, 0x5e,
+	0x48, 0x13, 0x19, 0x90, 0x04, 0xf3, 0xc9, 0x7a, 0x18, 0x30, 0xe2, 0x09, 0xcc, 0x33, 0x12, 0x62,
+	0xe1, 0x91, 0x44, 0x72, 0x2a, 0x18, 0x0e, 0x25, 0xa1, 0x89, 0x97, 0x9d, 0x6d, 0x02, 0x88, 0x71,
+	0x2a, 0x29, 0x7c, 0xf1, 0xc0, 0x46, 0x15, 0x13, 0x6d, 0x36, 0x66, 0x67, 0xce, 0xf9, 0x56, 0x9b,
+	0xe5, 0x9c, 0x61, 0xe1, 0xb1, 0x38, 0x90, 0x53, 0xca, 0x67, 0x7a, 0x81, 0xf3, 0x34, 0xa2, 0x34,
+	0x8a, 0xb1, 0xc7, 0x59, 0xe8, 0x09, 0x19, 0xc8, 0x54, 0x94, 0x85, 0x67, 0x65, 0x41, 0x65, 0xe3,
+	0x74, 0xea, 0xe1, 0x19, 0x93, 0xf3, 0xb2, 0x78, 0x12, 0xd1, 0x88, 0xaa, 0xd0, 0x2b, 0x22, 0x8d,
+	0x76, 0xfe, 0x9a, 0xa0, 0x71, 0x1d, 0xa7, 0x11, 0x49, 0x20, 0x04, 0xf5, 0x62, 0x9d, 0x6d, 0xb4,
+	0x8d, 0xee, 0xa1, 0xaf, 0x62, 0x78, 0x0a, 0x4c, 0x32, 0xb1, 0xcd, 0x02, 0xe9, 0x37, 0xf2, 0x65,
+	0xcb, 0x1c, 0x5e, 0xfa, 0x26, 0x99, 0x40, 0x07, 0x1c, 0x70, 0x7c, 0x97, 0x12, 0x8e, 0x85, 0x5d,
+	0x6b, 0xd7, 0xba, 0x87, 0xfe, 0x2a, 0x87, 0x1f, 0xc1, 0x61, 0x25, 0x58, 0xd8, 0xf5, 0x76, 0xad,
+	0xdb, 0xec, 0x39, 0x68, 0xcd, 0x13, 0x75, 0x13, 0xba, 0x2e, 0x5b, 0xfa, 0xf5, 0xc5, 0xb2, 0xb5,
+	0xe7, 0x3f, 0x50, 0xe0, 0x08, 0x58, 0xf8, 0x3b, 0xa3, 0x5c, 0x0a, 0x7b, 0x5f, 0xb1, 0xcf, 0xd1,
+	0x36, 0x8e, 0x22, 0x7d, 0x06, 0x1a, 0x68, 0xee, 0x20, 0x91, 0x7c, 0xee, 0x57, 0x93, 0x60, 0x07,
+	0x1c, 0x85, 0x01, 0x0b, 0xc6, 0x24, 0x26, 0x92, 0x60, 0x61, 0x37, 0x94, 0xe8, 0x0d, 0x0c, 0xbe,
+	0x06, 0x07, 0x24, 0x21, 0xf2, 0x16, 0x73, 0x6e, 0x5b, 0x6d, 0xa3, 0xdb, 0xec, 0x41, 0xa4, 0x1d,
+	0x45, 0x9c, 0x85, 0x68, 0xa4, 0xac, 0xf6, 0xad, 0xa2, 0x67, 0xc0, 0xb9, 0x73, 0x01, 0x8e, 0xd6,
+	0x77, 0xc1, 0x27, 0xa0, 0xf6, 0x0d, 0xcf, 0x4b, 0xfb, 0x8a, 0x10, 0x9e, 0x80, 0xfd, 0x2c, 0x88,
+	0x53, 0xac, 0x0d, 0xf4, 0x75, 0x72, 0x61, 0xbe, 0x37, 0x3a, 0x2f, 0xc1, 0xb1, 0x96, 0x2b, 0x7c,
+	0x7c, 0x97, 0x62, 0x21, 0xa1, 0x0d, 0xac, 0x29, 0x89, 0x25, 0xe6, 0xc2, 0x36, 0x94, 0xb6, 0x2a,
+	0xed, 0xdc, 0x82, 0xc7, 0xab, 0x5e, 0xc1, 0x68, 0x22, 0x30, 0xbc, 0x02, 0x16, 0xd3, 0x90, 0x6a,
+	0x6e, 0xf6, 0x5e, 0xed, 0x62, 0x51, 0x69, 0x79, 0x35, 0xa2, 0x83, 0xc0, 0xf1, 0x08, 0xf3, 0x0c,
+	0xf3, 0xd5, 0xfc, 0xe7, 0xa0, 0x9e, 0xa6, 0x64, 0xa2, 0x6f, 0xe9, 0x1f, 0xe4, 0xcb, 0x56, 0xfd,
+	0xe6, 0x66, 0x78, 0xe9, 0x2b, 0xb4, 0xf7, 0xdb, 0x00, 0x8f, 0x86, 0xeb, 0xa3, 0x61, 0x06, 0xac,
+	0x52, 0x22, 0x7c, 0xbb, 0x8b, 0x92, 0xea, 0x7a, 0xe7, 0xdd, 0x8e, 0xac, 0x52, 0xe7, 0x27, 0xd0,
+	0xd0, 0xca, 0xe1, 0x69, 0xf5, 0xa5, 0xaa, 0xb7, 0x8f, 0x06, 0xc5, 0xdb, 0x77, 0xb6, 0x94, 0xb3,
+	0x79, 0x7f, 0x7f, 0xba, 0xb8, 0x77, 0xf7, 0x7e, 0xdd, 0xbb, 0x7b, 0x3f, 0x72, 0xd7, 0x58, 0xe4,
+	0xae, 0xf1, 0x33, 0x77, 0x8d, 0x3f, 0xb9, 0x6b, 0x7c, 0xb9, 0xfa, 0xbf, 0x1f, 0xc6, 0x87, 0x0d,
+	0xe0, 0x73, 0x6d, 0xdc, 0x50, 0x7a, 0xdf, 0xfc, 0x0b, 0x00, 0x00, 0xff, 0xff, 0x0c, 0xb3, 0x50,
+	0xdc, 0x89, 0x04, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -126,14 +293,17 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Introspection service
-
+// IntrospectionClient is the client API for Introspection service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type IntrospectionClient interface {
 	// Plugins returns a list of plugins in containerd.
 	//
 	// Clients can use this to detect features and capabilities when using
 	// containerd.
 	Plugins(ctx context.Context, in *PluginsRequest, opts ...grpc.CallOption) (*PluginsResponse, error)
+	// Server returns information about the containerd server
+	Server(ctx context.Context, in *types1.Empty, opts ...grpc.CallOption) (*ServerResponse, error)
 }
 
 type introspectionClient struct {
@@ -146,21 +316,42 @@ func NewIntrospectionClient(cc *grpc.ClientConn) IntrospectionClient {
 
 func (c *introspectionClient) Plugins(ctx context.Context, in *PluginsRequest, opts ...grpc.CallOption) (*PluginsResponse, error) {
 	out := new(PluginsResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.introspection.v1.Introspection/Plugins", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.introspection.v1.Introspection/Plugins", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Introspection service
+func (c *introspectionClient) Server(ctx context.Context, in *types1.Empty, opts ...grpc.CallOption) (*ServerResponse, error) {
+	out := new(ServerResponse)
+	err := c.cc.Invoke(ctx, "/containerd.services.introspection.v1.Introspection/Server", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
 
+// IntrospectionServer is the server API for Introspection service.
 type IntrospectionServer interface {
 	// Plugins returns a list of plugins in containerd.
 	//
 	// Clients can use this to detect features and capabilities when using
 	// containerd.
 	Plugins(context.Context, *PluginsRequest) (*PluginsResponse, error)
+	// Server returns information about the containerd server
+	Server(context.Context, *types1.Empty) (*ServerResponse, error)
+}
+
+// UnimplementedIntrospectionServer can be embedded to have forward compatible implementations.
+type UnimplementedIntrospectionServer struct {
+}
+
+func (*UnimplementedIntrospectionServer) Plugins(ctx context.Context, req *PluginsRequest) (*PluginsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Plugins not implemented")
+}
+func (*UnimplementedIntrospectionServer) Server(ctx context.Context, req *types1.Empty) (*ServerResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Server not implemented")
 }
 
 func RegisterIntrospectionServer(s *grpc.Server, srv IntrospectionServer) {
@@ -185,6 +376,24 @@ func _Introspection_Plugins_Handler(srv interface{}, ctx context.Context, dec fu
 	return interceptor(ctx, in, info, handler)
 }
 
+func _Introspection_Server_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(types1.Empty)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(IntrospectionServer).Server(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/containerd.services.introspection.v1.Introspection/Server",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(IntrospectionServer).Server(ctx, req.(*types1.Empty))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _Introspection_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "containerd.services.introspection.v1.Introspection",
 	HandlerType: (*IntrospectionServer)(nil),
@@ -193,6 +402,10 @@ var _Introspection_serviceDesc = grpc.ServiceDesc{
 			MethodName: "Plugins",
 			Handler:    _Introspection_Plugins_Handler,
 		},
+		{
+			MethodName: "Server",
+			Handler:    _Introspection_Server_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "github.com/containerd/containerd/api/services/introspection/v1/introspection.proto",
@@ -201,7 +414,7 @@ var _Introspection_serviceDesc = grpc.ServiceDesc{
 func (m *Plugin) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -209,98 +422,103 @@ func (m *Plugin) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Plugin) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Plugin) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Type) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintIntrospection(dAtA, i, uint64(len(m.Type)))
-		i += copy(dAtA[i:], m.Type)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.ID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintIntrospection(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	if len(m.Requires) > 0 {
-		for _, s := range m.Requires {
-			dAtA[i] = 0x1a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.Platforms) > 0 {
-		for _, msg := range m.Platforms {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintIntrospection(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.InitErr != nil {
+		{
+			size, err := m.InitErr.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintIntrospection(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x3a
+	}
+	if len(m.Capabilities) > 0 {
+		for iNdEx := len(m.Capabilities) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Capabilities[iNdEx])
+			copy(dAtA[i:], m.Capabilities[iNdEx])
+			i = encodeVarintIntrospection(dAtA, i, uint64(len(m.Capabilities[iNdEx])))
+			i--
+			dAtA[i] = 0x32
 		}
 	}
 	if len(m.Exports) > 0 {
-		for k, _ := range m.Exports {
-			dAtA[i] = 0x2a
-			i++
+		for k := range m.Exports {
 			v := m.Exports[k]
-			mapSize := 1 + len(k) + sovIntrospection(uint64(len(k))) + 1 + len(v) + sovIntrospection(uint64(len(v)))
-			i = encodeVarintIntrospection(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintIntrospection(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintIntrospection(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintIntrospection(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintIntrospection(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x2a
 		}
 	}
-	if len(m.Capabilities) > 0 {
-		for _, s := range m.Capabilities {
-			dAtA[i] = 0x32
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.Platforms) > 0 {
+		for iNdEx := len(m.Platforms) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Platforms[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintIntrospection(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
 		}
 	}
-	if m.InitErr != nil {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintIntrospection(dAtA, i, uint64(m.InitErr.Size()))
-		n1, err := m.InitErr.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Requires) > 0 {
+		for iNdEx := len(m.Requires) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Requires[iNdEx])
+			copy(dAtA[i:], m.Requires[iNdEx])
+			i = encodeVarintIntrospection(dAtA, i, uint64(len(m.Requires[iNdEx])))
+			i--
+			dAtA[i] = 0x1a
 		}
-		i += n1
 	}
-	return i, nil
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintIntrospection(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Type) > 0 {
+		i -= len(m.Type)
+		copy(dAtA[i:], m.Type)
+		i = encodeVarintIntrospection(dAtA, i, uint64(len(m.Type)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *PluginsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -308,32 +526,35 @@ func (m *PluginsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PluginsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PluginsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintIntrospection(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *PluginsResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -341,35 +562,85 @@ func (m *PluginsResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PluginsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PluginsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Plugins) > 0 {
-		for _, msg := range m.Plugins {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintIntrospection(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Plugins) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Plugins[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintIntrospection(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
+}
+
+func (m *ServerResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ServerResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ServerResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.UUID) > 0 {
+		i -= len(m.UUID)
+		copy(dAtA[i:], m.UUID)
+		i = encodeVarintIntrospection(dAtA, i, uint64(len(m.UUID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintIntrospection(dAtA []byte, offset int, v uint64) int {
+	offset -= sovIntrospection(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Plugin) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Type)
@@ -410,10 +681,16 @@ func (m *Plugin) Size() (n int) {
 		l = m.InitErr.Size()
 		n += 1 + l + sovIntrospection(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *PluginsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filters) > 0 {
@@ -422,10 +699,16 @@ func (m *PluginsRequest) Size() (n int) {
 			n += 1 + l + sovIntrospection(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *PluginsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Plugins) > 0 {
@@ -434,19 +717,31 @@ func (m *PluginsResponse) Size() (n int) {
 			n += 1 + l + sovIntrospection(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
-func sovIntrospection(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
+func (m *ServerResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.UUID)
+	if l > 0 {
+		n += 1 + l + sovIntrospection(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
 	}
 	return n
 }
+
+func sovIntrospection(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
 func sozIntrospection(x uint64) (n int) {
 	return sovIntrospection(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
@@ -454,11 +749,16 @@ func (this *Plugin) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForPlatforms := "[]Platform{"
+	for _, f := range this.Platforms {
+		repeatedStringForPlatforms += fmt.Sprintf("%v", f) + ","
+	}
+	repeatedStringForPlatforms += "}"
 	keysForExports := make([]string, 0, len(this.Exports))
 	for k, _ := range this.Exports {
 		keysForExports = append(keysForExports, k)
 	}
-	sortkeys.Strings(keysForExports)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForExports)
 	mapStringForExports := "map[string]string{"
 	for _, k := range keysForExports {
 		mapStringForExports += fmt.Sprintf("%v: %v,", k, this.Exports[k])
@@ -468,10 +768,11 @@ func (this *Plugin) String() string {
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Requires:` + fmt.Sprintf("%v", this.Requires) + `,`,
-		`Platforms:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Platforms), "Platform", "containerd_types.Platform", 1), `&`, ``, 1) + `,`,
+		`Platforms:` + repeatedStringForPlatforms + `,`,
 		`Exports:` + mapStringForExports + `,`,
 		`Capabilities:` + fmt.Sprintf("%v", this.Capabilities) + `,`,
-		`InitErr:` + strings.Replace(fmt.Sprintf("%v", this.InitErr), "Status", "google_rpc.Status", 1) + `,`,
+		`InitErr:` + strings.Replace(fmt.Sprintf("%v", this.InitErr), "Status", "rpc.Status", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -482,6 +783,7 @@ func (this *PluginsRequest) String() string {
 	}
 	s := strings.Join([]string{`&PluginsRequest{`,
 		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -490,8 +792,25 @@ func (this *PluginsResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForPlugins := "[]Plugin{"
+	for _, f := range this.Plugins {
+		repeatedStringForPlugins += strings.Replace(strings.Replace(f.String(), "Plugin", "Plugin", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForPlugins += "}"
 	s := strings.Join([]string{`&PluginsResponse{`,
-		`Plugins:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Plugins), "Plugin", "Plugin", 1), `&`, ``, 1) + `,`,
+		`Plugins:` + repeatedStringForPlugins + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ServerResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ServerResponse{`,
+		`UUID:` + fmt.Sprintf("%v", this.UUID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -519,7 +838,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -547,7 +866,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -557,6 +876,9 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -576,7 +898,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -586,6 +908,9 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -605,7 +930,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -615,6 +940,9 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -634,7 +962,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -643,10 +971,13 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Platforms = append(m.Platforms, containerd_types.Platform{})
+			m.Platforms = append(m.Platforms, types.Platform{})
 			if err := m.Platforms[len(m.Platforms)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -665,7 +996,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -674,6 +1005,9 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -694,7 +1028,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -711,7 +1045,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -721,6 +1055,9 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthIntrospection
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthIntrospection
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -737,7 +1074,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -747,6 +1084,9 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthIntrospection
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthIntrospection
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -758,7 +1098,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthIntrospection
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -783,7 +1123,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -793,6 +1133,9 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -812,7 +1155,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -821,11 +1164,14 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.InitErr == nil {
-				m.InitErr = &google_rpc.Status{}
+				m.InitErr = &rpc.Status{}
 			}
 			if err := m.InitErr.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -837,12 +1183,13 @@ func (m *Plugin) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthIntrospection
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -867,7 +1214,7 @@ func (m *PluginsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -895,7 +1242,7 @@ func (m *PluginsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -905,6 +1252,9 @@ func (m *PluginsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -916,12 +1266,13 @@ func (m *PluginsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthIntrospection
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -946,7 +1297,7 @@ func (m *PluginsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -974,7 +1325,7 @@ func (m *PluginsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -983,6 +1334,9 @@ func (m *PluginsResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthIntrospection
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -997,12 +1351,96 @@ func (m *PluginsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthIntrospection
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ServerResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowIntrospection
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ServerResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ServerResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UUID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowIntrospection
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthIntrospection
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthIntrospection
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.UUID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipIntrospection(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthIntrospection
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1015,6 +1453,7 @@ func (m *PluginsResponse) Unmarshal(dAtA []byte) error {
 func skipIntrospection(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1046,10 +1485,8 @@ func skipIntrospection(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1066,92 +1503,34 @@ func skipIntrospection(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthIntrospection
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowIntrospection
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipIntrospection(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupIntrospection
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthIntrospection
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthIntrospection = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowIntrospection   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthIntrospection        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowIntrospection          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupIntrospection = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/introspection/v1/introspection.proto", fileDescriptorIntrospection)
-}
-
-var fileDescriptorIntrospection = []byte{
-	// 487 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x53, 0x4d, 0x6f, 0xd3, 0x40,
-	0x10, 0xcd, 0x3a, 0x69, 0xdc, 0x4c, 0xca, 0x87, 0x56, 0x15, 0x58, 0x3e, 0xb8, 0x51, 0xc4, 0x21,
-	0x42, 0xb0, 0x56, 0x03, 0x48, 0xb4, 0x48, 0x1c, 0x22, 0x72, 0xa8, 0xd4, 0x43, 0xe5, 0x5e, 0x10,
-	0x97, 0xca, 0x71, 0x36, 0x66, 0x85, 0xeb, 0xdd, 0xee, 0xae, 0x2d, 0x72, 0xe3, 0xc6, 0x5f, 0xcb,
-	0x91, 0x23, 0xa7, 0x8a, 0xfa, 0x37, 0xf0, 0x03, 0x90, 0xbd, 0x76, 0x9b, 0xdc, 0x12, 0x71, 0x9b,
-	0x79, 0x7e, 0x6f, 0xe6, 0xcd, 0x93, 0x17, 0x82, 0x98, 0xe9, 0xaf, 0xd9, 0x8c, 0x44, 0xfc, 0xda,
-	0x8f, 0x78, 0xaa, 0x43, 0x96, 0x52, 0x39, 0x5f, 0x2f, 0x43, 0xc1, 0x7c, 0x45, 0x65, 0xce, 0x22,
-	0xaa, 0x7c, 0x96, 0x6a, 0xc9, 0x95, 0xa0, 0x91, 0x66, 0x3c, 0xf5, 0xf3, 0xe3, 0x4d, 0x80, 0x08,
-	0xc9, 0x35, 0xc7, 0x2f, 0x1e, 0xd4, 0xa4, 0x51, 0x92, 0x4d, 0x62, 0x7e, 0xec, 0x9e, 0x6c, 0xb5,
-	0x59, 0x2f, 0x05, 0x55, 0xbe, 0x48, 0x42, 0xbd, 0xe0, 0xf2, 0xda, 0x2c, 0x70, 0x9f, 0xc7, 0x9c,
-	0xc7, 0x09, 0xf5, 0xa5, 0x88, 0x7c, 0xa5, 0x43, 0x9d, 0xa9, 0xfa, 0xc3, 0x61, 0xcc, 0x63, 0x5e,
-	0x95, 0x7e, 0x59, 0x19, 0x74, 0xf8, 0xd7, 0x82, 0xee, 0x45, 0x92, 0xc5, 0x2c, 0xc5, 0x18, 0x3a,
-	0xe5, 0x44, 0x07, 0x0d, 0xd0, 0xa8, 0x17, 0x54, 0x35, 0x7e, 0x06, 0x16, 0x9b, 0x3b, 0x56, 0x89,
-	0x4c, 0xba, 0xc5, 0xed, 0x91, 0x75, 0xf6, 0x29, 0xb0, 0xd8, 0x1c, 0xbb, 0xb0, 0x2f, 0xe9, 0x4d,
-	0xc6, 0x24, 0x55, 0x4e, 0x7b, 0xd0, 0x1e, 0xf5, 0x82, 0xfb, 0x1e, 0x7f, 0x84, 0x5e, 0xe3, 0x49,
-	0x39, 0x9d, 0x41, 0x7b, 0xd4, 0x1f, 0xbb, 0x64, 0xed, 0xec, 0xca, 0x36, 0xb9, 0xa8, 0x29, 0x93,
-	0xce, 0xea, 0xf6, 0xa8, 0x15, 0x3c, 0x48, 0xf0, 0x25, 0xd8, 0xf4, 0xbb, 0xe0, 0x52, 0x2b, 0x67,
-	0xaf, 0x52, 0x9f, 0x90, 0x6d, 0x42, 0x23, 0xe6, 0x0c, 0x32, 0x35, 0xda, 0x69, 0xaa, 0xe5, 0x32,
-	0x68, 0x26, 0xe1, 0x21, 0x1c, 0x44, 0xa1, 0x08, 0x67, 0x2c, 0x61, 0x9a, 0x51, 0xe5, 0x74, 0x2b,
-	0xd3, 0x1b, 0x18, 0x7e, 0x0d, 0xfb, 0x2c, 0x65, 0xfa, 0x8a, 0x4a, 0xe9, 0xd8, 0x03, 0x34, 0xea,
-	0x8f, 0x31, 0x31, 0x69, 0x12, 0x29, 0x22, 0x72, 0x59, 0xa5, 0x19, 0xd8, 0x25, 0x67, 0x2a, 0xa5,
-	0x7b, 0x0a, 0x07, 0xeb, 0xbb, 0xf0, 0x53, 0x68, 0x7f, 0xa3, 0xcb, 0x3a, 0xbe, 0xb2, 0xc4, 0x87,
-	0xb0, 0x97, 0x87, 0x49, 0x46, 0x4d, 0x80, 0x81, 0x69, 0x4e, 0xad, 0xf7, 0x68, 0xf8, 0x12, 0x1e,
-	0x1b, 0xbb, 0x2a, 0xa0, 0x37, 0x19, 0x55, 0x1a, 0x3b, 0x60, 0x2f, 0x58, 0xa2, 0xa9, 0x54, 0x0e,
-	0xaa, 0xbc, 0x35, 0xed, 0xf0, 0x0a, 0x9e, 0xdc, 0x73, 0x95, 0xe0, 0xa9, 0xa2, 0xf8, 0x1c, 0x6c,
-	0x61, 0xa0, 0x8a, 0xdc, 0x1f, 0xbf, 0xda, 0x25, 0xa2, 0x3a, 0xf2, 0x66, 0xc4, 0xf8, 0x27, 0x82,
-	0x47, 0x67, 0xeb, 0x54, 0x9c, 0x83, 0x5d, 0xaf, 0xc4, 0x6f, 0x77, 0x99, 0xdc, 0x5c, 0xe3, 0xbe,
-	0xdb, 0x51, 0x65, 0xee, 0x9a, 0x2c, 0x56, 0x77, 0x5e, 0xeb, 0xf7, 0x9d, 0xd7, 0xfa, 0x51, 0x78,
-	0x68, 0x55, 0x78, 0xe8, 0x57, 0xe1, 0xa1, 0x3f, 0x85, 0x87, 0xbe, 0x9c, 0xff, 0xdf, 0x5b, 0xfc,
-	0xb0, 0x01, 0x7c, 0xb6, 0x66, 0xdd, 0xea, 0xf7, 0x7f, 0xf3, 0x2f, 0x00, 0x00, 0xff, 0xff, 0xe6,
-	0x72, 0xde, 0x35, 0xe4, 0x03, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto b/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto
index 95e804b9b7e41..65a8bc21b6cd1 100644
--- a/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto
+++ b/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto
@@ -1,9 +1,26 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.introspection.v1;
 
 import "github.com/containerd/containerd/api/types/platform.proto";
 import "google/rpc/status.proto";
+import "google/protobuf/empty.proto";
 import weak "gogoproto/gogo.proto";
 
 option go_package = "github.com/containerd/containerd/api/services/introspection/v1;introspection";
@@ -14,6 +31,8 @@ service Introspection {
 	// Clients can use this to detect features and capabilities when using
 	// containerd.
 	rpc Plugins(PluginsRequest) returns (PluginsResponse);
+	// Server returns information about the containerd server
+	rpc Server(google.protobuf.Empty) returns (ServerResponse);
 }
 
 message Plugin {
@@ -79,3 +98,7 @@ message PluginsRequest {
 message PluginsResponse {
 	repeated Plugin plugins = 1 [(gogoproto.nullable) = false];
 }
+
+message ServerResponse {
+	string uuid = 1 [(gogoproto.customname) = "UUID"];
+}
diff --git a/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.pb.go b/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.pb.go
index 1222c1aec0f8a..5e7cab71f1312 100644
--- a/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.pb.go
@@ -1,42 +1,25 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/leases/v1/leases.proto
 
-/*
-	Package leases is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/leases/v1/leases.proto
-
-	It has these top-level messages:
-		Lease
-		CreateRequest
-		CreateResponse
-		DeleteRequest
-		ListRequest
-		ListResponse
-*/
 package leases
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/types"
-
-import time "time"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -48,37 +31,130 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // Lease is an object which retains resources while it exists.
 type Lease struct {
-	ID        string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	CreatedAt time.Time         `protobuf:"bytes,2,opt,name=created_at,json=createdAt,stdtime" json:"created_at"`
-	Labels    map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	ID                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	CreatedAt            time.Time         `protobuf:"bytes,2,opt,name=created_at,json=createdAt,proto3,stdtime" json:"created_at"`
+	Labels               map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Lease) Reset()      { *m = Lease{} }
+func (*Lease) ProtoMessage() {}
+func (*Lease) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{0}
+}
+func (m *Lease) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Lease) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Lease.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Lease) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Lease.Merge(m, src)
+}
+func (m *Lease) XXX_Size() int {
+	return m.Size()
+}
+func (m *Lease) XXX_DiscardUnknown() {
+	xxx_messageInfo_Lease.DiscardUnknown(m)
 }
 
-func (m *Lease) Reset()                    { *m = Lease{} }
-func (*Lease) ProtoMessage()               {}
-func (*Lease) Descriptor() ([]byte, []int) { return fileDescriptorLeases, []int{0} }
+var xxx_messageInfo_Lease proto.InternalMessageInfo
 
 type CreateRequest struct {
 	// ID is used to identity the lease, when the id is not set the service
 	// generates a random identifier for the lease.
-	ID     string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Labels map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	ID                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Labels               map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *CreateRequest) Reset()      { *m = CreateRequest{} }
+func (*CreateRequest) ProtoMessage() {}
+func (*CreateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{1}
+}
+func (m *CreateRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateRequest.Merge(m, src)
+}
+func (m *CreateRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateRequest.DiscardUnknown(m)
 }
 
-func (m *CreateRequest) Reset()                    { *m = CreateRequest{} }
-func (*CreateRequest) ProtoMessage()               {}
-func (*CreateRequest) Descriptor() ([]byte, []int) { return fileDescriptorLeases, []int{1} }
+var xxx_messageInfo_CreateRequest proto.InternalMessageInfo
 
 type CreateResponse struct {
-	Lease *Lease `protobuf:"bytes,1,opt,name=lease" json:"lease,omitempty"`
+	Lease                *Lease   `protobuf:"bytes,1,opt,name=lease,proto3" json:"lease,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateResponse) Reset()      { *m = CreateResponse{} }
+func (*CreateResponse) ProtoMessage() {}
+func (*CreateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{2}
+}
+func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateResponse.Merge(m, src)
+}
+func (m *CreateResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateResponse.DiscardUnknown(m)
 }
 
-func (m *CreateResponse) Reset()                    { *m = CreateResponse{} }
-func (*CreateResponse) ProtoMessage()               {}
-func (*CreateResponse) Descriptor() ([]byte, []int) { return fileDescriptorLeases, []int{2} }
+var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
 
 type DeleteRequest struct {
 	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
@@ -86,36 +162,386 @@ type DeleteRequest struct {
 	// synchronously before returning to the caller
 	//
 	// Default is false
-	Sync bool `protobuf:"varint,2,opt,name=sync,proto3" json:"sync,omitempty"`
+	Sync                 bool     `protobuf:"varint,2,opt,name=sync,proto3" json:"sync,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteRequest) Reset()      { *m = DeleteRequest{} }
+func (*DeleteRequest) ProtoMessage() {}
+func (*DeleteRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{3}
+}
+func (m *DeleteRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteRequest.Merge(m, src)
+}
+func (m *DeleteRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteRequest.DiscardUnknown(m)
 }
 
-func (m *DeleteRequest) Reset()                    { *m = DeleteRequest{} }
-func (*DeleteRequest) ProtoMessage()               {}
-func (*DeleteRequest) Descriptor() ([]byte, []int) { return fileDescriptorLeases, []int{3} }
+var xxx_messageInfo_DeleteRequest proto.InternalMessageInfo
 
 type ListRequest struct {
-	Filters []string `protobuf:"bytes,1,rep,name=filters" json:"filters,omitempty"`
+	Filters              []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListRequest) Reset()      { *m = ListRequest{} }
+func (*ListRequest) ProtoMessage() {}
+func (*ListRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{4}
+}
+func (m *ListRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListRequest.Merge(m, src)
+}
+func (m *ListRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListRequest.DiscardUnknown(m)
 }
 
-func (m *ListRequest) Reset()                    { *m = ListRequest{} }
-func (*ListRequest) ProtoMessage()               {}
-func (*ListRequest) Descriptor() ([]byte, []int) { return fileDescriptorLeases, []int{4} }
+var xxx_messageInfo_ListRequest proto.InternalMessageInfo
 
 type ListResponse struct {
-	Leases []*Lease `protobuf:"bytes,1,rep,name=leases" json:"leases,omitempty"`
+	Leases               []*Lease `protobuf:"bytes,1,rep,name=leases,proto3" json:"leases,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListResponse) Reset()      { *m = ListResponse{} }
+func (*ListResponse) ProtoMessage() {}
+func (*ListResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{5}
+}
+func (m *ListResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListResponse.Merge(m, src)
+}
+func (m *ListResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListResponse proto.InternalMessageInfo
+
+type Resource struct {
+	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	// For snapshotter resource, there are many snapshotter types here, like
+	// overlayfs, devmapper etc. The type will be formatted with type,
+	// like "snapshotter/overlayfs".
+	Type                 string   `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Resource) Reset()      { *m = Resource{} }
+func (*Resource) ProtoMessage() {}
+func (*Resource) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{6}
+}
+func (m *Resource) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Resource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Resource.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Resource) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Resource.Merge(m, src)
+}
+func (m *Resource) XXX_Size() int {
+	return m.Size()
+}
+func (m *Resource) XXX_DiscardUnknown() {
+	xxx_messageInfo_Resource.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Resource proto.InternalMessageInfo
+
+type AddResourceRequest struct {
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Resource             Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *AddResourceRequest) Reset()      { *m = AddResourceRequest{} }
+func (*AddResourceRequest) ProtoMessage() {}
+func (*AddResourceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{7}
+}
+func (m *AddResourceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AddResourceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AddResourceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AddResourceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AddResourceRequest.Merge(m, src)
+}
+func (m *AddResourceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *AddResourceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_AddResourceRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AddResourceRequest proto.InternalMessageInfo
+
+type DeleteResourceRequest struct {
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Resource             Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteResourceRequest) Reset()      { *m = DeleteResourceRequest{} }
+func (*DeleteResourceRequest) ProtoMessage() {}
+func (*DeleteResourceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{8}
+}
+func (m *DeleteResourceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteResourceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteResourceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteResourceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteResourceRequest.Merge(m, src)
+}
+func (m *DeleteResourceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteResourceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteResourceRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_DeleteResourceRequest proto.InternalMessageInfo
+
+type ListResourcesRequest struct {
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListResourcesRequest) Reset()      { *m = ListResourcesRequest{} }
+func (*ListResourcesRequest) ProtoMessage() {}
+func (*ListResourcesRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{9}
+}
+func (m *ListResourcesRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListResourcesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListResourcesRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListResourcesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListResourcesRequest.Merge(m, src)
+}
+func (m *ListResourcesRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListResourcesRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListResourcesRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListResourcesRequest proto.InternalMessageInfo
+
+type ListResourcesResponse struct {
+	Resources            []Resource `protobuf:"bytes,1,rep,name=resources,proto3" json:"resources"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *ListResourcesResponse) Reset()      { *m = ListResourcesResponse{} }
+func (*ListResourcesResponse) ProtoMessage() {}
+func (*ListResourcesResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_fefd70dfe8d93cbf, []int{10}
+}
+func (m *ListResourcesResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListResourcesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListResourcesResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListResourcesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListResourcesResponse.Merge(m, src)
+}
+func (m *ListResourcesResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListResourcesResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListResourcesResponse.DiscardUnknown(m)
 }
 
-func (m *ListResponse) Reset()                    { *m = ListResponse{} }
-func (*ListResponse) ProtoMessage()               {}
-func (*ListResponse) Descriptor() ([]byte, []int) { return fileDescriptorLeases, []int{5} }
+var xxx_messageInfo_ListResourcesResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Lease)(nil), "containerd.services.leases.v1.Lease")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.leases.v1.Lease.LabelsEntry")
 	proto.RegisterType((*CreateRequest)(nil), "containerd.services.leases.v1.CreateRequest")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.leases.v1.CreateRequest.LabelsEntry")
 	proto.RegisterType((*CreateResponse)(nil), "containerd.services.leases.v1.CreateResponse")
 	proto.RegisterType((*DeleteRequest)(nil), "containerd.services.leases.v1.DeleteRequest")
 	proto.RegisterType((*ListRequest)(nil), "containerd.services.leases.v1.ListRequest")
 	proto.RegisterType((*ListResponse)(nil), "containerd.services.leases.v1.ListResponse")
+	proto.RegisterType((*Resource)(nil), "containerd.services.leases.v1.Resource")
+	proto.RegisterType((*AddResourceRequest)(nil), "containerd.services.leases.v1.AddResourceRequest")
+	proto.RegisterType((*DeleteResourceRequest)(nil), "containerd.services.leases.v1.DeleteResourceRequest")
+	proto.RegisterType((*ListResourcesRequest)(nil), "containerd.services.leases.v1.ListResourcesRequest")
+	proto.RegisterType((*ListResourcesResponse)(nil), "containerd.services.leases.v1.ListResourcesResponse")
+}
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/leases/v1/leases.proto", fileDescriptor_fefd70dfe8d93cbf)
+}
+
+var fileDescriptor_fefd70dfe8d93cbf = []byte{
+	// 644 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xcd, 0x6e, 0xd3, 0x40,
+	0x10, 0xce, 0x26, 0xa9, 0x49, 0x26, 0xb4, 0x42, 0xab, 0xb6, 0x8a, 0x8c, 0x48, 0x22, 0x0b, 0xa9,
+	0x11, 0x3f, 0x36, 0x4d, 0x2b, 0x54, 0x5a, 0x84, 0xd4, 0xb4, 0x95, 0xa8, 0x88, 0x10, 0xb2, 0x38,
+	0x54, 0x1c, 0xa8, 0x1c, 0x7b, 0x1b, 0x2c, 0x9c, 0xd8, 0x78, 0x37, 0x41, 0xe9, 0x89, 0x47, 0xe0,
+	0x61, 0x78, 0x88, 0x1e, 0x39, 0x21, 0x4e, 0x85, 0xe6, 0xc6, 0x5b, 0x20, 0xef, 0x0f, 0x6d, 0x5a,
+	0xb5, 0x76, 0x11, 0xe2, 0x36, 0x1b, 0x7f, 0xdf, 0xcc, 0x37, 0x33, 0xdf, 0x6e, 0x60, 0xbb, 0xe7,
+	0xb3, 0x77, 0xc3, 0xae, 0xe9, 0x86, 0x7d, 0xcb, 0x0d, 0x07, 0xcc, 0xf1, 0x07, 0x24, 0xf6, 0xce,
+	0x86, 0x4e, 0xe4, 0x5b, 0x94, 0xc4, 0x23, 0xdf, 0x25, 0xd4, 0x0a, 0x88, 0x43, 0x09, 0xb5, 0x46,
+	0xcb, 0x32, 0x32, 0xa3, 0x38, 0x64, 0x21, 0xbe, 0x73, 0x8a, 0x37, 0x15, 0xd6, 0x94, 0x88, 0xd1,
+	0xb2, 0x3e, 0xdf, 0x0b, 0x7b, 0x21, 0x47, 0x5a, 0x49, 0x24, 0x48, 0xfa, 0xed, 0x5e, 0x18, 0xf6,
+	0x02, 0x62, 0xf1, 0x53, 0x77, 0x78, 0x60, 0x91, 0x7e, 0xc4, 0xc6, 0xf2, 0x63, 0xfd, 0xfc, 0x47,
+	0xe6, 0xf7, 0x09, 0x65, 0x4e, 0x3f, 0x12, 0x00, 0xe3, 0x17, 0x82, 0x99, 0x4e, 0x52, 0x01, 0x2f,
+	0x42, 0xde, 0xf7, 0xaa, 0xa8, 0x81, 0x9a, 0xe5, 0xb6, 0x36, 0x39, 0xae, 0xe7, 0x77, 0xb7, 0xed,
+	0xbc, 0xef, 0xe1, 0x2d, 0x00, 0x37, 0x26, 0x0e, 0x23, 0xde, 0xbe, 0xc3, 0xaa, 0xf9, 0x06, 0x6a,
+	0x56, 0x5a, 0xba, 0x29, 0xf2, 0x9a, 0x2a, 0xaf, 0xf9, 0x5a, 0xe5, 0x6d, 0x97, 0x8e, 0x8e, 0xeb,
+	0xb9, 0xcf, 0x3f, 0xea, 0xc8, 0x2e, 0x4b, 0xde, 0x26, 0xc3, 0xcf, 0x41, 0x0b, 0x9c, 0x2e, 0x09,
+	0x68, 0xb5, 0xd0, 0x28, 0x34, 0x2b, 0xad, 0x47, 0xe6, 0x95, 0xad, 0x9a, 0x5c, 0x92, 0xd9, 0xe1,
+	0x94, 0x9d, 0x01, 0x8b, 0xc7, 0xb6, 0xe4, 0xeb, 0x4f, 0xa0, 0x72, 0xe6, 0x67, 0x7c, 0x0b, 0x0a,
+	0xef, 0xc9, 0x58, 0xc8, 0xb6, 0x93, 0x10, 0xcf, 0xc3, 0xcc, 0xc8, 0x09, 0x86, 0x84, 0x4b, 0x2d,
+	0xdb, 0xe2, 0xb0, 0x9e, 0x5f, 0x43, 0xc6, 0x17, 0x04, 0xb3, 0x5b, 0x5c, 0x92, 0x4d, 0x3e, 0x0c,
+	0x09, 0x65, 0x97, 0xf6, 0xfc, 0xea, 0x9c, 0xdc, 0xb5, 0x14, 0xb9, 0x53, 0x59, 0xff, 0xb5, 0xec,
+	0x0e, 0xcc, 0xa9, 0xfc, 0x34, 0x0a, 0x07, 0x94, 0xe0, 0x75, 0x98, 0xe1, 0xb5, 0x39, 0xbf, 0xd2,
+	0xba, 0x9b, 0x65, 0x98, 0xb6, 0xa0, 0x18, 0x1b, 0x30, 0xbb, 0x4d, 0x02, 0x92, 0x3e, 0x03, 0x0c,
+	0x45, 0x3a, 0x1e, 0xb8, 0x5c, 0x4f, 0xc9, 0xe6, 0xb1, 0xb1, 0x04, 0x95, 0x8e, 0x4f, 0x99, 0xa2,
+	0x56, 0xe1, 0xc6, 0x81, 0x1f, 0x30, 0x12, 0xd3, 0x2a, 0x6a, 0x14, 0x9a, 0x65, 0x5b, 0x1d, 0x8d,
+	0x0e, 0xdc, 0x14, 0x40, 0xa9, 0xf8, 0x29, 0x68, 0x42, 0x0f, 0x07, 0x66, 0x95, 0x2c, 0x39, 0xc6,
+	0x63, 0x28, 0xd9, 0x84, 0x86, 0xc3, 0xd8, 0x25, 0x57, 0xc9, 0x65, 0xe3, 0x48, 0x8d, 0x8f, 0xc7,
+	0xc6, 0x47, 0xc0, 0x9b, 0x9e, 0xa7, 0xa8, 0x69, 0x0d, 0xef, 0x42, 0x29, 0x96, 0x50, 0x69, 0xf3,
+	0xa5, 0x14, 0x95, 0x2a, 0x73, 0xbb, 0x98, 0x78, 0xde, 0xfe, 0x43, 0x37, 0x0e, 0x61, 0x41, 0x0d,
+	0xf9, 0xbf, 0xd7, 0x36, 0x61, 0x5e, 0x8e, 0x9e, 0x9f, 0x69, 0x4a, 0x69, 0xc3, 0x83, 0x85, 0x73,
+	0x78, 0xb9, 0xb3, 0x17, 0x50, 0x56, 0x49, 0xd5, 0xda, 0xae, 0x29, 0xea, 0x94, 0xdf, 0xfa, 0x56,
+	0x04, 0x8d, 0x2f, 0x95, 0x62, 0x02, 0x9a, 0xf0, 0x33, 0x7e, 0x70, 0x9d, 0x6b, 0xa5, 0x3f, 0xcc,
+	0x88, 0x96, 0xf2, 0x5f, 0x82, 0x26, 0x76, 0x90, 0x5a, 0x66, 0xea, 0x3e, 0xe8, 0x8b, 0x17, 0xde,
+	0xb6, 0x9d, 0xe4, 0x41, 0xc5, 0xfb, 0x50, 0x4c, 0xe6, 0x84, 0xef, 0xa5, 0x59, 0xf7, 0xf4, 0x82,
+	0xe8, 0xf7, 0x33, 0x61, 0xa5, 0xe0, 0x3d, 0xa8, 0x9c, 0x71, 0x2b, 0x5e, 0x4e, 0xe1, 0x5e, 0x74,
+	0xf6, 0xa5, 0xd2, 0xdf, 0xc2, 0xdc, 0xb4, 0x1d, 0xf1, 0x6a, 0xc6, 0x91, 0x64, 0xcb, 0x7f, 0x08,
+	0xb3, 0x53, 0x16, 0xc2, 0x2b, 0xd9, 0xfa, 0x9e, 0x32, 0xa8, 0xbe, 0x7a, 0x3d, 0x92, 0x98, 0x5a,
+	0x7b, 0xef, 0xe8, 0xa4, 0x96, 0xfb, 0x7e, 0x52, 0xcb, 0x7d, 0x9a, 0xd4, 0xd0, 0xd1, 0xa4, 0x86,
+	0xbe, 0x4e, 0x6a, 0xe8, 0xe7, 0xa4, 0x86, 0xde, 0x3c, 0xfb, 0xcb, 0xff, 0xe4, 0x0d, 0x11, 0xed,
+	0xe5, 0xba, 0x1a, 0xef, 0x73, 0xe5, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0x0d, 0xfe, 0x39, 0x67,
+	0xde, 0x07, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -126,8 +552,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Leases service
-
+// LeasesClient is the client API for Leases service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type LeasesClient interface {
 	// Create creates a new lease for managing changes to metadata. A lease
 	// can be used to protect objects from being removed.
@@ -135,10 +562,16 @@ type LeasesClient interface {
 	// Delete deletes the lease and makes any unreferenced objects created
 	// during the lease eligible for garbage collection if not referenced
 	// or retained by other resources during the lease.
-	Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
+	Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*types.Empty, error)
 	// List lists all active leases, returning the full list of
 	// leases and optionally including the referenced resources.
 	List(ctx context.Context, in *ListRequest, opts ...grpc.CallOption) (*ListResponse, error)
+	// AddResource references the resource by the provided lease.
+	AddResource(ctx context.Context, in *AddResourceRequest, opts ...grpc.CallOption) (*types.Empty, error)
+	// DeleteResource dereferences the resource by the provided lease.
+	DeleteResource(ctx context.Context, in *DeleteResourceRequest, opts ...grpc.CallOption) (*types.Empty, error)
+	// ListResources lists all the resources referenced by the lease.
+	ListResources(ctx context.Context, in *ListResourcesRequest, opts ...grpc.CallOption) (*ListResourcesResponse, error)
 }
 
 type leasesClient struct {
@@ -151,16 +584,16 @@ func NewLeasesClient(cc *grpc.ClientConn) LeasesClient {
 
 func (c *leasesClient) Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error) {
 	out := new(CreateResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.leases.v1.Leases/Create", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.leases.v1.Leases/Create", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *leasesClient) Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
-	out := new(google_protobuf1.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.leases.v1.Leases/Delete", in, out, c.cc, opts...)
+func (c *leasesClient) Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.leases.v1.Leases/Delete", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -169,15 +602,41 @@ func (c *leasesClient) Delete(ctx context.Context, in *DeleteRequest, opts ...gr
 
 func (c *leasesClient) List(ctx context.Context, in *ListRequest, opts ...grpc.CallOption) (*ListResponse, error) {
 	out := new(ListResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.leases.v1.Leases/List", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.leases.v1.Leases/List", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *leasesClient) AddResource(ctx context.Context, in *AddResourceRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.leases.v1.Leases/AddResource", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *leasesClient) DeleteResource(ctx context.Context, in *DeleteResourceRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.leases.v1.Leases/DeleteResource", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Leases service
+func (c *leasesClient) ListResources(ctx context.Context, in *ListResourcesRequest, opts ...grpc.CallOption) (*ListResourcesResponse, error) {
+	out := new(ListResourcesResponse)
+	err := c.cc.Invoke(ctx, "/containerd.services.leases.v1.Leases/ListResources", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
 
+// LeasesServer is the server API for Leases service.
 type LeasesServer interface {
 	// Create creates a new lease for managing changes to metadata. A lease
 	// can be used to protect objects from being removed.
@@ -185,10 +644,39 @@ type LeasesServer interface {
 	// Delete deletes the lease and makes any unreferenced objects created
 	// during the lease eligible for garbage collection if not referenced
 	// or retained by other resources during the lease.
-	Delete(context.Context, *DeleteRequest) (*google_protobuf1.Empty, error)
+	Delete(context.Context, *DeleteRequest) (*types.Empty, error)
 	// List lists all active leases, returning the full list of
 	// leases and optionally including the referenced resources.
 	List(context.Context, *ListRequest) (*ListResponse, error)
+	// AddResource references the resource by the provided lease.
+	AddResource(context.Context, *AddResourceRequest) (*types.Empty, error)
+	// DeleteResource dereferences the resource by the provided lease.
+	DeleteResource(context.Context, *DeleteResourceRequest) (*types.Empty, error)
+	// ListResources lists all the resources referenced by the lease.
+	ListResources(context.Context, *ListResourcesRequest) (*ListResourcesResponse, error)
+}
+
+// UnimplementedLeasesServer can be embedded to have forward compatible implementations.
+type UnimplementedLeasesServer struct {
+}
+
+func (*UnimplementedLeasesServer) Create(ctx context.Context, req *CreateRequest) (*CreateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Create not implemented")
+}
+func (*UnimplementedLeasesServer) Delete(ctx context.Context, req *DeleteRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented")
+}
+func (*UnimplementedLeasesServer) List(ctx context.Context, req *ListRequest) (*ListResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+func (*UnimplementedLeasesServer) AddResource(ctx context.Context, req *AddResourceRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method AddResource not implemented")
+}
+func (*UnimplementedLeasesServer) DeleteResource(ctx context.Context, req *DeleteResourceRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteResource not implemented")
+}
+func (*UnimplementedLeasesServer) ListResources(ctx context.Context, req *ListResourcesRequest) (*ListResourcesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListResources not implemented")
 }
 
 func RegisterLeasesServer(s *grpc.Server, srv LeasesServer) {
@@ -249,6 +737,60 @@ func _Leases_List_Handler(srv interface{}, ctx context.Context, dec func(interfa
 	return interceptor(ctx, in, info, handler)
 }
 
+func _Leases_AddResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AddResourceRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LeasesServer).AddResource(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/containerd.services.leases.v1.Leases/AddResource",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LeasesServer).AddResource(ctx, req.(*AddResourceRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Leases_DeleteResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteResourceRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LeasesServer).DeleteResource(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/containerd.services.leases.v1.Leases/DeleteResource",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LeasesServer).DeleteResource(ctx, req.(*DeleteResourceRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Leases_ListResources_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListResourcesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LeasesServer).ListResources(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/containerd.services.leases.v1.Leases/ListResources",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LeasesServer).ListResources(ctx, req.(*ListResourcesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _Leases_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "containerd.services.leases.v1.Leases",
 	HandlerType: (*LeasesServer)(nil),
@@ -265,6 +807,18 @@ var _Leases_serviceDesc = grpc.ServiceDesc{
 			MethodName: "List",
 			Handler:    _Leases_List_Handler,
 		},
+		{
+			MethodName: "AddResource",
+			Handler:    _Leases_AddResource_Handler,
+		},
+		{
+			MethodName: "DeleteResource",
+			Handler:    _Leases_DeleteResource_Handler,
+		},
+		{
+			MethodName: "ListResources",
+			Handler:    _Leases_ListResources_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "github.com/containerd/containerd/api/services/leases/v1/leases.proto",
@@ -273,7 +827,7 @@ var _Leases_serviceDesc = grpc.ServiceDesc{
 func (m *Lease) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -281,48 +835,60 @@ func (m *Lease) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Lease) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Lease) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintLeases(dAtA, i, uint64(types.SizeOfStdTime(m.CreatedAt)))
-	n1, err := types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n1
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovLeases(uint64(len(k))) + 1 + len(v) + sovLeases(uint64(len(v)))
-			i = encodeVarintLeases(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintLeases(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintLeases(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintLeases(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintLeases(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	return i, nil
+	n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):])
+	if err1 != nil {
+		return 0, err1
+	}
+	i -= n1
+	i = encodeVarintLeases(dAtA, i, uint64(n1))
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -330,40 +896,52 @@ func (m *CreateRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovLeases(uint64(len(k))) + 1 + len(v) + sovLeases(uint64(len(v)))
-			i = encodeVarintLeases(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintLeases(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintLeases(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintLeases(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintLeases(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	return i, nil
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -371,27 +949,38 @@ func (m *CreateResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Lease != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLeases(dAtA, i, uint64(m.Lease.Size()))
-		n2, err := m.Lease.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Lease.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintLeases(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -399,33 +988,43 @@ func (m *DeleteRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Sync {
-		dAtA[i] = 0x10
-		i++
+		i--
 		if m.Sync {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -433,32 +1032,35 @@ func (m *ListRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintLeases(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -466,42 +1068,262 @@ func (m *ListResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Leases) > 0 {
-		for _, msg := range m.Leases {
+		for iNdEx := len(m.Leases) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Leases[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintLeases(dAtA, i, uint64(size))
+			}
+			i--
 			dAtA[i] = 0xa
-			i++
-			i = encodeVarintLeases(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Resource) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Resource) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Resource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Type) > 0 {
+		i -= len(m.Type)
+		copy(dAtA[i:], m.Type)
+		i = encodeVarintLeases(dAtA, i, uint64(len(m.Type)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *AddResourceRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *AddResourceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AddResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintLeases(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *DeleteResourceRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *DeleteResourceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintLeases(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ListResourcesRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ListResourcesRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListResourcesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintLeases(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ListResourcesResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ListResourcesResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListResourcesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Resources) > 0 {
+		for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintLeases(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintLeases(dAtA []byte, offset int, v uint64) int {
+	offset -= sovLeases(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Lease) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovLeases(uint64(l))
 	}
-	l = types.SizeOfStdTime(m.CreatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)
 	n += 1 + l + sovLeases(uint64(l))
 	if len(m.Labels) > 0 {
 		for k, v := range m.Labels {
@@ -511,10 +1333,16 @@ func (m *Lease) Size() (n int) {
 			n += mapEntrySize + 1 + sovLeases(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -529,20 +1357,32 @@ func (m *CreateRequest) Size() (n int) {
 			n += mapEntrySize + 1 + sovLeases(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Lease != nil {
 		l = m.Lease.Size()
 		n += 1 + l + sovLeases(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -552,10 +1392,16 @@ func (m *DeleteRequest) Size() (n int) {
 	if m.Sync {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filters) > 0 {
@@ -564,10 +1410,16 @@ func (m *ListRequest) Size() (n int) {
 			n += 1 + l + sovLeases(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Leases) > 0 {
@@ -576,19 +1428,105 @@ func (m *ListResponse) Size() (n int) {
 			n += 1 + l + sovLeases(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
-func sovLeases(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
+func (m *Resource) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovLeases(uint64(l))
+	}
+	l = len(m.Type)
+	if l > 0 {
+		n += 1 + l + sovLeases(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *AddResourceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovLeases(uint64(l))
+	}
+	l = m.Resource.Size()
+	n += 1 + l + sovLeases(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *DeleteResourceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovLeases(uint64(l))
+	}
+	l = m.Resource.Size()
+	n += 1 + l + sovLeases(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ListResourcesRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovLeases(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ListResourcesResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Resources) > 0 {
+		for _, e := range m.Resources {
+			l = e.Size()
+			n += 1 + l + sovLeases(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
+
+func sovLeases(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
 func sozLeases(x uint64) (n int) {
 	return sovLeases(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
@@ -600,7 +1538,7 @@ func (this *Lease) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -608,8 +1546,9 @@ func (this *Lease) String() string {
 	mapStringForLabels += "}"
 	s := strings.Join([]string{`&Lease{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
-		`CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
+		`CreatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -622,7 +1561,7 @@ func (this *CreateRequest) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -631,6 +1570,7 @@ func (this *CreateRequest) String() string {
 	s := strings.Join([]string{`&CreateRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -640,7 +1580,8 @@ func (this *CreateResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&CreateResponse{`,
-		`Lease:` + strings.Replace(fmt.Sprintf("%v", this.Lease), "Lease", "Lease", 1) + `,`,
+		`Lease:` + strings.Replace(this.Lease.String(), "Lease", "Lease", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -652,6 +1593,7 @@ func (this *DeleteRequest) String() string {
 	s := strings.Join([]string{`&DeleteRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Sync:` + fmt.Sprintf("%v", this.Sync) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -662,6 +1604,7 @@ func (this *ListRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListRequest{`,
 		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -670,41 +1613,110 @@ func (this *ListResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForLeases := "[]*Lease{"
+	for _, f := range this.Leases {
+		repeatedStringForLeases += strings.Replace(f.String(), "Lease", "Lease", 1) + ","
+	}
+	repeatedStringForLeases += "}"
 	s := strings.Join([]string{`&ListResponse{`,
-		`Leases:` + strings.Replace(fmt.Sprintf("%v", this.Leases), "Lease", "Lease", 1) + `,`,
+		`Leases:` + repeatedStringForLeases + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
 }
-func valueToStringLeases(v interface{}) string {
-	rv := reflect.ValueOf(v)
-	if rv.IsNil() {
+func (this *Resource) String() string {
+	if this == nil {
 		return "nil"
 	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("*%v", pv)
+	s := strings.Join([]string{`&Resource{`,
+		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
 }
-func (m *Lease) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowLeases
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
+func (this *AddResourceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&AddResourceRequest{`,
+		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`Resource:` + strings.Replace(strings.Replace(this.Resource.String(), "Resource", "Resource", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *DeleteResourceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&DeleteResourceRequest{`,
+		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`Resource:` + strings.Replace(strings.Replace(this.Resource.String(), "Resource", "Resource", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListResourcesRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListResourcesRequest{`,
+		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListResourcesResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForResources := "[]Resource{"
+	for _, f := range this.Resources {
+		repeatedStringForResources += strings.Replace(strings.Replace(f.String(), "Resource", "Resource", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForResources += "}"
+	s := strings.Join([]string{`&ListResourcesResponse{`,
+		`Resources:` + repeatedStringForResources + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringLeases(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *Lease) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowLeases
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
 			return fmt.Errorf("proto: Lease: wiretype end group for non-group")
@@ -727,7 +1739,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -737,6 +1749,9 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLeases
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -756,7 +1771,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -765,10 +1780,13 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLeases
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -786,7 +1804,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -795,6 +1813,9 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLeases
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -815,7 +1836,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -832,7 +1853,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -842,6 +1863,9 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthLeases
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthLeases
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -858,7 +1882,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -868,6 +1892,9 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthLeases
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthLeases
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -879,7 +1906,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthLeases
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -888,7 +1915,575 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 					iNdEx += skippy
 				}
 			}
-			m.Labels[mapkey] = mapvalue
+			m.Labels[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipLeases(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CreateRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowLeases
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CreateRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CreateRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowLeases
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowLeases
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Labels == nil {
+				m.Labels = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowLeases
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowLeases
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthLeases
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthLeases
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowLeases
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthLeases
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthLeases
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipLeases(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthLeases
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Labels[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipLeases(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CreateResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowLeases
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CreateResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CreateResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Lease", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowLeases
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Lease == nil {
+				m.Lease = &Lease{}
+			}
+			if err := m.Lease.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipLeases(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowLeases
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: DeleteRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: DeleteRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowLeases
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Sync", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowLeases
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Sync = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipLeases(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowLeases
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowLeases
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Filters = append(m.Filters, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipLeases(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowLeases
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Leases", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowLeases
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Leases = append(m.Leases, &Lease{})
+			if err := m.Leases[len(m.Leases)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -896,12 +2491,13 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLeases
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -911,7 +2507,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CreateRequest) Unmarshal(dAtA []byte) error {
+func (m *Resource) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -926,7 +2522,7 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -934,10 +2530,10 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CreateRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: Resource: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Resource: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -954,7 +2550,7 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -964,16 +2560,19 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLeases
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.ID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 3:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowLeases
@@ -983,109 +2582,23 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthLeases
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Labels == nil {
-				m.Labels = make(map[string]string)
-			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowLeases
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowLeases
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthLeases
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowLeases
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthLeases
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipLeases(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthLeases
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
-			}
-			m.Labels[mapkey] = mapvalue
+			m.Type = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -1093,12 +2606,13 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLeases
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1108,7 +2622,7 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CreateResponse) Unmarshal(dAtA []byte) error {
+func (m *AddResourceRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1123,7 +2637,7 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1131,15 +2645,47 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CreateResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: AddResourceRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: AddResourceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Lease", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowLeases
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1151,7 +2697,7 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1160,13 +2706,13 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLeases
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Lease == nil {
-				m.Lease = &Lease{}
-			}
-			if err := m.Lease.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Resource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -1176,12 +2722,13 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLeases
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1191,7 +2738,7 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
+func (m *DeleteResourceRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1206,7 +2753,7 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1214,10 +2761,10 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: DeleteRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: DeleteResourceRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: DeleteRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: DeleteResourceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -1234,7 +2781,7 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1244,16 +2791,19 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLeases
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.ID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Sync", wireType)
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType)
 			}
-			var v int
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowLeases
@@ -1263,24 +2813,38 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			m.Sync = bool(v != 0)
+			if msglen < 0 {
+				return ErrInvalidLengthLeases
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Resource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipLeases(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLeases
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1290,7 +2854,7 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListRequest) Unmarshal(dAtA []byte) error {
+func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1305,7 +2869,7 @@ func (m *ListRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1313,15 +2877,15 @@ func (m *ListRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListResourcesRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListResourcesRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -1333,7 +2897,7 @@ func (m *ListRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1343,10 +2907,13 @@ func (m *ListRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLeases
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Filters = append(m.Filters, string(dAtA[iNdEx:postIndex]))
+			m.ID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -1354,12 +2921,13 @@ func (m *ListRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLeases
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1369,7 +2937,7 @@ func (m *ListRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListResponse) Unmarshal(dAtA []byte) error {
+func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1384,7 +2952,7 @@ func (m *ListResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1392,15 +2960,15 @@ func (m *ListResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListResourcesResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListResourcesResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Leases", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1412,7 +2980,7 @@ func (m *ListResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1421,11 +2989,14 @@ func (m *ListResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLeases
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLeases
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Leases = append(m.Leases, &Lease{})
-			if err := m.Leases[len(m.Leases)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Resources = append(m.Resources, Resource{})
+			if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -1435,12 +3006,13 @@ func (m *ListResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLeases
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1453,6 +3025,7 @@ func (m *ListResponse) Unmarshal(dAtA []byte) error {
 func skipLeases(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1484,10 +3057,8 @@ func skipLeases(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1504,94 +3075,34 @@ func skipLeases(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthLeases
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowLeases
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipLeases(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupLeases
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthLeases
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthLeases = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowLeases   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthLeases        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowLeases          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupLeases = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/leases/v1/leases.proto", fileDescriptorLeases)
-}
-
-var fileDescriptorLeases = []byte{
-	// 515 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x94, 0xdf, 0x8a, 0xd3, 0x40,
-	0x14, 0xc6, 0x3b, 0xe9, 0x36, 0x6e, 0x4f, 0x5d, 0x91, 0x61, 0x59, 0x4a, 0xc4, 0xb4, 0x04, 0xc1,
-	0xe2, 0x9f, 0x89, 0x5b, 0x6f, 0xd6, 0x5d, 0x11, 0xec, 0x76, 0x41, 0x21, 0x88, 0x04, 0x2f, 0x16,
-	0x6f, 0x96, 0x34, 0x3d, 0x1b, 0x83, 0x69, 0x12, 0x33, 0xd3, 0x42, 0xef, 0x7c, 0x04, 0x1f, 0xc1,
-	0x87, 0xf0, 0x21, 0x7a, 0xe9, 0xa5, 0x57, 0xab, 0x9b, 0x3b, 0xdf, 0x42, 0x32, 0x93, 0xb0, 0x7f,
-	0x44, 0x5b, 0x65, 0xef, 0xce, 0xcc, 0x7c, 0xdf, 0x99, 0xdf, 0xf9, 0xc2, 0x04, 0x86, 0x41, 0x28,
-	0xde, 0x4d, 0x47, 0xcc, 0x4f, 0x26, 0xb6, 0x9f, 0xc4, 0xc2, 0x0b, 0x63, 0xcc, 0xc6, 0xe7, 0x4b,
-	0x2f, 0x0d, 0x6d, 0x8e, 0xd9, 0x2c, 0xf4, 0x91, 0xdb, 0x11, 0x7a, 0x1c, 0xb9, 0x3d, 0xdb, 0x2e,
-	0x2b, 0x96, 0x66, 0x89, 0x48, 0xe8, 0xed, 0x33, 0x3d, 0xab, 0xb4, 0xac, 0x54, 0xcc, 0xb6, 0x8d,
-	0xcd, 0x20, 0x09, 0x12, 0xa9, 0xb4, 0x8b, 0x4a, 0x99, 0x8c, 0x5b, 0x41, 0x92, 0x04, 0x11, 0xda,
-	0x72, 0x35, 0x9a, 0x1e, 0xdb, 0x38, 0x49, 0xc5, 0xbc, 0x3c, 0xec, 0x5c, 0x3e, 0x14, 0xe1, 0x04,
-	0xb9, 0xf0, 0x26, 0xa9, 0x12, 0x58, 0x3f, 0x09, 0x34, 0x9c, 0xe2, 0x06, 0xba, 0x05, 0x5a, 0x38,
-	0x6e, 0x93, 0x2e, 0xe9, 0x35, 0x07, 0x7a, 0x7e, 0xd2, 0xd1, 0x5e, 0x0e, 0x5d, 0x2d, 0x1c, 0xd3,
-	0x7d, 0x00, 0x3f, 0x43, 0x4f, 0xe0, 0xf8, 0xc8, 0x13, 0x6d, 0xad, 0x4b, 0x7a, 0xad, 0xbe, 0xc1,
-	0x54, 0x5f, 0x56, 0xf5, 0x65, 0x6f, 0xaa, 0xbe, 0x83, 0xf5, 0xc5, 0x49, 0xa7, 0xf6, 0xe9, 0x7b,
-	0x87, 0xb8, 0xcd, 0xd2, 0xf7, 0x5c, 0xd0, 0x17, 0xa0, 0x47, 0xde, 0x08, 0x23, 0xde, 0xae, 0x77,
-	0xeb, 0xbd, 0x56, 0xff, 0x11, 0xfb, 0xeb, 0xa8, 0x4c, 0x22, 0x31, 0x47, 0x5a, 0x0e, 0x62, 0x91,
-	0xcd, 0xdd, 0xd2, 0x6f, 0x3c, 0x81, 0xd6, 0xb9, 0x6d, 0x7a, 0x13, 0xea, 0xef, 0x71, 0xae, 0xb0,
-	0xdd, 0xa2, 0xa4, 0x9b, 0xd0, 0x98, 0x79, 0xd1, 0x14, 0x25, 0x6a, 0xd3, 0x55, 0x8b, 0x5d, 0x6d,
-	0x87, 0x58, 0x5f, 0x08, 0x6c, 0xec, 0x4b, 0x24, 0x17, 0x3f, 0x4c, 0x91, 0x8b, 0x3f, 0xce, 0xfc,
-	0xfa, 0x12, 0xee, 0xce, 0x12, 0xdc, 0x0b, 0x5d, 0xaf, 0x1a, 0xdb, 0x81, 0x1b, 0x55, 0x7f, 0x9e,
-	0x26, 0x31, 0x47, 0xba, 0x0b, 0x0d, 0x79, 0xb7, 0xf4, 0xb7, 0xfa, 0x77, 0x56, 0x09, 0xd3, 0x55,
-	0x16, 0x6b, 0x0f, 0x36, 0x86, 0x18, 0xe1, 0xf2, 0x0c, 0x28, 0xac, 0xf1, 0x79, 0xec, 0x4b, 0x9e,
-	0x75, 0x57, 0xd6, 0xd6, 0x5d, 0x68, 0x39, 0x21, 0x17, 0x95, 0xb5, 0x0d, 0xd7, 0x8e, 0xc3, 0x48,
-	0x60, 0xc6, 0xdb, 0xa4, 0x5b, 0xef, 0x35, 0xdd, 0x6a, 0x69, 0x39, 0x70, 0x5d, 0x09, 0x4b, 0xe2,
-	0xa7, 0xa0, 0x2b, 0x1e, 0x29, 0x5c, 0x15, 0xb9, 0xf4, 0xf4, 0x3f, 0x6b, 0xa0, 0xcb, 0x1d, 0x4e,
-	0x11, 0x74, 0x15, 0x06, 0x7d, 0xf0, 0x2f, 0xdf, 0xc4, 0x78, 0xb8, 0xa2, 0xba, 0xe4, 0x7d, 0x05,
-	0xba, 0x4a, 0x69, 0xe9, 0x35, 0x17, 0xc2, 0x34, 0xb6, 0x7e, 0x7b, 0x18, 0x07, 0xc5, 0x6b, 0xa4,
-	0x47, 0xb0, 0x56, 0xe4, 0x41, 0xef, 0x2d, 0x9b, 0xfb, 0x2c, 0x5d, 0xe3, 0xfe, 0x4a, 0x5a, 0x05,
-	0x3c, 0x38, 0x5c, 0x9c, 0x9a, 0xb5, 0x6f, 0xa7, 0x66, 0xed, 0x63, 0x6e, 0x92, 0x45, 0x6e, 0x92,
-	0xaf, 0xb9, 0x49, 0x7e, 0xe4, 0x26, 0x79, 0xfb, 0xec, 0x3f, 0x7f, 0x4d, 0x7b, 0xaa, 0x3a, 0xac,
-	0x8d, 0x74, 0x39, 0xcc, 0xe3, 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x14, 0x74, 0xdd, 0x12, 0xe5,
-	0x04, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.proto b/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.proto
index 2df4b06239bc9..6aa61faedf778 100644
--- a/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.proto
+++ b/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.proto
@@ -1,3 +1,18 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
 syntax = "proto3";
 
 package containerd.services.leases.v1;
@@ -22,6 +37,15 @@ service Leases {
 	// List lists all active leases, returning the full list of
 	// leases and optionally including the referenced resources.
 	rpc List(ListRequest) returns (ListResponse);
+
+	// AddResource references the resource by the provided lease.
+	rpc AddResource(AddResourceRequest) returns (google.protobuf.Empty);
+
+	// DeleteResource dereferences the resource by the provided lease.
+	rpc DeleteResource(DeleteResourceRequest) returns (google.protobuf.Empty);
+
+	// ListResources lists all the resources referenced by the lease.
+	rpc ListResources(ListResourcesRequest) returns (ListResourcesResponse);
 }
 
 // Lease is an object which retains resources while it exists.
@@ -62,3 +86,32 @@ message ListRequest {
 message ListResponse {
 	repeated Lease leases = 1;
 }
+
+message Resource {
+	string id = 1;
+
+	// For snapshotter resource, there are many snapshotter types here, like
+	// overlayfs, devmapper etc. The type will be formatted with type,
+	// like "snapshotter/overlayfs".
+	string type = 2;
+}
+
+message AddResourceRequest {
+	string id = 1;
+
+	Resource resource = 2 [(gogoproto.nullable) = false];
+}
+
+message DeleteResourceRequest {
+	string id = 1;
+
+	Resource resource = 2 [(gogoproto.nullable) = false];
+}
+
+message ListResourcesRequest {
+	string id = 1;
+}
+
+message ListResourcesResponse {
+	repeated Resource resources = 1	[(gogoproto.nullable) = false];
+}
diff --git a/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.pb.go b/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.pb.go
index f471f1c127b38..76f9e117266e1 100644
--- a/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.pb.go
@@ -1,42 +1,23 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto
 
-/*
-	Package namespaces is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto
-
-	It has these top-level messages:
-		Namespace
-		GetNamespaceRequest
-		GetNamespaceResponse
-		ListNamespacesRequest
-		ListNamespacesResponse
-		CreateNamespaceRequest
-		CreateNamespaceResponse
-		UpdateNamespaceRequest
-		UpdateNamespaceResponse
-		DeleteNamespaceRequest
-*/
 package namespaces
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import google_protobuf2 "github.com/gogo/protobuf/types"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	types "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -47,7 +28,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Namespace struct {
 	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
@@ -57,60 +38,277 @@ type Namespace struct {
 	//
 	// Note that to add a new value to this field, read the existing set and
 	// include the entire result in the update call.
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Namespace) Reset()      { *m = Namespace{} }
+func (*Namespace) ProtoMessage() {}
+func (*Namespace) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{0}
+}
+func (m *Namespace) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Namespace) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Namespace.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Namespace) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Namespace.Merge(m, src)
+}
+func (m *Namespace) XXX_Size() int {
+	return m.Size()
+}
+func (m *Namespace) XXX_DiscardUnknown() {
+	xxx_messageInfo_Namespace.DiscardUnknown(m)
 }
 
-func (m *Namespace) Reset()                    { *m = Namespace{} }
-func (*Namespace) ProtoMessage()               {}
-func (*Namespace) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{0} }
+var xxx_messageInfo_Namespace proto.InternalMessageInfo
 
 type GetNamespaceRequest struct {
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetNamespaceRequest) Reset()      { *m = GetNamespaceRequest{} }
+func (*GetNamespaceRequest) ProtoMessage() {}
+func (*GetNamespaceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{1}
+}
+func (m *GetNamespaceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetNamespaceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetNamespaceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetNamespaceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetNamespaceRequest.Merge(m, src)
+}
+func (m *GetNamespaceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetNamespaceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetNamespaceRequest.DiscardUnknown(m)
 }
 
-func (m *GetNamespaceRequest) Reset()                    { *m = GetNamespaceRequest{} }
-func (*GetNamespaceRequest) ProtoMessage()               {}
-func (*GetNamespaceRequest) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{1} }
+var xxx_messageInfo_GetNamespaceRequest proto.InternalMessageInfo
 
 type GetNamespaceResponse struct {
-	Namespace Namespace `protobuf:"bytes,1,opt,name=namespace" json:"namespace"`
+	Namespace            Namespace `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *GetNamespaceResponse) Reset()      { *m = GetNamespaceResponse{} }
+func (*GetNamespaceResponse) ProtoMessage() {}
+func (*GetNamespaceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{2}
+}
+func (m *GetNamespaceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetNamespaceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetNamespaceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetNamespaceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetNamespaceResponse.Merge(m, src)
+}
+func (m *GetNamespaceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetNamespaceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetNamespaceResponse.DiscardUnknown(m)
 }
 
-func (m *GetNamespaceResponse) Reset()                    { *m = GetNamespaceResponse{} }
-func (*GetNamespaceResponse) ProtoMessage()               {}
-func (*GetNamespaceResponse) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{2} }
+var xxx_messageInfo_GetNamespaceResponse proto.InternalMessageInfo
 
 type ListNamespacesRequest struct {
-	Filter string `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"`
+	Filter               string   `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListNamespacesRequest) Reset()      { *m = ListNamespacesRequest{} }
+func (*ListNamespacesRequest) ProtoMessage() {}
+func (*ListNamespacesRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{3}
+}
+func (m *ListNamespacesRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListNamespacesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListNamespacesRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListNamespacesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListNamespacesRequest.Merge(m, src)
+}
+func (m *ListNamespacesRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListNamespacesRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListNamespacesRequest.DiscardUnknown(m)
 }
 
-func (m *ListNamespacesRequest) Reset()                    { *m = ListNamespacesRequest{} }
-func (*ListNamespacesRequest) ProtoMessage()               {}
-func (*ListNamespacesRequest) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{3} }
+var xxx_messageInfo_ListNamespacesRequest proto.InternalMessageInfo
 
 type ListNamespacesResponse struct {
-	Namespaces []Namespace `protobuf:"bytes,1,rep,name=namespaces" json:"namespaces"`
+	Namespaces           []Namespace `protobuf:"bytes,1,rep,name=namespaces,proto3" json:"namespaces"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *ListNamespacesResponse) Reset()      { *m = ListNamespacesResponse{} }
+func (*ListNamespacesResponse) ProtoMessage() {}
+func (*ListNamespacesResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{4}
+}
+func (m *ListNamespacesResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListNamespacesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListNamespacesResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListNamespacesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListNamespacesResponse.Merge(m, src)
+}
+func (m *ListNamespacesResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListNamespacesResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListNamespacesResponse.DiscardUnknown(m)
 }
 
-func (m *ListNamespacesResponse) Reset()                    { *m = ListNamespacesResponse{} }
-func (*ListNamespacesResponse) ProtoMessage()               {}
-func (*ListNamespacesResponse) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{4} }
+var xxx_messageInfo_ListNamespacesResponse proto.InternalMessageInfo
 
 type CreateNamespaceRequest struct {
-	Namespace Namespace `protobuf:"bytes,1,opt,name=namespace" json:"namespace"`
+	Namespace            Namespace `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *CreateNamespaceRequest) Reset()      { *m = CreateNamespaceRequest{} }
+func (*CreateNamespaceRequest) ProtoMessage() {}
+func (*CreateNamespaceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{5}
+}
+func (m *CreateNamespaceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateNamespaceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateNamespaceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateNamespaceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateNamespaceRequest.Merge(m, src)
+}
+func (m *CreateNamespaceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateNamespaceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateNamespaceRequest.DiscardUnknown(m)
 }
 
-func (m *CreateNamespaceRequest) Reset()                    { *m = CreateNamespaceRequest{} }
-func (*CreateNamespaceRequest) ProtoMessage()               {}
-func (*CreateNamespaceRequest) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{5} }
+var xxx_messageInfo_CreateNamespaceRequest proto.InternalMessageInfo
 
 type CreateNamespaceResponse struct {
-	Namespace Namespace `protobuf:"bytes,1,opt,name=namespace" json:"namespace"`
+	Namespace            Namespace `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *CreateNamespaceResponse) Reset()      { *m = CreateNamespaceResponse{} }
+func (*CreateNamespaceResponse) ProtoMessage() {}
+func (*CreateNamespaceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{6}
+}
+func (m *CreateNamespaceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateNamespaceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateNamespaceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateNamespaceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateNamespaceResponse.Merge(m, src)
+}
+func (m *CreateNamespaceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateNamespaceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateNamespaceResponse.DiscardUnknown(m)
 }
 
-func (m *CreateNamespaceResponse) Reset()                    { *m = CreateNamespaceResponse{} }
-func (*CreateNamespaceResponse) ProtoMessage()               {}
-func (*CreateNamespaceResponse) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{6} }
+var xxx_messageInfo_CreateNamespaceResponse proto.InternalMessageInfo
 
 // UpdateNamespaceRequest updates the metadata for a namespace.
 //
@@ -121,38 +319,132 @@ type UpdateNamespaceRequest struct {
 	// Namespace provides the target value, as declared by the mask, for the update.
 	//
 	// The namespace field must be set.
-	Namespace Namespace `protobuf:"bytes,1,opt,name=namespace" json:"namespace"`
+	Namespace Namespace `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace"`
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
 	//
 	// For the most part, this applies only to selectively updating labels on
 	// the namespace. While field masks are typically limited to ascii alphas
 	// and digits, we just take everything after the "labels." as the map key.
-	UpdateMask *google_protobuf2.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask" json:"update_mask,omitempty"`
+	UpdateMask           *types.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
+	XXX_unrecognized     []byte           `json:"-"`
+	XXX_sizecache        int32            `json:"-"`
+}
+
+func (m *UpdateNamespaceRequest) Reset()      { *m = UpdateNamespaceRequest{} }
+func (*UpdateNamespaceRequest) ProtoMessage() {}
+func (*UpdateNamespaceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{7}
+}
+func (m *UpdateNamespaceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateNamespaceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateNamespaceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateNamespaceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateNamespaceRequest.Merge(m, src)
+}
+func (m *UpdateNamespaceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateNamespaceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateNamespaceRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateNamespaceRequest) Reset()                    { *m = UpdateNamespaceRequest{} }
-func (*UpdateNamespaceRequest) ProtoMessage()               {}
-func (*UpdateNamespaceRequest) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{7} }
+var xxx_messageInfo_UpdateNamespaceRequest proto.InternalMessageInfo
 
 type UpdateNamespaceResponse struct {
-	Namespace Namespace `protobuf:"bytes,1,opt,name=namespace" json:"namespace"`
+	Namespace            Namespace `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *UpdateNamespaceResponse) Reset()      { *m = UpdateNamespaceResponse{} }
+func (*UpdateNamespaceResponse) ProtoMessage() {}
+func (*UpdateNamespaceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{8}
+}
+func (m *UpdateNamespaceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateNamespaceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateNamespaceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateNamespaceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateNamespaceResponse.Merge(m, src)
+}
+func (m *UpdateNamespaceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateNamespaceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateNamespaceResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateNamespaceResponse) Reset()                    { *m = UpdateNamespaceResponse{} }
-func (*UpdateNamespaceResponse) ProtoMessage()               {}
-func (*UpdateNamespaceResponse) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{8} }
+var xxx_messageInfo_UpdateNamespaceResponse proto.InternalMessageInfo
 
 type DeleteNamespaceRequest struct {
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteNamespaceRequest) Reset()      { *m = DeleteNamespaceRequest{} }
+func (*DeleteNamespaceRequest) ProtoMessage() {}
+func (*DeleteNamespaceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8c41761eaeea4fd3, []int{9}
+}
+func (m *DeleteNamespaceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteNamespaceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteNamespaceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteNamespaceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteNamespaceRequest.Merge(m, src)
+}
+func (m *DeleteNamespaceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteNamespaceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteNamespaceRequest.DiscardUnknown(m)
 }
 
-func (m *DeleteNamespaceRequest) Reset()                    { *m = DeleteNamespaceRequest{} }
-func (*DeleteNamespaceRequest) ProtoMessage()               {}
-func (*DeleteNamespaceRequest) Descriptor() ([]byte, []int) { return fileDescriptorNamespace, []int{9} }
+var xxx_messageInfo_DeleteNamespaceRequest proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Namespace)(nil), "containerd.services.namespaces.v1.Namespace")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.namespaces.v1.Namespace.LabelsEntry")
 	proto.RegisterType((*GetNamespaceRequest)(nil), "containerd.services.namespaces.v1.GetNamespaceRequest")
 	proto.RegisterType((*GetNamespaceResponse)(nil), "containerd.services.namespaces.v1.GetNamespaceResponse")
 	proto.RegisterType((*ListNamespacesRequest)(nil), "containerd.services.namespaces.v1.ListNamespacesRequest")
@@ -164,6 +456,49 @@ func init() {
 	proto.RegisterType((*DeleteNamespaceRequest)(nil), "containerd.services.namespaces.v1.DeleteNamespaceRequest")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto", fileDescriptor_8c41761eaeea4fd3)
+}
+
+var fileDescriptor_8c41761eaeea4fd3 = []byte{
+	// 551 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xcd, 0x6e, 0xd3, 0x4c,
+	0x14, 0xcd, 0x24, 0xf9, 0x2c, 0xe5, 0x7a, 0xf3, 0x69, 0x08, 0x26, 0x32, 0x92, 0x09, 0x5e, 0x15,
+	0xa9, 0x1a, 0xab, 0x41, 0x82, 0xfe, 0xec, 0x0a, 0x6d, 0x17, 0x14, 0x84, 0x2c, 0x21, 0x21, 0x58,
+	0x80, 0x93, 0x4c, 0x5c, 0x13, 0xc7, 0x36, 0x9e, 0xb1, 0xa5, 0x88, 0x05, 0xbc, 0x0d, 0x1b, 0x1e,
+	0x24, 0x4b, 0x96, 0xac, 0x50, 0x9b, 0x27, 0x41, 0x33, 0x76, 0xe2, 0xd0, 0x18, 0xe1, 0x06, 0xca,
+	0xee, 0x5e, 0x7b, 0xce, 0x3d, 0x67, 0xae, 0xce, 0xb1, 0xe1, 0x89, 0xeb, 0xf1, 0xb3, 0xa4, 0x4f,
+	0x06, 0xe1, 0xc4, 0x1a, 0x84, 0x01, 0x77, 0xbc, 0x80, 0xc6, 0xc3, 0xd5, 0xd2, 0x89, 0x3c, 0x8b,
+	0xd1, 0x38, 0xf5, 0x06, 0x94, 0x59, 0x81, 0x33, 0xa1, 0x2c, 0x72, 0x44, 0x99, 0xee, 0x14, 0x1d,
+	0x89, 0xe2, 0x90, 0x87, 0xf8, 0x6e, 0x01, 0x23, 0x0b, 0x08, 0x29, 0x20, 0x24, 0xdd, 0xd1, 0xdb,
+	0x6e, 0xe8, 0x86, 0xf2, 0xb4, 0x25, 0xaa, 0x0c, 0xa8, 0xdf, 0x76, 0xc3, 0xd0, 0xf5, 0xa9, 0x25,
+	0xbb, 0x7e, 0x32, 0xb2, 0xe8, 0x24, 0xe2, 0xd3, 0xfc, 0x65, 0xf7, 0xf2, 0xcb, 0x91, 0x47, 0xfd,
+	0xe1, 0x9b, 0x89, 0xc3, 0xc6, 0xd9, 0x09, 0xf3, 0x0b, 0x82, 0xd6, 0xb3, 0x05, 0x0d, 0xc6, 0xd0,
+	0x14, 0x9c, 0x1d, 0xd4, 0x45, 0x5b, 0x2d, 0x5b, 0xd6, 0xf8, 0x39, 0x28, 0xbe, 0xd3, 0xa7, 0x3e,
+	0xeb, 0xd4, 0xbb, 0x8d, 0x2d, 0xb5, 0xb7, 0x4b, 0x7e, 0x2b, 0x95, 0x2c, 0x27, 0x92, 0x53, 0x09,
+	0x3d, 0x0a, 0x78, 0x3c, 0xb5, 0xf3, 0x39, 0xfa, 0x1e, 0xa8, 0x2b, 0x8f, 0xf1, 0xff, 0xd0, 0x18,
+	0xd3, 0x69, 0xce, 0x29, 0x4a, 0xdc, 0x86, 0xff, 0x52, 0xc7, 0x4f, 0x68, 0xa7, 0x2e, 0x9f, 0x65,
+	0xcd, 0x7e, 0x7d, 0x17, 0x99, 0xf7, 0xe0, 0xc6, 0x09, 0xe5, 0xcb, 0xf1, 0x36, 0x7d, 0x9f, 0x50,
+	0xc6, 0xcb, 0x74, 0x9b, 0x67, 0xd0, 0xfe, 0xf9, 0x28, 0x8b, 0xc2, 0x80, 0x89, 0xfb, 0xb4, 0x96,
+	0x62, 0x25, 0x40, 0xed, 0x6d, 0x5f, 0xe5, 0x4a, 0x87, 0xcd, 0xd9, 0xf7, 0x3b, 0x35, 0xbb, 0x18,
+	0x62, 0x5a, 0x70, 0xf3, 0xd4, 0x63, 0x05, 0x15, 0x5b, 0xc8, 0xd2, 0x40, 0x19, 0x79, 0x3e, 0xa7,
+	0x71, 0x2e, 0x2c, 0xef, 0x4c, 0x1f, 0xb4, 0xcb, 0x80, 0x5c, 0x9c, 0x0d, 0x50, 0xd0, 0x76, 0x90,
+	0x5c, 0xf8, 0x26, 0xea, 0x56, 0xa6, 0x98, 0xef, 0x40, 0x7b, 0x14, 0x53, 0x87, 0xd3, 0xb5, 0xb5,
+	0xfd, 0xfd, 0x55, 0x8c, 0xe1, 0xd6, 0x1a, 0xd7, 0xb5, 0xed, 0xfd, 0x33, 0x02, 0xed, 0x45, 0x34,
+	0xfc, 0x27, 0x37, 0xc3, 0x07, 0xa0, 0x26, 0x92, 0x4b, 0xa6, 0x47, 0x3a, 0x53, 0xed, 0xe9, 0x24,
+	0x0b, 0x18, 0x59, 0x04, 0x8c, 0x1c, 0x8b, 0x80, 0x3d, 0x75, 0xd8, 0xd8, 0x86, 0xec, 0xb8, 0xa8,
+	0xc5, 0x5a, 0xd6, 0x84, 0x5e, 0xdb, 0x5a, 0xb6, 0x41, 0x7b, 0x4c, 0x7d, 0x5a, 0xb2, 0x95, 0x92,
+	0x98, 0xf4, 0xce, 0x9b, 0x00, 0x85, 0x11, 0x71, 0x0a, 0x8d, 0x13, 0xca, 0xf1, 0x83, 0x0a, 0x12,
+	0x4a, 0x82, 0xa8, 0x3f, 0xbc, 0x32, 0x2e, 0x5f, 0xc3, 0x07, 0x68, 0x8a, 0x48, 0xe0, 0x2a, 0x5f,
+	0x97, 0xd2, 0xb0, 0xe9, 0x7b, 0x1b, 0x20, 0x73, 0xf2, 0x8f, 0xa0, 0x64, 0xae, 0xc5, 0x55, 0x86,
+	0x94, 0x87, 0x49, 0xdf, 0xdf, 0x04, 0x5a, 0x08, 0xc8, 0xfc, 0x51, 0x49, 0x40, 0xb9, 0xe7, 0x2b,
+	0x09, 0xf8, 0x95, 0x0b, 0x5f, 0x83, 0x92, 0x79, 0xa6, 0x92, 0x80, 0x72, 0x7b, 0xe9, 0xda, 0x5a,
+	0x1a, 0x8e, 0xc4, 0xbf, 0xe8, 0xf0, 0xed, 0xec, 0xc2, 0xa8, 0x7d, 0xbb, 0x30, 0x6a, 0x9f, 0xe6,
+	0x06, 0x9a, 0xcd, 0x0d, 0xf4, 0x75, 0x6e, 0xa0, 0xf3, 0xb9, 0x81, 0x5e, 0x1d, 0xff, 0xc1, 0x2f,
+	0xf4, 0xa0, 0xe8, 0x5e, 0xd6, 0xfa, 0x8a, 0xe4, 0xbc, 0xff, 0x23, 0x00, 0x00, 0xff, 0xff, 0x4f,
+	0x4a, 0x87, 0xf3, 0x95, 0x07, 0x00, 0x00,
+}
+
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ grpc.ClientConn
@@ -172,14 +507,15 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Namespaces service
-
+// NamespacesClient is the client API for Namespaces service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type NamespacesClient interface {
 	Get(ctx context.Context, in *GetNamespaceRequest, opts ...grpc.CallOption) (*GetNamespaceResponse, error)
 	List(ctx context.Context, in *ListNamespacesRequest, opts ...grpc.CallOption) (*ListNamespacesResponse, error)
 	Create(ctx context.Context, in *CreateNamespaceRequest, opts ...grpc.CallOption) (*CreateNamespaceResponse, error)
 	Update(ctx context.Context, in *UpdateNamespaceRequest, opts ...grpc.CallOption) (*UpdateNamespaceResponse, error)
-	Delete(ctx context.Context, in *DeleteNamespaceRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
+	Delete(ctx context.Context, in *DeleteNamespaceRequest, opts ...grpc.CallOption) (*types.Empty, error)
 }
 
 type namespacesClient struct {
@@ -192,7 +528,7 @@ func NewNamespacesClient(cc *grpc.ClientConn) NamespacesClient {
 
 func (c *namespacesClient) Get(ctx context.Context, in *GetNamespaceRequest, opts ...grpc.CallOption) (*GetNamespaceResponse, error) {
 	out := new(GetNamespaceResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/Get", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/Get", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -201,7 +537,7 @@ func (c *namespacesClient) Get(ctx context.Context, in *GetNamespaceRequest, opt
 
 func (c *namespacesClient) List(ctx context.Context, in *ListNamespacesRequest, opts ...grpc.CallOption) (*ListNamespacesResponse, error) {
 	out := new(ListNamespacesResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/List", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/List", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -210,7 +546,7 @@ func (c *namespacesClient) List(ctx context.Context, in *ListNamespacesRequest,
 
 func (c *namespacesClient) Create(ctx context.Context, in *CreateNamespaceRequest, opts ...grpc.CallOption) (*CreateNamespaceResponse, error) {
 	out := new(CreateNamespaceResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/Create", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/Create", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -219,30 +555,49 @@ func (c *namespacesClient) Create(ctx context.Context, in *CreateNamespaceReques
 
 func (c *namespacesClient) Update(ctx context.Context, in *UpdateNamespaceRequest, opts ...grpc.CallOption) (*UpdateNamespaceResponse, error) {
 	out := new(UpdateNamespaceResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/Update", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/Update", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *namespacesClient) Delete(ctx context.Context, in *DeleteNamespaceRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
-	out := new(google_protobuf1.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/Delete", in, out, c.cc, opts...)
+func (c *namespacesClient) Delete(ctx context.Context, in *DeleteNamespaceRequest, opts ...grpc.CallOption) (*types.Empty, error) {
+	out := new(types.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.namespaces.v1.Namespaces/Delete", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Namespaces service
-
+// NamespacesServer is the server API for Namespaces service.
 type NamespacesServer interface {
 	Get(context.Context, *GetNamespaceRequest) (*GetNamespaceResponse, error)
 	List(context.Context, *ListNamespacesRequest) (*ListNamespacesResponse, error)
 	Create(context.Context, *CreateNamespaceRequest) (*CreateNamespaceResponse, error)
 	Update(context.Context, *UpdateNamespaceRequest) (*UpdateNamespaceResponse, error)
-	Delete(context.Context, *DeleteNamespaceRequest) (*google_protobuf1.Empty, error)
+	Delete(context.Context, *DeleteNamespaceRequest) (*types.Empty, error)
+}
+
+// UnimplementedNamespacesServer can be embedded to have forward compatible implementations.
+type UnimplementedNamespacesServer struct {
+}
+
+func (*UnimplementedNamespacesServer) Get(ctx context.Context, req *GetNamespaceRequest) (*GetNamespaceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Get not implemented")
+}
+func (*UnimplementedNamespacesServer) List(ctx context.Context, req *ListNamespacesRequest) (*ListNamespacesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+func (*UnimplementedNamespacesServer) Create(ctx context.Context, req *CreateNamespaceRequest) (*CreateNamespaceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Create not implemented")
+}
+func (*UnimplementedNamespacesServer) Update(ctx context.Context, req *UpdateNamespaceRequest) (*UpdateNamespaceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Update not implemented")
+}
+func (*UnimplementedNamespacesServer) Delete(ctx context.Context, req *DeleteNamespaceRequest) (*types.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented")
 }
 
 func RegisterNamespacesServer(s *grpc.Server, srv NamespacesServer) {
@@ -371,7 +726,7 @@ var _Namespaces_serviceDesc = grpc.ServiceDesc{
 func (m *Namespace) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -379,40 +734,52 @@ func (m *Namespace) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Namespace) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Namespace) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovNamespace(uint64(len(k))) + 1 + len(v) + sovNamespace(uint64(len(v)))
-			i = encodeVarintNamespace(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintNamespace(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintNamespace(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintNamespace(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintNamespace(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *GetNamespaceRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -420,23 +787,33 @@ func (m *GetNamespaceRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetNamespaceRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetNamespaceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
 		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetNamespaceResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -444,25 +821,36 @@ func (m *GetNamespaceResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetNamespaceResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetNamespaceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintNamespace(dAtA, i, uint64(m.Namespace.Size()))
-	n1, err := m.Namespace.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n1
-	return i, nil
+	{
+		size, err := m.Namespace.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintNamespace(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *ListNamespacesRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -470,23 +858,33 @@ func (m *ListNamespacesRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListNamespacesRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListNamespacesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filter) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Filter)
+		copy(dAtA[i:], m.Filter)
 		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Filter)))
-		i += copy(dAtA[i:], m.Filter)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListNamespacesResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -494,29 +892,40 @@ func (m *ListNamespacesResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListNamespacesResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListNamespacesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Namespaces) > 0 {
-		for _, msg := range m.Namespaces {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintNamespace(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Namespaces) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Namespaces[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintNamespace(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateNamespaceRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -524,25 +933,36 @@ func (m *CreateNamespaceRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateNamespaceRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateNamespaceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintNamespace(dAtA, i, uint64(m.Namespace.Size()))
-	n2, err := m.Namespace.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Namespace.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintNamespace(dAtA, i, uint64(size))
 	}
-	i += n2
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateNamespaceResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -550,25 +970,36 @@ func (m *CreateNamespaceResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateNamespaceResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateNamespaceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintNamespace(dAtA, i, uint64(m.Namespace.Size()))
-	n3, err := m.Namespace.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Namespace.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintNamespace(dAtA, i, uint64(size))
 	}
-	i += n3
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateNamespaceRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -576,35 +1007,48 @@ func (m *UpdateNamespaceRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateNamespaceRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateNamespaceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintNamespace(dAtA, i, uint64(m.Namespace.Size()))
-	n4, err := m.Namespace.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n4
 	if m.UpdateMask != nil {
+		{
+			size, err := m.UpdateMask.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintNamespace(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintNamespace(dAtA, i, uint64(m.UpdateMask.Size()))
-		n5, err := m.UpdateMask.MarshalTo(dAtA[i:])
+	}
+	{
+		size, err := m.Namespace.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n5
+		i -= size
+		i = encodeVarintNamespace(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateNamespaceResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -612,25 +1056,36 @@ func (m *UpdateNamespaceResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateNamespaceResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateNamespaceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintNamespace(dAtA, i, uint64(m.Namespace.Size()))
-	n6, err := m.Namespace.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Namespace.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintNamespace(dAtA, i, uint64(size))
 	}
-	i += n6
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteNamespaceRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -638,29 +1093,44 @@ func (m *DeleteNamespaceRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteNamespaceRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteNamespaceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
 		i = encodeVarintNamespace(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintNamespace(dAtA []byte, offset int, v uint64) int {
+	offset -= sovNamespace(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Namespace) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -675,38 +1145,62 @@ func (m *Namespace) Size() (n int) {
 			n += mapEntrySize + 1 + sovNamespace(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GetNamespaceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
 	if l > 0 {
 		n += 1 + l + sovNamespace(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GetNamespaceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Namespace.Size()
 	n += 1 + l + sovNamespace(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListNamespacesRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Filter)
 	if l > 0 {
 		n += 1 + l + sovNamespace(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListNamespacesResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Namespaces) > 0 {
@@ -715,26 +1209,44 @@ func (m *ListNamespacesResponse) Size() (n int) {
 			n += 1 + l + sovNamespace(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateNamespaceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Namespace.Size()
 	n += 1 + l + sovNamespace(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateNamespaceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Namespace.Size()
 	n += 1 + l + sovNamespace(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateNamespaceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Namespace.Size()
@@ -743,36 +1255,44 @@ func (m *UpdateNamespaceRequest) Size() (n int) {
 		l = m.UpdateMask.Size()
 		n += 1 + l + sovNamespace(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateNamespaceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Namespace.Size()
 	n += 1 + l + sovNamespace(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteNamespaceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
 	if l > 0 {
 		n += 1 + l + sovNamespace(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovNamespace(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozNamespace(x uint64) (n int) {
 	return sovNamespace(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -785,7 +1305,7 @@ func (this *Namespace) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -794,6 +1314,7 @@ func (this *Namespace) String() string {
 	s := strings.Join([]string{`&Namespace{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -804,6 +1325,7 @@ func (this *GetNamespaceRequest) String() string {
 	}
 	s := strings.Join([]string{`&GetNamespaceRequest{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -814,6 +1336,7 @@ func (this *GetNamespaceResponse) String() string {
 	}
 	s := strings.Join([]string{`&GetNamespaceResponse{`,
 		`Namespace:` + strings.Replace(strings.Replace(this.Namespace.String(), "Namespace", "Namespace", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -824,6 +1347,7 @@ func (this *ListNamespacesRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListNamespacesRequest{`,
 		`Filter:` + fmt.Sprintf("%v", this.Filter) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -832,8 +1356,14 @@ func (this *ListNamespacesResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForNamespaces := "[]Namespace{"
+	for _, f := range this.Namespaces {
+		repeatedStringForNamespaces += strings.Replace(strings.Replace(f.String(), "Namespace", "Namespace", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForNamespaces += "}"
 	s := strings.Join([]string{`&ListNamespacesResponse{`,
-		`Namespaces:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Namespaces), "Namespace", "Namespace", 1), `&`, ``, 1) + `,`,
+		`Namespaces:` + repeatedStringForNamespaces + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -844,6 +1374,7 @@ func (this *CreateNamespaceRequest) String() string {
 	}
 	s := strings.Join([]string{`&CreateNamespaceRequest{`,
 		`Namespace:` + strings.Replace(strings.Replace(this.Namespace.String(), "Namespace", "Namespace", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -854,6 +1385,7 @@ func (this *CreateNamespaceResponse) String() string {
 	}
 	s := strings.Join([]string{`&CreateNamespaceResponse{`,
 		`Namespace:` + strings.Replace(strings.Replace(this.Namespace.String(), "Namespace", "Namespace", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -864,7 +1396,8 @@ func (this *UpdateNamespaceRequest) String() string {
 	}
 	s := strings.Join([]string{`&UpdateNamespaceRequest{`,
 		`Namespace:` + strings.Replace(strings.Replace(this.Namespace.String(), "Namespace", "Namespace", 1), `&`, ``, 1) + `,`,
-		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "google_protobuf2.FieldMask", 1) + `,`,
+		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "types.FieldMask", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -875,6 +1408,7 @@ func (this *UpdateNamespaceResponse) String() string {
 	}
 	s := strings.Join([]string{`&UpdateNamespaceResponse{`,
 		`Namespace:` + strings.Replace(strings.Replace(this.Namespace.String(), "Namespace", "Namespace", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -885,6 +1419,7 @@ func (this *DeleteNamespaceRequest) String() string {
 	}
 	s := strings.Join([]string{`&DeleteNamespaceRequest{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -912,7 +1447,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -940,7 +1475,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -950,6 +1485,9 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -969,7 +1507,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -978,6 +1516,9 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -998,7 +1539,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1015,7 +1556,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1025,6 +1566,9 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthNamespace
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthNamespace
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1041,7 +1585,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1051,6 +1595,9 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthNamespace
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthNamespace
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1062,7 +1609,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthNamespace
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -1079,12 +1626,13 @@ func (m *Namespace) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1109,7 +1657,7 @@ func (m *GetNamespaceRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1137,7 +1685,7 @@ func (m *GetNamespaceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1147,6 +1695,9 @@ func (m *GetNamespaceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1158,12 +1709,13 @@ func (m *GetNamespaceRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1188,7 +1740,7 @@ func (m *GetNamespaceResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1216,7 +1768,7 @@ func (m *GetNamespaceResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1225,6 +1777,9 @@ func (m *GetNamespaceResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1238,12 +1793,13 @@ func (m *GetNamespaceResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1268,7 +1824,7 @@ func (m *ListNamespacesRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1296,7 +1852,7 @@ func (m *ListNamespacesRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1306,6 +1862,9 @@ func (m *ListNamespacesRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1317,12 +1876,13 @@ func (m *ListNamespacesRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1347,7 +1907,7 @@ func (m *ListNamespacesResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1375,7 +1935,7 @@ func (m *ListNamespacesResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1384,6 +1944,9 @@ func (m *ListNamespacesResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1398,12 +1961,13 @@ func (m *ListNamespacesResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1428,7 +1992,7 @@ func (m *CreateNamespaceRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1456,7 +2020,7 @@ func (m *CreateNamespaceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1465,6 +2029,9 @@ func (m *CreateNamespaceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1478,12 +2045,13 @@ func (m *CreateNamespaceRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1508,7 +2076,7 @@ func (m *CreateNamespaceResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1536,7 +2104,7 @@ func (m *CreateNamespaceResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1545,6 +2113,9 @@ func (m *CreateNamespaceResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1558,12 +2129,13 @@ func (m *CreateNamespaceResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1588,7 +2160,7 @@ func (m *UpdateNamespaceRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1616,7 +2188,7 @@ func (m *UpdateNamespaceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1625,6 +2197,9 @@ func (m *UpdateNamespaceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1646,7 +2221,7 @@ func (m *UpdateNamespaceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1655,11 +2230,14 @@ func (m *UpdateNamespaceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.UpdateMask == nil {
-				m.UpdateMask = &google_protobuf2.FieldMask{}
+				m.UpdateMask = &types.FieldMask{}
 			}
 			if err := m.UpdateMask.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -1671,12 +2249,13 @@ func (m *UpdateNamespaceRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1701,7 +2280,7 @@ func (m *UpdateNamespaceResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1729,7 +2308,7 @@ func (m *UpdateNamespaceResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1738,6 +2317,9 @@ func (m *UpdateNamespaceResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1751,12 +2333,13 @@ func (m *UpdateNamespaceResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1781,7 +2364,7 @@ func (m *DeleteNamespaceRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1809,7 +2392,7 @@ func (m *DeleteNamespaceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1819,6 +2402,9 @@ func (m *DeleteNamespaceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthNamespace
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthNamespace
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1830,12 +2416,13 @@ func (m *DeleteNamespaceRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthNamespace
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1848,6 +2435,7 @@ func (m *DeleteNamespaceRequest) Unmarshal(dAtA []byte) error {
 func skipNamespace(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1879,10 +2467,8 @@ func skipNamespace(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1899,96 +2485,34 @@ func skipNamespace(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthNamespace
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowNamespace
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipNamespace(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupNamespace
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthNamespace
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthNamespace = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowNamespace   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthNamespace        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowNamespace          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupNamespace = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto", fileDescriptorNamespace)
-}
-
-var fileDescriptorNamespace = []byte{
-	// 551 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xcd, 0x6e, 0xd3, 0x4c,
-	0x14, 0xcd, 0x24, 0xf9, 0x2c, 0xe5, 0x7a, 0xf3, 0x69, 0x08, 0x26, 0x32, 0x92, 0x09, 0x5e, 0x15,
-	0xa9, 0x1a, 0xab, 0x41, 0x82, 0xfe, 0xec, 0x0a, 0x6d, 0x17, 0x14, 0x84, 0x2c, 0x21, 0x21, 0x58,
-	0x80, 0x93, 0x4c, 0x5c, 0x13, 0xc7, 0x36, 0x9e, 0xb1, 0xa5, 0x88, 0x05, 0xbc, 0x0d, 0x1b, 0x1e,
-	0x24, 0x4b, 0x96, 0xac, 0x50, 0x9b, 0x27, 0x41, 0x33, 0x76, 0xe2, 0xd0, 0x18, 0xe1, 0x06, 0xca,
-	0xee, 0x5e, 0x7b, 0xce, 0x3d, 0x67, 0xae, 0xce, 0xb1, 0xe1, 0x89, 0xeb, 0xf1, 0xb3, 0xa4, 0x4f,
-	0x06, 0xe1, 0xc4, 0x1a, 0x84, 0x01, 0x77, 0xbc, 0x80, 0xc6, 0xc3, 0xd5, 0xd2, 0x89, 0x3c, 0x8b,
-	0xd1, 0x38, 0xf5, 0x06, 0x94, 0x59, 0x81, 0x33, 0xa1, 0x2c, 0x72, 0x44, 0x99, 0xee, 0x14, 0x1d,
-	0x89, 0xe2, 0x90, 0x87, 0xf8, 0x6e, 0x01, 0x23, 0x0b, 0x08, 0x29, 0x20, 0x24, 0xdd, 0xd1, 0xdb,
-	0x6e, 0xe8, 0x86, 0xf2, 0xb4, 0x25, 0xaa, 0x0c, 0xa8, 0xdf, 0x76, 0xc3, 0xd0, 0xf5, 0xa9, 0x25,
-	0xbb, 0x7e, 0x32, 0xb2, 0xe8, 0x24, 0xe2, 0xd3, 0xfc, 0x65, 0xf7, 0xf2, 0xcb, 0x91, 0x47, 0xfd,
-	0xe1, 0x9b, 0x89, 0xc3, 0xc6, 0xd9, 0x09, 0xf3, 0x0b, 0x82, 0xd6, 0xb3, 0x05, 0x0d, 0xc6, 0xd0,
-	0x14, 0x9c, 0x1d, 0xd4, 0x45, 0x5b, 0x2d, 0x5b, 0xd6, 0xf8, 0x39, 0x28, 0xbe, 0xd3, 0xa7, 0x3e,
-	0xeb, 0xd4, 0xbb, 0x8d, 0x2d, 0xb5, 0xb7, 0x4b, 0x7e, 0x2b, 0x95, 0x2c, 0x27, 0x92, 0x53, 0x09,
-	0x3d, 0x0a, 0x78, 0x3c, 0xb5, 0xf3, 0x39, 0xfa, 0x1e, 0xa8, 0x2b, 0x8f, 0xf1, 0xff, 0xd0, 0x18,
-	0xd3, 0x69, 0xce, 0x29, 0x4a, 0xdc, 0x86, 0xff, 0x52, 0xc7, 0x4f, 0x68, 0xa7, 0x2e, 0x9f, 0x65,
-	0xcd, 0x7e, 0x7d, 0x17, 0x99, 0xf7, 0xe0, 0xc6, 0x09, 0xe5, 0xcb, 0xf1, 0x36, 0x7d, 0x9f, 0x50,
-	0xc6, 0xcb, 0x74, 0x9b, 0x67, 0xd0, 0xfe, 0xf9, 0x28, 0x8b, 0xc2, 0x80, 0x89, 0xfb, 0xb4, 0x96,
-	0x62, 0x25, 0x40, 0xed, 0x6d, 0x5f, 0xe5, 0x4a, 0x87, 0xcd, 0xd9, 0xf7, 0x3b, 0x35, 0xbb, 0x18,
-	0x62, 0x5a, 0x70, 0xf3, 0xd4, 0x63, 0x05, 0x15, 0x5b, 0xc8, 0xd2, 0x40, 0x19, 0x79, 0x3e, 0xa7,
-	0x71, 0x2e, 0x2c, 0xef, 0x4c, 0x1f, 0xb4, 0xcb, 0x80, 0x5c, 0x9c, 0x0d, 0x50, 0xd0, 0x76, 0x90,
-	0x5c, 0xf8, 0x26, 0xea, 0x56, 0xa6, 0x98, 0xef, 0x40, 0x7b, 0x14, 0x53, 0x87, 0xd3, 0xb5, 0xb5,
-	0xfd, 0xfd, 0x55, 0x8c, 0xe1, 0xd6, 0x1a, 0xd7, 0xb5, 0xed, 0xfd, 0x33, 0x02, 0xed, 0x45, 0x34,
-	0xfc, 0x27, 0x37, 0xc3, 0x07, 0xa0, 0x26, 0x92, 0x4b, 0xa6, 0x47, 0x3a, 0x53, 0xed, 0xe9, 0x24,
-	0x0b, 0x18, 0x59, 0x04, 0x8c, 0x1c, 0x8b, 0x80, 0x3d, 0x75, 0xd8, 0xd8, 0x86, 0xec, 0xb8, 0xa8,
-	0xc5, 0x5a, 0xd6, 0x84, 0x5e, 0xdb, 0x5a, 0xb6, 0x41, 0x7b, 0x4c, 0x7d, 0x5a, 0xb2, 0x95, 0x92,
-	0x98, 0xf4, 0xce, 0x9b, 0x00, 0x85, 0x11, 0x71, 0x0a, 0x8d, 0x13, 0xca, 0xf1, 0x83, 0x0a, 0x12,
-	0x4a, 0x82, 0xa8, 0x3f, 0xbc, 0x32, 0x2e, 0x5f, 0xc3, 0x07, 0x68, 0x8a, 0x48, 0xe0, 0x2a, 0x5f,
-	0x97, 0xd2, 0xb0, 0xe9, 0x7b, 0x1b, 0x20, 0x73, 0xf2, 0x8f, 0xa0, 0x64, 0xae, 0xc5, 0x55, 0x86,
-	0x94, 0x87, 0x49, 0xdf, 0xdf, 0x04, 0x5a, 0x08, 0xc8, 0xfc, 0x51, 0x49, 0x40, 0xb9, 0xe7, 0x2b,
-	0x09, 0xf8, 0x95, 0x0b, 0x5f, 0x83, 0x92, 0x79, 0xa6, 0x92, 0x80, 0x72, 0x7b, 0xe9, 0xda, 0x5a,
-	0x1a, 0x8e, 0xc4, 0xbf, 0xe8, 0xf0, 0xed, 0xec, 0xc2, 0xa8, 0x7d, 0xbb, 0x30, 0x6a, 0x9f, 0xe6,
-	0x06, 0x9a, 0xcd, 0x0d, 0xf4, 0x75, 0x6e, 0xa0, 0xf3, 0xb9, 0x81, 0x5e, 0x1d, 0xff, 0xc1, 0x2f,
-	0xf4, 0xa0, 0xe8, 0x5e, 0xd6, 0xfa, 0x8a, 0xe4, 0xbc, 0xff, 0x23, 0x00, 0x00, 0xff, 0xff, 0x4f,
-	0x4a, 0x87, 0xf3, 0x95, 0x07, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto b/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto
index c22eebaf1554a..90e3051238b6f 100644
--- a/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto
+++ b/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.namespaces.v1;
diff --git a/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.pb.go b/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.pb.go
index 1693af0ff4bd4..046c97b015fee 100644
--- a/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.pb.go
@@ -1,55 +1,26 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto
 
-/*
-	Package snapshots is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto
-
-	It has these top-level messages:
-		PrepareSnapshotRequest
-		PrepareSnapshotResponse
-		ViewSnapshotRequest
-		ViewSnapshotResponse
-		MountsRequest
-		MountsResponse
-		RemoveSnapshotRequest
-		CommitSnapshotRequest
-		StatSnapshotRequest
-		Info
-		StatSnapshotResponse
-		UpdateSnapshotRequest
-		UpdateSnapshotResponse
-		ListSnapshotsRequest
-		ListSnapshotsResponse
-		UsageRequest
-		UsageResponse
-*/
 package snapshots
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import google_protobuf2 "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/types"
-import containerd_types "github.com/containerd/containerd/api/types"
-
-import time "time"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	types "github.com/containerd/containerd/api/types"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types1 "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -61,7 +32,7 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Kind int32
 
@@ -78,6 +49,7 @@ var Kind_name = map[int32]string{
 	2: "ACTIVE",
 	3: "COMMITTED",
 }
+
 var Kind_value = map[string]int32{
 	"UNKNOWN":   0,
 	"VIEW":      1,
@@ -88,7 +60,10 @@ var Kind_value = map[string]int32{
 func (x Kind) String() string {
 	return proto.EnumName(Kind_name, int32(x))
 }
-func (Kind) EnumDescriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{0} }
+
+func (Kind) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{0}
+}
 
 type PrepareSnapshotRequest struct {
 	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
@@ -97,20 +72,82 @@ type PrepareSnapshotRequest struct {
 	// Labels are arbitrary data on snapshots.
 	//
 	// The combined size of a key/value pair cannot exceed 4096 bytes.
-	Labels map[string]string `protobuf:"bytes,4,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels               map[string]string `protobuf:"bytes,4,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *PrepareSnapshotRequest) Reset()      { *m = PrepareSnapshotRequest{} }
+func (*PrepareSnapshotRequest) ProtoMessage() {}
+func (*PrepareSnapshotRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{0}
+}
+func (m *PrepareSnapshotRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PrepareSnapshotRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PrepareSnapshotRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PrepareSnapshotRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PrepareSnapshotRequest.Merge(m, src)
+}
+func (m *PrepareSnapshotRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *PrepareSnapshotRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PrepareSnapshotRequest.DiscardUnknown(m)
 }
 
-func (m *PrepareSnapshotRequest) Reset()                    { *m = PrepareSnapshotRequest{} }
-func (*PrepareSnapshotRequest) ProtoMessage()               {}
-func (*PrepareSnapshotRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{0} }
+var xxx_messageInfo_PrepareSnapshotRequest proto.InternalMessageInfo
 
 type PrepareSnapshotResponse struct {
-	Mounts []*containerd_types.Mount `protobuf:"bytes,1,rep,name=mounts" json:"mounts,omitempty"`
+	Mounts               []*types.Mount `protobuf:"bytes,1,rep,name=mounts,proto3" json:"mounts,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *PrepareSnapshotResponse) Reset()      { *m = PrepareSnapshotResponse{} }
+func (*PrepareSnapshotResponse) ProtoMessage() {}
+func (*PrepareSnapshotResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{1}
+}
+func (m *PrepareSnapshotResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PrepareSnapshotResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PrepareSnapshotResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PrepareSnapshotResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PrepareSnapshotResponse.Merge(m, src)
+}
+func (m *PrepareSnapshotResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *PrepareSnapshotResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_PrepareSnapshotResponse.DiscardUnknown(m)
 }
 
-func (m *PrepareSnapshotResponse) Reset()                    { *m = PrepareSnapshotResponse{} }
-func (*PrepareSnapshotResponse) ProtoMessage()               {}
-func (*PrepareSnapshotResponse) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{1} }
+var xxx_messageInfo_PrepareSnapshotResponse proto.InternalMessageInfo
 
 type ViewSnapshotRequest struct {
 	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
@@ -119,46 +156,201 @@ type ViewSnapshotRequest struct {
 	// Labels are arbitrary data on snapshots.
 	//
 	// The combined size of a key/value pair cannot exceed 4096 bytes.
-	Labels map[string]string `protobuf:"bytes,4,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels               map[string]string `protobuf:"bytes,4,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *ViewSnapshotRequest) Reset()      { *m = ViewSnapshotRequest{} }
+func (*ViewSnapshotRequest) ProtoMessage() {}
+func (*ViewSnapshotRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{2}
+}
+func (m *ViewSnapshotRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ViewSnapshotRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ViewSnapshotRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ViewSnapshotRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ViewSnapshotRequest.Merge(m, src)
+}
+func (m *ViewSnapshotRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ViewSnapshotRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ViewSnapshotRequest.DiscardUnknown(m)
 }
 
-func (m *ViewSnapshotRequest) Reset()                    { *m = ViewSnapshotRequest{} }
-func (*ViewSnapshotRequest) ProtoMessage()               {}
-func (*ViewSnapshotRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{2} }
+var xxx_messageInfo_ViewSnapshotRequest proto.InternalMessageInfo
 
 type ViewSnapshotResponse struct {
-	Mounts []*containerd_types.Mount `protobuf:"bytes,1,rep,name=mounts" json:"mounts,omitempty"`
+	Mounts               []*types.Mount `protobuf:"bytes,1,rep,name=mounts,proto3" json:"mounts,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *ViewSnapshotResponse) Reset()      { *m = ViewSnapshotResponse{} }
+func (*ViewSnapshotResponse) ProtoMessage() {}
+func (*ViewSnapshotResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{3}
+}
+func (m *ViewSnapshotResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ViewSnapshotResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ViewSnapshotResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ViewSnapshotResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ViewSnapshotResponse.Merge(m, src)
+}
+func (m *ViewSnapshotResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ViewSnapshotResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ViewSnapshotResponse.DiscardUnknown(m)
 }
 
-func (m *ViewSnapshotResponse) Reset()                    { *m = ViewSnapshotResponse{} }
-func (*ViewSnapshotResponse) ProtoMessage()               {}
-func (*ViewSnapshotResponse) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{3} }
+var xxx_messageInfo_ViewSnapshotResponse proto.InternalMessageInfo
 
 type MountsRequest struct {
-	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
-	Key         string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	Snapshotter          string   `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
+	Key                  string   `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *MountsRequest) Reset()      { *m = MountsRequest{} }
+func (*MountsRequest) ProtoMessage() {}
+func (*MountsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{4}
+}
+func (m *MountsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MountsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MountsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MountsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MountsRequest.Merge(m, src)
+}
+func (m *MountsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *MountsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_MountsRequest.DiscardUnknown(m)
 }
 
-func (m *MountsRequest) Reset()                    { *m = MountsRequest{} }
-func (*MountsRequest) ProtoMessage()               {}
-func (*MountsRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{4} }
+var xxx_messageInfo_MountsRequest proto.InternalMessageInfo
 
 type MountsResponse struct {
-	Mounts []*containerd_types.Mount `protobuf:"bytes,1,rep,name=mounts" json:"mounts,omitempty"`
+	Mounts               []*types.Mount `protobuf:"bytes,1,rep,name=mounts,proto3" json:"mounts,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *MountsResponse) Reset()      { *m = MountsResponse{} }
+func (*MountsResponse) ProtoMessage() {}
+func (*MountsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{5}
+}
+func (m *MountsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MountsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MountsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MountsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MountsResponse.Merge(m, src)
+}
+func (m *MountsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *MountsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_MountsResponse.DiscardUnknown(m)
 }
 
-func (m *MountsResponse) Reset()                    { *m = MountsResponse{} }
-func (*MountsResponse) ProtoMessage()               {}
-func (*MountsResponse) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{5} }
+var xxx_messageInfo_MountsResponse proto.InternalMessageInfo
 
 type RemoveSnapshotRequest struct {
-	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
-	Key         string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	Snapshotter          string   `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
+	Key                  string   `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *RemoveSnapshotRequest) Reset()      { *m = RemoveSnapshotRequest{} }
+func (*RemoveSnapshotRequest) ProtoMessage() {}
+func (*RemoveSnapshotRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{6}
+}
+func (m *RemoveSnapshotRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveSnapshotRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveSnapshotRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveSnapshotRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveSnapshotRequest.Merge(m, src)
+}
+func (m *RemoveSnapshotRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveSnapshotRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveSnapshotRequest.DiscardUnknown(m)
 }
 
-func (m *RemoveSnapshotRequest) Reset()                    { *m = RemoveSnapshotRequest{} }
-func (*RemoveSnapshotRequest) ProtoMessage()               {}
-func (*RemoveSnapshotRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{6} }
+var xxx_messageInfo_RemoveSnapshotRequest proto.InternalMessageInfo
 
 type CommitSnapshotRequest struct {
 	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
@@ -167,117 +359,482 @@ type CommitSnapshotRequest struct {
 	// Labels are arbitrary data on snapshots.
 	//
 	// The combined size of a key/value pair cannot exceed 4096 bytes.
-	Labels map[string]string `protobuf:"bytes,4,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels               map[string]string `protobuf:"bytes,4,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *CommitSnapshotRequest) Reset()      { *m = CommitSnapshotRequest{} }
+func (*CommitSnapshotRequest) ProtoMessage() {}
+func (*CommitSnapshotRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{7}
+}
+func (m *CommitSnapshotRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CommitSnapshotRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CommitSnapshotRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CommitSnapshotRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CommitSnapshotRequest.Merge(m, src)
+}
+func (m *CommitSnapshotRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CommitSnapshotRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CommitSnapshotRequest.DiscardUnknown(m)
 }
 
-func (m *CommitSnapshotRequest) Reset()                    { *m = CommitSnapshotRequest{} }
-func (*CommitSnapshotRequest) ProtoMessage()               {}
-func (*CommitSnapshotRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{7} }
+var xxx_messageInfo_CommitSnapshotRequest proto.InternalMessageInfo
 
 type StatSnapshotRequest struct {
-	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
-	Key         string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	Snapshotter          string   `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
+	Key                  string   `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StatSnapshotRequest) Reset()      { *m = StatSnapshotRequest{} }
+func (*StatSnapshotRequest) ProtoMessage() {}
+func (*StatSnapshotRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{8}
+}
+func (m *StatSnapshotRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StatSnapshotRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StatSnapshotRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StatSnapshotRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StatSnapshotRequest.Merge(m, src)
+}
+func (m *StatSnapshotRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *StatSnapshotRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_StatSnapshotRequest.DiscardUnknown(m)
 }
 
-func (m *StatSnapshotRequest) Reset()                    { *m = StatSnapshotRequest{} }
-func (*StatSnapshotRequest) ProtoMessage()               {}
-func (*StatSnapshotRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{8} }
+var xxx_messageInfo_StatSnapshotRequest proto.InternalMessageInfo
 
 type Info struct {
 	Name   string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	Parent string `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
 	Kind   Kind   `protobuf:"varint,3,opt,name=kind,proto3,enum=containerd.services.snapshots.v1.Kind" json:"kind,omitempty"`
 	// CreatedAt provides the time at which the snapshot was created.
-	CreatedAt time.Time `protobuf:"bytes,4,opt,name=created_at,json=createdAt,stdtime" json:"created_at"`
+	CreatedAt time.Time `protobuf:"bytes,4,opt,name=created_at,json=createdAt,proto3,stdtime" json:"created_at"`
 	// UpdatedAt provides the time the info was last updated.
-	UpdatedAt time.Time `protobuf:"bytes,5,opt,name=updated_at,json=updatedAt,stdtime" json:"updated_at"`
+	UpdatedAt time.Time `protobuf:"bytes,5,opt,name=updated_at,json=updatedAt,proto3,stdtime" json:"updated_at"`
 	// Labels are arbitrary data on snapshots.
 	//
 	// The combined size of a key/value pair cannot exceed 4096 bytes.
-	Labels map[string]string `protobuf:"bytes,6,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels               map[string]string `protobuf:"bytes,6,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Info) Reset()      { *m = Info{} }
+func (*Info) ProtoMessage() {}
+func (*Info) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{9}
+}
+func (m *Info) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Info) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Info.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Info) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Info.Merge(m, src)
+}
+func (m *Info) XXX_Size() int {
+	return m.Size()
+}
+func (m *Info) XXX_DiscardUnknown() {
+	xxx_messageInfo_Info.DiscardUnknown(m)
 }
 
-func (m *Info) Reset()                    { *m = Info{} }
-func (*Info) ProtoMessage()               {}
-func (*Info) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{9} }
+var xxx_messageInfo_Info proto.InternalMessageInfo
 
 type StatSnapshotResponse struct {
-	Info Info `protobuf:"bytes,1,opt,name=info" json:"info"`
+	Info                 Info     `protobuf:"bytes,1,opt,name=info,proto3" json:"info"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StatSnapshotResponse) Reset()      { *m = StatSnapshotResponse{} }
+func (*StatSnapshotResponse) ProtoMessage() {}
+func (*StatSnapshotResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{10}
+}
+func (m *StatSnapshotResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StatSnapshotResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StatSnapshotResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StatSnapshotResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StatSnapshotResponse.Merge(m, src)
+}
+func (m *StatSnapshotResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *StatSnapshotResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_StatSnapshotResponse.DiscardUnknown(m)
 }
 
-func (m *StatSnapshotResponse) Reset()                    { *m = StatSnapshotResponse{} }
-func (*StatSnapshotResponse) ProtoMessage()               {}
-func (*StatSnapshotResponse) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{10} }
+var xxx_messageInfo_StatSnapshotResponse proto.InternalMessageInfo
 
 type UpdateSnapshotRequest struct {
 	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
-	Info        Info   `protobuf:"bytes,2,opt,name=info" json:"info"`
+	Info        Info   `protobuf:"bytes,2,opt,name=info,proto3" json:"info"`
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
 	//
 	// In info, Name, Parent, Kind, Created are immutable,
 	// other field may be updated using this mask.
 	// If no mask is provided, all mutable field are updated.
-	UpdateMask *google_protobuf2.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask" json:"update_mask,omitempty"`
+	UpdateMask           *types1.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *UpdateSnapshotRequest) Reset()      { *m = UpdateSnapshotRequest{} }
+func (*UpdateSnapshotRequest) ProtoMessage() {}
+func (*UpdateSnapshotRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{11}
+}
+func (m *UpdateSnapshotRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateSnapshotRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateSnapshotRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateSnapshotRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateSnapshotRequest.Merge(m, src)
+}
+func (m *UpdateSnapshotRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateSnapshotRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateSnapshotRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateSnapshotRequest) Reset()                    { *m = UpdateSnapshotRequest{} }
-func (*UpdateSnapshotRequest) ProtoMessage()               {}
-func (*UpdateSnapshotRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{11} }
+var xxx_messageInfo_UpdateSnapshotRequest proto.InternalMessageInfo
 
 type UpdateSnapshotResponse struct {
-	Info Info `protobuf:"bytes,1,opt,name=info" json:"info"`
+	Info                 Info     `protobuf:"bytes,1,opt,name=info,proto3" json:"info"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UpdateSnapshotResponse) Reset()      { *m = UpdateSnapshotResponse{} }
+func (*UpdateSnapshotResponse) ProtoMessage() {}
+func (*UpdateSnapshotResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{12}
+}
+func (m *UpdateSnapshotResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateSnapshotResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateSnapshotResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateSnapshotResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateSnapshotResponse.Merge(m, src)
+}
+func (m *UpdateSnapshotResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateSnapshotResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateSnapshotResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateSnapshotResponse) Reset()                    { *m = UpdateSnapshotResponse{} }
-func (*UpdateSnapshotResponse) ProtoMessage()               {}
-func (*UpdateSnapshotResponse) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{12} }
+var xxx_messageInfo_UpdateSnapshotResponse proto.InternalMessageInfo
 
 type ListSnapshotsRequest struct {
 	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, images that match the following will be
+	// returned:
+	//
+	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	Filters              []string `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListSnapshotsRequest) Reset()      { *m = ListSnapshotsRequest{} }
+func (*ListSnapshotsRequest) ProtoMessage() {}
+func (*ListSnapshotsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{13}
+}
+func (m *ListSnapshotsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListSnapshotsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListSnapshotsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListSnapshotsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListSnapshotsRequest.Merge(m, src)
+}
+func (m *ListSnapshotsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListSnapshotsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListSnapshotsRequest.DiscardUnknown(m)
 }
 
-func (m *ListSnapshotsRequest) Reset()                    { *m = ListSnapshotsRequest{} }
-func (*ListSnapshotsRequest) ProtoMessage()               {}
-func (*ListSnapshotsRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{13} }
+var xxx_messageInfo_ListSnapshotsRequest proto.InternalMessageInfo
 
 type ListSnapshotsResponse struct {
-	Info []Info `protobuf:"bytes,1,rep,name=info" json:"info"`
+	Info                 []Info   `protobuf:"bytes,1,rep,name=info,proto3" json:"info"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListSnapshotsResponse) Reset()      { *m = ListSnapshotsResponse{} }
+func (*ListSnapshotsResponse) ProtoMessage() {}
+func (*ListSnapshotsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{14}
+}
+func (m *ListSnapshotsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListSnapshotsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListSnapshotsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListSnapshotsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListSnapshotsResponse.Merge(m, src)
+}
+func (m *ListSnapshotsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListSnapshotsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListSnapshotsResponse.DiscardUnknown(m)
 }
 
-func (m *ListSnapshotsResponse) Reset()                    { *m = ListSnapshotsResponse{} }
-func (*ListSnapshotsResponse) ProtoMessage()               {}
-func (*ListSnapshotsResponse) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{14} }
+var xxx_messageInfo_ListSnapshotsResponse proto.InternalMessageInfo
 
 type UsageRequest struct {
-	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
-	Key         string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	Snapshotter          string   `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
+	Key                  string   `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UsageRequest) Reset()      { *m = UsageRequest{} }
+func (*UsageRequest) ProtoMessage() {}
+func (*UsageRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{15}
+}
+func (m *UsageRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UsageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UsageRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UsageRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UsageRequest.Merge(m, src)
+}
+func (m *UsageRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UsageRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UsageRequest.DiscardUnknown(m)
 }
 
-func (m *UsageRequest) Reset()                    { *m = UsageRequest{} }
-func (*UsageRequest) ProtoMessage()               {}
-func (*UsageRequest) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{15} }
+var xxx_messageInfo_UsageRequest proto.InternalMessageInfo
 
 type UsageResponse struct {
-	Size_  int64 `protobuf:"varint,1,opt,name=size,proto3" json:"size,omitempty"`
-	Inodes int64 `protobuf:"varint,2,opt,name=inodes,proto3" json:"inodes,omitempty"`
+	Size_                int64    `protobuf:"varint,1,opt,name=size,proto3" json:"size,omitempty"`
+	Inodes               int64    `protobuf:"varint,2,opt,name=inodes,proto3" json:"inodes,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UsageResponse) Reset()      { *m = UsageResponse{} }
+func (*UsageResponse) ProtoMessage() {}
+func (*UsageResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{16}
+}
+func (m *UsageResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UsageResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UsageResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UsageResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UsageResponse.Merge(m, src)
+}
+func (m *UsageResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UsageResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UsageResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UsageResponse proto.InternalMessageInfo
+
+type CleanupRequest struct {
+	Snapshotter          string   `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CleanupRequest) Reset()      { *m = CleanupRequest{} }
+func (*CleanupRequest) ProtoMessage() {}
+func (*CleanupRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_cfc0ddf12791f168, []int{17}
+}
+func (m *CleanupRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CleanupRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CleanupRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CleanupRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CleanupRequest.Merge(m, src)
+}
+func (m *CleanupRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CleanupRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CleanupRequest.DiscardUnknown(m)
 }
 
-func (m *UsageResponse) Reset()                    { *m = UsageResponse{} }
-func (*UsageResponse) ProtoMessage()               {}
-func (*UsageResponse) Descriptor() ([]byte, []int) { return fileDescriptorSnapshots, []int{16} }
+var xxx_messageInfo_CleanupRequest proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("containerd.services.snapshots.v1.Kind", Kind_name, Kind_value)
 	proto.RegisterType((*PrepareSnapshotRequest)(nil), "containerd.services.snapshots.v1.PrepareSnapshotRequest")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.snapshots.v1.PrepareSnapshotRequest.LabelsEntry")
 	proto.RegisterType((*PrepareSnapshotResponse)(nil), "containerd.services.snapshots.v1.PrepareSnapshotResponse")
 	proto.RegisterType((*ViewSnapshotRequest)(nil), "containerd.services.snapshots.v1.ViewSnapshotRequest")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.snapshots.v1.ViewSnapshotRequest.LabelsEntry")
 	proto.RegisterType((*ViewSnapshotResponse)(nil), "containerd.services.snapshots.v1.ViewSnapshotResponse")
 	proto.RegisterType((*MountsRequest)(nil), "containerd.services.snapshots.v1.MountsRequest")
 	proto.RegisterType((*MountsResponse)(nil), "containerd.services.snapshots.v1.MountsResponse")
 	proto.RegisterType((*RemoveSnapshotRequest)(nil), "containerd.services.snapshots.v1.RemoveSnapshotRequest")
 	proto.RegisterType((*CommitSnapshotRequest)(nil), "containerd.services.snapshots.v1.CommitSnapshotRequest")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.snapshots.v1.CommitSnapshotRequest.LabelsEntry")
 	proto.RegisterType((*StatSnapshotRequest)(nil), "containerd.services.snapshots.v1.StatSnapshotRequest")
 	proto.RegisterType((*Info)(nil), "containerd.services.snapshots.v1.Info")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.snapshots.v1.Info.LabelsEntry")
 	proto.RegisterType((*StatSnapshotResponse)(nil), "containerd.services.snapshots.v1.StatSnapshotResponse")
 	proto.RegisterType((*UpdateSnapshotRequest)(nil), "containerd.services.snapshots.v1.UpdateSnapshotRequest")
 	proto.RegisterType((*UpdateSnapshotResponse)(nil), "containerd.services.snapshots.v1.UpdateSnapshotResponse")
@@ -285,7 +842,81 @@ func init() {
 	proto.RegisterType((*ListSnapshotsResponse)(nil), "containerd.services.snapshots.v1.ListSnapshotsResponse")
 	proto.RegisterType((*UsageRequest)(nil), "containerd.services.snapshots.v1.UsageRequest")
 	proto.RegisterType((*UsageResponse)(nil), "containerd.services.snapshots.v1.UsageResponse")
-	proto.RegisterEnum("containerd.services.snapshots.v1.Kind", Kind_name, Kind_value)
+	proto.RegisterType((*CleanupRequest)(nil), "containerd.services.snapshots.v1.CleanupRequest")
+}
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto", fileDescriptor_cfc0ddf12791f168)
+}
+
+var fileDescriptor_cfc0ddf12791f168 = []byte{
+	// 1047 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0x4f, 0x6f, 0x1b, 0x45,
+	0x14, 0xf7, 0xda, 0x5b, 0x27, 0x79, 0x4e, 0x82, 0x99, 0x3a, 0xae, 0xb5, 0x20, 0x67, 0xe5, 0x03,
+	0x8a, 0x38, 0xec, 0xb6, 0x46, 0xb4, 0x69, 0x73, 0xc1, 0x71, 0x0c, 0x72, 0xd2, 0xa4, 0x68, 0xf3,
+	0xa7, 0x4d, 0x41, 0x54, 0x1b, 0x7b, 0xec, 0xac, 0xec, 0xfd, 0x83, 0x67, 0xec, 0xca, 0x20, 0x21,
+	0x8e, 0x55, 0x4e, 0x7c, 0x81, 0x9c, 0xe0, 0x43, 0x20, 0x3e, 0x41, 0x8e, 0x48, 0x5c, 0x38, 0x01,
+	0xcd, 0x97, 0xe0, 0x84, 0x40, 0x33, 0x3b, 0xeb, 0x7f, 0x71, 0xe5, 0xb5, 0x6b, 0x6e, 0x33, 0x3b,
+	0xf3, 0xde, 0xfb, 0xbd, 0xdf, 0x9b, 0xf7, 0x9b, 0x59, 0xd8, 0xad, 0x5b, 0xf4, 0xbc, 0x7d, 0xa6,
+	0x55, 0x5c, 0x5b, 0xaf, 0xb8, 0x0e, 0x35, 0x2d, 0x07, 0xb7, 0xaa, 0x83, 0x43, 0xd3, 0xb3, 0x74,
+	0x82, 0x5b, 0x1d, 0xab, 0x82, 0x89, 0x4e, 0x1c, 0xd3, 0x23, 0xe7, 0x2e, 0x25, 0x7a, 0xe7, 0x5e,
+	0x7f, 0xa2, 0x79, 0x2d, 0x97, 0xba, 0x48, 0xed, 0x5b, 0x69, 0x81, 0x85, 0xd6, 0xdf, 0xd4, 0xb9,
+	0xa7, 0xa4, 0xea, 0x6e, 0xdd, 0xe5, 0x9b, 0x75, 0x36, 0xf2, 0xed, 0x94, 0xf7, 0xea, 0xae, 0x5b,
+	0x6f, 0x62, 0x9d, 0xcf, 0xce, 0xda, 0x35, 0x1d, 0xdb, 0x1e, 0xed, 0x8a, 0x45, 0x75, 0x74, 0xb1,
+	0x66, 0xe1, 0x66, 0xf5, 0x85, 0x6d, 0x92, 0x86, 0xd8, 0xb1, 0x3e, 0xba, 0x83, 0x5a, 0x36, 0x26,
+	0xd4, 0xb4, 0x3d, 0xb1, 0xe1, 0x7e, 0xa8, 0x1c, 0x69, 0xd7, 0xc3, 0x44, 0xb7, 0xdd, 0xb6, 0x43,
+	0x7d, 0xbb, 0xdc, 0x3f, 0x12, 0xa4, 0x3f, 0x6f, 0x61, 0xcf, 0x6c, 0xe1, 0x43, 0x91, 0x85, 0x81,
+	0xbf, 0x6e, 0x63, 0x42, 0x91, 0x0a, 0x89, 0x20, 0x31, 0x8a, 0x5b, 0x19, 0x49, 0x95, 0x36, 0x96,
+	0x8c, 0xc1, 0x4f, 0x28, 0x09, 0xb1, 0x06, 0xee, 0x66, 0xa2, 0x7c, 0x85, 0x0d, 0x51, 0x1a, 0xe2,
+	0xcc, 0x95, 0x43, 0x33, 0x31, 0xfe, 0x51, 0xcc, 0xd0, 0x97, 0x10, 0x6f, 0x9a, 0x67, 0xb8, 0x49,
+	0x32, 0xb2, 0x1a, 0xdb, 0x48, 0xe4, 0x77, 0xb4, 0x49, 0x3c, 0x6a, 0xe3, 0x51, 0x69, 0x8f, 0xb9,
+	0x9b, 0x92, 0x43, 0x5b, 0x5d, 0x43, 0xf8, 0x54, 0x1e, 0x42, 0x62, 0xe0, 0x73, 0x00, 0x4b, 0xea,
+	0xc3, 0x4a, 0xc1, 0xad, 0x8e, 0xd9, 0x6c, 0x63, 0x01, 0xd5, 0x9f, 0x3c, 0x8a, 0x6e, 0x4a, 0xb9,
+	0x5d, 0xb8, 0x73, 0x23, 0x10, 0xf1, 0x5c, 0x87, 0x60, 0xa4, 0x43, 0x9c, 0x33, 0x45, 0x32, 0x12,
+	0xc7, 0x7c, 0x67, 0x10, 0x33, 0x67, 0x52, 0xdb, 0x67, 0xeb, 0x86, 0xd8, 0x96, 0xfb, 0x5b, 0x82,
+	0xdb, 0x27, 0x16, 0x7e, 0xf9, 0x7f, 0x12, 0x79, 0x3a, 0x42, 0x64, 0x61, 0x32, 0x91, 0x63, 0x20,
+	0xcd, 0x9b, 0xc5, 0xcf, 0x20, 0x35, 0x1c, 0x65, 0x56, 0x0a, 0x8b, 0xb0, 0xc2, 0x3f, 0x90, 0xb7,
+	0xe0, 0x2e, 0x57, 0x80, 0xd5, 0xc0, 0xc9, 0xac, 0x38, 0xf6, 0x60, 0xcd, 0xc0, 0xb6, 0xdb, 0x99,
+	0x47, 0x53, 0xb0, 0x73, 0xb1, 0x56, 0x74, 0x6d, 0xdb, 0xa2, 0xd3, 0x7b, 0x43, 0x20, 0x3b, 0xa6,
+	0x1d, 0x50, 0xce, 0xc7, 0x41, 0x84, 0x58, 0xbf, 0x32, 0x5f, 0x8c, 0x9c, 0x8a, 0xe2, 0xe4, 0x53,
+	0x31, 0x16, 0xd0, 0xbc, 0xcf, 0x45, 0x19, 0x6e, 0x1f, 0x52, 0x93, 0xce, 0x83, 0xc4, 0x7f, 0xa3,
+	0x20, 0x97, 0x9d, 0x9a, 0xdb, 0x63, 0x44, 0x1a, 0x60, 0xa4, 0xdf, 0x2d, 0xd1, 0xa1, 0x6e, 0x79,
+	0x04, 0x72, 0xc3, 0x72, 0xaa, 0x9c, 0xaa, 0xd5, 0xfc, 0x07, 0x93, 0x59, 0xd9, 0xb3, 0x9c, 0xaa,
+	0xc1, 0x6d, 0x50, 0x11, 0xa0, 0xd2, 0xc2, 0x26, 0xc5, 0xd5, 0x17, 0x26, 0xcd, 0xc8, 0xaa, 0xb4,
+	0x91, 0xc8, 0x2b, 0x9a, 0xaf, 0xc3, 0x5a, 0xa0, 0xc3, 0xda, 0x51, 0xa0, 0xc3, 0xdb, 0x8b, 0x57,
+	0x7f, 0xac, 0x47, 0x7e, 0xf8, 0x73, 0x5d, 0x32, 0x96, 0x84, 0x5d, 0x81, 0x32, 0x27, 0x6d, 0xaf,
+	0x1a, 0x38, 0xb9, 0x35, 0x8d, 0x13, 0x61, 0x57, 0xa0, 0x68, 0xb7, 0x57, 0xdd, 0x38, 0xaf, 0x6e,
+	0x7e, 0x72, 0x1e, 0x8c, 0xa9, 0x79, 0x17, 0xf3, 0x19, 0xa4, 0x86, 0x8b, 0x29, 0x9a, 0xeb, 0x13,
+	0x90, 0x2d, 0xa7, 0xe6, 0x72, 0x27, 0x89, 0x30, 0x24, 0x33, 0x70, 0xdb, 0x32, 0xcb, 0xd4, 0xe0,
+	0x96, 0xb9, 0x9f, 0x25, 0x58, 0x3b, 0xe6, 0xe9, 0x4e, 0x7f, 0x52, 0x82, 0xe8, 0xd1, 0x59, 0xa3,
+	0xa3, 0x2d, 0x48, 0xf8, 0x5c, 0xf3, 0x0b, 0x97, 0x9f, 0x95, 0x71, 0x45, 0xfa, 0x94, 0xdd, 0xc9,
+	0xfb, 0x26, 0x69, 0x18, 0xa2, 0xa4, 0x6c, 0x9c, 0x7b, 0x0e, 0xe9, 0x51, 0xe4, 0x73, 0xa3, 0xc5,
+	0x80, 0xd4, 0x63, 0x8b, 0xf4, 0x08, 0x9f, 0x42, 0x13, 0x33, 0xb0, 0x50, 0xb3, 0x9a, 0x14, 0xb7,
+	0x48, 0x26, 0xaa, 0xc6, 0x36, 0x96, 0x8c, 0x60, 0x9a, 0x3b, 0x85, 0xb5, 0x11, 0x9f, 0x37, 0xe0,
+	0xc6, 0x66, 0x84, 0xbb, 0x0d, 0xcb, 0xc7, 0xc4, 0xac, 0xe3, 0xb7, 0xe9, 0xf2, 0x2d, 0x58, 0x11,
+	0x3e, 0x04, 0x2c, 0x04, 0x32, 0xb1, 0xbe, 0xf1, 0xbb, 0x3d, 0x66, 0xf0, 0x31, 0xeb, 0x76, 0xcb,
+	0x71, 0xab, 0x98, 0x70, 0xcb, 0x98, 0x21, 0x66, 0xb9, 0x3c, 0xac, 0x16, 0x9b, 0xd8, 0x74, 0xda,
+	0x5e, 0x68, 0x08, 0x1f, 0xbe, 0x92, 0x40, 0x66, 0x4d, 0x8f, 0xde, 0x87, 0x85, 0xe3, 0x83, 0xbd,
+	0x83, 0x27, 0x4f, 0x0f, 0x92, 0x11, 0xe5, 0x9d, 0x8b, 0x4b, 0x35, 0xc1, 0x3e, 0x1f, 0x3b, 0x0d,
+	0xc7, 0x7d, 0xe9, 0xa0, 0x34, 0xc8, 0x27, 0xe5, 0xd2, 0xd3, 0xa4, 0xa4, 0x2c, 0x5f, 0x5c, 0xaa,
+	0x8b, 0x6c, 0x89, 0x5d, 0x78, 0x48, 0x81, 0x78, 0xa1, 0x78, 0x54, 0x3e, 0x29, 0x25, 0xa3, 0xca,
+	0xea, 0xc5, 0xa5, 0x0a, 0x6c, 0xa5, 0x50, 0xa1, 0x56, 0x07, 0x23, 0x15, 0x96, 0x8a, 0x4f, 0xf6,
+	0xf7, 0xcb, 0x47, 0x47, 0xa5, 0x9d, 0x64, 0x4c, 0x79, 0xf7, 0xe2, 0x52, 0x5d, 0x61, 0xcb, 0xbe,
+	0xf2, 0x52, 0x5c, 0x55, 0x96, 0x5f, 0xfd, 0x98, 0x8d, 0xfc, 0xf2, 0x53, 0x96, 0x23, 0xc8, 0xff,
+	0xb6, 0x08, 0x4b, 0xbd, 0xba, 0xa0, 0xef, 0x60, 0x41, 0x3c, 0x4c, 0xd0, 0xe6, 0xac, 0x8f, 0x25,
+	0xe5, 0xe1, 0x0c, 0x96, 0x82, 0xf8, 0x36, 0xc8, 0x3c, 0xc3, 0x8f, 0x67, 0x7a, 0x60, 0x28, 0xf7,
+	0xa7, 0x35, 0x13, 0x61, 0x1b, 0x10, 0xf7, 0xef, 0x6e, 0xa4, 0x4f, 0xf6, 0x30, 0xf4, 0x54, 0x50,
+	0xee, 0x86, 0x37, 0x10, 0xc1, 0x4e, 0x21, 0xee, 0x17, 0x03, 0x3d, 0x98, 0xf1, 0xc2, 0x54, 0xd2,
+	0x37, 0x74, 0xa2, 0xc4, 0x1e, 0xf6, 0xcc, 0xb5, 0xff, 0x80, 0x08, 0xe3, 0x7a, 0xec, 0x53, 0xe3,
+	0x8d, 0xae, 0xdb, 0x20, 0x33, 0x1d, 0x0e, 0x53, 0x99, 0x31, 0x97, 0x6f, 0x98, 0xca, 0x8c, 0x95,
+	0xf9, 0x6f, 0x21, 0xee, 0x2b, 0x5d, 0x98, 0x8c, 0xc6, 0xaa, 0xb9, 0xb2, 0x39, 0xbd, 0xa1, 0x08,
+	0xde, 0x05, 0x99, 0xc9, 0x16, 0x0a, 0x01, 0x7e, 0x9c, 0x64, 0x2a, 0x0f, 0xa6, 0xb6, 0xf3, 0x03,
+	0xdf, 0x95, 0xd0, 0x39, 0xdc, 0xe2, 0x92, 0x84, 0xb4, 0x10, 0xe8, 0x07, 0xf4, 0x4f, 0xd1, 0x43,
+	0xef, 0x17, 0x49, 0x1e, 0xc2, 0x82, 0xd0, 0x2f, 0x14, 0xe2, 0x2c, 0x0f, 0x4b, 0xdd, 0x9b, 0x4e,
+	0xcb, 0xf6, 0x57, 0x57, 0xaf, 0xb3, 0x91, 0xdf, 0x5f, 0x67, 0x23, 0xdf, 0x5f, 0x67, 0xa5, 0xab,
+	0xeb, 0xac, 0xf4, 0xeb, 0x75, 0x56, 0xfa, 0xeb, 0x3a, 0x2b, 0x3d, 0xdf, 0x99, 0xfd, 0xb7, 0x78,
+	0xab, 0x37, 0x79, 0x16, 0x39, 0x8b, 0xf3, 0x88, 0x1f, 0xfd, 0x17, 0x00, 0x00, 0xff, 0xff, 0x20,
+	0x9c, 0x85, 0x7f, 0x67, 0x0f, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -296,18 +927,20 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Snapshots service
-
+// SnapshotsClient is the client API for Snapshots service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type SnapshotsClient interface {
 	Prepare(ctx context.Context, in *PrepareSnapshotRequest, opts ...grpc.CallOption) (*PrepareSnapshotResponse, error)
 	View(ctx context.Context, in *ViewSnapshotRequest, opts ...grpc.CallOption) (*ViewSnapshotResponse, error)
 	Mounts(ctx context.Context, in *MountsRequest, opts ...grpc.CallOption) (*MountsResponse, error)
-	Commit(ctx context.Context, in *CommitSnapshotRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
-	Remove(ctx context.Context, in *RemoveSnapshotRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
+	Commit(ctx context.Context, in *CommitSnapshotRequest, opts ...grpc.CallOption) (*types1.Empty, error)
+	Remove(ctx context.Context, in *RemoveSnapshotRequest, opts ...grpc.CallOption) (*types1.Empty, error)
 	Stat(ctx context.Context, in *StatSnapshotRequest, opts ...grpc.CallOption) (*StatSnapshotResponse, error)
 	Update(ctx context.Context, in *UpdateSnapshotRequest, opts ...grpc.CallOption) (*UpdateSnapshotResponse, error)
 	List(ctx context.Context, in *ListSnapshotsRequest, opts ...grpc.CallOption) (Snapshots_ListClient, error)
 	Usage(ctx context.Context, in *UsageRequest, opts ...grpc.CallOption) (*UsageResponse, error)
+	Cleanup(ctx context.Context, in *CleanupRequest, opts ...grpc.CallOption) (*types1.Empty, error)
 }
 
 type snapshotsClient struct {
@@ -320,7 +953,7 @@ func NewSnapshotsClient(cc *grpc.ClientConn) SnapshotsClient {
 
 func (c *snapshotsClient) Prepare(ctx context.Context, in *PrepareSnapshotRequest, opts ...grpc.CallOption) (*PrepareSnapshotResponse, error) {
 	out := new(PrepareSnapshotResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Prepare", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Prepare", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -329,7 +962,7 @@ func (c *snapshotsClient) Prepare(ctx context.Context, in *PrepareSnapshotReques
 
 func (c *snapshotsClient) View(ctx context.Context, in *ViewSnapshotRequest, opts ...grpc.CallOption) (*ViewSnapshotResponse, error) {
 	out := new(ViewSnapshotResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/View", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/View", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -338,25 +971,25 @@ func (c *snapshotsClient) View(ctx context.Context, in *ViewSnapshotRequest, opt
 
 func (c *snapshotsClient) Mounts(ctx context.Context, in *MountsRequest, opts ...grpc.CallOption) (*MountsResponse, error) {
 	out := new(MountsResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Mounts", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Mounts", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *snapshotsClient) Commit(ctx context.Context, in *CommitSnapshotRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
-	out := new(google_protobuf1.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Commit", in, out, c.cc, opts...)
+func (c *snapshotsClient) Commit(ctx context.Context, in *CommitSnapshotRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Commit", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *snapshotsClient) Remove(ctx context.Context, in *RemoveSnapshotRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
-	out := new(google_protobuf1.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Remove", in, out, c.cc, opts...)
+func (c *snapshotsClient) Remove(ctx context.Context, in *RemoveSnapshotRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Remove", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -365,7 +998,7 @@ func (c *snapshotsClient) Remove(ctx context.Context, in *RemoveSnapshotRequest,
 
 func (c *snapshotsClient) Stat(ctx context.Context, in *StatSnapshotRequest, opts ...grpc.CallOption) (*StatSnapshotResponse, error) {
 	out := new(StatSnapshotResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Stat", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Stat", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -374,7 +1007,7 @@ func (c *snapshotsClient) Stat(ctx context.Context, in *StatSnapshotRequest, opt
 
 func (c *snapshotsClient) Update(ctx context.Context, in *UpdateSnapshotRequest, opts ...grpc.CallOption) (*UpdateSnapshotResponse, error) {
 	out := new(UpdateSnapshotResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Update", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Update", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -382,7 +1015,7 @@ func (c *snapshotsClient) Update(ctx context.Context, in *UpdateSnapshotRequest,
 }
 
 func (c *snapshotsClient) List(ctx context.Context, in *ListSnapshotsRequest, opts ...grpc.CallOption) (Snapshots_ListClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Snapshots_serviceDesc.Streams[0], c.cc, "/containerd.services.snapshots.v1.Snapshots/List", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Snapshots_serviceDesc.Streams[0], "/containerd.services.snapshots.v1.Snapshots/List", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -415,25 +1048,69 @@ func (x *snapshotsListClient) Recv() (*ListSnapshotsResponse, error) {
 
 func (c *snapshotsClient) Usage(ctx context.Context, in *UsageRequest, opts ...grpc.CallOption) (*UsageResponse, error) {
 	out := new(UsageResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Usage", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Usage", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Snapshots service
+func (c *snapshotsClient) Cleanup(ctx context.Context, in *CleanupRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.snapshots.v1.Snapshots/Cleanup", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
 
+// SnapshotsServer is the server API for Snapshots service.
 type SnapshotsServer interface {
 	Prepare(context.Context, *PrepareSnapshotRequest) (*PrepareSnapshotResponse, error)
 	View(context.Context, *ViewSnapshotRequest) (*ViewSnapshotResponse, error)
 	Mounts(context.Context, *MountsRequest) (*MountsResponse, error)
-	Commit(context.Context, *CommitSnapshotRequest) (*google_protobuf1.Empty, error)
-	Remove(context.Context, *RemoveSnapshotRequest) (*google_protobuf1.Empty, error)
+	Commit(context.Context, *CommitSnapshotRequest) (*types1.Empty, error)
+	Remove(context.Context, *RemoveSnapshotRequest) (*types1.Empty, error)
 	Stat(context.Context, *StatSnapshotRequest) (*StatSnapshotResponse, error)
 	Update(context.Context, *UpdateSnapshotRequest) (*UpdateSnapshotResponse, error)
 	List(*ListSnapshotsRequest, Snapshots_ListServer) error
 	Usage(context.Context, *UsageRequest) (*UsageResponse, error)
+	Cleanup(context.Context, *CleanupRequest) (*types1.Empty, error)
+}
+
+// UnimplementedSnapshotsServer can be embedded to have forward compatible implementations.
+type UnimplementedSnapshotsServer struct {
+}
+
+func (*UnimplementedSnapshotsServer) Prepare(ctx context.Context, req *PrepareSnapshotRequest) (*PrepareSnapshotResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Prepare not implemented")
+}
+func (*UnimplementedSnapshotsServer) View(ctx context.Context, req *ViewSnapshotRequest) (*ViewSnapshotResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method View not implemented")
+}
+func (*UnimplementedSnapshotsServer) Mounts(ctx context.Context, req *MountsRequest) (*MountsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Mounts not implemented")
+}
+func (*UnimplementedSnapshotsServer) Commit(ctx context.Context, req *CommitSnapshotRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Commit not implemented")
+}
+func (*UnimplementedSnapshotsServer) Remove(ctx context.Context, req *RemoveSnapshotRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Remove not implemented")
+}
+func (*UnimplementedSnapshotsServer) Stat(ctx context.Context, req *StatSnapshotRequest) (*StatSnapshotResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Stat not implemented")
+}
+func (*UnimplementedSnapshotsServer) Update(ctx context.Context, req *UpdateSnapshotRequest) (*UpdateSnapshotResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Update not implemented")
+}
+func (*UnimplementedSnapshotsServer) List(req *ListSnapshotsRequest, srv Snapshots_ListServer) error {
+	return status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+func (*UnimplementedSnapshotsServer) Usage(ctx context.Context, req *UsageRequest) (*UsageResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Usage not implemented")
+}
+func (*UnimplementedSnapshotsServer) Cleanup(ctx context.Context, req *CleanupRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Cleanup not implemented")
 }
 
 func RegisterSnapshotsServer(s *grpc.Server, srv SnapshotsServer) {
@@ -605,6 +1282,24 @@ func _Snapshots_Usage_Handler(srv interface{}, ctx context.Context, dec func(int
 	return interceptor(ctx, in, info, handler)
 }
 
+func _Snapshots_Cleanup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CleanupRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SnapshotsServer).Cleanup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/containerd.services.snapshots.v1.Snapshots/Cleanup",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SnapshotsServer).Cleanup(ctx, req.(*CleanupRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _Snapshots_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "containerd.services.snapshots.v1.Snapshots",
 	HandlerType: (*SnapshotsServer)(nil),
@@ -641,6 +1336,10 @@ var _Snapshots_serviceDesc = grpc.ServiceDesc{
 			MethodName: "Usage",
 			Handler:    _Snapshots_Usage_Handler,
 		},
+		{
+			MethodName: "Cleanup",
+			Handler:    _Snapshots_Cleanup_Handler,
+		},
 	},
 	Streams: []grpc.StreamDesc{
 		{
@@ -655,7 +1354,7 @@ var _Snapshots_serviceDesc = grpc.ServiceDesc{
 func (m *PrepareSnapshotRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -663,52 +1362,66 @@ func (m *PrepareSnapshotRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PrepareSnapshotRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PrepareSnapshotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
-	}
-	if len(m.Key) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
-	}
-	if len(m.Parent) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Parent)))
-		i += copy(dAtA[i:], m.Parent)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x22
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovSnapshots(uint64(len(k))) + 1 + len(v) + sovSnapshots(uint64(len(v)))
-			i = encodeVarintSnapshots(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintSnapshots(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintSnapshots(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintSnapshots(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x22
 		}
 	}
-	return i, nil
+	if len(m.Parent) > 0 {
+		i -= len(m.Parent)
+		copy(dAtA[i:], m.Parent)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Parent)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Key) > 0 {
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *PrepareSnapshotResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -716,29 +1429,40 @@ func (m *PrepareSnapshotResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PrepareSnapshotResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PrepareSnapshotResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Mounts) > 0 {
-		for _, msg := range m.Mounts {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Mounts) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Mounts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshots(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ViewSnapshotRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -746,52 +1470,66 @@ func (m *ViewSnapshotRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ViewSnapshotRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ViewSnapshotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
-	}
-	if len(m.Key) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
-	}
-	if len(m.Parent) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Parent)))
-		i += copy(dAtA[i:], m.Parent)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x22
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovSnapshots(uint64(len(k))) + 1 + len(v) + sovSnapshots(uint64(len(v)))
-			i = encodeVarintSnapshots(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintSnapshots(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintSnapshots(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintSnapshots(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x22
 		}
 	}
-	return i, nil
+	if len(m.Parent) > 0 {
+		i -= len(m.Parent)
+		copy(dAtA[i:], m.Parent)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Parent)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Key) > 0 {
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ViewSnapshotResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -799,29 +1537,40 @@ func (m *ViewSnapshotResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ViewSnapshotResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ViewSnapshotResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Mounts) > 0 {
-		for _, msg := range m.Mounts {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Mounts) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Mounts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshots(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *MountsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -829,29 +1578,40 @@ func (m *MountsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *MountsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MountsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Key) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
 		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *MountsResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -859,29 +1619,40 @@ func (m *MountsResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *MountsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MountsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Mounts) > 0 {
-		for _, msg := range m.Mounts {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Mounts) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Mounts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshots(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *RemoveSnapshotRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -889,29 +1660,40 @@ func (m *RemoveSnapshotRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RemoveSnapshotRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveSnapshotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Key) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
 		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CommitSnapshotRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -919,52 +1701,66 @@ func (m *CommitSnapshotRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CommitSnapshotRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CommitSnapshotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
-	}
-	if len(m.Name) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
-	}
-	if len(m.Key) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x22
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovSnapshots(uint64(len(k))) + 1 + len(v) + sovSnapshots(uint64(len(v)))
-			i = encodeVarintSnapshots(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintSnapshots(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintSnapshots(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintSnapshots(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x22
 		}
 	}
-	return i, nil
+	if len(m.Key) > 0 {
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *StatSnapshotRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -972,29 +1768,40 @@ func (m *StatSnapshotRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StatSnapshotRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StatSnapshotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Key) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
 		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Info) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1002,67 +1809,80 @@ func (m *Info) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Info) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Info) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Parent) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Parent)))
-		i += copy(dAtA[i:], m.Parent)
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintSnapshots(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintSnapshots(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintSnapshots(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x32
+		}
 	}
-	if m.Kind != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(m.Kind))
+	n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt):])
+	if err1 != nil {
+		return 0, err1
 	}
+	i -= n1
+	i = encodeVarintSnapshots(dAtA, i, uint64(n1))
+	i--
+	dAtA[i] = 0x2a
+	n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):])
+	if err2 != nil {
+		return 0, err2
+	}
+	i -= n2
+	i = encodeVarintSnapshots(dAtA, i, uint64(n2))
+	i--
 	dAtA[i] = 0x22
-	i++
-	i = encodeVarintSnapshots(dAtA, i, uint64(types.SizeOfStdTime(m.CreatedAt)))
-	n1, err := types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Kind != 0 {
+		i = encodeVarintSnapshots(dAtA, i, uint64(m.Kind))
+		i--
+		dAtA[i] = 0x18
 	}
-	i += n1
-	dAtA[i] = 0x2a
-	i++
-	i = encodeVarintSnapshots(dAtA, i, uint64(types.SizeOfStdTime(m.UpdatedAt)))
-	n2, err := types.StdTimeMarshalTo(m.UpdatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Parent) > 0 {
+		i -= len(m.Parent)
+		copy(dAtA[i:], m.Parent)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Parent)))
+		i--
+		dAtA[i] = 0x12
 	}
-	i += n2
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x32
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovSnapshots(uint64(len(k))) + 1 + len(v) + sovSnapshots(uint64(len(v)))
-			i = encodeVarintSnapshots(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StatSnapshotResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1070,25 +1890,36 @@ func (m *StatSnapshotResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StatSnapshotResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StatSnapshotResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintSnapshots(dAtA, i, uint64(m.Info.Size()))
-	n3, err := m.Info.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Info.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSnapshots(dAtA, i, uint64(size))
 	}
-	i += n3
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateSnapshotRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1096,41 +1927,55 @@ func (m *UpdateSnapshotRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateSnapshotRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateSnapshotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintSnapshots(dAtA, i, uint64(m.Info.Size()))
-	n4, err := m.Info.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n4
 	if m.UpdateMask != nil {
+		{
+			size, err := m.UpdateMask.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSnapshots(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(m.UpdateMask.Size()))
-		n5, err := m.UpdateMask.MarshalTo(dAtA[i:])
+	}
+	{
+		size, err := m.Info.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n5
+		i -= size
+		i = encodeVarintSnapshots(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateSnapshotResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1138,25 +1983,36 @@ func (m *UpdateSnapshotResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateSnapshotResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateSnapshotResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintSnapshots(dAtA, i, uint64(m.Info.Size()))
-	n6, err := m.Info.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	{
+		size, err := m.Info.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSnapshots(dAtA, i, uint64(size))
 	}
-	i += n6
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *ListSnapshotsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1164,23 +2020,42 @@ func (m *ListSnapshotsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListSnapshotsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListSnapshotsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Filters) > 0 {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
 	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
 		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListSnapshotsResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1188,29 +2063,40 @@ func (m *ListSnapshotsResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListSnapshotsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListSnapshotsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Info) > 0 {
-		for _, msg := range m.Info {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshots(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Info) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Info[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshots(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UsageRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1218,29 +2104,40 @@ func (m *UsageRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UsageRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UsageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Snapshotter) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
-		i += copy(dAtA[i:], m.Snapshotter)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Key) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
 		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *UsageResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1248,33 +2145,81 @@ func (m *UsageResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UsageResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UsageResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Size_ != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintSnapshots(dAtA, i, uint64(m.Size_))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Inodes != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintSnapshots(dAtA, i, uint64(m.Inodes))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Size_ != 0 {
+		i = encodeVarintSnapshots(dAtA, i, uint64(m.Size_))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *CleanupRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CleanupRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CleanupRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Snapshotter) > 0 {
+		i -= len(m.Snapshotter)
+		copy(dAtA[i:], m.Snapshotter)
+		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintSnapshots(dAtA []byte, offset int, v uint64) int {
+	offset -= sovSnapshots(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *PrepareSnapshotRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
@@ -1297,10 +2242,16 @@ func (m *PrepareSnapshotRequest) Size() (n int) {
 			n += mapEntrySize + 1 + sovSnapshots(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *PrepareSnapshotResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Mounts) > 0 {
@@ -1309,10 +2260,16 @@ func (m *PrepareSnapshotResponse) Size() (n int) {
 			n += 1 + l + sovSnapshots(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ViewSnapshotRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
@@ -1335,10 +2292,16 @@ func (m *ViewSnapshotRequest) Size() (n int) {
 			n += mapEntrySize + 1 + sovSnapshots(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ViewSnapshotResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Mounts) > 0 {
@@ -1347,10 +2310,16 @@ func (m *ViewSnapshotResponse) Size() (n int) {
 			n += 1 + l + sovSnapshots(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *MountsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
@@ -1361,10 +2330,16 @@ func (m *MountsRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovSnapshots(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *MountsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Mounts) > 0 {
@@ -1373,10 +2348,16 @@ func (m *MountsResponse) Size() (n int) {
 			n += 1 + l + sovSnapshots(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *RemoveSnapshotRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
@@ -1387,10 +2368,16 @@ func (m *RemoveSnapshotRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovSnapshots(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CommitSnapshotRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
@@ -1413,10 +2400,16 @@ func (m *CommitSnapshotRequest) Size() (n int) {
 			n += mapEntrySize + 1 + sovSnapshots(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StatSnapshotRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
@@ -1427,10 +2420,16 @@ func (m *StatSnapshotRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovSnapshots(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Info) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -1444,9 +2443,9 @@ func (m *Info) Size() (n int) {
 	if m.Kind != 0 {
 		n += 1 + sovSnapshots(uint64(m.Kind))
 	}
-	l = types.SizeOfStdTime(m.CreatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)
 	n += 1 + l + sovSnapshots(uint64(l))
-	l = types.SizeOfStdTime(m.UpdatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdatedAt)
 	n += 1 + l + sovSnapshots(uint64(l))
 	if len(m.Labels) > 0 {
 		for k, v := range m.Labels {
@@ -1456,18 +2455,30 @@ func (m *Info) Size() (n int) {
 			n += mapEntrySize + 1 + sovSnapshots(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StatSnapshotResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Info.Size()
 	n += 1 + l + sovSnapshots(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateSnapshotRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
@@ -1480,28 +2491,52 @@ func (m *UpdateSnapshotRequest) Size() (n int) {
 		l = m.UpdateMask.Size()
 		n += 1 + l + sovSnapshots(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateSnapshotResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Info.Size()
 	n += 1 + l + sovSnapshots(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListSnapshotsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
 	if l > 0 {
 		n += 1 + l + sovSnapshots(uint64(l))
 	}
+	if len(m.Filters) > 0 {
+		for _, s := range m.Filters {
+			l = len(s)
+			n += 1 + l + sovSnapshots(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListSnapshotsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Info) > 0 {
@@ -1510,10 +2545,16 @@ func (m *ListSnapshotsResponse) Size() (n int) {
 			n += 1 + l + sovSnapshots(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UsageRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Snapshotter)
@@ -1524,30 +2565,48 @@ func (m *UsageRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovSnapshots(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UsageResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Size_ != 0 {
 		n += 1 + sovSnapshots(uint64(m.Size_))
 	}
-	if m.Inodes != 0 {
-		n += 1 + sovSnapshots(uint64(m.Inodes))
+	if m.Inodes != 0 {
+		n += 1 + sovSnapshots(uint64(m.Inodes))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *CleanupRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Snapshotter)
+	if l > 0 {
+		n += 1 + l + sovSnapshots(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
 	}
 	return n
 }
 
 func sovSnapshots(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozSnapshots(x uint64) (n int) {
 	return sovSnapshots(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -1560,7 +2619,7 @@ func (this *PrepareSnapshotRequest) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -1571,6 +2630,7 @@ func (this *PrepareSnapshotRequest) String() string {
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
 		`Parent:` + fmt.Sprintf("%v", this.Parent) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1579,8 +2639,14 @@ func (this *PrepareSnapshotResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMounts := "[]*Mount{"
+	for _, f := range this.Mounts {
+		repeatedStringForMounts += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForMounts += "}"
 	s := strings.Join([]string{`&PrepareSnapshotResponse{`,
-		`Mounts:` + strings.Replace(fmt.Sprintf("%v", this.Mounts), "Mount", "containerd_types.Mount", 1) + `,`,
+		`Mounts:` + repeatedStringForMounts + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1593,7 +2659,7 @@ func (this *ViewSnapshotRequest) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -1604,6 +2670,7 @@ func (this *ViewSnapshotRequest) String() string {
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
 		`Parent:` + fmt.Sprintf("%v", this.Parent) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1612,8 +2679,14 @@ func (this *ViewSnapshotResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMounts := "[]*Mount{"
+	for _, f := range this.Mounts {
+		repeatedStringForMounts += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForMounts += "}"
 	s := strings.Join([]string{`&ViewSnapshotResponse{`,
-		`Mounts:` + strings.Replace(fmt.Sprintf("%v", this.Mounts), "Mount", "containerd_types.Mount", 1) + `,`,
+		`Mounts:` + repeatedStringForMounts + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1625,6 +2698,7 @@ func (this *MountsRequest) String() string {
 	s := strings.Join([]string{`&MountsRequest{`,
 		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1633,8 +2707,14 @@ func (this *MountsResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMounts := "[]*Mount{"
+	for _, f := range this.Mounts {
+		repeatedStringForMounts += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForMounts += "}"
 	s := strings.Join([]string{`&MountsResponse{`,
-		`Mounts:` + strings.Replace(fmt.Sprintf("%v", this.Mounts), "Mount", "containerd_types.Mount", 1) + `,`,
+		`Mounts:` + repeatedStringForMounts + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1646,6 +2726,7 @@ func (this *RemoveSnapshotRequest) String() string {
 	s := strings.Join([]string{`&RemoveSnapshotRequest{`,
 		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1658,7 +2739,7 @@ func (this *CommitSnapshotRequest) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -1669,6 +2750,7 @@ func (this *CommitSnapshotRequest) String() string {
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1680,6 +2762,7 @@ func (this *StatSnapshotRequest) String() string {
 	s := strings.Join([]string{`&StatSnapshotRequest{`,
 		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1692,7 +2775,7 @@ func (this *Info) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -1702,9 +2785,10 @@ func (this *Info) String() string {
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Parent:` + fmt.Sprintf("%v", this.Parent) + `,`,
 		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
-		`CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
-		`UpdatedAt:` + strings.Replace(strings.Replace(this.UpdatedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
+		`CreatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`UpdatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.UpdatedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1715,6 +2799,7 @@ func (this *StatSnapshotResponse) String() string {
 	}
 	s := strings.Join([]string{`&StatSnapshotResponse{`,
 		`Info:` + strings.Replace(strings.Replace(this.Info.String(), "Info", "Info", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1726,7 +2811,8 @@ func (this *UpdateSnapshotRequest) String() string {
 	s := strings.Join([]string{`&UpdateSnapshotRequest{`,
 		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
 		`Info:` + strings.Replace(strings.Replace(this.Info.String(), "Info", "Info", 1), `&`, ``, 1) + `,`,
-		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "google_protobuf2.FieldMask", 1) + `,`,
+		`UpdateMask:` + strings.Replace(fmt.Sprintf("%v", this.UpdateMask), "FieldMask", "types1.FieldMask", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1737,6 +2823,7 @@ func (this *UpdateSnapshotResponse) String() string {
 	}
 	s := strings.Join([]string{`&UpdateSnapshotResponse{`,
 		`Info:` + strings.Replace(strings.Replace(this.Info.String(), "Info", "Info", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1747,6 +2834,8 @@ func (this *ListSnapshotsRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListSnapshotsRequest{`,
 		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
+		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1755,8 +2844,14 @@ func (this *ListSnapshotsResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForInfo := "[]Info{"
+	for _, f := range this.Info {
+		repeatedStringForInfo += strings.Replace(strings.Replace(f.String(), "Info", "Info", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForInfo += "}"
 	s := strings.Join([]string{`&ListSnapshotsResponse{`,
-		`Info:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Info), "Info", "Info", 1), `&`, ``, 1) + `,`,
+		`Info:` + repeatedStringForInfo + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1768,6 +2863,7 @@ func (this *UsageRequest) String() string {
 	s := strings.Join([]string{`&UsageRequest{`,
 		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
 		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1779,6 +2875,18 @@ func (this *UsageResponse) String() string {
 	s := strings.Join([]string{`&UsageResponse{`,
 		`Size_:` + fmt.Sprintf("%v", this.Size_) + `,`,
 		`Inodes:` + fmt.Sprintf("%v", this.Inodes) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CleanupRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CleanupRequest{`,
+		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1806,7 +2914,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1834,7 +2942,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1844,6 +2952,9 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1863,7 +2974,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1873,6 +2984,9 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1892,7 +3006,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1902,6 +3016,9 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1921,7 +3038,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1930,6 +3047,9 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1950,7 +3070,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1967,7 +3087,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1977,6 +3097,9 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSnapshots
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthSnapshots
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1993,7 +3116,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2003,6 +3126,9 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSnapshots
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthSnapshots
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -2014,7 +3140,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthSnapshots
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -2031,12 +3157,13 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2061,7 +3188,7 @@ func (m *PrepareSnapshotResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2089,7 +3216,7 @@ func (m *PrepareSnapshotResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2098,10 +3225,13 @@ func (m *PrepareSnapshotResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Mounts = append(m.Mounts, &containerd_types.Mount{})
+			m.Mounts = append(m.Mounts, &types.Mount{})
 			if err := m.Mounts[len(m.Mounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -2112,12 +3242,13 @@ func (m *PrepareSnapshotResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2142,7 +3273,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2170,7 +3301,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2180,6 +3311,9 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2199,7 +3333,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2209,6 +3343,9 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2228,7 +3365,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2238,6 +3375,9 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2257,7 +3397,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2266,6 +3406,9 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2286,7 +3429,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -2303,7 +3446,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2313,6 +3456,9 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSnapshots
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthSnapshots
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -2329,7 +3475,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2339,6 +3485,9 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSnapshots
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthSnapshots
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -2350,7 +3499,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthSnapshots
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -2367,12 +3516,13 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2397,7 +3547,7 @@ func (m *ViewSnapshotResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2425,7 +3575,7 @@ func (m *ViewSnapshotResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2434,10 +3584,13 @@ func (m *ViewSnapshotResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Mounts = append(m.Mounts, &containerd_types.Mount{})
+			m.Mounts = append(m.Mounts, &types.Mount{})
 			if err := m.Mounts[len(m.Mounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -2448,12 +3601,13 @@ func (m *ViewSnapshotResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2478,7 +3632,7 @@ func (m *MountsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2506,7 +3660,7 @@ func (m *MountsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2516,6 +3670,9 @@ func (m *MountsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2535,7 +3692,7 @@ func (m *MountsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2545,6 +3702,9 @@ func (m *MountsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2556,12 +3716,13 @@ func (m *MountsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2586,7 +3747,7 @@ func (m *MountsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2614,7 +3775,7 @@ func (m *MountsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2623,10 +3784,13 @@ func (m *MountsResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Mounts = append(m.Mounts, &containerd_types.Mount{})
+			m.Mounts = append(m.Mounts, &types.Mount{})
 			if err := m.Mounts[len(m.Mounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -2637,12 +3801,13 @@ func (m *MountsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2667,7 +3832,7 @@ func (m *RemoveSnapshotRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2695,7 +3860,7 @@ func (m *RemoveSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2705,6 +3870,9 @@ func (m *RemoveSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2724,7 +3892,7 @@ func (m *RemoveSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2734,6 +3902,9 @@ func (m *RemoveSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2745,12 +3916,13 @@ func (m *RemoveSnapshotRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2775,7 +3947,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2803,7 +3975,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2813,6 +3985,9 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2832,7 +4007,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2842,6 +4017,9 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2861,7 +4039,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2871,6 +4049,9 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2890,7 +4071,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2899,6 +4080,9 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2919,7 +4103,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -2936,7 +4120,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2946,6 +4130,9 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSnapshots
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthSnapshots
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -2962,7 +4149,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2972,6 +4159,9 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSnapshots
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthSnapshots
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -2983,7 +4173,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthSnapshots
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -3000,12 +4190,13 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3030,7 +4221,7 @@ func (m *StatSnapshotRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3058,7 +4249,7 @@ func (m *StatSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3068,6 +4259,9 @@ func (m *StatSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3087,7 +4281,7 @@ func (m *StatSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3097,6 +4291,9 @@ func (m *StatSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3108,12 +4305,13 @@ func (m *StatSnapshotRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3138,7 +4336,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3166,7 +4364,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3176,6 +4374,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3195,7 +4396,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3205,6 +4406,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3224,7 +4428,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Kind |= (Kind(b) & 0x7F) << shift
+				m.Kind |= Kind(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3243,7 +4447,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3252,10 +4456,13 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -3273,7 +4480,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3282,10 +4489,13 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.UpdatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -3303,7 +4513,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3312,6 +4522,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3332,7 +4545,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -3349,7 +4562,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3359,6 +4572,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSnapshots
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthSnapshots
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3375,7 +4591,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3385,6 +4601,9 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSnapshots
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthSnapshots
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3396,7 +4615,7 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthSnapshots
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -3413,12 +4632,13 @@ func (m *Info) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3443,7 +4663,7 @@ func (m *StatSnapshotResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3471,7 +4691,7 @@ func (m *StatSnapshotResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3480,6 +4700,9 @@ func (m *StatSnapshotResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3493,12 +4716,13 @@ func (m *StatSnapshotResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3523,7 +4747,7 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3551,7 +4775,7 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3561,6 +4785,9 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3580,7 +4807,7 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3589,6 +4816,9 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3610,7 +4840,7 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3619,11 +4849,14 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.UpdateMask == nil {
-				m.UpdateMask = &google_protobuf2.FieldMask{}
+				m.UpdateMask = &types1.FieldMask{}
 			}
 			if err := m.UpdateMask.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -3635,12 +4868,13 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3665,7 +4899,7 @@ func (m *UpdateSnapshotResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3693,7 +4927,7 @@ func (m *UpdateSnapshotResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3702,6 +4936,9 @@ func (m *UpdateSnapshotResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3715,12 +4952,13 @@ func (m *UpdateSnapshotResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3745,7 +4983,7 @@ func (m *ListSnapshotsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3773,7 +5011,7 @@ func (m *ListSnapshotsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3783,23 +5021,59 @@ func (m *ListSnapshotsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.Snapshotter = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSnapshots
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthSnapshots
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Filters = append(m.Filters, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipSnapshots(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3824,7 +5098,7 @@ func (m *ListSnapshotsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3852,7 +5126,7 @@ func (m *ListSnapshotsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3861,6 +5135,9 @@ func (m *ListSnapshotsResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3875,12 +5152,13 @@ func (m *ListSnapshotsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3905,7 +5183,7 @@ func (m *UsageRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3933,7 +5211,7 @@ func (m *UsageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3943,6 +5221,9 @@ func (m *UsageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3962,7 +5243,7 @@ func (m *UsageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3972,6 +5253,9 @@ func (m *UsageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshots
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3983,12 +5267,13 @@ func (m *UsageRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4013,7 +5298,7 @@ func (m *UsageResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4041,7 +5326,7 @@ func (m *UsageResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Size_ |= (int64(b) & 0x7F) << shift
+				m.Size_ |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4060,23 +5345,107 @@ func (m *UsageResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Inodes |= (int64(b) & 0x7F) << shift
+				m.Inodes |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipSnapshots(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthSnapshots
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CleanupRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowSnapshots
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CleanupRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CleanupRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Snapshotter", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSnapshots
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthSnapshots
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Snapshotter = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipSnapshots(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshots
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4089,6 +5458,7 @@ func (m *UsageResponse) Unmarshal(dAtA []byte) error {
 func skipSnapshots(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -4120,10 +5490,8 @@ func skipSnapshots(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -4140,124 +5508,34 @@ func skipSnapshots(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthSnapshots
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowSnapshots
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipSnapshots(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupSnapshots
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthSnapshots
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthSnapshots = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowSnapshots   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthSnapshots        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowSnapshots          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupSnapshots = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto", fileDescriptorSnapshots)
-}
-
-var fileDescriptorSnapshots = []byte{
-	// 1007 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0x4f, 0x6f, 0x1a, 0x47,
-	0x14, 0x67, 0x60, 0x8d, 0xe3, 0x87, 0xed, 0xd2, 0x09, 0x26, 0x68, 0x5b, 0xe1, 0x15, 0x87, 0xca,
-	0xea, 0x61, 0x37, 0xa1, 0x6a, 0xe2, 0xc4, 0x97, 0x62, 0x4c, 0x2b, 0xec, 0xd8, 0xa9, 0x36, 0xb6,
-	0x13, 0xa7, 0x55, 0xa3, 0x35, 0x8c, 0xf1, 0x0a, 0x76, 0x97, 0x32, 0x03, 0x11, 0xad, 0x54, 0xf5,
-	0x18, 0xf9, 0xd4, 0x2f, 0xe0, 0x53, 0xfb, 0x21, 0xaa, 0x7e, 0x02, 0x1f, 0x7b, 0xec, 0xa9, 0x6d,
-	0xfc, 0x25, 0x7a, 0xea, 0x1f, 0xcd, 0xec, 0x2c, 0x60, 0x4c, 0xc5, 0x82, 0xc9, 0x6d, 0x66, 0x67,
-	0x7e, 0xef, 0xfd, 0xe6, 0xf7, 0xe6, 0xbd, 0x37, 0x0b, 0xdb, 0x35, 0x9b, 0x9d, 0xb6, 0x8f, 0xf5,
-	0x8a, 0xe7, 0x18, 0x15, 0xcf, 0x65, 0x96, 0xed, 0x92, 0x56, 0x75, 0x70, 0x68, 0x35, 0x6d, 0x83,
-	0x92, 0x56, 0xc7, 0xae, 0x10, 0x6a, 0x50, 0xd7, 0x6a, 0xd2, 0x53, 0x8f, 0x51, 0xa3, 0x73, 0xaf,
-	0x3f, 0xd1, 0x9b, 0x2d, 0x8f, 0x79, 0x58, 0xeb, 0xa3, 0xf4, 0x00, 0xa1, 0xf7, 0x37, 0x75, 0xee,
-	0xa9, 0xa9, 0x9a, 0x57, 0xf3, 0xc4, 0x66, 0x83, 0x8f, 0x7c, 0x9c, 0xfa, 0x5e, 0xcd, 0xf3, 0x6a,
-	0x0d, 0x62, 0x88, 0xd9, 0x71, 0xfb, 0xc4, 0x20, 0x4e, 0x93, 0x75, 0xe5, 0xa2, 0x36, 0xbc, 0x78,
-	0x62, 0x93, 0x46, 0xf5, 0xa5, 0x63, 0xd1, 0xba, 0xdc, 0xb1, 0x3a, 0xbc, 0x83, 0xd9, 0x0e, 0xa1,
-	0xcc, 0x72, 0x9a, 0x72, 0xc3, 0xfd, 0x50, 0x67, 0x64, 0xdd, 0x26, 0xa1, 0x86, 0xe3, 0xb5, 0x5d,
-	0xe6, 0xe3, 0x72, 0x7f, 0x23, 0x48, 0x7f, 0xde, 0x22, 0x4d, 0xab, 0x45, 0x9e, 0xca, 0x53, 0x98,
-	0xe4, 0xeb, 0x36, 0xa1, 0x0c, 0x6b, 0x90, 0x08, 0x0e, 0xc6, 0x48, 0x2b, 0x83, 0x34, 0xb4, 0xb6,
-	0x60, 0x0e, 0x7e, 0xc2, 0x49, 0x88, 0xd5, 0x49, 0x37, 0x13, 0x15, 0x2b, 0x7c, 0x88, 0xd3, 0x10,
-	0xe7, 0xa6, 0x5c, 0x96, 0x89, 0x89, 0x8f, 0x72, 0x86, 0xbf, 0x84, 0x78, 0xc3, 0x3a, 0x26, 0x0d,
-	0x9a, 0x51, 0xb4, 0xd8, 0x5a, 0x22, 0xbf, 0xa5, 0x8f, 0xd3, 0x51, 0x1f, 0xcd, 0x4a, 0x7f, 0x2c,
-	0xcc, 0x94, 0x5c, 0xd6, 0xea, 0x9a, 0xd2, 0xa6, 0xfa, 0x10, 0x12, 0x03, 0x9f, 0x03, 0x5a, 0xa8,
-	0x4f, 0x2b, 0x05, 0x73, 0x1d, 0xab, 0xd1, 0x26, 0x92, 0xaa, 0x3f, 0x79, 0x14, 0x5d, 0x47, 0xb9,
-	0x6d, 0xb8, 0x73, 0xcd, 0x11, 0x6d, 0x7a, 0x2e, 0x25, 0xd8, 0x80, 0xb8, 0x50, 0x8a, 0x66, 0x90,
-	0xe0, 0x7c, 0x67, 0x90, 0xb3, 0x50, 0x52, 0xdf, 0xe5, 0xeb, 0xa6, 0xdc, 0x96, 0xfb, 0x0b, 0xc1,
-	0xed, 0x43, 0x9b, 0xbc, 0x7a, 0x9b, 0x42, 0x1e, 0x0d, 0x09, 0x59, 0x18, 0x2f, 0xe4, 0x08, 0x4a,
-	0xb3, 0x56, 0xf1, 0x33, 0x48, 0x5d, 0xf5, 0x32, 0xad, 0x84, 0x45, 0x58, 0x12, 0x1f, 0xe8, 0x0d,
-	0xb4, 0xcb, 0x15, 0x60, 0x39, 0x30, 0x32, 0x2d, 0x8f, 0x1d, 0x58, 0x31, 0x89, 0xe3, 0x75, 0x66,
-	0x91, 0x14, 0xfc, 0x5e, 0xac, 0x14, 0x3d, 0xc7, 0xb1, 0xd9, 0xe4, 0xd6, 0x30, 0x28, 0xae, 0xe5,
-	0x04, 0x92, 0x8b, 0x71, 0xe0, 0x21, 0xd6, 0x8f, 0xcc, 0x17, 0x43, 0xb7, 0xa2, 0x38, 0xfe, 0x56,
-	0x8c, 0x24, 0x34, 0xeb, 0x7b, 0x51, 0x86, 0xdb, 0x4f, 0x99, 0xc5, 0x66, 0x21, 0xe2, 0xbf, 0x51,
-	0x50, 0xca, 0xee, 0x89, 0xd7, 0x53, 0x04, 0x0d, 0x28, 0xd2, 0xcf, 0x96, 0xe8, 0x95, 0x6c, 0x79,
-	0x04, 0x4a, 0xdd, 0x76, 0xab, 0x42, 0xaa, 0xe5, 0xfc, 0x07, 0xe3, 0x55, 0xd9, 0xb1, 0xdd, 0xaa,
-	0x29, 0x30, 0xb8, 0x08, 0x50, 0x69, 0x11, 0x8b, 0x91, 0xea, 0x4b, 0x8b, 0x65, 0x14, 0x0d, 0xad,
-	0x25, 0xf2, 0xaa, 0xee, 0xd7, 0x61, 0x3d, 0xa8, 0xc3, 0xfa, 0x7e, 0x50, 0x87, 0x37, 0x6f, 0x5d,
-	0xfc, 0xbe, 0x1a, 0xf9, 0xe1, 0x8f, 0x55, 0x64, 0x2e, 0x48, 0x5c, 0x81, 0x71, 0x23, 0xed, 0x66,
-	0x35, 0x30, 0x32, 0x37, 0x89, 0x11, 0x89, 0x2b, 0x30, 0xbc, 0xdd, 0x8b, 0x6e, 0x5c, 0x44, 0x37,
-	0x3f, 0xfe, 0x1c, 0x5c, 0xa9, 0x59, 0x07, 0xf3, 0x39, 0xa4, 0xae, 0x06, 0x53, 0x26, 0xd7, 0x27,
-	0xa0, 0xd8, 0xee, 0x89, 0x27, 0x8c, 0x24, 0xc2, 0x88, 0xcc, 0xc9, 0x6d, 0x2a, 0xfc, 0xa4, 0xa6,
-	0x40, 0xe6, 0x7e, 0x46, 0xb0, 0x72, 0x20, 0x8e, 0x3b, 0xf9, 0x4d, 0x09, 0xbc, 0x47, 0xa7, 0xf5,
-	0x8e, 0x37, 0x20, 0xe1, 0x6b, 0x2d, 0x1a, 0xae, 0xb8, 0x2b, 0xa3, 0x82, 0xf4, 0x29, 0xef, 0xc9,
-	0xbb, 0x16, 0xad, 0x9b, 0x32, 0xa4, 0x7c, 0x9c, 0x7b, 0x01, 0xe9, 0x61, 0xe6, 0x33, 0x93, 0x65,
-	0x1d, 0x52, 0x8f, 0x6d, 0xda, 0x13, 0x3c, 0x7c, 0x4d, 0xcc, 0x1d, 0xc1, 0xca, 0x10, 0xf2, 0x1a,
-	0xa9, 0xd8, 0x94, 0xa4, 0x36, 0x61, 0xf1, 0x80, 0x5a, 0x35, 0x72, 0x93, 0x5c, 0xde, 0x80, 0x25,
-	0x69, 0x43, 0xd2, 0xc2, 0xa0, 0x50, 0xfb, 0x1b, 0x3f, 0xa7, 0x63, 0xa6, 0x18, 0xf3, 0x9c, 0xb6,
-	0x5d, 0xaf, 0x4a, 0xa8, 0x40, 0xc6, 0x4c, 0x39, 0xfb, 0xf0, 0x35, 0x02, 0x85, 0xa7, 0x29, 0x7e,
-	0x1f, 0xe6, 0x0f, 0xf6, 0x76, 0xf6, 0x9e, 0x3c, 0xdb, 0x4b, 0x46, 0xd4, 0x77, 0xce, 0xce, 0xb5,
-	0x04, 0xff, 0x7c, 0xe0, 0xd6, 0x5d, 0xef, 0x95, 0x8b, 0xd3, 0xa0, 0x1c, 0x96, 0x4b, 0xcf, 0x92,
-	0x48, 0x5d, 0x3c, 0x3b, 0xd7, 0x6e, 0xf1, 0x25, 0xde, 0xa2, 0xb0, 0x0a, 0xf1, 0x42, 0x71, 0xbf,
-	0x7c, 0x58, 0x4a, 0x46, 0xd5, 0xe5, 0xb3, 0x73, 0x0d, 0xf8, 0x4a, 0xa1, 0xc2, 0xec, 0x0e, 0xc1,
-	0x1a, 0x2c, 0x14, 0x9f, 0xec, 0xee, 0x96, 0xf7, 0xf7, 0x4b, 0x5b, 0xc9, 0x98, 0xfa, 0xee, 0xd9,
-	0xb9, 0xb6, 0xc4, 0x97, 0xfd, 0x5a, 0xc9, 0x48, 0x55, 0x5d, 0x7c, 0xfd, 0x63, 0x36, 0xf2, 0xcb,
-	0x4f, 0x59, 0xc1, 0x20, 0xff, 0xcf, 0x3c, 0x2c, 0xf4, 0x34, 0xc6, 0xdf, 0xc1, 0xbc, 0x7c, 0x4a,
-	0xe0, 0xf5, 0x69, 0x9f, 0x37, 0xea, 0xc3, 0x29, 0x90, 0x52, 0xc4, 0x36, 0x28, 0xe2, 0x84, 0x1f,
-	0x4f, 0xf5, 0x24, 0x50, 0xef, 0x4f, 0x0a, 0x93, 0x6e, 0xeb, 0x10, 0xf7, 0xbb, 0x2d, 0x36, 0xc6,
-	0x5b, 0xb8, 0xd2, 0xdc, 0xd5, 0xbb, 0xe1, 0x01, 0xd2, 0xd9, 0x11, 0xc4, 0xfd, 0x60, 0xe0, 0x07,
-	0x53, 0xb6, 0x38, 0x35, 0x7d, 0x2d, 0xb3, 0x4b, 0xfc, 0x29, 0xce, 0x4d, 0xfb, 0x2d, 0x3f, 0x8c,
-	0xe9, 0x91, 0x8f, 0x83, 0xff, 0x35, 0xdd, 0x06, 0x85, 0x57, 0xce, 0x30, 0x91, 0x19, 0xd1, 0x2e,
-	0xc3, 0x44, 0x66, 0x64, 0x61, 0xfe, 0x16, 0xe2, 0x7e, 0x6d, 0x0a, 0x73, 0xa2, 0x91, 0xf5, 0x57,
-	0x5d, 0x9f, 0x1c, 0x28, 0x9d, 0x77, 0x41, 0xe1, 0x25, 0x08, 0x87, 0x20, 0x3f, 0xaa, 0xc8, 0xa9,
-	0x0f, 0x26, 0xc6, 0xf9, 0x8e, 0xef, 0x22, 0x7c, 0x0a, 0x73, 0xa2, 0xbc, 0x60, 0x3d, 0x04, 0xfb,
-	0x81, 0x5a, 0xa6, 0x1a, 0xa1, 0xf7, 0xfb, 0xbe, 0x36, 0xbf, 0xba, 0x78, 0x93, 0x8d, 0xfc, 0xf6,
-	0x26, 0x1b, 0xf9, 0xfe, 0x32, 0x8b, 0x2e, 0x2e, 0xb3, 0xe8, 0xd7, 0xcb, 0x2c, 0xfa, 0xf3, 0x32,
-	0x8b, 0x5e, 0x6c, 0x4d, 0xff, 0xcf, 0xb9, 0xd1, 0x9b, 0x3c, 0x8f, 0x1c, 0xc7, 0xc5, 0x55, 0xfa,
-	0xe8, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8e, 0xa0, 0xb2, 0xda, 0xc4, 0x0e, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto b/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto
index 0e62add3bf0ee..dfb8ff1e70a9b 100644
--- a/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto
+++ b/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.snapshots.v1;
@@ -21,6 +37,7 @@ service Snapshots {
 	rpc Update(UpdateSnapshotRequest) returns (UpdateSnapshotResponse);
 	rpc List(ListSnapshotsRequest) returns (stream ListSnapshotsResponse);
 	rpc Usage(UsageRequest) returns (UsageResponse);
+	rpc Cleanup(CleanupRequest) returns (google.protobuf.Empty);
 }
 
 message PrepareSnapshotRequest {
@@ -133,6 +150,18 @@ message UpdateSnapshotResponse {
 
 message ListSnapshotsRequest{
 	string snapshotter = 1;
+
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, images that match the following will be
+	// returned:
+	//
+	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	repeated string filters = 2;
 }
 
 message ListSnapshotsResponse {
@@ -148,3 +177,7 @@ message UsageResponse {
 	int64 size = 1;
 	int64 inodes = 2;
 }
+
+message CleanupRequest {
+	string snapshotter = 1;
+}
diff --git a/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.pb.go b/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.pb.go
index 0dfee91568e93..4904e6508d52c 100644
--- a/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.pb.go
@@ -1,68 +1,28 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/tasks/v1/tasks.proto
 
-/*
-	Package tasks is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/tasks/v1/tasks.proto
-
-	It has these top-level messages:
-		CreateTaskRequest
-		CreateTaskResponse
-		StartRequest
-		StartResponse
-		DeleteTaskRequest
-		DeleteResponse
-		DeleteProcessRequest
-		GetRequest
-		GetResponse
-		ListTasksRequest
-		ListTasksResponse
-		KillRequest
-		ExecProcessRequest
-		ExecProcessResponse
-		ResizePtyRequest
-		CloseIORequest
-		PauseTaskRequest
-		ResumeTaskRequest
-		ListPidsRequest
-		ListPidsResponse
-		CheckpointTaskRequest
-		CheckpointTaskResponse
-		UpdateTaskRequest
-		MetricsRequest
-		MetricsResponse
-		WaitRequest
-		WaitResponse
-*/
 package tasks
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/types"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import containerd_types "github.com/containerd/containerd/api/types"
-import containerd_types1 "github.com/containerd/containerd/api/types"
-import containerd_types2 "github.com/containerd/containerd/api/types"
-import containerd_v1_types "github.com/containerd/containerd/api/types/task"
-import _ "github.com/gogo/protobuf/types"
-
-import time "time"
-import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	types "github.com/containerd/containerd/api/types"
+	task "github.com/containerd/containerd/api/types/task"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types1 "github.com/gogo/protobuf/types"
+	github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -74,7 +34,7 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type CreateTaskRequest struct {
 	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
@@ -84,116 +44,488 @@ type CreateTaskRequest struct {
 	// These are for mounts that cannot be performed in the user namespace.
 	// Typically, these mounts should be resolved from snapshots specified on
 	// the container object.
-	Rootfs     []*containerd_types.Mount     `protobuf:"bytes,3,rep,name=rootfs" json:"rootfs,omitempty"`
-	Stdin      string                        `protobuf:"bytes,4,opt,name=stdin,proto3" json:"stdin,omitempty"`
-	Stdout     string                        `protobuf:"bytes,5,opt,name=stdout,proto3" json:"stdout,omitempty"`
-	Stderr     string                        `protobuf:"bytes,6,opt,name=stderr,proto3" json:"stderr,omitempty"`
-	Terminal   bool                          `protobuf:"varint,7,opt,name=terminal,proto3" json:"terminal,omitempty"`
-	Checkpoint *containerd_types2.Descriptor `protobuf:"bytes,8,opt,name=checkpoint" json:"checkpoint,omitempty"`
-	Options    *google_protobuf1.Any         `protobuf:"bytes,9,opt,name=options" json:"options,omitempty"`
+	Rootfs               []*types.Mount    `protobuf:"bytes,3,rep,name=rootfs,proto3" json:"rootfs,omitempty"`
+	Stdin                string            `protobuf:"bytes,4,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	Stdout               string            `protobuf:"bytes,5,opt,name=stdout,proto3" json:"stdout,omitempty"`
+	Stderr               string            `protobuf:"bytes,6,opt,name=stderr,proto3" json:"stderr,omitempty"`
+	Terminal             bool              `protobuf:"varint,7,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	Checkpoint           *types.Descriptor `protobuf:"bytes,8,opt,name=checkpoint,proto3" json:"checkpoint,omitempty"`
+	Options              *types1.Any       `protobuf:"bytes,9,opt,name=options,proto3" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *CreateTaskRequest) Reset()      { *m = CreateTaskRequest{} }
+func (*CreateTaskRequest) ProtoMessage() {}
+func (*CreateTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{0}
+}
+func (m *CreateTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateTaskRequest.Merge(m, src)
+}
+func (m *CreateTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateTaskRequest.DiscardUnknown(m)
 }
 
-func (m *CreateTaskRequest) Reset()                    { *m = CreateTaskRequest{} }
-func (*CreateTaskRequest) ProtoMessage()               {}
-func (*CreateTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{0} }
+var xxx_messageInfo_CreateTaskRequest proto.InternalMessageInfo
 
 type CreateTaskResponse struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	Pid         uint32 `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	Pid                  uint32   `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateTaskResponse) Reset()      { *m = CreateTaskResponse{} }
+func (*CreateTaskResponse) ProtoMessage() {}
+func (*CreateTaskResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{1}
+}
+func (m *CreateTaskResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateTaskResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateTaskResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateTaskResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateTaskResponse.Merge(m, src)
+}
+func (m *CreateTaskResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateTaskResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateTaskResponse.DiscardUnknown(m)
 }
 
-func (m *CreateTaskResponse) Reset()                    { *m = CreateTaskResponse{} }
-func (*CreateTaskResponse) ProtoMessage()               {}
-func (*CreateTaskResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{1} }
+var xxx_messageInfo_CreateTaskResponse proto.InternalMessageInfo
 
 type StartRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StartRequest) Reset()      { *m = StartRequest{} }
+func (*StartRequest) ProtoMessage() {}
+func (*StartRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{2}
+}
+func (m *StartRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StartRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StartRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StartRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StartRequest.Merge(m, src)
+}
+func (m *StartRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *StartRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_StartRequest.DiscardUnknown(m)
 }
 
-func (m *StartRequest) Reset()                    { *m = StartRequest{} }
-func (*StartRequest) ProtoMessage()               {}
-func (*StartRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{2} }
+var xxx_messageInfo_StartRequest proto.InternalMessageInfo
 
 type StartResponse struct {
-	Pid uint32 `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"`
+	Pid                  uint32   `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StartResponse) Reset()      { *m = StartResponse{} }
+func (*StartResponse) ProtoMessage() {}
+func (*StartResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{3}
+}
+func (m *StartResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StartResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StartResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StartResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StartResponse.Merge(m, src)
+}
+func (m *StartResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *StartResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_StartResponse.DiscardUnknown(m)
 }
 
-func (m *StartResponse) Reset()                    { *m = StartResponse{} }
-func (*StartResponse) ProtoMessage()               {}
-func (*StartResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{3} }
+var xxx_messageInfo_StartResponse proto.InternalMessageInfo
 
 type DeleteTaskRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteTaskRequest) Reset()      { *m = DeleteTaskRequest{} }
+func (*DeleteTaskRequest) ProtoMessage() {}
+func (*DeleteTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{4}
+}
+func (m *DeleteTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteTaskRequest.Merge(m, src)
+}
+func (m *DeleteTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteTaskRequest.DiscardUnknown(m)
 }
 
-func (m *DeleteTaskRequest) Reset()                    { *m = DeleteTaskRequest{} }
-func (*DeleteTaskRequest) ProtoMessage()               {}
-func (*DeleteTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{4} }
+var xxx_messageInfo_DeleteTaskRequest proto.InternalMessageInfo
 
 type DeleteResponse struct {
-	ID         string    `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Pid        uint32    `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
-	ExitStatus uint32    `protobuf:"varint,3,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
-	ExitedAt   time.Time `protobuf:"bytes,4,opt,name=exited_at,json=exitedAt,stdtime" json:"exited_at"`
+	ID                   string    `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Pid                  uint32    `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
+	ExitStatus           uint32    `protobuf:"varint,3,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
+	ExitedAt             time.Time `protobuf:"bytes,4,opt,name=exited_at,json=exitedAt,proto3,stdtime" json:"exited_at"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *DeleteResponse) Reset()      { *m = DeleteResponse{} }
+func (*DeleteResponse) ProtoMessage() {}
+func (*DeleteResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{5}
+}
+func (m *DeleteResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteResponse.Merge(m, src)
+}
+func (m *DeleteResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteResponse.DiscardUnknown(m)
 }
 
-func (m *DeleteResponse) Reset()                    { *m = DeleteResponse{} }
-func (*DeleteResponse) ProtoMessage()               {}
-func (*DeleteResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{5} }
+var xxx_messageInfo_DeleteResponse proto.InternalMessageInfo
 
 type DeleteProcessRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteProcessRequest) Reset()      { *m = DeleteProcessRequest{} }
+func (*DeleteProcessRequest) ProtoMessage() {}
+func (*DeleteProcessRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{6}
+}
+func (m *DeleteProcessRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteProcessRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteProcessRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteProcessRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteProcessRequest.Merge(m, src)
+}
+func (m *DeleteProcessRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteProcessRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteProcessRequest.DiscardUnknown(m)
 }
 
-func (m *DeleteProcessRequest) Reset()                    { *m = DeleteProcessRequest{} }
-func (*DeleteProcessRequest) ProtoMessage()               {}
-func (*DeleteProcessRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{6} }
+var xxx_messageInfo_DeleteProcessRequest proto.InternalMessageInfo
 
 type GetRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetRequest) Reset()      { *m = GetRequest{} }
+func (*GetRequest) ProtoMessage() {}
+func (*GetRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{7}
+}
+func (m *GetRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetRequest.Merge(m, src)
+}
+func (m *GetRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetRequest.DiscardUnknown(m)
 }
 
-func (m *GetRequest) Reset()                    { *m = GetRequest{} }
-func (*GetRequest) ProtoMessage()               {}
-func (*GetRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{7} }
+var xxx_messageInfo_GetRequest proto.InternalMessageInfo
 
 type GetResponse struct {
-	Process *containerd_v1_types.Process `protobuf:"bytes,1,opt,name=process" json:"process,omitempty"`
+	Process              *task.Process `protobuf:"bytes,1,opt,name=process,proto3" json:"process,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
+	XXX_unrecognized     []byte        `json:"-"`
+	XXX_sizecache        int32         `json:"-"`
+}
+
+func (m *GetResponse) Reset()      { *m = GetResponse{} }
+func (*GetResponse) ProtoMessage() {}
+func (*GetResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{8}
+}
+func (m *GetResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetResponse.Merge(m, src)
+}
+func (m *GetResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetResponse.DiscardUnknown(m)
 }
 
-func (m *GetResponse) Reset()                    { *m = GetResponse{} }
-func (*GetResponse) ProtoMessage()               {}
-func (*GetResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{8} }
+var xxx_messageInfo_GetResponse proto.InternalMessageInfo
 
 type ListTasksRequest struct {
-	Filter string `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"`
+	Filter               string   `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListTasksRequest) Reset()      { *m = ListTasksRequest{} }
+func (*ListTasksRequest) ProtoMessage() {}
+func (*ListTasksRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{9}
+}
+func (m *ListTasksRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListTasksRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListTasksRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListTasksRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListTasksRequest.Merge(m, src)
+}
+func (m *ListTasksRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListTasksRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListTasksRequest.DiscardUnknown(m)
 }
 
-func (m *ListTasksRequest) Reset()                    { *m = ListTasksRequest{} }
-func (*ListTasksRequest) ProtoMessage()               {}
-func (*ListTasksRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{9} }
+var xxx_messageInfo_ListTasksRequest proto.InternalMessageInfo
 
 type ListTasksResponse struct {
-	Tasks []*containerd_v1_types.Process `protobuf:"bytes,1,rep,name=tasks" json:"tasks,omitempty"`
+	Tasks                []*task.Process `protobuf:"bytes,1,rep,name=tasks,proto3" json:"tasks,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *ListTasksResponse) Reset()      { *m = ListTasksResponse{} }
+func (*ListTasksResponse) ProtoMessage() {}
+func (*ListTasksResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{10}
+}
+func (m *ListTasksResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListTasksResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListTasksResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListTasksResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListTasksResponse.Merge(m, src)
+}
+func (m *ListTasksResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListTasksResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListTasksResponse.DiscardUnknown(m)
 }
 
-func (m *ListTasksResponse) Reset()                    { *m = ListTasksResponse{} }
-func (*ListTasksResponse) ProtoMessage()               {}
-func (*ListTasksResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{10} }
+var xxx_messageInfo_ListTasksResponse proto.InternalMessageInfo
 
 type KillRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
-	Signal      uint32 `protobuf:"varint,3,opt,name=signal,proto3" json:"signal,omitempty"`
-	All         bool   `protobuf:"varint,4,opt,name=all,proto3" json:"all,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	Signal               uint32   `protobuf:"varint,3,opt,name=signal,proto3" json:"signal,omitempty"`
+	All                  bool     `protobuf:"varint,4,opt,name=all,proto3" json:"all,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *KillRequest) Reset()      { *m = KillRequest{} }
+func (*KillRequest) ProtoMessage() {}
+func (*KillRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{11}
+}
+func (m *KillRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *KillRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_KillRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *KillRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_KillRequest.Merge(m, src)
+}
+func (m *KillRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *KillRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_KillRequest.DiscardUnknown(m)
 }
 
-func (m *KillRequest) Reset()                    { *m = KillRequest{} }
-func (*KillRequest) ProtoMessage()               {}
-func (*KillRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{11} }
+var xxx_messageInfo_KillRequest proto.InternalMessageInfo
 
 type ExecProcessRequest struct {
 	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
@@ -204,136 +536,602 @@ type ExecProcessRequest struct {
 	// Spec for starting a process in the target container.
 	//
 	// For runc, this is a process spec, for example.
-	Spec *google_protobuf1.Any `protobuf:"bytes,6,opt,name=spec" json:"spec,omitempty"`
+	Spec *types1.Any `protobuf:"bytes,6,opt,name=spec,proto3" json:"spec,omitempty"`
 	// id of the exec process
-	ExecID string `protobuf:"bytes,7,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,7,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ExecProcessRequest) Reset()      { *m = ExecProcessRequest{} }
+func (*ExecProcessRequest) ProtoMessage() {}
+func (*ExecProcessRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{12}
+}
+func (m *ExecProcessRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExecProcessRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ExecProcessRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ExecProcessRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExecProcessRequest.Merge(m, src)
+}
+func (m *ExecProcessRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExecProcessRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExecProcessRequest.DiscardUnknown(m)
 }
 
-func (m *ExecProcessRequest) Reset()                    { *m = ExecProcessRequest{} }
-func (*ExecProcessRequest) ProtoMessage()               {}
-func (*ExecProcessRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{12} }
+var xxx_messageInfo_ExecProcessRequest proto.InternalMessageInfo
 
 type ExecProcessResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ExecProcessResponse) Reset()      { *m = ExecProcessResponse{} }
+func (*ExecProcessResponse) ProtoMessage() {}
+func (*ExecProcessResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{13}
+}
+func (m *ExecProcessResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExecProcessResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ExecProcessResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ExecProcessResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExecProcessResponse.Merge(m, src)
+}
+func (m *ExecProcessResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExecProcessResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExecProcessResponse.DiscardUnknown(m)
 }
 
-func (m *ExecProcessResponse) Reset()                    { *m = ExecProcessResponse{} }
-func (*ExecProcessResponse) ProtoMessage()               {}
-func (*ExecProcessResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{13} }
+var xxx_messageInfo_ExecProcessResponse proto.InternalMessageInfo
 
 type ResizePtyRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
-	Width       uint32 `protobuf:"varint,3,opt,name=width,proto3" json:"width,omitempty"`
-	Height      uint32 `protobuf:"varint,4,opt,name=height,proto3" json:"height,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	Width                uint32   `protobuf:"varint,3,opt,name=width,proto3" json:"width,omitempty"`
+	Height               uint32   `protobuf:"varint,4,opt,name=height,proto3" json:"height,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ResizePtyRequest) Reset()      { *m = ResizePtyRequest{} }
+func (*ResizePtyRequest) ProtoMessage() {}
+func (*ResizePtyRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{14}
+}
+func (m *ResizePtyRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResizePtyRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResizePtyRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResizePtyRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResizePtyRequest.Merge(m, src)
+}
+func (m *ResizePtyRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResizePtyRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResizePtyRequest.DiscardUnknown(m)
 }
 
-func (m *ResizePtyRequest) Reset()                    { *m = ResizePtyRequest{} }
-func (*ResizePtyRequest) ProtoMessage()               {}
-func (*ResizePtyRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{14} }
+var xxx_messageInfo_ResizePtyRequest proto.InternalMessageInfo
 
 type CloseIORequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
-	Stdin       bool   `protobuf:"varint,3,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	Stdin                bool     `protobuf:"varint,3,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CloseIORequest) Reset()      { *m = CloseIORequest{} }
+func (*CloseIORequest) ProtoMessage() {}
+func (*CloseIORequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{15}
+}
+func (m *CloseIORequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CloseIORequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CloseIORequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CloseIORequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CloseIORequest.Merge(m, src)
+}
+func (m *CloseIORequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CloseIORequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CloseIORequest.DiscardUnknown(m)
 }
 
-func (m *CloseIORequest) Reset()                    { *m = CloseIORequest{} }
-func (*CloseIORequest) ProtoMessage()               {}
-func (*CloseIORequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{15} }
+var xxx_messageInfo_CloseIORequest proto.InternalMessageInfo
 
 type PauseTaskRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PauseTaskRequest) Reset()      { *m = PauseTaskRequest{} }
+func (*PauseTaskRequest) ProtoMessage() {}
+func (*PauseTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{16}
+}
+func (m *PauseTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PauseTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PauseTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PauseTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PauseTaskRequest.Merge(m, src)
+}
+func (m *PauseTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *PauseTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PauseTaskRequest.DiscardUnknown(m)
 }
 
-func (m *PauseTaskRequest) Reset()                    { *m = PauseTaskRequest{} }
-func (*PauseTaskRequest) ProtoMessage()               {}
-func (*PauseTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{16} }
+var xxx_messageInfo_PauseTaskRequest proto.InternalMessageInfo
 
 type ResumeTaskRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ResumeTaskRequest) Reset()      { *m = ResumeTaskRequest{} }
+func (*ResumeTaskRequest) ProtoMessage() {}
+func (*ResumeTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{17}
+}
+func (m *ResumeTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResumeTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResumeTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResumeTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResumeTaskRequest.Merge(m, src)
+}
+func (m *ResumeTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResumeTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResumeTaskRequest.DiscardUnknown(m)
 }
 
-func (m *ResumeTaskRequest) Reset()                    { *m = ResumeTaskRequest{} }
-func (*ResumeTaskRequest) ProtoMessage()               {}
-func (*ResumeTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{17} }
+var xxx_messageInfo_ResumeTaskRequest proto.InternalMessageInfo
 
 type ListPidsRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListPidsRequest) Reset()      { *m = ListPidsRequest{} }
+func (*ListPidsRequest) ProtoMessage() {}
+func (*ListPidsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{18}
+}
+func (m *ListPidsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListPidsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListPidsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListPidsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListPidsRequest.Merge(m, src)
+}
+func (m *ListPidsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListPidsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListPidsRequest.DiscardUnknown(m)
 }
 
-func (m *ListPidsRequest) Reset()                    { *m = ListPidsRequest{} }
-func (*ListPidsRequest) ProtoMessage()               {}
-func (*ListPidsRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{18} }
+var xxx_messageInfo_ListPidsRequest proto.InternalMessageInfo
 
 type ListPidsResponse struct {
 	// Processes includes the process ID and additional process information
-	Processes []*containerd_v1_types.ProcessInfo `protobuf:"bytes,1,rep,name=processes" json:"processes,omitempty"`
+	Processes            []*task.ProcessInfo `protobuf:"bytes,1,rep,name=processes,proto3" json:"processes,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
+	XXX_unrecognized     []byte              `json:"-"`
+	XXX_sizecache        int32               `json:"-"`
+}
+
+func (m *ListPidsResponse) Reset()      { *m = ListPidsResponse{} }
+func (*ListPidsResponse) ProtoMessage() {}
+func (*ListPidsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{19}
+}
+func (m *ListPidsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListPidsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListPidsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListPidsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListPidsResponse.Merge(m, src)
+}
+func (m *ListPidsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListPidsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListPidsResponse.DiscardUnknown(m)
 }
 
-func (m *ListPidsResponse) Reset()                    { *m = ListPidsResponse{} }
-func (*ListPidsResponse) ProtoMessage()               {}
-func (*ListPidsResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{19} }
+var xxx_messageInfo_ListPidsResponse proto.InternalMessageInfo
 
 type CheckpointTaskRequest struct {
-	ContainerID      string                                     `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ParentCheckpoint github_com_opencontainers_go_digest.Digest `protobuf:"bytes,2,opt,name=parent_checkpoint,json=parentCheckpoint,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"parent_checkpoint"`
-	Options          *google_protobuf1.Any                      `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+	ContainerID          string                                     `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ParentCheckpoint     github_com_opencontainers_go_digest.Digest `protobuf:"bytes,2,opt,name=parent_checkpoint,json=parentCheckpoint,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"parent_checkpoint"`
+	Options              *types1.Any                                `protobuf:"bytes,3,opt,name=options,proto3" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
+}
+
+func (m *CheckpointTaskRequest) Reset()      { *m = CheckpointTaskRequest{} }
+func (*CheckpointTaskRequest) ProtoMessage() {}
+func (*CheckpointTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{20}
+}
+func (m *CheckpointTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CheckpointTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CheckpointTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CheckpointTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CheckpointTaskRequest.Merge(m, src)
+}
+func (m *CheckpointTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CheckpointTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CheckpointTaskRequest.DiscardUnknown(m)
 }
 
-func (m *CheckpointTaskRequest) Reset()                    { *m = CheckpointTaskRequest{} }
-func (*CheckpointTaskRequest) ProtoMessage()               {}
-func (*CheckpointTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{20} }
+var xxx_messageInfo_CheckpointTaskRequest proto.InternalMessageInfo
 
 type CheckpointTaskResponse struct {
-	Descriptors []*containerd_types2.Descriptor `protobuf:"bytes,1,rep,name=descriptors" json:"descriptors,omitempty"`
+	Descriptors          []*types.Descriptor `protobuf:"bytes,1,rep,name=descriptors,proto3" json:"descriptors,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
+	XXX_unrecognized     []byte              `json:"-"`
+	XXX_sizecache        int32               `json:"-"`
+}
+
+func (m *CheckpointTaskResponse) Reset()      { *m = CheckpointTaskResponse{} }
+func (*CheckpointTaskResponse) ProtoMessage() {}
+func (*CheckpointTaskResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{21}
+}
+func (m *CheckpointTaskResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CheckpointTaskResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CheckpointTaskResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CheckpointTaskResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CheckpointTaskResponse.Merge(m, src)
+}
+func (m *CheckpointTaskResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CheckpointTaskResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CheckpointTaskResponse.DiscardUnknown(m)
 }
 
-func (m *CheckpointTaskResponse) Reset()                    { *m = CheckpointTaskResponse{} }
-func (*CheckpointTaskResponse) ProtoMessage()               {}
-func (*CheckpointTaskResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{21} }
+var xxx_messageInfo_CheckpointTaskResponse proto.InternalMessageInfo
 
 type UpdateTaskRequest struct {
-	ContainerID string                `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	Resources   *google_protobuf1.Any `protobuf:"bytes,2,opt,name=resources" json:"resources,omitempty"`
+	ContainerID          string            `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	Resources            *types1.Any       `protobuf:"bytes,2,opt,name=resources,proto3" json:"resources,omitempty"`
+	Annotations          map[string]string `protobuf:"bytes,3,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *UpdateTaskRequest) Reset()      { *m = UpdateTaskRequest{} }
+func (*UpdateTaskRequest) ProtoMessage() {}
+func (*UpdateTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{22}
+}
+func (m *UpdateTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateTaskRequest.Merge(m, src)
+}
+func (m *UpdateTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateTaskRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateTaskRequest) Reset()                    { *m = UpdateTaskRequest{} }
-func (*UpdateTaskRequest) ProtoMessage()               {}
-func (*UpdateTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{22} }
+var xxx_messageInfo_UpdateTaskRequest proto.InternalMessageInfo
 
 type MetricsRequest struct {
-	Filters []string `protobuf:"bytes,1,rep,name=filters" json:"filters,omitempty"`
+	Filters              []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *MetricsRequest) Reset()      { *m = MetricsRequest{} }
+func (*MetricsRequest) ProtoMessage() {}
+func (*MetricsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{23}
+}
+func (m *MetricsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MetricsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MetricsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MetricsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MetricsRequest.Merge(m, src)
+}
+func (m *MetricsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *MetricsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_MetricsRequest.DiscardUnknown(m)
 }
 
-func (m *MetricsRequest) Reset()                    { *m = MetricsRequest{} }
-func (*MetricsRequest) ProtoMessage()               {}
-func (*MetricsRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{23} }
+var xxx_messageInfo_MetricsRequest proto.InternalMessageInfo
 
 type MetricsResponse struct {
-	Metrics []*containerd_types1.Metric `protobuf:"bytes,1,rep,name=metrics" json:"metrics,omitempty"`
+	Metrics              []*types.Metric `protobuf:"bytes,1,rep,name=metrics,proto3" json:"metrics,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *MetricsResponse) Reset()      { *m = MetricsResponse{} }
+func (*MetricsResponse) ProtoMessage() {}
+func (*MetricsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{24}
+}
+func (m *MetricsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MetricsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MetricsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MetricsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MetricsResponse.Merge(m, src)
+}
+func (m *MetricsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *MetricsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_MetricsResponse.DiscardUnknown(m)
 }
 
-func (m *MetricsResponse) Reset()                    { *m = MetricsResponse{} }
-func (*MetricsResponse) ProtoMessage()               {}
-func (*MetricsResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{24} }
+var xxx_messageInfo_MetricsResponse proto.InternalMessageInfo
 
 type WaitRequest struct {
-	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ExecID      string `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	ContainerID          string   `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,2,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *WaitRequest) Reset()      { *m = WaitRequest{} }
+func (*WaitRequest) ProtoMessage() {}
+func (*WaitRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{25}
+}
+func (m *WaitRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WaitRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WaitRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WaitRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WaitRequest.Merge(m, src)
+}
+func (m *WaitRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *WaitRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_WaitRequest.DiscardUnknown(m)
 }
 
-func (m *WaitRequest) Reset()                    { *m = WaitRequest{} }
-func (*WaitRequest) ProtoMessage()               {}
-func (*WaitRequest) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{25} }
+var xxx_messageInfo_WaitRequest proto.InternalMessageInfo
 
 type WaitResponse struct {
-	ExitStatus uint32    `protobuf:"varint,1,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
-	ExitedAt   time.Time `protobuf:"bytes,2,opt,name=exited_at,json=exitedAt,stdtime" json:"exited_at"`
+	ExitStatus           uint32    `protobuf:"varint,1,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
+	ExitedAt             time.Time `protobuf:"bytes,2,opt,name=exited_at,json=exitedAt,proto3,stdtime" json:"exited_at"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *WaitResponse) Reset()      { *m = WaitResponse{} }
+func (*WaitResponse) ProtoMessage() {}
+func (*WaitResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_310e7127b8a26f14, []int{26}
+}
+func (m *WaitResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WaitResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WaitResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WaitResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WaitResponse.Merge(m, src)
+}
+func (m *WaitResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *WaitResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_WaitResponse.DiscardUnknown(m)
 }
 
-func (m *WaitResponse) Reset()                    { *m = WaitResponse{} }
-func (*WaitResponse) ProtoMessage()               {}
-func (*WaitResponse) Descriptor() ([]byte, []int) { return fileDescriptorTasks, []int{26} }
+var xxx_messageInfo_WaitResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*CreateTaskRequest)(nil), "containerd.services.tasks.v1.CreateTaskRequest")
@@ -359,12 +1157,107 @@ func init() {
 	proto.RegisterType((*CheckpointTaskRequest)(nil), "containerd.services.tasks.v1.CheckpointTaskRequest")
 	proto.RegisterType((*CheckpointTaskResponse)(nil), "containerd.services.tasks.v1.CheckpointTaskResponse")
 	proto.RegisterType((*UpdateTaskRequest)(nil), "containerd.services.tasks.v1.UpdateTaskRequest")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.services.tasks.v1.UpdateTaskRequest.AnnotationsEntry")
 	proto.RegisterType((*MetricsRequest)(nil), "containerd.services.tasks.v1.MetricsRequest")
 	proto.RegisterType((*MetricsResponse)(nil), "containerd.services.tasks.v1.MetricsResponse")
 	proto.RegisterType((*WaitRequest)(nil), "containerd.services.tasks.v1.WaitRequest")
 	proto.RegisterType((*WaitResponse)(nil), "containerd.services.tasks.v1.WaitResponse")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/tasks/v1/tasks.proto", fileDescriptor_310e7127b8a26f14)
+}
+
+var fileDescriptor_310e7127b8a26f14 = []byte{
+	// 1376 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0x5b, 0x6f, 0x1b, 0x45,
+	0x14, 0xee, 0xfa, 0xee, 0xe3, 0xa4, 0x4d, 0x96, 0x34, 0x98, 0xa5, 0x8a, 0xc3, 0xf2, 0x62, 0x02,
+	0x5d, 0x53, 0x17, 0x55, 0x55, 0x5b, 0x55, 0xe4, 0x46, 0x64, 0x41, 0xd5, 0x74, 0x5b, 0xa0, 0xaa,
+	0x84, 0xc2, 0xc6, 0x3b, 0x71, 0x46, 0xb1, 0x77, 0xb6, 0x3b, 0xe3, 0xb4, 0xe6, 0x05, 0x7e, 0x42,
+	0x5f, 0x79, 0x81, 0xbf, 0x93, 0x47, 0x1e, 0x11, 0xaa, 0x02, 0xf5, 0xbf, 0xe0, 0x0d, 0xcd, 0x65,
+	0xd7, 0x1b, 0x3b, 0xf6, 0x3a, 0x4d, 0xc3, 0x4b, 0x32, 0x33, 0x7b, 0xce, 0x99, 0x33, 0xdf, 0xb9,
+	0x7d, 0x09, 0xac, 0xb5, 0x30, 0xdb, 0xef, 0xee, 0x5a, 0x4d, 0xd2, 0xa9, 0x35, 0x89, 0xc7, 0x1c,
+	0xec, 0xa1, 0xc0, 0x8d, 0x2f, 0x1d, 0x1f, 0xd7, 0x28, 0x0a, 0x0e, 0x71, 0x13, 0xd1, 0x1a, 0x73,
+	0xe8, 0x01, 0xad, 0x1d, 0xde, 0x90, 0x0b, 0xcb, 0x0f, 0x08, 0x23, 0xfa, 0xb5, 0x81, 0xb4, 0x15,
+	0x4a, 0x5a, 0x52, 0xe0, 0xf0, 0x86, 0xf1, 0x61, 0x8b, 0x90, 0x56, 0x1b, 0xd5, 0x84, 0xec, 0x6e,
+	0x77, 0xaf, 0x86, 0x3a, 0x3e, 0xeb, 0x49, 0x55, 0xe3, 0x83, 0xe1, 0x8f, 0x8e, 0x17, 0x7e, 0x5a,
+	0x68, 0x91, 0x16, 0x11, 0xcb, 0x1a, 0x5f, 0xa9, 0xd3, 0x5b, 0x53, 0xf9, 0xcb, 0x7a, 0x3e, 0xa2,
+	0xb5, 0x0e, 0xe9, 0x7a, 0x4c, 0xe9, 0xdd, 0x3e, 0x8b, 0x1e, 0x62, 0x01, 0x6e, 0xaa, 0xd7, 0x19,
+	0x77, 0xcf, 0xa0, 0xe9, 0x22, 0xda, 0x0c, 0xb0, 0xcf, 0x48, 0xa0, 0x94, 0xef, 0x9c, 0x41, 0x99,
+	0x23, 0x26, 0x7e, 0x28, 0xdd, 0xca, 0x30, 0x36, 0x0c, 0x77, 0x10, 0x65, 0x4e, 0xc7, 0x97, 0x02,
+	0xe6, 0x51, 0x0a, 0xe6, 0xd7, 0x03, 0xe4, 0x30, 0xf4, 0xc4, 0xa1, 0x07, 0x36, 0x7a, 0xde, 0x45,
+	0x94, 0xe9, 0x75, 0x98, 0x89, 0xcc, 0xef, 0x60, 0xb7, 0xac, 0x2d, 0x6b, 0xd5, 0xe2, 0xda, 0x95,
+	0xfe, 0x71, 0xa5, 0xb4, 0x1e, 0x9e, 0x37, 0x36, 0xec, 0x52, 0x24, 0xd4, 0x70, 0xf5, 0x1a, 0xe4,
+	0x02, 0x42, 0xd8, 0x1e, 0x2d, 0xa7, 0x97, 0xd3, 0xd5, 0x52, 0xfd, 0x7d, 0x2b, 0x16, 0x52, 0xe1,
+	0x9d, 0xf5, 0x80, 0x83, 0x69, 0x2b, 0x31, 0x7d, 0x01, 0xb2, 0x94, 0xb9, 0xd8, 0x2b, 0x67, 0xb8,
+	0x75, 0x5b, 0x6e, 0xf4, 0x45, 0xc8, 0x51, 0xe6, 0x92, 0x2e, 0x2b, 0x67, 0xc5, 0xb1, 0xda, 0xa9,
+	0x73, 0x14, 0x04, 0xe5, 0x5c, 0x74, 0x8e, 0x82, 0x40, 0x37, 0xa0, 0xc0, 0x50, 0xd0, 0xc1, 0x9e,
+	0xd3, 0x2e, 0xe7, 0x97, 0xb5, 0x6a, 0xc1, 0x8e, 0xf6, 0xfa, 0x3d, 0x80, 0xe6, 0x3e, 0x6a, 0x1e,
+	0xf8, 0x04, 0x7b, 0xac, 0x5c, 0x58, 0xd6, 0xaa, 0xa5, 0xfa, 0xb5, 0x51, 0xb7, 0x36, 0x22, 0xc4,
+	0xed, 0x98, 0xbc, 0x6e, 0x41, 0x9e, 0xf8, 0x0c, 0x13, 0x8f, 0x96, 0x8b, 0x42, 0x75, 0xc1, 0x92,
+	0x68, 0x5a, 0x21, 0x9a, 0xd6, 0xaa, 0xd7, 0xb3, 0x43, 0x21, 0xf3, 0x19, 0xe8, 0x71, 0x24, 0xa9,
+	0x4f, 0x3c, 0x8a, 0xde, 0x0a, 0xca, 0x39, 0x48, 0xfb, 0xd8, 0x2d, 0xa7, 0x96, 0xb5, 0xea, 0xac,
+	0xcd, 0x97, 0x66, 0x0b, 0x66, 0x1e, 0x33, 0x27, 0x60, 0xe7, 0x09, 0xd0, 0xc7, 0x90, 0x47, 0x2f,
+	0x51, 0x73, 0x47, 0x59, 0x2e, 0xae, 0x41, 0xff, 0xb8, 0x92, 0xdb, 0x7c, 0x89, 0x9a, 0x8d, 0x0d,
+	0x3b, 0xc7, 0x3f, 0x35, 0x5c, 0xf3, 0x23, 0x98, 0x55, 0x17, 0x29, 0xff, 0x95, 0x2f, 0xda, 0xc0,
+	0x97, 0x2d, 0x98, 0xdf, 0x40, 0x6d, 0x74, 0xee, 0x8c, 0x31, 0x7f, 0xd3, 0xe0, 0xb2, 0xb4, 0x14,
+	0xdd, 0xb6, 0x08, 0xa9, 0x48, 0x39, 0xd7, 0x3f, 0xae, 0xa4, 0x1a, 0x1b, 0x76, 0x0a, 0x9f, 0x82,
+	0x88, 0x5e, 0x81, 0x12, 0x7a, 0x89, 0xd9, 0x0e, 0x65, 0x0e, 0xeb, 0xf2, 0x9c, 0xe3, 0x5f, 0x80,
+	0x1f, 0x3d, 0x16, 0x27, 0xfa, 0x2a, 0x14, 0xf9, 0x0e, 0xb9, 0x3b, 0x0e, 0x13, 0x29, 0x56, 0xaa,
+	0x1b, 0x23, 0x01, 0x7c, 0x12, 0x96, 0xc3, 0x5a, 0xe1, 0xe8, 0xb8, 0x72, 0xe9, 0xd5, 0xdf, 0x15,
+	0xcd, 0x2e, 0x48, 0xb5, 0x55, 0x66, 0x12, 0x58, 0x90, 0xfe, 0x6d, 0x07, 0xa4, 0x89, 0x28, 0xbd,
+	0x70, 0xf4, 0x11, 0xc0, 0x16, 0xba, 0xf8, 0x20, 0x6f, 0x42, 0x49, 0x5c, 0xa3, 0x40, 0xbf, 0x05,
+	0x79, 0x5f, 0x3e, 0x50, 0x5c, 0x31, 0x54, 0x23, 0x87, 0x37, 0x54, 0x99, 0x84, 0x20, 0x84, 0xc2,
+	0xe6, 0x0a, 0xcc, 0x7d, 0x83, 0x29, 0xe3, 0x69, 0x10, 0x41, 0xb3, 0x08, 0xb9, 0x3d, 0xdc, 0x66,
+	0x28, 0x90, 0xde, 0xda, 0x6a, 0xc7, 0x93, 0x26, 0x26, 0x1b, 0xd5, 0x46, 0x56, 0xb4, 0xf8, 0xb2,
+	0x26, 0x3a, 0xc6, 0xe4, 0x6b, 0xa5, 0xa8, 0xf9, 0x4a, 0x83, 0xd2, 0xd7, 0xb8, 0xdd, 0xbe, 0x68,
+	0x90, 0x44, 0xc3, 0xc1, 0x2d, 0xde, 0x56, 0x64, 0x6e, 0xa9, 0x1d, 0x4f, 0x45, 0xa7, 0xdd, 0x16,
+	0x19, 0x55, 0xb0, 0xf9, 0xd2, 0xfc, 0x57, 0x03, 0x9d, 0x2b, 0xbf, 0x83, 0x2c, 0x89, 0x7a, 0x62,
+	0xea, 0xf4, 0x9e, 0x98, 0x1e, 0xd3, 0x13, 0x33, 0x63, 0x7b, 0x62, 0x76, 0xa8, 0x27, 0x56, 0x21,
+	0x43, 0x7d, 0xd4, 0x14, 0x5d, 0x74, 0x5c, 0x4b, 0x13, 0x12, 0x71, 0x94, 0xf2, 0x63, 0x53, 0xe9,
+	0x2a, 0xbc, 0x77, 0xe2, 0xe9, 0x32, 0xb2, 0xe6, 0xaf, 0x1a, 0xcc, 0xd9, 0x88, 0xe2, 0x9f, 0xd0,
+	0x36, 0xeb, 0x5d, 0x78, 0xa8, 0x16, 0x20, 0xfb, 0x02, 0xbb, 0x6c, 0x5f, 0x45, 0x4a, 0x6e, 0x38,
+	0x3a, 0xfb, 0x08, 0xb7, 0xf6, 0x65, 0xf5, 0xcf, 0xda, 0x6a, 0x67, 0xfe, 0x0c, 0x97, 0xd7, 0xdb,
+	0x84, 0xa2, 0xc6, 0xc3, 0xff, 0xc3, 0x31, 0x19, 0xce, 0xb4, 0x88, 0x82, 0xdc, 0x98, 0x5f, 0xc1,
+	0xdc, 0xb6, 0xd3, 0xa5, 0xe7, 0xee, 0x9f, 0x5b, 0x30, 0x6f, 0x23, 0xda, 0xed, 0x9c, 0xdb, 0xd0,
+	0x26, 0x5c, 0xe1, 0xc5, 0xb9, 0x8d, 0xdd, 0xf3, 0x24, 0xaf, 0x69, 0xcb, 0x7e, 0x20, 0xcd, 0xa8,
+	0x12, 0xbf, 0x0f, 0x45, 0xd5, 0x2e, 0x50, 0x58, 0xe6, 0xcb, 0x93, 0xca, 0xbc, 0xe1, 0xed, 0x11,
+	0x7b, 0xa0, 0x62, 0xbe, 0xd6, 0xe0, 0xea, 0x7a, 0x34, 0x93, 0xcf, 0xcb, 0x51, 0x76, 0x60, 0xde,
+	0x77, 0x02, 0xe4, 0xb1, 0x9d, 0x18, 0x2f, 0x90, 0xe1, 0xab, 0xf3, 0xfe, 0xff, 0xd7, 0x71, 0x65,
+	0x25, 0xc6, 0xb6, 0x88, 0x8f, 0xbc, 0x48, 0x9d, 0xd6, 0x5a, 0xe4, 0xba, 0x8b, 0x5b, 0x88, 0x32,
+	0x6b, 0x43, 0xfc, 0xb2, 0xe7, 0xa4, 0xb1, 0xf5, 0x53, 0x39, 0x43, 0x7a, 0x1a, 0xce, 0xf0, 0x14,
+	0x16, 0x87, 0x5f, 0x17, 0x01, 0x57, 0x1a, 0x30, 0xc1, 0x53, 0x3b, 0xe4, 0x08, 0x79, 0x89, 0x2b,
+	0x98, 0xbf, 0xa7, 0x60, 0xfe, 0x5b, 0xdf, 0x7d, 0x07, 0xc4, 0xae, 0x0e, 0xc5, 0x00, 0x51, 0xd2,
+	0x0d, 0x9a, 0x88, 0x0a, 0xb0, 0xc6, 0xbd, 0x6a, 0x20, 0xa6, 0xef, 0x42, 0xc9, 0xf1, 0x3c, 0xc2,
+	0x9c, 0x10, 0x0b, 0xee, 0xfd, 0x97, 0xd6, 0x24, 0x92, 0x6f, 0x8d, 0x78, 0x6b, 0xad, 0x0e, 0x4c,
+	0x6c, 0x7a, 0x2c, 0xe8, 0xd9, 0x71, 0xa3, 0xc6, 0x7d, 0x98, 0x1b, 0x16, 0xe0, 0xcd, 0xf9, 0x00,
+	0xf5, 0xd4, 0xec, 0xe1, 0x4b, 0x5e, 0x82, 0x87, 0x4e, 0xbb, 0x8b, 0xc2, 0x8e, 0x2a, 0x36, 0x77,
+	0x52, 0xb7, 0x35, 0x73, 0x05, 0x2e, 0x3f, 0x90, 0x2c, 0x3d, 0x44, 0xa7, 0x0c, 0x79, 0x39, 0xae,
+	0x24, 0xde, 0x45, 0x3b, 0xdc, 0xf2, 0x0a, 0x89, 0x64, 0xa3, 0xe1, 0x95, 0x57, 0x24, 0x5f, 0x05,
+	0xa7, 0x7c, 0x0a, 0xe1, 0x15, 0x02, 0x76, 0x28, 0x68, 0xee, 0x41, 0xe9, 0x7b, 0x07, 0x5f, 0xfc,
+	0x80, 0x0f, 0x60, 0x46, 0xde, 0xa3, 0x7c, 0x1d, 0x22, 0x4b, 0xda, 0x64, 0xb2, 0x94, 0x7a, 0x1b,
+	0xb2, 0x54, 0x7f, 0x3d, 0x03, 0x59, 0x31, 0xde, 0xf5, 0x03, 0xc8, 0x49, 0x22, 0xac, 0xd7, 0x26,
+	0x47, 0x7c, 0xe4, 0x0f, 0x0f, 0xe3, 0xf3, 0xe9, 0x15, 0xd4, 0xd3, 0x7e, 0x84, 0xac, 0x20, 0xac,
+	0xfa, 0xca, 0x64, 0xd5, 0x38, 0x7d, 0x36, 0x3e, 0x9d, 0x4a, 0x56, 0xdd, 0xd0, 0x82, 0x9c, 0x64,
+	0x81, 0x49, 0xcf, 0x19, 0x61, 0xc5, 0xc6, 0x67, 0xd3, 0x28, 0x44, 0x17, 0x3d, 0x87, 0xd9, 0x13,
+	0x74, 0x53, 0xaf, 0x4f, 0xa3, 0x7e, 0x92, 0x75, 0x9c, 0xf1, 0xca, 0x67, 0x90, 0xde, 0x42, 0x4c,
+	0xaf, 0x4e, 0x56, 0x1a, 0x70, 0x52, 0xe3, 0x93, 0x29, 0x24, 0x23, 0xdc, 0x32, 0x7c, 0x1c, 0xe8,
+	0xd6, 0x64, 0x95, 0x61, 0x0a, 0x69, 0xd4, 0xa6, 0x96, 0x57, 0x17, 0x35, 0x20, 0xc3, 0x19, 0xa1,
+	0x9e, 0xe0, 0x5b, 0x8c, 0x35, 0x1a, 0x8b, 0x23, 0xc9, 0xbd, 0xd9, 0xf1, 0x59, 0x4f, 0xdf, 0x86,
+	0x0c, 0x2f, 0x25, 0x3d, 0x21, 0x0f, 0x47, 0xd9, 0xde, 0x58, 0x8b, 0x8f, 0xa1, 0x18, 0x11, 0xa1,
+	0x24, 0x28, 0x86, 0x19, 0xd3, 0x58, 0xa3, 0x0f, 0x21, 0xaf, 0x28, 0x8c, 0x9e, 0x10, 0xef, 0x93,
+	0x4c, 0x67, 0x82, 0xc1, 0xac, 0xa0, 0x24, 0x49, 0x1e, 0x0e, 0xf3, 0x96, 0xb1, 0x06, 0x1f, 0x41,
+	0x4e, 0x72, 0x93, 0xa4, 0xa2, 0x19, 0x61, 0x30, 0x63, 0x4d, 0x62, 0x28, 0x84, 0xf4, 0x42, 0xbf,
+	0x9e, 0x9c, 0x23, 0x31, 0x36, 0x63, 0x58, 0xd3, 0x8a, 0xab, 0x8c, 0x7a, 0x01, 0x10, 0x1b, 0xea,
+	0x37, 0x13, 0x20, 0x3e, 0x8d, 0x9e, 0x18, 0x5f, 0x9c, 0x4d, 0x49, 0x5d, 0xfc, 0x08, 0x72, 0x72,
+	0x0c, 0x26, 0xc1, 0x36, 0x32, 0x2c, 0xc7, 0xc2, 0xb6, 0x07, 0x79, 0x35, 0xba, 0x92, 0x72, 0xe5,
+	0xe4, 0x34, 0x34, 0xae, 0x4f, 0x29, 0xad, 0x5c, 0xff, 0x01, 0x32, 0x7c, 0xe6, 0x24, 0x55, 0x61,
+	0x6c, 0xfe, 0x19, 0x2b, 0xd3, 0x88, 0x4a, 0xf3, 0x6b, 0xdf, 0x1d, 0xbd, 0x59, 0xba, 0xf4, 0xe7,
+	0x9b, 0xa5, 0x4b, 0xbf, 0xf4, 0x97, 0xb4, 0xa3, 0xfe, 0x92, 0xf6, 0x47, 0x7f, 0x49, 0xfb, 0xa7,
+	0xbf, 0xa4, 0x3d, 0xbb, 0xf7, 0x76, 0xff, 0x7e, 0xbc, 0x2b, 0x16, 0x4f, 0x53, 0xbb, 0x39, 0x01,
+	0xd8, 0xcd, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0xcc, 0x55, 0xbf, 0x54, 0xc7, 0x14, 0x00, 0x00,
+}
+
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ grpc.ClientConn
@@ -373,8 +1266,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Tasks service
-
+// TasksClient is the client API for Tasks service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type TasksClient interface {
 	// Create a task.
 	Create(ctx context.Context, in *CreateTaskRequest, opts ...grpc.CallOption) (*CreateTaskResponse, error)
@@ -386,15 +1280,15 @@ type TasksClient interface {
 	Get(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*GetResponse, error)
 	List(ctx context.Context, in *ListTasksRequest, opts ...grpc.CallOption) (*ListTasksResponse, error)
 	// Kill a task or process.
-	Kill(ctx context.Context, in *KillRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
-	Exec(ctx context.Context, in *ExecProcessRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
-	ResizePty(ctx context.Context, in *ResizePtyRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
-	CloseIO(ctx context.Context, in *CloseIORequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
-	Pause(ctx context.Context, in *PauseTaskRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
-	Resume(ctx context.Context, in *ResumeTaskRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
+	Kill(ctx context.Context, in *KillRequest, opts ...grpc.CallOption) (*types1.Empty, error)
+	Exec(ctx context.Context, in *ExecProcessRequest, opts ...grpc.CallOption) (*types1.Empty, error)
+	ResizePty(ctx context.Context, in *ResizePtyRequest, opts ...grpc.CallOption) (*types1.Empty, error)
+	CloseIO(ctx context.Context, in *CloseIORequest, opts ...grpc.CallOption) (*types1.Empty, error)
+	Pause(ctx context.Context, in *PauseTaskRequest, opts ...grpc.CallOption) (*types1.Empty, error)
+	Resume(ctx context.Context, in *ResumeTaskRequest, opts ...grpc.CallOption) (*types1.Empty, error)
 	ListPids(ctx context.Context, in *ListPidsRequest, opts ...grpc.CallOption) (*ListPidsResponse, error)
 	Checkpoint(ctx context.Context, in *CheckpointTaskRequest, opts ...grpc.CallOption) (*CheckpointTaskResponse, error)
-	Update(ctx context.Context, in *UpdateTaskRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
+	Update(ctx context.Context, in *UpdateTaskRequest, opts ...grpc.CallOption) (*types1.Empty, error)
 	Metrics(ctx context.Context, in *MetricsRequest, opts ...grpc.CallOption) (*MetricsResponse, error)
 	Wait(ctx context.Context, in *WaitRequest, opts ...grpc.CallOption) (*WaitResponse, error)
 }
@@ -409,7 +1303,7 @@ func NewTasksClient(cc *grpc.ClientConn) TasksClient {
 
 func (c *tasksClient) Create(ctx context.Context, in *CreateTaskRequest, opts ...grpc.CallOption) (*CreateTaskResponse, error) {
 	out := new(CreateTaskResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Create", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Create", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -418,7 +1312,7 @@ func (c *tasksClient) Create(ctx context.Context, in *CreateTaskRequest, opts ..
 
 func (c *tasksClient) Start(ctx context.Context, in *StartRequest, opts ...grpc.CallOption) (*StartResponse, error) {
 	out := new(StartResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Start", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Start", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -427,7 +1321,7 @@ func (c *tasksClient) Start(ctx context.Context, in *StartRequest, opts ...grpc.
 
 func (c *tasksClient) Delete(ctx context.Context, in *DeleteTaskRequest, opts ...grpc.CallOption) (*DeleteResponse, error) {
 	out := new(DeleteResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Delete", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Delete", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -436,7 +1330,7 @@ func (c *tasksClient) Delete(ctx context.Context, in *DeleteTaskRequest, opts ..
 
 func (c *tasksClient) DeleteProcess(ctx context.Context, in *DeleteProcessRequest, opts ...grpc.CallOption) (*DeleteResponse, error) {
 	out := new(DeleteResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/DeleteProcess", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/DeleteProcess", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -445,7 +1339,7 @@ func (c *tasksClient) DeleteProcess(ctx context.Context, in *DeleteProcessReques
 
 func (c *tasksClient) Get(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*GetResponse, error) {
 	out := new(GetResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Get", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Get", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -454,61 +1348,61 @@ func (c *tasksClient) Get(ctx context.Context, in *GetRequest, opts ...grpc.Call
 
 func (c *tasksClient) List(ctx context.Context, in *ListTasksRequest, opts ...grpc.CallOption) (*ListTasksResponse, error) {
 	out := new(ListTasksResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/List", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/List", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *tasksClient) Kill(ctx context.Context, in *KillRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
-	out := new(google_protobuf.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Kill", in, out, c.cc, opts...)
+func (c *tasksClient) Kill(ctx context.Context, in *KillRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Kill", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *tasksClient) Exec(ctx context.Context, in *ExecProcessRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
-	out := new(google_protobuf.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Exec", in, out, c.cc, opts...)
+func (c *tasksClient) Exec(ctx context.Context, in *ExecProcessRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Exec", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *tasksClient) ResizePty(ctx context.Context, in *ResizePtyRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
-	out := new(google_protobuf.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/ResizePty", in, out, c.cc, opts...)
+func (c *tasksClient) ResizePty(ctx context.Context, in *ResizePtyRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/ResizePty", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *tasksClient) CloseIO(ctx context.Context, in *CloseIORequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
-	out := new(google_protobuf.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/CloseIO", in, out, c.cc, opts...)
+func (c *tasksClient) CloseIO(ctx context.Context, in *CloseIORequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/CloseIO", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *tasksClient) Pause(ctx context.Context, in *PauseTaskRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
-	out := new(google_protobuf.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Pause", in, out, c.cc, opts...)
+func (c *tasksClient) Pause(ctx context.Context, in *PauseTaskRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Pause", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *tasksClient) Resume(ctx context.Context, in *ResumeTaskRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
-	out := new(google_protobuf.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Resume", in, out, c.cc, opts...)
+func (c *tasksClient) Resume(ctx context.Context, in *ResumeTaskRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Resume", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -517,7 +1411,7 @@ func (c *tasksClient) Resume(ctx context.Context, in *ResumeTaskRequest, opts ..
 
 func (c *tasksClient) ListPids(ctx context.Context, in *ListPidsRequest, opts ...grpc.CallOption) (*ListPidsResponse, error) {
 	out := new(ListPidsResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/ListPids", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/ListPids", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -526,16 +1420,16 @@ func (c *tasksClient) ListPids(ctx context.Context, in *ListPidsRequest, opts ..
 
 func (c *tasksClient) Checkpoint(ctx context.Context, in *CheckpointTaskRequest, opts ...grpc.CallOption) (*CheckpointTaskResponse, error) {
 	out := new(CheckpointTaskResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Checkpoint", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Checkpoint", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *tasksClient) Update(ctx context.Context, in *UpdateTaskRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
-	out := new(google_protobuf.Empty)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Update", in, out, c.cc, opts...)
+func (c *tasksClient) Update(ctx context.Context, in *UpdateTaskRequest, opts ...grpc.CallOption) (*types1.Empty, error) {
+	out := new(types1.Empty)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Update", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -544,7 +1438,7 @@ func (c *tasksClient) Update(ctx context.Context, in *UpdateTaskRequest, opts ..
 
 func (c *tasksClient) Metrics(ctx context.Context, in *MetricsRequest, opts ...grpc.CallOption) (*MetricsResponse, error) {
 	out := new(MetricsResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Metrics", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Metrics", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -553,15 +1447,14 @@ func (c *tasksClient) Metrics(ctx context.Context, in *MetricsRequest, opts ...g
 
 func (c *tasksClient) Wait(ctx context.Context, in *WaitRequest, opts ...grpc.CallOption) (*WaitResponse, error) {
 	out := new(WaitResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Wait", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.tasks.v1.Tasks/Wait", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Tasks service
-
+// TasksServer is the server API for Tasks service.
 type TasksServer interface {
 	// Create a task.
 	Create(context.Context, *CreateTaskRequest) (*CreateTaskResponse, error)
@@ -573,19 +1466,75 @@ type TasksServer interface {
 	Get(context.Context, *GetRequest) (*GetResponse, error)
 	List(context.Context, *ListTasksRequest) (*ListTasksResponse, error)
 	// Kill a task or process.
-	Kill(context.Context, *KillRequest) (*google_protobuf.Empty, error)
-	Exec(context.Context, *ExecProcessRequest) (*google_protobuf.Empty, error)
-	ResizePty(context.Context, *ResizePtyRequest) (*google_protobuf.Empty, error)
-	CloseIO(context.Context, *CloseIORequest) (*google_protobuf.Empty, error)
-	Pause(context.Context, *PauseTaskRequest) (*google_protobuf.Empty, error)
-	Resume(context.Context, *ResumeTaskRequest) (*google_protobuf.Empty, error)
+	Kill(context.Context, *KillRequest) (*types1.Empty, error)
+	Exec(context.Context, *ExecProcessRequest) (*types1.Empty, error)
+	ResizePty(context.Context, *ResizePtyRequest) (*types1.Empty, error)
+	CloseIO(context.Context, *CloseIORequest) (*types1.Empty, error)
+	Pause(context.Context, *PauseTaskRequest) (*types1.Empty, error)
+	Resume(context.Context, *ResumeTaskRequest) (*types1.Empty, error)
 	ListPids(context.Context, *ListPidsRequest) (*ListPidsResponse, error)
 	Checkpoint(context.Context, *CheckpointTaskRequest) (*CheckpointTaskResponse, error)
-	Update(context.Context, *UpdateTaskRequest) (*google_protobuf.Empty, error)
+	Update(context.Context, *UpdateTaskRequest) (*types1.Empty, error)
 	Metrics(context.Context, *MetricsRequest) (*MetricsResponse, error)
 	Wait(context.Context, *WaitRequest) (*WaitResponse, error)
 }
 
+// UnimplementedTasksServer can be embedded to have forward compatible implementations.
+type UnimplementedTasksServer struct {
+}
+
+func (*UnimplementedTasksServer) Create(ctx context.Context, req *CreateTaskRequest) (*CreateTaskResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Create not implemented")
+}
+func (*UnimplementedTasksServer) Start(ctx context.Context, req *StartRequest) (*StartResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Start not implemented")
+}
+func (*UnimplementedTasksServer) Delete(ctx context.Context, req *DeleteTaskRequest) (*DeleteResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented")
+}
+func (*UnimplementedTasksServer) DeleteProcess(ctx context.Context, req *DeleteProcessRequest) (*DeleteResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteProcess not implemented")
+}
+func (*UnimplementedTasksServer) Get(ctx context.Context, req *GetRequest) (*GetResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Get not implemented")
+}
+func (*UnimplementedTasksServer) List(ctx context.Context, req *ListTasksRequest) (*ListTasksResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+func (*UnimplementedTasksServer) Kill(ctx context.Context, req *KillRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Kill not implemented")
+}
+func (*UnimplementedTasksServer) Exec(ctx context.Context, req *ExecProcessRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Exec not implemented")
+}
+func (*UnimplementedTasksServer) ResizePty(ctx context.Context, req *ResizePtyRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ResizePty not implemented")
+}
+func (*UnimplementedTasksServer) CloseIO(ctx context.Context, req *CloseIORequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CloseIO not implemented")
+}
+func (*UnimplementedTasksServer) Pause(ctx context.Context, req *PauseTaskRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Pause not implemented")
+}
+func (*UnimplementedTasksServer) Resume(ctx context.Context, req *ResumeTaskRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Resume not implemented")
+}
+func (*UnimplementedTasksServer) ListPids(ctx context.Context, req *ListPidsRequest) (*ListPidsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListPids not implemented")
+}
+func (*UnimplementedTasksServer) Checkpoint(ctx context.Context, req *CheckpointTaskRequest) (*CheckpointTaskResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Checkpoint not implemented")
+}
+func (*UnimplementedTasksServer) Update(ctx context.Context, req *UpdateTaskRequest) (*types1.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Update not implemented")
+}
+func (*UnimplementedTasksServer) Metrics(ctx context.Context, req *MetricsRequest) (*MetricsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Metrics not implemented")
+}
+func (*UnimplementedTasksServer) Wait(ctx context.Context, req *WaitRequest) (*WaitResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Wait not implemented")
+}
+
 func RegisterTasksServer(s *grpc.Server, srv TasksServer) {
 	s.RegisterService(&_Tasks_serviceDesc, srv)
 }
@@ -976,7 +1925,7 @@ var _Tasks_serviceDesc = grpc.ServiceDesc{
 func (m *CreateTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -984,83 +1933,102 @@ func (m *CreateTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Rootfs) > 0 {
-		for _, msg := range m.Rootfs {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintTasks(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Options != nil {
+		{
+			size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintTasks(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x4a
 	}
-	if len(m.Stdin) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stdin)))
-		i += copy(dAtA[i:], m.Stdin)
-	}
-	if len(m.Stdout) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stdout)))
-		i += copy(dAtA[i:], m.Stdout)
-	}
-	if len(m.Stderr) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stderr)))
-		i += copy(dAtA[i:], m.Stderr)
+	if m.Checkpoint != nil {
+		{
+			size, err := m.Checkpoint.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTasks(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x42
 	}
 	if m.Terminal {
-		dAtA[i] = 0x38
-		i++
+		i--
 		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x38
 	}
-	if m.Checkpoint != nil {
-		dAtA[i] = 0x42
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Checkpoint.Size()))
-		n1, err := m.Checkpoint.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
+	if len(m.Stderr) > 0 {
+		i -= len(m.Stderr)
+		copy(dAtA[i:], m.Stderr)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stderr)))
+		i--
+		dAtA[i] = 0x32
 	}
-	if m.Options != nil {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Options.Size()))
-		n2, err := m.Options.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n2
+	if len(m.Stdout) > 0 {
+		i -= len(m.Stdout)
+		copy(dAtA[i:], m.Stdout)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stdout)))
+		i--
+		dAtA[i] = 0x2a
 	}
-	return i, nil
-}
+	if len(m.Stdin) > 0 {
+		i -= len(m.Stdin)
+		copy(dAtA[i:], m.Stdin)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stdin)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.Rootfs) > 0 {
+		for iNdEx := len(m.Rootfs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Rootfs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTasks(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
 
 func (m *CreateTaskResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1068,28 +2036,38 @@ func (m *CreateTaskResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateTaskResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateTaskResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Pid != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintTasks(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x10
 	}
-	return i, nil
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *StartRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1097,29 +2075,40 @@ func (m *StartRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StartRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StartRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *StartResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1127,22 +2116,31 @@ func (m *StartResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StartResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StartResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Pid != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintTasks(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1150,23 +2148,33 @@ func (m *DeleteTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1174,41 +2182,51 @@ func (m *DeleteResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.Pid != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Pid))
+	n3, err3 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExitedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt):])
+	if err3 != nil {
+		return 0, err3
 	}
+	i -= n3
+	i = encodeVarintTasks(dAtA, i, uint64(n3))
+	i--
+	dAtA[i] = 0x22
 	if m.ExitStatus != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintTasks(dAtA, i, uint64(m.ExitStatus))
+		i--
+		dAtA[i] = 0x18
 	}
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintTasks(dAtA, i, uint64(types.SizeOfStdTime(m.ExitedAt)))
-	n3, err := types.StdTimeMarshalTo(m.ExitedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Pid != 0 {
+		i = encodeVarintTasks(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	i += n3
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteProcessRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1216,29 +2234,40 @@ func (m *DeleteProcessRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteProcessRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteProcessRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1246,29 +2275,40 @@ func (m *GetRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1276,27 +2316,38 @@ func (m *GetResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Process != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Process.Size()))
-		n4, err := m.Process.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Process.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTasks(dAtA, i, uint64(size))
 		}
-		i += n4
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListTasksRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1304,23 +2355,33 @@ func (m *ListTasksRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListTasksRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListTasksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filter) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Filter)
+		copy(dAtA[i:], m.Filter)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.Filter)))
-		i += copy(dAtA[i:], m.Filter)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListTasksResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1328,29 +2389,40 @@ func (m *ListTasksResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListTasksResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListTasksResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Tasks) > 0 {
-		for _, msg := range m.Tasks {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTasks(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Tasks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Tasks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTasks(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *KillRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1358,44 +2430,55 @@ func (m *KillRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *KillRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *KillRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
-	}
-	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
-	}
-	if m.Signal != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Signal))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.All {
-		dAtA[i] = 0x20
-		i++
+		i--
 		if m.All {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Signal != 0 {
+		i = encodeVarintTasks(dAtA, i, uint64(m.Signal))
+		i--
+		dAtA[i] = 0x18
 	}
-	return i, nil
+	if len(m.ExecID) > 0 {
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ExecProcessRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1403,67 +2486,83 @@ func (m *ExecProcessRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ExecProcessRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecProcessRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
-	}
-	if len(m.Stdin) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stdin)))
-		i += copy(dAtA[i:], m.Stdin)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Stdout) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stdout)))
-		i += copy(dAtA[i:], m.Stdout)
+	if len(m.ExecID) > 0 {
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
+		i--
+		dAtA[i] = 0x3a
 	}
-	if len(m.Stderr) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stderr)))
-		i += copy(dAtA[i:], m.Stderr)
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTasks(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x32
 	}
 	if m.Terminal {
-		dAtA[i] = 0x28
-		i++
+		i--
 		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x28
 	}
-	if m.Spec != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Spec.Size()))
-		n5, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n5
+	if len(m.Stderr) > 0 {
+		i -= len(m.Stderr)
+		copy(dAtA[i:], m.Stderr)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stderr)))
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+	if len(m.Stdout) > 0 {
+		i -= len(m.Stdout)
+		copy(dAtA[i:], m.Stdout)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stdout)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	if len(m.Stdin) > 0 {
+		i -= len(m.Stdin)
+		copy(dAtA[i:], m.Stdin)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.Stdin)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ExecProcessResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1471,17 +2570,26 @@ func (m *ExecProcessResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ExecProcessResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecProcessResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ResizePtyRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1489,39 +2597,50 @@ func (m *ResizePtyRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ResizePtyRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResizePtyRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+	if m.Height != 0 {
+		i = encodeVarintTasks(dAtA, i, uint64(m.Height))
+		i--
+		dAtA[i] = 0x20
 	}
 	if m.Width != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintTasks(dAtA, i, uint64(m.Width))
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.Height != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Height))
+	if len(m.ExecID) > 0 {
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CloseIORequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1529,39 +2648,50 @@ func (m *CloseIORequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CloseIORequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CloseIORequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
-	}
-	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Stdin {
-		dAtA[i] = 0x18
-		i++
+		i--
 		if m.Stdin {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.ExecID) > 0 {
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *PauseTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1569,23 +2699,33 @@ func (m *PauseTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PauseTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PauseTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ResumeTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1593,23 +2733,33 @@ func (m *ResumeTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ResumeTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResumeTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListPidsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1617,23 +2767,33 @@ func (m *ListPidsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListPidsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListPidsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListPidsResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1641,29 +2801,40 @@ func (m *ListPidsResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListPidsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListPidsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Processes) > 0 {
-		for _, msg := range m.Processes {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTasks(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Processes) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Processes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTasks(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CheckpointTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1671,39 +2842,52 @@ func (m *CheckpointTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CheckpointTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CheckpointTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Options != nil {
+		{
+			size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTasks(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.ParentCheckpoint) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ParentCheckpoint)
+		copy(dAtA[i:], m.ParentCheckpoint)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ParentCheckpoint)))
-		i += copy(dAtA[i:], m.ParentCheckpoint)
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Options != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Options.Size()))
-		n6, err := m.Options.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n6
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CheckpointTaskResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1711,29 +2895,40 @@ func (m *CheckpointTaskResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CheckpointTaskResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CheckpointTaskResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Descriptors) > 0 {
-		for _, msg := range m.Descriptors {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTasks(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Descriptors) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Descriptors[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTasks(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1741,33 +2936,64 @@ func (m *UpdateTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Annotations) > 0 {
+		for k := range m.Annotations {
+			v := m.Annotations[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintTasks(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintTasks(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintTasks(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
+		}
 	}
 	if m.Resources != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.Resources.Size()))
-		n7, err := m.Resources.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Resources.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTasks(dAtA, i, uint64(size))
 		}
-		i += n7
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *MetricsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1775,32 +3001,35 @@ func (m *MetricsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *MetricsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MetricsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintTasks(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *MetricsResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1808,29 +3037,40 @@ func (m *MetricsResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *MetricsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MetricsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Metrics) > 0 {
-		for _, msg := range m.Metrics {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTasks(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Metrics) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Metrics[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTasks(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WaitRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1838,29 +3078,40 @@ func (m *WaitRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WaitRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WaitRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
 		i = encodeVarintTasks(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTasks(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *WaitResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1868,36 +3119,50 @@ func (m *WaitResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WaitResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WaitResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.ExitStatus != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTasks(dAtA, i, uint64(m.ExitStatus))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	n8, err8 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExitedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt):])
+	if err8 != nil {
+		return 0, err8
 	}
+	i -= n8
+	i = encodeVarintTasks(dAtA, i, uint64(n8))
+	i--
 	dAtA[i] = 0x12
-	i++
-	i = encodeVarintTasks(dAtA, i, uint64(types.SizeOfStdTime(m.ExitedAt)))
-	n8, err := types.StdTimeMarshalTo(m.ExitedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.ExitStatus != 0 {
+		i = encodeVarintTasks(dAtA, i, uint64(m.ExitStatus))
+		i--
+		dAtA[i] = 0x8
 	}
-	i += n8
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintTasks(dAtA []byte, offset int, v uint64) int {
+	offset -= sovTasks(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *CreateTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -1933,10 +3198,16 @@ func (m *CreateTaskRequest) Size() (n int) {
 		l = m.Options.Size()
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateTaskResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -1946,10 +3217,16 @@ func (m *CreateTaskResponse) Size() (n int) {
 	if m.Pid != 0 {
 		n += 1 + sovTasks(uint64(m.Pid))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StartRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -1960,29 +3237,47 @@ func (m *StartRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StartResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Pid != 0 {
 		n += 1 + sovTasks(uint64(m.Pid))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1995,12 +3290,18 @@ func (m *DeleteResponse) Size() (n int) {
 	if m.ExitStatus != 0 {
 		n += 1 + sovTasks(uint64(m.ExitStatus))
 	}
-	l = types.SizeOfStdTime(m.ExitedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt)
 	n += 1 + l + sovTasks(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteProcessRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2011,10 +3312,16 @@ func (m *DeleteProcessRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GetRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2025,30 +3332,48 @@ func (m *GetRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GetResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Process != nil {
 		l = m.Process.Size()
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListTasksRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Filter)
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListTasksResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Tasks) > 0 {
@@ -2057,10 +3382,16 @@ func (m *ListTasksResponse) Size() (n int) {
 			n += 1 + l + sovTasks(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *KillRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2077,10 +3408,16 @@ func (m *KillRequest) Size() (n int) {
 	if m.All {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ExecProcessRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2110,16 +3447,28 @@ func (m *ExecProcessRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ExecProcessResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ResizePtyRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2136,10 +3485,16 @@ func (m *ResizePtyRequest) Size() (n int) {
 	if m.Height != 0 {
 		n += 1 + sovTasks(uint64(m.Height))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CloseIORequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2153,40 +3508,64 @@ func (m *CloseIORequest) Size() (n int) {
 	if m.Stdin {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *PauseTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ResumeTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListPidsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListPidsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Processes) > 0 {
@@ -2195,10 +3574,16 @@ func (m *ListPidsResponse) Size() (n int) {
 			n += 1 + l + sovTasks(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CheckpointTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2213,10 +3598,16 @@ func (m *CheckpointTaskRequest) Size() (n int) {
 		l = m.Options.Size()
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CheckpointTaskResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Descriptors) > 0 {
@@ -2225,10 +3616,16 @@ func (m *CheckpointTaskResponse) Size() (n int) {
 			n += 1 + l + sovTasks(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2239,10 +3636,24 @@ func (m *UpdateTaskRequest) Size() (n int) {
 		l = m.Resources.Size()
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if len(m.Annotations) > 0 {
+		for k, v := range m.Annotations {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovTasks(uint64(len(k))) + 1 + len(v) + sovTasks(uint64(len(v)))
+			n += mapEntrySize + 1 + sovTasks(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *MetricsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filters) > 0 {
@@ -2251,10 +3662,16 @@ func (m *MetricsRequest) Size() (n int) {
 			n += 1 + l + sovTasks(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *MetricsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Metrics) > 0 {
@@ -2263,10 +3680,16 @@ func (m *MetricsResponse) Size() (n int) {
 			n += 1 + l + sovTasks(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *WaitRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2277,29 +3700,31 @@ func (m *WaitRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovTasks(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *WaitResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.ExitStatus != 0 {
 		n += 1 + sovTasks(uint64(m.ExitStatus))
 	}
-	l = types.SizeOfStdTime(m.ExitedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt)
 	n += 1 + l + sovTasks(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovTasks(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozTasks(x uint64) (n int) {
 	return sovTasks(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -2308,15 +3733,21 @@ func (this *CreateTaskRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForRootfs := "[]*Mount{"
+	for _, f := range this.Rootfs {
+		repeatedStringForRootfs += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForRootfs += "}"
 	s := strings.Join([]string{`&CreateTaskRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
-		`Rootfs:` + strings.Replace(fmt.Sprintf("%v", this.Rootfs), "Mount", "containerd_types.Mount", 1) + `,`,
+		`Rootfs:` + repeatedStringForRootfs + `,`,
 		`Stdin:` + fmt.Sprintf("%v", this.Stdin) + `,`,
 		`Stdout:` + fmt.Sprintf("%v", this.Stdout) + `,`,
 		`Stderr:` + fmt.Sprintf("%v", this.Stderr) + `,`,
 		`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
-		`Checkpoint:` + strings.Replace(fmt.Sprintf("%v", this.Checkpoint), "Descriptor", "containerd_types2.Descriptor", 1) + `,`,
-		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Checkpoint:` + strings.Replace(fmt.Sprintf("%v", this.Checkpoint), "Descriptor", "types.Descriptor", 1) + `,`,
+		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "types1.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2328,6 +3759,7 @@ func (this *CreateTaskResponse) String() string {
 	s := strings.Join([]string{`&CreateTaskResponse{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2339,6 +3771,7 @@ func (this *StartRequest) String() string {
 	s := strings.Join([]string{`&StartRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2349,6 +3782,7 @@ func (this *StartResponse) String() string {
 	}
 	s := strings.Join([]string{`&StartResponse{`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2359,6 +3793,7 @@ func (this *DeleteTaskRequest) String() string {
 	}
 	s := strings.Join([]string{`&DeleteTaskRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2371,7 +3806,8 @@ func (this *DeleteResponse) String() string {
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
 		`ExitStatus:` + fmt.Sprintf("%v", this.ExitStatus) + `,`,
-		`ExitedAt:` + strings.Replace(strings.Replace(this.ExitedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ExitedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExitedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2383,6 +3819,7 @@ func (this *DeleteProcessRequest) String() string {
 	s := strings.Join([]string{`&DeleteProcessRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2394,6 +3831,7 @@ func (this *GetRequest) String() string {
 	s := strings.Join([]string{`&GetRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2403,7 +3841,8 @@ func (this *GetResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&GetResponse{`,
-		`Process:` + strings.Replace(fmt.Sprintf("%v", this.Process), "Process", "containerd_v1_types.Process", 1) + `,`,
+		`Process:` + strings.Replace(fmt.Sprintf("%v", this.Process), "Process", "task.Process", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2414,6 +3853,7 @@ func (this *ListTasksRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListTasksRequest{`,
 		`Filter:` + fmt.Sprintf("%v", this.Filter) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2422,8 +3862,14 @@ func (this *ListTasksResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForTasks := "[]*Process{"
+	for _, f := range this.Tasks {
+		repeatedStringForTasks += strings.Replace(fmt.Sprintf("%v", f), "Process", "task.Process", 1) + ","
+	}
+	repeatedStringForTasks += "}"
 	s := strings.Join([]string{`&ListTasksResponse{`,
-		`Tasks:` + strings.Replace(fmt.Sprintf("%v", this.Tasks), "Process", "containerd_v1_types.Process", 1) + `,`,
+		`Tasks:` + repeatedStringForTasks + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2437,6 +3883,7 @@ func (this *KillRequest) String() string {
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
 		`Signal:` + fmt.Sprintf("%v", this.Signal) + `,`,
 		`All:` + fmt.Sprintf("%v", this.All) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2451,8 +3898,9 @@ func (this *ExecProcessRequest) String() string {
 		`Stdout:` + fmt.Sprintf("%v", this.Stdout) + `,`,
 		`Stderr:` + fmt.Sprintf("%v", this.Stderr) + `,`,
 		`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "Any", "types1.Any", 1) + `,`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2462,6 +3910,7 @@ func (this *ExecProcessResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&ExecProcessResponse{`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2475,6 +3924,7 @@ func (this *ResizePtyRequest) String() string {
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
 		`Width:` + fmt.Sprintf("%v", this.Width) + `,`,
 		`Height:` + fmt.Sprintf("%v", this.Height) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2487,6 +3937,7 @@ func (this *CloseIORequest) String() string {
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
 		`Stdin:` + fmt.Sprintf("%v", this.Stdin) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2497,6 +3948,7 @@ func (this *PauseTaskRequest) String() string {
 	}
 	s := strings.Join([]string{`&PauseTaskRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2507,6 +3959,7 @@ func (this *ResumeTaskRequest) String() string {
 	}
 	s := strings.Join([]string{`&ResumeTaskRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2517,6 +3970,7 @@ func (this *ListPidsRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListPidsRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2525,8 +3979,14 @@ func (this *ListPidsResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForProcesses := "[]*ProcessInfo{"
+	for _, f := range this.Processes {
+		repeatedStringForProcesses += strings.Replace(fmt.Sprintf("%v", f), "ProcessInfo", "task.ProcessInfo", 1) + ","
+	}
+	repeatedStringForProcesses += "}"
 	s := strings.Join([]string{`&ListPidsResponse{`,
-		`Processes:` + strings.Replace(fmt.Sprintf("%v", this.Processes), "ProcessInfo", "containerd_v1_types.ProcessInfo", 1) + `,`,
+		`Processes:` + repeatedStringForProcesses + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2538,7 +3998,8 @@ func (this *CheckpointTaskRequest) String() string {
 	s := strings.Join([]string{`&CheckpointTaskRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`ParentCheckpoint:` + fmt.Sprintf("%v", this.ParentCheckpoint) + `,`,
-		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "types1.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2547,8 +4008,14 @@ func (this *CheckpointTaskResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForDescriptors := "[]*Descriptor{"
+	for _, f := range this.Descriptors {
+		repeatedStringForDescriptors += strings.Replace(fmt.Sprintf("%v", f), "Descriptor", "types.Descriptor", 1) + ","
+	}
+	repeatedStringForDescriptors += "}"
 	s := strings.Join([]string{`&CheckpointTaskResponse{`,
-		`Descriptors:` + strings.Replace(fmt.Sprintf("%v", this.Descriptors), "Descriptor", "containerd_types2.Descriptor", 1) + `,`,
+		`Descriptors:` + repeatedStringForDescriptors + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2557,9 +4024,21 @@ func (this *UpdateTaskRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	keysForAnnotations := make([]string, 0, len(this.Annotations))
+	for k, _ := range this.Annotations {
+		keysForAnnotations = append(keysForAnnotations, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations)
+	mapStringForAnnotations := "map[string]string{"
+	for _, k := range keysForAnnotations {
+		mapStringForAnnotations += fmt.Sprintf("%v: %v,", k, this.Annotations[k])
+	}
+	mapStringForAnnotations += "}"
 	s := strings.Join([]string{`&UpdateTaskRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
-		`Resources:` + strings.Replace(fmt.Sprintf("%v", this.Resources), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Resources:` + strings.Replace(fmt.Sprintf("%v", this.Resources), "Any", "types1.Any", 1) + `,`,
+		`Annotations:` + mapStringForAnnotations + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2570,6 +4049,7 @@ func (this *MetricsRequest) String() string {
 	}
 	s := strings.Join([]string{`&MetricsRequest{`,
 		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2578,8 +4058,14 @@ func (this *MetricsResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMetrics := "[]*Metric{"
+	for _, f := range this.Metrics {
+		repeatedStringForMetrics += strings.Replace(fmt.Sprintf("%v", f), "Metric", "types.Metric", 1) + ","
+	}
+	repeatedStringForMetrics += "}"
 	s := strings.Join([]string{`&MetricsResponse{`,
-		`Metrics:` + strings.Replace(fmt.Sprintf("%v", this.Metrics), "Metric", "containerd_types1.Metric", 1) + `,`,
+		`Metrics:` + repeatedStringForMetrics + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2591,6 +4077,7 @@ func (this *WaitRequest) String() string {
 	s := strings.Join([]string{`&WaitRequest{`,
 		`ContainerID:` + fmt.Sprintf("%v", this.ContainerID) + `,`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2601,7 +4088,8 @@ func (this *WaitResponse) String() string {
 	}
 	s := strings.Join([]string{`&WaitResponse{`,
 		`ExitStatus:` + fmt.Sprintf("%v", this.ExitStatus) + `,`,
-		`ExitedAt:` + strings.Replace(strings.Replace(this.ExitedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ExitedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExitedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2629,7 +4117,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2657,7 +4145,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2667,6 +4155,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2686,7 +4177,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2695,10 +4186,13 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Rootfs = append(m.Rootfs, &containerd_types.Mount{})
+			m.Rootfs = append(m.Rootfs, &types.Mount{})
 			if err := m.Rootfs[len(m.Rootfs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -2717,7 +4211,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2727,6 +4221,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2746,7 +4243,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2756,6 +4253,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2775,7 +4275,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2785,6 +4285,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2804,7 +4307,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2824,7 +4327,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2833,11 +4336,14 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Checkpoint == nil {
-				m.Checkpoint = &containerd_types2.Descriptor{}
+				m.Checkpoint = &types.Descriptor{}
 			}
 			if err := m.Checkpoint.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2857,7 +4363,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2866,11 +4372,14 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Options == nil {
-				m.Options = &google_protobuf1.Any{}
+				m.Options = &types1.Any{}
 			}
 			if err := m.Options.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2882,12 +4391,13 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2912,7 +4422,7 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2940,7 +4450,7 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2950,6 +4460,9 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2969,7 +4482,7 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2980,12 +4493,13 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3010,7 +4524,7 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3038,7 +4552,7 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3048,6 +4562,9 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3067,7 +4584,7 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3077,6 +4594,9 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3088,12 +4608,13 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3118,7 +4639,7 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3146,7 +4667,7 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3157,12 +4678,13 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3187,7 +4709,7 @@ func (m *DeleteTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3215,7 +4737,7 @@ func (m *DeleteTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3225,6 +4747,9 @@ func (m *DeleteTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3236,12 +4761,13 @@ func (m *DeleteTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3266,7 +4792,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3294,7 +4820,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3304,6 +4830,9 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3323,7 +4852,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3342,7 +4871,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitStatus |= (uint32(b) & 0x7F) << shift
+				m.ExitStatus |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3361,7 +4890,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3370,10 +4899,13 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -3383,12 +4915,13 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3413,7 +4946,7 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3441,7 +4974,7 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3451,6 +4984,9 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3470,7 +5006,7 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3480,6 +5016,9 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3491,12 +5030,13 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3521,7 +5061,7 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3549,7 +5089,7 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3559,6 +5099,9 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3578,7 +5121,7 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3588,6 +5131,9 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3599,12 +5145,13 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3629,7 +5176,7 @@ func (m *GetResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3657,7 +5204,7 @@ func (m *GetResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3666,11 +5213,14 @@ func (m *GetResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Process == nil {
-				m.Process = &containerd_v1_types.Process{}
+				m.Process = &task.Process{}
 			}
 			if err := m.Process.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -3682,12 +5232,13 @@ func (m *GetResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3712,7 +5263,7 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3740,7 +5291,7 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3750,6 +5301,9 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3761,12 +5315,13 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3791,7 +5346,7 @@ func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3819,7 +5374,7 @@ func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3828,10 +5383,13 @@ func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Tasks = append(m.Tasks, &containerd_v1_types.Process{})
+			m.Tasks = append(m.Tasks, &task.Process{})
 			if err := m.Tasks[len(m.Tasks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -3842,12 +5400,13 @@ func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3872,7 +5431,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3900,7 +5459,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3910,6 +5469,9 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3929,7 +5491,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3939,6 +5501,9 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3958,7 +5523,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Signal |= (uint32(b) & 0x7F) << shift
+				m.Signal |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3977,7 +5542,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3989,12 +5554,13 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4019,7 +5585,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4047,7 +5613,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4057,6 +5623,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4076,7 +5645,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4086,6 +5655,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4105,7 +5677,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4115,6 +5687,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4134,7 +5709,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4144,6 +5719,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4163,7 +5741,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4183,7 +5761,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4192,11 +5770,14 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Spec == nil {
-				m.Spec = &google_protobuf1.Any{}
+				m.Spec = &types1.Any{}
 			}
 			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -4216,7 +5797,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4226,6 +5807,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4237,12 +5821,13 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4267,7 +5852,7 @@ func (m *ExecProcessResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4287,12 +5872,13 @@ func (m *ExecProcessResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4317,7 +5903,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4345,7 +5931,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4355,6 +5941,9 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4374,7 +5963,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4384,6 +5973,9 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4403,7 +5995,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Width |= (uint32(b) & 0x7F) << shift
+				m.Width |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4422,7 +6014,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Height |= (uint32(b) & 0x7F) << shift
+				m.Height |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4433,12 +6025,13 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4463,7 +6056,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4491,7 +6084,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4501,6 +6094,9 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4520,7 +6116,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4530,6 +6126,9 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4549,7 +6148,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4561,12 +6160,13 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4591,7 +6191,7 @@ func (m *PauseTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4619,7 +6219,7 @@ func (m *PauseTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4629,6 +6229,9 @@ func (m *PauseTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4640,12 +6243,13 @@ func (m *PauseTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4670,7 +6274,7 @@ func (m *ResumeTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4698,7 +6302,7 @@ func (m *ResumeTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4708,6 +6312,9 @@ func (m *ResumeTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4719,12 +6326,13 @@ func (m *ResumeTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4749,7 +6357,7 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4777,7 +6385,7 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4787,6 +6395,9 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4798,12 +6409,13 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4828,7 +6440,7 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4856,7 +6468,7 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4865,10 +6477,13 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Processes = append(m.Processes, &containerd_v1_types.ProcessInfo{})
+			m.Processes = append(m.Processes, &task.ProcessInfo{})
 			if err := m.Processes[len(m.Processes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -4879,12 +6494,13 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4909,7 +6525,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4937,7 +6553,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4947,6 +6563,9 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4966,7 +6585,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4976,6 +6595,9 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4995,7 +6617,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5004,11 +6626,14 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Options == nil {
-				m.Options = &google_protobuf1.Any{}
+				m.Options = &types1.Any{}
 			}
 			if err := m.Options.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -5020,12 +6645,13 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -5050,7 +6676,7 @@ func (m *CheckpointTaskResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5078,7 +6704,7 @@ func (m *CheckpointTaskResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5087,10 +6713,13 @@ func (m *CheckpointTaskResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Descriptors = append(m.Descriptors, &containerd_types2.Descriptor{})
+			m.Descriptors = append(m.Descriptors, &types.Descriptor{})
 			if err := m.Descriptors[len(m.Descriptors)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -5101,12 +6730,13 @@ func (m *CheckpointTaskResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -5131,7 +6761,7 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5159,7 +6789,7 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5169,6 +6799,9 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5188,7 +6821,7 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5197,28 +6830,159 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Resources == nil {
-				m.Resources = &google_protobuf1.Any{}
+				m.Resources = &types1.Any{}
 			}
 			if err := m.Resources.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTasks
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthTasks
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Annotations == nil {
+				m.Annotations = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowTasks
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowTasks
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthTasks
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthTasks
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowTasks
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthTasks
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthTasks
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipTasks(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthTasks
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Annotations[mapkey] = mapvalue
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTasks(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -5243,7 +7007,7 @@ func (m *MetricsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5271,7 +7035,7 @@ func (m *MetricsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5281,6 +7045,9 @@ func (m *MetricsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5292,12 +7059,13 @@ func (m *MetricsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -5322,7 +7090,7 @@ func (m *MetricsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5350,7 +7118,7 @@ func (m *MetricsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5359,10 +7127,13 @@ func (m *MetricsResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Metrics = append(m.Metrics, &containerd_types1.Metric{})
+			m.Metrics = append(m.Metrics, &types.Metric{})
 			if err := m.Metrics[len(m.Metrics)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -5373,12 +7144,13 @@ func (m *MetricsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -5403,7 +7175,7 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5431,7 +7203,7 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5441,6 +7213,9 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5460,7 +7235,7 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5470,6 +7245,9 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5481,12 +7259,13 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -5511,7 +7290,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5539,7 +7318,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitStatus |= (uint32(b) & 0x7F) << shift
+				m.ExitStatus |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5558,7 +7337,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5567,10 +7346,13 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTasks
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTasks
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -5580,12 +7362,13 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTasks
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -5598,6 +7381,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 func skipTasks(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -5629,10 +7413,8 @@ func skipTasks(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -5649,144 +7431,34 @@ func skipTasks(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthTasks
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowTasks
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipTasks(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupTasks
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthTasks
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthTasks = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowTasks   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthTasks        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowTasks          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupTasks = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/tasks/v1/tasks.proto", fileDescriptorTasks)
-}
-
-var fileDescriptorTasks = []byte{
-	// 1318 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0x4b, 0x6f, 0x1b, 0x45,
-	0x1c, 0xef, 0xfa, 0xed, 0xbf, 0x93, 0x36, 0x59, 0xd2, 0x60, 0x96, 0x2a, 0x0e, 0xcb, 0xc5, 0x04,
-	0xba, 0x4b, 0x5d, 0x54, 0x21, 0x5a, 0x21, 0x35, 0x0f, 0x22, 0x0b, 0xaa, 0xa6, 0xdb, 0x02, 0x55,
-	0x25, 0x14, 0xb6, 0xbb, 0x13, 0x67, 0x14, 0x7b, 0x67, 0xbb, 0x33, 0x4e, 0x1b, 0x38, 0xc0, 0x47,
-	0xe8, 0x95, 0x0b, 0x9f, 0x27, 0x47, 0x8e, 0x08, 0x55, 0x81, 0xfa, 0x5b, 0x70, 0x43, 0xf3, 0xd8,
-	0xcd, 0xc6, 0x8e, 0xbd, 0x4e, 0xd3, 0x70, 0x69, 0x67, 0x66, 0xff, 0xaf, 0xf9, 0xcd, 0xff, 0xf1,
-	0x73, 0x60, 0xb5, 0x83, 0xd9, 0x6e, 0xff, 0xa9, 0xe5, 0x91, 0x9e, 0xed, 0x91, 0x80, 0xb9, 0x38,
-	0x40, 0x91, 0x9f, 0x5e, 0xba, 0x21, 0xb6, 0x29, 0x8a, 0xf6, 0xb1, 0x87, 0xa8, 0xcd, 0x5c, 0xba,
-	0x47, 0xed, 0xfd, 0x1b, 0x72, 0x61, 0x85, 0x11, 0x61, 0x44, 0xbf, 0x76, 0x2c, 0x6d, 0xc5, 0x92,
-	0x96, 0x14, 0xd8, 0xbf, 0x61, 0xbc, 0xdf, 0x21, 0xa4, 0xd3, 0x45, 0xb6, 0x90, 0x7d, 0xda, 0xdf,
-	0xb1, 0x51, 0x2f, 0x64, 0x07, 0x52, 0xd5, 0x78, 0x6f, 0xf8, 0xa3, 0x1b, 0xc4, 0x9f, 0x16, 0x3a,
-	0xa4, 0x43, 0xc4, 0xd2, 0xe6, 0x2b, 0x75, 0x7a, 0x6b, 0xaa, 0x78, 0xd9, 0x41, 0x88, 0xa8, 0xdd,
-	0x23, 0xfd, 0x80, 0x29, 0xbd, 0xcf, 0xcf, 0xa2, 0x87, 0x58, 0x84, 0x3d, 0x75, 0x3b, 0xe3, 0xf6,
-	0x19, 0x34, 0x7d, 0x44, 0xbd, 0x08, 0x87, 0x8c, 0x44, 0x4a, 0xf9, 0x8b, 0x33, 0x28, 0x73, 0xc4,
-	0xc4, 0x3f, 0x4a, 0xb7, 0x31, 0x8c, 0x0d, 0xc3, 0x3d, 0x44, 0x99, 0xdb, 0x0b, 0xa5, 0x80, 0x79,
-	0x98, 0x83, 0xf9, 0xb5, 0x08, 0xb9, 0x0c, 0x3d, 0x72, 0xe9, 0x9e, 0x83, 0x9e, 0xf5, 0x11, 0x65,
-	0x7a, 0x0b, 0x66, 0x12, 0xf3, 0xdb, 0xd8, 0xaf, 0x6b, 0xcb, 0x5a, 0xb3, 0xba, 0x7a, 0x65, 0x70,
-	0xd4, 0xa8, 0xad, 0xc5, 0xe7, 0xed, 0x75, 0xa7, 0x96, 0x08, 0xb5, 0x7d, 0xdd, 0x86, 0x52, 0x44,
-	0x08, 0xdb, 0xa1, 0xf5, 0xfc, 0x72, 0xbe, 0x59, 0x6b, 0xbd, 0x6b, 0xa5, 0x9e, 0x54, 0x44, 0x67,
-	0xdd, 0xe3, 0x60, 0x3a, 0x4a, 0x4c, 0x5f, 0x80, 0x22, 0x65, 0x3e, 0x0e, 0xea, 0x05, 0x6e, 0xdd,
-	0x91, 0x1b, 0x7d, 0x11, 0x4a, 0x94, 0xf9, 0xa4, 0xcf, 0xea, 0x45, 0x71, 0xac, 0x76, 0xea, 0x1c,
-	0x45, 0x51, 0xbd, 0x94, 0x9c, 0xa3, 0x28, 0xd2, 0x0d, 0xa8, 0x30, 0x14, 0xf5, 0x70, 0xe0, 0x76,
-	0xeb, 0xe5, 0x65, 0xad, 0x59, 0x71, 0x92, 0xbd, 0x7e, 0x07, 0xc0, 0xdb, 0x45, 0xde, 0x5e, 0x48,
-	0x70, 0xc0, 0xea, 0x95, 0x65, 0xad, 0x59, 0x6b, 0x5d, 0x1b, 0x0d, 0x6b, 0x3d, 0x41, 0xdc, 0x49,
-	0xc9, 0xeb, 0x16, 0x94, 0x49, 0xc8, 0x30, 0x09, 0x68, 0xbd, 0x2a, 0x54, 0x17, 0x2c, 0x89, 0xa6,
-	0x15, 0xa3, 0x69, 0xdd, 0x0d, 0x0e, 0x9c, 0x58, 0xc8, 0x7c, 0x02, 0x7a, 0x1a, 0x49, 0x1a, 0x92,
-	0x80, 0xa2, 0x37, 0x82, 0x72, 0x0e, 0xf2, 0x21, 0xf6, 0xeb, 0xb9, 0x65, 0xad, 0x39, 0xeb, 0xf0,
-	0xa5, 0xd9, 0x81, 0x99, 0x87, 0xcc, 0x8d, 0xd8, 0x79, 0x1e, 0xe8, 0x43, 0x28, 0xa3, 0x17, 0xc8,
-	0xdb, 0x56, 0x96, 0xab, 0xab, 0x30, 0x38, 0x6a, 0x94, 0x36, 0x5e, 0x20, 0xaf, 0xbd, 0xee, 0x94,
-	0xf8, 0xa7, 0xb6, 0x6f, 0x7e, 0x00, 0xb3, 0xca, 0x91, 0x8a, 0x5f, 0xc5, 0xa2, 0x1d, 0xc7, 0xb2,
-	0x09, 0xf3, 0xeb, 0xa8, 0x8b, 0xce, 0x9d, 0x31, 0xe6, 0xef, 0x1a, 0x5c, 0x96, 0x96, 0x12, 0x6f,
-	0x8b, 0x90, 0x4b, 0x94, 0x4b, 0x83, 0xa3, 0x46, 0xae, 0xbd, 0xee, 0xe4, 0xf0, 0x29, 0x88, 0xe8,
-	0x0d, 0xa8, 0xa1, 0x17, 0x98, 0x6d, 0x53, 0xe6, 0xb2, 0x3e, 0xcf, 0x39, 0xfe, 0x05, 0xf8, 0xd1,
-	0x43, 0x71, 0xa2, 0xdf, 0x85, 0x2a, 0xdf, 0x21, 0x7f, 0xdb, 0x65, 0x22, 0xc5, 0x6a, 0x2d, 0x63,
-	0xe4, 0x01, 0x1f, 0xc5, 0xe5, 0xb0, 0x5a, 0x39, 0x3c, 0x6a, 0x5c, 0x7a, 0xf9, 0x77, 0x43, 0x73,
-	0x2a, 0x52, 0xed, 0x2e, 0x33, 0x09, 0x2c, 0xc8, 0xf8, 0xb6, 0x22, 0xe2, 0x21, 0x4a, 0x2f, 0x1c,
-	0x7d, 0x04, 0xb0, 0x89, 0x2e, 0xfe, 0x91, 0x37, 0xa0, 0x26, 0xdc, 0x28, 0xd0, 0x6f, 0x41, 0x39,
-	0x94, 0x17, 0x14, 0x2e, 0x86, 0x6a, 0x64, 0xff, 0x86, 0x2a, 0x93, 0x18, 0x84, 0x58, 0xd8, 0x5c,
-	0x81, 0xb9, 0x6f, 0x30, 0x65, 0x3c, 0x0d, 0x12, 0x68, 0x16, 0xa1, 0xb4, 0x83, 0xbb, 0x0c, 0x45,
-	0x32, 0x5a, 0x47, 0xed, 0x78, 0xd2, 0xa4, 0x64, 0x93, 0xda, 0x28, 0x8a, 0x16, 0x5f, 0xd7, 0x44,
-	0xc7, 0x98, 0xec, 0x56, 0x8a, 0x9a, 0x2f, 0x35, 0xa8, 0x7d, 0x8d, 0xbb, 0xdd, 0x8b, 0x06, 0x49,
-	0x34, 0x1c, 0xdc, 0xe1, 0x6d, 0x45, 0xe6, 0x96, 0xda, 0xf1, 0x54, 0x74, 0xbb, 0x5d, 0x91, 0x51,
-	0x15, 0x87, 0x2f, 0xcd, 0x7f, 0x35, 0xd0, 0xb9, 0xf2, 0x5b, 0xc8, 0x92, 0xa4, 0x27, 0xe6, 0x4e,
-	0xef, 0x89, 0xf9, 0x31, 0x3d, 0xb1, 0x30, 0xb6, 0x27, 0x16, 0x87, 0x7a, 0x62, 0x13, 0x0a, 0x34,
-	0x44, 0x9e, 0xe8, 0xa2, 0xe3, 0x5a, 0x9a, 0x90, 0x48, 0xa3, 0x54, 0x1e, 0x9b, 0x4a, 0x57, 0xe1,
-	0x9d, 0x13, 0x57, 0x97, 0x2f, 0x6b, 0xfe, 0xa6, 0xc1, 0x9c, 0x83, 0x28, 0xfe, 0x09, 0x6d, 0xb1,
-	0x83, 0x0b, 0x7f, 0xaa, 0x05, 0x28, 0x3e, 0xc7, 0x3e, 0xdb, 0x55, 0x2f, 0x25, 0x37, 0x1c, 0x9d,
-	0x5d, 0x84, 0x3b, 0xbb, 0xb2, 0xfa, 0x67, 0x1d, 0xb5, 0x33, 0x7f, 0x81, 0xcb, 0x6b, 0x5d, 0x42,
-	0x51, 0xfb, 0xfe, 0xff, 0x11, 0x98, 0x7c, 0xce, 0xbc, 0x78, 0x05, 0xb9, 0x31, 0xbf, 0x82, 0xb9,
-	0x2d, 0xb7, 0x4f, 0xcf, 0xdd, 0x3f, 0x37, 0x61, 0xde, 0x41, 0xb4, 0xdf, 0x3b, 0xb7, 0xa1, 0x0d,
-	0xb8, 0xc2, 0x8b, 0x73, 0x0b, 0xfb, 0xe7, 0x49, 0x5e, 0xd3, 0x91, 0xfd, 0x40, 0x9a, 0x51, 0x25,
-	0xfe, 0x25, 0x54, 0x55, 0xbb, 0x40, 0x71, 0x99, 0x2f, 0x4f, 0x2a, 0xf3, 0x76, 0xb0, 0x43, 0x9c,
-	0x63, 0x15, 0xf3, 0x95, 0x06, 0x57, 0xd7, 0x92, 0x99, 0x7c, 0x5e, 0x8e, 0xb2, 0x0d, 0xf3, 0xa1,
-	0x1b, 0xa1, 0x80, 0x6d, 0xa7, 0x78, 0x81, 0x7c, 0xbe, 0x16, 0xef, 0xff, 0x7f, 0x1d, 0x35, 0x56,
-	0x52, 0x6c, 0x8b, 0x84, 0x28, 0x48, 0xd4, 0xa9, 0xdd, 0x21, 0xd7, 0x7d, 0xdc, 0x41, 0x94, 0x59,
-	0xeb, 0xe2, 0x3f, 0x67, 0x4e, 0x1a, 0x5b, 0x3b, 0x95, 0x33, 0xe4, 0xa7, 0xe1, 0x0c, 0x8f, 0x61,
-	0x71, 0xf8, 0x76, 0x09, 0x70, 0xb5, 0x63, 0x26, 0x78, 0x6a, 0x87, 0x1c, 0x21, 0x2f, 0x69, 0x05,
-	0xf3, 0x67, 0x98, 0xff, 0x36, 0xf4, 0xdf, 0x02, 0xaf, 0x6b, 0x41, 0x35, 0x42, 0x94, 0xf4, 0x23,
-	0x0f, 0x51, 0x81, 0xd5, 0xb8, 0x4b, 0x1d, 0x8b, 0x99, 0x2b, 0x70, 0xf9, 0x9e, 0x24, 0xc0, 0xb1,
-	0xe7, 0x3a, 0x94, 0xe5, 0x24, 0x90, 0x57, 0xa9, 0x3a, 0xf1, 0x96, 0x27, 0x5f, 0x22, 0x9b, 0xcc,
-	0x85, 0xb2, 0xe2, 0xcf, 0xea, 0xde, 0xf5, 0x53, 0xb8, 0xa4, 0x10, 0x70, 0x62, 0x41, 0x73, 0x07,
-	0x6a, 0xdf, 0xbb, 0xf8, 0xe2, 0x67, 0x67, 0x04, 0x33, 0xd2, 0x8f, 0x8a, 0x75, 0x88, 0x87, 0x68,
-	0x93, 0x79, 0x48, 0xee, 0x4d, 0x78, 0x48, 0xeb, 0xd5, 0x0c, 0x14, 0xc5, 0xe4, 0xd4, 0xf7, 0xa0,
-	0x24, 0x39, 0xa6, 0x6e, 0x5b, 0x93, 0x7e, 0x31, 0x59, 0x23, 0x9c, 0xde, 0xf8, 0x74, 0x7a, 0x05,
-	0x75, 0xb5, 0x1f, 0xa1, 0x28, 0xb8, 0xa0, 0xbe, 0x32, 0x59, 0x35, 0xcd, 0x4c, 0x8d, 0x8f, 0xa7,
-	0x92, 0x55, 0x1e, 0x3a, 0x50, 0x92, 0x04, 0x2b, 0xeb, 0x3a, 0x23, 0x84, 0xd3, 0xf8, 0x64, 0x1a,
-	0x85, 0xc4, 0xd1, 0x33, 0x98, 0x3d, 0xc1, 0xe4, 0xf4, 0xd6, 0x34, 0xea, 0x27, 0x07, 0xfa, 0x19,
-	0x5d, 0x3e, 0x81, 0xfc, 0x26, 0x62, 0x7a, 0x73, 0xb2, 0xd2, 0x31, 0xdd, 0x33, 0x3e, 0x9a, 0x42,
-	0x32, 0xc1, 0xad, 0xc0, 0x3b, 0xad, 0x6e, 0x4d, 0x56, 0x19, 0x66, 0x67, 0x86, 0x3d, 0xb5, 0xbc,
-	0x72, 0xd4, 0x86, 0x02, 0x27, 0x5b, 0x7a, 0x46, 0x6c, 0x29, 0x42, 0x66, 0x2c, 0x8e, 0x24, 0xf7,
-	0x06, 0xff, 0xb1, 0xae, 0x6f, 0x41, 0x81, 0x97, 0x92, 0x9e, 0x91, 0x87, 0xa3, 0x44, 0x6a, 0xac,
-	0xc5, 0x87, 0x50, 0x4d, 0x38, 0x46, 0x16, 0x14, 0xc3, 0x64, 0x64, 0xac, 0xd1, 0xfb, 0x50, 0x56,
-	0xec, 0x40, 0xcf, 0x78, 0xef, 0x93, 0x24, 0x62, 0x82, 0xc1, 0xa2, 0x98, 0xf6, 0x59, 0x11, 0x0e,
-	0x53, 0x82, 0xb1, 0x06, 0x1f, 0x40, 0x49, 0x8e, 0xfd, 0xac, 0xa2, 0x19, 0x21, 0x07, 0x63, 0x4d,
-	0x62, 0xa8, 0xc4, 0x93, 0x5b, 0xbf, 0x9e, 0x9d, 0x23, 0x29, 0xa2, 0x60, 0x58, 0xd3, 0x8a, 0xab,
-	0x8c, 0x7a, 0x0e, 0x90, 0x9a, 0x97, 0x37, 0x33, 0x20, 0x3e, 0x6d, 0xf2, 0x1b, 0x9f, 0x9d, 0x4d,
-	0x49, 0x39, 0x7e, 0x00, 0x25, 0x39, 0x10, 0xb3, 0x60, 0x1b, 0x19, 0x9b, 0x63, 0x61, 0xdb, 0x81,
-	0xb2, 0x1a, 0x5d, 0x59, 0xb9, 0x72, 0x72, 0x1a, 0x1a, 0xd7, 0xa7, 0x94, 0x56, 0xa1, 0xff, 0x00,
-	0x05, 0x3e, 0x73, 0xb2, 0xaa, 0x30, 0x35, 0xff, 0x8c, 0x95, 0x69, 0x44, 0xa5, 0xf9, 0xd5, 0xef,
-	0x0e, 0x5f, 0x2f, 0x5d, 0xfa, 0xf3, 0xf5, 0xd2, 0xa5, 0x5f, 0x07, 0x4b, 0xda, 0xe1, 0x60, 0x49,
-	0xfb, 0x63, 0xb0, 0xa4, 0xfd, 0x33, 0x58, 0xd2, 0x9e, 0xdc, 0x79, 0xb3, 0xbf, 0xec, 0xdd, 0x16,
-	0x8b, 0xc7, 0xb9, 0xa7, 0x25, 0x01, 0xd8, 0xcd, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0x85, 0xa2,
-	0x4f, 0xd1, 0x22, 0x14, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.proto b/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.proto
index 90793cbabad7b..2fe72c64f8241 100644
--- a/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.proto
+++ b/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.tasks.v1;
@@ -188,6 +204,7 @@ message CheckpointTaskResponse {
 message UpdateTaskRequest {
 	string container_id = 1;
 	google.protobuf.Any resources = 2;
+	map<string, string> annotations = 3;
 }
 
 message MetricsRequest {
diff --git a/vendor/github.com/containerd/containerd/api/services/version/v1/version.pb.go b/vendor/github.com/containerd/containerd/api/services/version/v1/version.pb.go
index 829987c416c00..b742c6ae62f57 100644
--- a/vendor/github.com/containerd/containerd/api/services/version/v1/version.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/version/v1/version.pb.go
@@ -1,31 +1,22 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/services/version/v1/version.proto
 
-/*
-	Package version is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/services/version/v1/version.proto
-
-	It has these top-level messages:
-		VersionResponse
-*/
 package version
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/types"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	types "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -36,21 +27,76 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type VersionResponse struct {
-	Version  string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
-	Revision string `protobuf:"bytes,2,opt,name=revision,proto3" json:"revision,omitempty"`
+	Version              string   `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
+	Revision             string   `protobuf:"bytes,2,opt,name=revision,proto3" json:"revision,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *VersionResponse) Reset()                    { *m = VersionResponse{} }
-func (*VersionResponse) ProtoMessage()               {}
-func (*VersionResponse) Descriptor() ([]byte, []int) { return fileDescriptorVersion, []int{0} }
+func (m *VersionResponse) Reset()      { *m = VersionResponse{} }
+func (*VersionResponse) ProtoMessage() {}
+func (*VersionResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_128109001e578ffe, []int{0}
+}
+func (m *VersionResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *VersionResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_VersionResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *VersionResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_VersionResponse.Merge(m, src)
+}
+func (m *VersionResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *VersionResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_VersionResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_VersionResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*VersionResponse)(nil), "containerd.services.version.v1.VersionResponse")
 }
 
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/services/version/v1/version.proto", fileDescriptor_128109001e578ffe)
+}
+
+var fileDescriptor_128109001e578ffe = []byte{
+	// 243 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x72, 0x4b, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x17, 0xa7, 0x16, 0x95, 0x65, 0x26, 0xa7, 0x16, 0xeb,
+	0x97, 0xa5, 0x16, 0x15, 0x67, 0xe6, 0xe7, 0xe9, 0x97, 0x19, 0xc2, 0x98, 0x7a, 0x05, 0x45, 0xf9,
+	0x25, 0xf9, 0x42, 0x72, 0x08, 0x1d, 0x7a, 0x30, 0xd5, 0x7a, 0x30, 0x25, 0x65, 0x86, 0x52, 0xd2,
+	0xe9, 0xf9, 0xf9, 0xe9, 0x39, 0xa9, 0xfa, 0x60, 0xd5, 0x49, 0xa5, 0x69, 0xfa, 0xa9, 0xb9, 0x05,
+	0x25, 0x95, 0x10, 0xcd, 0x52, 0x22, 0xe9, 0xf9, 0xe9, 0xf9, 0x60, 0xa6, 0x3e, 0x88, 0x05, 0x11,
+	0x55, 0x72, 0xe7, 0xe2, 0x0f, 0x83, 0x18, 0x10, 0x94, 0x5a, 0x5c, 0x90, 0x9f, 0x57, 0x9c, 0x2a,
+	0x24, 0xc1, 0xc5, 0x0e, 0x35, 0x53, 0x82, 0x51, 0x81, 0x51, 0x83, 0x33, 0x08, 0xc6, 0x15, 0x92,
+	0xe2, 0xe2, 0x28, 0x4a, 0x2d, 0xcb, 0x04, 0x4b, 0x31, 0x81, 0xa5, 0xe0, 0x7c, 0xa3, 0x58, 0x2e,
+	0x76, 0xa8, 0x41, 0x42, 0x41, 0x08, 0xa6, 0x98, 0x1e, 0xc4, 0x49, 0x7a, 0x30, 0x27, 0xe9, 0xb9,
+	0x82, 0x9c, 0x24, 0xa5, 0xaf, 0x87, 0xdf, 0x2b, 0x7a, 0x68, 0x8e, 0x72, 0x8a, 0x3a, 0xf1, 0x50,
+	0x8e, 0xe1, 0xc6, 0x43, 0x39, 0x86, 0x86, 0x47, 0x72, 0x8c, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78,
+	0x24, 0xc7, 0xf8, 0xe0, 0x91, 0x1c, 0x63, 0x94, 0x03, 0xb9, 0x81, 0x6b, 0x0d, 0x65, 0x46, 0x30,
+	0x26, 0xb1, 0x81, 0x9d, 0x67, 0x0c, 0x08, 0x00, 0x00, 0xff, 0xff, 0x95, 0x0d, 0x52, 0x23, 0xa9,
+	0x01, 0x00, 0x00,
+}
+
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ grpc.ClientConn
@@ -59,10 +105,11 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Version service
-
+// VersionClient is the client API for Version service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type VersionClient interface {
-	Version(ctx context.Context, in *google_protobuf.Empty, opts ...grpc.CallOption) (*VersionResponse, error)
+	Version(ctx context.Context, in *types.Empty, opts ...grpc.CallOption) (*VersionResponse, error)
 }
 
 type versionClient struct {
@@ -73,19 +120,26 @@ func NewVersionClient(cc *grpc.ClientConn) VersionClient {
 	return &versionClient{cc}
 }
 
-func (c *versionClient) Version(ctx context.Context, in *google_protobuf.Empty, opts ...grpc.CallOption) (*VersionResponse, error) {
+func (c *versionClient) Version(ctx context.Context, in *types.Empty, opts ...grpc.CallOption) (*VersionResponse, error) {
 	out := new(VersionResponse)
-	err := grpc.Invoke(ctx, "/containerd.services.version.v1.Version/Version", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/containerd.services.version.v1.Version/Version", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Version service
-
+// VersionServer is the server API for Version service.
 type VersionServer interface {
-	Version(context.Context, *google_protobuf.Empty) (*VersionResponse, error)
+	Version(context.Context, *types.Empty) (*VersionResponse, error)
+}
+
+// UnimplementedVersionServer can be embedded to have forward compatible implementations.
+type UnimplementedVersionServer struct {
+}
+
+func (*UnimplementedVersionServer) Version(ctx context.Context, req *types.Empty) (*VersionResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Version not implemented")
 }
 
 func RegisterVersionServer(s *grpc.Server, srv VersionServer) {
@@ -93,7 +147,7 @@ func RegisterVersionServer(s *grpc.Server, srv VersionServer) {
 }
 
 func _Version_Version_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(google_protobuf.Empty)
+	in := new(types.Empty)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
@@ -105,7 +159,7 @@ func _Version_Version_Handler(srv interface{}, ctx context.Context, dec func(int
 		FullMethod: "/containerd.services.version.v1.Version/Version",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(VersionServer).Version(ctx, req.(*google_protobuf.Empty))
+		return srv.(VersionServer).Version(ctx, req.(*types.Empty))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -126,7 +180,7 @@ var _Version_serviceDesc = grpc.ServiceDesc{
 func (m *VersionResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -134,35 +188,51 @@ func (m *VersionResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *VersionResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *VersionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Version) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintVersion(dAtA, i, uint64(len(m.Version)))
-		i += copy(dAtA[i:], m.Version)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Revision) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Revision)
+		copy(dAtA[i:], m.Revision)
 		i = encodeVarintVersion(dAtA, i, uint64(len(m.Revision)))
-		i += copy(dAtA[i:], m.Revision)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Version) > 0 {
+		i -= len(m.Version)
+		copy(dAtA[i:], m.Version)
+		i = encodeVarintVersion(dAtA, i, uint64(len(m.Version)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintVersion(dAtA []byte, offset int, v uint64) int {
+	offset -= sovVersion(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *VersionResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Version)
@@ -173,18 +243,14 @@ func (m *VersionResponse) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovVersion(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovVersion(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozVersion(x uint64) (n int) {
 	return sovVersion(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -196,6 +262,7 @@ func (this *VersionResponse) String() string {
 	s := strings.Join([]string{`&VersionResponse{`,
 		`Version:` + fmt.Sprintf("%v", this.Version) + `,`,
 		`Revision:` + fmt.Sprintf("%v", this.Revision) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -223,7 +290,7 @@ func (m *VersionResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -251,7 +318,7 @@ func (m *VersionResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -261,6 +328,9 @@ func (m *VersionResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthVersion
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthVersion
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -280,7 +350,7 @@ func (m *VersionResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -290,6 +360,9 @@ func (m *VersionResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthVersion
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthVersion
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -301,12 +374,13 @@ func (m *VersionResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthVersion
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -319,6 +393,7 @@ func (m *VersionResponse) Unmarshal(dAtA []byte) error {
 func skipVersion(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -350,10 +425,8 @@ func skipVersion(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -370,77 +443,34 @@ func skipVersion(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthVersion
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowVersion
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipVersion(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupVersion
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthVersion
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthVersion = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowVersion   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthVersion        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowVersion          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupVersion = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/services/version/v1/version.proto", fileDescriptorVersion)
-}
-
-var fileDescriptorVersion = []byte{
-	// 243 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x72, 0x4b, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x17, 0xa7, 0x16, 0x95, 0x65, 0x26, 0xa7, 0x16, 0xeb,
-	0x97, 0xa5, 0x16, 0x15, 0x67, 0xe6, 0xe7, 0xe9, 0x97, 0x19, 0xc2, 0x98, 0x7a, 0x05, 0x45, 0xf9,
-	0x25, 0xf9, 0x42, 0x72, 0x08, 0x1d, 0x7a, 0x30, 0xd5, 0x7a, 0x30, 0x25, 0x65, 0x86, 0x52, 0xd2,
-	0xe9, 0xf9, 0xf9, 0xe9, 0x39, 0xa9, 0xfa, 0x60, 0xd5, 0x49, 0xa5, 0x69, 0xfa, 0xa9, 0xb9, 0x05,
-	0x25, 0x95, 0x10, 0xcd, 0x52, 0x22, 0xe9, 0xf9, 0xe9, 0xf9, 0x60, 0xa6, 0x3e, 0x88, 0x05, 0x11,
-	0x55, 0x72, 0xe7, 0xe2, 0x0f, 0x83, 0x18, 0x10, 0x94, 0x5a, 0x5c, 0x90, 0x9f, 0x57, 0x9c, 0x2a,
-	0x24, 0xc1, 0xc5, 0x0e, 0x35, 0x53, 0x82, 0x51, 0x81, 0x51, 0x83, 0x33, 0x08, 0xc6, 0x15, 0x92,
-	0xe2, 0xe2, 0x28, 0x4a, 0x2d, 0xcb, 0x04, 0x4b, 0x31, 0x81, 0xa5, 0xe0, 0x7c, 0xa3, 0x58, 0x2e,
-	0x76, 0xa8, 0x41, 0x42, 0x41, 0x08, 0xa6, 0x98, 0x1e, 0xc4, 0x49, 0x7a, 0x30, 0x27, 0xe9, 0xb9,
-	0x82, 0x9c, 0x24, 0xa5, 0xaf, 0x87, 0xdf, 0x2b, 0x7a, 0x68, 0x8e, 0x72, 0x8a, 0x3a, 0xf1, 0x50,
-	0x8e, 0xe1, 0xc6, 0x43, 0x39, 0x86, 0x86, 0x47, 0x72, 0x8c, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78,
-	0x24, 0xc7, 0xf8, 0xe0, 0x91, 0x1c, 0x63, 0x94, 0x03, 0xb9, 0x81, 0x6b, 0x0d, 0x65, 0x46, 0x30,
-	0x26, 0xb1, 0x81, 0x9d, 0x67, 0x0c, 0x08, 0x00, 0x00, 0xff, 0xff, 0x95, 0x0d, 0x52, 0x23, 0xa9,
-	0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/services/version/v1/version.proto b/vendor/github.com/containerd/containerd/api/services/version/v1/version.proto
index 0e4c3d1e0811c..97681bb86ee79 100644
--- a/vendor/github.com/containerd/containerd/api/services/version/v1/version.proto
+++ b/vendor/github.com/containerd/containerd/api/services/version/v1/version.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.services.version.v1;
diff --git a/vendor/github.com/containerd/containerd/api/types/descriptor.pb.go b/vendor/github.com/containerd/containerd/api/types/descriptor.pb.go
index 93e88c0dc275a..fe71dbf433000 100644
--- a/vendor/github.com/containerd/containerd/api/types/descriptor.pb.go
+++ b/vendor/github.com/containerd/containerd/api/types/descriptor.pb.go
@@ -1,35 +1,19 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/types/descriptor.proto
 
-/*
-	Package types is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/types/descriptor.proto
-		github.com/containerd/containerd/api/types/metrics.proto
-		github.com/containerd/containerd/api/types/mount.proto
-		github.com/containerd/containerd/api/types/platform.proto
-
-	It has these top-level messages:
-		Descriptor
-		Metric
-		Mount
-		Platform
-*/
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-
-import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -40,7 +24,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // Descriptor describes a blob in a content store.
 //
@@ -48,22 +32,84 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 // oci descriptor found in a manifest.
 // See https://godoc.org/github.com/opencontainers/image-spec/specs-go/v1#Descriptor
 type Descriptor struct {
-	MediaType string                                     `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"`
-	Digest    github_com_opencontainers_go_digest.Digest `protobuf:"bytes,2,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
-	Size_     int64                                      `protobuf:"varint,3,opt,name=size,proto3" json:"size,omitempty"`
+	MediaType            string                                     `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"`
+	Digest               github_com_opencontainers_go_digest.Digest `protobuf:"bytes,2,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	Size_                int64                                      `protobuf:"varint,3,opt,name=size,proto3" json:"size,omitempty"`
+	Annotations          map[string]string                          `protobuf:"bytes,5,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
 }
 
-func (m *Descriptor) Reset()                    { *m = Descriptor{} }
-func (*Descriptor) ProtoMessage()               {}
-func (*Descriptor) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{0} }
+func (m *Descriptor) Reset()      { *m = Descriptor{} }
+func (*Descriptor) ProtoMessage() {}
+func (*Descriptor) Descriptor() ([]byte, []int) {
+	return fileDescriptor_37f958df3707db9e, []int{0}
+}
+func (m *Descriptor) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Descriptor) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Descriptor.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Descriptor) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Descriptor.Merge(m, src)
+}
+func (m *Descriptor) XXX_Size() int {
+	return m.Size()
+}
+func (m *Descriptor) XXX_DiscardUnknown() {
+	xxx_messageInfo_Descriptor.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Descriptor proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Descriptor)(nil), "containerd.types.Descriptor")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.types.Descriptor.AnnotationsEntry")
+}
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/types/descriptor.proto", fileDescriptor_37f958df3707db9e)
 }
+
+var fileDescriptor_37f958df3707db9e = []byte{
+	// 311 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4e, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0xa7, 0xa4, 0x16,
+	0x27, 0x17, 0x65, 0x16, 0x94, 0xe4, 0x17, 0xe9, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20,
+	0x94, 0xe9, 0x81, 0x95, 0x48, 0x89, 0xa4, 0xe7, 0xa7, 0xe7, 0x83, 0x25, 0xf5, 0x41, 0x2c, 0x88,
+	0x3a, 0xa5, 0x39, 0x4c, 0x5c, 0x5c, 0x2e, 0x70, 0xcd, 0x42, 0xb2, 0x5c, 0x5c, 0xb9, 0xa9, 0x29,
+	0x99, 0x89, 0xf1, 0x20, 0x3d, 0x12, 0x8c, 0x0a, 0x8c, 0x1a, 0x9c, 0x41, 0x9c, 0x60, 0x91, 0x90,
+	0xca, 0x82, 0x54, 0x21, 0x2f, 0x2e, 0xb6, 0x94, 0xcc, 0xf4, 0xd4, 0xe2, 0x12, 0x09, 0x26, 0x90,
+	0x94, 0x93, 0xd1, 0x89, 0x7b, 0xf2, 0x0c, 0xb7, 0xee, 0xc9, 0x6b, 0x21, 0x39, 0x35, 0xbf, 0x20,
+	0x35, 0x0f, 0x6e, 0x79, 0xb1, 0x7e, 0x7a, 0xbe, 0x2e, 0x44, 0x8b, 0x9e, 0x0b, 0x98, 0x0a, 0x82,
+	0x9a, 0x20, 0x24, 0xc4, 0xc5, 0x52, 0x9c, 0x59, 0x95, 0x2a, 0xc1, 0xac, 0xc0, 0xa8, 0xc1, 0x1c,
+	0x04, 0x66, 0x0b, 0xf9, 0x73, 0x71, 0x27, 0xe6, 0xe5, 0xe5, 0x97, 0x24, 0x96, 0x64, 0xe6, 0xe7,
+	0x15, 0x4b, 0xb0, 0x2a, 0x30, 0x6b, 0x70, 0x1b, 0xe9, 0xea, 0xa1, 0xfb, 0x45, 0x0f, 0xe1, 0x62,
+	0x3d, 0x47, 0x84, 0x7a, 0xd7, 0xbc, 0x92, 0xa2, 0xca, 0x20, 0x64, 0x13, 0xa4, 0xec, 0xb8, 0x04,
+	0xd0, 0x15, 0x08, 0x09, 0x70, 0x31, 0x67, 0xa7, 0x56, 0x42, 0x3d, 0x07, 0x62, 0x0a, 0x89, 0x70,
+	0xb1, 0x96, 0x25, 0xe6, 0x94, 0xa6, 0x42, 0x7c, 0x15, 0x04, 0xe1, 0x58, 0x31, 0x59, 0x30, 0x3a,
+	0x79, 0x9d, 0x78, 0x28, 0xc7, 0x70, 0xe3, 0xa1, 0x1c, 0x43, 0xc3, 0x23, 0x39, 0xc6, 0x13, 0x8f,
+	0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x31, 0xca, 0x80, 0xf8, 0xd8, 0xb1,
+	0x06, 0x93, 0x11, 0x0c, 0x49, 0x6c, 0xe0, 0x30, 0x37, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x22,
+	0x8a, 0x20, 0x4a, 0xda, 0x01, 0x00, 0x00,
+}
+
 func (m *Descriptor) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -71,40 +117,75 @@ func (m *Descriptor) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Descriptor) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Descriptor) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.MediaType) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDescriptor(dAtA, i, uint64(len(m.MediaType)))
-		i += copy(dAtA[i:], m.MediaType)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Digest) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintDescriptor(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+	if len(m.Annotations) > 0 {
+		for k := range m.Annotations {
+			v := m.Annotations[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintDescriptor(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintDescriptor(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintDescriptor(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x2a
+		}
 	}
 	if m.Size_ != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintDescriptor(dAtA, i, uint64(m.Size_))
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.Digest) > 0 {
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
+		i = encodeVarintDescriptor(dAtA, i, uint64(len(m.Digest)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.MediaType) > 0 {
+		i -= len(m.MediaType)
+		copy(dAtA[i:], m.MediaType)
+		i = encodeVarintDescriptor(dAtA, i, uint64(len(m.MediaType)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintDescriptor(dAtA []byte, offset int, v uint64) int {
+	offset -= sovDescriptor(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Descriptor) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.MediaType)
@@ -118,18 +199,22 @@ func (m *Descriptor) Size() (n int) {
 	if m.Size_ != 0 {
 		n += 1 + sovDescriptor(uint64(m.Size_))
 	}
+	if len(m.Annotations) > 0 {
+		for k, v := range m.Annotations {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovDescriptor(uint64(len(k))) + 1 + len(v) + sovDescriptor(uint64(len(v)))
+			n += mapEntrySize + 1 + sovDescriptor(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovDescriptor(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozDescriptor(x uint64) (n int) {
 	return sovDescriptor(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -138,10 +223,22 @@ func (this *Descriptor) String() string {
 	if this == nil {
 		return "nil"
 	}
+	keysForAnnotations := make([]string, 0, len(this.Annotations))
+	for k, _ := range this.Annotations {
+		keysForAnnotations = append(keysForAnnotations, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations)
+	mapStringForAnnotations := "map[string]string{"
+	for _, k := range keysForAnnotations {
+		mapStringForAnnotations += fmt.Sprintf("%v: %v,", k, this.Annotations[k])
+	}
+	mapStringForAnnotations += "}"
 	s := strings.Join([]string{`&Descriptor{`,
 		`MediaType:` + fmt.Sprintf("%v", this.MediaType) + `,`,
 		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
 		`Size_:` + fmt.Sprintf("%v", this.Size_) + `,`,
+		`Annotations:` + mapStringForAnnotations + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -169,7 +266,7 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -197,7 +294,7 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -207,6 +304,9 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDescriptor
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDescriptor
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -226,7 +326,7 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -236,6 +336,9 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDescriptor
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDescriptor
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -255,23 +358,151 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Size_ |= (int64(b) & 0x7F) << shift
+				m.Size_ |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowDescriptor
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthDescriptor
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDescriptor
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Annotations == nil {
+				m.Annotations = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowDescriptor
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowDescriptor
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthDescriptor
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthDescriptor
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowDescriptor
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthDescriptor
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthDescriptor
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipDescriptor(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthDescriptor
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Annotations[mapkey] = mapvalue
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipDescriptor(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDescriptor
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -284,6 +515,7 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error {
 func skipDescriptor(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -315,10 +547,8 @@ func skipDescriptor(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -335,76 +565,34 @@ func skipDescriptor(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthDescriptor
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowDescriptor
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipDescriptor(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupDescriptor
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthDescriptor
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthDescriptor = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowDescriptor   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthDescriptor        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowDescriptor          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupDescriptor = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/types/descriptor.proto", fileDescriptorDescriptor)
-}
-
-var fileDescriptorDescriptor = []byte{
-	// 234 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4e, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0xa7, 0xa4, 0x16,
-	0x27, 0x17, 0x65, 0x16, 0x94, 0xe4, 0x17, 0xe9, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20,
-	0x94, 0xe9, 0x81, 0x95, 0x48, 0x89, 0xa4, 0xe7, 0xa7, 0xe7, 0x83, 0x25, 0xf5, 0x41, 0x2c, 0x88,
-	0x3a, 0xa5, 0x6e, 0x46, 0x2e, 0x2e, 0x17, 0xb8, 0x66, 0x21, 0x59, 0x2e, 0xae, 0xdc, 0xd4, 0x94,
-	0xcc, 0xc4, 0x78, 0x90, 0x1e, 0x09, 0x46, 0x05, 0x46, 0x0d, 0xce, 0x20, 0x4e, 0xb0, 0x48, 0x48,
-	0x65, 0x41, 0xaa, 0x90, 0x17, 0x17, 0x5b, 0x4a, 0x66, 0x7a, 0x6a, 0x71, 0x89, 0x04, 0x13, 0x48,
-	0xca, 0xc9, 0xe8, 0xc4, 0x3d, 0x79, 0x86, 0x5b, 0xf7, 0xe4, 0xb5, 0x90, 0x9c, 0x9a, 0x5f, 0x90,
-	0x9a, 0x07, 0xb7, 0xbc, 0x58, 0x3f, 0x3d, 0x5f, 0x17, 0xa2, 0x45, 0xcf, 0x05, 0x4c, 0x05, 0x41,
-	0x4d, 0x10, 0x12, 0xe2, 0x62, 0x29, 0xce, 0xac, 0x4a, 0x95, 0x60, 0x56, 0x60, 0xd4, 0x60, 0x0e,
-	0x02, 0xb3, 0x9d, 0xbc, 0x4e, 0x3c, 0x94, 0x63, 0xb8, 0xf1, 0x50, 0x8e, 0xa1, 0xe1, 0x91, 0x1c,
-	0xe3, 0x89, 0x47, 0x72, 0x8c, 0x17, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x18, 0x65, 0x40,
-	0x7c, 0x60, 0x58, 0x83, 0xc9, 0x08, 0x86, 0x24, 0x36, 0xb0, 0x17, 0x8d, 0x01, 0x01, 0x00, 0x00,
-	0xff, 0xff, 0xea, 0xac, 0x78, 0x9a, 0x49, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/types/descriptor.proto b/vendor/github.com/containerd/containerd/api/types/descriptor.proto
index 5c00dca4f1bd1..a841d1bb22d44 100644
--- a/vendor/github.com/containerd/containerd/api/types/descriptor.proto
+++ b/vendor/github.com/containerd/containerd/api/types/descriptor.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.types;
@@ -15,4 +31,5 @@ message Descriptor {
 	string media_type = 1;
 	string digest = 2 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
 	int64 size = 3;
+	map<string, string> annotations = 5;
 }
diff --git a/vendor/github.com/containerd/containerd/api/types/metrics.pb.go b/vendor/github.com/containerd/containerd/api/types/metrics.pb.go
index 52e9f40a5a93b..75773e442ab74 100644
--- a/vendor/github.com/containerd/containerd/api/types/metrics.pb.go
+++ b/vendor/github.com/containerd/containerd/api/types/metrics.pb.go
@@ -3,22 +3,18 @@
 
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/types"
-
-import time "time"
-
-import types1 "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -26,23 +22,86 @@ var _ = fmt.Errorf
 var _ = math.Inf
 var _ = time.Kitchen
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type Metric struct {
-	Timestamp time.Time             `protobuf:"bytes,1,opt,name=timestamp,stdtime" json:"timestamp"`
-	ID        string                `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
-	Data      *google_protobuf1.Any `protobuf:"bytes,3,opt,name=data" json:"data,omitempty"`
+	Timestamp            time.Time  `protobuf:"bytes,1,opt,name=timestamp,proto3,stdtime" json:"timestamp"`
+	ID                   string     `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
+	Data                 *types.Any `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *Metric) Reset()      { *m = Metric{} }
+func (*Metric) ProtoMessage() {}
+func (*Metric) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8d594d87edf6e6bc, []int{0}
+}
+func (m *Metric) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Metric) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Metric.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Metric) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Metric.Merge(m, src)
+}
+func (m *Metric) XXX_Size() int {
+	return m.Size()
+}
+func (m *Metric) XXX_DiscardUnknown() {
+	xxx_messageInfo_Metric.DiscardUnknown(m)
 }
 
-func (m *Metric) Reset()                    { *m = Metric{} }
-func (*Metric) ProtoMessage()               {}
-func (*Metric) Descriptor() ([]byte, []int) { return fileDescriptorMetrics, []int{0} }
+var xxx_messageInfo_Metric proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Metric)(nil), "containerd.types.Metric")
 }
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/types/metrics.proto", fileDescriptor_8d594d87edf6e6bc)
+}
+
+var fileDescriptor_8d594d87edf6e6bc = []byte{
+	// 258 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x48, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0xe7, 0xa6, 0x96,
+	0x14, 0x65, 0x26, 0x17, 0xeb, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20, 0xd4, 0xe8, 0x81,
+	0xe5, 0xa5, 0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0x92, 0xfa, 0x20, 0x16, 0x44, 0x9d, 0x94, 0x64,
+	0x7a, 0x7e, 0x7e, 0x7a, 0x4e, 0xaa, 0x3e, 0x98, 0x97, 0x54, 0x9a, 0xa6, 0x9f, 0x98, 0x57, 0x09,
+	0x95, 0x92, 0x47, 0x97, 0x2a, 0xc9, 0xcc, 0x4d, 0x2d, 0x2e, 0x49, 0xcc, 0x2d, 0x80, 0x28, 0x50,
+	0xea, 0x63, 0xe4, 0x62, 0xf3, 0x05, 0xdb, 0x2a, 0xe4, 0xc4, 0xc5, 0x09, 0x97, 0x95, 0x60, 0x54,
+	0x60, 0xd4, 0xe0, 0x36, 0x92, 0xd2, 0x83, 0xe8, 0xd7, 0x83, 0xe9, 0xd7, 0x0b, 0x81, 0xa9, 0x70,
+	0xe2, 0x38, 0x71, 0x4f, 0x9e, 0x61, 0xc2, 0x7d, 0x79, 0xc6, 0x20, 0x84, 0x36, 0x21, 0x31, 0x2e,
+	0xa6, 0xcc, 0x14, 0x09, 0x26, 0x05, 0x46, 0x0d, 0x4e, 0x27, 0xb6, 0x47, 0xf7, 0xe4, 0x99, 0x3c,
+	0x5d, 0x82, 0x98, 0x32, 0x53, 0x84, 0x34, 0xb8, 0x58, 0x52, 0x12, 0x4b, 0x12, 0x25, 0x98, 0xc1,
+	0xc6, 0x8a, 0x60, 0x18, 0xeb, 0x98, 0x57, 0x19, 0x04, 0x56, 0xe1, 0xe4, 0x75, 0xe2, 0xa1, 0x1c,
+	0xc3, 0x8d, 0x87, 0x72, 0x0c, 0x0d, 0x8f, 0xe4, 0x18, 0x4f, 0x3c, 0x92, 0x63, 0xbc, 0xf0, 0x48,
+	0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x28, 0x03, 0xe2, 0x03, 0xd2, 0x1a, 0x4c, 0x46, 0x30, 0x24,
+	0xb1, 0x81, 0x6d, 0x30, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0xde, 0x0d, 0x02, 0xfe, 0x85, 0x01,
+	0x00, 0x00,
+}
+
 func (m *Metric) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -50,50 +109,67 @@ func (m *Metric) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Metric) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Metric) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintMetrics(dAtA, i, uint64(types1.SizeOfStdTime(m.Timestamp)))
-	n1, err := types1.StdTimeMarshalTo(m.Timestamp, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Data != nil {
+		{
+			size, err := m.Data.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintMetrics(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	i += n1
 	if len(m.ID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintMetrics(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Data != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintMetrics(dAtA, i, uint64(m.Data.Size()))
-		n2, err := m.Data.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n2
+	n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):])
+	if err2 != nil {
+		return 0, err2
 	}
-	return i, nil
+	i -= n2
+	i = encodeVarintMetrics(dAtA, i, uint64(n2))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintMetrics(dAtA []byte, offset int, v uint64) int {
+	offset -= sovMetrics(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Metric) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
-	l = types1.SizeOfStdTime(m.Timestamp)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp)
 	n += 1 + l + sovMetrics(uint64(l))
 	l = len(m.ID)
 	if l > 0 {
@@ -103,18 +179,14 @@ func (m *Metric) Size() (n int) {
 		l = m.Data.Size()
 		n += 1 + l + sovMetrics(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovMetrics(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozMetrics(x uint64) (n int) {
 	return sovMetrics(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -124,9 +196,10 @@ func (this *Metric) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&Metric{`,
-		`Timestamp:` + strings.Replace(strings.Replace(this.Timestamp.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
+		`Timestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Timestamp), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
-		`Data:` + strings.Replace(fmt.Sprintf("%v", this.Data), "Any", "google_protobuf1.Any", 1) + `,`,
+		`Data:` + strings.Replace(fmt.Sprintf("%v", this.Data), "Any", "types.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -154,7 +227,7 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -182,7 +255,7 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -191,10 +264,13 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthMetrics
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types1.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -212,7 +288,7 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -222,6 +298,9 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthMetrics
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -241,7 +320,7 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -250,11 +329,14 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthMetrics
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Data == nil {
-				m.Data = &google_protobuf1.Any{}
+				m.Data = &types.Any{}
 			}
 			if err := m.Data.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -266,12 +348,13 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthMetrics
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -284,6 +367,7 @@ func (m *Metric) Unmarshal(dAtA []byte) error {
 func skipMetrics(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -315,10 +399,8 @@ func skipMetrics(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -335,78 +417,34 @@ func skipMetrics(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthMetrics
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowMetrics
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipMetrics(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupMetrics
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthMetrics
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthMetrics = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowMetrics   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthMetrics        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowMetrics          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupMetrics = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/types/metrics.proto", fileDescriptorMetrics)
-}
-
-var fileDescriptorMetrics = []byte{
-	// 258 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x48, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0xe7, 0xa6, 0x96,
-	0x14, 0x65, 0x26, 0x17, 0xeb, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20, 0xd4, 0xe8, 0x81,
-	0xe5, 0xa5, 0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0x92, 0xfa, 0x20, 0x16, 0x44, 0x9d, 0x94, 0x64,
-	0x7a, 0x7e, 0x7e, 0x7a, 0x4e, 0xaa, 0x3e, 0x98, 0x97, 0x54, 0x9a, 0xa6, 0x9f, 0x98, 0x57, 0x09,
-	0x95, 0x92, 0x47, 0x97, 0x2a, 0xc9, 0xcc, 0x4d, 0x2d, 0x2e, 0x49, 0xcc, 0x2d, 0x80, 0x28, 0x50,
-	0xea, 0x63, 0xe4, 0x62, 0xf3, 0x05, 0xdb, 0x2a, 0xe4, 0xc4, 0xc5, 0x09, 0x97, 0x95, 0x60, 0x54,
-	0x60, 0xd4, 0xe0, 0x36, 0x92, 0xd2, 0x83, 0xe8, 0xd7, 0x83, 0xe9, 0xd7, 0x0b, 0x81, 0xa9, 0x70,
-	0xe2, 0x38, 0x71, 0x4f, 0x9e, 0x61, 0xc2, 0x7d, 0x79, 0xc6, 0x20, 0x84, 0x36, 0x21, 0x31, 0x2e,
-	0xa6, 0xcc, 0x14, 0x09, 0x26, 0x05, 0x46, 0x0d, 0x4e, 0x27, 0xb6, 0x47, 0xf7, 0xe4, 0x99, 0x3c,
-	0x5d, 0x82, 0x98, 0x32, 0x53, 0x84, 0x34, 0xb8, 0x58, 0x52, 0x12, 0x4b, 0x12, 0x25, 0x98, 0xc1,
-	0xc6, 0x8a, 0x60, 0x18, 0xeb, 0x98, 0x57, 0x19, 0x04, 0x56, 0xe1, 0xe4, 0x75, 0xe2, 0xa1, 0x1c,
-	0xc3, 0x8d, 0x87, 0x72, 0x0c, 0x0d, 0x8f, 0xe4, 0x18, 0x4f, 0x3c, 0x92, 0x63, 0xbc, 0xf0, 0x48,
-	0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x28, 0x03, 0xe2, 0x03, 0xd2, 0x1a, 0x4c, 0x46, 0x30, 0x24,
-	0xb1, 0x81, 0x6d, 0x30, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0xde, 0x0d, 0x02, 0xfe, 0x85, 0x01,
-	0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/types/metrics.proto b/vendor/github.com/containerd/containerd/api/types/metrics.proto
index 0e631d2ac3527..b8bc673267fc5 100644
--- a/vendor/github.com/containerd/containerd/api/types/metrics.proto
+++ b/vendor/github.com/containerd/containerd/api/types/metrics.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.types;
diff --git a/vendor/github.com/containerd/containerd/api/types/mount.pb.go b/vendor/github.com/containerd/containerd/api/types/mount.pb.go
index f7a9c3c1fe2ae..d0a0bee761f03 100644
--- a/vendor/github.com/containerd/containerd/api/types/mount.pb.go
+++ b/vendor/github.com/containerd/containerd/api/types/mount.pb.go
@@ -3,22 +3,27 @@
 
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 // Mount describes mounts for a container.
 //
 // This type is the lingua franca of ContainerD. All services provide mounts
@@ -35,20 +40,73 @@ type Mount struct {
 	// Target path in container
 	Target string `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
 	// Options specifies zero or more fstab style mount options.
-	Options []string `protobuf:"bytes,4,rep,name=options" json:"options,omitempty"`
+	Options              []string `protobuf:"bytes,4,rep,name=options,proto3" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Mount) Reset()      { *m = Mount{} }
+func (*Mount) ProtoMessage() {}
+func (*Mount) Descriptor() ([]byte, []int) {
+	return fileDescriptor_920196890d4a7b9f, []int{0}
+}
+func (m *Mount) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Mount) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Mount.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Mount) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Mount.Merge(m, src)
+}
+func (m *Mount) XXX_Size() int {
+	return m.Size()
+}
+func (m *Mount) XXX_DiscardUnknown() {
+	xxx_messageInfo_Mount.DiscardUnknown(m)
 }
 
-func (m *Mount) Reset()                    { *m = Mount{} }
-func (*Mount) ProtoMessage()               {}
-func (*Mount) Descriptor() ([]byte, []int) { return fileDescriptorMount, []int{0} }
+var xxx_messageInfo_Mount proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Mount)(nil), "containerd.types.Mount")
 }
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/types/mount.proto", fileDescriptor_920196890d4a7b9f)
+}
+
+var fileDescriptor_920196890d4a7b9f = []byte{
+	// 202 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x32, 0x4b, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0xe7, 0xe6, 0x97,
+	0xe6, 0x95, 0xe8, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20, 0x54, 0xe8, 0x81, 0x65, 0xa5,
+	0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0x92, 0xfa, 0x20, 0x16, 0x44, 0x9d, 0x52, 0x2a, 0x17, 0xab,
+	0x2f, 0x48, 0x9b, 0x90, 0x10, 0x17, 0x0b, 0x48, 0x9d, 0x04, 0xa3, 0x02, 0xa3, 0x06, 0x67, 0x10,
+	0x98, 0x2d, 0x24, 0xc6, 0xc5, 0x56, 0x9c, 0x5f, 0x5a, 0x94, 0x9c, 0x2a, 0xc1, 0x04, 0x16, 0x85,
+	0xf2, 0x40, 0xe2, 0x25, 0x89, 0x45, 0xe9, 0xa9, 0x25, 0x12, 0xcc, 0x10, 0x71, 0x08, 0x4f, 0x48,
+	0x82, 0x8b, 0x3d, 0xbf, 0xa0, 0x24, 0x33, 0x3f, 0xaf, 0x58, 0x82, 0x45, 0x81, 0x59, 0x83, 0x33,
+	0x08, 0xc6, 0x75, 0xf2, 0x3a, 0xf1, 0x50, 0x8e, 0xe1, 0xc6, 0x43, 0x39, 0x86, 0x86, 0x47, 0x72,
+	0x8c, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78, 0x24, 0xc7, 0xf8, 0xe0, 0x91, 0x1c, 0x63, 0x94, 0x01,
+	0xf1, 0x1e, 0xb4, 0x06, 0x93, 0x11, 0x0c, 0x49, 0x6c, 0x60, 0xb7, 0x1b, 0x03, 0x02, 0x00, 0x00,
+	0xff, 0xff, 0x82, 0x1c, 0x02, 0x18, 0x1d, 0x01, 0x00, 0x00,
+}
+
 func (m *Mount) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -56,56 +114,67 @@ func (m *Mount) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Mount) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Mount) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Type) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintMount(dAtA, i, uint64(len(m.Type)))
-		i += copy(dAtA[i:], m.Type)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Source) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintMount(dAtA, i, uint64(len(m.Source)))
-		i += copy(dAtA[i:], m.Source)
+	if len(m.Options) > 0 {
+		for iNdEx := len(m.Options) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Options[iNdEx])
+			copy(dAtA[i:], m.Options[iNdEx])
+			i = encodeVarintMount(dAtA, i, uint64(len(m.Options[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
 	}
 	if len(m.Target) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.Target)
+		copy(dAtA[i:], m.Target)
 		i = encodeVarintMount(dAtA, i, uint64(len(m.Target)))
-		i += copy(dAtA[i:], m.Target)
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.Options) > 0 {
-		for _, s := range m.Options {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	if len(m.Source) > 0 {
+		i -= len(m.Source)
+		copy(dAtA[i:], m.Source)
+		i = encodeVarintMount(dAtA, i, uint64(len(m.Source)))
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Type) > 0 {
+		i -= len(m.Type)
+		copy(dAtA[i:], m.Type)
+		i = encodeVarintMount(dAtA, i, uint64(len(m.Type)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintMount(dAtA []byte, offset int, v uint64) int {
+	offset -= sovMount(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Mount) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Type)
@@ -126,18 +195,14 @@ func (m *Mount) Size() (n int) {
 			n += 1 + l + sovMount(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovMount(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozMount(x uint64) (n int) {
 	return sovMount(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -151,6 +216,7 @@ func (this *Mount) String() string {
 		`Source:` + fmt.Sprintf("%v", this.Source) + `,`,
 		`Target:` + fmt.Sprintf("%v", this.Target) + `,`,
 		`Options:` + fmt.Sprintf("%v", this.Options) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -178,7 +244,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -206,7 +272,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -216,6 +282,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthMount
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMount
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -235,7 +304,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -245,6 +314,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthMount
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMount
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -264,7 +336,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -274,6 +346,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthMount
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMount
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -293,7 +368,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -303,6 +378,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthMount
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthMount
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -314,12 +392,13 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthMount
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -332,6 +411,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 func skipMount(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -363,10 +443,8 @@ func skipMount(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -383,74 +461,34 @@ func skipMount(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthMount
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowMount
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipMount(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupMount
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthMount
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthMount = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowMount   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthMount        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowMount          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupMount = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/types/mount.proto", fileDescriptorMount)
-}
-
-var fileDescriptorMount = []byte{
-	// 202 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x32, 0x4b, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0xe7, 0xe6, 0x97,
-	0xe6, 0x95, 0xe8, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20, 0x54, 0xe8, 0x81, 0x65, 0xa5,
-	0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0x92, 0xfa, 0x20, 0x16, 0x44, 0x9d, 0x52, 0x2a, 0x17, 0xab,
-	0x2f, 0x48, 0x9b, 0x90, 0x10, 0x17, 0x0b, 0x48, 0x9d, 0x04, 0xa3, 0x02, 0xa3, 0x06, 0x67, 0x10,
-	0x98, 0x2d, 0x24, 0xc6, 0xc5, 0x56, 0x9c, 0x5f, 0x5a, 0x94, 0x9c, 0x2a, 0xc1, 0x04, 0x16, 0x85,
-	0xf2, 0x40, 0xe2, 0x25, 0x89, 0x45, 0xe9, 0xa9, 0x25, 0x12, 0xcc, 0x10, 0x71, 0x08, 0x4f, 0x48,
-	0x82, 0x8b, 0x3d, 0xbf, 0xa0, 0x24, 0x33, 0x3f, 0xaf, 0x58, 0x82, 0x45, 0x81, 0x59, 0x83, 0x33,
-	0x08, 0xc6, 0x75, 0xf2, 0x3a, 0xf1, 0x50, 0x8e, 0xe1, 0xc6, 0x43, 0x39, 0x86, 0x86, 0x47, 0x72,
-	0x8c, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78, 0x24, 0xc7, 0xf8, 0xe0, 0x91, 0x1c, 0x63, 0x94, 0x01,
-	0xf1, 0x1e, 0xb4, 0x06, 0x93, 0x11, 0x0c, 0x49, 0x6c, 0x60, 0xb7, 0x1b, 0x03, 0x02, 0x00, 0x00,
-	0xff, 0xff, 0x82, 0x1c, 0x02, 0x18, 0x1d, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/types/mount.proto b/vendor/github.com/containerd/containerd/api/types/mount.proto
index cd80e44a2c0e2..41ab13313871e 100644
--- a/vendor/github.com/containerd/containerd/api/types/mount.proto
+++ b/vendor/github.com/containerd/containerd/api/types/mount.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.types;
diff --git a/vendor/github.com/containerd/containerd/api/types/platform.pb.go b/vendor/github.com/containerd/containerd/api/types/platform.pb.go
index ba9a3bf88175d..a0f78c8a769d6 100644
--- a/vendor/github.com/containerd/containerd/api/types/platform.pb.go
+++ b/vendor/github.com/containerd/containerd/api/types/platform.pb.go
@@ -3,41 +3,99 @@
 
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 // Platform follows the structure of the OCI platform specification, from
 // descriptors.
 type Platform struct {
-	OS           string `protobuf:"bytes,1,opt,name=os,proto3" json:"os,omitempty"`
-	Architecture string `protobuf:"bytes,2,opt,name=architecture,proto3" json:"architecture,omitempty"`
-	Variant      string `protobuf:"bytes,3,opt,name=variant,proto3" json:"variant,omitempty"`
+	OS                   string   `protobuf:"bytes,1,opt,name=os,proto3" json:"os,omitempty"`
+	Architecture         string   `protobuf:"bytes,2,opt,name=architecture,proto3" json:"architecture,omitempty"`
+	Variant              string   `protobuf:"bytes,3,opt,name=variant,proto3" json:"variant,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *Platform) Reset()                    { *m = Platform{} }
-func (*Platform) ProtoMessage()               {}
-func (*Platform) Descriptor() ([]byte, []int) { return fileDescriptorPlatform, []int{0} }
+func (m *Platform) Reset()      { *m = Platform{} }
+func (*Platform) ProtoMessage() {}
+func (*Platform) Descriptor() ([]byte, []int) {
+	return fileDescriptor_24ba7a4b83e2367e, []int{0}
+}
+func (m *Platform) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Platform) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Platform.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Platform) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Platform.Merge(m, src)
+}
+func (m *Platform) XXX_Size() int {
+	return m.Size()
+}
+func (m *Platform) XXX_DiscardUnknown() {
+	xxx_messageInfo_Platform.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Platform proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Platform)(nil), "containerd.types.Platform")
 }
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/types/platform.proto", fileDescriptor_24ba7a4b83e2367e)
+}
+
+var fileDescriptor_24ba7a4b83e2367e = []byte{
+	// 205 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4c, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
+	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0x17, 0xe4, 0x24,
+	0x96, 0xa4, 0xe5, 0x17, 0xe5, 0xea, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20, 0x14, 0xe9,
+	0x81, 0x15, 0x48, 0x89, 0xa4, 0xe7, 0xa7, 0xe7, 0x83, 0x25, 0xf5, 0x41, 0x2c, 0x88, 0x3a, 0xa5,
+	0x04, 0x2e, 0x8e, 0x00, 0xa8, 0x4e, 0x21, 0x31, 0x2e, 0xa6, 0xfc, 0x62, 0x09, 0x46, 0x05, 0x46,
+	0x0d, 0x4e, 0x27, 0xb6, 0x47, 0xf7, 0xe4, 0x99, 0xfc, 0x83, 0x83, 0x98, 0xf2, 0x8b, 0x85, 0x94,
+	0xb8, 0x78, 0x12, 0x8b, 0x92, 0x33, 0x32, 0x4b, 0x52, 0x93, 0x4b, 0x4a, 0x8b, 0x52, 0x25, 0x98,
+	0x40, 0x2a, 0x82, 0x50, 0xc4, 0x84, 0x24, 0xb8, 0xd8, 0xcb, 0x12, 0x8b, 0x32, 0x13, 0xf3, 0x4a,
+	0x24, 0x98, 0xc1, 0xd2, 0x30, 0xae, 0x93, 0xd7, 0x89, 0x87, 0x72, 0x0c, 0x37, 0x1e, 0xca, 0x31,
+	0x34, 0x3c, 0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4,
+	0x18, 0xa3, 0x0c, 0x88, 0xf7, 0x9e, 0x35, 0x98, 0x8c, 0x60, 0x48, 0x62, 0x03, 0x3b, 0xdb, 0x18,
+	0x10, 0x00, 0x00, 0xff, 0xff, 0x05, 0xaa, 0xda, 0xa1, 0x1b, 0x01, 0x00, 0x00,
+}
+
 func (m *Platform) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -45,41 +103,58 @@ func (m *Platform) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Platform) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Platform) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.OS) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintPlatform(dAtA, i, uint64(len(m.OS)))
-		i += copy(dAtA[i:], m.OS)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Variant) > 0 {
+		i -= len(m.Variant)
+		copy(dAtA[i:], m.Variant)
+		i = encodeVarintPlatform(dAtA, i, uint64(len(m.Variant)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.Architecture) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Architecture)
+		copy(dAtA[i:], m.Architecture)
 		i = encodeVarintPlatform(dAtA, i, uint64(len(m.Architecture)))
-		i += copy(dAtA[i:], m.Architecture)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Variant) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintPlatform(dAtA, i, uint64(len(m.Variant)))
-		i += copy(dAtA[i:], m.Variant)
+	if len(m.OS) > 0 {
+		i -= len(m.OS)
+		copy(dAtA[i:], m.OS)
+		i = encodeVarintPlatform(dAtA, i, uint64(len(m.OS)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintPlatform(dAtA []byte, offset int, v uint64) int {
+	offset -= sovPlatform(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Platform) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.OS)
@@ -94,18 +169,14 @@ func (m *Platform) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovPlatform(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovPlatform(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozPlatform(x uint64) (n int) {
 	return sovPlatform(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -118,6 +189,7 @@ func (this *Platform) String() string {
 		`OS:` + fmt.Sprintf("%v", this.OS) + `,`,
 		`Architecture:` + fmt.Sprintf("%v", this.Architecture) + `,`,
 		`Variant:` + fmt.Sprintf("%v", this.Variant) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -145,7 +217,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -173,7 +245,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -183,6 +255,9 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlatform
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthPlatform
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -202,7 +277,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -212,6 +287,9 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlatform
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthPlatform
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -231,7 +309,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -241,6 +319,9 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlatform
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthPlatform
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -252,12 +333,13 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthPlatform
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -270,6 +352,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 func skipPlatform(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -301,10 +384,8 @@ func skipPlatform(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -321,74 +402,34 @@ func skipPlatform(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthPlatform
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowPlatform
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipPlatform(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupPlatform
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthPlatform
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthPlatform = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowPlatform   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthPlatform        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowPlatform          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupPlatform = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/types/platform.proto", fileDescriptorPlatform)
-}
-
-var fileDescriptorPlatform = []byte{
-	// 205 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4c, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
-	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0x17, 0xe4, 0x24,
-	0x96, 0xa4, 0xe5, 0x17, 0xe5, 0xea, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20, 0x14, 0xe9,
-	0x81, 0x15, 0x48, 0x89, 0xa4, 0xe7, 0xa7, 0xe7, 0x83, 0x25, 0xf5, 0x41, 0x2c, 0x88, 0x3a, 0xa5,
-	0x04, 0x2e, 0x8e, 0x00, 0xa8, 0x4e, 0x21, 0x31, 0x2e, 0xa6, 0xfc, 0x62, 0x09, 0x46, 0x05, 0x46,
-	0x0d, 0x4e, 0x27, 0xb6, 0x47, 0xf7, 0xe4, 0x99, 0xfc, 0x83, 0x83, 0x98, 0xf2, 0x8b, 0x85, 0x94,
-	0xb8, 0x78, 0x12, 0x8b, 0x92, 0x33, 0x32, 0x4b, 0x52, 0x93, 0x4b, 0x4a, 0x8b, 0x52, 0x25, 0x98,
-	0x40, 0x2a, 0x82, 0x50, 0xc4, 0x84, 0x24, 0xb8, 0xd8, 0xcb, 0x12, 0x8b, 0x32, 0x13, 0xf3, 0x4a,
-	0x24, 0x98, 0xc1, 0xd2, 0x30, 0xae, 0x93, 0xd7, 0x89, 0x87, 0x72, 0x0c, 0x37, 0x1e, 0xca, 0x31,
-	0x34, 0x3c, 0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4,
-	0x18, 0xa3, 0x0c, 0x88, 0xf7, 0x9e, 0x35, 0x98, 0x8c, 0x60, 0x48, 0x62, 0x03, 0x3b, 0xdb, 0x18,
-	0x10, 0x00, 0x00, 0xff, 0xff, 0x05, 0xaa, 0xda, 0xa1, 0x1b, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/types/platform.proto b/vendor/github.com/containerd/containerd/api/types/platform.proto
index 4cf9834bdc494..7813606841104 100644
--- a/vendor/github.com/containerd/containerd/api/types/platform.proto
+++ b/vendor/github.com/containerd/containerd/api/types/platform.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.types;
diff --git a/vendor/github.com/containerd/containerd/api/types/task/task.pb.go b/vendor/github.com/containerd/containerd/api/types/task/task.pb.go
index 437abe8f4cae9..f511bbd058c85 100644
--- a/vendor/github.com/containerd/containerd/api/types/task/task.pb.go
+++ b/vendor/github.com/containerd/containerd/api/types/task/task.pb.go
@@ -1,34 +1,20 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/api/types/task/task.proto
 
-/*
-	Package task is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/api/types/task/task.proto
-
-	It has these top-level messages:
-		Process
-		ProcessInfo
-*/
 package task
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/gogo/protobuf/types"
-import google_protobuf2 "github.com/gogo/protobuf/types"
-
-import time "time"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -40,7 +26,7 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Status int32
 
@@ -61,6 +47,7 @@ var Status_name = map[int32]string{
 	4: "PAUSED",
 	5: "PAUSING",
 }
+
 var Status_value = map[string]int32{
 	"UNKNOWN": 0,
 	"CREATED": 1,
@@ -73,24 +60,58 @@ var Status_value = map[string]int32{
 func (x Status) String() string {
 	return proto.EnumName(Status_name, int32(x))
 }
-func (Status) EnumDescriptor() ([]byte, []int) { return fileDescriptorTask, []int{0} }
+
+func (Status) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_391ef18c8ab0dc16, []int{0}
+}
 
 type Process struct {
-	ContainerID string    `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	ID          string    `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
-	Pid         uint32    `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
-	Status      Status    `protobuf:"varint,4,opt,name=status,proto3,enum=containerd.v1.types.Status" json:"status,omitempty"`
-	Stdin       string    `protobuf:"bytes,5,opt,name=stdin,proto3" json:"stdin,omitempty"`
-	Stdout      string    `protobuf:"bytes,6,opt,name=stdout,proto3" json:"stdout,omitempty"`
-	Stderr      string    `protobuf:"bytes,7,opt,name=stderr,proto3" json:"stderr,omitempty"`
-	Terminal    bool      `protobuf:"varint,8,opt,name=terminal,proto3" json:"terminal,omitempty"`
-	ExitStatus  uint32    `protobuf:"varint,9,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
-	ExitedAt    time.Time `protobuf:"bytes,10,opt,name=exited_at,json=exitedAt,stdtime" json:"exited_at"`
+	ContainerID          string    `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
+	ID                   string    `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
+	Pid                  uint32    `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
+	Status               Status    `protobuf:"varint,4,opt,name=status,proto3,enum=containerd.v1.types.Status" json:"status,omitempty"`
+	Stdin                string    `protobuf:"bytes,5,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	Stdout               string    `protobuf:"bytes,6,opt,name=stdout,proto3" json:"stdout,omitempty"`
+	Stderr               string    `protobuf:"bytes,7,opt,name=stderr,proto3" json:"stderr,omitempty"`
+	Terminal             bool      `protobuf:"varint,8,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	ExitStatus           uint32    `protobuf:"varint,9,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
+	ExitedAt             time.Time `protobuf:"bytes,10,opt,name=exited_at,json=exitedAt,proto3,stdtime" json:"exited_at"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *Process) Reset()      { *m = Process{} }
+func (*Process) ProtoMessage() {}
+func (*Process) Descriptor() ([]byte, []int) {
+	return fileDescriptor_391ef18c8ab0dc16, []int{0}
+}
+func (m *Process) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Process) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Process.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Process) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Process.Merge(m, src)
+}
+func (m *Process) XXX_Size() int {
+	return m.Size()
+}
+func (m *Process) XXX_DiscardUnknown() {
+	xxx_messageInfo_Process.DiscardUnknown(m)
 }
 
-func (m *Process) Reset()                    { *m = Process{} }
-func (*Process) ProtoMessage()               {}
-func (*Process) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{0} }
+var xxx_messageInfo_Process proto.InternalMessageInfo
 
 type ProcessInfo struct {
 	// PID is the process ID.
@@ -98,22 +119,97 @@ type ProcessInfo struct {
 	// Info contains additional process information.
 	//
 	// Info varies by platform.
-	Info *google_protobuf2.Any `protobuf:"bytes,2,opt,name=info" json:"info,omitempty"`
+	Info                 *types.Any `protobuf:"bytes,2,opt,name=info,proto3" json:"info,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
 }
 
-func (m *ProcessInfo) Reset()                    { *m = ProcessInfo{} }
-func (*ProcessInfo) ProtoMessage()               {}
-func (*ProcessInfo) Descriptor() ([]byte, []int) { return fileDescriptorTask, []int{1} }
+func (m *ProcessInfo) Reset()      { *m = ProcessInfo{} }
+func (*ProcessInfo) ProtoMessage() {}
+func (*ProcessInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_391ef18c8ab0dc16, []int{1}
+}
+func (m *ProcessInfo) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ProcessInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ProcessInfo.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ProcessInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ProcessInfo.Merge(m, src)
+}
+func (m *ProcessInfo) XXX_Size() int {
+	return m.Size()
+}
+func (m *ProcessInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_ProcessInfo.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ProcessInfo proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("containerd.v1.types.Status", Status_name, Status_value)
 	proto.RegisterType((*Process)(nil), "containerd.v1.types.Process")
 	proto.RegisterType((*ProcessInfo)(nil), "containerd.v1.types.ProcessInfo")
-	proto.RegisterEnum("containerd.v1.types.Status", Status_name, Status_value)
 }
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/api/types/task/task.proto", fileDescriptor_391ef18c8ab0dc16)
+}
+
+var fileDescriptor_391ef18c8ab0dc16 = []byte{
+	// 545 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x90, 0x3f, 0x6f, 0xd3, 0x40,
+	0x18, 0xc6, 0x7d, 0x6e, 0xeb, 0xa6, 0xe7, 0xb6, 0x18, 0x13, 0x55, 0xc6, 0x20, 0xdb, 0xea, 0x64,
+	0x31, 0xd8, 0x22, 0xdd, 0xd8, 0xf2, 0x4f, 0xc8, 0x42, 0x72, 0x23, 0x27, 0x11, 0x6c, 0x91, 0x13,
+	0x5f, 0xcc, 0xa9, 0xcd, 0x9d, 0x65, 0x9f, 0x81, 0x6c, 0x8c, 0xa8, 0x13, 0x5f, 0xa0, 0x13, 0x7c,
+	0x0a, 0x3e, 0x41, 0x46, 0x26, 0xc4, 0x14, 0xa8, 0x3f, 0x09, 0x3a, 0xdb, 0x49, 0x23, 0x60, 0x39,
+	0xbd, 0xef, 0xf3, 0x7b, 0xee, 0xbd, 0xf7, 0x1e, 0xf8, 0x22, 0xc6, 0xec, 0x6d, 0x3e, 0x75, 0x66,
+	0x74, 0xe1, 0xce, 0x28, 0x61, 0x21, 0x26, 0x28, 0x8d, 0x76, 0xcb, 0x30, 0xc1, 0x2e, 0x5b, 0x26,
+	0x28, 0x73, 0x59, 0x98, 0x5d, 0x95, 0x87, 0x93, 0xa4, 0x94, 0x51, 0xf5, 0xd1, 0xbd, 0xcb, 0x79,
+	0xf7, 0xdc, 0x29, 0x4d, 0x7a, 0x33, 0xa6, 0x31, 0x2d, 0xb9, 0xcb, 0xab, 0xca, 0xaa, 0x9b, 0x31,
+	0xa5, 0xf1, 0x35, 0x72, 0xcb, 0x6e, 0x9a, 0xcf, 0x5d, 0x86, 0x17, 0x28, 0x63, 0xe1, 0x22, 0xa9,
+	0x0d, 0x8f, 0xff, 0x36, 0x84, 0x64, 0x59, 0xa1, 0xf3, 0x42, 0x84, 0x87, 0x83, 0x94, 0xce, 0x50,
+	0x96, 0xa9, 0x2d, 0x78, 0xbc, 0x7d, 0x74, 0x82, 0x23, 0x0d, 0x58, 0xc0, 0x3e, 0xea, 0x3c, 0x28,
+	0xd6, 0xa6, 0xdc, 0xdd, 0xe8, 0x5e, 0x2f, 0x90, 0xb7, 0x26, 0x2f, 0x52, 0xcf, 0xa0, 0x88, 0x23,
+	0x4d, 0x2c, 0x9d, 0x52, 0xb1, 0x36, 0x45, 0xaf, 0x17, 0x88, 0x38, 0x52, 0x15, 0xb8, 0x97, 0xe0,
+	0x48, 0xdb, 0xb3, 0x80, 0x7d, 0x12, 0xf0, 0x52, 0xbd, 0x80, 0x52, 0xc6, 0x42, 0x96, 0x67, 0xda,
+	0xbe, 0x05, 0xec, 0xd3, 0xd6, 0x13, 0xe7, 0x3f, 0x3f, 0x74, 0x86, 0xa5, 0x25, 0xa8, 0xad, 0x6a,
+	0x13, 0x1e, 0x64, 0x2c, 0xc2, 0x44, 0x3b, 0xe0, 0x2f, 0x04, 0x55, 0xa3, 0x9e, 0xf1, 0x51, 0x11,
+	0xcd, 0x99, 0x26, 0x95, 0x72, 0xdd, 0xd5, 0x3a, 0x4a, 0x53, 0xed, 0x70, 0xab, 0xa3, 0x34, 0x55,
+	0x75, 0xd8, 0x60, 0x28, 0x5d, 0x60, 0x12, 0x5e, 0x6b, 0x0d, 0x0b, 0xd8, 0x8d, 0x60, 0xdb, 0xab,
+	0x26, 0x94, 0xd1, 0x07, 0xcc, 0x26, 0xf5, 0x6e, 0x47, 0xe5, 0xc2, 0x90, 0x4b, 0xd5, 0x2a, 0x6a,
+	0x1b, 0x1e, 0xf1, 0x0e, 0x45, 0x93, 0x90, 0x69, 0xd0, 0x02, 0xb6, 0xdc, 0xd2, 0x9d, 0x2a, 0x50,
+	0x67, 0x13, 0xa8, 0x33, 0xda, 0x24, 0xde, 0x69, 0xac, 0xd6, 0xa6, 0xf0, 0xf9, 0x97, 0x09, 0x82,
+	0x46, 0x75, 0xad, 0xcd, 0xce, 0x3d, 0x28, 0xd7, 0x19, 0x7b, 0x64, 0x4e, 0x37, 0xd9, 0x80, 0xfb,
+	0x6c, 0x6c, 0xb8, 0x8f, 0xc9, 0x9c, 0x96, 0x39, 0xca, 0xad, 0xe6, 0x3f, 0xe3, 0xdb, 0x64, 0x19,
+	0x94, 0x8e, 0x67, 0x3f, 0x00, 0x94, 0xea, 0xc5, 0x0c, 0x78, 0x38, 0xf6, 0x5f, 0xf9, 0x97, 0xaf,
+	0x7d, 0x45, 0xd0, 0x1f, 0xde, 0xdc, 0x5a, 0x27, 0x15, 0x18, 0x93, 0x2b, 0x42, 0xdf, 0x13, 0xce,
+	0xbb, 0x41, 0xbf, 0x3d, 0xea, 0xf7, 0x14, 0xb0, 0xcb, 0xbb, 0x29, 0x0a, 0x19, 0x8a, 0x38, 0x0f,
+	0xc6, 0xbe, 0xef, 0xf9, 0x2f, 0x15, 0x71, 0x97, 0x07, 0x39, 0x21, 0x98, 0xc4, 0x9c, 0x0f, 0x47,
+	0x97, 0x83, 0x41, 0xbf, 0xa7, 0xec, 0xed, 0xf2, 0x21, 0xa3, 0x49, 0x82, 0x22, 0xf5, 0x29, 0x94,
+	0x06, 0xed, 0xf1, 0xb0, 0xdf, 0x53, 0xf6, 0x75, 0xe5, 0xe6, 0xd6, 0x3a, 0xae, 0xf0, 0x20, 0xcc,
+	0xb3, 0x6a, 0x3a, 0xa7, 0x7c, 0xfa, 0xc1, 0xee, 0x6d, 0x8e, 0x31, 0x89, 0xf5, 0xd3, 0x4f, 0x5f,
+	0x0c, 0xe1, 0xdb, 0x57, 0xa3, 0xfe, 0x4d, 0x47, 0x5b, 0xdd, 0x19, 0xc2, 0xcf, 0x3b, 0x43, 0xf8,
+	0x58, 0x18, 0x60, 0x55, 0x18, 0xe0, 0x7b, 0x61, 0x80, 0xdf, 0x85, 0x01, 0xde, 0x08, 0x53, 0xa9,
+	0x0c, 0xe2, 0xe2, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc3, 0x32, 0xd2, 0x86, 0x50, 0x03, 0x00,
+	0x00,
+}
+
 func (m *Process) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -121,80 +217,94 @@ func (m *Process) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Process) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Process) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.ID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExitedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt):])
+	if err1 != nil {
+		return 0, err1
 	}
-	if m.Pid != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
-	}
-	if m.Status != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.Status))
-	}
-	if len(m.Stdin) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.Stdin)))
-		i += copy(dAtA[i:], m.Stdin)
-	}
-	if len(m.Stdout) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.Stdout)))
-		i += copy(dAtA[i:], m.Stdout)
-	}
-	if len(m.Stderr) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(len(m.Stderr)))
-		i += copy(dAtA[i:], m.Stderr)
+	i -= n1
+	i = encodeVarintTask(dAtA, i, uint64(n1))
+	i--
+	dAtA[i] = 0x52
+	if m.ExitStatus != 0 {
+		i = encodeVarintTask(dAtA, i, uint64(m.ExitStatus))
+		i--
+		dAtA[i] = 0x48
 	}
 	if m.Terminal {
-		dAtA[i] = 0x40
-		i++
+		i--
 		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x40
 	}
-	if m.ExitStatus != 0 {
-		dAtA[i] = 0x48
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.ExitStatus))
+	if len(m.Stderr) > 0 {
+		i -= len(m.Stderr)
+		copy(dAtA[i:], m.Stderr)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.Stderr)))
+		i--
+		dAtA[i] = 0x3a
 	}
-	dAtA[i] = 0x52
-	i++
-	i = encodeVarintTask(dAtA, i, uint64(types.SizeOfStdTime(m.ExitedAt)))
-	n1, err := types.StdTimeMarshalTo(m.ExitedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Stdout) > 0 {
+		i -= len(m.Stdout)
+		copy(dAtA[i:], m.Stdout)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.Stdout)))
+		i--
+		dAtA[i] = 0x32
+	}
+	if len(m.Stdin) > 0 {
+		i -= len(m.Stdin)
+		copy(dAtA[i:], m.Stdin)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.Stdin)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if m.Status != 0 {
+		i = encodeVarintTask(dAtA, i, uint64(m.Status))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Pid != 0 {
+		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTask(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	i += n1
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ProcessInfo) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -202,38 +312,54 @@ func (m *ProcessInfo) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ProcessInfo) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ProcessInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Pid != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Info != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTask(dAtA, i, uint64(m.Info.Size()))
-		n2, err := m.Info.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Info.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTask(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Pid != 0 {
+		i = encodeVarintTask(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintTask(dAtA []byte, offset int, v uint64) int {
+	offset -= sovTask(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Process) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -268,12 +394,18 @@ func (m *Process) Size() (n int) {
 	if m.ExitStatus != 0 {
 		n += 1 + sovTask(uint64(m.ExitStatus))
 	}
-	l = types.SizeOfStdTime(m.ExitedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt)
 	n += 1 + l + sovTask(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ProcessInfo) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Pid != 0 {
@@ -283,18 +415,14 @@ func (m *ProcessInfo) Size() (n int) {
 		l = m.Info.Size()
 		n += 1 + l + sovTask(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovTask(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozTask(x uint64) (n int) {
 	return sovTask(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -313,7 +441,8 @@ func (this *Process) String() string {
 		`Stderr:` + fmt.Sprintf("%v", this.Stderr) + `,`,
 		`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
 		`ExitStatus:` + fmt.Sprintf("%v", this.ExitStatus) + `,`,
-		`ExitedAt:` + strings.Replace(strings.Replace(this.ExitedAt.String(), "Timestamp", "google_protobuf1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ExitedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExitedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -324,7 +453,8 @@ func (this *ProcessInfo) String() string {
 	}
 	s := strings.Join([]string{`&ProcessInfo{`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
-		`Info:` + strings.Replace(fmt.Sprintf("%v", this.Info), "Any", "google_protobuf2.Any", 1) + `,`,
+		`Info:` + strings.Replace(fmt.Sprintf("%v", this.Info), "Any", "types.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -352,7 +482,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -380,7 +510,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -390,6 +520,9 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -409,7 +542,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -419,6 +552,9 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -438,7 +574,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -457,7 +593,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Status |= (Status(b) & 0x7F) << shift
+				m.Status |= Status(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -476,7 +612,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -486,6 +622,9 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -505,7 +644,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -515,6 +654,9 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -534,7 +676,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -544,6 +686,9 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -563,7 +708,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -583,7 +728,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitStatus |= (uint32(b) & 0x7F) << shift
+				m.ExitStatus |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -602,7 +747,7 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -611,10 +756,13 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -624,12 +772,13 @@ func (m *Process) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -654,7 +803,7 @@ func (m *ProcessInfo) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -682,7 +831,7 @@ func (m *ProcessInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -701,7 +850,7 @@ func (m *ProcessInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -710,11 +859,14 @@ func (m *ProcessInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTask
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Info == nil {
-				m.Info = &google_protobuf2.Any{}
+				m.Info = &types.Any{}
 			}
 			if err := m.Info.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -726,12 +878,13 @@ func (m *ProcessInfo) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -744,6 +897,7 @@ func (m *ProcessInfo) Unmarshal(dAtA []byte) error {
 func skipTask(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -775,10 +929,8 @@ func skipTask(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -795,96 +947,34 @@ func skipTask(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthTask
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowTask
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipTask(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupTask
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthTask
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthTask = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowTask   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthTask        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowTask          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupTask = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/api/types/task/task.proto", fileDescriptorTask)
-}
-
-var fileDescriptorTask = []byte{
-	// 545 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x90, 0x3f, 0x6f, 0xd3, 0x40,
-	0x18, 0xc6, 0x7d, 0x6e, 0xeb, 0xa6, 0xe7, 0xb6, 0x18, 0x13, 0x55, 0xc6, 0x20, 0xdb, 0xea, 0x64,
-	0x31, 0xd8, 0x22, 0xdd, 0xd8, 0xf2, 0x4f, 0xc8, 0x42, 0x72, 0x23, 0x27, 0x11, 0x6c, 0x91, 0x13,
-	0x5f, 0xcc, 0xa9, 0xcd, 0x9d, 0x65, 0x9f, 0x81, 0x6c, 0x8c, 0xa8, 0x13, 0x5f, 0xa0, 0x13, 0x7c,
-	0x0a, 0x3e, 0x41, 0x46, 0x26, 0xc4, 0x14, 0xa8, 0x3f, 0x09, 0x3a, 0xdb, 0x49, 0x23, 0x60, 0x39,
-	0xbd, 0xef, 0xf3, 0x7b, 0xee, 0xbd, 0xf7, 0x1e, 0xf8, 0x22, 0xc6, 0xec, 0x6d, 0x3e, 0x75, 0x66,
-	0x74, 0xe1, 0xce, 0x28, 0x61, 0x21, 0x26, 0x28, 0x8d, 0x76, 0xcb, 0x30, 0xc1, 0x2e, 0x5b, 0x26,
-	0x28, 0x73, 0x59, 0x98, 0x5d, 0x95, 0x87, 0x93, 0xa4, 0x94, 0x51, 0xf5, 0xd1, 0xbd, 0xcb, 0x79,
-	0xf7, 0xdc, 0x29, 0x4d, 0x7a, 0x33, 0xa6, 0x31, 0x2d, 0xb9, 0xcb, 0xab, 0xca, 0xaa, 0x9b, 0x31,
-	0xa5, 0xf1, 0x35, 0x72, 0xcb, 0x6e, 0x9a, 0xcf, 0x5d, 0x86, 0x17, 0x28, 0x63, 0xe1, 0x22, 0xa9,
-	0x0d, 0x8f, 0xff, 0x36, 0x84, 0x64, 0x59, 0xa1, 0xf3, 0x42, 0x84, 0x87, 0x83, 0x94, 0xce, 0x50,
-	0x96, 0xa9, 0x2d, 0x78, 0xbc, 0x7d, 0x74, 0x82, 0x23, 0x0d, 0x58, 0xc0, 0x3e, 0xea, 0x3c, 0x28,
-	0xd6, 0xa6, 0xdc, 0xdd, 0xe8, 0x5e, 0x2f, 0x90, 0xb7, 0x26, 0x2f, 0x52, 0xcf, 0xa0, 0x88, 0x23,
-	0x4d, 0x2c, 0x9d, 0x52, 0xb1, 0x36, 0x45, 0xaf, 0x17, 0x88, 0x38, 0x52, 0x15, 0xb8, 0x97, 0xe0,
-	0x48, 0xdb, 0xb3, 0x80, 0x7d, 0x12, 0xf0, 0x52, 0xbd, 0x80, 0x52, 0xc6, 0x42, 0x96, 0x67, 0xda,
-	0xbe, 0x05, 0xec, 0xd3, 0xd6, 0x13, 0xe7, 0x3f, 0x3f, 0x74, 0x86, 0xa5, 0x25, 0xa8, 0xad, 0x6a,
-	0x13, 0x1e, 0x64, 0x2c, 0xc2, 0x44, 0x3b, 0xe0, 0x2f, 0x04, 0x55, 0xa3, 0x9e, 0xf1, 0x51, 0x11,
-	0xcd, 0x99, 0x26, 0x95, 0x72, 0xdd, 0xd5, 0x3a, 0x4a, 0x53, 0xed, 0x70, 0xab, 0xa3, 0x34, 0x55,
-	0x75, 0xd8, 0x60, 0x28, 0x5d, 0x60, 0x12, 0x5e, 0x6b, 0x0d, 0x0b, 0xd8, 0x8d, 0x60, 0xdb, 0xab,
-	0x26, 0x94, 0xd1, 0x07, 0xcc, 0x26, 0xf5, 0x6e, 0x47, 0xe5, 0xc2, 0x90, 0x4b, 0xd5, 0x2a, 0x6a,
-	0x1b, 0x1e, 0xf1, 0x0e, 0x45, 0x93, 0x90, 0x69, 0xd0, 0x02, 0xb6, 0xdc, 0xd2, 0x9d, 0x2a, 0x50,
-	0x67, 0x13, 0xa8, 0x33, 0xda, 0x24, 0xde, 0x69, 0xac, 0xd6, 0xa6, 0xf0, 0xf9, 0x97, 0x09, 0x82,
-	0x46, 0x75, 0xad, 0xcd, 0xce, 0x3d, 0x28, 0xd7, 0x19, 0x7b, 0x64, 0x4e, 0x37, 0xd9, 0x80, 0xfb,
-	0x6c, 0x6c, 0xb8, 0x8f, 0xc9, 0x9c, 0x96, 0x39, 0xca, 0xad, 0xe6, 0x3f, 0xe3, 0xdb, 0x64, 0x19,
-	0x94, 0x8e, 0x67, 0x3f, 0x00, 0x94, 0xea, 0xc5, 0x0c, 0x78, 0x38, 0xf6, 0x5f, 0xf9, 0x97, 0xaf,
-	0x7d, 0x45, 0xd0, 0x1f, 0xde, 0xdc, 0x5a, 0x27, 0x15, 0x18, 0x93, 0x2b, 0x42, 0xdf, 0x13, 0xce,
-	0xbb, 0x41, 0xbf, 0x3d, 0xea, 0xf7, 0x14, 0xb0, 0xcb, 0xbb, 0x29, 0x0a, 0x19, 0x8a, 0x38, 0x0f,
-	0xc6, 0xbe, 0xef, 0xf9, 0x2f, 0x15, 0x71, 0x97, 0x07, 0x39, 0x21, 0x98, 0xc4, 0x9c, 0x0f, 0x47,
-	0x97, 0x83, 0x41, 0xbf, 0xa7, 0xec, 0xed, 0xf2, 0x21, 0xa3, 0x49, 0x82, 0x22, 0xf5, 0x29, 0x94,
-	0x06, 0xed, 0xf1, 0xb0, 0xdf, 0x53, 0xf6, 0x75, 0xe5, 0xe6, 0xd6, 0x3a, 0xae, 0xf0, 0x20, 0xcc,
-	0xb3, 0x6a, 0x3a, 0xa7, 0x7c, 0xfa, 0xc1, 0xee, 0x6d, 0x8e, 0x31, 0x89, 0xf5, 0xd3, 0x4f, 0x5f,
-	0x0c, 0xe1, 0xdb, 0x57, 0xa3, 0xfe, 0x4d, 0x47, 0x5b, 0xdd, 0x19, 0xc2, 0xcf, 0x3b, 0x43, 0xf8,
-	0x58, 0x18, 0x60, 0x55, 0x18, 0xe0, 0x7b, 0x61, 0x80, 0xdf, 0x85, 0x01, 0xde, 0x08, 0x53, 0xa9,
-	0x0c, 0xe2, 0xe2, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc3, 0x32, 0xd2, 0x86, 0x50, 0x03, 0x00,
-	0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/api/types/task/task.proto b/vendor/github.com/containerd/containerd/api/types/task/task.proto
index da91cb033efb5..df08dfd99d943 100644
--- a/vendor/github.com/containerd/containerd/api/types/task/task.proto
+++ b/vendor/github.com/containerd/containerd/api/types/task/task.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.v1.types;
diff --git a/vendor/github.com/containerd/containerd/archive/compression/compression.go b/vendor/github.com/containerd/containerd/archive/compression/compression.go
index 60c80e98a5954..a883e4d58cef5 100644
--- a/vendor/github.com/containerd/containerd/archive/compression/compression.go
+++ b/vendor/github.com/containerd/containerd/archive/compression/compression.go
@@ -29,6 +29,7 @@ import (
 	"sync"
 
 	"github.com/containerd/containerd/log"
+	"github.com/klauspost/compress/zstd"
 )
 
 type (
@@ -41,6 +42,8 @@ const (
 	Uncompressed Compression = iota
 	// Gzip is gzip compression algorithm.
 	Gzip
+	// Zstd is zstd compression algorithm.
+	Zstd
 )
 
 const disablePigzEnv = "CONTAINERD_DISABLE_PIGZ"
@@ -126,6 +129,7 @@ func (r *bufferedReader) Peek(n int) ([]byte, error) {
 func DetectCompression(source []byte) Compression {
 	for compression, m := range map[Compression][]byte{
 		Gzip: {0x1F, 0x8B, 0x08},
+		Zstd: {0x28, 0xb5, 0x2f, 0xfd},
 	} {
 		if len(source) < len(m) {
 			// Len too short
@@ -174,19 +178,34 @@ func DecompressStream(archive io.Reader) (DecompressReadCloser, error) {
 				return gzReader.Close()
 			},
 		}, nil
+	case Zstd:
+		zstdReader, err := zstd.NewReader(buf)
+		if err != nil {
+			return nil, err
+		}
+		return &readCloserWrapper{
+			Reader:      zstdReader,
+			compression: compression,
+			closer: func() error {
+				zstdReader.Close()
+				return nil
+			},
+		}, nil
 
 	default:
 		return nil, fmt.Errorf("unsupported compression format %s", (&compression).Extension())
 	}
 }
 
-// CompressStream compresseses the dest with specified compression algorithm.
+// CompressStream compresses the dest with specified compression algorithm.
 func CompressStream(dest io.Writer, compression Compression) (io.WriteCloser, error) {
 	switch compression {
 	case Uncompressed:
 		return &writeCloserWrapper{dest, nil}, nil
 	case Gzip:
 		return gzip.NewWriter(dest), nil
+	case Zstd:
+		return zstd.NewWriter(dest)
 	default:
 		return nil, fmt.Errorf("unsupported compression format %s", (&compression).Extension())
 	}
@@ -197,6 +216,8 @@ func (compression *Compression) Extension() string {
 	switch *compression {
 	case Gzip:
 		return "gz"
+	case Zstd:
+		return "zst"
 	}
 	return ""
 }
diff --git a/vendor/github.com/containerd/containerd/archive/strconv.go b/vendor/github.com/containerd/containerd/archive/strconv.go
deleted file mode 100644
index 13746e4b64db1..0000000000000
--- a/vendor/github.com/containerd/containerd/archive/strconv.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// +build windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package archive
-
-import (
-	"strconv"
-	"strings"
-	"time"
-
-	"archive/tar"
-)
-
-// Forked from https://github.com/golang/go/blob/master/src/archive/tar/strconv.go
-// as archive/tar doesn't support CreationTime, but does handle PAX time parsing,
-// and there's no need to re-invent the wheel.
-
-// parsePAXTime takes a string of the form %d.%d as described in the PAX
-// specification. Note that this implementation allows for negative timestamps,
-// which is allowed for by the PAX specification, but not always portable.
-func parsePAXTime(s string) (time.Time, error) {
-	const maxNanoSecondDigits = 9
-
-	// Split string into seconds and sub-seconds parts.
-	ss, sn := s, ""
-	if pos := strings.IndexByte(s, '.'); pos >= 0 {
-		ss, sn = s[:pos], s[pos+1:]
-	}
-
-	// Parse the seconds.
-	secs, err := strconv.ParseInt(ss, 10, 64)
-	if err != nil {
-		return time.Time{}, tar.ErrHeader
-	}
-	if len(sn) == 0 {
-		return time.Unix(secs, 0), nil // No sub-second values
-	}
-
-	// Parse the nanoseconds.
-	if strings.Trim(sn, "0123456789") != "" {
-		return time.Time{}, tar.ErrHeader
-	}
-	if len(sn) < maxNanoSecondDigits {
-		sn += strings.Repeat("0", maxNanoSecondDigits-len(sn)) // Right pad
-	} else {
-		sn = sn[:maxNanoSecondDigits] // Right truncate
-	}
-	nsecs, _ := strconv.ParseInt(sn, 10, 64) // Must succeed
-	if len(ss) > 0 && ss[0] == '-' {
-		return time.Unix(secs, -nsecs), nil // Negative correction
-	}
-	return time.Unix(secs, nsecs), nil
-}
diff --git a/vendor/github.com/containerd/containerd/archive/tar.go b/vendor/github.com/containerd/containerd/archive/tar.go
index ac04e3e023826..78a287317f0c9 100644
--- a/vendor/github.com/containerd/containerd/archive/tar.go
+++ b/vendor/github.com/containerd/containerd/archive/tar.go
@@ -19,9 +19,7 @@ package archive
 import (
 	"archive/tar"
 	"context"
-	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -65,13 +63,34 @@ func Diff(ctx context.Context, a, b string) io.ReadCloser {
 }
 
 // WriteDiff writes a tar stream of the computed difference between the
-// provided directories.
+// provided paths.
 //
 // Produces a tar using OCI style file markers for deletions. Deleted
 // files will be prepended with the prefix ".wh.". This style is
 // based off AUFS whiteouts.
 // See https://github.com/opencontainers/image-spec/blob/master/layer.md
-func WriteDiff(ctx context.Context, w io.Writer, a, b string) error {
+func WriteDiff(ctx context.Context, w io.Writer, a, b string, opts ...WriteDiffOpt) error {
+	var options WriteDiffOptions
+	for _, opt := range opts {
+		if err := opt(&options); err != nil {
+			return errors.Wrap(err, "failed to apply option")
+		}
+	}
+	if options.writeDiffFunc == nil {
+		options.writeDiffFunc = writeDiffNaive
+	}
+
+	return options.writeDiffFunc(ctx, w, a, b, options)
+}
+
+// writeDiffNaive writes a tar stream of the computed difference between the
+// provided directories on disk.
+//
+// Produces a tar using OCI style file markers for deletions. Deleted
+// files will be prepended with the prefix ".wh.". This style is
+// based off AUFS whiteouts.
+// See https://github.com/opencontainers/image-spec/blob/master/layer.md
+func writeDiffNaive(ctx context.Context, w io.Writer, a, b string, _ WriteDiffOptions) error {
 	cw := newChangeWriter(w, b)
 	err := fs.Changes(ctx, a, b, cw.HandleChange)
 	if err != nil {
@@ -91,16 +110,11 @@ const (
 	// archives.
 	whiteoutMetaPrefix = whiteoutPrefix + whiteoutPrefix
 
-	// whiteoutLinkDir is a directory AUFS uses for storing hardlink links to other
-	// layers. Normally these should not go into exported archives and all changed
-	// hardlinks should be copied to the top layer.
-	whiteoutLinkDir = whiteoutMetaPrefix + "plnk"
-
 	// whiteoutOpaqueDir file means directory has been made opaque - meaning
 	// readdir calls to this directory do not follow to lower layers.
 	whiteoutOpaqueDir = whiteoutMetaPrefix + ".opq"
 
-	paxSchilyXattr = "SCHILY.xattrs."
+	paxSchilyXattr = "SCHILY.xattr."
 )
 
 // Apply applies a tar stream of an OCI style diff tar.
@@ -117,25 +131,69 @@ func Apply(ctx context.Context, root string, r io.Reader, opts ...ApplyOpt) (int
 	if options.Filter == nil {
 		options.Filter = all
 	}
+	if options.applyFunc == nil {
+		options.applyFunc = applyNaive
+	}
 
-	return apply(ctx, root, tar.NewReader(r), options)
+	return options.applyFunc(ctx, root, r, options)
 }
 
-// applyNaive applies a tar stream of an OCI style diff tar.
+// applyNaive applies a tar stream of an OCI style diff tar to a directory
+// applying each file as either a whole file or whiteout.
 // See https://github.com/opencontainers/image-spec/blob/master/layer.md#applying-changesets
-func applyNaive(ctx context.Context, root string, tr *tar.Reader, options ApplyOptions) (size int64, err error) {
+func applyNaive(ctx context.Context, root string, r io.Reader, options ApplyOptions) (size int64, err error) {
 	var (
 		dirs []*tar.Header
 
+		tr = tar.NewReader(r)
+
 		// Used for handling opaque directory markers which
 		// may occur out of order
 		unpackedPaths = make(map[string]struct{})
 
-		// Used for aufs plink directory
-		aufsTempdir   = ""
-		aufsHardlinks = make(map[string]*tar.Header)
+		convertWhiteout = options.ConvertWhiteout
 	)
 
+	if convertWhiteout == nil {
+		// handle whiteouts by removing the target files
+		convertWhiteout = func(hdr *tar.Header, path string) (bool, error) {
+			base := filepath.Base(path)
+			dir := filepath.Dir(path)
+			if base == whiteoutOpaqueDir {
+				_, err := os.Lstat(dir)
+				if err != nil {
+					return false, err
+				}
+				err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+					if err != nil {
+						if os.IsNotExist(err) {
+							err = nil // parent was deleted
+						}
+						return err
+					}
+					if path == dir {
+						return nil
+					}
+					if _, exists := unpackedPaths[path]; !exists {
+						err := os.RemoveAll(path)
+						return err
+					}
+					return nil
+				})
+				return false, err
+			}
+
+			if strings.HasPrefix(base, whiteoutPrefix) {
+				originalBase := base[len(whiteoutPrefix):]
+				originalPath := filepath.Join(dir, originalBase)
+
+				return false, os.RemoveAll(originalPath)
+			}
+
+			return true, nil
+		}
+	}
+
 	// Iterate through the files in the archive.
 	for {
 		select {
@@ -193,85 +251,21 @@ func applyNaive(ctx context.Context, root string, tr *tar.Reader, options ApplyO
 			if base == "" {
 				parentPath = filepath.Dir(path)
 			}
-			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = mkdirAll(parentPath, 0700)
-				if err != nil {
-					return 0, err
-				}
+			if err := mkparent(ctx, parentPath, root, options.Parents); err != nil {
+				return 0, err
 			}
 		}
 
-		// Skip AUFS metadata dirs
-		if strings.HasPrefix(hdr.Name, whiteoutMetaPrefix) {
-			// Regular files inside /.wh..wh.plnk can be used as hardlink targets
-			// We don't want this directory, but we need the files in them so that
-			// such hardlinks can be resolved.
-			if strings.HasPrefix(hdr.Name, whiteoutLinkDir) && hdr.Typeflag == tar.TypeReg {
-				basename := filepath.Base(hdr.Name)
-				aufsHardlinks[basename] = hdr
-				if aufsTempdir == "" {
-					if aufsTempdir, err = ioutil.TempDir(os.Getenv("XDG_RUNTIME_DIR"), "dockerplnk"); err != nil {
-						return 0, err
-					}
-					defer os.RemoveAll(aufsTempdir)
-				}
-				p, err := fs.RootPath(aufsTempdir, basename)
-				if err != nil {
-					return 0, err
-				}
-				if err := createTarFile(ctx, p, root, hdr, tr); err != nil {
-					return 0, err
-				}
-			}
-
-			if hdr.Name != whiteoutOpaqueDir {
-				continue
-			}
+		// Naive whiteout convert function which handles whiteout files by
+		// removing the target files.
+		if err := validateWhiteout(path); err != nil {
+			return 0, err
 		}
-
-		if strings.HasPrefix(base, whiteoutPrefix) {
-			dir := filepath.Dir(path)
-			if base == whiteoutOpaqueDir {
-				_, err := os.Lstat(dir)
-				if err != nil {
-					return 0, err
-				}
-				err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
-					if err != nil {
-						if os.IsNotExist(err) {
-							err = nil // parent was deleted
-						}
-						return err
-					}
-					if path == dir {
-						return nil
-					}
-					if _, exists := unpackedPaths[path]; !exists {
-						err := os.RemoveAll(path)
-						return err
-					}
-					return nil
-				})
-				if err != nil {
-					return 0, err
-				}
-				continue
-			}
-
-			originalBase := base[len(whiteoutPrefix):]
-			originalPath := filepath.Join(dir, originalBase)
-
-			// Ensure originalPath is under dir
-			if dir[len(dir)-1] != filepath.Separator {
-				dir += string(filepath.Separator)
-			}
-			if !strings.HasPrefix(originalPath, dir) {
-				return 0, errors.Wrapf(errInvalidArchive, "invalid whiteout name: %v", base)
-			}
-
-			if err := os.RemoveAll(originalPath); err != nil {
-				return 0, err
-			}
+		writeFile, err := convertWhiteout(hdr, path)
+		if err != nil {
+			return 0, errors.Wrapf(err, "failed to convert whiteout file %q", hdr.Name)
+		}
+		if !writeFile {
 			continue
 		}
 		// If path exits we almost always just want to remove and replace it.
@@ -289,26 +283,6 @@ func applyNaive(ctx context.Context, root string, tr *tar.Reader, options ApplyO
 		srcData := io.Reader(tr)
 		srcHdr := hdr
 
-		// Hard links into /.wh..wh.plnk don't work, as we don't extract that directory, so
-		// we manually retarget these into the temporary files we extracted them into
-		if hdr.Typeflag == tar.TypeLink && strings.HasPrefix(filepath.Clean(hdr.Linkname), whiteoutLinkDir) {
-			linkBasename := filepath.Base(hdr.Linkname)
-			srcHdr = aufsHardlinks[linkBasename]
-			if srcHdr == nil {
-				return 0, fmt.Errorf("Invalid aufs hardlink")
-			}
-			p, err := fs.RootPath(aufsTempdir, linkBasename)
-			if err != nil {
-				return 0, err
-			}
-			tmpFile, err := os.Open(p)
-			if err != nil {
-				return 0, err
-			}
-			defer tmpFile.Close()
-			srcData = tmpFile
-		}
-
 		if err := createTarFile(ctx, path, root, srcHdr, srcData); err != nil {
 			return 0, err
 		}
@@ -410,7 +384,7 @@ func createTarFile(ctx context.Context, path, extractDir string, hdr *tar.Header
 		if strings.HasPrefix(key, paxSchilyXattr) {
 			key = key[len(paxSchilyXattr):]
 			if err := setxattr(path, key, value); err != nil {
-				if errors.Cause(err) == syscall.ENOTSUP {
+				if errors.Is(err, syscall.ENOTSUP) {
 					log.G(ctx).WithError(err).Warnf("ignored xattr %s in archive", key)
 					continue
 				}
@@ -419,15 +393,74 @@ func createTarFile(ctx context.Context, path, extractDir string, hdr *tar.Header
 		}
 	}
 
-	// There is no LChmod, so ignore mode for symlink. Also, this
-	// must happen after chown, as that can modify the file mode
-	if err := handleLChmod(hdr, path, hdrInfo); err != nil {
+	// call lchmod after lchown since lchown can modify the file mode
+	if err := lchmod(path, hdrInfo.Mode()); err != nil {
 		return err
 	}
 
 	return chtimes(path, boundTime(latestTime(hdr.AccessTime, hdr.ModTime)), boundTime(hdr.ModTime))
 }
 
+func mkparent(ctx context.Context, path, root string, parents []string) error {
+	if dir, err := os.Lstat(path); err == nil {
+		if dir.IsDir() {
+			return nil
+		}
+		return &os.PathError{
+			Op:   "mkparent",
+			Path: path,
+			Err:  syscall.ENOTDIR,
+		}
+	} else if !os.IsNotExist(err) {
+		return err
+	}
+
+	i := len(path)
+	for i > len(root) && !os.IsPathSeparator(path[i-1]) {
+		i--
+	}
+
+	if i > len(root)+1 {
+		if err := mkparent(ctx, path[:i-1], root, parents); err != nil {
+			return err
+		}
+	}
+
+	if err := mkdir(path, 0755); err != nil {
+		// Check that still doesn't exist
+		dir, err1 := os.Lstat(path)
+		if err1 == nil && dir.IsDir() {
+			return nil
+		}
+		return err
+	}
+
+	for _, p := range parents {
+		ppath, err := fs.RootPath(p, path[len(root):])
+		if err != nil {
+			return err
+		}
+
+		dir, err := os.Lstat(ppath)
+		if err == nil {
+			if !dir.IsDir() {
+				// Replaced, do not copy attributes
+				break
+			}
+			if err := copyDirInfo(dir, path); err != nil {
+				return err
+			}
+			return copyUpXAttrs(path, ppath)
+		} else if !os.IsNotExist(err) {
+			return err
+		}
+	}
+
+	log.G(ctx).Debugf("parent directory %q not found: default permissions(0755) used", path)
+
+	return nil
+}
+
 type changeWriter struct {
 	tw        *tar.Writer
 	source    string
@@ -493,6 +526,12 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
 
 		hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode)))
 
+		// truncate timestamp for compatibility. without PAX stdlib rounds timestamps instead
+		hdr.Format = tar.FormatPAX
+		hdr.ModTime = hdr.ModTime.Truncate(time.Second)
+		hdr.AccessTime = time.Time{}
+		hdr.ChangeTime = time.Time{}
+
 		name := p
 		if strings.HasPrefix(name, string(filepath.Separator)) {
 			name, err = filepath.Rel(string(filepath.Separator), name)
@@ -598,6 +637,9 @@ func (cw *changeWriter) Close() error {
 }
 
 func (cw *changeWriter) includeParents(hdr *tar.Header) error {
+	if cw.addedDirs == nil {
+		return nil
+	}
 	name := strings.TrimRight(hdr.Name, "/")
 	fname := filepath.Join(cw.source, name)
 	parent := filepath.Dir(name)
@@ -684,3 +726,26 @@ func hardlinkRootPath(root, linkname string) (string, error) {
 	}
 	return targetPath, nil
 }
+
+func validateWhiteout(path string) error {
+	base := filepath.Base(path)
+	dir := filepath.Dir(path)
+
+	if base == whiteoutOpaqueDir {
+		return nil
+	}
+
+	if strings.HasPrefix(base, whiteoutPrefix) {
+		originalBase := base[len(whiteoutPrefix):]
+		originalPath := filepath.Join(dir, originalBase)
+
+		// Ensure originalPath is under dir
+		if dir[len(dir)-1] != filepath.Separator {
+			dir += string(filepath.Separator)
+		}
+		if !strings.HasPrefix(originalPath, dir) {
+			return errors.Wrapf(errInvalidArchive, "invalid whiteout name: %v", base)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/containerd/containerd/archive/tar_freebsd.go b/vendor/github.com/containerd/containerd/archive/tar_freebsd.go
new file mode 100644
index 0000000000000..ce4dffd6dd9f4
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/archive/tar_freebsd.go
@@ -0,0 +1,48 @@
+// +build freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package archive
+
+import (
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+// mknod wraps unix.Mknod.  FreeBSD's unix.Mknod signature is different from
+// other Unix and Unix-like operating systems.
+func mknod(path string, mode uint32, dev uint64) error {
+	return unix.Mknod(path, mode, dev)
+}
+
+// lsetxattrCreate wraps unix.Lsetxattr with FreeBSD-specific flags and errors
+func lsetxattrCreate(link string, attr string, data []byte) error {
+	err := unix.Lsetxattr(link, attr, data, 0)
+	if err == unix.ENOTSUP || err == unix.EEXIST {
+		return nil
+	}
+	return err
+}
+
+func lchmod(path string, mode os.FileMode) error {
+	err := unix.Fchmodat(unix.AT_FDCWD, path, uint32(mode), unix.AT_SYMLINK_NOFOLLOW)
+	if err != nil {
+		err = &os.PathError{Op: "lchmod", Path: path, Err: err}
+	}
+	return err
+}
diff --git a/vendor/github.com/containerd/containerd/archive/tar_mostunix.go b/vendor/github.com/containerd/containerd/archive/tar_mostunix.go
new file mode 100644
index 0000000000000..9cd1f0fa8f845
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/archive/tar_mostunix.go
@@ -0,0 +1,55 @@
+// +build !windows,!freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package archive
+
+import (
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+// mknod wraps Unix.Mknod and casts dev to int
+func mknod(path string, mode uint32, dev uint64) error {
+	return unix.Mknod(path, mode, int(dev))
+}
+
+// lsetxattrCreate wraps unix.Lsetxattr, passes the unix.XATTR_CREATE flag on
+// supported operating systems,and ignores appropriate errors
+func lsetxattrCreate(link string, attr string, data []byte) error {
+	err := unix.Lsetxattr(link, attr, data, unix.XATTR_CREATE)
+	if err == unix.ENOTSUP || err == unix.ENODATA || err == unix.EEXIST {
+		return nil
+	}
+	return err
+}
+
+// lchmod checks for symlink and changes the mode if not a symlink
+func lchmod(path string, mode os.FileMode) error {
+	fi, err := os.Lstat(path)
+	if err != nil {
+		return err
+	}
+
+	if fi.Mode()&os.ModeSymlink == 0 {
+		if err := os.Chmod(path, mode); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/containerd/containerd/archive/tar_opts.go b/vendor/github.com/containerd/containerd/archive/tar_opts.go
index a08bc102a7fe4..58985555a50a6 100644
--- a/vendor/github.com/containerd/containerd/archive/tar_opts.go
+++ b/vendor/github.com/containerd/containerd/archive/tar_opts.go
@@ -16,7 +16,20 @@
 
 package archive
 
-import "archive/tar"
+import (
+	"archive/tar"
+	"context"
+	"io"
+)
+
+// ApplyOptions provides additional options for an Apply operation
+type ApplyOptions struct {
+	Filter          Filter          // Filter tar headers
+	ConvertWhiteout ConvertWhiteout // Convert whiteout files
+	Parents         []string        // Parent directories to handle inherited attributes without CoW
+
+	applyFunc func(context.Context, string, io.Reader, ApplyOptions) (int64, error)
+}
 
 // ApplyOpt allows setting mutable archive apply properties on creation
 type ApplyOpt func(options *ApplyOptions) error
@@ -24,6 +37,9 @@ type ApplyOpt func(options *ApplyOptions) error
 // Filter specific files from the archive
 type Filter func(*tar.Header) (bool, error)
 
+// ConvertWhiteout converts whiteout files from the archive
+type ConvertWhiteout func(*tar.Header, string) (bool, error)
+
 // all allows all files
 func all(_ *tar.Header) (bool, error) {
 	return true, nil
@@ -36,3 +52,34 @@ func WithFilter(f Filter) ApplyOpt {
 		return nil
 	}
 }
+
+// WithConvertWhiteout uses the convert function to convert the whiteout files.
+func WithConvertWhiteout(c ConvertWhiteout) ApplyOpt {
+	return func(options *ApplyOptions) error {
+		options.ConvertWhiteout = c
+		return nil
+	}
+}
+
+// WithParents provides parent directories for resolving inherited attributes
+// directory from the filesystem.
+// Inherited attributes are searched from first to last, making the first
+// element in the list the most immediate parent directory.
+// NOTE: When applying to a filesystem which supports CoW, file attributes
+// should be inherited by the filesystem.
+func WithParents(p []string) ApplyOpt {
+	return func(options *ApplyOptions) error {
+		options.Parents = p
+		return nil
+	}
+}
+
+// WriteDiffOptions provides additional options for a WriteDiff operation
+type WriteDiffOptions struct {
+	ParentLayers []string // Windows needs the full list of parent layers
+
+	writeDiffFunc func(context.Context, io.Writer, string, string, WriteDiffOptions) error
+}
+
+// WriteDiffOpt allows setting mutable archive write properties on creation
+type WriteDiffOpt func(options *WriteDiffOptions) error
diff --git a/vendor/github.com/containerd/containerd/archive/tar_opts_linux.go b/vendor/github.com/containerd/containerd/archive/tar_opts_linux.go
new file mode 100644
index 0000000000000..38ef9e9bc7893
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/archive/tar_opts_linux.go
@@ -0,0 +1,59 @@
+// +build linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package archive
+
+import (
+	"archive/tar"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"golang.org/x/sys/unix"
+)
+
+// AufsConvertWhiteout converts whiteout files for aufs.
+func AufsConvertWhiteout(_ *tar.Header, _ string) (bool, error) {
+	return true, nil
+}
+
+// OverlayConvertWhiteout converts whiteout files for overlay.
+func OverlayConvertWhiteout(hdr *tar.Header, path string) (bool, error) {
+	base := filepath.Base(path)
+	dir := filepath.Dir(path)
+
+	// if a directory is marked as opaque, we need to translate that to overlay
+	if base == whiteoutOpaqueDir {
+		// don't write the file itself
+		return false, unix.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0)
+	}
+
+	// if a file was deleted and we are using overlay, we need to create a character device
+	if strings.HasPrefix(base, whiteoutPrefix) {
+		originalBase := base[len(whiteoutPrefix):]
+		originalPath := filepath.Join(dir, originalBase)
+
+		if err := unix.Mknod(originalPath, unix.S_IFCHR, 0); err != nil {
+			return false, err
+		}
+		// don't write the file itself
+		return false, os.Chown(originalPath, hdr.Uid, hdr.Gid)
+	}
+
+	return true, nil
+}
diff --git a/vendor/github.com/containerd/containerd/archive/tar_opts_unix.go b/vendor/github.com/containerd/containerd/archive/tar_opts_unix.go
deleted file mode 100644
index 173826967945b..0000000000000
--- a/vendor/github.com/containerd/containerd/archive/tar_opts_unix.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package archive
-
-// ApplyOptions provides additional options for an Apply operation
-type ApplyOptions struct {
-	Filter Filter // Filter tar headers
-}
diff --git a/vendor/github.com/containerd/containerd/archive/tar_opts_windows.go b/vendor/github.com/containerd/containerd/archive/tar_opts_windows.go
index e4b15a1634b5c..d3b8f4fb93e1f 100644
--- a/vendor/github.com/containerd/containerd/archive/tar_opts_windows.go
+++ b/vendor/github.com/containerd/containerd/archive/tar_opts_windows.go
@@ -18,20 +18,17 @@
 
 package archive
 
-// ApplyOptions provides additional options for an Apply operation
-type ApplyOptions struct {
-	ParentLayerPaths        []string // Parent layer paths used for Windows layer apply
-	IsWindowsContainerLayer bool     // True if the tar stream to be applied is a Windows Container Layer
-	Filter                  Filter   // Filter tar headers
-}
+import (
+	"context"
+	"io"
 
-// WithParentLayers adds parent layers to the apply process this is required
-// for all Windows layers except the base layer.
-func WithParentLayers(parentPaths []string) ApplyOpt {
-	return func(options *ApplyOptions) error {
-		options.ParentLayerPaths = parentPaths
-		return nil
-	}
+	"github.com/Microsoft/hcsshim/pkg/ociwclayer"
+)
+
+// applyWindowsLayer applies a tar stream of an OCI style diff tar of a Windows layer
+// See https://github.com/opencontainers/image-spec/blob/master/layer.md#applying-changesets
+func applyWindowsLayer(ctx context.Context, root string, r io.Reader, options ApplyOptions) (size int64, err error) {
+	return ociwclayer.ImportLayerFromTar(ctx, r, root, options.Parents)
 }
 
 // AsWindowsContainerLayer indicates that the tar stream to apply is that of
@@ -39,7 +36,37 @@ func WithParentLayers(parentPaths []string) ApplyOpt {
 // SeRestorePrivilege.
 func AsWindowsContainerLayer() ApplyOpt {
 	return func(options *ApplyOptions) error {
-		options.IsWindowsContainerLayer = true
+		options.applyFunc = applyWindowsLayer
+		return nil
+	}
+}
+
+// writeDiffWindowsLayers writes a tar stream of the computed difference between the
+// provided Windows layers
+//
+// Produces a tar using OCI style file markers for deletions. Deleted
+// files will be prepended with the prefix ".wh.". This style is
+// based off AUFS whiteouts.
+// See https://github.com/opencontainers/image-spec/blob/master/layer.md
+func writeDiffWindowsLayers(ctx context.Context, w io.Writer, _, layer string, options WriteDiffOptions) error {
+	return ociwclayer.ExportLayerToTar(ctx, w, layer, options.ParentLayers)
+}
+
+// AsWindowsContainerLayerPair indicates that the paths to diff are a pair of
+// Windows Container Layers. The caller must be holding SeBackupPrivilege.
+func AsWindowsContainerLayerPair() WriteDiffOpt {
+	return func(options *WriteDiffOptions) error {
+		options.writeDiffFunc = writeDiffWindowsLayers
+		return nil
+	}
+}
+
+// WithParentLayers provides the Windows Container Layers that are the parents
+// of the target (right-hand, "upper") layer, if any. The source (left-hand, "lower")
+// layer passed to WriteDiff should be "" in this case.
+func WithParentLayers(p []string) WriteDiffOpt {
+	return func(options *WriteDiffOptions) error {
+		options.ParentLayers = p
 		return nil
 	}
 }
diff --git a/vendor/github.com/containerd/containerd/archive/tar_unix.go b/vendor/github.com/containerd/containerd/archive/tar_unix.go
index 022dd6d4f4946..cd2be74a0838f 100644
--- a/vendor/github.com/containerd/containerd/archive/tar_unix.go
+++ b/vendor/github.com/containerd/containerd/archive/tar_unix.go
@@ -20,13 +20,13 @@ package archive
 
 import (
 	"archive/tar"
-	"context"
 	"os"
-	"sync"
+	"strings"
 	"syscall"
 
+	"github.com/containerd/containerd/pkg/userns"
+	"github.com/containerd/continuity/fs"
 	"github.com/containerd/continuity/sysx"
-	"github.com/opencontainers/runc/libcontainer/system"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
@@ -74,10 +74,6 @@ func openFile(name string, flag int, perm os.FileMode) (*os.File, error) {
 	return f, err
 }
 
-func mkdirAll(path string, perm os.FileMode) error {
-	return os.MkdirAll(path, perm)
-}
-
 func mkdir(path string, perm os.FileMode) error {
 	if err := os.Mkdir(path, perm); err != nil {
 		return err
@@ -87,21 +83,11 @@ func mkdir(path string, perm os.FileMode) error {
 	return os.Chmod(path, perm)
 }
 
-var (
-	inUserNS bool
-	nsOnce   sync.Once
-)
-
-func setInUserNS() {
-	inUserNS = system.RunningInUserNS()
-}
-
 func skipFile(hdr *tar.Header) bool {
 	switch hdr.Typeflag {
 	case tar.TypeBlock, tar.TypeChar:
 		// cannot create a device if running in user namespace
-		nsOnce.Do(setInUserNS)
-		return inUserNS
+		return userns.RunningInUserNS()
 	default:
 		return false
 	}
@@ -122,22 +108,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
 		mode |= unix.S_IFIFO
 	}
 
-	return unix.Mknod(path, mode, int(unix.Mkdev(uint32(hdr.Devmajor), uint32(hdr.Devminor))))
-}
-
-func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
-	if hdr.Typeflag == tar.TypeLink {
-		if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
-			if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
-				return err
-			}
-		}
-	} else if hdr.Typeflag != tar.TypeSymlink {
-		if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
-			return err
-		}
-	}
-	return nil
+	return mknod(path, mode, unix.Mkdev(uint32(hdr.Devmajor), uint32(hdr.Devminor)))
 }
 
 func getxattr(path, attr string) ([]byte, error) {
@@ -149,11 +120,71 @@ func getxattr(path, attr string) ([]byte, error) {
 }
 
 func setxattr(path, key, value string) error {
-	return sysx.LSetxattr(path, key, []byte(value), 0)
+	// Do not set trusted attributes
+	if strings.HasPrefix(key, "trusted.") {
+		return errors.Wrap(unix.ENOTSUP, "admin attributes from archive not supported")
+	}
+	return unix.Lsetxattr(path, key, []byte(value), 0)
 }
 
-// apply applies a tar stream of an OCI style diff tar.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md#applying-changesets
-func apply(ctx context.Context, root string, tr *tar.Reader, options ApplyOptions) (size int64, err error) {
-	return applyNaive(ctx, root, tr, options)
+func copyDirInfo(fi os.FileInfo, path string) error {
+	st := fi.Sys().(*syscall.Stat_t)
+	if err := os.Lchown(path, int(st.Uid), int(st.Gid)); err != nil {
+		if os.IsPermission(err) {
+			// Normally if uid/gid are the same this would be a no-op, but some
+			// filesystems may still return EPERM... for instance NFS does this.
+			// In such a case, this is not an error.
+			if dstStat, err2 := os.Lstat(path); err2 == nil {
+				st2 := dstStat.Sys().(*syscall.Stat_t)
+				if st.Uid == st2.Uid && st.Gid == st2.Gid {
+					err = nil
+				}
+			}
+		}
+		if err != nil {
+			return errors.Wrapf(err, "failed to chown %s", path)
+		}
+	}
+
+	if err := os.Chmod(path, fi.Mode()); err != nil {
+		return errors.Wrapf(err, "failed to chmod %s", path)
+	}
+
+	timespec := []unix.Timespec{
+		unix.NsecToTimespec(syscall.TimespecToNsec(fs.StatAtime(st))),
+		unix.NsecToTimespec(syscall.TimespecToNsec(fs.StatMtime(st))),
+	}
+	if err := unix.UtimesNanoAt(unix.AT_FDCWD, path, timespec, unix.AT_SYMLINK_NOFOLLOW); err != nil {
+		return errors.Wrapf(err, "failed to utime %s", path)
+	}
+
+	return nil
+}
+
+func copyUpXAttrs(dst, src string) error {
+	xattrKeys, err := sysx.LListxattr(src)
+	if err != nil {
+		if err == unix.ENOTSUP || err == sysx.ENODATA {
+			return nil
+		}
+		return errors.Wrapf(err, "failed to list xattrs on %s", src)
+	}
+	for _, xattr := range xattrKeys {
+		// Do not copy up trusted attributes
+		if strings.HasPrefix(xattr, "trusted.") {
+			continue
+		}
+		data, err := sysx.LGetxattr(src, xattr)
+		if err != nil {
+			if err == unix.ENOTSUP || err == sysx.ENODATA {
+				continue
+			}
+			return errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src)
+		}
+		if err := lsetxattrCreate(dst, xattr, data); err != nil {
+			return errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst)
+		}
+	}
+
+	return nil
 }
diff --git a/vendor/github.com/containerd/containerd/archive/tar_windows.go b/vendor/github.com/containerd/containerd/archive/tar_windows.go
index a3f585ac814b4..3184070ac5e60 100644
--- a/vendor/github.com/containerd/containerd/archive/tar_windows.go
+++ b/vendor/github.com/containerd/containerd/archive/tar_windows.go
@@ -20,49 +20,12 @@ package archive
 
 import (
 	"archive/tar"
-	"bufio"
-	"context"
-	"encoding/base64"
-	"errors"
 	"fmt"
-	"io"
 	"os"
-	"path"
-	"path/filepath"
-	"strconv"
 	"strings"
-	"syscall"
 
-	"github.com/Microsoft/go-winio"
-	"github.com/Microsoft/hcsshim"
 	"github.com/containerd/containerd/sys"
-)
-
-const (
-	// MSWINDOWS pax vendor extensions
-	hdrMSWindowsPrefix = "MSWINDOWS."
-
-	hdrFileAttributes        = hdrMSWindowsPrefix + "fileattr"
-	hdrSecurityDescriptor    = hdrMSWindowsPrefix + "sd"
-	hdrRawSecurityDescriptor = hdrMSWindowsPrefix + "rawsd"
-	hdrMountPoint            = hdrMSWindowsPrefix + "mountpoint"
-	hdrEaPrefix              = hdrMSWindowsPrefix + "xattr."
-
-	// LIBARCHIVE pax vendor extensions
-	hdrLibArchivePrefix = "LIBARCHIVE."
-
-	hdrCreateTime = hdrLibArchivePrefix + "creationtime"
-)
-
-var (
-	// mutatedFiles is a list of files that are mutated by the import process
-	// and must be backed up and restored.
-	mutatedFiles = map[string]string{
-		"UtilityVM/Files/EFI/Microsoft/Boot/BCD":      "bcd.bak",
-		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG":  "bcd.log.bak",
-		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG1": "bcd.log1.bak",
-		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG2": "bcd.log2.bak",
-	}
+	"github.com/pkg/errors"
 )
 
 // tarName returns platform-specific filepath
@@ -74,7 +37,7 @@ func tarName(p string) (string, error) {
 	// in file names, it is mostly safe to replace however we must
 	// check just in case
 	if strings.Contains(p, "/") {
-		return "", fmt.Errorf("Windows path contains forward slash: %s", p)
+		return "", fmt.Errorf("windows path contains forward slash: %s", p)
 	}
 
 	return strings.Replace(p, string(os.PathSeparator), "/", -1), nil
@@ -107,10 +70,6 @@ func openFile(name string, flag int, perm os.FileMode) (*os.File, error) {
 	return sys.OpenFileSequential(name, flag, perm)
 }
 
-func mkdirAll(path string, perm os.FileMode) error {
-	return sys.MkdirAll(path, perm)
-}
-
 func mkdir(path string, perm os.FileMode) error {
 	return os.Mkdir(path, perm)
 }
@@ -130,11 +89,7 @@ func skipFile(hdr *tar.Header) bool {
 	// specific or Linux-specific, this warning should be changed to an error
 	// to cater for the situation where someone does manage to upload a Linux
 	// image but have it tagged as Windows inadvertently.
-	if strings.Contains(hdr.Name, ":") {
-		return true
-	}
-
-	return false
+	return strings.Contains(hdr.Name, ":")
 }
 
 // handleTarTypeBlockCharFifo is an OS-specific helper function used by
@@ -143,7 +98,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
 	return nil
 }
 
-func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
+func lchmod(path string, mode os.FileMode) error {
 	return nil
 }
 
@@ -157,293 +112,13 @@ func setxattr(path, key, value string) error {
 	return errors.New("xattrs not supported on Windows")
 }
 
-// apply applies a tar stream of an OCI style diff tar of a Windows layer.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md#applying-changesets
-func apply(ctx context.Context, root string, tr *tar.Reader, options ApplyOptions) (size int64, err error) {
-	if options.IsWindowsContainerLayer {
-		return applyWindowsLayer(ctx, root, tr, options)
-	}
-	return applyNaive(ctx, root, tr, options)
-}
-
-// applyWindowsLayer applies a tar stream of an OCI style diff tar of a Windows layer.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md#applying-changesets
-func applyWindowsLayer(ctx context.Context, root string, tr *tar.Reader, options ApplyOptions) (size int64, err error) {
-	home, id := filepath.Split(root)
-	info := hcsshim.DriverInfo{
-		HomeDir: home,
-	}
-
-	w, err := hcsshim.NewLayerWriter(info, id, options.ParentLayerPaths)
-	if err != nil {
-		return 0, err
-	}
-	defer func() {
-		if err2 := w.Close(); err2 != nil {
-			// This error should not be discarded as a failure here
-			// could result in an invalid layer on disk
-			if err == nil {
-				err = err2
-			}
-		}
-	}()
-
-	buf := bufio.NewWriter(nil)
-	hdr, nextErr := tr.Next()
-	// Iterate through the files in the archive.
-	for {
-		select {
-		case <-ctx.Done():
-			return 0, ctx.Err()
-		default:
-		}
-
-		if nextErr == io.EOF {
-			// end of tar archive
-			break
-		}
-		if nextErr != nil {
-			return 0, nextErr
-		}
-
-		// Note: path is used instead of filepath to prevent OS specific handling
-		// of the tar path
-		base := path.Base(hdr.Name)
-		if strings.HasPrefix(base, whiteoutPrefix) {
-			dir := path.Dir(hdr.Name)
-			originalBase := base[len(whiteoutPrefix):]
-			originalPath := path.Join(dir, originalBase)
-			if err := w.Remove(filepath.FromSlash(originalPath)); err != nil {
-				return 0, err
-			}
-			hdr, nextErr = tr.Next()
-		} else if hdr.Typeflag == tar.TypeLink {
-			err := w.AddLink(filepath.FromSlash(hdr.Name), filepath.FromSlash(hdr.Linkname))
-			if err != nil {
-				return 0, err
-			}
-			hdr, nextErr = tr.Next()
-		} else {
-			name, fileSize, fileInfo, err := fileInfoFromHeader(hdr)
-			if err != nil {
-				return 0, err
-			}
-			if err := w.Add(filepath.FromSlash(name), fileInfo); err != nil {
-				return 0, err
-			}
-			size += fileSize
-			hdr, nextErr = tarToBackupStreamWithMutatedFiles(buf, w, tr, hdr, root)
-		}
-	}
-
-	return
-}
-
-// fileInfoFromHeader retrieves basic Win32 file information from a tar header, using the additional metadata written by
-// WriteTarFileFromBackupStream.
-func fileInfoFromHeader(hdr *tar.Header) (name string, size int64, fileInfo *winio.FileBasicInfo, err error) {
-	name = hdr.Name
-	if hdr.Typeflag == tar.TypeReg || hdr.Typeflag == tar.TypeRegA {
-		size = hdr.Size
-	}
-	fileInfo = &winio.FileBasicInfo{
-		LastAccessTime: syscall.NsecToFiletime(hdr.AccessTime.UnixNano()),
-		LastWriteTime:  syscall.NsecToFiletime(hdr.ModTime.UnixNano()),
-		ChangeTime:     syscall.NsecToFiletime(hdr.ChangeTime.UnixNano()),
-
-		// Default CreationTime to ModTime, updated below if MSWINDOWS.createtime exists
-		CreationTime: syscall.NsecToFiletime(hdr.ModTime.UnixNano()),
-	}
-	if attrStr, ok := hdr.PAXRecords[hdrFileAttributes]; ok {
-		attr, err := strconv.ParseUint(attrStr, 10, 32)
-		if err != nil {
-			return "", 0, nil, err
-		}
-		fileInfo.FileAttributes = uint32(attr)
-	} else {
-		if hdr.Typeflag == tar.TypeDir {
-			fileInfo.FileAttributes |= syscall.FILE_ATTRIBUTE_DIRECTORY
-		}
-	}
-	if createStr, ok := hdr.PAXRecords[hdrCreateTime]; ok {
-		createTime, err := parsePAXTime(createStr)
-		if err != nil {
-			return "", 0, nil, err
-		}
-		fileInfo.CreationTime = syscall.NsecToFiletime(createTime.UnixNano())
-	}
-	return
-}
-
-// tarToBackupStreamWithMutatedFiles reads data from a tar stream and
-// writes it to a backup stream, and also saves any files that will be mutated
-// by the import layer process to a backup location.
-func tarToBackupStreamWithMutatedFiles(buf *bufio.Writer, w io.Writer, t *tar.Reader, hdr *tar.Header, root string) (nextHdr *tar.Header, err error) {
-	var (
-		bcdBackup       *os.File
-		bcdBackupWriter *winio.BackupFileWriter
-	)
-	if backupPath, ok := mutatedFiles[hdr.Name]; ok {
-		bcdBackup, err = os.Create(filepath.Join(root, backupPath))
-		if err != nil {
-			return nil, err
-		}
-		defer func() {
-			cerr := bcdBackup.Close()
-			if err == nil {
-				err = cerr
-			}
-		}()
-
-		bcdBackupWriter = winio.NewBackupFileWriter(bcdBackup, false)
-		defer func() {
-			cerr := bcdBackupWriter.Close()
-			if err == nil {
-				err = cerr
-			}
-		}()
-
-		buf.Reset(io.MultiWriter(w, bcdBackupWriter))
-	} else {
-		buf.Reset(w)
+func copyDirInfo(fi os.FileInfo, path string) error {
+	if err := os.Chmod(path, fi.Mode()); err != nil {
+		return errors.Wrapf(err, "failed to chmod %s", path)
 	}
-
-	defer func() {
-		ferr := buf.Flush()
-		if err == nil {
-			err = ferr
-		}
-	}()
-
-	return writeBackupStreamFromTarFile(buf, t, hdr)
+	return nil
 }
 
-// writeBackupStreamFromTarFile writes a Win32 backup stream from the current tar file. Since this function may process multiple
-// tar file entries in order to collect all the alternate data streams for the file, it returns the next
-// tar file that was not processed, or io.EOF is there are no more.
-func writeBackupStreamFromTarFile(w io.Writer, t *tar.Reader, hdr *tar.Header) (*tar.Header, error) {
-	bw := winio.NewBackupStreamWriter(w)
-	var sd []byte
-	var err error
-	// Maintaining old SDDL-based behavior for backward compatibility.  All new tar headers written
-	// by this library will have raw binary for the security descriptor.
-	if sddl, ok := hdr.PAXRecords[hdrSecurityDescriptor]; ok {
-		sd, err = winio.SddlToSecurityDescriptor(sddl)
-		if err != nil {
-			return nil, err
-		}
-	}
-	if sdraw, ok := hdr.PAXRecords[hdrRawSecurityDescriptor]; ok {
-		sd, err = base64.StdEncoding.DecodeString(sdraw)
-		if err != nil {
-			return nil, err
-		}
-	}
-	if len(sd) != 0 {
-		bhdr := winio.BackupHeader{
-			Id:   winio.BackupSecurity,
-			Size: int64(len(sd)),
-		}
-		err := bw.WriteHeader(&bhdr)
-		if err != nil {
-			return nil, err
-		}
-		_, err = bw.Write(sd)
-		if err != nil {
-			return nil, err
-		}
-	}
-	var eas []winio.ExtendedAttribute
-	for k, v := range hdr.PAXRecords {
-		if !strings.HasPrefix(k, hdrEaPrefix) {
-			continue
-		}
-		data, err := base64.StdEncoding.DecodeString(v)
-		if err != nil {
-			return nil, err
-		}
-		eas = append(eas, winio.ExtendedAttribute{
-			Name:  k[len(hdrEaPrefix):],
-			Value: data,
-		})
-	}
-	if len(eas) != 0 {
-		eadata, err := winio.EncodeExtendedAttributes(eas)
-		if err != nil {
-			return nil, err
-		}
-		bhdr := winio.BackupHeader{
-			Id:   winio.BackupEaData,
-			Size: int64(len(eadata)),
-		}
-		err = bw.WriteHeader(&bhdr)
-		if err != nil {
-			return nil, err
-		}
-		_, err = bw.Write(eadata)
-		if err != nil {
-			return nil, err
-		}
-	}
-	if hdr.Typeflag == tar.TypeSymlink {
-		_, isMountPoint := hdr.PAXRecords[hdrMountPoint]
-		rp := winio.ReparsePoint{
-			Target:       filepath.FromSlash(hdr.Linkname),
-			IsMountPoint: isMountPoint,
-		}
-		reparse := winio.EncodeReparsePoint(&rp)
-		bhdr := winio.BackupHeader{
-			Id:   winio.BackupReparseData,
-			Size: int64(len(reparse)),
-		}
-		err := bw.WriteHeader(&bhdr)
-		if err != nil {
-			return nil, err
-		}
-		_, err = bw.Write(reparse)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	buf := bufPool.Get().(*[]byte)
-	defer bufPool.Put(buf)
-
-	if hdr.Typeflag == tar.TypeReg || hdr.Typeflag == tar.TypeRegA {
-		bhdr := winio.BackupHeader{
-			Id:   winio.BackupData,
-			Size: hdr.Size,
-		}
-		err := bw.WriteHeader(&bhdr)
-		if err != nil {
-			return nil, err
-		}
-		_, err = io.CopyBuffer(bw, t, *buf)
-		if err != nil {
-			return nil, err
-		}
-	}
-	// Copy all the alternate data streams and return the next non-ADS header.
-	for {
-		ahdr, err := t.Next()
-		if err != nil {
-			return nil, err
-		}
-		if ahdr.Typeflag != tar.TypeReg || !strings.HasPrefix(ahdr.Name, hdr.Name+":") {
-			return ahdr, nil
-		}
-		bhdr := winio.BackupHeader{
-			Id:   winio.BackupAlternateData,
-			Size: ahdr.Size,
-			Name: ahdr.Name[len(hdr.Name):] + ":$DATA",
-		}
-		err = bw.WriteHeader(&bhdr)
-		if err != nil {
-			return nil, err
-		}
-		_, err = io.CopyBuffer(bw, t, *buf)
-		if err != nil {
-			return nil, err
-		}
-	}
+func copyUpXAttrs(dst, src string) error {
+	return nil
 }
diff --git a/vendor/github.com/containerd/containerd/archive/time_darwin.go b/vendor/github.com/containerd/containerd/archive/time_darwin.go
deleted file mode 100644
index 9c2b656b04b74..0000000000000
--- a/vendor/github.com/containerd/containerd/archive/time_darwin.go
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package archive
-
-import (
-	"time"
-
-	"github.com/pkg/errors"
-)
-
-// as at MacOS 10.12 there is apparently no way to set timestamps
-// with nanosecond precision. We could fall back to utimes/lutimes
-// and lose the precision as a temporary workaround.
-func chtimes(path string, atime, mtime time.Time) error {
-	return errors.New("OSX missing UtimesNanoAt")
-}
diff --git a/vendor/github.com/containerd/containerd/archive/time_unix.go b/vendor/github.com/containerd/containerd/archive/time_unix.go
index 4a69cb7d0ed6a..e05ca719c2e6e 100644
--- a/vendor/github.com/containerd/containerd/archive/time_unix.go
+++ b/vendor/github.com/containerd/containerd/archive/time_unix.go
@@ -1,4 +1,4 @@
-// +build linux freebsd solaris
+// +build !windows
 
 /*
    Copyright The containerd Authors.
@@ -32,7 +32,7 @@ func chtimes(path string, atime, mtime time.Time) error {
 	utimes[1] = unix.NsecToTimespec(mtime.UnixNano())
 
 	if err := unix.UtimesNanoAt(unix.AT_FDCWD, path, utimes[0:], unix.AT_SYMLINK_NOFOLLOW); err != nil {
-		return errors.Wrap(err, "failed call to UtimesNanoAt")
+		return errors.Wrapf(err, "failed call to UtimesNanoAt for %s", path)
 	}
 
 	return nil
diff --git a/vendor/github.com/containerd/containerd/cio/io.go b/vendor/github.com/containerd/containerd/cio/io.go
index a9c6d2b156c62..8ee13edda4a37 100644
--- a/vendor/github.com/containerd/containerd/cio/io.go
+++ b/vendor/github.com/containerd/containerd/cio/io.go
@@ -18,10 +18,13 @@ package cio
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
+	"net/url"
 	"os"
 	"path/filepath"
+	"strings"
 	"sync"
 
 	"github.com/containerd/containerd/defaults"
@@ -77,7 +80,7 @@ type FIFOSet struct {
 
 // Close the FIFOSet
 func (f *FIFOSet) Close() error {
-	if f.close != nil {
+	if f != nil && f.close != nil {
 		return f.close()
 	}
 	return nil
@@ -222,46 +225,121 @@ type DirectIO struct {
 	cio
 }
 
-var _ IO = &DirectIO{}
+var (
+	_ IO = &DirectIO{}
+	_ IO = &logURI{}
+)
+
+// LogURI provides the raw logging URI
+func LogURI(uri *url.URL) Creator {
+	return func(_ string) (IO, error) {
+		return &logURI{
+			config: Config{
+				Stdout: uri.String(),
+				Stderr: uri.String(),
+			},
+		}, nil
+	}
+}
+
+// BinaryIO forwards container STDOUT|STDERR directly to a logging binary
+func BinaryIO(binary string, args map[string]string) Creator {
+	return func(_ string) (IO, error) {
+		uri, err := LogURIGenerator("binary", binary, args)
+		if err != nil {
+			return nil, err
+		}
+
+		res := uri.String()
+		return &logURI{
+			config: Config{
+				Stdout: res,
+				Stderr: res,
+			},
+		}, nil
+	}
+}
+
+// TerminalBinaryIO forwards container STDOUT|STDERR directly to a logging binary
+// It also sets the terminal option to true
+func TerminalBinaryIO(binary string, args map[string]string) Creator {
+	return func(_ string) (IO, error) {
+		uri, err := LogURIGenerator("binary", binary, args)
+		if err != nil {
+			return nil, err
+		}
+
+		res := uri.String()
+		return &logURI{
+			config: Config{
+				Stdout:   res,
+				Stderr:   res,
+				Terminal: true,
+			},
+		}, nil
+	}
+}
 
 // LogFile creates a file on disk that logs the task's STDOUT,STDERR.
 // If the log file already exists, the logs will be appended to the file.
 func LogFile(path string) Creator {
 	return func(_ string) (IO, error) {
-		if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
-			return nil, err
-		}
-		f, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		uri, err := LogURIGenerator("file", path, nil)
 		if err != nil {
 			return nil, err
 		}
-		f.Close()
-		return &logIO{
+
+		res := uri.String()
+		return &logURI{
 			config: Config{
-				Stdout: path,
-				Stderr: path,
+				Stdout: res,
+				Stderr: res,
 			},
 		}, nil
 	}
 }
 
-type logIO struct {
+// LogURIGenerator is the helper to generate log uri with specific scheme.
+func LogURIGenerator(scheme string, path string, args map[string]string) (*url.URL, error) {
+	path = filepath.Clean(path)
+	if !strings.HasPrefix(path, "/") {
+		return nil, errors.New("absolute path needed")
+	}
+
+	uri := &url.URL{
+		Scheme: scheme,
+		Path:   path,
+	}
+
+	if len(args) == 0 {
+		return uri, nil
+	}
+
+	q := uri.Query()
+	for k, v := range args {
+		q.Set(k, v)
+	}
+	uri.RawQuery = q.Encode()
+	return uri, nil
+}
+
+type logURI struct {
 	config Config
 }
 
-func (l *logIO) Config() Config {
+func (l *logURI) Config() Config {
 	return l.config
 }
 
-func (l *logIO) Cancel() {
+func (l *logURI) Cancel() {
 
 }
 
-func (l *logIO) Wait() {
+func (l *logURI) Wait() {
 
 }
 
-func (l *logIO) Close() error {
+func (l *logURI) Close() error {
 	return nil
 }
 
@@ -275,3 +353,7 @@ func Load(set *FIFOSet) (IO, error) {
 		closers: []io.Closer{set},
 	}, nil
 }
+
+func (p *pipes) closers() []io.Closer {
+	return []io.Closer{p.Stdin, p.Stdout, p.Stderr}
+}
diff --git a/vendor/github.com/containerd/containerd/cio/io_unix.go b/vendor/github.com/containerd/containerd/cio/io_unix.go
index 3ab2a30b0ca02..8b600673fe3b7 100644
--- a/vendor/github.com/containerd/containerd/cio/io_unix.go
+++ b/vendor/github.com/containerd/containerd/cio/io_unix.go
@@ -72,17 +72,19 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) {
 	}
 
 	var wg = &sync.WaitGroup{}
-	wg.Add(1)
-	go func() {
-		p := bufPool.Get().(*[]byte)
-		defer bufPool.Put(p)
-
-		io.CopyBuffer(ioset.Stdout, pipes.Stdout, *p)
-		pipes.Stdout.Close()
-		wg.Done()
-	}()
+	if fifos.Stdout != "" {
+		wg.Add(1)
+		go func() {
+			p := bufPool.Get().(*[]byte)
+			defer bufPool.Put(p)
 
-	if !fifos.Terminal {
+			io.CopyBuffer(ioset.Stdout, pipes.Stdout, *p)
+			pipes.Stdout.Close()
+			wg.Done()
+		}()
+	}
+
+	if !fifos.Terminal && fifos.Stderr != "" {
 		wg.Add(1)
 		go func() {
 			p := bufPool.Get().(*[]byte)
@@ -101,38 +103,36 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) {
 	}, nil
 }
 
-func openFifos(ctx context.Context, fifos *FIFOSet) (pipes, error) {
-	var err error
+func openFifos(ctx context.Context, fifos *FIFOSet) (f pipes, retErr error) {
 	defer func() {
-		if err != nil {
+		if retErr != nil {
 			fifos.Close()
 		}
 	}()
 
-	var f pipes
 	if fifos.Stdin != "" {
-		if f.Stdin, err = fifo.OpenFifo(ctx, fifos.Stdin, syscall.O_WRONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); err != nil {
-			return f, errors.Wrapf(err, "failed to open stdin fifo")
+		if f.Stdin, retErr = fifo.OpenFifo(ctx, fifos.Stdin, syscall.O_WRONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); retErr != nil {
+			return f, errors.Wrapf(retErr, "failed to open stdin fifo")
 		}
 		defer func() {
-			if err != nil && f.Stdin != nil {
+			if retErr != nil && f.Stdin != nil {
 				f.Stdin.Close()
 			}
 		}()
 	}
 	if fifos.Stdout != "" {
-		if f.Stdout, err = fifo.OpenFifo(ctx, fifos.Stdout, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); err != nil {
-			return f, errors.Wrapf(err, "failed to open stdout fifo")
+		if f.Stdout, retErr = fifo.OpenFifo(ctx, fifos.Stdout, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); retErr != nil {
+			return f, errors.Wrapf(retErr, "failed to open stdout fifo")
 		}
 		defer func() {
-			if err != nil && f.Stdout != nil {
+			if retErr != nil && f.Stdout != nil {
 				f.Stdout.Close()
 			}
 		}()
 	}
-	if fifos.Stderr != "" {
-		if f.Stderr, err = fifo.OpenFifo(ctx, fifos.Stderr, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); err != nil {
-			return f, errors.Wrapf(err, "failed to open stderr fifo")
+	if !fifos.Terminal && fifos.Stderr != "" {
+		if f.Stderr, retErr = fifo.OpenFifo(ctx, fifos.Stderr, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); retErr != nil {
+			return f, errors.Wrapf(retErr, "failed to open stderr fifo")
 		}
 	}
 	return f, nil
@@ -152,7 +152,3 @@ func NewDirectIO(ctx context.Context, fifos *FIFOSet) (*DirectIO, error) {
 		},
 	}, err
 }
-
-func (p *pipes) closers() []io.Closer {
-	return []io.Closer{p.Stdin, p.Stdout, p.Stderr}
-}
diff --git a/vendor/github.com/containerd/containerd/cio/io_windows.go b/vendor/github.com/containerd/containerd/cio/io_windows.go
index 5208f3eaaded9..ded475788f692 100644
--- a/vendor/github.com/containerd/containerd/cio/io_windows.go
+++ b/vendor/github.com/containerd/containerd/cio/io_windows.go
@@ -17,9 +17,9 @@
 package cio
 
 import (
+	"context"
 	"fmt"
 	"io"
-	"net"
 
 	winio "github.com/Microsoft/go-winio"
 	"github.com/containerd/containerd/log"
@@ -30,30 +30,33 @@ const pipeRoot = `\\.\pipe`
 
 // NewFIFOSetInDir returns a new set of fifos for the task
 func NewFIFOSetInDir(_, id string, terminal bool) (*FIFOSet, error) {
+	stderrPipe := ""
+	if !terminal {
+		stderrPipe = fmt.Sprintf(`%s\ctr-%s-stderr`, pipeRoot, id)
+	}
 	return NewFIFOSet(Config{
 		Terminal: terminal,
 		Stdin:    fmt.Sprintf(`%s\ctr-%s-stdin`, pipeRoot, id),
 		Stdout:   fmt.Sprintf(`%s\ctr-%s-stdout`, pipeRoot, id),
-		Stderr:   fmt.Sprintf(`%s\ctr-%s-stderr`, pipeRoot, id),
+		Stderr:   stderrPipe,
 	}, nil), nil
 }
 
-func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) {
-	var (
-		set []io.Closer
-	)
+func copyIO(fifos *FIFOSet, ioset *Streams) (_ *cio, retErr error) {
+	cios := &cio{config: fifos.Config}
+
+	defer func() {
+		if retErr != nil {
+			_ = cios.Close()
+		}
+	}()
 
 	if fifos.Stdin != "" {
 		l, err := winio.ListenPipe(fifos.Stdin, nil)
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to create stdin pipe %s", fifos.Stdin)
 		}
-		defer func(l net.Listener) {
-			if err != nil {
-				l.Close()
-			}
-		}(l)
-		set = append(set, l)
+		cios.closers = append(cios.closers, l)
 
 		go func() {
 			c, err := l.Accept()
@@ -76,12 +79,7 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) {
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to create stdout pipe %s", fifos.Stdout)
 		}
-		defer func(l net.Listener) {
-			if err != nil {
-				l.Close()
-			}
-		}(l)
-		set = append(set, l)
+		cios.closers = append(cios.closers, l)
 
 		go func() {
 			c, err := l.Accept()
@@ -104,12 +102,7 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) {
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to create stderr pipe %s", fifos.Stderr)
 		}
-		defer func(l net.Listener) {
-			if err != nil {
-				l.Close()
-			}
-		}(l)
-		set = append(set, l)
+		cios.closers = append(cios.closers, l)
 
 		go func() {
 			c, err := l.Accept()
@@ -127,7 +120,7 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) {
 		}()
 	}
 
-	return &cio{config: fifos.Config, closers: set}, nil
+	return cios, nil
 }
 
 // NewDirectIO returns an IO implementation that exposes the IO streams as io.ReadCloser
@@ -144,3 +137,22 @@ func NewDirectIO(stdin io.WriteCloser, stdout, stderr io.ReadCloser, terminal bo
 		},
 	}
 }
+
+// NewDirectIOFromFIFOSet returns an IO implementation that exposes the IO streams as io.ReadCloser
+// and io.WriteCloser.
+func NewDirectIOFromFIFOSet(ctx context.Context, stdin io.WriteCloser, stdout, stderr io.ReadCloser, fifos *FIFOSet) *DirectIO {
+	_, cancel := context.WithCancel(ctx)
+	pipes := pipes{
+		Stdin:  stdin,
+		Stdout: stdout,
+		Stderr: stderr,
+	}
+	return &DirectIO{
+		pipes: pipes,
+		cio: cio{
+			config:  fifos.Config,
+			closers: append(pipes.closers(), fifos),
+			cancel:  cancel,
+		},
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/client.go b/vendor/github.com/containerd/containerd/client.go
index fd20c3dd0e4ec..ace9bf6d14da0 100644
--- a/vendor/github.com/containerd/containerd/client.go
+++ b/vendor/github.com/containerd/containerd/client.go
@@ -17,11 +17,14 @@
 package containerd
 
 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"runtime"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 
@@ -36,6 +39,7 @@ import (
 	snapshotsapi "github.com/containerd/containerd/api/services/snapshots/v1"
 	"github.com/containerd/containerd/api/services/tasks/v1"
 	versionservice "github.com/containerd/containerd/api/services/version/v1"
+	apitypes "github.com/containerd/containerd/api/types"
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/content"
 	contentproxy "github.com/containerd/containerd/content/proxy"
@@ -51,7 +55,7 @@ import (
 	"github.com/containerd/containerd/plugin"
 	"github.com/containerd/containerd/remotes"
 	"github.com/containerd/containerd/remotes/docker"
-	"github.com/containerd/containerd/remotes/docker/schema1"
+	"github.com/containerd/containerd/services/introspection"
 	"github.com/containerd/containerd/snapshots"
 	snproxy "github.com/containerd/containerd/snapshots/proxy"
 	"github.com/containerd/typeurl"
@@ -59,7 +63,9 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
+	"golang.org/x/sync/semaphore"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/backoff"
 	"google.golang.org/grpc/health/grpc_health_v1"
 )
 
@@ -85,23 +91,38 @@ func New(address string, opts ...ClientOpt) (*Client, error) {
 	if copts.timeout == 0 {
 		copts.timeout = 10 * time.Second
 	}
-	rt := fmt.Sprintf("%s.%s", plugin.RuntimePlugin, runtime.GOOS)
+
+	c := &Client{
+		defaultns: copts.defaultns,
+	}
+
 	if copts.defaultRuntime != "" {
-		rt = copts.defaultRuntime
+		c.runtime = copts.defaultRuntime
+	} else {
+		c.runtime = defaults.DefaultRuntime
 	}
-	c := &Client{
-		runtime: rt,
+
+	if copts.defaultPlatform != nil {
+		c.platform = copts.defaultPlatform
+	} else {
+		c.platform = platforms.Default()
 	}
+
 	if copts.services != nil {
 		c.services = *copts.services
 	}
 	if address != "" {
+		backoffConfig := backoff.DefaultConfig
+		backoffConfig.MaxDelay = 3 * time.Second
+		connParams := grpc.ConnectParams{
+			Backoff: backoffConfig,
+		}
 		gopts := []grpc.DialOption{
 			grpc.WithBlock(),
 			grpc.WithInsecure(),
 			grpc.FailOnNonTempDialError(true),
-			grpc.WithBackoffMaxDelay(3 * time.Second),
-			grpc.WithDialer(dialer.Dialer),
+			grpc.WithConnectParams(connParams),
+			grpc.WithContextDialer(dialer.ContextDialer),
 
 			// TODO(stevvooe): We may need to allow configuration of this on the client.
 			grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(defaults.DefaultMaxRecvMsgSize)),
@@ -133,8 +154,18 @@ func New(address string, opts ...ClientOpt) (*Client, error) {
 		c.conn, c.connector = conn, connector
 	}
 	if copts.services == nil && c.conn == nil {
-		return nil, errors.New("no grpc connection or services is available")
+		return nil, errors.Wrap(errdefs.ErrUnavailable, "no grpc connection or services is available")
+	}
+
+	// check namespace labels for default runtime
+	if copts.defaultRuntime == "" && c.defaultns != "" {
+		if label, err := c.GetLabel(context.Background(), defaults.DefaultRuntimeNSLabel); err != nil {
+			return nil, err
+		} else if label != "" {
+			c.runtime = label
+		}
 	}
+
 	return c, nil
 }
 
@@ -148,9 +179,20 @@ func NewWithConn(conn *grpc.ClientConn, opts ...ClientOpt) (*Client, error) {
 		}
 	}
 	c := &Client{
-		conn:    conn,
-		runtime: fmt.Sprintf("%s.%s", plugin.RuntimePlugin, runtime.GOOS),
+		defaultns: copts.defaultns,
+		conn:      conn,
+		runtime:   fmt.Sprintf("%s.%s", plugin.RuntimePlugin, runtime.GOOS),
+	}
+
+	// check namespace labels for default runtime
+	if copts.defaultRuntime == "" && c.defaultns != "" {
+		if label, err := c.GetLabel(context.Background(), defaults.DefaultRuntimeNSLabel); err != nil {
+			return nil, err
+		} else if label != "" {
+			c.runtime = label
+		}
 	}
+
 	if copts.services != nil {
 		c.services = *copts.services
 	}
@@ -164,13 +206,15 @@ type Client struct {
 	connMu    sync.Mutex
 	conn      *grpc.ClientConn
 	runtime   string
+	defaultns string
+	platform  platforms.MatchComparer
 	connector func() (*grpc.ClientConn, error)
 }
 
 // Reconnect re-establishes the GRPC connection to the containerd daemon
 func (c *Client) Reconnect() error {
 	if c.connector == nil {
-		return errors.New("unable to reconnect to containerd, no connector available")
+		return errors.Wrap(errdefs.ErrUnavailable, "unable to reconnect to containerd, no connector available")
 	}
 	c.connMu.Lock()
 	defer c.connMu.Unlock()
@@ -183,6 +227,11 @@ func (c *Client) Reconnect() error {
 	return nil
 }
 
+// Runtime returns the name of the runtime being used
+func (c *Client) Runtime() string {
+	return c.runtime
+}
+
 // IsServing returns true if the client can successfully connect to the
 // containerd daemon and the healthcheck service returns the SERVING
 // response.
@@ -193,10 +242,10 @@ func (c *Client) IsServing(ctx context.Context) (bool, error) {
 	c.connMu.Lock()
 	if c.conn == nil {
 		c.connMu.Unlock()
-		return false, errors.New("no grpc connection available")
+		return false, errors.Wrap(errdefs.ErrUnavailable, "no grpc connection available")
 	}
 	c.connMu.Unlock()
-	r, err := c.HealthService().Check(ctx, &grpc_health_v1.HealthCheckRequest{}, grpc.FailFast(false))
+	r, err := c.HealthService().Check(ctx, &grpc_health_v1.HealthCheckRequest{}, grpc.WaitForReady(true))
 	if err != nil {
 		return false, err
 	}
@@ -265,13 +314,20 @@ type RemoteContext struct {
 	PlatformMatcher platforms.MatchComparer
 
 	// Unpack is done after an image is pulled to extract into a snapshotter.
+	// It is done simultaneously for schema 2 images when they are pulled.
 	// If an image is not unpacked on pull, it can be unpacked any time
 	// afterwards. Unpacking is required to run an image.
 	Unpack bool
 
+	// UnpackOpts handles options to the unpack call.
+	UnpackOpts []UnpackOpt
+
 	// Snapshotter used for unpacking
 	Snapshotter string
 
+	// SnapshotterOpts are additional options to be passed to a snapshotter during pull
+	SnapshotterOpts []snapshots.Opt
+
 	// Labels to be applied to the created image
 	Labels map[string]string
 
@@ -280,6 +336,12 @@ type RemoteContext struct {
 	// handlers.
 	BaseHandlers []images.Handler
 
+	// HandlerWrapper wraps the handler which gets sent to dispatch.
+	// Unlike BaseHandlers, this can run before and after the built
+	// in handlers, allowing operations to run on the descriptor
+	// after it has completed transferring.
+	HandlerWrapper func(images.Handler) images.Handler
+
 	// ConvertSchema1 is whether to convert Docker registry schema 1
 	// manifests. If this option is false then any image which resolves
 	// to schema 1 will return an error since schema 1 is not supported.
@@ -290,6 +352,19 @@ type RemoteContext struct {
 	// platforms will be used to create a PlatformMatcher with no ordering
 	// preference.
 	Platforms []string
+
+	// MaxConcurrentDownloads is the max concurrent content downloads for each pull.
+	MaxConcurrentDownloads int
+
+	// MaxConcurrentUploadedLayers is the max concurrent uploaded layers for each push.
+	MaxConcurrentUploadedLayers int
+
+	// AllMetadata downloads all manifests and known-configuration files
+	AllMetadata bool
+
+	// ChildLabelMap sets the labels used to reference child objects in the content
+	// store. By default, all GC reference labels will be set for all fetched content.
+	ChildLabelMap func(ocispec.Descriptor) []string
 }
 
 func defaultRemoteContext() *RemoteContext {
@@ -297,7 +372,6 @@ func defaultRemoteContext() *RemoteContext {
 		Resolver: docker.NewResolver(docker.ResolverOptions{
 			Client: http.DefaultClient,
 		}),
-		Snapshotter: DefaultSnapshotter,
 	}
 }
 
@@ -312,7 +386,7 @@ func (c *Client) Fetch(ctx context.Context, ref string, opts ...RemoteOpt) (imag
 	}
 
 	if fetchCtx.Unpack {
-		return images.Image{}, errors.New("unpack on fetch not supported, try pull")
+		return images.Image{}, errors.Wrap(errdefs.ErrNotImplemented, "unpack on fetch not supported, try pull")
 	}
 
 	if fetchCtx.PlatformMatcher == nil {
@@ -338,132 +412,11 @@ func (c *Client) Fetch(ctx context.Context, ref string, opts ...RemoteOpt) (imag
 	}
 	defer done(ctx)
 
-	return c.fetch(ctx, fetchCtx, ref, 0)
-}
-
-// Pull downloads the provided content into containerd's content store
-// and returns a platform specific image object
-func (c *Client) Pull(ctx context.Context, ref string, opts ...RemoteOpt) (Image, error) {
-	pullCtx := defaultRemoteContext()
-	for _, o := range opts {
-		if err := o(c, pullCtx); err != nil {
-			return nil, err
-		}
-	}
-
-	if pullCtx.PlatformMatcher == nil {
-		if len(pullCtx.Platforms) > 1 {
-			return nil, errors.New("cannot pull multiplatform image locally, try Fetch")
-		} else if len(pullCtx.Platforms) == 0 {
-			pullCtx.PlatformMatcher = platforms.Default()
-		} else {
-			p, err := platforms.Parse(pullCtx.Platforms[0])
-			if err != nil {
-				return nil, errors.Wrapf(err, "invalid platform %s", pullCtx.Platforms[0])
-			}
-
-			pullCtx.PlatformMatcher = platforms.Only(p)
-		}
-	}
-
-	ctx, done, err := c.WithLease(ctx)
+	img, err := c.fetch(ctx, fetchCtx, ref, 0)
 	if err != nil {
-		return nil, err
-	}
-	defer done(ctx)
-
-	img, err := c.fetch(ctx, pullCtx, ref, 1)
-	if err != nil {
-		return nil, err
-	}
-
-	i := NewImageWithPlatform(c, img, pullCtx.PlatformMatcher)
-
-	if pullCtx.Unpack {
-		if err := i.Unpack(ctx, pullCtx.Snapshotter); err != nil {
-			return nil, errors.Wrapf(err, "failed to unpack image on snapshotter %s", pullCtx.Snapshotter)
-		}
-	}
-
-	return i, nil
-}
-
-func (c *Client) fetch(ctx context.Context, rCtx *RemoteContext, ref string, limit int) (images.Image, error) {
-	store := c.ContentStore()
-	name, desc, err := rCtx.Resolver.Resolve(ctx, ref)
-	if err != nil {
-		return images.Image{}, errors.Wrapf(err, "failed to resolve reference %q", ref)
-	}
-
-	fetcher, err := rCtx.Resolver.Fetcher(ctx, name)
-	if err != nil {
-		return images.Image{}, errors.Wrapf(err, "failed to get fetcher for %q", name)
-	}
-
-	var (
-		schema1Converter *schema1.Converter
-		handler          images.Handler
-	)
-	if desc.MediaType == images.MediaTypeDockerSchema1Manifest && rCtx.ConvertSchema1 {
-		schema1Converter = schema1.NewConverter(store, fetcher)
-		handler = images.Handlers(append(rCtx.BaseHandlers, schema1Converter)...)
-	} else {
-		// Get all the children for a descriptor
-		childrenHandler := images.ChildrenHandler(store)
-		// Set any children labels for that content
-		childrenHandler = images.SetChildrenLabels(store, childrenHandler)
-		// Filter children by platforms
-		childrenHandler = images.FilterPlatforms(childrenHandler, rCtx.PlatformMatcher)
-		// Sort and limit manifests if a finite number is needed
-		if limit > 0 {
-			childrenHandler = images.LimitManifests(childrenHandler, rCtx.PlatformMatcher, limit)
-		}
-
-		handler = images.Handlers(append(rCtx.BaseHandlers,
-			remotes.FetchHandler(store, fetcher),
-			childrenHandler,
-		)...)
-	}
-
-	if err := images.Dispatch(ctx, handler, desc); err != nil {
 		return images.Image{}, err
 	}
-	if schema1Converter != nil {
-		desc, err = schema1Converter.Convert(ctx)
-		if err != nil {
-			return images.Image{}, err
-		}
-	}
-
-	img := images.Image{
-		Name:   name,
-		Target: desc,
-		Labels: rCtx.Labels,
-	}
-
-	is := c.ImageService()
-	for {
-		if created, err := is.Create(ctx, img); err != nil {
-			if !errdefs.IsAlreadyExists(err) {
-				return images.Image{}, err
-			}
-
-			updated, err := is.Update(ctx, img)
-			if err != nil {
-				// if image was removed, try create again
-				if errdefs.IsNotFound(err) {
-					continue
-				}
-				return images.Image{}, err
-			}
-
-			img = updated
-		} else {
-			img = created
-		}
-
-		return img, nil
-	}
+	return c.createNewImage(ctx, img)
 }
 
 // Push uploads the provided content to a remote resource
@@ -490,12 +443,36 @@ func (c *Client) Push(ctx context.Context, ref string, desc ocispec.Descriptor,
 		}
 	}
 
+	// Annotate ref with digest to push only push tag for single digest
+	if !strings.Contains(ref, "@") {
+		ref = ref + "@" + desc.Digest.String()
+	}
+
 	pusher, err := pushCtx.Resolver.Pusher(ctx, ref)
 	if err != nil {
 		return err
 	}
 
-	return remotes.PushContent(ctx, pusher, desc, c.ContentStore(), pushCtx.PlatformMatcher, pushCtx.BaseHandlers...)
+	var wrapper func(images.Handler) images.Handler
+
+	if len(pushCtx.BaseHandlers) > 0 {
+		wrapper = func(h images.Handler) images.Handler {
+			h = images.Handlers(append(pushCtx.BaseHandlers, h)...)
+			if pushCtx.HandlerWrapper != nil {
+				h = pushCtx.HandlerWrapper(h)
+			}
+			return h
+		}
+	} else if pushCtx.HandlerWrapper != nil {
+		wrapper = pushCtx.HandlerWrapper
+	}
+
+	var limiter *semaphore.Weighted
+	if pushCtx.MaxConcurrentUploadedLayers > 0 {
+		limiter = semaphore.NewWeighted(int64(pushCtx.MaxConcurrentUploadedLayers))
+	}
+
+	return remotes.PushContent(ctx, pusher, desc, c.ContentStore(), limiter, pushCtx.PlatformMatcher, wrapper)
 }
 
 // GetImage returns an existing image
@@ -520,6 +497,66 @@ func (c *Client) ListImages(ctx context.Context, filters ...string) ([]Image, er
 	return images, nil
 }
 
+// Restore restores a container from a checkpoint
+func (c *Client) Restore(ctx context.Context, id string, checkpoint Image, opts ...RestoreOpts) (Container, error) {
+	store := c.ContentStore()
+	index, err := decodeIndex(ctx, store, checkpoint.Target())
+	if err != nil {
+		return nil, err
+	}
+
+	ctx, done, err := c.WithLease(ctx)
+	if err != nil {
+		return nil, err
+	}
+	defer done(ctx)
+
+	copts := []NewContainerOpts{}
+	for _, o := range opts {
+		copts = append(copts, o(ctx, id, c, checkpoint, index))
+	}
+
+	ctr, err := c.NewContainer(ctx, id, copts...)
+	if err != nil {
+		return nil, err
+	}
+
+	return ctr, nil
+}
+
+func writeIndex(ctx context.Context, index *ocispec.Index, client *Client, ref string) (d ocispec.Descriptor, err error) {
+	labels := map[string]string{}
+	for i, m := range index.Manifests {
+		labels[fmt.Sprintf("containerd.io/gc.ref.content.%d", i)] = m.Digest.String()
+	}
+	data, err := json.Marshal(index)
+	if err != nil {
+		return ocispec.Descriptor{}, err
+	}
+	return writeContent(ctx, client.ContentStore(), ocispec.MediaTypeImageIndex, ref, bytes.NewReader(data), content.WithLabels(labels))
+}
+
+// GetLabel gets a label value from namespace store
+// If there is no default label, an empty string returned with nil error
+func (c *Client) GetLabel(ctx context.Context, label string) (string, error) {
+	ns, err := namespaces.NamespaceRequired(ctx)
+	if err != nil {
+		if c.defaultns == "" {
+			return "", err
+		}
+		ns = c.defaultns
+	}
+
+	srv := c.NamespaceService()
+	labels, err := srv.Labels(ctx, ns)
+	if err != nil {
+		return "", err
+	}
+
+	value := labels[label]
+	return value, nil
+}
+
 // Subscribe to events that match one or more of the provided filters.
 //
 // Callers should listen on both the envelope and errs channels. If the errs
@@ -573,6 +610,10 @@ func (c *Client) ContentStore() content.Store {
 
 // SnapshotService returns the underlying snapshotter for the provided snapshotter name
 func (c *Client) SnapshotService(snapshotterName string) snapshots.Snapshotter {
+	snapshotterName, err := c.resolveSnapshotterName(context.Background(), snapshotterName)
+	if err != nil {
+		snapshotterName = DefaultSnapshotter
+	}
 	if c.snapshotters != nil {
 		return c.snapshotters[snapshotterName]
 	}
@@ -612,10 +653,13 @@ func (c *Client) DiffService() DiffService {
 }
 
 // IntrospectionService returns the underlying Introspection Client
-func (c *Client) IntrospectionService() introspectionapi.IntrospectionClient {
+func (c *Client) IntrospectionService() introspection.Service {
+	if c.introspectionService != nil {
+		return c.introspectionService
+	}
 	c.connMu.Lock()
 	defer c.connMu.Unlock()
-	return introspectionapi.NewIntrospectionClient(c.conn)
+	return introspection.NewIntrospectionServiceFromClient(introspectionapi.NewIntrospectionClient(c.conn))
 }
 
 // LeasesService returns the underlying Leases Client
@@ -652,6 +696,13 @@ func (c *Client) VersionService() versionservice.VersionClient {
 	return versionservice.NewVersionClient(c.conn)
 }
 
+// Conn returns the underlying GRPC connection object
+func (c *Client) Conn() *grpc.ClientConn {
+	c.connMu.Lock()
+	defer c.connMu.Unlock()
+	return c.conn
+}
+
 // Version of containerd
 type Version struct {
 	// Version number
@@ -665,7 +716,7 @@ func (c *Client) Version(ctx context.Context) (Version, error) {
 	c.connMu.Lock()
 	if c.conn == nil {
 		c.connMu.Unlock()
-		return Version{}, errors.New("no grpc connection available")
+		return Version{}, errors.Wrap(errdefs.ErrUnavailable, "no grpc connection available")
 	}
 	c.connMu.Unlock()
 	response, err := c.VersionService().Version(ctx, &ptypes.Empty{})
@@ -677,3 +728,106 @@ func (c *Client) Version(ctx context.Context) (Version, error) {
 		Revision: response.Revision,
 	}, nil
 }
+
+// ServerInfo represents the introspected server information
+type ServerInfo struct {
+	UUID string
+}
+
+// Server returns server information from the introspection service
+func (c *Client) Server(ctx context.Context) (ServerInfo, error) {
+	c.connMu.Lock()
+	if c.conn == nil {
+		c.connMu.Unlock()
+		return ServerInfo{}, errors.Wrap(errdefs.ErrUnavailable, "no grpc connection available")
+	}
+	c.connMu.Unlock()
+
+	response, err := c.IntrospectionService().Server(ctx, &ptypes.Empty{})
+	if err != nil {
+		return ServerInfo{}, err
+	}
+	return ServerInfo{
+		UUID: response.UUID,
+	}, nil
+}
+
+func (c *Client) resolveSnapshotterName(ctx context.Context, name string) (string, error) {
+	if name == "" {
+		label, err := c.GetLabel(ctx, defaults.DefaultSnapshotterNSLabel)
+		if err != nil {
+			return "", err
+		}
+
+		if label != "" {
+			name = label
+		} else {
+			name = DefaultSnapshotter
+		}
+	}
+
+	return name, nil
+}
+
+func (c *Client) getSnapshotter(ctx context.Context, name string) (snapshots.Snapshotter, error) {
+	name, err := c.resolveSnapshotterName(ctx, name)
+	if err != nil {
+		return nil, err
+	}
+
+	s := c.SnapshotService(name)
+	if s == nil {
+		return nil, errors.Wrapf(errdefs.ErrNotFound, "snapshotter %s was not found", name)
+	}
+
+	return s, nil
+}
+
+// CheckRuntime returns true if the current runtime matches the expected
+// runtime. Providing various parts of the runtime schema will match those
+// parts of the expected runtime
+func CheckRuntime(current, expected string) bool {
+	cp := strings.Split(current, ".")
+	l := len(cp)
+	for i, p := range strings.Split(expected, ".") {
+		if i > l {
+			return false
+		}
+		if p != cp[i] {
+			return false
+		}
+	}
+	return true
+}
+
+// GetSnapshotterSupportedPlatforms returns a platform matchers which represents the
+// supported platforms for the given snapshotters
+func (c *Client) GetSnapshotterSupportedPlatforms(ctx context.Context, snapshotterName string) (platforms.MatchComparer, error) {
+	filters := []string{fmt.Sprintf("type==%s, id==%s", plugin.SnapshotPlugin, snapshotterName)}
+	in := c.IntrospectionService()
+
+	resp, err := in.Plugins(ctx, filters)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(resp.Plugins) <= 0 {
+		return nil, fmt.Errorf("inspection service could not find snapshotter %s plugin", snapshotterName)
+	}
+
+	sn := resp.Plugins[0]
+	snPlatforms := toPlatforms(sn.Platforms)
+	return platforms.Any(snPlatforms...), nil
+}
+
+func toPlatforms(pt []apitypes.Platform) []ocispec.Platform {
+	platforms := make([]ocispec.Platform, len(pt))
+	for i, p := range pt {
+		platforms[i] = ocispec.Platform{
+			Architecture: p.Architecture,
+			OS:           p.OS,
+			Variant:      p.Variant,
+		}
+	}
+	return platforms
+}
diff --git a/vendor/github.com/containerd/containerd/client_opts.go b/vendor/github.com/containerd/containerd/client_opts.go
index b7431ad299e2e..44feaa30abbcf 100644
--- a/vendor/github.com/containerd/containerd/client_opts.go
+++ b/vendor/github.com/containerd/containerd/client_opts.go
@@ -22,15 +22,19 @@ import (
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/snapshots"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+
 	"google.golang.org/grpc"
 )
 
 type clientOpts struct {
-	defaultns      string
-	defaultRuntime string
-	services       *services
-	dialOptions    []grpc.DialOption
-	timeout        time.Duration
+	defaultns       string
+	defaultRuntime  string
+	defaultPlatform platforms.MatchComparer
+	services        *services
+	dialOptions     []grpc.DialOption
+	timeout         time.Duration
 }
 
 // ClientOpt allows callers to set options on the containerd client
@@ -55,6 +59,14 @@ func WithDefaultRuntime(rt string) ClientOpt {
 	}
 }
 
+// WithDefaultPlatform sets the default platform matcher on the client
+func WithDefaultPlatform(platform platforms.MatchComparer) ClientOpt {
+	return func(c *clientOpts) error {
+		c.defaultPlatform = platform
+		return nil
+	}
+}
+
 // WithDialOpts allows grpc.DialOptions to be set on the connection
 func WithDialOpts(opts []grpc.DialOption) ClientOpt {
 	return func(c *clientOpts) error {
@@ -121,10 +133,19 @@ func WithPullUnpack(_ *Client, c *RemoteContext) error {
 	return nil
 }
 
-// WithPullSnapshotter specifies snapshotter name used for unpacking
-func WithPullSnapshotter(snapshotterName string) RemoteOpt {
+// WithUnpackOpts is used to add unpack options to the unpacker.
+func WithUnpackOpts(opts []UnpackOpt) RemoteOpt {
+	return func(_ *Client, c *RemoteContext) error {
+		c.UnpackOpts = append(c.UnpackOpts, opts...)
+		return nil
+	}
+}
+
+// WithPullSnapshotter specifies snapshotter name used for unpacking.
+func WithPullSnapshotter(snapshotterName string, opts ...snapshots.Opt) RemoteOpt {
 	return func(_ *Client, c *RemoteContext) error {
 		c.Snapshotter = snapshotterName
+		c.SnapshotterOpts = opts
 		return nil
 	}
 }
@@ -155,6 +176,18 @@ func WithPullLabels(labels map[string]string) RemoteOpt {
 	}
 }
 
+// WithChildLabelMap sets the map function used to define the labels set
+// on referenced child content in the content store. This can be used
+// to overwrite the default GC labels or filter which labels get set
+// for content.
+// The default is `images.ChildGCLabels`.
+func WithChildLabelMap(fn func(ocispec.Descriptor) []string) RemoteOpt {
+	return func(_ *Client, c *RemoteContext) error {
+		c.ChildLabelMap = fn
+		return nil
+	}
+}
+
 // WithSchema1Conversion is used to convert Docker registry schema 1
 // manifests to oci manifests on pull. Without this option schema 1
 // manifests will return a not supported error.
@@ -178,3 +211,35 @@ func WithImageHandler(h images.Handler) RemoteOpt {
 		return nil
 	}
 }
+
+// WithImageHandlerWrapper wraps the handlers to be called on dispatch.
+func WithImageHandlerWrapper(w func(images.Handler) images.Handler) RemoteOpt {
+	return func(client *Client, c *RemoteContext) error {
+		c.HandlerWrapper = w
+		return nil
+	}
+}
+
+// WithMaxConcurrentDownloads sets max concurrent download limit.
+func WithMaxConcurrentDownloads(max int) RemoteOpt {
+	return func(client *Client, c *RemoteContext) error {
+		c.MaxConcurrentDownloads = max
+		return nil
+	}
+}
+
+// WithMaxConcurrentUploadedLayers sets max concurrent uploaded layer limit.
+func WithMaxConcurrentUploadedLayers(max int) RemoteOpt {
+	return func(client *Client, c *RemoteContext) error {
+		c.MaxConcurrentUploadedLayers = max
+		return nil
+	}
+}
+
+// WithAllMetadata downloads all manifests and known-configuration files
+func WithAllMetadata() RemoteOpt {
+	return func(_ *Client, c *RemoteContext) error {
+		c.AllMetadata = true
+		return nil
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/container.go b/vendor/github.com/containerd/containerd/container.go
index 3c09b2dbc62db..d5da55e51892b 100644
--- a/vendor/github.com/containerd/containerd/container.go
+++ b/vendor/github.com/containerd/containerd/container.go
@@ -25,21 +25,34 @@ import (
 
 	"github.com/containerd/containerd/api/services/tasks/v1"
 	"github.com/containerd/containerd/api/types"
+	tasktypes "github.com/containerd/containerd/api/types/task"
 	"github.com/containerd/containerd/cio"
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/oci"
+	"github.com/containerd/containerd/runtime/v2/runc/options"
+	"github.com/containerd/fifo"
 	"github.com/containerd/typeurl"
 	prototypes "github.com/gogo/protobuf/types"
+	ver "github.com/opencontainers/image-spec/specs-go"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 )
 
+const (
+	checkpointImageNameLabel       = "org.opencontainers.image.ref.name"
+	checkpointRuntimeNameLabel     = "io.containerd.checkpoint.runtime"
+	checkpointSnapshotterNameLabel = "io.containerd.checkpoint.snapshotter"
+)
+
 // Container is a metadata object for container resources and task creation
 type Container interface {
 	// ID identifies the container
 	ID() string
 	// Info returns the underlying container record type
-	Info(context.Context) (containers.Container, error)
+	Info(context.Context, ...InfoOpts) (containers.Container, error)
 	// Delete removes the container
 	Delete(context.Context, ...DeleteOpts) error
 	// NewTask creates a new task based on the container metadata
@@ -64,20 +77,24 @@ type Container interface {
 	Extensions(context.Context) (map[string]prototypes.Any, error)
 	// Update a container
 	Update(context.Context, ...UpdateContainerOpts) error
+	// Checkpoint creates a checkpoint image of the current container
+	Checkpoint(context.Context, string, ...CheckpointOpts) (Image, error)
 }
 
 func containerFromRecord(client *Client, c containers.Container) *container {
 	return &container{
-		client: client,
-		id:     c.ID,
+		client:   client,
+		id:       c.ID,
+		metadata: c,
 	}
 }
 
 var _ = (Container)(&container{})
 
 type container struct {
-	client *Client
-	id     string
+	client   *Client
+	id       string
+	metadata containers.Container
 }
 
 // ID returns the container's unique id
@@ -85,8 +102,22 @@ func (c *container) ID() string {
 	return c.id
 }
 
-func (c *container) Info(ctx context.Context) (containers.Container, error) {
-	return c.get(ctx)
+func (c *container) Info(ctx context.Context, opts ...InfoOpts) (containers.Container, error) {
+	i := &InfoConfig{
+		// default to refreshing the container's local metadata
+		Refresh: true,
+	}
+	for _, o := range opts {
+		o(i)
+	}
+	if i.Refresh {
+		metadata, err := c.get(ctx)
+		if err != nil {
+			return c.metadata, err
+		}
+		c.metadata = metadata
+	}
+	return c.metadata, nil
 }
 
 func (c *container) Extensions(ctx context.Context) (map[string]prototypes.Any, error) {
@@ -205,11 +236,25 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
 		}
 
 		// get the rootfs from the snapshotter and add it to the request
-		mounts, err := c.client.SnapshotService(r.Snapshotter).Mounts(ctx, r.SnapshotKey)
+		s, err := c.client.getSnapshotter(ctx, r.Snapshotter)
+		if err != nil {
+			return nil, err
+		}
+		mounts, err := s.Mounts(ctx, r.SnapshotKey)
+		if err != nil {
+			return nil, err
+		}
+		spec, err := c.Spec(ctx)
 		if err != nil {
 			return nil, err
 		}
 		for _, m := range mounts {
+			if spec.Linux != nil && spec.Linux.MountLabel != "" {
+				context := label.FormatMountLabel("", spec.Linux.MountLabel)
+				if context != "" {
+					m.Options = append(m.Options, context)
+				}
+			}
 			request.Rootfs = append(request.Rootfs, &types.Mount{
 				Type:    m.Type,
 				Source:  m.Source,
@@ -217,7 +262,9 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
 			})
 		}
 	}
-	var info TaskInfo
+	info := TaskInfo{
+		runtime: r.Runtime.Name,
+	}
 	for _, o := range opts {
 		if err := o(ctx, c.client, &info); err != nil {
 			return nil, err
@@ -243,6 +290,7 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
 		client: c.client,
 		io:     i,
 		id:     c.id,
+		c:      c,
 	}
 	if info.Checkpoint != nil {
 		request.Checkpoint = info.Checkpoint
@@ -272,6 +320,70 @@ func (c *container) Update(ctx context.Context, opts ...UpdateContainerOpts) err
 	return nil
 }
 
+func (c *container) Checkpoint(ctx context.Context, ref string, opts ...CheckpointOpts) (Image, error) {
+	index := &ocispec.Index{
+		Versioned: ver.Versioned{
+			SchemaVersion: 2,
+		},
+		Annotations: make(map[string]string),
+	}
+	copts := &options.CheckpointOptions{
+		Exit:                false,
+		OpenTcp:             false,
+		ExternalUnixSockets: false,
+		Terminal:            false,
+		FileLocks:           true,
+		EmptyNamespaces:     nil,
+	}
+	info, err := c.Info(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	img, err := c.Image(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx, done, err := c.client.WithLease(ctx)
+	if err != nil {
+		return nil, err
+	}
+	defer done(ctx)
+
+	// add image name to manifest
+	index.Annotations[checkpointImageNameLabel] = img.Name()
+	// add runtime info to index
+	index.Annotations[checkpointRuntimeNameLabel] = info.Runtime.Name
+	// add snapshotter info to index
+	index.Annotations[checkpointSnapshotterNameLabel] = info.Snapshotter
+
+	// process remaining opts
+	for _, o := range opts {
+		if err := o(ctx, c.client, &info, index, copts); err != nil {
+			err = errdefs.FromGRPC(err)
+			if !errdefs.IsAlreadyExists(err) {
+				return nil, err
+			}
+		}
+	}
+
+	desc, err := writeIndex(ctx, index, c.client, c.ID()+"index")
+	if err != nil {
+		return nil, err
+	}
+	i := images.Image{
+		Name:   ref,
+		Target: desc,
+	}
+	checkpoint, err := c.client.ImageService().Create(ctx, i)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewImage(c.client, checkpoint), nil
+}
+
 func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, error) {
 	response, err := c.client.TaskService().Get(ctx, &tasks.GetRequest{
 		ContainerID: c.id,
@@ -284,7 +396,9 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er
 		return nil, err
 	}
 	var i cio.IO
-	if ioAttach != nil {
+	if ioAttach != nil && response.Process.Status != tasktypes.StatusUnknown {
+		// Do not attach IO for task in unknown state, because there
+		// are no fifo paths anyway.
 		if i, err = attachExistingIO(response, ioAttach); err != nil {
 			return nil, err
 		}
@@ -294,6 +408,7 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er
 		io:     i,
 		id:     response.Process.ID,
 		pid:    response.Process.Pid,
+		c:      c,
 	}
 	return t, nil
 }
@@ -310,14 +425,33 @@ func attachExistingIO(response *tasks.GetResponse, ioAttach cio.Attach) (cio.IO,
 
 // loadFifos loads the containers fifos
 func loadFifos(response *tasks.GetResponse) *cio.FIFOSet {
-	path := getFifoDir([]string{
+	fifos := []string{
 		response.Process.Stdin,
 		response.Process.Stdout,
 		response.Process.Stderr,
-	})
+	}
 	closer := func() error {
-		return os.RemoveAll(path)
+		var (
+			err  error
+			dirs = map[string]struct{}{}
+		)
+		for _, f := range fifos {
+			if isFifo, _ := fifo.IsFifo(f); isFifo {
+				if rerr := os.Remove(f); err == nil {
+					err = rerr
+				}
+				dirs[filepath.Dir(f)] = struct{}{}
+			}
+		}
+		for dir := range dirs {
+			// we ignore errors here because we don't
+			// want to remove the directory if it isn't
+			// empty
+			os.Remove(dir)
+		}
+		return err
 	}
+
 	return cio.NewFIFOSet(cio.Config{
 		Stdin:    response.Process.Stdin,
 		Stdout:   response.Process.Stdout,
@@ -325,14 +459,3 @@ func loadFifos(response *tasks.GetResponse) *cio.FIFOSet {
 		Terminal: response.Process.Terminal,
 	}, closer)
 }
-
-// getFifoDir looks for any non-empty path for a stdio fifo
-// and returns the dir for where it is located
-func getFifoDir(paths []string) string {
-	for _, p := range paths {
-		if p != "" {
-			return filepath.Dir(p)
-		}
-	}
-	return ""
-}
diff --git a/vendor/github.com/containerd/containerd/container_checkpoint_opts.go b/vendor/github.com/containerd/containerd/container_checkpoint_opts.go
new file mode 100644
index 0000000000000..510863681cd2b
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/container_checkpoint_opts.go
@@ -0,0 +1,156 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"runtime"
+
+	tasks "github.com/containerd/containerd/api/services/tasks/v1"
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/diff"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/containerd/rootfs"
+	"github.com/containerd/containerd/runtime/v2/runc/options"
+	"github.com/containerd/typeurl"
+	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+var (
+	// ErrCheckpointRWUnsupported is returned if the container runtime does not support checkpoint
+	ErrCheckpointRWUnsupported = errors.New("rw checkpoint is only supported on v2 runtimes")
+	// ErrMediaTypeNotFound returns an error when a media type in the manifest is unknown
+	ErrMediaTypeNotFound = errors.New("media type not found")
+)
+
+// CheckpointOpts are options to manage the checkpoint operation
+type CheckpointOpts func(context.Context, *Client, *containers.Container, *imagespec.Index, *options.CheckpointOptions) error
+
+// WithCheckpointImage includes the container image in the checkpoint
+func WithCheckpointImage(ctx context.Context, client *Client, c *containers.Container, index *imagespec.Index, copts *options.CheckpointOptions) error {
+	ir, err := client.ImageService().Get(ctx, c.Image)
+	if err != nil {
+		return err
+	}
+	index.Manifests = append(index.Manifests, ir.Target)
+	return nil
+}
+
+// WithCheckpointTask includes the running task
+func WithCheckpointTask(ctx context.Context, client *Client, c *containers.Container, index *imagespec.Index, copts *options.CheckpointOptions) error {
+	any, err := typeurl.MarshalAny(copts)
+	if err != nil {
+		return nil
+	}
+	task, err := client.TaskService().Checkpoint(ctx, &tasks.CheckpointTaskRequest{
+		ContainerID: c.ID,
+		Options:     any,
+	})
+	if err != nil {
+		return err
+	}
+	for _, d := range task.Descriptors {
+		platformSpec := platforms.DefaultSpec()
+		index.Manifests = append(index.Manifests, imagespec.Descriptor{
+			MediaType:   d.MediaType,
+			Size:        d.Size_,
+			Digest:      d.Digest,
+			Platform:    &platformSpec,
+			Annotations: d.Annotations,
+		})
+	}
+	// save copts
+	data, err := any.Marshal()
+	if err != nil {
+		return err
+	}
+	r := bytes.NewReader(data)
+	desc, err := writeContent(ctx, client.ContentStore(), images.MediaTypeContainerd1CheckpointOptions, c.ID+"-checkpoint-options", r)
+	if err != nil {
+		return err
+	}
+	desc.Platform = &imagespec.Platform{
+		OS:           runtime.GOOS,
+		Architecture: runtime.GOARCH,
+	}
+	index.Manifests = append(index.Manifests, desc)
+	return nil
+}
+
+// WithCheckpointRuntime includes the container runtime info
+func WithCheckpointRuntime(ctx context.Context, client *Client, c *containers.Container, index *imagespec.Index, copts *options.CheckpointOptions) error {
+	if c.Runtime.Options != nil {
+		data, err := c.Runtime.Options.Marshal()
+		if err != nil {
+			return err
+		}
+		r := bytes.NewReader(data)
+		desc, err := writeContent(ctx, client.ContentStore(), images.MediaTypeContainerd1CheckpointRuntimeOptions, c.ID+"-runtime-options", r)
+		if err != nil {
+			return err
+		}
+		desc.Platform = &imagespec.Platform{
+			OS:           runtime.GOOS,
+			Architecture: runtime.GOARCH,
+		}
+		index.Manifests = append(index.Manifests, desc)
+	}
+	return nil
+}
+
+// WithCheckpointRW includes the rw in the checkpoint
+func WithCheckpointRW(ctx context.Context, client *Client, c *containers.Container, index *imagespec.Index, copts *options.CheckpointOptions) error {
+	diffOpts := []diff.Opt{
+		diff.WithReference(fmt.Sprintf("checkpoint-rw-%s", c.SnapshotKey)),
+	}
+	rw, err := rootfs.CreateDiff(ctx,
+		c.SnapshotKey,
+		client.SnapshotService(c.Snapshotter),
+		client.DiffService(),
+		diffOpts...,
+	)
+	if err != nil {
+		return err
+
+	}
+	rw.Platform = &imagespec.Platform{
+		OS:           runtime.GOOS,
+		Architecture: runtime.GOARCH,
+	}
+	index.Manifests = append(index.Manifests, rw)
+	return nil
+}
+
+// WithCheckpointTaskExit causes the task to exit after checkpoint
+func WithCheckpointTaskExit(ctx context.Context, client *Client, c *containers.Container, index *imagespec.Index, copts *options.CheckpointOptions) error {
+	copts.Exit = true
+	return nil
+}
+
+// GetIndexByMediaType returns the index in a manifest for the specified media type
+func GetIndexByMediaType(index *imagespec.Index, mt string) (*imagespec.Descriptor, error) {
+	for _, d := range index.Manifests {
+		if d.MediaType == mt {
+			return &d, nil
+		}
+	}
+	return nil, ErrMediaTypeNotFound
+}
diff --git a/vendor/github.com/containerd/containerd/container_opts.go b/vendor/github.com/containerd/containerd/container_opts.go
index ca4bf67486a1f..024d6e10b6767 100644
--- a/vendor/github.com/containerd/containerd/container_opts.go
+++ b/vendor/github.com/containerd/containerd/container_opts.go
@@ -18,14 +18,19 @@ package containerd
 
 import (
 	"context"
+	"encoding/json"
+	"fmt"
 
 	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/oci"
-	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/containerd/snapshots"
 	"github.com/containerd/typeurl"
 	"github.com/gogo/protobuf/types"
 	"github.com/opencontainers/image-spec/identity"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -38,6 +43,15 @@ type NewContainerOpts func(ctx context.Context, client *Client, c *containers.Co
 // UpdateContainerOpts allows the caller to set additional options when updating a container
 type UpdateContainerOpts func(ctx context.Context, client *Client, c *containers.Container) error
 
+// InfoOpts controls how container metadata is fetched and returned
+type InfoOpts func(*InfoConfig)
+
+// InfoConfig specifies how container metadata is fetched
+type InfoConfig struct {
+	// Refresh will to a fetch of the latest container metadata
+	Refresh bool
+}
+
 // WithRuntime allows a user to specify the runtime name and additional options that should
 // be used to create tasks for the container
 func WithRuntime(name string, options interface{}) NewContainerOpts {
@@ -68,7 +82,17 @@ func WithImage(i Image) NewContainerOpts {
 	}
 }
 
-// WithContainerLabels adds the provided labels to the container
+// WithImageName allows setting the image name as the base for the container
+func WithImageName(n string) NewContainerOpts {
+	return func(ctx context.Context, _ *Client, c *containers.Container) error {
+		c.Image = n
+		return nil
+	}
+}
+
+// WithContainerLabels sets the provided labels to the container.
+// The existing labels are cleared.
+// Use WithAdditionalContainerLabels to preserve the existing labels.
 func WithContainerLabels(labels map[string]string) NewContainerOpts {
 	return func(_ context.Context, _ *Client, c *containers.Container) error {
 		c.Labels = labels
@@ -76,6 +100,54 @@ func WithContainerLabels(labels map[string]string) NewContainerOpts {
 	}
 }
 
+// WithImageConfigLabels sets the image config labels on the container.
+// The existing labels are cleared as this is expected to be the first
+// operation in setting up a container's labels. Use WithAdditionalContainerLabels
+// to add/overwrite the existing image config labels.
+func WithImageConfigLabels(image Image) NewContainerOpts {
+	return func(ctx context.Context, _ *Client, c *containers.Container) error {
+		ic, err := image.Config(ctx)
+		if err != nil {
+			return err
+		}
+		var (
+			ociimage v1.Image
+			config   v1.ImageConfig
+		)
+		switch ic.MediaType {
+		case v1.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config:
+			p, err := content.ReadBlob(ctx, image.ContentStore(), ic)
+			if err != nil {
+				return err
+			}
+
+			if err := json.Unmarshal(p, &ociimage); err != nil {
+				return err
+			}
+			config = ociimage.Config
+		default:
+			return fmt.Errorf("unknown image config media type %s", ic.MediaType)
+		}
+		c.Labels = config.Labels
+		return nil
+	}
+}
+
+// WithAdditionalContainerLabels adds the provided labels to the container
+// The existing labels are preserved as long as they do not conflict with the added labels.
+func WithAdditionalContainerLabels(labels map[string]string) NewContainerOpts {
+	return func(_ context.Context, _ *Client, c *containers.Container) error {
+		if c.Labels == nil {
+			c.Labels = labels
+			return nil
+		}
+		for k, v := range labels {
+			c.Labels[k] = v
+		}
+		return nil
+	}
+}
+
 // WithImageStopSignal sets a well-known containerd label (StopSignalLabel)
 // on the container for storing the stop signal specified in the OCI image
 // config
@@ -106,9 +178,17 @@ func WithSnapshotter(name string) NewContainerOpts {
 // WithSnapshot uses an existing root filesystem for the container
 func WithSnapshot(id string) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
-		setSnapshotterIfEmpty(c)
 		// check that the snapshot exists, if not, fail on creation
-		if _, err := client.SnapshotService(c.Snapshotter).Mounts(ctx, id); err != nil {
+		var err error
+		c.Snapshotter, err = client.resolveSnapshotterName(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
+		s, err := client.getSnapshotter(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
+		if _, err := s.Mounts(ctx, id); err != nil {
 			return err
 		}
 		c.SnapshotKey = id
@@ -118,15 +198,23 @@ func WithSnapshot(id string) NewContainerOpts {
 
 // WithNewSnapshot allocates a new snapshot to be used by the container as the
 // root filesystem in read-write mode
-func WithNewSnapshot(id string, i Image) NewContainerOpts {
+func WithNewSnapshot(id string, i Image, opts ...snapshots.Opt) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
-		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), platforms.Default())
+		diffIDs, err := i.RootFS(ctx)
 		if err != nil {
 			return err
 		}
-		setSnapshotterIfEmpty(c)
+
 		parent := identity.ChainID(diffIDs).String()
-		if _, err := client.SnapshotService(c.Snapshotter).Prepare(ctx, id, parent); err != nil {
+		c.Snapshotter, err = client.resolveSnapshotterName(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
+		s, err := client.getSnapshotter(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
+		if _, err := s.Prepare(ctx, id, parent, opts...); err != nil {
 			return err
 		}
 		c.SnapshotKey = id
@@ -141,22 +229,36 @@ func WithSnapshotCleanup(ctx context.Context, client *Client, c containers.Conta
 		if c.Snapshotter == "" {
 			return errors.Wrapf(errdefs.ErrInvalidArgument, "container.Snapshotter must be set to cleanup rootfs snapshot")
 		}
-		return client.SnapshotService(c.Snapshotter).Remove(ctx, c.SnapshotKey)
+		s, err := client.getSnapshotter(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
+		if err := s.Remove(ctx, c.SnapshotKey); err != nil && !errdefs.IsNotFound(err) {
+			return err
+		}
 	}
 	return nil
 }
 
 // WithNewSnapshotView allocates a new snapshot to be used by the container as the
 // root filesystem in read-only mode
-func WithNewSnapshotView(id string, i Image) NewContainerOpts {
+func WithNewSnapshotView(id string, i Image, opts ...snapshots.Opt) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
-		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), platforms.Default())
+		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), client.platform)
 		if err != nil {
 			return err
 		}
-		setSnapshotterIfEmpty(c)
+
 		parent := identity.ChainID(diffIDs).String()
-		if _, err := client.SnapshotService(c.Snapshotter).View(ctx, id, parent); err != nil {
+		c.Snapshotter, err = client.resolveSnapshotterName(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
+		s, err := client.getSnapshotter(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
+		if _, err := s.View(ctx, id, parent, opts...); err != nil {
 			return err
 		}
 		c.SnapshotKey = id
@@ -165,12 +267,6 @@ func WithNewSnapshotView(id string, i Image) NewContainerOpts {
 	}
 }
 
-func setSnapshotterIfEmpty(c *containers.Container) {
-	if c.Snapshotter == "" {
-		c.Snapshotter = DefaultSnapshotter
-	}
-}
-
 // WithContainerExtension appends extension data to the container object.
 // Use this to decorate the container object with additional data for the client
 // integration.
@@ -185,7 +281,7 @@ func WithContainerExtension(name string, extension interface{}) NewContainerOpts
 
 		any, err := typeurl.MarshalAny(extension)
 		if err != nil {
-			if errors.Cause(err) == typeurl.ErrNotFound {
+			if errors.Is(err, typeurl.ErrNotFound) {
 				return errors.Wrapf(err, "extension %q is not registered with the typeurl package, see `typeurl.Register`", name)
 			}
 			return errors.Wrap(err, "error marshalling extension")
@@ -223,3 +319,8 @@ func WithSpec(s *oci.Spec, opts ...oci.SpecOpts) NewContainerOpts {
 		return err
 	}
 }
+
+// WithoutRefreshedMetadata will use the current metadata attached to the container object
+func WithoutRefreshedMetadata(i *InfoConfig) {
+	i.Refresh = false
+}
diff --git a/vendor/github.com/containerd/containerd/container_opts_unix.go b/vendor/github.com/containerd/containerd/container_opts_unix.go
index c0622f67fe8df..b109a10ecb4bb 100644
--- a/vendor/github.com/containerd/containerd/container_opts_unix.go
+++ b/vendor/github.com/containerd/containerd/container_opts_unix.go
@@ -26,81 +26,11 @@ import (
 	"syscall"
 
 	"github.com/containerd/containerd/containers"
-	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/errdefs"
-	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/mount"
-	"github.com/containerd/containerd/platforms"
-	"github.com/gogo/protobuf/proto"
-	protobuf "github.com/gogo/protobuf/types"
 	"github.com/opencontainers/image-spec/identity"
-	"github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/pkg/errors"
 )
 
-// WithCheckpoint allows a container to be created from the checkpointed information
-// provided by the descriptor. The image, snapshot, and runtime specifications are
-// restored on the container
-func WithCheckpoint(im Image, snapshotKey string) NewContainerOpts {
-	// set image and rw, and spec
-	return func(ctx context.Context, client *Client, c *containers.Container) error {
-		var (
-			desc  = im.Target()
-			store = client.ContentStore()
-		)
-		index, err := decodeIndex(ctx, store, desc)
-		if err != nil {
-			return err
-		}
-		var rw *v1.Descriptor
-		for _, m := range index.Manifests {
-			switch m.MediaType {
-			case v1.MediaTypeImageLayer:
-				fk := m
-				rw = &fk
-			case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList:
-				config, err := images.Config(ctx, store, m, platforms.Default())
-				if err != nil {
-					return errors.Wrap(err, "unable to resolve image config")
-				}
-				diffIDs, err := images.RootFS(ctx, store, config)
-				if err != nil {
-					return errors.Wrap(err, "unable to get rootfs")
-				}
-				setSnapshotterIfEmpty(c)
-				if _, err := client.SnapshotService(c.Snapshotter).Prepare(ctx, snapshotKey, identity.ChainID(diffIDs).String()); err != nil {
-					if !errdefs.IsAlreadyExists(err) {
-						return err
-					}
-				}
-				c.Image = index.Annotations["image.name"]
-			case images.MediaTypeContainerd1CheckpointConfig:
-				data, err := content.ReadBlob(ctx, store, m)
-				if err != nil {
-					return errors.Wrap(err, "unable to read checkpoint config")
-				}
-				var any protobuf.Any
-				if err := proto.Unmarshal(data, &any); err != nil {
-					return err
-				}
-				c.Spec = &any
-			}
-		}
-		if rw != nil {
-			// apply the rw snapshot to the new rw layer
-			mounts, err := client.SnapshotService(c.Snapshotter).Mounts(ctx, snapshotKey)
-			if err != nil {
-				return errors.Wrapf(err, "unable to get mounts for %s", snapshotKey)
-			}
-			if _, err := client.DiffService().Apply(ctx, *rw, mounts); err != nil {
-				return errors.Wrap(err, "unable to apply rw diff")
-			}
-		}
-		c.SnapshotKey = snapshotKey
-		return nil
-	}
-}
-
 // WithRemappedSnapshot creates a new snapshot and remaps the uid/gid for the
 // filesystem to be used by a container with user namespaces
 func WithRemappedSnapshot(id string, i Image, uid, gid uint32) NewContainerOpts {
@@ -114,18 +44,23 @@ func WithRemappedSnapshotView(id string, i Image, uid, gid uint32) NewContainerO
 
 func withRemappedSnapshotBase(id string, i Image, uid, gid uint32, readonly bool) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
-		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), platforms.Default())
+		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), client.platform)
 		if err != nil {
 			return err
 		}
 
-		setSnapshotterIfEmpty(c)
-
 		var (
-			snapshotter = client.SnapshotService(c.Snapshotter)
-			parent      = identity.ChainID(diffIDs).String()
-			usernsID    = fmt.Sprintf("%s-%d-%d", parent, uid, gid)
+			parent   = identity.ChainID(diffIDs).String()
+			usernsID = fmt.Sprintf("%s-%d-%d", parent, uid, gid)
 		)
+		c.Snapshotter, err = client.resolveSnapshotterName(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
+		snapshotter, err := client.getSnapshotter(ctx, c.Snapshotter)
+		if err != nil {
+			return err
+		}
 		if _, err := snapshotter.Stat(ctx, usernsID); err == nil {
 			if _, err := snapshotter.Prepare(ctx, id, usernsID); err == nil {
 				c.SnapshotKey = id
diff --git a/vendor/github.com/containerd/containerd/container_restore_opts.go b/vendor/github.com/containerd/containerd/container_restore_opts.go
new file mode 100644
index 0000000000000..fb60e8de9d695
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/container_restore_opts.go
@@ -0,0 +1,149 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
+	"github.com/gogo/protobuf/proto"
+	ptypes "github.com/gogo/protobuf/types"
+	"github.com/opencontainers/image-spec/identity"
+	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+var (
+	// ErrImageNameNotFoundInIndex is returned when the image name is not found in the index
+	ErrImageNameNotFoundInIndex = errors.New("image name not found in index")
+	// ErrRuntimeNameNotFoundInIndex is returned when the runtime is not found in the index
+	ErrRuntimeNameNotFoundInIndex = errors.New("runtime not found in index")
+	// ErrSnapshotterNameNotFoundInIndex is returned when the snapshotter is not found in the index
+	ErrSnapshotterNameNotFoundInIndex = errors.New("snapshotter not found in index")
+)
+
+// RestoreOpts are options to manage the restore operation
+type RestoreOpts func(context.Context, string, *Client, Image, *imagespec.Index) NewContainerOpts
+
+// WithRestoreImage restores the image for the container
+func WithRestoreImage(ctx context.Context, id string, client *Client, checkpoint Image, index *imagespec.Index) NewContainerOpts {
+	return func(ctx context.Context, client *Client, c *containers.Container) error {
+		name, ok := index.Annotations[checkpointImageNameLabel]
+		if !ok || name == "" {
+			return ErrRuntimeNameNotFoundInIndex
+		}
+		snapshotter, ok := index.Annotations[checkpointSnapshotterNameLabel]
+		if !ok || name == "" {
+			return ErrSnapshotterNameNotFoundInIndex
+		}
+		i, err := client.GetImage(ctx, name)
+		if err != nil {
+			return err
+		}
+
+		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), client.platform)
+		if err != nil {
+			return err
+		}
+		parent := identity.ChainID(diffIDs).String()
+		if _, err := client.SnapshotService(snapshotter).Prepare(ctx, id, parent); err != nil {
+			return err
+		}
+		c.Image = i.Name()
+		c.SnapshotKey = id
+		c.Snapshotter = snapshotter
+		return nil
+	}
+}
+
+// WithRestoreRuntime restores the runtime for the container
+func WithRestoreRuntime(ctx context.Context, id string, client *Client, checkpoint Image, index *imagespec.Index) NewContainerOpts {
+	return func(ctx context.Context, client *Client, c *containers.Container) error {
+		name, ok := index.Annotations[checkpointRuntimeNameLabel]
+		if !ok {
+			return ErrRuntimeNameNotFoundInIndex
+		}
+
+		// restore options if present
+		m, err := GetIndexByMediaType(index, images.MediaTypeContainerd1CheckpointRuntimeOptions)
+		if err != nil {
+			if err != ErrMediaTypeNotFound {
+				return err
+			}
+		}
+		var options ptypes.Any
+		if m != nil {
+			store := client.ContentStore()
+			data, err := content.ReadBlob(ctx, store, *m)
+			if err != nil {
+				return errors.Wrap(err, "unable to read checkpoint runtime")
+			}
+			if err := proto.Unmarshal(data, &options); err != nil {
+				return err
+			}
+		}
+
+		c.Runtime = containers.RuntimeInfo{
+			Name:    name,
+			Options: &options,
+		}
+		return nil
+	}
+}
+
+// WithRestoreSpec restores the spec from the checkpoint for the container
+func WithRestoreSpec(ctx context.Context, id string, client *Client, checkpoint Image, index *imagespec.Index) NewContainerOpts {
+	return func(ctx context.Context, client *Client, c *containers.Container) error {
+		m, err := GetIndexByMediaType(index, images.MediaTypeContainerd1CheckpointConfig)
+		if err != nil {
+			return err
+		}
+		store := client.ContentStore()
+		data, err := content.ReadBlob(ctx, store, *m)
+		if err != nil {
+			return errors.Wrap(err, "unable to read checkpoint config")
+		}
+		var any ptypes.Any
+		if err := proto.Unmarshal(data, &any); err != nil {
+			return err
+		}
+		c.Spec = &any
+		return nil
+	}
+}
+
+// WithRestoreRW restores the rw layer from the checkpoint for the container
+func WithRestoreRW(ctx context.Context, id string, client *Client, checkpoint Image, index *imagespec.Index) NewContainerOpts {
+	return func(ctx context.Context, client *Client, c *containers.Container) error {
+		// apply rw layer
+		rw, err := GetIndexByMediaType(index, imagespec.MediaTypeImageLayerGzip)
+		if err != nil {
+			return err
+		}
+		mounts, err := client.SnapshotService(c.Snapshotter).Mounts(ctx, c.SnapshotKey)
+		if err != nil {
+			return err
+		}
+
+		if _, err := client.DiffService().Apply(ctx, *rw, mounts); err != nil {
+			return err
+		}
+		return nil
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/containers/containers.go b/vendor/github.com/containerd/containerd/containers/containers.go
index a658b57082d70..7174bbd6aa6fb 100644
--- a/vendor/github.com/containerd/containerd/containers/containers.go
+++ b/vendor/github.com/containerd/containerd/containers/containers.go
@@ -49,7 +49,7 @@ type Container struct {
 	// This property is required and immutable.
 	Runtime RuntimeInfo
 
-	// Spec should carry the the runtime specification used to implement the
+	// Spec should carry the runtime specification used to implement the
 	// container.
 	//
 	// This field is required but mutable.
@@ -86,6 +86,10 @@ type RuntimeInfo struct {
 
 // Store interacts with the underlying container storage
 type Store interface {
+	// Get a container using the id.
+	//
+	// Container object is returned on success. If the id is not known to the
+	// store, an error will be returned.
 	Get(ctx context.Context, id string) (Container, error)
 
 	// List returns containers that match one or more of the provided filters.
diff --git a/vendor/github.com/containerd/containerd/content/adaptor.go b/vendor/github.com/containerd/containerd/content/adaptor.go
new file mode 100644
index 0000000000000..88bad2610e8af
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/content/adaptor.go
@@ -0,0 +1,52 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package content
+
+import (
+	"strings"
+
+	"github.com/containerd/containerd/filters"
+)
+
+// AdaptInfo returns `filters.Adaptor` that handles `content.Info`.
+func AdaptInfo(info Info) filters.Adaptor {
+	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
+		if len(fieldpath) == 0 {
+			return "", false
+		}
+
+		switch fieldpath[0] {
+		case "digest":
+			return info.Digest.String(), true
+		case "size":
+			// TODO: support size based filtering
+		case "labels":
+			return checkMap(fieldpath[1:], info.Labels)
+		}
+
+		return "", false
+	})
+}
+
+func checkMap(fieldpath []string, m map[string]string) (string, bool) {
+	if len(m) == 0 {
+		return "", false
+	}
+
+	value, ok := m[strings.Join(fieldpath, ".")]
+	return value, ok
+}
diff --git a/vendor/github.com/containerd/containerd/content/content.go b/vendor/github.com/containerd/containerd/content/content.go
index aabf4c8f31ea5..ff17a8417b39b 100644
--- a/vendor/github.com/containerd/containerd/content/content.go
+++ b/vendor/github.com/containerd/containerd/content/content.go
@@ -37,7 +37,7 @@ type Provider interface {
 	// ReaderAt only requires desc.Digest to be set.
 	// Other fields in the descriptor may be used internally for resolving
 	// the location of the actual data.
-	ReaderAt(ctx context.Context, dec ocispec.Descriptor) (ReaderAt, error)
+	ReaderAt(ctx context.Context, desc ocispec.Descriptor) (ReaderAt, error)
 }
 
 // Ingester writes content
@@ -110,8 +110,9 @@ type IngestManager interface {
 
 // Writer handles the write of content into a content store
 type Writer interface {
-	// Close is expected to be called after Commit() when commission is needed.
-	// Closing a writer without commit allows resuming or aborting.
+	// Close closes the writer, if the writer has not been
+	// committed this allows resuming or aborting.
+	// Calling Close on a closed writer will not error.
 	io.WriteCloser
 
 	// Digest may return empty digest or panics until committed.
@@ -119,6 +120,8 @@ type Writer interface {
 
 	// Commit commits the blob (but no roll-back is guaranteed on an error).
 	// size and expected can be zero-value when unknown.
+	// Commit always closes the writer, even on error.
+	// ErrAlreadyExists aborts the writer.
 	Commit(ctx context.Context, size int64, expected digest.Digest, opts ...Opt) error
 
 	// Status returns the current state of write
diff --git a/vendor/github.com/containerd/containerd/content/helpers.go b/vendor/github.com/containerd/containerd/content/helpers.go
index 3e231408d55ec..00fae1fc80d87 100644
--- a/vendor/github.com/containerd/containerd/content/helpers.go
+++ b/vendor/github.com/containerd/containerd/content/helpers.go
@@ -55,7 +55,14 @@ func ReadBlob(ctx context.Context, provider Provider, desc ocispec.Descriptor) (
 
 	p := make([]byte, ra.Size())
 
-	_, err = ra.ReadAt(p, 0)
+	n, err := ra.ReadAt(p, 0)
+	if err == io.EOF {
+		if int64(n) != ra.Size() {
+			err = io.ErrUnexpectedEOF
+		} else {
+			err = nil
+		}
+	}
 	return p, err
 }
 
@@ -137,9 +144,14 @@ func Copy(ctx context.Context, cw Writer, r io.Reader, size int64, expected dige
 		}
 	}
 
-	if _, err := copyWithBuffer(cw, r); err != nil {
+	copied, err := copyWithBuffer(cw, r)
+	if err != nil {
 		return errors.Wrap(err, "failed to copy")
 	}
+	if size != 0 && copied < size-ws.Offset {
+		// Short writes would return its own error, this indicates a read failure
+		return errors.Wrapf(io.ErrUnexpectedEOF, "failed to read expected number of bytes")
+	}
 
 	if err := cw.Commit(ctx, size, expected, opts...); err != nil {
 		if !errdefs.IsAlreadyExists(err) {
@@ -158,8 +170,37 @@ func CopyReaderAt(cw Writer, ra ReaderAt, n int64) error {
 		return err
 	}
 
-	_, err = copyWithBuffer(cw, io.NewSectionReader(ra, ws.Offset, n))
-	return err
+	copied, err := copyWithBuffer(cw, io.NewSectionReader(ra, ws.Offset, n))
+	if err != nil {
+		return errors.Wrap(err, "failed to copy")
+	}
+	if copied < n {
+		// Short writes would return its own error, this indicates a read failure
+		return errors.Wrap(io.ErrUnexpectedEOF, "failed to read expected number of bytes")
+	}
+	return nil
+}
+
+// CopyReader copies to a writer from a given reader, returning
+// the number of bytes copied.
+// Note: if the writer has a non-zero offset, the total number
+// of bytes read may be greater than those copied if the reader
+// is not an io.Seeker.
+// This copy does not commit the writer.
+func CopyReader(cw Writer, r io.Reader) (int64, error) {
+	ws, err := cw.Status()
+	if err != nil {
+		return 0, errors.Wrap(err, "failed to get status")
+	}
+
+	if ws.Offset > 0 {
+		r, err = seekReader(r, ws.Offset, 0)
+		if err != nil {
+			return 0, errors.Wrapf(err, "unable to resume write to %v", ws.Ref)
+		}
+	}
+
+	return copyWithBuffer(cw, r)
 }
 
 // seekReader attempts to seek the reader to the given offset, either by
@@ -200,9 +241,47 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) {
 	return r, nil
 }
 
+// copyWithBuffer is very similar to  io.CopyBuffer https://golang.org/pkg/io/#CopyBuffer
+// but instead of using Read to read from the src, we use ReadAtLeast to make sure we have
+// a full buffer before we do a write operation to dst to reduce overheads associated
+// with the write operations of small buffers.
 func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) {
-	buf := bufPool.Get().(*[]byte)
-	written, err = io.CopyBuffer(dst, src, *buf)
-	bufPool.Put(buf)
+	// If the reader has a WriteTo method, use it to do the copy.
+	// Avoids an allocation and a copy.
+	if wt, ok := src.(io.WriterTo); ok {
+		return wt.WriteTo(dst)
+	}
+	// Similarly, if the writer has a ReadFrom method, use it to do the copy.
+	if rt, ok := dst.(io.ReaderFrom); ok {
+		return rt.ReadFrom(src)
+	}
+	bufRef := bufPool.Get().(*[]byte)
+	defer bufPool.Put(bufRef)
+	buf := *bufRef
+	for {
+		nr, er := io.ReadAtLeast(src, buf, len(buf))
+		if nr > 0 {
+			nw, ew := dst.Write(buf[0:nr])
+			if nw > 0 {
+				written += int64(nw)
+			}
+			if ew != nil {
+				err = ew
+				break
+			}
+			if nr != nw {
+				err = io.ErrShortWrite
+				break
+			}
+		}
+		if er != nil {
+			// If an EOF happens after reading fewer than the requested bytes,
+			// ReadAtLeast returns ErrUnexpectedEOF.
+			if er != io.EOF && er != io.ErrUnexpectedEOF {
+				err = er
+			}
+			break
+		}
+	}
 	return
 }
diff --git a/vendor/github.com/containerd/containerd/content/local/locks.go b/vendor/github.com/containerd/containerd/content/local/locks.go
index 411c29a9d914e..d1d2d564df247 100644
--- a/vendor/github.com/containerd/containerd/content/local/locks.go
+++ b/vendor/github.com/containerd/containerd/content/local/locks.go
@@ -18,6 +18,7 @@ package local
 
 import (
 	"sync"
+	"time"
 
 	"github.com/containerd/containerd/errdefs"
 	"github.com/pkg/errors"
@@ -25,9 +26,13 @@ import (
 
 // Handles locking references
 
+type lock struct {
+	since time.Time
+}
+
 var (
 	// locks lets us lock in process
-	locks   = map[string]struct{}{}
+	locks   = make(map[string]*lock)
 	locksMu sync.Mutex
 )
 
@@ -35,11 +40,11 @@ func tryLock(ref string) error {
 	locksMu.Lock()
 	defer locksMu.Unlock()
 
-	if _, ok := locks[ref]; ok {
-		return errors.Wrapf(errdefs.ErrUnavailable, "ref %s locked", ref)
+	if v, ok := locks[ref]; ok {
+		return errors.Wrapf(errdefs.ErrUnavailable, "ref %s locked since %s", ref, v.since)
 	}
 
-	locks[ref] = struct{}{}
+	locks[ref] = &lock{time.Now()}
 	return nil
 }
 
@@ -47,7 +52,5 @@ func unlock(ref string) {
 	locksMu.Lock()
 	defer locksMu.Unlock()
 
-	if _, ok := locks[ref]; ok {
-		delete(locks, ref)
-	}
+	delete(locks, ref)
 }
diff --git a/vendor/github.com/containerd/containerd/content/local/readerat.go b/vendor/github.com/containerd/containerd/content/local/readerat.go
index 42b99dc42bb5e..5d3ae03903822 100644
--- a/vendor/github.com/containerd/containerd/content/local/readerat.go
+++ b/vendor/github.com/containerd/containerd/content/local/readerat.go
@@ -18,6 +18,11 @@ package local
 
 import (
 	"os"
+
+	"github.com/pkg/errors"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
 )
 
 // readerat implements io.ReaderAt in a completely stateless manner by opening
@@ -27,6 +32,29 @@ type sizeReaderAt struct {
 	fp   *os.File
 }
 
+// OpenReader creates ReaderAt from a file
+func OpenReader(p string) (content.ReaderAt, error) {
+	fi, err := os.Stat(p)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return nil, err
+		}
+
+		return nil, errors.Wrap(errdefs.ErrNotFound, "blob not found")
+	}
+
+	fp, err := os.Open(p)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return nil, err
+		}
+
+		return nil, errors.Wrap(errdefs.ErrNotFound, "blob not found")
+	}
+
+	return sizeReaderAt{size: fi.Size(), fp: fp}, nil
+}
+
 func (ra sizeReaderAt) ReadAt(p []byte, offset int64) (int, error) {
 	return ra.fp.ReadAt(p, offset)
 }
diff --git a/vendor/github.com/containerd/containerd/content/local/store.go b/vendor/github.com/containerd/containerd/content/local/store.go
index 7fa9bb736a9e3..314d913673bb1 100644
--- a/vendor/github.com/containerd/containerd/content/local/store.go
+++ b/vendor/github.com/containerd/containerd/content/local/store.go
@@ -33,8 +33,8 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/filters"
 	"github.com/containerd/containerd/log"
+	"github.com/sirupsen/logrus"
 
-	"github.com/containerd/continuity"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -92,7 +92,11 @@ func NewLabeledStore(root string, ls LabelStore) (content.Store, error) {
 }
 
 func (s *store) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
-	p := s.blobPath(dgst)
+	p, err := s.blobPath(dgst)
+	if err != nil {
+		return content.Info{}, errors.Wrapf(err, "calculating blob info path")
+	}
+
 	fi, err := os.Stat(p)
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -123,26 +127,17 @@ func (s *store) info(dgst digest.Digest, fi os.FileInfo, labels map[string]strin
 
 // ReaderAt returns an io.ReaderAt for the blob.
 func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
-	p := s.blobPath(desc.Digest)
-	fi, err := os.Stat(p)
+	p, err := s.blobPath(desc.Digest)
 	if err != nil {
-		if !os.IsNotExist(err) {
-			return nil, err
-		}
-
-		return nil, errors.Wrapf(errdefs.ErrNotFound, "blob %s expected at %s", desc.Digest, p)
+		return nil, errors.Wrapf(err, "calculating blob path for ReaderAt")
 	}
 
-	fp, err := os.Open(p)
+	reader, err := OpenReader(p)
 	if err != nil {
-		if !os.IsNotExist(err) {
-			return nil, err
-		}
-
-		return nil, errors.Wrapf(errdefs.ErrNotFound, "blob %s expected at %s", desc.Digest, p)
+		return nil, errors.Wrapf(err, "blob %s expected at %s", desc.Digest, p)
 	}
 
-	return sizeReaderAt{size: fi.Size(), fp: fp}, nil
+	return reader, nil
 }
 
 // Delete removes a blob by its digest.
@@ -150,7 +145,12 @@ func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.
 // While this is safe to do concurrently, safe exist-removal logic must hold
 // some global lock on the store.
 func (s *store) Delete(ctx context.Context, dgst digest.Digest) error {
-	if err := os.RemoveAll(s.blobPath(dgst)); err != nil {
+	bp, err := s.blobPath(dgst)
+	if err != nil {
+		return errors.Wrapf(err, "calculating blob path for delete")
+	}
+
+	if err := os.RemoveAll(bp); err != nil {
 		if !os.IsNotExist(err) {
 			return err
 		}
@@ -166,7 +166,11 @@ func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...str
 		return content.Info{}, errors.Wrapf(errdefs.ErrFailedPrecondition, "update not supported on immutable content store")
 	}
 
-	p := s.blobPath(info.Digest)
+	p, err := s.blobPath(info.Digest)
+	if err != nil {
+		return content.Info{}, errors.Wrapf(err, "calculating blob path for update")
+	}
+
 	fi, err := os.Stat(p)
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -224,9 +228,14 @@ func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...str
 	return info, nil
 }
 
-func (s *store) Walk(ctx context.Context, fn content.WalkFunc, filters ...string) error {
-	// TODO: Support filters
+func (s *store) Walk(ctx context.Context, fn content.WalkFunc, fs ...string) error {
 	root := filepath.Join(s.root, "blobs")
+
+	filter, err := filters.ParseAll(fs...)
+	if err != nil {
+		return err
+	}
+
 	var alg digest.Algorithm
 	return filepath.Walk(root, func(path string, fi os.FileInfo, err error) error {
 		if err != nil {
@@ -270,7 +279,12 @@ func (s *store) Walk(ctx context.Context, fn content.WalkFunc, filters ...string
 				return err
 			}
 		}
-		return fn(s.info(dgst, fi, labels))
+
+		info := s.info(dgst, fi, labels)
+		if !filter.Match(content.AdaptInfo(info)) {
+			return nil
+		}
+		return fn(info)
 	})
 }
 
@@ -451,7 +465,6 @@ func (s *store) Writer(ctx context.Context, opts ...content.WriterOpt) (content.
 	}
 	var lockErr error
 	for count := uint64(0); count < 10; count++ {
-		time.Sleep(time.Millisecond * time.Duration(rand.Intn(1<<count)))
 		if err := tryLock(wOpts.Ref); err != nil {
 			if !errdefs.IsUnavailable(err) {
 				return nil, err
@@ -462,6 +475,7 @@ func (s *store) Writer(ctx context.Context, opts ...content.WriterOpt) (content.
 			lockErr = nil
 			break
 		}
+		time.Sleep(time.Millisecond * time.Duration(rand.Intn(1<<count)))
 	}
 
 	if lockErr != nil {
@@ -477,13 +491,45 @@ func (s *store) Writer(ctx context.Context, opts ...content.WriterOpt) (content.
 	return w, nil // lock is now held by w.
 }
 
+func (s *store) resumeStatus(ref string, total int64, digester digest.Digester) (content.Status, error) {
+	path, _, data := s.ingestPaths(ref)
+	status, err := s.status(path)
+	if err != nil {
+		return status, errors.Wrap(err, "failed reading status of resume write")
+	}
+	if ref != status.Ref {
+		// NOTE(stevvooe): This is fairly catastrophic. Either we have some
+		// layout corruption or a hash collision for the ref key.
+		return status, errors.Errorf("ref key does not match: %v != %v", ref, status.Ref)
+	}
+
+	if total > 0 && status.Total > 0 && total != status.Total {
+		return status, errors.Errorf("provided total differs from status: %v != %v", total, status.Total)
+	}
+
+	// TODO(stevvooe): slow slow slow!!, send to goroutine or use resumable hashes
+	fp, err := os.Open(data)
+	if err != nil {
+		return status, err
+	}
+
+	p := bufPool.Get().(*[]byte)
+	status.Offset, err = io.CopyBuffer(digester.Hash(), fp, *p)
+	bufPool.Put(p)
+	fp.Close()
+	return status, err
+}
+
 // writer provides the main implementation of the Writer method. The caller
 // must hold the lock correctly and release on error if there is a problem.
 func (s *store) writer(ctx context.Context, ref string, total int64, expected digest.Digest) (content.Writer, error) {
 	// TODO(stevvooe): Need to actually store expected here. We have
 	// code in the service that shouldn't be dealing with this.
 	if expected != "" {
-		p := s.blobPath(expected)
+		p, err := s.blobPath(expected)
+		if err != nil {
+			return nil, errors.Wrap(err, "calculating expected blob path for writer")
+		}
 		if _, err := os.Stat(p); err == nil {
 			return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", expected)
 		}
@@ -498,46 +544,25 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di
 		updatedAt time.Time
 	)
 
+	foundValidIngest := false
 	// ensure that the ingest path has been created.
 	if err := os.Mkdir(path, 0755); err != nil {
 		if !os.IsExist(err) {
 			return nil, err
 		}
-
-		status, err := s.status(path)
-		if err != nil {
-			return nil, errors.Wrap(err, "failed reading status of resume write")
-		}
-
-		if ref != status.Ref {
-			// NOTE(stevvooe): This is fairly catastrophic. Either we have some
-			// layout corruption or a hash collision for the ref key.
-			return nil, errors.Wrapf(err, "ref key does not match: %v != %v", ref, status.Ref)
-		}
-
-		if total > 0 && status.Total > 0 && total != status.Total {
-			return nil, errors.Errorf("provided total differs from status: %v != %v", total, status.Total)
-		}
-
-		// TODO(stevvooe): slow slow slow!!, send to goroutine or use resumable hashes
-		fp, err := os.Open(data)
-		if err != nil {
-			return nil, err
-		}
-		defer fp.Close()
-
-		p := bufPool.Get().(*[]byte)
-		defer bufPool.Put(p)
-
-		offset, err = io.CopyBuffer(digester.Hash(), fp, *p)
-		if err != nil {
-			return nil, err
+		status, err := s.resumeStatus(ref, total, digester)
+		if err == nil {
+			foundValidIngest = true
+			updatedAt = status.UpdatedAt
+			startedAt = status.StartedAt
+			total = status.Total
+			offset = status.Offset
+		} else {
+			logrus.Infof("failed to resume the status from path %s: %s. will recreate them", path, err.Error())
 		}
+	}
 
-		updatedAt = status.UpdatedAt
-		startedAt = status.StartedAt
-		total = status.Total
-	} else {
+	if !foundValidIngest {
 		startedAt = time.Now()
 		updatedAt = startedAt
 
@@ -547,11 +572,11 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di
 			return nil, err
 		}
 
-		if writeTimestampFile(filepath.Join(path, "startedat"), startedAt); err != nil {
+		if err := writeTimestampFile(filepath.Join(path, "startedat"), startedAt); err != nil {
 			return nil, err
 		}
 
-		if writeTimestampFile(filepath.Join(path, "updatedat"), startedAt); err != nil {
+		if err := writeTimestampFile(filepath.Join(path, "updatedat"), startedAt); err != nil {
 			return nil, err
 		}
 
@@ -599,11 +624,17 @@ func (s *store) Abort(ctx context.Context, ref string) error {
 	return nil
 }
 
-func (s *store) blobPath(dgst digest.Digest) string {
-	return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Hex())
+func (s *store) blobPath(dgst digest.Digest) (string, error) {
+	if err := dgst.Validate(); err != nil {
+		return "", errors.Wrapf(errdefs.ErrInvalidArgument, "cannot calculate blob path from invalid digest: %v", err)
+	}
+
+	return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Hex()), nil
 }
 
 func (s *store) ingestRoot(ref string) string {
+	// we take a digest of the ref to keep the ingest paths constant length.
+	// Note that this is not the current or potential digest of incoming content.
 	dgst := digest.FromString(ref)
 	return filepath.Join(s.root, "ingest", dgst.Hex())
 }
@@ -652,6 +683,19 @@ func writeTimestampFile(p string, t time.Time) error {
 	if err != nil {
 		return err
 	}
+	return atomicWrite(p, b, 0666)
+}
 
-	return continuity.AtomicWriteFile(p, b, 0666)
+func atomicWrite(path string, data []byte, mode os.FileMode) error {
+	tmp := fmt.Sprintf("%s.tmp", path)
+	f, err := os.OpenFile(tmp, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_SYNC, mode)
+	if err != nil {
+		return errors.Wrap(err, "create tmp file")
+	}
+	_, err = f.Write(data)
+	f.Close()
+	if err != nil {
+		return errors.Wrap(err, "write atomic data")
+	}
+	return os.Rename(tmp, path)
 }
diff --git a/vendor/github.com/containerd/containerd/content/local/store_bsd.go b/vendor/github.com/containerd/containerd/content/local/store_bsd.go
new file mode 100644
index 0000000000000..da149a2fdae10
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/content/local/store_bsd.go
@@ -0,0 +1,33 @@
+// +build darwin freebsd netbsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package local
+
+import (
+	"os"
+	"syscall"
+	"time"
+)
+
+func getATime(fi os.FileInfo) time.Time {
+	if st, ok := fi.Sys().(*syscall.Stat_t); ok {
+		return time.Unix(int64(st.Atimespec.Sec), int64(st.Atimespec.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well.
+	}
+
+	return fi.ModTime()
+}
diff --git a/vendor/github.com/containerd/containerd/content/local/store_openbsd.go b/vendor/github.com/containerd/containerd/content/local/store_openbsd.go
new file mode 100644
index 0000000000000..f34f0dad2b986
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/content/local/store_openbsd.go
@@ -0,0 +1,33 @@
+// +build openbsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package local
+
+import (
+	"os"
+	"syscall"
+	"time"
+)
+
+func getATime(fi os.FileInfo) time.Time {
+	if st, ok := fi.Sys().(*syscall.Stat_t); ok {
+		return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well.
+	}
+
+	return fi.ModTime()
+}
diff --git a/vendor/github.com/containerd/containerd/content/local/store_unix.go b/vendor/github.com/containerd/containerd/content/local/store_unix.go
index f5f34fd0cde71..69a74bab0eab0 100644
--- a/vendor/github.com/containerd/containerd/content/local/store_unix.go
+++ b/vendor/github.com/containerd/containerd/content/local/store_unix.go
@@ -1,4 +1,4 @@
-// +build linux solaris darwin freebsd
+// +build linux solaris
 
 /*
    Copyright The containerd Authors.
@@ -22,13 +22,11 @@ import (
 	"os"
 	"syscall"
 	"time"
-
-	"github.com/containerd/containerd/sys"
 )
 
 func getATime(fi os.FileInfo) time.Time {
 	if st, ok := fi.Sys().(*syscall.Stat_t); ok {
-		return sys.StatATimeAsTime(st)
+		return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well.
 	}
 
 	return fi.ModTime()
diff --git a/vendor/github.com/containerd/containerd/content/local/writer.go b/vendor/github.com/containerd/containerd/content/local/writer.go
index 10df4a4c54084..0a11f4d912eac 100644
--- a/vendor/github.com/containerd/containerd/content/local/writer.go
+++ b/vendor/github.com/containerd/containerd/content/local/writer.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/log"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
@@ -73,6 +74,9 @@ func (w *writer) Write(p []byte) (n int, err error) {
 }
 
 func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error {
+	// Ensure even on error the writer is fully closed
+	defer unlock(w.ref)
+
 	var base content.Info
 	for _, opt := range opts {
 		if err := opt(&base); err != nil {
@@ -80,48 +84,39 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
 		}
 	}
 
-	if w.fp == nil {
+	fp := w.fp
+	w.fp = nil
+
+	if fp == nil {
 		return errors.Wrap(errdefs.ErrFailedPrecondition, "cannot commit on closed writer")
 	}
 
-	if err := w.fp.Sync(); err != nil {
+	if err := fp.Sync(); err != nil {
+		fp.Close()
 		return errors.Wrap(err, "sync failed")
 	}
 
-	fi, err := w.fp.Stat()
+	fi, err := fp.Stat()
+	closeErr := fp.Close()
 	if err != nil {
 		return errors.Wrap(err, "stat on ingest file failed")
 	}
-
-	// change to readonly, more important for read, but provides _some_
-	// protection from this point on. We use the existing perms with a mask
-	// only allowing reads honoring the umask on creation.
-	//
-	// This removes write and exec, only allowing read per the creation umask.
-	//
-	// NOTE: Windows does not support this operation
-	if runtime.GOOS != "windows" {
-		if err := w.fp.Chmod((fi.Mode() & os.ModePerm) &^ 0333); err != nil {
-			return errors.Wrap(err, "failed to change ingest file permissions")
-		}
+	if closeErr != nil {
+		return errors.Wrap(err, "failed to close ingest file")
 	}
 
 	if size > 0 && size != fi.Size() {
-		return errors.Errorf("unexpected commit size %d, expected %d", fi.Size(), size)
-	}
-
-	if err := w.fp.Close(); err != nil {
-		return errors.Wrap(err, "failed closing ingest")
+		return errors.Wrapf(errdefs.ErrFailedPrecondition, "unexpected commit size %d, expected %d", fi.Size(), size)
 	}
 
 	dgst := w.digester.Digest()
 	if expected != "" && expected != dgst {
-		return errors.Errorf("unexpected commit digest %s, expected %s", dgst, expected)
+		return errors.Wrapf(errdefs.ErrFailedPrecondition, "unexpected commit digest %s, expected %s", dgst, expected)
 	}
 
 	var (
-		ingest = filepath.Join(w.path, "data")
-		target = w.s.blobPath(dgst)
+		ingest    = filepath.Join(w.path, "data")
+		target, _ = w.s.blobPath(dgst) // ignore error because we calculated this dgst
 	)
 
 	// make sure parent directories of blob exist
@@ -129,27 +124,48 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
 		return err
 	}
 
-	// clean up!!
-	defer os.RemoveAll(w.path)
-
 	if _, err := os.Stat(target); err == nil {
 		// collision with the target file!
+		if err := os.RemoveAll(w.path); err != nil {
+			log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Errorf("failed to remove ingest directory")
+		}
 		return errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", dgst)
 	}
+
 	if err := os.Rename(ingest, target); err != nil {
 		return err
 	}
+
+	// Ingest has now been made available in the content store, attempt to complete
+	// setting metadata but errors should only be logged and not returned since
+	// the content store cannot be cleanly rolled back.
+
 	commitTime := time.Now()
 	if err := os.Chtimes(target, commitTime, commitTime); err != nil {
-		return err
+		log.G(ctx).WithField("digest", dgst).Errorf("failed to change file time to commit time")
 	}
 
-	w.fp = nil
-	unlock(w.ref)
+	// clean up!!
+	if err := os.RemoveAll(w.path); err != nil {
+		log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Errorf("failed to remove ingest directory")
+	}
 
 	if w.s.ls != nil && base.Labels != nil {
 		if err := w.s.ls.Set(dgst, base.Labels); err != nil {
-			return err
+			log.G(ctx).WithField("digest", dgst).Errorf("failed to set labels")
+		}
+	}
+
+	// change to readonly, more important for read, but provides _some_
+	// protection from this point on. We use the existing perms with a mask
+	// only allowing reads honoring the umask on creation.
+	//
+	// This removes write and exec, only allowing read per the creation umask.
+	//
+	// NOTE: Windows does not support this operation
+	if runtime.GOOS != "windows" {
+		if err := os.Chmod(target, (fi.Mode()&os.ModePerm)&^0333); err != nil {
+			log.G(ctx).WithField("ref", w.ref).Errorf("failed to make readonly")
 		}
 	}
 
diff --git a/vendor/github.com/containerd/containerd/content/proxy/content_reader.go b/vendor/github.com/containerd/containerd/content/proxy/content_reader.go
index b06e48fa97235..2947a7c8217d5 100644
--- a/vendor/github.com/containerd/containerd/content/proxy/content_reader.go
+++ b/vendor/github.com/containerd/containerd/content/proxy/content_reader.go
@@ -40,7 +40,13 @@ func (ra *remoteReaderAt) ReadAt(p []byte, off int64) (n int, err error) {
 		Offset: off,
 		Size_:  int64(len(p)),
 	}
-	rc, err := ra.client.Read(ra.ctx, rr)
+	// we need a child context with cancel, or the eventually called
+	// grpc.NewStream will leak the goroutine until the whole thing is cleared.
+	// See comment at https://godoc.org/google.golang.org/grpc#ClientConn.NewStream
+	childCtx, cancel := context.WithCancel(ra.ctx)
+	// we MUST cancel the child context; see comment above
+	defer cancel()
+	rc, err := ra.client.Read(childCtx, rr)
 	if err != nil {
 		return 0, err
 	}
diff --git a/vendor/github.com/containerd/containerd/content/proxy/content_writer.go b/vendor/github.com/containerd/containerd/content/proxy/content_writer.go
index 5434a156864cd..8423335988783 100644
--- a/vendor/github.com/containerd/containerd/content/proxy/content_writer.go
+++ b/vendor/github.com/containerd/containerd/content/proxy/content_writer.go
@@ -97,7 +97,14 @@ func (rw *remoteWriter) Write(p []byte) (n int, err error) {
 	return
 }
 
-func (rw *remoteWriter) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error {
+func (rw *remoteWriter) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) (err error) {
+	defer func() {
+		err1 := rw.Close()
+		if err == nil {
+			err = err1
+		}
+	}()
+
 	var base content.Info
 	for _, opt := range opts {
 		if err := opt(&base); err != nil {
diff --git a/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go b/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go
new file mode 100644
index 0000000000000..6a351771ffc38
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go
@@ -0,0 +1,211 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package nvidia
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/oci"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// NvidiaCLI is the path to the Nvidia helper binary
+const NvidiaCLI = "nvidia-container-cli"
+
+// Capability specifies capabilities for the gpu inside the container
+// Detailed explanation of options can be found:
+// https://github.com/nvidia/nvidia-container-runtime#supported-driver-capabilities
+type Capability string
+
+const (
+	// Compute capability
+	Compute Capability = "compute"
+	// Compat32 capability
+	Compat32 Capability = "compat32"
+	// Graphics capability
+	Graphics Capability = "graphics"
+	// Utility capability
+	Utility Capability = "utility"
+	// Video capability
+	Video Capability = "video"
+	// Display capability
+	Display Capability = "display"
+)
+
+// AllCaps returns the complete list of supported Nvidia capabilities.
+func AllCaps() []Capability {
+	return []Capability{
+		Compute,
+		Compat32,
+		Graphics,
+		Utility,
+		Video,
+		Display,
+	}
+}
+
+// WithGPUs adds NVIDIA gpu support to a container
+func WithGPUs(opts ...Opts) oci.SpecOpts {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		c := &config{}
+		for _, o := range opts {
+			if err := o(c); err != nil {
+				return err
+			}
+		}
+		if c.OCIHookPath == "" {
+			path, err := exec.LookPath("containerd")
+			if err != nil {
+				return err
+			}
+			c.OCIHookPath = path
+		}
+		nvidiaPath, err := exec.LookPath(NvidiaCLI)
+		if err != nil {
+			return err
+		}
+		if s.Hooks == nil {
+			s.Hooks = &specs.Hooks{}
+		}
+		s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{
+			Path: c.OCIHookPath,
+			Args: append([]string{
+				"containerd",
+				"oci-hook",
+				"--",
+				nvidiaPath,
+				// ensures the required kernel modules are properly loaded
+				"--load-kmods",
+			}, c.args()...),
+			Env: os.Environ(),
+		})
+		return nil
+	}
+}
+
+type config struct {
+	Devices      []string
+	Capabilities []Capability
+	LoadKmods    bool
+	LDCache      string
+	LDConfig     string
+	Requirements []string
+	OCIHookPath  string
+}
+
+func (c *config) args() []string {
+	var args []string
+
+	if c.LoadKmods {
+		args = append(args, "--load-kmods")
+	}
+	if c.LDCache != "" {
+		args = append(args, fmt.Sprintf("--ldcache=%s", c.LDCache))
+	}
+	args = append(args,
+		"configure",
+	)
+	if len(c.Devices) > 0 {
+		args = append(args, fmt.Sprintf("--device=%s", strings.Join(c.Devices, ",")))
+	}
+	for _, c := range c.Capabilities {
+		args = append(args, fmt.Sprintf("--%s", c))
+	}
+	if c.LDConfig != "" {
+		args = append(args, fmt.Sprintf("--ldconfig=%s", c.LDConfig))
+	}
+	for _, r := range c.Requirements {
+		args = append(args, fmt.Sprintf("--require=%s", r))
+	}
+	args = append(args, "--pid={{pid}}", "{{rootfs}}")
+	return args
+}
+
+// Opts are options for configuring gpu support
+type Opts func(*config) error
+
+// WithDevices adds the provided device indexes to the container
+func WithDevices(ids ...int) Opts {
+	return func(c *config) error {
+		for _, i := range ids {
+			c.Devices = append(c.Devices, strconv.Itoa(i))
+		}
+		return nil
+	}
+}
+
+// WithDeviceUUIDs adds the specific device UUID to the container
+func WithDeviceUUIDs(uuids ...string) Opts {
+	return func(c *config) error {
+		c.Devices = append(c.Devices, uuids...)
+		return nil
+	}
+}
+
+// WithAllDevices adds all gpus to the container
+func WithAllDevices(c *config) error {
+	c.Devices = []string{"all"}
+	return nil
+}
+
+// WithAllCapabilities adds all capabilities to the container for the gpus
+func WithAllCapabilities(c *config) error {
+	c.Capabilities = AllCaps()
+	return nil
+}
+
+// WithCapabilities adds the specified capabilities to the container for the gpus
+func WithCapabilities(caps ...Capability) Opts {
+	return func(c *config) error {
+		c.Capabilities = append(c.Capabilities, caps...)
+		return nil
+	}
+}
+
+// WithRequiredCUDAVersion sets the required cuda version
+func WithRequiredCUDAVersion(major, minor int) Opts {
+	return func(c *config) error {
+		c.Requirements = append(c.Requirements, fmt.Sprintf("cuda>=%d.%d", major, minor))
+		return nil
+	}
+}
+
+// WithOCIHookPath sets the hook path for the binary
+func WithOCIHookPath(path string) Opts {
+	return func(c *config) error {
+		c.OCIHookPath = path
+		return nil
+	}
+}
+
+// WithLookupOCIHookPath sets the hook path for the binary via a binary name
+func WithLookupOCIHookPath(name string) Opts {
+	return func(c *config) error {
+		path, err := exec.LookPath(name)
+		if err != nil {
+			return err
+		}
+		c.OCIHookPath = path
+		return nil
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp.go b/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp.go
deleted file mode 100644
index 4619681f45922..0000000000000
--- a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// +build linux
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package seccomp
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-
-	"github.com/containerd/containerd/containers"
-	"github.com/containerd/containerd/oci"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// WithProfile receives the name of a file stored on disk comprising a json
-// formatted seccomp profile, as specified by the opencontainers/runtime-spec.
-// The profile is read from the file, unmarshaled, and set to the spec.
-func WithProfile(profile string) oci.SpecOpts {
-	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
-		s.Linux.Seccomp = &specs.LinuxSeccomp{}
-		f, err := ioutil.ReadFile(profile)
-		if err != nil {
-			return fmt.Errorf("Cannot load seccomp profile %q: %v", profile, err)
-		}
-		if err := json.Unmarshal(f, s.Linux.Seccomp); err != nil {
-			return fmt.Errorf("Decoding seccomp profile failed %q: %v", profile, err)
-		}
-		return nil
-	}
-}
-
-// WithDefaultProfile sets the default seccomp profile to the spec.
-// Note: must follow the setting of process capabilities
-func WithDefaultProfile() oci.SpecOpts {
-	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
-		s.Linux.Seccomp = DefaultProfile(s)
-		return nil
-	}
-}
diff --git a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go b/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go
deleted file mode 100644
index 11b446a6ed10b..0000000000000
--- a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go
+++ /dev/null
@@ -1,581 +0,0 @@
-// +build linux
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package seccomp
-
-import (
-	"runtime"
-	"syscall"
-
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func arches() []specs.Arch {
-	switch runtime.GOARCH {
-	case "amd64":
-		return []specs.Arch{specs.ArchX86_64, specs.ArchX86, specs.ArchX32}
-	case "arm64":
-		return []specs.Arch{specs.ArchARM, specs.ArchAARCH64}
-	case "mips64":
-		return []specs.Arch{specs.ArchMIPS, specs.ArchMIPS64, specs.ArchMIPS64N32}
-	case "mips64n32":
-		return []specs.Arch{specs.ArchMIPS, specs.ArchMIPS64, specs.ArchMIPS64N32}
-	case "mipsel64":
-		return []specs.Arch{specs.ArchMIPSEL, specs.ArchMIPSEL64, specs.ArchMIPSEL64N32}
-	case "mipsel64n32":
-		return []specs.Arch{specs.ArchMIPSEL, specs.ArchMIPSEL64, specs.ArchMIPSEL64N32}
-	case "s390x":
-		return []specs.Arch{specs.ArchS390, specs.ArchS390X}
-	default:
-		return []specs.Arch{}
-	}
-}
-
-// DefaultProfile defines the whitelist for the default seccomp profile.
-func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
-	syscalls := []specs.LinuxSyscall{
-		{
-			Names: []string{
-				"accept",
-				"accept4",
-				"access",
-				"alarm",
-				"alarm",
-				"bind",
-				"brk",
-				"capget",
-				"capset",
-				"chdir",
-				"chmod",
-				"chown",
-				"chown32",
-				"clock_getres",
-				"clock_gettime",
-				"clock_nanosleep",
-				"close",
-				"connect",
-				"copy_file_range",
-				"creat",
-				"dup",
-				"dup2",
-				"dup3",
-				"epoll_create",
-				"epoll_create1",
-				"epoll_ctl",
-				"epoll_ctl_old",
-				"epoll_pwait",
-				"epoll_wait",
-				"epoll_wait_old",
-				"eventfd",
-				"eventfd2",
-				"execve",
-				"execveat",
-				"exit",
-				"exit_group",
-				"faccessat",
-				"fadvise64",
-				"fadvise64_64",
-				"fallocate",
-				"fanotify_mark",
-				"fchdir",
-				"fchmod",
-				"fchmodat",
-				"fchown",
-				"fchown32",
-				"fchownat",
-				"fcntl",
-				"fcntl64",
-				"fdatasync",
-				"fgetxattr",
-				"flistxattr",
-				"flock",
-				"fork",
-				"fremovexattr",
-				"fsetxattr",
-				"fstat",
-				"fstat64",
-				"fstatat64",
-				"fstatfs",
-				"fstatfs64",
-				"fsync",
-				"ftruncate",
-				"ftruncate64",
-				"futex",
-				"futimesat",
-				"getcpu",
-				"getcwd",
-				"getdents",
-				"getdents64",
-				"getegid",
-				"getegid32",
-				"geteuid",
-				"geteuid32",
-				"getgid",
-				"getgid32",
-				"getgroups",
-				"getgroups32",
-				"getitimer",
-				"getpeername",
-				"getpgid",
-				"getpgrp",
-				"getpid",
-				"getppid",
-				"getpriority",
-				"getrandom",
-				"getresgid",
-				"getresgid32",
-				"getresuid",
-				"getresuid32",
-				"getrlimit",
-				"get_robust_list",
-				"getrusage",
-				"getsid",
-				"getsockname",
-				"getsockopt",
-				"get_thread_area",
-				"gettid",
-				"gettimeofday",
-				"getuid",
-				"getuid32",
-				"getxattr",
-				"inotify_add_watch",
-				"inotify_init",
-				"inotify_init1",
-				"inotify_rm_watch",
-				"io_cancel",
-				"ioctl",
-				"io_destroy",
-				"io_getevents",
-				"ioprio_get",
-				"ioprio_set",
-				"io_setup",
-				"io_submit",
-				"ipc",
-				"kill",
-				"lchown",
-				"lchown32",
-				"lgetxattr",
-				"link",
-				"linkat",
-				"listen",
-				"listxattr",
-				"llistxattr",
-				"_llseek",
-				"lremovexattr",
-				"lseek",
-				"lsetxattr",
-				"lstat",
-				"lstat64",
-				"madvise",
-				"memfd_create",
-				"mincore",
-				"mkdir",
-				"mkdirat",
-				"mknod",
-				"mknodat",
-				"mlock",
-				"mlock2",
-				"mlockall",
-				"mmap",
-				"mmap2",
-				"mprotect",
-				"mq_getsetattr",
-				"mq_notify",
-				"mq_open",
-				"mq_timedreceive",
-				"mq_timedsend",
-				"mq_unlink",
-				"mremap",
-				"msgctl",
-				"msgget",
-				"msgrcv",
-				"msgsnd",
-				"msync",
-				"munlock",
-				"munlockall",
-				"munmap",
-				"nanosleep",
-				"newfstatat",
-				"_newselect",
-				"open",
-				"openat",
-				"pause",
-				"pipe",
-				"pipe2",
-				"poll",
-				"ppoll",
-				"prctl",
-				"pread64",
-				"preadv",
-				"prlimit64",
-				"pselect6",
-				"pwrite64",
-				"pwritev",
-				"read",
-				"readahead",
-				"readlink",
-				"readlinkat",
-				"readv",
-				"recv",
-				"recvfrom",
-				"recvmmsg",
-				"recvmsg",
-				"remap_file_pages",
-				"removexattr",
-				"rename",
-				"renameat",
-				"renameat2",
-				"restart_syscall",
-				"rmdir",
-				"rt_sigaction",
-				"rt_sigpending",
-				"rt_sigprocmask",
-				"rt_sigqueueinfo",
-				"rt_sigreturn",
-				"rt_sigsuspend",
-				"rt_sigtimedwait",
-				"rt_tgsigqueueinfo",
-				"sched_getaffinity",
-				"sched_getattr",
-				"sched_getparam",
-				"sched_get_priority_max",
-				"sched_get_priority_min",
-				"sched_getscheduler",
-				"sched_rr_get_interval",
-				"sched_setaffinity",
-				"sched_setattr",
-				"sched_setparam",
-				"sched_setscheduler",
-				"sched_yield",
-				"seccomp",
-				"select",
-				"semctl",
-				"semget",
-				"semop",
-				"semtimedop",
-				"send",
-				"sendfile",
-				"sendfile64",
-				"sendmmsg",
-				"sendmsg",
-				"sendto",
-				"setfsgid",
-				"setfsgid32",
-				"setfsuid",
-				"setfsuid32",
-				"setgid",
-				"setgid32",
-				"setgroups",
-				"setgroups32",
-				"setitimer",
-				"setpgid",
-				"setpriority",
-				"setregid",
-				"setregid32",
-				"setresgid",
-				"setresgid32",
-				"setresuid",
-				"setresuid32",
-				"setreuid",
-				"setreuid32",
-				"setrlimit",
-				"set_robust_list",
-				"setsid",
-				"setsockopt",
-				"set_thread_area",
-				"set_tid_address",
-				"setuid",
-				"setuid32",
-				"setxattr",
-				"shmat",
-				"shmctl",
-				"shmdt",
-				"shmget",
-				"shutdown",
-				"sigaltstack",
-				"signalfd",
-				"signalfd4",
-				"sigreturn",
-				"socket",
-				"socketcall",
-				"socketpair",
-				"splice",
-				"stat",
-				"stat64",
-				"statfs",
-				"statfs64",
-				"symlink",
-				"symlinkat",
-				"sync",
-				"sync_file_range",
-				"syncfs",
-				"sysinfo",
-				"syslog",
-				"tee",
-				"tgkill",
-				"time",
-				"timer_create",
-				"timer_delete",
-				"timerfd_create",
-				"timerfd_gettime",
-				"timerfd_settime",
-				"timer_getoverrun",
-				"timer_gettime",
-				"timer_settime",
-				"times",
-				"tkill",
-				"truncate",
-				"truncate64",
-				"ugetrlimit",
-				"umask",
-				"uname",
-				"unlink",
-				"unlinkat",
-				"utime",
-				"utimensat",
-				"utimes",
-				"vfork",
-				"vmsplice",
-				"wait4",
-				"waitid",
-				"waitpid",
-				"write",
-				"writev",
-			},
-			Action: specs.ActAllow,
-			Args:   []specs.LinuxSeccompArg{},
-		},
-		{
-			Names:  []string{"personality"},
-			Action: specs.ActAllow,
-			Args: []specs.LinuxSeccompArg{
-				{
-					Index: 0,
-					Value: 0x0,
-					Op:    specs.OpEqualTo,
-				},
-			},
-		},
-		{
-			Names:  []string{"personality"},
-			Action: specs.ActAllow,
-			Args: []specs.LinuxSeccompArg{
-				{
-					Index: 0,
-					Value: 0x0008,
-					Op:    specs.OpEqualTo,
-				},
-			},
-		},
-		{
-			Names:  []string{"personality"},
-			Action: specs.ActAllow,
-			Args: []specs.LinuxSeccompArg{
-				{
-					Index: 0,
-					Value: 0xffffffff,
-					Op:    specs.OpEqualTo,
-				},
-			},
-		},
-	}
-
-	s := &specs.LinuxSeccomp{
-		DefaultAction: specs.ActErrno,
-		Architectures: arches(),
-		Syscalls:      syscalls,
-	}
-
-	// include by arch
-	switch runtime.GOARCH {
-	case "arm", "arm64":
-		s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-			Names: []string{
-				"arm_fadvise64_64",
-				"arm_sync_file_range",
-				"breakpoint",
-				"cacheflush",
-				"set_tls",
-			},
-			Action: specs.ActAllow,
-			Args:   []specs.LinuxSeccompArg{},
-		})
-	case "amd64":
-		s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-			Names: []string{
-				"arch_prctl",
-				"modify_ldt",
-			},
-			Action: specs.ActAllow,
-			Args:   []specs.LinuxSeccompArg{},
-		})
-	case "386":
-		s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-			Names: []string{
-				"modify_ldt",
-			},
-			Action: specs.ActAllow,
-			Args:   []specs.LinuxSeccompArg{},
-		})
-	case "s390", "s390x":
-		s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-			Names: []string{
-				"s390_pci_mmio_read",
-				"s390_pci_mmio_write",
-				"s390_runtime_instr",
-			},
-			Action: specs.ActAllow,
-			Args:   []specs.LinuxSeccompArg{},
-		})
-	}
-
-	admin := false
-	for _, c := range sp.Process.Capabilities.Bounding {
-		switch c {
-		case "CAP_DAC_READ_SEARCH":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names:  []string{"open_by_handle_at"},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_ADMIN":
-			admin = true
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names: []string{
-					"bpf",
-					"clone",
-					"fanotify_init",
-					"lookup_dcookie",
-					"mount",
-					"name_to_handle_at",
-					"perf_event_open",
-					"setdomainname",
-					"sethostname",
-					"setns",
-					"umount",
-					"umount2",
-					"unshare",
-				},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_BOOT":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names:  []string{"reboot"},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_CHROOT":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names:  []string{"chroot"},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_MODULE":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names: []string{
-					"delete_module",
-					"init_module",
-					"finit_module",
-					"query_module",
-				},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_PACCT":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names:  []string{"acct"},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_PTRACE":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names: []string{
-					"kcmp",
-					"process_vm_readv",
-					"process_vm_writev",
-					"ptrace",
-				},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_RAWIO":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names: []string{
-					"iopl",
-					"ioperm",
-				},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_TIME":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names: []string{
-					"settimeofday",
-					"stime",
-					"adjtimex",
-				},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		case "CAP_SYS_TTY_CONFIG":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names:  []string{"vhangup"},
-				Action: specs.ActAllow,
-				Args:   []specs.LinuxSeccompArg{},
-			})
-		}
-	}
-
-	if !admin {
-		switch runtime.GOARCH {
-		case "s390", "s390x":
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names: []string{
-					"clone",
-				},
-				Action: specs.ActAllow,
-				Args: []specs.LinuxSeccompArg{
-					{
-						Index:    1,
-						Value:    syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
-						ValueTwo: 0,
-						Op:       specs.OpMaskedEqual,
-					},
-				},
-			})
-		default:
-			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names: []string{
-					"clone",
-				},
-				Action: specs.ActAllow,
-				Args: []specs.LinuxSeccompArg{
-					{
-						Index:    0,
-						Value:    syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
-						ValueTwo: 0,
-						Op:       specs.OpMaskedEqual,
-					},
-				},
-			})
-		}
-	}
-
-	return s
-}
diff --git a/vendor/github.com/containerd/containerd/defaults/defaults.go b/vendor/github.com/containerd/containerd/defaults/defaults.go
index 7040f5b85a70d..6f5b122ecf936 100644
--- a/vendor/github.com/containerd/containerd/defaults/defaults.go
+++ b/vendor/github.com/containerd/containerd/defaults/defaults.go
@@ -23,4 +23,10 @@ const (
 	// DefaultMaxSendMsgSize defines the default maximum message size for
 	// sending protobufs passed over the GRPC API.
 	DefaultMaxSendMsgSize = 16 << 20
+	// DefaultRuntimeNSLabel defines the namespace label to check for the
+	// default runtime
+	DefaultRuntimeNSLabel = "containerd.io/defaults/runtime"
+	// DefaultSnapshotterNSLabel defines the namespace label to check for the
+	// default snapshotter
+	DefaultSnapshotterNSLabel = "containerd.io/defaults/snapshotter"
 )
diff --git a/vendor/github.com/containerd/containerd/defaults/defaults_unix.go b/vendor/github.com/containerd/containerd/defaults/defaults_unix.go
index 30ed42235ef0c..6b69cd06b9b83 100644
--- a/vendor/github.com/containerd/containerd/defaults/defaults_unix.go
+++ b/vendor/github.com/containerd/containerd/defaults/defaults_unix.go
@@ -32,4 +32,8 @@ const (
 	// DefaultFIFODir is the default location used by client-side cio library
 	// to store FIFOs.
 	DefaultFIFODir = "/run/containerd/fifo"
+	// DefaultRuntime is the default linux runtime
+	DefaultRuntime = "io.containerd.runc.v2"
+	// DefaultConfigDir is the default location for config files.
+	DefaultConfigDir = "/etc/containerd"
 )
diff --git a/vendor/github.com/containerd/containerd/defaults/defaults_windows.go b/vendor/github.com/containerd/containerd/defaults/defaults_windows.go
index 983bf762f7e53..a80700075f992 100644
--- a/vendor/github.com/containerd/containerd/defaults/defaults_windows.go
+++ b/vendor/github.com/containerd/containerd/defaults/defaults_windows.go
@@ -26,10 +26,13 @@ import (
 var (
 	// DefaultRootDir is the default location used by containerd to store
 	// persistent data
-	DefaultRootDir = filepath.Join(os.Getenv("programfiles"), "containerd", "root")
+	DefaultRootDir = filepath.Join(os.Getenv("ProgramData"), "containerd", "root")
 	// DefaultStateDir is the default location used by containerd to store
 	// transient data
-	DefaultStateDir = filepath.Join(os.Getenv("programfiles"), "containerd", "state")
+	DefaultStateDir = filepath.Join(os.Getenv("ProgramData"), "containerd", "state")
+
+	// DefaultConfigDir is the default location for config files.
+	DefaultConfigDir = filepath.Join(os.Getenv("programfiles"), "containerd")
 )
 
 const (
@@ -40,4 +43,6 @@ const (
 	// DefaultFIFODir is the default location used by client-side cio library
 	// to store FIFOs. Unused on Windows.
 	DefaultFIFODir = ""
+	// DefaultRuntime is the default windows runtime
+	DefaultRuntime = "io.containerd.runhcs.v1"
 )
diff --git a/vendor/github.com/containerd/containerd/diff.go b/vendor/github.com/containerd/containerd/diff.go
index 8d1219e351b41..445df019220c8 100644
--- a/vendor/github.com/containerd/containerd/diff.go
+++ b/vendor/github.com/containerd/containerd/diff.go
@@ -45,10 +45,17 @@ type diffRemote struct {
 	client diffapi.DiffClient
 }
 
-func (r *diffRemote) Apply(ctx context.Context, diff ocispec.Descriptor, mounts []mount.Mount) (ocispec.Descriptor, error) {
+func (r *diffRemote) Apply(ctx context.Context, desc ocispec.Descriptor, mounts []mount.Mount, opts ...diff.ApplyOpt) (ocispec.Descriptor, error) {
+	var config diff.ApplyConfig
+	for _, opt := range opts {
+		if err := opt(ctx, desc, &config); err != nil {
+			return ocispec.Descriptor{}, err
+		}
+	}
 	req := &diffapi.ApplyRequest{
-		Diff:   fromDescriptor(diff),
-		Mounts: fromMounts(mounts),
+		Diff:     fromDescriptor(desc),
+		Mounts:   fromMounts(mounts),
+		Payloads: config.ProcessorPayloads,
 	}
 	resp, err := r.client.Apply(ctx, req)
 	if err != nil {
@@ -80,17 +87,19 @@ func (r *diffRemote) Compare(ctx context.Context, a, b []mount.Mount, opts ...di
 
 func toDescriptor(d *types.Descriptor) ocispec.Descriptor {
 	return ocispec.Descriptor{
-		MediaType: d.MediaType,
-		Digest:    d.Digest,
-		Size:      d.Size_,
+		MediaType:   d.MediaType,
+		Digest:      d.Digest,
+		Size:        d.Size_,
+		Annotations: d.Annotations,
 	}
 }
 
 func fromDescriptor(d ocispec.Descriptor) *types.Descriptor {
 	return &types.Descriptor{
-		MediaType: d.MediaType,
-		Digest:    d.Digest,
-		Size_:     d.Size,
+		MediaType:   d.MediaType,
+		Digest:      d.Digest,
+		Size_:       d.Size,
+		Annotations: d.Annotations,
 	}
 }
 
diff --git a/vendor/github.com/containerd/containerd/diff/diff.go b/vendor/github.com/containerd/containerd/diff/diff.go
index 2b6f01c74efb7..17aab616e543d 100644
--- a/vendor/github.com/containerd/containerd/diff/diff.go
+++ b/vendor/github.com/containerd/containerd/diff/diff.go
@@ -20,6 +20,7 @@ import (
 	"context"
 
 	"github.com/containerd/containerd/mount"
+	"github.com/gogo/protobuf/types"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -51,6 +52,15 @@ type Comparer interface {
 	Compare(ctx context.Context, lower, upper []mount.Mount, opts ...Opt) (ocispec.Descriptor, error)
 }
 
+// ApplyConfig is used to hold parameters needed for a apply operation
+type ApplyConfig struct {
+	// ProcessorPayloads specifies the payload sent to various processors
+	ProcessorPayloads map[string]*types.Any
+}
+
+// ApplyOpt is used to configure an Apply operation
+type ApplyOpt func(context.Context, ocispec.Descriptor, *ApplyConfig) error
+
 // Applier allows applying diffs between mounts
 type Applier interface {
 	// Apply applies the content referred to by the given descriptor to
@@ -58,7 +68,7 @@ type Applier interface {
 	// implementation and content descriptor. For example, in the common
 	// case the descriptor is a file system difference in tar format,
 	// that tar would be applied on top of the mounts.
-	Apply(ctx context.Context, desc ocispec.Descriptor, mount []mount.Mount) (ocispec.Descriptor, error)
+	Apply(ctx context.Context, desc ocispec.Descriptor, mount []mount.Mount, opts ...ApplyOpt) (ocispec.Descriptor, error)
 }
 
 // WithMediaType sets the media type to use for creating the diff, without
@@ -87,3 +97,11 @@ func WithLabels(labels map[string]string) Opt {
 		return nil
 	}
 }
+
+// WithPayloads sets the apply processor payloads to the config
+func WithPayloads(payloads map[string]*types.Any) ApplyOpt {
+	return func(_ context.Context, _ ocispec.Descriptor, c *ApplyConfig) error {
+		c.ProcessorPayloads = payloads
+		return nil
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/diff/stream.go b/vendor/github.com/containerd/containerd/diff/stream.go
new file mode 100644
index 0000000000000..655f9ce838629
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/diff/stream.go
@@ -0,0 +1,191 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package diff
+
+import (
+	"context"
+	"io"
+	"os"
+
+	"github.com/containerd/containerd/archive/compression"
+	"github.com/containerd/containerd/images"
+	"github.com/gogo/protobuf/types"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+var (
+	handlers []Handler
+
+	// ErrNoProcessor is returned when no stream processor is available for a media-type
+	ErrNoProcessor = errors.New("no processor for media-type")
+)
+
+func init() {
+	// register the default compression handler
+	RegisterProcessor(compressedHandler)
+}
+
+// RegisterProcessor registers a stream processor for media-types
+func RegisterProcessor(handler Handler) {
+	handlers = append(handlers, handler)
+}
+
+// GetProcessor returns the processor for a media-type
+func GetProcessor(ctx context.Context, stream StreamProcessor, payloads map[string]*types.Any) (StreamProcessor, error) {
+	// reverse this list so that user configured handlers come up first
+	for i := len(handlers) - 1; i >= 0; i-- {
+		processor, ok := handlers[i](ctx, stream.MediaType())
+		if ok {
+			return processor(ctx, stream, payloads)
+		}
+	}
+	return nil, ErrNoProcessor
+}
+
+// Handler checks a media-type and initializes the processor
+type Handler func(ctx context.Context, mediaType string) (StreamProcessorInit, bool)
+
+// StaticHandler returns the processor init func for a static media-type
+func StaticHandler(expectedMediaType string, fn StreamProcessorInit) Handler {
+	return func(ctx context.Context, mediaType string) (StreamProcessorInit, bool) {
+		if mediaType == expectedMediaType {
+			return fn, true
+		}
+		return nil, false
+	}
+}
+
+// StreamProcessorInit returns the initialized stream processor
+type StreamProcessorInit func(ctx context.Context, stream StreamProcessor, payloads map[string]*types.Any) (StreamProcessor, error)
+
+// RawProcessor provides access to direct fd for processing
+type RawProcessor interface {
+	// File returns the fd for the read stream of the underlying processor
+	File() *os.File
+}
+
+// StreamProcessor handles processing a content stream and transforming it into a different media-type
+type StreamProcessor interface {
+	io.ReadCloser
+
+	// MediaType is the resulting media-type that the processor processes the stream into
+	MediaType() string
+}
+
+func compressedHandler(ctx context.Context, mediaType string) (StreamProcessorInit, bool) {
+	compressed, err := images.DiffCompression(ctx, mediaType)
+	if err != nil {
+		return nil, false
+	}
+	if compressed != "" {
+		return func(ctx context.Context, stream StreamProcessor, payloads map[string]*types.Any) (StreamProcessor, error) {
+			ds, err := compression.DecompressStream(stream)
+			if err != nil {
+				return nil, err
+			}
+
+			return &compressedProcessor{
+				rc: ds,
+			}, nil
+		}, true
+	}
+	return func(ctx context.Context, stream StreamProcessor, payloads map[string]*types.Any) (StreamProcessor, error) {
+		return &stdProcessor{
+			rc: stream,
+		}, nil
+	}, true
+}
+
+// NewProcessorChain initialized the root StreamProcessor
+func NewProcessorChain(mt string, r io.Reader) StreamProcessor {
+	return &processorChain{
+		mt: mt,
+		rc: r,
+	}
+}
+
+type processorChain struct {
+	mt string
+	rc io.Reader
+}
+
+func (c *processorChain) MediaType() string {
+	return c.mt
+}
+
+func (c *processorChain) Read(p []byte) (int, error) {
+	return c.rc.Read(p)
+}
+
+func (c *processorChain) Close() error {
+	return nil
+}
+
+type stdProcessor struct {
+	rc StreamProcessor
+}
+
+func (c *stdProcessor) MediaType() string {
+	return ocispec.MediaTypeImageLayer
+}
+
+func (c *stdProcessor) Read(p []byte) (int, error) {
+	return c.rc.Read(p)
+}
+
+func (c *stdProcessor) Close() error {
+	return nil
+}
+
+type compressedProcessor struct {
+	rc io.ReadCloser
+}
+
+func (c *compressedProcessor) MediaType() string {
+	return ocispec.MediaTypeImageLayer
+}
+
+func (c *compressedProcessor) Read(p []byte) (int, error) {
+	return c.rc.Read(p)
+}
+
+func (c *compressedProcessor) Close() error {
+	return c.rc.Close()
+}
+
+// BinaryHandler creates a new stream processor handler which calls out to the given binary.
+// The id is used to identify the stream processor and allows the caller to send
+// payloads specific for that stream processor (i.e. decryption keys for decrypt stream processor).
+// The binary will be called for the provided mediaTypes and return the given media type.
+func BinaryHandler(id, returnsMediaType string, mediaTypes []string, path string, args, env []string) Handler {
+	set := make(map[string]struct{}, len(mediaTypes))
+	for _, m := range mediaTypes {
+		set[m] = struct{}{}
+	}
+	return func(_ context.Context, mediaType string) (StreamProcessorInit, bool) {
+		if _, ok := set[mediaType]; ok {
+			return func(ctx context.Context, stream StreamProcessor, payloads map[string]*types.Any) (StreamProcessor, error) {
+				payload := payloads[id]
+				return NewBinaryProcessor(ctx, mediaType, returnsMediaType, stream, path, args, env, payload)
+			}, true
+		}
+		return nil, false
+	}
+}
+
+const mediaTypeEnvVar = "STREAM_PROCESSOR_MEDIATYPE"
diff --git a/vendor/github.com/containerd/containerd/diff/stream_unix.go b/vendor/github.com/containerd/containerd/diff/stream_unix.go
new file mode 100644
index 0000000000000..d79fd71544a5d
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/diff/stream_unix.go
@@ -0,0 +1,147 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package diff
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"sync"
+
+	"github.com/gogo/protobuf/proto"
+	"github.com/gogo/protobuf/types"
+	"github.com/pkg/errors"
+)
+
+// NewBinaryProcessor returns a binary processor for use with processing content streams
+func NewBinaryProcessor(ctx context.Context, imt, rmt string, stream StreamProcessor, name string, args, env []string, payload *types.Any) (StreamProcessor, error) {
+	cmd := exec.CommandContext(ctx, name, args...)
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, env...)
+
+	var payloadC io.Closer
+	if payload != nil {
+		data, err := proto.Marshal(payload)
+		if err != nil {
+			return nil, err
+		}
+		r, w, err := os.Pipe()
+		if err != nil {
+			return nil, err
+		}
+		go func() {
+			io.Copy(w, bytes.NewReader(data))
+			w.Close()
+		}()
+
+		cmd.ExtraFiles = append(cmd.ExtraFiles, r)
+		payloadC = r
+	}
+	cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", mediaTypeEnvVar, imt))
+	var (
+		stdin  io.Reader
+		closer func() error
+		err    error
+	)
+	if f, ok := stream.(RawProcessor); ok {
+		stdin = f.File()
+		closer = f.File().Close
+	} else {
+		stdin = stream
+	}
+	cmd.Stdin = stdin
+	r, w, err := os.Pipe()
+	if err != nil {
+		return nil, err
+	}
+	cmd.Stdout = w
+
+	stderr := bytes.NewBuffer(nil)
+	cmd.Stderr = stderr
+
+	if err := cmd.Start(); err != nil {
+		return nil, err
+	}
+	p := &binaryProcessor{
+		cmd:    cmd,
+		r:      r,
+		mt:     rmt,
+		stderr: stderr,
+	}
+	go p.wait()
+
+	// close after start and dup
+	w.Close()
+	if closer != nil {
+		closer()
+	}
+	if payloadC != nil {
+		payloadC.Close()
+	}
+	return p, nil
+}
+
+type binaryProcessor struct {
+	cmd    *exec.Cmd
+	r      *os.File
+	mt     string
+	stderr *bytes.Buffer
+
+	mu  sync.Mutex
+	err error
+}
+
+func (c *binaryProcessor) Err() error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	return c.err
+}
+
+func (c *binaryProcessor) wait() {
+	if err := c.cmd.Wait(); err != nil {
+		if _, ok := err.(*exec.ExitError); ok {
+			c.mu.Lock()
+			c.err = errors.New(c.stderr.String())
+			c.mu.Unlock()
+		}
+	}
+}
+
+func (c *binaryProcessor) File() *os.File {
+	return c.r
+}
+
+func (c *binaryProcessor) MediaType() string {
+	return c.mt
+}
+
+func (c *binaryProcessor) Read(p []byte) (int, error) {
+	return c.r.Read(p)
+}
+
+func (c *binaryProcessor) Close() error {
+	err := c.r.Close()
+	if kerr := c.cmd.Process.Kill(); err == nil {
+		err = kerr
+	}
+	return err
+}
diff --git a/vendor/github.com/containerd/containerd/diff/stream_windows.go b/vendor/github.com/containerd/containerd/diff/stream_windows.go
new file mode 100644
index 0000000000000..19dcbacf5dd94
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/diff/stream_windows.go
@@ -0,0 +1,166 @@
+// +build windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package diff
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"sync"
+
+	winio "github.com/Microsoft/go-winio"
+	"github.com/gogo/protobuf/proto"
+	"github.com/gogo/protobuf/types"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const processorPipe = "STREAM_PROCESSOR_PIPE"
+
+// NewBinaryProcessor returns a binary processor for use with processing content streams
+func NewBinaryProcessor(ctx context.Context, imt, rmt string, stream StreamProcessor, name string, args, env []string, payload *types.Any) (StreamProcessor, error) {
+	cmd := exec.CommandContext(ctx, name, args...)
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, env...)
+
+	if payload != nil {
+		data, err := proto.Marshal(payload)
+		if err != nil {
+			return nil, err
+		}
+		up, err := getUiqPath()
+		if err != nil {
+			return nil, err
+		}
+		path := fmt.Sprintf("\\\\.\\pipe\\containerd-processor-%s-pipe", up)
+		l, err := winio.ListenPipe(path, nil)
+		if err != nil {
+			return nil, err
+		}
+		go func() {
+			defer l.Close()
+			conn, err := l.Accept()
+			if err != nil {
+				logrus.WithError(err).Error("accept npipe connection")
+				return
+			}
+			io.Copy(conn, bytes.NewReader(data))
+			conn.Close()
+		}()
+		cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", processorPipe, path))
+	}
+	cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", mediaTypeEnvVar, imt))
+	var (
+		stdin  io.Reader
+		closer func() error
+		err    error
+	)
+	if f, ok := stream.(RawProcessor); ok {
+		stdin = f.File()
+		closer = f.File().Close
+	} else {
+		stdin = stream
+	}
+	cmd.Stdin = stdin
+	r, w, err := os.Pipe()
+	if err != nil {
+		return nil, err
+	}
+	cmd.Stdout = w
+	stderr := bytes.NewBuffer(nil)
+	cmd.Stderr = stderr
+
+	if err := cmd.Start(); err != nil {
+		return nil, err
+	}
+	p := &binaryProcessor{
+		cmd:    cmd,
+		r:      r,
+		mt:     rmt,
+		stderr: stderr,
+	}
+	go p.wait()
+
+	// close after start and dup
+	w.Close()
+	if closer != nil {
+		closer()
+	}
+	return p, nil
+}
+
+type binaryProcessor struct {
+	cmd    *exec.Cmd
+	r      *os.File
+	mt     string
+	stderr *bytes.Buffer
+
+	mu  sync.Mutex
+	err error
+}
+
+func (c *binaryProcessor) Err() error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	return c.err
+}
+
+func (c *binaryProcessor) wait() {
+	if err := c.cmd.Wait(); err != nil {
+		if _, ok := err.(*exec.ExitError); ok {
+			c.mu.Lock()
+			c.err = errors.New(c.stderr.String())
+			c.mu.Unlock()
+		}
+	}
+}
+
+func (c *binaryProcessor) File() *os.File {
+	return c.r
+}
+
+func (c *binaryProcessor) MediaType() string {
+	return c.mt
+}
+
+func (c *binaryProcessor) Read(p []byte) (int, error) {
+	return c.r.Read(p)
+}
+
+func (c *binaryProcessor) Close() error {
+	err := c.r.Close()
+	if kerr := c.cmd.Process.Kill(); err == nil {
+		err = kerr
+	}
+	return err
+}
+
+func getUiqPath() (string, error) {
+	dir, err := ioutil.TempDir("", "")
+	if err != nil {
+		return "", err
+	}
+	os.Remove(dir)
+	return filepath.Base(dir), nil
+}
diff --git a/vendor/github.com/containerd/containerd/errdefs/errors.go b/vendor/github.com/containerd/containerd/errdefs/errors.go
index 40427fc5a54e7..05a35228ca420 100644
--- a/vendor/github.com/containerd/containerd/errdefs/errors.go
+++ b/vendor/github.com/containerd/containerd/errdefs/errors.go
@@ -26,7 +26,11 @@
 // client-side errors to the correct types.
 package errdefs
 
-import "github.com/pkg/errors"
+import (
+	"context"
+
+	"github.com/pkg/errors"
+)
 
 // Definitions of common error types used throughout containerd. All containerd
 // errors returned by most packages will map into one of these errors classes.
@@ -47,32 +51,43 @@ var (
 
 // IsInvalidArgument returns true if the error is due to an invalid argument
 func IsInvalidArgument(err error) bool {
-	return errors.Cause(err) == ErrInvalidArgument
+	return errors.Is(err, ErrInvalidArgument)
 }
 
 // IsNotFound returns true if the error is due to a missing object
 func IsNotFound(err error) bool {
-	return errors.Cause(err) == ErrNotFound
+	return errors.Is(err, ErrNotFound)
 }
 
 // IsAlreadyExists returns true if the error is due to an already existing
 // metadata item
 func IsAlreadyExists(err error) bool {
-	return errors.Cause(err) == ErrAlreadyExists
+	return errors.Is(err, ErrAlreadyExists)
 }
 
 // IsFailedPrecondition returns true if an operation could not proceed to the
 // lack of a particular condition
 func IsFailedPrecondition(err error) bool {
-	return errors.Cause(err) == ErrFailedPrecondition
+	return errors.Is(err, ErrFailedPrecondition)
 }
 
 // IsUnavailable returns true if the error is due to a resource being unavailable
 func IsUnavailable(err error) bool {
-	return errors.Cause(err) == ErrUnavailable
+	return errors.Is(err, ErrUnavailable)
 }
 
 // IsNotImplemented returns true if the error is due to not being implemented
 func IsNotImplemented(err error) bool {
-	return errors.Cause(err) == ErrNotImplemented
+	return errors.Is(err, ErrNotImplemented)
+}
+
+// IsCanceled returns true if the error is due to `context.Canceled`.
+func IsCanceled(err error) bool {
+	return errors.Is(err, context.Canceled)
+}
+
+// IsDeadlineExceeded returns true if the error is due to
+// `context.DeadlineExceeded`.
+func IsDeadlineExceeded(err error) bool {
+	return errors.Is(err, context.DeadlineExceeded)
 }
diff --git a/vendor/github.com/containerd/containerd/errdefs/grpc.go b/vendor/github.com/containerd/containerd/errdefs/grpc.go
index 4eab03ab868c0..209f63bd0fc0d 100644
--- a/vendor/github.com/containerd/containerd/errdefs/grpc.go
+++ b/vendor/github.com/containerd/containerd/errdefs/grpc.go
@@ -17,6 +17,7 @@
 package errdefs
 
 import (
+	"context"
 	"strings"
 
 	"github.com/pkg/errors"
@@ -55,6 +56,10 @@ func ToGRPC(err error) error {
 		return status.Errorf(codes.Unavailable, err.Error())
 	case IsNotImplemented(err):
 		return status.Errorf(codes.Unimplemented, err.Error())
+	case IsCanceled(err):
+		return status.Errorf(codes.Canceled, err.Error())
+	case IsDeadlineExceeded(err):
+		return status.Errorf(codes.DeadlineExceeded, err.Error())
 	}
 
 	return err
@@ -89,13 +94,17 @@ func FromGRPC(err error) error {
 		cls = ErrFailedPrecondition
 	case codes.Unimplemented:
 		cls = ErrNotImplemented
+	case codes.Canceled:
+		cls = context.Canceled
+	case codes.DeadlineExceeded:
+		cls = context.DeadlineExceeded
 	default:
 		cls = ErrUnknown
 	}
 
 	msg := rebaseMessage(cls, err)
 	if msg != "" {
-		err = errors.Wrapf(cls, msg)
+		err = errors.Wrap(cls, msg)
 	} else {
 		err = errors.WithStack(cls)
 	}
diff --git a/vendor/github.com/containerd/containerd/events.go b/vendor/github.com/containerd/containerd/events.go
index 92e9cd5104578..3577b7c3a9fc0 100644
--- a/vendor/github.com/containerd/containerd/events.go
+++ b/vendor/github.com/containerd/containerd/events.go
@@ -110,6 +110,9 @@ func (e *eventRemote) Subscribe(ctx context.Context, filters ...string) (ch <-ch
 				Event:     ev.Event,
 			}:
 			case <-ctx.Done():
+				if cerr := ctx.Err(); cerr != context.Canceled {
+					errq <- cerr
+				}
 				return
 			}
 		}
diff --git a/vendor/github.com/containerd/containerd/events/exchange/exchange.go b/vendor/github.com/containerd/containerd/events/exchange/exchange.go
index 95d21b7df6bfe..eb27bf29b3075 100644
--- a/vendor/github.com/containerd/containerd/events/exchange/exchange.go
+++ b/vendor/github.com/containerd/containerd/events/exchange/exchange.go
@@ -50,7 +50,7 @@ var _ events.Publisher = &Exchange{}
 var _ events.Forwarder = &Exchange{}
 var _ events.Subscriber = &Exchange{}
 
-// Forward accepts an envelope to be direcly distributed on the exchange.
+// Forward accepts an envelope to be directly distributed on the exchange.
 //
 // This is useful when an event is forwarded on behalf of another namespace or
 // when the event is propagated on behalf of another publisher.
@@ -138,10 +138,10 @@ func (e *Exchange) Subscribe(ctx context.Context, fs ...string) (ch <-chan *even
 	)
 
 	closeAll := func() {
-		defer close(errq)
-		defer e.broadcaster.Remove(dst)
-		defer queue.Close()
-		defer channel.Close()
+		channel.Close()
+		queue.Close()
+		e.broadcaster.Remove(dst)
+		close(errq)
 	}
 
 	ch = evch
@@ -225,7 +225,7 @@ func validateTopic(topic string) error {
 }
 
 func validateEnvelope(envelope *events.Envelope) error {
-	if err := namespaces.Validate(envelope.Namespace); err != nil {
+	if err := identifiers.Validate(envelope.Namespace); err != nil {
 		return errors.Wrapf(err, "event envelope has invalid namespace")
 	}
 
diff --git a/vendor/github.com/containerd/containerd/export.go b/vendor/github.com/containerd/containerd/export.go
index bfc25316ca943..81f199226d4ae 100644
--- a/vendor/github.com/containerd/containerd/export.go
+++ b/vendor/github.com/containerd/containerd/export.go
@@ -20,39 +20,12 @@ import (
 	"context"
 	"io"
 
-	"github.com/containerd/containerd/images"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/pkg/errors"
+	"github.com/containerd/containerd/images/archive"
 )
 
-type exportOpts struct {
-}
-
-// ExportOpt allows the caller to specify export-specific options
-type ExportOpt func(c *exportOpts) error
-
-func resolveExportOpt(opts ...ExportOpt) (exportOpts, error) {
-	var eopts exportOpts
-	for _, o := range opts {
-		if err := o(&eopts); err != nil {
-			return eopts, err
-		}
-	}
-	return eopts, nil
-}
-
-// Export exports an image to a Tar stream.
-// OCI format is used by default.
-// It is up to caller to put "org.opencontainers.image.ref.name" annotation to desc.
-// TODO(AkihiroSuda): support exporting multiple descriptors at once to a single archive stream.
-func (c *Client) Export(ctx context.Context, exporter images.Exporter, desc ocispec.Descriptor, opts ...ExportOpt) (io.ReadCloser, error) {
-	_, err := resolveExportOpt(opts...) // unused now
-	if err != nil {
-		return nil, err
-	}
-	pr, pw := io.Pipe()
-	go func() {
-		pw.CloseWithError(errors.Wrap(exporter.Export(ctx, c.ContentStore(), desc, pw), "export failed"))
-	}()
-	return pr, nil
+// Export exports images to a Tar stream.
+// The tar archive is in OCI format with a Docker compatible manifest
+// when a single target platform is given.
+func (c *Client) Export(ctx context.Context, w io.Writer, opts ...archive.ExportOpt) error {
+	return archive.Export(ctx, c.ContentStore(), w, opts...)
 }
diff --git a/vendor/github.com/containerd/containerd/filters/parser.go b/vendor/github.com/containerd/containerd/filters/parser.go
index 9dced523b1a59..0825d668caf0f 100644
--- a/vendor/github.com/containerd/containerd/filters/parser.go
+++ b/vendor/github.com/containerd/containerd/filters/parser.go
@@ -71,7 +71,7 @@ func ParseAll(ss ...string) (Filter, error) {
 	for _, s := range ss {
 		f, err := Parse(s)
 		if err != nil {
-			return nil, errors.Wrapf(errdefs.ErrInvalidArgument, err.Error())
+			return nil, errors.Wrap(errdefs.ErrInvalidArgument, err.Error())
 		}
 
 		fs = append(fs, f)
@@ -209,6 +209,8 @@ func (p *parser) field() (string, error) {
 		return s, nil
 	case tokenQuoted:
 		return p.unquote(pos, s, false)
+	case tokenIllegal:
+		return "", p.mkerr(pos, p.scanner.err)
 	}
 
 	return "", p.mkerr(pos, "expected field or quoted")
@@ -228,6 +230,8 @@ func (p *parser) operator() (operator, error) {
 		default:
 			return 0, p.mkerr(pos, "unsupported operator %q", s)
 		}
+	case tokenIllegal:
+		return 0, p.mkerr(pos, p.scanner.err)
 	}
 
 	return 0, p.mkerr(pos, `expected an operator ("=="|"!="|"~=")`)
@@ -241,6 +245,8 @@ func (p *parser) value(allowAltQuotes bool) (string, error) {
 		return s, nil
 	case tokenQuoted:
 		return p.unquote(pos, s, allowAltQuotes)
+	case tokenIllegal:
+		return "", p.mkerr(pos, p.scanner.err)
 	}
 
 	return "", p.mkerr(pos, "expected value or quoted")
diff --git a/vendor/github.com/containerd/containerd/filters/scanner.go b/vendor/github.com/containerd/containerd/filters/scanner.go
index c3961962cc6d0..6a485467b8a03 100644
--- a/vendor/github.com/containerd/containerd/filters/scanner.go
+++ b/vendor/github.com/containerd/containerd/filters/scanner.go
@@ -17,7 +17,6 @@
 package filters
 
 import (
-	"fmt"
 	"unicode"
 	"unicode/utf8"
 )
@@ -64,6 +63,7 @@ type scanner struct {
 	pos   int
 	ppos  int // bounds the current rune in the string
 	value bool
+	err   string
 }
 
 func (s *scanner) init(input string) {
@@ -82,12 +82,14 @@ func (s *scanner) next() rune {
 	s.ppos += w
 	if r == utf8.RuneError {
 		if w > 0 {
+			s.error("rune error")
 			return tokenIllegal
 		}
 		return tokenEOF
 	}
 
 	if r == 0 {
+		s.error("unexpected null")
 		return tokenIllegal
 	}
 
@@ -114,7 +116,9 @@ chomp:
 	case ch == tokenEOF:
 	case ch == tokenIllegal:
 	case isQuoteRune(ch):
-		s.scanQuoted(ch)
+		if !s.scanQuoted(ch) {
+			return pos, tokenIllegal, s.input[pos:s.ppos]
+		}
 		return pos, tokenQuoted, s.input[pos:s.ppos]
 	case isSeparatorRune(ch):
 		s.value = false
@@ -172,55 +176,64 @@ func (s *scanner) scanValue() {
 	}
 }
 
-func (s *scanner) scanQuoted(quote rune) {
+func (s *scanner) scanQuoted(quote rune) bool {
+	var illegal bool
 	ch := s.next() // read character after quote
 	for ch != quote {
 		if ch == '\n' || ch < 0 {
-			s.error("literal not terminated")
-			return
+			s.error("quoted literal not terminated")
+			return false
 		}
 		if ch == '\\' {
-			ch = s.scanEscape(quote)
+			var legal bool
+			ch, legal = s.scanEscape(quote)
+			if !legal {
+				illegal = true
+			}
 		} else {
 			ch = s.next()
 		}
 	}
-	return
+	return !illegal
 }
 
-func (s *scanner) scanEscape(quote rune) rune {
-	ch := s.next() // read character after '/'
+func (s *scanner) scanEscape(quote rune) (ch rune, legal bool) {
+	ch = s.next() // read character after '/'
 	switch ch {
 	case 'a', 'b', 'f', 'n', 'r', 't', 'v', '\\', quote:
 		// nothing to do
 		ch = s.next()
+		legal = true
 	case '0', '1', '2', '3', '4', '5', '6', '7':
-		ch = s.scanDigits(ch, 8, 3)
+		ch, legal = s.scanDigits(ch, 8, 3)
 	case 'x':
-		ch = s.scanDigits(s.next(), 16, 2)
+		ch, legal = s.scanDigits(s.next(), 16, 2)
 	case 'u':
-		ch = s.scanDigits(s.next(), 16, 4)
+		ch, legal = s.scanDigits(s.next(), 16, 4)
 	case 'U':
-		ch = s.scanDigits(s.next(), 16, 8)
+		ch, legal = s.scanDigits(s.next(), 16, 8)
 	default:
-		s.error("illegal char escape")
+		s.error("illegal escape sequence")
 	}
-	return ch
+	return
 }
 
-func (s *scanner) scanDigits(ch rune, base, n int) rune {
+func (s *scanner) scanDigits(ch rune, base, n int) (rune, bool) {
 	for n > 0 && digitVal(ch) < base {
 		ch = s.next()
 		n--
 	}
 	if n > 0 {
-		s.error("illegal char escape")
+		s.error("illegal numeric escape sequence")
+		return ch, false
 	}
-	return ch
+	return ch, true
 }
 
 func (s *scanner) error(msg string) {
-	fmt.Println("error fixme", msg)
+	if s.err == "" {
+		s.err = msg
+	}
 }
 
 func digitVal(ch rune) int {
diff --git a/vendor/github.com/containerd/containerd/gc/gc.go b/vendor/github.com/containerd/containerd/gc/gc.go
index 35a1712cb3e4b..4f71cb305c5dd 100644
--- a/vendor/github.com/containerd/containerd/gc/gc.go
+++ b/vendor/github.com/containerd/containerd/gc/gc.go
@@ -30,6 +30,11 @@ import (
 // ResourceType represents type of resource at a node
 type ResourceType uint8
 
+// ResourceMax represents the max resource.
+// Upper bits are stripped out during the mark phase, allowing the upper 3 bits
+// to be used by the caller reference function.
+const ResourceMax = ResourceType(0x1F)
+
 // Node presents a resource which has a type and key,
 // this node can be used to lookup other nodes.
 type Node struct {
@@ -80,6 +85,8 @@ func Tricolor(roots []Node, refs func(ref Node) ([]Node, error)) (map[Node]struc
 			}
 		}
 
+		// strip bits above max resource type
+		id.Type = id.Type & ResourceMax
 		// mark as black when done
 		reachable[id] = struct{}{}
 	}
@@ -165,7 +172,7 @@ func ConcurrentMark(ctx context.Context, root <-chan Node, refs func(context.Con
 	return seen, nil
 }
 
-// Sweep removes all nodes returned through the channel which are not in
+// Sweep removes all nodes returned through the slice which are not in
 // the reachable set by calling the provided remove function.
 func Sweep(reachable map[Node]struct{}, all []Node, remove func(Node) error) error {
 	// All black objects are now reachable, and all white objects are
diff --git a/vendor/github.com/containerd/containerd/go.mod b/vendor/github.com/containerd/containerd/go.mod
new file mode 100644
index 0000000000000..106cbd339408d
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/go.mod
@@ -0,0 +1,81 @@
+module github.com/containerd/containerd
+
+go 1.16
+
+require (
+	github.com/Microsoft/go-winio v0.4.17
+	github.com/Microsoft/hcsshim v0.8.23
+	github.com/containerd/aufs v1.0.0
+	github.com/containerd/btrfs v1.0.0
+	github.com/containerd/cgroups v1.0.1
+	github.com/containerd/console v1.0.2
+	github.com/containerd/continuity v0.1.0
+	github.com/containerd/fifo v1.0.0
+	github.com/containerd/go-cni v1.0.2
+	github.com/containerd/go-runc v1.0.0
+	github.com/containerd/imgcrypt v1.1.1
+	github.com/containerd/nri v0.1.0
+	github.com/containerd/ttrpc v1.1.0
+	github.com/containerd/typeurl v1.0.2
+	github.com/containerd/zfs v1.0.0
+	github.com/containernetworking/plugins v0.9.1
+	github.com/coreos/go-systemd/v22 v22.3.2
+	github.com/davecgh/go-spew v1.1.1
+	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
+	github.com/docker/go-metrics v0.0.1
+	github.com/docker/go-units v0.4.0
+	github.com/emicklei/go-restful v2.9.5+incompatible
+	github.com/fsnotify/fsnotify v1.4.9
+	github.com/gogo/googleapis v1.4.0
+	github.com/gogo/protobuf v1.3.2
+	github.com/golang/protobuf v1.5.0
+	github.com/google/go-cmp v0.5.5
+	github.com/google/uuid v1.2.0
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
+	github.com/hashicorp/go-multierror v1.0.0
+	github.com/imdario/mergo v0.3.12
+	github.com/klauspost/compress v1.11.13
+	github.com/moby/locker v1.0.1
+	github.com/moby/sys/mountinfo v0.4.1
+	github.com/moby/sys/symlink v0.1.0
+	github.com/opencontainers/go-digest v1.0.0
+	github.com/opencontainers/image-spec v1.0.1
+	github.com/opencontainers/runc v1.0.2
+	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
+	github.com/opencontainers/selinux v1.8.2
+	github.com/pelletier/go-toml v1.8.1
+	github.com/pkg/errors v0.9.1
+	github.com/prometheus/client_golang v1.7.1
+	github.com/satori/go.uuid v1.2.0 // indirect
+	github.com/sirupsen/logrus v1.8.1
+	github.com/stretchr/testify v1.6.1
+	github.com/tchap/go-patricia v2.2.6+incompatible
+	github.com/urfave/cli v1.22.2
+	go.etcd.io/bbolt v1.3.5
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
+	golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
+	google.golang.org/grpc v1.33.2
+	gotest.tools/v3 v3.0.3
+	k8s.io/api v0.20.6
+	k8s.io/apimachinery v0.20.6
+	k8s.io/apiserver v0.20.6
+	k8s.io/client-go v0.20.6
+	k8s.io/component-base v0.20.6
+	k8s.io/cri-api v0.20.6
+	k8s.io/klog/v2 v2.4.0
+	k8s.io/utils v0.0.0-20201110183641-67b214c5f920
+)
+
+// When updating replace rules, make sure to also update the rules in integration/client/go.mod
+replace (
+	// prevent transitional dependencies due to containerd having a circular
+	// dependency on itself through plugins. see .empty-mod/go.mod for details
+	github.com/containerd/containerd => ./.empty-mod/
+	github.com/gogo/googleapis => github.com/gogo/googleapis v1.3.2
+	github.com/golang/protobuf => github.com/golang/protobuf v1.3.5
+	// urfave/cli must be <= v1.22.1 due to a regression: https://github.com/urfave/cli/issues/1092
+	github.com/urfave/cli => github.com/urfave/cli v1.22.1
+	google.golang.org/genproto => google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
+	google.golang.org/grpc => google.golang.org/grpc v1.27.1
+)
diff --git a/vendor/github.com/containerd/containerd/identifiers/validate.go b/vendor/github.com/containerd/containerd/identifiers/validate.go
index c58513c0258f7..f52317b491b81 100644
--- a/vendor/github.com/containerd/containerd/identifiers/validate.go
+++ b/vendor/github.com/containerd/containerd/identifiers/validate.go
@@ -42,13 +42,13 @@ var (
 	identifierRe = regexp.MustCompile(reAnchor(alphanum + reGroup(separators+reGroup(alphanum)) + "*"))
 )
 
-// Validate return nil if the string s is a valid identifier.
+// Validate returns nil if the string s is a valid identifier.
 //
-// identifiers must be valid domain names according to RFC 1035, section 2.3.1.  To
-// enforce case insensitvity, all characters must be lower case.
+// identifiers are similar to the domain name rules according to RFC 1035, section 2.3.1. However
+// rules in this package are relaxed to allow numerals to follow period (".") and mixed case is
+// allowed.
 //
-// In general, identifiers that pass this validation, should be safe for use as
-// a domain names or filesystem path component.
+// In general identifiers that pass this validation should be safe for use as filesystem path components.
 func Validate(s string) error {
 	if len(s) == 0 {
 		return errors.Wrapf(errdefs.ErrInvalidArgument, "identifier must not be empty")
diff --git a/vendor/github.com/containerd/containerd/image.go b/vendor/github.com/containerd/containerd/image.go
index 62fba9de754a1..f35f0edcaaac8 100644
--- a/vendor/github.com/containerd/containerd/image.go
+++ b/vendor/github.com/containerd/containerd/image.go
@@ -18,17 +18,23 @@ package containerd
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"strings"
+	"sync/atomic"
 
 	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/diff"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/rootfs"
-	digest "github.com/opencontainers/go-digest"
+	"github.com/containerd/containerd/snapshots"
+	"github.com/opencontainers/go-digest"
 	"github.com/opencontainers/image-spec/identity"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"golang.org/x/sync/semaphore"
 )
 
 // Image describes an image used by containers
@@ -40,17 +46,64 @@ type Image interface {
 	// Labels of the image
 	Labels() map[string]string
 	// Unpack unpacks the image's content into a snapshot
-	Unpack(context.Context, string) error
+	Unpack(context.Context, string, ...UnpackOpt) error
 	// RootFS returns the unpacked diffids that make up images rootfs.
 	RootFS(ctx context.Context) ([]digest.Digest, error)
 	// Size returns the total size of the image's packed resources.
 	Size(ctx context.Context) (int64, error)
+	// Usage returns a usage calculation for the image.
+	Usage(context.Context, ...UsageOpt) (int64, error)
 	// Config descriptor for the image.
 	Config(ctx context.Context) (ocispec.Descriptor, error)
 	// IsUnpacked returns whether or not an image is unpacked.
 	IsUnpacked(context.Context, string) (bool, error)
 	// ContentStore provides a content store which contains image blob data
 	ContentStore() content.Store
+	// Metadata returns the underlying image metadata
+	Metadata() images.Image
+}
+
+type usageOptions struct {
+	manifestLimit *int
+	manifestOnly  bool
+	snapshots     bool
+}
+
+// UsageOpt is used to configure the usage calculation
+type UsageOpt func(*usageOptions) error
+
+// WithUsageManifestLimit sets the limit to the number of manifests which will
+// be walked for usage. Setting this value to 0 will require all manifests to
+// be walked, returning ErrNotFound if manifests are missing.
+// NOTE: By default all manifests which exist will be walked
+// and any non-existent manifests and their subobjects will be ignored.
+func WithUsageManifestLimit(i int) UsageOpt {
+	// If 0 then don't filter any manifests
+	// By default limits to current platform
+	return func(o *usageOptions) error {
+		o.manifestLimit = &i
+		return nil
+	}
+}
+
+// WithSnapshotUsage will check for referenced snapshots from the image objects
+// and include the snapshot size in the total usage.
+func WithSnapshotUsage() UsageOpt {
+	return func(o *usageOptions) error {
+		o.snapshots = true
+		return nil
+	}
+}
+
+// WithManifestUsage is used to get the usage for an image based on what is
+// reported by the manifests rather than what exists in the content store.
+// NOTE: This function is best used with the manifest limit set to get a
+// consistent value, otherwise non-existent manifests will be excluded.
+func WithManifestUsage() UsageOpt {
+	return func(o *usageOptions) error {
+		o.manifestOnly = true
+		return nil
+	}
 }
 
 var _ = (Image)(&image{})
@@ -60,7 +113,7 @@ func NewImage(client *Client, i images.Image) Image {
 	return &image{
 		client:   client,
 		i:        i,
-		platform: platforms.Default(),
+		platform: client.platform,
 	}
 }
 
@@ -80,6 +133,10 @@ type image struct {
 	platform platforms.MatchComparer
 }
 
+func (i *image) Metadata() images.Image {
+	return i.i
+}
+
 func (i *image) Name() string {
 	return i.i.Name
 }
@@ -98,8 +155,97 @@ func (i *image) RootFS(ctx context.Context) ([]digest.Digest, error) {
 }
 
 func (i *image) Size(ctx context.Context) (int64, error) {
-	provider := i.client.ContentStore()
-	return i.i.Size(ctx, provider, i.platform)
+	return i.Usage(ctx, WithUsageManifestLimit(1), WithManifestUsage())
+}
+
+func (i *image) Usage(ctx context.Context, opts ...UsageOpt) (int64, error) {
+	var config usageOptions
+	for _, opt := range opts {
+		if err := opt(&config); err != nil {
+			return 0, err
+		}
+	}
+
+	var (
+		provider  = i.client.ContentStore()
+		handler   = images.ChildrenHandler(provider)
+		size      int64
+		mustExist bool
+	)
+
+	if config.manifestLimit != nil {
+		handler = images.LimitManifests(handler, i.platform, *config.manifestLimit)
+		mustExist = true
+	}
+
+	var wh images.HandlerFunc = func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+		var usage int64
+		children, err := handler(ctx, desc)
+		if err != nil {
+			if !errdefs.IsNotFound(err) || mustExist {
+				return nil, err
+			}
+			if !config.manifestOnly {
+				// Do not count size of non-existent objects
+				desc.Size = 0
+			}
+		} else if config.snapshots || !config.manifestOnly {
+			info, err := provider.Info(ctx, desc.Digest)
+			if err != nil {
+				if !errdefs.IsNotFound(err) {
+					return nil, err
+				}
+				if !config.manifestOnly {
+					// Do not count size of non-existent objects
+					desc.Size = 0
+				}
+			} else if info.Size > desc.Size {
+				// Count actual usage, Size may be unset or -1
+				desc.Size = info.Size
+			}
+
+			if config.snapshots {
+				for k, v := range info.Labels {
+					const prefix = "containerd.io/gc.ref.snapshot."
+					if !strings.HasPrefix(k, prefix) {
+						continue
+					}
+
+					sn := i.client.SnapshotService(k[len(prefix):])
+					if sn == nil {
+						continue
+					}
+
+					u, err := sn.Usage(ctx, v)
+					if err != nil {
+						if !errdefs.IsNotFound(err) && !errdefs.IsInvalidArgument(err) {
+							return nil, err
+						}
+					} else {
+						usage += u.Size
+					}
+				}
+			}
+		}
+
+		// Ignore unknown sizes. Generally unknown sizes should
+		// never be set in manifests, however, the usage
+		// calculation does not need to enforce this.
+		if desc.Size >= 0 {
+			usage += desc.Size
+		}
+
+		atomic.AddInt64(&size, usage)
+
+		return children, nil
+	}
+
+	l := semaphore.NewWeighted(3)
+	if err := images.Dispatch(ctx, wh, l, i.i.Target); err != nil {
+		return 0, err
+	}
+
+	return size, nil
 }
 
 func (i *image) Config(ctx context.Context) (ocispec.Descriptor, error) {
@@ -108,7 +254,10 @@ func (i *image) Config(ctx context.Context) (ocispec.Descriptor, error) {
 }
 
 func (i *image) IsUnpacked(ctx context.Context, snapshotterName string) (bool, error) {
-	sn := i.client.SnapshotService(snapshotterName)
+	sn, err := i.client.getSnapshotter(ctx, snapshotterName)
+	if err != nil {
+		return false, err
+	}
 	cs := i.client.ContentStore()
 
 	diffs, err := i.i.RootFS(ctx, cs, i.platform)
@@ -127,28 +276,75 @@ func (i *image) IsUnpacked(ctx context.Context, snapshotterName string) (bool, e
 	return false, nil
 }
 
-func (i *image) Unpack(ctx context.Context, snapshotterName string) error {
+// UnpackConfig provides configuration for the unpack of an image
+type UnpackConfig struct {
+	// ApplyOpts for applying a diff to a snapshotter
+	ApplyOpts []diff.ApplyOpt
+	// SnapshotOpts for configuring a snapshotter
+	SnapshotOpts []snapshots.Opt
+	// CheckPlatformSupported is whether to validate that a snapshotter
+	// supports an image's platform before unpacking
+	CheckPlatformSupported bool
+}
+
+// UnpackOpt provides configuration for unpack
+type UnpackOpt func(context.Context, *UnpackConfig) error
+
+// WithSnapshotterPlatformCheck sets `CheckPlatformSupported` on the UnpackConfig
+func WithSnapshotterPlatformCheck() UnpackOpt {
+	return func(ctx context.Context, uc *UnpackConfig) error {
+		uc.CheckPlatformSupported = true
+		return nil
+	}
+}
+
+func (i *image) Unpack(ctx context.Context, snapshotterName string, opts ...UnpackOpt) error {
 	ctx, done, err := i.client.WithLease(ctx)
 	if err != nil {
 		return err
 	}
 	defer done(ctx)
 
-	layers, err := i.getLayers(ctx, i.platform)
+	var config UnpackConfig
+	for _, o := range opts {
+		if err := o(ctx, &config); err != nil {
+			return err
+		}
+	}
+
+	manifest, err := i.getManifest(ctx, i.platform)
+	if err != nil {
+		return err
+	}
+
+	layers, err := i.getLayers(ctx, i.platform, manifest)
 	if err != nil {
 		return err
 	}
 
 	var (
-		sn = i.client.SnapshotService(snapshotterName)
 		a  = i.client.DiffService()
 		cs = i.client.ContentStore()
 
 		chain    []digest.Digest
 		unpacked bool
 	)
+	snapshotterName, err = i.client.resolveSnapshotterName(ctx, snapshotterName)
+	if err != nil {
+		return err
+	}
+	sn, err := i.client.getSnapshotter(ctx, snapshotterName)
+	if err != nil {
+		return err
+	}
+	if config.CheckPlatformSupported {
+		if err := i.checkSnapshotterSupport(ctx, snapshotterName, manifest); err != nil {
+			return err
+		}
+	}
+
 	for _, layer := range layers {
-		unpacked, err = rootfs.ApplyLayer(ctx, layer, chain, sn, a)
+		unpacked, err = rootfs.ApplyLayerWithOpts(ctx, layer, chain, sn, a, config.SnapshotOpts, config.ApplyOpts)
 		if err != nil {
 			return err
 		}
@@ -170,36 +366,35 @@ func (i *image) Unpack(ctx context.Context, snapshotterName string) error {
 		chain = append(chain, layer.Diff.Digest)
 	}
 
-	if unpacked {
-		desc, err := i.i.Config(ctx, cs, i.platform)
-		if err != nil {
-			return err
-		}
+	desc, err := i.i.Config(ctx, cs, i.platform)
+	if err != nil {
+		return err
+	}
 
-		rootfs := identity.ChainID(chain).String()
+	rootfs := identity.ChainID(chain).String()
 
-		cinfo := content.Info{
-			Digest: desc.Digest,
-			Labels: map[string]string{
-				fmt.Sprintf("containerd.io/gc.ref.snapshot.%s", snapshotterName): rootfs,
-			},
-		}
-		if _, err := cs.Update(ctx, cinfo, fmt.Sprintf("labels.containerd.io/gc.ref.snapshot.%s", snapshotterName)); err != nil {
-			return err
-		}
+	cinfo := content.Info{
+		Digest: desc.Digest,
+		Labels: map[string]string{
+			fmt.Sprintf("containerd.io/gc.ref.snapshot.%s", snapshotterName): rootfs,
+		},
 	}
 
-	return nil
+	_, err = cs.Update(ctx, cinfo, fmt.Sprintf("labels.containerd.io/gc.ref.snapshot.%s", snapshotterName))
+	return err
 }
 
-func (i *image) getLayers(ctx context.Context, platform platforms.MatchComparer) ([]rootfs.Layer, error) {
-	cs := i.client.ContentStore()
-
+func (i *image) getManifest(ctx context.Context, platform platforms.MatchComparer) (ocispec.Manifest, error) {
+	cs := i.ContentStore()
 	manifest, err := images.Manifest(ctx, cs, i.i.Target, platform)
 	if err != nil {
-		return nil, err
+		return ocispec.Manifest{}, err
 	}
+	return manifest, nil
+}
 
+func (i *image) getLayers(ctx context.Context, platform platforms.MatchComparer, manifest ocispec.Manifest) ([]rootfs.Layer, error) {
+	cs := i.ContentStore()
 	diffIDs, err := i.i.RootFS(ctx, cs, platform)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to resolve rootfs")
@@ -219,6 +414,37 @@ func (i *image) getLayers(ctx context.Context, platform platforms.MatchComparer)
 	return layers, nil
 }
 
+func (i *image) getManifestPlatform(ctx context.Context, manifest ocispec.Manifest) (ocispec.Platform, error) {
+	cs := i.ContentStore()
+	p, err := content.ReadBlob(ctx, cs, manifest.Config)
+	if err != nil {
+		return ocispec.Platform{}, err
+	}
+
+	var image ocispec.Image
+	if err := json.Unmarshal(p, &image); err != nil {
+		return ocispec.Platform{}, err
+	}
+	return platforms.Normalize(ocispec.Platform{OS: image.OS, Architecture: image.Architecture}), nil
+}
+
+func (i *image) checkSnapshotterSupport(ctx context.Context, snapshotterName string, manifest ocispec.Manifest) error {
+	snapshotterPlatformMatcher, err := i.client.GetSnapshotterSupportedPlatforms(ctx, snapshotterName)
+	if err != nil {
+		return err
+	}
+
+	manifestPlatform, err := i.getManifestPlatform(ctx, manifest)
+	if err != nil {
+		return err
+	}
+
+	if snapshotterPlatformMatcher.Match(manifestPlatform) {
+		return nil
+	}
+	return fmt.Errorf("snapshotter %s does not support platform %s for image %s", snapshotterName, manifestPlatform, manifest.Config.Digest)
+}
+
 func (i *image) ContentStore() content.Store {
 	return i.client.ContentStore()
 }
diff --git a/vendor/github.com/containerd/containerd/image_store.go b/vendor/github.com/containerd/containerd/image_store.go
index 3676bdadad003..fd79e8929f528 100644
--- a/vendor/github.com/containerd/containerd/image_store.go
+++ b/vendor/github.com/containerd/containerd/image_store.go
@@ -137,16 +137,18 @@ func imagesFromProto(imagespb []imagesapi.Image) []images.Image {
 
 func descFromProto(desc *types.Descriptor) ocispec.Descriptor {
 	return ocispec.Descriptor{
-		MediaType: desc.MediaType,
-		Size:      desc.Size_,
-		Digest:    desc.Digest,
+		MediaType:   desc.MediaType,
+		Size:        desc.Size_,
+		Digest:      desc.Digest,
+		Annotations: desc.Annotations,
 	}
 }
 
 func descToProto(desc *ocispec.Descriptor) types.Descriptor {
 	return types.Descriptor{
-		MediaType: desc.MediaType,
-		Size_:     desc.Size,
-		Digest:    desc.Digest,
+		MediaType:   desc.MediaType,
+		Size_:       desc.Size,
+		Digest:      desc.Digest,
+		Annotations: desc.Annotations,
 	}
 }
diff --git a/vendor/github.com/containerd/containerd/images/annotations.go b/vendor/github.com/containerd/containerd/images/annotations.go
new file mode 100644
index 0000000000000..47d92104cddc6
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/images/annotations.go
@@ -0,0 +1,23 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package images
+
+const (
+	// AnnotationImageName is an annotation on a Descriptor in an index.json
+	// containing the `Name` value as used by an `Image` struct
+	AnnotationImageName = "io.containerd.image.name"
+)
diff --git a/vendor/github.com/containerd/containerd/images/archive/exporter.go b/vendor/github.com/containerd/containerd/images/archive/exporter.go
new file mode 100644
index 0000000000000..7801b2552cda7
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/images/archive/exporter.go
@@ -0,0 +1,501 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package archive
+
+import (
+	"archive/tar"
+	"context"
+	"encoding/json"
+	"io"
+	"path"
+	"sort"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/platforms"
+	digest "github.com/opencontainers/go-digest"
+	ocispecs "github.com/opencontainers/image-spec/specs-go"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+type exportOptions struct {
+	manifests          []ocispec.Descriptor
+	platform           platforms.MatchComparer
+	allPlatforms       bool
+	skipDockerManifest bool
+	blobRecordOptions  blobRecordOptions
+}
+
+// ExportOpt defines options for configuring exported descriptors
+type ExportOpt func(context.Context, *exportOptions) error
+
+// WithPlatform defines the platform to require manifest lists have
+// not exporting all platforms.
+// Additionally, platform is used to resolve image configs for
+// Docker v1.1, v1.2 format compatibility.
+func WithPlatform(p platforms.MatchComparer) ExportOpt {
+	return func(ctx context.Context, o *exportOptions) error {
+		o.platform = p
+		return nil
+	}
+}
+
+// WithAllPlatforms exports all manifests from a manifest list.
+// Missing content will fail the export.
+func WithAllPlatforms() ExportOpt {
+	return func(ctx context.Context, o *exportOptions) error {
+		o.allPlatforms = true
+		return nil
+	}
+}
+
+// WithSkipDockerManifest skips creation of the Docker compatible
+// manifest.json file.
+func WithSkipDockerManifest() ExportOpt {
+	return func(ctx context.Context, o *exportOptions) error {
+		o.skipDockerManifest = true
+		return nil
+	}
+}
+
+// WithImage adds the provided images to the exported archive.
+func WithImage(is images.Store, name string) ExportOpt {
+	return func(ctx context.Context, o *exportOptions) error {
+		img, err := is.Get(ctx, name)
+		if err != nil {
+			return err
+		}
+
+		img.Target.Annotations = addNameAnnotation(name, img.Target.Annotations)
+		o.manifests = append(o.manifests, img.Target)
+
+		return nil
+	}
+}
+
+// WithManifest adds a manifest to the exported archive.
+// When names are given they will be set on the manifest in the
+// exported archive, creating an index record for each name.
+// When no names are provided, it is up to caller to put name annotation to
+// on the manifest descriptor if needed.
+func WithManifest(manifest ocispec.Descriptor, names ...string) ExportOpt {
+	return func(ctx context.Context, o *exportOptions) error {
+		if len(names) == 0 {
+			o.manifests = append(o.manifests, manifest)
+		}
+		for _, name := range names {
+			mc := manifest
+			mc.Annotations = addNameAnnotation(name, manifest.Annotations)
+			o.manifests = append(o.manifests, mc)
+		}
+
+		return nil
+	}
+}
+
+// BlobFilter returns false if the blob should not be included in the archive.
+type BlobFilter func(ocispec.Descriptor) bool
+
+// WithBlobFilter specifies BlobFilter.
+func WithBlobFilter(f BlobFilter) ExportOpt {
+	return func(ctx context.Context, o *exportOptions) error {
+		o.blobRecordOptions.blobFilter = f
+		return nil
+	}
+}
+
+// WithSkipNonDistributableBlobs excludes non-distributable blobs such as Windows base layers.
+func WithSkipNonDistributableBlobs() ExportOpt {
+	f := func(desc ocispec.Descriptor) bool {
+		return !images.IsNonDistributable(desc.MediaType)
+	}
+	return WithBlobFilter(f)
+}
+
+func addNameAnnotation(name string, base map[string]string) map[string]string {
+	annotations := map[string]string{}
+	for k, v := range base {
+		annotations[k] = v
+	}
+
+	annotations[images.AnnotationImageName] = name
+	annotations[ocispec.AnnotationRefName] = ociReferenceName(name)
+
+	return annotations
+}
+
+// Export implements Exporter.
+func Export(ctx context.Context, store content.Provider, writer io.Writer, opts ...ExportOpt) error {
+	var eo exportOptions
+	for _, opt := range opts {
+		if err := opt(ctx, &eo); err != nil {
+			return err
+		}
+	}
+
+	records := []tarRecord{
+		ociLayoutFile(""),
+		ociIndexRecord(eo.manifests),
+	}
+
+	algorithms := map[string]struct{}{}
+	dManifests := map[digest.Digest]*exportManifest{}
+	resolvedIndex := map[digest.Digest]digest.Digest{}
+	for _, desc := range eo.manifests {
+		switch desc.MediaType {
+		case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
+			mt, ok := dManifests[desc.Digest]
+			if !ok {
+				// TODO(containerd): Skip if already added
+				r, err := getRecords(ctx, store, desc, algorithms, &eo.blobRecordOptions)
+				if err != nil {
+					return err
+				}
+				records = append(records, r...)
+
+				mt = &exportManifest{
+					manifest: desc,
+				}
+				dManifests[desc.Digest] = mt
+			}
+
+			name := desc.Annotations[images.AnnotationImageName]
+			if name != "" && !eo.skipDockerManifest {
+				mt.names = append(mt.names, name)
+			}
+		case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
+			d, ok := resolvedIndex[desc.Digest]
+			if !ok {
+				records = append(records, blobRecord(store, desc, &eo.blobRecordOptions))
+
+				p, err := content.ReadBlob(ctx, store, desc)
+				if err != nil {
+					return err
+				}
+
+				var index ocispec.Index
+				if err := json.Unmarshal(p, &index); err != nil {
+					return err
+				}
+
+				var manifests []ocispec.Descriptor
+				for _, m := range index.Manifests {
+					if eo.platform != nil {
+						if m.Platform == nil || eo.platform.Match(*m.Platform) {
+							manifests = append(manifests, m)
+						} else if !eo.allPlatforms {
+							continue
+						}
+					}
+
+					r, err := getRecords(ctx, store, m, algorithms, &eo.blobRecordOptions)
+					if err != nil {
+						return err
+					}
+
+					records = append(records, r...)
+				}
+
+				if !eo.skipDockerManifest {
+					if len(manifests) >= 1 {
+						if len(manifests) > 1 {
+							sort.SliceStable(manifests, func(i, j int) bool {
+								if manifests[i].Platform == nil {
+									return false
+								}
+								if manifests[j].Platform == nil {
+									return true
+								}
+								return eo.platform.Less(*manifests[i].Platform, *manifests[j].Platform)
+							})
+						}
+						d = manifests[0].Digest
+						dManifests[d] = &exportManifest{
+							manifest: manifests[0],
+						}
+					} else if eo.platform != nil {
+						return errors.Wrap(errdefs.ErrNotFound, "no manifest found for platform")
+					}
+				}
+				resolvedIndex[desc.Digest] = d
+			}
+			if d != "" {
+				if name := desc.Annotations[images.AnnotationImageName]; name != "" {
+					mt := dManifests[d]
+					mt.names = append(mt.names, name)
+				}
+
+			}
+		default:
+			return errors.Wrap(errdefs.ErrInvalidArgument, "only manifests may be exported")
+		}
+	}
+
+	if len(dManifests) > 0 {
+		tr, err := manifestsRecord(ctx, store, dManifests)
+		if err != nil {
+			return errors.Wrap(err, "unable to create manifests file")
+		}
+
+		records = append(records, tr)
+	}
+
+	if len(algorithms) > 0 {
+		records = append(records, directoryRecord("blobs/", 0755))
+		for alg := range algorithms {
+			records = append(records, directoryRecord("blobs/"+alg+"/", 0755))
+		}
+	}
+
+	tw := tar.NewWriter(writer)
+	defer tw.Close()
+	return writeTar(ctx, tw, records)
+}
+
+func getRecords(ctx context.Context, store content.Provider, desc ocispec.Descriptor, algorithms map[string]struct{}, brOpts *blobRecordOptions) ([]tarRecord, error) {
+	var records []tarRecord
+	exportHandler := func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+		records = append(records, blobRecord(store, desc, brOpts))
+		algorithms[desc.Digest.Algorithm().String()] = struct{}{}
+		return nil, nil
+	}
+
+	childrenHandler := images.ChildrenHandler(store)
+
+	handlers := images.Handlers(
+		childrenHandler,
+		images.HandlerFunc(exportHandler),
+	)
+
+	// Walk sequentially since the number of fetches is likely one and doing in
+	// parallel requires locking the export handler
+	if err := images.Walk(ctx, handlers, desc); err != nil {
+		return nil, err
+	}
+
+	return records, nil
+}
+
+type tarRecord struct {
+	Header *tar.Header
+	CopyTo func(context.Context, io.Writer) (int64, error)
+}
+
+type blobRecordOptions struct {
+	blobFilter BlobFilter
+}
+
+func blobRecord(cs content.Provider, desc ocispec.Descriptor, opts *blobRecordOptions) tarRecord {
+	if opts != nil && opts.blobFilter != nil && !opts.blobFilter(desc) {
+		return tarRecord{}
+	}
+	path := path.Join("blobs", desc.Digest.Algorithm().String(), desc.Digest.Encoded())
+	return tarRecord{
+		Header: &tar.Header{
+			Name:     path,
+			Mode:     0444,
+			Size:     desc.Size,
+			Typeflag: tar.TypeReg,
+		},
+		CopyTo: func(ctx context.Context, w io.Writer) (int64, error) {
+			r, err := cs.ReaderAt(ctx, desc)
+			if err != nil {
+				return 0, errors.Wrap(err, "failed to get reader")
+			}
+			defer r.Close()
+
+			// Verify digest
+			dgstr := desc.Digest.Algorithm().Digester()
+
+			n, err := io.Copy(io.MultiWriter(w, dgstr.Hash()), content.NewReader(r))
+			if err != nil {
+				return 0, errors.Wrap(err, "failed to copy to tar")
+			}
+			if dgstr.Digest() != desc.Digest {
+				return 0, errors.Errorf("unexpected digest %s copied", dgstr.Digest())
+			}
+			return n, nil
+		},
+	}
+}
+
+func directoryRecord(name string, mode int64) tarRecord {
+	return tarRecord{
+		Header: &tar.Header{
+			Name:     name,
+			Mode:     mode,
+			Typeflag: tar.TypeDir,
+		},
+	}
+}
+
+func ociLayoutFile(version string) tarRecord {
+	if version == "" {
+		version = ocispec.ImageLayoutVersion
+	}
+	layout := ocispec.ImageLayout{
+		Version: version,
+	}
+
+	b, err := json.Marshal(layout)
+	if err != nil {
+		panic(err)
+	}
+
+	return tarRecord{
+		Header: &tar.Header{
+			Name:     ocispec.ImageLayoutFile,
+			Mode:     0444,
+			Size:     int64(len(b)),
+			Typeflag: tar.TypeReg,
+		},
+		CopyTo: func(ctx context.Context, w io.Writer) (int64, error) {
+			n, err := w.Write(b)
+			return int64(n), err
+		},
+	}
+
+}
+
+func ociIndexRecord(manifests []ocispec.Descriptor) tarRecord {
+	index := ocispec.Index{
+		Versioned: ocispecs.Versioned{
+			SchemaVersion: 2,
+		},
+		Manifests: manifests,
+	}
+
+	b, err := json.Marshal(index)
+	if err != nil {
+		panic(err)
+	}
+
+	return tarRecord{
+		Header: &tar.Header{
+			Name:     "index.json",
+			Mode:     0644,
+			Size:     int64(len(b)),
+			Typeflag: tar.TypeReg,
+		},
+		CopyTo: func(ctx context.Context, w io.Writer) (int64, error) {
+			n, err := w.Write(b)
+			return int64(n), err
+		},
+	}
+}
+
+type exportManifest struct {
+	manifest ocispec.Descriptor
+	names    []string
+}
+
+func manifestsRecord(ctx context.Context, store content.Provider, manifests map[digest.Digest]*exportManifest) (tarRecord, error) {
+	mfsts := make([]struct {
+		Config   string
+		RepoTags []string
+		Layers   []string
+	}, len(manifests))
+
+	var i int
+	for _, m := range manifests {
+		p, err := content.ReadBlob(ctx, store, m.manifest)
+		if err != nil {
+			return tarRecord{}, err
+		}
+
+		var manifest ocispec.Manifest
+		if err := json.Unmarshal(p, &manifest); err != nil {
+			return tarRecord{}, err
+		}
+		if err := manifest.Config.Digest.Validate(); err != nil {
+			return tarRecord{}, errors.Wrapf(err, "invalid manifest %q", m.manifest.Digest)
+		}
+
+		dgst := manifest.Config.Digest
+		mfsts[i].Config = path.Join("blobs", dgst.Algorithm().String(), dgst.Encoded())
+		for _, l := range manifest.Layers {
+			path := path.Join("blobs", l.Digest.Algorithm().String(), l.Digest.Encoded())
+			mfsts[i].Layers = append(mfsts[i].Layers, path)
+		}
+
+		for _, name := range m.names {
+			nname, err := familiarizeReference(name)
+			if err != nil {
+				return tarRecord{}, err
+			}
+
+			mfsts[i].RepoTags = append(mfsts[i].RepoTags, nname)
+		}
+
+		i++
+	}
+
+	b, err := json.Marshal(mfsts)
+	if err != nil {
+		return tarRecord{}, err
+	}
+
+	return tarRecord{
+		Header: &tar.Header{
+			Name:     "manifest.json",
+			Mode:     0644,
+			Size:     int64(len(b)),
+			Typeflag: tar.TypeReg,
+		},
+		CopyTo: func(ctx context.Context, w io.Writer) (int64, error) {
+			n, err := w.Write(b)
+			return int64(n), err
+		},
+	}, nil
+}
+
+func writeTar(ctx context.Context, tw *tar.Writer, recordsWithEmpty []tarRecord) error {
+	var records []tarRecord
+	for _, r := range recordsWithEmpty {
+		if r.Header != nil {
+			records = append(records, r)
+		}
+	}
+	sort.Slice(records, func(i, j int) bool {
+		return records[i].Header.Name < records[j].Header.Name
+	})
+
+	var last string
+	for _, record := range records {
+		if record.Header.Name == last {
+			continue
+		}
+		last = record.Header.Name
+		if err := tw.WriteHeader(record.Header); err != nil {
+			return err
+		}
+		if record.CopyTo != nil {
+			n, err := record.CopyTo(ctx, tw)
+			if err != nil {
+				return err
+			}
+			if n != record.Header.Size {
+				return errors.Errorf("unexpected copy size for %s", record.Header.Name)
+			}
+		} else if record.Header.Size > 0 {
+			return errors.Errorf("no content to write to record with non-zero size for %s", record.Header.Name)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/containerd/containerd/images/archive/importer.go b/vendor/github.com/containerd/containerd/images/archive/importer.go
index c1522df461d03..2d046589f8dd6 100644
--- a/vendor/github.com/containerd/containerd/images/archive/importer.go
+++ b/vendor/github.com/containerd/containerd/images/archive/importer.go
@@ -22,12 +22,14 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"path"
 
 	"github.com/containerd/containerd/archive/compression"
 	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/log"
 	digest "github.com/opencontainers/go-digest"
@@ -36,15 +38,30 @@ import (
 	"github.com/pkg/errors"
 )
 
-// ImportIndex imports an index from a tar achive image bundle
+type importOpts struct {
+	compress bool
+}
+
+// ImportOpt is an option for importing an OCI index
+type ImportOpt func(*importOpts) error
+
+// WithImportCompression compresses uncompressed layers on import.
+// This is used for import formats which do not include the manifest.
+func WithImportCompression() ImportOpt {
+	return func(io *importOpts) error {
+		io.compress = true
+		return nil
+	}
+}
+
+// ImportIndex imports an index from a tar archive image bundle
 // - implements Docker v1.1, v1.2 and OCI v1.
 // - prefers OCI v1 when provided
 // - creates OCI index for Docker formats
 // - normalizes Docker references and adds as OCI ref name
 //      e.g. alpine:latest -> docker.io/library/alpine:latest
 // - existing OCI reference names are untouched
-// - TODO: support option to compress layers on ingest
-func ImportIndex(ctx context.Context, store content.Store, reader io.Reader) (ocispec.Descriptor, error) {
+func ImportIndex(ctx context.Context, store content.Store, reader io.Reader, opts ...ImportOpt) (ocispec.Descriptor, error) {
 	var (
 		tr = tar.NewReader(reader)
 
@@ -56,7 +73,15 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader) (oc
 		}
 		symlinks = make(map[string]string)
 		blobs    = make(map[string]ocispec.Descriptor)
+		iopts    importOpts
 	)
+
+	for _, o := range opts {
+		if err := o(&iopts); err != nil {
+			return ocispec.Descriptor{}, err
+		}
+	}
+
 	for {
 		hdr, err := tr.Next()
 		if err == io.EOF {
@@ -99,7 +124,7 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader) (oc
 	}
 
 	// If OCI layout was given, interpret the tar as an OCI layout.
-	// When not provided, the layout of the tar will be interpretted
+	// When not provided, the layout of the tar will be interpreted
 	// as Docker v1.1 or v1.2.
 	if ociLayout.Version != "" {
 		if ociLayout.Version != ocispec.ImageLayoutVersion {
@@ -137,22 +162,26 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader) (oc
 		if !ok {
 			return ocispec.Descriptor{}, errors.Errorf("image config %q not found", mfst.Config)
 		}
-		config.MediaType = ocispec.MediaTypeImageConfig
+		config.MediaType = images.MediaTypeDockerSchema2Config
 
-		layers, err := resolveLayers(ctx, store, mfst.Layers, blobs)
+		layers, err := resolveLayers(ctx, store, mfst.Layers, blobs, iopts.compress)
 		if err != nil {
 			return ocispec.Descriptor{}, errors.Wrap(err, "failed to resolve layers")
 		}
 
-		manifest := ocispec.Manifest{
-			Versioned: specs.Versioned{
-				SchemaVersion: 2,
-			},
-			Config: config,
-			Layers: layers,
+		manifest := struct {
+			SchemaVersion int                  `json:"schemaVersion"`
+			MediaType     string               `json:"mediaType"`
+			Config        ocispec.Descriptor   `json:"config"`
+			Layers        []ocispec.Descriptor `json:"layers"`
+		}{
+			SchemaVersion: 2,
+			MediaType:     images.MediaTypeDockerSchema2Manifest,
+			Config:        config,
+			Layers:        layers,
 		}
 
-		desc, err := writeManifest(ctx, store, manifest, ocispec.MediaTypeImageManifest)
+		desc, err := writeManifest(ctx, store, manifest, manifest.MediaType)
 		if err != nil {
 			return ocispec.Descriptor{}, errors.Wrap(err, "write docker manifest")
 		}
@@ -164,7 +193,7 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader) (oc
 		if len(platforms) > 0 {
 			// Only one platform can be resolved from non-index manifest,
 			// The platform can only come from the config included above,
-			// if the config has no platform it can be safely ommitted.
+			// if the config has no platform it can be safely omitted.
 			desc.Platform = &platforms[0]
 		}
 
@@ -181,7 +210,8 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader) (oc
 				}
 
 				mfstdesc.Annotations = map[string]string{
-					ocispec.AnnotationRefName: normalized,
+					images.AnnotationImageName: normalized,
+					ocispec.AnnotationRefName:  ociReferenceName(normalized),
 				}
 
 				idx.Manifests = append(idx.Manifests, mfstdesc)
@@ -197,10 +227,7 @@ func onUntarJSON(r io.Reader, j interface{}) error {
 	if err != nil {
 		return err
 	}
-	if err := json.Unmarshal(b, j); err != nil {
-		return err
-	}
-	return nil
+	return json.Unmarshal(b, j)
 }
 
 func onUntarBlob(ctx context.Context, r io.Reader, store content.Ingester, size int64, ref string) (digest.Digest, error) {
@@ -213,36 +240,118 @@ func onUntarBlob(ctx context.Context, r io.Reader, store content.Ingester, size
 	return dgstr.Digest(), nil
 }
 
-func resolveLayers(ctx context.Context, store content.Store, layerFiles []string, blobs map[string]ocispec.Descriptor) ([]ocispec.Descriptor, error) {
-	var layers []ocispec.Descriptor
-	for _, f := range layerFiles {
+func resolveLayers(ctx context.Context, store content.Store, layerFiles []string, blobs map[string]ocispec.Descriptor, compress bool) ([]ocispec.Descriptor, error) {
+	layers := make([]ocispec.Descriptor, len(layerFiles))
+	descs := map[digest.Digest]*ocispec.Descriptor{}
+	filters := []string{}
+	for i, f := range layerFiles {
 		desc, ok := blobs[f]
 		if !ok {
 			return nil, errors.Errorf("layer %q not found", f)
 		}
+		layers[i] = desc
+		descs[desc.Digest] = &layers[i]
+		filters = append(filters, "labels.\"containerd.io/uncompressed\"=="+desc.Digest.String())
+	}
+
+	err := store.Walk(ctx, func(info content.Info) error {
+		dgst, ok := info.Labels["containerd.io/uncompressed"]
+		if ok {
+			desc := descs[digest.Digest(dgst)]
+			if desc != nil {
+				desc.MediaType = images.MediaTypeDockerSchema2LayerGzip
+				desc.Digest = info.Digest
+				desc.Size = info.Size
+			}
+		}
+		return nil
+	}, filters...)
+	if err != nil {
+		return nil, errors.Wrap(err, "failure checking for compressed blobs")
+	}
 
+	for i, desc := range layers {
+		if desc.MediaType != "" {
+			continue
+		}
 		// Open blob, resolve media type
 		ra, err := store.ReaderAt(ctx, desc)
 		if err != nil {
-			return nil, errors.Wrapf(err, "failed to open %q (%s)", f, desc.Digest)
+			return nil, errors.Wrapf(err, "failed to open %q (%s)", layerFiles[i], desc.Digest)
 		}
 		s, err := compression.DecompressStream(content.NewReader(ra))
 		if err != nil {
-			return nil, errors.Wrapf(err, "failed to detect compression for %q", f)
+			return nil, errors.Wrapf(err, "failed to detect compression for %q", layerFiles[i])
 		}
 		if s.GetCompression() == compression.Uncompressed {
-			// TODO: Support compressing and writing back to content store
-			desc.MediaType = ocispec.MediaTypeImageLayer
+			if compress {
+				ref := fmt.Sprintf("compress-blob-%s-%s", desc.Digest.Algorithm().String(), desc.Digest.Encoded())
+				labels := map[string]string{
+					"containerd.io/uncompressed": desc.Digest.String(),
+				}
+				layers[i], err = compressBlob(ctx, store, s, ref, content.WithLabels(labels))
+				if err != nil {
+					s.Close()
+					return nil, err
+				}
+				layers[i].MediaType = images.MediaTypeDockerSchema2LayerGzip
+			} else {
+				layers[i].MediaType = images.MediaTypeDockerSchema2Layer
+			}
 		} else {
-			desc.MediaType = ocispec.MediaTypeImageLayerGzip
+			layers[i].MediaType = images.MediaTypeDockerSchema2LayerGzip
 		}
 		s.Close()
 
-		layers = append(layers, desc)
 	}
 	return layers, nil
 }
 
+func compressBlob(ctx context.Context, cs content.Store, r io.Reader, ref string, opts ...content.Opt) (desc ocispec.Descriptor, err error) {
+	w, err := content.OpenWriter(ctx, cs, content.WithRef(ref))
+	if err != nil {
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to open writer")
+	}
+
+	defer func() {
+		w.Close()
+		if err != nil {
+			cs.Abort(ctx, ref)
+		}
+	}()
+	if err := w.Truncate(0); err != nil {
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to truncate writer")
+	}
+
+	cw, err := compression.CompressStream(w, compression.Gzip)
+	if err != nil {
+		return ocispec.Descriptor{}, err
+	}
+
+	if _, err := io.Copy(cw, r); err != nil {
+		return ocispec.Descriptor{}, err
+	}
+	if err := cw.Close(); err != nil {
+		return ocispec.Descriptor{}, err
+	}
+
+	cst, err := w.Status()
+	if err != nil {
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to get writer status")
+	}
+
+	desc.Digest = w.Digest()
+	desc.Size = cst.Offset
+
+	if err := w.Commit(ctx, desc.Size, desc.Digest, opts...); err != nil {
+		if !errdefs.IsAlreadyExists(err) {
+			return ocispec.Descriptor{}, errors.Wrap(err, "failed to commit")
+		}
+	}
+
+	return desc, nil
+}
+
 func writeManifest(ctx context.Context, cs content.Ingester, manifest interface{}, mediaType string) (ocispec.Descriptor, error) {
 	manifestBytes, err := json.Marshal(manifest)
 	if err != nil {
diff --git a/vendor/github.com/containerd/containerd/images/archive/reference.go b/vendor/github.com/containerd/containerd/images/archive/reference.go
index 0b1310181e426..ce9fe98f91b03 100644
--- a/vendor/github.com/containerd/containerd/images/archive/reference.go
+++ b/vendor/github.com/containerd/containerd/images/archive/reference.go
@@ -19,8 +19,9 @@ package archive
 import (
 	"strings"
 
-	"github.com/containerd/cri/pkg/util"
-	digest "github.com/opencontainers/go-digest"
+	"github.com/containerd/containerd/reference"
+	distref "github.com/containerd/containerd/reference/docker"
+	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
 
@@ -69,7 +70,7 @@ func isImagePrefix(s, prefix string) bool {
 
 func normalizeReference(ref string) (string, error) {
 	// TODO: Replace this function to not depend on reference package
-	normalized, err := util.NormalizeImageRef(ref)
+	normalized, err := distref.ParseDockerRef(ref)
 	if err != nil {
 		return "", errors.Wrapf(err, "normalize image ref %q", ref)
 	}
@@ -77,6 +78,31 @@ func normalizeReference(ref string) (string, error) {
 	return normalized.String(), nil
 }
 
+func familiarizeReference(ref string) (string, error) {
+	named, err := distref.ParseNormalizedNamed(ref)
+	if err != nil {
+		return "", errors.Wrapf(err, "failed to parse %q", ref)
+	}
+	named = distref.TagNameOnly(named)
+
+	return distref.FamiliarString(named), nil
+}
+
+func ociReferenceName(name string) string {
+	// OCI defines the reference name as only a tag excluding the
+	// repository. The containerd annotation contains the full image name
+	// since the tag is insufficient for correctly naming and referring to an
+	// image
+	var ociRef string
+	if spec, err := reference.Parse(name); err == nil {
+		ociRef = spec.Object
+	} else {
+		ociRef = name
+	}
+
+	return ociRef
+}
+
 // DigestTranslator creates a digest reference by adding the
 // digest to an image name
 func DigestTranslator(prefix string) func(digest.Digest) string {
diff --git a/vendor/github.com/containerd/containerd/images/diffid.go b/vendor/github.com/containerd/containerd/images/diffid.go
new file mode 100644
index 0000000000000..56193cc289f7b
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/images/diffid.go
@@ -0,0 +1,81 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package images
+
+import (
+	"context"
+	"io"
+
+	"github.com/containerd/containerd/archive/compression"
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/labels"
+	"github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/sirupsen/logrus"
+)
+
+// GetDiffID gets the diff ID of the layer blob descriptor.
+func GetDiffID(ctx context.Context, cs content.Store, desc ocispec.Descriptor) (digest.Digest, error) {
+	switch desc.MediaType {
+	case
+		// If the layer is already uncompressed, we can just return its digest
+		MediaTypeDockerSchema2Layer,
+		ocispec.MediaTypeImageLayer,
+		MediaTypeDockerSchema2LayerForeign,
+		ocispec.MediaTypeImageLayerNonDistributable:
+		return desc.Digest, nil
+	}
+	info, err := cs.Info(ctx, desc.Digest)
+	if err != nil {
+		return "", err
+	}
+	v, ok := info.Labels[labels.LabelUncompressed]
+	if ok {
+		// Fast path: if the image is already unpacked, we can use the label value
+		return digest.Parse(v)
+	}
+	// if the image is not unpacked, we may not have the label
+	ra, err := cs.ReaderAt(ctx, desc)
+	if err != nil {
+		return "", err
+	}
+	defer ra.Close()
+	r := content.NewReader(ra)
+	uR, err := compression.DecompressStream(r)
+	if err != nil {
+		return "", err
+	}
+	defer uR.Close()
+	digester := digest.Canonical.Digester()
+	hashW := digester.Hash()
+	if _, err := io.Copy(hashW, uR); err != nil {
+		return "", err
+	}
+	if err := ra.Close(); err != nil {
+		return "", err
+	}
+	digest := digester.Digest()
+	// memorize the computed value
+	if info.Labels == nil {
+		info.Labels = make(map[string]string)
+	}
+	info.Labels[labels.LabelUncompressed] = digest.String()
+	if _, err := cs.Update(ctx, info, "labels"); err != nil {
+		logrus.WithError(err).Warnf("failed to set %s label for %s", labels.LabelUncompressed, desc.Digest)
+	}
+	return digest, nil
+}
diff --git a/vendor/github.com/containerd/containerd/images/handlers.go b/vendor/github.com/containerd/containerd/images/handlers.go
index 230a9caf85f5b..05a9017bc27eb 100644
--- a/vendor/github.com/containerd/containerd/images/handlers.go
+++ b/vendor/github.com/containerd/containerd/images/handlers.go
@@ -22,10 +22,12 @@ import (
 	"sort"
 
 	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/platforms"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"golang.org/x/sync/errgroup"
+	"golang.org/x/sync/semaphore"
 )
 
 var (
@@ -62,7 +64,7 @@ func Handlers(handlers ...Handler) HandlerFunc {
 		for _, handler := range handlers {
 			ch, err := handler.Handle(ctx, desc)
 			if err != nil {
-				if errors.Cause(err) == ErrStopHandler {
+				if errors.Is(err, ErrStopHandler) {
 					break
 				}
 				return nil, err
@@ -85,7 +87,7 @@ func Walk(ctx context.Context, handler Handler, descs ...ocispec.Descriptor) err
 
 		children, err := handler.Handle(ctx, desc)
 		if err != nil {
-			if errors.Cause(err) == ErrSkipDesc {
+			if errors.Is(err, ErrSkipDesc) {
 				continue // don't traverse the children.
 			}
 			return err
@@ -108,28 +110,40 @@ func Walk(ctx context.Context, handler Handler, descs ...ocispec.Descriptor) err
 // handler may return `ErrSkipDesc` to signal to the dispatcher to not traverse
 // any children.
 //
+// A concurrency limiter can be passed in to limit the number of concurrent
+// handlers running. When limiter is nil, there is no limit.
+//
 // Typically, this function will be used with `FetchHandler`, often composed
 // with other handlers.
 //
 // If any handler returns an error, the dispatch session will be canceled.
-func Dispatch(ctx context.Context, handler Handler, descs ...ocispec.Descriptor) error {
-	eg, ctx := errgroup.WithContext(ctx)
+func Dispatch(ctx context.Context, handler Handler, limiter *semaphore.Weighted, descs ...ocispec.Descriptor) error {
+	eg, ctx2 := errgroup.WithContext(ctx)
 	for _, desc := range descs {
 		desc := desc
 
+		if limiter != nil {
+			if err := limiter.Acquire(ctx, 1); err != nil {
+				return err
+			}
+		}
+
 		eg.Go(func() error {
 			desc := desc
 
-			children, err := handler.Handle(ctx, desc)
+			children, err := handler.Handle(ctx2, desc)
+			if limiter != nil {
+				limiter.Release(1)
+			}
 			if err != nil {
-				if errors.Cause(err) == ErrSkipDesc {
+				if errors.Is(err, ErrSkipDesc) {
 					return nil // don't traverse the children.
 				}
 				return err
 			}
 
 			if len(children) > 0 {
-				return Dispatch(ctx, handler, children...)
+				return Dispatch(ctx2, handler, limiter, children...)
 			}
 
 			return nil
@@ -156,6 +170,19 @@ func ChildrenHandler(provider content.Provider) HandlerFunc {
 // the children returned by the handler and passes through the children.
 // Must follow a handler that returns the children to be labeled.
 func SetChildrenLabels(manager content.Manager, f HandlerFunc) HandlerFunc {
+	return SetChildrenMappedLabels(manager, f, nil)
+}
+
+// SetChildrenMappedLabels is a handler wrapper which sets labels for the content on
+// the children returned by the handler and passes through the children.
+// Must follow a handler that returns the children to be labeled.
+// The label map allows the caller to control the labels per child descriptor.
+// For returned labels, the index of the child will be appended to the end
+// except for the first index when the returned label does not end with '.'.
+func SetChildrenMappedLabels(manager content.Manager, f HandlerFunc, labelMap func(ocispec.Descriptor) []string) HandlerFunc {
+	if labelMap == nil {
+		labelMap = ChildGCLabels
+	}
 	return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
 		children, err := f(ctx, desc)
 		if err != nil {
@@ -163,14 +190,26 @@ func SetChildrenLabels(manager content.Manager, f HandlerFunc) HandlerFunc {
 		}
 
 		if len(children) > 0 {
-			info := content.Info{
-				Digest: desc.Digest,
-				Labels: map[string]string{},
-			}
-			fields := []string{}
-			for i, ch := range children {
-				info.Labels[fmt.Sprintf("containerd.io/gc.ref.content.%d", i)] = ch.Digest.String()
-				fields = append(fields, fmt.Sprintf("labels.containerd.io/gc.ref.content.%d", i))
+			var (
+				info = content.Info{
+					Digest: desc.Digest,
+					Labels: map[string]string{},
+				}
+				fields = []string{}
+				keys   = map[string]uint{}
+			)
+			for _, ch := range children {
+				labelKeys := labelMap(ch)
+				for _, key := range labelKeys {
+					idx := keys[key]
+					keys[key] = idx + 1
+					if idx > 0 || key[len(key)-1] == '.' {
+						key = fmt.Sprintf("%s%d", key, idx)
+					}
+
+					info.Labels[key] = ch.Digest.String()
+					fields = append(fields, "labels."+key)
+				}
 			}
 
 			_, err := manager.Update(ctx, info, fields...)
@@ -213,6 +252,7 @@ func FilterPlatforms(f HandlerFunc, m platforms.Matcher) HandlerFunc {
 // The results will be ordered according to the comparison operator and
 // use the ordering in the manifests for equal matches.
 // A limit of 0 or less is considered no limit.
+// A not found error is returned if no manifest is matched.
 func LimitManifests(f HandlerFunc, m platforms.MatchComparer, n int) HandlerFunc {
 	return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
 		children, err := f(ctx, desc)
@@ -232,8 +272,13 @@ func LimitManifests(f HandlerFunc, m platforms.MatchComparer, n int) HandlerFunc
 				return m.Less(*children[i].Platform, *children[j].Platform)
 			})
 
-			if n > 0 && len(children) > n {
-				children = children[:n]
+			if n > 0 {
+				if len(children) == 0 {
+					return children, errors.Wrap(errdefs.ErrNotFound, "no match for platform in manifest")
+				}
+				if len(children) > n {
+					children = children[:n]
+				}
 			}
 		default:
 			// only limit manifests from an index
diff --git a/vendor/github.com/containerd/containerd/images/image.go b/vendor/github.com/containerd/containerd/images/image.go
index f72684d82946e..2e5cd61c9a7aa 100644
--- a/vendor/github.com/containerd/containerd/images/image.go
+++ b/vendor/github.com/containerd/containerd/images/image.go
@@ -19,8 +19,8 @@ package images
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"sort"
-	"strings"
 	"time"
 
 	"github.com/containerd/containerd/content"
@@ -119,7 +119,7 @@ func (image *Image) Size(ctx context.Context, provider content.Provider, platfor
 		}
 		size += desc.Size
 		return nil, nil
-	}), FilterPlatforms(ChildrenHandler(provider), platform)), image.Target)
+	}), LimitManifests(FilterPlatforms(ChildrenHandler(provider), platform), platform, 1)), image.Target)
 }
 
 type platformManifest struct {
@@ -142,6 +142,7 @@ type platformManifest struct {
 // this direction because this abstraction is not needed.`
 func Manifest(ctx context.Context, provider content.Provider, image ocispec.Descriptor, platform platforms.MatchComparer) (ocispec.Manifest, error) {
 	var (
+		limit    = 1
 		m        []platformManifest
 		wasIndex bool
 	)
@@ -154,6 +155,10 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc
 				return nil, err
 			}
 
+			if err := validateMediaType(p, desc.MediaType); err != nil {
+				return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest)
+			}
+
 			var manifest ocispec.Manifest
 			if err := json.Unmarshal(p, &manifest); err != nil {
 				return nil, err
@@ -194,6 +199,10 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc
 				return nil, err
 			}
 
+			if err := validateMediaType(p, desc.MediaType); err != nil {
+				return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest)
+			}
+
 			var idx ocispec.Index
 			if err := json.Unmarshal(p, &idx); err != nil {
 				return nil, err
@@ -210,10 +219,22 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc
 				}
 			}
 
+			sort.SliceStable(descs, func(i, j int) bool {
+				if descs[i].Platform == nil {
+					return false
+				}
+				if descs[j].Platform == nil {
+					return true
+				}
+				return platform.Less(*descs[i].Platform, *descs[j].Platform)
+			})
+
 			wasIndex = true
 
+			if len(descs) > limit {
+				return descs[:limit], nil
+			}
 			return descs, nil
-
 		}
 		return nil, errors.Wrapf(errdefs.ErrNotFound, "unexpected media type %v for %v", desc.MediaType, desc.Digest)
 	}), image); err != nil {
@@ -227,17 +248,6 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc
 		}
 		return ocispec.Manifest{}, err
 	}
-
-	sort.SliceStable(m, func(i, j int) bool {
-		if m[i].p == nil {
-			return false
-		}
-		if m[j].p == nil {
-			return true
-		}
-		return platform.Less(*m[i].p, *m[j].p)
-	})
-
 	return *m[0].m, nil
 }
 
@@ -288,7 +298,7 @@ func Platforms(ctx context.Context, provider content.Provider, image ocispec.Des
 // If available is true, the caller can assume that required represents the
 // complete set of content required for the image.
 //
-// missing will have the components that are part of required but not avaiiable
+// missing will have the components that are part of required but not available
 // in the provider.
 //
 // If there is a problem resolving content, an error will be returned.
@@ -335,6 +345,10 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr
 			return nil, err
 		}
 
+		if err := validateMediaType(p, desc.MediaType); err != nil {
+			return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest)
+		}
+
 		// TODO(stevvooe): We just assume oci manifest, for now. There may be
 		// subtle differences from the docker version.
 		var manifest ocispec.Manifest
@@ -350,27 +364,65 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr
 			return nil, err
 		}
 
+		if err := validateMediaType(p, desc.MediaType); err != nil {
+			return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest)
+		}
+
 		var index ocispec.Index
 		if err := json.Unmarshal(p, &index); err != nil {
 			return nil, err
 		}
 
 		descs = append(descs, index.Manifests...)
-	case MediaTypeDockerSchema2Layer, MediaTypeDockerSchema2LayerGzip,
-		MediaTypeDockerSchema2LayerForeign, MediaTypeDockerSchema2LayerForeignGzip,
-		MediaTypeDockerSchema2Config, ocispec.MediaTypeImageConfig,
-		ocispec.MediaTypeImageLayer, ocispec.MediaTypeImageLayerGzip,
-		ocispec.MediaTypeImageLayerNonDistributable, ocispec.MediaTypeImageLayerNonDistributableGzip,
-		MediaTypeContainerd1Checkpoint, MediaTypeContainerd1CheckpointConfig:
-		// childless data types.
-		return nil, nil
 	default:
-		log.G(ctx).Warnf("encountered unknown type %v; children may not be fetched", desc.MediaType)
+		if IsLayerType(desc.MediaType) || IsKnownConfig(desc.MediaType) {
+			// childless data types.
+			return nil, nil
+		}
+		log.G(ctx).Debugf("encountered unknown type %v; children may not be fetched", desc.MediaType)
 	}
 
 	return descs, nil
 }
 
+// unknownDocument represents a manifest, manifest list, or index that has not
+// yet been validated.
+type unknownDocument struct {
+	MediaType string          `json:"mediaType,omitempty"`
+	Config    json.RawMessage `json:"config,omitempty"`
+	Layers    json.RawMessage `json:"layers,omitempty"`
+	Manifests json.RawMessage `json:"manifests,omitempty"`
+	FSLayers  json.RawMessage `json:"fsLayers,omitempty"` // schema 1
+}
+
+// validateMediaType returns an error if the byte slice is invalid JSON or if
+// the media type identifies the blob as one format but it contains elements of
+// another format.
+func validateMediaType(b []byte, mt string) error {
+	var doc unknownDocument
+	if err := json.Unmarshal(b, &doc); err != nil {
+		return err
+	}
+	if len(doc.FSLayers) != 0 {
+		return fmt.Errorf("media-type: schema 1 not supported")
+	}
+	switch mt {
+	case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
+		if len(doc.Manifests) != 0 ||
+			doc.MediaType == MediaTypeDockerSchema2ManifestList ||
+			doc.MediaType == ocispec.MediaTypeImageIndex {
+			return fmt.Errorf("media-type: expected manifest but found index (%s)", mt)
+		}
+	case MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
+		if len(doc.Config) != 0 || len(doc.Layers) != 0 ||
+			doc.MediaType == MediaTypeDockerSchema2Manifest ||
+			doc.MediaType == ocispec.MediaTypeImageManifest {
+			return fmt.Errorf("media-type: expected index but found manifest (%s)", mt)
+		}
+	}
+	return nil
+}
+
 // RootFS returns the unpacked diffids that make up and images rootfs.
 //
 // These are used to verify that a set of layers unpacked to the expected
@@ -387,22 +439,3 @@ func RootFS(ctx context.Context, provider content.Provider, configDesc ocispec.D
 	}
 	return config.RootFS.DiffIDs, nil
 }
-
-// IsCompressedDiff returns true if mediaType is a known compressed diff media type.
-// It returns false if the media type is a diff, but not compressed. If the media type
-// is not a known diff type, it returns errdefs.ErrNotImplemented
-func IsCompressedDiff(ctx context.Context, mediaType string) (bool, error) {
-	switch mediaType {
-	case ocispec.MediaTypeImageLayer, MediaTypeDockerSchema2Layer:
-	case ocispec.MediaTypeImageLayerGzip, MediaTypeDockerSchema2LayerGzip:
-		return true, nil
-	default:
-		// Still apply all generic media types *.tar[.+]gzip and *.tar
-		if strings.HasSuffix(mediaType, ".tar.gzip") || strings.HasSuffix(mediaType, ".tar+gzip") {
-			return true, nil
-		} else if !strings.HasSuffix(mediaType, ".tar") {
-			return false, errdefs.ErrNotImplemented
-		}
-	}
-	return false, nil
-}
diff --git a/vendor/github.com/containerd/containerd/images/mediatypes.go b/vendor/github.com/containerd/containerd/images/mediatypes.go
index ca4ca071b32ad..785d71291e29f 100644
--- a/vendor/github.com/containerd/containerd/images/mediatypes.go
+++ b/vendor/github.com/containerd/containerd/images/mediatypes.go
@@ -16,6 +16,16 @@
 
 package images
 
+import (
+	"context"
+	"sort"
+	"strings"
+
+	"github.com/containerd/containerd/errdefs"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
 // mediatype definitions for image components handled in containerd.
 //
 // oci components are generally referenced directly, although we may centralize
@@ -29,11 +39,166 @@ const (
 	MediaTypeDockerSchema2Manifest         = "application/vnd.docker.distribution.manifest.v2+json"
 	MediaTypeDockerSchema2ManifestList     = "application/vnd.docker.distribution.manifest.list.v2+json"
 	// Checkpoint/Restore Media Types
-	MediaTypeContainerd1Checkpoint        = "application/vnd.containerd.container.criu.checkpoint.criu.tar"
-	MediaTypeContainerd1CheckpointPreDump = "application/vnd.containerd.container.criu.checkpoint.predump.tar"
-	MediaTypeContainerd1Resource          = "application/vnd.containerd.container.resource.tar"
-	MediaTypeContainerd1RW                = "application/vnd.containerd.container.rw.tar"
-	MediaTypeContainerd1CheckpointConfig  = "application/vnd.containerd.container.checkpoint.config.v1+proto"
+	MediaTypeContainerd1Checkpoint               = "application/vnd.containerd.container.criu.checkpoint.criu.tar"
+	MediaTypeContainerd1CheckpointPreDump        = "application/vnd.containerd.container.criu.checkpoint.predump.tar"
+	MediaTypeContainerd1Resource                 = "application/vnd.containerd.container.resource.tar"
+	MediaTypeContainerd1RW                       = "application/vnd.containerd.container.rw.tar"
+	MediaTypeContainerd1CheckpointConfig         = "application/vnd.containerd.container.checkpoint.config.v1+proto"
+	MediaTypeContainerd1CheckpointOptions        = "application/vnd.containerd.container.checkpoint.options.v1+proto"
+	MediaTypeContainerd1CheckpointRuntimeName    = "application/vnd.containerd.container.checkpoint.runtime.name"
+	MediaTypeContainerd1CheckpointRuntimeOptions = "application/vnd.containerd.container.checkpoint.runtime.options+proto"
 	// Legacy Docker schema1 manifest
 	MediaTypeDockerSchema1Manifest = "application/vnd.docker.distribution.manifest.v1+prettyjws"
+	// Encypted media types
+	MediaTypeImageLayerEncrypted     = ocispec.MediaTypeImageLayer + "+encrypted"
+	MediaTypeImageLayerGzipEncrypted = ocispec.MediaTypeImageLayerGzip + "+encrypted"
 )
+
+// DiffCompression returns the compression as defined by the layer diff media
+// type. For Docker media types without compression, "unknown" is returned to
+// indicate that the media type may be compressed. If the media type is not
+// recognized as a layer diff, then it returns errdefs.ErrNotImplemented
+func DiffCompression(ctx context.Context, mediaType string) (string, error) {
+	base, ext := parseMediaTypes(mediaType)
+	switch base {
+	case MediaTypeDockerSchema2Layer, MediaTypeDockerSchema2LayerForeign:
+		if len(ext) > 0 {
+			// Type is wrapped
+			return "", nil
+		}
+		// These media types may have been compressed but failed to
+		// use the correct media type. The decompression function
+		// should detect and handle this case.
+		return "unknown", nil
+	case MediaTypeDockerSchema2LayerGzip, MediaTypeDockerSchema2LayerForeignGzip:
+		if len(ext) > 0 {
+			// Type is wrapped
+			return "", nil
+		}
+		return "gzip", nil
+	case ocispec.MediaTypeImageLayer, ocispec.MediaTypeImageLayerNonDistributable:
+		if len(ext) > 0 {
+			switch ext[len(ext)-1] {
+			case "gzip":
+				return "gzip", nil
+			case "zstd":
+				return "zstd", nil
+			}
+		}
+		return "", nil
+	default:
+		return "", errors.Wrapf(errdefs.ErrNotImplemented, "unrecognised mediatype %s", mediaType)
+	}
+}
+
+// parseMediaTypes splits the media type into the base type and
+// an array of sorted extensions
+func parseMediaTypes(mt string) (string, []string) {
+	if mt == "" {
+		return "", []string{}
+	}
+
+	s := strings.Split(mt, "+")
+	ext := s[1:]
+	sort.Strings(ext)
+
+	return s[0], ext
+}
+
+// IsNonDistributable returns true if the media type is non-distributable.
+func IsNonDistributable(mt string) bool {
+	return strings.HasPrefix(mt, "application/vnd.oci.image.layer.nondistributable.") ||
+		strings.HasPrefix(mt, "application/vnd.docker.image.rootfs.foreign.")
+}
+
+// IsLayerType returns true if the media type is a layer
+func IsLayerType(mt string) bool {
+	if strings.HasPrefix(mt, "application/vnd.oci.image.layer.") {
+		return true
+	}
+
+	// Parse Docker media types, strip off any + suffixes first
+	base, _ := parseMediaTypes(mt)
+	switch base {
+	case MediaTypeDockerSchema2Layer, MediaTypeDockerSchema2LayerGzip,
+		MediaTypeDockerSchema2LayerForeign, MediaTypeDockerSchema2LayerForeignGzip:
+		return true
+	}
+	return false
+}
+
+// IsDockerType returns true if the media type has "application/vnd.docker." prefix
+func IsDockerType(mt string) bool {
+	return strings.HasPrefix(mt, "application/vnd.docker.")
+}
+
+// IsManifestType returns true if the media type is an OCI-compatible manifest.
+// No support for schema1 manifest.
+func IsManifestType(mt string) bool {
+	switch mt {
+	case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
+		return true
+	default:
+		return false
+	}
+}
+
+// IsIndexType returns true if the media type is an OCI-compatible index.
+func IsIndexType(mt string) bool {
+	switch mt {
+	case ocispec.MediaTypeImageIndex, MediaTypeDockerSchema2ManifestList:
+		return true
+	default:
+		return false
+	}
+}
+
+// IsConfigType returns true if the media type is an OCI-compatible image config.
+// No support for containerd checkpoint configs.
+func IsConfigType(mt string) bool {
+	switch mt {
+	case MediaTypeDockerSchema2Config, ocispec.MediaTypeImageConfig:
+		return true
+	default:
+		return false
+	}
+}
+
+// IsKnownConfig returns true if the media type is a known config type,
+// including containerd checkpoint configs
+func IsKnownConfig(mt string) bool {
+	switch mt {
+	case MediaTypeDockerSchema2Config, ocispec.MediaTypeImageConfig,
+		MediaTypeContainerd1Checkpoint, MediaTypeContainerd1CheckpointConfig:
+		return true
+	}
+	return false
+}
+
+// ChildGCLabels returns the label for a given descriptor to reference it
+func ChildGCLabels(desc ocispec.Descriptor) []string {
+	mt := desc.MediaType
+	if IsKnownConfig(mt) {
+		return []string{"containerd.io/gc.ref.content.config"}
+	}
+
+	switch mt {
+	case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
+		return []string{"containerd.io/gc.ref.content.m."}
+	}
+
+	if IsLayerType(mt) {
+		return []string{"containerd.io/gc.ref.content.l."}
+	}
+
+	return []string{"containerd.io/gc.ref.content."}
+}
+
+// ChildGCLabelsFilterLayers returns the labels for a given descriptor to
+// reference it, skipping layer media types
+func ChildGCLabelsFilterLayers(desc ocispec.Descriptor) []string {
+	if IsLayerType(desc.MediaType) {
+		return nil
+	}
+	return ChildGCLabels(desc)
+}
diff --git a/vendor/github.com/containerd/containerd/import.go b/vendor/github.com/containerd/containerd/import.go
index 3650568240976..6080161f8412a 100644
--- a/vendor/github.com/containerd/containerd/import.go
+++ b/vendor/github.com/containerd/containerd/import.go
@@ -25,14 +25,17 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/images/archive"
+	"github.com/containerd/containerd/platforms"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 type importOpts struct {
-	indexName string
-	imageRefT func(string) string
-	dgstRefT  func(digest.Digest) string
+	indexName    string
+	imageRefT    func(string) string
+	dgstRefT     func(digest.Digest) string
+	allPlatforms bool
+	compress     bool
 }
 
 // ImportOpt allows the caller to specify import specific options
@@ -64,9 +67,26 @@ func WithIndexName(name string) ImportOpt {
 	}
 }
 
+// WithAllPlatforms is used to import content for all platforms.
+func WithAllPlatforms(allPlatforms bool) ImportOpt {
+	return func(c *importOpts) error {
+		c.allPlatforms = allPlatforms
+		return nil
+	}
+}
+
+// WithImportCompression compresses uncompressed layers on import.
+// This is used for import formats which do not include the manifest.
+func WithImportCompression() ImportOpt {
+	return func(c *importOpts) error {
+		c.compress = true
+		return nil
+	}
+}
+
 // Import imports an image from a Tar stream using reader.
 // Caller needs to specify importer. Future version may use oci.v1 as the default.
-// Note that unreferrenced blobs may be imported to the content store as well.
+// Note that unreferenced blobs may be imported to the content store as well.
 func (c *Client) Import(ctx context.Context, reader io.Reader, opts ...ImportOpt) ([]images.Image, error) {
 	var iopts importOpts
 	for _, o := range opts {
@@ -81,7 +101,12 @@ func (c *Client) Import(ctx context.Context, reader io.Reader, opts ...ImportOpt
 	}
 	defer done(ctx)
 
-	index, err := archive.ImportIndex(ctx, c.ContentStore(), reader)
+	var aio []archive.ImportOpt
+	if iopts.compress {
+		aio = append(aio, archive.WithImportCompression())
+	}
+
+	index, err := archive.ImportIndex(ctx, c.ContentStore(), reader, aio...)
 	if err != nil {
 		return nil, err
 	}
@@ -98,9 +123,12 @@ func (c *Client) Import(ctx context.Context, reader io.Reader, opts ...ImportOpt
 			Target: index,
 		})
 	}
+	var platformMatcher = platforms.All
+	if !iopts.allPlatforms {
+		platformMatcher = c.platform
+	}
 
-	var handler images.HandlerFunc
-	handler = func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+	var handler images.HandlerFunc = func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
 		// Only save images at top level
 		if desc.Digest != index.Digest {
 			return images.Children(ctx, cs, desc)
@@ -117,16 +145,12 @@ func (c *Client) Import(ctx context.Context, reader io.Reader, opts ...ImportOpt
 		}
 
 		for _, m := range idx.Manifests {
-			if ref := m.Annotations[ocispec.AnnotationRefName]; ref != "" {
-				if iopts.imageRefT != nil {
-					ref = iopts.imageRefT(ref)
-				}
-				if ref != "" {
-					imgs = append(imgs, images.Image{
-						Name:   ref,
-						Target: m,
-					})
-				}
+			name := imageName(m.Annotations, iopts.imageRefT)
+			if name != "" {
+				imgs = append(imgs, images.Image{
+					Name:   name,
+					Target: m,
+				})
 			}
 			if iopts.dgstRefT != nil {
 				ref := iopts.dgstRefT(m.Digest)
@@ -142,6 +166,7 @@ func (c *Client) Import(ctx context.Context, reader io.Reader, opts ...ImportOpt
 		return idx.Manifests, nil
 	}
 
+	handler = images.FilterPlatforms(handler, platformMatcher)
 	handler = images.SetChildrenLabels(cs, handler)
 	if err := images.Walk(ctx, handler, index); err != nil {
 		return nil, err
@@ -164,3 +189,17 @@ func (c *Client) Import(ctx context.Context, reader io.Reader, opts ...ImportOpt
 
 	return imgs, nil
 }
+
+func imageName(annotations map[string]string, ociCleanup func(string) string) string {
+	name := annotations[images.AnnotationImageName]
+	if name != "" {
+		return name
+	}
+	name = annotations[ocispec.AnnotationRefName]
+	if name != "" {
+		if ociCleanup != nil {
+			name = ociCleanup(name)
+		}
+	}
+	return name
+}
diff --git a/vendor/github.com/containerd/containerd/install.go b/vendor/github.com/containerd/containerd/install.go
index 5e4c6a2c8d40e..7a8311c832183 100644
--- a/vendor/github.com/containerd/containerd/install.go
+++ b/vendor/github.com/containerd/containerd/install.go
@@ -21,13 +21,13 @@ import (
 	"context"
 	"os"
 	"path/filepath"
+	"runtime"
+	"strings"
 
-	introspectionapi "github.com/containerd/containerd/api/services/introspection/v1"
 	"github.com/containerd/containerd/archive"
 	"github.com/containerd/containerd/archive/compression"
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/images"
-	"github.com/containerd/containerd/platforms"
 	"github.com/pkg/errors"
 )
 
@@ -43,12 +43,21 @@ func (c *Client) Install(ctx context.Context, image Image, opts ...InstallOpts)
 	}
 	var (
 		cs       = image.ContentStore()
-		platform = platforms.Default()
+		platform = c.platform
 	)
 	manifest, err := images.Manifest(ctx, cs, image.Target(), platform)
 	if err != nil {
 		return err
 	}
+
+	var binDir, libDir string
+	if runtime.GOOS == "windows" {
+		binDir = "Files\\bin"
+		libDir = "Files\\lib"
+	} else {
+		binDir = "bin"
+		libDir = "lib"
+	}
 	for _, layer := range manifest.Layers {
 		ra, err := cs.ReaderAt(ctx, layer)
 		if err != nil {
@@ -59,12 +68,16 @@ func (c *Client) Install(ctx context.Context, image Image, opts ...InstallOpts)
 		if err != nil {
 			return err
 		}
-		defer r.Close()
 		if _, err := archive.Apply(ctx, path, r, archive.WithFilter(func(hdr *tar.Header) (bool, error) {
 			d := filepath.Dir(hdr.Name)
-			result := d == "bin"
+			result := d == binDir
+
 			if config.Libs {
-				result = result || d == "lib"
+				result = result || d == libDir
+			}
+
+			if runtime.GOOS == "windows" {
+				hdr.Name = strings.Replace(hdr.Name, "Files", "", 1)
 			}
 			if result && !config.Replace {
 				if _, err := os.Lstat(filepath.Join(path, hdr.Name)); err == nil {
@@ -73,8 +86,10 @@ func (c *Client) Install(ctx context.Context, image Image, opts ...InstallOpts)
 			}
 			return result, nil
 		})); err != nil {
+			r.Close()
 			return err
 		}
+		r.Close()
 	}
 	return nil
 }
@@ -83,11 +98,8 @@ func (c *Client) getInstallPath(ctx context.Context, config InstallConfig) (stri
 	if config.Path != "" {
 		return config.Path, nil
 	}
-	resp, err := c.IntrospectionService().Plugins(ctx, &introspectionapi.PluginsRequest{
-		Filters: []string{
-			"id==opt",
-		},
-	})
+	filters := []string{"id==opt"}
+	resp, err := c.IntrospectionService().Plugins(ctx, filters)
 	if err != nil {
 		return "", err
 	}
diff --git a/vendor/github.com/containerd/containerd/labels/labels.go b/vendor/github.com/containerd/containerd/labels/labels.go
new file mode 100644
index 0000000000000..d76ff2cf9c999
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/labels/labels.go
@@ -0,0 +1,21 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package labels
+
+// LabelUncompressed is added to compressed layer contents.
+// The value is digest of the uncompressed content.
+const LabelUncompressed = "containerd.io/uncompressed"
diff --git a/vendor/github.com/containerd/containerd/lease.go b/vendor/github.com/containerd/containerd/lease.go
index d46b79d9f15dd..07ea6d932419f 100644
--- a/vendor/github.com/containerd/containerd/lease.go
+++ b/vendor/github.com/containerd/containerd/lease.go
@@ -24,19 +24,27 @@ import (
 )
 
 // WithLease attaches a lease on the context
-func (c *Client) WithLease(ctx context.Context) (context.Context, func(context.Context) error, error) {
+func (c *Client) WithLease(ctx context.Context, opts ...leases.Opt) (context.Context, func(context.Context) error, error) {
+	nop := func(context.Context) error { return nil }
+
 	_, ok := leases.FromContext(ctx)
 	if ok {
-		return ctx, func(context.Context) error {
-			return nil
-		}, nil
+		return ctx, nop, nil
 	}
 
 	ls := c.LeasesService()
 
-	l, err := ls.Create(ctx, leases.WithRandomID(), leases.WithExpiration(24*time.Hour))
+	if len(opts) == 0 {
+		// Use default lease configuration if no options provided
+		opts = []leases.Opt{
+			leases.WithRandomID(),
+			leases.WithExpiration(24 * time.Hour),
+		}
+	}
+
+	l, err := ls.Create(ctx, opts...)
 	if err != nil {
-		return nil, nil, err
+		return ctx, nop, err
 	}
 
 	ctx = leases.WithLease(ctx, l.ID)
diff --git a/vendor/github.com/containerd/containerd/leases/lease.go b/vendor/github.com/containerd/containerd/leases/lease.go
index 909b4ea0bb184..058d065594f35 100644
--- a/vendor/github.com/containerd/containerd/leases/lease.go
+++ b/vendor/github.com/containerd/containerd/leases/lease.go
@@ -32,6 +32,9 @@ type Manager interface {
 	Create(context.Context, ...Opt) (Lease, error)
 	Delete(context.Context, Lease, ...DeleteOpt) error
 	List(context.Context, ...string) ([]Lease, error)
+	AddResource(context.Context, Lease, Resource) error
+	DeleteResource(context.Context, Lease, Resource) error
+	ListResources(context.Context, Lease) ([]Resource, error)
 }
 
 // Lease retains resources to prevent cleanup before
@@ -42,6 +45,13 @@ type Lease struct {
 	Labels    map[string]string
 }
 
+// Resource represents low level resource of image, like content, ingest and
+// snapshotter.
+type Resource struct {
+	ID   string
+	Type string
+}
+
 // DeleteOptions provide options on image delete
 type DeleteOptions struct {
 	Synchronous bool
diff --git a/vendor/github.com/containerd/containerd/leases/proxy/manager.go b/vendor/github.com/containerd/containerd/leases/proxy/manager.go
index 30afe5368e7ae..96cd5e653ba47 100644
--- a/vendor/github.com/containerd/containerd/leases/proxy/manager.go
+++ b/vendor/github.com/containerd/containerd/leases/proxy/manager.go
@@ -91,3 +91,43 @@ func (pm *proxyManager) List(ctx context.Context, filters ...string) ([]leases.L
 
 	return l, nil
 }
+
+func (pm *proxyManager) AddResource(ctx context.Context, lease leases.Lease, r leases.Resource) error {
+	_, err := pm.client.AddResource(ctx, &leasesapi.AddResourceRequest{
+		ID: lease.ID,
+		Resource: leasesapi.Resource{
+			ID:   r.ID,
+			Type: r.Type,
+		},
+	})
+	return errdefs.FromGRPC(err)
+}
+
+func (pm *proxyManager) DeleteResource(ctx context.Context, lease leases.Lease, r leases.Resource) error {
+	_, err := pm.client.DeleteResource(ctx, &leasesapi.DeleteResourceRequest{
+		ID: lease.ID,
+		Resource: leasesapi.Resource{
+			ID:   r.ID,
+			Type: r.Type,
+		},
+	})
+	return errdefs.FromGRPC(err)
+}
+
+func (pm *proxyManager) ListResources(ctx context.Context, lease leases.Lease) ([]leases.Resource, error) {
+	resp, err := pm.client.ListResources(ctx, &leasesapi.ListResourcesRequest{
+		ID: lease.ID,
+	})
+	if err != nil {
+		return nil, errdefs.FromGRPC(err)
+	}
+
+	rs := make([]leases.Resource, 0, len(resp.Resources))
+	for _, i := range resp.Resources {
+		rs = append(rs, leases.Resource{
+			ID:   i.ID,
+			Type: i.Type,
+		})
+	}
+	return rs, nil
+}
diff --git a/vendor/github.com/containerd/containerd/log/context.go b/vendor/github.com/containerd/containerd/log/context.go
index 3fab96b858628..37b6a7d1c8a65 100644
--- a/vendor/github.com/containerd/containerd/log/context.go
+++ b/vendor/github.com/containerd/containerd/log/context.go
@@ -18,7 +18,6 @@ package log
 
 import (
 	"context"
-	"sync/atomic"
 
 	"github.com/sirupsen/logrus"
 )
@@ -30,7 +29,7 @@ var (
 	// messages.
 	G = GetLogger
 
-	// L is an alias for the the standard logger.
+	// L is an alias for the standard logger.
 	L = logrus.NewEntry(logrus.StandardLogger())
 )
 
@@ -38,22 +37,17 @@ type (
 	loggerKey struct{}
 )
 
-// TraceLevel is the log level for tracing. Trace level is lower than debug level,
-// and is usually used to trace detailed behavior of the program.
-const TraceLevel = logrus.Level(uint32(logrus.DebugLevel + 1))
+const (
+	// RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to
+	// ensure the formatted time is always the same number of characters.
+	RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
 
-// RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to
-// ensure the formatted time is always the same number of characters.
-const RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
+	// TextFormat represents the text logging format
+	TextFormat = "text"
 
-// ParseLevel takes a string level and returns the Logrus log level constant.
-// It supports trace level.
-func ParseLevel(lvl string) (logrus.Level, error) {
-	if lvl == "trace" {
-		return TraceLevel, nil
-	}
-	return logrus.ParseLevel(lvl)
-}
+	// JSONFormat represents the JSON logging format
+	JSONFormat = "json"
+)
 
 // WithLogger returns a new context with the provided logger. Use in
 // combination with logger.WithField(s) for great effect.
@@ -72,19 +66,3 @@ func GetLogger(ctx context.Context) *logrus.Entry {
 
 	return logger.(*logrus.Entry)
 }
-
-// Trace logs a message at level Trace with the log entry passed-in.
-func Trace(e *logrus.Entry, args ...interface{}) {
-	level := logrus.Level(atomic.LoadUint32((*uint32)(&e.Logger.Level)))
-	if level >= TraceLevel {
-		e.Debug(args...)
-	}
-}
-
-// Tracef logs a message at level Trace with the log entry passed-in.
-func Tracef(e *logrus.Entry, format string, args ...interface{}) {
-	level := logrus.Level(atomic.LoadUint32((*uint32)(&e.Logger.Level)))
-	if level >= TraceLevel {
-		e.Debugf(format, args...)
-	}
-}
diff --git a/vendor/github.com/containerd/containerd/metadata/adaptors.go b/vendor/github.com/containerd/containerd/metadata/adaptors.go
index 38539fdc12ac4..c5d576f844a10 100644
--- a/vendor/github.com/containerd/containerd/metadata/adaptors.go
+++ b/vendor/github.com/containerd/containerd/metadata/adaptors.go
@@ -24,6 +24,7 @@ import (
 	"github.com/containerd/containerd/filters"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/snapshots"
 )
 
 func adaptImage(o interface{}) filters.Adaptor {
@@ -51,6 +52,8 @@ func adaptImage(o interface{}) filters.Adaptor {
 			return checkMap(fieldpath[1:], obj.Labels)
 			// TODO(stevvooe): Greater/Less than filters would be awesome for
 			// size. Let's do it!
+		case "annotations":
+			return checkMap(fieldpath[1:], obj.Target.Annotations)
 		}
 
 		return "", false
@@ -87,50 +90,59 @@ func adaptContainer(o interface{}) filters.Adaptor {
 	})
 }
 
-func adaptContentInfo(info content.Info) filters.Adaptor {
+func adaptContentStatus(status content.Status) filters.Adaptor {
 	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
 		if len(fieldpath) == 0 {
 			return "", false
 		}
-
 		switch fieldpath[0] {
-		case "digest":
-			return info.Digest.String(), true
-		case "size":
-			// TODO: support size based filtering
-		case "labels":
-			return checkMap(fieldpath[1:], info.Labels)
+		case "ref":
+			return status.Ref, true
 		}
 
 		return "", false
 	})
 }
 
-func adaptContentStatus(status content.Status) filters.Adaptor {
+func adaptLease(lease leases.Lease) filters.Adaptor {
 	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
 		if len(fieldpath) == 0 {
 			return "", false
 		}
+
 		switch fieldpath[0] {
-		case "ref":
-			return status.Ref, true
+		case "id":
+			return lease.ID, len(lease.ID) > 0
+		case "labels":
+			return checkMap(fieldpath[1:], lease.Labels)
 		}
 
 		return "", false
 	})
 }
 
-func adaptLease(lease leases.Lease) filters.Adaptor {
+func adaptSnapshot(info snapshots.Info) filters.Adaptor {
 	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
 		if len(fieldpath) == 0 {
 			return "", false
 		}
 
 		switch fieldpath[0] {
-		case "id":
-			return lease.ID, len(lease.ID) > 0
+		case "kind":
+			switch info.Kind {
+			case snapshots.KindActive:
+				return "active", true
+			case snapshots.KindView:
+				return "view", true
+			case snapshots.KindCommitted:
+				return "committed", true
+			}
+		case "name":
+			return info.Name, true
+		case "parent":
+			return info.Parent, true
 		case "labels":
-			return checkMap(fieldpath[1:], lease.Labels)
+			return checkMap(fieldpath[1:], info.Labels)
 		}
 
 		return "", false
diff --git a/vendor/github.com/containerd/containerd/metadata/boltutil/helpers.go b/vendor/github.com/containerd/containerd/metadata/boltutil/helpers.go
index 1240188577be1..6995917c92d7b 100644
--- a/vendor/github.com/containerd/containerd/metadata/boltutil/helpers.go
+++ b/vendor/github.com/containerd/containerd/metadata/boltutil/helpers.go
@@ -19,20 +19,34 @@ package boltutil
 import (
 	"time"
 
+	"github.com/gogo/protobuf/proto"
+	"github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 	bolt "go.etcd.io/bbolt"
 )
 
 var (
-	bucketKeyLabels    = []byte("labels")
-	bucketKeyCreatedAt = []byte("createdat")
-	bucketKeyUpdatedAt = []byte("updatedat")
+	bucketKeyAnnotations = []byte("annotations")
+	bucketKeyLabels      = []byte("labels")
+	bucketKeyCreatedAt   = []byte("createdat")
+	bucketKeyUpdatedAt   = []byte("updatedat")
+	bucketKeyExtensions  = []byte("extensions")
 )
 
 // ReadLabels reads the labels key from the bucket
 // Uses the key "labels"
 func ReadLabels(bkt *bolt.Bucket) (map[string]string, error) {
-	lbkt := bkt.Bucket(bucketKeyLabels)
+	return readMap(bkt, bucketKeyLabels)
+}
+
+// ReadAnnotations reads the OCI Descriptor Annotations key from the bucket
+// Uses the key "annotations"
+func ReadAnnotations(bkt *bolt.Bucket) (map[string]string, error) {
+	return readMap(bkt, bucketKeyAnnotations)
+}
+
+func readMap(bkt *bolt.Bucket, bucketName []byte) (map[string]string, error) {
+	lbkt := bkt.Bucket(bucketName)
 	if lbkt == nil {
 		return nil, nil
 	}
@@ -53,9 +67,18 @@ func ReadLabels(bkt *bolt.Bucket) (map[string]string, error) {
 // bucket. Typically, this removes zero-value entries.
 // Uses the key "labels"
 func WriteLabels(bkt *bolt.Bucket, labels map[string]string) error {
+	return writeMap(bkt, bucketKeyLabels, labels)
+}
+
+// WriteAnnotations writes the OCI Descriptor Annotations
+func WriteAnnotations(bkt *bolt.Bucket, labels map[string]string) error {
+	return writeMap(bkt, bucketKeyAnnotations, labels)
+}
+
+func writeMap(bkt *bolt.Bucket, bucketName []byte, labels map[string]string) error {
 	// Remove existing labels to keep from merging
-	if lbkt := bkt.Bucket(bucketKeyLabels); lbkt != nil {
-		if err := bkt.DeleteBucket(bucketKeyLabels); err != nil {
+	if lbkt := bkt.Bucket(bucketName); lbkt != nil {
+		if err := bkt.DeleteBucket(bucketName); err != nil {
 			return err
 		}
 	}
@@ -64,7 +87,7 @@ func WriteLabels(bkt *bolt.Bucket, labels map[string]string) error {
 		return nil
 	}
 
-	lbkt, err := bkt.CreateBucket(bucketKeyLabels)
+	lbkt, err := bkt.CreateBucket(bucketName)
 	if err != nil {
 		return err
 	}
@@ -125,3 +148,88 @@ func WriteTimestamps(bkt *bolt.Bucket, created, updated time.Time) error {
 
 	return nil
 }
+
+// WriteExtensions will write a KV map to the given bucket,
+// where `K` is a string key and `V` is a protobuf's Any type that represents a generic extension.
+func WriteExtensions(bkt *bolt.Bucket, extensions map[string]types.Any) error {
+	if len(extensions) == 0 {
+		return nil
+	}
+
+	ebkt, err := bkt.CreateBucketIfNotExists(bucketKeyExtensions)
+	if err != nil {
+		return err
+	}
+
+	for name, ext := range extensions {
+		p, err := proto.Marshal(&ext)
+		if err != nil {
+			return err
+		}
+
+		if err := ebkt.Put([]byte(name), p); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ReadExtensions will read back a map of extensions from the given bucket, previously written by WriteExtensions
+func ReadExtensions(bkt *bolt.Bucket) (map[string]types.Any, error) {
+	var (
+		extensions = make(map[string]types.Any)
+		ebkt       = bkt.Bucket(bucketKeyExtensions)
+	)
+
+	if ebkt == nil {
+		return extensions, nil
+	}
+
+	if err := ebkt.ForEach(func(k, v []byte) error {
+		var t types.Any
+		if err := proto.Unmarshal(v, &t); err != nil {
+			return err
+		}
+
+		extensions[string(k)] = t
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	return extensions, nil
+}
+
+// WriteAny write a protobuf's Any type to the bucket
+func WriteAny(bkt *bolt.Bucket, name []byte, any *types.Any) error {
+	if any == nil {
+		return nil
+	}
+
+	data, err := proto.Marshal(any)
+	if err != nil {
+		return err
+	}
+
+	if err := bkt.Put(name, data); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ReadAny reads back protobuf's Any type from the bucket
+func ReadAny(bkt *bolt.Bucket, name []byte) (*types.Any, error) {
+	bytes := bkt.Get(name)
+	if bytes == nil {
+		return nil, nil
+	}
+
+	out := types.Any{}
+	if err := proto.Unmarshal(bytes, &out); err != nil {
+		return nil, errors.Wrap(err, "failed to unmarshal any")
+	}
+
+	return &out, nil
+}
diff --git a/vendor/github.com/containerd/containerd/metadata/buckets.go b/vendor/github.com/containerd/containerd/metadata/buckets.go
index 51d40a7f36017..fa947fb2504e0 100644
--- a/vendor/github.com/containerd/containerd/metadata/buckets.go
+++ b/vendor/github.com/containerd/containerd/metadata/buckets.go
@@ -14,13 +14,11 @@
    limitations under the License.
 */
 
-package metadata
-
-import (
-	digest "github.com/opencontainers/go-digest"
-	bolt "go.etcd.io/bbolt"
-)
-
+// Package metadata stores all labels and object specific metadata by namespace.
+// This package also contains the main garbage collection logic  for cleaning up
+// resources consistently and atomically. Resources used by backends will be
+// tracked in the metadata store to be exposed to consumers of this package.
+//
 // The layout where a "/" delineates a bucket is described in the following
 // section. Please try to follow this as closely as possible when adding
 // functionality. We can bolster this with helpers and more structure if that
@@ -43,6 +41,84 @@ import (
 //
 // key: object-specific key identifying the storage bucket for the objects
 // contents.
+//
+// Below is the current database schema. This should be updated each time
+// the structure is changed in addition to adding a migration and incrementing
+// the database version. Note that `╘══*...*` refers to maps with arbitrary
+// keys.
+//  ├──version : <varint>                        - Latest version, see migrations
+//  └──v1                                        - Schema version bucket
+//     ╘══*namespace*
+//        ├──labels
+//        │  ╘══*key* : <string>                 - Label value
+//        ├──image
+//        │  ╘══*image name*
+//        │     ├──createdat : <binary time>     - Created at
+//        │     ├──updatedat : <binary time>     - Updated at
+//        │     ├──target
+//        │     │  ├──digest : <digest>          - Descriptor digest
+//        │     │  ├──mediatype : <string>       - Descriptor media type
+//        │     │  └──size : <varint>            - Descriptor size
+//        │     └──labels
+//        │        ╘══*key* : <string>           - Label value
+//        ├──containers
+//        │  ╘══*container id*
+//        │     ├──createdat : <binary time>     - Created at
+//        │     ├──updatedat : <binary time>     - Updated at
+//        │     ├──spec : <binary>               - Proto marshaled spec
+//        │     ├──image : <string>              - Image name
+//        │     ├──snapshotter : <string>        - Snapshotter name
+//        │     ├──snapshotKey : <string>        - Snapshot key
+//        │     ├──runtime
+//        │     │  ├──name : <string>            - Runtime name
+//        │     │  ├──extensions
+//        │     │  │  ╘══*name* : <binary>       - Proto marshaled extension
+//        │     │  └──options : <binary>         - Proto marshaled options
+//        │     └──labels
+//        │        ╘══*key* : <string>           - Label value
+//        ├──snapshots
+//        │  ╘══*snapshotter*
+//        │     ╘══*snapshot key*
+//        │        ├──name : <string>            - Snapshot name in backend
+//        │        ├──createdat : <binary time>  - Created at
+//        │        ├──updatedat : <binary time>  - Updated at
+//        │        ├──parent : <string>          - Parent snapshot name
+//        │        ├──children
+//        │        │  ╘══*snapshot key* : <nil>  - Child snapshot reference
+//        │        └──labels
+//        │           ╘══*key* : <string>        - Label value
+//        ├──content
+//        │  ├──blob
+//        │  │  ╘══*blob digest*
+//        │  │     ├──createdat : <binary time>  - Created at
+//        │  │     ├──updatedat : <binary time>  - Updated at
+//        │  │     ├──size : <varint>            - Blob size
+//        │  │     └──labels
+//        │  │        ╘══*key* : <string>        - Label value
+//        │  └──ingests
+//        │     ╘══*ingest reference*
+//        │        ├──ref : <string>             - Ingest reference in backend
+//        │        ├──expireat : <binary time>   - Time to expire ingest
+//        │        └──expected : <digest>        - Expected commit digest
+//        └──leases
+//           ╘══*lease id*
+//              ├──createdat : <binary time>     - Created at
+//              ├──labels
+//              │  ╘══*key* : <string>           - Label value
+//              ├──snapshots
+//              │  ╘══*snapshotter*
+//              │     ╘══*snapshot key* : <nil>  - Snapshot reference
+//              ├──content
+//              │  ╘══*blob digest* : <nil>      - Content blob reference
+//              └──ingests
+//                 ╘══*ingest reference* : <nil> - Content ingest reference
+package metadata
+
+import (
+	digest "github.com/opencontainers/go-digest"
+	bolt "go.etcd.io/bbolt"
+)
+
 var (
 	bucketKeyVersion          = []byte(schemaVersion)
 	bucketKeyDBVersion        = []byte("version")    // stores the version of the schema
diff --git a/vendor/github.com/containerd/containerd/metadata/containers.go b/vendor/github.com/containerd/containerd/metadata/containers.go
index 6e5622c36f577..26e86d8583b39 100644
--- a/vendor/github.com/containerd/containerd/metadata/containers.go
+++ b/vendor/github.com/containerd/containerd/metadata/containers.go
@@ -19,6 +19,7 @@ package metadata
 import (
 	"context"
 	"strings"
+	"sync/atomic"
 	"time"
 
 	"github.com/containerd/containerd/containers"
@@ -35,13 +36,13 @@ import (
 )
 
 type containerStore struct {
-	tx *bolt.Tx
+	db *DB
 }
 
 // NewContainerStore returns a Store backed by an underlying bolt DB
-func NewContainerStore(tx *bolt.Tx) containers.Store {
+func NewContainerStore(db *DB) containers.Store {
 	return &containerStore{
-		tx: tx,
+		db: db,
 	}
 }
 
@@ -51,14 +52,21 @@ func (s *containerStore) Get(ctx context.Context, id string) (containers.Contain
 		return containers.Container{}, err
 	}
 
-	bkt := getContainerBucket(s.tx, namespace, id)
-	if bkt == nil {
-		return containers.Container{}, errors.Wrapf(errdefs.ErrNotFound, "container %q in namespace %q", id, namespace)
-	}
-
 	container := containers.Container{ID: id}
-	if err := readContainer(&container, bkt); err != nil {
-		return containers.Container{}, errors.Wrapf(err, "failed to read container %q", id)
+
+	if err := view(ctx, s.db, func(tx *bolt.Tx) error {
+		bkt := getContainerBucket(tx, namespace, id)
+		if bkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "container %q in namespace %q", id, namespace)
+		}
+
+		if err := readContainer(&container, bkt); err != nil {
+			return errors.Wrapf(err, "failed to read container %q", id)
+		}
+
+		return nil
+	}); err != nil {
+		return containers.Container{}, err
 	}
 
 	return container, nil
@@ -72,30 +80,33 @@ func (s *containerStore) List(ctx context.Context, fs ...string) ([]containers.C
 
 	filter, err := filters.ParseAll(fs...)
 	if err != nil {
-		return nil, errors.Wrapf(errdefs.ErrInvalidArgument, err.Error())
-	}
-
-	bkt := getContainersBucket(s.tx, namespace)
-	if bkt == nil {
-		return nil, nil // empty store
+		return nil, errors.Wrap(errdefs.ErrInvalidArgument, err.Error())
 	}
 
 	var m []containers.Container
-	if err := bkt.ForEach(func(k, v []byte) error {
-		cbkt := bkt.Bucket(k)
-		if cbkt == nil {
-			return nil
-		}
-		container := containers.Container{ID: string(k)}
 
-		if err := readContainer(&container, cbkt); err != nil {
-			return errors.Wrapf(err, "failed to read container %q", string(k))
+	if err := view(ctx, s.db, func(tx *bolt.Tx) error {
+		bkt := getContainersBucket(tx, namespace)
+		if bkt == nil {
+			return nil // empty store
 		}
 
-		if filter.Match(adaptContainer(container)) {
-			m = append(m, container)
-		}
-		return nil
+		return bkt.ForEach(func(k, v []byte) error {
+			cbkt := bkt.Bucket(k)
+			if cbkt == nil {
+				return nil
+			}
+			container := containers.Container{ID: string(k)}
+
+			if err := readContainer(&container, cbkt); err != nil {
+				return errors.Wrapf(err, "failed to read container %q", string(k))
+			}
+
+			if filter.Match(adaptContainer(container)) {
+				m = append(m, container)
+			}
+			return nil
+		})
 	}); err != nil {
 		return nil, err
 	}
@@ -113,23 +124,29 @@ func (s *containerStore) Create(ctx context.Context, container containers.Contai
 		return containers.Container{}, errors.Wrap(err, "create container failed validation")
 	}
 
-	bkt, err := createContainersBucket(s.tx, namespace)
-	if err != nil {
-		return containers.Container{}, err
-	}
+	if err := update(ctx, s.db, func(tx *bolt.Tx) error {
+		bkt, err := createContainersBucket(tx, namespace)
+		if err != nil {
+			return err
+		}
 
-	cbkt, err := bkt.CreateBucket([]byte(container.ID))
-	if err != nil {
-		if err == bolt.ErrBucketExists {
-			err = errors.Wrapf(errdefs.ErrAlreadyExists, "container %q", container.ID)
+		cbkt, err := bkt.CreateBucket([]byte(container.ID))
+		if err != nil {
+			if err == bolt.ErrBucketExists {
+				err = errors.Wrapf(errdefs.ErrAlreadyExists, "container %q", container.ID)
+			}
+			return err
+		}
+
+		container.CreatedAt = time.Now().UTC()
+		container.UpdatedAt = container.CreatedAt
+		if err := writeContainer(cbkt, &container); err != nil {
+			return errors.Wrapf(err, "failed to write container %q", container.ID)
 		}
-		return containers.Container{}, err
-	}
 
-	container.CreatedAt = time.Now().UTC()
-	container.UpdatedAt = container.CreatedAt
-	if err := writeContainer(cbkt, &container); err != nil {
-		return containers.Container{}, errors.Wrapf(err, "failed to write container %q", container.ID)
+		return nil
+	}); err != nil {
+		return containers.Container{}, err
 	}
 
 	return container, nil
@@ -145,85 +162,91 @@ func (s *containerStore) Update(ctx context.Context, container containers.Contai
 		return containers.Container{}, errors.Wrapf(errdefs.ErrInvalidArgument, "must specify a container id")
 	}
 
-	bkt := getContainersBucket(s.tx, namespace)
-	if bkt == nil {
-		return containers.Container{}, errors.Wrapf(errdefs.ErrNotFound, "cannot update container %q in namespace %q", container.ID, namespace)
-	}
-
-	cbkt := bkt.Bucket([]byte(container.ID))
-	if cbkt == nil {
-		return containers.Container{}, errors.Wrapf(errdefs.ErrNotFound, "container %q", container.ID)
-	}
-
 	var updated containers.Container
-	if err := readContainer(&updated, cbkt); err != nil {
-		return updated, errors.Wrapf(err, "failed to read container %q", container.ID)
-	}
-	createdat := updated.CreatedAt
-	updated.ID = container.ID
-
-	if len(fieldpaths) == 0 {
-		// only allow updates to these field on full replace.
-		fieldpaths = []string{"labels", "spec", "extensions", "image", "snapshotkey"}
-
-		// Fields that are immutable must cause an error when no field paths
-		// are provided. This allows these fields to become mutable in the
-		// future.
-		if updated.Snapshotter != container.Snapshotter {
-			return containers.Container{}, errors.Wrapf(errdefs.ErrInvalidArgument, "container.Snapshotter field is immutable")
+	if err := update(ctx, s.db, func(tx *bolt.Tx) error {
+		bkt := getContainersBucket(tx, namespace)
+		if bkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "cannot update container %q in namespace %q", container.ID, namespace)
 		}
 
-		if updated.Runtime.Name != container.Runtime.Name {
-			return containers.Container{}, errors.Wrapf(errdefs.ErrInvalidArgument, "container.Runtime.Name field is immutable")
+		cbkt := bkt.Bucket([]byte(container.ID))
+		if cbkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "container %q", container.ID)
 		}
-	}
 
-	// apply the field mask. If you update this code, you better follow the
-	// field mask rules in field_mask.proto. If you don't know what this
-	// is, do not update this code.
-	for _, path := range fieldpaths {
-		if strings.HasPrefix(path, "labels.") {
-			if updated.Labels == nil {
-				updated.Labels = map[string]string{}
+		if err := readContainer(&updated, cbkt); err != nil {
+			return errors.Wrapf(err, "failed to read container %q", container.ID)
+		}
+		createdat := updated.CreatedAt
+		updated.ID = container.ID
+
+		if len(fieldpaths) == 0 {
+			// only allow updates to these field on full replace.
+			fieldpaths = []string{"labels", "spec", "extensions", "image", "snapshotkey"}
+
+			// Fields that are immutable must cause an error when no field paths
+			// are provided. This allows these fields to become mutable in the
+			// future.
+			if updated.Snapshotter != container.Snapshotter {
+				return errors.Wrapf(errdefs.ErrInvalidArgument, "container.Snapshotter field is immutable")
+			}
+
+			if updated.Runtime.Name != container.Runtime.Name {
+				return errors.Wrapf(errdefs.ErrInvalidArgument, "container.Runtime.Name field is immutable")
 			}
-			key := strings.TrimPrefix(path, "labels.")
-			updated.Labels[key] = container.Labels[key]
-			continue
 		}
 
-		if strings.HasPrefix(path, "extensions.") {
-			if updated.Extensions == nil {
-				updated.Extensions = map[string]types.Any{}
+		// apply the field mask. If you update this code, you better follow the
+		// field mask rules in field_mask.proto. If you don't know what this
+		// is, do not update this code.
+		for _, path := range fieldpaths {
+			if strings.HasPrefix(path, "labels.") {
+				if updated.Labels == nil {
+					updated.Labels = map[string]string{}
+				}
+				key := strings.TrimPrefix(path, "labels.")
+				updated.Labels[key] = container.Labels[key]
+				continue
+			}
+
+			if strings.HasPrefix(path, "extensions.") {
+				if updated.Extensions == nil {
+					updated.Extensions = map[string]types.Any{}
+				}
+				key := strings.TrimPrefix(path, "extensions.")
+				updated.Extensions[key] = container.Extensions[key]
+				continue
+			}
+
+			switch path {
+			case "labels":
+				updated.Labels = container.Labels
+			case "spec":
+				updated.Spec = container.Spec
+			case "extensions":
+				updated.Extensions = container.Extensions
+			case "image":
+				updated.Image = container.Image
+			case "snapshotkey":
+				updated.SnapshotKey = container.SnapshotKey
+			default:
+				return errors.Wrapf(errdefs.ErrInvalidArgument, "cannot update %q field on %q", path, container.ID)
 			}
-			key := strings.TrimPrefix(path, "extensions.")
-			updated.Extensions[key] = container.Extensions[key]
-			continue
 		}
 
-		switch path {
-		case "labels":
-			updated.Labels = container.Labels
-		case "spec":
-			updated.Spec = container.Spec
-		case "extensions":
-			updated.Extensions = container.Extensions
-		case "image":
-			updated.Image = container.Image
-		case "snapshotkey":
-			updated.SnapshotKey = container.SnapshotKey
-		default:
-			return containers.Container{}, errors.Wrapf(errdefs.ErrInvalidArgument, "cannot update %q field on %q", path, container.ID)
+		if err := validateContainer(&updated); err != nil {
+			return errors.Wrap(err, "update failed validation")
 		}
-	}
 
-	if err := validateContainer(&updated); err != nil {
-		return containers.Container{}, errors.Wrap(err, "update failed validation")
-	}
+		updated.CreatedAt = createdat
+		updated.UpdatedAt = time.Now().UTC()
+		if err := writeContainer(cbkt, &updated); err != nil {
+			return errors.Wrapf(err, "failed to write container %q", container.ID)
+		}
 
-	updated.CreatedAt = createdat
-	updated.UpdatedAt = time.Now().UTC()
-	if err := writeContainer(cbkt, &updated); err != nil {
-		return containers.Container{}, errors.Wrapf(err, "failed to write container %q", container.ID)
+		return nil
+	}); err != nil {
+		return containers.Container{}, err
 	}
 
 	return updated, nil
@@ -235,15 +258,23 @@ func (s *containerStore) Delete(ctx context.Context, id string) error {
 		return err
 	}
 
-	bkt := getContainersBucket(s.tx, namespace)
-	if bkt == nil {
-		return errors.Wrapf(errdefs.ErrNotFound, "cannot delete container %q in namespace %q", id, namespace)
-	}
+	return update(ctx, s.db, func(tx *bolt.Tx) error {
+		bkt := getContainersBucket(tx, namespace)
+		if bkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "cannot delete container %q in namespace %q", id, namespace)
+		}
 
-	if err := bkt.DeleteBucket([]byte(id)); err == bolt.ErrBucketNotFound {
-		return errors.Wrapf(errdefs.ErrNotFound, "container %v", id)
-	}
-	return err
+		if err := bkt.DeleteBucket([]byte(id)); err != nil {
+			if err == bolt.ErrBucketNotFound {
+				err = errors.Wrapf(errdefs.ErrNotFound, "container %v", id)
+			}
+			return err
+		}
+
+		atomic.AddUint32(&s.db.dirty, 1)
+
+		return nil
+	})
 }
 
 func validateContainer(container *containers.Container) error {
@@ -259,7 +290,7 @@ func validateContainer(container *containers.Container) error {
 
 	// image has no validation
 	for k, v := range container.Labels {
-		if err := labels.Validate(k, v); err == nil {
+		if err := labels.Validate(k, v); err != nil {
 			return errors.Wrapf(err, "containers.Labels")
 		}
 	}
@@ -305,16 +336,11 @@ func readContainer(container *containers.Container, bkt *bolt.Bucket) error {
 				container.Runtime.Name = string(n)
 			}
 
-			obkt := rbkt.Get(bucketKeyOptions)
-			if obkt == nil {
-				return nil
-			}
-
-			var any types.Any
-			if err := proto.Unmarshal(obkt, &any); err != nil {
+			any, err := boltutil.ReadAny(rbkt, bucketKeyOptions)
+			if err != nil {
 				return err
 			}
-			container.Runtime.Options = &any
+			container.Runtime.Options = any
 		case string(bucketKeySpec):
 			var any types.Any
 			if err := proto.Unmarshal(v, &any); err != nil {
@@ -326,22 +352,8 @@ func readContainer(container *containers.Container, bkt *bolt.Bucket) error {
 		case string(bucketKeySnapshotter):
 			container.Snapshotter = string(v)
 		case string(bucketKeyExtensions):
-			ebkt := bkt.Bucket(bucketKeyExtensions)
-			if ebkt == nil {
-				return nil
-			}
-
-			extensions := make(map[string]types.Any)
-			if err := ebkt.ForEach(func(k, v []byte) error {
-				var a types.Any
-				if err := proto.Unmarshal(v, &a); err != nil {
-					return err
-				}
-
-				extensions[string(k)] = a
-				return nil
-			}); err != nil {
-
+			extensions, err := boltutil.ReadExtensions(bkt)
+			if err != nil {
 				return err
 			}
 
@@ -357,15 +369,8 @@ func writeContainer(bkt *bolt.Bucket, container *containers.Container) error {
 		return err
 	}
 
-	if container.Spec != nil {
-		spec, err := container.Spec.Marshal()
-		if err != nil {
-			return err
-		}
-
-		if err := bkt.Put(bucketKeySpec, spec); err != nil {
-			return err
-		}
+	if err := boltutil.WriteAny(bkt, bucketKeySpec, container.Spec); err != nil {
+		return err
 	}
 
 	for _, v := range [][2][]byte{
@@ -393,33 +398,12 @@ func writeContainer(bkt *bolt.Bucket, container *containers.Container) error {
 		return err
 	}
 
-	if len(container.Extensions) > 0 {
-		ebkt, err := bkt.CreateBucketIfNotExists(bucketKeyExtensions)
-		if err != nil {
-			return err
-		}
-
-		for name, ext := range container.Extensions {
-			p, err := proto.Marshal(&ext)
-			if err != nil {
-				return err
-			}
-
-			if err := ebkt.Put([]byte(name), p); err != nil {
-				return err
-			}
-		}
+	if err := boltutil.WriteExtensions(bkt, container.Extensions); err != nil {
+		return err
 	}
 
-	if container.Runtime.Options != nil {
-		data, err := proto.Marshal(container.Runtime.Options)
-		if err != nil {
-			return err
-		}
-
-		if err := rbkt.Put(bucketKeyOptions, data); err != nil {
-			return err
-		}
+	if err := boltutil.WriteAny(rbkt, bucketKeyOptions, container.Runtime.Options); err != nil {
+		return err
 	}
 
 	return boltutil.WriteLabels(bkt, container.Labels)
diff --git a/vendor/github.com/containerd/containerd/metadata/content.go b/vendor/github.com/containerd/containerd/metadata/content.go
index f51b0aaddeb24..ee68ccfe1e4e2 100644
--- a/vendor/github.com/containerd/containerd/metadata/content.go
+++ b/vendor/github.com/containerd/containerd/metadata/content.go
@@ -21,6 +21,7 @@ import (
 	"encoding/binary"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/containerd/containerd/content"
@@ -38,16 +39,31 @@ import (
 
 type contentStore struct {
 	content.Store
-	db *DB
-	l  sync.RWMutex
+	db     *DB
+	shared bool
+	l      sync.RWMutex
 }
 
 // newContentStore returns a namespaced content store using an existing
 // content store interface.
-func newContentStore(db *DB, cs content.Store) *contentStore {
+// policy defines the sharing behavior for content between namespaces. Both
+// modes will result in shared storage in the backend for committed. Choose
+// "shared" to prevent separate namespaces from having to pull the same content
+// twice.  Choose "isolated" if the content must not be shared between
+// namespaces.
+//
+// If the policy is "shared", writes will try to resolve the "expected" digest
+// against the backend, allowing imports of content from other namespaces. In
+// "isolated" mode, the client must prove they have the content by providing
+// the entire blob before the content can be added to another namespace.
+//
+// Since we have only two policies right now, it's simpler using bool to
+// represent it internally.
+func newContentStore(db *DB, shared bool, cs content.Store) *contentStore {
 	return &contentStore{
-		Store: cs,
-		db:    db,
+		Store:  cs,
+		db:     db,
+		shared: shared,
 	}
 }
 
@@ -165,7 +181,7 @@ func (cs *contentStore) Walk(ctx context.Context, fn content.WalkFunc, fs ...str
 			if err := readInfo(&info, bkt.Bucket(k)); err != nil {
 				return err
 			}
-			if filter.Match(adaptContentInfo(info)) {
+			if filter.Match(content.AdaptInfo(info)) {
 				infos = append(infos, info)
 			}
 			return nil
@@ -206,9 +222,8 @@ func (cs *contentStore) Delete(ctx context.Context, dgst digest.Digest) error {
 		}
 
 		// Mark content store as dirty for triggering garbage collection
-		cs.db.dirtyL.Lock()
+		atomic.AddUint32(&cs.db.dirty, 1)
 		cs.db.dirtyCS = true
-		cs.db.dirtyL.Unlock()
 
 		return nil
 	})
@@ -383,13 +398,15 @@ func (cs *contentStore) Writer(ctx context.Context, opts ...content.WriterOpt) (
 				return nil
 			}
 
-			if st, err := cs.Store.Info(ctx, wOpts.Desc.Digest); err == nil {
-				// Ensure the expected size is the same, it is likely
-				// an error if the size is mismatched but the caller
-				// must resolve this on commit
-				if wOpts.Desc.Size == 0 || wOpts.Desc.Size == st.Size {
-					shared = true
-					wOpts.Desc.Size = st.Size
+			if cs.shared {
+				if st, err := cs.Store.Info(ctx, wOpts.Desc.Digest); err == nil {
+					// Ensure the expected size is the same, it is likely
+					// an error if the size is mismatched but the caller
+					// must resolve this on commit
+					if wOpts.Desc.Size == 0 || wOpts.Desc.Size == st.Size {
+						shared = true
+						wOpts.Desc.Size = st.Size
+					}
 				}
 			}
 		}
@@ -534,13 +551,13 @@ func (nw *namespacedWriter) createAndCopy(ctx context.Context, desc ocispec.Desc
 	if desc.Size > 0 {
 		ra, err := nw.provider.ReaderAt(ctx, nw.desc)
 		if err != nil {
+			w.Close()
 			return err
 		}
 		defer ra.Close()
 
 		if err := content.CopyReaderAt(w, ra, desc.Size); err != nil {
-			nw.w.Close()
-			nw.w = nil
+			w.Close()
 			return err
 		}
 	}
@@ -550,18 +567,14 @@ func (nw *namespacedWriter) createAndCopy(ctx context.Context, desc ocispec.Desc
 }
 
 func (nw *namespacedWriter) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error {
+	ctx = namespaces.WithNamespace(ctx, nw.namespace)
+
 	nw.l.RLock()
 	defer nw.l.RUnlock()
 
 	var innerErr error
 
 	if err := update(ctx, nw.db, func(tx *bolt.Tx) error {
-		bkt := getIngestsBucket(tx, nw.namespace)
-		if bkt != nil {
-			if err := bkt.DeleteBucket([]byte(nw.ref)); err != nil && err != bolt.ErrBucketNotFound {
-				return err
-			}
-		}
 		dgst, err := nw.commit(ctx, tx, size, expected, opts...)
 		if err != nil {
 			if !errdefs.IsAlreadyExists(err) {
@@ -569,6 +582,12 @@ func (nw *namespacedWriter) Commit(ctx context.Context, size int64, expected dig
 			}
 			innerErr = err
 		}
+		bkt := getIngestsBucket(tx, nw.namespace)
+		if bkt != nil {
+			if err := bkt.DeleteBucket([]byte(nw.ref)); err != nil && err != bolt.ErrBucketNotFound {
+				return err
+			}
+		}
 		if err := removeIngestLease(ctx, tx, nw.ref); err != nil {
 			return err
 		}
@@ -584,37 +603,45 @@ func (nw *namespacedWriter) commit(ctx context.Context, tx *bolt.Tx, size int64,
 	var base content.Info
 	for _, opt := range opts {
 		if err := opt(&base); err != nil {
+			if nw.w != nil {
+				nw.w.Close()
+			}
 			return "", err
 		}
 	}
 	if err := validateInfo(&base); err != nil {
+		if nw.w != nil {
+			nw.w.Close()
+		}
 		return "", err
 	}
 
 	var actual digest.Digest
 	if nw.w == nil {
 		if size != 0 && size != nw.desc.Size {
-			return "", errors.Errorf("%q failed size validation: %v != %v", nw.ref, nw.desc.Size, size)
+			return "", errors.Wrapf(errdefs.ErrFailedPrecondition, "%q failed size validation: %v != %v", nw.ref, nw.desc.Size, size)
 		}
 		if expected != "" && expected != nw.desc.Digest {
-			return "", errors.Errorf("%q unexpected digest", nw.ref)
+			return "", errors.Wrapf(errdefs.ErrFailedPrecondition, "%q unexpected digest", nw.ref)
 		}
 		size = nw.desc.Size
 		actual = nw.desc.Digest
 	} else {
 		status, err := nw.w.Status()
 		if err != nil {
+			nw.w.Close()
 			return "", err
 		}
 		if size != 0 && size != status.Offset {
-			return "", errors.Errorf("%q failed size validation: %v != %v", nw.ref, status.Offset, size)
+			nw.w.Close()
+			return "", errors.Wrapf(errdefs.ErrFailedPrecondition, "%q failed size validation: %v != %v", nw.ref, status.Offset, size)
 		}
 		size = status.Offset
-		actual = nw.w.Digest()
 
 		if err := nw.w.Commit(ctx, size, expected); err != nil && !errdefs.IsAlreadyExists(err) {
 			return "", err
 		}
+		actual = nw.w.Digest()
 	}
 
 	bkt, err := createBlobBucket(tx, nw.namespace, actual)
@@ -681,7 +708,7 @@ func (cs *contentStore) checkAccess(ctx context.Context, dgst digest.Digest) err
 
 func validateInfo(info *content.Info) error {
 	for k, v := range info.Labels {
-		if err := labels.Validate(k, v); err == nil {
+		if err := labels.Validate(k, v); err != nil {
 			return errors.Wrapf(err, "info.Labels")
 		}
 	}
@@ -742,11 +769,7 @@ func writeExpireAt(expire time.Time, bkt *bolt.Bucket) error {
 	if err != nil {
 		return err
 	}
-	if err := bkt.Put(bucketKeyExpireAt, expireAt); err != nil {
-		return err
-	}
-
-	return nil
+	return bkt.Put(bucketKeyExpireAt, expireAt)
 }
 
 func (cs *contentStore) garbageCollect(ctx context.Context) (d time.Duration, err error) {
@@ -754,7 +777,7 @@ func (cs *contentStore) garbageCollect(ctx context.Context) (d time.Duration, er
 	t1 := time.Now()
 	defer func() {
 		if err == nil {
-			d = time.Now().Sub(t1)
+			d = time.Since(t1)
 		}
 		cs.l.Unlock()
 	}()
diff --git a/vendor/github.com/containerd/containerd/metadata/db.go b/vendor/github.com/containerd/containerd/metadata/db.go
index 507d6d22d0110..40d045f05d3e5 100644
--- a/vendor/github.com/containerd/containerd/metadata/db.go
+++ b/vendor/github.com/containerd/containerd/metadata/db.go
@@ -21,6 +21,7 @@ import (
 	"encoding/binary"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/containerd/containerd/content"
@@ -46,6 +47,19 @@ const (
 	dbVersion = 3
 )
 
+// DBOpt configures how we set up the DB
+type DBOpt func(*dbOptions)
+
+// WithPolicyIsolated isolates contents between namespaces
+func WithPolicyIsolated(o *dbOptions) {
+	o.shared = false
+}
+
+// dbOptions configure db options.
+type dbOptions struct {
+	shared bool
+}
+
 // DB represents a metadata database backed by a bolt
 // database. The database is fully namespaced and stores
 // image, container, namespace, snapshot, and content data
@@ -62,29 +76,44 @@ type DB struct {
 	// sweep phases without preventing read transactions.
 	wlock sync.RWMutex
 
-	// dirty flags and lock keeps track of datastores which have had deletions
-	// since the last garbage collection. These datastores will will be garbage
-	// collected during the next garbage collection.
-	dirtyL  sync.Mutex
+	// dirty flag indicates that references have been removed which require
+	// a garbage collection to ensure the database is clean. This tracks
+	// the number of dirty operations. This should be updated and read
+	// atomically if outside of wlock.Lock.
+	dirty uint32
+
+	// dirtySS and dirtyCS flags keeps track of datastores which have had
+	// deletions since the last garbage collection. These datastores will
+	// be garbage collected during the next garbage collection. These
+	// should only be updated inside of a write transaction or wlock.Lock.
 	dirtySS map[string]struct{}
 	dirtyCS bool
 
 	// mutationCallbacks are called after each mutation with the flag
 	// set indicating whether any dirty flags are set
 	mutationCallbacks []func(bool)
+
+	dbopts dbOptions
 }
 
 // NewDB creates a new metadata database using the provided
 // bolt database, content store, and snapshotters.
-func NewDB(db *bolt.DB, cs content.Store, ss map[string]snapshots.Snapshotter) *DB {
+func NewDB(db *bolt.DB, cs content.Store, ss map[string]snapshots.Snapshotter, opts ...DBOpt) *DB {
 	m := &DB{
 		db:      db,
 		ss:      make(map[string]*snapshotter, len(ss)),
 		dirtySS: map[string]struct{}{},
+		dbopts: dbOptions{
+			shared: true,
+		},
+	}
+
+	for _, opt := range opts {
+		opt(&m.dbopts)
 	}
 
 	// Initialize data stores
-	m.cs = newContentStore(m, cs)
+	m.cs = newContentStore(m, m.dbopts.shared, cs)
 	for name, sn := range ss {
 		m.ss[name] = newSnapshotter(m, name, sn)
 	}
@@ -140,7 +169,7 @@ func (m *DB) Init(ctx context.Context) error {
 			}
 		}
 
-		// Previous version fo database found
+		// Previous version of database found
 		if schema != "v0" {
 			updates := migrations[i:]
 
@@ -154,7 +183,7 @@ func (m *DB) Init(ctx context.Context) error {
 				if err := m.migrate(tx); err != nil {
 					return errors.Wrapf(err, "failed to migrate to %s.%d", m.schema, m.version)
 				}
-				log.G(ctx).WithField("d", time.Now().Sub(t0)).Debugf("finished database migration to %s.%d", m.schema, m.version)
+				log.G(ctx).WithField("d", time.Since(t0)).Debugf("finished database migration to %s.%d", m.schema, m.version)
 			}
 		}
 
@@ -215,12 +244,10 @@ func (m *DB) Update(fn func(*bolt.Tx) error) error {
 	defer m.wlock.RUnlock()
 	err := m.db.Update(fn)
 	if err == nil {
-		m.dirtyL.Lock()
-		dirty := m.dirtyCS || len(m.dirtySS) > 0
+		dirty := atomic.LoadUint32(&m.dirty) > 0
 		for _, fn := range m.mutationCallbacks {
 			fn(dirty)
 		}
-		m.dirtyL.Unlock()
 	}
 
 	return err
@@ -232,9 +259,9 @@ func (m *DB) Update(fn func(*bolt.Tx) error) error {
 // The callback function is an argument for whether a deletion has occurred
 // since the last garbage collection.
 func (m *DB) RegisterMutationCallback(fn func(bool)) {
-	m.dirtyL.Lock()
+	m.wlock.Lock()
 	m.mutationCallbacks = append(m.mutationCallbacks, fn)
-	m.dirtyL.Unlock()
+	m.wlock.Unlock()
 }
 
 // GCStats holds the duration for the different phases of the garbage collector
@@ -260,8 +287,6 @@ func (m *DB) GarbageCollect(ctx context.Context) (gc.Stats, error) {
 		return nil, err
 	}
 
-	m.dirtyL.Lock()
-
 	if err := m.db.Update(func(tx *bolt.Tx) error {
 		ctx, cancel := context.WithCancel(ctx)
 		defer cancel()
@@ -287,7 +312,6 @@ func (m *DB) GarbageCollect(ctx context.Context) (gc.Stats, error) {
 
 		return nil
 	}); err != nil {
-		m.dirtyL.Unlock()
 		m.wlock.Unlock()
 		return nil, err
 	}
@@ -295,6 +319,9 @@ func (m *DB) GarbageCollect(ctx context.Context) (gc.Stats, error) {
 	var stats GCStats
 	var wg sync.WaitGroup
 
+	// reset dirty, no need for atomic inside of wlock.Lock
+	m.dirty = 0
+
 	if len(m.dirtySS) > 0 {
 		var sl sync.Mutex
 		stats.SnapshotD = map[string]time.Duration{}
@@ -306,7 +333,7 @@ func (m *DB) GarbageCollect(ctx context.Context) (gc.Stats, error) {
 				m.cleanupSnapshotter(snapshotterName)
 
 				sl.Lock()
-				stats.SnapshotD[snapshotterName] = time.Now().Sub(st1)
+				stats.SnapshotD[snapshotterName] = time.Since(st1)
 				sl.Unlock()
 
 				wg.Done()
@@ -321,15 +348,13 @@ func (m *DB) GarbageCollect(ctx context.Context) (gc.Stats, error) {
 		go func() {
 			ct1 := time.Now()
 			m.cleanupContent()
-			stats.ContentD = time.Now().Sub(ct1)
+			stats.ContentD = time.Since(ct1)
 			wg.Done()
 		}()
 		m.dirtyCS = false
 	}
 
-	m.dirtyL.Unlock()
-
-	stats.MetaD = time.Now().Sub(t1)
+	stats.MetaD = time.Since(t1)
 	m.wlock.Unlock()
 
 	wg.Wait()
diff --git a/vendor/github.com/containerd/containerd/metadata/gc.go b/vendor/github.com/containerd/containerd/metadata/gc.go
index a670ce1a3e097..afe16c9222d77 100644
--- a/vendor/github.com/containerd/containerd/metadata/gc.go
+++ b/vendor/github.com/containerd/containerd/metadata/gc.go
@@ -46,11 +46,17 @@ const (
 	ResourceIngest
 )
 
+const (
+	resourceContentFlat  = ResourceContent | 0x20
+	resourceSnapshotFlat = ResourceSnapshot | 0x20
+)
+
 var (
 	labelGCRoot       = []byte("containerd.io/gc.root")
 	labelGCSnapRef    = []byte("containerd.io/gc.ref.snapshot.")
 	labelGCContentRef = []byte("containerd.io/gc.ref.content")
 	labelGCExpire     = []byte("containerd.io/gc.expire")
+	labelGCFlat       = []byte("containerd.io/gc.flat")
 )
 
 func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
@@ -64,6 +70,18 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 	// iterate through each namespace
 	v1c := v1bkt.Cursor()
 
+	// cerr indicates the scan did not successfully send all
+	// the roots. The scan does not need to be cancelled but
+	// must return error at the end.
+	var cerr error
+	fn := func(n gc.Node) {
+		select {
+		case nc <- n:
+		case <-ctx.Done():
+			cerr = ctx.Err()
+		}
+	}
+
 	for k, v := v1c.First(); k != nil; k, v = v1c.Next() {
 		if v != nil {
 			continue
@@ -78,6 +96,7 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 					return nil
 				}
 				libkt := lbkt.Bucket(k)
+				var flat bool
 
 				if lblbkt := libkt.Bucket(bucketKeyObjectLabels); lblbkt != nil {
 					if expV := lblbkt.Get(labelGCExpire); expV != nil {
@@ -90,33 +109,39 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 							return nil
 						}
 					}
-				}
 
-				select {
-				case nc <- gcnode(ResourceLease, ns, string(k)):
-				case <-ctx.Done():
-					return ctx.Err()
+					if flatV := lblbkt.Get(labelGCFlat); flatV != nil {
+						flat = true
+					}
 				}
 
+				fn(gcnode(ResourceLease, ns, string(k)))
+
 				// Emit content and snapshots as roots instead of implementing
 				// in references. Since leases cannot be referenced there is
 				// no need to allow the lookup to be recursive, handling here
 				// therefore reduces the number of database seeks.
 
+				ctype := ResourceContent
+				if flat {
+					ctype = resourceContentFlat
+				}
+
 				cbkt := libkt.Bucket(bucketKeyObjectContent)
 				if cbkt != nil {
 					if err := cbkt.ForEach(func(k, v []byte) error {
-						select {
-						case nc <- gcnode(ResourceContent, ns, string(k)):
-						case <-ctx.Done():
-							return ctx.Err()
-						}
+						fn(gcnode(ctype, ns, string(k)))
 						return nil
 					}); err != nil {
 						return err
 					}
 				}
 
+				stype := ResourceSnapshot
+				if flat {
+					stype = resourceSnapshotFlat
+				}
+
 				sbkt := libkt.Bucket(bucketKeyObjectSnapshots)
 				if sbkt != nil {
 					if err := sbkt.ForEach(func(sk, sv []byte) error {
@@ -126,11 +151,7 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 						snbkt := sbkt.Bucket(sk)
 
 						return snbkt.ForEach(func(k, v []byte) error {
-							select {
-							case nc <- gcnode(ResourceSnapshot, ns, fmt.Sprintf("%s/%s", sk, k)):
-							case <-ctx.Done():
-								return ctx.Err()
-							}
+							fn(gcnode(stype, ns, fmt.Sprintf("%s/%s", sk, k)))
 							return nil
 						})
 					}); err != nil {
@@ -141,11 +162,7 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 				ibkt := libkt.Bucket(bucketKeyObjectIngests)
 				if ibkt != nil {
 					if err := ibkt.ForEach(func(k, v []byte) error {
-						select {
-						case nc <- gcnode(ResourceIngest, ns, string(k)):
-						case <-ctx.Done():
-							return ctx.Err()
-						}
+						fn(gcnode(ResourceIngest, ns, string(k)))
 						return nil
 					}); err != nil {
 						return err
@@ -168,18 +185,9 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 				target := ibkt.Bucket(k).Bucket(bucketKeyTarget)
 				if target != nil {
 					contentKey := string(target.Get(bucketKeyDigest))
-					select {
-					case nc <- gcnode(ResourceContent, ns, contentKey):
-					case <-ctx.Done():
-						return ctx.Err()
-					}
+					fn(gcnode(ResourceContent, ns, contentKey))
 				}
-				return sendSnapshotRefs(ns, ibkt.Bucket(k), func(n gc.Node) {
-					select {
-					case nc <- n:
-					case <-ctx.Done():
-					}
-				})
+				return sendLabelRefs(ns, ibkt.Bucket(k), fn)
 			}); err != nil {
 				return err
 			}
@@ -200,11 +208,7 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 					if ea == nil || expThreshold.After(*ea) {
 						return nil
 					}
-					select {
-					case nc <- gcnode(ResourceIngest, ns, string(k)):
-					case <-ctx.Done():
-						return ctx.Err()
-					}
+					fn(gcnode(ResourceIngest, ns, string(k)))
 					return nil
 				}); err != nil {
 					return err
@@ -216,7 +220,12 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 					if v != nil {
 						return nil
 					}
-					return sendRootRef(ctx, nc, gcnode(ResourceContent, ns, string(k)), cbkt.Bucket(k))
+
+					if isRootRef(cbkt.Bucket(k)) {
+						fn(gcnode(ResourceContent, ns, string(k)))
+					}
+
+					return nil
 				}); err != nil {
 					return err
 				}
@@ -229,23 +238,15 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 				if v != nil {
 					return nil
 				}
-				snapshotter := string(cbkt.Bucket(k).Get(bucketKeySnapshotter))
+
+				cibkt := cbkt.Bucket(k)
+				snapshotter := string(cibkt.Get(bucketKeySnapshotter))
 				if snapshotter != "" {
-					ss := string(cbkt.Bucket(k).Get(bucketKeySnapshotKey))
-					select {
-					case nc <- gcnode(ResourceSnapshot, ns, fmt.Sprintf("%s/%s", snapshotter, ss)):
-					case <-ctx.Done():
-						return ctx.Err()
-					}
+					ss := string(cibkt.Get(bucketKeySnapshotKey))
+					fn(gcnode(ResourceSnapshot, ns, fmt.Sprintf("%s/%s", snapshotter, ss)))
 				}
 
-				// TODO: Send additional snapshot refs through labels
-				return sendSnapshotRefs(ns, cbkt.Bucket(k), func(n gc.Node) {
-					select {
-					case nc <- n:
-					case <-ctx.Done():
-					}
-				})
+				return sendLabelRefs(ns, cibkt, fn)
 			}); err != nil {
 				return err
 			}
@@ -263,30 +264,30 @@ func scanRoots(ctx context.Context, tx *bolt.Tx, nc chan<- gc.Node) error {
 					if v != nil {
 						return nil
 					}
-
-					return sendRootRef(ctx, nc, gcnode(ResourceSnapshot, ns, fmt.Sprintf("%s/%s", sk, k)), snbkt.Bucket(k))
+					if isRootRef(snbkt.Bucket(k)) {
+						fn(gcnode(ResourceSnapshot, ns, fmt.Sprintf("%s/%s", sk, k)))
+					}
+					return nil
 				})
 			}); err != nil {
 				return err
 			}
 		}
 	}
-	return nil
+	return cerr
 }
 
 func references(ctx context.Context, tx *bolt.Tx, node gc.Node, fn func(gc.Node)) error {
-	if node.Type == ResourceContent {
+	switch node.Type {
+	case ResourceContent:
 		bkt := getBucket(tx, bucketKeyVersion, []byte(node.Namespace), bucketKeyObjectContent, bucketKeyObjectBlob, []byte(node.Key))
 		if bkt == nil {
 			// Node may be created from dead edge
 			return nil
 		}
 
-		if err := sendSnapshotRefs(node.Namespace, bkt, fn); err != nil {
-			return err
-		}
-		return sendContentRefs(node.Namespace, bkt, fn)
-	} else if node.Type == ResourceSnapshot {
+		return sendLabelRefs(node.Namespace, bkt, fn)
+	case ResourceSnapshot, resourceSnapshotFlat:
 		parts := strings.SplitN(node.Key, "/", 2)
 		if len(parts) != 2 {
 			return errors.Errorf("invalid snapshot gc key %s", node.Key)
@@ -296,20 +297,21 @@ func references(ctx context.Context, tx *bolt.Tx, node gc.Node, fn func(gc.Node)
 
 		bkt := getBucket(tx, bucketKeyVersion, []byte(node.Namespace), bucketKeyObjectSnapshots, []byte(ss), []byte(name))
 		if bkt == nil {
-			getBucket(tx, bucketKeyVersion, []byte(node.Namespace), bucketKeyObjectSnapshots).ForEach(func(k, v []byte) error {
-				return nil
-			})
-
 			// Node may be created from dead edge
 			return nil
 		}
 
 		if pv := bkt.Get(bucketKeyParent); len(pv) > 0 {
-			fn(gcnode(ResourceSnapshot, node.Namespace, fmt.Sprintf("%s/%s", ss, pv)))
+			fn(gcnode(node.Type, node.Namespace, fmt.Sprintf("%s/%s", ss, pv)))
 		}
 
-		return sendSnapshotRefs(node.Namespace, bkt, fn)
-	} else if node.Type == ResourceIngest {
+		// Do not send labeled references for flat snapshot refs
+		if node.Type == resourceSnapshotFlat {
+			return nil
+		}
+
+		return sendLabelRefs(node.Namespace, bkt, fn)
+	case ResourceIngest:
 		// Send expected value
 		bkt := getBucket(tx, bucketKeyVersion, []byte(node.Namespace), bucketKeyObjectContent, bucketKeyObjectIngests, []byte(node.Key))
 		if bkt == nil {
@@ -460,25 +462,8 @@ func remove(ctx context.Context, tx *bolt.Tx, node gc.Node) error {
 	return nil
 }
 
-// sendSnapshotRefs sends all snapshot references referred to by the labels in the bkt
-func sendSnapshotRefs(ns string, bkt *bolt.Bucket, fn func(gc.Node)) error {
-	lbkt := bkt.Bucket(bucketKeyObjectLabels)
-	if lbkt != nil {
-		lc := lbkt.Cursor()
-
-		for k, v := lc.Seek(labelGCSnapRef); k != nil && strings.HasPrefix(string(k), string(labelGCSnapRef)); k, v = lc.Next() {
-			snapshotter := k[len(labelGCSnapRef):]
-			if i := bytes.IndexByte(snapshotter, '/'); i >= 0 {
-				snapshotter = snapshotter[:i]
-			}
-			fn(gcnode(ResourceSnapshot, ns, fmt.Sprintf("%s/%s", snapshotter, v)))
-		}
-	}
-	return nil
-}
-
-// sendContentRefs sends all content references referred to by the labels in the bkt
-func sendContentRefs(ns string, bkt *bolt.Bucket, fn func(gc.Node)) error {
+// sendLabelRefs sends all snapshot and content references referred to by the labels in the bkt
+func sendLabelRefs(ns string, bkt *bolt.Bucket, fn func(gc.Node)) error {
 	lbkt := bkt.Bucket(bucketKeyObjectLabels)
 	if lbkt != nil {
 		lc := lbkt.Cursor()
@@ -494,6 +479,15 @@ func sendContentRefs(ns string, bkt *bolt.Bucket, fn func(gc.Node)) error {
 
 			fn(gcnode(ResourceContent, ns, string(v)))
 		}
+
+		for k, v := lc.Seek(labelGCSnapRef); k != nil && strings.HasPrefix(string(k), string(labelGCSnapRef)); k, v = lc.Next() {
+			snapshotter := k[len(labelGCSnapRef):]
+			if i := bytes.IndexByte(snapshotter, '/'); i >= 0 {
+				snapshotter = snapshotter[:i]
+			}
+			fn(gcnode(ResourceSnapshot, ns, fmt.Sprintf("%s/%s", snapshotter, v)))
+		}
+
 	}
 	return nil
 }
@@ -510,17 +504,6 @@ func isRootRef(bkt *bolt.Bucket) bool {
 	return false
 }
 
-func sendRootRef(ctx context.Context, nc chan<- gc.Node, n gc.Node, bkt *bolt.Bucket) error {
-	if isRootRef(bkt) {
-		select {
-		case nc <- n:
-		case <-ctx.Done():
-			return ctx.Err()
-		}
-	}
-	return nil
-}
-
 func gcnode(t gc.ResourceType, ns, key string) gc.Node {
 	return gc.Node{
 		Type:      t,
diff --git a/vendor/github.com/containerd/containerd/metadata/images.go b/vendor/github.com/containerd/containerd/metadata/images.go
index 6ae9dc85541c9..cace4e1801279 100644
--- a/vendor/github.com/containerd/containerd/metadata/images.go
+++ b/vendor/github.com/containerd/containerd/metadata/images.go
@@ -21,6 +21,7 @@ import (
 	"encoding/binary"
 	"fmt"
 	"strings"
+	"sync/atomic"
 	"time"
 
 	"github.com/containerd/containerd/errdefs"
@@ -84,7 +85,7 @@ func (s *imageStore) List(ctx context.Context, fs ...string) ([]images.Image, er
 
 	filter, err := filters.ParseAll(fs...)
 	if err != nil {
-		return nil, errors.Wrapf(errdefs.ErrInvalidArgument, err.Error())
+		return nil, errors.Wrap(errdefs.ErrInvalidArgument, err.Error())
 	}
 
 	var m []images.Image
@@ -192,6 +193,14 @@ func (s *imageStore) Update(ctx context.Context, image images.Image, fieldpaths
 					key := strings.TrimPrefix(path, "labels.")
 					updated.Labels[key] = image.Labels[key]
 					continue
+				} else if strings.HasPrefix(path, "annotations.") {
+					if updated.Target.Annotations == nil {
+						updated.Target.Annotations = map[string]string{}
+					}
+
+					key := strings.TrimPrefix(path, "annotations.")
+					updated.Target.Annotations[key] = image.Target.Annotations[key]
+					continue
 				}
 
 				switch path {
@@ -204,6 +213,8 @@ func (s *imageStore) Update(ctx context.Context, image images.Image, fieldpaths
 					// make sense to modify the size or digest without touching the
 					// mediatype, as well, for example.
 					updated.Target = image.Target
+				case "annotations":
+					updated.Target.Annotations = image.Target.Annotations
 				default:
 					return errors.Wrapf(errdefs.ErrInvalidArgument, "cannot update %q field on image %q", path, image.Name)
 				}
@@ -239,19 +250,16 @@ func (s *imageStore) Delete(ctx context.Context, name string, opts ...images.Del
 			return errors.Wrapf(errdefs.ErrNotFound, "image %q", name)
 		}
 
-		err = bkt.DeleteBucket([]byte(name))
-		if err == bolt.ErrBucketNotFound {
-			return errors.Wrapf(errdefs.ErrNotFound, "image %q", name)
+		if err = bkt.DeleteBucket([]byte(name)); err != nil {
+			if err == bolt.ErrBucketNotFound {
+				err = errors.Wrapf(errdefs.ErrNotFound, "image %q", name)
+			}
+			return err
 		}
 
-		// A reference to a piece of content has been removed,
-		// mark content store as dirty for triggering garbage
-		// collection
-		s.db.dirtyL.Lock()
-		s.db.dirtyCS = true
-		s.db.dirtyL.Unlock()
+		atomic.AddUint32(&s.db.dirty, 1)
 
-		return err
+		return nil
 	})
 }
 
@@ -298,6 +306,11 @@ func readImage(image *images.Image, bkt *bolt.Bucket) error {
 	}
 	image.Labels = labels
 
+	image.Target.Annotations, err = boltutil.ReadAnnotations(bkt)
+	if err != nil {
+		return err
+	}
+
 	tbkt := bkt.Bucket(bucketKeyTarget)
 	if tbkt == nil {
 		return errors.New("unable to read target bucket")
@@ -331,6 +344,10 @@ func writeImage(bkt *bolt.Bucket, image *images.Image) error {
 		return errors.Wrapf(err, "writing labels for image %v", image.Name)
 	}
 
+	if err := boltutil.WriteAnnotations(bkt, image.Target.Annotations); err != nil {
+		return errors.Wrapf(err, "writing Annotations for image %v", image.Name)
+	}
+
 	// write the target bucket
 	tbkt, err := bkt.CreateBucketIfNotExists(bucketKeyTarget)
 	if err != nil {
diff --git a/vendor/github.com/containerd/containerd/metadata/leases.go b/vendor/github.com/containerd/containerd/metadata/leases.go
index 635c3b3c37e4e..60da06b0f00e0 100644
--- a/vendor/github.com/containerd/containerd/metadata/leases.go
+++ b/vendor/github.com/containerd/containerd/metadata/leases.go
@@ -18,6 +18,9 @@ package metadata
 
 import (
 	"context"
+	"fmt"
+	"strings"
+	"sync/atomic"
 	"time"
 
 	"github.com/containerd/containerd/errdefs"
@@ -30,17 +33,17 @@ import (
 	bolt "go.etcd.io/bbolt"
 )
 
-// LeaseManager manages the create/delete lifecyle of leases
+// LeaseManager manages the create/delete lifecycle of leases
 // and also returns existing leases
 type LeaseManager struct {
-	tx *bolt.Tx
+	db *DB
 }
 
 // NewLeaseManager creates a new lease manager for managing leases using
 // the provided database transaction.
-func NewLeaseManager(tx *bolt.Tx) *LeaseManager {
+func NewLeaseManager(db *DB) *LeaseManager {
 	return &LeaseManager{
-		tx: tx,
+		db: db,
 	}
 }
 
@@ -61,56 +64,66 @@ func (lm *LeaseManager) Create(ctx context.Context, opts ...leases.Opt) (leases.
 		return leases.Lease{}, err
 	}
 
-	topbkt, err := createBucketIfNotExists(lm.tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases)
-	if err != nil {
-		return leases.Lease{}, err
-	}
+	if err := update(ctx, lm.db, func(tx *bolt.Tx) error {
+		topbkt, err := createBucketIfNotExists(tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases)
+		if err != nil {
+			return err
+		}
 
-	txbkt, err := topbkt.CreateBucket([]byte(l.ID))
-	if err != nil {
-		if err == bolt.ErrBucketExists {
-			err = errdefs.ErrAlreadyExists
+		txbkt, err := topbkt.CreateBucket([]byte(l.ID))
+		if err != nil {
+			if err == bolt.ErrBucketExists {
+				err = errdefs.ErrAlreadyExists
+			}
+			return errors.Wrapf(err, "lease %q", l.ID)
 		}
-		return leases.Lease{}, errors.Wrapf(err, "lease %q", l.ID)
-	}
 
-	t := time.Now().UTC()
-	createdAt, err := t.MarshalBinary()
-	if err != nil {
-		return leases.Lease{}, err
-	}
-	if err := txbkt.Put(bucketKeyCreatedAt, createdAt); err != nil {
-		return leases.Lease{}, err
-	}
+		t := time.Now().UTC()
+		createdAt, err := t.MarshalBinary()
+		if err != nil {
+			return err
+		}
+		if err := txbkt.Put(bucketKeyCreatedAt, createdAt); err != nil {
+			return err
+		}
 
-	if l.Labels != nil {
-		if err := boltutil.WriteLabels(txbkt, l.Labels); err != nil {
-			return leases.Lease{}, err
+		if l.Labels != nil {
+			if err := boltutil.WriteLabels(txbkt, l.Labels); err != nil {
+				return err
+			}
 		}
-	}
-	l.CreatedAt = t
+		l.CreatedAt = t
 
+		return nil
+	}); err != nil {
+		return leases.Lease{}, err
+	}
 	return l, nil
 }
 
-// Delete delets the lease with the provided lease ID
+// Delete deletes the lease with the provided lease ID
 func (lm *LeaseManager) Delete(ctx context.Context, lease leases.Lease, _ ...leases.DeleteOpt) error {
 	namespace, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
 		return err
 	}
 
-	topbkt := getBucket(lm.tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases)
-	if topbkt == nil {
-		return errors.Wrapf(errdefs.ErrNotFound, "lease %q", lease.ID)
-	}
-	if err := topbkt.DeleteBucket([]byte(lease.ID)); err != nil {
-		if err == bolt.ErrBucketNotFound {
-			err = errors.Wrapf(errdefs.ErrNotFound, "lease %q", lease.ID)
+	return update(ctx, lm.db, func(tx *bolt.Tx) error {
+		topbkt := getBucket(tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases)
+		if topbkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "lease %q", lease.ID)
 		}
-		return err
-	}
-	return nil
+		if err := topbkt.DeleteBucket([]byte(lease.ID)); err != nil {
+			if err == bolt.ErrBucketNotFound {
+				err = errors.Wrapf(errdefs.ErrNotFound, "lease %q", lease.ID)
+			}
+			return err
+		}
+
+		atomic.AddUint32(&lm.db.dirty, 1)
+
+		return nil
+	})
 }
 
 // List lists all active leases
@@ -122,49 +135,189 @@ func (lm *LeaseManager) List(ctx context.Context, fs ...string) ([]leases.Lease,
 
 	filter, err := filters.ParseAll(fs...)
 	if err != nil {
-		return nil, errors.Wrapf(errdefs.ErrInvalidArgument, err.Error())
+		return nil, errors.Wrap(errdefs.ErrInvalidArgument, err.Error())
 	}
 
 	var ll []leases.Lease
 
-	topbkt := getBucket(lm.tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases)
-	if topbkt == nil {
-		return ll, nil
-	}
+	if err := view(ctx, lm.db, func(tx *bolt.Tx) error {
+		topbkt := getBucket(tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases)
+		if topbkt == nil {
+			return nil
+		}
+
+		return topbkt.ForEach(func(k, v []byte) error {
+			if v != nil {
+				return nil
+			}
+			txbkt := topbkt.Bucket(k)
+
+			l := leases.Lease{
+				ID: string(k),
+			}
+
+			if v := txbkt.Get(bucketKeyCreatedAt); v != nil {
+				t := &l.CreatedAt
+				if err := t.UnmarshalBinary(v); err != nil {
+					return err
+				}
+			}
+
+			labels, err := boltutil.ReadLabels(txbkt)
+			if err != nil {
+				return err
+			}
+			l.Labels = labels
+
+			if filter.Match(adaptLease(l)) {
+				ll = append(ll, l)
+			}
 
-	if err := topbkt.ForEach(func(k, v []byte) error {
-		if v != nil {
 			return nil
+		})
+	}); err != nil {
+		return nil, err
+	}
+
+	return ll, nil
+}
+
+// AddResource references the resource by the provided lease.
+func (lm *LeaseManager) AddResource(ctx context.Context, lease leases.Lease, r leases.Resource) error {
+	namespace, err := namespaces.NamespaceRequired(ctx)
+	if err != nil {
+		return err
+	}
+
+	return update(ctx, lm.db, func(tx *bolt.Tx) error {
+		topbkt := getBucket(tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases, []byte(lease.ID))
+		if topbkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "lease %q", lease.ID)
 		}
-		txbkt := topbkt.Bucket(k)
 
-		l := leases.Lease{
-			ID: string(k),
+		keys, ref, err := parseLeaseResource(r)
+		if err != nil {
+			return err
 		}
 
-		if v := txbkt.Get(bucketKeyCreatedAt); v != nil {
-			t := &l.CreatedAt
-			if err := t.UnmarshalBinary(v); err != nil {
+		bkt := topbkt
+		for _, key := range keys {
+			bkt, err = bkt.CreateBucketIfNotExists([]byte(key))
+			if err != nil {
 				return err
 			}
 		}
+		return bkt.Put([]byte(ref), nil)
+	})
+}
 
-		labels, err := boltutil.ReadLabels(txbkt)
+// DeleteResource dereferences the resource by the provided lease.
+func (lm *LeaseManager) DeleteResource(ctx context.Context, lease leases.Lease, r leases.Resource) error {
+	namespace, err := namespaces.NamespaceRequired(ctx)
+	if err != nil {
+		return err
+	}
+
+	return update(ctx, lm.db, func(tx *bolt.Tx) error {
+		topbkt := getBucket(tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases, []byte(lease.ID))
+		if topbkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "lease %q", lease.ID)
+		}
+
+		keys, ref, err := parseLeaseResource(r)
 		if err != nil {
 			return err
 		}
-		l.Labels = labels
 
-		if filter.Match(adaptLease(l)) {
-			ll = append(ll, l)
+		bkt := topbkt
+		for _, key := range keys {
+			if bkt == nil {
+				break
+			}
+			bkt = bkt.Bucket([]byte(key))
+		}
+
+		if bkt != nil {
+			if err := bkt.Delete([]byte(ref)); err != nil {
+				return err
+			}
 		}
 
+		atomic.AddUint32(&lm.db.dirty, 1)
+
 		return nil
-	}); err != nil {
+	})
+}
+
+// ListResources lists all the resources referenced by the lease.
+func (lm *LeaseManager) ListResources(ctx context.Context, lease leases.Lease) ([]leases.Resource, error) {
+	namespace, err := namespaces.NamespaceRequired(ctx)
+	if err != nil {
 		return nil, err
 	}
 
-	return ll, nil
+	var rs []leases.Resource
+
+	if err := view(ctx, lm.db, func(tx *bolt.Tx) error {
+
+		topbkt := getBucket(tx, bucketKeyVersion, []byte(namespace), bucketKeyObjectLeases, []byte(lease.ID))
+		if topbkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "lease %q", lease.ID)
+		}
+
+		// content resources
+		if cbkt := topbkt.Bucket(bucketKeyObjectContent); cbkt != nil {
+			if err := cbkt.ForEach(func(k, _ []byte) error {
+				rs = append(rs, leases.Resource{
+					ID:   string(k),
+					Type: string(bucketKeyObjectContent),
+				})
+
+				return nil
+			}); err != nil {
+				return err
+			}
+		}
+
+		// ingest resources
+		if lbkt := topbkt.Bucket(bucketKeyObjectIngests); lbkt != nil {
+			if err := lbkt.ForEach(func(k, _ []byte) error {
+				rs = append(rs, leases.Resource{
+					ID:   string(k),
+					Type: string(bucketKeyObjectIngests),
+				})
+
+				return nil
+			}); err != nil {
+				return err
+			}
+		}
+
+		// snapshot resources
+		if sbkt := topbkt.Bucket(bucketKeyObjectSnapshots); sbkt != nil {
+			if err := sbkt.ForEach(func(sk, sv []byte) error {
+				if sv != nil {
+					return nil
+				}
+
+				snbkt := sbkt.Bucket(sk)
+				return snbkt.ForEach(func(k, _ []byte) error {
+					rs = append(rs, leases.Resource{
+						ID:   string(k),
+						Type: fmt.Sprintf("%s/%s", bucketKeyObjectSnapshots, sk),
+					})
+					return nil
+				})
+			}); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+	return rs, nil
 }
 
 func addSnapshotLease(ctx context.Context, tx *bolt.Tx, snapshotter, key string) error {
@@ -307,3 +460,36 @@ func removeIngestLease(ctx context.Context, tx *bolt.Tx, ref string) error {
 
 	return bkt.Delete([]byte(ref))
 }
+
+func parseLeaseResource(r leases.Resource) ([]string, string, error) {
+	var (
+		ref  = r.ID
+		typ  = r.Type
+		keys = strings.Split(typ, "/")
+	)
+
+	switch k := keys[0]; k {
+	case string(bucketKeyObjectContent),
+		string(bucketKeyObjectIngests):
+
+		if len(keys) != 1 {
+			return nil, "", errors.Wrapf(errdefs.ErrInvalidArgument, "invalid resource type %s", typ)
+		}
+
+		if k == string(bucketKeyObjectContent) {
+			dgst, err := digest.Parse(ref)
+			if err != nil {
+				return nil, "", errors.Wrapf(errdefs.ErrInvalidArgument, "invalid content resource id %s: %v", ref, err)
+			}
+			ref = dgst.String()
+		}
+	case string(bucketKeyObjectSnapshots):
+		if len(keys) != 2 {
+			return nil, "", errors.Wrapf(errdefs.ErrInvalidArgument, "invalid snapshot resource type %s", typ)
+		}
+	default:
+		return nil, "", errors.Wrapf(errdefs.ErrNotImplemented, "resource type %s not supported yet", typ)
+	}
+
+	return keys, ref, nil
+}
diff --git a/vendor/github.com/containerd/containerd/metadata/namespaces.go b/vendor/github.com/containerd/containerd/metadata/namespaces.go
index 74951eb5c5b62..165c09fcac164 100644
--- a/vendor/github.com/containerd/containerd/metadata/namespaces.go
+++ b/vendor/github.com/containerd/containerd/metadata/namespaces.go
@@ -18,8 +18,10 @@ package metadata
 
 import (
 	"context"
+	"strings"
 
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/identifiers"
 	l "github.com/containerd/containerd/labels"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/pkg/errors"
@@ -41,7 +43,7 @@ func (s *namespaceStore) Create(ctx context.Context, namespace string, labels ma
 		return err
 	}
 
-	if err := namespaces.Validate(namespace); err != nil {
+	if err := identifiers.Validate(namespace); err != nil {
 		return err
 	}
 
@@ -129,12 +131,27 @@ func (s *namespaceStore) List(ctx context.Context) ([]string, error) {
 	return namespaces, nil
 }
 
-func (s *namespaceStore) Delete(ctx context.Context, namespace string) error {
+func (s *namespaceStore) Delete(ctx context.Context, namespace string, opts ...namespaces.DeleteOpts) error {
+	i := &namespaces.DeleteInfo{
+		Name: namespace,
+	}
+	for _, o := range opts {
+		if err := o(ctx, i); err != nil {
+			return err
+		}
+	}
 	bkt := getBucket(s.tx, bucketKeyVersion)
-	if empty, err := s.namespaceEmpty(ctx, namespace); err != nil {
+	types, err := s.listNs(namespace)
+	if err != nil {
 		return err
-	} else if !empty {
-		return errors.Wrapf(errdefs.ErrFailedPrecondition, "namespace %q must be empty", namespace)
+	}
+
+	if len(types) > 0 {
+		return errors.Wrapf(
+			errdefs.ErrFailedPrecondition,
+			"namespace %q must be empty, but it still has %s",
+			namespace, strings.Join(types, ", "),
+		)
 	}
 
 	if err := bkt.DeleteBucket([]byte(namespace)); err != nil {
@@ -148,32 +165,35 @@ func (s *namespaceStore) Delete(ctx context.Context, namespace string) error {
 	return nil
 }
 
-func (s *namespaceStore) namespaceEmpty(ctx context.Context, namespace string) (bool, error) {
-	// Get all data buckets
-	buckets := []*bolt.Bucket{
-		getImagesBucket(s.tx, namespace),
-		getBlobsBucket(s.tx, namespace),
-		getContainersBucket(s.tx, namespace),
+// listNs returns the types of the remaining objects inside the given namespace.
+// It doesn't return exact objects due to performance concerns.
+func (s *namespaceStore) listNs(namespace string) ([]string, error) {
+	var out []string
+
+	if !isBucketEmpty(getImagesBucket(s.tx, namespace)) {
+		out = append(out, "images")
+	}
+	if !isBucketEmpty(getBlobsBucket(s.tx, namespace)) {
+		out = append(out, "blobs")
 	}
+	if !isBucketEmpty(getContainersBucket(s.tx, namespace)) {
+		out = append(out, "containers")
+	}
+
 	if snbkt := getSnapshottersBucket(s.tx, namespace); snbkt != nil {
 		if err := snbkt.ForEach(func(k, v []byte) error {
 			if v == nil {
-				buckets = append(buckets, snbkt.Bucket(k))
+				if !isBucketEmpty(snbkt.Bucket(k)) {
+					out = append(out, "snapshot-"+string(k))
+				}
 			}
 			return nil
 		}); err != nil {
-			return false, err
-		}
-	}
-
-	// Ensure data buckets are empty
-	for _, bkt := range buckets {
-		if !isBucketEmpty(bkt) {
-			return false, nil
+			return nil, err
 		}
 	}
 
-	return true, nil
+	return out, nil
 }
 
 func isBucketEmpty(bkt *bolt.Bucket) bool {
diff --git a/vendor/github.com/containerd/containerd/metadata/snapshot.go b/vendor/github.com/containerd/containerd/metadata/snapshot.go
index 75b80b0bc59c3..389aeda45eca6 100644
--- a/vendor/github.com/containerd/containerd/metadata/snapshot.go
+++ b/vendor/github.com/containerd/containerd/metadata/snapshot.go
@@ -21,9 +21,11 @@ import (
 	"fmt"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/filters"
 	"github.com/containerd/containerd/labels"
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/metadata/boltutil"
@@ -34,6 +36,11 @@ import (
 	bolt "go.etcd.io/bbolt"
 )
 
+const (
+	inheritedLabelsPrefix = "containerd.io/snapshot/"
+	labelSnapshotRef      = "containerd.io/snapshot.ref"
+)
+
 type snapshotter struct {
 	snapshots.Snapshotter
 	name string
@@ -153,6 +160,7 @@ func (s *snapshotter) Update(ctx context.Context, info snapshots.Info, fieldpath
 		local = snapshots.Info{
 			Name: info.Name,
 		}
+		updated bool
 	)
 	if err := update(ctx, s.db, func(tx *bolt.Tx) error {
 		bkt := getSnapshotterBucket(tx, ns, s.name)
@@ -209,13 +217,24 @@ func (s *snapshotter) Update(ctx context.Context, info snapshots.Info, fieldpath
 		bkey = string(sbkt.Get(bucketKeyName))
 		local.Parent = string(sbkt.Get(bucketKeyParent))
 
+		inner := snapshots.Info{
+			Name:   bkey,
+			Labels: snapshots.FilterInheritedLabels(local.Labels),
+		}
+
+		// NOTE: Perform this inside the transaction to reduce the
+		// chances of out of sync data. The backend snapshotters
+		// should perform the Update as fast as possible.
+		if info, err = s.Snapshotter.Update(ctx, inner, fieldpaths...); err != nil {
+			return err
+		}
+		updated = true
+
 		return nil
 	}); err != nil {
-		return snapshots.Info{}, err
-	}
-
-	info, err = s.Snapshotter.Stat(ctx, bkey)
-	if err != nil {
+		if updated {
+			log.G(ctx).WithField("snapshotter", s.name).WithField("key", local.Name).WithError(err).Error("transaction failed after updating snapshot backend")
+		}
 		return snapshots.Info{}, err
 	}
 
@@ -232,7 +251,7 @@ func overlayInfo(info, overlay snapshots.Info) snapshots.Info {
 		info.Labels = overlay.Labels
 	} else {
 		for k, v := range overlay.Labels {
-			overlay.Labels[k] = v
+			info.Labels[k] = v
 		}
 	}
 	return info
@@ -282,31 +301,158 @@ func (s *snapshotter) createSnapshot(ctx context.Context, key, parent string, re
 		return nil, err
 	}
 
-	var m []mount.Mount
+	var (
+		target  = base.Labels[labelSnapshotRef]
+		bparent string
+		bkey    string
+		bopts   = []snapshots.Opt{
+			snapshots.WithLabels(snapshots.FilterInheritedLabels(base.Labels)),
+		}
+	)
+
 	if err := update(ctx, s.db, func(tx *bolt.Tx) error {
 		bkt, err := createSnapshotterBucket(tx, ns, s.name)
 		if err != nil {
 			return err
 		}
 
-		bbkt, err := bkt.CreateBucket([]byte(key))
-		if err != nil {
-			if err == bolt.ErrBucketExists {
-				err = errors.Wrapf(errdefs.ErrAlreadyExists, "snapshot %q", key)
+		// Check if target exists, if so, return already exists
+		if target != "" {
+			if tbkt := bkt.Bucket([]byte(target)); tbkt != nil {
+				return errors.Wrapf(errdefs.ErrAlreadyExists, "target snapshot %q", target)
 			}
+		}
+
+		if bbkt := bkt.Bucket([]byte(key)); bbkt != nil {
+			return errors.Wrapf(errdefs.ErrAlreadyExists, "snapshot %q", key)
+		}
+
+		if parent != "" {
+			pbkt := bkt.Bucket([]byte(parent))
+			if pbkt == nil {
+				return errors.Wrapf(errdefs.ErrNotFound, "parent snapshot %v does not exist", parent)
+			}
+			bparent = string(pbkt.Get(bucketKeyName))
+		}
+
+		sid, err := bkt.NextSequence()
+		if err != nil {
 			return err
 		}
+		bkey = createKey(sid, ns, key)
+
+		return err
+	}); err != nil {
+		return nil, err
+	}
+
+	var (
+		m       []mount.Mount
+		created string
+		rerr    error
+	)
+	if readonly {
+		m, err = s.Snapshotter.View(ctx, bkey, bparent, bopts...)
+	} else {
+		m, err = s.Snapshotter.Prepare(ctx, bkey, bparent, bopts...)
+	}
+
+	// An already exists error should indicate the backend found a snapshot
+	// matching a provided target reference.
+	if errdefs.IsAlreadyExists(err) {
+		if target != "" {
+			var tinfo *snapshots.Info
+			filter := fmt.Sprintf(`labels."containerd.io/snapshot.ref"==%s,parent==%q`, target, bparent)
+			if err := s.Snapshotter.Walk(ctx, func(ctx context.Context, i snapshots.Info) error {
+				if tinfo == nil && i.Kind == snapshots.KindCommitted {
+					if i.Labels["containerd.io/snapshot.ref"] != target {
+						// Walk did not respect filter
+						return nil
+					}
+					if i.Parent != bparent {
+						// Walk did not respect filter
+						return nil
+					}
+					tinfo = &i
+				}
+				return nil
+
+			}, filter); err != nil {
+				return nil, errors.Wrap(err, "failed walking backend snapshots")
+			}
+
+			if tinfo == nil {
+				return nil, errors.Wrapf(errdefs.ErrNotFound, "target snapshot %q in backend", target)
+			}
+
+			key = target
+			bkey = tinfo.Name
+			bparent = tinfo.Parent
+			base.Created = tinfo.Created
+			base.Updated = tinfo.Updated
+			if base.Labels == nil {
+				base.Labels = tinfo.Labels
+			} else {
+				for k, v := range tinfo.Labels {
+					if _, ok := base.Labels[k]; !ok {
+						base.Labels[k] = v
+					}
+				}
+			}
+
+			// Propagate this error after the final update
+			rerr = errors.Wrapf(errdefs.ErrAlreadyExists, "target snapshot %q from snapshotter", target)
+		} else {
+			// This condition is unexpected as the key provided is expected
+			// to be new and unique, return as unknown response from backend
+			// to avoid confusing callers handling already exists.
+			return nil, errors.Wrapf(errdefs.ErrUnknown, "unexpected error from snapshotter: %v", err)
+		}
+	} else if err != nil {
+		return nil, err
+	} else {
+		ts := time.Now().UTC()
+		base.Created = ts
+		base.Updated = ts
+		created = bkey
+	}
+
+	if txerr := update(ctx, s.db, func(tx *bolt.Tx) error {
+		bkt := getSnapshotterBucket(tx, ns, s.name)
+		if bkt == nil {
+			return errors.Wrapf(errdefs.ErrNotFound, "can not find snapshotter %q", s.name)
+		}
+
 		if err := addSnapshotLease(ctx, tx, s.name, key); err != nil {
 			return err
 		}
 
-		var bparent string
+		bbkt, err := bkt.CreateBucket([]byte(key))
+		if err != nil {
+			if err != bolt.ErrBucketExists {
+				return err
+			}
+			if rerr == nil {
+				rerr = errors.Wrapf(errdefs.ErrAlreadyExists, "snapshot %q", key)
+			}
+			return nil
+		}
+
 		if parent != "" {
 			pbkt := bkt.Bucket([]byte(parent))
 			if pbkt == nil {
 				return errors.Wrapf(errdefs.ErrNotFound, "parent snapshot %v does not exist", parent)
 			}
-			bparent = string(pbkt.Get(bucketKeyName))
+
+			// Ensure the backend's parent matches the metadata store's parent
+			// If it is mismatched, then a target was provided for a snapshotter
+			// which has a different parent then requested.
+			// NOTE: The backend snapshotter is responsible for enforcing the
+			// uniqueness of the reference relationships, the metadata store
+			// can only error out to prevent inconsistent data.
+			if bparent != string(pbkt.Get(bucketKeyName)) {
+				return errors.Wrapf(errdefs.ErrInvalidArgument, "mismatched parent %s from target %s", parent, target)
+			}
 
 			cbkt, err := pbkt.CreateBucketIfNotExists(bucketKeyChildren)
 			if err != nil {
@@ -321,34 +467,28 @@ func (s *snapshotter) createSnapshot(ctx context.Context, key, parent string, re
 			}
 		}
 
-		sid, err := bkt.NextSequence()
-		if err != nil {
-			return err
-		}
-		bkey := createKey(sid, ns, key)
-		if err := bbkt.Put(bucketKeyName, []byte(bkey)); err != nil {
-			return err
-		}
-
-		ts := time.Now().UTC()
-		if err := boltutil.WriteTimestamps(bbkt, ts, ts); err != nil {
+		if err := boltutil.WriteTimestamps(bbkt, base.Created, base.Updated); err != nil {
 			return err
 		}
 		if err := boltutil.WriteLabels(bbkt, base.Labels); err != nil {
 			return err
 		}
 
-		// TODO: Consider doing this outside of transaction to lessen
-		// metadata lock time
-		if readonly {
-			m, err = s.Snapshotter.View(ctx, bkey, bparent)
-		} else {
-			m, err = s.Snapshotter.Prepare(ctx, bkey, bparent)
+		return bbkt.Put(bucketKeyName, []byte(bkey))
+	}); txerr != nil {
+		rerr = txerr
+	}
+
+	if rerr != nil {
+		// If the created reference is not stored, attempt clean up
+		if created != "" {
+			if err := s.Snapshotter.Remove(ctx, created); err != nil {
+				log.G(ctx).WithField("snapshotter", s.name).WithField("key", created).WithError(err).Error("failed to cleanup unreferenced snapshot")
+			}
 		}
-		return err
-	}); err != nil {
-		return nil, err
+		return nil, rerr
 	}
+
 	return m, nil
 }
 
@@ -372,7 +512,8 @@ func (s *snapshotter) Commit(ctx context.Context, name, key string, opts ...snap
 		return err
 	}
 
-	return update(ctx, s.db, func(tx *bolt.Tx) error {
+	var bname string
+	if err := update(ctx, s.db, func(tx *bolt.Tx) error {
 		bkt := getSnapshotterBucket(tx, ns, s.name)
 		if bkt == nil {
 			return errors.Wrapf(errdefs.ErrNotFound,
@@ -445,10 +586,40 @@ func (s *snapshotter) Commit(ctx context.Context, name, key string, opts ...snap
 			return err
 		}
 
-		// TODO: Consider doing this outside of transaction to lessen
-		// metadata lock time
-		return s.Snapshotter.Commit(ctx, nameKey, bkey)
-	})
+		inheritedOpt := snapshots.WithLabels(snapshots.FilterInheritedLabels(base.Labels))
+
+		// NOTE: Backend snapshotters should commit fast and reliably to
+		// prevent metadata store locking and minimizing rollbacks.
+		// This operation should be done in the transaction to minimize the
+		// risk of the committed keys becoming out of sync. If this operation
+		// succeed and the overall transaction fails then the risk of out of
+		// sync data is higher and may require manual cleanup.
+		if err := s.Snapshotter.Commit(ctx, nameKey, bkey, inheritedOpt); err != nil {
+			if errdefs.IsNotFound(err) {
+				log.G(ctx).WithField("snapshotter", s.name).WithField("key", key).WithError(err).Error("uncommittable snapshot: missing in backend, snapshot should be removed")
+			}
+			// NOTE: Consider handling already exists here from the backend. Currently
+			// already exists from the backend may be confusing to the client since it
+			// may require the client to re-attempt from prepare. However, if handling
+			// here it is not clear what happened with the existing backend key and
+			// whether the already prepared snapshot would still be used or must be
+			// discarded. It is best that all implementations of the snapshotter
+			// interface behave the same, in which case the backend should handle the
+			// mapping of duplicates and not error.
+			return err
+		}
+		bname = nameKey
+
+		return nil
+	}); err != nil {
+		if bname != "" {
+			log.G(ctx).WithField("snapshotter", s.name).WithField("key", key).WithField("bname", bname).WithError(err).Error("uncommittable snapshot: transaction failed after commit, snapshot should be removed")
+
+		}
+		return err
+	}
+
+	return nil
 
 }
 
@@ -500,9 +671,8 @@ func (s *snapshotter) Remove(ctx context.Context, key string) error {
 		}
 
 		// Mark snapshotter as dirty for triggering garbage collection
-		s.db.dirtyL.Lock()
+		atomic.AddUint32(&s.db.dirty, 1)
 		s.db.dirtySS[s.name] = struct{}{}
-		s.db.dirtyL.Unlock()
 
 		return nil
 	})
@@ -513,7 +683,7 @@ type infoPair struct {
 	info snapshots.Info
 }
 
-func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
+func (s *snapshotter) Walk(ctx context.Context, fn snapshots.WalkFunc, fs ...string) error {
 	ns, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
 		return err
@@ -525,6 +695,11 @@ func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapsho
 		lastKey   string
 	)
 
+	filter, err := filters.ParseAll(fs...)
+	if err != nil {
+		return err
+	}
+
 	for {
 		if err := view(ctx, s.db, func(tx *bolt.Tx) error {
 			bkt := getSnapshotterBucket(tx, ns, s.name)
@@ -587,8 +762,11 @@ func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapsho
 				return err
 			}
 
-			if err := fn(ctx, overlayInfo(info, pair.info)); err != nil {
-				return err
+			info = overlayInfo(info, pair.info)
+			if filter.Match(adaptSnapshot(info)) {
+				if err := fn(ctx, info); err != nil {
+					return err
+				}
 			}
 		}
 
@@ -613,22 +791,21 @@ func validateSnapshot(info *snapshots.Info) error {
 	return nil
 }
 
-type cleaner interface {
-	Cleanup(ctx context.Context) error
-}
-
 func (s *snapshotter) garbageCollect(ctx context.Context) (d time.Duration, err error) {
 	s.l.Lock()
 	t1 := time.Now()
 	defer func() {
 		s.l.Unlock()
 		if err == nil {
-			if c, ok := s.Snapshotter.(cleaner); ok {
+			if c, ok := s.Snapshotter.(snapshots.Cleaner); ok {
 				err = c.Cleanup(ctx)
+				if errdefs.IsNotImplemented(err) {
+					err = nil
+				}
 			}
 		}
 		if err == nil {
-			d = time.Now().Sub(t1)
+			d = time.Since(t1)
 		}
 	}()
 
diff --git a/vendor/github.com/containerd/containerd/mount/lookup_unix.go b/vendor/github.com/containerd/containerd/mount/lookup_unix.go
index e8b0a0b483be4..a2d51ce5849e4 100644
--- a/vendor/github.com/containerd/containerd/mount/lookup_unix.go
+++ b/vendor/github.com/containerd/containerd/mount/lookup_unix.go
@@ -20,9 +20,8 @@ package mount
 
 import (
 	"path/filepath"
-	"sort"
-	"strings"
 
+	"github.com/moby/sys/mountinfo"
 	"github.com/pkg/errors"
 )
 
@@ -30,24 +29,21 @@ import (
 func Lookup(dir string) (Info, error) {
 	dir = filepath.Clean(dir)
 
-	mounts, err := Self()
+	m, err := mountinfo.GetMounts(mountinfo.ParentsFilter(dir))
 	if err != nil {
-		return Info{}, err
+		return Info{}, errors.Wrapf(err, "failed to find the mount info for %q", dir)
+	}
+	if len(m) == 0 {
+		return Info{}, errors.Errorf("failed to find the mount info for %q", dir)
 	}
 
-	// Sort descending order by Info.Mountpoint
-	sort.SliceStable(mounts, func(i, j int) bool {
-		return mounts[j].Mountpoint < mounts[i].Mountpoint
-	})
-	for _, m := range mounts {
-		// Note that m.{Major, Minor} are generally unreliable for our purpose here
-		// https://www.spinics.net/lists/linux-btrfs/msg58908.html
-		// Note that device number is not checked here, because for overlayfs files
-		// may have different device number with the mountpoint.
-		if strings.HasPrefix(dir, m.Mountpoint) {
-			return m, nil
+	// find the longest matching mount point
+	var idx, maxlen int
+	for i := range m {
+		if len(m[i].Mountpoint) > maxlen {
+			maxlen = len(m[i].Mountpoint)
+			idx = i
 		}
 	}
-
-	return Info{}, errors.Errorf("failed to find the mount info for %q", dir)
+	return *m[idx], nil
 }
diff --git a/vendor/github.com/containerd/containerd/mount/losetup_linux.go b/vendor/github.com/containerd/containerd/mount/losetup_linux.go
new file mode 100644
index 0000000000000..e99e962f12c76
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/mount/losetup_linux.go
@@ -0,0 +1,208 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package mount
+
+import (
+	"fmt"
+	"math/rand"
+	"os"
+	"strings"
+	"syscall"
+	"time"
+	"unsafe"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	loopControlPath = "/dev/loop-control"
+	loopDevFormat   = "/dev/loop%d"
+
+	ebusyString = "device or resource busy"
+)
+
+// LoopParams parameters to control loop device setup
+type LoopParams struct {
+	// Loop device should forbid write
+	Readonly bool
+	// Loop device is automatically cleared by kernel when the
+	// last opener closes it
+	Autoclear bool
+	// Use direct IO to access the loop backing file
+	Direct bool
+}
+
+func ioctl(fd, req, args uintptr) (uintptr, uintptr, error) {
+	r1, r2, errno := syscall.Syscall(syscall.SYS_IOCTL, fd, req, args)
+	if errno != 0 {
+		return 0, 0, errno
+	}
+
+	return r1, r2, nil
+}
+
+func getFreeLoopDev() (uint32, error) {
+	ctrl, err := os.OpenFile(loopControlPath, os.O_RDWR, 0)
+	if err != nil {
+		return 0, errors.Errorf("could not open %v: %v", loopControlPath, err)
+	}
+	defer ctrl.Close()
+	num, _, err := ioctl(ctrl.Fd(), unix.LOOP_CTL_GET_FREE, 0)
+	if err != nil {
+		return 0, errors.Wrap(err, "could not get free loop device")
+	}
+	return uint32(num), nil
+}
+
+// setupLoopDev attaches the backing file to the loop device and returns
+// the file handle for the loop device. The caller is responsible for
+// closing the file handle.
+func setupLoopDev(backingFile, loopDev string, param LoopParams) (_ *os.File, retErr error) {
+	// 1. Open backing file and loop device
+	flags := os.O_RDWR
+	if param.Readonly {
+		flags = os.O_RDONLY
+	}
+
+	back, err := os.OpenFile(backingFile, flags, 0)
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not open backing file: %s", backingFile)
+	}
+	defer back.Close()
+
+	loop, err := os.OpenFile(loopDev, flags, 0)
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not open loop device: %s", loopDev)
+	}
+	defer func() {
+		if retErr != nil {
+			loop.Close()
+		}
+	}()
+
+	// 2. Set FD
+	if _, _, err = ioctl(loop.Fd(), unix.LOOP_SET_FD, back.Fd()); err != nil {
+		return nil, errors.Wrapf(err, "could not set loop fd for device: %s", loopDev)
+	}
+
+	// 3. Set Info
+	info := unix.LoopInfo64{}
+	copy(info.File_name[:], backingFile)
+	if param.Readonly {
+		info.Flags |= unix.LO_FLAGS_READ_ONLY
+	}
+
+	if param.Autoclear {
+		info.Flags |= unix.LO_FLAGS_AUTOCLEAR
+	}
+
+	if param.Direct {
+		info.Flags |= unix.LO_FLAGS_DIRECT_IO
+	}
+
+	_, _, err = ioctl(loop.Fd(), unix.LOOP_SET_STATUS64, uintptr(unsafe.Pointer(&info)))
+	if err == nil {
+		return loop, nil
+	}
+
+	if param.Direct {
+		// Retry w/o direct IO flag in case kernel does not support it. The downside is that
+		// it will suffer from double cache problem.
+		info.Flags &= ^(uint32(unix.LO_FLAGS_DIRECT_IO))
+		_, _, err = ioctl(loop.Fd(), unix.LOOP_SET_STATUS64, uintptr(unsafe.Pointer(&info)))
+		if err == nil {
+			return loop, nil
+		}
+	}
+
+	_, _, _ = ioctl(loop.Fd(), unix.LOOP_CLR_FD, 0)
+	return nil, errors.Errorf("failed to set loop device info: %v", err)
+}
+
+// setupLoop looks for (and possibly creates) a free loop device, and
+// then attaches backingFile to it.
+//
+// When autoclear is true, caller should take care to close it when
+// done with the loop device. The loop device file handle keeps
+// loFlagsAutoclear in effect and we rely on it to clean up the loop
+// device. If caller closes the file handle after mounting the device,
+// kernel will clear the loop device after it is umounted. Otherwise
+// the loop device is cleared when the file handle is closed.
+//
+// When autoclear is false, caller should be responsible to remove
+// the loop device when done with it.
+//
+// Upon success, the file handle to the loop device is returned.
+func setupLoop(backingFile string, param LoopParams) (*os.File, error) {
+	for retry := 1; retry < 100; retry++ {
+		num, err := getFreeLoopDev()
+		if err != nil {
+			return nil, err
+		}
+
+		loopDev := fmt.Sprintf(loopDevFormat, num)
+		file, err := setupLoopDev(backingFile, loopDev, param)
+		if err != nil {
+			// Per util-linux/sys-utils/losetup.c:create_loop(),
+			// free loop device can race and we end up failing
+			// with EBUSY when trying to set it up.
+			if strings.Contains(err.Error(), ebusyString) {
+				// Fallback a bit to avoid live lock
+				time.Sleep(time.Millisecond * time.Duration(rand.Intn(retry*10)))
+				continue
+			}
+			return nil, err
+		}
+
+		return file, nil
+	}
+
+	return nil, errors.New("timeout creating new loopback device")
+}
+
+func removeLoop(loopdev string) error {
+	file, err := os.Open(loopdev)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	_, _, err = ioctl(file.Fd(), unix.LOOP_CLR_FD, 0)
+	return err
+}
+
+// AttachLoopDevice attaches a specified backing file to a loop device
+func AttachLoopDevice(backingFile string) (string, error) {
+	file, err := setupLoop(backingFile, LoopParams{})
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+	return file.Name(), nil
+}
+
+// DetachLoopDevice detaches the provided loop devices
+func DetachLoopDevice(devices ...string) error {
+	for _, dev := range devices {
+		if err := removeLoop(dev); err != nil {
+			return errors.Wrapf(err, "failed to remove loop device: %s", dev)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/containerd/containerd/mount/mount_freebsd.go b/vendor/github.com/containerd/containerd/mount/mount_freebsd.go
new file mode 100644
index 0000000000000..d52450013c06a
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/mount/mount_freebsd.go
@@ -0,0 +1,137 @@
+// +build freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package mount
+
+import (
+	"os"
+	"os/exec"
+	"time"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+var (
+	// ErrNotImplementOnUnix is returned for methods that are not implemented
+	ErrNotImplementOnUnix = errors.New("not implemented under unix")
+)
+
+// Mount to the provided target path.
+func (m *Mount) Mount(target string) error {
+	// The "syscall" and "golang.org/x/sys/unix" packages do not define a Mount
+	// function for FreeBSD, so instead we execute mount(8) and trust it to do
+	// the right thing
+	return m.mountWithHelper(target)
+}
+
+func (m *Mount) mountWithHelper(target string) error {
+	// target: "/foo/target"
+	// command: "mount -o ro -t nullfs /foo/source /foo/merged"
+	// Note: FreeBSD mount(8) is particular about the order of flags and arguments
+	var args []string
+	for _, o := range m.Options {
+		args = append(args, "-o", o)
+	}
+	args = append(args, "-t", m.Type)
+	args = append(args, m.Source, target)
+
+	infoBeforeMount, err := Lookup(target)
+	if err != nil {
+		return err
+	}
+
+	// cmd.CombinedOutput() may intermittently return ECHILD because of our signal handling in shim.
+	// See #4387 and wait(2).
+	const retriesOnECHILD = 10
+	for i := 0; i < retriesOnECHILD; i++ {
+		cmd := exec.Command("mount", args...)
+		out, err := cmd.CombinedOutput()
+		if err == nil {
+			return nil
+		}
+		if !errors.Is(err, unix.ECHILD) {
+			return errors.Wrapf(err, "mount [%v] failed: %q", args, string(out))
+		}
+		// We got ECHILD, we are not sure whether the mount was successful.
+		// If the mount ID has changed, we are sure we got some new mount, but still not sure it is fully completed.
+		// So we attempt to unmount the new mount before retrying.
+		infoAfterMount, err := Lookup(target)
+		if err != nil {
+			return err
+		}
+		if infoAfterMount.ID != infoBeforeMount.ID {
+			_ = unmount(target, 0)
+		}
+	}
+	return errors.Errorf("mount [%v] failed with ECHILD (retired %d times)", args, retriesOnECHILD)
+}
+
+// Unmount the provided mount path with the flags
+func Unmount(target string, flags int) error {
+	if err := unmount(target, flags); err != nil && err != unix.EINVAL {
+		return err
+	}
+	return nil
+}
+
+func unmount(target string, flags int) error {
+	for i := 0; i < 50; i++ {
+		if err := unix.Unmount(target, flags); err != nil {
+			switch err {
+			case unix.EBUSY:
+				time.Sleep(50 * time.Millisecond)
+				continue
+			default:
+				return err
+			}
+		}
+		return nil
+	}
+	return errors.Wrapf(unix.EBUSY, "failed to unmount target %s", target)
+}
+
+// UnmountAll repeatedly unmounts the given mount point until there
+// are no mounts remaining (EINVAL is returned by mount), which is
+// useful for undoing a stack of mounts on the same mount point.
+// UnmountAll all is noop when the first argument is an empty string.
+// This is done when the containerd client did not specify any rootfs
+// mounts (e.g. because the rootfs is managed outside containerd)
+// UnmountAll is noop when the mount path does not exist.
+func UnmountAll(mount string, flags int) error {
+	if mount == "" {
+		return nil
+	}
+	if _, err := os.Stat(mount); os.IsNotExist(err) {
+		return nil
+	}
+
+	for {
+		if err := unmount(mount, flags); err != nil {
+			// EINVAL is returned if the target is not a
+			// mount point, indicating that we are
+			// done. It can also indicate a few other
+			// things (such as invalid flags) which we
+			// unfortunately end up squelching here too.
+			if err == unix.EINVAL {
+				return nil
+			}
+			return err
+		}
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/mount/mount_linux.go b/vendor/github.com/containerd/containerd/mount/mount_linux.go
index b5a16148acf87..3f05ebc891acc 100644
--- a/vendor/github.com/containerd/containerd/mount/mount_linux.go
+++ b/vendor/github.com/containerd/containerd/mount/mount_linux.go
@@ -19,6 +19,7 @@ package mount
 import (
 	"fmt"
 	"os"
+	"os/exec"
 	"path"
 	"strings"
 	"time"
@@ -28,14 +29,27 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-var pagesize = 4096
+var (
+	pagesize              = 4096
+	allowedHelperBinaries = []string{"mount.fuse", "mount.fuse3"}
+)
 
 func init() {
 	pagesize = os.Getpagesize()
 }
 
-// Mount to the provided target path
-func (m *Mount) Mount(target string) error {
+// Mount to the provided target path.
+//
+// If m.Type starts with "fuse." or "fuse3.", "mount.fuse" or "mount.fuse3"
+// helper binary is called.
+func (m *Mount) Mount(target string) (err error) {
+	for _, helperBinary := range allowedHelperBinaries {
+		// helperBinary = "mount.fuse", typePrefix = "fuse."
+		typePrefix := strings.TrimPrefix(helperBinary, "mount.") + "."
+		if strings.HasPrefix(m.Type, typePrefix) {
+			return m.mountWithHelper(helperBinary, typePrefix, target)
+		}
+	}
 	var (
 		chdir   string
 		options = m.Options
@@ -48,7 +62,7 @@ func (m *Mount) Mount(target string) error {
 		chdir, options = compactLowerdirOption(options)
 	}
 
-	flags, data := parseMountOptions(options)
+	flags, data, losetup := parseMountOptions(options)
 	if len(data) > pagesize {
 		return errors.Errorf("mount options is too long")
 	}
@@ -63,7 +77,20 @@ func (m *Mount) Mount(target string) error {
 	if flags&unix.MS_REMOUNT == 0 || data != "" {
 		// Initial call applying all non-propagation flags for mount
 		// or remount with changed data
-		if err := mountAt(chdir, m.Source, target, m.Type, uintptr(oflags), data); err != nil {
+		source := m.Source
+		if losetup {
+			loFile, err := setupLoop(m.Source, LoopParams{
+				Readonly:  oflags&unix.MS_RDONLY == unix.MS_RDONLY,
+				Autoclear: true})
+			if err != nil {
+				return err
+			}
+			defer loFile.Close()
+
+			// Mount the loop device instead
+			source = loFile.Name()
+		}
+		if err := mountAt(chdir, source, target, m.Type, uintptr(oflags), data); err != nil {
 			return err
 		}
 	}
@@ -92,7 +119,39 @@ func Unmount(target string, flags int) error {
 	return nil
 }
 
+// fuseSuperMagic is defined in statfs(2)
+const fuseSuperMagic = 0x65735546
+
+func isFUSE(dir string) bool {
+	var st unix.Statfs_t
+	if err := unix.Statfs(dir, &st); err != nil {
+		return false
+	}
+	return st.Type == fuseSuperMagic
+}
+
+// unmountFUSE attempts to unmount using fusermount/fusermount3 helper binary.
+//
+// For FUSE mounts, using these helper binaries is preferred, see:
+// https://github.com/containerd/containerd/pull/3765#discussion_r342083514
+func unmountFUSE(target string) error {
+	var err error
+	for _, helperBinary := range []string{"fusermount3", "fusermount"} {
+		cmd := exec.Command(helperBinary, "-u", target)
+		err = cmd.Run()
+		if err == nil {
+			return nil
+		}
+	}
+	return err
+}
+
 func unmount(target string, flags int) error {
+	if isFUSE(target) {
+		if err := unmountFUSE(target); err == nil {
+			return nil
+		}
+	}
 	for i := 0; i < 50; i++ {
 		if err := unix.Unmount(target, flags); err != nil {
 			switch err {
@@ -111,7 +170,18 @@ func unmount(target string, flags int) error {
 // UnmountAll repeatedly unmounts the given mount point until there
 // are no mounts remaining (EINVAL is returned by mount), which is
 // useful for undoing a stack of mounts on the same mount point.
+// UnmountAll all is noop when the first argument is an empty string.
+// This is done when the containerd client did not specify any rootfs
+// mounts (e.g. because the rootfs is managed outside containerd)
+// UnmountAll is noop when the mount path does not exist.
 func UnmountAll(mount string, flags int) error {
+	if mount == "" {
+		return nil
+	}
+	if _, err := os.Stat(mount); os.IsNotExist(err) {
+		return nil
+	}
+
 	for {
 		if err := unmount(mount, flags); err != nil {
 			// EINVAL is returned if the target is not a
@@ -129,11 +199,13 @@ func UnmountAll(mount string, flags int) error {
 
 // parseMountOptions takes fstab style mount options and parses them for
 // use with a standard mount() syscall
-func parseMountOptions(options []string) (int, string) {
+func parseMountOptions(options []string) (int, string, bool) {
 	var (
-		flag int
-		data []string
+		flag    int
+		losetup bool
+		data    []string
 	)
+	loopOpt := "loop"
 	flags := map[string]struct {
 		clear bool
 		flag  int
@@ -174,11 +246,13 @@ func parseMountOptions(options []string) (int, string) {
 			} else {
 				flag |= f.flag
 			}
+		} else if o == loopOpt {
+			losetup = true
 		} else {
 			data = append(data, o)
 		}
 	}
-	return flag, strings.Join(data, ",")
+	return flag, strings.Join(data, ","), losetup
 }
 
 // compactLowerdirOption updates overlay lowdir option and returns the common
@@ -306,3 +380,45 @@ func mountAt(chdir string, source, target, fstype string, flags uintptr, data st
 	}
 	return errors.Wrap(sys.FMountat(f.Fd(), source, target, fstype, flags, data), "failed to mountat")
 }
+
+func (m *Mount) mountWithHelper(helperBinary, typePrefix, target string) error {
+	// helperBinary: "mount.fuse3"
+	// target: "/foo/merged"
+	// m.Type: "fuse3.fuse-overlayfs"
+	// command: "mount.fuse3 overlay /foo/merged -o lowerdir=/foo/lower2:/foo/lower1,upperdir=/foo/upper,workdir=/foo/work -t fuse-overlayfs"
+	args := []string{m.Source, target}
+	for _, o := range m.Options {
+		args = append(args, "-o", o)
+	}
+	args = append(args, "-t", strings.TrimPrefix(m.Type, typePrefix))
+
+	infoBeforeMount, err := Lookup(target)
+	if err != nil {
+		return err
+	}
+
+	// cmd.CombinedOutput() may intermittently return ECHILD because of our signal handling in shim.
+	// See #4387 and wait(2).
+	const retriesOnECHILD = 10
+	for i := 0; i < retriesOnECHILD; i++ {
+		cmd := exec.Command(helperBinary, args...)
+		out, err := cmd.CombinedOutput()
+		if err == nil {
+			return nil
+		}
+		if !errors.Is(err, unix.ECHILD) {
+			return errors.Wrapf(err, "mount helper [%s %v] failed: %q", helperBinary, args, string(out))
+		}
+		// We got ECHILD, we are not sure whether the mount was successful.
+		// If the mount ID has changed, we are sure we got some new mount, but still not sure it is fully completed.
+		// So we attempt to unmount the new mount before retrying.
+		infoAfterMount, err := Lookup(target)
+		if err != nil {
+			return err
+		}
+		if infoAfterMount.ID != infoBeforeMount.ID {
+			_ = unmount(target, 0)
+		}
+	}
+	return errors.Errorf("mount helper [%s %v] failed with ECHILD (retired %d times)", helperBinary, args, retriesOnECHILD)
+}
diff --git a/vendor/github.com/containerd/containerd/mount/mount_unix.go b/vendor/github.com/containerd/containerd/mount/mount_unix.go
index 6741293f89f8a..ecf569d9c4a0b 100644
--- a/vendor/github.com/containerd/containerd/mount/mount_unix.go
+++ b/vendor/github.com/containerd/containerd/mount/mount_unix.go
@@ -1,4 +1,4 @@
-// +build darwin freebsd
+// +build darwin openbsd
 
 /*
    Copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/containerd/mount/mountinfo.go b/vendor/github.com/containerd/containerd/mount/mountinfo.go
index e7a68402f51f9..a42238d867fd0 100644
--- a/vendor/github.com/containerd/containerd/mount/mountinfo.go
+++ b/vendor/github.com/containerd/containerd/mount/mountinfo.go
@@ -16,41 +16,8 @@
 
 package mount
 
+import "github.com/moby/sys/mountinfo"
+
 // Info reveals information about a particular mounted filesystem. This
 // struct is populated from the content in the /proc/<pid>/mountinfo file.
-type Info struct {
-	// ID is a unique identifier of the mount (may be reused after umount).
-	ID int
-
-	// Parent indicates the ID of the mount parent (or of self for the top of the
-	// mount tree).
-	Parent int
-
-	// Major indicates one half of the device ID which identifies the device class.
-	Major int
-
-	// Minor indicates one half of the device ID which identifies a specific
-	// instance of device.
-	Minor int
-
-	// Root of the mount within the filesystem.
-	Root string
-
-	// Mountpoint indicates the mount point relative to the process's root.
-	Mountpoint string
-
-	// Options represents mount-specific options.
-	Options string
-
-	// Optional represents optional fields.
-	Optional string
-
-	// FSType indicates the type of filesystem, such as EXT3.
-	FSType string
-
-	// Source indicates filesystem specific information or "none".
-	Source string
-
-	// VFSOptions represents per super block options.
-	VFSOptions string
-}
+type Info = mountinfo.Info
diff --git a/vendor/github.com/containerd/containerd/mount/mountinfo_freebsd.go b/vendor/github.com/containerd/containerd/mount/mountinfo_freebsd.go
deleted file mode 100644
index bbe79767e3341..0000000000000
--- a/vendor/github.com/containerd/containerd/mount/mountinfo_freebsd.go
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package mount
-
-/*
-#include <sys/param.h>
-#include <sys/ucred.h>
-#include <sys/mount.h>
-*/
-import "C"
-
-import (
-	"fmt"
-	"reflect"
-	"unsafe"
-)
-
-// Self retrieves a list of mounts for the current running process.
-func Self() ([]Info, error) {
-	var rawEntries *C.struct_statfs
-
-	count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT))
-	if count == 0 {
-		return nil, fmt.Errorf("Failed to call getmntinfo")
-	}
-
-	var entries []C.struct_statfs
-	header := (*reflect.SliceHeader)(unsafe.Pointer(&entries))
-	header.Cap = count
-	header.Len = count
-	header.Data = uintptr(unsafe.Pointer(rawEntries))
-
-	var out []Info
-	for _, entry := range entries {
-		var mountinfo Info
-		mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0])
-		mountinfo.Source = C.GoString(&entry.f_mntfromname[0])
-		mountinfo.FSType = C.GoString(&entry.f_fstypename[0])
-		out = append(out, mountinfo)
-	}
-	return out, nil
-}
-
-// PID collects the mounts for a specific process ID.
-func PID(pid int) ([]Info, error) {
-	return nil, fmt.Errorf("mountinfo.PID is not implemented on freebsd")
-}
diff --git a/vendor/github.com/containerd/containerd/mount/mountinfo_linux.go b/vendor/github.com/containerd/containerd/mount/mountinfo_linux.go
deleted file mode 100644
index a986f8f4ea5d5..0000000000000
--- a/vendor/github.com/containerd/containerd/mount/mountinfo_linux.go
+++ /dev/null
@@ -1,135 +0,0 @@
-// +build linux
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package mount
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"strconv"
-	"strings"
-)
-
-// Self retrieves a list of mounts for the current running process.
-func Self() ([]Info, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	return parseInfoFile(f)
-}
-
-func parseInfoFile(r io.Reader) ([]Info, error) {
-	s := bufio.NewScanner(r)
-	out := []Info{}
-
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
-
-		/*
-		   36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
-		   (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
-		   (1) mount ID:  unique identifier of the mount (may be reused after umount)
-		   (2) parent ID:  ID of parent (or of self for the top of the mount tree)
-		   (3) major:minor:  value of st_dev for files on filesystem
-		   (4) root:  root of the mount within the filesystem
-		   (5) mount point:  mount point relative to the process's root
-		   (6) mount options:  per mount options
-		   (7) optional fields:  zero or more fields of the form "tag[:value]"
-		   (8) separator:  marks the end of the optional fields
-		   (9) filesystem type:  name of filesystem of the form "type[.subtype]"
-		   (10) mount source:  filesystem specific information or "none"
-		   (11) super options:  per super block options
-		*/
-
-		text := s.Text()
-		fields := strings.Split(text, " ")
-		numFields := len(fields)
-		if numFields < 10 {
-			// should be at least 10 fields
-			return nil, fmt.Errorf("Parsing '%s' failed: not enough fields (%d)", text, numFields)
-		}
-		p := Info{}
-		// ignore any numbers parsing errors, as there should not be any
-		p.ID, _ = strconv.Atoi(fields[0])
-		p.Parent, _ = strconv.Atoi(fields[1])
-		mm := strings.Split(fields[2], ":")
-		if len(mm) != 2 {
-			return nil, fmt.Errorf("Parsing '%s' failed: unexpected minor:major pair %s", text, mm)
-		}
-		p.Major, _ = strconv.Atoi(mm[0])
-		p.Minor, _ = strconv.Atoi(mm[1])
-
-		p.Root = fields[3]
-		p.Mountpoint = fields[4]
-		p.Options = fields[5]
-
-		// one or more optional fields, when a separator (-)
-		i := 6
-		for ; i < numFields && fields[i] != "-"; i++ {
-			switch i {
-			case 6:
-				p.Optional = fields[6]
-			default:
-				/* NOTE there might be more optional fields before the separator
-				   such as fields[7]...fields[N] (where N < separatorIndex),
-				   although as of Linux kernel 4.15 the only known ones are
-				   mount propagation flags in fields[6]. The correct
-				   behavior is to ignore any unknown optional fields.
-				*/
-			}
-		}
-		if i == numFields {
-			return nil, fmt.Errorf("Parsing '%s' failed: missing separator ('-')", text)
-		}
-		// There should be 3 fields after the separator...
-		if i+4 > numFields {
-			return nil, fmt.Errorf("Parsing '%s' failed: not enough fields after a separator", text)
-		}
-		// ... but in Linux <= 3.9 mounting a cifs with spaces in a share name
-		// (like "//serv/My Documents") _may_ end up having a space in the last field
-		// of mountinfo (like "unc=//serv/My Documents"). Since kernel 3.10-rc1, cifs
-		// option unc= is ignored,  so a space should not appear. In here we ignore
-		// those "extra" fields caused by extra spaces.
-		p.FSType = fields[i+1]
-		p.Source = fields[i+2]
-		p.VFSOptions = fields[i+3]
-
-		out = append(out, p)
-	}
-	return out, nil
-}
-
-// PID collects the mounts for a specific process ID. If the process
-// ID is unknown, it is better to use `Self` which will inspect
-// "/proc/self/mountinfo" instead.
-func PID(pid int) ([]Info, error) {
-	f, err := os.Open(fmt.Sprintf("/proc/%d/mountinfo", pid))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	return parseInfoFile(f)
-}
diff --git a/vendor/github.com/containerd/containerd/mount/mountinfo_unsupported.go b/vendor/github.com/containerd/containerd/mount/mountinfo_unsupported.go
deleted file mode 100644
index eba602f1a6483..0000000000000
--- a/vendor/github.com/containerd/containerd/mount/mountinfo_unsupported.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// +build !linux,!freebsd,!solaris freebsd,!cgo solaris,!cgo
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package mount
-
-import (
-	"fmt"
-	"runtime"
-)
-
-// Self retrieves a list of mounts for the current running process.
-func Self() ([]Info, error) {
-	return nil, fmt.Errorf("mountinfo.Self is not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// PID collects the mounts for a specific process ID.
-func PID(pid int) ([]Info, error) {
-	return nil, fmt.Errorf("mountinfo.PID is not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
diff --git a/vendor/github.com/containerd/containerd/mount/temp_unix.go b/vendor/github.com/containerd/containerd/mount/temp_unix.go
index 3d490e8a70c71..ed190b8f9db57 100644
--- a/vendor/github.com/containerd/containerd/mount/temp_unix.go
+++ b/vendor/github.com/containerd/containerd/mount/temp_unix.go
@@ -22,7 +22,8 @@ import (
 	"os"
 	"path/filepath"
 	"sort"
-	"strings"
+
+	"github.com/moby/sys/mountinfo"
 )
 
 // SetTempMountLocation sets the temporary mount location
@@ -40,23 +41,20 @@ func SetTempMountLocation(root string) error {
 
 // CleanupTempMounts all temp mounts and remove the directories
 func CleanupTempMounts(flags int) (warnings []error, err error) {
-	mounts, err := Self()
+	mounts, err := mountinfo.GetMounts(mountinfo.PrefixFilter(tempMountLocation))
 	if err != nil {
 		return nil, err
 	}
-	var toUnmount []string
-	for _, m := range mounts {
-		if strings.HasPrefix(m.Mountpoint, tempMountLocation) {
-			toUnmount = append(toUnmount, m.Mountpoint)
-		}
-	}
-	sort.Sort(sort.Reverse(sort.StringSlice(toUnmount)))
-	for _, path := range toUnmount {
-		if err := UnmountAll(path, flags); err != nil {
+	// Make the deepest mount be first
+	sort.Slice(mounts, func(i, j int) bool {
+		return len(mounts[i].Mountpoint) > len(mounts[j].Mountpoint)
+	})
+	for _, mount := range mounts {
+		if err := UnmountAll(mount.Mountpoint, flags); err != nil {
 			warnings = append(warnings, err)
 			continue
 		}
-		if err := os.Remove(path); err != nil {
+		if err := os.Remove(mount.Mountpoint); err != nil {
 			warnings = append(warnings, err)
 		}
 	}
diff --git a/vendor/github.com/containerd/containerd/namespaces.go b/vendor/github.com/containerd/containerd/namespaces.go
index eea70ca33a3e1..4c66406b084ea 100644
--- a/vendor/github.com/containerd/containerd/namespaces.go
+++ b/vendor/github.com/containerd/containerd/namespaces.go
@@ -100,10 +100,18 @@ func (r *remoteNamespaces) List(ctx context.Context) ([]string, error) {
 	return namespaces, nil
 }
 
-func (r *remoteNamespaces) Delete(ctx context.Context, namespace string) error {
-	var req api.DeleteNamespaceRequest
-
-	req.Name = namespace
+func (r *remoteNamespaces) Delete(ctx context.Context, namespace string, opts ...namespaces.DeleteOpts) error {
+	i := namespaces.DeleteInfo{
+		Name: namespace,
+	}
+	for _, o := range opts {
+		if err := o(ctx, &i); err != nil {
+			return err
+		}
+	}
+	req := api.DeleteNamespaceRequest{
+		Name: namespace,
+	}
 	_, err := r.client.Delete(ctx, &req)
 	if err != nil {
 		return errdefs.FromGRPC(err)
diff --git a/vendor/github.com/containerd/containerd/namespaces/context.go b/vendor/github.com/containerd/containerd/namespaces/context.go
index cc5621a68fb15..b53c9012c1b4c 100644
--- a/vendor/github.com/containerd/containerd/namespaces/context.go
+++ b/vendor/github.com/containerd/containerd/namespaces/context.go
@@ -21,6 +21,7 @@ import (
 	"os"
 
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/identifiers"
 	"github.com/pkg/errors"
 )
 
@@ -36,10 +37,9 @@ type namespaceKey struct{}
 // WithNamespace sets a given namespace on the context
 func WithNamespace(ctx context.Context, namespace string) context.Context {
 	ctx = context.WithValue(ctx, namespaceKey{}, namespace) // set our key for namespace
-
-	// also store on the grpc headers so it gets picked up by any clients that
+	// also store on the grpc and ttrpc headers so it gets picked up by any clients that
 	// are using this.
-	return withGRPCNamespaceHeader(ctx, namespace)
+	return withTTRPCNamespaceHeader(withGRPCNamespaceHeader(ctx, namespace), namespace)
 }
 
 // NamespaceFromEnv uses the namespace defined in CONTAINERD_NAMESPACE or
@@ -58,22 +58,21 @@ func NamespaceFromEnv(ctx context.Context) context.Context {
 func Namespace(ctx context.Context) (string, bool) {
 	namespace, ok := ctx.Value(namespaceKey{}).(string)
 	if !ok {
-		return fromGRPCHeader(ctx)
+		if namespace, ok = fromGRPCHeader(ctx); !ok {
+			return fromTTRPCHeader(ctx)
+		}
 	}
-
 	return namespace, ok
 }
 
-// NamespaceRequired returns the valid namepace from the context or an error.
+// NamespaceRequired returns the valid namespace from the context or an error.
 func NamespaceRequired(ctx context.Context) (string, error) {
 	namespace, ok := Namespace(ctx)
 	if !ok || namespace == "" {
 		return "", errors.Wrapf(errdefs.ErrFailedPrecondition, "namespace is required")
 	}
-
-	if err := Validate(namespace); err != nil {
+	if err := identifiers.Validate(namespace); err != nil {
 		return "", errors.Wrap(err, "namespace validation")
 	}
-
 	return namespace, nil
 }
diff --git a/vendor/github.com/containerd/containerd/namespaces/store.go b/vendor/github.com/containerd/containerd/namespaces/store.go
index 0b5c985691977..5936772cb4cb2 100644
--- a/vendor/github.com/containerd/containerd/namespaces/store.go
+++ b/vendor/github.com/containerd/containerd/namespaces/store.go
@@ -33,5 +33,14 @@ type Store interface {
 	List(ctx context.Context) ([]string, error)
 
 	// Delete removes the namespace. The namespace must be empty to be deleted.
-	Delete(ctx context.Context, namespace string) error
+	Delete(ctx context.Context, namespace string, opts ...DeleteOpts) error
 }
+
+// DeleteInfo specifies information for the deletion of a namespace
+type DeleteInfo struct {
+	// Name of the namespace
+	Name string
+}
+
+// DeleteOpts allows the caller to set options for namespace deletion
+type DeleteOpts func(context.Context, *DeleteInfo) error
diff --git a/vendor/github.com/containerd/containerd/namespaces/ttrpc.go b/vendor/github.com/containerd/containerd/namespaces/ttrpc.go
new file mode 100644
index 0000000000000..bcd2643cf5ea2
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/namespaces/ttrpc.go
@@ -0,0 +1,51 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package namespaces
+
+import (
+	"context"
+
+	"github.com/containerd/ttrpc"
+)
+
+const (
+	// TTRPCHeader defines the header name for specifying a containerd namespace
+	TTRPCHeader = "containerd-namespace-ttrpc"
+)
+
+func copyMetadata(src ttrpc.MD) ttrpc.MD {
+	md := ttrpc.MD{}
+	for k, v := range src {
+		md[k] = append(md[k], v...)
+	}
+	return md
+}
+
+func withTTRPCNamespaceHeader(ctx context.Context, namespace string) context.Context {
+	md, ok := ttrpc.GetMetadata(ctx)
+	if !ok {
+		md = ttrpc.MD{}
+	} else {
+		md = copyMetadata(md)
+	}
+	md.Set(TTRPCHeader, namespace)
+	return ttrpc.WithMetadata(ctx, md)
+}
+
+func fromTTRPCHeader(ctx context.Context) (string, bool) {
+	return ttrpc.GetMetadataValue(ctx, TTRPCHeader)
+}
diff --git a/vendor/github.com/containerd/containerd/namespaces/validate.go b/vendor/github.com/containerd/containerd/namespaces/validate.go
deleted file mode 100644
index 222da3ea43597..0000000000000
--- a/vendor/github.com/containerd/containerd/namespaces/validate.go
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-// Package namespaces provides tools for working with namespaces across
-// containerd.
-//
-// Namespaces collect resources such as containers and images, into a unique
-// identifier space. This means that two applications can use the same
-// identifiers and not conflict while using containerd.
-//
-// This package can be used to ensure that client and server functions
-// correctly store the namespace on the context.
-package namespaces
-
-import (
-	"regexp"
-
-	"github.com/containerd/containerd/errdefs"
-	"github.com/pkg/errors"
-)
-
-const (
-	maxLength = 76
-	alpha     = `[A-Za-z]`
-	alphanum  = `[A-Za-z0-9]+`
-	label     = alpha + alphanum + `(:?[-]+` + alpha + alphanum + `)*`
-)
-
-var (
-	// namespaceRe validates that a namespace matches valid identifiers.
-	//
-	// Rules for domains, defined in RFC 1035, section 2.3.1, are used for
-	// namespaces.
-	namespaceRe = regexp.MustCompile(reAnchor(label + reGroup("[.]"+reGroup(label)) + "*"))
-)
-
-// Validate returns nil if the string s is a valid namespace.
-//
-// To allow such namespace identifiers to be used across various contexts
-// safely, the character set has been restricted to that defined for domains in
-// RFC 1035, section 2.3.1. This will make namespace identifiers safe for use
-// across networks, filesystems and other media.
-//
-// The identifier specification departs from RFC 1035 in that it allows
-// "labels" to start with number and only enforces a total length restriction
-// of 76 characters.
-//
-// While the character set may be expanded in the future, namespace identifiers
-// are guaranteed to be safely used as filesystem path components.
-//
-// For the most part, this doesn't need to be called directly when using the
-// context-oriented functions.
-func Validate(s string) error {
-	if len(s) > maxLength {
-		return errors.Wrapf(errdefs.ErrInvalidArgument, "namespace %q greater than maximum length (%d characters)", s, maxLength)
-	}
-
-	if !namespaceRe.MatchString(s) {
-		return errors.Wrapf(errdefs.ErrInvalidArgument, "namespace %q must match %v", s, namespaceRe)
-	}
-	return nil
-}
-
-func reGroup(s string) string {
-	return `(?:` + s + `)`
-}
-
-func reAnchor(s string) string {
-	return `^` + s + `$`
-}
diff --git a/vendor/github.com/containerd/containerd/oci/spec.go b/vendor/github.com/containerd/containerd/oci/spec.go
index b83f40ac65a31..035bb7e7d83d0 100644
--- a/vendor/github.com/containerd/containerd/oci/spec.go
+++ b/vendor/github.com/containerd/containerd/oci/spec.go
@@ -78,7 +78,7 @@ func generateDefaultSpecWithPlatform(ctx context.Context, platform, id string, s
 	return err
 }
 
-// ApplyOpts applys the options to the given spec, injecting data from the
+// ApplyOpts applies the options to the given spec, injecting data from the
 // context, client and container instance.
 func ApplyOpts(ctx context.Context, client Client, c *containers.Container, s *Spec, opts ...SpecOpts) error {
 	for _, o := range opts {
@@ -141,7 +141,6 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error {
 			Path: defaultRootfsPath,
 		},
 		Process: &specs.Process{
-			Env:             defaultUnixEnv,
 			Cwd:             "/",
 			NoNewPrivileges: true,
 			User: specs.User{
@@ -209,6 +208,7 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error {
 		Linux: &specs.Linux{
 			MaskedPaths: []string{
 				"/proc/acpi",
+				"/proc/asound",
 				"/proc/kcore",
 				"/proc/keys",
 				"/proc/latency_stats",
@@ -219,7 +219,6 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error {
 				"/proc/scsi",
 			},
 			ReadonlyPaths: []string{
-				"/proc/asound",
 				"/proc/bus",
 				"/proc/fs",
 				"/proc/irq",
@@ -247,17 +246,8 @@ func populateDefaultWindowsSpec(ctx context.Context, s *Spec, id string) error {
 		Root:    &specs.Root{},
 		Process: &specs.Process{
 			Cwd: `C:\`,
-			ConsoleSize: &specs.Box{
-				Width:  80,
-				Height: 20,
-			},
-		},
-		Windows: &specs.Windows{
-			IgnoreFlushesDuringBoot: true,
-			Network: &specs.WindowsNetwork{
-				AllowUnqualifiedDNSQuery: true,
-			},
 		},
+		Windows: &specs.Windows{},
 	}
 	return nil
 }
diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts.go b/vendor/github.com/containerd/containerd/oci/spec_opts.go
index 8b599f80586c6..5a952f6166459 100644
--- a/vendor/github.com/containerd/containerd/oci/spec_opts.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts.go
@@ -17,6 +17,7 @@
 package oci
 
 import (
+	"bufio"
 	"context"
 	"encoding/json"
 	"fmt"
@@ -33,11 +34,10 @@ import (
 	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/continuity/fs"
-	"github.com/opencontainers/image-spec/specs-go/v1"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/opencontainers/runc/libcontainer/user"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
-	"github.com/syndtr/gocapability/capability"
 )
 
 // SpecOpts sets spec specific information to a newly generated OCI spec
@@ -76,6 +76,35 @@ func setLinux(s *Spec) {
 	}
 }
 
+// nolint
+func setResources(s *Spec) {
+	if s.Linux != nil {
+		if s.Linux.Resources == nil {
+			s.Linux.Resources = &specs.LinuxResources{}
+		}
+	}
+	if s.Windows != nil {
+		if s.Windows.Resources == nil {
+			s.Windows.Resources = &specs.WindowsResources{}
+		}
+	}
+}
+
+// nolint
+func setCPU(s *Spec) {
+	setResources(s)
+	if s.Linux != nil {
+		if s.Linux.Resources.CPU == nil {
+			s.Linux.Resources.CPU = &specs.LinuxCPU{}
+		}
+	}
+	if s.Windows != nil {
+		if s.Windows.Resources.CPU == nil {
+			s.Windows.Resources.CPU = &specs.WindowsCPUResources{}
+		}
+	}
+}
+
 // setCapabilities sets Linux Capabilities to empty if unset
 func setCapabilities(s *Spec) {
 	setProcess(s)
@@ -104,7 +133,7 @@ func WithDefaultSpecForPlatform(platform string) SpecOpts {
 	}
 }
 
-// WithSpecFromBytes loads the the spec from the provided byte slice.
+// WithSpecFromBytes loads the spec from the provided byte slice.
 func WithSpecFromBytes(p []byte) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
 		*s = Spec{} // make sure spec is cleared.
@@ -137,12 +166,21 @@ func WithEnv(environmentVariables []string) SpecOpts {
 	}
 }
 
+// WithDefaultPathEnv sets the $PATH environment variable to the
+// default PATH defined in this package.
+func WithDefaultPathEnv(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	s.Process.Env = replaceOrAppendEnvValues(s.Process.Env, defaultUnixEnv)
+	return nil
+}
+
 // replaceOrAppendEnvValues returns the defaults with the overrides either
 // replaced by env key or appended to the list
 func replaceOrAppendEnvValues(defaults, overrides []string) []string {
 	cache := make(map[string]int, len(defaults))
+	results := make([]string, 0, len(defaults))
 	for i, e := range defaults {
 		parts := strings.SplitN(e, "=", 2)
+		results = append(results, e)
 		cache[parts[0]] = i
 	}
 
@@ -150,7 +188,7 @@ func replaceOrAppendEnvValues(defaults, overrides []string) []string {
 		// Values w/o = means they want this env to be removed/unset.
 		if !strings.Contains(value, "=") {
 			if i, exists := cache[value]; exists {
-				defaults[i] = "" // Used to indicate it should be removed
+				results[i] = "" // Used to indicate it should be removed
 			}
 			continue
 		}
@@ -158,21 +196,21 @@ func replaceOrAppendEnvValues(defaults, overrides []string) []string {
 		// Just do a normal set/update
 		parts := strings.SplitN(value, "=", 2)
 		if i, exists := cache[parts[0]]; exists {
-			defaults[i] = value
+			results[i] = value
 		} else {
-			defaults = append(defaults, value)
+			results = append(results, value)
 		}
 	}
 
 	// Now remove all entries that we want to "unset"
-	for i := 0; i < len(defaults); i++ {
-		if defaults[i] == "" {
-			defaults = append(defaults[:i], defaults[i+1:]...)
+	for i := 0; i < len(results); i++ {
+		if results[i] == "" {
+			results = append(results[:i], results[i+1:]...)
 			i--
 		}
 	}
 
-	return defaults
+	return results
 }
 
 // WithProcessArgs replaces the args on the generated spec
@@ -235,6 +273,28 @@ func WithMounts(mounts []specs.Mount) SpecOpts {
 	}
 }
 
+// WithoutMounts removes mounts
+func WithoutMounts(dests ...string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		var (
+			mounts  []specs.Mount
+			current = s.Mounts
+		)
+	mLoop:
+		for _, m := range current {
+			mDestination := filepath.Clean(m.Destination)
+			for _, dest := range dests {
+				if mDestination == dest {
+					continue mLoop
+				}
+			}
+			mounts = append(mounts, m)
+		}
+		s.Mounts = mounts
+		return nil
+	}
+}
+
 // WithHostNamespace allows a task to run inside the host's linux namespace
 func WithHostNamespace(ns specs.LinuxNamespaceType) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
@@ -256,10 +316,7 @@ func WithLinuxNamespace(ns specs.LinuxNamespace) SpecOpts {
 		setLinux(s)
 		for i, n := range s.Linux.Namespaces {
 			if n.Type == ns.Type {
-				before := s.Linux.Namespaces[:i]
-				after := s.Linux.Namespaces[i+1:]
-				s.Linux.Namespaces = append(before, ns)
-				s.Linux.Namespaces = append(s.Linux.Namespaces, after...)
+				s.Linux.Namespaces[i] = ns
 				return nil
 			}
 		}
@@ -310,7 +367,11 @@ func WithImageConfigArgs(image Image, args []string) SpecOpts {
 
 		setProcess(s)
 		if s.Linux != nil {
-			s.Process.Env = append(s.Process.Env, config.Env...)
+			defaults := config.Env
+			if len(defaults) == 0 {
+				defaults = defaultUnixEnv
+			}
+			s.Process.Env = replaceOrAppendEnvValues(defaults, s.Process.Env)
 			cmd := config.Cmd
 			if len(args) > 0 {
 				cmd = args
@@ -332,8 +393,14 @@ func WithImageConfigArgs(image Image, args []string) SpecOpts {
 			// even if there is no specified user in the image config
 			return WithAdditionalGIDs("root")(ctx, client, c, s)
 		} else if s.Windows != nil {
-			s.Process.Env = config.Env
-			s.Process.Args = append(config.Entrypoint, config.Cmd...)
+			s.Process.Env = replaceOrAppendEnvValues(config.Env, s.Process.Env)
+			cmd := config.Cmd
+			if len(args) > 0 {
+				cmd = args
+			}
+			s.Process.Args = append(config.Entrypoint, cmd...)
+
+			s.Process.Cwd = config.WorkingDir
 			s.Process.User = specs.User{
 				Username: config.User,
 			}
@@ -405,7 +472,7 @@ func WithHostLocaltime(_ context.Context, _ Client, _ *containers.Container, s *
 
 // WithUserNamespace sets the uid and gid mappings for the task
 // this can be called multiple times to add more mappings to the generated spec
-func WithUserNamespace(container, host, size uint32) SpecOpts {
+func WithUserNamespace(uidMap, gidMap []specs.LinuxIDMapping) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
 		var hasUserns bool
 		setLinux(s)
@@ -420,13 +487,8 @@ func WithUserNamespace(container, host, size uint32) SpecOpts {
 				Type: specs.UserNamespace,
 			})
 		}
-		mapping := specs.LinuxIDMapping{
-			ContainerID: container,
-			HostID:      host,
-			Size:        size,
-		}
-		s.Linux.UIDMappings = append(s.Linux.UIDMappings, mapping)
-		s.Linux.GIDMappings = append(s.Linux.GIDMappings, mapping)
+		s.Linux.UIDMappings = append(s.Linux.UIDMappings, uidMap...)
+		s.Linux.GIDMappings = append(s.Linux.GIDMappings, gidMap...)
 		return nil
 	}
 }
@@ -492,7 +554,7 @@ func WithUser(userstr string) SpecOpts {
 			}
 			f := func(root string) error {
 				if username != "" {
-					user, err := getUserFromPath(root, func(u user.User) bool {
+					user, err := UserFromPath(root, func(u user.User) bool {
 						return u.Name == username
 					})
 					if err != nil {
@@ -501,7 +563,7 @@ func WithUser(userstr string) SpecOpts {
 					uid = uint32(user.Uid)
 				}
 				if groupname != "" {
-					gid, err = getGIDFromPath(root, func(g user.Group) bool {
+					gid, err = GIDFromPath(root, func(g user.Group) bool {
 						return g.Name == groupname
 					})
 					if err != nil {
@@ -556,11 +618,11 @@ func WithUserID(uid uint32) SpecOpts {
 			if !isRootfsAbs(s.Root.Path) {
 				return errors.Errorf("rootfs absolute path is required")
 			}
-			user, err := getUserFromPath(s.Root.Path, func(u user.User) bool {
+			user, err := UserFromPath(s.Root.Path, func(u user.User) bool {
 				return u.Uid == int(uid)
 			})
 			if err != nil {
-				if os.IsNotExist(err) || err == errNoUsersFound {
+				if os.IsNotExist(err) || err == ErrNoUsersFound {
 					s.Process.User.UID, s.Process.User.GID = uid, 0
 					return nil
 				}
@@ -582,11 +644,11 @@ func WithUserID(uid uint32) SpecOpts {
 			return err
 		}
 		return mount.WithTempMount(ctx, mounts, func(root string) error {
-			user, err := getUserFromPath(root, func(u user.User) bool {
+			user, err := UserFromPath(root, func(u user.User) bool {
 				return u.Uid == int(uid)
 			})
 			if err != nil {
-				if os.IsNotExist(err) || err == errNoUsersFound {
+				if os.IsNotExist(err) || err == ErrNoUsersFound {
 					s.Process.User.UID, s.Process.User.GID = uid, 0
 					return nil
 				}
@@ -599,7 +661,7 @@ func WithUserID(uid uint32) SpecOpts {
 }
 
 // WithUsername sets the correct UID and GID for the container
-// based on the the image's /etc/passwd contents. If /etc/passwd
+// based on the image's /etc/passwd contents. If /etc/passwd
 // does not exist, or the username is not found in /etc/passwd,
 // it returns error.
 func WithUsername(username string) SpecOpts {
@@ -610,7 +672,7 @@ func WithUsername(username string) SpecOpts {
 				if !isRootfsAbs(s.Root.Path) {
 					return errors.Errorf("rootfs absolute path is required")
 				}
-				user, err := getUserFromPath(s.Root.Path, func(u user.User) bool {
+				user, err := UserFromPath(s.Root.Path, func(u user.User) bool {
 					return u.Name == username
 				})
 				if err != nil {
@@ -631,7 +693,7 @@ func WithUsername(username string) SpecOpts {
 				return err
 			}
 			return mount.WithTempMount(ctx, mounts, func(root string) error {
-				user, err := getUserFromPath(root, func(u user.User) bool {
+				user, err := UserFromPath(root, func(u user.User) bool {
 					return u.Name == username
 				})
 				if err != nil {
@@ -663,11 +725,11 @@ func WithAdditionalGIDs(userstr string) SpecOpts {
 			var username string
 			uid, err := strconv.Atoi(userstr)
 			if err == nil {
-				user, err := getUserFromPath(root, func(u user.User) bool {
+				user, err := UserFromPath(root, func(u user.User) bool {
 					return u.Uid == uid
 				})
 				if err != nil {
-					if os.IsNotExist(err) || err == errNoUsersFound {
+					if os.IsNotExist(err) || err == ErrNoUsersFound {
 						return nil
 					}
 					return err
@@ -732,23 +794,62 @@ func WithCapabilities(caps []string) SpecOpts {
 	}
 }
 
-// WithAllCapabilities sets all linux capabilities for the process
-var WithAllCapabilities = WithCapabilities(getAllCapabilities())
-
-func getAllCapabilities() []string {
-	last := capability.CAP_LAST_CAP
-	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
-	if last == capability.Cap(63) {
-		last = capability.CAP_BLOCK_SUSPEND
+func capsContain(caps []string, s string) bool {
+	for _, c := range caps {
+		if c == s {
+			return true
+		}
 	}
-	var caps []string
-	for _, cap := range capability.List() {
-		if cap > last {
+	return false
+}
+
+func removeCap(caps *[]string, s string) {
+	var newcaps []string
+	for _, c := range *caps {
+		if c == s {
 			continue
 		}
-		caps = append(caps, "CAP_"+strings.ToUpper(cap.String()))
+		newcaps = append(newcaps, c)
+	}
+	*caps = newcaps
+}
+
+// WithAddedCapabilities adds the provided capabilities
+func WithAddedCapabilities(caps []string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		setCapabilities(s)
+		for _, c := range caps {
+			for _, cl := range []*[]string{
+				&s.Process.Capabilities.Bounding,
+				&s.Process.Capabilities.Effective,
+				&s.Process.Capabilities.Permitted,
+				&s.Process.Capabilities.Inheritable,
+			} {
+				if !capsContain(*cl, c) {
+					*cl = append(*cl, c)
+				}
+			}
+		}
+		return nil
+	}
+}
+
+// WithDroppedCapabilities removes the provided capabilities
+func WithDroppedCapabilities(caps []string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		setCapabilities(s)
+		for _, c := range caps {
+			for _, cl := range []*[]string{
+				&s.Process.Capabilities.Bounding,
+				&s.Process.Capabilities.Effective,
+				&s.Process.Capabilities.Permitted,
+				&s.Process.Capabilities.Inheritable,
+			} {
+				removeCap(cl, c)
+			}
+		}
+		return nil
 	}
-	return caps
 }
 
 // WithAmbientCapabilities set the Linux ambient capabilities for the process
@@ -763,9 +864,12 @@ func WithAmbientCapabilities(caps []string) SpecOpts {
 	}
 }
 
-var errNoUsersFound = errors.New("no users found")
+// ErrNoUsersFound can be returned from UserFromPath
+var ErrNoUsersFound = errors.New("no users found")
 
-func getUserFromPath(root string, filter func(user.User) bool) (user.User, error) {
+// UserFromPath inspects the user object using /etc/passwd in the specified rootfs.
+// filter can be nil.
+func UserFromPath(root string, filter func(user.User) bool) (user.User, error) {
 	ppath, err := fs.RootPath(root, "/etc/passwd")
 	if err != nil {
 		return user.User{}, err
@@ -775,14 +879,17 @@ func getUserFromPath(root string, filter func(user.User) bool) (user.User, error
 		return user.User{}, err
 	}
 	if len(users) == 0 {
-		return user.User{}, errNoUsersFound
+		return user.User{}, ErrNoUsersFound
 	}
 	return users[0], nil
 }
 
-var errNoGroupsFound = errors.New("no groups found")
+// ErrNoGroupsFound can be returned from GIDFromPath
+var ErrNoGroupsFound = errors.New("no groups found")
 
-func getGIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err error) {
+// GIDFromPath inspects the GID using /etc/passwd in the specified rootfs.
+// filter can be nil.
+func GIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err error) {
 	gpath, err := fs.RootPath(root, "/etc/group")
 	if err != nil {
 		return 0, err
@@ -792,7 +899,7 @@ func getGIDFromPath(root string, filter func(user.Group) bool) (gid uint32, err
 		return 0, err
 	}
 	if len(groups) == 0 {
-		return 0, errNoGroupsFound
+		return 0, ErrNoGroupsFound
 	}
 	g := groups[0]
 	return uint32(g.Gid), nil
@@ -842,16 +949,13 @@ func WithReadonlyPaths(paths []string) SpecOpts {
 
 // WithWriteableSysfs makes any sysfs mounts writeable
 func WithWriteableSysfs(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
-	for i, m := range s.Mounts {
+	for _, m := range s.Mounts {
 		if m.Type == "sysfs" {
-			var options []string
-			for _, o := range m.Options {
+			for i, o := range m.Options {
 				if o == "ro" {
-					o = "rw"
+					m.Options[i] = "rw"
 				}
-				options = append(options, o)
 			}
-			s.Mounts[i].Options = options
 		}
 	}
 	return nil
@@ -859,16 +963,13 @@ func WithWriteableSysfs(_ context.Context, _ Client, _ *containers.Container, s
 
 // WithWriteableCgroupfs makes any cgroup mounts writeable
 func WithWriteableCgroupfs(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
-	for i, m := range s.Mounts {
+	for _, m := range s.Mounts {
 		if m.Type == "cgroup" {
-			var options []string
-			for _, o := range m.Options {
+			for i, o := range m.Options {
 				if o == "ro" {
-					o = "rw"
+					m.Options[i] = "rw"
 				}
-				options = append(options, o)
 			}
-			s.Mounts[i].Options = options
 		}
 	}
 	return nil
@@ -910,6 +1011,21 @@ func WithParentCgroupDevices(_ context.Context, _ Client, _ *containers.Containe
 	return nil
 }
 
+// WithAllDevicesAllowed permits READ WRITE MKNOD on all devices nodes for the container
+func WithAllDevicesAllowed(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	setLinux(s)
+	if s.Linux.Resources == nil {
+		s.Linux.Resources = &specs.LinuxResources{}
+	}
+	s.Linux.Resources.Devices = []specs.LinuxDeviceCgroup{
+		{
+			Allow:  true,
+			Access: rwm,
+		},
+	}
+	return nil
+}
+
 // WithDefaultUnixDevices adds the default devices for unix such as /dev/null, /dev/random to
 // the container's resource cgroup spec
 func WithDefaultUnixDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
@@ -1004,9 +1120,8 @@ func WithDefaultUnixDevices(_ context.Context, _ Client, _ *containers.Container
 }
 
 // WithPrivileged sets up options for a privileged container
-// TODO(justincormack) device handling
 var WithPrivileged = Compose(
-	WithAllCapabilities,
+	WithAllCurrentCapabilities,
 	WithMaskedPaths(nil),
 	WithReadonlyPaths(nil),
 	WithWriteableSysfs,
@@ -1026,3 +1141,126 @@ func WithWindowsHyperV(_ context.Context, _ Client, _ *containers.Container, s *
 	}
 	return nil
 }
+
+// WithMemoryLimit sets the `Linux.LinuxResources.Memory.Limit` section to the
+// `limit` specified if the `Linux` section is not `nil`. Additionally sets the
+// `Windows.WindowsResources.Memory.Limit` section if the `Windows` section is
+// not `nil`.
+func WithMemoryLimit(limit uint64) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		if s.Linux != nil {
+			if s.Linux.Resources == nil {
+				s.Linux.Resources = &specs.LinuxResources{}
+			}
+			if s.Linux.Resources.Memory == nil {
+				s.Linux.Resources.Memory = &specs.LinuxMemory{}
+			}
+			l := int64(limit)
+			s.Linux.Resources.Memory.Limit = &l
+		}
+		if s.Windows != nil {
+			if s.Windows.Resources == nil {
+				s.Windows.Resources = &specs.WindowsResources{}
+			}
+			if s.Windows.Resources.Memory == nil {
+				s.Windows.Resources.Memory = &specs.WindowsMemoryResources{}
+			}
+			s.Windows.Resources.Memory.Limit = &limit
+		}
+		return nil
+	}
+}
+
+// WithAnnotations appends or replaces the annotations on the spec with the
+// provided annotations
+func WithAnnotations(annotations map[string]string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		if s.Annotations == nil {
+			s.Annotations = make(map[string]string)
+		}
+		for k, v := range annotations {
+			s.Annotations[k] = v
+		}
+		return nil
+	}
+}
+
+// WithLinuxDevices adds the provided linux devices to the spec
+func WithLinuxDevices(devices []specs.LinuxDevice) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		setLinux(s)
+		s.Linux.Devices = append(s.Linux.Devices, devices...)
+		return nil
+	}
+}
+
+// WithLinuxDevice adds the device specified by path to the spec
+func WithLinuxDevice(path, permissions string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		setLinux(s)
+		setResources(s)
+
+		dev, err := deviceFromPath(path)
+		if err != nil {
+			return err
+		}
+
+		s.Linux.Devices = append(s.Linux.Devices, *dev)
+
+		s.Linux.Resources.Devices = append(s.Linux.Resources.Devices, specs.LinuxDeviceCgroup{
+			Type:   dev.Type,
+			Allow:  true,
+			Major:  &dev.Major,
+			Minor:  &dev.Minor,
+			Access: permissions,
+		})
+
+		return nil
+	}
+}
+
+// WithEnvFile adds environment variables from a file to the container's spec
+func WithEnvFile(path string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		var vars []string
+		f, err := os.Open(path)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+
+		sc := bufio.NewScanner(f)
+		for sc.Scan() {
+			vars = append(vars, sc.Text())
+		}
+		if err = sc.Err(); err != nil {
+			return err
+		}
+		return WithEnv(vars)(nil, nil, nil, s)
+	}
+}
+
+// ErrNoShmMount is returned when there is no /dev/shm mount specified in the config
+// and an Opts was trying to set a configuration value on the mount.
+var ErrNoShmMount = errors.New("no /dev/shm mount specified")
+
+// WithDevShmSize sets the size of the /dev/shm mount for the container.
+//
+// The size value is specified in kb, kilobytes.
+func WithDevShmSize(kb int64) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		for _, m := range s.Mounts {
+			if m.Source == "shm" && m.Type == "tmpfs" {
+				for i, o := range m.Options {
+					if strings.HasPrefix(o, "size=") {
+						m.Options[i] = fmt.Sprintf("size=%dk", kb)
+						return nil
+					}
+				}
+				m.Options = append(m.Options, fmt.Sprintf("size=%dk", kb))
+				return nil
+			}
+		}
+		return ErrNoShmMount
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts_linux.go b/vendor/github.com/containerd/containerd/oci/spec_opts_linux.go
new file mode 100644
index 0000000000000..ae8c0a7d8f985
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_linux.go
@@ -0,0 +1,145 @@
+// +build linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package oci
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/pkg/cap"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// WithHostDevices adds all the hosts device nodes to the container's spec
+func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	setLinux(s)
+
+	devs, err := HostDevices()
+	if err != nil {
+		return err
+	}
+	s.Linux.Devices = append(s.Linux.Devices, devs...)
+	return nil
+}
+
+// WithDevices recursively adds devices from the passed in path and associated cgroup rules for that device.
+// If devicePath is a dir it traverses the dir to add all devices in that dir.
+// If devicePath is not a dir, it attempts to add the single device.
+// If containerPath is not set then the device path is used for the container path.
+func WithDevices(devicePath, containerPath, permissions string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		devs, err := getDevices(devicePath, containerPath)
+		if err != nil {
+			return err
+		}
+		for i := range devs {
+			s.Linux.Devices = append(s.Linux.Devices, devs[i])
+			s.Linux.Resources.Devices = append(s.Linux.Resources.Devices, specs.LinuxDeviceCgroup{
+				Allow:  true,
+				Type:   devs[i].Type,
+				Major:  &devs[i].Major,
+				Minor:  &devs[i].Minor,
+				Access: permissions,
+			})
+		}
+		return nil
+	}
+}
+
+// WithMemorySwap sets the container's swap in bytes
+func WithMemorySwap(swap int64) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		setResources(s)
+		if s.Linux.Resources.Memory == nil {
+			s.Linux.Resources.Memory = &specs.LinuxMemory{}
+		}
+		s.Linux.Resources.Memory.Swap = &swap
+		return nil
+	}
+}
+
+// WithPidsLimit sets the container's pid limit or maximum
+func WithPidsLimit(limit int64) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		setResources(s)
+		if s.Linux.Resources.Pids == nil {
+			s.Linux.Resources.Pids = &specs.LinuxPids{}
+		}
+		s.Linux.Resources.Pids.Limit = limit
+		return nil
+	}
+}
+
+// WithCPUShares sets the container's cpu shares
+func WithCPUShares(shares uint64) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		setCPU(s)
+		s.Linux.Resources.CPU.Shares = &shares
+		return nil
+	}
+}
+
+// WithCPUs sets the container's cpus/cores for use by the container
+func WithCPUs(cpus string) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		setCPU(s)
+		s.Linux.Resources.CPU.Cpus = cpus
+		return nil
+	}
+}
+
+// WithCPUsMems sets the container's cpu mems for use by the container
+func WithCPUsMems(mems string) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		setCPU(s)
+		s.Linux.Resources.CPU.Mems = mems
+		return nil
+	}
+}
+
+// WithCPUCFS sets the container's Completely fair scheduling (CFS) quota and period
+func WithCPUCFS(quota int64, period uint64) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		setCPU(s)
+		s.Linux.Resources.CPU.Quota = &quota
+		s.Linux.Resources.CPU.Period = &period
+		return nil
+	}
+}
+
+// WithAllCurrentCapabilities propagates the effective capabilities of the caller process to the container process.
+// The capability set may differ from WithAllKnownCapabilities when running in a container.
+var WithAllCurrentCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
+	caps, err := cap.Current()
+	if err != nil {
+		return err
+	}
+	return WithCapabilities(caps)(ctx, client, c, s)
+}
+
+// WithAllKnownCapabilities sets all the the known linux capabilities for the container process
+var WithAllKnownCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
+	caps := cap.Known()
+	return WithCapabilities(caps)(ctx, client, c, s)
+}
+
+// WithoutRunMount removes the `/run` inside the spec
+func WithoutRunMount(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
+	return WithoutMounts("/run")(ctx, client, c, s)
+}
diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts_nonlinux.go b/vendor/github.com/containerd/containerd/oci/spec_opts_nonlinux.go
new file mode 100644
index 0000000000000..77a1636387dcc
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_nonlinux.go
@@ -0,0 +1,38 @@
+// +build !linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package oci
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/containers"
+)
+
+// WithAllCurrentCapabilities propagates the effective capabilities of the caller process to the container process.
+// The capability set may differ from WithAllKnownCapabilities when running in a container.
+//nolint: deadcode, unused
+var WithAllCurrentCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
+	return WithCapabilities(nil)(ctx, client, c, s)
+}
+
+// WithAllKnownCapabilities sets all the the known linux capabilities for the container process
+//nolint: deadcode, unused
+var WithAllKnownCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
+	return WithCapabilities(nil)(ctx, client, c, s)
+}
diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go b/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go
new file mode 100644
index 0000000000000..80a522356761c
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go
@@ -0,0 +1,58 @@
+// +build !linux,!windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package oci
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/containers"
+)
+
+// WithHostDevices adds all the hosts device nodes to the container's spec
+func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	setLinux(s)
+
+	devs, err := HostDevices()
+	if err != nil {
+		return err
+	}
+	s.Linux.Devices = append(s.Linux.Devices, devs...)
+	return nil
+}
+
+// WithDevices recursively adds devices from the passed in path and associated cgroup rules for that device.
+// If devicePath is a dir it traverses the dir to add all devices in that dir.
+// If devicePath is not a dir, it attempts to add the single device.
+func WithDevices(devicePath, containerPath, permissions string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		devs, err := getDevices(devicePath, containerPath)
+		if err != nil {
+			return err
+		}
+		s.Linux.Devices = append(s.Linux.Devices, devs...)
+		return nil
+	}
+}
+
+// WithCPUCFS sets the container's Completely fair scheduling (CFS) quota and period
+func WithCPUCFS(quota int64, period uint64) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		return nil
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go b/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go
new file mode 100644
index 0000000000000..126a89ec83a96
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go
@@ -0,0 +1,79 @@
+// +build windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package oci
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/containers"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+// WithWindowsCPUCount sets the `Windows.Resources.CPU.Count` section to the
+// `count` specified.
+func WithWindowsCPUCount(count uint64) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		if s.Windows.Resources == nil {
+			s.Windows.Resources = &specs.WindowsResources{}
+		}
+		if s.Windows.Resources.CPU == nil {
+			s.Windows.Resources.CPU = &specs.WindowsCPUResources{}
+		}
+		s.Windows.Resources.CPU.Count = &count
+		return nil
+	}
+}
+
+// WithWindowsIgnoreFlushesDuringBoot sets `Windows.IgnoreFlushesDuringBoot`.
+func WithWindowsIgnoreFlushesDuringBoot() SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		if s.Windows == nil {
+			s.Windows = &specs.Windows{}
+		}
+		s.Windows.IgnoreFlushesDuringBoot = true
+		return nil
+	}
+}
+
+// WithWindowNetworksAllowUnqualifiedDNSQuery sets `Windows.Network.AllowUnqualifiedDNSQuery`.
+func WithWindowNetworksAllowUnqualifiedDNSQuery() SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		if s.Windows == nil {
+			s.Windows = &specs.Windows{}
+		}
+		if s.Windows.Network == nil {
+			s.Windows.Network = &specs.WindowsNetwork{}
+		}
+
+		s.Windows.Network.AllowUnqualifiedDNSQuery = true
+		return nil
+	}
+}
+
+// WithHostDevices adds all the hosts device nodes to the container's spec
+//
+// Not supported on windows
+func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	return nil
+}
+
+func deviceFromPath(path string) (*specs.LinuxDevice, error) {
+	return nil, errors.New("device from path not supported on Windows")
+}
diff --git a/vendor/github.com/containerd/containerd/oci/utils_unix.go b/vendor/github.com/containerd/containerd/oci/utils_unix.go
new file mode 100644
index 0000000000000..108cacf5b8bfd
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/oci/utils_unix.go
@@ -0,0 +1,137 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package oci
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+var errNotADevice = errors.New("not a device node")
+
+// HostDevices returns all devices that can be found under /dev directory.
+func HostDevices() ([]specs.LinuxDevice, error) {
+	return getDevices("/dev", "")
+}
+
+func getDevices(path, containerPath string) ([]specs.LinuxDevice, error) {
+	stat, err := os.Stat(path)
+	if err != nil {
+		return nil, errors.Wrap(err, "error stating device path")
+	}
+
+	if !stat.IsDir() {
+		dev, err := deviceFromPath(path)
+		if err != nil {
+			return nil, err
+		}
+		if containerPath != "" {
+			dev.Path = containerPath
+		}
+		return []specs.LinuxDevice{*dev}, nil
+	}
+
+	files, err := ioutil.ReadDir(path)
+	if err != nil {
+		return nil, err
+	}
+	var out []specs.LinuxDevice
+	for _, f := range files {
+		switch {
+		case f.IsDir():
+			switch f.Name() {
+			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
+			// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
+			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
+				continue
+			default:
+				var cp string
+				if containerPath != "" {
+					cp = filepath.Join(containerPath, filepath.Base(f.Name()))
+				}
+				sub, err := getDevices(filepath.Join(path, f.Name()), cp)
+				if err != nil {
+					return nil, err
+				}
+
+				out = append(out, sub...)
+				continue
+			}
+		case f.Name() == "console":
+			continue
+		}
+		device, err := deviceFromPath(filepath.Join(path, f.Name()))
+		if err != nil {
+			if err == errNotADevice {
+				continue
+			}
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, err
+		}
+		if containerPath != "" {
+			device.Path = filepath.Join(containerPath, filepath.Base(f.Name()))
+		}
+		out = append(out, *device)
+	}
+	return out, nil
+}
+
+func deviceFromPath(path string) (*specs.LinuxDevice, error) {
+	var stat unix.Stat_t
+	if err := unix.Lstat(path, &stat); err != nil {
+		return nil, err
+	}
+
+	var (
+		devNumber = uint64(stat.Rdev) //nolint: unconvert // the type is 32bit on mips.
+		major     = unix.Major(devNumber)
+		minor     = unix.Minor(devNumber)
+	)
+	if major == 0 {
+		return nil, errNotADevice
+	}
+
+	var (
+		devType string
+		mode    = stat.Mode
+	)
+	switch {
+	case mode&unix.S_IFBLK == unix.S_IFBLK:
+		devType = "b"
+	case mode&unix.S_IFCHR == unix.S_IFCHR:
+		devType = "c"
+	}
+	fm := os.FileMode(mode &^ unix.S_IFMT)
+	return &specs.LinuxDevice{
+		Type:     devType,
+		Path:     path,
+		Major:    int64(major),
+		Minor:    int64(minor),
+		FileMode: &fm,
+		UID:      &stat.Uid,
+		GID:      &stat.Gid,
+	}, nil
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor.go b/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor.go
new file mode 100644
index 0000000000000..dd4d860c0ee6d
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor.go
@@ -0,0 +1,27 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package apparmor
+
+// HostSupports returns true if apparmor is enabled for the host, // On non-Linux returns false
+// On Linux returns true if apparmor_parser is enabled, and if we
+//  are not running docker-in-docker.
+//
+//  It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
+//  check for apparmor_parser to be present, or if we're running docker-in-docker.
+func HostSupports() bool {
+	return hostSupports()
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor_linux.go b/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor_linux.go
new file mode 100644
index 0000000000000..ee3858583e838
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor_linux.go
@@ -0,0 +1,48 @@
+// +build linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package apparmor
+
+import (
+	"io/ioutil"
+	"os"
+	"sync"
+)
+
+var (
+	appArmorSupported bool
+	checkAppArmor     sync.Once
+)
+
+// hostSupports returns true if apparmor is enabled for the host, if
+// apparmor_parser is enabled, and if we are not running docker-in-docker.
+//
+// It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
+// check for apparmor_parser to be present, or if we're running docker-in-docker.
+func hostSupports() bool {
+	checkAppArmor.Do(func() {
+		// see https://github.com/docker/docker/commit/de191e86321f7d3136ff42ff75826b8107399497
+		if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
+			if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
+				buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
+				appArmorSupported = err == nil && len(buf) > 1 && buf[0] == 'Y'
+			}
+		}
+	})
+	return appArmorSupported
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor_unsupported.go b/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor_unsupported.go
new file mode 100644
index 0000000000000..428d36424d591
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/apparmor/apparmor_unsupported.go
@@ -0,0 +1,23 @@
+// +build !linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package apparmor
+
+func hostSupports() bool {
+	return false
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/cap/cap_linux.go b/vendor/github.com/containerd/containerd/pkg/cap/cap_linux.go
new file mode 100644
index 0000000000000..35772a4d857d1
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/cap/cap_linux.go
@@ -0,0 +1,192 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+// Package cap provides Linux capability utility
+package cap
+
+import (
+	"bufio"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+// FromNumber returns a cap string like "CAP_SYS_ADMIN"
+// that corresponds to the given number like 21.
+//
+// FromNumber returns an empty string for unknown cap number.
+func FromNumber(num int) string {
+	if num < 0 || num > len(capsLatest)-1 {
+		return ""
+	}
+	return capsLatest[num]
+}
+
+// FromBitmap parses an uint64 bitmap into string slice like
+// []{"CAP_SYS_ADMIN", ...}.
+//
+// Unknown cap numbers are returned as []int.
+func FromBitmap(v uint64) ([]string, []int) {
+	var (
+		res     []string
+		unknown []int
+	)
+	for i := 0; i <= 63; i++ {
+		if b := (v >> i) & 0x1; b == 0x1 {
+			if s := FromNumber(i); s != "" {
+				res = append(res, s)
+			} else {
+				unknown = append(unknown, i)
+			}
+		}
+	}
+	return res, unknown
+}
+
+// Type is the type of capability
+type Type int
+
+const (
+	// Effective is CapEff
+	Effective Type = 1 << iota
+	// Permitted is CapPrm
+	Permitted
+	// Inheritable is CapInh
+	Inheritable
+	// Bounding is CapBnd
+	Bounding
+	// Ambient is CapAmb
+	Ambient
+)
+
+// ParseProcPIDStatus returns uint64 bitmap value from /proc/<PID>/status file
+func ParseProcPIDStatus(r io.Reader) (map[Type]uint64, error) {
+	res := make(map[Type]uint64)
+	scanner := bufio.NewScanner(r)
+	for scanner.Scan() {
+		line := scanner.Text()
+		pair := strings.SplitN(line, ":", 2)
+		if len(pair) != 2 {
+			continue
+		}
+		k := strings.TrimSpace(pair[0])
+		v := strings.TrimSpace(pair[1])
+		switch k {
+		case "CapInh", "CapPrm", "CapEff", "CapBnd", "CapAmb":
+			ui64, err := strconv.ParseUint(v, 16, 64)
+			if err != nil {
+				return nil, errors.Errorf("failed to parse line %q", line)
+			}
+			switch k {
+			case "CapInh":
+				res[Inheritable] = ui64
+			case "CapPrm":
+				res[Permitted] = ui64
+			case "CapEff":
+				res[Effective] = ui64
+			case "CapBnd":
+				res[Bounding] = ui64
+			case "CapAmb":
+				res[Ambient] = ui64
+			}
+		}
+	}
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
+// Current returns the list of the effective and the known caps of
+// the current process.
+//
+// The result is like []string{"CAP_SYS_ADMIN", ...}.
+//
+// The result does not contain caps that are not recognized by
+// the "github.com/syndtr/gocapability" library.
+func Current() ([]string, error) {
+	f, err := os.Open("/proc/self/status")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	caps, err := ParseProcPIDStatus(f)
+	if err != nil {
+		return nil, err
+	}
+	capEff := caps[Effective]
+	names, _ := FromBitmap(capEff)
+	return names, nil
+}
+
+var (
+	// caps35 is the caps of kernel 3.5 (37 entries)
+	caps35 = []string{
+		"CAP_CHOWN",            // 2.2
+		"CAP_DAC_OVERRIDE",     // 2.2
+		"CAP_DAC_READ_SEARCH",  // 2.2
+		"CAP_FOWNER",           // 2.2
+		"CAP_FSETID",           // 2.2
+		"CAP_KILL",             // 2.2
+		"CAP_SETGID",           // 2.2
+		"CAP_SETUID",           // 2.2
+		"CAP_SETPCAP",          // 2.2
+		"CAP_LINUX_IMMUTABLE",  // 2.2
+		"CAP_NET_BIND_SERVICE", // 2.2
+		"CAP_NET_BROADCAST",    // 2.2
+		"CAP_NET_ADMIN",        // 2.2
+		"CAP_NET_RAW",          // 2.2
+		"CAP_IPC_LOCK",         // 2.2
+		"CAP_IPC_OWNER",        // 2.2
+		"CAP_SYS_MODULE",       // 2.2
+		"CAP_SYS_RAWIO",        // 2.2
+		"CAP_SYS_CHROOT",       // 2.2
+		"CAP_SYS_PTRACE",       // 2.2
+		"CAP_SYS_PACCT",        // 2.2
+		"CAP_SYS_ADMIN",        // 2.2
+		"CAP_SYS_BOOT",         // 2.2
+		"CAP_SYS_NICE",         // 2.2
+		"CAP_SYS_RESOURCE",     // 2.2
+		"CAP_SYS_TIME",         // 2.2
+		"CAP_SYS_TTY_CONFIG",   // 2.2
+		"CAP_MKNOD",            // 2.4
+		"CAP_LEASE",            // 2.4
+		"CAP_AUDIT_WRITE",      // 2.6.11
+		"CAP_AUDIT_CONTROL",    // 2.6.11
+		"CAP_SETFCAP",          // 2.6.24
+		"CAP_MAC_OVERRIDE",     // 2.6.25
+		"CAP_MAC_ADMIN",        // 2.6.25
+		"CAP_SYSLOG",           // 2.6.37
+		"CAP_WAKE_ALARM",       // 3.0
+		"CAP_BLOCK_SUSPEND",    // 3.5
+	}
+	// caps316 is the caps of kernel 3.16 (38 entries)
+	caps316 = append(caps35, "CAP_AUDIT_READ")
+	// caps58 is the caps of kernel 5.8 (40 entries)
+	caps58 = append(caps316, []string{"CAP_PERFMON", "CAP_BPF"}...)
+	// caps59 is the caps of kernel 5.9 (41 entries)
+	caps59     = append(caps58, "CAP_CHECKPOINT_RESTORE")
+	capsLatest = caps59
+)
+
+// Known returns the known cap strings of the latest kernel.
+// The current latest kernel is 5.9.
+func Known() []string {
+	return capsLatest
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/dialer/dialer.go b/vendor/github.com/containerd/containerd/pkg/dialer/dialer.go
index 766d34493445c..aa604baab9217 100644
--- a/vendor/github.com/containerd/containerd/pkg/dialer/dialer.go
+++ b/vendor/github.com/containerd/containerd/pkg/dialer/dialer.go
@@ -17,6 +17,7 @@
 package dialer
 
 import (
+	"context"
 	"net"
 	"time"
 
@@ -28,8 +29,19 @@ type dialResult struct {
 	err error
 }
 
+// ContextDialer returns a GRPC net.Conn connected to the provided address
+func ContextDialer(ctx context.Context, address string) (net.Conn, error) {
+	if deadline, ok := ctx.Deadline(); ok {
+		return timeoutDialer(address, time.Until(deadline))
+	}
+	return timeoutDialer(address, 0)
+}
+
 // Dialer returns a GRPC net.Conn connected to the provided address
-func Dialer(address string, timeout time.Duration) (net.Conn, error) {
+// Deprecated: use ContextDialer and grpc.WithContextDialer.
+var Dialer = timeoutDialer
+
+func timeoutDialer(address string, timeout time.Duration) (net.Conn, error) {
 	var (
 		stopC = make(chan struct{})
 		synC  = make(chan *dialResult)
diff --git a/vendor/github.com/containerd/containerd/pkg/dialer/dialer_windows.go b/vendor/github.com/containerd/containerd/pkg/dialer/dialer_windows.go
index 64d30dea0cd08..4dd296ebc3e59 100644
--- a/vendor/github.com/containerd/containerd/pkg/dialer/dialer_windows.go
+++ b/vendor/github.com/containerd/containerd/pkg/dialer/dialer_windows.go
@@ -19,21 +19,13 @@ package dialer
 import (
 	"net"
 	"os"
-	"syscall"
 	"time"
 
 	winio "github.com/Microsoft/go-winio"
 )
 
 func isNoent(err error) bool {
-	if err != nil {
-		if oerr, ok := err.(*os.PathError); ok {
-			if oerr.Err == syscall.ENOENT {
-				return true
-			}
-		}
-	}
-	return false
+	return os.IsNotExist(err)
 }
 
 func dialer(address string, timeout time.Duration) (net.Conn, error) {
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/deleted_state.go b/vendor/github.com/containerd/containerd/pkg/process/deleted_state.go
similarity index 84%
rename from vendor/github.com/containerd/containerd/runtime/v1/linux/proc/deleted_state.go
rename to vendor/github.com/containerd/containerd/pkg/process/deleted_state.go
index ab89c3ecbaf68..eb7baf737cf8a 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/deleted_state.go
+++ b/vendor/github.com/containerd/containerd/pkg/process/deleted_state.go
@@ -16,13 +16,13 @@
    limitations under the License.
 */
 
-package proc
+package process
 
 import (
 	"context"
 
 	"github.com/containerd/console"
-	"github.com/containerd/containerd/runtime/proc"
+	"github.com/containerd/containerd/errdefs"
 	google_protobuf "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 )
@@ -55,17 +55,21 @@ func (s *deletedState) Start(ctx context.Context) error {
 }
 
 func (s *deletedState) Delete(ctx context.Context) error {
-	return errors.Errorf("cannot delete a deleted process")
+	return errors.Wrap(errdefs.ErrNotFound, "cannot delete a deleted process")
 }
 
 func (s *deletedState) Kill(ctx context.Context, sig uint32, all bool) error {
-	return errors.Errorf("cannot kill a deleted process")
+	return errors.Wrap(errdefs.ErrNotFound, "cannot kill a deleted process")
 }
 
 func (s *deletedState) SetExited(status int) {
 	// no op
 }
 
-func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
+func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
 	return nil, errors.Errorf("cannot exec in a deleted state")
 }
+
+func (s *deletedState) Status(ctx context.Context) (string, error) {
+	return "stopped", nil
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/exec.go b/vendor/github.com/containerd/containerd/pkg/process/exec.go
new file mode 100644
index 0000000000000..7790a4979f7ac
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/process/exec.go
@@ -0,0 +1,264 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package process
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"sync"
+	"syscall"
+	"time"
+
+	"golang.org/x/sys/unix"
+
+	"github.com/containerd/console"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/pkg/stdio"
+	"github.com/containerd/fifo"
+	runc "github.com/containerd/go-runc"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+type execProcess struct {
+	wg sync.WaitGroup
+
+	execState execState
+
+	mu      sync.Mutex
+	id      string
+	console console.Console
+	io      *processIO
+	status  int
+	exited  time.Time
+	pid     safePid
+	closers []io.Closer
+	stdin   io.Closer
+	stdio   stdio.Stdio
+	path    string
+	spec    specs.Process
+
+	parent    *Init
+	waitBlock chan struct{}
+}
+
+func (e *execProcess) Wait() {
+	<-e.waitBlock
+}
+
+func (e *execProcess) ID() string {
+	return e.id
+}
+
+func (e *execProcess) Pid() int {
+	return e.pid.get()
+}
+
+func (e *execProcess) ExitStatus() int {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	return e.status
+}
+
+func (e *execProcess) ExitedAt() time.Time {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	return e.exited
+}
+
+func (e *execProcess) SetExited(status int) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	e.execState.SetExited(status)
+}
+
+func (e *execProcess) setExited(status int) {
+	e.status = status
+	e.exited = time.Now()
+	e.parent.Platform.ShutdownConsole(context.Background(), e.console)
+	close(e.waitBlock)
+}
+
+func (e *execProcess) Delete(ctx context.Context) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	return e.execState.Delete(ctx)
+}
+
+func (e *execProcess) delete(ctx context.Context) error {
+	waitTimeout(ctx, &e.wg, 2*time.Second)
+	if e.io != nil {
+		for _, c := range e.closers {
+			c.Close()
+		}
+		e.io.Close()
+	}
+	pidfile := filepath.Join(e.path, fmt.Sprintf("%s.pid", e.id))
+	// silently ignore error
+	os.Remove(pidfile)
+	return nil
+}
+
+func (e *execProcess) Resize(ws console.WinSize) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	return e.execState.Resize(ws)
+}
+
+func (e *execProcess) resize(ws console.WinSize) error {
+	if e.console == nil {
+		return nil
+	}
+	return e.console.Resize(ws)
+}
+
+func (e *execProcess) Kill(ctx context.Context, sig uint32, _ bool) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	return e.execState.Kill(ctx, sig, false)
+}
+
+func (e *execProcess) kill(ctx context.Context, sig uint32, _ bool) error {
+	pid := e.pid.get()
+	switch {
+	case pid == 0:
+		return errors.Wrap(errdefs.ErrFailedPrecondition, "process not created")
+	case !e.exited.IsZero():
+		return errors.Wrapf(errdefs.ErrNotFound, "process already finished")
+	default:
+		if err := unix.Kill(pid, syscall.Signal(sig)); err != nil {
+			return errors.Wrapf(checkKillError(err), "exec kill error")
+		}
+	}
+	return nil
+}
+
+func (e *execProcess) Stdin() io.Closer {
+	return e.stdin
+}
+
+func (e *execProcess) Stdio() stdio.Stdio {
+	return e.stdio
+}
+
+func (e *execProcess) Start(ctx context.Context) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	return e.execState.Start(ctx)
+}
+
+func (e *execProcess) start(ctx context.Context) (err error) {
+	// The reaper may receive exit signal right after
+	// the container is started, before the e.pid is updated.
+	// In that case, we want to block the signal handler to
+	// access e.pid until it is updated.
+	e.pid.Lock()
+	defer e.pid.Unlock()
+
+	var (
+		socket  *runc.Socket
+		pio     *processIO
+		pidFile = newExecPidFile(e.path, e.id)
+	)
+	if e.stdio.Terminal {
+		if socket, err = runc.NewTempConsoleSocket(); err != nil {
+			return errors.Wrap(err, "failed to create runc console socket")
+		}
+		defer socket.Close()
+	} else {
+		if pio, err = createIO(ctx, e.id, e.parent.IoUID, e.parent.IoGID, e.stdio); err != nil {
+			return errors.Wrap(err, "failed to create init process I/O")
+		}
+		e.io = pio
+	}
+	opts := &runc.ExecOpts{
+		PidFile: pidFile.Path(),
+		Detach:  true,
+	}
+	if pio != nil {
+		opts.IO = pio.IO()
+	}
+	if socket != nil {
+		opts.ConsoleSocket = socket
+	}
+	if err := e.parent.runtime.Exec(ctx, e.parent.id, e.spec, opts); err != nil {
+		close(e.waitBlock)
+		return e.parent.runtimeError(err, "OCI runtime exec failed")
+	}
+	if e.stdio.Stdin != "" {
+		if err := e.openStdin(e.stdio.Stdin); err != nil {
+			return err
+		}
+	}
+	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+	if socket != nil {
+		console, err := socket.ReceiveMaster()
+		if err != nil {
+			return errors.Wrap(err, "failed to retrieve console master")
+		}
+		if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.id, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg); err != nil {
+			return errors.Wrap(err, "failed to start console copy")
+		}
+	} else {
+		if err := pio.Copy(ctx, &e.wg); err != nil {
+			return errors.Wrap(err, "failed to start io pipe copy")
+		}
+	}
+	pid, err := pidFile.Read()
+	if err != nil {
+		return errors.Wrap(err, "failed to retrieve OCI runtime exec pid")
+	}
+	e.pid.pid = pid
+	return nil
+}
+
+func (e *execProcess) openStdin(path string) error {
+	sc, err := fifo.OpenFifo(context.Background(), path, syscall.O_WRONLY|syscall.O_NONBLOCK, 0)
+	if err != nil {
+		return errors.Wrapf(err, "failed to open stdin fifo %s", path)
+	}
+	e.stdin = sc
+	e.closers = append(e.closers, sc)
+	return nil
+}
+
+func (e *execProcess) Status(ctx context.Context) (string, error) {
+	s, err := e.parent.Status(ctx)
+	if err != nil {
+		return "", err
+	}
+	// if the container as a whole is in the pausing/paused state, so are all
+	// other processes inside the container, use container state here
+	switch s {
+	case "paused", "pausing":
+		return s, nil
+	}
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	return e.execState.Status(ctx)
+}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec_state.go b/vendor/github.com/containerd/containerd/pkg/process/exec_state.go
similarity index 81%
rename from vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec_state.go
rename to vendor/github.com/containerd/containerd/pkg/process/exec_state.go
index ac5467552844e..c97b4001b4734 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec_state.go
+++ b/vendor/github.com/containerd/containerd/pkg/process/exec_state.go
@@ -16,7 +16,7 @@
    limitations under the License.
 */
 
-package proc
+package process
 
 import (
 	"context"
@@ -25,6 +25,15 @@ import (
 	"github.com/pkg/errors"
 )
 
+type execState interface {
+	Resize(console.WinSize) error
+	Start(context.Context) error
+	Delete(context.Context) error
+	Kill(context.Context, uint32, bool) error
+	SetExited(int)
+	Status(context.Context) (string, error)
+}
+
 type execCreatedState struct {
 	p *execProcess
 }
@@ -32,11 +41,11 @@ type execCreatedState struct {
 func (s *execCreatedState) transition(name string) error {
 	switch name {
 	case "running":
-		s.p.State = &execRunningState{p: s.p}
+		s.p.execState = &execRunningState{p: s.p}
 	case "stopped":
-		s.p.State = &execStoppedState{p: s.p}
+		s.p.execState = &execStoppedState{p: s.p}
 	case "deleted":
-		s.p.State = &deletedState{}
+		s.p.execState = &deletedState{}
 	default:
 		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
 	}
@@ -44,15 +53,10 @@ func (s *execCreatedState) transition(name string) error {
 }
 
 func (s *execCreatedState) Resize(ws console.WinSize) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return s.p.resize(ws)
 }
 
 func (s *execCreatedState) Start(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
 	if err := s.p.start(ctx); err != nil {
 		return err
 	}
@@ -63,22 +67,15 @@ func (s *execCreatedState) Delete(ctx context.Context) error {
 	if err := s.p.delete(ctx); err != nil {
 		return err
 	}
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
+
 	return s.transition("deleted")
 }
 
 func (s *execCreatedState) Kill(ctx context.Context, sig uint32, all bool) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return s.p.kill(ctx, sig, all)
 }
 
 func (s *execCreatedState) SetExited(status int) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	s.p.setExited(status)
 
 	if err := s.transition("stopped"); err != nil {
@@ -86,6 +83,10 @@ func (s *execCreatedState) SetExited(status int) {
 	}
 }
 
+func (s *execCreatedState) Status(ctx context.Context) (string, error) {
+	return "created", nil
+}
+
 type execRunningState struct {
 	p *execProcess
 }
@@ -93,7 +94,7 @@ type execRunningState struct {
 func (s *execRunningState) transition(name string) error {
 	switch name {
 	case "stopped":
-		s.p.State = &execStoppedState{p: s.p}
+		s.p.execState = &execStoppedState{p: s.p}
 	default:
 		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
 	}
@@ -101,37 +102,22 @@ func (s *execRunningState) transition(name string) error {
 }
 
 func (s *execRunningState) Resize(ws console.WinSize) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return s.p.resize(ws)
 }
 
 func (s *execRunningState) Start(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return errors.Errorf("cannot start a running process")
 }
 
 func (s *execRunningState) Delete(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return errors.Errorf("cannot delete a running process")
 }
 
 func (s *execRunningState) Kill(ctx context.Context, sig uint32, all bool) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return s.p.kill(ctx, sig, all)
 }
 
 func (s *execRunningState) SetExited(status int) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	s.p.setExited(status)
 
 	if err := s.transition("stopped"); err != nil {
@@ -139,6 +125,10 @@ func (s *execRunningState) SetExited(status int) {
 	}
 }
 
+func (s *execRunningState) Status(ctx context.Context) (string, error) {
+	return "running", nil
+}
+
 type execStoppedState struct {
 	p *execProcess
 }
@@ -146,7 +136,7 @@ type execStoppedState struct {
 func (s *execStoppedState) transition(name string) error {
 	switch name {
 	case "deleted":
-		s.p.State = &deletedState{}
+		s.p.execState = &deletedState{}
 	default:
 		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
 	}
@@ -154,16 +144,10 @@ func (s *execStoppedState) transition(name string) error {
 }
 
 func (s *execStoppedState) Resize(ws console.WinSize) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return errors.Errorf("cannot resize a stopped container")
 }
 
 func (s *execStoppedState) Start(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return errors.Errorf("cannot start a stopped process")
 }
 
@@ -171,18 +155,18 @@ func (s *execStoppedState) Delete(ctx context.Context) error {
 	if err := s.p.delete(ctx); err != nil {
 		return err
 	}
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
+
 	return s.transition("deleted")
 }
 
 func (s *execStoppedState) Kill(ctx context.Context, sig uint32, all bool) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
 	return s.p.kill(ctx, sig, all)
 }
 
 func (s *execStoppedState) SetExited(status int) {
 	// no op
 }
+
+func (s *execStoppedState) Status(ctx context.Context) (string, error) {
+	return "stopped", nil
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/init.go b/vendor/github.com/containerd/containerd/pkg/process/init.go
new file mode 100644
index 0000000000000..a9462384f2136
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/process/init.go
@@ -0,0 +1,498 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package process
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/containerd/console"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/pkg/stdio"
+	"github.com/containerd/fifo"
+	runc "github.com/containerd/go-runc"
+	google_protobuf "github.com/gogo/protobuf/types"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+// Init represents an initial process for a container
+type Init struct {
+	wg        sync.WaitGroup
+	initState initState
+
+	// mu is used to ensure that `Start()` and `Exited()` calls return in
+	// the right order when invoked in separate go routines.
+	// This is the case within the shim implementation as it makes use of
+	// the reaper interface.
+	mu sync.Mutex
+
+	waitBlock chan struct{}
+
+	WorkDir string
+
+	id       string
+	Bundle   string
+	console  console.Console
+	Platform stdio.Platform
+	io       *processIO
+	runtime  *runc.Runc
+	// pausing preserves the pausing state.
+	pausing      *atomicBool
+	status       int
+	exited       time.Time
+	pid          int
+	closers      []io.Closer
+	stdin        io.Closer
+	stdio        stdio.Stdio
+	Rootfs       string
+	IoUID        int
+	IoGID        int
+	NoPivotRoot  bool
+	NoNewKeyring bool
+	CriuWorkPath string
+}
+
+// NewRunc returns a new runc instance for a process
+func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Runc {
+	if root == "" {
+		root = RuncRoot
+	}
+	return &runc.Runc{
+		Command:       runtime,
+		Log:           filepath.Join(path, "log.json"),
+		LogFormat:     runc.JSON,
+		PdeathSignal:  unix.SIGKILL,
+		Root:          filepath.Join(root, namespace),
+		Criu:          criu,
+		SystemdCgroup: systemd,
+	}
+}
+
+// New returns a new process
+func New(id string, runtime *runc.Runc, stdio stdio.Stdio) *Init {
+	p := &Init{
+		id:        id,
+		runtime:   runtime,
+		pausing:   new(atomicBool),
+		stdio:     stdio,
+		status:    0,
+		waitBlock: make(chan struct{}),
+	}
+	p.initState = &createdState{p: p}
+	return p
+}
+
+// Create the process with the provided config
+func (p *Init) Create(ctx context.Context, r *CreateConfig) error {
+	var (
+		err     error
+		socket  *runc.Socket
+		pio     *processIO
+		pidFile = newPidFile(p.Bundle)
+	)
+
+	if r.Terminal {
+		if socket, err = runc.NewTempConsoleSocket(); err != nil {
+			return errors.Wrap(err, "failed to create OCI runtime console socket")
+		}
+		defer socket.Close()
+	} else {
+		if pio, err = createIO(ctx, p.id, p.IoUID, p.IoGID, p.stdio); err != nil {
+			return errors.Wrap(err, "failed to create init process I/O")
+		}
+		p.io = pio
+	}
+	if r.Checkpoint != "" {
+		return p.createCheckpointedState(r, pidFile)
+	}
+	opts := &runc.CreateOpts{
+		PidFile:      pidFile.Path(),
+		NoPivot:      p.NoPivotRoot,
+		NoNewKeyring: p.NoNewKeyring,
+	}
+	if p.io != nil {
+		opts.IO = p.io.IO()
+	}
+	if socket != nil {
+		opts.ConsoleSocket = socket
+	}
+	if err := p.runtime.Create(ctx, r.ID, r.Bundle, opts); err != nil {
+		return p.runtimeError(err, "OCI runtime create failed")
+	}
+	if r.Stdin != "" {
+		if err := p.openStdin(r.Stdin); err != nil {
+			return err
+		}
+	}
+	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+	if socket != nil {
+		console, err := socket.ReceiveMaster()
+		if err != nil {
+			return errors.Wrap(err, "failed to retrieve console master")
+		}
+		console, err = p.Platform.CopyConsole(ctx, console, p.id, r.Stdin, r.Stdout, r.Stderr, &p.wg)
+		if err != nil {
+			return errors.Wrap(err, "failed to start console copy")
+		}
+		p.console = console
+	} else {
+		if err := pio.Copy(ctx, &p.wg); err != nil {
+			return errors.Wrap(err, "failed to start io pipe copy")
+		}
+	}
+	pid, err := pidFile.Read()
+	if err != nil {
+		return errors.Wrap(err, "failed to retrieve OCI runtime container pid")
+	}
+	p.pid = pid
+	return nil
+}
+
+func (p *Init) openStdin(path string) error {
+	sc, err := fifo.OpenFifo(context.Background(), path, unix.O_WRONLY|unix.O_NONBLOCK, 0)
+	if err != nil {
+		return errors.Wrapf(err, "failed to open stdin fifo %s", path)
+	}
+	p.stdin = sc
+	p.closers = append(p.closers, sc)
+	return nil
+}
+
+func (p *Init) createCheckpointedState(r *CreateConfig, pidFile *pidFile) error {
+	opts := &runc.RestoreOpts{
+		CheckpointOpts: runc.CheckpointOpts{
+			ImagePath:  r.Checkpoint,
+			WorkDir:    p.CriuWorkPath,
+			ParentPath: r.ParentCheckpoint,
+		},
+		PidFile:     pidFile.Path(),
+		NoPivot:     p.NoPivotRoot,
+		Detach:      true,
+		NoSubreaper: true,
+	}
+
+	if p.io != nil {
+		opts.IO = p.io.IO()
+	}
+
+	p.initState = &createdCheckpointState{
+		p:    p,
+		opts: opts,
+	}
+	return nil
+}
+
+// Wait for the process to exit
+func (p *Init) Wait() {
+	<-p.waitBlock
+}
+
+// ID of the process
+func (p *Init) ID() string {
+	return p.id
+}
+
+// Pid of the process
+func (p *Init) Pid() int {
+	return p.pid
+}
+
+// ExitStatus of the process
+func (p *Init) ExitStatus() int {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.status
+}
+
+// ExitedAt at time when the process exited
+func (p *Init) ExitedAt() time.Time {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.exited
+}
+
+// Status of the process
+func (p *Init) Status(ctx context.Context) (string, error) {
+	if p.pausing.get() {
+		return "pausing", nil
+	}
+
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Status(ctx)
+}
+
+// Start the init process
+func (p *Init) Start(ctx context.Context) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Start(ctx)
+}
+
+func (p *Init) start(ctx context.Context) error {
+	err := p.runtime.Start(ctx, p.id)
+	return p.runtimeError(err, "OCI runtime start failed")
+}
+
+// SetExited of the init process with the next status
+func (p *Init) SetExited(status int) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	p.initState.SetExited(status)
+}
+
+func (p *Init) setExited(status int) {
+	p.exited = time.Now()
+	p.status = status
+	p.Platform.ShutdownConsole(context.Background(), p.console)
+	close(p.waitBlock)
+}
+
+// Delete the init process
+func (p *Init) Delete(ctx context.Context) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Delete(ctx)
+}
+
+func (p *Init) delete(ctx context.Context) error {
+	waitTimeout(ctx, &p.wg, 2*time.Second)
+	err := p.runtime.Delete(ctx, p.id, nil)
+	// ignore errors if a runtime has already deleted the process
+	// but we still hold metadata and pipes
+	//
+	// this is common during a checkpoint, runc will delete the container state
+	// after a checkpoint and the container will no longer exist within runc
+	if err != nil {
+		if strings.Contains(err.Error(), "does not exist") {
+			err = nil
+		} else {
+			err = p.runtimeError(err, "failed to delete task")
+		}
+	}
+	if p.io != nil {
+		for _, c := range p.closers {
+			c.Close()
+		}
+		p.io.Close()
+	}
+	if err2 := mount.UnmountAll(p.Rootfs, 0); err2 != nil {
+		log.G(ctx).WithError(err2).Warn("failed to cleanup rootfs mount")
+		if err == nil {
+			err = errors.Wrap(err2, "failed rootfs umount")
+		}
+	}
+	return err
+}
+
+// Resize the init processes console
+func (p *Init) Resize(ws console.WinSize) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	if p.console == nil {
+		return nil
+	}
+	return p.console.Resize(ws)
+}
+
+// Pause the init process and all its child processes
+func (p *Init) Pause(ctx context.Context) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Pause(ctx)
+}
+
+// Resume the init process and all its child processes
+func (p *Init) Resume(ctx context.Context) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Resume(ctx)
+}
+
+// Kill the init process
+func (p *Init) Kill(ctx context.Context, signal uint32, all bool) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Kill(ctx, signal, all)
+}
+
+func (p *Init) kill(ctx context.Context, signal uint32, all bool) error {
+	err := p.runtime.Kill(ctx, p.id, int(signal), &runc.KillOpts{
+		All: all,
+	})
+	return checkKillError(err)
+}
+
+// KillAll processes belonging to the init process
+func (p *Init) KillAll(ctx context.Context) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	err := p.runtime.Kill(ctx, p.id, int(unix.SIGKILL), &runc.KillOpts{
+		All: true,
+	})
+	return p.runtimeError(err, "OCI runtime killall failed")
+}
+
+// Stdin of the process
+func (p *Init) Stdin() io.Closer {
+	return p.stdin
+}
+
+// Runtime returns the OCI runtime configured for the init process
+func (p *Init) Runtime() *runc.Runc {
+	return p.runtime
+}
+
+// Exec returns a new child process
+func (p *Init) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Exec(ctx, path, r)
+}
+
+// exec returns a new exec'd process
+func (p *Init) exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+	// process exec request
+	var spec specs.Process
+	if err := json.Unmarshal(r.Spec.Value, &spec); err != nil {
+		return nil, err
+	}
+	spec.Terminal = r.Terminal
+
+	e := &execProcess{
+		id:     r.ID,
+		path:   path,
+		parent: p,
+		spec:   spec,
+		stdio: stdio.Stdio{
+			Stdin:    r.Stdin,
+			Stdout:   r.Stdout,
+			Stderr:   r.Stderr,
+			Terminal: r.Terminal,
+		},
+		waitBlock: make(chan struct{}),
+	}
+	e.execState = &execCreatedState{p: e}
+	return e, nil
+}
+
+// Checkpoint the init process
+func (p *Init) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Checkpoint(ctx, r)
+}
+
+func (p *Init) checkpoint(ctx context.Context, r *CheckpointConfig) error {
+	var actions []runc.CheckpointAction
+	if !r.Exit {
+		actions = append(actions, runc.LeaveRunning)
+	}
+	// keep criu work directory if criu work dir is set
+	work := r.WorkDir
+	if work == "" {
+		work = filepath.Join(p.WorkDir, "criu-work")
+		defer os.RemoveAll(work)
+	}
+	if err := p.runtime.Checkpoint(ctx, p.id, &runc.CheckpointOpts{
+		WorkDir:                  work,
+		ImagePath:                r.Path,
+		AllowOpenTCP:             r.AllowOpenTCP,
+		AllowExternalUnixSockets: r.AllowExternalUnixSockets,
+		AllowTerminal:            r.AllowTerminal,
+		FileLocks:                r.FileLocks,
+		EmptyNamespaces:          r.EmptyNamespaces,
+	}, actions...); err != nil {
+		dumpLog := filepath.Join(p.Bundle, "criu-dump.log")
+		if cerr := copyFile(dumpLog, filepath.Join(work, "dump.log")); cerr != nil {
+			log.G(ctx).WithError(cerr).Error("failed to copy dump.log to criu-dump.log")
+		}
+		return fmt.Errorf("%s path= %s", criuError(err), dumpLog)
+	}
+	return nil
+}
+
+// Update the processes resource configuration
+func (p *Init) Update(ctx context.Context, r *google_protobuf.Any) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return p.initState.Update(ctx, r)
+}
+
+func (p *Init) update(ctx context.Context, r *google_protobuf.Any) error {
+	var resources specs.LinuxResources
+	if err := json.Unmarshal(r.Value, &resources); err != nil {
+		return err
+	}
+	return p.runtime.Update(ctx, p.id, &resources)
+}
+
+// Stdio of the process
+func (p *Init) Stdio() stdio.Stdio {
+	return p.stdio
+}
+
+func (p *Init) runtimeError(rErr error, msg string) error {
+	if rErr == nil {
+		return nil
+	}
+
+	rMsg, err := getLastRuntimeError(p.runtime)
+	switch {
+	case err != nil:
+		return errors.Wrapf(rErr, "%s: %s (%s)", msg, "unable to retrieve OCI runtime error", err.Error())
+	case rMsg == "":
+		return errors.Wrap(rErr, msg)
+	default:
+		return errors.Errorf("%s: %s", msg, rMsg)
+	}
+}
+
+func withConditionalIO(c stdio.Stdio) runc.IOOpt {
+	return func(o *runc.IOOption) {
+		o.OpenStdin = c.Stdin != ""
+		o.OpenStdout = c.Stdout != ""
+		o.OpenStderr = c.Stderr != ""
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/init_state.go b/vendor/github.com/containerd/containerd/pkg/process/init_state.go
new file mode 100644
index 0000000000000..5273a5d7352be
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/process/init_state.go
@@ -0,0 +1,414 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package process
+
+import (
+	"context"
+
+	runc "github.com/containerd/go-runc"
+	google_protobuf "github.com/gogo/protobuf/types"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type initState interface {
+	Start(context.Context) error
+	Delete(context.Context) error
+	Pause(context.Context) error
+	Resume(context.Context) error
+	Update(context.Context, *google_protobuf.Any) error
+	Checkpoint(context.Context, *CheckpointConfig) error
+	Exec(context.Context, string, *ExecConfig) (Process, error)
+	Kill(context.Context, uint32, bool) error
+	SetExited(int)
+	Status(context.Context) (string, error)
+}
+
+type createdState struct {
+	p *Init
+}
+
+func (s *createdState) transition(name string) error {
+	switch name {
+	case "running":
+		s.p.initState = &runningState{p: s.p}
+	case "stopped":
+		s.p.initState = &stoppedState{p: s.p}
+	case "deleted":
+		s.p.initState = &deletedState{}
+	default:
+		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
+	}
+	return nil
+}
+
+func (s *createdState) Pause(ctx context.Context) error {
+	return errors.Errorf("cannot pause task in created state")
+}
+
+func (s *createdState) Resume(ctx context.Context) error {
+	return errors.Errorf("cannot resume task in created state")
+}
+
+func (s *createdState) Update(ctx context.Context, r *google_protobuf.Any) error {
+	return s.p.update(ctx, r)
+}
+
+func (s *createdState) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
+	return errors.Errorf("cannot checkpoint a task in created state")
+}
+
+func (s *createdState) Start(ctx context.Context) error {
+	if err := s.p.start(ctx); err != nil {
+		return err
+	}
+	return s.transition("running")
+}
+
+func (s *createdState) Delete(ctx context.Context) error {
+	if err := s.p.delete(ctx); err != nil {
+		return err
+	}
+	return s.transition("deleted")
+}
+
+func (s *createdState) Kill(ctx context.Context, sig uint32, all bool) error {
+	return s.p.kill(ctx, sig, all)
+}
+
+func (s *createdState) SetExited(status int) {
+	s.p.setExited(status)
+
+	if err := s.transition("stopped"); err != nil {
+		panic(err)
+	}
+}
+
+func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+	return s.p.exec(ctx, path, r)
+}
+
+func (s *createdState) Status(ctx context.Context) (string, error) {
+	return "created", nil
+}
+
+type createdCheckpointState struct {
+	p    *Init
+	opts *runc.RestoreOpts
+}
+
+func (s *createdCheckpointState) transition(name string) error {
+	switch name {
+	case "running":
+		s.p.initState = &runningState{p: s.p}
+	case "stopped":
+		s.p.initState = &stoppedState{p: s.p}
+	case "deleted":
+		s.p.initState = &deletedState{}
+	default:
+		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
+	}
+	return nil
+}
+
+func (s *createdCheckpointState) Pause(ctx context.Context) error {
+	return errors.Errorf("cannot pause task in created state")
+}
+
+func (s *createdCheckpointState) Resume(ctx context.Context) error {
+	return errors.Errorf("cannot resume task in created state")
+}
+
+func (s *createdCheckpointState) Update(ctx context.Context, r *google_protobuf.Any) error {
+	return s.p.update(ctx, r)
+}
+
+func (s *createdCheckpointState) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
+	return errors.Errorf("cannot checkpoint a task in created state")
+}
+
+func (s *createdCheckpointState) Start(ctx context.Context) error {
+	p := s.p
+	sio := p.stdio
+
+	var (
+		err    error
+		socket *runc.Socket
+	)
+	if sio.Terminal {
+		if socket, err = runc.NewTempConsoleSocket(); err != nil {
+			return errors.Wrap(err, "failed to create OCI runtime console socket")
+		}
+		defer socket.Close()
+		s.opts.ConsoleSocket = socket
+	}
+
+	if _, err := s.p.runtime.Restore(ctx, p.id, p.Bundle, s.opts); err != nil {
+		return p.runtimeError(err, "OCI runtime restore failed")
+	}
+	if sio.Stdin != "" {
+		if err := p.openStdin(sio.Stdin); err != nil {
+			return errors.Wrapf(err, "failed to open stdin fifo %s", sio.Stdin)
+		}
+	}
+	if socket != nil {
+		console, err := socket.ReceiveMaster()
+		if err != nil {
+			return errors.Wrap(err, "failed to retrieve console master")
+		}
+		console, err = p.Platform.CopyConsole(ctx, console, p.id, sio.Stdin, sio.Stdout, sio.Stderr, &p.wg)
+		if err != nil {
+			return errors.Wrap(err, "failed to start console copy")
+		}
+		p.console = console
+	} else {
+		if err := p.io.Copy(ctx, &p.wg); err != nil {
+			return errors.Wrap(err, "failed to start io pipe copy")
+		}
+	}
+	pid, err := runc.ReadPidFile(s.opts.PidFile)
+	if err != nil {
+		return errors.Wrap(err, "failed to retrieve OCI runtime container pid")
+	}
+	p.pid = pid
+	return s.transition("running")
+}
+
+func (s *createdCheckpointState) Delete(ctx context.Context) error {
+	if err := s.p.delete(ctx); err != nil {
+		return err
+	}
+	return s.transition("deleted")
+}
+
+func (s *createdCheckpointState) Kill(ctx context.Context, sig uint32, all bool) error {
+	return s.p.kill(ctx, sig, all)
+}
+
+func (s *createdCheckpointState) SetExited(status int) {
+	s.p.setExited(status)
+
+	if err := s.transition("stopped"); err != nil {
+		panic(err)
+	}
+}
+
+func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+	return nil, errors.Errorf("cannot exec in a created state")
+}
+
+func (s *createdCheckpointState) Status(ctx context.Context) (string, error) {
+	return "created", nil
+}
+
+type runningState struct {
+	p *Init
+}
+
+func (s *runningState) transition(name string) error {
+	switch name {
+	case "stopped":
+		s.p.initState = &stoppedState{p: s.p}
+	case "paused":
+		s.p.initState = &pausedState{p: s.p}
+	default:
+		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
+	}
+	return nil
+}
+
+func (s *runningState) Pause(ctx context.Context) error {
+	s.p.pausing.set(true)
+	// NOTE "pausing" will be returned in the short window
+	// after `transition("paused")`, before `pausing` is reset
+	// to false. That doesn't break the state machine, just
+	// delays the "paused" state a little bit.
+	defer s.p.pausing.set(false)
+
+	if err := s.p.runtime.Pause(ctx, s.p.id); err != nil {
+		return s.p.runtimeError(err, "OCI runtime pause failed")
+	}
+
+	return s.transition("paused")
+}
+
+func (s *runningState) Resume(ctx context.Context) error {
+	return errors.Errorf("cannot resume a running process")
+}
+
+func (s *runningState) Update(ctx context.Context, r *google_protobuf.Any) error {
+	return s.p.update(ctx, r)
+}
+
+func (s *runningState) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
+	return s.p.checkpoint(ctx, r)
+}
+
+func (s *runningState) Start(ctx context.Context) error {
+	return errors.Errorf("cannot start a running process")
+}
+
+func (s *runningState) Delete(ctx context.Context) error {
+	return errors.Errorf("cannot delete a running process")
+}
+
+func (s *runningState) Kill(ctx context.Context, sig uint32, all bool) error {
+	return s.p.kill(ctx, sig, all)
+}
+
+func (s *runningState) SetExited(status int) {
+	s.p.setExited(status)
+
+	if err := s.transition("stopped"); err != nil {
+		panic(err)
+	}
+}
+
+func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+	return s.p.exec(ctx, path, r)
+}
+
+func (s *runningState) Status(ctx context.Context) (string, error) {
+	return "running", nil
+}
+
+type pausedState struct {
+	p *Init
+}
+
+func (s *pausedState) transition(name string) error {
+	switch name {
+	case "running":
+		s.p.initState = &runningState{p: s.p}
+	case "stopped":
+		s.p.initState = &stoppedState{p: s.p}
+	default:
+		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
+	}
+	return nil
+}
+
+func (s *pausedState) Pause(ctx context.Context) error {
+	return errors.Errorf("cannot pause a paused container")
+}
+
+func (s *pausedState) Resume(ctx context.Context) error {
+	if err := s.p.runtime.Resume(ctx, s.p.id); err != nil {
+		return s.p.runtimeError(err, "OCI runtime resume failed")
+	}
+
+	return s.transition("running")
+}
+
+func (s *pausedState) Update(ctx context.Context, r *google_protobuf.Any) error {
+	return s.p.update(ctx, r)
+}
+
+func (s *pausedState) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
+	return s.p.checkpoint(ctx, r)
+}
+
+func (s *pausedState) Start(ctx context.Context) error {
+	return errors.Errorf("cannot start a paused process")
+}
+
+func (s *pausedState) Delete(ctx context.Context) error {
+	return errors.Errorf("cannot delete a paused process")
+}
+
+func (s *pausedState) Kill(ctx context.Context, sig uint32, all bool) error {
+	return s.p.kill(ctx, sig, all)
+}
+
+func (s *pausedState) SetExited(status int) {
+	s.p.setExited(status)
+
+	if err := s.p.runtime.Resume(context.Background(), s.p.id); err != nil {
+		logrus.WithError(err).Error("resuming exited container from paused state")
+	}
+
+	if err := s.transition("stopped"); err != nil {
+		panic(err)
+	}
+}
+
+func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+	return nil, errors.Errorf("cannot exec in a paused state")
+}
+
+func (s *pausedState) Status(ctx context.Context) (string, error) {
+	return "paused", nil
+}
+
+type stoppedState struct {
+	p *Init
+}
+
+func (s *stoppedState) transition(name string) error {
+	switch name {
+	case "deleted":
+		s.p.initState = &deletedState{}
+	default:
+		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
+	}
+	return nil
+}
+
+func (s *stoppedState) Pause(ctx context.Context) error {
+	return errors.Errorf("cannot pause a stopped container")
+}
+
+func (s *stoppedState) Resume(ctx context.Context) error {
+	return errors.Errorf("cannot resume a stopped container")
+}
+
+func (s *stoppedState) Update(ctx context.Context, r *google_protobuf.Any) error {
+	return errors.Errorf("cannot update a stopped container")
+}
+
+func (s *stoppedState) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
+	return errors.Errorf("cannot checkpoint a stopped container")
+}
+
+func (s *stoppedState) Start(ctx context.Context) error {
+	return errors.Errorf("cannot start a stopped process")
+}
+
+func (s *stoppedState) Delete(ctx context.Context) error {
+	if err := s.p.delete(ctx); err != nil {
+		return err
+	}
+	return s.transition("deleted")
+}
+
+func (s *stoppedState) Kill(ctx context.Context, sig uint32, all bool) error {
+	return s.p.kill(ctx, sig, all)
+}
+
+func (s *stoppedState) SetExited(status int) {
+	// no op
+}
+
+func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+	return nil, errors.Errorf("cannot exec in a stopped state")
+}
+
+func (s *stoppedState) Status(ctx context.Context) (string, error) {
+	return "stopped", nil
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/io.go b/vendor/github.com/containerd/containerd/pkg/process/io.go
new file mode 100644
index 0000000000000..d1c5b96330a01
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/process/io.go
@@ -0,0 +1,439 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package process
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/url"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"sync"
+	"sync/atomic"
+	"syscall"
+	"time"
+
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/pkg/stdio"
+	"github.com/containerd/fifo"
+	runc "github.com/containerd/go-runc"
+	"github.com/hashicorp/go-multierror"
+	"github.com/pkg/errors"
+)
+
+const binaryIOProcTermTimeout = 12 * time.Second // Give logger process solid 10 seconds for cleanup
+
+var bufPool = sync.Pool{
+	New: func() interface{} {
+		// setting to 4096 to align with PIPE_BUF
+		// http://man7.org/linux/man-pages/man7/pipe.7.html
+		buffer := make([]byte, 4096)
+		return &buffer
+	},
+}
+
+type processIO struct {
+	io runc.IO
+
+	uri   *url.URL
+	copy  bool
+	stdio stdio.Stdio
+}
+
+func (p *processIO) Close() error {
+	if p.io != nil {
+		return p.io.Close()
+	}
+	return nil
+}
+
+func (p *processIO) IO() runc.IO {
+	return p.io
+}
+
+func (p *processIO) Copy(ctx context.Context, wg *sync.WaitGroup) error {
+	if !p.copy {
+		return nil
+	}
+	var cwg sync.WaitGroup
+	if err := copyPipes(ctx, p.IO(), p.stdio.Stdin, p.stdio.Stdout, p.stdio.Stderr, wg, &cwg); err != nil {
+		return errors.Wrap(err, "unable to copy pipes")
+	}
+	cwg.Wait()
+	return nil
+}
+
+func createIO(ctx context.Context, id string, ioUID, ioGID int, stdio stdio.Stdio) (*processIO, error) {
+	pio := &processIO{
+		stdio: stdio,
+	}
+	if stdio.IsNull() {
+		i, err := runc.NewNullIO()
+		if err != nil {
+			return nil, err
+		}
+		pio.io = i
+		return pio, nil
+	}
+	u, err := url.Parse(stdio.Stdout)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to parse stdout uri")
+	}
+	if u.Scheme == "" {
+		u.Scheme = "fifo"
+	}
+	pio.uri = u
+	switch u.Scheme {
+	case "fifo":
+		pio.copy = true
+		pio.io, err = runc.NewPipeIO(ioUID, ioGID, withConditionalIO(stdio))
+	case "binary":
+		pio.io, err = NewBinaryIO(ctx, id, u)
+	case "file":
+		filePath := u.Path
+		if err := os.MkdirAll(filepath.Dir(filePath), 0755); err != nil {
+			return nil, err
+		}
+		var f *os.File
+		f, err = os.OpenFile(filePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			return nil, err
+		}
+		f.Close()
+		pio.stdio.Stdout = filePath
+		pio.stdio.Stderr = filePath
+		pio.copy = true
+		pio.io, err = runc.NewPipeIO(ioUID, ioGID, withConditionalIO(stdio))
+	default:
+		return nil, errors.Errorf("unknown STDIO scheme %s", u.Scheme)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return pio, nil
+}
+
+func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, wg, cwg *sync.WaitGroup) error {
+	var sameFile *countingWriteCloser
+	for _, i := range []struct {
+		name string
+		dest func(wc io.WriteCloser, rc io.Closer)
+	}{
+		{
+			name: stdout,
+			dest: func(wc io.WriteCloser, rc io.Closer) {
+				wg.Add(1)
+				cwg.Add(1)
+				go func() {
+					cwg.Done()
+					p := bufPool.Get().(*[]byte)
+					defer bufPool.Put(p)
+					if _, err := io.CopyBuffer(wc, rio.Stdout(), *p); err != nil {
+						log.G(ctx).Warn("error copying stdout")
+					}
+					wg.Done()
+					wc.Close()
+					if rc != nil {
+						rc.Close()
+					}
+				}()
+			},
+		}, {
+			name: stderr,
+			dest: func(wc io.WriteCloser, rc io.Closer) {
+				wg.Add(1)
+				cwg.Add(1)
+				go func() {
+					cwg.Done()
+					p := bufPool.Get().(*[]byte)
+					defer bufPool.Put(p)
+					if _, err := io.CopyBuffer(wc, rio.Stderr(), *p); err != nil {
+						log.G(ctx).Warn("error copying stderr")
+					}
+					wg.Done()
+					wc.Close()
+					if rc != nil {
+						rc.Close()
+					}
+				}()
+			},
+		},
+	} {
+		ok, err := fifo.IsFifo(i.name)
+		if err != nil {
+			return err
+		}
+		var (
+			fw io.WriteCloser
+			fr io.Closer
+		)
+		if ok {
+			if fw, err = fifo.OpenFifo(ctx, i.name, syscall.O_WRONLY, 0); err != nil {
+				return errors.Wrapf(err, "containerd-shim: opening w/o fifo %q failed", i.name)
+			}
+			if fr, err = fifo.OpenFifo(ctx, i.name, syscall.O_RDONLY, 0); err != nil {
+				return errors.Wrapf(err, "containerd-shim: opening r/o fifo %q failed", i.name)
+			}
+		} else {
+			if sameFile != nil {
+				sameFile.count++
+				i.dest(sameFile, nil)
+				continue
+			}
+			if fw, err = os.OpenFile(i.name, syscall.O_WRONLY|syscall.O_APPEND, 0); err != nil {
+				return errors.Wrapf(err, "containerd-shim: opening file %q failed", i.name)
+			}
+			if stdout == stderr {
+				sameFile = &countingWriteCloser{
+					WriteCloser: fw,
+					count:       1,
+				}
+			}
+		}
+		i.dest(fw, fr)
+	}
+	if stdin == "" {
+		return nil
+	}
+	f, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0)
+	if err != nil {
+		return fmt.Errorf("containerd-shim: opening %s failed: %s", stdin, err)
+	}
+	cwg.Add(1)
+	go func() {
+		cwg.Done()
+		p := bufPool.Get().(*[]byte)
+		defer bufPool.Put(p)
+
+		io.CopyBuffer(rio.Stdin(), f, *p)
+		rio.Stdin().Close()
+		f.Close()
+	}()
+	return nil
+}
+
+// countingWriteCloser masks io.Closer() until close has been invoked a certain number of times.
+type countingWriteCloser struct {
+	io.WriteCloser
+	count int64
+}
+
+func (c *countingWriteCloser) Close() error {
+	if atomic.AddInt64(&c.count, -1) > 0 {
+		return nil
+	}
+	return c.WriteCloser.Close()
+}
+
+// NewBinaryIO runs a custom binary process for pluggable shim logging
+func NewBinaryIO(ctx context.Context, id string, uri *url.URL) (_ runc.IO, err error) {
+	ns, err := namespaces.NamespaceRequired(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var closers []func() error
+	defer func() {
+		if err == nil {
+			return
+		}
+		result := multierror.Append(err)
+		for _, fn := range closers {
+			result = multierror.Append(result, fn())
+		}
+		err = multierror.Flatten(result)
+	}()
+
+	out, err := newPipe()
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create stdout pipes")
+	}
+	closers = append(closers, out.Close)
+
+	serr, err := newPipe()
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create stderr pipes")
+	}
+	closers = append(closers, serr.Close)
+
+	r, w, err := os.Pipe()
+	if err != nil {
+		return nil, err
+	}
+	closers = append(closers, r.Close, w.Close)
+
+	cmd := NewBinaryCmd(uri, id, ns)
+	cmd.ExtraFiles = append(cmd.ExtraFiles, out.r, serr.r, w)
+	// don't need to register this with the reaper or wait when
+	// running inside a shim
+	if err := cmd.Start(); err != nil {
+		return nil, errors.Wrap(err, "failed to start binary process")
+	}
+	closers = append(closers, func() error { return cmd.Process.Kill() })
+
+	// close our side of the pipe after start
+	if err := w.Close(); err != nil {
+		return nil, errors.Wrap(err, "failed to close write pipe after start")
+	}
+
+	// wait for the logging binary to be ready
+	b := make([]byte, 1)
+	if _, err := r.Read(b); err != nil && err != io.EOF {
+		return nil, errors.Wrap(err, "failed to read from logging binary")
+	}
+
+	return &binaryIO{
+		cmd: cmd,
+		out: out,
+		err: serr,
+	}, nil
+}
+
+type binaryIO struct {
+	cmd      *exec.Cmd
+	out, err *pipe
+}
+
+func (b *binaryIO) CloseAfterStart() error {
+	var (
+		result *multierror.Error
+	)
+
+	for _, v := range []*pipe{b.out, b.err} {
+		if v != nil {
+			if err := v.r.Close(); err != nil {
+				result = multierror.Append(result, err)
+			}
+		}
+	}
+
+	return result.ErrorOrNil()
+}
+
+func (b *binaryIO) Close() error {
+	var (
+		result *multierror.Error
+	)
+
+	for _, v := range []*pipe{b.out, b.err} {
+		if v != nil {
+			if err := v.Close(); err != nil {
+				result = multierror.Append(result, err)
+			}
+		}
+	}
+
+	if err := b.cancel(); err != nil {
+		result = multierror.Append(result, err)
+	}
+
+	return result.ErrorOrNil()
+}
+
+func (b *binaryIO) cancel() error {
+	if b.cmd == nil || b.cmd.Process == nil {
+		return nil
+	}
+
+	// Send SIGTERM first, so logger process has a chance to flush and exit properly
+	if err := b.cmd.Process.Signal(syscall.SIGTERM); err != nil {
+		result := multierror.Append(errors.Wrap(err, "failed to send SIGTERM"))
+
+		log.L.WithError(err).Warn("failed to send SIGTERM signal, killing logging shim")
+
+		if err := b.cmd.Process.Kill(); err != nil {
+			result = multierror.Append(result, errors.Wrap(err, "failed to kill process after faulty SIGTERM"))
+		}
+
+		return result.ErrorOrNil()
+	}
+
+	done := make(chan error, 1)
+	go func() {
+		done <- b.cmd.Wait()
+	}()
+
+	select {
+	case err := <-done:
+		return err
+	case <-time.After(binaryIOProcTermTimeout):
+		log.L.Warn("failed to wait for shim logger process to exit, killing")
+
+		err := b.cmd.Process.Kill()
+		if err != nil {
+			return errors.Wrap(err, "failed to kill shim logger process")
+		}
+
+		return nil
+	}
+}
+
+func (b *binaryIO) Stdin() io.WriteCloser {
+	return nil
+}
+
+func (b *binaryIO) Stdout() io.ReadCloser {
+	return nil
+}
+
+func (b *binaryIO) Stderr() io.ReadCloser {
+	return nil
+}
+
+func (b *binaryIO) Set(cmd *exec.Cmd) {
+	if b.out != nil {
+		cmd.Stdout = b.out.w
+	}
+	if b.err != nil {
+		cmd.Stderr = b.err.w
+	}
+}
+
+func newPipe() (*pipe, error) {
+	r, w, err := os.Pipe()
+	if err != nil {
+		return nil, err
+	}
+	return &pipe{
+		r: r,
+		w: w,
+	}, nil
+}
+
+type pipe struct {
+	r *os.File
+	w *os.File
+}
+
+func (p *pipe) Close() error {
+	var result *multierror.Error
+
+	if err := p.w.Close(); err != nil {
+		result = multierror.Append(result, errors.Wrap(err, "failed to close write pipe"))
+	}
+
+	if err := p.r.Close(); err != nil {
+		result = multierror.Append(result, errors.Wrap(err, "failed to close read pipe"))
+	}
+
+	return multierror.Prefix(result.ErrorOrNil(), "pipe:")
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/io_util.go b/vendor/github.com/containerd/containerd/pkg/process/io_util.go
new file mode 100644
index 0000000000000..72bbf9233f8f2
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/process/io_util.go
@@ -0,0 +1,53 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package process
+
+import (
+	"net/url"
+	"os"
+	"os/exec"
+)
+
+// NewBinaryCmd returns a Cmd to be used to start a logging binary.
+// The Cmd is generated from the provided uri, and the container ID and
+// namespace are appended to the Cmd environment.
+func NewBinaryCmd(binaryURI *url.URL, id, ns string) *exec.Cmd {
+	var args []string
+	for k, vs := range binaryURI.Query() {
+		args = append(args, k)
+		if len(vs) > 0 {
+			args = append(args, vs[0])
+		}
+	}
+
+	cmd := exec.Command(binaryURI.Path, args...)
+
+	cmd.Env = append(cmd.Env,
+		"CONTAINER_ID="+id,
+		"CONTAINER_NAMESPACE="+ns,
+	)
+
+	return cmd
+}
+
+// CloseFiles closes any files passed in.
+// It it used for cleanup in the event of unexpected errors.
+func CloseFiles(files ...*os.File) {
+	for _, file := range files {
+		file.Close()
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/process.go b/vendor/github.com/containerd/containerd/pkg/process/process.go
new file mode 100644
index 0000000000000..7cebb9b309072
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/process/process.go
@@ -0,0 +1,56 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package process
+
+import (
+	"context"
+	"io"
+	"time"
+
+	"github.com/containerd/console"
+	"github.com/containerd/containerd/pkg/stdio"
+)
+
+// Process on a system
+type Process interface {
+	// ID returns the id for the process
+	ID() string
+	// Pid returns the pid for the process
+	Pid() int
+	// ExitStatus returns the exit status
+	ExitStatus() int
+	// ExitedAt is the time the process exited
+	ExitedAt() time.Time
+	// Stdin returns the process STDIN
+	Stdin() io.Closer
+	// Stdio returns io information for the container
+	Stdio() stdio.Stdio
+	// Status returns the process status
+	Status(context.Context) (string, error)
+	// Wait blocks until the process has exited
+	Wait()
+	// Resize resizes the process console
+	Resize(ws console.WinSize) error
+	// Start execution of the process
+	Start(context.Context) error
+	// Delete deletes the process and its resourcess
+	Delete(context.Context) error
+	// Kill kills the process
+	Kill(context.Context, uint32, bool) error
+	// SetExited sets the exit status for the process
+	SetExited(status int)
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/types.go b/vendor/github.com/containerd/containerd/pkg/process/types.go
new file mode 100644
index 0000000000000..03477038ab97f
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/process/types.go
@@ -0,0 +1,66 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package process
+
+import (
+	google_protobuf "github.com/gogo/protobuf/types"
+)
+
+// Mount holds filesystem mount configuration
+type Mount struct {
+	Type    string
+	Source  string
+	Target  string
+	Options []string
+}
+
+// CreateConfig hold task creation configuration
+type CreateConfig struct {
+	ID               string
+	Bundle           string
+	Runtime          string
+	Rootfs           []Mount
+	Terminal         bool
+	Stdin            string
+	Stdout           string
+	Stderr           string
+	Checkpoint       string
+	ParentCheckpoint string
+	Options          *google_protobuf.Any
+}
+
+// ExecConfig holds exec creation configuration
+type ExecConfig struct {
+	ID       string
+	Terminal bool
+	Stdin    string
+	Stdout   string
+	Stderr   string
+	Spec     *google_protobuf.Any
+}
+
+// CheckpointConfig holds task checkpoint configuration
+type CheckpointConfig struct {
+	WorkDir                  string
+	Path                     string
+	Exit                     bool
+	AllowOpenTCP             bool
+	AllowExternalUnixSockets bool
+	AllowTerminal            bool
+	FileLocks                bool
+	EmptyNamespaces          []string
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/utils.go b/vendor/github.com/containerd/containerd/pkg/process/utils.go
new file mode 100644
index 0000000000000..6536ac5a88474
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/process/utils.go
@@ -0,0 +1,202 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package process
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/containerd/containerd/errdefs"
+	runc "github.com/containerd/go-runc"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	// RuncRoot is the path to the root runc state directory
+	RuncRoot = "/run/containerd/runc"
+	// InitPidFile name of the file that contains the init pid
+	InitPidFile = "init.pid"
+)
+
+// safePid is a thread safe wrapper for pid.
+type safePid struct {
+	sync.Mutex
+	pid int
+}
+
+func (s *safePid) get() int {
+	s.Lock()
+	defer s.Unlock()
+	return s.pid
+}
+
+type atomicBool int32
+
+func (ab *atomicBool) set(b bool) {
+	if b {
+		atomic.StoreInt32((*int32)(ab), 1)
+	} else {
+		atomic.StoreInt32((*int32)(ab), 0)
+	}
+}
+
+func (ab *atomicBool) get() bool {
+	return atomic.LoadInt32((*int32)(ab)) == 1
+}
+
+// TODO(mlaventure): move to runc package?
+func getLastRuntimeError(r *runc.Runc) (string, error) {
+	if r.Log == "" {
+		return "", nil
+	}
+
+	f, err := os.OpenFile(r.Log, os.O_RDONLY, 0400)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+
+	var (
+		errMsg string
+		log    struct {
+			Level string
+			Msg   string
+			Time  time.Time
+		}
+	)
+
+	dec := json.NewDecoder(f)
+	for err = nil; err == nil; {
+		if err = dec.Decode(&log); err != nil && err != io.EOF {
+			return "", err
+		}
+		if log.Level == "error" {
+			errMsg = strings.TrimSpace(log.Msg)
+		}
+	}
+
+	return errMsg, nil
+}
+
+// criuError returns only the first line of the error message from criu
+// it tries to add an invalid dump log location when returning the message
+func criuError(err error) string {
+	parts := strings.Split(err.Error(), "\n")
+	return parts[0]
+}
+
+func copyFile(to, from string) error {
+	ff, err := os.Open(from)
+	if err != nil {
+		return err
+	}
+	defer ff.Close()
+	tt, err := os.Create(to)
+	if err != nil {
+		return err
+	}
+	defer tt.Close()
+
+	p := bufPool.Get().(*[]byte)
+	defer bufPool.Put(p)
+	_, err = io.CopyBuffer(tt, ff, *p)
+	return err
+}
+
+func checkKillError(err error) error {
+	if err == nil {
+		return nil
+	}
+	if strings.Contains(err.Error(), "os: process already finished") ||
+		strings.Contains(err.Error(), "container not running") ||
+		strings.Contains(strings.ToLower(err.Error()), "no such process") ||
+		err == unix.ESRCH {
+		return errors.Wrapf(errdefs.ErrNotFound, "process already finished")
+	} else if strings.Contains(err.Error(), "does not exist") {
+		return errors.Wrapf(errdefs.ErrNotFound, "no such container")
+	}
+	return errors.Wrapf(err, "unknown error after kill")
+}
+
+func newPidFile(bundle string) *pidFile {
+	return &pidFile{
+		path: filepath.Join(bundle, InitPidFile),
+	}
+}
+
+func newExecPidFile(bundle, id string) *pidFile {
+	return &pidFile{
+		path: filepath.Join(bundle, fmt.Sprintf("%s.pid", id)),
+	}
+}
+
+type pidFile struct {
+	path string
+}
+
+func (p *pidFile) Path() string {
+	return p.path
+}
+
+func (p *pidFile) Read() (int, error) {
+	return runc.ReadPidFile(p.path)
+}
+
+// waitTimeout handles waiting on a waitgroup with a specified timeout.
+// this is commonly used for waiting on IO to finish after a process has exited
+func waitTimeout(ctx context.Context, wg *sync.WaitGroup, timeout time.Duration) error {
+	ctx, cancel := context.WithTimeout(ctx, timeout)
+	defer cancel()
+	done := make(chan struct{})
+	go func() {
+		wg.Wait()
+		close(done)
+	}()
+	select {
+	case <-done:
+		return nil
+	case <-ctx.Done():
+		return ctx.Err()
+	}
+}
+
+func stateName(v interface{}) string {
+	switch v.(type) {
+	case *runningState, *execRunningState:
+		return "running"
+	case *createdState, *execCreatedState, *createdCheckpointState:
+		return "created"
+	case *pausedState:
+		return "paused"
+	case *deletedState:
+		return "deleted"
+	case *stoppedState:
+		return "stopped"
+	}
+	panic(errors.Errorf("invalid state %v", v))
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp.go b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp.go
new file mode 100644
index 0000000000000..74982358a83cd
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp.go
@@ -0,0 +1,25 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package seccomp
+
+// IsEnabled checks whether seccomp support is enabled. On Linux, it returns
+// true if the kernel has been configured to support seccomp (kernel options
+// CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are set). On non-Linux, it always
+// returns false.
+func IsEnabled() bool {
+	return isEnabled()
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_linux.go b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_linux.go
new file mode 100644
index 0000000000000..a23b492c6fbeb
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_linux.go
@@ -0,0 +1,80 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+/*
+   Copyright The runc Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package seccomp
+
+import (
+	"sync"
+
+	"golang.org/x/sys/unix"
+)
+
+var (
+	enabled     bool
+	enabledOnce sync.Once
+)
+
+// isEnabled returns whether the kernel has been configured to support seccomp
+// (including the check for CONFIG_SECCOMP_FILTER kernel option).
+func isEnabled() bool {
+	// Excerpts from prctl(2), section ERRORS:
+	//
+	// EACCES
+	//      option is PR_SET_SECCOMP and arg2 is SECCOMP_MODE_FILTER, but
+	//      the process does not have the CAP_SYS_ADMIN capability or has
+	//      not set the no_new_privs attribute <...>.
+	// <...>
+	// EFAULT
+	//      option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER, the
+	//      system was built with CONFIG_SECCOMP_FILTER, and arg3 is an
+	//      invalid address.
+	// <...>
+	// EINVAL
+	//      option is PR_SET_SECCOMP or PR_GET_SECCOMP, and the kernel
+	//      was not configured with CONFIG_SECCOMP.
+	//
+	// EINVAL
+	//      option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER,
+	//      and the kernel was not configured with CONFIG_SECCOMP_FILTER.
+	// <end of quote>
+	//
+	// Meaning, in case these kernel options are set (this is what we check
+	// for here), we will get some other error (most probably EACCES or
+	// EFAULT). IOW, EINVAL means "seccomp not supported", any other error
+	// means it is supported.
+
+	enabledOnce.Do(func() {
+		enabled = unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0) != unix.EINVAL
+	})
+
+	return enabled
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_unsupported.go b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_unsupported.go
new file mode 100644
index 0000000000000..87b133426ce42
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_unsupported.go
@@ -0,0 +1,23 @@
+// +build !linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package seccomp
+
+func isEnabled() bool {
+	return false
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/stdio/platform.go b/vendor/github.com/containerd/containerd/pkg/stdio/platform.go
new file mode 100644
index 0000000000000..ca8688fc00a45
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/stdio/platform.go
@@ -0,0 +1,33 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package stdio
+
+import (
+	"context"
+	"sync"
+
+	"github.com/containerd/console"
+)
+
+// Platform handles platform-specific behavior that may differs across
+// platform implementations
+type Platform interface {
+	CopyConsole(ctx context.Context, console console.Console, id, stdin, stdout, stderr string,
+		wg *sync.WaitGroup) (console.Console, error)
+	ShutdownConsole(ctx context.Context, console console.Console) error
+	Close() error
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/stdio/stdio.go b/vendor/github.com/containerd/containerd/pkg/stdio/stdio.go
new file mode 100644
index 0000000000000..b02e77dcdd7dd
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/stdio/stdio.go
@@ -0,0 +1,30 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package stdio
+
+// Stdio of a process
+type Stdio struct {
+	Stdin    string
+	Stdout   string
+	Stderr   string
+	Terminal bool
+}
+
+// IsNull returns true if the stdio is not defined
+func (s Stdio) IsNull() bool {
+	return s.Stdin == "" && s.Stdout == "" && s.Stderr == ""
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/userns/userns_linux.go b/vendor/github.com/containerd/containerd/pkg/userns/userns_linux.go
new file mode 100644
index 0000000000000..6656465efbca5
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/userns/userns_linux.go
@@ -0,0 +1,62 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package userns
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"sync"
+)
+
+var (
+	inUserNS bool
+	nsOnce   sync.Once
+)
+
+// RunningInUserNS detects whether we are currently running in a user namespace.
+// Originally copied from github.com/lxc/lxd/shared/util.go
+func RunningInUserNS() bool {
+	nsOnce.Do(func() {
+		file, err := os.Open("/proc/self/uid_map")
+		if err != nil {
+			// This kernel-provided file only exists if user namespaces are supported
+			return
+		}
+		defer file.Close()
+
+		buf := bufio.NewReader(file)
+		l, _, err := buf.ReadLine()
+		if err != nil {
+			return
+		}
+
+		line := string(l)
+		var a, b, c int64
+		fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
+
+		/*
+		 * We assume we are in the initial user namespace if we have a full
+		 * range - 4294967295 uids starting at uid 0.
+		 */
+		if a == 0 && b == 0 && c == 4294967295 {
+			return
+		}
+		inUserNS = true
+	})
+	return inUserNS
+}
diff --git a/vendor/github.com/containerd/containerd/pkg/userns/userns_unsupported.go b/vendor/github.com/containerd/containerd/pkg/userns/userns_unsupported.go
new file mode 100644
index 0000000000000..aab756fd2a605
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pkg/userns/userns_unsupported.go
@@ -0,0 +1,25 @@
+// +build !linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package userns
+
+// RunningInUserNS is a stub for non-Linux systems
+// Always returns false
+func RunningInUserNS() bool {
+	return false
+}
diff --git a/vendor/github.com/containerd/containerd/platforms/compare.go b/vendor/github.com/containerd/containerd/platforms/compare.go
index 8259bbc851c48..c7657e1869bec 100644
--- a/vendor/github.com/containerd/containerd/platforms/compare.go
+++ b/vendor/github.com/containerd/containerd/platforms/compare.go
@@ -16,7 +16,12 @@
 
 package platforms
 
-import specs "github.com/opencontainers/image-spec/specs-go/v1"
+import (
+	"strconv"
+	"strings"
+
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+)
 
 // MatchComparer is able to match and compare platforms to
 // filter and sort platforms.
@@ -26,66 +31,70 @@ type MatchComparer interface {
 	Less(specs.Platform, specs.Platform) bool
 }
 
-// Only returns a match comparer for a single platform
-// using default resolution logic for the platform.
-//
-// For ARMv7, will also match ARMv6 and ARMv5
-// For ARMv6, will also match ARMv5
-func Only(platform specs.Platform) MatchComparer {
-	platform = Normalize(platform)
-	if platform.Architecture == "arm" {
-		if platform.Variant == "v7" {
-			return orderedPlatformComparer{
-				matchers: []Matcher{
-					&matcher{
-						Platform: platform,
-					},
-					&matcher{
-						Platform: specs.Platform{
-							Architecture: platform.Architecture,
-							OS:           platform.OS,
-							OSVersion:    platform.OSVersion,
-							OSFeatures:   platform.OSFeatures,
-							Variant:      "v6",
-						},
-					},
-					&matcher{
-						Platform: specs.Platform{
-							Architecture: platform.Architecture,
-							OS:           platform.OS,
-							OSVersion:    platform.OSVersion,
-							OSFeatures:   platform.OSFeatures,
-							Variant:      "v5",
-						},
-					},
-				},
+// platformVector returns an (ordered) vector of appropriate specs.Platform
+// objects to try matching for the given platform object (see platforms.Only).
+func platformVector(platform specs.Platform) []specs.Platform {
+	vector := []specs.Platform{platform}
+
+	switch platform.Architecture {
+	case "amd64":
+		vector = append(vector, specs.Platform{
+			Architecture: "386",
+			OS:           platform.OS,
+			OSVersion:    platform.OSVersion,
+			OSFeatures:   platform.OSFeatures,
+			Variant:      platform.Variant,
+		})
+	case "arm":
+		if armVersion, err := strconv.Atoi(strings.TrimPrefix(platform.Variant, "v")); err == nil && armVersion > 5 {
+			for armVersion--; armVersion >= 5; armVersion-- {
+				vector = append(vector, specs.Platform{
+					Architecture: platform.Architecture,
+					OS:           platform.OS,
+					OSVersion:    platform.OSVersion,
+					OSFeatures:   platform.OSFeatures,
+					Variant:      "v" + strconv.Itoa(armVersion),
+				})
 			}
 		}
-		if platform.Variant == "v6" {
-			return orderedPlatformComparer{
-				matchers: []Matcher{
-					&matcher{
-						Platform: platform,
-					},
-					&matcher{
-						Platform: specs.Platform{
-							Architecture: platform.Architecture,
-							OS:           platform.OS,
-							OSVersion:    platform.OSVersion,
-							OSFeatures:   platform.OSFeatures,
-							Variant:      "v5",
-						},
-					},
-				},
-			}
+	case "arm64":
+		variant := platform.Variant
+		if variant == "" {
+			variant = "v8"
 		}
+		vector = append(vector, platformVector(specs.Platform{
+			Architecture: "arm",
+			OS:           platform.OS,
+			OSVersion:    platform.OSVersion,
+			OSFeatures:   platform.OSFeatures,
+			Variant:      variant,
+		})...)
 	}
 
-	return singlePlatformComparer{
-		Matcher: &matcher{
-			Platform: platform,
-		},
-	}
+	return vector
+}
+
+// Only returns a match comparer for a single platform
+// using default resolution logic for the platform.
+//
+// For arm/v8, will also match arm/v7, arm/v6 and arm/v5
+// For arm/v7, will also match arm/v6 and arm/v5
+// For arm/v6, will also match arm/v5
+// For amd64, will also match 386
+func Only(platform specs.Platform) MatchComparer {
+	return Ordered(platformVector(Normalize(platform))...)
+}
+
+// OnlyStrict returns a match comparer for a single platform.
+//
+// Unlike Only, OnlyStrict does not match sub platforms.
+// So, "arm/vN" will not match "arm/vM" where M < N,
+// and "amd64" will not also match "386".
+//
+// OnlyStrict matches non-canonical forms.
+// So, "arm64" matches "arm/64/v8".
+func OnlyStrict(platform specs.Platform) MatchComparer {
+	return Ordered(Normalize(platform))
 }
 
 // Ordered returns a platform MatchComparer which matches any of the platforms
@@ -116,14 +125,6 @@ func Any(platforms ...specs.Platform) MatchComparer {
 // with preference for ordering.
 var All MatchComparer = allPlatformComparer{}
 
-type singlePlatformComparer struct {
-	Matcher
-}
-
-func (c singlePlatformComparer) Less(p1, p2 specs.Platform) bool {
-	return c.Match(p1) && !c.Match(p2)
-}
-
 type orderedPlatformComparer struct {
 	matchers []Matcher
 }
diff --git a/vendor/github.com/containerd/containerd/platforms/cpuinfo.go b/vendor/github.com/containerd/containerd/platforms/cpuinfo.go
index a5c5ab42b91fe..4a7177e313845 100644
--- a/vendor/github.com/containerd/containerd/platforms/cpuinfo.go
+++ b/vendor/github.com/containerd/containerd/platforms/cpuinfo.go
@@ -21,6 +21,7 @@ import (
 	"os"
 	"runtime"
 	"strings"
+	"sync"
 
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/log"
@@ -28,14 +29,18 @@ import (
 )
 
 // Present the ARM instruction set architecture, eg: v7, v8
-var cpuVariant string
+// Don't use this value directly; call cpuVariant() instead.
+var cpuVariantValue string
 
-func init() {
-	if isArmArch(runtime.GOARCH) {
-		cpuVariant = getCPUVariant()
-	} else {
-		cpuVariant = ""
-	}
+var cpuVariantOnce sync.Once
+
+func cpuVariant() string {
+	cpuVariantOnce.Do(func() {
+		if isArmArch(runtime.GOARCH) {
+			cpuVariantValue = getCPUVariant()
+		}
+	})
+	return cpuVariantValue
 }
 
 // For Linux, the kernel has already detected the ABI, ISA and Features.
@@ -74,22 +79,47 @@ func getCPUInfo(pattern string) (info string, err error) {
 }
 
 func getCPUVariant() string {
+	if runtime.GOOS == "windows" || runtime.GOOS == "darwin" {
+		// Windows/Darwin only supports v7 for ARM32 and v8 for ARM64 and so we can use
+		// runtime.GOARCH to determine the variants
+		var variant string
+		switch runtime.GOARCH {
+		case "arm64":
+			variant = "v8"
+		case "arm":
+			variant = "v7"
+		default:
+			variant = "unknown"
+		}
+
+		return variant
+	}
+
 	variant, err := getCPUInfo("Cpu architecture")
 	if err != nil {
 		log.L.WithError(err).Error("failure getting variant")
 		return ""
 	}
 
-	switch variant {
-	case "8":
+	// handle edge case for Raspberry Pi ARMv6 devices (which due to a kernel quirk, report "CPU architecture: 7")
+	// https://www.raspberrypi.org/forums/viewtopic.php?t=12614
+	if runtime.GOARCH == "arm" && variant == "7" {
+		model, err := getCPUInfo("model name")
+		if err == nil && strings.HasPrefix(strings.ToLower(model), "armv6-compatible") {
+			variant = "6"
+		}
+	}
+
+	switch strings.ToLower(variant) {
+	case "8", "aarch64":
 		variant = "v8"
-	case "7", "7M", "?(12)", "?(13)", "?(14)", "?(15)", "?(16)", "?(17)":
+	case "7", "7m", "?(12)", "?(13)", "?(14)", "?(15)", "?(16)", "?(17)":
 		variant = "v7"
-	case "6", "6TEJ":
+	case "6", "6tej":
 		variant = "v6"
-	case "5", "5T", "5TE", "5TEJ":
+	case "5", "5t", "5te", "5tej":
 		variant = "v5"
-	case "4", "4T":
+	case "4", "4t":
 		variant = "v4"
 	case "3":
 		variant = "v3"
diff --git a/vendor/github.com/containerd/containerd/platforms/database.go b/vendor/github.com/containerd/containerd/platforms/database.go
index 8e85448ed028c..6ede94061eb88 100644
--- a/vendor/github.com/containerd/containerd/platforms/database.go
+++ b/vendor/github.com/containerd/containerd/platforms/database.go
@@ -28,7 +28,7 @@ func isLinuxOS(os string) bool {
 	return os == "linux"
 }
 
-// These function are generated from from https://golang.org/src/go/build/syslist.go.
+// These function are generated from https://golang.org/src/go/build/syslist.go.
 //
 // We use switch statements because they are slightly faster than map lookups
 // and use a little less memory.
@@ -38,7 +38,7 @@ func isLinuxOS(os string) bool {
 // The OS value should be normalized before calling this function.
 func isKnownOS(os string) bool {
 	switch os {
-	case "android", "darwin", "dragonfly", "freebsd", "linux", "nacl", "netbsd", "openbsd", "plan9", "solaris", "windows", "zos":
+	case "aix", "android", "darwin", "dragonfly", "freebsd", "hurd", "illumos", "js", "linux", "nacl", "netbsd", "openbsd", "plan9", "solaris", "windows", "zos":
 		return true
 	}
 	return false
@@ -60,7 +60,7 @@ func isArmArch(arch string) bool {
 // The arch value should be normalized before being passed to this function.
 func isKnownArch(arch string) bool {
 	switch arch {
-	case "386", "amd64", "amd64p32", "arm", "armbe", "arm64", "arm64be", "ppc64", "ppc64le", "mips", "mipsle", "mips64", "mips64le", "mips64p32", "mips64p32le", "ppc", "s390", "s390x", "sparc", "sparc64":
+	case "386", "amd64", "amd64p32", "arm", "armbe", "arm64", "arm64be", "ppc64", "ppc64le", "mips", "mipsle", "mips64", "mips64le", "mips64p32", "mips64p32le", "ppc", "riscv", "riscv64", "s390", "s390x", "sparc", "sparc64", "wasm":
 		return true
 	}
 	return false
diff --git a/vendor/github.com/containerd/containerd/platforms/defaults.go b/vendor/github.com/containerd/containerd/platforms/defaults.go
index a14d80e58cbf7..cb77fbc9f7b96 100644
--- a/vendor/github.com/containerd/containerd/platforms/defaults.go
+++ b/vendor/github.com/containerd/containerd/platforms/defaults.go
@@ -33,6 +33,11 @@ func DefaultSpec() specs.Platform {
 		OS:           runtime.GOOS,
 		Architecture: runtime.GOARCH,
 		// The Variant field will be empty if arch != ARM.
-		Variant: cpuVariant,
+		Variant: cpuVariant(),
 	}
 }
+
+// DefaultStrict returns strict form of Default.
+func DefaultStrict() MatchComparer {
+	return OnlyStrict(DefaultSpec())
+}
diff --git a/vendor/github.com/containerd/containerd/platforms/defaults_windows.go b/vendor/github.com/containerd/containerd/platforms/defaults_windows.go
index 0defbd36c0424..0c380e3b7c113 100644
--- a/vendor/github.com/containerd/containerd/platforms/defaults_windows.go
+++ b/vendor/github.com/containerd/containerd/platforms/defaults_windows.go
@@ -19,13 +19,63 @@
 package platforms
 
 import (
+	"fmt"
+	"runtime"
+	"strconv"
+	"strings"
+
+	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"golang.org/x/sys/windows"
 )
 
-// Default returns the default matcher for the platform.
+type matchComparer struct {
+	defaults        Matcher
+	osVersionPrefix string
+}
+
+// Match matches platform with the same windows major, minor
+// and build version.
+func (m matchComparer) Match(p imagespec.Platform) bool {
+	if m.defaults.Match(p) {
+		// TODO(windows): Figure out whether OSVersion is deprecated.
+		return strings.HasPrefix(p.OSVersion, m.osVersionPrefix)
+	}
+	return false
+}
+
+// Less sorts matched platforms in front of other platforms.
+// For matched platforms, it puts platforms with larger revision
+// number in front.
+func (m matchComparer) Less(p1, p2 imagespec.Platform) bool {
+	m1, m2 := m.Match(p1), m.Match(p2)
+	if m1 && m2 {
+		r1, r2 := revision(p1.OSVersion), revision(p2.OSVersion)
+		return r1 > r2
+	}
+	return m1 && !m2
+}
+
+func revision(v string) int {
+	parts := strings.Split(v, ".")
+	if len(parts) < 4 {
+		return 0
+	}
+	r, err := strconv.Atoi(parts[3])
+	if err != nil {
+		return 0
+	}
+	return r
+}
+
+// Default returns the current platform's default platform specification.
 func Default() MatchComparer {
-	return Ordered(DefaultSpec(), specs.Platform{
-		OS:           "linux",
-		Architecture: "amd64",
-	})
+	major, minor, build := windows.RtlGetNtVersionNumbers()
+	return matchComparer{
+		defaults: Ordered(DefaultSpec(), specs.Platform{
+			OS:           "linux",
+			Architecture: runtime.GOARCH,
+		}),
+		osVersionPrefix: fmt.Sprintf("%d.%d.%d", major, minor, build),
+	}
 }
diff --git a/vendor/github.com/containerd/containerd/platforms/platforms.go b/vendor/github.com/containerd/containerd/platforms/platforms.go
index 2c2cc1102e189..088bdea05086d 100644
--- a/vendor/github.com/containerd/containerd/platforms/platforms.go
+++ b/vendor/github.com/containerd/containerd/platforms/platforms.go
@@ -130,7 +130,7 @@ type Matcher interface {
 // specification. The returned matcher only looks for equality based on os,
 // architecture and variant.
 //
-// One may implement their own matcher if this doesn't provide the the required
+// One may implement their own matcher if this doesn't provide the required
 // functionality.
 //
 // Applications should opt to use `Match` over directly parsing specifiers.
@@ -189,9 +189,8 @@ func Parse(specifier string) (specs.Platform, error) {
 		if isKnownOS(p.OS) {
 			// picks a default architecture
 			p.Architecture = runtime.GOARCH
-			if p.Architecture == "arm" {
-				// TODO(stevvooe): Resolve arm variant, if not v6 (default)
-				return specs.Platform{}, errors.Wrapf(errdefs.ErrNotImplemented, "arm support not fully implemented")
+			if p.Architecture == "arm" && cpuVariant() != "v7" {
+				p.Variant = cpuVariant()
 			}
 
 			return p, nil
diff --git a/vendor/github.com/containerd/containerd/plugin/context.go b/vendor/github.com/containerd/containerd/plugin/context.go
index 1211c907ef671..75b7366fca36e 100644
--- a/vendor/github.com/containerd/containerd/plugin/context.go
+++ b/vendor/github.com/containerd/containerd/plugin/context.go
@@ -28,12 +28,13 @@ import (
 
 // InitContext is used for plugin inititalization
 type InitContext struct {
-	Context context.Context
-	Root    string
-	State   string
-	Config  interface{}
-	Address string
-	Events  *exchange.Exchange
+	Context      context.Context
+	Root         string
+	State        string
+	Config       interface{}
+	Address      string
+	TTRPCAddress string
+	Events       *exchange.Exchange
 
 	Meta *Meta // plugins can fill in metadata at init.
 
diff --git a/vendor/github.com/containerd/containerd/plugin/plugin.go b/vendor/github.com/containerd/containerd/plugin/plugin.go
index 0847ae7f28f6e..2674edeb1b9a6 100644
--- a/vendor/github.com/containerd/containerd/plugin/plugin.go
+++ b/vendor/github.com/containerd/containerd/plugin/plugin.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/containerd/ttrpc"
 	"github.com/pkg/errors"
 	"google.golang.org/grpc"
 )
@@ -29,7 +30,8 @@ var (
 	ErrNoType = errors.New("plugin: no type")
 	// ErrNoPluginID is returned when no id is specified
 	ErrNoPluginID = errors.New("plugin: no id")
-
+	// ErrIDRegistered is returned when a duplicate id is already registered
+	ErrIDRegistered = errors.New("plugin: id already registered")
 	// ErrSkipPlugin is used when a plugin is not initialized and should not be loaded,
 	// this allows the plugin loader differentiate between a plugin which is configured
 	// not to load and one that fails to load.
@@ -42,10 +44,7 @@ var (
 
 // IsSkipPlugin returns true if the error is skipping the plugin
 func IsSkipPlugin(err error) bool {
-	if errors.Cause(err) == ErrSkipPlugin {
-		return true
-	}
-	return false
+	return errors.Is(err, ErrSkipPlugin)
 }
 
 // Type is the type of the plugin
@@ -78,6 +77,15 @@ const (
 	GCPlugin Type = "io.containerd.gc.v1"
 )
 
+const (
+	// RuntimeLinuxV1 is the legacy linux runtime
+	RuntimeLinuxV1 = "io.containerd.runtime.v1.linux"
+	// RuntimeRuncV1 is the runc runtime that supports a single container
+	RuntimeRuncV1 = "io.containerd.runc.v1"
+	// RuntimeRuncV2 is the runc runtime that supports multiple containers per shim
+	RuntimeRuncV2 = "io.containerd.runc.v2"
+)
+
 // Registration contains information for registering a plugin
 type Registration struct {
 	// Type of the plugin
@@ -93,6 +101,8 @@ type Registration struct {
 	// context are passed in. The init function may modify the registration to
 	// add exports, capabilities and platform support declarations.
 	InitFn func(*InitContext) (interface{}, error)
+	// Disable the plugin from loading
+	Disable bool
 }
 
 // Init the registered plugin
@@ -117,6 +127,16 @@ type Service interface {
 	Register(*grpc.Server) error
 }
 
+// TTRPCService allows TTRPC services to be registered with the underlying server
+type TTRPCService interface {
+	RegisterTTRPC(*ttrpc.Server) error
+}
+
+// TCPService allows GRPC services to be registered with the underlying tcp server
+type TCPService interface {
+	RegisterTCP(*grpc.Server) error
+}
+
 var register = struct {
 	sync.RWMutex
 	r []*Registration
@@ -140,12 +160,16 @@ func Load(path string) (err error) {
 func Register(r *Registration) {
 	register.Lock()
 	defer register.Unlock()
+
 	if r.Type == "" {
 		panic(ErrNoType)
 	}
 	if r.ID == "" {
 		panic(ErrNoPluginID)
 	}
+	if err := checkUnique(r); err != nil {
+		panic(err)
+	}
 
 	var last bool
 	for _, requires := range r.Requires {
@@ -160,24 +184,36 @@ func Register(r *Registration) {
 	register.r = append(register.r, r)
 }
 
+func checkUnique(r *Registration) error {
+	for _, registered := range register.r {
+		if r.URI() == registered.URI() {
+			return errors.Wrap(ErrIDRegistered, r.URI())
+		}
+	}
+	return nil
+}
+
+// DisableFilter filters out disabled plugins
+type DisableFilter func(r *Registration) bool
+
 // Graph returns an ordered list of registered plugins for initialization.
 // Plugins in disableList specified by id will be disabled.
-func Graph(disableList []string) (ordered []*Registration) {
+func Graph(filter DisableFilter) (ordered []*Registration) {
 	register.RLock()
 	defer register.RUnlock()
-	for _, d := range disableList {
-		for i, r := range register.r {
-			if r.ID == d {
-				register.r = append(register.r[:i], register.r[i+1:]...)
-				break
-			}
+
+	for _, r := range register.r {
+		if filter(r) {
+			r.Disable = true
 		}
 	}
 
 	added := map[*Registration]bool{}
 	for _, r := range register.r {
-
-		children(r.ID, r.Requires, added, &ordered)
+		if r.Disable {
+			continue
+		}
+		children(r, added, &ordered)
 		if !added[r] {
 			ordered = append(ordered, r)
 			added[r] = true
@@ -186,11 +222,13 @@ func Graph(disableList []string) (ordered []*Registration) {
 	return ordered
 }
 
-func children(id string, types []Type, added map[*Registration]bool, ordered *[]*Registration) {
-	for _, t := range types {
+func children(reg *Registration, added map[*Registration]bool, ordered *[]*Registration) {
+	for _, t := range reg.Requires {
 		for _, r := range register.r {
-			if r.ID != id && (t == "*" || r.Type == t) {
-				children(r.ID, r.Requires, added, ordered)
+			if !r.Disable &&
+				r.URI() != reg.URI() &&
+				(t == "*" || r.Type == t) {
+				children(r, added, ordered)
 				if !added[r] {
 					*ordered = append(*ordered, r)
 					added[r] = true
diff --git a/vendor/github.com/containerd/containerd/plugin/plugin_go18.go b/vendor/github.com/containerd/containerd/plugin/plugin_go18.go
index 5b82db868584b..927fe61965aeb 100644
--- a/vendor/github.com/containerd/containerd/plugin/plugin_go18.go
+++ b/vendor/github.com/containerd/containerd/plugin/plugin_go18.go
@@ -1,4 +1,4 @@
-// +build go1.8,!windows,amd64,!static_build
+// +build go1.8,!windows,amd64,!static_build,!gccgo
 
 /*
    Copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/containerd/plugin/plugin_other.go b/vendor/github.com/containerd/containerd/plugin/plugin_other.go
index 2978f60fd3b4a..0c5e14165cffd 100644
--- a/vendor/github.com/containerd/containerd/plugin/plugin_other.go
+++ b/vendor/github.com/containerd/containerd/plugin/plugin_other.go
@@ -1,4 +1,4 @@
-// +build !go1.8 windows !amd64 static_build
+// +build !go1.8 windows !amd64 static_build gccgo
 
 /*
    Copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/containerd/process.go b/vendor/github.com/containerd/containerd/process.go
index ff7d838cde05d..5b302569babe8 100644
--- a/vendor/github.com/containerd/containerd/process.go
+++ b/vendor/github.com/containerd/containerd/process.go
@@ -44,7 +44,7 @@ type Process interface {
 	Wait(context.Context) (<-chan ExitStatus, error)
 	// CloseIO allows various pipes to be closed on the process
 	CloseIO(context.Context, ...IOCloserOpts) error
-	// Resize changes the width and heigh of the process's terminal
+	// Resize changes the width and height of the process's terminal
 	Resize(ctx context.Context, w, h uint32) error
 	// IO returns the io set for the process
 	IO() cio.IO
@@ -52,7 +52,16 @@ type Process interface {
 	Status(context.Context) (Status, error)
 }
 
-// ExitStatus encapsulates a process' exit status.
+// NewExitStatus populates an ExitStatus
+func NewExitStatus(code uint32, t time.Time, err error) *ExitStatus {
+	return &ExitStatus{
+		code:     code,
+		exitedAt: t,
+		err:      err,
+	}
+}
+
+// ExitStatus encapsulates a process's exit status.
 // It is used by `Wait()` to return either a process exit code or an error
 type ExitStatus struct {
 	code     uint32
@@ -111,9 +120,11 @@ func (p *process) Start(ctx context.Context) error {
 		ExecID:      p.id,
 	})
 	if err != nil {
-		p.io.Cancel()
-		p.io.Wait()
-		p.io.Close()
+		if p.io != nil {
+			p.io.Cancel()
+			p.io.Wait()
+			p.io.Close()
+		}
 		return errdefs.FromGRPC(err)
 	}
 	p.pid = r.Pid
diff --git a/vendor/github.com/containerd/containerd/pull.go b/vendor/github.com/containerd/containerd/pull.go
new file mode 100644
index 0000000000000..36365513f69bf
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/pull.go
@@ -0,0 +1,255 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
+	"github.com/containerd/containerd/remotes/docker/schema1"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
+	"golang.org/x/sync/semaphore"
+)
+
+// Pull downloads the provided content into containerd's content store
+// and returns a platform specific image object
+func (c *Client) Pull(ctx context.Context, ref string, opts ...RemoteOpt) (_ Image, retErr error) {
+	pullCtx := defaultRemoteContext()
+	for _, o := range opts {
+		if err := o(c, pullCtx); err != nil {
+			return nil, err
+		}
+	}
+
+	if pullCtx.PlatformMatcher == nil {
+		if len(pullCtx.Platforms) > 1 {
+			return nil, errors.New("cannot pull multiplatform image locally, try Fetch")
+		} else if len(pullCtx.Platforms) == 0 {
+			pullCtx.PlatformMatcher = c.platform
+		} else {
+			p, err := platforms.Parse(pullCtx.Platforms[0])
+			if err != nil {
+				return nil, errors.Wrapf(err, "invalid platform %s", pullCtx.Platforms[0])
+			}
+
+			pullCtx.PlatformMatcher = platforms.Only(p)
+		}
+	}
+
+	ctx, done, err := c.WithLease(ctx)
+	if err != nil {
+		return nil, err
+	}
+	defer done(ctx)
+
+	var unpacks int32
+	var unpackEg *errgroup.Group
+	var unpackWrapper func(f images.Handler) images.Handler
+
+	if pullCtx.Unpack {
+		// unpacker only supports schema 2 image, for schema 1 this is noop.
+		u, err := c.newUnpacker(ctx, pullCtx)
+		if err != nil {
+			return nil, errors.Wrap(err, "create unpacker")
+		}
+		unpackWrapper, unpackEg = u.handlerWrapper(ctx, pullCtx, &unpacks)
+		defer func() {
+			if err := unpackEg.Wait(); err != nil {
+				if retErr == nil {
+					retErr = errors.Wrap(err, "unpack")
+				}
+			}
+		}()
+		wrapper := pullCtx.HandlerWrapper
+		pullCtx.HandlerWrapper = func(h images.Handler) images.Handler {
+			if wrapper == nil {
+				return unpackWrapper(h)
+			}
+			return unpackWrapper(wrapper(h))
+		}
+	}
+
+	img, err := c.fetch(ctx, pullCtx, ref, 1)
+	if err != nil {
+		return nil, err
+	}
+
+	// NOTE(fuweid): unpacker defers blobs download. before create image
+	// record in ImageService, should wait for unpacking(including blobs
+	// download).
+	if pullCtx.Unpack {
+		if unpackEg != nil {
+			if err := unpackEg.Wait(); err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	img, err = c.createNewImage(ctx, img)
+	if err != nil {
+		return nil, err
+	}
+
+	i := NewImageWithPlatform(c, img, pullCtx.PlatformMatcher)
+
+	if pullCtx.Unpack {
+		if unpacks == 0 {
+			// Try to unpack is none is done previously.
+			// This is at least required for schema 1 image.
+			if err := i.Unpack(ctx, pullCtx.Snapshotter, pullCtx.UnpackOpts...); err != nil {
+				return nil, errors.Wrapf(err, "failed to unpack image on snapshotter %s", pullCtx.Snapshotter)
+			}
+		}
+	}
+
+	return i, nil
+}
+
+func (c *Client) fetch(ctx context.Context, rCtx *RemoteContext, ref string, limit int) (images.Image, error) {
+	store := c.ContentStore()
+	name, desc, err := rCtx.Resolver.Resolve(ctx, ref)
+	if err != nil {
+		return images.Image{}, errors.Wrapf(err, "failed to resolve reference %q", ref)
+	}
+
+	fetcher, err := rCtx.Resolver.Fetcher(ctx, name)
+	if err != nil {
+		return images.Image{}, errors.Wrapf(err, "failed to get fetcher for %q", name)
+	}
+
+	var (
+		handler images.Handler
+
+		isConvertible bool
+		converterFunc func(context.Context, ocispec.Descriptor) (ocispec.Descriptor, error)
+		limiter       *semaphore.Weighted
+	)
+
+	if desc.MediaType == images.MediaTypeDockerSchema1Manifest && rCtx.ConvertSchema1 {
+		schema1Converter := schema1.NewConverter(store, fetcher)
+
+		handler = images.Handlers(append(rCtx.BaseHandlers, schema1Converter)...)
+
+		isConvertible = true
+
+		converterFunc = func(ctx context.Context, _ ocispec.Descriptor) (ocispec.Descriptor, error) {
+			return schema1Converter.Convert(ctx)
+		}
+	} else {
+		// Get all the children for a descriptor
+		childrenHandler := images.ChildrenHandler(store)
+		// Set any children labels for that content
+		childrenHandler = images.SetChildrenMappedLabels(store, childrenHandler, rCtx.ChildLabelMap)
+		if rCtx.AllMetadata {
+			// Filter manifests by platforms but allow to handle manifest
+			// and configuration for not-target platforms
+			childrenHandler = remotes.FilterManifestByPlatformHandler(childrenHandler, rCtx.PlatformMatcher)
+		} else {
+			// Filter children by platforms if specified.
+			childrenHandler = images.FilterPlatforms(childrenHandler, rCtx.PlatformMatcher)
+		}
+		// Sort and limit manifests if a finite number is needed
+		if limit > 0 {
+			childrenHandler = images.LimitManifests(childrenHandler, rCtx.PlatformMatcher, limit)
+		}
+
+		// set isConvertible to true if there is application/octet-stream media type
+		convertibleHandler := images.HandlerFunc(
+			func(_ context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+				if desc.MediaType == docker.LegacyConfigMediaType {
+					isConvertible = true
+				}
+
+				return []ocispec.Descriptor{}, nil
+			},
+		)
+
+		appendDistSrcLabelHandler, err := docker.AppendDistributionSourceLabel(store, ref)
+		if err != nil {
+			return images.Image{}, err
+		}
+
+		handlers := append(rCtx.BaseHandlers,
+			remotes.FetchHandler(store, fetcher),
+			convertibleHandler,
+			childrenHandler,
+			appendDistSrcLabelHandler,
+		)
+
+		handler = images.Handlers(handlers...)
+
+		converterFunc = func(ctx context.Context, desc ocispec.Descriptor) (ocispec.Descriptor, error) {
+			return docker.ConvertManifest(ctx, store, desc)
+		}
+	}
+
+	if rCtx.HandlerWrapper != nil {
+		handler = rCtx.HandlerWrapper(handler)
+	}
+
+	if rCtx.MaxConcurrentDownloads > 0 {
+		limiter = semaphore.NewWeighted(int64(rCtx.MaxConcurrentDownloads))
+	}
+
+	if err := images.Dispatch(ctx, handler, limiter, desc); err != nil {
+		return images.Image{}, err
+	}
+
+	if isConvertible {
+		if desc, err = converterFunc(ctx, desc); err != nil {
+			return images.Image{}, err
+		}
+	}
+
+	return images.Image{
+		Name:   name,
+		Target: desc,
+		Labels: rCtx.Labels,
+	}, nil
+}
+
+func (c *Client) createNewImage(ctx context.Context, img images.Image) (images.Image, error) {
+	is := c.ImageService()
+	for {
+		if created, err := is.Create(ctx, img); err != nil {
+			if !errdefs.IsAlreadyExists(err) {
+				return images.Image{}, err
+			}
+
+			updated, err := is.Update(ctx, img)
+			if err != nil {
+				// if image was removed, try create again
+				if errdefs.IsNotFound(err) {
+					continue
+				}
+				return images.Image{}, err
+			}
+
+			img = updated
+		} else {
+			img = created
+		}
+
+		return img, nil
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/reference/docker/reference.go b/vendor/github.com/containerd/containerd/reference/docker/reference.go
new file mode 100644
index 0000000000000..0998639b0305c
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/reference/docker/reference.go
@@ -0,0 +1,797 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+// Package docker provides a general type to represent any way of referencing images within the registry.
+// Its main purpose is to abstract tags and digests (content-addressable hash).
+//
+// Grammar
+//
+// 	reference                       := name [ ":" tag ] [ "@" digest ]
+//	name                            := [domain '/'] path-component ['/' path-component]*
+//	domain                          := domain-component ['.' domain-component]* [':' port-number]
+//	domain-component                := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
+//	port-number                     := /[0-9]+/
+//	path-component                  := alpha-numeric [separator alpha-numeric]*
+// 	alpha-numeric                   := /[a-z0-9]+/
+//	separator                       := /[_.]|__|[-]*/
+//
+//	tag                             := /[\w][\w.-]{0,127}/
+//
+//	digest                          := digest-algorithm ":" digest-hex
+//	digest-algorithm                := digest-algorithm-component [ digest-algorithm-separator digest-algorithm-component ]*
+//	digest-algorithm-separator      := /[+.-_]/
+//	digest-algorithm-component      := /[A-Za-z][A-Za-z0-9]*/
+//	digest-hex                      := /[0-9a-fA-F]{32,}/ ; At least 128 bit digest value
+//
+//	identifier                      := /[a-f0-9]{64}/
+//	short-identifier                := /[a-f0-9]{6,64}/
+package docker
+
+import (
+	"errors"
+	"fmt"
+	"path"
+	"regexp"
+	"strings"
+
+	"github.com/opencontainers/go-digest"
+)
+
+const (
+	// NameTotalLengthMax is the maximum total number of characters in a repository name.
+	NameTotalLengthMax = 255
+)
+
+var (
+	// ErrReferenceInvalidFormat represents an error while trying to parse a string as a reference.
+	ErrReferenceInvalidFormat = errors.New("invalid reference format")
+
+	// ErrTagInvalidFormat represents an error while trying to parse a string as a tag.
+	ErrTagInvalidFormat = errors.New("invalid tag format")
+
+	// ErrDigestInvalidFormat represents an error while trying to parse a string as a tag.
+	ErrDigestInvalidFormat = errors.New("invalid digest format")
+
+	// ErrNameContainsUppercase is returned for invalid repository names that contain uppercase characters.
+	ErrNameContainsUppercase = errors.New("repository name must be lowercase")
+
+	// ErrNameEmpty is returned for empty, invalid repository names.
+	ErrNameEmpty = errors.New("repository name must have at least one component")
+
+	// ErrNameTooLong is returned when a repository name is longer than NameTotalLengthMax.
+	ErrNameTooLong = fmt.Errorf("repository name must not be more than %v characters", NameTotalLengthMax)
+
+	// ErrNameNotCanonical is returned when a name is not canonical.
+	ErrNameNotCanonical = errors.New("repository name must be canonical")
+)
+
+// Reference is an opaque object reference identifier that may include
+// modifiers such as a hostname, name, tag, and digest.
+type Reference interface {
+	// String returns the full reference
+	String() string
+}
+
+// Field provides a wrapper type for resolving correct reference types when
+// working with encoding.
+type Field struct {
+	reference Reference
+}
+
+// AsField wraps a reference in a Field for encoding.
+func AsField(reference Reference) Field {
+	return Field{reference}
+}
+
+// Reference unwraps the reference type from the field to
+// return the Reference object. This object should be
+// of the appropriate type to further check for different
+// reference types.
+func (f Field) Reference() Reference {
+	return f.reference
+}
+
+// MarshalText serializes the field to byte text which
+// is the string of the reference.
+func (f Field) MarshalText() (p []byte, err error) {
+	return []byte(f.reference.String()), nil
+}
+
+// UnmarshalText parses text bytes by invoking the
+// reference parser to ensure the appropriately
+// typed reference object is wrapped by field.
+func (f *Field) UnmarshalText(p []byte) error {
+	r, err := Parse(string(p))
+	if err != nil {
+		return err
+	}
+
+	f.reference = r
+	return nil
+}
+
+// Named is an object with a full name
+type Named interface {
+	Reference
+	Name() string
+}
+
+// Tagged is an object which has a tag
+type Tagged interface {
+	Reference
+	Tag() string
+}
+
+// NamedTagged is an object including a name and tag.
+type NamedTagged interface {
+	Named
+	Tag() string
+}
+
+// Digested is an object which has a digest
+// in which it can be referenced by
+type Digested interface {
+	Reference
+	Digest() digest.Digest
+}
+
+// Canonical reference is an object with a fully unique
+// name including a name with domain and digest
+type Canonical interface {
+	Named
+	Digest() digest.Digest
+}
+
+// namedRepository is a reference to a repository with a name.
+// A namedRepository has both domain and path components.
+type namedRepository interface {
+	Named
+	Domain() string
+	Path() string
+}
+
+// Domain returns the domain part of the Named reference
+func Domain(named Named) string {
+	if r, ok := named.(namedRepository); ok {
+		return r.Domain()
+	}
+	domain, _ := splitDomain(named.Name())
+	return domain
+}
+
+// Path returns the name without the domain part of the Named reference
+func Path(named Named) (name string) {
+	if r, ok := named.(namedRepository); ok {
+		return r.Path()
+	}
+	_, path := splitDomain(named.Name())
+	return path
+}
+
+func splitDomain(name string) (string, string) {
+	match := anchoredNameRegexp.FindStringSubmatch(name)
+	if len(match) != 3 {
+		return "", name
+	}
+	return match[1], match[2]
+}
+
+// SplitHostname splits a named reference into a
+// hostname and name string. If no valid hostname is
+// found, the hostname is empty and the full value
+// is returned as name
+// DEPRECATED: Use Domain or Path
+func SplitHostname(named Named) (string, string) {
+	if r, ok := named.(namedRepository); ok {
+		return r.Domain(), r.Path()
+	}
+	return splitDomain(named.Name())
+}
+
+// Parse parses s and returns a syntactically valid Reference.
+// If an error was encountered it is returned, along with a nil Reference.
+// NOTE: Parse will not handle short digests.
+func Parse(s string) (Reference, error) {
+	matches := ReferenceRegexp.FindStringSubmatch(s)
+	if matches == nil {
+		if s == "" {
+			return nil, ErrNameEmpty
+		}
+		if ReferenceRegexp.FindStringSubmatch(strings.ToLower(s)) != nil {
+			return nil, ErrNameContainsUppercase
+		}
+		return nil, ErrReferenceInvalidFormat
+	}
+
+	if len(matches[1]) > NameTotalLengthMax {
+		return nil, ErrNameTooLong
+	}
+
+	var repo repository
+
+	nameMatch := anchoredNameRegexp.FindStringSubmatch(matches[1])
+	if len(nameMatch) == 3 {
+		repo.domain = nameMatch[1]
+		repo.path = nameMatch[2]
+	} else {
+		repo.domain = ""
+		repo.path = matches[1]
+	}
+
+	ref := reference{
+		namedRepository: repo,
+		tag:             matches[2],
+	}
+	if matches[3] != "" {
+		var err error
+		ref.digest, err = digest.Parse(matches[3])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	r := getBestReferenceType(ref)
+	if r == nil {
+		return nil, ErrNameEmpty
+	}
+
+	return r, nil
+}
+
+// ParseNamed parses s and returns a syntactically valid reference implementing
+// the Named interface. The reference must have a name and be in the canonical
+// form, otherwise an error is returned.
+// If an error was encountered it is returned, along with a nil Reference.
+// NOTE: ParseNamed will not handle short digests.
+func ParseNamed(s string) (Named, error) {
+	named, err := ParseNormalizedNamed(s)
+	if err != nil {
+		return nil, err
+	}
+	if named.String() != s {
+		return nil, ErrNameNotCanonical
+	}
+	return named, nil
+}
+
+// WithName returns a named object representing the given string. If the input
+// is invalid ErrReferenceInvalidFormat will be returned.
+func WithName(name string) (Named, error) {
+	if len(name) > NameTotalLengthMax {
+		return nil, ErrNameTooLong
+	}
+
+	match := anchoredNameRegexp.FindStringSubmatch(name)
+	if match == nil || len(match) != 3 {
+		return nil, ErrReferenceInvalidFormat
+	}
+	return repository{
+		domain: match[1],
+		path:   match[2],
+	}, nil
+}
+
+// WithTag combines the name from "name" and the tag from "tag" to form a
+// reference incorporating both the name and the tag.
+func WithTag(name Named, tag string) (NamedTagged, error) {
+	if !anchoredTagRegexp.MatchString(tag) {
+		return nil, ErrTagInvalidFormat
+	}
+	var repo repository
+	if r, ok := name.(namedRepository); ok {
+		repo.domain = r.Domain()
+		repo.path = r.Path()
+	} else {
+		repo.path = name.Name()
+	}
+	if canonical, ok := name.(Canonical); ok {
+		return reference{
+			namedRepository: repo,
+			tag:             tag,
+			digest:          canonical.Digest(),
+		}, nil
+	}
+	return taggedReference{
+		namedRepository: repo,
+		tag:             tag,
+	}, nil
+}
+
+// WithDigest combines the name from "name" and the digest from "digest" to form
+// a reference incorporating both the name and the digest.
+func WithDigest(name Named, digest digest.Digest) (Canonical, error) {
+	if !anchoredDigestRegexp.MatchString(digest.String()) {
+		return nil, ErrDigestInvalidFormat
+	}
+	var repo repository
+	if r, ok := name.(namedRepository); ok {
+		repo.domain = r.Domain()
+		repo.path = r.Path()
+	} else {
+		repo.path = name.Name()
+	}
+	if tagged, ok := name.(Tagged); ok {
+		return reference{
+			namedRepository: repo,
+			tag:             tagged.Tag(),
+			digest:          digest,
+		}, nil
+	}
+	return canonicalReference{
+		namedRepository: repo,
+		digest:          digest,
+	}, nil
+}
+
+// TrimNamed removes any tag or digest from the named reference.
+func TrimNamed(ref Named) Named {
+	domain, path := SplitHostname(ref)
+	return repository{
+		domain: domain,
+		path:   path,
+	}
+}
+
+func getBestReferenceType(ref reference) Reference {
+	if ref.Name() == "" {
+		// Allow digest only references
+		if ref.digest != "" {
+			return digestReference(ref.digest)
+		}
+		return nil
+	}
+	if ref.tag == "" {
+		if ref.digest != "" {
+			return canonicalReference{
+				namedRepository: ref.namedRepository,
+				digest:          ref.digest,
+			}
+		}
+		return ref.namedRepository
+	}
+	if ref.digest == "" {
+		return taggedReference{
+			namedRepository: ref.namedRepository,
+			tag:             ref.tag,
+		}
+	}
+
+	return ref
+}
+
+type reference struct {
+	namedRepository
+	tag    string
+	digest digest.Digest
+}
+
+func (r reference) String() string {
+	return r.Name() + ":" + r.tag + "@" + r.digest.String()
+}
+
+func (r reference) Tag() string {
+	return r.tag
+}
+
+func (r reference) Digest() digest.Digest {
+	return r.digest
+}
+
+type repository struct {
+	domain string
+	path   string
+}
+
+func (r repository) String() string {
+	return r.Name()
+}
+
+func (r repository) Name() string {
+	if r.domain == "" {
+		return r.path
+	}
+	return r.domain + "/" + r.path
+}
+
+func (r repository) Domain() string {
+	return r.domain
+}
+
+func (r repository) Path() string {
+	return r.path
+}
+
+type digestReference digest.Digest
+
+func (d digestReference) String() string {
+	return digest.Digest(d).String()
+}
+
+func (d digestReference) Digest() digest.Digest {
+	return digest.Digest(d)
+}
+
+type taggedReference struct {
+	namedRepository
+	tag string
+}
+
+func (t taggedReference) String() string {
+	return t.Name() + ":" + t.tag
+}
+
+func (t taggedReference) Tag() string {
+	return t.tag
+}
+
+type canonicalReference struct {
+	namedRepository
+	digest digest.Digest
+}
+
+func (c canonicalReference) String() string {
+	return c.Name() + "@" + c.digest.String()
+}
+
+func (c canonicalReference) Digest() digest.Digest {
+	return c.digest
+}
+
+var (
+	// alphaNumericRegexp defines the alpha numeric atom, typically a
+	// component of names. This only allows lower case characters and digits.
+	alphaNumericRegexp = match(`[a-z0-9]+`)
+
+	// separatorRegexp defines the separators allowed to be embedded in name
+	// components. This allow one period, one or two underscore and multiple
+	// dashes.
+	separatorRegexp = match(`(?:[._]|__|[-]*)`)
+
+	// nameComponentRegexp restricts registry path component names to start
+	// with at least one letter or number, with following parts able to be
+	// separated by one period, one or two underscore and multiple dashes.
+	nameComponentRegexp = expression(
+		alphaNumericRegexp,
+		optional(repeated(separatorRegexp, alphaNumericRegexp)))
+
+	// domainComponentRegexp restricts the registry domain component of a
+	// repository name to start with a component as defined by DomainRegexp
+	// and followed by an optional port.
+	domainComponentRegexp = match(`(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`)
+
+	// DomainRegexp defines the structure of potential domain components
+	// that may be part of image names. This is purposely a subset of what is
+	// allowed by DNS to ensure backwards compatibility with Docker image
+	// names.
+	DomainRegexp = expression(
+		domainComponentRegexp,
+		optional(repeated(literal(`.`), domainComponentRegexp)),
+		optional(literal(`:`), match(`[0-9]+`)))
+
+	// TagRegexp matches valid tag names. From docker/docker:graph/tags.go.
+	TagRegexp = match(`[\w][\w.-]{0,127}`)
+
+	// anchoredTagRegexp matches valid tag names, anchored at the start and
+	// end of the matched string.
+	anchoredTagRegexp = anchored(TagRegexp)
+
+	// DigestRegexp matches valid digests.
+	DigestRegexp = match(`[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`)
+
+	// anchoredDigestRegexp matches valid digests, anchored at the start and
+	// end of the matched string.
+	anchoredDigestRegexp = anchored(DigestRegexp)
+
+	// NameRegexp is the format for the name component of references. The
+	// regexp has capturing groups for the domain and name part omitting
+	// the separating forward slash from either.
+	NameRegexp = expression(
+		optional(DomainRegexp, literal(`/`)),
+		nameComponentRegexp,
+		optional(repeated(literal(`/`), nameComponentRegexp)))
+
+	// anchoredNameRegexp is used to parse a name value, capturing the
+	// domain and trailing components.
+	anchoredNameRegexp = anchored(
+		optional(capture(DomainRegexp), literal(`/`)),
+		capture(nameComponentRegexp,
+			optional(repeated(literal(`/`), nameComponentRegexp))))
+
+	// ReferenceRegexp is the full supported format of a reference. The regexp
+	// is anchored and has capturing groups for name, tag, and digest
+	// components.
+	ReferenceRegexp = anchored(capture(NameRegexp),
+		optional(literal(":"), capture(TagRegexp)),
+		optional(literal("@"), capture(DigestRegexp)))
+
+	// IdentifierRegexp is the format for string identifier used as a
+	// content addressable identifier using sha256. These identifiers
+	// are like digests without the algorithm, since sha256 is used.
+	IdentifierRegexp = match(`([a-f0-9]{64})`)
+
+	// ShortIdentifierRegexp is the format used to represent a prefix
+	// of an identifier. A prefix may be used to match a sha256 identifier
+	// within a list of trusted identifiers.
+	ShortIdentifierRegexp = match(`([a-f0-9]{6,64})`)
+
+	// anchoredIdentifierRegexp is used to check or match an
+	// identifier value, anchored at start and end of string.
+	anchoredIdentifierRegexp = anchored(IdentifierRegexp)
+)
+
+// match compiles the string to a regular expression.
+var match = regexp.MustCompile
+
+// literal compiles s into a literal regular expression, escaping any regexp
+// reserved characters.
+func literal(s string) *regexp.Regexp {
+	re := match(regexp.QuoteMeta(s))
+
+	if _, complete := re.LiteralPrefix(); !complete {
+		panic("must be a literal")
+	}
+
+	return re
+}
+
+// expression defines a full expression, where each regular expression must
+// follow the previous.
+func expression(res ...*regexp.Regexp) *regexp.Regexp {
+	var s string
+	for _, re := range res {
+		s += re.String()
+	}
+
+	return match(s)
+}
+
+// optional wraps the expression in a non-capturing group and makes the
+// production optional.
+func optional(res ...*regexp.Regexp) *regexp.Regexp {
+	return match(group(expression(res...)).String() + `?`)
+}
+
+// repeated wraps the regexp in a non-capturing group to get one or more
+// matches.
+func repeated(res ...*regexp.Regexp) *regexp.Regexp {
+	return match(group(expression(res...)).String() + `+`)
+}
+
+// group wraps the regexp in a non-capturing group.
+func group(res ...*regexp.Regexp) *regexp.Regexp {
+	return match(`(?:` + expression(res...).String() + `)`)
+}
+
+// capture wraps the expression in a capturing group.
+func capture(res ...*regexp.Regexp) *regexp.Regexp {
+	return match(`(` + expression(res...).String() + `)`)
+}
+
+// anchored anchors the regular expression by adding start and end delimiters.
+func anchored(res ...*regexp.Regexp) *regexp.Regexp {
+	return match(`^` + expression(res...).String() + `$`)
+}
+
+var (
+	legacyDefaultDomain = "index.docker.io"
+	defaultDomain       = "docker.io"
+	officialRepoName    = "library"
+	defaultTag          = "latest"
+)
+
+// normalizedNamed represents a name which has been
+// normalized and has a familiar form. A familiar name
+// is what is used in Docker UI. An example normalized
+// name is "docker.io/library/ubuntu" and corresponding
+// familiar name of "ubuntu".
+type normalizedNamed interface {
+	Named
+	Familiar() Named
+}
+
+// ParseNormalizedNamed parses a string into a named reference
+// transforming a familiar name from Docker UI to a fully
+// qualified reference. If the value may be an identifier
+// use ParseAnyReference.
+func ParseNormalizedNamed(s string) (Named, error) {
+	if ok := anchoredIdentifierRegexp.MatchString(s); ok {
+		return nil, fmt.Errorf("invalid repository name (%s), cannot specify 64-byte hexadecimal strings", s)
+	}
+	domain, remainder := splitDockerDomain(s)
+	var remoteName string
+	if tagSep := strings.IndexRune(remainder, ':'); tagSep > -1 {
+		remoteName = remainder[:tagSep]
+	} else {
+		remoteName = remainder
+	}
+	if strings.ToLower(remoteName) != remoteName {
+		return nil, errors.New("invalid reference format: repository name must be lowercase")
+	}
+
+	ref, err := Parse(domain + "/" + remainder)
+	if err != nil {
+		return nil, err
+	}
+	named, isNamed := ref.(Named)
+	if !isNamed {
+		return nil, fmt.Errorf("reference %s has no name", ref.String())
+	}
+	return named, nil
+}
+
+// ParseDockerRef normalizes the image reference following the docker convention. This is added
+// mainly for backward compatibility.
+// The reference returned can only be either tagged or digested. For reference contains both tag
+// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@
+// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as
+// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa.
+func ParseDockerRef(ref string) (Named, error) {
+	named, err := ParseNormalizedNamed(ref)
+	if err != nil {
+		return nil, err
+	}
+	if _, ok := named.(NamedTagged); ok {
+		if canonical, ok := named.(Canonical); ok {
+			// The reference is both tagged and digested, only
+			// return digested.
+			newNamed, err := WithName(canonical.Name())
+			if err != nil {
+				return nil, err
+			}
+			newCanonical, err := WithDigest(newNamed, canonical.Digest())
+			if err != nil {
+				return nil, err
+			}
+			return newCanonical, nil
+		}
+	}
+	return TagNameOnly(named), nil
+}
+
+// splitDockerDomain splits a repository name to domain and remotename string.
+// If no valid domain is found, the default domain is used. Repository name
+// needs to be already validated before.
+func splitDockerDomain(name string) (domain, remainder string) {
+	i := strings.IndexRune(name, '/')
+	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != "localhost") {
+		domain, remainder = defaultDomain, name
+	} else {
+		domain, remainder = name[:i], name[i+1:]
+	}
+	if domain == legacyDefaultDomain {
+		domain = defaultDomain
+	}
+	if domain == defaultDomain && !strings.ContainsRune(remainder, '/') {
+		remainder = officialRepoName + "/" + remainder
+	}
+	return
+}
+
+// familiarizeName returns a shortened version of the name familiar
+// to to the Docker UI. Familiar names have the default domain
+// "docker.io" and "library/" repository prefix removed.
+// For example, "docker.io/library/redis" will have the familiar
+// name "redis" and "docker.io/dmcgowan/myapp" will be "dmcgowan/myapp".
+// Returns a familiarized named only reference.
+func familiarizeName(named namedRepository) repository {
+	repo := repository{
+		domain: named.Domain(),
+		path:   named.Path(),
+	}
+
+	if repo.domain == defaultDomain {
+		repo.domain = ""
+		// Handle official repositories which have the pattern "library/<official repo name>"
+		if split := strings.Split(repo.path, "/"); len(split) == 2 && split[0] == officialRepoName {
+			repo.path = split[1]
+		}
+	}
+	return repo
+}
+
+func (r reference) Familiar() Named {
+	return reference{
+		namedRepository: familiarizeName(r.namedRepository),
+		tag:             r.tag,
+		digest:          r.digest,
+	}
+}
+
+func (r repository) Familiar() Named {
+	return familiarizeName(r)
+}
+
+func (t taggedReference) Familiar() Named {
+	return taggedReference{
+		namedRepository: familiarizeName(t.namedRepository),
+		tag:             t.tag,
+	}
+}
+
+func (c canonicalReference) Familiar() Named {
+	return canonicalReference{
+		namedRepository: familiarizeName(c.namedRepository),
+		digest:          c.digest,
+	}
+}
+
+// TagNameOnly adds the default tag "latest" to a reference if it only has
+// a repo name.
+func TagNameOnly(ref Named) Named {
+	if IsNameOnly(ref) {
+		namedTagged, err := WithTag(ref, defaultTag)
+		if err != nil {
+			// Default tag must be valid, to create a NamedTagged
+			// type with non-validated input the WithTag function
+			// should be used instead
+			panic(err)
+		}
+		return namedTagged
+	}
+	return ref
+}
+
+// ParseAnyReference parses a reference string as a possible identifier,
+// full digest, or familiar name.
+func ParseAnyReference(ref string) (Reference, error) {
+	if ok := anchoredIdentifierRegexp.MatchString(ref); ok {
+		return digestReference("sha256:" + ref), nil
+	}
+	if dgst, err := digest.Parse(ref); err == nil {
+		return digestReference(dgst), nil
+	}
+
+	return ParseNormalizedNamed(ref)
+}
+
+// IsNameOnly returns true if reference only contains a repo name.
+func IsNameOnly(ref Named) bool {
+	if _, ok := ref.(NamedTagged); ok {
+		return false
+	}
+	if _, ok := ref.(Canonical); ok {
+		return false
+	}
+	return true
+}
+
+// FamiliarName returns the familiar name string
+// for the given named, familiarizing if needed.
+func FamiliarName(ref Named) string {
+	if nn, ok := ref.(normalizedNamed); ok {
+		return nn.Familiar().Name()
+	}
+	return ref.Name()
+}
+
+// FamiliarString returns the familiar string representation
+// for the given reference, familiarizing if needed.
+func FamiliarString(ref Reference) string {
+	if nn, ok := ref.(normalizedNamed); ok {
+		return nn.Familiar().String()
+	}
+	return ref.String()
+}
+
+// FamiliarMatch reports whether ref matches the specified pattern.
+// See https://godoc.org/path#Match for supported patterns.
+func FamiliarMatch(pattern string, ref Reference) (bool, error) {
+	matched, err := path.Match(pattern, FamiliarString(ref))
+	if namedRef, isNamed := ref.(Named); isNamed && !matched {
+		matched, _ = path.Match(pattern, FamiliarName(namedRef))
+	}
+	return matched, err
+}
diff --git a/vendor/github.com/containerd/containerd/reference/reference.go b/vendor/github.com/containerd/containerd/reference/reference.go
index 79f165de02656..a4bf6da6019a7 100644
--- a/vendor/github.com/containerd/containerd/reference/reference.go
+++ b/vendor/github.com/containerd/containerd/reference/reference.go
@@ -85,6 +85,10 @@ var splitRe = regexp.MustCompile(`[:@]`)
 
 // Parse parses the string into a structured ref.
 func Parse(s string) (Spec, error) {
+	if strings.Contains(s, "://") {
+		return Spec{}, ErrInvalid
+	}
+
 	u, err := url.Parse("dummy://" + s)
 	if err != nil {
 		return Spec{}, err
@@ -124,7 +128,7 @@ func (r Spec) Hostname() string {
 	i := strings.Index(r.Locator, "/")
 
 	if i < 0 {
-		i = len(r.Locator) + 1
+		return r.Locator
 	}
 	return r.Locator[:i]
 }
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/auth.go b/vendor/github.com/containerd/containerd/remotes/docker/auth.go
deleted file mode 100644
index 80bcb9dcf76a7..0000000000000
--- a/vendor/github.com/containerd/containerd/remotes/docker/auth.go
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package docker
-
-import (
-	"net/http"
-	"sort"
-	"strings"
-)
-
-type authenticationScheme byte
-
-const (
-	basicAuth  authenticationScheme = 1 << iota // Defined in RFC 7617
-	digestAuth                                  // Defined in RFC 7616
-	bearerAuth                                  // Defined in RFC 6750
-)
-
-// challenge carries information from a WWW-Authenticate response header.
-// See RFC 2617.
-type challenge struct {
-	// scheme is the auth-scheme according to RFC 2617
-	scheme authenticationScheme
-
-	// parameters are the auth-params according to RFC 2617
-	parameters map[string]string
-}
-
-type byScheme []challenge
-
-func (bs byScheme) Len() int      { return len(bs) }
-func (bs byScheme) Swap(i, j int) { bs[i], bs[j] = bs[j], bs[i] }
-
-// Sort in priority order: token > digest > basic
-func (bs byScheme) Less(i, j int) bool { return bs[i].scheme > bs[j].scheme }
-
-// Octet types from RFC 2616.
-type octetType byte
-
-var octetTypes [256]octetType
-
-const (
-	isToken octetType = 1 << iota
-	isSpace
-)
-
-func init() {
-	// OCTET      = <any 8-bit sequence of data>
-	// CHAR       = <any US-ASCII character (octets 0 - 127)>
-	// CTL        = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
-	// CR         = <US-ASCII CR, carriage return (13)>
-	// LF         = <US-ASCII LF, linefeed (10)>
-	// SP         = <US-ASCII SP, space (32)>
-	// HT         = <US-ASCII HT, horizontal-tab (9)>
-	// <">        = <US-ASCII double-quote mark (34)>
-	// CRLF       = CR LF
-	// LWS        = [CRLF] 1*( SP | HT )
-	// TEXT       = <any OCTET except CTLs, but including LWS>
-	// separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <">
-	//              | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT
-	// token      = 1*<any CHAR except CTLs or separators>
-	// qdtext     = <any TEXT except <">>
-
-	for c := 0; c < 256; c++ {
-		var t octetType
-		isCtl := c <= 31 || c == 127
-		isChar := 0 <= c && c <= 127
-		isSeparator := strings.IndexRune(" \t\"(),/:;<=>?@[]\\{}", rune(c)) >= 0
-		if strings.IndexRune(" \t\r\n", rune(c)) >= 0 {
-			t |= isSpace
-		}
-		if isChar && !isCtl && !isSeparator {
-			t |= isToken
-		}
-		octetTypes[c] = t
-	}
-}
-
-func parseAuthHeader(header http.Header) []challenge {
-	challenges := []challenge{}
-	for _, h := range header[http.CanonicalHeaderKey("WWW-Authenticate")] {
-		v, p := parseValueAndParams(h)
-		var s authenticationScheme
-		switch v {
-		case "basic":
-			s = basicAuth
-		case "digest":
-			s = digestAuth
-		case "bearer":
-			s = bearerAuth
-		default:
-			continue
-		}
-		challenges = append(challenges, challenge{scheme: s, parameters: p})
-	}
-	sort.Stable(byScheme(challenges))
-	return challenges
-}
-
-func parseValueAndParams(header string) (value string, params map[string]string) {
-	params = make(map[string]string)
-	value, s := expectToken(header)
-	if value == "" {
-		return
-	}
-	value = strings.ToLower(value)
-	for {
-		var pkey string
-		pkey, s = expectToken(skipSpace(s))
-		if pkey == "" {
-			return
-		}
-		if !strings.HasPrefix(s, "=") {
-			return
-		}
-		var pvalue string
-		pvalue, s = expectTokenOrQuoted(s[1:])
-		if pvalue == "" {
-			return
-		}
-		pkey = strings.ToLower(pkey)
-		params[pkey] = pvalue
-		s = skipSpace(s)
-		if !strings.HasPrefix(s, ",") {
-			return
-		}
-		s = s[1:]
-	}
-}
-
-func skipSpace(s string) (rest string) {
-	i := 0
-	for ; i < len(s); i++ {
-		if octetTypes[s[i]]&isSpace == 0 {
-			break
-		}
-	}
-	return s[i:]
-}
-
-func expectToken(s string) (token, rest string) {
-	i := 0
-	for ; i < len(s); i++ {
-		if octetTypes[s[i]]&isToken == 0 {
-			break
-		}
-	}
-	return s[:i], s[i:]
-}
-
-func expectTokenOrQuoted(s string) (value string, rest string) {
-	if !strings.HasPrefix(s, "\"") {
-		return expectToken(s)
-	}
-	s = s[1:]
-	for i := 0; i < len(s); i++ {
-		switch s[i] {
-		case '"':
-			return s[:i], s[i+1:]
-		case '\\':
-			p := make([]byte, len(s)-1)
-			j := copy(p, s[:i])
-			escape := true
-			for i = i + 1; i < len(s); i++ {
-				b := s[i]
-				switch {
-				case escape:
-					escape = false
-					p[j] = b
-					j++
-				case b == '\\':
-					escape = true
-				case b == '"':
-					return string(p[:j]), s[i+1:]
-				default:
-					p[j] = b
-					j++
-				}
-			}
-			return "", ""
-		}
-	}
-	return "", ""
-}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go b/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go
new file mode 100644
index 0000000000000..8b0a87e755fc8
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go
@@ -0,0 +1,209 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/containerd/containerd/log"
+	remoteserrors "github.com/containerd/containerd/remotes/errors"
+	"github.com/containerd/containerd/version"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context/ctxhttp"
+)
+
+var (
+	// ErrNoToken is returned if a request is successful but the body does not
+	// contain an authorization token.
+	ErrNoToken = errors.New("authorization server did not include a token in the response")
+)
+
+// GenerateTokenOptions generates options for fetching a token based on a challenge
+func GenerateTokenOptions(ctx context.Context, host, username, secret string, c Challenge) (TokenOptions, error) {
+	realm, ok := c.Parameters["realm"]
+	if !ok {
+		return TokenOptions{}, errors.New("no realm specified for token auth challenge")
+	}
+
+	realmURL, err := url.Parse(realm)
+	if err != nil {
+		return TokenOptions{}, errors.Wrap(err, "invalid token auth challenge realm")
+	}
+
+	to := TokenOptions{
+		Realm:    realmURL.String(),
+		Service:  c.Parameters["service"],
+		Username: username,
+		Secret:   secret,
+	}
+
+	scope, ok := c.Parameters["scope"]
+	if ok {
+		to.Scopes = append(to.Scopes, scope)
+	} else {
+		log.G(ctx).WithField("host", host).Debug("no scope specified for token auth challenge")
+	}
+
+	return to, nil
+}
+
+// TokenOptions are options for requesting a token
+type TokenOptions struct {
+	Realm    string
+	Service  string
+	Scopes   []string
+	Username string
+	Secret   string
+}
+
+// OAuthTokenResponse is response from fetching token with a OAuth POST request
+type OAuthTokenResponse struct {
+	AccessToken  string    `json:"access_token"`
+	RefreshToken string    `json:"refresh_token"`
+	ExpiresIn    int       `json:"expires_in"`
+	IssuedAt     time.Time `json:"issued_at"`
+	Scope        string    `json:"scope"`
+}
+
+// FetchTokenWithOAuth fetches a token using a POST request
+func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http.Header, clientID string, to TokenOptions) (*OAuthTokenResponse, error) {
+	form := url.Values{}
+	if len(to.Scopes) > 0 {
+		form.Set("scope", strings.Join(to.Scopes, " "))
+	}
+	form.Set("service", to.Service)
+	form.Set("client_id", clientID)
+
+	if to.Username == "" {
+		form.Set("grant_type", "refresh_token")
+		form.Set("refresh_token", to.Secret)
+	} else {
+		form.Set("grant_type", "password")
+		form.Set("username", to.Username)
+		form.Set("password", to.Secret)
+	}
+
+	req, err := http.NewRequest("POST", to.Realm, strings.NewReader(form.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
+	for k, v := range headers {
+		req.Header[k] = append(req.Header[k], v...)
+	}
+	if len(req.Header.Get("User-Agent")) == 0 {
+		req.Header.Set("User-Agent", "containerd/"+version.Version)
+	}
+
+	resp, err := ctxhttp.Do(ctx, client, req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
+		return nil, errors.WithStack(remoteserrors.NewUnexpectedStatusErr(resp))
+	}
+
+	decoder := json.NewDecoder(resp.Body)
+
+	var tr OAuthTokenResponse
+	if err = decoder.Decode(&tr); err != nil {
+		return nil, errors.Wrap(err, "unable to decode token response")
+	}
+
+	if tr.AccessToken == "" {
+		return nil, errors.WithStack(ErrNoToken)
+	}
+
+	return &tr, nil
+}
+
+// FetchTokenResponse is response from fetching token with GET request
+type FetchTokenResponse struct {
+	Token        string    `json:"token"`
+	AccessToken  string    `json:"access_token"`
+	ExpiresIn    int       `json:"expires_in"`
+	IssuedAt     time.Time `json:"issued_at"`
+	RefreshToken string    `json:"refresh_token"`
+}
+
+// FetchToken fetches a token using a GET request
+func FetchToken(ctx context.Context, client *http.Client, headers http.Header, to TokenOptions) (*FetchTokenResponse, error) {
+	req, err := http.NewRequest("GET", to.Realm, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range headers {
+		req.Header[k] = append(req.Header[k], v...)
+	}
+	if len(req.Header.Get("User-Agent")) == 0 {
+		req.Header.Set("User-Agent", "containerd/"+version.Version)
+	}
+
+	reqParams := req.URL.Query()
+
+	if to.Service != "" {
+		reqParams.Add("service", to.Service)
+	}
+
+	for _, scope := range to.Scopes {
+		reqParams.Add("scope", scope)
+	}
+
+	if to.Secret != "" {
+		req.SetBasicAuth(to.Username, to.Secret)
+	}
+
+	req.URL.RawQuery = reqParams.Encode()
+
+	resp, err := ctxhttp.Do(ctx, client, req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
+		return nil, errors.WithStack(remoteserrors.NewUnexpectedStatusErr(resp))
+	}
+
+	decoder := json.NewDecoder(resp.Body)
+
+	var tr FetchTokenResponse
+	if err = decoder.Decode(&tr); err != nil {
+		return nil, errors.Wrap(err, "unable to decode token response")
+	}
+
+	// `access_token` is equivalent to `token` and if both are specified
+	// the choice is undefined.  Canonicalize `access_token` by sticking
+	// things in `token`.
+	if tr.AccessToken != "" {
+		tr.Token = tr.AccessToken
+	}
+
+	if tr.Token == "" {
+		return nil, errors.WithStack(ErrNoToken)
+	}
+
+	return &tr, nil
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/auth/parse.go b/vendor/github.com/containerd/containerd/remotes/docker/auth/parse.go
new file mode 100644
index 0000000000000..223fa2d0524f0
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/remotes/docker/auth/parse.go
@@ -0,0 +1,203 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package auth
+
+import (
+	"net/http"
+	"sort"
+	"strings"
+)
+
+// AuthenticationScheme defines scheme of the authentication method
+type AuthenticationScheme byte
+
+const (
+	// BasicAuth is scheme for Basic HTTP Authentication RFC 7617
+	BasicAuth AuthenticationScheme = 1 << iota
+	// DigestAuth is scheme for HTTP Digest Access Authentication RFC 7616
+	DigestAuth
+	// BearerAuth is scheme for OAuth 2.0 Bearer Tokens RFC 6750
+	BearerAuth
+)
+
+// Challenge carries information from a WWW-Authenticate response header.
+// See RFC 2617.
+type Challenge struct {
+	// scheme is the auth-scheme according to RFC 2617
+	Scheme AuthenticationScheme
+
+	// parameters are the auth-params according to RFC 2617
+	Parameters map[string]string
+}
+
+type byScheme []Challenge
+
+func (bs byScheme) Len() int      { return len(bs) }
+func (bs byScheme) Swap(i, j int) { bs[i], bs[j] = bs[j], bs[i] }
+
+// Sort in priority order: token > digest > basic
+func (bs byScheme) Less(i, j int) bool { return bs[i].Scheme > bs[j].Scheme }
+
+// Octet types from RFC 2616.
+type octetType byte
+
+var octetTypes [256]octetType
+
+const (
+	isToken octetType = 1 << iota
+	isSpace
+)
+
+func init() {
+	// OCTET      = <any 8-bit sequence of data>
+	// CHAR       = <any US-ASCII character (octets 0 - 127)>
+	// CTL        = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
+	// CR         = <US-ASCII CR, carriage return (13)>
+	// LF         = <US-ASCII LF, linefeed (10)>
+	// SP         = <US-ASCII SP, space (32)>
+	// HT         = <US-ASCII HT, horizontal-tab (9)>
+	// <">        = <US-ASCII double-quote mark (34)>
+	// CRLF       = CR LF
+	// LWS        = [CRLF] 1*( SP | HT )
+	// TEXT       = <any OCTET except CTLs, but including LWS>
+	// separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <">
+	//              | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT
+	// token      = 1*<any CHAR except CTLs or separators>
+	// qdtext     = <any TEXT except <">>
+
+	for c := 0; c < 256; c++ {
+		var t octetType
+		isCtl := c <= 31 || c == 127
+		isChar := 0 <= c && c <= 127
+		isSeparator := strings.ContainsRune(" \t\"(),/:;<=>?@[]\\{}", rune(c))
+		if strings.ContainsRune(" \t\r\n", rune(c)) {
+			t |= isSpace
+		}
+		if isChar && !isCtl && !isSeparator {
+			t |= isToken
+		}
+		octetTypes[c] = t
+	}
+}
+
+// ParseAuthHeader parses challenges from WWW-Authenticate header
+func ParseAuthHeader(header http.Header) []Challenge {
+	challenges := []Challenge{}
+	for _, h := range header[http.CanonicalHeaderKey("WWW-Authenticate")] {
+		v, p := parseValueAndParams(h)
+		var s AuthenticationScheme
+		switch v {
+		case "basic":
+			s = BasicAuth
+		case "digest":
+			s = DigestAuth
+		case "bearer":
+			s = BearerAuth
+		default:
+			continue
+		}
+		challenges = append(challenges, Challenge{Scheme: s, Parameters: p})
+	}
+	sort.Stable(byScheme(challenges))
+	return challenges
+}
+
+func parseValueAndParams(header string) (value string, params map[string]string) {
+	params = make(map[string]string)
+	value, s := expectToken(header)
+	if value == "" {
+		return
+	}
+	value = strings.ToLower(value)
+	for {
+		var pkey string
+		pkey, s = expectToken(skipSpace(s))
+		if pkey == "" {
+			return
+		}
+		if !strings.HasPrefix(s, "=") {
+			return
+		}
+		var pvalue string
+		pvalue, s = expectTokenOrQuoted(s[1:])
+		if pvalue == "" {
+			return
+		}
+		pkey = strings.ToLower(pkey)
+		params[pkey] = pvalue
+		s = skipSpace(s)
+		if !strings.HasPrefix(s, ",") {
+			return
+		}
+		s = s[1:]
+	}
+}
+
+func skipSpace(s string) (rest string) {
+	i := 0
+	for ; i < len(s); i++ {
+		if octetTypes[s[i]]&isSpace == 0 {
+			break
+		}
+	}
+	return s[i:]
+}
+
+func expectToken(s string) (token, rest string) {
+	i := 0
+	for ; i < len(s); i++ {
+		if octetTypes[s[i]]&isToken == 0 {
+			break
+		}
+	}
+	return s[:i], s[i:]
+}
+
+func expectTokenOrQuoted(s string) (value string, rest string) {
+	if !strings.HasPrefix(s, "\"") {
+		return expectToken(s)
+	}
+	s = s[1:]
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '"':
+			return s[:i], s[i+1:]
+		case '\\':
+			p := make([]byte, len(s)-1)
+			j := copy(p, s[:i])
+			escape := true
+			for i = i + 1; i < len(s); i++ {
+				b := s[i]
+				switch {
+				case escape:
+					escape = false
+					p[j] = b
+					j++
+				case b == '\\':
+					escape = true
+				case b == '"':
+					return string(p[:j]), s[i+1:]
+				default:
+					p[j] = b
+					j++
+				}
+			}
+			return "", ""
+		}
+	}
+	return "", ""
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go
index bb691f183f8a6..67e4aea8da8f5 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go
@@ -19,281 +19,297 @@ package docker
 import (
 	"context"
 	"encoding/base64"
-	"encoding/json"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"net/http"
-	"net/url"
 	"strings"
 	"sync"
-	"time"
 
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/remotes/docker/auth"
+	remoteerrors "github.com/containerd/containerd/remotes/errors"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context/ctxhttp"
 )
 
 type dockerAuthorizer struct {
 	credentials func(string) (string, string, error)
 
 	client *http.Client
+	header http.Header
 	mu     sync.Mutex
 
-	auth map[string]string
+	// indexed by host name
+	handlers map[string]*authHandler
 }
 
 // NewAuthorizer creates a Docker authorizer using the provided function to
 // get credentials for the token server or basic auth.
+// Deprecated: Use NewDockerAuthorizer
 func NewAuthorizer(client *http.Client, f func(string) (string, string, error)) Authorizer {
-	if client == nil {
-		client = http.DefaultClient
+	return NewDockerAuthorizer(WithAuthClient(client), WithAuthCreds(f))
+}
+
+type authorizerConfig struct {
+	credentials func(string) (string, string, error)
+	client      *http.Client
+	header      http.Header
+}
+
+// AuthorizerOpt configures an authorizer
+type AuthorizerOpt func(*authorizerConfig)
+
+// WithAuthClient provides the HTTP client for the authorizer
+func WithAuthClient(client *http.Client) AuthorizerOpt {
+	return func(opt *authorizerConfig) {
+		opt.client = client
+	}
+}
+
+// WithAuthCreds provides a credential function to the authorizer
+func WithAuthCreds(creds func(string) (string, string, error)) AuthorizerOpt {
+	return func(opt *authorizerConfig) {
+		opt.credentials = creds
+	}
+}
+
+// WithAuthHeader provides HTTP headers for authorization
+func WithAuthHeader(hdr http.Header) AuthorizerOpt {
+	return func(opt *authorizerConfig) {
+		opt.header = hdr
 	}
+}
+
+// NewDockerAuthorizer creates an authorizer using Docker's registry
+// authentication spec.
+// See https://docs.docker.com/registry/spec/auth/
+func NewDockerAuthorizer(opts ...AuthorizerOpt) Authorizer {
+	var ao authorizerConfig
+	for _, opt := range opts {
+		opt(&ao)
+	}
+
+	if ao.client == nil {
+		ao.client = http.DefaultClient
+	}
+
 	return &dockerAuthorizer{
-		credentials: f,
-		client:      client,
-		auth:        map[string]string{},
+		credentials: ao.credentials,
+		client:      ao.client,
+		header:      ao.header,
+		handlers:    make(map[string]*authHandler),
 	}
 }
 
+// Authorize handles auth request.
 func (a *dockerAuthorizer) Authorize(ctx context.Context, req *http.Request) error {
-	// TODO: Lookup matching challenge and scope rather than just host
-	if auth := a.getAuth(req.URL.Host); auth != "" {
-		req.Header.Set("Authorization", auth)
+	// skip if there is no auth handler
+	ah := a.getAuthHandler(req.URL.Host)
+	if ah == nil {
+		return nil
 	}
 
+	auth, err := ah.authorize(ctx)
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Authorization", auth)
 	return nil
 }
 
+func (a *dockerAuthorizer) getAuthHandler(host string) *authHandler {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+
+	return a.handlers[host]
+}
+
 func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.Response) error {
 	last := responses[len(responses)-1]
 	host := last.Request.URL.Host
-	for _, c := range parseAuthHeader(last.Header) {
-		if c.scheme == bearerAuth {
+
+	a.mu.Lock()
+	defer a.mu.Unlock()
+	for _, c := range auth.ParseAuthHeader(last.Header) {
+		if c.Scheme == auth.BearerAuth {
 			if err := invalidAuthorization(c, responses); err != nil {
-				// TODO: Clear token
-				a.setAuth(host, "")
+				delete(a.handlers, host)
 				return err
 			}
 
-			// TODO(dmcg): Store challenge, not token
-			// Move token fetching to authorize
-			if err := a.setTokenAuth(ctx, host, c.parameters); err != nil {
+			// reuse existing handler
+			//
+			// assume that one registry will return the common
+			// challenge information, including realm and service.
+			// and the resource scope is only different part
+			// which can be provided by each request.
+			if _, ok := a.handlers[host]; ok {
+				return nil
+			}
+
+			var username, secret string
+			if a.credentials != nil {
+				var err error
+				username, secret, err = a.credentials(host)
+				if err != nil {
+					return err
+				}
+			}
+
+			common, err := auth.GenerateTokenOptions(ctx, host, username, secret, c)
+			if err != nil {
 				return err
 			}
 
+			a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, common)
 			return nil
-		} else if c.scheme == basicAuth {
-			// TODO: Resolve credentials on authorize
+		} else if c.Scheme == auth.BasicAuth && a.credentials != nil {
 			username, secret, err := a.credentials(host)
 			if err != nil {
 				return err
 			}
+
 			if username != "" && secret != "" {
-				auth := username + ":" + secret
-				a.setAuth(host, fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(auth))))
+				common := auth.TokenOptions{
+					Username: username,
+					Secret:   secret,
+				}
+
+				a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, common)
 				return nil
 			}
 		}
 	}
-
 	return errors.Wrap(errdefs.ErrNotImplemented, "failed to find supported auth scheme")
 }
 
-func (a *dockerAuthorizer) getAuth(host string) string {
-	a.mu.Lock()
-	defer a.mu.Unlock()
-
-	return a.auth[host]
-}
-
-func (a *dockerAuthorizer) setAuth(host string, auth string) bool {
-	a.mu.Lock()
-	defer a.mu.Unlock()
-
-	changed := a.auth[host] != auth
-	a.auth[host] = auth
-
-	return changed
+// authResult is used to control limit rate.
+type authResult struct {
+	sync.WaitGroup
+	token string
+	err   error
 }
 
-func (a *dockerAuthorizer) setTokenAuth(ctx context.Context, host string, params map[string]string) error {
-	realm, ok := params["realm"]
-	if !ok {
-		return errors.New("no realm specified for token auth challenge")
-	}
-
-	realmURL, err := url.Parse(realm)
-	if err != nil {
-		return errors.Wrap(err, "invalid token auth challenge realm")
-	}
-
-	to := tokenOptions{
-		realm:   realmURL.String(),
-		service: params["service"],
-	}
+// authHandler is used to handle auth request per registry server.
+type authHandler struct {
+	sync.Mutex
 
-	to.scopes = getTokenScopes(ctx, params)
-	if len(to.scopes) == 0 {
-		return errors.Errorf("no scope specified for token auth challenge")
-	}
+	header http.Header
 
-	if a.credentials != nil {
-		to.username, to.secret, err = a.credentials(host)
-		if err != nil {
-			return err
-		}
-	}
-
-	var token string
-	if to.secret != "" {
-		// Credential information is provided, use oauth POST endpoint
-		token, err = a.fetchTokenWithOAuth(ctx, to)
-		if err != nil {
-			return errors.Wrap(err, "failed to fetch oauth token")
-		}
-	} else {
-		// Do request anonymously
-		token, err = a.fetchToken(ctx, to)
-		if err != nil {
-			return errors.Wrap(err, "failed to fetch anonymous token")
-		}
-	}
-	a.setAuth(host, fmt.Sprintf("Bearer %s", token))
+	client *http.Client
 
-	return nil
-}
+	// only support basic and bearer schemes
+	scheme auth.AuthenticationScheme
 
-type tokenOptions struct {
-	realm    string
-	service  string
-	scopes   []string
-	username string
-	secret   string
-}
+	// common contains common challenge answer
+	common auth.TokenOptions
 
-type postTokenResponse struct {
-	AccessToken  string    `json:"access_token"`
-	RefreshToken string    `json:"refresh_token"`
-	ExpiresIn    int       `json:"expires_in"`
-	IssuedAt     time.Time `json:"issued_at"`
-	Scope        string    `json:"scope"`
+	// scopedTokens caches token indexed by scopes, which used in
+	// bearer auth case
+	scopedTokens map[string]*authResult
 }
 
-func (a *dockerAuthorizer) fetchTokenWithOAuth(ctx context.Context, to tokenOptions) (string, error) {
-	form := url.Values{}
-	form.Set("scope", strings.Join(to.scopes, " "))
-	form.Set("service", to.service)
-	// TODO: Allow setting client_id
-	form.Set("client_id", "containerd-client")
-
-	if to.username == "" {
-		form.Set("grant_type", "refresh_token")
-		form.Set("refresh_token", to.secret)
-	} else {
-		form.Set("grant_type", "password")
-		form.Set("username", to.username)
-		form.Set("password", to.secret)
+func newAuthHandler(client *http.Client, hdr http.Header, scheme auth.AuthenticationScheme, opts auth.TokenOptions) *authHandler {
+	return &authHandler{
+		header:       hdr,
+		client:       client,
+		scheme:       scheme,
+		common:       opts,
+		scopedTokens: map[string]*authResult{},
 	}
+}
 
-	resp, err := ctxhttp.PostForm(ctx, a.client, to.realm, form)
-	if err != nil {
-		return "", err
-	}
-	defer resp.Body.Close()
-
-	// Registries without support for POST may return 404 for POST /v2/token.
-	// As of September 2017, GCR is known to return 404.
-	// As of February 2018, JFrog Artifactory is known to return 401.
-	if (resp.StatusCode == 405 && to.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 {
-		return a.fetchToken(ctx, to)
-	} else if resp.StatusCode < 200 || resp.StatusCode >= 400 {
-		b, _ := ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB
-		log.G(ctx).WithFields(logrus.Fields{
-			"status": resp.Status,
-			"body":   string(b),
-		}).Debugf("token request failed")
-		// TODO: handle error body and write debug output
-		return "", errors.Errorf("unexpected status: %s", resp.Status)
+func (ah *authHandler) authorize(ctx context.Context) (string, error) {
+	switch ah.scheme {
+	case auth.BasicAuth:
+		return ah.doBasicAuth(ctx)
+	case auth.BearerAuth:
+		return ah.doBearerAuth(ctx)
+	default:
+		return "", errors.Wrapf(errdefs.ErrNotImplemented, "failed to find supported auth scheme: %s", string(ah.scheme))
 	}
+}
 
-	decoder := json.NewDecoder(resp.Body)
+func (ah *authHandler) doBasicAuth(ctx context.Context) (string, error) {
+	username, secret := ah.common.Username, ah.common.Secret
 
-	var tr postTokenResponse
-	if err = decoder.Decode(&tr); err != nil {
-		return "", fmt.Errorf("unable to decode token response: %s", err)
+	if username == "" || secret == "" {
+		return "", fmt.Errorf("failed to handle basic auth because missing username or secret")
 	}
 
-	return tr.AccessToken, nil
+	auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + secret))
+	return fmt.Sprintf("Basic %s", auth), nil
 }
 
-type getTokenResponse struct {
-	Token        string    `json:"token"`
-	AccessToken  string    `json:"access_token"`
-	ExpiresIn    int       `json:"expires_in"`
-	IssuedAt     time.Time `json:"issued_at"`
-	RefreshToken string    `json:"refresh_token"`
-}
-
-// getToken fetches a token using a GET request
-func (a *dockerAuthorizer) fetchToken(ctx context.Context, to tokenOptions) (string, error) {
-	req, err := http.NewRequest("GET", to.realm, nil)
-	if err != nil {
-		return "", err
-	}
+func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err error) {
+	// copy common tokenOptions
+	to := ah.common
 
-	reqParams := req.URL.Query()
+	to.Scopes = GetTokenScopes(ctx, to.Scopes)
 
-	if to.service != "" {
-		reqParams.Add("service", to.service)
-	}
+	// Docs: https://docs.docker.com/registry/spec/auth/scope
+	scoped := strings.Join(to.Scopes, " ")
 
-	for _, scope := range to.scopes {
-		reqParams.Add("scope", scope)
+	ah.Lock()
+	if r, exist := ah.scopedTokens[scoped]; exist {
+		ah.Unlock()
+		r.Wait()
+		return r.token, r.err
 	}
 
-	if to.secret != "" {
-		req.SetBasicAuth(to.username, to.secret)
+	// only one fetch token job
+	r := new(authResult)
+	r.Add(1)
+	ah.scopedTokens[scoped] = r
+	ah.Unlock()
+
+	defer func() {
+		token = fmt.Sprintf("Bearer %s", token)
+		r.token, r.err = token, err
+		r.Done()
+	}()
+
+	// fetch token for the resource scope
+	if to.Secret != "" {
+		defer func() {
+			err = errors.Wrap(err, "failed to fetch oauth token")
+		}()
+		// credential information is provided, use oauth POST endpoint
+		// TODO: Allow setting client_id
+		resp, err := auth.FetchTokenWithOAuth(ctx, ah.client, ah.header, "containerd-client", to)
+		if err != nil {
+			var errStatus remoteerrors.ErrUnexpectedStatus
+			if errors.As(err, &errStatus) {
+				// Registries without support for POST may return 404 for POST /v2/token.
+				// As of September 2017, GCR is known to return 404.
+				// As of February 2018, JFrog Artifactory is known to return 401.
+				if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 {
+					resp, err := auth.FetchToken(ctx, ah.client, ah.header, to)
+					if err != nil {
+						return "", err
+					}
+					return resp.Token, nil
+				}
+				log.G(ctx).WithFields(logrus.Fields{
+					"status": errStatus.Status,
+					"body":   string(errStatus.Body),
+				}).Debugf("token request failed")
+			}
+			return "", err
+		}
+		return resp.AccessToken, nil
 	}
-
-	req.URL.RawQuery = reqParams.Encode()
-
-	resp, err := ctxhttp.Do(ctx, a.client, req)
+	// do request anonymously
+	resp, err := auth.FetchToken(ctx, ah.client, ah.header, to)
 	if err != nil {
-		return "", err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
-		// TODO: handle error body and write debug output
-		return "", errors.Errorf("unexpected status: %s", resp.Status)
-	}
-
-	decoder := json.NewDecoder(resp.Body)
-
-	var tr getTokenResponse
-	if err = decoder.Decode(&tr); err != nil {
-		return "", fmt.Errorf("unable to decode token response: %s", err)
+		return "", errors.Wrap(err, "failed to fetch anonymous token")
 	}
-
-	// `access_token` is equivalent to `token` and if both are specified
-	// the choice is undefined.  Canonicalize `access_token` by sticking
-	// things in `token`.
-	if tr.AccessToken != "" {
-		tr.Token = tr.AccessToken
-	}
-
-	if tr.Token == "" {
-		return "", ErrNoToken
-	}
-
-	return tr.Token, nil
+	return resp.Token, nil
 }
 
-func invalidAuthorization(c challenge, responses []*http.Response) error {
-	errStr := c.parameters["error"]
+func invalidAuthorization(c auth.Challenge, responses []*http.Response) error {
+	errStr := c.Parameters["error"]
 	if errStr == "" {
 		return nil
 	}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/converter.go b/vendor/github.com/containerd/containerd/remotes/docker/converter.go
new file mode 100644
index 0000000000000..43e6b372c12bb
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/remotes/docker/converter.go
@@ -0,0 +1,88 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package docker
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/remotes"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+// LegacyConfigMediaType should be replaced by OCI image spec.
+//
+// More detail: docker/distribution#1622
+const LegacyConfigMediaType = "application/octet-stream"
+
+// ConvertManifest changes application/octet-stream to schema2 config media type if need.
+//
+// NOTE:
+// 1. original manifest will be deleted by next gc round.
+// 2. don't cover manifest list.
+func ConvertManifest(ctx context.Context, store content.Store, desc ocispec.Descriptor) (ocispec.Descriptor, error) {
+	if !(desc.MediaType == images.MediaTypeDockerSchema2Manifest ||
+		desc.MediaType == ocispec.MediaTypeImageManifest) {
+
+		log.G(ctx).Warnf("do nothing for media type: %s", desc.MediaType)
+		return desc, nil
+	}
+
+	// read manifest data
+	mb, err := content.ReadBlob(ctx, store, desc)
+	if err != nil {
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to read index data")
+	}
+
+	var manifest ocispec.Manifest
+	if err := json.Unmarshal(mb, &manifest); err != nil {
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to unmarshal data into manifest")
+	}
+
+	// check config media type
+	if manifest.Config.MediaType != LegacyConfigMediaType {
+		return desc, nil
+	}
+
+	manifest.Config.MediaType = images.MediaTypeDockerSchema2Config
+	data, err := json.MarshalIndent(manifest, "", "   ")
+	if err != nil {
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to marshal manifest")
+	}
+
+	// update manifest with gc labels
+	desc.Digest = digest.Canonical.FromBytes(data)
+	desc.Size = int64(len(data))
+
+	labels := map[string]string{}
+	for i, c := range append([]ocispec.Descriptor{manifest.Config}, manifest.Layers...) {
+		labels[fmt.Sprintf("containerd.io/gc.ref.content.%d", i)] = c.Digest.String()
+	}
+
+	ref := remotes.MakeRefKey(ctx, desc)
+	if err := content.WriteBlob(ctx, store, ref, bytes.NewReader(data), desc, content.WithLabels(labels)); err != nil {
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to update content")
+	}
+	return desc, nil
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/errcode.go b/vendor/github.com/containerd/containerd/remotes/docker/errcode.go
new file mode 100644
index 0000000000000..8c623bcbef729
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/remotes/docker/errcode.go
@@ -0,0 +1,283 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package docker
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+// ErrorCoder is the base interface for ErrorCode and Error allowing
+// users of each to just call ErrorCode to get the real ID of each
+type ErrorCoder interface {
+	ErrorCode() ErrorCode
+}
+
+// ErrorCode represents the error type. The errors are serialized via strings
+// and the integer format may change and should *never* be exported.
+type ErrorCode int
+
+var _ error = ErrorCode(0)
+
+// ErrorCode just returns itself
+func (ec ErrorCode) ErrorCode() ErrorCode {
+	return ec
+}
+
+// Error returns the ID/Value
+func (ec ErrorCode) Error() string {
+	// NOTE(stevvooe): Cannot use message here since it may have unpopulated args.
+	return strings.ToLower(strings.Replace(ec.String(), "_", " ", -1))
+}
+
+// Descriptor returns the descriptor for the error code.
+func (ec ErrorCode) Descriptor() ErrorDescriptor {
+	d, ok := errorCodeToDescriptors[ec]
+
+	if !ok {
+		return ErrorCodeUnknown.Descriptor()
+	}
+
+	return d
+}
+
+// String returns the canonical identifier for this error code.
+func (ec ErrorCode) String() string {
+	return ec.Descriptor().Value
+}
+
+// Message returned the human-readable error message for this error code.
+func (ec ErrorCode) Message() string {
+	return ec.Descriptor().Message
+}
+
+// MarshalText encodes the receiver into UTF-8-encoded text and returns the
+// result.
+func (ec ErrorCode) MarshalText() (text []byte, err error) {
+	return []byte(ec.String()), nil
+}
+
+// UnmarshalText decodes the form generated by MarshalText.
+func (ec *ErrorCode) UnmarshalText(text []byte) error {
+	desc, ok := idToDescriptors[string(text)]
+
+	if !ok {
+		desc = ErrorCodeUnknown.Descriptor()
+	}
+
+	*ec = desc.Code
+
+	return nil
+}
+
+// WithMessage creates a new Error struct based on the passed-in info and
+// overrides the Message property.
+func (ec ErrorCode) WithMessage(message string) Error {
+	return Error{
+		Code:    ec,
+		Message: message,
+	}
+}
+
+// WithDetail creates a new Error struct based on the passed-in info and
+// set the Detail property appropriately
+func (ec ErrorCode) WithDetail(detail interface{}) Error {
+	return Error{
+		Code:    ec,
+		Message: ec.Message(),
+	}.WithDetail(detail)
+}
+
+// WithArgs creates a new Error struct and sets the Args slice
+func (ec ErrorCode) WithArgs(args ...interface{}) Error {
+	return Error{
+		Code:    ec,
+		Message: ec.Message(),
+	}.WithArgs(args...)
+}
+
+// Error provides a wrapper around ErrorCode with extra Details provided.
+type Error struct {
+	Code    ErrorCode   `json:"code"`
+	Message string      `json:"message"`
+	Detail  interface{} `json:"detail,omitempty"`
+
+	// TODO(duglin): See if we need an "args" property so we can do the
+	// variable substitution right before showing the message to the user
+}
+
+var _ error = Error{}
+
+// ErrorCode returns the ID/Value of this Error
+func (e Error) ErrorCode() ErrorCode {
+	return e.Code
+}
+
+// Error returns a human readable representation of the error.
+func (e Error) Error() string {
+	return fmt.Sprintf("%s: %s", e.Code.Error(), e.Message)
+}
+
+// WithDetail will return a new Error, based on the current one, but with
+// some Detail info added
+func (e Error) WithDetail(detail interface{}) Error {
+	return Error{
+		Code:    e.Code,
+		Message: e.Message,
+		Detail:  detail,
+	}
+}
+
+// WithArgs uses the passed-in list of interface{} as the substitution
+// variables in the Error's Message string, but returns a new Error
+func (e Error) WithArgs(args ...interface{}) Error {
+	return Error{
+		Code:    e.Code,
+		Message: fmt.Sprintf(e.Code.Message(), args...),
+		Detail:  e.Detail,
+	}
+}
+
+// ErrorDescriptor provides relevant information about a given error code.
+type ErrorDescriptor struct {
+	// Code is the error code that this descriptor describes.
+	Code ErrorCode
+
+	// Value provides a unique, string key, often captilized with
+	// underscores, to identify the error code. This value is used as the
+	// keyed value when serializing api errors.
+	Value string
+
+	// Message is a short, human readable description of the error condition
+	// included in API responses.
+	Message string
+
+	// Description provides a complete account of the errors purpose, suitable
+	// for use in documentation.
+	Description string
+
+	// HTTPStatusCode provides the http status code that is associated with
+	// this error condition.
+	HTTPStatusCode int
+}
+
+// ParseErrorCode returns the value by the string error code.
+// `ErrorCodeUnknown` will be returned if the error is not known.
+func ParseErrorCode(value string) ErrorCode {
+	ed, ok := idToDescriptors[value]
+	if ok {
+		return ed.Code
+	}
+
+	return ErrorCodeUnknown
+}
+
+// Errors provides the envelope for multiple errors and a few sugar methods
+// for use within the application.
+type Errors []error
+
+var _ error = Errors{}
+
+func (errs Errors) Error() string {
+	switch len(errs) {
+	case 0:
+		return "<nil>"
+	case 1:
+		return errs[0].Error()
+	default:
+		msg := "errors:\n"
+		for _, err := range errs {
+			msg += err.Error() + "\n"
+		}
+		return msg
+	}
+}
+
+// Len returns the current number of errors.
+func (errs Errors) Len() int {
+	return len(errs)
+}
+
+// MarshalJSON converts slice of error, ErrorCode or Error into a
+// slice of Error - then serializes
+func (errs Errors) MarshalJSON() ([]byte, error) {
+	var tmpErrs struct {
+		Errors []Error `json:"errors,omitempty"`
+	}
+
+	for _, daErr := range errs {
+		var err Error
+
+		switch daErr := daErr.(type) {
+		case ErrorCode:
+			err = daErr.WithDetail(nil)
+		case Error:
+			err = daErr
+		default:
+			err = ErrorCodeUnknown.WithDetail(daErr)
+
+		}
+
+		// If the Error struct was setup and they forgot to set the
+		// Message field (meaning its "") then grab it from the ErrCode
+		msg := err.Message
+		if msg == "" {
+			msg = err.Code.Message()
+		}
+
+		tmpErrs.Errors = append(tmpErrs.Errors, Error{
+			Code:    err.Code,
+			Message: msg,
+			Detail:  err.Detail,
+		})
+	}
+
+	return json.Marshal(tmpErrs)
+}
+
+// UnmarshalJSON deserializes []Error and then converts it into slice of
+// Error or ErrorCode
+func (errs *Errors) UnmarshalJSON(data []byte) error {
+	var tmpErrs struct {
+		Errors []Error
+	}
+
+	if err := json.Unmarshal(data, &tmpErrs); err != nil {
+		return err
+	}
+
+	var newErrs Errors
+	for _, daErr := range tmpErrs.Errors {
+		// If Message is empty or exactly matches the Code's message string
+		// then just use the Code, no need for a full Error struct
+		if daErr.Detail == nil && (daErr.Message == "" || daErr.Message == daErr.Code.Message()) {
+			// Error's w/o details get converted to ErrorCode
+			newErrs = append(newErrs, daErr.Code)
+		} else {
+			// Error's w/ details are untouched
+			newErrs = append(newErrs, Error{
+				Code:    daErr.Code,
+				Message: daErr.Message,
+				Detail:  daErr.Detail,
+			})
+		}
+	}
+
+	*errs = newErrs
+	return nil
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/errdesc.go b/vendor/github.com/containerd/containerd/remotes/docker/errdesc.go
new file mode 100644
index 0000000000000..b2bd4d82bd876
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/remotes/docker/errdesc.go
@@ -0,0 +1,154 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package docker
+
+import (
+	"fmt"
+	"net/http"
+	"sort"
+	"sync"
+)
+
+var (
+	errorCodeToDescriptors = map[ErrorCode]ErrorDescriptor{}
+	idToDescriptors        = map[string]ErrorDescriptor{}
+	groupToDescriptors     = map[string][]ErrorDescriptor{}
+)
+
+var (
+	// ErrorCodeUnknown is a generic error that can be used as a last
+	// resort if there is no situation-specific error message that can be used
+	ErrorCodeUnknown = Register("errcode", ErrorDescriptor{
+		Value:   "UNKNOWN",
+		Message: "unknown error",
+		Description: `Generic error returned when the error does not have an
+			                                            API classification.`,
+		HTTPStatusCode: http.StatusInternalServerError,
+	})
+
+	// ErrorCodeUnsupported is returned when an operation is not supported.
+	ErrorCodeUnsupported = Register("errcode", ErrorDescriptor{
+		Value:   "UNSUPPORTED",
+		Message: "The operation is unsupported.",
+		Description: `The operation was unsupported due to a missing
+		implementation or invalid set of parameters.`,
+		HTTPStatusCode: http.StatusMethodNotAllowed,
+	})
+
+	// ErrorCodeUnauthorized is returned if a request requires
+	// authentication.
+	ErrorCodeUnauthorized = Register("errcode", ErrorDescriptor{
+		Value:   "UNAUTHORIZED",
+		Message: "authentication required",
+		Description: `The access controller was unable to authenticate
+		the client. Often this will be accompanied by a
+		Www-Authenticate HTTP response header indicating how to
+		authenticate.`,
+		HTTPStatusCode: http.StatusUnauthorized,
+	})
+
+	// ErrorCodeDenied is returned if a client does not have sufficient
+	// permission to perform an action.
+	ErrorCodeDenied = Register("errcode", ErrorDescriptor{
+		Value:   "DENIED",
+		Message: "requested access to the resource is denied",
+		Description: `The access controller denied access for the
+		operation on a resource.`,
+		HTTPStatusCode: http.StatusForbidden,
+	})
+
+	// ErrorCodeUnavailable provides a common error to report unavailability
+	// of a service or endpoint.
+	ErrorCodeUnavailable = Register("errcode", ErrorDescriptor{
+		Value:          "UNAVAILABLE",
+		Message:        "service unavailable",
+		Description:    "Returned when a service is not available",
+		HTTPStatusCode: http.StatusServiceUnavailable,
+	})
+
+	// ErrorCodeTooManyRequests is returned if a client attempts too many
+	// times to contact a service endpoint.
+	ErrorCodeTooManyRequests = Register("errcode", ErrorDescriptor{
+		Value:   "TOOMANYREQUESTS",
+		Message: "too many requests",
+		Description: `Returned when a client attempts to contact a
+		service too many times`,
+		HTTPStatusCode: http.StatusTooManyRequests,
+	})
+)
+
+var nextCode = 1000
+var registerLock sync.Mutex
+
+// Register will make the passed-in error known to the environment and
+// return a new ErrorCode
+func Register(group string, descriptor ErrorDescriptor) ErrorCode {
+	registerLock.Lock()
+	defer registerLock.Unlock()
+
+	descriptor.Code = ErrorCode(nextCode)
+
+	if _, ok := idToDescriptors[descriptor.Value]; ok {
+		panic(fmt.Sprintf("ErrorValue %q is already registered", descriptor.Value))
+	}
+	if _, ok := errorCodeToDescriptors[descriptor.Code]; ok {
+		panic(fmt.Sprintf("ErrorCode %v is already registered", descriptor.Code))
+	}
+
+	groupToDescriptors[group] = append(groupToDescriptors[group], descriptor)
+	errorCodeToDescriptors[descriptor.Code] = descriptor
+	idToDescriptors[descriptor.Value] = descriptor
+
+	nextCode++
+	return descriptor.Code
+}
+
+type byValue []ErrorDescriptor
+
+func (a byValue) Len() int           { return len(a) }
+func (a byValue) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a byValue) Less(i, j int) bool { return a[i].Value < a[j].Value }
+
+// GetGroupNames returns the list of Error group names that are registered
+func GetGroupNames() []string {
+	keys := []string{}
+
+	for k := range groupToDescriptors {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	return keys
+}
+
+// GetErrorCodeGroup returns the named group of error descriptors
+func GetErrorCodeGroup(name string) []ErrorDescriptor {
+	desc := groupToDescriptors[name]
+	sort.Sort(byValue(desc))
+	return desc
+}
+
+// GetErrorAllDescriptors returns a slice of all ErrorDescriptors that are
+// registered, irrespective of what group they're in
+func GetErrorAllDescriptors() []ErrorDescriptor {
+	result := []ErrorDescriptor{}
+
+	for _, group := range GetGroupNames() {
+		result = append(result, GetErrorCodeGroup(group)...)
+	}
+	sort.Sort(byValue(result))
+	return result
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
index 4a2ce3c393b4c..4b2c10e9a37a9 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
@@ -18,11 +18,12 @@ package docker
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
-	"path"
+	"net/url"
 	"strings"
 
 	"github.com/containerd/containerd/errdefs"
@@ -30,7 +31,6 @@ import (
 	"github.com/containerd/containerd/log"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 )
 
 type dockerFetcher struct {
@@ -38,26 +38,50 @@ type dockerFetcher struct {
 }
 
 func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error) {
-	ctx = log.WithLogger(ctx, log.G(ctx).WithFields(
-		logrus.Fields{
-			"base":   r.base.String(),
-			"digest": desc.Digest,
-		},
-	))
-
-	urls, err := r.getV2URLPaths(ctx, desc)
-	if err != nil {
-		return nil, err
+	ctx = log.WithLogger(ctx, log.G(ctx).WithField("digest", desc.Digest))
+
+	hosts := r.filterHosts(HostCapabilityPull)
+	if len(hosts) == 0 {
+		return nil, errors.Wrap(errdefs.ErrNotFound, "no pull hosts")
 	}
 
-	ctx, err = contextWithRepositoryScope(ctx, r.refspec, false)
+	ctx, err := ContextWithRepositoryScope(ctx, r.refspec, false)
 	if err != nil {
 		return nil, err
 	}
 
 	return newHTTPReadSeeker(desc.Size, func(offset int64) (io.ReadCloser, error) {
-		for _, u := range urls {
-			rc, err := r.open(ctx, u, desc.MediaType, offset)
+		// firstly try fetch via external urls
+		for _, us := range desc.URLs {
+			ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", us))
+
+			u, err := url.Parse(us)
+			if err != nil {
+				log.G(ctx).WithError(err).Debug("failed to parse")
+				continue
+			}
+			if u.Scheme != "http" && u.Scheme != "https" {
+				log.G(ctx).Debug("non-http(s) alternative url is unsupported")
+				continue
+			}
+			log.G(ctx).Debug("trying alternative url")
+
+			// Try this first, parse it
+			host := RegistryHost{
+				Client:       http.DefaultClient,
+				Host:         u.Host,
+				Scheme:       u.Scheme,
+				Path:         u.Path,
+				Capabilities: HostCapabilityPull,
+			}
+			req := r.request(host, http.MethodGet)
+			// Strip namespace from base
+			req.path = u.Path
+			if u.RawQuery != "" {
+				req.path = req.path + "?" + u.RawQuery
+			}
+
+			rc, err := r.open(ctx, req, desc.MediaType, offset)
 			if err != nil {
 				if errdefs.IsNotFound(err) {
 					continue // try one of the other urls.
@@ -69,32 +93,84 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
 			return rc, nil
 		}
 
-		return nil, errors.Wrapf(errdefs.ErrNotFound,
-			"could not fetch content descriptor %v (%v) from remote",
-			desc.Digest, desc.MediaType)
+		// Try manifests endpoints for manifests types
+		switch desc.MediaType {
+		case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList,
+			images.MediaTypeDockerSchema1Manifest,
+			ocispec.MediaTypeImageManifest, ocispec.MediaTypeImageIndex:
+
+			var firstErr error
+			for _, host := range r.hosts {
+				req := r.request(host, http.MethodGet, "manifests", desc.Digest.String())
+				if err := req.addNamespace(r.refspec.Hostname()); err != nil {
+					return nil, err
+				}
+
+				rc, err := r.open(ctx, req, desc.MediaType, offset)
+				if err != nil {
+					// Store the error for referencing later
+					if firstErr == nil {
+						firstErr = err
+					}
+					continue // try another host
+				}
+
+				return rc, nil
+			}
+
+			return nil, firstErr
+		}
+
+		// Finally use blobs endpoints
+		var firstErr error
+		for _, host := range r.hosts {
+			req := r.request(host, http.MethodGet, "blobs", desc.Digest.String())
+			if err := req.addNamespace(r.refspec.Hostname()); err != nil {
+				return nil, err
+			}
+
+			rc, err := r.open(ctx, req, desc.MediaType, offset)
+			if err != nil {
+				// Store the error for referencing later
+				if firstErr == nil {
+					firstErr = err
+				}
+				continue // try another host
+			}
+
+			return rc, nil
+		}
+
+		if errdefs.IsNotFound(firstErr) {
+			firstErr = errors.Wrapf(errdefs.ErrNotFound,
+				"could not fetch content descriptor %v (%v) from remote",
+				desc.Digest, desc.MediaType)
+		}
+
+		return nil, firstErr
 
 	})
 }
 
-func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int64) (io.ReadCloser, error) {
-	req, err := http.NewRequest(http.MethodGet, u, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Set("Accept", strings.Join([]string{mediatype, `*`}, ", "))
+func (r dockerFetcher) open(ctx context.Context, req *request, mediatype string, offset int64) (_ io.ReadCloser, retErr error) {
+	req.header.Set("Accept", strings.Join([]string{mediatype, `*/*`}, ", "))
 
 	if offset > 0 {
 		// Note: "Accept-Ranges: bytes" cannot be trusted as some endpoints
 		// will return the header without supporting the range. The content
 		// range must always be checked.
-		req.Header.Set("Range", fmt.Sprintf("bytes=%d-", offset))
+		req.header.Set("Range", fmt.Sprintf("bytes=%d-", offset))
 	}
 
-	resp, err := r.doRequestWithRetries(ctx, req, nil)
+	resp, err := req.doWithRetries(ctx, nil)
 	if err != nil {
 		return nil, err
 	}
+	defer func() {
+		if retErr != nil {
+			resp.Body.Close()
+		}
+	}()
 
 	if resp.StatusCode > 299 {
 		// TODO(stevvooe): When doing a offset specific request, we should
@@ -102,11 +178,14 @@ func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int
 		// can discard the bytes, hiding the seek behavior from the
 		// implementation.
 
-		resp.Body.Close()
 		if resp.StatusCode == http.StatusNotFound {
-			return nil, errors.Wrapf(errdefs.ErrNotFound, "content at %v not found", u)
+			return nil, errors.Wrapf(errdefs.ErrNotFound, "content at %v not found", req.String())
+		}
+		var registryErr Errors
+		if err := json.NewDecoder(resp.Body).Decode(&registryErr); err != nil || registryErr.Len() < 1 {
+			return nil, errors.Errorf("unexpected status code %v: %v", req.String(), resp.Status)
 		}
-		return nil, errors.Errorf("unexpected status code %v: %v", u, resp.Status)
+		return nil, errors.Errorf("unexpected status code %v: %s - Server message: %s", req.String(), resp.Status, registryErr.Error())
 	}
 	if offset > 0 {
 		cr := resp.Header.Get("content-range")
@@ -135,30 +214,3 @@ func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int
 
 	return resp.Body, nil
 }
-
-// getV2URLPaths generates the candidate urls paths for the object based on the
-// set of hints and the provided object id. URLs are returned in the order of
-// most to least likely succeed.
-func (r *dockerFetcher) getV2URLPaths(ctx context.Context, desc ocispec.Descriptor) ([]string, error) {
-	var urls []string
-
-	if len(desc.URLs) > 0 {
-		// handle fetch via external urls.
-		for _, u := range desc.URLs {
-			log.G(ctx).WithField("url", u).Debug("adding alternative url")
-			urls = append(urls, u)
-		}
-	}
-
-	switch desc.MediaType {
-	case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList,
-		images.MediaTypeDockerSchema1Manifest,
-		ocispec.MediaTypeImageManifest, ocispec.MediaTypeImageIndex:
-		urls = append(urls, r.url(path.Join("manifests", desc.Digest.String())))
-	}
-
-	// always fallback to attempting to get the object out of the blobs store.
-	urls = append(urls, r.url(path.Join("blobs", desc.Digest.String())))
-
-	return urls, nil
-}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/handler.go b/vendor/github.com/containerd/containerd/remotes/docker/handler.go
new file mode 100644
index 0000000000000..529cfbc274bd2
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/remotes/docker/handler.go
@@ -0,0 +1,154 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package docker
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/labels"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/reference"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+var (
+	// labelDistributionSource describes the source blob comes from.
+	labelDistributionSource = "containerd.io/distribution.source"
+)
+
+// AppendDistributionSourceLabel updates the label of blob with distribution source.
+func AppendDistributionSourceLabel(manager content.Manager, ref string) (images.HandlerFunc, error) {
+	refspec, err := reference.Parse(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	u, err := url.Parse("dummy://" + refspec.Locator)
+	if err != nil {
+		return nil, err
+	}
+
+	source, repo := u.Hostname(), strings.TrimPrefix(u.Path, "/")
+	return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+		info, err := manager.Info(ctx, desc.Digest)
+		if err != nil {
+			return nil, err
+		}
+
+		key := distributionSourceLabelKey(source)
+
+		originLabel := ""
+		if info.Labels != nil {
+			originLabel = info.Labels[key]
+		}
+		value := appendDistributionSourceLabel(originLabel, repo)
+
+		// The repo name has been limited under 256 and the distribution
+		// label might hit the limitation of label size, when blob data
+		// is used as the very, very common layer.
+		if err := labels.Validate(key, value); err != nil {
+			log.G(ctx).Warnf("skip to append distribution label: %s", err)
+			return nil, nil
+		}
+
+		info = content.Info{
+			Digest: desc.Digest,
+			Labels: map[string]string{
+				key: value,
+			},
+		}
+		_, err = manager.Update(ctx, info, fmt.Sprintf("labels.%s", key))
+		return nil, err
+	}, nil
+}
+
+func appendDistributionSourceLabel(originLabel, repo string) string {
+	repos := []string{}
+	if originLabel != "" {
+		repos = strings.Split(originLabel, ",")
+	}
+	repos = append(repos, repo)
+
+	// use empty string to present duplicate items
+	for i := 1; i < len(repos); i++ {
+		tmp, j := repos[i], i-1
+		for ; j >= 0 && repos[j] >= tmp; j-- {
+			if repos[j] == tmp {
+				tmp = ""
+			}
+			repos[j+1] = repos[j]
+		}
+		repos[j+1] = tmp
+	}
+
+	i := 0
+	for ; i < len(repos) && repos[i] == ""; i++ {
+	}
+
+	return strings.Join(repos[i:], ",")
+}
+
+func distributionSourceLabelKey(source string) string {
+	return fmt.Sprintf("%s.%s", labelDistributionSource, source)
+}
+
+// selectRepositoryMountCandidate will select the repo which has longest
+// common prefix components as the candidate.
+func selectRepositoryMountCandidate(refspec reference.Spec, sources map[string]string) string {
+	u, err := url.Parse("dummy://" + refspec.Locator)
+	if err != nil {
+		// NOTE: basically, it won't be error here
+		return ""
+	}
+
+	source, target := u.Hostname(), strings.TrimPrefix(u.Path, "/")
+	repoLabel, ok := sources[distributionSourceLabelKey(source)]
+	if !ok || repoLabel == "" {
+		return ""
+	}
+
+	n, match := 0, ""
+	components := strings.Split(target, "/")
+	for _, repo := range strings.Split(repoLabel, ",") {
+		// the target repo is not a candidate
+		if repo == target {
+			continue
+		}
+
+		if l := commonPrefixComponents(components, repo); l >= n {
+			n, match = l, repo
+		}
+	}
+	return match
+}
+
+func commonPrefixComponents(components []string, target string) int {
+	targetComponents := strings.Split(target, "/")
+
+	i := 0
+	for ; i < len(components) && i < len(targetComponents); i++ {
+		if components[i] != targetComponents[i] {
+			break
+		}
+	}
+	return i
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go b/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go
index 9175b6a7a4935..58c866bcdec17 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go
@@ -26,12 +26,16 @@ import (
 	"github.com/pkg/errors"
 )
 
+const maxRetry = 3
+
 type httpReadSeeker struct {
 	size   int64
 	offset int64
 	rc     io.ReadCloser
 	open   func(offset int64) (io.ReadCloser, error)
 	closed bool
+
+	errsWithNoProgress int
 }
 
 func newHTTPReadSeeker(size int64, open func(offset int64) (io.ReadCloser, error)) (io.ReadCloser, error) {
@@ -53,6 +57,27 @@ func (hrs *httpReadSeeker) Read(p []byte) (n int, err error) {
 
 	n, err = rd.Read(p)
 	hrs.offset += int64(n)
+	if n > 0 || err == nil {
+		hrs.errsWithNoProgress = 0
+	}
+	if err == io.ErrUnexpectedEOF {
+		// connection closed unexpectedly. try reconnecting.
+		if n == 0 {
+			hrs.errsWithNoProgress++
+			if hrs.errsWithNoProgress > maxRetry {
+				return // too many retries for this offset with no progress
+			}
+		}
+		if hrs.rc != nil {
+			if clsErr := hrs.rc.Close(); clsErr != nil {
+				log.L.WithError(clsErr).Errorf("httpReadSeeker: failed to close ReadCloser")
+			}
+			hrs.rc = nil
+		}
+		if _, err2 := hrs.reader(); err2 == nil {
+			return n, nil
+		}
+	}
 	return
 }
 
@@ -121,7 +146,7 @@ func (hrs *httpReadSeeker) reader() (io.Reader, error) {
 
 		rc, err := hrs.open(hrs.offset)
 		if err != nil {
-			return nil, errors.Wrapf(err, "httpReaderSeeker: failed open")
+			return nil, errors.Wrapf(err, "httpReadSeeker: failed open")
 		}
 
 		if hrs.rc != nil {
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go
index c3c0923f08ac1..97ed66a6ab01a 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go
@@ -21,7 +21,7 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
-	"path"
+	"net/url"
 	"strings"
 	"time"
 
@@ -30,6 +30,7 @@ import (
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/remotes"
+	remoteserrors "github.com/containerd/containerd/remotes/errors"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -37,62 +38,93 @@ import (
 
 type dockerPusher struct {
 	*dockerBase
-	tag string
+	object string
 
 	// TODO: namespace tracker
 	tracker StatusTracker
 }
 
+// Writer implements Ingester API of content store. This allows the client
+// to receive ErrUnavailable when there is already an on-going upload.
+// Note that the tracker MUST implement StatusTrackLocker interface to avoid
+// race condition on StatusTracker.
+func (p dockerPusher) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) {
+	var wOpts content.WriterOpts
+	for _, opt := range opts {
+		if err := opt(&wOpts); err != nil {
+			return nil, err
+		}
+	}
+	if wOpts.Ref == "" {
+		return nil, errors.Wrap(errdefs.ErrInvalidArgument, "ref must not be empty")
+	}
+	return p.push(ctx, wOpts.Desc, wOpts.Ref, true)
+}
+
 func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (content.Writer, error) {
-	ctx, err := contextWithRepositoryScope(ctx, p.refspec, true)
+	return p.push(ctx, desc, remotes.MakeRefKey(ctx, desc), false)
+}
+
+func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref string, unavailableOnFail bool) (content.Writer, error) {
+	if l, ok := p.tracker.(StatusTrackLocker); ok {
+		l.Lock(ref)
+		defer l.Unlock(ref)
+	}
+	ctx, err := ContextWithRepositoryScope(ctx, p.refspec, true)
 	if err != nil {
 		return nil, err
 	}
-	ref := remotes.MakeRefKey(ctx, desc)
 	status, err := p.tracker.GetStatus(ref)
 	if err == nil {
-		if status.Offset == status.Total {
+		if status.Committed && status.Offset == status.Total {
 			return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "ref %v", ref)
 		}
+		if unavailableOnFail {
+			// Another push of this ref is happening elsewhere. The rest of function
+			// will continue only when `errdefs.IsNotFound(err) == true` (i.e. there
+			// is no actively-tracked ref already).
+			return nil, errors.Wrap(errdefs.ErrUnavailable, "push is on-going")
+		}
 		// TODO: Handle incomplete status
 	} else if !errdefs.IsNotFound(err) {
 		return nil, errors.Wrap(err, "failed to get status")
 	}
 
+	hosts := p.filterHosts(HostCapabilityPush)
+	if len(hosts) == 0 {
+		return nil, errors.Wrap(errdefs.ErrNotFound, "no push hosts")
+	}
+
 	var (
 		isManifest bool
-		existCheck string
+		existCheck []string
+		host       = hosts[0]
 	)
 
 	switch desc.MediaType {
 	case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList,
 		ocispec.MediaTypeImageManifest, ocispec.MediaTypeImageIndex:
 		isManifest = true
-		if p.tag == "" {
-			existCheck = path.Join("manifests", desc.Digest.String())
-		} else {
-			existCheck = path.Join("manifests", p.tag)
-		}
+		existCheck = getManifestPath(p.object, desc.Digest)
 	default:
-		existCheck = path.Join("blobs", desc.Digest.String())
+		existCheck = []string{"blobs", desc.Digest.String()}
 	}
 
-	req, err := http.NewRequest(http.MethodHead, p.url(existCheck), nil)
-	if err != nil {
-		return nil, err
-	}
+	req := p.request(host, http.MethodHead, existCheck...)
+	req.header.Set("Accept", strings.Join([]string{desc.MediaType, `*/*`}, ", "))
+
+	log.G(ctx).WithField("url", req.String()).Debugf("checking and pushing to")
 
-	req.Header.Set("Accept", strings.Join([]string{desc.MediaType, `*`}, ", "))
-	resp, err := p.doRequestWithRetries(ctx, req, nil)
+	resp, err := req.doWithRetries(ctx, nil)
 	if err != nil {
-		if errors.Cause(err) != ErrInvalidAuthorization {
+		if !errors.Is(err, ErrInvalidAuthorization) {
 			return nil, err
 		}
 		log.G(ctx).WithError(err).Debugf("Unable to check existence, continuing with push")
 	} else {
 		if resp.StatusCode == http.StatusOK {
 			var exists bool
-			if isManifest && p.tag != "" {
+			if isManifest && existCheck[1] != desc.Digest.String() {
 				dgstHeader := digest.Digest(resp.Header.Get("Docker-Content-Digest"))
 				if dgstHeader == desc.Digest {
 					exists = true
@@ -103,80 +135,120 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
 
 			if exists {
 				p.tracker.SetStatus(ref, Status{
+					Committed: true,
 					Status: content.Status{
-						Ref: ref,
+						Ref:    ref,
+						Total:  desc.Size,
+						Offset: desc.Size,
 						// TODO: Set updated time?
 					},
 				})
+				resp.Body.Close()
 				return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v on remote", desc.Digest)
 			}
 		} else if resp.StatusCode != http.StatusNotFound {
-			// TODO: log error
-			return nil, errors.Errorf("unexpected response: %s", resp.Status)
+			err := remoteserrors.NewUnexpectedStatusErr(resp)
+			log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response")
+			resp.Body.Close()
+			return nil, err
 		}
+		resp.Body.Close()
 	}
 
-	// TODO: Lookup related objects for cross repository push
-
 	if isManifest {
-		var putPath string
-		if p.tag != "" {
-			putPath = path.Join("manifests", p.tag)
-		} else {
-			putPath = path.Join("manifests", desc.Digest.String())
-		}
-
-		req, err = http.NewRequest(http.MethodPut, p.url(putPath), nil)
-		if err != nil {
-			return nil, err
-		}
-		req.Header.Add("Content-Type", desc.MediaType)
+		putPath := getManifestPath(p.object, desc.Digest)
+		req = p.request(host, http.MethodPut, putPath...)
+		req.header.Add("Content-Type", desc.MediaType)
 	} else {
-		// TODO: Do monolithic upload if size is small
-
 		// Start upload request
-		req, err = http.NewRequest(http.MethodPost, p.url("blobs", "uploads")+"/", nil)
-		if err != nil {
-			return nil, err
+		req = p.request(host, http.MethodPost, "blobs", "uploads/")
+
+		var resp *http.Response
+		if fromRepo := selectRepositoryMountCandidate(p.refspec, desc.Annotations); fromRepo != "" {
+			preq := requestWithMountFrom(req, desc.Digest.String(), fromRepo)
+			pctx := ContextWithAppendPullRepositoryScope(ctx, fromRepo)
+
+			// NOTE: the fromRepo might be private repo and
+			// auth service still can grant token without error.
+			// but the post request will fail because of 401.
+			//
+			// for the private repo, we should remove mount-from
+			// query and send the request again.
+			resp, err = preq.doWithRetries(pctx, nil)
+			if err != nil {
+				return nil, err
+			}
+
+			if resp.StatusCode == http.StatusUnauthorized {
+				log.G(ctx).Debugf("failed to mount from repository %s", fromRepo)
+
+				resp.Body.Close()
+				resp = nil
+			}
 		}
 
-		resp, err := p.doRequestWithRetries(ctx, req, nil)
-		if err != nil {
-			return nil, err
+		if resp == nil {
+			resp, err = req.doWithRetries(ctx, nil)
+			if err != nil {
+				return nil, err
+			}
 		}
+		defer resp.Body.Close()
 
 		switch resp.StatusCode {
 		case http.StatusOK, http.StatusAccepted, http.StatusNoContent:
+		case http.StatusCreated:
+			p.tracker.SetStatus(ref, Status{
+				Committed: true,
+				Status: content.Status{
+					Ref:    ref,
+					Total:  desc.Size,
+					Offset: desc.Size,
+				},
+			})
+			return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v on remote", desc.Digest)
 		default:
-			// TODO: log error
-			return nil, errors.Errorf("unexpected response: %s", resp.Status)
+			err := remoteserrors.NewUnexpectedStatusErr(resp)
+			log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response")
+			return nil, err
 		}
 
-		location := resp.Header.Get("Location")
+		var (
+			location = resp.Header.Get("Location")
+			lurl     *url.URL
+			lhost    = host
+		)
 		// Support paths without host in location
 		if strings.HasPrefix(location, "/") {
-			// Support location string containing path and query
-			qmIndex := strings.Index(location, "?")
-			if qmIndex > 0 {
-				u := p.base
-				u.Path = location[:qmIndex]
-				u.RawQuery = location[qmIndex+1:]
-				location = u.String()
-			} else {
-				u := p.base
-				u.Path = location
-				location = u.String()
+			lurl, err = url.Parse(lhost.Scheme + "://" + lhost.Host + location)
+			if err != nil {
+				return nil, errors.Wrapf(err, "unable to parse location %v", location)
+			}
+		} else {
+			if !strings.Contains(location, "://") {
+				location = lhost.Scheme + "://" + location
+			}
+			lurl, err = url.Parse(location)
+			if err != nil {
+				return nil, errors.Wrapf(err, "unable to parse location %v", location)
 			}
-		}
 
-		req, err = http.NewRequest(http.MethodPut, location, nil)
-		if err != nil {
-			return nil, err
+			if lurl.Host != lhost.Host || lhost.Scheme != lurl.Scheme {
+
+				lhost.Scheme = lurl.Scheme
+				lhost.Host = lurl.Host
+				log.G(ctx).WithField("host", lhost.Host).WithField("scheme", lhost.Scheme).Debug("upload changed destination")
+
+				// Strip authorizer if change to host or scheme
+				lhost.Authorizer = nil
+			}
 		}
-		q := req.URL.Query()
+		q := lurl.Query()
 		q.Add("digest", desc.Digest.String())
-		req.URL.RawQuery = q.Encode()
 
+		req = p.request(lhost, http.MethodPut)
+		req.header.Set("Content-Type", "application/octet-stream")
+		req.path = lurl.Path + "?" + q.Encode()
 	}
 	p.tracker.SetStatus(ref, Status{
 		Status: content.Status{
@@ -190,15 +262,25 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
 	// TODO: Support chunked upload
 
 	pr, pw := io.Pipe()
-	respC := make(chan *http.Response, 1)
+	respC := make(chan response, 1)
+	body := ioutil.NopCloser(pr)
 
-	req.Body = ioutil.NopCloser(pr)
-	req.ContentLength = desc.Size
+	req.body = func() (io.ReadCloser, error) {
+		if body == nil {
+			return nil, errors.New("cannot reuse body, request must be retried")
+		}
+		// Only use the body once since pipe cannot be seeked
+		ob := body
+		body = nil
+		return ob, nil
+	}
+	req.size = desc.Size
 
 	go func() {
 		defer close(respC)
-		resp, err = p.doRequest(ctx, req)
+		resp, err := req.doWithRetries(ctx, nil)
 		if err != nil {
+			respC <- response{err: err}
 			pr.CloseWithError(err)
 			return
 		}
@@ -206,10 +288,11 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
 		switch resp.StatusCode {
 		case http.StatusOK, http.StatusCreated, http.StatusNoContent:
 		default:
-			// TODO: log error
-			pr.CloseWithError(errors.Errorf("unexpected response: %s", resp.Status))
+			err := remoteserrors.NewUnexpectedStatusErr(resp)
+			log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response")
+			pr.CloseWithError(err)
 		}
-		respC <- resp
+		respC <- response{Response: resp}
 	}()
 
 	return &pushWriter{
@@ -223,12 +306,36 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
 	}, nil
 }
 
+func getManifestPath(object string, dgst digest.Digest) []string {
+	if i := strings.IndexByte(object, '@'); i >= 0 {
+		if object[i+1:] != dgst.String() {
+			// use digest, not tag
+			object = ""
+		} else {
+			// strip @<digest> for registry path to make tag
+			object = object[:i]
+		}
+
+	}
+
+	if object == "" {
+		return []string{"manifests", dgst.String()}
+	}
+
+	return []string{"manifests", object}
+}
+
+type response struct {
+	*http.Response
+	err error
+}
+
 type pushWriter struct {
 	base *dockerBase
 	ref  string
 
 	pipe       *io.PipeWriter
-	responseC  <-chan *http.Response
+	responseC  <-chan response
 	isManifest bool
 
 	expected digest.Digest
@@ -274,20 +381,19 @@ func (pw *pushWriter) Commit(ctx context.Context, size int64, expected digest.Di
 	if err := pw.pipe.Close(); err != nil {
 		return err
 	}
-	// TODO: Update status to determine committing
-
 	// TODO: timeout waiting for response
 	resp := <-pw.responseC
-	if resp == nil {
-		return errors.New("no response")
+	if resp.err != nil {
+		return resp.err
 	}
+	defer resp.Response.Body.Close()
 
 	// 201 is specified return status, some registries return
-	// 200 or 204.
+	// 200, 202 or 204.
 	switch resp.StatusCode {
-	case http.StatusOK, http.StatusCreated, http.StatusNoContent:
+	case http.StatusOK, http.StatusCreated, http.StatusNoContent, http.StatusAccepted:
 	default:
-		return errors.Errorf("unexpected status: %s", resp.Status)
+		return remoteserrors.NewUnexpectedStatusErr(resp.Response)
 	}
 
 	status, err := pw.tracker.GetStatus(pw.ref)
@@ -296,7 +402,7 @@ func (pw *pushWriter) Commit(ctx context.Context, size int64, expected digest.Di
 	}
 
 	if size > 0 && size != status.Offset {
-		return errors.Errorf("unxpected size %d, expected %d", status.Offset, size)
+		return errors.Errorf("unexpected size %d, expected %d", status.Offset, size)
 	}
 
 	if expected == "" {
@@ -312,6 +418,10 @@ func (pw *pushWriter) Commit(ctx context.Context, size int64, expected digest.Di
 		return errors.Errorf("got digest %s, expected %s", actual, expected)
 	}
 
+	status.Committed = true
+	status.UpdatedAt = time.Now()
+	pw.tracker.SetStatus(pw.ref, status)
+
 	return nil
 }
 
@@ -320,3 +430,16 @@ func (pw *pushWriter) Truncate(size int64) error {
 	// TODO: always error on manifest
 	return errors.New("cannot truncate remote upload")
 }
+
+func requestWithMountFrom(req *request, mount, from string) *request {
+	creq := *req
+
+	sep := "?"
+	if strings.Contains(creq.path, sep) {
+		sep = "&"
+	}
+
+	creq.path = creq.path + sep + "mount=" + mount + "&from=" + from
+
+	return &creq
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/registry.go b/vendor/github.com/containerd/containerd/remotes/docker/registry.go
new file mode 100644
index 0000000000000..1e77d4c86cd3d
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/remotes/docker/registry.go
@@ -0,0 +1,245 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package docker
+
+import (
+	"net"
+	"net/http"
+
+	"github.com/pkg/errors"
+)
+
+// HostCapabilities represent the capabilities of the registry
+// host. This also represents the set of operations for which
+// the registry host may be trusted to perform.
+//
+// For example pushing is a capability which should only be
+// performed on an upstream source, not a mirror.
+// Resolving (the process of converting a name into a digest)
+// must be considered a trusted operation and only done by
+// a host which is trusted (or more preferably by secure process
+// which can prove the provenance of the mapping). A public
+// mirror should never be trusted to do a resolve action.
+//
+// | Registry Type    | Pull | Resolve | Push |
+// |------------------|------|---------|------|
+// | Public Registry  | yes  | yes     | yes  |
+// | Private Registry | yes  | yes     | yes  |
+// | Public Mirror    | yes  | no      | no   |
+// | Private Mirror   | yes  | yes     | no   |
+type HostCapabilities uint8
+
+const (
+	// HostCapabilityPull represents the capability to fetch manifests
+	// and blobs by digest
+	HostCapabilityPull HostCapabilities = 1 << iota
+
+	// HostCapabilityResolve represents the capability to fetch manifests
+	// by name
+	HostCapabilityResolve
+
+	// HostCapabilityPush represents the capability to push blobs and
+	// manifests
+	HostCapabilityPush
+
+	// Reserved for future capabilities (i.e. search, catalog, remove)
+)
+
+// Has checks whether the capabilities list has the provide capability
+func (c HostCapabilities) Has(t HostCapabilities) bool {
+	return c&t == t
+}
+
+// RegistryHost represents a complete configuration for a registry
+// host, representing the capabilities, authorizations, connection
+// configuration, and location.
+type RegistryHost struct {
+	Client       *http.Client
+	Authorizer   Authorizer
+	Host         string
+	Scheme       string
+	Path         string
+	Capabilities HostCapabilities
+	Header       http.Header
+}
+
+func (h RegistryHost) isProxy(refhost string) bool {
+	if refhost != h.Host {
+		if refhost != "docker.io" || h.Host != "registry-1.docker.io" {
+			return true
+		}
+	}
+	return false
+}
+
+// RegistryHosts fetches the registry hosts for a given namespace,
+// provided by the host component of an distribution image reference.
+type RegistryHosts func(string) ([]RegistryHost, error)
+
+// Registries joins multiple registry configuration functions, using the same
+// order as provided within the arguments. When an empty registry configuration
+// is returned with a nil error, the next function will be called.
+// NOTE: This function will not join configurations, as soon as a non-empty
+// configuration is returned from a configuration function, it will be returned
+// to the caller.
+func Registries(registries ...RegistryHosts) RegistryHosts {
+	return func(host string) ([]RegistryHost, error) {
+		for _, registry := range registries {
+			config, err := registry(host)
+			if err != nil {
+				return config, err
+			}
+			if len(config) > 0 {
+				return config, nil
+			}
+		}
+		return nil, nil
+	}
+}
+
+type registryOpts struct {
+	authorizer Authorizer
+	plainHTTP  func(string) (bool, error)
+	host       func(string) (string, error)
+	client     *http.Client
+}
+
+// RegistryOpt defines a registry default option
+type RegistryOpt func(*registryOpts)
+
+// WithPlainHTTP configures registries to use plaintext http scheme
+// for the provided host match function.
+func WithPlainHTTP(f func(string) (bool, error)) RegistryOpt {
+	return func(opts *registryOpts) {
+		opts.plainHTTP = f
+	}
+}
+
+// WithAuthorizer configures the default authorizer for a registry
+func WithAuthorizer(a Authorizer) RegistryOpt {
+	return func(opts *registryOpts) {
+		opts.authorizer = a
+	}
+}
+
+// WithHostTranslator defines the default translator to use for registry hosts
+func WithHostTranslator(h func(string) (string, error)) RegistryOpt {
+	return func(opts *registryOpts) {
+		opts.host = h
+	}
+}
+
+// WithClient configures the default http client for a registry
+func WithClient(c *http.Client) RegistryOpt {
+	return func(opts *registryOpts) {
+		opts.client = c
+	}
+}
+
+// ConfigureDefaultRegistries is used to create a default configuration for
+// registries. For more advanced configurations or per-domain setups,
+// the RegistryHosts interface should be used directly.
+// NOTE: This function will always return a non-empty value or error
+func ConfigureDefaultRegistries(ropts ...RegistryOpt) RegistryHosts {
+	var opts registryOpts
+	for _, opt := range ropts {
+		opt(&opts)
+	}
+
+	return func(host string) ([]RegistryHost, error) {
+		config := RegistryHost{
+			Client:       opts.client,
+			Authorizer:   opts.authorizer,
+			Host:         host,
+			Scheme:       "https",
+			Path:         "/v2",
+			Capabilities: HostCapabilityPull | HostCapabilityResolve | HostCapabilityPush,
+		}
+
+		if config.Client == nil {
+			config.Client = http.DefaultClient
+		}
+
+		if opts.plainHTTP != nil {
+			match, err := opts.plainHTTP(host)
+			if err != nil {
+				return nil, err
+			}
+			if match {
+				config.Scheme = "http"
+			}
+		}
+
+		if opts.host != nil {
+			var err error
+			config.Host, err = opts.host(config.Host)
+			if err != nil {
+				return nil, err
+			}
+		} else if host == "docker.io" {
+			config.Host = "registry-1.docker.io"
+		}
+
+		return []RegistryHost{config}, nil
+	}
+}
+
+// MatchAllHosts is a host match function which is always true.
+func MatchAllHosts(string) (bool, error) {
+	return true, nil
+}
+
+// MatchLocalhost is a host match function which returns true for
+// localhost.
+//
+// Note: this does not handle matching of ip addresses in octal,
+// decimal or hex form.
+func MatchLocalhost(host string) (bool, error) {
+	switch {
+	case host == "::1":
+		return true, nil
+	case host == "[::1]":
+		return true, nil
+	}
+	h, p, err := net.SplitHostPort(host)
+
+	// addrError helps distinguish between errors of form
+	// "no colon in address" and "too many colons in address".
+	// The former is fine as the host string need not have a
+	// port. Latter needs to be handled.
+	addrError := &net.AddrError{
+		Err:  "missing port in address",
+		Addr: host,
+	}
+	if err != nil {
+		if err.Error() != addrError.Error() {
+			return false, err
+		}
+		// host string without any port specified
+		h = host
+	} else if len(p) == 0 {
+		return false, errors.New("invalid host name format")
+	}
+
+	// use ipv4 dotted decimal for further checking
+	if h == "localhost" {
+		h = "127.0.0.1"
+	}
+	ip := net.ParseIP(h)
+
+	return ip.IsLoopback(), nil
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go
index 5cccdecba082c..1be9e1d05c678 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go
@@ -18,10 +18,12 @@ package docker
 
 import (
 	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"path"
-	"strconv"
 	"strings"
 
 	"github.com/containerd/containerd/errdefs"
@@ -29,6 +31,8 @@ import (
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/reference"
 	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker/schema1"
+	"github.com/containerd/containerd/version"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -37,13 +41,22 @@ import (
 )
 
 var (
-	// ErrNoToken is returned if a request is successful but the body does not
-	// contain an authorization token.
-	ErrNoToken = errors.New("authorization server did not include a token in the response")
-
 	// ErrInvalidAuthorization is used when credentials are passed to a server but
 	// those credentials are rejected.
 	ErrInvalidAuthorization = errors.New("authorization failed")
+
+	// MaxManifestSize represents the largest size accepted from a registry
+	// during resolution. Larger manifests may be accepted using a
+	// resolution method other than the registry.
+	//
+	// NOTE: The max supported layers by some runtimes is 128 and individual
+	// layers will not contribute more than 256 bytes, making a
+	// reasonable limit for a large image manifests of 32K bytes.
+	// 4M bytes represents a much larger upper bound for images which may
+	// contain large annotations or be non-images. A proper manifest
+	// design puts large metadata in subobjects, as is consistent the
+	// intent of the manifest design.
+	MaxManifestSize int64 = 4 * 1048 * 1048
 )
 
 // Authorizer is used to authorize HTTP requests based on 401 HTTP responses.
@@ -70,28 +83,38 @@ type Authorizer interface {
 
 // ResolverOptions are used to configured a new Docker register resolver
 type ResolverOptions struct {
+	// Hosts returns registry host configurations for a namespace.
+	Hosts RegistryHosts
+
+	// Headers are the HTTP request header fields sent by the resolver
+	Headers http.Header
+
+	// Tracker is used to track uploads to the registry. This is used
+	// since the registry does not have upload tracking and the existing
+	// mechanism for getting blob upload status is expensive.
+	Tracker StatusTracker
+
 	// Authorizer is used to authorize registry requests
+	// Deprecated: use Hosts
 	Authorizer Authorizer
 
 	// Credentials provides username and secret given a host.
 	// If username is empty but a secret is given, that secret
-	// is interpretted as a long lived token.
-	// Deprecated: use Authorizer
+	// is interpreted as a long lived token.
+	// Deprecated: use Hosts
 	Credentials func(string) (string, string, error)
 
 	// Host provides the hostname given a namespace.
+	// Deprecated: use Hosts
 	Host func(string) (string, error)
 
 	// PlainHTTP specifies to use plain http and not https
+	// Deprecated: use Hosts
 	PlainHTTP bool
 
 	// Client is the http client to used when making registry requests
+	// Deprecated: use Hosts
 	Client *http.Client
-
-	// Tracker is used to track uploads to the registry. This is used
-	// since the registry does not have upload tracking and the existing
-	// mechanism for getting blob upload status is expensive.
-	Tracker StatusTracker
 }
 
 // DefaultHost is the default host function.
@@ -103,11 +126,10 @@ func DefaultHost(ns string) (string, error) {
 }
 
 type dockerResolver struct {
-	auth      Authorizer
-	host      func(string) (string, error)
-	plainHTTP bool
-	client    *http.Client
-	tracker   StatusTracker
+	hosts         RegistryHosts
+	header        http.Header
+	resolveHeader http.Header
+	tracker       StatusTracker
 }
 
 // NewResolver returns a new resolver to a Docker registry
@@ -115,45 +137,102 @@ func NewResolver(options ResolverOptions) remotes.Resolver {
 	if options.Tracker == nil {
 		options.Tracker = NewInMemoryTracker()
 	}
-	if options.Host == nil {
-		options.Host = DefaultHost
+
+	if options.Headers == nil {
+		options.Headers = make(http.Header)
+	}
+	if _, ok := options.Headers["User-Agent"]; !ok {
+		options.Headers.Set("User-Agent", "containerd/"+version.Version)
+	}
+
+	resolveHeader := http.Header{}
+	if _, ok := options.Headers["Accept"]; !ok {
+		// set headers for all the types we support for resolution.
+		resolveHeader.Set("Accept", strings.Join([]string{
+			images.MediaTypeDockerSchema2Manifest,
+			images.MediaTypeDockerSchema2ManifestList,
+			ocispec.MediaTypeImageManifest,
+			ocispec.MediaTypeImageIndex, "*/*"}, ", "))
+	} else {
+		resolveHeader["Accept"] = options.Headers["Accept"]
+		delete(options.Headers, "Accept")
 	}
-	if options.Authorizer == nil {
-		options.Authorizer = NewAuthorizer(options.Client, options.Credentials)
+
+	if options.Hosts == nil {
+		opts := []RegistryOpt{}
+		if options.Host != nil {
+			opts = append(opts, WithHostTranslator(options.Host))
+		}
+
+		if options.Authorizer == nil {
+			options.Authorizer = NewDockerAuthorizer(
+				WithAuthClient(options.Client),
+				WithAuthHeader(options.Headers),
+				WithAuthCreds(options.Credentials))
+		}
+		opts = append(opts, WithAuthorizer(options.Authorizer))
+
+		if options.Client != nil {
+			opts = append(opts, WithClient(options.Client))
+		}
+		if options.PlainHTTP {
+			opts = append(opts, WithPlainHTTP(MatchAllHosts))
+		} else {
+			opts = append(opts, WithPlainHTTP(MatchLocalhost))
+		}
+		options.Hosts = ConfigureDefaultRegistries(opts...)
 	}
 	return &dockerResolver{
-		auth:      options.Authorizer,
-		host:      options.Host,
-		plainHTTP: options.PlainHTTP,
-		client:    options.Client,
-		tracker:   options.Tracker,
+		hosts:         options.Hosts,
+		header:        options.Headers,
+		resolveHeader: resolveHeader,
+		tracker:       options.Tracker,
+	}
+}
+
+func getManifestMediaType(resp *http.Response) string {
+	// Strip encoding data (manifests should always be ascii JSON)
+	contentType := resp.Header.Get("Content-Type")
+	if sp := strings.IndexByte(contentType, ';'); sp != -1 {
+		contentType = contentType[0:sp]
+	}
+
+	// As of Apr 30 2019 the registry.access.redhat.com registry does not specify
+	// the content type of any data but uses schema1 manifests.
+	if contentType == "text/plain" {
+		contentType = images.MediaTypeDockerSchema1Manifest
 	}
+	return contentType
+}
+
+type countingReader struct {
+	reader    io.Reader
+	bytesRead int64
+}
+
+func (r *countingReader) Read(p []byte) (int, error) {
+	n, err := r.reader.Read(p)
+	r.bytesRead += int64(n)
+	return n, err
 }
 
 var _ remotes.Resolver = &dockerResolver{}
 
 func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocispec.Descriptor, error) {
-	refspec, err := reference.Parse(ref)
+	base, err := r.resolveDockerBase(ref)
 	if err != nil {
 		return "", ocispec.Descriptor{}, err
 	}
-
+	refspec := base.refspec
 	if refspec.Object == "" {
 		return "", ocispec.Descriptor{}, reference.ErrObjectRequired
 	}
 
-	base, err := r.base(refspec)
-	if err != nil {
-		return "", ocispec.Descriptor{}, err
-	}
-
-	fetcher := dockerFetcher{
-		dockerBase: base,
-	}
-
 	var (
-		urls []string
-		dgst = refspec.Digest()
+		firstErr error
+		paths    [][]string
+		dgst     = refspec.Digest()
+		caps     = HostCapabilityPull
 	)
 
 	if dgst != "" {
@@ -164,98 +243,159 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
 		}
 
 		// turns out, we have a valid digest, make a url.
-		urls = append(urls, fetcher.url("manifests", dgst.String()))
+		paths = append(paths, []string{"manifests", dgst.String()})
 
 		// fallback to blobs on not found.
-		urls = append(urls, fetcher.url("blobs", dgst.String()))
+		paths = append(paths, []string{"blobs", dgst.String()})
 	} else {
-		urls = append(urls, fetcher.url("manifests", refspec.Object))
+		// Add
+		paths = append(paths, []string{"manifests", refspec.Object})
+		caps |= HostCapabilityResolve
+	}
+
+	hosts := base.filterHosts(caps)
+	if len(hosts) == 0 {
+		return "", ocispec.Descriptor{}, errors.Wrap(errdefs.ErrNotFound, "no resolve hosts")
 	}
 
-	ctx, err = contextWithRepositoryScope(ctx, refspec, false)
+	ctx, err = ContextWithRepositoryScope(ctx, refspec, false)
 	if err != nil {
 		return "", ocispec.Descriptor{}, err
 	}
-	for _, u := range urls {
-		req, err := http.NewRequest(http.MethodHead, u, nil)
-		if err != nil {
-			return "", ocispec.Descriptor{}, err
-		}
 
-		// set headers for all the types we support for resolution.
-		req.Header.Set("Accept", strings.Join([]string{
-			images.MediaTypeDockerSchema2Manifest,
-			images.MediaTypeDockerSchema2ManifestList,
-			ocispec.MediaTypeImageManifest,
-			ocispec.MediaTypeImageIndex, "*"}, ", "))
+	for _, u := range paths {
+		for _, host := range hosts {
+			ctx := log.WithLogger(ctx, log.G(ctx).WithField("host", host.Host))
 
-		log.G(ctx).Debug("resolving")
-		resp, err := fetcher.doRequestWithRetries(ctx, req, nil)
-		if err != nil {
-			if errors.Cause(err) == ErrInvalidAuthorization {
-				err = errors.Wrapf(err, "pull access denied, repository does not exist or may require authorization")
+			req := base.request(host, http.MethodHead, u...)
+			if err := req.addNamespace(base.refspec.Hostname()); err != nil {
+				return "", ocispec.Descriptor{}, err
 			}
-			return "", ocispec.Descriptor{}, err
-		}
-		resp.Body.Close() // don't care about body contents.
 
-		if resp.StatusCode > 299 {
-			if resp.StatusCode == http.StatusNotFound {
-				continue
+			for key, value := range r.resolveHeader {
+				req.header[key] = append(req.header[key], value...)
 			}
-			return "", ocispec.Descriptor{}, errors.Errorf("unexpected status code %v: %v", u, resp.Status)
-		}
 
-		// this is the only point at which we trust the registry. we use the
-		// content headers to assemble a descriptor for the name. when this becomes
-		// more robust, we mostly get this information from a secure trust store.
-		dgstHeader := digest.Digest(resp.Header.Get("Docker-Content-Digest"))
-
-		if dgstHeader != "" {
-			if err := dgstHeader.Validate(); err != nil {
-				return "", ocispec.Descriptor{}, errors.Wrapf(err, "%q in header not a valid digest", dgstHeader)
+			log.G(ctx).Debug("resolving")
+			resp, err := req.doWithRetries(ctx, nil)
+			if err != nil {
+				if errors.Is(err, ErrInvalidAuthorization) {
+					err = errors.Wrapf(err, "pull access denied, repository does not exist or may require authorization")
+				}
+				// Store the error for referencing later
+				if firstErr == nil {
+					firstErr = err
+				}
+				log.G(ctx).WithError(err).Info("trying next host")
+				continue // try another host
+			}
+			resp.Body.Close() // don't care about body contents.
+
+			if resp.StatusCode > 299 {
+				if resp.StatusCode == http.StatusNotFound {
+					log.G(ctx).Info("trying next host - response was http.StatusNotFound")
+					continue
+				}
+				if resp.StatusCode > 399 {
+					// Set firstErr when encountering the first non-404 status code.
+					if firstErr == nil {
+						firstErr = errors.Errorf("pulling from host %s failed with status code %v: %v", host.Host, u, resp.Status)
+					}
+					continue // try another host
+				}
+				return "", ocispec.Descriptor{}, errors.Errorf("pulling from host %s failed with unexpected status code %v: %v", host.Host, u, resp.Status)
+			}
+			size := resp.ContentLength
+			contentType := getManifestMediaType(resp)
+
+			// if no digest was provided, then only a resolve
+			// trusted registry was contacted, in this case use
+			// the digest header (or content from GET)
+			if dgst == "" {
+				// this is the only point at which we trust the registry. we use the
+				// content headers to assemble a descriptor for the name. when this becomes
+				// more robust, we mostly get this information from a secure trust store.
+				dgstHeader := digest.Digest(resp.Header.Get("Docker-Content-Digest"))
+
+				if dgstHeader != "" && size != -1 {
+					if err := dgstHeader.Validate(); err != nil {
+						return "", ocispec.Descriptor{}, errors.Wrapf(err, "%q in header not a valid digest", dgstHeader)
+					}
+					dgst = dgstHeader
+				}
+			}
+			if dgst == "" || size == -1 {
+				log.G(ctx).Debug("no Docker-Content-Digest header, fetching manifest instead")
+
+				req = base.request(host, http.MethodGet, u...)
+				if err := req.addNamespace(base.refspec.Hostname()); err != nil {
+					return "", ocispec.Descriptor{}, err
+				}
+
+				for key, value := range r.resolveHeader {
+					req.header[key] = append(req.header[key], value...)
+				}
+
+				resp, err := req.doWithRetries(ctx, nil)
+				if err != nil {
+					return "", ocispec.Descriptor{}, err
+				}
+				defer resp.Body.Close()
+
+				bodyReader := countingReader{reader: resp.Body}
+
+				contentType = getManifestMediaType(resp)
+				if dgst == "" {
+					if contentType == images.MediaTypeDockerSchema1Manifest {
+						b, err := schema1.ReadStripSignature(&bodyReader)
+						if err != nil {
+							return "", ocispec.Descriptor{}, err
+						}
+
+						dgst = digest.FromBytes(b)
+					} else {
+						dgst, err = digest.FromReader(&bodyReader)
+						if err != nil {
+							return "", ocispec.Descriptor{}, err
+						}
+					}
+				} else if _, err := io.Copy(ioutil.Discard, &bodyReader); err != nil {
+					return "", ocispec.Descriptor{}, err
+				}
+				size = bodyReader.bytesRead
+			}
+			// Prevent resolving to excessively large manifests
+			if size > MaxManifestSize {
+				if firstErr == nil {
+					firstErr = errors.Wrapf(errdefs.ErrNotFound, "rejecting %d byte manifest for %s", size, ref)
+				}
+				continue
 			}
-			dgst = dgstHeader
-		}
-
-		if dgst == "" {
-			return "", ocispec.Descriptor{}, errors.Errorf("could not resolve digest for %v", ref)
-		}
-
-		var (
-			size       int64
-			sizeHeader = resp.Header.Get("Content-Length")
-		)
 
-		size, err = strconv.ParseInt(sizeHeader, 10, 64)
-		if err != nil {
+			desc := ocispec.Descriptor{
+				Digest:    dgst,
+				MediaType: contentType,
+				Size:      size,
+			}
 
-			return "", ocispec.Descriptor{}, errors.Wrapf(err, "invalid size header: %q", sizeHeader)
-		}
-		if size < 0 {
-			return "", ocispec.Descriptor{}, errors.Errorf("%q in header not a valid size", sizeHeader)
+			log.G(ctx).WithField("desc.digest", desc.Digest).Debug("resolved")
+			return ref, desc, nil
 		}
+	}
 
-		desc := ocispec.Descriptor{
-			Digest:    dgst,
-			MediaType: resp.Header.Get("Content-Type"), // need to strip disposition?
-			Size:      size,
-		}
+	// If above loop terminates without return, then there was an error.
+	// "firstErr" contains the first non-404 error. That is, "firstErr == nil"
+	// means that either no registries were given or each registry returned 404.
 
-		log.G(ctx).WithField("desc.digest", desc.Digest).Debug("resolved")
-		return ref, desc, nil
+	if firstErr == nil {
+		firstErr = errors.Wrap(errdefs.ErrNotFound, ref)
 	}
 
-	return "", ocispec.Descriptor{}, errors.Errorf("%v not found", ref)
+	return "", ocispec.Descriptor{}, firstErr
 }
 
 func (r *dockerResolver) Fetcher(ctx context.Context, ref string) (remotes.Fetcher, error) {
-	refspec, err := reference.Parse(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	base, err := r.base(refspec)
+	base, err := r.resolveDockerBase(ref)
 	if err != nil {
 		return nil, err
 	}
@@ -266,79 +406,84 @@ func (r *dockerResolver) Fetcher(ctx context.Context, ref string) (remotes.Fetch
 }
 
 func (r *dockerResolver) Pusher(ctx context.Context, ref string) (remotes.Pusher, error) {
-	refspec, err := reference.Parse(ref)
+	base, err := r.resolveDockerBase(ref)
 	if err != nil {
 		return nil, err
 	}
 
-	// Manifests can be pushed by digest like any other object, but the passed in
-	// reference cannot take a digest without the associated content. A tag is allowed
-	// and will be used to tag pushed manifests.
-	if refspec.Object != "" && strings.Contains(refspec.Object, "@") {
-		return nil, errors.New("cannot use digest reference for push locator")
-	}
+	return dockerPusher{
+		dockerBase: base,
+		object:     base.refspec.Object,
+		tracker:    r.tracker,
+	}, nil
+}
 
-	base, err := r.base(refspec)
+func (r *dockerResolver) resolveDockerBase(ref string) (*dockerBase, error) {
+	refspec, err := reference.Parse(ref)
 	if err != nil {
 		return nil, err
 	}
 
-	return dockerPusher{
-		dockerBase: base,
-		tag:        refspec.Object,
-		tracker:    r.tracker,
-	}, nil
+	return r.base(refspec)
 }
 
 type dockerBase struct {
-	refspec reference.Spec
-	base    url.URL
-
-	client *http.Client
-	auth   Authorizer
+	refspec    reference.Spec
+	repository string
+	hosts      []RegistryHost
+	header     http.Header
 }
 
 func (r *dockerResolver) base(refspec reference.Spec) (*dockerBase, error) {
-	var (
-		err  error
-		base url.URL
-	)
-
 	host := refspec.Hostname()
-	base.Host = host
-	if r.host != nil {
-		base.Host, err = r.host(host)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	base.Scheme = "https"
-	if r.plainHTTP || strings.HasPrefix(base.Host, "localhost:") {
-		base.Scheme = "http"
+	hosts, err := r.hosts(host)
+	if err != nil {
+		return nil, err
 	}
-
-	prefix := strings.TrimPrefix(refspec.Locator, host+"/")
-	base.Path = path.Join("/v2", prefix)
-
 	return &dockerBase{
-		refspec: refspec,
-		base:    base,
-		client:  r.client,
-		auth:    r.auth,
+		refspec:    refspec,
+		repository: strings.TrimPrefix(refspec.Locator, host+"/"),
+		hosts:      hosts,
+		header:     r.header,
 	}, nil
 }
 
-func (r *dockerBase) url(ps ...string) string {
-	url := r.base
-	url.Path = path.Join(url.Path, path.Join(ps...))
-	return url.String()
+func (r *dockerBase) filterHosts(caps HostCapabilities) (hosts []RegistryHost) {
+	for _, host := range r.hosts {
+		if host.Capabilities.Has(caps) {
+			hosts = append(hosts, host)
+		}
+	}
+	return
+}
+
+func (r *dockerBase) request(host RegistryHost, method string, ps ...string) *request {
+	header := r.header.Clone()
+	if header == nil {
+		header = http.Header{}
+	}
+
+	for key, value := range host.Header {
+		header[key] = append(header[key], value...)
+	}
+	parts := append([]string{"/", host.Path, r.repository}, ps...)
+	p := path.Join(parts...)
+	// Join strips trailing slash, re-add ending "/" if included
+	if len(parts) > 0 && strings.HasSuffix(parts[len(parts)-1], "/") {
+		p = p + "/"
+	}
+	return &request{
+		method: method,
+		path:   p,
+		header: header,
+		host:   host,
+	}
 }
 
-func (r *dockerBase) authorize(ctx context.Context, req *http.Request) error {
+func (r *request) authorize(ctx context.Context, req *http.Request) error {
 	// Check if has header for host
-	if r.auth != nil {
-		if err := r.auth.Authorize(ctx, req); err != nil {
+	if r.host.Authorizer != nil {
+		if err := r.host.Authorizer.Authorize(ctx, req); err != nil {
 			return err
 		}
 	}
@@ -346,80 +491,177 @@ func (r *dockerBase) authorize(ctx context.Context, req *http.Request) error {
 	return nil
 }
 
-func (r *dockerBase) doRequest(ctx context.Context, req *http.Request) (*http.Response, error) {
-	ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", req.URL.String()))
-	log.G(ctx).WithField("request.headers", req.Header).WithField("request.method", req.Method).Debug("do request")
+func (r *request) addNamespace(ns string) (err error) {
+	if !r.host.isProxy(ns) {
+		return nil
+	}
+	var q url.Values
+	// Parse query
+	if i := strings.IndexByte(r.path, '?'); i > 0 {
+		r.path = r.path[:i+1]
+		q, err = url.ParseQuery(r.path[i+1:])
+		if err != nil {
+			return
+		}
+	} else {
+		r.path = r.path + "?"
+		q = url.Values{}
+	}
+	q.Add("ns", ns)
+
+	r.path = r.path + q.Encode()
+
+	return
+}
+
+type request struct {
+	method string
+	path   string
+	header http.Header
+	host   RegistryHost
+	body   func() (io.ReadCloser, error)
+	size   int64
+}
+
+func (r *request) do(ctx context.Context) (*http.Response, error) {
+	u := r.host.Scheme + "://" + r.host.Host + r.path
+	req, err := http.NewRequest(r.method, u, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = http.Header{} // headers need to be copied to avoid concurrent map access
+	for k, v := range r.header {
+		req.Header[k] = v
+	}
+	if r.body != nil {
+		body, err := r.body()
+		if err != nil {
+			return nil, err
+		}
+		req.Body = body
+		req.GetBody = r.body
+		if r.size > 0 {
+			req.ContentLength = r.size
+		}
+	}
+
+	ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", u))
+	log.G(ctx).WithFields(requestFields(req)).Debug("do request")
 	if err := r.authorize(ctx, req); err != nil {
 		return nil, errors.Wrap(err, "failed to authorize")
 	}
-	resp, err := ctxhttp.Do(ctx, r.client, req)
+
+	var client = &http.Client{}
+	if r.host.Client != nil {
+		*client = *r.host.Client
+	}
+	if client.CheckRedirect == nil {
+		client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+			if len(via) >= 10 {
+				return errors.New("stopped after 10 redirects")
+			}
+			return errors.Wrap(r.authorize(ctx, req), "failed to authorize redirect")
+		}
+	}
+
+	resp, err := ctxhttp.Do(ctx, client, req)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to do request")
 	}
-	log.G(ctx).WithFields(logrus.Fields{
-		"status":           resp.Status,
-		"response.headers": resp.Header,
-	}).Debug("fetch response received")
+	log.G(ctx).WithFields(responseFields(resp)).Debug("fetch response received")
 	return resp, nil
 }
 
-func (r *dockerBase) doRequestWithRetries(ctx context.Context, req *http.Request, responses []*http.Response) (*http.Response, error) {
-	resp, err := r.doRequest(ctx, req)
+func (r *request) doWithRetries(ctx context.Context, responses []*http.Response) (*http.Response, error) {
+	resp, err := r.do(ctx)
 	if err != nil {
 		return nil, err
 	}
 
 	responses = append(responses, resp)
-	req, err = r.retryRequest(ctx, req, responses)
+	retry, err := r.retryRequest(ctx, responses)
 	if err != nil {
 		resp.Body.Close()
 		return nil, err
 	}
-	if req != nil {
+	if retry {
 		resp.Body.Close()
-		return r.doRequestWithRetries(ctx, req, responses)
+		return r.doWithRetries(ctx, responses)
 	}
 	return resp, err
 }
 
-func (r *dockerBase) retryRequest(ctx context.Context, req *http.Request, responses []*http.Response) (*http.Request, error) {
+func (r *request) retryRequest(ctx context.Context, responses []*http.Response) (bool, error) {
 	if len(responses) > 5 {
-		return nil, nil
+		return false, nil
 	}
 	last := responses[len(responses)-1]
-	if last.StatusCode == http.StatusUnauthorized {
+	switch last.StatusCode {
+	case http.StatusUnauthorized:
 		log.G(ctx).WithField("header", last.Header.Get("WWW-Authenticate")).Debug("Unauthorized")
-		if r.auth != nil {
-			if err := r.auth.AddResponses(ctx, responses); err == nil {
-				return copyRequest(req)
+		if r.host.Authorizer != nil {
+			if err := r.host.Authorizer.AddResponses(ctx, responses); err == nil {
+				return true, nil
 			} else if !errdefs.IsNotImplemented(err) {
-				return nil, err
+				return false, err
 			}
 		}
 
-		return nil, nil
-	} else if last.StatusCode == http.StatusMethodNotAllowed && req.Method == http.MethodHead {
+		return false, nil
+	case http.StatusMethodNotAllowed:
 		// Support registries which have not properly implemented the HEAD method for
 		// manifests endpoint
-		if strings.Contains(req.URL.Path, "/manifests/") {
-			// TODO: copy request?
-			req.Method = http.MethodGet
-			return copyRequest(req)
+		if r.method == http.MethodHead && strings.Contains(r.path, "/manifests/") {
+			r.method = http.MethodGet
+			return true, nil
 		}
+	case http.StatusRequestTimeout, http.StatusTooManyRequests:
+		return true, nil
 	}
 
 	// TODO: Handle 50x errors accounting for attempt history
-	return nil, nil
+	return false, nil
 }
 
-func copyRequest(req *http.Request) (*http.Request, error) {
-	ireq := *req
-	if ireq.GetBody != nil {
-		var err error
-		ireq.Body, err = ireq.GetBody()
-		if err != nil {
-			return nil, err
+func (r *request) String() string {
+	return r.host.Scheme + "://" + r.host.Host + r.path
+}
+
+func requestFields(req *http.Request) logrus.Fields {
+	fields := map[string]interface{}{
+		"request.method": req.Method,
+	}
+	for k, vals := range req.Header {
+		k = strings.ToLower(k)
+		if k == "authorization" {
+			continue
 		}
+		for i, v := range vals {
+			field := "request.header." + k
+			if i > 0 {
+				field = fmt.Sprintf("%s.%d", field, i)
+			}
+			fields[field] = v
+		}
+	}
+
+	return logrus.Fields(fields)
+}
+
+func responseFields(resp *http.Response) logrus.Fields {
+	fields := map[string]interface{}{
+		"response.status": resp.Status,
 	}
-	return &ireq, nil
+	for k, vals := range resp.Header {
+		k = strings.ToLower(k)
+		for i, v := range vals {
+			field := "response.header." + k
+			if i > 0 {
+				field = fmt.Sprintf("%s.%d", field, i)
+			}
+			fields[field] = v
+		}
+	}
+
+	return logrus.Fields(fields)
 }
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go
index 45ac1933fd9f4..f15a9acf3e81c 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go
@@ -24,6 +24,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -42,7 +43,10 @@ import (
 	"github.com/pkg/errors"
 )
 
-const manifestSizeLimit = 8e6 // 8MB
+const (
+	manifestSizeLimit            = 8e6 // 8MB
+	labelDockerSchema1EmptyLayer = "containerd.io/docker.schema1.empty-layer"
+)
 
 type blobState struct {
 	diffID digest.Digest
@@ -212,17 +216,28 @@ func (c *Converter) Convert(ctx context.Context, opts ...ConvertOpt) (ocispec.De
 
 	ref := remotes.MakeRefKey(ctx, desc)
 	if err := content.WriteBlob(ctx, c.contentStore, ref, bytes.NewReader(mb), desc, content.WithLabels(labels)); err != nil {
-		return ocispec.Descriptor{}, errors.Wrap(err, "failed to write config")
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to write image manifest")
 	}
 
 	ref = remotes.MakeRefKey(ctx, config)
 	if err := content.WriteBlob(ctx, c.contentStore, ref, bytes.NewReader(b), config); err != nil {
-		return ocispec.Descriptor{}, errors.Wrap(err, "failed to write config")
+		return ocispec.Descriptor{}, errors.Wrap(err, "failed to write image config")
 	}
 
 	return desc, nil
 }
 
+// ReadStripSignature reads in a schema1 manifest and returns a byte array
+// with the "signatures" field stripped
+func ReadStripSignature(schema1Blob io.Reader) ([]byte, error) {
+	b, err := ioutil.ReadAll(io.LimitReader(schema1Blob, manifestSizeLimit)) // limit to 8MB
+	if err != nil {
+		return nil, err
+	}
+
+	return stripSignature(b)
+}
+
 func (c *Converter) fetchManifest(ctx context.Context, desc ocispec.Descriptor) error {
 	log.G(ctx).Debug("fetch schema 1")
 
@@ -231,21 +246,19 @@ func (c *Converter) fetchManifest(ctx context.Context, desc ocispec.Descriptor)
 		return err
 	}
 
-	b, err := ioutil.ReadAll(io.LimitReader(rc, manifestSizeLimit)) // limit to 8MB
+	b, err := ReadStripSignature(rc)
 	rc.Close()
 	if err != nil {
 		return err
 	}
 
-	b, err = stripSignature(b)
-	if err != nil {
-		return err
-	}
-
 	var m manifest
 	if err := json.Unmarshal(b, &m); err != nil {
 		return err
 	}
+	if len(m.Manifests) != 0 || len(m.Layers) != 0 {
+		return errors.New("converter: expected schema1 document but found extra keys")
+	}
 	c.pulledManifest = &m
 
 	return nil
@@ -353,10 +366,11 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro
 		Digest: desc.Digest,
 		Labels: map[string]string{
 			"containerd.io/uncompressed": state.diffID.String(),
+			labelDockerSchema1EmptyLayer: strconv.FormatBool(state.empty),
 		},
 	}
 
-	if _, err := c.contentStore.Update(ctx, cinfo, "labels.containerd.io/uncompressed"); err != nil {
+	if _, err := c.contentStore.Update(ctx, cinfo, "labels.containerd.io/uncompressed", fmt.Sprintf("labels.%s", labelDockerSchema1EmptyLayer)); err != nil {
 		return errors.Wrap(err, "failed to update uncompressed label")
 	}
 
@@ -380,7 +394,18 @@ func (c *Converter) reuseLabelBlobState(ctx context.Context, desc ocispec.Descri
 		return false, nil
 	}
 
-	bState := blobState{empty: false}
+	emptyVal, ok := cinfo.Labels[labelDockerSchema1EmptyLayer]
+	if !ok {
+		return false, nil
+	}
+
+	isEmpty, err := strconv.ParseBool(emptyVal)
+	if err != nil {
+		log.G(ctx).WithField("id", desc.Digest).Warnf("failed to parse bool from label %s: %v", labelDockerSchema1EmptyLayer, isEmpty)
+		return false, nil
+	}
+
+	bState := blobState{empty: isEmpty}
 
 	if bState.diffID, err = digest.Parse(diffID); err != nil {
 		log.G(ctx).WithField("id", desc.Digest).Warnf("failed to parse digest from label containerd.io/uncompressed: %v", diffID)
@@ -450,8 +475,10 @@ type history struct {
 }
 
 type manifest struct {
-	FSLayers []fsLayer `json:"fsLayers"`
-	History  []history `json:"history"`
+	FSLayers  []fsLayer       `json:"fsLayers"`
+	History   []history       `json:"history"`
+	Layers    json.RawMessage `json:"layers,omitempty"`    // OCI manifest
+	Manifests json.RawMessage `json:"manifests,omitempty"` // OCI index
 }
 
 type v1History struct {
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/scope.go b/vendor/github.com/containerd/containerd/remotes/docker/scope.go
index 52c2443118846..fe57f023d35a6 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/scope.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/scope.go
@@ -18,6 +18,7 @@ package docker
 
 import (
 	"context"
+	"fmt"
 	"net/url"
 	"sort"
 	"strings"
@@ -25,10 +26,10 @@ import (
 	"github.com/containerd/containerd/reference"
 )
 
-// repositoryScope returns a repository scope string such as "repository:foo/bar:pull"
+// RepositoryScope returns a repository scope string such as "repository:foo/bar:pull"
 // for "host/foo/bar:baz".
 // When push is true, both pull and push are added to the scope.
-func repositoryScope(refspec reference.Spec, push bool) (string, error) {
+func RepositoryScope(refspec reference.Spec, push bool) (string, error) {
 	u, err := url.Parse("dummy://" + refspec.Locator)
 	if err != nil {
 		return "", err
@@ -44,33 +45,53 @@ func repositoryScope(refspec reference.Spec, push bool) (string, error) {
 // value: []string (e.g. {"registry:foo/bar:pull"})
 type tokenScopesKey struct{}
 
-// contextWithRepositoryScope returns a context with tokenScopesKey{} and the repository scope value.
-func contextWithRepositoryScope(ctx context.Context, refspec reference.Spec, push bool) (context.Context, error) {
-	s, err := repositoryScope(refspec, push)
+// ContextWithRepositoryScope returns a context with tokenScopesKey{} and the repository scope value.
+func ContextWithRepositoryScope(ctx context.Context, refspec reference.Spec, push bool) (context.Context, error) {
+	s, err := RepositoryScope(refspec, push)
 	if err != nil {
 		return nil, err
 	}
-	return context.WithValue(ctx, tokenScopesKey{}, []string{s}), nil
+	return WithScope(ctx, s), nil
 }
 
-// getTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and params["scope"].
-func getTokenScopes(ctx context.Context, params map[string]string) []string {
+// WithScope appends a custom registry auth scope to the context.
+func WithScope(ctx context.Context, scope string) context.Context {
+	var scopes []string
+	if v := ctx.Value(tokenScopesKey{}); v != nil {
+		scopes = v.([]string)
+		scopes = append(scopes, scope)
+	} else {
+		scopes = []string{scope}
+	}
+	return context.WithValue(ctx, tokenScopesKey{}, scopes)
+}
+
+// ContextWithAppendPullRepositoryScope is used to append repository pull
+// scope into existing scopes indexed by the tokenScopesKey{}.
+func ContextWithAppendPullRepositoryScope(ctx context.Context, repo string) context.Context {
+	return WithScope(ctx, fmt.Sprintf("repository:%s:pull", repo))
+}
+
+// GetTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes.
+func GetTokenScopes(ctx context.Context, common []string) []string {
 	var scopes []string
 	if x := ctx.Value(tokenScopesKey{}); x != nil {
 		scopes = append(scopes, x.([]string)...)
 	}
-	if scope, ok := params["scope"]; ok {
-		for _, s := range scopes {
-			// Note: this comparison is unaware of the scope grammar (https://docs.docker.com/registry/spec/auth/scope/)
-			// So, "repository:foo/bar:pull,push" != "repository:foo/bar:push,pull", although semantically they are equal.
-			if s == scope {
-				// already appended
-				goto Sort
-			}
+
+	scopes = append(scopes, common...)
+	sort.Strings(scopes)
+
+	l := 0
+	for idx := 1; idx < len(scopes); idx++ {
+		// Note: this comparison is unaware of the scope grammar (https://docs.docker.com/registry/spec/auth/scope/)
+		// So, "repository:foo/bar:pull,push" != "repository:foo/bar:push,pull", although semantically they are equal.
+		if scopes[l] == scopes[idx] {
+			continue
 		}
-		scopes = append(scopes, scope)
+
+		l++
+		scopes[l] = scopes[idx]
 	}
-Sort:
-	sort.Strings(scopes)
-	return scopes
+	return scopes[:l+1]
 }
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/status.go b/vendor/github.com/containerd/containerd/remotes/docker/status.go
index 8069d6767133e..9751edac7f99e 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/status.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/status.go
@@ -21,6 +21,7 @@ import (
 
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/errdefs"
+	"github.com/moby/locker"
 	"github.com/pkg/errors"
 )
 
@@ -28,6 +29,8 @@ import (
 type Status struct {
 	content.Status
 
+	Committed bool
+
 	// UploadUUID is used by the Docker registry to reference blob uploads
 	UploadUUID string
 }
@@ -38,15 +41,24 @@ type StatusTracker interface {
 	SetStatus(string, Status)
 }
 
+// StatusTrackLocker to track status of operations with lock
+type StatusTrackLocker interface {
+	StatusTracker
+	Lock(string)
+	Unlock(string)
+}
+
 type memoryStatusTracker struct {
 	statuses map[string]Status
 	m        sync.Mutex
+	locker   *locker.Locker
 }
 
 // NewInMemoryTracker returns a StatusTracker that tracks content status in-memory
-func NewInMemoryTracker() StatusTracker {
+func NewInMemoryTracker() StatusTrackLocker {
 	return &memoryStatusTracker{
 		statuses: map[string]Status{},
+		locker:   locker.New(),
 	}
 }
 
@@ -65,3 +77,11 @@ func (t *memoryStatusTracker) SetStatus(ref string, status Status) {
 	t.statuses[ref] = status
 	t.m.Unlock()
 }
+
+func (t *memoryStatusTracker) Lock(ref string) {
+	t.locker.Lock(ref)
+}
+
+func (t *memoryStatusTracker) Unlock(ref string) {
+	t.locker.Unlock(ref)
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/errors/errors.go b/vendor/github.com/containerd/containerd/remotes/errors/errors.go
new file mode 100644
index 0000000000000..519dbac105f21
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/remotes/errors/errors.go
@@ -0,0 +1,56 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package errors
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+)
+
+var _ error = ErrUnexpectedStatus{}
+
+// ErrUnexpectedStatus is returned if a registry API request returned with unexpected HTTP status
+type ErrUnexpectedStatus struct {
+	Status                    string
+	StatusCode                int
+	Body                      []byte
+	RequestURL, RequestMethod string
+}
+
+func (e ErrUnexpectedStatus) Error() string {
+	return fmt.Sprintf("unexpected status: %s", e.Status)
+}
+
+// NewUnexpectedStatusErr creates an ErrUnexpectedStatus from HTTP response
+func NewUnexpectedStatusErr(resp *http.Response) error {
+	var b []byte
+	if resp.Body != nil {
+		b, _ = ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB
+	}
+	err := ErrUnexpectedStatus{
+		Body:          b,
+		Status:        resp.Status,
+		StatusCode:    resp.StatusCode,
+		RequestMethod: resp.Request.Method,
+	}
+	if resp.Request.URL != nil {
+		err.RequestURL = resp.Request.URL.String()
+	}
+	return err
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/handlers.go b/vendor/github.com/containerd/containerd/remotes/handlers.go
index 77310fb62cb5c..8f79c608e68ce 100644
--- a/vendor/github.com/containerd/containerd/remotes/handlers.go
+++ b/vendor/github.com/containerd/containerd/remotes/handlers.go
@@ -31,30 +31,57 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/semaphore"
 )
 
+type refKeyPrefix struct{}
+
+// WithMediaTypeKeyPrefix adds a custom key prefix for a media type which is used when storing
+// data in the content store from the FetchHandler.
+//
+// Used in `MakeRefKey` to determine what the key prefix should be.
+func WithMediaTypeKeyPrefix(ctx context.Context, mediaType, prefix string) context.Context {
+	var values map[string]string
+	if v := ctx.Value(refKeyPrefix{}); v != nil {
+		values = v.(map[string]string)
+	} else {
+		values = make(map[string]string)
+	}
+
+	values[mediaType] = prefix
+	return context.WithValue(ctx, refKeyPrefix{}, values)
+}
+
 // MakeRefKey returns a unique reference for the descriptor. This reference can be
 // used to lookup ongoing processes related to the descriptor. This function
 // may look to the context to namespace the reference appropriately.
 func MakeRefKey(ctx context.Context, desc ocispec.Descriptor) string {
-	// TODO(stevvooe): Need better remote key selection here. Should be a
-	// product of the context, which may include information about the ongoing
-	// fetch process.
-	switch desc.MediaType {
-	case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
-		return "manifest-" + desc.Digest.String()
-	case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
-		return "index-" + desc.Digest.String()
-	case images.MediaTypeDockerSchema2Layer, images.MediaTypeDockerSchema2LayerGzip,
-		images.MediaTypeDockerSchema2LayerForeign, images.MediaTypeDockerSchema2LayerForeignGzip,
-		ocispec.MediaTypeImageLayer, ocispec.MediaTypeImageLayerGzip,
-		ocispec.MediaTypeImageLayerNonDistributable, ocispec.MediaTypeImageLayerNonDistributableGzip:
-		return "layer-" + desc.Digest.String()
-	case images.MediaTypeDockerSchema2Config, ocispec.MediaTypeImageConfig:
-		return "config-" + desc.Digest.String()
+	key := desc.Digest.String()
+	if desc.Annotations != nil {
+		if name, ok := desc.Annotations[ocispec.AnnotationRefName]; ok {
+			key = fmt.Sprintf("%s@%s", name, desc.Digest.String())
+		}
+	}
+
+	if v := ctx.Value(refKeyPrefix{}); v != nil {
+		values := v.(map[string]string)
+		if prefix := values[desc.MediaType]; prefix != "" {
+			return prefix + "-" + key
+		}
+	}
+
+	switch mt := desc.MediaType; {
+	case mt == images.MediaTypeDockerSchema2Manifest || mt == ocispec.MediaTypeImageManifest:
+		return "manifest-" + key
+	case mt == images.MediaTypeDockerSchema2ManifestList || mt == ocispec.MediaTypeImageIndex:
+		return "index-" + key
+	case images.IsLayerType(mt):
+		return "layer-" + key
+	case images.IsKnownConfig(mt):
+		return "config-" + key
 	default:
-		log.G(ctx).Warnf("reference for unknown type: %s", desc.MediaType)
-		return "unknown-" + desc.Digest.String()
+		log.G(ctx).Warnf("reference for unknown type: %s", mt)
+		return "unknown-" + key
 	}
 }
 
@@ -96,6 +123,12 @@ func fetch(ctx context.Context, ingester content.Ingester, fetcher Fetcher, desc
 		return err
 	}
 
+	if desc.Size == 0 {
+		// most likely a poorly configured registry/web front end which responded with no
+		// Content-Length header; unable (not to mention useless) to commit a 0-length entry
+		// into the content store. Error out here otherwise the error sent back is confusing
+		return errors.Wrapf(errdefs.ErrInvalidArgument, "unable to fetch descriptor (%s) which reports content size of zero", desc.Digest)
+	}
 	if ws.Offset == desc.Size {
 		// If writer is already complete, commit and return
 		err := cw.Commit(ctx, desc.Size, desc.Digest)
@@ -132,7 +165,15 @@ func PushHandler(pusher Pusher, provider content.Provider) images.HandlerFunc {
 func push(ctx context.Context, provider content.Provider, pusher Pusher, desc ocispec.Descriptor) error {
 	log.G(ctx).Debug("push")
 
-	cw, err := pusher.Push(ctx, desc)
+	var (
+		cw  content.Writer
+		err error
+	)
+	if cs, ok := pusher.(content.Ingester); ok {
+		cw, err = content.OpenWriter(ctx, cs, content.WithRef(MakeRefKey(ctx, desc)), content.WithDescriptor(desc))
+	} else {
+		cw, err = pusher.Push(ctx, desc)
+	}
 	if err != nil {
 		if !errdefs.IsAlreadyExists(err) {
 			return err
@@ -156,7 +197,8 @@ func push(ctx context.Context, provider content.Provider, pusher Pusher, desc oc
 //
 // Base handlers can be provided which will be called before any push specific
 // handlers.
-func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, provider content.Provider, platform platforms.MatchComparer, baseHandlers ...images.Handler) error {
+func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, store content.Store, limiter *semaphore.Weighted, platform platforms.MatchComparer, wrapper func(h images.Handler) images.Handler) error {
+
 	var m sync.Mutex
 	manifestStack := []ocispec.Descriptor{}
 
@@ -173,15 +215,22 @@ func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, pr
 		}
 	})
 
-	pushHandler := PushHandler(pusher, provider)
+	pushHandler := PushHandler(pusher, store)
+
+	platformFilterhandler := images.FilterPlatforms(images.ChildrenHandler(store), platform)
+
+	annotateHandler := annotateDistributionSourceHandler(platformFilterhandler, store)
 
-	handlers := append(baseHandlers,
-		images.FilterPlatforms(images.ChildrenHandler(provider), platform),
+	var handler images.Handler = images.Handlers(
+		annotateHandler,
 		filterHandler,
 		pushHandler,
 	)
+	if wrapper != nil {
+		handler = wrapper(handler)
+	}
 
-	if err := images.Dispatch(ctx, images.Handlers(handlers...), desc); err != nil {
+	if err := images.Dispatch(ctx, handler, limiter, desc); err != nil {
 		return err
 	}
 
@@ -203,3 +252,80 @@ func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, pr
 
 	return nil
 }
+
+// FilterManifestByPlatformHandler allows Handler to handle non-target
+// platform's manifest and configuration data.
+func FilterManifestByPlatformHandler(f images.HandlerFunc, m platforms.Matcher) images.HandlerFunc {
+	return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+		children, err := f(ctx, desc)
+		if err != nil {
+			return nil, err
+		}
+
+		// no platform information
+		if desc.Platform == nil || m == nil {
+			return children, nil
+		}
+
+		var descs []ocispec.Descriptor
+		switch desc.MediaType {
+		case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
+			if m.Match(*desc.Platform) {
+				descs = children
+			} else {
+				for _, child := range children {
+					if child.MediaType == images.MediaTypeDockerSchema2Config ||
+						child.MediaType == ocispec.MediaTypeImageConfig {
+
+						descs = append(descs, child)
+					}
+				}
+			}
+		default:
+			descs = children
+		}
+		return descs, nil
+	}
+}
+
+// annotateDistributionSourceHandler add distribution source label into
+// annotation of config or blob descriptor.
+func annotateDistributionSourceHandler(f images.HandlerFunc, manager content.Manager) images.HandlerFunc {
+	return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+		children, err := f(ctx, desc)
+		if err != nil {
+			return nil, err
+		}
+
+		// only add distribution source for the config or blob data descriptor
+		switch desc.MediaType {
+		case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest,
+			images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
+		default:
+			return children, nil
+		}
+
+		for i := range children {
+			child := children[i]
+
+			info, err := manager.Info(ctx, child.Digest)
+			if err != nil {
+				return nil, err
+			}
+
+			for k, v := range info.Labels {
+				if !strings.HasPrefix(k, "containerd.io/distribution.source.") {
+					continue
+				}
+
+				if child.Annotations == nil {
+					child.Annotations = map[string]string{}
+				}
+				child.Annotations[k] = v
+			}
+
+			children[i] = child
+		}
+		return children, nil
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/remotes/resolver.go b/vendor/github.com/containerd/containerd/remotes/resolver.go
index a9b2b78aa8fac..624b14f05d6c3 100644
--- a/vendor/github.com/containerd/containerd/remotes/resolver.go
+++ b/vendor/github.com/containerd/containerd/remotes/resolver.go
@@ -45,6 +45,8 @@ type Resolver interface {
 	Fetcher(ctx context.Context, ref string) (Fetcher, error)
 
 	// Pusher returns a new pusher for the provided reference
+	// The returned Pusher should satisfy content.Ingester and concurrent attempts
+	// to push the same blob using the Ingester API should result in ErrUnavailable.
 	Pusher(ctx context.Context, ref string) (Pusher, error)
 }
 
@@ -72,9 +74,9 @@ func (fn FetcherFunc) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.Re
 
 // PusherFunc allows package users to implement a Pusher with just a
 // function.
-type PusherFunc func(ctx context.Context, desc ocispec.Descriptor, r io.Reader) error
+type PusherFunc func(ctx context.Context, desc ocispec.Descriptor) (content.Writer, error)
 
 // Push content
-func (fn PusherFunc) Push(ctx context.Context, desc ocispec.Descriptor, r io.Reader) error {
-	return fn(ctx, desc, r)
+func (fn PusherFunc) Push(ctx context.Context, desc ocispec.Descriptor) (content.Writer, error) {
+	return fn(ctx, desc)
 }
diff --git a/vendor/github.com/containerd/containerd/rootfs/apply.go b/vendor/github.com/containerd/containerd/rootfs/apply.go
index 3ea830f6b4236..f1ca624bf98fc 100644
--- a/vendor/github.com/containerd/containerd/rootfs/apply.go
+++ b/vendor/github.com/containerd/containerd/rootfs/apply.go
@@ -48,6 +48,14 @@ type Layer struct {
 // Layers are applied in order they are given, making the first layer the
 // bottom-most layer in the layer chain.
 func ApplyLayers(ctx context.Context, layers []Layer, sn snapshots.Snapshotter, a diff.Applier) (digest.Digest, error) {
+	return ApplyLayersWithOpts(ctx, layers, sn, a, nil)
+}
+
+// ApplyLayersWithOpts applies all the layers using the given snapshotter, applier, and apply opts.
+// The returned result is a chain id digest representing all the applied layers.
+// Layers are applied in order they are given, making the first layer the
+// bottom-most layer in the layer chain.
+func ApplyLayersWithOpts(ctx context.Context, layers []Layer, sn snapshots.Snapshotter, a diff.Applier, applyOpts []diff.ApplyOpt) (digest.Digest, error) {
 	chain := make([]digest.Digest, len(layers))
 	for i, layer := range layers {
 		chain[i] = layer.Diff.Digest
@@ -63,7 +71,7 @@ func ApplyLayers(ctx context.Context, layers []Layer, sn snapshots.Snapshotter,
 			return "", errors.Wrapf(err, "failed to stat snapshot %s", chainID)
 		}
 
-		if err := applyLayers(ctx, layers, chain, sn, a); err != nil && !errdefs.IsAlreadyExists(err) {
+		if err := applyLayers(ctx, layers, chain, sn, a, nil, applyOpts); err != nil && !errdefs.IsAlreadyExists(err) {
 			return "", err
 		}
 	}
@@ -75,6 +83,13 @@ func ApplyLayers(ctx context.Context, layers []Layer, sn snapshots.Snapshotter,
 // using the provided snapshotter and applier. If the layer was unpacked true
 // is returned, if the layer already exists false is returned.
 func ApplyLayer(ctx context.Context, layer Layer, chain []digest.Digest, sn snapshots.Snapshotter, a diff.Applier, opts ...snapshots.Opt) (bool, error) {
+	return ApplyLayerWithOpts(ctx, layer, chain, sn, a, opts, nil)
+}
+
+// ApplyLayerWithOpts applies a single layer on top of the given provided layer chain,
+// using the provided snapshotter, applier, and apply opts. If the layer was unpacked true
+// is returned, if the layer already exists false is returned.
+func ApplyLayerWithOpts(ctx context.Context, layer Layer, chain []digest.Digest, sn snapshots.Snapshotter, a diff.Applier, opts []snapshots.Opt, applyOpts []diff.ApplyOpt) (bool, error) {
 	var (
 		chainID = identity.ChainID(append(chain, layer.Diff.Digest)).String()
 		applied bool
@@ -84,7 +99,7 @@ func ApplyLayer(ctx context.Context, layer Layer, chain []digest.Digest, sn snap
 			return false, errors.Wrapf(err, "failed to stat snapshot %s", chainID)
 		}
 
-		if err := applyLayers(ctx, []Layer{layer}, append(chain, layer.Diff.Digest), sn, a, opts...); err != nil {
+		if err := applyLayers(ctx, []Layer{layer}, append(chain, layer.Diff.Digest), sn, a, opts, applyOpts); err != nil {
 			if !errdefs.IsAlreadyExists(err) {
 				return false, err
 			}
@@ -93,9 +108,10 @@ func ApplyLayer(ctx context.Context, layer Layer, chain []digest.Digest, sn snap
 		}
 	}
 	return applied, nil
+
 }
 
-func applyLayers(ctx context.Context, layers []Layer, chain []digest.Digest, sn snapshots.Snapshotter, a diff.Applier, opts ...snapshots.Opt) error {
+func applyLayers(ctx context.Context, layers []Layer, chain []digest.Digest, sn snapshots.Snapshotter, a diff.Applier, opts []snapshots.Opt, applyOpts []diff.ApplyOpt) error {
 	var (
 		parent  = identity.ChainID(chain[:len(chain)-1])
 		chainID = identity.ChainID(chain)
@@ -107,13 +123,13 @@ func applyLayers(ctx context.Context, layers []Layer, chain []digest.Digest, sn
 	)
 
 	for {
-		key = fmt.Sprintf("extract-%s %s", uniquePart(), chainID)
+		key = fmt.Sprintf(snapshots.UnpackKeyFormat, uniquePart(), chainID)
 
 		// Prepare snapshot with from parent, label as root
 		mounts, err = sn.Prepare(ctx, key, parent.String(), opts...)
 		if err != nil {
 			if errdefs.IsNotFound(err) && len(layers) > 1 {
-				if err := applyLayers(ctx, layers[:len(layers)-1], chain[:len(chain)-1], sn, a); err != nil {
+				if err := applyLayers(ctx, layers[:len(layers)-1], chain[:len(chain)-1], sn, a, opts, applyOpts); err != nil {
 					if !errdefs.IsAlreadyExists(err) {
 						return err
 					}
@@ -144,7 +160,7 @@ func applyLayers(ctx context.Context, layers []Layer, chain []digest.Digest, sn
 		}
 	}()
 
-	diff, err = a.Apply(ctx, layer.Blob, mounts)
+	diff, err = a.Apply(ctx, layer.Blob, mounts, applyOpts...)
 	if err != nil {
 		err = errors.Wrapf(err, "failed to extract layer %s", layer.Diff.Digest)
 		return err
diff --git a/vendor/github.com/containerd/containerd/rootfs/diff.go b/vendor/github.com/containerd/containerd/rootfs/diff.go
index b3e6ba8a33b61..f396c73ab0948 100644
--- a/vendor/github.com/containerd/containerd/rootfs/diff.go
+++ b/vendor/github.com/containerd/containerd/rootfs/diff.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/containerd/containerd/diff"
 	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/snapshots"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
@@ -31,6 +32,13 @@ import (
 // the content creation and the provided snapshotter and mount differ are used
 // for calculating the diff. The descriptor for the layer diff is returned.
 func CreateDiff(ctx context.Context, snapshotID string, sn snapshots.Snapshotter, d diff.Comparer, opts ...diff.Opt) (ocispec.Descriptor, error) {
+	// dctx is used to handle cleanup things just in case the param ctx
+	// has been canceled, which causes that the defer cleanup fails.
+	dctx := context.Background()
+	if ns, ok := namespaces.Namespace(ctx); ok {
+		dctx = namespaces.WithNamespace(dctx, ns)
+	}
+
 	info, err := sn.Stat(ctx, snapshotID)
 	if err != nil {
 		return ocispec.Descriptor{}, err
@@ -41,7 +49,7 @@ func CreateDiff(ctx context.Context, snapshotID string, sn snapshots.Snapshotter
 	if err != nil {
 		return ocispec.Descriptor{}, err
 	}
-	defer sn.Remove(ctx, lowerKey)
+	defer sn.Remove(dctx, lowerKey)
 
 	var upper []mount.Mount
 	if info.Kind == snapshots.KindActive {
@@ -55,7 +63,7 @@ func CreateDiff(ctx context.Context, snapshotID string, sn snapshots.Snapshotter
 		if err != nil {
 			return ocispec.Descriptor{}, err
 		}
-		defer sn.Remove(ctx, upperKey)
+		defer sn.Remove(dctx, upperKey)
 	}
 
 	return d.Compare(ctx, lower, upper, opts...)
diff --git a/vendor/github.com/containerd/containerd/rootfs/init.go b/vendor/github.com/containerd/containerd/rootfs/init.go
index 325e5531d5047..9316b9ddae9f5 100644
--- a/vendor/github.com/containerd/containerd/rootfs/init.go
+++ b/vendor/github.com/containerd/containerd/rootfs/init.go
@@ -67,7 +67,7 @@ func InitRootFS(ctx context.Context, name string, parent digest.Digest, readonly
 	return snapshotter.Prepare(ctx, name, parentS)
 }
 
-func createInitLayer(ctx context.Context, parent, initName string, initFn func(string) error, snapshotter snapshots.Snapshotter, mounter Mounter) (string, error) {
+func createInitLayer(ctx context.Context, parent, initName string, initFn func(string) error, snapshotter snapshots.Snapshotter, mounter Mounter) (_ string, retErr error) {
 	initS := fmt.Sprintf("%s %s", parent, initName)
 	if _, err := snapshotter.Stat(ctx, initS); err == nil {
 		return initS, nil
@@ -87,7 +87,7 @@ func createInitLayer(ctx context.Context, parent, initName string, initFn func(s
 	}
 
 	defer func() {
-		if err != nil {
+		if retErr != nil {
 			if rerr := snapshotter.Remove(ctx, td); rerr != nil {
 				log.G(ctx).Errorf("Failed to remove snapshot %s: %v", td, rerr)
 			}
diff --git a/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.pb.go b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.pb.go
index c13d233599bd1..46d31ff59a514 100644
--- a/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.pb.go
+++ b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.pb.go
@@ -1,30 +1,17 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/runtime/linux/runctypes/runc.proto
 
-/*
-	Package runctypes is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/runtime/linux/runctypes/runc.proto
-
-	It has these top-level messages:
-		RuncOptions
-		CreateOptions
-		CheckpointOptions
-		ProcessDetails
-*/
 package runctypes
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -35,58 +22,186 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type RuncOptions struct {
-	Runtime       string `protobuf:"bytes,1,opt,name=runtime,proto3" json:"runtime,omitempty"`
-	RuntimeRoot   string `protobuf:"bytes,2,opt,name=runtime_root,json=runtimeRoot,proto3" json:"runtime_root,omitempty"`
-	CriuPath      string `protobuf:"bytes,3,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"`
-	SystemdCgroup bool   `protobuf:"varint,4,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"`
+	Runtime              string   `protobuf:"bytes,1,opt,name=runtime,proto3" json:"runtime,omitempty"`
+	RuntimeRoot          string   `protobuf:"bytes,2,opt,name=runtime_root,json=runtimeRoot,proto3" json:"runtime_root,omitempty"`
+	CriuPath             string   `protobuf:"bytes,3,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"`
+	SystemdCgroup        bool     `protobuf:"varint,4,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *RuncOptions) Reset()                    { *m = RuncOptions{} }
-func (*RuncOptions) ProtoMessage()               {}
-func (*RuncOptions) Descriptor() ([]byte, []int) { return fileDescriptorRunc, []int{0} }
+func (m *RuncOptions) Reset()      { *m = RuncOptions{} }
+func (*RuncOptions) ProtoMessage() {}
+func (*RuncOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d20e2ba8b3cc58b9, []int{0}
+}
+func (m *RuncOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RuncOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RuncOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RuncOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RuncOptions.Merge(m, src)
+}
+func (m *RuncOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *RuncOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_RuncOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RuncOptions proto.InternalMessageInfo
 
 type CreateOptions struct {
-	NoPivotRoot         bool     `protobuf:"varint,1,opt,name=no_pivot_root,json=noPivotRoot,proto3" json:"no_pivot_root,omitempty"`
-	OpenTcp             bool     `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"`
-	ExternalUnixSockets bool     `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"`
-	Terminal            bool     `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
-	FileLocks           bool     `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"`
-	EmptyNamespaces     []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces" json:"empty_namespaces,omitempty"`
-	CgroupsMode         string   `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"`
-	NoNewKeyring        bool     `protobuf:"varint,8,opt,name=no_new_keyring,json=noNewKeyring,proto3" json:"no_new_keyring,omitempty"`
-	ShimCgroup          string   `protobuf:"bytes,9,opt,name=shim_cgroup,json=shimCgroup,proto3" json:"shim_cgroup,omitempty"`
-	IoUid               uint32   `protobuf:"varint,10,opt,name=io_uid,json=ioUid,proto3" json:"io_uid,omitempty"`
-	IoGid               uint32   `protobuf:"varint,11,opt,name=io_gid,json=ioGid,proto3" json:"io_gid,omitempty"`
+	NoPivotRoot          bool     `protobuf:"varint,1,opt,name=no_pivot_root,json=noPivotRoot,proto3" json:"no_pivot_root,omitempty"`
+	OpenTcp              bool     `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"`
+	ExternalUnixSockets  bool     `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"`
+	Terminal             bool     `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	FileLocks            bool     `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"`
+	EmptyNamespaces      []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces,proto3" json:"empty_namespaces,omitempty"`
+	CgroupsMode          string   `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"`
+	NoNewKeyring         bool     `protobuf:"varint,8,opt,name=no_new_keyring,json=noNewKeyring,proto3" json:"no_new_keyring,omitempty"`
+	ShimCgroup           string   `protobuf:"bytes,9,opt,name=shim_cgroup,json=shimCgroup,proto3" json:"shim_cgroup,omitempty"`
+	IoUid                uint32   `protobuf:"varint,10,opt,name=io_uid,json=ioUid,proto3" json:"io_uid,omitempty"`
+	IoGid                uint32   `protobuf:"varint,11,opt,name=io_gid,json=ioGid,proto3" json:"io_gid,omitempty"`
+	CriuWorkPath         string   `protobuf:"bytes,12,opt,name=criu_work_path,json=criuWorkPath,proto3" json:"criu_work_path,omitempty"`
+	CriuImagePath        string   `protobuf:"bytes,13,opt,name=criu_image_path,json=criuImagePath,proto3" json:"criu_image_path,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateOptions) Reset()      { *m = CreateOptions{} }
+func (*CreateOptions) ProtoMessage() {}
+func (*CreateOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d20e2ba8b3cc58b9, []int{1}
+}
+func (m *CreateOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateOptions.Merge(m, src)
+}
+func (m *CreateOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateOptions.DiscardUnknown(m)
 }
 
-func (m *CreateOptions) Reset()                    { *m = CreateOptions{} }
-func (*CreateOptions) ProtoMessage()               {}
-func (*CreateOptions) Descriptor() ([]byte, []int) { return fileDescriptorRunc, []int{1} }
+var xxx_messageInfo_CreateOptions proto.InternalMessageInfo
 
 type CheckpointOptions struct {
-	Exit                bool     `protobuf:"varint,1,opt,name=exit,proto3" json:"exit,omitempty"`
-	OpenTcp             bool     `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"`
-	ExternalUnixSockets bool     `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"`
-	Terminal            bool     `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
-	FileLocks           bool     `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"`
-	EmptyNamespaces     []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces" json:"empty_namespaces,omitempty"`
-	CgroupsMode         string   `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"`
+	Exit                 bool     `protobuf:"varint,1,opt,name=exit,proto3" json:"exit,omitempty"`
+	OpenTcp              bool     `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"`
+	ExternalUnixSockets  bool     `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"`
+	Terminal             bool     `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	FileLocks            bool     `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"`
+	EmptyNamespaces      []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces,proto3" json:"empty_namespaces,omitempty"`
+	CgroupsMode          string   `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"`
+	WorkPath             string   `protobuf:"bytes,8,opt,name=work_path,json=workPath,proto3" json:"work_path,omitempty"`
+	ImagePath            string   `protobuf:"bytes,9,opt,name=image_path,json=imagePath,proto3" json:"image_path,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *CheckpointOptions) Reset()                    { *m = CheckpointOptions{} }
-func (*CheckpointOptions) ProtoMessage()               {}
-func (*CheckpointOptions) Descriptor() ([]byte, []int) { return fileDescriptorRunc, []int{2} }
+func (m *CheckpointOptions) Reset()      { *m = CheckpointOptions{} }
+func (*CheckpointOptions) ProtoMessage() {}
+func (*CheckpointOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d20e2ba8b3cc58b9, []int{2}
+}
+func (m *CheckpointOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CheckpointOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CheckpointOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CheckpointOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CheckpointOptions.Merge(m, src)
+}
+func (m *CheckpointOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *CheckpointOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_CheckpointOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CheckpointOptions proto.InternalMessageInfo
 
 type ProcessDetails struct {
-	ExecID string `protobuf:"bytes,1,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	ExecID               string   `protobuf:"bytes,1,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ProcessDetails) Reset()      { *m = ProcessDetails{} }
+func (*ProcessDetails) ProtoMessage() {}
+func (*ProcessDetails) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d20e2ba8b3cc58b9, []int{3}
+}
+func (m *ProcessDetails) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ProcessDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ProcessDetails.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ProcessDetails) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ProcessDetails.Merge(m, src)
+}
+func (m *ProcessDetails) XXX_Size() int {
+	return m.Size()
+}
+func (m *ProcessDetails) XXX_DiscardUnknown() {
+	xxx_messageInfo_ProcessDetails.DiscardUnknown(m)
 }
 
-func (m *ProcessDetails) Reset()                    { *m = ProcessDetails{} }
-func (*ProcessDetails) ProtoMessage()               {}
-func (*ProcessDetails) Descriptor() ([]byte, []int) { return fileDescriptorRunc, []int{3} }
+var xxx_messageInfo_ProcessDetails proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*RuncOptions)(nil), "containerd.linux.runc.RuncOptions")
@@ -94,10 +209,57 @@ func init() {
 	proto.RegisterType((*CheckpointOptions)(nil), "containerd.linux.runc.CheckpointOptions")
 	proto.RegisterType((*ProcessDetails)(nil), "containerd.linux.runc.ProcessDetails")
 }
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/runtime/linux/runctypes/runc.proto", fileDescriptor_d20e2ba8b3cc58b9)
+}
+
+var fileDescriptor_d20e2ba8b3cc58b9 = []byte{
+	// 604 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x94, 0xcf, 0x6e, 0xd3, 0x40,
+	0x10, 0xc6, 0xeb, 0xfe, 0x49, 0x9c, 0x49, 0xd2, 0xc2, 0x42, 0x25, 0xd3, 0xaa, 0x69, 0x08, 0x7f,
+	0x14, 0x2e, 0xa9, 0x04, 0xe2, 0xc4, 0xad, 0x29, 0x42, 0x15, 0x50, 0x2a, 0x43, 0x05, 0x42, 0x48,
+	0x2b, 0x77, 0x3d, 0x24, 0xab, 0xc4, 0x3b, 0x96, 0x77, 0x4d, 0x92, 0x1b, 0x4f, 0xc0, 0x0b, 0xf1,
+	0x02, 0x3d, 0x21, 0x8e, 0x9c, 0x10, 0xcd, 0x93, 0xa0, 0x5d, 0xc7, 0x69, 0xcf, 0x1c, 0xb9, 0xcd,
+	0xfc, 0xe6, 0xb3, 0x67, 0xf4, 0x7d, 0xb2, 0xa1, 0x3f, 0x90, 0x66, 0x98, 0x9f, 0xf7, 0x04, 0x25,
+	0x07, 0x82, 0x94, 0x89, 0xa4, 0xc2, 0x2c, 0xbe, 0x5e, 0x66, 0xb9, 0x32, 0x32, 0xc1, 0x83, 0xb1,
+	0x54, 0xf9, 0xd4, 0x76, 0xc2, 0xcc, 0x52, 0xd4, 0xae, 0xea, 0xa5, 0x19, 0x19, 0x62, 0xdb, 0x57,
+	0xf2, 0x9e, 0x93, 0xf5, 0xec, 0x70, 0xe7, 0xf6, 0x80, 0x06, 0xe4, 0x14, 0x07, 0xb6, 0x2a, 0xc4,
+	0x9d, 0x6f, 0x1e, 0xd4, 0xc3, 0x5c, 0x89, 0x37, 0xa9, 0x91, 0xa4, 0x34, 0x0b, 0xa0, 0xba, 0x58,
+	0x11, 0x78, 0x6d, 0xaf, 0x5b, 0x0b, 0xcb, 0x96, 0xdd, 0x85, 0xc6, 0xa2, 0xe4, 0x19, 0x91, 0x09,
+	0x56, 0xdd, 0xb8, 0xbe, 0x60, 0x21, 0x91, 0x61, 0xbb, 0x50, 0x13, 0x99, 0xcc, 0x79, 0x1a, 0x99,
+	0x61, 0xb0, 0xe6, 0xe6, 0xbe, 0x05, 0xa7, 0x91, 0x19, 0xb2, 0x07, 0xb0, 0xa9, 0x67, 0xda, 0x60,
+	0x12, 0x73, 0x31, 0xc8, 0x28, 0x4f, 0x83, 0xf5, 0xb6, 0xd7, 0xf5, 0xc3, 0xe6, 0x82, 0xf6, 0x1d,
+	0xec, 0xfc, 0x58, 0x83, 0x66, 0x3f, 0xc3, 0xc8, 0x60, 0x79, 0x52, 0x07, 0x9a, 0x8a, 0x78, 0x2a,
+	0xbf, 0x90, 0x29, 0x36, 0x7b, 0xee, 0xb9, 0xba, 0xa2, 0x53, 0xcb, 0xdc, 0xe6, 0x3b, 0xe0, 0x53,
+	0x8a, 0x8a, 0x1b, 0x91, 0xba, 0xc3, 0xfc, 0xb0, 0x6a, 0xfb, 0x77, 0x22, 0x65, 0x8f, 0x61, 0x1b,
+	0xa7, 0x06, 0x33, 0x15, 0x8d, 0x79, 0xae, 0xe4, 0x94, 0x6b, 0x12, 0x23, 0x34, 0xda, 0x1d, 0xe8,
+	0x87, 0xb7, 0xca, 0xe1, 0x99, 0x92, 0xd3, 0xb7, 0xc5, 0x88, 0xed, 0x80, 0x6f, 0x30, 0x4b, 0xa4,
+	0x8a, 0xc6, 0x8b, 0x2b, 0x97, 0x3d, 0xdb, 0x03, 0xf8, 0x2c, 0xc7, 0xc8, 0xc7, 0x24, 0x46, 0x3a,
+	0xd8, 0x70, 0xd3, 0x9a, 0x25, 0xaf, 0x2c, 0x60, 0x8f, 0xe0, 0x06, 0x26, 0xa9, 0x99, 0x71, 0x15,
+	0x25, 0xa8, 0xd3, 0x48, 0xa0, 0x0e, 0x2a, 0xed, 0xb5, 0x6e, 0x2d, 0xdc, 0x72, 0xfc, 0x64, 0x89,
+	0xad, 0xa3, 0x85, 0x13, 0x9a, 0x27, 0x14, 0x63, 0x50, 0x2d, 0x1c, 0x5d, 0xb0, 0xd7, 0x14, 0x23,
+	0xbb, 0x0f, 0x9b, 0x8a, 0xb8, 0xc2, 0x09, 0x1f, 0xe1, 0x2c, 0x93, 0x6a, 0x10, 0xf8, 0x6e, 0x61,
+	0x43, 0xd1, 0x09, 0x4e, 0x5e, 0x16, 0x8c, 0xed, 0x43, 0x5d, 0x0f, 0x65, 0x52, 0xfa, 0x5a, 0x73,
+	0xef, 0x01, 0x8b, 0x0a, 0x53, 0xd9, 0x36, 0x54, 0x24, 0xf1, 0x5c, 0xc6, 0x01, 0xb4, 0xbd, 0x6e,
+	0x33, 0xdc, 0x90, 0x74, 0x26, 0xe3, 0x05, 0x1e, 0xc8, 0x38, 0xa8, 0x97, 0xf8, 0x85, 0x8c, 0xed,
+	0x52, 0x17, 0xe3, 0x84, 0xb2, 0x51, 0x91, 0x65, 0xc3, 0xbd, 0xb1, 0x61, 0xe9, 0x7b, 0xca, 0x46,
+	0x2e, 0xcf, 0x87, 0xb0, 0xe5, 0x54, 0x32, 0x89, 0x06, 0x58, 0xc8, 0x9a, 0x4e, 0xd6, 0xb4, 0xf8,
+	0xd8, 0x52, 0xab, 0xeb, 0x7c, 0x5f, 0x85, 0x9b, 0xfd, 0x21, 0x8a, 0x51, 0x4a, 0x52, 0x99, 0x32,
+	0x54, 0x06, 0xeb, 0x38, 0x95, 0x65, 0x96, 0xae, 0xfe, 0x6f, 0x43, 0xdc, 0x85, 0xda, 0x95, 0x95,
+	0x7e, 0xf1, 0x59, 0x4c, 0x4a, 0x1b, 0xf7, 0x00, 0xae, 0x39, 0x58, 0x44, 0x57, 0x93, 0x4b, 0xf7,
+	0x9e, 0xc2, 0xe6, 0x69, 0x46, 0x02, 0xb5, 0x3e, 0x42, 0x13, 0xc9, 0xb1, 0x66, 0xf7, 0xa0, 0x8a,
+	0x53, 0x14, 0x5c, 0xc6, 0xc5, 0x17, 0x7a, 0x08, 0xf3, 0xdf, 0xfb, 0x95, 0xe7, 0x53, 0x14, 0xc7,
+	0x47, 0x61, 0xc5, 0x8e, 0x8e, 0xe3, 0xc3, 0x4f, 0x17, 0x97, 0xad, 0x95, 0x5f, 0x97, 0xad, 0x95,
+	0xaf, 0xf3, 0x96, 0x77, 0x31, 0x6f, 0x79, 0x3f, 0xe7, 0x2d, 0xef, 0xcf, 0xbc, 0xe5, 0x7d, 0x3c,
+	0xfc, 0xd7, 0x5f, 0xcc, 0xb3, 0x65, 0xf5, 0x61, 0xe5, 0xbc, 0xe2, 0xfe, 0x1e, 0x4f, 0xfe, 0x06,
+	0x00, 0x00, 0xff, 0xff, 0x7f, 0x24, 0x6f, 0x2e, 0xb1, 0x04, 0x00, 0x00,
+}
+
 func (m *RuncOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -105,45 +267,57 @@ func (m *RuncOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RuncOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RuncOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Runtime) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintRunc(dAtA, i, uint64(len(m.Runtime)))
-		i += copy(dAtA[i:], m.Runtime)
-	}
-	if len(m.RuntimeRoot) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintRunc(dAtA, i, uint64(len(m.RuntimeRoot)))
-		i += copy(dAtA[i:], m.RuntimeRoot)
-	}
-	if len(m.CriuPath) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintRunc(dAtA, i, uint64(len(m.CriuPath)))
-		i += copy(dAtA[i:], m.CriuPath)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.SystemdCgroup {
-		dAtA[i] = 0x20
-		i++
+		i--
 		if m.SystemdCgroup {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
+	}
+	if len(m.CriuPath) > 0 {
+		i -= len(m.CriuPath)
+		copy(dAtA[i:], m.CriuPath)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.CriuPath)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.RuntimeRoot) > 0 {
+		i -= len(m.RuntimeRoot)
+		copy(dAtA[i:], m.RuntimeRoot)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.RuntimeRoot)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Runtime) > 0 {
+		i -= len(m.Runtime)
+		copy(dAtA[i:], m.Runtime)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.Runtime)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -151,114 +325,133 @@ func (m *CreateOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.NoPivotRoot {
-		dAtA[i] = 0x8
-		i++
-		if m.NoPivotRoot {
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.CriuImagePath) > 0 {
+		i -= len(m.CriuImagePath)
+		copy(dAtA[i:], m.CriuImagePath)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.CriuImagePath)))
+		i--
+		dAtA[i] = 0x6a
+	}
+	if len(m.CriuWorkPath) > 0 {
+		i -= len(m.CriuWorkPath)
+		copy(dAtA[i:], m.CriuWorkPath)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.CriuWorkPath)))
+		i--
+		dAtA[i] = 0x62
+	}
+	if m.IoGid != 0 {
+		i = encodeVarintRunc(dAtA, i, uint64(m.IoGid))
+		i--
+		dAtA[i] = 0x58
+	}
+	if m.IoUid != 0 {
+		i = encodeVarintRunc(dAtA, i, uint64(m.IoUid))
+		i--
+		dAtA[i] = 0x50
+	}
+	if len(m.ShimCgroup) > 0 {
+		i -= len(m.ShimCgroup)
+		copy(dAtA[i:], m.ShimCgroup)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.ShimCgroup)))
+		i--
+		dAtA[i] = 0x4a
+	}
+	if m.NoNewKeyring {
+		i--
+		if m.NoNewKeyring {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x40
 	}
-	if m.OpenTcp {
-		dAtA[i] = 0x10
-		i++
-		if m.OpenTcp {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
+	if len(m.CgroupsMode) > 0 {
+		i -= len(m.CgroupsMode)
+		copy(dAtA[i:], m.CgroupsMode)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.CgroupsMode)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if len(m.EmptyNamespaces) > 0 {
+		for iNdEx := len(m.EmptyNamespaces) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.EmptyNamespaces[iNdEx])
+			copy(dAtA[i:], m.EmptyNamespaces[iNdEx])
+			i = encodeVarintRunc(dAtA, i, uint64(len(m.EmptyNamespaces[iNdEx])))
+			i--
+			dAtA[i] = 0x32
 		}
-		i++
 	}
-	if m.ExternalUnixSockets {
-		dAtA[i] = 0x18
-		i++
-		if m.ExternalUnixSockets {
+	if m.FileLocks {
+		i--
+		if m.FileLocks {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x28
 	}
 	if m.Terminal {
-		dAtA[i] = 0x20
-		i++
+		i--
 		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.FileLocks {
-		dAtA[i] = 0x28
-		i++
-		if m.FileLocks {
+	if m.ExternalUnixSockets {
+		i--
+		if m.ExternalUnixSockets {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
 	}
-	if len(m.EmptyNamespaces) > 0 {
-		for _, s := range m.EmptyNamespaces {
-			dAtA[i] = 0x32
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if m.OpenTcp {
+		i--
+		if m.OpenTcp {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
+		i--
+		dAtA[i] = 0x10
 	}
-	if len(m.CgroupsMode) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintRunc(dAtA, i, uint64(len(m.CgroupsMode)))
-		i += copy(dAtA[i:], m.CgroupsMode)
-	}
-	if m.NoNewKeyring {
-		dAtA[i] = 0x40
-		i++
-		if m.NoNewKeyring {
+	if m.NoPivotRoot {
+		i--
+		if m.NoPivotRoot {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if len(m.ShimCgroup) > 0 {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintRunc(dAtA, i, uint64(len(m.ShimCgroup)))
-		i += copy(dAtA[i:], m.ShimCgroup)
-	}
-	if m.IoUid != 0 {
-		dAtA[i] = 0x50
-		i++
-		i = encodeVarintRunc(dAtA, i, uint64(m.IoUid))
-	}
-	if m.IoGid != 0 {
-		dAtA[i] = 0x58
-		i++
-		i = encodeVarintRunc(dAtA, i, uint64(m.IoGid))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CheckpointOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -266,88 +459,106 @@ func (m *CheckpointOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CheckpointOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CheckpointOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Exit {
-		dAtA[i] = 0x8
-		i++
-		if m.Exit {
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.ImagePath) > 0 {
+		i -= len(m.ImagePath)
+		copy(dAtA[i:], m.ImagePath)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.ImagePath)))
+		i--
+		dAtA[i] = 0x4a
+	}
+	if len(m.WorkPath) > 0 {
+		i -= len(m.WorkPath)
+		copy(dAtA[i:], m.WorkPath)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.WorkPath)))
+		i--
+		dAtA[i] = 0x42
+	}
+	if len(m.CgroupsMode) > 0 {
+		i -= len(m.CgroupsMode)
+		copy(dAtA[i:], m.CgroupsMode)
+		i = encodeVarintRunc(dAtA, i, uint64(len(m.CgroupsMode)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if len(m.EmptyNamespaces) > 0 {
+		for iNdEx := len(m.EmptyNamespaces) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.EmptyNamespaces[iNdEx])
+			copy(dAtA[i:], m.EmptyNamespaces[iNdEx])
+			i = encodeVarintRunc(dAtA, i, uint64(len(m.EmptyNamespaces[iNdEx])))
+			i--
+			dAtA[i] = 0x32
+		}
+	}
+	if m.FileLocks {
+		i--
+		if m.FileLocks {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x28
 	}
-	if m.OpenTcp {
-		dAtA[i] = 0x10
-		i++
-		if m.OpenTcp {
+	if m.Terminal {
+		i--
+		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
 	}
 	if m.ExternalUnixSockets {
-		dAtA[i] = 0x18
-		i++
+		i--
 		if m.ExternalUnixSockets {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.Terminal {
-		dAtA[i] = 0x20
-		i++
-		if m.Terminal {
+	if m.OpenTcp {
+		i--
+		if m.OpenTcp {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.FileLocks {
-		dAtA[i] = 0x28
-		i++
-		if m.FileLocks {
+	if m.Exit {
+		i--
+		if m.Exit {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if len(m.EmptyNamespaces) > 0 {
-		for _, s := range m.EmptyNamespaces {
-			dAtA[i] = 0x32
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.CgroupsMode) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintRunc(dAtA, i, uint64(len(m.CgroupsMode)))
-		i += copy(dAtA[i:], m.CgroupsMode)
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ProcessDetails) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -355,29 +566,44 @@ func (m *ProcessDetails) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ProcessDetails) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ProcessDetails) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ExecID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
 		i = encodeVarintRunc(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintRunc(dAtA []byte, offset int, v uint64) int {
+	offset -= sovRunc(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *RuncOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Runtime)
@@ -395,10 +621,16 @@ func (m *RuncOptions) Size() (n int) {
 	if m.SystemdCgroup {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.NoPivotRoot {
@@ -439,10 +671,24 @@ func (m *CreateOptions) Size() (n int) {
 	if m.IoGid != 0 {
 		n += 1 + sovRunc(uint64(m.IoGid))
 	}
+	l = len(m.CriuWorkPath)
+	if l > 0 {
+		n += 1 + l + sovRunc(uint64(l))
+	}
+	l = len(m.CriuImagePath)
+	if l > 0 {
+		n += 1 + l + sovRunc(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CheckpointOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Exit {
@@ -470,28 +716,38 @@ func (m *CheckpointOptions) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovRunc(uint64(l))
 	}
+	l = len(m.WorkPath)
+	if l > 0 {
+		n += 1 + l + sovRunc(uint64(l))
+	}
+	l = len(m.ImagePath)
+	if l > 0 {
+		n += 1 + l + sovRunc(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ProcessDetails) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ExecID)
 	if l > 0 {
 		n += 1 + l + sovRunc(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovRunc(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozRunc(x uint64) (n int) {
 	return sovRunc(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -505,6 +761,7 @@ func (this *RuncOptions) String() string {
 		`RuntimeRoot:` + fmt.Sprintf("%v", this.RuntimeRoot) + `,`,
 		`CriuPath:` + fmt.Sprintf("%v", this.CriuPath) + `,`,
 		`SystemdCgroup:` + fmt.Sprintf("%v", this.SystemdCgroup) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -525,6 +782,9 @@ func (this *CreateOptions) String() string {
 		`ShimCgroup:` + fmt.Sprintf("%v", this.ShimCgroup) + `,`,
 		`IoUid:` + fmt.Sprintf("%v", this.IoUid) + `,`,
 		`IoGid:` + fmt.Sprintf("%v", this.IoGid) + `,`,
+		`CriuWorkPath:` + fmt.Sprintf("%v", this.CriuWorkPath) + `,`,
+		`CriuImagePath:` + fmt.Sprintf("%v", this.CriuImagePath) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -541,6 +801,9 @@ func (this *CheckpointOptions) String() string {
 		`FileLocks:` + fmt.Sprintf("%v", this.FileLocks) + `,`,
 		`EmptyNamespaces:` + fmt.Sprintf("%v", this.EmptyNamespaces) + `,`,
 		`CgroupsMode:` + fmt.Sprintf("%v", this.CgroupsMode) + `,`,
+		`WorkPath:` + fmt.Sprintf("%v", this.WorkPath) + `,`,
+		`ImagePath:` + fmt.Sprintf("%v", this.ImagePath) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -551,6 +814,7 @@ func (this *ProcessDetails) String() string {
 	}
 	s := strings.Join([]string{`&ProcessDetails{`,
 		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -578,7 +842,7 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -606,7 +870,7 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -616,6 +880,9 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -635,7 +902,7 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -645,6 +912,9 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -664,7 +934,7 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -674,6 +944,9 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -693,7 +966,7 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -705,12 +978,13 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRunc
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -735,7 +1009,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -763,7 +1037,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -783,7 +1057,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -803,7 +1077,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -823,7 +1097,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -843,7 +1117,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -863,7 +1137,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -873,6 +1147,9 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -892,7 +1169,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -902,6 +1179,9 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -921,7 +1201,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -941,7 +1221,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -951,6 +1231,9 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -970,7 +1253,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.IoUid |= (uint32(b) & 0x7F) << shift
+				m.IoUid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -989,23 +1272,88 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.IoGid |= (uint32(b) & 0x7F) << shift
+				m.IoGid |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 12:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CriuWorkPath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunc
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunc
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CriuWorkPath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 13:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CriuImagePath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunc
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunc
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CriuImagePath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipRunc(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRunc
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1030,7 +1378,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1058,7 +1406,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1078,7 +1426,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1098,7 +1446,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1118,7 +1466,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1138,7 +1486,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1158,7 +1506,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1168,6 +1516,9 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1187,7 +1538,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1197,23 +1548,91 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.CgroupsMode = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field WorkPath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunc
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunc
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.WorkPath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ImagePath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunc
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthRunc
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ImagePath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipRunc(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRunc
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1238,7 +1657,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1266,7 +1685,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1276,6 +1695,9 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRunc
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunc
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1287,12 +1709,13 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRunc
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1305,6 +1728,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
 func skipRunc(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1336,10 +1760,8 @@ func skipRunc(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1356,95 +1778,34 @@ func skipRunc(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthRunc
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowRunc
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipRunc(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupRunc
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthRunc
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthRunc = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowRunc   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthRunc        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowRunc          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupRunc = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/runtime/linux/runctypes/runc.proto", fileDescriptorRunc)
-}
-
-var fileDescriptorRunc = []byte{
-	// 541 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x93, 0xc1, 0x6e, 0xd3, 0x40,
-	0x10, 0x86, 0x6b, 0xda, 0x26, 0xce, 0xa4, 0x29, 0xb0, 0x50, 0xc9, 0x14, 0x91, 0x86, 0x00, 0x52,
-	0xb8, 0xa4, 0x12, 0x88, 0x13, 0xb7, 0xa6, 0x08, 0x55, 0x40, 0xa9, 0x0c, 0x95, 0x10, 0x42, 0x5a,
-	0xb9, 0xeb, 0x21, 0x59, 0xc5, 0xde, 0x59, 0x79, 0xd7, 0xd4, 0xb9, 0xf5, 0x09, 0x78, 0xae, 0x1e,
-	0x39, 0x72, 0x42, 0x34, 0x2f, 0x02, 0xf2, 0xda, 0x0e, 0x9c, 0x39, 0x72, 0xfb, 0xe7, 0xfb, 0xc7,
-	0x9e, 0xd1, 0xbf, 0x1a, 0x98, 0x4c, 0xa5, 0x9d, 0xe5, 0x67, 0x63, 0x41, 0xe9, 0xbe, 0x20, 0x65,
-	0x23, 0xa9, 0x30, 0x8b, 0xff, 0x96, 0x59, 0xae, 0xac, 0x4c, 0x71, 0x3f, 0x91, 0x2a, 0x2f, 0xca,
-	0x4a, 0xd8, 0x85, 0x46, 0xe3, 0xd4, 0x58, 0x67, 0x64, 0x89, 0xed, 0xfc, 0x69, 0x1f, 0xbb, 0xb6,
-	0x71, 0x69, 0xee, 0xde, 0x9e, 0xd2, 0x94, 0x5c, 0xc7, 0x7e, 0xa9, 0xaa, 0xe6, 0xe1, 0x57, 0x0f,
-	0xba, 0x61, 0xae, 0xc4, 0x5b, 0x6d, 0x25, 0x29, 0xc3, 0x02, 0x68, 0xd7, 0x23, 0x02, 0x6f, 0xe0,
-	0x8d, 0x3a, 0x61, 0x53, 0xb2, 0xfb, 0xb0, 0x55, 0x4b, 0x9e, 0x11, 0xd9, 0xe0, 0x9a, 0xb3, 0xbb,
-	0x35, 0x0b, 0x89, 0x2c, 0xbb, 0x0b, 0x1d, 0x91, 0xc9, 0x9c, 0xeb, 0xc8, 0xce, 0x82, 0x75, 0xe7,
-	0xfb, 0x25, 0x38, 0x89, 0xec, 0x8c, 0x3d, 0x82, 0x6d, 0xb3, 0x30, 0x16, 0xd3, 0x98, 0x8b, 0x69,
-	0x46, 0xb9, 0x0e, 0x36, 0x06, 0xde, 0xc8, 0x0f, 0x7b, 0x35, 0x9d, 0x38, 0x38, 0xbc, 0x58, 0x87,
-	0xde, 0x24, 0xc3, 0xc8, 0x62, 0xb3, 0xd2, 0x10, 0x7a, 0x8a, 0xb8, 0x96, 0x5f, 0xc8, 0x56, 0x93,
-	0x3d, 0xf7, 0x5d, 0x57, 0xd1, 0x49, 0xc9, 0xdc, 0xe4, 0x3b, 0xe0, 0x93, 0x46, 0xc5, 0xad, 0xd0,
-	0x6e, 0x31, 0x3f, 0x6c, 0x97, 0xf5, 0x7b, 0xa1, 0xd9, 0x13, 0xd8, 0xc1, 0xc2, 0x62, 0xa6, 0xa2,
-	0x84, 0xe7, 0x4a, 0x16, 0xdc, 0x90, 0x98, 0xa3, 0x35, 0x6e, 0x41, 0x3f, 0xbc, 0xd5, 0x98, 0xa7,
-	0x4a, 0x16, 0xef, 0x2a, 0x8b, 0xed, 0x82, 0x6f, 0x31, 0x4b, 0xa5, 0x8a, 0x92, 0x7a, 0xcb, 0x55,
-	0xcd, 0xee, 0x01, 0x7c, 0x96, 0x09, 0xf2, 0x84, 0xc4, 0xdc, 0x04, 0x9b, 0xce, 0xed, 0x94, 0xe4,
-	0x75, 0x09, 0xd8, 0x63, 0xb8, 0x81, 0xa9, 0xb6, 0x0b, 0xae, 0xa2, 0x14, 0x8d, 0x8e, 0x04, 0x9a,
-	0xa0, 0x35, 0x58, 0x1f, 0x75, 0xc2, 0xeb, 0x8e, 0x1f, 0xaf, 0x70, 0x99, 0x68, 0x95, 0x84, 0xe1,
-	0x29, 0xc5, 0x18, 0xb4, 0xab, 0x44, 0x6b, 0xf6, 0x86, 0x62, 0x64, 0x0f, 0x61, 0x5b, 0x11, 0x57,
-	0x78, 0xce, 0xe7, 0xb8, 0xc8, 0xa4, 0x9a, 0x06, 0xbe, 0x1b, 0xb8, 0xa5, 0xe8, 0x18, 0xcf, 0x5f,
-	0x55, 0x8c, 0xed, 0x41, 0xd7, 0xcc, 0x64, 0xda, 0xe4, 0xda, 0x71, 0xff, 0x81, 0x12, 0x55, 0xa1,
-	0xb2, 0x1d, 0x68, 0x49, 0xe2, 0xb9, 0x8c, 0x03, 0x18, 0x78, 0xa3, 0x5e, 0xb8, 0x29, 0xe9, 0x54,
-	0xc6, 0x35, 0x9e, 0xca, 0x38, 0xe8, 0x36, 0xf8, 0xa5, 0x8c, 0x87, 0xbf, 0x3c, 0xb8, 0x39, 0x99,
-	0xa1, 0x98, 0x6b, 0x92, 0xca, 0x36, 0xcf, 0xc0, 0x60, 0x03, 0x0b, 0xd9, 0xa4, 0xef, 0xf4, 0xff,
-	0x1a, 0xfb, 0xf0, 0x19, 0x6c, 0x9f, 0x64, 0x24, 0xd0, 0x98, 0x43, 0xb4, 0x91, 0x4c, 0x0c, 0x7b,
-	0x00, 0x6d, 0x2c, 0x50, 0x70, 0x19, 0x57, 0x77, 0x71, 0x00, 0xcb, 0x1f, 0x7b, 0xad, 0x17, 0x05,
-	0x8a, 0xa3, 0xc3, 0xb0, 0x55, 0x5a, 0x47, 0xf1, 0xc1, 0xa7, 0xcb, 0xab, 0xfe, 0xda, 0xf7, 0xab,
-	0xfe, 0xda, 0xc5, 0xb2, 0xef, 0x5d, 0x2e, 0xfb, 0xde, 0xb7, 0x65, 0xdf, 0xfb, 0xb9, 0xec, 0x7b,
-	0x1f, 0x0f, 0xfe, 0xf5, 0xb0, 0x9f, 0xaf, 0xd4, 0x87, 0xb5, 0xb3, 0x96, 0xbb, 0xd9, 0xa7, 0xbf,
-	0x03, 0x00, 0x00, 0xff, 0xff, 0x18, 0xa1, 0x4b, 0x5b, 0x27, 0x04, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.proto b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.proto
index ddd3f8d112892..78e3abf4cb776 100644
--- a/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.proto
+++ b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.proto
@@ -25,6 +25,8 @@ message CreateOptions {
 	string shim_cgroup = 9;
 	uint32 io_uid = 10;
 	uint32 io_gid = 11;
+	string criu_work_path = 12;
+	string criu_image_path = 13;
 }
 
 message CheckpointOptions {
@@ -35,6 +37,8 @@ message CheckpointOptions {
 	bool file_locks = 5;
 	repeated string empty_namespaces = 6;
 	string cgroups_mode = 7;
+	string work_path = 8;
+	string image_path = 9;
 }
 
 message ProcessDetails {
diff --git a/vendor/github.com/containerd/containerd/runtime/proc/proc.go b/vendor/github.com/containerd/containerd/runtime/proc/proc.go
deleted file mode 100644
index 02bc9bda816f8..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/proc/proc.go
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proc
-
-import (
-	"context"
-	"io"
-	"sync"
-	"time"
-
-	"github.com/containerd/console"
-)
-
-// Stdio of a process
-type Stdio struct {
-	Stdin    string
-	Stdout   string
-	Stderr   string
-	Terminal bool
-}
-
-// IsNull returns true if the stdio is not defined
-func (s Stdio) IsNull() bool {
-	return s.Stdin == "" && s.Stdout == "" && s.Stderr == ""
-}
-
-// Process on a system
-type Process interface {
-	State
-	// ID returns the id for the process
-	ID() string
-	// Pid returns the pid for the process
-	Pid() int
-	// ExitStatus returns the exit status
-	ExitStatus() int
-	// ExitedAt is the time the process exited
-	ExitedAt() time.Time
-	// Stdin returns the process STDIN
-	Stdin() io.Closer
-	// Stdio returns io information for the container
-	Stdio() Stdio
-	// Status returns the process status
-	Status(context.Context) (string, error)
-	// Wait blocks until the process has exited
-	Wait()
-}
-
-// State of a process
-type State interface {
-	// Resize resizes the process console
-	Resize(ws console.WinSize) error
-	// Start execution of the process
-	Start(context.Context) error
-	// Delete deletes the process and its resourcess
-	Delete(context.Context) error
-	// Kill kills the process
-	Kill(context.Context, uint32, bool) error
-	// SetExited sets the exit status for the process
-	SetExited(status int)
-}
-
-// Platform handles platform-specific behavior that may differs across
-// platform implementations
-type Platform interface {
-	CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string,
-		wg, cwg *sync.WaitGroup) (console.Console, error)
-	ShutdownConsole(ctx context.Context, console console.Console) error
-	Close() error
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/runtime.go b/vendor/github.com/containerd/containerd/runtime/runtime.go
index 1b3f87c152794..3d758fb97ac6f 100644
--- a/vendor/github.com/containerd/containerd/runtime/runtime.go
+++ b/vendor/github.com/containerd/containerd/runtime/runtime.go
@@ -63,10 +63,14 @@ type PlatformRuntime interface {
 	// ID of the runtime
 	ID() string
 	// Create creates a task with the provided id and options.
-	Create(ctx context.Context, id string, opts CreateOpts) (Task, error)
+	Create(ctx context.Context, taskID string, opts CreateOpts) (Task, error)
 	// Get returns a task.
-	Get(context.Context, string) (Task, error)
+	Get(ctx context.Context, taskID string) (Task, error)
 	// Tasks returns all the current tasks for the runtime.
 	// Any container runs at most one task at a time.
-	Tasks(context.Context, bool) ([]Task, error)
+	Tasks(ctx context.Context, all bool) ([]Task, error)
+	// Add adds a task into runtime.
+	Add(ctx context.Context, task Task) error
+	// Delete remove a task.
+	Delete(ctx context.Context, taskID string)
 }
diff --git a/vendor/github.com/containerd/containerd/runtime/task.go b/vendor/github.com/containerd/containerd/runtime/task.go
index 981e290c68d12..c9876ed4a5dc9 100644
--- a/vendor/github.com/containerd/containerd/runtime/task.go
+++ b/vendor/github.com/containerd/containerd/runtime/task.go
@@ -33,45 +33,48 @@ type TaskInfo struct {
 
 // Process is a runtime object for an executing process inside a container
 type Process interface {
+	// ID of the process
 	ID() string
 	// State returns the process state
-	State(context.Context) (State, error)
+	State(ctx context.Context) (State, error)
 	// Kill signals a container
-	Kill(context.Context, uint32, bool) error
-	// Pty resizes the processes pty/console
-	ResizePty(context.Context, ConsoleSize) error
-	// CloseStdin closes the processes stdin
-	CloseIO(context.Context) error
+	Kill(ctx context.Context, signal uint32, all bool) error
+	// ResizePty resizes the processes pty/console
+	ResizePty(ctx context.Context, size ConsoleSize) error
+	// CloseIO closes the processes IO
+	CloseIO(ctx context.Context) error
 	// Start the container's user defined process
-	Start(context.Context) error
+	Start(ctx context.Context) error
 	// Wait for the process to exit
-	Wait(context.Context) (*Exit, error)
+	Wait(ctx context.Context) (*Exit, error)
 	// Delete deletes the process
-	Delete(context.Context) (*Exit, error)
+	Delete(ctx context.Context) (*Exit, error)
 }
 
 // Task is the runtime object for an executing container
 type Task interface {
 	Process
 
+	// PID of the process
+	PID() uint32
 	// Namespace that the task exists in
 	Namespace() string
 	// Pause pauses the container process
-	Pause(context.Context) error
+	Pause(ctx context.Context) error
 	// Resume unpauses the container process
-	Resume(context.Context) error
+	Resume(ctx context.Context) error
 	// Exec adds a process into the container
-	Exec(context.Context, string, ExecOpts) (Process, error)
+	Exec(ctx context.Context, id string, opts ExecOpts) (Process, error)
 	// Pids returns all pids
-	Pids(context.Context) ([]ProcessInfo, error)
+	Pids(ctx context.Context) ([]ProcessInfo, error)
 	// Checkpoint checkpoints a container to an image with live system data
-	Checkpoint(context.Context, string, *types.Any) error
+	Checkpoint(ctx context.Context, path string, opts *types.Any) error
 	// Update sets the provided resources to a running task
-	Update(context.Context, *types.Any) error
+	Update(ctx context.Context, resources *types.Any, annotations map[string]string) error
 	// Process returns a process within the task for the provided id
-	Process(context.Context, string) (Process, error)
+	Process(ctx context.Context, id string) (Process, error)
 	// Stats returns runtime specific metrics for a task
-	Stats(context.Context) (*types.Any, error)
+	Stats(ctx context.Context) (*types.Any, error)
 }
 
 // ExecOpts provides additional options for additional processes running in a task
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/bundle.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/bundle.go
index d73866a2fd890..48d81e8e0957e 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/bundle.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/bundle.go
@@ -20,6 +20,9 @@ package linux
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -28,6 +31,7 @@ import (
 	"github.com/containerd/containerd/runtime/linux/runctypes"
 	"github.com/containerd/containerd/runtime/v1/shim"
 	"github.com/containerd/containerd/runtime/v1/shim/client"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
 
@@ -46,7 +50,7 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) {
 		return nil, err
 	}
 	path = filepath.Join(path, id)
-	if err := os.Mkdir(path, 0711); err != nil {
+	if err := os.Mkdir(path, 0700); err != nil {
 		return nil, err
 	}
 	defer func() {
@@ -54,6 +58,9 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) {
 			os.RemoveAll(path)
 		}
 	}()
+	if err := prepareBundleDirectoryPermissions(path, spec); err != nil {
+		return nil, err
+	}
 	workDir = filepath.Join(workDir, id)
 	if err := os.MkdirAll(workDir, 0711); err != nil {
 		return nil, err
@@ -63,7 +70,8 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) {
 			os.RemoveAll(workDir)
 		}
 	}()
-	if err := os.Mkdir(filepath.Join(path, "rootfs"), 0711); err != nil {
+	rootfs := filepath.Join(path, "rootfs")
+	if err := os.MkdirAll(rootfs, 0711); err != nil {
 		return nil, err
 	}
 	err = ioutil.WriteFile(filepath.Join(path, configFilename), spec, 0666)
@@ -74,6 +82,55 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) {
 	}, err
 }
 
+// prepareBundleDirectoryPermissions prepares the permissions of the bundle
+// directory. When user namespaces are enabled, the permissions are modified
+// to allow the remapped root GID to access the bundle.
+func prepareBundleDirectoryPermissions(path string, spec []byte) error {
+	gid, err := remappedGID(spec)
+	if err != nil {
+		return err
+	}
+	if gid == 0 {
+		return nil
+	}
+	if err := os.Chown(path, -1, int(gid)); err != nil {
+		return err
+	}
+	return os.Chmod(path, 0710)
+}
+
+// ociSpecUserNS is a subset of specs.Spec used to reduce garbage during
+// unmarshal.
+type ociSpecUserNS struct {
+	Linux *linuxSpecUserNS
+}
+
+// linuxSpecUserNS is a subset of specs.Linux used to reduce garbage during
+// unmarshal.
+type linuxSpecUserNS struct {
+	GIDMappings []specs.LinuxIDMapping
+}
+
+// remappedGID reads the remapped GID 0 from the OCI spec, if it exists. If
+// there is no remapping, remappedGID returns 0. If the spec cannot be parsed,
+// remappedGID returns an error.
+func remappedGID(spec []byte) (uint32, error) {
+	var ociSpec ociSpecUserNS
+	err := json.Unmarshal(spec, &ociSpec)
+	if err != nil {
+		return 0, err
+	}
+	if ociSpec.Linux == nil || len(ociSpec.Linux.GIDMappings) == 0 {
+		return 0, nil
+	}
+	for _, mapping := range ociSpec.Linux.GIDMappings {
+		if mapping.ContainerID == 0 {
+			return mapping.HostID, nil
+		}
+	}
+	return 0, nil
+}
+
 type bundle struct {
 	id      string
 	path    string
@@ -88,7 +145,7 @@ func ShimRemote(c *Config, daemonAddress, cgroup string, exitHandler func()) Shi
 	return func(b *bundle, ns string, ropts *runctypes.RuncOptions) (shim.Config, client.Opt) {
 		config := b.shimConfig(ns, c, ropts)
 		return config,
-			client.WithStart(c.Shim, b.shimAddress(ns), daemonAddress, cgroup, c.ShimDebug, exitHandler)
+			client.WithStart(c.Shim, b.shimAddress(ns, daemonAddress), daemonAddress, cgroup, c.ShimDebug, exitHandler)
 	}
 }
 
@@ -102,7 +159,7 @@ func ShimLocal(c *Config, exchange *exchange.Exchange) ShimOpt {
 // ShimConnect is a ShimOpt for connecting to an existing remote shim
 func ShimConnect(c *Config, onClose func()) ShimOpt {
 	return func(b *bundle, ns string, ropts *runctypes.RuncOptions) (shim.Config, client.Opt) {
-		return b.shimConfig(ns, c, ropts), client.WithConnect(b.shimAddress(ns), onClose)
+		return b.shimConfig(ns, c, ropts), client.WithConnect(b.decideShimAddress(ns), onClose)
 	}
 }
 
@@ -114,22 +171,51 @@ func (b *bundle) NewShimClient(ctx context.Context, namespace string, getClientO
 
 // Delete deletes the bundle from disk
 func (b *bundle) Delete() error {
-	err := os.RemoveAll(b.path)
+	address, _ := b.loadAddress()
+	if address != "" {
+		// we don't care about errors here
+		client.RemoveSocket(address)
+	}
+	err := atomicDelete(b.path)
 	if err == nil {
-		return os.RemoveAll(b.workDir)
+		return atomicDelete(b.workDir)
 	}
 	// error removing the bundle path; still attempt removing work dir
-	err2 := os.RemoveAll(b.workDir)
+	err2 := atomicDelete(b.workDir)
 	if err2 == nil {
 		return err
 	}
 	return errors.Wrapf(err, "Failed to remove both bundle and workdir locations: %v", err2)
 }
 
-func (b *bundle) shimAddress(namespace string) string {
+func (b *bundle) legacyShimAddress(namespace string) string {
 	return filepath.Join(string(filepath.Separator), "containerd-shim", namespace, b.id, "shim.sock")
 }
 
+const socketRoot = "/run/containerd"
+
+func (b *bundle) shimAddress(namespace, socketPath string) string {
+	d := sha256.Sum256([]byte(filepath.Join(socketPath, namespace, b.id)))
+	return fmt.Sprintf("unix://%s/%x", filepath.Join(socketRoot, "s"), d)
+}
+
+func (b *bundle) loadAddress() (string, error) {
+	addressPath := filepath.Join(b.path, "address")
+	data, err := ioutil.ReadFile(addressPath)
+	if err != nil {
+		return "", err
+	}
+	return string(data), nil
+}
+
+func (b *bundle) decideShimAddress(namespace string) string {
+	address, err := b.loadAddress()
+	if err != nil {
+		return b.legacyShimAddress(namespace)
+	}
+	return address
+}
+
 func (b *bundle) shimConfig(namespace string, c *Config, runcOptions *runctypes.RuncOptions) shim.Config {
 	var (
 		criuPath      string
@@ -152,3 +238,16 @@ func (b *bundle) shimConfig(namespace string, c *Config, runcOptions *runctypes.
 		SystemdCgroup: systemdCgroup,
 	}
 }
+
+// atomicDelete renames the path to a hidden file before removal
+func atomicDelete(path string) error {
+	// create a hidden dir for an atomic removal
+	atomicPath := filepath.Join(filepath.Dir(path), fmt.Sprintf(".%s", filepath.Base(path)))
+	if err := os.Rename(path, atomicPath); err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+	return os.RemoveAll(atomicPath)
+}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec.go
deleted file mode 100644
index 96c425dd96837..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec.go
+++ /dev/null
@@ -1,220 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proc
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"sync"
-	"syscall"
-	"time"
-
-	"golang.org/x/sys/unix"
-
-	"github.com/containerd/console"
-	"github.com/containerd/containerd/runtime/proc"
-	"github.com/containerd/fifo"
-	runc "github.com/containerd/go-runc"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-)
-
-type execProcess struct {
-	wg sync.WaitGroup
-
-	proc.State
-
-	mu      sync.Mutex
-	id      string
-	console console.Console
-	io      runc.IO
-	status  int
-	exited  time.Time
-	pid     int
-	closers []io.Closer
-	stdin   io.Closer
-	stdio   proc.Stdio
-	path    string
-	spec    specs.Process
-
-	parent    *Init
-	waitBlock chan struct{}
-}
-
-func (e *execProcess) Wait() {
-	<-e.waitBlock
-}
-
-func (e *execProcess) ID() string {
-	return e.id
-}
-
-func (e *execProcess) Pid() int {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-	return e.pid
-}
-
-func (e *execProcess) ExitStatus() int {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-	return e.status
-}
-
-func (e *execProcess) ExitedAt() time.Time {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-	return e.exited
-}
-
-func (e *execProcess) setExited(status int) {
-	e.status = status
-	e.exited = time.Now()
-	e.parent.Platform.ShutdownConsole(context.Background(), e.console)
-	close(e.waitBlock)
-}
-
-func (e *execProcess) delete(ctx context.Context) error {
-	e.wg.Wait()
-	if e.io != nil {
-		for _, c := range e.closers {
-			c.Close()
-		}
-		e.io.Close()
-	}
-	pidfile := filepath.Join(e.path, fmt.Sprintf("%s.pid", e.id))
-	// silently ignore error
-	os.Remove(pidfile)
-	return nil
-}
-
-func (e *execProcess) resize(ws console.WinSize) error {
-	if e.console == nil {
-		return nil
-	}
-	return e.console.Resize(ws)
-}
-
-func (e *execProcess) kill(ctx context.Context, sig uint32, _ bool) error {
-	pid := e.pid
-	if pid != 0 {
-		if err := unix.Kill(pid, syscall.Signal(sig)); err != nil {
-			return errors.Wrapf(checkKillError(err), "exec kill error")
-		}
-	}
-	return nil
-}
-
-func (e *execProcess) Stdin() io.Closer {
-	return e.stdin
-}
-
-func (e *execProcess) Stdio() proc.Stdio {
-	return e.stdio
-}
-
-func (e *execProcess) start(ctx context.Context) (err error) {
-	var (
-		socket  *runc.Socket
-		pidfile = filepath.Join(e.path, fmt.Sprintf("%s.pid", e.id))
-	)
-	if e.stdio.Terminal {
-		if socket, err = runc.NewTempConsoleSocket(); err != nil {
-			return errors.Wrap(err, "failed to create runc console socket")
-		}
-		defer socket.Close()
-	} else if e.stdio.IsNull() {
-		if e.io, err = runc.NewNullIO(); err != nil {
-			return errors.Wrap(err, "creating new NULL IO")
-		}
-	} else {
-		if e.io, err = runc.NewPipeIO(e.parent.IoUID, e.parent.IoGID, withConditionalIO(e.stdio)); err != nil {
-			return errors.Wrap(err, "failed to create runc io pipes")
-		}
-	}
-	opts := &runc.ExecOpts{
-		PidFile: pidfile,
-		IO:      e.io,
-		Detach:  true,
-	}
-	if socket != nil {
-		opts.ConsoleSocket = socket
-	}
-	if err := e.parent.runtime.Exec(ctx, e.parent.id, e.spec, opts); err != nil {
-		close(e.waitBlock)
-		return e.parent.runtimeError(err, "OCI runtime exec failed")
-	}
-	if e.stdio.Stdin != "" {
-		sc, err := fifo.OpenFifo(ctx, e.stdio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0)
-		if err != nil {
-			return errors.Wrapf(err, "failed to open stdin fifo %s", e.stdio.Stdin)
-		}
-		e.closers = append(e.closers, sc)
-		e.stdin = sc
-	}
-	var copyWaitGroup sync.WaitGroup
-	if socket != nil {
-		console, err := socket.ReceiveMaster()
-		if err != nil {
-			return errors.Wrap(err, "failed to retrieve console master")
-		}
-		if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, &copyWaitGroup); err != nil {
-			return errors.Wrap(err, "failed to start console copy")
-		}
-	} else if !e.stdio.IsNull() {
-		if err := copyPipes(ctx, e.io, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, &copyWaitGroup); err != nil {
-			return errors.Wrap(err, "failed to start io pipe copy")
-		}
-	}
-	copyWaitGroup.Wait()
-	pid, err := runc.ReadPidFile(opts.PidFile)
-	if err != nil {
-		return errors.Wrap(err, "failed to retrieve OCI runtime exec pid")
-	}
-	e.pid = pid
-	return nil
-}
-
-func (e *execProcess) Status(ctx context.Context) (string, error) {
-	s, err := e.parent.Status(ctx)
-	if err != nil {
-		return "", err
-	}
-	// if the container as a whole is in the pausing/paused state, so are all
-	// other processes inside the container, use container state here
-	switch s {
-	case "paused", "pausing":
-		return s, nil
-	}
-	e.mu.Lock()
-	defer e.mu.Unlock()
-	// if we don't have a pid then the exec process has just been created
-	if e.pid == 0 {
-		return "created", nil
-	}
-	// if we have a pid and it can be signaled, the process is running
-	if err := unix.Kill(e.pid, 0); err == nil {
-		return "running", nil
-	}
-	// else if we have a pid but it can nolonger be signaled, it has stopped
-	return "stopped", nil
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init.go
deleted file mode 100644
index 5bf5f83443d88..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init.go
+++ /dev/null
@@ -1,409 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proc
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
-	"syscall"
-	"time"
-
-	"github.com/containerd/console"
-	"github.com/containerd/containerd/log"
-	"github.com/containerd/containerd/mount"
-	"github.com/containerd/containerd/runtime/proc"
-	"github.com/containerd/fifo"
-	runc "github.com/containerd/go-runc"
-	google_protobuf "github.com/gogo/protobuf/types"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-)
-
-// InitPidFile name of the file that contains the init pid
-const InitPidFile = "init.pid"
-
-// Init represents an initial process for a container
-type Init struct {
-	wg sync.WaitGroup
-	initState
-
-	// mu is used to ensure that `Start()` and `Exited()` calls return in
-	// the right order when invoked in separate go routines.
-	// This is the case within the shim implementation as it makes use of
-	// the reaper interface.
-	mu sync.Mutex
-
-	waitBlock chan struct{}
-
-	WorkDir string
-
-	id           string
-	Bundle       string
-	console      console.Console
-	Platform     proc.Platform
-	io           runc.IO
-	runtime      *runc.Runc
-	status       int
-	exited       time.Time
-	pid          int
-	closers      []io.Closer
-	stdin        io.Closer
-	stdio        proc.Stdio
-	Rootfs       string
-	IoUID        int
-	IoGID        int
-	NoPivotRoot  bool
-	NoNewKeyring bool
-}
-
-// NewRunc returns a new runc instance for a process
-func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Runc {
-	if root == "" {
-		root = RuncRoot
-	}
-	return &runc.Runc{
-		Command:       runtime,
-		Log:           filepath.Join(path, "log.json"),
-		LogFormat:     runc.JSON,
-		PdeathSignal:  syscall.SIGKILL,
-		Root:          filepath.Join(root, namespace),
-		Criu:          criu,
-		SystemdCgroup: systemd,
-	}
-}
-
-// New returns a new process
-func New(id string, runtime *runc.Runc, stdio proc.Stdio) *Init {
-	p := &Init{
-		id:        id,
-		runtime:   runtime,
-		stdio:     stdio,
-		status:    0,
-		waitBlock: make(chan struct{}),
-	}
-	p.initState = &createdState{p: p}
-	return p
-}
-
-// Create the process with the provided config
-func (p *Init) Create(ctx context.Context, r *CreateConfig) error {
-	var (
-		err    error
-		socket *runc.Socket
-	)
-	if r.Terminal {
-		if socket, err = runc.NewTempConsoleSocket(); err != nil {
-			return errors.Wrap(err, "failed to create OCI runtime console socket")
-		}
-		defer socket.Close()
-	} else if hasNoIO(r) {
-		if p.io, err = runc.NewNullIO(); err != nil {
-			return errors.Wrap(err, "creating new NULL IO")
-		}
-	} else {
-		if p.io, err = runc.NewPipeIO(p.IoUID, p.IoGID, withConditionalIO(p.stdio)); err != nil {
-			return errors.Wrap(err, "failed to create OCI runtime io pipes")
-		}
-	}
-	pidFile := filepath.Join(p.Bundle, InitPidFile)
-	if r.Checkpoint != "" {
-		opts := &runc.RestoreOpts{
-			CheckpointOpts: runc.CheckpointOpts{
-				ImagePath:  r.Checkpoint,
-				WorkDir:    p.WorkDir,
-				ParentPath: r.ParentCheckpoint,
-			},
-			PidFile:     pidFile,
-			IO:          p.io,
-			NoPivot:     p.NoPivotRoot,
-			Detach:      true,
-			NoSubreaper: true,
-		}
-		p.initState = &createdCheckpointState{
-			p:    p,
-			opts: opts,
-		}
-		return nil
-	}
-	opts := &runc.CreateOpts{
-		PidFile:      pidFile,
-		IO:           p.io,
-		NoPivot:      p.NoPivotRoot,
-		NoNewKeyring: p.NoNewKeyring,
-	}
-	if socket != nil {
-		opts.ConsoleSocket = socket
-	}
-	if err := p.runtime.Create(ctx, r.ID, r.Bundle, opts); err != nil {
-		return p.runtimeError(err, "OCI runtime create failed")
-	}
-	if r.Stdin != "" {
-		sc, err := fifo.OpenFifo(ctx, r.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0)
-		if err != nil {
-			return errors.Wrapf(err, "failed to open stdin fifo %s", r.Stdin)
-		}
-		p.stdin = sc
-		p.closers = append(p.closers, sc)
-	}
-	var copyWaitGroup sync.WaitGroup
-	if socket != nil {
-		console, err := socket.ReceiveMaster()
-		if err != nil {
-			return errors.Wrap(err, "failed to retrieve console master")
-		}
-		console, err = p.Platform.CopyConsole(ctx, console, r.Stdin, r.Stdout, r.Stderr, &p.wg, &copyWaitGroup)
-		if err != nil {
-			return errors.Wrap(err, "failed to start console copy")
-		}
-		p.console = console
-	} else if !hasNoIO(r) {
-		if err := copyPipes(ctx, p.io, r.Stdin, r.Stdout, r.Stderr, &p.wg, &copyWaitGroup); err != nil {
-			return errors.Wrap(err, "failed to start io pipe copy")
-		}
-	}
-
-	copyWaitGroup.Wait()
-	pid, err := runc.ReadPidFile(pidFile)
-	if err != nil {
-		return errors.Wrap(err, "failed to retrieve OCI runtime container pid")
-	}
-	p.pid = pid
-	return nil
-}
-
-// Wait for the process to exit
-func (p *Init) Wait() {
-	<-p.waitBlock
-}
-
-// ID of the process
-func (p *Init) ID() string {
-	return p.id
-}
-
-// Pid of the process
-func (p *Init) Pid() int {
-	return p.pid
-}
-
-// ExitStatus of the process
-func (p *Init) ExitStatus() int {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-	return p.status
-}
-
-// ExitedAt at time when the process exited
-func (p *Init) ExitedAt() time.Time {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-	return p.exited
-}
-
-// Status of the process
-func (p *Init) Status(ctx context.Context) (string, error) {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-	c, err := p.runtime.State(ctx, p.id)
-	if err != nil {
-		if strings.Contains(err.Error(), "does not exist") {
-			return "stopped", nil
-		}
-		return "", p.runtimeError(err, "OCI runtime state failed")
-	}
-	return c.Status, nil
-}
-
-func (p *Init) start(context context.Context) error {
-	err := p.runtime.Start(context, p.id)
-	return p.runtimeError(err, "OCI runtime start failed")
-}
-
-func (p *Init) setExited(status int) {
-	p.exited = time.Now()
-	p.status = status
-	p.Platform.ShutdownConsole(context.Background(), p.console)
-	close(p.waitBlock)
-}
-
-func (p *Init) delete(context context.Context) error {
-	p.wg.Wait()
-	err := p.runtime.Delete(context, p.id, nil)
-	// ignore errors if a runtime has already deleted the process
-	// but we still hold metadata and pipes
-	//
-	// this is common during a checkpoint, runc will delete the container state
-	// after a checkpoint and the container will no longer exist within runc
-	if err != nil {
-		if strings.Contains(err.Error(), "does not exist") {
-			err = nil
-		} else {
-			err = p.runtimeError(err, "failed to delete task")
-		}
-	}
-	if p.io != nil {
-		for _, c := range p.closers {
-			c.Close()
-		}
-		p.io.Close()
-	}
-	if err2 := mount.UnmountAll(p.Rootfs, 0); err2 != nil {
-		log.G(context).WithError(err2).Warn("failed to cleanup rootfs mount")
-		if err == nil {
-			err = errors.Wrap(err2, "failed rootfs umount")
-		}
-	}
-	return err
-}
-
-func (p *Init) resize(ws console.WinSize) error {
-	if p.console == nil {
-		return nil
-	}
-	return p.console.Resize(ws)
-}
-
-func (p *Init) pause(context context.Context) error {
-	err := p.runtime.Pause(context, p.id)
-	return p.runtimeError(err, "OCI runtime pause failed")
-}
-
-func (p *Init) resume(context context.Context) error {
-	err := p.runtime.Resume(context, p.id)
-	return p.runtimeError(err, "OCI runtime resume failed")
-}
-
-func (p *Init) kill(context context.Context, signal uint32, all bool) error {
-	err := p.runtime.Kill(context, p.id, int(signal), &runc.KillOpts{
-		All: all,
-	})
-	return checkKillError(err)
-}
-
-// KillAll processes belonging to the init process
-func (p *Init) KillAll(context context.Context) error {
-	err := p.runtime.Kill(context, p.id, int(syscall.SIGKILL), &runc.KillOpts{
-		All: true,
-	})
-	return p.runtimeError(err, "OCI runtime killall failed")
-}
-
-// Stdin of the process
-func (p *Init) Stdin() io.Closer {
-	return p.stdin
-}
-
-// Runtime returns the OCI runtime configured for the init process
-func (p *Init) Runtime() *runc.Runc {
-	return p.runtime
-}
-
-// exec returns a new exec'd process
-func (p *Init) exec(context context.Context, path string, r *ExecConfig) (proc.Process, error) {
-	// process exec request
-	var spec specs.Process
-	if err := json.Unmarshal(r.Spec.Value, &spec); err != nil {
-		return nil, err
-	}
-	spec.Terminal = r.Terminal
-
-	e := &execProcess{
-		id:     r.ID,
-		path:   path,
-		parent: p,
-		spec:   spec,
-		stdio: proc.Stdio{
-			Stdin:    r.Stdin,
-			Stdout:   r.Stdout,
-			Stderr:   r.Stderr,
-			Terminal: r.Terminal,
-		},
-		waitBlock: make(chan struct{}),
-	}
-	e.State = &execCreatedState{p: e}
-	return e, nil
-}
-
-func (p *Init) checkpoint(context context.Context, r *CheckpointConfig) error {
-	var actions []runc.CheckpointAction
-	if !r.Exit {
-		actions = append(actions, runc.LeaveRunning)
-	}
-	work := filepath.Join(p.WorkDir, "criu-work")
-	defer os.RemoveAll(work)
-	if err := p.runtime.Checkpoint(context, p.id, &runc.CheckpointOpts{
-		WorkDir:                  work,
-		ImagePath:                r.Path,
-		AllowOpenTCP:             r.AllowOpenTCP,
-		AllowExternalUnixSockets: r.AllowExternalUnixSockets,
-		AllowTerminal:            r.AllowTerminal,
-		FileLocks:                r.FileLocks,
-		EmptyNamespaces:          r.EmptyNamespaces,
-	}, actions...); err != nil {
-		dumpLog := filepath.Join(p.Bundle, "criu-dump.log")
-		if cerr := copyFile(dumpLog, filepath.Join(work, "dump.log")); cerr != nil {
-			log.G(context).Error(err)
-		}
-		return fmt.Errorf("%s path= %s", criuError(err), dumpLog)
-	}
-	return nil
-}
-
-func (p *Init) update(context context.Context, r *google_protobuf.Any) error {
-	var resources specs.LinuxResources
-	if err := json.Unmarshal(r.Value, &resources); err != nil {
-		return err
-	}
-	return p.runtime.Update(context, p.id, &resources)
-}
-
-// Stdio of the process
-func (p *Init) Stdio() proc.Stdio {
-	return p.stdio
-}
-
-func (p *Init) runtimeError(rErr error, msg string) error {
-	if rErr == nil {
-		return nil
-	}
-
-	rMsg, err := getLastRuntimeError(p.runtime)
-	switch {
-	case err != nil:
-		return errors.Wrapf(rErr, "%s: %s (%s)", msg, "unable to retrieve OCI runtime error", err.Error())
-	case rMsg == "":
-		return errors.Wrap(rErr, msg)
-	default:
-		return errors.Errorf("%s: %s", msg, rMsg)
-	}
-}
-
-func withConditionalIO(c proc.Stdio) runc.IOOpt {
-	return func(o *runc.IOOption) {
-		o.OpenStdin = c.Stdin != ""
-		o.OpenStdout = c.Stdout != ""
-		o.OpenStderr = c.Stderr != ""
-	}
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init_state.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init_state.go
deleted file mode 100644
index 6a6b448d3a34a..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init_state.go
+++ /dev/null
@@ -1,545 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proc
-
-import (
-	"context"
-	"sync"
-	"syscall"
-
-	"github.com/containerd/console"
-	"github.com/containerd/containerd/errdefs"
-	"github.com/containerd/containerd/runtime/proc"
-	"github.com/containerd/fifo"
-	runc "github.com/containerd/go-runc"
-	google_protobuf "github.com/gogo/protobuf/types"
-	"github.com/pkg/errors"
-)
-
-type initState interface {
-	proc.State
-
-	Pause(context.Context) error
-	Resume(context.Context) error
-	Update(context.Context, *google_protobuf.Any) error
-	Checkpoint(context.Context, *CheckpointConfig) error
-	Exec(context.Context, string, *ExecConfig) (proc.Process, error)
-}
-
-type createdState struct {
-	p *Init
-}
-
-func (s *createdState) transition(name string) error {
-	switch name {
-	case "running":
-		s.p.initState = &runningState{p: s.p}
-	case "stopped":
-		s.p.initState = &stoppedState{p: s.p}
-	case "deleted":
-		s.p.initState = &deletedState{}
-	default:
-		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
-	}
-	return nil
-}
-
-func (s *createdState) Pause(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot pause task in created state")
-}
-
-func (s *createdState) Resume(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot resume task in created state")
-}
-
-func (s *createdState) Update(context context.Context, r *google_protobuf.Any) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.update(context, r)
-}
-
-func (s *createdState) Checkpoint(context context.Context, r *CheckpointConfig) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot checkpoint a task in created state")
-}
-
-func (s *createdState) Resize(ws console.WinSize) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.resize(ws)
-}
-
-func (s *createdState) Start(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-	if err := s.p.start(ctx); err != nil {
-		return err
-	}
-	return s.transition("running")
-}
-
-func (s *createdState) Delete(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-	if err := s.p.delete(ctx); err != nil {
-		return err
-	}
-	return s.transition("deleted")
-}
-
-func (s *createdState) Kill(ctx context.Context, sig uint32, all bool) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.kill(ctx, sig, all)
-}
-
-func (s *createdState) SetExited(status int) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	s.p.setExited(status)
-
-	if err := s.transition("stopped"); err != nil {
-		panic(err)
-	}
-}
-
-func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-	return s.p.exec(ctx, path, r)
-}
-
-type createdCheckpointState struct {
-	p    *Init
-	opts *runc.RestoreOpts
-}
-
-func (s *createdCheckpointState) transition(name string) error {
-	switch name {
-	case "running":
-		s.p.initState = &runningState{p: s.p}
-	case "stopped":
-		s.p.initState = &stoppedState{p: s.p}
-	case "deleted":
-		s.p.initState = &deletedState{}
-	default:
-		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
-	}
-	return nil
-}
-
-func (s *createdCheckpointState) Pause(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot pause task in created state")
-}
-
-func (s *createdCheckpointState) Resume(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot resume task in created state")
-}
-
-func (s *createdCheckpointState) Update(context context.Context, r *google_protobuf.Any) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.update(context, r)
-}
-
-func (s *createdCheckpointState) Checkpoint(context context.Context, r *CheckpointConfig) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot checkpoint a task in created state")
-}
-
-func (s *createdCheckpointState) Resize(ws console.WinSize) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.resize(ws)
-}
-
-func (s *createdCheckpointState) Start(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-	p := s.p
-	sio := p.stdio
-
-	var (
-		err    error
-		socket *runc.Socket
-	)
-	if sio.Terminal {
-		if socket, err = runc.NewTempConsoleSocket(); err != nil {
-			return errors.Wrap(err, "failed to create OCI runtime console socket")
-		}
-		defer socket.Close()
-		s.opts.ConsoleSocket = socket
-	}
-
-	if _, err := s.p.runtime.Restore(ctx, p.id, p.Bundle, s.opts); err != nil {
-		return p.runtimeError(err, "OCI runtime restore failed")
-	}
-	if sio.Stdin != "" {
-		sc, err := fifo.OpenFifo(ctx, sio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0)
-		if err != nil {
-			return errors.Wrapf(err, "failed to open stdin fifo %s", sio.Stdin)
-		}
-		p.stdin = sc
-		p.closers = append(p.closers, sc)
-	}
-	var copyWaitGroup sync.WaitGroup
-	if socket != nil {
-		console, err := socket.ReceiveMaster()
-		if err != nil {
-			return errors.Wrap(err, "failed to retrieve console master")
-		}
-		console, err = p.Platform.CopyConsole(ctx, console, sio.Stdin, sio.Stdout, sio.Stderr, &p.wg, &copyWaitGroup)
-		if err != nil {
-			return errors.Wrap(err, "failed to start console copy")
-		}
-		p.console = console
-	} else if !sio.IsNull() {
-		if err := copyPipes(ctx, p.io, sio.Stdin, sio.Stdout, sio.Stderr, &p.wg, &copyWaitGroup); err != nil {
-			return errors.Wrap(err, "failed to start io pipe copy")
-		}
-	}
-
-	copyWaitGroup.Wait()
-	pid, err := runc.ReadPidFile(s.opts.PidFile)
-	if err != nil {
-		return errors.Wrap(err, "failed to retrieve OCI runtime container pid")
-	}
-	p.pid = pid
-	return s.transition("running")
-}
-
-func (s *createdCheckpointState) Delete(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-	if err := s.p.delete(ctx); err != nil {
-		return err
-	}
-	return s.transition("deleted")
-}
-
-func (s *createdCheckpointState) Kill(ctx context.Context, sig uint32, all bool) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.kill(ctx, sig, all)
-}
-
-func (s *createdCheckpointState) SetExited(status int) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	s.p.setExited(status)
-
-	if err := s.transition("stopped"); err != nil {
-		panic(err)
-	}
-}
-
-func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return nil, errors.Errorf("cannot exec in a created state")
-}
-
-type runningState struct {
-	p *Init
-}
-
-func (s *runningState) transition(name string) error {
-	switch name {
-	case "stopped":
-		s.p.initState = &stoppedState{p: s.p}
-	case "paused":
-		s.p.initState = &pausedState{p: s.p}
-	default:
-		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
-	}
-	return nil
-}
-
-func (s *runningState) Pause(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-	if err := s.p.pause(ctx); err != nil {
-		return err
-	}
-	return s.transition("paused")
-}
-
-func (s *runningState) Resume(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot resume a running process")
-}
-
-func (s *runningState) Update(context context.Context, r *google_protobuf.Any) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.update(context, r)
-}
-
-func (s *runningState) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.checkpoint(ctx, r)
-}
-
-func (s *runningState) Resize(ws console.WinSize) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.resize(ws)
-}
-
-func (s *runningState) Start(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot start a running process")
-}
-
-func (s *runningState) Delete(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot delete a running process")
-}
-
-func (s *runningState) Kill(ctx context.Context, sig uint32, all bool) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.kill(ctx, sig, all)
-}
-
-func (s *runningState) SetExited(status int) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	s.p.setExited(status)
-
-	if err := s.transition("stopped"); err != nil {
-		panic(err)
-	}
-}
-
-func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-	return s.p.exec(ctx, path, r)
-}
-
-type pausedState struct {
-	p *Init
-}
-
-func (s *pausedState) transition(name string) error {
-	switch name {
-	case "running":
-		s.p.initState = &runningState{p: s.p}
-	case "stopped":
-		s.p.initState = &stoppedState{p: s.p}
-	default:
-		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
-	}
-	return nil
-}
-
-func (s *pausedState) Pause(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot pause a paused container")
-}
-
-func (s *pausedState) Resume(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	if err := s.p.resume(ctx); err != nil {
-		return err
-	}
-	return s.transition("running")
-}
-
-func (s *pausedState) Update(context context.Context, r *google_protobuf.Any) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.update(context, r)
-}
-
-func (s *pausedState) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.checkpoint(ctx, r)
-}
-
-func (s *pausedState) Resize(ws console.WinSize) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.resize(ws)
-}
-
-func (s *pausedState) Start(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot start a paused process")
-}
-
-func (s *pausedState) Delete(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot delete a paused process")
-}
-
-func (s *pausedState) Kill(ctx context.Context, sig uint32, all bool) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return s.p.kill(ctx, sig, all)
-}
-
-func (s *pausedState) SetExited(status int) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	s.p.setExited(status)
-
-	if err := s.transition("stopped"); err != nil {
-		panic(err)
-	}
-}
-
-func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return nil, errors.Errorf("cannot exec in a paused state")
-}
-
-type stoppedState struct {
-	p *Init
-}
-
-func (s *stoppedState) transition(name string) error {
-	switch name {
-	case "deleted":
-		s.p.initState = &deletedState{}
-	default:
-		return errors.Errorf("invalid state transition %q to %q", stateName(s), name)
-	}
-	return nil
-}
-
-func (s *stoppedState) Pause(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot pause a stopped container")
-}
-
-func (s *stoppedState) Resume(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot resume a stopped container")
-}
-
-func (s *stoppedState) Update(context context.Context, r *google_protobuf.Any) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot update a stopped container")
-}
-
-func (s *stoppedState) Checkpoint(ctx context.Context, r *CheckpointConfig) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot checkpoint a stopped container")
-}
-
-func (s *stoppedState) Resize(ws console.WinSize) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot resize a stopped container")
-}
-
-func (s *stoppedState) Start(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return errors.Errorf("cannot start a stopped process")
-}
-
-func (s *stoppedState) Delete(ctx context.Context) error {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-	if err := s.p.delete(ctx); err != nil {
-		return err
-	}
-	return s.transition("deleted")
-}
-
-func (s *stoppedState) Kill(ctx context.Context, sig uint32, all bool) error {
-	return errdefs.ToGRPCf(errdefs.ErrNotFound, "process %s not found", s.p.id)
-}
-
-func (s *stoppedState) SetExited(status int) {
-	// no op
-}
-
-func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
-	s.p.mu.Lock()
-	defer s.p.mu.Unlock()
-
-	return nil, errors.Errorf("cannot exec in a stopped state")
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/io.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/io.go
deleted file mode 100644
index 71f6ee1bb3a60..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/io.go
+++ /dev/null
@@ -1,145 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proc
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"os"
-	"sync"
-	"syscall"
-
-	"github.com/containerd/fifo"
-	runc "github.com/containerd/go-runc"
-)
-
-var bufPool = sync.Pool{
-	New: func() interface{} {
-		buffer := make([]byte, 32<<10)
-		return &buffer
-	},
-}
-
-func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, wg, cwg *sync.WaitGroup) error {
-	var sameFile io.WriteCloser
-	for _, i := range []struct {
-		name string
-		dest func(wc io.WriteCloser, rc io.Closer)
-	}{
-		{
-			name: stdout,
-			dest: func(wc io.WriteCloser, rc io.Closer) {
-				wg.Add(1)
-				cwg.Add(1)
-				go func() {
-					cwg.Done()
-					p := bufPool.Get().(*[]byte)
-					defer bufPool.Put(p)
-					io.CopyBuffer(wc, rio.Stdout(), *p)
-					wg.Done()
-					wc.Close()
-					if rc != nil {
-						rc.Close()
-					}
-				}()
-			},
-		}, {
-			name: stderr,
-			dest: func(wc io.WriteCloser, rc io.Closer) {
-				wg.Add(1)
-				cwg.Add(1)
-				go func() {
-					cwg.Done()
-					p := bufPool.Get().(*[]byte)
-					defer bufPool.Put(p)
-					io.CopyBuffer(wc, rio.Stderr(), *p)
-					wg.Done()
-					wc.Close()
-					if rc != nil {
-						rc.Close()
-					}
-				}()
-			},
-		},
-	} {
-		ok, err := isFifo(i.name)
-		if err != nil {
-			return err
-		}
-		var (
-			fw io.WriteCloser
-			fr io.Closer
-		)
-		if ok {
-			if fw, err = fifo.OpenFifo(ctx, i.name, syscall.O_WRONLY, 0); err != nil {
-				return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err)
-			}
-			if fr, err = fifo.OpenFifo(ctx, i.name, syscall.O_RDONLY, 0); err != nil {
-				return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err)
-			}
-		} else {
-			if sameFile != nil {
-				i.dest(sameFile, nil)
-				continue
-			}
-			if fw, err = os.OpenFile(i.name, syscall.O_WRONLY|syscall.O_APPEND, 0); err != nil {
-				return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err)
-			}
-			if stdout == stderr {
-				sameFile = fw
-			}
-		}
-		i.dest(fw, fr)
-	}
-	if stdin == "" {
-		return nil
-	}
-	f, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0)
-	if err != nil {
-		return fmt.Errorf("containerd-shim: opening %s failed: %s", stdin, err)
-	}
-	cwg.Add(1)
-	go func() {
-		cwg.Done()
-		p := bufPool.Get().(*[]byte)
-		defer bufPool.Put(p)
-
-		io.CopyBuffer(rio.Stdin(), f, *p)
-		rio.Stdin().Close()
-		f.Close()
-	}()
-	return nil
-}
-
-// isFifo checks if a file is a fifo
-// if the file does not exist then it returns false
-func isFifo(path string) (bool, error) {
-	stat, err := os.Stat(path)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return false, nil
-		}
-		return false, err
-	}
-	if stat.Mode()&os.ModeNamedPipe == os.ModeNamedPipe {
-		return true, nil
-	}
-	return false, nil
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/process.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/process.go
deleted file mode 100644
index 53252ec604f5f..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/process.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proc
-
-import (
-	"github.com/pkg/errors"
-)
-
-// RuncRoot is the path to the root runc state directory
-const RuncRoot = "/run/containerd/runc"
-
-func stateName(v interface{}) string {
-	switch v.(type) {
-	case *runningState, *execRunningState:
-		return "running"
-	case *createdState, *execCreatedState, *createdCheckpointState:
-		return "created"
-	case *pausedState:
-		return "paused"
-	case *deletedState:
-		return "deleted"
-	case *stoppedState:
-		return "stopped"
-	}
-	panic(errors.Errorf("invalid state %v", v))
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/types.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/types.go
deleted file mode 100644
index 2bea98dc8e0a2..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/types.go
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proc
-
-import (
-	google_protobuf "github.com/gogo/protobuf/types"
-)
-
-// Mount holds filesystem mount configuration
-type Mount struct {
-	Type    string
-	Source  string
-	Target  string
-	Options []string
-}
-
-// CreateConfig hold task creation configuration
-type CreateConfig struct {
-	ID               string
-	Bundle           string
-	Runtime          string
-	Rootfs           []Mount
-	Terminal         bool
-	Stdin            string
-	Stdout           string
-	Stderr           string
-	Checkpoint       string
-	ParentCheckpoint string
-	Options          *google_protobuf.Any
-}
-
-// ExecConfig holds exec creation configuration
-type ExecConfig struct {
-	ID       string
-	Terminal bool
-	Stdin    string
-	Stdout   string
-	Stderr   string
-	Spec     *google_protobuf.Any
-}
-
-// CheckpointConfig holds task checkpoint configuration
-type CheckpointConfig struct {
-	Path                     string
-	Exit                     bool
-	AllowOpenTCP             bool
-	AllowExternalUnixSockets bool
-	AllowTerminal            bool
-	FileLocks                bool
-	EmptyNamespaces          []string
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/utils.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/utils.go
deleted file mode 100644
index 3d0334c450644..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/utils.go
+++ /dev/null
@@ -1,104 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proc
-
-import (
-	"encoding/json"
-	"io"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/containerd/containerd/errdefs"
-	runc "github.com/containerd/go-runc"
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
-)
-
-// TODO(mlaventure): move to runc package?
-func getLastRuntimeError(r *runc.Runc) (string, error) {
-	if r.Log == "" {
-		return "", nil
-	}
-
-	f, err := os.OpenFile(r.Log, os.O_RDONLY, 0400)
-	if err != nil {
-		return "", err
-	}
-
-	var (
-		errMsg string
-		log    struct {
-			Level string
-			Msg   string
-			Time  time.Time
-		}
-	)
-
-	dec := json.NewDecoder(f)
-	for err = nil; err == nil; {
-		if err = dec.Decode(&log); err != nil && err != io.EOF {
-			return "", err
-		}
-		if log.Level == "error" {
-			errMsg = strings.TrimSpace(log.Msg)
-		}
-	}
-
-	return errMsg, nil
-}
-
-// criuError returns only the first line of the error message from criu
-// it tries to add an invalid dump log location when returning the message
-func criuError(err error) string {
-	parts := strings.Split(err.Error(), "\n")
-	return parts[0]
-}
-
-func copyFile(to, from string) error {
-	ff, err := os.Open(from)
-	if err != nil {
-		return err
-	}
-	defer ff.Close()
-	tt, err := os.Create(to)
-	if err != nil {
-		return err
-	}
-	defer tt.Close()
-
-	p := bufPool.Get().(*[]byte)
-	defer bufPool.Put(p)
-	_, err = io.CopyBuffer(tt, ff, *p)
-	return err
-}
-
-func checkKillError(err error) error {
-	if err == nil {
-		return nil
-	}
-	if strings.Contains(err.Error(), "os: process already finished") || err == unix.ESRCH {
-		return errors.Wrapf(errdefs.ErrNotFound, "process already finished")
-	}
-	return errors.Wrapf(err, "unknown error after kill")
-}
-
-func hasNoIO(r *CreateConfig) bool {
-	return r.Stdin == "" && r.Stdout == "" && r.Stderr == ""
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/process.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/process.go
index 2c60b674a9fbf..c2777452d2b27 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/process.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/process.go
@@ -62,7 +62,7 @@ func (p *Process) State(ctx context.Context) (runtime.State, error) {
 		ID: p.id,
 	})
 	if err != nil {
-		if errors.Cause(err) != ttrpc.ErrClosed {
+		if !errors.Is(err, ttrpc.ErrClosed) {
 			return runtime.State{}, errdefs.FromGRPC(err)
 		}
 
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/runtime.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/runtime.go
index d19b8e5168098..aa6d3f31450c0 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/runtime.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/runtime.go
@@ -21,6 +21,7 @@ package linux
 import (
 	"context"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -36,11 +37,12 @@ import (
 	"github.com/containerd/containerd/metadata"
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/pkg/process"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/plugin"
 	"github.com/containerd/containerd/runtime"
 	"github.com/containerd/containerd/runtime/linux/runctypes"
-	"github.com/containerd/containerd/runtime/v1/linux/proc"
+	v1 "github.com/containerd/containerd/runtime/v1"
 	shim "github.com/containerd/containerd/runtime/v1/shim/v1"
 	runc "github.com/containerd/go-runc"
 	"github.com/containerd/typeurl"
@@ -48,7 +50,6 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	bolt "go.etcd.io/bbolt"
 	"golang.org/x/sys/unix"
 )
 
@@ -61,6 +62,9 @@ const (
 	configFilename = "config.json"
 	defaultRuntime = "runc"
 	defaultShim    = "containerd-shim"
+
+	// cleanupTimeout is default timeout for cleanup operations
+	cleanupTimeout = 1 * time.Minute
 )
 
 func init() {
@@ -110,13 +114,13 @@ func New(ic *plugin.InitContext) (interface{}, error) {
 	}
 	cfg := ic.Config.(*Config)
 	r := &Runtime{
-		root:    ic.Root,
-		state:   ic.State,
-		tasks:   runtime.NewTaskList(),
-		db:      m.(*metadata.DB),
-		address: ic.Address,
-		events:  ic.Events,
-		config:  cfg,
+		root:       ic.Root,
+		state:      ic.State,
+		tasks:      runtime.NewTaskList(),
+		containers: metadata.NewContainerStore(m.(*metadata.DB)),
+		address:    ic.Address,
+		events:     ic.Events,
+		config:     cfg,
 	}
 	tasks, err := r.restoreTasks(ic.Context)
 	if err != nil {
@@ -136,9 +140,9 @@ type Runtime struct {
 	state   string
 	address string
 
-	tasks  *runtime.TaskList
-	db     *metadata.DB
-	events *exchange.Exchange
+	tasks      *runtime.TaskList
+	containers containers.Store
+	events     *exchange.Exchange
 
 	config *Config
 }
@@ -189,18 +193,13 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts
 		}
 		exitHandler := func() {
 			log.G(ctx).WithField("id", id).Info("shim reaped")
-			t, err := r.tasks.Get(ctx, id)
-			if err != nil {
+
+			if _, err := r.tasks.Get(ctx, id); err != nil {
 				// Task was never started or was already successfully deleted
 				return
 			}
-			lc := t.(*Task)
 
-			log.G(ctx).WithFields(logrus.Fields{
-				"id":        id,
-				"namespace": namespace,
-			}).Warn("cleaning up after killed shim")
-			if err = r.cleanupAfterDeadShim(context.Background(), bundle, namespace, id, lc.pid); err != nil {
+			if err = r.cleanupAfterDeadShim(context.Background(), bundle, namespace, id); err != nil {
 				log.G(ctx).WithError(err).WithFields(logrus.Fields{
 					"id":        id,
 					"namespace": namespace,
@@ -216,8 +215,11 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts
 	}
 	defer func() {
 		if err != nil {
-			if kerr := s.KillShim(ctx); kerr != nil {
-				log.G(ctx).WithError(err).Error("failed to kill shim")
+			deferCtx, deferCancel := context.WithTimeout(
+				namespaces.WithNamespace(context.TODO(), namespace), cleanupTimeout)
+			defer deferCancel()
+			if kerr := s.KillShim(deferCtx); kerr != nil {
+				log.G(ctx).WithError(kerr).Error("failed to kill shim")
 			}
 		}
 	}()
@@ -288,6 +290,10 @@ func (r *Runtime) restoreTasks(ctx context.Context) ([]*Task, error) {
 			continue
 		}
 		name := namespace.Name()
+		// skip hidden directories
+		if len(name) > 0 && name[0] == '.' {
+			continue
+		}
 		log.G(ctx).WithField("namespace", name).Debug("loading tasks in namespace")
 		tasks, err := r.loadTasks(ctx, name)
 		if err != nil {
@@ -303,6 +309,16 @@ func (r *Runtime) Get(ctx context.Context, id string) (runtime.Task, error) {
 	return r.tasks.Get(ctx, id)
 }
 
+// Add a runtime task
+func (r *Runtime) Add(ctx context.Context, task runtime.Task) error {
+	return r.tasks.Add(ctx, task)
+}
+
+// Delete a runtime task
+func (r *Runtime) Delete(ctx context.Context, id string) {
+	r.tasks.Delete(ctx, id)
+}
+
 func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) {
 	dir, err := ioutil.ReadDir(filepath.Join(r.state, ns))
 	if err != nil {
@@ -314,16 +330,26 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) {
 			continue
 		}
 		id := path.Name()
+		// skip hidden directories
+		if len(id) > 0 && id[0] == '.' {
+			continue
+		}
 		bundle := loadBundle(
 			id,
 			filepath.Join(r.state, ns, id),
 			filepath.Join(r.root, ns, id),
 		)
 		ctx = namespaces.WithNamespace(ctx, ns)
-		pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, proc.InitPidFile))
+		pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, process.InitPidFile))
+		shimExit := make(chan struct{})
 		s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() {
-			err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid)
-			if err != nil {
+			defer close(shimExit)
+			if _, err := r.tasks.Get(ctx, id); err != nil {
+				// Task was never started or was already successfully deleted
+				return
+			}
+
+			if err := r.cleanupAfterDeadShim(ctx, bundle, ns, id); err != nil {
 				log.G(ctx).WithError(err).WithField("bundle", bundle.path).
 					Error("cleaning up after dead shim")
 			}
@@ -333,7 +359,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) {
 				"id":        id,
 				"namespace": ns,
 			}).Error("connecting to shim")
-			err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid)
+			err := r.cleanupAfterDeadShim(ctx, bundle, ns, id)
 			if err != nil {
 				log.G(ctx).WithError(err).WithField("bundle", bundle.path).
 					Error("cleaning up after dead shim")
@@ -341,6 +367,50 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) {
 			continue
 		}
 
+		logDirPath := filepath.Join(r.root, ns, id)
+
+		copyAndClose := func(dst io.Writer, src io.ReadWriteCloser) {
+			copyDone := make(chan struct{})
+			go func() {
+				io.Copy(dst, src)
+				close(copyDone)
+			}()
+			select {
+			case <-shimExit:
+			case <-copyDone:
+			}
+			src.Close()
+		}
+		shimStdoutLog, err := v1.OpenShimStdoutLog(ctx, logDirPath)
+		if err != nil {
+			log.G(ctx).WithError(err).WithFields(logrus.Fields{
+				"id":         id,
+				"namespace":  ns,
+				"logDirPath": logDirPath,
+			}).Error("opening shim stdout log pipe")
+			continue
+		}
+		if r.config.ShimDebug {
+			go copyAndClose(os.Stdout, shimStdoutLog)
+		} else {
+			go copyAndClose(ioutil.Discard, shimStdoutLog)
+		}
+
+		shimStderrLog, err := v1.OpenShimStderrLog(ctx, logDirPath)
+		if err != nil {
+			log.G(ctx).WithError(err).WithFields(logrus.Fields{
+				"id":         id,
+				"namespace":  ns,
+				"logDirPath": logDirPath,
+			}).Error("opening shim stderr log pipe")
+			continue
+		}
+		if r.config.ShimDebug {
+			go copyAndClose(os.Stderr, shimStderrLog)
+		} else {
+			go copyAndClose(ioutil.Discard, shimStderrLog)
+		}
+
 		t, err := newTask(id, ns, pid, s, r.events, r.tasks, bundle)
 		if err != nil {
 			log.G(ctx).WithError(err).Error("loading task type")
@@ -351,7 +421,13 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) {
 	return o, nil
 }
 
-func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, id string, pid int) error {
+func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, id string) error {
+	log.G(ctx).WithFields(logrus.Fields{
+		"id":        id,
+		"namespace": ns,
+	}).Warn("cleaning up after shim dead")
+
+	pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, process.InitPidFile))
 	ctx = namespaces.WithNamespace(ctx, ns)
 	if err := r.terminate(ctx, bundle, ns, id); err != nil {
 		if r.config.ShimDebug {
@@ -374,6 +450,10 @@ func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns,
 	if err := bundle.Delete(); err != nil {
 		log.G(ctx).WithError(err).Error("delete bundle")
 	}
+	// kill shim
+	if shimPid, err := runc.ReadPidFile(filepath.Join(bundle.path, "shim.pid")); err == nil && shimPid > 0 {
+		unix.Kill(shimPid, unix.SIGKILL)
+	}
 
 	r.events.Publish(ctx, runtime.TaskDeleteEventTopic, &eventstypes.TaskDelete{
 		ContainerID: id,
@@ -412,7 +492,7 @@ func (r *Runtime) getRuntime(ctx context.Context, ns, id string) (*runc.Runc, er
 
 	var (
 		cmd  = r.config.Runtime
-		root = proc.RuncRoot
+		root = process.RuncRoot
 	)
 	if ropts != nil {
 		if ropts.Runtime != "" {
@@ -433,14 +513,8 @@ func (r *Runtime) getRuntime(ctx context.Context, ns, id string) (*runc.Runc, er
 }
 
 func (r *Runtime) getRuncOptions(ctx context.Context, id string) (*runctypes.RuncOptions, error) {
-	var container containers.Container
-
-	if err := r.db.View(func(tx *bolt.Tx) error {
-		store := metadata.NewContainerStore(tx)
-		var err error
-		container, err = store.Get(ctx, id)
-		return err
-	}); err != nil {
+	container, err := r.containers.Get(ctx, id)
+	if err != nil {
 		return nil, err
 	}
 
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/task.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/task.go
index 38da35c085f8f..1e9e50ca5b046 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/linux/task.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/task.go
@@ -84,11 +84,19 @@ func (t *Task) Namespace() string {
 	return t.namespace
 }
 
+// PID of the task
+func (t *Task) PID() uint32 {
+	return uint32(t.pid)
+}
+
 // Delete the task and return the exit status
 func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) {
-	rsp, err := t.shim.Delete(ctx, empty)
-	if err != nil {
-		return nil, errdefs.FromGRPC(err)
+	rsp, shimErr := t.shim.Delete(ctx, empty)
+	if shimErr != nil {
+		shimErr = errdefs.FromGRPC(shimErr)
+		if !errdefs.IsNotFound(shimErr) {
+			return nil, shimErr
+		}
 	}
 	t.tasks.Delete(ctx, t.id)
 	if err := t.shim.KillShim(ctx); err != nil {
@@ -97,6 +105,9 @@ func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) {
 	if err := t.bundle.Delete(); err != nil {
 		log.G(ctx).WithError(err).Error("failed to delete bundle")
 	}
+	if shimErr != nil {
+		return nil, shimErr
+	}
 	t.events.Publish(ctx, runtime.TaskDeleteEventTopic, &eventstypes.TaskDelete{
 		ContainerID: t.id,
 		ExitStatus:  rsp.ExitStatus,
@@ -124,11 +135,15 @@ func (t *Task) Start(ctx context.Context) error {
 	t.pid = int(r.Pid)
 	if !hasCgroup {
 		cg, err := cgroups.Load(cgroups.V1, cgroups.PidPath(t.pid))
-		if err != nil {
+		if err != nil && err != cgroups.ErrCgroupDeleted {
 			return err
 		}
 		t.mu.Lock()
-		t.cg = cg
+		if err == cgroups.ErrCgroupDeleted {
+			t.cg = nil
+		} else {
+			t.cg = cg
+		}
 		t.mu.Unlock()
 	}
 	t.events.Publish(ctx, runtime.TaskStartEventTopic, &eventstypes.TaskStart{
@@ -144,7 +159,7 @@ func (t *Task) State(ctx context.Context) (runtime.State, error) {
 		ID: t.id,
 	})
 	if err != nil {
-		if errors.Cause(err) != ttrpc.ErrClosed {
+		if !errors.Is(err, ttrpc.ErrClosed) {
 			return runtime.State{}, errdefs.FromGRPC(err)
 		}
 		return runtime.State{}, errdefs.ErrNotFound
@@ -291,7 +306,7 @@ func (t *Task) Checkpoint(ctx context.Context, path string, options *types.Any)
 }
 
 // Update changes runtime information of a running task
-func (t *Task) Update(ctx context.Context, resources *types.Any) error {
+func (t *Task) Update(ctx context.Context, resources *types.Any, _ map[string]string) error {
 	if _, err := t.shim.Update(ctx, &shim.UpdateTaskRequest{
 		Resources: resources,
 	}); err != nil {
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim.go b/vendor/github.com/containerd/containerd/runtime/v1/shim.go
new file mode 100644
index 0000000000000..0a2018b4c29d5
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim.go
@@ -0,0 +1,38 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v1
+
+import (
+	"context"
+	"io"
+	"path/filepath"
+
+	"github.com/containerd/fifo"
+	"golang.org/x/sys/unix"
+)
+
+// OpenShimStdoutLog opens the shim log for reading
+func OpenShimStdoutLog(ctx context.Context, logDirPath string) (io.ReadWriteCloser, error) {
+	return fifo.OpenFifo(ctx, filepath.Join(logDirPath, "shim.stdout.log"), unix.O_RDWR|unix.O_CREAT, 0700)
+}
+
+// OpenShimStderrLog opens the shim log
+func OpenShimStderrLog(ctx context.Context, logDirPath string) (io.ReadWriteCloser, error) {
+	return fifo.OpenFifo(ctx, filepath.Join(logDirPath, "shim.stderr.log"), unix.O_RDWR|unix.O_CREAT, 0700)
+}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go
index 015d88c2dc66c..a8afb0e4832fd 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go
@@ -20,10 +20,14 @@ package client
 
 import (
 	"context"
+	"fmt"
 	"io"
+	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
+	"path/filepath"
+	"strconv"
 	"strings"
 	"sync"
 	"syscall"
@@ -37,6 +41,8 @@ import (
 
 	"github.com/containerd/containerd/events"
 	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/pkg/dialer"
+	v1 "github.com/containerd/containerd/runtime/v1"
 	"github.com/containerd/containerd/runtime/v1/shim"
 	shimapi "github.com/containerd/containerd/runtime/v1/shim/v1"
 	"github.com/containerd/containerd/sys"
@@ -53,16 +59,43 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa
 	return func(ctx context.Context, config shim.Config) (_ shimapi.ShimService, _ io.Closer, err error) {
 		socket, err := newSocket(address)
 		if err != nil {
-			return nil, nil, err
+			if !eaddrinuse(err) {
+				return nil, nil, err
+			}
+			if err := RemoveSocket(address); err != nil {
+				return nil, nil, errors.Wrap(err, "remove already used socket")
+			}
+			if socket, err = newSocket(address); err != nil {
+				return nil, nil, err
+			}
 		}
-		defer socket.Close()
+
 		f, err := socket.File()
 		if err != nil {
 			return nil, nil, errors.Wrapf(err, "failed to get fd for socket %s", address)
 		}
 		defer f.Close()
 
-		cmd, err := newCommand(binary, daemonAddress, debug, config, f)
+		stdoutCopy := ioutil.Discard
+		stderrCopy := ioutil.Discard
+		stdoutLog, err := v1.OpenShimStdoutLog(ctx, config.WorkDir)
+		if err != nil {
+			return nil, nil, errors.Wrapf(err, "failed to create stdout log")
+		}
+
+		stderrLog, err := v1.OpenShimStderrLog(ctx, config.WorkDir)
+		if err != nil {
+			return nil, nil, errors.Wrapf(err, "failed to create stderr log")
+		}
+		if debug {
+			stdoutCopy = os.Stdout
+			stderrCopy = os.Stderr
+		}
+
+		go io.Copy(stdoutCopy, stdoutLog)
+		go io.Copy(stderrCopy, stderrLog)
+
+		cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -77,12 +110,27 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa
 		go func() {
 			cmd.Wait()
 			exitHandler()
+			if stdoutLog != nil {
+				stdoutLog.Close()
+			}
+			if stderrLog != nil {
+				stderrLog.Close()
+			}
+			socket.Close()
+			RemoveSocket(address)
 		}()
 		log.G(ctx).WithFields(logrus.Fields{
 			"pid":     cmd.Process.Pid,
 			"address": address,
 			"debug":   debug,
 		}).Infof("shim %s started", binary)
+
+		if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil {
+			return nil, nil, err
+		}
+		if err := writeFile(filepath.Join(config.Path, "shim.pid"), strconv.Itoa(cmd.Process.Pid)); err != nil {
+			return nil, nil, err
+		}
 		// set shim in cgroup if it is provided
 		if cgroup != "" {
 			if err := setCgroup(cgroup, cmd); err != nil {
@@ -93,8 +141,8 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa
 				"address": address,
 			}).Infof("shim placed in cgroup %s", cgroup)
 		}
-		if err = sys.SetOOMScore(cmd.Process.Pid, sys.OOMScoreMaxKillable); err != nil {
-			return nil, nil, errors.Wrap(err, "failed to set OOM Score on shim")
+		if err = setupOOMScore(cmd.Process.Pid); err != nil {
+			return nil, nil, err
 		}
 		c, clo, err := WithConnect(address, func() {})(ctx, config)
 		if err != nil {
@@ -104,7 +152,43 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa
 	}
 }
 
-func newCommand(binary, daemonAddress string, debug bool, config shim.Config, socket *os.File) (*exec.Cmd, error) {
+func eaddrinuse(err error) bool {
+	cause := errors.Cause(err)
+	netErr, ok := cause.(*net.OpError)
+	if !ok {
+		return false
+	}
+	if netErr.Op != "listen" {
+		return false
+	}
+	syscallErr, ok := netErr.Err.(*os.SyscallError)
+	if !ok {
+		return false
+	}
+	errno, ok := syscallErr.Err.(syscall.Errno)
+	if !ok {
+		return false
+	}
+	return errno == syscall.EADDRINUSE
+}
+
+// setupOOMScore gets containerd's oom score and adds +1 to it
+// to ensure a shim has a lower* score than the daemons
+// if not already at the maximum OOM Score
+func setupOOMScore(shimPid int) error {
+	pid := os.Getpid()
+	score, err := sys.GetOOMScoreAdj(pid)
+	if err != nil {
+		return errors.Wrap(err, "get daemon OOM score")
+	}
+	shimScore := score + 1
+	if err := sys.AdjustOOMScore(shimPid, shimScore); err != nil {
+		return errors.Wrap(err, "set shim OOM score")
+	}
+	return nil
+}
+
+func newCommand(binary, daemonAddress string, debug bool, config shim.Config, socket *os.File, stdout, stderr io.Writer) (*exec.Cmd, error) {
 	selfExe, err := os.Executable()
 	if err != nil {
 		return nil, err
@@ -137,43 +221,101 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so
 	cmd.SysProcAttr = getSysProcAttr()
 	cmd.ExtraFiles = append(cmd.ExtraFiles, socket)
 	cmd.Env = append(os.Environ(), "GOMAXPROCS=2")
-	if debug {
-		cmd.Stdout = os.Stdout
-		cmd.Stderr = os.Stderr
-	}
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
 	return cmd, nil
 }
 
+// writeFile writes a address file atomically
+func writeFile(path, address string) error {
+	path, err := filepath.Abs(path)
+	if err != nil {
+		return err
+	}
+	tempPath := filepath.Join(filepath.Dir(path), fmt.Sprintf(".%s", filepath.Base(path)))
+	f, err := os.OpenFile(tempPath, os.O_RDWR|os.O_CREATE|os.O_EXCL|os.O_SYNC, 0666)
+	if err != nil {
+		return err
+	}
+	_, err = f.WriteString(address)
+	f.Close()
+	if err != nil {
+		return err
+	}
+	return os.Rename(tempPath, path)
+}
+
+const (
+	abstractSocketPrefix = "\x00"
+	socketPathLimit      = 106
+)
+
+type socket string
+
+func (s socket) isAbstract() bool {
+	return !strings.HasPrefix(string(s), "unix://")
+}
+
+func (s socket) path() string {
+	path := strings.TrimPrefix(string(s), "unix://")
+	// if there was no trim performed, we assume an abstract socket
+	if len(path) == len(s) {
+		path = abstractSocketPrefix + path
+	}
+	return path
+}
+
 func newSocket(address string) (*net.UnixListener, error) {
-	if len(address) > 106 {
-		return nil, errors.Errorf("%q: unix socket path too long (> 106)", address)
+	if len(address) > socketPathLimit {
+		return nil, errors.Errorf("%q: unix socket path too long (> %d)", address, socketPathLimit)
 	}
-	l, err := net.Listen("unix", "\x00"+address)
+	var (
+		sock = socket(address)
+		path = sock.path()
+	)
+	if !sock.isAbstract() {
+		if err := os.MkdirAll(filepath.Dir(path), 0600); err != nil {
+			return nil, errors.Wrapf(err, "%s", path)
+		}
+	}
+	l, err := net.Listen("unix", path)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to listen to abstract unix socket %q", address)
+		return nil, errors.Wrapf(err, "failed to listen to unix socket %q (abstract: %t)", address, sock.isAbstract())
+	}
+	if err := os.Chmod(path, 0600); err != nil {
+		l.Close()
+		return nil, err
 	}
 
 	return l.(*net.UnixListener), nil
 }
 
+// RemoveSocket removes the socket at the specified address if
+// it exists on the filesystem
+func RemoveSocket(address string) error {
+	sock := socket(address)
+	if !sock.isAbstract() {
+		return os.Remove(sock.path())
+	}
+	return nil
+}
+
 func connect(address string, d func(string, time.Duration) (net.Conn, error)) (net.Conn, error) {
 	return d(address, 100*time.Second)
 }
 
-func annonDialer(address string, timeout time.Duration) (net.Conn, error) {
-	address = strings.TrimPrefix(address, "unix://")
-	return net.DialTimeout("unix", "\x00"+address, timeout)
+func anonDialer(address string, timeout time.Duration) (net.Conn, error) {
+	return dialer.Dialer(socket(address).path(), timeout)
 }
 
 // WithConnect connects to an existing shim
 func WithConnect(address string, onClose func()) Opt {
 	return func(ctx context.Context, config shim.Config) (shimapi.ShimService, io.Closer, error) {
-		conn, err := connect(address, annonDialer)
+		conn, err := connect(address, anonDialer)
 		if err != nil {
 			return nil, nil, err
 		}
-		client := ttrpc.NewClient(conn)
-		client.OnClose(onClose)
+		client := ttrpc.NewClient(conn, ttrpc.WithOnClose(onClose))
 		return shimapi.NewShimClient(client), conn, nil
 	}
 }
@@ -233,7 +375,7 @@ func (c *Client) KillShim(ctx context.Context) error {
 	return c.signalShim(ctx, unix.SIGKILL)
 }
 
-// Close the cient connection
+// Close the client connection
 func (c *Client) Close() error {
 	if c.c == nil {
 		return nil
@@ -258,21 +400,31 @@ func (c *Client) signalShim(ctx context.Context, sig syscall.Signal) error {
 	select {
 	case <-ctx.Done():
 		return ctx.Err()
-	case <-c.waitForExit(pid):
+	case <-c.waitForExit(ctx, pid):
 		return nil
 	}
 }
 
-func (c *Client) waitForExit(pid int) <-chan struct{} {
-	c.exitOnce.Do(func() {
+func (c *Client) waitForExit(ctx context.Context, pid int) <-chan struct{} {
+	go c.exitOnce.Do(func() {
+		defer close(c.exitCh)
+
+		ticker := time.NewTicker(10 * time.Millisecond)
+		defer ticker.Stop()
+
 		for {
 			// use kill(pid, 0) here because the shim could have been reparented
 			// and we are no longer able to waitpid(pid, ...) on the shim
 			if err := unix.Kill(pid, 0); err == unix.ESRCH {
-				close(c.exitCh)
 				return
 			}
-			time.Sleep(10 * time.Millisecond)
+
+			select {
+			case <-ticker.C:
+			case <-ctx.Done():
+				log.G(ctx).WithField("pid", pid).Warn("timed out while waiting for shim to exit")
+				return
+			}
 		}
 	})
 	return c.exitCh
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/reaper.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/reaper.go
deleted file mode 100644
index 2937f1a9ef201..0000000000000
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/reaper.go
+++ /dev/null
@@ -1,110 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package shim
-
-import (
-	"os/exec"
-	"sync"
-	"time"
-
-	"github.com/containerd/containerd/sys"
-	runc "github.com/containerd/go-runc"
-	"github.com/pkg/errors"
-)
-
-// ErrNoSuchProcess is returned when the process no longer exists
-var ErrNoSuchProcess = errors.New("no such process")
-
-const bufferSize = 32
-
-// Reap should be called when the process receives an SIGCHLD.  Reap will reap
-// all exited processes and close their wait channels
-func Reap() error {
-	now := time.Now()
-	exits, err := sys.Reap(false)
-	Default.Lock()
-	for c := range Default.subscribers {
-		for _, e := range exits {
-			c <- runc.Exit{
-				Timestamp: now,
-				Pid:       e.Pid,
-				Status:    e.Status,
-			}
-		}
-
-	}
-	Default.Unlock()
-	return err
-}
-
-// Default is the default monitor initialized for the package
-var Default = &Monitor{
-	subscribers: make(map[chan runc.Exit]struct{}),
-}
-
-// Monitor monitors the underlying system for process status changes
-type Monitor struct {
-	sync.Mutex
-
-	subscribers map[chan runc.Exit]struct{}
-}
-
-// Start starts the command a registers the process with the reaper
-func (m *Monitor) Start(c *exec.Cmd) (chan runc.Exit, error) {
-	ec := m.Subscribe()
-	if err := c.Start(); err != nil {
-		m.Unsubscribe(ec)
-		return nil, err
-	}
-	return ec, nil
-}
-
-// Wait blocks until a process is signal as dead.
-// User should rely on the value of the exit status to determine if the
-// command was successful or not.
-func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) {
-	for e := range ec {
-		if e.Pid == c.Process.Pid {
-			// make sure we flush all IO
-			c.Wait()
-			m.Unsubscribe(ec)
-			return e.Status, nil
-		}
-	}
-	// return no such process if the ec channel is closed and no more exit
-	// events will be sent
-	return -1, ErrNoSuchProcess
-}
-
-// Subscribe to process exit changes
-func (m *Monitor) Subscribe() chan runc.Exit {
-	c := make(chan runc.Exit, bufferSize)
-	m.Lock()
-	m.subscribers[c] = struct{}{}
-	m.Unlock()
-	return c
-}
-
-// Unsubscribe to process exit changes
-func (m *Monitor) Unsubscribe(c chan runc.Exit) {
-	m.Lock()
-	delete(m.subscribers, c)
-	close(c)
-	m.Unlock()
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go
index d76d5803d6830..50ac869d49976 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go
@@ -35,11 +35,12 @@ import (
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/pkg/process"
+	"github.com/containerd/containerd/pkg/stdio"
 	"github.com/containerd/containerd/runtime"
 	"github.com/containerd/containerd/runtime/linux/runctypes"
-	rproc "github.com/containerd/containerd/runtime/proc"
-	"github.com/containerd/containerd/runtime/v1/linux/proc"
 	shimapi "github.com/containerd/containerd/runtime/v1/shim/v1"
+	"github.com/containerd/containerd/sys/reaper"
 	runc "github.com/containerd/go-runc"
 	"github.com/containerd/typeurl"
 	ptypes "github.com/gogo/protobuf/types"
@@ -54,7 +55,7 @@ var (
 	empty   = &ptypes.Empty{}
 	bufPool = sync.Pool{
 		New: func() interface{} {
-			buffer := make([]byte, 32<<10)
+			buffer := make([]byte, 4096)
 			return &buffer
 		},
 	}
@@ -84,9 +85,9 @@ func NewService(config Config, publisher events.Publisher) (*Service, error) {
 	s := &Service{
 		config:    config,
 		context:   ctx,
-		processes: make(map[string]rproc.Process),
+		processes: make(map[string]process.Process),
 		events:    make(chan interface{}, 128),
-		ec:        Default.Subscribe(),
+		ec:        reaper.Default.Subscribe(),
 	}
 	go s.processExits()
 	if err := s.initPlatform(); err != nil {
@@ -102,9 +103,9 @@ type Service struct {
 
 	config    Config
 	context   context.Context
-	processes map[string]rproc.Process
+	processes map[string]process.Process
 	events    chan interface{}
-	platform  rproc.Platform
+	platform  stdio.Platform
 	ec        chan runc.Exit
 
 	// Filled by Create()
@@ -114,12 +115,9 @@ type Service struct {
 
 // Create a new initial process and container with the underlying OCI runtime
 func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *shimapi.CreateTaskResponse, err error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	var mounts []proc.Mount
+	var mounts []process.Mount
 	for _, m := range r.Rootfs {
-		mounts = append(mounts, proc.Mount{
+		mounts = append(mounts, process.Mount{
 			Type:    m.Type,
 			Source:  m.Source,
 			Target:  m.Target,
@@ -127,7 +125,15 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *
 		})
 	}
 
-	config := &proc.CreateConfig{
+	rootfs := ""
+	if len(mounts) > 0 {
+		rootfs = filepath.Join(r.Bundle, "rootfs")
+		if err := os.Mkdir(rootfs, 0711); err != nil && !os.IsExist(err) {
+			return nil, err
+		}
+	}
+
+	config := &process.CreateConfig{
 		ID:               r.ID,
 		Bundle:           r.Bundle,
 		Runtime:          r.Runtime,
@@ -140,7 +146,6 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *
 		ParentCheckpoint: r.ParentCheckpoint,
 		Options:          r.Options,
 	}
-	rootfs := filepath.Join(r.Bundle, "rootfs")
 	defer func() {
 		if err != nil {
 			if err2 := mount.UnmountAll(rootfs, 0); err2 != nil {
@@ -158,6 +163,10 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *
 			return nil, errors.Wrapf(err, "failed to mount rootfs component %v", m)
 		}
 	}
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
 	process, err := newInit(
 		ctx,
 		s.config.Path,
@@ -168,6 +177,7 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *
 		s.config.SystemdCgroup,
 		s.platform,
 		config,
+		rootfs,
 	)
 	if err != nil {
 		return nil, errdefs.ToGRPC(err)
@@ -187,11 +197,9 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *
 
 // Start a process
 func (s *Service) Start(ctx context.Context, r *shimapi.StartRequest) (*shimapi.StartResponse, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[r.ID]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process %s", r.ID)
+	p, err := s.getExecProcess(r.ID)
+	if err != nil {
+		return nil, err
 	}
 	if err := p.Start(ctx); err != nil {
 		return nil, err
@@ -204,16 +212,16 @@ func (s *Service) Start(ctx context.Context, r *shimapi.StartRequest) (*shimapi.
 
 // Delete the initial process and container
 func (s *Service) Delete(ctx context.Context, r *ptypes.Empty) (*shimapi.DeleteResponse, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[s.id]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
+	p, err := s.getInitProcess()
+	if err != nil {
+		return nil, err
 	}
 	if err := p.Delete(ctx); err != nil {
-		return nil, err
+		return nil, errdefs.ToGRPC(err)
 	}
+	s.mu.Lock()
 	delete(s.processes, s.id)
+	s.mu.Unlock()
 	s.platform.Close()
 	return &shimapi.DeleteResponse{
 		ExitStatus: uint32(p.ExitStatus()),
@@ -227,14 +235,12 @@ func (s *Service) DeleteProcess(ctx context.Context, r *shimapi.DeleteProcessReq
 	if r.ID == s.id {
 		return nil, status.Errorf(codes.InvalidArgument, "cannot delete init process with DeleteProcess")
 	}
-	s.mu.Lock()
-	p := s.processes[r.ID]
-	s.mu.Unlock()
-	if p == nil {
-		return nil, errors.Wrapf(errdefs.ErrNotFound, "process %s", r.ID)
+	p, err := s.getExecProcess(r.ID)
+	if err != nil {
+		return nil, err
 	}
 	if err := p.Delete(ctx); err != nil {
-		return nil, err
+		return nil, errdefs.ToGRPC(err)
 	}
 	s.mu.Lock()
 	delete(s.processes, r.ID)
@@ -249,18 +255,19 @@ func (s *Service) DeleteProcess(ctx context.Context, r *shimapi.DeleteProcessReq
 // Exec an additional process inside the container
 func (s *Service) Exec(ctx context.Context, r *shimapi.ExecProcessRequest) (*ptypes.Empty, error) {
 	s.mu.Lock()
-	defer s.mu.Unlock()
 
 	if p := s.processes[r.ID]; p != nil {
+		s.mu.Unlock()
 		return nil, errdefs.ToGRPCf(errdefs.ErrAlreadyExists, "id %s", r.ID)
 	}
 
 	p := s.processes[s.id]
+	s.mu.Unlock()
 	if p == nil {
 		return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
 	}
 
-	process, err := p.(*proc.Init).Exec(ctx, s.config.Path, &proc.ExecConfig{
+	process, err := p.(*process.Init).Exec(ctx, s.config.Path, &process.ExecConfig{
 		ID:       r.ID,
 		Terminal: r.Terminal,
 		Stdin:    r.Stdin,
@@ -271,14 +278,14 @@ func (s *Service) Exec(ctx context.Context, r *shimapi.ExecProcessRequest) (*pty
 	if err != nil {
 		return nil, errdefs.ToGRPC(err)
 	}
+	s.mu.Lock()
 	s.processes[r.ID] = process
+	s.mu.Unlock()
 	return empty, nil
 }
 
 // ResizePty of a process
 func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (*ptypes.Empty, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
 	if r.ID == "" {
 		return nil, errdefs.ToGRPCf(errdefs.ErrInvalidArgument, "id not provided")
 	}
@@ -286,7 +293,9 @@ func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (*
 		Width:  uint16(r.Width),
 		Height: uint16(r.Height),
 	}
+	s.mu.Lock()
 	p := s.processes[r.ID]
+	s.mu.Unlock()
 	if p == nil {
 		return nil, errors.Errorf("process does not exist %s", r.ID)
 	}
@@ -298,11 +307,9 @@ func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (*
 
 // State returns runtime state information for a process
 func (s *Service) State(ctx context.Context, r *shimapi.StateRequest) (*shimapi.StateResponse, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[r.ID]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process id %s", r.ID)
+	p, err := s.getExecProcess(r.ID)
+	if err != nil {
+		return nil, err
 	}
 	st, err := p.Status(ctx)
 	if err != nil {
@@ -338,13 +345,11 @@ func (s *Service) State(ctx context.Context, r *shimapi.StateRequest) (*shimapi.
 
 // Pause the container
 func (s *Service) Pause(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[s.id]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
+	p, err := s.getInitProcess()
+	if err != nil {
+		return nil, err
 	}
-	if err := p.(*proc.Init).Pause(ctx); err != nil {
+	if err := p.(*process.Init).Pause(ctx); err != nil {
 		return nil, err
 	}
 	return empty, nil
@@ -352,13 +357,11 @@ func (s *Service) Pause(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, er
 
 // Resume the container
 func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[s.id]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
+	p, err := s.getInitProcess()
+	if err != nil {
+		return nil, err
 	}
-	if err := p.(*proc.Init).Resume(ctx); err != nil {
+	if err := p.(*process.Init).Resume(ctx); err != nil {
 		return nil, err
 	}
 	return empty, nil
@@ -366,12 +369,10 @@ func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, e
 
 // Kill a process with the provided signal
 func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Empty, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
 	if r.ID == "" {
-		p := s.processes[s.id]
-		if p == nil {
-			return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
+		p, err := s.getInitProcess()
+		if err != nil {
+			return nil, err
 		}
 		if err := p.Kill(ctx, r.Signal, r.All); err != nil {
 			return nil, errdefs.ToGRPC(err)
@@ -379,9 +380,9 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp
 		return empty, nil
 	}
 
-	p := s.processes[r.ID]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process id %s not found", r.ID)
+	p, err := s.getExecProcess(r.ID)
+	if err != nil {
+		return nil, err
 	}
 	if err := p.Kill(ctx, r.Signal, r.All); err != nil {
 		return nil, errdefs.ToGRPC(err)
@@ -396,6 +397,9 @@ func (s *Service) ListPids(ctx context.Context, r *shimapi.ListPidsRequest) (*sh
 		return nil, errdefs.ToGRPC(err)
 	}
 	var processes []*task.ProcessInfo
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
 	for _, pid := range pids {
 		pInfo := task.ProcessInfo{
 			Pid: pid,
@@ -422,11 +426,9 @@ func (s *Service) ListPids(ctx context.Context, r *shimapi.ListPidsRequest) (*sh
 
 // CloseIO of a process
 func (s *Service) CloseIO(ctx context.Context, r *shimapi.CloseIORequest) (*ptypes.Empty, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[r.ID]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process does not exist %s", r.ID)
+	p, err := s.getExecProcess(r.ID)
+	if err != nil {
+		return nil, err
 	}
 	if stdin := p.Stdin(); stdin != nil {
 		if err := stdin.Close(); err != nil {
@@ -438,11 +440,9 @@ func (s *Service) CloseIO(ctx context.Context, r *shimapi.CloseIORequest) (*ptyp
 
 // Checkpoint the container
 func (s *Service) Checkpoint(ctx context.Context, r *shimapi.CheckpointTaskRequest) (*ptypes.Empty, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[s.id]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
+	p, err := s.getInitProcess()
+	if err != nil {
+		return nil, err
 	}
 	var options runctypes.CheckpointOptions
 	if r.Options != nil {
@@ -452,7 +452,7 @@ func (s *Service) Checkpoint(ctx context.Context, r *shimapi.CheckpointTaskReque
 		}
 		options = *v.(*runctypes.CheckpointOptions)
 	}
-	if err := p.(*proc.Init).Checkpoint(ctx, &proc.CheckpointConfig{
+	if err := p.(*process.Init).Checkpoint(ctx, &process.CheckpointConfig{
 		Path:                     r.Path,
 		Exit:                     options.Exit,
 		AllowOpenTCP:             options.OpenTcp,
@@ -460,6 +460,7 @@ func (s *Service) Checkpoint(ctx context.Context, r *shimapi.CheckpointTaskReque
 		AllowTerminal:            options.Terminal,
 		FileLocks:                options.FileLocks,
 		EmptyNamespaces:          options.EmptyNamespaces,
+		WorkDir:                  options.WorkPath,
 	}); err != nil {
 		return nil, errdefs.ToGRPC(err)
 	}
@@ -475,13 +476,11 @@ func (s *Service) ShimInfo(ctx context.Context, r *ptypes.Empty) (*shimapi.ShimI
 
 // Update a running container
 func (s *Service) Update(ctx context.Context, r *shimapi.UpdateTaskRequest) (*ptypes.Empty, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[s.id]
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
+	p, err := s.getInitProcess()
+	if err != nil {
+		return nil, err
 	}
-	if err := p.(*proc.Init).Update(ctx, r.Resources); err != nil {
+	if err := p.(*process.Init).Update(ctx, r.Resources); err != nil {
 		return nil, errdefs.ToGRPC(err)
 	}
 	return empty, nil
@@ -489,11 +488,9 @@ func (s *Service) Update(ctx context.Context, r *shimapi.UpdateTaskRequest) (*pt
 
 // Wait for a process to exit
 func (s *Service) Wait(ctx context.Context, r *shimapi.WaitRequest) (*shimapi.WaitResponse, error) {
-	s.mu.Lock()
-	p := s.processes[r.ID]
-	s.mu.Unlock()
-	if p == nil {
-		return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
+	p, err := s.getExecProcess(r.ID)
+	if err != nil {
+		return nil, err
 	}
 	p.Wait()
 
@@ -510,67 +507,67 @@ func (s *Service) processExits() {
 }
 
 func (s *Service) checkProcesses(e runc.Exit) {
+	var p process.Process
 	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	shouldKillAll, err := shouldKillAllOnExit(s.bundle)
-	if err != nil {
-		log.G(s.context).WithError(err).Error("failed to check shouldKillAll")
+	for _, proc := range s.processes {
+		if proc.Pid() == e.Pid {
+			p = proc
+			break
+		}
 	}
-
-	for _, p := range s.processes {
-		if p.Pid() == e.Pid {
-
-			if shouldKillAll {
-				if ip, ok := p.(*proc.Init); ok {
-					// Ensure all children are killed
-					if err := ip.KillAll(s.context); err != nil {
-						log.G(s.context).WithError(err).WithField("id", ip.ID()).
-							Error("failed to kill init's children")
-					}
-				}
-			}
-			p.SetExited(e.Status)
-			s.events <- &eventstypes.TaskExit{
-				ContainerID: s.id,
-				ID:          p.ID(),
-				Pid:         uint32(e.Pid),
-				ExitStatus:  uint32(e.Status),
-				ExitedAt:    p.ExitedAt(),
+	s.mu.Unlock()
+	if p == nil {
+		log.G(s.context).Debugf("process with id:%d wasn't found", e.Pid)
+		return
+	}
+	if ip, ok := p.(*process.Init); ok {
+		// Ensure all children are killed
+		if shouldKillAllOnExit(s.context, s.bundle) {
+			if err := ip.KillAll(s.context); err != nil {
+				log.G(s.context).WithError(err).WithField("id", ip.ID()).
+					Error("failed to kill init's children")
 			}
-			return
 		}
 	}
+
+	p.SetExited(e.Status)
+	s.events <- &eventstypes.TaskExit{
+		ContainerID: s.id,
+		ID:          p.ID(),
+		Pid:         uint32(e.Pid),
+		ExitStatus:  uint32(e.Status),
+		ExitedAt:    p.ExitedAt(),
+	}
 }
 
-func shouldKillAllOnExit(bundlePath string) (bool, error) {
+func shouldKillAllOnExit(ctx context.Context, bundlePath string) bool {
 	var bundleSpec specs.Spec
 	bundleConfigContents, err := ioutil.ReadFile(filepath.Join(bundlePath, "config.json"))
 	if err != nil {
-		return false, err
+		log.G(ctx).WithError(err).Error("shouldKillAllOnExit: failed to read config.json")
+		return true
+	}
+	if err := json.Unmarshal(bundleConfigContents, &bundleSpec); err != nil {
+		log.G(ctx).WithError(err).Error("shouldKillAllOnExit: failed to unmarshal bundle json")
+		return true
 	}
-	json.Unmarshal(bundleConfigContents, &bundleSpec)
-
 	if bundleSpec.Linux != nil {
 		for _, ns := range bundleSpec.Linux.Namespaces {
-			if ns.Type == specs.PIDNamespace {
-				return false, nil
+			if ns.Type == specs.PIDNamespace && ns.Path == "" {
+				return false
 			}
 		}
 	}
-
-	return true, nil
+	return true
 }
 
 func (s *Service) getContainerPids(ctx context.Context, id string) ([]uint32, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	p := s.processes[s.id]
-	if p == nil {
-		return nil, errors.Wrapf(errdefs.ErrFailedPrecondition, "container must be created")
+	p, err := s.getInitProcess()
+	if err != nil {
+		return nil, err
 	}
 
-	ps, err := p.(*proc.Init).Runtime().Ps(ctx, id)
+	ps, err := p.(*process.Init).Runtime().Ps(ctx, id)
 	if err != nil {
 		return nil, err
 	}
@@ -589,6 +586,30 @@ func (s *Service) forward(publisher events.Publisher) {
 	}
 }
 
+// getInitProcess returns initial process
+func (s *Service) getInitProcess() (process.Process, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	p := s.processes[s.id]
+	if p == nil {
+		return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
+	}
+	return p, nil
+}
+
+// getExecProcess returns exec process
+func (s *Service) getExecProcess(id string) (process.Process, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	p := s.processes[id]
+	if p == nil {
+		return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process %s does not exist", id)
+	}
+	return p, nil
+}
+
 func getTopic(ctx context.Context, e interface{}) string {
 	switch e.(type) {
 	case *eventstypes.TaskCreate:
@@ -617,7 +638,7 @@ func getTopic(ctx context.Context, e interface{}) string {
 	return runtime.TaskUnknownTopic
 }
 
-func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform rproc.Platform, r *proc.CreateConfig) (*proc.Init, error) {
+func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform stdio.Platform, r *process.CreateConfig, rootfs string) (*process.Init, error) {
 	var options runctypes.CreateOptions
 	if r.Options != nil {
 		v, err := typeurl.UnmarshalAny(r.Options)
@@ -627,9 +648,8 @@ func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu st
 		options = *v.(*runctypes.CreateOptions)
 	}
 
-	rootfs := filepath.Join(path, "rootfs")
-	runtime := proc.NewRunc(runtimeRoot, path, namespace, r.Runtime, criu, systemdCgroup)
-	p := proc.New(r.ID, runtime, rproc.Stdio{
+	runtime := process.NewRunc(runtimeRoot, path, namespace, r.Runtime, criu, systemdCgroup)
+	p := process.New(r.ID, runtime, stdio.Stdio{
 		Stdin:    r.Stdin,
 		Stdout:   r.Stdout,
 		Stderr:   r.Stderr,
@@ -643,5 +663,11 @@ func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu st
 	p.IoGID = int(options.IoGid)
 	p.NoPivotRoot = options.NoPivotRoot
 	p.NoNewKeyring = options.NoNewKeyring
+	p.CriuWorkPath = options.CriuWorkPath
+	if p.CriuWorkPath == "" {
+		// if criu work path not set, use container WorkDir
+		p.CriuWorkPath = p.WorkDir
+	}
+
 	return p, nil
 }
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go
index 18ae6503b4ee0..c0950049d6060 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go
@@ -19,10 +19,14 @@ package shim
 import (
 	"context"
 	"io"
+	"net/url"
+	"os"
 	"sync"
 	"syscall"
 
 	"github.com/containerd/console"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/pkg/process"
 	"github.com/containerd/fifo"
 	"github.com/pkg/errors"
 )
@@ -31,7 +35,7 @@ type linuxPlatform struct {
 	epoller *console.Epoller
 }
 
-func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg, cwg *sync.WaitGroup) (console.Console, error) {
+func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, id, stdin, stdout, stderr string, wg *sync.WaitGroup) (cons console.Console, retErr error) {
 	if p.epoller == nil {
 		return nil, errors.New("uninitialized epoller")
 	}
@@ -40,6 +44,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
 	if err != nil {
 		return nil, err
 	}
+	var cwg sync.WaitGroup
 
 	if stdin != "" {
 		in, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY, 0)
@@ -49,32 +54,107 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
 		cwg.Add(1)
 		go func() {
 			cwg.Done()
-			p := bufPool.Get().(*[]byte)
-			defer bufPool.Put(p)
-			io.CopyBuffer(epollConsole, in, *p)
+			bp := bufPool.Get().(*[]byte)
+			defer bufPool.Put(bp)
+			io.CopyBuffer(epollConsole, in, *bp)
+			// we need to shutdown epollConsole when pipe broken
+			epollConsole.Shutdown(p.epoller.CloseConsole)
+			epollConsole.Close()
 		}()
 	}
 
-	outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+	uri, err := url.Parse(stdout)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "unable to parse stdout uri")
 	}
-	outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
-	if err != nil {
-		return nil, err
+
+	switch uri.Scheme {
+	case "binary":
+		ns, err := namespaces.NamespaceRequired(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		cmd := process.NewBinaryCmd(uri, id, ns)
+
+		// In case of unexpected errors during logging binary start, close open pipes
+		var filesToClose []*os.File
+
+		defer func() {
+			if retErr != nil {
+				process.CloseFiles(filesToClose...)
+			}
+		}()
+
+		// Create pipe to be used by logging binary for Stdout
+		outR, outW, err := os.Pipe()
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to create stdout pipes")
+		}
+		filesToClose = append(filesToClose, outR)
+
+		// Stderr is created for logging binary but unused when terminal is true
+		serrR, _, err := os.Pipe()
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to create stderr pipes")
+		}
+		filesToClose = append(filesToClose, serrR)
+
+		r, w, err := os.Pipe()
+		if err != nil {
+			return nil, err
+		}
+		filesToClose = append(filesToClose, r)
+
+		cmd.ExtraFiles = append(cmd.ExtraFiles, outR, serrR, w)
+
+		wg.Add(1)
+		cwg.Add(1)
+		go func() {
+			cwg.Done()
+			io.Copy(outW, epollConsole)
+			outW.Close()
+			wg.Done()
+		}()
+
+		if err := cmd.Start(); err != nil {
+			return nil, errors.Wrap(err, "failed to start logging binary process")
+		}
+
+		// Close our side of the pipe after start
+		if err := w.Close(); err != nil {
+			return nil, errors.Wrap(err, "failed to close write pipe after start")
+		}
+
+		// Wait for the logging binary to be ready
+		b := make([]byte, 1)
+		if _, err := r.Read(b); err != nil && err != io.EOF {
+			return nil, errors.Wrap(err, "failed to read from logging binary")
+		}
+		cwg.Wait()
+
+	default:
+		outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+		if err != nil {
+			return nil, err
+		}
+		outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
+		if err != nil {
+			return nil, err
+		}
+		wg.Add(1)
+		cwg.Add(1)
+		go func() {
+			cwg.Done()
+			p := bufPool.Get().(*[]byte)
+			defer bufPool.Put(p)
+			io.CopyBuffer(outw, epollConsole, *p)
+			outw.Close()
+			outr.Close()
+			wg.Done()
+		}()
+		cwg.Wait()
 	}
-	wg.Add(1)
-	cwg.Add(1)
-	go func() {
-		cwg.Done()
-		p := bufPool.Get().(*[]byte)
-		defer bufPool.Put(p)
-		io.CopyBuffer(outw, epollConsole, *p)
-		epollConsole.Close()
-		outr.Close()
-		outw.Close()
-		wg.Done()
-	}()
 	return epollConsole, nil
 }
 
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_unix.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_unix.go
index 708e45c296330..d96ecd60daf62 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_unix.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_unix.go
@@ -21,17 +21,23 @@ package shim
 import (
 	"context"
 	"io"
+	"net/url"
+	"os"
 	"sync"
 	"syscall"
 
 	"github.com/containerd/console"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/pkg/process"
 	"github.com/containerd/fifo"
+	"github.com/pkg/errors"
 )
 
 type unixPlatform struct {
 }
 
-func (p *unixPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg, cwg *sync.WaitGroup) (console.Console, error) {
+func (p *unixPlatform) CopyConsole(ctx context.Context, console console.Console, id, stdin, stdout, stderr string, wg *sync.WaitGroup) (cons console.Console, retErr error) {
+	var cwg sync.WaitGroup
 	if stdin != "" {
 		in, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY, 0)
 		if err != nil {
@@ -46,27 +52,97 @@ func (p *unixPlatform) CopyConsole(ctx context.Context, console console.Console,
 			io.CopyBuffer(console, in, *p)
 		}()
 	}
-	outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+	uri, err := url.Parse(stdout)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "unable to parse stdout uri")
 	}
-	outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
-	if err != nil {
-		return nil, err
+
+	switch uri.Scheme {
+	case "binary":
+		ns, err := namespaces.NamespaceRequired(ctx)
+		if err != nil {
+			return nil, err
+		}
+		cmd := process.NewBinaryCmd(uri, id, ns)
+
+		// In case of unexpected errors during logging binary start, close open pipes
+		var filesToClose []*os.File
+
+		defer func() {
+			if retErr != nil {
+				process.CloseFiles(filesToClose...)
+			}
+		}()
+
+		// Create pipe to be used by logging binary for Stdout
+		outR, outW, err := os.Pipe()
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to create stdout pipes")
+		}
+		filesToClose = append(filesToClose, outR)
+
+		// Stderr is created for logging binary but unused when terminal is true
+		serrR, _, err := os.Pipe()
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to create stderr pipes")
+		}
+		filesToClose = append(filesToClose, serrR)
+
+		r, w, err := os.Pipe()
+		if err != nil {
+			return nil, err
+		}
+		filesToClose = append(filesToClose, r)
+
+		cmd.ExtraFiles = append(cmd.ExtraFiles, outR, serrR, w)
+
+		wg.Add(1)
+		cwg.Add(1)
+		go func() {
+			cwg.Done()
+			io.Copy(outW, console)
+			outW.Close()
+			wg.Done()
+		}()
+
+		if err := cmd.Start(); err != nil {
+			return nil, errors.Wrap(err, "failed to start logging binary process")
+		}
+
+		// Close our side of the pipe after start
+		if err := w.Close(); err != nil {
+			return nil, errors.Wrap(err, "failed to close write pipe after start")
+		}
+
+		// Wait for the logging binary to be ready
+		b := make([]byte, 1)
+		if _, err := r.Read(b); err != nil && err != io.EOF {
+			return nil, errors.Wrap(err, "failed to read from logging binary")
+		}
+		cwg.Wait()
+
+	default:
+		outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+		if err != nil {
+			return nil, err
+		}
+		outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
+		if err != nil {
+			return nil, err
+		}
+		wg.Add(1)
+		cwg.Add(1)
+		go func() {
+			cwg.Done()
+			p := bufPool.Get().(*[]byte)
+			defer bufPool.Put(p)
+			io.CopyBuffer(outw, console, *p)
+			outw.Close()
+			outr.Close()
+			wg.Done()
+		}()
+		cwg.Wait()
 	}
-	wg.Add(1)
-	cwg.Add(1)
-	go func() {
-		cwg.Done()
-		p := bufPool.Get().(*[]byte)
-		defer bufPool.Put(p)
-
-		io.CopyBuffer(outw, console, *p)
-		console.Close()
-		outr.Close()
-		outw.Close()
-		wg.Done()
-	}()
 	return console, nil
 }
 
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/v1/shim.pb.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/v1/shim.pb.go
index 9bd2889ba7a3d..dbc82599d6bdd 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/v1/shim.pb.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/v1/shim.pb.go
@@ -1,58 +1,24 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/containerd/containerd/runtime/v1/shim/v1/shim.proto
 
-/*
-	Package shim is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/runtime/v1/shim/v1/shim.proto
-
-	It has these top-level messages:
-		CreateTaskRequest
-		CreateTaskResponse
-		DeleteResponse
-		DeleteProcessRequest
-		ExecProcessRequest
-		ExecProcessResponse
-		ResizePtyRequest
-		StateRequest
-		StateResponse
-		KillRequest
-		CloseIORequest
-		ListPidsRequest
-		ListPidsResponse
-		CheckpointTaskRequest
-		ShimInfoResponse
-		UpdateTaskRequest
-		StartRequest
-		StartResponse
-		WaitRequest
-		WaitResponse
-*/
 package shim
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/types"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/gogo/protobuf/types"
-import containerd_types "github.com/containerd/containerd/api/types"
-import containerd_v1_types "github.com/containerd/containerd/api/types/task"
-
-import time "time"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import context "context"
-import ttrpc "github.com/containerd/ttrpc"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	types "github.com/containerd/containerd/api/types"
+	task "github.com/containerd/containerd/api/types/task"
+	github_com_containerd_ttrpc "github.com/containerd/ttrpc"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types1 "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -64,200 +30,820 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type CreateTaskRequest struct {
-	ID               string                    `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Bundle           string                    `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"`
-	Runtime          string                    `protobuf:"bytes,3,opt,name=runtime,proto3" json:"runtime,omitempty"`
-	Rootfs           []*containerd_types.Mount `protobuf:"bytes,4,rep,name=rootfs" json:"rootfs,omitempty"`
-	Terminal         bool                      `protobuf:"varint,5,opt,name=terminal,proto3" json:"terminal,omitempty"`
-	Stdin            string                    `protobuf:"bytes,6,opt,name=stdin,proto3" json:"stdin,omitempty"`
-	Stdout           string                    `protobuf:"bytes,7,opt,name=stdout,proto3" json:"stdout,omitempty"`
-	Stderr           string                    `protobuf:"bytes,8,opt,name=stderr,proto3" json:"stderr,omitempty"`
-	Checkpoint       string                    `protobuf:"bytes,9,opt,name=checkpoint,proto3" json:"checkpoint,omitempty"`
-	ParentCheckpoint string                    `protobuf:"bytes,10,opt,name=parent_checkpoint,json=parentCheckpoint,proto3" json:"parent_checkpoint,omitempty"`
-	Options          *google_protobuf.Any      `protobuf:"bytes,11,opt,name=options" json:"options,omitempty"`
-}
-
-func (m *CreateTaskRequest) Reset()                    { *m = CreateTaskRequest{} }
-func (*CreateTaskRequest) ProtoMessage()               {}
-func (*CreateTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{0} }
+	ID                   string         `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Bundle               string         `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"`
+	Runtime              string         `protobuf:"bytes,3,opt,name=runtime,proto3" json:"runtime,omitempty"`
+	Rootfs               []*types.Mount `protobuf:"bytes,4,rep,name=rootfs,proto3" json:"rootfs,omitempty"`
+	Terminal             bool           `protobuf:"varint,5,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	Stdin                string         `protobuf:"bytes,6,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	Stdout               string         `protobuf:"bytes,7,opt,name=stdout,proto3" json:"stdout,omitempty"`
+	Stderr               string         `protobuf:"bytes,8,opt,name=stderr,proto3" json:"stderr,omitempty"`
+	Checkpoint           string         `protobuf:"bytes,9,opt,name=checkpoint,proto3" json:"checkpoint,omitempty"`
+	ParentCheckpoint     string         `protobuf:"bytes,10,opt,name=parent_checkpoint,json=parentCheckpoint,proto3" json:"parent_checkpoint,omitempty"`
+	Options              *types1.Any    `protobuf:"bytes,11,opt,name=options,proto3" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *CreateTaskRequest) Reset()      { *m = CreateTaskRequest{} }
+func (*CreateTaskRequest) ProtoMessage() {}
+func (*CreateTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{0}
+}
+func (m *CreateTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateTaskRequest.Merge(m, src)
+}
+func (m *CreateTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateTaskRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateTaskRequest proto.InternalMessageInfo
 
 type CreateTaskResponse struct {
-	Pid uint32 `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"`
+	Pid                  uint32   `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateTaskResponse) Reset()      { *m = CreateTaskResponse{} }
+func (*CreateTaskResponse) ProtoMessage() {}
+func (*CreateTaskResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{1}
+}
+func (m *CreateTaskResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateTaskResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateTaskResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateTaskResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateTaskResponse.Merge(m, src)
+}
+func (m *CreateTaskResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateTaskResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateTaskResponse.DiscardUnknown(m)
 }
 
-func (m *CreateTaskResponse) Reset()                    { *m = CreateTaskResponse{} }
-func (*CreateTaskResponse) ProtoMessage()               {}
-func (*CreateTaskResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{1} }
+var xxx_messageInfo_CreateTaskResponse proto.InternalMessageInfo
 
 type DeleteResponse struct {
-	Pid        uint32    `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"`
-	ExitStatus uint32    `protobuf:"varint,2,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
-	ExitedAt   time.Time `protobuf:"bytes,3,opt,name=exited_at,json=exitedAt,stdtime" json:"exited_at"`
+	Pid                  uint32    `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"`
+	ExitStatus           uint32    `protobuf:"varint,2,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
+	ExitedAt             time.Time `protobuf:"bytes,3,opt,name=exited_at,json=exitedAt,proto3,stdtime" json:"exited_at"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *DeleteResponse) Reset()      { *m = DeleteResponse{} }
+func (*DeleteResponse) ProtoMessage() {}
+func (*DeleteResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{2}
+}
+func (m *DeleteResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteResponse.Merge(m, src)
+}
+func (m *DeleteResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteResponse.DiscardUnknown(m)
 }
 
-func (m *DeleteResponse) Reset()                    { *m = DeleteResponse{} }
-func (*DeleteResponse) ProtoMessage()               {}
-func (*DeleteResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{2} }
+var xxx_messageInfo_DeleteResponse proto.InternalMessageInfo
 
 type DeleteProcessRequest struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteProcessRequest) Reset()      { *m = DeleteProcessRequest{} }
+func (*DeleteProcessRequest) ProtoMessage() {}
+func (*DeleteProcessRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{3}
+}
+func (m *DeleteProcessRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DeleteProcessRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DeleteProcessRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DeleteProcessRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteProcessRequest.Merge(m, src)
+}
+func (m *DeleteProcessRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DeleteProcessRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteProcessRequest.DiscardUnknown(m)
 }
 
-func (m *DeleteProcessRequest) Reset()                    { *m = DeleteProcessRequest{} }
-func (*DeleteProcessRequest) ProtoMessage()               {}
-func (*DeleteProcessRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{3} }
+var xxx_messageInfo_DeleteProcessRequest proto.InternalMessageInfo
 
 type ExecProcessRequest struct {
-	ID       string               `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Terminal bool                 `protobuf:"varint,2,opt,name=terminal,proto3" json:"terminal,omitempty"`
-	Stdin    string               `protobuf:"bytes,3,opt,name=stdin,proto3" json:"stdin,omitempty"`
-	Stdout   string               `protobuf:"bytes,4,opt,name=stdout,proto3" json:"stdout,omitempty"`
-	Stderr   string               `protobuf:"bytes,5,opt,name=stderr,proto3" json:"stderr,omitempty"`
-	Spec     *google_protobuf.Any `protobuf:"bytes,6,opt,name=spec" json:"spec,omitempty"`
+	ID                   string      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Terminal             bool        `protobuf:"varint,2,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	Stdin                string      `protobuf:"bytes,3,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	Stdout               string      `protobuf:"bytes,4,opt,name=stdout,proto3" json:"stdout,omitempty"`
+	Stderr               string      `protobuf:"bytes,5,opt,name=stderr,proto3" json:"stderr,omitempty"`
+	Spec                 *types1.Any `protobuf:"bytes,6,opt,name=spec,proto3" json:"spec,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *ExecProcessRequest) Reset()      { *m = ExecProcessRequest{} }
+func (*ExecProcessRequest) ProtoMessage() {}
+func (*ExecProcessRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{4}
+}
+func (m *ExecProcessRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExecProcessRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ExecProcessRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ExecProcessRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExecProcessRequest.Merge(m, src)
+}
+func (m *ExecProcessRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExecProcessRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExecProcessRequest.DiscardUnknown(m)
 }
 
-func (m *ExecProcessRequest) Reset()                    { *m = ExecProcessRequest{} }
-func (*ExecProcessRequest) ProtoMessage()               {}
-func (*ExecProcessRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{4} }
+var xxx_messageInfo_ExecProcessRequest proto.InternalMessageInfo
 
 type ExecProcessResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *ExecProcessResponse) Reset()                    { *m = ExecProcessResponse{} }
-func (*ExecProcessResponse) ProtoMessage()               {}
-func (*ExecProcessResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{5} }
+func (m *ExecProcessResponse) Reset()      { *m = ExecProcessResponse{} }
+func (*ExecProcessResponse) ProtoMessage() {}
+func (*ExecProcessResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{5}
+}
+func (m *ExecProcessResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExecProcessResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ExecProcessResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ExecProcessResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExecProcessResponse.Merge(m, src)
+}
+func (m *ExecProcessResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExecProcessResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExecProcessResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExecProcessResponse proto.InternalMessageInfo
 
 type ResizePtyRequest struct {
-	ID     string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Width  uint32 `protobuf:"varint,2,opt,name=width,proto3" json:"width,omitempty"`
-	Height uint32 `protobuf:"varint,3,opt,name=height,proto3" json:"height,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Width                uint32   `protobuf:"varint,2,opt,name=width,proto3" json:"width,omitempty"`
+	Height               uint32   `protobuf:"varint,3,opt,name=height,proto3" json:"height,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ResizePtyRequest) Reset()      { *m = ResizePtyRequest{} }
+func (*ResizePtyRequest) ProtoMessage() {}
+func (*ResizePtyRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{6}
+}
+func (m *ResizePtyRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResizePtyRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResizePtyRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResizePtyRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResizePtyRequest.Merge(m, src)
+}
+func (m *ResizePtyRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResizePtyRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResizePtyRequest.DiscardUnknown(m)
 }
 
-func (m *ResizePtyRequest) Reset()                    { *m = ResizePtyRequest{} }
-func (*ResizePtyRequest) ProtoMessage()               {}
-func (*ResizePtyRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{6} }
+var xxx_messageInfo_ResizePtyRequest proto.InternalMessageInfo
 
 type StateRequest struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StateRequest) Reset()      { *m = StateRequest{} }
+func (*StateRequest) ProtoMessage() {}
+func (*StateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{7}
+}
+func (m *StateRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StateRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StateRequest.Merge(m, src)
+}
+func (m *StateRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *StateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_StateRequest.DiscardUnknown(m)
 }
 
-func (m *StateRequest) Reset()                    { *m = StateRequest{} }
-func (*StateRequest) ProtoMessage()               {}
-func (*StateRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{7} }
+var xxx_messageInfo_StateRequest proto.InternalMessageInfo
 
 type StateResponse struct {
-	ID         string                     `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Bundle     string                     `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"`
-	Pid        uint32                     `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
-	Status     containerd_v1_types.Status `protobuf:"varint,4,opt,name=status,proto3,enum=containerd.v1.types.Status" json:"status,omitempty"`
-	Stdin      string                     `protobuf:"bytes,5,opt,name=stdin,proto3" json:"stdin,omitempty"`
-	Stdout     string                     `protobuf:"bytes,6,opt,name=stdout,proto3" json:"stdout,omitempty"`
-	Stderr     string                     `protobuf:"bytes,7,opt,name=stderr,proto3" json:"stderr,omitempty"`
-	Terminal   bool                       `protobuf:"varint,8,opt,name=terminal,proto3" json:"terminal,omitempty"`
-	ExitStatus uint32                     `protobuf:"varint,9,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
-	ExitedAt   time.Time                  `protobuf:"bytes,10,opt,name=exited_at,json=exitedAt,stdtime" json:"exited_at"`
-}
-
-func (m *StateResponse) Reset()                    { *m = StateResponse{} }
-func (*StateResponse) ProtoMessage()               {}
-func (*StateResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{8} }
+	ID                   string      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Bundle               string      `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"`
+	Pid                  uint32      `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
+	Status               task.Status `protobuf:"varint,4,opt,name=status,proto3,enum=containerd.v1.types.Status" json:"status,omitempty"`
+	Stdin                string      `protobuf:"bytes,5,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	Stdout               string      `protobuf:"bytes,6,opt,name=stdout,proto3" json:"stdout,omitempty"`
+	Stderr               string      `protobuf:"bytes,7,opt,name=stderr,proto3" json:"stderr,omitempty"`
+	Terminal             bool        `protobuf:"varint,8,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	ExitStatus           uint32      `protobuf:"varint,9,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
+	ExitedAt             time.Time   `protobuf:"bytes,10,opt,name=exited_at,json=exitedAt,proto3,stdtime" json:"exited_at"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *StateResponse) Reset()      { *m = StateResponse{} }
+func (*StateResponse) ProtoMessage() {}
+func (*StateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{8}
+}
+func (m *StateResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StateResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StateResponse.Merge(m, src)
+}
+func (m *StateResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *StateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_StateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_StateResponse proto.InternalMessageInfo
 
 type KillRequest struct {
-	ID     string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Signal uint32 `protobuf:"varint,2,opt,name=signal,proto3" json:"signal,omitempty"`
-	All    bool   `protobuf:"varint,3,opt,name=all,proto3" json:"all,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Signal               uint32   `protobuf:"varint,2,opt,name=signal,proto3" json:"signal,omitempty"`
+	All                  bool     `protobuf:"varint,3,opt,name=all,proto3" json:"all,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *KillRequest) Reset()      { *m = KillRequest{} }
+func (*KillRequest) ProtoMessage() {}
+func (*KillRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{9}
+}
+func (m *KillRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *KillRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_KillRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *KillRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_KillRequest.Merge(m, src)
+}
+func (m *KillRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *KillRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_KillRequest.DiscardUnknown(m)
 }
 
-func (m *KillRequest) Reset()                    { *m = KillRequest{} }
-func (*KillRequest) ProtoMessage()               {}
-func (*KillRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{9} }
+var xxx_messageInfo_KillRequest proto.InternalMessageInfo
 
 type CloseIORequest struct {
-	ID    string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Stdin bool   `protobuf:"varint,2,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Stdin                bool     `protobuf:"varint,2,opt,name=stdin,proto3" json:"stdin,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CloseIORequest) Reset()      { *m = CloseIORequest{} }
+func (*CloseIORequest) ProtoMessage() {}
+func (*CloseIORequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{10}
+}
+func (m *CloseIORequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CloseIORequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CloseIORequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CloseIORequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CloseIORequest.Merge(m, src)
+}
+func (m *CloseIORequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CloseIORequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CloseIORequest.DiscardUnknown(m)
 }
 
-func (m *CloseIORequest) Reset()                    { *m = CloseIORequest{} }
-func (*CloseIORequest) ProtoMessage()               {}
-func (*CloseIORequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{10} }
+var xxx_messageInfo_CloseIORequest proto.InternalMessageInfo
 
 type ListPidsRequest struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListPidsRequest) Reset()      { *m = ListPidsRequest{} }
+func (*ListPidsRequest) ProtoMessage() {}
+func (*ListPidsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{11}
+}
+func (m *ListPidsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListPidsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListPidsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListPidsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListPidsRequest.Merge(m, src)
+}
+func (m *ListPidsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListPidsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListPidsRequest.DiscardUnknown(m)
 }
 
-func (m *ListPidsRequest) Reset()                    { *m = ListPidsRequest{} }
-func (*ListPidsRequest) ProtoMessage()               {}
-func (*ListPidsRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{11} }
+var xxx_messageInfo_ListPidsRequest proto.InternalMessageInfo
 
 type ListPidsResponse struct {
-	Processes []*containerd_v1_types.ProcessInfo `protobuf:"bytes,1,rep,name=processes" json:"processes,omitempty"`
+	Processes            []*task.ProcessInfo `protobuf:"bytes,1,rep,name=processes,proto3" json:"processes,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
+	XXX_unrecognized     []byte              `json:"-"`
+	XXX_sizecache        int32               `json:"-"`
+}
+
+func (m *ListPidsResponse) Reset()      { *m = ListPidsResponse{} }
+func (*ListPidsResponse) ProtoMessage() {}
+func (*ListPidsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{12}
+}
+func (m *ListPidsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListPidsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListPidsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListPidsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListPidsResponse.Merge(m, src)
+}
+func (m *ListPidsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListPidsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListPidsResponse.DiscardUnknown(m)
 }
 
-func (m *ListPidsResponse) Reset()                    { *m = ListPidsResponse{} }
-func (*ListPidsResponse) ProtoMessage()               {}
-func (*ListPidsResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{12} }
+var xxx_messageInfo_ListPidsResponse proto.InternalMessageInfo
 
 type CheckpointTaskRequest struct {
-	Path    string               `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-	Options *google_protobuf.Any `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
+	Path                 string      `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
+	Options              *types1.Any `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *CheckpointTaskRequest) Reset()      { *m = CheckpointTaskRequest{} }
+func (*CheckpointTaskRequest) ProtoMessage() {}
+func (*CheckpointTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{13}
+}
+func (m *CheckpointTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CheckpointTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CheckpointTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CheckpointTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CheckpointTaskRequest.Merge(m, src)
+}
+func (m *CheckpointTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CheckpointTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CheckpointTaskRequest.DiscardUnknown(m)
 }
 
-func (m *CheckpointTaskRequest) Reset()                    { *m = CheckpointTaskRequest{} }
-func (*CheckpointTaskRequest) ProtoMessage()               {}
-func (*CheckpointTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{13} }
+var xxx_messageInfo_CheckpointTaskRequest proto.InternalMessageInfo
 
 type ShimInfoResponse struct {
-	ShimPid uint32 `protobuf:"varint,1,opt,name=shim_pid,json=shimPid,proto3" json:"shim_pid,omitempty"`
+	ShimPid              uint32   `protobuf:"varint,1,opt,name=shim_pid,json=shimPid,proto3" json:"shim_pid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ShimInfoResponse) Reset()      { *m = ShimInfoResponse{} }
+func (*ShimInfoResponse) ProtoMessage() {}
+func (*ShimInfoResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{14}
+}
+func (m *ShimInfoResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ShimInfoResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ShimInfoResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ShimInfoResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ShimInfoResponse.Merge(m, src)
+}
+func (m *ShimInfoResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ShimInfoResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ShimInfoResponse.DiscardUnknown(m)
 }
 
-func (m *ShimInfoResponse) Reset()                    { *m = ShimInfoResponse{} }
-func (*ShimInfoResponse) ProtoMessage()               {}
-func (*ShimInfoResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{14} }
+var xxx_messageInfo_ShimInfoResponse proto.InternalMessageInfo
 
 type UpdateTaskRequest struct {
-	Resources *google_protobuf.Any `protobuf:"bytes,1,opt,name=resources" json:"resources,omitempty"`
+	Resources            *types1.Any `protobuf:"bytes,1,opt,name=resources,proto3" json:"resources,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *UpdateTaskRequest) Reset()      { *m = UpdateTaskRequest{} }
+func (*UpdateTaskRequest) ProtoMessage() {}
+func (*UpdateTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{15}
+}
+func (m *UpdateTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateTaskRequest.Merge(m, src)
+}
+func (m *UpdateTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateTaskRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateTaskRequest) Reset()                    { *m = UpdateTaskRequest{} }
-func (*UpdateTaskRequest) ProtoMessage()               {}
-func (*UpdateTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{15} }
+var xxx_messageInfo_UpdateTaskRequest proto.InternalMessageInfo
 
 type StartRequest struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StartRequest) Reset()      { *m = StartRequest{} }
+func (*StartRequest) ProtoMessage() {}
+func (*StartRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{16}
+}
+func (m *StartRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StartRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StartRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StartRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StartRequest.Merge(m, src)
+}
+func (m *StartRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *StartRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_StartRequest.DiscardUnknown(m)
 }
 
-func (m *StartRequest) Reset()                    { *m = StartRequest{} }
-func (*StartRequest) ProtoMessage()               {}
-func (*StartRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{16} }
+var xxx_messageInfo_StartRequest proto.InternalMessageInfo
 
 type StartResponse struct {
-	ID  string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Pid uint32 `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Pid                  uint32   `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StartResponse) Reset()      { *m = StartResponse{} }
+func (*StartResponse) ProtoMessage() {}
+func (*StartResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{17}
+}
+func (m *StartResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StartResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StartResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StartResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StartResponse.Merge(m, src)
+}
+func (m *StartResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *StartResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_StartResponse.DiscardUnknown(m)
 }
 
-func (m *StartResponse) Reset()                    { *m = StartResponse{} }
-func (*StartResponse) ProtoMessage()               {}
-func (*StartResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{17} }
+var xxx_messageInfo_StartResponse proto.InternalMessageInfo
 
 type WaitRequest struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *WaitRequest) Reset()      { *m = WaitRequest{} }
+func (*WaitRequest) ProtoMessage() {}
+func (*WaitRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{18}
+}
+func (m *WaitRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WaitRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WaitRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WaitRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WaitRequest.Merge(m, src)
+}
+func (m *WaitRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *WaitRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_WaitRequest.DiscardUnknown(m)
 }
 
-func (m *WaitRequest) Reset()                    { *m = WaitRequest{} }
-func (*WaitRequest) ProtoMessage()               {}
-func (*WaitRequest) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{18} }
+var xxx_messageInfo_WaitRequest proto.InternalMessageInfo
 
 type WaitResponse struct {
-	ExitStatus uint32    `protobuf:"varint,1,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
-	ExitedAt   time.Time `protobuf:"bytes,2,opt,name=exited_at,json=exitedAt,stdtime" json:"exited_at"`
+	ExitStatus           uint32    `protobuf:"varint,1,opt,name=exit_status,json=exitStatus,proto3" json:"exit_status,omitempty"`
+	ExitedAt             time.Time `protobuf:"bytes,2,opt,name=exited_at,json=exitedAt,proto3,stdtime" json:"exited_at"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *WaitResponse) Reset()      { *m = WaitResponse{} }
+func (*WaitResponse) ProtoMessage() {}
+func (*WaitResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_be1b2ef30ea3b8ef, []int{19}
+}
+func (m *WaitResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WaitResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WaitResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WaitResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WaitResponse.Merge(m, src)
+}
+func (m *WaitResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *WaitResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_WaitResponse.DiscardUnknown(m)
 }
 
-func (m *WaitResponse) Reset()                    { *m = WaitResponse{} }
-func (*WaitResponse) ProtoMessage()               {}
-func (*WaitResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{19} }
+var xxx_messageInfo_WaitResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*CreateTaskRequest)(nil), "containerd.runtime.linux.shim.v1.CreateTaskRequest")
@@ -281,10 +867,90 @@ func init() {
 	proto.RegisterType((*WaitRequest)(nil), "containerd.runtime.linux.shim.v1.WaitRequest")
 	proto.RegisterType((*WaitResponse)(nil), "containerd.runtime.linux.shim.v1.WaitResponse")
 }
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/runtime/v1/shim/v1/shim.proto", fileDescriptor_be1b2ef30ea3b8ef)
+}
+
+var fileDescriptor_be1b2ef30ea3b8ef = []byte{
+	// 1133 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4f, 0x4f, 0x1b, 0x47,
+	0x14, 0x67, 0x17, 0xff, 0x7d, 0x8e, 0x29, 0x4c, 0x09, 0xdd, 0x38, 0x92, 0xb1, 0x56, 0x6a, 0x44,
+	0x55, 0x65, 0x5d, 0x4c, 0x95, 0xa4, 0xad, 0x84, 0x04, 0x24, 0xaa, 0x50, 0x1b, 0x05, 0x2d, 0xa4,
+	0x89, 0x5a, 0x55, 0x68, 0xf1, 0x0e, 0xf6, 0x08, 0x7b, 0x67, 0xb3, 0x33, 0x4b, 0xa1, 0xa7, 0x9e,
+	0x7a, 0xee, 0xc7, 0xe9, 0x47, 0xe0, 0x90, 0x43, 0x8f, 0x3d, 0xa5, 0x0d, 0xf7, 0x7e, 0x87, 0x6a,
+	0xfe, 0x18, 0xaf, 0x6d, 0x36, 0xbb, 0x70, 0xc1, 0xfb, 0x66, 0x7e, 0x6f, 0xe6, 0xcd, 0xfb, 0xfd,
+	0xe6, 0xbd, 0x01, 0x36, 0x7b, 0x84, 0xf7, 0xe3, 0x23, 0xa7, 0x4b, 0x87, 0xed, 0x2e, 0x0d, 0xb8,
+	0x47, 0x02, 0x1c, 0xf9, 0xc9, 0xcf, 0x28, 0x0e, 0x38, 0x19, 0xe2, 0xf6, 0xe9, 0x7a, 0x9b, 0xf5,
+	0xc9, 0x70, 0xf4, 0xeb, 0x84, 0x11, 0xe5, 0x14, 0xb5, 0xc6, 0x48, 0x47, 0x23, 0x9d, 0x01, 0x09,
+	0xe2, 0x33, 0x47, 0x82, 0x4e, 0xd7, 0x1b, 0xf7, 0x7a, 0x94, 0xf6, 0x06, 0xb8, 0x2d, 0xf1, 0x47,
+	0xf1, 0x71, 0xdb, 0x0b, 0xce, 0x95, 0x73, 0xe3, 0xfe, 0xf4, 0x14, 0x1e, 0x86, 0x7c, 0x34, 0xb9,
+	0xdc, 0xa3, 0x3d, 0x2a, 0x3f, 0xdb, 0xe2, 0x4b, 0x8f, 0xae, 0x4e, 0xbb, 0x88, 0x1d, 0x19, 0xf7,
+	0x86, 0xa1, 0x06, 0x3c, 0xca, 0x3c, 0x90, 0x17, 0x92, 0x36, 0x3f, 0x0f, 0x31, 0x6b, 0x0f, 0x69,
+	0x1c, 0x70, 0xed, 0xf7, 0xf5, 0x0d, 0xfc, 0xb8, 0xc7, 0x4e, 0xe4, 0x1f, 0xe5, 0x6b, 0xff, 0x67,
+	0xc2, 0xd2, 0x4e, 0x84, 0x3d, 0x8e, 0x0f, 0x3c, 0x76, 0xe2, 0xe2, 0x37, 0x31, 0x66, 0x1c, 0xad,
+	0x80, 0x49, 0x7c, 0xcb, 0x68, 0x19, 0x6b, 0xd5, 0xed, 0xd2, 0xe5, 0xbb, 0x55, 0x73, 0xf7, 0xa9,
+	0x6b, 0x12, 0x1f, 0xad, 0x40, 0xe9, 0x28, 0x0e, 0xfc, 0x01, 0xb6, 0x4c, 0x31, 0xe7, 0x6a, 0x0b,
+	0x59, 0x50, 0xd6, 0x19, 0xb4, 0xe6, 0xe5, 0xc4, 0xc8, 0x44, 0x6d, 0x28, 0x45, 0x94, 0xf2, 0x63,
+	0x66, 0x15, 0x5a, 0xf3, 0x6b, 0xb5, 0xce, 0x27, 0x4e, 0x22, 0xeb, 0x32, 0x24, 0xe7, 0xb9, 0x38,
+	0x8a, 0xab, 0x61, 0xa8, 0x01, 0x15, 0x8e, 0xa3, 0x21, 0x09, 0xbc, 0x81, 0x55, 0x6c, 0x19, 0x6b,
+	0x15, 0xf7, 0xca, 0x46, 0xcb, 0x50, 0x64, 0xdc, 0x27, 0x81, 0x55, 0x92, 0x9b, 0x28, 0x43, 0x04,
+	0xc5, 0xb8, 0x4f, 0x63, 0x6e, 0x95, 0x55, 0x50, 0xca, 0xd2, 0xe3, 0x38, 0x8a, 0xac, 0xca, 0xd5,
+	0x38, 0x8e, 0x22, 0xd4, 0x04, 0xe8, 0xf6, 0x71, 0xf7, 0x24, 0xa4, 0x24, 0xe0, 0x56, 0x55, 0xce,
+	0x25, 0x46, 0xd0, 0xe7, 0xb0, 0x14, 0x7a, 0x11, 0x0e, 0xf8, 0x61, 0x02, 0x06, 0x12, 0xb6, 0xa8,
+	0x26, 0x76, 0xc6, 0x60, 0x07, 0xca, 0x34, 0xe4, 0x84, 0x06, 0xcc, 0xaa, 0xb5, 0x8c, 0xb5, 0x5a,
+	0x67, 0xd9, 0x51, 0x34, 0x3b, 0x23, 0x9a, 0x9d, 0xad, 0xe0, 0xdc, 0x1d, 0x81, 0xec, 0x07, 0x80,
+	0x92, 0xe9, 0x66, 0x21, 0x0d, 0x18, 0x46, 0x8b, 0x30, 0x1f, 0xea, 0x84, 0xd7, 0x5d, 0xf1, 0x69,
+	0xff, 0x6e, 0xc0, 0xc2, 0x53, 0x3c, 0xc0, 0x1c, 0xa7, 0x83, 0xd0, 0x2a, 0xd4, 0xf0, 0x19, 0xe1,
+	0x87, 0x8c, 0x7b, 0x3c, 0x66, 0x92, 0x93, 0xba, 0x0b, 0x62, 0x68, 0x5f, 0x8e, 0xa0, 0x2d, 0xa8,
+	0x0a, 0x0b, 0xfb, 0x87, 0x1e, 0x97, 0xcc, 0xd4, 0x3a, 0x8d, 0x99, 0xf8, 0x0e, 0x46, 0x32, 0xdc,
+	0xae, 0x5c, 0xbc, 0x5b, 0x9d, 0xfb, 0xe3, 0x9f, 0x55, 0xc3, 0xad, 0x28, 0xb7, 0x2d, 0x6e, 0x3b,
+	0xb0, 0xac, 0xe2, 0xd8, 0x8b, 0x68, 0x17, 0x33, 0x96, 0x21, 0x11, 0xfb, 0x4f, 0x03, 0xd0, 0xb3,
+	0x33, 0xdc, 0xcd, 0x07, 0x9f, 0xa0, 0xdb, 0x4c, 0xa3, 0x7b, 0xfe, 0x7a, 0xba, 0x0b, 0x29, 0x74,
+	0x17, 0x27, 0xe8, 0x5e, 0x83, 0x02, 0x0b, 0x71, 0x57, 0x6a, 0x26, 0x8d, 0x1e, 0x89, 0xb0, 0xef,
+	0xc2, 0xc7, 0x13, 0x91, 0xab, 0xbc, 0xdb, 0xaf, 0x61, 0xd1, 0xc5, 0x8c, 0xfc, 0x8a, 0xf7, 0xf8,
+	0x79, 0xd6, 0x71, 0x96, 0xa1, 0xf8, 0x0b, 0xf1, 0x79, 0x5f, 0x73, 0xa1, 0x0c, 0x11, 0x5a, 0x1f,
+	0x93, 0x5e, 0x5f, 0x71, 0x50, 0x77, 0xb5, 0x65, 0x3f, 0x80, 0x3b, 0x82, 0x28, 0x9c, 0x95, 0xd3,
+	0xb7, 0x26, 0xd4, 0x35, 0x50, 0x6b, 0xe1, 0xa6, 0x17, 0x54, 0x6b, 0x67, 0x7e, 0xac, 0x9d, 0x0d,
+	0x91, 0x2e, 0x29, 0x1b, 0x91, 0xc6, 0x85, 0xce, 0xfd, 0xe4, 0xc5, 0x3c, 0x5d, 0xd7, 0x77, 0x53,
+	0xe9, 0xc8, 0xd5, 0xd0, 0x31, 0x23, 0xc5, 0xeb, 0x19, 0x29, 0xa5, 0x30, 0x52, 0x9e, 0x60, 0x24,
+	0xc9, 0x79, 0x65, 0x8a, 0xf3, 0x29, 0x49, 0x57, 0x3f, 0x2c, 0x69, 0xb8, 0x95, 0xa4, 0x5f, 0x40,
+	0xed, 0x3b, 0x32, 0x18, 0xe4, 0x28, 0x76, 0x8c, 0xf4, 0x46, 0xc2, 0xac, 0xbb, 0xda, 0x12, 0xb9,
+	0xf4, 0x06, 0x03, 0x99, 0xcb, 0x8a, 0x2b, 0x3e, 0xed, 0x4d, 0x58, 0xd8, 0x19, 0x50, 0x86, 0x77,
+	0x5f, 0xe4, 0xd0, 0x87, 0x4a, 0xa0, 0xd2, 0xba, 0x32, 0xec, 0xcf, 0xe0, 0xa3, 0xef, 0x09, 0xe3,
+	0x7b, 0xc4, 0xcf, 0xbc, 0x5e, 0x2e, 0x2c, 0x8e, 0xa1, 0x5a, 0x0c, 0x9b, 0x50, 0x0d, 0x95, 0x66,
+	0x31, 0xb3, 0x0c, 0x59, 0x66, 0x5b, 0xd7, 0xb2, 0xa9, 0x95, 0xbd, 0x1b, 0x1c, 0x53, 0x77, 0xec,
+	0x62, 0xff, 0x04, 0x77, 0xc7, 0x15, 0x2d, 0xd9, 0x06, 0x10, 0x14, 0x42, 0x8f, 0xf7, 0x55, 0x18,
+	0xae, 0xfc, 0x4e, 0x16, 0x3c, 0x33, 0x4f, 0xc1, 0x7b, 0x08, 0x8b, 0xfb, 0x7d, 0x32, 0x94, 0x7b,
+	0x8e, 0x02, 0xbe, 0x07, 0x15, 0xd1, 0x62, 0x0f, 0xc7, 0xe5, 0xac, 0x2c, 0xec, 0x3d, 0xe2, 0xdb,
+	0xdf, 0xc2, 0xd2, 0xcb, 0xd0, 0x9f, 0x6a, 0x47, 0x1d, 0xa8, 0x46, 0x98, 0xd1, 0x38, 0xea, 0xca,
+	0x03, 0xa6, 0xef, 0x3a, 0x86, 0xe9, 0xbb, 0x15, 0xf1, 0xac, 0x84, 0x7e, 0x25, 0xaf, 0x96, 0xc0,
+	0x65, 0x5c, 0x2d, 0x7d, 0x85, 0xcc, 0x71, 0x8d, 0xfe, 0x14, 0x6a, 0xaf, 0x3c, 0x92, 0xb9, 0x43,
+	0x04, 0x77, 0x14, 0x4c, 0x6f, 0x30, 0x25, 0x71, 0xe3, 0xc3, 0x12, 0x37, 0x6f, 0x23, 0xf1, 0xce,
+	0xdb, 0x1a, 0x14, 0x44, 0xda, 0x51, 0x1f, 0x8a, 0xb2, 0x72, 0x20, 0xc7, 0xc9, 0x7a, 0xee, 0x38,
+	0xc9, 0x5a, 0xd4, 0x68, 0xe7, 0xc6, 0xeb, 0x63, 0x31, 0x28, 0xa9, 0xce, 0x86, 0x36, 0xb2, 0x5d,
+	0x67, 0x9e, 0x1c, 0x8d, 0x2f, 0x6f, 0xe6, 0xa4, 0x37, 0x55, 0xc7, 0x8b, 0x78, 0xce, 0xe3, 0x5d,
+	0xc9, 0x21, 0xe7, 0xf1, 0x12, 0xb2, 0x70, 0xa1, 0xa4, 0xfa, 0x20, 0x5a, 0x99, 0xe1, 0xe2, 0x99,
+	0x78, 0xfb, 0x35, 0xbe, 0xc8, 0x5e, 0x72, 0xaa, 0xa3, 0x9f, 0x43, 0x7d, 0xa2, 0xb7, 0xa2, 0x47,
+	0x79, 0x97, 0x98, 0xec, 0xae, 0xb7, 0xd8, 0xfa, 0x0d, 0x54, 0x46, 0x75, 0x04, 0xad, 0x67, 0x7b,
+	0x4f, 0x95, 0xa7, 0x46, 0xe7, 0x26, 0x2e, 0x7a, 0xcb, 0xc7, 0x50, 0xdc, 0xf3, 0x62, 0x96, 0x9e,
+	0xc0, 0x94, 0x71, 0xf4, 0x04, 0x4a, 0x2e, 0x66, 0xf1, 0xf0, 0xe6, 0x9e, 0x3f, 0x03, 0x24, 0xde,
+	0x6a, 0x8f, 0x73, 0x48, 0xec, 0xba, 0x3a, 0x98, 0xba, 0xfc, 0x73, 0x28, 0x88, 0x46, 0x82, 0x1e,
+	0x66, 0x2f, 0x9c, 0x68, 0x38, 0xa9, 0xcb, 0x1d, 0x40, 0x41, 0xbc, 0x3f, 0x50, 0x8e, 0xab, 0x30,
+	0xfb, 0xc2, 0x4a, 0x5d, 0xf5, 0x15, 0x54, 0xaf, 0x9e, 0x2f, 0x28, 0x07, 0x6f, 0xd3, 0x6f, 0x9d,
+	0xd4, 0x85, 0xf7, 0xa1, 0xac, 0xbb, 0x1e, 0xca, 0xa1, 0xbf, 0xc9, 0x06, 0x99, 0xba, 0xe8, 0x0f,
+	0x50, 0x19, 0xb5, 0x8b, 0x54, 0xb6, 0x73, 0x1c, 0x62, 0xa6, 0xe5, 0xbc, 0x84, 0x92, 0xea, 0x2b,
+	0x79, 0xaa, 0xd3, 0x4c, 0x07, 0x4a, 0x0d, 0x17, 0x43, 0x41, 0xd4, 0xf6, 0x3c, 0x0a, 0x48, 0xb4,
+	0x8a, 0x86, 0x93, 0x17, 0xae, 0xa2, 0xdf, 0x76, 0x2f, 0xde, 0x37, 0xe7, 0xfe, 0x7e, 0xdf, 0x9c,
+	0xfb, 0xed, 0xb2, 0x69, 0x5c, 0x5c, 0x36, 0x8d, 0xbf, 0x2e, 0x9b, 0xc6, 0xbf, 0x97, 0x4d, 0xe3,
+	0xc7, 0x27, 0xb7, 0xf8, 0x27, 0xf8, 0x1b, 0xf1, 0xfb, 0xda, 0x3c, 0x2a, 0xc9, 0xc3, 0x6c, 0xfc,
+	0x1f, 0x00, 0x00, 0xff, 0xff, 0x64, 0x52, 0x86, 0xc0, 0x49, 0x0f, 0x00, 0x00,
+}
+
 func (m *CreateTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -292,120 +958,150 @@ func (m *CreateTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CreateTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Bundle) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Bundle)))
-		i += copy(dAtA[i:], m.Bundle)
-	}
-	if len(m.Runtime) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Runtime)))
-		i += copy(dAtA[i:], m.Runtime)
-	}
-	if len(m.Rootfs) > 0 {
-		for _, msg := range m.Rootfs {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintShim(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Options != nil {
+		{
+			size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintShim(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x5a
+	}
+	if len(m.ParentCheckpoint) > 0 {
+		i -= len(m.ParentCheckpoint)
+		copy(dAtA[i:], m.ParentCheckpoint)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.ParentCheckpoint)))
+		i--
+		dAtA[i] = 0x52
+	}
+	if len(m.Checkpoint) > 0 {
+		i -= len(m.Checkpoint)
+		copy(dAtA[i:], m.Checkpoint)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Checkpoint)))
+		i--
+		dAtA[i] = 0x4a
+	}
+	if len(m.Stderr) > 0 {
+		i -= len(m.Stderr)
+		copy(dAtA[i:], m.Stderr)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Stderr)))
+		i--
+		dAtA[i] = 0x42
+	}
+	if len(m.Stdout) > 0 {
+		i -= len(m.Stdout)
+		copy(dAtA[i:], m.Stdout)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdout)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if len(m.Stdin) > 0 {
+		i -= len(m.Stdin)
+		copy(dAtA[i:], m.Stdin)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdin)))
+		i--
+		dAtA[i] = 0x32
 	}
 	if m.Terminal {
-		dAtA[i] = 0x28
-		i++
+		i--
 		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if len(m.Stdin) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdin)))
-		i += copy(dAtA[i:], m.Stdin)
-	}
-	if len(m.Stdout) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdout)))
-		i += copy(dAtA[i:], m.Stdout)
+		i--
+		dAtA[i] = 0x28
 	}
-	if len(m.Stderr) > 0 {
-		dAtA[i] = 0x42
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Stderr)))
-		i += copy(dAtA[i:], m.Stderr)
+	if len(m.Rootfs) > 0 {
+		for iNdEx := len(m.Rootfs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Rootfs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintShim(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
+		}
 	}
-	if len(m.Checkpoint) > 0 {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Checkpoint)))
-		i += copy(dAtA[i:], m.Checkpoint)
+	if len(m.Runtime) > 0 {
+		i -= len(m.Runtime)
+		copy(dAtA[i:], m.Runtime)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Runtime)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.ParentCheckpoint) > 0 {
-		dAtA[i] = 0x52
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.ParentCheckpoint)))
-		i += copy(dAtA[i:], m.ParentCheckpoint)
+	if len(m.Bundle) > 0 {
+		i -= len(m.Bundle)
+		copy(dAtA[i:], m.Bundle)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Bundle)))
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Options != nil {
-		dAtA[i] = 0x5a
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Options.Size()))
-		n1, err := m.Options.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CreateTaskResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *CreateTaskResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *CreateTaskResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateTaskResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Pid != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintShim(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -413,35 +1109,44 @@ func (m *DeleteResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Pid != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Pid))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
+	n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExitedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt):])
+	if err2 != nil {
+		return 0, err2
+	}
+	i -= n2
+	i = encodeVarintShim(dAtA, i, uint64(n2))
+	i--
+	dAtA[i] = 0x1a
 	if m.ExitStatus != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintShim(dAtA, i, uint64(m.ExitStatus))
+		i--
+		dAtA[i] = 0x10
 	}
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintShim(dAtA, i, uint64(types.SizeOfStdTime(m.ExitedAt)))
-	n2, err := types.StdTimeMarshalTo(m.ExitedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Pid != 0 {
+		i = encodeVarintShim(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x8
 	}
-	i += n2
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DeleteProcessRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -449,23 +1154,33 @@ func (m *DeleteProcessRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DeleteProcessRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DeleteProcessRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ExecProcessRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -473,61 +1188,76 @@ func (m *ExecProcessRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ExecProcessRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecProcessRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.Terminal {
-		dAtA[i] = 0x10
-		i++
-		if m.Terminal {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintShim(dAtA, i, uint64(size))
 		}
-		i++
+		i--
+		dAtA[i] = 0x32
 	}
-	if len(m.Stdin) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdin)))
-		i += copy(dAtA[i:], m.Stdin)
+	if len(m.Stderr) > 0 {
+		i -= len(m.Stderr)
+		copy(dAtA[i:], m.Stderr)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Stderr)))
+		i--
+		dAtA[i] = 0x2a
 	}
 	if len(m.Stdout) > 0 {
-		dAtA[i] = 0x22
-		i++
+		i -= len(m.Stdout)
+		copy(dAtA[i:], m.Stdout)
 		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdout)))
-		i += copy(dAtA[i:], m.Stdout)
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.Stderr) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Stderr)))
-		i += copy(dAtA[i:], m.Stderr)
+	if len(m.Stdin) > 0 {
+		i -= len(m.Stdin)
+		copy(dAtA[i:], m.Stdin)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdin)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.Spec != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Spec.Size()))
-		n3, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Terminal {
+		i--
+		if m.Terminal {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
-		i += n3
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ExecProcessResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -535,17 +1265,26 @@ func (m *ExecProcessResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ExecProcessResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecProcessResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ResizePtyRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -553,33 +1292,43 @@ func (m *ResizePtyRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ResizePtyRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResizePtyRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Height != 0 {
+		i = encodeVarintShim(dAtA, i, uint64(m.Height))
+		i--
+		dAtA[i] = 0x18
 	}
 	if m.Width != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintShim(dAtA, i, uint64(m.Width))
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.Height != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Height))
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StateRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -587,23 +1336,33 @@ func (m *StateRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StateRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StateResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -611,80 +1370,94 @@ func (m *StateResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StateResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	if len(m.Bundle) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Bundle)))
-		i += copy(dAtA[i:], m.Bundle)
-	}
-	if m.Pid != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Pid))
-	}
-	if m.Status != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Status))
-	}
-	if len(m.Stdin) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdin)))
-		i += copy(dAtA[i:], m.Stdin)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Stdout) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdout)))
-		i += copy(dAtA[i:], m.Stdout)
+	n4, err4 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExitedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt):])
+	if err4 != nil {
+		return 0, err4
 	}
-	if len(m.Stderr) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Stderr)))
-		i += copy(dAtA[i:], m.Stderr)
+	i -= n4
+	i = encodeVarintShim(dAtA, i, uint64(n4))
+	i--
+	dAtA[i] = 0x52
+	if m.ExitStatus != 0 {
+		i = encodeVarintShim(dAtA, i, uint64(m.ExitStatus))
+		i--
+		dAtA[i] = 0x48
 	}
 	if m.Terminal {
-		dAtA[i] = 0x40
-		i++
+		i--
 		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x40
 	}
-	if m.ExitStatus != 0 {
-		dAtA[i] = 0x48
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.ExitStatus))
+	if len(m.Stderr) > 0 {
+		i -= len(m.Stderr)
+		copy(dAtA[i:], m.Stderr)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Stderr)))
+		i--
+		dAtA[i] = 0x3a
 	}
-	dAtA[i] = 0x52
-	i++
-	i = encodeVarintShim(dAtA, i, uint64(types.SizeOfStdTime(m.ExitedAt)))
-	n4, err := types.StdTimeMarshalTo(m.ExitedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Stdout) > 0 {
+		i -= len(m.Stdout)
+		copy(dAtA[i:], m.Stdout)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdout)))
+		i--
+		dAtA[i] = 0x32
+	}
+	if len(m.Stdin) > 0 {
+		i -= len(m.Stdin)
+		copy(dAtA[i:], m.Stdin)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Stdin)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if m.Status != 0 {
+		i = encodeVarintShim(dAtA, i, uint64(m.Status))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Pid != 0 {
+		i = encodeVarintShim(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.Bundle) > 0 {
+		i -= len(m.Bundle)
+		copy(dAtA[i:], m.Bundle)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Bundle)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	i += n4
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *KillRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -692,38 +1465,48 @@ func (m *KillRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *KillRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *KillRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	if m.Signal != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Signal))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.All {
-		dAtA[i] = 0x18
-		i++
+		i--
 		if m.All {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Signal != 0 {
+		i = encodeVarintShim(dAtA, i, uint64(m.Signal))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CloseIORequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -731,33 +1514,43 @@ func (m *CloseIORequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CloseIORequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CloseIORequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Stdin {
-		dAtA[i] = 0x10
-		i++
+		i--
 		if m.Stdin {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListPidsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -765,23 +1558,33 @@ func (m *ListPidsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListPidsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListPidsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListPidsResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -789,29 +1592,40 @@ func (m *ListPidsResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListPidsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListPidsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Processes) > 0 {
-		for _, msg := range m.Processes {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintShim(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Processes) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Processes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintShim(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CheckpointTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -819,33 +1633,45 @@ func (m *CheckpointTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CheckpointTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CheckpointTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Path) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.Path)))
-		i += copy(dAtA[i:], m.Path)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Options != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Options.Size()))
-		n5, err := m.Options.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintShim(dAtA, i, uint64(size))
 		}
-		i += n5
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Path) > 0 {
+		i -= len(m.Path)
+		copy(dAtA[i:], m.Path)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.Path)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ShimInfoResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -853,22 +1679,31 @@ func (m *ShimInfoResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ShimInfoResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ShimInfoResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.ShimPid != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintShim(dAtA, i, uint64(m.ShimPid))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -876,27 +1711,38 @@ func (m *UpdateTaskRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Resources != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.Resources.Size()))
-		n6, err := m.Resources.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Resources.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintShim(dAtA, i, uint64(size))
 		}
-		i += n6
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StartRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -904,23 +1750,33 @@ func (m *StartRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StartRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StartRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StartResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -928,28 +1784,38 @@ func (m *StartResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StartResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StartResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
-	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Pid != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintShim(dAtA, i, uint64(m.Pid))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WaitRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -957,23 +1823,33 @@ func (m *WaitRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WaitRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WaitRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintShim(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WaitResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -981,36 +1857,50 @@ func (m *WaitResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WaitResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WaitResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.ExitStatus != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintShim(dAtA, i, uint64(m.ExitStatus))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	n7, err7 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExitedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt):])
+	if err7 != nil {
+		return 0, err7
 	}
+	i -= n7
+	i = encodeVarintShim(dAtA, i, uint64(n7))
+	i--
 	dAtA[i] = 0x12
-	i++
-	i = encodeVarintShim(dAtA, i, uint64(types.SizeOfStdTime(m.ExitedAt)))
-	n7, err := types.StdTimeMarshalTo(m.ExitedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.ExitStatus != 0 {
+		i = encodeVarintShim(dAtA, i, uint64(m.ExitStatus))
+		i--
+		dAtA[i] = 0x8
 	}
-	i += n7
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintShim(dAtA []byte, offset int, v uint64) int {
+	offset -= sovShim(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *CreateTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1058,19 +1948,31 @@ func (m *CreateTaskRequest) Size() (n int) {
 		l = m.Options.Size()
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CreateTaskResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Pid != 0 {
 		n += 1 + sovShim(uint64(m.Pid))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Pid != 0 {
@@ -1079,22 +1981,34 @@ func (m *DeleteResponse) Size() (n int) {
 	if m.ExitStatus != 0 {
 		n += 1 + sovShim(uint64(m.ExitStatus))
 	}
-	l = types.SizeOfStdTime(m.ExitedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt)
 	n += 1 + l + sovShim(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DeleteProcessRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ExecProcessRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1120,16 +2034,28 @@ func (m *ExecProcessRequest) Size() (n int) {
 		l = m.Spec.Size()
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ExecProcessResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ResizePtyRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1142,20 +2068,32 @@ func (m *ResizePtyRequest) Size() (n int) {
 	if m.Height != 0 {
 		n += 1 + sovShim(uint64(m.Height))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StateRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StateResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1190,12 +2128,18 @@ func (m *StateResponse) Size() (n int) {
 	if m.ExitStatus != 0 {
 		n += 1 + sovShim(uint64(m.ExitStatus))
 	}
-	l = types.SizeOfStdTime(m.ExitedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt)
 	n += 1 + l + sovShim(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *KillRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1208,10 +2152,16 @@ func (m *KillRequest) Size() (n int) {
 	if m.All {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CloseIORequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1221,20 +2171,32 @@ func (m *CloseIORequest) Size() (n int) {
 	if m.Stdin {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListPidsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListPidsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Processes) > 0 {
@@ -1243,10 +2205,16 @@ func (m *ListPidsResponse) Size() (n int) {
 			n += 1 + l + sovShim(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CheckpointTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Path)
@@ -1257,39 +2225,63 @@ func (m *CheckpointTaskRequest) Size() (n int) {
 		l = m.Options.Size()
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ShimInfoResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.ShimPid != 0 {
 		n += 1 + sovShim(uint64(m.ShimPid))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UpdateTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Resources != nil {
 		l = m.Resources.Size()
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StartRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StartResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1299,39 +2291,47 @@ func (m *StartResponse) Size() (n int) {
 	if m.Pid != 0 {
 		n += 1 + sovShim(uint64(m.Pid))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *WaitRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
 	if l > 0 {
 		n += 1 + l + sovShim(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *WaitResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.ExitStatus != 0 {
 		n += 1 + sovShim(uint64(m.ExitStatus))
 	}
-	l = types.SizeOfStdTime(m.ExitedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExitedAt)
 	n += 1 + l + sovShim(uint64(l))
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovShim(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozShim(x uint64) (n int) {
 	return sovShim(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -1340,18 +2340,24 @@ func (this *CreateTaskRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForRootfs := "[]*Mount{"
+	for _, f := range this.Rootfs {
+		repeatedStringForRootfs += strings.Replace(fmt.Sprintf("%v", f), "Mount", "types.Mount", 1) + ","
+	}
+	repeatedStringForRootfs += "}"
 	s := strings.Join([]string{`&CreateTaskRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Bundle:` + fmt.Sprintf("%v", this.Bundle) + `,`,
 		`Runtime:` + fmt.Sprintf("%v", this.Runtime) + `,`,
-		`Rootfs:` + strings.Replace(fmt.Sprintf("%v", this.Rootfs), "Mount", "containerd_types.Mount", 1) + `,`,
+		`Rootfs:` + repeatedStringForRootfs + `,`,
 		`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
 		`Stdin:` + fmt.Sprintf("%v", this.Stdin) + `,`,
 		`Stdout:` + fmt.Sprintf("%v", this.Stdout) + `,`,
 		`Stderr:` + fmt.Sprintf("%v", this.Stderr) + `,`,
 		`Checkpoint:` + fmt.Sprintf("%v", this.Checkpoint) + `,`,
 		`ParentCheckpoint:` + fmt.Sprintf("%v", this.ParentCheckpoint) + `,`,
-		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "google_protobuf.Any", 1) + `,`,
+		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "types1.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1362,6 +2368,7 @@ func (this *CreateTaskResponse) String() string {
 	}
 	s := strings.Join([]string{`&CreateTaskResponse{`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1373,7 +2380,8 @@ func (this *DeleteResponse) String() string {
 	s := strings.Join([]string{`&DeleteResponse{`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
 		`ExitStatus:` + fmt.Sprintf("%v", this.ExitStatus) + `,`,
-		`ExitedAt:` + strings.Replace(strings.Replace(this.ExitedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ExitedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExitedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1384,6 +2392,7 @@ func (this *DeleteProcessRequest) String() string {
 	}
 	s := strings.Join([]string{`&DeleteProcessRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1398,7 +2407,8 @@ func (this *ExecProcessRequest) String() string {
 		`Stdin:` + fmt.Sprintf("%v", this.Stdin) + `,`,
 		`Stdout:` + fmt.Sprintf("%v", this.Stdout) + `,`,
 		`Stderr:` + fmt.Sprintf("%v", this.Stderr) + `,`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "Any", "google_protobuf.Any", 1) + `,`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "Any", "types1.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1408,6 +2418,7 @@ func (this *ExecProcessResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&ExecProcessResponse{`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1420,6 +2431,7 @@ func (this *ResizePtyRequest) String() string {
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Width:` + fmt.Sprintf("%v", this.Width) + `,`,
 		`Height:` + fmt.Sprintf("%v", this.Height) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1430,6 +2442,7 @@ func (this *StateRequest) String() string {
 	}
 	s := strings.Join([]string{`&StateRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1448,7 +2461,8 @@ func (this *StateResponse) String() string {
 		`Stderr:` + fmt.Sprintf("%v", this.Stderr) + `,`,
 		`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
 		`ExitStatus:` + fmt.Sprintf("%v", this.ExitStatus) + `,`,
-		`ExitedAt:` + strings.Replace(strings.Replace(this.ExitedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ExitedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExitedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1461,6 +2475,7 @@ func (this *KillRequest) String() string {
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Signal:` + fmt.Sprintf("%v", this.Signal) + `,`,
 		`All:` + fmt.Sprintf("%v", this.All) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1472,6 +2487,7 @@ func (this *CloseIORequest) String() string {
 	s := strings.Join([]string{`&CloseIORequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Stdin:` + fmt.Sprintf("%v", this.Stdin) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1482,6 +2498,7 @@ func (this *ListPidsRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListPidsRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1490,8 +2507,14 @@ func (this *ListPidsResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForProcesses := "[]*ProcessInfo{"
+	for _, f := range this.Processes {
+		repeatedStringForProcesses += strings.Replace(fmt.Sprintf("%v", f), "ProcessInfo", "task.ProcessInfo", 1) + ","
+	}
+	repeatedStringForProcesses += "}"
 	s := strings.Join([]string{`&ListPidsResponse{`,
-		`Processes:` + strings.Replace(fmt.Sprintf("%v", this.Processes), "ProcessInfo", "containerd_v1_types.ProcessInfo", 1) + `,`,
+		`Processes:` + repeatedStringForProcesses + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1502,7 +2525,8 @@ func (this *CheckpointTaskRequest) String() string {
 	}
 	s := strings.Join([]string{`&CheckpointTaskRequest{`,
 		`Path:` + fmt.Sprintf("%v", this.Path) + `,`,
-		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "google_protobuf.Any", 1) + `,`,
+		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "types1.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1513,6 +2537,7 @@ func (this *ShimInfoResponse) String() string {
 	}
 	s := strings.Join([]string{`&ShimInfoResponse{`,
 		`ShimPid:` + fmt.Sprintf("%v", this.ShimPid) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1522,7 +2547,8 @@ func (this *UpdateTaskRequest) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&UpdateTaskRequest{`,
-		`Resources:` + strings.Replace(fmt.Sprintf("%v", this.Resources), "Any", "google_protobuf.Any", 1) + `,`,
+		`Resources:` + strings.Replace(fmt.Sprintf("%v", this.Resources), "Any", "types1.Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1533,6 +2559,7 @@ func (this *StartRequest) String() string {
 	}
 	s := strings.Join([]string{`&StartRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1544,6 +2571,7 @@ func (this *StartResponse) String() string {
 	s := strings.Join([]string{`&StartResponse{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Pid:` + fmt.Sprintf("%v", this.Pid) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1554,6 +2582,7 @@ func (this *WaitRequest) String() string {
 	}
 	s := strings.Join([]string{`&WaitRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1564,7 +2593,8 @@ func (this *WaitResponse) String() string {
 	}
 	s := strings.Join([]string{`&WaitResponse{`,
 		`ExitStatus:` + fmt.Sprintf("%v", this.ExitStatus) + `,`,
-		`ExitedAt:` + strings.Replace(strings.Replace(this.ExitedAt.String(), "Timestamp", "google_protobuf3.Timestamp", 1), `&`, ``, 1) + `,`,
+		`ExitedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExitedAt), "Timestamp", "types1.Timestamp", 1), `&`, ``, 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1582,23 +2612,23 @@ type ShimService interface {
 	State(ctx context.Context, req *StateRequest) (*StateResponse, error)
 	Create(ctx context.Context, req *CreateTaskRequest) (*CreateTaskResponse, error)
 	Start(ctx context.Context, req *StartRequest) (*StartResponse, error)
-	Delete(ctx context.Context, req *google_protobuf1.Empty) (*DeleteResponse, error)
+	Delete(ctx context.Context, req *types1.Empty) (*DeleteResponse, error)
 	DeleteProcess(ctx context.Context, req *DeleteProcessRequest) (*DeleteResponse, error)
 	ListPids(ctx context.Context, req *ListPidsRequest) (*ListPidsResponse, error)
-	Pause(ctx context.Context, req *google_protobuf1.Empty) (*google_protobuf1.Empty, error)
-	Resume(ctx context.Context, req *google_protobuf1.Empty) (*google_protobuf1.Empty, error)
-	Checkpoint(ctx context.Context, req *CheckpointTaskRequest) (*google_protobuf1.Empty, error)
-	Kill(ctx context.Context, req *KillRequest) (*google_protobuf1.Empty, error)
-	Exec(ctx context.Context, req *ExecProcessRequest) (*google_protobuf1.Empty, error)
-	ResizePty(ctx context.Context, req *ResizePtyRequest) (*google_protobuf1.Empty, error)
-	CloseIO(ctx context.Context, req *CloseIORequest) (*google_protobuf1.Empty, error)
-	ShimInfo(ctx context.Context, req *google_protobuf1.Empty) (*ShimInfoResponse, error)
-	Update(ctx context.Context, req *UpdateTaskRequest) (*google_protobuf1.Empty, error)
+	Pause(ctx context.Context, req *types1.Empty) (*types1.Empty, error)
+	Resume(ctx context.Context, req *types1.Empty) (*types1.Empty, error)
+	Checkpoint(ctx context.Context, req *CheckpointTaskRequest) (*types1.Empty, error)
+	Kill(ctx context.Context, req *KillRequest) (*types1.Empty, error)
+	Exec(ctx context.Context, req *ExecProcessRequest) (*types1.Empty, error)
+	ResizePty(ctx context.Context, req *ResizePtyRequest) (*types1.Empty, error)
+	CloseIO(ctx context.Context, req *CloseIORequest) (*types1.Empty, error)
+	ShimInfo(ctx context.Context, req *types1.Empty) (*ShimInfoResponse, error)
+	Update(ctx context.Context, req *UpdateTaskRequest) (*types1.Empty, error)
 	Wait(ctx context.Context, req *WaitRequest) (*WaitResponse, error)
 }
 
-func RegisterShimService(srv *ttrpc.Server, svc ShimService) {
-	srv.Register("containerd.runtime.linux.shim.v1.Shim", map[string]ttrpc.Method{
+func RegisterShimService(srv *github_com_containerd_ttrpc.Server, svc ShimService) {
+	srv.Register("containerd.runtime.linux.shim.v1.Shim", map[string]github_com_containerd_ttrpc.Method{
 		"State": func(ctx context.Context, unmarshal func(interface{}) error) (interface{}, error) {
 			var req StateRequest
 			if err := unmarshal(&req); err != nil {
@@ -1621,7 +2651,7 @@ func RegisterShimService(srv *ttrpc.Server, svc ShimService) {
 			return svc.Start(ctx, &req)
 		},
 		"Delete": func(ctx context.Context, unmarshal func(interface{}) error) (interface{}, error) {
-			var req google_protobuf1.Empty
+			var req types1.Empty
 			if err := unmarshal(&req); err != nil {
 				return nil, err
 			}
@@ -1642,14 +2672,14 @@ func RegisterShimService(srv *ttrpc.Server, svc ShimService) {
 			return svc.ListPids(ctx, &req)
 		},
 		"Pause": func(ctx context.Context, unmarshal func(interface{}) error) (interface{}, error) {
-			var req google_protobuf1.Empty
+			var req types1.Empty
 			if err := unmarshal(&req); err != nil {
 				return nil, err
 			}
 			return svc.Pause(ctx, &req)
 		},
 		"Resume": func(ctx context.Context, unmarshal func(interface{}) error) (interface{}, error) {
-			var req google_protobuf1.Empty
+			var req types1.Empty
 			if err := unmarshal(&req); err != nil {
 				return nil, err
 			}
@@ -1691,7 +2721,7 @@ func RegisterShimService(srv *ttrpc.Server, svc ShimService) {
 			return svc.CloseIO(ctx, &req)
 		},
 		"ShimInfo": func(ctx context.Context, unmarshal func(interface{}) error) (interface{}, error) {
-			var req google_protobuf1.Empty
+			var req types1.Empty
 			if err := unmarshal(&req); err != nil {
 				return nil, err
 			}
@@ -1715,10 +2745,10 @@ func RegisterShimService(srv *ttrpc.Server, svc ShimService) {
 }
 
 type shimClient struct {
-	client *ttrpc.Client
+	client *github_com_containerd_ttrpc.Client
 }
 
-func NewShimClient(client *ttrpc.Client) ShimService {
+func NewShimClient(client *github_com_containerd_ttrpc.Client) ShimService {
 	return &shimClient{
 		client: client,
 	}
@@ -1748,7 +2778,7 @@ func (c *shimClient) Start(ctx context.Context, req *StartRequest) (*StartRespon
 	return &resp, nil
 }
 
-func (c *shimClient) Delete(ctx context.Context, req *google_protobuf1.Empty) (*DeleteResponse, error) {
+func (c *shimClient) Delete(ctx context.Context, req *types1.Empty) (*DeleteResponse, error) {
 	var resp DeleteResponse
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "Delete", req, &resp); err != nil {
 		return nil, err
@@ -1772,63 +2802,63 @@ func (c *shimClient) ListPids(ctx context.Context, req *ListPidsRequest) (*ListP
 	return &resp, nil
 }
 
-func (c *shimClient) Pause(ctx context.Context, req *google_protobuf1.Empty) (*google_protobuf1.Empty, error) {
-	var resp google_protobuf1.Empty
+func (c *shimClient) Pause(ctx context.Context, req *types1.Empty) (*types1.Empty, error) {
+	var resp types1.Empty
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "Pause", req, &resp); err != nil {
 		return nil, err
 	}
 	return &resp, nil
 }
 
-func (c *shimClient) Resume(ctx context.Context, req *google_protobuf1.Empty) (*google_protobuf1.Empty, error) {
-	var resp google_protobuf1.Empty
+func (c *shimClient) Resume(ctx context.Context, req *types1.Empty) (*types1.Empty, error) {
+	var resp types1.Empty
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "Resume", req, &resp); err != nil {
 		return nil, err
 	}
 	return &resp, nil
 }
 
-func (c *shimClient) Checkpoint(ctx context.Context, req *CheckpointTaskRequest) (*google_protobuf1.Empty, error) {
-	var resp google_protobuf1.Empty
+func (c *shimClient) Checkpoint(ctx context.Context, req *CheckpointTaskRequest) (*types1.Empty, error) {
+	var resp types1.Empty
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "Checkpoint", req, &resp); err != nil {
 		return nil, err
 	}
 	return &resp, nil
 }
 
-func (c *shimClient) Kill(ctx context.Context, req *KillRequest) (*google_protobuf1.Empty, error) {
-	var resp google_protobuf1.Empty
+func (c *shimClient) Kill(ctx context.Context, req *KillRequest) (*types1.Empty, error) {
+	var resp types1.Empty
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "Kill", req, &resp); err != nil {
 		return nil, err
 	}
 	return &resp, nil
 }
 
-func (c *shimClient) Exec(ctx context.Context, req *ExecProcessRequest) (*google_protobuf1.Empty, error) {
-	var resp google_protobuf1.Empty
+func (c *shimClient) Exec(ctx context.Context, req *ExecProcessRequest) (*types1.Empty, error) {
+	var resp types1.Empty
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "Exec", req, &resp); err != nil {
 		return nil, err
 	}
 	return &resp, nil
 }
 
-func (c *shimClient) ResizePty(ctx context.Context, req *ResizePtyRequest) (*google_protobuf1.Empty, error) {
-	var resp google_protobuf1.Empty
+func (c *shimClient) ResizePty(ctx context.Context, req *ResizePtyRequest) (*types1.Empty, error) {
+	var resp types1.Empty
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "ResizePty", req, &resp); err != nil {
 		return nil, err
 	}
 	return &resp, nil
 }
 
-func (c *shimClient) CloseIO(ctx context.Context, req *CloseIORequest) (*google_protobuf1.Empty, error) {
-	var resp google_protobuf1.Empty
+func (c *shimClient) CloseIO(ctx context.Context, req *CloseIORequest) (*types1.Empty, error) {
+	var resp types1.Empty
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "CloseIO", req, &resp); err != nil {
 		return nil, err
 	}
 	return &resp, nil
 }
 
-func (c *shimClient) ShimInfo(ctx context.Context, req *google_protobuf1.Empty) (*ShimInfoResponse, error) {
+func (c *shimClient) ShimInfo(ctx context.Context, req *types1.Empty) (*ShimInfoResponse, error) {
 	var resp ShimInfoResponse
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "ShimInfo", req, &resp); err != nil {
 		return nil, err
@@ -1836,8 +2866,8 @@ func (c *shimClient) ShimInfo(ctx context.Context, req *google_protobuf1.Empty)
 	return &resp, nil
 }
 
-func (c *shimClient) Update(ctx context.Context, req *UpdateTaskRequest) (*google_protobuf1.Empty, error) {
-	var resp google_protobuf1.Empty
+func (c *shimClient) Update(ctx context.Context, req *UpdateTaskRequest) (*types1.Empty, error) {
+	var resp types1.Empty
 	if err := c.client.Call(ctx, "containerd.runtime.linux.shim.v1.Shim", "Update", req, &resp); err != nil {
 		return nil, err
 	}
@@ -1866,7 +2896,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1894,7 +2924,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1904,6 +2934,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1923,7 +2956,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1933,6 +2966,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1952,7 +2988,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1962,6 +2998,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1981,7 +3020,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1990,10 +3029,13 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Rootfs = append(m.Rootfs, &containerd_types.Mount{})
+			m.Rootfs = append(m.Rootfs, &types.Mount{})
 			if err := m.Rootfs[len(m.Rootfs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -2012,7 +3054,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2032,7 +3074,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2042,6 +3084,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2061,7 +3106,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2071,6 +3116,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2090,7 +3138,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2100,6 +3148,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2119,7 +3170,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2129,6 +3180,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2148,7 +3202,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2158,6 +3212,9 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2177,7 +3234,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2186,11 +3243,14 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Options == nil {
-				m.Options = &google_protobuf.Any{}
+				m.Options = &types1.Any{}
 			}
 			if err := m.Options.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2202,12 +3262,13 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2232,7 +3293,7 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2260,7 +3321,7 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2271,12 +3332,13 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2301,7 +3363,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2329,7 +3391,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2348,7 +3410,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitStatus |= (uint32(b) & 0x7F) << shift
+				m.ExitStatus |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2367,7 +3429,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2376,10 +3438,13 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2389,12 +3454,13 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2419,7 +3485,7 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2447,7 +3513,7 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2457,6 +3523,9 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2468,12 +3537,13 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2498,7 +3568,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2526,7 +3596,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2536,6 +3606,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2555,7 +3628,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2575,7 +3648,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2585,6 +3658,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2604,7 +3680,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2614,6 +3690,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2633,7 +3712,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2643,6 +3722,9 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2662,7 +3744,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2671,11 +3753,14 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Spec == nil {
-				m.Spec = &google_protobuf.Any{}
+				m.Spec = &types1.Any{}
 			}
 			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2687,12 +3772,13 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2717,7 +3803,7 @@ func (m *ExecProcessResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2737,12 +3823,13 @@ func (m *ExecProcessResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2767,7 +3854,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2795,7 +3882,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2805,6 +3892,9 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2824,7 +3914,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Width |= (uint32(b) & 0x7F) << shift
+				m.Width |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2843,7 +3933,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Height |= (uint32(b) & 0x7F) << shift
+				m.Height |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2854,12 +3944,13 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2884,7 +3975,7 @@ func (m *StateRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2912,7 +4003,7 @@ func (m *StateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2922,6 +4013,9 @@ func (m *StateRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2933,12 +4027,13 @@ func (m *StateRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2963,7 +4058,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2991,7 +4086,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3001,6 +4096,9 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3020,7 +4118,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3030,6 +4128,9 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3049,7 +4150,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3068,7 +4169,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Status |= (containerd_v1_types.Status(b) & 0x7F) << shift
+				m.Status |= task.Status(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3087,7 +4188,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3097,6 +4198,9 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3116,7 +4220,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3126,6 +4230,9 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3145,7 +4252,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3155,6 +4262,9 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3174,7 +4284,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3194,7 +4304,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitStatus |= (uint32(b) & 0x7F) << shift
+				m.ExitStatus |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3213,7 +4323,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3222,10 +4332,13 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -3235,12 +4348,13 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3265,7 +4379,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3293,7 +4407,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3303,6 +4417,9 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3322,7 +4439,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Signal |= (uint32(b) & 0x7F) << shift
+				m.Signal |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3341,7 +4458,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3353,12 +4470,13 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3383,7 +4501,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3411,7 +4529,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3421,6 +4539,9 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3440,7 +4561,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3452,12 +4573,13 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3482,7 +4604,7 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3510,7 +4632,7 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3520,6 +4642,9 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3531,12 +4656,13 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3561,7 +4687,7 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3589,7 +4715,7 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3598,10 +4724,13 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Processes = append(m.Processes, &containerd_v1_types.ProcessInfo{})
+			m.Processes = append(m.Processes, &task.ProcessInfo{})
 			if err := m.Processes[len(m.Processes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -3612,12 +4741,13 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3642,7 +4772,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3670,7 +4800,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3680,6 +4810,9 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3699,7 +4832,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3708,11 +4841,14 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Options == nil {
-				m.Options = &google_protobuf.Any{}
+				m.Options = &types1.Any{}
 			}
 			if err := m.Options.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -3724,12 +4860,13 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3754,7 +4891,7 @@ func (m *ShimInfoResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3782,7 +4919,7 @@ func (m *ShimInfoResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ShimPid |= (uint32(b) & 0x7F) << shift
+				m.ShimPid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3793,12 +4930,13 @@ func (m *ShimInfoResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3823,7 +4961,7 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3851,7 +4989,7 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3860,11 +4998,14 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Resources == nil {
-				m.Resources = &google_protobuf.Any{}
+				m.Resources = &types1.Any{}
 			}
 			if err := m.Resources.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -3876,12 +5017,13 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3906,7 +5048,7 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3934,7 +5076,7 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3944,6 +5086,9 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3955,12 +5100,13 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3985,7 +5131,7 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4013,7 +5159,7 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4023,6 +5169,9 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4042,7 +5191,7 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Pid |= (uint32(b) & 0x7F) << shift
+				m.Pid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4053,12 +5202,13 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4083,7 +5233,7 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4111,7 +5261,7 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4121,6 +5271,9 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4132,12 +5285,13 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4162,7 +5316,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4190,7 +5344,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitStatus |= (uint32(b) & 0x7F) << shift
+				m.ExitStatus |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4209,7 +5363,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4218,10 +5372,13 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthShim
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthShim
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.ExitedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -4231,12 +5388,13 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthShim
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4249,6 +5407,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error {
 func skipShim(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -4280,10 +5439,8 @@ func skipShim(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -4300,132 +5457,34 @@ func skipShim(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthShim
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowShim
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipShim(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupShim
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthShim
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthShim = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowShim   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthShim        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowShim          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupShim = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/runtime/v1/shim/v1/shim.proto", fileDescriptorShim)
-}
-
-var fileDescriptorShim = []byte{
-	// 1133 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4f, 0x4f, 0x1b, 0x47,
-	0x14, 0x67, 0x17, 0xff, 0x7d, 0x8e, 0x29, 0x4c, 0x09, 0xdd, 0x38, 0x92, 0xb1, 0x56, 0x6a, 0x44,
-	0x55, 0x65, 0x5d, 0x4c, 0x95, 0xa4, 0xad, 0x84, 0x04, 0x24, 0xaa, 0x50, 0x1b, 0x05, 0x2d, 0xa4,
-	0x89, 0x5a, 0x55, 0x68, 0xf1, 0x0e, 0xf6, 0x08, 0x7b, 0x67, 0xb3, 0x33, 0x4b, 0xa1, 0xa7, 0x9e,
-	0x7a, 0xee, 0xc7, 0xe9, 0x47, 0xe0, 0x90, 0x43, 0x8f, 0x3d, 0xa5, 0x0d, 0xf7, 0x7e, 0x87, 0x6a,
-	0xfe, 0x18, 0xaf, 0x6d, 0x36, 0xbb, 0x70, 0xc1, 0xfb, 0x66, 0x7e, 0x6f, 0xe6, 0xcd, 0xfb, 0xfd,
-	0xe6, 0xbd, 0x01, 0x36, 0x7b, 0x84, 0xf7, 0xe3, 0x23, 0xa7, 0x4b, 0x87, 0xed, 0x2e, 0x0d, 0xb8,
-	0x47, 0x02, 0x1c, 0xf9, 0xc9, 0xcf, 0x28, 0x0e, 0x38, 0x19, 0xe2, 0xf6, 0xe9, 0x7a, 0x9b, 0xf5,
-	0xc9, 0x70, 0xf4, 0xeb, 0x84, 0x11, 0xe5, 0x14, 0xb5, 0xc6, 0x48, 0x47, 0x23, 0x9d, 0x01, 0x09,
-	0xe2, 0x33, 0x47, 0x82, 0x4e, 0xd7, 0x1b, 0xf7, 0x7a, 0x94, 0xf6, 0x06, 0xb8, 0x2d, 0xf1, 0x47,
-	0xf1, 0x71, 0xdb, 0x0b, 0xce, 0x95, 0x73, 0xe3, 0xfe, 0xf4, 0x14, 0x1e, 0x86, 0x7c, 0x34, 0xb9,
-	0xdc, 0xa3, 0x3d, 0x2a, 0x3f, 0xdb, 0xe2, 0x4b, 0x8f, 0xae, 0x4e, 0xbb, 0x88, 0x1d, 0x19, 0xf7,
-	0x86, 0xa1, 0x06, 0x3c, 0xca, 0x3c, 0x90, 0x17, 0x92, 0x36, 0x3f, 0x0f, 0x31, 0x6b, 0x0f, 0x69,
-	0x1c, 0x70, 0xed, 0xf7, 0xf5, 0x0d, 0xfc, 0xb8, 0xc7, 0x4e, 0xe4, 0x1f, 0xe5, 0x6b, 0xff, 0x67,
-	0xc2, 0xd2, 0x4e, 0x84, 0x3d, 0x8e, 0x0f, 0x3c, 0x76, 0xe2, 0xe2, 0x37, 0x31, 0x66, 0x1c, 0xad,
-	0x80, 0x49, 0x7c, 0xcb, 0x68, 0x19, 0x6b, 0xd5, 0xed, 0xd2, 0xe5, 0xbb, 0x55, 0x73, 0xf7, 0xa9,
-	0x6b, 0x12, 0x1f, 0xad, 0x40, 0xe9, 0x28, 0x0e, 0xfc, 0x01, 0xb6, 0x4c, 0x31, 0xe7, 0x6a, 0x0b,
-	0x59, 0x50, 0xd6, 0x19, 0xb4, 0xe6, 0xe5, 0xc4, 0xc8, 0x44, 0x6d, 0x28, 0x45, 0x94, 0xf2, 0x63,
-	0x66, 0x15, 0x5a, 0xf3, 0x6b, 0xb5, 0xce, 0x27, 0x4e, 0x22, 0xeb, 0x32, 0x24, 0xe7, 0xb9, 0x38,
-	0x8a, 0xab, 0x61, 0xa8, 0x01, 0x15, 0x8e, 0xa3, 0x21, 0x09, 0xbc, 0x81, 0x55, 0x6c, 0x19, 0x6b,
-	0x15, 0xf7, 0xca, 0x46, 0xcb, 0x50, 0x64, 0xdc, 0x27, 0x81, 0x55, 0x92, 0x9b, 0x28, 0x43, 0x04,
-	0xc5, 0xb8, 0x4f, 0x63, 0x6e, 0x95, 0x55, 0x50, 0xca, 0xd2, 0xe3, 0x38, 0x8a, 0xac, 0xca, 0xd5,
-	0x38, 0x8e, 0x22, 0xd4, 0x04, 0xe8, 0xf6, 0x71, 0xf7, 0x24, 0xa4, 0x24, 0xe0, 0x56, 0x55, 0xce,
-	0x25, 0x46, 0xd0, 0xe7, 0xb0, 0x14, 0x7a, 0x11, 0x0e, 0xf8, 0x61, 0x02, 0x06, 0x12, 0xb6, 0xa8,
-	0x26, 0x76, 0xc6, 0x60, 0x07, 0xca, 0x34, 0xe4, 0x84, 0x06, 0xcc, 0xaa, 0xb5, 0x8c, 0xb5, 0x5a,
-	0x67, 0xd9, 0x51, 0x34, 0x3b, 0x23, 0x9a, 0x9d, 0xad, 0xe0, 0xdc, 0x1d, 0x81, 0xec, 0x07, 0x80,
-	0x92, 0xe9, 0x66, 0x21, 0x0d, 0x18, 0x46, 0x8b, 0x30, 0x1f, 0xea, 0x84, 0xd7, 0x5d, 0xf1, 0x69,
-	0xff, 0x6e, 0xc0, 0xc2, 0x53, 0x3c, 0xc0, 0x1c, 0xa7, 0x83, 0xd0, 0x2a, 0xd4, 0xf0, 0x19, 0xe1,
-	0x87, 0x8c, 0x7b, 0x3c, 0x66, 0x92, 0x93, 0xba, 0x0b, 0x62, 0x68, 0x5f, 0x8e, 0xa0, 0x2d, 0xa8,
-	0x0a, 0x0b, 0xfb, 0x87, 0x1e, 0x97, 0xcc, 0xd4, 0x3a, 0x8d, 0x99, 0xf8, 0x0e, 0x46, 0x32, 0xdc,
-	0xae, 0x5c, 0xbc, 0x5b, 0x9d, 0xfb, 0xe3, 0x9f, 0x55, 0xc3, 0xad, 0x28, 0xb7, 0x2d, 0x6e, 0x3b,
-	0xb0, 0xac, 0xe2, 0xd8, 0x8b, 0x68, 0x17, 0x33, 0x96, 0x21, 0x11, 0xfb, 0x4f, 0x03, 0xd0, 0xb3,
-	0x33, 0xdc, 0xcd, 0x07, 0x9f, 0xa0, 0xdb, 0x4c, 0xa3, 0x7b, 0xfe, 0x7a, 0xba, 0x0b, 0x29, 0x74,
-	0x17, 0x27, 0xe8, 0x5e, 0x83, 0x02, 0x0b, 0x71, 0x57, 0x6a, 0x26, 0x8d, 0x1e, 0x89, 0xb0, 0xef,
-	0xc2, 0xc7, 0x13, 0x91, 0xab, 0xbc, 0xdb, 0xaf, 0x61, 0xd1, 0xc5, 0x8c, 0xfc, 0x8a, 0xf7, 0xf8,
-	0x79, 0xd6, 0x71, 0x96, 0xa1, 0xf8, 0x0b, 0xf1, 0x79, 0x5f, 0x73, 0xa1, 0x0c, 0x11, 0x5a, 0x1f,
-	0x93, 0x5e, 0x5f, 0x71, 0x50, 0x77, 0xb5, 0x65, 0x3f, 0x80, 0x3b, 0x82, 0x28, 0x9c, 0x95, 0xd3,
-	0xb7, 0x26, 0xd4, 0x35, 0x50, 0x6b, 0xe1, 0xa6, 0x17, 0x54, 0x6b, 0x67, 0x7e, 0xac, 0x9d, 0x0d,
-	0x91, 0x2e, 0x29, 0x1b, 0x91, 0xc6, 0x85, 0xce, 0xfd, 0xe4, 0xc5, 0x3c, 0x5d, 0xd7, 0x77, 0x53,
-	0xe9, 0xc8, 0xd5, 0xd0, 0x31, 0x23, 0xc5, 0xeb, 0x19, 0x29, 0xa5, 0x30, 0x52, 0x9e, 0x60, 0x24,
-	0xc9, 0x79, 0x65, 0x8a, 0xf3, 0x29, 0x49, 0x57, 0x3f, 0x2c, 0x69, 0xb8, 0x95, 0xa4, 0x5f, 0x40,
-	0xed, 0x3b, 0x32, 0x18, 0xe4, 0x28, 0x76, 0x8c, 0xf4, 0x46, 0xc2, 0xac, 0xbb, 0xda, 0x12, 0xb9,
-	0xf4, 0x06, 0x03, 0x99, 0xcb, 0x8a, 0x2b, 0x3e, 0xed, 0x4d, 0x58, 0xd8, 0x19, 0x50, 0x86, 0x77,
-	0x5f, 0xe4, 0xd0, 0x87, 0x4a, 0xa0, 0xd2, 0xba, 0x32, 0xec, 0xcf, 0xe0, 0xa3, 0xef, 0x09, 0xe3,
-	0x7b, 0xc4, 0xcf, 0xbc, 0x5e, 0x2e, 0x2c, 0x8e, 0xa1, 0x5a, 0x0c, 0x9b, 0x50, 0x0d, 0x95, 0x66,
-	0x31, 0xb3, 0x0c, 0x59, 0x66, 0x5b, 0xd7, 0xb2, 0xa9, 0x95, 0xbd, 0x1b, 0x1c, 0x53, 0x77, 0xec,
-	0x62, 0xff, 0x04, 0x77, 0xc7, 0x15, 0x2d, 0xd9, 0x06, 0x10, 0x14, 0x42, 0x8f, 0xf7, 0x55, 0x18,
-	0xae, 0xfc, 0x4e, 0x16, 0x3c, 0x33, 0x4f, 0xc1, 0x7b, 0x08, 0x8b, 0xfb, 0x7d, 0x32, 0x94, 0x7b,
-	0x8e, 0x02, 0xbe, 0x07, 0x15, 0xd1, 0x62, 0x0f, 0xc7, 0xe5, 0xac, 0x2c, 0xec, 0x3d, 0xe2, 0xdb,
-	0xdf, 0xc2, 0xd2, 0xcb, 0xd0, 0x9f, 0x6a, 0x47, 0x1d, 0xa8, 0x46, 0x98, 0xd1, 0x38, 0xea, 0xca,
-	0x03, 0xa6, 0xef, 0x3a, 0x86, 0xe9, 0xbb, 0x15, 0xf1, 0xac, 0x84, 0x7e, 0x25, 0xaf, 0x96, 0xc0,
-	0x65, 0x5c, 0x2d, 0x7d, 0x85, 0xcc, 0x71, 0x8d, 0xfe, 0x14, 0x6a, 0xaf, 0x3c, 0x92, 0xb9, 0x43,
-	0x04, 0x77, 0x14, 0x4c, 0x6f, 0x30, 0x25, 0x71, 0xe3, 0xc3, 0x12, 0x37, 0x6f, 0x23, 0xf1, 0xce,
-	0xdb, 0x1a, 0x14, 0x44, 0xda, 0x51, 0x1f, 0x8a, 0xb2, 0x72, 0x20, 0xc7, 0xc9, 0x7a, 0xee, 0x38,
-	0xc9, 0x5a, 0xd4, 0x68, 0xe7, 0xc6, 0xeb, 0x63, 0x31, 0x28, 0xa9, 0xce, 0x86, 0x36, 0xb2, 0x5d,
-	0x67, 0x9e, 0x1c, 0x8d, 0x2f, 0x6f, 0xe6, 0xa4, 0x37, 0x55, 0xc7, 0x8b, 0x78, 0xce, 0xe3, 0x5d,
-	0xc9, 0x21, 0xe7, 0xf1, 0x12, 0xb2, 0x70, 0xa1, 0xa4, 0xfa, 0x20, 0x5a, 0x99, 0xe1, 0xe2, 0x99,
-	0x78, 0xfb, 0x35, 0xbe, 0xc8, 0x5e, 0x72, 0xaa, 0xa3, 0x9f, 0x43, 0x7d, 0xa2, 0xb7, 0xa2, 0x47,
-	0x79, 0x97, 0x98, 0xec, 0xae, 0xb7, 0xd8, 0xfa, 0x0d, 0x54, 0x46, 0x75, 0x04, 0xad, 0x67, 0x7b,
-	0x4f, 0x95, 0xa7, 0x46, 0xe7, 0x26, 0x2e, 0x7a, 0xcb, 0xc7, 0x50, 0xdc, 0xf3, 0x62, 0x96, 0x9e,
-	0xc0, 0x94, 0x71, 0xf4, 0x04, 0x4a, 0x2e, 0x66, 0xf1, 0xf0, 0xe6, 0x9e, 0x3f, 0x03, 0x24, 0xde,
-	0x6a, 0x8f, 0x73, 0x48, 0xec, 0xba, 0x3a, 0x98, 0xba, 0xfc, 0x73, 0x28, 0x88, 0x46, 0x82, 0x1e,
-	0x66, 0x2f, 0x9c, 0x68, 0x38, 0xa9, 0xcb, 0x1d, 0x40, 0x41, 0xbc, 0x3f, 0x50, 0x8e, 0xab, 0x30,
-	0xfb, 0xc2, 0x4a, 0x5d, 0xf5, 0x15, 0x54, 0xaf, 0x9e, 0x2f, 0x28, 0x07, 0x6f, 0xd3, 0x6f, 0x9d,
-	0xd4, 0x85, 0xf7, 0xa1, 0xac, 0xbb, 0x1e, 0xca, 0xa1, 0xbf, 0xc9, 0x06, 0x99, 0xba, 0xe8, 0x0f,
-	0x50, 0x19, 0xb5, 0x8b, 0x54, 0xb6, 0x73, 0x1c, 0x62, 0xa6, 0xe5, 0xbc, 0x84, 0x92, 0xea, 0x2b,
-	0x79, 0xaa, 0xd3, 0x4c, 0x07, 0x4a, 0x0d, 0x17, 0x43, 0x41, 0xd4, 0xf6, 0x3c, 0x0a, 0x48, 0xb4,
-	0x8a, 0x86, 0x93, 0x17, 0xae, 0xa2, 0xdf, 0x76, 0x2f, 0xde, 0x37, 0xe7, 0xfe, 0x7e, 0xdf, 0x9c,
-	0xfb, 0xed, 0xb2, 0x69, 0x5c, 0x5c, 0x36, 0x8d, 0xbf, 0x2e, 0x9b, 0xc6, 0xbf, 0x97, 0x4d, 0xe3,
-	0xc7, 0x27, 0xb7, 0xf8, 0x27, 0xf8, 0x1b, 0xf1, 0xfb, 0xda, 0x3c, 0x2a, 0xc9, 0xc3, 0x6c, 0xfc,
-	0x1f, 0x00, 0x00, 0xff, 0xff, 0x64, 0x52, 0x86, 0xc0, 0x49, 0x0f, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/v1/shim.proto b/vendor/github.com/containerd/containerd/runtime/v1/shim/v1/shim.proto
index 516d914b9e1c7..b44418a690bfd 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/v1/shim.proto
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/v1/shim.proto
@@ -1,3 +1,19 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
 syntax = "proto3";
 
 package containerd.runtime.linux.shim.v1;
diff --git a/vendor/github.com/containerd/containerd/runtime/v2/README.md b/vendor/github.com/containerd/containerd/runtime/v2/README.md
new file mode 100644
index 0000000000000..aaa878bfde71e
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/runtime/v2/README.md
@@ -0,0 +1,254 @@
+# Runtime v2
+
+Runtime v2 introduces a first class shim API for runtime authors to integrate with containerd.
+The shim API is minimal and scoped to the execution lifecycle of a container.
+
+## Binary Naming
+
+Users specify the runtime they wish to use when creating a container.
+The runtime can also be changed via a container update.
+
+```bash
+> ctr run --runtime io.containerd.runc.v1
+```
+
+When a user specifies a runtime name, `io.containerd.runc.v1`, they will specify the name and version of the runtime.
+This will be translated by containerd into a binary name for the shim.
+
+`io.containerd.runc.v1` -> `containerd-shim-runc-v1`
+
+containerd keeps the `containerd-shim-*` prefix so that users can `ps aux | grep containerd-shim` to see running shims on their system.
+
+## Shim Authoring
+
+This section is dedicated to runtime authors wishing to build a shim.
+It will detail how the API works and different considerations when building shim.
+
+### Commands
+
+Container information is provided to a shim in two ways.
+The OCI Runtime Bundle and on the `Create` rpc request.
+
+#### `start`
+
+Each shim MUST implement a `start` subcommand.
+This command will launch new shims.
+The start command MUST accept the following flags:
+
+* `-namespace` the namespace for the container
+* `-address` the address of the containerd's main socket
+* `-publish-binary` the binary path to publish events back to containerd
+* `-id` the id of the container
+
+The start command, as well as all binary calls to the shim, has the bundle for the container set as the `cwd`.
+
+The start command MUST return an address to a shim for containerd to issue API requests for container operations.
+
+The start command can either start a new shim or return an address to an existing shim based on the shim's logic.
+
+#### `delete`
+
+Each shim MUST implement a `delete` subcommand.
+This command allows containerd to delete any container resources created, mounted, and/or run by a shim when containerd can no longer communicate over rpc.
+This happens if a shim is SIGKILL'd with a running container.
+These resources will need to be cleaned up when containerd looses the connection to a shim.
+This is also used when containerd boots and reconnects to shims.
+If a bundle is still on disk but containerd cannot connect to a shim, the delete command is invoked.
+
+The delete command MUST accept the following flags:
+
+* `-namespace` the namespace for the container
+* `-address` the address of the containerd's main socket
+* `-publish-binary` the binary path to publish events back to containerd
+* `-id` the id of the container
+* `-bundle` the path to the bundle to delete. On non-Windows platforms this will match `cwd`
+
+The delete command will be executed in the container's bundle as its `cwd` except for on the Windows platform.
+
+### Host Level Shim Configuration
+
+containerd does not provide any host level configuration for shims via the API.
+If a shim needs configuration from the user with host level information across all instances, a shim specific configuration file can be setup.
+
+### Container Level Shim Configuration
+
+On the create request, there is a generic `*protobuf.Any` that allows a user to specify container level configuration for the shim.
+
+```proto
+message CreateTaskRequest {
+	string id = 1;
+	...
+	google.protobuf.Any options = 10;
+}
+```
+
+A shim author can create their own protobuf message for configuration and clients can import and provide this information is needed.
+
+### I/O
+
+I/O for a container is provided by the client to the shim via fifo on Linux, named pipes on Windows, or log files on disk.
+The paths to these files are provided on the `Create` rpc for the initial creation and on the `Exec` rpc for additional processes.
+
+```proto
+message CreateTaskRequest {
+	string id = 1;
+	bool terminal = 4;
+	string stdin = 5;
+	string stdout = 6;
+	string stderr = 7;
+}
+```
+
+```proto
+message ExecProcessRequest {
+	string id = 1;
+	string exec_id = 2;
+	bool terminal = 3;
+	string stdin = 4;
+	string stdout = 5;
+	string stderr = 6;
+}
+```
+
+Containers that are to be launched with an interactive terminal will have the `terminal` field set to `true`, data is still copied over the files(fifos,pipes) in the same way as non interactive containers.
+
+### Root Filesystems
+
+The root filesystem for the containers is provided by on the `Create` rpc.
+Shims are responsible for managing the lifecycle of the filesystem mount during the lifecycle of a container.
+
+```proto
+message CreateTaskRequest {
+	string id = 1;
+	string bundle = 2;
+	repeated containerd.types.Mount rootfs = 3;
+	...
+}
+```
+
+The mount protobuf message is:
+
+```proto
+message Mount {
+	// Type defines the nature of the mount.
+	string type = 1;
+	// Source specifies the name of the mount. Depending on mount type, this
+	// may be a volume name or a host path, or even ignored.
+	string source = 2;
+	// Target path in container
+	string target = 3;
+	// Options specifies zero or more fstab style mount options.
+	repeated string options = 4;
+}
+```
+
+Shims are responsible for mounting the filesystem into the `rootfs/` directory of the bundle.
+Shims are also responsible for unmounting of the filesystem.
+During a `delete` binary call, the shim MUST ensure that filesystem is also unmounted.
+Filesystems are provided by the containerd snapshotters.
+
+### Events
+
+The Runtime v2 supports an async event model. In order for the an upstream caller (such as Docker) to get these events in the correct order a Runtime v2 shim MUST implement the following events where `Compliance=MUST`. This avoids race conditions between the shim and shim client where for example a call to `Start` can signal a `TaskExitEventTopic` before even returning the results from the `Start` call. With these guarantees of a Runtime v2 shim a call to `Start` is required to have published the async event `TaskStartEventTopic` before the shim can publish the `TaskExitEventTopic`.
+
+#### Tasks
+
+| Topic | Compliance | Description |
+| ----- | ---------- | ----------- |
+| `runtime.TaskCreateEventTopic`       | MUST                                                                          | When a task is successfully created |
+| `runtime.TaskStartEventTopic`        | MUST (follow `TaskCreateEventTopic`)                                          | When a task is successfully started |
+| `runtime.TaskExitEventTopic`         | MUST (follow `TaskStartEventTopic`)                                           | When a task exits expected or unexpected |
+| `runtime.TaskDeleteEventTopic`       | MUST (follow `TaskExitEventTopic` or `TaskCreateEventTopic` if never started) | When a task is removed from a shim |
+| `runtime.TaskPausedEventTopic`       | SHOULD                                                                        | When a task is successfully paused |
+| `runtime.TaskResumedEventTopic`      | SHOULD (follow `TaskPausedEventTopic`)                                        | When a task is successfully resumed |
+| `runtime.TaskCheckpointedEventTopic` | SHOULD                                                                        | When a task is checkpointed |
+| `runtime.TaskOOMEventTopic`          | SHOULD                                                                        | If the shim collects Out of Memory events |
+
+#### Execs
+
+| Topic | Compliance | Description |
+| ----- | ---------- | ----------- |
+| `runtime.TaskExecAddedEventTopic`   | MUST (follow `TaskCreateEventTopic` )     | When an exec is successfully added |
+| `runtime.TaskExecStartedEventTopic` | MUST (follow `TaskExecAddedEventTopic`)   | When an exec is successfully started |
+| `runtime.TaskExitEventTopic`        | MUST (follow `TaskExecStartedEventTopic`) | When an exec (other than the init exec) exits expected or unexpected |
+| `runtime.TaskDeleteEventTopic`      | SHOULD (follow `TaskExitEventTopic` or `TaskExecAddedEventTopic` if never started) | When an exec is removed from a shim |
+
+#### Logging
+
+Shims may support pluggable logging via STDIO URIs.
+Current supported schemes for logging are:
+
+* fifo - Linux
+* binary - Linux & Windows
+* file - Linux & Windows
+* npipe - Windows
+
+Binary logging has the ability to forward a container's STDIO to an external binary for consumption.
+A sample logging driver that forwards the container's STDOUT and STDERR to `journald` is:
+
+```go
+package main
+
+import (
+	"bufio"
+	"context"
+	"fmt"
+	"io"
+	"sync"
+
+	"github.com/containerd/containerd/runtime/v2/logging"
+	"github.com/coreos/go-systemd/journal"
+)
+
+func main() {
+	logging.Run(log)
+}
+
+func log(ctx context.Context, config *logging.Config, ready func() error) error {
+	// construct any log metadata for the container
+	vars := map[string]string{
+		"SYSLOG_IDENTIFIER": fmt.Sprintf("%s:%s", config.Namespace, config.ID),
+	}
+	var wg sync.WaitGroup
+	wg.Add(2)
+	// forward both stdout and stderr to the journal
+	go copy(&wg, config.Stdout, journal.PriInfo, vars)
+	go copy(&wg, config.Stderr, journal.PriErr, vars)
+
+	// signal that we are ready and setup for the container to be started
+	if err := ready(); err != nil {
+		return err
+	}
+	wg.Wait()
+	return nil
+}
+
+func copy(wg *sync.WaitGroup, r io.Reader, pri journal.Priority, vars map[string]string) {
+	defer wg.Done()
+	s := bufio.NewScanner(r)
+	for s.Scan() {
+		journal.Send(s.Text(), pri, vars)
+	}
+}
+```
+
+### Other
+
+#### Unsupported rpcs
+
+If a shim does not or cannot implement an rpc call, it MUST return a `github.com/containerd/containerd/errdefs.ErrNotImplemented` error.
+
+#### Debugging and Shim Logs
+
+A fifo on unix or named pipe on Windows will be provided to the shim.
+It can be located inside the `cwd` of the shim named "log".
+The shims can use the existing `github.com/containerd/containerd/log` package to log debug messages.
+Messages will automatically be output in the containerd's daemon logs with the correct fields and runtime set.
+
+#### ttrpc
+
+[ttrpc](https://github.com/containerd/ttrpc) is the only currently supported protocol for shims.
+It works with standard protobufs and GRPC services as well as generating clients.
+The only difference between grpc and ttrpc is the wire protocol.
+ttrpc removes the http stack in order to save memory and binary size to keep shims small.
+It is recommended to use ttrpc in your shim but grpc support is also in development.
diff --git a/vendor/github.com/containerd/containerd/runtime/v2/runc/options/doc.go b/vendor/github.com/containerd/containerd/runtime/v2/runc/options/doc.go
new file mode 100644
index 0000000000000..ffff495cbfb81
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/runtime/v2/runc/options/doc.go
@@ -0,0 +1,17 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package options
diff --git a/vendor/github.com/containerd/containerd/runtime/v2/runc/options/oci.pb.go b/vendor/github.com/containerd/containerd/runtime/v2/runc/options/oci.pb.go
new file mode 100644
index 0000000000000..c9c44742a2588
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/runtime/v2/runc/options/oci.pb.go
@@ -0,0 +1,1458 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: github.com/containerd/containerd/runtime/v2/runc/options/oci.proto
+
+package options
+
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
+type Options struct {
+	// disable pivot root when creating a container
+	NoPivotRoot bool `protobuf:"varint,1,opt,name=no_pivot_root,json=noPivotRoot,proto3" json:"no_pivot_root,omitempty"`
+	// create a new keyring for the container
+	NoNewKeyring bool `protobuf:"varint,2,opt,name=no_new_keyring,json=noNewKeyring,proto3" json:"no_new_keyring,omitempty"`
+	// place the shim in a cgroup
+	ShimCgroup string `protobuf:"bytes,3,opt,name=shim_cgroup,json=shimCgroup,proto3" json:"shim_cgroup,omitempty"`
+	// set the I/O's pipes uid
+	IoUid uint32 `protobuf:"varint,4,opt,name=io_uid,json=ioUid,proto3" json:"io_uid,omitempty"`
+	// set the I/O's pipes gid
+	IoGid uint32 `protobuf:"varint,5,opt,name=io_gid,json=ioGid,proto3" json:"io_gid,omitempty"`
+	// binary name of the runc binary
+	BinaryName string `protobuf:"bytes,6,opt,name=binary_name,json=binaryName,proto3" json:"binary_name,omitempty"`
+	// runc root directory
+	Root string `protobuf:"bytes,7,opt,name=root,proto3" json:"root,omitempty"`
+	// criu binary path
+	CriuPath string `protobuf:"bytes,8,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"`
+	// enable systemd cgroups
+	SystemdCgroup bool `protobuf:"varint,9,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"`
+	// criu image path
+	CriuImagePath string `protobuf:"bytes,10,opt,name=criu_image_path,json=criuImagePath,proto3" json:"criu_image_path,omitempty"`
+	// criu work path
+	CriuWorkPath         string   `protobuf:"bytes,11,opt,name=criu_work_path,json=criuWorkPath,proto3" json:"criu_work_path,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Options) Reset()      { *m = Options{} }
+func (*Options) ProtoMessage() {}
+func (*Options) Descriptor() ([]byte, []int) {
+	return fileDescriptor_4e5440d739e9a863, []int{0}
+}
+func (m *Options) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Options) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Options.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Options) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Options.Merge(m, src)
+}
+func (m *Options) XXX_Size() int {
+	return m.Size()
+}
+func (m *Options) XXX_DiscardUnknown() {
+	xxx_messageInfo_Options.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Options proto.InternalMessageInfo
+
+type CheckpointOptions struct {
+	// exit the container after a checkpoint
+	Exit bool `protobuf:"varint,1,opt,name=exit,proto3" json:"exit,omitempty"`
+	// checkpoint open tcp connections
+	OpenTcp bool `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"`
+	// checkpoint external unix sockets
+	ExternalUnixSockets bool `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"`
+	// checkpoint terminals (ptys)
+	Terminal bool `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	// allow checkpointing of file locks
+	FileLocks bool `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"`
+	// restore provided namespaces as empty namespaces
+	EmptyNamespaces []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces,proto3" json:"empty_namespaces,omitempty"`
+	// set the cgroups mode, soft, full, strict
+	CgroupsMode string `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"`
+	// checkpoint image path
+	ImagePath string `protobuf:"bytes,8,opt,name=image_path,json=imagePath,proto3" json:"image_path,omitempty"`
+	// checkpoint work path
+	WorkPath             string   `protobuf:"bytes,9,opt,name=work_path,json=workPath,proto3" json:"work_path,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CheckpointOptions) Reset()      { *m = CheckpointOptions{} }
+func (*CheckpointOptions) ProtoMessage() {}
+func (*CheckpointOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_4e5440d739e9a863, []int{1}
+}
+func (m *CheckpointOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CheckpointOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CheckpointOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CheckpointOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CheckpointOptions.Merge(m, src)
+}
+func (m *CheckpointOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *CheckpointOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_CheckpointOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CheckpointOptions proto.InternalMessageInfo
+
+type ProcessDetails struct {
+	// exec process id if the process is managed by a shim
+	ExecID               string   `protobuf:"bytes,1,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ProcessDetails) Reset()      { *m = ProcessDetails{} }
+func (*ProcessDetails) ProtoMessage() {}
+func (*ProcessDetails) Descriptor() ([]byte, []int) {
+	return fileDescriptor_4e5440d739e9a863, []int{2}
+}
+func (m *ProcessDetails) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ProcessDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ProcessDetails.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ProcessDetails) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ProcessDetails.Merge(m, src)
+}
+func (m *ProcessDetails) XXX_Size() int {
+	return m.Size()
+}
+func (m *ProcessDetails) XXX_DiscardUnknown() {
+	xxx_messageInfo_ProcessDetails.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ProcessDetails proto.InternalMessageInfo
+
+func init() {
+	proto.RegisterType((*Options)(nil), "containerd.runc.v1.Options")
+	proto.RegisterType((*CheckpointOptions)(nil), "containerd.runc.v1.CheckpointOptions")
+	proto.RegisterType((*ProcessDetails)(nil), "containerd.runc.v1.ProcessDetails")
+}
+
+func init() {
+	proto.RegisterFile("github.com/containerd/containerd/runtime/v2/runc/options/oci.proto", fileDescriptor_4e5440d739e9a863)
+}
+
+var fileDescriptor_4e5440d739e9a863 = []byte{
+	// 587 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x93, 0xcf, 0x6e, 0xd3, 0x40,
+	0x10, 0x87, 0xeb, 0xfe, 0x49, 0xec, 0x4d, 0x93, 0xc2, 0x42, 0x25, 0xd3, 0x8a, 0x34, 0x94, 0x82,
+	0xc2, 0x25, 0x11, 0x45, 0x9c, 0xb8, 0xa0, 0xb6, 0x08, 0x55, 0x40, 0xa9, 0x0c, 0x15, 0xa8, 0x97,
+	0x95, 0xbb, 0x1e, 0x9c, 0x51, 0xe2, 0x1d, 0xcb, 0xbb, 0x69, 0xd2, 0x1b, 0xef, 0xc5, 0x0b, 0xf4,
+	0xc8, 0x91, 0x13, 0xa2, 0xb9, 0xf1, 0x16, 0x68, 0xd7, 0x4e, 0xdb, 0x33, 0x27, 0xcf, 0x7e, 0xf3,
+	0xf3, 0x78, 0xfd, 0xad, 0x96, 0xed, 0xa5, 0x68, 0x06, 0xe3, 0xb3, 0x9e, 0xa4, 0xac, 0x2f, 0x49,
+	0x99, 0x18, 0x15, 0x14, 0xc9, 0xed, 0xb2, 0x18, 0x2b, 0x83, 0x19, 0xf4, 0xcf, 0x77, 0x6d, 0x29,
+	0xfb, 0x94, 0x1b, 0x24, 0xa5, 0xfb, 0x24, 0xb1, 0x97, 0x17, 0x64, 0x88, 0xf3, 0x9b, 0x74, 0xcf,
+	0x46, 0x7a, 0xe7, 0xcf, 0x37, 0xee, 0xa7, 0x94, 0x92, 0x6b, 0xf7, 0x6d, 0x55, 0x26, 0xb7, 0xff,
+	0x2e, 0xb2, 0xfa, 0xc7, 0xf2, 0x7d, 0xbe, 0xcd, 0x9a, 0x8a, 0x44, 0x8e, 0xe7, 0x64, 0x44, 0x41,
+	0x64, 0x42, 0xaf, 0xe3, 0x75, 0xfd, 0xa8, 0xa1, 0xe8, 0xd8, 0xb2, 0x88, 0xc8, 0xf0, 0x1d, 0xd6,
+	0x52, 0x24, 0x14, 0x4c, 0xc4, 0x10, 0x2e, 0x0a, 0x54, 0x69, 0xb8, 0xe8, 0x42, 0xab, 0x8a, 0x8e,
+	0x60, 0xf2, 0xae, 0x64, 0x7c, 0x8b, 0x35, 0xf4, 0x00, 0x33, 0x21, 0xd3, 0x82, 0xc6, 0x79, 0xb8,
+	0xd4, 0xf1, 0xba, 0x41, 0xc4, 0x2c, 0xda, 0x77, 0x84, 0xaf, 0xb3, 0x1a, 0x92, 0x18, 0x63, 0x12,
+	0x2e, 0x77, 0xbc, 0x6e, 0x33, 0x5a, 0x41, 0x3a, 0xc1, 0xa4, 0xc2, 0x29, 0x26, 0xe1, 0xca, 0x1c,
+	0xbf, 0xc5, 0xc4, 0x8e, 0x3b, 0x43, 0x15, 0x17, 0x17, 0x42, 0xc5, 0x19, 0x84, 0xb5, 0x72, 0x5c,
+	0x89, 0x8e, 0xe2, 0x0c, 0x38, 0x67, 0xcb, 0x6e, 0xc3, 0x75, 0xd7, 0x71, 0x35, 0xdf, 0x64, 0x81,
+	0x2c, 0x70, 0x2c, 0xf2, 0xd8, 0x0c, 0x42, 0xdf, 0x35, 0x7c, 0x0b, 0x8e, 0x63, 0x33, 0xe0, 0x4f,
+	0x58, 0x4b, 0x5f, 0x68, 0x03, 0x59, 0x32, 0xdf, 0x63, 0xe0, 0x7e, 0xa3, 0x59, 0xd1, 0x6a, 0x9b,
+	0x4f, 0xd9, 0x9a, 0x9b, 0x81, 0x59, 0x9c, 0x42, 0x39, 0x89, 0xb9, 0x49, 0x4d, 0x8b, 0x0f, 0x2d,
+	0x75, 0xe3, 0x76, 0x58, 0xcb, 0xe5, 0x26, 0x54, 0x0c, 0xcb, 0x58, 0xc3, 0xc5, 0x56, 0x2d, 0xfd,
+	0x42, 0xc5, 0xd0, 0xa6, 0xb6, 0x7f, 0x2c, 0xb2, 0xbb, 0xfb, 0x03, 0x90, 0xc3, 0x9c, 0x50, 0x99,
+	0xb9, 0x75, 0xce, 0x96, 0x61, 0x8a, 0x73, 0xd9, 0xae, 0xe6, 0x0f, 0x98, 0x4f, 0x39, 0x28, 0x61,
+	0x64, 0x5e, 0xf9, 0xad, 0xdb, 0xf5, 0x67, 0x99, 0xf3, 0x5d, 0xb6, 0x0e, 0x53, 0x03, 0x85, 0x8a,
+	0x47, 0x62, 0xac, 0x70, 0x2a, 0x34, 0xc9, 0x21, 0x18, 0xed, 0x24, 0xfb, 0xd1, 0xbd, 0x79, 0xf3,
+	0x44, 0xe1, 0xf4, 0x53, 0xd9, 0xe2, 0x1b, 0xcc, 0x37, 0x50, 0x64, 0xa8, 0xe2, 0x91, 0xf3, 0xed,
+	0x47, 0xd7, 0x6b, 0xfe, 0x90, 0xb1, 0x6f, 0x38, 0x02, 0x31, 0x22, 0x39, 0xd4, 0x4e, 0xbb, 0x1f,
+	0x05, 0x96, 0xbc, 0xb7, 0x80, 0x3f, 0x63, 0x77, 0x20, 0xcb, 0x4d, 0x69, 0x5e, 0xe7, 0xb1, 0x04,
+	0x1d, 0xd6, 0x3a, 0x4b, 0xdd, 0x20, 0x5a, 0x73, 0xfc, 0xe8, 0x1a, 0xf3, 0x47, 0x6c, 0xb5, 0x74,
+	0xa9, 0x45, 0x46, 0x09, 0x54, 0x87, 0xd1, 0xa8, 0xd8, 0x07, 0x4a, 0xc0, 0x7e, 0xec, 0x96, 0xca,
+	0xf2, 0x50, 0x02, 0xbc, 0xd6, 0xb8, 0xc9, 0x82, 0x1b, 0x83, 0x41, 0x79, 0x64, 0x93, 0xb9, 0xbd,
+	0x97, 0xac, 0x75, 0x5c, 0x90, 0x04, 0xad, 0x0f, 0xc0, 0xc4, 0x38, 0xd2, 0xfc, 0x31, 0xab, 0xc3,
+	0x14, 0xa4, 0xc0, 0xc4, 0xc9, 0x0b, 0xf6, 0xd8, 0xec, 0xf7, 0x56, 0xed, 0xcd, 0x14, 0xe4, 0xe1,
+	0x41, 0x54, 0xb3, 0xad, 0xc3, 0x64, 0xef, 0xf4, 0xf2, 0xaa, 0xbd, 0xf0, 0xeb, 0xaa, 0xbd, 0xf0,
+	0x7d, 0xd6, 0xf6, 0x2e, 0x67, 0x6d, 0xef, 0xe7, 0xac, 0xed, 0xfd, 0x99, 0xb5, 0xbd, 0xd3, 0xd7,
+	0xff, 0x7b, 0xd1, 0x5e, 0x55, 0xcf, 0xaf, 0x0b, 0x67, 0x35, 0x77, 0x8b, 0x5e, 0xfc, 0x0b, 0x00,
+	0x00, 0xff, 0xff, 0x90, 0x50, 0x79, 0xf2, 0xb5, 0x03, 0x00, 0x00,
+}
+
+func (m *Options) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Options) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Options) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.CriuWorkPath) > 0 {
+		i -= len(m.CriuWorkPath)
+		copy(dAtA[i:], m.CriuWorkPath)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.CriuWorkPath)))
+		i--
+		dAtA[i] = 0x5a
+	}
+	if len(m.CriuImagePath) > 0 {
+		i -= len(m.CriuImagePath)
+		copy(dAtA[i:], m.CriuImagePath)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.CriuImagePath)))
+		i--
+		dAtA[i] = 0x52
+	}
+	if m.SystemdCgroup {
+		i--
+		if m.SystemdCgroup {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x48
+	}
+	if len(m.CriuPath) > 0 {
+		i -= len(m.CriuPath)
+		copy(dAtA[i:], m.CriuPath)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.CriuPath)))
+		i--
+		dAtA[i] = 0x42
+	}
+	if len(m.Root) > 0 {
+		i -= len(m.Root)
+		copy(dAtA[i:], m.Root)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.Root)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if len(m.BinaryName) > 0 {
+		i -= len(m.BinaryName)
+		copy(dAtA[i:], m.BinaryName)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.BinaryName)))
+		i--
+		dAtA[i] = 0x32
+	}
+	if m.IoGid != 0 {
+		i = encodeVarintOci(dAtA, i, uint64(m.IoGid))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.IoUid != 0 {
+		i = encodeVarintOci(dAtA, i, uint64(m.IoUid))
+		i--
+		dAtA[i] = 0x20
+	}
+	if len(m.ShimCgroup) > 0 {
+		i -= len(m.ShimCgroup)
+		copy(dAtA[i:], m.ShimCgroup)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.ShimCgroup)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.NoNewKeyring {
+		i--
+		if m.NoNewKeyring {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NoPivotRoot {
+		i--
+		if m.NoPivotRoot {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *CheckpointOptions) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CheckpointOptions) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CheckpointOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.WorkPath) > 0 {
+		i -= len(m.WorkPath)
+		copy(dAtA[i:], m.WorkPath)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.WorkPath)))
+		i--
+		dAtA[i] = 0x4a
+	}
+	if len(m.ImagePath) > 0 {
+		i -= len(m.ImagePath)
+		copy(dAtA[i:], m.ImagePath)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.ImagePath)))
+		i--
+		dAtA[i] = 0x42
+	}
+	if len(m.CgroupsMode) > 0 {
+		i -= len(m.CgroupsMode)
+		copy(dAtA[i:], m.CgroupsMode)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.CgroupsMode)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if len(m.EmptyNamespaces) > 0 {
+		for iNdEx := len(m.EmptyNamespaces) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.EmptyNamespaces[iNdEx])
+			copy(dAtA[i:], m.EmptyNamespaces[iNdEx])
+			i = encodeVarintOci(dAtA, i, uint64(len(m.EmptyNamespaces[iNdEx])))
+			i--
+			dAtA[i] = 0x32
+		}
+	}
+	if m.FileLocks {
+		i--
+		if m.FileLocks {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Terminal {
+		i--
+		if m.Terminal {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.ExternalUnixSockets {
+		i--
+		if m.ExternalUnixSockets {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.OpenTcp {
+		i--
+		if m.OpenTcp {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Exit {
+		i--
+		if m.Exit {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ProcessDetails) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ProcessDetails) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ProcessDetails) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.ExecID) > 0 {
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
+		i = encodeVarintOci(dAtA, i, uint64(len(m.ExecID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintOci(dAtA []byte, offset int, v uint64) int {
+	offset -= sovOci(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func (m *Options) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NoPivotRoot {
+		n += 2
+	}
+	if m.NoNewKeyring {
+		n += 2
+	}
+	l = len(m.ShimCgroup)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	if m.IoUid != 0 {
+		n += 1 + sovOci(uint64(m.IoUid))
+	}
+	if m.IoGid != 0 {
+		n += 1 + sovOci(uint64(m.IoGid))
+	}
+	l = len(m.BinaryName)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	l = len(m.Root)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	l = len(m.CriuPath)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	if m.SystemdCgroup {
+		n += 2
+	}
+	l = len(m.CriuImagePath)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	l = len(m.CriuWorkPath)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *CheckpointOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Exit {
+		n += 2
+	}
+	if m.OpenTcp {
+		n += 2
+	}
+	if m.ExternalUnixSockets {
+		n += 2
+	}
+	if m.Terminal {
+		n += 2
+	}
+	if m.FileLocks {
+		n += 2
+	}
+	if len(m.EmptyNamespaces) > 0 {
+		for _, s := range m.EmptyNamespaces {
+			l = len(s)
+			n += 1 + l + sovOci(uint64(l))
+		}
+	}
+	l = len(m.CgroupsMode)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	l = len(m.ImagePath)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	l = len(m.WorkPath)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ProcessDetails) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ExecID)
+	if l > 0 {
+		n += 1 + l + sovOci(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func sovOci(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozOci(x uint64) (n int) {
+	return sovOci(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *Options) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Options{`,
+		`NoPivotRoot:` + fmt.Sprintf("%v", this.NoPivotRoot) + `,`,
+		`NoNewKeyring:` + fmt.Sprintf("%v", this.NoNewKeyring) + `,`,
+		`ShimCgroup:` + fmt.Sprintf("%v", this.ShimCgroup) + `,`,
+		`IoUid:` + fmt.Sprintf("%v", this.IoUid) + `,`,
+		`IoGid:` + fmt.Sprintf("%v", this.IoGid) + `,`,
+		`BinaryName:` + fmt.Sprintf("%v", this.BinaryName) + `,`,
+		`Root:` + fmt.Sprintf("%v", this.Root) + `,`,
+		`CriuPath:` + fmt.Sprintf("%v", this.CriuPath) + `,`,
+		`SystemdCgroup:` + fmt.Sprintf("%v", this.SystemdCgroup) + `,`,
+		`CriuImagePath:` + fmt.Sprintf("%v", this.CriuImagePath) + `,`,
+		`CriuWorkPath:` + fmt.Sprintf("%v", this.CriuWorkPath) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CheckpointOptions) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CheckpointOptions{`,
+		`Exit:` + fmt.Sprintf("%v", this.Exit) + `,`,
+		`OpenTcp:` + fmt.Sprintf("%v", this.OpenTcp) + `,`,
+		`ExternalUnixSockets:` + fmt.Sprintf("%v", this.ExternalUnixSockets) + `,`,
+		`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
+		`FileLocks:` + fmt.Sprintf("%v", this.FileLocks) + `,`,
+		`EmptyNamespaces:` + fmt.Sprintf("%v", this.EmptyNamespaces) + `,`,
+		`CgroupsMode:` + fmt.Sprintf("%v", this.CgroupsMode) + `,`,
+		`ImagePath:` + fmt.Sprintf("%v", this.ImagePath) + `,`,
+		`WorkPath:` + fmt.Sprintf("%v", this.WorkPath) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ProcessDetails) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ProcessDetails{`,
+		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringOci(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *Options) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOci
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Options: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Options: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NoPivotRoot", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NoPivotRoot = bool(v != 0)
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NoNewKeyring", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NoNewKeyring = bool(v != 0)
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ShimCgroup", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ShimCgroup = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoUid", wireType)
+			}
+			m.IoUid = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.IoUid |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IoGid", wireType)
+			}
+			m.IoGid = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.IoGid |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field BinaryName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.BinaryName = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Root", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Root = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CriuPath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CriuPath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SystemdCgroup", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.SystemdCgroup = bool(v != 0)
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CriuImagePath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CriuImagePath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CriuWorkPath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CriuWorkPath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOci(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOci
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CheckpointOptions) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOci
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CheckpointOptions: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CheckpointOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exit", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Exit = bool(v != 0)
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OpenTcp", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.OpenTcp = bool(v != 0)
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExternalUnixSockets", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.ExternalUnixSockets = bool(v != 0)
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Terminal", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Terminal = bool(v != 0)
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FileLocks", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.FileLocks = bool(v != 0)
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field EmptyNamespaces", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.EmptyNamespaces = append(m.EmptyNamespaces, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CgroupsMode", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CgroupsMode = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ImagePath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ImagePath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field WorkPath", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.WorkPath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOci(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOci
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOci
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ProcessDetails: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ProcessDetails: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExecID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOci
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOci
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ExecID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOci(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOci
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipOci(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	depth := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowOci
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+		case 1:
+			iNdEx += 8
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowOci
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if length < 0 {
+				return 0, ErrInvalidLengthOci
+			}
+			iNdEx += length
+		case 3:
+			depth++
+		case 4:
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupOci
+			}
+			depth--
+		case 5:
+			iNdEx += 4
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthOci
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
+	}
+	return 0, io.ErrUnexpectedEOF
+}
+
+var (
+	ErrInvalidLengthOci        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowOci          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupOci = fmt.Errorf("proto: unexpected end of group")
+)
diff --git a/vendor/github.com/containerd/containerd/runtime/v2/runc/options/oci.proto b/vendor/github.com/containerd/containerd/runtime/v2/runc/options/oci.proto
new file mode 100644
index 0000000000000..6b4bcf462c4cd
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/runtime/v2/runc/options/oci.proto
@@ -0,0 +1,58 @@
+syntax = "proto3";
+
+package containerd.runc.v1;
+
+import weak "gogoproto/gogo.proto";
+
+option go_package = "github.com/containerd/containerd/runtime/v2/runc/options;options";
+
+message Options {
+	// disable pivot root when creating a container
+	bool no_pivot_root = 1;
+	// create a new keyring for the container
+	bool no_new_keyring = 2;
+	// place the shim in a cgroup
+	string shim_cgroup = 3;
+	// set the I/O's pipes uid
+	uint32 io_uid = 4;
+	// set the I/O's pipes gid
+	uint32 io_gid = 5;
+	// binary name of the runc binary
+	string binary_name = 6;
+	// runc root directory
+	string root = 7;
+	// criu binary path
+	string criu_path = 8;
+	// enable systemd cgroups
+	bool systemd_cgroup = 9;
+	// criu image path
+	string criu_image_path = 10;
+	// criu work path
+	string criu_work_path = 11;
+}
+
+message CheckpointOptions {
+	// exit the container after a checkpoint
+	bool exit = 1;
+	// checkpoint open tcp connections
+	bool open_tcp = 2;
+	// checkpoint external unix sockets
+	bool external_unix_sockets = 3;
+	// checkpoint terminals (ptys)
+	bool terminal = 4;
+	// allow checkpointing of file locks
+	bool file_locks = 5;
+	// restore provided namespaces as empty namespaces
+	repeated string empty_namespaces = 6;
+	// set the cgroups mode, soft, full, strict
+	string cgroups_mode = 7;
+	// checkpoint image path
+	string image_path = 8;
+	// checkpoint work path
+	string work_path = 9;
+}
+
+message ProcessDetails {
+	// exec process id if the process is managed by a shim
+	string exec_id = 1;
+}
diff --git a/vendor/github.com/containerd/containerd/services.go b/vendor/github.com/containerd/containerd/services.go
index 395fc306510f6..d8fced55917d8 100644
--- a/vendor/github.com/containerd/containerd/services.go
+++ b/vendor/github.com/containerd/containerd/services.go
@@ -20,6 +20,7 @@ import (
 	containersapi "github.com/containerd/containerd/api/services/containers/v1"
 	"github.com/containerd/containerd/api/services/diff/v1"
 	imagesapi "github.com/containerd/containerd/api/services/images/v1"
+	introspectionapi "github.com/containerd/containerd/api/services/introspection/v1"
 	namespacesapi "github.com/containerd/containerd/api/services/namespaces/v1"
 	"github.com/containerd/containerd/api/services/tasks/v1"
 	"github.com/containerd/containerd/containers"
@@ -27,19 +28,21 @@ import (
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/leases"
 	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/services/introspection"
 	"github.com/containerd/containerd/snapshots"
 )
 
 type services struct {
-	contentStore   content.Store
-	imageStore     images.Store
-	containerStore containers.Store
-	namespaceStore namespaces.Store
-	snapshotters   map[string]snapshots.Snapshotter
-	taskService    tasks.TasksClient
-	diffService    DiffService
-	eventService   EventService
-	leasesService  leases.Manager
+	contentStore         content.Store
+	imageStore           images.Store
+	containerStore       containers.Store
+	namespaceStore       namespaces.Store
+	snapshotters         map[string]snapshots.Snapshotter
+	taskService          tasks.TasksClient
+	diffService          DiffService
+	eventService         EventService
+	leasesService        leases.Manager
+	introspectionService introspection.Service
 }
 
 // ServicesOpt allows callers to set options on the services
@@ -110,3 +113,10 @@ func WithLeasesService(leasesService leases.Manager) ServicesOpt {
 		s.leasesService = leasesService
 	}
 }
+
+// WithIntrospectionService sets the introspection service.
+func WithIntrospectionService(in introspectionapi.IntrospectionClient) ServicesOpt {
+	return func(s *services) {
+		s.introspectionService = introspection.NewIntrospectionServiceFromClient(in)
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/services/content/contentserver/contentserver.go b/vendor/github.com/containerd/containerd/services/content/contentserver/contentserver.go
new file mode 100644
index 0000000000000..7b6efdb3a5380
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/services/content/contentserver/contentserver.go
@@ -0,0 +1,463 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package contentserver
+
+import (
+	"context"
+	"io"
+	"sync"
+
+	api "github.com/containerd/containerd/api/services/content/v1"
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/log"
+	ptypes "github.com/gogo/protobuf/types"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+type service struct {
+	store content.Store
+}
+
+var bufPool = sync.Pool{
+	New: func() interface{} {
+		buffer := make([]byte, 1<<20)
+		return &buffer
+	},
+}
+
+// New returns the content GRPC server
+func New(cs content.Store) api.ContentServer {
+	return &service{store: cs}
+}
+
+func (s *service) Register(server *grpc.Server) error {
+	api.RegisterContentServer(server, s)
+	return nil
+}
+
+func (s *service) Info(ctx context.Context, req *api.InfoRequest) (*api.InfoResponse, error) {
+	if err := req.Digest.Validate(); err != nil {
+		return nil, status.Errorf(codes.InvalidArgument, "%q failed validation", req.Digest)
+	}
+
+	bi, err := s.store.Info(ctx, req.Digest)
+	if err != nil {
+		return nil, errdefs.ToGRPC(err)
+	}
+
+	return &api.InfoResponse{
+		Info: infoToGRPC(bi),
+	}, nil
+}
+
+func (s *service) Update(ctx context.Context, req *api.UpdateRequest) (*api.UpdateResponse, error) {
+	if err := req.Info.Digest.Validate(); err != nil {
+		return nil, status.Errorf(codes.InvalidArgument, "%q failed validation", req.Info.Digest)
+	}
+
+	info, err := s.store.Update(ctx, infoFromGRPC(req.Info), req.UpdateMask.GetPaths()...)
+	if err != nil {
+		return nil, errdefs.ToGRPC(err)
+	}
+
+	return &api.UpdateResponse{
+		Info: infoToGRPC(info),
+	}, nil
+}
+
+func (s *service) List(req *api.ListContentRequest, session api.Content_ListServer) error {
+	var (
+		buffer    []api.Info
+		sendBlock = func(block []api.Info) error {
+			// send last block
+			return session.Send(&api.ListContentResponse{
+				Info: block,
+			})
+		}
+	)
+
+	if err := s.store.Walk(session.Context(), func(info content.Info) error {
+		buffer = append(buffer, api.Info{
+			Digest:    info.Digest,
+			Size_:     info.Size,
+			CreatedAt: info.CreatedAt,
+			Labels:    info.Labels,
+		})
+
+		if len(buffer) >= 100 {
+			if err := sendBlock(buffer); err != nil {
+				return err
+			}
+
+			buffer = buffer[:0]
+		}
+
+		return nil
+	}, req.Filters...); err != nil {
+		return errdefs.ToGRPC(err)
+	}
+
+	if len(buffer) > 0 {
+		// send last block
+		if err := sendBlock(buffer); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (s *service) Delete(ctx context.Context, req *api.DeleteContentRequest) (*ptypes.Empty, error) {
+	log.G(ctx).WithField("digest", req.Digest).Debugf("delete content")
+	if err := req.Digest.Validate(); err != nil {
+		return nil, status.Errorf(codes.InvalidArgument, err.Error())
+	}
+
+	if err := s.store.Delete(ctx, req.Digest); err != nil {
+		return nil, errdefs.ToGRPC(err)
+	}
+
+	return &ptypes.Empty{}, nil
+}
+
+func (s *service) Read(req *api.ReadContentRequest, session api.Content_ReadServer) error {
+	if err := req.Digest.Validate(); err != nil {
+		return status.Errorf(codes.InvalidArgument, "%v: %v", req.Digest, err)
+	}
+
+	oi, err := s.store.Info(session.Context(), req.Digest)
+	if err != nil {
+		return errdefs.ToGRPC(err)
+	}
+
+	ra, err := s.store.ReaderAt(session.Context(), ocispec.Descriptor{Digest: req.Digest})
+	if err != nil {
+		return errdefs.ToGRPC(err)
+	}
+	defer ra.Close()
+
+	var (
+		offset = req.Offset
+		// size is read size, not the expected size of the blob (oi.Size), which the caller might not be aware of.
+		// offset+size can be larger than oi.Size.
+		size = req.Size_
+
+		// TODO(stevvooe): Using the global buffer pool. At 32KB, it is probably
+		// little inefficient for work over a fast network. We can tune this later.
+		p = bufPool.Get().(*[]byte)
+	)
+	defer bufPool.Put(p)
+
+	if offset < 0 {
+		offset = 0
+	}
+
+	if offset > oi.Size {
+		return status.Errorf(codes.OutOfRange, "read past object length %v bytes", oi.Size)
+	}
+
+	if size <= 0 || offset+size > oi.Size {
+		size = oi.Size - offset
+	}
+
+	_, err = io.CopyBuffer(
+		&readResponseWriter{session: session},
+		io.NewSectionReader(ra, offset, size), *p)
+	return errdefs.ToGRPC(err)
+}
+
+// readResponseWriter is a writer that places the output into ReadContentRequest messages.
+//
+// This allows io.CopyBuffer to do the heavy lifting of chunking the responses
+// into the buffer size.
+type readResponseWriter struct {
+	offset  int64
+	session api.Content_ReadServer
+}
+
+func (rw *readResponseWriter) Write(p []byte) (n int, err error) {
+	if err := rw.session.Send(&api.ReadContentResponse{
+		Offset: rw.offset,
+		Data:   p,
+	}); err != nil {
+		return 0, err
+	}
+
+	rw.offset += int64(len(p))
+	return len(p), nil
+}
+
+func (s *service) Status(ctx context.Context, req *api.StatusRequest) (*api.StatusResponse, error) {
+	status, err := s.store.Status(ctx, req.Ref)
+	if err != nil {
+		return nil, errdefs.ToGRPCf(err, "could not get status for ref %q", req.Ref)
+	}
+
+	var resp api.StatusResponse
+	resp.Status = &api.Status{
+		StartedAt: status.StartedAt,
+		UpdatedAt: status.UpdatedAt,
+		Ref:       status.Ref,
+		Offset:    status.Offset,
+		Total:     status.Total,
+		Expected:  status.Expected,
+	}
+
+	return &resp, nil
+}
+
+func (s *service) ListStatuses(ctx context.Context, req *api.ListStatusesRequest) (*api.ListStatusesResponse, error) {
+	statuses, err := s.store.ListStatuses(ctx, req.Filters...)
+	if err != nil {
+		return nil, errdefs.ToGRPC(err)
+	}
+
+	var resp api.ListStatusesResponse
+	for _, status := range statuses {
+		resp.Statuses = append(resp.Statuses, api.Status{
+			StartedAt: status.StartedAt,
+			UpdatedAt: status.UpdatedAt,
+			Ref:       status.Ref,
+			Offset:    status.Offset,
+			Total:     status.Total,
+			Expected:  status.Expected,
+		})
+	}
+
+	return &resp, nil
+}
+
+func (s *service) Write(session api.Content_WriteServer) (err error) {
+	var (
+		ctx      = session.Context()
+		msg      api.WriteContentResponse
+		req      *api.WriteContentRequest
+		ref      string
+		total    int64
+		expected digest.Digest
+	)
+
+	defer func(msg *api.WriteContentResponse) {
+		// pump through the last message if no error was encountered
+		if err != nil {
+			if s, ok := status.FromError(err); ok && s.Code() != codes.AlreadyExists {
+				// TODO(stevvooe): Really need a log line here to track which
+				// errors are actually causing failure on the server side. May want
+				// to configure the service with an interceptor to make this work
+				// identically across all GRPC methods.
+				//
+				// This is pretty noisy, so we can remove it but leave it for now.
+				log.G(ctx).WithError(err).Error("(*service).Write failed")
+			}
+
+			return
+		}
+
+		err = session.Send(msg)
+	}(&msg)
+
+	// handle the very first request!
+	req, err = session.Recv()
+	if err != nil {
+		return err
+	}
+
+	ref = req.Ref
+
+	if ref == "" {
+		return status.Errorf(codes.InvalidArgument, "first message must have a reference")
+	}
+
+	fields := logrus.Fields{
+		"ref": ref,
+	}
+	total = req.Total
+	expected = req.Expected
+	if total > 0 {
+		fields["total"] = total
+	}
+
+	if expected != "" {
+		fields["expected"] = expected
+	}
+
+	ctx = log.WithLogger(ctx, log.G(ctx).WithFields(fields))
+
+	log.G(ctx).Debug("(*service).Write started")
+	// this action locks the writer for the session.
+	wr, err := s.store.Writer(ctx,
+		content.WithRef(ref),
+		content.WithDescriptor(ocispec.Descriptor{Size: total, Digest: expected}))
+	if err != nil {
+		return errdefs.ToGRPC(err)
+	}
+	defer wr.Close()
+
+	for {
+		msg.Action = req.Action
+		ws, err := wr.Status()
+		if err != nil {
+			return errdefs.ToGRPC(err)
+		}
+
+		msg.Offset = ws.Offset // always set the offset.
+
+		// NOTE(stevvooe): In general, there are two cases underwhich a remote
+		// writer is used.
+		//
+		// For pull, we almost always have this before fetching large content,
+		// through descriptors. We allow predeclaration of the expected size
+		// and digest.
+		//
+		// For push, it is more complex. If we want to cut through content into
+		// storage, we may have no expectation until we are done processing the
+		// content. The case here is the following:
+		//
+		// 	1. Start writing content.
+		// 	2. Compress inline.
+		// 	3. Validate digest and size (maybe).
+		//
+		// Supporting these two paths is quite awkward but it lets both API
+		// users use the same writer style for each with a minimum of overhead.
+		if req.Expected != "" {
+			if expected != "" && expected != req.Expected {
+				log.G(ctx).Debugf("commit digest differs from writer digest: %v != %v", req.Expected, expected)
+			}
+			expected = req.Expected
+
+			if _, err := s.store.Info(session.Context(), req.Expected); err == nil {
+				if err := wr.Close(); err != nil {
+					log.G(ctx).WithError(err).Error("failed to close writer")
+				}
+				if err := s.store.Abort(session.Context(), ref); err != nil {
+					log.G(ctx).WithError(err).Error("failed to abort write")
+				}
+
+				return status.Errorf(codes.AlreadyExists, "blob with expected digest %v exists", req.Expected)
+			}
+		}
+
+		if req.Total > 0 {
+			// Update the expected total. Typically, this could be seen at
+			// negotiation time or on a commit message.
+			if total > 0 && req.Total != total {
+				log.G(ctx).Debugf("commit size differs from writer size: %v != %v", req.Total, total)
+			}
+			total = req.Total
+		}
+
+		switch req.Action {
+		case api.WriteActionStat:
+			msg.Digest = wr.Digest()
+			msg.StartedAt = ws.StartedAt
+			msg.UpdatedAt = ws.UpdatedAt
+			msg.Total = total
+		case api.WriteActionWrite, api.WriteActionCommit:
+			if req.Offset > 0 {
+				// validate the offset if provided
+				if req.Offset != ws.Offset {
+					return status.Errorf(codes.OutOfRange, "write @%v must occur at current offset %v", req.Offset, ws.Offset)
+				}
+			}
+
+			if req.Offset == 0 && ws.Offset > 0 {
+				if err := wr.Truncate(req.Offset); err != nil {
+					return errors.Wrapf(err, "truncate failed")
+				}
+				msg.Offset = req.Offset
+			}
+
+			// issue the write if we actually have data.
+			if len(req.Data) > 0 {
+				// While this looks like we could use io.WriterAt here, because we
+				// maintain the offset as append only, we just issue the write.
+				n, err := wr.Write(req.Data)
+				if err != nil {
+					return errdefs.ToGRPC(err)
+				}
+
+				if n != len(req.Data) {
+					// TODO(stevvooe): Perhaps, we can recover this by including it
+					// in the offset on the write return.
+					return status.Errorf(codes.DataLoss, "wrote %v of %v bytes", n, len(req.Data))
+				}
+
+				msg.Offset += int64(n)
+			}
+
+			if req.Action == api.WriteActionCommit {
+				var opts []content.Opt
+				if req.Labels != nil {
+					opts = append(opts, content.WithLabels(req.Labels))
+				}
+				if err := wr.Commit(ctx, total, expected, opts...); err != nil {
+					return errdefs.ToGRPC(err)
+				}
+			}
+
+			msg.Digest = wr.Digest()
+		}
+
+		if err := session.Send(&msg); err != nil {
+			return err
+		}
+
+		req, err = session.Recv()
+		if err != nil {
+			if err == io.EOF {
+				return nil
+			}
+
+			return err
+		}
+	}
+}
+
+func (s *service) Abort(ctx context.Context, req *api.AbortRequest) (*ptypes.Empty, error) {
+	if err := s.store.Abort(ctx, req.Ref); err != nil {
+		return nil, errdefs.ToGRPC(err)
+	}
+
+	return &ptypes.Empty{}, nil
+}
+
+func infoToGRPC(info content.Info) api.Info {
+	return api.Info{
+		Digest:    info.Digest,
+		Size_:     info.Size,
+		CreatedAt: info.CreatedAt,
+		UpdatedAt: info.UpdatedAt,
+		Labels:    info.Labels,
+	}
+}
+
+func infoFromGRPC(info api.Info) content.Info {
+	return content.Info{
+		Digest:    info.Digest,
+		Size:      info.Size_,
+		CreatedAt: info.CreatedAt,
+		UpdatedAt: info.UpdatedAt,
+		Labels:    info.Labels,
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/services/introspection/introspection.go b/vendor/github.com/containerd/containerd/services/introspection/introspection.go
new file mode 100644
index 0000000000000..71758fad88b86
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/services/introspection/introspection.go
@@ -0,0 +1,66 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package introspection
+
+import (
+	context "context"
+
+	api "github.com/containerd/containerd/api/services/introspection/v1"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/log"
+	ptypes "github.com/gogo/protobuf/types"
+)
+
+// Service defines the instrospection service interface
+type Service interface {
+	Plugins(context.Context, []string) (*api.PluginsResponse, error)
+	Server(context.Context, *ptypes.Empty) (*api.ServerResponse, error)
+}
+
+type introspectionRemote struct {
+	client api.IntrospectionClient
+}
+
+var _ = (Service)(&introspectionRemote{})
+
+// NewIntrospectionServiceFromClient creates a new introspection service from an API client
+func NewIntrospectionServiceFromClient(c api.IntrospectionClient) Service {
+	return &introspectionRemote{client: c}
+}
+
+func (i *introspectionRemote) Plugins(ctx context.Context, filters []string) (*api.PluginsResponse, error) {
+	log.G(ctx).WithField("filters", filters).Debug("remote introspection plugin filters")
+	resp, err := i.client.Plugins(ctx, &api.PluginsRequest{
+		Filters: filters,
+	})
+
+	if err != nil {
+		return nil, errdefs.FromGRPC(err)
+	}
+
+	return resp, nil
+}
+
+func (i *introspectionRemote) Server(ctx context.Context, in *ptypes.Empty) (*api.ServerResponse, error) {
+	resp, err := i.client.Server(ctx, in)
+
+	if err != nil {
+		return nil, errdefs.FromGRPC(err)
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/containerd/containerd/services/introspection/local.go b/vendor/github.com/containerd/containerd/services/introspection/local.go
new file mode 100644
index 0000000000000..988f1e834bdbc
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/services/introspection/local.go
@@ -0,0 +1,231 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package introspection
+
+import (
+	context "context"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sync"
+
+	api "github.com/containerd/containerd/api/services/introspection/v1"
+	"github.com/containerd/containerd/api/types"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/filters"
+	"github.com/containerd/containerd/plugin"
+	"github.com/containerd/containerd/services"
+	"github.com/gogo/googleapis/google/rpc"
+	ptypes "github.com/gogo/protobuf/types"
+	"github.com/google/uuid"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/status"
+)
+
+func init() {
+	plugin.Register(&plugin.Registration{
+		Type:     plugin.ServicePlugin,
+		ID:       services.IntrospectionService,
+		Requires: []plugin.Type{},
+		InitFn: func(ic *plugin.InitContext) (interface{}, error) {
+			// this service works by using the plugin context up till the point
+			// this service is initialized. Since we require this service last,
+			// it should provide the full set of plugins.
+			pluginsPB := pluginsToPB(ic.GetAll())
+			return &Local{
+				plugins: pluginsPB,
+				root:    ic.Root,
+			}, nil
+		},
+	})
+}
+
+// Local is a local implementation of the introspection service
+type Local struct {
+	mu      sync.Mutex
+	plugins []api.Plugin
+	root    string
+}
+
+var _ = (api.IntrospectionClient)(&Local{})
+
+// UpdateLocal updates the local introspection service
+func (l *Local) UpdateLocal(root string, plugins []api.Plugin) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	l.root = root
+	l.plugins = plugins
+}
+
+// Plugins returns the locally defined plugins
+func (l *Local) Plugins(ctx context.Context, req *api.PluginsRequest, _ ...grpc.CallOption) (*api.PluginsResponse, error) {
+	filter, err := filters.ParseAll(req.Filters...)
+	if err != nil {
+		return nil, errdefs.ToGRPCf(errdefs.ErrInvalidArgument, err.Error())
+	}
+
+	var plugins []api.Plugin
+	allPlugins := l.getPlugins()
+	for _, p := range allPlugins {
+		if !filter.Match(adaptPlugin(p)) {
+			continue
+		}
+
+		plugins = append(plugins, p)
+	}
+
+	return &api.PluginsResponse{
+		Plugins: plugins,
+	}, nil
+}
+
+func (l *Local) getPlugins() []api.Plugin {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	return l.plugins
+}
+
+// Server returns the local server information
+func (l *Local) Server(ctx context.Context, _ *ptypes.Empty, _ ...grpc.CallOption) (*api.ServerResponse, error) {
+	u, err := l.getUUID()
+	if err != nil {
+		return nil, errdefs.ToGRPC(err)
+	}
+	return &api.ServerResponse{
+		UUID: u,
+	}, nil
+}
+
+func (l *Local) getUUID() (string, error) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	data, err := ioutil.ReadFile(l.uuidPath())
+	if err != nil {
+		if os.IsNotExist(err) {
+			return l.generateUUID()
+		}
+		return "", err
+	}
+	u := string(data)
+	if _, err := uuid.Parse(u); err != nil {
+		return "", err
+	}
+	return u, nil
+}
+
+func (l *Local) generateUUID() (string, error) {
+	u, err := uuid.NewRandom()
+	if err != nil {
+		return "", err
+	}
+	path := l.uuidPath()
+	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
+		return "", err
+	}
+	uu := u.String()
+	if err := ioutil.WriteFile(path, []byte(uu), 0666); err != nil {
+		return "", err
+	}
+	return uu, nil
+}
+
+func (l *Local) uuidPath() string {
+	return filepath.Join(l.root, "uuid")
+}
+
+func adaptPlugin(o interface{}) filters.Adaptor {
+	obj := o.(api.Plugin)
+	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
+		if len(fieldpath) == 0 {
+			return "", false
+		}
+
+		switch fieldpath[0] {
+		case "type":
+			return obj.Type, len(obj.Type) > 0
+		case "id":
+			return obj.ID, len(obj.ID) > 0
+		case "platforms":
+			// TODO(stevvooe): Another case here where have multiple values.
+			// May need to refactor the filter system to allow filtering by
+			// platform, if this is required.
+		case "capabilities":
+			// TODO(stevvooe): Need a better way to match against
+			// collections. We can only return "the value" but really it
+			// would be best if we could return a set of values for the
+			// path, any of which could match.
+		}
+
+		return "", false
+	})
+}
+
+func pluginsToPB(plugins []*plugin.Plugin) []api.Plugin {
+	var pluginsPB []api.Plugin
+	for _, p := range plugins {
+		var platforms []types.Platform
+		for _, p := range p.Meta.Platforms {
+			platforms = append(platforms, types.Platform{
+				OS:           p.OS,
+				Architecture: p.Architecture,
+				Variant:      p.Variant,
+			})
+		}
+
+		var requires []string
+		for _, r := range p.Registration.Requires {
+			requires = append(requires, r.String())
+		}
+
+		var initErr *rpc.Status
+		if err := p.Err(); err != nil {
+			st, ok := status.FromError(errdefs.ToGRPC(err))
+			if ok {
+				var details []*ptypes.Any
+				for _, d := range st.Proto().Details {
+					details = append(details, &ptypes.Any{
+						TypeUrl: d.TypeUrl,
+						Value:   d.Value,
+					})
+				}
+				initErr = &rpc.Status{
+					Code:    int32(st.Code()),
+					Message: st.Message(),
+					Details: details,
+				}
+			} else {
+				initErr = &rpc.Status{
+					Code:    int32(rpc.UNKNOWN),
+					Message: err.Error(),
+				}
+			}
+		}
+
+		pluginsPB = append(pluginsPB, api.Plugin{
+			Type:         p.Registration.Type.String(),
+			ID:           p.Registration.ID,
+			Requires:     requires,
+			Platforms:    platforms,
+			Capabilities: p.Meta.Capabilities,
+			Exports:      p.Meta.Exports,
+			InitErr:      initErr,
+		})
+	}
+
+	return pluginsPB
+}
diff --git a/vendor/github.com/containerd/containerd/services/introspection/service.go b/vendor/github.com/containerd/containerd/services/introspection/service.go
new file mode 100644
index 0000000000000..b8c54afc028bd
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/services/introspection/service.go
@@ -0,0 +1,85 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package introspection
+
+import (
+	context "context"
+
+	api "github.com/containerd/containerd/api/services/introspection/v1"
+	"github.com/containerd/containerd/plugin"
+	"github.com/containerd/containerd/services"
+	ptypes "github.com/gogo/protobuf/types"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc"
+)
+
+func init() {
+	plugin.Register(&plugin.Registration{
+		Type:     plugin.GRPCPlugin,
+		ID:       "introspection",
+		Requires: []plugin.Type{"*"},
+		InitFn: func(ic *plugin.InitContext) (interface{}, error) {
+			// this service works by using the plugin context up till the point
+			// this service is initialized. Since we require this service last,
+			// it should provide the full set of plugins.
+			plugins, err := ic.GetByType(plugin.ServicePlugin)
+			if err != nil {
+				return nil, err
+			}
+			p, ok := plugins[services.IntrospectionService]
+			if !ok {
+				return nil, errors.New("introspection service not found")
+			}
+
+			i, err := p.Instance()
+			if err != nil {
+				return nil, err
+			}
+
+			allPluginsPB := pluginsToPB(ic.GetAll())
+
+			localClient, ok := i.(*Local)
+			if !ok {
+				return nil, errors.Errorf("Could not create a local client for introspection service")
+			}
+			localClient.UpdateLocal(ic.Root, allPluginsPB)
+
+			return &server{
+				local: localClient,
+			}, nil
+		},
+	})
+}
+
+type server struct {
+	local api.IntrospectionClient
+}
+
+var _ = (api.IntrospectionServer)(&server{})
+
+func (s *server) Register(server *grpc.Server) error {
+	api.RegisterIntrospectionServer(server, s)
+	return nil
+}
+
+func (s *server) Plugins(ctx context.Context, req *api.PluginsRequest) (*api.PluginsResponse, error) {
+	return s.local.Plugins(ctx, req)
+}
+
+func (s *server) Server(ctx context.Context, empty *ptypes.Empty) (*api.ServerResponse, error) {
+	return s.local.Server(ctx, empty)
+}
diff --git a/vendor/github.com/containerd/containerd/services/server/config.go b/vendor/github.com/containerd/containerd/services/server/config.go
deleted file mode 100644
index a91d5fffd9ee1..0000000000000
--- a/vendor/github.com/containerd/containerd/services/server/config.go
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package server
-
-import (
-	"github.com/BurntSushi/toml"
-	"github.com/containerd/containerd/errdefs"
-	"github.com/pkg/errors"
-)
-
-// Config provides containerd configuration data for the server
-type Config struct {
-	// Root is the path to a directory where containerd will store persistent data
-	Root string `toml:"root"`
-	// State is the path to a directory where containerd will store transient data
-	State string `toml:"state"`
-	// GRPC configuration settings
-	GRPC GRPCConfig `toml:"grpc"`
-	// Debug and profiling settings
-	Debug Debug `toml:"debug"`
-	// Metrics and monitoring settings
-	Metrics MetricsConfig `toml:"metrics"`
-	// DisabledPlugins are IDs of plugins to disable. Disabled plugins won't be
-	// initialized and started.
-	DisabledPlugins []string `toml:"disabled_plugins"`
-	// Plugins provides plugin specific configuration for the initialization of a plugin
-	Plugins map[string]toml.Primitive `toml:"plugins"`
-	// OOMScore adjust the containerd's oom score
-	OOMScore int `toml:"oom_score"`
-	// Cgroup specifies cgroup information for the containerd daemon process
-	Cgroup CgroupConfig `toml:"cgroup"`
-	// ProxyPlugins configures plugins which are communicated to over GRPC
-	ProxyPlugins map[string]ProxyPlugin `toml:"proxy_plugins"`
-
-	md toml.MetaData
-}
-
-// GRPCConfig provides GRPC configuration for the socket
-type GRPCConfig struct {
-	Address        string `toml:"address"`
-	UID            int    `toml:"uid"`
-	GID            int    `toml:"gid"`
-	MaxRecvMsgSize int    `toml:"max_recv_message_size"`
-	MaxSendMsgSize int    `toml:"max_send_message_size"`
-}
-
-// Debug provides debug configuration
-type Debug struct {
-	Address string `toml:"address"`
-	UID     int    `toml:"uid"`
-	GID     int    `toml:"gid"`
-	Level   string `toml:"level"`
-}
-
-// MetricsConfig provides metrics configuration
-type MetricsConfig struct {
-	Address       string `toml:"address"`
-	GRPCHistogram bool   `toml:"grpc_histogram"`
-}
-
-// CgroupConfig provides cgroup configuration
-type CgroupConfig struct {
-	Path string `toml:"path"`
-}
-
-// ProxyPlugin provides a proxy plugin configuration
-type ProxyPlugin struct {
-	Type    string `toml:"type"`
-	Address string `toml:"address"`
-}
-
-// Decode unmarshals a plugin specific configuration by plugin id
-func (c *Config) Decode(id string, v interface{}) (interface{}, error) {
-	data, ok := c.Plugins[id]
-	if !ok {
-		return v, nil
-	}
-	if err := c.md.PrimitiveDecode(data, v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// LoadConfig loads the containerd server config from the provided path
-func LoadConfig(path string, v *Config) error {
-	if v == nil {
-		return errors.Wrapf(errdefs.ErrInvalidArgument, "argument v must not be nil")
-	}
-	md, err := toml.DecodeFile(path, v)
-	if err != nil {
-		return err
-	}
-	v.md = md
-	return nil
-}
diff --git a/vendor/github.com/containerd/containerd/services/server/config/config.go b/vendor/github.com/containerd/containerd/services/server/config/config.go
new file mode 100644
index 0000000000000..6aafe36a5d6cd
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/services/server/config/config.go
@@ -0,0 +1,372 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package config
+
+import (
+	"path/filepath"
+	"strings"
+
+	"github.com/imdario/mergo"
+	"github.com/pelletier/go-toml"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/plugin"
+)
+
+// NOTE: Any new map fields added also need to be handled in mergeConfig.
+
+// Config provides containerd configuration data for the server
+type Config struct {
+	// Version of the config file
+	Version int `toml:"version"`
+	// Root is the path to a directory where containerd will store persistent data
+	Root string `toml:"root"`
+	// State is the path to a directory where containerd will store transient data
+	State string `toml:"state"`
+	// PluginDir is the directory for dynamic plugins to be stored
+	PluginDir string `toml:"plugin_dir"`
+	// GRPC configuration settings
+	GRPC GRPCConfig `toml:"grpc"`
+	// TTRPC configuration settings
+	TTRPC TTRPCConfig `toml:"ttrpc"`
+	// Debug and profiling settings
+	Debug Debug `toml:"debug"`
+	// Metrics and monitoring settings
+	Metrics MetricsConfig `toml:"metrics"`
+	// DisabledPlugins are IDs of plugins to disable. Disabled plugins won't be
+	// initialized and started.
+	DisabledPlugins []string `toml:"disabled_plugins"`
+	// RequiredPlugins are IDs of required plugins. Containerd exits if any
+	// required plugin doesn't exist or fails to be initialized or started.
+	RequiredPlugins []string `toml:"required_plugins"`
+	// Plugins provides plugin specific configuration for the initialization of a plugin
+	Plugins map[string]toml.Tree `toml:"plugins"`
+	// OOMScore adjust the containerd's oom score
+	OOMScore int `toml:"oom_score"`
+	// Cgroup specifies cgroup information for the containerd daemon process
+	Cgroup CgroupConfig `toml:"cgroup"`
+	// ProxyPlugins configures plugins which are communicated to over GRPC
+	ProxyPlugins map[string]ProxyPlugin `toml:"proxy_plugins"`
+	// Timeouts specified as a duration
+	Timeouts map[string]string `toml:"timeouts"`
+	// Imports are additional file path list to config files that can overwrite main config file fields
+	Imports []string `toml:"imports"`
+
+	StreamProcessors map[string]StreamProcessor `toml:"stream_processors"`
+}
+
+// StreamProcessor provides configuration for diff content processors
+type StreamProcessor struct {
+	// Accepts specific media-types
+	Accepts []string `toml:"accepts"`
+	// Returns the media-type
+	Returns string `toml:"returns"`
+	// Path or name of the binary
+	Path string `toml:"path"`
+	// Args to the binary
+	Args []string `toml:"args"`
+	// Environment variables for the binary
+	Env []string `toml:"env"`
+}
+
+// GetVersion returns the config file's version
+func (c *Config) GetVersion() int {
+	if c.Version == 0 {
+		return 1
+	}
+	return c.Version
+}
+
+// ValidateV2 validates the config for a v2 file
+func (c *Config) ValidateV2() error {
+	version := c.GetVersion()
+	if version < 2 {
+		logrus.Warnf("deprecated version : `%d`, please switch to version `2`", version)
+		return nil
+	}
+	for _, p := range c.DisabledPlugins {
+		if len(strings.Split(p, ".")) < 4 {
+			return errors.Errorf("invalid disabled plugin URI %q expect io.containerd.x.vx", p)
+		}
+	}
+	for _, p := range c.RequiredPlugins {
+		if len(strings.Split(p, ".")) < 4 {
+			return errors.Errorf("invalid required plugin URI %q expect io.containerd.x.vx", p)
+		}
+	}
+	for p := range c.Plugins {
+		if len(strings.Split(p, ".")) < 4 {
+			return errors.Errorf("invalid plugin key URI %q expect io.containerd.x.vx", p)
+		}
+	}
+	return nil
+}
+
+// GRPCConfig provides GRPC configuration for the socket
+type GRPCConfig struct {
+	Address        string `toml:"address"`
+	TCPAddress     string `toml:"tcp_address"`
+	TCPTLSCert     string `toml:"tcp_tls_cert"`
+	TCPTLSKey      string `toml:"tcp_tls_key"`
+	UID            int    `toml:"uid"`
+	GID            int    `toml:"gid"`
+	MaxRecvMsgSize int    `toml:"max_recv_message_size"`
+	MaxSendMsgSize int    `toml:"max_send_message_size"`
+}
+
+// TTRPCConfig provides TTRPC configuration for the socket
+type TTRPCConfig struct {
+	Address string `toml:"address"`
+	UID     int    `toml:"uid"`
+	GID     int    `toml:"gid"`
+}
+
+// Debug provides debug configuration
+type Debug struct {
+	Address string `toml:"address"`
+	UID     int    `toml:"uid"`
+	GID     int    `toml:"gid"`
+	Level   string `toml:"level"`
+	// Format represents the logging format
+	Format string `toml:"format"`
+}
+
+// MetricsConfig provides metrics configuration
+type MetricsConfig struct {
+	Address       string `toml:"address"`
+	GRPCHistogram bool   `toml:"grpc_histogram"`
+}
+
+// CgroupConfig provides cgroup configuration
+type CgroupConfig struct {
+	Path string `toml:"path"`
+}
+
+// ProxyPlugin provides a proxy plugin configuration
+type ProxyPlugin struct {
+	Type    string `toml:"type"`
+	Address string `toml:"address"`
+}
+
+// BoltConfig defines the configuration values for the bolt plugin, which is
+// loaded here, rather than back registered in the metadata package.
+type BoltConfig struct {
+	// ContentSharingPolicy sets the sharing policy for content between
+	// namespaces.
+	//
+	// The default mode "shared" will make blobs available in all
+	// namespaces once it is pulled into any namespace. The blob will be pulled
+	// into the namespace if a writer is opened with the "Expected" digest that
+	// is already present in the backend.
+	//
+	// The alternative mode, "isolated" requires that clients prove they have
+	// access to the content by providing all of the content to the ingest
+	// before the blob is added to the namespace.
+	//
+	// Both modes share backing data, while "shared" will reduce total
+	// bandwidth across namespaces, at the cost of allowing access to any blob
+	// just by knowing its digest.
+	ContentSharingPolicy string `toml:"content_sharing_policy"`
+}
+
+const (
+	// SharingPolicyShared represents the "shared" sharing policy
+	SharingPolicyShared = "shared"
+	// SharingPolicyIsolated represents the "isolated" sharing policy
+	SharingPolicyIsolated = "isolated"
+)
+
+// Validate validates if BoltConfig is valid
+func (bc *BoltConfig) Validate() error {
+	switch bc.ContentSharingPolicy {
+	case SharingPolicyShared, SharingPolicyIsolated:
+		return nil
+	default:
+		return errors.Wrapf(errdefs.ErrInvalidArgument, "unknown policy: %s", bc.ContentSharingPolicy)
+	}
+}
+
+// Decode unmarshals a plugin specific configuration by plugin id
+func (c *Config) Decode(p *plugin.Registration) (interface{}, error) {
+	id := p.URI()
+	if c.GetVersion() == 1 {
+		id = p.ID
+	}
+	data, ok := c.Plugins[id]
+	if !ok {
+		return p.Config, nil
+	}
+	if err := data.Unmarshal(p.Config); err != nil {
+		return nil, err
+	}
+	return p.Config, nil
+}
+
+// LoadConfig loads the containerd server config from the provided path
+func LoadConfig(path string, out *Config) error {
+	if out == nil {
+		return errors.Wrapf(errdefs.ErrInvalidArgument, "argument out must not be nil")
+	}
+
+	var (
+		loaded  = map[string]bool{}
+		pending = []string{path}
+	)
+
+	for len(pending) > 0 {
+		path, pending = pending[0], pending[1:]
+
+		// Check if a file at the given path already loaded to prevent circular imports
+		if _, ok := loaded[path]; ok {
+			continue
+		}
+
+		config, err := loadConfigFile(path)
+		if err != nil {
+			return err
+		}
+
+		if err := mergeConfig(out, config); err != nil {
+			return err
+		}
+
+		imports, err := resolveImports(path, config.Imports)
+		if err != nil {
+			return err
+		}
+
+		loaded[path] = true
+		pending = append(pending, imports...)
+	}
+
+	// Fix up the list of config files loaded
+	out.Imports = []string{}
+	for path := range loaded {
+		out.Imports = append(out.Imports, path)
+	}
+
+	err := out.ValidateV2()
+	if err != nil {
+		return errors.Wrapf(err, "failed to load TOML from %s", path)
+	}
+	return nil
+}
+
+// loadConfigFile decodes a TOML file at the given path
+func loadConfigFile(path string) (*Config, error) {
+	config := &Config{}
+
+	file, err := toml.LoadFile(path)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to load TOML: %s", path)
+	}
+
+	if err := file.Unmarshal(config); err != nil {
+		return nil, errors.Wrap(err, "failed to unmarshal TOML")
+	}
+
+	return config, nil
+}
+
+// resolveImports resolves import strings list to absolute paths list:
+// - If path contains *, glob pattern matching applied
+// - Non abs path is relative to parent config file directory
+// - Abs paths returned as is
+func resolveImports(parent string, imports []string) ([]string, error) {
+	var out []string
+
+	for _, path := range imports {
+		if strings.Contains(path, "*") {
+			matches, err := filepath.Glob(path)
+			if err != nil {
+				return nil, err
+			}
+
+			out = append(out, matches...)
+		} else {
+			path = filepath.Clean(path)
+			if !filepath.IsAbs(path) {
+				path = filepath.Join(filepath.Dir(parent), path)
+			}
+
+			out = append(out, path)
+		}
+	}
+
+	return out, nil
+}
+
+// mergeConfig merges Config structs with the following rules:
+// 'to'         'from'      'result'
+// ""           "value"     "value"
+// "value"      ""          "value"
+// 1            0           1
+// 0            1           1
+// []{"1"}      []{"2"}     []{"1","2"}
+// []{"1"}      []{}        []{"1"}
+// Maps merged by keys, but values are replaced entirely.
+func mergeConfig(to, from *Config) error {
+	err := mergo.Merge(to, from, mergo.WithOverride, mergo.WithAppendSlice)
+	if err != nil {
+		return err
+	}
+
+	// Replace entire sections instead of merging map's values.
+	for k, v := range from.Plugins {
+		to.Plugins[k] = v
+	}
+
+	for k, v := range from.StreamProcessors {
+		to.StreamProcessors[k] = v
+	}
+
+	for k, v := range from.ProxyPlugins {
+		to.ProxyPlugins[k] = v
+	}
+
+	for k, v := range from.Timeouts {
+		to.Timeouts[k] = v
+	}
+
+	return nil
+}
+
+// V1DisabledFilter matches based on ID
+func V1DisabledFilter(list []string) plugin.DisableFilter {
+	set := make(map[string]struct{}, len(list))
+	for _, l := range list {
+		set[l] = struct{}{}
+	}
+	return func(r *plugin.Registration) bool {
+		_, ok := set[r.ID]
+		return ok
+	}
+}
+
+// V2DisabledFilter matches based on URI
+func V2DisabledFilter(list []string) plugin.DisableFilter {
+	set := make(map[string]struct{}, len(list))
+	for _, l := range list {
+		set[l] = struct{}{}
+	}
+	return func(r *plugin.Registration) bool {
+		_, ok := set[r.URI()]
+		return ok
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/services/server/server.go b/vendor/github.com/containerd/containerd/services/server/server.go
deleted file mode 100644
index ed10766f3d9c1..0000000000000
--- a/vendor/github.com/containerd/containerd/services/server/server.go
+++ /dev/null
@@ -1,362 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package server
-
-import (
-	"context"
-	"expvar"
-	"io"
-	"net"
-	"net/http"
-	"net/http/pprof"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
-	"time"
-
-	csapi "github.com/containerd/containerd/api/services/content/v1"
-	ssapi "github.com/containerd/containerd/api/services/snapshots/v1"
-	"github.com/containerd/containerd/content"
-	"github.com/containerd/containerd/content/local"
-	csproxy "github.com/containerd/containerd/content/proxy"
-	"github.com/containerd/containerd/defaults"
-	"github.com/containerd/containerd/events/exchange"
-	"github.com/containerd/containerd/log"
-	"github.com/containerd/containerd/metadata"
-	"github.com/containerd/containerd/pkg/dialer"
-	"github.com/containerd/containerd/plugin"
-	"github.com/containerd/containerd/snapshots"
-	ssproxy "github.com/containerd/containerd/snapshots/proxy"
-	metrics "github.com/docker/go-metrics"
-	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
-	"github.com/pkg/errors"
-	bolt "go.etcd.io/bbolt"
-	"google.golang.org/grpc"
-)
-
-// New creates and initializes a new containerd server
-func New(ctx context.Context, config *Config) (*Server, error) {
-	switch {
-	case config.Root == "":
-		return nil, errors.New("root must be specified")
-	case config.State == "":
-		return nil, errors.New("state must be specified")
-	case config.Root == config.State:
-		return nil, errors.New("root and state must be different paths")
-	}
-
-	if err := os.MkdirAll(config.Root, 0711); err != nil {
-		return nil, err
-	}
-	if err := os.MkdirAll(config.State, 0711); err != nil {
-		return nil, err
-	}
-	if err := apply(ctx, config); err != nil {
-		return nil, err
-	}
-	plugins, err := LoadPlugins(ctx, config)
-	if err != nil {
-		return nil, err
-	}
-
-	serverOpts := []grpc.ServerOption{
-		grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor),
-		grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor),
-	}
-	if config.GRPC.MaxRecvMsgSize > 0 {
-		serverOpts = append(serverOpts, grpc.MaxRecvMsgSize(config.GRPC.MaxRecvMsgSize))
-	}
-	if config.GRPC.MaxSendMsgSize > 0 {
-		serverOpts = append(serverOpts, grpc.MaxSendMsgSize(config.GRPC.MaxSendMsgSize))
-	}
-	rpc := grpc.NewServer(serverOpts...)
-	var (
-		services []plugin.Service
-		s        = &Server{
-			rpc:    rpc,
-			events: exchange.NewExchange(),
-			config: config,
-		}
-		initialized = plugin.NewPluginSet()
-	)
-	for _, p := range plugins {
-		id := p.URI()
-		log.G(ctx).WithField("type", p.Type).Infof("loading plugin %q...", id)
-
-		initContext := plugin.NewContext(
-			ctx,
-			p,
-			initialized,
-			config.Root,
-			config.State,
-		)
-		initContext.Events = s.events
-		initContext.Address = config.GRPC.Address
-
-		// load the plugin specific configuration if it is provided
-		if p.Config != nil {
-			pluginConfig, err := config.Decode(p.ID, p.Config)
-			if err != nil {
-				return nil, err
-			}
-			initContext.Config = pluginConfig
-		}
-		result := p.Init(initContext)
-		if err := initialized.Add(result); err != nil {
-			return nil, errors.Wrapf(err, "could not add plugin result to plugin set")
-		}
-
-		instance, err := result.Instance()
-		if err != nil {
-			if plugin.IsSkipPlugin(err) {
-				log.G(ctx).WithField("type", p.Type).Infof("skip loading plugin %q...", id)
-			} else {
-				log.G(ctx).WithError(err).Warnf("failed to load plugin %s", id)
-			}
-			continue
-		}
-		// check for grpc services that should be registered with the server
-		if service, ok := instance.(plugin.Service); ok {
-			services = append(services, service)
-		}
-		s.plugins = append(s.plugins, result)
-	}
-	// register services after all plugins have been initialized
-	for _, service := range services {
-		if err := service.Register(rpc); err != nil {
-			return nil, err
-		}
-	}
-	return s, nil
-}
-
-// Server is the containerd main daemon
-type Server struct {
-	rpc     *grpc.Server
-	events  *exchange.Exchange
-	config  *Config
-	plugins []*plugin.Plugin
-}
-
-// ServeGRPC provides the containerd grpc APIs on the provided listener
-func (s *Server) ServeGRPC(l net.Listener) error {
-	if s.config.Metrics.GRPCHistogram {
-		// enable grpc time histograms to measure rpc latencies
-		grpc_prometheus.EnableHandlingTimeHistogram()
-	}
-	// before we start serving the grpc API register the grpc_prometheus metrics
-	// handler.  This needs to be the last service registered so that it can collect
-	// metrics for every other service
-	grpc_prometheus.Register(s.rpc)
-	return trapClosedConnErr(s.rpc.Serve(l))
-}
-
-// ServeMetrics provides a prometheus endpoint for exposing metrics
-func (s *Server) ServeMetrics(l net.Listener) error {
-	m := http.NewServeMux()
-	m.Handle("/v1/metrics", metrics.Handler())
-	return trapClosedConnErr(http.Serve(l, m))
-}
-
-// ServeDebug provides a debug endpoint
-func (s *Server) ServeDebug(l net.Listener) error {
-	// don't use the default http server mux to make sure nothing gets registered
-	// that we don't want to expose via containerd
-	m := http.NewServeMux()
-	m.Handle("/debug/vars", expvar.Handler())
-	m.Handle("/debug/pprof/", http.HandlerFunc(pprof.Index))
-	m.Handle("/debug/pprof/cmdline", http.HandlerFunc(pprof.Cmdline))
-	m.Handle("/debug/pprof/profile", http.HandlerFunc(pprof.Profile))
-	m.Handle("/debug/pprof/symbol", http.HandlerFunc(pprof.Symbol))
-	m.Handle("/debug/pprof/trace", http.HandlerFunc(pprof.Trace))
-	return trapClosedConnErr(http.Serve(l, m))
-}
-
-// Stop the containerd server canceling any open connections
-func (s *Server) Stop() {
-	s.rpc.Stop()
-	for i := len(s.plugins) - 1; i >= 0; i-- {
-		p := s.plugins[i]
-		instance, err := p.Instance()
-		if err != nil {
-			log.L.WithError(err).WithField("id", p.Registration.ID).
-				Errorf("could not get plugin instance")
-			continue
-		}
-		closer, ok := instance.(io.Closer)
-		if !ok {
-			continue
-		}
-		if err := closer.Close(); err != nil {
-			log.L.WithError(err).WithField("id", p.Registration.ID).
-				Errorf("failed to close plugin")
-		}
-	}
-}
-
-// LoadPlugins loads all plugins into containerd and generates an ordered graph
-// of all plugins.
-func LoadPlugins(ctx context.Context, config *Config) ([]*plugin.Registration, error) {
-	// load all plugins into containerd
-	if err := plugin.Load(filepath.Join(config.Root, "plugins")); err != nil {
-		return nil, err
-	}
-	// load additional plugins that don't automatically register themselves
-	plugin.Register(&plugin.Registration{
-		Type: plugin.ContentPlugin,
-		ID:   "content",
-		InitFn: func(ic *plugin.InitContext) (interface{}, error) {
-			ic.Meta.Exports["root"] = ic.Root
-			return local.NewStore(ic.Root)
-		},
-	})
-	plugin.Register(&plugin.Registration{
-		Type: plugin.MetadataPlugin,
-		ID:   "bolt",
-		Requires: []plugin.Type{
-			plugin.ContentPlugin,
-			plugin.SnapshotPlugin,
-		},
-		InitFn: func(ic *plugin.InitContext) (interface{}, error) {
-			if err := os.MkdirAll(ic.Root, 0711); err != nil {
-				return nil, err
-			}
-			cs, err := ic.Get(plugin.ContentPlugin)
-			if err != nil {
-				return nil, err
-			}
-
-			snapshottersRaw, err := ic.GetByType(plugin.SnapshotPlugin)
-			if err != nil {
-				return nil, err
-			}
-
-			snapshotters := make(map[string]snapshots.Snapshotter)
-			for name, sn := range snapshottersRaw {
-				sn, err := sn.Instance()
-				if err != nil {
-					log.G(ic.Context).WithError(err).
-						Warnf("could not use snapshotter %v in metadata plugin", name)
-					continue
-				}
-				snapshotters[name] = sn.(snapshots.Snapshotter)
-			}
-
-			path := filepath.Join(ic.Root, "meta.db")
-			ic.Meta.Exports["path"] = path
-
-			db, err := bolt.Open(path, 0644, nil)
-			if err != nil {
-				return nil, err
-			}
-			mdb := metadata.NewDB(db, cs.(content.Store), snapshotters)
-			if err := mdb.Init(ic.Context); err != nil {
-				return nil, err
-			}
-			return mdb, nil
-		},
-	})
-
-	clients := &proxyClients{}
-	for name, pp := range config.ProxyPlugins {
-		var (
-			t plugin.Type
-			f func(*grpc.ClientConn) interface{}
-
-			address = pp.Address
-		)
-
-		switch pp.Type {
-		case string(plugin.SnapshotPlugin), "snapshot":
-			t = plugin.SnapshotPlugin
-			ssname := name
-			f = func(conn *grpc.ClientConn) interface{} {
-				return ssproxy.NewSnapshotter(ssapi.NewSnapshotsClient(conn), ssname)
-			}
-
-		case string(plugin.ContentPlugin), "content":
-			t = plugin.ContentPlugin
-			f = func(conn *grpc.ClientConn) interface{} {
-				return csproxy.NewContentStore(csapi.NewContentClient(conn))
-			}
-		default:
-			log.G(ctx).WithField("type", pp.Type).Warn("unknown proxy plugin type")
-		}
-
-		plugin.Register(&plugin.Registration{
-			Type: t,
-			ID:   name,
-			InitFn: func(ic *plugin.InitContext) (interface{}, error) {
-				ic.Meta.Exports["address"] = address
-				conn, err := clients.getClient(address)
-				if err != nil {
-					return nil, err
-				}
-				return f(conn), nil
-			},
-		})
-
-	}
-
-	// return the ordered graph for plugins
-	return plugin.Graph(config.DisabledPlugins), nil
-}
-
-type proxyClients struct {
-	m       sync.Mutex
-	clients map[string]*grpc.ClientConn
-}
-
-func (pc *proxyClients) getClient(address string) (*grpc.ClientConn, error) {
-	pc.m.Lock()
-	defer pc.m.Unlock()
-	if pc.clients == nil {
-		pc.clients = map[string]*grpc.ClientConn{}
-	} else if c, ok := pc.clients[address]; ok {
-		return c, nil
-	}
-
-	gopts := []grpc.DialOption{
-		grpc.WithInsecure(),
-		grpc.WithBackoffMaxDelay(3 * time.Second),
-		grpc.WithDialer(dialer.Dialer),
-
-		// TODO(stevvooe): We may need to allow configuration of this on the client.
-		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(defaults.DefaultMaxRecvMsgSize)),
-		grpc.WithDefaultCallOptions(grpc.MaxCallSendMsgSize(defaults.DefaultMaxSendMsgSize)),
-	}
-
-	conn, err := grpc.Dial(dialer.DialAddress(address), gopts...)
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to dial %q", address)
-	}
-
-	pc.clients[address] = conn
-
-	return conn, nil
-}
-
-func trapClosedConnErr(err error) error {
-	if err == nil {
-		return nil
-	}
-	if strings.Contains(err.Error(), "use of closed network connection") {
-		return nil
-	}
-	return err
-}
diff --git a/vendor/github.com/containerd/containerd/services/server/server_linux.go b/vendor/github.com/containerd/containerd/services/server/server_linux.go
deleted file mode 100644
index c45ccd3d5123d..0000000000000
--- a/vendor/github.com/containerd/containerd/services/server/server_linux.go
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package server
-
-import (
-	"context"
-	"os"
-
-	"github.com/containerd/cgroups"
-	"github.com/containerd/containerd/log"
-	"github.com/containerd/containerd/sys"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// apply sets config settings on the server process
-func apply(ctx context.Context, config *Config) error {
-	if config.OOMScore != 0 {
-		log.G(ctx).Debugf("changing OOM score to %d", config.OOMScore)
-		if err := sys.SetOOMScore(os.Getpid(), config.OOMScore); err != nil {
-			log.G(ctx).WithError(err).Errorf("failed to change OOM score to %d", config.OOMScore)
-		}
-	}
-	if config.Cgroup.Path != "" {
-		cg, err := cgroups.Load(cgroups.V1, cgroups.StaticPath(config.Cgroup.Path))
-		if err != nil {
-			if err != cgroups.ErrCgroupDeleted {
-				return err
-			}
-			if cg, err = cgroups.New(cgroups.V1, cgroups.StaticPath(config.Cgroup.Path), &specs.LinuxResources{}); err != nil {
-				return err
-			}
-		}
-		if err := cg.Add(cgroups.Process{
-			Pid: os.Getpid(),
-		}); err != nil {
-			return err
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/containerd/containerd/services/server/server_solaris.go b/vendor/github.com/containerd/containerd/services/server/server_solaris.go
deleted file mode 100644
index 0dbbb9feac5f9..0000000000000
--- a/vendor/github.com/containerd/containerd/services/server/server_solaris.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package server
-
-import "context"
-
-func apply(_ context.Context, _ *Config) error {
-	return nil
-}
diff --git a/vendor/github.com/containerd/containerd/services/server/server_unsupported.go b/vendor/github.com/containerd/containerd/services/server/server_unsupported.go
deleted file mode 100644
index c6211dbb2a829..0000000000000
--- a/vendor/github.com/containerd/containerd/services/server/server_unsupported.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// +build !linux,!windows,!solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package server
-
-import "context"
-
-func apply(_ context.Context, _ *Config) error {
-	return nil
-}
diff --git a/vendor/github.com/containerd/containerd/services/server/server_windows.go b/vendor/github.com/containerd/containerd/services/server/server_windows.go
deleted file mode 100644
index ac0b8481c25d3..0000000000000
--- a/vendor/github.com/containerd/containerd/services/server/server_windows.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// +build windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package server
-
-import (
-	"context"
-)
-
-func apply(_ context.Context, _ *Config) error {
-	return nil
-}
diff --git a/vendor/github.com/containerd/containerd/services/services.go b/vendor/github.com/containerd/containerd/services/services.go
new file mode 100644
index 0000000000000..27f47a5cef4e2
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/services/services.go
@@ -0,0 +1,38 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package services
+
+const (
+	// ContentService is id of content service.
+	ContentService = "content-service"
+	// SnapshotsService is id of snapshots service.
+	SnapshotsService = "snapshots-service"
+	// ImagesService is id of images service.
+	ImagesService = "images-service"
+	// ContainersService is id of containers service.
+	ContainersService = "containers-service"
+	// TasksService is id of tasks service.
+	TasksService = "tasks-service"
+	// NamespacesService is id of namespaces service.
+	NamespacesService = "namespaces-service"
+	// LeasesService is id of leases service.
+	LeasesService = "leases-service"
+	// DiffService is id of diff service.
+	DiffService = "diff-service"
+	// IntrospectionService is the id of introspection service
+	IntrospectionService = "introspection-service"
+)
diff --git a/vendor/github.com/containerd/containerd/signal_map_linux.go b/vendor/github.com/containerd/containerd/signal_map_linux.go
deleted file mode 100644
index 554011074c092..0000000000000
--- a/vendor/github.com/containerd/containerd/signal_map_linux.go
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package containerd
-
-import (
-	"syscall"
-
-	"golang.org/x/sys/unix"
-)
-
-var signalMap = map[string]syscall.Signal{
-	"ABRT":   unix.SIGABRT,
-	"ALRM":   unix.SIGALRM,
-	"BUS":    unix.SIGBUS,
-	"CHLD":   unix.SIGCHLD,
-	"CLD":    unix.SIGCLD,
-	"CONT":   unix.SIGCONT,
-	"FPE":    unix.SIGFPE,
-	"HUP":    unix.SIGHUP,
-	"ILL":    unix.SIGILL,
-	"INT":    unix.SIGINT,
-	"IO":     unix.SIGIO,
-	"IOT":    unix.SIGIOT,
-	"KILL":   unix.SIGKILL,
-	"PIPE":   unix.SIGPIPE,
-	"POLL":   unix.SIGPOLL,
-	"PROF":   unix.SIGPROF,
-	"PWR":    unix.SIGPWR,
-	"QUIT":   unix.SIGQUIT,
-	"SEGV":   unix.SIGSEGV,
-	"STKFLT": unix.SIGSTKFLT,
-	"STOP":   unix.SIGSTOP,
-	"SYS":    unix.SIGSYS,
-	"TERM":   unix.SIGTERM,
-	"TRAP":   unix.SIGTRAP,
-	"TSTP":   unix.SIGTSTP,
-	"TTIN":   unix.SIGTTIN,
-	"TTOU":   unix.SIGTTOU,
-	"URG":    unix.SIGURG,
-	"USR1":   unix.SIGUSR1,
-	"USR2":   unix.SIGUSR2,
-	"VTALRM": unix.SIGVTALRM,
-	"WINCH":  unix.SIGWINCH,
-	"XCPU":   unix.SIGXCPU,
-	"XFSZ":   unix.SIGXFSZ,
-}
diff --git a/vendor/github.com/containerd/containerd/signal_map_unix.go b/vendor/github.com/containerd/containerd/signal_map_unix.go
deleted file mode 100644
index 62ccba9ace330..0000000000000
--- a/vendor/github.com/containerd/containerd/signal_map_unix.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// +build darwin freebsd solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package containerd
-
-import (
-	"syscall"
-
-	"golang.org/x/sys/unix"
-)
-
-var signalMap = map[string]syscall.Signal{
-	"ABRT":   unix.SIGABRT,
-	"ALRM":   unix.SIGALRM,
-	"BUS":    unix.SIGBUS,
-	"CHLD":   unix.SIGCHLD,
-	"CONT":   unix.SIGCONT,
-	"FPE":    unix.SIGFPE,
-	"HUP":    unix.SIGHUP,
-	"ILL":    unix.SIGILL,
-	"INT":    unix.SIGINT,
-	"IO":     unix.SIGIO,
-	"IOT":    unix.SIGIOT,
-	"KILL":   unix.SIGKILL,
-	"PIPE":   unix.SIGPIPE,
-	"PROF":   unix.SIGPROF,
-	"QUIT":   unix.SIGQUIT,
-	"SEGV":   unix.SIGSEGV,
-	"STOP":   unix.SIGSTOP,
-	"SYS":    unix.SIGSYS,
-	"TERM":   unix.SIGTERM,
-	"TRAP":   unix.SIGTRAP,
-	"TSTP":   unix.SIGTSTP,
-	"TTIN":   unix.SIGTTIN,
-	"TTOU":   unix.SIGTTOU,
-	"URG":    unix.SIGURG,
-	"USR1":   unix.SIGUSR1,
-	"USR2":   unix.SIGUSR2,
-	"VTALRM": unix.SIGVTALRM,
-	"WINCH":  unix.SIGWINCH,
-	"XCPU":   unix.SIGXCPU,
-	"XFSZ":   unix.SIGXFSZ,
-}
diff --git a/vendor/github.com/containerd/containerd/signal_map_windows.go b/vendor/github.com/containerd/containerd/signal_map_windows.go
deleted file mode 100644
index ef17a8fdb1698..0000000000000
--- a/vendor/github.com/containerd/containerd/signal_map_windows.go
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package containerd
-
-import (
-	"syscall"
-
-	"golang.org/x/sys/windows"
-)
-
-var signalMap = map[string]syscall.Signal{
-	"HUP":    syscall.Signal(windows.SIGHUP),
-	"INT":    syscall.Signal(windows.SIGINT),
-	"QUIT":   syscall.Signal(windows.SIGQUIT),
-	"SIGILL": syscall.Signal(windows.SIGILL),
-	"TRAP":   syscall.Signal(windows.SIGTRAP),
-	"ABRT":   syscall.Signal(windows.SIGABRT),
-	"BUS":    syscall.Signal(windows.SIGBUS),
-	"FPE":    syscall.Signal(windows.SIGFPE),
-	"KILL":   syscall.Signal(windows.SIGKILL),
-	"SEGV":   syscall.Signal(windows.SIGSEGV),
-	"PIPE":   syscall.Signal(windows.SIGPIPE),
-	"ALRM":   syscall.Signal(windows.SIGALRM),
-	"TERM":   syscall.Signal(windows.SIGTERM),
-}
diff --git a/vendor/github.com/containerd/containerd/signals.go b/vendor/github.com/containerd/containerd/signals.go
index 32c34309de113..ca64ecd02121f 100644
--- a/vendor/github.com/containerd/containerd/signals.go
+++ b/vendor/github.com/containerd/containerd/signals.go
@@ -20,13 +20,11 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"strconv"
-	"strings"
 	"syscall"
 
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/images"
-	"github.com/opencontainers/image-spec/specs-go/v1"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // StopSignalLabel is a well-known containerd label for storing the stop
@@ -83,23 +81,3 @@ func GetOCIStopSignal(ctx context.Context, image Image, defaultSignal string) (s
 
 	return config.StopSignal, nil
 }
-
-// ParseSignal parses a given string into a syscall.Signal
-// it checks that the signal exists in the platform-appropriate signalMap
-func ParseSignal(rawSignal string) (syscall.Signal, error) {
-	s, err := strconv.Atoi(rawSignal)
-	if err == nil {
-		sig := syscall.Signal(s)
-		for _, msig := range signalMap {
-			if sig == msig {
-				return sig, nil
-			}
-		}
-		return -1, fmt.Errorf("unknown signal %q", rawSignal)
-	}
-	signal, ok := signalMap[strings.TrimPrefix(strings.ToUpper(rawSignal), "SIG")]
-	if !ok {
-		return -1, fmt.Errorf("unknown signal %q", rawSignal)
-	}
-	return signal, nil
-}
diff --git a/vendor/github.com/containerd/containerd/signals_unix.go b/vendor/github.com/containerd/containerd/signals_unix.go
new file mode 100644
index 0000000000000..14916a9ff3a5c
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/signals_unix.go
@@ -0,0 +1,43 @@
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+// ParseSignal parses a given string into a syscall.Signal
+// the rawSignal can be a string with "SIG" prefix,
+// or a signal number in string format.
+func ParseSignal(rawSignal string) (syscall.Signal, error) {
+	s, err := strconv.Atoi(rawSignal)
+	if err == nil {
+		return syscall.Signal(s), nil
+	}
+	signal := unix.SignalNum(strings.ToUpper(rawSignal))
+	if signal == 0 {
+		return -1, fmt.Errorf("unknown signal %q", rawSignal)
+	}
+	return signal, nil
+}
diff --git a/vendor/github.com/containerd/containerd/signals_windows.go b/vendor/github.com/containerd/containerd/signals_windows.go
new file mode 100644
index 0000000000000..0018e191ed6a5
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/signals_windows.go
@@ -0,0 +1,63 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"syscall"
+
+	"golang.org/x/sys/windows"
+)
+
+var signalMap = map[string]syscall.Signal{
+	"HUP":    syscall.Signal(windows.SIGHUP),
+	"INT":    syscall.Signal(windows.SIGINT),
+	"QUIT":   syscall.Signal(windows.SIGQUIT),
+	"SIGILL": syscall.Signal(windows.SIGILL),
+	"TRAP":   syscall.Signal(windows.SIGTRAP),
+	"ABRT":   syscall.Signal(windows.SIGABRT),
+	"BUS":    syscall.Signal(windows.SIGBUS),
+	"FPE":    syscall.Signal(windows.SIGFPE),
+	"KILL":   syscall.Signal(windows.SIGKILL),
+	"SEGV":   syscall.Signal(windows.SIGSEGV),
+	"PIPE":   syscall.Signal(windows.SIGPIPE),
+	"ALRM":   syscall.Signal(windows.SIGALRM),
+	"TERM":   syscall.Signal(windows.SIGTERM),
+}
+
+// ParseSignal parses a given string into a syscall.Signal
+// the rawSignal can be a string with "SIG" prefix,
+// or a signal number in string format.
+func ParseSignal(rawSignal string) (syscall.Signal, error) {
+	s, err := strconv.Atoi(rawSignal)
+	if err == nil {
+		sig := syscall.Signal(s)
+		for _, msig := range signalMap {
+			if sig == msig {
+				return sig, nil
+			}
+		}
+		return -1, fmt.Errorf("unknown signal %q", rawSignal)
+	}
+	signal, ok := signalMap[strings.TrimPrefix(strings.ToUpper(rawSignal), "SIG")]
+	if !ok {
+		return -1, fmt.Errorf("unknown signal %q", rawSignal)
+	}
+	return signal, nil
+}
diff --git a/vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go b/vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go
index 1e8c2634c0870..00c320c60872b 100644
--- a/vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go
+++ b/vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go
@@ -153,9 +153,10 @@ func (p *proxySnapshotter) Remove(ctx context.Context, key string) error {
 	return errdefs.FromGRPC(err)
 }
 
-func (p *proxySnapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
+func (p *proxySnapshotter) Walk(ctx context.Context, fn snapshots.WalkFunc, fs ...string) error {
 	sc, err := p.client.List(ctx, &snapshotsapi.ListSnapshotsRequest{
 		Snapshotter: p.snapshotterName,
+		Filters:     fs,
 	})
 	if err != nil {
 		return errdefs.FromGRPC(err)
@@ -183,6 +184,13 @@ func (p *proxySnapshotter) Close() error {
 	return nil
 }
 
+func (p *proxySnapshotter) Cleanup(ctx context.Context) error {
+	_, err := p.client.Cleanup(ctx, &snapshotsapi.CleanupRequest{
+		Snapshotter: p.snapshotterName,
+	})
+	return errdefs.FromGRPC(err)
+}
+
 func toKind(kind snapshotsapi.Kind) snapshots.Kind {
 	if kind == snapshotsapi.KindActive {
 		return snapshots.KindActive
diff --git a/vendor/github.com/containerd/containerd/snapshots/snapshotter.go b/vendor/github.com/containerd/containerd/snapshots/snapshotter.go
index d11252d1e35b5..8b0ea85e65b55 100644
--- a/vendor/github.com/containerd/containerd/snapshots/snapshotter.go
+++ b/vendor/github.com/containerd/containerd/snapshots/snapshotter.go
@@ -25,6 +25,16 @@ import (
 	"github.com/containerd/containerd/mount"
 )
 
+const (
+	// UnpackKeyPrefix is the beginning of the key format used for snapshots that will have
+	// image content unpacked into them.
+	UnpackKeyPrefix = "extract"
+	// UnpackKeyFormat is the format for the snapshotter keys used for extraction
+	UnpackKeyFormat       = UnpackKeyPrefix + "-%s %s"
+	inheritedLabelsPrefix = "containerd.io/snapshot/"
+	labelSnapshotRef      = "containerd.io/snapshot.ref"
+)
+
 // Kind identifies the kind of snapshot.
 type Kind uint8
 
@@ -86,10 +96,15 @@ func (k *Kind) UnmarshalJSON(b []byte) error {
 // Info provides information about a particular snapshot.
 // JSON marshallability is supported for interactive with tools like ctr,
 type Info struct {
-	Kind    Kind              // active or committed snapshot
-	Name    string            // name or key of snapshot
-	Parent  string            `json:",omitempty"` // name of parent snapshot
-	Labels  map[string]string `json:",omitempty"` // Labels for snapshot
+	Kind   Kind   // active or committed snapshot
+	Name   string // name or key of snapshot
+	Parent string `json:",omitempty"` // name of parent snapshot
+
+	// Labels for a snapshot.
+	//
+	// Note: only labels prefixed with `containerd.io/snapshot/` will be inherited by the
+	// snapshotter's `Prepare`, `View`, or `Commit` calls.
+	Labels  map[string]string `json:",omitempty"`
 	Created time.Time         `json:",omitempty"` // Created time
 	Updated time.Time         `json:",omitempty"` // Last update time
 }
@@ -113,6 +128,9 @@ func (u *Usage) Add(other Usage) {
 	u.Inodes += other.Inodes
 }
 
+// WalkFunc defines the callback for a snapshot walk.
+type WalkFunc func(context.Context, Info) error
+
 // Snapshotter defines the methods required to implement a snapshot snapshotter for
 // allocating, snapshotting and mounting filesystem changesets. The model works
 // by building up sets of changes with parent-child relationships.
@@ -160,9 +178,13 @@ func (u *Usage) Add(other Usage) {
 //	layerPath, tmpDir := getLayerPath(), mkTmpDir() // just a path to layer tar file.
 //
 // We start by using a Snapshotter to Prepare a new snapshot transaction, using a
-// key and descending from the empty parent "":
+// key and descending from the empty parent "". To prevent our layer from being
+// garbage collected during unpacking, we add the `containerd.io/gc.root` label:
 //
-//	mounts, err := snapshotter.Prepare(ctx, key, "")
+//	noGcOpt := snapshots.WithLabels(map[string]string{
+//		"containerd.io/gc.root": time.Now().UTC().Format(time.RFC3339),
+//	})
+//	mounts, err := snapshotter.Prepare(ctx, key, "", noGcOpt)
 // 	if err != nil { ... }
 //
 // We get back a list of mounts from Snapshotter.Prepare, with the key identifying
@@ -191,15 +213,13 @@ func (u *Usage) Add(other Usage) {
 //
 // Now that we've verified and unpacked our layer, we commit the active
 // snapshot to a name. For this example, we are just going to use the layer
-// digest, but in practice, this will probably be the ChainID:
+// digest, but in practice, this will probably be the ChainID. This also removes
+// the active snapshot:
 //
-//	if err := snapshotter.Commit(ctx, digest.String(), key); err != nil { ... }
+//	if err := snapshotter.Commit(ctx, digest.String(), key, noGcOpt); err != nil { ... }
 //
 // Now, we have a layer in the Snapshotter that can be accessed with the digest
-// provided during commit. Once you have committed the snapshot, the active
-// snapshot can be removed with the following:
-//
-// 	snapshotter.Remove(ctx, key)
+// provided during commit.
 //
 // Importing the Next Layer
 //
@@ -207,7 +227,7 @@ func (u *Usage) Add(other Usage) {
 // above except that the parent is provided as parent when calling
 // Manager.Prepare, assuming a clean, unique key identifier:
 //
-// 	mounts, err := snapshotter.Prepare(ctx, key, parentDigest)
+// 	mounts, err := snapshotter.Prepare(ctx, key, parentDigest, noGcOpt)
 //
 // We then mount, apply and commit, as we did above. The new snapshot will be
 // based on the content of the previous one.
@@ -307,9 +327,15 @@ type Snapshotter interface {
 	// removed before proceeding.
 	Remove(ctx context.Context, key string) error
 
-	// Walk all snapshots in the snapshotter. For each snapshot in the
-	// snapshotter, the function will be called.
-	Walk(ctx context.Context, fn func(context.Context, Info) error) error
+	// Walk will call the provided function for each snapshot in the
+	// snapshotter which match the provided filters. If no filters are
+	// given all items will be walked.
+	// Filters:
+	//  name
+	//  parent
+	//  kind (active,view,committed)
+	//  labels.(label)
+	Walk(ctx context.Context, fn WalkFunc, filters ...string) error
 
 	// Close releases the internal resources.
 	//
@@ -320,13 +346,48 @@ type Snapshotter interface {
 	Close() error
 }
 
+// Cleaner defines a type capable of performing asynchronous resource cleanup.
+// The Cleaner interface should be used by snapshotters which implement fast
+// removal and deferred resource cleanup. This prevents snapshots from needing
+// to perform lengthy resource cleanup before acknowledging a snapshot key
+// has been removed and available for re-use. This is also useful when
+// performing multi-key removal with the intent of cleaning up all the
+// resources after each snapshot key has been removed.
+type Cleaner interface {
+	Cleanup(ctx context.Context) error
+}
+
 // Opt allows setting mutable snapshot properties on creation
 type Opt func(info *Info) error
 
-// WithLabels adds labels to a created snapshot
+// WithLabels appends labels to a created snapshot
 func WithLabels(labels map[string]string) Opt {
 	return func(info *Info) error {
-		info.Labels = labels
+		if info.Labels == nil {
+			info.Labels = make(map[string]string)
+		}
+
+		for k, v := range labels {
+			info.Labels[k] = v
+		}
+
+		return nil
+	}
+}
+
+// FilterInheritedLabels filters the provided labels by removing any key which
+// isn't a snapshot label. Snapshot labels have a prefix of "containerd.io/snapshot/"
+// or are the "containerd.io/snapshot.ref" label.
+func FilterInheritedLabels(labels map[string]string) map[string]string {
+	if labels == nil {
 		return nil
 	}
+
+	filtered := make(map[string]string)
+	for k, v := range labels {
+		if k == labelSnapshotRef || strings.HasPrefix(k, inheritedLabelsPrefix) {
+			filtered[k] = v
+		}
+	}
+	return filtered
 }
diff --git a/vendor/github.com/containerd/containerd/snapshotter_opts_unix.go b/vendor/github.com/containerd/containerd/snapshotter_opts_unix.go
new file mode 100644
index 0000000000000..1964379d49197
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/snapshotter_opts_unix.go
@@ -0,0 +1,35 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"fmt"
+
+	"github.com/containerd/containerd/snapshots"
+)
+
+// WithRemapperLabels creates the labels used by any supporting snapshotter
+// to shift the filesystem ownership (user namespace mapping) automatically; currently
+// supported by the fuse-overlayfs snapshotter
+func WithRemapperLabels(ctrUID, hostUID, ctrGID, hostGID, length uint32) snapshots.Opt {
+	return snapshots.WithLabels(map[string]string{
+		"containerd.io/snapshot/uidmapping": fmt.Sprintf("%d:%d:%d", ctrUID, hostUID, length),
+		"containerd.io/snapshot/gidmapping": fmt.Sprintf("%d:%d:%d", ctrGID, hostGID, length),
+	})
+}
diff --git a/vendor/github.com/containerd/containerd/sys/env.go b/vendor/github.com/containerd/containerd/sys/env.go
deleted file mode 100644
index 8450d627582d4..0000000000000
--- a/vendor/github.com/containerd/containerd/sys/env.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package sys
-
-import "golang.org/x/sys/unix"
-
-// RunningPrivileged returns true if the effective user ID of the
-// calling process is 0
-func RunningPrivileged() bool {
-	return unix.Geteuid() == 0
-}
-
-// RunningUnprivileged returns true if the effective user ID of the
-// calling process is not 0
-func RunningUnprivileged() bool {
-	return !RunningPrivileged()
-}
diff --git a/vendor/github.com/containerd/containerd/sys/epoll.go b/vendor/github.com/containerd/containerd/sys/epoll.go
index 683f38eea86ab..28d6c2cabc64f 100644
--- a/vendor/github.com/containerd/containerd/sys/epoll.go
+++ b/vendor/github.com/containerd/containerd/sys/epoll.go
@@ -20,17 +20,14 @@ package sys
 
 import "golang.org/x/sys/unix"
 
-// EpollCreate1 directly calls unix.EpollCreate1
-func EpollCreate1(flag int) (int, error) {
-	return unix.EpollCreate1(flag)
-}
-
-// EpollCtl directly calls unix.EpollCtl
-func EpollCtl(epfd int, op int, fd int, event *unix.EpollEvent) error {
-	return unix.EpollCtl(epfd, op, fd, event)
-}
-
-// EpollWait directly calls unix.EpollWait
-func EpollWait(epfd int, events []unix.EpollEvent, msec int) (int, error) {
-	return unix.EpollWait(epfd, events, msec)
-}
+// EpollCreate1 is an alias for unix.EpollCreate1
+// Deprecated: use golang.org/x/sys/unix.EpollCreate1
+var EpollCreate1 = unix.EpollCreate1
+
+// EpollCtl is an alias for unix.EpollCtl
+// Deprecated: use golang.org/x/sys/unix.EpollCtl
+var EpollCtl = unix.EpollCtl
+
+// EpollWait is an alias for unix.EpollWait
+// Deprecated: use golang.org/x/sys/unix.EpollWait
+var EpollWait = unix.EpollWait
diff --git a/vendor/github.com/containerd/containerd/sys/filesys_unix.go b/vendor/github.com/containerd/containerd/sys/filesys_unix.go
index 700f44efa9b49..d8329af9fbcac 100644
--- a/vendor/github.com/containerd/containerd/sys/filesys_unix.go
+++ b/vendor/github.com/containerd/containerd/sys/filesys_unix.go
@@ -24,3 +24,8 @@ import "os"
 func ForceRemoveAll(path string) error {
 	return os.RemoveAll(path)
 }
+
+// MkdirAllWithACL is a wrapper for os.MkdirAll on Unix systems.
+func MkdirAllWithACL(path string, perm os.FileMode) error {
+	return os.MkdirAll(path, perm)
+}
diff --git a/vendor/github.com/containerd/containerd/sys/filesys_windows.go b/vendor/github.com/containerd/containerd/sys/filesys_windows.go
index dc880c3427b67..a9198ef399aa9 100644
--- a/vendor/github.com/containerd/containerd/sys/filesys_windows.go
+++ b/vendor/github.com/containerd/containerd/sys/filesys_windows.go
@@ -22,12 +22,20 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"sort"
+	"strconv"
 	"strings"
 	"syscall"
 	"unsafe"
 
-	winio "github.com/Microsoft/go-winio"
 	"github.com/Microsoft/hcsshim"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/windows"
+)
+
+const (
+	// SddlAdministratorsLocalSystem is local administrators plus NT AUTHORITY\System
+	SddlAdministratorsLocalSystem = "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
 )
 
 // MkdirAllWithACL is a wrapper for MkdirAll that creates a directory
@@ -36,7 +44,8 @@ func MkdirAllWithACL(path string, perm os.FileMode) error {
 	return mkdirall(path, true)
 }
 
-// MkdirAll implementation that is volume path aware for Windows.
+// MkdirAll implementation that is volume path aware for Windows. It can be used
+// as a drop-in replacement for os.MkdirAll()
 func MkdirAll(path string, _ os.FileMode) error {
 	return mkdirall(path, false)
 }
@@ -78,7 +87,7 @@ func mkdirall(path string, adminAndLocalSystem bool) error {
 
 	if j > 1 {
 		// Create parent
-		err = mkdirall(path[0:j-1], false)
+		err = mkdirall(path[0:j-1], adminAndLocalSystem)
 		if err != nil {
 			return err
 		}
@@ -106,27 +115,26 @@ func mkdirall(path string, adminAndLocalSystem bool) error {
 // mkdirWithACL creates a new directory. If there is an error, it will be of
 // type *PathError. .
 //
-// This is a modified and combined version of os.Mkdir and syscall.Mkdir
+// This is a modified and combined version of os.Mkdir and windows.Mkdir
 // in golang to cater for creating a directory am ACL permitting full
 // access, with inheritance, to any subfolder/file for Built-in Administrators
 // and Local System.
 func mkdirWithACL(name string) error {
-	sa := syscall.SecurityAttributes{Length: 0}
-	sddl := "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
-	sd, err := winio.SddlToSecurityDescriptor(sddl)
+	sa := windows.SecurityAttributes{Length: 0}
+	sd, err := windows.SecurityDescriptorFromString(SddlAdministratorsLocalSystem)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 
-	namep, err := syscall.UTF16PtrFromString(name)
+	namep, err := windows.UTF16PtrFromString(name)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 
-	e := syscall.CreateDirectory(namep, &sa)
+	e := windows.CreateDirectory(namep, &sa)
 	if e != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: e}
 	}
@@ -149,7 +157,7 @@ func IsAbs(path string) bool {
 	return true
 }
 
-// The origin of the functions below here are the golang OS and syscall packages,
+// The origin of the functions below here are the golang OS and windows packages,
 // slightly modified to only cope with files, not directories due to the
 // specific use case.
 //
@@ -181,83 +189,142 @@ func OpenFileSequential(name string, flag int, _ os.FileMode) (*os.File, error)
 	if name == "" {
 		return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT}
 	}
-	r, errf := syscallOpenFileSequential(name, flag, 0)
+	r, errf := windowsOpenFileSequential(name, flag, 0)
 	if errf == nil {
 		return r, nil
 	}
 	return nil, &os.PathError{Op: "open", Path: name, Err: errf}
 }
 
-func syscallOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
-	r, e := syscallOpenSequential(name, flag|syscall.O_CLOEXEC, 0)
+func windowsOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
+	r, e := windowsOpenSequential(name, flag|windows.O_CLOEXEC, 0)
 	if e != nil {
 		return nil, e
 	}
 	return os.NewFile(uintptr(r), name), nil
 }
 
-func makeInheritSa() *syscall.SecurityAttributes {
-	var sa syscall.SecurityAttributes
+func makeInheritSa() *windows.SecurityAttributes {
+	var sa windows.SecurityAttributes
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
 	return &sa
 }
 
-func syscallOpenSequential(path string, mode int, _ uint32) (fd syscall.Handle, err error) {
+func windowsOpenSequential(path string, mode int, _ uint32) (fd windows.Handle, err error) {
 	if len(path) == 0 {
-		return syscall.InvalidHandle, syscall.ERROR_FILE_NOT_FOUND
+		return windows.InvalidHandle, windows.ERROR_FILE_NOT_FOUND
 	}
-	pathp, err := syscall.UTF16PtrFromString(path)
+	pathp, err := windows.UTF16PtrFromString(path)
 	if err != nil {
-		return syscall.InvalidHandle, err
+		return windows.InvalidHandle, err
 	}
 	var access uint32
-	switch mode & (syscall.O_RDONLY | syscall.O_WRONLY | syscall.O_RDWR) {
-	case syscall.O_RDONLY:
-		access = syscall.GENERIC_READ
-	case syscall.O_WRONLY:
-		access = syscall.GENERIC_WRITE
-	case syscall.O_RDWR:
-		access = syscall.GENERIC_READ | syscall.GENERIC_WRITE
+	switch mode & (windows.O_RDONLY | windows.O_WRONLY | windows.O_RDWR) {
+	case windows.O_RDONLY:
+		access = windows.GENERIC_READ
+	case windows.O_WRONLY:
+		access = windows.GENERIC_WRITE
+	case windows.O_RDWR:
+		access = windows.GENERIC_READ | windows.GENERIC_WRITE
 	}
-	if mode&syscall.O_CREAT != 0 {
-		access |= syscall.GENERIC_WRITE
+	if mode&windows.O_CREAT != 0 {
+		access |= windows.GENERIC_WRITE
 	}
-	if mode&syscall.O_APPEND != 0 {
-		access &^= syscall.GENERIC_WRITE
-		access |= syscall.FILE_APPEND_DATA
+	if mode&windows.O_APPEND != 0 {
+		access &^= windows.GENERIC_WRITE
+		access |= windows.FILE_APPEND_DATA
 	}
-	sharemode := uint32(syscall.FILE_SHARE_READ | syscall.FILE_SHARE_WRITE)
-	var sa *syscall.SecurityAttributes
-	if mode&syscall.O_CLOEXEC == 0 {
+	sharemode := uint32(windows.FILE_SHARE_READ | windows.FILE_SHARE_WRITE)
+	var sa *windows.SecurityAttributes
+	if mode&windows.O_CLOEXEC == 0 {
 		sa = makeInheritSa()
 	}
 	var createmode uint32
 	switch {
-	case mode&(syscall.O_CREAT|syscall.O_EXCL) == (syscall.O_CREAT | syscall.O_EXCL):
-		createmode = syscall.CREATE_NEW
-	case mode&(syscall.O_CREAT|syscall.O_TRUNC) == (syscall.O_CREAT | syscall.O_TRUNC):
-		createmode = syscall.CREATE_ALWAYS
-	case mode&syscall.O_CREAT == syscall.O_CREAT:
-		createmode = syscall.OPEN_ALWAYS
-	case mode&syscall.O_TRUNC == syscall.O_TRUNC:
-		createmode = syscall.TRUNCATE_EXISTING
+	case mode&(windows.O_CREAT|windows.O_EXCL) == (windows.O_CREAT | windows.O_EXCL):
+		createmode = windows.CREATE_NEW
+	case mode&(windows.O_CREAT|windows.O_TRUNC) == (windows.O_CREAT | windows.O_TRUNC):
+		createmode = windows.CREATE_ALWAYS
+	case mode&windows.O_CREAT == windows.O_CREAT:
+		createmode = windows.OPEN_ALWAYS
+	case mode&windows.O_TRUNC == windows.O_TRUNC:
+		createmode = windows.TRUNCATE_EXISTING
 	default:
-		createmode = syscall.OPEN_EXISTING
+		createmode = windows.OPEN_EXISTING
 	}
 	// Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang.
-	//https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
+	// https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
 	const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
-	h, e := syscall.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
+	h, e := windows.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
 	return h, e
 }
 
-// ForceRemoveAll is the same as os.RemoveAll, but uses hcsshim.DestroyLayer in order
-// to delete container layers.
+// ForceRemoveAll is the same as os.RemoveAll, but is aware of io.containerd.snapshotter.v1.windows
+// and uses hcsshim to unmount and delete container layers contained therein, in the correct order,
+// when passed a containerd root data directory (i.e. the `--root` directory for containerd).
 func ForceRemoveAll(path string) error {
+	// snapshots/windows/windows.go init()
+	const snapshotPlugin = "io.containerd.snapshotter.v1" + "." + "windows"
+	// snapshots/windows/windows.go NewSnapshotter()
+	snapshotDir := filepath.Join(path, snapshotPlugin, "snapshots")
+	if stat, err := os.Stat(snapshotDir); err == nil && stat.IsDir() {
+		if err := cleanupWCOWLayers(snapshotDir); err != nil {
+			return errors.Wrapf(err, "failed to cleanup WCOW layers in %s", snapshotDir)
+		}
+	}
+
+	return os.RemoveAll(path)
+}
+
+func cleanupWCOWLayers(root string) error {
+	// See snapshots/windows/windows.go getSnapshotDir()
+	var layerNums []int
+	if err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
+		if path != root && info.IsDir() {
+			if layerNum, err := strconv.Atoi(filepath.Base(path)); err == nil {
+				layerNums = append(layerNums, layerNum)
+			} else {
+				return err
+			}
+			return filepath.SkipDir
+		}
+
+		return nil
+	}); err != nil {
+		return err
+	}
+
+	sort.Sort(sort.Reverse(sort.IntSlice(layerNums)))
+
+	for _, layerNum := range layerNums {
+		if err := cleanupWCOWLayer(filepath.Join(root, strconv.Itoa(layerNum))); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func cleanupWCOWLayer(layerPath string) error {
 	info := hcsshim.DriverInfo{
-		HomeDir: filepath.Dir(path),
+		HomeDir: filepath.Dir(layerPath),
+	}
+
+	// ERROR_DEV_NOT_EXIST is returned if the layer is not currently prepared.
+	if err := hcsshim.UnprepareLayer(info, filepath.Base(layerPath)); err != nil {
+		if hcserror, ok := err.(*hcsshim.HcsError); !ok || hcserror.Err != windows.ERROR_DEV_NOT_EXIST {
+			return errors.Wrapf(err, "failed to unprepare %s", layerPath)
+		}
+	}
+
+	if err := hcsshim.DeactivateLayer(info, filepath.Base(layerPath)); err != nil {
+		return errors.Wrapf(err, "failed to deactivate %s", layerPath)
 	}
 
-	return hcsshim.DestroyLayer(info, filepath.Base(path))
+	if err := hcsshim.DestroyLayer(info, filepath.Base(layerPath)); err != nil {
+		return errors.Wrapf(err, "failed to destroy %s", layerPath)
+	}
+
+	return nil
 }
diff --git a/vendor/github.com/containerd/containerd/sys/mount_linux.go b/vendor/github.com/containerd/containerd/sys/mount_linux.go
index a9eee9b73ac48..a21045529ae07 100644
--- a/vendor/github.com/containerd/containerd/sys/mount_linux.go
+++ b/vendor/github.com/containerd/containerd/sys/mount_linux.go
@@ -21,6 +21,7 @@ import (
 	"syscall"
 	"unsafe"
 
+	"github.com/containerd/containerd/log"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
@@ -30,9 +31,8 @@ func FMountat(dirfd uintptr, source, target, fstype string, flags uintptr, data
 	var (
 		sourceP, targetP, fstypeP, dataP *byte
 		pid                              uintptr
-		ws                               unix.WaitStatus
 		err                              error
-		errno                            syscall.Errno
+		errno, status                    syscall.Errno
 	)
 
 	sourceP, err = syscall.BytePtrFromString(source)
@@ -60,37 +60,62 @@ func FMountat(dirfd uintptr, source, target, fstype string, flags uintptr, data
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
 
+	var pipefds [2]int
+	if err := syscall.Pipe2(pipefds[:], syscall.O_CLOEXEC); err != nil {
+		return errors.Wrap(err, "failed to open pipe")
+	}
+
+	defer func() {
+		// close both ends of the pipe in a deferred function, since open file
+		// descriptor table is shared with child
+		syscall.Close(pipefds[0])
+		syscall.Close(pipefds[1])
+	}()
+
 	pid, errno = forkAndMountat(dirfd,
 		uintptr(unsafe.Pointer(sourceP)),
 		uintptr(unsafe.Pointer(targetP)),
 		uintptr(unsafe.Pointer(fstypeP)),
 		flags,
-		uintptr(unsafe.Pointer(dataP)))
+		uintptr(unsafe.Pointer(dataP)),
+		pipefds[1],
+	)
 
 	if errno != 0 {
 		return errors.Wrap(errno, "failed to fork thread")
 	}
 
-	_, err = unix.Wait4(int(pid), &ws, 0, nil)
-	for err == syscall.EINTR {
-		_, err = unix.Wait4(int(pid), &ws, 0, nil)
-	}
+	defer func() {
+		_, err := unix.Wait4(int(pid), nil, 0, nil)
+		for err == syscall.EINTR {
+			_, err = unix.Wait4(int(pid), nil, 0, nil)
+		}
 
-	if err != nil {
-		return errors.Wrapf(err, "failed to find pid=%d process", pid)
-	}
+		if err != nil {
+			log.L.WithError(err).Debugf("failed to find pid=%d process", pid)
+		}
+	}()
 
-	errno = syscall.Errno(ws.ExitStatus())
+	_, _, errno = syscall.RawSyscall(syscall.SYS_READ,
+		uintptr(pipefds[0]),
+		uintptr(unsafe.Pointer(&status)),
+		unsafe.Sizeof(status))
 	if errno != 0 {
-		return errors.Wrap(errno, "failed to mount")
+		return errors.Wrap(errno, "failed to read pipe")
 	}
+
+	if status != 0 {
+		return errors.Wrap(status, "failed to mount")
+	}
+
 	return nil
 }
 
 // forkAndMountat will fork thread, change working dir and mount.
 //
 // precondition: the runtime OS thread must be locked.
-func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr) (pid uintptr, errno syscall.Errno) {
+func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr, pipefd int) (pid uintptr, errno syscall.Errno) {
+
 	// block signal during clone
 	beforeFork()
 
@@ -114,6 +139,7 @@ func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr)
 	_, _, errno = syscall.RawSyscall6(syscall.SYS_MOUNT, source, target, fstype, flags, data, 0)
 
 childerr:
+	_, _, errno = syscall.RawSyscall(syscall.SYS_WRITE, uintptr(pipefd), uintptr(unsafe.Pointer(&errno)), unsafe.Sizeof(errno))
 	syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
 	panic("unreachable")
 }
diff --git a/vendor/github.com/containerd/containerd/sys/oom_linux.go b/vendor/github.com/containerd/containerd/sys/oom_linux.go
new file mode 100644
index 0000000000000..82a347c6f727e
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/sys/oom_linux.go
@@ -0,0 +1,83 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package sys
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/containerd/containerd/pkg/userns"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	// OOMScoreAdjMin is from OOM_SCORE_ADJ_MIN https://github.com/torvalds/linux/blob/v5.10/include/uapi/linux/oom.h#L9
+	OOMScoreAdjMin = -1000
+	// OOMScoreAdjMax is from OOM_SCORE_ADJ_MAX https://github.com/torvalds/linux/blob/v5.10/include/uapi/linux/oom.h#L10
+	OOMScoreAdjMax = 1000
+)
+
+// AdjustOOMScore sets the oom score for the provided pid. If the provided score
+// is out of range (-1000 - 1000), it is clipped to the min/max value.
+func AdjustOOMScore(pid, score int) error {
+	if score > OOMScoreAdjMax {
+		score = OOMScoreAdjMax
+	} else if score < OOMScoreAdjMin {
+		score = OOMScoreAdjMin
+	}
+	return SetOOMScore(pid, score)
+}
+
+// SetOOMScore sets the oom score for the provided pid
+func SetOOMScore(pid, score int) error {
+	if score > OOMScoreAdjMax || score < OOMScoreAdjMin {
+		return fmt.Errorf("value out of range (%d): OOM score must be between %d and %d", score, OOMScoreAdjMin, OOMScoreAdjMax)
+	}
+	path := fmt.Sprintf("/proc/%d/oom_score_adj", pid)
+	f, err := os.OpenFile(path, os.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	if _, err = f.WriteString(strconv.Itoa(score)); err != nil {
+		if os.IsPermission(err) && (!runningPrivileged() || userns.RunningInUserNS()) {
+			return nil
+		}
+		return err
+	}
+	return nil
+}
+
+// GetOOMScoreAdj gets the oom score for a process. It returns 0 (zero) if either
+// no oom score is set, or a sore is set to 0.
+func GetOOMScoreAdj(pid int) (int, error) {
+	path := fmt.Sprintf("/proc/%d/oom_score_adj", pid)
+	data, err := ioutil.ReadFile(path)
+	if err != nil {
+		return 0, err
+	}
+	return strconv.Atoi(strings.TrimSpace(string(data)))
+}
+
+// runningPrivileged returns true if the effective user ID of the
+// calling process is 0
+func runningPrivileged() bool {
+	return unix.Geteuid() == 0
+}
diff --git a/vendor/github.com/containerd/containerd/sys/oom_unix.go b/vendor/github.com/containerd/containerd/sys/oom_unix.go
deleted file mode 100644
index 7192efec1cbba..0000000000000
--- a/vendor/github.com/containerd/containerd/sys/oom_unix.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package sys
-
-import (
-	"fmt"
-	"os"
-	"strconv"
-
-	"github.com/opencontainers/runc/libcontainer/system"
-)
-
-// OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer
-const OOMScoreMaxKillable = -999
-
-// SetOOMScore sets the oom score for the provided pid
-func SetOOMScore(pid, score int) error {
-	path := fmt.Sprintf("/proc/%d/oom_score_adj", pid)
-	f, err := os.OpenFile(path, os.O_WRONLY, 0)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	if _, err = f.WriteString(strconv.Itoa(score)); err != nil {
-		if os.IsPermission(err) && (system.RunningInUserNS() || RunningUnprivileged()) {
-			return nil
-		}
-		return err
-	}
-	return nil
-}
diff --git a/vendor/github.com/containerd/containerd/sys/oom_unsupported.go b/vendor/github.com/containerd/containerd/sys/oom_unsupported.go
new file mode 100644
index 0000000000000..f5d7e9786b85e
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/sys/oom_unsupported.go
@@ -0,0 +1,48 @@
+// +build !linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package sys
+
+const (
+	// OOMScoreMaxKillable is not implemented on non Linux
+	OOMScoreMaxKillable = 0
+	// OOMScoreAdjMax is not implemented on non Linux
+	OOMScoreAdjMax = 0
+)
+
+// AdjustOOMScore sets the oom score for the provided pid. If the provided score
+// is out of range (-1000 - 1000), it is clipped to the min/max value.
+//
+// Not implemented on Windows
+func AdjustOOMScore(pid, score int) error {
+	return nil
+}
+
+// SetOOMScore sets the oom score for the process
+//
+// Not implemented on Windows
+func SetOOMScore(pid, score int) error {
+	return nil
+}
+
+// GetOOMScoreAdj gets the oom score for a process
+//
+// Not implemented on Windows
+func GetOOMScoreAdj(pid int) (int, error) {
+	return 0, nil
+}
diff --git a/vendor/github.com/containerd/containerd/sys/oom_windows.go b/vendor/github.com/containerd/containerd/sys/oom_windows.go
deleted file mode 100644
index f44bcebd1e085..0000000000000
--- a/vendor/github.com/containerd/containerd/sys/oom_windows.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package sys
-
-// SetOOMScore sets the oom score for the process
-//
-// Not implemented on Windows
-func SetOOMScore(pid, score int) error {
-	return nil
-}
diff --git a/vendor/github.com/containerd/containerd/sys/proc.go b/vendor/github.com/containerd/containerd/sys/proc.go
deleted file mode 100644
index 496eb1fea19e6..0000000000000
--- a/vendor/github.com/containerd/containerd/sys/proc.go
+++ /dev/null
@@ -1,80 +0,0 @@
-// +build linux
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package sys
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/system"
-)
-
-const nanoSecondsPerSecond = 1e9
-
-var clockTicksPerSecond = uint64(system.GetClockTicks())
-
-// GetSystemCPUUsage returns the host system's cpu usage in
-// nanoseconds. An error is returned if the format of the underlying
-// file does not match.
-//
-// Uses /proc/stat defined by POSIX. Looks for the cpu
-// statistics line and then sums up the first seven fields
-// provided. See `man 5 proc` for details on specific field
-// information.
-func GetSystemCPUUsage() (uint64, error) {
-	var line string
-	f, err := os.Open("/proc/stat")
-	if err != nil {
-		return 0, err
-	}
-	bufReader := bufio.NewReaderSize(nil, 128)
-	defer func() {
-		bufReader.Reset(nil)
-		f.Close()
-	}()
-	bufReader.Reset(f)
-	err = nil
-	for err == nil {
-		line, err = bufReader.ReadString('\n')
-		if err != nil {
-			break
-		}
-		parts := strings.Fields(line)
-		switch parts[0] {
-		case "cpu":
-			if len(parts) < 8 {
-				return 0, fmt.Errorf("bad format of cpu stats")
-			}
-			var totalClockTicks uint64
-			for _, i := range parts[1:8] {
-				v, err := strconv.ParseUint(i, 10, 64)
-				if err != nil {
-					return 0, fmt.Errorf("error parsing cpu stats")
-				}
-				totalClockTicks += v
-			}
-			return (totalClockTicks * nanoSecondsPerSecond) /
-				clockTicksPerSecond, nil
-		}
-	}
-	return 0, fmt.Errorf("bad stats format")
-}
diff --git a/vendor/github.com/containerd/containerd/sys/reaper.go b/vendor/github.com/containerd/containerd/sys/reaper.go
deleted file mode 100644
index d08ccccfbca89..0000000000000
--- a/vendor/github.com/containerd/containerd/sys/reaper.go
+++ /dev/null
@@ -1,69 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package sys
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-// Exit is the wait4 information from an exited process
-type Exit struct {
-	Pid    int
-	Status int
-}
-
-// Reap reaps all child processes for the calling process and returns their
-// exit information
-func Reap(wait bool) (exits []Exit, err error) {
-	var (
-		ws  unix.WaitStatus
-		rus unix.Rusage
-	)
-	flag := unix.WNOHANG
-	if wait {
-		flag = 0
-	}
-	for {
-		pid, err := unix.Wait4(-1, &ws, flag, &rus)
-		if err != nil {
-			if err == unix.ECHILD {
-				return exits, nil
-			}
-			return exits, err
-		}
-		if pid <= 0 {
-			return exits, nil
-		}
-		exits = append(exits, Exit{
-			Pid:    pid,
-			Status: exitStatus(ws),
-		})
-	}
-}
-
-const exitSignalOffset = 128
-
-// exitStatus returns the correct exit status for a process based on if it
-// was signaled or exited cleanly
-func exitStatus(status unix.WaitStatus) int {
-	if status.Signaled() {
-		return exitSignalOffset + int(status.Signal())
-	}
-	return status.ExitStatus()
-}
diff --git a/vendor/github.com/containerd/containerd/sys/reaper/reaper_unix.go b/vendor/github.com/containerd/containerd/sys/reaper/reaper_unix.go
new file mode 100644
index 0000000000000..0033178dfa77a
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/sys/reaper/reaper_unix.go
@@ -0,0 +1,248 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package reaper
+
+import (
+	"os/exec"
+	"sync"
+	"time"
+
+	runc "github.com/containerd/go-runc"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+// ErrNoSuchProcess is returned when the process no longer exists
+var ErrNoSuchProcess = errors.New("no such process")
+
+const bufferSize = 32
+
+type subscriber struct {
+	sync.Mutex
+	c      chan runc.Exit
+	closed bool
+}
+
+func (s *subscriber) close() {
+	s.Lock()
+	if s.closed {
+		s.Unlock()
+		return
+	}
+	close(s.c)
+	s.closed = true
+	s.Unlock()
+}
+
+func (s *subscriber) do(fn func()) {
+	s.Lock()
+	fn()
+	s.Unlock()
+}
+
+// Reap should be called when the process receives an SIGCHLD.  Reap will reap
+// all exited processes and close their wait channels
+func Reap() error {
+	now := time.Now()
+	exits, err := reap(false)
+	for _, e := range exits {
+		done := Default.notify(runc.Exit{
+			Timestamp: now,
+			Pid:       e.Pid,
+			Status:    e.Status,
+		})
+
+		select {
+		case <-done:
+		case <-time.After(1 * time.Second):
+		}
+	}
+	return err
+}
+
+// Default is the default monitor initialized for the package
+var Default = &Monitor{
+	subscribers: make(map[chan runc.Exit]*subscriber),
+}
+
+// Monitor monitors the underlying system for process status changes
+type Monitor struct {
+	sync.Mutex
+
+	subscribers map[chan runc.Exit]*subscriber
+}
+
+// Start starts the command a registers the process with the reaper
+func (m *Monitor) Start(c *exec.Cmd) (chan runc.Exit, error) {
+	ec := m.Subscribe()
+	if err := c.Start(); err != nil {
+		m.Unsubscribe(ec)
+		return nil, err
+	}
+	return ec, nil
+}
+
+// Wait blocks until a process is signal as dead.
+// User should rely on the value of the exit status to determine if the
+// command was successful or not.
+func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) {
+	for e := range ec {
+		if e.Pid == c.Process.Pid {
+			// make sure we flush all IO
+			c.Wait()
+			m.Unsubscribe(ec)
+			return e.Status, nil
+		}
+	}
+	// return no such process if the ec channel is closed and no more exit
+	// events will be sent
+	return -1, ErrNoSuchProcess
+}
+
+// Subscribe to process exit changes
+func (m *Monitor) Subscribe() chan runc.Exit {
+	c := make(chan runc.Exit, bufferSize)
+	m.Lock()
+	m.subscribers[c] = &subscriber{
+		c: c,
+	}
+	m.Unlock()
+	return c
+}
+
+// Unsubscribe to process exit changes
+func (m *Monitor) Unsubscribe(c chan runc.Exit) {
+	m.Lock()
+	s, ok := m.subscribers[c]
+	if !ok {
+		m.Unlock()
+		return
+	}
+	s.close()
+	delete(m.subscribers, c)
+	m.Unlock()
+}
+
+func (m *Monitor) getSubscribers() map[chan runc.Exit]*subscriber {
+	out := make(map[chan runc.Exit]*subscriber)
+	m.Lock()
+	for k, v := range m.subscribers {
+		out[k] = v
+	}
+	m.Unlock()
+	return out
+}
+
+func (m *Monitor) notify(e runc.Exit) chan struct{} {
+	const timeout = 1 * time.Millisecond
+	var (
+		done    = make(chan struct{}, 1)
+		timer   = time.NewTimer(timeout)
+		success = make(map[chan runc.Exit]struct{})
+	)
+	stop(timer, true)
+
+	go func() {
+		defer close(done)
+
+		for {
+			var (
+				failed      int
+				subscribers = m.getSubscribers()
+			)
+			for _, s := range subscribers {
+				s.do(func() {
+					if s.closed {
+						return
+					}
+					if _, ok := success[s.c]; ok {
+						return
+					}
+					timer.Reset(timeout)
+					recv := true
+					select {
+					case s.c <- e:
+						success[s.c] = struct{}{}
+					case <-timer.C:
+						recv = false
+						failed++
+					}
+					stop(timer, recv)
+				})
+			}
+			// all subscribers received the message
+			if failed == 0 {
+				return
+			}
+		}
+	}()
+	return done
+}
+
+func stop(timer *time.Timer, recv bool) {
+	if !timer.Stop() && recv {
+		<-timer.C
+	}
+}
+
+// exit is the wait4 information from an exited process
+type exit struct {
+	Pid    int
+	Status int
+}
+
+// reap reaps all child processes for the calling process and returns their
+// exit information
+func reap(wait bool) (exits []exit, err error) {
+	var (
+		ws  unix.WaitStatus
+		rus unix.Rusage
+	)
+	flag := unix.WNOHANG
+	if wait {
+		flag = 0
+	}
+	for {
+		pid, err := unix.Wait4(-1, &ws, flag, &rus)
+		if err != nil {
+			if err == unix.ECHILD {
+				return exits, nil
+			}
+			return exits, err
+		}
+		if pid <= 0 {
+			return exits, nil
+		}
+		exits = append(exits, exit{
+			Pid:    pid,
+			Status: exitStatus(ws),
+		})
+	}
+}
+
+const exitSignalOffset = 128
+
+// exitStatus returns the correct exit status for a process based on if it
+// was signaled or exited cleanly
+func exitStatus(status unix.WaitStatus) int {
+	if status.Signaled() {
+		return exitSignalOffset + int(status.Signal())
+	}
+	return status.ExitStatus()
+}
diff --git a/vendor/github.com/containerd/containerd/sys/reaper/reaper_utils_linux.go b/vendor/github.com/containerd/containerd/sys/reaper/reaper_utils_linux.go
new file mode 100644
index 0000000000000..cadcdc42c381d
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/sys/reaper/reaper_utils_linux.go
@@ -0,0 +1,39 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package reaper
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// SetSubreaper sets the value i as the subreaper setting for the calling process
+func SetSubreaper(i int) error {
+	return unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0)
+}
+
+// GetSubreaper returns the subreaper setting for the calling process
+func GetSubreaper() (int, error) {
+	var i uintptr
+
+	if err := unix.Prctl(unix.PR_GET_CHILD_SUBREAPER, uintptr(unsafe.Pointer(&i)), 0, 0, 0); err != nil {
+		return -1, err
+	}
+
+	return int(i), nil
+}
diff --git a/vendor/github.com/containerd/containerd/sys/reaper_linux.go b/vendor/github.com/containerd/containerd/sys/reaper_linux.go
deleted file mode 100644
index ecb0bd031ede7..0000000000000
--- a/vendor/github.com/containerd/containerd/sys/reaper_linux.go
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package sys
-
-import (
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-// If arg2 is nonzero, set the "child subreaper" attribute of the
-// calling process; if arg2 is zero, unset the attribute.  When a
-// process is marked as a child subreaper, all of the children
-// that it creates, and their descendants, will be marked as
-// having a subreaper.  In effect, a subreaper fulfills the role
-// of init(1) for its descendant processes.  Upon termination of
-// a process that is orphaned (i.e., its immediate parent has
-// already terminated) and marked as having a subreaper, the
-// nearest still living ancestor subreaper will receive a SIGCHLD
-// signal and be able to wait(2) on the process to discover its
-// termination status.
-const setChildSubreaper = 36
-
-// SetSubreaper sets the value i as the subreaper setting for the calling process
-func SetSubreaper(i int) error {
-	return unix.Prctl(setChildSubreaper, uintptr(i), 0, 0, 0)
-}
-
-// GetSubreaper returns the subreaper setting for the calling process
-func GetSubreaper() (int, error) {
-	var i uintptr
-
-	if err := unix.Prctl(unix.PR_GET_CHILD_SUBREAPER, uintptr(unsafe.Pointer(&i)), 0, 0, 0); err != nil {
-		return -1, err
-	}
-
-	return int(i), nil
-}
diff --git a/vendor/github.com/containerd/containerd/sys/socket_unix.go b/vendor/github.com/containerd/containerd/sys/socket_unix.go
index 90fa55c482f96..b67cc1fa3a71d 100644
--- a/vendor/github.com/containerd/containerd/sys/socket_unix.go
+++ b/vendor/github.com/containerd/containerd/sys/socket_unix.go
@@ -68,11 +68,11 @@ func GetLocalListener(path string, uid, gid int) (net.Listener, error) {
 }
 
 func mkdirAs(path string, uid, gid int) error {
-	if _, err := os.Stat(path); err == nil || !os.IsNotExist(err) {
+	if _, err := os.Stat(path); !os.IsNotExist(err) {
 		return err
 	}
 
-	if err := os.Mkdir(path, 0770); err != nil {
+	if err := os.MkdirAll(path, 0770); err != nil {
 		return err
 	}
 
diff --git a/vendor/github.com/containerd/containerd/sys/stat_bsd.go b/vendor/github.com/containerd/containerd/sys/stat_bsd.go
index b9c95d90d783e..4f03cd6cb0f39 100644
--- a/vendor/github.com/containerd/containerd/sys/stat_bsd.go
+++ b/vendor/github.com/containerd/containerd/sys/stat_bsd.go
@@ -1,4 +1,4 @@
-// +build darwin freebsd
+// +build darwin freebsd netbsd
 
 /*
    Copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/containerd/sys/stat_openbsd.go b/vendor/github.com/containerd/containerd/sys/stat_openbsd.go
new file mode 100644
index 0000000000000..ec3b9df69aa29
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/sys/stat_openbsd.go
@@ -0,0 +1,45 @@
+// +build openbsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package sys
+
+import (
+	"syscall"
+	"time"
+)
+
+// StatAtime returns the Atim
+func StatAtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Atim
+}
+
+// StatCtime returns the Ctim
+func StatCtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Ctim
+}
+
+// StatMtime returns the Mtim
+func StatMtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Mtim
+}
+
+// StatATimeAsTime returns st.Atim as a time.Time
+func StatATimeAsTime(st *syscall.Stat_t) time.Time {
+	// The int64 conversions ensure the line compiles for 32-bit systems as well.
+	return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) // nolint: unconvert
+}
diff --git a/vendor/github.com/containerd/containerd/sys/userns_deprecated.go b/vendor/github.com/containerd/containerd/sys/userns_deprecated.go
new file mode 100644
index 0000000000000..53acf55477e36
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/sys/userns_deprecated.go
@@ -0,0 +1,23 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package sys
+
+import "github.com/containerd/containerd/pkg/userns"
+
+// RunningInUserNS detects whether we are currently running in a user namespace.
+// Deprecated: use github.com/containerd/containerd/pkg/userns.RunningInUserNS instead.
+var RunningInUserNS = userns.RunningInUserNS
diff --git a/vendor/github.com/containerd/containerd/task.go b/vendor/github.com/containerd/containerd/task.go
index 6806e1162081e..4e23fb8616bab 100644
--- a/vendor/github.com/containerd/containerd/task.go
+++ b/vendor/github.com/containerd/containerd/task.go
@@ -35,13 +35,16 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/oci"
 	"github.com/containerd/containerd/plugin"
 	"github.com/containerd/containerd/rootfs"
+	"github.com/containerd/containerd/runtime/linux/runctypes"
+	"github.com/containerd/containerd/runtime/v2/runc/options"
 	"github.com/containerd/typeurl"
 	google_protobuf "github.com/gogo/protobuf/types"
 	digest "github.com/opencontainers/go-digest"
 	is "github.com/opencontainers/image-spec/specs-go"
-	"github.com/opencontainers/image-spec/specs-go/v1"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
@@ -115,6 +118,13 @@ type CheckpointTaskInfo struct {
 	ParentCheckpoint digest.Digest
 	// Options hold runtime specific settings for checkpointing a task
 	Options interface{}
+
+	runtime string
+}
+
+// Runtime name for the container
+func (i *CheckpointTaskInfo) Runtime() string {
+	return i.runtime
 }
 
 // CheckpointTaskOpts allows the caller to set checkpoint options
@@ -129,6 +139,12 @@ type TaskInfo struct {
 	RootFS []mount.Mount
 	// Options hold runtime specific settings for task creation
 	Options interface{}
+	runtime string
+}
+
+// Runtime name for the container
+func (i *TaskInfo) Runtime() string {
+	return i.runtime
 }
 
 // Task is the executable object within containerd
@@ -144,9 +160,11 @@ type Task interface {
 	// Pids returns a list of system specific process ids inside the task
 	Pids(context.Context) ([]ProcessInfo, error)
 	// Checkpoint serializes the runtime and memory information of a task into an
-	// OCI Index that can be push and pulled from a remote resource.
+	// OCI Index that can be pushed and pulled from a remote resource.
 	//
 	// Additional software like CRIU maybe required to checkpoint and restore tasks
+	// NOTE: Checkpoint supports to dump task information to a directory, in this way,
+	// an empty OCI Index will be returned.
 	Checkpoint(context.Context, ...CheckpointTaskOpts) (Image, error)
 	// Update modifies executing tasks with updated settings
 	Update(context.Context, ...UpdateTaskOpts) error
@@ -158,18 +176,26 @@ type Task interface {
 	// For the built in Linux runtime, github.com/containerd/cgroups.Metrics
 	// are returned in protobuf format
 	Metrics(context.Context) (*types.Metric, error)
+	// Spec returns the current OCI specification for the task
+	Spec(context.Context) (*oci.Spec, error)
 }
 
 var _ = (Task)(&task{})
 
 type task struct {
 	client *Client
+	c      Container
 
 	io  cio.IO
 	id  string
 	pid uint32
 }
 
+// Spec returns the current OCI specification for the task
+func (t *task) Spec(ctx context.Context) (*oci.Spec, error) {
+	return t.c.Spec(ctx)
+}
+
 // ID of the task
 func (t *task) ID() string {
 	return t.id
@@ -185,8 +211,10 @@ func (t *task) Start(ctx context.Context) error {
 		ContainerID: t.id,
 	})
 	if err != nil {
-		t.io.Cancel()
-		t.io.Close()
+		if t.io != nil {
+			t.io.Cancel()
+			t.io.Close()
+		}
 		return errdefs.FromGRPC(err)
 	}
 	t.pid = r.Pid
@@ -287,6 +315,7 @@ func (t *task) Delete(ctx context.Context, opts ...ProcessDeleteOpts) (*ExitStat
 		return nil, errors.Wrapf(errdefs.ErrFailedPrecondition, "task must be stopped before deletion: %s", status.Status)
 	}
 	if t.io != nil {
+		t.io.Close()
 		t.io.Cancel()
 		t.io.Wait()
 	}
@@ -387,17 +416,25 @@ func (t *task) Resize(ctx context.Context, w, h uint32) error {
 	return errdefs.FromGRPC(err)
 }
 
+// NOTE: Checkpoint supports to dump task information to a directory, in this way, an empty
+// OCI Index will be returned.
 func (t *task) Checkpoint(ctx context.Context, opts ...CheckpointTaskOpts) (Image, error) {
 	ctx, done, err := t.client.WithLease(ctx)
 	if err != nil {
 		return nil, err
 	}
 	defer done(ctx)
+	cr, err := t.client.ContainerService().Get(ctx, t.id)
+	if err != nil {
+		return nil, err
+	}
 
 	request := &tasks.CheckpointTaskRequest{
 		ContainerID: t.id,
 	}
-	var i CheckpointTaskInfo
+	i := CheckpointTaskInfo{
+		runtime: cr.Runtime.Name,
+	}
 	for _, o := range opts {
 		if err := o(&i); err != nil {
 			return nil, err
@@ -415,15 +452,20 @@ func (t *task) Checkpoint(ctx context.Context, opts ...CheckpointTaskOpts) (Imag
 		}
 		request.Options = any
 	}
-	// make sure we pause it and resume after all other filesystem operations are completed
-	if err := t.Pause(ctx); err != nil {
-		return nil, err
-	}
-	defer t.Resume(ctx)
-	cr, err := t.client.ContainerService().Get(ctx, t.id)
+
+	status, err := t.Status(ctx)
 	if err != nil {
 		return nil, err
 	}
+
+	if status.Status != Paused {
+		// make sure we pause it and resume after all other filesystem operations are completed
+		if err := t.Pause(ctx); err != nil {
+			return nil, err
+		}
+		defer t.Resume(ctx)
+	}
+
 	index := v1.Index{
 		Versioned: is.Versioned{
 			SchemaVersion: 2,
@@ -433,6 +475,12 @@ func (t *task) Checkpoint(ctx context.Context, opts ...CheckpointTaskOpts) (Imag
 	if err := t.checkpointTask(ctx, &index, request); err != nil {
 		return nil, err
 	}
+	// if checkpoint image path passed, jump checkpoint image,
+	// return an empty image
+	if isCheckpointPathExist(cr.Runtime.Name, i.Options) {
+		return NewImage(t.client, images.Image{}), nil
+	}
+
 	if cr.Image != "" {
 		if err := t.checkpointImage(ctx, &index, cr.Image); err != nil {
 			return nil, err
@@ -465,6 +513,8 @@ func (t *task) Checkpoint(ctx context.Context, opts ...CheckpointTaskOpts) (Imag
 type UpdateTaskInfo struct {
 	// Resources updates a tasks resource constraints
 	Resources interface{}
+	// Annotations allows arbitrary and/or experimental resource constraints for task update
+	Annotations map[string]string
 }
 
 // UpdateTaskOpts allows a caller to update task settings
@@ -487,11 +537,17 @@ func (t *task) Update(ctx context.Context, opts ...UpdateTaskOpts) error {
 		}
 		request.Resources = any
 	}
+	if i.Annotations != nil {
+		request.Annotations = i.Annotations
+	}
 	_, err := t.client.TaskService().Update(ctx, request)
 	return errdefs.FromGRPC(err)
 }
 
 func (t *task) LoadProcess(ctx context.Context, id string, ioAttach cio.Attach) (Process, error) {
+	if id == t.id && ioAttach == nil {
+		return t, nil
+	}
 	response, err := t.client.TaskService().Get(ctx, &tasks.GetRequest{
 		ContainerID: t.id,
 		ExecID:      id,
@@ -542,6 +598,7 @@ func (t *task) checkpointTask(ctx context.Context, index *v1.Index, request *tas
 	if err != nil {
 		return errdefs.FromGRPC(err)
 	}
+	// NOTE: response.Descriptors can be an empty slice if checkpoint image is jumped
 	// add the checkpoint descriptors to the index
 	for _, d := range response.Descriptors {
 		index.Manifests = append(index.Manifests, v1.Descriptor{
@@ -552,6 +609,7 @@ func (t *task) checkpointTask(ctx context.Context, index *v1.Index, request *tas
 				OS:           goruntime.GOOS,
 				Architecture: goruntime.GOARCH,
 			},
+			Annotations: d.Annotations,
 		})
 	}
 	return nil
@@ -619,3 +677,24 @@ func writeContent(ctx context.Context, store content.Ingester, mediaType, ref st
 		Size:      size,
 	}, nil
 }
+
+// isCheckpointPathExist only suitable for runc runtime now
+func isCheckpointPathExist(runtime string, v interface{}) bool {
+	if v == nil {
+		return false
+	}
+
+	switch runtime {
+	case plugin.RuntimeRuncV1, plugin.RuntimeRuncV2:
+		if opts, ok := v.(*options.CheckpointOptions); ok && opts.ImagePath != "" {
+			return true
+		}
+
+	case plugin.RuntimeLinuxV1:
+		if opts, ok := v.(*runctypes.CheckpointOptions); ok && opts.ImagePath != "" {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/vendor/github.com/containerd/containerd/task_opts.go b/vendor/github.com/containerd/containerd/task_opts.go
index ce861ea51dde8..e8d99eb512925 100644
--- a/vendor/github.com/containerd/containerd/task_opts.go
+++ b/vendor/github.com/containerd/containerd/task_opts.go
@@ -27,6 +27,8 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/runtime/linux/runctypes"
+	"github.com/containerd/containerd/runtime/v2/runc/options"
 	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
@@ -57,9 +59,10 @@ func WithTaskCheckpoint(im Image) NewTaskOpts {
 		for _, m := range index.Manifests {
 			if m.MediaType == images.MediaTypeContainerd1Checkpoint {
 				info.Checkpoint = &types.Descriptor{
-					MediaType: m.MediaType,
-					Size_:     m.Size,
-					Digest:    m.Digest,
+					MediaType:   m.MediaType,
+					Size_:       m.Size,
+					Digest:      m.Digest,
+					Annotations: m.Annotations,
 				}
 				return nil
 			}
@@ -89,6 +92,58 @@ func WithCheckpointName(name string) CheckpointTaskOpts {
 	}
 }
 
+// WithCheckpointImagePath sets image path for checkpoint option
+func WithCheckpointImagePath(path string) CheckpointTaskOpts {
+	return func(r *CheckpointTaskInfo) error {
+		if CheckRuntime(r.Runtime(), "io.containerd.runc") {
+			if r.Options == nil {
+				r.Options = &options.CheckpointOptions{}
+			}
+			opts, ok := r.Options.(*options.CheckpointOptions)
+			if !ok {
+				return errors.New("invalid v2 shim checkpoint options format")
+			}
+			opts.ImagePath = path
+		} else {
+			if r.Options == nil {
+				r.Options = &runctypes.CheckpointOptions{}
+			}
+			opts, ok := r.Options.(*runctypes.CheckpointOptions)
+			if !ok {
+				return errors.New("invalid v1 shim checkpoint options format")
+			}
+			opts.ImagePath = path
+		}
+		return nil
+	}
+}
+
+// WithRestoreImagePath sets image path for create option
+func WithRestoreImagePath(path string) NewTaskOpts {
+	return func(ctx context.Context, c *Client, ti *TaskInfo) error {
+		if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
+			if ti.Options == nil {
+				ti.Options = &options.Options{}
+			}
+			opts, ok := ti.Options.(*options.Options)
+			if !ok {
+				return errors.New("invalid v2 shim create options format")
+			}
+			opts.CriuImagePath = path
+		} else {
+			if ti.Options == nil {
+				ti.Options = &runctypes.CreateOptions{}
+			}
+			opts, ok := ti.Options.(*runctypes.CreateOptions)
+			if !ok {
+				return errors.New("invalid v1 shim create options format")
+			}
+			opts.CriuImagePath = path
+		}
+		return nil
+	}
+}
+
 // ProcessDeleteOpts allows the caller to set options for the deletion of a task
 type ProcessDeleteOpts func(context.Context, Process) error
 
@@ -154,3 +209,11 @@ func WithResources(resources interface{}) UpdateTaskOpts {
 		return nil
 	}
 }
+
+// WithAnnotations sets the provided annotations for task updates.
+func WithAnnotations(annotations map[string]string) UpdateTaskOpts {
+	return func(ctx context.Context, client *Client, r *UpdateTaskInfo) error {
+		r.Annotations = annotations
+		return nil
+	}
+}
diff --git a/vendor/github.com/containerd/containerd/task_opts_unix.go b/vendor/github.com/containerd/containerd/task_opts_unix.go
index f8652be3bc69d..a710b358fce4d 100644
--- a/vendor/github.com/containerd/containerd/task_opts_unix.go
+++ b/vendor/github.com/containerd/containerd/task_opts_unix.go
@@ -22,36 +22,136 @@ import (
 	"context"
 
 	"github.com/containerd/containerd/runtime/linux/runctypes"
+	"github.com/containerd/containerd/runtime/v2/runc/options"
 	"github.com/pkg/errors"
 )
 
 // WithNoNewKeyring causes tasks not to be created with a new keyring for secret storage.
 // There is an upper limit on the number of keyrings in a linux system
 func WithNoNewKeyring(ctx context.Context, c *Client, ti *TaskInfo) error {
-	if ti.Options == nil {
-		ti.Options = &runctypes.CreateOptions{}
-	}
-	opts, ok := ti.Options.(*runctypes.CreateOptions)
-	if !ok {
-		return errors.New("could not cast TaskInfo Options to CreateOptions")
+	if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
+		if ti.Options == nil {
+			ti.Options = &options.Options{}
+		}
+		opts, ok := ti.Options.(*options.Options)
+		if !ok {
+			return errors.New("invalid v2 shim create options format")
+		}
+		opts.NoNewKeyring = true
+	} else {
+		if ti.Options == nil {
+			ti.Options = &runctypes.CreateOptions{}
+		}
+		opts, ok := ti.Options.(*runctypes.CreateOptions)
+		if !ok {
+			return errors.New("could not cast TaskInfo Options to CreateOptions")
+		}
+		opts.NoNewKeyring = true
 	}
-
-	opts.NoNewKeyring = true
 	return nil
 }
 
 // WithNoPivotRoot instructs the runtime not to you pivot_root
-func WithNoPivotRoot(_ context.Context, _ *Client, info *TaskInfo) error {
-	if info.Options == nil {
-		info.Options = &runctypes.CreateOptions{
-			NoPivotRoot: true,
+func WithNoPivotRoot(_ context.Context, _ *Client, ti *TaskInfo) error {
+	if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
+		if ti.Options == nil {
+			ti.Options = &options.Options{}
+		}
+		opts, ok := ti.Options.(*options.Options)
+		if !ok {
+			return errors.New("invalid v2 shim create options format")
+		}
+		opts.NoPivotRoot = true
+	} else {
+		if ti.Options == nil {
+			ti.Options = &runctypes.CreateOptions{
+				NoPivotRoot: true,
+			}
+			return nil
+		}
+		opts, ok := ti.Options.(*runctypes.CreateOptions)
+		if !ok {
+			return errors.New("invalid options type, expected runctypes.CreateOptions")
+		}
+		opts.NoPivotRoot = true
+	}
+	return nil
+}
+
+// WithShimCgroup sets the existing cgroup for the shim
+func WithShimCgroup(path string) NewTaskOpts {
+	return func(ctx context.Context, c *Client, ti *TaskInfo) error {
+		if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
+			if ti.Options == nil {
+				ti.Options = &options.Options{}
+			}
+			opts, ok := ti.Options.(*options.Options)
+			if !ok {
+				return errors.New("invalid v2 shim create options format")
+			}
+			opts.ShimCgroup = path
+		} else {
+			if ti.Options == nil {
+				ti.Options = &runctypes.CreateOptions{}
+			}
+			opts, ok := ti.Options.(*runctypes.CreateOptions)
+			if !ok {
+				return errors.New("could not cast TaskInfo Options to CreateOptions")
+			}
+			opts.ShimCgroup = path
+		}
+		return nil
+	}
+}
+
+// WithUIDOwner allows console I/O to work with the remapped UID in user namespace
+func WithUIDOwner(uid uint32) NewTaskOpts {
+	return func(ctx context.Context, c *Client, ti *TaskInfo) error {
+		if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
+			if ti.Options == nil {
+				ti.Options = &options.Options{}
+			}
+			opts, ok := ti.Options.(*options.Options)
+			if !ok {
+				return errors.New("invalid v2 shim create options format")
+			}
+			opts.IoUid = uid
+		} else {
+			if ti.Options == nil {
+				ti.Options = &runctypes.CreateOptions{}
+			}
+			opts, ok := ti.Options.(*runctypes.CreateOptions)
+			if !ok {
+				return errors.New("could not cast TaskInfo Options to CreateOptions")
+			}
+			opts.IoUid = uid
 		}
 		return nil
 	}
-	opts, ok := info.Options.(*runctypes.CreateOptions)
-	if !ok {
-		return errors.New("invalid options type, expected runctypes.CreateOptions")
+}
+
+// WithGIDOwner allows console I/O to work with the remapped GID in user namespace
+func WithGIDOwner(gid uint32) NewTaskOpts {
+	return func(ctx context.Context, c *Client, ti *TaskInfo) error {
+		if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
+			if ti.Options == nil {
+				ti.Options = &options.Options{}
+			}
+			opts, ok := ti.Options.(*options.Options)
+			if !ok {
+				return errors.New("invalid v2 shim create options format")
+			}
+			opts.IoGid = gid
+		} else {
+			if ti.Options == nil {
+				ti.Options = &runctypes.CreateOptions{}
+			}
+			opts, ok := ti.Options.(*runctypes.CreateOptions)
+			if !ok {
+				return errors.New("could not cast TaskInfo Options to CreateOptions")
+			}
+			opts.IoGid = gid
+		}
+		return nil
 	}
-	opts.NoPivotRoot = true
-	return nil
 }
diff --git a/vendor/github.com/containerd/containerd/unpacker.go b/vendor/github.com/containerd/containerd/unpacker.go
new file mode 100644
index 0000000000000..76f5d7b0c4fb6
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/unpacker.go
@@ -0,0 +1,353 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"math/rand"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/containerd/snapshots"
+	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/image-spec/identity"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
+	"golang.org/x/sync/semaphore"
+)
+
+const (
+	labelSnapshotRef = "containerd.io/snapshot.ref"
+)
+
+type unpacker struct {
+	updateCh    chan ocispec.Descriptor
+	snapshotter string
+	config      UnpackConfig
+	c           *Client
+	limiter     *semaphore.Weighted
+}
+
+func (c *Client) newUnpacker(ctx context.Context, rCtx *RemoteContext) (*unpacker, error) {
+	snapshotter, err := c.resolveSnapshotterName(ctx, rCtx.Snapshotter)
+	if err != nil {
+		return nil, err
+	}
+	var config UnpackConfig
+	for _, o := range rCtx.UnpackOpts {
+		if err := o(ctx, &config); err != nil {
+			return nil, err
+		}
+	}
+	return &unpacker{
+		updateCh:    make(chan ocispec.Descriptor, 128),
+		snapshotter: snapshotter,
+		config:      config,
+		c:           c,
+	}, nil
+}
+
+func (u *unpacker) unpack(
+	ctx context.Context,
+	rCtx *RemoteContext,
+	h images.Handler,
+	config ocispec.Descriptor,
+	layers []ocispec.Descriptor,
+) error {
+	p, err := content.ReadBlob(ctx, u.c.ContentStore(), config)
+	if err != nil {
+		return err
+	}
+
+	var i ocispec.Image
+	if err := json.Unmarshal(p, &i); err != nil {
+		return errors.Wrap(err, "unmarshal image config")
+	}
+	diffIDs := i.RootFS.DiffIDs
+	if len(layers) != len(diffIDs) {
+		return errors.Errorf("number of layers and diffIDs don't match: %d != %d", len(layers), len(diffIDs))
+	}
+
+	if u.config.CheckPlatformSupported {
+		imgPlatform := platforms.Normalize(ocispec.Platform{OS: i.OS, Architecture: i.Architecture})
+		snapshotterPlatformMatcher, err := u.c.GetSnapshotterSupportedPlatforms(ctx, u.snapshotter)
+		if err != nil {
+			return errors.Wrapf(err, "failed to find supported platforms for snapshotter %s", u.snapshotter)
+		}
+		if !snapshotterPlatformMatcher.Match(imgPlatform) {
+			return fmt.Errorf("snapshotter %s does not support platform %s for image %s", u.snapshotter, imgPlatform, config.Digest)
+		}
+	}
+
+	var (
+		sn = u.c.SnapshotService(u.snapshotter)
+		a  = u.c.DiffService()
+		cs = u.c.ContentStore()
+
+		chain []digest.Digest
+
+		fetchOffset int
+		fetchC      []chan struct{}
+		fetchErr    chan error
+	)
+
+	// If there is an early return, ensure any ongoing
+	// fetches get their context cancelled
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+EachLayer:
+	for i, desc := range layers {
+		parent := identity.ChainID(chain)
+		chain = append(chain, diffIDs[i])
+
+		chainID := identity.ChainID(chain).String()
+		if _, err := sn.Stat(ctx, chainID); err == nil {
+			// no need to handle
+			continue
+		} else if !errdefs.IsNotFound(err) {
+			return errors.Wrapf(err, "failed to stat snapshot %s", chainID)
+		}
+
+		// inherits annotations which are provided as snapshot labels.
+		labels := snapshots.FilterInheritedLabels(desc.Annotations)
+		if labels == nil {
+			labels = make(map[string]string)
+		}
+		labels[labelSnapshotRef] = chainID
+
+		var (
+			key    string
+			mounts []mount.Mount
+			opts   = append(rCtx.SnapshotterOpts, snapshots.WithLabels(labels))
+		)
+
+		for try := 1; try <= 3; try++ {
+			// Prepare snapshot with from parent, label as root
+			key = fmt.Sprintf(snapshots.UnpackKeyFormat, uniquePart(), chainID)
+			mounts, err = sn.Prepare(ctx, key, parent.String(), opts...)
+			if err != nil {
+				if errdefs.IsAlreadyExists(err) {
+					if _, err := sn.Stat(ctx, chainID); err != nil {
+						if !errdefs.IsNotFound(err) {
+							return errors.Wrapf(err, "failed to stat snapshot %s", chainID)
+						}
+						// Try again, this should be rare, log it
+						log.G(ctx).WithField("key", key).WithField("chainid", chainID).Debug("extraction snapshot already exists, chain id not found")
+					} else {
+						// no need to handle, snapshot now found with chain id
+						continue EachLayer
+					}
+				} else {
+					return errors.Wrapf(err, "failed to prepare extraction snapshot %q", key)
+				}
+			} else {
+				break
+			}
+		}
+		if err != nil {
+			return errors.Wrap(err, "unable to prepare extraction snapshot")
+		}
+
+		// Abort the snapshot if commit does not happen
+		abort := func() {
+			if err := sn.Remove(ctx, key); err != nil {
+				log.G(ctx).WithError(err).Errorf("failed to cleanup %q", key)
+			}
+		}
+
+		if fetchErr == nil {
+			fetchErr = make(chan error, 1)
+			fetchOffset = i
+			fetchC = make([]chan struct{}, len(layers)-fetchOffset)
+			for i := range fetchC {
+				fetchC[i] = make(chan struct{})
+			}
+
+			go func(i int) {
+				err := u.fetch(ctx, h, layers[i:], fetchC)
+				if err != nil {
+					fetchErr <- err
+				}
+				close(fetchErr)
+			}(i)
+		}
+
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case err := <-fetchErr:
+			if err != nil {
+				return err
+			}
+		case <-fetchC[i-fetchOffset]:
+		}
+
+		diff, err := a.Apply(ctx, desc, mounts, u.config.ApplyOpts...)
+		if err != nil {
+			abort()
+			return errors.Wrapf(err, "failed to extract layer %s", diffIDs[i])
+		}
+		if diff.Digest != diffIDs[i] {
+			abort()
+			return errors.Errorf("wrong diff id calculated on extraction %q", diffIDs[i])
+		}
+
+		if err = sn.Commit(ctx, chainID, key, opts...); err != nil {
+			abort()
+			if errdefs.IsAlreadyExists(err) {
+				continue
+			}
+			return errors.Wrapf(err, "failed to commit snapshot %s", key)
+		}
+
+		// Set the uncompressed label after the uncompressed
+		// digest has been verified through apply.
+		cinfo := content.Info{
+			Digest: desc.Digest,
+			Labels: map[string]string{
+				"containerd.io/uncompressed": diff.Digest.String(),
+			},
+		}
+		if _, err := cs.Update(ctx, cinfo, "labels.containerd.io/uncompressed"); err != nil {
+			return err
+		}
+
+	}
+
+	chainID := identity.ChainID(chain).String()
+	cinfo := content.Info{
+		Digest: config.Digest,
+		Labels: map[string]string{
+			fmt.Sprintf("containerd.io/gc.ref.snapshot.%s", u.snapshotter): chainID,
+		},
+	}
+	_, err = cs.Update(ctx, cinfo, fmt.Sprintf("labels.containerd.io/gc.ref.snapshot.%s", u.snapshotter))
+	if err != nil {
+		return err
+	}
+	log.G(ctx).WithFields(logrus.Fields{
+		"config":  config.Digest,
+		"chainID": chainID,
+	}).Debug("image unpacked")
+
+	return nil
+}
+
+func (u *unpacker) fetch(ctx context.Context, h images.Handler, layers []ocispec.Descriptor, done []chan struct{}) error {
+	eg, ctx2 := errgroup.WithContext(ctx)
+	for i, desc := range layers {
+		desc := desc
+		i := i
+
+		if u.limiter != nil {
+			if err := u.limiter.Acquire(ctx, 1); err != nil {
+				return err
+			}
+		}
+
+		eg.Go(func() error {
+			_, err := h.Handle(ctx2, desc)
+			if u.limiter != nil {
+				u.limiter.Release(1)
+			}
+			if err != nil && !errors.Is(err, images.ErrSkipDesc) {
+				return err
+			}
+			close(done[i])
+
+			return nil
+		})
+	}
+
+	return eg.Wait()
+}
+
+func (u *unpacker) handlerWrapper(
+	uctx context.Context,
+	rCtx *RemoteContext,
+	unpacks *int32,
+) (func(images.Handler) images.Handler, *errgroup.Group) {
+	eg, uctx := errgroup.WithContext(uctx)
+	return func(f images.Handler) images.Handler {
+		var (
+			lock   sync.Mutex
+			layers = map[digest.Digest][]ocispec.Descriptor{}
+		)
+		return images.HandlerFunc(func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+			children, err := f.Handle(ctx, desc)
+			if err != nil {
+				return children, err
+			}
+
+			switch desc.MediaType {
+			case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
+				var nonLayers []ocispec.Descriptor
+				var manifestLayers []ocispec.Descriptor
+
+				// Split layers from non-layers, layers will be handled after
+				// the config
+				for _, child := range children {
+					if images.IsLayerType(child.MediaType) {
+						manifestLayers = append(manifestLayers, child)
+					} else {
+						nonLayers = append(nonLayers, child)
+					}
+				}
+
+				lock.Lock()
+				for _, nl := range nonLayers {
+					layers[nl.Digest] = manifestLayers
+				}
+				lock.Unlock()
+
+				children = nonLayers
+			case images.MediaTypeDockerSchema2Config, ocispec.MediaTypeImageConfig:
+				lock.Lock()
+				l := layers[desc.Digest]
+				lock.Unlock()
+				if len(l) > 0 {
+					atomic.AddInt32(unpacks, 1)
+					eg.Go(func() error {
+						return u.unpack(uctx, rCtx, f, desc, l)
+					})
+				}
+			}
+			return children, nil
+		})
+	}, eg
+}
+
+func uniquePart() string {
+	t := time.Now()
+	var b [3]byte
+	// Ignore read failures, just decreases uniqueness
+	rand.Read(b[:])
+	return fmt.Sprintf("%d-%s", t.Nanosecond(), base64.URLEncoding.EncodeToString(b[:]))
+}
diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf
deleted file mode 100644
index c4cd8f1f42aea..0000000000000
--- a/vendor/github.com/containerd/containerd/vendor.conf
+++ /dev/null
@@ -1,89 +0,0 @@
-github.com/containerd/go-runc 5a6d9f37cfa36b15efba46dc7ea349fa9b7143c3
-github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23
-github.com/containerd/cgroups 5e610833b72089b37d0e615de9a92dfc043757c2
-github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
-github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
-github.com/containerd/btrfs 2e1aa0ddf94f91fa282b6ed87c23bf0d64911244
-github.com/containerd/continuity bd77b46c8352f74eb12c85bdc01f4b90f69d66b4
-github.com/coreos/go-systemd 48702e0da86bd25e76cfef347e2adeb434a0d0a6
-github.com/docker/go-metrics 4ea375f7759c82740c893fc030bc37088d2ec098
-github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
-github.com/docker/go-units v0.3.1
-github.com/godbus/dbus c7fdd8b5cd55e87b4e1f4e372cdb1db61dd6c66f
-github.com/prometheus/client_golang f4fb1b73fb099f396a7f0036bf86aa8def4ed823
-github.com/prometheus/client_model 99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c
-github.com/prometheus/common 89604d197083d4781071d3c65855d24ecfb0a563
-github.com/prometheus/procfs cb4147076ac75738c9a7d279075a253c0cc5acbd
-github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
-github.com/matttproud/golang_protobuf_extensions v1.0.0
-github.com/gogo/protobuf v1.0.0
-github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef
-github.com/golang/protobuf v1.1.0
-github.com/opencontainers/runtime-spec eba862dc2470385a233c7507392675cbeadf7353 # v1.0.1-45-geba862d
-github.com/opencontainers/runc 00dc70017d222b178a002ed30e9321b12647af2d
-github.com/sirupsen/logrus v1.0.0
-github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
-golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac
-google.golang.org/grpc v1.12.0
-github.com/pkg/errors v0.8.0
-github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7
-golang.org/x/sys 1b2967e3c290b7c545b3db0deeda16e9be4f98a2 https://github.com/golang/sys
-github.com/opencontainers/image-spec v1.0.1
-golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
-github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
-github.com/grpc-ecosystem/go-grpc-prometheus 6b7015e65d366bf3f19b2b2a000a831940f0f7e0
-github.com/Microsoft/go-winio v0.4.10
-github.com/Microsoft/hcsshim v0.7.6
-google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
-golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
-github.com/containerd/ttrpc 2a805f71863501300ae1976d29f0454ae003e85a
-github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
-gotest.tools v2.1.0
-github.com/google/go-cmp v0.1.0
-go.etcd.io/bbolt v1.3.1-etcd.8
-
-# cri dependencies
-github.com/containerd/cri 9f39e3289533fc228c5e5fcac0a6dbdd60c6047b # release/1.2 branch
-github.com/containerd/go-cni 6d7b509a054a3cb1c35ed1865d4fde2f0cb547cd
-github.com/blang/semver v3.1.0
-github.com/containernetworking/cni v0.6.0
-github.com/containernetworking/plugins v0.7.0
-github.com/davecgh/go-spew v1.1.0
-github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621
-github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00
-github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
-github.com/emicklei/go-restful v2.2.1
-github.com/ghodss/yaml v1.0.0
-github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed
-github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c
-github.com/hashicorp/errwrap 7554cd9344cec97297fa6649b055a8c98c2a1e55
-github.com/hashicorp/go-multierror ed905158d87462226a13fe39ddf685ea65f1c11f
-github.com/json-iterator/go 1.1.5
-github.com/modern-go/reflect2 1.0.1
-github.com/modern-go/concurrent 1.0.3
-github.com/opencontainers/runtime-tools v0.6.0
-github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a
-github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
-github.com/tchap/go-patricia v2.2.6
-github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6
-github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b
-github.com/xeipuuv/gojsonschema 1d523034197ff1f222f6429836dd36a2457a1874
-golang.org/x/crypto 49796115aa4b964c318aad4f3084fdb41e9aa067
-golang.org/x/oauth2 a6bd8cefa1811bd24b86f8902872e4e8225f74c4
-golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631
-gopkg.in/inf.v0 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
-gopkg.in/yaml.v2 v2.2.1
-k8s.io/api 012f271b5d41baad56190c5f1ae19bff16df0fd8
-k8s.io/apimachinery 6429050ef506887d121f3e7306e894f8900d8a63
-k8s.io/apiserver e9312c15296b6c2c923ebd5031ff5d1d5fd022d7
-k8s.io/client-go 37c3c02ec96533daec0dbda1f39a6b1d68505c79
-k8s.io/kubernetes v1.12.0-beta.1
-k8s.io/utils 982821ea41da7e7c15f3d3738921eb2e7e241ccd
-
-# zfs dependencies
-github.com/containerd/zfs 9a0b8b8b5982014b729cd34eb7cd7a11062aa6ec
-github.com/mistifyio/go-zfs 166add352731e515512690329794ee593f1aaff2
-github.com/pborman/uuid c65b2f87fee37d1c7854c9164a450713c28d50cd
-
-# aufs dependencies
-github.com/containerd/aufs ffa39970e26ad01d81f540b21e65f9c1841a5f92
diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go
new file mode 100644
index 0000000000000..b8200307f3a55
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/version/version.go
@@ -0,0 +1,34 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package version
+
+import "runtime"
+
+var (
+	// Package is filled at linking time
+	Package = "github.com/containerd/containerd"
+
+	// Version holds the complete version number. Filled in at linking time.
+	Version = "1.5.8+unknown"
+
+	// Revision is filled with the VCS (e.g. git) revision being used to build
+	// the program at linking time.
+	Revision = ""
+
+	// GoVersion is Go tree's version.
+	GoVersion = runtime.Version()
+)
diff --git a/vendor/github.com/containerd/containerd/windows/hcsshimtypes/doc.go b/vendor/github.com/containerd/containerd/windows/hcsshimtypes/doc.go
deleted file mode 100644
index 9fe5cd0a4d836..0000000000000
--- a/vendor/github.com/containerd/containerd/windows/hcsshimtypes/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-// Package hcsshimtypes holds the windows runtime specific types
-package hcsshimtypes
diff --git a/vendor/github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.pb.go b/vendor/github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.pb.go
deleted file mode 100644
index 827bb6b29ea26..0000000000000
--- a/vendor/github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.pb.go
+++ /dev/null
@@ -1,744 +0,0 @@
-// Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.proto
-
-/*
-	Package hcsshimtypes is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.proto
-
-	It has these top-level messages:
-		CreateOptions
-		ProcessDetails
-*/
-package hcsshimtypes
-
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/types"
-
-import time "time"
-
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-var _ = time.Kitchen
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
-
-type CreateOptions struct {
-	TerminateDuration time.Duration `protobuf:"bytes,1,opt,name=terminate_duration,json=terminateDuration,stdduration" json:"terminate_duration"`
-}
-
-func (m *CreateOptions) Reset()                    { *m = CreateOptions{} }
-func (*CreateOptions) ProtoMessage()               {}
-func (*CreateOptions) Descriptor() ([]byte, []int) { return fileDescriptorHcsshim, []int{0} }
-
-// ProcessDetails contains additional information about a process
-// ProcessDetails is made of the same fields as found in hcsshim.ProcessListItem
-type ProcessDetails struct {
-	ImageName                    string    `protobuf:"bytes,1,opt,name=image_name,json=imageName,proto3" json:"image_name,omitempty"`
-	CreatedAt                    time.Time `protobuf:"bytes,2,opt,name=created_at,json=createdAt,stdtime" json:"created_at"`
-	KernelTime_100Ns             uint64    `protobuf:"varint,3,opt,name=kernel_time_100_ns,json=kernelTime100Ns,proto3" json:"kernel_time_100_ns,omitempty"`
-	MemoryCommitBytes            uint64    `protobuf:"varint,4,opt,name=memory_commit_bytes,json=memoryCommitBytes,proto3" json:"memory_commit_bytes,omitempty"`
-	MemoryWorkingSetPrivateBytes uint64    `protobuf:"varint,5,opt,name=memory_working_set_private_bytes,json=memoryWorkingSetPrivateBytes,proto3" json:"memory_working_set_private_bytes,omitempty"`
-	MemoryWorkingSetSharedBytes  uint64    `protobuf:"varint,6,opt,name=memory_working_set_shared_bytes,json=memoryWorkingSetSharedBytes,proto3" json:"memory_working_set_shared_bytes,omitempty"`
-	ProcessID                    uint32    `protobuf:"varint,7,opt,name=process_id,json=processId,proto3" json:"process_id,omitempty"`
-	UserTime_100Ns               uint64    `protobuf:"varint,8,opt,name=user_time_100_ns,json=userTime100Ns,proto3" json:"user_time_100_ns,omitempty"`
-	ExecID                       string    `protobuf:"bytes,9,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
-}
-
-func (m *ProcessDetails) Reset()                    { *m = ProcessDetails{} }
-func (*ProcessDetails) ProtoMessage()               {}
-func (*ProcessDetails) Descriptor() ([]byte, []int) { return fileDescriptorHcsshim, []int{1} }
-
-func init() {
-	proto.RegisterType((*CreateOptions)(nil), "containerd.windows.hcsshim.CreateOptions")
-	proto.RegisterType((*ProcessDetails)(nil), "containerd.windows.hcsshim.ProcessDetails")
-}
-func (m *CreateOptions) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *CreateOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintHcsshim(dAtA, i, uint64(types.SizeOfStdDuration(m.TerminateDuration)))
-	n1, err := types.StdDurationMarshalTo(m.TerminateDuration, dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n1
-	return i, nil
-}
-
-func (m *ProcessDetails) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *ProcessDetails) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ImageName) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintHcsshim(dAtA, i, uint64(len(m.ImageName)))
-		i += copy(dAtA[i:], m.ImageName)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintHcsshim(dAtA, i, uint64(types.SizeOfStdTime(m.CreatedAt)))
-	n2, err := types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n2
-	if m.KernelTime_100Ns != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintHcsshim(dAtA, i, uint64(m.KernelTime_100Ns))
-	}
-	if m.MemoryCommitBytes != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintHcsshim(dAtA, i, uint64(m.MemoryCommitBytes))
-	}
-	if m.MemoryWorkingSetPrivateBytes != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintHcsshim(dAtA, i, uint64(m.MemoryWorkingSetPrivateBytes))
-	}
-	if m.MemoryWorkingSetSharedBytes != 0 {
-		dAtA[i] = 0x30
-		i++
-		i = encodeVarintHcsshim(dAtA, i, uint64(m.MemoryWorkingSetSharedBytes))
-	}
-	if m.ProcessID != 0 {
-		dAtA[i] = 0x38
-		i++
-		i = encodeVarintHcsshim(dAtA, i, uint64(m.ProcessID))
-	}
-	if m.UserTime_100Ns != 0 {
-		dAtA[i] = 0x40
-		i++
-		i = encodeVarintHcsshim(dAtA, i, uint64(m.UserTime_100Ns))
-	}
-	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintHcsshim(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
-	}
-	return i, nil
-}
-
-func encodeVarintHcsshim(dAtA []byte, offset int, v uint64) int {
-	for v >= 1<<7 {
-		dAtA[offset] = uint8(v&0x7f | 0x80)
-		v >>= 7
-		offset++
-	}
-	dAtA[offset] = uint8(v)
-	return offset + 1
-}
-func (m *CreateOptions) Size() (n int) {
-	var l int
-	_ = l
-	l = types.SizeOfStdDuration(m.TerminateDuration)
-	n += 1 + l + sovHcsshim(uint64(l))
-	return n
-}
-
-func (m *ProcessDetails) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.ImageName)
-	if l > 0 {
-		n += 1 + l + sovHcsshim(uint64(l))
-	}
-	l = types.SizeOfStdTime(m.CreatedAt)
-	n += 1 + l + sovHcsshim(uint64(l))
-	if m.KernelTime_100Ns != 0 {
-		n += 1 + sovHcsshim(uint64(m.KernelTime_100Ns))
-	}
-	if m.MemoryCommitBytes != 0 {
-		n += 1 + sovHcsshim(uint64(m.MemoryCommitBytes))
-	}
-	if m.MemoryWorkingSetPrivateBytes != 0 {
-		n += 1 + sovHcsshim(uint64(m.MemoryWorkingSetPrivateBytes))
-	}
-	if m.MemoryWorkingSetSharedBytes != 0 {
-		n += 1 + sovHcsshim(uint64(m.MemoryWorkingSetSharedBytes))
-	}
-	if m.ProcessID != 0 {
-		n += 1 + sovHcsshim(uint64(m.ProcessID))
-	}
-	if m.UserTime_100Ns != 0 {
-		n += 1 + sovHcsshim(uint64(m.UserTime_100Ns))
-	}
-	l = len(m.ExecID)
-	if l > 0 {
-		n += 1 + l + sovHcsshim(uint64(l))
-	}
-	return n
-}
-
-func sovHcsshim(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
-}
-func sozHcsshim(x uint64) (n int) {
-	return sovHcsshim(uint64((x << 1) ^ uint64((int64(x) >> 63))))
-}
-func (this *CreateOptions) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&CreateOptions{`,
-		`TerminateDuration:` + strings.Replace(strings.Replace(this.TerminateDuration.String(), "Duration", "google_protobuf1.Duration", 1), `&`, ``, 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ProcessDetails) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&ProcessDetails{`,
-		`ImageName:` + fmt.Sprintf("%v", this.ImageName) + `,`,
-		`CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "google_protobuf2.Timestamp", 1), `&`, ``, 1) + `,`,
-		`KernelTime_100Ns:` + fmt.Sprintf("%v", this.KernelTime_100Ns) + `,`,
-		`MemoryCommitBytes:` + fmt.Sprintf("%v", this.MemoryCommitBytes) + `,`,
-		`MemoryWorkingSetPrivateBytes:` + fmt.Sprintf("%v", this.MemoryWorkingSetPrivateBytes) + `,`,
-		`MemoryWorkingSetSharedBytes:` + fmt.Sprintf("%v", this.MemoryWorkingSetSharedBytes) + `,`,
-		`ProcessID:` + fmt.Sprintf("%v", this.ProcessID) + `,`,
-		`UserTime_100Ns:` + fmt.Sprintf("%v", this.UserTime_100Ns) + `,`,
-		`ExecID:` + fmt.Sprintf("%v", this.ExecID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func valueToStringHcsshim(v interface{}) string {
-	rv := reflect.ValueOf(v)
-	if rv.IsNil() {
-		return "nil"
-	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("*%v", pv)
-}
-func (m *CreateOptions) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowHcsshim
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: CreateOptions: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateOptions: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TerminateDuration", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthHcsshim
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if err := types.StdDurationUnmarshal(&m.TerminateDuration, dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipHcsshim(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthHcsshim
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowHcsshim
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ProcessDetails: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ProcessDetails: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ImageName", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthHcsshim
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.ImageName = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field CreatedAt", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthHcsshim
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if err := types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field KernelTime_100Ns", wireType)
-			}
-			m.KernelTime_100Ns = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.KernelTime_100Ns |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MemoryCommitBytes", wireType)
-			}
-			m.MemoryCommitBytes = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.MemoryCommitBytes |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 5:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MemoryWorkingSetPrivateBytes", wireType)
-			}
-			m.MemoryWorkingSetPrivateBytes = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.MemoryWorkingSetPrivateBytes |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 6:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MemoryWorkingSetSharedBytes", wireType)
-			}
-			m.MemoryWorkingSetSharedBytes = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.MemoryWorkingSetSharedBytes |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 7:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ProcessID", wireType)
-			}
-			m.ProcessID = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.ProcessID |= (uint32(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 8:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field UserTime_100Ns", wireType)
-			}
-			m.UserTime_100Ns = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.UserTime_100Ns |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 9:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExecID", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthHcsshim
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.ExecID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipHcsshim(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthHcsshim
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func skipHcsshim(dAtA []byte) (n int, err error) {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return 0, ErrIntOverflowHcsshim
-			}
-			if iNdEx >= l {
-				return 0, io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		wireType := int(wire & 0x7)
-		switch wireType {
-		case 0:
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return 0, ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return 0, io.ErrUnexpectedEOF
-				}
-				iNdEx++
-				if dAtA[iNdEx-1] < 0x80 {
-					break
-				}
-			}
-			return iNdEx, nil
-		case 1:
-			iNdEx += 8
-			return iNdEx, nil
-		case 2:
-			var length int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return 0, ErrIntOverflowHcsshim
-				}
-				if iNdEx >= l {
-					return 0, io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				length |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			iNdEx += length
-			if length < 0 {
-				return 0, ErrInvalidLengthHcsshim
-			}
-			return iNdEx, nil
-		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowHcsshim
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipHcsshim(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
-		case 4:
-			return iNdEx, nil
-		case 5:
-			iNdEx += 4
-			return iNdEx, nil
-		default:
-			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
-		}
-	}
-	panic("unreachable")
-}
-
-var (
-	ErrInvalidLengthHcsshim = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowHcsshim   = fmt.Errorf("proto: integer overflow")
-)
-
-func init() {
-	proto.RegisterFile("github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.proto", fileDescriptorHcsshim)
-}
-
-var fileDescriptorHcsshim = []byte{
-	// 507 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x93, 0x41, 0x6f, 0xd3, 0x3c,
-	0x18, 0xc7, 0x9b, 0x77, 0x7b, 0xbb, 0xc5, 0xa8, 0xc0, 0x0c, 0x87, 0x52, 0x20, 0xa9, 0xc6, 0x81,
-	0x4a, 0xa0, 0xb4, 0x83, 0x23, 0x27, 0xd2, 0x82, 0xd4, 0xcb, 0x98, 0x32, 0x24, 0x10, 0x42, 0xb2,
-	0xdc, 0xe4, 0x21, 0xb5, 0x56, 0xc7, 0x91, 0xed, 0xd2, 0xf5, 0xc6, 0x47, 0xe0, 0xc8, 0x47, 0xea,
-	0x91, 0x23, 0x12, 0x52, 0x61, 0xf9, 0x24, 0xc8, 0x76, 0xba, 0x8d, 0xc1, 0x89, 0x9b, 0xed, 0xff,
-	0xef, 0xf9, 0x3d, 0xf1, 0x63, 0x05, 0x0d, 0x73, 0xa6, 0xa7, 0xf3, 0x49, 0x94, 0x0a, 0xde, 0x4f,
-	0x45, 0xa1, 0x29, 0x2b, 0x40, 0x66, 0x97, 0x97, 0x0b, 0x56, 0x64, 0x62, 0xa1, 0xfa, 0xd3, 0x54,
-	0xa9, 0x29, 0xe3, 0x7a, 0x59, 0xc2, 0xf9, 0x26, 0x2a, 0xa5, 0xd0, 0x02, 0x77, 0x2e, 0xf0, 0xa8,
-	0xc6, 0xa3, 0x9a, 0xe8, 0xdc, 0xce, 0x45, 0x2e, 0x2c, 0xd6, 0x37, 0x2b, 0x57, 0xd1, 0x09, 0x72,
-	0x21, 0xf2, 0x19, 0xf4, 0xed, 0x6e, 0x32, 0xff, 0xd0, 0xcf, 0xe6, 0x92, 0x6a, 0x26, 0x8a, 0x3a,
-	0x0f, 0xaf, 0xe6, 0x9a, 0x71, 0x50, 0x9a, 0xf2, 0xd2, 0x01, 0xfb, 0x29, 0x6a, 0x0d, 0x25, 0x50,
-	0x0d, 0xaf, 0x4a, 0x53, 0xa6, 0x70, 0x82, 0xb0, 0x06, 0xc9, 0x59, 0x41, 0x35, 0x90, 0x8d, 0xad,
-	0xed, 0x75, 0xbd, 0xde, 0xb5, 0x27, 0x77, 0x22, 0xa7, 0x8b, 0x36, 0xba, 0x68, 0x54, 0x03, 0xf1,
-	0xee, 0x6a, 0x1d, 0x36, 0xbe, 0xfc, 0x08, 0xbd, 0x64, 0xef, 0xbc, 0x7c, 0x13, 0xee, 0x7f, 0xdf,
-	0x42, 0xd7, 0x8f, 0xa4, 0x48, 0x41, 0xa9, 0x11, 0x68, 0xca, 0x66, 0x0a, 0xdf, 0x47, 0x88, 0x71,
-	0x9a, 0x03, 0x29, 0x28, 0x07, 0xab, 0xf7, 0x13, 0xdf, 0x9e, 0x1c, 0x52, 0x0e, 0x78, 0x88, 0x50,
-	0x6a, 0x3f, 0x2b, 0x23, 0x54, 0xb7, 0xff, 0xb3, 0xdd, 0x3b, 0x7f, 0x74, 0x7f, 0xbd, 0xb9, 0x8c,
-	0x6b, 0xff, 0xd9, 0xb4, 0xf7, 0xeb, 0xba, 0xe7, 0x1a, 0x3f, 0x42, 0xf8, 0x04, 0x64, 0x01, 0x33,
-	0x62, 0x6e, 0x4d, 0x0e, 0x06, 0x03, 0x52, 0xa8, 0xf6, 0x56, 0xd7, 0xeb, 0x6d, 0x27, 0x37, 0x5c,
-	0x62, 0x0c, 0x07, 0x83, 0xc1, 0xa1, 0xc2, 0x11, 0xba, 0xc5, 0x81, 0x0b, 0xb9, 0x24, 0xa9, 0xe0,
-	0x9c, 0x69, 0x32, 0x59, 0x6a, 0x50, 0xed, 0x6d, 0x4b, 0xef, 0xb9, 0x68, 0x68, 0x93, 0xd8, 0x04,
-	0xf8, 0x25, 0xea, 0xd6, 0xfc, 0x42, 0xc8, 0x13, 0x56, 0xe4, 0x44, 0x81, 0x26, 0xa5, 0x64, 0x1f,
-	0xcd, 0xe0, 0x5c, 0xf1, 0xff, 0xb6, 0xf8, 0x9e, 0xe3, 0xde, 0x38, 0xec, 0x18, 0xf4, 0x91, 0x83,
-	0x9c, 0x67, 0x84, 0xc2, 0xbf, 0x78, 0xd4, 0x94, 0x4a, 0xc8, 0x6a, 0x4d, 0xd3, 0x6a, 0xee, 0x5e,
-	0xd5, 0x1c, 0x5b, 0xc6, 0x59, 0x1e, 0x23, 0x54, 0xba, 0x01, 0x13, 0x96, 0xb5, 0x77, 0xba, 0x5e,
-	0xaf, 0x15, 0xb7, 0xaa, 0x75, 0xe8, 0xd7, 0x63, 0x1f, 0x8f, 0x12, 0xbf, 0x06, 0xc6, 0x19, 0x7e,
-	0x88, 0x6e, 0xce, 0x15, 0xc8, 0xdf, 0xc6, 0xb2, 0x6b, 0x9b, 0xb4, 0xcc, 0xf9, 0xc5, 0x50, 0x1e,
-	0xa0, 0x1d, 0x38, 0x85, 0xd4, 0x38, 0x7d, 0xf3, 0x44, 0x31, 0xaa, 0xd6, 0x61, 0xf3, 0xc5, 0x29,
-	0xa4, 0xe3, 0x51, 0xd2, 0x34, 0xd1, 0x38, 0x8b, 0xdf, 0xaf, 0xce, 0x82, 0xc6, 0xb7, 0xb3, 0xa0,
-	0xf1, 0xa9, 0x0a, 0xbc, 0x55, 0x15, 0x78, 0x5f, 0xab, 0xc0, 0xfb, 0x59, 0x05, 0xde, 0xbb, 0xf8,
-	0x9f, 0x7e, 0x8a, 0x67, 0x97, 0x37, 0x6f, 0x1b, 0x93, 0xa6, 0x7d, 0xef, 0xa7, 0xbf, 0x02, 0x00,
-	0x00, 0xff, 0xff, 0x1e, 0xd7, 0x2f, 0xa8, 0x63, 0x03, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.proto b/vendor/github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.proto
deleted file mode 100644
index 5934fca7c209b..0000000000000
--- a/vendor/github.com/containerd/containerd/windows/hcsshimtypes/hcsshim.proto
+++ /dev/null
@@ -1,27 +0,0 @@
-syntax = "proto3";
-
-package containerd.windows.hcsshim;
-
-import weak "gogoproto/gogo.proto";
-import "google/protobuf/duration.proto";
-import "google/protobuf/timestamp.proto";
-
-option go_package = "github.com/containerd/containerd/windows/hcsshimtypes;hcsshimtypes";
-
-message CreateOptions {
-	google.protobuf.Duration terminate_duration = 1 [(gogoproto.stdduration) = true, (gogoproto.nullable) = false];
-}
-
-// ProcessDetails contains additional information about a process
-// ProcessDetails is made of the same fields as found in hcsshim.ProcessListItem
-message ProcessDetails {
-	string image_name = 1;
-	google.protobuf.Timestamp created_at = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
-	uint64 kernel_time_100_ns = 3;
-	uint64 memory_commit_bytes = 4;
-	uint64 memory_working_set_private_bytes = 5;
-	uint64 memory_working_set_shared_bytes = 6;
-	uint32 process_id = 7;
-	uint64 user_time_100_ns = 8;
-	string exec_id = 9;
-}
diff --git a/vendor/github.com/containerd/continuity/LICENSE b/vendor/github.com/containerd/continuity/LICENSE
index 8f71f43fee3f7..584149b6ee28c 100644
--- a/vendor/github.com/containerd/continuity/LICENSE
+++ b/vendor/github.com/containerd/continuity/LICENSE
@@ -1,6 +1,7 @@
+
                                  Apache License
                            Version 2.0, January 2004
-                        http://www.apache.org/licenses/
+                        https://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
@@ -175,28 +176,16 @@
 
    END OF TERMS AND CONDITIONS
 
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
+   Copyright The containerd Authors
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at
 
-       http://www.apache.org/licenses/LICENSE-2.0
+       https://www.apache.org/licenses/LICENSE-2.0
 
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-
diff --git a/vendor/github.com/containerd/continuity/README.md b/vendor/github.com/containerd/continuity/README.md
index 0e91ce07b58aa..6fa50e159c708 100644
--- a/vendor/github.com/containerd/continuity/README.md
+++ b/vendor/github.com/containerd/continuity/README.md
@@ -63,6 +63,10 @@ $ stat -c %a Makefile
 $ ./bin/continuity verify . /tmp/a.pb
 ```
 
+## Platforms
+
+continuity primarily targets Linux.  continuity may compile for and work on
+other operating systems, but those platforms are not tested.
 
 ## Contribution Guide
 ### Building Proto Package
@@ -72,3 +76,13 @@ If you change the proto file you will need to rebuild the generated Go with `go
 ```console
 $ go generate ./proto
 ```
+
+## Project details
+
+continuity is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
+As a containerd sub-project, you will find the:
+ * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/continuity/context.go b/vendor/github.com/containerd/continuity/context.go
deleted file mode 100644
index 75c98594ac68f..0000000000000
--- a/vendor/github.com/containerd/continuity/context.go
+++ /dev/null
@@ -1,673 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"log"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/containerd/continuity/devices"
-	driverpkg "github.com/containerd/continuity/driver"
-	"github.com/containerd/continuity/pathdriver"
-
-	"github.com/opencontainers/go-digest"
-)
-
-var (
-	// ErrNotFound represents the resource not found
-	ErrNotFound = fmt.Errorf("not found")
-	// ErrNotSupported represents the resource not supported
-	ErrNotSupported = fmt.Errorf("not supported")
-)
-
-// Context represents a file system context for accessing resources. The
-// responsibility of the context is to convert system specific resources to
-// generic Resource objects. Most of this is safe path manipulation, as well
-// as extraction of resource details.
-type Context interface {
-	Apply(Resource) error
-	Verify(Resource) error
-	Resource(string, os.FileInfo) (Resource, error)
-	Walk(filepath.WalkFunc) error
-}
-
-// SymlinkPath is intended to give the symlink target value
-// in a root context. Target and linkname are absolute paths
-// not under the given root.
-type SymlinkPath func(root, linkname, target string) (string, error)
-
-// ContextOptions represents options to create a new context.
-type ContextOptions struct {
-	Digester   Digester
-	Driver     driverpkg.Driver
-	PathDriver pathdriver.PathDriver
-	Provider   ContentProvider
-}
-
-// context represents a file system context for accessing resources.
-// Generally, all path qualified access and system considerations should land
-// here.
-type context struct {
-	driver     driverpkg.Driver
-	pathDriver pathdriver.PathDriver
-	root       string
-	digester   Digester
-	provider   ContentProvider
-}
-
-// NewContext returns a Context associated with root. The default driver will
-// be used, as returned by NewDriver.
-func NewContext(root string) (Context, error) {
-	return NewContextWithOptions(root, ContextOptions{})
-}
-
-// NewContextWithOptions returns a Context associate with the root.
-func NewContextWithOptions(root string, options ContextOptions) (Context, error) {
-	// normalize to absolute path
-	pathDriver := options.PathDriver
-	if pathDriver == nil {
-		pathDriver = pathdriver.LocalPathDriver
-	}
-
-	root = pathDriver.FromSlash(root)
-	root, err := pathDriver.Abs(pathDriver.Clean(root))
-	if err != nil {
-		return nil, err
-	}
-
-	driver := options.Driver
-	if driver == nil {
-		driver, err = driverpkg.NewSystemDriver()
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	digester := options.Digester
-	if digester == nil {
-		digester = simpleDigester{digest.Canonical}
-	}
-
-	// Check the root directory. Need to be a little careful here. We are
-	// allowing a link for now, but this may have odd behavior when
-	// canonicalizing paths. As long as all files are opened through the link
-	// path, this should be okay.
-	fi, err := driver.Stat(root)
-	if err != nil {
-		return nil, err
-	}
-
-	if !fi.IsDir() {
-		return nil, &os.PathError{Op: "NewContext", Path: root, Err: os.ErrInvalid}
-	}
-
-	return &context{
-		root:       root,
-		driver:     driver,
-		pathDriver: pathDriver,
-		digester:   digester,
-		provider:   options.Provider,
-	}, nil
-}
-
-// Resource returns the resource as path p, populating the entry with info
-// from fi. The path p should be the path of the resource in the context,
-// typically obtained through Walk or from the value of Resource.Path(). If fi
-// is nil, it will be resolved.
-func (c *context) Resource(p string, fi os.FileInfo) (Resource, error) {
-	fp, err := c.fullpath(p)
-	if err != nil {
-		return nil, err
-	}
-
-	if fi == nil {
-		fi, err = c.driver.Lstat(fp)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	base, err := newBaseResource(p, fi)
-	if err != nil {
-		return nil, err
-	}
-
-	base.xattrs, err = c.resolveXAttrs(fp, fi, base)
-	if err == ErrNotSupported {
-		log.Printf("resolving xattrs on %s not supported", fp)
-	} else if err != nil {
-		return nil, err
-	}
-
-	// TODO(stevvooe): Handle windows alternate data streams.
-
-	if fi.Mode().IsRegular() {
-		dgst, err := c.digest(p)
-		if err != nil {
-			return nil, err
-		}
-
-		return newRegularFile(*base, base.paths, fi.Size(), dgst)
-	}
-
-	if fi.Mode().IsDir() {
-		return newDirectory(*base)
-	}
-
-	if fi.Mode()&os.ModeSymlink != 0 {
-		// We handle relative links vs absolute links by including a
-		// beginning slash for absolute links. Effectively, the bundle's
-		// root is treated as the absolute link anchor.
-		target, err := c.driver.Readlink(fp)
-		if err != nil {
-			return nil, err
-		}
-
-		return newSymLink(*base, target)
-	}
-
-	if fi.Mode()&os.ModeNamedPipe != 0 {
-		return newNamedPipe(*base, base.paths)
-	}
-
-	if fi.Mode()&os.ModeDevice != 0 {
-		deviceDriver, ok := c.driver.(driverpkg.DeviceInfoDriver)
-		if !ok {
-			log.Printf("device extraction not supported %s", fp)
-			return nil, ErrNotSupported
-		}
-
-		// character and block devices merely need to recover the
-		// major/minor device number.
-		major, minor, err := deviceDriver.DeviceInfo(fi)
-		if err != nil {
-			return nil, err
-		}
-
-		return newDevice(*base, base.paths, major, minor)
-	}
-
-	log.Printf("%q (%v) is not supported", fp, fi.Mode())
-	return nil, ErrNotFound
-}
-
-func (c *context) verifyMetadata(resource, target Resource) error {
-	if target.Mode() != resource.Mode() {
-		return fmt.Errorf("resource %q has incorrect mode: %v != %v", target.Path(), target.Mode(), resource.Mode())
-	}
-
-	if target.UID() != resource.UID() {
-		return fmt.Errorf("unexpected uid for %q: %v != %v", target.Path(), target.UID(), resource.GID())
-	}
-
-	if target.GID() != resource.GID() {
-		return fmt.Errorf("unexpected gid for %q: %v != %v", target.Path(), target.GID(), target.GID())
-	}
-
-	if xattrer, ok := resource.(XAttrer); ok {
-		txattrer, tok := target.(XAttrer)
-		if !tok {
-			return fmt.Errorf("resource %q has xattrs but target does not support them", resource.Path())
-		}
-
-		// For xattrs, only ensure that we have those defined in the resource
-		// and their values match. We can ignore other xattrs. In other words,
-		// we only verify that target has the subset defined by resource.
-		txattrs := txattrer.XAttrs()
-		for attr, value := range xattrer.XAttrs() {
-			tvalue, ok := txattrs[attr]
-			if !ok {
-				return fmt.Errorf("resource %q target missing xattr %q", resource.Path(), attr)
-			}
-
-			if !bytes.Equal(value, tvalue) {
-				return fmt.Errorf("xattr %q value differs for resource %q", attr, resource.Path())
-			}
-		}
-	}
-
-	switch r := resource.(type) {
-	case RegularFile:
-		// TODO(stevvooe): Another reason to use a record-based approach. We
-		// have to do another type switch to get this to work. This could be
-		// fixed with an Equal function, but let's study this a little more to
-		// be sure.
-		t, ok := target.(RegularFile)
-		if !ok {
-			return fmt.Errorf("resource %q target not a regular file", r.Path())
-		}
-
-		if t.Size() != r.Size() {
-			return fmt.Errorf("resource %q target has incorrect size: %v != %v", t.Path(), t.Size(), r.Size())
-		}
-	case Directory:
-		t, ok := target.(Directory)
-		if !ok {
-			return fmt.Errorf("resource %q target not a directory", t.Path())
-		}
-	case SymLink:
-		t, ok := target.(SymLink)
-		if !ok {
-			return fmt.Errorf("resource %q target not a symlink", t.Path())
-		}
-
-		if t.Target() != r.Target() {
-			return fmt.Errorf("resource %q target has mismatched target: %q != %q", t.Path(), t.Target(), r.Target())
-		}
-	case Device:
-		t, ok := target.(Device)
-		if !ok {
-			return fmt.Errorf("resource %q is not a device", t.Path())
-		}
-
-		if t.Major() != r.Major() || t.Minor() != r.Minor() {
-			return fmt.Errorf("resource %q has mismatched major/minor numbers: %d,%d != %d,%d", t.Path(), t.Major(), t.Minor(), r.Major(), r.Minor())
-		}
-	case NamedPipe:
-		t, ok := target.(NamedPipe)
-		if !ok {
-			return fmt.Errorf("resource %q is not a named pipe", t.Path())
-		}
-	default:
-		return fmt.Errorf("cannot verify resource: %v", resource)
-	}
-
-	return nil
-}
-
-// Verify the resource in the context. An error will be returned a discrepancy
-// is found.
-func (c *context) Verify(resource Resource) error {
-	fp, err := c.fullpath(resource.Path())
-	if err != nil {
-		return err
-	}
-
-	fi, err := c.driver.Lstat(fp)
-	if err != nil {
-		return err
-	}
-
-	target, err := c.Resource(resource.Path(), fi)
-	if err != nil {
-		return err
-	}
-
-	if target.Path() != resource.Path() {
-		return fmt.Errorf("resource paths do not match: %q != %q", target.Path(), resource.Path())
-	}
-
-	if err := c.verifyMetadata(resource, target); err != nil {
-		return err
-	}
-
-	if h, isHardlinkable := resource.(Hardlinkable); isHardlinkable {
-		hardlinkKey, err := newHardlinkKey(fi)
-		if err == errNotAHardLink {
-			if len(h.Paths()) > 1 {
-				return fmt.Errorf("%q is not a hardlink to %q", h.Paths()[1], resource.Path())
-			}
-		} else if err != nil {
-			return err
-		}
-
-		for _, path := range h.Paths()[1:] {
-			fpLink, err := c.fullpath(path)
-			if err != nil {
-				return err
-			}
-
-			fiLink, err := c.driver.Lstat(fpLink)
-			if err != nil {
-				return err
-			}
-
-			targetLink, err := c.Resource(path, fiLink)
-			if err != nil {
-				return err
-			}
-
-			hardlinkKeyLink, err := newHardlinkKey(fiLink)
-			if err != nil {
-				return err
-			}
-
-			if hardlinkKeyLink != hardlinkKey {
-				return fmt.Errorf("%q is not a hardlink to %q", path, resource.Path())
-			}
-
-			if err := c.verifyMetadata(resource, targetLink); err != nil {
-				return err
-			}
-		}
-	}
-
-	switch r := resource.(type) {
-	case RegularFile:
-		t, ok := target.(RegularFile)
-		if !ok {
-			return fmt.Errorf("resource %q target not a regular file", r.Path())
-		}
-
-		// TODO(stevvooe): This may need to get a little more sophisticated
-		// for digest comparison. We may want to actually calculate the
-		// provided digests, rather than the implementations having an
-		// overlap.
-		if !digestsMatch(t.Digests(), r.Digests()) {
-			return fmt.Errorf("digests for resource %q do not match: %v != %v", t.Path(), t.Digests(), r.Digests())
-		}
-	}
-
-	return nil
-}
-
-func (c *context) checkoutFile(fp string, rf RegularFile) error {
-	if c.provider == nil {
-		return fmt.Errorf("no file provider")
-	}
-	var (
-		r   io.ReadCloser
-		err error
-	)
-	for _, dgst := range rf.Digests() {
-		r, err = c.provider.Reader(dgst)
-		if err == nil {
-			break
-		}
-	}
-	if err != nil {
-		return fmt.Errorf("file content could not be provided: %v", err)
-	}
-	defer r.Close()
-
-	return atomicWriteFile(fp, r, rf.Size(), rf.Mode())
-}
-
-// Apply the resource to the contexts. An error will be returned if the
-// operation fails. Depending on the resource type, the resource may be
-// created. For resource that cannot be resolved, an error will be returned.
-func (c *context) Apply(resource Resource) error {
-	fp, err := c.fullpath(resource.Path())
-	if err != nil {
-		return err
-	}
-
-	if !strings.HasPrefix(fp, c.root) {
-		return fmt.Errorf("resource %v escapes root", resource)
-	}
-
-	var chmod = true
-	fi, err := c.driver.Lstat(fp)
-	if err != nil {
-		if !os.IsNotExist(err) {
-			return err
-		}
-	}
-
-	switch r := resource.(type) {
-	case RegularFile:
-		if fi == nil {
-			if err := c.checkoutFile(fp, r); err != nil {
-				return fmt.Errorf("error checking out file %q: %v", resource.Path(), err)
-			}
-			chmod = false
-		} else {
-			if !fi.Mode().IsRegular() {
-				return fmt.Errorf("file %q should be a regular file, but is not", resource.Path())
-			}
-			if fi.Size() != r.Size() {
-				if err := c.checkoutFile(fp, r); err != nil {
-					return fmt.Errorf("error checking out file %q: %v", resource.Path(), err)
-				}
-			} else {
-				for _, dgst := range r.Digests() {
-					f, err := os.Open(fp)
-					if err != nil {
-						return fmt.Errorf("failure opening file for read %q: %v", resource.Path(), err)
-					}
-					compared, err := dgst.Algorithm().FromReader(f)
-					if err == nil && dgst != compared {
-						if err := c.checkoutFile(fp, r); err != nil {
-							return fmt.Errorf("error checking out file %q: %v", resource.Path(), err)
-						}
-						break
-					}
-					if err1 := f.Close(); err == nil {
-						err = err1
-					}
-					if err != nil {
-						return fmt.Errorf("error checking digest for %q: %v", resource.Path(), err)
-					}
-				}
-			}
-		}
-	case Directory:
-		if fi == nil {
-			if err := c.driver.Mkdir(fp, resource.Mode()); err != nil {
-				return err
-			}
-		} else if !fi.Mode().IsDir() {
-			return fmt.Errorf("%q should be a directory, but is not", resource.Path())
-		}
-
-	case SymLink:
-		var target string // only possibly set if target resource is a symlink
-
-		if fi != nil {
-			if fi.Mode()&os.ModeSymlink != 0 {
-				target, err = c.driver.Readlink(fp)
-				if err != nil {
-					return err
-				}
-			}
-		}
-
-		if target != r.Target() {
-			if fi != nil {
-				if err := c.driver.Remove(fp); err != nil { // RemoveAll in case of directory?
-					return err
-				}
-			}
-
-			if err := c.driver.Symlink(r.Target(), fp); err != nil {
-				return err
-			}
-		}
-
-	case Device:
-		if fi == nil {
-			if err := c.driver.Mknod(fp, resource.Mode(), int(r.Major()), int(r.Minor())); err != nil {
-				return err
-			}
-		} else if (fi.Mode() & os.ModeDevice) == 0 {
-			return fmt.Errorf("%q should be a device, but is not", resource.Path())
-		} else {
-			major, minor, err := devices.DeviceInfo(fi)
-			if err != nil {
-				return err
-			}
-			if major != r.Major() || minor != r.Minor() {
-				if err := c.driver.Remove(fp); err != nil {
-					return err
-				}
-
-				if err := c.driver.Mknod(fp, resource.Mode(), int(r.Major()), int(r.Minor())); err != nil {
-					return err
-				}
-			}
-		}
-
-	case NamedPipe:
-		if fi == nil {
-			if err := c.driver.Mkfifo(fp, resource.Mode()); err != nil {
-				return err
-			}
-		} else if (fi.Mode() & os.ModeNamedPipe) == 0 {
-			return fmt.Errorf("%q should be a named pipe, but is not", resource.Path())
-		}
-	}
-
-	if h, isHardlinkable := resource.(Hardlinkable); isHardlinkable {
-		for _, path := range h.Paths() {
-			if path == resource.Path() {
-				continue
-			}
-
-			lp, err := c.fullpath(path)
-			if err != nil {
-				return err
-			}
-
-			if _, fi := c.driver.Lstat(lp); fi == nil {
-				c.driver.Remove(lp)
-			}
-			if err := c.driver.Link(fp, lp); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Update filemode if file was not created
-	if chmod {
-		if err := c.driver.Lchmod(fp, resource.Mode()); err != nil {
-			return err
-		}
-	}
-
-	if err := c.driver.Lchown(fp, resource.UID(), resource.GID()); err != nil {
-		return err
-	}
-
-	if xattrer, ok := resource.(XAttrer); ok {
-		// For xattrs, only ensure that we have those defined in the resource
-		// and their values are set. We can ignore other xattrs. In other words,
-		// we only set xattres defined by resource but never remove.
-
-		if _, ok := resource.(SymLink); ok {
-			lxattrDriver, ok := c.driver.(driverpkg.LXAttrDriver)
-			if !ok {
-				return fmt.Errorf("unsupported symlink xattr for resource %q", resource.Path())
-			}
-			if err := lxattrDriver.LSetxattr(fp, xattrer.XAttrs()); err != nil {
-				return err
-			}
-		} else {
-			xattrDriver, ok := c.driver.(driverpkg.XAttrDriver)
-			if !ok {
-				return fmt.Errorf("unsupported xattr for resource %q", resource.Path())
-			}
-			if err := xattrDriver.Setxattr(fp, xattrer.XAttrs()); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-// Walk provides a convenience function to call filepath.Walk correctly for
-// the context. Otherwise identical to filepath.Walk, the path argument is
-// corrected to be contained within the context.
-func (c *context) Walk(fn filepath.WalkFunc) error {
-	root := c.root
-	fi, err := c.driver.Lstat(c.root)
-	if err == nil && fi.Mode()&os.ModeSymlink != 0 {
-		root, err = c.driver.Readlink(c.root)
-		if err != nil {
-			return err
-		}
-	}
-	return c.pathDriver.Walk(root, func(p string, fi os.FileInfo, err error) error {
-		contained, err := c.containWithRoot(p, root)
-		return fn(contained, fi, err)
-	})
-}
-
-// fullpath returns the system path for the resource, joined with the context
-// root. The path p must be a part of the context.
-func (c *context) fullpath(p string) (string, error) {
-	p = c.pathDriver.Join(c.root, p)
-	if !strings.HasPrefix(p, c.root) {
-		return "", fmt.Errorf("invalid context path")
-	}
-
-	return p, nil
-}
-
-// contain cleans and santizes the filesystem path p to be an absolute path,
-// effectively relative to the context root.
-func (c *context) contain(p string) (string, error) {
-	return c.containWithRoot(p, c.root)
-}
-
-// containWithRoot cleans and santizes the filesystem path p to be an absolute path,
-// effectively relative to the passed root. Extra care should be used when calling this
-// instead of contain. This is needed for Walk, as if context root is a symlink,
-// it must be evaluated prior to the Walk
-func (c *context) containWithRoot(p string, root string) (string, error) {
-	sanitized, err := c.pathDriver.Rel(root, p)
-	if err != nil {
-		return "", err
-	}
-
-	// ZOMBIES(stevvooe): In certain cases, we may want to remap these to a
-	// "containment error", so the caller can decide what to do.
-	return c.pathDriver.Join("/", c.pathDriver.Clean(sanitized)), nil
-}
-
-// digest returns the digest of the file at path p, relative to the root.
-func (c *context) digest(p string) (digest.Digest, error) {
-	f, err := c.driver.Open(c.pathDriver.Join(c.root, p))
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	return c.digester.Digest(f)
-}
-
-// resolveXAttrs attempts to resolve the extended attributes for the resource
-// at the path fp, which is the full path to the resource. If the resource
-// cannot have xattrs, nil will be returned.
-func (c *context) resolveXAttrs(fp string, fi os.FileInfo, base *resource) (map[string][]byte, error) {
-	if fi.Mode().IsRegular() || fi.Mode().IsDir() {
-		xattrDriver, ok := c.driver.(driverpkg.XAttrDriver)
-		if !ok {
-			log.Println("xattr extraction not supported")
-			return nil, ErrNotSupported
-		}
-
-		return xattrDriver.Getxattr(fp)
-	}
-
-	if fi.Mode()&os.ModeSymlink != 0 {
-		lxattrDriver, ok := c.driver.(driverpkg.LXAttrDriver)
-		if !ok {
-			log.Println("xattr extraction for symlinks not supported")
-			return nil, ErrNotSupported
-		}
-
-		return lxattrDriver.LGetxattr(fp)
-	}
-
-	return nil, nil
-}
diff --git a/vendor/github.com/containerd/continuity/devices/devices_unix.go b/vendor/github.com/containerd/continuity/devices/devices_unix.go
index 520a5a6f3bfca..225a04b7fb412 100644
--- a/vendor/github.com/containerd/continuity/devices/devices_unix.go
+++ b/vendor/github.com/containerd/continuity/devices/devices_unix.go
@@ -32,6 +32,7 @@ func DeviceInfo(fi os.FileInfo) (uint64, uint64, error) {
 		return 0, 0, fmt.Errorf("cannot extract device from os.FileInfo")
 	}
 
+	//nolint:unconvert
 	dev := uint64(sys.Rdev)
 	return uint64(unix.Major(dev)), uint64(unix.Minor(dev)), nil
 }
@@ -55,7 +56,7 @@ func Mknod(p string, mode os.FileMode, maj, min int) error {
 		m |= unix.S_IFIFO
 	}
 
-	return unix.Mknod(p, m, int(dev))
+	return mknod(p, m, dev)
 }
 
 // syscallMode returns the syscall-specific mode bits from Go's portable mode bits.
diff --git a/vendor/github.com/containerd/continuity/devices/mknod_freebsd.go b/vendor/github.com/containerd/continuity/devices/mknod_freebsd.go
new file mode 100644
index 0000000000000..33d18ec8396b0
--- /dev/null
+++ b/vendor/github.com/containerd/continuity/devices/mknod_freebsd.go
@@ -0,0 +1,25 @@
+// +build freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package devices
+
+import "golang.org/x/sys/unix"
+
+func mknod(path string, mode uint32, dev uint64) (err error) {
+	return unix.Mknod(path, mode, dev)
+}
diff --git a/vendor/github.com/containerd/continuity/devices/mknod_unix.go b/vendor/github.com/containerd/continuity/devices/mknod_unix.go
new file mode 100644
index 0000000000000..d9e7a7a2ba6ab
--- /dev/null
+++ b/vendor/github.com/containerd/continuity/devices/mknod_unix.go
@@ -0,0 +1,25 @@
+// +build linux darwin solaris
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package devices
+
+import "golang.org/x/sys/unix"
+
+func mknod(path string, mode uint32, dev uint64) (err error) {
+	return unix.Mknod(path, mode, int(dev))
+}
diff --git a/vendor/github.com/containerd/continuity/digests.go b/vendor/github.com/containerd/continuity/digests.go
deleted file mode 100644
index bf92275dbd366..0000000000000
--- a/vendor/github.com/containerd/continuity/digests.go
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"fmt"
-	"io"
-	"sort"
-
-	"github.com/opencontainers/go-digest"
-)
-
-// Digester produces a digest for a given read stream
-type Digester interface {
-	Digest(io.Reader) (digest.Digest, error)
-}
-
-// ContentProvider produces a read stream for a given digest
-type ContentProvider interface {
-	Reader(digest.Digest) (io.ReadCloser, error)
-}
-
-type simpleDigester struct {
-	algorithm digest.Algorithm
-}
-
-func (sd simpleDigester) Digest(r io.Reader) (digest.Digest, error) {
-	digester := sd.algorithm.Digester()
-
-	if _, err := io.Copy(digester.Hash(), r); err != nil {
-		return "", err
-	}
-
-	return digester.Digest(), nil
-}
-
-// uniqifyDigests sorts and uniqifies the provided digest, ensuring that the
-// digests are not repeated and no two digests with the same algorithm have
-// different values. Because a stable sort is used, this has the effect of
-// "zipping" digest collections from multiple resources.
-func uniqifyDigests(digests ...digest.Digest) ([]digest.Digest, error) {
-	sort.Stable(digestSlice(digests)) // stable sort is important for the behavior here.
-	seen := map[digest.Digest]struct{}{}
-	algs := map[digest.Algorithm][]digest.Digest{} // detect different digests.
-
-	var out []digest.Digest
-	// uniqify the digests
-	for _, d := range digests {
-		if _, ok := seen[d]; ok {
-			continue
-		}
-
-		seen[d] = struct{}{}
-		algs[d.Algorithm()] = append(algs[d.Algorithm()], d)
-
-		if len(algs[d.Algorithm()]) > 1 {
-			return nil, fmt.Errorf("conflicting digests for %v found", d.Algorithm())
-		}
-
-		out = append(out, d)
-	}
-
-	return out, nil
-}
-
-// digestsMatch compares the two sets of digests to see if they match.
-func digestsMatch(as, bs []digest.Digest) bool {
-	all := append(as, bs...)
-
-	uniqified, err := uniqifyDigests(all...)
-	if err != nil {
-		// the only error uniqifyDigests returns is when the digests disagree.
-		return false
-	}
-
-	disjoint := len(as) + len(bs)
-	if len(uniqified) == disjoint {
-		// if these two sets have the same cardinality, we know both sides
-		// didn't share any digests.
-		return false
-	}
-
-	return true
-}
-
-type digestSlice []digest.Digest
-
-func (p digestSlice) Len() int           { return len(p) }
-func (p digestSlice) Less(i, j int) bool { return p[i] < p[j] }
-func (p digestSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
diff --git a/vendor/github.com/containerd/continuity/driver/driver.go b/vendor/github.com/containerd/continuity/driver/driver.go
index 327e96af1596d..e5d9d0f87a45e 100644
--- a/vendor/github.com/containerd/continuity/driver/driver.go
+++ b/vendor/github.com/containerd/continuity/driver/driver.go
@@ -138,6 +138,10 @@ func (d *driver) Lstat(p string) (os.FileInfo, error) {
 	return os.Lstat(p)
 }
 
+func (d *driver) Readlink(p string) (string, error) {
+	return os.Readlink(p)
+}
+
 func (d *driver) Mkdir(p string, mode os.FileMode) error {
 	return os.Mkdir(p, mode)
 }
diff --git a/vendor/github.com/containerd/continuity/driver/driver_unix.go b/vendor/github.com/containerd/continuity/driver/driver_unix.go
index 6cb5d10fb904c..3e58d10af27f9 100644
--- a/vendor/github.com/containerd/continuity/driver/driver_unix.go
+++ b/vendor/github.com/containerd/continuity/driver/driver_unix.go
@@ -131,8 +131,3 @@ func (d *driver) LSetxattr(path string, attrMap map[string][]byte) error {
 func (d *driver) DeviceInfo(fi os.FileInfo) (maj uint64, min uint64, err error) {
 	return devices.DeviceInfo(fi)
 }
-
-// Readlink was forked on Windows to fix a Golang bug, use the "os" package here
-func (d *driver) Readlink(p string) (string, error) {
-	return os.Readlink(p)
-}
diff --git a/vendor/github.com/containerd/continuity/driver/driver_windows.go b/vendor/github.com/containerd/continuity/driver/driver_windows.go
index f1dcea32afb9a..9baea3ba642d5 100644
--- a/vendor/github.com/containerd/continuity/driver/driver_windows.go
+++ b/vendor/github.com/containerd/continuity/driver/driver_windows.go
@@ -1,3 +1,5 @@
+// +build go1.13
+
 /*
    Copyright The containerd Authors.
 
@@ -14,12 +16,14 @@
    limitations under the License.
 */
 
+// Go 1.13 is the minimally supported version for Windows.
+// Earlier golang releases have bug in os.Readlink
+// (see https://github.com/golang/go/issues/30463).
+
 package driver
 
 import (
 	"os"
-
-	"github.com/containerd/continuity/sysx"
 )
 
 func (d *driver) Mknod(path string, mode os.FileMode, major, minor int) error {
@@ -35,9 +39,3 @@ func (d *driver) Lchmod(path string, mode os.FileMode) (err error) {
 	// TODO: Use Window's equivalent
 	return os.Chmod(path, mode)
 }
-
-// Readlink is forked in order to support Volume paths which are used
-// in container layers.
-func (d *driver) Readlink(p string) (string, error) {
-	return sysx.Readlink(p)
-}
diff --git a/vendor/github.com/containerd/continuity/fs/copy.go b/vendor/github.com/containerd/continuity/fs/copy.go
index 42df6a9a541e1..2ee77d1ab2a85 100644
--- a/vendor/github.com/containerd/continuity/fs/copy.go
+++ b/vendor/github.com/containerd/continuity/fs/copy.go
@@ -32,20 +32,70 @@ var bufferPool = &sync.Pool{
 	},
 }
 
+// XAttrErrorHandlers transform a non-nil xattr error.
+// Return nil to ignore an error.
+// xattrKey can be empty for listxattr operation.
+type XAttrErrorHandler func(dst, src, xattrKey string, err error) error
+
+type copyDirOpts struct {
+	xeh XAttrErrorHandler
+	// xex contains a set of xattrs to exclude when copying
+	xex map[string]struct{}
+}
+
+type CopyDirOpt func(*copyDirOpts) error
+
+// WithXAttrErrorHandler allows specifying XAttrErrorHandler
+// If nil XAttrErrorHandler is specified (default), CopyDir stops
+// on a non-nil xattr error.
+func WithXAttrErrorHandler(xeh XAttrErrorHandler) CopyDirOpt {
+	return func(o *copyDirOpts) error {
+		o.xeh = xeh
+		return nil
+	}
+}
+
+// WithAllowXAttrErrors allows ignoring xattr errors.
+func WithAllowXAttrErrors() CopyDirOpt {
+	xeh := func(dst, src, xattrKey string, err error) error {
+		return nil
+	}
+	return WithXAttrErrorHandler(xeh)
+}
+
+// WithXAttrExclude allows for exclusion of specified xattr during CopyDir operation.
+func WithXAttrExclude(keys ...string) CopyDirOpt {
+	return func(o *copyDirOpts) error {
+		if o.xex == nil {
+			o.xex = make(map[string]struct{}, len(keys))
+		}
+		for _, key := range keys {
+			o.xex[key] = struct{}{}
+		}
+		return nil
+	}
+}
+
 // CopyDir copies the directory from src to dst.
 // Most efficient copy of files is attempted.
-func CopyDir(dst, src string) error {
+func CopyDir(dst, src string, opts ...CopyDirOpt) error {
+	var o copyDirOpts
+	for _, opt := range opts {
+		if err := opt(&o); err != nil {
+			return err
+		}
+	}
 	inodes := map[uint64]string{}
-	return copyDirectory(dst, src, inodes)
+	return copyDirectory(dst, src, inodes, &o)
 }
 
-func copyDirectory(dst, src string, inodes map[uint64]string) error {
+func copyDirectory(dst, src string, inodes map[uint64]string, o *copyDirOpts) error {
 	stat, err := os.Stat(src)
 	if err != nil {
 		return errors.Wrapf(err, "failed to stat %s", src)
 	}
 	if !stat.IsDir() {
-		return errors.Errorf("source is not directory")
+		return errors.Errorf("source %s is not directory", src)
 	}
 
 	if st, err := os.Stat(dst); err != nil {
@@ -69,13 +119,17 @@ func copyDirectory(dst, src string, inodes map[uint64]string) error {
 		return errors.Wrapf(err, "failed to copy file info for %s", dst)
 	}
 
+	if err := copyXAttrs(dst, src, o.xex, o.xeh); err != nil {
+		return errors.Wrap(err, "failed to copy xattrs")
+	}
+
 	for _, fi := range fis {
 		source := filepath.Join(src, fi.Name())
 		target := filepath.Join(dst, fi.Name())
 
 		switch {
 		case fi.IsDir():
-			if err := copyDirectory(target, source, inodes); err != nil {
+			if err := copyDirectory(target, source, inodes, o); err != nil {
 				return err
 			}
 			continue
@@ -111,7 +165,7 @@ func copyDirectory(dst, src string, inodes map[uint64]string) error {
 			return errors.Wrap(err, "failed to copy file info")
 		}
 
-		if err := copyXAttrs(target, source); err != nil {
+		if err := copyXAttrs(target, source, o.xex, o.xeh); err != nil {
 			return errors.Wrap(err, "failed to copy xattrs")
 		}
 	}
diff --git a/vendor/github.com/containerd/continuity/fs/copy_darwinopenbsdsolaris.go b/vendor/github.com/containerd/continuity/fs/copy_darwinopenbsdsolaris.go
new file mode 100644
index 0000000000000..92ccacf9af364
--- /dev/null
+++ b/vendor/github.com/containerd/continuity/fs/copy_darwinopenbsdsolaris.go
@@ -0,0 +1,40 @@
+// +build darwin openbsd solaris
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package fs
+
+import (
+	"os"
+	"syscall"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+func copyDevice(dst string, fi os.FileInfo) error {
+	st, ok := fi.Sys().(*syscall.Stat_t)
+	if !ok {
+		return errors.New("unsupported stat type")
+	}
+	return unix.Mknod(dst, uint32(fi.Mode()), int(st.Rdev))
+}
+
+func utimesNano(name string, atime, mtime syscall.Timespec) error {
+	timespec := []syscall.Timespec{atime, mtime}
+	return syscall.UtimesNano(name, timespec)
+}
diff --git a/vendor/github.com/containerd/continuity/fs/copy_freebsd.go b/vendor/github.com/containerd/continuity/fs/copy_freebsd.go
new file mode 100644
index 0000000000000..4b116c95e43d5
--- /dev/null
+++ b/vendor/github.com/containerd/continuity/fs/copy_freebsd.go
@@ -0,0 +1,42 @@
+// +build freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package fs
+
+import (
+	"os"
+	"syscall"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+func copyDevice(dst string, fi os.FileInfo) error {
+	st, ok := fi.Sys().(*syscall.Stat_t)
+	if !ok {
+		return errors.New("unsupported stat type")
+	}
+	return unix.Mknod(dst, uint32(fi.Mode()), st.Rdev)
+}
+
+func utimesNano(name string, atime, mtime syscall.Timespec) error {
+	at := unix.NsecToTimespec(atime.Nano())
+	mt := unix.NsecToTimespec(mtime.Nano())
+	utimes := [2]unix.Timespec{at, mt}
+	return unix.UtimesNanoAt(unix.AT_FDCWD, name, utimes[0:], unix.AT_SYMLINK_NOFOLLOW)
+}
diff --git a/vendor/github.com/containerd/continuity/fs/copy_linux.go b/vendor/github.com/containerd/continuity/fs/copy_linux.go
index e041b5661f032..85beaee54a4a4 100644
--- a/vendor/github.com/containerd/continuity/fs/copy_linux.go
+++ b/vendor/github.com/containerd/continuity/fs/copy_linux.go
@@ -51,7 +51,10 @@ func copyFileInfo(fi os.FileInfo, name string) error {
 		}
 	}
 
-	timespec := []unix.Timespec{unix.Timespec(StatAtime(st)), unix.Timespec(StatMtime(st))}
+	timespec := []unix.Timespec{
+		unix.NsecToTimespec(syscall.TimespecToNsec(StatAtime(st))),
+		unix.NsecToTimespec(syscall.TimespecToNsec(StatMtime(st))),
+	}
 	if err := unix.UtimesNanoAt(unix.AT_FDCWD, name, timespec, unix.AT_SYMLINK_NOFOLLOW); err != nil {
 		return errors.Wrapf(err, "failed to utime %s", name)
 	}
@@ -59,6 +62,8 @@ func copyFileInfo(fi os.FileInfo, name string) error {
 	return nil
 }
 
+const maxSSizeT = int64(^uint(0) >> 1)
+
 func copyFileContent(dst, src *os.File) error {
 	st, err := src.Stat()
 	if err != nil {
@@ -71,7 +76,16 @@ func copyFileContent(dst, src *os.File) error {
 	dstFd := int(dst.Fd())
 
 	for size > 0 {
-		n, err := unix.CopyFileRange(srcFd, nil, dstFd, nil, int(size), 0)
+		// Ensure that we are never trying to copy more than SSIZE_MAX at a
+		// time and at the same time avoids overflows when the file is larger
+		// than 4GB on 32-bit systems.
+		var copySize int
+		if size > maxSSizeT {
+			copySize = int(maxSSizeT)
+		} else {
+			copySize = int(size)
+		}
+		n, err := unix.CopyFileRange(srcFd, nil, dstFd, nil, copySize, 0)
 		if err != nil {
 			if (err != unix.ENOSYS && err != unix.EXDEV) || !first {
 				return errors.Wrap(err, "copy file range failed")
@@ -90,18 +104,37 @@ func copyFileContent(dst, src *os.File) error {
 	return nil
 }
 
-func copyXAttrs(dst, src string) error {
+func copyXAttrs(dst, src string, excludes map[string]struct{}, errorHandler XAttrErrorHandler) error {
 	xattrKeys, err := sysx.LListxattr(src)
 	if err != nil {
-		return errors.Wrapf(err, "failed to list xattrs on %s", src)
+		e := errors.Wrapf(err, "failed to list xattrs on %s", src)
+		if errorHandler != nil {
+			e = errorHandler(dst, src, "", e)
+		}
+		return e
 	}
 	for _, xattr := range xattrKeys {
+		if _, exclude := excludes[xattr]; exclude {
+			continue
+		}
 		data, err := sysx.LGetxattr(src, xattr)
 		if err != nil {
-			return errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src)
+			e := errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src)
+			if errorHandler != nil {
+				if e = errorHandler(dst, src, xattr, e); e == nil {
+					continue
+				}
+			}
+			return e
 		}
 		if err := sysx.LSetxattr(dst, xattr, data, 0); err != nil {
-			return errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst)
+			e := errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst)
+			if errorHandler != nil {
+				if e = errorHandler(dst, src, xattr, e); e == nil {
+					continue
+				}
+			}
+			return e
 		}
 	}
 
diff --git a/vendor/github.com/containerd/continuity/fs/copy_unix.go b/vendor/github.com/containerd/continuity/fs/copy_unix.go
index 1a8ae5ebd1934..923dd5a982f28 100644
--- a/vendor/github.com/containerd/continuity/fs/copy_unix.go
+++ b/vendor/github.com/containerd/continuity/fs/copy_unix.go
@@ -1,4 +1,4 @@
-// +build solaris darwin freebsd
+// +build darwin freebsd openbsd solaris
 
 /*
    Copyright The containerd Authors.
@@ -25,7 +25,6 @@ import (
 
 	"github.com/containerd/continuity/sysx"
 	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
 )
 
 func copyFileInfo(fi os.FileInfo, name string) error {
@@ -53,8 +52,7 @@ func copyFileInfo(fi os.FileInfo, name string) error {
 		}
 	}
 
-	timespec := []syscall.Timespec{StatAtime(st), StatMtime(st)}
-	if err := syscall.UtimesNano(name, timespec); err != nil {
+	if err := utimesNano(name, StatAtime(st), StatMtime(st)); err != nil {
 		return errors.Wrapf(err, "failed to utime %s", name)
 	}
 
@@ -69,28 +67,39 @@ func copyFileContent(dst, src *os.File) error {
 	return err
 }
 
-func copyXAttrs(dst, src string) error {
+func copyXAttrs(dst, src string, excludes map[string]struct{}, errorHandler XAttrErrorHandler) error {
 	xattrKeys, err := sysx.LListxattr(src)
 	if err != nil {
-		return errors.Wrapf(err, "failed to list xattrs on %s", src)
+		e := errors.Wrapf(err, "failed to list xattrs on %s", src)
+		if errorHandler != nil {
+			e = errorHandler(dst, src, "", e)
+		}
+		return e
 	}
 	for _, xattr := range xattrKeys {
+		if _, exclude := excludes[xattr]; exclude {
+			continue
+		}
 		data, err := sysx.LGetxattr(src, xattr)
 		if err != nil {
-			return errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src)
+			e := errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src)
+			if errorHandler != nil {
+				if e = errorHandler(dst, src, xattr, e); e == nil {
+					continue
+				}
+			}
+			return e
 		}
 		if err := sysx.LSetxattr(dst, xattr, data, 0); err != nil {
-			return errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst)
+			e := errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst)
+			if errorHandler != nil {
+				if e = errorHandler(dst, src, xattr, e); e == nil {
+					continue
+				}
+			}
+			return e
 		}
 	}
 
 	return nil
 }
-
-func copyDevice(dst string, fi os.FileInfo) error {
-	st, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return errors.New("unsupported stat type")
-	}
-	return unix.Mknod(dst, uint32(fi.Mode()), int(st.Rdev))
-}
diff --git a/vendor/github.com/containerd/continuity/fs/copy_windows.go b/vendor/github.com/containerd/continuity/fs/copy_windows.go
index be8e6489bf961..0081583fd019a 100644
--- a/vendor/github.com/containerd/continuity/fs/copy_windows.go
+++ b/vendor/github.com/containerd/continuity/fs/copy_windows.go
@@ -40,7 +40,7 @@ func copyFileContent(dst, src *os.File) error {
 	return err
 }
 
-func copyXAttrs(dst, src string) error {
+func copyXAttrs(dst, src string, excludes map[string]struct{}, errorHandler XAttrErrorHandler) error {
 	return nil
 }
 
diff --git a/vendor/github.com/containerd/continuity/fs/du_unix.go b/vendor/github.com/containerd/continuity/fs/du_unix.go
index e22ffbea378fc..9da43d1bc8e9d 100644
--- a/vendor/github.com/containerd/continuity/fs/du_unix.go
+++ b/vendor/github.com/containerd/continuity/fs/du_unix.go
@@ -25,6 +25,14 @@ import (
 	"syscall"
 )
 
+// blocksUnitSize is the unit used by `st_blocks` in `stat` in bytes.
+// See https://man7.org/linux/man-pages/man2/stat.2.html
+//   st_blocks
+//     This field indicates the number of blocks allocated to the
+//     file, in 512-byte units.  (This may be smaller than
+//     st_size/512 when the file has holes.)
+const blocksUnitSize = 512
+
 type inode struct {
 	// TODO(stevvooe): Can probably reduce memory usage by not tracking
 	// device, but we can leave this right for now.
@@ -33,9 +41,9 @@ type inode struct {
 
 func newInode(stat *syscall.Stat_t) inode {
 	return inode{
-		// Dev is uint32 on darwin/bsd, uint64 on linux/solaris
+		// Dev is uint32 on darwin/bsd, uint64 on linux/solaris/freebsd
 		dev: uint64(stat.Dev), // nolint: unconvert
-		// Ino is uint32 on bsd, uint64 on darwin/linux/solaris
+		// Ino is uint32 on bsd, uint64 on darwin/linux/solaris/freebsd
 		ino: uint64(stat.Ino), // nolint: unconvert
 	}
 }
@@ -59,10 +67,11 @@ func diskUsage(ctx context.Context, roots ...string) (Usage, error) {
 			default:
 			}
 
-			inoKey := newInode(fi.Sys().(*syscall.Stat_t))
+			stat := fi.Sys().(*syscall.Stat_t)
+			inoKey := newInode(stat)
 			if _, ok := inodes[inoKey]; !ok {
 				inodes[inoKey] = struct{}{}
-				size += fi.Size()
+				size += stat.Blocks * blocksUnitSize
 			}
 
 			return nil
@@ -89,10 +98,11 @@ func diffUsage(ctx context.Context, a, b string) (Usage, error) {
 		}
 
 		if kind == ChangeKindAdd || kind == ChangeKindModify {
-			inoKey := newInode(fi.Sys().(*syscall.Stat_t))
+			stat := fi.Sys().(*syscall.Stat_t)
+			inoKey := newInode(stat)
 			if _, ok := inodes[inoKey]; !ok {
 				inodes[inoKey] = struct{}{}
-				size += fi.Size()
+				size += stat.Blocks * blocksUnitSize
 			}
 
 			return nil
diff --git a/vendor/github.com/containerd/continuity/fs/path.go b/vendor/github.com/containerd/continuity/fs/path.go
index 995981780078b..c26be79898e3d 100644
--- a/vendor/github.com/containerd/continuity/fs/path.go
+++ b/vendor/github.com/containerd/continuity/fs/path.go
@@ -22,7 +22,6 @@ import (
 	"io"
 	"os"
 	"path/filepath"
-	"strings"
 
 	"github.com/pkg/errors"
 )
@@ -47,9 +46,8 @@ func pathChange(lower, upper *currentPath) (ChangeKind, string) {
 	if upper == nil {
 		return ChangeKindDelete, lower.path
 	}
-	// TODO: compare by directory
 
-	switch i := strings.Compare(lower.path, upper.path); {
+	switch i := directoryCompare(lower.path, upper.path); {
 	case i < 0:
 		// File in lower that is not in upper
 		return ChangeKindDelete, lower.path
@@ -61,6 +59,35 @@ func pathChange(lower, upper *currentPath) (ChangeKind, string) {
 	}
 }
 
+func directoryCompare(a, b string) int {
+	l := len(a)
+	if len(b) < l {
+		l = len(b)
+	}
+	for i := 0; i < l; i++ {
+		c1, c2 := a[i], b[i]
+		if c1 == filepath.Separator {
+			c1 = byte(0)
+		}
+		if c2 == filepath.Separator {
+			c2 = byte(0)
+		}
+		if c1 < c2 {
+			return -1
+		}
+		if c1 > c2 {
+			return +1
+		}
+	}
+	if len(a) < len(b) {
+		return -1
+	}
+	if len(a) > len(b) {
+		return +1
+	}
+	return 0
+}
+
 func sameFile(f1, f2 *currentPath) (bool, error) {
 	if os.SameFile(f1.f, f2.f) {
 		return true, nil
@@ -90,15 +117,13 @@ func sameFile(f1, f2 *currentPath) (bool, error) {
 		// If the timestamp may have been truncated in both of the
 		// files, check content of file to determine difference
 		if t1.Nanosecond() == 0 && t2.Nanosecond() == 0 {
-			var eq bool
 			if (f1.f.Mode() & os.ModeSymlink) == os.ModeSymlink {
-				eq, err = compareSymlinkTarget(f1.fullPath, f2.fullPath)
-			} else if f1.f.Size() > 0 {
-				eq, err = compareFileContent(f1.fullPath, f2.fullPath)
+				return compareSymlinkTarget(f1.fullPath, f2.fullPath)
 			}
-			if err != nil || !eq {
-				return eq, err
+			if f1.f.Size() == 0 { // if file sizes are zero length, the files are the same by definition
+				return true, nil
 			}
+			return compareFileContent(f1.fullPath, f2.fullPath)
 		} else if t1.Nanosecond() != t2.Nanosecond() {
 			return false, nil
 		}
diff --git a/vendor/github.com/containerd/continuity/fs/stat_bsd.go b/vendor/github.com/containerd/continuity/fs/stat_darwinfreebsd.go
similarity index 100%
rename from vendor/github.com/containerd/continuity/fs/stat_bsd.go
rename to vendor/github.com/containerd/continuity/fs/stat_darwinfreebsd.go
diff --git a/vendor/github.com/containerd/continuity/fs/stat_linux.go b/vendor/github.com/containerd/continuity/fs/stat_linux.go
deleted file mode 100644
index 4a678dd1fd465..0000000000000
--- a/vendor/github.com/containerd/continuity/fs/stat_linux.go
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"syscall"
-	"time"
-)
-
-// StatAtime returns the Atim
-func StatAtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Atim
-}
-
-// StatCtime returns the Ctim
-func StatCtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Ctim
-}
-
-// StatMtime returns the Mtim
-func StatMtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Mtim
-}
-
-// StatATimeAsTime returns st.Atim as a time.Time
-func StatATimeAsTime(st *syscall.Stat_t) time.Time {
-	// The int64 conversions ensure the line compiles for 32-bit systems as well.
-	return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) // nolint: unconvert
-}
diff --git a/vendor/github.com/containerd/continuity/fs/stat_linuxopenbsd.go b/vendor/github.com/containerd/continuity/fs/stat_linuxopenbsd.go
new file mode 100644
index 0000000000000..c68df6e586cde
--- /dev/null
+++ b/vendor/github.com/containerd/continuity/fs/stat_linuxopenbsd.go
@@ -0,0 +1,45 @@
+// +build linux openbsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package fs
+
+import (
+	"syscall"
+	"time"
+)
+
+// StatAtime returns the Atim
+func StatAtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Atim
+}
+
+// StatCtime returns the Ctim
+func StatCtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Ctim
+}
+
+// StatMtime returns the Mtim
+func StatMtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Mtim
+}
+
+// StatATimeAsTime returns st.Atim as a time.Time
+func StatATimeAsTime(st *syscall.Stat_t) time.Time {
+	// The int64 conversions ensure the line compiles for 32-bit systems as well.
+	return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) // nolint: unconvert
+}
diff --git a/vendor/github.com/containerd/continuity/go.mod b/vendor/github.com/containerd/continuity/go.mod
new file mode 100644
index 0000000000000..35cea6ae8d000
--- /dev/null
+++ b/vendor/github.com/containerd/continuity/go.mod
@@ -0,0 +1,15 @@
+module github.com/containerd/continuity
+
+go 1.13
+
+require (
+	bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898
+	github.com/dustin/go-humanize v1.0.0
+	github.com/golang/protobuf v1.3.5
+	github.com/opencontainers/go-digest v1.0.0
+	github.com/pkg/errors v0.9.1
+	github.com/sirupsen/logrus v1.7.0
+	github.com/spf13/cobra v1.0.0
+	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+)
diff --git a/vendor/github.com/containerd/continuity/groups_unix.go b/vendor/github.com/containerd/continuity/groups_unix.go
deleted file mode 100644
index 022d8ab783911..0000000000000
--- a/vendor/github.com/containerd/continuity/groups_unix.go
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"strconv"
-	"strings"
-)
-
-// TODO(stevvooe): This needs a lot of work before we can call it useful.
-
-type groupIndex struct {
-	byName map[string]*group
-	byGID  map[int]*group
-}
-
-func getGroupIndex() (*groupIndex, error) {
-	f, err := os.Open("/etc/group")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	groups, err := parseGroups(f)
-	if err != nil {
-		return nil, err
-	}
-
-	return newGroupIndex(groups), nil
-}
-
-func newGroupIndex(groups []group) *groupIndex {
-	gi := &groupIndex{
-		byName: make(map[string]*group),
-		byGID:  make(map[int]*group),
-	}
-
-	for i, group := range groups {
-		gi.byGID[group.gid] = &groups[i]
-		gi.byName[group.name] = &groups[i]
-	}
-
-	return gi
-}
-
-type group struct {
-	name    string
-	gid     int
-	members []string
-}
-
-func getGroupName(gid int) (string, error) {
-	f, err := os.Open("/etc/group")
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	groups, err := parseGroups(f)
-	if err != nil {
-		return "", err
-	}
-
-	for _, group := range groups {
-		if group.gid == gid {
-			return group.name, nil
-		}
-	}
-
-	return "", fmt.Errorf("no group for gid")
-}
-
-// parseGroups parses an /etc/group file for group names, ids and membership.
-// This is unix specific.
-func parseGroups(rd io.Reader) ([]group, error) {
-	var groups []group
-	scanner := bufio.NewScanner(rd)
-
-	for scanner.Scan() {
-		if strings.HasPrefix(scanner.Text(), "#") {
-			continue // skip comment
-		}
-
-		parts := strings.SplitN(scanner.Text(), ":", 4)
-
-		if len(parts) != 4 {
-			return nil, fmt.Errorf("bad entry: %q", scanner.Text())
-		}
-
-		name, _, sgid, smembers := parts[0], parts[1], parts[2], parts[3]
-
-		gid, err := strconv.Atoi(sgid)
-		if err != nil {
-			return nil, fmt.Errorf("bad gid: %q", gid)
-		}
-
-		members := strings.Split(smembers, ",")
-
-		groups = append(groups, group{
-			name:    name,
-			gid:     gid,
-			members: members,
-		})
-	}
-
-	if scanner.Err() != nil {
-		return nil, scanner.Err()
-	}
-
-	return groups, nil
-}
diff --git a/vendor/github.com/containerd/continuity/hardlinks.go b/vendor/github.com/containerd/continuity/hardlinks.go
deleted file mode 100644
index d493dd7776bc7..0000000000000
--- a/vendor/github.com/containerd/continuity/hardlinks.go
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"fmt"
-	"os"
-)
-
-var (
-	errNotAHardLink = fmt.Errorf("invalid hardlink")
-)
-
-type hardlinkManager struct {
-	hardlinks map[hardlinkKey][]Resource
-}
-
-func newHardlinkManager() *hardlinkManager {
-	return &hardlinkManager{
-		hardlinks: map[hardlinkKey][]Resource{},
-	}
-}
-
-// Add attempts to add the resource to the hardlink manager. If the resource
-// cannot be considered as a hardlink candidate, errNotAHardLink is returned.
-func (hlm *hardlinkManager) Add(fi os.FileInfo, resource Resource) error {
-	if _, ok := resource.(Hardlinkable); !ok {
-		return errNotAHardLink
-	}
-
-	key, err := newHardlinkKey(fi)
-	if err != nil {
-		return err
-	}
-
-	hlm.hardlinks[key] = append(hlm.hardlinks[key], resource)
-
-	return nil
-}
-
-// Merge processes the current state of the hardlink manager and merges any
-// shared nodes into hardlinked resources.
-func (hlm *hardlinkManager) Merge() ([]Resource, error) {
-	var resources []Resource
-	for key, linked := range hlm.hardlinks {
-		if len(linked) < 1 {
-			return nil, fmt.Errorf("no hardlink entrys for dev, inode pair: %#v", key)
-		}
-
-		merged, err := Merge(linked...)
-		if err != nil {
-			return nil, fmt.Errorf("error merging hardlink: %v", err)
-		}
-
-		resources = append(resources, merged)
-	}
-
-	return resources, nil
-}
diff --git a/vendor/github.com/containerd/continuity/hardlinks_unix.go b/vendor/github.com/containerd/continuity/hardlinks_unix.go
deleted file mode 100644
index a15d1759ee6ce..0000000000000
--- a/vendor/github.com/containerd/continuity/hardlinks_unix.go
+++ /dev/null
@@ -1,52 +0,0 @@
-// +build linux darwin freebsd solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-)
-
-// hardlinkKey provides a tuple-key for managing hardlinks. This is system-
-// specific.
-type hardlinkKey struct {
-	dev   uint64
-	inode uint64
-}
-
-// newHardlinkKey returns a hardlink key for the provided file info. If the
-// resource does not represent a possible hardlink, errNotAHardLink will be
-// returned.
-func newHardlinkKey(fi os.FileInfo) (hardlinkKey, error) {
-	sys, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return hardlinkKey{}, fmt.Errorf("cannot resolve (*syscall.Stat_t) from os.FileInfo")
-	}
-
-	if sys.Nlink < 2 {
-		// NOTE(stevvooe): This is not always true for all filesystems. We
-		// should somehow detect this and provided a slow "polyfill" that
-		// leverages os.SameFile if we detect a filesystem where link counts
-		// is not really supported.
-		return hardlinkKey{}, errNotAHardLink
-	}
-
-	return hardlinkKey{dev: uint64(sys.Dev), inode: uint64(sys.Ino)}, nil
-}
diff --git a/vendor/github.com/containerd/continuity/hardlinks_windows.go b/vendor/github.com/containerd/continuity/hardlinks_windows.go
deleted file mode 100644
index 5893f4e1ae26c..0000000000000
--- a/vendor/github.com/containerd/continuity/hardlinks_windows.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import "os"
-
-type hardlinkKey struct{}
-
-func newHardlinkKey(fi os.FileInfo) (hardlinkKey, error) {
-	// NOTE(stevvooe): Obviously, this is not yet implemented. However, the
-	// makings of an implementation are available in src/os/types_windows.go. More
-	// investigation needs to be done to figure out exactly how to do this.
-	return hardlinkKey{}, errNotAHardLink
-}
diff --git a/vendor/github.com/containerd/continuity/ioutils.go b/vendor/github.com/containerd/continuity/ioutils.go
deleted file mode 100644
index 503640ebfc86b..0000000000000
--- a/vendor/github.com/containerd/continuity/ioutils.go
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-)
-
-// AtomicWriteFile atomically writes data to a file by first writing to a
-// temp file and calling rename.
-func AtomicWriteFile(filename string, data []byte, perm os.FileMode) error {
-	buf := bytes.NewBuffer(data)
-	return atomicWriteFile(filename, buf, int64(len(data)), perm)
-}
-
-// atomicWriteFile writes data to a file by first writing to a temp
-// file and calling rename.
-func atomicWriteFile(filename string, r io.Reader, dataSize int64, perm os.FileMode) error {
-	f, err := ioutil.TempFile(filepath.Dir(filename), ".tmp-"+filepath.Base(filename))
-	if err != nil {
-		return err
-	}
-	err = os.Chmod(f.Name(), perm)
-	if err != nil {
-		f.Close()
-		return err
-	}
-	n, err := io.Copy(f, r)
-	if err == nil && n < dataSize {
-		f.Close()
-		return io.ErrShortWrite
-	}
-	if err != nil {
-		f.Close()
-		return err
-	}
-	if err := f.Sync(); err != nil {
-		f.Close()
-		return err
-	}
-	if err := f.Close(); err != nil {
-		return err
-	}
-	return os.Rename(f.Name(), filename)
-}
diff --git a/vendor/github.com/containerd/continuity/manifest.go b/vendor/github.com/containerd/continuity/manifest.go
deleted file mode 100644
index 8074bbfbb1e22..0000000000000
--- a/vendor/github.com/containerd/continuity/manifest.go
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"fmt"
-	"io"
-	"log"
-	"os"
-	"sort"
-
-	pb "github.com/containerd/continuity/proto"
-	"github.com/golang/protobuf/proto"
-)
-
-// Manifest provides the contents of a manifest. Users of this struct should
-// not typically modify any fields directly.
-type Manifest struct {
-	// Resources specifies all the resources for a manifest in order by path.
-	Resources []Resource
-}
-
-func Unmarshal(p []byte) (*Manifest, error) {
-	var bm pb.Manifest
-
-	if err := proto.Unmarshal(p, &bm); err != nil {
-		return nil, err
-	}
-
-	var m Manifest
-	for _, b := range bm.Resource {
-		r, err := fromProto(b)
-		if err != nil {
-			return nil, err
-		}
-
-		m.Resources = append(m.Resources, r)
-	}
-
-	return &m, nil
-}
-
-func Marshal(m *Manifest) ([]byte, error) {
-	var bm pb.Manifest
-	for _, resource := range m.Resources {
-		bm.Resource = append(bm.Resource, toProto(resource))
-	}
-
-	return proto.Marshal(&bm)
-}
-
-func MarshalText(w io.Writer, m *Manifest) error {
-	var bm pb.Manifest
-	for _, resource := range m.Resources {
-		bm.Resource = append(bm.Resource, toProto(resource))
-	}
-
-	return proto.MarshalText(w, &bm)
-}
-
-// BuildManifest creates the manifest for the given context
-func BuildManifest(ctx Context) (*Manifest, error) {
-	resourcesByPath := map[string]Resource{}
-	hardlinks := newHardlinkManager()
-
-	if err := ctx.Walk(func(p string, fi os.FileInfo, err error) error {
-		if err != nil {
-			return fmt.Errorf("error walking %s: %v", p, err)
-		}
-
-		if p == string(os.PathSeparator) {
-			// skip root
-			return nil
-		}
-
-		resource, err := ctx.Resource(p, fi)
-		if err != nil {
-			if err == ErrNotFound {
-				return nil
-			}
-			log.Printf("error getting resource %q: %v", p, err)
-			return err
-		}
-
-		// add to the hardlink manager
-		if err := hardlinks.Add(fi, resource); err == nil {
-			// Resource has been accepted by hardlink manager so we don't add
-			// it to the resourcesByPath until we merge at the end.
-			return nil
-		} else if err != errNotAHardLink {
-			// handle any other case where we have a proper error.
-			return fmt.Errorf("adding hardlink %s: %v", p, err)
-		}
-
-		resourcesByPath[p] = resource
-
-		return nil
-	}); err != nil {
-		return nil, err
-	}
-
-	// merge and post-process the hardlinks.
-	hardlinked, err := hardlinks.Merge()
-	if err != nil {
-		return nil, err
-	}
-
-	for _, resource := range hardlinked {
-		resourcesByPath[resource.Path()] = resource
-	}
-
-	var resources []Resource
-	for _, resource := range resourcesByPath {
-		resources = append(resources, resource)
-	}
-
-	sort.Stable(ByPath(resources))
-
-	return &Manifest{
-		Resources: resources,
-	}, nil
-}
-
-// VerifyManifest verifies all the resources in a manifest
-// against files from the given context.
-func VerifyManifest(ctx Context, manifest *Manifest) error {
-	for _, resource := range manifest.Resources {
-		if err := ctx.Verify(resource); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// ApplyManifest applies on the resources in a manifest to
-// the given context.
-func ApplyManifest(ctx Context, manifest *Manifest) error {
-	for _, resource := range manifest.Resources {
-		if err := ctx.Apply(resource); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/containerd/continuity/proto/gen.go b/vendor/github.com/containerd/continuity/proto/gen.go
deleted file mode 100644
index 63ce10fb53120..0000000000000
--- a/vendor/github.com/containerd/continuity/proto/gen.go
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package proto
-
-//go:generate protoc --go_out=. manifest.proto
diff --git a/vendor/github.com/containerd/continuity/proto/manifest.pb.go b/vendor/github.com/containerd/continuity/proto/manifest.pb.go
deleted file mode 100644
index 24317766257ad..0000000000000
--- a/vendor/github.com/containerd/continuity/proto/manifest.pb.go
+++ /dev/null
@@ -1,181 +0,0 @@
-// Code generated by protoc-gen-go.
-// source: manifest.proto
-// DO NOT EDIT!
-
-/*
-Package proto is a generated protocol buffer package.
-
-It is generated from these files:
-	manifest.proto
-
-It has these top-level messages:
-	Manifest
-	Resource
-	XAttr
-	ADSEntry
-*/
-package proto
-
-import proto1 "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto1.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto1.ProtoPackageIsVersion2 // please upgrade the proto package
-
-// Manifest specifies the entries in a container bundle, keyed and sorted by
-// path.
-type Manifest struct {
-	Resource []*Resource `protobuf:"bytes,1,rep,name=resource" json:"resource,omitempty"`
-}
-
-func (m *Manifest) Reset()                    { *m = Manifest{} }
-func (m *Manifest) String() string            { return proto1.CompactTextString(m) }
-func (*Manifest) ProtoMessage()               {}
-func (*Manifest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
-
-func (m *Manifest) GetResource() []*Resource {
-	if m != nil {
-		return m.Resource
-	}
-	return nil
-}
-
-type Resource struct {
-	// Path specifies the path from the bundle root. If more than one
-	// path is present, the entry may represent a hardlink, rather than using
-	// a link target. The path format is operating system specific.
-	Path []string `protobuf:"bytes,1,rep,name=path" json:"path,omitempty"`
-	// Uid specifies the user id for the resource.
-	Uid int64 `protobuf:"varint,2,opt,name=uid" json:"uid,omitempty"`
-	// Gid specifies the group id for the resource.
-	Gid int64 `protobuf:"varint,3,opt,name=gid" json:"gid,omitempty"`
-	// user and group are not currently used but their field numbers have been
-	// reserved for future use. As such, they are marked as deprecated.
-	User  string `protobuf:"bytes,4,opt,name=user" json:"user,omitempty"`
-	Group string `protobuf:"bytes,5,opt,name=group" json:"group,omitempty"`
-	// Mode defines the file mode and permissions. We've used the same
-	// bit-packing from Go's os package,
-	// http://golang.org/pkg/os/#FileMode, since they've done the work of
-	// creating a cross-platform layout.
-	Mode uint32 `protobuf:"varint,6,opt,name=mode" json:"mode,omitempty"`
-	// Size specifies the size in bytes of the resource. This is only valid
-	// for regular files.
-	Size uint64 `protobuf:"varint,7,opt,name=size" json:"size,omitempty"`
-	// Digest specifies the content digest of the target file. Only valid for
-	// regular files. The strings are formatted in OCI style, i.e. <alg>:<encoded>.
-	// For detailed information about the format, please refer to OCI Image Spec:
-	// https://github.com/opencontainers/image-spec/blob/master/descriptor.md#digests-and-verification
-	// The digests are sorted in lexical order and implementations may choose
-	// which algorithms they prefer.
-	Digest []string `protobuf:"bytes,8,rep,name=digest" json:"digest,omitempty"`
-	// Target defines the target of a hard or soft link. Absolute links start
-	// with a slash and specify the resource relative to the bundle root.
-	// Relative links do not start with a slash and are relative to the
-	// resource path.
-	Target string `protobuf:"bytes,9,opt,name=target" json:"target,omitempty"`
-	// Major specifies the major device number for character and block devices.
-	Major uint64 `protobuf:"varint,10,opt,name=major" json:"major,omitempty"`
-	// Minor specifies the minor device number for character and block devices.
-	Minor uint64 `protobuf:"varint,11,opt,name=minor" json:"minor,omitempty"`
-	// Xattr provides storage for extended attributes for the target resource.
-	Xattr []*XAttr `protobuf:"bytes,12,rep,name=xattr" json:"xattr,omitempty"`
-	// Ads stores one or more alternate data streams for the target resource.
-	Ads []*ADSEntry `protobuf:"bytes,13,rep,name=ads" json:"ads,omitempty"`
-}
-
-func (m *Resource) Reset()                    { *m = Resource{} }
-func (m *Resource) String() string            { return proto1.CompactTextString(m) }
-func (*Resource) ProtoMessage()               {}
-func (*Resource) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
-
-func (m *Resource) GetXattr() []*XAttr {
-	if m != nil {
-		return m.Xattr
-	}
-	return nil
-}
-
-func (m *Resource) GetAds() []*ADSEntry {
-	if m != nil {
-		return m.Ads
-	}
-	return nil
-}
-
-// XAttr encodes extended attributes for a resource.
-type XAttr struct {
-	// Name specifies the attribute name.
-	Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	// Data specifies the associated data for the attribute.
-	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
-}
-
-func (m *XAttr) Reset()                    { *m = XAttr{} }
-func (m *XAttr) String() string            { return proto1.CompactTextString(m) }
-func (*XAttr) ProtoMessage()               {}
-func (*XAttr) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
-
-// ADSEntry encodes information for a Windows Alternate Data Stream.
-type ADSEntry struct {
-	// Name specifices the stream name.
-	Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	// Data specifies the stream data.
-	// See also the description about the digest below.
-	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
-	// Digest is a CAS representation of the stream data.
-	//
-	// At least one of data or digest MUST be specified, and either one of them
-	// SHOULD be specified.
-	//
-	// How to access the actual data using the digest is implementation-specific,
-	// and implementations can choose not to implement digest.
-	// So, digest SHOULD be used only when the stream data is large.
-	Digest string `protobuf:"bytes,3,opt,name=digest" json:"digest,omitempty"`
-}
-
-func (m *ADSEntry) Reset()                    { *m = ADSEntry{} }
-func (m *ADSEntry) String() string            { return proto1.CompactTextString(m) }
-func (*ADSEntry) ProtoMessage()               {}
-func (*ADSEntry) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
-
-func init() {
-	proto1.RegisterType((*Manifest)(nil), "proto.Manifest")
-	proto1.RegisterType((*Resource)(nil), "proto.Resource")
-	proto1.RegisterType((*XAttr)(nil), "proto.XAttr")
-	proto1.RegisterType((*ADSEntry)(nil), "proto.ADSEntry")
-}
-
-func init() { proto1.RegisterFile("manifest.proto", fileDescriptor0) }
-
-var fileDescriptor0 = []byte{
-	// 317 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x90, 0x4f, 0x4b, 0xf3, 0x40,
-	0x10, 0xc6, 0x49, 0x93, 0xf4, 0x4d, 0xa7, 0xed, 0xab, 0x2c, 0x52, 0xe6, 0x18, 0x73, 0x0a, 0x08,
-	0x15, 0xf4, 0xe0, 0xb9, 0xa2, 0x17, 0xc1, 0xcb, 0x7a, 0xf1, 0xba, 0xba, 0x6b, 0x5c, 0x21, 0xd9,
-	0xb0, 0xd9, 0x80, 0xfa, 0xe5, 0xfc, 0x6a, 0x32, 0xb3, 0x69, 0xd1, 0x9b, 0xa7, 0x3c, 0xcf, 0x6f,
-	0xfe, 0x64, 0xf6, 0x81, 0xff, 0xad, 0xea, 0xec, 0x8b, 0x19, 0xc2, 0xb6, 0xf7, 0x2e, 0x38, 0x91,
-	0xf3, 0xa7, 0xba, 0x82, 0xe2, 0x7e, 0x2a, 0x88, 0x33, 0x28, 0xbc, 0x19, 0xdc, 0xe8, 0x9f, 0x0d,
-	0x26, 0x65, 0x5a, 0x2f, 0x2f, 0x8e, 0x62, 0xf3, 0x56, 0x4e, 0x58, 0x1e, 0x1a, 0xaa, 0xaf, 0x19,
-	0x14, 0x7b, 0x2c, 0x04, 0x64, 0xbd, 0x0a, 0xaf, 0x3c, 0xb5, 0x90, 0xac, 0xc5, 0x31, 0xa4, 0xa3,
-	0xd5, 0x38, 0x2b, 0x93, 0x3a, 0x95, 0x24, 0x89, 0x34, 0x56, 0x63, 0x1a, 0x49, 0x63, 0xb5, 0xd8,
-	0x40, 0x36, 0x0e, 0xc6, 0x63, 0x56, 0x26, 0xf5, 0xe2, 0x7a, 0x86, 0x89, 0x64, 0x2f, 0x10, 0xf2,
-	0xc6, 0xbb, 0xb1, 0xc7, 0xfc, 0x50, 0x88, 0x80, 0xfe, 0xd4, 0x3a, 0x6d, 0x70, 0x5e, 0x26, 0xf5,
-	0x5a, 0xb2, 0x26, 0x36, 0xd8, 0x4f, 0x83, 0xff, 0xca, 0xa4, 0xce, 0x24, 0x6b, 0xb1, 0x81, 0xb9,
-	0xb6, 0x8d, 0x19, 0x02, 0x16, 0x7c, 0xd3, 0xe4, 0x88, 0x07, 0xe5, 0x1b, 0x13, 0x70, 0x41, 0xab,
-	0xe5, 0xe4, 0xc4, 0x09, 0xe4, 0xad, 0x7a, 0x73, 0x1e, 0x81, 0x97, 0x44, 0xc3, 0xd4, 0x76, 0xce,
-	0xe3, 0x72, 0xa2, 0x64, 0x44, 0x05, 0xf9, 0xbb, 0x0a, 0xc1, 0xe3, 0x8a, 0x43, 0x5a, 0x4d, 0x21,
-	0x3d, 0xee, 0x42, 0xf0, 0x32, 0x96, 0xc4, 0x29, 0xa4, 0x4a, 0x0f, 0xb8, 0xfe, 0x15, 0xe3, 0xee,
-	0xe6, 0xe1, 0xb6, 0x0b, 0xfe, 0x43, 0x52, 0xad, 0x3a, 0x87, 0x9c, 0x47, 0xe8, 0xfe, 0x4e, 0xb5,
-	0x94, 0x39, 0x5d, 0xc4, 0x9a, 0x98, 0x56, 0x41, 0x71, 0x7c, 0x2b, 0xc9, 0xba, 0xba, 0x83, 0x62,
-	0xbf, 0xe1, 0xaf, 0x33, 0x3f, 0x72, 0x48, 0xe3, 0x7b, 0xa3, 0x7b, 0x9a, 0xf3, 0x45, 0x97, 0xdf,
-	0x01, 0x00, 0x00, 0xff, 0xff, 0xef, 0x27, 0x99, 0xf7, 0x17, 0x02, 0x00, 0x00,
-}
diff --git a/vendor/github.com/containerd/continuity/proto/manifest.proto b/vendor/github.com/containerd/continuity/proto/manifest.proto
deleted file mode 100644
index 66ef80f054ed7..0000000000000
--- a/vendor/github.com/containerd/continuity/proto/manifest.proto
+++ /dev/null
@@ -1,97 +0,0 @@
-syntax = "proto3";
-
-package proto;
-
-// Manifest specifies the entries in a container bundle, keyed and sorted by
-// path.
-message Manifest {
-    repeated Resource resource = 1;
-}
-
-message Resource {
-    // Path specifies the path from the bundle root. If more than one
-    // path is present, the entry may represent a hardlink, rather than using
-    // a link target. The path format is operating system specific.
-    repeated string path = 1;
-
-    // NOTE(stevvooe): Need to define clear precedence for user/group/uid/gid precedence.
-
-    // Uid specifies the user id for the resource.
-    int64 uid = 2;
-
-    // Gid specifies the group id for the resource.
-    int64 gid = 3;
-
-    // user and group are not currently used but their field numbers have been
-    // reserved for future use. As such, they are marked as deprecated.
-    string user = 4 [deprecated=true]; // "deprecated" stands for "reserved" here
-    string group = 5 [deprecated=true]; // "deprecated" stands for "reserved" here
-
-    // Mode defines the file mode and permissions. We've used the same
-    // bit-packing from Go's os package,
-    // http://golang.org/pkg/os/#FileMode, since they've done the work of
-    // creating a cross-platform layout.
-    uint32 mode = 6;
-
-    // NOTE(stevvooe): Beyond here, we start defining type specific fields.
-
-    // Size specifies the size in bytes of the resource. This is only valid
-    // for regular files.
-    uint64 size = 7;
-
-    // Digest specifies the content digest of the target file. Only valid for
-    // regular files. The strings are formatted in OCI style, i.e. <alg>:<encoded>.
-    // For detailed information about the format, please refer to OCI Image Spec:
-    // https://github.com/opencontainers/image-spec/blob/master/descriptor.md#digests-and-verification
-    // The digests are sorted in lexical order and implementations may choose
-    // which algorithms they prefer.
-    repeated string digest = 8;
-
-    // Target defines the target of a hard or soft link. Absolute links start
-    // with a slash and specify the resource relative to the bundle root.
-    // Relative links do not start with a slash and are relative to the
-    // resource path.
-    string target = 9;
-
-    // Major specifies the major device number for character and block devices.
-    uint64 major = 10;
-
-    // Minor specifies the minor device number for character and block devices.
-    uint64 minor = 11;
-
-    // Xattr provides storage for extended attributes for the target resource.
-    repeated XAttr xattr = 12;
-
-    // Ads stores one or more alternate data streams for the target resource.
-    repeated ADSEntry ads = 13;
-
-}
-
-// XAttr encodes extended attributes for a resource.
-message XAttr {
-    // Name specifies the attribute name.
-    string name = 1;
-
-    // Data specifies the associated data for the attribute.
-    bytes data = 2;
-}
-
-// ADSEntry encodes information for a Windows Alternate Data Stream.
-message ADSEntry {
-    // Name specifices the stream name.
-    string name = 1;
-
-    // Data specifies the stream data.
-    // See also the description about the digest below.
-    bytes data = 2;
-
-    // Digest is a CAS representation of the stream data.
-    //
-    // At least one of data or digest MUST be specified, and either one of them
-    // SHOULD be specified.
-    //
-    // How to access the actual data using the digest is implementation-specific,
-    // and implementations can choose not to implement digest.
-    // So, digest SHOULD be used only when the stream data is large.
-    string digest = 3;
-}
diff --git a/vendor/github.com/containerd/continuity/resource.go b/vendor/github.com/containerd/continuity/resource.go
deleted file mode 100644
index d2f52bd31a6e5..0000000000000
--- a/vendor/github.com/containerd/continuity/resource.go
+++ /dev/null
@@ -1,590 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"reflect"
-	"sort"
-
-	pb "github.com/containerd/continuity/proto"
-	"github.com/opencontainers/go-digest"
-)
-
-// TODO(stevvooe): A record based model, somewhat sketched out at the bottom
-// of this file, will be more flexible. Another possibly is to tie the package
-// interface directly to the protobuf type. This will have efficiency
-// advantages at the cost coupling the nasty codegen types to the exported
-// interface.
-
-type Resource interface {
-	// Path provides the primary resource path relative to the bundle root. In
-	// cases where resources have more than one path, such as with hard links,
-	// this will return the primary path, which is often just the first entry.
-	Path() string
-
-	// Mode returns the
-	Mode() os.FileMode
-
-	UID() int64
-	GID() int64
-}
-
-// ByPath provides the canonical sort order for a set of resources. Use with
-// sort.Stable for deterministic sorting.
-type ByPath []Resource
-
-func (bp ByPath) Len() int           { return len(bp) }
-func (bp ByPath) Swap(i, j int)      { bp[i], bp[j] = bp[j], bp[i] }
-func (bp ByPath) Less(i, j int) bool { return bp[i].Path() < bp[j].Path() }
-
-type XAttrer interface {
-	XAttrs() map[string][]byte
-}
-
-// Hardlinkable is an interface that a resource type satisfies if it can be a
-// hardlink target.
-type Hardlinkable interface {
-	// Paths returns all paths of the resource, including the primary path
-	// returned by Resource.Path. If len(Paths()) > 1, the resource is a hard
-	// link.
-	Paths() []string
-}
-
-type RegularFile interface {
-	Resource
-	XAttrer
-	Hardlinkable
-
-	Size() int64
-	Digests() []digest.Digest
-}
-
-// Merge two or more Resources into new file. Typically, this should be
-// used to merge regular files as hardlinks. If the files are not identical,
-// other than Paths and Digests, the merge will fail and an error will be
-// returned.
-func Merge(fs ...Resource) (Resource, error) {
-	if len(fs) < 1 {
-		return nil, fmt.Errorf("please provide a resource to merge")
-	}
-
-	if len(fs) == 1 {
-		return fs[0], nil
-	}
-
-	var paths []string
-	var digests []digest.Digest
-	bypath := map[string][]Resource{}
-
-	// The attributes are all compared against the first to make sure they
-	// agree before adding to the above collections. If any of these don't
-	// correctly validate, the merge fails.
-	prototype := fs[0]
-	xattrs := make(map[string][]byte)
-
-	// initialize xattrs for use below. All files must have same xattrs.
-	if prototypeXAttrer, ok := prototype.(XAttrer); ok {
-		for attr, value := range prototypeXAttrer.XAttrs() {
-			xattrs[attr] = value
-		}
-	}
-
-	for _, f := range fs {
-		h, isHardlinkable := f.(Hardlinkable)
-		if !isHardlinkable {
-			return nil, errNotAHardLink
-		}
-
-		if f.Mode() != prototype.Mode() {
-			return nil, fmt.Errorf("modes do not match: %v != %v", f.Mode(), prototype.Mode())
-		}
-
-		if f.UID() != prototype.UID() {
-			return nil, fmt.Errorf("uid does not match: %v != %v", f.UID(), prototype.UID())
-		}
-
-		if f.GID() != prototype.GID() {
-			return nil, fmt.Errorf("gid does not match: %v != %v", f.GID(), prototype.GID())
-		}
-
-		if xattrer, ok := f.(XAttrer); ok {
-			fxattrs := xattrer.XAttrs()
-			if !reflect.DeepEqual(fxattrs, xattrs) {
-				return nil, fmt.Errorf("resource %q xattrs do not match: %v != %v", f, fxattrs, xattrs)
-			}
-		}
-
-		for _, p := range h.Paths() {
-			pfs, ok := bypath[p]
-			if !ok {
-				// ensure paths are unique by only appending on a new path.
-				paths = append(paths, p)
-			}
-
-			bypath[p] = append(pfs, f)
-		}
-
-		if regFile, isRegFile := f.(RegularFile); isRegFile {
-			prototypeRegFile, prototypeIsRegFile := prototype.(RegularFile)
-			if !prototypeIsRegFile {
-				return nil, errors.New("prototype is not a regular file")
-			}
-
-			if regFile.Size() != prototypeRegFile.Size() {
-				return nil, fmt.Errorf("size does not match: %v != %v", regFile.Size(), prototypeRegFile.Size())
-			}
-
-			digests = append(digests, regFile.Digests()...)
-		} else if device, isDevice := f.(Device); isDevice {
-			prototypeDevice, prototypeIsDevice := prototype.(Device)
-			if !prototypeIsDevice {
-				return nil, errors.New("prototype is not a device")
-			}
-
-			if device.Major() != prototypeDevice.Major() {
-				return nil, fmt.Errorf("major number does not match: %v != %v", device.Major(), prototypeDevice.Major())
-			}
-			if device.Minor() != prototypeDevice.Minor() {
-				return nil, fmt.Errorf("minor number does not match: %v != %v", device.Minor(), prototypeDevice.Minor())
-			}
-		} else if _, isNamedPipe := f.(NamedPipe); isNamedPipe {
-			_, prototypeIsNamedPipe := prototype.(NamedPipe)
-			if !prototypeIsNamedPipe {
-				return nil, errors.New("prototype is not a named pipe")
-			}
-		} else {
-			return nil, errNotAHardLink
-		}
-	}
-
-	sort.Stable(sort.StringSlice(paths))
-
-	// Choose a "canonical" file. Really, it is just the first file to sort
-	// against. We also effectively select the very first digest as the
-	// "canonical" one for this file.
-	first := bypath[paths[0]][0]
-
-	resource := resource{
-		paths:  paths,
-		mode:   first.Mode(),
-		uid:    first.UID(),
-		gid:    first.GID(),
-		xattrs: xattrs,
-	}
-
-	switch typedF := first.(type) {
-	case RegularFile:
-		var err error
-		digests, err = uniqifyDigests(digests...)
-		if err != nil {
-			return nil, err
-		}
-
-		return &regularFile{
-			resource: resource,
-			size:     typedF.Size(),
-			digests:  digests,
-		}, nil
-	case Device:
-		return &device{
-			resource: resource,
-			major:    typedF.Major(),
-			minor:    typedF.Minor(),
-		}, nil
-
-	case NamedPipe:
-		return &namedPipe{
-			resource: resource,
-		}, nil
-
-	default:
-		return nil, errNotAHardLink
-	}
-}
-
-type Directory interface {
-	Resource
-	XAttrer
-
-	// Directory is a no-op method to identify directory objects by interface.
-	Directory()
-}
-
-type SymLink interface {
-	Resource
-
-	// Target returns the target of the symlink contained in the .
-	Target() string
-}
-
-type NamedPipe interface {
-	Resource
-	Hardlinkable
-	XAttrer
-
-	// Pipe is a no-op method to allow consistent resolution of NamedPipe
-	// interface.
-	Pipe()
-}
-
-type Device interface {
-	Resource
-	Hardlinkable
-	XAttrer
-
-	Major() uint64
-	Minor() uint64
-}
-
-type resource struct {
-	paths    []string
-	mode     os.FileMode
-	uid, gid int64
-	xattrs   map[string][]byte
-}
-
-var _ Resource = &resource{}
-
-func (r *resource) Path() string {
-	if len(r.paths) < 1 {
-		return ""
-	}
-
-	return r.paths[0]
-}
-
-func (r *resource) Mode() os.FileMode {
-	return r.mode
-}
-
-func (r *resource) UID() int64 {
-	return r.uid
-}
-
-func (r *resource) GID() int64 {
-	return r.gid
-}
-
-type regularFile struct {
-	resource
-	size    int64
-	digests []digest.Digest
-}
-
-var _ RegularFile = &regularFile{}
-
-// newRegularFile returns the RegularFile, using the populated base resource
-// and one or more digests of the content.
-func newRegularFile(base resource, paths []string, size int64, dgsts ...digest.Digest) (RegularFile, error) {
-	if !base.Mode().IsRegular() {
-		return nil, fmt.Errorf("not a regular file")
-	}
-
-	base.paths = make([]string, len(paths))
-	copy(base.paths, paths)
-
-	// make our own copy of digests
-	ds := make([]digest.Digest, len(dgsts))
-	copy(ds, dgsts)
-
-	return &regularFile{
-		resource: base,
-		size:     size,
-		digests:  ds,
-	}, nil
-}
-
-func (rf *regularFile) Paths() []string {
-	paths := make([]string, len(rf.paths))
-	copy(paths, rf.paths)
-	return paths
-}
-
-func (rf *regularFile) Size() int64 {
-	return rf.size
-}
-
-func (rf *regularFile) Digests() []digest.Digest {
-	digests := make([]digest.Digest, len(rf.digests))
-	copy(digests, rf.digests)
-	return digests
-}
-
-func (rf *regularFile) XAttrs() map[string][]byte {
-	xattrs := make(map[string][]byte, len(rf.xattrs))
-
-	for attr, value := range rf.xattrs {
-		xattrs[attr] = append(xattrs[attr], value...)
-	}
-
-	return xattrs
-}
-
-type directory struct {
-	resource
-}
-
-var _ Directory = &directory{}
-
-func newDirectory(base resource) (Directory, error) {
-	if !base.Mode().IsDir() {
-		return nil, fmt.Errorf("not a directory")
-	}
-
-	return &directory{
-		resource: base,
-	}, nil
-}
-
-func (d *directory) Directory() {}
-
-func (d *directory) XAttrs() map[string][]byte {
-	xattrs := make(map[string][]byte, len(d.xattrs))
-
-	for attr, value := range d.xattrs {
-		xattrs[attr] = append(xattrs[attr], value...)
-	}
-
-	return xattrs
-}
-
-type symLink struct {
-	resource
-	target string
-}
-
-var _ SymLink = &symLink{}
-
-func newSymLink(base resource, target string) (SymLink, error) {
-	if base.Mode()&os.ModeSymlink == 0 {
-		return nil, fmt.Errorf("not a symlink")
-	}
-
-	return &symLink{
-		resource: base,
-		target:   target,
-	}, nil
-}
-
-func (l *symLink) Target() string {
-	return l.target
-}
-
-type namedPipe struct {
-	resource
-}
-
-var _ NamedPipe = &namedPipe{}
-
-func newNamedPipe(base resource, paths []string) (NamedPipe, error) {
-	if base.Mode()&os.ModeNamedPipe == 0 {
-		return nil, fmt.Errorf("not a namedpipe")
-	}
-
-	base.paths = make([]string, len(paths))
-	copy(base.paths, paths)
-
-	return &namedPipe{
-		resource: base,
-	}, nil
-}
-
-func (np *namedPipe) Pipe() {}
-
-func (np *namedPipe) Paths() []string {
-	paths := make([]string, len(np.paths))
-	copy(paths, np.paths)
-	return paths
-}
-
-func (np *namedPipe) XAttrs() map[string][]byte {
-	xattrs := make(map[string][]byte, len(np.xattrs))
-
-	for attr, value := range np.xattrs {
-		xattrs[attr] = append(xattrs[attr], value...)
-	}
-
-	return xattrs
-}
-
-type device struct {
-	resource
-	major, minor uint64
-}
-
-var _ Device = &device{}
-
-func newDevice(base resource, paths []string, major, minor uint64) (Device, error) {
-	if base.Mode()&os.ModeDevice == 0 {
-		return nil, fmt.Errorf("not a device")
-	}
-
-	base.paths = make([]string, len(paths))
-	copy(base.paths, paths)
-
-	return &device{
-		resource: base,
-		major:    major,
-		minor:    minor,
-	}, nil
-}
-
-func (d *device) Paths() []string {
-	paths := make([]string, len(d.paths))
-	copy(paths, d.paths)
-	return paths
-}
-
-func (d *device) XAttrs() map[string][]byte {
-	xattrs := make(map[string][]byte, len(d.xattrs))
-
-	for attr, value := range d.xattrs {
-		xattrs[attr] = append(xattrs[attr], value...)
-	}
-
-	return xattrs
-}
-
-func (d device) Major() uint64 {
-	return d.major
-}
-
-func (d device) Minor() uint64 {
-	return d.minor
-}
-
-// toProto converts a resource to a protobuf record. We'd like to push this
-// the individual types but we want to keep this all together during
-// prototyping.
-func toProto(resource Resource) *pb.Resource {
-	b := &pb.Resource{
-		Path: []string{resource.Path()},
-		Mode: uint32(resource.Mode()),
-		Uid:  resource.UID(),
-		Gid:  resource.GID(),
-	}
-
-	if xattrer, ok := resource.(XAttrer); ok {
-		// Sorts the XAttrs by name for consistent ordering.
-		keys := []string{}
-		xattrs := xattrer.XAttrs()
-		for k := range xattrs {
-			keys = append(keys, k)
-		}
-		sort.Strings(keys)
-
-		for _, k := range keys {
-			b.Xattr = append(b.Xattr, &pb.XAttr{Name: k, Data: xattrs[k]})
-		}
-	}
-
-	switch r := resource.(type) {
-	case RegularFile:
-		b.Path = r.Paths()
-		b.Size = uint64(r.Size())
-
-		for _, dgst := range r.Digests() {
-			b.Digest = append(b.Digest, dgst.String())
-		}
-	case SymLink:
-		b.Target = r.Target()
-	case Device:
-		b.Major, b.Minor = r.Major(), r.Minor()
-		b.Path = r.Paths()
-	case NamedPipe:
-		b.Path = r.Paths()
-	}
-
-	// enforce a few stability guarantees that may not be provided by the
-	// resource implementation.
-	sort.Strings(b.Path)
-
-	return b
-}
-
-// fromProto converts from a protobuf Resource to a Resource interface.
-func fromProto(b *pb.Resource) (Resource, error) {
-	base := &resource{
-		paths: b.Path,
-		mode:  os.FileMode(b.Mode),
-		uid:   b.Uid,
-		gid:   b.Gid,
-	}
-
-	base.xattrs = make(map[string][]byte, len(b.Xattr))
-
-	for _, attr := range b.Xattr {
-		base.xattrs[attr.Name] = attr.Data
-	}
-
-	switch {
-	case base.Mode().IsRegular():
-		dgsts := make([]digest.Digest, len(b.Digest))
-		for i, dgst := range b.Digest {
-			// TODO(stevvooe): Should we be validating at this point?
-			dgsts[i] = digest.Digest(dgst)
-		}
-
-		return newRegularFile(*base, b.Path, int64(b.Size), dgsts...)
-	case base.Mode().IsDir():
-		return newDirectory(*base)
-	case base.Mode()&os.ModeSymlink != 0:
-		return newSymLink(*base, b.Target)
-	case base.Mode()&os.ModeNamedPipe != 0:
-		return newNamedPipe(*base, b.Path)
-	case base.Mode()&os.ModeDevice != 0:
-		return newDevice(*base, b.Path, b.Major, b.Minor)
-	}
-
-	return nil, fmt.Errorf("unknown resource record (%#v): %s", b, base.Mode())
-}
-
-// NOTE(stevvooe): An alternative model that supports inline declaration.
-// Convenient for unit testing where inline declarations may be desirable but
-// creates an awkward API for the standard use case.
-
-// type ResourceKind int
-
-// const (
-// 	ResourceRegularFile = iota + 1
-// 	ResourceDirectory
-// 	ResourceSymLink
-// 	Resource
-// )
-
-// type Resource struct {
-// 	Kind         ResourceKind
-// 	Paths        []string
-// 	Mode         os.FileMode
-// 	UID          string
-// 	GID          string
-// 	Size         int64
-// 	Digests      []digest.Digest
-// 	Target       string
-// 	Major, Minor int
-// 	XAttrs       map[string][]byte
-// }
-
-// type RegularFile struct {
-// 	Paths   []string
-//  Size 	int64
-// 	Digests []digest.Digest
-// 	Perm    os.FileMode // os.ModePerm + sticky, setuid, setgid
-// }
diff --git a/vendor/github.com/containerd/continuity/resource_unix.go b/vendor/github.com/containerd/continuity/resource_unix.go
deleted file mode 100644
index 0e103ccc5c7a0..0000000000000
--- a/vendor/github.com/containerd/continuity/resource_unix.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// +build linux darwin freebsd solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-)
-
-// newBaseResource returns a *resource, populated with data from p and fi,
-// where p will be populated directly.
-func newBaseResource(p string, fi os.FileInfo) (*resource, error) {
-	// TODO(stevvooe): This need to be resolved for the container's root,
-	// where here we are really getting the host OS's value. We need to allow
-	// this be passed in and fixed up to make these uid/gid mappings portable.
-	// Either this can be part of the driver or we can achieve it through some
-	// other mechanism.
-	sys, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		// TODO(stevvooe): This may not be a hard error for all platforms. We
-		// may want to move this to the driver.
-		return nil, fmt.Errorf("unable to resolve syscall.Stat_t from (os.FileInfo).Sys(): %#v", fi)
-	}
-
-	return &resource{
-		paths: []string{p},
-		mode:  fi.Mode(),
-
-		uid: int64(sys.Uid),
-		gid: int64(sys.Gid),
-
-		// NOTE(stevvooe): Population of shared xattrs field is deferred to
-		// the resource types that populate it. Since they are a property of
-		// the context, they must set there.
-	}, nil
-}
diff --git a/vendor/github.com/containerd/continuity/resource_windows.go b/vendor/github.com/containerd/continuity/resource_windows.go
deleted file mode 100644
index f9801801cfc9b..0000000000000
--- a/vendor/github.com/containerd/continuity/resource_windows.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package continuity
-
-import "os"
-
-// newBaseResource returns a *resource, populated with data from p and fi,
-// where p will be populated directly.
-func newBaseResource(p string, fi os.FileInfo) (*resource, error) {
-	return &resource{
-		paths: []string{p},
-		mode:  fi.Mode(),
-	}, nil
-}
diff --git a/vendor/github.com/containerd/continuity/syscallx/syscall_unix.go b/vendor/github.com/containerd/continuity/syscallx/syscall_unix.go
deleted file mode 100644
index 0bfa6a0409d0e..0000000000000
--- a/vendor/github.com/containerd/continuity/syscallx/syscall_unix.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package syscallx
-
-import "syscall"
-
-// Readlink returns the destination of the named symbolic link.
-func Readlink(path string, buf []byte) (n int, err error) {
-	return syscall.Readlink(path, buf)
-}
diff --git a/vendor/github.com/containerd/continuity/syscallx/syscall_windows.go b/vendor/github.com/containerd/continuity/syscallx/syscall_windows.go
deleted file mode 100644
index 2ba8149905197..0000000000000
--- a/vendor/github.com/containerd/continuity/syscallx/syscall_windows.go
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package syscallx
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-type reparseDataBuffer struct {
-	ReparseTag        uint32
-	ReparseDataLength uint16
-	Reserved          uint16
-
-	// GenericReparseBuffer
-	reparseBuffer byte
-}
-
-type mountPointReparseBuffer struct {
-	SubstituteNameOffset uint16
-	SubstituteNameLength uint16
-	PrintNameOffset      uint16
-	PrintNameLength      uint16
-	PathBuffer           [1]uint16
-}
-
-type symbolicLinkReparseBuffer struct {
-	SubstituteNameOffset uint16
-	SubstituteNameLength uint16
-	PrintNameOffset      uint16
-	PrintNameLength      uint16
-	Flags                uint32
-	PathBuffer           [1]uint16
-}
-
-const (
-	_IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003
-	_SYMLINK_FLAG_RELATIVE      = 1
-)
-
-// Readlink returns the destination of the named symbolic link.
-func Readlink(path string, buf []byte) (n int, err error) {
-	fd, err := syscall.CreateFile(syscall.StringToUTF16Ptr(path), syscall.GENERIC_READ, 0, nil, syscall.OPEN_EXISTING,
-		syscall.FILE_FLAG_OPEN_REPARSE_POINT|syscall.FILE_FLAG_BACKUP_SEMANTICS, 0)
-	if err != nil {
-		return -1, err
-	}
-	defer syscall.CloseHandle(fd)
-
-	rdbbuf := make([]byte, syscall.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)
-	var bytesReturned uint32
-	err = syscall.DeviceIoControl(fd, syscall.FSCTL_GET_REPARSE_POINT, nil, 0, &rdbbuf[0], uint32(len(rdbbuf)), &bytesReturned, nil)
-	if err != nil {
-		return -1, err
-	}
-
-	rdb := (*reparseDataBuffer)(unsafe.Pointer(&rdbbuf[0]))
-	var s string
-	switch rdb.ReparseTag {
-	case syscall.IO_REPARSE_TAG_SYMLINK:
-		data := (*symbolicLinkReparseBuffer)(unsafe.Pointer(&rdb.reparseBuffer))
-		p := (*[0xffff]uint16)(unsafe.Pointer(&data.PathBuffer[0]))
-		s = syscall.UTF16ToString(p[data.SubstituteNameOffset/2 : (data.SubstituteNameOffset+data.SubstituteNameLength)/2])
-		if data.Flags&_SYMLINK_FLAG_RELATIVE == 0 {
-			if len(s) >= 4 && s[:4] == `\??\` {
-				s = s[4:]
-				switch {
-				case len(s) >= 2 && s[1] == ':': // \??\C:\foo\bar
-					// do nothing
-				case len(s) >= 4 && s[:4] == `UNC\`: // \??\UNC\foo\bar
-					s = `\\` + s[4:]
-				default:
-					// unexpected; do nothing
-				}
-			} else {
-				// unexpected; do nothing
-			}
-		}
-	case _IO_REPARSE_TAG_MOUNT_POINT:
-		data := (*mountPointReparseBuffer)(unsafe.Pointer(&rdb.reparseBuffer))
-		p := (*[0xffff]uint16)(unsafe.Pointer(&data.PathBuffer[0]))
-		s = syscall.UTF16ToString(p[data.SubstituteNameOffset/2 : (data.SubstituteNameOffset+data.SubstituteNameLength)/2])
-		if len(s) >= 4 && s[:4] == `\??\` { // \??\C:\foo\bar
-			if len(s) < 48 || s[:11] != `\??\Volume{` {
-				s = s[4:]
-			}
-		} else {
-			// unexpected; do nothing
-		}
-	default:
-		// the path is not a symlink or junction but another type of reparse
-		// point
-		return -1, syscall.ENOENT
-	}
-	n = copy(buf, []byte(s))
-
-	return n, nil
-}
diff --git a/vendor/github.com/containerd/continuity/sysx/file_posix.go b/vendor/github.com/containerd/continuity/sysx/file_posix.go
deleted file mode 100644
index e28f3a1b574c4..0000000000000
--- a/vendor/github.com/containerd/continuity/sysx/file_posix.go
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package sysx
-
-import (
-	"os"
-	"path/filepath"
-
-	"github.com/containerd/continuity/syscallx"
-)
-
-// Readlink returns the destination of the named symbolic link.
-// If there is an error, it will be of type *PathError.
-func Readlink(name string) (string, error) {
-	for len := 128; ; len *= 2 {
-		b := make([]byte, len)
-		n, e := fixCount(syscallx.Readlink(fixLongPath(name), b))
-		if e != nil {
-			return "", &os.PathError{Op: "readlink", Path: name, Err: e}
-		}
-		if n < len {
-			return string(b[0:n]), nil
-		}
-	}
-}
-
-// Many functions in package syscall return a count of -1 instead of 0.
-// Using fixCount(call()) instead of call() corrects the count.
-func fixCount(n int, err error) (int, error) {
-	if n < 0 {
-		n = 0
-	}
-	return n, err
-}
-
-// fixLongPath returns the extended-length (\\?\-prefixed) form of
-// path when needed, in order to avoid the default 260 character file
-// path limit imposed by Windows. If path is not easily converted to
-// the extended-length form (for example, if path is a relative path
-// or contains .. elements), or is short enough, fixLongPath returns
-// path unmodified.
-//
-// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath
-func fixLongPath(path string) string {
-	// Do nothing (and don't allocate) if the path is "short".
-	// Empirically (at least on the Windows Server 2013 builder),
-	// the kernel is arbitrarily okay with < 248 bytes. That
-	// matches what the docs above say:
-	// "When using an API to create a directory, the specified
-	// path cannot be so long that you cannot append an 8.3 file
-	// name (that is, the directory name cannot exceed MAX_PATH
-	// minus 12)." Since MAX_PATH is 260, 260 - 12 = 248.
-	//
-	// The MSDN docs appear to say that a normal path that is 248 bytes long
-	// will work; empirically the path must be less then 248 bytes long.
-	if len(path) < 248 {
-		// Don't fix. (This is how Go 1.7 and earlier worked,
-		// not automatically generating the \\?\ form)
-		return path
-	}
-
-	// The extended form begins with \\?\, as in
-	// \\?\c:\windows\foo.txt or \\?\UNC\server\share\foo.txt.
-	// The extended form disables evaluation of . and .. path
-	// elements and disables the interpretation of / as equivalent
-	// to \. The conversion here rewrites / to \ and elides
-	// . elements as well as trailing or duplicate separators. For
-	// simplicity it avoids the conversion entirely for relative
-	// paths or paths containing .. elements. For now,
-	// \\server\share paths are not converted to
-	// \\?\UNC\server\share paths because the rules for doing so
-	// are less well-specified.
-	if len(path) >= 2 && path[:2] == `\\` {
-		// Don't canonicalize UNC paths.
-		return path
-	}
-	if !filepath.IsAbs(path) {
-		// Relative path
-		return path
-	}
-
-	const prefix = `\\?`
-
-	pathbuf := make([]byte, len(prefix)+len(path)+len(`\`))
-	copy(pathbuf, prefix)
-	n := len(path)
-	r, w := 0, len(prefix)
-	for r < n {
-		switch {
-		case os.IsPathSeparator(path[r]):
-			// empty block
-			r++
-		case path[r] == '.' && (r+1 == n || os.IsPathSeparator(path[r+1])):
-			// /./
-			r++
-		case r+1 < n && path[r] == '.' && path[r+1] == '.' && (r+2 == n || os.IsPathSeparator(path[r+2])):
-			// /../ is currently unhandled
-			return path
-		default:
-			pathbuf[w] = '\\'
-			w++
-			for ; r < n && !os.IsPathSeparator(path[r]); r++ {
-				pathbuf[w] = path[r]
-				w++
-			}
-		}
-	}
-	// A drive's root directory needs a trailing \
-	if w == len(`\\?\c:`) {
-		pathbuf[w] = '\\'
-		w++
-	}
-	return string(pathbuf[:w])
-}
diff --git a/vendor/github.com/containerd/continuity/sysx/nodata_unix.go b/vendor/github.com/containerd/continuity/sysx/nodata_unix.go
index b26f5b3d03949..de4b3d50cedad 100644
--- a/vendor/github.com/containerd/continuity/sysx/nodata_unix.go
+++ b/vendor/github.com/containerd/continuity/sysx/nodata_unix.go
@@ -1,4 +1,4 @@
-// +build darwin freebsd
+// +build darwin freebsd openbsd
 
 /*
    Copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/continuity/sysx/xattr.go b/vendor/github.com/containerd/continuity/sysx/xattr.go
index 9e4326dcfe3fd..db6fe70fe927c 100644
--- a/vendor/github.com/containerd/continuity/sysx/xattr.go
+++ b/vendor/github.com/containerd/continuity/sysx/xattr.go
@@ -20,7 +20,6 @@ package sysx
 
 import (
 	"bytes"
-	"syscall"
 
 	"golang.org/x/sys/unix"
 )
@@ -66,60 +65,53 @@ func LGetxattr(path, attr string) ([]byte, error) {
 	return getxattrAll(path, attr, unix.Lgetxattr)
 }
 
-const defaultXattrBufferSize = 5
+const defaultXattrBufferSize = 128
 
 type listxattrFunc func(path string, dest []byte) (int, error)
 
 func listxattrAll(path string, listFunc listxattrFunc) ([]string, error) {
-	var p []byte // nil on first execution
-
-	for {
-		n, err := listFunc(path, p) // first call gets buffer size.
+	buf := make([]byte, defaultXattrBufferSize)
+	n, err := listFunc(path, buf)
+	for err == unix.ERANGE {
+		// Buffer too small, use zero-sized buffer to get the actual size
+		n, err = listFunc(path, []byte{})
 		if err != nil {
 			return nil, err
 		}
+		buf = make([]byte, n)
+		n, err = listFunc(path, buf)
+	}
+	if err != nil {
+		return nil, err
+	}
 
-		if n > len(p) {
-			p = make([]byte, n)
-			continue
-		}
-
-		p = p[:n]
-
-		ps := bytes.Split(bytes.TrimSuffix(p, []byte{0}), []byte{0})
-		var entries []string
-		for _, p := range ps {
-			s := string(p)
-			if s != "" {
-				entries = append(entries, s)
-			}
+	ps := bytes.Split(bytes.TrimSuffix(buf[:n], []byte{0}), []byte{0})
+	var entries []string
+	for _, p := range ps {
+		if len(p) > 0 {
+			entries = append(entries, string(p))
 		}
-
-		return entries, nil
 	}
+
+	return entries, nil
 }
 
 type getxattrFunc func(string, string, []byte) (int, error)
 
 func getxattrAll(path, attr string, getFunc getxattrFunc) ([]byte, error) {
-	p := make([]byte, defaultXattrBufferSize)
-	for {
-		n, err := getFunc(path, attr, p)
+	buf := make([]byte, defaultXattrBufferSize)
+	n, err := getFunc(path, attr, buf)
+	for err == unix.ERANGE {
+		// Buffer too small, use zero-sized buffer to get the actual size
+		n, err = getFunc(path, attr, []byte{})
 		if err != nil {
-			if errno, ok := err.(syscall.Errno); ok && errno == syscall.ERANGE {
-				p = make([]byte, len(p)*2) // this can't be ideal.
-				continue                   // try again!
-			}
-
 			return nil, err
 		}
-
-		// realloc to correct size and repeat
-		if n > len(p) {
-			p = make([]byte, n)
-			continue
-		}
-
-		return p[:n], nil
+		buf = make([]byte, n)
+		n, err = getFunc(path, attr, buf)
+	}
+	if err != nil {
+		return nil, err
 	}
+	return buf[:n], nil
 }
diff --git a/vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go b/vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go
index c9ef3a1d251f3..f8fa8c63fbae5 100644
--- a/vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go
+++ b/vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go
@@ -23,7 +23,7 @@ import (
 	"runtime"
 )
 
-var unsupported = errors.New("extended attributes unsupported on " + runtime.GOOS)
+var errUnsupported = errors.New("extended attributes unsupported on " + runtime.GOOS)
 
 // Listxattr calls syscall listxattr and reads all content
 // and returns a string array
@@ -33,17 +33,17 @@ func Listxattr(path string) ([]string, error) {
 
 // Removexattr calls syscall removexattr
 func Removexattr(path string, attr string) (err error) {
-	return unsupported
+	return errUnsupported
 }
 
 // Setxattr calls syscall setxattr
 func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	return unsupported
+	return errUnsupported
 }
 
 // Getxattr calls syscall getxattr
 func Getxattr(path, attr string) ([]byte, error) {
-	return []byte{}, unsupported
+	return []byte{}, errUnsupported
 }
 
 // LListxattr lists xattrs, not following symlinks
@@ -53,12 +53,12 @@ func LListxattr(path string) ([]string, error) {
 
 // LRemovexattr removes an xattr, not following symlinks
 func LRemovexattr(path string, attr string) (err error) {
-	return unsupported
+	return errUnsupported
 }
 
 // LSetxattr sets an xattr, not following symlinks
 func LSetxattr(path string, attr string, data []byte, flags int) (err error) {
-	return unsupported
+	return errUnsupported
 }
 
 // LGetxattr gets an xattr, not following symlinks
diff --git a/vendor/github.com/containerd/continuity/vendor.conf b/vendor/github.com/containerd/continuity/vendor.conf
deleted file mode 100644
index 5bd88d5fd76df..0000000000000
--- a/vendor/github.com/containerd/continuity/vendor.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-bazil.org/fuse 371fbbdaa8987b715bdd21d6adc4c9b20155f748
-github.com/dustin/go-humanize bb3d318650d48840a39aa21a027c6630e198e626
-github.com/golang/protobuf 1e59b77b52bf8e4b449a57e6f79f21226d571845
-github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
-github.com/opencontainers/go-digest 279bed98673dd5bef374d3b6e4b09e2af76183bf
-github.com/pkg/errors f15c970de5b76fac0b59abb32d62c17cc7bed265
-github.com/sirupsen/logrus 89742aefa4b206dcf400792f3bd35b542998eb3b
-github.com/spf13/cobra 2da4a54c5ceefcee7ca5dd0eea1e18a3b6366489
-github.com/spf13/pflag 4c012f6dcd9546820e378d0bdda4d8fc772cdfea
-golang.org/x/crypto 9f005a07e0d31d45e6656d241bb5c0f2efd4bc94
-golang.org/x/net a337091b0525af65de94df2eb7e98bd9962dcbe2
-golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
-golang.org/x/sys 77b0e4315053a57ed2962443614bdb28db152054
diff --git a/vendor/github.com/containerd/cri/LICENSE b/vendor/github.com/containerd/cri/LICENSE
deleted file mode 100644
index 8dada3edaf50d..0000000000000
--- a/vendor/github.com/containerd/cri/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md
deleted file mode 100644
index a97c2fe3da60c..0000000000000
--- a/vendor/github.com/containerd/cri/README.md
+++ /dev/null
@@ -1,176 +0,0 @@
-# cri
-<p align="center">
-<img src="https://kubernetes.io/images/favicon.png" width="50" height="50">
-<img src="https://containerd.io/img/containerd-dark.png" width="200" >
-</p>
-
-*Note: The standalone `cri-containerd` binary is end-of-life. `cri-containerd` is
-transitioning from a standalone binary that talks to containerd to a plugin within
-containerd. This github branch is for the `cri` plugin. See
-[standalone-cri-containerd branch](https://github.com/containerd/cri/tree/standalone-cri-containerd)
-for information about the standalone version of `cri-containerd`.*
-
-*Note: You need to [drain your node](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/) before upgrading from standalone `cri-containerd` to containerd with `cri` plugin.*
-
-[![Build Status](https://api.travis-ci.org/containerd/cri.svg?style=flat-square)](https://travis-ci.org/containerd/cri)
-[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/cri)](https://goreportcard.com/report/github.com/containerd/cri)
-
-`cri` is a [containerd](https://containerd.io/) plugin implementation of Kubernetes [container runtime interface (CRI)](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/apis/cri/runtime/v1alpha2/api.proto).
-
-With it, you could run Kubernetes using containerd as the container runtime.
-![cri](./docs/cri.png)
-## Current Status
-`cri` is a native plugin of containerd 1.1 and above. It is built into containerd and enabled by default.
-
-`cri` is in GA:
-* It is feature complete.
-* It (the GA version) works with Kubernetes 1.10 and above.
-* It has passed all [CRI validation tests](https://github.com/kubernetes/community/blob/master/contributors/devel/cri-validation.md).
-* It has passed all [node e2e tests](https://github.com/kubernetes/community/blob/master/contributors/devel/e2e-node-tests.md).
-* It has passed all [e2e tests](https://github.com/kubernetes/community/blob/master/contributors/devel/e2e-tests.md).
-
-See [test dashboard](https://k8s-testgrid.appspot.com/sig-node-containerd)
-## Support Metrics
-| CRI-Containerd Version | Containerd Version | Kubernetes Version | CRI Version |
-|:----------------------:|:------------------:|:------------------:|:-----------:|
-|     v1.0.0-alpha.x     |                    |      1.7, 1.8      |   v1alpha1  |
-|      v1.0.0-beta.x     |                    |        1.9         |   v1alpha1  |
-|       End-Of-Life      |        v1.1        |        1.10+       |   v1alpha2  |
-|                        |        HEAD        |        1.10+       |   v1alpha2  |
-
-## Production Quality Cluster on GCE
-For a production quality cluster on GCE brought up with `kube-up.sh` refer [here](docs/kube-up.md).
-## Installing with Ansible and Kubeadm
-For a multi node cluster installer and bring up steps using ansible and kubeadm refer [here](contrib/ansible/README.md).
-## Custom Installation
-For non ansible users, you can download the `cri-containerd` release tarball and deploy
-kubernetes cluster using kubeadm as described [here](docs/installation.md).
-## Getting Started for Developers
-### Binary Dependencies and Specifications
-The current release of the `cri` plugin has the following dependencies:
-* [containerd](https://github.com/containerd/containerd)
-* [runc](https://github.com/opencontainers/runc)
-* [CNI](https://github.com/containernetworking/cni)
-
-See [versions](./vendor.conf) of these dependencies `cri` is tested with.
-
-As containerd and runc move to their respective general availability releases,
-we will do our best to rebase/retest `cri` with these releases on a
-weekly/monthly basis. Similarly, given that `cri` uses the Open
-Container Initiative (OCI) [image](https://github.com/opencontainers/image-spec)
-and [runtime](https://github.com/opencontainers/runtime-spec) specifications, we
-will also do our best to update `cri` to the latest releases of these
-specifications as appropriate.
-### Install Dependencies
-1. Install development libraries:
-* **libseccomp development library.** Required by `cri` and runc seccomp support. `libseccomp-dev` (Ubuntu, Debian) / `libseccomp-devel`
-(Fedora, CentOS, RHEL). On releases of Ubuntu <=Trusty and Debian <=jessie a
-backport version of `libseccomp-dev` is required. See [travis.yml](.travis.yml) for an example on trusty.
-* **btrfs development library.** Required by containerd btrfs support. `btrfs-tools`(Ubuntu, Debian) / `btrfs-progs-devel`(Fedora, CentOS, RHEL)
-2. Install **`socat`** (required by portforward).
-2. Install and setup a go 1.10 development environment.
-3. Make a local clone of this repository.
-4. Install binary dependencies by running the following command from your cloned `cri/` project directory:
-```bash
-# Note: install.deps installs the above mentioned runc, containerd, and CNI
-# binary dependencies. install.deps is only provided for general use and ease of
-# testing. To customize `runc` and `containerd` build tags and/or to configure
-# `cni`, please follow instructions in their documents.
-make install.deps
-```
-### Build and Install `cri`
-To build and install a version of containerd with the `cri` plugin, enter the
-following commands from your `cri` project directory:
-```bash
-make
-sudo make install
-```
-*NOTE: The version of containerd built and installed from the `Makefile` is only for
-testing purposes. The version tag carries the suffix "-TEST".*
-#### Build Tags
-`cri` supports optional build tags for compiling support of various features.
-To add build tags to the make option the `BUILD_TAGS` variable must be set.
-
-```bash
-make BUILD_TAGS='seccomp apparmor'
-```
-
-| Build Tag | Feature                            | Dependency                      |
-|-----------|------------------------------------|---------------------------------|
-| seccomp   | syscall filtering                  | libseccomp development library  |
-| selinux   | selinux process and mount labeling | <none>                          |
-| apparmor  | apparmor profile support           | <none>                          |
-### Validate Your `cri` Setup
-A Kubernetes incubator project called [cri-tools](https://github.com/kubernetes-sigs/cri-tools)
-includes programs for exercising CRI implementations such as the `cri` plugin.
-More importantly, cri-tools includes the program `critest` which is used for running
-[CRI Validation Testing](https://github.com/kubernetes/community/blob/master/contributors/devel/cri-validation.md).
-
-Run the CRI Validation test to validate your installation of `containerd` with `cri` built in:
-```bash
-make test-cri
-```
-### Running a Kubernetes local cluster
-If you already have a working development environment for supported Kubernetes
-version, you can try `cri` in a local cluster:
-
-1. Start the version of `containerd` with `cri` plugin that you built and installed
-above as root in a first terminal:
-```bash
-sudo containerd
-```
-2. From the Kubernetes project directory startup a local cluster using `containerd`:
-```bash
-CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT='unix:///run/containerd/containerd.sock' ./hack/local-up-cluster.sh
-```
-### Test
-See [here](./docs/testing.md) for information about test.
-## Using crictl
-See [here](./docs/crictl.md) for information about using `crictl` to debug
-pods, containers, and images.
-## Configurations
-See [here](./docs/config.md) for information about how to configure cri plugins
-and [here](https://github.com/containerd/containerd/blob/master/docs/man/containerd-config.1.md)
-for information about how to configure containerd
-## Documentation
-See [here](./docs) for additional documentation.
-## Contributing
-Interested in contributing? Check out the [documentation](./CONTRIBUTING.md).
-
-## Communication
-This project was originally established in April of 2017 in the Kubernetes
-Incubator program. After reaching the Beta stage, In January of 2018, the
-project was merged into [containerd](https://github.com/containerd/containerd).
-
-For async communication and long running discussions please use issues and pull
-requests on this github repo. This will be the best place to discuss design and
-implementation.
-
-For sync communication we have a community slack with a #containerd channel that
-everyone is welcome to join and chat about development.
-
-**Slack:** https://dockr.ly/community
-
-## Other Communications
-As this project is tightly coupled to CRI and CRI-Tools and they are Kubernetes
-projects, some of our project communications take place in the Kubernetes' SIG:
-`sig-node.`
-
-For more information about `sig-node`, `CRI`, and the `CRI-Tools` projects:
-* [sig-node community site](https://github.com/kubernetes/community/tree/master/sig-node)
-* Slack: `#sig-node` channel in Kubernetes (kubernetes.slack.com)
-* Mailing List: https://groups.google.com/forum/#!forum/kubernetes-sig-node
-
-### Reporting Security Issues
-
-__If you are reporting a security issue, please reach out discreetly at security@containerd.io__.
-
-## Licenses
-The containerd codebase is released under the [Apache 2.0 license](https://github.com/containerd/containerd/blob/master/LICENSE.code).
-The README.md file, and files in the "docs" folder are licensed under the
-Creative Commons Attribution 4.0 International License under the terms and
-conditions set forth in the file "[LICENSE.docs](https://github.com/containerd/containerd/blob/master/LICENSE.docs)". You may obtain a duplicate
-copy of the same license, titled CC-BY-4.0, at http://creativecommons.org/licenses/by/4.0/.
-
-## Code of Conduct
-This project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
diff --git a/vendor/github.com/containerd/cri/pkg/util/deep_copy.go b/vendor/github.com/containerd/cri/pkg/util/deep_copy.go
deleted file mode 100644
index 5fdee984b5288..0000000000000
--- a/vendor/github.com/containerd/cri/pkg/util/deep_copy.go
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package util
-
-import (
-	"encoding/json"
-
-	"github.com/pkg/errors"
-)
-
-// DeepCopy makes a deep copy from src into dst.
-func DeepCopy(dst interface{}, src interface{}) error {
-	if dst == nil {
-		return errors.New("dst cannot be nil")
-	}
-	if src == nil {
-		return errors.New("src cannot be nil")
-	}
-	bytes, err := json.Marshal(src)
-	if err != nil {
-		return errors.Wrap(err, "unable to marshal src")
-	}
-	err = json.Unmarshal(bytes, dst)
-	if err != nil {
-		return errors.Wrap(err, "unable to unmarshal into dst")
-	}
-	return nil
-}
diff --git a/vendor/github.com/containerd/cri/pkg/util/id.go b/vendor/github.com/containerd/cri/pkg/util/id.go
deleted file mode 100644
index 11b0a70a65c28..0000000000000
--- a/vendor/github.com/containerd/cri/pkg/util/id.go
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package util
-
-import (
-	"encoding/hex"
-	"math/rand"
-)
-
-// GenerateID generates a random unique id.
-func GenerateID() string {
-	b := make([]byte, 32)
-	rand.Read(b)
-	return hex.EncodeToString(b)
-}
diff --git a/vendor/github.com/containerd/cri/pkg/util/image.go b/vendor/github.com/containerd/cri/pkg/util/image.go
deleted file mode 100644
index 0f471fc42243b..0000000000000
--- a/vendor/github.com/containerd/cri/pkg/util/image.go
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package util
-
-import (
-	"github.com/docker/distribution/reference"
-)
-
-// NormalizeImageRef normalizes the image reference following the docker convention. This is added
-// mainly for backward compatibility.
-// The reference returned can only be either tagged or digested. For reference contains both tag
-// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@
-// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as
-// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa.
-func NormalizeImageRef(ref string) (reference.Named, error) {
-	named, err := reference.ParseNormalizedNamed(ref)
-	if err != nil {
-		return nil, err
-	}
-	if _, ok := named.(reference.NamedTagged); ok {
-		if canonical, ok := named.(reference.Canonical); ok {
-			// The reference is both tagged and digested, only
-			// return digested.
-			newNamed, err := reference.WithName(canonical.Name())
-			if err != nil {
-				return nil, err
-			}
-			newCanonical, err := reference.WithDigest(newNamed, canonical.Digest())
-			if err != nil {
-				return nil, err
-			}
-			return newCanonical, nil
-		}
-	}
-	return reference.TagNameOnly(named), nil
-}
diff --git a/vendor/github.com/containerd/cri/pkg/util/strings.go b/vendor/github.com/containerd/cri/pkg/util/strings.go
deleted file mode 100644
index d5cbc2e8ef30d..0000000000000
--- a/vendor/github.com/containerd/cri/pkg/util/strings.go
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package util
-
-import "strings"
-
-// InStringSlice checks whether a string is inside a string slice.
-// Comparison is case insensitive.
-func InStringSlice(ss []string, str string) bool {
-	for _, s := range ss {
-		if strings.ToLower(s) == strings.ToLower(str) {
-			return true
-		}
-	}
-	return false
-}
-
-// SubtractStringSlice subtracts string from string slice.
-// Comparison is case insensitive.
-func SubtractStringSlice(ss []string, str string) []string {
-	var res []string
-	for _, s := range ss {
-		if strings.ToLower(s) == strings.ToLower(str) {
-			continue
-		}
-		res = append(res, s)
-	}
-	return res
-}
-
-// MergeStringSlices merges 2 string slices into one and remove duplicated elements.
-func MergeStringSlices(a []string, b []string) []string {
-	set := map[string]struct{}{}
-	for _, s := range a {
-		set[s] = struct{}{}
-	}
-	for _, s := range b {
-		set[s] = struct{}{}
-	}
-	var ss []string
-	for s := range set {
-		ss = append(ss, s)
-	}
-	return ss
-}
diff --git a/vendor/github.com/containerd/cri/vendor.conf b/vendor/github.com/containerd/cri/vendor.conf
deleted file mode 100644
index a9ffca873aee3..0000000000000
--- a/vendor/github.com/containerd/cri/vendor.conf
+++ /dev/null
@@ -1,78 +0,0 @@
-github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
-github.com/blang/semver v3.1.0
-github.com/boltdb/bolt v1.3.1
-github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
-github.com/containerd/cgroups 5e610833b72089b37d0e615de9a92dfc043757c2
-github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23
-github.com/containerd/containerd 1950f791d9225ffe061c77e74e292bcb3c428a04
-github.com/containerd/continuity f44b615e492bdfb371aae2f76ec694d9da1db537
-github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
-github.com/containerd/go-cni 6d7b509a054a3cb1c35ed1865d4fde2f0cb547cd
-github.com/containerd/go-runc 5a6d9f37cfa36b15efba46dc7ea349fa9b7143c3
-github.com/containerd/ttrpc 94dde388801693c54f88a6596f713b51a8b30b2d
-github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
-github.com/containernetworking/cni v0.6.0
-github.com/containernetworking/plugins v0.7.0
-github.com/coreos/go-systemd v14
-github.com/davecgh/go-spew v1.1.0
-github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621
-github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00
-github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
-github.com/docker/go-metrics 4ea375f7759c82740c893fc030bc37088d2ec098
-github.com/docker/go-units v0.3.1
-github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
-github.com/emicklei/go-restful v2.2.1
-github.com/ghodss/yaml v1.0.0
-github.com/godbus/dbus v3
-github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef
-github.com/gogo/protobuf v1.0.0
-github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed
-github.com/golang/protobuf v1.1.0
-github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c
-github.com/grpc-ecosystem/go-grpc-prometheus v1.1
-github.com/hashicorp/errwrap 7554cd9344cec97297fa6649b055a8c98c2a1e55
-github.com/hashicorp/go-multierror ed905158d87462226a13fe39ddf685ea65f1c11f
-github.com/json-iterator/go 1.1.5
-github.com/matttproud/golang_protobuf_extensions v1.0.0
-github.com/Microsoft/go-winio v0.4.10
-github.com/Microsoft/hcsshim 44c060121b68e8bdc40b411beba551f3b4ee9e55
-github.com/modern-go/concurrent 1.0.3
-github.com/modern-go/reflect2 1.0.1
-github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7
-github.com/opencontainers/image-spec v1.0.1
-github.com/opencontainers/runc 20aff4f0488c6d4b8df4d85b4f63f1f704c11abd
-github.com/opencontainers/runtime-spec d810dbc60d8c5aeeb3d054bd1132fab2121968ce
-github.com/opencontainers/runtime-tools v0.6.0
-github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a
-github.com/pkg/errors v0.8.0
-github.com/pmezard/go-difflib v1.0.0
-github.com/prometheus/client_golang f4fb1b73fb099f396a7f0036bf86aa8def4ed823
-github.com/prometheus/client_model 99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c
-github.com/prometheus/common 89604d197083d4781071d3c65855d24ecfb0a563
-github.com/prometheus/procfs cb4147076ac75738c9a7d279075a253c0cc5acbd
-github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
-github.com/sirupsen/logrus v1.0.0
-github.com/stretchr/testify v1.1.4
-github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
-github.com/tchap/go-patricia v2.2.6
-github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
-github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6
-github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b
-github.com/xeipuuv/gojsonschema 1d523034197ff1f222f6429836dd36a2457a1874
-golang.org/x/crypto 49796115aa4b964c318aad4f3084fdb41e9aa067
-golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac
-golang.org/x/oauth2 a6bd8cefa1811bd24b86f8902872e4e8225f74c4
-golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
-golang.org/x/sys 1b2967e3c290b7c545b3db0deeda16e9be4f98a2 https://github.com/golang/sys
-golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
-golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631
-google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
-google.golang.org/grpc v1.12.0
-gopkg.in/inf.v0 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
-gopkg.in/yaml.v2 53feefa2559fb8dfa8d81baad31be332c97d6c77
-k8s.io/api 012f271b5d41baad56190c5f1ae19bff16df0fd8
-k8s.io/apimachinery 6429050ef506887d121f3e7306e894f8900d8a63
-k8s.io/apiserver e9312c15296b6c2c923ebd5031ff5d1d5fd022d7
-k8s.io/client-go 37c3c02ec96533daec0dbda1f39a6b1d68505c79
-k8s.io/kubernetes v1.12.0-beta.1
-k8s.io/utils 982821ea41da7e7c15f3d3738921eb2e7e241ccd
diff --git a/vendor/github.com/containerd/fifo/errors.go b/vendor/github.com/containerd/fifo/errors.go
new file mode 100644
index 0000000000000..50f73b2dc01ba
--- /dev/null
+++ b/vendor/github.com/containerd/fifo/errors.go
@@ -0,0 +1,28 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package fifo
+
+import "errors"
+
+var (
+	ErrClosed      = errors.New("fifo closed")
+	ErrCtrlClosed  = errors.New("control of closed fifo")
+	ErrRdFrmWRONLY = errors.New("reading from write-only fifo")
+	ErrReadClosed  = errors.New("reading from a closed fifo")
+	ErrWrToRDONLY  = errors.New("writing to read-only fifo")
+	ErrWriteClosed = errors.New("writing to a closed fifo")
+)
diff --git a/vendor/github.com/containerd/fifo/fifo.go b/vendor/github.com/containerd/fifo/fifo.go
index e79813da7db75..45a9b38402d43 100644
--- a/vendor/github.com/containerd/fifo/fifo.go
+++ b/vendor/github.com/containerd/fifo/fifo.go
@@ -1,3 +1,5 @@
+// +build !windows
+
 /*
    Copyright The containerd Authors.
 
@@ -17,6 +19,7 @@
 package fifo
 
 import (
+	"context"
 	"io"
 	"os"
 	"runtime"
@@ -24,7 +27,7 @@ import (
 	"syscall"
 
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
+	"golang.org/x/sys/unix"
 )
 
 type fifo struct {
@@ -41,6 +44,21 @@ type fifo struct {
 
 var leakCheckWg *sync.WaitGroup
 
+// OpenFifoDup2 is same as OpenFifo, but additionally creates a copy of the FIFO file descriptor with dup2 syscall.
+func OpenFifoDup2(ctx context.Context, fn string, flag int, perm os.FileMode, fd int) (io.ReadWriteCloser, error) {
+	f, err := openFifo(ctx, fn, flag, perm)
+	if err != nil {
+		return nil, errors.Wrap(err, "fifo error")
+	}
+
+	if err := unix.Dup2(int(f.file.Fd()), fd); err != nil {
+		_ = f.Close()
+		return nil, errors.Wrap(err, "dup2 error")
+	}
+
+	return f, nil
+}
+
 // OpenFifo opens a fifo. Returns io.ReadWriteCloser.
 // Context can be used to cancel this function until open(2) has not returned.
 // Accepted flags:
@@ -52,9 +70,13 @@ var leakCheckWg *sync.WaitGroup
 //     fifo isn't open. read/write will be connected after the actual fifo is
 //     open or after fifo is closed.
 func OpenFifo(ctx context.Context, fn string, flag int, perm os.FileMode) (io.ReadWriteCloser, error) {
+	return openFifo(ctx, fn, flag, perm)
+}
+
+func openFifo(ctx context.Context, fn string, flag int, perm os.FileMode) (*fifo, error) {
 	if _, err := os.Stat(fn); err != nil {
 		if os.IsNotExist(err) && flag&syscall.O_CREAT != 0 {
-			if err := mkfifo(fn, uint32(perm&os.ModePerm)); err != nil && !os.IsExist(err) {
+			if err := syscall.Mkfifo(fn, uint32(perm&os.ModePerm)); err != nil && !os.IsExist(err) {
 				return nil, errors.Wrapf(err, "error creating fifo %v", fn)
 			}
 		} else {
@@ -147,7 +169,7 @@ func OpenFifo(ctx context.Context, fn string, flag int, perm os.FileMode) (io.Re
 // Read from a fifo to a byte array.
 func (f *fifo) Read(b []byte) (int, error) {
 	if f.flag&syscall.O_WRONLY > 0 {
-		return 0, errors.New("reading from write-only fifo")
+		return 0, ErrRdFrmWRONLY
 	}
 	select {
 	case <-f.opened:
@@ -158,14 +180,14 @@ func (f *fifo) Read(b []byte) (int, error) {
 	case <-f.opened:
 		return f.file.Read(b)
 	case <-f.closed:
-		return 0, errors.New("reading from a closed fifo")
+		return 0, ErrReadClosed
 	}
 }
 
 // Write from byte array to a fifo.
 func (f *fifo) Write(b []byte) (int, error) {
 	if f.flag&(syscall.O_WRONLY|syscall.O_RDWR) == 0 {
-		return 0, errors.New("writing to read-only fifo")
+		return 0, ErrWrToRDONLY
 	}
 	select {
 	case <-f.opened:
@@ -176,7 +198,7 @@ func (f *fifo) Write(b []byte) (int, error) {
 	case <-f.opened:
 		return f.file.Write(b)
 	case <-f.closed:
-		return 0, errors.New("writing to a closed fifo")
+		return 0, ErrWriteClosed
 	}
 }
 
diff --git a/vendor/github.com/containerd/fifo/go.mod b/vendor/github.com/containerd/fifo/go.mod
new file mode 100644
index 0000000000000..0c1c48fab7829
--- /dev/null
+++ b/vendor/github.com/containerd/fifo/go.mod
@@ -0,0 +1,9 @@
+module github.com/containerd/fifo
+
+go 1.13
+
+require (
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.6.1
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+)
diff --git a/vendor/github.com/containerd/fifo/handle_linux.go b/vendor/github.com/containerd/fifo/handle_linux.go
index 6ac89b6a4d9b4..0ee2c9feeba41 100644
--- a/vendor/github.com/containerd/fifo/handle_linux.go
+++ b/vendor/github.com/containerd/fifo/handle_linux.go
@@ -27,6 +27,7 @@ import (
 	"github.com/pkg/errors"
 )
 
+//nolint:golint
 const O_PATH = 010000000
 
 type handle struct {
@@ -56,9 +57,10 @@ func getHandle(fn string) (*handle, error) {
 	h := &handle{
 		f:    f,
 		name: fn,
-		dev:  uint64(stat.Dev),
-		ino:  stat.Ino,
-		fd:   fd,
+		//nolint:unconvert
+		dev: uint64(stat.Dev),
+		ino: stat.Ino,
+		fd:  fd,
 	}
 
 	// check /proc just in case
@@ -83,6 +85,7 @@ func (h *handle) Path() (string, error) {
 	if err := syscall.Stat(h.procPath(), &stat); err != nil {
 		return "", errors.Wrapf(err, "path %v could not be statted", h.procPath())
 	}
+	//nolint:unconvert
 	if uint64(stat.Dev) != h.dev || stat.Ino != h.ino {
 		return "", errors.Errorf("failed to verify handle %v/%v %v/%v", stat.Dev, h.dev, stat.Ino, h.ino)
 	}
diff --git a/vendor/github.com/containerd/fifo/handle_nolinux.go b/vendor/github.com/containerd/fifo/handle_nolinux.go
index 4f2a282b2b363..81ca308fe50ea 100644
--- a/vendor/github.com/containerd/fifo/handle_nolinux.go
+++ b/vendor/github.com/containerd/fifo/handle_nolinux.go
@@ -1,4 +1,4 @@
-// +build !linux
+// +build !linux,!windows
 
 /*
    Copyright The containerd Authors.
@@ -38,8 +38,8 @@ func getHandle(fn string) (*handle, error) {
 
 	h := &handle{
 		fn:  fn,
-		dev: uint64(stat.Dev),
-		ino: uint64(stat.Ino),
+		dev: uint64(stat.Dev), //nolint: unconvert
+		ino: uint64(stat.Ino), //nolint: unconvert
 	}
 
 	return h, nil
@@ -50,7 +50,7 @@ func (h *handle) Path() (string, error) {
 	if err := syscall.Stat(h.fn, &stat); err != nil {
 		return "", errors.Wrapf(err, "path %v could not be statted", h.fn)
 	}
-	if uint64(stat.Dev) != h.dev || uint64(stat.Ino) != h.ino {
+	if uint64(stat.Dev) != h.dev || uint64(stat.Ino) != h.ino { //nolint: unconvert
 		return "", errors.Errorf("failed to verify handle %v/%v %v/%v for %v", stat.Dev, h.dev, stat.Ino, h.ino, h.fn)
 	}
 	return h.fn, nil
diff --git a/vendor/github.com/containerd/fifo/mkfifo_nosolaris.go b/vendor/github.com/containerd/fifo/mkfifo_nosolaris.go
deleted file mode 100644
index 2799a06d10789..0000000000000
--- a/vendor/github.com/containerd/fifo/mkfifo_nosolaris.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// +build !solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fifo
-
-import "syscall"
-
-func mkfifo(path string, mode uint32) (err error) {
-	return syscall.Mkfifo(path, mode)
-}
diff --git a/vendor/github.com/containerd/fifo/mkfifo_solaris.go b/vendor/github.com/containerd/fifo/mkfifo_solaris.go
deleted file mode 100644
index 1ecd722ae2cb1..0000000000000
--- a/vendor/github.com/containerd/fifo/mkfifo_solaris.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// +build solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fifo
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-func mkfifo(path string, mode uint32) (err error) {
-	return unix.Mkfifo(path, mode)
-}
diff --git a/vendor/github.com/containerd/fifo/raw.go b/vendor/github.com/containerd/fifo/raw.go
new file mode 100644
index 0000000000000..cead94ca27b0f
--- /dev/null
+++ b/vendor/github.com/containerd/fifo/raw.go
@@ -0,0 +1,114 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package fifo
+
+import (
+	"syscall"
+)
+
+// SyscallConn provides raw access to the fifo's underlying filedescrptor.
+// See syscall.Conn for guarantees provided by this interface.
+func (f *fifo) SyscallConn() (syscall.RawConn, error) {
+	// deterministic check for closed
+	select {
+	case <-f.closed:
+		return nil, ErrClosed
+	default:
+	}
+
+	select {
+	case <-f.closed:
+		return nil, ErrClosed
+	case <-f.opened:
+		return f.file.SyscallConn()
+	default:
+	}
+
+	// Not opened and not closed, this means open is non-blocking AND it's not open yet
+	// Use rawConn to deal with non-blocking open.
+	rc := &rawConn{f: f, ready: make(chan struct{})}
+	go func() {
+		select {
+		case <-f.closed:
+			return
+		case <-f.opened:
+			rc.raw, rc.err = f.file.SyscallConn()
+			close(rc.ready)
+		}
+	}()
+
+	return rc, nil
+}
+
+type rawConn struct {
+	f     *fifo
+	ready chan struct{}
+	raw   syscall.RawConn
+	err   error
+}
+
+func (r *rawConn) Control(f func(fd uintptr)) error {
+	select {
+	case <-r.f.closed:
+		return ErrCtrlClosed
+	case <-r.ready:
+	}
+
+	if r.err != nil {
+		return r.err
+	}
+
+	return r.raw.Control(f)
+}
+
+func (r *rawConn) Read(f func(fd uintptr) (done bool)) error {
+	if r.f.flag&syscall.O_WRONLY > 0 {
+		return ErrRdFrmWRONLY
+	}
+
+	select {
+	case <-r.f.closed:
+		return ErrReadClosed
+	case <-r.ready:
+	}
+
+	if r.err != nil {
+		return r.err
+	}
+
+	return r.raw.Read(f)
+}
+
+func (r *rawConn) Write(f func(fd uintptr) (done bool)) error {
+	if r.f.flag&(syscall.O_WRONLY|syscall.O_RDWR) == 0 {
+		return ErrWrToRDONLY
+	}
+
+	select {
+	case <-r.f.closed:
+		return ErrWriteClosed
+	case <-r.ready:
+	}
+
+	if r.err != nil {
+		return r.err
+	}
+
+	return r.raw.Write(f)
+}
diff --git a/vendor/github.com/containerd/fifo/readme.md b/vendor/github.com/containerd/fifo/readme.md
index 2b41b3b1ca376..ad4727dfe5dfe 100644
--- a/vendor/github.com/containerd/fifo/readme.md
+++ b/vendor/github.com/containerd/fifo/readme.md
@@ -1,6 +1,9 @@
 ### fifo
 
-[![Build Status](https://travis-ci.org/containerd/fifo.svg?branch=master)](https://travis-ci.org/containerd/fifo)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/containerd/fifo)](https://pkg.go.dev/github.com/containerd/fifo)
+[![Build Status](https://github.com/containerd/fifo/workflows/CI/badge.svg)](https://github.com/containerd/fifo/actions?query=workflow%3ACI)
+[![codecov](https://codecov.io/gh/containerd/fifo/branch/master/graph/badge.svg)](https://codecov.io/gh/containerd/fifo)
+[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/fifo)](https://goreportcard.com/report/github.com/containerd/fifo)
 
 Go package for handling fifos in a sane way.
 
@@ -30,3 +33,14 @@ func (f *fifo) Write(b []byte) (int, error)
 // before open(2) has returned and fifo was never opened.
 func (f *fifo) Close() error 
 ```
+
+## Project details
+
+The fifo is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
+As a containerd sub-project, you will find the:
+
+ * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/fifo/utils.go b/vendor/github.com/containerd/fifo/utils.go
new file mode 100644
index 0000000000000..bbdf7901547f0
--- /dev/null
+++ b/vendor/github.com/containerd/fifo/utils.go
@@ -0,0 +1,35 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package fifo
+
+import "os"
+
+// IsFifo checks if a file is a (named pipe) fifo
+// if the file does not exist then it returns false
+func IsFifo(path string) (bool, error) {
+	stat, err := os.Stat(path)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	if stat.Mode()&os.ModeNamedPipe == os.ModeNamedPipe {
+		return true, nil
+	}
+	return false, nil
+}
diff --git a/vendor/github.com/containerd/go-runc/README.md b/vendor/github.com/containerd/go-runc/README.md
index 239601f1e7ddc..c899bdd7ed873 100644
--- a/vendor/github.com/containerd/go-runc/README.md
+++ b/vendor/github.com/containerd/go-runc/README.md
@@ -1,7 +1,7 @@
 # go-runc
 
 [![Build Status](https://travis-ci.org/containerd/go-runc.svg?branch=master)](https://travis-ci.org/containerd/go-runc)
-
+[![codecov](https://codecov.io/gh/containerd/go-runc/branch/master/graph/badge.svg)](https://codecov.io/gh/containerd/go-runc)
 
 This is a package for consuming the [runc](https://github.com/opencontainers/runc) binary in your Go applications.
 It tries to expose all the settings and features of the runc CLI.  If there is something missing then add it, its opensource!
@@ -12,3 +12,14 @@ or greater.
 ## Docs
 
 Docs can be found at [godoc.org](https://godoc.org/github.com/containerd/go-runc).
+
+## Project details
+
+The go-runc is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
+As a containerd sub-project, you will find the:
+
+ * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/go-runc/command_linux.go b/vendor/github.com/containerd/go-runc/command_linux.go
index 71b52f9de4e82..8a30f679d08f3 100644
--- a/vendor/github.com/containerd/go-runc/command_linux.go
+++ b/vendor/github.com/containerd/go-runc/command_linux.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"os"
 	"os/exec"
+	"strings"
 	"syscall"
 )
 
@@ -32,10 +33,24 @@ func (r *Runc) command(context context.Context, args ...string) *exec.Cmd {
 	cmd.SysProcAttr = &syscall.SysProcAttr{
 		Setpgid: r.Setpgid,
 	}
-	cmd.Env = os.Environ()
+	cmd.Env = filterEnv(os.Environ(), "NOTIFY_SOCKET") // NOTIFY_SOCKET introduces a special behavior in runc but should only be set if invoked from systemd
 	if r.PdeathSignal != 0 {
 		cmd.SysProcAttr.Pdeathsig = r.PdeathSignal
 	}
 
 	return cmd
 }
+
+func filterEnv(in []string, names ...string) []string {
+	out := make([]string, 0, len(in))
+loop0:
+	for _, v := range in {
+		for _, k := range names {
+			if strings.HasPrefix(v, k+"=") {
+				continue loop0
+			}
+		}
+		out = append(out, v)
+	}
+	return out
+}
diff --git a/vendor/github.com/containerd/go-runc/go.mod b/vendor/github.com/containerd/go-runc/go.mod
new file mode 100644
index 0000000000000..f69c26fd68fb3
--- /dev/null
+++ b/vendor/github.com/containerd/go-runc/go.mod
@@ -0,0 +1,11 @@
+module github.com/containerd/go-runc
+
+go 1.13
+
+require (
+	github.com/containerd/console v1.0.1
+	github.com/opencontainers/runtime-spec v1.0.2
+	github.com/pkg/errors v0.9.1
+	github.com/sirupsen/logrus v1.7.0
+	golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f
+)
diff --git a/vendor/github.com/containerd/go-runc/io_unix.go b/vendor/github.com/containerd/go-runc/io_unix.go
index 567cd072e5f88..ccf1dd490d9ec 100644
--- a/vendor/github.com/containerd/go-runc/io_unix.go
+++ b/vendor/github.com/containerd/go-runc/io_unix.go
@@ -20,7 +20,9 @@ package runc
 
 import (
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
+	"runtime"
 )
 
 // NewPipeIO creates pipe pairs to be used with runc
@@ -47,7 +49,13 @@ func NewPipeIO(uid, gid int, opts ...IOOpt) (i IO, err error) {
 		}
 		pipes = append(pipes, stdin)
 		if err = unix.Fchown(int(stdin.r.Fd()), uid, gid); err != nil {
-			return nil, errors.Wrap(err, "failed to chown stdin")
+			// TODO: revert with proper darwin solution, skipping for now
+			// as darwin chown is returning EINVAL on anonymous pipe
+			if runtime.GOOS == "darwin" {
+				logrus.WithError(err).Debug("failed to chown stdin, ignored")
+			} else {
+				return nil, errors.Wrap(err, "failed to chown stdin")
+			}
 		}
 	}
 	if option.OpenStdout {
@@ -56,7 +64,13 @@ func NewPipeIO(uid, gid int, opts ...IOOpt) (i IO, err error) {
 		}
 		pipes = append(pipes, stdout)
 		if err = unix.Fchown(int(stdout.w.Fd()), uid, gid); err != nil {
-			return nil, errors.Wrap(err, "failed to chown stdout")
+			// TODO: revert with proper darwin solution, skipping for now
+			// as darwin chown is returning EINVAL on anonymous pipe
+			if runtime.GOOS == "darwin" {
+				logrus.WithError(err).Debug("failed to chown stdout, ignored")
+			} else {
+				return nil, errors.Wrap(err, "failed to chown stdout")
+			}
 		}
 	}
 	if option.OpenStderr {
@@ -65,7 +79,13 @@ func NewPipeIO(uid, gid int, opts ...IOOpt) (i IO, err error) {
 		}
 		pipes = append(pipes, stderr)
 		if err = unix.Fchown(int(stderr.w.Fd()), uid, gid); err != nil {
-			return nil, errors.Wrap(err, "failed to chown stderr")
+			// TODO: revert with proper darwin solution, skipping for now
+			// as darwin chown is returning EINVAL on anonymous pipe
+			if runtime.GOOS == "darwin" {
+				logrus.WithError(err).Debug("failed to chown stderr, ignored")
+			} else {
+				return nil, errors.Wrap(err, "failed to chown stderr")
+			}
 		}
 	}
 	return &pipeIO{
diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go
index 96262afab3964..f5f03ae95eb4b 100644
--- a/vendor/github.com/containerd/go-runc/runc.go
+++ b/vendor/github.com/containerd/go-runc/runc.go
@@ -17,6 +17,7 @@
 package runc
 
 import (
+	"bytes"
 	"context"
 	"encoding/json"
 	"errors"
@@ -28,7 +29,6 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
-	"syscall"
 	"time"
 
 	specs "github.com/opencontainers/runtime-spec/specs-go"
@@ -54,29 +54,15 @@ const (
 	DefaultCommand = "runc"
 )
 
-// Runc is the client to the runc cli
-type Runc struct {
-	//If command is empty, DefaultCommand is used
-	Command       string
-	Root          string
-	Debug         bool
-	Log           string
-	LogFormat     Format
-	PdeathSignal  syscall.Signal
-	Setpgid       bool
-	Criu          string
-	SystemdCgroup bool
-	Rootless      *bool // nil stands for "auto"
-}
-
 // List returns all containers created inside the provided runc root directory
 func (r *Runc) List(context context.Context) ([]*Container, error) {
-	data, err := cmdOutput(r.command(context, "list", "--format=json"), false)
+	data, err := cmdOutput(r.command(context, "list", "--format=json"), false, nil)
+	defer putBuf(data)
 	if err != nil {
 		return nil, err
 	}
 	var out []*Container
-	if err := json.Unmarshal(data, &out); err != nil {
+	if err := json.Unmarshal(data.Bytes(), &out); err != nil {
 		return nil, err
 	}
 	return out, nil
@@ -84,12 +70,13 @@ func (r *Runc) List(context context.Context) ([]*Container, error) {
 
 // State returns the state for the container provided by id
 func (r *Runc) State(context context.Context, id string) (*Container, error) {
-	data, err := cmdOutput(r.command(context, "state", id), true)
+	data, err := cmdOutput(r.command(context, "state", id), true, nil)
+	defer putBuf(data)
 	if err != nil {
-		return nil, fmt.Errorf("%s: %s", err, data)
+		return nil, fmt.Errorf("%s: %s", err, data.String())
 	}
 	var c Container
-	if err := json.Unmarshal(data, &c); err != nil {
+	if err := json.Unmarshal(data.Bytes(), &c); err != nil {
 		return nil, err
 	}
 	return &c, nil
@@ -108,6 +95,7 @@ type CreateOpts struct {
 	NoPivot       bool
 	NoNewKeyring  bool
 	ExtraFiles    []*os.File
+	Started       chan<- int
 }
 
 func (o *CreateOpts) args() (out []string, err error) {
@@ -153,9 +141,10 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp
 	cmd.ExtraFiles = opts.ExtraFiles
 
 	if cmd.Stdout == nil && cmd.Stderr == nil {
-		data, err := cmdOutput(cmd, true)
+		data, err := cmdOutput(cmd, true, nil)
+		defer putBuf(data)
 		if err != nil {
-			return fmt.Errorf("%s: %s", err, data)
+			return fmt.Errorf("%s: %s", err, data.String())
 		}
 		return nil
 	}
@@ -172,7 +161,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp
 	}
 	status, err := Monitor.Wait(cmd, ec)
 	if err == nil && status != 0 {
-		err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0])
+		err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status})
 	}
 	return err
 }
@@ -187,6 +176,7 @@ type ExecOpts struct {
 	PidFile       string
 	ConsoleSocket ConsoleSocket
 	Detach        bool
+	Started       chan<- int
 }
 
 func (o *ExecOpts) args() (out []string, err error) {
@@ -206,9 +196,12 @@ func (o *ExecOpts) args() (out []string, err error) {
 	return out, nil
 }
 
-// Exec executres and additional process inside the container based on a full
+// Exec executes an additional process inside the container based on a full
 // OCI Process specification
 func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts *ExecOpts) error {
+	if opts.Started != nil {
+		defer close(opts.Started)
+	}
 	f, err := ioutil.TempFile(os.Getenv("XDG_RUNTIME_DIR"), "runc-process")
 	if err != nil {
 		return err
@@ -232,9 +225,10 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts
 		opts.Set(cmd)
 	}
 	if cmd.Stdout == nil && cmd.Stderr == nil {
-		data, err := cmdOutput(cmd, true)
+		data, err := cmdOutput(cmd, true, opts.Started)
+		defer putBuf(data)
 		if err != nil {
-			return fmt.Errorf("%s: %s", err, data)
+			return fmt.Errorf("%w: %s", err, data.String())
 		}
 		return nil
 	}
@@ -242,6 +236,9 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts
 	if err != nil {
 		return err
 	}
+	if opts.Started != nil {
+		opts.Started <- cmd.Process.Pid
+	}
 	if opts != nil && opts.IO != nil {
 		if c, ok := opts.IO.(StartCloser); ok {
 			if err := c.CloseAfterStart(); err != nil {
@@ -251,7 +248,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts
 	}
 	status, err := Monitor.Wait(cmd, ec)
 	if err == nil && status != 0 {
-		err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0])
+		err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status})
 	}
 	return err
 }
@@ -259,6 +256,9 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts
 // Run runs the create, start, delete lifecycle of the container
 // and returns its exit status after it has exited
 func (r *Runc) Run(context context.Context, id, bundle string, opts *CreateOpts) (int, error) {
+	if opts.Started != nil {
+		defer close(opts.Started)
+	}
 	args := []string{"run", "--bundle", bundle}
 	if opts != nil {
 		oargs, err := opts.args()
@@ -275,7 +275,14 @@ func (r *Runc) Run(context context.Context, id, bundle string, opts *CreateOpts)
 	if err != nil {
 		return -1, err
 	}
-	return Monitor.Wait(cmd, ec)
+	if opts.Started != nil {
+		opts.Started <- cmd.Process.Pid
+	}
+	status, err := Monitor.Wait(cmd, ec)
+	if err == nil && status != 0 {
+		err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status})
+	}
+	return status, err
 }
 
 type DeleteOpts struct {
@@ -394,12 +401,13 @@ func (r *Runc) Resume(context context.Context, id string) error {
 
 // Ps lists all the processes inside the container returning their pids
 func (r *Runc) Ps(context context.Context, id string) ([]int, error) {
-	data, err := cmdOutput(r.command(context, "ps", "--format", "json", id), true)
+	data, err := cmdOutput(r.command(context, "ps", "--format", "json", id), true, nil)
+	defer putBuf(data)
 	if err != nil {
-		return nil, fmt.Errorf("%s: %s", err, data)
+		return nil, fmt.Errorf("%s: %s", err, data.String())
 	}
 	var pids []int
-	if err := json.Unmarshal(data, &pids); err != nil {
+	if err := json.Unmarshal(data.Bytes(), &pids); err != nil {
 		return nil, err
 	}
 	return pids, nil
@@ -407,12 +415,13 @@ func (r *Runc) Ps(context context.Context, id string) ([]int, error) {
 
 // Top lists all the processes inside the container returning the full ps data
 func (r *Runc) Top(context context.Context, id string, psOptions string) (*TopResults, error) {
-	data, err := cmdOutput(r.command(context, "ps", "--format", "table", id, psOptions), true)
+	data, err := cmdOutput(r.command(context, "ps", "--format", "table", id, psOptions), true, nil)
+	defer putBuf(data)
 	if err != nil {
-		return nil, fmt.Errorf("%s: %s", err, data)
+		return nil, fmt.Errorf("%s: %s", err, data.String())
 	}
 
-	topResults, err := ParsePSOutput(data)
+	topResults, err := ParsePSOutput(data.Bytes())
 	if err != nil {
 		return nil, fmt.Errorf("%s: ", err)
 	}
@@ -441,6 +450,10 @@ type CheckpointOpts struct {
 	// EmptyNamespaces creates a namespace for the container but does not save its properties
 	// Provide the namespaces you wish to be checkpointed without their settings on restore
 	EmptyNamespaces []string
+	// LazyPages uses userfaultfd to lazily restore memory pages
+	LazyPages bool
+	// StatusFile is the file criu writes \0 to once lazy-pages is ready
+	StatusFile *os.File
 }
 
 type CgroupMode string
@@ -482,6 +495,9 @@ func (o *CheckpointOpts) args() (out []string) {
 	for _, ns := range o.EmptyNamespaces {
 		out = append(out, "--empty-ns", ns)
 	}
+	if o.LazyPages {
+		out = append(out, "--lazy-pages")
+	}
 	return out
 }
 
@@ -500,13 +516,23 @@ func PreDump(args []string) []string {
 // Checkpoint allows you to checkpoint a container using criu
 func (r *Runc) Checkpoint(context context.Context, id string, opts *CheckpointOpts, actions ...CheckpointAction) error {
 	args := []string{"checkpoint"}
+	extraFiles := []*os.File{}
 	if opts != nil {
 		args = append(args, opts.args()...)
+		if opts.StatusFile != nil {
+			// pass the status file to the child process
+			extraFiles = []*os.File{opts.StatusFile}
+			// set status-fd to 3 as this will be the file descriptor
+			// of the first file passed with cmd.ExtraFiles
+			args = append(args, "--status-fd", "3")
+		}
 	}
 	for _, a := range actions {
 		args = a(args)
 	}
-	return r.runOrError(r.command(context, append(args, id)...))
+	cmd := r.command(context, append(args, id)...)
+	cmd.ExtraFiles = extraFiles
+	return r.runOrError(cmd)
 }
 
 type RestoreOpts struct {
@@ -570,7 +596,11 @@ func (r *Runc) Restore(context context.Context, id, bundle string, opts *Restore
 			}
 		}
 	}
-	return Monitor.Wait(cmd, ec)
+	status, err := Monitor.Wait(cmd, ec)
+	if err == nil && status != 0 {
+		err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status})
+	}
+	return status, err
 }
 
 // Update updates the current container with the provided resource spec
@@ -597,42 +627,33 @@ type Version struct {
 
 // Version returns the runc and runtime-spec versions
 func (r *Runc) Version(context context.Context) (Version, error) {
-	data, err := cmdOutput(r.command(context, "--version"), false)
+	data, err := cmdOutput(r.command(context, "--version"), false, nil)
+	defer putBuf(data)
 	if err != nil {
 		return Version{}, err
 	}
-	return parseVersion(data)
+	return parseVersion(data.Bytes())
 }
 
 func parseVersion(data []byte) (Version, error) {
 	var v Version
 	parts := strings.Split(strings.TrimSpace(string(data)), "\n")
-	if len(parts) != 3 {
-		return v, nil
-	}
-	for i, p := range []struct {
-		dest  *string
-		split string
-	}{
-		{
-			dest:  &v.Runc,
-			split: "version ",
-		},
-		{
-			dest:  &v.Commit,
-			split: ": ",
-		},
-		{
-			dest:  &v.Spec,
-			split: ": ",
-		},
-	} {
-		p2 := strings.Split(parts[i], p.split)
-		if len(p2) != 2 {
-			return v, fmt.Errorf("unable to parse version line %q", parts[i])
+
+	if len(parts) > 0 {
+		if !strings.HasPrefix(parts[0], "runc version ") {
+			return v, nil
+		}
+		v.Runc = parts[0][13:]
+
+		for _, part := range parts[1:] {
+			if strings.HasPrefix(part, "commit: ") {
+				v.Commit = part[8:]
+			} else if strings.HasPrefix(part, "spec: ") {
+				v.Spec = part[6:]
+			}
 		}
-		*p.dest = p2[1]
 	}
+
 	return v, nil
 }
 
@@ -674,20 +695,22 @@ func (r *Runc) runOrError(cmd *exec.Cmd) error {
 		}
 		status, err := Monitor.Wait(cmd, ec)
 		if err == nil && status != 0 {
-			err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0])
+			err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status})
 		}
 		return err
 	}
-	data, err := cmdOutput(cmd, true)
+	data, err := cmdOutput(cmd, true, nil)
+	defer putBuf(data)
 	if err != nil {
-		return fmt.Errorf("%s: %s", err, data)
+		return fmt.Errorf("%s: %s", err, data.String())
 	}
 	return nil
 }
 
-func cmdOutput(cmd *exec.Cmd, combined bool) ([]byte, error) {
+// callers of cmdOutput are expected to call putBuf on the returned Buffer
+// to ensure it is released back to the shared pool after use.
+func cmdOutput(cmd *exec.Cmd, combined bool, started chan<- int) (*bytes.Buffer, error) {
 	b := getBuf()
-	defer putBuf(b)
 
 	cmd.Stdout = b
 	if combined {
@@ -697,11 +720,22 @@ func cmdOutput(cmd *exec.Cmd, combined bool) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	if started != nil {
+		started <- cmd.Process.Pid
+	}
 
 	status, err := Monitor.Wait(cmd, ec)
 	if err == nil && status != 0 {
-		err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0])
+		err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status})
 	}
 
-	return b.Bytes(), err
+	return b, err
+}
+
+type ExitError struct {
+	Status int
+}
+
+func (e *ExitError) Error() string {
+	return fmt.Sprintf("exit status %d", e.Status)
 }
diff --git a/vendor/github.com/containerd/go-runc/runc_unix.go b/vendor/github.com/containerd/go-runc/runc_unix.go
new file mode 100644
index 0000000000000..548ffd6b90c64
--- /dev/null
+++ b/vendor/github.com/containerd/go-runc/runc_unix.go
@@ -0,0 +1,38 @@
+//+build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package runc
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// Runc is the client to the runc cli
+type Runc struct {
+	//If command is empty, DefaultCommand is used
+	Command       string
+	Root          string
+	Debug         bool
+	Log           string
+	LogFormat     Format
+	PdeathSignal  unix.Signal
+	Setpgid       bool
+	Criu          string
+	SystemdCgroup bool
+	Rootless      *bool // nil stands for "auto"
+}
diff --git a/vendor/github.com/containerd/go-runc/runc_windows.go b/vendor/github.com/containerd/go-runc/runc_windows.go
new file mode 100644
index 0000000000000..c5873de8b6f7f
--- /dev/null
+++ b/vendor/github.com/containerd/go-runc/runc_windows.go
@@ -0,0 +1,31 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package runc
+
+// Runc is the client to the runc cli
+type Runc struct {
+	//If command is empty, DefaultCommand is used
+	Command       string
+	Root          string
+	Debug         bool
+	Log           string
+	LogFormat     Format
+	Setpgid       bool
+	Criu          string
+	SystemdCgroup bool
+	Rootless      *bool // nil stands for "auto"
+}
diff --git a/vendor/github.com/containerd/go-runc/utils.go b/vendor/github.com/containerd/go-runc/utils.go
index 69ad6ead751b4..948b6336a7f02 100644
--- a/vendor/github.com/containerd/go-runc/utils.go
+++ b/vendor/github.com/containerd/go-runc/utils.go
@@ -57,6 +57,10 @@ func getBuf() *bytes.Buffer {
 }
 
 func putBuf(b *bytes.Buffer) {
+	if b == nil {
+		return
+	}
+
 	b.Reset()
 	bytesBufferPool.Put(b)
 }
diff --git a/vendor/github.com/containerd/ttrpc/README.md b/vendor/github.com/containerd/ttrpc/README.md
index d1eed6b120c6f..547a1297df7de 100644
--- a/vendor/github.com/containerd/ttrpc/README.md
+++ b/vendor/github.com/containerd/ttrpc/README.md
@@ -1,6 +1,7 @@
 # ttrpc
 
-[![Build Status](https://travis-ci.org/containerd/ttrpc.svg?branch=master)](https://travis-ci.org/containerd/ttrpc)
+[![Build Status](https://github.com/containerd/ttrpc/workflows/CI/badge.svg)](https://github.com/containerd/ttrpc/actions?query=workflow%3ACI)
+[![codecov](https://codecov.io/gh/containerd/ttrpc/branch/main/graph/badge.svg)](https://codecov.io/gh/containerd/ttrpc)
 
 GRPC for low-memory environments.
 
@@ -40,13 +41,18 @@ directly, if required.
 
 # Status
 
-Very new. YMMV.
-
 TODO:
 
-- [X] Plumb error codes and GRPC status
-- [X] Remove use of any type and dependency on typeurl package
-- [X] Ensure that protocol can support streaming in the future
 - [ ] Document protocol layout
 - [ ] Add testing under concurrent load to ensure
 - [ ] Verify connection error handling
+
+# Project details
+
+ttrpc is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
+As a containerd sub-project, you will find the:
+ * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/ttrpc/channel.go b/vendor/github.com/containerd/ttrpc/channel.go
index 22f5496b4b952..81116a5e23fc4 100644
--- a/vendor/github.com/containerd/ttrpc/channel.go
+++ b/vendor/github.com/containerd/ttrpc/channel.go
@@ -18,13 +18,12 @@ package ttrpc
 
 import (
 	"bufio"
-	"context"
 	"encoding/binary"
+	"fmt"
 	"io"
 	"net"
 	"sync"
 
-	"github.com/pkg/errors"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -98,7 +97,7 @@ func newChannel(conn net.Conn) *channel {
 // returned will be valid and caller should send that along to
 // the correct consumer. The bytes on the underlying channel
 // will be discarded.
-func (ch *channel) recv(ctx context.Context) (messageHeader, []byte, error) {
+func (ch *channel) recv() (messageHeader, []byte, error) {
 	mh, err := readMessageHeader(ch.hrbuf[:], ch.br)
 	if err != nil {
 		return messageHeader{}, nil, err
@@ -106,7 +105,7 @@ func (ch *channel) recv(ctx context.Context) (messageHeader, []byte, error) {
 
 	if mh.Length > uint32(messageLengthMax) {
 		if _, err := ch.br.Discard(int(mh.Length)); err != nil {
-			return mh, nil, errors.Wrapf(err, "failed to discard after receiving oversized message")
+			return mh, nil, fmt.Errorf("failed to discard after receiving oversized message: %w", err)
 		}
 
 		return mh, nil, status.Errorf(codes.ResourceExhausted, "message length %v exceed maximum message size of %v", mh.Length, messageLengthMax)
@@ -114,13 +113,13 @@ func (ch *channel) recv(ctx context.Context) (messageHeader, []byte, error) {
 
 	p := ch.getmbuf(int(mh.Length))
 	if _, err := io.ReadFull(ch.br, p); err != nil {
-		return messageHeader{}, nil, errors.Wrapf(err, "failed reading message")
+		return messageHeader{}, nil, fmt.Errorf("failed reading message: %w", err)
 	}
 
 	return mh, p, nil
 }
 
-func (ch *channel) send(ctx context.Context, streamID uint32, t messageType, p []byte) error {
+func (ch *channel) send(streamID uint32, t messageType, p []byte) error {
 	if err := writeMessageHeader(ch.bw, ch.hwbuf[:], messageHeader{Length: uint32(len(p)), StreamID: streamID, Type: t}); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/containerd/ttrpc/client.go b/vendor/github.com/containerd/ttrpc/client.go
index e40592dd743eb..26c3dd2a98192 100644
--- a/vendor/github.com/containerd/ttrpc/client.go
+++ b/vendor/github.com/containerd/ttrpc/client.go
@@ -18,16 +18,18 @@ package ttrpc
 
 import (
 	"context"
+	"errors"
 	"io"
 	"net"
 	"os"
 	"strings"
 	"sync"
 	"syscall"
+	"time"
 
 	"github.com/gogo/protobuf/proto"
-	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
@@ -35,28 +37,58 @@ import (
 // closed.
 var ErrClosed = errors.New("ttrpc: closed")
 
+// Client for a ttrpc server
 type Client struct {
 	codec   codec
 	conn    net.Conn
 	channel *channel
 	calls   chan *callRequest
 
-	closed    chan struct{}
-	closeOnce sync.Once
-	closeFunc func()
-	done      chan struct{}
-	err       error
+	ctx    context.Context
+	closed func()
+
+	closeOnce       sync.Once
+	userCloseFunc   func()
+	userCloseWaitCh chan struct{}
+
+	errOnce     sync.Once
+	err         error
+	interceptor UnaryClientInterceptor
+}
+
+// ClientOpts configures a client
+type ClientOpts func(c *Client)
+
+// WithOnClose sets the close func whenever the client's Close() method is called
+func WithOnClose(onClose func()) ClientOpts {
+	return func(c *Client) {
+		c.userCloseFunc = onClose
+	}
 }
 
-func NewClient(conn net.Conn) *Client {
+// WithUnaryClientInterceptor sets the provided client interceptor
+func WithUnaryClientInterceptor(i UnaryClientInterceptor) ClientOpts {
+	return func(c *Client) {
+		c.interceptor = i
+	}
+}
+
+func NewClient(conn net.Conn, opts ...ClientOpts) *Client {
+	ctx, cancel := context.WithCancel(context.Background())
 	c := &Client{
-		codec:     codec{},
-		conn:      conn,
-		channel:   newChannel(conn),
-		calls:     make(chan *callRequest),
-		closed:    make(chan struct{}),
-		done:      make(chan struct{}),
-		closeFunc: func() {},
+		codec:           codec{},
+		conn:            conn,
+		channel:         newChannel(conn),
+		calls:           make(chan *callRequest),
+		closed:          cancel,
+		ctx:             ctx,
+		userCloseFunc:   func() {},
+		userCloseWaitCh: make(chan struct{}),
+		interceptor:     defaultClientInterceptor,
+	}
+
+	for _, o := range opts {
+		o(c)
 	}
 
 	go c.run()
@@ -86,7 +118,18 @@ func (c *Client) Call(ctx context.Context, service, method string, req, resp int
 		cresp = &Response{}
 	)
 
-	if err := c.dispatch(ctx, creq, cresp); err != nil {
+	if metadata, ok := GetMetadata(ctx); ok {
+		metadata.setRequest(creq)
+	}
+
+	if dl, ok := ctx.Deadline(); ok {
+		creq.TimeoutNano = dl.Sub(time.Now()).Nanoseconds()
+	}
+
+	info := &UnaryClientInfo{
+		FullMethod: fullPath(service, method),
+	}
+	if err := c.interceptor(ctx, creq, cresp, info, c.dispatch); err != nil {
 		return err
 	}
 
@@ -94,16 +137,16 @@ func (c *Client) Call(ctx context.Context, service, method string, req, resp int
 		return err
 	}
 
-	if cresp.Status == nil {
-		return errors.New("no status provided on response")
+	if cresp.Status != nil && cresp.Status.Code != int32(codes.OK) {
+		return status.ErrorProto(cresp.Status)
 	}
-
-	return status.ErrorProto(cresp.Status)
+	return nil
 }
 
 func (c *Client) dispatch(ctx context.Context, req *Request, resp *Response) error {
 	errs := make(chan error, 1)
 	call := &callRequest{
+		ctx:  ctx,
 		req:  req,
 		resp: resp,
 		errs: errs,
@@ -113,8 +156,8 @@ func (c *Client) dispatch(ctx context.Context, req *Request, resp *Response) err
 	case <-ctx.Done():
 		return ctx.Err()
 	case c.calls <- call:
-	case <-c.done:
-		return c.err
+	case <-c.ctx.Done():
+		return c.error()
 	}
 
 	select {
@@ -122,22 +165,27 @@ func (c *Client) dispatch(ctx context.Context, req *Request, resp *Response) err
 		return ctx.Err()
 	case err := <-errs:
 		return filterCloseErr(err)
-	case <-c.done:
-		return c.err
+	case <-c.ctx.Done():
+		return c.error()
 	}
 }
 
 func (c *Client) Close() error {
 	c.closeOnce.Do(func() {
-		close(c.closed)
+		c.closed()
 	})
-
 	return nil
 }
 
-// OnClose allows a close func to be called when the server is closed
-func (c *Client) OnClose(closer func()) {
-	c.closeFunc = closer
+// UserOnCloseWait is used to blocks untils the user's on-close callback
+// finishes.
+func (c *Client) UserOnCloseWait(ctx context.Context) error {
+	select {
+	case <-c.userCloseWaitCh:
+		return nil
+	case <-ctx.Done():
+		return ctx.Err()
+	}
 }
 
 type message struct {
@@ -146,101 +194,175 @@ type message struct {
 	err error
 }
 
+// callMap provides access to a map of active calls, guarded by a mutex.
+type callMap struct {
+	m           sync.Mutex
+	activeCalls map[uint32]*callRequest
+	closeErr    error
+}
+
+// newCallMap returns a new callMap with an empty set of active calls.
+func newCallMap() *callMap {
+	return &callMap{
+		activeCalls: make(map[uint32]*callRequest),
+	}
+}
+
+// set adds a call entry to the map with the given streamID key.
+func (cm *callMap) set(streamID uint32, cr *callRequest) error {
+	cm.m.Lock()
+	defer cm.m.Unlock()
+	if cm.closeErr != nil {
+		return cm.closeErr
+	}
+	cm.activeCalls[streamID] = cr
+	return nil
+}
+
+// get looks up the call entry for the given streamID key, then removes it
+// from the map and returns it.
+func (cm *callMap) get(streamID uint32) (cr *callRequest, ok bool, err error) {
+	cm.m.Lock()
+	defer cm.m.Unlock()
+	if cm.closeErr != nil {
+		return nil, false, cm.closeErr
+	}
+	cr, ok = cm.activeCalls[streamID]
+	if ok {
+		delete(cm.activeCalls, streamID)
+	}
+	return
+}
+
+// abort sends the given error to each active call, and clears the map.
+// Once abort has been called, any subsequent calls to the callMap will return the error passed to abort.
+func (cm *callMap) abort(err error) error {
+	cm.m.Lock()
+	defer cm.m.Unlock()
+	if cm.closeErr != nil {
+		return cm.closeErr
+	}
+	for streamID, call := range cm.activeCalls {
+		call.errs <- err
+		delete(cm.activeCalls, streamID)
+	}
+	cm.closeErr = err
+	return nil
+}
+
 func (c *Client) run() {
 	var (
-		streamID    uint32 = 1
-		waiters            = make(map[uint32]*callRequest)
-		calls              = c.calls
-		incoming           = make(chan *message)
-		shutdown           = make(chan struct{})
-		shutdownErr error
+		waiters      = newCallMap()
+		receiverDone = make(chan struct{})
 	)
 
+	// Sender goroutine
+	// Receives calls from dispatch, adds them to the set of active calls, and sends them
+	// to the server.
 	go func() {
-		defer close(shutdown)
-
-		// start one more goroutine to recv messages without blocking.
+		var streamID uint32 = 1
 		for {
-			mh, p, err := c.channel.recv(context.TODO())
-			if err != nil {
-				_, ok := status.FromError(err)
-				if !ok {
-					// treat all errors that are not an rpc status as terminal.
-					// all others poison the connection.
-					shutdownErr = err
-					return
+			select {
+			case <-c.ctx.Done():
+				return
+			case call := <-c.calls:
+				id := streamID
+				streamID += 2 // enforce odd client initiated request ids
+				if err := waiters.set(id, call); err != nil {
+					call.errs <- err // errs is buffered so should not block.
+					continue
+				}
+				if err := c.send(id, messageTypeRequest, call.req); err != nil {
+					call.errs <- err // errs is buffered so should not block.
+					waiters.get(id)  // remove from waiters set
 				}
 			}
+		}
+	}()
+
+	// Receiver goroutine
+	// Receives responses from the server, looks up the call info in the set of active calls,
+	// and notifies the caller of the response.
+	go func() {
+		defer close(receiverDone)
+		for {
 			select {
-			case incoming <- &message{
-				messageHeader: mh,
-				p:             p[:mh.Length],
-				err:           err,
-			}:
-			case <-c.done:
+			case <-c.ctx.Done():
+				c.setError(c.ctx.Err())
 				return
+			default:
+				mh, p, err := c.channel.recv()
+				if err != nil {
+					_, ok := status.FromError(err)
+					if !ok {
+						// treat all errors that are not an rpc status as terminal.
+						// all others poison the connection.
+						c.setError(filterCloseErr(err))
+						return
+					}
+				}
+				msg := &message{
+					messageHeader: mh,
+					p:             p[:mh.Length],
+					err:           err,
+				}
+				call, ok, err := waiters.get(mh.StreamID)
+				if err != nil {
+					logrus.Errorf("ttrpc: failed to look up active call: %s", err)
+					continue
+				}
+				if !ok {
+					logrus.Errorf("ttrpc: received message for unknown channel %v", mh.StreamID)
+					continue
+				}
+				call.errs <- c.recv(call.resp, msg)
 			}
 		}
 	}()
 
-	defer c.conn.Close()
-	defer close(c.done)
-	defer c.closeFunc()
+	defer func() {
+		c.conn.Close()
+		c.userCloseFunc()
+		close(c.userCloseWaitCh)
+	}()
 
 	for {
 		select {
-		case call := <-calls:
-			if err := c.send(call.ctx, streamID, messageTypeRequest, call.req); err != nil {
-				call.errs <- err
-				continue
-			}
-
-			waiters[streamID] = call
-			streamID += 2 // enforce odd client initiated request ids
-		case msg := <-incoming:
-			call, ok := waiters[msg.StreamID]
-			if !ok {
-				logrus.Errorf("ttrpc: received message for unknown channel %v", msg.StreamID)
-				continue
-			}
-
-			call.errs <- c.recv(call.resp, msg)
-			delete(waiters, msg.StreamID)
-		case <-shutdown:
-			if shutdownErr != nil {
-				shutdownErr = filterCloseErr(shutdownErr)
-			} else {
-				shutdownErr = ErrClosed
-			}
-
-			shutdownErr = errors.Wrapf(shutdownErr, "ttrpc: client shutting down")
-
-			c.err = shutdownErr
-			for _, waiter := range waiters {
-				waiter.errs <- shutdownErr
-			}
+		case <-receiverDone:
+			// The receiver has exited.
+			// don't return out, let the close of the context trigger the abort of waiters
 			c.Close()
-			return
-		case <-c.closed:
-			if c.err == nil {
-				c.err = ErrClosed
-			}
-			// broadcast the shutdown error to the remaining waiters.
-			for _, waiter := range waiters {
-				waiter.errs <- c.err
-			}
+		case <-c.ctx.Done():
+			// Abort all active calls. This will also prevent any new calls from being added
+			// to waiters.
+			waiters.abort(c.error())
 			return
 		}
 	}
 }
 
-func (c *Client) send(ctx context.Context, streamID uint32, mtype messageType, msg interface{}) error {
+func (c *Client) error() error {
+	c.errOnce.Do(func() {
+		if c.err == nil {
+			c.err = ErrClosed
+		}
+	})
+	return c.err
+}
+
+func (c *Client) setError(err error) {
+	c.errOnce.Do(func() {
+		c.err = err
+	})
+}
+
+func (c *Client) send(streamID uint32, mtype messageType, msg interface{}) error {
 	p, err := c.codec.Marshal(msg)
 	if err != nil {
 		return err
 	}
 
-	return c.channel.send(ctx, streamID, mtype, p)
+	return c.channel.send(streamID, mtype, p)
 }
 
 func (c *Client) recv(resp *Response, msg *message) error {
@@ -249,7 +371,7 @@ func (c *Client) recv(resp *Response, msg *message) error {
 	}
 
 	if msg.Type != messageTypeResponse {
-		return errors.New("unkown message type received")
+		return errors.New("unknown message type received")
 	}
 
 	defer c.channel.putmbuf(msg.p)
@@ -261,22 +383,25 @@ func (c *Client) recv(resp *Response, msg *message) error {
 //
 // This purposely ignores errors with a wrapped cause.
 func filterCloseErr(err error) error {
-	if err == nil {
+	switch {
+	case err == nil:
 		return nil
-	}
-
-	if err == io.EOF {
+	case err == io.EOF:
 		return ErrClosed
-	}
-
-	if strings.Contains(err.Error(), "use of closed network connection") {
+	case errors.Is(err, io.EOF):
 		return ErrClosed
-	}
-
-	// if we have an epipe on a write, we cast to errclosed
-	if oerr, ok := err.(*net.OpError); ok && oerr.Op == "write" {
-		if serr, ok := oerr.Err.(*os.SyscallError); ok && serr.Err == syscall.EPIPE {
-			return ErrClosed
+	case strings.Contains(err.Error(), "use of closed network connection"):
+		return ErrClosed
+	default:
+		// if we have an epipe on a write or econnreset on a read , we cast to errclosed
+		var oerr *net.OpError
+		if errors.As(err, &oerr) && (oerr.Op == "write" || oerr.Op == "read") {
+			serr, sok := oerr.Err.(*os.SyscallError)
+			if sok && ((serr.Err == syscall.EPIPE && oerr.Op == "write") ||
+				(serr.Err == syscall.ECONNRESET && oerr.Op == "read")) {
+
+				return ErrClosed
+			}
 		}
 	}
 
diff --git a/vendor/github.com/containerd/ttrpc/codec.go b/vendor/github.com/containerd/ttrpc/codec.go
index b4aac2fac0388..880634c27e39d 100644
--- a/vendor/github.com/containerd/ttrpc/codec.go
+++ b/vendor/github.com/containerd/ttrpc/codec.go
@@ -17,8 +17,9 @@
 package ttrpc
 
 import (
+	"fmt"
+
 	"github.com/gogo/protobuf/proto"
-	"github.com/pkg/errors"
 )
 
 type codec struct{}
@@ -28,7 +29,7 @@ func (c codec) Marshal(msg interface{}) ([]byte, error) {
 	case proto.Message:
 		return proto.Marshal(v)
 	default:
-		return nil, errors.Errorf("ttrpc: cannot marshal unknown type: %T", msg)
+		return nil, fmt.Errorf("ttrpc: cannot marshal unknown type: %T", msg)
 	}
 }
 
@@ -37,6 +38,6 @@ func (c codec) Unmarshal(p []byte, msg interface{}) error {
 	case proto.Message:
 		return proto.Unmarshal(p, v)
 	default:
-		return errors.Errorf("ttrpc: cannot unmarshal into unknown type: %T", msg)
+		return fmt.Errorf("ttrpc: cannot unmarshal into unknown type: %T", msg)
 	}
 }
diff --git a/vendor/github.com/containerd/ttrpc/config.go b/vendor/github.com/containerd/ttrpc/config.go
index 019b7a09dd85d..097419635c6ab 100644
--- a/vendor/github.com/containerd/ttrpc/config.go
+++ b/vendor/github.com/containerd/ttrpc/config.go
@@ -16,12 +16,14 @@
 
 package ttrpc
 
-import "github.com/pkg/errors"
+import "errors"
 
 type serverConfig struct {
-	handshaker Handshaker
+	handshaker  Handshaker
+	interceptor UnaryServerInterceptor
 }
 
+// ServerOpt for configuring a ttrpc server
 type ServerOpt func(*serverConfig) error
 
 // WithServerHandshaker can be passed to NewServer to ensure that the
@@ -37,3 +39,14 @@ func WithServerHandshaker(handshaker Handshaker) ServerOpt {
 		return nil
 	}
 }
+
+// WithUnaryServerInterceptor sets the provided interceptor on the server
+func WithUnaryServerInterceptor(i UnaryServerInterceptor) ServerOpt {
+	return func(c *serverConfig) error {
+		if c.interceptor != nil {
+			return errors.New("only one interceptor allowed per server")
+		}
+		c.interceptor = i
+		return nil
+	}
+}
diff --git a/vendor/github.com/containerd/ttrpc/go.mod b/vendor/github.com/containerd/ttrpc/go.mod
new file mode 100644
index 0000000000000..efc00860c6aee
--- /dev/null
+++ b/vendor/github.com/containerd/ttrpc/go.mod
@@ -0,0 +1,13 @@
+module github.com/containerd/ttrpc
+
+go 1.13
+
+require (
+	github.com/gogo/protobuf v1.3.2
+	github.com/prometheus/procfs v0.6.0
+	github.com/sirupsen/logrus v1.8.1
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+	google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
+	google.golang.org/grpc v1.27.1
+	google.golang.org/protobuf v1.27.1
+)
diff --git a/vendor/github.com/containerd/ttrpc/interceptor.go b/vendor/github.com/containerd/ttrpc/interceptor.go
new file mode 100644
index 0000000000000..c1219dac65f6f
--- /dev/null
+++ b/vendor/github.com/containerd/ttrpc/interceptor.go
@@ -0,0 +1,50 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package ttrpc
+
+import "context"
+
+// UnaryServerInfo provides information about the server request
+type UnaryServerInfo struct {
+	FullMethod string
+}
+
+// UnaryClientInfo provides information about the client request
+type UnaryClientInfo struct {
+	FullMethod string
+}
+
+// Unmarshaler contains the server request data and allows it to be unmarshaled
+// into a concrete type
+type Unmarshaler func(interface{}) error
+
+// Invoker invokes the client's request and response from the ttrpc server
+type Invoker func(context.Context, *Request, *Response) error
+
+// UnaryServerInterceptor specifies the interceptor function for server request/response
+type UnaryServerInterceptor func(context.Context, Unmarshaler, *UnaryServerInfo, Method) (interface{}, error)
+
+// UnaryClientInterceptor specifies the interceptor function for client request/response
+type UnaryClientInterceptor func(context.Context, *Request, *Response, *UnaryClientInfo, Invoker) error
+
+func defaultServerInterceptor(ctx context.Context, unmarshal Unmarshaler, info *UnaryServerInfo, method Method) (interface{}, error) {
+	return method(ctx, unmarshal)
+}
+
+func defaultClientInterceptor(ctx context.Context, req *Request, resp *Response, _ *UnaryClientInfo, invoker Invoker) error {
+	return invoker(ctx, req, resp)
+}
diff --git a/vendor/github.com/containerd/ttrpc/metadata.go b/vendor/github.com/containerd/ttrpc/metadata.go
new file mode 100644
index 0000000000000..ce8c0d13c41b5
--- /dev/null
+++ b/vendor/github.com/containerd/ttrpc/metadata.go
@@ -0,0 +1,107 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package ttrpc
+
+import (
+	"context"
+	"strings"
+)
+
+// MD is the user type for ttrpc metadata
+type MD map[string][]string
+
+// Get returns the metadata for a given key when they exist.
+// If there is no metadata, a nil slice and false are returned.
+func (m MD) Get(key string) ([]string, bool) {
+	key = strings.ToLower(key)
+	list, ok := m[key]
+	if !ok || len(list) == 0 {
+		return nil, false
+	}
+
+	return list, true
+}
+
+// Set sets the provided values for a given key.
+// The values will overwrite any existing values.
+// If no values provided, a key will be deleted.
+func (m MD) Set(key string, values ...string) {
+	key = strings.ToLower(key)
+	if len(values) == 0 {
+		delete(m, key)
+		return
+	}
+	m[key] = values
+}
+
+// Append appends additional values to the given key.
+func (m MD) Append(key string, values ...string) {
+	key = strings.ToLower(key)
+	if len(values) == 0 {
+		return
+	}
+	current, ok := m[key]
+	if ok {
+		m.Set(key, append(current, values...)...)
+	} else {
+		m.Set(key, values...)
+	}
+}
+
+func (m MD) setRequest(r *Request) {
+	for k, values := range m {
+		for _, v := range values {
+			r.Metadata = append(r.Metadata, &KeyValue{
+				Key:   k,
+				Value: v,
+			})
+		}
+	}
+}
+
+func (m MD) fromRequest(r *Request) {
+	for _, kv := range r.Metadata {
+		m[kv.Key] = append(m[kv.Key], kv.Value)
+	}
+}
+
+type metadataKey struct{}
+
+// GetMetadata retrieves metadata from context.Context (previously attached with WithMetadata)
+func GetMetadata(ctx context.Context) (MD, bool) {
+	metadata, ok := ctx.Value(metadataKey{}).(MD)
+	return metadata, ok
+}
+
+// GetMetadataValue gets a specific metadata value by name from context.Context
+func GetMetadataValue(ctx context.Context, name string) (string, bool) {
+	metadata, ok := GetMetadata(ctx)
+	if !ok {
+		return "", false
+	}
+
+	if list, ok := metadata.Get(name); ok {
+		return list[0], true
+	}
+
+	return "", false
+}
+
+// WithMetadata attaches metadata map to a context.Context
+func WithMetadata(ctx context.Context, md MD) context.Context {
+	return context.WithValue(ctx, metadataKey{}, md)
+}
diff --git a/vendor/github.com/containerd/ttrpc/server.go b/vendor/github.com/containerd/ttrpc/server.go
index 263cb4583b1c5..b0e48073e4d9f 100644
--- a/vendor/github.com/containerd/ttrpc/server.go
+++ b/vendor/github.com/containerd/ttrpc/server.go
@@ -18,6 +18,7 @@ package ttrpc
 
 import (
 	"context"
+	"errors"
 	"io"
 	"math/rand"
 	"net"
@@ -25,7 +26,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -53,10 +53,13 @@ func NewServer(opts ...ServerOpt) (*Server, error) {
 			return nil, err
 		}
 	}
+	if config.interceptor == nil {
+		config.interceptor = defaultServerInterceptor
+	}
 
 	return &Server{
 		config:      config,
-		services:    newServiceSet(),
+		services:    newServiceSet(config.interceptor),
 		done:        make(chan struct{}),
 		listeners:   make(map[net.Listener]struct{}),
 		connections: make(map[*serverConn]struct{}),
@@ -206,6 +209,20 @@ func (s *Server) addConnection(c *serverConn) {
 	s.connections[c] = struct{}{}
 }
 
+func (s *Server) delConnection(c *serverConn) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	delete(s.connections, c)
+}
+
+func (s *Server) countConnection() int {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return len(s.connections)
+}
+
 func (s *Server) closeIdleConns() bool {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -310,6 +327,7 @@ func (c *serverConn) run(sctx context.Context) {
 	defer c.conn.Close()
 	defer cancel()
 	defer close(done)
+	defer c.server.delConnection(c)
 
 	go func(recvErr chan error) {
 		defer close(recvErr)
@@ -341,7 +359,7 @@ func (c *serverConn) run(sctx context.Context) {
 			default: // proceed
 			}
 
-			mh, p, err := ch.recv(ctx)
+			mh, p, err := ch.recv()
 			if err != nil {
 				status, ok := status.FromError(err)
 				if !ok {
@@ -414,6 +432,9 @@ func (c *serverConn) run(sctx context.Context) {
 		case request := <-requests:
 			active++
 			go func(id uint32) {
+				ctx, cancel := getRequestContext(ctx, request.req)
+				defer cancel()
+
 				p, status := c.server.services.call(ctx, request.req.Service, request.req.Method, request.req.Payload)
 				resp := &Response{
 					Status:  status.Proto(),
@@ -435,7 +456,7 @@ func (c *serverConn) run(sctx context.Context) {
 				return
 			}
 
-			if err := ch.send(ctx, response.id, messageTypeResponse, p); err != nil {
+			if err := ch.send(response.id, messageTypeResponse, p); err != nil {
 				logrus.WithError(err).Error("failed sending message on channel")
 				return
 			}
@@ -446,7 +467,12 @@ func (c *serverConn) run(sctx context.Context) {
 			// branch. Basically, it means that we are no longer receiving
 			// requests due to a terminal error.
 			recvErr = nil // connection is now "closing"
-			if err != nil && err != io.EOF {
+			if err == io.EOF || err == io.ErrUnexpectedEOF {
+				// The client went away and we should stop processing
+				// requests, so that the client connection is closed
+				return
+			}
+			if err != nil {
 				logrus.WithError(err).Error("error receiving message")
 			}
 		case <-shutdown:
@@ -454,3 +480,21 @@ func (c *serverConn) run(sctx context.Context) {
 		}
 	}
 }
+
+var noopFunc = func() {}
+
+func getRequestContext(ctx context.Context, req *Request) (retCtx context.Context, cancel func()) {
+	if len(req.Metadata) > 0 {
+		md := MD{}
+		md.fromRequest(req)
+		ctx = WithMetadata(ctx, md)
+	}
+
+	cancel = noopFunc
+	if req.TimeoutNano == 0 {
+		return ctx, cancel
+	}
+
+	ctx, cancel = context.WithTimeout(ctx, time.Duration(req.TimeoutNano))
+	return ctx, cancel
+}
diff --git a/vendor/github.com/containerd/ttrpc/services.go b/vendor/github.com/containerd/ttrpc/services.go
index e90963825912a..f359e9611f9e5 100644
--- a/vendor/github.com/containerd/ttrpc/services.go
+++ b/vendor/github.com/containerd/ttrpc/services.go
@@ -18,12 +18,14 @@ package ttrpc
 
 import (
 	"context"
+	"errors"
+	"fmt"
 	"io"
 	"os"
 	"path"
+	"unsafe"
 
 	"github.com/gogo/protobuf/proto"
-	"github.com/pkg/errors"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -37,18 +39,20 @@ type ServiceDesc struct {
 }
 
 type serviceSet struct {
-	services map[string]ServiceDesc
+	services    map[string]ServiceDesc
+	interceptor UnaryServerInterceptor
 }
 
-func newServiceSet() *serviceSet {
+func newServiceSet(interceptor UnaryServerInterceptor) *serviceSet {
 	return &serviceSet{
-		services: make(map[string]ServiceDesc),
+		services:    make(map[string]ServiceDesc),
+		interceptor: interceptor,
 	}
 }
 
 func (s *serviceSet) register(name string, methods map[string]Method) {
 	if _, ok := s.services[name]; ok {
-		panic(errors.Errorf("duplicate service %v registered", name))
+		panic(fmt.Errorf("duplicate service %v registered", name))
 	}
 
 	s.services[name] = ServiceDesc{
@@ -76,7 +80,7 @@ func (s *serviceSet) dispatch(ctx context.Context, serviceName, methodName strin
 		switch v := obj.(type) {
 		case proto.Message:
 			if err := proto.Unmarshal(p, v); err != nil {
-				return status.Errorf(codes.Internal, "ttrpc: error unmarshaling payload: %v", err.Error())
+				return status.Errorf(codes.Internal, "ttrpc: error unmarshalling payload: %v", err.Error())
 			}
 		default:
 			return status.Errorf(codes.Internal, "ttrpc: error unsupported request type: %T", v)
@@ -84,11 +88,19 @@ func (s *serviceSet) dispatch(ctx context.Context, serviceName, methodName strin
 		return nil
 	}
 
-	resp, err := method(ctx, unmarshal)
+	info := &UnaryServerInfo{
+		FullMethod: fullPath(serviceName, methodName),
+	}
+
+	resp, err := s.interceptor(ctx, unmarshal, info, method)
 	if err != nil {
 		return nil, err
 	}
 
+	if isNil(resp) {
+		return nil, errors.New("ttrpc: marshal called with nil")
+	}
+
 	switch v := resp.(type) {
 	case proto.Message:
 		r, err := proto.Marshal(v)
@@ -105,12 +117,12 @@ func (s *serviceSet) dispatch(ctx context.Context, serviceName, methodName strin
 func (s *serviceSet) resolve(service, method string) (Method, error) {
 	srv, ok := s.services[service]
 	if !ok {
-		return nil, status.Errorf(codes.NotFound, "service %v", service)
+		return nil, status.Errorf(codes.Unimplemented, "service %v", service)
 	}
 
 	mthd, ok := srv.Methods[method]
 	if !ok {
-		return nil, status.Errorf(codes.NotFound, "method %v", method)
+		return nil, status.Errorf(codes.Unimplemented, "method %v", method)
 	}
 
 	return mthd, nil
@@ -146,5 +158,9 @@ func convertCode(err error) codes.Code {
 }
 
 func fullPath(service, method string) string {
-	return "/" + path.Join("/", service, method)
+	return "/" + path.Join(service, method)
+}
+
+func isNil(resp interface{}) bool {
+	return (*[2]uintptr)(unsafe.Pointer(&resp))[1] == 0
 }
diff --git a/vendor/github.com/containerd/ttrpc/types.go b/vendor/github.com/containerd/ttrpc/types.go
index 1f7969e5cf46d..9a1c19a7238de 100644
--- a/vendor/github.com/containerd/ttrpc/types.go
+++ b/vendor/github.com/containerd/ttrpc/types.go
@@ -23,9 +23,11 @@ import (
 )
 
 type Request struct {
-	Service string `protobuf:"bytes,1,opt,name=service,proto3"`
-	Method  string `protobuf:"bytes,2,opt,name=method,proto3"`
-	Payload []byte `protobuf:"bytes,3,opt,name=payload,proto3"`
+	Service     string      `protobuf:"bytes,1,opt,name=service,proto3"`
+	Method      string      `protobuf:"bytes,2,opt,name=method,proto3"`
+	Payload     []byte      `protobuf:"bytes,3,opt,name=payload,proto3"`
+	TimeoutNano int64       `protobuf:"varint,4,opt,name=timeout_nano,proto3"`
+	Metadata    []*KeyValue `protobuf:"bytes,5,rep,name=metadata,proto3"`
 }
 
 func (r *Request) Reset()         { *r = Request{} }
@@ -40,3 +42,22 @@ type Response struct {
 func (r *Response) Reset()         { *r = Response{} }
 func (r *Response) String() string { return fmt.Sprintf("%+#v", r) }
 func (r *Response) ProtoMessage()  {}
+
+type StringList struct {
+	List []string `protobuf:"bytes,1,rep,name=list,proto3"`
+}
+
+func (r *StringList) Reset()         { *r = StringList{} }
+func (r *StringList) String() string { return fmt.Sprintf("%+#v", r) }
+func (r *StringList) ProtoMessage()  {}
+
+func makeStringList(item ...string) StringList { return StringList{List: item} }
+
+type KeyValue struct {
+	Key   string `protobuf:"bytes,1,opt,name=key,proto3"`
+	Value string `protobuf:"bytes,2,opt,name=value,proto3"`
+}
+
+func (m *KeyValue) Reset()         { *m = KeyValue{} }
+func (*KeyValue) ProtoMessage()    {}
+func (m *KeyValue) String() string { return fmt.Sprintf("%+#v", m) }
diff --git a/vendor/github.com/containerd/ttrpc/unixcreds_linux.go b/vendor/github.com/containerd/ttrpc/unixcreds_linux.go
index a471bd365ca95..a59dad60cd55e 100644
--- a/vendor/github.com/containerd/ttrpc/unixcreds_linux.go
+++ b/vendor/github.com/containerd/ttrpc/unixcreds_linux.go
@@ -18,11 +18,12 @@ package ttrpc
 
 import (
 	"context"
+	"errors"
+	"fmt"
 	"net"
 	"os"
 	"syscall"
 
-	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
 
@@ -31,12 +32,12 @@ type UnixCredentialsFunc func(*unix.Ucred) error
 func (fn UnixCredentialsFunc) Handshake(ctx context.Context, conn net.Conn) (net.Conn, interface{}, error) {
 	uc, err := requireUnixSocket(conn)
 	if err != nil {
-		return nil, nil, errors.Wrap(err, "ttrpc.UnixCredentialsFunc: require unix socket")
+		return nil, nil, fmt.Errorf("ttrpc.UnixCredentialsFunc: require unix socket: %w", err)
 	}
 
 	rs, err := uc.SyscallConn()
 	if err != nil {
-		return nil, nil, errors.Wrap(err, "ttrpc.UnixCredentialsFunc: (net.UnixConn).SyscallConn failed")
+		return nil, nil, fmt.Errorf("ttrpc.UnixCredentialsFunc: (net.UnixConn).SyscallConn failed: %w", err)
 	}
 	var (
 		ucred    *unix.Ucred
@@ -45,15 +46,15 @@ func (fn UnixCredentialsFunc) Handshake(ctx context.Context, conn net.Conn) (net
 	if err := rs.Control(func(fd uintptr) {
 		ucred, ucredErr = unix.GetsockoptUcred(int(fd), unix.SOL_SOCKET, unix.SO_PEERCRED)
 	}); err != nil {
-		return nil, nil, errors.Wrapf(err, "ttrpc.UnixCredentialsFunc: (*syscall.RawConn).Control failed")
+		return nil, nil, fmt.Errorf("ttrpc.UnixCredentialsFunc: (*syscall.RawConn).Control failed: %w", err)
 	}
 
 	if ucredErr != nil {
-		return nil, nil, errors.Wrapf(err, "ttrpc.UnixCredentialsFunc: failed to retrieve socket peer credentials")
+		return nil, nil, fmt.Errorf("ttrpc.UnixCredentialsFunc: failed to retrieve socket peer credentials: %w", err)
 	}
 
 	if err := fn(ucred); err != nil {
-		return nil, nil, errors.Wrapf(err, "ttrpc.UnixCredentialsFunc: credential check failed")
+		return nil, nil, fmt.Errorf("ttrpc.UnixCredentialsFunc: credential check failed: %w", err)
 	}
 
 	return uc, ucred, nil
@@ -93,7 +94,7 @@ func requireRoot(ucred *unix.Ucred) error {
 
 func requireUidGid(ucred *unix.Ucred, uid, gid int) error {
 	if (uid != -1 && uint32(uid) != ucred.Uid) || (gid != -1 && uint32(gid) != ucred.Gid) {
-		return errors.Wrap(syscall.EPERM, "ttrpc: invalid credentials")
+		return fmt.Errorf("ttrpc: invalid credentials: %v", syscall.EPERM)
 	}
 	return nil
 }
diff --git a/vendor/github.com/containerd/typeurl/LICENSE b/vendor/github.com/containerd/typeurl/LICENSE
index 261eeb9e9f8b2..584149b6ee28c 100644
--- a/vendor/github.com/containerd/typeurl/LICENSE
+++ b/vendor/github.com/containerd/typeurl/LICENSE
@@ -1,6 +1,7 @@
+
                                  Apache License
                            Version 2.0, January 2004
-                        http://www.apache.org/licenses/
+                        https://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
@@ -175,24 +176,13 @@
 
    END OF TERMS AND CONDITIONS
 
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
+   Copyright The containerd Authors
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at
 
-       http://www.apache.org/licenses/LICENSE-2.0
+       https://www.apache.org/licenses/LICENSE-2.0
 
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/vendor/github.com/containerd/typeurl/README.md b/vendor/github.com/containerd/typeurl/README.md
index e0787743c5dad..d021e96724972 100644
--- a/vendor/github.com/containerd/typeurl/README.md
+++ b/vendor/github.com/containerd/typeurl/README.md
@@ -1,9 +1,20 @@
 # typeurl
 
-[![Build Status](https://travis-ci.org/containerd/typeurl.svg?branch=master)](https://travis-ci.org/containerd/typeurl)
-
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/containerd/typeurl)](https://pkg.go.dev/github.com/containerd/typeurl)
+[![Build Status](https://github.com/containerd/typeurl/workflows/CI/badge.svg)](https://github.com/containerd/typeurl/actions?query=workflow%3ACI)
 [![codecov](https://codecov.io/gh/containerd/typeurl/branch/master/graph/badge.svg)](https://codecov.io/gh/containerd/typeurl)
+[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/typeurl)](https://goreportcard.com/report/github.com/containerd/typeurl)
 
 A Go package for managing the registration, marshaling, and unmarshaling of encoded types.
 
-This package helps when types are sent over a GRPC API and marshaled as a [protobuf.Any]().
+This package helps when types are sent over a GRPC API and marshaled as a [protobuf.Any](https://github.com/gogo/protobuf/blob/master/protobuf/google/protobuf/any.proto).
+
+## Project details
+
+**typeurl** is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
+As a containerd sub-project, you will find the:
+ * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/typeurl/doc.go b/vendor/github.com/containerd/typeurl/doc.go
new file mode 100644
index 0000000000000..c0d0fd2053339
--- /dev/null
+++ b/vendor/github.com/containerd/typeurl/doc.go
@@ -0,0 +1,83 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package typeurl
+
+// Package typeurl assists with managing the registration, marshaling, and
+// unmarshaling of types encoded as protobuf.Any.
+//
+// A protobuf.Any is a proto message that can contain any arbitrary data. It
+// consists of two components, a TypeUrl and a Value, and its proto definition
+// looks like this:
+//
+//   message Any {
+//     string type_url = 1;
+//     bytes value = 2;
+//   }
+//
+// The TypeUrl is used to distinguish the contents from other proto.Any
+// messages. This typeurl library manages these URLs to enable automagic
+// marshaling and unmarshaling of the contents.
+//
+// For example, consider this go struct:
+//
+//   type Foo struct {
+//     Field1 string
+//     Field2 string
+//   }
+//
+// To use typeurl, types must first be registered. This is typically done in
+// the init function
+//
+//   func init() {
+//      typeurl.Register(&Foo{}, "Foo")
+//   }
+//
+// This will register the type Foo with the url path "Foo". The arguments to
+// Register are variadic, and are used to construct a url path. Consider this
+// example, from the github.com/containerd/containerd/client package:
+//
+//   func init() {
+//     const prefix = "types.containerd.io"
+//     // register TypeUrls for commonly marshaled external types
+//     major := strconv.Itoa(specs.VersionMajor)
+//     typeurl.Register(&specs.Spec{}, prefix, "opencontainers/runtime-spec", major, "Spec")
+//     // this function has more Register calls, which are elided.
+//   }
+//
+// This registers several types under a more complex url, which ends up mapping
+// to `types.containerd.io/opencontainers/runtime-spec/1/Spec` (or some other
+// value for major).
+//
+// Once a type is registered, it can be marshaled to a proto.Any message simply
+// by calling `MarshalAny`, like this:
+//
+//   foo := &Foo{Field1: "value1", Field2: "value2"}
+//   anyFoo, err := typeurl.MarshalAny(foo)
+//
+// MarshalAny will resolve the correct URL for the type. If the type in
+// question implements the proto.Message interface, then it will be marshaled
+// as a proto message. Otherwise, it will be marshaled as json. This means that
+// typeurl will work on any arbitrary data, whether or not it has a proto
+// definition, as long as it can be serialized to json.
+//
+// To unmarshal, the process is simply inverse:
+//
+//   iface, err := typeurl.UnmarshalAny(anyFoo)
+//   foo := iface.(*Foo)
+//
+// The correct type is automatically chosen from the type registry, and the
+// returned interface can be cast straight to that type.
diff --git a/vendor/github.com/containerd/typeurl/go.mod b/vendor/github.com/containerd/typeurl/go.mod
new file mode 100644
index 0000000000000..77e171e57bcb4
--- /dev/null
+++ b/vendor/github.com/containerd/typeurl/go.mod
@@ -0,0 +1,8 @@
+module github.com/containerd/typeurl
+
+go 1.13
+
+require (
+	github.com/gogo/protobuf v1.3.2
+	github.com/pkg/errors v0.9.1
+)
diff --git a/vendor/github.com/containerd/typeurl/types.go b/vendor/github.com/containerd/typeurl/types.go
index 153c488d0aa62..647d419a293d9 100644
--- a/vendor/github.com/containerd/typeurl/types.go
+++ b/vendor/github.com/containerd/typeurl/types.go
@@ -28,13 +28,25 @@ import (
 )
 
 var (
-	mu       sync.Mutex
+	mu       sync.RWMutex
 	registry = make(map[reflect.Type]string)
 )
 
-var ErrNotFound = errors.New("not found")
+// Definitions of common error types used throughout typeurl.
+//
+// These error types are used with errors.Wrap and errors.Wrapf to add context
+// to an error.
+//
+// To detect an error class, use errors.Is() functions to tell whether an
+// error is of this type.
+var (
+	ErrNotFound = errors.New("not found")
+)
 
-// Register a type with the base url of the type
+// Register a type with a base URL for JSON marshaling. When the MarshalAny and
+// UnmarshalAny functions are called they will treat the Any type value as JSON.
+// To use protocol buffers for handling the Any value the proto.Register
+// function should be used instead of this function.
 func Register(v interface{}, args ...string) {
 	var (
 		t = tryDereference(v)
@@ -44,18 +56,18 @@ func Register(v interface{}, args ...string) {
 	defer mu.Unlock()
 	if et, ok := registry[t]; ok {
 		if et != p {
-			panic(errors.Errorf("type registred with alternate path %q != %q", et, p))
+			panic(errors.Errorf("type registered with alternate path %q != %q", et, p))
 		}
 		return
 	}
 	registry[t] = p
 }
 
-// TypeURL returns the type url for a registred type
+// TypeURL returns the type url for a registered type.
 func TypeURL(v interface{}) (string, error) {
-	mu.Lock()
+	mu.RLock()
 	u, ok := registry[tryDereference(v)]
-	mu.Unlock()
+	mu.RUnlock()
 	if !ok {
 		// fallback to the proto registry if it is a proto message
 		pb, ok := v.(proto.Message)
@@ -67,7 +79,7 @@ func TypeURL(v interface{}) (string, error) {
 	return u, nil
 }
 
-// Is returns true if the type of the Any is the same as v
+// Is returns true if the type of the Any is the same as v.
 func Is(any *types.Any, v interface{}) bool {
 	// call to check that v is a pointer
 	tryDereference(v)
@@ -78,7 +90,10 @@ func Is(any *types.Any, v interface{}) bool {
 	return any.TypeUrl == url
 }
 
-// MarshalAny marshals the value v into an any with the correct TypeUrl
+// MarshalAny marshals the value v into an any with the correct TypeUrl.
+// If the provided object is already a proto.Any message, then it will be
+// returned verbatim. If it is of type proto.Message, it will be marshaled as a
+// protocol buffer. Otherwise, the object will be marshaled to json.
 func MarshalAny(v interface{}) (*types.Any, error) {
 	var marshal func(v interface{}) ([]byte, error)
 	switch t := v.(type) {
@@ -108,18 +123,56 @@ func MarshalAny(v interface{}) (*types.Any, error) {
 	}, nil
 }
 
-// UnmarshalAny unmarshals the any type into a concrete type
+// UnmarshalAny unmarshals the any type into a concrete type.
 func UnmarshalAny(any *types.Any) (interface{}, error) {
-	t, err := getTypeByUrl(any.TypeUrl)
+	return UnmarshalByTypeURL(any.TypeUrl, any.Value)
+}
+
+// UnmarshalByTypeURL unmarshals the given type and value to into a concrete type.
+func UnmarshalByTypeURL(typeURL string, value []byte) (interface{}, error) {
+	return unmarshal(typeURL, value, nil)
+}
+
+// UnmarshalTo unmarshals the any type into a concrete type passed in the out
+// argument. It is identical to UnmarshalAny, but lets clients provide a
+// destination type through the out argument.
+func UnmarshalTo(any *types.Any, out interface{}) error {
+	return UnmarshalToByTypeURL(any.TypeUrl, any.Value, out)
+}
+
+// UnmarshalTo unmarshals the given type and value into a concrete type passed
+// in the out argument. It is identical to UnmarshalByTypeURL, but lets clients
+// provide a destination type through the out argument.
+func UnmarshalToByTypeURL(typeURL string, value []byte, out interface{}) error {
+	_, err := unmarshal(typeURL, value, out)
+	return err
+}
+
+func unmarshal(typeURL string, value []byte, v interface{}) (interface{}, error) {
+	t, err := getTypeByUrl(typeURL)
 	if err != nil {
 		return nil, err
 	}
-	v := reflect.New(t.t).Interface()
+
+	if v == nil {
+		v = reflect.New(t.t).Interface()
+	} else {
+		// Validate interface type provided by client
+		vURL, err := TypeURL(v)
+		if err != nil {
+			return nil, err
+		}
+		if typeURL != vURL {
+			return nil, errors.Errorf("can't unmarshal type %q to output %q", typeURL, vURL)
+		}
+	}
+
 	if t.isProto {
-		err = proto.Unmarshal(any.Value, v.(proto.Message))
+		err = proto.Unmarshal(value, v.(proto.Message))
 	} else {
-		err = json.Unmarshal(any.Value, v)
+		err = json.Unmarshal(value, v)
 	}
+
 	return v, err
 }
 
@@ -129,13 +182,16 @@ type urlType struct {
 }
 
 func getTypeByUrl(url string) (urlType, error) {
+	mu.RLock()
 	for t, u := range registry {
 		if u == url {
+			mu.RUnlock()
 			return urlType{
 				t: t,
 			}, nil
 		}
 	}
+	mu.RUnlock()
 	// fallback to proto registry
 	t := proto.MessageType(url)
 	if t != nil {
diff --git a/vendor/github.com/coreos/etcd/client/json.go b/vendor/github.com/coreos/etcd/client/json.go
new file mode 100644
index 0000000000000..97cdbcd7cfa57
--- /dev/null
+++ b/vendor/github.com/coreos/etcd/client/json.go
@@ -0,0 +1,72 @@
+// Copyright 2019 The etcd Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"github.com/json-iterator/go"
+	"github.com/modern-go/reflect2"
+	"strconv"
+	"unsafe"
+)
+
+type customNumberExtension struct {
+	jsoniter.DummyExtension
+}
+
+func (cne *customNumberExtension) CreateDecoder(typ reflect2.Type) jsoniter.ValDecoder {
+	if typ.String() == "interface {}" {
+		return customNumberDecoder{}
+	}
+	return nil
+}
+
+type customNumberDecoder struct {
+}
+
+func (customNumberDecoder) Decode(ptr unsafe.Pointer, iter *jsoniter.Iterator) {
+	switch iter.WhatIsNext() {
+	case jsoniter.NumberValue:
+		var number jsoniter.Number
+		iter.ReadVal(&number)
+		i64, err := strconv.ParseInt(string(number), 10, 64)
+		if err == nil {
+			*(*interface{})(ptr) = i64
+			return
+		}
+		f64, err := strconv.ParseFloat(string(number), 64)
+		if err == nil {
+			*(*interface{})(ptr) = f64
+			return
+		}
+		iter.ReportError("DecodeNumber", err.Error())
+	default:
+		*(*interface{})(ptr) = iter.Read()
+	}
+}
+
+// caseSensitiveJsonIterator returns a jsoniterator API that's configured to be
+// case-sensitive when unmarshalling, and otherwise compatible with
+// the encoding/json standard library.
+func caseSensitiveJsonIterator() jsoniter.API {
+	config := jsoniter.Config{
+		EscapeHTML:             true,
+		SortMapKeys:            true,
+		ValidateJsonRawMessage: true,
+		CaseSensitive:          true,
+	}.Froze()
+	// Force jsoniter to decode number to interface{} via int64/float64, if possible.
+	config.RegisterExtension(&customNumberExtension{})
+	return config
+}
diff --git a/vendor/github.com/coreos/etcd/client/keys.generated.go b/vendor/github.com/coreos/etcd/client/keys.generated.go
deleted file mode 100644
index 237fdbe8ffd17..0000000000000
--- a/vendor/github.com/coreos/etcd/client/keys.generated.go
+++ /dev/null
@@ -1,5218 +0,0 @@
-// ************************************************************
-// DO NOT EDIT.
-// THIS FILE IS AUTO-GENERATED BY codecgen.
-// ************************************************************
-
-package client
-
-import (
-	"errors"
-	"fmt"
-	"reflect"
-	"runtime"
-	time "time"
-
-	codec1978 "github.com/ugorji/go/codec"
-)
-
-const (
-	// ----- content types ----
-	codecSelferC_UTF87612 = 1
-	codecSelferC_RAW7612  = 0
-	// ----- value types used ----
-	codecSelferValueTypeArray7612 = 10
-	codecSelferValueTypeMap7612   = 9
-	// ----- containerStateValues ----
-	codecSelfer_containerMapKey7612    = 2
-	codecSelfer_containerMapValue7612  = 3
-	codecSelfer_containerMapEnd7612    = 4
-	codecSelfer_containerArrayElem7612 = 6
-	codecSelfer_containerArrayEnd7612  = 7
-)
-
-var (
-	codecSelferBitsize7612                         = uint8(reflect.TypeOf(uint(0)).Bits())
-	codecSelferOnlyMapOrArrayEncodeToStructErr7612 = errors.New(`only encoded map or array can be decoded into a struct`)
-)
-
-type codecSelfer7612 struct{}
-
-func init() {
-	if codec1978.GenVersion != 8 {
-		_, file, _, _ := runtime.Caller(0)
-		err := fmt.Errorf("codecgen version mismatch: current: %v, need %v. Re-generate file: %v",
-			8, codec1978.GenVersion, file)
-		panic(err)
-	}
-	if false { // reference the types, but skip this branch at build/run time
-		var v0 time.Duration
-		_ = v0
-	}
-}
-
-func (x *Error) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(4)
-			} else {
-				r.WriteMapStart(4)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeInt(int64(x.Code))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("errorCode"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeInt(int64(x.Code))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Message))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("message"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Message))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Cause))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("cause"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Cause))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym13 := z.EncBinary()
-				_ = yym13
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.Index))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("index"))
-				r.WriteMapElemValue()
-				yym14 := z.EncBinary()
-				_ = yym14
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.Index))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *Error) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *Error) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "errorCode":
-			if r.TryDecodeAsNil() {
-				x.Code = 0
-			} else {
-				yyv4 := &x.Code
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*int)(yyv4)) = int(r.DecodeInt(codecSelferBitsize7612))
-				}
-			}
-		case "message":
-			if r.TryDecodeAsNil() {
-				x.Message = ""
-			} else {
-				yyv6 := &x.Message
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*string)(yyv6)) = r.DecodeString()
-				}
-			}
-		case "cause":
-			if r.TryDecodeAsNil() {
-				x.Cause = ""
-			} else {
-				yyv8 := &x.Cause
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*string)(yyv8)) = r.DecodeString()
-				}
-			}
-		case "index":
-			if r.TryDecodeAsNil() {
-				x.Index = 0
-			} else {
-				yyv10 := &x.Index
-				yym11 := z.DecBinary()
-				_ = yym11
-				if false {
-				} else {
-					*((*uint64)(yyv10)) = uint64(r.DecodeUint(64))
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *Error) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj12 int
-	var yyb12 bool
-	var yyhl12 bool = l >= 0
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Code = 0
-	} else {
-		yyv13 := &x.Code
-		yym14 := z.DecBinary()
-		_ = yym14
-		if false {
-		} else {
-			*((*int)(yyv13)) = int(r.DecodeInt(codecSelferBitsize7612))
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Message = ""
-	} else {
-		yyv15 := &x.Message
-		yym16 := z.DecBinary()
-		_ = yym16
-		if false {
-		} else {
-			*((*string)(yyv15)) = r.DecodeString()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Cause = ""
-	} else {
-		yyv17 := &x.Cause
-		yym18 := z.DecBinary()
-		_ = yym18
-		if false {
-		} else {
-			*((*string)(yyv17)) = r.DecodeString()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Index = 0
-	} else {
-		yyv19 := &x.Index
-		yym20 := z.DecBinary()
-		_ = yym20
-		if false {
-		} else {
-			*((*uint64)(yyv19)) = uint64(r.DecodeUint(64))
-		}
-	}
-	for {
-		yyj12++
-		if yyhl12 {
-			yyb12 = yyj12 > l
-		} else {
-			yyb12 = r.CheckBreak()
-		}
-		if yyb12 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj12-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x PrevExistType) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	yym1 := z.EncBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.EncExt(x) {
-	} else {
-		r.EncodeString(codecSelferC_UTF87612, string(x))
-	}
-}
-
-func (x *PrevExistType) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		*((*string)(x)) = r.DecodeString()
-	}
-}
-
-func (x *WatcherOptions) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(2)
-			} else {
-				r.WriteMapStart(2)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.AfterIndex))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("AfterIndex"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.AfterIndex))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Recursive"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *WatcherOptions) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *WatcherOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "AfterIndex":
-			if r.TryDecodeAsNil() {
-				x.AfterIndex = 0
-			} else {
-				yyv4 := &x.AfterIndex
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*uint64)(yyv4)) = uint64(r.DecodeUint(64))
-				}
-			}
-		case "Recursive":
-			if r.TryDecodeAsNil() {
-				x.Recursive = false
-			} else {
-				yyv6 := &x.Recursive
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*bool)(yyv6)) = r.DecodeBool()
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *WatcherOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj8 int
-	var yyb8 bool
-	var yyhl8 bool = l >= 0
-	yyj8++
-	if yyhl8 {
-		yyb8 = yyj8 > l
-	} else {
-		yyb8 = r.CheckBreak()
-	}
-	if yyb8 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.AfterIndex = 0
-	} else {
-		yyv9 := &x.AfterIndex
-		yym10 := z.DecBinary()
-		_ = yym10
-		if false {
-		} else {
-			*((*uint64)(yyv9)) = uint64(r.DecodeUint(64))
-		}
-	}
-	yyj8++
-	if yyhl8 {
-		yyb8 = yyj8 > l
-	} else {
-		yyb8 = r.CheckBreak()
-	}
-	if yyb8 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Recursive = false
-	} else {
-		yyv11 := &x.Recursive
-		yym12 := z.DecBinary()
-		_ = yym12
-		if false {
-		} else {
-			*((*bool)(yyv11)) = r.DecodeBool()
-		}
-	}
-	for {
-		yyj8++
-		if yyhl8 {
-			yyb8 = yyj8 > l
-		} else {
-			yyb8 = r.CheckBreak()
-		}
-		if yyb8 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj8-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *CreateInOrderOptions) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(1)
-			} else {
-				r.WriteMapStart(1)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else if z.HasExtensions() && z.EncExt(x.TTL) {
-				} else {
-					r.EncodeInt(int64(x.TTL))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("TTL"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else if z.HasExtensions() && z.EncExt(x.TTL) {
-				} else {
-					r.EncodeInt(int64(x.TTL))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *CreateInOrderOptions) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *CreateInOrderOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "TTL":
-			if r.TryDecodeAsNil() {
-				x.TTL = 0
-			} else {
-				yyv4 := &x.TTL
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else if z.HasExtensions() && z.DecExt(yyv4) {
-				} else {
-					*((*int64)(yyv4)) = int64(r.DecodeInt(64))
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *CreateInOrderOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj6 int
-	var yyb6 bool
-	var yyhl6 bool = l >= 0
-	yyj6++
-	if yyhl6 {
-		yyb6 = yyj6 > l
-	} else {
-		yyb6 = r.CheckBreak()
-	}
-	if yyb6 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.TTL = 0
-	} else {
-		yyv7 := &x.TTL
-		yym8 := z.DecBinary()
-		_ = yym8
-		if false {
-		} else if z.HasExtensions() && z.DecExt(yyv7) {
-		} else {
-			*((*int64)(yyv7)) = int64(r.DecodeInt(64))
-		}
-	}
-	for {
-		yyj6++
-		if yyhl6 {
-			yyb6 = yyj6 > l
-		} else {
-			yyb6 = r.CheckBreak()
-		}
-		if yyb6 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj6-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *SetOptions) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(7)
-			} else {
-				r.WriteMapStart(7)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.PrevValue))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevValue"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.PrevValue))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.PrevIndex))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevIndex"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.PrevIndex))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				x.PrevExist.CodecEncodeSelf(e)
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevExist"))
-				r.WriteMapElemValue()
-				x.PrevExist.CodecEncodeSelf(e)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym13 := z.EncBinary()
-				_ = yym13
-				if false {
-				} else if z.HasExtensions() && z.EncExt(x.TTL) {
-				} else {
-					r.EncodeInt(int64(x.TTL))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("TTL"))
-				r.WriteMapElemValue()
-				yym14 := z.EncBinary()
-				_ = yym14
-				if false {
-				} else if z.HasExtensions() && z.EncExt(x.TTL) {
-				} else {
-					r.EncodeInt(int64(x.TTL))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym16 := z.EncBinary()
-				_ = yym16
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Refresh))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Refresh"))
-				r.WriteMapElemValue()
-				yym17 := z.EncBinary()
-				_ = yym17
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Refresh))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym19 := z.EncBinary()
-				_ = yym19
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Dir))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Dir"))
-				r.WriteMapElemValue()
-				yym20 := z.EncBinary()
-				_ = yym20
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Dir))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym22 := z.EncBinary()
-				_ = yym22
-				if false {
-				} else {
-					r.EncodeBool(bool(x.NoValueOnSuccess))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("NoValueOnSuccess"))
-				r.WriteMapElemValue()
-				yym23 := z.EncBinary()
-				_ = yym23
-				if false {
-				} else {
-					r.EncodeBool(bool(x.NoValueOnSuccess))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *SetOptions) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *SetOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "PrevValue":
-			if r.TryDecodeAsNil() {
-				x.PrevValue = ""
-			} else {
-				yyv4 := &x.PrevValue
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "PrevIndex":
-			if r.TryDecodeAsNil() {
-				x.PrevIndex = 0
-			} else {
-				yyv6 := &x.PrevIndex
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*uint64)(yyv6)) = uint64(r.DecodeUint(64))
-				}
-			}
-		case "PrevExist":
-			if r.TryDecodeAsNil() {
-				x.PrevExist = ""
-			} else {
-				yyv8 := &x.PrevExist
-				yyv8.CodecDecodeSelf(d)
-			}
-		case "TTL":
-			if r.TryDecodeAsNil() {
-				x.TTL = 0
-			} else {
-				yyv9 := &x.TTL
-				yym10 := z.DecBinary()
-				_ = yym10
-				if false {
-				} else if z.HasExtensions() && z.DecExt(yyv9) {
-				} else {
-					*((*int64)(yyv9)) = int64(r.DecodeInt(64))
-				}
-			}
-		case "Refresh":
-			if r.TryDecodeAsNil() {
-				x.Refresh = false
-			} else {
-				yyv11 := &x.Refresh
-				yym12 := z.DecBinary()
-				_ = yym12
-				if false {
-				} else {
-					*((*bool)(yyv11)) = r.DecodeBool()
-				}
-			}
-		case "Dir":
-			if r.TryDecodeAsNil() {
-				x.Dir = false
-			} else {
-				yyv13 := &x.Dir
-				yym14 := z.DecBinary()
-				_ = yym14
-				if false {
-				} else {
-					*((*bool)(yyv13)) = r.DecodeBool()
-				}
-			}
-		case "NoValueOnSuccess":
-			if r.TryDecodeAsNil() {
-				x.NoValueOnSuccess = false
-			} else {
-				yyv15 := &x.NoValueOnSuccess
-				yym16 := z.DecBinary()
-				_ = yym16
-				if false {
-				} else {
-					*((*bool)(yyv15)) = r.DecodeBool()
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *SetOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj17 int
-	var yyb17 bool
-	var yyhl17 bool = l >= 0
-	yyj17++
-	if yyhl17 {
-		yyb17 = yyj17 > l
-	} else {
-		yyb17 = r.CheckBreak()
-	}
-	if yyb17 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevValue = ""
-	} else {
-		yyv18 := &x.PrevValue
-		yym19 := z.DecBinary()
-		_ = yym19
-		if false {
-		} else {
-			*((*string)(yyv18)) = r.DecodeString()
-		}
-	}
-	yyj17++
-	if yyhl17 {
-		yyb17 = yyj17 > l
-	} else {
-		yyb17 = r.CheckBreak()
-	}
-	if yyb17 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevIndex = 0
-	} else {
-		yyv20 := &x.PrevIndex
-		yym21 := z.DecBinary()
-		_ = yym21
-		if false {
-		} else {
-			*((*uint64)(yyv20)) = uint64(r.DecodeUint(64))
-		}
-	}
-	yyj17++
-	if yyhl17 {
-		yyb17 = yyj17 > l
-	} else {
-		yyb17 = r.CheckBreak()
-	}
-	if yyb17 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevExist = ""
-	} else {
-		yyv22 := &x.PrevExist
-		yyv22.CodecDecodeSelf(d)
-	}
-	yyj17++
-	if yyhl17 {
-		yyb17 = yyj17 > l
-	} else {
-		yyb17 = r.CheckBreak()
-	}
-	if yyb17 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.TTL = 0
-	} else {
-		yyv23 := &x.TTL
-		yym24 := z.DecBinary()
-		_ = yym24
-		if false {
-		} else if z.HasExtensions() && z.DecExt(yyv23) {
-		} else {
-			*((*int64)(yyv23)) = int64(r.DecodeInt(64))
-		}
-	}
-	yyj17++
-	if yyhl17 {
-		yyb17 = yyj17 > l
-	} else {
-		yyb17 = r.CheckBreak()
-	}
-	if yyb17 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Refresh = false
-	} else {
-		yyv25 := &x.Refresh
-		yym26 := z.DecBinary()
-		_ = yym26
-		if false {
-		} else {
-			*((*bool)(yyv25)) = r.DecodeBool()
-		}
-	}
-	yyj17++
-	if yyhl17 {
-		yyb17 = yyj17 > l
-	} else {
-		yyb17 = r.CheckBreak()
-	}
-	if yyb17 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Dir = false
-	} else {
-		yyv27 := &x.Dir
-		yym28 := z.DecBinary()
-		_ = yym28
-		if false {
-		} else {
-			*((*bool)(yyv27)) = r.DecodeBool()
-		}
-	}
-	yyj17++
-	if yyhl17 {
-		yyb17 = yyj17 > l
-	} else {
-		yyb17 = r.CheckBreak()
-	}
-	if yyb17 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.NoValueOnSuccess = false
-	} else {
-		yyv29 := &x.NoValueOnSuccess
-		yym30 := z.DecBinary()
-		_ = yym30
-		if false {
-		} else {
-			*((*bool)(yyv29)) = r.DecodeBool()
-		}
-	}
-	for {
-		yyj17++
-		if yyhl17 {
-			yyb17 = yyj17 > l
-		} else {
-			yyb17 = r.CheckBreak()
-		}
-		if yyb17 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj17-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *GetOptions) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(3)
-			} else {
-				r.WriteMapStart(3)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Recursive"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Sort))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Sort"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Sort))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Quorum))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Quorum"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Quorum))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *GetOptions) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *GetOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "Recursive":
-			if r.TryDecodeAsNil() {
-				x.Recursive = false
-			} else {
-				yyv4 := &x.Recursive
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*bool)(yyv4)) = r.DecodeBool()
-				}
-			}
-		case "Sort":
-			if r.TryDecodeAsNil() {
-				x.Sort = false
-			} else {
-				yyv6 := &x.Sort
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*bool)(yyv6)) = r.DecodeBool()
-				}
-			}
-		case "Quorum":
-			if r.TryDecodeAsNil() {
-				x.Quorum = false
-			} else {
-				yyv8 := &x.Quorum
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*bool)(yyv8)) = r.DecodeBool()
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *GetOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj10 int
-	var yyb10 bool
-	var yyhl10 bool = l >= 0
-	yyj10++
-	if yyhl10 {
-		yyb10 = yyj10 > l
-	} else {
-		yyb10 = r.CheckBreak()
-	}
-	if yyb10 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Recursive = false
-	} else {
-		yyv11 := &x.Recursive
-		yym12 := z.DecBinary()
-		_ = yym12
-		if false {
-		} else {
-			*((*bool)(yyv11)) = r.DecodeBool()
-		}
-	}
-	yyj10++
-	if yyhl10 {
-		yyb10 = yyj10 > l
-	} else {
-		yyb10 = r.CheckBreak()
-	}
-	if yyb10 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Sort = false
-	} else {
-		yyv13 := &x.Sort
-		yym14 := z.DecBinary()
-		_ = yym14
-		if false {
-		} else {
-			*((*bool)(yyv13)) = r.DecodeBool()
-		}
-	}
-	yyj10++
-	if yyhl10 {
-		yyb10 = yyj10 > l
-	} else {
-		yyb10 = r.CheckBreak()
-	}
-	if yyb10 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Quorum = false
-	} else {
-		yyv15 := &x.Quorum
-		yym16 := z.DecBinary()
-		_ = yym16
-		if false {
-		} else {
-			*((*bool)(yyv15)) = r.DecodeBool()
-		}
-	}
-	for {
-		yyj10++
-		if yyhl10 {
-			yyb10 = yyj10 > l
-		} else {
-			yyb10 = r.CheckBreak()
-		}
-		if yyb10 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj10-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *DeleteOptions) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(4)
-			} else {
-				r.WriteMapStart(4)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.PrevValue))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevValue"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.PrevValue))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.PrevIndex))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevIndex"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.PrevIndex))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Recursive"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym13 := z.EncBinary()
-				_ = yym13
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Dir))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Dir"))
-				r.WriteMapElemValue()
-				yym14 := z.EncBinary()
-				_ = yym14
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Dir))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *DeleteOptions) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *DeleteOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "PrevValue":
-			if r.TryDecodeAsNil() {
-				x.PrevValue = ""
-			} else {
-				yyv4 := &x.PrevValue
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "PrevIndex":
-			if r.TryDecodeAsNil() {
-				x.PrevIndex = 0
-			} else {
-				yyv6 := &x.PrevIndex
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*uint64)(yyv6)) = uint64(r.DecodeUint(64))
-				}
-			}
-		case "Recursive":
-			if r.TryDecodeAsNil() {
-				x.Recursive = false
-			} else {
-				yyv8 := &x.Recursive
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*bool)(yyv8)) = r.DecodeBool()
-				}
-			}
-		case "Dir":
-			if r.TryDecodeAsNil() {
-				x.Dir = false
-			} else {
-				yyv10 := &x.Dir
-				yym11 := z.DecBinary()
-				_ = yym11
-				if false {
-				} else {
-					*((*bool)(yyv10)) = r.DecodeBool()
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *DeleteOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj12 int
-	var yyb12 bool
-	var yyhl12 bool = l >= 0
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevValue = ""
-	} else {
-		yyv13 := &x.PrevValue
-		yym14 := z.DecBinary()
-		_ = yym14
-		if false {
-		} else {
-			*((*string)(yyv13)) = r.DecodeString()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevIndex = 0
-	} else {
-		yyv15 := &x.PrevIndex
-		yym16 := z.DecBinary()
-		_ = yym16
-		if false {
-		} else {
-			*((*uint64)(yyv15)) = uint64(r.DecodeUint(64))
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Recursive = false
-	} else {
-		yyv17 := &x.Recursive
-		yym18 := z.DecBinary()
-		_ = yym18
-		if false {
-		} else {
-			*((*bool)(yyv17)) = r.DecodeBool()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Dir = false
-	} else {
-		yyv19 := &x.Dir
-		yym20 := z.DecBinary()
-		_ = yym20
-		if false {
-		} else {
-			*((*bool)(yyv19)) = r.DecodeBool()
-		}
-	}
-	for {
-		yyj12++
-		if yyhl12 {
-			yyb12 = yyj12 > l
-		} else {
-			yyb12 = r.CheckBreak()
-		}
-		if yyb12 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj12-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *Response) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(3)
-			} else {
-				r.WriteMapStart(3)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Action))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("action"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Action))
-				}
-			}
-			var yyn6 bool
-			if x.Node == nil {
-				yyn6 = true
-				goto LABEL6
-			}
-		LABEL6:
-			if yyr2 || yy2arr2 {
-				if yyn6 {
-					r.WriteArrayElem()
-					r.EncodeNil()
-				} else {
-					r.WriteArrayElem()
-					if x.Node == nil {
-						r.EncodeNil()
-					} else {
-						x.Node.CodecEncodeSelf(e)
-					}
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("node"))
-				r.WriteMapElemValue()
-				if yyn6 {
-					r.EncodeNil()
-				} else {
-					if x.Node == nil {
-						r.EncodeNil()
-					} else {
-						x.Node.CodecEncodeSelf(e)
-					}
-				}
-			}
-			var yyn9 bool
-			if x.PrevNode == nil {
-				yyn9 = true
-				goto LABEL9
-			}
-		LABEL9:
-			if yyr2 || yy2arr2 {
-				if yyn9 {
-					r.WriteArrayElem()
-					r.EncodeNil()
-				} else {
-					r.WriteArrayElem()
-					if x.PrevNode == nil {
-						r.EncodeNil()
-					} else {
-						x.PrevNode.CodecEncodeSelf(e)
-					}
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("prevNode"))
-				r.WriteMapElemValue()
-				if yyn9 {
-					r.EncodeNil()
-				} else {
-					if x.PrevNode == nil {
-						r.EncodeNil()
-					} else {
-						x.PrevNode.CodecEncodeSelf(e)
-					}
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *Response) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *Response) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "action":
-			if r.TryDecodeAsNil() {
-				x.Action = ""
-			} else {
-				yyv4 := &x.Action
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "node":
-			if x.Node == nil {
-				x.Node = new(Node)
-			}
-			if r.TryDecodeAsNil() {
-				if x.Node != nil {
-					x.Node = nil
-				}
-			} else {
-				if x.Node == nil {
-					x.Node = new(Node)
-				}
-				x.Node.CodecDecodeSelf(d)
-			}
-		case "prevNode":
-			if x.PrevNode == nil {
-				x.PrevNode = new(Node)
-			}
-			if r.TryDecodeAsNil() {
-				if x.PrevNode != nil {
-					x.PrevNode = nil
-				}
-			} else {
-				if x.PrevNode == nil {
-					x.PrevNode = new(Node)
-				}
-				x.PrevNode.CodecDecodeSelf(d)
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *Response) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj8 int
-	var yyb8 bool
-	var yyhl8 bool = l >= 0
-	yyj8++
-	if yyhl8 {
-		yyb8 = yyj8 > l
-	} else {
-		yyb8 = r.CheckBreak()
-	}
-	if yyb8 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Action = ""
-	} else {
-		yyv9 := &x.Action
-		yym10 := z.DecBinary()
-		_ = yym10
-		if false {
-		} else {
-			*((*string)(yyv9)) = r.DecodeString()
-		}
-	}
-	if x.Node == nil {
-		x.Node = new(Node)
-	}
-	yyj8++
-	if yyhl8 {
-		yyb8 = yyj8 > l
-	} else {
-		yyb8 = r.CheckBreak()
-	}
-	if yyb8 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		if x.Node != nil {
-			x.Node = nil
-		}
-	} else {
-		if x.Node == nil {
-			x.Node = new(Node)
-		}
-		x.Node.CodecDecodeSelf(d)
-	}
-	if x.PrevNode == nil {
-		x.PrevNode = new(Node)
-	}
-	yyj8++
-	if yyhl8 {
-		yyb8 = yyj8 > l
-	} else {
-		yyb8 = r.CheckBreak()
-	}
-	if yyb8 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		if x.PrevNode != nil {
-			x.PrevNode = nil
-		}
-	} else {
-		if x.PrevNode == nil {
-			x.PrevNode = new(Node)
-		}
-		x.PrevNode.CodecDecodeSelf(d)
-	}
-	for {
-		yyj8++
-		if yyhl8 {
-			yyb8 = yyj8 > l
-		} else {
-			yyb8 = r.CheckBreak()
-		}
-		if yyb8 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj8-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *Node) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			var yyq2 [8]bool
-			_ = yyq2
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			yyq2[1] = x.Dir != false
-			yyq2[6] = x.Expiration != nil
-			yyq2[7] = x.TTL != 0
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(8)
-			} else {
-				var yynn2 = 5
-				for _, b := range yyq2 {
-					if b {
-						yynn2++
-					}
-				}
-				r.WriteMapStart(yynn2)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("key"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				if yyq2[1] {
-					yym7 := z.EncBinary()
-					_ = yym7
-					if false {
-					} else {
-						r.EncodeBool(bool(x.Dir))
-					}
-				} else {
-					r.EncodeBool(false)
-				}
-			} else {
-				if yyq2[1] {
-					r.WriteMapElemKey()
-					r.EncodeString(codecSelferC_UTF87612, string("dir"))
-					r.WriteMapElemValue()
-					yym8 := z.EncBinary()
-					_ = yym8
-					if false {
-					} else {
-						r.EncodeBool(bool(x.Dir))
-					}
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Value))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("value"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Value))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				if x.Nodes == nil {
-					r.EncodeNil()
-				} else {
-					x.Nodes.CodecEncodeSelf(e)
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("nodes"))
-				r.WriteMapElemValue()
-				if x.Nodes == nil {
-					r.EncodeNil()
-				} else {
-					x.Nodes.CodecEncodeSelf(e)
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym16 := z.EncBinary()
-				_ = yym16
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.CreatedIndex))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("createdIndex"))
-				r.WriteMapElemValue()
-				yym17 := z.EncBinary()
-				_ = yym17
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.CreatedIndex))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym19 := z.EncBinary()
-				_ = yym19
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.ModifiedIndex))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("modifiedIndex"))
-				r.WriteMapElemValue()
-				yym20 := z.EncBinary()
-				_ = yym20
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.ModifiedIndex))
-				}
-			}
-			var yyn21 bool
-			if x.Expiration == nil {
-				yyn21 = true
-				goto LABEL21
-			}
-		LABEL21:
-			if yyr2 || yy2arr2 {
-				if yyn21 {
-					r.WriteArrayElem()
-					r.EncodeNil()
-				} else {
-					r.WriteArrayElem()
-					if yyq2[6] {
-						if x.Expiration == nil {
-							r.EncodeNil()
-						} else {
-							yym22 := z.EncBinary()
-							_ = yym22
-							if false {
-							} else if yym23 := z.TimeRtidIfBinc(); yym23 != 0 {
-								r.EncodeBuiltin(yym23, x.Expiration)
-							} else if z.HasExtensions() && z.EncExt(x.Expiration) {
-							} else if yym22 {
-								z.EncBinaryMarshal(x.Expiration)
-							} else if !yym22 && z.IsJSONHandle() {
-								z.EncJSONMarshal(x.Expiration)
-							} else {
-								z.EncFallback(x.Expiration)
-							}
-						}
-					} else {
-						r.EncodeNil()
-					}
-				}
-			} else {
-				if yyq2[6] {
-					r.WriteMapElemKey()
-					r.EncodeString(codecSelferC_UTF87612, string("expiration"))
-					r.WriteMapElemValue()
-					if yyn21 {
-						r.EncodeNil()
-					} else {
-						if x.Expiration == nil {
-							r.EncodeNil()
-						} else {
-							yym24 := z.EncBinary()
-							_ = yym24
-							if false {
-							} else if yym25 := z.TimeRtidIfBinc(); yym25 != 0 {
-								r.EncodeBuiltin(yym25, x.Expiration)
-							} else if z.HasExtensions() && z.EncExt(x.Expiration) {
-							} else if yym24 {
-								z.EncBinaryMarshal(x.Expiration)
-							} else if !yym24 && z.IsJSONHandle() {
-								z.EncJSONMarshal(x.Expiration)
-							} else {
-								z.EncFallback(x.Expiration)
-							}
-						}
-					}
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				if yyq2[7] {
-					yym27 := z.EncBinary()
-					_ = yym27
-					if false {
-					} else {
-						r.EncodeInt(int64(x.TTL))
-					}
-				} else {
-					r.EncodeInt(0)
-				}
-			} else {
-				if yyq2[7] {
-					r.WriteMapElemKey()
-					r.EncodeString(codecSelferC_UTF87612, string("ttl"))
-					r.WriteMapElemValue()
-					yym28 := z.EncBinary()
-					_ = yym28
-					if false {
-					} else {
-						r.EncodeInt(int64(x.TTL))
-					}
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *Node) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *Node) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "key":
-			if r.TryDecodeAsNil() {
-				x.Key = ""
-			} else {
-				yyv4 := &x.Key
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "dir":
-			if r.TryDecodeAsNil() {
-				x.Dir = false
-			} else {
-				yyv6 := &x.Dir
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*bool)(yyv6)) = r.DecodeBool()
-				}
-			}
-		case "value":
-			if r.TryDecodeAsNil() {
-				x.Value = ""
-			} else {
-				yyv8 := &x.Value
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*string)(yyv8)) = r.DecodeString()
-				}
-			}
-		case "nodes":
-			if r.TryDecodeAsNil() {
-				x.Nodes = nil
-			} else {
-				yyv10 := &x.Nodes
-				yyv10.CodecDecodeSelf(d)
-			}
-		case "createdIndex":
-			if r.TryDecodeAsNil() {
-				x.CreatedIndex = 0
-			} else {
-				yyv11 := &x.CreatedIndex
-				yym12 := z.DecBinary()
-				_ = yym12
-				if false {
-				} else {
-					*((*uint64)(yyv11)) = uint64(r.DecodeUint(64))
-				}
-			}
-		case "modifiedIndex":
-			if r.TryDecodeAsNil() {
-				x.ModifiedIndex = 0
-			} else {
-				yyv13 := &x.ModifiedIndex
-				yym14 := z.DecBinary()
-				_ = yym14
-				if false {
-				} else {
-					*((*uint64)(yyv13)) = uint64(r.DecodeUint(64))
-				}
-			}
-		case "expiration":
-			if x.Expiration == nil {
-				x.Expiration = new(time.Time)
-			}
-			if r.TryDecodeAsNil() {
-				if x.Expiration != nil {
-					x.Expiration = nil
-				}
-			} else {
-				if x.Expiration == nil {
-					x.Expiration = new(time.Time)
-				}
-				yym16 := z.DecBinary()
-				_ = yym16
-				if false {
-				} else if yym17 := z.TimeRtidIfBinc(); yym17 != 0 {
-					r.DecodeBuiltin(yym17, x.Expiration)
-				} else if z.HasExtensions() && z.DecExt(x.Expiration) {
-				} else if yym16 {
-					z.DecBinaryUnmarshal(x.Expiration)
-				} else if !yym16 && z.IsJSONHandle() {
-					z.DecJSONUnmarshal(x.Expiration)
-				} else {
-					z.DecFallback(x.Expiration, false)
-				}
-			}
-		case "ttl":
-			if r.TryDecodeAsNil() {
-				x.TTL = 0
-			} else {
-				yyv18 := &x.TTL
-				yym19 := z.DecBinary()
-				_ = yym19
-				if false {
-				} else {
-					*((*int64)(yyv18)) = int64(r.DecodeInt(64))
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *Node) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj20 int
-	var yyb20 bool
-	var yyhl20 bool = l >= 0
-	yyj20++
-	if yyhl20 {
-		yyb20 = yyj20 > l
-	} else {
-		yyb20 = r.CheckBreak()
-	}
-	if yyb20 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Key = ""
-	} else {
-		yyv21 := &x.Key
-		yym22 := z.DecBinary()
-		_ = yym22
-		if false {
-		} else {
-			*((*string)(yyv21)) = r.DecodeString()
-		}
-	}
-	yyj20++
-	if yyhl20 {
-		yyb20 = yyj20 > l
-	} else {
-		yyb20 = r.CheckBreak()
-	}
-	if yyb20 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Dir = false
-	} else {
-		yyv23 := &x.Dir
-		yym24 := z.DecBinary()
-		_ = yym24
-		if false {
-		} else {
-			*((*bool)(yyv23)) = r.DecodeBool()
-		}
-	}
-	yyj20++
-	if yyhl20 {
-		yyb20 = yyj20 > l
-	} else {
-		yyb20 = r.CheckBreak()
-	}
-	if yyb20 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Value = ""
-	} else {
-		yyv25 := &x.Value
-		yym26 := z.DecBinary()
-		_ = yym26
-		if false {
-		} else {
-			*((*string)(yyv25)) = r.DecodeString()
-		}
-	}
-	yyj20++
-	if yyhl20 {
-		yyb20 = yyj20 > l
-	} else {
-		yyb20 = r.CheckBreak()
-	}
-	if yyb20 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Nodes = nil
-	} else {
-		yyv27 := &x.Nodes
-		yyv27.CodecDecodeSelf(d)
-	}
-	yyj20++
-	if yyhl20 {
-		yyb20 = yyj20 > l
-	} else {
-		yyb20 = r.CheckBreak()
-	}
-	if yyb20 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.CreatedIndex = 0
-	} else {
-		yyv28 := &x.CreatedIndex
-		yym29 := z.DecBinary()
-		_ = yym29
-		if false {
-		} else {
-			*((*uint64)(yyv28)) = uint64(r.DecodeUint(64))
-		}
-	}
-	yyj20++
-	if yyhl20 {
-		yyb20 = yyj20 > l
-	} else {
-		yyb20 = r.CheckBreak()
-	}
-	if yyb20 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.ModifiedIndex = 0
-	} else {
-		yyv30 := &x.ModifiedIndex
-		yym31 := z.DecBinary()
-		_ = yym31
-		if false {
-		} else {
-			*((*uint64)(yyv30)) = uint64(r.DecodeUint(64))
-		}
-	}
-	if x.Expiration == nil {
-		x.Expiration = new(time.Time)
-	}
-	yyj20++
-	if yyhl20 {
-		yyb20 = yyj20 > l
-	} else {
-		yyb20 = r.CheckBreak()
-	}
-	if yyb20 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		if x.Expiration != nil {
-			x.Expiration = nil
-		}
-	} else {
-		if x.Expiration == nil {
-			x.Expiration = new(time.Time)
-		}
-		yym33 := z.DecBinary()
-		_ = yym33
-		if false {
-		} else if yym34 := z.TimeRtidIfBinc(); yym34 != 0 {
-			r.DecodeBuiltin(yym34, x.Expiration)
-		} else if z.HasExtensions() && z.DecExt(x.Expiration) {
-		} else if yym33 {
-			z.DecBinaryUnmarshal(x.Expiration)
-		} else if !yym33 && z.IsJSONHandle() {
-			z.DecJSONUnmarshal(x.Expiration)
-		} else {
-			z.DecFallback(x.Expiration, false)
-		}
-	}
-	yyj20++
-	if yyhl20 {
-		yyb20 = yyj20 > l
-	} else {
-		yyb20 = r.CheckBreak()
-	}
-	if yyb20 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.TTL = 0
-	} else {
-		yyv35 := &x.TTL
-		yym36 := z.DecBinary()
-		_ = yym36
-		if false {
-		} else {
-			*((*int64)(yyv35)) = int64(r.DecodeInt(64))
-		}
-	}
-	for {
-		yyj20++
-		if yyhl20 {
-			yyb20 = yyj20 > l
-		} else {
-			yyb20 = r.CheckBreak()
-		}
-		if yyb20 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj20-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x Nodes) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			h.encNodes((Nodes)(x), e)
-		}
-	}
-}
-
-func (x *Nodes) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		h.decNodes((*Nodes)(x), d)
-	}
-}
-
-func (x *httpKeysAPI) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(0)
-			} else {
-				r.WriteMapStart(0)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *httpKeysAPI) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *httpKeysAPI) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *httpKeysAPI) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj4 int
-	var yyb4 bool
-	var yyhl4 bool = l >= 0
-	for {
-		yyj4++
-		if yyhl4 {
-			yyb4 = yyj4 > l
-		} else {
-			yyb4 = r.CheckBreak()
-		}
-		if yyb4 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj4-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *httpWatcher) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(0)
-			} else {
-				r.WriteMapStart(0)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *httpWatcher) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *httpWatcher) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *httpWatcher) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj4 int
-	var yyb4 bool
-	var yyhl4 bool = l >= 0
-	for {
-		yyj4++
-		if yyhl4 {
-			yyb4 = yyj4 > l
-		} else {
-			yyb4 = r.CheckBreak()
-		}
-		if yyb4 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj4-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *getAction) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(5)
-			} else {
-				r.WriteMapStart(5)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Prefix"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Key"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Recursive"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym13 := z.EncBinary()
-				_ = yym13
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Sorted))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Sorted"))
-				r.WriteMapElemValue()
-				yym14 := z.EncBinary()
-				_ = yym14
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Sorted))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym16 := z.EncBinary()
-				_ = yym16
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Quorum))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Quorum"))
-				r.WriteMapElemValue()
-				yym17 := z.EncBinary()
-				_ = yym17
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Quorum))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *getAction) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *getAction) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "Prefix":
-			if r.TryDecodeAsNil() {
-				x.Prefix = ""
-			} else {
-				yyv4 := &x.Prefix
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "Key":
-			if r.TryDecodeAsNil() {
-				x.Key = ""
-			} else {
-				yyv6 := &x.Key
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*string)(yyv6)) = r.DecodeString()
-				}
-			}
-		case "Recursive":
-			if r.TryDecodeAsNil() {
-				x.Recursive = false
-			} else {
-				yyv8 := &x.Recursive
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*bool)(yyv8)) = r.DecodeBool()
-				}
-			}
-		case "Sorted":
-			if r.TryDecodeAsNil() {
-				x.Sorted = false
-			} else {
-				yyv10 := &x.Sorted
-				yym11 := z.DecBinary()
-				_ = yym11
-				if false {
-				} else {
-					*((*bool)(yyv10)) = r.DecodeBool()
-				}
-			}
-		case "Quorum":
-			if r.TryDecodeAsNil() {
-				x.Quorum = false
-			} else {
-				yyv12 := &x.Quorum
-				yym13 := z.DecBinary()
-				_ = yym13
-				if false {
-				} else {
-					*((*bool)(yyv12)) = r.DecodeBool()
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *getAction) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj14 int
-	var yyb14 bool
-	var yyhl14 bool = l >= 0
-	yyj14++
-	if yyhl14 {
-		yyb14 = yyj14 > l
-	} else {
-		yyb14 = r.CheckBreak()
-	}
-	if yyb14 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Prefix = ""
-	} else {
-		yyv15 := &x.Prefix
-		yym16 := z.DecBinary()
-		_ = yym16
-		if false {
-		} else {
-			*((*string)(yyv15)) = r.DecodeString()
-		}
-	}
-	yyj14++
-	if yyhl14 {
-		yyb14 = yyj14 > l
-	} else {
-		yyb14 = r.CheckBreak()
-	}
-	if yyb14 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Key = ""
-	} else {
-		yyv17 := &x.Key
-		yym18 := z.DecBinary()
-		_ = yym18
-		if false {
-		} else {
-			*((*string)(yyv17)) = r.DecodeString()
-		}
-	}
-	yyj14++
-	if yyhl14 {
-		yyb14 = yyj14 > l
-	} else {
-		yyb14 = r.CheckBreak()
-	}
-	if yyb14 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Recursive = false
-	} else {
-		yyv19 := &x.Recursive
-		yym20 := z.DecBinary()
-		_ = yym20
-		if false {
-		} else {
-			*((*bool)(yyv19)) = r.DecodeBool()
-		}
-	}
-	yyj14++
-	if yyhl14 {
-		yyb14 = yyj14 > l
-	} else {
-		yyb14 = r.CheckBreak()
-	}
-	if yyb14 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Sorted = false
-	} else {
-		yyv21 := &x.Sorted
-		yym22 := z.DecBinary()
-		_ = yym22
-		if false {
-		} else {
-			*((*bool)(yyv21)) = r.DecodeBool()
-		}
-	}
-	yyj14++
-	if yyhl14 {
-		yyb14 = yyj14 > l
-	} else {
-		yyb14 = r.CheckBreak()
-	}
-	if yyb14 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Quorum = false
-	} else {
-		yyv23 := &x.Quorum
-		yym24 := z.DecBinary()
-		_ = yym24
-		if false {
-		} else {
-			*((*bool)(yyv23)) = r.DecodeBool()
-		}
-	}
-	for {
-		yyj14++
-		if yyhl14 {
-			yyb14 = yyj14 > l
-		} else {
-			yyb14 = r.CheckBreak()
-		}
-		if yyb14 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj14-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *waitAction) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(4)
-			} else {
-				r.WriteMapStart(4)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Prefix"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Key"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.WaitIndex))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("WaitIndex"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.WaitIndex))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym13 := z.EncBinary()
-				_ = yym13
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Recursive"))
-				r.WriteMapElemValue()
-				yym14 := z.EncBinary()
-				_ = yym14
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *waitAction) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *waitAction) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "Prefix":
-			if r.TryDecodeAsNil() {
-				x.Prefix = ""
-			} else {
-				yyv4 := &x.Prefix
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "Key":
-			if r.TryDecodeAsNil() {
-				x.Key = ""
-			} else {
-				yyv6 := &x.Key
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*string)(yyv6)) = r.DecodeString()
-				}
-			}
-		case "WaitIndex":
-			if r.TryDecodeAsNil() {
-				x.WaitIndex = 0
-			} else {
-				yyv8 := &x.WaitIndex
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*uint64)(yyv8)) = uint64(r.DecodeUint(64))
-				}
-			}
-		case "Recursive":
-			if r.TryDecodeAsNil() {
-				x.Recursive = false
-			} else {
-				yyv10 := &x.Recursive
-				yym11 := z.DecBinary()
-				_ = yym11
-				if false {
-				} else {
-					*((*bool)(yyv10)) = r.DecodeBool()
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *waitAction) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj12 int
-	var yyb12 bool
-	var yyhl12 bool = l >= 0
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Prefix = ""
-	} else {
-		yyv13 := &x.Prefix
-		yym14 := z.DecBinary()
-		_ = yym14
-		if false {
-		} else {
-			*((*string)(yyv13)) = r.DecodeString()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Key = ""
-	} else {
-		yyv15 := &x.Key
-		yym16 := z.DecBinary()
-		_ = yym16
-		if false {
-		} else {
-			*((*string)(yyv15)) = r.DecodeString()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.WaitIndex = 0
-	} else {
-		yyv17 := &x.WaitIndex
-		yym18 := z.DecBinary()
-		_ = yym18
-		if false {
-		} else {
-			*((*uint64)(yyv17)) = uint64(r.DecodeUint(64))
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Recursive = false
-	} else {
-		yyv19 := &x.Recursive
-		yym20 := z.DecBinary()
-		_ = yym20
-		if false {
-		} else {
-			*((*bool)(yyv19)) = r.DecodeBool()
-		}
-	}
-	for {
-		yyj12++
-		if yyhl12 {
-			yyb12 = yyj12 > l
-		} else {
-			yyb12 = r.CheckBreak()
-		}
-		if yyb12 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj12-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *setAction) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(10)
-			} else {
-				r.WriteMapStart(10)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Prefix"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Key"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Value))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Value"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Value))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym13 := z.EncBinary()
-				_ = yym13
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.PrevValue))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevValue"))
-				r.WriteMapElemValue()
-				yym14 := z.EncBinary()
-				_ = yym14
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.PrevValue))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym16 := z.EncBinary()
-				_ = yym16
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.PrevIndex))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevIndex"))
-				r.WriteMapElemValue()
-				yym17 := z.EncBinary()
-				_ = yym17
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.PrevIndex))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				x.PrevExist.CodecEncodeSelf(e)
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevExist"))
-				r.WriteMapElemValue()
-				x.PrevExist.CodecEncodeSelf(e)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym22 := z.EncBinary()
-				_ = yym22
-				if false {
-				} else if z.HasExtensions() && z.EncExt(x.TTL) {
-				} else {
-					r.EncodeInt(int64(x.TTL))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("TTL"))
-				r.WriteMapElemValue()
-				yym23 := z.EncBinary()
-				_ = yym23
-				if false {
-				} else if z.HasExtensions() && z.EncExt(x.TTL) {
-				} else {
-					r.EncodeInt(int64(x.TTL))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym25 := z.EncBinary()
-				_ = yym25
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Refresh))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Refresh"))
-				r.WriteMapElemValue()
-				yym26 := z.EncBinary()
-				_ = yym26
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Refresh))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym28 := z.EncBinary()
-				_ = yym28
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Dir))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Dir"))
-				r.WriteMapElemValue()
-				yym29 := z.EncBinary()
-				_ = yym29
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Dir))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym31 := z.EncBinary()
-				_ = yym31
-				if false {
-				} else {
-					r.EncodeBool(bool(x.NoValueOnSuccess))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("NoValueOnSuccess"))
-				r.WriteMapElemValue()
-				yym32 := z.EncBinary()
-				_ = yym32
-				if false {
-				} else {
-					r.EncodeBool(bool(x.NoValueOnSuccess))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *setAction) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *setAction) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "Prefix":
-			if r.TryDecodeAsNil() {
-				x.Prefix = ""
-			} else {
-				yyv4 := &x.Prefix
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "Key":
-			if r.TryDecodeAsNil() {
-				x.Key = ""
-			} else {
-				yyv6 := &x.Key
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*string)(yyv6)) = r.DecodeString()
-				}
-			}
-		case "Value":
-			if r.TryDecodeAsNil() {
-				x.Value = ""
-			} else {
-				yyv8 := &x.Value
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*string)(yyv8)) = r.DecodeString()
-				}
-			}
-		case "PrevValue":
-			if r.TryDecodeAsNil() {
-				x.PrevValue = ""
-			} else {
-				yyv10 := &x.PrevValue
-				yym11 := z.DecBinary()
-				_ = yym11
-				if false {
-				} else {
-					*((*string)(yyv10)) = r.DecodeString()
-				}
-			}
-		case "PrevIndex":
-			if r.TryDecodeAsNil() {
-				x.PrevIndex = 0
-			} else {
-				yyv12 := &x.PrevIndex
-				yym13 := z.DecBinary()
-				_ = yym13
-				if false {
-				} else {
-					*((*uint64)(yyv12)) = uint64(r.DecodeUint(64))
-				}
-			}
-		case "PrevExist":
-			if r.TryDecodeAsNil() {
-				x.PrevExist = ""
-			} else {
-				yyv14 := &x.PrevExist
-				yyv14.CodecDecodeSelf(d)
-			}
-		case "TTL":
-			if r.TryDecodeAsNil() {
-				x.TTL = 0
-			} else {
-				yyv15 := &x.TTL
-				yym16 := z.DecBinary()
-				_ = yym16
-				if false {
-				} else if z.HasExtensions() && z.DecExt(yyv15) {
-				} else {
-					*((*int64)(yyv15)) = int64(r.DecodeInt(64))
-				}
-			}
-		case "Refresh":
-			if r.TryDecodeAsNil() {
-				x.Refresh = false
-			} else {
-				yyv17 := &x.Refresh
-				yym18 := z.DecBinary()
-				_ = yym18
-				if false {
-				} else {
-					*((*bool)(yyv17)) = r.DecodeBool()
-				}
-			}
-		case "Dir":
-			if r.TryDecodeAsNil() {
-				x.Dir = false
-			} else {
-				yyv19 := &x.Dir
-				yym20 := z.DecBinary()
-				_ = yym20
-				if false {
-				} else {
-					*((*bool)(yyv19)) = r.DecodeBool()
-				}
-			}
-		case "NoValueOnSuccess":
-			if r.TryDecodeAsNil() {
-				x.NoValueOnSuccess = false
-			} else {
-				yyv21 := &x.NoValueOnSuccess
-				yym22 := z.DecBinary()
-				_ = yym22
-				if false {
-				} else {
-					*((*bool)(yyv21)) = r.DecodeBool()
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *setAction) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj23 int
-	var yyb23 bool
-	var yyhl23 bool = l >= 0
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Prefix = ""
-	} else {
-		yyv24 := &x.Prefix
-		yym25 := z.DecBinary()
-		_ = yym25
-		if false {
-		} else {
-			*((*string)(yyv24)) = r.DecodeString()
-		}
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Key = ""
-	} else {
-		yyv26 := &x.Key
-		yym27 := z.DecBinary()
-		_ = yym27
-		if false {
-		} else {
-			*((*string)(yyv26)) = r.DecodeString()
-		}
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Value = ""
-	} else {
-		yyv28 := &x.Value
-		yym29 := z.DecBinary()
-		_ = yym29
-		if false {
-		} else {
-			*((*string)(yyv28)) = r.DecodeString()
-		}
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevValue = ""
-	} else {
-		yyv30 := &x.PrevValue
-		yym31 := z.DecBinary()
-		_ = yym31
-		if false {
-		} else {
-			*((*string)(yyv30)) = r.DecodeString()
-		}
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevIndex = 0
-	} else {
-		yyv32 := &x.PrevIndex
-		yym33 := z.DecBinary()
-		_ = yym33
-		if false {
-		} else {
-			*((*uint64)(yyv32)) = uint64(r.DecodeUint(64))
-		}
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevExist = ""
-	} else {
-		yyv34 := &x.PrevExist
-		yyv34.CodecDecodeSelf(d)
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.TTL = 0
-	} else {
-		yyv35 := &x.TTL
-		yym36 := z.DecBinary()
-		_ = yym36
-		if false {
-		} else if z.HasExtensions() && z.DecExt(yyv35) {
-		} else {
-			*((*int64)(yyv35)) = int64(r.DecodeInt(64))
-		}
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Refresh = false
-	} else {
-		yyv37 := &x.Refresh
-		yym38 := z.DecBinary()
-		_ = yym38
-		if false {
-		} else {
-			*((*bool)(yyv37)) = r.DecodeBool()
-		}
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Dir = false
-	} else {
-		yyv39 := &x.Dir
-		yym40 := z.DecBinary()
-		_ = yym40
-		if false {
-		} else {
-			*((*bool)(yyv39)) = r.DecodeBool()
-		}
-	}
-	yyj23++
-	if yyhl23 {
-		yyb23 = yyj23 > l
-	} else {
-		yyb23 = r.CheckBreak()
-	}
-	if yyb23 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.NoValueOnSuccess = false
-	} else {
-		yyv41 := &x.NoValueOnSuccess
-		yym42 := z.DecBinary()
-		_ = yym42
-		if false {
-		} else {
-			*((*bool)(yyv41)) = r.DecodeBool()
-		}
-	}
-	for {
-		yyj23++
-		if yyhl23 {
-			yyb23 = yyj23 > l
-		} else {
-			yyb23 = r.CheckBreak()
-		}
-		if yyb23 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj23-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *deleteAction) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(6)
-			} else {
-				r.WriteMapStart(6)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Prefix"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Key"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Key))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.PrevValue))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevValue"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.PrevValue))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym13 := z.EncBinary()
-				_ = yym13
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.PrevIndex))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("PrevIndex"))
-				r.WriteMapElemValue()
-				yym14 := z.EncBinary()
-				_ = yym14
-				if false {
-				} else {
-					r.EncodeUint(uint64(x.PrevIndex))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym16 := z.EncBinary()
-				_ = yym16
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Dir))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Dir"))
-				r.WriteMapElemValue()
-				yym17 := z.EncBinary()
-				_ = yym17
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Dir))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym19 := z.EncBinary()
-				_ = yym19
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Recursive"))
-				r.WriteMapElemValue()
-				yym20 := z.EncBinary()
-				_ = yym20
-				if false {
-				} else {
-					r.EncodeBool(bool(x.Recursive))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *deleteAction) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *deleteAction) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "Prefix":
-			if r.TryDecodeAsNil() {
-				x.Prefix = ""
-			} else {
-				yyv4 := &x.Prefix
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "Key":
-			if r.TryDecodeAsNil() {
-				x.Key = ""
-			} else {
-				yyv6 := &x.Key
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*string)(yyv6)) = r.DecodeString()
-				}
-			}
-		case "PrevValue":
-			if r.TryDecodeAsNil() {
-				x.PrevValue = ""
-			} else {
-				yyv8 := &x.PrevValue
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*string)(yyv8)) = r.DecodeString()
-				}
-			}
-		case "PrevIndex":
-			if r.TryDecodeAsNil() {
-				x.PrevIndex = 0
-			} else {
-				yyv10 := &x.PrevIndex
-				yym11 := z.DecBinary()
-				_ = yym11
-				if false {
-				} else {
-					*((*uint64)(yyv10)) = uint64(r.DecodeUint(64))
-				}
-			}
-		case "Dir":
-			if r.TryDecodeAsNil() {
-				x.Dir = false
-			} else {
-				yyv12 := &x.Dir
-				yym13 := z.DecBinary()
-				_ = yym13
-				if false {
-				} else {
-					*((*bool)(yyv12)) = r.DecodeBool()
-				}
-			}
-		case "Recursive":
-			if r.TryDecodeAsNil() {
-				x.Recursive = false
-			} else {
-				yyv14 := &x.Recursive
-				yym15 := z.DecBinary()
-				_ = yym15
-				if false {
-				} else {
-					*((*bool)(yyv14)) = r.DecodeBool()
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *deleteAction) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj16 int
-	var yyb16 bool
-	var yyhl16 bool = l >= 0
-	yyj16++
-	if yyhl16 {
-		yyb16 = yyj16 > l
-	} else {
-		yyb16 = r.CheckBreak()
-	}
-	if yyb16 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Prefix = ""
-	} else {
-		yyv17 := &x.Prefix
-		yym18 := z.DecBinary()
-		_ = yym18
-		if false {
-		} else {
-			*((*string)(yyv17)) = r.DecodeString()
-		}
-	}
-	yyj16++
-	if yyhl16 {
-		yyb16 = yyj16 > l
-	} else {
-		yyb16 = r.CheckBreak()
-	}
-	if yyb16 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Key = ""
-	} else {
-		yyv19 := &x.Key
-		yym20 := z.DecBinary()
-		_ = yym20
-		if false {
-		} else {
-			*((*string)(yyv19)) = r.DecodeString()
-		}
-	}
-	yyj16++
-	if yyhl16 {
-		yyb16 = yyj16 > l
-	} else {
-		yyb16 = r.CheckBreak()
-	}
-	if yyb16 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevValue = ""
-	} else {
-		yyv21 := &x.PrevValue
-		yym22 := z.DecBinary()
-		_ = yym22
-		if false {
-		} else {
-			*((*string)(yyv21)) = r.DecodeString()
-		}
-	}
-	yyj16++
-	if yyhl16 {
-		yyb16 = yyj16 > l
-	} else {
-		yyb16 = r.CheckBreak()
-	}
-	if yyb16 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.PrevIndex = 0
-	} else {
-		yyv23 := &x.PrevIndex
-		yym24 := z.DecBinary()
-		_ = yym24
-		if false {
-		} else {
-			*((*uint64)(yyv23)) = uint64(r.DecodeUint(64))
-		}
-	}
-	yyj16++
-	if yyhl16 {
-		yyb16 = yyj16 > l
-	} else {
-		yyb16 = r.CheckBreak()
-	}
-	if yyb16 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Dir = false
-	} else {
-		yyv25 := &x.Dir
-		yym26 := z.DecBinary()
-		_ = yym26
-		if false {
-		} else {
-			*((*bool)(yyv25)) = r.DecodeBool()
-		}
-	}
-	yyj16++
-	if yyhl16 {
-		yyb16 = yyj16 > l
-	} else {
-		yyb16 = r.CheckBreak()
-	}
-	if yyb16 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Recursive = false
-	} else {
-		yyv27 := &x.Recursive
-		yym28 := z.DecBinary()
-		_ = yym28
-		if false {
-		} else {
-			*((*bool)(yyv27)) = r.DecodeBool()
-		}
-	}
-	for {
-		yyj16++
-		if yyhl16 {
-			yyb16 = yyj16 > l
-		} else {
-			yyb16 = r.CheckBreak()
-		}
-		if yyb16 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj16-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x *createInOrderAction) CodecEncodeSelf(e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	if x == nil {
-		r.EncodeNil()
-	} else {
-		yym1 := z.EncBinary()
-		_ = yym1
-		if false {
-		} else if z.HasExtensions() && z.EncExt(x) {
-		} else {
-			yysep2 := !z.EncBinary()
-			yy2arr2 := z.EncBasicHandle().StructToArray
-			_, _ = yysep2, yy2arr2
-			const yyr2 bool = false
-			if yyr2 || yy2arr2 {
-				r.WriteArrayStart(4)
-			} else {
-				r.WriteMapStart(4)
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym4 := z.EncBinary()
-				_ = yym4
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Prefix"))
-				r.WriteMapElemValue()
-				yym5 := z.EncBinary()
-				_ = yym5
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Prefix))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym7 := z.EncBinary()
-				_ = yym7
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Dir))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Dir"))
-				r.WriteMapElemValue()
-				yym8 := z.EncBinary()
-				_ = yym8
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Dir))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym10 := z.EncBinary()
-				_ = yym10
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Value))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("Value"))
-				r.WriteMapElemValue()
-				yym11 := z.EncBinary()
-				_ = yym11
-				if false {
-				} else {
-					r.EncodeString(codecSelferC_UTF87612, string(x.Value))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayElem()
-				yym13 := z.EncBinary()
-				_ = yym13
-				if false {
-				} else if z.HasExtensions() && z.EncExt(x.TTL) {
-				} else {
-					r.EncodeInt(int64(x.TTL))
-				}
-			} else {
-				r.WriteMapElemKey()
-				r.EncodeString(codecSelferC_UTF87612, string("TTL"))
-				r.WriteMapElemValue()
-				yym14 := z.EncBinary()
-				_ = yym14
-				if false {
-				} else if z.HasExtensions() && z.EncExt(x.TTL) {
-				} else {
-					r.EncodeInt(int64(x.TTL))
-				}
-			}
-			if yyr2 || yy2arr2 {
-				r.WriteArrayEnd()
-			} else {
-				r.WriteMapEnd()
-			}
-		}
-	}
-}
-
-func (x *createInOrderAction) CodecDecodeSelf(d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	yym1 := z.DecBinary()
-	_ = yym1
-	if false {
-	} else if z.HasExtensions() && z.DecExt(x) {
-	} else {
-		yyct2 := r.ContainerType()
-		if yyct2 == codecSelferValueTypeMap7612 {
-			yyl2 := r.ReadMapStart()
-			if yyl2 == 0 {
-				r.ReadMapEnd()
-			} else {
-				x.codecDecodeSelfFromMap(yyl2, d)
-			}
-		} else if yyct2 == codecSelferValueTypeArray7612 {
-			yyl2 := r.ReadArrayStart()
-			if yyl2 == 0 {
-				r.ReadArrayEnd()
-			} else {
-				x.codecDecodeSelfFromArray(yyl2, d)
-			}
-		} else {
-			panic(codecSelferOnlyMapOrArrayEncodeToStructErr7612)
-		}
-	}
-}
-
-func (x *createInOrderAction) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yys3Slc = z.DecScratchBuffer() // default slice to decode into
-	_ = yys3Slc
-	var yyhl3 bool = l >= 0
-	for yyj3 := 0; ; yyj3++ {
-		if yyhl3 {
-			if yyj3 >= l {
-				break
-			}
-		} else {
-			if r.CheckBreak() {
-				break
-			}
-		}
-		r.ReadMapElemKey()
-		yys3Slc = r.DecodeStringAsBytes()
-		yys3 := string(yys3Slc)
-		r.ReadMapElemValue()
-		switch yys3 {
-		case "Prefix":
-			if r.TryDecodeAsNil() {
-				x.Prefix = ""
-			} else {
-				yyv4 := &x.Prefix
-				yym5 := z.DecBinary()
-				_ = yym5
-				if false {
-				} else {
-					*((*string)(yyv4)) = r.DecodeString()
-				}
-			}
-		case "Dir":
-			if r.TryDecodeAsNil() {
-				x.Dir = ""
-			} else {
-				yyv6 := &x.Dir
-				yym7 := z.DecBinary()
-				_ = yym7
-				if false {
-				} else {
-					*((*string)(yyv6)) = r.DecodeString()
-				}
-			}
-		case "Value":
-			if r.TryDecodeAsNil() {
-				x.Value = ""
-			} else {
-				yyv8 := &x.Value
-				yym9 := z.DecBinary()
-				_ = yym9
-				if false {
-				} else {
-					*((*string)(yyv8)) = r.DecodeString()
-				}
-			}
-		case "TTL":
-			if r.TryDecodeAsNil() {
-				x.TTL = 0
-			} else {
-				yyv10 := &x.TTL
-				yym11 := z.DecBinary()
-				_ = yym11
-				if false {
-				} else if z.HasExtensions() && z.DecExt(yyv10) {
-				} else {
-					*((*int64)(yyv10)) = int64(r.DecodeInt(64))
-				}
-			}
-		default:
-			z.DecStructFieldNotFound(-1, yys3)
-		} // end switch yys3
-	} // end for yyj3
-	r.ReadMapEnd()
-}
-
-func (x *createInOrderAction) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-	var yyj12 int
-	var yyb12 bool
-	var yyhl12 bool = l >= 0
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Prefix = ""
-	} else {
-		yyv13 := &x.Prefix
-		yym14 := z.DecBinary()
-		_ = yym14
-		if false {
-		} else {
-			*((*string)(yyv13)) = r.DecodeString()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Dir = ""
-	} else {
-		yyv15 := &x.Dir
-		yym16 := z.DecBinary()
-		_ = yym16
-		if false {
-		} else {
-			*((*string)(yyv15)) = r.DecodeString()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.Value = ""
-	} else {
-		yyv17 := &x.Value
-		yym18 := z.DecBinary()
-		_ = yym18
-		if false {
-		} else {
-			*((*string)(yyv17)) = r.DecodeString()
-		}
-	}
-	yyj12++
-	if yyhl12 {
-		yyb12 = yyj12 > l
-	} else {
-		yyb12 = r.CheckBreak()
-	}
-	if yyb12 {
-		r.ReadArrayEnd()
-		return
-	}
-	r.ReadArrayElem()
-	if r.TryDecodeAsNil() {
-		x.TTL = 0
-	} else {
-		yyv19 := &x.TTL
-		yym20 := z.DecBinary()
-		_ = yym20
-		if false {
-		} else if z.HasExtensions() && z.DecExt(yyv19) {
-		} else {
-			*((*int64)(yyv19)) = int64(r.DecodeInt(64))
-		}
-	}
-	for {
-		yyj12++
-		if yyhl12 {
-			yyb12 = yyj12 > l
-		} else {
-			yyb12 = r.CheckBreak()
-		}
-		if yyb12 {
-			break
-		}
-		r.ReadArrayElem()
-		z.DecStructFieldNotFound(yyj12-1, "")
-	}
-	r.ReadArrayEnd()
-}
-
-func (x codecSelfer7612) encNodes(v Nodes, e *codec1978.Encoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperEncoder(e)
-	_, _, _ = h, z, r
-	r.WriteArrayStart(len(v))
-	for _, yyv1 := range v {
-		r.WriteArrayElem()
-		if yyv1 == nil {
-			r.EncodeNil()
-		} else {
-			yyv1.CodecEncodeSelf(e)
-		}
-	}
-	r.WriteArrayEnd()
-}
-
-func (x codecSelfer7612) decNodes(v *Nodes, d *codec1978.Decoder) {
-	var h codecSelfer7612
-	z, r := codec1978.GenHelperDecoder(d)
-	_, _, _ = h, z, r
-
-	yyv1 := *v
-	yyh1, yyl1 := z.DecSliceHelperStart()
-	var yyc1 bool
-	_ = yyc1
-	if yyl1 == 0 {
-		if yyv1 == nil {
-			yyv1 = []*Node{}
-			yyc1 = true
-		} else if len(yyv1) != 0 {
-			yyv1 = yyv1[:0]
-			yyc1 = true
-		}
-	} else {
-		yyhl1 := yyl1 > 0
-		var yyrl1 int
-		_ = yyrl1
-		if yyhl1 {
-			if yyl1 > cap(yyv1) {
-				yyrl1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 8)
-				if yyrl1 <= cap(yyv1) {
-					yyv1 = yyv1[:yyrl1]
-				} else {
-					yyv1 = make([]*Node, yyrl1)
-				}
-				yyc1 = true
-			} else if yyl1 != len(yyv1) {
-				yyv1 = yyv1[:yyl1]
-				yyc1 = true
-			}
-		}
-		var yyj1 int
-		// var yydn1 bool
-		for ; (yyhl1 && yyj1 < yyl1) || !(yyhl1 || r.CheckBreak()); yyj1++ {
-			if yyj1 == 0 && len(yyv1) == 0 {
-				if yyhl1 {
-					yyrl1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 8)
-				} else {
-					yyrl1 = 8
-				}
-				yyv1 = make([]*Node, yyrl1)
-				yyc1 = true
-			}
-			yyh1.ElemContainerState(yyj1)
-			// yydn1 = r.TryDecodeAsNil()
-
-			// if indefinite, etc, then expand the slice if necessary
-			var yydb1 bool
-			if yyj1 >= len(yyv1) {
-				yyv1 = append(yyv1, nil)
-				yyc1 = true
-
-			}
-			if yydb1 {
-				z.DecSwallow()
-			} else {
-				if r.TryDecodeAsNil() {
-					if yyv1[yyj1] != nil {
-						*yyv1[yyj1] = Node{}
-					}
-				} else {
-					if yyv1[yyj1] == nil {
-						yyv1[yyj1] = new(Node)
-					}
-					yyw2 := yyv1[yyj1]
-					yyw2.CodecDecodeSelf(d)
-				}
-
-			}
-
-		}
-		if yyj1 < len(yyv1) {
-			yyv1 = yyv1[:yyj1]
-			yyc1 = true
-		} else if yyj1 == 0 && yyv1 == nil {
-			yyv1 = make([]*Node, 0)
-			yyc1 = true
-		}
-	}
-	yyh1.End()
-	if yyc1 {
-		*v = yyv1
-	}
-
-}
diff --git a/vendor/github.com/coreos/etcd/client/keys.go b/vendor/github.com/coreos/etcd/client/keys.go
index 8b9fd3f87a496..f8f2c7b186c22 100644
--- a/vendor/github.com/coreos/etcd/client/keys.go
+++ b/vendor/github.com/coreos/etcd/client/keys.go
@@ -14,8 +14,6 @@
 
 package client
 
-//go:generate codecgen -d 1819 -r "Node|Response|Nodes" -o keys.generated.go keys.go
-
 import (
 	"context"
 	"encoding/json"
@@ -28,7 +26,6 @@ import (
 	"time"
 
 	"github.com/coreos/etcd/pkg/pathutil"
-	"github.com/ugorji/go/codec"
 )
 
 const (
@@ -656,9 +653,11 @@ func unmarshalHTTPResponse(code int, header http.Header, body []byte) (res *Resp
 	return res, err
 }
 
+var jsonIterator = caseSensitiveJsonIterator()
+
 func unmarshalSuccessfulKeysResponse(header http.Header, body []byte) (*Response, error) {
 	var res Response
-	err := codec.NewDecoderBytes(body, new(codec.JsonHandle)).Decode(&res)
+	err := jsonIterator.Unmarshal(body, &res)
 	if err != nil {
 		return nil, ErrInvalidJSON
 	}
diff --git a/vendor/github.com/coreos/etcd/pkg/fileutil/dir_unix.go b/vendor/github.com/coreos/etcd/pkg/fileutil/dir_unix.go
index 58a77dfc1a99d..4ce15dc6bcf1f 100644
--- a/vendor/github.com/coreos/etcd/pkg/fileutil/dir_unix.go
+++ b/vendor/github.com/coreos/etcd/pkg/fileutil/dir_unix.go
@@ -18,5 +18,10 @@ package fileutil
 
 import "os"
 
+const (
+	// PrivateDirMode grants owner to make/remove files inside the directory.
+	PrivateDirMode = 0700
+)
+
 // OpenDir opens a directory for syncing.
 func OpenDir(path string) (*os.File, error) { return os.Open(path) }
diff --git a/vendor/github.com/coreos/etcd/pkg/fileutil/dir_windows.go b/vendor/github.com/coreos/etcd/pkg/fileutil/dir_windows.go
index c123395c0040e..a10a90583c798 100644
--- a/vendor/github.com/coreos/etcd/pkg/fileutil/dir_windows.go
+++ b/vendor/github.com/coreos/etcd/pkg/fileutil/dir_windows.go
@@ -21,6 +21,11 @@ import (
 	"syscall"
 )
 
+const (
+	// PrivateDirMode grants owner to make/remove files inside the directory.
+	PrivateDirMode = 0777
+)
+
 // OpenDir opens a directory in windows with write access for syncing.
 func OpenDir(path string) (*os.File, error) {
 	fd, err := openDir(path)
diff --git a/vendor/github.com/coreos/etcd/pkg/fileutil/fileutil.go b/vendor/github.com/coreos/etcd/pkg/fileutil/fileutil.go
index fce5126c6956d..3c73916a1e1c6 100644
--- a/vendor/github.com/coreos/etcd/pkg/fileutil/fileutil.go
+++ b/vendor/github.com/coreos/etcd/pkg/fileutil/fileutil.go
@@ -29,8 +29,6 @@ import (
 const (
 	// PrivateFileMode grants owner to read/write a file.
 	PrivateFileMode = 0600
-	// PrivateDirMode grants owner to make/remove files inside the directory.
-	PrivateDirMode = 0700
 )
 
 var (
@@ -65,14 +63,22 @@ func ReadDir(dirpath string) ([]string, error) {
 // TouchDirAll is similar to os.MkdirAll. It creates directories with 0700 permission if any directory
 // does not exists. TouchDirAll also ensures the given directory is writable.
 func TouchDirAll(dir string) error {
-	// If path is already a directory, MkdirAll does nothing
-	// and returns nil.
-	err := os.MkdirAll(dir, PrivateDirMode)
-	if err != nil {
-		// if mkdirAll("a/text") and "text" is not
-		// a directory, this will return syscall.ENOTDIR
-		return err
+	// If path is already a directory, MkdirAll does nothing and returns nil, so,
+	// first check if dir exist with an expected permission mode.
+	if Exist(dir) {
+		err := CheckDirPermission(dir, PrivateDirMode)
+		if err != nil {
+			plog.Warningf("check file permission: %v", err)
+		}
+	} else {
+		err := os.MkdirAll(dir, PrivateDirMode)
+		if err != nil {
+			// if mkdirAll("a/text") and "text" is not
+			// a directory, this will return syscall.ENOTDIR
+			return err
+		}
 	}
+
 	return IsDirWriteable(dir)
 }
 
@@ -120,3 +126,22 @@ func ZeroToEnd(f *os.File) error {
 	_, err = f.Seek(off, io.SeekStart)
 	return err
 }
+
+// CheckDirPermission checks permission on an existing dir.
+// Returns error if dir is empty or exist with a different permission than specified.
+func CheckDirPermission(dir string, perm os.FileMode) error {
+	if !Exist(dir) {
+		return fmt.Errorf("directory %q empty, cannot check permission.", dir)
+	}
+	//check the existing permission on the directory
+	dirInfo, err := os.Stat(dir)
+	if err != nil {
+		return err
+	}
+	dirMode := dirInfo.Mode().Perm()
+	if dirMode != perm {
+		err = fmt.Errorf("directory %q exist, but the permission is %q. The recommended permission is %q to prevent possible unprivileged access to the data.", dir, dirInfo.Mode(), os.FileMode(PrivateDirMode))
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/coreos/etcd/pkg/fileutil/purge.go b/vendor/github.com/coreos/etcd/pkg/fileutil/purge.go
index 92fceab017f31..c97368069198f 100644
--- a/vendor/github.com/coreos/etcd/pkg/fileutil/purge.go
+++ b/vendor/github.com/coreos/etcd/pkg/fileutil/purge.go
@@ -23,13 +23,23 @@ import (
 )
 
 func PurgeFile(dirname string, suffix string, max uint, interval time.Duration, stop <-chan struct{}) <-chan error {
-	return purgeFile(dirname, suffix, max, interval, stop, nil)
+	return purgeFile(dirname, suffix, max, interval, stop, nil, nil)
+}
+
+func PurgeFileWithDoneNotify(dirname string, suffix string, max uint, interval time.Duration, stop <-chan struct{}) (<-chan struct{}, <-chan error) {
+	doneC := make(chan struct{})
+	errC := purgeFile(dirname, suffix, max, interval, stop, nil, doneC)
+	return doneC, errC
 }
 
 // purgeFile is the internal implementation for PurgeFile which can post purged files to purgec if non-nil.
-func purgeFile(dirname string, suffix string, max uint, interval time.Duration, stop <-chan struct{}, purgec chan<- string) <-chan error {
+// if donec is non-nil, the function closes it to notify its exit.
+func purgeFile(dirname string, suffix string, max uint, interval time.Duration, stop <-chan struct{}, purgec chan<- string, donec chan<- struct{}) <-chan error {
 	errC := make(chan error, 1)
 	go func() {
+		if donec != nil {
+			defer close(donec)
+		}
 		for {
 			fnames, err := ReadDir(dirname)
 			if err != nil {
diff --git a/vendor/github.com/coreos/etcd/pkg/ioutil/pagewriter.go b/vendor/github.com/coreos/etcd/pkg/ioutil/pagewriter.go
index 72de1593d3adf..cf9a8dc664dcd 100644
--- a/vendor/github.com/coreos/etcd/pkg/ioutil/pagewriter.go
+++ b/vendor/github.com/coreos/etcd/pkg/ioutil/pagewriter.go
@@ -95,12 +95,23 @@ func (pw *PageWriter) Write(p []byte) (n int, err error) {
 	return n, werr
 }
 
+// Flush flushes buffered data.
 func (pw *PageWriter) Flush() error {
+	_, err := pw.flush()
+	return err
+}
+
+// FlushN flushes buffered data and returns the number of written bytes.
+func (pw *PageWriter) FlushN() (int, error) {
+	return pw.flush()
+}
+
+func (pw *PageWriter) flush() (int, error) {
 	if pw.bufferedBytes == 0 {
-		return nil
+		return 0, nil
 	}
-	_, err := pw.w.Write(pw.buf[:pw.bufferedBytes])
+	n, err := pw.w.Write(pw.buf[:pw.bufferedBytes])
 	pw.pageOffset = (pw.pageOffset + pw.bufferedBytes) % pw.pageBytes
 	pw.bufferedBytes = 0
-	return err
+	return n, err
 }
diff --git a/vendor/github.com/coreos/etcd/raft/logger.go b/vendor/github.com/coreos/etcd/raft/logger.go
index 92e55b373e1d4..426a77d344548 100644
--- a/vendor/github.com/coreos/etcd/raft/logger.go
+++ b/vendor/github.com/coreos/etcd/raft/logger.go
@@ -114,7 +114,7 @@ func (l *DefaultLogger) Fatalf(format string, v ...interface{}) {
 }
 
 func (l *DefaultLogger) Panic(v ...interface{}) {
-	l.Logger.Panic(v)
+	l.Logger.Panic(v...)
 }
 
 func (l *DefaultLogger) Panicf(format string, v ...interface{}) {
diff --git a/vendor/github.com/coreos/etcd/raft/raft.go b/vendor/github.com/coreos/etcd/raft/raft.go
index b4c0f0248ca28..22ff138e9c495 100644
--- a/vendor/github.com/coreos/etcd/raft/raft.go
+++ b/vendor/github.com/coreos/etcd/raft/raft.go
@@ -663,6 +663,7 @@ func (r *raft) becomePreCandidate() {
 	r.step = stepCandidate
 	r.votes = make(map[uint64]bool)
 	r.tick = r.tickElection
+	r.lead = None
 	r.state = StatePreCandidate
 	r.logger.Infof("%x became pre-candidate at term %d", r.id, r.Term)
 }
diff --git a/vendor/github.com/coreos/etcd/raft/raftpb/raft.pb.go b/vendor/github.com/coreos/etcd/raft/raftpb/raft.pb.go
index fd9ee3729ecb6..753bd84ac6217 100644
--- a/vendor/github.com/coreos/etcd/raft/raftpb/raft.pb.go
+++ b/vendor/github.com/coreos/etcd/raft/raftpb/raft.pb.go
@@ -1,33 +1,16 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: raft.proto
 
-/*
-	Package raftpb is a generated protocol buffer package.
-
-	It is generated from these files:
-		raft.proto
-
-	It has these top-level messages:
-		Entry
-		SnapshotMetadata
-		Snapshot
-		Message
-		HardState
-		ConfState
-		ConfChange
-*/
 package raftpb
 
 import (
-	"fmt"
-
-	proto "github.com/golang/protobuf/proto"
-
+	fmt "fmt"
+	io "io"
 	math "math"
+	math_bits "math/bits"
 
 	_ "github.com/gogo/protobuf/gogoproto"
-
-	io "io"
+	proto "github.com/golang/protobuf/proto"
 )
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -52,6 +35,7 @@ var EntryType_name = map[int32]string{
 	0: "EntryNormal",
 	1: "EntryConfChange",
 }
+
 var EntryType_value = map[string]int32{
 	"EntryNormal":     0,
 	"EntryConfChange": 1,
@@ -62,9 +46,11 @@ func (x EntryType) Enum() *EntryType {
 	*p = x
 	return p
 }
+
 func (x EntryType) String() string {
 	return proto.EnumName(EntryType_name, int32(x))
 }
+
 func (x *EntryType) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(EntryType_value, data, "EntryType")
 	if err != nil {
@@ -73,7 +59,10 @@ func (x *EntryType) UnmarshalJSON(data []byte) error {
 	*x = EntryType(value)
 	return nil
 }
-func (EntryType) EnumDescriptor() ([]byte, []int) { return fileDescriptorRaft, []int{0} }
+
+func (EntryType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{0}
+}
 
 type MessageType int32
 
@@ -120,6 +109,7 @@ var MessageType_name = map[int32]string{
 	17: "MsgPreVote",
 	18: "MsgPreVoteResp",
 }
+
 var MessageType_value = map[string]int32{
 	"MsgHup":            0,
 	"MsgBeat":           1,
@@ -147,9 +137,11 @@ func (x MessageType) Enum() *MessageType {
 	*p = x
 	return p
 }
+
 func (x MessageType) String() string {
 	return proto.EnumName(MessageType_name, int32(x))
 }
+
 func (x *MessageType) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(MessageType_value, data, "MessageType")
 	if err != nil {
@@ -158,7 +150,10 @@ func (x *MessageType) UnmarshalJSON(data []byte) error {
 	*x = MessageType(value)
 	return nil
 }
-func (MessageType) EnumDescriptor() ([]byte, []int) { return fileDescriptorRaft, []int{1} }
+
+func (MessageType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{1}
+}
 
 type ConfChangeType int32
 
@@ -175,6 +170,7 @@ var ConfChangeType_name = map[int32]string{
 	2: "ConfChangeUpdateNode",
 	3: "ConfChangeAddLearnerNode",
 }
+
 var ConfChangeType_value = map[string]int32{
 	"ConfChangeAddNode":        0,
 	"ConfChangeRemoveNode":     1,
@@ -187,9 +183,11 @@ func (x ConfChangeType) Enum() *ConfChangeType {
 	*p = x
 	return p
 }
+
 func (x ConfChangeType) String() string {
 	return proto.EnumName(ConfChangeType_name, int32(x))
 }
+
 func (x *ConfChangeType) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(ConfChangeType_value, data, "ConfChangeType")
 	if err != nil {
@@ -198,102 +196,318 @@ func (x *ConfChangeType) UnmarshalJSON(data []byte) error {
 	*x = ConfChangeType(value)
 	return nil
 }
-func (ConfChangeType) EnumDescriptor() ([]byte, []int) { return fileDescriptorRaft, []int{2} }
+
+func (ConfChangeType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{2}
+}
 
 type Entry struct {
-	Term             uint64    `protobuf:"varint,2,opt,name=Term" json:"Term"`
-	Index            uint64    `protobuf:"varint,3,opt,name=Index" json:"Index"`
-	Type             EntryType `protobuf:"varint,1,opt,name=Type,enum=raftpb.EntryType" json:"Type"`
-	Data             []byte    `protobuf:"bytes,4,opt,name=Data" json:"Data,omitempty"`
-	XXX_unrecognized []byte    `json:"-"`
+	Term                 uint64    `protobuf:"varint,2,opt,name=Term" json:"Term"`
+	Index                uint64    `protobuf:"varint,3,opt,name=Index" json:"Index"`
+	Type                 EntryType `protobuf:"varint,1,opt,name=Type,enum=raftpb.EntryType" json:"Type"`
+	Data                 []byte    `protobuf:"bytes,4,opt,name=Data" json:"Data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
 }
 
-func (m *Entry) Reset()                    { *m = Entry{} }
-func (m *Entry) String() string            { return proto.CompactTextString(m) }
-func (*Entry) ProtoMessage()               {}
-func (*Entry) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{0} }
+func (m *Entry) Reset()         { *m = Entry{} }
+func (m *Entry) String() string { return proto.CompactTextString(m) }
+func (*Entry) ProtoMessage()    {}
+func (*Entry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{0}
+}
+func (m *Entry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Entry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Entry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Entry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Entry.Merge(m, src)
+}
+func (m *Entry) XXX_Size() int {
+	return m.Size()
+}
+func (m *Entry) XXX_DiscardUnknown() {
+	xxx_messageInfo_Entry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Entry proto.InternalMessageInfo
 
 type SnapshotMetadata struct {
-	ConfState        ConfState `protobuf:"bytes,1,opt,name=conf_state,json=confState" json:"conf_state"`
-	Index            uint64    `protobuf:"varint,2,opt,name=index" json:"index"`
-	Term             uint64    `protobuf:"varint,3,opt,name=term" json:"term"`
-	XXX_unrecognized []byte    `json:"-"`
+	ConfState            ConfState `protobuf:"bytes,1,opt,name=conf_state,json=confState" json:"conf_state"`
+	Index                uint64    `protobuf:"varint,2,opt,name=index" json:"index"`
+	Term                 uint64    `protobuf:"varint,3,opt,name=term" json:"term"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
 }
 
-func (m *SnapshotMetadata) Reset()                    { *m = SnapshotMetadata{} }
-func (m *SnapshotMetadata) String() string            { return proto.CompactTextString(m) }
-func (*SnapshotMetadata) ProtoMessage()               {}
-func (*SnapshotMetadata) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{1} }
+func (m *SnapshotMetadata) Reset()         { *m = SnapshotMetadata{} }
+func (m *SnapshotMetadata) String() string { return proto.CompactTextString(m) }
+func (*SnapshotMetadata) ProtoMessage()    {}
+func (*SnapshotMetadata) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{1}
+}
+func (m *SnapshotMetadata) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SnapshotMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SnapshotMetadata.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SnapshotMetadata) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SnapshotMetadata.Merge(m, src)
+}
+func (m *SnapshotMetadata) XXX_Size() int {
+	return m.Size()
+}
+func (m *SnapshotMetadata) XXX_DiscardUnknown() {
+	xxx_messageInfo_SnapshotMetadata.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SnapshotMetadata proto.InternalMessageInfo
 
 type Snapshot struct {
-	Data             []byte           `protobuf:"bytes,1,opt,name=data" json:"data,omitempty"`
-	Metadata         SnapshotMetadata `protobuf:"bytes,2,opt,name=metadata" json:"metadata"`
-	XXX_unrecognized []byte           `json:"-"`
+	Data                 []byte           `protobuf:"bytes,1,opt,name=data" json:"data,omitempty"`
+	Metadata             SnapshotMetadata `protobuf:"bytes,2,opt,name=metadata" json:"metadata"`
+	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
+	XXX_unrecognized     []byte           `json:"-"`
+	XXX_sizecache        int32            `json:"-"`
 }
 
-func (m *Snapshot) Reset()                    { *m = Snapshot{} }
-func (m *Snapshot) String() string            { return proto.CompactTextString(m) }
-func (*Snapshot) ProtoMessage()               {}
-func (*Snapshot) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{2} }
+func (m *Snapshot) Reset()         { *m = Snapshot{} }
+func (m *Snapshot) String() string { return proto.CompactTextString(m) }
+func (*Snapshot) ProtoMessage()    {}
+func (*Snapshot) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{2}
+}
+func (m *Snapshot) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Snapshot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Snapshot.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Snapshot) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Snapshot.Merge(m, src)
+}
+func (m *Snapshot) XXX_Size() int {
+	return m.Size()
+}
+func (m *Snapshot) XXX_DiscardUnknown() {
+	xxx_messageInfo_Snapshot.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Snapshot proto.InternalMessageInfo
 
 type Message struct {
-	Type             MessageType `protobuf:"varint,1,opt,name=type,enum=raftpb.MessageType" json:"type"`
-	To               uint64      `protobuf:"varint,2,opt,name=to" json:"to"`
-	From             uint64      `protobuf:"varint,3,opt,name=from" json:"from"`
-	Term             uint64      `protobuf:"varint,4,opt,name=term" json:"term"`
-	LogTerm          uint64      `protobuf:"varint,5,opt,name=logTerm" json:"logTerm"`
-	Index            uint64      `protobuf:"varint,6,opt,name=index" json:"index"`
-	Entries          []Entry     `protobuf:"bytes,7,rep,name=entries" json:"entries"`
-	Commit           uint64      `protobuf:"varint,8,opt,name=commit" json:"commit"`
-	Snapshot         Snapshot    `protobuf:"bytes,9,opt,name=snapshot" json:"snapshot"`
-	Reject           bool        `protobuf:"varint,10,opt,name=reject" json:"reject"`
-	RejectHint       uint64      `protobuf:"varint,11,opt,name=rejectHint" json:"rejectHint"`
-	Context          []byte      `protobuf:"bytes,12,opt,name=context" json:"context,omitempty"`
-	XXX_unrecognized []byte      `json:"-"`
-}
-
-func (m *Message) Reset()                    { *m = Message{} }
-func (m *Message) String() string            { return proto.CompactTextString(m) }
-func (*Message) ProtoMessage()               {}
-func (*Message) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{3} }
+	Type                 MessageType `protobuf:"varint,1,opt,name=type,enum=raftpb.MessageType" json:"type"`
+	To                   uint64      `protobuf:"varint,2,opt,name=to" json:"to"`
+	From                 uint64      `protobuf:"varint,3,opt,name=from" json:"from"`
+	Term                 uint64      `protobuf:"varint,4,opt,name=term" json:"term"`
+	LogTerm              uint64      `protobuf:"varint,5,opt,name=logTerm" json:"logTerm"`
+	Index                uint64      `protobuf:"varint,6,opt,name=index" json:"index"`
+	Entries              []Entry     `protobuf:"bytes,7,rep,name=entries" json:"entries"`
+	Commit               uint64      `protobuf:"varint,8,opt,name=commit" json:"commit"`
+	Snapshot             Snapshot    `protobuf:"bytes,9,opt,name=snapshot" json:"snapshot"`
+	Reject               bool        `protobuf:"varint,10,opt,name=reject" json:"reject"`
+	RejectHint           uint64      `protobuf:"varint,11,opt,name=rejectHint" json:"rejectHint"`
+	Context              []byte      `protobuf:"bytes,12,opt,name=context" json:"context,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *Message) Reset()         { *m = Message{} }
+func (m *Message) String() string { return proto.CompactTextString(m) }
+func (*Message) ProtoMessage()    {}
+func (*Message) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{3}
+}
+func (m *Message) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Message) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Message.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Message) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Message.Merge(m, src)
+}
+func (m *Message) XXX_Size() int {
+	return m.Size()
+}
+func (m *Message) XXX_DiscardUnknown() {
+	xxx_messageInfo_Message.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Message proto.InternalMessageInfo
 
 type HardState struct {
-	Term             uint64 `protobuf:"varint,1,opt,name=term" json:"term"`
-	Vote             uint64 `protobuf:"varint,2,opt,name=vote" json:"vote"`
-	Commit           uint64 `protobuf:"varint,3,opt,name=commit" json:"commit"`
-	XXX_unrecognized []byte `json:"-"`
+	Term                 uint64   `protobuf:"varint,1,opt,name=term" json:"term"`
+	Vote                 uint64   `protobuf:"varint,2,opt,name=vote" json:"vote"`
+	Commit               uint64   `protobuf:"varint,3,opt,name=commit" json:"commit"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *HardState) Reset()                    { *m = HardState{} }
-func (m *HardState) String() string            { return proto.CompactTextString(m) }
-func (*HardState) ProtoMessage()               {}
-func (*HardState) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{4} }
+func (m *HardState) Reset()         { *m = HardState{} }
+func (m *HardState) String() string { return proto.CompactTextString(m) }
+func (*HardState) ProtoMessage()    {}
+func (*HardState) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{4}
+}
+func (m *HardState) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HardState) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_HardState.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *HardState) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HardState.Merge(m, src)
+}
+func (m *HardState) XXX_Size() int {
+	return m.Size()
+}
+func (m *HardState) XXX_DiscardUnknown() {
+	xxx_messageInfo_HardState.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HardState proto.InternalMessageInfo
 
 type ConfState struct {
-	Nodes            []uint64 `protobuf:"varint,1,rep,name=nodes" json:"nodes,omitempty"`
-	Learners         []uint64 `protobuf:"varint,2,rep,name=learners" json:"learners,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	Nodes                []uint64 `protobuf:"varint,1,rep,name=nodes" json:"nodes,omitempty"`
+	Learners             []uint64 `protobuf:"varint,2,rep,name=learners" json:"learners,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *ConfState) Reset()                    { *m = ConfState{} }
-func (m *ConfState) String() string            { return proto.CompactTextString(m) }
-func (*ConfState) ProtoMessage()               {}
-func (*ConfState) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{5} }
+func (m *ConfState) Reset()         { *m = ConfState{} }
+func (m *ConfState) String() string { return proto.CompactTextString(m) }
+func (*ConfState) ProtoMessage()    {}
+func (*ConfState) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{5}
+}
+func (m *ConfState) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ConfState) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ConfState.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ConfState) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ConfState.Merge(m, src)
+}
+func (m *ConfState) XXX_Size() int {
+	return m.Size()
+}
+func (m *ConfState) XXX_DiscardUnknown() {
+	xxx_messageInfo_ConfState.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ConfState proto.InternalMessageInfo
 
 type ConfChange struct {
-	ID               uint64         `protobuf:"varint,1,opt,name=ID" json:"ID"`
-	Type             ConfChangeType `protobuf:"varint,2,opt,name=Type,enum=raftpb.ConfChangeType" json:"Type"`
-	NodeID           uint64         `protobuf:"varint,3,opt,name=NodeID" json:"NodeID"`
-	Context          []byte         `protobuf:"bytes,4,opt,name=Context" json:"Context,omitempty"`
-	XXX_unrecognized []byte         `json:"-"`
+	ID                   uint64         `protobuf:"varint,1,opt,name=ID" json:"ID"`
+	Type                 ConfChangeType `protobuf:"varint,2,opt,name=Type,enum=raftpb.ConfChangeType" json:"Type"`
+	NodeID               uint64         `protobuf:"varint,3,opt,name=NodeID" json:"NodeID"`
+	Context              []byte         `protobuf:"bytes,4,opt,name=Context" json:"Context,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *ConfChange) Reset()         { *m = ConfChange{} }
+func (m *ConfChange) String() string { return proto.CompactTextString(m) }
+func (*ConfChange) ProtoMessage()    {}
+func (*ConfChange) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b042552c306ae59b, []int{6}
+}
+func (m *ConfChange) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ConfChange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ConfChange.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ConfChange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ConfChange.Merge(m, src)
+}
+func (m *ConfChange) XXX_Size() int {
+	return m.Size()
+}
+func (m *ConfChange) XXX_DiscardUnknown() {
+	xxx_messageInfo_ConfChange.DiscardUnknown(m)
 }
 
-func (m *ConfChange) Reset()                    { *m = ConfChange{} }
-func (m *ConfChange) String() string            { return proto.CompactTextString(m) }
-func (*ConfChange) ProtoMessage()               {}
-func (*ConfChange) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{6} }
+var xxx_messageInfo_ConfChange proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("raftpb.EntryType", EntryType_name, EntryType_value)
+	proto.RegisterEnum("raftpb.MessageType", MessageType_name, MessageType_value)
+	proto.RegisterEnum("raftpb.ConfChangeType", ConfChangeType_name, ConfChangeType_value)
 	proto.RegisterType((*Entry)(nil), "raftpb.Entry")
 	proto.RegisterType((*SnapshotMetadata)(nil), "raftpb.SnapshotMetadata")
 	proto.RegisterType((*Snapshot)(nil), "raftpb.Snapshot")
@@ -301,14 +515,69 @@ func init() {
 	proto.RegisterType((*HardState)(nil), "raftpb.HardState")
 	proto.RegisterType((*ConfState)(nil), "raftpb.ConfState")
 	proto.RegisterType((*ConfChange)(nil), "raftpb.ConfChange")
-	proto.RegisterEnum("raftpb.EntryType", EntryType_name, EntryType_value)
-	proto.RegisterEnum("raftpb.MessageType", MessageType_name, MessageType_value)
-	proto.RegisterEnum("raftpb.ConfChangeType", ConfChangeType_name, ConfChangeType_value)
 }
+
+func init() { proto.RegisterFile("raft.proto", fileDescriptor_b042552c306ae59b) }
+
+var fileDescriptor_b042552c306ae59b = []byte{
+	// 816 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x54, 0xcd, 0x6e, 0x23, 0x45,
+	0x10, 0xf6, 0x8c, 0xc7, 0x7f, 0x35, 0x8e, 0xd3, 0xa9, 0x35, 0xa8, 0x15, 0x45, 0xc6, 0xb2, 0x38,
+	0x58, 0x41, 0x1b, 0x20, 0x07, 0x0e, 0x48, 0x1c, 0x36, 0x09, 0x52, 0x22, 0xad, 0xa3, 0xc5, 0x9b,
+	0xe5, 0x80, 0x84, 0x50, 0xc7, 0x53, 0x9e, 0x18, 0x32, 0xd3, 0xa3, 0x9e, 0xf6, 0xb2, 0xb9, 0x20,
+	0x1e, 0x80, 0x07, 0xe0, 0xc2, 0xfb, 0xe4, 0xb8, 0x12, 0x77, 0xc4, 0x86, 0x17, 0x41, 0xdd, 0xd3,
+	0x63, 0xcf, 0x24, 0xb7, 0xae, 0xaf, 0x6a, 0xbe, 0xfa, 0xbe, 0xea, 0xea, 0x01, 0x50, 0x62, 0xa9,
+	0x8f, 0x32, 0x25, 0xb5, 0xc4, 0xb6, 0x39, 0x67, 0xd7, 0xfb, 0xc3, 0x58, 0xc6, 0xd2, 0x42, 0x9f,
+	0x9b, 0x53, 0x91, 0x9d, 0xfc, 0x06, 0xad, 0x6f, 0x53, 0xad, 0xee, 0x90, 0x43, 0x70, 0x45, 0x2a,
+	0xe1, 0xfe, 0xd8, 0x9b, 0x06, 0x27, 0xc1, 0xfd, 0x3f, 0x9f, 0x34, 0xe6, 0x16, 0xc1, 0x7d, 0x68,
+	0x5d, 0xa4, 0x11, 0xbd, 0xe3, 0xcd, 0x4a, 0xaa, 0x80, 0xf0, 0x33, 0x08, 0xae, 0xee, 0x32, 0xe2,
+	0xde, 0xd8, 0x9b, 0x0e, 0x8e, 0xf7, 0x8e, 0x8a, 0x5e, 0x47, 0x96, 0xd2, 0x24, 0x36, 0x44, 0x77,
+	0x19, 0x21, 0x42, 0x70, 0x26, 0xb4, 0xe0, 0xc1, 0xd8, 0x9b, 0xf6, 0xe7, 0xf6, 0x3c, 0xf9, 0xdd,
+	0x03, 0xf6, 0x3a, 0x15, 0x59, 0x7e, 0x23, 0xf5, 0x8c, 0xb4, 0x88, 0x84, 0x16, 0xf8, 0x15, 0xc0,
+	0x42, 0xa6, 0xcb, 0x9f, 0x72, 0x2d, 0x74, 0xc1, 0x1d, 0x6e, 0xb9, 0x4f, 0x65, 0xba, 0x7c, 0x6d,
+	0x12, 0x8e, 0xbb, 0xb7, 0x28, 0x01, 0xa3, 0x74, 0x65, 0x95, 0x56, 0x4d, 0x14, 0x90, 0xf1, 0xa7,
+	0x8d, 0xbf, 0xaa, 0x09, 0x8b, 0x4c, 0x7e, 0x80, 0x6e, 0xa9, 0xc0, 0x48, 0x34, 0x0a, 0x6c, 0xcf,
+	0xfe, 0xdc, 0x9e, 0xf1, 0x6b, 0xe8, 0x26, 0x4e, 0x99, 0x25, 0x0e, 0x8f, 0x79, 0xa9, 0xe5, 0xb1,
+	0x72, 0xc7, 0xbb, 0xa9, 0x9f, 0xfc, 0xd5, 0x84, 0xce, 0x8c, 0xf2, 0x5c, 0xc4, 0x84, 0xcf, 0x21,
+	0xd0, 0xdb, 0x59, 0x3d, 0x2b, 0x39, 0x5c, 0xba, 0x3a, 0x2d, 0x53, 0x86, 0x43, 0xf0, 0xb5, 0xac,
+	0x39, 0xf1, 0xb5, 0x34, 0x36, 0x96, 0x4a, 0x3e, 0xb2, 0x61, 0x90, 0x8d, 0xc1, 0xe0, 0xb1, 0x41,
+	0x1c, 0x41, 0xe7, 0x56, 0xc6, 0xf6, 0x76, 0x5b, 0x95, 0x64, 0x09, 0x6e, 0xc7, 0xd6, 0x7e, 0x3a,
+	0xb6, 0xe7, 0xd0, 0xa1, 0x54, 0xab, 0x15, 0xe5, 0xbc, 0x33, 0x6e, 0x4e, 0xc3, 0xe3, 0x9d, 0xda,
+	0x1d, 0x97, 0x54, 0xae, 0x06, 0x0f, 0xa0, 0xbd, 0x90, 0x49, 0xb2, 0xd2, 0xbc, 0x5b, 0xe1, 0x72,
+	0x18, 0x1e, 0x43, 0x37, 0x77, 0x13, 0xe3, 0x3d, 0x3b, 0x49, 0xf6, 0x78, 0x92, 0xe5, 0x04, 0xcb,
+	0x3a, 0xc3, 0xa8, 0xe8, 0x67, 0x5a, 0x68, 0x0e, 0x63, 0x6f, 0xda, 0x2d, 0x19, 0x0b, 0x0c, 0x3f,
+	0x05, 0x28, 0x4e, 0xe7, 0xab, 0x54, 0xf3, 0xb0, 0xd2, 0xb3, 0x82, 0x23, 0x87, 0xce, 0x42, 0xa6,
+	0x9a, 0xde, 0x69, 0xde, 0xb7, 0x17, 0x5b, 0x86, 0x93, 0x1f, 0xa1, 0x77, 0x2e, 0x54, 0x54, 0xac,
+	0x4f, 0x39, 0x41, 0xef, 0xc9, 0x04, 0x39, 0x04, 0x6f, 0xa5, 0xa6, 0xfa, 0xe3, 0x30, 0x48, 0xc5,
+	0x70, 0xf3, 0xa9, 0xe1, 0xc9, 0x37, 0xd0, 0xdb, 0xac, 0x2b, 0x0e, 0xa1, 0x95, 0xca, 0x88, 0x72,
+	0xee, 0x8d, 0x9b, 0xd3, 0x60, 0x5e, 0x04, 0xb8, 0x0f, 0xdd, 0x5b, 0x12, 0x2a, 0x25, 0x95, 0x73,
+	0xdf, 0x26, 0x36, 0xf1, 0xe4, 0x0f, 0x0f, 0xc0, 0x7c, 0x7f, 0x7a, 0x23, 0xd2, 0xd8, 0x6e, 0xc4,
+	0xc5, 0x59, 0x4d, 0x9d, 0x7f, 0x71, 0x86, 0x5f, 0xb8, 0x27, 0xe8, 0xdb, 0xb5, 0xfa, 0xb8, 0xfa,
+	0x4c, 0x8a, 0xef, 0x9e, 0xbc, 0xc3, 0x03, 0x68, 0x5f, 0xca, 0x88, 0x2e, 0xce, 0xea, 0x9a, 0x0b,
+	0xcc, 0x0c, 0xeb, 0xd4, 0x0d, 0xab, 0x78, 0xa8, 0x65, 0x78, 0xf8, 0x25, 0xf4, 0x36, 0x0f, 0x1b,
+	0x77, 0x21, 0xb4, 0xc1, 0xa5, 0x54, 0x89, 0xb8, 0x65, 0x0d, 0x7c, 0x06, 0xbb, 0x16, 0xd8, 0x36,
+	0x66, 0xde, 0xe1, 0xdf, 0x3e, 0x84, 0x95, 0x05, 0x47, 0x80, 0xf6, 0x2c, 0x8f, 0xcf, 0xd7, 0x19,
+	0x6b, 0x60, 0x08, 0x9d, 0x59, 0x1e, 0x9f, 0x90, 0xd0, 0xcc, 0x73, 0xc1, 0x2b, 0x25, 0x33, 0xe6,
+	0xbb, 0xaa, 0x17, 0x59, 0xc6, 0x9a, 0x38, 0x00, 0x28, 0xce, 0x73, 0xca, 0x33, 0x16, 0xb8, 0xc2,
+	0xef, 0xa5, 0x26, 0xd6, 0x32, 0x22, 0x5c, 0x60, 0xb3, 0x6d, 0x97, 0x35, 0xcb, 0xc4, 0x3a, 0xc8,
+	0xa0, 0x6f, 0x9a, 0x91, 0x50, 0xfa, 0xda, 0x74, 0xe9, 0xe2, 0x10, 0x58, 0x15, 0xb1, 0x1f, 0xf5,
+	0x10, 0x61, 0x30, 0xcb, 0xe3, 0x37, 0xa9, 0x22, 0xb1, 0xb8, 0x11, 0xd7, 0xb7, 0xc4, 0x00, 0xf7,
+	0x60, 0xc7, 0x11, 0x99, 0xcb, 0x5b, 0xe7, 0x2c, 0x74, 0x65, 0xa7, 0x37, 0xb4, 0xf8, 0xe5, 0xbb,
+	0xb5, 0x54, 0xeb, 0x84, 0xf5, 0xf1, 0x23, 0xd8, 0x9b, 0xe5, 0xf1, 0x95, 0x12, 0x69, 0xbe, 0x24,
+	0xf5, 0x92, 0x44, 0x44, 0x8a, 0xed, 0xb8, 0xaf, 0xaf, 0x56, 0x09, 0xc9, 0xb5, 0xbe, 0x94, 0xbf,
+	0xb2, 0x81, 0x13, 0x33, 0x27, 0x11, 0xd9, 0x3f, 0x27, 0xdb, 0x75, 0x62, 0x36, 0x88, 0x15, 0xc3,
+	0x9c, 0xdf, 0x57, 0x8a, 0xac, 0xc5, 0x3d, 0xd7, 0xd5, 0xc5, 0xb6, 0x06, 0x0f, 0xef, 0x60, 0x50,
+	0xbf, 0x5e, 0xa3, 0x63, 0x8b, 0xbc, 0x88, 0x22, 0x73, 0x97, 0xac, 0x81, 0x1c, 0x86, 0x5b, 0x78,
+	0x4e, 0x89, 0x7c, 0x4b, 0x36, 0xe3, 0xd5, 0x33, 0x6f, 0xb2, 0x48, 0xe8, 0x22, 0xe3, 0xe3, 0x01,
+	0xf0, 0x1a, 0xd5, 0xcb, 0x62, 0x1b, 0x6d, 0xb6, 0x79, 0xc2, 0xef, 0x3f, 0x8c, 0x1a, 0xef, 0x3f,
+	0x8c, 0x1a, 0xf7, 0x0f, 0x23, 0xef, 0xfd, 0xc3, 0xc8, 0xfb, 0xf7, 0x61, 0xe4, 0xfd, 0xf9, 0xdf,
+	0xa8, 0xf1, 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x30, 0xe1, 0x02, 0x69, 0x74, 0x06, 0x00, 0x00,
+}
+
 func (m *Entry) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -316,35 +585,42 @@ func (m *Entry) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Entry) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Entry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0x8
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Type))
-	dAtA[i] = 0x10
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Term))
-	dAtA[i] = 0x18
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Index))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Data != nil {
-		dAtA[i] = 0x22
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintRaft(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
-	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+		i--
+		dAtA[i] = 0x22
 	}
-	return i, nil
+	i = encodeVarintRaft(dAtA, i, uint64(m.Index))
+	i--
+	dAtA[i] = 0x18
+	i = encodeVarintRaft(dAtA, i, uint64(m.Term))
+	i--
+	dAtA[i] = 0x10
+	i = encodeVarintRaft(dAtA, i, uint64(m.Type))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
 func (m *SnapshotMetadata) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -352,34 +628,42 @@ func (m *SnapshotMetadata) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SnapshotMetadata) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SnapshotMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.ConfState.Size()))
-	n1, err := m.ConfState.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n1
-	dAtA[i] = 0x10
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Index))
-	dAtA[i] = 0x18
-	i++
 	i = encodeVarintRaft(dAtA, i, uint64(m.Term))
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+	i--
+	dAtA[i] = 0x18
+	i = encodeVarintRaft(dAtA, i, uint64(m.Index))
+	i--
+	dAtA[i] = 0x10
+	{
+		size, err := m.ConfState.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintRaft(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *Snapshot) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -387,34 +671,43 @@ func (m *Snapshot) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Snapshot) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Snapshot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Data != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Metadata.Size()))
-	n2, err := m.Metadata.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintRaft(dAtA, i, uint64(size))
 	}
-	i += n2
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+	i--
+	dAtA[i] = 0x12
+	if m.Data != nil {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintRaft(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Message) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -422,78 +715,89 @@ func (m *Message) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Message) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Message) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0x8
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Type))
-	dAtA[i] = 0x10
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.To))
-	dAtA[i] = 0x18
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.From))
-	dAtA[i] = 0x20
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Term))
-	dAtA[i] = 0x28
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.LogTerm))
-	dAtA[i] = 0x30
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Index))
-	if len(m.Entries) > 0 {
-		for _, msg := range m.Entries {
-			dAtA[i] = 0x3a
-			i++
-			i = encodeVarintRaft(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	dAtA[i] = 0x40
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Commit))
-	dAtA[i] = 0x4a
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Snapshot.Size()))
-	n3, err := m.Snapshot.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Context != nil {
+		i -= len(m.Context)
+		copy(dAtA[i:], m.Context)
+		i = encodeVarintRaft(dAtA, i, uint64(len(m.Context)))
+		i--
+		dAtA[i] = 0x62
 	}
-	i += n3
-	dAtA[i] = 0x50
-	i++
+	i = encodeVarintRaft(dAtA, i, uint64(m.RejectHint))
+	i--
+	dAtA[i] = 0x58
+	i--
 	if m.Reject {
 		dAtA[i] = 1
 	} else {
 		dAtA[i] = 0
 	}
-	i++
-	dAtA[i] = 0x58
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.RejectHint))
-	if m.Context != nil {
-		dAtA[i] = 0x62
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(len(m.Context)))
-		i += copy(dAtA[i:], m.Context)
+	i--
+	dAtA[i] = 0x50
+	{
+		size, err := m.Snapshot.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintRaft(dAtA, i, uint64(size))
 	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+	i--
+	dAtA[i] = 0x4a
+	i = encodeVarintRaft(dAtA, i, uint64(m.Commit))
+	i--
+	dAtA[i] = 0x40
+	if len(m.Entries) > 0 {
+		for iNdEx := len(m.Entries) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Entries[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintRaft(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
+		}
 	}
-	return i, nil
+	i = encodeVarintRaft(dAtA, i, uint64(m.Index))
+	i--
+	dAtA[i] = 0x30
+	i = encodeVarintRaft(dAtA, i, uint64(m.LogTerm))
+	i--
+	dAtA[i] = 0x28
+	i = encodeVarintRaft(dAtA, i, uint64(m.Term))
+	i--
+	dAtA[i] = 0x20
+	i = encodeVarintRaft(dAtA, i, uint64(m.From))
+	i--
+	dAtA[i] = 0x18
+	i = encodeVarintRaft(dAtA, i, uint64(m.To))
+	i--
+	dAtA[i] = 0x10
+	i = encodeVarintRaft(dAtA, i, uint64(m.Type))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
 func (m *HardState) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -501,29 +805,35 @@ func (m *HardState) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *HardState) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HardState) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0x8
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Term))
-	dAtA[i] = 0x10
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Vote))
-	dAtA[i] = 0x18
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Commit))
 	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	return i, nil
+	i = encodeVarintRaft(dAtA, i, uint64(m.Commit))
+	i--
+	dAtA[i] = 0x18
+	i = encodeVarintRaft(dAtA, i, uint64(m.Vote))
+	i--
+	dAtA[i] = 0x10
+	i = encodeVarintRaft(dAtA, i, uint64(m.Term))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
 func (m *ConfState) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -531,34 +841,40 @@ func (m *ConfState) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ConfState) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ConfState) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Nodes) > 0 {
-		for _, num := range m.Nodes {
-			dAtA[i] = 0x8
-			i++
-			i = encodeVarintRaft(dAtA, i, uint64(num))
-		}
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Learners) > 0 {
-		for _, num := range m.Learners {
+		for iNdEx := len(m.Learners) - 1; iNdEx >= 0; iNdEx-- {
+			i = encodeVarintRaft(dAtA, i, uint64(m.Learners[iNdEx]))
+			i--
 			dAtA[i] = 0x10
-			i++
-			i = encodeVarintRaft(dAtA, i, uint64(num))
 		}
 	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+	if len(m.Nodes) > 0 {
+		for iNdEx := len(m.Nodes) - 1; iNdEx >= 0; iNdEx-- {
+			i = encodeVarintRaft(dAtA, i, uint64(m.Nodes[iNdEx]))
+			i--
+			dAtA[i] = 0x8
+		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ConfChange) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -566,41 +882,53 @@ func (m *ConfChange) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ConfChange) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ConfChange) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0x8
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.ID))
-	dAtA[i] = 0x10
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Type))
-	dAtA[i] = 0x18
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.NodeID))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Context != nil {
-		dAtA[i] = 0x22
-		i++
+		i -= len(m.Context)
+		copy(dAtA[i:], m.Context)
 		i = encodeVarintRaft(dAtA, i, uint64(len(m.Context)))
-		i += copy(dAtA[i:], m.Context)
-	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+		i--
+		dAtA[i] = 0x22
 	}
-	return i, nil
+	i = encodeVarintRaft(dAtA, i, uint64(m.NodeID))
+	i--
+	dAtA[i] = 0x18
+	i = encodeVarintRaft(dAtA, i, uint64(m.Type))
+	i--
+	dAtA[i] = 0x10
+	i = encodeVarintRaft(dAtA, i, uint64(m.ID))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintRaft(dAtA []byte, offset int, v uint64) int {
+	offset -= sovRaft(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Entry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovRaft(uint64(m.Type))
@@ -617,6 +945,9 @@ func (m *Entry) Size() (n int) {
 }
 
 func (m *SnapshotMetadata) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.ConfState.Size()
@@ -630,6 +961,9 @@ func (m *SnapshotMetadata) Size() (n int) {
 }
 
 func (m *Snapshot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Data != nil {
@@ -645,6 +979,9 @@ func (m *Snapshot) Size() (n int) {
 }
 
 func (m *Message) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovRaft(uint64(m.Type))
@@ -675,6 +1012,9 @@ func (m *Message) Size() (n int) {
 }
 
 func (m *HardState) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovRaft(uint64(m.Term))
@@ -687,6 +1027,9 @@ func (m *HardState) Size() (n int) {
 }
 
 func (m *ConfState) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Nodes) > 0 {
@@ -706,6 +1049,9 @@ func (m *ConfState) Size() (n int) {
 }
 
 func (m *ConfChange) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovRaft(uint64(m.ID))
@@ -722,14 +1068,7 @@ func (m *ConfChange) Size() (n int) {
 }
 
 func sovRaft(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozRaft(x uint64) (n int) {
 	return sovRaft(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -749,7 +1088,7 @@ func (m *Entry) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -777,7 +1116,7 @@ func (m *Entry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Type |= (EntryType(b) & 0x7F) << shift
+				m.Type |= EntryType(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -796,7 +1135,7 @@ func (m *Entry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Term |= (uint64(b) & 0x7F) << shift
+				m.Term |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -815,7 +1154,7 @@ func (m *Entry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Index |= (uint64(b) & 0x7F) << shift
+				m.Index |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -834,7 +1173,7 @@ func (m *Entry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -843,6 +1182,9 @@ func (m *Entry) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -860,6 +1202,9 @@ func (m *Entry) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRaft
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -888,7 +1233,7 @@ func (m *SnapshotMetadata) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -916,7 +1261,7 @@ func (m *SnapshotMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -925,6 +1270,9 @@ func (m *SnapshotMetadata) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -946,7 +1294,7 @@ func (m *SnapshotMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Index |= (uint64(b) & 0x7F) << shift
+				m.Index |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -965,7 +1313,7 @@ func (m *SnapshotMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Term |= (uint64(b) & 0x7F) << shift
+				m.Term |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -979,6 +1327,9 @@ func (m *SnapshotMetadata) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRaft
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1007,7 +1358,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1035,7 +1386,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1044,6 +1395,9 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1066,7 +1420,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1075,6 +1429,9 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1091,6 +1448,9 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRaft
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1119,7 +1479,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1147,7 +1507,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Type |= (MessageType(b) & 0x7F) << shift
+				m.Type |= MessageType(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1166,7 +1526,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.To |= (uint64(b) & 0x7F) << shift
+				m.To |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1185,7 +1545,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.From |= (uint64(b) & 0x7F) << shift
+				m.From |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1204,7 +1564,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Term |= (uint64(b) & 0x7F) << shift
+				m.Term |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1223,7 +1583,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.LogTerm |= (uint64(b) & 0x7F) << shift
+				m.LogTerm |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1242,7 +1602,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Index |= (uint64(b) & 0x7F) << shift
+				m.Index |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1261,7 +1621,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1270,6 +1630,9 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1292,7 +1655,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Commit |= (uint64(b) & 0x7F) << shift
+				m.Commit |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1311,7 +1674,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1320,6 +1683,9 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1341,7 +1707,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1361,7 +1727,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.RejectHint |= (uint64(b) & 0x7F) << shift
+				m.RejectHint |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1380,7 +1746,7 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1389,6 +1755,9 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1406,6 +1775,9 @@ func (m *Message) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRaft
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1434,7 +1806,7 @@ func (m *HardState) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1462,7 +1834,7 @@ func (m *HardState) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Term |= (uint64(b) & 0x7F) << shift
+				m.Term |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1481,7 +1853,7 @@ func (m *HardState) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Vote |= (uint64(b) & 0x7F) << shift
+				m.Vote |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1500,7 +1872,7 @@ func (m *HardState) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Commit |= (uint64(b) & 0x7F) << shift
+				m.Commit |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1514,6 +1886,9 @@ func (m *HardState) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRaft
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1542,7 +1917,7 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1568,7 +1943,7 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					v |= (uint64(b) & 0x7F) << shift
+					v |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1585,7 +1960,7 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
+					packedLen |= int(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1594,9 +1969,23 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 					return ErrInvalidLengthRaft
 				}
 				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthRaft
+				}
 				if postIndex > l {
 					return io.ErrUnexpectedEOF
 				}
+				var elementCount int
+				var count int
+				for _, integer := range dAtA[iNdEx:postIndex] {
+					if integer < 128 {
+						count++
+					}
+				}
+				elementCount = count
+				if elementCount != 0 && len(m.Nodes) == 0 {
+					m.Nodes = make([]uint64, 0, elementCount)
+				}
 				for iNdEx < postIndex {
 					var v uint64
 					for shift := uint(0); ; shift += 7 {
@@ -1608,7 +1997,7 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						v |= (uint64(b) & 0x7F) << shift
+						v |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1630,7 +2019,7 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					v |= (uint64(b) & 0x7F) << shift
+					v |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1647,7 +2036,7 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
+					packedLen |= int(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1656,9 +2045,23 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 					return ErrInvalidLengthRaft
 				}
 				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthRaft
+				}
 				if postIndex > l {
 					return io.ErrUnexpectedEOF
 				}
+				var elementCount int
+				var count int
+				for _, integer := range dAtA[iNdEx:postIndex] {
+					if integer < 128 {
+						count++
+					}
+				}
+				elementCount = count
+				if elementCount != 0 && len(m.Learners) == 0 {
+					m.Learners = make([]uint64, 0, elementCount)
+				}
 				for iNdEx < postIndex {
 					var v uint64
 					for shift := uint(0); ; shift += 7 {
@@ -1670,7 +2073,7 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						v |= (uint64(b) & 0x7F) << shift
+						v |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1689,6 +2092,9 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRaft
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1717,7 +2123,7 @@ func (m *ConfChange) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1745,7 +2151,7 @@ func (m *ConfChange) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ID |= (uint64(b) & 0x7F) << shift
+				m.ID |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1764,7 +2170,7 @@ func (m *ConfChange) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Type |= (ConfChangeType(b) & 0x7F) << shift
+				m.Type |= ConfChangeType(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1783,7 +2189,7 @@ func (m *ConfChange) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.NodeID |= (uint64(b) & 0x7F) << shift
+				m.NodeID |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1802,7 +2208,7 @@ func (m *ConfChange) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1811,6 +2217,9 @@ func (m *ConfChange) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1828,6 +2237,9 @@ func (m *ConfChange) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRaft
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1895,10 +2307,13 @@ func skipRaft(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthRaft
 			}
+			iNdEx += length
+			if iNdEx < 0 {
+				return 0, ErrInvalidLengthRaft
+			}
 			return iNdEx, nil
 		case 3:
 			for {
@@ -1927,6 +2342,9 @@ func skipRaft(dAtA []byte) (n int, err error) {
 					return 0, err
 				}
 				iNdEx = start + next
+				if iNdEx < 0 {
+					return 0, ErrInvalidLengthRaft
+				}
 			}
 			return iNdEx, nil
 		case 4:
@@ -1945,60 +2363,3 @@ var (
 	ErrInvalidLengthRaft = fmt.Errorf("proto: negative length found during unmarshaling")
 	ErrIntOverflowRaft   = fmt.Errorf("proto: integer overflow")
 )
-
-func init() { proto.RegisterFile("raft.proto", fileDescriptorRaft) }
-
-var fileDescriptorRaft = []byte{
-	// 815 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x54, 0xcd, 0x6e, 0x23, 0x45,
-	0x10, 0xf6, 0x8c, 0xc7, 0x7f, 0x35, 0x8e, 0xd3, 0xa9, 0x35, 0xa8, 0x15, 0x45, 0xc6, 0xb2, 0x38,
-	0x58, 0x41, 0x1b, 0x20, 0x07, 0x0e, 0x48, 0x1c, 0x36, 0x09, 0x52, 0x22, 0xad, 0xa3, 0xc5, 0x9b,
-	0xe5, 0x80, 0x84, 0x50, 0xc7, 0x53, 0x9e, 0x18, 0x32, 0xd3, 0xa3, 0x9e, 0xf6, 0xb2, 0xb9, 0x20,
-	0x1e, 0x80, 0x07, 0xe0, 0xc2, 0xfb, 0xe4, 0xb8, 0x12, 0x77, 0xc4, 0x86, 0x17, 0x41, 0xdd, 0xd3,
-	0x63, 0xcf, 0x24, 0xb7, 0xae, 0xef, 0xab, 0xae, 0xfa, 0xea, 0xeb, 0x9a, 0x01, 0x50, 0x62, 0xa9,
-	0x8f, 0x32, 0x25, 0xb5, 0xc4, 0xb6, 0x39, 0x67, 0xd7, 0xfb, 0xc3, 0x58, 0xc6, 0xd2, 0x42, 0x9f,
-	0x9b, 0x53, 0xc1, 0x4e, 0x7e, 0x83, 0xd6, 0xb7, 0xa9, 0x56, 0x77, 0xf8, 0x19, 0x04, 0x57, 0x77,
-	0x19, 0x71, 0x6f, 0xec, 0x4d, 0x07, 0xc7, 0x7b, 0x47, 0xc5, 0xad, 0x23, 0x4b, 0x1a, 0xe2, 0x24,
-	0xb8, 0xff, 0xe7, 0x93, 0xc6, 0xdc, 0x26, 0x21, 0x87, 0xe0, 0x8a, 0x54, 0xc2, 0xfd, 0xb1, 0x37,
-	0x0d, 0x36, 0x0c, 0xa9, 0x04, 0xf7, 0xa1, 0x75, 0x91, 0x46, 0xf4, 0x8e, 0x37, 0x2b, 0x54, 0x01,
-	0x21, 0x42, 0x70, 0x26, 0xb4, 0xe0, 0xc1, 0xd8, 0x9b, 0xf6, 0xe7, 0xf6, 0x3c, 0xf9, 0xdd, 0x03,
-	0xf6, 0x3a, 0x15, 0x59, 0x7e, 0x23, 0xf5, 0x8c, 0xb4, 0x88, 0x84, 0x16, 0xf8, 0x15, 0xc0, 0x42,
-	0xa6, 0xcb, 0x9f, 0x72, 0x2d, 0x74, 0xa1, 0x28, 0xdc, 0x2a, 0x3a, 0x95, 0xe9, 0xf2, 0xb5, 0x21,
-	0x5c, 0xf1, 0xde, 0xa2, 0x04, 0x4c, 0xf3, 0x95, 0x6d, 0x5e, 0xd5, 0x55, 0x40, 0x46, 0xb2, 0x36,
-	0x92, 0xab, 0xba, 0x2c, 0x32, 0xf9, 0x01, 0xba, 0xa5, 0x02, 0x23, 0xd1, 0x28, 0xb0, 0x3d, 0xfb,
-	0x73, 0x7b, 0xc6, 0xaf, 0xa1, 0x9b, 0x38, 0x65, 0xb6, 0x70, 0x78, 0xcc, 0x4b, 0x2d, 0x8f, 0x95,
-	0xbb, 0xba, 0x9b, 0xfc, 0xc9, 0x5f, 0x4d, 0xe8, 0xcc, 0x28, 0xcf, 0x45, 0x4c, 0xf8, 0x1c, 0x02,
-	0xbd, 0x75, 0xf8, 0x59, 0x59, 0xc3, 0xd1, 0x55, 0x8f, 0x4d, 0x1a, 0x0e, 0xc1, 0xd7, 0xb2, 0x36,
-	0x89, 0xaf, 0xa5, 0x19, 0x63, 0xa9, 0xe4, 0xa3, 0x31, 0x0c, 0xb2, 0x19, 0x30, 0x78, 0x3c, 0x20,
-	0x8e, 0xa0, 0x73, 0x2b, 0x63, 0xfb, 0x60, 0xad, 0x0a, 0x59, 0x82, 0x5b, 0xdb, 0xda, 0x4f, 0x6d,
-	0x7b, 0x0e, 0x1d, 0x4a, 0xb5, 0x5a, 0x51, 0xce, 0x3b, 0xe3, 0xe6, 0x34, 0x3c, 0xde, 0xa9, 0x6d,
-	0x46, 0x59, 0xca, 0xe5, 0xe0, 0x01, 0xb4, 0x17, 0x32, 0x49, 0x56, 0x9a, 0x77, 0x2b, 0xb5, 0x1c,
-	0x86, 0xc7, 0xd0, 0xcd, 0x9d, 0x63, 0xbc, 0x67, 0x9d, 0x64, 0x8f, 0x9d, 0x2c, 0x1d, 0x2c, 0xf3,
-	0x4c, 0x45, 0x45, 0x3f, 0xd3, 0x42, 0x73, 0x18, 0x7b, 0xd3, 0x6e, 0x59, 0xb1, 0xc0, 0xf0, 0x53,
-	0x80, 0xe2, 0x74, 0xbe, 0x4a, 0x35, 0x0f, 0x2b, 0x3d, 0x2b, 0x38, 0x72, 0xe8, 0x2c, 0x64, 0xaa,
-	0xe9, 0x9d, 0xe6, 0x7d, 0xfb, 0xb0, 0x65, 0x38, 0xf9, 0x11, 0x7a, 0xe7, 0x42, 0x45, 0xc5, 0xfa,
-	0x94, 0x0e, 0x7a, 0x4f, 0x1c, 0xe4, 0x10, 0xbc, 0x95, 0x9a, 0xea, 0xfb, 0x6e, 0x90, 0xca, 0xc0,
-	0xcd, 0xa7, 0x03, 0x4f, 0xbe, 0x81, 0xde, 0x66, 0x5d, 0x71, 0x08, 0xad, 0x54, 0x46, 0x94, 0x73,
-	0x6f, 0xdc, 0x9c, 0x06, 0xf3, 0x22, 0xc0, 0x7d, 0xe8, 0xde, 0x92, 0x50, 0x29, 0xa9, 0x9c, 0xfb,
-	0x96, 0xd8, 0xc4, 0x93, 0x3f, 0x3c, 0x00, 0x73, 0xff, 0xf4, 0x46, 0xa4, 0xb1, 0xdd, 0x88, 0x8b,
-	0xb3, 0x9a, 0x3a, 0xff, 0xe2, 0x0c, 0xbf, 0x70, 0x1f, 0xae, 0x6f, 0xd7, 0xea, 0xe3, 0xea, 0x67,
-	0x52, 0xdc, 0x7b, 0xf2, 0xf5, 0x1e, 0x40, 0xfb, 0x52, 0x46, 0x74, 0x71, 0x56, 0xd7, 0x5c, 0x60,
-	0xc6, 0xac, 0x53, 0x67, 0x56, 0xf1, 0xa1, 0x96, 0xe1, 0xe1, 0x97, 0xd0, 0xdb, 0xfc, 0x0e, 0x70,
-	0x17, 0x42, 0x1b, 0x5c, 0x4a, 0x95, 0x88, 0x5b, 0xd6, 0xc0, 0x67, 0xb0, 0x6b, 0x81, 0x6d, 0x63,
-	0xe6, 0x1d, 0xfe, 0xed, 0x43, 0x58, 0x59, 0x70, 0x04, 0x68, 0xcf, 0xf2, 0xf8, 0x7c, 0x9d, 0xb1,
-	0x06, 0x86, 0xd0, 0x99, 0xe5, 0xf1, 0x09, 0x09, 0xcd, 0x3c, 0x17, 0xbc, 0x52, 0x32, 0x63, 0xbe,
-	0xcb, 0x7a, 0x91, 0x65, 0xac, 0x89, 0x03, 0x80, 0xe2, 0x3c, 0xa7, 0x3c, 0x63, 0x81, 0x4b, 0xfc,
-	0x5e, 0x6a, 0x62, 0x2d, 0x23, 0xc2, 0x05, 0x96, 0x6d, 0x3b, 0xd6, 0x2c, 0x13, 0xeb, 0x20, 0x83,
-	0xbe, 0x69, 0x46, 0x42, 0xe9, 0x6b, 0xd3, 0xa5, 0x8b, 0x43, 0x60, 0x55, 0xc4, 0x5e, 0xea, 0x21,
-	0xc2, 0x60, 0x96, 0xc7, 0x6f, 0x52, 0x45, 0x62, 0x71, 0x23, 0xae, 0x6f, 0x89, 0x01, 0xee, 0xc1,
-	0x8e, 0x2b, 0x64, 0x1e, 0x6f, 0x9d, 0xb3, 0xd0, 0xa5, 0x9d, 0xde, 0xd0, 0xe2, 0x97, 0xef, 0xd6,
-	0x52, 0xad, 0x13, 0xd6, 0xc7, 0x8f, 0x60, 0x6f, 0x96, 0xc7, 0x57, 0x4a, 0xa4, 0xf9, 0x92, 0xd4,
-	0x4b, 0x12, 0x11, 0x29, 0xb6, 0xe3, 0x6e, 0x5f, 0xad, 0x12, 0x92, 0x6b, 0x7d, 0x29, 0x7f, 0x65,
-	0x03, 0x27, 0x66, 0x4e, 0x22, 0xb2, 0x3f, 0x43, 0xb6, 0xeb, 0xc4, 0x6c, 0x10, 0x2b, 0x86, 0xb9,
-	0x79, 0x5f, 0x29, 0xb2, 0x23, 0xee, 0xb9, 0xae, 0x2e, 0xb6, 0x39, 0x78, 0x78, 0x07, 0x83, 0xfa,
-	0xf3, 0x1a, 0x1d, 0x5b, 0xe4, 0x45, 0x14, 0x99, 0xb7, 0x64, 0x0d, 0xe4, 0x30, 0xdc, 0xc2, 0x73,
-	0x4a, 0xe4, 0x5b, 0xb2, 0x8c, 0x57, 0x67, 0xde, 0x64, 0x91, 0xd0, 0x05, 0xe3, 0xe3, 0x01, 0xf0,
-	0x5a, 0xa9, 0x97, 0xc5, 0x36, 0x5a, 0xb6, 0x79, 0xc2, 0xef, 0x3f, 0x8c, 0x1a, 0xef, 0x3f, 0x8c,
-	0x1a, 0xf7, 0x0f, 0x23, 0xef, 0xfd, 0xc3, 0xc8, 0xfb, 0xf7, 0x61, 0xe4, 0xfd, 0xf9, 0xdf, 0xa8,
-	0xf1, 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x86, 0x52, 0x5b, 0xe0, 0x74, 0x06, 0x00, 0x00,
-}
diff --git a/vendor/github.com/coreos/etcd/snap/db.go b/vendor/github.com/coreos/etcd/snap/db.go
index 01d897ae86116..dcbd3bd6710ca 100644
--- a/vendor/github.com/coreos/etcd/snap/db.go
+++ b/vendor/github.com/coreos/etcd/snap/db.go
@@ -21,6 +21,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"time"
 
 	"github.com/coreos/etcd/pkg/fileutil"
 )
@@ -30,6 +31,8 @@ var ErrNoDBSnapshot = errors.New("snap: snapshot file doesn't exist")
 // SaveDBFrom saves snapshot of the database from the given reader. It
 // guarantees the save operation is atomic.
 func (s *Snapshotter) SaveDBFrom(r io.Reader, id uint64) (int64, error) {
+	start := time.Now()
+
 	f, err := ioutil.TempFile(s.dir, "tmp")
 	if err != nil {
 		return 0, err
@@ -37,7 +40,9 @@ func (s *Snapshotter) SaveDBFrom(r io.Reader, id uint64) (int64, error) {
 	var n int64
 	n, err = io.Copy(f, r)
 	if err == nil {
+		fsyncStart := time.Now()
 		err = fileutil.Fsync(f)
+		snapDBFsyncSec.Observe(time.Since(fsyncStart).Seconds())
 	}
 	f.Close()
 	if err != nil {
@@ -57,6 +62,7 @@ func (s *Snapshotter) SaveDBFrom(r io.Reader, id uint64) (int64, error) {
 
 	plog.Infof("saved database snapshot to disk [total bytes: %d]", n)
 
+	snapDBSaveSec.Observe(time.Since(start).Seconds())
 	return n, nil
 }
 
diff --git a/vendor/github.com/coreos/etcd/snap/metrics.go b/vendor/github.com/coreos/etcd/snap/metrics.go
index 433ef09d4ba81..0d3b7e63e5e85 100644
--- a/vendor/github.com/coreos/etcd/snap/metrics.go
+++ b/vendor/github.com/coreos/etcd/snap/metrics.go
@@ -33,9 +33,33 @@ var (
 		Help:      "The marshalling cost distributions of save called by snapshot.",
 		Buckets:   prometheus.ExponentialBuckets(0.001, 2, 14),
 	})
+
+	snapDBSaveSec = prometheus.NewHistogram(prometheus.HistogramOpts{
+		Namespace: "etcd",
+		Subsystem: "snap_db",
+		Name:      "save_total_duration_seconds",
+		Help:      "The total latency distributions of v3 snapshot save",
+
+		// lowest bucket start of upper bound 0.1 sec (100 ms) with factor 2
+		// highest bucket start of 0.1 sec * 2^9 == 51.2 sec
+		Buckets: prometheus.ExponentialBuckets(0.1, 2, 10),
+	})
+
+	snapDBFsyncSec = prometheus.NewHistogram(prometheus.HistogramOpts{
+		Namespace: "etcd",
+		Subsystem: "snap_db",
+		Name:      "fsync_duration_seconds",
+		Help:      "The latency distributions of fsyncing .snap.db file",
+
+		// lowest bucket start of upper bound 0.001 sec (1 ms) with factor 2
+		// highest bucket start of 0.001 sec * 2^13 == 8.192 sec
+		Buckets: prometheus.ExponentialBuckets(0.001, 2, 14),
+	})
 )
 
 func init() {
 	prometheus.MustRegister(saveDurations)
 	prometheus.MustRegister(marshallingDurations)
+	prometheus.MustRegister(snapDBSaveSec)
+	prometheus.MustRegister(snapDBFsyncSec)
 }
diff --git a/vendor/github.com/coreos/etcd/snap/snappb/snap.pb.go b/vendor/github.com/coreos/etcd/snap/snappb/snap.pb.go
index e72b577f5b8d7..46897b45e16c2 100644
--- a/vendor/github.com/coreos/etcd/snap/snappb/snap.pb.go
+++ b/vendor/github.com/coreos/etcd/snap/snappb/snap.pb.go
@@ -1,27 +1,16 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: snap.proto
 
-/*
-	Package snappb is a generated protocol buffer package.
-
-	It is generated from these files:
-		snap.proto
-
-	It has these top-level messages:
-		Snapshot
-*/
 package snappb
 
 import (
-	"fmt"
-
-	proto "github.com/golang/protobuf/proto"
-
+	fmt "fmt"
+	io "io"
 	math "math"
+	math_bits "math/bits"
 
 	_ "github.com/gogo/protobuf/gogoproto"
-
-	io "io"
+	proto "github.com/golang/protobuf/proto"
 )
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -36,23 +25,68 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
 
 type Snapshot struct {
-	Crc              uint32 `protobuf:"varint,1,opt,name=crc" json:"crc"`
-	Data             []byte `protobuf:"bytes,2,opt,name=data" json:"data,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
+	Crc                  uint32   `protobuf:"varint,1,opt,name=crc" json:"crc"`
+	Data                 []byte   `protobuf:"bytes,2,opt,name=data" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Snapshot) Reset()         { *m = Snapshot{} }
+func (m *Snapshot) String() string { return proto.CompactTextString(m) }
+func (*Snapshot) ProtoMessage()    {}
+func (*Snapshot) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f2e3c045ebf84d00, []int{0}
+}
+func (m *Snapshot) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Snapshot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Snapshot.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Snapshot) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Snapshot.Merge(m, src)
+}
+func (m *Snapshot) XXX_Size() int {
+	return m.Size()
+}
+func (m *Snapshot) XXX_DiscardUnknown() {
+	xxx_messageInfo_Snapshot.DiscardUnknown(m)
 }
 
-func (m *Snapshot) Reset()                    { *m = Snapshot{} }
-func (m *Snapshot) String() string            { return proto.CompactTextString(m) }
-func (*Snapshot) ProtoMessage()               {}
-func (*Snapshot) Descriptor() ([]byte, []int) { return fileDescriptorSnap, []int{0} }
+var xxx_messageInfo_Snapshot proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Snapshot)(nil), "snappb.snapshot")
 }
+
+func init() { proto.RegisterFile("snap.proto", fileDescriptor_f2e3c045ebf84d00) }
+
+var fileDescriptor_f2e3c045ebf84d00 = []byte{
+	// 126 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2a, 0xce, 0x4b, 0x2c,
+	0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x03, 0xb1, 0x0b, 0x92, 0xa4, 0x44, 0xd2, 0xf3,
+	0xd3, 0xf3, 0xc1, 0x42, 0xfa, 0x20, 0x16, 0x44, 0x56, 0xc9, 0x8c, 0x8b, 0x03, 0x24, 0x5f, 0x9c,
+	0x91, 0x5f, 0x22, 0x24, 0xc6, 0xc5, 0x9c, 0x5c, 0x94, 0x2c, 0xc1, 0xa8, 0xc0, 0xa8, 0xc1, 0xeb,
+	0xc4, 0x72, 0xe2, 0x9e, 0x3c, 0x43, 0x10, 0x48, 0x40, 0x48, 0x88, 0x8b, 0x25, 0x25, 0xb1, 0x24,
+	0x51, 0x82, 0x49, 0x81, 0x51, 0x83, 0x27, 0x08, 0xcc, 0x76, 0x12, 0x39, 0xf1, 0x50, 0x8e, 0xe1,
+	0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x1f, 0x3c, 0x92, 0x63, 0x9c, 0xf1, 0x58, 0x8e,
+	0x01, 0x10, 0x00, 0x00, 0xff, 0xff, 0xd8, 0x0f, 0x32, 0xb2, 0x78, 0x00, 0x00, 0x00,
+}
+
 func (m *Snapshot) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -60,35 +94,47 @@ func (m *Snapshot) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Snapshot) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Snapshot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0x8
-	i++
-	i = encodeVarintSnap(dAtA, i, uint64(m.Crc))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Data != nil {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintSnap(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
-	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	i = encodeVarintSnap(dAtA, i, uint64(m.Crc))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintSnap(dAtA []byte, offset int, v uint64) int {
+	offset -= sovSnap(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Snapshot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovSnap(uint64(m.Crc))
@@ -103,14 +149,7 @@ func (m *Snapshot) Size() (n int) {
 }
 
 func sovSnap(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozSnap(x uint64) (n int) {
 	return sovSnap(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -130,7 +169,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -158,7 +197,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Crc |= (uint32(b) & 0x7F) << shift
+				m.Crc |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -177,7 +216,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -186,6 +225,9 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnap
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnap
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -203,6 +245,9 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthSnap
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthSnap
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -270,10 +315,13 @@ func skipSnap(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthSnap
 			}
+			iNdEx += length
+			if iNdEx < 0 {
+				return 0, ErrInvalidLengthSnap
+			}
 			return iNdEx, nil
 		case 3:
 			for {
@@ -302,6 +350,9 @@ func skipSnap(dAtA []byte) (n int, err error) {
 					return 0, err
 				}
 				iNdEx = start + next
+				if iNdEx < 0 {
+					return 0, ErrInvalidLengthSnap
+				}
 			}
 			return iNdEx, nil
 		case 4:
@@ -320,17 +371,3 @@ var (
 	ErrInvalidLengthSnap = fmt.Errorf("proto: negative length found during unmarshaling")
 	ErrIntOverflowSnap   = fmt.Errorf("proto: integer overflow")
 )
-
-func init() { proto.RegisterFile("snap.proto", fileDescriptorSnap) }
-
-var fileDescriptorSnap = []byte{
-	// 126 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2a, 0xce, 0x4b, 0x2c,
-	0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x03, 0xb1, 0x0b, 0x92, 0xa4, 0x44, 0xd2, 0xf3,
-	0xd3, 0xf3, 0xc1, 0x42, 0xfa, 0x20, 0x16, 0x44, 0x56, 0xc9, 0x8c, 0x8b, 0x03, 0x24, 0x5f, 0x9c,
-	0x91, 0x5f, 0x22, 0x24, 0xc6, 0xc5, 0x9c, 0x5c, 0x94, 0x2c, 0xc1, 0xa8, 0xc0, 0xa8, 0xc1, 0xeb,
-	0xc4, 0x72, 0xe2, 0x9e, 0x3c, 0x43, 0x10, 0x48, 0x40, 0x48, 0x88, 0x8b, 0x25, 0x25, 0xb1, 0x24,
-	0x51, 0x82, 0x49, 0x81, 0x51, 0x83, 0x27, 0x08, 0xcc, 0x76, 0x12, 0x39, 0xf1, 0x50, 0x8e, 0xe1,
-	0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x1f, 0x3c, 0x92, 0x63, 0x9c, 0xf1, 0x58, 0x8e,
-	0x01, 0x10, 0x00, 0x00, 0xff, 0xff, 0xd8, 0x0f, 0x32, 0xb2, 0x78, 0x00, 0x00, 0x00,
-}
diff --git a/vendor/github.com/coreos/etcd/snap/snapshotter.go b/vendor/github.com/coreos/etcd/snap/snapshotter.go
index 0075559212954..1d73a1c2a2717 100644
--- a/vendor/github.com/coreos/etcd/snap/snapshotter.go
+++ b/vendor/github.com/coreos/etcd/snap/snapshotter.go
@@ -23,6 +23,7 @@ import (
 	"os"
 	"path/filepath"
 	"sort"
+	"strconv"
 	"strings"
 	"time"
 
@@ -31,7 +32,7 @@ import (
 	"github.com/coreos/etcd/raft"
 	"github.com/coreos/etcd/raft/raftpb"
 	"github.com/coreos/etcd/snap/snappb"
-
+	"github.com/coreos/etcd/wal/walpb"
 	"github.com/coreos/pkg/capnslog"
 )
 
@@ -80,9 +81,8 @@ func (s *Snapshotter) save(snapshot *raftpb.Snapshot) error {
 	d, err := snap.Marshal()
 	if err != nil {
 		return err
-	} else {
-		marshallingDurations.Observe(float64(time.Since(start)) / float64(time.Second))
 	}
+	marshallingDurations.Observe(float64(time.Since(start)) / float64(time.Second))
 
 	err = pioutil.WriteAndSyncFile(filepath.Join(s.dir, fname), d, 0666)
 	if err == nil {
@@ -97,20 +97,35 @@ func (s *Snapshotter) save(snapshot *raftpb.Snapshot) error {
 }
 
 func (s *Snapshotter) Load() (*raftpb.Snapshot, error) {
+	return s.loadMatching(func(*raftpb.Snapshot) bool { return true })
+}
+
+// LoadNewestAvailable loads the newest snapshot available that is in walSnaps.
+func (s *Snapshotter) LoadNewestAvailable(walSnaps []walpb.Snapshot) (*raftpb.Snapshot, error) {
+	return s.loadMatching(func(snapshot *raftpb.Snapshot) bool {
+		m := snapshot.Metadata
+		for i := len(walSnaps) - 1; i >= 0; i-- {
+			if m.Term == walSnaps[i].Term && m.Index == walSnaps[i].Index {
+				return true
+			}
+		}
+		return false
+	})
+}
+
+// loadMatching returns the newest snapshot where matchFn returns true.
+func (s *Snapshotter) loadMatching(matchFn func(*raftpb.Snapshot) bool) (*raftpb.Snapshot, error) {
 	names, err := s.snapNames()
 	if err != nil {
 		return nil, err
 	}
 	var snap *raftpb.Snapshot
 	for _, name := range names {
-		if snap, err = loadSnap(s.dir, name); err == nil {
-			break
+		if snap, err = loadSnap(s.dir, name); err == nil && matchFn(snap) {
+			return snap, nil
 		}
 	}
-	if err != nil {
-		return nil, ErrNoSnapshot
-	}
-	return snap, nil
+	return nil, ErrNoSnapshot
 }
 
 func loadSnap(dir, name string) (*raftpb.Snapshot, error) {
@@ -172,6 +187,10 @@ func (s *Snapshotter) snapNames() ([]string, error) {
 	if err != nil {
 		return nil, err
 	}
+	names, err = s.cleanupSnapdir(names)
+	if err != nil {
+		return nil, err
+	}
 	snaps := checkSuffix(names)
 	if len(snaps) == 0 {
 		return nil, ErrNoSnapshot
@@ -202,3 +221,48 @@ func renameBroken(path string) {
 		plog.Warningf("cannot rename broken snapshot file %v to %v: %v", path, brokenPath, err)
 	}
 }
+
+// cleanupSnapdir removes any files that should not be in the snapshot directory:
+// - db.tmp prefixed files that can be orphaned by defragmentation
+func (s *Snapshotter) cleanupSnapdir(filenames []string) (names []string, err error) {
+	for _, filename := range filenames {
+		if strings.HasPrefix(filename, "db.tmp") {
+			plog.Infof("found orphaned defragmentation file; deleting: %s", filename)
+			if rmErr := os.Remove(filepath.Join(s.dir, filename)); rmErr != nil && !os.IsNotExist(rmErr) {
+				return nil, fmt.Errorf("failed to remove orphaned defragmentation file %s: %v", filename, rmErr)
+			}
+			continue
+		}
+		names = append(names, filename)
+	}
+	return names, nil
+}
+
+func (s *Snapshotter) ReleaseSnapDBs(snap raftpb.Snapshot) error {
+	dir, err := os.Open(s.dir)
+	if err != nil {
+		return err
+	}
+	defer dir.Close()
+	filenames, err := dir.Readdirnames(-1)
+	if err != nil {
+		return err
+	}
+	for _, filename := range filenames {
+		if strings.HasSuffix(filename, ".snap.db") {
+			hexIndex := strings.TrimSuffix(filepath.Base(filename), ".snap.db")
+			index, err := strconv.ParseUint(hexIndex, 16, 64)
+			if err != nil {
+				plog.Warningf("failed to parse index from filename: %s (%v)", filename, err)
+				continue
+			}
+			if index < snap.Metadata.Index {
+				plog.Infof("found orphaned .snap.db file; deleting %q", filename)
+				if rmErr := os.Remove(filepath.Join(s.dir, filename)); rmErr != nil && !os.IsNotExist(rmErr) {
+					plog.Warningf("failed to remove orphaned .snap.db file: %s (%v)", filename, rmErr)
+				}
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/coreos/etcd/version/version.go b/vendor/github.com/coreos/etcd/version/version.go
index 156e0f11af95f..aa96ffad492fa 100644
--- a/vendor/github.com/coreos/etcd/version/version.go
+++ b/vendor/github.com/coreos/etcd/version/version.go
@@ -26,7 +26,7 @@ import (
 var (
 	// MinClusterVersion is the min cluster version this etcd binary is compatible with.
 	MinClusterVersion = "3.0.0"
-	Version           = "3.3.9"
+	Version           = "3.3.25"
 	APIVersion        = "unknown"
 
 	// Git SHA Value will be set during build
diff --git a/vendor/github.com/coreos/etcd/wal/decoder.go b/vendor/github.com/coreos/etcd/wal/decoder.go
index 6a217f897b01f..f2f0b26fd076f 100644
--- a/vendor/github.com/coreos/etcd/wal/decoder.go
+++ b/vendor/github.com/coreos/etcd/wal/decoder.go
@@ -59,6 +59,11 @@ func (d *decoder) decode(rec *walpb.Record) error {
 	return d.decodeRecord(rec)
 }
 
+// raft max message size is set to 1 MB in etcd server
+// assume projects set reasonable message size limit,
+// thus entry size should never exceed 10 MB
+const maxWALEntrySizeLimit = int64(10 * 1024 * 1024)
+
 func (d *decoder) decodeRecord(rec *walpb.Record) error {
 	if len(d.brs) == 0 {
 		return io.EOF
@@ -79,6 +84,9 @@ func (d *decoder) decodeRecord(rec *walpb.Record) error {
 	}
 
 	recBytes, padBytes := decodeFrameSize(l)
+	if recBytes >= maxWALEntrySizeLimit-padBytes {
+		return ErrMaxWALEntrySizeLimitExceeded
+	}
 
 	data := make([]byte, recBytes+padBytes)
 	if _, err = io.ReadFull(d.brs[0], data); err != nil {
diff --git a/vendor/github.com/coreos/etcd/wal/encoder.go b/vendor/github.com/coreos/etcd/wal/encoder.go
index e8040b8dff138..e8890d88a9b8b 100644
--- a/vendor/github.com/coreos/etcd/wal/encoder.go
+++ b/vendor/github.com/coreos/etcd/wal/encoder.go
@@ -92,7 +92,8 @@ func (e *encoder) encode(rec *walpb.Record) error {
 	if padBytes != 0 {
 		data = append(data, make([]byte, padBytes)...)
 	}
-	_, err = e.bw.Write(data)
+	n, err = e.bw.Write(data)
+	walWriteBytes.Add(float64(n))
 	return err
 }
 
@@ -108,13 +109,16 @@ func encodeFrameSize(dataBytes int) (lenField uint64, padBytes int) {
 
 func (e *encoder) flush() error {
 	e.mu.Lock()
-	defer e.mu.Unlock()
-	return e.bw.Flush()
+	n, err := e.bw.FlushN()
+	e.mu.Unlock()
+	walWriteBytes.Add(float64(n))
+	return err
 }
 
 func writeUint64(w io.Writer, n uint64, buf []byte) error {
 	// http://golang.org/src/encoding/binary/binary.go
 	binary.LittleEndian.PutUint64(buf, n)
-	_, err := w.Write(buf)
+	nv, err := w.Write(buf)
+	walWriteBytes.Add(float64(nv))
 	return err
 }
diff --git a/vendor/github.com/coreos/etcd/wal/metrics.go b/vendor/github.com/coreos/etcd/wal/metrics.go
index 9e089d380f9b0..7261544165ac1 100644
--- a/vendor/github.com/coreos/etcd/wal/metrics.go
+++ b/vendor/github.com/coreos/etcd/wal/metrics.go
@@ -24,8 +24,15 @@ var (
 		Help:      "The latency distributions of fsync called by wal.",
 		Buckets:   prometheus.ExponentialBuckets(0.001, 2, 14),
 	})
+	walWriteBytes = prometheus.NewGauge(prometheus.GaugeOpts{
+		Namespace: "etcd",
+		Subsystem: "disk",
+		Name:      "wal_write_bytes_total",
+		Help:      "Total number of bytes written in WAL.",
+	})
 )
 
 func init() {
 	prometheus.MustRegister(syncDurations)
+	prometheus.MustRegister(walWriteBytes)
 }
diff --git a/vendor/github.com/coreos/etcd/wal/repair.go b/vendor/github.com/coreos/etcd/wal/repair.go
index 091036b57b9ae..f1e507683c3c4 100644
--- a/vendor/github.com/coreos/etcd/wal/repair.go
+++ b/vendor/github.com/coreos/etcd/wal/repair.go
@@ -18,6 +18,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"time"
 
 	"github.com/coreos/etcd/pkg/fileutil"
 	"github.com/coreos/etcd/wal/walpb"
@@ -76,10 +77,14 @@ func Repair(dirpath string) bool {
 				plog.Errorf("could not repair %v, failed to truncate file", f.Name())
 				return false
 			}
+
+			start := time.Now()
 			if err = fileutil.Fsync(f.File); err != nil {
 				plog.Errorf("could not repair %v, failed to sync file", f.Name())
 				return false
 			}
+			syncDurations.Observe(time.Since(start).Seconds())
+
 			return true
 		default:
 			plog.Errorf("could not repair error (%v)", err)
diff --git a/vendor/github.com/coreos/etcd/wal/wal.go b/vendor/github.com/coreos/etcd/wal/wal.go
index 96d01a23af69f..f1ffc4326b652 100644
--- a/vendor/github.com/coreos/etcd/wal/wal.go
+++ b/vendor/github.com/coreos/etcd/wal/wal.go
@@ -55,12 +55,15 @@ var (
 
 	plog = capnslog.NewPackageLogger("github.com/coreos/etcd", "wal")
 
-	ErrMetadataConflict = errors.New("wal: conflicting metadata found")
-	ErrFileNotFound     = errors.New("wal: file not found")
-	ErrCRCMismatch      = errors.New("wal: crc mismatch")
-	ErrSnapshotMismatch = errors.New("wal: snapshot mismatch")
-	ErrSnapshotNotFound = errors.New("wal: snapshot not found")
-	crcTable            = crc32.MakeTable(crc32.Castagnoli)
+	ErrMetadataConflict             = errors.New("wal: conflicting metadata found")
+	ErrFileNotFound                 = errors.New("wal: file not found")
+	ErrCRCMismatch                  = errors.New("wal: crc mismatch")
+	ErrSnapshotMismatch             = errors.New("wal: snapshot mismatch")
+	ErrSnapshotNotFound             = errors.New("wal: snapshot not found")
+	ErrSliceOutOfRange              = errors.New("wal: slice bounds out of range")
+	ErrMaxWALEntrySizeLimitExceeded = errors.New("wal: max entry size limit exceeded")
+	ErrDecoderNotFound              = errors.New("wal: decoder not found")
+	crcTable                        = crc32.MakeTable(crc32.Castagnoli)
 )
 
 // WAL is a logical representation of the stable storage.
@@ -90,7 +93,8 @@ type WAL struct {
 }
 
 // Create creates a WAL ready for appending records. The given metadata is
-// recorded at the head of each WAL file, and can be retrieved with ReadAll.
+// recorded at the head of each WAL file, and can be retrieved with ReadAll
+// after the file is Open.
 func Create(dirpath string, metadata []byte) (*WAL, error) {
 	if Exist(dirpath) {
 		return nil, os.ErrExist
@@ -147,9 +151,13 @@ func Create(dirpath string, metadata []byte) (*WAL, error) {
 	if perr != nil {
 		return nil, perr
 	}
+
+	start := time.Now()
 	if perr = fileutil.Fsync(pdir); perr != nil {
 		return nil, perr
 	}
+	syncDurations.Observe(time.Since(start).Seconds())
+
 	if perr = pdir.Close(); err != nil {
 		return nil, perr
 	}
@@ -223,17 +231,55 @@ func OpenForRead(dirpath string, snap walpb.Snapshot) (*WAL, error) {
 }
 
 func openAtIndex(dirpath string, snap walpb.Snapshot, write bool) (*WAL, error) {
-	names, err := readWalNames(dirpath)
+	names, nameIndex, err := selectWALFiles(dirpath, snap)
+	if err != nil {
+		return nil, err
+	}
+
+	rs, ls, closer, err := openWALFiles(dirpath, names, nameIndex, write)
 	if err != nil {
 		return nil, err
 	}
 
+	// create a WAL ready for reading
+	w := &WAL{
+		dir:       dirpath,
+		start:     snap,
+		decoder:   newDecoder(rs...),
+		readClose: closer,
+		locks:     ls,
+	}
+
+	if write {
+		// write reuses the file descriptors from read; don't close so
+		// WAL can append without dropping the file lock
+		w.readClose = nil
+		if _, _, err := parseWalName(filepath.Base(w.tail().Name())); err != nil {
+			closer()
+			return nil, err
+		}
+		w.fp = newFilePipeline(w.dir, SegmentSizeBytes)
+	}
+
+	return w, nil
+}
+
+func selectWALFiles(dirpath string, snap walpb.Snapshot) ([]string, int, error) {
+	names, err := readWalNames(dirpath)
+	if err != nil {
+		return nil, -1, err
+	}
+
 	nameIndex, ok := searchIndex(names, snap.Index)
 	if !ok || !isValidSeq(names[nameIndex:]) {
-		return nil, ErrFileNotFound
+		err = ErrFileNotFound
+		return nil, -1, err
 	}
 
-	// open the wal files
+	return names, nameIndex, nil
+}
+
+func openWALFiles(dirpath string, names []string, nameIndex int, write bool) ([]io.Reader, []*fileutil.LockedFile, func() error, error) {
 	rcs := make([]io.ReadCloser, 0)
 	rs := make([]io.Reader, 0)
 	ls := make([]*fileutil.LockedFile, 0)
@@ -243,7 +289,7 @@ func openAtIndex(dirpath string, snap walpb.Snapshot, write bool) (*WAL, error)
 			l, err := fileutil.TryLockFile(p, os.O_RDWR, fileutil.PrivateFileMode)
 			if err != nil {
 				closeAll(rcs...)
-				return nil, err
+				return nil, nil, nil, err
 			}
 			ls = append(ls, l)
 			rcs = append(rcs, l)
@@ -251,7 +297,7 @@ func openAtIndex(dirpath string, snap walpb.Snapshot, write bool) (*WAL, error)
 			rf, err := os.OpenFile(p, os.O_RDONLY, fileutil.PrivateFileMode)
 			if err != nil {
 				closeAll(rcs...)
-				return nil, err
+				return nil, nil, nil, err
 			}
 			ls = append(ls, nil)
 			rcs = append(rcs, rf)
@@ -261,27 +307,7 @@ func openAtIndex(dirpath string, snap walpb.Snapshot, write bool) (*WAL, error)
 
 	closer := func() error { return closeAll(rcs...) }
 
-	// create a WAL ready for reading
-	w := &WAL{
-		dir:       dirpath,
-		start:     snap,
-		decoder:   newDecoder(rs...),
-		readClose: closer,
-		locks:     ls,
-	}
-
-	if write {
-		// write reuses the file descriptors from read; don't close so
-		// WAL can append without dropping the file lock
-		w.readClose = nil
-		if _, _, err := parseWalName(filepath.Base(w.tail().Name())); err != nil {
-			closer()
-			return nil, err
-		}
-		w.fp = newFilePipeline(w.dir, SegmentSizeBytes)
-	}
-
-	return w, nil
+	return rs, ls, closer, nil
 }
 
 // ReadAll reads out records of the current WAL.
@@ -299,6 +325,10 @@ func (w *WAL) ReadAll() (metadata []byte, state raftpb.HardState, ents []raftpb.
 	defer w.mu.Unlock()
 
 	rec := &walpb.Record{}
+
+	if w.decoder == nil {
+		return nil, state, nil, ErrDecoderNotFound
+	}
 	decoder := w.decoder
 
 	var match bool
@@ -306,8 +336,15 @@ func (w *WAL) ReadAll() (metadata []byte, state raftpb.HardState, ents []raftpb.
 		switch rec.Type {
 		case entryType:
 			e := mustUnmarshalEntry(rec.Data)
+			// 0 <= e.Index-w.start.Index - 1 < len(ents)
 			if e.Index > w.start.Index {
-				ents = append(ents[:e.Index-w.start.Index-1], e)
+				// prevent "panic: runtime error: slice bounds out of range [:13038096702221461992] with capacity 0"
+				up := e.Index - w.start.Index - 1
+				if up > uint64(len(ents)) {
+					// return error before append call causes runtime panic
+					return nil, state, nil, ErrSliceOutOfRange
+				}
+				ents = append(ents[:up], e)
 			}
 			w.enti = e.Index
 		case stateType:
@@ -398,6 +435,150 @@ func (w *WAL) ReadAll() (metadata []byte, state raftpb.HardState, ents []raftpb.
 	return metadata, state, ents, err
 }
 
+// ValidSnapshotEntries returns all the valid snapshot entries in the wal logs in the given directory.
+// Snapshot entries are valid if their index is less than or equal to the most recent committed hardstate.
+func ValidSnapshotEntries(walDir string) ([]walpb.Snapshot, error) {
+	var snaps []walpb.Snapshot
+	var state raftpb.HardState
+	var err error
+
+	rec := &walpb.Record{}
+	names, err := readWalNames(walDir)
+	if err != nil {
+		return nil, err
+	}
+
+	// open wal files in read mode, so that there is no conflict
+	// when the same WAL is opened elsewhere in write mode
+	rs, _, closer, err := openWALFiles(walDir, names, 0, false)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if closer != nil {
+			closer()
+		}
+	}()
+
+	// create a new decoder from the readers on the WAL files
+	decoder := newDecoder(rs...)
+
+	for err = decoder.decode(rec); err == nil; err = decoder.decode(rec) {
+		switch rec.Type {
+		case snapshotType:
+			var loadedSnap walpb.Snapshot
+			pbutil.MustUnmarshal(&loadedSnap, rec.Data)
+			snaps = append(snaps, loadedSnap)
+		case stateType:
+			state = mustUnmarshalState(rec.Data)
+		case crcType:
+			crc := decoder.crc.Sum32()
+			// current crc of decoder must match the crc of the record.
+			// do no need to match 0 crc, since the decoder is a new one at this case.
+			if crc != 0 && rec.Validate(crc) != nil {
+				return nil, ErrCRCMismatch
+			}
+			decoder.updateCRC(rec.Crc)
+		}
+	}
+	// We do not have to read out all the WAL entries
+	// as the decoder is opened in read mode.
+	if err != io.EOF && err != io.ErrUnexpectedEOF {
+		return nil, err
+	}
+
+	// filter out any snaps that are newer than the committed hardstate
+	n := 0
+	for _, s := range snaps {
+		if s.Index <= state.Commit {
+			snaps[n] = s
+			n++
+		}
+	}
+	snaps = snaps[:n:n]
+
+	return snaps, nil
+}
+
+// Verify reads through the given WAL and verifies that it is not corrupted.
+// It creates a new decoder to read through the records of the given WAL.
+// It does not conflict with any open WAL, but it is recommended not to
+// call this function after opening the WAL for writing.
+// If it cannot read out the expected snap, it will return ErrSnapshotNotFound.
+// If the loaded snap doesn't match with the expected one, it will
+// return error ErrSnapshotMismatch.
+func Verify(walDir string, snap walpb.Snapshot) error {
+	var metadata []byte
+	var err error
+	var match bool
+
+	rec := &walpb.Record{}
+
+	names, nameIndex, err := selectWALFiles(walDir, snap)
+	if err != nil {
+		return err
+	}
+
+	// open wal files in read mode, so that there is no conflict
+	// when the same WAL is opened elsewhere in write mode
+	rs, _, closer, err := openWALFiles(walDir, names, nameIndex, false)
+	if err != nil {
+		return err
+	}
+
+	// create a new decoder from the readers on the WAL files
+	decoder := newDecoder(rs...)
+
+	for err = decoder.decode(rec); err == nil; err = decoder.decode(rec) {
+		switch rec.Type {
+		case metadataType:
+			if metadata != nil && !bytes.Equal(metadata, rec.Data) {
+				return ErrMetadataConflict
+			}
+			metadata = rec.Data
+		case crcType:
+			crc := decoder.crc.Sum32()
+			// Current crc of decoder must match the crc of the record.
+			// We need not match 0 crc, since the decoder is a new one at this point.
+			if crc != 0 && rec.Validate(crc) != nil {
+				return ErrCRCMismatch
+			}
+			decoder.updateCRC(rec.Crc)
+		case snapshotType:
+			var loadedSnap walpb.Snapshot
+			pbutil.MustUnmarshal(&loadedSnap, rec.Data)
+			if loadedSnap.Index == snap.Index {
+				if loadedSnap.Term != snap.Term {
+					return ErrSnapshotMismatch
+				}
+				match = true
+			}
+		// We ignore all entry and state type records as these
+		// are not necessary for validating the WAL contents
+		case entryType:
+		case stateType:
+		default:
+			return fmt.Errorf("unexpected block type %d", rec.Type)
+		}
+	}
+
+	if closer != nil {
+		closer()
+	}
+
+	// We do not have to read out all the WAL entries
+	// as the decoder is opened in read mode.
+	if err != io.EOF && err != io.ErrUnexpectedEOF {
+		return err
+	}
+
+	if !match {
+		return ErrSnapshotNotFound
+	}
+
+	return nil
+}
+
 // cut closes current file written and creates a new one ready to append.
 // cut first creates a temp wal file and writes necessary headers into it.
 // Then cut atomically rename temp wal file to a wal file.
@@ -451,9 +632,12 @@ func (w *WAL) cut() error {
 	if err = os.Rename(newTail.Name(), fpath); err != nil {
 		return err
 	}
+
+	start := time.Now()
 	if err = fileutil.Fsync(w.dirFile); err != nil {
 		return err
 	}
+	syncDurations.Observe(time.Since(start).Seconds())
 
 	// reopen newTail with its new path so calls to Name() match the wal filename format
 	newTail.Close()
@@ -495,6 +679,10 @@ func (w *WAL) sync() error {
 	return err
 }
 
+func (w *WAL) Sync() error {
+	return w.sync()
+}
+
 // ReleaseLockTo releases the locks, which has smaller index than the given index
 // except the largest one among them.
 // For example, if WAL is holding lock 1,2,3,4,5,6, ReleaseLockTo(4) will release
diff --git a/vendor/github.com/coreos/etcd/wal/walpb/record.pb.go b/vendor/github.com/coreos/etcd/wal/walpb/record.pb.go
index 3ce63ddc2eb6a..10ee41702efe1 100644
--- a/vendor/github.com/coreos/etcd/wal/walpb/record.pb.go
+++ b/vendor/github.com/coreos/etcd/wal/walpb/record.pb.go
@@ -1,28 +1,16 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: record.proto
 
-/*
-	Package walpb is a generated protocol buffer package.
-
-	It is generated from these files:
-		record.proto
-
-	It has these top-level messages:
-		Record
-		Snapshot
-*/
 package walpb
 
 import (
-	"fmt"
-
-	proto "github.com/golang/protobuf/proto"
-
+	fmt "fmt"
+	io "io"
 	math "math"
+	math_bits "math/bits"
 
 	_ "github.com/gogo/protobuf/gogoproto"
-
-	io "io"
+	proto "github.com/golang/protobuf/proto"
 )
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -37,36 +25,115 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
 
 type Record struct {
-	Type             int64  `protobuf:"varint,1,opt,name=type" json:"type"`
-	Crc              uint32 `protobuf:"varint,2,opt,name=crc" json:"crc"`
-	Data             []byte `protobuf:"bytes,3,opt,name=data" json:"data,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
+	Type                 int64    `protobuf:"varint,1,opt,name=type" json:"type"`
+	Crc                  uint32   `protobuf:"varint,2,opt,name=crc" json:"crc"`
+	Data                 []byte   `protobuf:"bytes,3,opt,name=data" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *Record) Reset()                    { *m = Record{} }
-func (m *Record) String() string            { return proto.CompactTextString(m) }
-func (*Record) ProtoMessage()               {}
-func (*Record) Descriptor() ([]byte, []int) { return fileDescriptorRecord, []int{0} }
+func (m *Record) Reset()         { *m = Record{} }
+func (m *Record) String() string { return proto.CompactTextString(m) }
+func (*Record) ProtoMessage()    {}
+func (*Record) Descriptor() ([]byte, []int) {
+	return fileDescriptor_bf94fd919e302a1d, []int{0}
+}
+func (m *Record) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Record) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Record.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Record) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Record.Merge(m, src)
+}
+func (m *Record) XXX_Size() int {
+	return m.Size()
+}
+func (m *Record) XXX_DiscardUnknown() {
+	xxx_messageInfo_Record.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Record proto.InternalMessageInfo
 
 type Snapshot struct {
-	Index            uint64 `protobuf:"varint,1,opt,name=index" json:"index"`
-	Term             uint64 `protobuf:"varint,2,opt,name=term" json:"term"`
-	XXX_unrecognized []byte `json:"-"`
+	Index                uint64   `protobuf:"varint,1,opt,name=index" json:"index"`
+	Term                 uint64   `protobuf:"varint,2,opt,name=term" json:"term"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Snapshot) Reset()         { *m = Snapshot{} }
+func (m *Snapshot) String() string { return proto.CompactTextString(m) }
+func (*Snapshot) ProtoMessage()    {}
+func (*Snapshot) Descriptor() ([]byte, []int) {
+	return fileDescriptor_bf94fd919e302a1d, []int{1}
+}
+func (m *Snapshot) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Snapshot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Snapshot.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Snapshot) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Snapshot.Merge(m, src)
+}
+func (m *Snapshot) XXX_Size() int {
+	return m.Size()
+}
+func (m *Snapshot) XXX_DiscardUnknown() {
+	xxx_messageInfo_Snapshot.DiscardUnknown(m)
 }
 
-func (m *Snapshot) Reset()                    { *m = Snapshot{} }
-func (m *Snapshot) String() string            { return proto.CompactTextString(m) }
-func (*Snapshot) ProtoMessage()               {}
-func (*Snapshot) Descriptor() ([]byte, []int) { return fileDescriptorRecord, []int{1} }
+var xxx_messageInfo_Snapshot proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Record)(nil), "walpb.Record")
 	proto.RegisterType((*Snapshot)(nil), "walpb.Snapshot")
 }
+
+func init() { proto.RegisterFile("record.proto", fileDescriptor_bf94fd919e302a1d) }
+
+var fileDescriptor_bf94fd919e302a1d = []byte{
+	// 186 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x29, 0x4a, 0x4d, 0xce,
+	0x2f, 0x4a, 0xd1, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x2d, 0x4f, 0xcc, 0x29, 0x48, 0x92,
+	0x12, 0x49, 0xcf, 0x4f, 0xcf, 0x07, 0x8b, 0xe8, 0x83, 0x58, 0x10, 0x49, 0x25, 0x3f, 0x2e, 0xb6,
+	0x20, 0xb0, 0x62, 0x21, 0x09, 0x2e, 0x96, 0x92, 0xca, 0x82, 0x54, 0x09, 0x46, 0x05, 0x46, 0x0d,
+	0x66, 0x27, 0x96, 0x13, 0xf7, 0xe4, 0x19, 0x82, 0xc0, 0x22, 0x42, 0x62, 0x5c, 0xcc, 0xc9, 0x45,
+	0xc9, 0x12, 0x4c, 0x0a, 0x8c, 0x1a, 0xbc, 0x50, 0x09, 0x90, 0x80, 0x90, 0x10, 0x17, 0x4b, 0x4a,
+	0x62, 0x49, 0xa2, 0x04, 0xb3, 0x02, 0xa3, 0x06, 0x4f, 0x10, 0x98, 0xad, 0xe4, 0xc0, 0xc5, 0x11,
+	0x9c, 0x97, 0x58, 0x50, 0x9c, 0x91, 0x5f, 0x22, 0x24, 0xc5, 0xc5, 0x9a, 0x99, 0x97, 0x92, 0x5a,
+	0x01, 0x36, 0x92, 0x05, 0xaa, 0x13, 0x22, 0x04, 0xb6, 0x2d, 0xb5, 0x28, 0x17, 0x6c, 0x28, 0x0b,
+	0xdc, 0xb6, 0xd4, 0xa2, 0x5c, 0x27, 0x91, 0x13, 0x0f, 0xe5, 0x18, 0x4e, 0x3c, 0x92, 0x63, 0xbc,
+	0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x19, 0x8f, 0xe5, 0x18, 0x00, 0x01, 0x00, 0x00,
+	0xff, 0xff, 0x7f, 0x5e, 0x5c, 0x46, 0xd3, 0x00, 0x00, 0x00,
+}
+
 func (m *Record) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -74,32 +141,39 @@ func (m *Record) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Record) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Record) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0x8
-	i++
-	i = encodeVarintRecord(dAtA, i, uint64(m.Type))
-	dAtA[i] = 0x10
-	i++
-	i = encodeVarintRecord(dAtA, i, uint64(m.Crc))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Data != nil {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintRecord(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
-	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	i = encodeVarintRecord(dAtA, i, uint64(m.Crc))
+	i--
+	dAtA[i] = 0x10
+	i = encodeVarintRecord(dAtA, i, uint64(m.Type))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
 func (m *Snapshot) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -107,32 +181,43 @@ func (m *Snapshot) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Snapshot) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Snapshot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0x8
-	i++
-	i = encodeVarintRecord(dAtA, i, uint64(m.Index))
-	dAtA[i] = 0x10
-	i++
-	i = encodeVarintRecord(dAtA, i, uint64(m.Term))
 	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	return i, nil
+	i = encodeVarintRecord(dAtA, i, uint64(m.Term))
+	i--
+	dAtA[i] = 0x10
+	i = encodeVarintRecord(dAtA, i, uint64(m.Index))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintRecord(dAtA []byte, offset int, v uint64) int {
+	offset -= sovRecord(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Record) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovRecord(uint64(m.Type))
@@ -148,6 +233,9 @@ func (m *Record) Size() (n int) {
 }
 
 func (m *Snapshot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovRecord(uint64(m.Index))
@@ -159,14 +247,7 @@ func (m *Snapshot) Size() (n int) {
 }
 
 func sovRecord(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozRecord(x uint64) (n int) {
 	return sovRecord(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -186,7 +267,7 @@ func (m *Record) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -214,7 +295,7 @@ func (m *Record) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Type |= (int64(b) & 0x7F) << shift
+				m.Type |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -233,7 +314,7 @@ func (m *Record) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Crc |= (uint32(b) & 0x7F) << shift
+				m.Crc |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -252,7 +333,7 @@ func (m *Record) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -261,6 +342,9 @@ func (m *Record) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRecord
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRecord
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -278,6 +362,9 @@ func (m *Record) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRecord
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRecord
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -306,7 +393,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -334,7 +421,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Index |= (uint64(b) & 0x7F) << shift
+				m.Index |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -353,7 +440,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Term |= (uint64(b) & 0x7F) << shift
+				m.Term |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -367,6 +454,9 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthRecord
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthRecord
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -434,10 +524,13 @@ func skipRecord(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthRecord
 			}
+			iNdEx += length
+			if iNdEx < 0 {
+				return 0, ErrInvalidLengthRecord
+			}
 			return iNdEx, nil
 		case 3:
 			for {
@@ -466,6 +559,9 @@ func skipRecord(dAtA []byte) (n int, err error) {
 					return 0, err
 				}
 				iNdEx = start + next
+				if iNdEx < 0 {
+					return 0, ErrInvalidLengthRecord
+				}
 			}
 			return iNdEx, nil
 		case 4:
@@ -484,21 +580,3 @@ var (
 	ErrInvalidLengthRecord = fmt.Errorf("proto: negative length found during unmarshaling")
 	ErrIntOverflowRecord   = fmt.Errorf("proto: integer overflow")
 )
-
-func init() { proto.RegisterFile("record.proto", fileDescriptorRecord) }
-
-var fileDescriptorRecord = []byte{
-	// 186 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x29, 0x4a, 0x4d, 0xce,
-	0x2f, 0x4a, 0xd1, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x2d, 0x4f, 0xcc, 0x29, 0x48, 0x92,
-	0x12, 0x49, 0xcf, 0x4f, 0xcf, 0x07, 0x8b, 0xe8, 0x83, 0x58, 0x10, 0x49, 0x25, 0x3f, 0x2e, 0xb6,
-	0x20, 0xb0, 0x62, 0x21, 0x09, 0x2e, 0x96, 0x92, 0xca, 0x82, 0x54, 0x09, 0x46, 0x05, 0x46, 0x0d,
-	0x66, 0x27, 0x96, 0x13, 0xf7, 0xe4, 0x19, 0x82, 0xc0, 0x22, 0x42, 0x62, 0x5c, 0xcc, 0xc9, 0x45,
-	0xc9, 0x12, 0x4c, 0x0a, 0x8c, 0x1a, 0xbc, 0x50, 0x09, 0x90, 0x80, 0x90, 0x10, 0x17, 0x4b, 0x4a,
-	0x62, 0x49, 0xa2, 0x04, 0xb3, 0x02, 0xa3, 0x06, 0x4f, 0x10, 0x98, 0xad, 0xe4, 0xc0, 0xc5, 0x11,
-	0x9c, 0x97, 0x58, 0x50, 0x9c, 0x91, 0x5f, 0x22, 0x24, 0xc5, 0xc5, 0x9a, 0x99, 0x97, 0x92, 0x5a,
-	0x01, 0x36, 0x92, 0x05, 0xaa, 0x13, 0x22, 0x04, 0xb6, 0x2d, 0xb5, 0x28, 0x17, 0x6c, 0x28, 0x0b,
-	0xdc, 0xb6, 0xd4, 0xa2, 0x5c, 0x27, 0x91, 0x13, 0x0f, 0xe5, 0x18, 0x4e, 0x3c, 0x92, 0x63, 0xbc,
-	0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x19, 0x8f, 0xe5, 0x18, 0x00, 0x01, 0x00, 0x00,
-	0xff, 0xff, 0x7f, 0x5e, 0x5c, 0x46, 0xd3, 0x00, 0x00, 0x00,
-}
diff --git a/vendor/github.com/coreos/go-systemd/activation/files.go b/vendor/github.com/coreos/go-systemd/activation/files.go
deleted file mode 100644
index 29dd18defad84..0000000000000
--- a/vendor/github.com/coreos/go-systemd/activation/files.go
+++ /dev/null
@@ -1,67 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package activation implements primitives for systemd socket activation.
-package activation
-
-import (
-	"os"
-	"strconv"
-	"strings"
-	"syscall"
-)
-
-const (
-	// listenFdsStart corresponds to `SD_LISTEN_FDS_START`.
-	listenFdsStart = 3
-)
-
-// Files returns a slice containing a `os.File` object for each
-// file descriptor passed to this process via systemd fd-passing protocol.
-//
-// The order of the file descriptors is preserved in the returned slice.
-// `unsetEnv` is typically set to `true` in order to avoid clashes in
-// fd usage and to avoid leaking environment flags to child processes.
-func Files(unsetEnv bool) []*os.File {
-	if unsetEnv {
-		defer os.Unsetenv("LISTEN_PID")
-		defer os.Unsetenv("LISTEN_FDS")
-		defer os.Unsetenv("LISTEN_FDNAMES")
-	}
-
-	pid, err := strconv.Atoi(os.Getenv("LISTEN_PID"))
-	if err != nil || pid != os.Getpid() {
-		return nil
-	}
-
-	nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS"))
-	if err != nil || nfds == 0 {
-		return nil
-	}
-
-	names := strings.Split(os.Getenv("LISTEN_FDNAMES"), ":")
-
-	files := make([]*os.File, 0, nfds)
-	for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ {
-		syscall.CloseOnExec(fd)
-		name := "LISTEN_FD_" + strconv.Itoa(fd)
-		offset := fd - listenFdsStart
-		if offset < len(names) && len(names[offset]) > 0 {
-			name = names[offset]
-		}
-		files = append(files, os.NewFile(uintptr(fd), name))
-	}
-
-	return files
-}
diff --git a/vendor/github.com/coreos/go-systemd/dbus/dbus.go b/vendor/github.com/coreos/go-systemd/dbus/dbus.go
deleted file mode 100644
index 1d54810aff4e9..0000000000000
--- a/vendor/github.com/coreos/go-systemd/dbus/dbus.go
+++ /dev/null
@@ -1,240 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Integration with the systemd D-Bus API.  See http://www.freedesktop.org/wiki/Software/systemd/dbus/
-package dbus
-
-import (
-	"encoding/hex"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-	"sync"
-
-	"github.com/godbus/dbus"
-)
-
-const (
-	alpha        = `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`
-	num          = `0123456789`
-	alphanum     = alpha + num
-	signalBuffer = 100
-)
-
-// needsEscape checks whether a byte in a potential dbus ObjectPath needs to be escaped
-func needsEscape(i int, b byte) bool {
-	// Escape everything that is not a-z-A-Z-0-9
-	// Also escape 0-9 if it's the first character
-	return strings.IndexByte(alphanum, b) == -1 ||
-		(i == 0 && strings.IndexByte(num, b) != -1)
-}
-
-// PathBusEscape sanitizes a constituent string of a dbus ObjectPath using the
-// rules that systemd uses for serializing special characters.
-func PathBusEscape(path string) string {
-	// Special case the empty string
-	if len(path) == 0 {
-		return "_"
-	}
-	n := []byte{}
-	for i := 0; i < len(path); i++ {
-		c := path[i]
-		if needsEscape(i, c) {
-			e := fmt.Sprintf("_%x", c)
-			n = append(n, []byte(e)...)
-		} else {
-			n = append(n, c)
-		}
-	}
-	return string(n)
-}
-
-// pathBusUnescape is the inverse of PathBusEscape.
-func pathBusUnescape(path string) string {
-	if path == "_" {
-		return ""
-	}
-	n := []byte{}
-	for i := 0; i < len(path); i++ {
-		c := path[i]
-		if c == '_' && i+2 < len(path) {
-			res, err := hex.DecodeString(path[i+1 : i+3])
-			if err == nil {
-				n = append(n, res...)
-			}
-			i += 2
-		} else {
-			n = append(n, c)
-		}
-	}
-	return string(n)
-}
-
-// Conn is a connection to systemd's dbus endpoint.
-type Conn struct {
-	// sysconn/sysobj are only used to call dbus methods
-	sysconn *dbus.Conn
-	sysobj  dbus.BusObject
-
-	// sigconn/sigobj are only used to receive dbus signals
-	sigconn *dbus.Conn
-	sigobj  dbus.BusObject
-
-	jobListener struct {
-		jobs map[dbus.ObjectPath]chan<- string
-		sync.Mutex
-	}
-	subStateSubscriber struct {
-		updateCh chan<- *SubStateUpdate
-		errCh    chan<- error
-		sync.Mutex
-		ignore      map[dbus.ObjectPath]int64
-		cleanIgnore int64
-	}
-	propertiesSubscriber struct {
-		updateCh chan<- *PropertiesUpdate
-		errCh    chan<- error
-		sync.Mutex
-	}
-}
-
-// New establishes a connection to any available bus and authenticates.
-// Callers should call Close() when done with the connection.
-func New() (*Conn, error) {
-	conn, err := NewSystemConnection()
-	if err != nil && os.Geteuid() == 0 {
-		return NewSystemdConnection()
-	}
-	return conn, err
-}
-
-// NewSystemConnection establishes a connection to the system bus and authenticates.
-// Callers should call Close() when done with the connection
-func NewSystemConnection() (*Conn, error) {
-	return NewConnection(func() (*dbus.Conn, error) {
-		return dbusAuthHelloConnection(dbus.SystemBusPrivate)
-	})
-}
-
-// NewUserConnection establishes a connection to the session bus and
-// authenticates. This can be used to connect to systemd user instances.
-// Callers should call Close() when done with the connection.
-func NewUserConnection() (*Conn, error) {
-	return NewConnection(func() (*dbus.Conn, error) {
-		return dbusAuthHelloConnection(dbus.SessionBusPrivate)
-	})
-}
-
-// NewSystemdConnection establishes a private, direct connection to systemd.
-// This can be used for communicating with systemd without a dbus daemon.
-// Callers should call Close() when done with the connection.
-func NewSystemdConnection() (*Conn, error) {
-	return NewConnection(func() (*dbus.Conn, error) {
-		// We skip Hello when talking directly to systemd.
-		return dbusAuthConnection(func() (*dbus.Conn, error) {
-			return dbus.Dial("unix:path=/run/systemd/private")
-		})
-	})
-}
-
-// Close closes an established connection
-func (c *Conn) Close() {
-	c.sysconn.Close()
-	c.sigconn.Close()
-}
-
-// NewConnection establishes a connection to a bus using a caller-supplied function.
-// This allows connecting to remote buses through a user-supplied mechanism.
-// The supplied function may be called multiple times, and should return independent connections.
-// The returned connection must be fully initialised: the org.freedesktop.DBus.Hello call must have succeeded,
-// and any authentication should be handled by the function.
-func NewConnection(dialBus func() (*dbus.Conn, error)) (*Conn, error) {
-	sysconn, err := dialBus()
-	if err != nil {
-		return nil, err
-	}
-
-	sigconn, err := dialBus()
-	if err != nil {
-		sysconn.Close()
-		return nil, err
-	}
-
-	c := &Conn{
-		sysconn: sysconn,
-		sysobj:  systemdObject(sysconn),
-		sigconn: sigconn,
-		sigobj:  systemdObject(sigconn),
-	}
-
-	c.subStateSubscriber.ignore = make(map[dbus.ObjectPath]int64)
-	c.jobListener.jobs = make(map[dbus.ObjectPath]chan<- string)
-
-	// Setup the listeners on jobs so that we can get completions
-	c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-		"type='signal', interface='org.freedesktop.systemd1.Manager', member='JobRemoved'")
-
-	c.dispatch()
-	return c, nil
-}
-
-// GetManagerProperty returns the value of a property on the org.freedesktop.systemd1.Manager
-// interface. The value is returned in its string representation, as defined at
-// https://developer.gnome.org/glib/unstable/gvariant-text.html
-func (c *Conn) GetManagerProperty(prop string) (string, error) {
-	variant, err := c.sysobj.GetProperty("org.freedesktop.systemd1.Manager." + prop)
-	if err != nil {
-		return "", err
-	}
-	return variant.String(), nil
-}
-
-func dbusAuthConnection(createBus func() (*dbus.Conn, error)) (*dbus.Conn, error) {
-	conn, err := createBus()
-	if err != nil {
-		return nil, err
-	}
-
-	// Only use EXTERNAL method, and hardcode the uid (not username)
-	// to avoid a username lookup (which requires a dynamically linked
-	// libc)
-	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
-
-	err = conn.Auth(methods)
-	if err != nil {
-		conn.Close()
-		return nil, err
-	}
-
-	return conn, nil
-}
-
-func dbusAuthHelloConnection(createBus func() (*dbus.Conn, error)) (*dbus.Conn, error) {
-	conn, err := dbusAuthConnection(createBus)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = conn.Hello(); err != nil {
-		conn.Close()
-		return nil, err
-	}
-
-	return conn, nil
-}
-
-func systemdObject(conn *dbus.Conn) dbus.BusObject {
-	return conn.Object("org.freedesktop.systemd1", dbus.ObjectPath("/org/freedesktop/systemd1"))
-}
diff --git a/vendor/github.com/coreos/go-systemd/dbus/methods.go b/vendor/github.com/coreos/go-systemd/dbus/methods.go
deleted file mode 100644
index 0b4207229f775..0000000000000
--- a/vendor/github.com/coreos/go-systemd/dbus/methods.go
+++ /dev/null
@@ -1,592 +0,0 @@
-// Copyright 2015, 2018 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package dbus
-
-import (
-	"errors"
-	"fmt"
-	"path"
-	"strconv"
-
-	"github.com/godbus/dbus"
-)
-
-func (c *Conn) jobComplete(signal *dbus.Signal) {
-	var id uint32
-	var job dbus.ObjectPath
-	var unit string
-	var result string
-	dbus.Store(signal.Body, &id, &job, &unit, &result)
-	c.jobListener.Lock()
-	out, ok := c.jobListener.jobs[job]
-	if ok {
-		out <- result
-		delete(c.jobListener.jobs, job)
-	}
-	c.jobListener.Unlock()
-}
-
-func (c *Conn) startJob(ch chan<- string, job string, args ...interface{}) (int, error) {
-	if ch != nil {
-		c.jobListener.Lock()
-		defer c.jobListener.Unlock()
-	}
-
-	var p dbus.ObjectPath
-	err := c.sysobj.Call(job, 0, args...).Store(&p)
-	if err != nil {
-		return 0, err
-	}
-
-	if ch != nil {
-		c.jobListener.jobs[p] = ch
-	}
-
-	// ignore error since 0 is fine if conversion fails
-	jobID, _ := strconv.Atoi(path.Base(string(p)))
-
-	return jobID, nil
-}
-
-// StartUnit enqueues a start job and depending jobs, if any (unless otherwise
-// specified by the mode string).
-//
-// Takes the unit to activate, plus a mode string. The mode needs to be one of
-// replace, fail, isolate, ignore-dependencies, ignore-requirements. If
-// "replace" the call will start the unit and its dependencies, possibly
-// replacing already queued jobs that conflict with this. If "fail" the call
-// will start the unit and its dependencies, but will fail if this would change
-// an already queued job. If "isolate" the call will start the unit in question
-// and terminate all units that aren't dependencies of it. If
-// "ignore-dependencies" it will start a unit but ignore all its dependencies.
-// If "ignore-requirements" it will start a unit but only ignore the
-// requirement dependencies. It is not recommended to make use of the latter
-// two options.
-//
-// If the provided channel is non-nil, a result string will be sent to it upon
-// job completion: one of done, canceled, timeout, failed, dependency, skipped.
-// done indicates successful execution of a job. canceled indicates that a job
-// has been canceled  before it finished execution. timeout indicates that the
-// job timeout was reached. failed indicates that the job failed. dependency
-// indicates that a job this job has been depending on failed and the job hence
-// has been removed too. skipped indicates that a job was skipped because it
-// didn't apply to the units current state.
-//
-// If no error occurs, the ID of the underlying systemd job will be returned. There
-// does exist the possibility for no error to be returned, but for the returned job
-// ID to be 0. In this case, the actual underlying ID is not 0 and this datapoint
-// should not be considered authoritative.
-//
-// If an error does occur, it will be returned to the user alongside a job ID of 0.
-func (c *Conn) StartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.StartUnit", name, mode)
-}
-
-// StopUnit is similar to StartUnit but stops the specified unit rather
-// than starting it.
-func (c *Conn) StopUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.StopUnit", name, mode)
-}
-
-// ReloadUnit reloads a unit.  Reloading is done only if the unit is already running and fails otherwise.
-func (c *Conn) ReloadUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.ReloadUnit", name, mode)
-}
-
-// RestartUnit restarts a service.  If a service is restarted that isn't
-// running it will be started.
-func (c *Conn) RestartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.RestartUnit", name, mode)
-}
-
-// TryRestartUnit is like RestartUnit, except that a service that isn't running
-// is not affected by the restart.
-func (c *Conn) TryRestartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.TryRestartUnit", name, mode)
-}
-
-// ReloadOrRestart attempts a reload if the unit supports it and use a restart
-// otherwise.
-func (c *Conn) ReloadOrRestartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.ReloadOrRestartUnit", name, mode)
-}
-
-// ReloadOrTryRestart attempts a reload if the unit supports it and use a "Try"
-// flavored restart otherwise.
-func (c *Conn) ReloadOrTryRestartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.ReloadOrTryRestartUnit", name, mode)
-}
-
-// StartTransientUnit() may be used to create and start a transient unit, which
-// will be released as soon as it is not running or referenced anymore or the
-// system is rebooted. name is the unit name including suffix, and must be
-// unique. mode is the same as in StartUnit(), properties contains properties
-// of the unit.
-func (c *Conn) StartTransientUnit(name string, mode string, properties []Property, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0))
-}
-
-// KillUnit takes the unit name and a UNIX signal number to send.  All of the unit's
-// processes are killed.
-func (c *Conn) KillUnit(name string, signal int32) {
-	c.sysobj.Call("org.freedesktop.systemd1.Manager.KillUnit", 0, name, "all", signal).Store()
-}
-
-// ResetFailedUnit resets the "failed" state of a specific unit.
-func (c *Conn) ResetFailedUnit(name string) error {
-	return c.sysobj.Call("org.freedesktop.systemd1.Manager.ResetFailedUnit", 0, name).Store()
-}
-
-// SystemState returns the systemd state. Equivalent to `systemctl is-system-running`.
-func (c *Conn) SystemState() (*Property, error) {
-	var err error
-	var prop dbus.Variant
-
-	obj := c.sysconn.Object("org.freedesktop.systemd1", "/org/freedesktop/systemd1")
-	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, "org.freedesktop.systemd1.Manager", "SystemState").Store(&prop)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Property{Name: "SystemState", Value: prop}, nil
-}
-
-// getProperties takes the unit path and returns all of its dbus object properties, for the given dbus interface
-func (c *Conn) getProperties(path dbus.ObjectPath, dbusInterface string) (map[string]interface{}, error) {
-	var err error
-	var props map[string]dbus.Variant
-
-	if !path.IsValid() {
-		return nil, fmt.Errorf("invalid unit name: %v", path)
-	}
-
-	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
-	err = obj.Call("org.freedesktop.DBus.Properties.GetAll", 0, dbusInterface).Store(&props)
-	if err != nil {
-		return nil, err
-	}
-
-	out := make(map[string]interface{}, len(props))
-	for k, v := range props {
-		out[k] = v.Value()
-	}
-
-	return out, nil
-}
-
-// GetUnitProperties takes the (unescaped) unit name and returns all of its dbus object properties.
-func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
-	path := unitPath(unit)
-	return c.getProperties(path, "org.freedesktop.systemd1.Unit")
-}
-
-// GetUnitProperties takes the (escaped) unit path and returns all of its dbus object properties.
-func (c *Conn) GetUnitPathProperties(path dbus.ObjectPath) (map[string]interface{}, error) {
-	return c.getProperties(path, "org.freedesktop.systemd1.Unit")
-}
-
-func (c *Conn) getProperty(unit string, dbusInterface string, propertyName string) (*Property, error) {
-	var err error
-	var prop dbus.Variant
-
-	path := unitPath(unit)
-	if !path.IsValid() {
-		return nil, errors.New("invalid unit name: " + unit)
-	}
-
-	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
-	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, dbusInterface, propertyName).Store(&prop)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Property{Name: propertyName, Value: prop}, nil
-}
-
-func (c *Conn) GetUnitProperty(unit string, propertyName string) (*Property, error) {
-	return c.getProperty(unit, "org.freedesktop.systemd1.Unit", propertyName)
-}
-
-// GetServiceProperty returns property for given service name and property name
-func (c *Conn) GetServiceProperty(service string, propertyName string) (*Property, error) {
-	return c.getProperty(service, "org.freedesktop.systemd1.Service", propertyName)
-}
-
-// GetUnitTypeProperties returns the extra properties for a unit, specific to the unit type.
-// Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope
-// return "dbus.Error: Unknown interface" if the unitType is not the correct type of the unit
-func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) {
-	path := unitPath(unit)
-	return c.getProperties(path, "org.freedesktop.systemd1."+unitType)
-}
-
-// SetUnitProperties() may be used to modify certain unit properties at runtime.
-// Not all properties may be changed at runtime, but many resource management
-// settings (primarily those in systemd.cgroup(5)) may. The changes are applied
-// instantly, and stored on disk for future boots, unless runtime is true, in which
-// case the settings only apply until the next reboot. name is the name of the unit
-// to modify. properties are the settings to set, encoded as an array of property
-// name and value pairs.
-func (c *Conn) SetUnitProperties(name string, runtime bool, properties ...Property) error {
-	return c.sysobj.Call("org.freedesktop.systemd1.Manager.SetUnitProperties", 0, name, runtime, properties).Store()
-}
-
-func (c *Conn) GetUnitTypeProperty(unit string, unitType string, propertyName string) (*Property, error) {
-	return c.getProperty(unit, "org.freedesktop.systemd1."+unitType, propertyName)
-}
-
-type UnitStatus struct {
-	Name        string          // The primary unit name as string
-	Description string          // The human readable description string
-	LoadState   string          // The load state (i.e. whether the unit file has been loaded successfully)
-	ActiveState string          // The active state (i.e. whether the unit is currently started or not)
-	SubState    string          // The sub state (a more fine-grained version of the active state that is specific to the unit type, which the active state is not)
-	Followed    string          // A unit that is being followed in its state by this unit, if there is any, otherwise the empty string.
-	Path        dbus.ObjectPath // The unit object path
-	JobId       uint32          // If there is a job queued for the job unit the numeric job id, 0 otherwise
-	JobType     string          // The job type as string
-	JobPath     dbus.ObjectPath // The job object path
-}
-
-type storeFunc func(retvalues ...interface{}) error
-
-func (c *Conn) listUnitsInternal(f storeFunc) ([]UnitStatus, error) {
-	result := make([][]interface{}, 0)
-	err := f(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	status := make([]UnitStatus, len(result))
-	statusInterface := make([]interface{}, len(status))
-	for i := range status {
-		statusInterface[i] = &status[i]
-	}
-
-	err = dbus.Store(resultInterface, statusInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return status, nil
-}
-
-// ListUnits returns an array with all currently loaded units. Note that
-// units may be known by multiple names at the same time, and hence there might
-// be more unit names loaded than actual units behind them.
-func (c *Conn) ListUnits() ([]UnitStatus, error) {
-	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnits", 0).Store)
-}
-
-// ListUnitsFiltered returns an array with units filtered by state.
-// It takes a list of units' statuses to filter.
-func (c *Conn) ListUnitsFiltered(states []string) ([]UnitStatus, error) {
-	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitsFiltered", 0, states).Store)
-}
-
-// ListUnitsByPatterns returns an array with units.
-// It takes a list of units' statuses and names to filter.
-// Note that units may be known by multiple names at the same time,
-// and hence there might be more unit names loaded than actual units behind them.
-func (c *Conn) ListUnitsByPatterns(states []string, patterns []string) ([]UnitStatus, error) {
-	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitsByPatterns", 0, states, patterns).Store)
-}
-
-// ListUnitsByNames returns an array with units. It takes a list of units'
-// names and returns an UnitStatus array. Comparing to ListUnitsByPatterns
-// method, this method returns statuses even for inactive or non-existing
-// units. Input array should contain exact unit names, but not patterns.
-// Note: Requires systemd v230 or higher
-func (c *Conn) ListUnitsByNames(units []string) ([]UnitStatus, error) {
-	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitsByNames", 0, units).Store)
-}
-
-type UnitFile struct {
-	Path string
-	Type string
-}
-
-func (c *Conn) listUnitFilesInternal(f storeFunc) ([]UnitFile, error) {
-	result := make([][]interface{}, 0)
-	err := f(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	files := make([]UnitFile, len(result))
-	fileInterface := make([]interface{}, len(files))
-	for i := range files {
-		fileInterface[i] = &files[i]
-	}
-
-	err = dbus.Store(resultInterface, fileInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return files, nil
-}
-
-// ListUnitFiles returns an array of all available units on disk.
-func (c *Conn) ListUnitFiles() ([]UnitFile, error) {
-	return c.listUnitFilesInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitFiles", 0).Store)
-}
-
-// ListUnitFilesByPatterns returns an array of all available units on disk matched the patterns.
-func (c *Conn) ListUnitFilesByPatterns(states []string, patterns []string) ([]UnitFile, error) {
-	return c.listUnitFilesInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitFilesByPatterns", 0, states, patterns).Store)
-}
-
-type LinkUnitFileChange EnableUnitFileChange
-
-// LinkUnitFiles() links unit files (that are located outside of the
-// usual unit search paths) into the unit search path.
-//
-// It takes a list of absolute paths to unit files to link and two
-// booleans. The first boolean controls whether the unit shall be
-// enabled for runtime only (true, /run), or persistently (false,
-// /etc).
-// The second controls whether symlinks pointing to other units shall
-// be replaced if necessary.
-//
-// This call returns a list of the changes made. The list consists of
-// structures with three strings: the type of the change (one of symlink
-// or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) LinkUnitFiles(files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]LinkUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-// EnableUnitFiles() may be used to enable one or more units in the system (by
-// creating symlinks to them in /etc or /run).
-//
-// It takes a list of unit files to enable (either just file names or full
-// absolute paths if the unit files are residing outside the usual unit
-// search paths), and two booleans: the first controls whether the unit shall
-// be enabled for runtime only (true, /run), or persistently (false, /etc).
-// The second one controls whether symlinks pointing to other units shall
-// be replaced if necessary.
-//
-// This call returns one boolean and an array with the changes made. The
-// boolean signals whether the unit files contained any enablement
-// information (i.e. an [Install]) section. The changes list consists of
-// structures with three strings: the type of the change (one of symlink
-// or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) {
-	var carries_install_info bool
-
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result)
-	if err != nil {
-		return false, nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]EnableUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return false, nil, err
-	}
-
-	return carries_install_info, changes, nil
-}
-
-type EnableUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// DisableUnitFiles() may be used to disable one or more units in the system (by
-// removing symlinks to them from /etc or /run).
-//
-// It takes a list of unit files to disable (either just file names or full
-// absolute paths if the unit files are residing outside the usual unit
-// search paths), and one boolean: whether the unit was enabled for runtime
-// only (true, /run), or persistently (false, /etc).
-//
-// This call returns an array with the changes made. The changes list
-// consists of structures with three strings: the type of the change (one of
-// symlink or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]DisableUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-type DisableUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// MaskUnitFiles masks one or more units in the system
-//
-// It takes three arguments:
-//   * list of units to mask (either just file names or full
-//     absolute paths if the unit files are residing outside
-//     the usual unit search paths)
-//   * runtime to specify whether the unit was enabled for runtime
-//     only (true, /run/systemd/..), or persistently (false, /etc/systemd/..)
-//   * force flag
-func (c *Conn) MaskUnitFiles(files []string, runtime bool, force bool) ([]MaskUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.MaskUnitFiles", 0, files, runtime, force).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]MaskUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-type MaskUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// UnmaskUnitFiles unmasks one or more units in the system
-//
-// It takes two arguments:
-//   * list of unit files to mask (either just file names or full
-//     absolute paths if the unit files are residing outside
-//     the usual unit search paths)
-//   * runtime to specify whether the unit was enabled for runtime
-//     only (true, /run/systemd/..), or persistently (false, /etc/systemd/..)
-func (c *Conn) UnmaskUnitFiles(files []string, runtime bool) ([]UnmaskUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.UnmaskUnitFiles", 0, files, runtime).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]UnmaskUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-type UnmaskUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// Reload instructs systemd to scan for and reload unit files. This is
-// equivalent to a 'systemctl daemon-reload'.
-func (c *Conn) Reload() error {
-	return c.sysobj.Call("org.freedesktop.systemd1.Manager.Reload", 0).Store()
-}
-
-func unitPath(name string) dbus.ObjectPath {
-	return dbus.ObjectPath("/org/freedesktop/systemd1/unit/" + PathBusEscape(name))
-}
-
-// unitName returns the unescaped base element of the supplied escaped path
-func unitName(dpath dbus.ObjectPath) string {
-	return pathBusUnescape(path.Base(string(dpath)))
-}
diff --git a/vendor/github.com/coreos/go-systemd/dbus/properties.go b/vendor/github.com/coreos/go-systemd/dbus/properties.go
deleted file mode 100644
index 6c81895876365..0000000000000
--- a/vendor/github.com/coreos/go-systemd/dbus/properties.go
+++ /dev/null
@@ -1,237 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package dbus
-
-import (
-	"github.com/godbus/dbus"
-)
-
-// From the systemd docs:
-//
-// The properties array of StartTransientUnit() may take many of the settings
-// that may also be configured in unit files. Not all parameters are currently
-// accepted though, but we plan to cover more properties with future release.
-// Currently you may set the Description, Slice and all dependency types of
-// units, as well as RemainAfterExit, ExecStart for service units,
-// TimeoutStopUSec and PIDs for scope units, and CPUAccounting, CPUShares,
-// BlockIOAccounting, BlockIOWeight, BlockIOReadBandwidth,
-// BlockIOWriteBandwidth, BlockIODeviceWeight, MemoryAccounting, MemoryLimit,
-// DevicePolicy, DeviceAllow for services/scopes/slices. These fields map
-// directly to their counterparts in unit files and as normal D-Bus object
-// properties. The exception here is the PIDs field of scope units which is
-// used for construction of the scope only and specifies the initial PIDs to
-// add to the scope object.
-
-type Property struct {
-	Name  string
-	Value dbus.Variant
-}
-
-type PropertyCollection struct {
-	Name       string
-	Properties []Property
-}
-
-type execStart struct {
-	Path             string   // the binary path to execute
-	Args             []string // an array with all arguments to pass to the executed command, starting with argument 0
-	UncleanIsFailure bool     // a boolean whether it should be considered a failure if the process exits uncleanly
-}
-
-// PropExecStart sets the ExecStart service property.  The first argument is a
-// slice with the binary path to execute followed by the arguments to pass to
-// the executed command. See
-// http://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
-func PropExecStart(command []string, uncleanIsFailure bool) Property {
-	execStarts := []execStart{
-		execStart{
-			Path:             command[0],
-			Args:             command,
-			UncleanIsFailure: uncleanIsFailure,
-		},
-	}
-
-	return Property{
-		Name:  "ExecStart",
-		Value: dbus.MakeVariant(execStarts),
-	}
-}
-
-// PropRemainAfterExit sets the RemainAfterExit service property. See
-// http://www.freedesktop.org/software/systemd/man/systemd.service.html#RemainAfterExit=
-func PropRemainAfterExit(b bool) Property {
-	return Property{
-		Name:  "RemainAfterExit",
-		Value: dbus.MakeVariant(b),
-	}
-}
-
-// PropType sets the Type service property. See
-// http://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
-func PropType(t string) Property {
-	return Property{
-		Name:  "Type",
-		Value: dbus.MakeVariant(t),
-	}
-}
-
-// PropDescription sets the Description unit property. See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit#Description=
-func PropDescription(desc string) Property {
-	return Property{
-		Name:  "Description",
-		Value: dbus.MakeVariant(desc),
-	}
-}
-
-func propDependency(name string, units []string) Property {
-	return Property{
-		Name:  name,
-		Value: dbus.MakeVariant(units),
-	}
-}
-
-// PropRequires sets the Requires unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires=
-func PropRequires(units ...string) Property {
-	return propDependency("Requires", units)
-}
-
-// PropRequiresOverridable sets the RequiresOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresOverridable=
-func PropRequiresOverridable(units ...string) Property {
-	return propDependency("RequiresOverridable", units)
-}
-
-// PropRequisite sets the Requisite unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requisite=
-func PropRequisite(units ...string) Property {
-	return propDependency("Requisite", units)
-}
-
-// PropRequisiteOverridable sets the RequisiteOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequisiteOverridable=
-func PropRequisiteOverridable(units ...string) Property {
-	return propDependency("RequisiteOverridable", units)
-}
-
-// PropWants sets the Wants unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Wants=
-func PropWants(units ...string) Property {
-	return propDependency("Wants", units)
-}
-
-// PropBindsTo sets the BindsTo unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#BindsTo=
-func PropBindsTo(units ...string) Property {
-	return propDependency("BindsTo", units)
-}
-
-// PropRequiredBy sets the RequiredBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredBy=
-func PropRequiredBy(units ...string) Property {
-	return propDependency("RequiredBy", units)
-}
-
-// PropRequiredByOverridable sets the RequiredByOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredByOverridable=
-func PropRequiredByOverridable(units ...string) Property {
-	return propDependency("RequiredByOverridable", units)
-}
-
-// PropWantedBy sets the WantedBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
-func PropWantedBy(units ...string) Property {
-	return propDependency("WantedBy", units)
-}
-
-// PropBoundBy sets the BoundBy unit property.  See
-// http://www.freedesktop.org/software/systemd/main/systemd.unit.html#BoundBy=
-func PropBoundBy(units ...string) Property {
-	return propDependency("BoundBy", units)
-}
-
-// PropConflicts sets the Conflicts unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Conflicts=
-func PropConflicts(units ...string) Property {
-	return propDependency("Conflicts", units)
-}
-
-// PropConflictedBy sets the ConflictedBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#ConflictedBy=
-func PropConflictedBy(units ...string) Property {
-	return propDependency("ConflictedBy", units)
-}
-
-// PropBefore sets the Before unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=
-func PropBefore(units ...string) Property {
-	return propDependency("Before", units)
-}
-
-// PropAfter sets the After unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#After=
-func PropAfter(units ...string) Property {
-	return propDependency("After", units)
-}
-
-// PropOnFailure sets the OnFailure unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#OnFailure=
-func PropOnFailure(units ...string) Property {
-	return propDependency("OnFailure", units)
-}
-
-// PropTriggers sets the Triggers unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Triggers=
-func PropTriggers(units ...string) Property {
-	return propDependency("Triggers", units)
-}
-
-// PropTriggeredBy sets the TriggeredBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#TriggeredBy=
-func PropTriggeredBy(units ...string) Property {
-	return propDependency("TriggeredBy", units)
-}
-
-// PropPropagatesReloadTo sets the PropagatesReloadTo unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#PropagatesReloadTo=
-func PropPropagatesReloadTo(units ...string) Property {
-	return propDependency("PropagatesReloadTo", units)
-}
-
-// PropRequiresMountsFor sets the RequiresMountsFor unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresMountsFor=
-func PropRequiresMountsFor(units ...string) Property {
-	return propDependency("RequiresMountsFor", units)
-}
-
-// PropSlice sets the Slice unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#Slice=
-func PropSlice(slice string) Property {
-	return Property{
-		Name:  "Slice",
-		Value: dbus.MakeVariant(slice),
-	}
-}
-
-// PropPids sets the PIDs field of scope units used in the initial construction
-// of the scope only and specifies the initial PIDs to add to the scope object.
-// See https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/#properties
-func PropPids(pids ...uint32) Property {
-	return Property{
-		Name:  "PIDs",
-		Value: dbus.MakeVariant(pids),
-	}
-}
diff --git a/vendor/github.com/go-ini/ini/LICENSE b/vendor/github.com/coreos/go-systemd/v22/LICENSE
similarity index 100%
rename from vendor/github.com/go-ini/ini/LICENSE
rename to vendor/github.com/coreos/go-systemd/v22/LICENSE
diff --git a/vendor/github.com/coreos/go-systemd/v22/NOTICE b/vendor/github.com/coreos/go-systemd/v22/NOTICE
new file mode 100644
index 0000000000000..23a0ada2fbb56
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/NOTICE
@@ -0,0 +1,5 @@
+CoreOS Project
+Copyright 2018 CoreOS, Inc
+
+This product includes software developed at CoreOS, Inc.
+(http://www.coreos.com/).
diff --git a/vendor/github.com/coreos/go-systemd/v22/README.md b/vendor/github.com/coreos/go-systemd/v22/README.md
new file mode 100644
index 0000000000000..9fac51300abb0
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/README.md
@@ -0,0 +1,73 @@
+# go-systemd
+
+[![Build Status](https://travis-ci.org/coreos/go-systemd.png?branch=master)](https://travis-ci.org/coreos/go-systemd)
+[![godoc](https://img.shields.io/badge/godoc-reference-5272B4)](https://pkg.go.dev/mod/github.com/coreos/go-systemd/v22/?tab=packages)
+![minimum golang 1.12](https://img.shields.io/badge/golang-1.12%2B-orange.svg)
+
+
+Go bindings to systemd. The project has several packages:
+
+- `activation` - for writing and using socket activation from Go
+- `daemon` - for notifying systemd of service status changes
+- `dbus` - for starting/stopping/inspecting running services and units
+- `journal` - for writing to systemd's logging service, journald
+- `sdjournal` - for reading from journald by wrapping its C API
+- `login1` - for integration with the systemd logind API
+- `machine1` - for registering machines/containers with systemd
+- `unit` - for (de)serialization and comparison of unit files
+
+## Socket Activation
+
+An example HTTP server using socket activation can be quickly set up by following this README on a Linux machine running systemd:
+
+https://github.com/coreos/go-systemd/tree/master/examples/activation/httpserver
+
+## systemd Service Notification
+
+The `daemon` package is an implementation of the [sd_notify protocol](https://www.freedesktop.org/software/systemd/man/sd_notify.html#Description).
+It can be used to inform systemd of service start-up completion, watchdog events, and other status changes.
+
+## D-Bus
+
+The `dbus` package connects to the [systemd D-Bus API](http://www.freedesktop.org/wiki/Software/systemd/dbus/) and lets you start, stop and introspect systemd units.
+[API documentation][dbus-doc] is available online.
+
+[dbus-doc]: https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus?tab=doc
+
+### Debugging
+
+Create `/etc/dbus-1/system-local.conf` that looks like this:
+
+```
+<!DOCTYPE busconfig PUBLIC
+"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy user="root">
+        <allow eavesdrop="true"/>
+        <allow eavesdrop="true" send_destination="*"/>
+    </policy>
+</busconfig>
+```
+
+## Journal
+
+### Writing to the Journal
+
+Using the pure-Go `journal` package you can submit journal entries directly to systemd's journal, taking advantage of features like indexed key/value pairs for each log entry.
+
+### Reading from the Journal
+
+The `sdjournal` package provides read access to the journal by wrapping around journald's native C API; consequently it requires cgo and the journal headers to be available.
+
+## logind
+
+The `login1` package provides functions to integrate with the [systemd logind API](http://www.freedesktop.org/wiki/Software/systemd/logind/).
+
+## machined
+
+The `machine1` package allows interaction with the [systemd machined D-Bus API](http://www.freedesktop.org/wiki/Software/systemd/machined/).
+
+## Units
+
+The `unit` package provides various functions for working with [systemd unit files](http://www.freedesktop.org/software/systemd/man/systemd.unit.html).
diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go b/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go
new file mode 100644
index 0000000000000..fc7db98fb41b6
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go
@@ -0,0 +1,69 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !windows
+
+// Package activation implements primitives for systemd socket activation.
+package activation
+
+import (
+	"os"
+	"strconv"
+	"strings"
+	"syscall"
+)
+
+const (
+	// listenFdsStart corresponds to `SD_LISTEN_FDS_START`.
+	listenFdsStart = 3
+)
+
+// Files returns a slice containing a `os.File` object for each
+// file descriptor passed to this process via systemd fd-passing protocol.
+//
+// The order of the file descriptors is preserved in the returned slice.
+// `unsetEnv` is typically set to `true` in order to avoid clashes in
+// fd usage and to avoid leaking environment flags to child processes.
+func Files(unsetEnv bool) []*os.File {
+	if unsetEnv {
+		defer os.Unsetenv("LISTEN_PID")
+		defer os.Unsetenv("LISTEN_FDS")
+		defer os.Unsetenv("LISTEN_FDNAMES")
+	}
+
+	pid, err := strconv.Atoi(os.Getenv("LISTEN_PID"))
+	if err != nil || pid != os.Getpid() {
+		return nil
+	}
+
+	nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS"))
+	if err != nil || nfds == 0 {
+		return nil
+	}
+
+	names := strings.Split(os.Getenv("LISTEN_FDNAMES"), ":")
+
+	files := make([]*os.File, 0, nfds)
+	for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ {
+		syscall.CloseOnExec(fd)
+		name := "LISTEN_FD_" + strconv.Itoa(fd)
+		offset := fd - listenFdsStart
+		if offset < len(names) && len(names[offset]) > 0 {
+			name = names[offset]
+		}
+		files = append(files, os.NewFile(uintptr(fd), name))
+	}
+
+	return files
+}
diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/files_windows.go b/vendor/github.com/coreos/go-systemd/v22/activation/files_windows.go
new file mode 100644
index 0000000000000..d391bf00c5eee
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/activation/files_windows.go
@@ -0,0 +1,21 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package activation
+
+import "os"
+
+func Files(unsetEnv bool) []*os.File {
+	return nil
+}
diff --git a/vendor/github.com/coreos/go-systemd/activation/listeners.go b/vendor/github.com/coreos/go-systemd/v22/activation/listeners.go
similarity index 97%
rename from vendor/github.com/coreos/go-systemd/activation/listeners.go
rename to vendor/github.com/coreos/go-systemd/v22/activation/listeners.go
index bb5cc2311e2cd..3dbe2b0877601 100644
--- a/vendor/github.com/coreos/go-systemd/activation/listeners.go
+++ b/vendor/github.com/coreos/go-systemd/v22/activation/listeners.go
@@ -67,7 +67,7 @@ func TLSListeners(tlsConfig *tls.Config) ([]net.Listener, error) {
 		return nil, err
 	}
 
-	if tlsConfig != nil && err == nil {
+	if tlsConfig != nil {
 		for i, l := range listeners {
 			// Activate TLS only for TCP sockets
 			if l.Addr().Network() == "tcp" {
@@ -88,7 +88,7 @@ func TLSListenersWithNames(tlsConfig *tls.Config) (map[string][]net.Listener, er
 		return nil, err
 	}
 
-	if tlsConfig != nil && err == nil {
+	if tlsConfig != nil {
 		for _, ll := range listeners {
 			// Activate TLS only for TCP sockets
 			for i, l := range ll {
diff --git a/vendor/github.com/coreos/go-systemd/activation/packetconns.go b/vendor/github.com/coreos/go-systemd/v22/activation/packetconns.go
similarity index 100%
rename from vendor/github.com/coreos/go-systemd/activation/packetconns.go
rename to vendor/github.com/coreos/go-systemd/v22/activation/packetconns.go
diff --git a/vendor/github.com/coreos/go-systemd/daemon/sdnotify.go b/vendor/github.com/coreos/go-systemd/v22/daemon/sdnotify.go
similarity index 100%
rename from vendor/github.com/coreos/go-systemd/daemon/sdnotify.go
rename to vendor/github.com/coreos/go-systemd/v22/daemon/sdnotify.go
diff --git a/vendor/github.com/coreos/go-systemd/daemon/watchdog.go b/vendor/github.com/coreos/go-systemd/v22/daemon/watchdog.go
similarity index 100%
rename from vendor/github.com/coreos/go-systemd/daemon/watchdog.go
rename to vendor/github.com/coreos/go-systemd/v22/daemon/watchdog.go
diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go
new file mode 100644
index 0000000000000..cff5af1a64c3e
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go
@@ -0,0 +1,261 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Integration with the systemd D-Bus API.  See http://www.freedesktop.org/wiki/Software/systemd/dbus/
+package dbus
+
+import (
+	"context"
+	"encoding/hex"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/godbus/dbus/v5"
+)
+
+const (
+	alpha        = `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`
+	num          = `0123456789`
+	alphanum     = alpha + num
+	signalBuffer = 100
+)
+
+// needsEscape checks whether a byte in a potential dbus ObjectPath needs to be escaped
+func needsEscape(i int, b byte) bool {
+	// Escape everything that is not a-z-A-Z-0-9
+	// Also escape 0-9 if it's the first character
+	return strings.IndexByte(alphanum, b) == -1 ||
+		(i == 0 && strings.IndexByte(num, b) != -1)
+}
+
+// PathBusEscape sanitizes a constituent string of a dbus ObjectPath using the
+// rules that systemd uses for serializing special characters.
+func PathBusEscape(path string) string {
+	// Special case the empty string
+	if len(path) == 0 {
+		return "_"
+	}
+	n := []byte{}
+	for i := 0; i < len(path); i++ {
+		c := path[i]
+		if needsEscape(i, c) {
+			e := fmt.Sprintf("_%x", c)
+			n = append(n, []byte(e)...)
+		} else {
+			n = append(n, c)
+		}
+	}
+	return string(n)
+}
+
+// pathBusUnescape is the inverse of PathBusEscape.
+func pathBusUnescape(path string) string {
+	if path == "_" {
+		return ""
+	}
+	n := []byte{}
+	for i := 0; i < len(path); i++ {
+		c := path[i]
+		if c == '_' && i+2 < len(path) {
+			res, err := hex.DecodeString(path[i+1 : i+3])
+			if err == nil {
+				n = append(n, res...)
+			}
+			i += 2
+		} else {
+			n = append(n, c)
+		}
+	}
+	return string(n)
+}
+
+// Conn is a connection to systemd's dbus endpoint.
+type Conn struct {
+	// sysconn/sysobj are only used to call dbus methods
+	sysconn *dbus.Conn
+	sysobj  dbus.BusObject
+
+	// sigconn/sigobj are only used to receive dbus signals
+	sigconn *dbus.Conn
+	sigobj  dbus.BusObject
+
+	jobListener struct {
+		jobs map[dbus.ObjectPath]chan<- string
+		sync.Mutex
+	}
+	subStateSubscriber struct {
+		updateCh chan<- *SubStateUpdate
+		errCh    chan<- error
+		sync.Mutex
+		ignore      map[dbus.ObjectPath]int64
+		cleanIgnore int64
+	}
+	propertiesSubscriber struct {
+		updateCh chan<- *PropertiesUpdate
+		errCh    chan<- error
+		sync.Mutex
+	}
+}
+
+// Deprecated: use NewWithContext instead.
+func New() (*Conn, error) {
+	return NewWithContext(context.Background())
+}
+
+// NewWithContext establishes a connection to any available bus and authenticates.
+// Callers should call Close() when done with the connection.
+func NewWithContext(ctx context.Context) (*Conn, error) {
+	conn, err := NewSystemConnectionContext(ctx)
+	if err != nil && os.Geteuid() == 0 {
+		return NewSystemdConnectionContext(ctx)
+	}
+	return conn, err
+}
+
+// Deprecated: use NewSystemConnectionContext instead.
+func NewSystemConnection() (*Conn, error) {
+	return NewSystemConnectionContext(context.Background())
+}
+
+// NewSystemConnectionContext establishes a connection to the system bus and authenticates.
+// Callers should call Close() when done with the connection.
+func NewSystemConnectionContext(ctx context.Context) (*Conn, error) {
+	return NewConnection(func() (*dbus.Conn, error) {
+		return dbusAuthHelloConnection(ctx, dbus.SystemBusPrivate)
+	})
+}
+
+// Deprecated: use NewUserConnectionContext instead.
+func NewUserConnection() (*Conn, error) {
+	return NewUserConnectionContext(context.Background())
+}
+
+// NewUserConnectionContext establishes a connection to the session bus and
+// authenticates. This can be used to connect to systemd user instances.
+// Callers should call Close() when done with the connection.
+func NewUserConnectionContext(ctx context.Context) (*Conn, error) {
+	return NewConnection(func() (*dbus.Conn, error) {
+		return dbusAuthHelloConnection(ctx, dbus.SessionBusPrivate)
+	})
+}
+
+// Deprecated: use NewSystemdConnectionContext instead.
+func NewSystemdConnection() (*Conn, error) {
+	return NewSystemdConnectionContext(context.Background())
+}
+
+// NewSystemdConnectionContext establishes a private, direct connection to systemd.
+// This can be used for communicating with systemd without a dbus daemon.
+// Callers should call Close() when done with the connection.
+func NewSystemdConnectionContext(ctx context.Context) (*Conn, error) {
+	return NewConnection(func() (*dbus.Conn, error) {
+		// We skip Hello when talking directly to systemd.
+		return dbusAuthConnection(ctx, func(opts ...dbus.ConnOption) (*dbus.Conn, error) {
+			return dbus.Dial("unix:path=/run/systemd/private", opts...)
+		})
+	})
+}
+
+// Close closes an established connection.
+func (c *Conn) Close() {
+	c.sysconn.Close()
+	c.sigconn.Close()
+}
+
+// NewConnection establishes a connection to a bus using a caller-supplied function.
+// This allows connecting to remote buses through a user-supplied mechanism.
+// The supplied function may be called multiple times, and should return independent connections.
+// The returned connection must be fully initialised: the org.freedesktop.DBus.Hello call must have succeeded,
+// and any authentication should be handled by the function.
+func NewConnection(dialBus func() (*dbus.Conn, error)) (*Conn, error) {
+	sysconn, err := dialBus()
+	if err != nil {
+		return nil, err
+	}
+
+	sigconn, err := dialBus()
+	if err != nil {
+		sysconn.Close()
+		return nil, err
+	}
+
+	c := &Conn{
+		sysconn: sysconn,
+		sysobj:  systemdObject(sysconn),
+		sigconn: sigconn,
+		sigobj:  systemdObject(sigconn),
+	}
+
+	c.subStateSubscriber.ignore = make(map[dbus.ObjectPath]int64)
+	c.jobListener.jobs = make(map[dbus.ObjectPath]chan<- string)
+
+	// Setup the listeners on jobs so that we can get completions
+	c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal', interface='org.freedesktop.systemd1.Manager', member='JobRemoved'")
+
+	c.dispatch()
+	return c, nil
+}
+
+// GetManagerProperty returns the value of a property on the org.freedesktop.systemd1.Manager
+// interface. The value is returned in its string representation, as defined at
+// https://developer.gnome.org/glib/unstable/gvariant-text.html.
+func (c *Conn) GetManagerProperty(prop string) (string, error) {
+	variant, err := c.sysobj.GetProperty("org.freedesktop.systemd1.Manager." + prop)
+	if err != nil {
+		return "", err
+	}
+	return variant.String(), nil
+}
+
+func dbusAuthConnection(ctx context.Context, createBus func(opts ...dbus.ConnOption) (*dbus.Conn, error)) (*dbus.Conn, error) {
+	conn, err := createBus(dbus.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	// Only use EXTERNAL method, and hardcode the uid (not username)
+	// to avoid a username lookup (which requires a dynamically linked
+	// libc)
+	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
+
+	err = conn.Auth(methods)
+	if err != nil {
+		conn.Close()
+		return nil, err
+	}
+
+	return conn, nil
+}
+
+func dbusAuthHelloConnection(ctx context.Context, createBus func(opts ...dbus.ConnOption) (*dbus.Conn, error)) (*dbus.Conn, error) {
+	conn, err := dbusAuthConnection(ctx, createBus)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = conn.Hello(); err != nil {
+		conn.Close()
+		return nil, err
+	}
+
+	return conn, nil
+}
+
+func systemdObject(conn *dbus.Conn) dbus.BusObject {
+	return conn.Object("org.freedesktop.systemd1", dbus.ObjectPath("/org/freedesktop/systemd1"))
+}
diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go
new file mode 100644
index 0000000000000..fa04afc708e7c
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go
@@ -0,0 +1,830 @@
+// Copyright 2015, 2018 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package dbus
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"path"
+	"strconv"
+
+	"github.com/godbus/dbus/v5"
+)
+
+// Who can be used to specify which process to kill in the unit via the KillUnitWithTarget API
+type Who string
+
+const (
+	// All sends the signal to all processes in the unit
+	All Who = "all"
+	// Main sends the signal to the main process of the unit
+	Main Who = "main"
+	// Control sends the signal to the control process of the unit
+	Control Who = "control"
+)
+
+func (c *Conn) jobComplete(signal *dbus.Signal) {
+	var id uint32
+	var job dbus.ObjectPath
+	var unit string
+	var result string
+	dbus.Store(signal.Body, &id, &job, &unit, &result)
+	c.jobListener.Lock()
+	out, ok := c.jobListener.jobs[job]
+	if ok {
+		out <- result
+		delete(c.jobListener.jobs, job)
+	}
+	c.jobListener.Unlock()
+}
+
+func (c *Conn) startJob(ctx context.Context, ch chan<- string, job string, args ...interface{}) (int, error) {
+	if ch != nil {
+		c.jobListener.Lock()
+		defer c.jobListener.Unlock()
+	}
+
+	var p dbus.ObjectPath
+	err := c.sysobj.CallWithContext(ctx, job, 0, args...).Store(&p)
+	if err != nil {
+		return 0, err
+	}
+
+	if ch != nil {
+		c.jobListener.jobs[p] = ch
+	}
+
+	// ignore error since 0 is fine if conversion fails
+	jobID, _ := strconv.Atoi(path.Base(string(p)))
+
+	return jobID, nil
+}
+
+// Deprecated: use StartUnitContext instead.
+func (c *Conn) StartUnit(name string, mode string, ch chan<- string) (int, error) {
+	return c.StartUnitContext(context.Background(), name, mode, ch)
+}
+
+// StartUnitContext enqueues a start job and depending jobs, if any (unless otherwise
+// specified by the mode string).
+//
+// Takes the unit to activate, plus a mode string. The mode needs to be one of
+// replace, fail, isolate, ignore-dependencies, ignore-requirements. If
+// "replace" the call will start the unit and its dependencies, possibly
+// replacing already queued jobs that conflict with this. If "fail" the call
+// will start the unit and its dependencies, but will fail if this would change
+// an already queued job. If "isolate" the call will start the unit in question
+// and terminate all units that aren't dependencies of it. If
+// "ignore-dependencies" it will start a unit but ignore all its dependencies.
+// If "ignore-requirements" it will start a unit but only ignore the
+// requirement dependencies. It is not recommended to make use of the latter
+// two options.
+//
+// If the provided channel is non-nil, a result string will be sent to it upon
+// job completion: one of done, canceled, timeout, failed, dependency, skipped.
+// done indicates successful execution of a job. canceled indicates that a job
+// has been canceled  before it finished execution. timeout indicates that the
+// job timeout was reached. failed indicates that the job failed. dependency
+// indicates that a job this job has been depending on failed and the job hence
+// has been removed too. skipped indicates that a job was skipped because it
+// didn't apply to the units current state.
+//
+// If no error occurs, the ID of the underlying systemd job will be returned. There
+// does exist the possibility for no error to be returned, but for the returned job
+// ID to be 0. In this case, the actual underlying ID is not 0 and this datapoint
+// should not be considered authoritative.
+//
+// If an error does occur, it will be returned to the user alongside a job ID of 0.
+func (c *Conn) StartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) {
+	return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StartUnit", name, mode)
+}
+
+// Deprecated: use StopUnitContext instead.
+func (c *Conn) StopUnit(name string, mode string, ch chan<- string) (int, error) {
+	return c.StopUnitContext(context.Background(), name, mode, ch)
+}
+
+// StopUnitContext is similar to StartUnitContext, but stops the specified unit
+// rather than starting it.
+func (c *Conn) StopUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) {
+	return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StopUnit", name, mode)
+}
+
+// Deprecated: use ReloadUnitContext instead.
+func (c *Conn) ReloadUnit(name string, mode string, ch chan<- string) (int, error) {
+	return c.ReloadUnitContext(context.Background(), name, mode, ch)
+}
+
+// ReloadUnitContext reloads a unit. Reloading is done only if the unit
+// is already running, and fails otherwise.
+func (c *Conn) ReloadUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) {
+	return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.ReloadUnit", name, mode)
+}
+
+// Deprecated: use RestartUnitContext instead.
+func (c *Conn) RestartUnit(name string, mode string, ch chan<- string) (int, error) {
+	return c.RestartUnitContext(context.Background(), name, mode, ch)
+}
+
+// RestartUnitContext restarts a service. If a service is restarted that isn't
+// running it will be started.
+func (c *Conn) RestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) {
+	return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.RestartUnit", name, mode)
+}
+
+// Deprecated: use TryRestartUnitContext instead.
+func (c *Conn) TryRestartUnit(name string, mode string, ch chan<- string) (int, error) {
+	return c.TryRestartUnitContext(context.Background(), name, mode, ch)
+}
+
+// TryRestartUnitContext is like RestartUnitContext, except that a service that
+// isn't running is not affected by the restart.
+func (c *Conn) TryRestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) {
+	return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.TryRestartUnit", name, mode)
+}
+
+// Deprecated: use ReloadOrRestartUnitContext instead.
+func (c *Conn) ReloadOrRestartUnit(name string, mode string, ch chan<- string) (int, error) {
+	return c.ReloadOrRestartUnitContext(context.Background(), name, mode, ch)
+}
+
+// ReloadOrRestartUnitContext attempts a reload if the unit supports it and use
+// a restart otherwise.
+func (c *Conn) ReloadOrRestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) {
+	return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.ReloadOrRestartUnit", name, mode)
+}
+
+// Deprecated: use ReloadOrTryRestartUnitContext instead.
+func (c *Conn) ReloadOrTryRestartUnit(name string, mode string, ch chan<- string) (int, error) {
+	return c.ReloadOrTryRestartUnitContext(context.Background(), name, mode, ch)
+}
+
+// ReloadOrTryRestartUnitContext attempts a reload if the unit supports it,
+// and use a "Try" flavored restart otherwise.
+func (c *Conn) ReloadOrTryRestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) {
+	return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.ReloadOrTryRestartUnit", name, mode)
+}
+
+// Deprecated: use StartTransientUnitContext instead.
+func (c *Conn) StartTransientUnit(name string, mode string, properties []Property, ch chan<- string) (int, error) {
+	return c.StartTransientUnitContext(context.Background(), name, mode, properties, ch)
+}
+
+// StartTransientUnitContext may be used to create and start a transient unit, which
+// will be released as soon as it is not running or referenced anymore or the
+// system is rebooted. name is the unit name including suffix, and must be
+// unique. mode is the same as in StartUnitContext, properties contains properties
+// of the unit.
+func (c *Conn) StartTransientUnitContext(ctx context.Context, name string, mode string, properties []Property, ch chan<- string) (int, error) {
+	return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0))
+}
+
+// Deprecated: use KillUnitContext instead.
+func (c *Conn) KillUnit(name string, signal int32) {
+	c.KillUnitContext(context.Background(), name, signal)
+}
+
+// KillUnitContext takes the unit name and a UNIX signal number to send.
+// All of the unit's processes are killed.
+func (c *Conn) KillUnitContext(ctx context.Context, name string, signal int32) {
+	c.KillUnitWithTarget(ctx, name, All, signal)
+}
+
+// KillUnitWithTarget is like KillUnitContext, but allows you to specify which
+// process in the unit to send the signal to.
+func (c *Conn) KillUnitWithTarget(ctx context.Context, name string, target Who, signal int32) error {
+	return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.KillUnit", 0, name, string(target), signal).Store()
+}
+
+// Deprecated: use ResetFailedUnitContext instead.
+func (c *Conn) ResetFailedUnit(name string) error {
+	return c.ResetFailedUnitContext(context.Background(), name)
+}
+
+// ResetFailedUnitContext resets the "failed" state of a specific unit.
+func (c *Conn) ResetFailedUnitContext(ctx context.Context, name string) error {
+	return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ResetFailedUnit", 0, name).Store()
+}
+
+// Deprecated: use SystemStateContext instead.
+func (c *Conn) SystemState() (*Property, error) {
+	return c.SystemStateContext(context.Background())
+}
+
+// SystemStateContext returns the systemd state. Equivalent to
+// systemctl is-system-running.
+func (c *Conn) SystemStateContext(ctx context.Context) (*Property, error) {
+	var err error
+	var prop dbus.Variant
+
+	obj := c.sysconn.Object("org.freedesktop.systemd1", "/org/freedesktop/systemd1")
+	err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Properties.Get", 0, "org.freedesktop.systemd1.Manager", "SystemState").Store(&prop)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Property{Name: "SystemState", Value: prop}, nil
+}
+
+// getProperties takes the unit path and returns all of its dbus object properties, for the given dbus interface.
+func (c *Conn) getProperties(ctx context.Context, path dbus.ObjectPath, dbusInterface string) (map[string]interface{}, error) {
+	var err error
+	var props map[string]dbus.Variant
+
+	if !path.IsValid() {
+		return nil, fmt.Errorf("invalid unit name: %v", path)
+	}
+
+	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
+	err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Properties.GetAll", 0, dbusInterface).Store(&props)
+	if err != nil {
+		return nil, err
+	}
+
+	out := make(map[string]interface{}, len(props))
+	for k, v := range props {
+		out[k] = v.Value()
+	}
+
+	return out, nil
+}
+
+// Deprecated: use GetUnitPropertiesContext instead.
+func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
+	return c.GetUnitPropertiesContext(context.Background(), unit)
+}
+
+// GetUnitPropertiesContext takes the (unescaped) unit name and returns all of
+// its dbus object properties.
+func (c *Conn) GetUnitPropertiesContext(ctx context.Context, unit string) (map[string]interface{}, error) {
+	path := unitPath(unit)
+	return c.getProperties(ctx, path, "org.freedesktop.systemd1.Unit")
+}
+
+// Deprecated: use GetUnitPathPropertiesContext instead.
+func (c *Conn) GetUnitPathProperties(path dbus.ObjectPath) (map[string]interface{}, error) {
+	return c.GetUnitPathPropertiesContext(context.Background(), path)
+}
+
+// GetUnitPathPropertiesContext takes the (escaped) unit path and returns all
+// of its dbus object properties.
+func (c *Conn) GetUnitPathPropertiesContext(ctx context.Context, path dbus.ObjectPath) (map[string]interface{}, error) {
+	return c.getProperties(ctx, path, "org.freedesktop.systemd1.Unit")
+}
+
+// Deprecated: use GetAllPropertiesContext instead.
+func (c *Conn) GetAllProperties(unit string) (map[string]interface{}, error) {
+	return c.GetAllPropertiesContext(context.Background(), unit)
+}
+
+// GetAllPropertiesContext takes the (unescaped) unit name and returns all of
+// its dbus object properties.
+func (c *Conn) GetAllPropertiesContext(ctx context.Context, unit string) (map[string]interface{}, error) {
+	path := unitPath(unit)
+	return c.getProperties(ctx, path, "")
+}
+
+func (c *Conn) getProperty(ctx context.Context, unit string, dbusInterface string, propertyName string) (*Property, error) {
+	var err error
+	var prop dbus.Variant
+
+	path := unitPath(unit)
+	if !path.IsValid() {
+		return nil, errors.New("invalid unit name: " + unit)
+	}
+
+	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
+	err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Properties.Get", 0, dbusInterface, propertyName).Store(&prop)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Property{Name: propertyName, Value: prop}, nil
+}
+
+// Deprecated: use GetUnitPropertyContext instead.
+func (c *Conn) GetUnitProperty(unit string, propertyName string) (*Property, error) {
+	return c.GetUnitPropertyContext(context.Background(), unit, propertyName)
+}
+
+// GetUnitPropertyContext takes an (unescaped) unit name, and a property name,
+// and returns the property value.
+func (c *Conn) GetUnitPropertyContext(ctx context.Context, unit string, propertyName string) (*Property, error) {
+	return c.getProperty(ctx, unit, "org.freedesktop.systemd1.Unit", propertyName)
+}
+
+// Deprecated: use GetServicePropertyContext instead.
+func (c *Conn) GetServiceProperty(service string, propertyName string) (*Property, error) {
+	return c.GetServicePropertyContext(context.Background(), service, propertyName)
+}
+
+// GetServiceProperty returns property for given service name and property name.
+func (c *Conn) GetServicePropertyContext(ctx context.Context, service string, propertyName string) (*Property, error) {
+	return c.getProperty(ctx, service, "org.freedesktop.systemd1.Service", propertyName)
+}
+
+// Deprecated: use GetUnitTypePropertiesContext instead.
+func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) {
+	return c.GetUnitTypePropertiesContext(context.Background(), unit, unitType)
+}
+
+// GetUnitTypePropertiesContext returns the extra properties for a unit, specific to the unit type.
+// Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope.
+// Returns "dbus.Error: Unknown interface" error if the unitType is not the correct type of the unit.
+func (c *Conn) GetUnitTypePropertiesContext(ctx context.Context, unit string, unitType string) (map[string]interface{}, error) {
+	path := unitPath(unit)
+	return c.getProperties(ctx, path, "org.freedesktop.systemd1."+unitType)
+}
+
+// Deprecated: use SetUnitPropertiesContext instead.
+func (c *Conn) SetUnitProperties(name string, runtime bool, properties ...Property) error {
+	return c.SetUnitPropertiesContext(context.Background(), name, runtime, properties...)
+}
+
+// SetUnitPropertiesContext may be used to modify certain unit properties at runtime.
+// Not all properties may be changed at runtime, but many resource management
+// settings (primarily those in systemd.cgroup(5)) may. The changes are applied
+// instantly, and stored on disk for future boots, unless runtime is true, in which
+// case the settings only apply until the next reboot. name is the name of the unit
+// to modify. properties are the settings to set, encoded as an array of property
+// name and value pairs.
+func (c *Conn) SetUnitPropertiesContext(ctx context.Context, name string, runtime bool, properties ...Property) error {
+	return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.SetUnitProperties", 0, name, runtime, properties).Store()
+}
+
+// Deprecated: use GetUnitTypePropertyContext instead.
+func (c *Conn) GetUnitTypeProperty(unit string, unitType string, propertyName string) (*Property, error) {
+	return c.GetUnitTypePropertyContext(context.Background(), unit, unitType, propertyName)
+}
+
+// GetUnitTypePropertyContext takes a property name, a unit name, and a unit type,
+// and returns a property value. For valid values of unitType, see GetUnitTypePropertiesContext.
+func (c *Conn) GetUnitTypePropertyContext(ctx context.Context, unit string, unitType string, propertyName string) (*Property, error) {
+	return c.getProperty(ctx, unit, "org.freedesktop.systemd1."+unitType, propertyName)
+}
+
+type UnitStatus struct {
+	Name        string          // The primary unit name as string
+	Description string          // The human readable description string
+	LoadState   string          // The load state (i.e. whether the unit file has been loaded successfully)
+	ActiveState string          // The active state (i.e. whether the unit is currently started or not)
+	SubState    string          // The sub state (a more fine-grained version of the active state that is specific to the unit type, which the active state is not)
+	Followed    string          // A unit that is being followed in its state by this unit, if there is any, otherwise the empty string.
+	Path        dbus.ObjectPath // The unit object path
+	JobId       uint32          // If there is a job queued for the job unit the numeric job id, 0 otherwise
+	JobType     string          // The job type as string
+	JobPath     dbus.ObjectPath // The job object path
+}
+
+type storeFunc func(retvalues ...interface{}) error
+
+func (c *Conn) listUnitsInternal(f storeFunc) ([]UnitStatus, error) {
+	result := make([][]interface{}, 0)
+	err := f(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	status := make([]UnitStatus, len(result))
+	statusInterface := make([]interface{}, len(status))
+	for i := range status {
+		statusInterface[i] = &status[i]
+	}
+
+	err = dbus.Store(resultInterface, statusInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return status, nil
+}
+
+// Deprecated: use ListUnitsContext instead.
+func (c *Conn) ListUnits() ([]UnitStatus, error) {
+	return c.ListUnitsContext(context.Background())
+}
+
+// ListUnitsContext returns an array with all currently loaded units. Note that
+// units may be known by multiple names at the same time, and hence there might
+// be more unit names loaded than actual units behind them.
+// Also note that a unit is only loaded if it is active and/or enabled.
+// Units that are both disabled and inactive will thus not be returned.
+func (c *Conn) ListUnitsContext(ctx context.Context) ([]UnitStatus, error) {
+	return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnits", 0).Store)
+}
+
+// Deprecated: use ListUnitsFilteredContext instead.
+func (c *Conn) ListUnitsFiltered(states []string) ([]UnitStatus, error) {
+	return c.ListUnitsFilteredContext(context.Background(), states)
+}
+
+// ListUnitsFilteredContext returns an array with units filtered by state.
+// It takes a list of units' statuses to filter.
+func (c *Conn) ListUnitsFilteredContext(ctx context.Context, states []string) ([]UnitStatus, error) {
+	return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsFiltered", 0, states).Store)
+}
+
+// Deprecated: use ListUnitsByPatternsContext instead.
+func (c *Conn) ListUnitsByPatterns(states []string, patterns []string) ([]UnitStatus, error) {
+	return c.ListUnitsByPatternsContext(context.Background(), states, patterns)
+}
+
+// ListUnitsByPatternsContext returns an array with units.
+// It takes a list of units' statuses and names to filter.
+// Note that units may be known by multiple names at the same time,
+// and hence there might be more unit names loaded than actual units behind them.
+func (c *Conn) ListUnitsByPatternsContext(ctx context.Context, states []string, patterns []string) ([]UnitStatus, error) {
+	return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsByPatterns", 0, states, patterns).Store)
+}
+
+// Deprecated: use ListUnitsByNamesContext instead.
+func (c *Conn) ListUnitsByNames(units []string) ([]UnitStatus, error) {
+	return c.ListUnitsByNamesContext(context.Background(), units)
+}
+
+// ListUnitsByNamesContext returns an array with units. It takes a list of units'
+// names and returns an UnitStatus array. Comparing to ListUnitsByPatternsContext
+// method, this method returns statuses even for inactive or non-existing
+// units. Input array should contain exact unit names, but not patterns.
+//
+// Requires systemd v230 or higher.
+func (c *Conn) ListUnitsByNamesContext(ctx context.Context, units []string) ([]UnitStatus, error) {
+	return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsByNames", 0, units).Store)
+}
+
+type UnitFile struct {
+	Path string
+	Type string
+}
+
+func (c *Conn) listUnitFilesInternal(f storeFunc) ([]UnitFile, error) {
+	result := make([][]interface{}, 0)
+	err := f(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	files := make([]UnitFile, len(result))
+	fileInterface := make([]interface{}, len(files))
+	for i := range files {
+		fileInterface[i] = &files[i]
+	}
+
+	err = dbus.Store(resultInterface, fileInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return files, nil
+}
+
+// Deprecated: use ListUnitFilesContext instead.
+func (c *Conn) ListUnitFiles() ([]UnitFile, error) {
+	return c.ListUnitFilesContext(context.Background())
+}
+
+// ListUnitFiles returns an array of all available units on disk.
+func (c *Conn) ListUnitFilesContext(ctx context.Context) ([]UnitFile, error) {
+	return c.listUnitFilesInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFiles", 0).Store)
+}
+
+// Deprecated: use ListUnitFilesByPatternsContext instead.
+func (c *Conn) ListUnitFilesByPatterns(states []string, patterns []string) ([]UnitFile, error) {
+	return c.ListUnitFilesByPatternsContext(context.Background(), states, patterns)
+}
+
+// ListUnitFilesByPatternsContext returns an array of all available units on disk matched the patterns.
+func (c *Conn) ListUnitFilesByPatternsContext(ctx context.Context, states []string, patterns []string) ([]UnitFile, error) {
+	return c.listUnitFilesInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFilesByPatterns", 0, states, patterns).Store)
+}
+
+type LinkUnitFileChange EnableUnitFileChange
+
+// Deprecated: use LinkUnitFilesContext instead.
+func (c *Conn) LinkUnitFiles(files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) {
+	return c.LinkUnitFilesContext(context.Background(), files, runtime, force)
+}
+
+// LinkUnitFilesContext links unit files (that are located outside of the
+// usual unit search paths) into the unit search path.
+//
+// It takes a list of absolute paths to unit files to link and two
+// booleans.
+//
+// The first boolean controls whether the unit shall be
+// enabled for runtime only (true, /run), or persistently (false,
+// /etc).
+//
+// The second controls whether symlinks pointing to other units shall
+// be replaced if necessary.
+//
+// This call returns a list of the changes made. The list consists of
+// structures with three strings: the type of the change (one of symlink
+// or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) LinkUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]LinkUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+// Deprecated: use EnableUnitFilesContext instead.
+func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) {
+	return c.EnableUnitFilesContext(context.Background(), files, runtime, force)
+}
+
+// EnableUnitFilesContext may be used to enable one or more units in the system
+// (by creating symlinks to them in /etc or /run).
+//
+// It takes a list of unit files to enable (either just file names or full
+// absolute paths if the unit files are residing outside the usual unit
+// search paths), and two booleans: the first controls whether the unit shall
+// be enabled for runtime only (true, /run), or persistently (false, /etc).
+// The second one controls whether symlinks pointing to other units shall
+// be replaced if necessary.
+//
+// This call returns one boolean and an array with the changes made. The
+// boolean signals whether the unit files contained any enablement
+// information (i.e. an [Install]) section. The changes list consists of
+// structures with three strings: the type of the change (one of symlink
+// or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) EnableUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) {
+	var carries_install_info bool
+
+	result := make([][]interface{}, 0)
+	err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result)
+	if err != nil {
+		return false, nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]EnableUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return false, nil, err
+	}
+
+	return carries_install_info, changes, nil
+}
+
+type EnableUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
+// Deprecated: use DisableUnitFilesContext instead.
+func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFileChange, error) {
+	return c.DisableUnitFilesContext(context.Background(), files, runtime)
+}
+
+// DisableUnitFilesContext may be used to disable one or more units in the
+// system (by removing symlinks to them from /etc or /run).
+//
+// It takes a list of unit files to disable (either just file names or full
+// absolute paths if the unit files are residing outside the usual unit
+// search paths), and one boolean: whether the unit was enabled for runtime
+// only (true, /run), or persistently (false, /etc).
+//
+// This call returns an array with the changes made. The changes list
+// consists of structures with three strings: the type of the change (one of
+// symlink or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) DisableUnitFilesContext(ctx context.Context, files []string, runtime bool) ([]DisableUnitFileChange, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]DisableUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+type DisableUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
+// Deprecated: use MaskUnitFilesContext instead.
+func (c *Conn) MaskUnitFiles(files []string, runtime bool, force bool) ([]MaskUnitFileChange, error) {
+	return c.MaskUnitFilesContext(context.Background(), files, runtime, force)
+}
+
+// MaskUnitFilesContext masks one or more units in the system.
+//
+// The files argument contains a  list of units to mask (either just file names
+// or full absolute paths if the unit files are residing outside the usual unit
+// search paths).
+//
+// The runtime argument is used to specify whether the unit was enabled for
+// runtime only (true, /run/systemd/..), or persistently (false,
+// /etc/systemd/..).
+func (c *Conn) MaskUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) ([]MaskUnitFileChange, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.MaskUnitFiles", 0, files, runtime, force).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]MaskUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+type MaskUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
+// Deprecated: use UnmaskUnitFilesContext instead.
+func (c *Conn) UnmaskUnitFiles(files []string, runtime bool) ([]UnmaskUnitFileChange, error) {
+	return c.UnmaskUnitFilesContext(context.Background(), files, runtime)
+}
+
+// UnmaskUnitFilesContext unmasks one or more units in the system.
+//
+// It takes the list of unit files to mask (either just file names or full
+// absolute paths if the unit files are residing outside the usual unit search
+// paths), and a boolean runtime flag to specify whether the unit was enabled
+// for runtime only (true, /run/systemd/..), or persistently (false,
+// /etc/systemd/..).
+func (c *Conn) UnmaskUnitFilesContext(ctx context.Context, files []string, runtime bool) ([]UnmaskUnitFileChange, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.UnmaskUnitFiles", 0, files, runtime).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]UnmaskUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+type UnmaskUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
+// Deprecated: use ReloadContext instead.
+func (c *Conn) Reload() error {
+	return c.ReloadContext(context.Background())
+}
+
+// ReloadContext instructs systemd to scan for and reload unit files. This is
+// an equivalent to systemctl daemon-reload.
+func (c *Conn) ReloadContext(ctx context.Context) error {
+	return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.Reload", 0).Store()
+}
+
+func unitPath(name string) dbus.ObjectPath {
+	return dbus.ObjectPath("/org/freedesktop/systemd1/unit/" + PathBusEscape(name))
+}
+
+// unitName returns the unescaped base element of the supplied escaped path.
+func unitName(dpath dbus.ObjectPath) string {
+	return pathBusUnescape(path.Base(string(dpath)))
+}
+
+// JobStatus holds a currently queued job definition.
+type JobStatus struct {
+	Id       uint32          // The numeric job id
+	Unit     string          // The primary unit name for this job
+	JobType  string          // The job type as string
+	Status   string          // The job state as string
+	JobPath  dbus.ObjectPath // The job object path
+	UnitPath dbus.ObjectPath // The unit object path
+}
+
+// Deprecated: use ListJobsContext instead.
+func (c *Conn) ListJobs() ([]JobStatus, error) {
+	return c.ListJobsContext(context.Background())
+}
+
+// ListJobsContext returns an array with all currently queued jobs.
+func (c *Conn) ListJobsContext(ctx context.Context) ([]JobStatus, error) {
+	return c.listJobsInternal(ctx)
+}
+
+func (c *Conn) listJobsInternal(ctx context.Context) ([]JobStatus, error) {
+	result := make([][]interface{}, 0)
+	if err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListJobs", 0).Store(&result); err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	status := make([]JobStatus, len(result))
+	statusInterface := make([]interface{}, len(status))
+	for i := range status {
+		statusInterface[i] = &status[i]
+	}
+
+	if err := dbus.Store(resultInterface, statusInterface...); err != nil {
+		return nil, err
+	}
+
+	return status, nil
+}
diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/properties.go b/vendor/github.com/coreos/go-systemd/v22/dbus/properties.go
new file mode 100644
index 0000000000000..fb42b6273386c
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/dbus/properties.go
@@ -0,0 +1,237 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package dbus
+
+import (
+	"github.com/godbus/dbus/v5"
+)
+
+// From the systemd docs:
+//
+// The properties array of StartTransientUnit() may take many of the settings
+// that may also be configured in unit files. Not all parameters are currently
+// accepted though, but we plan to cover more properties with future release.
+// Currently you may set the Description, Slice and all dependency types of
+// units, as well as RemainAfterExit, ExecStart for service units,
+// TimeoutStopUSec and PIDs for scope units, and CPUAccounting, CPUShares,
+// BlockIOAccounting, BlockIOWeight, BlockIOReadBandwidth,
+// BlockIOWriteBandwidth, BlockIODeviceWeight, MemoryAccounting, MemoryLimit,
+// DevicePolicy, DeviceAllow for services/scopes/slices. These fields map
+// directly to their counterparts in unit files and as normal D-Bus object
+// properties. The exception here is the PIDs field of scope units which is
+// used for construction of the scope only and specifies the initial PIDs to
+// add to the scope object.
+
+type Property struct {
+	Name  string
+	Value dbus.Variant
+}
+
+type PropertyCollection struct {
+	Name       string
+	Properties []Property
+}
+
+type execStart struct {
+	Path             string   // the binary path to execute
+	Args             []string // an array with all arguments to pass to the executed command, starting with argument 0
+	UncleanIsFailure bool     // a boolean whether it should be considered a failure if the process exits uncleanly
+}
+
+// PropExecStart sets the ExecStart service property.  The first argument is a
+// slice with the binary path to execute followed by the arguments to pass to
+// the executed command. See
+// http://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
+func PropExecStart(command []string, uncleanIsFailure bool) Property {
+	execStarts := []execStart{
+		{
+			Path:             command[0],
+			Args:             command,
+			UncleanIsFailure: uncleanIsFailure,
+		},
+	}
+
+	return Property{
+		Name:  "ExecStart",
+		Value: dbus.MakeVariant(execStarts),
+	}
+}
+
+// PropRemainAfterExit sets the RemainAfterExit service property. See
+// http://www.freedesktop.org/software/systemd/man/systemd.service.html#RemainAfterExit=
+func PropRemainAfterExit(b bool) Property {
+	return Property{
+		Name:  "RemainAfterExit",
+		Value: dbus.MakeVariant(b),
+	}
+}
+
+// PropType sets the Type service property. See
+// http://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
+func PropType(t string) Property {
+	return Property{
+		Name:  "Type",
+		Value: dbus.MakeVariant(t),
+	}
+}
+
+// PropDescription sets the Description unit property. See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit#Description=
+func PropDescription(desc string) Property {
+	return Property{
+		Name:  "Description",
+		Value: dbus.MakeVariant(desc),
+	}
+}
+
+func propDependency(name string, units []string) Property {
+	return Property{
+		Name:  name,
+		Value: dbus.MakeVariant(units),
+	}
+}
+
+// PropRequires sets the Requires unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires=
+func PropRequires(units ...string) Property {
+	return propDependency("Requires", units)
+}
+
+// PropRequiresOverridable sets the RequiresOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresOverridable=
+func PropRequiresOverridable(units ...string) Property {
+	return propDependency("RequiresOverridable", units)
+}
+
+// PropRequisite sets the Requisite unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requisite=
+func PropRequisite(units ...string) Property {
+	return propDependency("Requisite", units)
+}
+
+// PropRequisiteOverridable sets the RequisiteOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequisiteOverridable=
+func PropRequisiteOverridable(units ...string) Property {
+	return propDependency("RequisiteOverridable", units)
+}
+
+// PropWants sets the Wants unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Wants=
+func PropWants(units ...string) Property {
+	return propDependency("Wants", units)
+}
+
+// PropBindsTo sets the BindsTo unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#BindsTo=
+func PropBindsTo(units ...string) Property {
+	return propDependency("BindsTo", units)
+}
+
+// PropRequiredBy sets the RequiredBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredBy=
+func PropRequiredBy(units ...string) Property {
+	return propDependency("RequiredBy", units)
+}
+
+// PropRequiredByOverridable sets the RequiredByOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredByOverridable=
+func PropRequiredByOverridable(units ...string) Property {
+	return propDependency("RequiredByOverridable", units)
+}
+
+// PropWantedBy sets the WantedBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
+func PropWantedBy(units ...string) Property {
+	return propDependency("WantedBy", units)
+}
+
+// PropBoundBy sets the BoundBy unit property.  See
+// http://www.freedesktop.org/software/systemd/main/systemd.unit.html#BoundBy=
+func PropBoundBy(units ...string) Property {
+	return propDependency("BoundBy", units)
+}
+
+// PropConflicts sets the Conflicts unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Conflicts=
+func PropConflicts(units ...string) Property {
+	return propDependency("Conflicts", units)
+}
+
+// PropConflictedBy sets the ConflictedBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#ConflictedBy=
+func PropConflictedBy(units ...string) Property {
+	return propDependency("ConflictedBy", units)
+}
+
+// PropBefore sets the Before unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=
+func PropBefore(units ...string) Property {
+	return propDependency("Before", units)
+}
+
+// PropAfter sets the After unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#After=
+func PropAfter(units ...string) Property {
+	return propDependency("After", units)
+}
+
+// PropOnFailure sets the OnFailure unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#OnFailure=
+func PropOnFailure(units ...string) Property {
+	return propDependency("OnFailure", units)
+}
+
+// PropTriggers sets the Triggers unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Triggers=
+func PropTriggers(units ...string) Property {
+	return propDependency("Triggers", units)
+}
+
+// PropTriggeredBy sets the TriggeredBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#TriggeredBy=
+func PropTriggeredBy(units ...string) Property {
+	return propDependency("TriggeredBy", units)
+}
+
+// PropPropagatesReloadTo sets the PropagatesReloadTo unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#PropagatesReloadTo=
+func PropPropagatesReloadTo(units ...string) Property {
+	return propDependency("PropagatesReloadTo", units)
+}
+
+// PropRequiresMountsFor sets the RequiresMountsFor unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresMountsFor=
+func PropRequiresMountsFor(units ...string) Property {
+	return propDependency("RequiresMountsFor", units)
+}
+
+// PropSlice sets the Slice unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#Slice=
+func PropSlice(slice string) Property {
+	return Property{
+		Name:  "Slice",
+		Value: dbus.MakeVariant(slice),
+	}
+}
+
+// PropPids sets the PIDs field of scope units used in the initial construction
+// of the scope only and specifies the initial PIDs to add to the scope object.
+// See https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/#properties
+func PropPids(pids ...uint32) Property {
+	return Property{
+		Name:  "PIDs",
+		Value: dbus.MakeVariant(pids),
+	}
+}
diff --git a/vendor/github.com/coreos/go-systemd/dbus/set.go b/vendor/github.com/coreos/go-systemd/v22/dbus/set.go
similarity index 100%
rename from vendor/github.com/coreos/go-systemd/dbus/set.go
rename to vendor/github.com/coreos/go-systemd/v22/dbus/set.go
diff --git a/vendor/github.com/coreos/go-systemd/dbus/subscription.go b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go
similarity index 98%
rename from vendor/github.com/coreos/go-systemd/dbus/subscription.go
rename to vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go
index 70e63a6f16e15..7e370fea2121a 100644
--- a/vendor/github.com/coreos/go-systemd/dbus/subscription.go
+++ b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go
@@ -19,7 +19,7 @@ import (
 	"log"
 	"time"
 
-	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/v5"
 )
 
 const (
@@ -94,7 +94,7 @@ func (c *Conn) dispatch() {
 	}()
 }
 
-// Returns two unbuffered channels which will receive all changed units every
+// SubscribeUnits returns two unbuffered channels which will receive all changed units every
 // interval.  Deleted units are sent as nil.
 func (c *Conn) SubscribeUnits(interval time.Duration) (<-chan map[string]*UnitStatus, <-chan error) {
 	return c.SubscribeUnitsCustom(interval, 0, func(u1, u2 *UnitStatus) bool { return *u1 != *u2 }, nil)
diff --git a/vendor/github.com/coreos/go-systemd/dbus/subscription_set.go b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go
similarity index 100%
rename from vendor/github.com/coreos/go-systemd/dbus/subscription_set.go
rename to vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go
diff --git a/vendor/github.com/coreos/go-systemd/v22/go.mod b/vendor/github.com/coreos/go-systemd/v22/go.mod
new file mode 100644
index 0000000000000..d285cf367e664
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/go.mod
@@ -0,0 +1,5 @@
+module github.com/coreos/go-systemd/v22
+
+go 1.12
+
+require github.com/godbus/dbus/v5 v5.0.4
diff --git a/vendor/github.com/coreos/go-systemd/v22/journal/journal.go b/vendor/github.com/coreos/go-systemd/v22/journal/journal.go
new file mode 100644
index 0000000000000..ac24c7767d352
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/journal/journal.go
@@ -0,0 +1,46 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package journal provides write bindings to the local systemd journal.
+// It is implemented in pure Go and connects to the journal directly over its
+// unix socket.
+//
+// To read from the journal, see the "sdjournal" package, which wraps the
+// sd-journal a C API.
+//
+// http://www.freedesktop.org/software/systemd/man/systemd-journald.service.html
+package journal
+
+import (
+	"fmt"
+)
+
+// Priority of a journal message
+type Priority int
+
+const (
+	PriEmerg Priority = iota
+	PriAlert
+	PriCrit
+	PriErr
+	PriWarning
+	PriNotice
+	PriInfo
+	PriDebug
+)
+
+// Print prints a message to the local systemd journal using Send().
+func Print(priority Priority, format string, a ...interface{}) error {
+	return Send(fmt.Sprintf(format, a...), priority, nil)
+}
diff --git a/vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go b/vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go
new file mode 100644
index 0000000000000..8d58ca0fbca04
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go
@@ -0,0 +1,210 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !windows
+
+// Package journal provides write bindings to the local systemd journal.
+// It is implemented in pure Go and connects to the journal directly over its
+// unix socket.
+//
+// To read from the journal, see the "sdjournal" package, which wraps the
+// sd-journal a C API.
+//
+// http://www.freedesktop.org/software/systemd/man/systemd-journald.service.html
+package journal
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"syscall"
+	"unsafe"
+)
+
+var (
+	// This can be overridden at build-time:
+	// https://github.com/golang/go/wiki/GcToolchainTricks#including-build-information-in-the-executable
+	journalSocket = "/run/systemd/journal/socket"
+
+	// unixConnPtr atomically holds the local unconnected Unix-domain socket.
+	// Concrete safe pointer type: *net.UnixConn
+	unixConnPtr unsafe.Pointer
+	// onceConn ensures that unixConnPtr is initialized exactly once.
+	onceConn sync.Once
+)
+
+func init() {
+	onceConn.Do(initConn)
+}
+
+// Enabled checks whether the local systemd journal is available for logging.
+func Enabled() bool {
+	onceConn.Do(initConn)
+
+	if (*net.UnixConn)(atomic.LoadPointer(&unixConnPtr)) == nil {
+		return false
+	}
+
+	conn, err := net.Dial("unixgram", journalSocket)
+	if err != nil {
+		return false
+	}
+	defer conn.Close()
+
+	return true
+}
+
+// Send a message to the local systemd journal. vars is a map of journald
+// fields to values.  Fields must be composed of uppercase letters, numbers,
+// and underscores, but must not start with an underscore. Within these
+// restrictions, any arbitrary field name may be used.  Some names have special
+// significance: see the journalctl documentation
+// (http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html)
+// for more details.  vars may be nil.
+func Send(message string, priority Priority, vars map[string]string) error {
+	conn := (*net.UnixConn)(atomic.LoadPointer(&unixConnPtr))
+	if conn == nil {
+		return errors.New("could not initialize socket to journald")
+	}
+
+	socketAddr := &net.UnixAddr{
+		Name: journalSocket,
+		Net:  "unixgram",
+	}
+
+	data := new(bytes.Buffer)
+	appendVariable(data, "PRIORITY", strconv.Itoa(int(priority)))
+	appendVariable(data, "MESSAGE", message)
+	for k, v := range vars {
+		appendVariable(data, k, v)
+	}
+
+	_, _, err := conn.WriteMsgUnix(data.Bytes(), nil, socketAddr)
+	if err == nil {
+		return nil
+	}
+	if !isSocketSpaceError(err) {
+		return err
+	}
+
+	// Large log entry, send it via tempfile and ancillary-fd.
+	file, err := tempFd()
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	_, err = io.Copy(file, data)
+	if err != nil {
+		return err
+	}
+	rights := syscall.UnixRights(int(file.Fd()))
+	_, _, err = conn.WriteMsgUnix([]byte{}, rights, socketAddr)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func appendVariable(w io.Writer, name, value string) {
+	if err := validVarName(name); err != nil {
+		fmt.Fprintf(os.Stderr, "variable name %s contains invalid character, ignoring\n", name)
+	}
+	if strings.ContainsRune(value, '\n') {
+		/* When the value contains a newline, we write:
+		 * - the variable name, followed by a newline
+		 * - the size (in 64bit little endian format)
+		 * - the data, followed by a newline
+		 */
+		fmt.Fprintln(w, name)
+		binary.Write(w, binary.LittleEndian, uint64(len(value)))
+		fmt.Fprintln(w, value)
+	} else {
+		/* just write the variable and value all on one line */
+		fmt.Fprintf(w, "%s=%s\n", name, value)
+	}
+}
+
+// validVarName validates a variable name to make sure journald will accept it.
+// The variable name must be in uppercase and consist only of characters,
+// numbers and underscores, and may not begin with an underscore:
+// https://www.freedesktop.org/software/systemd/man/sd_journal_print.html
+func validVarName(name string) error {
+	if name == "" {
+		return errors.New("Empty variable name")
+	} else if name[0] == '_' {
+		return errors.New("Variable name begins with an underscore")
+	}
+
+	for _, c := range name {
+		if !(('A' <= c && c <= 'Z') || ('0' <= c && c <= '9') || c == '_') {
+			return errors.New("Variable name contains invalid characters")
+		}
+	}
+	return nil
+}
+
+// isSocketSpaceError checks whether the error is signaling
+// an "overlarge message" condition.
+func isSocketSpaceError(err error) bool {
+	opErr, ok := err.(*net.OpError)
+	if !ok || opErr == nil {
+		return false
+	}
+
+	sysErr, ok := opErr.Err.(*os.SyscallError)
+	if !ok || sysErr == nil {
+		return false
+	}
+
+	return sysErr.Err == syscall.EMSGSIZE || sysErr.Err == syscall.ENOBUFS
+}
+
+// tempFd creates a temporary, unlinked file under `/dev/shm`.
+func tempFd() (*os.File, error) {
+	file, err := ioutil.TempFile("/dev/shm/", "journal.XXXXX")
+	if err != nil {
+		return nil, err
+	}
+	err = syscall.Unlink(file.Name())
+	if err != nil {
+		return nil, err
+	}
+	return file, nil
+}
+
+// initConn initializes the global `unixConnPtr` socket.
+// It is meant to be called exactly once, at program startup.
+func initConn() {
+	autobind, err := net.ResolveUnixAddr("unixgram", "")
+	if err != nil {
+		return
+	}
+
+	sock, err := net.ListenUnixgram("unixgram", autobind)
+	if err != nil {
+		return
+	}
+
+	atomic.StorePointer(&unixConnPtr, unsafe.Pointer(sock))
+}
diff --git a/vendor/github.com/coreos/go-systemd/v22/journal/journal_windows.go b/vendor/github.com/coreos/go-systemd/v22/journal/journal_windows.go
new file mode 100644
index 0000000000000..677aca68ed20a
--- /dev/null
+++ b/vendor/github.com/coreos/go-systemd/v22/journal/journal_windows.go
@@ -0,0 +1,35 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package journal provides write bindings to the local systemd journal.
+// It is implemented in pure Go and connects to the journal directly over its
+// unix socket.
+//
+// To read from the journal, see the "sdjournal" package, which wraps the
+// sd-journal a C API.
+//
+// http://www.freedesktop.org/software/systemd/man/systemd-journald.service.html
+package journal
+
+import (
+	"errors"
+)
+
+func Enabled() bool {
+	return false
+}
+
+func Send(message string, priority Priority, vars map[string]string) error {
+	return errors.New("could not initialize socket to journald")
+}
diff --git a/vendor/github.com/coreos/pkg/capnslog/README.md b/vendor/github.com/coreos/pkg/capnslog/README.md
index 81efb1fb6a7bd..f79dbfca5cbe5 100644
--- a/vendor/github.com/coreos/pkg/capnslog/README.md
+++ b/vendor/github.com/coreos/pkg/capnslog/README.md
@@ -21,7 +21,7 @@ Still the job of `main` to expose these configurations. `main` may delegate this
 
 Splitting streams is probably not the job of your program, but rather, your log aggregation framework. If you must split output streams, again, `main` configures this and you can write a very simple two-output struct that satisfies io.Writer.
 
-Fancy colorful formatting and JSON output are beyond the scope of a basic logging framework -- they're application/log-collector dependant. These are, at best, provided as options, but more likely, provided by your application.
+Fancy colorful formatting and JSON output are beyond the scope of a basic logging framework -- they're application/log-collector dependent. These are, at best, provided as options, but more likely, provided by your application.
 
 ##### Log objects are an interface
 
diff --git a/vendor/github.com/coreos/pkg/capnslog/logmap.go b/vendor/github.com/coreos/pkg/capnslog/logmap.go
index 84954488308db..226b60c22534e 100644
--- a/vendor/github.com/coreos/pkg/capnslog/logmap.go
+++ b/vendor/github.com/coreos/pkg/capnslog/logmap.go
@@ -95,6 +95,11 @@ func (l *LogLevel) Set(s string) error {
 	return nil
 }
 
+// Returns an empty string, only here to fulfill the pflag.Value interface.
+func (l *LogLevel) Type() string {
+	return ""
+}
+
 // ParseLevel translates some potential loglevel strings into their corresponding levels.
 func ParseLevel(s string) (LogLevel, error) {
 	switch s {
diff --git a/vendor/github.com/coreos/pkg/capnslog/pkg_logger.go b/vendor/github.com/coreos/pkg/capnslog/pkg_logger.go
index 612d55c66c802..00ff37149aeb5 100644
--- a/vendor/github.com/coreos/pkg/capnslog/pkg_logger.go
+++ b/vendor/github.com/coreos/pkg/capnslog/pkg_logger.go
@@ -37,6 +37,14 @@ func (p *PackageLogger) internalLog(depth int, inLevel LogLevel, entries ...inte
 	}
 }
 
+// SetLevel allows users to change the current logging level.
+func (p *PackageLogger) SetLevel(l LogLevel) {
+	logger.Lock()
+	defer logger.Unlock()
+	p.level = l
+}
+
+// LevelAt checks if the given log level will be outputted under current setting.
 func (p *PackageLogger) LevelAt(l LogLevel) bool {
 	logger.Lock()
 	defer logger.Unlock()
@@ -81,6 +89,12 @@ func (p *PackageLogger) Panic(args ...interface{}) {
 	panic(s)
 }
 
+func (p *PackageLogger) Panicln(args ...interface{}) {
+	s := fmt.Sprintln(args...)
+	p.internalLog(calldepth, CRITICAL, s)
+	panic(s)
+}
+
 func (p *PackageLogger) Fatalf(format string, args ...interface{}) {
 	p.Logf(CRITICAL, format, args...)
 	os.Exit(1)
diff --git a/vendor/github.com/kr/pty/License b/vendor/github.com/creack/pty/LICENSE
similarity index 100%
rename from vendor/github.com/kr/pty/License
rename to vendor/github.com/creack/pty/LICENSE
diff --git a/vendor/github.com/creack/pty/README.md b/vendor/github.com/creack/pty/README.md
new file mode 100644
index 0000000000000..5275014a7a71e
--- /dev/null
+++ b/vendor/github.com/creack/pty/README.md
@@ -0,0 +1,100 @@
+# pty
+
+Pty is a Go package for using unix pseudo-terminals.
+
+## Install
+
+    go get github.com/creack/pty
+
+## Example
+
+### Command
+
+```go
+package main
+
+import (
+	"github.com/creack/pty"
+	"io"
+	"os"
+	"os/exec"
+)
+
+func main() {
+	c := exec.Command("grep", "--color=auto", "bar")
+	f, err := pty.Start(c)
+	if err != nil {
+		panic(err)
+	}
+
+	go func() {
+		f.Write([]byte("foo\n"))
+		f.Write([]byte("bar\n"))
+		f.Write([]byte("baz\n"))
+		f.Write([]byte{4}) // EOT
+	}()
+	io.Copy(os.Stdout, f)
+}
+```
+
+### Shell
+
+```go
+package main
+
+import (
+        "io"
+        "log"
+        "os"
+        "os/exec"
+        "os/signal"
+        "syscall"
+
+        "github.com/creack/pty"
+        "golang.org/x/crypto/ssh/terminal"
+)
+
+func test() error {
+        // Create arbitrary command.
+        c := exec.Command("bash")
+
+        // Start the command with a pty.
+        ptmx, err := pty.Start(c)
+        if err != nil {
+                return err
+        }
+        // Make sure to close the pty at the end.
+        defer func() { _ = ptmx.Close() }() // Best effort.
+
+        // Handle pty size.
+        ch := make(chan os.Signal, 1)
+        signal.Notify(ch, syscall.SIGWINCH)
+        go func() {
+                for range ch {
+                        if err := pty.InheritSize(os.Stdin, ptmx); err != nil {
+                                log.Printf("error resizing pty: %s", err)
+                        }
+                }
+        }()
+        ch <- syscall.SIGWINCH // Initial resize.
+
+        // Set stdin in raw mode.
+        oldState, err := terminal.MakeRaw(int(os.Stdin.Fd()))
+        if err != nil {
+                panic(err)
+        }
+        defer func() { _ = terminal.Restore(int(os.Stdin.Fd()), oldState) }() // Best effort.
+
+        // Copy stdin to the pty and the pty to stdout.
+        go func() { _, _ = io.Copy(ptmx, os.Stdin) }()
+        _, _ = io.Copy(os.Stdout, ptmx)
+
+        return nil
+}
+
+func main() {
+        if err := test(); err != nil {
+                log.Fatal(err)
+        }
+}
+```
diff --git a/vendor/github.com/kr/pty/doc.go b/vendor/github.com/creack/pty/doc.go
similarity index 100%
rename from vendor/github.com/kr/pty/doc.go
rename to vendor/github.com/creack/pty/doc.go
diff --git a/vendor/github.com/creack/pty/go.mod b/vendor/github.com/creack/pty/go.mod
new file mode 100644
index 0000000000000..e48decaf469a5
--- /dev/null
+++ b/vendor/github.com/creack/pty/go.mod
@@ -0,0 +1,4 @@
+module github.com/creack/pty
+
+go 1.13
+
diff --git a/vendor/github.com/creack/pty/ioctl.go b/vendor/github.com/creack/pty/ioctl.go
new file mode 100644
index 0000000000000..c85cdcd14a014
--- /dev/null
+++ b/vendor/github.com/creack/pty/ioctl.go
@@ -0,0 +1,13 @@
+// +build !windows,!solaris
+
+package pty
+
+import "syscall"
+
+func ioctl(fd, cmd, ptr uintptr) error {
+	_, _, e := syscall.Syscall(syscall.SYS_IOCTL, fd, cmd, ptr)
+	if e != 0 {
+		return e
+	}
+	return nil
+}
diff --git a/vendor/github.com/kr/pty/ioctl_bsd.go b/vendor/github.com/creack/pty/ioctl_bsd.go
similarity index 100%
rename from vendor/github.com/kr/pty/ioctl_bsd.go
rename to vendor/github.com/creack/pty/ioctl_bsd.go
diff --git a/vendor/github.com/creack/pty/ioctl_solaris.go b/vendor/github.com/creack/pty/ioctl_solaris.go
new file mode 100644
index 0000000000000..f63985f34ce36
--- /dev/null
+++ b/vendor/github.com/creack/pty/ioctl_solaris.go
@@ -0,0 +1,30 @@
+package pty
+
+import (
+	"golang.org/x/sys/unix"
+	"unsafe"
+)
+
+const (
+	// see /usr/include/sys/stropts.h
+	I_PUSH  = uintptr((int32('S')<<8 | 002))
+	I_STR   = uintptr((int32('S')<<8 | 010))
+	I_FIND  = uintptr((int32('S')<<8 | 013))
+	// see /usr/include/sys/ptms.h
+	ISPTM   = (int32('P') << 8) | 1
+	UNLKPT  = (int32('P') << 8) | 2
+	PTSSTTY = (int32('P') << 8) | 3
+	ZONEPT  = (int32('P') << 8) | 4
+	OWNERPT = (int32('P') << 8) | 5
+)
+
+type strioctl struct {
+	ic_cmd    int32
+	ic_timout int32
+	ic_len    int32
+	ic_dp     unsafe.Pointer
+}
+
+func ioctl(fd, cmd, ptr uintptr) error {
+	return unix.IoctlSetInt(int(fd), uint(cmd), int(ptr))
+}
diff --git a/vendor/github.com/creack/pty/pty_darwin.go b/vendor/github.com/creack/pty/pty_darwin.go
new file mode 100644
index 0000000000000..6344b6b0efb64
--- /dev/null
+++ b/vendor/github.com/creack/pty/pty_darwin.go
@@ -0,0 +1,65 @@
+package pty
+
+import (
+	"errors"
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+func open() (pty, tty *os.File, err error) {
+	pFD, err := syscall.Open("/dev/ptmx", syscall.O_RDWR|syscall.O_CLOEXEC, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	p := os.NewFile(uintptr(pFD), "/dev/ptmx")
+	// In case of error after this point, make sure we close the ptmx fd.
+	defer func() {
+		if err != nil {
+			_ = p.Close() // Best effort.
+		}
+	}()
+
+	sname, err := ptsname(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if err := grantpt(p); err != nil {
+		return nil, nil, err
+	}
+
+	if err := unlockpt(p); err != nil {
+		return nil, nil, err
+	}
+
+	t, err := os.OpenFile(sname, os.O_RDWR, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	return p, t, nil
+}
+
+func ptsname(f *os.File) (string, error) {
+	n := make([]byte, _IOC_PARM_LEN(syscall.TIOCPTYGNAME))
+
+	err := ioctl(f.Fd(), syscall.TIOCPTYGNAME, uintptr(unsafe.Pointer(&n[0])))
+	if err != nil {
+		return "", err
+	}
+
+	for i, c := range n {
+		if c == 0 {
+			return string(n[:i]), nil
+		}
+	}
+	return "", errors.New("TIOCPTYGNAME string not NUL-terminated")
+}
+
+func grantpt(f *os.File) error {
+	return ioctl(f.Fd(), syscall.TIOCPTYGRANT, 0)
+}
+
+func unlockpt(f *os.File) error {
+	return ioctl(f.Fd(), syscall.TIOCPTYUNLK, 0)
+}
diff --git a/vendor/github.com/creack/pty/pty_dragonfly.go b/vendor/github.com/creack/pty/pty_dragonfly.go
new file mode 100644
index 0000000000000..b7d1f20f29e52
--- /dev/null
+++ b/vendor/github.com/creack/pty/pty_dragonfly.go
@@ -0,0 +1,80 @@
+package pty
+
+import (
+	"errors"
+	"os"
+	"strings"
+	"syscall"
+	"unsafe"
+)
+
+// same code as pty_darwin.go
+func open() (pty, tty *os.File, err error) {
+	p, err := os.OpenFile("/dev/ptmx", os.O_RDWR, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	// In case of error after this point, make sure we close the ptmx fd.
+	defer func() {
+		if err != nil {
+			_ = p.Close() // Best effort.
+		}
+	}()
+
+	sname, err := ptsname(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if err := grantpt(p); err != nil {
+		return nil, nil, err
+	}
+
+	if err := unlockpt(p); err != nil {
+		return nil, nil, err
+	}
+
+	t, err := os.OpenFile(sname, os.O_RDWR, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	return p, t, nil
+}
+
+func grantpt(f *os.File) error {
+	_, err := isptmaster(f.Fd())
+	return err
+}
+
+func unlockpt(f *os.File) error {
+	_, err := isptmaster(f.Fd())
+	return err
+}
+
+func isptmaster(fd uintptr) (bool, error) {
+	err := ioctl(fd, syscall.TIOCISPTMASTER, 0)
+	return err == nil, err
+}
+
+var (
+	emptyFiodgnameArg fiodgnameArg
+	ioctl_FIODNAME    = _IOW('f', 120, unsafe.Sizeof(emptyFiodgnameArg))
+)
+
+func ptsname(f *os.File) (string, error) {
+	name := make([]byte, _C_SPECNAMELEN)
+	fa := fiodgnameArg{Name: (*byte)(unsafe.Pointer(&name[0])), Len: _C_SPECNAMELEN, Pad_cgo_0: [4]byte{0, 0, 0, 0}}
+
+	err := ioctl(f.Fd(), ioctl_FIODNAME, uintptr(unsafe.Pointer(&fa)))
+	if err != nil {
+		return "", err
+	}
+
+	for i, c := range name {
+		if c == 0 {
+			s := "/dev/" + string(name[:i])
+			return strings.Replace(s, "ptm", "pts", -1), nil
+		}
+	}
+	return "", errors.New("TIOCPTYGNAME string not NUL-terminated")
+}
diff --git a/vendor/github.com/creack/pty/pty_freebsd.go b/vendor/github.com/creack/pty/pty_freebsd.go
new file mode 100644
index 0000000000000..63b6d91337ae3
--- /dev/null
+++ b/vendor/github.com/creack/pty/pty_freebsd.go
@@ -0,0 +1,78 @@
+package pty
+
+import (
+	"errors"
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+func posixOpenpt(oflag int) (fd int, err error) {
+	r0, _, e1 := syscall.Syscall(syscall.SYS_POSIX_OPENPT, uintptr(oflag), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return fd, err
+}
+
+func open() (pty, tty *os.File, err error) {
+	fd, err := posixOpenpt(syscall.O_RDWR | syscall.O_CLOEXEC)
+	if err != nil {
+		return nil, nil, err
+	}
+	p := os.NewFile(uintptr(fd), "/dev/pts")
+	// In case of error after this point, make sure we close the pts fd.
+	defer func() {
+		if err != nil {
+			_ = p.Close() // Best effort.
+		}
+	}()
+
+	sname, err := ptsname(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	t, err := os.OpenFile("/dev/"+sname, os.O_RDWR, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	return p, t, nil
+}
+
+func isptmaster(fd uintptr) (bool, error) {
+	err := ioctl(fd, syscall.TIOCPTMASTER, 0)
+	return err == nil, err
+}
+
+var (
+	emptyFiodgnameArg fiodgnameArg
+	ioctlFIODGNAME    = _IOW('f', 120, unsafe.Sizeof(emptyFiodgnameArg))
+)
+
+func ptsname(f *os.File) (string, error) {
+	master, err := isptmaster(f.Fd())
+	if err != nil {
+		return "", err
+	}
+	if !master {
+		return "", syscall.EINVAL
+	}
+
+	const n = _C_SPECNAMELEN + 1
+	var (
+		buf = make([]byte, n)
+		arg = fiodgnameArg{Len: n, Buf: (*byte)(unsafe.Pointer(&buf[0]))}
+	)
+	if err := ioctl(f.Fd(), ioctlFIODGNAME, uintptr(unsafe.Pointer(&arg))); err != nil {
+		return "", err
+	}
+
+	for i, c := range buf {
+		if c == 0 {
+			return string(buf[:i]), nil
+		}
+	}
+	return "", errors.New("FIODGNAME string not NUL-terminated")
+}
diff --git a/vendor/github.com/kr/pty/pty_linux.go b/vendor/github.com/creack/pty/pty_linux.go
similarity index 75%
rename from vendor/github.com/kr/pty/pty_linux.go
rename to vendor/github.com/creack/pty/pty_linux.go
index cb901a21e0063..4a833de184997 100644
--- a/vendor/github.com/kr/pty/pty_linux.go
+++ b/vendor/github.com/creack/pty/pty_linux.go
@@ -12,14 +12,19 @@ func open() (pty, tty *os.File, err error) {
 	if err != nil {
 		return nil, nil, err
 	}
+	// In case of error after this point, make sure we close the ptmx fd.
+	defer func() {
+		if err != nil {
+			_ = p.Close() // Best effort.
+		}
+	}()
 
 	sname, err := ptsname(p)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	err = unlockpt(p)
-	if err != nil {
+	if err := unlockpt(p); err != nil {
 		return nil, nil, err
 	}
 
@@ -41,6 +46,6 @@ func ptsname(f *os.File) (string, error) {
 
 func unlockpt(f *os.File) error {
 	var u _C_int
-	// use TIOCSPTLCK with a zero valued arg to clear the slave pty lock
+	// use TIOCSPTLCK with a pointer to zero to clear the lock
 	return ioctl(f.Fd(), syscall.TIOCSPTLCK, uintptr(unsafe.Pointer(&u)))
 }
diff --git a/vendor/github.com/creack/pty/pty_openbsd.go b/vendor/github.com/creack/pty/pty_openbsd.go
new file mode 100644
index 0000000000000..a6a35d1e677e8
--- /dev/null
+++ b/vendor/github.com/creack/pty/pty_openbsd.go
@@ -0,0 +1,33 @@
+package pty
+
+import (
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+func open() (pty, tty *os.File, err error) {
+	/*
+	 * from ptm(4):
+	 * The PTMGET command allocates a free pseudo terminal, changes its
+	 * ownership to the caller, revokes the access privileges for all previous
+	 * users, opens the file descriptors for the pty and tty devices and
+	 * returns them to the caller in struct ptmget.
+	 */
+
+	p, err := os.OpenFile("/dev/ptm", os.O_RDWR|syscall.O_CLOEXEC, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	defer p.Close()
+
+	var ptm ptmget
+	if err := ioctl(p.Fd(), uintptr(ioctl_PTMGET), uintptr(unsafe.Pointer(&ptm))); err != nil {
+		return nil, nil, err
+	}
+
+	pty = os.NewFile(uintptr(ptm.Cfd), "/dev/ptm")
+	tty = os.NewFile(uintptr(ptm.Sfd), "/dev/ptm")
+
+	return pty, tty, nil
+}
diff --git a/vendor/github.com/creack/pty/pty_solaris.go b/vendor/github.com/creack/pty/pty_solaris.go
new file mode 100644
index 0000000000000..09ec1b7978a60
--- /dev/null
+++ b/vendor/github.com/creack/pty/pty_solaris.go
@@ -0,0 +1,139 @@
+package pty
+
+/* based on:
+http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libc/port/gen/pt.c
+*/
+
+import (
+	"errors"
+	"golang.org/x/sys/unix"
+	"os"
+	"strconv"
+	"syscall"
+	"unsafe"
+)
+
+const NODEV = ^uint64(0)
+
+func open() (pty, tty *os.File, err error) {
+	masterfd, err := syscall.Open("/dev/ptmx", syscall.O_RDWR|unix.O_NOCTTY, 0)
+	//masterfd, err := syscall.Open("/dev/ptmx", syscall.O_RDWR|syscall.O_CLOEXEC|unix.O_NOCTTY, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	p := os.NewFile(uintptr(masterfd), "/dev/ptmx")
+
+	sname, err := ptsname(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	err = grantpt(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	err = unlockpt(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	slavefd, err := syscall.Open(sname, os.O_RDWR|unix.O_NOCTTY, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	t := os.NewFile(uintptr(slavefd), sname)
+
+	// pushing terminal driver STREAMS modules as per pts(7)
+	for _, mod := range([]string{"ptem", "ldterm", "ttcompat"}) {
+		err = streams_push(t, mod)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+	
+	return p, t, nil
+}
+
+func minor(x uint64) uint64 {
+	return x & 0377
+}
+
+func ptsdev(fd uintptr) uint64 {
+	istr := strioctl{ISPTM, 0, 0, nil}
+	err := ioctl(fd, I_STR, uintptr(unsafe.Pointer(&istr)))
+	if err != nil {
+		return NODEV
+	}
+	var status unix.Stat_t
+	err = unix.Fstat(int(fd), &status)
+	if err != nil {
+		return NODEV
+	}
+	return uint64(minor(status.Rdev))
+}
+
+func ptsname(f *os.File) (string, error) {
+	dev := ptsdev(f.Fd())
+	if dev == NODEV {
+		return "", errors.New("not a master pty")
+	}
+	fn := "/dev/pts/" + strconv.FormatInt(int64(dev), 10)
+	// access(2) creates the slave device (if the pty exists)
+	// F_OK == 0 (unistd.h)
+	err := unix.Access(fn, 0)
+	if err != nil {
+		return "", err
+	}
+	return fn, nil
+}
+
+type pt_own struct {
+	pto_ruid int32
+	pto_rgid int32
+}
+
+func grantpt(f *os.File) error {
+	if ptsdev(f.Fd()) == NODEV {
+		return errors.New("not a master pty")
+	}
+	var pto pt_own
+	pto.pto_ruid = int32(os.Getuid())
+	// XXX should first attempt to get gid of DEFAULT_TTY_GROUP="tty"
+	pto.pto_rgid = int32(os.Getgid())
+	var istr strioctl
+	istr.ic_cmd = OWNERPT
+	istr.ic_timout = 0
+	istr.ic_len = int32(unsafe.Sizeof(istr))
+	istr.ic_dp = unsafe.Pointer(&pto)
+	err := ioctl(f.Fd(), I_STR, uintptr(unsafe.Pointer(&istr)))
+	if err != nil {
+		return errors.New("access denied")
+	}
+	return nil
+}
+
+func unlockpt(f *os.File) error {
+	istr := strioctl{UNLKPT, 0, 0, nil}
+	return ioctl(f.Fd(), I_STR, uintptr(unsafe.Pointer(&istr)))
+}
+
+// push STREAMS modules if not already done so
+func streams_push(f *os.File, mod string) error {
+	var err error
+	buf := []byte(mod)
+	// XXX I_FIND is not returning an error when the module
+	// is already pushed even though truss reports a return
+	// value of 1. A bug in the Go Solaris syscall interface?
+	// XXX without this we are at risk of the issue
+	// https://www.illumos.org/issues/9042
+	// but since we are not using libc or XPG4.2, we should not be
+	// double-pushing modules
+	
+	err = ioctl(f.Fd(), I_FIND, uintptr(unsafe.Pointer(&buf[0])))
+	if err != nil {
+		return nil
+	}
+	err = ioctl(f.Fd(), I_PUSH, uintptr(unsafe.Pointer(&buf[0])))
+	return err
+}
diff --git a/vendor/github.com/creack/pty/pty_unsupported.go b/vendor/github.com/creack/pty/pty_unsupported.go
new file mode 100644
index 0000000000000..ceb425b19c982
--- /dev/null
+++ b/vendor/github.com/creack/pty/pty_unsupported.go
@@ -0,0 +1,11 @@
+// +build !linux,!darwin,!freebsd,!dragonfly,!openbsd,!solaris
+
+package pty
+
+import (
+	"os"
+)
+
+func open() (pty, tty *os.File, err error) {
+	return nil, nil, ErrUnsupported
+}
diff --git a/vendor/github.com/creack/pty/run.go b/vendor/github.com/creack/pty/run.go
new file mode 100644
index 0000000000000..b07942514d6ad
--- /dev/null
+++ b/vendor/github.com/creack/pty/run.go
@@ -0,0 +1,74 @@
+// +build !windows
+
+package pty
+
+import (
+	"os"
+	"os/exec"
+	"syscall"
+)
+
+// Start assigns a pseudo-terminal tty os.File to c.Stdin, c.Stdout,
+// and c.Stderr, calls c.Start, and returns the File of the tty's
+// corresponding pty.
+//
+// Starts the process in a new session and sets the controlling terminal.
+func Start(c *exec.Cmd) (pty *os.File, err error) {
+	return StartWithSize(c, nil)
+}
+
+// StartWithSize assigns a pseudo-terminal tty os.File to c.Stdin, c.Stdout,
+// and c.Stderr, calls c.Start, and returns the File of the tty's
+// corresponding pty.
+//
+// This will resize the pty to the specified size before starting the command.
+// Starts the process in a new session and sets the controlling terminal.
+func StartWithSize(c *exec.Cmd, sz *Winsize) (pty *os.File, err error) {
+	if c.SysProcAttr == nil {
+		c.SysProcAttr = &syscall.SysProcAttr{}
+	}
+	c.SysProcAttr.Setsid = true
+	c.SysProcAttr.Setctty = true
+	return StartWithAttrs(c, sz, c.SysProcAttr)
+}
+
+// StartWithAttrs assigns a pseudo-terminal tty os.File to c.Stdin, c.Stdout,
+// and c.Stderr, calls c.Start, and returns the File of the tty's
+// corresponding pty.
+//
+// This will resize the pty to the specified size before starting the command if a size is provided.
+// The `attrs` parameter overrides the one set in c.SysProcAttr.
+//
+// This should generally not be needed. Used in some edge cases where it is needed to create a pty
+// without a controlling terminal.
+func StartWithAttrs(c *exec.Cmd, sz *Winsize, attrs *syscall.SysProcAttr) (pty *os.File, err error) {
+	pty, tty, err := Open()
+	if err != nil {
+		return nil, err
+	}
+	defer tty.Close()
+
+	if sz != nil {
+		if err := Setsize(pty, sz); err != nil {
+			pty.Close()
+			return nil, err
+		}
+	}
+	if c.Stdout == nil {
+		c.Stdout = tty
+	}
+	if c.Stderr == nil {
+		c.Stderr = tty
+	}
+	if c.Stdin == nil {
+		c.Stdin = tty
+	}
+
+	c.SysProcAttr = attrs
+
+	if err := c.Start(); err != nil {
+		_ = pty.Close()
+		return nil, err
+	}
+	return pty, err
+}
diff --git a/vendor/github.com/creack/pty/util.go b/vendor/github.com/creack/pty/util.go
new file mode 100644
index 0000000000000..8fdde0bab988c
--- /dev/null
+++ b/vendor/github.com/creack/pty/util.go
@@ -0,0 +1,64 @@
+// +build !windows,!solaris
+
+package pty
+
+import (
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+// InheritSize applies the terminal size of pty to tty. This should be run
+// in a signal handler for syscall.SIGWINCH to automatically resize the tty when
+// the pty receives a window size change notification.
+func InheritSize(pty, tty *os.File) error {
+	size, err := GetsizeFull(pty)
+	if err != nil {
+		return err
+	}
+	err = Setsize(tty, size)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Setsize resizes t to s.
+func Setsize(t *os.File, ws *Winsize) error {
+	return windowRectCall(ws, t.Fd(), syscall.TIOCSWINSZ)
+}
+
+// GetsizeFull returns the full terminal size description.
+func GetsizeFull(t *os.File) (size *Winsize, err error) {
+	var ws Winsize
+	err = windowRectCall(&ws, t.Fd(), syscall.TIOCGWINSZ)
+	return &ws, err
+}
+
+// Getsize returns the number of rows (lines) and cols (positions
+// in each line) in terminal t.
+func Getsize(t *os.File) (rows, cols int, err error) {
+	ws, err := GetsizeFull(t)
+	return int(ws.Rows), int(ws.Cols), err
+}
+
+// Winsize describes the terminal size.
+type Winsize struct {
+	Rows uint16 // ws_row: Number of rows (in cells)
+	Cols uint16 // ws_col: Number of columns (in cells)
+	X    uint16 // ws_xpixel: Width in pixels
+	Y    uint16 // ws_ypixel: Height in pixels
+}
+
+func windowRectCall(ws *Winsize, fd, a2 uintptr) error {
+	_, _, errno := syscall.Syscall(
+		syscall.SYS_IOCTL,
+		fd,
+		a2,
+		uintptr(unsafe.Pointer(ws)),
+	)
+	if errno != 0 {
+		return syscall.Errno(errno)
+	}
+	return nil
+}
diff --git a/vendor/github.com/creack/pty/util_solaris.go b/vendor/github.com/creack/pty/util_solaris.go
new file mode 100644
index 0000000000000..e8896924824b3
--- /dev/null
+++ b/vendor/github.com/creack/pty/util_solaris.go
@@ -0,0 +1,51 @@
+//
+
+package pty
+
+import (
+	"os"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	TIOCGWINSZ = 21608 // 'T' << 8 | 104
+	TIOCSWINSZ = 21607 // 'T' << 8 | 103
+)
+
+// Winsize describes the terminal size.
+type Winsize struct {
+	Rows uint16 // ws_row: Number of rows (in cells)
+	Cols uint16 // ws_col: Number of columns (in cells)
+	X    uint16 // ws_xpixel: Width in pixels
+	Y    uint16 // ws_ypixel: Height in pixels
+}
+
+// GetsizeFull returns the full terminal size description.
+func GetsizeFull(t *os.File) (size *Winsize, err error) {
+	var wsz *unix.Winsize
+	wsz, err = unix.IoctlGetWinsize(int(t.Fd()), TIOCGWINSZ)
+
+	if err != nil {
+		return nil, err
+	} else {
+		return &Winsize{wsz.Row, wsz.Col, wsz.Xpixel, wsz.Ypixel}, nil
+	}
+}
+
+// Get Windows Size
+func Getsize(t *os.File) (rows, cols int, err error) {
+	var wsz *unix.Winsize
+	wsz, err = unix.IoctlGetWinsize(int(t.Fd()), TIOCGWINSZ)
+
+	if err != nil {
+		return 80, 25, err
+	} else {
+		return int(wsz.Row), int(wsz.Col), nil
+	}
+}
+
+// Setsize resizes t to s.
+func Setsize(t *os.File, ws *Winsize) error {
+	wsz := unix.Winsize{ws.Rows, ws.Cols, ws.X, ws.Y}
+	return unix.IoctlSetWinsize(int(t.Fd()), TIOCSWINSZ, &wsz)
+}
diff --git a/vendor/github.com/kr/pty/ztypes_386.go b/vendor/github.com/creack/pty/ztypes_386.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_386.go
rename to vendor/github.com/creack/pty/ztypes_386.go
diff --git a/vendor/github.com/kr/pty/ztypes_amd64.go b/vendor/github.com/creack/pty/ztypes_amd64.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_amd64.go
rename to vendor/github.com/creack/pty/ztypes_amd64.go
diff --git a/vendor/github.com/kr/pty/ztypes_arm.go b/vendor/github.com/creack/pty/ztypes_arm.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_arm.go
rename to vendor/github.com/creack/pty/ztypes_arm.go
diff --git a/vendor/github.com/kr/pty/ztypes_arm64.go b/vendor/github.com/creack/pty/ztypes_arm64.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_arm64.go
rename to vendor/github.com/creack/pty/ztypes_arm64.go
diff --git a/vendor/github.com/creack/pty/ztypes_dragonfly_amd64.go b/vendor/github.com/creack/pty/ztypes_dragonfly_amd64.go
new file mode 100644
index 0000000000000..6b0ba037f897c
--- /dev/null
+++ b/vendor/github.com/creack/pty/ztypes_dragonfly_amd64.go
@@ -0,0 +1,14 @@
+// Created by cgo -godefs - DO NOT EDIT
+// cgo -godefs types_dragonfly.go
+
+package pty
+
+const (
+	_C_SPECNAMELEN = 0x3f
+)
+
+type fiodgnameArg struct {
+	Name      *byte
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
diff --git a/vendor/github.com/kr/pty/ztypes_freebsd_386.go b/vendor/github.com/creack/pty/ztypes_freebsd_386.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_freebsd_386.go
rename to vendor/github.com/creack/pty/ztypes_freebsd_386.go
diff --git a/vendor/github.com/kr/pty/ztypes_freebsd_amd64.go b/vendor/github.com/creack/pty/ztypes_freebsd_amd64.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_freebsd_amd64.go
rename to vendor/github.com/creack/pty/ztypes_freebsd_amd64.go
diff --git a/vendor/github.com/kr/pty/ztypes_freebsd_arm.go b/vendor/github.com/creack/pty/ztypes_freebsd_arm.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_freebsd_arm.go
rename to vendor/github.com/creack/pty/ztypes_freebsd_arm.go
diff --git a/vendor/github.com/creack/pty/ztypes_freebsd_arm64.go b/vendor/github.com/creack/pty/ztypes_freebsd_arm64.go
new file mode 100644
index 0000000000000..4418139b26fdc
--- /dev/null
+++ b/vendor/github.com/creack/pty/ztypes_freebsd_arm64.go
@@ -0,0 +1,13 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs types_freebsd.go
+
+package pty
+
+const (
+	_C_SPECNAMELEN = 0xff
+)
+
+type fiodgnameArg struct {
+	Len int32
+	Buf *byte
+}
diff --git a/vendor/github.com/creack/pty/ztypes_mipsx.go b/vendor/github.com/creack/pty/ztypes_mipsx.go
new file mode 100644
index 0000000000000..f0ce74086aef7
--- /dev/null
+++ b/vendor/github.com/creack/pty/ztypes_mipsx.go
@@ -0,0 +1,12 @@
+// Created by cgo -godefs - DO NOT EDIT
+// cgo -godefs types.go
+
+// +build linux
+// +build mips mipsle mips64 mips64le
+
+package pty
+
+type (
+	_C_int  int32
+	_C_uint uint32
+)
diff --git a/vendor/github.com/creack/pty/ztypes_openbsd_32bit_int.go b/vendor/github.com/creack/pty/ztypes_openbsd_32bit_int.go
new file mode 100644
index 0000000000000..d7cab4a2abecc
--- /dev/null
+++ b/vendor/github.com/creack/pty/ztypes_openbsd_32bit_int.go
@@ -0,0 +1,13 @@
+// +build openbsd
+// +build 386 amd64 arm arm64
+
+package pty
+
+type ptmget struct {
+	Cfd	int32
+	Sfd	int32
+	Cn	[16]int8
+	Sn	[16]int8
+}
+
+var ioctl_PTMGET = 0x40287401
diff --git a/vendor/github.com/kr/pty/ztypes_ppc64.go b/vendor/github.com/creack/pty/ztypes_ppc64.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_ppc64.go
rename to vendor/github.com/creack/pty/ztypes_ppc64.go
diff --git a/vendor/github.com/kr/pty/ztypes_ppc64le.go b/vendor/github.com/creack/pty/ztypes_ppc64le.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_ppc64le.go
rename to vendor/github.com/creack/pty/ztypes_ppc64le.go
diff --git a/vendor/github.com/creack/pty/ztypes_riscvx.go b/vendor/github.com/creack/pty/ztypes_riscvx.go
new file mode 100644
index 0000000000000..99eec8ecbe021
--- /dev/null
+++ b/vendor/github.com/creack/pty/ztypes_riscvx.go
@@ -0,0 +1,11 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs types.go
+
+// +build riscv riscv64
+
+package pty
+
+type (
+	_C_int  int32
+	_C_uint uint32
+)
diff --git a/vendor/github.com/kr/pty/ztypes_s390x.go b/vendor/github.com/creack/pty/ztypes_s390x.go
similarity index 100%
rename from vendor/github.com/kr/pty/ztypes_s390x.go
rename to vendor/github.com/creack/pty/ztypes_s390x.go
diff --git a/vendor/github.com/cyphar/filepath-securejoin/LICENSE b/vendor/github.com/cyphar/filepath-securejoin/LICENSE
new file mode 100644
index 0000000000000..bec842f294f77
--- /dev/null
+++ b/vendor/github.com/cyphar/filepath-securejoin/LICENSE
@@ -0,0 +1,28 @@
+Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved.
+Copyright (C) 2017 SUSE LLC. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/cyphar/filepath-securejoin/README.md b/vendor/github.com/cyphar/filepath-securejoin/README.md
new file mode 100644
index 0000000000000..49b2baa9f35cb
--- /dev/null
+++ b/vendor/github.com/cyphar/filepath-securejoin/README.md
@@ -0,0 +1,65 @@
+## `filepath-securejoin` ##
+
+[![Build Status](https://travis-ci.org/cyphar/filepath-securejoin.svg?branch=master)](https://travis-ci.org/cyphar/filepath-securejoin)
+
+An implementation of `SecureJoin`, a [candidate for inclusion in the Go
+standard library][go#20126]. The purpose of this function is to be a "secure"
+alternative to `filepath.Join`, and in particular it provides certain
+guarantees that are not provided by `filepath.Join`.
+
+This is the function prototype:
+
+```go
+func SecureJoin(root, unsafePath string) (string, error)
+```
+
+This library **guarantees** the following:
+
+* If no error is set, the resulting string **must** be a child path of
+  `SecureJoin` and will not contain any symlink path components (they will all
+  be expanded).
+
+* When expanding symlinks, all symlink path components **must** be resolved
+  relative to the provided root. In particular, this can be considered a
+  userspace implementation of how `chroot(2)` operates on file paths. Note that
+  these symlinks will **not** be expanded lexically (`filepath.Clean` is not
+  called on the input before processing).
+
+* Non-existant path components are unaffected by `SecureJoin` (similar to
+  `filepath.EvalSymlinks`'s semantics).
+
+* The returned path will always be `filepath.Clean`ed and thus not contain any
+  `..` components.
+
+A (trivial) implementation of this function on GNU/Linux systems could be done
+with the following (note that this requires root privileges and is far more
+opaque than the implementation in this library, and also requires that
+`readlink` is inside the `root` path):
+
+```go
+package securejoin
+
+import (
+	"os/exec"
+	"path/filepath"
+)
+
+func SecureJoin(root, unsafePath string) (string, error) {
+	unsafePath = string(filepath.Separator) + unsafePath
+	cmd := exec.Command("chroot", root,
+		"readlink", "--canonicalize-missing", "--no-newline", unsafePath)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", err
+	}
+	expanded := string(output)
+	return filepath.Join(root, expanded), nil
+}
+```
+
+[go#20126]: https://github.com/golang/go/issues/20126
+
+### License ###
+
+The license of this project is the same as Go, which is a BSD 3-clause license
+available in the `LICENSE` file.
diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go
new file mode 100644
index 0000000000000..c4ca3d7130057
--- /dev/null
+++ b/vendor/github.com/cyphar/filepath-securejoin/join.go
@@ -0,0 +1,134 @@
+// Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved.
+// Copyright (C) 2017 SUSE LLC. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package securejoin is an implementation of the hopefully-soon-to-be-included
+// SecureJoin helper that is meant to be part of the "path/filepath" package.
+// The purpose of this project is to provide a PoC implementation to make the
+// SecureJoin proposal (https://github.com/golang/go/issues/20126) more
+// tangible.
+package securejoin
+
+import (
+	"bytes"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"github.com/pkg/errors"
+)
+
+// ErrSymlinkLoop is returned by SecureJoinVFS when too many symlinks have been
+// evaluated in attempting to securely join the two given paths.
+var ErrSymlinkLoop = errors.Wrap(syscall.ELOOP, "secure join")
+
+// IsNotExist tells you if err is an error that implies that either the path
+// accessed does not exist (or path components don't exist). This is
+// effectively a more broad version of os.IsNotExist.
+func IsNotExist(err error) bool {
+	// If it's a bone-fide ENOENT just bail.
+	if os.IsNotExist(errors.Cause(err)) {
+		return true
+	}
+
+	// Check that it's not actually an ENOTDIR, which in some cases is a more
+	// convoluted case of ENOENT (usually involving weird paths).
+	var errno error
+	switch err := errors.Cause(err).(type) {
+	case *os.PathError:
+		errno = err.Err
+	case *os.LinkError:
+		errno = err.Err
+	case *os.SyscallError:
+		errno = err.Err
+	}
+	return errno == syscall.ENOTDIR || errno == syscall.ENOENT
+}
+
+// SecureJoinVFS joins the two given path components (similar to Join) except
+// that the returned path is guaranteed to be scoped inside the provided root
+// path (when evaluated). Any symbolic links in the path are evaluated with the
+// given root treated as the root of the filesystem, similar to a chroot. The
+// filesystem state is evaluated through the given VFS interface (if nil, the
+// standard os.* family of functions are used).
+//
+// Note that the guarantees provided by this function only apply if the path
+// components in the returned string are not modified (in other words are not
+// replaced with symlinks on the filesystem) after this function has returned.
+// Such a symlink race is necessarily out-of-scope of SecureJoin.
+func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) {
+	// Use the os.* VFS implementation if none was specified.
+	if vfs == nil {
+		vfs = osVFS{}
+	}
+
+	var path bytes.Buffer
+	n := 0
+	for unsafePath != "" {
+		if n > 255 {
+			return "", ErrSymlinkLoop
+		}
+
+		// Next path component, p.
+		i := strings.IndexRune(unsafePath, filepath.Separator)
+		var p string
+		if i == -1 {
+			p, unsafePath = unsafePath, ""
+		} else {
+			p, unsafePath = unsafePath[:i], unsafePath[i+1:]
+		}
+
+		// Create a cleaned path, using the lexical semantics of /../a, to
+		// create a "scoped" path component which can safely be joined to fullP
+		// for evaluation. At this point, path.String() doesn't contain any
+		// symlink components.
+		cleanP := filepath.Clean(string(filepath.Separator) + path.String() + p)
+		if cleanP == string(filepath.Separator) {
+			path.Reset()
+			continue
+		}
+		fullP := filepath.Clean(root + cleanP)
+
+		// Figure out whether the path is a symlink.
+		fi, err := vfs.Lstat(fullP)
+		if err != nil && !IsNotExist(err) {
+			return "", err
+		}
+		// Treat non-existent path components the same as non-symlinks (we
+		// can't do any better here).
+		if IsNotExist(err) || fi.Mode()&os.ModeSymlink == 0 {
+			path.WriteString(p)
+			path.WriteRune(filepath.Separator)
+			continue
+		}
+
+		// Only increment when we actually dereference a link.
+		n++
+
+		// It's a symlink, expand it by prepending it to the yet-unparsed path.
+		dest, err := vfs.Readlink(fullP)
+		if err != nil {
+			return "", err
+		}
+		// Absolute symlinks reset any work we've already done.
+		if filepath.IsAbs(dest) {
+			path.Reset()
+		}
+		unsafePath = dest + string(filepath.Separator) + unsafePath
+	}
+
+	// We have to clean path.String() here because it may contain '..'
+	// components that are entirely lexical, but would be misleading otherwise.
+	// And finally do a final clean to ensure that root is also lexically
+	// clean.
+	fullP := filepath.Clean(string(filepath.Separator) + path.String())
+	return filepath.Clean(root + fullP), nil
+}
+
+// SecureJoin is a wrapper around SecureJoinVFS that just uses the os.* library
+// of functions as the VFS. If in doubt, use this function over SecureJoinVFS.
+func SecureJoin(root, unsafePath string) (string, error) {
+	return SecureJoinVFS(root, unsafePath, nil)
+}
diff --git a/vendor/github.com/cyphar/filepath-securejoin/vendor.conf b/vendor/github.com/cyphar/filepath-securejoin/vendor.conf
new file mode 100644
index 0000000000000..66bb574b955bc
--- /dev/null
+++ b/vendor/github.com/cyphar/filepath-securejoin/vendor.conf
@@ -0,0 +1 @@
+github.com/pkg/errors v0.8.0
diff --git a/vendor/github.com/cyphar/filepath-securejoin/vfs.go b/vendor/github.com/cyphar/filepath-securejoin/vfs.go
new file mode 100644
index 0000000000000..a82a5eae11eb2
--- /dev/null
+++ b/vendor/github.com/cyphar/filepath-securejoin/vfs.go
@@ -0,0 +1,41 @@
+// Copyright (C) 2017 SUSE LLC. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package securejoin
+
+import "os"
+
+// In future this should be moved into a separate package, because now there
+// are several projects (umoci and go-mtree) that are using this sort of
+// interface.
+
+// VFS is the minimal interface necessary to use SecureJoinVFS. A nil VFS is
+// equivalent to using the standard os.* family of functions. This is mainly
+// used for the purposes of mock testing, but also can be used to otherwise use
+// SecureJoin with VFS-like system.
+type VFS interface {
+	// Lstat returns a FileInfo describing the named file. If the file is a
+	// symbolic link, the returned FileInfo describes the symbolic link. Lstat
+	// makes no attempt to follow the link. These semantics are identical to
+	// os.Lstat.
+	Lstat(name string) (os.FileInfo, error)
+
+	// Readlink returns the destination of the named symbolic link. These
+	// semantics are identical to os.Readlink.
+	Readlink(name string) (string, error)
+}
+
+// osVFS is the "nil" VFS, in that it just passes everything through to the os
+// module.
+type osVFS struct{}
+
+// Lstat returns a FileInfo describing the named file. If the file is a
+// symbolic link, the returned FileInfo describes the symbolic link. Lstat
+// makes no attempt to follow the link. These semantics are identical to
+// os.Lstat.
+func (o osVFS) Lstat(name string) (os.FileInfo, error) { return os.Lstat(name) }
+
+// Readlink returns the destination of the named symbolic link. These
+// semantics are identical to os.Readlink.
+func (o osVFS) Readlink(name string) (string, error) { return os.Readlink(name) }
diff --git a/vendor/github.com/docker/distribution/blobs.go b/vendor/github.com/docker/distribution/blobs.go
index 145b078532b8e..c0e9261be9321 100644
--- a/vendor/github.com/docker/distribution/blobs.go
+++ b/vendor/github.com/docker/distribution/blobs.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 var (
@@ -66,12 +67,19 @@ type Descriptor struct {
 	Size int64 `json:"size,omitempty"`
 
 	// Digest uniquely identifies the content. A byte stream can be verified
-	// against against this digest.
+	// against this digest.
 	Digest digest.Digest `json:"digest,omitempty"`
 
 	// URLs contains the source URLs of this content.
 	URLs []string `json:"urls,omitempty"`
 
+	// Annotations contains arbitrary metadata relating to the targeted content.
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// Platform describes the platform which the image in the manifest runs on.
+	// This should only be used when referring to a manifest.
+	Platform *v1.Platform `json:"platform,omitempty"`
+
 	// NOTE: Before adding a field here, please ensure that all
 	// other options have been exhausted. Much of the type relationships
 	// depend on the simplicity of this type.
diff --git a/vendor/github.com/docker/distribution/errors.go b/vendor/github.com/docker/distribution/errors.go
index 020d33258b916..8e0b788d6c5cb 100644
--- a/vendor/github.com/docker/distribution/errors.go
+++ b/vendor/github.com/docker/distribution/errors.go
@@ -20,6 +20,10 @@ var ErrManifestNotModified = errors.New("manifest not modified")
 // performed
 var ErrUnsupported = errors.New("operation unsupported")
 
+// ErrSchemaV1Unsupported is returned when a client tries to upload a schema v1
+// manifest but the registry is configured to reject it
+var ErrSchemaV1Unsupported = errors.New("manifest schema v1 unsupported")
+
 // ErrTagUnknown is returned if the given tag is not known by the tag service
 type ErrTagUnknown struct {
 	Tag string
diff --git a/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go b/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go
index 3aa0662d9fd06..54c8f3c94c394 100644
--- a/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go
+++ b/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go
@@ -8,10 +8,13 @@ import (
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest"
 	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/image-spec/specs-go/v1"
 )
 
-// MediaTypeManifestList specifies the mediaType for manifest lists.
-const MediaTypeManifestList = "application/vnd.docker.distribution.manifest.list.v2+json"
+const (
+	// MediaTypeManifestList specifies the mediaType for manifest lists.
+	MediaTypeManifestList = "application/vnd.docker.distribution.manifest.list.v2+json"
+)
 
 // SchemaVersion provides a pre-initialized version structure for this
 // packages version of the manifest.
@@ -20,6 +23,13 @@ var SchemaVersion = manifest.Versioned{
 	MediaType:     MediaTypeManifestList,
 }
 
+// OCISchemaVersion provides a pre-initialized version structure for this
+// packages OCIschema version of the manifest.
+var OCISchemaVersion = manifest.Versioned{
+	SchemaVersion: 2,
+	MediaType:     v1.MediaTypeImageIndex,
+}
+
 func init() {
 	manifestListFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {
 		m := new(DeserializedManifestList)
@@ -28,6 +38,13 @@ func init() {
 			return nil, distribution.Descriptor{}, err
 		}
 
+		if m.MediaType != MediaTypeManifestList {
+			err = fmt.Errorf("mediaType in manifest list should be '%s' not '%s'",
+				MediaTypeManifestList, m.MediaType)
+
+			return nil, distribution.Descriptor{}, err
+		}
+
 		dgst := digest.FromBytes(b)
 		return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: MediaTypeManifestList}, err
 	}
@@ -35,6 +52,28 @@ func init() {
 	if err != nil {
 		panic(fmt.Sprintf("Unable to register manifest: %s", err))
 	}
+
+	imageIndexFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {
+		m := new(DeserializedManifestList)
+		err := m.UnmarshalJSON(b)
+		if err != nil {
+			return nil, distribution.Descriptor{}, err
+		}
+
+		if m.MediaType != "" && m.MediaType != v1.MediaTypeImageIndex {
+			err = fmt.Errorf("if present, mediaType in image index should be '%s' not '%s'",
+				v1.MediaTypeImageIndex, m.MediaType)
+
+			return nil, distribution.Descriptor{}, err
+		}
+
+		dgst := digest.FromBytes(b)
+		return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: v1.MediaTypeImageIndex}, err
+	}
+	err = distribution.RegisterManifestSchema(v1.MediaTypeImageIndex, imageIndexFunc)
+	if err != nil {
+		panic(fmt.Sprintf("Unable to register OCI Image Index: %s", err))
+	}
 }
 
 // PlatformSpec specifies a platform where a particular image manifest is
@@ -105,11 +144,26 @@ type DeserializedManifestList struct {
 // DeserializedManifestList which contains the resulting manifest list
 // and its JSON representation.
 func FromDescriptors(descriptors []ManifestDescriptor) (*DeserializedManifestList, error) {
+	var mediaType string
+	if len(descriptors) > 0 && descriptors[0].Descriptor.MediaType == v1.MediaTypeImageManifest {
+		mediaType = v1.MediaTypeImageIndex
+	} else {
+		mediaType = MediaTypeManifestList
+	}
+
+	return FromDescriptorsWithMediaType(descriptors, mediaType)
+}
+
+// FromDescriptorsWithMediaType is for testing purposes, it's useful to be able to specify the media type explicitly
+func FromDescriptorsWithMediaType(descriptors []ManifestDescriptor, mediaType string) (*DeserializedManifestList, error) {
 	m := ManifestList{
-		Versioned: SchemaVersion,
+		Versioned: manifest.Versioned{
+			SchemaVersion: 2,
+			MediaType:     mediaType,
+		},
 	}
 
-	m.Manifests = make([]ManifestDescriptor, len(descriptors), len(descriptors))
+	m.Manifests = make([]ManifestDescriptor, len(descriptors))
 	copy(m.Manifests, descriptors)
 
 	deserialized := DeserializedManifestList{
@@ -123,7 +177,7 @@ func FromDescriptors(descriptors []ManifestDescriptor) (*DeserializedManifestLis
 
 // UnmarshalJSON populates a new ManifestList struct from JSON data.
 func (m *DeserializedManifestList) UnmarshalJSON(b []byte) error {
-	m.canonical = make([]byte, len(b), len(b))
+	m.canonical = make([]byte, len(b))
 	// store manifest list in canonical
 	copy(m.canonical, b)
 
@@ -151,5 +205,12 @@ func (m *DeserializedManifestList) MarshalJSON() ([]byte, error) {
 // Payload returns the raw content of the manifest list. The contents can be
 // used to calculate the content identifier.
 func (m DeserializedManifestList) Payload() (string, []byte, error) {
-	return m.MediaType, m.canonical, nil
+	var mediaType string
+	if m.MediaType == "" {
+		mediaType = v1.MediaTypeImageIndex
+	} else {
+		mediaType = m.MediaType
+	}
+
+	return mediaType, m.canonical, nil
 }
diff --git a/vendor/github.com/docker/distribution/manifest/ocischema/builder.go b/vendor/github.com/docker/distribution/manifest/ocischema/builder.go
new file mode 100644
index 0000000000000..d90453bcf8671
--- /dev/null
+++ b/vendor/github.com/docker/distribution/manifest/ocischema/builder.go
@@ -0,0 +1,107 @@
+package ocischema
+
+import (
+	"context"
+	"errors"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/manifest"
+	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// Builder is a type for constructing manifests.
+type Builder struct {
+	// bs is a BlobService used to publish the configuration blob.
+	bs distribution.BlobService
+
+	// configJSON references
+	configJSON []byte
+
+	// layers is a list of layer descriptors that gets built by successive
+	// calls to AppendReference.
+	layers []distribution.Descriptor
+
+	// Annotations contains arbitrary metadata relating to the targeted content.
+	annotations map[string]string
+
+	// For testing purposes
+	mediaType string
+}
+
+// NewManifestBuilder is used to build new manifests for the current schema
+// version. It takes a BlobService so it can publish the configuration blob
+// as part of the Build process, and annotations.
+func NewManifestBuilder(bs distribution.BlobService, configJSON []byte, annotations map[string]string) distribution.ManifestBuilder {
+	mb := &Builder{
+		bs:          bs,
+		configJSON:  make([]byte, len(configJSON)),
+		annotations: annotations,
+		mediaType:   v1.MediaTypeImageManifest,
+	}
+	copy(mb.configJSON, configJSON)
+
+	return mb
+}
+
+// SetMediaType assigns the passed mediatype or error if the mediatype is not a
+// valid media type for oci image manifests currently: "" or "application/vnd.oci.image.manifest.v1+json"
+func (mb *Builder) SetMediaType(mediaType string) error {
+	if mediaType != "" && mediaType != v1.MediaTypeImageManifest {
+		return errors.New("invalid media type for OCI image manifest")
+	}
+
+	mb.mediaType = mediaType
+	return nil
+}
+
+// Build produces a final manifest from the given references.
+func (mb *Builder) Build(ctx context.Context) (distribution.Manifest, error) {
+	m := Manifest{
+		Versioned: manifest.Versioned{
+			SchemaVersion: 2,
+			MediaType:     mb.mediaType,
+		},
+		Layers:      make([]distribution.Descriptor, len(mb.layers)),
+		Annotations: mb.annotations,
+	}
+	copy(m.Layers, mb.layers)
+
+	configDigest := digest.FromBytes(mb.configJSON)
+
+	var err error
+	m.Config, err = mb.bs.Stat(ctx, configDigest)
+	switch err {
+	case nil:
+		// Override MediaType, since Put always replaces the specified media
+		// type with application/octet-stream in the descriptor it returns.
+		m.Config.MediaType = v1.MediaTypeImageConfig
+		return FromStruct(m)
+	case distribution.ErrBlobUnknown:
+		// nop
+	default:
+		return nil, err
+	}
+
+	// Add config to the blob store
+	m.Config, err = mb.bs.Put(ctx, v1.MediaTypeImageConfig, mb.configJSON)
+	// Override MediaType, since Put always replaces the specified media
+	// type with application/octet-stream in the descriptor it returns.
+	m.Config.MediaType = v1.MediaTypeImageConfig
+	if err != nil {
+		return nil, err
+	}
+
+	return FromStruct(m)
+}
+
+// AppendReference adds a reference to the current ManifestBuilder.
+func (mb *Builder) AppendReference(d distribution.Describable) error {
+	mb.layers = append(mb.layers, d.Descriptor())
+	return nil
+}
+
+// References returns the current references added to this builder.
+func (mb *Builder) References() []distribution.Descriptor {
+	return mb.layers
+}
diff --git a/vendor/github.com/docker/distribution/manifest/ocischema/manifest.go b/vendor/github.com/docker/distribution/manifest/ocischema/manifest.go
new file mode 100644
index 0000000000000..b8c4bab547094
--- /dev/null
+++ b/vendor/github.com/docker/distribution/manifest/ocischema/manifest.go
@@ -0,0 +1,124 @@
+package ocischema
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/manifest"
+	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+var (
+	// SchemaVersion provides a pre-initialized version structure for this
+	// packages version of the manifest.
+	SchemaVersion = manifest.Versioned{
+		SchemaVersion: 2, // historical value here.. does not pertain to OCI or docker version
+		MediaType:     v1.MediaTypeImageManifest,
+	}
+)
+
+func init() {
+	ocischemaFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {
+		m := new(DeserializedManifest)
+		err := m.UnmarshalJSON(b)
+		if err != nil {
+			return nil, distribution.Descriptor{}, err
+		}
+
+		dgst := digest.FromBytes(b)
+		return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: v1.MediaTypeImageManifest}, err
+	}
+	err := distribution.RegisterManifestSchema(v1.MediaTypeImageManifest, ocischemaFunc)
+	if err != nil {
+		panic(fmt.Sprintf("Unable to register manifest: %s", err))
+	}
+}
+
+// Manifest defines a ocischema manifest.
+type Manifest struct {
+	manifest.Versioned
+
+	// Config references the image configuration as a blob.
+	Config distribution.Descriptor `json:"config"`
+
+	// Layers lists descriptors for the layers referenced by the
+	// configuration.
+	Layers []distribution.Descriptor `json:"layers"`
+
+	// Annotations contains arbitrary metadata for the image manifest.
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// References returns the descriptors of this manifests references.
+func (m Manifest) References() []distribution.Descriptor {
+	references := make([]distribution.Descriptor, 0, 1+len(m.Layers))
+	references = append(references, m.Config)
+	references = append(references, m.Layers...)
+	return references
+}
+
+// Target returns the target of this manifest.
+func (m Manifest) Target() distribution.Descriptor {
+	return m.Config
+}
+
+// DeserializedManifest wraps Manifest with a copy of the original JSON.
+// It satisfies the distribution.Manifest interface.
+type DeserializedManifest struct {
+	Manifest
+
+	// canonical is the canonical byte representation of the Manifest.
+	canonical []byte
+}
+
+// FromStruct takes a Manifest structure, marshals it to JSON, and returns a
+// DeserializedManifest which contains the manifest and its JSON representation.
+func FromStruct(m Manifest) (*DeserializedManifest, error) {
+	var deserialized DeserializedManifest
+	deserialized.Manifest = m
+
+	var err error
+	deserialized.canonical, err = json.MarshalIndent(&m, "", "   ")
+	return &deserialized, err
+}
+
+// UnmarshalJSON populates a new Manifest struct from JSON data.
+func (m *DeserializedManifest) UnmarshalJSON(b []byte) error {
+	m.canonical = make([]byte, len(b))
+	// store manifest in canonical
+	copy(m.canonical, b)
+
+	// Unmarshal canonical JSON into Manifest object
+	var manifest Manifest
+	if err := json.Unmarshal(m.canonical, &manifest); err != nil {
+		return err
+	}
+
+	if manifest.MediaType != "" && manifest.MediaType != v1.MediaTypeImageManifest {
+		return fmt.Errorf("if present, mediaType in manifest should be '%s' not '%s'",
+			v1.MediaTypeImageManifest, manifest.MediaType)
+	}
+
+	m.Manifest = manifest
+
+	return nil
+}
+
+// MarshalJSON returns the contents of canonical. If canonical is empty,
+// marshals the inner contents.
+func (m *DeserializedManifest) MarshalJSON() ([]byte, error) {
+	if len(m.canonical) > 0 {
+		return m.canonical, nil
+	}
+
+	return nil, errors.New("JSON representation not initialized in DeserializedManifest")
+}
+
+// Payload returns the raw content of the manifest. The contents can be used to
+// calculate the content identifier.
+func (m DeserializedManifest) Payload() (string, []byte, error) {
+	return v1.MediaTypeImageManifest, m.canonical, nil
+}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/manifest.go b/vendor/github.com/docker/distribution/manifest/schema1/manifest.go
index 65042a75fc962..9fef4dc7eb772 100644
--- a/vendor/github.com/docker/distribution/manifest/schema1/manifest.go
+++ b/vendor/github.com/docker/distribution/manifest/schema1/manifest.go
@@ -108,7 +108,7 @@ type SignedManifest struct {
 
 // UnmarshalJSON populates a new SignedManifest struct from JSON data.
 func (sm *SignedManifest) UnmarshalJSON(b []byte) error {
-	sm.all = make([]byte, len(b), len(b))
+	sm.all = make([]byte, len(b))
 	// store manifest and signatures in all
 	copy(sm.all, b)
 
@@ -124,7 +124,7 @@ func (sm *SignedManifest) UnmarshalJSON(b []byte) error {
 	}
 
 	// sm.Canonical stores the canonical manifest JSON
-	sm.Canonical = make([]byte, len(bytes), len(bytes))
+	sm.Canonical = make([]byte, len(bytes))
 	copy(sm.Canonical, bytes)
 
 	// Unmarshal canonical JSON into Manifest object
@@ -138,7 +138,7 @@ func (sm *SignedManifest) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// References returnes the descriptors of this manifests references
+// References returns the descriptors of this manifests references
 func (sm SignedManifest) References() []distribution.Descriptor {
 	dependencies := make([]distribution.Descriptor, len(sm.FSLayers))
 	for i, fsLayer := range sm.FSLayers {
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go b/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
index a4f6032cd1e77..0f1d386aab478 100644
--- a/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
+++ b/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
@@ -58,7 +58,7 @@ func (mb *referenceManifestBuilder) Build(ctx context.Context) (distribution.Man
 func (mb *referenceManifestBuilder) AppendReference(d distribution.Describable) error {
 	r, ok := d.(Reference)
 	if !ok {
-		return fmt.Errorf("Unable to add non-reference type to v1 builder")
+		return fmt.Errorf("unable to add non-reference type to v1 builder")
 	}
 
 	// Entries need to be prepended
diff --git a/vendor/github.com/docker/distribution/manifest/schema2/manifest.go b/vendor/github.com/docker/distribution/manifest/schema2/manifest.go
index a2708c75098e0..41f480292019a 100644
--- a/vendor/github.com/docker/distribution/manifest/schema2/manifest.go
+++ b/vendor/github.com/docker/distribution/manifest/schema2/manifest.go
@@ -71,7 +71,7 @@ type Manifest struct {
 	Layers []distribution.Descriptor `json:"layers"`
 }
 
-// References returnes the descriptors of this manifests references.
+// References returns the descriptors of this manifests references.
 func (m Manifest) References() []distribution.Descriptor {
 	references := make([]distribution.Descriptor, 0, 1+len(m.Layers))
 	references = append(references, m.Config)
@@ -79,7 +79,7 @@ func (m Manifest) References() []distribution.Descriptor {
 	return references
 }
 
-// Target returns the target of this signed manifest.
+// Target returns the target of this manifest.
 func (m Manifest) Target() distribution.Descriptor {
 	return m.Config
 }
@@ -106,7 +106,7 @@ func FromStruct(m Manifest) (*DeserializedManifest, error) {
 
 // UnmarshalJSON populates a new Manifest struct from JSON data.
 func (m *DeserializedManifest) UnmarshalJSON(b []byte) error {
-	m.canonical = make([]byte, len(b), len(b))
+	m.canonical = make([]byte, len(b))
 	// store manifest in canonical
 	copy(m.canonical, b)
 
@@ -116,6 +116,12 @@ func (m *DeserializedManifest) UnmarshalJSON(b []byte) error {
 		return err
 	}
 
+	if manifest.MediaType != MediaTypeManifest {
+		return fmt.Errorf("mediaType in manifest should be '%s' not '%s'",
+			MediaTypeManifest, manifest.MediaType)
+
+	}
+
 	m.Manifest = manifest
 
 	return nil
diff --git a/vendor/github.com/docker/distribution/manifests.go b/vendor/github.com/docker/distribution/manifests.go
index 1816baea1d653..8f84a220a97bb 100644
--- a/vendor/github.com/docker/distribution/manifests.go
+++ b/vendor/github.com/docker/distribution/manifests.go
@@ -87,7 +87,7 @@ func ManifestMediaTypes() (mediaTypes []string) {
 // UnmarshalFunc implements manifest unmarshalling a given MediaType
 type UnmarshalFunc func([]byte) (Manifest, Descriptor, error)
 
-var mappings = make(map[string]UnmarshalFunc, 0)
+var mappings = make(map[string]UnmarshalFunc)
 
 // UnmarshalManifest looks up manifest unmarshal functions based on
 // MediaType
diff --git a/vendor/github.com/docker/distribution/reference/normalize.go b/vendor/github.com/docker/distribution/reference/normalize.go
index 2d71fc5e9ffd9..b3dfb7a6d7e12 100644
--- a/vendor/github.com/docker/distribution/reference/normalize.go
+++ b/vendor/github.com/docker/distribution/reference/normalize.go
@@ -56,6 +56,35 @@ func ParseNormalizedNamed(s string) (Named, error) {
 	return named, nil
 }
 
+// ParseDockerRef normalizes the image reference following the docker convention. This is added
+// mainly for backward compatibility.
+// The reference returned can only be either tagged or digested. For reference contains both tag
+// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@
+// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as
+// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa.
+func ParseDockerRef(ref string) (Named, error) {
+	named, err := ParseNormalizedNamed(ref)
+	if err != nil {
+		return nil, err
+	}
+	if _, ok := named.(NamedTagged); ok {
+		if canonical, ok := named.(Canonical); ok {
+			// The reference is both tagged and digested, only
+			// return digested.
+			newNamed, err := WithName(canonical.Name())
+			if err != nil {
+				return nil, err
+			}
+			newCanonical, err := WithDigest(newNamed, canonical.Digest())
+			if err != nil {
+				return nil, err
+			}
+			return newCanonical, nil
+		}
+	}
+	return TagNameOnly(named), nil
+}
+
 // splitDockerDomain splits a repository name to domain and remotename string.
 // If no valid domain is found, the default domain is used. Repository name
 // needs to be already validated before.
diff --git a/vendor/github.com/docker/distribution/reference/reference.go b/vendor/github.com/docker/distribution/reference/reference.go
index 2f66cca87a3c1..8c0c23b2fe1b7 100644
--- a/vendor/github.com/docker/distribution/reference/reference.go
+++ b/vendor/github.com/docker/distribution/reference/reference.go
@@ -205,7 +205,7 @@ func Parse(s string) (Reference, error) {
 	var repo repository
 
 	nameMatch := anchoredNameRegexp.FindStringSubmatch(matches[1])
-	if nameMatch != nil && len(nameMatch) == 3 {
+	if len(nameMatch) == 3 {
 		repo.domain = nameMatch[1]
 		repo.path = nameMatch[2]
 	} else {
diff --git a/vendor/github.com/docker/distribution/registry.go b/vendor/github.com/docker/distribution/registry.go
index a3a80ab884c20..6c32109894d5e 100644
--- a/vendor/github.com/docker/distribution/registry.go
+++ b/vendor/github.com/docker/distribution/registry.go
@@ -54,6 +54,11 @@ type RepositoryEnumerator interface {
 	Enumerate(ctx context.Context, ingester func(string) error) error
 }
 
+// RepositoryRemover removes given repository
+type RepositoryRemover interface {
+	Remove(ctx context.Context, name reference.Named) error
+}
+
 // ManifestServiceOption is a function argument for Manifest Service methods
 type ManifestServiceOption interface {
 	Apply(ManifestService) error
diff --git a/vendor/github.com/docker/distribution/registry/api/errcode/errors.go b/vendor/github.com/docker/distribution/registry/api/errcode/errors.go
index 6d9bb4b62afba..4c35b879afd8f 100644
--- a/vendor/github.com/docker/distribution/registry/api/errcode/errors.go
+++ b/vendor/github.com/docker/distribution/registry/api/errcode/errors.go
@@ -207,11 +207,11 @@ func (errs Errors) MarshalJSON() ([]byte, error) {
 	for _, daErr := range errs {
 		var err Error
 
-		switch daErr.(type) {
+		switch daErr := daErr.(type) {
 		case ErrorCode:
-			err = daErr.(ErrorCode).WithDetail(nil)
+			err = daErr.WithDetail(nil)
 		case Error:
-			err = daErr.(Error)
+			err = daErr
 		default:
 			err = ErrorCodeUnknown.WithDetail(daErr)
 
diff --git a/vendor/github.com/docker/distribution/registry/api/v2/routes.go b/vendor/github.com/docker/distribution/registry/api/v2/routes.go
index 5b80d5be76a5f..9612ac2e5a502 100644
--- a/vendor/github.com/docker/distribution/registry/api/v2/routes.go
+++ b/vendor/github.com/docker/distribution/registry/api/v2/routes.go
@@ -14,15 +14,6 @@ const (
 	RouteNameCatalog         = "catalog"
 )
 
-var allEndpoints = []string{
-	RouteNameManifest,
-	RouteNameCatalog,
-	RouteNameTags,
-	RouteNameBlob,
-	RouteNameBlobUpload,
-	RouteNameBlobUploadChunk,
-}
-
 // Router builds a gorilla router with named routes for the various API
 // methods. This can be used directly by both server implementations and
 // clients.
diff --git a/vendor/github.com/docker/distribution/registry/api/v2/urls.go b/vendor/github.com/docker/distribution/registry/api/v2/urls.go
index 1337bdb1276da..3c3ec9893306d 100644
--- a/vendor/github.com/docker/distribution/registry/api/v2/urls.go
+++ b/vendor/github.com/docker/distribution/registry/api/v2/urls.go
@@ -252,15 +252,3 @@ func appendValuesURL(u *url.URL, values ...url.Values) *url.URL {
 	u.RawQuery = merged.Encode()
 	return u
 }
-
-// appendValues appends the parameters to the url. Panics if the string is not
-// a url.
-func appendValues(u string, values ...url.Values) string {
-	up, err := url.Parse(u)
-
-	if err != nil {
-		panic(err) // should never happen
-	}
-
-	return appendValuesURL(up, values...).String()
-}
diff --git a/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go b/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go
index 6e3f1ccc410df..fe238210cd7dc 100644
--- a/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go
+++ b/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go
@@ -117,8 +117,8 @@ func init() {
 		var t octetType
 		isCtl := c <= 31 || c == 127
 		isChar := 0 <= c && c <= 127
-		isSeparator := strings.IndexRune(" \t\"(),/:;<=>?@[]\\{}", rune(c)) >= 0
-		if strings.IndexRune(" \t\r\n", rune(c)) >= 0 {
+		isSeparator := strings.ContainsRune(" \t\"(),/:;<=>?@[]\\{}", rune(c))
+		if strings.ContainsRune(" \t\r\n", rune(c)) {
 			t |= isSpace
 		}
 		if isChar && !isCtl && !isSeparator {
diff --git a/vendor/github.com/docker/distribution/registry/client/auth/session.go b/vendor/github.com/docker/distribution/registry/client/auth/session.go
index db86c9b067c3d..aad8a0e6f5c6e 100644
--- a/vendor/github.com/docker/distribution/registry/client/auth/session.go
+++ b/vendor/github.com/docker/distribution/registry/client/auth/session.go
@@ -68,7 +68,6 @@ func NewAuthorizer(manager challenge.Manager, handlers ...AuthenticationHandler)
 type endpointAuthorizer struct {
 	challenges challenge.Manager
 	handlers   []AuthenticationHandler
-	transport  http.RoundTripper
 }
 
 func (ea *endpointAuthorizer) ModifyRequest(req *http.Request) error {
@@ -121,7 +120,6 @@ type clock interface {
 }
 
 type tokenHandler struct {
-	header    http.Header
 	creds     CredentialStore
 	transport http.RoundTripper
 	clock     clock
diff --git a/vendor/github.com/docker/distribution/registry/client/repository.go b/vendor/github.com/docker/distribution/registry/client/repository.go
index d8e2c795d9536..aa442e654064c 100644
--- a/vendor/github.com/docker/distribution/registry/client/repository.go
+++ b/vendor/github.com/docker/distribution/registry/client/repository.go
@@ -81,9 +81,8 @@ func NewRegistry(baseURL string, transport http.RoundTripper) (Registry, error)
 }
 
 type registry struct {
-	client  *http.Client
-	ub      *v2.URLBuilder
-	context context.Context
+	client *http.Client
+	ub     *v2.URLBuilder
 }
 
 // Repositories returns a lexigraphically sorted catalog given a base URL.  The 'entries' slice will be filled up to the size
@@ -152,10 +151,9 @@ func NewRepository(name reference.Named, baseURL string, transport http.RoundTri
 }
 
 type repository struct {
-	client  *http.Client
-	ub      *v2.URLBuilder
-	context context.Context
-	name    reference.Named
+	client *http.Client
+	ub     *v2.URLBuilder
+	name   reference.Named
 }
 
 func (r *repository) Named() reference.Named {
diff --git a/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go b/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go
index e5ff09d756420..1d0b382fb511b 100644
--- a/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go
+++ b/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"os"
 	"regexp"
 	"strconv"
 )
@@ -97,7 +96,7 @@ func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) {
 
 	lastReaderOffset := hrs.readerOffset
 
-	if whence == os.SEEK_SET && hrs.rc == nil {
+	if whence == io.SeekStart && hrs.rc == nil {
 		// If no request has been made yet, and we are seeking to an
 		// absolute position, set the read offset as well to avoid an
 		// unnecessary request.
@@ -113,14 +112,14 @@ func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) {
 	newOffset := hrs.seekOffset
 
 	switch whence {
-	case os.SEEK_CUR:
+	case io.SeekCurrent:
 		newOffset += offset
-	case os.SEEK_END:
+	case io.SeekEnd:
 		if hrs.size < 0 {
 			return 0, errors.New("content length not known")
 		}
 		newOffset = hrs.size + offset
-	case os.SEEK_SET:
+	case io.SeekStart:
 		newOffset = offset
 	}
 
diff --git a/vendor/github.com/docker/distribution/uuid/uuid.go b/vendor/github.com/docker/distribution/uuid/uuid.go
deleted file mode 100644
index d433ccaf512d7..0000000000000
--- a/vendor/github.com/docker/distribution/uuid/uuid.go
+++ /dev/null
@@ -1,126 +0,0 @@
-// Package uuid provides simple UUID generation. Only version 4 style UUIDs
-// can be generated.
-//
-// Please see http://tools.ietf.org/html/rfc4122 for details on UUIDs.
-package uuid
-
-import (
-	"crypto/rand"
-	"fmt"
-	"io"
-	"os"
-	"syscall"
-	"time"
-)
-
-const (
-	// Bits is the number of bits in a UUID
-	Bits = 128
-
-	// Size is the number of bytes in a UUID
-	Size = Bits / 8
-
-	format = "%08x-%04x-%04x-%04x-%012x"
-)
-
-var (
-	// ErrUUIDInvalid indicates a parsed string is not a valid uuid.
-	ErrUUIDInvalid = fmt.Errorf("invalid uuid")
-
-	// Loggerf can be used to override the default logging destination. Such
-	// log messages in this library should be logged at warning or higher.
-	Loggerf = func(format string, args ...interface{}) {}
-)
-
-// UUID represents a UUID value. UUIDs can be compared and set to other values
-// and accessed by byte.
-type UUID [Size]byte
-
-// Generate creates a new, version 4 uuid.
-func Generate() (u UUID) {
-	const (
-		// ensures we backoff for less than 450ms total. Use the following to
-		// select new value, in units of 10ms:
-		// 	n*(n+1)/2 = d -> n^2 + n - 2d -> n = (sqrt(8d + 1) - 1)/2
-		maxretries = 9
-		backoff    = time.Millisecond * 10
-	)
-
-	var (
-		totalBackoff time.Duration
-		count        int
-		retries      int
-	)
-
-	for {
-		// This should never block but the read may fail. Because of this,
-		// we just try to read the random number generator until we get
-		// something. This is a very rare condition but may happen.
-		b := time.Duration(retries) * backoff
-		time.Sleep(b)
-		totalBackoff += b
-
-		n, err := io.ReadFull(rand.Reader, u[count:])
-		if err != nil {
-			if retryOnError(err) && retries < maxretries {
-				count += n
-				retries++
-				Loggerf("error generating version 4 uuid, retrying: %v", err)
-				continue
-			}
-
-			// Any other errors represent a system problem. What did someone
-			// do to /dev/urandom?
-			panic(fmt.Errorf("error reading random number generator, retried for %v: %v", totalBackoff.String(), err))
-		}
-
-		break
-	}
-
-	u[6] = (u[6] & 0x0f) | 0x40 // set version byte
-	u[8] = (u[8] & 0x3f) | 0x80 // set high order byte 0b10{8,9,a,b}
-
-	return u
-}
-
-// Parse attempts to extract a uuid from the string or returns an error.
-func Parse(s string) (u UUID, err error) {
-	if len(s) != 36 {
-		return UUID{}, ErrUUIDInvalid
-	}
-
-	// create stack addresses for each section of the uuid.
-	p := make([][]byte, 5)
-
-	if _, err := fmt.Sscanf(s, format, &p[0], &p[1], &p[2], &p[3], &p[4]); err != nil {
-		return u, err
-	}
-
-	copy(u[0:4], p[0])
-	copy(u[4:6], p[1])
-	copy(u[6:8], p[2])
-	copy(u[8:10], p[3])
-	copy(u[10:16], p[4])
-
-	return
-}
-
-func (u UUID) String() string {
-	return fmt.Sprintf(format, u[:4], u[4:6], u[6:8], u[8:10], u[10:])
-}
-
-// retryOnError tries to detect whether or not retrying would be fruitful.
-func retryOnError(err error) bool {
-	switch err := err.(type) {
-	case *os.PathError:
-		return retryOnError(err.Err) // unpack the target error
-	case syscall.Errno:
-		if err == syscall.EPERM {
-			// EPERM represents an entropy pool exhaustion, a condition under
-			// which we backoff and retry.
-			return true
-		}
-	}
-
-	return false
-}
diff --git a/vendor/github.com/docker/distribution/vendor.conf b/vendor/github.com/docker/distribution/vendor.conf
index d0ebadf8b9b69..12f71672f3964 100644
--- a/vendor/github.com/docker/distribution/vendor.conf
+++ b/vendor/github.com/docker/distribution/vendor.conf
@@ -1,16 +1,15 @@
-github.com/Azure/azure-sdk-for-go 088007b3b08cc02b27f2eadfdcd870958460ce7e
-github.com/Azure/go-autorest ec5f4903f77ed9927ac95b19ab8e44ada64c1356
+github.com/Azure/azure-sdk-for-go 4650843026a7fdec254a8d9cf893693a254edd0b
+github.com/Azure/go-autorest eaa7994b2278094c904d31993d26f56324db3052
 github.com/sirupsen/logrus 3d4380f53a34dcdc95f0c1db702615992b38d9a4
-github.com/aws/aws-sdk-go 5bcc0a238d880469f949fc7cd24e35f32ab80cbd
+github.com/aws/aws-sdk-go f831d5a0822a1ad72420ab18c6269bca1ddaf490
 github.com/bshuster-repo/logrus-logstash-hook d2c0ecc1836d91814e15e23bb5dc309c3ef51f4a
 github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
 github.com/bugsnag/bugsnag-go b1d153021fcd90ca3f080db36bec96dc690fb274
 github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
 github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
-github.com/denverdino/aliyungo afedced274aa9a7fcdd47ac97018f0f8db4e5de2
+github.com/denverdino/aliyungo 6df11717a253d9c7d4141f9af4deaa7c580cd531
 github.com/dgrijalva/jwt-go a601269ab70c205d26370c16f7c81e9017c14e04
 github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab
-github.com/docker/goamz f0a21f5b2e12f83a505ecf79b633bb2035cf6f85
 github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21
 github.com/garyburd/redigo 535138d7bcd717d6531c701ef5933d98b1866257
 github.com/go-ini/ini 2ba15ac2dc9cdf88c110ec2dc0ced7fa45f5678c
@@ -19,17 +18,19 @@ github.com/gorilla/handlers 60c7bfde3e33c201519a200a4507a158cc03a17b
 github.com/gorilla/mux 599cba5e7b6137d46ddf58fb1765f5d928e69604
 github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
 github.com/jmespath/go-jmespath bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d
+github.com/marstr/guid 8bd9a64bf37eb297b492a4101fb28e80ac0b290f
+github.com/satori/go.uuid f58768cc1a7a7e77a3bd49e98cdd21419399b6a3
 github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c
 github.com/miekg/dns 271c58e0c14f552178ea321a545ff9af38930f39
 github.com/mitchellh/mapstructure 482a9fd5fa83e8c4e7817413b80f3eb8feec03ef
-github.com/ncw/swift b964f2ca856aac39885e258ad25aec08d5f64ee6
+github.com/ncw/swift a0320860b16212c2b59b4912bb6508cda1d7cee6
 github.com/prometheus/client_golang c332b6f63c0658a65eca15c0e5247ded801cf564
 github.com/prometheus/client_model 99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c
 github.com/prometheus/common 89604d197083d4781071d3c65855d24ecfb0a563
 github.com/prometheus/procfs cb4147076ac75738c9a7d279075a253c0cc5acbd
+github.com/Shopify/logrus-bugsnag 577dee27f20dd8f1a529f82210094af593be12bd
 github.com/spf13/cobra 312092086bed4968099259622145a0c9ae280064
 github.com/spf13/pflag 5644820622454e71517561946e3d94b9f9db6842
-github.com/stevvooe/resumable 2aaf90b2ceea5072cb503ef2a620b08ff3119870
 github.com/xenolf/lego a9d8cec0e6563575e5868a005359ac97911b5985
 github.com/yvasiyarov/go-metrics 57bccd1ccd43f94bb17fdd8bf3007059b802f85e
 github.com/yvasiyarov/gorelic a9bba5b9ab508a086f9a12b8c51fab68478e2128
@@ -44,6 +45,7 @@ google.golang.org/cloud 975617b05ea8a58727e6c1a06b6161ff4185a9f2
 google.golang.org/grpc d3ddb4469d5a1b949fc7a7da7c1d6a0d1b6de994
 gopkg.in/check.v1 64131543e7896d5bcc6bd5a76287eb75ea96c673
 gopkg.in/square/go-jose.v1 40d457b439244b546f023d056628e5184136899b
-gopkg.in/yaml.v2 bef53efd0c76e49e6de55ead051f886bea7e9420
+gopkg.in/yaml.v2 v2.2.1
 rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git
 github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
+github.com/opencontainers/image-spec ab7389ef9f50030c9b245bc16b981c7ddf192882
diff --git a/vendor/github.com/docker/go-events/retry.go b/vendor/github.com/docker/go-events/retry.go
index 2df55d21607bf..b7f0a54225287 100644
--- a/vendor/github.com/docker/go-events/retry.go
+++ b/vendor/github.com/docker/go-events/retry.go
@@ -203,8 +203,8 @@ type ExponentialBackoffConfig struct {
 // ExponentialBackoff implements random backoff with exponentially increasing
 // bounds as the number consecutive failures increase.
 type ExponentialBackoff struct {
+	failures uint64 // consecutive failure counter (needs to be 64-bit aligned)
 	config   ExponentialBackoffConfig
-	failures uint64 // consecutive failure counter.
 }
 
 // NewExponentialBackoff returns an exponential backoff strategy with the
diff --git a/vendor/github.com/docker/go-metrics/LICENSE.code b/vendor/github.com/docker/go-metrics/LICENSE
similarity index 100%
rename from vendor/github.com/docker/go-metrics/LICENSE.code
rename to vendor/github.com/docker/go-metrics/LICENSE
diff --git a/vendor/github.com/docker/go-metrics/README.md b/vendor/github.com/docker/go-metrics/README.md
index fdf7fb746fe67..a9e947cb566b2 100644
--- a/vendor/github.com/docker/go-metrics/README.md
+++ b/vendor/github.com/docker/go-metrics/README.md
@@ -68,9 +68,21 @@ If you need to use a unit but it is not defined in the package please open a PR
 
 Package documentation can be found [here](https://godoc.org/github.com/docker/go-metrics).
 
+## HTTP Metrics
+
+To instrument a http handler, you can wrap the code like this:
+
+```go
+namespace := metrics.NewNamespace("docker_distribution", "http", metrics.Labels{"handler": "your_http_handler_name"})
+httpMetrics := namespace.NewDefaultHttpMetrics()
+metrics.Register(namespace)
+instrumentedHandler = metrics.InstrumentHandler(httpMetrics, unInstrumentedHandler)
+```
+Note: The `handler` label must be provided when a new namespace is created.
+
 ## Additional Metrics
 
-Additional metrics are also defined here that are not avaliable in the prometheus client.
+Additional metrics are also defined here that are not available in the prometheus client.
 If you need a custom metrics and it is generic enough to be used by multiple projects, define it here.
 
 
diff --git a/vendor/github.com/docker/go-metrics/go.mod b/vendor/github.com/docker/go-metrics/go.mod
new file mode 100644
index 0000000000000..7e328f0cffe3b
--- /dev/null
+++ b/vendor/github.com/docker/go-metrics/go.mod
@@ -0,0 +1,5 @@
+module github.com/docker/go-metrics
+
+go 1.11
+
+require github.com/prometheus/client_golang v1.1.0
diff --git a/vendor/github.com/docker/go-metrics/handler.go b/vendor/github.com/docker/go-metrics/handler.go
index bb3be41d364d8..05601e9ecd289 100644
--- a/vendor/github.com/docker/go-metrics/handler.go
+++ b/vendor/github.com/docker/go-metrics/handler.go
@@ -4,10 +4,71 @@ import (
 	"net/http"
 
 	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+)
+
+// HTTPHandlerOpts describes a set of configurable options of http metrics
+type HTTPHandlerOpts struct {
+	DurationBuckets     []float64
+	RequestSizeBuckets  []float64
+	ResponseSizeBuckets []float64
+}
+
+const (
+	InstrumentHandlerResponseSize = iota
+	InstrumentHandlerRequestSize
+	InstrumentHandlerDuration
+	InstrumentHandlerCounter
+	InstrumentHandlerInFlight
+)
+
+type HTTPMetric struct {
+	prometheus.Collector
+	handlerType int
+}
+
+var (
+	defaultDurationBuckets     = []float64{.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10, 25, 60}
+	defaultRequestSizeBuckets  = prometheus.ExponentialBuckets(1024, 2, 22) //1K to 4G
+	defaultResponseSizeBuckets = defaultRequestSizeBuckets
 )
 
 // Handler returns the global http.Handler that provides the prometheus
-// metrics format on GET requests
+// metrics format on GET requests. This handler is no longer instrumented.
 func Handler() http.Handler {
-	return prometheus.Handler()
+	return promhttp.Handler()
+}
+
+func InstrumentHandler(metrics []*HTTPMetric, handler http.Handler) http.HandlerFunc {
+	return InstrumentHandlerFunc(metrics, handler.ServeHTTP)
+}
+
+func InstrumentHandlerFunc(metrics []*HTTPMetric, handlerFunc http.HandlerFunc) http.HandlerFunc {
+	var handler http.Handler
+	handler = http.HandlerFunc(handlerFunc)
+	for _, metric := range metrics {
+		switch metric.handlerType {
+		case InstrumentHandlerResponseSize:
+			if collector, ok := metric.Collector.(prometheus.ObserverVec); ok {
+				handler = promhttp.InstrumentHandlerResponseSize(collector, handler)
+			}
+		case InstrumentHandlerRequestSize:
+			if collector, ok := metric.Collector.(prometheus.ObserverVec); ok {
+				handler = promhttp.InstrumentHandlerRequestSize(collector, handler)
+			}
+		case InstrumentHandlerDuration:
+			if collector, ok := metric.Collector.(prometheus.ObserverVec); ok {
+				handler = promhttp.InstrumentHandlerDuration(collector, handler)
+			}
+		case InstrumentHandlerCounter:
+			if collector, ok := metric.Collector.(*prometheus.CounterVec); ok {
+				handler = promhttp.InstrumentHandlerCounter(collector, handler)
+			}
+		case InstrumentHandlerInFlight:
+			if collector, ok := metric.Collector.(prometheus.Gauge); ok {
+				handler = promhttp.InstrumentHandlerInFlight(collector, handler)
+			}
+		}
+	}
+	return handler.ServeHTTP
 }
diff --git a/vendor/github.com/docker/go-metrics/namespace.go b/vendor/github.com/docker/go-metrics/namespace.go
index 7734c294595f3..798315451a7d6 100644
--- a/vendor/github.com/docker/go-metrics/namespace.go
+++ b/vendor/github.com/docker/go-metrics/namespace.go
@@ -179,3 +179,137 @@ func makeName(name string, unit Unit) string {
 
 	return fmt.Sprintf("%s_%s", name, unit)
 }
+
+func (n *Namespace) NewDefaultHttpMetrics(handlerName string) []*HTTPMetric {
+	return n.NewHttpMetricsWithOpts(handlerName, HTTPHandlerOpts{
+		DurationBuckets:     defaultDurationBuckets,
+		RequestSizeBuckets:  defaultResponseSizeBuckets,
+		ResponseSizeBuckets: defaultResponseSizeBuckets,
+	})
+}
+
+func (n *Namespace) NewHttpMetrics(handlerName string, durationBuckets, requestSizeBuckets, responseSizeBuckets []float64) []*HTTPMetric {
+	return n.NewHttpMetricsWithOpts(handlerName, HTTPHandlerOpts{
+		DurationBuckets:     durationBuckets,
+		RequestSizeBuckets:  requestSizeBuckets,
+		ResponseSizeBuckets: responseSizeBuckets,
+	})
+}
+
+func (n *Namespace) NewHttpMetricsWithOpts(handlerName string, opts HTTPHandlerOpts) []*HTTPMetric {
+	var httpMetrics []*HTTPMetric
+	inFlightMetric := n.NewInFlightGaugeMetric(handlerName)
+	requestTotalMetric := n.NewRequestTotalMetric(handlerName)
+	requestDurationMetric := n.NewRequestDurationMetric(handlerName, opts.DurationBuckets)
+	requestSizeMetric := n.NewRequestSizeMetric(handlerName, opts.RequestSizeBuckets)
+	responseSizeMetric := n.NewResponseSizeMetric(handlerName, opts.ResponseSizeBuckets)
+	httpMetrics = append(httpMetrics, inFlightMetric, requestDurationMetric, requestTotalMetric, requestSizeMetric, responseSizeMetric)
+	return httpMetrics
+}
+
+func (n *Namespace) NewInFlightGaugeMetric(handlerName string) *HTTPMetric {
+	labels := prometheus.Labels(n.labels)
+	labels["handler"] = handlerName
+	metric := prometheus.NewGauge(prometheus.GaugeOpts{
+		Namespace:   n.name,
+		Subsystem:   n.subsystem,
+		Name:        "in_flight_requests",
+		Help:        "The in-flight HTTP requests",
+		ConstLabels: prometheus.Labels(labels),
+	})
+	httpMetric := &HTTPMetric{
+		Collector:   metric,
+		handlerType: InstrumentHandlerInFlight,
+	}
+	n.Add(httpMetric)
+	return httpMetric
+}
+
+func (n *Namespace) NewRequestTotalMetric(handlerName string) *HTTPMetric {
+	labels := prometheus.Labels(n.labels)
+	labels["handler"] = handlerName
+	metric := prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Namespace:   n.name,
+			Subsystem:   n.subsystem,
+			Name:        "requests_total",
+			Help:        "Total number of HTTP requests made.",
+			ConstLabels: prometheus.Labels(labels),
+		},
+		[]string{"code", "method"},
+	)
+	httpMetric := &HTTPMetric{
+		Collector:   metric,
+		handlerType: InstrumentHandlerCounter,
+	}
+	n.Add(httpMetric)
+	return httpMetric
+}
+func (n *Namespace) NewRequestDurationMetric(handlerName string, buckets []float64) *HTTPMetric {
+	if len(buckets) == 0 {
+		panic("DurationBuckets must be provided")
+	}
+	labels := prometheus.Labels(n.labels)
+	labels["handler"] = handlerName
+	opts := prometheus.HistogramOpts{
+		Namespace:   n.name,
+		Subsystem:   n.subsystem,
+		Name:        "request_duration_seconds",
+		Help:        "The HTTP request latencies in seconds.",
+		Buckets:     buckets,
+		ConstLabels: prometheus.Labels(labels),
+	}
+	metric := prometheus.NewHistogramVec(opts, []string{"method"})
+	httpMetric := &HTTPMetric{
+		Collector:   metric,
+		handlerType: InstrumentHandlerDuration,
+	}
+	n.Add(httpMetric)
+	return httpMetric
+}
+
+func (n *Namespace) NewRequestSizeMetric(handlerName string, buckets []float64) *HTTPMetric {
+	if len(buckets) == 0 {
+		panic("RequestSizeBuckets must be provided")
+	}
+	labels := prometheus.Labels(n.labels)
+	labels["handler"] = handlerName
+	opts := prometheus.HistogramOpts{
+		Namespace:   n.name,
+		Subsystem:   n.subsystem,
+		Name:        "request_size_bytes",
+		Help:        "The HTTP request sizes in bytes.",
+		Buckets:     buckets,
+		ConstLabels: prometheus.Labels(labels),
+	}
+	metric := prometheus.NewHistogramVec(opts, []string{})
+	httpMetric := &HTTPMetric{
+		Collector:   metric,
+		handlerType: InstrumentHandlerRequestSize,
+	}
+	n.Add(httpMetric)
+	return httpMetric
+}
+
+func (n *Namespace) NewResponseSizeMetric(handlerName string, buckets []float64) *HTTPMetric {
+	if len(buckets) == 0 {
+		panic("ResponseSizeBuckets must be provided")
+	}
+	labels := prometheus.Labels(n.labels)
+	labels["handler"] = handlerName
+	opts := prometheus.HistogramOpts{
+		Namespace:   n.name,
+		Subsystem:   n.subsystem,
+		Name:        "response_size_bytes",
+		Help:        "The HTTP response sizes in bytes.",
+		Buckets:     buckets,
+		ConstLabels: prometheus.Labels(labels),
+	}
+	metrics := prometheus.NewHistogramVec(opts, []string{})
+	httpMetric := &HTTPMetric{
+		Collector:   metrics,
+		handlerType: InstrumentHandlerResponseSize,
+	}
+	n.Add(httpMetric)
+	return httpMetric
+}
diff --git a/vendor/github.com/docker/go-metrics/timer.go b/vendor/github.com/docker/go-metrics/timer.go
index e91eca76bd985..824c98739cf5d 100644
--- a/vendor/github.com/docker/go-metrics/timer.go
+++ b/vendor/github.com/docker/go-metrics/timer.go
@@ -28,15 +28,27 @@ type Timer interface {
 
 // LabeledTimer is a timer that must have label values populated before use.
 type LabeledTimer interface {
-	WithValues(labels ...string) Timer
+	WithValues(labels ...string) *labeledTimerObserver
 }
 
 type labeledTimer struct {
 	m *prometheus.HistogramVec
 }
 
-func (lt *labeledTimer) WithValues(labels ...string) Timer {
-	return &timer{m: lt.m.WithLabelValues(labels...)}
+type labeledTimerObserver struct {
+	m prometheus.Observer
+}
+
+func (lbo *labeledTimerObserver) Update(duration time.Duration) {
+	lbo.m.Observe(duration.Seconds())
+}
+
+func (lbo *labeledTimerObserver) UpdateSince(since time.Time) {
+	lbo.m.Observe(time.Since(since).Seconds())
+}
+
+func (lt *labeledTimer) WithValues(labels ...string) *labeledTimerObserver {
+	return &labeledTimerObserver{m: lt.m.WithLabelValues(labels...)}
 }
 
 func (lt *labeledTimer) Describe(c chan<- *prometheus.Desc) {
@@ -48,7 +60,7 @@ func (lt *labeledTimer) Collect(c chan<- prometheus.Metric) {
 }
 
 type timer struct {
-	m prometheus.Histogram
+	m prometheus.Observer
 }
 
 func (t *timer) Update(duration time.Duration) {
@@ -60,9 +72,14 @@ func (t *timer) UpdateSince(since time.Time) {
 }
 
 func (t *timer) Describe(c chan<- *prometheus.Desc) {
-	t.m.Describe(c)
+	c <- t.m.(prometheus.Metric).Desc()
 }
 
 func (t *timer) Collect(c chan<- prometheus.Metric) {
-	t.m.Collect(c)
+	// Are there any observers that don't implement Collector? It is really
+	// unclear what the point of the upstream change was, but we'll let this
+	// panic if we get an observer that doesn't implement collector. In this
+	// case, we should almost always see metricVec objects, so this should
+	// never panic.
+	t.m.(prometheus.Collector).Collect(c)
 }
diff --git a/vendor/github.com/docker/go-units/duration.go b/vendor/github.com/docker/go-units/duration.go
index ba02af26dc5ce..48dd8744d4331 100644
--- a/vendor/github.com/docker/go-units/duration.go
+++ b/vendor/github.com/docker/go-units/duration.go
@@ -18,7 +18,7 @@ func HumanDuration(d time.Duration) string {
 		return fmt.Sprintf("%d seconds", seconds)
 	} else if minutes := int(d.Minutes()); minutes == 1 {
 		return "About a minute"
-	} else if minutes < 46 {
+	} else if minutes < 60 {
 		return fmt.Sprintf("%d minutes", minutes)
 	} else if hours := int(d.Hours() + 0.5); hours == 1 {
 		return "About an hour"
diff --git a/vendor/github.com/docker/go-units/ulimit.go b/vendor/github.com/docker/go-units/ulimit.go
index 5ac7fd825fcee..fca0400cc82bb 100644
--- a/vendor/github.com/docker/go-units/ulimit.go
+++ b/vendor/github.com/docker/go-units/ulimit.go
@@ -96,8 +96,13 @@ func ParseUlimit(val string) (*Ulimit, error) {
 		return nil, fmt.Errorf("too many limit value arguments - %s, can only have up to two, `soft[:hard]`", parts[1])
 	}
 
-	if soft > *hard {
-		return nil, fmt.Errorf("ulimit soft limit must be less than or equal to hard limit: %d > %d", soft, *hard)
+	if *hard != -1 {
+		if soft == -1 {
+			return nil, fmt.Errorf("ulimit soft limit must be less than or equal to hard limit: soft: -1 (unlimited), hard: %d", *hard)
+		}
+		if soft > *hard {
+			return nil, fmt.Errorf("ulimit soft limit must be less than or equal to hard limit: %d > %d", soft, *hard)
+		}
 	}
 
 	return &Ulimit{Name: parts[0], Soft: soft, Hard: *hard}, nil
diff --git a/vendor/github.com/docker/libnetwork/README.md b/vendor/github.com/docker/libnetwork/README.md
deleted file mode 100644
index a9020381abe8f..0000000000000
--- a/vendor/github.com/docker/libnetwork/README.md
+++ /dev/null
@@ -1,100 +0,0 @@
-# libnetwork - networking for containers
-
-[![Circle CI](https://circleci.com/gh/docker/libnetwork/tree/master.svg?style=svg)](https://circleci.com/gh/docker/libnetwork/tree/master) [![Coverage Status](https://coveralls.io/repos/docker/libnetwork/badge.svg)](https://coveralls.io/r/docker/libnetwork) [![GoDoc](https://godoc.org/github.com/docker/libnetwork?status.svg)](https://godoc.org/github.com/docker/libnetwork) [![Go Report Card](https://goreportcard.com/badge/github.com/docker/libnetwork)](https://goreportcard.com/report/github.com/docker/libnetwork)
-
-Libnetwork provides a native Go implementation for connecting containers
-
-The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications.
-
-#### Design
-Please refer to the [design](docs/design.md) for more information.
-
-#### Using libnetwork
-
-There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users.
-
-
-```go
-import (
-	"fmt"
-	"log"
-
-	"github.com/docker/docker/pkg/reexec"
-	"github.com/docker/libnetwork"
-	"github.com/docker/libnetwork/config"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/options"
-)
-
-func main() {
-	if reexec.Init() {
-		return
-	}
-
-	// Select and configure the network driver
-	networkType := "bridge"
-
-	// Create a new controller instance
-	driverOptions := options.Generic{}
-	genericOption := make(map[string]interface{})
-	genericOption[netlabel.GenericData] = driverOptions
-	controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption))
-	if err != nil {
-		log.Fatalf("libnetwork.New: %s", err)
-	}
-
-	// Create a network for containers to join.
-	// NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use.
-	network, err := controller.NewNetwork(networkType, "network1", "")
-	if err != nil {
-		log.Fatalf("controller.NewNetwork: %s", err)
-	}
-
-	// For each new container: allocate IP and interfaces. The returned network
-	// settings will be used for container infos (inspect and such), as well as
-	// iptables rules for port publishing. This info is contained or accessible
-	// from the returned endpoint.
-	ep, err := network.CreateEndpoint("Endpoint1")
-	if err != nil {
-		log.Fatalf("network.CreateEndpoint: %s", err)
-	}
-
-	// Create the sandbox for the container.
-	// NewSandbox accepts Variadic optional arguments which libnetwork can use.
-	sbx, err := controller.NewSandbox("container1",
-		libnetwork.OptionHostname("test"),
-		libnetwork.OptionDomainname("docker.io"))
-	if err != nil {
-		log.Fatalf("controller.NewSandbox: %s", err)
-	}
-
-	// A sandbox can join the endpoint via the join api.
-	err = ep.Join(sbx)
-	if err != nil {
-		log.Fatalf("ep.Join: %s", err)
-	}
-
-	// libnetwork client can check the endpoint's operational data via the Info() API
-	epInfo, err := ep.DriverInfo()
-	if err != nil {
-		log.Fatalf("ep.DriverInfo: %s", err)
-	}
-
-	macAddress, ok := epInfo[netlabel.MacAddress]
-	if !ok {
-		log.Fatalf("failed to get mac address from endpoint info")
-	}
-
-	fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key())
-}
-```
-
-## Future
-Please refer to [roadmap](ROADMAP.md) for more information.
-
-## Contributing
-
-Want to hack on libnetwork? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply.
-
-## Copyright and license
-Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.
diff --git a/vendor/github.com/docker/libnetwork/bitseq/sequence.go b/vendor/github.com/docker/libnetwork/bitseq/sequence.go
deleted file mode 100644
index e10b2eedc09b3..0000000000000
--- a/vendor/github.com/docker/libnetwork/bitseq/sequence.go
+++ /dev/null
@@ -1,736 +0,0 @@
-// Package bitseq provides a structure and utilities for representing long bitmask
-// as sequence of run-length encoded blocks. It operates directly on the encoded
-// representation, it does not decode/encode.
-package bitseq
-
-import (
-	"encoding/binary"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"sync"
-
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-)
-
-// block sequence constants
-// If needed we can think of making these configurable
-const (
-	blockLen      = uint32(32)
-	blockBytes    = uint64(blockLen / 8)
-	blockMAX      = uint32(1<<blockLen - 1)
-	blockFirstBit = uint32(1) << (blockLen - 1)
-	invalidPos    = uint64(0xFFFFFFFFFFFFFFFF)
-)
-
-var (
-	// ErrNoBitAvailable is returned when no more bits are available to set
-	ErrNoBitAvailable = errors.New("no bit available")
-	// ErrBitAllocated is returned when the specific bit requested is already set
-	ErrBitAllocated = errors.New("requested bit is already allocated")
-)
-
-// Handle contains the sequence representing the bitmask and its identifier
-type Handle struct {
-	bits       uint64
-	unselected uint64
-	head       *sequence
-	app        string
-	id         string
-	dbIndex    uint64
-	dbExists   bool
-	curr       uint64
-	store      datastore.DataStore
-	sync.Mutex
-}
-
-// NewHandle returns a thread-safe instance of the bitmask handler
-func NewHandle(app string, ds datastore.DataStore, id string, numElements uint64) (*Handle, error) {
-	h := &Handle{
-		app:        app,
-		id:         id,
-		store:      ds,
-		bits:       numElements,
-		unselected: numElements,
-		head: &sequence{
-			block: 0x0,
-			count: getNumBlocks(numElements),
-		},
-	}
-
-	if h.store == nil {
-		return h, nil
-	}
-
-	// Get the initial status from the ds if present.
-	if err := h.store.GetObject(datastore.Key(h.Key()...), h); err != nil && err != datastore.ErrKeyNotFound {
-		return nil, err
-	}
-
-	// If the handle is not in store, write it.
-	if !h.Exists() {
-		if err := h.writeToStore(); err != nil {
-			return nil, fmt.Errorf("failed to write bitsequence to store: %v", err)
-		}
-	}
-
-	return h, nil
-}
-
-// sequence represents a recurring sequence of 32 bits long bitmasks
-type sequence struct {
-	block uint32    // block is a symbol representing 4 byte long allocation bitmask
-	count uint64    // number of consecutive blocks (symbols)
-	next  *sequence // next sequence
-}
-
-// String returns a string representation of the block sequence starting from this block
-func (s *sequence) toString() string {
-	var nextBlock string
-	if s.next == nil {
-		nextBlock = "end"
-	} else {
-		nextBlock = s.next.toString()
-	}
-	return fmt.Sprintf("(0x%x, %d)->%s", s.block, s.count, nextBlock)
-}
-
-// GetAvailableBit returns the position of the first unset bit in the bitmask represented by this sequence
-func (s *sequence) getAvailableBit(from uint64) (uint64, uint64, error) {
-	if s.block == blockMAX || s.count == 0 {
-		return invalidPos, invalidPos, ErrNoBitAvailable
-	}
-	bits := from
-	bitSel := blockFirstBit >> from
-	for bitSel > 0 && s.block&bitSel != 0 {
-		bitSel >>= 1
-		bits++
-	}
-	// Check if the loop exited because it could not
-	// find any available bit int block  starting from
-	// "from". Return invalid pos in that case.
-	if bitSel == 0 {
-		return invalidPos, invalidPos, ErrNoBitAvailable
-	}
-	return bits / 8, bits % 8, nil
-}
-
-// GetCopy returns a copy of the linked list rooted at this node
-func (s *sequence) getCopy() *sequence {
-	n := &sequence{block: s.block, count: s.count}
-	pn := n
-	ps := s.next
-	for ps != nil {
-		pn.next = &sequence{block: ps.block, count: ps.count}
-		pn = pn.next
-		ps = ps.next
-	}
-	return n
-}
-
-// Equal checks if this sequence is equal to the passed one
-func (s *sequence) equal(o *sequence) bool {
-	this := s
-	other := o
-	for this != nil {
-		if other == nil {
-			return false
-		}
-		if this.block != other.block || this.count != other.count {
-			return false
-		}
-		this = this.next
-		other = other.next
-	}
-	// Check if other is longer than this
-	if other != nil {
-		return false
-	}
-	return true
-}
-
-// ToByteArray converts the sequence into a byte array
-func (s *sequence) toByteArray() ([]byte, error) {
-	var bb []byte
-
-	p := s
-	for p != nil {
-		b := make([]byte, 12)
-		binary.BigEndian.PutUint32(b[0:], p.block)
-		binary.BigEndian.PutUint64(b[4:], p.count)
-		bb = append(bb, b...)
-		p = p.next
-	}
-
-	return bb, nil
-}
-
-// fromByteArray construct the sequence from the byte array
-func (s *sequence) fromByteArray(data []byte) error {
-	l := len(data)
-	if l%12 != 0 {
-		return fmt.Errorf("cannot deserialize byte sequence of length %d (%v)", l, data)
-	}
-
-	p := s
-	i := 0
-	for {
-		p.block = binary.BigEndian.Uint32(data[i : i+4])
-		p.count = binary.BigEndian.Uint64(data[i+4 : i+12])
-		i += 12
-		if i == l {
-			break
-		}
-		p.next = &sequence{}
-		p = p.next
-	}
-
-	return nil
-}
-
-func (h *Handle) getCopy() *Handle {
-	return &Handle{
-		bits:       h.bits,
-		unselected: h.unselected,
-		head:       h.head.getCopy(),
-		app:        h.app,
-		id:         h.id,
-		dbIndex:    h.dbIndex,
-		dbExists:   h.dbExists,
-		store:      h.store,
-		curr:       h.curr,
-	}
-}
-
-// SetAnyInRange atomically sets the first unset bit in the specified range in the sequence and returns the corresponding ordinal
-func (h *Handle) SetAnyInRange(start, end uint64, serial bool) (uint64, error) {
-	if end < start || end >= h.bits {
-		return invalidPos, fmt.Errorf("invalid bit range [%d, %d]", start, end)
-	}
-	if h.Unselected() == 0 {
-		return invalidPos, ErrNoBitAvailable
-	}
-	return h.set(0, start, end, true, false, serial)
-}
-
-// SetAny atomically sets the first unset bit in the sequence and returns the corresponding ordinal
-func (h *Handle) SetAny(serial bool) (uint64, error) {
-	if h.Unselected() == 0 {
-		return invalidPos, ErrNoBitAvailable
-	}
-	return h.set(0, 0, h.bits-1, true, false, serial)
-}
-
-// Set atomically sets the corresponding bit in the sequence
-func (h *Handle) Set(ordinal uint64) error {
-	if err := h.validateOrdinal(ordinal); err != nil {
-		return err
-	}
-	_, err := h.set(ordinal, 0, 0, false, false, false)
-	return err
-}
-
-// Unset atomically unsets the corresponding bit in the sequence
-func (h *Handle) Unset(ordinal uint64) error {
-	if err := h.validateOrdinal(ordinal); err != nil {
-		return err
-	}
-	_, err := h.set(ordinal, 0, 0, false, true, false)
-	return err
-}
-
-// IsSet atomically checks if the ordinal bit is set. In case ordinal
-// is outside of the bit sequence limits, false is returned.
-func (h *Handle) IsSet(ordinal uint64) bool {
-	if err := h.validateOrdinal(ordinal); err != nil {
-		return false
-	}
-	h.Lock()
-	_, _, err := checkIfAvailable(h.head, ordinal)
-	h.Unlock()
-	return err != nil
-}
-
-func (h *Handle) runConsistencyCheck() bool {
-	corrupted := false
-	for p, c := h.head, h.head.next; c != nil; c = c.next {
-		if c.count == 0 {
-			corrupted = true
-			p.next = c.next
-			continue // keep same p
-		}
-		p = c
-	}
-	return corrupted
-}
-
-// CheckConsistency checks if the bit sequence is in an inconsistent state and attempts to fix it.
-// It looks for a corruption signature that may happen in docker 1.9.0 and 1.9.1.
-func (h *Handle) CheckConsistency() error {
-	for {
-		h.Lock()
-		store := h.store
-		h.Unlock()
-
-		if store != nil {
-			if err := store.GetObject(datastore.Key(h.Key()...), h); err != nil && err != datastore.ErrKeyNotFound {
-				return err
-			}
-		}
-
-		h.Lock()
-		nh := h.getCopy()
-		h.Unlock()
-
-		if !nh.runConsistencyCheck() {
-			return nil
-		}
-
-		if err := nh.writeToStore(); err != nil {
-			if _, ok := err.(types.RetryError); !ok {
-				return fmt.Errorf("internal failure while fixing inconsistent bitsequence: %v", err)
-			}
-			continue
-		}
-
-		logrus.Infof("Fixed inconsistent bit sequence in datastore:\n%s\n%s", h, nh)
-
-		h.Lock()
-		h.head = nh.head
-		h.Unlock()
-
-		return nil
-	}
-}
-
-// set/reset the bit
-func (h *Handle) set(ordinal, start, end uint64, any bool, release bool, serial bool) (uint64, error) {
-	var (
-		bitPos  uint64
-		bytePos uint64
-		ret     uint64
-		err     error
-	)
-
-	for {
-		var store datastore.DataStore
-		curr := uint64(0)
-		h.Lock()
-		store = h.store
-		if store != nil {
-			h.Unlock() // The lock is acquired in the GetObject
-			if err := store.GetObject(datastore.Key(h.Key()...), h); err != nil && err != datastore.ErrKeyNotFound {
-				return ret, err
-			}
-			h.Lock() // Acquire the lock back
-		}
-		if serial {
-			curr = h.curr
-		}
-		// Get position if available
-		if release {
-			bytePos, bitPos = ordinalToPos(ordinal)
-		} else {
-			if any {
-				bytePos, bitPos, err = getAvailableFromCurrent(h.head, start, curr, end)
-				ret = posToOrdinal(bytePos, bitPos)
-				if err == nil {
-					h.curr = ret + 1
-				}
-			} else {
-				bytePos, bitPos, err = checkIfAvailable(h.head, ordinal)
-				ret = ordinal
-			}
-		}
-		if err != nil {
-			h.Unlock()
-			return ret, err
-		}
-
-		// Create a private copy of h and work on it
-		nh := h.getCopy()
-
-		nh.head = pushReservation(bytePos, bitPos, nh.head, release)
-		if release {
-			nh.unselected++
-		} else {
-			nh.unselected--
-		}
-
-		if h.store != nil {
-			h.Unlock()
-			// Attempt to write private copy to store
-			if err := nh.writeToStore(); err != nil {
-				if _, ok := err.(types.RetryError); !ok {
-					return ret, fmt.Errorf("internal failure while setting the bit: %v", err)
-				}
-				// Retry
-				continue
-			}
-			h.Lock()
-		}
-
-		// Previous atomic push was successful. Save private copy to local copy
-		h.unselected = nh.unselected
-		h.head = nh.head
-		h.dbExists = nh.dbExists
-		h.dbIndex = nh.dbIndex
-		h.Unlock()
-		return ret, nil
-	}
-}
-
-// checks is needed because to cover the case where the number of bits is not a multiple of blockLen
-func (h *Handle) validateOrdinal(ordinal uint64) error {
-	h.Lock()
-	defer h.Unlock()
-	if ordinal >= h.bits {
-		return errors.New("bit does not belong to the sequence")
-	}
-	return nil
-}
-
-// Destroy removes from the datastore the data belonging to this handle
-func (h *Handle) Destroy() error {
-	for {
-		if err := h.deleteFromStore(); err != nil {
-			if _, ok := err.(types.RetryError); !ok {
-				return fmt.Errorf("internal failure while destroying the sequence: %v", err)
-			}
-			// Fetch latest
-			if err := h.store.GetObject(datastore.Key(h.Key()...), h); err != nil {
-				if err == datastore.ErrKeyNotFound { // already removed
-					return nil
-				}
-				return fmt.Errorf("failed to fetch from store when destroying the sequence: %v", err)
-			}
-			continue
-		}
-		return nil
-	}
-}
-
-// ToByteArray converts this handle's data into a byte array
-func (h *Handle) ToByteArray() ([]byte, error) {
-
-	h.Lock()
-	defer h.Unlock()
-	ba := make([]byte, 16)
-	binary.BigEndian.PutUint64(ba[0:], h.bits)
-	binary.BigEndian.PutUint64(ba[8:], h.unselected)
-	bm, err := h.head.toByteArray()
-	if err != nil {
-		return nil, fmt.Errorf("failed to serialize head: %s", err.Error())
-	}
-	ba = append(ba, bm...)
-
-	return ba, nil
-}
-
-// FromByteArray reads his handle's data from a byte array
-func (h *Handle) FromByteArray(ba []byte) error {
-	if ba == nil {
-		return errors.New("nil byte array")
-	}
-
-	nh := &sequence{}
-	err := nh.fromByteArray(ba[16:])
-	if err != nil {
-		return fmt.Errorf("failed to deserialize head: %s", err.Error())
-	}
-
-	h.Lock()
-	h.head = nh
-	h.bits = binary.BigEndian.Uint64(ba[0:8])
-	h.unselected = binary.BigEndian.Uint64(ba[8:16])
-	h.Unlock()
-
-	return nil
-}
-
-// Bits returns the length of the bit sequence
-func (h *Handle) Bits() uint64 {
-	return h.bits
-}
-
-// Unselected returns the number of bits which are not selected
-func (h *Handle) Unselected() uint64 {
-	h.Lock()
-	defer h.Unlock()
-	return h.unselected
-}
-
-func (h *Handle) String() string {
-	h.Lock()
-	defer h.Unlock()
-	return fmt.Sprintf("App: %s, ID: %s, DBIndex: 0x%x, Bits: %d, Unselected: %d, Sequence: %s Curr:%d",
-		h.app, h.id, h.dbIndex, h.bits, h.unselected, h.head.toString(), h.curr)
-}
-
-// MarshalJSON encodes Handle into json message
-func (h *Handle) MarshalJSON() ([]byte, error) {
-	m := map[string]interface{}{
-		"id": h.id,
-	}
-
-	b, err := h.ToByteArray()
-	if err != nil {
-		return nil, err
-	}
-	m["sequence"] = b
-	return json.Marshal(m)
-}
-
-// UnmarshalJSON decodes json message into Handle
-func (h *Handle) UnmarshalJSON(data []byte) error {
-	var (
-		m   map[string]interface{}
-		b   []byte
-		err error
-	)
-	if err = json.Unmarshal(data, &m); err != nil {
-		return err
-	}
-	h.id = m["id"].(string)
-	bi, _ := json.Marshal(m["sequence"])
-	if err := json.Unmarshal(bi, &b); err != nil {
-		return err
-	}
-	return h.FromByteArray(b)
-}
-
-// getFirstAvailable looks for the first unset bit in passed mask starting from start
-func getFirstAvailable(head *sequence, start uint64) (uint64, uint64, error) {
-	// Find sequence which contains the start bit
-	byteStart, bitStart := ordinalToPos(start)
-	current, _, precBlocks, inBlockBytePos := findSequence(head, byteStart)
-	// Derive the this sequence offsets
-	byteOffset := byteStart - inBlockBytePos
-	bitOffset := inBlockBytePos*8 + bitStart
-	for current != nil {
-		if current.block != blockMAX {
-			// If the current block is not full, check if there is any bit
-			// from the current bit in the current block. If not, before proceeding to the
-			// next block node, make sure we check for available bit in the next
-			// instance of the same block. Due to RLE same block signature will be
-			// compressed.
-		retry:
-			bytePos, bitPos, err := current.getAvailableBit(bitOffset)
-			if err != nil && precBlocks == current.count-1 {
-				// This is the last instance in the same block node,
-				// so move to the next block.
-				goto next
-			}
-			if err != nil {
-				// There are some more instances of the same block, so add the offset
-				// and be optimistic that you will find the available bit in the next
-				// instance of the same block.
-				bitOffset = 0
-				byteOffset += blockBytes
-				precBlocks++
-				goto retry
-			}
-			return byteOffset + bytePos, bitPos, err
-		}
-		// Moving to next block: Reset bit offset.
-	next:
-		bitOffset = 0
-		byteOffset += (current.count * blockBytes) - (precBlocks * blockBytes)
-		precBlocks = 0
-		current = current.next
-	}
-	return invalidPos, invalidPos, ErrNoBitAvailable
-}
-
-// getAvailableFromCurrent will look for available ordinal from the current ordinal.
-// If none found then it will loop back to the start to check of the available bit.
-// This can be further optimized to check from start till curr in case of a rollover
-func getAvailableFromCurrent(head *sequence, start, curr, end uint64) (uint64, uint64, error) {
-	var bytePos, bitPos uint64
-	var err error
-	if curr != 0 && curr > start {
-		bytePos, bitPos, err = getFirstAvailable(head, curr)
-		ret := posToOrdinal(bytePos, bitPos)
-		if end < ret || err != nil {
-			goto begin
-		}
-		return bytePos, bitPos, nil
-	}
-
-begin:
-	bytePos, bitPos, err = getFirstAvailable(head, start)
-	ret := posToOrdinal(bytePos, bitPos)
-	if end < ret || err != nil {
-		return invalidPos, invalidPos, ErrNoBitAvailable
-	}
-	return bytePos, bitPos, nil
-}
-
-// checkIfAvailable checks if the bit correspondent to the specified ordinal is unset
-// If the ordinal is beyond the sequence limits, a negative response is returned
-func checkIfAvailable(head *sequence, ordinal uint64) (uint64, uint64, error) {
-	bytePos, bitPos := ordinalToPos(ordinal)
-
-	// Find the sequence containing this byte
-	current, _, _, inBlockBytePos := findSequence(head, bytePos)
-	if current != nil {
-		// Check whether the bit corresponding to the ordinal address is unset
-		bitSel := blockFirstBit >> (inBlockBytePos*8 + bitPos)
-		if current.block&bitSel == 0 {
-			return bytePos, bitPos, nil
-		}
-	}
-
-	return invalidPos, invalidPos, ErrBitAllocated
-}
-
-// Given the byte position and the sequences list head, return the pointer to the
-// sequence containing the byte (current), the pointer to the previous sequence,
-// the number of blocks preceding the block containing the byte inside the current sequence.
-// If bytePos is outside of the list, function will return (nil, nil, 0, invalidPos)
-func findSequence(head *sequence, bytePos uint64) (*sequence, *sequence, uint64, uint64) {
-	// Find the sequence containing this byte
-	previous := head
-	current := head
-	n := bytePos
-	for current.next != nil && n >= (current.count*blockBytes) { // Nil check for less than 32 addresses masks
-		n -= (current.count * blockBytes)
-		previous = current
-		current = current.next
-	}
-
-	// If byte is outside of the list, let caller know
-	if n >= (current.count * blockBytes) {
-		return nil, nil, 0, invalidPos
-	}
-
-	// Find the byte position inside the block and the number of blocks
-	// preceding the block containing the byte inside this sequence
-	precBlocks := n / blockBytes
-	inBlockBytePos := bytePos % blockBytes
-
-	return current, previous, precBlocks, inBlockBytePos
-}
-
-// PushReservation pushes the bit reservation inside the bitmask.
-// Given byte and bit positions, identify the sequence (current) which holds the block containing the affected bit.
-// Create a new block with the modified bit according to the operation (allocate/release).
-// Create a new sequence containing the new block and insert it in the proper position.
-// Remove current sequence if empty.
-// Check if new sequence can be merged with neighbour (previous/next) sequences.
-//
-//
-// Identify "current" sequence containing block:
-//                                      [prev seq] [current seq] [next seq]
-//
-// Based on block position, resulting list of sequences can be any of three forms:
-//
-//        block position                        Resulting list of sequences
-// A) block is first in current:         [prev seq] [new] [modified current seq] [next seq]
-// B) block is last in current:          [prev seq] [modified current seq] [new] [next seq]
-// C) block is in the middle of current: [prev seq] [curr pre] [new] [curr post] [next seq]
-func pushReservation(bytePos, bitPos uint64, head *sequence, release bool) *sequence {
-	// Store list's head
-	newHead := head
-
-	// Find the sequence containing this byte
-	current, previous, precBlocks, inBlockBytePos := findSequence(head, bytePos)
-	if current == nil {
-		return newHead
-	}
-
-	// Construct updated block
-	bitSel := blockFirstBit >> (inBlockBytePos*8 + bitPos)
-	newBlock := current.block
-	if release {
-		newBlock &^= bitSel
-	} else {
-		newBlock |= bitSel
-	}
-
-	// Quit if it was a redundant request
-	if current.block == newBlock {
-		return newHead
-	}
-
-	// Current sequence inevitably looses one block, upadate count
-	current.count--
-
-	// Create new sequence
-	newSequence := &sequence{block: newBlock, count: 1}
-
-	// Insert the new sequence in the list based on block position
-	if precBlocks == 0 { // First in sequence (A)
-		newSequence.next = current
-		if current == head {
-			newHead = newSequence
-			previous = newHead
-		} else {
-			previous.next = newSequence
-		}
-		removeCurrentIfEmpty(&newHead, newSequence, current)
-		mergeSequences(previous)
-	} else if precBlocks == current.count { // Last in sequence (B)
-		newSequence.next = current.next
-		current.next = newSequence
-		mergeSequences(current)
-	} else { // In between the sequence (C)
-		currPre := &sequence{block: current.block, count: precBlocks, next: newSequence}
-		currPost := current
-		currPost.count -= precBlocks
-		newSequence.next = currPost
-		if currPost == head {
-			newHead = currPre
-		} else {
-			previous.next = currPre
-		}
-		// No merging or empty current possible here
-	}
-
-	return newHead
-}
-
-// Removes the current sequence from the list if empty, adjusting the head pointer if needed
-func removeCurrentIfEmpty(head **sequence, previous, current *sequence) {
-	if current.count == 0 {
-		if current == *head {
-			*head = current.next
-		} else {
-			previous.next = current.next
-			current = current.next
-		}
-	}
-}
-
-// Given a pointer to a sequence, it checks if it can be merged with any following sequences
-// It stops when no more merging is possible.
-// TODO: Optimization: only attempt merge from start to end sequence, no need to scan till the end of the list
-func mergeSequences(seq *sequence) {
-	if seq != nil {
-		// Merge all what possible from seq
-		for seq.next != nil && seq.block == seq.next.block {
-			seq.count += seq.next.count
-			seq.next = seq.next.next
-		}
-		// Move to next
-		mergeSequences(seq.next)
-	}
-}
-
-func getNumBlocks(numBits uint64) uint64 {
-	numBlocks := numBits / uint64(blockLen)
-	if numBits%uint64(blockLen) != 0 {
-		numBlocks++
-	}
-	return numBlocks
-}
-
-func ordinalToPos(ordinal uint64) (uint64, uint64) {
-	return ordinal / 8, ordinal % 8
-}
-
-func posToOrdinal(bytePos, bitPos uint64) uint64 {
-	return bytePos*8 + bitPos
-}
diff --git a/vendor/github.com/docker/libnetwork/bitseq/store.go b/vendor/github.com/docker/libnetwork/bitseq/store.go
deleted file mode 100644
index cdb7f04264e75..0000000000000
--- a/vendor/github.com/docker/libnetwork/bitseq/store.go
+++ /dev/null
@@ -1,142 +0,0 @@
-package bitseq
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/types"
-)
-
-// Key provides the Key to be used in KV Store
-func (h *Handle) Key() []string {
-	h.Lock()
-	defer h.Unlock()
-	return []string{h.app, h.id}
-}
-
-// KeyPrefix returns the immediate parent key that can be used for tree walk
-func (h *Handle) KeyPrefix() []string {
-	h.Lock()
-	defer h.Unlock()
-	return []string{h.app}
-}
-
-// Value marshals the data to be stored in the KV store
-func (h *Handle) Value() []byte {
-	b, err := json.Marshal(h)
-	if err != nil {
-		return nil
-	}
-	return b
-}
-
-// SetValue unmarshals the data from the KV store
-func (h *Handle) SetValue(value []byte) error {
-	return json.Unmarshal(value, h)
-}
-
-// Index returns the latest DB Index as seen by this object
-func (h *Handle) Index() uint64 {
-	h.Lock()
-	defer h.Unlock()
-	return h.dbIndex
-}
-
-// SetIndex method allows the datastore to store the latest DB Index into this object
-func (h *Handle) SetIndex(index uint64) {
-	h.Lock()
-	h.dbIndex = index
-	h.dbExists = true
-	h.Unlock()
-}
-
-// Exists method is true if this object has been stored in the DB.
-func (h *Handle) Exists() bool {
-	h.Lock()
-	defer h.Unlock()
-	return h.dbExists
-}
-
-// New method returns a handle based on the receiver handle
-func (h *Handle) New() datastore.KVObject {
-	h.Lock()
-	defer h.Unlock()
-
-	return &Handle{
-		app:   h.app,
-		store: h.store,
-	}
-}
-
-// CopyTo deep copies the handle into the passed destination object
-func (h *Handle) CopyTo(o datastore.KVObject) error {
-	h.Lock()
-	defer h.Unlock()
-
-	dstH := o.(*Handle)
-	if h == dstH {
-		return nil
-	}
-	dstH.Lock()
-	dstH.bits = h.bits
-	dstH.unselected = h.unselected
-	dstH.head = h.head.getCopy()
-	dstH.app = h.app
-	dstH.id = h.id
-	dstH.dbIndex = h.dbIndex
-	dstH.dbExists = h.dbExists
-	dstH.store = h.store
-	dstH.curr = h.curr
-	dstH.Unlock()
-
-	return nil
-}
-
-// Skip provides a way for a KV Object to avoid persisting it in the KV Store
-func (h *Handle) Skip() bool {
-	return false
-}
-
-// DataScope method returns the storage scope of the datastore
-func (h *Handle) DataScope() string {
-	h.Lock()
-	defer h.Unlock()
-
-	return h.store.Scope()
-}
-
-func (h *Handle) fromDsValue(value []byte) error {
-	var ba []byte
-	if err := json.Unmarshal(value, &ba); err != nil {
-		return fmt.Errorf("failed to decode json: %s", err.Error())
-	}
-	if err := h.FromByteArray(ba); err != nil {
-		return fmt.Errorf("failed to decode handle: %s", err.Error())
-	}
-	return nil
-}
-
-func (h *Handle) writeToStore() error {
-	h.Lock()
-	store := h.store
-	h.Unlock()
-	if store == nil {
-		return nil
-	}
-	err := store.PutObjectAtomic(h)
-	if err == datastore.ErrKeyModified {
-		return types.RetryErrorf("failed to perform atomic write (%v). Retry might fix the error", err)
-	}
-	return err
-}
-
-func (h *Handle) deleteFromStore() error {
-	h.Lock()
-	store := h.store
-	h.Unlock()
-	if store == nil {
-		return nil
-	}
-	return store.DeleteObjectAtomic(h)
-}
diff --git a/vendor/github.com/docker/libnetwork/config/config.go b/vendor/github.com/docker/libnetwork/config/config.go
deleted file mode 100644
index b7c66e9884e50..0000000000000
--- a/vendor/github.com/docker/libnetwork/config/config.go
+++ /dev/null
@@ -1,309 +0,0 @@
-package config
-
-import (
-	"strings"
-
-	"github.com/BurntSushi/toml"
-	"github.com/docker/docker/pkg/discovery"
-	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/go-connections/tlsconfig"
-	"github.com/docker/libkv/store"
-	"github.com/docker/libnetwork/cluster"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/ipamutils"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/osl"
-	"github.com/sirupsen/logrus"
-)
-
-const (
-	warningThNetworkControlPlaneMTU = 1500
-	minimumNetworkControlPlaneMTU   = 500
-)
-
-// Config encapsulates configurations of various Libnetwork components
-type Config struct {
-	Daemon          DaemonCfg
-	Cluster         ClusterCfg
-	Scopes          map[string]*datastore.ScopeCfg
-	ActiveSandboxes map[string]interface{}
-	PluginGetter    plugingetter.PluginGetter
-}
-
-// DaemonCfg represents libnetwork core configuration
-type DaemonCfg struct {
-	Debug                  bool
-	Experimental           bool
-	DataDir                string
-	ExecRoot               string
-	DefaultNetwork         string
-	DefaultDriver          string
-	Labels                 []string
-	DriverCfg              map[string]interface{}
-	ClusterProvider        cluster.Provider
-	NetworkControlPlaneMTU int
-	DefaultAddressPool     []*ipamutils.NetworkToSplit
-}
-
-// ClusterCfg represents cluster configuration
-type ClusterCfg struct {
-	Watcher   discovery.Watcher
-	Address   string
-	Discovery string
-	Heartbeat uint64
-}
-
-// LoadDefaultScopes loads default scope configs for scopes which
-// doesn't have explicit user specified configs.
-func (c *Config) LoadDefaultScopes(dataDir string) {
-	for k, v := range datastore.DefaultScopes(dataDir) {
-		if _, ok := c.Scopes[k]; !ok {
-			c.Scopes[k] = v
-		}
-	}
-}
-
-// ParseConfig parses the libnetwork configuration file
-func ParseConfig(tomlCfgFile string) (*Config, error) {
-	cfg := &Config{
-		Scopes: map[string]*datastore.ScopeCfg{},
-	}
-
-	if _, err := toml.DecodeFile(tomlCfgFile, cfg); err != nil {
-		return nil, err
-	}
-
-	cfg.LoadDefaultScopes(cfg.Daemon.DataDir)
-	return cfg, nil
-}
-
-// ParseConfigOptions parses the configuration options and returns
-// a reference to the corresponding Config structure
-func ParseConfigOptions(cfgOptions ...Option) *Config {
-	cfg := &Config{
-		Daemon: DaemonCfg{
-			DriverCfg: make(map[string]interface{}),
-		},
-		Scopes: make(map[string]*datastore.ScopeCfg),
-	}
-
-	cfg.ProcessOptions(cfgOptions...)
-	cfg.LoadDefaultScopes(cfg.Daemon.DataDir)
-
-	return cfg
-}
-
-// Option is an option setter function type used to pass various configurations
-// to the controller
-type Option func(c *Config)
-
-// OptionDefaultNetwork function returns an option setter for a default network
-func OptionDefaultNetwork(dn string) Option {
-	return func(c *Config) {
-		logrus.Debugf("Option DefaultNetwork: %s", dn)
-		c.Daemon.DefaultNetwork = strings.TrimSpace(dn)
-	}
-}
-
-// OptionDefaultDriver function returns an option setter for default driver
-func OptionDefaultDriver(dd string) Option {
-	return func(c *Config) {
-		logrus.Debugf("Option DefaultDriver: %s", dd)
-		c.Daemon.DefaultDriver = strings.TrimSpace(dd)
-	}
-}
-
-// OptionDefaultAddressPoolConfig function returns an option setter for default address pool
-func OptionDefaultAddressPoolConfig(addressPool []*ipamutils.NetworkToSplit) Option {
-	return func(c *Config) {
-		c.Daemon.DefaultAddressPool = addressPool
-	}
-}
-
-// OptionDriverConfig returns an option setter for driver configuration.
-func OptionDriverConfig(networkType string, config map[string]interface{}) Option {
-	return func(c *Config) {
-		c.Daemon.DriverCfg[networkType] = config
-	}
-}
-
-// OptionLabels function returns an option setter for labels
-func OptionLabels(labels []string) Option {
-	return func(c *Config) {
-		for _, label := range labels {
-			if strings.HasPrefix(label, netlabel.Prefix) {
-				c.Daemon.Labels = append(c.Daemon.Labels, label)
-			}
-		}
-	}
-}
-
-// OptionKVProvider function returns an option setter for kvstore provider
-func OptionKVProvider(provider string) Option {
-	return func(c *Config) {
-		logrus.Debugf("Option OptionKVProvider: %s", provider)
-		if _, ok := c.Scopes[datastore.GlobalScope]; !ok {
-			c.Scopes[datastore.GlobalScope] = &datastore.ScopeCfg{}
-		}
-		c.Scopes[datastore.GlobalScope].Client.Provider = strings.TrimSpace(provider)
-	}
-}
-
-// OptionKVProviderURL function returns an option setter for kvstore url
-func OptionKVProviderURL(url string) Option {
-	return func(c *Config) {
-		logrus.Debugf("Option OptionKVProviderURL: %s", url)
-		if _, ok := c.Scopes[datastore.GlobalScope]; !ok {
-			c.Scopes[datastore.GlobalScope] = &datastore.ScopeCfg{}
-		}
-		c.Scopes[datastore.GlobalScope].Client.Address = strings.TrimSpace(url)
-	}
-}
-
-// OptionKVOpts function returns an option setter for kvstore options
-func OptionKVOpts(opts map[string]string) Option {
-	return func(c *Config) {
-		if opts["kv.cacertfile"] != "" && opts["kv.certfile"] != "" && opts["kv.keyfile"] != "" {
-			logrus.Info("Option Initializing KV with TLS")
-			tlsConfig, err := tlsconfig.Client(tlsconfig.Options{
-				CAFile:   opts["kv.cacertfile"],
-				CertFile: opts["kv.certfile"],
-				KeyFile:  opts["kv.keyfile"],
-			})
-			if err != nil {
-				logrus.Errorf("Unable to set up TLS: %s", err)
-				return
-			}
-			if _, ok := c.Scopes[datastore.GlobalScope]; !ok {
-				c.Scopes[datastore.GlobalScope] = &datastore.ScopeCfg{}
-			}
-			if c.Scopes[datastore.GlobalScope].Client.Config == nil {
-				c.Scopes[datastore.GlobalScope].Client.Config = &store.Config{TLS: tlsConfig}
-			} else {
-				c.Scopes[datastore.GlobalScope].Client.Config.TLS = tlsConfig
-			}
-			// Workaround libkv/etcd bug for https
-			c.Scopes[datastore.GlobalScope].Client.Config.ClientTLS = &store.ClientTLSConfig{
-				CACertFile: opts["kv.cacertfile"],
-				CertFile:   opts["kv.certfile"],
-				KeyFile:    opts["kv.keyfile"],
-			}
-		} else {
-			logrus.Info("Option Initializing KV without TLS")
-		}
-	}
-}
-
-// OptionDiscoveryWatcher function returns an option setter for discovery watcher
-func OptionDiscoveryWatcher(watcher discovery.Watcher) Option {
-	return func(c *Config) {
-		c.Cluster.Watcher = watcher
-	}
-}
-
-// OptionDiscoveryAddress function returns an option setter for self discovery address
-func OptionDiscoveryAddress(address string) Option {
-	return func(c *Config) {
-		c.Cluster.Address = address
-	}
-}
-
-// OptionDataDir function returns an option setter for data folder
-func OptionDataDir(dataDir string) Option {
-	return func(c *Config) {
-		c.Daemon.DataDir = dataDir
-	}
-}
-
-// OptionExecRoot function returns an option setter for exec root folder
-func OptionExecRoot(execRoot string) Option {
-	return func(c *Config) {
-		c.Daemon.ExecRoot = execRoot
-		osl.SetBasePath(execRoot)
-	}
-}
-
-// OptionPluginGetter returns a plugingetter for remote drivers.
-func OptionPluginGetter(pg plugingetter.PluginGetter) Option {
-	return func(c *Config) {
-		c.PluginGetter = pg
-	}
-}
-
-// OptionExperimental function returns an option setter for experimental daemon
-func OptionExperimental(exp bool) Option {
-	return func(c *Config) {
-		logrus.Debugf("Option Experimental: %v", exp)
-		c.Daemon.Experimental = exp
-	}
-}
-
-// OptionNetworkControlPlaneMTU function returns an option setter for control plane MTU
-func OptionNetworkControlPlaneMTU(exp int) Option {
-	return func(c *Config) {
-		logrus.Debugf("Network Control Plane MTU: %d", exp)
-		if exp < warningThNetworkControlPlaneMTU {
-			logrus.Warnf("Received a MTU of %d, this value is very low, the network control plane can misbehave,"+
-				" defaulting to minimum value (%d)", exp, minimumNetworkControlPlaneMTU)
-			if exp < minimumNetworkControlPlaneMTU {
-				exp = minimumNetworkControlPlaneMTU
-			}
-		}
-		c.Daemon.NetworkControlPlaneMTU = exp
-	}
-}
-
-// ProcessOptions processes options and stores it in config
-func (c *Config) ProcessOptions(options ...Option) {
-	for _, opt := range options {
-		if opt != nil {
-			opt(c)
-		}
-	}
-}
-
-// IsValidName validates configuration objects supported by libnetwork
-func IsValidName(name string) bool {
-	return strings.TrimSpace(name) != ""
-}
-
-// OptionLocalKVProvider function returns an option setter for kvstore provider
-func OptionLocalKVProvider(provider string) Option {
-	return func(c *Config) {
-		logrus.Debugf("Option OptionLocalKVProvider: %s", provider)
-		if _, ok := c.Scopes[datastore.LocalScope]; !ok {
-			c.Scopes[datastore.LocalScope] = &datastore.ScopeCfg{}
-		}
-		c.Scopes[datastore.LocalScope].Client.Provider = strings.TrimSpace(provider)
-	}
-}
-
-// OptionLocalKVProviderURL function returns an option setter for kvstore url
-func OptionLocalKVProviderURL(url string) Option {
-	return func(c *Config) {
-		logrus.Debugf("Option OptionLocalKVProviderURL: %s", url)
-		if _, ok := c.Scopes[datastore.LocalScope]; !ok {
-			c.Scopes[datastore.LocalScope] = &datastore.ScopeCfg{}
-		}
-		c.Scopes[datastore.LocalScope].Client.Address = strings.TrimSpace(url)
-	}
-}
-
-// OptionLocalKVProviderConfig function returns an option setter for kvstore config
-func OptionLocalKVProviderConfig(config *store.Config) Option {
-	return func(c *Config) {
-		logrus.Debugf("Option OptionLocalKVProviderConfig: %v", config)
-		if _, ok := c.Scopes[datastore.LocalScope]; !ok {
-			c.Scopes[datastore.LocalScope] = &datastore.ScopeCfg{}
-		}
-		c.Scopes[datastore.LocalScope].Client.Config = config
-	}
-}
-
-// OptionActiveSandboxes function returns an option setter for passing the sandboxes
-// which were active during previous daemon life
-func OptionActiveSandboxes(sandboxes map[string]interface{}) Option {
-	return func(c *Config) {
-		c.ActiveSandboxes = sandboxes
-	}
-}
diff --git a/vendor/github.com/docker/libnetwork/default_gateway_windows.go b/vendor/github.com/docker/libnetwork/default_gateway_windows.go
deleted file mode 100644
index f4ba198e57576..0000000000000
--- a/vendor/github.com/docker/libnetwork/default_gateway_windows.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package libnetwork
-
-import (
-	windriver "github.com/docker/libnetwork/drivers/windows"
-	"github.com/docker/libnetwork/options"
-	"github.com/docker/libnetwork/types"
-)
-
-const libnGWNetwork = "nat"
-
-func getPlatformOption() EndpointOption {
-
-	epOption := options.Generic{
-		windriver.DisableICC: true,
-		windriver.DisableDNS: true,
-	}
-	return EndpointOptionGeneric(epOption)
-}
-
-func (c *controller) createGWNetwork() (Network, error) {
-	return nil, types.NotImplementedErrorf("default gateway functionality is not implemented in windows")
-}
diff --git a/vendor/github.com/docker/libnetwork/diagnostic/server.go b/vendor/github.com/docker/libnetwork/diagnostic/server.go
deleted file mode 100644
index 6c9372d682560..0000000000000
--- a/vendor/github.com/docker/libnetwork/diagnostic/server.go
+++ /dev/null
@@ -1,227 +0,0 @@
-package diagnostic
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"sync"
-	"sync/atomic"
-
-	stackdump "github.com/docker/docker/pkg/signal"
-	"github.com/docker/libnetwork/internal/caller"
-	"github.com/sirupsen/logrus"
-)
-
-// HTTPHandlerFunc TODO
-type HTTPHandlerFunc func(interface{}, http.ResponseWriter, *http.Request)
-
-type httpHandlerCustom struct {
-	ctx interface{}
-	F   func(interface{}, http.ResponseWriter, *http.Request)
-}
-
-// ServeHTTP TODO
-func (h httpHandlerCustom) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	h.F(h.ctx, w, r)
-}
-
-var diagPaths2Func = map[string]HTTPHandlerFunc{
-	"/":          notImplemented,
-	"/help":      help,
-	"/ready":     ready,
-	"/stackdump": stackTrace,
-}
-
-// Server when the debug is enabled exposes a
-// This data structure is protected by the Agent mutex so does not require and additional mutex here
-type Server struct {
-	enable            int32
-	srv               *http.Server
-	port              int
-	mux               *http.ServeMux
-	registeredHanders map[string]bool
-	sync.Mutex
-}
-
-// New creates a new diagnostic server
-func New() *Server {
-	return &Server{
-		registeredHanders: make(map[string]bool),
-	}
-}
-
-// Init initialize the mux for the http handling and register the base hooks
-func (s *Server) Init() {
-	s.mux = http.NewServeMux()
-
-	// Register local handlers
-	s.RegisterHandler(s, diagPaths2Func)
-}
-
-// RegisterHandler allows to register new handlers to the mux and to a specific path
-func (s *Server) RegisterHandler(ctx interface{}, hdlrs map[string]HTTPHandlerFunc) {
-	s.Lock()
-	defer s.Unlock()
-	for path, fun := range hdlrs {
-		if _, ok := s.registeredHanders[path]; ok {
-			continue
-		}
-		s.mux.Handle(path, httpHandlerCustom{ctx, fun})
-		s.registeredHanders[path] = true
-	}
-}
-
-// ServeHTTP this is the method called bu the ListenAndServe, and is needed to allow us to
-// use our custom mux
-func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	s.mux.ServeHTTP(w, r)
-}
-
-// EnableDiagnostic opens a TCP socket to debug the passed network DB
-func (s *Server) EnableDiagnostic(ip string, port int) {
-	s.Lock()
-	defer s.Unlock()
-
-	s.port = port
-
-	if s.enable == 1 {
-		logrus.Info("The server is already up and running")
-		return
-	}
-
-	logrus.Infof("Starting the diagnostic server listening on %d for commands", port)
-	srv := &http.Server{Addr: fmt.Sprintf("%s:%d", ip, port), Handler: s}
-	s.srv = srv
-	s.enable = 1
-	go func(n *Server) {
-		// Ignore ErrServerClosed that is returned on the Shutdown call
-		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
-			logrus.Errorf("ListenAndServe error: %s", err)
-			atomic.SwapInt32(&n.enable, 0)
-		}
-	}(s)
-}
-
-// DisableDiagnostic stop the dubug and closes the tcp socket
-func (s *Server) DisableDiagnostic() {
-	s.Lock()
-	defer s.Unlock()
-
-	s.srv.Shutdown(context.Background())
-	s.srv = nil
-	s.enable = 0
-	logrus.Info("Disabling the diagnostic server")
-}
-
-// IsDiagnosticEnabled returns true when the debug is enabled
-func (s *Server) IsDiagnosticEnabled() bool {
-	s.Lock()
-	defer s.Unlock()
-	return s.enable == 1
-}
-
-func notImplemented(ctx interface{}, w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	_, json := ParseHTTPFormOptions(r)
-	rsp := WrongCommand("not implemented", fmt.Sprintf("URL path: %s no method implemented check /help\n", r.URL.Path))
-
-	// audit logs
-	log := logrus.WithFields(logrus.Fields{"component": "diagnostic", "remoteIP": r.RemoteAddr, "method": caller.Name(0), "url": r.URL.String()})
-	log.Info("command not implemented done")
-
-	HTTPReply(w, rsp, json)
-}
-
-func help(ctx interface{}, w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	_, json := ParseHTTPFormOptions(r)
-
-	// audit logs
-	log := logrus.WithFields(logrus.Fields{"component": "diagnostic", "remoteIP": r.RemoteAddr, "method": caller.Name(0), "url": r.URL.String()})
-	log.Info("help done")
-
-	n, ok := ctx.(*Server)
-	var result string
-	if ok {
-		for path := range n.registeredHanders {
-			result += fmt.Sprintf("%s\n", path)
-		}
-		HTTPReply(w, CommandSucceed(&StringCmd{Info: result}), json)
-	}
-}
-
-func ready(ctx interface{}, w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	_, json := ParseHTTPFormOptions(r)
-
-	// audit logs
-	log := logrus.WithFields(logrus.Fields{"component": "diagnostic", "remoteIP": r.RemoteAddr, "method": caller.Name(0), "url": r.URL.String()})
-	log.Info("ready done")
-	HTTPReply(w, CommandSucceed(&StringCmd{Info: "OK"}), json)
-}
-
-func stackTrace(ctx interface{}, w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	_, json := ParseHTTPFormOptions(r)
-
-	// audit logs
-	log := logrus.WithFields(logrus.Fields{"component": "diagnostic", "remoteIP": r.RemoteAddr, "method": caller.Name(0), "url": r.URL.String()})
-	log.Info("stack trace")
-
-	path, err := stackdump.DumpStacks("/tmp/")
-	if err != nil {
-		log.WithError(err).Error("failed to write goroutines dump")
-		HTTPReply(w, FailCommand(err), json)
-	} else {
-		log.Info("stack trace done")
-		HTTPReply(w, CommandSucceed(&StringCmd{Info: fmt.Sprintf("goroutine stacks written to %s", path)}), json)
-	}
-}
-
-// DebugHTTPForm helper to print the form url parameters
-func DebugHTTPForm(r *http.Request) {
-	for k, v := range r.Form {
-		logrus.Debugf("Form[%q] = %q\n", k, v)
-	}
-}
-
-// JSONOutput contains details on JSON output printing
-type JSONOutput struct {
-	enable      bool
-	prettyPrint bool
-}
-
-// ParseHTTPFormOptions easily parse the JSON printing options
-func ParseHTTPFormOptions(r *http.Request) (bool, *JSONOutput) {
-	_, unsafe := r.Form["unsafe"]
-	v, json := r.Form["json"]
-	var pretty bool
-	if len(v) > 0 {
-		pretty = v[0] == "pretty"
-	}
-	return unsafe, &JSONOutput{enable: json, prettyPrint: pretty}
-}
-
-// HTTPReply helper function that takes care of sending the message out
-func HTTPReply(w http.ResponseWriter, r *HTTPResult, j *JSONOutput) (int, error) {
-	var response []byte
-	if j.enable {
-		w.Header().Set("Content-Type", "application/json")
-		var err error
-		if j.prettyPrint {
-			response, err = json.MarshalIndent(r, "", "  ")
-			if err != nil {
-				response, _ = json.MarshalIndent(FailCommand(err), "", "  ")
-			}
-		} else {
-			response, err = json.Marshal(r)
-			if err != nil {
-				response, _ = json.Marshal(FailCommand(err))
-			}
-		}
-	} else {
-		response = []byte(r.String())
-	}
-	return fmt.Fprint(w, string(response))
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/errors.go b/vendor/github.com/docker/libnetwork/drivers/bridge/errors.go
deleted file mode 100644
index 93960794cb18a..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/errors.go
+++ /dev/null
@@ -1,341 +0,0 @@
-package bridge
-
-import (
-	"fmt"
-	"net"
-)
-
-// ErrConfigExists error is returned when driver already has a config applied.
-type ErrConfigExists struct{}
-
-func (ece *ErrConfigExists) Error() string {
-	return "configuration already exists, bridge configuration can be applied only once"
-}
-
-// Forbidden denotes the type of this error
-func (ece *ErrConfigExists) Forbidden() {}
-
-// ErrInvalidDriverConfig error is returned when Bridge Driver is passed an invalid config
-type ErrInvalidDriverConfig struct{}
-
-func (eidc *ErrInvalidDriverConfig) Error() string {
-	return "Invalid configuration passed to Bridge Driver"
-}
-
-// BadRequest denotes the type of this error
-func (eidc *ErrInvalidDriverConfig) BadRequest() {}
-
-// ErrInvalidNetworkConfig error is returned when a network is created on a driver without valid config.
-type ErrInvalidNetworkConfig struct{}
-
-func (einc *ErrInvalidNetworkConfig) Error() string {
-	return "trying to create a network on a driver without valid config"
-}
-
-// Forbidden denotes the type of this error
-func (einc *ErrInvalidNetworkConfig) Forbidden() {}
-
-// ErrInvalidContainerConfig error is returned when an endpoint create is attempted with an invalid configuration.
-type ErrInvalidContainerConfig struct{}
-
-func (eicc *ErrInvalidContainerConfig) Error() string {
-	return "Error in joining a container due to invalid configuration"
-}
-
-// BadRequest denotes the type of this error
-func (eicc *ErrInvalidContainerConfig) BadRequest() {}
-
-// ErrInvalidEndpointConfig error is returned when an endpoint create is attempted with an invalid endpoint configuration.
-type ErrInvalidEndpointConfig struct{}
-
-func (eiec *ErrInvalidEndpointConfig) Error() string {
-	return "trying to create an endpoint with an invalid endpoint configuration"
-}
-
-// BadRequest denotes the type of this error
-func (eiec *ErrInvalidEndpointConfig) BadRequest() {}
-
-// ErrNetworkExists error is returned when a network already exists and another network is created.
-type ErrNetworkExists struct{}
-
-func (ene *ErrNetworkExists) Error() string {
-	return "network already exists, bridge can only have one network"
-}
-
-// Forbidden denotes the type of this error
-func (ene *ErrNetworkExists) Forbidden() {}
-
-// ErrIfaceName error is returned when a new name could not be generated.
-type ErrIfaceName struct{}
-
-func (ein *ErrIfaceName) Error() string {
-	return "failed to find name for new interface"
-}
-
-// InternalError denotes the type of this error
-func (ein *ErrIfaceName) InternalError() {}
-
-// ErrNoIPAddr error is returned when bridge has no IPv4 address configured.
-type ErrNoIPAddr struct{}
-
-func (enip *ErrNoIPAddr) Error() string {
-	return "bridge has no IPv4 address configured"
-}
-
-// InternalError denotes the type of this error
-func (enip *ErrNoIPAddr) InternalError() {}
-
-// ErrInvalidGateway is returned when the user provided default gateway (v4/v6) is not not valid.
-type ErrInvalidGateway struct{}
-
-func (eig *ErrInvalidGateway) Error() string {
-	return "default gateway ip must be part of the network"
-}
-
-// BadRequest denotes the type of this error
-func (eig *ErrInvalidGateway) BadRequest() {}
-
-// ErrInvalidContainerSubnet is returned when the container subnet (FixedCIDR) is not valid.
-type ErrInvalidContainerSubnet struct{}
-
-func (eis *ErrInvalidContainerSubnet) Error() string {
-	return "container subnet must be a subset of bridge network"
-}
-
-// BadRequest denotes the type of this error
-func (eis *ErrInvalidContainerSubnet) BadRequest() {}
-
-// ErrInvalidMtu is returned when the user provided MTU is not valid.
-type ErrInvalidMtu int
-
-func (eim ErrInvalidMtu) Error() string {
-	return fmt.Sprintf("invalid MTU number: %d", int(eim))
-}
-
-// BadRequest denotes the type of this error
-func (eim ErrInvalidMtu) BadRequest() {}
-
-// ErrInvalidPort is returned when the container or host port specified in the port binding is not valid.
-type ErrInvalidPort string
-
-func (ip ErrInvalidPort) Error() string {
-	return fmt.Sprintf("invalid transport port: %s", string(ip))
-}
-
-// BadRequest denotes the type of this error
-func (ip ErrInvalidPort) BadRequest() {}
-
-// ErrUnsupportedAddressType is returned when the specified address type is not supported.
-type ErrUnsupportedAddressType string
-
-func (uat ErrUnsupportedAddressType) Error() string {
-	return fmt.Sprintf("unsupported address type: %s", string(uat))
-}
-
-// BadRequest denotes the type of this error
-func (uat ErrUnsupportedAddressType) BadRequest() {}
-
-// ErrInvalidAddressBinding is returned when the host address specified in the port binding is not valid.
-type ErrInvalidAddressBinding string
-
-func (iab ErrInvalidAddressBinding) Error() string {
-	return fmt.Sprintf("invalid host address in port binding: %s", string(iab))
-}
-
-// BadRequest denotes the type of this error
-func (iab ErrInvalidAddressBinding) BadRequest() {}
-
-// ActiveEndpointsError is returned when there are
-// still active endpoints in the network being deleted.
-type ActiveEndpointsError string
-
-func (aee ActiveEndpointsError) Error() string {
-	return fmt.Sprintf("network %s has active endpoint", string(aee))
-}
-
-// Forbidden denotes the type of this error
-func (aee ActiveEndpointsError) Forbidden() {}
-
-// InvalidNetworkIDError is returned when the passed
-// network id for an existing network is not a known id.
-type InvalidNetworkIDError string
-
-func (inie InvalidNetworkIDError) Error() string {
-	return fmt.Sprintf("invalid network id %s", string(inie))
-}
-
-// NotFound denotes the type of this error
-func (inie InvalidNetworkIDError) NotFound() {}
-
-// InvalidEndpointIDError is returned when the passed
-// endpoint id is not valid.
-type InvalidEndpointIDError string
-
-func (ieie InvalidEndpointIDError) Error() string {
-	return fmt.Sprintf("invalid endpoint id: %s", string(ieie))
-}
-
-// BadRequest denotes the type of this error
-func (ieie InvalidEndpointIDError) BadRequest() {}
-
-// InvalidSandboxIDError is returned when the passed
-// sandbox id is not valid.
-type InvalidSandboxIDError string
-
-func (isie InvalidSandboxIDError) Error() string {
-	return fmt.Sprintf("invalid sandbox id: %s", string(isie))
-}
-
-// BadRequest denotes the type of this error
-func (isie InvalidSandboxIDError) BadRequest() {}
-
-// EndpointNotFoundError is returned when the no endpoint
-// with the passed endpoint id is found.
-type EndpointNotFoundError string
-
-func (enfe EndpointNotFoundError) Error() string {
-	return fmt.Sprintf("endpoint not found: %s", string(enfe))
-}
-
-// NotFound denotes the type of this error
-func (enfe EndpointNotFoundError) NotFound() {}
-
-// NonDefaultBridgeExistError is returned when a non-default
-// bridge config is passed but it does not already exist.
-type NonDefaultBridgeExistError string
-
-func (ndbee NonDefaultBridgeExistError) Error() string {
-	return fmt.Sprintf("bridge device with non default name %s must be created manually", string(ndbee))
-}
-
-// Forbidden denotes the type of this error
-func (ndbee NonDefaultBridgeExistError) Forbidden() {}
-
-// NonDefaultBridgeNeedsIPError is returned when a non-default
-// bridge config is passed but it has no ip configured
-type NonDefaultBridgeNeedsIPError string
-
-func (ndbee NonDefaultBridgeNeedsIPError) Error() string {
-	return fmt.Sprintf("bridge device with non default name %s must have a valid IP address", string(ndbee))
-}
-
-// Forbidden denotes the type of this error
-func (ndbee NonDefaultBridgeNeedsIPError) Forbidden() {}
-
-// FixedCIDRv4Error is returned when fixed-cidrv4 configuration
-// failed.
-type FixedCIDRv4Error struct {
-	Net    *net.IPNet
-	Subnet *net.IPNet
-	Err    error
-}
-
-func (fcv4 *FixedCIDRv4Error) Error() string {
-	return fmt.Sprintf("setup FixedCIDRv4 failed for subnet %s in %s: %v", fcv4.Subnet, fcv4.Net, fcv4.Err)
-}
-
-// InternalError denotes the type of this error
-func (fcv4 *FixedCIDRv4Error) InternalError() {}
-
-// FixedCIDRv6Error is returned when fixed-cidrv6 configuration
-// failed.
-type FixedCIDRv6Error struct {
-	Net *net.IPNet
-	Err error
-}
-
-func (fcv6 *FixedCIDRv6Error) Error() string {
-	return fmt.Sprintf("setup FixedCIDRv6 failed for subnet %s in %s: %v", fcv6.Net, fcv6.Net, fcv6.Err)
-}
-
-// InternalError denotes the type of this error
-func (fcv6 *FixedCIDRv6Error) InternalError() {}
-
-// IPTableCfgError is returned when an unexpected ip tables configuration is entered
-type IPTableCfgError string
-
-func (name IPTableCfgError) Error() string {
-	return fmt.Sprintf("unexpected request to set IP tables for interface: %s", string(name))
-}
-
-// BadRequest denotes the type of this error
-func (name IPTableCfgError) BadRequest() {}
-
-// InvalidIPTablesCfgError is returned when an invalid ip tables configuration is entered
-type InvalidIPTablesCfgError string
-
-func (action InvalidIPTablesCfgError) Error() string {
-	return fmt.Sprintf("Invalid IPTables action '%s'", string(action))
-}
-
-// BadRequest denotes the type of this error
-func (action InvalidIPTablesCfgError) BadRequest() {}
-
-// IPv4AddrRangeError is returned when a valid IP address range couldn't be found.
-type IPv4AddrRangeError string
-
-func (name IPv4AddrRangeError) Error() string {
-	return fmt.Sprintf("can't find an address range for interface %q", string(name))
-}
-
-// BadRequest denotes the type of this error
-func (name IPv4AddrRangeError) BadRequest() {}
-
-// IPv4AddrAddError is returned when IPv4 address could not be added to the bridge.
-type IPv4AddrAddError struct {
-	IP  *net.IPNet
-	Err error
-}
-
-func (ipv4 *IPv4AddrAddError) Error() string {
-	return fmt.Sprintf("failed to add IPv4 address %s to bridge: %v", ipv4.IP, ipv4.Err)
-}
-
-// InternalError denotes the type of this error
-func (ipv4 *IPv4AddrAddError) InternalError() {}
-
-// IPv6AddrAddError is returned when IPv6 address could not be added to the bridge.
-type IPv6AddrAddError struct {
-	IP  *net.IPNet
-	Err error
-}
-
-func (ipv6 *IPv6AddrAddError) Error() string {
-	return fmt.Sprintf("failed to add IPv6 address %s to bridge: %v", ipv6.IP, ipv6.Err)
-}
-
-// InternalError denotes the type of this error
-func (ipv6 *IPv6AddrAddError) InternalError() {}
-
-// IPv4AddrNoMatchError is returned when the bridge's IPv4 address does not match configured.
-type IPv4AddrNoMatchError struct {
-	IP    net.IP
-	CfgIP net.IP
-}
-
-func (ipv4 *IPv4AddrNoMatchError) Error() string {
-	return fmt.Sprintf("bridge IPv4 (%s) does not match requested configuration %s", ipv4.IP, ipv4.CfgIP)
-}
-
-// BadRequest denotes the type of this error
-func (ipv4 *IPv4AddrNoMatchError) BadRequest() {}
-
-// IPv6AddrNoMatchError is returned when the bridge's IPv6 address does not match configured.
-type IPv6AddrNoMatchError net.IPNet
-
-func (ipv6 *IPv6AddrNoMatchError) Error() string {
-	return fmt.Sprintf("bridge IPv6 addresses do not match the expected bridge configuration %s", (*net.IPNet)(ipv6).String())
-}
-
-// BadRequest denotes the type of this error
-func (ipv6 *IPv6AddrNoMatchError) BadRequest() {}
-
-// InvalidLinkIPAddrError is returned when a link is configured to a container with an invalid ip address
-type InvalidLinkIPAddrError string
-
-func (address InvalidLinkIPAddrError) Error() string {
-	return fmt.Sprintf("Cannot link to a container with Invalid IP Address '%s'", string(address))
-}
-
-// BadRequest denotes the type of this error
-func (address InvalidLinkIPAddrError) BadRequest() {}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/interface.go b/vendor/github.com/docker/libnetwork/drivers/bridge/interface.go
deleted file mode 100644
index c9f3e8dfb7474..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/interface.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package bridge
-
-import (
-	"fmt"
-	"net"
-
-	"github.com/sirupsen/logrus"
-	"github.com/vishvananda/netlink"
-)
-
-const (
-	// DefaultBridgeName is the default name for the bridge interface managed
-	// by the driver when unspecified by the caller.
-	DefaultBridgeName = "docker0"
-)
-
-// Interface models the bridge network device.
-type bridgeInterface struct {
-	Link        netlink.Link
-	bridgeIPv4  *net.IPNet
-	bridgeIPv6  *net.IPNet
-	gatewayIPv4 net.IP
-	gatewayIPv6 net.IP
-	nlh         *netlink.Handle
-}
-
-// newInterface creates a new bridge interface structure. It attempts to find
-// an already existing device identified by the configuration BridgeName field,
-// or the default bridge name when unspecified, but doesn't attempt to create
-// one when missing
-func newInterface(nlh *netlink.Handle, config *networkConfiguration) (*bridgeInterface, error) {
-	var err error
-	i := &bridgeInterface{nlh: nlh}
-
-	// Initialize the bridge name to the default if unspecified.
-	if config.BridgeName == "" {
-		config.BridgeName = DefaultBridgeName
-	}
-
-	// Attempt to find an existing bridge named with the specified name.
-	i.Link, err = nlh.LinkByName(config.BridgeName)
-	if err != nil {
-		logrus.Debugf("Did not find any interface with name %s: %v", config.BridgeName, err)
-	} else if _, ok := i.Link.(*netlink.Bridge); !ok {
-		return nil, fmt.Errorf("existing interface %s is not a bridge", i.Link.Attrs().Name)
-	}
-	return i, nil
-}
-
-// exists indicates if the existing bridge interface exists on the system.
-func (i *bridgeInterface) exists() bool {
-	return i.Link != nil
-}
-
-// addresses returns all IPv4 addresses and all IPv6 addresses for the bridge interface.
-func (i *bridgeInterface) addresses() ([]netlink.Addr, []netlink.Addr, error) {
-	v4addr, err := i.nlh.AddrList(i.Link, netlink.FAMILY_V4)
-	if err != nil {
-		return nil, nil, fmt.Errorf("Failed to retrieve V4 addresses: %v", err)
-	}
-
-	v6addr, err := i.nlh.AddrList(i.Link, netlink.FAMILY_V6)
-	if err != nil {
-		return nil, nil, fmt.Errorf("Failed to retrieve V6 addresses: %v", err)
-	}
-
-	if len(v4addr) == 0 {
-		return nil, v6addr, nil
-	}
-	return v4addr, v6addr, nil
-}
-
-func (i *bridgeInterface) programIPv6Address() error {
-	_, nlAddressList, err := i.addresses()
-	if err != nil {
-		return &IPv6AddrAddError{IP: i.bridgeIPv6, Err: fmt.Errorf("failed to retrieve address list: %v", err)}
-	}
-	nlAddr := netlink.Addr{IPNet: i.bridgeIPv6}
-	if findIPv6Address(nlAddr, nlAddressList) {
-		return nil
-	}
-	if err := i.nlh.AddrAdd(i.Link, &nlAddr); err != nil {
-		return &IPv6AddrAddError{IP: i.bridgeIPv6, Err: err}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/labels.go b/vendor/github.com/docker/libnetwork/drivers/bridge/labels.go
deleted file mode 100644
index 7447bd3f939de..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/labels.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package bridge
-
-const (
-	// BridgeName label for bridge driver
-	BridgeName = "com.docker.network.bridge.name"
-
-	// EnableIPMasquerade label for bridge driver
-	EnableIPMasquerade = "com.docker.network.bridge.enable_ip_masquerade"
-
-	// EnableICC label
-	EnableICC = "com.docker.network.bridge.enable_icc"
-
-	// DefaultBindingIP label
-	DefaultBindingIP = "com.docker.network.bridge.host_binding_ipv4"
-
-	// DefaultBridge label
-	DefaultBridge = "com.docker.network.bridge.default_bridge"
-)
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/link.go b/vendor/github.com/docker/libnetwork/drivers/bridge/link.go
deleted file mode 100644
index d364516f1ae25..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/link.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package bridge
-
-import (
-	"fmt"
-	"net"
-
-	"github.com/docker/libnetwork/iptables"
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-)
-
-type link struct {
-	parentIP string
-	childIP  string
-	ports    []types.TransportPort
-	bridge   string
-}
-
-func (l *link) String() string {
-	return fmt.Sprintf("%s <-> %s [%v] on %s", l.parentIP, l.childIP, l.ports, l.bridge)
-}
-
-func newLink(parentIP, childIP string, ports []types.TransportPort, bridge string) *link {
-	return &link{
-		childIP:  childIP,
-		parentIP: parentIP,
-		ports:    ports,
-		bridge:   bridge,
-	}
-
-}
-
-func (l *link) Enable() error {
-	// -A == iptables append flag
-	linkFunction := func() error {
-		return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false)
-	}
-
-	iptables.OnReloaded(func() { linkFunction() })
-	return linkFunction()
-}
-
-func (l *link) Disable() {
-	// -D == iptables delete flag
-	err := linkContainers("-D", l.parentIP, l.childIP, l.ports, l.bridge, true)
-	if err != nil {
-		logrus.Errorf("Error removing IPTables rules for a link %s due to %s", l.String(), err.Error())
-	}
-	// Return proper error once we move to use a proper iptables package
-	// that returns typed errors
-}
-
-func linkContainers(action, parentIP, childIP string, ports []types.TransportPort, bridge string,
-	ignoreErrors bool) error {
-	var nfAction iptables.Action
-
-	switch action {
-	case "-A":
-		nfAction = iptables.Append
-	case "-I":
-		nfAction = iptables.Insert
-	case "-D":
-		nfAction = iptables.Delete
-	default:
-		return InvalidIPTablesCfgError(action)
-	}
-
-	ip1 := net.ParseIP(parentIP)
-	if ip1 == nil {
-		return InvalidLinkIPAddrError(parentIP)
-	}
-	ip2 := net.ParseIP(childIP)
-	if ip2 == nil {
-		return InvalidLinkIPAddrError(childIP)
-	}
-
-	chain := iptables.ChainInfo{Name: DockerChain}
-	for _, port := range ports {
-		err := chain.Link(nfAction, ip1, ip2, int(port.Port), port.Proto.String(), bridge)
-		if !ignoreErrors && err != nil {
-			return err
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go b/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
deleted file mode 100644
index 739d9c6ba3329..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build arm ppc64 ppc64le
-
-package bridge
-
-func ifrDataByte(b byte) uint8 {
-	return uint8(b)
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go b/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
deleted file mode 100644
index df526952f7876..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build !arm,!ppc64,!ppc64le
-
-package bridge
-
-func ifrDataByte(b byte) int8 {
-	return int8(b)
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
deleted file mode 100644
index 853129fc2715f..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package bridge
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"net"
-
-	"github.com/docker/libnetwork/types"
-	"github.com/ishidawataru/sctp"
-	"github.com/sirupsen/logrus"
-)
-
-var (
-	defaultBindingIP = net.IPv4(0, 0, 0, 0)
-)
-
-func (n *bridgeNetwork) allocatePorts(ep *bridgeEndpoint, reqDefBindIP net.IP, ulPxyEnabled bool) ([]types.PortBinding, error) {
-	if ep.extConnConfig == nil || ep.extConnConfig.PortBindings == nil {
-		return nil, nil
-	}
-
-	defHostIP := defaultBindingIP
-	if reqDefBindIP != nil {
-		defHostIP = reqDefBindIP
-	}
-
-	return n.allocatePortsInternal(ep.extConnConfig.PortBindings, ep.addr.IP, defHostIP, ulPxyEnabled)
-}
-
-func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, containerIP, defHostIP net.IP, ulPxyEnabled bool) ([]types.PortBinding, error) {
-	bs := make([]types.PortBinding, 0, len(bindings))
-	for _, c := range bindings {
-		b := c.GetCopy()
-		if err := n.allocatePort(&b, containerIP, defHostIP, ulPxyEnabled); err != nil {
-			// On allocation failure, release previously allocated ports. On cleanup error, just log a warning message
-			if cuErr := n.releasePortsInternal(bs); cuErr != nil {
-				logrus.Warnf("Upon allocation failure for %v, failed to clear previously allocated port bindings: %v", b, cuErr)
-			}
-			return nil, err
-		}
-		bs = append(bs, b)
-	}
-	return bs, nil
-}
-
-func (n *bridgeNetwork) allocatePort(bnd *types.PortBinding, containerIP, defHostIP net.IP, ulPxyEnabled bool) error {
-	var (
-		host net.Addr
-		err  error
-	)
-
-	// Store the container interface address in the operational binding
-	bnd.IP = containerIP
-
-	// Adjust the host address in the operational binding
-	if len(bnd.HostIP) == 0 {
-		bnd.HostIP = defHostIP
-	}
-
-	// Adjust HostPortEnd if this is not a range.
-	if bnd.HostPortEnd == 0 {
-		bnd.HostPortEnd = bnd.HostPort
-	}
-
-	// Construct the container side transport address
-	container, err := bnd.ContainerAddr()
-	if err != nil {
-		return err
-	}
-
-	// Try up to maxAllocatePortAttempts times to get a port that's not already allocated.
-	for i := 0; i < maxAllocatePortAttempts; i++ {
-		if host, err = n.portMapper.MapRange(container, bnd.HostIP, int(bnd.HostPort), int(bnd.HostPortEnd), ulPxyEnabled); err == nil {
-			break
-		}
-		// There is no point in immediately retrying to map an explicitly chosen port.
-		if bnd.HostPort != 0 {
-			logrus.Warnf("Failed to allocate and map port %d-%d: %s", bnd.HostPort, bnd.HostPortEnd, err)
-			break
-		}
-		logrus.Warnf("Failed to allocate and map port: %s, retry: %d", err, i+1)
-	}
-	if err != nil {
-		return err
-	}
-
-	// Save the host port (regardless it was or not specified in the binding)
-	switch netAddr := host.(type) {
-	case *net.TCPAddr:
-		bnd.HostPort = uint16(host.(*net.TCPAddr).Port)
-		return nil
-	case *net.UDPAddr:
-		bnd.HostPort = uint16(host.(*net.UDPAddr).Port)
-		return nil
-	case *sctp.SCTPAddr:
-		bnd.HostPort = uint16(host.(*sctp.SCTPAddr).Port)
-		return nil
-	default:
-		// For completeness
-		return ErrUnsupportedAddressType(fmt.Sprintf("%T", netAddr))
-	}
-}
-
-func (n *bridgeNetwork) releasePorts(ep *bridgeEndpoint) error {
-	return n.releasePortsInternal(ep.portMapping)
-}
-
-func (n *bridgeNetwork) releasePortsInternal(bindings []types.PortBinding) error {
-	var errorBuf bytes.Buffer
-
-	// Attempt to release all port bindings, do not stop on failure
-	for _, m := range bindings {
-		if err := n.releasePort(m); err != nil {
-			errorBuf.WriteString(fmt.Sprintf("\ncould not release %v because of %v", m, err))
-		}
-	}
-
-	if errorBuf.Len() != 0 {
-		return errors.New(errorBuf.String())
-	}
-	return nil
-}
-
-func (n *bridgeNetwork) releasePort(bnd types.PortBinding) error {
-	// Construct the host side transport address
-	host, err := bnd.HostAddr()
-	if err != nil {
-		return err
-	}
-	return n.portMapper.Unmap(host)
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup.go
deleted file mode 100644
index eeb3611b78e56..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package bridge
-
-type setupStep func(*networkConfiguration, *bridgeInterface) error
-
-type bridgeSetup struct {
-	config *networkConfiguration
-	bridge *bridgeInterface
-	steps  []setupStep
-}
-
-func newBridgeSetup(c *networkConfiguration, i *bridgeInterface) *bridgeSetup {
-	return &bridgeSetup{config: c, bridge: i}
-}
-
-func (b *bridgeSetup) apply() error {
-	for _, fn := range b.steps {
-		if err := fn(b.config, b.bridge); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (b *bridgeSetup) queueStep(step setupStep) {
-	b.steps = append(b.steps, step)
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go
deleted file mode 100644
index a9dfd06771f8f..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package bridge
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/sirupsen/logrus"
-	"github.com/vishvananda/netlink"
-)
-
-// SetupDevice create a new bridge interface/
-func setupDevice(config *networkConfiguration, i *bridgeInterface) error {
-	var setMac bool
-
-	// We only attempt to create the bridge when the requested device name is
-	// the default one.
-	if config.BridgeName != DefaultBridgeName && config.DefaultBridge {
-		return NonDefaultBridgeExistError(config.BridgeName)
-	}
-
-	// Set the bridgeInterface netlink.Bridge.
-	i.Link = &netlink.Bridge{
-		LinkAttrs: netlink.LinkAttrs{
-			Name: config.BridgeName,
-		},
-	}
-
-	// Only set the bridge's MAC address if the kernel version is > 3.3, as it
-	// was not supported before that.
-	kv, err := kernel.GetKernelVersion()
-	if err != nil {
-		logrus.Errorf("Failed to check kernel versions: %v. Will not assign a MAC address to the bridge interface", err)
-	} else {
-		setMac = kv.Kernel > 3 || (kv.Kernel == 3 && kv.Major >= 3)
-	}
-
-	if err = i.nlh.LinkAdd(i.Link); err != nil {
-		logrus.Debugf("Failed to create bridge %s via netlink. Trying ioctl", config.BridgeName)
-		return ioctlCreateBridge(config.BridgeName, setMac)
-	}
-
-	if setMac {
-		hwAddr := netutils.GenerateRandomMAC()
-		if err = i.nlh.LinkSetHardwareAddr(i.Link, hwAddr); err != nil {
-			return fmt.Errorf("failed to set bridge mac-address %s : %s", hwAddr, err.Error())
-		}
-		logrus.Debugf("Setting bridge mac address to %s", hwAddr)
-	}
-	return err
-}
-
-// SetupDeviceUp ups the given bridge interface.
-func setupDeviceUp(config *networkConfiguration, i *bridgeInterface) error {
-	err := i.nlh.LinkSetUp(i.Link)
-	if err != nil {
-		return fmt.Errorf("Failed to set link up for %s: %v", config.BridgeName, err)
-	}
-
-	// Attempt to update the bridge interface to refresh the flags status,
-	// ignoring any failure to do so.
-	if lnk, err := i.nlh.LinkByName(config.BridgeName); err == nil {
-		i.Link = lnk
-	} else {
-		logrus.Warnf("Failed to retrieve link for interface (%s): %v", config.BridgeName, err)
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_firewalld.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_firewalld.go
deleted file mode 100644
index 50cbdb1ddcef4..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_firewalld.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package bridge
-
-import "github.com/docker/libnetwork/iptables"
-
-func (n *bridgeNetwork) setupFirewalld(config *networkConfiguration, i *bridgeInterface) error {
-	d := n.driver
-	d.Lock()
-	driverConfig := d.config
-	d.Unlock()
-
-	// Sanity check.
-	if !driverConfig.EnableIPTables {
-		return IPTableCfgError(config.BridgeName)
-	}
-
-	iptables.OnReloaded(func() { n.setupIPTables(config, i) })
-	iptables.OnReloaded(n.portMapper.ReMapAll)
-
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go
deleted file mode 100644
index 355a14d996991..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package bridge
-
-import (
-	"fmt"
-	"io/ioutil"
-
-	"github.com/docker/libnetwork/iptables"
-	"github.com/sirupsen/logrus"
-)
-
-const (
-	ipv4ForwardConf     = "/proc/sys/net/ipv4/ip_forward"
-	ipv4ForwardConfPerm = 0644
-)
-
-func configureIPForwarding(enable bool) error {
-	var val byte
-	if enable {
-		val = '1'
-	}
-	return ioutil.WriteFile(ipv4ForwardConf, []byte{val, '\n'}, ipv4ForwardConfPerm)
-}
-
-func setupIPForwarding(enableIPTables bool) error {
-	// Get current IPv4 forward setup
-	ipv4ForwardData, err := ioutil.ReadFile(ipv4ForwardConf)
-	if err != nil {
-		return fmt.Errorf("Cannot read IP forwarding setup: %v", err)
-	}
-
-	// Enable IPv4 forwarding only if it is not already enabled
-	if ipv4ForwardData[0] != '1' {
-		// Enable IPv4 forwarding
-		if err := configureIPForwarding(true); err != nil {
-			return fmt.Errorf("Enabling IP forwarding failed: %v", err)
-		}
-		// When enabling ip_forward set the default policy on forward chain to
-		// drop only if the daemon option iptables is not set to false.
-		if !enableIPTables {
-			return nil
-		}
-		if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
-			if err := configureIPForwarding(false); err != nil {
-				logrus.Errorf("Disabling IP forwarding failed, %v", err)
-			}
-			return err
-		}
-		iptables.OnReloaded(func() {
-			logrus.Debug("Setting the default DROP policy on firewall reload")
-			if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
-				logrus.Warnf("Settig the default DROP policy on firewall reload failed, %v", err)
-			}
-		})
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
deleted file mode 100644
index 5865a18f18d25..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
+++ /dev/null
@@ -1,363 +0,0 @@
-package bridge
-
-import (
-	"errors"
-	"fmt"
-	"net"
-
-	"github.com/docker/libnetwork/iptables"
-	"github.com/sirupsen/logrus"
-	"github.com/vishvananda/netlink"
-)
-
-// DockerChain: DOCKER iptable chain name
-const (
-	DockerChain = "DOCKER"
-	// Isolation between bridge networks is achieved in two stages by means
-	// of the following two chains in the filter table. The first chain matches
-	// on the source interface being a bridge network's bridge and the
-	// destination being a different interface. A positive match leads to the
-	// second isolation chain. No match returns to the parent chain. The second
-	// isolation chain matches on destination interface being a bridge network's
-	// bridge. A positive match identifies a packet originated from one bridge
-	// network's bridge destined to another bridge network's bridge and will
-	// result in the packet being dropped. No match returns to the parent chain.
-	IsolationChain1 = "DOCKER-ISOLATION-STAGE-1"
-	IsolationChain2 = "DOCKER-ISOLATION-STAGE-2"
-)
-
-func setupIPChains(config *configuration) (*iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, error) {
-	// Sanity check.
-	if config.EnableIPTables == false {
-		return nil, nil, nil, nil, errors.New("cannot create new chains, EnableIPTable is disabled")
-	}
-
-	hairpinMode := !config.EnableUserlandProxy
-
-	natChain, err := iptables.NewChain(DockerChain, iptables.Nat, hairpinMode)
-	if err != nil {
-		return nil, nil, nil, nil, fmt.Errorf("failed to create NAT chain %s: %v", DockerChain, err)
-	}
-	defer func() {
-		if err != nil {
-			if err := iptables.RemoveExistingChain(DockerChain, iptables.Nat); err != nil {
-				logrus.Warnf("failed on removing iptables NAT chain %s on cleanup: %v", DockerChain, err)
-			}
-		}
-	}()
-
-	filterChain, err := iptables.NewChain(DockerChain, iptables.Filter, false)
-	if err != nil {
-		return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER chain %s: %v", DockerChain, err)
-	}
-	defer func() {
-		if err != nil {
-			if err := iptables.RemoveExistingChain(DockerChain, iptables.Filter); err != nil {
-				logrus.Warnf("failed on removing iptables FILTER chain %s on cleanup: %v", DockerChain, err)
-			}
-		}
-	}()
-
-	isolationChain1, err := iptables.NewChain(IsolationChain1, iptables.Filter, false)
-	if err != nil {
-		return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER isolation chain: %v", err)
-	}
-	defer func() {
-		if err != nil {
-			if err := iptables.RemoveExistingChain(IsolationChain1, iptables.Filter); err != nil {
-				logrus.Warnf("failed on removing iptables FILTER chain %s on cleanup: %v", IsolationChain1, err)
-			}
-		}
-	}()
-
-	isolationChain2, err := iptables.NewChain(IsolationChain2, iptables.Filter, false)
-	if err != nil {
-		return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER isolation chain: %v", err)
-	}
-	defer func() {
-		if err != nil {
-			if err := iptables.RemoveExistingChain(IsolationChain2, iptables.Filter); err != nil {
-				logrus.Warnf("failed on removing iptables FILTER chain %s on cleanup: %v", IsolationChain2, err)
-			}
-		}
-	}()
-
-	if err := iptables.AddReturnRule(IsolationChain1); err != nil {
-		return nil, nil, nil, nil, err
-	}
-
-	if err := iptables.AddReturnRule(IsolationChain2); err != nil {
-		return nil, nil, nil, nil, err
-	}
-
-	return natChain, filterChain, isolationChain1, isolationChain2, nil
-}
-
-func (n *bridgeNetwork) setupIPTables(config *networkConfiguration, i *bridgeInterface) error {
-	var err error
-
-	d := n.driver
-	d.Lock()
-	driverConfig := d.config
-	d.Unlock()
-
-	// Sanity check.
-	if driverConfig.EnableIPTables == false {
-		return errors.New("Cannot program chains, EnableIPTable is disabled")
-	}
-
-	// Pickup this configuration option from driver
-	hairpinMode := !driverConfig.EnableUserlandProxy
-
-	maskedAddrv4 := &net.IPNet{
-		IP:   i.bridgeIPv4.IP.Mask(i.bridgeIPv4.Mask),
-		Mask: i.bridgeIPv4.Mask,
-	}
-	if config.Internal {
-		if err = setupInternalNetworkRules(config.BridgeName, maskedAddrv4, config.EnableICC, true); err != nil {
-			return fmt.Errorf("Failed to Setup IP tables: %s", err.Error())
-		}
-		n.registerIptCleanFunc(func() error {
-			return setupInternalNetworkRules(config.BridgeName, maskedAddrv4, config.EnableICC, false)
-		})
-	} else {
-		if err = setupIPTablesInternal(config.BridgeName, maskedAddrv4, config.EnableICC, config.EnableIPMasquerade, hairpinMode, true); err != nil {
-			return fmt.Errorf("Failed to Setup IP tables: %s", err.Error())
-		}
-		n.registerIptCleanFunc(func() error {
-			return setupIPTablesInternal(config.BridgeName, maskedAddrv4, config.EnableICC, config.EnableIPMasquerade, hairpinMode, false)
-		})
-		natChain, filterChain, _, _, err := n.getDriverChains()
-		if err != nil {
-			return fmt.Errorf("Failed to setup IP tables, cannot acquire chain info %s", err.Error())
-		}
-
-		err = iptables.ProgramChain(natChain, config.BridgeName, hairpinMode, true)
-		if err != nil {
-			return fmt.Errorf("Failed to program NAT chain: %s", err.Error())
-		}
-
-		err = iptables.ProgramChain(filterChain, config.BridgeName, hairpinMode, true)
-		if err != nil {
-			return fmt.Errorf("Failed to program FILTER chain: %s", err.Error())
-		}
-
-		n.registerIptCleanFunc(func() error {
-			return iptables.ProgramChain(filterChain, config.BridgeName, hairpinMode, false)
-		})
-
-		n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName())
-	}
-
-	d.Lock()
-	err = iptables.EnsureJumpRule("FORWARD", IsolationChain1)
-	d.Unlock()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-type iptRule struct {
-	table   iptables.Table
-	chain   string
-	preArgs []string
-	args    []string
-}
-
-func setupIPTablesInternal(bridgeIface string, addr net.Addr, icc, ipmasq, hairpin, enable bool) error {
-
-	var (
-		address   = addr.String()
-		natRule   = iptRule{table: iptables.Nat, chain: "POSTROUTING", preArgs: []string{"-t", "nat"}, args: []string{"-s", address, "!", "-o", bridgeIface, "-j", "MASQUERADE"}}
-		hpNatRule = iptRule{table: iptables.Nat, chain: "POSTROUTING", preArgs: []string{"-t", "nat"}, args: []string{"-m", "addrtype", "--src-type", "LOCAL", "-o", bridgeIface, "-j", "MASQUERADE"}}
-		skipDNAT  = iptRule{table: iptables.Nat, chain: DockerChain, preArgs: []string{"-t", "nat"}, args: []string{"-i", bridgeIface, "-j", "RETURN"}}
-		outRule   = iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-i", bridgeIface, "!", "-o", bridgeIface, "-j", "ACCEPT"}}
-	)
-
-	// Set NAT.
-	if ipmasq {
-		if err := programChainRule(natRule, "NAT", enable); err != nil {
-			return err
-		}
-	}
-
-	if ipmasq && !hairpin {
-		if err := programChainRule(skipDNAT, "SKIP DNAT", enable); err != nil {
-			return err
-		}
-	}
-
-	// In hairpin mode, masquerade traffic from localhost
-	if hairpin {
-		if err := programChainRule(hpNatRule, "MASQ LOCAL HOST", enable); err != nil {
-			return err
-		}
-	}
-
-	// Set Inter Container Communication.
-	if err := setIcc(bridgeIface, icc, enable); err != nil {
-		return err
-	}
-
-	// Set Accept on all non-intercontainer outgoing packets.
-	return programChainRule(outRule, "ACCEPT NON_ICC OUTGOING", enable)
-}
-
-func programChainRule(rule iptRule, ruleDescr string, insert bool) error {
-	var (
-		prefix    []string
-		operation string
-		condition bool
-		doesExist = iptables.Exists(rule.table, rule.chain, rule.args...)
-	)
-
-	if insert {
-		condition = !doesExist
-		prefix = []string{"-I", rule.chain}
-		operation = "enable"
-	} else {
-		condition = doesExist
-		prefix = []string{"-D", rule.chain}
-		operation = "disable"
-	}
-	if rule.preArgs != nil {
-		prefix = append(rule.preArgs, prefix...)
-	}
-
-	if condition {
-		if err := iptables.RawCombinedOutput(append(prefix, rule.args...)...); err != nil {
-			return fmt.Errorf("Unable to %s %s rule: %s", operation, ruleDescr, err.Error())
-		}
-	}
-
-	return nil
-}
-
-func setIcc(bridgeIface string, iccEnable, insert bool) error {
-	var (
-		table      = iptables.Filter
-		chain      = "FORWARD"
-		args       = []string{"-i", bridgeIface, "-o", bridgeIface, "-j"}
-		acceptArgs = append(args, "ACCEPT")
-		dropArgs   = append(args, "DROP")
-	)
-
-	if insert {
-		if !iccEnable {
-			iptables.Raw(append([]string{"-D", chain}, acceptArgs...)...)
-
-			if !iptables.Exists(table, chain, dropArgs...) {
-				if err := iptables.RawCombinedOutput(append([]string{"-A", chain}, dropArgs...)...); err != nil {
-					return fmt.Errorf("Unable to prevent intercontainer communication: %s", err.Error())
-				}
-			}
-		} else {
-			iptables.Raw(append([]string{"-D", chain}, dropArgs...)...)
-
-			if !iptables.Exists(table, chain, acceptArgs...) {
-				if err := iptables.RawCombinedOutput(append([]string{"-I", chain}, acceptArgs...)...); err != nil {
-					return fmt.Errorf("Unable to allow intercontainer communication: %s", err.Error())
-				}
-			}
-		}
-	} else {
-		// Remove any ICC rule.
-		if !iccEnable {
-			if iptables.Exists(table, chain, dropArgs...) {
-				iptables.Raw(append([]string{"-D", chain}, dropArgs...)...)
-			}
-		} else {
-			if iptables.Exists(table, chain, acceptArgs...) {
-				iptables.Raw(append([]string{"-D", chain}, acceptArgs...)...)
-			}
-		}
-	}
-
-	return nil
-}
-
-// Control Inter Network Communication. Install[Remove] only if it is [not] present.
-func setINC(iface string, enable bool) error {
-	var (
-		action    = iptables.Insert
-		actionMsg = "add"
-		chains    = []string{IsolationChain1, IsolationChain2}
-		rules     = [][]string{
-			{"-i", iface, "!", "-o", iface, "-j", IsolationChain2},
-			{"-o", iface, "-j", "DROP"},
-		}
-	)
-
-	if !enable {
-		action = iptables.Delete
-		actionMsg = "remove"
-	}
-
-	for i, chain := range chains {
-		if err := iptables.ProgramRule(iptables.Filter, chain, action, rules[i]); err != nil {
-			msg := fmt.Sprintf("unable to %s inter-network communication rule: %v", actionMsg, err)
-			if enable {
-				if i == 1 {
-					// Rollback the rule installed on first chain
-					if err2 := iptables.ProgramRule(iptables.Filter, chains[0], iptables.Delete, rules[0]); err2 != nil {
-						logrus.Warn("Failed to rollback iptables rule after failure (%v): %v", err, err2)
-					}
-				}
-				return fmt.Errorf(msg)
-			}
-			logrus.Warn(msg)
-		}
-	}
-
-	return nil
-}
-
-// Obsolete chain from previous docker versions
-const oldIsolationChain = "DOCKER-ISOLATION"
-
-func removeIPChains() {
-	// Remove obsolete rules from default chains
-	iptables.ProgramRule(iptables.Filter, "FORWARD", iptables.Delete, []string{"-j", oldIsolationChain})
-
-	// Remove chains
-	for _, chainInfo := range []iptables.ChainInfo{
-		{Name: DockerChain, Table: iptables.Nat},
-		{Name: DockerChain, Table: iptables.Filter},
-		{Name: IsolationChain1, Table: iptables.Filter},
-		{Name: IsolationChain2, Table: iptables.Filter},
-		{Name: oldIsolationChain, Table: iptables.Filter},
-	} {
-		if err := chainInfo.Remove(); err != nil {
-			logrus.Warnf("Failed to remove existing iptables entries in table %s chain %s : %v", chainInfo.Table, chainInfo.Name, err)
-		}
-	}
-}
-
-func setupInternalNetworkRules(bridgeIface string, addr net.Addr, icc, insert bool) error {
-	var (
-		inDropRule  = iptRule{table: iptables.Filter, chain: IsolationChain1, args: []string{"-i", bridgeIface, "!", "-d", addr.String(), "-j", "DROP"}}
-		outDropRule = iptRule{table: iptables.Filter, chain: IsolationChain1, args: []string{"-o", bridgeIface, "!", "-s", addr.String(), "-j", "DROP"}}
-	)
-	if err := programChainRule(inDropRule, "DROP INCOMING", insert); err != nil {
-		return err
-	}
-	if err := programChainRule(outDropRule, "DROP OUTGOING", insert); err != nil {
-		return err
-	}
-	// Set Inter Container Communication.
-	return setIcc(bridgeIface, icc, insert)
-}
-
-func clearEndpointConnections(nlh *netlink.Handle, ep *bridgeEndpoint) {
-	var ipv4List []net.IP
-	var ipv6List []net.IP
-	if ep.addr != nil {
-		ipv4List = append(ipv4List, ep.addr.IP)
-	}
-	if ep.addrv6 != nil {
-		ipv6List = append(ipv6List, ep.addrv6.IP)
-	}
-	iptables.DeleteConntrackEntries(nlh, ipv4List, ipv6List)
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ipv4.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ipv4.go
deleted file mode 100644
index 983669f324b84..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ipv4.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package bridge
-
-import (
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net"
-	"path/filepath"
-
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-	"github.com/vishvananda/netlink"
-)
-
-func selectIPv4Address(addresses []netlink.Addr, selector *net.IPNet) (netlink.Addr, error) {
-	if len(addresses) == 0 {
-		return netlink.Addr{}, errors.New("unable to select an address as the address pool is empty")
-	}
-	if selector != nil {
-		for _, addr := range addresses {
-			if selector.Contains(addr.IP) {
-				return addr, nil
-			}
-		}
-	}
-	return addresses[0], nil
-}
-
-func setupBridgeIPv4(config *networkConfiguration, i *bridgeInterface) error {
-	addrv4List, _, err := i.addresses()
-	if err != nil {
-		return fmt.Errorf("failed to retrieve bridge interface addresses: %v", err)
-	}
-
-	addrv4, _ := selectIPv4Address(addrv4List, config.AddressIPv4)
-
-	if !types.CompareIPNet(addrv4.IPNet, config.AddressIPv4) {
-		if addrv4.IPNet != nil {
-			if err := i.nlh.AddrDel(i.Link, &addrv4); err != nil {
-				return fmt.Errorf("failed to remove current ip address from bridge: %v", err)
-			}
-		}
-		logrus.Debugf("Assigning address to bridge interface %s: %s", config.BridgeName, config.AddressIPv4)
-		if err := i.nlh.AddrAdd(i.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {
-			return &IPv4AddrAddError{IP: config.AddressIPv4, Err: err}
-		}
-	}
-
-	// Store bridge network and default gateway
-	i.bridgeIPv4 = config.AddressIPv4
-	i.gatewayIPv4 = config.AddressIPv4.IP
-
-	return nil
-}
-
-func setupGatewayIPv4(config *networkConfiguration, i *bridgeInterface) error {
-	if !i.bridgeIPv4.Contains(config.DefaultGatewayIPv4) {
-		return &ErrInvalidGateway{}
-	}
-
-	// Store requested default gateway
-	i.gatewayIPv4 = config.DefaultGatewayIPv4
-
-	return nil
-}
-
-func setupLoopbackAddressesRouting(config *networkConfiguration, i *bridgeInterface) error {
-	sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")
-	ipv4LoRoutingData, err := ioutil.ReadFile(sysPath)
-	if err != nil {
-		return fmt.Errorf("Cannot read IPv4 local routing setup: %v", err)
-	}
-	// Enable loopback addresses routing only if it isn't already enabled
-	if ipv4LoRoutingData[0] != '1' {
-		if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
-			return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ipv6.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ipv6.go
deleted file mode 100644
index b944be081e3dd..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ipv6.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package bridge
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net"
-	"os"
-
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-	"github.com/vishvananda/netlink"
-)
-
-var bridgeIPv6 *net.IPNet
-
-const (
-	bridgeIPv6Str          = "fe80::1/64"
-	ipv6ForwardConfPerm    = 0644
-	ipv6ForwardConfDefault = "/proc/sys/net/ipv6/conf/default/forwarding"
-	ipv6ForwardConfAll     = "/proc/sys/net/ipv6/conf/all/forwarding"
-)
-
-func init() {
-	// We allow ourselves to panic in this special case because we indicate a
-	// failure to parse a compile-time define constant.
-	var err error
-	if bridgeIPv6, err = types.ParseCIDR(bridgeIPv6Str); err != nil {
-		panic(fmt.Sprintf("Cannot parse default bridge IPv6 address %q: %v", bridgeIPv6Str, err))
-	}
-}
-
-func setupBridgeIPv6(config *networkConfiguration, i *bridgeInterface) error {
-	procFile := "/proc/sys/net/ipv6/conf/" + config.BridgeName + "/disable_ipv6"
-	ipv6BridgeData, err := ioutil.ReadFile(procFile)
-	if err != nil {
-		return fmt.Errorf("Cannot read IPv6 setup for bridge %v: %v", config.BridgeName, err)
-	}
-	// Enable IPv6 on the bridge only if it isn't already enabled
-	if ipv6BridgeData[0] != '0' {
-		if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil {
-			return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err)
-		}
-	}
-
-	// Store bridge network and default gateway
-	i.bridgeIPv6 = bridgeIPv6
-	i.gatewayIPv6 = i.bridgeIPv6.IP
-
-	if err := i.programIPv6Address(); err != nil {
-		return err
-	}
-
-	if config.AddressIPv6 == nil {
-		return nil
-	}
-
-	// Store the user specified bridge network and network gateway and program it
-	i.bridgeIPv6 = config.AddressIPv6
-	i.gatewayIPv6 = config.AddressIPv6.IP
-
-	if err := i.programIPv6Address(); err != nil {
-		return err
-	}
-
-	// Setting route to global IPv6 subnet
-	logrus.Debugf("Adding route to IPv6 network %s via device %s", config.AddressIPv6.String(), config.BridgeName)
-	err = i.nlh.RouteAdd(&netlink.Route{
-		Scope:     netlink.SCOPE_UNIVERSE,
-		LinkIndex: i.Link.Attrs().Index,
-		Dst:       config.AddressIPv6,
-	})
-	if err != nil && !os.IsExist(err) {
-		logrus.Errorf("Could not add route to IPv6 network %s via device %s", config.AddressIPv6.String(), config.BridgeName)
-	}
-
-	return nil
-}
-
-func setupGatewayIPv6(config *networkConfiguration, i *bridgeInterface) error {
-	if config.AddressIPv6 == nil {
-		return &ErrInvalidContainerSubnet{}
-	}
-	if !config.AddressIPv6.Contains(config.DefaultGatewayIPv6) {
-		return &ErrInvalidGateway{}
-	}
-
-	// Store requested default gateway
-	i.gatewayIPv6 = config.DefaultGatewayIPv6
-
-	return nil
-}
-
-func setupIPv6Forwarding(config *networkConfiguration, i *bridgeInterface) error {
-	// Get current IPv6 default forwarding setup
-	ipv6ForwardDataDefault, err := ioutil.ReadFile(ipv6ForwardConfDefault)
-	if err != nil {
-		return fmt.Errorf("Cannot read IPv6 default forwarding setup: %v", err)
-	}
-	// Enable IPv6 default forwarding only if it is not already enabled
-	if ipv6ForwardDataDefault[0] != '1' {
-		if err := ioutil.WriteFile(ipv6ForwardConfDefault, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
-			logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err)
-		}
-	}
-
-	// Get current IPv6 all forwarding setup
-	ipv6ForwardDataAll, err := ioutil.ReadFile(ipv6ForwardConfAll)
-	if err != nil {
-		return fmt.Errorf("Cannot read IPv6 all forwarding setup: %v", err)
-	}
-	// Enable IPv6 all forwarding only if it is not already enabled
-	if ipv6ForwardDataAll[0] != '1' {
-		if err := ioutil.WriteFile(ipv6ForwardConfAll, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
-			logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err)
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/host/host.go b/vendor/github.com/docker/libnetwork/drivers/host/host.go
deleted file mode 100644
index a71d461380f8e..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/host/host.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package host
-
-import (
-	"sync"
-
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/types"
-)
-
-const networkType = "host"
-
-type driver struct {
-	network string
-	sync.Mutex
-}
-
-// Init registers a new instance of host driver
-func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
-	c := driverapi.Capability{
-		DataScope:         datastore.LocalScope,
-		ConnectivityScope: datastore.LocalScope,
-	}
-	return dc.RegisterDriver(networkType, &driver{}, c)
-}
-
-func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
-	return nil, types.NotImplementedErrorf("not implemented")
-}
-
-func (d *driver) NetworkFree(id string) error {
-	return types.NotImplementedErrorf("not implemented")
-}
-
-func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
-}
-
-func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
-	return "", nil
-}
-
-func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
-	d.Lock()
-	defer d.Unlock()
-
-	if d.network != "" {
-		return types.ForbiddenErrorf("only one instance of \"%s\" network is allowed", networkType)
-	}
-
-	d.network = id
-
-	return nil
-}
-
-func (d *driver) DeleteNetwork(nid string) error {
-	return types.ForbiddenErrorf("network of type \"%s\" cannot be deleted", networkType)
-}
-
-func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
-	return nil
-}
-
-func (d *driver) DeleteEndpoint(nid, eid string) error {
-	return nil
-}
-
-func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
-	return make(map[string]interface{}, 0), nil
-}
-
-// Join method is invoked when a Sandbox is attached to an endpoint.
-func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
-	return nil
-}
-
-// Leave method is invoked when a Sandbox detaches from an endpoint.
-func (d *driver) Leave(nid, eid string) error {
-	return nil
-}
-
-func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
-	return nil
-}
-
-func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
-	return nil
-}
-
-func (d *driver) Type() string {
-	return networkType
-}
-
-func (d *driver) IsBuiltIn() bool {
-	return true
-}
-
-// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
-func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
-
-// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
-func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_joinleave.go b/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_joinleave.go
deleted file mode 100644
index fc56bce5a6681..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_joinleave.go
+++ /dev/null
@@ -1,199 +0,0 @@
-package ipvlan
-
-import (
-	"fmt"
-	"net"
-
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-)
-
-type staticRoute struct {
-	Destination *net.IPNet
-	RouteType   int
-	NextHop     net.IP
-}
-
-const (
-	defaultV4RouteCidr = "0.0.0.0/0"
-	defaultV6RouteCidr = "::/0"
-)
-
-// Join method is invoked when a Sandbox is attached to an endpoint.
-func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
-	defer osl.InitOSContext()()
-	n, err := d.getNetwork(nid)
-	if err != nil {
-		return err
-	}
-	endpoint := n.endpoint(eid)
-	if endpoint == nil {
-		return fmt.Errorf("could not find endpoint with id %s", eid)
-	}
-	// generate a name for the iface that will be renamed to eth0 in the sbox
-	containerIfName, err := netutils.GenerateIfaceName(ns.NlHandle(), vethPrefix, vethLen)
-	if err != nil {
-		return fmt.Errorf("error generating an interface name: %v", err)
-	}
-	// create the netlink ipvlan interface
-	vethName, err := createIPVlan(containerIfName, n.config.Parent, n.config.IpvlanMode)
-	if err != nil {
-		return err
-	}
-	// bind the generated iface name to the endpoint
-	endpoint.srcName = vethName
-	ep := n.endpoint(eid)
-	if ep == nil {
-		return fmt.Errorf("could not find endpoint with id %s", eid)
-	}
-	if n.config.IpvlanMode == modeL3 {
-		// disable gateway services to add a default gw using dev eth0 only
-		jinfo.DisableGatewayService()
-		defaultRoute, err := ifaceGateway(defaultV4RouteCidr)
-		if err != nil {
-			return err
-		}
-		if err := jinfo.AddStaticRoute(defaultRoute.Destination, defaultRoute.RouteType, defaultRoute.NextHop); err != nil {
-			return fmt.Errorf("failed to set an ipvlan l3 mode ipv4 default gateway: %v", err)
-		}
-		logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, Ipvlan_Mode: %s, Parent: %s",
-			ep.addr.IP.String(), n.config.IpvlanMode, n.config.Parent)
-		// If the endpoint has a v6 address, set a v6 default route
-		if ep.addrv6 != nil {
-			default6Route, err := ifaceGateway(defaultV6RouteCidr)
-			if err != nil {
-				return err
-			}
-			if err = jinfo.AddStaticRoute(default6Route.Destination, default6Route.RouteType, default6Route.NextHop); err != nil {
-				return fmt.Errorf("failed to set an ipvlan l3 mode ipv6 default gateway: %v", err)
-			}
-			logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s, Ipvlan_Mode: %s, Parent: %s",
-				ep.addrv6.IP.String(), n.config.IpvlanMode, n.config.Parent)
-		}
-	}
-	if n.config.IpvlanMode == modeL2 {
-		// parse and correlate the endpoint v4 address with the available v4 subnets
-		if len(n.config.Ipv4Subnets) > 0 {
-			s := n.getSubnetforIPv4(ep.addr)
-			if s == nil {
-				return fmt.Errorf("could not find a valid ipv4 subnet for endpoint %s", eid)
-			}
-			v4gw, _, err := net.ParseCIDR(s.GwIP)
-			if err != nil {
-				return fmt.Errorf("gateway %s is not a valid ipv4 address: %v", s.GwIP, err)
-			}
-			err = jinfo.SetGateway(v4gw)
-			if err != nil {
-				return err
-			}
-			logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, Gateway: %s, Ipvlan_Mode: %s, Parent: %s",
-				ep.addr.IP.String(), v4gw.String(), n.config.IpvlanMode, n.config.Parent)
-		}
-		// parse and correlate the endpoint v6 address with the available v6 subnets
-		if len(n.config.Ipv6Subnets) > 0 {
-			s := n.getSubnetforIPv6(ep.addrv6)
-			if s == nil {
-				return fmt.Errorf("could not find a valid ipv6 subnet for endpoint %s", eid)
-			}
-			v6gw, _, err := net.ParseCIDR(s.GwIP)
-			if err != nil {
-				return fmt.Errorf("gateway %s is not a valid ipv6 address: %v", s.GwIP, err)
-			}
-			err = jinfo.SetGatewayIPv6(v6gw)
-			if err != nil {
-				return err
-			}
-			logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s, Gateway: %s, Ipvlan_Mode: %s, Parent: %s",
-				ep.addrv6.IP.String(), v6gw.String(), n.config.IpvlanMode, n.config.Parent)
-		}
-	}
-	iNames := jinfo.InterfaceName()
-	err = iNames.SetNames(vethName, containerVethPrefix)
-	if err != nil {
-		return err
-	}
-	if err = d.storeUpdate(ep); err != nil {
-		return fmt.Errorf("failed to save ipvlan endpoint %.7s to store: %v", ep.id, err)
-	}
-
-	return nil
-}
-
-// Leave method is invoked when a Sandbox detaches from an endpoint.
-func (d *driver) Leave(nid, eid string) error {
-	defer osl.InitOSContext()()
-	network, err := d.getNetwork(nid)
-	if err != nil {
-		return err
-	}
-	endpoint, err := network.getEndpoint(eid)
-	if err != nil {
-		return err
-	}
-	if endpoint == nil {
-		return fmt.Errorf("could not find endpoint with id %s", eid)
-	}
-
-	return nil
-}
-
-// ifaceGateway returns a static route for either v4/v6 to be set to the container eth0
-func ifaceGateway(dfNet string) (*staticRoute, error) {
-	nh, dst, err := net.ParseCIDR(dfNet)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse default route %v", err)
-	}
-	defaultRoute := &staticRoute{
-		Destination: dst,
-		RouteType:   types.CONNECTED,
-		NextHop:     nh,
-	}
-
-	return defaultRoute, nil
-}
-
-// getSubnetforIPv4 returns the ipv4 subnet to which the given IP belongs
-func (n *network) getSubnetforIPv4(ip *net.IPNet) *ipv4Subnet {
-	for _, s := range n.config.Ipv4Subnets {
-		_, snet, err := net.ParseCIDR(s.SubnetIP)
-		if err != nil {
-			return nil
-		}
-		// first check if the mask lengths are the same
-		i, _ := snet.Mask.Size()
-		j, _ := ip.Mask.Size()
-		if i != j {
-			continue
-		}
-		if snet.Contains(ip.IP) {
-			return s
-		}
-	}
-
-	return nil
-}
-
-// getSubnetforIPv6 returns the ipv6 subnet to which the given IP belongs
-func (n *network) getSubnetforIPv6(ip *net.IPNet) *ipv6Subnet {
-	for _, s := range n.config.Ipv6Subnets {
-		_, snet, err := net.ParseCIDR(s.SubnetIP)
-		if err != nil {
-			return nil
-		}
-		// first check if the mask lengths are the same
-		i, _ := snet.Mask.Size()
-		j, _ := ip.Mask.Size()
-		if i != j {
-			continue
-		}
-		if snet.Contains(ip.IP) {
-			return s
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_joinleave.go b/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_joinleave.go
deleted file mode 100644
index 72d5c24ddc4e5..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan_joinleave.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package macvlan
-
-import (
-	"fmt"
-	"net"
-
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netutils"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/osl"
-	"github.com/sirupsen/logrus"
-)
-
-// Join method is invoked when a Sandbox is attached to an endpoint.
-func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
-	defer osl.InitOSContext()()
-	n, err := d.getNetwork(nid)
-	if err != nil {
-		return err
-	}
-	endpoint := n.endpoint(eid)
-	if endpoint == nil {
-		return fmt.Errorf("could not find endpoint with id %s", eid)
-	}
-	// generate a name for the iface that will be renamed to eth0 in the sbox
-	containerIfName, err := netutils.GenerateIfaceName(ns.NlHandle(), vethPrefix, vethLen)
-	if err != nil {
-		return fmt.Errorf("error generating an interface name: %s", err)
-	}
-	// create the netlink macvlan interface
-	vethName, err := createMacVlan(containerIfName, n.config.Parent, n.config.MacvlanMode)
-	if err != nil {
-		return err
-	}
-	// bind the generated iface name to the endpoint
-	endpoint.srcName = vethName
-	ep := n.endpoint(eid)
-	if ep == nil {
-		return fmt.Errorf("could not find endpoint with id %s", eid)
-	}
-	// parse and match the endpoint address with the available v4 subnets
-	if len(n.config.Ipv4Subnets) > 0 {
-		s := n.getSubnetforIPv4(ep.addr)
-		if s == nil {
-			return fmt.Errorf("could not find a valid ipv4 subnet for endpoint %s", eid)
-		}
-		v4gw, _, err := net.ParseCIDR(s.GwIP)
-		if err != nil {
-			return fmt.Errorf("gateway %s is not a valid ipv4 address: %v", s.GwIP, err)
-		}
-		err = jinfo.SetGateway(v4gw)
-		if err != nil {
-			return err
-		}
-		logrus.Debugf("Macvlan Endpoint Joined with IPv4_Addr: %s, Gateway: %s, MacVlan_Mode: %s, Parent: %s",
-			ep.addr.IP.String(), v4gw.String(), n.config.MacvlanMode, n.config.Parent)
-	}
-	// parse and match the endpoint address with the available v6 subnets
-	if len(n.config.Ipv6Subnets) > 0 {
-		s := n.getSubnetforIPv6(ep.addrv6)
-		if s == nil {
-			return fmt.Errorf("could not find a valid ipv6 subnet for endpoint %s", eid)
-		}
-		v6gw, _, err := net.ParseCIDR(s.GwIP)
-		if err != nil {
-			return fmt.Errorf("gateway %s is not a valid ipv6 address: %v", s.GwIP, err)
-		}
-		err = jinfo.SetGatewayIPv6(v6gw)
-		if err != nil {
-			return err
-		}
-		logrus.Debugf("Macvlan Endpoint Joined with IPv6_Addr: %s Gateway: %s MacVlan_Mode: %s, Parent: %s",
-			ep.addrv6.IP.String(), v6gw.String(), n.config.MacvlanMode, n.config.Parent)
-	}
-	iNames := jinfo.InterfaceName()
-	err = iNames.SetNames(vethName, containerVethPrefix)
-	if err != nil {
-		return err
-	}
-	if err := d.storeUpdate(ep); err != nil {
-		return fmt.Errorf("failed to save macvlan endpoint %.7s to store: %v", ep.id, err)
-	}
-	return nil
-}
-
-// Leave method is invoked when a Sandbox detaches from an endpoint.
-func (d *driver) Leave(nid, eid string) error {
-	defer osl.InitOSContext()()
-	network, err := d.getNetwork(nid)
-	if err != nil {
-		return err
-	}
-	endpoint, err := network.getEndpoint(eid)
-	if err != nil {
-		return err
-	}
-	if endpoint == nil {
-		return fmt.Errorf("could not find endpoint with id %s", eid)
-	}
-
-	return nil
-}
-
-// getSubnetforIP returns the ipv4 subnet to which the given IP belongs
-func (n *network) getSubnetforIPv4(ip *net.IPNet) *ipv4Subnet {
-	for _, s := range n.config.Ipv4Subnets {
-		_, snet, err := net.ParseCIDR(s.SubnetIP)
-		if err != nil {
-			return nil
-		}
-		// first check if the mask lengths are the same
-		i, _ := snet.Mask.Size()
-		j, _ := ip.Mask.Size()
-		if i != j {
-			continue
-		}
-		if snet.Contains(ip.IP) {
-			return s
-		}
-	}
-
-	return nil
-}
-
-// getSubnetforIPv6 returns the ipv6 subnet to which the given IP belongs
-func (n *network) getSubnetforIPv6(ip *net.IPNet) *ipv6Subnet {
-	for _, s := range n.config.Ipv6Subnets {
-		_, snet, err := net.ParseCIDR(s.SubnetIP)
-		if err != nil {
-			return nil
-		}
-		// first check if the mask lengths are the same
-		i, _ := snet.Mask.Size()
-		j, _ := ip.Mask.Size()
-		if i != j {
-			continue
-		}
-		if snet.Contains(ip.IP) {
-			return s
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/null/null.go b/vendor/github.com/docker/libnetwork/drivers/null/null.go
deleted file mode 100644
index 7f2a5e32f7d82..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/null/null.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package null
-
-import (
-	"sync"
-
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/types"
-)
-
-const networkType = "null"
-
-type driver struct {
-	network string
-	sync.Mutex
-}
-
-// Init registers a new instance of null driver
-func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
-	c := driverapi.Capability{
-		DataScope: datastore.LocalScope,
-	}
-	return dc.RegisterDriver(networkType, &driver{}, c)
-}
-
-func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
-	return nil, types.NotImplementedErrorf("not implemented")
-}
-
-func (d *driver) NetworkFree(id string) error {
-	return types.NotImplementedErrorf("not implemented")
-}
-
-func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
-}
-
-func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
-	return "", nil
-}
-
-func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
-	d.Lock()
-	defer d.Unlock()
-
-	if d.network != "" {
-		return types.ForbiddenErrorf("only one instance of \"%s\" network is allowed", networkType)
-	}
-
-	d.network = id
-
-	return nil
-}
-
-func (d *driver) DeleteNetwork(nid string) error {
-	return types.ForbiddenErrorf("network of type \"%s\" cannot be deleted", networkType)
-}
-
-func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
-	return nil
-}
-
-func (d *driver) DeleteEndpoint(nid, eid string) error {
-	return nil
-}
-
-func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
-	return make(map[string]interface{}, 0), nil
-}
-
-// Join method is invoked when a Sandbox is attached to an endpoint.
-func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
-	return nil
-}
-
-// Leave method is invoked when a Sandbox detaches from an endpoint.
-func (d *driver) Leave(nid, eid string) error {
-	return nil
-}
-
-func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
-	return nil
-}
-
-func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
-	return nil
-}
-
-func (d *driver) Type() string {
-	return networkType
-}
-
-func (d *driver) IsBuiltIn() bool {
-	return true
-}
-
-// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
-func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
-
-// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
-func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/filter.go b/vendor/github.com/docker/libnetwork/drivers/overlay/filter.go
deleted file mode 100644
index 1601803aa0c40..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/filter.go
+++ /dev/null
@@ -1,142 +0,0 @@
-package overlay
-
-import (
-	"fmt"
-	"sync"
-
-	"github.com/docker/libnetwork/iptables"
-	"github.com/sirupsen/logrus"
-)
-
-const globalChain = "DOCKER-OVERLAY"
-
-var filterOnce sync.Once
-
-var filterChan = make(chan struct{}, 1)
-
-func filterWait() func() {
-	filterChan <- struct{}{}
-	return func() { <-filterChan }
-}
-
-func chainExists(cname string) bool {
-	if _, err := iptables.Raw("-L", cname); err != nil {
-		return false
-	}
-
-	return true
-}
-
-func setupGlobalChain() {
-	// Because of an ungraceful shutdown, chain could already be present
-	if !chainExists(globalChain) {
-		if err := iptables.RawCombinedOutput("-N", globalChain); err != nil {
-			logrus.Errorf("could not create global overlay chain: %v", err)
-			return
-		}
-	}
-
-	if !iptables.Exists(iptables.Filter, globalChain, "-j", "RETURN") {
-		if err := iptables.RawCombinedOutput("-A", globalChain, "-j", "RETURN"); err != nil {
-			logrus.Errorf("could not install default return chain in the overlay global chain: %v", err)
-		}
-	}
-}
-
-func setNetworkChain(cname string, remove bool) error {
-	// Initialize the onetime global overlay chain
-	filterOnce.Do(setupGlobalChain)
-
-	exists := chainExists(cname)
-
-	opt := "-N"
-	// In case of remove, make sure to flush the rules in the chain
-	if remove && exists {
-		if err := iptables.RawCombinedOutput("-F", cname); err != nil {
-			return fmt.Errorf("failed to flush overlay network chain %s rules: %v", cname, err)
-		}
-		opt = "-X"
-	}
-
-	if (!remove && !exists) || (remove && exists) {
-		if err := iptables.RawCombinedOutput(opt, cname); err != nil {
-			return fmt.Errorf("failed network chain operation %q for chain %s: %v", opt, cname, err)
-		}
-	}
-
-	if !remove {
-		if !iptables.Exists(iptables.Filter, cname, "-j", "DROP") {
-			if err := iptables.RawCombinedOutput("-A", cname, "-j", "DROP"); err != nil {
-				return fmt.Errorf("failed adding default drop rule to overlay network chain %s: %v", cname, err)
-			}
-		}
-	}
-
-	return nil
-}
-
-func addNetworkChain(cname string) error {
-	defer filterWait()()
-
-	return setNetworkChain(cname, false)
-}
-
-func removeNetworkChain(cname string) error {
-	defer filterWait()()
-
-	return setNetworkChain(cname, true)
-}
-
-func setFilters(cname, brName string, remove bool) error {
-	opt := "-I"
-	if remove {
-		opt = "-D"
-	}
-
-	// Every time we set filters for a new subnet make sure to move the global overlay hook to the top of the both the OUTPUT and forward chains
-	if !remove {
-		for _, chain := range []string{"OUTPUT", "FORWARD"} {
-			exists := iptables.Exists(iptables.Filter, chain, "-j", globalChain)
-			if exists {
-				if err := iptables.RawCombinedOutput("-D", chain, "-j", globalChain); err != nil {
-					return fmt.Errorf("failed to delete overlay hook in chain %s while moving the hook: %v", chain, err)
-				}
-			}
-
-			if err := iptables.RawCombinedOutput("-I", chain, "-j", globalChain); err != nil {
-				return fmt.Errorf("failed to insert overlay hook in chain %s: %v", chain, err)
-			}
-		}
-	}
-
-	// Insert/Delete the rule to jump to per-bridge chain
-	exists := iptables.Exists(iptables.Filter, globalChain, "-o", brName, "-j", cname)
-	if (!remove && !exists) || (remove && exists) {
-		if err := iptables.RawCombinedOutput(opt, globalChain, "-o", brName, "-j", cname); err != nil {
-			return fmt.Errorf("failed to add per-bridge filter rule for bridge %s, network chain %s: %v", brName, cname, err)
-		}
-	}
-
-	exists = iptables.Exists(iptables.Filter, cname, "-i", brName, "-j", "ACCEPT")
-	if (!remove && exists) || (remove && !exists) {
-		return nil
-	}
-
-	if err := iptables.RawCombinedOutput(opt, cname, "-i", brName, "-j", "ACCEPT"); err != nil {
-		return fmt.Errorf("failed to add overlay filter rile for network chain %s, bridge %s: %v", cname, brName, err)
-	}
-
-	return nil
-}
-
-func addFilters(cname, brName string) error {
-	defer filterWait()()
-
-	return setFilters(cname, brName, false)
-}
-
-func removeFilters(cname, brName string) error {
-	defer filterWait()()
-
-	return setFilters(cname, brName, true)
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_linux.go b/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_linux.go
deleted file mode 100644
index de946a58463cf..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_linux.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package overlay
-
-import (
-	"strconv"
-
-	"github.com/docker/libnetwork/osl/kernel"
-)
-
-var ovConfig = map[string]*kernel.OSValue{
-	"net.ipv4.neigh.default.gc_thresh1": {"8192", checkHigher},
-	"net.ipv4.neigh.default.gc_thresh2": {"49152", checkHigher},
-	"net.ipv4.neigh.default.gc_thresh3": {"65536", checkHigher},
-}
-
-func checkHigher(val1, val2 string) bool {
-	val1Int, _ := strconv.ParseInt(val1, 10, 32)
-	val2Int, _ := strconv.ParseInt(val2, 10, 32)
-	return val1Int < val2Int
-}
-
-func applyOStweaks() {
-	kernel.ApplyOSTweaks(ovConfig)
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/remote/api/api.go b/vendor/github.com/docker/libnetwork/drivers/remote/api/api.go
deleted file mode 100644
index fb35da59288bc..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/remote/api/api.go
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
-Package api represents all requests and responses suitable for conversation
-with a remote driver.
-*/
-package api
-
-import (
-	"net"
-
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-)
-
-// Response is the basic response structure used in all responses.
-type Response struct {
-	Err string
-}
-
-// GetError returns the error from the response, if any.
-func (r *Response) GetError() string {
-	return r.Err
-}
-
-// GetCapabilityResponse is the response of GetCapability request
-type GetCapabilityResponse struct {
-	Response
-	Scope             string
-	ConnectivityScope string
-}
-
-// AllocateNetworkRequest requests allocation of new network by manager
-type AllocateNetworkRequest struct {
-	// A network ID that remote plugins are expected to store for future
-	// reference.
-	NetworkID string
-
-	// A free form map->object interface for communication of options.
-	Options map[string]string
-
-	// IPAMData contains the address pool information for this network
-	IPv4Data, IPv6Data []driverapi.IPAMData
-}
-
-// AllocateNetworkResponse is the response to the AllocateNetworkRequest.
-type AllocateNetworkResponse struct {
-	Response
-	// A free form plugin specific string->string object to be sent in
-	// CreateNetworkRequest call in the libnetwork agents
-	Options map[string]string
-}
-
-// FreeNetworkRequest is the request to free allocated network in the manager
-type FreeNetworkRequest struct {
-	// The ID of the network to be freed.
-	NetworkID string
-}
-
-// FreeNetworkResponse is the response to a request for freeing a network.
-type FreeNetworkResponse struct {
-	Response
-}
-
-// CreateNetworkRequest requests a new network.
-type CreateNetworkRequest struct {
-	// A network ID that remote plugins are expected to store for future
-	// reference.
-	NetworkID string
-
-	// A free form map->object interface for communication of options.
-	Options map[string]interface{}
-
-	// IPAMData contains the address pool information for this network
-	IPv4Data, IPv6Data []driverapi.IPAMData
-}
-
-// CreateNetworkResponse is the response to the CreateNetworkRequest.
-type CreateNetworkResponse struct {
-	Response
-}
-
-// DeleteNetworkRequest is the request to delete an existing network.
-type DeleteNetworkRequest struct {
-	// The ID of the network to delete.
-	NetworkID string
-}
-
-// DeleteNetworkResponse is the response to a request for deleting a network.
-type DeleteNetworkResponse struct {
-	Response
-}
-
-// CreateEndpointRequest is the request to create an endpoint within a network.
-type CreateEndpointRequest struct {
-	// Provided at create time, this will be the network id referenced.
-	NetworkID string
-	// The ID of the endpoint for later reference.
-	EndpointID string
-	Interface  *EndpointInterface
-	Options    map[string]interface{}
-}
-
-// EndpointInterface represents an interface endpoint.
-type EndpointInterface struct {
-	Address     string
-	AddressIPv6 string
-	MacAddress  string
-}
-
-// CreateEndpointResponse is the response to the CreateEndpoint action.
-type CreateEndpointResponse struct {
-	Response
-	Interface *EndpointInterface
-}
-
-// Interface is the representation of a linux interface.
-type Interface struct {
-	Address     *net.IPNet
-	AddressIPv6 *net.IPNet
-	MacAddress  net.HardwareAddr
-}
-
-// DeleteEndpointRequest describes the API for deleting an endpoint.
-type DeleteEndpointRequest struct {
-	NetworkID  string
-	EndpointID string
-}
-
-// DeleteEndpointResponse is the response to the DeleteEndpoint action.
-type DeleteEndpointResponse struct {
-	Response
-}
-
-// EndpointInfoRequest retrieves information about the endpoint from the network driver.
-type EndpointInfoRequest struct {
-	NetworkID  string
-	EndpointID string
-}
-
-// EndpointInfoResponse is the response to an EndpointInfoRequest.
-type EndpointInfoResponse struct {
-	Response
-	Value map[string]interface{}
-}
-
-// JoinRequest describes the API for joining an endpoint to a sandbox.
-type JoinRequest struct {
-	NetworkID  string
-	EndpointID string
-	SandboxKey string
-	Options    map[string]interface{}
-}
-
-// InterfaceName is the struct representation of a pair of devices with source
-// and destination, for the purposes of putting an endpoint into a container.
-type InterfaceName struct {
-	SrcName   string
-	DstName   string
-	DstPrefix string
-}
-
-// StaticRoute is the plain JSON representation of a static route.
-type StaticRoute struct {
-	Destination string
-	RouteType   int
-	NextHop     string
-}
-
-// JoinResponse is the response to a JoinRequest.
-type JoinResponse struct {
-	Response
-	InterfaceName         *InterfaceName
-	Gateway               string
-	GatewayIPv6           string
-	StaticRoutes          []StaticRoute
-	DisableGatewayService bool
-}
-
-// LeaveRequest describes the API for detaching an endpoint from a sandbox.
-type LeaveRequest struct {
-	NetworkID  string
-	EndpointID string
-}
-
-// LeaveResponse is the answer to LeaveRequest.
-type LeaveResponse struct {
-	Response
-}
-
-// ProgramExternalConnectivityRequest describes the API for programming the external connectivity for the given endpoint.
-type ProgramExternalConnectivityRequest struct {
-	NetworkID  string
-	EndpointID string
-	Options    map[string]interface{}
-}
-
-// ProgramExternalConnectivityResponse is the answer to ProgramExternalConnectivityRequest.
-type ProgramExternalConnectivityResponse struct {
-	Response
-}
-
-// RevokeExternalConnectivityRequest describes the API for revoking the external connectivity for the given endpoint.
-type RevokeExternalConnectivityRequest struct {
-	NetworkID  string
-	EndpointID string
-}
-
-// RevokeExternalConnectivityResponse is the answer to RevokeExternalConnectivityRequest.
-type RevokeExternalConnectivityResponse struct {
-	Response
-}
-
-// DiscoveryNotification represents a discovery notification
-type DiscoveryNotification struct {
-	DiscoveryType discoverapi.DiscoveryType
-	DiscoveryData interface{}
-}
-
-// DiscoveryResponse is used by libnetwork to log any plugin error processing the discovery notifications
-type DiscoveryResponse struct {
-	Response
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/remote/driver.go b/vendor/github.com/docker/libnetwork/drivers/remote/driver.go
deleted file mode 100644
index 9786d9e74689c..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/remote/driver.go
+++ /dev/null
@@ -1,436 +0,0 @@
-package remote
-
-import (
-	"fmt"
-	"net"
-
-	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/docker/pkg/plugins"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/drivers/remote/api"
-	"github.com/docker/libnetwork/types"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-)
-
-type driver struct {
-	endpoint    *plugins.Client
-	networkType string
-}
-
-type maybeError interface {
-	GetError() string
-}
-
-func newDriver(name string, client *plugins.Client) driverapi.Driver {
-	return &driver{networkType: name, endpoint: client}
-}
-
-// Init makes sure a remote driver is registered when a network driver
-// plugin is activated.
-func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
-	newPluginHandler := func(name string, client *plugins.Client) {
-		// negotiate driver capability with client
-		d := newDriver(name, client)
-		c, err := d.(*driver).getCapabilities()
-		if err != nil {
-			logrus.Errorf("error getting capability for %s due to %v", name, err)
-			return
-		}
-		if err = dc.RegisterDriver(name, d, *c); err != nil {
-			logrus.Errorf("error registering driver for %s due to %v", name, err)
-		}
-	}
-
-	// Unit test code is unaware of a true PluginStore. So we fall back to v1 plugins.
-	handleFunc := plugins.Handle
-	if pg := dc.GetPluginGetter(); pg != nil {
-		handleFunc = pg.Handle
-		activePlugins := pg.GetAllManagedPluginsByCap(driverapi.NetworkPluginEndpointType)
-		for _, ap := range activePlugins {
-			client, err := getPluginClient(ap)
-			if err != nil {
-				return err
-			}
-			newPluginHandler(ap.Name(), client)
-		}
-	}
-	handleFunc(driverapi.NetworkPluginEndpointType, newPluginHandler)
-
-	return nil
-}
-
-func getPluginClient(p plugingetter.CompatPlugin) (*plugins.Client, error) {
-	if v1, ok := p.(plugingetter.PluginWithV1Client); ok {
-		return v1.Client(), nil
-	}
-
-	pa, ok := p.(plugingetter.PluginAddr)
-	if !ok {
-		return nil, errors.Errorf("unknown plugin type %T", p)
-	}
-
-	if pa.Protocol() != plugins.ProtocolSchemeHTTPV1 {
-		return nil, errors.Errorf("unsupported plugin protocol %s", pa.Protocol())
-	}
-
-	addr := pa.Addr()
-	client, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, pa.Timeout())
-	if err != nil {
-		return nil, errors.Wrap(err, "error creating plugin client")
-	}
-	return client, nil
-}
-
-// Get capability from client
-func (d *driver) getCapabilities() (*driverapi.Capability, error) {
-	var capResp api.GetCapabilityResponse
-	if err := d.call("GetCapabilities", nil, &capResp); err != nil {
-		return nil, err
-	}
-
-	c := &driverapi.Capability{}
-	switch capResp.Scope {
-	case "global":
-		c.DataScope = datastore.GlobalScope
-	case "local":
-		c.DataScope = datastore.LocalScope
-	default:
-		return nil, fmt.Errorf("invalid capability: expecting 'local' or 'global', got %s", capResp.Scope)
-	}
-
-	switch capResp.ConnectivityScope {
-	case "global":
-		c.ConnectivityScope = datastore.GlobalScope
-	case "local":
-		c.ConnectivityScope = datastore.LocalScope
-	case "":
-		c.ConnectivityScope = c.DataScope
-	default:
-		return nil, fmt.Errorf("invalid capability: expecting 'local' or 'global', got %s", capResp.Scope)
-	}
-
-	return c, nil
-}
-
-// Config is not implemented for remote drivers, since it is assumed
-// to be supplied to the remote process out-of-band (e.g., as command
-// line arguments).
-func (d *driver) Config(option map[string]interface{}) error {
-	return &driverapi.ErrNotImplemented{}
-}
-
-func (d *driver) call(methodName string, arg interface{}, retVal maybeError) error {
-	method := driverapi.NetworkPluginEndpointType + "." + methodName
-	err := d.endpoint.Call(method, arg, retVal)
-	if err != nil {
-		return err
-	}
-	if e := retVal.GetError(); e != "" {
-		return fmt.Errorf("remote: %s", e)
-	}
-	return nil
-}
-
-func (d *driver) NetworkAllocate(id string, options map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
-	create := &api.AllocateNetworkRequest{
-		NetworkID: id,
-		Options:   options,
-		IPv4Data:  ipV4Data,
-		IPv6Data:  ipV6Data,
-	}
-	retVal := api.AllocateNetworkResponse{}
-	err := d.call("AllocateNetwork", create, &retVal)
-	return retVal.Options, err
-}
-
-func (d *driver) NetworkFree(id string) error {
-	fr := &api.FreeNetworkRequest{NetworkID: id}
-	return d.call("FreeNetwork", fr, &api.FreeNetworkResponse{})
-}
-
-func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
-}
-
-func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
-	return "", nil
-}
-
-func (d *driver) CreateNetwork(id string, options map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
-	create := &api.CreateNetworkRequest{
-		NetworkID: id,
-		Options:   options,
-		IPv4Data:  ipV4Data,
-		IPv6Data:  ipV6Data,
-	}
-	return d.call("CreateNetwork", create, &api.CreateNetworkResponse{})
-}
-
-func (d *driver) DeleteNetwork(nid string) error {
-	delete := &api.DeleteNetworkRequest{NetworkID: nid}
-	return d.call("DeleteNetwork", delete, &api.DeleteNetworkResponse{})
-}
-
-func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
-	if ifInfo == nil {
-		return errors.New("must not be called with nil InterfaceInfo")
-	}
-
-	reqIface := &api.EndpointInterface{}
-	if ifInfo.Address() != nil {
-		reqIface.Address = ifInfo.Address().String()
-	}
-	if ifInfo.AddressIPv6() != nil {
-		reqIface.AddressIPv6 = ifInfo.AddressIPv6().String()
-	}
-	if ifInfo.MacAddress() != nil {
-		reqIface.MacAddress = ifInfo.MacAddress().String()
-	}
-
-	create := &api.CreateEndpointRequest{
-		NetworkID:  nid,
-		EndpointID: eid,
-		Interface:  reqIface,
-		Options:    epOptions,
-	}
-	var res api.CreateEndpointResponse
-	if err := d.call("CreateEndpoint", create, &res); err != nil {
-		return err
-	}
-
-	inIface, err := parseInterface(res)
-	if err != nil {
-		return err
-	}
-	if inIface == nil {
-		// Remote driver did not set any field
-		return nil
-	}
-
-	if inIface.MacAddress != nil {
-		if err := ifInfo.SetMacAddress(inIface.MacAddress); err != nil {
-			return errorWithRollback(fmt.Sprintf("driver modified interface MAC address: %v", err), d.DeleteEndpoint(nid, eid))
-		}
-	}
-	if inIface.Address != nil {
-		if err := ifInfo.SetIPAddress(inIface.Address); err != nil {
-			return errorWithRollback(fmt.Sprintf("driver modified interface address: %v", err), d.DeleteEndpoint(nid, eid))
-		}
-	}
-	if inIface.AddressIPv6 != nil {
-		if err := ifInfo.SetIPAddress(inIface.AddressIPv6); err != nil {
-			return errorWithRollback(fmt.Sprintf("driver modified interface address: %v", err), d.DeleteEndpoint(nid, eid))
-		}
-	}
-
-	return nil
-}
-
-func errorWithRollback(msg string, err error) error {
-	rollback := "rolled back"
-	if err != nil {
-		rollback = "failed to roll back: " + err.Error()
-	}
-	return fmt.Errorf("%s; %s", msg, rollback)
-}
-
-func (d *driver) DeleteEndpoint(nid, eid string) error {
-	delete := &api.DeleteEndpointRequest{
-		NetworkID:  nid,
-		EndpointID: eid,
-	}
-	return d.call("DeleteEndpoint", delete, &api.DeleteEndpointResponse{})
-}
-
-func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
-	info := &api.EndpointInfoRequest{
-		NetworkID:  nid,
-		EndpointID: eid,
-	}
-	var res api.EndpointInfoResponse
-	if err := d.call("EndpointOperInfo", info, &res); err != nil {
-		return nil, err
-	}
-	return res.Value, nil
-}
-
-// Join method is invoked when a Sandbox is attached to an endpoint.
-func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
-	join := &api.JoinRequest{
-		NetworkID:  nid,
-		EndpointID: eid,
-		SandboxKey: sboxKey,
-		Options:    options,
-	}
-	var (
-		res api.JoinResponse
-		err error
-	)
-	if err = d.call("Join", join, &res); err != nil {
-		return err
-	}
-
-	ifaceName := res.InterfaceName
-	if iface := jinfo.InterfaceName(); iface != nil && ifaceName != nil {
-		if err := iface.SetNames(ifaceName.SrcName, ifaceName.DstPrefix); err != nil {
-			return errorWithRollback(fmt.Sprintf("failed to set interface name: %s", err), d.Leave(nid, eid))
-		}
-	}
-
-	var addr net.IP
-	if res.Gateway != "" {
-		if addr = net.ParseIP(res.Gateway); addr == nil {
-			return fmt.Errorf(`unable to parse Gateway "%s"`, res.Gateway)
-		}
-		if jinfo.SetGateway(addr) != nil {
-			return errorWithRollback(fmt.Sprintf("failed to set gateway: %v", addr), d.Leave(nid, eid))
-		}
-	}
-	if res.GatewayIPv6 != "" {
-		if addr = net.ParseIP(res.GatewayIPv6); addr == nil {
-			return fmt.Errorf(`unable to parse GatewayIPv6 "%s"`, res.GatewayIPv6)
-		}
-		if jinfo.SetGatewayIPv6(addr) != nil {
-			return errorWithRollback(fmt.Sprintf("failed to set gateway IPv6: %v", addr), d.Leave(nid, eid))
-		}
-	}
-	if len(res.StaticRoutes) > 0 {
-		routes, err := parseStaticRoutes(res)
-		if err != nil {
-			return err
-		}
-		for _, route := range routes {
-			if jinfo.AddStaticRoute(route.Destination, route.RouteType, route.NextHop) != nil {
-				return errorWithRollback(fmt.Sprintf("failed to set static route: %v", route), d.Leave(nid, eid))
-			}
-		}
-	}
-	if res.DisableGatewayService {
-		jinfo.DisableGatewayService()
-	}
-	return nil
-}
-
-// Leave method is invoked when a Sandbox detaches from an endpoint.
-func (d *driver) Leave(nid, eid string) error {
-	leave := &api.LeaveRequest{
-		NetworkID:  nid,
-		EndpointID: eid,
-	}
-	return d.call("Leave", leave, &api.LeaveResponse{})
-}
-
-// ProgramExternalConnectivity is invoked to program the rules to allow external connectivity for the endpoint.
-func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
-	data := &api.ProgramExternalConnectivityRequest{
-		NetworkID:  nid,
-		EndpointID: eid,
-		Options:    options,
-	}
-	err := d.call("ProgramExternalConnectivity", data, &api.ProgramExternalConnectivityResponse{})
-	if err != nil && plugins.IsNotFound(err) {
-		// It is not mandatory yet to support this method
-		return nil
-	}
-	return err
-}
-
-// RevokeExternalConnectivity method is invoked to remove any external connectivity programming related to the endpoint.
-func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
-	data := &api.RevokeExternalConnectivityRequest{
-		NetworkID:  nid,
-		EndpointID: eid,
-	}
-	err := d.call("RevokeExternalConnectivity", data, &api.RevokeExternalConnectivityResponse{})
-	if err != nil && plugins.IsNotFound(err) {
-		// It is not mandatory yet to support this method
-		return nil
-	}
-	return err
-}
-
-func (d *driver) Type() string {
-	return d.networkType
-}
-
-func (d *driver) IsBuiltIn() bool {
-	return false
-}
-
-// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
-func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
-	if dType != discoverapi.NodeDiscovery {
-		return nil
-	}
-	notif := &api.DiscoveryNotification{
-		DiscoveryType: dType,
-		DiscoveryData: data,
-	}
-	return d.call("DiscoverNew", notif, &api.DiscoveryResponse{})
-}
-
-// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
-func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
-	if dType != discoverapi.NodeDiscovery {
-		return nil
-	}
-	notif := &api.DiscoveryNotification{
-		DiscoveryType: dType,
-		DiscoveryData: data,
-	}
-	return d.call("DiscoverDelete", notif, &api.DiscoveryResponse{})
-}
-
-func parseStaticRoutes(r api.JoinResponse) ([]*types.StaticRoute, error) {
-	var routes = make([]*types.StaticRoute, len(r.StaticRoutes))
-	for i, inRoute := range r.StaticRoutes {
-		var err error
-		outRoute := &types.StaticRoute{RouteType: inRoute.RouteType}
-
-		if inRoute.Destination != "" {
-			if outRoute.Destination, err = types.ParseCIDR(inRoute.Destination); err != nil {
-				return nil, err
-			}
-		}
-
-		if inRoute.NextHop != "" {
-			outRoute.NextHop = net.ParseIP(inRoute.NextHop)
-			if outRoute.NextHop == nil {
-				return nil, fmt.Errorf("failed to parse nexthop IP %s", inRoute.NextHop)
-			}
-		}
-
-		routes[i] = outRoute
-	}
-	return routes, nil
-}
-
-// parseInterfaces validates all the parameters of an Interface and returns them.
-func parseInterface(r api.CreateEndpointResponse) (*api.Interface, error) {
-	var outIf *api.Interface
-
-	inIf := r.Interface
-	if inIf != nil {
-		var err error
-		outIf = &api.Interface{}
-		if inIf.Address != "" {
-			if outIf.Address, err = types.ParseCIDR(inIf.Address); err != nil {
-				return nil, err
-			}
-		}
-		if inIf.AddressIPv6 != "" {
-			if outIf.AddressIPv6, err = types.ParseCIDR(inIf.AddressIPv6); err != nil {
-				return nil, err
-			}
-		}
-		if inIf.MacAddress != "" {
-			if outIf.MacAddress, err = net.ParseMAC(inIf.MacAddress); err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	return outIf, nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers/windows/windows.go b/vendor/github.com/docker/libnetwork/drivers/windows/windows.go
deleted file mode 100644
index c1cc61aa352e2..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers/windows/windows.go
+++ /dev/null
@@ -1,867 +0,0 @@
-// +build windows
-
-// Shim for the Host Network Service (HNS) to manage networking for
-// Windows Server containers and Hyper-V containers. This module
-// is a basic libnetwork driver that passes all the calls to HNS
-// It implements the 4 networking modes supported by HNS L2Bridge,
-// L2Tunnel, NAT and Transparent(DHCP)
-//
-// The network are stored in memory and docker daemon ensures discovering
-// and loading these networks on startup
-
-package windows
-
-import (
-	"encoding/json"
-	"fmt"
-	"net"
-	"strconv"
-	"strings"
-	"sync"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-)
-
-// networkConfiguration for network specific configuration
-type networkConfiguration struct {
-	ID                    string
-	Type                  string
-	Name                  string
-	HnsID                 string
-	RDID                  string
-	VLAN                  uint
-	VSID                  uint
-	DNSServers            string
-	MacPools              []hcsshim.MacPool
-	DNSSuffix             string
-	SourceMac             string
-	NetworkAdapterName    string
-	dbIndex               uint64
-	dbExists              bool
-	DisableGatewayDNS     bool
-	EnableOutboundNat     bool
-	OutboundNatExceptions []string
-}
-
-// endpointConfiguration represents the user specified configuration for the sandbox endpoint
-type endpointOption struct {
-	MacAddress  net.HardwareAddr
-	QosPolicies []types.QosPolicy
-	DNSServers  []string
-	DisableDNS  bool
-	DisableICC  bool
-}
-
-// EndpointConnectivity stores the port bindings and exposed ports that the user has specified in epOptions.
-type EndpointConnectivity struct {
-	PortBindings []types.PortBinding
-	ExposedPorts []types.TransportPort
-}
-
-type hnsEndpoint struct {
-	id        string
-	nid       string
-	profileID string
-	Type      string
-	//Note: Currently, the sandboxID is the same as the containerID since windows does
-	//not expose the sandboxID.
-	//In the future, windows will support a proper sandboxID that is different
-	//than the containerID.
-	//Therefore, we are using sandboxID now, so that we won't have to change this code
-	//when windows properly supports a sandboxID.
-	sandboxID      string
-	macAddress     net.HardwareAddr
-	epOption       *endpointOption       // User specified parameters
-	epConnectivity *EndpointConnectivity // User specified parameters
-	portMapping    []types.PortBinding   // Operation port bindings
-	addr           *net.IPNet
-	gateway        net.IP
-	dbIndex        uint64
-	dbExists       bool
-}
-
-type hnsNetwork struct {
-	id        string
-	created   bool
-	config    *networkConfiguration
-	endpoints map[string]*hnsEndpoint // key: endpoint id
-	driver    *driver                 // The network's driver
-	sync.Mutex
-}
-
-type driver struct {
-	name     string
-	networks map[string]*hnsNetwork
-	store    datastore.DataStore
-	sync.Mutex
-}
-
-const (
-	errNotFound = "HNS failed with error : The object identifier does not represent a valid object. "
-)
-
-// IsBuiltinLocalDriver validates if network-type is a builtin local-scoped driver
-func IsBuiltinLocalDriver(networkType string) bool {
-	if "l2bridge" == networkType || "l2tunnel" == networkType || "nat" == networkType || "ics" == networkType || "transparent" == networkType {
-		return true
-	}
-
-	return false
-}
-
-// New constructs a new bridge driver
-func newDriver(networkType string) *driver {
-	return &driver{name: networkType, networks: map[string]*hnsNetwork{}}
-}
-
-// GetInit returns an initializer for the given network type
-func GetInit(networkType string) func(dc driverapi.DriverCallback, config map[string]interface{}) error {
-	return func(dc driverapi.DriverCallback, config map[string]interface{}) error {
-		if !IsBuiltinLocalDriver(networkType) {
-			return types.BadRequestErrorf("Network type not supported: %s", networkType)
-		}
-
-		d := newDriver(networkType)
-
-		err := d.initStore(config)
-		if err != nil {
-			return err
-		}
-
-		return dc.RegisterDriver(networkType, d, driverapi.Capability{
-			DataScope:         datastore.LocalScope,
-			ConnectivityScope: datastore.LocalScope,
-		})
-	}
-}
-
-func (d *driver) getNetwork(id string) (*hnsNetwork, error) {
-	d.Lock()
-	defer d.Unlock()
-
-	if nw, ok := d.networks[id]; ok {
-		return nw, nil
-	}
-
-	return nil, types.NotFoundErrorf("network not found: %s", id)
-}
-
-func (n *hnsNetwork) getEndpoint(eid string) (*hnsEndpoint, error) {
-	n.Lock()
-	defer n.Unlock()
-
-	if ep, ok := n.endpoints[eid]; ok {
-		return ep, nil
-	}
-
-	return nil, types.NotFoundErrorf("Endpoint not found: %s", eid)
-}
-
-func (d *driver) parseNetworkOptions(id string, genericOptions map[string]string) (*networkConfiguration, error) {
-	config := &networkConfiguration{Type: d.name}
-
-	for label, value := range genericOptions {
-		switch label {
-		case NetworkName:
-			config.Name = value
-		case HNSID:
-			config.HnsID = value
-		case RoutingDomain:
-			config.RDID = value
-		case Interface:
-			config.NetworkAdapterName = value
-		case DNSSuffix:
-			config.DNSSuffix = value
-		case DNSServers:
-			config.DNSServers = value
-		case DisableGatewayDNS:
-			b, err := strconv.ParseBool(value)
-			if err != nil {
-				return nil, err
-			}
-			config.DisableGatewayDNS = b
-		case MacPool:
-			config.MacPools = make([]hcsshim.MacPool, 0)
-			s := strings.Split(value, ",")
-			if len(s)%2 != 0 {
-				return nil, types.BadRequestErrorf("Invalid mac pool. You must specify both a start range and an end range")
-			}
-			for i := 0; i < len(s)-1; i += 2 {
-				config.MacPools = append(config.MacPools, hcsshim.MacPool{
-					StartMacAddress: s[i],
-					EndMacAddress:   s[i+1],
-				})
-			}
-		case VLAN:
-			vlan, err := strconv.ParseUint(value, 10, 32)
-			if err != nil {
-				return nil, err
-			}
-			config.VLAN = uint(vlan)
-		case VSID:
-			vsid, err := strconv.ParseUint(value, 10, 32)
-			if err != nil {
-				return nil, err
-			}
-			config.VSID = uint(vsid)
-		case EnableOutboundNat:
-			if system.GetOSVersion().Build <= 16236 {
-				return nil, fmt.Errorf("Invalid network option. OutboundNat is not supported on this OS version")
-			}
-			b, err := strconv.ParseBool(value)
-			if err != nil {
-				return nil, err
-			}
-			config.EnableOutboundNat = b
-		case OutboundNatExceptions:
-			s := strings.Split(value, ",")
-			config.OutboundNatExceptions = s
-		}
-	}
-
-	config.ID = id
-	config.Type = d.name
-	return config, nil
-}
-
-func (c *networkConfiguration) processIPAM(id string, ipamV4Data, ipamV6Data []driverapi.IPAMData) error {
-	if len(ipamV6Data) > 0 {
-		return types.ForbiddenErrorf("windowsshim driver doesn't support v6 subnets")
-	}
-
-	if len(ipamV4Data) == 0 {
-		return types.BadRequestErrorf("network %s requires ipv4 configuration", id)
-	}
-
-	return nil
-}
-
-func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
-}
-
-func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
-	return "", nil
-}
-
-func (d *driver) createNetwork(config *networkConfiguration) error {
-	network := &hnsNetwork{
-		id:        config.ID,
-		endpoints: make(map[string]*hnsEndpoint),
-		config:    config,
-		driver:    d,
-	}
-
-	d.Lock()
-	d.networks[config.ID] = network
-	d.Unlock()
-
-	return nil
-}
-
-// Create a new network
-func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
-	if _, err := d.getNetwork(id); err == nil {
-		return types.ForbiddenErrorf("network %s exists", id)
-	}
-
-	genData, ok := option[netlabel.GenericData].(map[string]string)
-	if !ok {
-		return fmt.Errorf("Unknown generic data option")
-	}
-
-	// Parse and validate the config. It should not conflict with existing networks' config
-	config, err := d.parseNetworkOptions(id, genData)
-	if err != nil {
-		return err
-	}
-
-	err = config.processIPAM(id, ipV4Data, ipV6Data)
-	if err != nil {
-		return err
-	}
-
-	err = d.createNetwork(config)
-
-	if err != nil {
-		return err
-	}
-
-	// A non blank hnsid indicates that the network was discovered
-	// from HNS. No need to call HNS if this network was discovered
-	// from HNS
-	if config.HnsID == "" {
-		subnets := []hcsshim.Subnet{}
-
-		for _, ipData := range ipV4Data {
-			subnet := hcsshim.Subnet{
-				AddressPrefix: ipData.Pool.String(),
-			}
-
-			if ipData.Gateway != nil {
-				subnet.GatewayAddress = ipData.Gateway.IP.String()
-			}
-
-			subnets = append(subnets, subnet)
-		}
-
-		network := &hcsshim.HNSNetwork{
-			Name:               config.Name,
-			Type:               d.name,
-			Subnets:            subnets,
-			DNSServerList:      config.DNSServers,
-			DNSSuffix:          config.DNSSuffix,
-			MacPools:           config.MacPools,
-			SourceMac:          config.SourceMac,
-			NetworkAdapterName: config.NetworkAdapterName,
-		}
-
-		if config.VLAN != 0 {
-			vlanPolicy, err := json.Marshal(hcsshim.VlanPolicy{
-				Type: "VLAN",
-				VLAN: config.VLAN,
-			})
-
-			if err != nil {
-				return err
-			}
-			network.Policies = append(network.Policies, vlanPolicy)
-		}
-
-		if config.VSID != 0 {
-			vsidPolicy, err := json.Marshal(hcsshim.VsidPolicy{
-				Type: "VSID",
-				VSID: config.VSID,
-			})
-
-			if err != nil {
-				return err
-			}
-			network.Policies = append(network.Policies, vsidPolicy)
-		}
-
-		if network.Name == "" {
-			network.Name = id
-		}
-
-		configurationb, err := json.Marshal(network)
-		if err != nil {
-			return err
-		}
-
-		configuration := string(configurationb)
-		logrus.Debugf("HNSNetwork Request =%v Address Space=%v", configuration, subnets)
-
-		hnsresponse, err := hcsshim.HNSNetworkRequest("POST", "", configuration)
-		if err != nil {
-			return err
-		}
-
-		config.HnsID = hnsresponse.Id
-		genData[HNSID] = config.HnsID
-
-	} else {
-		// Delete any stale HNS endpoints for this network.
-		if endpoints, err := hcsshim.HNSListEndpointRequest(); err == nil {
-			for _, ep := range endpoints {
-				if ep.VirtualNetwork == config.HnsID {
-					logrus.Infof("Removing stale HNS endpoint %s", ep.Id)
-					_, err = hcsshim.HNSEndpointRequest("DELETE", ep.Id, "")
-					if err != nil {
-						logrus.Warnf("Error removing HNS endpoint %s", ep.Id)
-					}
-				}
-			}
-		} else {
-			logrus.Warnf("Error listing HNS endpoints for network %s", config.HnsID)
-		}
-	}
-
-	n, err := d.getNetwork(id)
-	if err != nil {
-		return err
-	}
-	n.created = true
-	return d.storeUpdate(config)
-}
-
-func (d *driver) DeleteNetwork(nid string) error {
-	n, err := d.getNetwork(nid)
-	if err != nil {
-		return types.InternalMaskableErrorf("%s", err)
-	}
-
-	n.Lock()
-	config := n.config
-	n.Unlock()
-
-	if n.created {
-		_, err = hcsshim.HNSNetworkRequest("DELETE", config.HnsID, "")
-		if err != nil && err.Error() != errNotFound {
-			return types.ForbiddenErrorf(err.Error())
-		}
-	}
-
-	d.Lock()
-	delete(d.networks, nid)
-	d.Unlock()
-
-	// delele endpoints belong to this network
-	for _, ep := range n.endpoints {
-		if err := d.storeDelete(ep); err != nil {
-			logrus.Warnf("Failed to remove bridge endpoint %.7s from store: %v", ep.id, err)
-		}
-	}
-
-	return d.storeDelete(config)
-}
-
-func convertQosPolicies(qosPolicies []types.QosPolicy) ([]json.RawMessage, error) {
-	var qps []json.RawMessage
-
-	// Enumerate through the qos policies specified by the user and convert
-	// them into the internal structure matching the JSON blob that can be
-	// understood by the HCS.
-	for _, elem := range qosPolicies {
-		encodedPolicy, err := json.Marshal(hcsshim.QosPolicy{
-			Type: "QOS",
-			MaximumOutgoingBandwidthInBytes: elem.MaxEgressBandwidth,
-		})
-
-		if err != nil {
-			return nil, err
-		}
-		qps = append(qps, encodedPolicy)
-	}
-	return qps, nil
-}
-
-// ConvertPortBindings converts PortBindings to JSON for HNS request
-func ConvertPortBindings(portBindings []types.PortBinding) ([]json.RawMessage, error) {
-	var pbs []json.RawMessage
-
-	// Enumerate through the port bindings specified by the user and convert
-	// them into the internal structure matching the JSON blob that can be
-	// understood by the HCS.
-	for _, elem := range portBindings {
-		proto := strings.ToUpper(elem.Proto.String())
-		if proto != "TCP" && proto != "UDP" {
-			return nil, fmt.Errorf("invalid protocol %s", elem.Proto.String())
-		}
-
-		if elem.HostPort != elem.HostPortEnd {
-			return nil, fmt.Errorf("Windows does not support more than one host port in NAT settings")
-		}
-
-		if len(elem.HostIP) != 0 {
-			return nil, fmt.Errorf("Windows does not support host IP addresses in NAT settings")
-		}
-
-		encodedPolicy, err := json.Marshal(hcsshim.NatPolicy{
-			Type:         "NAT",
-			ExternalPort: elem.HostPort,
-			InternalPort: elem.Port,
-			Protocol:     elem.Proto.String(),
-		})
-
-		if err != nil {
-			return nil, err
-		}
-		pbs = append(pbs, encodedPolicy)
-	}
-	return pbs, nil
-}
-
-// ParsePortBindingPolicies parses HNS endpoint response message to PortBindings
-func ParsePortBindingPolicies(policies []json.RawMessage) ([]types.PortBinding, error) {
-	var bindings []types.PortBinding
-	hcsPolicy := &hcsshim.NatPolicy{}
-
-	for _, elem := range policies {
-
-		if err := json.Unmarshal([]byte(elem), &hcsPolicy); err != nil || hcsPolicy.Type != "NAT" {
-			continue
-		}
-
-		binding := types.PortBinding{
-			HostPort:    hcsPolicy.ExternalPort,
-			HostPortEnd: hcsPolicy.ExternalPort,
-			Port:        hcsPolicy.InternalPort,
-			Proto:       types.ParseProtocol(hcsPolicy.Protocol),
-			HostIP:      net.IPv4(0, 0, 0, 0),
-		}
-
-		bindings = append(bindings, binding)
-	}
-
-	return bindings, nil
-}
-
-func parseEndpointOptions(epOptions map[string]interface{}) (*endpointOption, error) {
-	if epOptions == nil {
-		return nil, nil
-	}
-
-	ec := &endpointOption{}
-
-	if opt, ok := epOptions[netlabel.MacAddress]; ok {
-		if mac, ok := opt.(net.HardwareAddr); ok {
-			ec.MacAddress = mac
-		} else {
-			return nil, fmt.Errorf("Invalid endpoint configuration")
-		}
-	}
-
-	if opt, ok := epOptions[QosPolicies]; ok {
-		if policies, ok := opt.([]types.QosPolicy); ok {
-			ec.QosPolicies = policies
-		} else {
-			return nil, fmt.Errorf("Invalid endpoint configuration")
-		}
-	}
-
-	if opt, ok := epOptions[netlabel.DNSServers]; ok {
-		if dns, ok := opt.([]string); ok {
-			ec.DNSServers = dns
-		} else {
-			return nil, fmt.Errorf("Invalid endpoint configuration")
-		}
-	}
-
-	if opt, ok := epOptions[DisableICC]; ok {
-		if disableICC, ok := opt.(bool); ok {
-			ec.DisableICC = disableICC
-		} else {
-			return nil, fmt.Errorf("Invalid endpoint configuration")
-		}
-	}
-
-	if opt, ok := epOptions[DisableDNS]; ok {
-		if disableDNS, ok := opt.(bool); ok {
-			ec.DisableDNS = disableDNS
-		} else {
-			return nil, fmt.Errorf("Invalid endpoint configuration")
-		}
-	}
-
-	return ec, nil
-}
-
-// ParseEndpointConnectivity parses options passed to CreateEndpoint, specifically port bindings, and store in a endpointConnectivity object.
-func ParseEndpointConnectivity(epOptions map[string]interface{}) (*EndpointConnectivity, error) {
-	if epOptions == nil {
-		return nil, nil
-	}
-
-	ec := &EndpointConnectivity{}
-
-	if opt, ok := epOptions[netlabel.PortMap]; ok {
-		if bs, ok := opt.([]types.PortBinding); ok {
-			ec.PortBindings = bs
-		} else {
-			return nil, fmt.Errorf("Invalid endpoint configuration")
-		}
-	}
-
-	if opt, ok := epOptions[netlabel.ExposedPorts]; ok {
-		if ports, ok := opt.([]types.TransportPort); ok {
-			ec.ExposedPorts = ports
-		} else {
-			return nil, fmt.Errorf("Invalid endpoint configuration")
-		}
-	}
-	return ec, nil
-}
-
-func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
-	n, err := d.getNetwork(nid)
-	if err != nil {
-		return err
-	}
-
-	// Check if endpoint id is good and retrieve corresponding endpoint
-	ep, err := n.getEndpoint(eid)
-	if err == nil && ep != nil {
-		return driverapi.ErrEndpointExists(eid)
-	}
-
-	endpointStruct := &hcsshim.HNSEndpoint{
-		VirtualNetwork: n.config.HnsID,
-	}
-
-	epOption, err := parseEndpointOptions(epOptions)
-	if err != nil {
-		return err
-	}
-	epConnectivity, err := ParseEndpointConnectivity(epOptions)
-	if err != nil {
-		return err
-	}
-
-	macAddress := ifInfo.MacAddress()
-	// Use the macaddress if it was provided
-	if macAddress != nil {
-		endpointStruct.MacAddress = strings.Replace(macAddress.String(), ":", "-", -1)
-	}
-
-	endpointStruct.Policies, err = ConvertPortBindings(epConnectivity.PortBindings)
-	if err != nil {
-		return err
-	}
-
-	qosPolicies, err := convertQosPolicies(epOption.QosPolicies)
-	if err != nil {
-		return err
-	}
-	endpointStruct.Policies = append(endpointStruct.Policies, qosPolicies...)
-
-	if ifInfo.Address() != nil {
-		endpointStruct.IPAddress = ifInfo.Address().IP
-	}
-
-	endpointStruct.DNSServerList = strings.Join(epOption.DNSServers, ",")
-
-	// overwrite the ep DisableDNS option if DisableGatewayDNS was set to true during the network creation option
-	if n.config.DisableGatewayDNS {
-		logrus.Debugf("n.config.DisableGatewayDNS[%v] overwrites epOption.DisableDNS[%v]", n.config.DisableGatewayDNS, epOption.DisableDNS)
-		epOption.DisableDNS = n.config.DisableGatewayDNS
-	}
-
-	if n.driver.name == "nat" && !epOption.DisableDNS {
-		logrus.Debugf("endpointStruct.EnableInternalDNS =[%v]", endpointStruct.EnableInternalDNS)
-		endpointStruct.EnableInternalDNS = true
-	}
-
-	endpointStruct.DisableICC = epOption.DisableICC
-
-	// Inherit OutboundNat policy from the network
-	if n.config.EnableOutboundNat {
-		outboundNatPolicy, err := json.Marshal(hcsshim.OutboundNatPolicy{
-			Policy:     hcsshim.Policy{Type: hcsshim.OutboundNat},
-			Exceptions: n.config.OutboundNatExceptions,
-		})
-
-		if err != nil {
-			return err
-		}
-		endpointStruct.Policies = append(endpointStruct.Policies, outboundNatPolicy)
-	}
-
-	configurationb, err := json.Marshal(endpointStruct)
-	if err != nil {
-		return err
-	}
-
-	hnsresponse, err := hcsshim.HNSEndpointRequest("POST", "", string(configurationb))
-	if err != nil {
-		return err
-	}
-
-	mac, err := net.ParseMAC(hnsresponse.MacAddress)
-	if err != nil {
-		return err
-	}
-
-	// TODO For now the ip mask is not in the info generated by HNS
-	endpoint := &hnsEndpoint{
-		id:         eid,
-		nid:        n.id,
-		Type:       d.name,
-		addr:       &net.IPNet{IP: hnsresponse.IPAddress, Mask: hnsresponse.IPAddress.DefaultMask()},
-		macAddress: mac,
-	}
-
-	if hnsresponse.GatewayAddress != "" {
-		endpoint.gateway = net.ParseIP(hnsresponse.GatewayAddress)
-	}
-
-	endpoint.profileID = hnsresponse.Id
-	endpoint.epConnectivity = epConnectivity
-	endpoint.epOption = epOption
-	endpoint.portMapping, err = ParsePortBindingPolicies(hnsresponse.Policies)
-
-	if err != nil {
-		hcsshim.HNSEndpointRequest("DELETE", hnsresponse.Id, "")
-		return err
-	}
-
-	n.Lock()
-	n.endpoints[eid] = endpoint
-	n.Unlock()
-
-	if ifInfo.Address() == nil {
-		ifInfo.SetIPAddress(endpoint.addr)
-	}
-
-	if macAddress == nil {
-		ifInfo.SetMacAddress(endpoint.macAddress)
-	}
-
-	if err = d.storeUpdate(endpoint); err != nil {
-		logrus.Errorf("Failed to save endpoint %.7s to store: %v", endpoint.id, err)
-	}
-
-	return nil
-}
-
-func (d *driver) DeleteEndpoint(nid, eid string) error {
-	n, err := d.getNetwork(nid)
-	if err != nil {
-		return types.InternalMaskableErrorf("%s", err)
-	}
-
-	ep, err := n.getEndpoint(eid)
-	if err != nil {
-		return err
-	}
-
-	n.Lock()
-	delete(n.endpoints, eid)
-	n.Unlock()
-
-	_, err = hcsshim.HNSEndpointRequest("DELETE", ep.profileID, "")
-	if err != nil && err.Error() != errNotFound {
-		return err
-	}
-
-	if err := d.storeDelete(ep); err != nil {
-		logrus.Warnf("Failed to remove bridge endpoint %.7s from store: %v", ep.id, err)
-	}
-	return nil
-}
-
-func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
-	network, err := d.getNetwork(nid)
-	if err != nil {
-		return nil, err
-	}
-
-	ep, err := network.getEndpoint(eid)
-	if err != nil {
-		return nil, err
-	}
-
-	data := make(map[string]interface{}, 1)
-	if network.driver.name == "nat" {
-		data["AllowUnqualifiedDNSQuery"] = true
-	}
-
-	data["hnsid"] = ep.profileID
-	if ep.epConnectivity.ExposedPorts != nil {
-		// Return a copy of the config data
-		epc := make([]types.TransportPort, 0, len(ep.epConnectivity.ExposedPorts))
-		for _, tp := range ep.epConnectivity.ExposedPorts {
-			epc = append(epc, tp.GetCopy())
-		}
-		data[netlabel.ExposedPorts] = epc
-	}
-
-	if ep.portMapping != nil {
-		// Return a copy of the operational data
-		pmc := make([]types.PortBinding, 0, len(ep.portMapping))
-		for _, pm := range ep.portMapping {
-			pmc = append(pmc, pm.GetCopy())
-		}
-		data[netlabel.PortMap] = pmc
-	}
-
-	if len(ep.macAddress) != 0 {
-		data[netlabel.MacAddress] = ep.macAddress
-	}
-	return data, nil
-}
-
-// Join method is invoked when a Sandbox is attached to an endpoint.
-func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
-	network, err := d.getNetwork(nid)
-	if err != nil {
-		return err
-	}
-
-	// Ensure that the endpoint exists
-	endpoint, err := network.getEndpoint(eid)
-	if err != nil {
-		return err
-	}
-
-	err = jinfo.SetGateway(endpoint.gateway)
-	if err != nil {
-		return err
-	}
-
-	endpoint.sandboxID = sboxKey
-
-	err = hcsshim.HotAttachEndpoint(endpoint.sandboxID, endpoint.profileID)
-	if err != nil {
-		// If container doesn't exists in hcs, do not throw error for hot add/remove
-		if err != hcsshim.ErrComputeSystemDoesNotExist {
-			return err
-		}
-	}
-
-	jinfo.DisableGatewayService()
-	return nil
-}
-
-// Leave method is invoked when a Sandbox detaches from an endpoint.
-func (d *driver) Leave(nid, eid string) error {
-	network, err := d.getNetwork(nid)
-	if err != nil {
-		return types.InternalMaskableErrorf("%s", err)
-	}
-
-	// Ensure that the endpoint exists
-	endpoint, err := network.getEndpoint(eid)
-	if err != nil {
-		return err
-	}
-
-	err = hcsshim.HotDetachEndpoint(endpoint.sandboxID, endpoint.profileID)
-	if err != nil {
-		// If container doesn't exists in hcs, do not throw error for hot add/remove
-		if err != hcsshim.ErrComputeSystemDoesNotExist {
-			return err
-		}
-	}
-	return nil
-}
-
-func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
-	return nil
-}
-
-func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
-	return nil
-}
-
-func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
-	return nil, types.NotImplementedErrorf("not implemented")
-}
-
-func (d *driver) NetworkFree(id string) error {
-	return types.NotImplementedErrorf("not implemented")
-}
-
-func (d *driver) Type() string {
-	return d.name
-}
-
-func (d *driver) IsBuiltIn() bool {
-	return true
-}
-
-// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
-func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
-
-// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
-func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers_experimental_linux.go b/vendor/github.com/docker/libnetwork/drivers_experimental_linux.go
deleted file mode 100644
index 4f540d4a87ee7..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers_experimental_linux.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package libnetwork
-
-import "github.com/docker/libnetwork/drivers/ipvlan"
-
-func additionalDrivers() []initializer {
-	return []initializer{
-		{ipvlan.Init, "ipvlan"},
-	}
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers_freebsd.go b/vendor/github.com/docker/libnetwork/drivers_freebsd.go
deleted file mode 100644
index d117c25780c23..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers_freebsd.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package libnetwork
-
-import (
-	"github.com/docker/libnetwork/drivers/null"
-	"github.com/docker/libnetwork/drivers/remote"
-)
-
-func getInitializers(experimental bool) []initializer {
-	return []initializer{
-		{null.Init, "null"},
-		{remote.Init, "remote"},
-	}
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers_ipam.go b/vendor/github.com/docker/libnetwork/drivers_ipam.go
deleted file mode 100644
index f47c01c71480c..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers_ipam.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package libnetwork
-
-import (
-	"github.com/docker/libnetwork/drvregistry"
-	"github.com/docker/libnetwork/ipamapi"
-	builtinIpam "github.com/docker/libnetwork/ipams/builtin"
-	nullIpam "github.com/docker/libnetwork/ipams/null"
-	remoteIpam "github.com/docker/libnetwork/ipams/remote"
-	"github.com/docker/libnetwork/ipamutils"
-)
-
-func initIPAMDrivers(r *drvregistry.DrvRegistry, lDs, gDs interface{}, addressPool []*ipamutils.NetworkToSplit) error {
-	builtinIpam.SetDefaultIPAddressPool(addressPool)
-	for _, fn := range [](func(ipamapi.Callback, interface{}, interface{}) error){
-		builtinIpam.Init,
-		remoteIpam.Init,
-		nullIpam.Init,
-	} {
-		if err := fn(r, lDs, gDs); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers_linux.go b/vendor/github.com/docker/libnetwork/drivers_linux.go
deleted file mode 100644
index c53d516fa6d52..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers_linux.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package libnetwork
-
-import (
-	"github.com/docker/libnetwork/drivers/bridge"
-	"github.com/docker/libnetwork/drivers/host"
-	"github.com/docker/libnetwork/drivers/macvlan"
-	"github.com/docker/libnetwork/drivers/null"
-	"github.com/docker/libnetwork/drivers/overlay"
-	"github.com/docker/libnetwork/drivers/remote"
-)
-
-func getInitializers(experimental bool) []initializer {
-	in := []initializer{
-		{bridge.Init, "bridge"},
-		{host.Init, "host"},
-		{macvlan.Init, "macvlan"},
-		{null.Init, "null"},
-		{remote.Init, "remote"},
-		{overlay.Init, "overlay"},
-	}
-
-	if experimental {
-		in = append(in, additionalDrivers()...)
-	}
-	return in
-}
diff --git a/vendor/github.com/docker/libnetwork/drivers_windows.go b/vendor/github.com/docker/libnetwork/drivers_windows.go
deleted file mode 100644
index a037c16efb438..0000000000000
--- a/vendor/github.com/docker/libnetwork/drivers_windows.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package libnetwork
-
-import (
-	"github.com/docker/libnetwork/drivers/null"
-	"github.com/docker/libnetwork/drivers/remote"
-	"github.com/docker/libnetwork/drivers/windows"
-	"github.com/docker/libnetwork/drivers/windows/overlay"
-)
-
-func getInitializers(experimental bool) []initializer {
-	return []initializer{
-		{null.Init, "null"},
-		{overlay.Init, "overlay"},
-		{remote.Init, "remote"},
-		{windows.GetInit("transparent"), "transparent"},
-		{windows.GetInit("l2bridge"), "l2bridge"},
-		{windows.GetInit("l2tunnel"), "l2tunnel"},
-		{windows.GetInit("nat"), "nat"},
-		{windows.GetInit("ics"), "ics"},
-	}
-}
diff --git a/vendor/github.com/docker/libnetwork/firewall_linux.go b/vendor/github.com/docker/libnetwork/firewall_linux.go
deleted file mode 100644
index 54f9621f8131c..0000000000000
--- a/vendor/github.com/docker/libnetwork/firewall_linux.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package libnetwork
-
-import (
-	"github.com/docker/libnetwork/iptables"
-	"github.com/sirupsen/logrus"
-)
-
-const userChain = "DOCKER-USER"
-
-func (c *controller) arrangeUserFilterRule() {
-	c.Lock()
-	arrangeUserFilterRule()
-	c.Unlock()
-	iptables.OnReloaded(func() {
-		c.Lock()
-		arrangeUserFilterRule()
-		c.Unlock()
-	})
-}
-
-// This chain allow users to configure firewall policies in a way that persists
-// docker operations/restarts. Docker will not delete or modify any pre-existing
-// rules from the DOCKER-USER filter chain.
-func arrangeUserFilterRule() {
-	_, err := iptables.NewChain(userChain, iptables.Filter, false)
-	if err != nil {
-		logrus.Warnf("Failed to create %s chain: %v", userChain, err)
-		return
-	}
-
-	if err = iptables.AddReturnRule(userChain); err != nil {
-		logrus.Warnf("Failed to add the RETURN rule for %s: %v", userChain, err)
-		return
-	}
-
-	err = iptables.EnsureJumpRule("FORWARD", userChain)
-	if err != nil {
-		logrus.Warnf("Failed to ensure the jump rule for %s: %v", userChain, err)
-	}
-}
diff --git a/vendor/github.com/docker/libnetwork/firewall_others.go b/vendor/github.com/docker/libnetwork/firewall_others.go
deleted file mode 100644
index 901f568fed41c..0000000000000
--- a/vendor/github.com/docker/libnetwork/firewall_others.go
+++ /dev/null
@@ -1,6 +0,0 @@
-// +build !linux
-
-package libnetwork
-
-func (c *controller) arrangeUserFilterRule() {
-}
diff --git a/vendor/github.com/docker/libnetwork/ipam/store.go b/vendor/github.com/docker/libnetwork/ipam/store.go
deleted file mode 100644
index 124d585518b4c..0000000000000
--- a/vendor/github.com/docker/libnetwork/ipam/store.go
+++ /dev/null
@@ -1,136 +0,0 @@
-package ipam
-
-import (
-	"encoding/json"
-
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-)
-
-// Key provides the Key to be used in KV Store
-func (aSpace *addrSpace) Key() []string {
-	aSpace.Lock()
-	defer aSpace.Unlock()
-	return []string{aSpace.id}
-}
-
-// KeyPrefix returns the immediate parent key that can be used for tree walk
-func (aSpace *addrSpace) KeyPrefix() []string {
-	aSpace.Lock()
-	defer aSpace.Unlock()
-	return []string{dsConfigKey}
-}
-
-// Value marshals the data to be stored in the KV store
-func (aSpace *addrSpace) Value() []byte {
-	b, err := json.Marshal(aSpace)
-	if err != nil {
-		logrus.Warnf("Failed to marshal ipam configured pools: %v", err)
-		return nil
-	}
-	return b
-}
-
-// SetValue unmarshalls the data from the KV store.
-func (aSpace *addrSpace) SetValue(value []byte) error {
-	rc := &addrSpace{subnets: make(map[SubnetKey]*PoolData)}
-	if err := json.Unmarshal(value, rc); err != nil {
-		return err
-	}
-	aSpace.subnets = rc.subnets
-	return nil
-}
-
-// Index returns the latest DB Index as seen by this object
-func (aSpace *addrSpace) Index() uint64 {
-	aSpace.Lock()
-	defer aSpace.Unlock()
-	return aSpace.dbIndex
-}
-
-// SetIndex method allows the datastore to store the latest DB Index into this object
-func (aSpace *addrSpace) SetIndex(index uint64) {
-	aSpace.Lock()
-	aSpace.dbIndex = index
-	aSpace.dbExists = true
-	aSpace.Unlock()
-}
-
-// Exists method is true if this object has been stored in the DB.
-func (aSpace *addrSpace) Exists() bool {
-	aSpace.Lock()
-	defer aSpace.Unlock()
-	return aSpace.dbExists
-}
-
-// Skip provides a way for a KV Object to avoid persisting it in the KV Store
-func (aSpace *addrSpace) Skip() bool {
-	return false
-}
-
-func (a *Allocator) getStore(as string) datastore.DataStore {
-	a.Lock()
-	defer a.Unlock()
-
-	if aSpace, ok := a.addrSpaces[as]; ok {
-		return aSpace.ds
-	}
-
-	return nil
-}
-
-func (a *Allocator) getAddressSpaceFromStore(as string) (*addrSpace, error) {
-	store := a.getStore(as)
-
-	// IPAM may not have a valid store. In such cases it is just in-memory state.
-	if store == nil {
-		return nil, nil
-	}
-
-	pc := &addrSpace{id: dsConfigKey + "/" + as, ds: store, alloc: a}
-	if err := store.GetObject(datastore.Key(pc.Key()...), pc); err != nil {
-		if err == datastore.ErrKeyNotFound {
-			return nil, nil
-		}
-
-		return nil, types.InternalErrorf("could not get pools config from store: %v", err)
-	}
-
-	return pc, nil
-}
-
-func (a *Allocator) writeToStore(aSpace *addrSpace) error {
-	store := aSpace.store()
-
-	// IPAM may not have a valid store. In such cases it is just in-memory state.
-	if store == nil {
-		return nil
-	}
-
-	err := store.PutObjectAtomic(aSpace)
-	if err == datastore.ErrKeyModified {
-		return types.RetryErrorf("failed to perform atomic write (%v). retry might fix the error", err)
-	}
-
-	return err
-}
-
-func (a *Allocator) deleteFromStore(aSpace *addrSpace) error {
-	store := aSpace.store()
-
-	// IPAM may not have a valid store. In such cases it is just in-memory state.
-	if store == nil {
-		return nil
-	}
-
-	return store.DeleteObjectAtomic(aSpace)
-}
-
-// DataScope method returns the storage scope of the datastore
-func (aSpace *addrSpace) DataScope() string {
-	aSpace.Lock()
-	defer aSpace.Unlock()
-
-	return aSpace.scope
-}
diff --git a/vendor/github.com/docker/libnetwork/ipam/utils.go b/vendor/github.com/docker/libnetwork/ipam/utils.go
deleted file mode 100644
index 5117c55cc7ca3..0000000000000
--- a/vendor/github.com/docker/libnetwork/ipam/utils.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package ipam
-
-import (
-	"fmt"
-	"net"
-
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/types"
-)
-
-type ipVersion int
-
-const (
-	v4 = 4
-	v6 = 6
-)
-
-func getAddressRange(pool string, masterNw *net.IPNet) (*AddressRange, error) {
-	ip, nw, err := net.ParseCIDR(pool)
-	if err != nil {
-		return nil, ipamapi.ErrInvalidSubPool
-	}
-	lIP, e := types.GetHostPartIP(nw.IP, masterNw.Mask)
-	if e != nil {
-		return nil, fmt.Errorf("failed to compute range's lowest ip address: %v", e)
-	}
-	bIP, e := types.GetBroadcastIP(nw.IP, nw.Mask)
-	if e != nil {
-		return nil, fmt.Errorf("failed to compute range's broadcast ip address: %v", e)
-	}
-	hIP, e := types.GetHostPartIP(bIP, masterNw.Mask)
-	if e != nil {
-		return nil, fmt.Errorf("failed to compute range's highest ip address: %v", e)
-	}
-	nw.IP = ip
-	return &AddressRange{nw, ipToUint64(types.GetMinimalIP(lIP)), ipToUint64(types.GetMinimalIP(hIP))}, nil
-}
-
-// It generates the ip address in the passed subnet specified by
-// the passed host address ordinal
-func generateAddress(ordinal uint64, network *net.IPNet) net.IP {
-	var address [16]byte
-
-	// Get network portion of IP
-	if getAddressVersion(network.IP) == v4 {
-		copy(address[:], network.IP.To4())
-	} else {
-		copy(address[:], network.IP)
-	}
-
-	end := len(network.Mask)
-	addIntToIP(address[:end], ordinal)
-
-	return net.IP(address[:end])
-}
-
-func getAddressVersion(ip net.IP) ipVersion {
-	if ip.To4() == nil {
-		return v6
-	}
-	return v4
-}
-
-// Adds the ordinal IP to the current array
-// 192.168.0.0 + 53 => 192.168.0.53
-func addIntToIP(array []byte, ordinal uint64) {
-	for i := len(array) - 1; i >= 0; i-- {
-		array[i] |= (byte)(ordinal & 0xff)
-		ordinal >>= 8
-	}
-}
-
-// Convert an ordinal to the respective IP address
-func ipToUint64(ip []byte) (value uint64) {
-	cip := types.GetMinimalIP(ip)
-	for i := 0; i < len(cip); i++ {
-		j := len(cip) - 1 - i
-		value += uint64(cip[i]) << uint(j*8)
-	}
-	return value
-}
diff --git a/vendor/github.com/docker/libnetwork/ipams/null/null.go b/vendor/github.com/docker/libnetwork/ipams/null/null.go
deleted file mode 100644
index 339b5308d11b5..0000000000000
--- a/vendor/github.com/docker/libnetwork/ipams/null/null.go
+++ /dev/null
@@ -1,75 +0,0 @@
-// Package null implements the null ipam driver. Null ipam driver satisfies ipamapi contract,
-// but does not effectively reserve/allocate any address pool or address
-package null
-
-import (
-	"fmt"
-	"net"
-
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/types"
-)
-
-var (
-	defaultAS      = "null"
-	defaultPool, _ = types.ParseCIDR("0.0.0.0/0")
-	defaultPoolID  = fmt.Sprintf("%s/%s", defaultAS, defaultPool.String())
-)
-
-type allocator struct{}
-
-func (a *allocator) GetDefaultAddressSpaces() (string, string, error) {
-	return defaultAS, defaultAS, nil
-}
-
-func (a *allocator) RequestPool(addressSpace, pool, subPool string, options map[string]string, v6 bool) (string, *net.IPNet, map[string]string, error) {
-	if addressSpace != defaultAS {
-		return "", nil, nil, types.BadRequestErrorf("unknown address space: %s", addressSpace)
-	}
-	if pool != "" {
-		return "", nil, nil, types.BadRequestErrorf("null ipam driver does not handle specific address pool requests")
-	}
-	if subPool != "" {
-		return "", nil, nil, types.BadRequestErrorf("null ipam driver does not handle specific address subpool requests")
-	}
-	if v6 {
-		return "", nil, nil, types.BadRequestErrorf("null ipam driver does not handle IPv6 address pool pool requests")
-	}
-	return defaultPoolID, defaultPool, nil, nil
-}
-
-func (a *allocator) ReleasePool(poolID string) error {
-	return nil
-}
-
-func (a *allocator) RequestAddress(poolID string, ip net.IP, opts map[string]string) (*net.IPNet, map[string]string, error) {
-	if poolID != defaultPoolID {
-		return nil, nil, types.BadRequestErrorf("unknown pool id: %s", poolID)
-	}
-	return nil, nil, nil
-}
-
-func (a *allocator) ReleaseAddress(poolID string, ip net.IP) error {
-	if poolID != defaultPoolID {
-		return types.BadRequestErrorf("unknown pool id: %s", poolID)
-	}
-	return nil
-}
-
-func (a *allocator) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
-
-func (a *allocator) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
-
-func (a *allocator) IsBuiltIn() bool {
-	return true
-}
-
-// Init registers a remote ipam when its plugin is activated
-func Init(ic ipamapi.Callback, l, g interface{}) error {
-	return ic.RegisterIpamDriver(ipamapi.NullIPAM, &allocator{})
-}
diff --git a/vendor/github.com/docker/libnetwork/ipams/remote/api/api.go b/vendor/github.com/docker/libnetwork/ipams/remote/api/api.go
deleted file mode 100644
index 543c99bb008e9..0000000000000
--- a/vendor/github.com/docker/libnetwork/ipams/remote/api/api.go
+++ /dev/null
@@ -1,94 +0,0 @@
-// Package api defines the data structure to be used in the request/response
-// messages between libnetwork and the remote ipam plugin
-package api
-
-import "github.com/docker/libnetwork/ipamapi"
-
-// Response is the basic response structure used in all responses
-type Response struct {
-	Error string
-}
-
-// IsSuccess returns whether the plugin response is successful
-func (r *Response) IsSuccess() bool {
-	return r.Error == ""
-}
-
-// GetError returns the error from the response, if any.
-func (r *Response) GetError() string {
-	return r.Error
-}
-
-// GetCapabilityResponse is the response of GetCapability request
-type GetCapabilityResponse struct {
-	Response
-	RequiresMACAddress    bool
-	RequiresRequestReplay bool
-}
-
-// ToCapability converts the capability response into the internal ipam driver capability structure
-func (capRes GetCapabilityResponse) ToCapability() *ipamapi.Capability {
-	return &ipamapi.Capability{
-		RequiresMACAddress:    capRes.RequiresMACAddress,
-		RequiresRequestReplay: capRes.RequiresRequestReplay,
-	}
-}
-
-// GetAddressSpacesResponse is the response to the ``get default address spaces`` request message
-type GetAddressSpacesResponse struct {
-	Response
-	LocalDefaultAddressSpace  string
-	GlobalDefaultAddressSpace string
-}
-
-// RequestPoolRequest represents the expected data in a ``request address pool`` request message
-type RequestPoolRequest struct {
-	AddressSpace string
-	Pool         string
-	SubPool      string
-	Options      map[string]string
-	V6           bool
-}
-
-// RequestPoolResponse represents the response message to a ``request address pool`` request
-type RequestPoolResponse struct {
-	Response
-	PoolID string
-	Pool   string // CIDR format
-	Data   map[string]string
-}
-
-// ReleasePoolRequest represents the expected data in a ``release address pool`` request message
-type ReleasePoolRequest struct {
-	PoolID string
-}
-
-// ReleasePoolResponse represents the response message to a ``release address pool`` request
-type ReleasePoolResponse struct {
-	Response
-}
-
-// RequestAddressRequest represents the expected data in a ``request address`` request message
-type RequestAddressRequest struct {
-	PoolID  string
-	Address string
-	Options map[string]string
-}
-
-// RequestAddressResponse represents the expected data in the response message to a ``request address`` request
-type RequestAddressResponse struct {
-	Response
-	Address string // in CIDR format
-	Data    map[string]string
-}
-
-// ReleaseAddressRequest represents the expected data in a ``release address`` request message
-type ReleaseAddressRequest struct {
-	PoolID  string
-	Address string
-}
-
-// ReleaseAddressResponse represents the response message to a ``release address`` request
-type ReleaseAddressResponse struct {
-	Response
-}
diff --git a/vendor/github.com/docker/libnetwork/ipams/remote/remote.go b/vendor/github.com/docker/libnetwork/ipams/remote/remote.go
deleted file mode 100644
index 6f2173f3085a2..0000000000000
--- a/vendor/github.com/docker/libnetwork/ipams/remote/remote.go
+++ /dev/null
@@ -1,183 +0,0 @@
-package remote
-
-import (
-	"fmt"
-	"net"
-
-	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/docker/pkg/plugins"
-	"github.com/docker/libnetwork/discoverapi"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/ipams/remote/api"
-	"github.com/docker/libnetwork/types"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-)
-
-type allocator struct {
-	endpoint *plugins.Client
-	name     string
-}
-
-// PluginResponse is the interface for the plugin request responses
-type PluginResponse interface {
-	IsSuccess() bool
-	GetError() string
-}
-
-func newAllocator(name string, client *plugins.Client) ipamapi.Ipam {
-	a := &allocator{name: name, endpoint: client}
-	return a
-}
-
-// Init registers a remote ipam when its plugin is activated
-func Init(cb ipamapi.Callback, l, g interface{}) error {
-
-	newPluginHandler := func(name string, client *plugins.Client) {
-		a := newAllocator(name, client)
-		if cps, err := a.(*allocator).getCapabilities(); err == nil {
-			if err := cb.RegisterIpamDriverWithCapabilities(name, a, cps); err != nil {
-				logrus.Errorf("error registering remote ipam driver %s due to %v", name, err)
-			}
-		} else {
-			logrus.Infof("remote ipam driver %s does not support capabilities", name)
-			logrus.Debug(err)
-			if err := cb.RegisterIpamDriver(name, a); err != nil {
-				logrus.Errorf("error registering remote ipam driver %s due to %v", name, err)
-			}
-		}
-	}
-
-	// Unit test code is unaware of a true PluginStore. So we fall back to v1 plugins.
-	handleFunc := plugins.Handle
-	if pg := cb.GetPluginGetter(); pg != nil {
-		handleFunc = pg.Handle
-		activePlugins := pg.GetAllManagedPluginsByCap(ipamapi.PluginEndpointType)
-		for _, ap := range activePlugins {
-			client, err := getPluginClient(ap)
-			if err != nil {
-				return err
-			}
-			newPluginHandler(ap.Name(), client)
-		}
-	}
-	handleFunc(ipamapi.PluginEndpointType, newPluginHandler)
-	return nil
-}
-
-func getPluginClient(p plugingetter.CompatPlugin) (*plugins.Client, error) {
-	if v1, ok := p.(plugingetter.PluginWithV1Client); ok {
-		return v1.Client(), nil
-	}
-
-	pa, ok := p.(plugingetter.PluginAddr)
-	if !ok {
-		return nil, errors.Errorf("unknown plugin type %T", p)
-	}
-
-	if pa.Protocol() != plugins.ProtocolSchemeHTTPV1 {
-		return nil, errors.Errorf("unsupported plugin protocol %s", pa.Protocol())
-	}
-
-	addr := pa.Addr()
-	client, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, pa.Timeout())
-	if err != nil {
-		return nil, errors.Wrap(err, "error creating plugin client")
-	}
-	return client, nil
-}
-
-func (a *allocator) call(methodName string, arg interface{}, retVal PluginResponse) error {
-	method := ipamapi.PluginEndpointType + "." + methodName
-	err := a.endpoint.Call(method, arg, retVal)
-	if err != nil {
-		return err
-	}
-	if !retVal.IsSuccess() {
-		return fmt.Errorf("remote: %s", retVal.GetError())
-	}
-	return nil
-}
-
-func (a *allocator) getCapabilities() (*ipamapi.Capability, error) {
-	var res api.GetCapabilityResponse
-	if err := a.call("GetCapabilities", nil, &res); err != nil {
-		return nil, err
-	}
-	return res.ToCapability(), nil
-}
-
-// GetDefaultAddressSpaces returns the local and global default address spaces
-func (a *allocator) GetDefaultAddressSpaces() (string, string, error) {
-	res := &api.GetAddressSpacesResponse{}
-	if err := a.call("GetDefaultAddressSpaces", nil, res); err != nil {
-		return "", "", err
-	}
-	return res.LocalDefaultAddressSpace, res.GlobalDefaultAddressSpace, nil
-}
-
-// RequestPool requests an address pool in the specified address space
-func (a *allocator) RequestPool(addressSpace, pool, subPool string, options map[string]string, v6 bool) (string, *net.IPNet, map[string]string, error) {
-	req := &api.RequestPoolRequest{AddressSpace: addressSpace, Pool: pool, SubPool: subPool, Options: options, V6: v6}
-	res := &api.RequestPoolResponse{}
-	if err := a.call("RequestPool", req, res); err != nil {
-		return "", nil, nil, err
-	}
-	retPool, err := types.ParseCIDR(res.Pool)
-	return res.PoolID, retPool, res.Data, err
-}
-
-// ReleasePool removes an address pool from the specified address space
-func (a *allocator) ReleasePool(poolID string) error {
-	req := &api.ReleasePoolRequest{PoolID: poolID}
-	res := &api.ReleasePoolResponse{}
-	return a.call("ReleasePool", req, res)
-}
-
-// RequestAddress requests an address from the address pool
-func (a *allocator) RequestAddress(poolID string, address net.IP, options map[string]string) (*net.IPNet, map[string]string, error) {
-	var (
-		prefAddress string
-		retAddress  *net.IPNet
-		err         error
-	)
-	if address != nil {
-		prefAddress = address.String()
-	}
-	req := &api.RequestAddressRequest{PoolID: poolID, Address: prefAddress, Options: options}
-	res := &api.RequestAddressResponse{}
-	if err := a.call("RequestAddress", req, res); err != nil {
-		return nil, nil, err
-	}
-	if res.Address != "" {
-		retAddress, err = types.ParseCIDR(res.Address)
-	} else {
-		return nil, nil, ipamapi.ErrNoIPReturned
-	}
-	return retAddress, res.Data, err
-}
-
-// ReleaseAddress releases the address from the specified address pool
-func (a *allocator) ReleaseAddress(poolID string, address net.IP) error {
-	var relAddress string
-	if address != nil {
-		relAddress = address.String()
-	}
-	req := &api.ReleaseAddressRequest{PoolID: poolID, Address: relAddress}
-	res := &api.ReleaseAddressResponse{}
-	return a.call("ReleaseAddress", req, res)
-}
-
-// DiscoverNew is a notification for a new discovery event, such as a new global datastore
-func (a *allocator) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
-
-// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
-func (a *allocator) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
-	return nil
-}
-
-func (a *allocator) IsBuiltIn() bool {
-	return false
-}
diff --git a/vendor/github.com/docker/libnetwork/iptables/firewalld.go b/vendor/github.com/docker/libnetwork/iptables/firewalld.go
deleted file mode 100644
index 8f13c8644852b..0000000000000
--- a/vendor/github.com/docker/libnetwork/iptables/firewalld.go
+++ /dev/null
@@ -1,167 +0,0 @@
-package iptables
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/godbus/dbus"
-	"github.com/sirupsen/logrus"
-)
-
-// IPV defines the table string
-type IPV string
-
-const (
-	// Iptables point ipv4 table
-	Iptables IPV = "ipv4"
-	// IP6Tables point to ipv6 table
-	IP6Tables IPV = "ipv6"
-	// Ebtables point to bridge table
-	Ebtables IPV = "eb"
-)
-const (
-	dbusInterface = "org.fedoraproject.FirewallD1"
-	dbusPath      = "/org/fedoraproject/FirewallD1"
-)
-
-// Conn is a connection to firewalld dbus endpoint.
-type Conn struct {
-	sysconn *dbus.Conn
-	sysobj  dbus.BusObject
-	signal  chan *dbus.Signal
-}
-
-var (
-	connection       *Conn
-	firewalldRunning bool      // is Firewalld service running
-	onReloaded       []*func() // callbacks when Firewalld has been reloaded
-)
-
-// FirewalldInit initializes firewalld management code.
-func FirewalldInit() error {
-	var err error
-
-	if connection, err = newConnection(); err != nil {
-		return fmt.Errorf("Failed to connect to D-Bus system bus: %v", err)
-	}
-	firewalldRunning = checkRunning()
-	if !firewalldRunning {
-		connection.sysconn.Close()
-		connection = nil
-	}
-	if connection != nil {
-		go signalHandler()
-	}
-
-	return nil
-}
-
-// New() establishes a connection to the system bus.
-func newConnection() (*Conn, error) {
-	c := new(Conn)
-	if err := c.initConnection(); err != nil {
-		return nil, err
-	}
-
-	return c, nil
-}
-
-// Initialize D-Bus connection.
-func (c *Conn) initConnection() error {
-	var err error
-
-	c.sysconn, err = dbus.SystemBus()
-	if err != nil {
-		return err
-	}
-
-	// This never fails, even if the service is not running atm.
-	c.sysobj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusPath))
-
-	rule := fmt.Sprintf("type='signal',path='%s',interface='%s',sender='%s',member='Reloaded'",
-		dbusPath, dbusInterface, dbusInterface)
-	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, rule)
-
-	rule = fmt.Sprintf("type='signal',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus',sender='org.freedesktop.DBus',arg0='%s'",
-		dbusInterface)
-	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, rule)
-
-	c.signal = make(chan *dbus.Signal, 10)
-	c.sysconn.Signal(c.signal)
-
-	return nil
-}
-
-func signalHandler() {
-	for signal := range connection.signal {
-		if strings.Contains(signal.Name, "NameOwnerChanged") {
-			firewalldRunning = checkRunning()
-			dbusConnectionChanged(signal.Body)
-		} else if strings.Contains(signal.Name, "Reloaded") {
-			reloaded()
-		}
-	}
-}
-
-func dbusConnectionChanged(args []interface{}) {
-	name := args[0].(string)
-	oldOwner := args[1].(string)
-	newOwner := args[2].(string)
-
-	if name != dbusInterface {
-		return
-	}
-
-	if len(newOwner) > 0 {
-		connectionEstablished()
-	} else if len(oldOwner) > 0 {
-		connectionLost()
-	}
-}
-
-func connectionEstablished() {
-	reloaded()
-}
-
-func connectionLost() {
-	// Doesn't do anything for now. Libvirt also doesn't react to this.
-}
-
-// call all callbacks
-func reloaded() {
-	for _, pf := range onReloaded {
-		(*pf)()
-	}
-}
-
-// OnReloaded add callback
-func OnReloaded(callback func()) {
-	for _, pf := range onReloaded {
-		if pf == &callback {
-			return
-		}
-	}
-	onReloaded = append(onReloaded, &callback)
-}
-
-// Call some remote method to see whether the service is actually running.
-func checkRunning() bool {
-	var zone string
-	var err error
-
-	if connection != nil {
-		err = connection.sysobj.Call(dbusInterface+".getDefaultZone", 0).Store(&zone)
-		return err == nil
-	}
-	return false
-}
-
-// Passthrough method simply passes args through to iptables/ip6tables
-func Passthrough(ipv IPV, args ...string) ([]byte, error) {
-	var output string
-	logrus.Debugf("Firewalld passthrough: %s, %s", ipv, args)
-	if err := connection.sysobj.Call(dbusInterface+".direct.passthrough", 0, ipv, args).Store(&output); err != nil {
-		return nil, err
-	}
-	return []byte(output), nil
-}
diff --git a/vendor/github.com/docker/libnetwork/iptables/iptables.go b/vendor/github.com/docker/libnetwork/iptables/iptables.go
deleted file mode 100644
index 4b8d8832e9035..0000000000000
--- a/vendor/github.com/docker/libnetwork/iptables/iptables.go
+++ /dev/null
@@ -1,575 +0,0 @@
-package iptables
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"os/exec"
-	"regexp"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/sirupsen/logrus"
-)
-
-// Action signifies the iptable action.
-type Action string
-
-// Policy is the default iptable policies
-type Policy string
-
-// Table refers to Nat, Filter or Mangle.
-type Table string
-
-const (
-	// Append appends the rule at the end of the chain.
-	Append Action = "-A"
-	// Delete deletes the rule from the chain.
-	Delete Action = "-D"
-	// Insert inserts the rule at the top of the chain.
-	Insert Action = "-I"
-	// Nat table is used for nat translation rules.
-	Nat Table = "nat"
-	// Filter table is used for filter rules.
-	Filter Table = "filter"
-	// Mangle table is used for mangling the packet.
-	Mangle Table = "mangle"
-	// Drop is the default iptables DROP policy
-	Drop Policy = "DROP"
-	// Accept is the default iptables ACCEPT policy
-	Accept Policy = "ACCEPT"
-)
-
-var (
-	iptablesPath  string
-	supportsXlock = false
-	supportsCOpt  = false
-	xLockWaitMsg  = "Another app is currently holding the xtables lock"
-	// used to lock iptables commands if xtables lock is not supported
-	bestEffortLock sync.Mutex
-	// ErrIptablesNotFound is returned when the rule is not found.
-	ErrIptablesNotFound = errors.New("Iptables not found")
-	initOnce            sync.Once
-)
-
-// ChainInfo defines the iptables chain.
-type ChainInfo struct {
-	Name        string
-	Table       Table
-	HairpinMode bool
-}
-
-// ChainError is returned to represent errors during ip table operation.
-type ChainError struct {
-	Chain  string
-	Output []byte
-}
-
-func (e ChainError) Error() string {
-	return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output))
-}
-
-func probe() {
-	if out, err := exec.Command("modprobe", "-va", "nf_nat").CombinedOutput(); err != nil {
-		logrus.Warnf("Running modprobe nf_nat failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
-	}
-	if out, err := exec.Command("modprobe", "-va", "xt_conntrack").CombinedOutput(); err != nil {
-		logrus.Warnf("Running modprobe xt_conntrack failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
-	}
-}
-
-func initFirewalld() {
-	if err := FirewalldInit(); err != nil {
-		logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)
-	}
-}
-
-func detectIptables() {
-	path, err := exec.LookPath("iptables")
-	if err != nil {
-		return
-	}
-	iptablesPath = path
-	supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
-	mj, mn, mc, err := GetVersion()
-	if err != nil {
-		logrus.Warnf("Failed to read iptables version: %v", err)
-		return
-	}
-	supportsCOpt = supportsCOption(mj, mn, mc)
-}
-
-func initDependencies() {
-	probe()
-	initFirewalld()
-	detectIptables()
-}
-
-func initCheck() error {
-	initOnce.Do(initDependencies)
-
-	if iptablesPath == "" {
-		return ErrIptablesNotFound
-	}
-	return nil
-}
-
-// NewChain adds a new chain to ip table.
-func NewChain(name string, table Table, hairpinMode bool) (*ChainInfo, error) {
-	c := &ChainInfo{
-		Name:        name,
-		Table:       table,
-		HairpinMode: hairpinMode,
-	}
-	if string(c.Table) == "" {
-		c.Table = Filter
-	}
-
-	// Add chain if it doesn't exist
-	if _, err := Raw("-t", string(c.Table), "-n", "-L", c.Name); err != nil {
-		if output, err := Raw("-t", string(c.Table), "-N", c.Name); err != nil {
-			return nil, err
-		} else if len(output) != 0 {
-			return nil, fmt.Errorf("Could not create %s/%s chain: %s", c.Table, c.Name, output)
-		}
-	}
-	return c, nil
-}
-
-// ProgramChain is used to add rules to a chain
-func ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) error {
-	if c.Name == "" {
-		return errors.New("Could not program chain, missing chain name")
-	}
-
-	switch c.Table {
-	case Nat:
-		preroute := []string{
-			"-m", "addrtype",
-			"--dst-type", "LOCAL",
-			"-j", c.Name}
-		if !Exists(Nat, "PREROUTING", preroute...) && enable {
-			if err := c.Prerouting(Append, preroute...); err != nil {
-				return fmt.Errorf("Failed to inject %s in PREROUTING chain: %s", c.Name, err)
-			}
-		} else if Exists(Nat, "PREROUTING", preroute...) && !enable {
-			if err := c.Prerouting(Delete, preroute...); err != nil {
-				return fmt.Errorf("Failed to remove %s in PREROUTING chain: %s", c.Name, err)
-			}
-		}
-		output := []string{
-			"-m", "addrtype",
-			"--dst-type", "LOCAL",
-			"-j", c.Name}
-		if !hairpinMode {
-			output = append(output, "!", "--dst", "127.0.0.0/8")
-		}
-		if !Exists(Nat, "OUTPUT", output...) && enable {
-			if err := c.Output(Append, output...); err != nil {
-				return fmt.Errorf("Failed to inject %s in OUTPUT chain: %s", c.Name, err)
-			}
-		} else if Exists(Nat, "OUTPUT", output...) && !enable {
-			if err := c.Output(Delete, output...); err != nil {
-				return fmt.Errorf("Failed to inject %s in OUTPUT chain: %s", c.Name, err)
-			}
-		}
-	case Filter:
-		if bridgeName == "" {
-			return fmt.Errorf("Could not program chain %s/%s, missing bridge name",
-				c.Table, c.Name)
-		}
-		link := []string{
-			"-o", bridgeName,
-			"-j", c.Name}
-		if !Exists(Filter, "FORWARD", link...) && enable {
-			insert := append([]string{string(Insert), "FORWARD"}, link...)
-			if output, err := Raw(insert...); err != nil {
-				return err
-			} else if len(output) != 0 {
-				return fmt.Errorf("Could not create linking rule to %s/%s: %s", c.Table, c.Name, output)
-			}
-		} else if Exists(Filter, "FORWARD", link...) && !enable {
-			del := append([]string{string(Delete), "FORWARD"}, link...)
-			if output, err := Raw(del...); err != nil {
-				return err
-			} else if len(output) != 0 {
-				return fmt.Errorf("Could not delete linking rule from %s/%s: %s", c.Table, c.Name, output)
-			}
-
-		}
-		establish := []string{
-			"-o", bridgeName,
-			"-m", "conntrack",
-			"--ctstate", "RELATED,ESTABLISHED",
-			"-j", "ACCEPT"}
-		if !Exists(Filter, "FORWARD", establish...) && enable {
-			insert := append([]string{string(Insert), "FORWARD"}, establish...)
-			if output, err := Raw(insert...); err != nil {
-				return err
-			} else if len(output) != 0 {
-				return fmt.Errorf("Could not create establish rule to %s: %s", c.Table, output)
-			}
-		} else if Exists(Filter, "FORWARD", establish...) && !enable {
-			del := append([]string{string(Delete), "FORWARD"}, establish...)
-			if output, err := Raw(del...); err != nil {
-				return err
-			} else if len(output) != 0 {
-				return fmt.Errorf("Could not delete establish rule from %s: %s", c.Table, output)
-			}
-		}
-	}
-	return nil
-}
-
-// RemoveExistingChain removes existing chain from the table.
-func RemoveExistingChain(name string, table Table) error {
-	c := &ChainInfo{
-		Name:  name,
-		Table: table,
-	}
-	if string(c.Table) == "" {
-		c.Table = Filter
-	}
-	return c.Remove()
-}
-
-// Forward adds forwarding rule to 'filter' table and corresponding nat rule to 'nat' table.
-func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr string, destPort int, bridgeName string) error {
-	daddr := ip.String()
-	if ip.IsUnspecified() {
-		// iptables interprets "0.0.0.0" as "0.0.0.0/32", whereas we
-		// want "0.0.0.0/0". "0/0" is correctly interpreted as "any
-		// value" by both iptables and ip6tables.
-		daddr = "0/0"
-	}
-
-	args := []string{
-		"-p", proto,
-		"-d", daddr,
-		"--dport", strconv.Itoa(port),
-		"-j", "DNAT",
-		"--to-destination", net.JoinHostPort(destAddr, strconv.Itoa(destPort))}
-	if !c.HairpinMode {
-		args = append(args, "!", "-i", bridgeName)
-	}
-	if err := ProgramRule(Nat, c.Name, action, args); err != nil {
-		return err
-	}
-
-	args = []string{
-		"!", "-i", bridgeName,
-		"-o", bridgeName,
-		"-p", proto,
-		"-d", destAddr,
-		"--dport", strconv.Itoa(destPort),
-		"-j", "ACCEPT",
-	}
-	if err := ProgramRule(Filter, c.Name, action, args); err != nil {
-		return err
-	}
-
-	args = []string{
-		"-p", proto,
-		"-s", destAddr,
-		"-d", destAddr,
-		"--dport", strconv.Itoa(destPort),
-		"-j", "MASQUERADE",
-	}
-
-	if err := ProgramRule(Nat, "POSTROUTING", action, args); err != nil {
-		return err
-	}
-
-	if proto == "sctp" {
-		// Linux kernel v4.9 and below enables NETIF_F_SCTP_CRC for veth by
-		// the following commit.
-		// This introduces a problem when conbined with a physical NIC without
-		// NETIF_F_SCTP_CRC. As for a workaround, here we add an iptables entry
-		// to fill the checksum.
-		//
-		// https://github.com/torvalds/linux/commit/c80fafbbb59ef9924962f83aac85531039395b18
-		args = []string{
-			"-p", proto,
-			"--sport", strconv.Itoa(destPort),
-			"-j", "CHECKSUM",
-			"--checksum-fill",
-		}
-		if err := ProgramRule(Mangle, "POSTROUTING", action, args); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// Link adds reciprocal ACCEPT rule for two supplied IP addresses.
-// Traffic is allowed from ip1 to ip2 and vice-versa
-func (c *ChainInfo) Link(action Action, ip1, ip2 net.IP, port int, proto string, bridgeName string) error {
-	// forward
-	args := []string{
-		"-i", bridgeName, "-o", bridgeName,
-		"-p", proto,
-		"-s", ip1.String(),
-		"-d", ip2.String(),
-		"--dport", strconv.Itoa(port),
-		"-j", "ACCEPT",
-	}
-	if err := ProgramRule(Filter, c.Name, action, args); err != nil {
-		return err
-	}
-	// reverse
-	args[7], args[9] = args[9], args[7]
-	args[10] = "--sport"
-	return ProgramRule(Filter, c.Name, action, args)
-}
-
-// ProgramRule adds the rule specified by args only if the
-// rule is not already present in the chain. Reciprocally,
-// it removes the rule only if present.
-func ProgramRule(table Table, chain string, action Action, args []string) error {
-	if Exists(table, chain, args...) != (action == Delete) {
-		return nil
-	}
-	return RawCombinedOutput(append([]string{"-t", string(table), string(action), chain}, args...)...)
-}
-
-// Prerouting adds linking rule to nat/PREROUTING chain.
-func (c *ChainInfo) Prerouting(action Action, args ...string) error {
-	a := []string{"-t", string(Nat), string(action), "PREROUTING"}
-	if len(args) > 0 {
-		a = append(a, args...)
-	}
-	if output, err := Raw(a...); err != nil {
-		return err
-	} else if len(output) != 0 {
-		return ChainError{Chain: "PREROUTING", Output: output}
-	}
-	return nil
-}
-
-// Output adds linking rule to an OUTPUT chain.
-func (c *ChainInfo) Output(action Action, args ...string) error {
-	a := []string{"-t", string(c.Table), string(action), "OUTPUT"}
-	if len(args) > 0 {
-		a = append(a, args...)
-	}
-	if output, err := Raw(a...); err != nil {
-		return err
-	} else if len(output) != 0 {
-		return ChainError{Chain: "OUTPUT", Output: output}
-	}
-	return nil
-}
-
-// Remove removes the chain.
-func (c *ChainInfo) Remove() error {
-	// Ignore errors - This could mean the chains were never set up
-	if c.Table == Nat {
-		c.Prerouting(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name)
-		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "!", "--dst", "127.0.0.0/8", "-j", c.Name)
-		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name) // Created in versions <= 0.1.6
-
-		c.Prerouting(Delete)
-		c.Output(Delete)
-	}
-	Raw("-t", string(c.Table), "-F", c.Name)
-	Raw("-t", string(c.Table), "-X", c.Name)
-	return nil
-}
-
-// Exists checks if a rule exists
-func Exists(table Table, chain string, rule ...string) bool {
-	return exists(false, table, chain, rule...)
-}
-
-// ExistsNative behaves as Exists with the difference it
-// will always invoke `iptables` binary.
-func ExistsNative(table Table, chain string, rule ...string) bool {
-	return exists(true, table, chain, rule...)
-}
-
-func exists(native bool, table Table, chain string, rule ...string) bool {
-	f := Raw
-	if native {
-		f = raw
-	}
-
-	if string(table) == "" {
-		table = Filter
-	}
-
-	if err := initCheck(); err != nil {
-		// The exists() signature does not allow us to return an error, but at least
-		// we can skip the (likely invalid) exec invocation.
-		return false
-	}
-
-	if supportsCOpt {
-		// if exit status is 0 then return true, the rule exists
-		_, err := f(append([]string{"-t", string(table), "-C", chain}, rule...)...)
-		return err == nil
-	}
-
-	// parse "iptables -S" for the rule (it checks rules in a specific chain
-	// in a specific table and it is very unreliable)
-	return existsRaw(table, chain, rule...)
-}
-
-func existsRaw(table Table, chain string, rule ...string) bool {
-	ruleString := fmt.Sprintf("%s %s\n", chain, strings.Join(rule, " "))
-	existingRules, _ := exec.Command(iptablesPath, "-t", string(table), "-S", chain).Output()
-
-	return strings.Contains(string(existingRules), ruleString)
-}
-
-// Maximum duration that an iptables operation can take
-// before flagging a warning.
-const opWarnTime = 2 * time.Second
-
-func filterOutput(start time.Time, output []byte, args ...string) []byte {
-	// Flag operations that have taken a long time to complete
-	opTime := time.Since(start)
-	if opTime > opWarnTime {
-		logrus.Warnf("xtables contention detected while running [%s]: Waited for %.2f seconds and received %q", strings.Join(args, " "), float64(opTime)/float64(time.Second), string(output))
-	}
-	// ignore iptables' message about xtables lock:
-	// it is a warning, not an error.
-	if strings.Contains(string(output), xLockWaitMsg) {
-		output = []byte("")
-	}
-	// Put further filters here if desired
-	return output
-}
-
-// Raw calls 'iptables' system command, passing supplied arguments.
-func Raw(args ...string) ([]byte, error) {
-	if firewalldRunning {
-		startTime := time.Now()
-		output, err := Passthrough(Iptables, args...)
-		if err == nil || !strings.Contains(err.Error(), "was not provided by any .service files") {
-			return filterOutput(startTime, output, args...), err
-		}
-	}
-	return raw(args...)
-}
-
-func raw(args ...string) ([]byte, error) {
-	if err := initCheck(); err != nil {
-		return nil, err
-	}
-	if supportsXlock {
-		args = append([]string{"--wait"}, args...)
-	} else {
-		bestEffortLock.Lock()
-		defer bestEffortLock.Unlock()
-	}
-
-	logrus.Debugf("%s, %v", iptablesPath, args)
-
-	startTime := time.Now()
-	output, err := exec.Command(iptablesPath, args...).CombinedOutput()
-	if err != nil {
-		return nil, fmt.Errorf("iptables failed: iptables %v: %s (%s)", strings.Join(args, " "), output, err)
-	}
-
-	return filterOutput(startTime, output, args...), err
-}
-
-// RawCombinedOutput internally calls the Raw function and returns a non nil
-// error if Raw returned a non nil error or a non empty output
-func RawCombinedOutput(args ...string) error {
-	if output, err := Raw(args...); err != nil || len(output) != 0 {
-		return fmt.Errorf("%s (%v)", string(output), err)
-	}
-	return nil
-}
-
-// RawCombinedOutputNative behave as RawCombinedOutput with the difference it
-// will always invoke `iptables` binary
-func RawCombinedOutputNative(args ...string) error {
-	if output, err := raw(args...); err != nil || len(output) != 0 {
-		return fmt.Errorf("%s (%v)", string(output), err)
-	}
-	return nil
-}
-
-// ExistChain checks if a chain exists
-func ExistChain(chain string, table Table) bool {
-	if _, err := Raw("-t", string(table), "-nL", chain); err == nil {
-		return true
-	}
-	return false
-}
-
-// GetVersion reads the iptables version numbers during initialization
-func GetVersion() (major, minor, micro int, err error) {
-	out, err := exec.Command(iptablesPath, "--version").CombinedOutput()
-	if err == nil {
-		major, minor, micro = parseVersionNumbers(string(out))
-	}
-	return
-}
-
-// SetDefaultPolicy sets the passed default policy for the table/chain
-func SetDefaultPolicy(table Table, chain string, policy Policy) error {
-	if err := RawCombinedOutput("-t", string(table), "-P", chain, string(policy)); err != nil {
-		return fmt.Errorf("setting default policy to %v in %v chain failed: %v", policy, chain, err)
-	}
-	return nil
-}
-
-func parseVersionNumbers(input string) (major, minor, micro int) {
-	re := regexp.MustCompile(`v\d*.\d*.\d*`)
-	line := re.FindString(input)
-	fmt.Sscanf(line, "v%d.%d.%d", &major, &minor, &micro)
-	return
-}
-
-// iptables -C, --check option was added in v.1.4.11
-// http://ftp.netfilter.org/pub/iptables/changes-iptables-1.4.11.txt
-func supportsCOption(mj, mn, mc int) bool {
-	return mj > 1 || (mj == 1 && (mn > 4 || (mn == 4 && mc >= 11)))
-}
-
-// AddReturnRule adds a return rule for the chain in the filter table
-func AddReturnRule(chain string) error {
-	var (
-		table = Filter
-		args  = []string{"-j", "RETURN"}
-	)
-
-	if Exists(table, chain, args...) {
-		return nil
-	}
-
-	err := RawCombinedOutput(append([]string{"-A", chain}, args...)...)
-	if err != nil {
-		return fmt.Errorf("unable to add return rule in %s chain: %s", chain, err.Error())
-	}
-
-	return nil
-}
-
-// EnsureJumpRule ensures the jump rule is on top
-func EnsureJumpRule(fromChain, toChain string) error {
-	var (
-		table = Filter
-		args  = []string{"-j", toChain}
-	)
-
-	if Exists(table, fromChain, args...) {
-		err := RawCombinedOutput(append([]string{"-D", fromChain}, args...)...)
-		if err != nil {
-			return fmt.Errorf("unable to remove jump to %s rule in %s chain: %s", toChain, fromChain, err.Error())
-		}
-	}
-
-	err := RawCombinedOutput(append([]string{"-I", fromChain}, args...)...)
-	if err != nil {
-		return fmt.Errorf("unable to insert jump to %s rule in %s chain: %s", toChain, fromChain, err.Error())
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/netlabel/labels.go b/vendor/github.com/docker/libnetwork/netlabel/labels.go
deleted file mode 100644
index 1594556ec78cc..0000000000000
--- a/vendor/github.com/docker/libnetwork/netlabel/labels.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package netlabel
-
-import (
-	"strings"
-)
-
-const (
-	// Prefix constant marks the reserved label space for libnetwork
-	Prefix = "com.docker.network"
-
-	// DriverPrefix constant marks the reserved label space for libnetwork drivers
-	DriverPrefix = Prefix + ".driver"
-
-	// DriverPrivatePrefix constant marks the reserved label space
-	// for internal libnetwork drivers
-	DriverPrivatePrefix = DriverPrefix + ".private"
-
-	// GenericData constant that helps to identify an option as a Generic constant
-	GenericData = Prefix + ".generic"
-
-	// PortMap constant represents Port Mapping
-	PortMap = Prefix + ".portmap"
-
-	// MacAddress constant represents Mac Address config of a Container
-	MacAddress = Prefix + ".endpoint.macaddress"
-
-	// ExposedPorts constant represents the container's Exposed Ports
-	ExposedPorts = Prefix + ".endpoint.exposedports"
-
-	// DNSServers A list of DNS servers associated with the endpoint
-	DNSServers = Prefix + ".endpoint.dnsservers"
-
-	//EnableIPv6 constant represents enabling IPV6 at network level
-	EnableIPv6 = Prefix + ".enable_ipv6"
-
-	// DriverMTU constant represents the MTU size for the network driver
-	DriverMTU = DriverPrefix + ".mtu"
-
-	// OverlayBindInterface constant represents overlay driver bind interface
-	OverlayBindInterface = DriverPrefix + ".overlay.bind_interface"
-
-	// OverlayNeighborIP constant represents overlay driver neighbor IP
-	OverlayNeighborIP = DriverPrefix + ".overlay.neighbor_ip"
-
-	// OverlayVxlanIDList constant represents a list of VXLAN Ids as csv
-	OverlayVxlanIDList = DriverPrefix + ".overlay.vxlanid_list"
-
-	// Gateway represents the gateway for the network
-	Gateway = Prefix + ".gateway"
-
-	// Internal constant represents that the network is internal which disables default gateway service
-	Internal = Prefix + ".internal"
-
-	// ContainerIfacePrefix can be used to override the interface prefix used inside the container
-	ContainerIfacePrefix = Prefix + ".container_iface_prefix"
-)
-
-var (
-	// GlobalKVProvider constant represents the KV provider backend
-	GlobalKVProvider = MakeKVProvider("global")
-
-	// GlobalKVProviderURL constant represents the KV provider URL
-	GlobalKVProviderURL = MakeKVProviderURL("global")
-
-	// GlobalKVProviderConfig constant represents the KV provider Config
-	GlobalKVProviderConfig = MakeKVProviderConfig("global")
-
-	// GlobalKVClient constants represents the global kv store client
-	GlobalKVClient = MakeKVClient("global")
-
-	// LocalKVProvider constant represents the KV provider backend
-	LocalKVProvider = MakeKVProvider("local")
-
-	// LocalKVProviderURL constant represents the KV provider URL
-	LocalKVProviderURL = MakeKVProviderURL("local")
-
-	// LocalKVProviderConfig constant represents the KV provider Config
-	LocalKVProviderConfig = MakeKVProviderConfig("local")
-
-	// LocalKVClient constants represents the local kv store client
-	LocalKVClient = MakeKVClient("local")
-)
-
-// MakeKVProvider returns the kvprovider label for the scope
-func MakeKVProvider(scope string) string {
-	return DriverPrivatePrefix + scope + "kv_provider"
-}
-
-// MakeKVProviderURL returns the kvprovider url label for the scope
-func MakeKVProviderURL(scope string) string {
-	return DriverPrivatePrefix + scope + "kv_provider_url"
-}
-
-// MakeKVProviderConfig returns the kvprovider config label for the scope
-func MakeKVProviderConfig(scope string) string {
-	return DriverPrivatePrefix + scope + "kv_provider_config"
-}
-
-// MakeKVClient returns the kv client label for the scope
-func MakeKVClient(scope string) string {
-	return DriverPrivatePrefix + scope + "kv_client"
-}
-
-// Key extracts the key portion of the label
-func Key(label string) (key string) {
-	if kv := strings.SplitN(label, "=", 2); len(kv) > 0 {
-		key = kv[0]
-	}
-	return
-}
-
-// Value extracts the value portion of the label
-func Value(label string) (value string) {
-	if kv := strings.SplitN(label, "=", 2); len(kv) > 1 {
-		value = kv[1]
-	}
-	return
-}
-
-// KeyValue decomposes the label in the (key,value) pair
-func KeyValue(label string) (key string, value string) {
-	if kv := strings.SplitN(label, "=", 2); len(kv) > 0 {
-		key = kv[0]
-		if len(kv) > 1 {
-			value = kv[1]
-		}
-	}
-	return
-}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils.go b/vendor/github.com/docker/libnetwork/netutils/utils.go
deleted file mode 100644
index 7de98f6b07a17..0000000000000
--- a/vendor/github.com/docker/libnetwork/netutils/utils.go
+++ /dev/null
@@ -1,194 +0,0 @@
-// Network utility functions.
-
-package netutils
-
-import (
-	"crypto/rand"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"strings"
-
-	"github.com/docker/libnetwork/types"
-)
-
-var (
-	// ErrNetworkOverlapsWithNameservers preformatted error
-	ErrNetworkOverlapsWithNameservers = errors.New("requested network overlaps with nameserver")
-	// ErrNetworkOverlaps preformatted error
-	ErrNetworkOverlaps = errors.New("requested network overlaps with existing network")
-	// ErrNoDefaultRoute preformatted error
-	ErrNoDefaultRoute = errors.New("no default route")
-)
-
-// CheckNameserverOverlaps checks whether the passed network overlaps with any of the nameservers
-func CheckNameserverOverlaps(nameservers []string, toCheck *net.IPNet) error {
-	if len(nameservers) > 0 {
-		for _, ns := range nameservers {
-			_, nsNetwork, err := net.ParseCIDR(ns)
-			if err != nil {
-				return err
-			}
-			if NetworkOverlaps(toCheck, nsNetwork) {
-				return ErrNetworkOverlapsWithNameservers
-			}
-		}
-	}
-	return nil
-}
-
-// NetworkOverlaps detects overlap between one IPNet and another
-func NetworkOverlaps(netX *net.IPNet, netY *net.IPNet) bool {
-	return netX.Contains(netY.IP) || netY.Contains(netX.IP)
-}
-
-// NetworkRange calculates the first and last IP addresses in an IPNet
-func NetworkRange(network *net.IPNet) (net.IP, net.IP) {
-	if network == nil {
-		return nil, nil
-	}
-
-	firstIP := network.IP.Mask(network.Mask)
-	lastIP := types.GetIPCopy(firstIP)
-	for i := 0; i < len(firstIP); i++ {
-		lastIP[i] = firstIP[i] | ^network.Mask[i]
-	}
-
-	if network.IP.To4() != nil {
-		firstIP = firstIP.To4()
-		lastIP = lastIP.To4()
-	}
-
-	return firstIP, lastIP
-}
-
-// GetIfaceAddr returns the first IPv4 address and slice of IPv6 addresses for the specified network interface
-func GetIfaceAddr(name string) (net.Addr, []net.Addr, error) {
-	iface, err := net.InterfaceByName(name)
-	if err != nil {
-		return nil, nil, err
-	}
-	addrs, err := iface.Addrs()
-	if err != nil {
-		return nil, nil, err
-	}
-	var addrs4 []net.Addr
-	var addrs6 []net.Addr
-	for _, addr := range addrs {
-		ip := (addr.(*net.IPNet)).IP
-		if ip4 := ip.To4(); ip4 != nil {
-			addrs4 = append(addrs4, addr)
-		} else if ip6 := ip.To16(); len(ip6) == net.IPv6len {
-			addrs6 = append(addrs6, addr)
-		}
-	}
-	switch {
-	case len(addrs4) == 0:
-		return nil, nil, fmt.Errorf("Interface %v has no IPv4 addresses", name)
-	case len(addrs4) > 1:
-		fmt.Printf("Interface %v has more than 1 IPv4 address. Defaulting to using %v\n",
-			name, (addrs4[0].(*net.IPNet)).IP)
-	}
-	return addrs4[0], addrs6, nil
-}
-
-func genMAC(ip net.IP) net.HardwareAddr {
-	hw := make(net.HardwareAddr, 6)
-	// The first byte of the MAC address has to comply with these rules:
-	// 1. Unicast: Set the least-significant bit to 0.
-	// 2. Address is locally administered: Set the second-least-significant bit (U/L) to 1.
-	hw[0] = 0x02
-	// The first 24 bits of the MAC represent the Organizationally Unique Identifier (OUI).
-	// Since this address is locally administered, we can do whatever we want as long as
-	// it doesn't conflict with other addresses.
-	hw[1] = 0x42
-	// Fill the remaining 4 bytes based on the input
-	if ip == nil {
-		rand.Read(hw[2:])
-	} else {
-		copy(hw[2:], ip.To4())
-	}
-	return hw
-}
-
-// GenerateRandomMAC returns a new 6-byte(48-bit) hardware address (MAC)
-func GenerateRandomMAC() net.HardwareAddr {
-	return genMAC(nil)
-}
-
-// GenerateMACFromIP returns a locally administered MAC address where the 4 least
-// significant bytes are derived from the IPv4 address.
-func GenerateMACFromIP(ip net.IP) net.HardwareAddr {
-	return genMAC(ip)
-}
-
-// GenerateRandomName returns a new name joined with a prefix.  This size
-// specified is used to truncate the randomly generated value
-func GenerateRandomName(prefix string, size int) (string, error) {
-	id := make([]byte, 32)
-	if _, err := io.ReadFull(rand.Reader, id); err != nil {
-		return "", err
-	}
-	return prefix + hex.EncodeToString(id)[:size], nil
-}
-
-// ReverseIP accepts a V4 or V6 IP string in the canonical form and returns a reversed IP in
-// the dotted decimal form . This is used to setup the IP to service name mapping in the optimal
-// way for the DNS PTR queries.
-func ReverseIP(IP string) string {
-	var reverseIP []string
-
-	if net.ParseIP(IP).To4() != nil {
-		reverseIP = strings.Split(IP, ".")
-		l := len(reverseIP)
-		for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 {
-			reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i]
-		}
-	} else {
-		reverseIP = strings.Split(IP, ":")
-
-		// Reversed IPv6 is represented in dotted decimal instead of the typical
-		// colon hex notation
-		for key := range reverseIP {
-			if len(reverseIP[key]) == 0 { // expand the compressed 0s
-				reverseIP[key] = strings.Repeat("0000", 8-strings.Count(IP, ":"))
-			} else if len(reverseIP[key]) < 4 { // 0-padding needed
-				reverseIP[key] = strings.Repeat("0", 4-len(reverseIP[key])) + reverseIP[key]
-			}
-		}
-
-		reverseIP = strings.Split(strings.Join(reverseIP, ""), "")
-
-		l := len(reverseIP)
-		for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 {
-			reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i]
-		}
-	}
-
-	return strings.Join(reverseIP, ".")
-}
-
-// ParseAlias parses and validates the specified string as an alias format (name:alias)
-func ParseAlias(val string) (string, string, error) {
-	if val == "" {
-		return "", "", errors.New("empty string specified for alias")
-	}
-	arr := strings.Split(val, ":")
-	if len(arr) > 2 {
-		return "", "", fmt.Errorf("bad format for alias: %s", val)
-	}
-	if len(arr) == 1 {
-		return val, val, nil
-	}
-	return arr[0], arr[1], nil
-}
-
-// ValidateAlias validates that the specified string has a valid alias format (containerName:alias).
-func ValidateAlias(val string) (string, error) {
-	if _, _, err := ParseAlias(val); err != nil {
-		return val, err
-	}
-	return val, nil
-}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_linux.go b/vendor/github.com/docker/libnetwork/netutils/utils_linux.go
deleted file mode 100644
index 10a5e109ee04a..0000000000000
--- a/vendor/github.com/docker/libnetwork/netutils/utils_linux.go
+++ /dev/null
@@ -1,126 +0,0 @@
-// +build linux
-// Network utility functions.
-
-package netutils
-
-import (
-	"fmt"
-	"net"
-	"strings"
-
-	"github.com/docker/libnetwork/ipamutils"
-	"github.com/docker/libnetwork/ns"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/resolvconf"
-	"github.com/docker/libnetwork/types"
-	"github.com/vishvananda/netlink"
-)
-
-var (
-	networkGetRoutesFct func(netlink.Link, int) ([]netlink.Route, error)
-)
-
-// CheckRouteOverlaps checks whether the passed network overlaps with any existing routes
-func CheckRouteOverlaps(toCheck *net.IPNet) error {
-	if networkGetRoutesFct == nil {
-		networkGetRoutesFct = ns.NlHandle().RouteList
-	}
-	networks, err := networkGetRoutesFct(nil, netlink.FAMILY_V4)
-	if err != nil {
-		return err
-	}
-	for _, network := range networks {
-		if network.Dst != nil && NetworkOverlaps(toCheck, network.Dst) {
-			return ErrNetworkOverlaps
-		}
-	}
-	return nil
-}
-
-// GenerateIfaceName returns an interface name using the passed in
-// prefix and the length of random bytes. The api ensures that the
-// there are is no interface which exists with that name.
-func GenerateIfaceName(nlh *netlink.Handle, prefix string, len int) (string, error) {
-	linkByName := netlink.LinkByName
-	if nlh != nil {
-		linkByName = nlh.LinkByName
-	}
-	for i := 0; i < 3; i++ {
-		name, err := GenerateRandomName(prefix, len)
-		if err != nil {
-			continue
-		}
-		_, err = linkByName(name)
-		if err != nil {
-			if strings.Contains(err.Error(), "not found") {
-				return name, nil
-			}
-			return "", err
-		}
-	}
-	return "", types.InternalErrorf("could not generate interface name")
-}
-
-// ElectInterfaceAddresses looks for an interface on the OS with the
-// specified name and returns returns all its IPv4 and IPv6 addresses in CIDR notation.
-// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned.
-// If the interface does not exist, it chooses from a predefined
-// list the first IPv4 address which does not conflict with other
-// interfaces on the system.
-func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) {
-	var (
-		v4Nets []*net.IPNet
-		v6Nets []*net.IPNet
-	)
-
-	defer osl.InitOSContext()()
-
-	link, _ := ns.NlHandle().LinkByName(name)
-	if link != nil {
-		v4addr, err := ns.NlHandle().AddrList(link, netlink.FAMILY_V4)
-		if err != nil {
-			return nil, nil, err
-		}
-		v6addr, err := ns.NlHandle().AddrList(link, netlink.FAMILY_V6)
-		if err != nil {
-			return nil, nil, err
-		}
-		for _, nlAddr := range v4addr {
-			v4Nets = append(v4Nets, nlAddr.IPNet)
-		}
-		for _, nlAddr := range v6addr {
-			v6Nets = append(v6Nets, nlAddr.IPNet)
-		}
-	}
-
-	if link == nil || len(v4Nets) == 0 {
-		// Choose from predefined local scope  networks
-		v4Net, err := FindAvailableNetwork(ipamutils.PredefinedLocalScopeDefaultNetworks)
-		if err != nil {
-			return nil, nil, err
-		}
-		v4Nets = append(v4Nets, v4Net)
-	}
-
-	return v4Nets, v6Nets, nil
-}
-
-// FindAvailableNetwork returns a network from the passed list which does not
-// overlap with existing interfaces in the system
-func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) {
-	// We don't check for an error here, because we don't really care if we
-	// can't read /etc/resolv.conf. So instead we skip the append if resolvConf
-	// is nil. It either doesn't exist, or we can't read it for some reason.
-	var nameservers []string
-	if rc, err := resolvconf.Get(); err == nil {
-		nameservers = resolvconf.GetNameserversAsCIDR(rc.Content)
-	}
-	for _, nw := range list {
-		if err := CheckNameserverOverlaps(nameservers, nw); err == nil {
-			if err := CheckRouteOverlaps(nw); err == nil {
-				return nw, nil
-			}
-		}
-	}
-	return nil, fmt.Errorf("no available network")
-}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_windows.go b/vendor/github.com/docker/libnetwork/netutils/utils_windows.go
deleted file mode 100644
index 73af44ec71160..0000000000000
--- a/vendor/github.com/docker/libnetwork/netutils/utils_windows.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package netutils
-
-import (
-	"net"
-
-	"github.com/docker/libnetwork/types"
-)
-
-// ElectInterfaceAddresses looks for an interface on the OS with the specified name
-// and returns returns all its IPv4 and IPv6 addresses in CIDR notation.
-// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned.
-// If the interface does not exist, it chooses from a predefined
-// list the first IPv4 address which does not conflict with other
-// interfaces on the system.
-func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) {
-	return nil, nil, types.NotImplementedErrorf("not supported on windows")
-}
-
-// FindAvailableNetwork returns a network from the passed list which does not
-// overlap with existing interfaces in the system
-
-// TODO : Use appropriate windows APIs to identify non-overlapping subnets
-func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) {
-	return nil, nil
-}
diff --git a/vendor/github.com/docker/libnetwork/network_windows.go b/vendor/github.com/docker/libnetwork/network_windows.go
deleted file mode 100644
index e7819e1c3e9a7..0000000000000
--- a/vendor/github.com/docker/libnetwork/network_windows.go
+++ /dev/null
@@ -1,75 +0,0 @@
-// +build windows
-
-package libnetwork
-
-import (
-	"runtime"
-	"time"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/docker/libnetwork/drivers/windows"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/ipams/windowsipam"
-	"github.com/sirupsen/logrus"
-)
-
-func executeInCompartment(compartmentID uint32, x func()) {
-	runtime.LockOSThread()
-
-	if err := hcsshim.SetCurrentThreadCompartmentId(compartmentID); err != nil {
-		logrus.Error(err)
-	}
-	defer func() {
-		hcsshim.SetCurrentThreadCompartmentId(0)
-		runtime.UnlockOSThread()
-	}()
-
-	x()
-}
-
-func (n *network) startResolver() {
-	if n.networkType == "ics" {
-		return
-	}
-	n.resolverOnce.Do(func() {
-		logrus.Debugf("Launching DNS server for network %q", n.Name())
-		options := n.Info().DriverOptions()
-		hnsid := options[windows.HNSID]
-
-		if hnsid == "" {
-			return
-		}
-
-		hnsresponse, err := hcsshim.HNSNetworkRequest("GET", hnsid, "")
-		if err != nil {
-			logrus.Errorf("Resolver Setup/Start failed for container %s, %q", n.Name(), err)
-			return
-		}
-
-		for _, subnet := range hnsresponse.Subnets {
-			if subnet.GatewayAddress != "" {
-				for i := 0; i < 3; i++ {
-					resolver := NewResolver(subnet.GatewayAddress, false, "", n)
-					logrus.Debugf("Binding a resolver on network %s gateway %s", n.Name(), subnet.GatewayAddress)
-					executeInCompartment(hnsresponse.DNSServerCompartment, resolver.SetupFunc(53))
-
-					if err = resolver.Start(); err != nil {
-						logrus.Errorf("Resolver Setup/Start failed for container %s, %q", n.Name(), err)
-						time.Sleep(1 * time.Second)
-					} else {
-						logrus.Debugf("Resolver bound successfully for network %s", n.Name())
-						n.resolver = append(n.resolver, resolver)
-						break
-					}
-				}
-			}
-		}
-	})
-}
-
-func defaultIpamForNetworkType(networkType string) string {
-	if windows.IsBuiltinLocalDriver(networkType) {
-		return windowsipam.DefaultIPAM
-	}
-	return ipamapi.DefaultIPAM
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox.go b/vendor/github.com/docker/libnetwork/osl/sandbox.go
deleted file mode 100644
index 198cf641a1dd3..0000000000000
--- a/vendor/github.com/docker/libnetwork/osl/sandbox.go
+++ /dev/null
@@ -1,191 +0,0 @@
-// Package osl describes structures and interfaces which abstract os entities
-package osl
-
-import (
-	"net"
-
-	"github.com/docker/libnetwork/types"
-)
-
-// SandboxType specify the time of the sandbox, this can be used to apply special configs
-type SandboxType int
-
-const (
-	// SandboxTypeIngress indicates that the sandbox is for the ingress
-	SandboxTypeIngress = iota
-	// SandboxTypeLoadBalancer indicates that the sandbox is a load balancer
-	SandboxTypeLoadBalancer = iota
-)
-
-// Sandbox represents a network sandbox, identified by a specific key.  It
-// holds a list of Interfaces, routes etc, and more can be added dynamically.
-type Sandbox interface {
-	// The path where the network namespace is mounted.
-	Key() string
-
-	// Add an existing Interface to this sandbox. The operation will rename
-	// from the Interface SrcName to DstName as it moves, and reconfigure the
-	// interface according to the specified settings. The caller is expected
-	// to only provide a prefix for DstName. The AddInterface api will auto-generate
-	// an appropriate suffix for the DstName to disambiguate.
-	AddInterface(SrcName string, DstPrefix string, options ...IfaceOption) error
-
-	// Set default IPv4 gateway for the sandbox
-	SetGateway(gw net.IP) error
-
-	// Set default IPv6 gateway for the sandbox
-	SetGatewayIPv6(gw net.IP) error
-
-	// Unset the previously set default IPv4 gateway in the sandbox
-	UnsetGateway() error
-
-	// Unset the previously set default IPv6 gateway in the sandbox
-	UnsetGatewayIPv6() error
-
-	// GetLoopbackIfaceName returns the name of the loopback interface
-	GetLoopbackIfaceName() string
-
-	// AddAliasIP adds the passed IP address to the named interface
-	AddAliasIP(ifName string, ip *net.IPNet) error
-
-	// RemoveAliasIP removes the passed IP address from the named interface
-	RemoveAliasIP(ifName string, ip *net.IPNet) error
-
-	// DisableARPForVIP disables ARP replies and requests for VIP addresses
-	// on a particular interface
-	DisableARPForVIP(ifName string) error
-
-	// Add a static route to the sandbox.
-	AddStaticRoute(*types.StaticRoute) error
-
-	// Remove a static route from the sandbox.
-	RemoveStaticRoute(*types.StaticRoute) error
-
-	// AddNeighbor adds a neighbor entry into the sandbox.
-	AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, option ...NeighOption) error
-
-	// DeleteNeighbor deletes neighbor entry from the sandbox.
-	DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error
-
-	// Returns an interface with methods to set neighbor options.
-	NeighborOptions() NeighborOptionSetter
-
-	// Returns an interface with methods to set interface options.
-	InterfaceOptions() IfaceOptionSetter
-
-	//Invoke
-	InvokeFunc(func()) error
-
-	// Returns an interface with methods to get sandbox state.
-	Info() Info
-
-	// Destroy the sandbox
-	Destroy() error
-
-	// restore sandbox
-	Restore(ifsopt map[string][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error
-
-	// ApplyOSTweaks applies operating system specific knobs on the sandbox
-	ApplyOSTweaks([]SandboxType)
-}
-
-// NeighborOptionSetter interface defines the option setter methods for interface options
-type NeighborOptionSetter interface {
-	// LinkName returns an option setter to set the srcName of the link that should
-	// be used in the neighbor entry
-	LinkName(string) NeighOption
-
-	// Family returns an option setter to set the address family for the neighbor
-	// entry. eg. AF_BRIDGE
-	Family(int) NeighOption
-}
-
-// IfaceOptionSetter interface defines the option setter methods for interface options.
-type IfaceOptionSetter interface {
-	// Bridge returns an option setter to set if the interface is a bridge.
-	Bridge(bool) IfaceOption
-
-	// MacAddress returns an option setter to set the MAC address.
-	MacAddress(net.HardwareAddr) IfaceOption
-
-	// Address returns an option setter to set IPv4 address.
-	Address(*net.IPNet) IfaceOption
-
-	// Address returns an option setter to set IPv6 address.
-	AddressIPv6(*net.IPNet) IfaceOption
-
-	// LinkLocalAddresses returns an option setter to set the link-local IP addresses.
-	LinkLocalAddresses([]*net.IPNet) IfaceOption
-
-	// Master returns an option setter to set the master interface if any for this
-	// interface. The master interface name should refer to the srcname of a
-	// previously added interface of type bridge.
-	Master(string) IfaceOption
-
-	// Address returns an option setter to set interface routes.
-	Routes([]*net.IPNet) IfaceOption
-}
-
-// Info represents all possible information that
-// the driver wants to place in the sandbox which includes
-// interfaces, routes and gateway
-type Info interface {
-	// The collection of Interface previously added with the AddInterface
-	// method. Note that this doesn't include network interfaces added in any
-	// other way (such as the default loopback interface which is automatically
-	// created on creation of a sandbox).
-	Interfaces() []Interface
-
-	// IPv4 gateway for the sandbox.
-	Gateway() net.IP
-
-	// IPv6 gateway for the sandbox.
-	GatewayIPv6() net.IP
-
-	// Additional static routes for the sandbox.  (Note that directly
-	// connected routes are stored on the particular interface they refer to.)
-	StaticRoutes() []*types.StaticRoute
-
-	// TODO: Add ip tables etc.
-}
-
-// Interface represents the settings and identity of a network device. It is
-// used as a return type for Network.Link, and it is common practice for the
-// caller to use this information when moving interface SrcName from host
-// namespace to DstName in a different net namespace with the appropriate
-// network settings.
-type Interface interface {
-	// The name of the interface in the origin network namespace.
-	SrcName() string
-
-	// The name that will be assigned to the interface once moves inside a
-	// network namespace. When the caller passes in a DstName, it is only
-	// expected to pass a prefix. The name will modified with an appropriately
-	// auto-generated suffix.
-	DstName() string
-
-	// IPv4 address for the interface.
-	Address() *net.IPNet
-
-	// IPv6 address for the interface.
-	AddressIPv6() *net.IPNet
-
-	// LinkLocalAddresses returns the link-local IP addresses assigned to the interface.
-	LinkLocalAddresses() []*net.IPNet
-
-	// IP routes for the interface.
-	Routes() []*net.IPNet
-
-	// Bridge returns true if the interface is a bridge
-	Bridge() bool
-
-	// Master returns the srcname of the master interface for this interface.
-	Master() string
-
-	// Remove an interface from the sandbox by renaming to original name
-	// and moving it out of the sandbox.
-	Remove() error
-
-	// Statistics returns the statistics for this interface
-	Statistics() (*types.InterfaceStatistics, error)
-}
diff --git a/vendor/github.com/docker/libnetwork/portallocator/portallocator_freebsd.go b/vendor/github.com/docker/libnetwork/portallocator/portallocator_freebsd.go
deleted file mode 100644
index 97d7fbb49d8c3..0000000000000
--- a/vendor/github.com/docker/libnetwork/portallocator/portallocator_freebsd.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package portallocator
-
-import (
-	"bytes"
-	"fmt"
-	"os/exec"
-)
-
-func getDynamicPortRange() (start int, end int, err error) {
-	portRangeKernelSysctl := []string{"net.inet.ip.portrange.hifirst", "net.ip.portrange.hilast"}
-	portRangeFallback := fmt.Sprintf("using fallback port range %d-%d", DefaultPortRangeStart, DefaultPortRangeEnd)
-	portRangeLowCmd := exec.Command("/sbin/sysctl", portRangeKernelSysctl[0])
-	var portRangeLowOut bytes.Buffer
-	portRangeLowCmd.Stdout = &portRangeLowOut
-	cmdErr := portRangeLowCmd.Run()
-	if cmdErr != nil {
-		return 0, 0, fmt.Errorf("port allocator - sysctl net.inet.ip.portrange.hifirst failed - %s: %v", portRangeFallback, err)
-	}
-	n, err := fmt.Sscanf(portRangeLowOut.String(), "%d", &start)
-	if n != 1 || err != nil {
-		if err == nil {
-			err = fmt.Errorf("unexpected count of parsed numbers (%d)", n)
-		}
-		return 0, 0, fmt.Errorf("port allocator - failed to parse system ephemeral port range start from %s - %s: %v", portRangeLowOut.String(), portRangeFallback, err)
-	}
-
-	portRangeHighCmd := exec.Command("/sbin/sysctl", portRangeKernelSysctl[1])
-	var portRangeHighOut bytes.Buffer
-	portRangeHighCmd.Stdout = &portRangeHighOut
-	cmdErr = portRangeHighCmd.Run()
-	if cmdErr != nil {
-		return 0, 0, fmt.Errorf("port allocator - sysctl net.inet.ip.portrange.hilast failed - %s: %v", portRangeFallback, err)
-	}
-	n, err = fmt.Sscanf(portRangeHighOut.String(), "%d", &end)
-	if n != 1 || err != nil {
-		if err == nil {
-			err = fmt.Errorf("unexpected count of parsed numbers (%d)", n)
-		}
-		return 0, 0, fmt.Errorf("port allocator - failed to parse system ephemeral port range end from %s - %s: %v", portRangeHighOut.String(), portRangeFallback, err)
-	}
-	return start, end, nil
-}
diff --git a/vendor/github.com/docker/libnetwork/portallocator/portallocator_linux.go b/vendor/github.com/docker/libnetwork/portallocator/portallocator_linux.go
deleted file mode 100644
index 687f6dabb7ac1..0000000000000
--- a/vendor/github.com/docker/libnetwork/portallocator/portallocator_linux.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package portallocator
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-)
-
-func getDynamicPortRange() (start int, end int, err error) {
-	const portRangeKernelParam = "/proc/sys/net/ipv4/ip_local_port_range"
-	portRangeFallback := fmt.Sprintf("using fallback port range %d-%d", DefaultPortRangeStart, DefaultPortRangeEnd)
-	file, err := os.Open(portRangeKernelParam)
-	if err != nil {
-		return 0, 0, fmt.Errorf("port allocator - %s due to error: %v", portRangeFallback, err)
-	}
-
-	defer file.Close()
-
-	n, err := fmt.Fscanf(bufio.NewReader(file), "%d\t%d", &start, &end)
-	if n != 2 || err != nil {
-		if err == nil {
-			err = fmt.Errorf("unexpected count of parsed numbers (%d)", n)
-		}
-		return 0, 0, fmt.Errorf("port allocator - failed to parse system ephemeral port range from %s - %s: %v", portRangeKernelParam, portRangeFallback, err)
-	}
-	return start, end, nil
-}
diff --git a/vendor/github.com/docker/libnetwork/portallocator/portallocator_windows.go b/vendor/github.com/docker/libnetwork/portallocator/portallocator_windows.go
deleted file mode 100644
index f07ae884f82a5..0000000000000
--- a/vendor/github.com/docker/libnetwork/portallocator/portallocator_windows.go
+++ /dev/null
@@ -1 +0,0 @@
-package portallocator
diff --git a/vendor/github.com/docker/libnetwork/portmapper/mapper.go b/vendor/github.com/docker/libnetwork/portmapper/mapper.go
deleted file mode 100644
index 7fa37b1fb61ae..0000000000000
--- a/vendor/github.com/docker/libnetwork/portmapper/mapper.go
+++ /dev/null
@@ -1,294 +0,0 @@
-package portmapper
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"sync"
-
-	"github.com/docker/libnetwork/iptables"
-	"github.com/docker/libnetwork/portallocator"
-	"github.com/ishidawataru/sctp"
-	"github.com/sirupsen/logrus"
-)
-
-type mapping struct {
-	proto         string
-	userlandProxy userlandProxy
-	host          net.Addr
-	container     net.Addr
-}
-
-var newProxy = newProxyCommand
-
-var (
-	// ErrUnknownBackendAddressType refers to an unknown container or unsupported address type
-	ErrUnknownBackendAddressType = errors.New("unknown container address type not supported")
-	// ErrPortMappedForIP refers to a port already mapped to an ip address
-	ErrPortMappedForIP = errors.New("port is already mapped to ip")
-	// ErrPortNotMapped refers to an unmapped port
-	ErrPortNotMapped = errors.New("port is not mapped")
-	// ErrSCTPAddrNoIP refers to a SCTP address without IP address.
-	ErrSCTPAddrNoIP = errors.New("sctp address does not contain any IP address")
-)
-
-// PortMapper manages the network address translation
-type PortMapper struct {
-	chain      *iptables.ChainInfo
-	bridgeName string
-
-	// udp:ip:port
-	currentMappings map[string]*mapping
-	lock            sync.Mutex
-
-	proxyPath string
-
-	Allocator *portallocator.PortAllocator
-}
-
-// New returns a new instance of PortMapper
-func New(proxyPath string) *PortMapper {
-	return NewWithPortAllocator(portallocator.Get(), proxyPath)
-}
-
-// NewWithPortAllocator returns a new instance of PortMapper which will use the specified PortAllocator
-func NewWithPortAllocator(allocator *portallocator.PortAllocator, proxyPath string) *PortMapper {
-	return &PortMapper{
-		currentMappings: make(map[string]*mapping),
-		Allocator:       allocator,
-		proxyPath:       proxyPath,
-	}
-}
-
-// SetIptablesChain sets the specified chain into portmapper
-func (pm *PortMapper) SetIptablesChain(c *iptables.ChainInfo, bridgeName string) {
-	pm.chain = c
-	pm.bridgeName = bridgeName
-}
-
-// Map maps the specified container transport address to the host's network address and transport port
-func (pm *PortMapper) Map(container net.Addr, hostIP net.IP, hostPort int, useProxy bool) (host net.Addr, err error) {
-	return pm.MapRange(container, hostIP, hostPort, hostPort, useProxy)
-}
-
-// MapRange maps the specified container transport address to the host's network address and transport port range
-func (pm *PortMapper) MapRange(container net.Addr, hostIP net.IP, hostPortStart, hostPortEnd int, useProxy bool) (host net.Addr, err error) {
-	pm.lock.Lock()
-	defer pm.lock.Unlock()
-
-	var (
-		m                 *mapping
-		proto             string
-		allocatedHostPort int
-	)
-
-	switch container.(type) {
-	case *net.TCPAddr:
-		proto = "tcp"
-		if allocatedHostPort, err = pm.Allocator.RequestPortInRange(hostIP, proto, hostPortStart, hostPortEnd); err != nil {
-			return nil, err
-		}
-
-		m = &mapping{
-			proto:     proto,
-			host:      &net.TCPAddr{IP: hostIP, Port: allocatedHostPort},
-			container: container,
-		}
-
-		if useProxy {
-			m.userlandProxy, err = newProxy(proto, hostIP, allocatedHostPort, container.(*net.TCPAddr).IP, container.(*net.TCPAddr).Port, pm.proxyPath)
-			if err != nil {
-				return nil, err
-			}
-		} else {
-			m.userlandProxy, err = newDummyProxy(proto, hostIP, allocatedHostPort)
-			if err != nil {
-				return nil, err
-			}
-		}
-	case *net.UDPAddr:
-		proto = "udp"
-		if allocatedHostPort, err = pm.Allocator.RequestPortInRange(hostIP, proto, hostPortStart, hostPortEnd); err != nil {
-			return nil, err
-		}
-
-		m = &mapping{
-			proto:     proto,
-			host:      &net.UDPAddr{IP: hostIP, Port: allocatedHostPort},
-			container: container,
-		}
-
-		if useProxy {
-			m.userlandProxy, err = newProxy(proto, hostIP, allocatedHostPort, container.(*net.UDPAddr).IP, container.(*net.UDPAddr).Port, pm.proxyPath)
-			if err != nil {
-				return nil, err
-			}
-		} else {
-			m.userlandProxy, err = newDummyProxy(proto, hostIP, allocatedHostPort)
-			if err != nil {
-				return nil, err
-			}
-		}
-	case *sctp.SCTPAddr:
-		proto = "sctp"
-		if allocatedHostPort, err = pm.Allocator.RequestPortInRange(hostIP, proto, hostPortStart, hostPortEnd); err != nil {
-			return nil, err
-		}
-
-		m = &mapping{
-			proto:     proto,
-			host:      &sctp.SCTPAddr{IP: []net.IP{hostIP}, Port: allocatedHostPort},
-			container: container,
-		}
-
-		if useProxy {
-			sctpAddr := container.(*sctp.SCTPAddr)
-			if len(sctpAddr.IP) == 0 {
-				return nil, ErrSCTPAddrNoIP
-			}
-			m.userlandProxy, err = newProxy(proto, hostIP, allocatedHostPort, sctpAddr.IP[0], sctpAddr.Port, pm.proxyPath)
-			if err != nil {
-				return nil, err
-			}
-		} else {
-			m.userlandProxy, err = newDummyProxy(proto, hostIP, allocatedHostPort)
-			if err != nil {
-				return nil, err
-			}
-		}
-	default:
-		return nil, ErrUnknownBackendAddressType
-	}
-
-	// release the allocated port on any further error during return.
-	defer func() {
-		if err != nil {
-			pm.Allocator.ReleasePort(hostIP, proto, allocatedHostPort)
-		}
-	}()
-
-	key := getKey(m.host)
-	if _, exists := pm.currentMappings[key]; exists {
-		return nil, ErrPortMappedForIP
-	}
-
-	containerIP, containerPort := getIPAndPort(m.container)
-	if hostIP.To4() != nil {
-		if err := pm.forward(iptables.Append, m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort); err != nil {
-			return nil, err
-		}
-	}
-
-	cleanup := func() error {
-		// need to undo the iptables rules before we return
-		m.userlandProxy.Stop()
-		if hostIP.To4() != nil {
-			pm.forward(iptables.Delete, m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort)
-			if err := pm.Allocator.ReleasePort(hostIP, m.proto, allocatedHostPort); err != nil {
-				return err
-			}
-		}
-
-		return nil
-	}
-
-	if err := m.userlandProxy.Start(); err != nil {
-		if err := cleanup(); err != nil {
-			return nil, fmt.Errorf("Error during port allocation cleanup: %v", err)
-		}
-		return nil, err
-	}
-
-	pm.currentMappings[key] = m
-	return m.host, nil
-}
-
-// Unmap removes stored mapping for the specified host transport address
-func (pm *PortMapper) Unmap(host net.Addr) error {
-	pm.lock.Lock()
-	defer pm.lock.Unlock()
-
-	key := getKey(host)
-	data, exists := pm.currentMappings[key]
-	if !exists {
-		return ErrPortNotMapped
-	}
-
-	if data.userlandProxy != nil {
-		data.userlandProxy.Stop()
-	}
-
-	delete(pm.currentMappings, key)
-
-	containerIP, containerPort := getIPAndPort(data.container)
-	hostIP, hostPort := getIPAndPort(data.host)
-	if err := pm.forward(iptables.Delete, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
-		logrus.Errorf("Error on iptables delete: %s", err)
-	}
-
-	switch a := host.(type) {
-	case *net.TCPAddr:
-		return pm.Allocator.ReleasePort(a.IP, "tcp", a.Port)
-	case *net.UDPAddr:
-		return pm.Allocator.ReleasePort(a.IP, "udp", a.Port)
-	case *sctp.SCTPAddr:
-		if len(a.IP) == 0 {
-			return ErrSCTPAddrNoIP
-		}
-		return pm.Allocator.ReleasePort(a.IP[0], "sctp", a.Port)
-	}
-	return ErrUnknownBackendAddressType
-}
-
-//ReMapAll will re-apply all port mappings
-func (pm *PortMapper) ReMapAll() {
-	pm.lock.Lock()
-	defer pm.lock.Unlock()
-	logrus.Debugln("Re-applying all port mappings.")
-	for _, data := range pm.currentMappings {
-		containerIP, containerPort := getIPAndPort(data.container)
-		hostIP, hostPort := getIPAndPort(data.host)
-		if err := pm.forward(iptables.Append, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
-			logrus.Errorf("Error on iptables add: %s", err)
-		}
-	}
-}
-
-func getKey(a net.Addr) string {
-	switch t := a.(type) {
-	case *net.TCPAddr:
-		return fmt.Sprintf("%s:%d/%s", t.IP.String(), t.Port, "tcp")
-	case *net.UDPAddr:
-		return fmt.Sprintf("%s:%d/%s", t.IP.String(), t.Port, "udp")
-	case *sctp.SCTPAddr:
-		if len(t.IP) == 0 {
-			logrus.Error(ErrSCTPAddrNoIP)
-			return ""
-		}
-		return fmt.Sprintf("%s:%d/%s", t.IP[0].String(), t.Port, "sctp")
-	}
-	return ""
-}
-
-func getIPAndPort(a net.Addr) (net.IP, int) {
-	switch t := a.(type) {
-	case *net.TCPAddr:
-		return t.IP, t.Port
-	case *net.UDPAddr:
-		return t.IP, t.Port
-	case *sctp.SCTPAddr:
-		if len(t.IP) == 0 {
-			logrus.Error(ErrSCTPAddrNoIP)
-			return nil, 0
-		}
-		return t.IP[0], t.Port
-	}
-	return nil, 0
-}
-
-func (pm *PortMapper) forward(action iptables.Action, proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
-	if pm.chain == nil {
-		return nil
-	}
-	return pm.chain.Forward(action, sourceIP, sourcePort, proto, containerIP, containerPort, pm.bridgeName)
-}
diff --git a/vendor/github.com/docker/libnetwork/portmapper/proxy.go b/vendor/github.com/docker/libnetwork/portmapper/proxy.go
deleted file mode 100644
index 1183c33a7eb0e..0000000000000
--- a/vendor/github.com/docker/libnetwork/portmapper/proxy.go
+++ /dev/null
@@ -1,131 +0,0 @@
-package portmapper
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net"
-	"os"
-	"os/exec"
-	"time"
-
-	"github.com/ishidawataru/sctp"
-)
-
-var userlandProxyCommandName = "docker-proxy"
-
-type userlandProxy interface {
-	Start() error
-	Stop() error
-}
-
-// proxyCommand wraps an exec.Cmd to run the userland TCP and UDP
-// proxies as separate processes.
-type proxyCommand struct {
-	cmd *exec.Cmd
-}
-
-func (p *proxyCommand) Start() error {
-	r, w, err := os.Pipe()
-	if err != nil {
-		return fmt.Errorf("proxy unable to open os.Pipe %s", err)
-	}
-	defer r.Close()
-	p.cmd.ExtraFiles = []*os.File{w}
-	if err := p.cmd.Start(); err != nil {
-		return err
-	}
-	w.Close()
-
-	errchan := make(chan error, 1)
-	go func() {
-		buf := make([]byte, 2)
-		r.Read(buf)
-
-		if string(buf) != "0\n" {
-			errStr, err := ioutil.ReadAll(r)
-			if err != nil {
-				errchan <- fmt.Errorf("Error reading exit status from userland proxy: %v", err)
-				return
-			}
-
-			errchan <- fmt.Errorf("Error starting userland proxy: %s", errStr)
-			return
-		}
-		errchan <- nil
-	}()
-
-	select {
-	case err := <-errchan:
-		return err
-	case <-time.After(16 * time.Second):
-		return fmt.Errorf("Timed out proxy starting the userland proxy")
-	}
-}
-
-func (p *proxyCommand) Stop() error {
-	if p.cmd.Process != nil {
-		if err := p.cmd.Process.Signal(os.Interrupt); err != nil {
-			return err
-		}
-		return p.cmd.Wait()
-	}
-	return nil
-}
-
-// dummyProxy just listen on some port, it is needed to prevent accidental
-// port allocations on bound port, because without userland proxy we using
-// iptables rules and not net.Listen
-type dummyProxy struct {
-	listener io.Closer
-	addr     net.Addr
-}
-
-func newDummyProxy(proto string, hostIP net.IP, hostPort int) (userlandProxy, error) {
-	switch proto {
-	case "tcp":
-		addr := &net.TCPAddr{IP: hostIP, Port: hostPort}
-		return &dummyProxy{addr: addr}, nil
-	case "udp":
-		addr := &net.UDPAddr{IP: hostIP, Port: hostPort}
-		return &dummyProxy{addr: addr}, nil
-	case "sctp":
-		addr := &sctp.SCTPAddr{IP: []net.IP{hostIP}, Port: hostPort}
-		return &dummyProxy{addr: addr}, nil
-	default:
-		return nil, fmt.Errorf("Unknown addr type: %s", proto)
-	}
-}
-
-func (p *dummyProxy) Start() error {
-	switch addr := p.addr.(type) {
-	case *net.TCPAddr:
-		l, err := net.ListenTCP("tcp", addr)
-		if err != nil {
-			return err
-		}
-		p.listener = l
-	case *net.UDPAddr:
-		l, err := net.ListenUDP("udp", addr)
-		if err != nil {
-			return err
-		}
-		p.listener = l
-	case *sctp.SCTPAddr:
-		l, err := sctp.ListenSCTP("sctp", addr)
-		if err != nil {
-			return err
-		}
-		p.listener = l
-	default:
-		return fmt.Errorf("Unknown addr type: %T", p.addr)
-	}
-	return nil
-}
-
-func (p *dummyProxy) Stop() error {
-	if p.listener != nil {
-		return p.listener.Close()
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/portmapper/proxy_linux.go b/vendor/github.com/docker/libnetwork/portmapper/proxy_linux.go
deleted file mode 100644
index 947cd0ba4b3f5..0000000000000
--- a/vendor/github.com/docker/libnetwork/portmapper/proxy_linux.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package portmapper
-
-import (
-	"net"
-	"os/exec"
-	"strconv"
-	"syscall"
-)
-
-func newProxyCommand(proto string, hostIP net.IP, hostPort int, containerIP net.IP, containerPort int, proxyPath string) (userlandProxy, error) {
-	path := proxyPath
-	if proxyPath == "" {
-		cmd, err := exec.LookPath(userlandProxyCommandName)
-		if err != nil {
-			return nil, err
-		}
-		path = cmd
-	}
-
-	args := []string{
-		path,
-		"-proto", proto,
-		"-host-ip", hostIP.String(),
-		"-host-port", strconv.Itoa(hostPort),
-		"-container-ip", containerIP.String(),
-		"-container-port", strconv.Itoa(containerPort),
-	}
-
-	return &proxyCommand{
-		cmd: &exec.Cmd{
-			Path: path,
-			Args: args,
-			SysProcAttr: &syscall.SysProcAttr{
-				Pdeathsig: syscall.SIGTERM, // send a sigterm to the proxy if the daemon process dies
-			},
-		},
-	}, nil
-}
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/README.md b/vendor/github.com/docker/libnetwork/resolvconf/README.md
deleted file mode 100644
index cdda554ba5728..0000000000000
--- a/vendor/github.com/docker/libnetwork/resolvconf/README.md
+++ /dev/null
@@ -1 +0,0 @@
-Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go b/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go
deleted file mode 100644
index e348bc57f56b8..0000000000000
--- a/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package dns
-
-import (
-	"regexp"
-)
-
-// IPLocalhost is a regex pattern for IPv4 or IPv6 loopback range.
-const IPLocalhost = `((127\.([0-9]{1,3}\.){2}[0-9]{1,3})|(::1)$)`
-
-// IPv4Localhost is a regex pattern for IPv4 localhost address range.
-const IPv4Localhost = `(127\.([0-9]{1,3}\.){2}[0-9]{1,3})`
-
-var localhostIPRegexp = regexp.MustCompile(IPLocalhost)
-var localhostIPv4Regexp = regexp.MustCompile(IPv4Localhost)
-
-// IsLocalhost returns true if ip matches the localhost IP regular expression.
-// Used for determining if nameserver settings are being passed which are
-// localhost addresses
-func IsLocalhost(ip string) bool {
-	return localhostIPRegexp.MatchString(ip)
-}
-
-// IsIPv4Localhost returns true if ip matches the IPv4 localhost regular expression.
-func IsIPv4Localhost(ip string) bool {
-	return localhostIPv4Regexp.MatchString(ip)
-}
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go b/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go
deleted file mode 100644
index 23caf7f120832..0000000000000
--- a/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go
+++ /dev/null
@@ -1,251 +0,0 @@
-// Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf
-package resolvconf
-
-import (
-	"bytes"
-	"io/ioutil"
-	"regexp"
-	"strings"
-	"sync"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/libnetwork/resolvconf/dns"
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-)
-
-const (
-	// DefaultResolvConf points to the default file used for dns configuration on a linux machine
-	DefaultResolvConf = "/etc/resolv.conf"
-)
-
-var (
-	// Note: the default IPv4 & IPv6 resolvers are set to Google's Public DNS
-	defaultIPv4Dns = []string{"nameserver 8.8.8.8", "nameserver 8.8.4.4"}
-	defaultIPv6Dns = []string{"nameserver 2001:4860:4860::8888", "nameserver 2001:4860:4860::8844"}
-	ipv4NumBlock   = `(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)`
-	ipv4Address    = `(` + ipv4NumBlock + `\.){3}` + ipv4NumBlock
-	// This is not an IPv6 address verifier as it will accept a super-set of IPv6, and also
-	// will *not match* IPv4-Embedded IPv6 Addresses (RFC6052), but that and other variants
-	// -- e.g. other link-local types -- either won't work in containers or are unnecessary.
-	// For readability and sufficiency for Docker purposes this seemed more reasonable than a
-	// 1000+ character regexp with exact and complete IPv6 validation
-	ipv6Address = `([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{0,4})(%\w+)?`
-
-	localhostNSRegexp = regexp.MustCompile(`(?m)^nameserver\s+` + dns.IPLocalhost + `\s*\n*`)
-	nsIPv6Regexp      = regexp.MustCompile(`(?m)^nameserver\s+` + ipv6Address + `\s*\n*`)
-	nsRegexp          = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `)|(` + ipv6Address + `))\s*$`)
-	nsIPv6Regexpmatch = regexp.MustCompile(`^\s*nameserver\s*((` + ipv6Address + `))\s*$`)
-	nsIPv4Regexpmatch = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `))\s*$`)
-	searchRegexp      = regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`)
-	optionsRegexp     = regexp.MustCompile(`^\s*options\s*(([^\s]+\s*)*)$`)
-)
-
-var lastModified struct {
-	sync.Mutex
-	sha256   string
-	contents []byte
-}
-
-// File contains the resolv.conf content and its hash
-type File struct {
-	Content []byte
-	Hash    string
-}
-
-// Get returns the contents of /etc/resolv.conf and its hash
-func Get() (*File, error) {
-	return GetSpecific(DefaultResolvConf)
-}
-
-// GetSpecific returns the contents of the user specified resolv.conf file and its hash
-func GetSpecific(path string) (*File, error) {
-	resolv, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-	hash, err := ioutils.HashData(bytes.NewReader(resolv))
-	if err != nil {
-		return nil, err
-	}
-	return &File{Content: resolv, Hash: hash}, nil
-}
-
-// GetIfChanged retrieves the host /etc/resolv.conf file, checks against the last hash
-// and, if modified since last check, returns the bytes and new hash.
-// This feature is used by the resolv.conf updater for containers
-func GetIfChanged() (*File, error) {
-	lastModified.Lock()
-	defer lastModified.Unlock()
-
-	resolv, err := ioutil.ReadFile("/etc/resolv.conf")
-	if err != nil {
-		return nil, err
-	}
-	newHash, err := ioutils.HashData(bytes.NewReader(resolv))
-	if err != nil {
-		return nil, err
-	}
-	if lastModified.sha256 != newHash {
-		lastModified.sha256 = newHash
-		lastModified.contents = resolv
-		return &File{Content: resolv, Hash: newHash}, nil
-	}
-	// nothing changed, so return no data
-	return nil, nil
-}
-
-// GetLastModified retrieves the last used contents and hash of the host resolv.conf.
-// Used by containers updating on restart
-func GetLastModified() *File {
-	lastModified.Lock()
-	defer lastModified.Unlock()
-
-	return &File{Content: lastModified.contents, Hash: lastModified.sha256}
-}
-
-// FilterResolvDNS cleans up the config in resolvConf.  It has two main jobs:
-// 1. It looks for localhost (127.*|::1) entries in the provided
-//    resolv.conf, removing local nameserver entries, and, if the resulting
-//    cleaned config has no defined nameservers left, adds default DNS entries
-// 2. Given the caller provides the enable/disable state of IPv6, the filter
-//    code will remove all IPv6 nameservers if it is not enabled for containers
-//
-func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool) (*File, error) {
-	cleanedResolvConf := localhostNSRegexp.ReplaceAll(resolvConf, []byte{})
-	// if IPv6 is not enabled, also clean out any IPv6 address nameserver
-	if !ipv6Enabled {
-		cleanedResolvConf = nsIPv6Regexp.ReplaceAll(cleanedResolvConf, []byte{})
-	}
-	// if the resulting resolvConf has no more nameservers defined, add appropriate
-	// default DNS servers for IPv4 and (optionally) IPv6
-	if len(GetNameservers(cleanedResolvConf, types.IP)) == 0 {
-		logrus.Infof("No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: %v", defaultIPv4Dns)
-		dns := defaultIPv4Dns
-		if ipv6Enabled {
-			logrus.Infof("IPv6 enabled; Adding default IPv6 external servers: %v", defaultIPv6Dns)
-			dns = append(dns, defaultIPv6Dns...)
-		}
-		cleanedResolvConf = append(cleanedResolvConf, []byte("\n"+strings.Join(dns, "\n"))...)
-	}
-	hash, err := ioutils.HashData(bytes.NewReader(cleanedResolvConf))
-	if err != nil {
-		return nil, err
-	}
-	return &File{Content: cleanedResolvConf, Hash: hash}, nil
-}
-
-// getLines parses input into lines and strips away comments.
-func getLines(input []byte, commentMarker []byte) [][]byte {
-	lines := bytes.Split(input, []byte("\n"))
-	var output [][]byte
-	for _, currentLine := range lines {
-		var commentIndex = bytes.Index(currentLine, commentMarker)
-		if commentIndex == -1 {
-			output = append(output, currentLine)
-		} else {
-			output = append(output, currentLine[:commentIndex])
-		}
-	}
-	return output
-}
-
-// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf
-func GetNameservers(resolvConf []byte, kind int) []string {
-	nameservers := []string{}
-	for _, line := range getLines(resolvConf, []byte("#")) {
-		var ns [][]byte
-		if kind == types.IP {
-			ns = nsRegexp.FindSubmatch(line)
-		} else if kind == types.IPv4 {
-			ns = nsIPv4Regexpmatch.FindSubmatch(line)
-		} else if kind == types.IPv6 {
-			ns = nsIPv6Regexpmatch.FindSubmatch(line)
-		}
-		if len(ns) > 0 {
-			nameservers = append(nameservers, string(ns[1]))
-		}
-	}
-	return nameservers
-}
-
-// GetNameserversAsCIDR returns nameservers (if any) listed in
-// /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32")
-// This function's output is intended for net.ParseCIDR
-func GetNameserversAsCIDR(resolvConf []byte) []string {
-	nameservers := []string{}
-	for _, nameserver := range GetNameservers(resolvConf, types.IP) {
-		var address string
-		// If IPv6, strip zone if present
-		if strings.Contains(nameserver, ":") {
-			address = strings.Split(nameserver, "%")[0] + "/128"
-		} else {
-			address = nameserver + "/32"
-		}
-		nameservers = append(nameservers, address)
-	}
-	return nameservers
-}
-
-// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf
-// If more than one search line is encountered, only the contents of the last
-// one is returned.
-func GetSearchDomains(resolvConf []byte) []string {
-	domains := []string{}
-	for _, line := range getLines(resolvConf, []byte("#")) {
-		match := searchRegexp.FindSubmatch(line)
-		if match == nil {
-			continue
-		}
-		domains = strings.Fields(string(match[1]))
-	}
-	return domains
-}
-
-// GetOptions returns options (if any) listed in /etc/resolv.conf
-// If more than one options line is encountered, only the contents of the last
-// one is returned.
-func GetOptions(resolvConf []byte) []string {
-	options := []string{}
-	for _, line := range getLines(resolvConf, []byte("#")) {
-		match := optionsRegexp.FindSubmatch(line)
-		if match == nil {
-			continue
-		}
-		options = strings.Fields(string(match[1]))
-	}
-	return options
-}
-
-// Build writes a configuration file to path containing a "nameserver" entry
-// for every element in dns, a "search" entry for every element in
-// dnsSearch, and an "options" entry for every element in dnsOptions.
-func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
-	content := bytes.NewBuffer(nil)
-	if len(dnsSearch) > 0 {
-		if searchString := strings.Join(dnsSearch, " "); strings.Trim(searchString, " ") != "." {
-			if _, err := content.WriteString("search " + searchString + "\n"); err != nil {
-				return nil, err
-			}
-		}
-	}
-	for _, dns := range dns {
-		if _, err := content.WriteString("nameserver " + dns + "\n"); err != nil {
-			return nil, err
-		}
-	}
-	if len(dnsOptions) > 0 {
-		if optsString := strings.Join(dnsOptions, " "); strings.Trim(optsString, " ") != "" {
-			if _, err := content.WriteString("options " + optsString + "\n"); err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	hash, err := ioutils.HashData(bytes.NewReader(content.Bytes()))
-	if err != nil {
-		return nil, err
-	}
-
-	return &File{Content: content.Bytes(), Hash: hash}, ioutil.WriteFile(path, content.Bytes(), 0644)
-}
diff --git a/vendor/github.com/docker/libnetwork/resolver_unix.go b/vendor/github.com/docker/libnetwork/resolver_unix.go
deleted file mode 100644
index f4e4ad6184840..0000000000000
--- a/vendor/github.com/docker/libnetwork/resolver_unix.go
+++ /dev/null
@@ -1,101 +0,0 @@
-// +build !windows
-
-package libnetwork
-
-import (
-	"fmt"
-	"net"
-	"os"
-	"os/exec"
-	"runtime"
-
-	"github.com/docker/docker/pkg/reexec"
-	"github.com/docker/libnetwork/iptables"
-	"github.com/sirupsen/logrus"
-	"github.com/vishvananda/netns"
-)
-
-func init() {
-	reexec.Register("setup-resolver", reexecSetupResolver)
-}
-
-const (
-	// outputChain used for docker embed dns
-	outputChain = "DOCKER_OUTPUT"
-	//postroutingchain used for docker embed dns
-	postroutingchain = "DOCKER_POSTROUTING"
-)
-
-func reexecSetupResolver() {
-	runtime.LockOSThread()
-	defer runtime.UnlockOSThread()
-
-	if len(os.Args) < 4 {
-		logrus.Error("invalid number of arguments..")
-		os.Exit(1)
-	}
-
-	resolverIP, ipPort, _ := net.SplitHostPort(os.Args[2])
-	_, tcpPort, _ := net.SplitHostPort(os.Args[3])
-	rules := [][]string{
-		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", os.Args[2]},
-		{"-t", "nat", "-I", postroutingchain, "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
-		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", os.Args[3]},
-		{"-t", "nat", "-I", postroutingchain, "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
-	}
-
-	f, err := os.OpenFile(os.Args[1], os.O_RDONLY, 0)
-	if err != nil {
-		logrus.Errorf("failed get network namespace %q: %v", os.Args[1], err)
-		os.Exit(2)
-	}
-	defer f.Close()
-
-	nsFD := f.Fd()
-	if err = netns.Set(netns.NsHandle(nsFD)); err != nil {
-		logrus.Errorf("setting into container net ns %v failed, %v", os.Args[1], err)
-		os.Exit(3)
-	}
-
-	// insert outputChain and postroutingchain
-	err = iptables.RawCombinedOutputNative("-t", "nat", "-C", "OUTPUT", "-d", resolverIP, "-j", outputChain)
-	if err == nil {
-		iptables.RawCombinedOutputNative("-t", "nat", "-F", outputChain)
-	} else {
-		iptables.RawCombinedOutputNative("-t", "nat", "-N", outputChain)
-		iptables.RawCombinedOutputNative("-t", "nat", "-I", "OUTPUT", "-d", resolverIP, "-j", outputChain)
-	}
-
-	err = iptables.RawCombinedOutputNative("-t", "nat", "-C", "POSTROUTING", "-d", resolverIP, "-j", postroutingchain)
-	if err == nil {
-		iptables.RawCombinedOutputNative("-t", "nat", "-F", postroutingchain)
-	} else {
-		iptables.RawCombinedOutputNative("-t", "nat", "-N", postroutingchain)
-		iptables.RawCombinedOutputNative("-t", "nat", "-I", "POSTROUTING", "-d", resolverIP, "-j", postroutingchain)
-	}
-
-	for _, rule := range rules {
-		if iptables.RawCombinedOutputNative(rule...) != nil {
-			logrus.Errorf("set up rule failed, %v", rule)
-		}
-	}
-}
-
-func (r *resolver) setupIPTable() error {
-	if r.err != nil {
-		return r.err
-	}
-	laddr := r.conn.LocalAddr().String()
-	ltcpaddr := r.tcpListen.Addr().String()
-
-	cmd := &exec.Cmd{
-		Path:   reexec.Self(),
-		Args:   append([]string{"setup-resolver"}, r.resolverKey, laddr, ltcpaddr),
-		Stdout: os.Stdout,
-		Stderr: os.Stderr,
-	}
-	if err := cmd.Run(); err != nil {
-		return fmt.Errorf("reexec failed: %v", err)
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/sandbox.go b/vendor/github.com/docker/libnetwork/sandbox.go
deleted file mode 100644
index 03c9215786ae7..0000000000000
--- a/vendor/github.com/docker/libnetwork/sandbox.go
+++ /dev/null
@@ -1,1269 +0,0 @@
-package libnetwork
-
-import (
-	"encoding/json"
-	"fmt"
-	"net"
-	"sort"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/docker/libnetwork/etchosts"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/osl"
-	"github.com/docker/libnetwork/types"
-	"github.com/sirupsen/logrus"
-)
-
-// Sandbox provides the control over the network container entity. It is a one to one mapping with the container.
-type Sandbox interface {
-	// ID returns the ID of the sandbox
-	ID() string
-	// Key returns the sandbox's key
-	Key() string
-	// ContainerID returns the container id associated to this sandbox
-	ContainerID() string
-	// Labels returns the sandbox's labels
-	Labels() map[string]interface{}
-	// Statistics retrieves the interfaces' statistics for the sandbox
-	Statistics() (map[string]*types.InterfaceStatistics, error)
-	// Refresh leaves all the endpoints, resets and re-applies the options,
-	// re-joins all the endpoints without destroying the osl sandbox
-	Refresh(options ...SandboxOption) error
-	// SetKey updates the Sandbox Key
-	SetKey(key string) error
-	// Rename changes the name of all attached Endpoints
-	Rename(name string) error
-	// Delete destroys this container after detaching it from all connected endpoints.
-	Delete() error
-	// Endpoints returns all the endpoints connected to the sandbox
-	Endpoints() []Endpoint
-	// ResolveService returns all the backend details about the containers or hosts
-	// backing a service. Its purpose is to satisfy an SRV query
-	ResolveService(name string) ([]*net.SRV, []net.IP)
-	// EnableService  makes a managed container's service available by adding the
-	// endpoint to the service load balancer and service discovery
-	EnableService() error
-	// DisableService removes a managed container's endpoints from the load balancer
-	// and service discovery
-	DisableService() error
-}
-
-// SandboxOption is an option setter function type used to pass various options to
-// NewNetContainer method. The various setter functions of type SandboxOption are
-// provided by libnetwork, they look like ContainerOptionXXXX(...)
-type SandboxOption func(sb *sandbox)
-
-func (sb *sandbox) processOptions(options ...SandboxOption) {
-	for _, opt := range options {
-		if opt != nil {
-			opt(sb)
-		}
-	}
-}
-
-type sandbox struct {
-	id                 string
-	containerID        string
-	config             containerConfig
-	extDNS             []extDNSEntry
-	osSbox             osl.Sandbox
-	controller         *controller
-	resolver           Resolver
-	resolverOnce       sync.Once
-	refCnt             int
-	endpoints          []*endpoint
-	epPriority         map[string]int
-	populatedEndpoints map[string]struct{}
-	joinLeaveDone      chan struct{}
-	dbIndex            uint64
-	dbExists           bool
-	isStub             bool
-	inDelete           bool
-	ingress            bool
-	ndotsSet           bool
-	oslTypes           []osl.SandboxType // slice of properties of this sandbox
-	loadBalancerNID    string            // NID that this SB is a load balancer for
-	sync.Mutex
-	// This mutex is used to serialize service related operation for an endpoint
-	// The lock is here because the endpoint is saved into the store so is not unique
-	Service sync.Mutex
-}
-
-// These are the container configs used to customize container /etc/hosts file.
-type hostsPathConfig struct {
-	hostName        string
-	domainName      string
-	hostsPath       string
-	originHostsPath string
-	extraHosts      []extraHost
-	parentUpdates   []parentUpdate
-}
-
-type parentUpdate struct {
-	cid  string
-	name string
-	ip   string
-}
-
-type extraHost struct {
-	name string
-	IP   string
-}
-
-// These are the container configs used to customize container /etc/resolv.conf file.
-type resolvConfPathConfig struct {
-	resolvConfPath       string
-	originResolvConfPath string
-	resolvConfHashFile   string
-	dnsList              []string
-	dnsSearchList        []string
-	dnsOptionsList       []string
-}
-
-type containerConfig struct {
-	hostsPathConfig
-	resolvConfPathConfig
-	generic           map[string]interface{}
-	useDefaultSandBox bool
-	useExternalKey    bool
-	prio              int // higher the value, more the priority
-	exposedPorts      []types.TransportPort
-}
-
-const (
-	resolverIPSandbox = "127.0.0.11"
-)
-
-func (sb *sandbox) ID() string {
-	return sb.id
-}
-
-func (sb *sandbox) ContainerID() string {
-	return sb.containerID
-}
-
-func (sb *sandbox) Key() string {
-	if sb.config.useDefaultSandBox {
-		return osl.GenerateKey("default")
-	}
-	return osl.GenerateKey(sb.id)
-}
-
-func (sb *sandbox) Labels() map[string]interface{} {
-	sb.Lock()
-	defer sb.Unlock()
-	opts := make(map[string]interface{}, len(sb.config.generic))
-	for k, v := range sb.config.generic {
-		opts[k] = v
-	}
-	return opts
-}
-
-func (sb *sandbox) Statistics() (map[string]*types.InterfaceStatistics, error) {
-	m := make(map[string]*types.InterfaceStatistics)
-
-	sb.Lock()
-	osb := sb.osSbox
-	sb.Unlock()
-	if osb == nil {
-		return m, nil
-	}
-
-	var err error
-	for _, i := range osb.Info().Interfaces() {
-		if m[i.DstName()], err = i.Statistics(); err != nil {
-			return m, err
-		}
-	}
-
-	return m, nil
-}
-
-func (sb *sandbox) Delete() error {
-	return sb.delete(false)
-}
-
-func (sb *sandbox) delete(force bool) error {
-	sb.Lock()
-	if sb.inDelete {
-		sb.Unlock()
-		return types.ForbiddenErrorf("another sandbox delete in progress")
-	}
-	// Set the inDelete flag. This will ensure that we don't
-	// update the store until we have completed all the endpoint
-	// leaves and deletes. And when endpoint leaves and deletes
-	// are completed then we can finally delete the sandbox object
-	// altogether from the data store. If the daemon exits
-	// ungracefully in the middle of a sandbox delete this way we
-	// will have all the references to the endpoints in the
-	// sandbox so that we can clean them up when we restart
-	sb.inDelete = true
-	sb.Unlock()
-
-	c := sb.controller
-
-	// Detach from all endpoints
-	retain := false
-	for _, ep := range sb.getConnectedEndpoints() {
-		// gw network endpoint detach and removal are automatic
-		if ep.endpointInGWNetwork() && !force {
-			continue
-		}
-		// Retain the sanbdox if we can't obtain the network from store.
-		if _, err := c.getNetworkFromStore(ep.getNetwork().ID()); err != nil {
-			if c.isDistributedControl() {
-				retain = true
-			}
-			logrus.Warnf("Failed getting network for ep %s during sandbox %s delete: %v", ep.ID(), sb.ID(), err)
-			continue
-		}
-
-		if !force {
-			if err := ep.Leave(sb); err != nil {
-				logrus.Warnf("Failed detaching sandbox %s from endpoint %s: %v\n", sb.ID(), ep.ID(), err)
-			}
-		}
-
-		if err := ep.Delete(force); err != nil {
-			logrus.Warnf("Failed deleting endpoint %s: %v\n", ep.ID(), err)
-		}
-	}
-
-	if retain {
-		sb.Lock()
-		sb.inDelete = false
-		sb.Unlock()
-		return fmt.Errorf("could not cleanup all the endpoints in container %s / sandbox %s", sb.containerID, sb.id)
-	}
-	// Container is going away. Path cache in etchosts is most
-	// likely not required any more. Drop it.
-	etchosts.Drop(sb.config.hostsPath)
-
-	if sb.resolver != nil {
-		sb.resolver.Stop()
-	}
-
-	if sb.osSbox != nil && !sb.config.useDefaultSandBox {
-		sb.osSbox.Destroy()
-	}
-
-	if err := sb.storeDelete(); err != nil {
-		logrus.Warnf("Failed to delete sandbox %s from store: %v", sb.ID(), err)
-	}
-
-	c.Lock()
-	if sb.ingress {
-		c.ingressSandbox = nil
-	}
-	delete(c.sandboxes, sb.ID())
-	c.Unlock()
-
-	return nil
-}
-
-func (sb *sandbox) Rename(name string) error {
-	var err error
-
-	for _, ep := range sb.getConnectedEndpoints() {
-		if ep.endpointInGWNetwork() {
-			continue
-		}
-
-		oldName := ep.Name()
-		lEp := ep
-		if err = ep.rename(name); err != nil {
-			break
-		}
-
-		defer func() {
-			if err != nil {
-				lEp.rename(oldName)
-			}
-		}()
-	}
-
-	return err
-}
-
-func (sb *sandbox) Refresh(options ...SandboxOption) error {
-	// Store connected endpoints
-	epList := sb.getConnectedEndpoints()
-
-	// Detach from all endpoints
-	for _, ep := range epList {
-		if err := ep.Leave(sb); err != nil {
-			logrus.Warnf("Failed detaching sandbox %s from endpoint %s: %v\n", sb.ID(), ep.ID(), err)
-		}
-	}
-
-	// Re-apply options
-	sb.config = containerConfig{}
-	sb.processOptions(options...)
-
-	// Setup discovery files
-	if err := sb.setupResolutionFiles(); err != nil {
-		return err
-	}
-
-	// Re-connect to all endpoints
-	for _, ep := range epList {
-		if err := ep.Join(sb); err != nil {
-			logrus.Warnf("Failed attach sandbox %s to endpoint %s: %v\n", sb.ID(), ep.ID(), err)
-		}
-	}
-
-	return nil
-}
-
-func (sb *sandbox) MarshalJSON() ([]byte, error) {
-	sb.Lock()
-	defer sb.Unlock()
-
-	// We are just interested in the container ID. This can be expanded to include all of containerInfo if there is a need
-	return json.Marshal(sb.id)
-}
-
-func (sb *sandbox) UnmarshalJSON(b []byte) (err error) {
-	sb.Lock()
-	defer sb.Unlock()
-
-	var id string
-	if err := json.Unmarshal(b, &id); err != nil {
-		return err
-	}
-	sb.id = id
-	return nil
-}
-
-func (sb *sandbox) Endpoints() []Endpoint {
-	sb.Lock()
-	defer sb.Unlock()
-
-	endpoints := make([]Endpoint, len(sb.endpoints))
-	for i, ep := range sb.endpoints {
-		endpoints[i] = ep
-	}
-	return endpoints
-}
-
-func (sb *sandbox) getConnectedEndpoints() []*endpoint {
-	sb.Lock()
-	defer sb.Unlock()
-
-	eps := make([]*endpoint, len(sb.endpoints))
-	copy(eps, sb.endpoints)
-
-	return eps
-}
-
-func (sb *sandbox) addEndpoint(ep *endpoint) {
-	sb.Lock()
-	defer sb.Unlock()
-
-	l := len(sb.endpoints)
-	i := sort.Search(l, func(j int) bool {
-		return ep.Less(sb.endpoints[j])
-	})
-
-	sb.endpoints = append(sb.endpoints, nil)
-	copy(sb.endpoints[i+1:], sb.endpoints[i:])
-	sb.endpoints[i] = ep
-}
-
-func (sb *sandbox) removeEndpoint(ep *endpoint) {
-	sb.Lock()
-	defer sb.Unlock()
-
-	sb.removeEndpointRaw(ep)
-}
-
-func (sb *sandbox) removeEndpointRaw(ep *endpoint) {
-	for i, e := range sb.endpoints {
-		if e == ep {
-			sb.endpoints = append(sb.endpoints[:i], sb.endpoints[i+1:]...)
-			return
-		}
-	}
-}
-
-func (sb *sandbox) getEndpoint(id string) *endpoint {
-	sb.Lock()
-	defer sb.Unlock()
-
-	for _, ep := range sb.endpoints {
-		if ep.id == id {
-			return ep
-		}
-	}
-
-	return nil
-}
-
-func (sb *sandbox) updateGateway(ep *endpoint) error {
-	sb.Lock()
-	osSbox := sb.osSbox
-	sb.Unlock()
-	if osSbox == nil {
-		return nil
-	}
-	osSbox.UnsetGateway()
-	osSbox.UnsetGatewayIPv6()
-
-	if ep == nil {
-		return nil
-	}
-
-	ep.Lock()
-	joinInfo := ep.joinInfo
-	ep.Unlock()
-
-	if err := osSbox.SetGateway(joinInfo.gw); err != nil {
-		return fmt.Errorf("failed to set gateway while updating gateway: %v", err)
-	}
-
-	if err := osSbox.SetGatewayIPv6(joinInfo.gw6); err != nil {
-		return fmt.Errorf("failed to set IPv6 gateway while updating gateway: %v", err)
-	}
-
-	return nil
-}
-
-func (sb *sandbox) HandleQueryResp(name string, ip net.IP) {
-	for _, ep := range sb.getConnectedEndpoints() {
-		n := ep.getNetwork()
-		n.HandleQueryResp(name, ip)
-	}
-}
-
-func (sb *sandbox) ResolveIP(ip string) string {
-	var svc string
-	logrus.Debugf("IP To resolve %v", ip)
-
-	for _, ep := range sb.getConnectedEndpoints() {
-		n := ep.getNetwork()
-		svc = n.ResolveIP(ip)
-		if len(svc) != 0 {
-			return svc
-		}
-	}
-
-	return svc
-}
-
-func (sb *sandbox) ExecFunc(f func()) error {
-	sb.Lock()
-	osSbox := sb.osSbox
-	sb.Unlock()
-	if osSbox != nil {
-		return osSbox.InvokeFunc(f)
-	}
-	return fmt.Errorf("osl sandbox unavailable in ExecFunc for %v", sb.ContainerID())
-}
-
-func (sb *sandbox) ResolveService(name string) ([]*net.SRV, []net.IP) {
-	srv := []*net.SRV{}
-	ip := []net.IP{}
-
-	logrus.Debugf("Service name To resolve: %v", name)
-
-	// There are DNS implementations that allow SRV queries for names not in
-	// the format defined by RFC 2782. Hence specific validations checks are
-	// not done
-	parts := strings.Split(name, ".")
-	if len(parts) < 3 {
-		return nil, nil
-	}
-
-	for _, ep := range sb.getConnectedEndpoints() {
-		n := ep.getNetwork()
-
-		srv, ip = n.ResolveService(name)
-		if len(srv) > 0 {
-			break
-		}
-	}
-	return srv, ip
-}
-
-func getDynamicNwEndpoints(epList []*endpoint) []*endpoint {
-	eps := []*endpoint{}
-	for _, ep := range epList {
-		n := ep.getNetwork()
-		if n.dynamic && !n.ingress {
-			eps = append(eps, ep)
-		}
-	}
-	return eps
-}
-
-func getIngressNwEndpoint(epList []*endpoint) *endpoint {
-	for _, ep := range epList {
-		n := ep.getNetwork()
-		if n.ingress {
-			return ep
-		}
-	}
-	return nil
-}
-
-func getLocalNwEndpoints(epList []*endpoint) []*endpoint {
-	eps := []*endpoint{}
-	for _, ep := range epList {
-		n := ep.getNetwork()
-		if !n.dynamic && !n.ingress {
-			eps = append(eps, ep)
-		}
-	}
-	return eps
-}
-
-func (sb *sandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
-	// Embedded server owns the docker network domain. Resolution should work
-	// for both container_name and container_name.network_name
-	// We allow '.' in service name and network name. For a name a.b.c.d the
-	// following have to tried;
-	// {a.b.c.d in the networks container is connected to}
-	// {a.b.c in network d},
-	// {a.b in network c.d},
-	// {a in network b.c.d},
-
-	logrus.Debugf("Name To resolve: %v", name)
-	name = strings.TrimSuffix(name, ".")
-	reqName := []string{name}
-	networkName := []string{""}
-
-	if strings.Contains(name, ".") {
-		var i int
-		dup := name
-		for {
-			if i = strings.LastIndex(dup, "."); i == -1 {
-				break
-			}
-			networkName = append(networkName, name[i+1:])
-			reqName = append(reqName, name[:i])
-
-			dup = dup[:i]
-		}
-	}
-
-	epList := sb.getConnectedEndpoints()
-
-	// In swarm mode services with exposed ports are connected to user overlay
-	// network, ingress network and docker_gwbridge network. Name resolution
-	// should prioritize returning the VIP/IPs on user overlay network.
-	newList := []*endpoint{}
-	if !sb.controller.isDistributedControl() {
-		newList = append(newList, getDynamicNwEndpoints(epList)...)
-		ingressEP := getIngressNwEndpoint(epList)
-		if ingressEP != nil {
-			newList = append(newList, ingressEP)
-		}
-		newList = append(newList, getLocalNwEndpoints(epList)...)
-		epList = newList
-	}
-
-	for i := 0; i < len(reqName); i++ {
-
-		// First check for local container alias
-		ip, ipv6Miss := sb.resolveName(reqName[i], networkName[i], epList, true, ipType)
-		if ip != nil {
-			return ip, false
-		}
-		if ipv6Miss {
-			return ip, ipv6Miss
-		}
-
-		// Resolve the actual container name
-		ip, ipv6Miss = sb.resolveName(reqName[i], networkName[i], epList, false, ipType)
-		if ip != nil {
-			return ip, false
-		}
-		if ipv6Miss {
-			return ip, ipv6Miss
-		}
-	}
-	return nil, false
-}
-
-func (sb *sandbox) resolveName(req string, networkName string, epList []*endpoint, alias bool, ipType int) ([]net.IP, bool) {
-	var ipv6Miss bool
-
-	for _, ep := range epList {
-		name := req
-		n := ep.getNetwork()
-
-		if networkName != "" && networkName != n.Name() {
-			continue
-		}
-
-		if alias {
-			if ep.aliases == nil {
-				continue
-			}
-
-			var ok bool
-			ep.Lock()
-			name, ok = ep.aliases[req]
-			ep.Unlock()
-			if !ok {
-				continue
-			}
-		} else {
-			// If it is a regular lookup and if the requested name is an alias
-			// don't perform a svc lookup for this endpoint.
-			ep.Lock()
-			if _, ok := ep.aliases[req]; ok {
-				ep.Unlock()
-				continue
-			}
-			ep.Unlock()
-		}
-
-		ip, miss := n.ResolveName(name, ipType)
-
-		if ip != nil {
-			return ip, false
-		}
-
-		if miss {
-			ipv6Miss = miss
-		}
-	}
-	return nil, ipv6Miss
-}
-
-func (sb *sandbox) SetKey(basePath string) error {
-	start := time.Now()
-	defer func() {
-		logrus.Debugf("sandbox set key processing took %s for container %s", time.Since(start), sb.ContainerID())
-	}()
-
-	if basePath == "" {
-		return types.BadRequestErrorf("invalid sandbox key")
-	}
-
-	sb.Lock()
-	if sb.inDelete {
-		sb.Unlock()
-		return types.ForbiddenErrorf("failed to SetKey: sandbox %q delete in progress", sb.id)
-	}
-	oldosSbox := sb.osSbox
-	sb.Unlock()
-
-	if oldosSbox != nil {
-		// If we already have an OS sandbox, release the network resources from that
-		// and destroy the OS snab. We are moving into a new home further down. Note that none
-		// of the network resources gets destroyed during the move.
-		sb.releaseOSSbox()
-	}
-
-	osSbox, err := osl.GetSandboxForExternalKey(basePath, sb.Key())
-	if err != nil {
-		return err
-	}
-
-	sb.Lock()
-	sb.osSbox = osSbox
-	sb.Unlock()
-
-	// If the resolver was setup before stop it and set it up in the
-	// new osl sandbox.
-	if oldosSbox != nil && sb.resolver != nil {
-		sb.resolver.Stop()
-
-		if err := sb.osSbox.InvokeFunc(sb.resolver.SetupFunc(0)); err == nil {
-			if err := sb.resolver.Start(); err != nil {
-				logrus.Errorf("Resolver Start failed for container %s, %q", sb.ContainerID(), err)
-			}
-		} else {
-			logrus.Errorf("Resolver Setup Function failed for container %s, %q", sb.ContainerID(), err)
-		}
-	}
-
-	for _, ep := range sb.getConnectedEndpoints() {
-		if err = sb.populateNetworkResources(ep); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (sb *sandbox) EnableService() (err error) {
-	logrus.Debugf("EnableService %s START", sb.containerID)
-	defer func() {
-		if err != nil {
-			sb.DisableService()
-		}
-	}()
-	for _, ep := range sb.getConnectedEndpoints() {
-		if !ep.isServiceEnabled() {
-			if err := ep.addServiceInfoToCluster(sb); err != nil {
-				return fmt.Errorf("could not update state for endpoint %s into cluster: %v", ep.Name(), err)
-			}
-			ep.enableService()
-		}
-	}
-	logrus.Debugf("EnableService %s DONE", sb.containerID)
-	return nil
-}
-
-func (sb *sandbox) DisableService() (err error) {
-	logrus.Debugf("DisableService %s START", sb.containerID)
-	failedEps := []string{}
-	defer func() {
-		if len(failedEps) > 0 {
-			err = fmt.Errorf("failed to disable service on sandbox:%s, for endpoints %s", sb.ID(), strings.Join(failedEps, ","))
-		}
-	}()
-	for _, ep := range sb.getConnectedEndpoints() {
-		if ep.isServiceEnabled() {
-			if err := ep.deleteServiceInfoFromCluster(sb, false, "DisableService"); err != nil {
-				failedEps = append(failedEps, ep.Name())
-				logrus.Warnf("failed update state for endpoint %s into cluster: %v", ep.Name(), err)
-			}
-			ep.disableService()
-		}
-	}
-	logrus.Debugf("DisableService %s DONE", sb.containerID)
-	return nil
-}
-
-func releaseOSSboxResources(osSbox osl.Sandbox, ep *endpoint) {
-	for _, i := range osSbox.Info().Interfaces() {
-		// Only remove the interfaces owned by this endpoint from the sandbox.
-		if ep.hasInterface(i.SrcName()) {
-			if err := i.Remove(); err != nil {
-				logrus.Debugf("Remove interface %s failed: %v", i.SrcName(), err)
-			}
-		}
-	}
-
-	ep.Lock()
-	joinInfo := ep.joinInfo
-	vip := ep.virtualIP
-	lbModeIsDSR := ep.network.loadBalancerMode == loadBalancerModeDSR
-	ep.Unlock()
-
-	if len(vip) > 0 && lbModeIsDSR {
-		ipNet := &net.IPNet{IP: vip, Mask: net.CIDRMask(32, 32)}
-		if err := osSbox.RemoveAliasIP(osSbox.GetLoopbackIfaceName(), ipNet); err != nil {
-			logrus.WithError(err).Debugf("failed to remove virtual ip %v to loopback", ipNet)
-		}
-	}
-
-	if joinInfo == nil {
-		return
-	}
-
-	// Remove non-interface routes.
-	for _, r := range joinInfo.StaticRoutes {
-		if err := osSbox.RemoveStaticRoute(r); err != nil {
-			logrus.Debugf("Remove route failed: %v", err)
-		}
-	}
-}
-
-func (sb *sandbox) releaseOSSbox() {
-	sb.Lock()
-	osSbox := sb.osSbox
-	sb.osSbox = nil
-	sb.Unlock()
-
-	if osSbox == nil {
-		return
-	}
-
-	for _, ep := range sb.getConnectedEndpoints() {
-		releaseOSSboxResources(osSbox, ep)
-	}
-
-	osSbox.Destroy()
-}
-
-func (sb *sandbox) restoreOslSandbox() error {
-	var routes []*types.StaticRoute
-
-	// restore osl sandbox
-	Ifaces := make(map[string][]osl.IfaceOption)
-	for _, ep := range sb.endpoints {
-		var ifaceOptions []osl.IfaceOption
-		ep.Lock()
-		joinInfo := ep.joinInfo
-		i := ep.iface
-		ep.Unlock()
-
-		if i == nil {
-			logrus.Errorf("error restoring endpoint %s for container %s", ep.Name(), sb.ContainerID())
-			continue
-		}
-
-		ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().Address(i.addr), sb.osSbox.InterfaceOptions().Routes(i.routes))
-		if i.addrv6 != nil && i.addrv6.IP.To16() != nil {
-			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().AddressIPv6(i.addrv6))
-		}
-		if i.mac != nil {
-			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().MacAddress(i.mac))
-		}
-		if len(i.llAddrs) != 0 {
-			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().LinkLocalAddresses(i.llAddrs))
-		}
-		Ifaces[fmt.Sprintf("%s+%s", i.srcName, i.dstPrefix)] = ifaceOptions
-		if joinInfo != nil {
-			routes = append(routes, joinInfo.StaticRoutes...)
-		}
-		if ep.needResolver() {
-			sb.startResolver(true)
-		}
-	}
-
-	gwep := sb.getGatewayEndpoint()
-	if gwep == nil {
-		return nil
-	}
-
-	// restore osl sandbox
-	err := sb.osSbox.Restore(Ifaces, routes, gwep.joinInfo.gw, gwep.joinInfo.gw6)
-	return err
-}
-
-func (sb *sandbox) populateNetworkResources(ep *endpoint) error {
-	sb.Lock()
-	if sb.osSbox == nil {
-		sb.Unlock()
-		return nil
-	}
-	inDelete := sb.inDelete
-	sb.Unlock()
-
-	ep.Lock()
-	joinInfo := ep.joinInfo
-	i := ep.iface
-	lbModeIsDSR := ep.network.loadBalancerMode == loadBalancerModeDSR
-	ep.Unlock()
-
-	if ep.needResolver() {
-		sb.startResolver(false)
-	}
-
-	if i != nil && i.srcName != "" {
-		var ifaceOptions []osl.IfaceOption
-
-		ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().Address(i.addr), sb.osSbox.InterfaceOptions().Routes(i.routes))
-		if i.addrv6 != nil && i.addrv6.IP.To16() != nil {
-			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().AddressIPv6(i.addrv6))
-		}
-		if len(i.llAddrs) != 0 {
-			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().LinkLocalAddresses(i.llAddrs))
-		}
-		if i.mac != nil {
-			ifaceOptions = append(ifaceOptions, sb.osSbox.InterfaceOptions().MacAddress(i.mac))
-		}
-
-		if err := sb.osSbox.AddInterface(i.srcName, i.dstPrefix, ifaceOptions...); err != nil {
-			return fmt.Errorf("failed to add interface %s to sandbox: %v", i.srcName, err)
-		}
-
-		if len(ep.virtualIP) > 0 && lbModeIsDSR {
-			if sb.loadBalancerNID == "" {
-				if err := sb.osSbox.DisableARPForVIP(i.srcName); err != nil {
-					return fmt.Errorf("failed disable ARP for VIP: %v", err)
-				}
-			}
-			ipNet := &net.IPNet{IP: ep.virtualIP, Mask: net.CIDRMask(32, 32)}
-			if err := sb.osSbox.AddAliasIP(sb.osSbox.GetLoopbackIfaceName(), ipNet); err != nil {
-				return fmt.Errorf("failed to add virtual ip %v to loopback: %v", ipNet, err)
-			}
-		}
-	}
-
-	if joinInfo != nil {
-		// Set up non-interface routes.
-		for _, r := range joinInfo.StaticRoutes {
-			if err := sb.osSbox.AddStaticRoute(r); err != nil {
-				return fmt.Errorf("failed to add static route %s: %v", r.Destination.String(), err)
-			}
-		}
-	}
-
-	if ep == sb.getGatewayEndpoint() {
-		if err := sb.updateGateway(ep); err != nil {
-			return err
-		}
-	}
-
-	// Make sure to add the endpoint to the populated endpoint set
-	// before populating loadbalancers.
-	sb.Lock()
-	sb.populatedEndpoints[ep.ID()] = struct{}{}
-	sb.Unlock()
-
-	// Populate load balancer only after updating all the other
-	// information including gateway and other routes so that
-	// loadbalancers are populated all the network state is in
-	// place in the sandbox.
-	sb.populateLoadBalancers(ep)
-
-	// Only update the store if we did not come here as part of
-	// sandbox delete. If we came here as part of delete then do
-	// not bother updating the store. The sandbox object will be
-	// deleted anyway
-	if !inDelete {
-		return sb.storeUpdate()
-	}
-
-	return nil
-}
-
-func (sb *sandbox) clearNetworkResources(origEp *endpoint) error {
-	ep := sb.getEndpoint(origEp.id)
-	if ep == nil {
-		return fmt.Errorf("could not find the sandbox endpoint data for endpoint %s",
-			origEp.id)
-	}
-
-	sb.Lock()
-	osSbox := sb.osSbox
-	inDelete := sb.inDelete
-	sb.Unlock()
-	if osSbox != nil {
-		releaseOSSboxResources(osSbox, ep)
-	}
-
-	sb.Lock()
-	delete(sb.populatedEndpoints, ep.ID())
-
-	if len(sb.endpoints) == 0 {
-		// sb.endpoints should never be empty and this is unexpected error condition
-		// We log an error message to note this down for debugging purposes.
-		logrus.Errorf("No endpoints in sandbox while trying to remove endpoint %s", ep.Name())
-		sb.Unlock()
-		return nil
-	}
-
-	var (
-		gwepBefore, gwepAfter *endpoint
-		index                 = -1
-	)
-	for i, e := range sb.endpoints {
-		if e == ep {
-			index = i
-		}
-		if len(e.Gateway()) > 0 && gwepBefore == nil {
-			gwepBefore = e
-		}
-		if index != -1 && gwepBefore != nil {
-			break
-		}
-	}
-
-	if index == -1 {
-		logrus.Warnf("Endpoint %s has already been deleted", ep.Name())
-		sb.Unlock()
-		return nil
-	}
-
-	sb.removeEndpointRaw(ep)
-	for _, e := range sb.endpoints {
-		if len(e.Gateway()) > 0 {
-			gwepAfter = e
-			break
-		}
-	}
-	delete(sb.epPriority, ep.ID())
-	sb.Unlock()
-
-	if gwepAfter != nil && gwepBefore != gwepAfter {
-		sb.updateGateway(gwepAfter)
-	}
-
-	// Only update the store if we did not come here as part of
-	// sandbox delete. If we came here as part of delete then do
-	// not bother updating the store. The sandbox object will be
-	// deleted anyway
-	if !inDelete {
-		return sb.storeUpdate()
-	}
-
-	return nil
-}
-
-func (sb *sandbox) isEndpointPopulated(ep *endpoint) bool {
-	sb.Lock()
-	_, ok := sb.populatedEndpoints[ep.ID()]
-	sb.Unlock()
-	return ok
-}
-
-// joinLeaveStart waits to ensure there are no joins or leaves in progress and
-// marks this join/leave in progress without race
-func (sb *sandbox) joinLeaveStart() {
-	sb.Lock()
-	defer sb.Unlock()
-
-	for sb.joinLeaveDone != nil {
-		joinLeaveDone := sb.joinLeaveDone
-		sb.Unlock()
-
-		<-joinLeaveDone
-
-		sb.Lock()
-	}
-
-	sb.joinLeaveDone = make(chan struct{})
-}
-
-// joinLeaveEnd marks the end of this join/leave operation and
-// signals the same without race to other join and leave waiters
-func (sb *sandbox) joinLeaveEnd() {
-	sb.Lock()
-	defer sb.Unlock()
-
-	if sb.joinLeaveDone != nil {
-		close(sb.joinLeaveDone)
-		sb.joinLeaveDone = nil
-	}
-}
-
-func (sb *sandbox) hasPortConfigs() bool {
-	opts := sb.Labels()
-	_, hasExpPorts := opts[netlabel.ExposedPorts]
-	_, hasPortMaps := opts[netlabel.PortMap]
-	return hasExpPorts || hasPortMaps
-}
-
-// OptionHostname function returns an option setter for hostname option to
-// be passed to NewSandbox method.
-func OptionHostname(name string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.hostName = name
-	}
-}
-
-// OptionDomainname function returns an option setter for domainname option to
-// be passed to NewSandbox method.
-func OptionDomainname(name string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.domainName = name
-	}
-}
-
-// OptionHostsPath function returns an option setter for hostspath option to
-// be passed to NewSandbox method.
-func OptionHostsPath(path string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.hostsPath = path
-	}
-}
-
-// OptionOriginHostsPath function returns an option setter for origin hosts file path
-// to be passed to NewSandbox method.
-func OptionOriginHostsPath(path string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.originHostsPath = path
-	}
-}
-
-// OptionExtraHost function returns an option setter for extra /etc/hosts options
-// which is a name and IP as strings.
-func OptionExtraHost(name string, IP string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.extraHosts = append(sb.config.extraHosts, extraHost{name: name, IP: IP})
-	}
-}
-
-// OptionParentUpdate function returns an option setter for parent container
-// which needs to update the IP address for the linked container.
-func OptionParentUpdate(cid string, name, ip string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.parentUpdates = append(sb.config.parentUpdates, parentUpdate{cid: cid, name: name, ip: ip})
-	}
-}
-
-// OptionResolvConfPath function returns an option setter for resolvconfpath option to
-// be passed to net container methods.
-func OptionResolvConfPath(path string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.resolvConfPath = path
-	}
-}
-
-// OptionOriginResolvConfPath function returns an option setter to set the path to the
-// origin resolv.conf file to be passed to net container methods.
-func OptionOriginResolvConfPath(path string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.originResolvConfPath = path
-	}
-}
-
-// OptionDNS function returns an option setter for dns entry option to
-// be passed to container Create method.
-func OptionDNS(dns string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.dnsList = append(sb.config.dnsList, dns)
-	}
-}
-
-// OptionDNSSearch function returns an option setter for dns search entry option to
-// be passed to container Create method.
-func OptionDNSSearch(search string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.dnsSearchList = append(sb.config.dnsSearchList, search)
-	}
-}
-
-// OptionDNSOptions function returns an option setter for dns options entry option to
-// be passed to container Create method.
-func OptionDNSOptions(options string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.dnsOptionsList = append(sb.config.dnsOptionsList, options)
-	}
-}
-
-// OptionUseDefaultSandbox function returns an option setter for using default sandbox
-// (host namespace) to be passed to container Create method.
-func OptionUseDefaultSandbox() SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.useDefaultSandBox = true
-	}
-}
-
-// OptionUseExternalKey function returns an option setter for using provided namespace
-// instead of creating one.
-func OptionUseExternalKey() SandboxOption {
-	return func(sb *sandbox) {
-		sb.config.useExternalKey = true
-	}
-}
-
-// OptionGeneric function returns an option setter for Generic configuration
-// that is not managed by libNetwork but can be used by the Drivers during the call to
-// net container creation method. Container Labels are a good example.
-func OptionGeneric(generic map[string]interface{}) SandboxOption {
-	return func(sb *sandbox) {
-		if sb.config.generic == nil {
-			sb.config.generic = make(map[string]interface{}, len(generic))
-		}
-		for k, v := range generic {
-			sb.config.generic[k] = v
-		}
-	}
-}
-
-// OptionExposedPorts function returns an option setter for the container exposed
-// ports option to be passed to container Create method.
-func OptionExposedPorts(exposedPorts []types.TransportPort) SandboxOption {
-	return func(sb *sandbox) {
-		if sb.config.generic == nil {
-			sb.config.generic = make(map[string]interface{})
-		}
-		// Defensive copy
-		eps := make([]types.TransportPort, len(exposedPorts))
-		copy(eps, exposedPorts)
-		// Store endpoint label and in generic because driver needs it
-		sb.config.exposedPorts = eps
-		sb.config.generic[netlabel.ExposedPorts] = eps
-	}
-}
-
-// OptionPortMapping function returns an option setter for the mapping
-// ports option to be passed to container Create method.
-func OptionPortMapping(portBindings []types.PortBinding) SandboxOption {
-	return func(sb *sandbox) {
-		if sb.config.generic == nil {
-			sb.config.generic = make(map[string]interface{})
-		}
-		// Store a copy of the bindings as generic data to pass to the driver
-		pbs := make([]types.PortBinding, len(portBindings))
-		copy(pbs, portBindings)
-		sb.config.generic[netlabel.PortMap] = pbs
-	}
-}
-
-// OptionIngress function returns an option setter for marking a
-// sandbox as the controller's ingress sandbox.
-func OptionIngress() SandboxOption {
-	return func(sb *sandbox) {
-		sb.ingress = true
-		sb.oslTypes = append(sb.oslTypes, osl.SandboxTypeIngress)
-	}
-}
-
-// OptionLoadBalancer function returns an option setter for marking a
-// sandbox as a load balancer sandbox.
-func OptionLoadBalancer(nid string) SandboxOption {
-	return func(sb *sandbox) {
-		sb.loadBalancerNID = nid
-		sb.oslTypes = append(sb.oslTypes, osl.SandboxTypeLoadBalancer)
-	}
-}
-
-// <=> Returns true if a < b, false if a > b and advances to next level if a == b
-// epi.prio <=> epj.prio           # 2 < 1
-// epi.gw <=> epj.gw               # non-gw < gw
-// epi.internal <=> epj.internal   # non-internal < internal
-// epi.joininfo <=> epj.joininfo   # ipv6 < ipv4
-// epi.name <=> epj.name           # bar < foo
-func (epi *endpoint) Less(epj *endpoint) bool {
-	var (
-		prioi, prioj int
-	)
-
-	sbi, _ := epi.getSandbox()
-	sbj, _ := epj.getSandbox()
-
-	// Prio defaults to 0
-	if sbi != nil {
-		prioi = sbi.epPriority[epi.ID()]
-	}
-	if sbj != nil {
-		prioj = sbj.epPriority[epj.ID()]
-	}
-
-	if prioi != prioj {
-		return prioi > prioj
-	}
-
-	gwi := epi.endpointInGWNetwork()
-	gwj := epj.endpointInGWNetwork()
-	if gwi != gwj {
-		return gwj
-	}
-
-	inti := epi.getNetwork().Internal()
-	intj := epj.getNetwork().Internal()
-	if inti != intj {
-		return intj
-	}
-
-	jii := 0
-	if epi.joinInfo != nil {
-		if epi.joinInfo.gw != nil {
-			jii = jii + 1
-		}
-		if epi.joinInfo.gw6 != nil {
-			jii = jii + 2
-		}
-	}
-
-	jij := 0
-	if epj.joinInfo != nil {
-		if epj.joinInfo.gw != nil {
-			jij = jij + 1
-		}
-		if epj.joinInfo.gw6 != nil {
-			jij = jij + 2
-		}
-	}
-
-	if jii != jij {
-		return jii > jij
-	}
-
-	return epi.network.Name() < epj.network.Name()
-}
-
-func (sb *sandbox) NdotsSet() bool {
-	return sb.ndotsSet
-}
diff --git a/vendor/github.com/docker/libnetwork/sandbox_dns_windows.go b/vendor/github.com/docker/libnetwork/sandbox_dns_windows.go
deleted file mode 100644
index e1ca73edefa43..0000000000000
--- a/vendor/github.com/docker/libnetwork/sandbox_dns_windows.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// +build windows
-
-package libnetwork
-
-import (
-	"github.com/docker/libnetwork/etchosts"
-)
-
-// Stub implementations for DNS related functions
-
-func (sb *sandbox) startResolver(bool) {
-}
-
-func (sb *sandbox) setupResolutionFiles() error {
-	return nil
-}
-
-func (sb *sandbox) restorePath() {
-}
-
-func (sb *sandbox) updateHostsFile(ifaceIP string) error {
-	return nil
-}
-
-func (sb *sandbox) addHostsEntries(recs []etchosts.Record) {
-
-}
-
-func (sb *sandbox) deleteHostsEntries(recs []etchosts.Record) {
-
-}
-
-func (sb *sandbox) updateDNS(ipv6Enabled bool) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/service.go b/vendor/github.com/docker/libnetwork/service.go
deleted file mode 100644
index 5ed11959a10f9..0000000000000
--- a/vendor/github.com/docker/libnetwork/service.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package libnetwork
-
-import (
-	"fmt"
-	"net"
-	"sync"
-
-	"github.com/docker/libnetwork/internal/setmatrix"
-)
-
-var (
-	// A global monotonic counter to assign firewall marks to
-	// services.
-	fwMarkCtr   uint32 = 256
-	fwMarkCtrMu sync.Mutex
-)
-
-type portConfigs []*PortConfig
-
-func (p portConfigs) String() string {
-	if len(p) == 0 {
-		return ""
-	}
-
-	pc := p[0]
-	str := fmt.Sprintf("%d:%d/%s", pc.PublishedPort, pc.TargetPort, PortConfig_Protocol_name[int32(pc.Protocol)])
-	for _, pc := range p[1:] {
-		str = str + fmt.Sprintf(",%d:%d/%s", pc.PublishedPort, pc.TargetPort, PortConfig_Protocol_name[int32(pc.Protocol)])
-	}
-
-	return str
-}
-
-type serviceKey struct {
-	id    string
-	ports string
-}
-
-type service struct {
-	name string // Service Name
-	id   string // Service ID
-
-	// Map of loadbalancers for the service one-per attached
-	// network. It is keyed with network ID.
-	loadBalancers map[string]*loadBalancer
-
-	// List of ingress ports exposed by the service
-	ingressPorts portConfigs
-
-	// Service aliases
-	aliases []string
-
-	// This maps tracks for each IP address the list of endpoints ID
-	// associated with it. At stable state the endpoint ID expected is 1
-	// but during transition and service change it is possible to have
-	// temporary more than 1
-	ipToEndpoint setmatrix.SetMatrix
-
-	deleted bool
-
-	sync.Mutex
-}
-
-// assignIPToEndpoint inserts the mapping between the IP and the endpoint identifier
-// returns true if the mapping was not present, false otherwise
-// returns also the number of endpoints associated to the IP
-func (s *service) assignIPToEndpoint(ip, eID string) (bool, int) {
-	return s.ipToEndpoint.Insert(ip, eID)
-}
-
-// removeIPToEndpoint removes the mapping between the IP and the endpoint identifier
-// returns true if the mapping was deleted, false otherwise
-// returns also the number of endpoints associated to the IP
-func (s *service) removeIPToEndpoint(ip, eID string) (bool, int) {
-	return s.ipToEndpoint.Remove(ip, eID)
-}
-
-func (s *service) printIPToEndpoint(ip string) (string, bool) {
-	return s.ipToEndpoint.String(ip)
-}
-
-type lbBackend struct {
-	ip       net.IP
-	disabled bool
-}
-
-type loadBalancer struct {
-	vip    net.IP
-	fwMark uint32
-
-	// Map of backend IPs backing this loadbalancer on this
-	// network. It is keyed with endpoint ID.
-	backEnds map[string]*lbBackend
-
-	// Back pointer to service to which the loadbalancer belongs.
-	service *service
-	sync.Mutex
-}
diff --git a/vendor/github.com/docker/libnetwork/store.go b/vendor/github.com/docker/libnetwork/store.go
deleted file mode 100644
index 0a7c5754d31de..0000000000000
--- a/vendor/github.com/docker/libnetwork/store.go
+++ /dev/null
@@ -1,496 +0,0 @@
-package libnetwork
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/libkv/store/boltdb"
-	"github.com/docker/libkv/store/consul"
-	"github.com/docker/libkv/store/etcd"
-	"github.com/docker/libkv/store/zookeeper"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/sirupsen/logrus"
-)
-
-func registerKVStores() {
-	consul.Register()
-	zookeeper.Register()
-	etcd.Register()
-	boltdb.Register()
-}
-
-func (c *controller) initScopedStore(scope string, scfg *datastore.ScopeCfg) error {
-	store, err := datastore.NewDataStore(scope, scfg)
-	if err != nil {
-		return err
-	}
-	c.Lock()
-	c.stores = append(c.stores, store)
-	c.Unlock()
-
-	return nil
-}
-
-func (c *controller) initStores() error {
-	registerKVStores()
-
-	c.Lock()
-	if c.cfg == nil {
-		c.Unlock()
-		return nil
-	}
-	scopeConfigs := c.cfg.Scopes
-	c.stores = nil
-	c.Unlock()
-
-	for scope, scfg := range scopeConfigs {
-		if err := c.initScopedStore(scope, scfg); err != nil {
-			return err
-		}
-	}
-
-	c.startWatch()
-	return nil
-}
-
-func (c *controller) closeStores() {
-	for _, store := range c.getStores() {
-		store.Close()
-	}
-}
-
-func (c *controller) getStore(scope string) datastore.DataStore {
-	c.Lock()
-	defer c.Unlock()
-
-	for _, store := range c.stores {
-		if store.Scope() == scope {
-			return store
-		}
-	}
-
-	return nil
-}
-
-func (c *controller) getStores() []datastore.DataStore {
-	c.Lock()
-	defer c.Unlock()
-
-	return c.stores
-}
-
-func (c *controller) getNetworkFromStore(nid string) (*network, error) {
-	for _, store := range c.getStores() {
-		n := &network{id: nid, ctrlr: c}
-		err := store.GetObject(datastore.Key(n.Key()...), n)
-		// Continue searching in the next store if the key is not found in this store
-		if err != nil {
-			if err != datastore.ErrKeyNotFound {
-				logrus.Debugf("could not find network %s: %v", nid, err)
-			}
-			continue
-		}
-
-		ec := &endpointCnt{n: n}
-		err = store.GetObject(datastore.Key(ec.Key()...), ec)
-		if err != nil && !n.inDelete {
-			return nil, fmt.Errorf("could not find endpoint count for network %s: %v", n.Name(), err)
-		}
-
-		n.epCnt = ec
-		if n.scope == "" {
-			n.scope = store.Scope()
-		}
-		return n, nil
-	}
-
-	return nil, fmt.Errorf("network %s not found", nid)
-}
-
-func (c *controller) getNetworksForScope(scope string) ([]*network, error) {
-	var nl []*network
-
-	store := c.getStore(scope)
-	if store == nil {
-		return nil, nil
-	}
-
-	kvol, err := store.List(datastore.Key(datastore.NetworkKeyPrefix),
-		&network{ctrlr: c})
-	if err != nil && err != datastore.ErrKeyNotFound {
-		return nil, fmt.Errorf("failed to get networks for scope %s: %v",
-			scope, err)
-	}
-
-	for _, kvo := range kvol {
-		n := kvo.(*network)
-		n.ctrlr = c
-
-		ec := &endpointCnt{n: n}
-		err = store.GetObject(datastore.Key(ec.Key()...), ec)
-		if err != nil && !n.inDelete {
-			logrus.Warnf("Could not find endpoint count key %s for network %s while listing: %v", datastore.Key(ec.Key()...), n.Name(), err)
-			continue
-		}
-
-		n.epCnt = ec
-		if n.scope == "" {
-			n.scope = scope
-		}
-		nl = append(nl, n)
-	}
-
-	return nl, nil
-}
-
-func (c *controller) getNetworksFromStore() ([]*network, error) {
-	var nl []*network
-
-	for _, store := range c.getStores() {
-		kvol, err := store.List(datastore.Key(datastore.NetworkKeyPrefix),
-			&network{ctrlr: c})
-		// Continue searching in the next store if no keys found in this store
-		if err != nil {
-			if err != datastore.ErrKeyNotFound {
-				logrus.Debugf("failed to get networks for scope %s: %v", store.Scope(), err)
-			}
-			continue
-		}
-
-		kvep, err := store.Map(datastore.Key(epCntKeyPrefix), &endpointCnt{})
-		if err != nil {
-			if err != datastore.ErrKeyNotFound {
-				logrus.Warnf("failed to get endpoint_count map for scope %s: %v", store.Scope(), err)
-			}
-		}
-
-		for _, kvo := range kvol {
-			n := kvo.(*network)
-			n.Lock()
-			n.ctrlr = c
-			ec := &endpointCnt{n: n}
-			// Trim the leading & trailing "/" to make it consistent across all stores
-			if val, ok := kvep[strings.Trim(datastore.Key(ec.Key()...), "/")]; ok {
-				ec = val.(*endpointCnt)
-				ec.n = n
-				n.epCnt = ec
-			}
-			if n.scope == "" {
-				n.scope = store.Scope()
-			}
-			n.Unlock()
-			nl = append(nl, n)
-		}
-	}
-
-	return nl, nil
-}
-
-func (n *network) getEndpointFromStore(eid string) (*endpoint, error) {
-	var errors []string
-	for _, store := range n.ctrlr.getStores() {
-		ep := &endpoint{id: eid, network: n}
-		err := store.GetObject(datastore.Key(ep.Key()...), ep)
-		// Continue searching in the next store if the key is not found in this store
-		if err != nil {
-			if err != datastore.ErrKeyNotFound {
-				errors = append(errors, fmt.Sprintf("{%s:%v}, ", store.Scope(), err))
-				logrus.Debugf("could not find endpoint %s in %s: %v", eid, store.Scope(), err)
-			}
-			continue
-		}
-		return ep, nil
-	}
-	return nil, fmt.Errorf("could not find endpoint %s: %v", eid, errors)
-}
-
-func (n *network) getEndpointsFromStore() ([]*endpoint, error) {
-	var epl []*endpoint
-
-	tmp := endpoint{network: n}
-	for _, store := range n.getController().getStores() {
-		kvol, err := store.List(datastore.Key(tmp.KeyPrefix()...), &endpoint{network: n})
-		// Continue searching in the next store if no keys found in this store
-		if err != nil {
-			if err != datastore.ErrKeyNotFound {
-				logrus.Debugf("failed to get endpoints for network %s scope %s: %v",
-					n.Name(), store.Scope(), err)
-			}
-			continue
-		}
-
-		for _, kvo := range kvol {
-			ep := kvo.(*endpoint)
-			epl = append(epl, ep)
-		}
-	}
-
-	return epl, nil
-}
-
-func (c *controller) updateToStore(kvObject datastore.KVObject) error {
-	cs := c.getStore(kvObject.DataScope())
-	if cs == nil {
-		return ErrDataStoreNotInitialized(kvObject.DataScope())
-	}
-
-	if err := cs.PutObjectAtomic(kvObject); err != nil {
-		if err == datastore.ErrKeyModified {
-			return err
-		}
-		return fmt.Errorf("failed to update store for object type %T: %v", kvObject, err)
-	}
-
-	return nil
-}
-
-func (c *controller) deleteFromStore(kvObject datastore.KVObject) error {
-	cs := c.getStore(kvObject.DataScope())
-	if cs == nil {
-		return ErrDataStoreNotInitialized(kvObject.DataScope())
-	}
-
-retry:
-	if err := cs.DeleteObjectAtomic(kvObject); err != nil {
-		if err == datastore.ErrKeyModified {
-			if err := cs.GetObject(datastore.Key(kvObject.Key()...), kvObject); err != nil {
-				return fmt.Errorf("could not update the kvobject to latest when trying to delete: %v", err)
-			}
-			logrus.Warnf("Error (%v) deleting object %v, retrying....", err, kvObject.Key())
-			goto retry
-		}
-		return err
-	}
-
-	return nil
-}
-
-type netWatch struct {
-	localEps  map[string]*endpoint
-	remoteEps map[string]*endpoint
-	stopCh    chan struct{}
-}
-
-func (c *controller) getLocalEps(nw *netWatch) []*endpoint {
-	c.Lock()
-	defer c.Unlock()
-
-	var epl []*endpoint
-	for _, ep := range nw.localEps {
-		epl = append(epl, ep)
-	}
-
-	return epl
-}
-
-func (c *controller) watchSvcRecord(ep *endpoint) {
-	c.watchCh <- ep
-}
-
-func (c *controller) unWatchSvcRecord(ep *endpoint) {
-	c.unWatchCh <- ep
-}
-
-func (c *controller) networkWatchLoop(nw *netWatch, ep *endpoint, ecCh <-chan datastore.KVObject) {
-	for {
-		select {
-		case <-nw.stopCh:
-			return
-		case o := <-ecCh:
-			ec := o.(*endpointCnt)
-
-			epl, err := ec.n.getEndpointsFromStore()
-			if err != nil {
-				break
-			}
-
-			c.Lock()
-			var addEp []*endpoint
-
-			delEpMap := make(map[string]*endpoint)
-			renameEpMap := make(map[string]bool)
-			for k, v := range nw.remoteEps {
-				delEpMap[k] = v
-			}
-
-			for _, lEp := range epl {
-				if _, ok := nw.localEps[lEp.ID()]; ok {
-					continue
-				}
-
-				if ep, ok := nw.remoteEps[lEp.ID()]; ok {
-					// On a container rename EP ID will remain
-					// the same but the name will change. service
-					// records should reflect the change.
-					// Keep old EP entry in the delEpMap and add
-					// EP from the store (which has the new name)
-					// into the new list
-					if lEp.name == ep.name {
-						delete(delEpMap, lEp.ID())
-						continue
-					}
-					renameEpMap[lEp.ID()] = true
-				}
-				nw.remoteEps[lEp.ID()] = lEp
-				addEp = append(addEp, lEp)
-			}
-
-			// EPs whose name are to be deleted from the svc records
-			// should also be removed from nw's remote EP list, except
-			// the ones that are getting renamed.
-			for _, lEp := range delEpMap {
-				if !renameEpMap[lEp.ID()] {
-					delete(nw.remoteEps, lEp.ID())
-				}
-			}
-			c.Unlock()
-
-			for _, lEp := range delEpMap {
-				ep.getNetwork().updateSvcRecord(lEp, c.getLocalEps(nw), false)
-
-			}
-			for _, lEp := range addEp {
-				ep.getNetwork().updateSvcRecord(lEp, c.getLocalEps(nw), true)
-			}
-		}
-	}
-}
-
-func (c *controller) processEndpointCreate(nmap map[string]*netWatch, ep *endpoint) {
-	n := ep.getNetwork()
-	if !c.isDistributedControl() && n.Scope() == datastore.SwarmScope && n.driverIsMultihost() {
-		return
-	}
-
-	c.Lock()
-	nw, ok := nmap[n.ID()]
-	c.Unlock()
-
-	if ok {
-		// Update the svc db for the local endpoint join right away
-		n.updateSvcRecord(ep, c.getLocalEps(nw), true)
-
-		c.Lock()
-		nw.localEps[ep.ID()] = ep
-
-		// If we had learned that from the kv store remove it
-		// from remote ep list now that we know that this is
-		// indeed a local endpoint
-		delete(nw.remoteEps, ep.ID())
-		c.Unlock()
-		return
-	}
-
-	nw = &netWatch{
-		localEps:  make(map[string]*endpoint),
-		remoteEps: make(map[string]*endpoint),
-	}
-
-	// Update the svc db for the local endpoint join right away
-	// Do this before adding this ep to localEps so that we don't
-	// try to update this ep's container's svc records
-	n.updateSvcRecord(ep, c.getLocalEps(nw), true)
-
-	c.Lock()
-	nw.localEps[ep.ID()] = ep
-	nmap[n.ID()] = nw
-	nw.stopCh = make(chan struct{})
-	c.Unlock()
-
-	store := c.getStore(n.DataScope())
-	if store == nil {
-		return
-	}
-
-	if !store.Watchable() {
-		return
-	}
-
-	ch, err := store.Watch(n.getEpCnt(), nw.stopCh)
-	if err != nil {
-		logrus.Warnf("Error creating watch for network: %v", err)
-		return
-	}
-
-	go c.networkWatchLoop(nw, ep, ch)
-}
-
-func (c *controller) processEndpointDelete(nmap map[string]*netWatch, ep *endpoint) {
-	n := ep.getNetwork()
-	if !c.isDistributedControl() && n.Scope() == datastore.SwarmScope && n.driverIsMultihost() {
-		return
-	}
-
-	c.Lock()
-	nw, ok := nmap[n.ID()]
-
-	if ok {
-		delete(nw.localEps, ep.ID())
-		c.Unlock()
-
-		// Update the svc db about local endpoint leave right away
-		// Do this after we remove this ep from localEps so that we
-		// don't try to remove this svc record from this ep's container.
-		n.updateSvcRecord(ep, c.getLocalEps(nw), false)
-
-		c.Lock()
-		if len(nw.localEps) == 0 {
-			close(nw.stopCh)
-
-			// This is the last container going away for the network. Destroy
-			// this network's svc db entry
-			delete(c.svcRecords, n.ID())
-
-			delete(nmap, n.ID())
-		}
-	}
-	c.Unlock()
-}
-
-func (c *controller) watchLoop() {
-	for {
-		select {
-		case ep := <-c.watchCh:
-			c.processEndpointCreate(c.nmap, ep)
-		case ep := <-c.unWatchCh:
-			c.processEndpointDelete(c.nmap, ep)
-		}
-	}
-}
-
-func (c *controller) startWatch() {
-	if c.watchCh != nil {
-		return
-	}
-	c.watchCh = make(chan *endpoint)
-	c.unWatchCh = make(chan *endpoint)
-	c.nmap = make(map[string]*netWatch)
-
-	go c.watchLoop()
-}
-
-func (c *controller) networkCleanup() {
-	networks, err := c.getNetworksFromStore()
-	if err != nil {
-		logrus.Warnf("Could not retrieve networks from store(s) during network cleanup: %v", err)
-		return
-	}
-
-	for _, n := range networks {
-		if n.inDelete {
-			logrus.Infof("Removing stale network %s (%s)", n.Name(), n.ID())
-			if err := n.delete(true, true); err != nil {
-				logrus.Debugf("Error while removing stale network: %v", err)
-			}
-		}
-	}
-}
-
-var populateSpecial NetworkWalker = func(nw Network) bool {
-	if n := nw.(*network); n.hasSpecialDriver() && !n.ConfigOnly() {
-		if err := n.getController().addNetwork(n); err != nil {
-			logrus.Warnf("Failed to populate network %q with driver %q", nw.Name(), nw.Type())
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/docker/libnetwork/types/types.go b/vendor/github.com/docker/libnetwork/types/types.go
deleted file mode 100644
index b102ba4c390be..0000000000000
--- a/vendor/github.com/docker/libnetwork/types/types.go
+++ /dev/null
@@ -1,653 +0,0 @@
-// Package types contains types that are common across libnetwork project
-package types
-
-import (
-	"bytes"
-	"fmt"
-	"net"
-	"strconv"
-	"strings"
-
-	"github.com/ishidawataru/sctp"
-)
-
-// constants for the IP address type
-const (
-	IP = iota // IPv4 and IPv6
-	IPv4
-	IPv6
-)
-
-// EncryptionKey is the libnetwork representation of the key distributed by the lead
-// manager.
-type EncryptionKey struct {
-	Subsystem   string
-	Algorithm   int32
-	Key         []byte
-	LamportTime uint64
-}
-
-// UUID represents a globally unique ID of various resources like network and endpoint
-type UUID string
-
-// QosPolicy represents a quality of service policy on an endpoint
-type QosPolicy struct {
-	MaxEgressBandwidth uint64
-}
-
-// TransportPort represents a local Layer 4 endpoint
-type TransportPort struct {
-	Proto Protocol
-	Port  uint16
-}
-
-// Equal checks if this instance of Transportport is equal to the passed one
-func (t *TransportPort) Equal(o *TransportPort) bool {
-	if t == o {
-		return true
-	}
-
-	if o == nil {
-		return false
-	}
-
-	if t.Proto != o.Proto || t.Port != o.Port {
-		return false
-	}
-
-	return true
-}
-
-// GetCopy returns a copy of this TransportPort structure instance
-func (t *TransportPort) GetCopy() TransportPort {
-	return TransportPort{Proto: t.Proto, Port: t.Port}
-}
-
-// String returns the TransportPort structure in string form
-func (t *TransportPort) String() string {
-	return fmt.Sprintf("%s/%d", t.Proto.String(), t.Port)
-}
-
-// FromString reads the TransportPort structure from string
-func (t *TransportPort) FromString(s string) error {
-	ps := strings.Split(s, "/")
-	if len(ps) == 2 {
-		t.Proto = ParseProtocol(ps[0])
-		if p, err := strconv.ParseUint(ps[1], 10, 16); err == nil {
-			t.Port = uint16(p)
-			return nil
-		}
-	}
-	return BadRequestErrorf("invalid format for transport port: %s", s)
-}
-
-// PortBinding represents a port binding between the container and the host
-type PortBinding struct {
-	Proto       Protocol
-	IP          net.IP
-	Port        uint16
-	HostIP      net.IP
-	HostPort    uint16
-	HostPortEnd uint16
-}
-
-// HostAddr returns the host side transport address
-func (p PortBinding) HostAddr() (net.Addr, error) {
-	switch p.Proto {
-	case UDP:
-		return &net.UDPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil
-	case TCP:
-		return &net.TCPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil
-	case SCTP:
-		return &sctp.SCTPAddr{IP: []net.IP{p.HostIP}, Port: int(p.HostPort)}, nil
-	default:
-		return nil, ErrInvalidProtocolBinding(p.Proto.String())
-	}
-}
-
-// ContainerAddr returns the container side transport address
-func (p PortBinding) ContainerAddr() (net.Addr, error) {
-	switch p.Proto {
-	case UDP:
-		return &net.UDPAddr{IP: p.IP, Port: int(p.Port)}, nil
-	case TCP:
-		return &net.TCPAddr{IP: p.IP, Port: int(p.Port)}, nil
-	case SCTP:
-		return &sctp.SCTPAddr{IP: []net.IP{p.IP}, Port: int(p.Port)}, nil
-	default:
-		return nil, ErrInvalidProtocolBinding(p.Proto.String())
-	}
-}
-
-// GetCopy returns a copy of this PortBinding structure instance
-func (p *PortBinding) GetCopy() PortBinding {
-	return PortBinding{
-		Proto:       p.Proto,
-		IP:          GetIPCopy(p.IP),
-		Port:        p.Port,
-		HostIP:      GetIPCopy(p.HostIP),
-		HostPort:    p.HostPort,
-		HostPortEnd: p.HostPortEnd,
-	}
-}
-
-// String returns the PortBinding structure in string form
-func (p *PortBinding) String() string {
-	ret := fmt.Sprintf("%s/", p.Proto)
-	if p.IP != nil {
-		ret += p.IP.String()
-	}
-	ret = fmt.Sprintf("%s:%d/", ret, p.Port)
-	if p.HostIP != nil {
-		ret += p.HostIP.String()
-	}
-	ret = fmt.Sprintf("%s:%d", ret, p.HostPort)
-	return ret
-}
-
-// FromString reads the PortBinding structure from string s.
-// String s is a triple of "protocol/containerIP:port/hostIP:port"
-// containerIP and hostIP can be in dotted decimal ("192.0.2.1") or IPv6 ("2001:db8::68") form.
-// Zoned addresses ("169.254.0.23%eth0" or "fe80::1ff:fe23:4567:890a%eth0") are not supported.
-// If string s is incorrectly formatted or the IP addresses or ports cannot be parsed, FromString
-// returns an error.
-func (p *PortBinding) FromString(s string) error {
-	ps := strings.Split(s, "/")
-	if len(ps) != 3 {
-		return BadRequestErrorf("invalid format for port binding: %s", s)
-	}
-
-	p.Proto = ParseProtocol(ps[0])
-
-	var err error
-	if p.IP, p.Port, err = parseIPPort(ps[1]); err != nil {
-		return BadRequestErrorf("failed to parse Container IP/Port in port binding: %s", err.Error())
-	}
-
-	if p.HostIP, p.HostPort, err = parseIPPort(ps[2]); err != nil {
-		return BadRequestErrorf("failed to parse Host IP/Port in port binding: %s", err.Error())
-	}
-
-	return nil
-}
-
-func parseIPPort(s string) (net.IP, uint16, error) {
-	hoststr, portstr, err := net.SplitHostPort(s)
-	if err != nil {
-		return nil, 0, err
-	}
-
-	ip := net.ParseIP(hoststr)
-	if ip == nil {
-		return nil, 0, BadRequestErrorf("invalid ip: %s", hoststr)
-	}
-
-	port, err := strconv.ParseUint(portstr, 10, 16)
-	if err != nil {
-		return nil, 0, BadRequestErrorf("invalid port: %s", portstr)
-	}
-
-	return ip, uint16(port), nil
-}
-
-// Equal checks if this instance of PortBinding is equal to the passed one
-func (p *PortBinding) Equal(o *PortBinding) bool {
-	if p == o {
-		return true
-	}
-
-	if o == nil {
-		return false
-	}
-
-	if p.Proto != o.Proto || p.Port != o.Port ||
-		p.HostPort != o.HostPort || p.HostPortEnd != o.HostPortEnd {
-		return false
-	}
-
-	if p.IP != nil {
-		if !p.IP.Equal(o.IP) {
-			return false
-		}
-	} else {
-		if o.IP != nil {
-			return false
-		}
-	}
-
-	if p.HostIP != nil {
-		if !p.HostIP.Equal(o.HostIP) {
-			return false
-		}
-	} else {
-		if o.HostIP != nil {
-			return false
-		}
-	}
-
-	return true
-}
-
-// ErrInvalidProtocolBinding is returned when the port binding protocol is not valid.
-type ErrInvalidProtocolBinding string
-
-func (ipb ErrInvalidProtocolBinding) Error() string {
-	return fmt.Sprintf("invalid transport protocol: %s", string(ipb))
-}
-
-const (
-	// ICMP is for the ICMP ip protocol
-	ICMP = 1
-	// TCP is for the TCP ip protocol
-	TCP = 6
-	// UDP is for the UDP ip protocol
-	UDP = 17
-	// SCTP is for the SCTP ip protocol
-	SCTP = 132
-)
-
-// Protocol represents an IP protocol number
-type Protocol uint8
-
-func (p Protocol) String() string {
-	switch p {
-	case ICMP:
-		return "icmp"
-	case TCP:
-		return "tcp"
-	case UDP:
-		return "udp"
-	case SCTP:
-		return "sctp"
-	default:
-		return fmt.Sprintf("%d", p)
-	}
-}
-
-// ParseProtocol returns the respective Protocol type for the passed string
-func ParseProtocol(s string) Protocol {
-	switch strings.ToLower(s) {
-	case "icmp":
-		return ICMP
-	case "udp":
-		return UDP
-	case "tcp":
-		return TCP
-	case "sctp":
-		return SCTP
-	default:
-		return 0
-	}
-}
-
-// GetMacCopy returns a copy of the passed MAC address
-func GetMacCopy(from net.HardwareAddr) net.HardwareAddr {
-	if from == nil {
-		return nil
-	}
-	to := make(net.HardwareAddr, len(from))
-	copy(to, from)
-	return to
-}
-
-// GetIPCopy returns a copy of the passed IP address
-func GetIPCopy(from net.IP) net.IP {
-	if from == nil {
-		return nil
-	}
-	to := make(net.IP, len(from))
-	copy(to, from)
-	return to
-}
-
-// GetIPNetCopy returns a copy of the passed IP Network
-func GetIPNetCopy(from *net.IPNet) *net.IPNet {
-	if from == nil {
-		return nil
-	}
-	bm := make(net.IPMask, len(from.Mask))
-	copy(bm, from.Mask)
-	return &net.IPNet{IP: GetIPCopy(from.IP), Mask: bm}
-}
-
-// GetIPNetCanonical returns the canonical form for the passed network
-func GetIPNetCanonical(nw *net.IPNet) *net.IPNet {
-	if nw == nil {
-		return nil
-	}
-	c := GetIPNetCopy(nw)
-	c.IP = c.IP.Mask(nw.Mask)
-	return c
-}
-
-// CompareIPNet returns equal if the two IP Networks are equal
-func CompareIPNet(a, b *net.IPNet) bool {
-	if a == b {
-		return true
-	}
-	if a == nil || b == nil {
-		return false
-	}
-	return a.IP.Equal(b.IP) && bytes.Equal(a.Mask, b.Mask)
-}
-
-// GetMinimalIP returns the address in its shortest form
-// If ip contains an IPv4-mapped IPv6 address, the 4-octet form of the IPv4 address will be returned.
-// Otherwise ip is returned unchanged.
-func GetMinimalIP(ip net.IP) net.IP {
-	if ip != nil && ip.To4() != nil {
-		return ip.To4()
-	}
-	return ip
-}
-
-// GetMinimalIPNet returns a copy of the passed IP Network with congruent ip and mask notation
-func GetMinimalIPNet(nw *net.IPNet) *net.IPNet {
-	if nw == nil {
-		return nil
-	}
-	if len(nw.IP) == 16 && nw.IP.To4() != nil {
-		m := nw.Mask
-		if len(m) == 16 {
-			m = m[12:16]
-		}
-		return &net.IPNet{IP: nw.IP.To4(), Mask: m}
-	}
-	return nw
-}
-
-// IsIPNetValid returns true if the ipnet is a valid network/mask
-// combination. Otherwise returns false.
-func IsIPNetValid(nw *net.IPNet) bool {
-	return nw.String() != "0.0.0.0/0"
-}
-
-var v4inV6MaskPrefix = []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
-
-// compareIPMask checks if the passed ip and mask are semantically compatible.
-// It returns the byte indexes for the address and mask so that caller can
-// do bitwise operations without modifying address representation.
-func compareIPMask(ip net.IP, mask net.IPMask) (is int, ms int, err error) {
-	// Find the effective starting of address and mask
-	if len(ip) == net.IPv6len && ip.To4() != nil {
-		is = 12
-	}
-	if len(ip[is:]) == net.IPv4len && len(mask) == net.IPv6len && bytes.Equal(mask[:12], v4inV6MaskPrefix) {
-		ms = 12
-	}
-	// Check if address and mask are semantically compatible
-	if len(ip[is:]) != len(mask[ms:]) {
-		err = fmt.Errorf("ip and mask are not compatible: (%#v, %#v)", ip, mask)
-	}
-	return
-}
-
-// GetHostPartIP returns the host portion of the ip address identified by the mask.
-// IP address representation is not modified. If address and mask are not compatible
-// an error is returned.
-func GetHostPartIP(ip net.IP, mask net.IPMask) (net.IP, error) {
-	// Find the effective starting of address and mask
-	is, ms, err := compareIPMask(ip, mask)
-	if err != nil {
-		return nil, fmt.Errorf("cannot compute host portion ip address because %s", err)
-	}
-
-	// Compute host portion
-	out := GetIPCopy(ip)
-	for i := 0; i < len(mask[ms:]); i++ {
-		out[is+i] &= ^mask[ms+i]
-	}
-
-	return out, nil
-}
-
-// GetBroadcastIP returns the broadcast ip address for the passed network (ip and mask).
-// IP address representation is not modified. If address and mask are not compatible
-// an error is returned.
-func GetBroadcastIP(ip net.IP, mask net.IPMask) (net.IP, error) {
-	// Find the effective starting of address and mask
-	is, ms, err := compareIPMask(ip, mask)
-	if err != nil {
-		return nil, fmt.Errorf("cannot compute broadcast ip address because %s", err)
-	}
-
-	// Compute broadcast address
-	out := GetIPCopy(ip)
-	for i := 0; i < len(mask[ms:]); i++ {
-		out[is+i] |= ^mask[ms+i]
-	}
-
-	return out, nil
-}
-
-// ParseCIDR returns the *net.IPNet represented by the passed CIDR notation
-func ParseCIDR(cidr string) (n *net.IPNet, e error) {
-	var i net.IP
-	if i, n, e = net.ParseCIDR(cidr); e == nil {
-		n.IP = i
-	}
-	return
-}
-
-const (
-	// NEXTHOP indicates a StaticRoute with an IP next hop.
-	NEXTHOP = iota
-
-	// CONNECTED indicates a StaticRoute with an interface for directly connected peers.
-	CONNECTED
-)
-
-// StaticRoute is a statically-provisioned IP route.
-type StaticRoute struct {
-	Destination *net.IPNet
-
-	RouteType int // NEXT_HOP or CONNECTED
-
-	// NextHop will be resolved by the kernel (i.e. as a loose hop).
-	NextHop net.IP
-}
-
-// GetCopy returns a copy of this StaticRoute structure
-func (r *StaticRoute) GetCopy() *StaticRoute {
-	d := GetIPNetCopy(r.Destination)
-	nh := GetIPCopy(r.NextHop)
-	return &StaticRoute{Destination: d,
-		RouteType: r.RouteType,
-		NextHop:   nh,
-	}
-}
-
-// InterfaceStatistics represents the interface's statistics
-type InterfaceStatistics struct {
-	RxBytes   uint64
-	RxPackets uint64
-	RxErrors  uint64
-	RxDropped uint64
-	TxBytes   uint64
-	TxPackets uint64
-	TxErrors  uint64
-	TxDropped uint64
-}
-
-func (is *InterfaceStatistics) String() string {
-	return fmt.Sprintf("\nRxBytes: %d, RxPackets: %d, RxErrors: %d, RxDropped: %d, TxBytes: %d, TxPackets: %d, TxErrors: %d, TxDropped: %d",
-		is.RxBytes, is.RxPackets, is.RxErrors, is.RxDropped, is.TxBytes, is.TxPackets, is.TxErrors, is.TxDropped)
-}
-
-/******************************
- * Well-known Error Interfaces
- ******************************/
-
-// MaskableError is an interface for errors which can be ignored by caller
-type MaskableError interface {
-	// Maskable makes implementer into MaskableError type
-	Maskable()
-}
-
-// RetryError is an interface for errors which might get resolved through retry
-type RetryError interface {
-	// Retry makes implementer into RetryError type
-	Retry()
-}
-
-// BadRequestError is an interface for errors originated by a bad request
-type BadRequestError interface {
-	// BadRequest makes implementer into BadRequestError type
-	BadRequest()
-}
-
-// NotFoundError is an interface for errors raised because a needed resource is not available
-type NotFoundError interface {
-	// NotFound makes implementer into NotFoundError type
-	NotFound()
-}
-
-// ForbiddenError is an interface for errors which denote a valid request that cannot be honored
-type ForbiddenError interface {
-	// Forbidden makes implementer into ForbiddenError type
-	Forbidden()
-}
-
-// NoServiceError is an interface for errors returned when the required service is not available
-type NoServiceError interface {
-	// NoService makes implementer into NoServiceError type
-	NoService()
-}
-
-// TimeoutError is an interface for errors raised because of timeout
-type TimeoutError interface {
-	// Timeout makes implementer into TimeoutError type
-	Timeout()
-}
-
-// NotImplementedError is an interface for errors raised because of requested functionality is not yet implemented
-type NotImplementedError interface {
-	// NotImplemented makes implementer into NotImplementedError type
-	NotImplemented()
-}
-
-// InternalError is an interface for errors raised because of an internal error
-type InternalError interface {
-	// Internal makes implementer into InternalError type
-	Internal()
-}
-
-/******************************
- * Well-known Error Formatters
- ******************************/
-
-// BadRequestErrorf creates an instance of BadRequestError
-func BadRequestErrorf(format string, params ...interface{}) error {
-	return badRequest(fmt.Sprintf(format, params...))
-}
-
-// NotFoundErrorf creates an instance of NotFoundError
-func NotFoundErrorf(format string, params ...interface{}) error {
-	return notFound(fmt.Sprintf(format, params...))
-}
-
-// ForbiddenErrorf creates an instance of ForbiddenError
-func ForbiddenErrorf(format string, params ...interface{}) error {
-	return forbidden(fmt.Sprintf(format, params...))
-}
-
-// NoServiceErrorf creates an instance of NoServiceError
-func NoServiceErrorf(format string, params ...interface{}) error {
-	return noService(fmt.Sprintf(format, params...))
-}
-
-// NotImplementedErrorf creates an instance of NotImplementedError
-func NotImplementedErrorf(format string, params ...interface{}) error {
-	return notImpl(fmt.Sprintf(format, params...))
-}
-
-// TimeoutErrorf creates an instance of TimeoutError
-func TimeoutErrorf(format string, params ...interface{}) error {
-	return timeout(fmt.Sprintf(format, params...))
-}
-
-// InternalErrorf creates an instance of InternalError
-func InternalErrorf(format string, params ...interface{}) error {
-	return internal(fmt.Sprintf(format, params...))
-}
-
-// InternalMaskableErrorf creates an instance of InternalError and MaskableError
-func InternalMaskableErrorf(format string, params ...interface{}) error {
-	return maskInternal(fmt.Sprintf(format, params...))
-}
-
-// RetryErrorf creates an instance of RetryError
-func RetryErrorf(format string, params ...interface{}) error {
-	return retry(fmt.Sprintf(format, params...))
-}
-
-/***********************
- * Internal Error Types
- ***********************/
-type badRequest string
-
-func (br badRequest) Error() string {
-	return string(br)
-}
-func (br badRequest) BadRequest() {}
-
-type maskBadRequest string
-
-type notFound string
-
-func (nf notFound) Error() string {
-	return string(nf)
-}
-func (nf notFound) NotFound() {}
-
-type forbidden string
-
-func (frb forbidden) Error() string {
-	return string(frb)
-}
-func (frb forbidden) Forbidden() {}
-
-type noService string
-
-func (ns noService) Error() string {
-	return string(ns)
-}
-func (ns noService) NoService() {}
-
-type maskNoService string
-
-type timeout string
-
-func (to timeout) Error() string {
-	return string(to)
-}
-func (to timeout) Timeout() {}
-
-type notImpl string
-
-func (ni notImpl) Error() string {
-	return string(ni)
-}
-func (ni notImpl) NotImplemented() {}
-
-type internal string
-
-func (nt internal) Error() string {
-	return string(nt)
-}
-func (nt internal) Internal() {}
-
-type maskInternal string
-
-func (mnt maskInternal) Error() string {
-	return string(mnt)
-}
-func (mnt maskInternal) Internal() {}
-func (mnt maskInternal) Maskable() {}
-
-type retry string
-
-func (r retry) Error() string {
-	return string(r)
-}
-func (r retry) Retry() {}
diff --git a/vendor/github.com/docker/libnetwork/vendor.conf b/vendor/github.com/docker/libnetwork/vendor.conf
deleted file mode 100644
index f2bb55223e3fe..0000000000000
--- a/vendor/github.com/docker/libnetwork/vendor.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
-github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
-github.com/Microsoft/go-winio v0.4.11
-github.com/Microsoft/hcsshim v0.7.3
-github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
-github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
-github.com/codegangsta/cli a65b733b303f0055f8d324d805f393cd3e7a7904
-github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b
-github.com/coreos/etcd v3.2.1
-github.com/coreos/go-semver v0.2.0
-github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
-go.etcd.io/bbolt v1.3.1-etcd.8
-
-github.com/docker/docker 162ba6016def672690ee4a1f3978368853a1e149
-github.com/docker/go-connections 7beb39f0b969b075d1325fecb092faf27fd357b6
-github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
-github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
-github.com/docker/libkv 458977154600b9f23984d9f4b82e79570b5ae12b
-
-github.com/godbus/dbus v4.0.0
-github.com/gogo/protobuf v1.0.0
-github.com/gorilla/context v1.1
-github.com/gorilla/mux v1.1
-github.com/hashicorp/consul v0.5.2
-github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
-github.com/hashicorp/go-multierror fcdddc395df1ddf4247c69bd436e84cfa0733f7e
-github.com/hashicorp/memberlist 3d8438da9589e7b608a83ffac1ef8211486bcb7c
-github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372
-github.com/hashicorp/go-sockaddr 6d291a969b86c4b633730bfc6b8b9d64c3aafed9
-github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870
-github.com/mattn/go-shellwords v1.0.3
-github.com/miekg/dns v1.0.7
-github.com/opencontainers/go-digest v1.0.0-rc1
-github.com/opencontainers/image-spec v1.0.1
-github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340
-github.com/opencontainers/runtime-spec v1.0.1
-github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
-github.com/sirupsen/logrus v1.0.3
-github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065
-github.com/vishvananda/netlink b2de5d10e38ecce8607e6b438b6d174f389a004e
-github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25
-golang.org/x/crypto 1a580b3eff7814fc9b40602fd35256c63b50f491
-golang.org/x/net 0ed95abb35c445290478a5348a7b38bb154135fd
-golang.org/x/sys 37707fdb30a5b38865cfb95e5aab41707daec7fd
-golang.org/x/sync fd80eb99c8f653c847d294a001bdf2a3a6f768f5
-github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
-github.com/ishidawataru/sctp 07191f837fedd2f13d1ec7b5f885f0f3ec54b1cb
-
-gotest.tools v2.1.0
-github.com/google/go-cmp v0.2.0
diff --git a/vendor/github.com/docker/swarmkit/agent/agent.go b/vendor/github.com/docker/swarmkit/agent/agent.go
index 4d8f99cfcde07..8f45f183cc379 100644
--- a/vendor/github.com/docker/swarmkit/agent/agent.go
+++ b/vendor/github.com/docker/swarmkit/agent/agent.go
@@ -2,6 +2,7 @@ package agent
 
 import (
 	"bytes"
+	"context"
 	"math/rand"
 	"reflect"
 	"sync"
@@ -11,7 +12,6 @@ import (
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 )
 
 const (
@@ -205,6 +205,11 @@ func (a *Agent) run(ctx context.Context) {
 		sessionq      chan sessionOperation
 		leaving       = a.leaving
 		subscriptions = map[string]context.CancelFunc{}
+		// subscriptionDone is a channel that allows us to notify ourselves
+		// that a lot subscription should be finished. this channel is
+		// unbuffered, because it is only written to in a goroutine, and
+		// therefore cannot block the main execution path.
+		subscriptionDone = make(chan string)
 	)
 	defer func() {
 		session.close()
@@ -310,8 +315,26 @@ func (a *Agent) run(ctx context.Context) {
 
 			subCtx, subCancel := context.WithCancel(ctx)
 			subscriptions[sub.ID] = subCancel
-			// TODO(dperny) we're tossing the error here, that seems wrong
-			go a.worker.Subscribe(subCtx, sub)
+			// NOTE(dperny): for like 3 years, there has been a to do saying
+			// "we're tossing the error here, that seems wrong". this is not a
+			// to do anymore. 9/10 of these errors are going to be "context
+			// deadline exceeded", and the remaining 1/10 obviously doesn't
+			// matter or we'd have missed it by now.
+			go func() {
+				a.worker.Subscribe(subCtx, sub)
+				// when the worker finishes the subscription, we should notify
+				// ourselves that this has occurred. We cannot rely on getting
+				// a Close message from the manager, as any number of things
+				// could go wrong (see github.com/moby/moby/issues/39916).
+				subscriptionDone <- sub.ID
+			}()
+		case subID := <-subscriptionDone:
+			// subscription may already have been removed. If so, no need to
+			// take any action.
+			if cancel, ok := subscriptions[subID]; ok {
+				cancel()
+				delete(subscriptions, subID)
+			}
 		case <-registered:
 			log.G(ctx).Debugln("agent: registered")
 			if ready != nil {
@@ -548,8 +571,9 @@ func (a *Agent) Publisher(ctx context.Context, subscriptionID string) (exec.LogP
 			SubscriptionID: subscriptionID,
 			Close:          true,
 		})
-		// close the stream forreal
-		publisher.CloseSend()
+		// close the stream forreal. ignore the return value and the error,
+		// because we don't care.
+		publisher.CloseAndRecv()
 	}
 
 	return exec.LogPublisherFunc(func(ctx context.Context, message api.LogMessage) error {
@@ -575,7 +599,7 @@ func (a *Agent) nodeDescriptionWithHostname(ctx context.Context, tlsInfo *api.No
 
 	// Override hostname and TLS info
 	if desc != nil {
-		if a.config.Hostname != "" && desc != nil {
+		if a.config.Hostname != "" {
 			desc.Hostname = a.config.Hostname
 		}
 		desc.TLSInfo = tlsInfo
diff --git a/vendor/github.com/docker/swarmkit/agent/errors.go b/vendor/github.com/docker/swarmkit/agent/errors.go
index 29f8ff1c9f913..f5514d8311145 100644
--- a/vendor/github.com/docker/swarmkit/agent/errors.go
+++ b/vendor/github.com/docker/swarmkit/agent/errors.go
@@ -13,10 +13,5 @@ var (
 	errAgentStarted    = errors.New("agent: already started")
 	errAgentNotStarted = errors.New("agent: not started")
 
-	errTaskNoController         = errors.New("agent: no task controller")
-	errTaskNotAssigned          = errors.New("agent: task not assigned")
-	errTaskStatusUpdateNoChange = errors.New("agent: no change in task status")
-	errTaskUnknown              = errors.New("agent: task unknown")
-
-	errTaskInvalid = errors.New("task: invalid")
+	errTaskUnknown = errors.New("agent: task unknown")
 )
diff --git a/vendor/github.com/docker/swarmkit/agent/exec/controller.go b/vendor/github.com/docker/swarmkit/agent/exec/controller.go
index c9e9343fd7f1e..b617d37ca35b1 100644
--- a/vendor/github.com/docker/swarmkit/agent/exec/controller.go
+++ b/vendor/github.com/docker/swarmkit/agent/exec/controller.go
@@ -1,6 +1,7 @@
 package exec
 
 import (
+	"context"
 	"fmt"
 	"time"
 
@@ -10,7 +11,6 @@ import (
 	"github.com/docker/swarmkit/protobuf/ptypes"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 )
 
 // Controller controls execution of a task.
diff --git a/vendor/github.com/docker/swarmkit/agent/exec/controller_stub.go b/vendor/github.com/docker/swarmkit/agent/exec/controller_stub.go
index 076955ff80663..dd16ce457d1df 100644
--- a/vendor/github.com/docker/swarmkit/agent/exec/controller_stub.go
+++ b/vendor/github.com/docker/swarmkit/agent/exec/controller_stub.go
@@ -1,10 +1,11 @@
 package exec
 
 import (
-	"github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
+	"context"
 	"runtime"
 	"strings"
+
+	"github.com/docker/swarmkit/api"
 )
 
 // StubController implements the Controller interface,
diff --git a/vendor/github.com/docker/swarmkit/agent/exec/executor.go b/vendor/github.com/docker/swarmkit/agent/exec/executor.go
index 8c3fd035064a6..26c1bfcba7005 100644
--- a/vendor/github.com/docker/swarmkit/agent/exec/executor.go
+++ b/vendor/github.com/docker/swarmkit/agent/exec/executor.go
@@ -1,8 +1,9 @@
 package exec
 
 import (
+	"context"
+
 	"github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
 )
 
 // Executor provides controllers for tasks.
diff --git a/vendor/github.com/docker/swarmkit/agent/helpers.go b/vendor/github.com/docker/swarmkit/agent/helpers.go
index 5fdf1660594cd..5e95d93297a71 100644
--- a/vendor/github.com/docker/swarmkit/agent/helpers.go
+++ b/vendor/github.com/docker/swarmkit/agent/helpers.go
@@ -1,6 +1,6 @@
 package agent
 
-import "golang.org/x/net/context"
+import "context"
 
 // runctx blocks until the function exits, closed is closed, or the context is
 // cancelled. Call as part of go statement.
diff --git a/vendor/github.com/docker/swarmkit/agent/reporter.go b/vendor/github.com/docker/swarmkit/agent/reporter.go
index 73e6ab3fd921b..2afb75795fe80 100644
--- a/vendor/github.com/docker/swarmkit/agent/reporter.go
+++ b/vendor/github.com/docker/swarmkit/agent/reporter.go
@@ -1,12 +1,12 @@
 package agent
 
 import (
+	"context"
 	"reflect"
 	"sync"
 
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
-	"golang.org/x/net/context"
 )
 
 // StatusReporter receives updates to task status. Method may be called
diff --git a/vendor/github.com/docker/swarmkit/agent/resource.go b/vendor/github.com/docker/swarmkit/agent/resource.go
index 8e88d2cd656eb..32be069c115cd 100644
--- a/vendor/github.com/docker/swarmkit/agent/resource.go
+++ b/vendor/github.com/docker/swarmkit/agent/resource.go
@@ -1,8 +1,9 @@
 package agent
 
 import (
+	"context"
+
 	"github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
 )
 
 type resourceAllocator struct {
diff --git a/vendor/github.com/docker/swarmkit/agent/secrets/secrets.go b/vendor/github.com/docker/swarmkit/agent/secrets/secrets.go
index 233101d0fb423..fb0ee1d3b9d9e 100644
--- a/vendor/github.com/docker/swarmkit/agent/secrets/secrets.go
+++ b/vendor/github.com/docker/swarmkit/agent/secrets/secrets.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/identity"
 )
 
 // secrets is a map that keeps all the currently available secrets to the agent
@@ -62,6 +63,7 @@ func (s *secrets) Reset() {
 type taskRestrictedSecretsProvider struct {
 	secrets   exec.SecretGetter
 	secretIDs map[string]struct{} // allow list of secret ids
+	taskID    string              // ID of the task the provider restricts for
 }
 
 func (sp *taskRestrictedSecretsProvider) Get(secretID string) (*api.Secret, error) {
@@ -69,7 +71,18 @@ func (sp *taskRestrictedSecretsProvider) Get(secretID string) (*api.Secret, erro
 		return nil, fmt.Errorf("task not authorized to access secret %s", secretID)
 	}
 
-	return sp.secrets.Get(secretID)
+	// First check if the secret is available with the task specific ID, which is the concatenation
+	// of the original secret ID and the task ID with a dot in between.
+	// That is the case when a secret driver has returned DoNotReuse == true for a secret value.
+	taskSpecificID := identity.CombineTwoIDs(secretID, sp.taskID)
+	secret, err := sp.secrets.Get(taskSpecificID)
+	if err != nil {
+		// Otherwise, which is the default case, the secret is retrieved by its original ID.
+		return sp.secrets.Get(secretID)
+	}
+	// For all intents and purposes, the rest of the flow should deal with the original secret ID.
+	secret.ID = secretID
+	return secret, err
 }
 
 // Restrict provides a getter that only allows access to the secrets
@@ -84,5 +97,5 @@ func Restrict(secrets exec.SecretGetter, t *api.Task) exec.SecretGetter {
 		}
 	}
 
-	return &taskRestrictedSecretsProvider{secrets: secrets, secretIDs: sids}
+	return &taskRestrictedSecretsProvider{secrets: secrets, secretIDs: sids, taskID: t.ID}
 }
diff --git a/vendor/github.com/docker/swarmkit/agent/session.go b/vendor/github.com/docker/swarmkit/agent/session.go
index 8c01d08fdd6d7..2e7f1b6a37081 100644
--- a/vendor/github.com/docker/swarmkit/agent/session.go
+++ b/vendor/github.com/docker/swarmkit/agent/session.go
@@ -1,7 +1,9 @@
 package agent
 
 import (
+	"context"
 	"errors"
+	"math"
 	"sync"
 	"time"
 
@@ -9,7 +11,6 @@ import (
 	"github.com/docker/swarmkit/connectionbroker"
 	"github.com/docker/swarmkit/log"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -17,7 +18,6 @@ import (
 
 var (
 	dispatcherRPCTimeout = 5 * time.Second
-	errSessionDisconnect = errors.New("agent: session disconnect") // instructed to disconnect
 	errSessionClosed     = errors.New("agent: session closed")
 )
 
@@ -65,6 +65,7 @@ func newSession(ctx context.Context, agent *Agent, delay time.Duration, sessionI
 	cc, err := agent.config.ConnBroker.Select(
 		grpc.WithTransportCredentials(agent.config.Credentials),
 		grpc.WithTimeout(dispatcherRPCTimeout),
+		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(math.MaxInt32)),
 	)
 
 	if err != nil {
@@ -137,7 +138,7 @@ func (s *session) start(ctx context.Context, description *api.NodeDescription) e
 	// `ctx` is done and hence fail to propagate the timeout error to the agent.
 	// If the error is not propogated to the agent, the agent will not close
 	// the session or rebuild a new session.
-	sessionCtx, cancelSession := context.WithCancel(ctx)
+	sessionCtx, cancelSession := context.WithCancel(ctx) //nolint:govet
 
 	// Need to run Session in a goroutine since there's no way to set a
 	// timeout for an individual Recv call in a stream.
@@ -160,7 +161,7 @@ func (s *session) start(ctx context.Context, description *api.NodeDescription) e
 	select {
 	case err := <-errChan:
 		if err != nil {
-			return err
+			return err //nolint:govet
 		}
 	case <-time.After(dispatcherRPCTimeout):
 		cancelSession()
diff --git a/vendor/github.com/docker/swarmkit/agent/storage.go b/vendor/github.com/docker/swarmkit/agent/storage.go
index 519880197f2a6..8d32ebf1ba8ac 100644
--- a/vendor/github.com/docker/swarmkit/agent/storage.go
+++ b/vendor/github.com/docker/swarmkit/agent/storage.go
@@ -131,7 +131,9 @@ func PutTask(tx *bolt.Tx, task *api.Task) error {
 
 // PutTaskStatus updates the status for the task with id.
 func PutTaskStatus(tx *bolt.Tx, id string, status *api.TaskStatus) error {
-	return withCreateTaskBucketIfNotExists(tx, id, func(bkt *bolt.Bucket) error {
+	// this used to be withCreateTaskBucketIfNotExists, but that could lead
+	// to weird race conditions, and was not necessary.
+	return withTaskBucket(tx, id, func(bkt *bolt.Bucket) error {
 		p, err := proto.Marshal(status)
 		if err != nil {
 			return err
diff --git a/vendor/github.com/docker/swarmkit/agent/task.go b/vendor/github.com/docker/swarmkit/agent/task.go
index 95fe93179bfd6..17c713c092603 100644
--- a/vendor/github.com/docker/swarmkit/agent/task.go
+++ b/vendor/github.com/docker/swarmkit/agent/task.go
@@ -1,6 +1,7 @@
 package agent
 
 import (
+	"context"
 	"sync"
 	"time"
 
@@ -8,7 +9,6 @@ import (
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/api/equality"
 	"github.com/docker/swarmkit/log"
-	"golang.org/x/net/context"
 )
 
 // taskManager manages all aspects of task execution and reporting for an agent
diff --git a/vendor/github.com/docker/swarmkit/agent/worker.go b/vendor/github.com/docker/swarmkit/agent/worker.go
index 8125145d213c6..53d88dfe1fd10 100644
--- a/vendor/github.com/docker/swarmkit/agent/worker.go
+++ b/vendor/github.com/docker/swarmkit/agent/worker.go
@@ -1,6 +1,7 @@
 package agent
 
 import (
+	"context"
 	"sync"
 
 	"github.com/docker/swarmkit/agent/exec"
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/swarmkit/watch"
 	"github.com/sirupsen/logrus"
 	bolt "go.etcd.io/bbolt"
-	"golang.org/x/net/context"
 )
 
 // Worker implements the core task management logic and persistence. It
@@ -278,10 +278,15 @@ func reconcileTaskState(ctx context.Context, w *worker, assignments []*api.Assig
 
 	removeTaskAssignment := func(taskID string) error {
 		ctx := log.WithLogger(ctx, log.G(ctx).WithField("task.id", taskID))
-		if err := SetTaskAssignment(tx, taskID, false); err != nil {
-			log.G(ctx).WithError(err).Error("error setting task assignment in database")
+		// if a task is no longer assigned, then we do not have to keep track
+		// of it. a task will only be unassigned when it is deleted on the
+		// manager. instead of SetTaskAssginment to true, we'll just remove the
+		// task now.
+		if err := DeleteTask(tx, taskID); err != nil {
+			log.G(ctx).WithError(err).Error("error removing de-assigned task")
+			return err
 		}
-		return err
+		return nil
 	}
 
 	// If this was a complete set of assignments, we're going to remove all the remaining
@@ -500,6 +505,21 @@ func (w *worker) newTaskManager(ctx context.Context, tx *bolt.Tx, task *api.Task
 // updateTaskStatus reports statuses to listeners, read lock must be held.
 func (w *worker) updateTaskStatus(ctx context.Context, tx *bolt.Tx, taskID string, status *api.TaskStatus) error {
 	if err := PutTaskStatus(tx, taskID, status); err != nil {
+		// we shouldn't fail to put a task status. however, there exists the
+		// possibility of a race in which we try to put a task status after the
+		// task has been deleted. because this whole contraption is a careful
+		// dance of too-tightly-coupled concurrent parts, fixing tht race is
+		// fraught with hazards. instead, we'll recognize that it can occur,
+		// log the error, and then ignore it.
+		if err == errTaskUnknown {
+			// log at info level. debug logging in docker is already really
+			// verbose, so many people disable it. the race that causes this
+			// behavior should be very rare, but if it occurs, we should know
+			// about it, because if there is some case where it is _not_ rare,
+			// then knowing about it will go a long way toward debugging.
+			log.G(ctx).Info("attempted to update status for a task that has been removed")
+			return nil
+		}
 		log.G(ctx).WithError(err).Error("failed writing status to disk")
 		return err
 	}
diff --git a/vendor/github.com/docker/swarmkit/api/ca.pb.go b/vendor/github.com/docker/swarmkit/api/ca.pb.go
index 23d375f95ec93..e37dbc97a2bd1 100644
--- a/vendor/github.com/docker/swarmkit/api/ca.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/ca.pb.go
@@ -1,248 +1,28 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/docker/swarmkit/api/ca.proto
 
-/*
-	Package api is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/docker/swarmkit/api/ca.proto
-		github.com/docker/swarmkit/api/control.proto
-		github.com/docker/swarmkit/api/dispatcher.proto
-		github.com/docker/swarmkit/api/health.proto
-		github.com/docker/swarmkit/api/logbroker.proto
-		github.com/docker/swarmkit/api/objects.proto
-		github.com/docker/swarmkit/api/raft.proto
-		github.com/docker/swarmkit/api/resource.proto
-		github.com/docker/swarmkit/api/snapshot.proto
-		github.com/docker/swarmkit/api/specs.proto
-		github.com/docker/swarmkit/api/types.proto
-		github.com/docker/swarmkit/api/watch.proto
-
-	It has these top-level messages:
-		NodeCertificateStatusRequest
-		NodeCertificateStatusResponse
-		IssueNodeCertificateRequest
-		IssueNodeCertificateResponse
-		GetRootCACertificateRequest
-		GetRootCACertificateResponse
-		GetUnlockKeyRequest
-		GetUnlockKeyResponse
-		GetNodeRequest
-		GetNodeResponse
-		ListNodesRequest
-		ListNodesResponse
-		UpdateNodeRequest
-		UpdateNodeResponse
-		RemoveNodeRequest
-		RemoveNodeResponse
-		GetTaskRequest
-		GetTaskResponse
-		RemoveTaskRequest
-		RemoveTaskResponse
-		ListTasksRequest
-		ListTasksResponse
-		CreateServiceRequest
-		CreateServiceResponse
-		GetServiceRequest
-		GetServiceResponse
-		UpdateServiceRequest
-		UpdateServiceResponse
-		RemoveServiceRequest
-		RemoveServiceResponse
-		ListServicesRequest
-		ListServicesResponse
-		CreateNetworkRequest
-		CreateNetworkResponse
-		GetNetworkRequest
-		GetNetworkResponse
-		RemoveNetworkRequest
-		RemoveNetworkResponse
-		ListNetworksRequest
-		ListNetworksResponse
-		GetClusterRequest
-		GetClusterResponse
-		ListClustersRequest
-		ListClustersResponse
-		KeyRotation
-		UpdateClusterRequest
-		UpdateClusterResponse
-		GetSecretRequest
-		GetSecretResponse
-		UpdateSecretRequest
-		UpdateSecretResponse
-		ListSecretsRequest
-		ListSecretsResponse
-		CreateSecretRequest
-		CreateSecretResponse
-		RemoveSecretRequest
-		RemoveSecretResponse
-		GetConfigRequest
-		GetConfigResponse
-		UpdateConfigRequest
-		UpdateConfigResponse
-		ListConfigsRequest
-		ListConfigsResponse
-		CreateConfigRequest
-		CreateConfigResponse
-		RemoveConfigRequest
-		RemoveConfigResponse
-		SessionRequest
-		SessionMessage
-		HeartbeatRequest
-		HeartbeatResponse
-		UpdateTaskStatusRequest
-		UpdateTaskStatusResponse
-		TasksRequest
-		TasksMessage
-		AssignmentsRequest
-		Assignment
-		AssignmentChange
-		AssignmentsMessage
-		HealthCheckRequest
-		HealthCheckResponse
-		LogSubscriptionOptions
-		LogSelector
-		LogContext
-		LogAttr
-		LogMessage
-		SubscribeLogsRequest
-		SubscribeLogsMessage
-		ListenSubscriptionsRequest
-		SubscriptionMessage
-		PublishLogsMessage
-		PublishLogsResponse
-		Meta
-		Node
-		Service
-		Endpoint
-		Task
-		NetworkAttachment
-		Network
-		Cluster
-		Secret
-		Config
-		Resource
-		Extension
-		RaftMember
-		JoinRequest
-		JoinResponse
-		LeaveRequest
-		LeaveResponse
-		ProcessRaftMessageRequest
-		ProcessRaftMessageResponse
-		StreamRaftMessageRequest
-		StreamRaftMessageResponse
-		ResolveAddressRequest
-		ResolveAddressResponse
-		InternalRaftRequest
-		StoreAction
-		AttachNetworkRequest
-		AttachNetworkResponse
-		DetachNetworkRequest
-		DetachNetworkResponse
-		StoreSnapshot
-		ClusterSnapshot
-		Snapshot
-		NodeSpec
-		ServiceSpec
-		ReplicatedService
-		GlobalService
-		TaskSpec
-		ResourceReference
-		GenericRuntimeSpec
-		NetworkAttachmentSpec
-		ContainerSpec
-		EndpointSpec
-		NetworkSpec
-		ClusterSpec
-		SecretSpec
-		ConfigSpec
-		Version
-		IndexEntry
-		Annotations
-		NamedGenericResource
-		DiscreteGenericResource
-		GenericResource
-		Resources
-		ResourceRequirements
-		Platform
-		PluginDescription
-		EngineDescription
-		NodeDescription
-		NodeTLSInfo
-		RaftMemberStatus
-		NodeStatus
-		Image
-		Mount
-		RestartPolicy
-		UpdateConfig
-		UpdateStatus
-		ContainerStatus
-		PortStatus
-		TaskStatus
-		NetworkAttachmentConfig
-		IPAMConfig
-		PortConfig
-		Driver
-		IPAMOptions
-		Peer
-		WeightedPeer
-		IssuanceStatus
-		AcceptancePolicy
-		ExternalCA
-		CAConfig
-		OrchestrationConfig
-		TaskDefaults
-		DispatcherConfig
-		RaftConfig
-		EncryptionConfig
-		SpreadOver
-		PlacementPreference
-		Placement
-		JoinTokens
-		RootCA
-		Certificate
-		EncryptionKey
-		ManagerStatus
-		FileTarget
-		SecretReference
-		ConfigReference
-		BlacklistedCertificate
-		HealthConfig
-		MaybeEncryptedRecord
-		RootRotation
-		Privileges
-		Object
-		SelectBySlot
-		SelectByCustom
-		SelectBy
-		WatchRequest
-		WatchMessage
-*/
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/docker/swarmkit/protobuf/plugin"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import raftselector "github.com/docker/swarmkit/manager/raftselector"
-import codes "google.golang.org/grpc/codes"
-import status "google.golang.org/grpc/status"
-import metadata "google.golang.org/grpc/metadata"
-import peer "google.golang.org/grpc/peer"
-import rafttime "time"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	raftselector "github.com/docker/swarmkit/manager/raftselector"
+	_ "github.com/docker/swarmkit/protobuf/plugin"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	metadata "google.golang.org/grpc/metadata"
+	peer "google.golang.org/grpc/peer"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	rafttime "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -253,28 +33,84 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type NodeCertificateStatusRequest struct {
 	NodeID string `protobuf:"bytes,1,opt,name=node_id,json=nodeId,proto3" json:"node_id,omitempty"`
 }
 
-func (m *NodeCertificateStatusRequest) Reset()                    { *m = NodeCertificateStatusRequest{} }
-func (*NodeCertificateStatusRequest) ProtoMessage()               {}
-func (*NodeCertificateStatusRequest) Descriptor() ([]byte, []int) { return fileDescriptorCa, []int{0} }
+func (m *NodeCertificateStatusRequest) Reset()      { *m = NodeCertificateStatusRequest{} }
+func (*NodeCertificateStatusRequest) ProtoMessage() {}
+func (*NodeCertificateStatusRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_64a8db18191af608, []int{0}
+}
+func (m *NodeCertificateStatusRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NodeCertificateStatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NodeCertificateStatusRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NodeCertificateStatusRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NodeCertificateStatusRequest.Merge(m, src)
+}
+func (m *NodeCertificateStatusRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *NodeCertificateStatusRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_NodeCertificateStatusRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NodeCertificateStatusRequest proto.InternalMessageInfo
 
 type NodeCertificateStatusResponse struct {
-	Status      *IssuanceStatus `protobuf:"bytes,1,opt,name=status" json:"status,omitempty"`
-	Certificate *Certificate    `protobuf:"bytes,2,opt,name=certificate" json:"certificate,omitempty"`
+	Status      *IssuanceStatus `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
+	Certificate *Certificate    `protobuf:"bytes,2,opt,name=certificate,proto3" json:"certificate,omitempty"`
 }
 
-func (m *NodeCertificateStatusResponse) Reset()                    { *m = NodeCertificateStatusResponse{} }
-func (*NodeCertificateStatusResponse) ProtoMessage()               {}
-func (*NodeCertificateStatusResponse) Descriptor() ([]byte, []int) { return fileDescriptorCa, []int{1} }
+func (m *NodeCertificateStatusResponse) Reset()      { *m = NodeCertificateStatusResponse{} }
+func (*NodeCertificateStatusResponse) ProtoMessage() {}
+func (*NodeCertificateStatusResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_64a8db18191af608, []int{1}
+}
+func (m *NodeCertificateStatusResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NodeCertificateStatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NodeCertificateStatusResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NodeCertificateStatusResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NodeCertificateStatusResponse.Merge(m, src)
+}
+func (m *NodeCertificateStatusResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *NodeCertificateStatusResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_NodeCertificateStatusResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NodeCertificateStatusResponse proto.InternalMessageInfo
 
 type IssueNodeCertificateRequest struct {
 	// DEPRECATED: Role is now selected based on which secret is matched.
-	Role NodeRole `protobuf:"varint,1,opt,name=role,proto3,enum=docker.swarmkit.v1.NodeRole" json:"role,omitempty"`
+	Role NodeRole `protobuf:"varint,1,opt,name=role,proto3,enum=docker.swarmkit.v1.NodeRole" json:"role,omitempty"` // Deprecated: Do not use.
 	// CSR is the certificate signing request.
 	CSR []byte `protobuf:"bytes,2,opt,name=csr,proto3" json:"csr,omitempty"`
 	// Token represents a user-provided string that is necessary for new
@@ -284,49 +120,217 @@ type IssueNodeCertificateRequest struct {
 	Availability NodeSpec_Availability `protobuf:"varint,4,opt,name=availability,proto3,enum=docker.swarmkit.v1.NodeSpec_Availability" json:"availability,omitempty"`
 }
 
-func (m *IssueNodeCertificateRequest) Reset()                    { *m = IssueNodeCertificateRequest{} }
-func (*IssueNodeCertificateRequest) ProtoMessage()               {}
-func (*IssueNodeCertificateRequest) Descriptor() ([]byte, []int) { return fileDescriptorCa, []int{2} }
+func (m *IssueNodeCertificateRequest) Reset()      { *m = IssueNodeCertificateRequest{} }
+func (*IssueNodeCertificateRequest) ProtoMessage() {}
+func (*IssueNodeCertificateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_64a8db18191af608, []int{2}
+}
+func (m *IssueNodeCertificateRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *IssueNodeCertificateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_IssueNodeCertificateRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *IssueNodeCertificateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_IssueNodeCertificateRequest.Merge(m, src)
+}
+func (m *IssueNodeCertificateRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *IssueNodeCertificateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_IssueNodeCertificateRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_IssueNodeCertificateRequest proto.InternalMessageInfo
 
 type IssueNodeCertificateResponse struct {
 	NodeID         string              `protobuf:"bytes,1,opt,name=node_id,json=nodeId,proto3" json:"node_id,omitempty"`
 	NodeMembership NodeSpec_Membership `protobuf:"varint,2,opt,name=node_membership,json=nodeMembership,proto3,enum=docker.swarmkit.v1.NodeSpec_Membership" json:"node_membership,omitempty"`
 }
 
-func (m *IssueNodeCertificateResponse) Reset()                    { *m = IssueNodeCertificateResponse{} }
-func (*IssueNodeCertificateResponse) ProtoMessage()               {}
-func (*IssueNodeCertificateResponse) Descriptor() ([]byte, []int) { return fileDescriptorCa, []int{3} }
+func (m *IssueNodeCertificateResponse) Reset()      { *m = IssueNodeCertificateResponse{} }
+func (*IssueNodeCertificateResponse) ProtoMessage() {}
+func (*IssueNodeCertificateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_64a8db18191af608, []int{3}
+}
+func (m *IssueNodeCertificateResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *IssueNodeCertificateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_IssueNodeCertificateResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *IssueNodeCertificateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_IssueNodeCertificateResponse.Merge(m, src)
+}
+func (m *IssueNodeCertificateResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *IssueNodeCertificateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_IssueNodeCertificateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_IssueNodeCertificateResponse proto.InternalMessageInfo
 
 type GetRootCACertificateRequest struct {
 }
 
-func (m *GetRootCACertificateRequest) Reset()                    { *m = GetRootCACertificateRequest{} }
-func (*GetRootCACertificateRequest) ProtoMessage()               {}
-func (*GetRootCACertificateRequest) Descriptor() ([]byte, []int) { return fileDescriptorCa, []int{4} }
+func (m *GetRootCACertificateRequest) Reset()      { *m = GetRootCACertificateRequest{} }
+func (*GetRootCACertificateRequest) ProtoMessage() {}
+func (*GetRootCACertificateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_64a8db18191af608, []int{4}
+}
+func (m *GetRootCACertificateRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetRootCACertificateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetRootCACertificateRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetRootCACertificateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetRootCACertificateRequest.Merge(m, src)
+}
+func (m *GetRootCACertificateRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetRootCACertificateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetRootCACertificateRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetRootCACertificateRequest proto.InternalMessageInfo
 
 type GetRootCACertificateResponse struct {
 	Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
 }
 
-func (m *GetRootCACertificateResponse) Reset()                    { *m = GetRootCACertificateResponse{} }
-func (*GetRootCACertificateResponse) ProtoMessage()               {}
-func (*GetRootCACertificateResponse) Descriptor() ([]byte, []int) { return fileDescriptorCa, []int{5} }
+func (m *GetRootCACertificateResponse) Reset()      { *m = GetRootCACertificateResponse{} }
+func (*GetRootCACertificateResponse) ProtoMessage() {}
+func (*GetRootCACertificateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_64a8db18191af608, []int{5}
+}
+func (m *GetRootCACertificateResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetRootCACertificateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetRootCACertificateResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetRootCACertificateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetRootCACertificateResponse.Merge(m, src)
+}
+func (m *GetRootCACertificateResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetRootCACertificateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetRootCACertificateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetRootCACertificateResponse proto.InternalMessageInfo
 
 type GetUnlockKeyRequest struct {
 }
 
-func (m *GetUnlockKeyRequest) Reset()                    { *m = GetUnlockKeyRequest{} }
-func (*GetUnlockKeyRequest) ProtoMessage()               {}
-func (*GetUnlockKeyRequest) Descriptor() ([]byte, []int) { return fileDescriptorCa, []int{6} }
+func (m *GetUnlockKeyRequest) Reset()      { *m = GetUnlockKeyRequest{} }
+func (*GetUnlockKeyRequest) ProtoMessage() {}
+func (*GetUnlockKeyRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_64a8db18191af608, []int{6}
+}
+func (m *GetUnlockKeyRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetUnlockKeyRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetUnlockKeyRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetUnlockKeyRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetUnlockKeyRequest.Merge(m, src)
+}
+func (m *GetUnlockKeyRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetUnlockKeyRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetUnlockKeyRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetUnlockKeyRequest proto.InternalMessageInfo
 
 type GetUnlockKeyResponse struct {
 	UnlockKey []byte  `protobuf:"bytes,1,opt,name=unlock_key,json=unlockKey,proto3" json:"unlock_key,omitempty"`
-	Version   Version `protobuf:"bytes,2,opt,name=version" json:"version"`
+	Version   Version `protobuf:"bytes,2,opt,name=version,proto3" json:"version"`
 }
 
-func (m *GetUnlockKeyResponse) Reset()                    { *m = GetUnlockKeyResponse{} }
-func (*GetUnlockKeyResponse) ProtoMessage()               {}
-func (*GetUnlockKeyResponse) Descriptor() ([]byte, []int) { return fileDescriptorCa, []int{7} }
+func (m *GetUnlockKeyResponse) Reset()      { *m = GetUnlockKeyResponse{} }
+func (*GetUnlockKeyResponse) ProtoMessage() {}
+func (*GetUnlockKeyResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_64a8db18191af608, []int{7}
+}
+func (m *GetUnlockKeyResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetUnlockKeyResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetUnlockKeyResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetUnlockKeyResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetUnlockKeyResponse.Merge(m, src)
+}
+func (m *GetUnlockKeyResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetUnlockKeyResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetUnlockKeyResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetUnlockKeyResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*NodeCertificateStatusRequest)(nil), "docker.swarmkit.v1.NodeCertificateStatusRequest")
@@ -339,6 +343,55 @@ func init() {
 	proto.RegisterType((*GetUnlockKeyResponse)(nil), "docker.swarmkit.v1.GetUnlockKeyResponse")
 }
 
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/ca.proto", fileDescriptor_64a8db18191af608)
+}
+
+var fileDescriptor_64a8db18191af608 = []byte{
+	// 651 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xc1, 0x4f, 0x13, 0x4f,
+	0x14, 0xee, 0x2c, 0xfc, 0xca, 0x8f, 0x47, 0x05, 0x33, 0x42, 0x52, 0x4b, 0xd9, 0x92, 0xd5, 0x04,
+	0x34, 0x71, 0x17, 0xaa, 0x89, 0x89, 0x5e, 0x6c, 0x6b, 0x42, 0x88, 0xc1, 0x98, 0x21, 0x7a, 0x25,
+	0xdb, 0xed, 0x50, 0x26, 0x6d, 0x77, 0xd6, 0x9d, 0x59, 0xb4, 0x37, 0x13, 0x8d, 0x67, 0x2f, 0x46,
+	0x4f, 0xfe, 0x09, 0xfe, 0x1d, 0xc4, 0x13, 0x89, 0x17, 0x4e, 0x44, 0x96, 0xbb, 0x7f, 0x83, 0xd9,
+	0xd9, 0x5d, 0x69, 0x61, 0x5b, 0xf0, 0xd4, 0x9d, 0xf7, 0xbe, 0xef, 0x7b, 0xef, 0x7d, 0xf3, 0x3a,
+	0xb0, 0xd2, 0x66, 0x72, 0x2f, 0x68, 0x9a, 0x0e, 0xef, 0x59, 0x2d, 0xee, 0x74, 0xa8, 0x6f, 0x89,
+	0x37, 0xb6, 0xdf, 0xeb, 0x30, 0x69, 0xd9, 0x1e, 0xb3, 0x1c, 0xdb, 0xf4, 0x7c, 0x2e, 0x39, 0xc6,
+	0x71, 0xd6, 0x4c, 0xb3, 0xe6, 0xfe, 0x7a, 0xe9, 0xee, 0x25, 0x64, 0xd9, 0xf7, 0xa8, 0x88, 0xf9,
+	0x97, 0x62, 0x85, 0x47, 0x9d, 0x14, 0x3b, 0xdf, 0xe6, 0x6d, 0xae, 0x3e, 0xad, 0xe8, 0x2b, 0x89,
+	0x3e, 0x1c, 0xa3, 0xa0, 0x10, 0xcd, 0x60, 0xd7, 0xf2, 0xba, 0x41, 0x9b, 0xb9, 0xc9, 0x4f, 0x4c,
+	0x34, 0x1a, 0x50, 0x7e, 0xce, 0x5b, 0xb4, 0x41, 0x7d, 0xc9, 0x76, 0x99, 0x63, 0x4b, 0xba, 0x2d,
+	0x6d, 0x19, 0x08, 0x42, 0x5f, 0x07, 0x54, 0x48, 0x7c, 0x0b, 0xa6, 0x5c, 0xde, 0xa2, 0x3b, 0xac,
+	0x55, 0x44, 0xcb, 0x68, 0x75, 0xba, 0x0e, 0xe1, 0x71, 0x25, 0x1f, 0x51, 0x36, 0x9f, 0x92, 0x7c,
+	0x94, 0xda, 0x6c, 0x19, 0xdf, 0x10, 0x2c, 0x8d, 0x50, 0x11, 0x1e, 0x77, 0x05, 0xc5, 0x8f, 0x20,
+	0x2f, 0x54, 0x44, 0xa9, 0xcc, 0x54, 0x0d, 0xf3, 0xa2, 0x65, 0xe6, 0xa6, 0x10, 0x81, 0xed, 0x3a,
+	0x29, 0x37, 0x61, 0xe0, 0x1a, 0xcc, 0x38, 0x67, 0xc2, 0x45, 0x4d, 0x09, 0x54, 0xb2, 0x04, 0x06,
+	0xea, 0x93, 0x41, 0x8e, 0xf1, 0x13, 0xc1, 0x62, 0xa4, 0x4e, 0xcf, 0x75, 0x99, 0x4e, 0xf9, 0x00,
+	0x26, 0x7d, 0xde, 0xa5, 0xaa, 0xb9, 0xd9, 0x6a, 0x39, 0x4b, 0x3b, 0x62, 0x12, 0xde, 0xa5, 0x75,
+	0xad, 0x88, 0x88, 0x42, 0xe3, 0x9b, 0x30, 0xe1, 0x08, 0x5f, 0x35, 0x54, 0xa8, 0x4f, 0x85, 0xc7,
+	0x95, 0x89, 0xc6, 0x36, 0x21, 0x51, 0x0c, 0xcf, 0xc3, 0x7f, 0x92, 0x77, 0xa8, 0x5b, 0x9c, 0x88,
+	0x4c, 0x23, 0xf1, 0x01, 0x6f, 0x41, 0xc1, 0xde, 0xb7, 0x59, 0xd7, 0x6e, 0xb2, 0x2e, 0x93, 0xfd,
+	0xe2, 0xa4, 0x2a, 0x77, 0x67, 0x54, 0xb9, 0x6d, 0x8f, 0x3a, 0x66, 0x6d, 0x80, 0x40, 0x86, 0xe8,
+	0xc6, 0x67, 0x04, 0xe5, 0xec, 0xa9, 0x12, 0xd7, 0xaf, 0x72, 0x79, 0xf8, 0x05, 0xcc, 0x29, 0x50,
+	0x8f, 0xf6, 0x9a, 0xd4, 0x17, 0x7b, 0xcc, 0x53, 0x13, 0xcd, 0x56, 0x57, 0xc6, 0xf6, 0xb5, 0xf5,
+	0x17, 0x4e, 0x66, 0x23, 0xfe, 0xd9, 0xd9, 0x58, 0x82, 0xc5, 0x0d, 0x2a, 0x09, 0xe7, 0xb2, 0x51,
+	0xbb, 0x68, 0xb6, 0xf1, 0x04, 0xca, 0xd9, 0xe9, 0xa4, 0xeb, 0xe5, 0xe1, 0xfb, 0x8e, 0x3a, 0x2f,
+	0x0c, 0x5f, 0xe7, 0x02, 0xdc, 0xd8, 0xa0, 0xf2, 0xa5, 0xdb, 0xe5, 0x4e, 0xe7, 0x19, 0xed, 0xa7,
+	0xc2, 0x3e, 0xcc, 0x0f, 0x87, 0x13, 0xc1, 0x25, 0x80, 0x40, 0x05, 0x77, 0x3a, 0xb4, 0x9f, 0xe8,
+	0x4d, 0x07, 0x29, 0x0c, 0x3f, 0x86, 0xa9, 0x7d, 0xea, 0x0b, 0xc6, 0xdd, 0x64, 0xb7, 0x16, 0xb3,
+	0x06, 0x7f, 0x15, 0x43, 0xea, 0x93, 0x07, 0xc7, 0x95, 0x1c, 0x49, 0x19, 0xd5, 0x0f, 0x1a, 0x68,
+	0x8d, 0x1a, 0x7e, 0x8f, 0x54, 0xed, 0x0b, 0x43, 0x61, 0x2b, 0x4b, 0x6b, 0x8c, 0x3b, 0xa5, 0xb5,
+	0xab, 0x13, 0xe2, 0xf1, 0x8c, 0xff, 0x7f, 0x7c, 0xff, 0xfd, 0x55, 0xd3, 0xae, 0x23, 0xfc, 0x16,
+	0x0a, 0x83, 0x06, 0xe0, 0x95, 0x11, 0x5a, 0xe7, 0x9d, 0x2b, 0xad, 0x5e, 0x0e, 0x4c, 0x8a, 0x2d,
+	0xa8, 0x62, 0x73, 0x70, 0x4d, 0x21, 0xef, 0xf5, 0x6c, 0xd7, 0x6e, 0x53, 0xbf, 0xfa, 0x45, 0x03,
+	0xb5, 0x57, 0x89, 0x15, 0x59, 0x5b, 0x99, 0x6d, 0xc5, 0x98, 0x7f, 0x65, 0xb6, 0x15, 0xe3, 0x16,
+	0x7e, 0xc0, 0x8a, 0x8f, 0x08, 0x16, 0x32, 0x9f, 0x24, 0xbc, 0x36, 0x6a, 0xad, 0x47, 0xbd, 0x81,
+	0xa5, 0xf5, 0x7f, 0x60, 0x9c, 0x6f, 0xa4, 0x7e, 0xfb, 0xe0, 0x44, 0xcf, 0x1d, 0x9d, 0xe8, 0xb9,
+	0x77, 0xa1, 0x8e, 0x0e, 0x42, 0x1d, 0x1d, 0x86, 0x3a, 0xfa, 0x15, 0xea, 0xe8, 0xd3, 0xa9, 0x9e,
+	0x3b, 0x3c, 0xd5, 0x73, 0x47, 0xa7, 0x7a, 0xae, 0x99, 0x57, 0xaf, 0xf1, 0xfd, 0x3f, 0x01, 0x00,
+	0x00, 0xff, 0xff, 0xd2, 0x82, 0x20, 0x1b, 0x73, 0x06, 0x00, 0x00,
+}
+
 type authenticatedWrapperCAServer struct {
 	local     CAServer
 	authorize func(context.Context, []string) error
@@ -416,11 +469,11 @@ func (m *NodeCertificateStatusResponse) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Status != nil {
 		m.Status = &IssuanceStatus{}
-		deepcopy.Copy(m.Status, o.Status)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Status, o.Status)
 	}
 	if o.Certificate != nil {
 		m.Certificate = &Certificate{}
-		deepcopy.Copy(m.Certificate, o.Certificate)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Certificate, o.Certificate)
 	}
 }
 
@@ -514,7 +567,7 @@ func (m *GetUnlockKeyResponse) CopyFrom(src interface{}) {
 		m.UnlockKey = make([]byte, len(o.UnlockKey))
 		copy(m.UnlockKey, o.UnlockKey)
 	}
-	deepcopy.Copy(&m.Version, &o.Version)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Version, &o.Version)
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -525,8 +578,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for CA service
-
+// CAClient is the client API for CA service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type CAClient interface {
 	GetRootCACertificate(ctx context.Context, in *GetRootCACertificateRequest, opts ...grpc.CallOption) (*GetRootCACertificateResponse, error)
 	// GetUnlockKey returns the current unlock key for the cluster for the role of the client
@@ -544,7 +598,7 @@ func NewCAClient(cc *grpc.ClientConn) CAClient {
 
 func (c *cAClient) GetRootCACertificate(ctx context.Context, in *GetRootCACertificateRequest, opts ...grpc.CallOption) (*GetRootCACertificateResponse, error) {
 	out := new(GetRootCACertificateResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.CA/GetRootCACertificate", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.CA/GetRootCACertificate", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -553,15 +607,14 @@ func (c *cAClient) GetRootCACertificate(ctx context.Context, in *GetRootCACertif
 
 func (c *cAClient) GetUnlockKey(ctx context.Context, in *GetUnlockKeyRequest, opts ...grpc.CallOption) (*GetUnlockKeyResponse, error) {
 	out := new(GetUnlockKeyResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.CA/GetUnlockKey", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.CA/GetUnlockKey", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for CA service
-
+// CAServer is the server API for CA service.
 type CAServer interface {
 	GetRootCACertificate(context.Context, *GetRootCACertificateRequest) (*GetRootCACertificateResponse, error)
 	// GetUnlockKey returns the current unlock key for the cluster for the role of the client
@@ -569,6 +622,17 @@ type CAServer interface {
 	GetUnlockKey(context.Context, *GetUnlockKeyRequest) (*GetUnlockKeyResponse, error)
 }
 
+// UnimplementedCAServer can be embedded to have forward compatible implementations.
+type UnimplementedCAServer struct {
+}
+
+func (*UnimplementedCAServer) GetRootCACertificate(ctx context.Context, req *GetRootCACertificateRequest) (*GetRootCACertificateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetRootCACertificate not implemented")
+}
+func (*UnimplementedCAServer) GetUnlockKey(ctx context.Context, req *GetUnlockKeyRequest) (*GetUnlockKeyResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetUnlockKey not implemented")
+}
+
 func RegisterCAServer(s *grpc.Server, srv CAServer) {
 	s.RegisterService(&_CA_serviceDesc, srv)
 }
@@ -626,8 +690,9 @@ var _CA_serviceDesc = grpc.ServiceDesc{
 	Metadata: "github.com/docker/swarmkit/api/ca.proto",
 }
 
-// Client API for NodeCA service
-
+// NodeCAClient is the client API for NodeCA service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type NodeCAClient interface {
 	IssueNodeCertificate(ctx context.Context, in *IssueNodeCertificateRequest, opts ...grpc.CallOption) (*IssueNodeCertificateResponse, error)
 	NodeCertificateStatus(ctx context.Context, in *NodeCertificateStatusRequest, opts ...grpc.CallOption) (*NodeCertificateStatusResponse, error)
@@ -643,7 +708,7 @@ func NewNodeCAClient(cc *grpc.ClientConn) NodeCAClient {
 
 func (c *nodeCAClient) IssueNodeCertificate(ctx context.Context, in *IssueNodeCertificateRequest, opts ...grpc.CallOption) (*IssueNodeCertificateResponse, error) {
 	out := new(IssueNodeCertificateResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.NodeCA/IssueNodeCertificate", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.NodeCA/IssueNodeCertificate", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -652,20 +717,30 @@ func (c *nodeCAClient) IssueNodeCertificate(ctx context.Context, in *IssueNodeCe
 
 func (c *nodeCAClient) NodeCertificateStatus(ctx context.Context, in *NodeCertificateStatusRequest, opts ...grpc.CallOption) (*NodeCertificateStatusResponse, error) {
 	out := new(NodeCertificateStatusResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.NodeCA/NodeCertificateStatus", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.NodeCA/NodeCertificateStatus", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for NodeCA service
-
+// NodeCAServer is the server API for NodeCA service.
 type NodeCAServer interface {
 	IssueNodeCertificate(context.Context, *IssueNodeCertificateRequest) (*IssueNodeCertificateResponse, error)
 	NodeCertificateStatus(context.Context, *NodeCertificateStatusRequest) (*NodeCertificateStatusResponse, error)
 }
 
+// UnimplementedNodeCAServer can be embedded to have forward compatible implementations.
+type UnimplementedNodeCAServer struct {
+}
+
+func (*UnimplementedNodeCAServer) IssueNodeCertificate(ctx context.Context, req *IssueNodeCertificateRequest) (*IssueNodeCertificateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method IssueNodeCertificate not implemented")
+}
+func (*UnimplementedNodeCAServer) NodeCertificateStatus(ctx context.Context, req *NodeCertificateStatusRequest) (*NodeCertificateStatusResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method NodeCertificateStatus not implemented")
+}
+
 func RegisterNodeCAServer(s *grpc.Server, srv NodeCAServer) {
 	s.RegisterService(&_NodeCA_serviceDesc, srv)
 }
@@ -726,7 +801,7 @@ var _NodeCA_serviceDesc = grpc.ServiceDesc{
 func (m *NodeCertificateStatusRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -734,23 +809,29 @@ func (m *NodeCertificateStatusRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NodeCertificateStatusRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NodeCertificateStatusRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.NodeID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
 		i = encodeVarintCa(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *NodeCertificateStatusResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -758,37 +839,46 @@ func (m *NodeCertificateStatusResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NodeCertificateStatusResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NodeCertificateStatusResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Status != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintCa(dAtA, i, uint64(m.Status.Size()))
-		n1, err := m.Status.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
-	}
 	if m.Certificate != nil {
+		{
+			size, err := m.Certificate.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintCa(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintCa(dAtA, i, uint64(m.Certificate.Size()))
-		n2, err := m.Certificate.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	if m.Status != nil {
+		{
+			size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintCa(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *IssueNodeCertificateRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -796,39 +886,46 @@ func (m *IssueNodeCertificateRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *IssueNodeCertificateRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *IssueNodeCertificateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Role != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintCa(dAtA, i, uint64(m.Role))
-	}
-	if len(m.CSR) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintCa(dAtA, i, uint64(len(m.CSR)))
-		i += copy(dAtA[i:], m.CSR)
+	if m.Availability != 0 {
+		i = encodeVarintCa(dAtA, i, uint64(m.Availability))
+		i--
+		dAtA[i] = 0x20
 	}
 	if len(m.Token) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.Token)
+		copy(dAtA[i:], m.Token)
 		i = encodeVarintCa(dAtA, i, uint64(len(m.Token)))
-		i += copy(dAtA[i:], m.Token)
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.Availability != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintCa(dAtA, i, uint64(m.Availability))
+	if len(m.CSR) > 0 {
+		i -= len(m.CSR)
+		copy(dAtA[i:], m.CSR)
+		i = encodeVarintCa(dAtA, i, uint64(len(m.CSR)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Role != 0 {
+		i = encodeVarintCa(dAtA, i, uint64(m.Role))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *IssueNodeCertificateResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -836,28 +933,34 @@ func (m *IssueNodeCertificateResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *IssueNodeCertificateResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *IssueNodeCertificateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.NodeID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintCa(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
-	}
 	if m.NodeMembership != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintCa(dAtA, i, uint64(m.NodeMembership))
+		i--
+		dAtA[i] = 0x10
 	}
-	return i, nil
+	if len(m.NodeID) > 0 {
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
+		i = encodeVarintCa(dAtA, i, uint64(len(m.NodeID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *GetRootCACertificateRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -865,17 +968,22 @@ func (m *GetRootCACertificateRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetRootCACertificateRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetRootCACertificateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetRootCACertificateResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -883,23 +991,29 @@ func (m *GetRootCACertificateResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetRootCACertificateResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetRootCACertificateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Certificate) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Certificate)
+		copy(dAtA[i:], m.Certificate)
 		i = encodeVarintCa(dAtA, i, uint64(len(m.Certificate)))
-		i += copy(dAtA[i:], m.Certificate)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetUnlockKeyRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -907,17 +1021,22 @@ func (m *GetUnlockKeyRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetUnlockKeyRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetUnlockKeyRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GetUnlockKeyResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -925,35 +1044,45 @@ func (m *GetUnlockKeyResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetUnlockKeyResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetUnlockKeyResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.UnlockKey) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintCa(dAtA, i, uint64(len(m.UnlockKey)))
-		i += copy(dAtA[i:], m.UnlockKey)
+	{
+		size, err := m.Version.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintCa(dAtA, i, uint64(size))
 	}
+	i--
 	dAtA[i] = 0x12
-	i++
-	i = encodeVarintCa(dAtA, i, uint64(m.Version.Size()))
-	n3, err := m.Version.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.UnlockKey) > 0 {
+		i -= len(m.UnlockKey)
+		copy(dAtA[i:], m.UnlockKey)
+		i = encodeVarintCa(dAtA, i, uint64(len(m.UnlockKey)))
+		i--
+		dAtA[i] = 0xa
 	}
-	i += n3
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintCa(dAtA []byte, offset int, v uint64) int {
+	offset -= sovCa(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 
 type raftProxyCAServer struct {
@@ -1241,6 +1370,9 @@ func (p *raftProxyNodeCAServer) NodeCertificateStatus(ctx context.Context, r *No
 }
 
 func (m *NodeCertificateStatusRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.NodeID)
@@ -1251,6 +1383,9 @@ func (m *NodeCertificateStatusRequest) Size() (n int) {
 }
 
 func (m *NodeCertificateStatusResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Status != nil {
@@ -1265,6 +1400,9 @@ func (m *NodeCertificateStatusResponse) Size() (n int) {
 }
 
 func (m *IssueNodeCertificateRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Role != 0 {
@@ -1285,6 +1423,9 @@ func (m *IssueNodeCertificateRequest) Size() (n int) {
 }
 
 func (m *IssueNodeCertificateResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.NodeID)
@@ -1298,12 +1439,18 @@ func (m *IssueNodeCertificateResponse) Size() (n int) {
 }
 
 func (m *GetRootCACertificateRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func (m *GetRootCACertificateResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Certificate)
@@ -1314,12 +1461,18 @@ func (m *GetRootCACertificateResponse) Size() (n int) {
 }
 
 func (m *GetUnlockKeyRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func (m *GetUnlockKeyResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.UnlockKey)
@@ -1332,14 +1485,7 @@ func (m *GetUnlockKeyResponse) Size() (n int) {
 }
 
 func sovCa(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozCa(x uint64) (n int) {
 	return sovCa(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -1423,7 +1569,7 @@ func (this *GetUnlockKeyResponse) String() string {
 	}
 	s := strings.Join([]string{`&GetUnlockKeyResponse{`,
 		`UnlockKey:` + fmt.Sprintf("%v", this.UnlockKey) + `,`,
-		`Version:` + strings.Replace(strings.Replace(this.Version.String(), "Version", "Version", 1), `&`, ``, 1) + `,`,
+		`Version:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Version), "Version", "Version", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1451,7 +1597,7 @@ func (m *NodeCertificateStatusRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1479,7 +1625,7 @@ func (m *NodeCertificateStatusRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1489,6 +1635,9 @@ func (m *NodeCertificateStatusRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1500,7 +1649,7 @@ func (m *NodeCertificateStatusRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCa
 			}
 			if (iNdEx + skippy) > l {
@@ -1530,7 +1679,7 @@ func (m *NodeCertificateStatusResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1558,7 +1707,7 @@ func (m *NodeCertificateStatusResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1567,6 +1716,9 @@ func (m *NodeCertificateStatusResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1591,7 +1743,7 @@ func (m *NodeCertificateStatusResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1600,6 +1752,9 @@ func (m *NodeCertificateStatusResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1616,7 +1771,7 @@ func (m *NodeCertificateStatusResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCa
 			}
 			if (iNdEx + skippy) > l {
@@ -1646,7 +1801,7 @@ func (m *IssueNodeCertificateRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1674,7 +1829,7 @@ func (m *IssueNodeCertificateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Role |= (NodeRole(b) & 0x7F) << shift
+				m.Role |= NodeRole(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1693,7 +1848,7 @@ func (m *IssueNodeCertificateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1702,6 +1857,9 @@ func (m *IssueNodeCertificateRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1724,7 +1882,7 @@ func (m *IssueNodeCertificateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1734,6 +1892,9 @@ func (m *IssueNodeCertificateRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1753,7 +1914,7 @@ func (m *IssueNodeCertificateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Availability |= (NodeSpec_Availability(b) & 0x7F) << shift
+				m.Availability |= NodeSpec_Availability(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1764,7 +1925,7 @@ func (m *IssueNodeCertificateRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCa
 			}
 			if (iNdEx + skippy) > l {
@@ -1794,7 +1955,7 @@ func (m *IssueNodeCertificateResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1822,7 +1983,7 @@ func (m *IssueNodeCertificateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1832,6 +1993,9 @@ func (m *IssueNodeCertificateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1851,7 +2015,7 @@ func (m *IssueNodeCertificateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.NodeMembership |= (NodeSpec_Membership(b) & 0x7F) << shift
+				m.NodeMembership |= NodeSpec_Membership(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1862,7 +2026,7 @@ func (m *IssueNodeCertificateResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCa
 			}
 			if (iNdEx + skippy) > l {
@@ -1892,7 +2056,7 @@ func (m *GetRootCACertificateRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1912,7 +2076,7 @@ func (m *GetRootCACertificateRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCa
 			}
 			if (iNdEx + skippy) > l {
@@ -1942,7 +2106,7 @@ func (m *GetRootCACertificateResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1970,7 +2134,7 @@ func (m *GetRootCACertificateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1979,6 +2143,9 @@ func (m *GetRootCACertificateResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1993,7 +2160,7 @@ func (m *GetRootCACertificateResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCa
 			}
 			if (iNdEx + skippy) > l {
@@ -2023,7 +2190,7 @@ func (m *GetUnlockKeyRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2043,7 +2210,7 @@ func (m *GetUnlockKeyRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCa
 			}
 			if (iNdEx + skippy) > l {
@@ -2073,7 +2240,7 @@ func (m *GetUnlockKeyResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2101,7 +2268,7 @@ func (m *GetUnlockKeyResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2110,6 +2277,9 @@ func (m *GetUnlockKeyResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2132,7 +2302,7 @@ func (m *GetUnlockKeyResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2141,6 +2311,9 @@ func (m *GetUnlockKeyResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCa
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthCa
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2154,7 +2327,7 @@ func (m *GetUnlockKeyResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCa
 			}
 			if (iNdEx + skippy) > l {
@@ -2172,6 +2345,7 @@ func (m *GetUnlockKeyResponse) Unmarshal(dAtA []byte) error {
 func skipCa(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -2203,10 +2377,8 @@ func skipCa(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -2223,99 +2395,34 @@ func skipCa(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthCa
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowCa
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipCa(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupCa
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthCa
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthCa = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowCa   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthCa        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowCa          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupCa = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("github.com/docker/swarmkit/api/ca.proto", fileDescriptorCa) }
-
-var fileDescriptorCa = []byte{
-	// 638 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xc1, 0x6e, 0xd3, 0x4c,
-	0x10, 0xee, 0xba, 0xfd, 0xd3, 0xbf, 0xd3, 0xd0, 0xa2, 0xa5, 0x95, 0x4c, 0x9a, 0x3a, 0x95, 0x39,
-	0xb4, 0x20, 0x61, 0xb7, 0x01, 0x09, 0x09, 0x2e, 0x24, 0x41, 0xaa, 0x2a, 0x54, 0x84, 0xb6, 0x82,
-	0x6b, 0xe5, 0x38, 0xdb, 0x74, 0x15, 0xc7, 0x6b, 0xbc, 0xeb, 0x42, 0x6e, 0x48, 0x20, 0xde, 0x00,
-	0xc1, 0x89, 0x47, 0xe0, 0x39, 0x2a, 0x4e, 0x48, 0x5c, 0x38, 0x55, 0xd4, 0x0f, 0xc0, 0x33, 0x20,
-	0xaf, 0x6d, 0x9a, 0xb4, 0x4e, 0x5a, 0x4e, 0xf1, 0xce, 0x7c, 0xdf, 0x37, 0x33, 0xdf, 0x4e, 0x16,
-	0xd6, 0xbb, 0x4c, 0x1e, 0x46, 0x6d, 0xcb, 0xe5, 0x7d, 0xbb, 0xc3, 0xdd, 0x1e, 0x0d, 0x6d, 0xf1,
-	0xda, 0x09, 0xfb, 0x3d, 0x26, 0x6d, 0x27, 0x60, 0xb6, 0xeb, 0x58, 0x41, 0xc8, 0x25, 0xc7, 0x38,
-	0xcd, 0x5a, 0x79, 0xd6, 0x3a, 0xda, 0xaa, 0xdc, 0xb9, 0x84, 0x2c, 0x07, 0x01, 0x15, 0x29, 0xff,
-	0x52, 0xac, 0x08, 0xa8, 0x9b, 0x63, 0x97, 0xba, 0xbc, 0xcb, 0xd5, 0xa7, 0x9d, 0x7c, 0x65, 0xd1,
-	0x07, 0x13, 0x14, 0x14, 0xa2, 0x1d, 0x1d, 0xd8, 0x81, 0x17, 0x75, 0x99, 0x9f, 0xfd, 0xa4, 0x44,
-	0xb3, 0x05, 0xd5, 0x67, 0xbc, 0x43, 0x5b, 0x34, 0x94, 0xec, 0x80, 0xb9, 0x8e, 0xa4, 0x7b, 0xd2,
-	0x91, 0x91, 0x20, 0xf4, 0x55, 0x44, 0x85, 0xc4, 0xb7, 0x60, 0xd6, 0xe7, 0x1d, 0xba, 0xcf, 0x3a,
-	0x3a, 0x5a, 0x43, 0x1b, 0x73, 0x4d, 0x88, 0x4f, 0x6a, 0xa5, 0x84, 0xb2, 0xf3, 0x84, 0x94, 0x92,
-	0xd4, 0x4e, 0xc7, 0xfc, 0x82, 0x60, 0x75, 0x8c, 0x8a, 0x08, 0xb8, 0x2f, 0x28, 0x7e, 0x08, 0x25,
-	0xa1, 0x22, 0x4a, 0x65, 0xbe, 0x6e, 0x5a, 0x17, 0x2d, 0xb3, 0x76, 0x84, 0x88, 0x1c, 0xdf, 0xcd,
-	0xb9, 0x19, 0x03, 0x37, 0x60, 0xde, 0x3d, 0x13, 0xd6, 0x35, 0x25, 0x50, 0x2b, 0x12, 0x18, 0xaa,
-	0x4f, 0x86, 0x39, 0xe6, 0x0f, 0x04, 0x2b, 0x89, 0x3a, 0x3d, 0xd7, 0x65, 0x3e, 0xe5, 0x7d, 0x98,
-	0x09, 0xb9, 0x47, 0x55, 0x73, 0x0b, 0xf5, 0x6a, 0x91, 0x76, 0xc2, 0x24, 0xdc, 0xa3, 0x4d, 0x4d,
-	0x47, 0x44, 0xa1, 0xf1, 0x4d, 0x98, 0x76, 0x45, 0xa8, 0x1a, 0x2a, 0x37, 0x67, 0xe3, 0x93, 0xda,
-	0x74, 0x6b, 0x8f, 0x90, 0x24, 0x86, 0x97, 0xe0, 0x3f, 0xc9, 0x7b, 0xd4, 0xd7, 0xa7, 0x13, 0xd3,
-	0x48, 0x7a, 0xc0, 0xbb, 0x50, 0x76, 0x8e, 0x1c, 0xe6, 0x39, 0x6d, 0xe6, 0x31, 0x39, 0xd0, 0x67,
-	0x54, 0xb9, 0xdb, 0xe3, 0xca, 0xed, 0x05, 0xd4, 0xb5, 0x1a, 0x43, 0x04, 0x32, 0x42, 0x37, 0x3f,
-	0x22, 0xa8, 0x16, 0x4f, 0x95, 0xb9, 0x7e, 0x95, 0xcb, 0xc3, 0xcf, 0x61, 0x51, 0x81, 0xfa, 0xb4,
-	0xdf, 0xa6, 0xa1, 0x38, 0x64, 0x81, 0x9a, 0x68, 0xa1, 0xbe, 0x3e, 0xb1, 0xaf, 0xdd, 0xbf, 0x70,
-	0xb2, 0x90, 0xf0, 0xcf, 0xce, 0xe6, 0x2a, 0xac, 0x6c, 0x53, 0x49, 0x38, 0x97, 0xad, 0xc6, 0x45,
-	0xb3, 0xcd, 0xc7, 0x50, 0x2d, 0x4e, 0x67, 0x5d, 0xaf, 0x8d, 0xde, 0x77, 0xd2, 0x79, 0x79, 0xf4,
-	0x3a, 0x97, 0xe1, 0xc6, 0x36, 0x95, 0x2f, 0x7c, 0x8f, 0xbb, 0xbd, 0xa7, 0x74, 0x90, 0x0b, 0x87,
-	0xb0, 0x34, 0x1a, 0xce, 0x04, 0x57, 0x01, 0x22, 0x15, 0xdc, 0xef, 0xd1, 0x41, 0xa6, 0x37, 0x17,
-	0xe5, 0x30, 0xfc, 0x08, 0x66, 0x8f, 0x68, 0x28, 0x18, 0xf7, 0xb3, 0xdd, 0x5a, 0x29, 0x1a, 0xfc,
-	0x65, 0x0a, 0x69, 0xce, 0x1c, 0x9f, 0xd4, 0xa6, 0x48, 0xce, 0xa8, 0xbf, 0xd7, 0x40, 0x6b, 0x35,
-	0xf0, 0x3b, 0xa4, 0x6a, 0x5f, 0x18, 0x0a, 0xdb, 0x45, 0x5a, 0x13, 0xdc, 0xa9, 0x6c, 0x5e, 0x9d,
-	0x90, 0x8e, 0x67, 0xfe, 0xff, 0xed, 0xeb, 0xef, 0xcf, 0x9a, 0x76, 0x1d, 0xe1, 0x37, 0x50, 0x1e,
-	0x36, 0x00, 0xaf, 0x8f, 0xd1, 0x3a, 0xef, 0x5c, 0x65, 0xe3, 0x72, 0x60, 0x56, 0x6c, 0x59, 0x15,
-	0x5b, 0x84, 0x6b, 0x0a, 0x79, 0xb7, 0xef, 0xf8, 0x4e, 0x97, 0x86, 0xf5, 0x4f, 0x1a, 0xa8, 0xbd,
-	0xca, 0xac, 0x28, 0xda, 0xca, 0x62, 0x2b, 0x26, 0xfc, 0x2b, 0x8b, 0xad, 0x98, 0xb4, 0xf0, 0x43,
-	0x56, 0x7c, 0x40, 0xb0, 0x5c, 0xf8, 0x24, 0xe1, 0xcd, 0x71, 0x6b, 0x3d, 0xee, 0x0d, 0xac, 0x6c,
-	0xfd, 0x03, 0xe3, 0x7c, 0x23, 0x4d, 0xfd, 0xf8, 0xd4, 0x98, 0xfa, 0x79, 0x6a, 0x4c, 0xbd, 0x8d,
-	0x0d, 0x74, 0x1c, 0x1b, 0xe8, 0x7b, 0x6c, 0xa0, 0x5f, 0xb1, 0x81, 0xda, 0x25, 0xf5, 0x02, 0xdf,
-	0xfb, 0x13, 0x00, 0x00, 0xff, 0xff, 0xe1, 0xda, 0xca, 0xba, 0x67, 0x06, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/control.pb.go b/vendor/github.com/docker/swarmkit/api/control.pb.go
index 25f0c854cf31a..9268b44c2b4b4 100644
--- a/vendor/github.com/docker/swarmkit/api/control.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/control.pb.go
@@ -3,35 +3,40 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/docker/swarmkit/protobuf/plugin"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import raftselector "github.com/docker/swarmkit/manager/raftselector"
-import codes "google.golang.org/grpc/codes"
-import status "google.golang.org/grpc/status"
-import metadata "google.golang.org/grpc/metadata"
-import peer "google.golang.org/grpc/peer"
-import rafttime "time"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	raftselector "github.com/docker/swarmkit/manager/raftselector"
+	_ "github.com/docker/swarmkit/protobuf/plugin"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	types "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	metadata "google.golang.org/grpc/metadata"
+	peer "google.golang.org/grpc/peer"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	rafttime "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type UpdateServiceRequest_Rollback int32
 
 const (
@@ -47,6 +52,7 @@ var UpdateServiceRequest_Rollback_name = map[int32]string{
 	0: "NONE",
 	1: "PREVIOUS",
 }
+
 var UpdateServiceRequest_Rollback_value = map[string]int32{
 	"NONE":     0,
 	"PREVIOUS": 1,
@@ -55,82 +61,277 @@ var UpdateServiceRequest_Rollback_value = map[string]int32{
 func (x UpdateServiceRequest_Rollback) String() string {
 	return proto.EnumName(UpdateServiceRequest_Rollback_name, int32(x))
 }
+
 func (UpdateServiceRequest_Rollback) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorControl, []int{18, 0}
+	return fileDescriptor_b37401dd08bf8930, []int{18, 0}
 }
 
 type GetNodeRequest struct {
 	NodeID string `protobuf:"bytes,1,opt,name=node_id,json=nodeId,proto3" json:"node_id,omitempty"`
 }
 
-func (m *GetNodeRequest) Reset()                    { *m = GetNodeRequest{} }
-func (*GetNodeRequest) ProtoMessage()               {}
-func (*GetNodeRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{0} }
+func (m *GetNodeRequest) Reset()      { *m = GetNodeRequest{} }
+func (*GetNodeRequest) ProtoMessage() {}
+func (*GetNodeRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{0}
+}
+func (m *GetNodeRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetNodeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetNodeRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetNodeRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetNodeRequest.Merge(m, src)
+}
+func (m *GetNodeRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetNodeRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetNodeRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetNodeRequest proto.InternalMessageInfo
 
 type GetNodeResponse struct {
-	Node *Node `protobuf:"bytes,1,opt,name=node" json:"node,omitempty"`
+	Node *Node `protobuf:"bytes,1,opt,name=node,proto3" json:"node,omitempty"`
+}
+
+func (m *GetNodeResponse) Reset()      { *m = GetNodeResponse{} }
+func (*GetNodeResponse) ProtoMessage() {}
+func (*GetNodeResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{1}
+}
+func (m *GetNodeResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetNodeResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetNodeResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetNodeResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetNodeResponse.Merge(m, src)
+}
+func (m *GetNodeResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetNodeResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetNodeResponse.DiscardUnknown(m)
 }
 
-func (m *GetNodeResponse) Reset()                    { *m = GetNodeResponse{} }
-func (*GetNodeResponse) ProtoMessage()               {}
-func (*GetNodeResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{1} }
+var xxx_messageInfo_GetNodeResponse proto.InternalMessageInfo
 
 type ListNodesRequest struct {
-	Filters *ListNodesRequest_Filters `protobuf:"bytes,1,opt,name=filters" json:"filters,omitempty"`
+	Filters *ListNodesRequest_Filters `protobuf:"bytes,1,opt,name=filters,proto3" json:"filters,omitempty"`
 }
 
-func (m *ListNodesRequest) Reset()                    { *m = ListNodesRequest{} }
-func (*ListNodesRequest) ProtoMessage()               {}
-func (*ListNodesRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{2} }
+func (m *ListNodesRequest) Reset()      { *m = ListNodesRequest{} }
+func (*ListNodesRequest) ProtoMessage() {}
+func (*ListNodesRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{2}
+}
+func (m *ListNodesRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListNodesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListNodesRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListNodesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListNodesRequest.Merge(m, src)
+}
+func (m *ListNodesRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListNodesRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListNodesRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListNodesRequest proto.InternalMessageInfo
 
 type ListNodesRequest_Filters struct {
-	Names      []string `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"`
-	IDPrefixes []string `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes" json:"id_prefixes,omitempty"`
+	Names      []string `protobuf:"bytes,1,rep,name=names,proto3" json:"names,omitempty"`
+	IDPrefixes []string `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes,proto3" json:"id_prefixes,omitempty"`
 	// Labels refers to engine labels, which are labels set by the user on the
 	// node and reported back to the managers
-	Labels map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// NodeLabels are labels set on the node object on the managers.
-	NodeLabels  map[string]string     `protobuf:"bytes,7,rep,name=node_labels,json=nodeLabels" json:"node_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	Memberships []NodeSpec_Membership `protobuf:"varint,4,rep,name=memberships,enum=docker.swarmkit.v1.NodeSpec_Membership" json:"memberships,omitempty"`
-	Roles       []NodeRole            `protobuf:"varint,5,rep,name=roles,enum=docker.swarmkit.v1.NodeRole" json:"roles,omitempty"`
+	NodeLabels  map[string]string     `protobuf:"bytes,7,rep,name=node_labels,json=nodeLabels,proto3" json:"node_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Memberships []NodeSpec_Membership `protobuf:"varint,4,rep,name=memberships,proto3,enum=docker.swarmkit.v1.NodeSpec_Membership" json:"memberships,omitempty"`
+	Roles       []NodeRole            `protobuf:"varint,5,rep,name=roles,proto3,enum=docker.swarmkit.v1.NodeRole" json:"roles,omitempty"`
 	// NamePrefixes matches all objects with the given prefixes
-	NamePrefixes []string `protobuf:"bytes,6,rep,name=name_prefixes,json=namePrefixes" json:"name_prefixes,omitempty"`
+	NamePrefixes []string `protobuf:"bytes,6,rep,name=name_prefixes,json=namePrefixes,proto3" json:"name_prefixes,omitempty"`
 }
 
 func (m *ListNodesRequest_Filters) Reset()      { *m = ListNodesRequest_Filters{} }
 func (*ListNodesRequest_Filters) ProtoMessage() {}
 func (*ListNodesRequest_Filters) Descriptor() ([]byte, []int) {
-	return fileDescriptorControl, []int{2, 0}
+	return fileDescriptor_b37401dd08bf8930, []int{2, 0}
+}
+func (m *ListNodesRequest_Filters) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListNodesRequest_Filters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListNodesRequest_Filters.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListNodesRequest_Filters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListNodesRequest_Filters.Merge(m, src)
+}
+func (m *ListNodesRequest_Filters) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListNodesRequest_Filters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListNodesRequest_Filters.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_ListNodesRequest_Filters proto.InternalMessageInfo
+
 type ListNodesResponse struct {
-	Nodes []*Node `protobuf:"bytes,1,rep,name=nodes" json:"nodes,omitempty"`
+	Nodes []*Node `protobuf:"bytes,1,rep,name=nodes,proto3" json:"nodes,omitempty"`
+}
+
+func (m *ListNodesResponse) Reset()      { *m = ListNodesResponse{} }
+func (*ListNodesResponse) ProtoMessage() {}
+func (*ListNodesResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{3}
+}
+func (m *ListNodesResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListNodesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListNodesResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListNodesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListNodesResponse.Merge(m, src)
+}
+func (m *ListNodesResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListNodesResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListNodesResponse.DiscardUnknown(m)
 }
 
-func (m *ListNodesResponse) Reset()                    { *m = ListNodesResponse{} }
-func (*ListNodesResponse) ProtoMessage()               {}
-func (*ListNodesResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{3} }
+var xxx_messageInfo_ListNodesResponse proto.InternalMessageInfo
 
 // UpdateNodeRequest requests an update to the specified node. This may be used
 // to request a new availability for a node, such as PAUSE. Invalid updates
 // will be denied and cause an error.
 type UpdateNodeRequest struct {
 	NodeID      string    `protobuf:"bytes,1,opt,name=node_id,json=nodeId,proto3" json:"node_id,omitempty"`
-	NodeVersion *Version  `protobuf:"bytes,2,opt,name=node_version,json=nodeVersion" json:"node_version,omitempty"`
-	Spec        *NodeSpec `protobuf:"bytes,3,opt,name=spec" json:"spec,omitempty"`
+	NodeVersion *Version  `protobuf:"bytes,2,opt,name=node_version,json=nodeVersion,proto3" json:"node_version,omitempty"`
+	Spec        *NodeSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec,omitempty"`
 }
 
-func (m *UpdateNodeRequest) Reset()                    { *m = UpdateNodeRequest{} }
-func (*UpdateNodeRequest) ProtoMessage()               {}
-func (*UpdateNodeRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{4} }
+func (m *UpdateNodeRequest) Reset()      { *m = UpdateNodeRequest{} }
+func (*UpdateNodeRequest) ProtoMessage() {}
+func (*UpdateNodeRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{4}
+}
+func (m *UpdateNodeRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateNodeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateNodeRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateNodeRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateNodeRequest.Merge(m, src)
+}
+func (m *UpdateNodeRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateNodeRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateNodeRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateNodeRequest proto.InternalMessageInfo
 
 type UpdateNodeResponse struct {
-	Node *Node `protobuf:"bytes,1,opt,name=node" json:"node,omitempty"`
+	Node *Node `protobuf:"bytes,1,opt,name=node,proto3" json:"node,omitempty"`
+}
+
+func (m *UpdateNodeResponse) Reset()      { *m = UpdateNodeResponse{} }
+func (*UpdateNodeResponse) ProtoMessage() {}
+func (*UpdateNodeResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{5}
+}
+func (m *UpdateNodeResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateNodeResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateNodeResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateNodeResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateNodeResponse.Merge(m, src)
+}
+func (m *UpdateNodeResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateNodeResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateNodeResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateNodeResponse) Reset()                    { *m = UpdateNodeResponse{} }
-func (*UpdateNodeResponse) ProtoMessage()               {}
-func (*UpdateNodeResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{5} }
+var xxx_messageInfo_UpdateNodeResponse proto.InternalMessageInfo
 
 // RemoveNodeRequest requests to delete the specified node from store.
 type RemoveNodeRequest struct {
@@ -138,66 +339,262 @@ type RemoveNodeRequest struct {
 	Force  bool   `protobuf:"varint,2,opt,name=force,proto3" json:"force,omitempty"`
 }
 
-func (m *RemoveNodeRequest) Reset()                    { *m = RemoveNodeRequest{} }
-func (*RemoveNodeRequest) ProtoMessage()               {}
-func (*RemoveNodeRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{6} }
+func (m *RemoveNodeRequest) Reset()      { *m = RemoveNodeRequest{} }
+func (*RemoveNodeRequest) ProtoMessage() {}
+func (*RemoveNodeRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{6}
+}
+func (m *RemoveNodeRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveNodeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveNodeRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveNodeRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveNodeRequest.Merge(m, src)
+}
+func (m *RemoveNodeRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveNodeRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveNodeRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveNodeRequest proto.InternalMessageInfo
 
 type RemoveNodeResponse struct {
 }
 
-func (m *RemoveNodeResponse) Reset()                    { *m = RemoveNodeResponse{} }
-func (*RemoveNodeResponse) ProtoMessage()               {}
-func (*RemoveNodeResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{7} }
+func (m *RemoveNodeResponse) Reset()      { *m = RemoveNodeResponse{} }
+func (*RemoveNodeResponse) ProtoMessage() {}
+func (*RemoveNodeResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{7}
+}
+func (m *RemoveNodeResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveNodeResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveNodeResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveNodeResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveNodeResponse.Merge(m, src)
+}
+func (m *RemoveNodeResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveNodeResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveNodeResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveNodeResponse proto.InternalMessageInfo
 
 type GetTaskRequest struct {
 	TaskID string `protobuf:"bytes,1,opt,name=task_id,json=taskId,proto3" json:"task_id,omitempty"`
 }
 
-func (m *GetTaskRequest) Reset()                    { *m = GetTaskRequest{} }
-func (*GetTaskRequest) ProtoMessage()               {}
-func (*GetTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{8} }
+func (m *GetTaskRequest) Reset()      { *m = GetTaskRequest{} }
+func (*GetTaskRequest) ProtoMessage() {}
+func (*GetTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{8}
+}
+func (m *GetTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetTaskRequest.Merge(m, src)
+}
+func (m *GetTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetTaskRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetTaskRequest proto.InternalMessageInfo
 
 type GetTaskResponse struct {
-	Task *Task `protobuf:"bytes,1,opt,name=task" json:"task,omitempty"`
+	Task *Task `protobuf:"bytes,1,opt,name=task,proto3" json:"task,omitempty"`
+}
+
+func (m *GetTaskResponse) Reset()      { *m = GetTaskResponse{} }
+func (*GetTaskResponse) ProtoMessage() {}
+func (*GetTaskResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{9}
+}
+func (m *GetTaskResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetTaskResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetTaskResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetTaskResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetTaskResponse.Merge(m, src)
+}
+func (m *GetTaskResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetTaskResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetTaskResponse.DiscardUnknown(m)
 }
 
-func (m *GetTaskResponse) Reset()                    { *m = GetTaskResponse{} }
-func (*GetTaskResponse) ProtoMessage()               {}
-func (*GetTaskResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{9} }
+var xxx_messageInfo_GetTaskResponse proto.InternalMessageInfo
 
 type RemoveTaskRequest struct {
 	TaskID string `protobuf:"bytes,1,opt,name=task_id,json=taskId,proto3" json:"task_id,omitempty"`
 }
 
-func (m *RemoveTaskRequest) Reset()                    { *m = RemoveTaskRequest{} }
-func (*RemoveTaskRequest) ProtoMessage()               {}
-func (*RemoveTaskRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{10} }
+func (m *RemoveTaskRequest) Reset()      { *m = RemoveTaskRequest{} }
+func (*RemoveTaskRequest) ProtoMessage() {}
+func (*RemoveTaskRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{10}
+}
+func (m *RemoveTaskRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveTaskRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveTaskRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveTaskRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveTaskRequest.Merge(m, src)
+}
+func (m *RemoveTaskRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveTaskRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveTaskRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveTaskRequest proto.InternalMessageInfo
 
 type RemoveTaskResponse struct {
 }
 
-func (m *RemoveTaskResponse) Reset()                    { *m = RemoveTaskResponse{} }
-func (*RemoveTaskResponse) ProtoMessage()               {}
-func (*RemoveTaskResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{11} }
+func (m *RemoveTaskResponse) Reset()      { *m = RemoveTaskResponse{} }
+func (*RemoveTaskResponse) ProtoMessage() {}
+func (*RemoveTaskResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{11}
+}
+func (m *RemoveTaskResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveTaskResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveTaskResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveTaskResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveTaskResponse.Merge(m, src)
+}
+func (m *RemoveTaskResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveTaskResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveTaskResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveTaskResponse proto.InternalMessageInfo
 
 type ListTasksRequest struct {
-	Filters *ListTasksRequest_Filters `protobuf:"bytes,1,opt,name=filters" json:"filters,omitempty"`
+	Filters *ListTasksRequest_Filters `protobuf:"bytes,1,opt,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (m *ListTasksRequest) Reset()      { *m = ListTasksRequest{} }
+func (*ListTasksRequest) ProtoMessage() {}
+func (*ListTasksRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{12}
+}
+func (m *ListTasksRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListTasksRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListTasksRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListTasksRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListTasksRequest.Merge(m, src)
+}
+func (m *ListTasksRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListTasksRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListTasksRequest.DiscardUnknown(m)
 }
 
-func (m *ListTasksRequest) Reset()                    { *m = ListTasksRequest{} }
-func (*ListTasksRequest) ProtoMessage()               {}
-func (*ListTasksRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{12} }
+var xxx_messageInfo_ListTasksRequest proto.InternalMessageInfo
 
 type ListTasksRequest_Filters struct {
-	Names         []string          `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"`
-	IDPrefixes    []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes" json:"id_prefixes,omitempty"`
-	Labels        map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	ServiceIDs    []string          `protobuf:"bytes,4,rep,name=service_ids,json=serviceIds" json:"service_ids,omitempty"`
-	NodeIDs       []string          `protobuf:"bytes,5,rep,name=node_ids,json=nodeIds" json:"node_ids,omitempty"`
-	DesiredStates []TaskState       `protobuf:"varint,6,rep,name=desired_states,json=desiredStates,enum=docker.swarmkit.v1.TaskState" json:"desired_states,omitempty"`
+	Names         []string          `protobuf:"bytes,1,rep,name=names,proto3" json:"names,omitempty"`
+	IDPrefixes    []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes,proto3" json:"id_prefixes,omitempty"`
+	Labels        map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	ServiceIDs    []string          `protobuf:"bytes,4,rep,name=service_ids,json=serviceIds,proto3" json:"service_ids,omitempty"`
+	NodeIDs       []string          `protobuf:"bytes,5,rep,name=node_ids,json=nodeIds,proto3" json:"node_ids,omitempty"`
+	DesiredStates []TaskState       `protobuf:"varint,6,rep,name=desired_states,json=desiredStates,proto3,enum=docker.swarmkit.v1.TaskState" json:"desired_states,omitempty"`
 	// NamePrefixes matches all objects with the given prefixes
-	NamePrefixes []string `protobuf:"bytes,7,rep,name=name_prefixes,json=namePrefixes" json:"name_prefixes,omitempty"`
-	Runtimes     []string `protobuf:"bytes,9,rep,name=runtimes" json:"runtimes,omitempty"`
+	NamePrefixes []string `protobuf:"bytes,7,rep,name=name_prefixes,json=namePrefixes,proto3" json:"name_prefixes,omitempty"`
+	Runtimes     []string `protobuf:"bytes,9,rep,name=runtimes,proto3" json:"runtimes,omitempty"`
 	// UpToDate matches tasks that are consistent with the current
 	// service definition.
 	// Note: this is intended for internal status reporting rather
@@ -208,242 +605,1123 @@ type ListTasksRequest_Filters struct {
 func (m *ListTasksRequest_Filters) Reset()      { *m = ListTasksRequest_Filters{} }
 func (*ListTasksRequest_Filters) ProtoMessage() {}
 func (*ListTasksRequest_Filters) Descriptor() ([]byte, []int) {
-	return fileDescriptorControl, []int{12, 0}
+	return fileDescriptor_b37401dd08bf8930, []int{12, 0}
+}
+func (m *ListTasksRequest_Filters) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListTasksRequest_Filters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListTasksRequest_Filters.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListTasksRequest_Filters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListTasksRequest_Filters.Merge(m, src)
+}
+func (m *ListTasksRequest_Filters) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListTasksRequest_Filters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListTasksRequest_Filters.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_ListTasksRequest_Filters proto.InternalMessageInfo
+
 type ListTasksResponse struct {
-	Tasks []*Task `protobuf:"bytes,1,rep,name=tasks" json:"tasks,omitempty"`
+	Tasks []*Task `protobuf:"bytes,1,rep,name=tasks,proto3" json:"tasks,omitempty"`
+}
+
+func (m *ListTasksResponse) Reset()      { *m = ListTasksResponse{} }
+func (*ListTasksResponse) ProtoMessage() {}
+func (*ListTasksResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{13}
+}
+func (m *ListTasksResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListTasksResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListTasksResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListTasksResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListTasksResponse.Merge(m, src)
+}
+func (m *ListTasksResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListTasksResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListTasksResponse.DiscardUnknown(m)
 }
 
-func (m *ListTasksResponse) Reset()                    { *m = ListTasksResponse{} }
-func (*ListTasksResponse) ProtoMessage()               {}
-func (*ListTasksResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{13} }
+var xxx_messageInfo_ListTasksResponse proto.InternalMessageInfo
 
 type CreateServiceRequest struct {
-	Spec *ServiceSpec `protobuf:"bytes,1,opt,name=spec" json:"spec,omitempty"`
+	Spec *ServiceSpec `protobuf:"bytes,1,opt,name=spec,proto3" json:"spec,omitempty"`
+}
+
+func (m *CreateServiceRequest) Reset()      { *m = CreateServiceRequest{} }
+func (*CreateServiceRequest) ProtoMessage() {}
+func (*CreateServiceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{14}
+}
+func (m *CreateServiceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateServiceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateServiceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateServiceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateServiceRequest.Merge(m, src)
+}
+func (m *CreateServiceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateServiceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateServiceRequest.DiscardUnknown(m)
 }
 
-func (m *CreateServiceRequest) Reset()                    { *m = CreateServiceRequest{} }
-func (*CreateServiceRequest) ProtoMessage()               {}
-func (*CreateServiceRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{14} }
+var xxx_messageInfo_CreateServiceRequest proto.InternalMessageInfo
 
 type CreateServiceResponse struct {
-	Service *Service `protobuf:"bytes,1,opt,name=service" json:"service,omitempty"`
+	Service *Service `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
+}
+
+func (m *CreateServiceResponse) Reset()      { *m = CreateServiceResponse{} }
+func (*CreateServiceResponse) ProtoMessage() {}
+func (*CreateServiceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{15}
+}
+func (m *CreateServiceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateServiceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateServiceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateServiceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateServiceResponse.Merge(m, src)
+}
+func (m *CreateServiceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateServiceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateServiceResponse.DiscardUnknown(m)
 }
 
-func (m *CreateServiceResponse) Reset()                    { *m = CreateServiceResponse{} }
-func (*CreateServiceResponse) ProtoMessage()               {}
-func (*CreateServiceResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{15} }
+var xxx_messageInfo_CreateServiceResponse proto.InternalMessageInfo
 
 type GetServiceRequest struct {
 	ServiceID      string `protobuf:"bytes,1,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"`
 	InsertDefaults bool   `protobuf:"varint,2,opt,name=insert_defaults,json=insertDefaults,proto3" json:"insert_defaults,omitempty"`
 }
 
-func (m *GetServiceRequest) Reset()                    { *m = GetServiceRequest{} }
-func (*GetServiceRequest) ProtoMessage()               {}
-func (*GetServiceRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{16} }
+func (m *GetServiceRequest) Reset()      { *m = GetServiceRequest{} }
+func (*GetServiceRequest) ProtoMessage() {}
+func (*GetServiceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{16}
+}
+func (m *GetServiceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetServiceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetServiceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetServiceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetServiceRequest.Merge(m, src)
+}
+func (m *GetServiceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetServiceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetServiceRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetServiceRequest proto.InternalMessageInfo
 
 type GetServiceResponse struct {
-	Service *Service `protobuf:"bytes,1,opt,name=service" json:"service,omitempty"`
+	Service *Service `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
+}
+
+func (m *GetServiceResponse) Reset()      { *m = GetServiceResponse{} }
+func (*GetServiceResponse) ProtoMessage() {}
+func (*GetServiceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{17}
+}
+func (m *GetServiceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetServiceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetServiceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetServiceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetServiceResponse.Merge(m, src)
+}
+func (m *GetServiceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetServiceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetServiceResponse.DiscardUnknown(m)
 }
 
-func (m *GetServiceResponse) Reset()                    { *m = GetServiceResponse{} }
-func (*GetServiceResponse) ProtoMessage()               {}
-func (*GetServiceResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{17} }
+var xxx_messageInfo_GetServiceResponse proto.InternalMessageInfo
 
 type UpdateServiceRequest struct {
 	ServiceID      string       `protobuf:"bytes,1,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"`
-	ServiceVersion *Version     `protobuf:"bytes,2,opt,name=service_version,json=serviceVersion" json:"service_version,omitempty"`
-	Spec           *ServiceSpec `protobuf:"bytes,3,opt,name=spec" json:"spec,omitempty"`
+	ServiceVersion *Version     `protobuf:"bytes,2,opt,name=service_version,json=serviceVersion,proto3" json:"service_version,omitempty"`
+	Spec           *ServiceSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec,omitempty"`
 	// Rollback may be set to PREVIOUS to request a rollback (the service's
 	// spec will be set to the value of its previous_spec field). In this
 	// case, the spec field of this request is ignored.
 	Rollback UpdateServiceRequest_Rollback `protobuf:"varint,4,opt,name=rollback,proto3,enum=docker.swarmkit.v1.UpdateServiceRequest_Rollback" json:"rollback,omitempty"`
 }
 
-func (m *UpdateServiceRequest) Reset()                    { *m = UpdateServiceRequest{} }
-func (*UpdateServiceRequest) ProtoMessage()               {}
-func (*UpdateServiceRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{18} }
+func (m *UpdateServiceRequest) Reset()      { *m = UpdateServiceRequest{} }
+func (*UpdateServiceRequest) ProtoMessage() {}
+func (*UpdateServiceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{18}
+}
+func (m *UpdateServiceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateServiceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateServiceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateServiceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateServiceRequest.Merge(m, src)
+}
+func (m *UpdateServiceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateServiceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateServiceRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateServiceRequest proto.InternalMessageInfo
 
 type UpdateServiceResponse struct {
-	Service *Service `protobuf:"bytes,1,opt,name=service" json:"service,omitempty"`
+	Service *Service `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
+}
+
+func (m *UpdateServiceResponse) Reset()      { *m = UpdateServiceResponse{} }
+func (*UpdateServiceResponse) ProtoMessage() {}
+func (*UpdateServiceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{19}
+}
+func (m *UpdateServiceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateServiceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateServiceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateServiceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateServiceResponse.Merge(m, src)
+}
+func (m *UpdateServiceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateServiceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateServiceResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateServiceResponse) Reset()                    { *m = UpdateServiceResponse{} }
-func (*UpdateServiceResponse) ProtoMessage()               {}
-func (*UpdateServiceResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{19} }
+var xxx_messageInfo_UpdateServiceResponse proto.InternalMessageInfo
 
 type RemoveServiceRequest struct {
 	ServiceID string `protobuf:"bytes,1,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"`
 }
 
-func (m *RemoveServiceRequest) Reset()                    { *m = RemoveServiceRequest{} }
-func (*RemoveServiceRequest) ProtoMessage()               {}
-func (*RemoveServiceRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{20} }
-
-type RemoveServiceResponse struct {
+func (m *RemoveServiceRequest) Reset()      { *m = RemoveServiceRequest{} }
+func (*RemoveServiceRequest) ProtoMessage() {}
+func (*RemoveServiceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{20}
 }
-
-func (m *RemoveServiceResponse) Reset()                    { *m = RemoveServiceResponse{} }
-func (*RemoveServiceResponse) ProtoMessage()               {}
-func (*RemoveServiceResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{21} }
-
-type ListServicesRequest struct {
-	Filters *ListServicesRequest_Filters `protobuf:"bytes,1,opt,name=filters" json:"filters,omitempty"`
+func (m *RemoveServiceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveServiceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveServiceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveServiceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveServiceRequest.Merge(m, src)
+}
+func (m *RemoveServiceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveServiceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveServiceRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveServiceRequest proto.InternalMessageInfo
+
+type RemoveServiceResponse struct {
+}
+
+func (m *RemoveServiceResponse) Reset()      { *m = RemoveServiceResponse{} }
+func (*RemoveServiceResponse) ProtoMessage() {}
+func (*RemoveServiceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{21}
+}
+func (m *RemoveServiceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveServiceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveServiceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveServiceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveServiceResponse.Merge(m, src)
+}
+func (m *RemoveServiceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveServiceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveServiceResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveServiceResponse proto.InternalMessageInfo
+
+type ListServicesRequest struct {
+	Filters *ListServicesRequest_Filters `protobuf:"bytes,1,opt,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (m *ListServicesRequest) Reset()      { *m = ListServicesRequest{} }
+func (*ListServicesRequest) ProtoMessage() {}
+func (*ListServicesRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{22}
+}
+func (m *ListServicesRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListServicesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListServicesRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListServicesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListServicesRequest.Merge(m, src)
+}
+func (m *ListServicesRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListServicesRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListServicesRequest.DiscardUnknown(m)
 }
 
-func (m *ListServicesRequest) Reset()                    { *m = ListServicesRequest{} }
-func (*ListServicesRequest) ProtoMessage()               {}
-func (*ListServicesRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{22} }
-
+var xxx_messageInfo_ListServicesRequest proto.InternalMessageInfo
+
 type ListServicesRequest_Filters struct {
-	Names      []string          `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"`
-	IDPrefixes []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes" json:"id_prefixes,omitempty"`
-	Labels     map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Names      []string          `protobuf:"bytes,1,rep,name=names,proto3" json:"names,omitempty"`
+	IDPrefixes []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes,proto3" json:"id_prefixes,omitempty"`
+	Labels     map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// NamePrefixes matches all objects with the given prefixes
-	NamePrefixes []string `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes" json:"name_prefixes,omitempty"`
-	Runtimes     []string `protobuf:"bytes,5,rep,name=runtimes" json:"runtimes,omitempty"`
+	NamePrefixes []string `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes,proto3" json:"name_prefixes,omitempty"`
+	Runtimes     []string `protobuf:"bytes,5,rep,name=runtimes,proto3" json:"runtimes,omitempty"`
 }
 
 func (m *ListServicesRequest_Filters) Reset()      { *m = ListServicesRequest_Filters{} }
 func (*ListServicesRequest_Filters) ProtoMessage() {}
 func (*ListServicesRequest_Filters) Descriptor() ([]byte, []int) {
-	return fileDescriptorControl, []int{22, 0}
+	return fileDescriptor_b37401dd08bf8930, []int{22, 0}
+}
+func (m *ListServicesRequest_Filters) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListServicesRequest_Filters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListServicesRequest_Filters.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListServicesRequest_Filters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListServicesRequest_Filters.Merge(m, src)
+}
+func (m *ListServicesRequest_Filters) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListServicesRequest_Filters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListServicesRequest_Filters.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_ListServicesRequest_Filters proto.InternalMessageInfo
+
 type ListServicesResponse struct {
-	Services []*Service `protobuf:"bytes,1,rep,name=services" json:"services,omitempty"`
+	Services []*Service `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
+}
+
+func (m *ListServicesResponse) Reset()      { *m = ListServicesResponse{} }
+func (*ListServicesResponse) ProtoMessage() {}
+func (*ListServicesResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{23}
+}
+func (m *ListServicesResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListServicesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListServicesResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListServicesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListServicesResponse.Merge(m, src)
+}
+func (m *ListServicesResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListServicesResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListServicesResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListServicesResponse proto.InternalMessageInfo
+
+// ListServiceStatusesRequest is a request to get the aggregate status of a
+// service by computing the number of running vs desired tasks. It includes
+// only a service ID.
+type ListServiceStatusesRequest struct {
+	// Services is a list of service IDs to get statuses for.
+	Services []string `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
+}
+
+func (m *ListServiceStatusesRequest) Reset()      { *m = ListServiceStatusesRequest{} }
+func (*ListServiceStatusesRequest) ProtoMessage() {}
+func (*ListServiceStatusesRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{24}
+}
+func (m *ListServiceStatusesRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListServiceStatusesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListServiceStatusesRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListServiceStatusesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListServiceStatusesRequest.Merge(m, src)
+}
+func (m *ListServiceStatusesRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListServiceStatusesRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListServiceStatusesRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListServiceStatusesRequest proto.InternalMessageInfo
+
+// ListServiceStatusesResponse is a response containing the aggregate status of
+// a service, formed by computing the number of running vs desired tasks. The
+// values returned are only valid for the point in time at which the request is
+// made.
+type ListServiceStatusesResponse struct {
+	Statuses []*ListServiceStatusesResponse_ServiceStatus `protobuf:"bytes,1,rep,name=statuses,proto3" json:"statuses,omitempty"`
+}
+
+func (m *ListServiceStatusesResponse) Reset()      { *m = ListServiceStatusesResponse{} }
+func (*ListServiceStatusesResponse) ProtoMessage() {}
+func (*ListServiceStatusesResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{25}
+}
+func (m *ListServiceStatusesResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListServiceStatusesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListServiceStatusesResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListServiceStatusesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListServiceStatusesResponse.Merge(m, src)
+}
+func (m *ListServiceStatusesResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListServiceStatusesResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListServiceStatusesResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListServiceStatusesResponse proto.InternalMessageInfo
+
+type ListServiceStatusesResponse_ServiceStatus struct {
+	// ServiceID is the ID of the service this status describes
+	ServiceID string `protobuf:"bytes,1,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"`
+	// DesiredTasks is the number of tasks desired to be running according to the
+	// service definition at request time. It is a uint64 because that is what
+	// the replicas field on the service spec is
+	DesiredTasks uint64 `protobuf:"varint,2,opt,name=desired_tasks,json=desiredTasks,proto3" json:"desired_tasks,omitempty"`
+	// RunningTasks is the number of tasks currently in the Running state at
+	// request time. This may be larger than desired tasks if, for example, a
+	// service has been scaled down.
+	RunningTasks uint64 `protobuf:"varint,3,opt,name=running_tasks,json=runningTasks,proto3" json:"running_tasks,omitempty"`
+	// CompletedTasks is the number of tasks in state Completed, if this
+	// service is in mode ReplicatedJob or GlobalJob. This must be
+	// cross-referenced with the service type, because the default value of 0
+	// may mean that a service is not in a Job mode, or it may mean the Job has
+	// yet to complete any Tasks.
+	CompletedTasks uint64 `protobuf:"varint,4,opt,name=completed_tasks,json=completedTasks,proto3" json:"completed_tasks,omitempty"`
+}
+
+func (m *ListServiceStatusesResponse_ServiceStatus) Reset() {
+	*m = ListServiceStatusesResponse_ServiceStatus{}
+}
+func (*ListServiceStatusesResponse_ServiceStatus) ProtoMessage() {}
+func (*ListServiceStatusesResponse_ServiceStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{25, 0}
+}
+func (m *ListServiceStatusesResponse_ServiceStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListServiceStatusesResponse_ServiceStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListServiceStatusesResponse_ServiceStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListServiceStatusesResponse_ServiceStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListServiceStatusesResponse_ServiceStatus.Merge(m, src)
+}
+func (m *ListServiceStatusesResponse_ServiceStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListServiceStatusesResponse_ServiceStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListServiceStatusesResponse_ServiceStatus.DiscardUnknown(m)
 }
 
-func (m *ListServicesResponse) Reset()                    { *m = ListServicesResponse{} }
-func (*ListServicesResponse) ProtoMessage()               {}
-func (*ListServicesResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{23} }
+var xxx_messageInfo_ListServiceStatusesResponse_ServiceStatus proto.InternalMessageInfo
 
 type CreateNetworkRequest struct {
-	Spec *NetworkSpec `protobuf:"bytes,1,opt,name=spec" json:"spec,omitempty"`
+	Spec *NetworkSpec `protobuf:"bytes,1,opt,name=spec,proto3" json:"spec,omitempty"`
+}
+
+func (m *CreateNetworkRequest) Reset()      { *m = CreateNetworkRequest{} }
+func (*CreateNetworkRequest) ProtoMessage() {}
+func (*CreateNetworkRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{26}
+}
+func (m *CreateNetworkRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateNetworkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateNetworkRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateNetworkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateNetworkRequest.Merge(m, src)
+}
+func (m *CreateNetworkRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateNetworkRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateNetworkRequest.DiscardUnknown(m)
 }
 
-func (m *CreateNetworkRequest) Reset()                    { *m = CreateNetworkRequest{} }
-func (*CreateNetworkRequest) ProtoMessage()               {}
-func (*CreateNetworkRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{24} }
+var xxx_messageInfo_CreateNetworkRequest proto.InternalMessageInfo
 
 type CreateNetworkResponse struct {
-	Network *Network `protobuf:"bytes,1,opt,name=network" json:"network,omitempty"`
+	Network *Network `protobuf:"bytes,1,opt,name=network,proto3" json:"network,omitempty"`
+}
+
+func (m *CreateNetworkResponse) Reset()      { *m = CreateNetworkResponse{} }
+func (*CreateNetworkResponse) ProtoMessage() {}
+func (*CreateNetworkResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{27}
+}
+func (m *CreateNetworkResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateNetworkResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateNetworkResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateNetworkResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateNetworkResponse.Merge(m, src)
+}
+func (m *CreateNetworkResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateNetworkResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateNetworkResponse.DiscardUnknown(m)
 }
 
-func (m *CreateNetworkResponse) Reset()                    { *m = CreateNetworkResponse{} }
-func (*CreateNetworkResponse) ProtoMessage()               {}
-func (*CreateNetworkResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{25} }
+var xxx_messageInfo_CreateNetworkResponse proto.InternalMessageInfo
 
 type GetNetworkRequest struct {
 	Name      string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	NetworkID string `protobuf:"bytes,2,opt,name=network_id,json=networkId,proto3" json:"network_id,omitempty"`
 }
 
-func (m *GetNetworkRequest) Reset()                    { *m = GetNetworkRequest{} }
-func (*GetNetworkRequest) ProtoMessage()               {}
-func (*GetNetworkRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{26} }
+func (m *GetNetworkRequest) Reset()      { *m = GetNetworkRequest{} }
+func (*GetNetworkRequest) ProtoMessage() {}
+func (*GetNetworkRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{28}
+}
+func (m *GetNetworkRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetNetworkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetNetworkRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetNetworkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetNetworkRequest.Merge(m, src)
+}
+func (m *GetNetworkRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetNetworkRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetNetworkRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetNetworkRequest proto.InternalMessageInfo
 
 type GetNetworkResponse struct {
-	Network *Network `protobuf:"bytes,1,opt,name=network" json:"network,omitempty"`
+	Network *Network `protobuf:"bytes,1,opt,name=network,proto3" json:"network,omitempty"`
+}
+
+func (m *GetNetworkResponse) Reset()      { *m = GetNetworkResponse{} }
+func (*GetNetworkResponse) ProtoMessage() {}
+func (*GetNetworkResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{29}
+}
+func (m *GetNetworkResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetNetworkResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetNetworkResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetNetworkResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetNetworkResponse.Merge(m, src)
+}
+func (m *GetNetworkResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetNetworkResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetNetworkResponse.DiscardUnknown(m)
 }
 
-func (m *GetNetworkResponse) Reset()                    { *m = GetNetworkResponse{} }
-func (*GetNetworkResponse) ProtoMessage()               {}
-func (*GetNetworkResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{27} }
+var xxx_messageInfo_GetNetworkResponse proto.InternalMessageInfo
 
 type RemoveNetworkRequest struct {
 	Name      string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	NetworkID string `protobuf:"bytes,2,opt,name=network_id,json=networkId,proto3" json:"network_id,omitempty"`
 }
 
-func (m *RemoveNetworkRequest) Reset()                    { *m = RemoveNetworkRequest{} }
-func (*RemoveNetworkRequest) ProtoMessage()               {}
-func (*RemoveNetworkRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{28} }
+func (m *RemoveNetworkRequest) Reset()      { *m = RemoveNetworkRequest{} }
+func (*RemoveNetworkRequest) ProtoMessage() {}
+func (*RemoveNetworkRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{30}
+}
+func (m *RemoveNetworkRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveNetworkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveNetworkRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveNetworkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveNetworkRequest.Merge(m, src)
+}
+func (m *RemoveNetworkRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveNetworkRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveNetworkRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveNetworkRequest proto.InternalMessageInfo
 
 type RemoveNetworkResponse struct {
 }
 
-func (m *RemoveNetworkResponse) Reset()                    { *m = RemoveNetworkResponse{} }
-func (*RemoveNetworkResponse) ProtoMessage()               {}
-func (*RemoveNetworkResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{29} }
+func (m *RemoveNetworkResponse) Reset()      { *m = RemoveNetworkResponse{} }
+func (*RemoveNetworkResponse) ProtoMessage() {}
+func (*RemoveNetworkResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{31}
+}
+func (m *RemoveNetworkResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveNetworkResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveNetworkResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveNetworkResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveNetworkResponse.Merge(m, src)
+}
+func (m *RemoveNetworkResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveNetworkResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveNetworkResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveNetworkResponse proto.InternalMessageInfo
 
 type ListNetworksRequest struct {
-	Filters *ListNetworksRequest_Filters `protobuf:"bytes,1,opt,name=filters" json:"filters,omitempty"`
+	Filters *ListNetworksRequest_Filters `protobuf:"bytes,1,opt,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (m *ListNetworksRequest) Reset()      { *m = ListNetworksRequest{} }
+func (*ListNetworksRequest) ProtoMessage() {}
+func (*ListNetworksRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{32}
+}
+func (m *ListNetworksRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListNetworksRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListNetworksRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListNetworksRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListNetworksRequest.Merge(m, src)
+}
+func (m *ListNetworksRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListNetworksRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListNetworksRequest.DiscardUnknown(m)
 }
 
-func (m *ListNetworksRequest) Reset()                    { *m = ListNetworksRequest{} }
-func (*ListNetworksRequest) ProtoMessage()               {}
-func (*ListNetworksRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{30} }
+var xxx_messageInfo_ListNetworksRequest proto.InternalMessageInfo
 
 type ListNetworksRequest_Filters struct {
-	Names      []string          `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"`
-	IDPrefixes []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes" json:"id_prefixes,omitempty"`
-	Labels     map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Names      []string          `protobuf:"bytes,1,rep,name=names,proto3" json:"names,omitempty"`
+	IDPrefixes []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes,proto3" json:"id_prefixes,omitempty"`
+	Labels     map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// NamePrefixes matches all objects with the given prefixes
-	NamePrefixes []string `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes" json:"name_prefixes,omitempty"`
+	NamePrefixes []string `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes,proto3" json:"name_prefixes,omitempty"`
 }
 
 func (m *ListNetworksRequest_Filters) Reset()      { *m = ListNetworksRequest_Filters{} }
 func (*ListNetworksRequest_Filters) ProtoMessage() {}
 func (*ListNetworksRequest_Filters) Descriptor() ([]byte, []int) {
-	return fileDescriptorControl, []int{30, 0}
+	return fileDescriptor_b37401dd08bf8930, []int{32, 0}
 }
+func (m *ListNetworksRequest_Filters) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListNetworksRequest_Filters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListNetworksRequest_Filters.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListNetworksRequest_Filters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListNetworksRequest_Filters.Merge(m, src)
+}
+func (m *ListNetworksRequest_Filters) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListNetworksRequest_Filters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListNetworksRequest_Filters.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListNetworksRequest_Filters proto.InternalMessageInfo
 
 type ListNetworksResponse struct {
-	Networks []*Network `protobuf:"bytes,1,rep,name=networks" json:"networks,omitempty"`
+	Networks []*Network `protobuf:"bytes,1,rep,name=networks,proto3" json:"networks,omitempty"`
+}
+
+func (m *ListNetworksResponse) Reset()      { *m = ListNetworksResponse{} }
+func (*ListNetworksResponse) ProtoMessage() {}
+func (*ListNetworksResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{33}
+}
+func (m *ListNetworksResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListNetworksResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListNetworksResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListNetworksResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListNetworksResponse.Merge(m, src)
+}
+func (m *ListNetworksResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListNetworksResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListNetworksResponse.DiscardUnknown(m)
 }
 
-func (m *ListNetworksResponse) Reset()                    { *m = ListNetworksResponse{} }
-func (*ListNetworksResponse) ProtoMessage()               {}
-func (*ListNetworksResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{31} }
+var xxx_messageInfo_ListNetworksResponse proto.InternalMessageInfo
 
 type GetClusterRequest struct {
 	ClusterID string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"`
 }
 
-func (m *GetClusterRequest) Reset()                    { *m = GetClusterRequest{} }
-func (*GetClusterRequest) ProtoMessage()               {}
-func (*GetClusterRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{32} }
+func (m *GetClusterRequest) Reset()      { *m = GetClusterRequest{} }
+func (*GetClusterRequest) ProtoMessage() {}
+func (*GetClusterRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{34}
+}
+func (m *GetClusterRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetClusterRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetClusterRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetClusterRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetClusterRequest.Merge(m, src)
+}
+func (m *GetClusterRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetClusterRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetClusterRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetClusterRequest proto.InternalMessageInfo
 
 type GetClusterResponse struct {
-	Cluster *Cluster `protobuf:"bytes,1,opt,name=cluster" json:"cluster,omitempty"`
+	Cluster *Cluster `protobuf:"bytes,1,opt,name=cluster,proto3" json:"cluster,omitempty"`
 }
 
-func (m *GetClusterResponse) Reset()                    { *m = GetClusterResponse{} }
-func (*GetClusterResponse) ProtoMessage()               {}
-func (*GetClusterResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{33} }
+func (m *GetClusterResponse) Reset()      { *m = GetClusterResponse{} }
+func (*GetClusterResponse) ProtoMessage() {}
+func (*GetClusterResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{35}
+}
+func (m *GetClusterResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetClusterResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetClusterResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetClusterResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetClusterResponse.Merge(m, src)
+}
+func (m *GetClusterResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetClusterResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetClusterResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetClusterResponse proto.InternalMessageInfo
 
 type ListClustersRequest struct {
-	Filters *ListClustersRequest_Filters `protobuf:"bytes,1,opt,name=filters" json:"filters,omitempty"`
+	Filters *ListClustersRequest_Filters `protobuf:"bytes,1,opt,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (m *ListClustersRequest) Reset()      { *m = ListClustersRequest{} }
+func (*ListClustersRequest) ProtoMessage() {}
+func (*ListClustersRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{36}
+}
+func (m *ListClustersRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListClustersRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListClustersRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListClustersRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListClustersRequest.Merge(m, src)
+}
+func (m *ListClustersRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListClustersRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListClustersRequest.DiscardUnknown(m)
 }
 
-func (m *ListClustersRequest) Reset()                    { *m = ListClustersRequest{} }
-func (*ListClustersRequest) ProtoMessage()               {}
-func (*ListClustersRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{34} }
+var xxx_messageInfo_ListClustersRequest proto.InternalMessageInfo
 
 type ListClustersRequest_Filters struct {
-	Names      []string          `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"`
-	IDPrefixes []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes" json:"id_prefixes,omitempty"`
-	Labels     map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Names      []string          `protobuf:"bytes,1,rep,name=names,proto3" json:"names,omitempty"`
+	IDPrefixes []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes,proto3" json:"id_prefixes,omitempty"`
+	Labels     map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// NamePrefixes matches all objects with the given prefixes
-	NamePrefixes []string `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes" json:"name_prefixes,omitempty"`
+	NamePrefixes []string `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes,proto3" json:"name_prefixes,omitempty"`
 }
 
 func (m *ListClustersRequest_Filters) Reset()      { *m = ListClustersRequest_Filters{} }
 func (*ListClustersRequest_Filters) ProtoMessage() {}
 func (*ListClustersRequest_Filters) Descriptor() ([]byte, []int) {
-	return fileDescriptorControl, []int{34, 0}
+	return fileDescriptor_b37401dd08bf8930, []int{36, 0}
+}
+func (m *ListClustersRequest_Filters) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListClustersRequest_Filters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListClustersRequest_Filters.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
 }
+func (m *ListClustersRequest_Filters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListClustersRequest_Filters.Merge(m, src)
+}
+func (m *ListClustersRequest_Filters) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListClustersRequest_Filters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListClustersRequest_Filters.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListClustersRequest_Filters proto.InternalMessageInfo
 
 type ListClustersResponse struct {
-	Clusters []*Cluster `protobuf:"bytes,1,rep,name=clusters" json:"clusters,omitempty"`
+	Clusters []*Cluster `protobuf:"bytes,1,rep,name=clusters,proto3" json:"clusters,omitempty"`
 }
 
-func (m *ListClustersResponse) Reset()                    { *m = ListClustersResponse{} }
-func (*ListClustersResponse) ProtoMessage()               {}
-func (*ListClustersResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{35} }
+func (m *ListClustersResponse) Reset()      { *m = ListClustersResponse{} }
+func (*ListClustersResponse) ProtoMessage() {}
+func (*ListClustersResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{37}
+}
+func (m *ListClustersResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListClustersResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListClustersResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListClustersResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListClustersResponse.Merge(m, src)
+}
+func (m *ListClustersResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListClustersResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListClustersResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListClustersResponse proto.InternalMessageInfo
 
 // KeyRotation tells UpdateCluster what items to rotate
 type KeyRotation struct {
@@ -455,130 +1733,464 @@ type KeyRotation struct {
 	ManagerUnlockKey bool `protobuf:"varint,3,opt,name=manager_unlock_key,json=managerUnlockKey,proto3" json:"manager_unlock_key,omitempty"`
 }
 
-func (m *KeyRotation) Reset()                    { *m = KeyRotation{} }
-func (*KeyRotation) ProtoMessage()               {}
-func (*KeyRotation) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{36} }
-
-type UpdateClusterRequest struct {
-	// ClusterID is the cluster ID to update.
-	ClusterID string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"`
-	// ClusterVersion is the version of the cluster being updated.
-	ClusterVersion *Version `protobuf:"bytes,2,opt,name=cluster_version,json=clusterVersion" json:"cluster_version,omitempty"`
+func (m *KeyRotation) Reset()      { *m = KeyRotation{} }
+func (*KeyRotation) ProtoMessage() {}
+func (*KeyRotation) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{38}
+}
+func (m *KeyRotation) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *KeyRotation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_KeyRotation.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *KeyRotation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_KeyRotation.Merge(m, src)
+}
+func (m *KeyRotation) XXX_Size() int {
+	return m.Size()
+}
+func (m *KeyRotation) XXX_DiscardUnknown() {
+	xxx_messageInfo_KeyRotation.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_KeyRotation proto.InternalMessageInfo
+
+type UpdateClusterRequest struct {
+	// ClusterID is the cluster ID to update.
+	ClusterID string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"`
+	// ClusterVersion is the version of the cluster being updated.
+	ClusterVersion *Version `protobuf:"bytes,2,opt,name=cluster_version,json=clusterVersion,proto3" json:"cluster_version,omitempty"`
 	// Spec is the new spec to apply to the cluster.
-	Spec *ClusterSpec `protobuf:"bytes,3,opt,name=spec" json:"spec,omitempty"`
+	Spec *ClusterSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec,omitempty"`
 	// Rotation contains flags for join token and unlock key rotation
-	Rotation KeyRotation `protobuf:"bytes,4,opt,name=rotation" json:"rotation"`
+	Rotation KeyRotation `protobuf:"bytes,4,opt,name=rotation,proto3" json:"rotation"`
 }
 
-func (m *UpdateClusterRequest) Reset()                    { *m = UpdateClusterRequest{} }
-func (*UpdateClusterRequest) ProtoMessage()               {}
-func (*UpdateClusterRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{37} }
+func (m *UpdateClusterRequest) Reset()      { *m = UpdateClusterRequest{} }
+func (*UpdateClusterRequest) ProtoMessage() {}
+func (*UpdateClusterRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{39}
+}
+func (m *UpdateClusterRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateClusterRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateClusterRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateClusterRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateClusterRequest.Merge(m, src)
+}
+func (m *UpdateClusterRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateClusterRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateClusterRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateClusterRequest proto.InternalMessageInfo
 
 type UpdateClusterResponse struct {
-	Cluster *Cluster `protobuf:"bytes,1,opt,name=cluster" json:"cluster,omitempty"`
+	Cluster *Cluster `protobuf:"bytes,1,opt,name=cluster,proto3" json:"cluster,omitempty"`
+}
+
+func (m *UpdateClusterResponse) Reset()      { *m = UpdateClusterResponse{} }
+func (*UpdateClusterResponse) ProtoMessage() {}
+func (*UpdateClusterResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{40}
+}
+func (m *UpdateClusterResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateClusterResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateClusterResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateClusterResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateClusterResponse.Merge(m, src)
+}
+func (m *UpdateClusterResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateClusterResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateClusterResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateClusterResponse) Reset()                    { *m = UpdateClusterResponse{} }
-func (*UpdateClusterResponse) ProtoMessage()               {}
-func (*UpdateClusterResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{38} }
+var xxx_messageInfo_UpdateClusterResponse proto.InternalMessageInfo
 
 // GetSecretRequest is the request to get a `Secret` object given a secret id.
 type GetSecretRequest struct {
 	SecretID string `protobuf:"bytes,1,opt,name=secret_id,json=secretId,proto3" json:"secret_id,omitempty"`
 }
 
-func (m *GetSecretRequest) Reset()                    { *m = GetSecretRequest{} }
-func (*GetSecretRequest) ProtoMessage()               {}
-func (*GetSecretRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{39} }
+func (m *GetSecretRequest) Reset()      { *m = GetSecretRequest{} }
+func (*GetSecretRequest) ProtoMessage() {}
+func (*GetSecretRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{41}
+}
+func (m *GetSecretRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetSecretRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetSecretRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetSecretRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetSecretRequest.Merge(m, src)
+}
+func (m *GetSecretRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetSecretRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetSecretRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetSecretRequest proto.InternalMessageInfo
 
 // GetSecretResponse contains the Secret corresponding to the id in
 // `GetSecretRequest`, but the `Secret.Spec.Data` field in each `Secret`
 // object should be nil instead of actually containing the secret bytes.
 type GetSecretResponse struct {
-	Secret *Secret `protobuf:"bytes,1,opt,name=secret" json:"secret,omitempty"`
+	Secret *Secret `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"`
+}
+
+func (m *GetSecretResponse) Reset()      { *m = GetSecretResponse{} }
+func (*GetSecretResponse) ProtoMessage() {}
+func (*GetSecretResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{42}
+}
+func (m *GetSecretResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetSecretResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetSecretResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetSecretResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetSecretResponse.Merge(m, src)
+}
+func (m *GetSecretResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetSecretResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetSecretResponse.DiscardUnknown(m)
 }
 
-func (m *GetSecretResponse) Reset()                    { *m = GetSecretResponse{} }
-func (*GetSecretResponse) ProtoMessage()               {}
-func (*GetSecretResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{40} }
+var xxx_messageInfo_GetSecretResponse proto.InternalMessageInfo
 
 type UpdateSecretRequest struct {
 	// SecretID is the secret ID to update.
 	SecretID string `protobuf:"bytes,1,opt,name=secret_id,json=secretId,proto3" json:"secret_id,omitempty"`
 	// SecretVersion is the version of the secret being updated.
-	SecretVersion *Version `protobuf:"bytes,2,opt,name=secret_version,json=secretVersion" json:"secret_version,omitempty"`
+	SecretVersion *Version `protobuf:"bytes,2,opt,name=secret_version,json=secretVersion,proto3" json:"secret_version,omitempty"`
 	// Spec is the new spec to apply to the Secret
 	// Only some fields are allowed to be updated.
-	Spec *SecretSpec `protobuf:"bytes,3,opt,name=spec" json:"spec,omitempty"`
+	Spec *SecretSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec,omitempty"`
+}
+
+func (m *UpdateSecretRequest) Reset()      { *m = UpdateSecretRequest{} }
+func (*UpdateSecretRequest) ProtoMessage() {}
+func (*UpdateSecretRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{43}
+}
+func (m *UpdateSecretRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateSecretRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateSecretRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateSecretRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateSecretRequest.Merge(m, src)
+}
+func (m *UpdateSecretRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateSecretRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateSecretRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateSecretRequest) Reset()                    { *m = UpdateSecretRequest{} }
-func (*UpdateSecretRequest) ProtoMessage()               {}
-func (*UpdateSecretRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{41} }
+var xxx_messageInfo_UpdateSecretRequest proto.InternalMessageInfo
 
 type UpdateSecretResponse struct {
-	Secret *Secret `protobuf:"bytes,1,opt,name=secret" json:"secret,omitempty"`
+	Secret *Secret `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"`
+}
+
+func (m *UpdateSecretResponse) Reset()      { *m = UpdateSecretResponse{} }
+func (*UpdateSecretResponse) ProtoMessage() {}
+func (*UpdateSecretResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{44}
+}
+func (m *UpdateSecretResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateSecretResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateSecretResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateSecretResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateSecretResponse.Merge(m, src)
+}
+func (m *UpdateSecretResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateSecretResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateSecretResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateSecretResponse) Reset()                    { *m = UpdateSecretResponse{} }
-func (*UpdateSecretResponse) ProtoMessage()               {}
-func (*UpdateSecretResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{42} }
+var xxx_messageInfo_UpdateSecretResponse proto.InternalMessageInfo
 
 // ListSecretRequest is the request to list all non-internal secrets in the secret store,
 // or all secrets filtered by (name or name prefix or id prefix) and labels.
 type ListSecretsRequest struct {
-	Filters *ListSecretsRequest_Filters `protobuf:"bytes,1,opt,name=filters" json:"filters,omitempty"`
+	Filters *ListSecretsRequest_Filters `protobuf:"bytes,1,opt,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (m *ListSecretsRequest) Reset()      { *m = ListSecretsRequest{} }
+func (*ListSecretsRequest) ProtoMessage() {}
+func (*ListSecretsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{45}
+}
+func (m *ListSecretsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListSecretsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListSecretsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListSecretsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListSecretsRequest.Merge(m, src)
+}
+func (m *ListSecretsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListSecretsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListSecretsRequest.DiscardUnknown(m)
 }
 
-func (m *ListSecretsRequest) Reset()                    { *m = ListSecretsRequest{} }
-func (*ListSecretsRequest) ProtoMessage()               {}
-func (*ListSecretsRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{43} }
+var xxx_messageInfo_ListSecretsRequest proto.InternalMessageInfo
 
 type ListSecretsRequest_Filters struct {
-	Names        []string          `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"`
-	IDPrefixes   []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes" json:"id_prefixes,omitempty"`
-	Labels       map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	NamePrefixes []string          `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes" json:"name_prefixes,omitempty"`
+	Names        []string          `protobuf:"bytes,1,rep,name=names,proto3" json:"names,omitempty"`
+	IDPrefixes   []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes,proto3" json:"id_prefixes,omitempty"`
+	Labels       map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	NamePrefixes []string          `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes,proto3" json:"name_prefixes,omitempty"`
 }
 
 func (m *ListSecretsRequest_Filters) Reset()      { *m = ListSecretsRequest_Filters{} }
 func (*ListSecretsRequest_Filters) ProtoMessage() {}
 func (*ListSecretsRequest_Filters) Descriptor() ([]byte, []int) {
-	return fileDescriptorControl, []int{43, 0}
+	return fileDescriptor_b37401dd08bf8930, []int{45, 0}
+}
+func (m *ListSecretsRequest_Filters) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListSecretsRequest_Filters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListSecretsRequest_Filters.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListSecretsRequest_Filters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListSecretsRequest_Filters.Merge(m, src)
+}
+func (m *ListSecretsRequest_Filters) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListSecretsRequest_Filters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListSecretsRequest_Filters.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_ListSecretsRequest_Filters proto.InternalMessageInfo
+
 // ListSecretResponse contains a list of all the secrets that match the name or
 // name prefix filters provided in `ListSecretRequest`.  The `Secret.Spec.Data`
 // field in each `Secret` object should be nil instead of actually containing
 // the secret bytes.
 type ListSecretsResponse struct {
-	Secrets []*Secret `protobuf:"bytes,1,rep,name=secrets" json:"secrets,omitempty"`
+	Secrets []*Secret `protobuf:"bytes,1,rep,name=secrets,proto3" json:"secrets,omitempty"`
+}
+
+func (m *ListSecretsResponse) Reset()      { *m = ListSecretsResponse{} }
+func (*ListSecretsResponse) ProtoMessage() {}
+func (*ListSecretsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{46}
+}
+func (m *ListSecretsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListSecretsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListSecretsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListSecretsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListSecretsResponse.Merge(m, src)
+}
+func (m *ListSecretsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListSecretsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListSecretsResponse.DiscardUnknown(m)
 }
 
-func (m *ListSecretsResponse) Reset()                    { *m = ListSecretsResponse{} }
-func (*ListSecretsResponse) ProtoMessage()               {}
-func (*ListSecretsResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{44} }
+var xxx_messageInfo_ListSecretsResponse proto.InternalMessageInfo
 
 // CreateSecretRequest specifies a new secret (it will not update an existing
 // secret) to create.
 type CreateSecretRequest struct {
-	Spec *SecretSpec `protobuf:"bytes,1,opt,name=spec" json:"spec,omitempty"`
+	Spec *SecretSpec `protobuf:"bytes,1,opt,name=spec,proto3" json:"spec,omitempty"`
+}
+
+func (m *CreateSecretRequest) Reset()      { *m = CreateSecretRequest{} }
+func (*CreateSecretRequest) ProtoMessage() {}
+func (*CreateSecretRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{47}
+}
+func (m *CreateSecretRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateSecretRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateSecretRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateSecretRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateSecretRequest.Merge(m, src)
+}
+func (m *CreateSecretRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateSecretRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateSecretRequest.DiscardUnknown(m)
 }
 
-func (m *CreateSecretRequest) Reset()                    { *m = CreateSecretRequest{} }
-func (*CreateSecretRequest) ProtoMessage()               {}
-func (*CreateSecretRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{45} }
+var xxx_messageInfo_CreateSecretRequest proto.InternalMessageInfo
 
 // CreateSecretResponse contains the newly created `Secret` corresponding to the
 // name in `CreateSecretRequest`.  The `Secret.Spec.Data` field should be nil instead
 // of actually containing the secret bytes.
 type CreateSecretResponse struct {
-	Secret *Secret `protobuf:"bytes,1,opt,name=secret" json:"secret,omitempty"`
+	Secret *Secret `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"`
+}
+
+func (m *CreateSecretResponse) Reset()      { *m = CreateSecretResponse{} }
+func (*CreateSecretResponse) ProtoMessage() {}
+func (*CreateSecretResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{48}
+}
+func (m *CreateSecretResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateSecretResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateSecretResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateSecretResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateSecretResponse.Merge(m, src)
+}
+func (m *CreateSecretResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateSecretResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateSecretResponse.DiscardUnknown(m)
 }
 
-func (m *CreateSecretResponse) Reset()                    { *m = CreateSecretResponse{} }
-func (*CreateSecretResponse) ProtoMessage()               {}
-func (*CreateSecretResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{46} }
+var xxx_messageInfo_CreateSecretResponse proto.InternalMessageInfo
 
 // RemoveSecretRequest contains the ID of the secret that should be removed.  This
 // removes all versions of the secret.
@@ -586,112 +2198,418 @@ type RemoveSecretRequest struct {
 	SecretID string `protobuf:"bytes,1,opt,name=secret_id,json=secretId,proto3" json:"secret_id,omitempty"`
 }
 
-func (m *RemoveSecretRequest) Reset()                    { *m = RemoveSecretRequest{} }
-func (*RemoveSecretRequest) ProtoMessage()               {}
-func (*RemoveSecretRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{47} }
+func (m *RemoveSecretRequest) Reset()      { *m = RemoveSecretRequest{} }
+func (*RemoveSecretRequest) ProtoMessage() {}
+func (*RemoveSecretRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{49}
+}
+func (m *RemoveSecretRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveSecretRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveSecretRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveSecretRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveSecretRequest.Merge(m, src)
+}
+func (m *RemoveSecretRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveSecretRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveSecretRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveSecretRequest proto.InternalMessageInfo
 
 // RemoveSecretResponse is an empty object indicating the successful removal of
 // a secret.
 type RemoveSecretResponse struct {
 }
 
-func (m *RemoveSecretResponse) Reset()                    { *m = RemoveSecretResponse{} }
-func (*RemoveSecretResponse) ProtoMessage()               {}
-func (*RemoveSecretResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{48} }
+func (m *RemoveSecretResponse) Reset()      { *m = RemoveSecretResponse{} }
+func (*RemoveSecretResponse) ProtoMessage() {}
+func (*RemoveSecretResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{50}
+}
+func (m *RemoveSecretResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveSecretResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveSecretResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveSecretResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveSecretResponse.Merge(m, src)
+}
+func (m *RemoveSecretResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveSecretResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveSecretResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveSecretResponse proto.InternalMessageInfo
 
 // GetConfigRequest is the request to get a `Config` object given a config id.
 type GetConfigRequest struct {
 	ConfigID string `protobuf:"bytes,1,opt,name=config_id,json=configId,proto3" json:"config_id,omitempty"`
 }
 
-func (m *GetConfigRequest) Reset()                    { *m = GetConfigRequest{} }
-func (*GetConfigRequest) ProtoMessage()               {}
-func (*GetConfigRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{49} }
+func (m *GetConfigRequest) Reset()      { *m = GetConfigRequest{} }
+func (*GetConfigRequest) ProtoMessage() {}
+func (*GetConfigRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{51}
+}
+func (m *GetConfigRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetConfigRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetConfigRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetConfigRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetConfigRequest.Merge(m, src)
+}
+func (m *GetConfigRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetConfigRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetConfigRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetConfigRequest proto.InternalMessageInfo
 
 // GetConfigResponse contains the Config corresponding to the id in
 // `GetConfigRequest`.
 type GetConfigResponse struct {
-	Config *Config `protobuf:"bytes,1,opt,name=config" json:"config,omitempty"`
+	Config *Config `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
+}
+
+func (m *GetConfigResponse) Reset()      { *m = GetConfigResponse{} }
+func (*GetConfigResponse) ProtoMessage() {}
+func (*GetConfigResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{52}
+}
+func (m *GetConfigResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetConfigResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetConfigResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetConfigResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetConfigResponse.Merge(m, src)
+}
+func (m *GetConfigResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetConfigResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetConfigResponse.DiscardUnknown(m)
 }
 
-func (m *GetConfigResponse) Reset()                    { *m = GetConfigResponse{} }
-func (*GetConfigResponse) ProtoMessage()               {}
-func (*GetConfigResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{50} }
+var xxx_messageInfo_GetConfigResponse proto.InternalMessageInfo
 
 type UpdateConfigRequest struct {
 	// ConfigID is the config ID to update.
 	ConfigID string `protobuf:"bytes,1,opt,name=config_id,json=configId,proto3" json:"config_id,omitempty"`
 	// ConfigVersion is the version of the config being updated.
-	ConfigVersion *Version `protobuf:"bytes,2,opt,name=config_version,json=configVersion" json:"config_version,omitempty"`
+	ConfigVersion *Version `protobuf:"bytes,2,opt,name=config_version,json=configVersion,proto3" json:"config_version,omitempty"`
 	// Spec is the new spec to apply to the Config
 	// Only some fields are allowed to be updated.
-	Spec *ConfigSpec `protobuf:"bytes,3,opt,name=spec" json:"spec,omitempty"`
+	Spec *ConfigSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec,omitempty"`
+}
+
+func (m *UpdateConfigRequest) Reset()      { *m = UpdateConfigRequest{} }
+func (*UpdateConfigRequest) ProtoMessage() {}
+func (*UpdateConfigRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{53}
+}
+func (m *UpdateConfigRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateConfigRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateConfigRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateConfigRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateConfigRequest.Merge(m, src)
+}
+func (m *UpdateConfigRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateConfigRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateConfigRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateConfigRequest) Reset()                    { *m = UpdateConfigRequest{} }
-func (*UpdateConfigRequest) ProtoMessage()               {}
-func (*UpdateConfigRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{51} }
+var xxx_messageInfo_UpdateConfigRequest proto.InternalMessageInfo
 
 type UpdateConfigResponse struct {
-	Config *Config `protobuf:"bytes,1,opt,name=config" json:"config,omitempty"`
+	Config *Config `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
+}
+
+func (m *UpdateConfigResponse) Reset()      { *m = UpdateConfigResponse{} }
+func (*UpdateConfigResponse) ProtoMessage() {}
+func (*UpdateConfigResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{54}
+}
+func (m *UpdateConfigResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateConfigResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateConfigResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateConfigResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateConfigResponse.Merge(m, src)
+}
+func (m *UpdateConfigResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateConfigResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateConfigResponse.DiscardUnknown(m)
 }
 
-func (m *UpdateConfigResponse) Reset()                    { *m = UpdateConfigResponse{} }
-func (*UpdateConfigResponse) ProtoMessage()               {}
-func (*UpdateConfigResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{52} }
+var xxx_messageInfo_UpdateConfigResponse proto.InternalMessageInfo
 
 // ListConfigRequest is the request to list all configs in the config store,
 // or all configs filtered by (name or name prefix or id prefix) and labels.
 type ListConfigsRequest struct {
-	Filters *ListConfigsRequest_Filters `protobuf:"bytes,1,opt,name=filters" json:"filters,omitempty"`
+	Filters *ListConfigsRequest_Filters `protobuf:"bytes,1,opt,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (m *ListConfigsRequest) Reset()      { *m = ListConfigsRequest{} }
+func (*ListConfigsRequest) ProtoMessage() {}
+func (*ListConfigsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{55}
+}
+func (m *ListConfigsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListConfigsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListConfigsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListConfigsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListConfigsRequest.Merge(m, src)
+}
+func (m *ListConfigsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListConfigsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListConfigsRequest.DiscardUnknown(m)
 }
 
-func (m *ListConfigsRequest) Reset()                    { *m = ListConfigsRequest{} }
-func (*ListConfigsRequest) ProtoMessage()               {}
-func (*ListConfigsRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{53} }
+var xxx_messageInfo_ListConfigsRequest proto.InternalMessageInfo
 
 type ListConfigsRequest_Filters struct {
-	Names        []string          `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"`
-	IDPrefixes   []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes" json:"id_prefixes,omitempty"`
-	Labels       map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	NamePrefixes []string          `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes" json:"name_prefixes,omitempty"`
+	Names        []string          `protobuf:"bytes,1,rep,name=names,proto3" json:"names,omitempty"`
+	IDPrefixes   []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes,proto3" json:"id_prefixes,omitempty"`
+	Labels       map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	NamePrefixes []string          `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes,proto3" json:"name_prefixes,omitempty"`
 }
 
 func (m *ListConfigsRequest_Filters) Reset()      { *m = ListConfigsRequest_Filters{} }
 func (*ListConfigsRequest_Filters) ProtoMessage() {}
 func (*ListConfigsRequest_Filters) Descriptor() ([]byte, []int) {
-	return fileDescriptorControl, []int{53, 0}
+	return fileDescriptor_b37401dd08bf8930, []int{55, 0}
+}
+func (m *ListConfigsRequest_Filters) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListConfigsRequest_Filters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListConfigsRequest_Filters.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListConfigsRequest_Filters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListConfigsRequest_Filters.Merge(m, src)
+}
+func (m *ListConfigsRequest_Filters) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListConfigsRequest_Filters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListConfigsRequest_Filters.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_ListConfigsRequest_Filters proto.InternalMessageInfo
+
 // ListConfigResponse contains a list of all the configs that match the name or
 // name prefix filters provided in `ListConfigRequest`.
 type ListConfigsResponse struct {
-	Configs []*Config `protobuf:"bytes,1,rep,name=configs" json:"configs,omitempty"`
+	Configs []*Config `protobuf:"bytes,1,rep,name=configs,proto3" json:"configs,omitempty"`
+}
+
+func (m *ListConfigsResponse) Reset()      { *m = ListConfigsResponse{} }
+func (*ListConfigsResponse) ProtoMessage() {}
+func (*ListConfigsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{56}
+}
+func (m *ListConfigsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListConfigsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListConfigsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListConfigsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListConfigsResponse.Merge(m, src)
+}
+func (m *ListConfigsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListConfigsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListConfigsResponse.DiscardUnknown(m)
 }
 
-func (m *ListConfigsResponse) Reset()                    { *m = ListConfigsResponse{} }
-func (*ListConfigsResponse) ProtoMessage()               {}
-func (*ListConfigsResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{54} }
+var xxx_messageInfo_ListConfigsResponse proto.InternalMessageInfo
 
 // CreateConfigRequest specifies a new config (it will not update an existing
 // config) to create.
 type CreateConfigRequest struct {
-	Spec *ConfigSpec `protobuf:"bytes,1,opt,name=spec" json:"spec,omitempty"`
+	Spec *ConfigSpec `protobuf:"bytes,1,opt,name=spec,proto3" json:"spec,omitempty"`
+}
+
+func (m *CreateConfigRequest) Reset()      { *m = CreateConfigRequest{} }
+func (*CreateConfigRequest) ProtoMessage() {}
+func (*CreateConfigRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{57}
+}
+func (m *CreateConfigRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateConfigRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateConfigRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateConfigRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateConfigRequest.Merge(m, src)
+}
+func (m *CreateConfigRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateConfigRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateConfigRequest.DiscardUnknown(m)
 }
 
-func (m *CreateConfigRequest) Reset()                    { *m = CreateConfigRequest{} }
-func (*CreateConfigRequest) ProtoMessage()               {}
-func (*CreateConfigRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{55} }
+var xxx_messageInfo_CreateConfigRequest proto.InternalMessageInfo
 
 // CreateConfigResponse contains the newly created `Config` corresponding to the
 // name in `CreateConfigRequest`.
 type CreateConfigResponse struct {
-	Config *Config `protobuf:"bytes,1,opt,name=config" json:"config,omitempty"`
+	Config *Config `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
+}
+
+func (m *CreateConfigResponse) Reset()      { *m = CreateConfigResponse{} }
+func (*CreateConfigResponse) ProtoMessage() {}
+func (*CreateConfigResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{58}
+}
+func (m *CreateConfigResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateConfigResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateConfigResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CreateConfigResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateConfigResponse.Merge(m, src)
+}
+func (m *CreateConfigResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateConfigResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateConfigResponse.DiscardUnknown(m)
 }
 
-func (m *CreateConfigResponse) Reset()                    { *m = CreateConfigResponse{} }
-func (*CreateConfigResponse) ProtoMessage()               {}
-func (*CreateConfigResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{56} }
+var xxx_messageInfo_CreateConfigResponse proto.InternalMessageInfo
 
 // RemoveConfigRequest contains the ID of the config that should be removed.  This
 // removes all versions of the config.
@@ -699,858 +2617,1389 @@ type RemoveConfigRequest struct {
 	ConfigID string `protobuf:"bytes,1,opt,name=config_id,json=configId,proto3" json:"config_id,omitempty"`
 }
 
-func (m *RemoveConfigRequest) Reset()                    { *m = RemoveConfigRequest{} }
-func (*RemoveConfigRequest) ProtoMessage()               {}
-func (*RemoveConfigRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{57} }
+func (m *RemoveConfigRequest) Reset()      { *m = RemoveConfigRequest{} }
+func (*RemoveConfigRequest) ProtoMessage() {}
+func (*RemoveConfigRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{59}
+}
+func (m *RemoveConfigRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveConfigRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveConfigRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RemoveConfigRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveConfigRequest.Merge(m, src)
+}
+func (m *RemoveConfigRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveConfigRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveConfigRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RemoveConfigRequest proto.InternalMessageInfo
 
 // RemoveConfigResponse is an empty object indicating the successful removal of
 // a config.
 type RemoveConfigResponse struct {
 }
 
-func (m *RemoveConfigResponse) Reset()                    { *m = RemoveConfigResponse{} }
-func (*RemoveConfigResponse) ProtoMessage()               {}
-func (*RemoveConfigResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{58} }
-
-func init() {
-	proto.RegisterType((*GetNodeRequest)(nil), "docker.swarmkit.v1.GetNodeRequest")
-	proto.RegisterType((*GetNodeResponse)(nil), "docker.swarmkit.v1.GetNodeResponse")
-	proto.RegisterType((*ListNodesRequest)(nil), "docker.swarmkit.v1.ListNodesRequest")
-	proto.RegisterType((*ListNodesRequest_Filters)(nil), "docker.swarmkit.v1.ListNodesRequest.Filters")
-	proto.RegisterType((*ListNodesResponse)(nil), "docker.swarmkit.v1.ListNodesResponse")
-	proto.RegisterType((*UpdateNodeRequest)(nil), "docker.swarmkit.v1.UpdateNodeRequest")
-	proto.RegisterType((*UpdateNodeResponse)(nil), "docker.swarmkit.v1.UpdateNodeResponse")
-	proto.RegisterType((*RemoveNodeRequest)(nil), "docker.swarmkit.v1.RemoveNodeRequest")
-	proto.RegisterType((*RemoveNodeResponse)(nil), "docker.swarmkit.v1.RemoveNodeResponse")
-	proto.RegisterType((*GetTaskRequest)(nil), "docker.swarmkit.v1.GetTaskRequest")
-	proto.RegisterType((*GetTaskResponse)(nil), "docker.swarmkit.v1.GetTaskResponse")
-	proto.RegisterType((*RemoveTaskRequest)(nil), "docker.swarmkit.v1.RemoveTaskRequest")
-	proto.RegisterType((*RemoveTaskResponse)(nil), "docker.swarmkit.v1.RemoveTaskResponse")
-	proto.RegisterType((*ListTasksRequest)(nil), "docker.swarmkit.v1.ListTasksRequest")
-	proto.RegisterType((*ListTasksRequest_Filters)(nil), "docker.swarmkit.v1.ListTasksRequest.Filters")
-	proto.RegisterType((*ListTasksResponse)(nil), "docker.swarmkit.v1.ListTasksResponse")
-	proto.RegisterType((*CreateServiceRequest)(nil), "docker.swarmkit.v1.CreateServiceRequest")
-	proto.RegisterType((*CreateServiceResponse)(nil), "docker.swarmkit.v1.CreateServiceResponse")
-	proto.RegisterType((*GetServiceRequest)(nil), "docker.swarmkit.v1.GetServiceRequest")
-	proto.RegisterType((*GetServiceResponse)(nil), "docker.swarmkit.v1.GetServiceResponse")
-	proto.RegisterType((*UpdateServiceRequest)(nil), "docker.swarmkit.v1.UpdateServiceRequest")
-	proto.RegisterType((*UpdateServiceResponse)(nil), "docker.swarmkit.v1.UpdateServiceResponse")
-	proto.RegisterType((*RemoveServiceRequest)(nil), "docker.swarmkit.v1.RemoveServiceRequest")
-	proto.RegisterType((*RemoveServiceResponse)(nil), "docker.swarmkit.v1.RemoveServiceResponse")
-	proto.RegisterType((*ListServicesRequest)(nil), "docker.swarmkit.v1.ListServicesRequest")
-	proto.RegisterType((*ListServicesRequest_Filters)(nil), "docker.swarmkit.v1.ListServicesRequest.Filters")
-	proto.RegisterType((*ListServicesResponse)(nil), "docker.swarmkit.v1.ListServicesResponse")
-	proto.RegisterType((*CreateNetworkRequest)(nil), "docker.swarmkit.v1.CreateNetworkRequest")
-	proto.RegisterType((*CreateNetworkResponse)(nil), "docker.swarmkit.v1.CreateNetworkResponse")
-	proto.RegisterType((*GetNetworkRequest)(nil), "docker.swarmkit.v1.GetNetworkRequest")
-	proto.RegisterType((*GetNetworkResponse)(nil), "docker.swarmkit.v1.GetNetworkResponse")
-	proto.RegisterType((*RemoveNetworkRequest)(nil), "docker.swarmkit.v1.RemoveNetworkRequest")
-	proto.RegisterType((*RemoveNetworkResponse)(nil), "docker.swarmkit.v1.RemoveNetworkResponse")
-	proto.RegisterType((*ListNetworksRequest)(nil), "docker.swarmkit.v1.ListNetworksRequest")
-	proto.RegisterType((*ListNetworksRequest_Filters)(nil), "docker.swarmkit.v1.ListNetworksRequest.Filters")
-	proto.RegisterType((*ListNetworksResponse)(nil), "docker.swarmkit.v1.ListNetworksResponse")
-	proto.RegisterType((*GetClusterRequest)(nil), "docker.swarmkit.v1.GetClusterRequest")
-	proto.RegisterType((*GetClusterResponse)(nil), "docker.swarmkit.v1.GetClusterResponse")
-	proto.RegisterType((*ListClustersRequest)(nil), "docker.swarmkit.v1.ListClustersRequest")
-	proto.RegisterType((*ListClustersRequest_Filters)(nil), "docker.swarmkit.v1.ListClustersRequest.Filters")
-	proto.RegisterType((*ListClustersResponse)(nil), "docker.swarmkit.v1.ListClustersResponse")
-	proto.RegisterType((*KeyRotation)(nil), "docker.swarmkit.v1.KeyRotation")
-	proto.RegisterType((*UpdateClusterRequest)(nil), "docker.swarmkit.v1.UpdateClusterRequest")
-	proto.RegisterType((*UpdateClusterResponse)(nil), "docker.swarmkit.v1.UpdateClusterResponse")
-	proto.RegisterType((*GetSecretRequest)(nil), "docker.swarmkit.v1.GetSecretRequest")
-	proto.RegisterType((*GetSecretResponse)(nil), "docker.swarmkit.v1.GetSecretResponse")
-	proto.RegisterType((*UpdateSecretRequest)(nil), "docker.swarmkit.v1.UpdateSecretRequest")
-	proto.RegisterType((*UpdateSecretResponse)(nil), "docker.swarmkit.v1.UpdateSecretResponse")
-	proto.RegisterType((*ListSecretsRequest)(nil), "docker.swarmkit.v1.ListSecretsRequest")
-	proto.RegisterType((*ListSecretsRequest_Filters)(nil), "docker.swarmkit.v1.ListSecretsRequest.Filters")
-	proto.RegisterType((*ListSecretsResponse)(nil), "docker.swarmkit.v1.ListSecretsResponse")
-	proto.RegisterType((*CreateSecretRequest)(nil), "docker.swarmkit.v1.CreateSecretRequest")
-	proto.RegisterType((*CreateSecretResponse)(nil), "docker.swarmkit.v1.CreateSecretResponse")
-	proto.RegisterType((*RemoveSecretRequest)(nil), "docker.swarmkit.v1.RemoveSecretRequest")
-	proto.RegisterType((*RemoveSecretResponse)(nil), "docker.swarmkit.v1.RemoveSecretResponse")
-	proto.RegisterType((*GetConfigRequest)(nil), "docker.swarmkit.v1.GetConfigRequest")
-	proto.RegisterType((*GetConfigResponse)(nil), "docker.swarmkit.v1.GetConfigResponse")
-	proto.RegisterType((*UpdateConfigRequest)(nil), "docker.swarmkit.v1.UpdateConfigRequest")
-	proto.RegisterType((*UpdateConfigResponse)(nil), "docker.swarmkit.v1.UpdateConfigResponse")
-	proto.RegisterType((*ListConfigsRequest)(nil), "docker.swarmkit.v1.ListConfigsRequest")
-	proto.RegisterType((*ListConfigsRequest_Filters)(nil), "docker.swarmkit.v1.ListConfigsRequest.Filters")
-	proto.RegisterType((*ListConfigsResponse)(nil), "docker.swarmkit.v1.ListConfigsResponse")
-	proto.RegisterType((*CreateConfigRequest)(nil), "docker.swarmkit.v1.CreateConfigRequest")
-	proto.RegisterType((*CreateConfigResponse)(nil), "docker.swarmkit.v1.CreateConfigResponse")
-	proto.RegisterType((*RemoveConfigRequest)(nil), "docker.swarmkit.v1.RemoveConfigRequest")
-	proto.RegisterType((*RemoveConfigResponse)(nil), "docker.swarmkit.v1.RemoveConfigResponse")
-	proto.RegisterEnum("docker.swarmkit.v1.UpdateServiceRequest_Rollback", UpdateServiceRequest_Rollback_name, UpdateServiceRequest_Rollback_value)
+func (m *RemoveConfigResponse) Reset()      { *m = RemoveConfigResponse{} }
+func (*RemoveConfigResponse) ProtoMessage() {}
+func (*RemoveConfigResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{60}
 }
-
-type authenticatedWrapperControlServer struct {
-	local     ControlServer
-	authorize func(context.Context, []string) error
+func (m *RemoveConfigResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
 }
-
-func NewAuthenticatedWrapperControlServer(local ControlServer, authorize func(context.Context, []string) error) ControlServer {
-	return &authenticatedWrapperControlServer{
-		local:     local,
-		authorize: authorize,
+func (m *RemoveConfigResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveConfigResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
 }
-
-func (p *authenticatedWrapperControlServer) GetNode(ctx context.Context, r *GetNodeRequest) (*GetNodeResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.GetNode(ctx, r)
+func (m *RemoveConfigResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveConfigResponse.Merge(m, src)
 }
-
-func (p *authenticatedWrapperControlServer) ListNodes(ctx context.Context, r *ListNodesRequest) (*ListNodesResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.ListNodes(ctx, r)
+func (m *RemoveConfigResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveConfigResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveConfigResponse.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) UpdateNode(ctx context.Context, r *UpdateNodeRequest) (*UpdateNodeResponse, error) {
+var xxx_messageInfo_RemoveConfigResponse proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.UpdateNode(ctx, r)
+// CreateExtensionRequest creates a new extension as specified by the provided
+// parameters
+type CreateExtensionRequest struct {
+	Annotations *Annotations `protobuf:"bytes,1,opt,name=annotations,proto3" json:"annotations,omitempty"`
+	Description string       `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
 }
 
-func (p *authenticatedWrapperControlServer) RemoveNode(ctx context.Context, r *RemoveNodeRequest) (*RemoveNodeResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *CreateExtensionRequest) Reset()      { *m = CreateExtensionRequest{} }
+func (*CreateExtensionRequest) ProtoMessage() {}
+func (*CreateExtensionRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{61}
+}
+func (m *CreateExtensionRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateExtensionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateExtensionRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.RemoveNode(ctx, r)
+}
+func (m *CreateExtensionRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateExtensionRequest.Merge(m, src)
+}
+func (m *CreateExtensionRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateExtensionRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateExtensionRequest.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) GetTask(ctx context.Context, r *GetTaskRequest) (*GetTaskResponse, error) {
+var xxx_messageInfo_CreateExtensionRequest proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.GetTask(ctx, r)
+// CreateExtensionResponse contains the newly created `Extension` corresponding
+// to the parameters in the CreateExtensionRequest.
+type CreateExtensionResponse struct {
+	Extension *Extension `protobuf:"bytes,1,opt,name=extension,proto3" json:"extension,omitempty"`
 }
 
-func (p *authenticatedWrapperControlServer) ListTasks(ctx context.Context, r *ListTasksRequest) (*ListTasksResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *CreateExtensionResponse) Reset()      { *m = CreateExtensionResponse{} }
+func (*CreateExtensionResponse) ProtoMessage() {}
+func (*CreateExtensionResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{62}
+}
+func (m *CreateExtensionResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateExtensionResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateExtensionResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.ListTasks(ctx, r)
+}
+func (m *CreateExtensionResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateExtensionResponse.Merge(m, src)
+}
+func (m *CreateExtensionResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateExtensionResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateExtensionResponse.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) RemoveTask(ctx context.Context, r *RemoveTaskRequest) (*RemoveTaskResponse, error) {
+var xxx_messageInfo_CreateExtensionResponse proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.RemoveTask(ctx, r)
+// RemoveExtensionRequest contains the ID of the extension that should be removed. This
+// removes all versions of the extension.
+type RemoveExtensionRequest struct {
+	ExtensionID string `protobuf:"bytes,1,opt,name=extension_id,json=extensionId,proto3" json:"extension_id,omitempty"`
 }
 
-func (p *authenticatedWrapperControlServer) GetService(ctx context.Context, r *GetServiceRequest) (*GetServiceResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *RemoveExtensionRequest) Reset()      { *m = RemoveExtensionRequest{} }
+func (*RemoveExtensionRequest) ProtoMessage() {}
+func (*RemoveExtensionRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{63}
+}
+func (m *RemoveExtensionRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveExtensionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveExtensionRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.GetService(ctx, r)
+}
+func (m *RemoveExtensionRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveExtensionRequest.Merge(m, src)
+}
+func (m *RemoveExtensionRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveExtensionRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveExtensionRequest.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) ListServices(ctx context.Context, r *ListServicesRequest) (*ListServicesResponse, error) {
+var xxx_messageInfo_RemoveExtensionRequest proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.ListServices(ctx, r)
+// RemoveExtensionResponse is an empty object indicating the successful removal
+// of an extension.
+type RemoveExtensionResponse struct {
 }
 
-func (p *authenticatedWrapperControlServer) CreateService(ctx context.Context, r *CreateServiceRequest) (*CreateServiceResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *RemoveExtensionResponse) Reset()      { *m = RemoveExtensionResponse{} }
+func (*RemoveExtensionResponse) ProtoMessage() {}
+func (*RemoveExtensionResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{64}
+}
+func (m *RemoveExtensionResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RemoveExtensionResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveExtensionResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.CreateService(ctx, r)
+}
+func (m *RemoveExtensionResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveExtensionResponse.Merge(m, src)
+}
+func (m *RemoveExtensionResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *RemoveExtensionResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveExtensionResponse.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) UpdateService(ctx context.Context, r *UpdateServiceRequest) (*UpdateServiceResponse, error) {
+var xxx_messageInfo_RemoveExtensionResponse proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.UpdateService(ctx, r)
+// GetResourceRequest is the request to get a Extension object given a extension id.
+type GetExtensionRequest struct {
+	ExtensionID string `protobuf:"bytes,1,opt,name=extension_id,json=extensionId,proto3" json:"extension_id,omitempty"`
 }
 
-func (p *authenticatedWrapperControlServer) RemoveService(ctx context.Context, r *RemoveServiceRequest) (*RemoveServiceResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *GetExtensionRequest) Reset()      { *m = GetExtensionRequest{} }
+func (*GetExtensionRequest) ProtoMessage() {}
+func (*GetExtensionRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{65}
+}
+func (m *GetExtensionRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetExtensionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetExtensionRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.RemoveService(ctx, r)
+}
+func (m *GetExtensionRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetExtensionRequest.Merge(m, src)
+}
+func (m *GetExtensionRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetExtensionRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetExtensionRequest.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) GetNetwork(ctx context.Context, r *GetNetworkRequest) (*GetNetworkResponse, error) {
+var xxx_messageInfo_GetExtensionRequest proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.GetNetwork(ctx, r)
+// GetExtensionResponse contains the Extension corresponding to the id in
+// `GetExtensionRequest`.
+type GetExtensionResponse struct {
+	Extension *Extension `protobuf:"bytes,1,opt,name=extension,proto3" json:"extension,omitempty"`
 }
 
-func (p *authenticatedWrapperControlServer) ListNetworks(ctx context.Context, r *ListNetworksRequest) (*ListNetworksResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *GetExtensionResponse) Reset()      { *m = GetExtensionResponse{} }
+func (*GetExtensionResponse) ProtoMessage() {}
+func (*GetExtensionResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{66}
+}
+func (m *GetExtensionResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetExtensionResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetExtensionResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.ListNetworks(ctx, r)
+}
+func (m *GetExtensionResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetExtensionResponse.Merge(m, src)
+}
+func (m *GetExtensionResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetExtensionResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetExtensionResponse.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) CreateNetwork(ctx context.Context, r *CreateNetworkRequest) (*CreateNetworkResponse, error) {
+var xxx_messageInfo_GetExtensionResponse proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.CreateNetwork(ctx, r)
+// CreateResourceRequest creates a new resource specified by the included
+// resource object. An existing resource will not be updated.
+type CreateResourceRequest struct {
+	Annotations *Annotations `protobuf:"bytes,1,opt,name=annotations,proto3" json:"annotations,omitempty"`
+	Kind        string       `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"`
+	Payload     *types.Any   `protobuf:"bytes,3,opt,name=payload,proto3" json:"payload,omitempty"`
 }
 
-func (p *authenticatedWrapperControlServer) RemoveNetwork(ctx context.Context, r *RemoveNetworkRequest) (*RemoveNetworkResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *CreateResourceRequest) Reset()      { *m = CreateResourceRequest{} }
+func (*CreateResourceRequest) ProtoMessage() {}
+func (*CreateResourceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{67}
+}
+func (m *CreateResourceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateResourceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateResourceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.RemoveNetwork(ctx, r)
+}
+func (m *CreateResourceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateResourceRequest.Merge(m, src)
+}
+func (m *CreateResourceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateResourceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateResourceRequest.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) GetCluster(ctx context.Context, r *GetClusterRequest) (*GetClusterResponse, error) {
+var xxx_messageInfo_CreateResourceRequest proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.GetCluster(ctx, r)
+// CreateResourceResponse contains the newly created `Resource` corresponding
+// to the resource in the CreateResourceRequest.
+type CreateResourceResponse struct {
+	Resource *Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
 }
 
-func (p *authenticatedWrapperControlServer) ListClusters(ctx context.Context, r *ListClustersRequest) (*ListClustersResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *CreateResourceResponse) Reset()      { *m = CreateResourceResponse{} }
+func (*CreateResourceResponse) ProtoMessage() {}
+func (*CreateResourceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{68}
+}
+func (m *CreateResourceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CreateResourceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CreateResourceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.ListClusters(ctx, r)
+}
+func (m *CreateResourceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateResourceResponse.Merge(m, src)
+}
+func (m *CreateResourceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CreateResourceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateResourceResponse.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) UpdateCluster(ctx context.Context, r *UpdateClusterRequest) (*UpdateClusterResponse, error) {
+var xxx_messageInfo_CreateResourceResponse proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.UpdateCluster(ctx, r)
+// RemoveResourceRequest contains the ID of the resource that should be removed. This
+// removes all versions of the resource.
+type RemoveResourceRequest struct {
+	ResourceID string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
 }
 
-func (p *authenticatedWrapperControlServer) GetSecret(ctx context.Context, r *GetSecretRequest) (*GetSecretResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.GetSecret(ctx, r)
+func (m *RemoveResourceRequest) Reset()      { *m = RemoveResourceRequest{} }
+func (*RemoveResourceRequest) ProtoMessage() {}
+func (*RemoveResourceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{69}
 }
-
-func (p *authenticatedWrapperControlServer) UpdateSecret(ctx context.Context, r *UpdateSecretRequest) (*UpdateSecretResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.UpdateSecret(ctx, r)
+func (m *RemoveResourceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
 }
-
-func (p *authenticatedWrapperControlServer) ListSecrets(ctx context.Context, r *ListSecretsRequest) (*ListSecretsResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *RemoveResourceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveResourceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.ListSecrets(ctx, r)
 }
-
-func (p *authenticatedWrapperControlServer) CreateSecret(ctx context.Context, r *CreateSecretRequest) (*CreateSecretResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.CreateSecret(ctx, r)
+func (m *RemoveResourceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveResourceRequest.Merge(m, src)
 }
-
-func (p *authenticatedWrapperControlServer) RemoveSecret(ctx context.Context, r *RemoveSecretRequest) (*RemoveSecretResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.RemoveSecret(ctx, r)
+func (m *RemoveResourceRequest) XXX_Size() int {
+	return m.Size()
 }
-
-func (p *authenticatedWrapperControlServer) GetConfig(ctx context.Context, r *GetConfigRequest) (*GetConfigResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.GetConfig(ctx, r)
+func (m *RemoveResourceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveResourceRequest.DiscardUnknown(m)
 }
 
-func (p *authenticatedWrapperControlServer) UpdateConfig(ctx context.Context, r *UpdateConfigRequest) (*UpdateConfigResponse, error) {
+var xxx_messageInfo_RemoveResourceRequest proto.InternalMessageInfo
 
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.UpdateConfig(ctx, r)
+// RemoveResourceResponse is an empty object indicating the successful removal
+// of a resource.
+type RemoveResourceResponse struct {
 }
 
-func (p *authenticatedWrapperControlServer) ListConfigs(ctx context.Context, r *ListConfigsRequest) (*ListConfigsResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.ListConfigs(ctx, r)
+func (m *RemoveResourceResponse) Reset()      { *m = RemoveResourceResponse{} }
+func (*RemoveResourceResponse) ProtoMessage() {}
+func (*RemoveResourceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{70}
 }
-
-func (p *authenticatedWrapperControlServer) CreateConfig(ctx context.Context, r *CreateConfigRequest) (*CreateConfigResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
-	}
-	return p.local.CreateConfig(ctx, r)
+func (m *RemoveResourceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
 }
-
-func (p *authenticatedWrapperControlServer) RemoveConfig(ctx context.Context, r *RemoveConfigRequest) (*RemoveConfigResponse, error) {
-
-	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
-		return nil, err
+func (m *RemoveResourceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RemoveResourceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return p.local.RemoveConfig(ctx, r)
 }
-
-func (m *GetNodeRequest) Copy() *GetNodeRequest {
-	if m == nil {
-		return nil
-	}
-	o := &GetNodeRequest{}
-	o.CopyFrom(m)
-	return o
+func (m *RemoveResourceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RemoveResourceResponse.Merge(m, src)
 }
-
-func (m *GetNodeRequest) CopyFrom(src interface{}) {
-
-	o := src.(*GetNodeRequest)
-	*m = *o
+func (m *RemoveResourceResponse) XXX_Size() int {
+	return m.Size()
 }
-
-func (m *GetNodeResponse) Copy() *GetNodeResponse {
-	if m == nil {
-		return nil
-	}
-	o := &GetNodeResponse{}
-	o.CopyFrom(m)
-	return o
+func (m *RemoveResourceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RemoveResourceResponse.DiscardUnknown(m)
 }
 
-func (m *GetNodeResponse) CopyFrom(src interface{}) {
+var xxx_messageInfo_RemoveResourceResponse proto.InternalMessageInfo
 
-	o := src.(*GetNodeResponse)
-	*m = *o
-	if o.Node != nil {
-		m.Node = &Node{}
-		deepcopy.Copy(m.Node, o.Node)
-	}
+// UpdateResourceRequest updates the resource specified by the given resource object.
+type UpdateResourceRequest struct {
+	ResourceID      string   `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
+	ResourceVersion *Version `protobuf:"bytes,2,opt,name=resource_version,json=resourceVersion,proto3" json:"resource_version,omitempty"`
+	// Annotations describes the annotations to update. If the Annotations should
+	// be unchanged, then this field should be left empty. Note that the name of
+	// a Resource cannot be changed, only its labels.
+	Annotations *Annotations `protobuf:"bytes,3,opt,name=annotations,proto3" json:"annotations,omitempty"`
+	// Payload describes the new payload of the resource. If the Payload should
+	// be unchanged, then this field should be left empty.
+	Payload *types.Any `protobuf:"bytes,4,opt,name=payload,proto3" json:"payload,omitempty"`
 }
 
-func (m *ListNodesRequest) Copy() *ListNodesRequest {
-	if m == nil {
-		return nil
+func (m *UpdateResourceRequest) Reset()      { *m = UpdateResourceRequest{} }
+func (*UpdateResourceRequest) ProtoMessage() {}
+func (*UpdateResourceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{71}
+}
+func (m *UpdateResourceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateResourceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateResourceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	o := &ListNodesRequest{}
-	o.CopyFrom(m)
-	return o
+}
+func (m *UpdateResourceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateResourceRequest.Merge(m, src)
+}
+func (m *UpdateResourceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateResourceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateResourceRequest.DiscardUnknown(m)
 }
 
-func (m *ListNodesRequest) CopyFrom(src interface{}) {
+var xxx_messageInfo_UpdateResourceRequest proto.InternalMessageInfo
 
-	o := src.(*ListNodesRequest)
-	*m = *o
-	if o.Filters != nil {
-		m.Filters = &ListNodesRequest_Filters{}
-		deepcopy.Copy(m.Filters, o.Filters)
-	}
+type UpdateResourceResponse struct {
+	Resource *Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
 }
 
-func (m *ListNodesRequest_Filters) Copy() *ListNodesRequest_Filters {
-	if m == nil {
-		return nil
+func (m *UpdateResourceResponse) Reset()      { *m = UpdateResourceResponse{} }
+func (*UpdateResourceResponse) ProtoMessage() {}
+func (*UpdateResourceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{72}
+}
+func (m *UpdateResourceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateResourceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateResourceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	o := &ListNodesRequest_Filters{}
-	o.CopyFrom(m)
-	return o
+}
+func (m *UpdateResourceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateResourceResponse.Merge(m, src)
+}
+func (m *UpdateResourceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateResourceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateResourceResponse.DiscardUnknown(m)
 }
 
-func (m *ListNodesRequest_Filters) CopyFrom(src interface{}) {
-
-	o := src.(*ListNodesRequest_Filters)
-	*m = *o
-	if o.Names != nil {
-		m.Names = make([]string, len(o.Names))
-		copy(m.Names, o.Names)
-	}
+var xxx_messageInfo_UpdateResourceResponse proto.InternalMessageInfo
 
-	if o.IDPrefixes != nil {
-		m.IDPrefixes = make([]string, len(o.IDPrefixes))
-		copy(m.IDPrefixes, o.IDPrefixes)
-	}
+// GetResourceRequest is the request to get a Resource object given a resource id.
+type GetResourceRequest struct {
+	ResourceID string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
+}
 
-	if o.Labels != nil {
-		m.Labels = make(map[string]string, len(o.Labels))
-		for k, v := range o.Labels {
-			m.Labels[k] = v
+func (m *GetResourceRequest) Reset()      { *m = GetResourceRequest{} }
+func (*GetResourceRequest) ProtoMessage() {}
+func (*GetResourceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{73}
+}
+func (m *GetResourceRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetResourceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetResourceRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
 		}
+		return b[:n], nil
 	}
+}
+func (m *GetResourceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetResourceRequest.Merge(m, src)
+}
+func (m *GetResourceRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetResourceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetResourceRequest.DiscardUnknown(m)
+}
 
-	if o.NodeLabels != nil {
-		m.NodeLabels = make(map[string]string, len(o.NodeLabels))
-		for k, v := range o.NodeLabels {
-			m.NodeLabels[k] = v
-		}
-	}
+var xxx_messageInfo_GetResourceRequest proto.InternalMessageInfo
 
-	if o.Memberships != nil {
-		m.Memberships = make([]NodeSpec_Membership, len(o.Memberships))
-		copy(m.Memberships, o.Memberships)
-	}
+// GetResourceResponse contains the Resource corresponding to the id in
+// `GetResourceRequest`.
+type GetResourceResponse struct {
+	Resource *Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
+}
 
-	if o.Roles != nil {
-		m.Roles = make([]NodeRole, len(o.Roles))
-		copy(m.Roles, o.Roles)
+func (m *GetResourceResponse) Reset()      { *m = GetResourceResponse{} }
+func (*GetResourceResponse) ProtoMessage() {}
+func (*GetResourceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{74}
+}
+func (m *GetResourceResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetResourceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetResourceResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
+}
+func (m *GetResourceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetResourceResponse.Merge(m, src)
+}
+func (m *GetResourceResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetResourceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetResourceResponse.DiscardUnknown(m)
+}
 
-	if o.NamePrefixes != nil {
-		m.NamePrefixes = make([]string, len(o.NamePrefixes))
-		copy(m.NamePrefixes, o.NamePrefixes)
-	}
+var xxx_messageInfo_GetResourceResponse proto.InternalMessageInfo
 
+// ListResourcesRequest is the request to list all resources in the raft store,
+// or all resources filtered by (name or name prefix or id prefix), labels and extension.
+type ListResourcesRequest struct {
+	Filters *ListResourcesRequest_Filters `protobuf:"bytes,1,opt,name=filters,proto3" json:"filters,omitempty"`
 }
 
-func (m *ListNodesResponse) Copy() *ListNodesResponse {
-	if m == nil {
-		return nil
-	}
-	o := &ListNodesResponse{}
-	o.CopyFrom(m)
-	return o
+func (m *ListResourcesRequest) Reset()      { *m = ListResourcesRequest{} }
+func (*ListResourcesRequest) ProtoMessage() {}
+func (*ListResourcesRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{75}
 }
-
-func (m *ListNodesResponse) CopyFrom(src interface{}) {
-
-	o := src.(*ListNodesResponse)
-	*m = *o
-	if o.Nodes != nil {
-		m.Nodes = make([]*Node, len(o.Nodes))
-		for i := range m.Nodes {
-			m.Nodes[i] = &Node{}
-			deepcopy.Copy(m.Nodes[i], o.Nodes[i])
+func (m *ListResourcesRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListResourcesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListResourcesRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
 		}
+		return b[:n], nil
 	}
-
 }
-
-func (m *UpdateNodeRequest) Copy() *UpdateNodeRequest {
-	if m == nil {
-		return nil
-	}
-	o := &UpdateNodeRequest{}
-	o.CopyFrom(m)
-	return o
+func (m *ListResourcesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListResourcesRequest.Merge(m, src)
+}
+func (m *ListResourcesRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListResourcesRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListResourcesRequest.DiscardUnknown(m)
 }
 
-func (m *UpdateNodeRequest) CopyFrom(src interface{}) {
+var xxx_messageInfo_ListResourcesRequest proto.InternalMessageInfo
 
-	o := src.(*UpdateNodeRequest)
-	*m = *o
-	if o.NodeVersion != nil {
-		m.NodeVersion = &Version{}
-		deepcopy.Copy(m.NodeVersion, o.NodeVersion)
-	}
-	if o.Spec != nil {
-		m.Spec = &NodeSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
-	}
+type ListResourcesRequest_Filters struct {
+	Names        []string          `protobuf:"bytes,1,rep,name=names,proto3" json:"names,omitempty"`
+	IDPrefixes   []string          `protobuf:"bytes,2,rep,name=id_prefixes,json=idPrefixes,proto3" json:"id_prefixes,omitempty"`
+	Labels       map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	NamePrefixes []string          `protobuf:"bytes,4,rep,name=name_prefixes,json=namePrefixes,proto3" json:"name_prefixes,omitempty"`
+	Kind         string            `protobuf:"bytes,5,opt,name=kind,proto3" json:"kind,omitempty"`
 }
 
-func (m *UpdateNodeResponse) Copy() *UpdateNodeResponse {
-	if m == nil {
-		return nil
+func (m *ListResourcesRequest_Filters) Reset()      { *m = ListResourcesRequest_Filters{} }
+func (*ListResourcesRequest_Filters) ProtoMessage() {}
+func (*ListResourcesRequest_Filters) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{75, 0}
+}
+func (m *ListResourcesRequest_Filters) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListResourcesRequest_Filters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListResourcesRequest_Filters.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	o := &UpdateNodeResponse{}
-	o.CopyFrom(m)
-	return o
+}
+func (m *ListResourcesRequest_Filters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListResourcesRequest_Filters.Merge(m, src)
+}
+func (m *ListResourcesRequest_Filters) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListResourcesRequest_Filters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListResourcesRequest_Filters.DiscardUnknown(m)
 }
 
-func (m *UpdateNodeResponse) CopyFrom(src interface{}) {
+var xxx_messageInfo_ListResourcesRequest_Filters proto.InternalMessageInfo
 
-	o := src.(*UpdateNodeResponse)
-	*m = *o
-	if o.Node != nil {
-		m.Node = &Node{}
-		deepcopy.Copy(m.Node, o.Node)
-	}
+// ListResourcesResponse contains a list of all the resources that match the name or
+// name prefix filters provided in `ListResourcesRequest`.
+type ListResourcesResponse struct {
+	Resources []*Resource `protobuf:"bytes,1,rep,name=resources,proto3" json:"resources,omitempty"`
 }
 
-func (m *RemoveNodeRequest) Copy() *RemoveNodeRequest {
-	if m == nil {
-		return nil
+func (m *ListResourcesResponse) Reset()      { *m = ListResourcesResponse{} }
+func (*ListResourcesResponse) ProtoMessage() {}
+func (*ListResourcesResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b37401dd08bf8930, []int{76}
+}
+func (m *ListResourcesResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListResourcesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListResourcesResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	o := &RemoveNodeRequest{}
-	o.CopyFrom(m)
-	return o
+}
+func (m *ListResourcesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListResourcesResponse.Merge(m, src)
+}
+func (m *ListResourcesResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListResourcesResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListResourcesResponse.DiscardUnknown(m)
 }
 
-func (m *RemoveNodeRequest) CopyFrom(src interface{}) {
+var xxx_messageInfo_ListResourcesResponse proto.InternalMessageInfo
 
-	o := src.(*RemoveNodeRequest)
-	*m = *o
+func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.UpdateServiceRequest_Rollback", UpdateServiceRequest_Rollback_name, UpdateServiceRequest_Rollback_value)
+	proto.RegisterType((*GetNodeRequest)(nil), "docker.swarmkit.v1.GetNodeRequest")
+	proto.RegisterType((*GetNodeResponse)(nil), "docker.swarmkit.v1.GetNodeResponse")
+	proto.RegisterType((*ListNodesRequest)(nil), "docker.swarmkit.v1.ListNodesRequest")
+	proto.RegisterType((*ListNodesRequest_Filters)(nil), "docker.swarmkit.v1.ListNodesRequest.Filters")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListNodesRequest.Filters.LabelsEntry")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListNodesRequest.Filters.NodeLabelsEntry")
+	proto.RegisterType((*ListNodesResponse)(nil), "docker.swarmkit.v1.ListNodesResponse")
+	proto.RegisterType((*UpdateNodeRequest)(nil), "docker.swarmkit.v1.UpdateNodeRequest")
+	proto.RegisterType((*UpdateNodeResponse)(nil), "docker.swarmkit.v1.UpdateNodeResponse")
+	proto.RegisterType((*RemoveNodeRequest)(nil), "docker.swarmkit.v1.RemoveNodeRequest")
+	proto.RegisterType((*RemoveNodeResponse)(nil), "docker.swarmkit.v1.RemoveNodeResponse")
+	proto.RegisterType((*GetTaskRequest)(nil), "docker.swarmkit.v1.GetTaskRequest")
+	proto.RegisterType((*GetTaskResponse)(nil), "docker.swarmkit.v1.GetTaskResponse")
+	proto.RegisterType((*RemoveTaskRequest)(nil), "docker.swarmkit.v1.RemoveTaskRequest")
+	proto.RegisterType((*RemoveTaskResponse)(nil), "docker.swarmkit.v1.RemoveTaskResponse")
+	proto.RegisterType((*ListTasksRequest)(nil), "docker.swarmkit.v1.ListTasksRequest")
+	proto.RegisterType((*ListTasksRequest_Filters)(nil), "docker.swarmkit.v1.ListTasksRequest.Filters")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListTasksRequest.Filters.LabelsEntry")
+	proto.RegisterType((*ListTasksResponse)(nil), "docker.swarmkit.v1.ListTasksResponse")
+	proto.RegisterType((*CreateServiceRequest)(nil), "docker.swarmkit.v1.CreateServiceRequest")
+	proto.RegisterType((*CreateServiceResponse)(nil), "docker.swarmkit.v1.CreateServiceResponse")
+	proto.RegisterType((*GetServiceRequest)(nil), "docker.swarmkit.v1.GetServiceRequest")
+	proto.RegisterType((*GetServiceResponse)(nil), "docker.swarmkit.v1.GetServiceResponse")
+	proto.RegisterType((*UpdateServiceRequest)(nil), "docker.swarmkit.v1.UpdateServiceRequest")
+	proto.RegisterType((*UpdateServiceResponse)(nil), "docker.swarmkit.v1.UpdateServiceResponse")
+	proto.RegisterType((*RemoveServiceRequest)(nil), "docker.swarmkit.v1.RemoveServiceRequest")
+	proto.RegisterType((*RemoveServiceResponse)(nil), "docker.swarmkit.v1.RemoveServiceResponse")
+	proto.RegisterType((*ListServicesRequest)(nil), "docker.swarmkit.v1.ListServicesRequest")
+	proto.RegisterType((*ListServicesRequest_Filters)(nil), "docker.swarmkit.v1.ListServicesRequest.Filters")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListServicesRequest.Filters.LabelsEntry")
+	proto.RegisterType((*ListServicesResponse)(nil), "docker.swarmkit.v1.ListServicesResponse")
+	proto.RegisterType((*ListServiceStatusesRequest)(nil), "docker.swarmkit.v1.ListServiceStatusesRequest")
+	proto.RegisterType((*ListServiceStatusesResponse)(nil), "docker.swarmkit.v1.ListServiceStatusesResponse")
+	proto.RegisterType((*ListServiceStatusesResponse_ServiceStatus)(nil), "docker.swarmkit.v1.ListServiceStatusesResponse.ServiceStatus")
+	proto.RegisterType((*CreateNetworkRequest)(nil), "docker.swarmkit.v1.CreateNetworkRequest")
+	proto.RegisterType((*CreateNetworkResponse)(nil), "docker.swarmkit.v1.CreateNetworkResponse")
+	proto.RegisterType((*GetNetworkRequest)(nil), "docker.swarmkit.v1.GetNetworkRequest")
+	proto.RegisterType((*GetNetworkResponse)(nil), "docker.swarmkit.v1.GetNetworkResponse")
+	proto.RegisterType((*RemoveNetworkRequest)(nil), "docker.swarmkit.v1.RemoveNetworkRequest")
+	proto.RegisterType((*RemoveNetworkResponse)(nil), "docker.swarmkit.v1.RemoveNetworkResponse")
+	proto.RegisterType((*ListNetworksRequest)(nil), "docker.swarmkit.v1.ListNetworksRequest")
+	proto.RegisterType((*ListNetworksRequest_Filters)(nil), "docker.swarmkit.v1.ListNetworksRequest.Filters")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListNetworksRequest.Filters.LabelsEntry")
+	proto.RegisterType((*ListNetworksResponse)(nil), "docker.swarmkit.v1.ListNetworksResponse")
+	proto.RegisterType((*GetClusterRequest)(nil), "docker.swarmkit.v1.GetClusterRequest")
+	proto.RegisterType((*GetClusterResponse)(nil), "docker.swarmkit.v1.GetClusterResponse")
+	proto.RegisterType((*ListClustersRequest)(nil), "docker.swarmkit.v1.ListClustersRequest")
+	proto.RegisterType((*ListClustersRequest_Filters)(nil), "docker.swarmkit.v1.ListClustersRequest.Filters")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListClustersRequest.Filters.LabelsEntry")
+	proto.RegisterType((*ListClustersResponse)(nil), "docker.swarmkit.v1.ListClustersResponse")
+	proto.RegisterType((*KeyRotation)(nil), "docker.swarmkit.v1.KeyRotation")
+	proto.RegisterType((*UpdateClusterRequest)(nil), "docker.swarmkit.v1.UpdateClusterRequest")
+	proto.RegisterType((*UpdateClusterResponse)(nil), "docker.swarmkit.v1.UpdateClusterResponse")
+	proto.RegisterType((*GetSecretRequest)(nil), "docker.swarmkit.v1.GetSecretRequest")
+	proto.RegisterType((*GetSecretResponse)(nil), "docker.swarmkit.v1.GetSecretResponse")
+	proto.RegisterType((*UpdateSecretRequest)(nil), "docker.swarmkit.v1.UpdateSecretRequest")
+	proto.RegisterType((*UpdateSecretResponse)(nil), "docker.swarmkit.v1.UpdateSecretResponse")
+	proto.RegisterType((*ListSecretsRequest)(nil), "docker.swarmkit.v1.ListSecretsRequest")
+	proto.RegisterType((*ListSecretsRequest_Filters)(nil), "docker.swarmkit.v1.ListSecretsRequest.Filters")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListSecretsRequest.Filters.LabelsEntry")
+	proto.RegisterType((*ListSecretsResponse)(nil), "docker.swarmkit.v1.ListSecretsResponse")
+	proto.RegisterType((*CreateSecretRequest)(nil), "docker.swarmkit.v1.CreateSecretRequest")
+	proto.RegisterType((*CreateSecretResponse)(nil), "docker.swarmkit.v1.CreateSecretResponse")
+	proto.RegisterType((*RemoveSecretRequest)(nil), "docker.swarmkit.v1.RemoveSecretRequest")
+	proto.RegisterType((*RemoveSecretResponse)(nil), "docker.swarmkit.v1.RemoveSecretResponse")
+	proto.RegisterType((*GetConfigRequest)(nil), "docker.swarmkit.v1.GetConfigRequest")
+	proto.RegisterType((*GetConfigResponse)(nil), "docker.swarmkit.v1.GetConfigResponse")
+	proto.RegisterType((*UpdateConfigRequest)(nil), "docker.swarmkit.v1.UpdateConfigRequest")
+	proto.RegisterType((*UpdateConfigResponse)(nil), "docker.swarmkit.v1.UpdateConfigResponse")
+	proto.RegisterType((*ListConfigsRequest)(nil), "docker.swarmkit.v1.ListConfigsRequest")
+	proto.RegisterType((*ListConfigsRequest_Filters)(nil), "docker.swarmkit.v1.ListConfigsRequest.Filters")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListConfigsRequest.Filters.LabelsEntry")
+	proto.RegisterType((*ListConfigsResponse)(nil), "docker.swarmkit.v1.ListConfigsResponse")
+	proto.RegisterType((*CreateConfigRequest)(nil), "docker.swarmkit.v1.CreateConfigRequest")
+	proto.RegisterType((*CreateConfigResponse)(nil), "docker.swarmkit.v1.CreateConfigResponse")
+	proto.RegisterType((*RemoveConfigRequest)(nil), "docker.swarmkit.v1.RemoveConfigRequest")
+	proto.RegisterType((*RemoveConfigResponse)(nil), "docker.swarmkit.v1.RemoveConfigResponse")
+	proto.RegisterType((*CreateExtensionRequest)(nil), "docker.swarmkit.v1.CreateExtensionRequest")
+	proto.RegisterType((*CreateExtensionResponse)(nil), "docker.swarmkit.v1.CreateExtensionResponse")
+	proto.RegisterType((*RemoveExtensionRequest)(nil), "docker.swarmkit.v1.RemoveExtensionRequest")
+	proto.RegisterType((*RemoveExtensionResponse)(nil), "docker.swarmkit.v1.RemoveExtensionResponse")
+	proto.RegisterType((*GetExtensionRequest)(nil), "docker.swarmkit.v1.GetExtensionRequest")
+	proto.RegisterType((*GetExtensionResponse)(nil), "docker.swarmkit.v1.GetExtensionResponse")
+	proto.RegisterType((*CreateResourceRequest)(nil), "docker.swarmkit.v1.CreateResourceRequest")
+	proto.RegisterType((*CreateResourceResponse)(nil), "docker.swarmkit.v1.CreateResourceResponse")
+	proto.RegisterType((*RemoveResourceRequest)(nil), "docker.swarmkit.v1.RemoveResourceRequest")
+	proto.RegisterType((*RemoveResourceResponse)(nil), "docker.swarmkit.v1.RemoveResourceResponse")
+	proto.RegisterType((*UpdateResourceRequest)(nil), "docker.swarmkit.v1.UpdateResourceRequest")
+	proto.RegisterType((*UpdateResourceResponse)(nil), "docker.swarmkit.v1.UpdateResourceResponse")
+	proto.RegisterType((*GetResourceRequest)(nil), "docker.swarmkit.v1.GetResourceRequest")
+	proto.RegisterType((*GetResourceResponse)(nil), "docker.swarmkit.v1.GetResourceResponse")
+	proto.RegisterType((*ListResourcesRequest)(nil), "docker.swarmkit.v1.ListResourcesRequest")
+	proto.RegisterType((*ListResourcesRequest_Filters)(nil), "docker.swarmkit.v1.ListResourcesRequest.Filters")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ListResourcesRequest.Filters.LabelsEntry")
+	proto.RegisterType((*ListResourcesResponse)(nil), "docker.swarmkit.v1.ListResourcesResponse")
 }
 
-func (m *RemoveNodeResponse) Copy() *RemoveNodeResponse {
-	if m == nil {
-		return nil
-	}
-	o := &RemoveNodeResponse{}
-	o.CopyFrom(m)
-	return o
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/control.proto", fileDescriptor_b37401dd08bf8930)
+}
+
+var fileDescriptor_b37401dd08bf8930 = []byte{
+	// 2778 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0xdb, 0x6f, 0x1b, 0x59,
+	0x19, 0x8f, 0x1d, 0x27, 0xb6, 0x3f, 0x27, 0x4e, 0x7a, 0x9a, 0xb6, 0x5e, 0xb7, 0x24, 0xd5, 0xf4,
+	0x12, 0xb7, 0x14, 0x7b, 0xd7, 0x65, 0xd9, 0xd2, 0xdd, 0x02, 0x4d, 0xd3, 0x8b, 0x7b, 0x49, 0xab,
+	0x49, 0x5a, 0xc1, 0x03, 0x8a, 0x1c, 0xfb, 0x24, 0x3b, 0xb5, 0x33, 0x63, 0x66, 0xc6, 0xdd, 0x46,
+	0x08, 0xc4, 0xa5, 0x88, 0x27, 0x24, 0x5e, 0x90, 0x10, 0x0f, 0x48, 0x3c, 0x21, 0x81, 0x84, 0x10,
+	0x4f, 0x3c, 0xf0, 0x07, 0x54, 0x3c, 0xed, 0xe3, 0x3e, 0x05, 0x36, 0x15, 0x12, 0x4f, 0xfc, 0x0b,
+	0xac, 0xce, 0x6d, 0x6e, 0x3e, 0x73, 0xf1, 0x45, 0xea, 0x3e, 0x25, 0x3e, 0xf3, 0xfb, 0x2e, 0xe7,
+	0xfb, 0xbe, 0xf9, 0x9d, 0x33, 0xdf, 0x39, 0x70, 0x65, 0x4f, 0xb3, 0x3f, 0xee, 0xef, 0x54, 0x5b,
+	0xc6, 0x7e, 0xad, 0x6d, 0xb4, 0x3a, 0xd8, 0xac, 0x59, 0x9f, 0x34, 0xcd, 0xfd, 0x8e, 0x66, 0xd7,
+	0x9a, 0x3d, 0xad, 0xd6, 0x32, 0x74, 0xdb, 0x34, 0xba, 0xd5, 0x9e, 0x69, 0xd8, 0x06, 0x42, 0x0c,
+	0x52, 0x15, 0x90, 0xea, 0x8b, 0xf7, 0xca, 0x97, 0x63, 0x34, 0x58, 0x3d, 0xdc, 0xb2, 0x98, 0x7c,
+	0x39, 0xce, 0x9a, 0xb1, 0xf3, 0x1c, 0xb7, 0x6c, 0x81, 0x8e, 0xd3, 0x6c, 0x1f, 0xf4, 0xb0, 0xc0,
+	0x2e, 0xed, 0x19, 0x7b, 0x06, 0xfd, 0xb7, 0x46, 0xfe, 0xe3, 0xa3, 0xef, 0xec, 0x19, 0xc6, 0x5e,
+	0x17, 0xd7, 0xe8, 0xaf, 0x9d, 0xfe, 0x6e, 0xad, 0xa9, 0x1f, 0xf0, 0x47, 0x1f, 0x44, 0x28, 0x77,
+	0xe0, 0xbd, 0x6e, 0x7f, 0x4f, 0xd3, 0xf9, 0x1f, 0x26, 0xa8, 0xbc, 0x0f, 0xc5, 0xbb, 0xd8, 0xde,
+	0x30, 0xda, 0x58, 0xc5, 0x3f, 0xe8, 0x63, 0xcb, 0x46, 0xe7, 0x20, 0xab, 0x1b, 0x6d, 0xbc, 0xad,
+	0xb5, 0x4b, 0xa9, 0xb3, 0xa9, 0x4a, 0x7e, 0x0d, 0x8e, 0x0e, 0x57, 0x66, 0x09, 0xa2, 0xb1, 0xae,
+	0xce, 0x92, 0x47, 0x8d, 0xb6, 0xf2, 0x6d, 0x58, 0x70, 0xc4, 0xac, 0x9e, 0xa1, 0x5b, 0x18, 0x5d,
+	0x81, 0x0c, 0x79, 0x48, 0x85, 0x0a, 0xf5, 0x52, 0x75, 0x30, 0xb8, 0x55, 0x8a, 0xa7, 0x28, 0xe5,
+	0xd5, 0x0c, 0x2c, 0x3e, 0xd4, 0x2c, 0xaa, 0xc2, 0x12, 0xa6, 0xef, 0x40, 0x76, 0x57, 0xeb, 0xda,
+	0xd8, 0xb4, 0xb8, 0x96, 0x2b, 0x32, 0x2d, 0x41, 0xb1, 0xea, 0x1d, 0x26, 0xa3, 0x0a, 0xe1, 0xf2,
+	0x1f, 0x33, 0x90, 0xe5, 0x83, 0x68, 0x09, 0x66, 0xf4, 0xe6, 0x3e, 0x26, 0x1a, 0xa7, 0x2b, 0x79,
+	0x95, 0xfd, 0x40, 0x35, 0x28, 0x68, 0xed, 0xed, 0x9e, 0x89, 0x77, 0xb5, 0x97, 0xd8, 0x2a, 0xa5,
+	0xc9, 0xb3, 0xb5, 0xe2, 0xd1, 0xe1, 0x0a, 0x34, 0xd6, 0x9f, 0xf0, 0x51, 0x15, 0xb4, 0xb6, 0xf8,
+	0x1f, 0x3d, 0x81, 0xd9, 0x6e, 0x73, 0x07, 0x77, 0xad, 0xd2, 0xf4, 0xd9, 0xe9, 0x4a, 0xa1, 0x7e,
+	0x6d, 0x18, 0xcf, 0xaa, 0x0f, 0xa9, 0xe8, 0x6d, 0xdd, 0x36, 0x0f, 0x54, 0xae, 0x07, 0x7d, 0x1f,
+	0x0a, 0x34, 0xce, 0x5c, 0x6d, 0x96, 0xaa, 0xfd, 0x68, 0x28, 0xb5, 0x64, 0xd0, 0xab, 0x1a, 0x74,
+	0x67, 0x00, 0x3d, 0x82, 0xc2, 0x3e, 0xde, 0xdf, 0xc1, 0xa6, 0xf5, 0xb1, 0xd6, 0xb3, 0x4a, 0x99,
+	0xb3, 0xd3, 0x95, 0x62, 0x7d, 0x35, 0x2c, 0x2b, 0x9b, 0x3d, 0xdc, 0xaa, 0x3e, 0x72, 0xf0, 0x6b,
+	0xe9, 0xc5, 0x29, 0xd5, 0x2b, 0x8f, 0xbe, 0x01, 0x33, 0xa6, 0xd1, 0xc5, 0x56, 0x69, 0x86, 0x2a,
+	0x3a, 0x13, 0x9a, 0x5e, 0xa3, 0x8b, 0xa9, 0x34, 0x83, 0xa3, 0x73, 0x30, 0x4f, 0x22, 0xee, 0x86,
+	0x7a, 0x96, 0xa6, 0x61, 0x8e, 0x0c, 0x8a, 0xe0, 0x96, 0xbf, 0x09, 0x05, 0xcf, 0x34, 0xd0, 0x22,
+	0x4c, 0x77, 0xf0, 0x01, 0xab, 0x3e, 0x95, 0xfc, 0x4b, 0x92, 0xf8, 0xa2, 0xd9, 0xed, 0xe3, 0x52,
+	0x9a, 0x8e, 0xb1, 0x1f, 0xd7, 0xd3, 0xd7, 0x52, 0xe5, 0x1b, 0xb0, 0x10, 0x88, 0xc2, 0x30, 0xe2,
+	0xca, 0x2d, 0x38, 0xe6, 0x89, 0x2e, 0xaf, 0xe4, 0x2a, 0xcc, 0x90, 0x40, 0xb2, 0x92, 0x89, 0x2a,
+	0x65, 0x06, 0x53, 0xfe, 0x94, 0x82, 0x63, 0x4f, 0x7b, 0xed, 0xa6, 0x8d, 0x87, 0x7d, 0x8f, 0xd0,
+	0xb7, 0x60, 0x8e, 0x82, 0x5e, 0x60, 0xd3, 0xd2, 0x0c, 0x9d, 0x3a, 0x58, 0xa8, 0x9f, 0x96, 0x59,
+	0x7c, 0xc6, 0x20, 0x2a, 0xad, 0x1a, 0xfe, 0x03, 0xbd, 0x0b, 0x19, 0xc2, 0x48, 0xa5, 0x69, 0x2a,
+	0x77, 0x26, 0x2a, 0xbd, 0x2a, 0x45, 0x2a, 0x6b, 0x80, 0xbc, 0xbe, 0x8e, 0xf4, 0xf2, 0x6e, 0xc0,
+	0x31, 0x15, 0xef, 0x1b, 0x2f, 0x86, 0x9f, 0xef, 0x12, 0xcc, 0xec, 0x1a, 0x66, 0x8b, 0x65, 0x22,
+	0xa7, 0xb2, 0x1f, 0xca, 0x12, 0x20, 0xaf, 0x3e, 0xe6, 0x13, 0xa7, 0xa6, 0xad, 0xa6, 0xd5, 0xf1,
+	0x98, 0xb0, 0x9b, 0x56, 0x27, 0x60, 0x82, 0x20, 0x88, 0x09, 0xf2, 0xc8, 0xa1, 0x26, 0x26, 0xe6,
+	0xce, 0x8e, 0x3c, 0x8c, 0x9a, 0x1d, 0xc5, 0x53, 0x94, 0x72, 0x4d, 0xcc, 0x6e, 0x68, 0xd3, 0xce,
+	0x3c, 0xbc, 0xd6, 0x95, 0x7f, 0x64, 0x18, 0xd5, 0x91, 0xc1, 0x11, 0xa8, 0xce, 0x2b, 0x36, 0x48,
+	0x75, 0xff, 0x9a, 0x7e, 0x7b, 0x54, 0x27, 0xf3, 0x4c, 0x4a, 0x75, 0x35, 0x28, 0x58, 0xd8, 0x7c,
+	0xa1, 0xb5, 0x48, 0x75, 0x30, 0x2e, 0xe2, 0x2e, 0x6c, 0xb2, 0xe1, 0xc6, 0xba, 0xa5, 0x02, 0x87,
+	0x34, 0xda, 0x16, 0xba, 0x08, 0x39, 0x5e, 0x4b, 0x8c, 0x70, 0xf2, 0x6b, 0x85, 0xa3, 0xc3, 0x95,
+	0x2c, 0x2b, 0x26, 0x4b, 0xcd, 0xb2, 0x6a, 0xb2, 0xd0, 0x3d, 0x28, 0xb6, 0xb1, 0xa5, 0x99, 0xb8,
+	0xbd, 0x6d, 0xd9, 0x4d, 0x9b, 0xd3, 0x4b, 0xb1, 0xfe, 0x95, 0xb0, 0x14, 0x6f, 0x12, 0x14, 0xe5,
+	0xa7, 0x79, 0x2e, 0x48, 0x47, 0x24, 0x3c, 0x95, 0x1d, 0xe4, 0x29, 0x54, 0x86, 0x9c, 0xd9, 0xd7,
+	0x6d, 0x8d, 0xc4, 0x38, 0x4f, 0x9f, 0x3b, 0xbf, 0xd1, 0x19, 0x80, 0x7e, 0x6f, 0xdb, 0x36, 0xb6,
+	0xc9, 0xbb, 0x55, 0xca, 0xd1, 0xf2, 0xce, 0xf5, 0x7b, 0x5b, 0xc6, 0x7a, 0xd3, 0xc6, 0x63, 0x30,
+	0x9c, 0xa0, 0x28, 0x1e, 0x6c, 0x97, 0xa2, 0x48, 0xcd, 0x45, 0x52, 0x14, 0x2d, 0x42, 0x06, 0x53,
+	0x1e, 0xc0, 0xd2, 0x2d, 0x13, 0x37, 0x6d, 0xcc, 0x03, 0x2e, 0xca, 0xf0, 0x2a, 0xe7, 0x0f, 0x56,
+	0x83, 0x2b, 0x32, 0x35, 0x5c, 0xc2, 0x43, 0x21, 0x1b, 0x70, 0x22, 0xa0, 0x8c, 0x7b, 0xf5, 0x3e,
+	0x64, 0x79, 0x12, 0xb9, 0xc2, 0xd3, 0x11, 0x0a, 0x55, 0x81, 0x55, 0x9e, 0xc3, 0xb1, 0xbb, 0xd8,
+	0x0e, 0x78, 0x76, 0x05, 0xc0, 0xad, 0x19, 0xfe, 0xce, 0xcd, 0x1f, 0x1d, 0xae, 0xe4, 0x9d, 0x92,
+	0x51, 0xf3, 0x4e, 0xc5, 0xa0, 0x55, 0x58, 0xd0, 0x74, 0x0b, 0x9b, 0xf6, 0x76, 0x1b, 0xef, 0x36,
+	0xfb, 0x5d, 0xdb, 0xe2, 0x0c, 0x53, 0x64, 0xc3, 0xeb, 0x7c, 0x54, 0x79, 0x00, 0xc8, 0x6b, 0x6b,
+	0x3c, 0xc7, 0xff, 0x96, 0x86, 0x25, 0x46, 0xa6, 0x63, 0x39, 0xbf, 0x0e, 0x0b, 0x02, 0x3d, 0xc4,
+	0x3a, 0x50, 0xe4, 0x32, 0x62, 0x29, 0xb8, 0xea, 0x5b, 0x0a, 0x92, 0xa5, 0x12, 0x3d, 0x82, 0x9c,
+	0x69, 0x74, 0xbb, 0x3b, 0xcd, 0x56, 0xa7, 0x94, 0x39, 0x9b, 0xaa, 0x14, 0xeb, 0xef, 0xc9, 0x04,
+	0x65, 0x93, 0xac, 0xaa, 0x5c, 0x50, 0x75, 0x54, 0x28, 0x0a, 0xe4, 0xc4, 0x28, 0xca, 0x41, 0x66,
+	0xe3, 0xf1, 0xc6, 0xed, 0xc5, 0x29, 0x34, 0x07, 0xb9, 0x27, 0xea, 0xed, 0x67, 0x8d, 0xc7, 0x4f,
+	0x37, 0x17, 0x53, 0xa4, 0x7a, 0x02, 0xea, 0xc6, 0x4b, 0xc2, 0x3a, 0x2c, 0x31, 0xd2, 0x1d, 0x27,
+	0x07, 0xca, 0x29, 0x38, 0x11, 0xd0, 0xc2, 0xd9, 0xfb, 0xd5, 0x34, 0x1c, 0x27, 0xef, 0x1f, 0x1f,
+	0x77, 0x08, 0xbc, 0x11, 0x24, 0xf0, 0x5a, 0x18, 0x4d, 0x06, 0x24, 0x07, 0x39, 0xfc, 0x0f, 0xe9,
+	0x89, 0x73, 0xf8, 0x66, 0x80, 0xc3, 0x3f, 0x1c, 0xd2, 0x39, 0x29, 0x8d, 0x0f, 0x70, 0x64, 0x26,
+	0x86, 0x23, 0x67, 0xfc, 0x1c, 0x39, 0x0e, 0x0b, 0x3e, 0x86, 0x25, 0xbf, 0xbb, 0xbc, 0x68, 0x3e,
+	0x80, 0x1c, 0x4f, 0xa2, 0xe0, 0xc2, 0xc8, 0xaa, 0x71, 0xc0, 0xca, 0x35, 0x28, 0x7b, 0x14, 0x92,
+	0x55, 0xa0, 0x6f, 0xb9, 0xd9, 0x2d, 0x07, 0xd4, 0xe6, 0x3d, 0x92, 0x7f, 0x4e, 0xc3, 0x69, 0xa9,
+	0x28, 0x77, 0xe9, 0x7b, 0x90, 0xb3, 0xf8, 0x18, 0x77, 0xe9, 0x46, 0x4c, 0xf4, 0x83, 0x2a, 0xaa,
+	0xbe, 0x71, 0xd5, 0x51, 0x57, 0xfe, 0x6b, 0x0a, 0xe6, 0x7d, 0xcf, 0x86, 0x64, 0x9a, 0x73, 0x20,
+	0x96, 0xbd, 0x6d, 0xb6, 0x7c, 0x90, 0x38, 0x67, 0xd4, 0x39, 0x3e, 0x48, 0xd7, 0x18, 0x02, 0x32,
+	0xfb, 0xba, 0xae, 0xe9, 0x7b, 0x1c, 0x34, 0xcd, 0x40, 0x7c, 0x90, 0x81, 0x56, 0x61, 0xa1, 0x65,
+	0xec, 0xf7, 0xba, 0xd8, 0x76, 0x74, 0x65, 0x28, 0xac, 0xe8, 0x0c, 0x6f, 0xf9, 0x57, 0x9e, 0x0d,
+	0x6c, 0x7f, 0x62, 0x98, 0x9d, 0x21, 0x56, 0x1e, 0x2e, 0x21, 0x5b, 0x79, 0x1c, 0x65, 0x2e, 0x77,
+	0xe8, 0x6c, 0x28, 0x8a, 0x3b, 0x84, 0x94, 0xc0, 0x2a, 0x4f, 0xe9, 0xca, 0x13, 0xf0, 0x0c, 0x41,
+	0x86, 0x54, 0x34, 0xaf, 0x4b, 0xfa, 0x3f, 0x09, 0x33, 0x97, 0x21, 0x61, 0x4e, 0xbb, 0x61, 0xe6,
+	0xb2, 0x24, 0xcc, 0x1c, 0xd0, 0x68, 0xf3, 0x45, 0x66, 0x42, 0x3e, 0x7e, 0x57, 0xf0, 0xdb, 0xc4,
+	0xdd, 0x74, 0x38, 0x2f, 0xe0, 0xa9, 0xf2, 0xdf, 0x34, 0xe3, 0x3c, 0x3e, 0x3e, 0x02, 0xe7, 0x05,
+	0x24, 0x07, 0x39, 0xef, 0x17, 0x6f, 0x91, 0xf3, 0x42, 0x9c, 0x1b, 0x99, 0xf3, 0x26, 0xc0, 0x6b,
+	0xae, 0x4b, 0x2e, 0xaf, 0xf1, 0x44, 0x45, 0xf2, 0x9a, 0xc8, 0x9c, 0x03, 0x56, 0x6e, 0xd2, 0x92,
+	0xbe, 0xd5, 0xed, 0x5b, 0x36, 0x36, 0x3d, 0x6b, 0x61, 0x8b, 0x8d, 0x04, 0x58, 0x82, 0xe3, 0x48,
+	0x5d, 0x70, 0x80, 0x53, 0xbe, 0x8e, 0x0a, 0xb7, 0x7c, 0x39, 0x24, 0xaa, 0x7c, 0x85, 0x94, 0xc0,
+	0x3a, 0xb5, 0xc4, 0x1f, 0x8c, 0x50, 0x4b, 0x01, 0xc9, 0x2f, 0x57, 0x2d, 0x85, 0x38, 0xf7, 0x36,
+	0x6b, 0xc9, 0x75, 0xc9, 0xad, 0x25, 0x9e, 0x8d, 0xc8, 0x5a, 0x12, 0xa9, 0x73, 0xc0, 0xca, 0x6f,
+	0x52, 0x50, 0x78, 0x80, 0x0f, 0x54, 0xc3, 0x6e, 0xda, 0x64, 0x8b, 0x79, 0x19, 0x8e, 0x91, 0x22,
+	0xc3, 0xe6, 0xf6, 0x73, 0x43, 0xd3, 0xb7, 0x6d, 0xa3, 0x83, 0x75, 0xea, 0x5a, 0x4e, 0x5d, 0x60,
+	0x0f, 0xee, 0x1b, 0x9a, 0xbe, 0x45, 0x86, 0xd1, 0x15, 0x40, 0xfb, 0x4d, 0xbd, 0xb9, 0xe7, 0x07,
+	0xb3, 0x4d, 0xf9, 0x22, 0x7f, 0x22, 0x45, 0xf7, 0xf5, 0xae, 0xd1, 0xea, 0x6c, 0x93, 0x59, 0x4f,
+	0xfb, 0xd0, 0x4f, 0xe9, 0x83, 0x07, 0xf8, 0x40, 0xf9, 0x99, 0xb3, 0xef, 0x1e, 0xa7, 0xce, 0xc9,
+	0xbe, 0x5b, 0xa0, 0x87, 0xd9, 0x77, 0x73, 0x99, 0x21, 0xf6, 0xdd, 0xdc, 0xba, 0x67, 0xdf, 0x7d,
+	0x93, 0xec, 0xbb, 0x59, 0x54, 0xe9, 0xba, 0x19, 0x22, 0xe8, 0x09, 0xfe, 0x5a, 0xe6, 0xf5, 0xe1,
+	0xca, 0x94, 0xea, 0x88, 0xb9, 0xfb, 0xe8, 0x09, 0xbd, 0xa8, 0x37, 0x60, 0x91, 0x7e, 0x19, 0xb5,
+	0x4c, 0x6c, 0x8b, 0x78, 0x5e, 0x82, 0xbc, 0x45, 0x07, 0xdc, 0x70, 0xce, 0x1d, 0x1d, 0xae, 0xe4,
+	0x18, 0xaa, 0xb1, 0x4e, 0x76, 0x45, 0xf4, 0xbf, 0xb6, 0x72, 0x97, 0x7f, 0xc4, 0x31, 0x71, 0xee,
+	0x4a, 0x1d, 0x66, 0x19, 0x80, 0x7b, 0x52, 0x96, 0xef, 0xcd, 0xa8, 0x0c, 0x47, 0x2a, 0x7f, 0x4f,
+	0xc1, 0x71, 0xf1, 0x81, 0x30, 0x9a, 0x2f, 0x68, 0x0d, 0x8a, 0x1c, 0x3a, 0x44, 0x5e, 0xe7, 0x99,
+	0x88, 0x48, 0x6b, 0xdd, 0x97, 0xd6, 0xe5, 0x70, 0xc7, 0x3d, 0xdb, 0x93, 0xfb, 0xee, 0xe7, 0xe0,
+	0xd8, 0x61, 0xf8, 0x4f, 0x1a, 0x10, 0xdb, 0x22, 0x92, 0x9f, 0x0e, 0x6d, 0xde, 0x0b, 0xd2, 0x66,
+	0x35, 0x7c, 0x6f, 0xe9, 0x15, 0x1c, 0x64, 0xcd, 0x57, 0x93, 0x67, 0x4d, 0x35, 0xc0, 0x9a, 0xd7,
+	0x87, 0xf3, 0xed, 0xad, 0x90, 0xe6, 0x03, 0xf1, 0x79, 0xc7, 0x3d, 0xe2, 0x29, 0xfb, 0x3a, 0xf9,
+	0x18, 0xa5, 0x43, 0x9c, 0x32, 0xa3, 0x72, 0x26, 0xa0, 0x4a, 0x03, 0x8e, 0x8b, 0xce, 0x88, 0xb7,
+	0x74, 0xeb, 0xbe, 0xbd, 0x6e, 0xe2, 0x5a, 0xf2, 0xab, 0x1a, 0xa3, 0x96, 0xbe, 0x03, 0xc7, 0xc5,
+	0xc7, 0xed, 0x88, 0x6f, 0xf7, 0x49, 0xf7, 0x23, 0xdb, 0xeb, 0x0d, 0x27, 0x8d, 0x5b, 0x86, 0xbe,
+	0xab, 0xed, 0x79, 0xd4, 0xb6, 0xe8, 0x40, 0x40, 0x2d, 0x43, 0x11, 0xb5, 0xec, 0xb1, 0x43, 0x1a,
+	0x42, 0xdc, 0x9d, 0x21, 0x03, 0x44, 0xcd, 0x90, 0xcb, 0x70, 0xa4, 0x87, 0x34, 0x46, 0xf5, 0x85,
+	0x90, 0x06, 0x87, 0x0e, 0x43, 0x1a, 0x4c, 0x64, 0x08, 0xd2, 0x60, 0x96, 0x65, 0xa4, 0x31, 0x81,
+	0x30, 0x08, 0xd2, 0x60, 0xc3, 0x23, 0x90, 0x86, 0x5f, 0xf0, 0xcb, 0x45, 0x1a, 0x72, 0xdf, 0xde,
+	0x26, 0x69, 0x38, 0x1e, 0xb9, 0xa4, 0xc1, 0x12, 0x11, 0x49, 0x1a, 0x3c, 0x67, 0x02, 0xea, 0x92,
+	0x86, 0xbf, 0x74, 0x13, 0x90, 0x86, 0xac, 0x96, 0xfc, 0xaa, 0xc6, 0xa8, 0x25, 0x87, 0x34, 0x46,
+	0x7e, 0xbb, 0x1d, 0xd2, 0xf0, 0x7b, 0xa3, 0xfc, 0x08, 0x4e, 0x32, 0x2f, 0x6f, 0xbf, 0xb4, 0xb1,
+	0x4e, 0xdf, 0x23, 0xae, 0xfc, 0x26, 0x14, 0x9a, 0xba, 0xce, 0x77, 0x38, 0x56, 0x54, 0x6f, 0xe0,
+	0xa6, 0x0b, 0x53, 0xbd, 0x32, 0xe8, 0x2c, 0x14, 0xda, 0xd8, 0x6a, 0x99, 0x5a, 0xcf, 0x16, 0xef,
+	0x70, 0x5e, 0xf5, 0x0e, 0x29, 0xcf, 0xe0, 0xd4, 0x80, 0x79, 0x1e, 0xa7, 0x0f, 0x21, 0x8f, 0xc5,
+	0x20, 0xb7, 0x2e, 0x3d, 0x4a, 0x70, 0x25, 0x5d, 0xbc, 0xf2, 0x10, 0x4e, 0xb2, 0xe9, 0x0e, 0x4c,
+	0xab, 0x0e, 0x73, 0x0e, 0xcc, 0x0d, 0xdb, 0xc2, 0xd1, 0xe1, 0x4a, 0xc1, 0xc1, 0x36, 0xd6, 0xd5,
+	0x82, 0x03, 0x6a, 0xb4, 0x95, 0x77, 0xe0, 0xd4, 0x80, 0x36, 0x1e, 0xbf, 0x06, 0x1c, 0xbf, 0x8b,
+	0xed, 0x89, 0x58, 0xd9, 0x84, 0x25, 0xbf, 0xaa, 0x49, 0x04, 0xe2, 0xf7, 0x29, 0xd1, 0xa6, 0x51,
+	0xb1, 0x65, 0xf4, 0x4d, 0xb7, 0x27, 0x3b, 0x81, 0xfc, 0x22, 0xc8, 0x74, 0x34, 0x9d, 0x37, 0x37,
+	0x54, 0xfa, 0x3f, 0xaa, 0x42, 0xb6, 0xd7, 0x3c, 0xe8, 0x1a, 0xcd, 0x36, 0x67, 0xde, 0xa5, 0x2a,
+	0xbb, 0x2a, 0x51, 0x15, 0x77, 0x1f, 0xaa, 0x37, 0xf5, 0x03, 0x55, 0x80, 0x14, 0x55, 0x14, 0xa0,
+	0xeb, 0x1f, 0x9f, 0xf7, 0x35, 0xc8, 0x99, 0x7c, 0x8c, 0x7b, 0x27, 0x3d, 0x53, 0x75, 0xe4, 0x1c,
+	0xb4, 0x72, 0x4f, 0x34, 0x53, 0x82, 0x73, 0xae, 0x41, 0x41, 0x80, 0xdc, 0xac, 0x50, 0x42, 0x14,
+	0xc8, 0xc6, 0xba, 0x0a, 0x02, 0xd2, 0x68, 0x2b, 0x25, 0x51, 0x47, 0x41, 0xef, 0x94, 0x9f, 0xa7,
+	0xc5, 0x9e, 0x7f, 0x5c, 0x23, 0xe8, 0x0e, 0x2c, 0x3a, 0x02, 0x43, 0xac, 0x77, 0x0b, 0x42, 0x48,
+	0xac, 0x78, 0x81, 0x8c, 0x4e, 0x8f, 0x90, 0x51, 0x4f, 0xf6, 0x32, 0x09, 0xb3, 0x17, 0x0c, 0xc2,
+	0xd8, 0xd9, 0xbb, 0x4d, 0x5b, 0x1e, 0x63, 0xa7, 0xee, 0x31, 0x7d, 0x33, 0x27, 0xe8, 0xd7, 0xff,
+	0xd3, 0xec, 0x9b, 0x5e, 0x3c, 0x72, 0x96, 0xf4, 0xfb, 0xc1, 0x25, 0xfd, 0xdd, 0xb0, 0x65, 0x33,
+	0x28, 0x3a, 0xb8, 0xa8, 0xff, 0x6e, 0xf2, 0x8b, 0xfa, 0x56, 0x60, 0x51, 0xff, 0x68, 0x58, 0xef,
+	0x46, 0x3f, 0x80, 0x10, 0x04, 0x31, 0xe3, 0x12, 0xc4, 0x38, 0x4b, 0xfd, 0x26, 0x9c, 0x08, 0xf8,
+	0xc9, 0x93, 0x7a, 0x1d, 0xf2, 0x22, 0x4d, 0x62, 0xb9, 0x8f, 0xce, 0xaa, 0x0b, 0xaf, 0xff, 0xf2,
+	0x3c, 0x64, 0x6f, 0xb1, 0xbb, 0x68, 0x48, 0x83, 0x2c, 0xbf, 0x4a, 0x85, 0x14, 0x99, 0xbc, 0xff,
+	0x7a, 0x56, 0xf9, 0x5c, 0x24, 0x86, 0x13, 0xc5, 0x89, 0x7f, 0xfe, 0xe5, 0x7f, 0xbf, 0x4d, 0x2f,
+	0xc0, 0x3c, 0x05, 0x7d, 0x8d, 0x37, 0x50, 0x90, 0x01, 0x79, 0xe7, 0xb6, 0x0b, 0x3a, 0x9f, 0xe4,
+	0xaa, 0x51, 0xf9, 0x42, 0x0c, 0x2a, 0xda, 0xa0, 0x09, 0xe0, 0x5e, 0x36, 0x41, 0x17, 0xc2, 0x8f,
+	0x16, 0xbd, 0x33, 0xbc, 0x18, 0x07, 0x8b, 0xb5, 0xe9, 0x5e, 0x26, 0x91, 0xdb, 0x1c, 0xb8, 0xbc,
+	0x22, 0xb7, 0x29, 0xb9, 0x93, 0x12, 0x62, 0x93, 0xe5, 0x70, 0xab, 0x69, 0x75, 0x42, 0x73, 0xe8,
+	0xb9, 0x4c, 0x12, 0x9a, 0x43, 0xdf, 0xb5, 0x91, 0xe8, 0x1c, 0xb2, 0x53, 0x98, 0xf3, 0x49, 0xae,
+	0x66, 0x84, 0xe7, 0xd0, 0x77, 0xa7, 0x20, 0x36, 0x9e, 0x74, 0x7a, 0x11, 0xf1, 0xf4, 0xce, 0xf0,
+	0x62, 0x1c, 0x2c, 0xd6, 0xa6, 0x7b, 0x4a, 0x2f, 0xb7, 0x39, 0x70, 0x63, 0x40, 0x6e, 0x73, 0xf0,
+	0xb0, 0x3f, 0xcc, 0xe6, 0x4b, 0x98, 0xf3, 0x9e, 0x30, 0xa2, 0xd5, 0x84, 0x47, 0xa6, 0xe5, 0x4a,
+	0x3c, 0x30, 0xda, 0xf2, 0x0f, 0x61, 0xde, 0x77, 0x9f, 0x02, 0x49, 0x35, 0xca, 0xee, 0x6f, 0x94,
+	0x2f, 0x25, 0x40, 0xc6, 0x1a, 0xf7, 0x1d, 0xc7, 0xcb, 0x8d, 0xcb, 0x2e, 0x00, 0xc8, 0x8d, 0x4b,
+	0xcf, 0xf6, 0x23, 0x8c, 0xfb, 0x4e, 0xdd, 0xe5, 0xc6, 0x65, 0xc7, 0xfb, 0x72, 0xe3, 0xf2, 0x23,
+	0xfc, 0x10, 0xe3, 0xbf, 0x4a, 0xf9, 0x4e, 0xf6, 0xc5, 0x21, 0x2c, 0xaa, 0x26, 0x3e, 0xad, 0x65,
+	0x9e, 0xd4, 0x86, 0x3c, 0xdd, 0x8d, 0x2e, 0x7a, 0x7e, 0xa2, 0x13, 0x5a, 0xf4, 0xfe, 0x53, 0xc0,
+	0xd0, 0xa2, 0x0f, 0x1e, 0xe9, 0x45, 0x17, 0xbd, 0x38, 0x7e, 0x0a, 0x2f, 0xfa, 0xc0, 0x99, 0x59,
+	0x78, 0xd1, 0x07, 0x4f, 0xb2, 0x62, 0x8b, 0x5e, 0x4c, 0x38, 0xa2, 0xe8, 0x03, 0x73, 0xbe, 0x94,
+	0x00, 0x99, 0xb0, 0xee, 0x22, 0x8d, 0xcb, 0x8e, 0x5d, 0xa3, 0xea, 0x2e, 0xa1, 0x71, 0x96, 0x67,
+	0xde, 0x7f, 0x0f, 0xcd, 0xb3, 0xff, 0x64, 0x23, 0x34, 0xcf, 0x81, 0xe6, 0x7f, 0x4c, 0x9e, 0xc5,
+	0xd1, 0x50, 0x78, 0x9e, 0x03, 0xe7, 0x59, 0xe1, 0x79, 0x0e, 0x9e, 0x32, 0xc5, 0xf2, 0x8b, 0x98,
+	0x70, 0x04, 0xbf, 0x04, 0xe6, 0x7c, 0x29, 0x01, 0x32, 0x76, 0xb1, 0x74, 0x0e, 0x25, 0xe4, 0x8b,
+	0x65, 0xf0, 0xc8, 0xa3, 0x7c, 0x21, 0x06, 0x15, 0x1b, 0x67, 0xef, 0x09, 0x80, 0x3c, 0xce, 0x92,
+	0xd3, 0x8d, 0x72, 0x25, 0x1e, 0x18, 0x6d, 0xb9, 0x0f, 0x05, 0x4f, 0x1f, 0x1b, 0x5d, 0x4c, 0xd6,
+	0x7a, 0x2f, 0xaf, 0xc6, 0xe2, 0x62, 0x27, 0xec, 0x6d, 0x53, 0xcb, 0x27, 0x2c, 0xe9, 0x89, 0x97,
+	0x2b, 0xf1, 0xc0, 0x58, 0xcb, 0xde, 0x96, 0xb4, 0xdc, 0xb2, 0xa4, 0xed, 0x5d, 0xae, 0xc4, 0x03,
+	0x93, 0x54, 0x15, 0x6b, 0x6a, 0x85, 0x56, 0x95, 0xaf, 0x6b, 0x16, 0x5a, 0x55, 0x81, 0xce, 0x58,
+	0x5c, 0x55, 0x71, 0x9b, 0x11, 0x55, 0xe5, 0x37, 0x5b, 0x89, 0x07, 0x26, 0xaa, 0x2a, 0xde, 0xe8,
+	0x0c, 0xaf, 0x2a, 0x7f, 0x6f, 0x36, 0xbc, 0xaa, 0x02, 0x1d, 0xd3, 0xd8, 0xaa, 0x8a, 0x9a, 0xb0,
+	0xa4, 0x69, 0x1a, 0x55, 0x55, 0x89, 0x43, 0xed, 0xed, 0x59, 0x46, 0x55, 0x55, 0x02, 0xcb, 0xd2,
+	0xf6, 0x67, 0xb8, 0x65, 0x6f, 0x2b, 0x4e, 0x6e, 0x59, 0xd2, 0xf7, 0x93, 0x5b, 0x96, 0x75, 0xf5,
+	0xc2, 0x2c, 0xff, 0x34, 0x05, 0x0b, 0x81, 0x8e, 0x28, 0xba, 0x1c, 0x1e, 0xc8, 0x01, 0x07, 0xbe,
+	0x9a, 0x08, 0x1b, 0xef, 0x43, 0xa0, 0xdf, 0x29, 0xf7, 0x41, 0xde, 0x62, 0x95, 0xfb, 0x10, 0xd6,
+	0x40, 0x0d, 0x2f, 0x76, 0x4f, 0xf7, 0x06, 0x85, 0x2d, 0xb9, 0x81, 0x2e, 0x51, 0x79, 0x35, 0x16,
+	0x17, 0x6d, 0xf6, 0xc7, 0x50, 0xf4, 0xf7, 0xb3, 0x50, 0xc4, 0xc2, 0x17, 0x34, 0x7e, 0x39, 0x09,
+	0x34, 0x76, 0x85, 0xf6, 0x75, 0x38, 0x50, 0x25, 0x69, 0xb3, 0x46, 0xbe, 0x42, 0x4b, 0xdb, 0x25,
+	0x11, 0x93, 0xf7, 0xb7, 0x62, 0x51, 0xc4, 0xee, 0x2e, 0xd1, 0xe4, 0xe5, 0x9d, 0xdd, 0x08, 0xfb,
+	0xfe, 0x66, 0x2b, 0x8a, 0xd8, 0xe0, 0x25, 0xb2, 0x1f, 0xd2, 0xbb, 0x95, 0xdb, 0x5f, 0x3b, 0xff,
+	0xfa, 0xf3, 0xe5, 0xa9, 0xcf, 0x3e, 0x5f, 0x9e, 0xfa, 0xc9, 0xd1, 0x72, 0xea, 0xf5, 0xd1, 0x72,
+	0xea, 0xd3, 0xa3, 0xe5, 0xd4, 0xbf, 0x8f, 0x96, 0x53, 0xbf, 0x7e, 0xb3, 0x3c, 0xf5, 0xe9, 0x9b,
+	0xe5, 0xa9, 0xcf, 0xde, 0x2c, 0x4f, 0xed, 0xcc, 0xd2, 0x4e, 0xe8, 0xd5, 0x2f, 0x02, 0x00, 0x00,
+	0xff, 0xff, 0xf1, 0x75, 0x17, 0x2e, 0xe0, 0x38, 0x00, 0x00,
 }
 
-func (m *RemoveNodeResponse) CopyFrom(src interface{}) {}
-func (m *GetTaskRequest) Copy() *GetTaskRequest {
-	if m == nil {
-		return nil
+type authenticatedWrapperControlServer struct {
+	local     ControlServer
+	authorize func(context.Context, []string) error
+}
+
+func NewAuthenticatedWrapperControlServer(local ControlServer, authorize func(context.Context, []string) error) ControlServer {
+	return &authenticatedWrapperControlServer{
+		local:     local,
+		authorize: authorize,
 	}
-	o := &GetTaskRequest{}
-	o.CopyFrom(m)
-	return o
 }
 
-func (m *GetTaskRequest) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) GetNode(ctx context.Context, r *GetNodeRequest) (*GetNodeResponse, error) {
 
-	o := src.(*GetTaskRequest)
-	*m = *o
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.GetNode(ctx, r)
 }
 
-func (m *GetTaskResponse) Copy() *GetTaskResponse {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) ListNodes(ctx context.Context, r *ListNodesRequest) (*ListNodesResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &GetTaskResponse{}
-	o.CopyFrom(m)
-	return o
+	return p.local.ListNodes(ctx, r)
 }
 
-func (m *GetTaskResponse) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) UpdateNode(ctx context.Context, r *UpdateNodeRequest) (*UpdateNodeResponse, error) {
 
-	o := src.(*GetTaskResponse)
-	*m = *o
-	if o.Task != nil {
-		m.Task = &Task{}
-		deepcopy.Copy(m.Task, o.Task)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.UpdateNode(ctx, r)
 }
 
-func (m *RemoveTaskRequest) Copy() *RemoveTaskRequest {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) RemoveNode(ctx context.Context, r *RemoveNodeRequest) (*RemoveNodeResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &RemoveTaskRequest{}
-	o.CopyFrom(m)
-	return o
+	return p.local.RemoveNode(ctx, r)
 }
 
-func (m *RemoveTaskRequest) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) GetTask(ctx context.Context, r *GetTaskRequest) (*GetTaskResponse, error) {
 
-	o := src.(*RemoveTaskRequest)
-	*m = *o
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.GetTask(ctx, r)
 }
 
-func (m *RemoveTaskResponse) Copy() *RemoveTaskResponse {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) ListTasks(ctx context.Context, r *ListTasksRequest) (*ListTasksResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &RemoveTaskResponse{}
-	o.CopyFrom(m)
-	return o
+	return p.local.ListTasks(ctx, r)
 }
 
-func (m *RemoveTaskResponse) CopyFrom(src interface{}) {}
-func (m *ListTasksRequest) Copy() *ListTasksRequest {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) RemoveTask(ctx context.Context, r *RemoveTaskRequest) (*RemoveTaskResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &ListTasksRequest{}
-	o.CopyFrom(m)
-	return o
+	return p.local.RemoveTask(ctx, r)
 }
 
-func (m *ListTasksRequest) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) GetService(ctx context.Context, r *GetServiceRequest) (*GetServiceResponse, error) {
 
-	o := src.(*ListTasksRequest)
-	*m = *o
-	if o.Filters != nil {
-		m.Filters = &ListTasksRequest_Filters{}
-		deepcopy.Copy(m.Filters, o.Filters)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.GetService(ctx, r)
 }
 
-func (m *ListTasksRequest_Filters) Copy() *ListTasksRequest_Filters {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) ListServices(ctx context.Context, r *ListServicesRequest) (*ListServicesResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &ListTasksRequest_Filters{}
-	o.CopyFrom(m)
-	return o
+	return p.local.ListServices(ctx, r)
 }
 
-func (m *ListTasksRequest_Filters) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) CreateService(ctx context.Context, r *CreateServiceRequest) (*CreateServiceResponse, error) {
 
-	o := src.(*ListTasksRequest_Filters)
-	*m = *o
-	if o.Names != nil {
-		m.Names = make([]string, len(o.Names))
-		copy(m.Names, o.Names)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.CreateService(ctx, r)
+}
 
-	if o.IDPrefixes != nil {
-		m.IDPrefixes = make([]string, len(o.IDPrefixes))
-		copy(m.IDPrefixes, o.IDPrefixes)
-	}
+func (p *authenticatedWrapperControlServer) UpdateService(ctx context.Context, r *UpdateServiceRequest) (*UpdateServiceResponse, error) {
 
-	if o.Labels != nil {
-		m.Labels = make(map[string]string, len(o.Labels))
-		for k, v := range o.Labels {
-			m.Labels[k] = v
-		}
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.UpdateService(ctx, r)
+}
 
-	if o.ServiceIDs != nil {
-		m.ServiceIDs = make([]string, len(o.ServiceIDs))
-		copy(m.ServiceIDs, o.ServiceIDs)
-	}
+func (p *authenticatedWrapperControlServer) RemoveService(ctx context.Context, r *RemoveServiceRequest) (*RemoveServiceResponse, error) {
 
-	if o.NodeIDs != nil {
-		m.NodeIDs = make([]string, len(o.NodeIDs))
-		copy(m.NodeIDs, o.NodeIDs)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.RemoveService(ctx, r)
+}
 
-	if o.DesiredStates != nil {
-		m.DesiredStates = make([]TaskState, len(o.DesiredStates))
-		copy(m.DesiredStates, o.DesiredStates)
-	}
+func (p *authenticatedWrapperControlServer) ListServiceStatuses(ctx context.Context, r *ListServiceStatusesRequest) (*ListServiceStatusesResponse, error) {
 
-	if o.NamePrefixes != nil {
-		m.NamePrefixes = make([]string, len(o.NamePrefixes))
-		copy(m.NamePrefixes, o.NamePrefixes)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.ListServiceStatuses(ctx, r)
+}
 
-	if o.Runtimes != nil {
-		m.Runtimes = make([]string, len(o.Runtimes))
-		copy(m.Runtimes, o.Runtimes)
-	}
+func (p *authenticatedWrapperControlServer) GetNetwork(ctx context.Context, r *GetNetworkRequest) (*GetNetworkResponse, error) {
 
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.GetNetwork(ctx, r)
 }
 
-func (m *ListTasksResponse) Copy() *ListTasksResponse {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) ListNetworks(ctx context.Context, r *ListNetworksRequest) (*ListNetworksResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &ListTasksResponse{}
-	o.CopyFrom(m)
-	return o
+	return p.local.ListNetworks(ctx, r)
 }
 
-func (m *ListTasksResponse) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) CreateNetwork(ctx context.Context, r *CreateNetworkRequest) (*CreateNetworkResponse, error) {
 
-	o := src.(*ListTasksResponse)
-	*m = *o
-	if o.Tasks != nil {
-		m.Tasks = make([]*Task, len(o.Tasks))
-		for i := range m.Tasks {
-			m.Tasks[i] = &Task{}
-			deepcopy.Copy(m.Tasks[i], o.Tasks[i])
-		}
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.CreateNetwork(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) RemoveNetwork(ctx context.Context, r *RemoveNetworkRequest) (*RemoveNetworkResponse, error) {
 
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.RemoveNetwork(ctx, r)
 }
 
-func (m *CreateServiceRequest) Copy() *CreateServiceRequest {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) GetCluster(ctx context.Context, r *GetClusterRequest) (*GetClusterResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &CreateServiceRequest{}
-	o.CopyFrom(m)
-	return o
+	return p.local.GetCluster(ctx, r)
 }
 
-func (m *CreateServiceRequest) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) ListClusters(ctx context.Context, r *ListClustersRequest) (*ListClustersResponse, error) {
 
-	o := src.(*CreateServiceRequest)
-	*m = *o
-	if o.Spec != nil {
-		m.Spec = &ServiceSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.ListClusters(ctx, r)
 }
 
-func (m *CreateServiceResponse) Copy() *CreateServiceResponse {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) UpdateCluster(ctx context.Context, r *UpdateClusterRequest) (*UpdateClusterResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &CreateServiceResponse{}
-	o.CopyFrom(m)
-	return o
+	return p.local.UpdateCluster(ctx, r)
 }
 
-func (m *CreateServiceResponse) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) GetSecret(ctx context.Context, r *GetSecretRequest) (*GetSecretResponse, error) {
 
-	o := src.(*CreateServiceResponse)
-	*m = *o
-	if o.Service != nil {
-		m.Service = &Service{}
-		deepcopy.Copy(m.Service, o.Service)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.GetSecret(ctx, r)
 }
 
-func (m *GetServiceRequest) Copy() *GetServiceRequest {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) UpdateSecret(ctx context.Context, r *UpdateSecretRequest) (*UpdateSecretResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &GetServiceRequest{}
-	o.CopyFrom(m)
-	return o
+	return p.local.UpdateSecret(ctx, r)
 }
 
-func (m *GetServiceRequest) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) ListSecrets(ctx context.Context, r *ListSecretsRequest) (*ListSecretsResponse, error) {
 
-	o := src.(*GetServiceRequest)
-	*m = *o
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.ListSecrets(ctx, r)
 }
 
-func (m *GetServiceResponse) Copy() *GetServiceResponse {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) CreateSecret(ctx context.Context, r *CreateSecretRequest) (*CreateSecretResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &GetServiceResponse{}
-	o.CopyFrom(m)
-	return o
+	return p.local.CreateSecret(ctx, r)
 }
 
-func (m *GetServiceResponse) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) RemoveSecret(ctx context.Context, r *RemoveSecretRequest) (*RemoveSecretResponse, error) {
 
-	o := src.(*GetServiceResponse)
-	*m = *o
-	if o.Service != nil {
-		m.Service = &Service{}
-		deepcopy.Copy(m.Service, o.Service)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.RemoveSecret(ctx, r)
 }
 
-func (m *UpdateServiceRequest) Copy() *UpdateServiceRequest {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) GetConfig(ctx context.Context, r *GetConfigRequest) (*GetConfigResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &UpdateServiceRequest{}
-	o.CopyFrom(m)
-	return o
+	return p.local.GetConfig(ctx, r)
 }
 
-func (m *UpdateServiceRequest) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) UpdateConfig(ctx context.Context, r *UpdateConfigRequest) (*UpdateConfigResponse, error) {
 
-	o := src.(*UpdateServiceRequest)
-	*m = *o
-	if o.ServiceVersion != nil {
-		m.ServiceVersion = &Version{}
-		deepcopy.Copy(m.ServiceVersion, o.ServiceVersion)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	if o.Spec != nil {
-		m.Spec = &ServiceSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
+	return p.local.UpdateConfig(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) ListConfigs(ctx context.Context, r *ListConfigsRequest) (*ListConfigsResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.ListConfigs(ctx, r)
 }
 
-func (m *UpdateServiceResponse) Copy() *UpdateServiceResponse {
-	if m == nil {
-		return nil
+func (p *authenticatedWrapperControlServer) CreateConfig(ctx context.Context, r *CreateConfigRequest) (*CreateConfigResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
-	o := &UpdateServiceResponse{}
-	o.CopyFrom(m)
-	return o
+	return p.local.CreateConfig(ctx, r)
 }
 
-func (m *UpdateServiceResponse) CopyFrom(src interface{}) {
+func (p *authenticatedWrapperControlServer) RemoveConfig(ctx context.Context, r *RemoveConfigRequest) (*RemoveConfigResponse, error) {
 
-	o := src.(*UpdateServiceResponse)
-	*m = *o
-	if o.Service != nil {
-		m.Service = &Service{}
-		deepcopy.Copy(m.Service, o.Service)
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
 	}
+	return p.local.RemoveConfig(ctx, r)
 }
 
-func (m *RemoveServiceRequest) Copy() *RemoveServiceRequest {
+func (p *authenticatedWrapperControlServer) GetExtension(ctx context.Context, r *GetExtensionRequest) (*GetExtensionResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.GetExtension(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) CreateExtension(ctx context.Context, r *CreateExtensionRequest) (*CreateExtensionResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.CreateExtension(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) RemoveExtension(ctx context.Context, r *RemoveExtensionRequest) (*RemoveExtensionResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.RemoveExtension(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) GetResource(ctx context.Context, r *GetResourceRequest) (*GetResourceResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.GetResource(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) UpdateResource(ctx context.Context, r *UpdateResourceRequest) (*UpdateResourceResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.UpdateResource(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) ListResources(ctx context.Context, r *ListResourcesRequest) (*ListResourcesResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.ListResources(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) CreateResource(ctx context.Context, r *CreateResourceRequest) (*CreateResourceResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.CreateResource(ctx, r)
+}
+
+func (p *authenticatedWrapperControlServer) RemoveResource(ctx context.Context, r *RemoveResourceRequest) (*RemoveResourceResponse, error) {
+
+	if err := p.authorize(ctx, []string{"swarm-manager"}); err != nil {
+		return nil, err
+	}
+	return p.local.RemoveResource(ctx, r)
+}
+
+func (m *GetNodeRequest) Copy() *GetNodeRequest {
 	if m == nil {
 		return nil
 	}
-	o := &RemoveServiceRequest{}
+	o := &GetNodeRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *RemoveServiceRequest) CopyFrom(src interface{}) {
+func (m *GetNodeRequest) CopyFrom(src interface{}) {
 
-	o := src.(*RemoveServiceRequest)
+	o := src.(*GetNodeRequest)
 	*m = *o
 }
 
-func (m *RemoveServiceResponse) Copy() *RemoveServiceResponse {
+func (m *GetNodeResponse) Copy() *GetNodeResponse {
 	if m == nil {
 		return nil
 	}
-	o := &RemoveServiceResponse{}
+	o := &GetNodeResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *RemoveServiceResponse) CopyFrom(src interface{}) {}
-func (m *ListServicesRequest) Copy() *ListServicesRequest {
+func (m *GetNodeResponse) CopyFrom(src interface{}) {
+
+	o := src.(*GetNodeResponse)
+	*m = *o
+	if o.Node != nil {
+		m.Node = &Node{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Node, o.Node)
+	}
+}
+
+func (m *ListNodesRequest) Copy() *ListNodesRequest {
 	if m == nil {
 		return nil
 	}
-	o := &ListServicesRequest{}
+	o := &ListNodesRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListServicesRequest) CopyFrom(src interface{}) {
+func (m *ListNodesRequest) CopyFrom(src interface{}) {
 
-	o := src.(*ListServicesRequest)
+	o := src.(*ListNodesRequest)
 	*m = *o
 	if o.Filters != nil {
-		m.Filters = &ListServicesRequest_Filters{}
-		deepcopy.Copy(m.Filters, o.Filters)
+		m.Filters = &ListNodesRequest_Filters{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters, o.Filters)
 	}
 }
 
-func (m *ListServicesRequest_Filters) Copy() *ListServicesRequest_Filters {
+func (m *ListNodesRequest_Filters) Copy() *ListNodesRequest_Filters {
 	if m == nil {
 		return nil
 	}
-	o := &ListServicesRequest_Filters{}
+	o := &ListNodesRequest_Filters{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListServicesRequest_Filters) CopyFrom(src interface{}) {
+func (m *ListNodesRequest_Filters) CopyFrom(src interface{}) {
 
-	o := src.(*ListServicesRequest_Filters)
+	o := src.(*ListNodesRequest_Filters)
 	*m = *o
 	if o.Names != nil {
 		m.Names = make([]string, len(o.Names))
@@ -1569,169 +4018,210 @@ func (m *ListServicesRequest_Filters) CopyFrom(src interface{}) {
 		}
 	}
 
+	if o.NodeLabels != nil {
+		m.NodeLabels = make(map[string]string, len(o.NodeLabels))
+		for k, v := range o.NodeLabels {
+			m.NodeLabels[k] = v
+		}
+	}
+
+	if o.Memberships != nil {
+		m.Memberships = make([]NodeSpec_Membership, len(o.Memberships))
+		copy(m.Memberships, o.Memberships)
+	}
+
+	if o.Roles != nil {
+		m.Roles = make([]NodeRole, len(o.Roles))
+		copy(m.Roles, o.Roles)
+	}
+
 	if o.NamePrefixes != nil {
 		m.NamePrefixes = make([]string, len(o.NamePrefixes))
 		copy(m.NamePrefixes, o.NamePrefixes)
 	}
 
-	if o.Runtimes != nil {
-		m.Runtimes = make([]string, len(o.Runtimes))
-		copy(m.Runtimes, o.Runtimes)
-	}
-
 }
 
-func (m *ListServicesResponse) Copy() *ListServicesResponse {
+func (m *ListNodesResponse) Copy() *ListNodesResponse {
 	if m == nil {
 		return nil
 	}
-	o := &ListServicesResponse{}
+	o := &ListNodesResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListServicesResponse) CopyFrom(src interface{}) {
+func (m *ListNodesResponse) CopyFrom(src interface{}) {
 
-	o := src.(*ListServicesResponse)
+	o := src.(*ListNodesResponse)
 	*m = *o
-	if o.Services != nil {
-		m.Services = make([]*Service, len(o.Services))
-		for i := range m.Services {
-			m.Services[i] = &Service{}
-			deepcopy.Copy(m.Services[i], o.Services[i])
+	if o.Nodes != nil {
+		m.Nodes = make([]*Node, len(o.Nodes))
+		for i := range m.Nodes {
+			m.Nodes[i] = &Node{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Nodes[i], o.Nodes[i])
 		}
 	}
 
 }
 
-func (m *CreateNetworkRequest) Copy() *CreateNetworkRequest {
+func (m *UpdateNodeRequest) Copy() *UpdateNodeRequest {
 	if m == nil {
 		return nil
 	}
-	o := &CreateNetworkRequest{}
+	o := &UpdateNodeRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *CreateNetworkRequest) CopyFrom(src interface{}) {
+func (m *UpdateNodeRequest) CopyFrom(src interface{}) {
 
-	o := src.(*CreateNetworkRequest)
+	o := src.(*UpdateNodeRequest)
 	*m = *o
+	if o.NodeVersion != nil {
+		m.NodeVersion = &Version{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.NodeVersion, o.NodeVersion)
+	}
 	if o.Spec != nil {
-		m.Spec = &NetworkSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
+		m.Spec = &NodeSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
 	}
 }
 
-func (m *CreateNetworkResponse) Copy() *CreateNetworkResponse {
+func (m *UpdateNodeResponse) Copy() *UpdateNodeResponse {
 	if m == nil {
 		return nil
 	}
-	o := &CreateNetworkResponse{}
+	o := &UpdateNodeResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *CreateNetworkResponse) CopyFrom(src interface{}) {
+func (m *UpdateNodeResponse) CopyFrom(src interface{}) {
 
-	o := src.(*CreateNetworkResponse)
+	o := src.(*UpdateNodeResponse)
 	*m = *o
-	if o.Network != nil {
-		m.Network = &Network{}
-		deepcopy.Copy(m.Network, o.Network)
+	if o.Node != nil {
+		m.Node = &Node{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Node, o.Node)
 	}
 }
 
-func (m *GetNetworkRequest) Copy() *GetNetworkRequest {
+func (m *RemoveNodeRequest) Copy() *RemoveNodeRequest {
 	if m == nil {
 		return nil
 	}
-	o := &GetNetworkRequest{}
+	o := &RemoveNodeRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *GetNetworkRequest) CopyFrom(src interface{}) {
+func (m *RemoveNodeRequest) CopyFrom(src interface{}) {
 
-	o := src.(*GetNetworkRequest)
+	o := src.(*RemoveNodeRequest)
 	*m = *o
 }
 
-func (m *GetNetworkResponse) Copy() *GetNetworkResponse {
+func (m *RemoveNodeResponse) Copy() *RemoveNodeResponse {
 	if m == nil {
 		return nil
 	}
-	o := &GetNetworkResponse{}
+	o := &RemoveNodeResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *GetNetworkResponse) CopyFrom(src interface{}) {
+func (m *RemoveNodeResponse) CopyFrom(src interface{}) {}
+func (m *GetTaskRequest) Copy() *GetTaskRequest {
+	if m == nil {
+		return nil
+	}
+	o := &GetTaskRequest{}
+	o.CopyFrom(m)
+	return o
+}
 
-	o := src.(*GetNetworkResponse)
+func (m *GetTaskRequest) CopyFrom(src interface{}) {
+
+	o := src.(*GetTaskRequest)
 	*m = *o
-	if o.Network != nil {
-		m.Network = &Network{}
-		deepcopy.Copy(m.Network, o.Network)
+}
+
+func (m *GetTaskResponse) Copy() *GetTaskResponse {
+	if m == nil {
+		return nil
 	}
+	o := &GetTaskResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (m *RemoveNetworkRequest) Copy() *RemoveNetworkRequest {
+func (m *GetTaskResponse) CopyFrom(src interface{}) {
+
+	o := src.(*GetTaskResponse)
+	*m = *o
+	if o.Task != nil {
+		m.Task = &Task{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Task, o.Task)
+	}
+}
+
+func (m *RemoveTaskRequest) Copy() *RemoveTaskRequest {
 	if m == nil {
 		return nil
 	}
-	o := &RemoveNetworkRequest{}
+	o := &RemoveTaskRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *RemoveNetworkRequest) CopyFrom(src interface{}) {
+func (m *RemoveTaskRequest) CopyFrom(src interface{}) {
 
-	o := src.(*RemoveNetworkRequest)
+	o := src.(*RemoveTaskRequest)
 	*m = *o
 }
 
-func (m *RemoveNetworkResponse) Copy() *RemoveNetworkResponse {
+func (m *RemoveTaskResponse) Copy() *RemoveTaskResponse {
 	if m == nil {
 		return nil
 	}
-	o := &RemoveNetworkResponse{}
+	o := &RemoveTaskResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *RemoveNetworkResponse) CopyFrom(src interface{}) {}
-func (m *ListNetworksRequest) Copy() *ListNetworksRequest {
+func (m *RemoveTaskResponse) CopyFrom(src interface{}) {}
+func (m *ListTasksRequest) Copy() *ListTasksRequest {
 	if m == nil {
 		return nil
 	}
-	o := &ListNetworksRequest{}
+	o := &ListTasksRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListNetworksRequest) CopyFrom(src interface{}) {
+func (m *ListTasksRequest) CopyFrom(src interface{}) {
 
-	o := src.(*ListNetworksRequest)
+	o := src.(*ListTasksRequest)
 	*m = *o
 	if o.Filters != nil {
-		m.Filters = &ListNetworksRequest_Filters{}
-		deepcopy.Copy(m.Filters, o.Filters)
+		m.Filters = &ListTasksRequest_Filters{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters, o.Filters)
 	}
 }
 
-func (m *ListNetworksRequest_Filters) Copy() *ListNetworksRequest_Filters {
+func (m *ListTasksRequest_Filters) Copy() *ListTasksRequest_Filters {
 	if m == nil {
 		return nil
 	}
-	o := &ListNetworksRequest_Filters{}
+	o := &ListTasksRequest_Filters{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListNetworksRequest_Filters) CopyFrom(src interface{}) {
+func (m *ListTasksRequest_Filters) CopyFrom(src interface{}) {
 
-	o := src.(*ListNetworksRequest_Filters)
+	o := src.(*ListTasksRequest_Filters)
 	*m = *o
 	if o.Names != nil {
 		m.Names = make([]string, len(o.Names))
@@ -1750,314 +4240,226 @@ func (m *ListNetworksRequest_Filters) CopyFrom(src interface{}) {
 		}
 	}
 
+	if o.ServiceIDs != nil {
+		m.ServiceIDs = make([]string, len(o.ServiceIDs))
+		copy(m.ServiceIDs, o.ServiceIDs)
+	}
+
+	if o.NodeIDs != nil {
+		m.NodeIDs = make([]string, len(o.NodeIDs))
+		copy(m.NodeIDs, o.NodeIDs)
+	}
+
+	if o.DesiredStates != nil {
+		m.DesiredStates = make([]TaskState, len(o.DesiredStates))
+		copy(m.DesiredStates, o.DesiredStates)
+	}
+
 	if o.NamePrefixes != nil {
 		m.NamePrefixes = make([]string, len(o.NamePrefixes))
 		copy(m.NamePrefixes, o.NamePrefixes)
 	}
 
+	if o.Runtimes != nil {
+		m.Runtimes = make([]string, len(o.Runtimes))
+		copy(m.Runtimes, o.Runtimes)
+	}
+
 }
 
-func (m *ListNetworksResponse) Copy() *ListNetworksResponse {
+func (m *ListTasksResponse) Copy() *ListTasksResponse {
 	if m == nil {
 		return nil
 	}
-	o := &ListNetworksResponse{}
+	o := &ListTasksResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListNetworksResponse) CopyFrom(src interface{}) {
+func (m *ListTasksResponse) CopyFrom(src interface{}) {
 
-	o := src.(*ListNetworksResponse)
+	o := src.(*ListTasksResponse)
 	*m = *o
-	if o.Networks != nil {
-		m.Networks = make([]*Network, len(o.Networks))
-		for i := range m.Networks {
-			m.Networks[i] = &Network{}
-			deepcopy.Copy(m.Networks[i], o.Networks[i])
+	if o.Tasks != nil {
+		m.Tasks = make([]*Task, len(o.Tasks))
+		for i := range m.Tasks {
+			m.Tasks[i] = &Task{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Tasks[i], o.Tasks[i])
 		}
 	}
 
 }
 
-func (m *GetClusterRequest) Copy() *GetClusterRequest {
+func (m *CreateServiceRequest) Copy() *CreateServiceRequest {
 	if m == nil {
 		return nil
 	}
-	o := &GetClusterRequest{}
+	o := &CreateServiceRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *GetClusterRequest) CopyFrom(src interface{}) {
+func (m *CreateServiceRequest) CopyFrom(src interface{}) {
 
-	o := src.(*GetClusterRequest)
+	o := src.(*CreateServiceRequest)
 	*m = *o
+	if o.Spec != nil {
+		m.Spec = &ServiceSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
+	}
 }
 
-func (m *GetClusterResponse) Copy() *GetClusterResponse {
+func (m *CreateServiceResponse) Copy() *CreateServiceResponse {
 	if m == nil {
 		return nil
 	}
-	o := &GetClusterResponse{}
+	o := &CreateServiceResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *GetClusterResponse) CopyFrom(src interface{}) {
+func (m *CreateServiceResponse) CopyFrom(src interface{}) {
 
-	o := src.(*GetClusterResponse)
+	o := src.(*CreateServiceResponse)
 	*m = *o
-	if o.Cluster != nil {
-		m.Cluster = &Cluster{}
-		deepcopy.Copy(m.Cluster, o.Cluster)
+	if o.Service != nil {
+		m.Service = &Service{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Service, o.Service)
 	}
 }
 
-func (m *ListClustersRequest) Copy() *ListClustersRequest {
+func (m *GetServiceRequest) Copy() *GetServiceRequest {
 	if m == nil {
 		return nil
 	}
-	o := &ListClustersRequest{}
+	o := &GetServiceRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListClustersRequest) CopyFrom(src interface{}) {
+func (m *GetServiceRequest) CopyFrom(src interface{}) {
 
-	o := src.(*ListClustersRequest)
+	o := src.(*GetServiceRequest)
 	*m = *o
-	if o.Filters != nil {
-		m.Filters = &ListClustersRequest_Filters{}
-		deepcopy.Copy(m.Filters, o.Filters)
-	}
 }
 
-func (m *ListClustersRequest_Filters) Copy() *ListClustersRequest_Filters {
+func (m *GetServiceResponse) Copy() *GetServiceResponse {
 	if m == nil {
 		return nil
 	}
-	o := &ListClustersRequest_Filters{}
+	o := &GetServiceResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListClustersRequest_Filters) CopyFrom(src interface{}) {
+func (m *GetServiceResponse) CopyFrom(src interface{}) {
 
-	o := src.(*ListClustersRequest_Filters)
+	o := src.(*GetServiceResponse)
 	*m = *o
-	if o.Names != nil {
-		m.Names = make([]string, len(o.Names))
-		copy(m.Names, o.Names)
+	if o.Service != nil {
+		m.Service = &Service{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Service, o.Service)
 	}
+}
 
-	if o.IDPrefixes != nil {
-		m.IDPrefixes = make([]string, len(o.IDPrefixes))
-		copy(m.IDPrefixes, o.IDPrefixes)
+func (m *UpdateServiceRequest) Copy() *UpdateServiceRequest {
+	if m == nil {
+		return nil
 	}
+	o := &UpdateServiceRequest{}
+	o.CopyFrom(m)
+	return o
+}
 
-	if o.Labels != nil {
-		m.Labels = make(map[string]string, len(o.Labels))
-		for k, v := range o.Labels {
-			m.Labels[k] = v
-		}
-	}
+func (m *UpdateServiceRequest) CopyFrom(src interface{}) {
 
-	if o.NamePrefixes != nil {
-		m.NamePrefixes = make([]string, len(o.NamePrefixes))
-		copy(m.NamePrefixes, o.NamePrefixes)
+	o := src.(*UpdateServiceRequest)
+	*m = *o
+	if o.ServiceVersion != nil {
+		m.ServiceVersion = &Version{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.ServiceVersion, o.ServiceVersion)
+	}
+	if o.Spec != nil {
+		m.Spec = &ServiceSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
 	}
-
 }
 
-func (m *ListClustersResponse) Copy() *ListClustersResponse {
+func (m *UpdateServiceResponse) Copy() *UpdateServiceResponse {
 	if m == nil {
 		return nil
 	}
-	o := &ListClustersResponse{}
+	o := &UpdateServiceResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListClustersResponse) CopyFrom(src interface{}) {
+func (m *UpdateServiceResponse) CopyFrom(src interface{}) {
 
-	o := src.(*ListClustersResponse)
+	o := src.(*UpdateServiceResponse)
 	*m = *o
-	if o.Clusters != nil {
-		m.Clusters = make([]*Cluster, len(o.Clusters))
-		for i := range m.Clusters {
-			m.Clusters[i] = &Cluster{}
-			deepcopy.Copy(m.Clusters[i], o.Clusters[i])
-		}
+	if o.Service != nil {
+		m.Service = &Service{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Service, o.Service)
 	}
-
 }
 
-func (m *KeyRotation) Copy() *KeyRotation {
+func (m *RemoveServiceRequest) Copy() *RemoveServiceRequest {
 	if m == nil {
 		return nil
 	}
-	o := &KeyRotation{}
+	o := &RemoveServiceRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *KeyRotation) CopyFrom(src interface{}) {
+func (m *RemoveServiceRequest) CopyFrom(src interface{}) {
 
-	o := src.(*KeyRotation)
+	o := src.(*RemoveServiceRequest)
 	*m = *o
 }
 
-func (m *UpdateClusterRequest) Copy() *UpdateClusterRequest {
+func (m *RemoveServiceResponse) Copy() *RemoveServiceResponse {
 	if m == nil {
 		return nil
 	}
-	o := &UpdateClusterRequest{}
+	o := &RemoveServiceResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *UpdateClusterRequest) CopyFrom(src interface{}) {
-
-	o := src.(*UpdateClusterRequest)
-	*m = *o
-	if o.ClusterVersion != nil {
-		m.ClusterVersion = &Version{}
-		deepcopy.Copy(m.ClusterVersion, o.ClusterVersion)
-	}
-	if o.Spec != nil {
-		m.Spec = &ClusterSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
-	}
-	deepcopy.Copy(&m.Rotation, &o.Rotation)
-}
-
-func (m *UpdateClusterResponse) Copy() *UpdateClusterResponse {
-	if m == nil {
-		return nil
-	}
-	o := &UpdateClusterResponse{}
-	o.CopyFrom(m)
-	return o
-}
-
-func (m *UpdateClusterResponse) CopyFrom(src interface{}) {
-
-	o := src.(*UpdateClusterResponse)
-	*m = *o
-	if o.Cluster != nil {
-		m.Cluster = &Cluster{}
-		deepcopy.Copy(m.Cluster, o.Cluster)
-	}
-}
-
-func (m *GetSecretRequest) Copy() *GetSecretRequest {
-	if m == nil {
-		return nil
-	}
-	o := &GetSecretRequest{}
-	o.CopyFrom(m)
-	return o
-}
-
-func (m *GetSecretRequest) CopyFrom(src interface{}) {
-
-	o := src.(*GetSecretRequest)
-	*m = *o
-}
-
-func (m *GetSecretResponse) Copy() *GetSecretResponse {
-	if m == nil {
-		return nil
-	}
-	o := &GetSecretResponse{}
-	o.CopyFrom(m)
-	return o
-}
-
-func (m *GetSecretResponse) CopyFrom(src interface{}) {
-
-	o := src.(*GetSecretResponse)
-	*m = *o
-	if o.Secret != nil {
-		m.Secret = &Secret{}
-		deepcopy.Copy(m.Secret, o.Secret)
-	}
-}
-
-func (m *UpdateSecretRequest) Copy() *UpdateSecretRequest {
-	if m == nil {
-		return nil
-	}
-	o := &UpdateSecretRequest{}
-	o.CopyFrom(m)
-	return o
-}
-
-func (m *UpdateSecretRequest) CopyFrom(src interface{}) {
-
-	o := src.(*UpdateSecretRequest)
-	*m = *o
-	if o.SecretVersion != nil {
-		m.SecretVersion = &Version{}
-		deepcopy.Copy(m.SecretVersion, o.SecretVersion)
-	}
-	if o.Spec != nil {
-		m.Spec = &SecretSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
-	}
-}
-
-func (m *UpdateSecretResponse) Copy() *UpdateSecretResponse {
-	if m == nil {
-		return nil
-	}
-	o := &UpdateSecretResponse{}
-	o.CopyFrom(m)
-	return o
-}
-
-func (m *UpdateSecretResponse) CopyFrom(src interface{}) {
-
-	o := src.(*UpdateSecretResponse)
-	*m = *o
-	if o.Secret != nil {
-		m.Secret = &Secret{}
-		deepcopy.Copy(m.Secret, o.Secret)
-	}
-}
-
-func (m *ListSecretsRequest) Copy() *ListSecretsRequest {
+func (m *RemoveServiceResponse) CopyFrom(src interface{}) {}
+func (m *ListServicesRequest) Copy() *ListServicesRequest {
 	if m == nil {
 		return nil
 	}
-	o := &ListSecretsRequest{}
+	o := &ListServicesRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListSecretsRequest) CopyFrom(src interface{}) {
+func (m *ListServicesRequest) CopyFrom(src interface{}) {
 
-	o := src.(*ListSecretsRequest)
+	o := src.(*ListServicesRequest)
 	*m = *o
 	if o.Filters != nil {
-		m.Filters = &ListSecretsRequest_Filters{}
-		deepcopy.Copy(m.Filters, o.Filters)
+		m.Filters = &ListServicesRequest_Filters{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters, o.Filters)
 	}
 }
 
-func (m *ListSecretsRequest_Filters) Copy() *ListSecretsRequest_Filters {
+func (m *ListServicesRequest_Filters) Copy() *ListServicesRequest_Filters {
 	if m == nil {
 		return nil
 	}
-	o := &ListSecretsRequest_Filters{}
+	o := &ListServicesRequest_Filters{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListSecretsRequest_Filters) CopyFrom(src interface{}) {
+func (m *ListServicesRequest_Filters) CopyFrom(src interface{}) {
 
-	o := src.(*ListSecretsRequest_Filters)
+	o := src.(*ListServicesRequest_Filters)
 	*m = *o
 	if o.Names != nil {
 		m.Names = make([]string, len(o.Names))
@@ -2081,201 +4483,222 @@ func (m *ListSecretsRequest_Filters) CopyFrom(src interface{}) {
 		copy(m.NamePrefixes, o.NamePrefixes)
 	}
 
+	if o.Runtimes != nil {
+		m.Runtimes = make([]string, len(o.Runtimes))
+		copy(m.Runtimes, o.Runtimes)
+	}
+
 }
 
-func (m *ListSecretsResponse) Copy() *ListSecretsResponse {
+func (m *ListServicesResponse) Copy() *ListServicesResponse {
 	if m == nil {
 		return nil
 	}
-	o := &ListSecretsResponse{}
+	o := &ListServicesResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListSecretsResponse) CopyFrom(src interface{}) {
+func (m *ListServicesResponse) CopyFrom(src interface{}) {
 
-	o := src.(*ListSecretsResponse)
+	o := src.(*ListServicesResponse)
 	*m = *o
-	if o.Secrets != nil {
-		m.Secrets = make([]*Secret, len(o.Secrets))
-		for i := range m.Secrets {
-			m.Secrets[i] = &Secret{}
-			deepcopy.Copy(m.Secrets[i], o.Secrets[i])
+	if o.Services != nil {
+		m.Services = make([]*Service, len(o.Services))
+		for i := range m.Services {
+			m.Services[i] = &Service{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Services[i], o.Services[i])
 		}
 	}
 
 }
 
-func (m *CreateSecretRequest) Copy() *CreateSecretRequest {
+func (m *ListServiceStatusesRequest) Copy() *ListServiceStatusesRequest {
 	if m == nil {
 		return nil
 	}
-	o := &CreateSecretRequest{}
+	o := &ListServiceStatusesRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *CreateSecretRequest) CopyFrom(src interface{}) {
+func (m *ListServiceStatusesRequest) CopyFrom(src interface{}) {
 
-	o := src.(*CreateSecretRequest)
+	o := src.(*ListServiceStatusesRequest)
 	*m = *o
-	if o.Spec != nil {
-		m.Spec = &SecretSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
+	if o.Services != nil {
+		m.Services = make([]string, len(o.Services))
+		copy(m.Services, o.Services)
 	}
+
 }
 
-func (m *CreateSecretResponse) Copy() *CreateSecretResponse {
+func (m *ListServiceStatusesResponse) Copy() *ListServiceStatusesResponse {
 	if m == nil {
 		return nil
 	}
-	o := &CreateSecretResponse{}
+	o := &ListServiceStatusesResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *CreateSecretResponse) CopyFrom(src interface{}) {
+func (m *ListServiceStatusesResponse) CopyFrom(src interface{}) {
 
-	o := src.(*CreateSecretResponse)
+	o := src.(*ListServiceStatusesResponse)
 	*m = *o
-	if o.Secret != nil {
-		m.Secret = &Secret{}
-		deepcopy.Copy(m.Secret, o.Secret)
+	if o.Statuses != nil {
+		m.Statuses = make([]*ListServiceStatusesResponse_ServiceStatus, len(o.Statuses))
+		for i := range m.Statuses {
+			m.Statuses[i] = &ListServiceStatusesResponse_ServiceStatus{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Statuses[i], o.Statuses[i])
+		}
 	}
+
 }
 
-func (m *RemoveSecretRequest) Copy() *RemoveSecretRequest {
+func (m *ListServiceStatusesResponse_ServiceStatus) Copy() *ListServiceStatusesResponse_ServiceStatus {
 	if m == nil {
 		return nil
 	}
-	o := &RemoveSecretRequest{}
+	o := &ListServiceStatusesResponse_ServiceStatus{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *RemoveSecretRequest) CopyFrom(src interface{}) {
+func (m *ListServiceStatusesResponse_ServiceStatus) CopyFrom(src interface{}) {
 
-	o := src.(*RemoveSecretRequest)
+	o := src.(*ListServiceStatusesResponse_ServiceStatus)
 	*m = *o
 }
 
-func (m *RemoveSecretResponse) Copy() *RemoveSecretResponse {
+func (m *CreateNetworkRequest) Copy() *CreateNetworkRequest {
 	if m == nil {
 		return nil
 	}
-	o := &RemoveSecretResponse{}
+	o := &CreateNetworkRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *RemoveSecretResponse) CopyFrom(src interface{}) {}
-func (m *GetConfigRequest) Copy() *GetConfigRequest {
+func (m *CreateNetworkRequest) CopyFrom(src interface{}) {
+
+	o := src.(*CreateNetworkRequest)
+	*m = *o
+	if o.Spec != nil {
+		m.Spec = &NetworkSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
+	}
+}
+
+func (m *CreateNetworkResponse) Copy() *CreateNetworkResponse {
 	if m == nil {
 		return nil
 	}
-	o := &GetConfigRequest{}
+	o := &CreateNetworkResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *GetConfigRequest) CopyFrom(src interface{}) {
+func (m *CreateNetworkResponse) CopyFrom(src interface{}) {
 
-	o := src.(*GetConfigRequest)
+	o := src.(*CreateNetworkResponse)
 	*m = *o
+	if o.Network != nil {
+		m.Network = &Network{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Network, o.Network)
+	}
 }
 
-func (m *GetConfigResponse) Copy() *GetConfigResponse {
+func (m *GetNetworkRequest) Copy() *GetNetworkRequest {
 	if m == nil {
 		return nil
 	}
-	o := &GetConfigResponse{}
+	o := &GetNetworkRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *GetConfigResponse) CopyFrom(src interface{}) {
+func (m *GetNetworkRequest) CopyFrom(src interface{}) {
 
-	o := src.(*GetConfigResponse)
+	o := src.(*GetNetworkRequest)
 	*m = *o
-	if o.Config != nil {
-		m.Config = &Config{}
-		deepcopy.Copy(m.Config, o.Config)
-	}
 }
 
-func (m *UpdateConfigRequest) Copy() *UpdateConfigRequest {
+func (m *GetNetworkResponse) Copy() *GetNetworkResponse {
 	if m == nil {
 		return nil
 	}
-	o := &UpdateConfigRequest{}
+	o := &GetNetworkResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *UpdateConfigRequest) CopyFrom(src interface{}) {
+func (m *GetNetworkResponse) CopyFrom(src interface{}) {
 
-	o := src.(*UpdateConfigRequest)
+	o := src.(*GetNetworkResponse)
 	*m = *o
-	if o.ConfigVersion != nil {
-		m.ConfigVersion = &Version{}
-		deepcopy.Copy(m.ConfigVersion, o.ConfigVersion)
-	}
-	if o.Spec != nil {
-		m.Spec = &ConfigSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
+	if o.Network != nil {
+		m.Network = &Network{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Network, o.Network)
 	}
 }
 
-func (m *UpdateConfigResponse) Copy() *UpdateConfigResponse {
+func (m *RemoveNetworkRequest) Copy() *RemoveNetworkRequest {
 	if m == nil {
 		return nil
 	}
-	o := &UpdateConfigResponse{}
+	o := &RemoveNetworkRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *UpdateConfigResponse) CopyFrom(src interface{}) {
+func (m *RemoveNetworkRequest) CopyFrom(src interface{}) {
 
-	o := src.(*UpdateConfigResponse)
+	o := src.(*RemoveNetworkRequest)
 	*m = *o
-	if o.Config != nil {
-		m.Config = &Config{}
-		deepcopy.Copy(m.Config, o.Config)
+}
+
+func (m *RemoveNetworkResponse) Copy() *RemoveNetworkResponse {
+	if m == nil {
+		return nil
 	}
+	o := &RemoveNetworkResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (m *ListConfigsRequest) Copy() *ListConfigsRequest {
+func (m *RemoveNetworkResponse) CopyFrom(src interface{}) {}
+func (m *ListNetworksRequest) Copy() *ListNetworksRequest {
 	if m == nil {
 		return nil
 	}
-	o := &ListConfigsRequest{}
+	o := &ListNetworksRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListConfigsRequest) CopyFrom(src interface{}) {
+func (m *ListNetworksRequest) CopyFrom(src interface{}) {
 
-	o := src.(*ListConfigsRequest)
+	o := src.(*ListNetworksRequest)
 	*m = *o
 	if o.Filters != nil {
-		m.Filters = &ListConfigsRequest_Filters{}
-		deepcopy.Copy(m.Filters, o.Filters)
+		m.Filters = &ListNetworksRequest_Filters{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters, o.Filters)
 	}
 }
 
-func (m *ListConfigsRequest_Filters) Copy() *ListConfigsRequest_Filters {
+func (m *ListNetworksRequest_Filters) Copy() *ListNetworksRequest_Filters {
 	if m == nil {
 		return nil
 	}
-	o := &ListConfigsRequest_Filters{}
+	o := &ListNetworksRequest_Filters{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListConfigsRequest_Filters) CopyFrom(src interface{}) {
+func (m *ListNetworksRequest_Filters) CopyFrom(src interface{}) {
 
-	o := src.(*ListConfigsRequest_Filters)
+	o := src.(*ListNetworksRequest_Filters)
 	*m = *o
 	if o.Names != nil {
 		m.Names = make([]string, len(o.Names))
@@ -2301,6371 +4724,12632 @@ func (m *ListConfigsRequest_Filters) CopyFrom(src interface{}) {
 
 }
 
-func (m *ListConfigsResponse) Copy() *ListConfigsResponse {
+func (m *ListNetworksResponse) Copy() *ListNetworksResponse {
 	if m == nil {
 		return nil
 	}
-	o := &ListConfigsResponse{}
+	o := &ListNetworksResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *ListConfigsResponse) CopyFrom(src interface{}) {
+func (m *ListNetworksResponse) CopyFrom(src interface{}) {
 
-	o := src.(*ListConfigsResponse)
+	o := src.(*ListNetworksResponse)
 	*m = *o
-	if o.Configs != nil {
-		m.Configs = make([]*Config, len(o.Configs))
-		for i := range m.Configs {
-			m.Configs[i] = &Config{}
-			deepcopy.Copy(m.Configs[i], o.Configs[i])
+	if o.Networks != nil {
+		m.Networks = make([]*Network, len(o.Networks))
+		for i := range m.Networks {
+			m.Networks[i] = &Network{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Networks[i], o.Networks[i])
 		}
 	}
 
 }
 
-func (m *CreateConfigRequest) Copy() *CreateConfigRequest {
+func (m *GetClusterRequest) Copy() *GetClusterRequest {
 	if m == nil {
 		return nil
 	}
-	o := &CreateConfigRequest{}
+	o := &GetClusterRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *CreateConfigRequest) CopyFrom(src interface{}) {
+func (m *GetClusterRequest) CopyFrom(src interface{}) {
 
-	o := src.(*CreateConfigRequest)
+	o := src.(*GetClusterRequest)
 	*m = *o
-	if o.Spec != nil {
-		m.Spec = &ConfigSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
-	}
 }
 
-func (m *CreateConfigResponse) Copy() *CreateConfigResponse {
+func (m *GetClusterResponse) Copy() *GetClusterResponse {
 	if m == nil {
 		return nil
 	}
-	o := &CreateConfigResponse{}
+	o := &GetClusterResponse{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *CreateConfigResponse) CopyFrom(src interface{}) {
+func (m *GetClusterResponse) CopyFrom(src interface{}) {
 
-	o := src.(*CreateConfigResponse)
+	o := src.(*GetClusterResponse)
 	*m = *o
-	if o.Config != nil {
-		m.Config = &Config{}
-		deepcopy.Copy(m.Config, o.Config)
+	if o.Cluster != nil {
+		m.Cluster = &Cluster{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Cluster, o.Cluster)
 	}
 }
 
-func (m *RemoveConfigRequest) Copy() *RemoveConfigRequest {
+func (m *ListClustersRequest) Copy() *ListClustersRequest {
 	if m == nil {
 		return nil
 	}
-	o := &RemoveConfigRequest{}
+	o := &ListClustersRequest{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *RemoveConfigRequest) CopyFrom(src interface{}) {
+func (m *ListClustersRequest) CopyFrom(src interface{}) {
 
-	o := src.(*RemoveConfigRequest)
+	o := src.(*ListClustersRequest)
 	*m = *o
+	if o.Filters != nil {
+		m.Filters = &ListClustersRequest_Filters{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters, o.Filters)
+	}
 }
 
-func (m *RemoveConfigResponse) Copy() *RemoveConfigResponse {
+func (m *ListClustersRequest_Filters) Copy() *ListClustersRequest_Filters {
 	if m == nil {
 		return nil
 	}
-	o := &RemoveConfigResponse{}
+	o := &ListClustersRequest_Filters{}
 	o.CopyFrom(m)
 	return o
 }
 
-func (m *RemoveConfigResponse) CopyFrom(src interface{}) {}
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ context.Context
-var _ grpc.ClientConn
+func (m *ListClustersRequest_Filters) CopyFrom(src interface{}) {
 
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the grpc package it is being compiled against.
-const _ = grpc.SupportPackageIsVersion4
+	o := src.(*ListClustersRequest_Filters)
+	*m = *o
+	if o.Names != nil {
+		m.Names = make([]string, len(o.Names))
+		copy(m.Names, o.Names)
+	}
 
-// Client API for Control service
+	if o.IDPrefixes != nil {
+		m.IDPrefixes = make([]string, len(o.IDPrefixes))
+		copy(m.IDPrefixes, o.IDPrefixes)
+	}
 
-type ControlClient interface {
-	GetNode(ctx context.Context, in *GetNodeRequest, opts ...grpc.CallOption) (*GetNodeResponse, error)
-	ListNodes(ctx context.Context, in *ListNodesRequest, opts ...grpc.CallOption) (*ListNodesResponse, error)
-	UpdateNode(ctx context.Context, in *UpdateNodeRequest, opts ...grpc.CallOption) (*UpdateNodeResponse, error)
-	RemoveNode(ctx context.Context, in *RemoveNodeRequest, opts ...grpc.CallOption) (*RemoveNodeResponse, error)
-	GetTask(ctx context.Context, in *GetTaskRequest, opts ...grpc.CallOption) (*GetTaskResponse, error)
-	ListTasks(ctx context.Context, in *ListTasksRequest, opts ...grpc.CallOption) (*ListTasksResponse, error)
-	RemoveTask(ctx context.Context, in *RemoveTaskRequest, opts ...grpc.CallOption) (*RemoveTaskResponse, error)
-	GetService(ctx context.Context, in *GetServiceRequest, opts ...grpc.CallOption) (*GetServiceResponse, error)
-	ListServices(ctx context.Context, in *ListServicesRequest, opts ...grpc.CallOption) (*ListServicesResponse, error)
-	CreateService(ctx context.Context, in *CreateServiceRequest, opts ...grpc.CallOption) (*CreateServiceResponse, error)
-	UpdateService(ctx context.Context, in *UpdateServiceRequest, opts ...grpc.CallOption) (*UpdateServiceResponse, error)
-	RemoveService(ctx context.Context, in *RemoveServiceRequest, opts ...grpc.CallOption) (*RemoveServiceResponse, error)
-	GetNetwork(ctx context.Context, in *GetNetworkRequest, opts ...grpc.CallOption) (*GetNetworkResponse, error)
-	ListNetworks(ctx context.Context, in *ListNetworksRequest, opts ...grpc.CallOption) (*ListNetworksResponse, error)
-	CreateNetwork(ctx context.Context, in *CreateNetworkRequest, opts ...grpc.CallOption) (*CreateNetworkResponse, error)
-	RemoveNetwork(ctx context.Context, in *RemoveNetworkRequest, opts ...grpc.CallOption) (*RemoveNetworkResponse, error)
-	GetCluster(ctx context.Context, in *GetClusterRequest, opts ...grpc.CallOption) (*GetClusterResponse, error)
-	ListClusters(ctx context.Context, in *ListClustersRequest, opts ...grpc.CallOption) (*ListClustersResponse, error)
-	UpdateCluster(ctx context.Context, in *UpdateClusterRequest, opts ...grpc.CallOption) (*UpdateClusterResponse, error)
-	// GetSecret returns a `GetSecretResponse` with a `Secret` with the same
-	// id as `GetSecretRequest.SecretID`
-	// - Returns `NotFound` if the Secret with the given id is not found.
-	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
-	// - Returns an error if getting fails.
-	GetSecret(ctx context.Context, in *GetSecretRequest, opts ...grpc.CallOption) (*GetSecretResponse, error)
-	// UpdateSecret returns a `UpdateSecretResponse` with a `Secret` with the same
-	// id as `GetSecretRequest.SecretID`
-	// - Returns `NotFound` if the Secret with the given id is not found.
-	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
-	// - Returns an error if updating fails.
-	UpdateSecret(ctx context.Context, in *UpdateSecretRequest, opts ...grpc.CallOption) (*UpdateSecretResponse, error)
-	// ListSecrets returns a `ListSecretResponse` with a list of all non-internal `Secret`s being
-	// managed, or all secrets matching any name in `ListSecretsRequest.Names`, any
-	// name prefix in `ListSecretsRequest.NamePrefixes`, any id in
-	// `ListSecretsRequest.SecretIDs`, or any id prefix in `ListSecretsRequest.IDPrefixes`.
-	// - Returns an error if listing fails.
-	ListSecrets(ctx context.Context, in *ListSecretsRequest, opts ...grpc.CallOption) (*ListSecretsResponse, error)
-	// CreateSecret creates and return a `CreateSecretResponse` with a `Secret` based
-	// on the provided `CreateSecretRequest.SecretSpec`.
-	// - Returns `InvalidArgument` if the `CreateSecretRequest.SecretSpec` is malformed,
-	//   or if the secret data is too long or contains invalid characters.
-	// - Returns an error if the creation fails.
-	CreateSecret(ctx context.Context, in *CreateSecretRequest, opts ...grpc.CallOption) (*CreateSecretResponse, error)
-	// RemoveSecret removes the secret referenced by `RemoveSecretRequest.ID`.
-	// - Returns `InvalidArgument` if `RemoveSecretRequest.ID` is empty.
-	// - Returns `NotFound` if the a secret named `RemoveSecretRequest.ID` is not found.
-	// - Returns an error if the deletion fails.
-	RemoveSecret(ctx context.Context, in *RemoveSecretRequest, opts ...grpc.CallOption) (*RemoveSecretResponse, error)
-	// GetConfig returns a `GetConfigResponse` with a `Config` with the same
-	// id as `GetConfigRequest.ConfigID`
-	// - Returns `NotFound` if the Config with the given id is not found.
-	// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
-	// - Returns an error if getting fails.
-	GetConfig(ctx context.Context, in *GetConfigRequest, opts ...grpc.CallOption) (*GetConfigResponse, error)
-	// UpdateConfig returns a `UpdateConfigResponse` with a `Config` with the same
-	// id as `GetConfigRequest.ConfigID`
-	// - Returns `NotFound` if the Config with the given id is not found.
-	// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
-	// - Returns an error if updating fails.
-	UpdateConfig(ctx context.Context, in *UpdateConfigRequest, opts ...grpc.CallOption) (*UpdateConfigResponse, error)
-	// ListConfigs returns a `ListConfigResponse` with a list of `Config`s being
-	// managed, or all configs matching any name in `ListConfigsRequest.Names`, any
-	// name prefix in `ListConfigsRequest.NamePrefixes`, any id in
-	// `ListConfigsRequest.ConfigIDs`, or any id prefix in `ListConfigsRequest.IDPrefixes`.
-	// - Returns an error if listing fails.
-	ListConfigs(ctx context.Context, in *ListConfigsRequest, opts ...grpc.CallOption) (*ListConfigsResponse, error)
-	// CreateConfig creates and return a `CreateConfigResponse` with a `Config` based
-	// on the provided `CreateConfigRequest.ConfigSpec`.
-	// - Returns `InvalidArgument` if the `CreateConfigRequest.ConfigSpec` is malformed,
-	//   or if the config data is too long or contains invalid characters.
-	// - Returns an error if the creation fails.
-	CreateConfig(ctx context.Context, in *CreateConfigRequest, opts ...grpc.CallOption) (*CreateConfigResponse, error)
-	// RemoveConfig removes the config referenced by `RemoveConfigRequest.ID`.
-	// - Returns `InvalidArgument` if `RemoveConfigRequest.ID` is empty.
-	// - Returns `NotFound` if the a config named `RemoveConfigRequest.ID` is not found.
-	// - Returns an error if the deletion fails.
-	RemoveConfig(ctx context.Context, in *RemoveConfigRequest, opts ...grpc.CallOption) (*RemoveConfigResponse, error)
-}
+	if o.Labels != nil {
+		m.Labels = make(map[string]string, len(o.Labels))
+		for k, v := range o.Labels {
+			m.Labels[k] = v
+		}
+	}
 
-type controlClient struct {
-	cc *grpc.ClientConn
-}
+	if o.NamePrefixes != nil {
+		m.NamePrefixes = make([]string, len(o.NamePrefixes))
+		copy(m.NamePrefixes, o.NamePrefixes)
+	}
 
-func NewControlClient(cc *grpc.ClientConn) ControlClient {
-	return &controlClient{cc}
 }
 
-func (c *controlClient) GetNode(ctx context.Context, in *GetNodeRequest, opts ...grpc.CallOption) (*GetNodeResponse, error) {
-	out := new(GetNodeResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetNode", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *ListClustersResponse) Copy() *ListClustersResponse {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &ListClustersResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) ListNodes(ctx context.Context, in *ListNodesRequest, opts ...grpc.CallOption) (*ListNodesResponse, error) {
-	out := new(ListNodesResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListNodes", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *ListClustersResponse) CopyFrom(src interface{}) {
+
+	o := src.(*ListClustersResponse)
+	*m = *o
+	if o.Clusters != nil {
+		m.Clusters = make([]*Cluster, len(o.Clusters))
+		for i := range m.Clusters {
+			m.Clusters[i] = &Cluster{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Clusters[i], o.Clusters[i])
+		}
 	}
-	return out, nil
+
 }
 
-func (c *controlClient) UpdateNode(ctx context.Context, in *UpdateNodeRequest, opts ...grpc.CallOption) (*UpdateNodeResponse, error) {
-	out := new(UpdateNodeResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateNode", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *KeyRotation) Copy() *KeyRotation {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &KeyRotation{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) RemoveNode(ctx context.Context, in *RemoveNodeRequest, opts ...grpc.CallOption) (*RemoveNodeResponse, error) {
-	out := new(RemoveNodeResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveNode", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
+func (m *KeyRotation) CopyFrom(src interface{}) {
+
+	o := src.(*KeyRotation)
+	*m = *o
 }
 
-func (c *controlClient) GetTask(ctx context.Context, in *GetTaskRequest, opts ...grpc.CallOption) (*GetTaskResponse, error) {
-	out := new(GetTaskResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetTask", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *UpdateClusterRequest) Copy() *UpdateClusterRequest {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &UpdateClusterRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) ListTasks(ctx context.Context, in *ListTasksRequest, opts ...grpc.CallOption) (*ListTasksResponse, error) {
-	out := new(ListTasksResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListTasks", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *UpdateClusterRequest) CopyFrom(src interface{}) {
+
+	o := src.(*UpdateClusterRequest)
+	*m = *o
+	if o.ClusterVersion != nil {
+		m.ClusterVersion = &Version{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.ClusterVersion, o.ClusterVersion)
 	}
-	return out, nil
+	if o.Spec != nil {
+		m.Spec = &ClusterSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
+	}
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Rotation, &o.Rotation)
 }
 
-func (c *controlClient) RemoveTask(ctx context.Context, in *RemoveTaskRequest, opts ...grpc.CallOption) (*RemoveTaskResponse, error) {
-	out := new(RemoveTaskResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveTask", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *UpdateClusterResponse) Copy() *UpdateClusterResponse {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &UpdateClusterResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) GetService(ctx context.Context, in *GetServiceRequest, opts ...grpc.CallOption) (*GetServiceResponse, error) {
-	out := new(GetServiceResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetService", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *UpdateClusterResponse) CopyFrom(src interface{}) {
+
+	o := src.(*UpdateClusterResponse)
+	*m = *o
+	if o.Cluster != nil {
+		m.Cluster = &Cluster{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Cluster, o.Cluster)
 	}
-	return out, nil
 }
 
-func (c *controlClient) ListServices(ctx context.Context, in *ListServicesRequest, opts ...grpc.CallOption) (*ListServicesResponse, error) {
-	out := new(ListServicesResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListServices", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *GetSecretRequest) Copy() *GetSecretRequest {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &GetSecretRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) CreateService(ctx context.Context, in *CreateServiceRequest, opts ...grpc.CallOption) (*CreateServiceResponse, error) {
-	out := new(CreateServiceResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateService", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
+func (m *GetSecretRequest) CopyFrom(src interface{}) {
+
+	o := src.(*GetSecretRequest)
+	*m = *o
 }
 
-func (c *controlClient) UpdateService(ctx context.Context, in *UpdateServiceRequest, opts ...grpc.CallOption) (*UpdateServiceResponse, error) {
-	out := new(UpdateServiceResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateService", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *GetSecretResponse) Copy() *GetSecretResponse {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &GetSecretResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) RemoveService(ctx context.Context, in *RemoveServiceRequest, opts ...grpc.CallOption) (*RemoveServiceResponse, error) {
-	out := new(RemoveServiceResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveService", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *GetSecretResponse) CopyFrom(src interface{}) {
+
+	o := src.(*GetSecretResponse)
+	*m = *o
+	if o.Secret != nil {
+		m.Secret = &Secret{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Secret, o.Secret)
 	}
-	return out, nil
 }
 
-func (c *controlClient) GetNetwork(ctx context.Context, in *GetNetworkRequest, opts ...grpc.CallOption) (*GetNetworkResponse, error) {
-	out := new(GetNetworkResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetNetwork", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *UpdateSecretRequest) Copy() *UpdateSecretRequest {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &UpdateSecretRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) ListNetworks(ctx context.Context, in *ListNetworksRequest, opts ...grpc.CallOption) (*ListNetworksResponse, error) {
-	out := new(ListNetworksResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListNetworks", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *UpdateSecretRequest) CopyFrom(src interface{}) {
+
+	o := src.(*UpdateSecretRequest)
+	*m = *o
+	if o.SecretVersion != nil {
+		m.SecretVersion = &Version{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.SecretVersion, o.SecretVersion)
+	}
+	if o.Spec != nil {
+		m.Spec = &SecretSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
 	}
-	return out, nil
 }
 
-func (c *controlClient) CreateNetwork(ctx context.Context, in *CreateNetworkRequest, opts ...grpc.CallOption) (*CreateNetworkResponse, error) {
-	out := new(CreateNetworkResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateNetwork", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *UpdateSecretResponse) Copy() *UpdateSecretResponse {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &UpdateSecretResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) RemoveNetwork(ctx context.Context, in *RemoveNetworkRequest, opts ...grpc.CallOption) (*RemoveNetworkResponse, error) {
-	out := new(RemoveNetworkResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveNetwork", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *UpdateSecretResponse) CopyFrom(src interface{}) {
+
+	o := src.(*UpdateSecretResponse)
+	*m = *o
+	if o.Secret != nil {
+		m.Secret = &Secret{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Secret, o.Secret)
 	}
-	return out, nil
 }
 
-func (c *controlClient) GetCluster(ctx context.Context, in *GetClusterRequest, opts ...grpc.CallOption) (*GetClusterResponse, error) {
-	out := new(GetClusterResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetCluster", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *ListSecretsRequest) Copy() *ListSecretsRequest {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &ListSecretsRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) ListClusters(ctx context.Context, in *ListClustersRequest, opts ...grpc.CallOption) (*ListClustersResponse, error) {
-	out := new(ListClustersResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListClusters", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *ListSecretsRequest) CopyFrom(src interface{}) {
+
+	o := src.(*ListSecretsRequest)
+	*m = *o
+	if o.Filters != nil {
+		m.Filters = &ListSecretsRequest_Filters{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters, o.Filters)
 	}
-	return out, nil
 }
 
-func (c *controlClient) UpdateCluster(ctx context.Context, in *UpdateClusterRequest, opts ...grpc.CallOption) (*UpdateClusterResponse, error) {
-	out := new(UpdateClusterResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateCluster", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *ListSecretsRequest_Filters) Copy() *ListSecretsRequest_Filters {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &ListSecretsRequest_Filters{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) GetSecret(ctx context.Context, in *GetSecretRequest, opts ...grpc.CallOption) (*GetSecretResponse, error) {
-	out := new(GetSecretResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetSecret", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *ListSecretsRequest_Filters) CopyFrom(src interface{}) {
+
+	o := src.(*ListSecretsRequest_Filters)
+	*m = *o
+	if o.Names != nil {
+		m.Names = make([]string, len(o.Names))
+		copy(m.Names, o.Names)
 	}
-	return out, nil
-}
 
-func (c *controlClient) UpdateSecret(ctx context.Context, in *UpdateSecretRequest, opts ...grpc.CallOption) (*UpdateSecretResponse, error) {
-	out := new(UpdateSecretResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateSecret", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+	if o.IDPrefixes != nil {
+		m.IDPrefixes = make([]string, len(o.IDPrefixes))
+		copy(m.IDPrefixes, o.IDPrefixes)
 	}
-	return out, nil
-}
 
-func (c *controlClient) ListSecrets(ctx context.Context, in *ListSecretsRequest, opts ...grpc.CallOption) (*ListSecretsResponse, error) {
-	out := new(ListSecretsResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListSecrets", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+	if o.Labels != nil {
+		m.Labels = make(map[string]string, len(o.Labels))
+		for k, v := range o.Labels {
+			m.Labels[k] = v
+		}
 	}
-	return out, nil
+
+	if o.NamePrefixes != nil {
+		m.NamePrefixes = make([]string, len(o.NamePrefixes))
+		copy(m.NamePrefixes, o.NamePrefixes)
+	}
+
 }
 
-func (c *controlClient) CreateSecret(ctx context.Context, in *CreateSecretRequest, opts ...grpc.CallOption) (*CreateSecretResponse, error) {
-	out := new(CreateSecretResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateSecret", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *ListSecretsResponse) Copy() *ListSecretsResponse {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &ListSecretsResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) RemoveSecret(ctx context.Context, in *RemoveSecretRequest, opts ...grpc.CallOption) (*RemoveSecretResponse, error) {
-	out := new(RemoveSecretResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveSecret", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *ListSecretsResponse) CopyFrom(src interface{}) {
+
+	o := src.(*ListSecretsResponse)
+	*m = *o
+	if o.Secrets != nil {
+		m.Secrets = make([]*Secret, len(o.Secrets))
+		for i := range m.Secrets {
+			m.Secrets[i] = &Secret{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Secrets[i], o.Secrets[i])
+		}
 	}
-	return out, nil
+
 }
 
-func (c *controlClient) GetConfig(ctx context.Context, in *GetConfigRequest, opts ...grpc.CallOption) (*GetConfigResponse, error) {
-	out := new(GetConfigResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetConfig", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *CreateSecretRequest) Copy() *CreateSecretRequest {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &CreateSecretRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) UpdateConfig(ctx context.Context, in *UpdateConfigRequest, opts ...grpc.CallOption) (*UpdateConfigResponse, error) {
-	out := new(UpdateConfigResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateConfig", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *CreateSecretRequest) CopyFrom(src interface{}) {
+
+	o := src.(*CreateSecretRequest)
+	*m = *o
+	if o.Spec != nil {
+		m.Spec = &SecretSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
 	}
-	return out, nil
 }
 
-func (c *controlClient) ListConfigs(ctx context.Context, in *ListConfigsRequest, opts ...grpc.CallOption) (*ListConfigsResponse, error) {
-	out := new(ListConfigsResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListConfigs", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *CreateSecretResponse) Copy() *CreateSecretResponse {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &CreateSecretResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func (c *controlClient) CreateConfig(ctx context.Context, in *CreateConfigRequest, opts ...grpc.CallOption) (*CreateConfigResponse, error) {
-	out := new(CreateConfigResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateConfig", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *CreateSecretResponse) CopyFrom(src interface{}) {
+
+	o := src.(*CreateSecretResponse)
+	*m = *o
+	if o.Secret != nil {
+		m.Secret = &Secret{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Secret, o.Secret)
 	}
-	return out, nil
 }
 
-func (c *controlClient) RemoveConfig(ctx context.Context, in *RemoveConfigRequest, opts ...grpc.CallOption) (*RemoveConfigResponse, error) {
-	out := new(RemoveConfigResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveConfig", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *RemoveSecretRequest) Copy() *RemoveSecretRequest {
+	if m == nil {
+		return nil
 	}
-	return out, nil
+	o := &RemoveSecretRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-// Server API for Control service
+func (m *RemoveSecretRequest) CopyFrom(src interface{}) {
 
-type ControlServer interface {
-	GetNode(context.Context, *GetNodeRequest) (*GetNodeResponse, error)
-	ListNodes(context.Context, *ListNodesRequest) (*ListNodesResponse, error)
-	UpdateNode(context.Context, *UpdateNodeRequest) (*UpdateNodeResponse, error)
-	RemoveNode(context.Context, *RemoveNodeRequest) (*RemoveNodeResponse, error)
-	GetTask(context.Context, *GetTaskRequest) (*GetTaskResponse, error)
-	ListTasks(context.Context, *ListTasksRequest) (*ListTasksResponse, error)
-	RemoveTask(context.Context, *RemoveTaskRequest) (*RemoveTaskResponse, error)
-	GetService(context.Context, *GetServiceRequest) (*GetServiceResponse, error)
-	ListServices(context.Context, *ListServicesRequest) (*ListServicesResponse, error)
-	CreateService(context.Context, *CreateServiceRequest) (*CreateServiceResponse, error)
-	UpdateService(context.Context, *UpdateServiceRequest) (*UpdateServiceResponse, error)
-	RemoveService(context.Context, *RemoveServiceRequest) (*RemoveServiceResponse, error)
-	GetNetwork(context.Context, *GetNetworkRequest) (*GetNetworkResponse, error)
-	ListNetworks(context.Context, *ListNetworksRequest) (*ListNetworksResponse, error)
-	CreateNetwork(context.Context, *CreateNetworkRequest) (*CreateNetworkResponse, error)
-	RemoveNetwork(context.Context, *RemoveNetworkRequest) (*RemoveNetworkResponse, error)
-	GetCluster(context.Context, *GetClusterRequest) (*GetClusterResponse, error)
-	ListClusters(context.Context, *ListClustersRequest) (*ListClustersResponse, error)
-	UpdateCluster(context.Context, *UpdateClusterRequest) (*UpdateClusterResponse, error)
-	// GetSecret returns a `GetSecretResponse` with a `Secret` with the same
-	// id as `GetSecretRequest.SecretID`
-	// - Returns `NotFound` if the Secret with the given id is not found.
-	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
-	// - Returns an error if getting fails.
-	GetSecret(context.Context, *GetSecretRequest) (*GetSecretResponse, error)
-	// UpdateSecret returns a `UpdateSecretResponse` with a `Secret` with the same
-	// id as `GetSecretRequest.SecretID`
-	// - Returns `NotFound` if the Secret with the given id is not found.
-	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
-	// - Returns an error if updating fails.
-	UpdateSecret(context.Context, *UpdateSecretRequest) (*UpdateSecretResponse, error)
-	// ListSecrets returns a `ListSecretResponse` with a list of all non-internal `Secret`s being
-	// managed, or all secrets matching any name in `ListSecretsRequest.Names`, any
-	// name prefix in `ListSecretsRequest.NamePrefixes`, any id in
-	// `ListSecretsRequest.SecretIDs`, or any id prefix in `ListSecretsRequest.IDPrefixes`.
-	// - Returns an error if listing fails.
-	ListSecrets(context.Context, *ListSecretsRequest) (*ListSecretsResponse, error)
-	// CreateSecret creates and return a `CreateSecretResponse` with a `Secret` based
-	// on the provided `CreateSecretRequest.SecretSpec`.
-	// - Returns `InvalidArgument` if the `CreateSecretRequest.SecretSpec` is malformed,
-	//   or if the secret data is too long or contains invalid characters.
-	// - Returns an error if the creation fails.
-	CreateSecret(context.Context, *CreateSecretRequest) (*CreateSecretResponse, error)
-	// RemoveSecret removes the secret referenced by `RemoveSecretRequest.ID`.
-	// - Returns `InvalidArgument` if `RemoveSecretRequest.ID` is empty.
-	// - Returns `NotFound` if the a secret named `RemoveSecretRequest.ID` is not found.
-	// - Returns an error if the deletion fails.
-	RemoveSecret(context.Context, *RemoveSecretRequest) (*RemoveSecretResponse, error)
-	// GetConfig returns a `GetConfigResponse` with a `Config` with the same
-	// id as `GetConfigRequest.ConfigID`
-	// - Returns `NotFound` if the Config with the given id is not found.
-	// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
-	// - Returns an error if getting fails.
-	GetConfig(context.Context, *GetConfigRequest) (*GetConfigResponse, error)
-	// UpdateConfig returns a `UpdateConfigResponse` with a `Config` with the same
-	// id as `GetConfigRequest.ConfigID`
-	// - Returns `NotFound` if the Config with the given id is not found.
-	// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
-	// - Returns an error if updating fails.
-	UpdateConfig(context.Context, *UpdateConfigRequest) (*UpdateConfigResponse, error)
-	// ListConfigs returns a `ListConfigResponse` with a list of `Config`s being
-	// managed, or all configs matching any name in `ListConfigsRequest.Names`, any
-	// name prefix in `ListConfigsRequest.NamePrefixes`, any id in
-	// `ListConfigsRequest.ConfigIDs`, or any id prefix in `ListConfigsRequest.IDPrefixes`.
-	// - Returns an error if listing fails.
-	ListConfigs(context.Context, *ListConfigsRequest) (*ListConfigsResponse, error)
-	// CreateConfig creates and return a `CreateConfigResponse` with a `Config` based
-	// on the provided `CreateConfigRequest.ConfigSpec`.
-	// - Returns `InvalidArgument` if the `CreateConfigRequest.ConfigSpec` is malformed,
-	//   or if the config data is too long or contains invalid characters.
-	// - Returns an error if the creation fails.
-	CreateConfig(context.Context, *CreateConfigRequest) (*CreateConfigResponse, error)
-	// RemoveConfig removes the config referenced by `RemoveConfigRequest.ID`.
-	// - Returns `InvalidArgument` if `RemoveConfigRequest.ID` is empty.
-	// - Returns `NotFound` if the a config named `RemoveConfigRequest.ID` is not found.
-	// - Returns an error if the deletion fails.
-	RemoveConfig(context.Context, *RemoveConfigRequest) (*RemoveConfigResponse, error)
+	o := src.(*RemoveSecretRequest)
+	*m = *o
 }
 
-func RegisterControlServer(s *grpc.Server, srv ControlServer) {
-	s.RegisterService(&_Control_serviceDesc, srv)
+func (m *RemoveSecretResponse) Copy() *RemoveSecretResponse {
+	if m == nil {
+		return nil
+	}
+	o := &RemoveSecretResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_GetNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetNodeRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).GetNode(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/GetNode",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).GetNode(ctx, req.(*GetNodeRequest))
+func (m *RemoveSecretResponse) CopyFrom(src interface{}) {}
+func (m *GetConfigRequest) Copy() *GetConfigRequest {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &GetConfigRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_ListNodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ListNodesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).ListNodes(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/ListNodes",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).ListNodes(ctx, req.(*ListNodesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
+func (m *GetConfigRequest) CopyFrom(src interface{}) {
+
+	o := src.(*GetConfigRequest)
+	*m = *o
 }
 
-func _Control_UpdateNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(UpdateNodeRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).UpdateNode(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/UpdateNode",
+func (m *GetConfigResponse) Copy() *GetConfigResponse {
+	if m == nil {
+		return nil
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).UpdateNode(ctx, req.(*UpdateNodeRequest))
+	o := &GetConfigResponse{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *GetConfigResponse) CopyFrom(src interface{}) {
+
+	o := src.(*GetConfigResponse)
+	*m = *o
+	if o.Config != nil {
+		m.Config = &Config{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Config, o.Config)
 	}
-	return interceptor(ctx, in, info, handler)
 }
 
-func _Control_RemoveNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RemoveNodeRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *UpdateConfigRequest) Copy() *UpdateConfigRequest {
+	if m == nil {
+		return nil
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).RemoveNode(ctx, in)
+	o := &UpdateConfigRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *UpdateConfigRequest) CopyFrom(src interface{}) {
+
+	o := src.(*UpdateConfigRequest)
+	*m = *o
+	if o.ConfigVersion != nil {
+		m.ConfigVersion = &Version{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.ConfigVersion, o.ConfigVersion)
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/RemoveNode",
+	if o.Spec != nil {
+		m.Spec = &ConfigSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).RemoveNode(ctx, req.(*RemoveNodeRequest))
+}
+
+func (m *UpdateConfigResponse) Copy() *UpdateConfigResponse {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &UpdateConfigResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_GetTask_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetTaskRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *UpdateConfigResponse) CopyFrom(src interface{}) {
+
+	o := src.(*UpdateConfigResponse)
+	*m = *o
+	if o.Config != nil {
+		m.Config = &Config{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Config, o.Config)
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).GetTask(ctx, in)
+}
+
+func (m *ListConfigsRequest) Copy() *ListConfigsRequest {
+	if m == nil {
+		return nil
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/GetTask",
+	o := &ListConfigsRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *ListConfigsRequest) CopyFrom(src interface{}) {
+
+	o := src.(*ListConfigsRequest)
+	*m = *o
+	if o.Filters != nil {
+		m.Filters = &ListConfigsRequest_Filters{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters, o.Filters)
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).GetTask(ctx, req.(*GetTaskRequest))
+}
+
+func (m *ListConfigsRequest_Filters) Copy() *ListConfigsRequest_Filters {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &ListConfigsRequest_Filters{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_ListTasks_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ListTasksRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *ListConfigsRequest_Filters) CopyFrom(src interface{}) {
+
+	o := src.(*ListConfigsRequest_Filters)
+	*m = *o
+	if o.Names != nil {
+		m.Names = make([]string, len(o.Names))
+		copy(m.Names, o.Names)
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).ListTasks(ctx, in)
+
+	if o.IDPrefixes != nil {
+		m.IDPrefixes = make([]string, len(o.IDPrefixes))
+		copy(m.IDPrefixes, o.IDPrefixes)
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/ListTasks",
+
+	if o.Labels != nil {
+		m.Labels = make(map[string]string, len(o.Labels))
+		for k, v := range o.Labels {
+			m.Labels[k] = v
+		}
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).ListTasks(ctx, req.(*ListTasksRequest))
+
+	if o.NamePrefixes != nil {
+		m.NamePrefixes = make([]string, len(o.NamePrefixes))
+		copy(m.NamePrefixes, o.NamePrefixes)
 	}
-	return interceptor(ctx, in, info, handler)
+
 }
 
-func _Control_RemoveTask_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RemoveTaskRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *ListConfigsResponse) Copy() *ListConfigsResponse {
+	if m == nil {
+		return nil
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).RemoveTask(ctx, in)
+	o := &ListConfigsResponse{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *ListConfigsResponse) CopyFrom(src interface{}) {
+
+	o := src.(*ListConfigsResponse)
+	*m = *o
+	if o.Configs != nil {
+		m.Configs = make([]*Config, len(o.Configs))
+		for i := range m.Configs {
+			m.Configs[i] = &Config{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Configs[i], o.Configs[i])
+		}
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/RemoveTask",
+
+}
+
+func (m *CreateConfigRequest) Copy() *CreateConfigRequest {
+	if m == nil {
+		return nil
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).RemoveTask(ctx, req.(*RemoveTaskRequest))
+	o := &CreateConfigRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *CreateConfigRequest) CopyFrom(src interface{}) {
+
+	o := src.(*CreateConfigRequest)
+	*m = *o
+	if o.Spec != nil {
+		m.Spec = &ConfigSpec{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
 	}
-	return interceptor(ctx, in, info, handler)
 }
 
-func _Control_GetService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetServiceRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *CreateConfigResponse) Copy() *CreateConfigResponse {
+	if m == nil {
+		return nil
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).GetService(ctx, in)
+	o := &CreateConfigResponse{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *CreateConfigResponse) CopyFrom(src interface{}) {
+
+	o := src.(*CreateConfigResponse)
+	*m = *o
+	if o.Config != nil {
+		m.Config = &Config{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Config, o.Config)
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/GetService",
+}
+
+func (m *RemoveConfigRequest) Copy() *RemoveConfigRequest {
+	if m == nil {
+		return nil
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).GetService(ctx, req.(*GetServiceRequest))
+	o := &RemoveConfigRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *RemoveConfigRequest) CopyFrom(src interface{}) {
+
+	o := src.(*RemoveConfigRequest)
+	*m = *o
+}
+
+func (m *RemoveConfigResponse) Copy() *RemoveConfigResponse {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &RemoveConfigResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_ListServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ListServicesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *RemoveConfigResponse) CopyFrom(src interface{}) {}
+func (m *CreateExtensionRequest) Copy() *CreateExtensionRequest {
+	if m == nil {
+		return nil
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).ListServices(ctx, in)
+	o := &CreateExtensionRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *CreateExtensionRequest) CopyFrom(src interface{}) {
+
+	o := src.(*CreateExtensionRequest)
+	*m = *o
+	if o.Annotations != nil {
+		m.Annotations = &Annotations{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Annotations, o.Annotations)
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/ListServices",
+}
+
+func (m *CreateExtensionResponse) Copy() *CreateExtensionResponse {
+	if m == nil {
+		return nil
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).ListServices(ctx, req.(*ListServicesRequest))
+	o := &CreateExtensionResponse{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *CreateExtensionResponse) CopyFrom(src interface{}) {
+
+	o := src.(*CreateExtensionResponse)
+	*m = *o
+	if o.Extension != nil {
+		m.Extension = &Extension{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Extension, o.Extension)
 	}
-	return interceptor(ctx, in, info, handler)
 }
 
-func _Control_CreateService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CreateServiceRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *RemoveExtensionRequest) Copy() *RemoveExtensionRequest {
+	if m == nil {
+		return nil
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).CreateService(ctx, in)
+	o := &RemoveExtensionRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *RemoveExtensionRequest) CopyFrom(src interface{}) {
+
+	o := src.(*RemoveExtensionRequest)
+	*m = *o
+}
+
+func (m *RemoveExtensionResponse) Copy() *RemoveExtensionResponse {
+	if m == nil {
+		return nil
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/CreateService",
+	o := &RemoveExtensionResponse{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *RemoveExtensionResponse) CopyFrom(src interface{}) {}
+func (m *GetExtensionRequest) Copy() *GetExtensionRequest {
+	if m == nil {
+		return nil
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).CreateService(ctx, req.(*CreateServiceRequest))
+	o := &GetExtensionRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *GetExtensionRequest) CopyFrom(src interface{}) {
+
+	o := src.(*GetExtensionRequest)
+	*m = *o
+}
+
+func (m *GetExtensionResponse) Copy() *GetExtensionResponse {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &GetExtensionResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_UpdateService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(UpdateServiceRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *GetExtensionResponse) CopyFrom(src interface{}) {
+
+	o := src.(*GetExtensionResponse)
+	*m = *o
+	if o.Extension != nil {
+		m.Extension = &Extension{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Extension, o.Extension)
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).UpdateService(ctx, in)
+}
+
+func (m *CreateResourceRequest) Copy() *CreateResourceRequest {
+	if m == nil {
+		return nil
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/UpdateService",
+	o := &CreateResourceRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *CreateResourceRequest) CopyFrom(src interface{}) {
+
+	o := src.(*CreateResourceRequest)
+	*m = *o
+	if o.Annotations != nil {
+		m.Annotations = &Annotations{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Annotations, o.Annotations)
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).UpdateService(ctx, req.(*UpdateServiceRequest))
+	if o.Payload != nil {
+		m.Payload = &types.Any{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Payload, o.Payload)
 	}
-	return interceptor(ctx, in, info, handler)
 }
 
-func _Control_RemoveService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RemoveServiceRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *CreateResourceResponse) Copy() *CreateResourceResponse {
+	if m == nil {
+		return nil
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).RemoveService(ctx, in)
+	o := &CreateResourceResponse{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *CreateResourceResponse) CopyFrom(src interface{}) {
+
+	o := src.(*CreateResourceResponse)
+	*m = *o
+	if o.Resource != nil {
+		m.Resource = &Resource{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Resource, o.Resource)
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/RemoveService",
+}
+
+func (m *RemoveResourceRequest) Copy() *RemoveResourceRequest {
+	if m == nil {
+		return nil
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).RemoveService(ctx, req.(*RemoveServiceRequest))
+	o := &RemoveResourceRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *RemoveResourceRequest) CopyFrom(src interface{}) {
+
+	o := src.(*RemoveResourceRequest)
+	*m = *o
+}
+
+func (m *RemoveResourceResponse) Copy() *RemoveResourceResponse {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &RemoveResourceResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_GetNetwork_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetNetworkRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *RemoveResourceResponse) CopyFrom(src interface{}) {}
+func (m *UpdateResourceRequest) Copy() *UpdateResourceRequest {
+	if m == nil {
+		return nil
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).GetNetwork(ctx, in)
+	o := &UpdateResourceRequest{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *UpdateResourceRequest) CopyFrom(src interface{}) {
+
+	o := src.(*UpdateResourceRequest)
+	*m = *o
+	if o.ResourceVersion != nil {
+		m.ResourceVersion = &Version{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.ResourceVersion, o.ResourceVersion)
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/GetNetwork",
+	if o.Annotations != nil {
+		m.Annotations = &Annotations{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Annotations, o.Annotations)
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).GetNetwork(ctx, req.(*GetNetworkRequest))
+	if o.Payload != nil {
+		m.Payload = &types.Any{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Payload, o.Payload)
 	}
-	return interceptor(ctx, in, info, handler)
 }
 
-func _Control_ListNetworks_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ListNetworksRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).ListNetworks(ctx, in)
+func (m *UpdateResourceResponse) Copy() *UpdateResourceResponse {
+	if m == nil {
+		return nil
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/ListNetworks",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).ListNetworks(ctx, req.(*ListNetworksRequest))
-	}
-	return interceptor(ctx, in, info, handler)
+	o := &UpdateResourceResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_CreateNetwork_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CreateNetworkRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).CreateNetwork(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/CreateNetwork",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).CreateNetwork(ctx, req.(*CreateNetworkRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
+func (m *UpdateResourceResponse) CopyFrom(src interface{}) {
 
-func _Control_RemoveNetwork_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RemoveNetworkRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).RemoveNetwork(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/RemoveNetwork",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).RemoveNetwork(ctx, req.(*RemoveNetworkRequest))
+	o := src.(*UpdateResourceResponse)
+	*m = *o
+	if o.Resource != nil {
+		m.Resource = &Resource{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Resource, o.Resource)
 	}
-	return interceptor(ctx, in, info, handler)
 }
 
-func _Control_GetCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetClusterRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).GetCluster(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/GetCluster",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).GetCluster(ctx, req.(*GetClusterRequest))
+func (m *GetResourceRequest) Copy() *GetResourceRequest {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &GetResourceRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_ListClusters_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ListClustersRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).ListClusters(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/ListClusters",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).ListClusters(ctx, req.(*ListClustersRequest))
-	}
-	return interceptor(ctx, in, info, handler)
+func (m *GetResourceRequest) CopyFrom(src interface{}) {
+
+	o := src.(*GetResourceRequest)
+	*m = *o
 }
 
-func _Control_UpdateCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(UpdateClusterRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).UpdateCluster(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/UpdateCluster",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).UpdateCluster(ctx, req.(*UpdateClusterRequest))
+func (m *GetResourceResponse) Copy() *GetResourceResponse {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &GetResourceResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_GetSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetSecretRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).GetSecret(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/GetSecret",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).GetSecret(ctx, req.(*GetSecretRequest))
+func (m *GetResourceResponse) CopyFrom(src interface{}) {
+
+	o := src.(*GetResourceResponse)
+	*m = *o
+	if o.Resource != nil {
+		m.Resource = &Resource{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Resource, o.Resource)
 	}
-	return interceptor(ctx, in, info, handler)
 }
 
-func _Control_UpdateSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(UpdateSecretRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).UpdateSecret(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/UpdateSecret",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).UpdateSecret(ctx, req.(*UpdateSecretRequest))
+func (m *ListResourcesRequest) Copy() *ListResourcesRequest {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &ListResourcesRequest{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_ListSecrets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ListSecretsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).ListSecrets(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/ListSecrets",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).ListSecrets(ctx, req.(*ListSecretsRequest))
+func (m *ListResourcesRequest) CopyFrom(src interface{}) {
+
+	o := src.(*ListResourcesRequest)
+	*m = *o
+	if o.Filters != nil {
+		m.Filters = &ListResourcesRequest_Filters{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters, o.Filters)
 	}
-	return interceptor(ctx, in, info, handler)
 }
 
-func _Control_CreateSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CreateSecretRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).CreateSecret(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/CreateSecret",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).CreateSecret(ctx, req.(*CreateSecretRequest))
+func (m *ListResourcesRequest_Filters) Copy() *ListResourcesRequest_Filters {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &ListResourcesRequest_Filters{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_RemoveSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RemoveSecretRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *ListResourcesRequest_Filters) CopyFrom(src interface{}) {
+
+	o := src.(*ListResourcesRequest_Filters)
+	*m = *o
+	if o.Names != nil {
+		m.Names = make([]string, len(o.Names))
+		copy(m.Names, o.Names)
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).RemoveSecret(ctx, in)
+
+	if o.IDPrefixes != nil {
+		m.IDPrefixes = make([]string, len(o.IDPrefixes))
+		copy(m.IDPrefixes, o.IDPrefixes)
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/RemoveSecret",
+
+	if o.Labels != nil {
+		m.Labels = make(map[string]string, len(o.Labels))
+		for k, v := range o.Labels {
+			m.Labels[k] = v
+		}
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).RemoveSecret(ctx, req.(*RemoveSecretRequest))
+
+	if o.NamePrefixes != nil {
+		m.NamePrefixes = make([]string, len(o.NamePrefixes))
+		copy(m.NamePrefixes, o.NamePrefixes)
 	}
-	return interceptor(ctx, in, info, handler)
+
 }
 
-func _Control_GetConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetConfigRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).GetConfig(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/GetConfig",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).GetConfig(ctx, req.(*GetConfigRequest))
+func (m *ListResourcesResponse) Copy() *ListResourcesResponse {
+	if m == nil {
+		return nil
 	}
-	return interceptor(ctx, in, info, handler)
+	o := &ListResourcesResponse{}
+	o.CopyFrom(m)
+	return o
 }
 
-func _Control_UpdateConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(UpdateConfigRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).UpdateConfig(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/UpdateConfig",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).UpdateConfig(ctx, req.(*UpdateConfigRequest))
+func (m *ListResourcesResponse) CopyFrom(src interface{}) {
+
+	o := src.(*ListResourcesResponse)
+	*m = *o
+	if o.Resources != nil {
+		m.Resources = make([]*Resource, len(o.Resources))
+		for i := range m.Resources {
+			m.Resources[i] = &Resource{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Resources[i], o.Resources[i])
+		}
 	}
-	return interceptor(ctx, in, info, handler)
+
 }
 
-func _Control_ListConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ListConfigsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ControlServer).ListConfigs(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/ListConfigs",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).ListConfigs(ctx, req.(*ListConfigsRequest))
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// ControlClient is the client API for Control service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type ControlClient interface {
+	GetNode(ctx context.Context, in *GetNodeRequest, opts ...grpc.CallOption) (*GetNodeResponse, error)
+	ListNodes(ctx context.Context, in *ListNodesRequest, opts ...grpc.CallOption) (*ListNodesResponse, error)
+	UpdateNode(ctx context.Context, in *UpdateNodeRequest, opts ...grpc.CallOption) (*UpdateNodeResponse, error)
+	RemoveNode(ctx context.Context, in *RemoveNodeRequest, opts ...grpc.CallOption) (*RemoveNodeResponse, error)
+	GetTask(ctx context.Context, in *GetTaskRequest, opts ...grpc.CallOption) (*GetTaskResponse, error)
+	ListTasks(ctx context.Context, in *ListTasksRequest, opts ...grpc.CallOption) (*ListTasksResponse, error)
+	RemoveTask(ctx context.Context, in *RemoveTaskRequest, opts ...grpc.CallOption) (*RemoveTaskResponse, error)
+	GetService(ctx context.Context, in *GetServiceRequest, opts ...grpc.CallOption) (*GetServiceResponse, error)
+	ListServices(ctx context.Context, in *ListServicesRequest, opts ...grpc.CallOption) (*ListServicesResponse, error)
+	CreateService(ctx context.Context, in *CreateServiceRequest, opts ...grpc.CallOption) (*CreateServiceResponse, error)
+	UpdateService(ctx context.Context, in *UpdateServiceRequest, opts ...grpc.CallOption) (*UpdateServiceResponse, error)
+	RemoveService(ctx context.Context, in *RemoveServiceRequest, opts ...grpc.CallOption) (*RemoveServiceResponse, error)
+	// ListServiceStatuses returns a `ListServiceStatusesResponse` with the
+	// status of the requested services, formed by computing the number of
+	// running vs desired tasks. It is provided as a shortcut or helper method,
+	// which allows a client to avoid having to calculate this value by listing
+	// all Tasks. If any service requested does not exist, it will be returned
+	// but with empty status values.
+	ListServiceStatuses(ctx context.Context, in *ListServiceStatusesRequest, opts ...grpc.CallOption) (*ListServiceStatusesResponse, error)
+	GetNetwork(ctx context.Context, in *GetNetworkRequest, opts ...grpc.CallOption) (*GetNetworkResponse, error)
+	ListNetworks(ctx context.Context, in *ListNetworksRequest, opts ...grpc.CallOption) (*ListNetworksResponse, error)
+	CreateNetwork(ctx context.Context, in *CreateNetworkRequest, opts ...grpc.CallOption) (*CreateNetworkResponse, error)
+	RemoveNetwork(ctx context.Context, in *RemoveNetworkRequest, opts ...grpc.CallOption) (*RemoveNetworkResponse, error)
+	GetCluster(ctx context.Context, in *GetClusterRequest, opts ...grpc.CallOption) (*GetClusterResponse, error)
+	ListClusters(ctx context.Context, in *ListClustersRequest, opts ...grpc.CallOption) (*ListClustersResponse, error)
+	UpdateCluster(ctx context.Context, in *UpdateClusterRequest, opts ...grpc.CallOption) (*UpdateClusterResponse, error)
+	// GetSecret returns a `GetSecretResponse` with a `Secret` with the same
+	// id as `GetSecretRequest.SecretID`
+	// - Returns `NotFound` if the Secret with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
+	// - Returns an error if getting fails.
+	GetSecret(ctx context.Context, in *GetSecretRequest, opts ...grpc.CallOption) (*GetSecretResponse, error)
+	// UpdateSecret returns a `UpdateSecretResponse` with a `Secret` with the same
+	// id as `GetSecretRequest.SecretID`
+	// - Returns `NotFound` if the Secret with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
+	// - Returns an error if updating fails.
+	UpdateSecret(ctx context.Context, in *UpdateSecretRequest, opts ...grpc.CallOption) (*UpdateSecretResponse, error)
+	// ListSecrets returns a `ListSecretResponse` with a list of all non-internal `Secret`s being
+	// managed, or all secrets matching any name in `ListSecretsRequest.Names`, any
+	// name prefix in `ListSecretsRequest.NamePrefixes`, any id in
+	// `ListSecretsRequest.SecretIDs`, or any id prefix in `ListSecretsRequest.IDPrefixes`.
+	// - Returns an error if listing fails.
+	ListSecrets(ctx context.Context, in *ListSecretsRequest, opts ...grpc.CallOption) (*ListSecretsResponse, error)
+	// CreateSecret creates and return a `CreateSecretResponse` with a `Secret` based
+	// on the provided `CreateSecretRequest.SecretSpec`.
+	// - Returns `InvalidArgument` if the `CreateSecretRequest.SecretSpec` is malformed,
+	//   or if the secret data is too long or contains invalid characters.
+	// - Returns an error if the creation fails.
+	CreateSecret(ctx context.Context, in *CreateSecretRequest, opts ...grpc.CallOption) (*CreateSecretResponse, error)
+	// RemoveSecret removes the secret referenced by `RemoveSecretRequest.ID`.
+	// - Returns `InvalidArgument` if `RemoveSecretRequest.ID` is empty.
+	// - Returns `NotFound` if the a secret named `RemoveSecretRequest.ID` is not found.
+	// - Returns an error if the deletion fails.
+	RemoveSecret(ctx context.Context, in *RemoveSecretRequest, opts ...grpc.CallOption) (*RemoveSecretResponse, error)
+	// GetConfig returns a `GetConfigResponse` with a `Config` with the same
+	// id as `GetConfigRequest.ConfigID`
+	// - Returns `NotFound` if the Config with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
+	// - Returns an error if getting fails.
+	GetConfig(ctx context.Context, in *GetConfigRequest, opts ...grpc.CallOption) (*GetConfigResponse, error)
+	// UpdateConfig returns a `UpdateConfigResponse` with a `Config` with the same
+	// id as `GetConfigRequest.ConfigID`
+	// - Returns `NotFound` if the Config with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
+	// - Returns an error if updating fails.
+	UpdateConfig(ctx context.Context, in *UpdateConfigRequest, opts ...grpc.CallOption) (*UpdateConfigResponse, error)
+	// ListConfigs returns a `ListConfigResponse` with a list of `Config`s being
+	// managed, or all configs matching any name in `ListConfigsRequest.Names`, any
+	// name prefix in `ListConfigsRequest.NamePrefixes`, any id in
+	// `ListConfigsRequest.ConfigIDs`, or any id prefix in `ListConfigsRequest.IDPrefixes`.
+	// - Returns an error if listing fails.
+	ListConfigs(ctx context.Context, in *ListConfigsRequest, opts ...grpc.CallOption) (*ListConfigsResponse, error)
+	// CreateConfig creates and return a `CreateConfigResponse` with a `Config` based
+	// on the provided `CreateConfigRequest.ConfigSpec`.
+	// - Returns `InvalidArgument` if the `CreateConfigRequest.ConfigSpec` is malformed,
+	//   or if the config data is too long or contains invalid characters.
+	// - Returns an error if the creation fails.
+	CreateConfig(ctx context.Context, in *CreateConfigRequest, opts ...grpc.CallOption) (*CreateConfigResponse, error)
+	// RemoveConfig removes the config referenced by `RemoveConfigRequest.ID`.
+	// - Returns `InvalidArgument` if `RemoveConfigRequest.ID` is empty.
+	// - Returns `NotFound` if the a config named `RemoveConfigRequest.ID` is not found.
+	// - Returns an error if the deletion fails.
+	RemoveConfig(ctx context.Context, in *RemoveConfigRequest, opts ...grpc.CallOption) (*RemoveConfigResponse, error)
+	// GetExtension returns a `GetExtensionResponse` with a `Extension` with the same
+	// id as `GetExtensionRequest.ExtensionId`
+	// - Returns `NotFound` if the Extension with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetExtensionRequest.ExtensionId` is empty.
+	// - Returns an error if the get fails.
+	GetExtension(ctx context.Context, in *GetExtensionRequest, opts ...grpc.CallOption) (*GetExtensionResponse, error)
+	// CreateExtension creates an `Extension` based on the provided `CreateExtensionRequest.Extension`
+	// and returns a `CreateExtensionResponse`.
+	// - Returns `InvalidArgument` if the `CreateExtensionRequest.Extension` is malformed,
+	//   or fails validation.
+	// - Returns an error if the creation fails.
+	CreateExtension(ctx context.Context, in *CreateExtensionRequest, opts ...grpc.CallOption) (*CreateExtensionResponse, error)
+	// RemoveExtension removes the extension referenced by `RemoveExtensionRequest.ID`.
+	// - Returns `InvalidArgument` if `RemoveExtensionRequest.ExtensionId` is empty.
+	// - Returns `NotFound` if the an extension named `RemoveExtensionRequest.ExtensionId` is not found.
+	// - Returns an error if the deletion fails.
+	RemoveExtension(ctx context.Context, in *RemoveExtensionRequest, opts ...grpc.CallOption) (*RemoveExtensionResponse, error)
+	// GetResource returns a `GetResourceResponse` with a `Resource` with the same
+	// id as `GetResourceRequest.Resource`
+	// - Returns `NotFound` if the Resource with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetResourceRequest.Resource` is empty.
+	// - Returns an error if getting fails.
+	GetResource(ctx context.Context, in *GetResourceRequest, opts ...grpc.CallOption) (*GetResourceResponse, error)
+	// UpdateResource updates the resource with the given `UpdateResourceRequest.Resource.Id` using the given `UpdateResourceRequest.Resource` and returns a `UpdateResourceResponse`.
+	// - Returns `NotFound` if the Resource with the given `UpdateResourceRequest.Resource.Id` is not found.
+	// - Returns `InvalidArgument` if the UpdateResourceRequest.Resource.Id` is empty.
+	// - Returns an error if updating fails.
+	UpdateResource(ctx context.Context, in *UpdateResourceRequest, opts ...grpc.CallOption) (*UpdateResourceResponse, error)
+	// ListResources returns a `ListResourcesResponse` with a list of `Resource`s stored in the raft store,
+	// or all resources matching any name in `ListConfigsRequest.Names`, any
+	// name prefix in `ListResourcesRequest.NamePrefixes`, any id in
+	// `ListResourcesRequest.ResourceIDs`, or any id prefix in `ListResourcesRequest.IDPrefixes`,
+	// extension name equal to `ListResourcesRequest.Extension`.
+	// - Returns an error if listing fails.
+	ListResources(ctx context.Context, in *ListResourcesRequest, opts ...grpc.CallOption) (*ListResourcesResponse, error)
+	// CreateResource returns a `CreateResourceResponse` after creating a `Resource` based
+	// on the provided `CreateResourceRequest.Resource`.
+	// - Returns `InvalidArgument` if the `CreateResourceRequest.Resource` is malformed,
+	//   or if the config data is too long or contains invalid characters.
+	// - Returns an error if the creation fails.
+	CreateResource(ctx context.Context, in *CreateResourceRequest, opts ...grpc.CallOption) (*CreateResourceResponse, error)
+	// RemoveResource removes the `Resource` referenced by `RemoveResourceRequest.ResourceID`.
+	// - Returns `InvalidArgument` if `RemoveResourceRequest.ResourceID` is empty.
+	// - Returns `NotFound` if the a resource named `RemoveResourceRequest.ResourceID` is not found.
+	// - Returns an error if the deletion fails.
+	RemoveResource(ctx context.Context, in *RemoveResourceRequest, opts ...grpc.CallOption) (*RemoveResourceResponse, error)
+}
+
+type controlClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewControlClient(cc *grpc.ClientConn) ControlClient {
+	return &controlClient{cc}
+}
+
+func (c *controlClient) GetNode(ctx context.Context, in *GetNodeRequest, opts ...grpc.CallOption) (*GetNodeResponse, error) {
+	out := new(GetNodeResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetNode", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return interceptor(ctx, in, info, handler)
+	return out, nil
 }
 
-func _Control_CreateConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CreateConfigRequest)
-	if err := dec(in); err != nil {
+func (c *controlClient) ListNodes(ctx context.Context, in *ListNodesRequest, opts ...grpc.CallOption) (*ListNodesResponse, error) {
+	out := new(ListNodesResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListNodes", in, out, opts...)
+	if err != nil {
 		return nil, err
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).CreateConfig(ctx, in)
+	return out, nil
+}
+
+func (c *controlClient) UpdateNode(ctx context.Context, in *UpdateNodeRequest, opts ...grpc.CallOption) (*UpdateNodeResponse, error) {
+	out := new(UpdateNodeResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateNode", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/CreateConfig",
+	return out, nil
+}
+
+func (c *controlClient) RemoveNode(ctx context.Context, in *RemoveNodeRequest, opts ...grpc.CallOption) (*RemoveNodeResponse, error) {
+	out := new(RemoveNodeResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveNode", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).CreateConfig(ctx, req.(*CreateConfigRequest))
+	return out, nil
+}
+
+func (c *controlClient) GetTask(ctx context.Context, in *GetTaskRequest, opts ...grpc.CallOption) (*GetTaskResponse, error) {
+	out := new(GetTaskResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetTask", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return interceptor(ctx, in, info, handler)
+	return out, nil
 }
 
-func _Control_RemoveConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RemoveConfigRequest)
-	if err := dec(in); err != nil {
+func (c *controlClient) ListTasks(ctx context.Context, in *ListTasksRequest, opts ...grpc.CallOption) (*ListTasksResponse, error) {
+	out := new(ListTasksResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListTasks", in, out, opts...)
+	if err != nil {
 		return nil, err
 	}
-	if interceptor == nil {
-		return srv.(ControlServer).RemoveConfig(ctx, in)
+	return out, nil
+}
+
+func (c *controlClient) RemoveTask(ctx context.Context, in *RemoveTaskRequest, opts ...grpc.CallOption) (*RemoveTaskResponse, error) {
+	out := new(RemoveTaskResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveTask", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/docker.swarmkit.v1.Control/RemoveConfig",
+	return out, nil
+}
+
+func (c *controlClient) GetService(ctx context.Context, in *GetServiceRequest, opts ...grpc.CallOption) (*GetServiceResponse, error) {
+	out := new(GetServiceResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetService", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ControlServer).RemoveConfig(ctx, req.(*RemoveConfigRequest))
+	return out, nil
+}
+
+func (c *controlClient) ListServices(ctx context.Context, in *ListServicesRequest, opts ...grpc.CallOption) (*ListServicesResponse, error) {
+	out := new(ListServicesResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListServices", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return interceptor(ctx, in, info, handler)
+	return out, nil
 }
 
-var _Control_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "docker.swarmkit.v1.Control",
-	HandlerType: (*ControlServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "GetNode",
-			Handler:    _Control_GetNode_Handler,
-		},
-		{
-			MethodName: "ListNodes",
-			Handler:    _Control_ListNodes_Handler,
-		},
-		{
-			MethodName: "UpdateNode",
-			Handler:    _Control_UpdateNode_Handler,
-		},
-		{
-			MethodName: "RemoveNode",
-			Handler:    _Control_RemoveNode_Handler,
-		},
-		{
-			MethodName: "GetTask",
-			Handler:    _Control_GetTask_Handler,
-		},
-		{
-			MethodName: "ListTasks",
-			Handler:    _Control_ListTasks_Handler,
-		},
-		{
-			MethodName: "RemoveTask",
-			Handler:    _Control_RemoveTask_Handler,
-		},
-		{
-			MethodName: "GetService",
-			Handler:    _Control_GetService_Handler,
-		},
-		{
-			MethodName: "ListServices",
-			Handler:    _Control_ListServices_Handler,
-		},
-		{
-			MethodName: "CreateService",
-			Handler:    _Control_CreateService_Handler,
-		},
-		{
-			MethodName: "UpdateService",
-			Handler:    _Control_UpdateService_Handler,
-		},
-		{
-			MethodName: "RemoveService",
-			Handler:    _Control_RemoveService_Handler,
-		},
-		{
-			MethodName: "GetNetwork",
-			Handler:    _Control_GetNetwork_Handler,
-		},
-		{
-			MethodName: "ListNetworks",
-			Handler:    _Control_ListNetworks_Handler,
-		},
-		{
-			MethodName: "CreateNetwork",
-			Handler:    _Control_CreateNetwork_Handler,
-		},
-		{
-			MethodName: "RemoveNetwork",
-			Handler:    _Control_RemoveNetwork_Handler,
-		},
-		{
-			MethodName: "GetCluster",
-			Handler:    _Control_GetCluster_Handler,
-		},
-		{
-			MethodName: "ListClusters",
-			Handler:    _Control_ListClusters_Handler,
-		},
-		{
-			MethodName: "UpdateCluster",
-			Handler:    _Control_UpdateCluster_Handler,
-		},
-		{
-			MethodName: "GetSecret",
-			Handler:    _Control_GetSecret_Handler,
-		},
-		{
-			MethodName: "UpdateSecret",
-			Handler:    _Control_UpdateSecret_Handler,
-		},
-		{
-			MethodName: "ListSecrets",
-			Handler:    _Control_ListSecrets_Handler,
-		},
-		{
-			MethodName: "CreateSecret",
-			Handler:    _Control_CreateSecret_Handler,
-		},
-		{
-			MethodName: "RemoveSecret",
-			Handler:    _Control_RemoveSecret_Handler,
-		},
-		{
-			MethodName: "GetConfig",
-			Handler:    _Control_GetConfig_Handler,
-		},
-		{
-			MethodName: "UpdateConfig",
-			Handler:    _Control_UpdateConfig_Handler,
-		},
-		{
-			MethodName: "ListConfigs",
-			Handler:    _Control_ListConfigs_Handler,
-		},
-		{
-			MethodName: "CreateConfig",
-			Handler:    _Control_CreateConfig_Handler,
-		},
-		{
-			MethodName: "RemoveConfig",
-			Handler:    _Control_RemoveConfig_Handler,
-		},
-	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "github.com/docker/swarmkit/api/control.proto",
-}
-
-func (m *GetNodeRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) CreateService(ctx context.Context, in *CreateServiceRequest, opts ...grpc.CallOption) (*CreateServiceResponse, error) {
+	out := new(CreateServiceResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateService", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *GetNodeRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.NodeID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
+func (c *controlClient) UpdateService(ctx context.Context, in *UpdateServiceRequest, opts ...grpc.CallOption) (*UpdateServiceResponse, error) {
+	out := new(UpdateServiceResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateService", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *GetNodeResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) RemoveService(ctx context.Context, in *RemoveServiceRequest, opts ...grpc.CallOption) (*RemoveServiceResponse, error) {
+	out := new(RemoveServiceResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveService", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *GetNodeResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Node != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Node.Size()))
-		n1, err := m.Node.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
+func (c *controlClient) ListServiceStatuses(ctx context.Context, in *ListServiceStatusesRequest, opts ...grpc.CallOption) (*ListServiceStatusesResponse, error) {
+	out := new(ListServiceStatusesResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListServiceStatuses", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *ListNodesRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) GetNetwork(ctx context.Context, in *GetNetworkRequest, opts ...grpc.CallOption) (*GetNetworkResponse, error) {
+	out := new(GetNetworkResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetNetwork", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *ListNodesRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Filters != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Filters.Size()))
-		n2, err := m.Filters.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n2
+func (c *controlClient) ListNetworks(ctx context.Context, in *ListNetworksRequest, opts ...grpc.CallOption) (*ListNetworksResponse, error) {
+	out := new(ListNetworksResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListNetworks", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *ListNodesRequest_Filters) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) CreateNetwork(ctx context.Context, in *CreateNetworkRequest, opts ...grpc.CallOption) (*CreateNetworkResponse, error) {
+	out := new(CreateNetworkResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateNetwork", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *ListNodesRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
-	}
-	if len(m.Memberships) > 0 {
-		for _, num := range m.Memberships {
-			dAtA[i] = 0x20
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(num))
-		}
-	}
-	if len(m.Roles) > 0 {
-		for _, num := range m.Roles {
-			dAtA[i] = 0x28
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(num))
-		}
-	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			dAtA[i] = 0x32
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.NodeLabels) > 0 {
-		for k, _ := range m.NodeLabels {
-			dAtA[i] = 0x3a
-			i++
-			v := m.NodeLabels[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+func (c *controlClient) RemoveNetwork(ctx context.Context, in *RemoveNetworkRequest, opts ...grpc.CallOption) (*RemoveNetworkResponse, error) {
+	out := new(RemoveNetworkResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveNetwork", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *ListNodesResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) GetCluster(ctx context.Context, in *GetClusterRequest, opts ...grpc.CallOption) (*GetClusterResponse, error) {
+	out := new(GetClusterResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetCluster", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *ListNodesResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Nodes) > 0 {
-		for _, msg := range m.Nodes {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+func (c *controlClient) ListClusters(ctx context.Context, in *ListClustersRequest, opts ...grpc.CallOption) (*ListClustersResponse, error) {
+	out := new(ListClustersResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListClusters", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *UpdateNodeRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) UpdateCluster(ctx context.Context, in *UpdateClusterRequest, opts ...grpc.CallOption) (*UpdateClusterResponse, error) {
+	out := new(UpdateClusterResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateCluster", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *UpdateNodeRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.NodeID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
-	}
-	if m.NodeVersion != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.NodeVersion.Size()))
-		n3, err := m.NodeVersion.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n3
-	}
-	if m.Spec != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n4, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n4
+func (c *controlClient) GetSecret(ctx context.Context, in *GetSecretRequest, opts ...grpc.CallOption) (*GetSecretResponse, error) {
+	out := new(GetSecretResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetSecret", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *UpdateNodeResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) UpdateSecret(ctx context.Context, in *UpdateSecretRequest, opts ...grpc.CallOption) (*UpdateSecretResponse, error) {
+	out := new(UpdateSecretResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateSecret", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *UpdateNodeResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Node != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Node.Size()))
-		n5, err := m.Node.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n5
+func (c *controlClient) ListSecrets(ctx context.Context, in *ListSecretsRequest, opts ...grpc.CallOption) (*ListSecretsResponse, error) {
+	out := new(ListSecretsResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListSecrets", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *RemoveNodeRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) CreateSecret(ctx context.Context, in *CreateSecretRequest, opts ...grpc.CallOption) (*CreateSecretResponse, error) {
+	out := new(CreateSecretResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateSecret", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *RemoveNodeRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.NodeID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
-	}
-	if m.Force {
-		dAtA[i] = 0x10
-		i++
-		if m.Force {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
-	}
-	return i, nil
-}
-
-func (m *RemoveNodeResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) RemoveSecret(ctx context.Context, in *RemoveSecretRequest, opts ...grpc.CallOption) (*RemoveSecretResponse, error) {
+	out := new(RemoveSecretResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveSecret", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *RemoveNodeResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	return i, nil
+	return out, nil
 }
 
-func (m *GetTaskRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) GetConfig(ctx context.Context, in *GetConfigRequest, opts ...grpc.CallOption) (*GetConfigResponse, error) {
+	out := new(GetConfigResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetConfig", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *GetTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.TaskID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.TaskID)))
-		i += copy(dAtA[i:], m.TaskID)
-	}
-	return i, nil
+	return out, nil
 }
 
-func (m *GetTaskResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) UpdateConfig(ctx context.Context, in *UpdateConfigRequest, opts ...grpc.CallOption) (*UpdateConfigResponse, error) {
+	out := new(UpdateConfigResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateConfig", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *GetTaskResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Task != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Task.Size()))
-		n6, err := m.Task.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n6
-	}
-	return i, nil
+	return out, nil
 }
 
-func (m *RemoveTaskRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) ListConfigs(ctx context.Context, in *ListConfigsRequest, opts ...grpc.CallOption) (*ListConfigsResponse, error) {
+	out := new(ListConfigsResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListConfigs", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *RemoveTaskRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.TaskID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.TaskID)))
-		i += copy(dAtA[i:], m.TaskID)
-	}
-	return i, nil
+	return out, nil
 }
 
-func (m *RemoveTaskResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) CreateConfig(ctx context.Context, in *CreateConfigRequest, opts ...grpc.CallOption) (*CreateConfigResponse, error) {
+	out := new(CreateConfigResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateConfig", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *RemoveTaskResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	return i, nil
+	return out, nil
 }
 
-func (m *ListTasksRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) RemoveConfig(ctx context.Context, in *RemoveConfigRequest, opts ...grpc.CallOption) (*RemoveConfigResponse, error) {
+	out := new(RemoveConfigResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveConfig", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ListTasksRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Filters != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Filters.Size()))
-		n7, err := m.Filters.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n7
-	}
-	return i, nil
+	return out, nil
 }
 
-func (m *ListTasksRequest_Filters) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) GetExtension(ctx context.Context, in *GetExtensionRequest, opts ...grpc.CallOption) (*GetExtensionResponse, error) {
+	out := new(GetExtensionResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetExtension", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ListTasksRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
-	}
-	if len(m.ServiceIDs) > 0 {
-		for _, s := range m.ServiceIDs {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.NodeIDs) > 0 {
-		for _, s := range m.NodeIDs {
-			dAtA[i] = 0x2a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.DesiredStates) > 0 {
-		for _, num := range m.DesiredStates {
-			dAtA[i] = 0x30
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(num))
-		}
-	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			dAtA[i] = 0x3a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if m.UpToDate {
-		dAtA[i] = 0x40
-		i++
-		if m.UpToDate {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
-	}
-	if len(m.Runtimes) > 0 {
-		for _, s := range m.Runtimes {
-			dAtA[i] = 0x4a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	return i, nil
+	return out, nil
 }
 
-func (m *ListTasksResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) CreateExtension(ctx context.Context, in *CreateExtensionRequest, opts ...grpc.CallOption) (*CreateExtensionResponse, error) {
+	out := new(CreateExtensionResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateExtension", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *ListTasksResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Tasks) > 0 {
-		for _, msg := range m.Tasks {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+func (c *controlClient) RemoveExtension(ctx context.Context, in *RemoveExtensionRequest, opts ...grpc.CallOption) (*RemoveExtensionResponse, error) {
+	out := new(RemoveExtensionResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveExtension", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *CreateServiceRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) GetResource(ctx context.Context, in *GetResourceRequest, opts ...grpc.CallOption) (*GetResourceResponse, error) {
+	out := new(GetResourceResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/GetResource", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *CreateServiceRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Spec != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n8, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n8
+func (c *controlClient) UpdateResource(ctx context.Context, in *UpdateResourceRequest, opts ...grpc.CallOption) (*UpdateResourceResponse, error) {
+	out := new(UpdateResourceResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/UpdateResource", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *CreateServiceResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) ListResources(ctx context.Context, in *ListResourcesRequest, opts ...grpc.CallOption) (*ListResourcesResponse, error) {
+	out := new(ListResourcesResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/ListResources", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *CreateServiceResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Service != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Service.Size()))
-		n9, err := m.Service.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n9
+func (c *controlClient) CreateResource(ctx context.Context, in *CreateResourceRequest, opts ...grpc.CallOption) (*CreateResourceResponse, error) {
+	out := new(CreateResourceResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/CreateResource", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *GetServiceRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *controlClient) RemoveResource(ctx context.Context, in *RemoveResourceRequest, opts ...grpc.CallOption) (*RemoveResourceResponse, error) {
+	out := new(RemoveResourceResponse)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Control/RemoveResource", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *GetServiceRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ServiceID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ServiceID)))
-		i += copy(dAtA[i:], m.ServiceID)
-	}
-	if m.InsertDefaults {
-		dAtA[i] = 0x10
-		i++
-		if m.InsertDefaults {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
-	}
-	return i, nil
+// ControlServer is the server API for Control service.
+type ControlServer interface {
+	GetNode(context.Context, *GetNodeRequest) (*GetNodeResponse, error)
+	ListNodes(context.Context, *ListNodesRequest) (*ListNodesResponse, error)
+	UpdateNode(context.Context, *UpdateNodeRequest) (*UpdateNodeResponse, error)
+	RemoveNode(context.Context, *RemoveNodeRequest) (*RemoveNodeResponse, error)
+	GetTask(context.Context, *GetTaskRequest) (*GetTaskResponse, error)
+	ListTasks(context.Context, *ListTasksRequest) (*ListTasksResponse, error)
+	RemoveTask(context.Context, *RemoveTaskRequest) (*RemoveTaskResponse, error)
+	GetService(context.Context, *GetServiceRequest) (*GetServiceResponse, error)
+	ListServices(context.Context, *ListServicesRequest) (*ListServicesResponse, error)
+	CreateService(context.Context, *CreateServiceRequest) (*CreateServiceResponse, error)
+	UpdateService(context.Context, *UpdateServiceRequest) (*UpdateServiceResponse, error)
+	RemoveService(context.Context, *RemoveServiceRequest) (*RemoveServiceResponse, error)
+	// ListServiceStatuses returns a `ListServiceStatusesResponse` with the
+	// status of the requested services, formed by computing the number of
+	// running vs desired tasks. It is provided as a shortcut or helper method,
+	// which allows a client to avoid having to calculate this value by listing
+	// all Tasks. If any service requested does not exist, it will be returned
+	// but with empty status values.
+	ListServiceStatuses(context.Context, *ListServiceStatusesRequest) (*ListServiceStatusesResponse, error)
+	GetNetwork(context.Context, *GetNetworkRequest) (*GetNetworkResponse, error)
+	ListNetworks(context.Context, *ListNetworksRequest) (*ListNetworksResponse, error)
+	CreateNetwork(context.Context, *CreateNetworkRequest) (*CreateNetworkResponse, error)
+	RemoveNetwork(context.Context, *RemoveNetworkRequest) (*RemoveNetworkResponse, error)
+	GetCluster(context.Context, *GetClusterRequest) (*GetClusterResponse, error)
+	ListClusters(context.Context, *ListClustersRequest) (*ListClustersResponse, error)
+	UpdateCluster(context.Context, *UpdateClusterRequest) (*UpdateClusterResponse, error)
+	// GetSecret returns a `GetSecretResponse` with a `Secret` with the same
+	// id as `GetSecretRequest.SecretID`
+	// - Returns `NotFound` if the Secret with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
+	// - Returns an error if getting fails.
+	GetSecret(context.Context, *GetSecretRequest) (*GetSecretResponse, error)
+	// UpdateSecret returns a `UpdateSecretResponse` with a `Secret` with the same
+	// id as `GetSecretRequest.SecretID`
+	// - Returns `NotFound` if the Secret with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
+	// - Returns an error if updating fails.
+	UpdateSecret(context.Context, *UpdateSecretRequest) (*UpdateSecretResponse, error)
+	// ListSecrets returns a `ListSecretResponse` with a list of all non-internal `Secret`s being
+	// managed, or all secrets matching any name in `ListSecretsRequest.Names`, any
+	// name prefix in `ListSecretsRequest.NamePrefixes`, any id in
+	// `ListSecretsRequest.SecretIDs`, or any id prefix in `ListSecretsRequest.IDPrefixes`.
+	// - Returns an error if listing fails.
+	ListSecrets(context.Context, *ListSecretsRequest) (*ListSecretsResponse, error)
+	// CreateSecret creates and return a `CreateSecretResponse` with a `Secret` based
+	// on the provided `CreateSecretRequest.SecretSpec`.
+	// - Returns `InvalidArgument` if the `CreateSecretRequest.SecretSpec` is malformed,
+	//   or if the secret data is too long or contains invalid characters.
+	// - Returns an error if the creation fails.
+	CreateSecret(context.Context, *CreateSecretRequest) (*CreateSecretResponse, error)
+	// RemoveSecret removes the secret referenced by `RemoveSecretRequest.ID`.
+	// - Returns `InvalidArgument` if `RemoveSecretRequest.ID` is empty.
+	// - Returns `NotFound` if the a secret named `RemoveSecretRequest.ID` is not found.
+	// - Returns an error if the deletion fails.
+	RemoveSecret(context.Context, *RemoveSecretRequest) (*RemoveSecretResponse, error)
+	// GetConfig returns a `GetConfigResponse` with a `Config` with the same
+	// id as `GetConfigRequest.ConfigID`
+	// - Returns `NotFound` if the Config with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
+	// - Returns an error if getting fails.
+	GetConfig(context.Context, *GetConfigRequest) (*GetConfigResponse, error)
+	// UpdateConfig returns a `UpdateConfigResponse` with a `Config` with the same
+	// id as `GetConfigRequest.ConfigID`
+	// - Returns `NotFound` if the Config with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
+	// - Returns an error if updating fails.
+	UpdateConfig(context.Context, *UpdateConfigRequest) (*UpdateConfigResponse, error)
+	// ListConfigs returns a `ListConfigResponse` with a list of `Config`s being
+	// managed, or all configs matching any name in `ListConfigsRequest.Names`, any
+	// name prefix in `ListConfigsRequest.NamePrefixes`, any id in
+	// `ListConfigsRequest.ConfigIDs`, or any id prefix in `ListConfigsRequest.IDPrefixes`.
+	// - Returns an error if listing fails.
+	ListConfigs(context.Context, *ListConfigsRequest) (*ListConfigsResponse, error)
+	// CreateConfig creates and return a `CreateConfigResponse` with a `Config` based
+	// on the provided `CreateConfigRequest.ConfigSpec`.
+	// - Returns `InvalidArgument` if the `CreateConfigRequest.ConfigSpec` is malformed,
+	//   or if the config data is too long or contains invalid characters.
+	// - Returns an error if the creation fails.
+	CreateConfig(context.Context, *CreateConfigRequest) (*CreateConfigResponse, error)
+	// RemoveConfig removes the config referenced by `RemoveConfigRequest.ID`.
+	// - Returns `InvalidArgument` if `RemoveConfigRequest.ID` is empty.
+	// - Returns `NotFound` if the a config named `RemoveConfigRequest.ID` is not found.
+	// - Returns an error if the deletion fails.
+	RemoveConfig(context.Context, *RemoveConfigRequest) (*RemoveConfigResponse, error)
+	// GetExtension returns a `GetExtensionResponse` with a `Extension` with the same
+	// id as `GetExtensionRequest.ExtensionId`
+	// - Returns `NotFound` if the Extension with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetExtensionRequest.ExtensionId` is empty.
+	// - Returns an error if the get fails.
+	GetExtension(context.Context, *GetExtensionRequest) (*GetExtensionResponse, error)
+	// CreateExtension creates an `Extension` based on the provided `CreateExtensionRequest.Extension`
+	// and returns a `CreateExtensionResponse`.
+	// - Returns `InvalidArgument` if the `CreateExtensionRequest.Extension` is malformed,
+	//   or fails validation.
+	// - Returns an error if the creation fails.
+	CreateExtension(context.Context, *CreateExtensionRequest) (*CreateExtensionResponse, error)
+	// RemoveExtension removes the extension referenced by `RemoveExtensionRequest.ID`.
+	// - Returns `InvalidArgument` if `RemoveExtensionRequest.ExtensionId` is empty.
+	// - Returns `NotFound` if the an extension named `RemoveExtensionRequest.ExtensionId` is not found.
+	// - Returns an error if the deletion fails.
+	RemoveExtension(context.Context, *RemoveExtensionRequest) (*RemoveExtensionResponse, error)
+	// GetResource returns a `GetResourceResponse` with a `Resource` with the same
+	// id as `GetResourceRequest.Resource`
+	// - Returns `NotFound` if the Resource with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetResourceRequest.Resource` is empty.
+	// - Returns an error if getting fails.
+	GetResource(context.Context, *GetResourceRequest) (*GetResourceResponse, error)
+	// UpdateResource updates the resource with the given `UpdateResourceRequest.Resource.Id` using the given `UpdateResourceRequest.Resource` and returns a `UpdateResourceResponse`.
+	// - Returns `NotFound` if the Resource with the given `UpdateResourceRequest.Resource.Id` is not found.
+	// - Returns `InvalidArgument` if the UpdateResourceRequest.Resource.Id` is empty.
+	// - Returns an error if updating fails.
+	UpdateResource(context.Context, *UpdateResourceRequest) (*UpdateResourceResponse, error)
+	// ListResources returns a `ListResourcesResponse` with a list of `Resource`s stored in the raft store,
+	// or all resources matching any name in `ListConfigsRequest.Names`, any
+	// name prefix in `ListResourcesRequest.NamePrefixes`, any id in
+	// `ListResourcesRequest.ResourceIDs`, or any id prefix in `ListResourcesRequest.IDPrefixes`,
+	// extension name equal to `ListResourcesRequest.Extension`.
+	// - Returns an error if listing fails.
+	ListResources(context.Context, *ListResourcesRequest) (*ListResourcesResponse, error)
+	// CreateResource returns a `CreateResourceResponse` after creating a `Resource` based
+	// on the provided `CreateResourceRequest.Resource`.
+	// - Returns `InvalidArgument` if the `CreateResourceRequest.Resource` is malformed,
+	//   or if the config data is too long or contains invalid characters.
+	// - Returns an error if the creation fails.
+	CreateResource(context.Context, *CreateResourceRequest) (*CreateResourceResponse, error)
+	// RemoveResource removes the `Resource` referenced by `RemoveResourceRequest.ResourceID`.
+	// - Returns `InvalidArgument` if `RemoveResourceRequest.ResourceID` is empty.
+	// - Returns `NotFound` if the a resource named `RemoveResourceRequest.ResourceID` is not found.
+	// - Returns an error if the deletion fails.
+	RemoveResource(context.Context, *RemoveResourceRequest) (*RemoveResourceResponse, error)
 }
 
-func (m *GetServiceResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+// UnimplementedControlServer can be embedded to have forward compatible implementations.
+type UnimplementedControlServer struct {
 }
 
-func (m *GetServiceResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Service != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Service.Size()))
-		n10, err := m.Service.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n10
-	}
-	return i, nil
+func (*UnimplementedControlServer) GetNode(ctx context.Context, req *GetNodeRequest) (*GetNodeResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetNode not implemented")
+}
+func (*UnimplementedControlServer) ListNodes(ctx context.Context, req *ListNodesRequest) (*ListNodesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListNodes not implemented")
+}
+func (*UnimplementedControlServer) UpdateNode(ctx context.Context, req *UpdateNodeRequest) (*UpdateNodeResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateNode not implemented")
+}
+func (*UnimplementedControlServer) RemoveNode(ctx context.Context, req *RemoveNodeRequest) (*RemoveNodeResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveNode not implemented")
+}
+func (*UnimplementedControlServer) GetTask(ctx context.Context, req *GetTaskRequest) (*GetTaskResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetTask not implemented")
+}
+func (*UnimplementedControlServer) ListTasks(ctx context.Context, req *ListTasksRequest) (*ListTasksResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListTasks not implemented")
+}
+func (*UnimplementedControlServer) RemoveTask(ctx context.Context, req *RemoveTaskRequest) (*RemoveTaskResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveTask not implemented")
+}
+func (*UnimplementedControlServer) GetService(ctx context.Context, req *GetServiceRequest) (*GetServiceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetService not implemented")
+}
+func (*UnimplementedControlServer) ListServices(ctx context.Context, req *ListServicesRequest) (*ListServicesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListServices not implemented")
+}
+func (*UnimplementedControlServer) CreateService(ctx context.Context, req *CreateServiceRequest) (*CreateServiceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateService not implemented")
+}
+func (*UnimplementedControlServer) UpdateService(ctx context.Context, req *UpdateServiceRequest) (*UpdateServiceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateService not implemented")
+}
+func (*UnimplementedControlServer) RemoveService(ctx context.Context, req *RemoveServiceRequest) (*RemoveServiceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveService not implemented")
+}
+func (*UnimplementedControlServer) ListServiceStatuses(ctx context.Context, req *ListServiceStatusesRequest) (*ListServiceStatusesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListServiceStatuses not implemented")
+}
+func (*UnimplementedControlServer) GetNetwork(ctx context.Context, req *GetNetworkRequest) (*GetNetworkResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetNetwork not implemented")
+}
+func (*UnimplementedControlServer) ListNetworks(ctx context.Context, req *ListNetworksRequest) (*ListNetworksResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListNetworks not implemented")
+}
+func (*UnimplementedControlServer) CreateNetwork(ctx context.Context, req *CreateNetworkRequest) (*CreateNetworkResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateNetwork not implemented")
+}
+func (*UnimplementedControlServer) RemoveNetwork(ctx context.Context, req *RemoveNetworkRequest) (*RemoveNetworkResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveNetwork not implemented")
+}
+func (*UnimplementedControlServer) GetCluster(ctx context.Context, req *GetClusterRequest) (*GetClusterResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetCluster not implemented")
+}
+func (*UnimplementedControlServer) ListClusters(ctx context.Context, req *ListClustersRequest) (*ListClustersResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListClusters not implemented")
+}
+func (*UnimplementedControlServer) UpdateCluster(ctx context.Context, req *UpdateClusterRequest) (*UpdateClusterResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateCluster not implemented")
+}
+func (*UnimplementedControlServer) GetSecret(ctx context.Context, req *GetSecretRequest) (*GetSecretResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetSecret not implemented")
+}
+func (*UnimplementedControlServer) UpdateSecret(ctx context.Context, req *UpdateSecretRequest) (*UpdateSecretResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateSecret not implemented")
+}
+func (*UnimplementedControlServer) ListSecrets(ctx context.Context, req *ListSecretsRequest) (*ListSecretsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListSecrets not implemented")
+}
+func (*UnimplementedControlServer) CreateSecret(ctx context.Context, req *CreateSecretRequest) (*CreateSecretResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateSecret not implemented")
+}
+func (*UnimplementedControlServer) RemoveSecret(ctx context.Context, req *RemoveSecretRequest) (*RemoveSecretResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveSecret not implemented")
+}
+func (*UnimplementedControlServer) GetConfig(ctx context.Context, req *GetConfigRequest) (*GetConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetConfig not implemented")
+}
+func (*UnimplementedControlServer) UpdateConfig(ctx context.Context, req *UpdateConfigRequest) (*UpdateConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateConfig not implemented")
+}
+func (*UnimplementedControlServer) ListConfigs(ctx context.Context, req *ListConfigsRequest) (*ListConfigsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListConfigs not implemented")
+}
+func (*UnimplementedControlServer) CreateConfig(ctx context.Context, req *CreateConfigRequest) (*CreateConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateConfig not implemented")
+}
+func (*UnimplementedControlServer) RemoveConfig(ctx context.Context, req *RemoveConfigRequest) (*RemoveConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveConfig not implemented")
+}
+func (*UnimplementedControlServer) GetExtension(ctx context.Context, req *GetExtensionRequest) (*GetExtensionResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetExtension not implemented")
+}
+func (*UnimplementedControlServer) CreateExtension(ctx context.Context, req *CreateExtensionRequest) (*CreateExtensionResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateExtension not implemented")
+}
+func (*UnimplementedControlServer) RemoveExtension(ctx context.Context, req *RemoveExtensionRequest) (*RemoveExtensionResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveExtension not implemented")
+}
+func (*UnimplementedControlServer) GetResource(ctx context.Context, req *GetResourceRequest) (*GetResourceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetResource not implemented")
+}
+func (*UnimplementedControlServer) UpdateResource(ctx context.Context, req *UpdateResourceRequest) (*UpdateResourceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateResource not implemented")
+}
+func (*UnimplementedControlServer) ListResources(ctx context.Context, req *ListResourcesRequest) (*ListResourcesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListResources not implemented")
+}
+func (*UnimplementedControlServer) CreateResource(ctx context.Context, req *CreateResourceRequest) (*CreateResourceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateResource not implemented")
+}
+func (*UnimplementedControlServer) RemoveResource(ctx context.Context, req *RemoveResourceRequest) (*RemoveResourceResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveResource not implemented")
 }
 
-func (m *UpdateServiceRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+func RegisterControlServer(s *grpc.Server, srv ControlServer) {
+	s.RegisterService(&_Control_serviceDesc, srv)
 }
 
-func (m *UpdateServiceRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ServiceID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ServiceID)))
-		i += copy(dAtA[i:], m.ServiceID)
+func _Control_GetNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetNodeRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if m.ServiceVersion != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.ServiceVersion.Size()))
-		n11, err := m.ServiceVersion.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n11
+	if interceptor == nil {
+		return srv.(ControlServer).GetNode(ctx, in)
 	}
-	if m.Spec != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n12, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n12
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetNode",
 	}
-	if m.Rollback != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Rollback))
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetNode(ctx, req.(*GetNodeRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *UpdateServiceResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_ListNodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListNodesRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *UpdateServiceResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Service != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Service.Size()))
-		n13, err := m.Service.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n13
+	if interceptor == nil {
+		return srv.(ControlServer).ListNodes(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListNodes",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListNodes(ctx, req.(*ListNodesRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *RemoveServiceRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_UpdateNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateNodeRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *RemoveServiceRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ServiceID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ServiceID)))
-		i += copy(dAtA[i:], m.ServiceID)
+	if interceptor == nil {
+		return srv.(ControlServer).UpdateNode(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/UpdateNode",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).UpdateNode(ctx, req.(*UpdateNodeRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *RemoveServiceResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_RemoveNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveNodeRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *RemoveServiceResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	return i, nil
-}
-
-func (m *ListServicesRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+	if interceptor == nil {
+		return srv.(ControlServer).RemoveNode(ctx, in)
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ListServicesRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Filters != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Filters.Size()))
-		n14, err := m.Filters.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n14
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/RemoveNode",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).RemoveNode(ctx, req.(*RemoveNodeRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListServicesRequest_Filters) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_GetTask_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetTaskRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).GetTask(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetTask",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetTask(ctx, req.(*GetTaskRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListServicesRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+func _Control_ListTasks_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListTasksRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+	if interceptor == nil {
+		return srv.(ControlServer).ListTasks(ctx, in)
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListTasks",
 	}
-	if len(m.Runtimes) > 0 {
-		for _, s := range m.Runtimes {
-			dAtA[i] = 0x2a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListTasks(ctx, req.(*ListTasksRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListServicesResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_RemoveTask_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveTaskRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ListServicesResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Services) > 0 {
-		for _, msg := range m.Services {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if interceptor == nil {
+		return srv.(ControlServer).RemoveTask(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/RemoveTask",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).RemoveTask(ctx, req.(*RemoveTaskRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *CreateNetworkRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_GetService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetServiceRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *CreateNetworkRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Spec != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n15, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n15
+	if interceptor == nil {
+		return srv.(ControlServer).GetService(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetService",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetService(ctx, req.(*GetServiceRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *CreateNetworkResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_ListServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListServicesRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).ListServices(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListServices",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListServices(ctx, req.(*ListServicesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *CreateNetworkResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Network != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Network.Size()))
-		n16, err := m.Network.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n16
+func _Control_CreateService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateServiceRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).CreateService(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/CreateService",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).CreateService(ctx, req.(*CreateServiceRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetNetworkRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_UpdateService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateServiceRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).UpdateService(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/UpdateService",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).UpdateService(ctx, req.(*UpdateServiceRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetNetworkRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+func _Control_RemoveService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveServiceRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if len(m.NetworkID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.NetworkID)))
-		i += copy(dAtA[i:], m.NetworkID)
+	if interceptor == nil {
+		return srv.(ControlServer).RemoveService(ctx, in)
 	}
-	return i, nil
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/RemoveService",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).RemoveService(ctx, req.(*RemoveServiceRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetNetworkResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_ListServiceStatuses_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListServiceStatusesRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).ListServiceStatuses(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListServiceStatuses",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListServiceStatuses(ctx, req.(*ListServiceStatusesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetNetworkResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Network != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Network.Size()))
-		n17, err := m.Network.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n17
+func _Control_GetNetwork_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetNetworkRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).GetNetwork(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetNetwork",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetNetwork(ctx, req.(*GetNetworkRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *RemoveNetworkRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_ListNetworks_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListNetworksRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *RemoveNetworkRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if interceptor == nil {
+		return srv.(ControlServer).ListNetworks(ctx, in)
 	}
-	if len(m.NetworkID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.NetworkID)))
-		i += copy(dAtA[i:], m.NetworkID)
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListNetworks",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListNetworks(ctx, req.(*ListNetworksRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *RemoveNetworkResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_CreateNetwork_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateNetworkRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *RemoveNetworkResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	return i, nil
+	if interceptor == nil {
+		return srv.(ControlServer).CreateNetwork(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/CreateNetwork",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).CreateNetwork(ctx, req.(*CreateNetworkRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListNetworksRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_RemoveNetwork_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveNetworkRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ListNetworksRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Filters != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Filters.Size()))
-		n18, err := m.Filters.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n18
+	if interceptor == nil {
+		return srv.(ControlServer).RemoveNetwork(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/RemoveNetwork",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).RemoveNetwork(ctx, req.(*RemoveNetworkRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListNetworksRequest_Filters) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_GetCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetClusterRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).GetCluster(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetCluster",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetCluster(ctx, req.(*GetClusterRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListNetworksRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+func _Control_ListClusters_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListClustersRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	if interceptor == nil {
+		return srv.(ControlServer).ListClusters(ctx, in)
 	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListClusters",
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListClusters(ctx, req.(*ListClustersRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListNetworksResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_UpdateCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateClusterRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ListNetworksResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Networks) > 0 {
-		for _, msg := range m.Networks {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if interceptor == nil {
+		return srv.(ControlServer).UpdateCluster(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/UpdateCluster",
 	}
-	return i, nil
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).UpdateCluster(ctx, req.(*UpdateClusterRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetClusterRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_GetSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetSecretRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).GetSecret(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetSecret",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetSecret(ctx, req.(*GetSecretRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetClusterRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ClusterID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ClusterID)))
-		i += copy(dAtA[i:], m.ClusterID)
+func _Control_UpdateSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateSecretRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).UpdateSecret(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/UpdateSecret",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).UpdateSecret(ctx, req.(*UpdateSecretRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetClusterResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_ListSecrets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListSecretsRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).ListSecrets(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListSecrets",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListSecrets(ctx, req.(*ListSecretsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetClusterResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Cluster != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Cluster.Size()))
-		n19, err := m.Cluster.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n19
+func _Control_CreateSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateSecretRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).CreateSecret(ctx, in)
 	}
-	return i, nil
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/CreateSecret",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).CreateSecret(ctx, req.(*CreateSecretRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListClustersRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_RemoveSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveSecretRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ListClustersRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Filters != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Filters.Size()))
-		n20, err := m.Filters.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n20
+	if interceptor == nil {
+		return srv.(ControlServer).RemoveSecret(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/RemoveSecret",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).RemoveSecret(ctx, req.(*RemoveSecretRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListClustersRequest_Filters) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_GetConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetConfigRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).GetConfig(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetConfig",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetConfig(ctx, req.(*GetConfigRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListClustersRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+func _Control_UpdateConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateConfigRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	if interceptor == nil {
+		return srv.(ControlServer).UpdateConfig(ctx, in)
 	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/UpdateConfig",
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).UpdateConfig(ctx, req.(*UpdateConfigRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ListClustersResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_ListConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListConfigsRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ListClustersResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Clusters) > 0 {
-		for _, msg := range m.Clusters {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if interceptor == nil {
+		return srv.(ControlServer).ListConfigs(ctx, in)
 	}
-	return i, nil
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListConfigs",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListConfigs(ctx, req.(*ListConfigsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *KeyRotation) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_CreateConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateConfigRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).CreateConfig(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/CreateConfig",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).CreateConfig(ctx, req.(*CreateConfigRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *KeyRotation) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.WorkerJoinToken {
-		dAtA[i] = 0x8
-		i++
-		if m.WorkerJoinToken {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+func _Control_RemoveConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveConfigRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if m.ManagerJoinToken {
-		dAtA[i] = 0x10
-		i++
-		if m.ManagerJoinToken {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+	if interceptor == nil {
+		return srv.(ControlServer).RemoveConfig(ctx, in)
 	}
-	if m.ManagerUnlockKey {
-		dAtA[i] = 0x18
-		i++
-		if m.ManagerUnlockKey {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/RemoveConfig",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).RemoveConfig(ctx, req.(*RemoveConfigRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *UpdateClusterRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_GetExtension_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetExtensionRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).GetExtension(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetExtension",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetExtension(ctx, req.(*GetExtensionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *UpdateClusterRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ClusterID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ClusterID)))
-		i += copy(dAtA[i:], m.ClusterID)
+func _Control_CreateExtension_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateExtensionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if m.ClusterVersion != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.ClusterVersion.Size()))
-		n21, err := m.ClusterVersion.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n21
+	if interceptor == nil {
+		return srv.(ControlServer).CreateExtension(ctx, in)
 	}
-	if m.Spec != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n22, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n22
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/CreateExtension",
 	}
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintControl(dAtA, i, uint64(m.Rotation.Size()))
-	n23, err := m.Rotation.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).CreateExtension(ctx, req.(*CreateExtensionRequest))
 	}
-	i += n23
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *UpdateClusterResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func _Control_RemoveExtension_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveExtensionRequest)
+	if err := dec(in); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	if interceptor == nil {
+		return srv.(ControlServer).RemoveExtension(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/RemoveExtension",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).RemoveExtension(ctx, req.(*RemoveExtensionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *UpdateClusterResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Cluster != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Cluster.Size()))
-		n24, err := m.Cluster.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n24
+func _Control_GetResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetResourceRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).GetResource(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/GetResource",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetResource(ctx, req.(*GetResourceRequest))
 	}
-	return i, nil
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *GetSecretRequest) Marshal() (dAtA []byte, err error) {
+func _Control_UpdateResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateResourceRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).UpdateResource(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/UpdateResource",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).UpdateResource(ctx, req.(*UpdateResourceRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Control_ListResources_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListResourcesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).ListResources(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/ListResources",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListResources(ctx, req.(*ListResourcesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Control_CreateResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateResourceRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).CreateResource(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/CreateResource",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).CreateResource(ctx, req.(*CreateResourceRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Control_RemoveResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveResourceRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).RemoveResource(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/docker.swarmkit.v1.Control/RemoveResource",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).RemoveResource(ctx, req.(*RemoveResourceRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Control_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "docker.swarmkit.v1.Control",
+	HandlerType: (*ControlServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetNode",
+			Handler:    _Control_GetNode_Handler,
+		},
+		{
+			MethodName: "ListNodes",
+			Handler:    _Control_ListNodes_Handler,
+		},
+		{
+			MethodName: "UpdateNode",
+			Handler:    _Control_UpdateNode_Handler,
+		},
+		{
+			MethodName: "RemoveNode",
+			Handler:    _Control_RemoveNode_Handler,
+		},
+		{
+			MethodName: "GetTask",
+			Handler:    _Control_GetTask_Handler,
+		},
+		{
+			MethodName: "ListTasks",
+			Handler:    _Control_ListTasks_Handler,
+		},
+		{
+			MethodName: "RemoveTask",
+			Handler:    _Control_RemoveTask_Handler,
+		},
+		{
+			MethodName: "GetService",
+			Handler:    _Control_GetService_Handler,
+		},
+		{
+			MethodName: "ListServices",
+			Handler:    _Control_ListServices_Handler,
+		},
+		{
+			MethodName: "CreateService",
+			Handler:    _Control_CreateService_Handler,
+		},
+		{
+			MethodName: "UpdateService",
+			Handler:    _Control_UpdateService_Handler,
+		},
+		{
+			MethodName: "RemoveService",
+			Handler:    _Control_RemoveService_Handler,
+		},
+		{
+			MethodName: "ListServiceStatuses",
+			Handler:    _Control_ListServiceStatuses_Handler,
+		},
+		{
+			MethodName: "GetNetwork",
+			Handler:    _Control_GetNetwork_Handler,
+		},
+		{
+			MethodName: "ListNetworks",
+			Handler:    _Control_ListNetworks_Handler,
+		},
+		{
+			MethodName: "CreateNetwork",
+			Handler:    _Control_CreateNetwork_Handler,
+		},
+		{
+			MethodName: "RemoveNetwork",
+			Handler:    _Control_RemoveNetwork_Handler,
+		},
+		{
+			MethodName: "GetCluster",
+			Handler:    _Control_GetCluster_Handler,
+		},
+		{
+			MethodName: "ListClusters",
+			Handler:    _Control_ListClusters_Handler,
+		},
+		{
+			MethodName: "UpdateCluster",
+			Handler:    _Control_UpdateCluster_Handler,
+		},
+		{
+			MethodName: "GetSecret",
+			Handler:    _Control_GetSecret_Handler,
+		},
+		{
+			MethodName: "UpdateSecret",
+			Handler:    _Control_UpdateSecret_Handler,
+		},
+		{
+			MethodName: "ListSecrets",
+			Handler:    _Control_ListSecrets_Handler,
+		},
+		{
+			MethodName: "CreateSecret",
+			Handler:    _Control_CreateSecret_Handler,
+		},
+		{
+			MethodName: "RemoveSecret",
+			Handler:    _Control_RemoveSecret_Handler,
+		},
+		{
+			MethodName: "GetConfig",
+			Handler:    _Control_GetConfig_Handler,
+		},
+		{
+			MethodName: "UpdateConfig",
+			Handler:    _Control_UpdateConfig_Handler,
+		},
+		{
+			MethodName: "ListConfigs",
+			Handler:    _Control_ListConfigs_Handler,
+		},
+		{
+			MethodName: "CreateConfig",
+			Handler:    _Control_CreateConfig_Handler,
+		},
+		{
+			MethodName: "RemoveConfig",
+			Handler:    _Control_RemoveConfig_Handler,
+		},
+		{
+			MethodName: "GetExtension",
+			Handler:    _Control_GetExtension_Handler,
+		},
+		{
+			MethodName: "CreateExtension",
+			Handler:    _Control_CreateExtension_Handler,
+		},
+		{
+			MethodName: "RemoveExtension",
+			Handler:    _Control_RemoveExtension_Handler,
+		},
+		{
+			MethodName: "GetResource",
+			Handler:    _Control_GetResource_Handler,
+		},
+		{
+			MethodName: "UpdateResource",
+			Handler:    _Control_UpdateResource_Handler,
+		},
+		{
+			MethodName: "ListResources",
+			Handler:    _Control_ListResources_Handler,
+		},
+		{
+			MethodName: "CreateResource",
+			Handler:    _Control_CreateResource_Handler,
+		},
+		{
+			MethodName: "RemoveResource",
+			Handler:    _Control_RemoveResource_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "github.com/docker/swarmkit/api/control.proto",
+}
+
+func (m *GetNodeRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *GetSecretRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *GetNodeRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetNodeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.SecretID) > 0 {
+	if len(m.NodeID) > 0 {
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.NodeID)))
+		i--
 		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.SecretID)))
-		i += copy(dAtA[i:], m.SecretID)
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *GetSecretResponse) Marshal() (dAtA []byte, err error) {
+func (m *GetNodeResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *GetSecretResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *GetNodeResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetNodeResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Secret != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Secret.Size()))
-		n25, err := m.Secret.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Node != nil {
+		{
+			size, err := m.Node.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		i += n25
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *UpdateSecretRequest) Marshal() (dAtA []byte, err error) {
+func (m *ListNodesRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *UpdateSecretRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *ListNodesRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListNodesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.SecretID) > 0 {
+	if m.Filters != nil {
+		{
+			size, err := m.Filters.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.SecretID)))
-		i += copy(dAtA[i:], m.SecretID)
 	}
-	if m.SecretVersion != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.SecretVersion.Size()))
-		n26, err := m.SecretVersion.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n26
-	}
-	if m.Spec != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n27, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n27
-	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *UpdateSecretResponse) Marshal() (dAtA []byte, err error) {
+func (m *ListNodesRequest_Filters) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *UpdateSecretResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *ListNodesRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListNodesRequest_Filters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Secret != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Secret.Size()))
-		n28, err := m.Secret.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.NodeLabels) > 0 {
+		for k := range m.NodeLabels {
+			v := m.NodeLabels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for iNdEx := len(m.NamePrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NamePrefixes[iNdEx])
+			copy(dAtA[i:], m.NamePrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NamePrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x32
+		}
+	}
+	if len(m.Roles) > 0 {
+		for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
+			i = encodeVarintControl(dAtA, i, uint64(m.Roles[iNdEx]))
+			i--
+			dAtA[i] = 0x28
+		}
+	}
+	if len(m.Memberships) > 0 {
+		for iNdEx := len(m.Memberships) - 1; iNdEx >= 0; iNdEx-- {
+			i = encodeVarintControl(dAtA, i, uint64(m.Memberships[iNdEx]))
+			i--
+			dAtA[i] = 0x20
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for iNdEx := len(m.IDPrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IDPrefixes[iNdEx])
+			copy(dAtA[i:], m.IDPrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.IDPrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Names) > 0 {
+		for iNdEx := len(m.Names) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Names[iNdEx])
+			copy(dAtA[i:], m.Names[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Names[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
-		i += n28
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *ListSecretsRequest) Marshal() (dAtA []byte, err error) {
+func (m *ListNodesResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *ListSecretsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *ListNodesResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListNodesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Filters != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Filters.Size()))
-		n29, err := m.Filters.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Nodes) > 0 {
+		for iNdEx := len(m.Nodes) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Nodes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
 		}
-		i += n29
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *ListSecretsRequest_Filters) Marshal() (dAtA []byte, err error) {
+func (m *UpdateNodeRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *ListSecretsRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *UpdateNodeRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateNodeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if m.NodeVersion != nil {
+		{
+			size, err := m.NodeVersion.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	if len(m.NodeID) > 0 {
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.NodeID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *ListSecretsResponse) Marshal() (dAtA []byte, err error) {
+func (m *UpdateNodeResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *ListSecretsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *UpdateNodeResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateNodeResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Secrets) > 0 {
-		for _, msg := range m.Secrets {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Node != nil {
+		{
+			size, err := m.Node.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *CreateSecretRequest) Marshal() (dAtA []byte, err error) {
+func (m *RemoveNodeRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *CreateSecretRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *RemoveNodeRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveNodeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Spec != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n30, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Force {
+		i--
+		if m.Force {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
-		i += n30
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.NodeID) > 0 {
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.NodeID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *CreateSecretResponse) Marshal() (dAtA []byte, err error) {
+func (m *RemoveNodeResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *CreateSecretResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *RemoveNodeResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveNodeResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Secret != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Secret.Size()))
-		n31, err := m.Secret.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n31
-	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *RemoveSecretRequest) Marshal() (dAtA []byte, err error) {
+func (m *GetTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *RemoveSecretRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *GetTaskRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.SecretID) > 0 {
+	if len(m.TaskID) > 0 {
+		i -= len(m.TaskID)
+		copy(dAtA[i:], m.TaskID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.TaskID)))
+		i--
 		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.SecretID)))
-		i += copy(dAtA[i:], m.SecretID)
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *RemoveSecretResponse) Marshal() (dAtA []byte, err error) {
+func (m *GetTaskResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *RemoveSecretResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	return i, nil
-}
-
-func (m *GetConfigRequest) Marshal() (dAtA []byte, err error) {
+func (m *GetTaskResponse) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *GetConfigRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *GetTaskResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ConfigID) > 0 {
+	if m.Task != nil {
+		{
+			size, err := m.Task.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ConfigID)))
-		i += copy(dAtA[i:], m.ConfigID)
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *GetConfigResponse) Marshal() (dAtA []byte, err error) {
+func (m *RemoveTaskRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *GetConfigResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *RemoveTaskRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveTaskRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Config != nil {
+	if len(m.TaskID) > 0 {
+		i -= len(m.TaskID)
+		copy(dAtA[i:], m.TaskID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.TaskID)))
+		i--
 		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Config.Size()))
-		n32, err := m.Config.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n32
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *UpdateConfigRequest) Marshal() (dAtA []byte, err error) {
+func (m *RemoveTaskResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *UpdateConfigRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *RemoveTaskResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveTaskResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ConfigID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ConfigID)))
-		i += copy(dAtA[i:], m.ConfigID)
-	}
-	if m.ConfigVersion != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.ConfigVersion.Size()))
-		n33, err := m.ConfigVersion.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n33
-	}
-	if m.Spec != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n34, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n34
-	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *UpdateConfigResponse) Marshal() (dAtA []byte, err error) {
+func (m *ListTasksRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *UpdateConfigResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *ListTasksRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListTasksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Config != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Config.Size()))
-		n35, err := m.Config.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Filters != nil {
+		{
+			size, err := m.Filters.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		i += n35
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *ListConfigsRequest) Marshal() (dAtA []byte, err error) {
+func (m *ListTasksRequest_Filters) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *ListConfigsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *ListTasksRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListTasksRequest_Filters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Filters != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Filters.Size()))
-		n36, err := m.Filters.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Runtimes) > 0 {
+		for iNdEx := len(m.Runtimes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Runtimes[iNdEx])
+			copy(dAtA[i:], m.Runtimes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Runtimes[iNdEx])))
+			i--
+			dAtA[i] = 0x4a
+		}
+	}
+	if m.UpToDate {
+		i--
+		if m.UpToDate {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x40
+	}
+	if len(m.NamePrefixes) > 0 {
+		for iNdEx := len(m.NamePrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NamePrefixes[iNdEx])
+			copy(dAtA[i:], m.NamePrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NamePrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
+	if len(m.DesiredStates) > 0 {
+		for iNdEx := len(m.DesiredStates) - 1; iNdEx >= 0; iNdEx-- {
+			i = encodeVarintControl(dAtA, i, uint64(m.DesiredStates[iNdEx]))
+			i--
+			dAtA[i] = 0x30
+		}
+	}
+	if len(m.NodeIDs) > 0 {
+		for iNdEx := len(m.NodeIDs) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NodeIDs[iNdEx])
+			copy(dAtA[i:], m.NodeIDs[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NodeIDs[iNdEx])))
+			i--
+			dAtA[i] = 0x2a
+		}
+	}
+	if len(m.ServiceIDs) > 0 {
+		for iNdEx := len(m.ServiceIDs) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ServiceIDs[iNdEx])
+			copy(dAtA[i:], m.ServiceIDs[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.ServiceIDs[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for iNdEx := len(m.IDPrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IDPrefixes[iNdEx])
+			copy(dAtA[i:], m.IDPrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.IDPrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Names) > 0 {
+		for iNdEx := len(m.Names) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Names[iNdEx])
+			copy(dAtA[i:], m.Names[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Names[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
-		i += n36
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *ListConfigsRequest_Filters) Marshal() (dAtA []byte, err error) {
+func (m *ListTasksResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *ListConfigsRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *ListTasksResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListTasksResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if len(m.Tasks) > 0 {
+		for iNdEx := len(m.Tasks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Tasks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x1a
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
+			i--
 			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
-	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *ListConfigsResponse) Marshal() (dAtA []byte, err error) {
+func (m *CreateServiceRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *ListConfigsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *CreateServiceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Configs) > 0 {
-		for _, msg := range m.Configs {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *CreateConfigRequest) Marshal() (dAtA []byte, err error) {
+func (m *CreateServiceResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *CreateConfigRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *CreateServiceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateServiceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Spec != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Spec.Size()))
-		n37, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Service != nil {
+		{
+			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		i += n37
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *CreateConfigResponse) Marshal() (dAtA []byte, err error) {
+func (m *GetServiceRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *CreateConfigResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *GetServiceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Config != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Config.Size()))
-		n38, err := m.Config.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.InsertDefaults {
+		i--
+		if m.InsertDefaults {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
-		i += n38
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ServiceID) > 0 {
+		i -= len(m.ServiceID)
+		copy(dAtA[i:], m.ServiceID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ServiceID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *RemoveConfigRequest) Marshal() (dAtA []byte, err error) {
+func (m *GetServiceResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *RemoveConfigRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *GetServiceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetServiceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ConfigID) > 0 {
+	if m.Service != nil {
+		{
+			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ConfigID)))
-		i += copy(dAtA[i:], m.ConfigID)
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func (m *RemoveConfigResponse) Marshal() (dAtA []byte, err error) {
+func (m *UpdateServiceRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 
-func (m *RemoveConfigResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+func (m *UpdateServiceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	if m.Rollback != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.Rollback))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.ServiceVersion != nil {
+		{
+			size, err := m.ServiceVersion.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ServiceID) > 0 {
+		i -= len(m.ServiceID)
+		copy(dAtA[i:], m.ServiceID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ServiceID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
-func encodeVarintControl(dAtA []byte, offset int, v uint64) int {
-	for v >= 1<<7 {
-		dAtA[offset] = uint8(v&0x7f | 0x80)
-		v >>= 7
-		offset++
+func (m *UpdateServiceResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	dAtA[offset] = uint8(v)
-	return offset + 1
+	return dAtA[:n], nil
 }
 
-type raftProxyControlServer struct {
-	local                       ControlServer
-	connSelector                raftselector.ConnProvider
-	localCtxMods, remoteCtxMods []func(context.Context) (context.Context, error)
+func (m *UpdateServiceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func NewRaftProxyControlServer(local ControlServer, connSelector raftselector.ConnProvider, localCtxMod, remoteCtxMod func(context.Context) (context.Context, error)) ControlServer {
-	redirectChecker := func(ctx context.Context) (context.Context, error) {
-		p, ok := peer.FromContext(ctx)
-		if !ok {
-			return ctx, status.Errorf(codes.InvalidArgument, "remote addr is not found in context")
-		}
-		addr := p.Addr.String()
-		md, ok := metadata.FromIncomingContext(ctx)
-		if ok && len(md["redirect"]) != 0 {
-			return ctx, status.Errorf(codes.ResourceExhausted, "more than one redirect to leader from: %s", md["redirect"])
-		}
-		if !ok {
-			md = metadata.New(map[string]string{})
+func (m *UpdateServiceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Service != nil {
+		{
+			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		md["redirect"] = append(md["redirect"], addr)
-		return metadata.NewOutgoingContext(ctx, md), nil
+		i--
+		dAtA[i] = 0xa
 	}
-	remoteMods := []func(context.Context) (context.Context, error){redirectChecker}
-	remoteMods = append(remoteMods, remoteCtxMod)
+	return len(dAtA) - i, nil
+}
 
-	var localMods []func(context.Context) (context.Context, error)
-	if localCtxMod != nil {
-		localMods = []func(context.Context) (context.Context, error){localCtxMod}
+func (m *RemoveServiceRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	return &raftProxyControlServer{
-		local:         local,
-		connSelector:  connSelector,
-		localCtxMods:  localMods,
-		remoteCtxMods: remoteMods,
+func (m *RemoveServiceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.ServiceID) > 0 {
+		i -= len(m.ServiceID)
+		copy(dAtA[i:], m.ServiceID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ServiceID)))
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
 }
-func (p *raftProxyControlServer) runCtxMods(ctx context.Context, ctxMods []func(context.Context) (context.Context, error)) (context.Context, error) {
-	var err error
-	for _, mod := range ctxMods {
-		ctx, err = mod(ctx)
-		if err != nil {
-			return ctx, err
-		}
+
+func (m *RemoveServiceResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return ctx, nil
+	return dAtA[:n], nil
 }
-func (p *raftProxyControlServer) pollNewLeaderConn(ctx context.Context) (*grpc.ClientConn, error) {
-	ticker := rafttime.NewTicker(500 * rafttime.Millisecond)
-	defer ticker.Stop()
-	for {
-		select {
-		case <-ticker.C:
-			conn, err := p.connSelector.LeaderConn(ctx)
-			if err != nil {
-				return nil, err
-			}
 
-			client := NewHealthClient(conn)
+func (m *RemoveServiceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-			resp, err := client.Check(ctx, &HealthCheckRequest{Service: "Raft"})
-			if err != nil || resp.Status != HealthCheckResponse_SERVING {
-				continue
-			}
-			return conn, nil
-		case <-ctx.Done():
-			return nil, ctx.Err()
-		}
+func (m *RemoveServiceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	return len(dAtA) - i, nil
+}
+
+func (m *ListServicesRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) GetNode(ctx context.Context, r *GetNodeRequest) (*GetNodeResponse, error) {
+func (m *ListServicesRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *ListServicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Filters != nil {
+		{
+			size, err := m.Filters.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.GetNode(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).GetNode(modCtx, r)
+func (m *ListServicesRequest_Filters) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.GetNode(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).GetNode(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) ListNodes(ctx context.Context, r *ListNodesRequest) (*ListNodesResponse, error) {
+func (m *ListServicesRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.ListNodes(ctx, r)
+func (m *ListServicesRequest_Filters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Runtimes) > 0 {
+		for iNdEx := len(m.Runtimes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Runtimes[iNdEx])
+			copy(dAtA[i:], m.Runtimes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Runtimes[iNdEx])))
+			i--
+			dAtA[i] = 0x2a
 		}
-		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	if len(m.NamePrefixes) > 0 {
+		for iNdEx := len(m.NamePrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NamePrefixes[iNdEx])
+			copy(dAtA[i:], m.NamePrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NamePrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
 	}
-
-	resp, err := NewControlClient(conn).ListNodes(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.ListNodes(ctx, r)
-			}
-			return nil, err
+	}
+	if len(m.IDPrefixes) > 0 {
+		for iNdEx := len(m.IDPrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IDPrefixes[iNdEx])
+			copy(dAtA[i:], m.IDPrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.IDPrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x12
 		}
-		return NewControlClient(conn).ListNodes(modCtx, r)
 	}
-	return resp, err
-}
-
-func (p *raftProxyControlServer) UpdateNode(ctx context.Context, r *UpdateNodeRequest) (*UpdateNodeResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.UpdateNode(ctx, r)
+	if len(m.Names) > 0 {
+		for iNdEx := len(m.Names) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Names[iNdEx])
+			copy(dAtA[i:], m.Names[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Names[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
-		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	return len(dAtA) - i, nil
+}
+
+func (m *ListServicesResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).UpdateNode(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.UpdateNode(ctx, r)
+func (m *ListServicesResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListServicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Services) > 0 {
+		for iNdEx := len(m.Services) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Services[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			return nil, err
+			i--
+			dAtA[i] = 0xa
 		}
-		return NewControlClient(conn).UpdateNode(modCtx, r)
 	}
-	return resp, err
+	return len(dAtA) - i, nil
 }
 
-func (p *raftProxyControlServer) RemoveNode(ctx context.Context, r *RemoveNodeRequest) (*RemoveNodeResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
+func (m *ListServiceStatusesRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.RemoveNode(ctx, r)
-		}
 		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	return dAtA[:n], nil
+}
+
+func (m *ListServiceStatusesRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListServiceStatusesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Services) > 0 {
+		for iNdEx := len(m.Services) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Services[iNdEx])
+			copy(dAtA[i:], m.Services[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Services[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).RemoveNode(modCtx, r)
+func (m *ListServiceStatusesResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.RemoveNode(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).RemoveNode(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) GetTask(ctx context.Context, r *GetTaskRequest) (*GetTaskResponse, error) {
+func (m *ListServiceStatusesResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
+func (m *ListServiceStatusesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Statuses) > 0 {
+		for iNdEx := len(m.Statuses) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Statuses[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			return p.local.GetTask(ctx, r)
+			i--
+			dAtA[i] = 0xa
 		}
-		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	return len(dAtA) - i, nil
+}
+
+func (m *ListServiceStatusesResponse_ServiceStatus) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).GetTask(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.GetTask(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).GetTask(modCtx, r)
-	}
-	return resp, err
+func (m *ListServiceStatusesResponse_ServiceStatus) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (p *raftProxyControlServer) ListTasks(ctx context.Context, r *ListTasksRequest) (*ListTasksResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.ListTasks(ctx, r)
-		}
-		return nil, err
+func (m *ListServiceStatusesResponse_ServiceStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.CompletedTasks != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.CompletedTasks))
+		i--
+		dAtA[i] = 0x20
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	if m.RunningTasks != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.RunningTasks))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.DesiredTasks != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.DesiredTasks))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ServiceID) > 0 {
+		i -= len(m.ServiceID)
+		copy(dAtA[i:], m.ServiceID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ServiceID)))
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).ListTasks(modCtx, r)
+func (m *CreateNetworkRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.ListTasks(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).ListTasks(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) RemoveTask(ctx context.Context, r *RemoveTaskRequest) (*RemoveTaskResponse, error) {
+func (m *CreateNetworkRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *CreateNetworkRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.RemoveTask(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).RemoveTask(modCtx, r)
+func (m *CreateNetworkResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.RemoveTask(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).RemoveTask(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) GetService(ctx context.Context, r *GetServiceRequest) (*GetServiceResponse, error) {
+func (m *CreateNetworkResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *CreateNetworkResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Network != nil {
+		{
+			size, err := m.Network.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.GetService(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).GetService(modCtx, r)
+func (m *GetNetworkRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.GetService(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).GetService(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) ListServices(ctx context.Context, r *ListServicesRequest) (*ListServicesResponse, error) {
+func (m *GetNetworkRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.ListServices(ctx, r)
-		}
-		return nil, err
+func (m *GetNetworkRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.NetworkID) > 0 {
+		i -= len(m.NetworkID)
+		copy(dAtA[i:], m.NetworkID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.NetworkID)))
+		i--
+		dAtA[i] = 0x12
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).ListServices(modCtx, r)
+func (m *GetNetworkResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.ListServices(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).ListServices(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) CreateService(ctx context.Context, r *CreateServiceRequest) (*CreateServiceResponse, error) {
+func (m *GetNetworkResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *GetNetworkResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Network != nil {
+		{
+			size, err := m.Network.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.CreateService(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).CreateService(modCtx, r)
+func (m *RemoveNetworkRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.CreateService(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).CreateService(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) UpdateService(ctx context.Context, r *UpdateServiceRequest) (*UpdateServiceResponse, error) {
+func (m *RemoveNetworkRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.UpdateService(ctx, r)
-		}
-		return nil, err
+func (m *RemoveNetworkRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.NetworkID) > 0 {
+		i -= len(m.NetworkID)
+		copy(dAtA[i:], m.NetworkID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.NetworkID)))
+		i--
+		dAtA[i] = 0x12
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *RemoveNetworkResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).UpdateService(modCtx, r)
+func (m *RemoveNetworkResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveNetworkResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	return len(dAtA) - i, nil
+}
+
+func (m *ListNetworksRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.UpdateService(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).UpdateService(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) RemoveService(ctx context.Context, r *RemoveServiceRequest) (*RemoveServiceResponse, error) {
+func (m *ListNetworksRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *ListNetworksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Filters != nil {
+		{
+			size, err := m.Filters.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.RemoveService(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).RemoveService(modCtx, r)
+func (m *ListNetworksRequest_Filters) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.RemoveService(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).RemoveService(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) GetNetwork(ctx context.Context, r *GetNetworkRequest) (*GetNetworkResponse, error) {
+func (m *ListNetworksRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.GetNetwork(ctx, r)
+func (m *ListNetworksRequest_Filters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.NamePrefixes) > 0 {
+		for iNdEx := len(m.NamePrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NamePrefixes[iNdEx])
+			copy(dAtA[i:], m.NamePrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NamePrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x22
 		}
-		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
+		}
 	}
-
-	resp, err := NewControlClient(conn).GetNetwork(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
+	if len(m.IDPrefixes) > 0 {
+		for iNdEx := len(m.IDPrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IDPrefixes[iNdEx])
+			copy(dAtA[i:], m.IDPrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.IDPrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x12
 		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.GetNetwork(ctx, r)
-			}
-			return nil, err
+	}
+	if len(m.Names) > 0 {
+		for iNdEx := len(m.Names) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Names[iNdEx])
+			copy(dAtA[i:], m.Names[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Names[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
-		return NewControlClient(conn).GetNetwork(modCtx, r)
 	}
-	return resp, err
+	return len(dAtA) - i, nil
 }
 
-func (p *raftProxyControlServer) ListNetworks(ctx context.Context, r *ListNetworksRequest) (*ListNetworksResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.ListNetworks(ctx, r)
-		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+func (m *ListNetworksResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).ListNetworks(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.ListNetworks(ctx, r)
+func (m *ListNetworksResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListNetworksResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Networks) > 0 {
+		for iNdEx := len(m.Networks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Networks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			return nil, err
+			i--
+			dAtA[i] = 0xa
 		}
-		return NewControlClient(conn).ListNetworks(modCtx, r)
 	}
-	return resp, err
+	return len(dAtA) - i, nil
 }
 
-func (p *raftProxyControlServer) CreateNetwork(ctx context.Context, r *CreateNetworkRequest) (*CreateNetworkResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
+func (m *GetClusterRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.CreateNetwork(ctx, r)
-		}
 		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	return dAtA[:n], nil
+}
+
+func (m *GetClusterRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetClusterRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.ClusterID) > 0 {
+		i -= len(m.ClusterID)
+		copy(dAtA[i:], m.ClusterID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ClusterID)))
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).CreateNetwork(modCtx, r)
+func (m *GetClusterResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.CreateNetwork(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).CreateNetwork(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) RemoveNetwork(ctx context.Context, r *RemoveNetworkRequest) (*RemoveNetworkResponse, error) {
+func (m *GetClusterResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *GetClusterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Cluster != nil {
+		{
+			size, err := m.Cluster.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.RemoveNetwork(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	return len(dAtA) - i, nil
+}
+
+func (m *ListClustersRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).RemoveNetwork(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.RemoveNetwork(ctx, r)
+func (m *ListClustersRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListClustersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Filters != nil {
+		{
+			size, err := m.Filters.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			return nil, err
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return NewControlClient(conn).RemoveNetwork(modCtx, r)
+		i--
+		dAtA[i] = 0xa
 	}
-	return resp, err
+	return len(dAtA) - i, nil
 }
 
-func (p *raftProxyControlServer) GetCluster(ctx context.Context, r *GetClusterRequest) (*GetClusterResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.GetCluster(ctx, r)
-		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+func (m *ListClustersRequest_Filters) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).GetCluster(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
+func (m *ListClustersRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListClustersRequest_Filters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.NamePrefixes) > 0 {
+		for iNdEx := len(m.NamePrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NamePrefixes[iNdEx])
+			copy(dAtA[i:], m.NamePrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NamePrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x22
 		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.GetCluster(ctx, r)
-			}
-			return nil, err
+	}
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
-		return NewControlClient(conn).GetCluster(modCtx, r)
 	}
-	return resp, err
-}
-
-func (p *raftProxyControlServer) ListClusters(ctx context.Context, r *ListClustersRequest) (*ListClustersResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.ListClusters(ctx, r)
+	if len(m.IDPrefixes) > 0 {
+		for iNdEx := len(m.IDPrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IDPrefixes[iNdEx])
+			copy(dAtA[i:], m.IDPrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.IDPrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x12
 		}
-		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	if len(m.Names) > 0 {
+		for iNdEx := len(m.Names) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Names[iNdEx])
+			copy(dAtA[i:], m.Names[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Names[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).ListClusters(modCtx, r)
+func (m *ListClustersResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.ListClusters(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).ListClusters(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) UpdateCluster(ctx context.Context, r *UpdateClusterRequest) (*UpdateClusterResponse, error) {
+func (m *ListClustersResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
+func (m *ListClustersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Clusters) > 0 {
+		for iNdEx := len(m.Clusters) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Clusters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			return p.local.UpdateCluster(ctx, r)
+			i--
+			dAtA[i] = 0xa
 		}
-		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	return len(dAtA) - i, nil
+}
+
+func (m *KeyRotation) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).UpdateCluster(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
+func (m *KeyRotation) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *KeyRotation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.ManagerUnlockKey {
+		i--
+		if m.ManagerUnlockKey {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.UpdateCluster(ctx, r)
-			}
-			return nil, err
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.ManagerJoinToken {
+		i--
+		if m.ManagerJoinToken {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
-		return NewControlClient(conn).UpdateCluster(modCtx, r)
+		i--
+		dAtA[i] = 0x10
 	}
-	return resp, err
-}
-
-func (p *raftProxyControlServer) GetSecret(ctx context.Context, r *GetSecretRequest) (*GetSecretResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.GetSecret(ctx, r)
+	if m.WorkerJoinToken {
+		i--
+		if m.WorkerJoinToken {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
-		return nil, err
+		i--
+		dAtA[i] = 0x8
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	return len(dAtA) - i, nil
+}
+
+func (m *UpdateClusterRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).GetSecret(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
+func (m *UpdateClusterRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateClusterRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.Rotation.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.GetSecret(ctx, r)
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintControl(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x22
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			return nil, err
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return NewControlClient(conn).GetSecret(modCtx, r)
+		i--
+		dAtA[i] = 0x1a
 	}
-	return resp, err
-}
-
-func (p *raftProxyControlServer) UpdateSecret(ctx context.Context, r *UpdateSecretRequest) (*UpdateSecretResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+	if m.ClusterVersion != nil {
+		{
+			size, err := m.ClusterVersion.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.UpdateSecret(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
+		i--
+		dAtA[i] = 0x12
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if len(m.ClusterID) > 0 {
+		i -= len(m.ClusterID)
+		copy(dAtA[i:], m.ClusterID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ClusterID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *UpdateClusterResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).UpdateSecret(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.UpdateSecret(ctx, r)
+func (m *UpdateClusterResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateClusterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Cluster != nil {
+		{
+			size, err := m.Cluster.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			return nil, err
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return NewControlClient(conn).UpdateSecret(modCtx, r)
+		i--
+		dAtA[i] = 0xa
 	}
-	return resp, err
+	return len(dAtA) - i, nil
 }
 
-func (p *raftProxyControlServer) ListSecrets(ctx context.Context, r *ListSecretsRequest) (*ListSecretsResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
+func (m *GetSecretRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.ListSecrets(ctx, r)
-		}
 		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	return dAtA[:n], nil
+}
+
+func (m *GetSecretRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetSecretRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.SecretID) > 0 {
+		i -= len(m.SecretID)
+		copy(dAtA[i:], m.SecretID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.SecretID)))
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).ListSecrets(modCtx, r)
+func (m *GetSecretResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.ListSecrets(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).ListSecrets(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) CreateSecret(ctx context.Context, r *CreateSecretRequest) (*CreateSecretResponse, error) {
+func (m *GetSecretResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *GetSecretResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Secret != nil {
+		{
+			size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.CreateSecret(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	return len(dAtA) - i, nil
+}
+
+func (m *UpdateSecretRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).CreateSecret(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.CreateSecret(ctx, r)
+func (m *UpdateSecretRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateSecretRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			return nil, err
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return NewControlClient(conn).CreateSecret(modCtx, r)
+		i--
+		dAtA[i] = 0x1a
 	}
-	return resp, err
-}
-
-func (p *raftProxyControlServer) RemoveSecret(ctx context.Context, r *RemoveSecretRequest) (*RemoveSecretResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+	if m.SecretVersion != nil {
+		{
+			size, err := m.SecretVersion.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.RemoveSecret(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
+		i--
+		dAtA[i] = 0x12
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+	if len(m.SecretID) > 0 {
+		i -= len(m.SecretID)
+		copy(dAtA[i:], m.SecretID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.SecretID)))
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).RemoveSecret(modCtx, r)
+func (m *UpdateSecretResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.RemoveSecret(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).RemoveSecret(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) GetConfig(ctx context.Context, r *GetConfigRequest) (*GetConfigResponse, error) {
+func (m *UpdateSecretResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *UpdateSecretResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Secret != nil {
+		{
+			size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.GetConfig(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).GetConfig(modCtx, r)
+func (m *ListSecretsRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.GetConfig(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).GetConfig(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) UpdateConfig(ctx context.Context, r *UpdateConfigRequest) (*UpdateConfigResponse, error) {
+func (m *ListSecretsRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *ListSecretsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Filters != nil {
+		{
+			size, err := m.Filters.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.UpdateConfig(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	return len(dAtA) - i, nil
+}
+
+func (m *ListSecretsRequest_Filters) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).UpdateConfig(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
+func (m *ListSecretsRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListSecretsRequest_Filters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.NamePrefixes) > 0 {
+		for iNdEx := len(m.NamePrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NamePrefixes[iNdEx])
+			copy(dAtA[i:], m.NamePrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NamePrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x22
 		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.UpdateConfig(ctx, r)
-			}
-			return nil, err
+	}
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
-		return NewControlClient(conn).UpdateConfig(modCtx, r)
 	}
-	return resp, err
-}
-
-func (p *raftProxyControlServer) ListConfigs(ctx context.Context, r *ListConfigsRequest) (*ListConfigsResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
-			if err != nil {
-				return nil, err
-			}
-			return p.local.ListConfigs(ctx, r)
+	if len(m.IDPrefixes) > 0 {
+		for iNdEx := len(m.IDPrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IDPrefixes[iNdEx])
+			copy(dAtA[i:], m.IDPrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.IDPrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x12
 		}
-		return nil, err
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if len(m.Names) > 0 {
+		for iNdEx := len(m.Names) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Names[iNdEx])
+			copy(dAtA[i:], m.Names[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Names[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ListSecretsResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).ListConfigs(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.ListConfigs(ctx, r)
+func (m *ListSecretsResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListSecretsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Secrets) > 0 {
+		for iNdEx := len(m.Secrets) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Secrets[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			return nil, err
+			i--
+			dAtA[i] = 0xa
 		}
-		return NewControlClient(conn).ListConfigs(modCtx, r)
 	}
-	return resp, err
+	return len(dAtA) - i, nil
 }
 
-func (p *raftProxyControlServer) CreateConfig(ctx context.Context, r *CreateConfigRequest) (*CreateConfigResponse, error) {
-
-	conn, err := p.connSelector.LeaderConn(ctx)
+func (m *CreateSecretRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CreateSecretRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateSecretRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.CreateConfig(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
-	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
-	if err != nil {
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
+	return len(dAtA) - i, nil
+}
 
-	resp, err := NewControlClient(conn).CreateConfig(modCtx, r)
+func (m *CreateSecretResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.CreateConfig(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).CreateConfig(modCtx, r)
+		return nil, err
 	}
-	return resp, err
+	return dAtA[:n], nil
 }
 
-func (p *raftProxyControlServer) RemoveConfig(ctx context.Context, r *RemoveConfigRequest) (*RemoveConfigResponse, error) {
+func (m *CreateSecretResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
 
-	conn, err := p.connSelector.LeaderConn(ctx)
-	if err != nil {
-		if err == raftselector.ErrIsLeader {
-			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+func (m *CreateSecretResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Secret != nil {
+		{
+			size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
-				return nil, err
+				return 0, err
 			}
-			return p.local.RemoveConfig(ctx, r)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
-		return nil, err
+		i--
+		dAtA[i] = 0xa
 	}
-	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	return len(dAtA) - i, nil
+}
+
+func (m *RemoveSecretRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
+	return dAtA[:n], nil
+}
 
-	resp, err := NewControlClient(conn).RemoveConfig(modCtx, r)
-	if err != nil {
-		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
-			return resp, err
-		}
-		conn, err := p.pollNewLeaderConn(ctx)
-		if err != nil {
-			if err == raftselector.ErrIsLeader {
-				return p.local.RemoveConfig(ctx, r)
-			}
-			return nil, err
-		}
-		return NewControlClient(conn).RemoveConfig(modCtx, r)
-	}
-	return resp, err
+func (m *RemoveSecretRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *GetNodeRequest) Size() (n int) {
+func (m *RemoveSecretRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.NodeID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	if len(m.SecretID) > 0 {
+		i -= len(m.SecretID)
+		copy(dAtA[i:], m.SecretID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.SecretID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *GetNodeResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Node != nil {
-		l = m.Node.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *RemoveSecretResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ListNodesRequest) Size() (n int) {
-	var l int
-	_ = l
-	if m.Filters != nil {
-		l = m.Filters.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	return n
+func (m *RemoveSecretResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ListNodesRequest_Filters) Size() (n int) {
+func (m *RemoveSecretResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.Labels) > 0 {
-		for k, v := range m.Labels {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
-		}
-	}
-	if len(m.Memberships) > 0 {
-		for _, e := range m.Memberships {
-			n += 1 + sovControl(uint64(e))
-		}
-	}
-	if len(m.Roles) > 0 {
-		for _, e := range m.Roles {
-			n += 1 + sovControl(uint64(e))
-		}
-	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.NodeLabels) > 0 {
-		for k, v := range m.NodeLabels {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
-		}
-	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *ListNodesResponse) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Nodes) > 0 {
-		for _, e := range m.Nodes {
-			l = e.Size()
-			n += 1 + l + sovControl(uint64(l))
-		}
+func (m *GetConfigRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *UpdateNodeRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.NodeID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.NodeVersion != nil {
-		l = m.NodeVersion.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	return n
+func (m *GetConfigRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *UpdateNodeResponse) Size() (n int) {
+func (m *GetConfigRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Node != nil {
-		l = m.Node.Size()
-		n += 1 + l + sovControl(uint64(l))
+	if len(m.ConfigID) > 0 {
+		i -= len(m.ConfigID)
+		copy(dAtA[i:], m.ConfigID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ConfigID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *RemoveNodeRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.NodeID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.Force {
-		n += 2
+func (m *GetConfigResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *RemoveNodeResponse) Size() (n int) {
-	var l int
-	_ = l
-	return n
+func (m *GetConfigResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *GetTaskRequest) Size() (n int) {
+func (m *GetConfigResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.TaskID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	if m.Config != nil {
+		{
+			size, err := m.Config.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *GetTaskResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Task != nil {
-		l = m.Task.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *UpdateConfigRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *RemoveTaskRequest) Size() (n int) {
+func (m *UpdateConfigRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateConfigRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.TaskID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	return n
+	if m.ConfigVersion != nil {
+		{
+			size, err := m.ConfigVersion.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ConfigID) > 0 {
+		i -= len(m.ConfigID)
+		copy(dAtA[i:], m.ConfigID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ConfigID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
-func (m *RemoveTaskResponse) Size() (n int) {
+func (m *UpdateConfigResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *UpdateConfigResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateConfigResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	return n
+	if m.Config != nil {
+		{
+			size, err := m.Config.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
-func (m *ListTasksRequest) Size() (n int) {
+func (m *ListConfigsRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ListConfigsRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListConfigsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
 	if m.Filters != nil {
-		l = m.Filters.Size()
-		n += 1 + l + sovControl(uint64(l))
+		{
+			size, err := m.Filters.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *ListTasksRequest_Filters) Size() (n int) {
+func (m *ListConfigsRequest_Filters) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ListConfigsRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListConfigsRequest_Filters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+	if len(m.NamePrefixes) > 0 {
+		for iNdEx := len(m.NamePrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NamePrefixes[iNdEx])
+			copy(dAtA[i:], m.NamePrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NamePrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x22
 		}
 	}
 	if len(m.Labels) > 0 {
-		for k, v := range m.Labels {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
-		}
-	}
-	if len(m.ServiceIDs) > 0 {
-		for _, s := range m.ServiceIDs {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.NodeIDs) > 0 {
-		for _, s := range m.NodeIDs {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if len(m.DesiredStates) > 0 {
-		for _, e := range m.DesiredStates {
-			n += 1 + sovControl(uint64(e))
+	if len(m.IDPrefixes) > 0 {
+		for iNdEx := len(m.IDPrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IDPrefixes[iNdEx])
+			copy(dAtA[i:], m.IDPrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.IDPrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+	if len(m.Names) > 0 {
+		for iNdEx := len(m.Names) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Names[iNdEx])
+			copy(dAtA[i:], m.Names[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Names[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	if m.UpToDate {
-		n += 2
-	}
-	if len(m.Runtimes) > 0 {
-		for _, s := range m.Runtimes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
+	return len(dAtA) - i, nil
+}
+
+func (m *ListConfigsResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ListTasksResponse) Size() (n int) {
+func (m *ListConfigsResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListConfigsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Tasks) > 0 {
-		for _, e := range m.Tasks {
-			l = e.Size()
-			n += 1 + l + sovControl(uint64(l))
+	if len(m.Configs) > 0 {
+		for iNdEx := len(m.Configs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Configs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *CreateServiceRequest) Size() (n int) {
-	var l int
-	_ = l
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *CreateConfigRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *CreateServiceResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Service != nil {
-		l = m.Service.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	return n
+func (m *CreateConfigRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *GetServiceRequest) Size() (n int) {
+func (m *CreateConfigRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.ServiceID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.InsertDefaults {
-		n += 2
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *GetServiceResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Service != nil {
-		l = m.Service.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *CreateConfigResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *UpdateServiceRequest) Size() (n int) {
+func (m *CreateConfigResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateConfigResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.ServiceID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.ServiceVersion != nil {
-		l = m.ServiceVersion.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
+	if m.Config != nil {
+		{
+			size, err := m.Config.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	if m.Rollback != 0 {
-		n += 1 + sovControl(uint64(m.Rollback))
+	return len(dAtA) - i, nil
+}
+
+func (m *RemoveConfigRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *UpdateServiceResponse) Size() (n int) {
+func (m *RemoveConfigRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveConfigRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Service != nil {
-		l = m.Service.Size()
-		n += 1 + l + sovControl(uint64(l))
+	if len(m.ConfigID) > 0 {
+		i -= len(m.ConfigID)
+		copy(dAtA[i:], m.ConfigID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ConfigID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *RemoveServiceRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.ServiceID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+func (m *RemoveConfigResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *RemoveServiceResponse) Size() (n int) {
-	var l int
-	_ = l
-	return n
+func (m *RemoveConfigResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ListServicesRequest) Size() (n int) {
+func (m *RemoveConfigResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Filters != nil {
-		l = m.Filters.Size()
-		n += 1 + l + sovControl(uint64(l))
+	return len(dAtA) - i, nil
+}
+
+func (m *CreateExtensionRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ListServicesRequest_Filters) Size() (n int) {
+func (m *CreateExtensionRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateExtensionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.Labels) > 0 {
-		for k, v := range m.Labels {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
-		}
+	if len(m.Description) > 0 {
+		i -= len(m.Description)
+		copy(dAtA[i:], m.Description)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Description)))
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+	if m.Annotations != nil {
+		{
+			size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	if len(m.Runtimes) > 0 {
-		for _, s := range m.Runtimes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
+	return len(dAtA) - i, nil
+}
+
+func (m *CreateExtensionResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ListServicesResponse) Size() (n int) {
+func (m *CreateExtensionResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateExtensionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Services) > 0 {
-		for _, e := range m.Services {
-			l = e.Size()
-			n += 1 + l + sovControl(uint64(l))
+	if m.Extension != nil {
+		{
+			size, err := m.Extension.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *CreateNetworkRequest) Size() (n int) {
-	var l int
-	_ = l
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *RemoveExtensionRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *CreateNetworkResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Network != nil {
-		l = m.Network.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	return n
+func (m *RemoveExtensionRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *GetNetworkRequest) Size() (n int) {
+func (m *RemoveExtensionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Name)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	if len(m.ExtensionID) > 0 {
+		i -= len(m.ExtensionID)
+		copy(dAtA[i:], m.ExtensionID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ExtensionID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	l = len(m.NetworkID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	return len(dAtA) - i, nil
+}
+
+func (m *RemoveExtensionResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *GetNetworkResponse) Size() (n int) {
+func (m *RemoveExtensionResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveExtensionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Network != nil {
-		l = m.Network.Size()
-		n += 1 + l + sovControl(uint64(l))
+	return len(dAtA) - i, nil
+}
+
+func (m *GetExtensionRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *RemoveNetworkRequest) Size() (n int) {
+func (m *GetExtensionRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetExtensionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Name)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	if len(m.ExtensionID) > 0 {
+		i -= len(m.ExtensionID)
+		copy(dAtA[i:], m.ExtensionID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ExtensionID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	l = len(m.NetworkID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	return len(dAtA) - i, nil
+}
+
+func (m *GetExtensionResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *RemoveNetworkResponse) Size() (n int) {
-	var l int
-	_ = l
-	return n
+func (m *GetExtensionResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ListNetworksRequest) Size() (n int) {
+func (m *GetExtensionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Filters != nil {
-		l = m.Filters.Size()
-		n += 1 + l + sovControl(uint64(l))
+	if m.Extension != nil {
+		{
+			size, err := m.Extension.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *ListNetworksRequest_Filters) Size() (n int) {
+func (m *CreateResourceRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CreateResourceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+	if m.Payload != nil {
+		{
+			size, err := m.Payload.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
+	if len(m.Kind) > 0 {
+		i -= len(m.Kind)
+		copy(dAtA[i:], m.Kind)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Kind)))
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Labels) > 0 {
-		for k, v := range m.Labels {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+	if m.Annotations != nil {
+		{
+			size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
+	return len(dAtA) - i, nil
+}
+
+func (m *CreateResourceResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ListNetworksResponse) Size() (n int) {
+func (m *CreateResourceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CreateResourceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Networks) > 0 {
-		for _, e := range m.Networks {
-			l = e.Size()
-			n += 1 + l + sovControl(uint64(l))
+	if m.Resource != nil {
+		{
+			size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *GetClusterRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.ClusterID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+func (m *RemoveResourceRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *GetClusterResponse) Size() (n int) {
+func (m *RemoveResourceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Cluster != nil {
-		l = m.Cluster.Size()
-		n += 1 + l + sovControl(uint64(l))
+	if len(m.ResourceID) > 0 {
+		i -= len(m.ResourceID)
+		copy(dAtA[i:], m.ResourceID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ResourceID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *ListClustersRequest) Size() (n int) {
+func (m *RemoveResourceResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RemoveResourceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RemoveResourceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Filters != nil {
-		l = m.Filters.Size()
-		n += 1 + l + sovControl(uint64(l))
+	return len(dAtA) - i, nil
+}
+
+func (m *UpdateResourceRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ListClustersRequest_Filters) Size() (n int) {
+func (m *UpdateResourceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+	if m.Payload != nil {
+		{
+			size, err := m.Payload.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+	if m.Annotations != nil {
+		{
+			size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.Labels) > 0 {
-		for k, v := range m.Labels {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+	if m.ResourceVersion != nil {
+		{
+			size, err := m.ResourceVersion.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
+	if len(m.ResourceID) > 0 {
+		i -= len(m.ResourceID)
+		copy(dAtA[i:], m.ResourceID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ResourceID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *ListClustersResponse) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Clusters) > 0 {
-		for _, e := range m.Clusters {
-			l = e.Size()
-			n += 1 + l + sovControl(uint64(l))
-		}
+func (m *UpdateResourceResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *KeyRotation) Size() (n int) {
-	var l int
-	_ = l
-	if m.WorkerJoinToken {
-		n += 2
-	}
-	if m.ManagerJoinToken {
-		n += 2
-	}
-	if m.ManagerUnlockKey {
-		n += 2
-	}
-	return n
+func (m *UpdateResourceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *UpdateClusterRequest) Size() (n int) {
+func (m *UpdateResourceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.ClusterID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.ClusterVersion != nil {
-		l = m.ClusterVersion.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
+	if m.Resource != nil {
+		{
+			size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	l = m.Rotation.Size()
-	n += 1 + l + sovControl(uint64(l))
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *UpdateClusterResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Cluster != nil {
-		l = m.Cluster.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *GetResourceRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *GetSecretRequest) Size() (n int) {
+func (m *GetResourceRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.SecretID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	if len(m.ResourceID) > 0 {
+		i -= len(m.ResourceID)
+		copy(dAtA[i:], m.ResourceID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ResourceID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *GetSecretResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Secret != nil {
-		l = m.Secret.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *GetResourceResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *UpdateSecretRequest) Size() (n int) {
+func (m *GetResourceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetResourceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.SecretID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.SecretVersion != nil {
-		l = m.SecretVersion.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
+	if m.Resource != nil {
+		{
+			size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *UpdateSecretResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Secret != nil {
-		l = m.Secret.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *ListResourcesRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ListSecretsRequest) Size() (n int) {
+func (m *ListResourcesRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListResourcesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
 	if m.Filters != nil {
-		l = m.Filters.Size()
-		n += 1 + l + sovControl(uint64(l))
+		{
+			size, err := m.Filters.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *ListSecretsRequest_Filters) Size() (n int) {
+func (m *ListResourcesRequest_Filters) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ListResourcesRequest_Filters) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListResourcesRequest_Filters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
+	if len(m.Kind) > 0 {
+		i -= len(m.Kind)
+		copy(dAtA[i:], m.Kind)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Kind)))
+		i--
+		dAtA[i] = 0x2a
 	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+	if len(m.NamePrefixes) > 0 {
+		for iNdEx := len(m.NamePrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NamePrefixes[iNdEx])
+			copy(dAtA[i:], m.NamePrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.NamePrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x22
 		}
 	}
 	if len(m.Labels) > 0 {
-		for k, v := range m.Labels {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+	if len(m.IDPrefixes) > 0 {
+		for iNdEx := len(m.IDPrefixes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IDPrefixes[iNdEx])
+			copy(dAtA[i:], m.IDPrefixes[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.IDPrefixes[iNdEx])))
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	return n
-}
-
-func (m *ListSecretsResponse) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Secrets) > 0 {
-		for _, e := range m.Secrets {
-			l = e.Size()
-			n += 1 + l + sovControl(uint64(l))
+	if len(m.Names) > 0 {
+		for iNdEx := len(m.Names) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Names[iNdEx])
+			copy(dAtA[i:], m.Names[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Names[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *CreateSecretRequest) Size() (n int) {
-	var l int
-	_ = l
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
+func (m *ListResourcesResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *CreateSecretResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Secret != nil {
-		l = m.Secret.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	return n
+func (m *ListResourcesResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *RemoveSecretRequest) Size() (n int) {
+func (m *ListResourcesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.SecretID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	if len(m.Resources) > 0 {
+		for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
 	}
-	return n
-}
-
-func (m *RemoveSecretResponse) Size() (n int) {
-	var l int
-	_ = l
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *GetConfigRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.ConfigID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+func encodeVarintControl(dAtA []byte, offset int, v uint64) int {
+	offset -= sovControl(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
 	}
-	return n
+	dAtA[offset] = uint8(v)
+	return base
 }
 
-func (m *GetConfigResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Config != nil {
-		l = m.Config.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	return n
+type raftProxyControlServer struct {
+	local                       ControlServer
+	connSelector                raftselector.ConnProvider
+	localCtxMods, remoteCtxMods []func(context.Context) (context.Context, error)
 }
 
-func (m *UpdateConfigRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.ConfigID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.ConfigVersion != nil {
-		l = m.ConfigVersion.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
+func NewRaftProxyControlServer(local ControlServer, connSelector raftselector.ConnProvider, localCtxMod, remoteCtxMod func(context.Context) (context.Context, error)) ControlServer {
+	redirectChecker := func(ctx context.Context) (context.Context, error) {
+		p, ok := peer.FromContext(ctx)
+		if !ok {
+			return ctx, status.Errorf(codes.InvalidArgument, "remote addr is not found in context")
+		}
+		addr := p.Addr.String()
+		md, ok := metadata.FromIncomingContext(ctx)
+		if ok && len(md["redirect"]) != 0 {
+			return ctx, status.Errorf(codes.ResourceExhausted, "more than one redirect to leader from: %s", md["redirect"])
+		}
+		if !ok {
+			md = metadata.New(map[string]string{})
+		}
+		md["redirect"] = append(md["redirect"], addr)
+		return metadata.NewOutgoingContext(ctx, md), nil
 	}
-	return n
-}
+	remoteMods := []func(context.Context) (context.Context, error){redirectChecker}
+	remoteMods = append(remoteMods, remoteCtxMod)
 
-func (m *UpdateConfigResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Config != nil {
-		l = m.Config.Size()
-		n += 1 + l + sovControl(uint64(l))
+	var localMods []func(context.Context) (context.Context, error)
+	if localCtxMod != nil {
+		localMods = []func(context.Context) (context.Context, error){localCtxMod}
 	}
-	return n
-}
 
-func (m *ListConfigsRequest) Size() (n int) {
-	var l int
-	_ = l
-	if m.Filters != nil {
-		l = m.Filters.Size()
-		n += 1 + l + sovControl(uint64(l))
+	return &raftProxyControlServer{
+		local:         local,
+		connSelector:  connSelector,
+		localCtxMods:  localMods,
+		remoteCtxMods: remoteMods,
 	}
-	return n
 }
-
-func (m *ListConfigsRequest_Filters) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Names) > 0 {
-		for _, s := range m.Names {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.IDPrefixes) > 0 {
-		for _, s := range m.IDPrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
-		}
-	}
-	if len(m.Labels) > 0 {
-		for k, v := range m.Labels {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
-		}
-	}
-	if len(m.NamePrefixes) > 0 {
-		for _, s := range m.NamePrefixes {
-			l = len(s)
-			n += 1 + l + sovControl(uint64(l))
+func (p *raftProxyControlServer) runCtxMods(ctx context.Context, ctxMods []func(context.Context) (context.Context, error)) (context.Context, error) {
+	var err error
+	for _, mod := range ctxMods {
+		ctx, err = mod(ctx)
+		if err != nil {
+			return ctx, err
 		}
 	}
-	return n
+	return ctx, nil
 }
+func (p *raftProxyControlServer) pollNewLeaderConn(ctx context.Context) (*grpc.ClientConn, error) {
+	ticker := rafttime.NewTicker(500 * rafttime.Millisecond)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ticker.C:
+			conn, err := p.connSelector.LeaderConn(ctx)
+			if err != nil {
+				return nil, err
+			}
 
-func (m *ListConfigsResponse) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Configs) > 0 {
-		for _, e := range m.Configs {
-			l = e.Size()
-			n += 1 + l + sovControl(uint64(l))
+			client := NewHealthClient(conn)
+
+			resp, err := client.Check(ctx, &HealthCheckRequest{Service: "Raft"})
+			if err != nil || resp.Status != HealthCheckResponse_SERVING {
+				continue
+			}
+			return conn, nil
+		case <-ctx.Done():
+			return nil, ctx.Err()
 		}
 	}
-	return n
 }
 
-func (m *CreateConfigRequest) Size() (n int) {
-	var l int
-	_ = l
-	if m.Spec != nil {
-		l = m.Spec.Size()
-		n += 1 + l + sovControl(uint64(l))
-	}
-	return n
-}
+func (p *raftProxyControlServer) GetNode(ctx context.Context, r *GetNodeRequest) (*GetNodeResponse, error) {
 
-func (m *CreateConfigResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Config != nil {
-		l = m.Config.Size()
-		n += 1 + l + sovControl(uint64(l))
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetNode(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	return n
-}
 
-func (m *RemoveConfigRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.ConfigID)
-	if l > 0 {
-		n += 1 + l + sovControl(uint64(l))
+	resp, err := NewControlClient(conn).GetNode(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetNode(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetNode(modCtx, r)
 	}
-	return n
+	return resp, err
 }
 
-func (m *RemoveConfigResponse) Size() (n int) {
-	var l int
-	_ = l
-	return n
-}
+func (p *raftProxyControlServer) ListNodes(ctx context.Context, r *ListNodesRequest) (*ListNodesResponse, error) {
 
-func sovControl(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListNodes(ctx, r)
 		}
+		return nil, err
 	}
-	return n
-}
-func sozControl(x uint64) (n int) {
-	return sovControl(uint64((x << 1) ^ uint64((int64(x) >> 63))))
-}
-func (this *GetNodeRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetNodeRequest{`,
-		`NodeID:` + fmt.Sprintf("%v", this.NodeID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetNodeResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).ListNodes(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListNodes(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListNodes(modCtx, r)
 	}
-	s := strings.Join([]string{`&GetNodeResponse{`,
-		`Node:` + strings.Replace(fmt.Sprintf("%v", this.Node), "Node", "Node", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListNodesRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) UpdateNode(ctx context.Context, r *UpdateNodeRequest) (*UpdateNodeResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.UpdateNode(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&ListNodesRequest{`,
-		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListNodesRequest_Filters", "ListNodesRequest_Filters", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ListNodesRequest_Filters) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	keysForLabels := make([]string, 0, len(this.Labels))
-	for k, _ := range this.Labels {
-		keysForLabels = append(keysForLabels, k)
+
+	resp, err := NewControlClient(conn).UpdateNode(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.UpdateNode(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).UpdateNode(modCtx, r)
 	}
-	sortkeys.Strings(keysForLabels)
-	mapStringForLabels := "map[string]string{"
-	for _, k := range keysForLabels {
-		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	return resp, err
+}
+
+func (p *raftProxyControlServer) RemoveNode(ctx context.Context, r *RemoveNodeRequest) (*RemoveNodeResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.RemoveNode(ctx, r)
+		}
+		return nil, err
 	}
-	mapStringForLabels += "}"
-	keysForNodeLabels := make([]string, 0, len(this.NodeLabels))
-	for k, _ := range this.NodeLabels {
-		keysForNodeLabels = append(keysForNodeLabels, k)
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	sortkeys.Strings(keysForNodeLabels)
-	mapStringForNodeLabels := "map[string]string{"
-	for _, k := range keysForNodeLabels {
-		mapStringForNodeLabels += fmt.Sprintf("%v: %v,", k, this.NodeLabels[k])
+
+	resp, err := NewControlClient(conn).RemoveNode(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.RemoveNode(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).RemoveNode(modCtx, r)
 	}
-	mapStringForNodeLabels += "}"
-	s := strings.Join([]string{`&ListNodesRequest_Filters{`,
-		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
-		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
-		`Labels:` + mapStringForLabels + `,`,
-		`Memberships:` + fmt.Sprintf("%v", this.Memberships) + `,`,
-		`Roles:` + fmt.Sprintf("%v", this.Roles) + `,`,
-		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
-		`NodeLabels:` + mapStringForNodeLabels + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListNodesResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) GetTask(ctx context.Context, r *GetTaskRequest) (*GetTaskResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetTask(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&ListNodesResponse{`,
-		`Nodes:` + strings.Replace(fmt.Sprintf("%v", this.Nodes), "Node", "Node", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *UpdateNodeRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&UpdateNodeRequest{`,
-		`NodeID:` + fmt.Sprintf("%v", this.NodeID) + `,`,
-		`NodeVersion:` + strings.Replace(fmt.Sprintf("%v", this.NodeVersion), "Version", "Version", 1) + `,`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "NodeSpec", "NodeSpec", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *UpdateNodeResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).GetTask(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetTask(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetTask(modCtx, r)
 	}
-	s := strings.Join([]string{`&UpdateNodeResponse{`,
-		`Node:` + strings.Replace(fmt.Sprintf("%v", this.Node), "Node", "Node", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *RemoveNodeRequest) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&RemoveNodeRequest{`,
-		`NodeID:` + fmt.Sprintf("%v", this.NodeID) + `,`,
-		`Force:` + fmt.Sprintf("%v", this.Force) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *RemoveNodeResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) ListTasks(ctx context.Context, r *ListTasksRequest) (*ListTasksResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListTasks(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveNodeResponse{`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetTaskRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetTaskRequest{`,
-		`TaskID:` + fmt.Sprintf("%v", this.TaskID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetTaskResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).ListTasks(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListTasks(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListTasks(modCtx, r)
 	}
-	s := strings.Join([]string{`&GetTaskResponse{`,
-		`Task:` + strings.Replace(fmt.Sprintf("%v", this.Task), "Task", "Task", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *RemoveTaskRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) RemoveTask(ctx context.Context, r *RemoveTaskRequest) (*RemoveTaskResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.RemoveTask(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveTaskRequest{`,
-		`TaskID:` + fmt.Sprintf("%v", this.TaskID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *RemoveTaskResponse) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveTaskResponse{`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ListTasksRequest) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).RemoveTask(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.RemoveTask(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).RemoveTask(modCtx, r)
 	}
-	s := strings.Join([]string{`&ListTasksRequest{`,
-		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListTasksRequest_Filters", "ListTasksRequest_Filters", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListTasksRequest_Filters) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) GetService(ctx context.Context, r *GetServiceRequest) (*GetServiceResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetService(ctx, r)
+		}
+		return nil, err
 	}
-	keysForLabels := make([]string, 0, len(this.Labels))
-	for k, _ := range this.Labels {
-		keysForLabels = append(keysForLabels, k)
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	sortkeys.Strings(keysForLabels)
-	mapStringForLabels := "map[string]string{"
-	for _, k := range keysForLabels {
-		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+
+	resp, err := NewControlClient(conn).GetService(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetService(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetService(modCtx, r)
 	}
-	mapStringForLabels += "}"
-	s := strings.Join([]string{`&ListTasksRequest_Filters{`,
-		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
-		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
-		`Labels:` + mapStringForLabels + `,`,
-		`ServiceIDs:` + fmt.Sprintf("%v", this.ServiceIDs) + `,`,
-		`NodeIDs:` + fmt.Sprintf("%v", this.NodeIDs) + `,`,
-		`DesiredStates:` + fmt.Sprintf("%v", this.DesiredStates) + `,`,
-		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
-		`UpToDate:` + fmt.Sprintf("%v", this.UpToDate) + `,`,
-		`Runtimes:` + fmt.Sprintf("%v", this.Runtimes) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListTasksResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) ListServices(ctx context.Context, r *ListServicesRequest) (*ListServicesResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListServices(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&ListTasksResponse{`,
-		`Tasks:` + strings.Replace(fmt.Sprintf("%v", this.Tasks), "Task", "Task", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CreateServiceRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&CreateServiceRequest{`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ServiceSpec", "ServiceSpec", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CreateServiceResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).ListServices(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListServices(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListServices(modCtx, r)
 	}
-	s := strings.Join([]string{`&CreateServiceResponse{`,
-		`Service:` + strings.Replace(fmt.Sprintf("%v", this.Service), "Service", "Service", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *GetServiceRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) CreateService(ctx context.Context, r *CreateServiceRequest) (*CreateServiceResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.CreateService(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetServiceRequest{`,
-		`ServiceID:` + fmt.Sprintf("%v", this.ServiceID) + `,`,
-		`InsertDefaults:` + fmt.Sprintf("%v", this.InsertDefaults) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetServiceResponse) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&GetServiceResponse{`,
-		`Service:` + strings.Replace(fmt.Sprintf("%v", this.Service), "Service", "Service", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *UpdateServiceRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&UpdateServiceRequest{`,
-		`ServiceID:` + fmt.Sprintf("%v", this.ServiceID) + `,`,
-		`ServiceVersion:` + strings.Replace(fmt.Sprintf("%v", this.ServiceVersion), "Version", "Version", 1) + `,`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ServiceSpec", "ServiceSpec", 1) + `,`,
-		`Rollback:` + fmt.Sprintf("%v", this.Rollback) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *UpdateServiceResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).CreateService(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.CreateService(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).CreateService(modCtx, r)
 	}
-	s := strings.Join([]string{`&UpdateServiceResponse{`,
-		`Service:` + strings.Replace(fmt.Sprintf("%v", this.Service), "Service", "Service", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *RemoveServiceRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) UpdateService(ctx context.Context, r *UpdateServiceRequest) (*UpdateServiceResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.UpdateService(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveServiceRequest{`,
-		`ServiceID:` + fmt.Sprintf("%v", this.ServiceID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *RemoveServiceResponse) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveServiceResponse{`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ListServicesRequest) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).UpdateService(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.UpdateService(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).UpdateService(modCtx, r)
 	}
-	s := strings.Join([]string{`&ListServicesRequest{`,
-		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListServicesRequest_Filters", "ListServicesRequest_Filters", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListServicesRequest_Filters) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) RemoveService(ctx context.Context, r *RemoveServiceRequest) (*RemoveServiceResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.RemoveService(ctx, r)
+		}
+		return nil, err
 	}
-	keysForLabels := make([]string, 0, len(this.Labels))
-	for k, _ := range this.Labels {
-		keysForLabels = append(keysForLabels, k)
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	sortkeys.Strings(keysForLabels)
-	mapStringForLabels := "map[string]string{"
-	for _, k := range keysForLabels {
-		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+
+	resp, err := NewControlClient(conn).RemoveService(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.RemoveService(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).RemoveService(modCtx, r)
 	}
-	mapStringForLabels += "}"
-	s := strings.Join([]string{`&ListServicesRequest_Filters{`,
-		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
-		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
-		`Labels:` + mapStringForLabels + `,`,
-		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
-		`Runtimes:` + fmt.Sprintf("%v", this.Runtimes) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListServicesResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) ListServiceStatuses(ctx context.Context, r *ListServiceStatusesRequest) (*ListServiceStatusesResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListServiceStatuses(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&ListServicesResponse{`,
-		`Services:` + strings.Replace(fmt.Sprintf("%v", this.Services), "Service", "Service", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CreateNetworkRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&CreateNetworkRequest{`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "NetworkSpec", "NetworkSpec", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CreateNetworkResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).ListServiceStatuses(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListServiceStatuses(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListServiceStatuses(modCtx, r)
 	}
-	s := strings.Join([]string{`&CreateNetworkResponse{`,
-		`Network:` + strings.Replace(fmt.Sprintf("%v", this.Network), "Network", "Network", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *GetNetworkRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) GetNetwork(ctx context.Context, r *GetNetworkRequest) (*GetNetworkResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetNetwork(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetNetworkRequest{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`NetworkID:` + fmt.Sprintf("%v", this.NetworkID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetNetworkResponse) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetNetworkResponse{`,
-		`Network:` + strings.Replace(fmt.Sprintf("%v", this.Network), "Network", "Network", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+
+	resp, err := NewControlClient(conn).GetNetwork(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetNetwork(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetNetwork(modCtx, r)
+	}
+	return resp, err
 }
-func (this *RemoveNetworkRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) ListNetworks(ctx context.Context, r *ListNetworksRequest) (*ListNetworksResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListNetworks(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveNetworkRequest{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`NetworkID:` + fmt.Sprintf("%v", this.NetworkID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *RemoveNetworkResponse) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveNetworkResponse{`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ListNetworksRequest) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).ListNetworks(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListNetworks(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListNetworks(modCtx, r)
 	}
-	s := strings.Join([]string{`&ListNetworksRequest{`,
-		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListNetworksRequest_Filters", "ListNetworksRequest_Filters", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListNetworksRequest_Filters) String() string {
-	if this == nil {
-		return "nil"
-	}
-	keysForLabels := make([]string, 0, len(this.Labels))
-	for k, _ := range this.Labels {
-		keysForLabels = append(keysForLabels, k)
+
+func (p *raftProxyControlServer) CreateNetwork(ctx context.Context, r *CreateNetworkRequest) (*CreateNetworkResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.CreateNetwork(ctx, r)
+		}
+		return nil, err
 	}
-	sortkeys.Strings(keysForLabels)
-	mapStringForLabels := "map[string]string{"
-	for _, k := range keysForLabels {
-		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	mapStringForLabels += "}"
-	s := strings.Join([]string{`&ListNetworksRequest_Filters{`,
-		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
-		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
-		`Labels:` + mapStringForLabels + `,`,
-		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ListNetworksResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).CreateNetwork(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.CreateNetwork(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).CreateNetwork(modCtx, r)
 	}
-	s := strings.Join([]string{`&ListNetworksResponse{`,
-		`Networks:` + strings.Replace(fmt.Sprintf("%v", this.Networks), "Network", "Network", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *GetClusterRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) RemoveNetwork(ctx context.Context, r *RemoveNetworkRequest) (*RemoveNetworkResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.RemoveNetwork(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetClusterRequest{`,
-		`ClusterID:` + fmt.Sprintf("%v", this.ClusterID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetClusterResponse) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetClusterResponse{`,
-		`Cluster:` + strings.Replace(fmt.Sprintf("%v", this.Cluster), "Cluster", "Cluster", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ListClustersRequest) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).RemoveNetwork(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.RemoveNetwork(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).RemoveNetwork(modCtx, r)
 	}
-	s := strings.Join([]string{`&ListClustersRequest{`,
-		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListClustersRequest_Filters", "ListClustersRequest_Filters", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListClustersRequest_Filters) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) GetCluster(ctx context.Context, r *GetClusterRequest) (*GetClusterResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetCluster(ctx, r)
+		}
+		return nil, err
 	}
-	keysForLabels := make([]string, 0, len(this.Labels))
-	for k, _ := range this.Labels {
-		keysForLabels = append(keysForLabels, k)
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	sortkeys.Strings(keysForLabels)
-	mapStringForLabels := "map[string]string{"
-	for _, k := range keysForLabels {
-		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+
+	resp, err := NewControlClient(conn).GetCluster(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetCluster(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetCluster(modCtx, r)
 	}
-	mapStringForLabels += "}"
-	s := strings.Join([]string{`&ListClustersRequest_Filters{`,
-		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
-		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
-		`Labels:` + mapStringForLabels + `,`,
-		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListClustersResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) ListClusters(ctx context.Context, r *ListClustersRequest) (*ListClustersResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListClusters(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&ListClustersResponse{`,
-		`Clusters:` + strings.Replace(fmt.Sprintf("%v", this.Clusters), "Cluster", "Cluster", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *KeyRotation) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&KeyRotation{`,
-		`WorkerJoinToken:` + fmt.Sprintf("%v", this.WorkerJoinToken) + `,`,
-		`ManagerJoinToken:` + fmt.Sprintf("%v", this.ManagerJoinToken) + `,`,
-		`ManagerUnlockKey:` + fmt.Sprintf("%v", this.ManagerUnlockKey) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *UpdateClusterRequest) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).ListClusters(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListClusters(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListClusters(modCtx, r)
 	}
-	s := strings.Join([]string{`&UpdateClusterRequest{`,
-		`ClusterID:` + fmt.Sprintf("%v", this.ClusterID) + `,`,
-		`ClusterVersion:` + strings.Replace(fmt.Sprintf("%v", this.ClusterVersion), "Version", "Version", 1) + `,`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ClusterSpec", "ClusterSpec", 1) + `,`,
-		`Rotation:` + strings.Replace(strings.Replace(this.Rotation.String(), "KeyRotation", "KeyRotation", 1), `&`, ``, 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *UpdateClusterResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) UpdateCluster(ctx context.Context, r *UpdateClusterRequest) (*UpdateClusterResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.UpdateCluster(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&UpdateClusterResponse{`,
-		`Cluster:` + strings.Replace(fmt.Sprintf("%v", this.Cluster), "Cluster", "Cluster", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetSecretRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetSecretRequest{`,
-		`SecretID:` + fmt.Sprintf("%v", this.SecretID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetSecretResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).UpdateCluster(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.UpdateCluster(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).UpdateCluster(modCtx, r)
 	}
-	s := strings.Join([]string{`&GetSecretResponse{`,
-		`Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "Secret", "Secret", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *UpdateSecretRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) GetSecret(ctx context.Context, r *GetSecretRequest) (*GetSecretResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetSecret(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&UpdateSecretRequest{`,
-		`SecretID:` + fmt.Sprintf("%v", this.SecretID) + `,`,
-		`SecretVersion:` + strings.Replace(fmt.Sprintf("%v", this.SecretVersion), "Version", "Version", 1) + `,`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "SecretSpec", "SecretSpec", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *UpdateSecretResponse) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&UpdateSecretResponse{`,
-		`Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "Secret", "Secret", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ListSecretsRequest) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).GetSecret(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetSecret(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetSecret(modCtx, r)
 	}
-	s := strings.Join([]string{`&ListSecretsRequest{`,
-		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListSecretsRequest_Filters", "ListSecretsRequest_Filters", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListSecretsRequest_Filters) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) UpdateSecret(ctx context.Context, r *UpdateSecretRequest) (*UpdateSecretResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.UpdateSecret(ctx, r)
+		}
+		return nil, err
 	}
-	keysForLabels := make([]string, 0, len(this.Labels))
-	for k, _ := range this.Labels {
-		keysForLabels = append(keysForLabels, k)
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	sortkeys.Strings(keysForLabels)
-	mapStringForLabels := "map[string]string{"
-	for _, k := range keysForLabels {
-		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+
+	resp, err := NewControlClient(conn).UpdateSecret(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.UpdateSecret(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).UpdateSecret(modCtx, r)
 	}
-	mapStringForLabels += "}"
-	s := strings.Join([]string{`&ListSecretsRequest_Filters{`,
-		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
-		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
-		`Labels:` + mapStringForLabels + `,`,
-		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListSecretsResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) ListSecrets(ctx context.Context, r *ListSecretsRequest) (*ListSecretsResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListSecrets(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&ListSecretsResponse{`,
-		`Secrets:` + strings.Replace(fmt.Sprintf("%v", this.Secrets), "Secret", "Secret", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CreateSecretRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&CreateSecretRequest{`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "SecretSpec", "SecretSpec", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CreateSecretResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).ListSecrets(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListSecrets(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListSecrets(modCtx, r)
 	}
-	s := strings.Join([]string{`&CreateSecretResponse{`,
-		`Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "Secret", "Secret", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *RemoveSecretRequest) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&RemoveSecretRequest{`,
-		`SecretID:` + fmt.Sprintf("%v", this.SecretID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *RemoveSecretResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) CreateSecret(ctx context.Context, r *CreateSecretRequest) (*CreateSecretResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.CreateSecret(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveSecretResponse{`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetConfigRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&GetConfigRequest{`,
-		`ConfigID:` + fmt.Sprintf("%v", this.ConfigID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *GetConfigResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).CreateSecret(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.CreateSecret(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).CreateSecret(modCtx, r)
 	}
-	s := strings.Join([]string{`&GetConfigResponse{`,
-		`Config:` + strings.Replace(fmt.Sprintf("%v", this.Config), "Config", "Config", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *UpdateConfigRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) RemoveSecret(ctx context.Context, r *RemoveSecretRequest) (*RemoveSecretResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.RemoveSecret(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&UpdateConfigRequest{`,
-		`ConfigID:` + fmt.Sprintf("%v", this.ConfigID) + `,`,
-		`ConfigVersion:` + strings.Replace(fmt.Sprintf("%v", this.ConfigVersion), "Version", "Version", 1) + `,`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ConfigSpec", "ConfigSpec", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *UpdateConfigResponse) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&UpdateConfigResponse{`,
-		`Config:` + strings.Replace(fmt.Sprintf("%v", this.Config), "Config", "Config", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *ListConfigsRequest) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).RemoveSecret(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.RemoveSecret(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).RemoveSecret(modCtx, r)
 	}
-	s := strings.Join([]string{`&ListConfigsRequest{`,
-		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListConfigsRequest_Filters", "ListConfigsRequest_Filters", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListConfigsRequest_Filters) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) GetConfig(ctx context.Context, r *GetConfigRequest) (*GetConfigResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetConfig(ctx, r)
+		}
+		return nil, err
 	}
-	keysForLabels := make([]string, 0, len(this.Labels))
-	for k, _ := range this.Labels {
-		keysForLabels = append(keysForLabels, k)
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	sortkeys.Strings(keysForLabels)
-	mapStringForLabels := "map[string]string{"
-	for _, k := range keysForLabels {
-		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+
+	resp, err := NewControlClient(conn).GetConfig(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetConfig(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetConfig(modCtx, r)
 	}
-	mapStringForLabels += "}"
-	s := strings.Join([]string{`&ListConfigsRequest_Filters{`,
-		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
-		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
-		`Labels:` + mapStringForLabels + `,`,
-		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *ListConfigsResponse) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) UpdateConfig(ctx context.Context, r *UpdateConfigRequest) (*UpdateConfigResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.UpdateConfig(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&ListConfigsResponse{`,
-		`Configs:` + strings.Replace(fmt.Sprintf("%v", this.Configs), "Config", "Config", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CreateConfigRequest) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&CreateConfigRequest{`,
-		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ConfigSpec", "ConfigSpec", 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *CreateConfigResponse) String() string {
-	if this == nil {
-		return "nil"
+
+	resp, err := NewControlClient(conn).UpdateConfig(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.UpdateConfig(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).UpdateConfig(modCtx, r)
 	}
-	s := strings.Join([]string{`&CreateConfigResponse{`,
-		`Config:` + strings.Replace(fmt.Sprintf("%v", this.Config), "Config", "Config", 1) + `,`,
-		`}`,
-	}, "")
-	return s
+	return resp, err
 }
-func (this *RemoveConfigRequest) String() string {
-	if this == nil {
-		return "nil"
+
+func (p *raftProxyControlServer) ListConfigs(ctx context.Context, r *ListConfigsRequest) (*ListConfigsResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListConfigs(ctx, r)
+		}
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveConfigRequest{`,
-		`ConfigID:` + fmt.Sprintf("%v", this.ConfigID) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *RemoveConfigResponse) String() string {
-	if this == nil {
-		return "nil"
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&RemoveConfigResponse{`,
-		`}`,
-	}, "")
-	return s
-}
-func valueToStringControl(v interface{}) string {
-	rv := reflect.ValueOf(v)
+
+	resp, err := NewControlClient(conn).ListConfigs(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListConfigs(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListConfigs(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) CreateConfig(ctx context.Context, r *CreateConfigRequest) (*CreateConfigResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.CreateConfig(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).CreateConfig(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.CreateConfig(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).CreateConfig(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) RemoveConfig(ctx context.Context, r *RemoveConfigRequest) (*RemoveConfigResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.RemoveConfig(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).RemoveConfig(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.RemoveConfig(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).RemoveConfig(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) GetExtension(ctx context.Context, r *GetExtensionRequest) (*GetExtensionResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetExtension(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).GetExtension(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetExtension(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetExtension(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) CreateExtension(ctx context.Context, r *CreateExtensionRequest) (*CreateExtensionResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.CreateExtension(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).CreateExtension(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.CreateExtension(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).CreateExtension(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) RemoveExtension(ctx context.Context, r *RemoveExtensionRequest) (*RemoveExtensionResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.RemoveExtension(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).RemoveExtension(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.RemoveExtension(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).RemoveExtension(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) GetResource(ctx context.Context, r *GetResourceRequest) (*GetResourceResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.GetResource(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).GetResource(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.GetResource(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).GetResource(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) UpdateResource(ctx context.Context, r *UpdateResourceRequest) (*UpdateResourceResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.UpdateResource(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).UpdateResource(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.UpdateResource(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).UpdateResource(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) ListResources(ctx context.Context, r *ListResourcesRequest) (*ListResourcesResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.ListResources(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).ListResources(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.ListResources(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).ListResources(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) CreateResource(ctx context.Context, r *CreateResourceRequest) (*CreateResourceResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.CreateResource(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).CreateResource(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.CreateResource(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).CreateResource(modCtx, r)
+	}
+	return resp, err
+}
+
+func (p *raftProxyControlServer) RemoveResource(ctx context.Context, r *RemoveResourceRequest) (*RemoveResourceResponse, error) {
+
+	conn, err := p.connSelector.LeaderConn(ctx)
+	if err != nil {
+		if err == raftselector.ErrIsLeader {
+			ctx, err = p.runCtxMods(ctx, p.localCtxMods)
+			if err != nil {
+				return nil, err
+			}
+			return p.local.RemoveResource(ctx, r)
+		}
+		return nil, err
+	}
+	modCtx, err := p.runCtxMods(ctx, p.remoteCtxMods)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := NewControlClient(conn).RemoveResource(modCtx, r)
+	if err != nil {
+		if !strings.Contains(err.Error(), "is closing") && !strings.Contains(err.Error(), "the connection is unavailable") && !strings.Contains(err.Error(), "connection error") {
+			return resp, err
+		}
+		conn, err := p.pollNewLeaderConn(ctx)
+		if err != nil {
+			if err == raftselector.ErrIsLeader {
+				return p.local.RemoveResource(ctx, r)
+			}
+			return nil, err
+		}
+		return NewControlClient(conn).RemoveResource(modCtx, r)
+	}
+	return resp, err
+}
+
+func (m *GetNodeRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.NodeID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetNodeResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Node != nil {
+		l = m.Node.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListNodesRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Filters != nil {
+		l = m.Filters.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListNodesRequest_Filters) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Names) > 0 {
+		for _, s := range m.Names {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for _, s := range m.IDPrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k, v := range m.Labels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.Memberships) > 0 {
+		for _, e := range m.Memberships {
+			n += 1 + sovControl(uint64(e))
+		}
+	}
+	if len(m.Roles) > 0 {
+		for _, e := range m.Roles {
+			n += 1 + sovControl(uint64(e))
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for _, s := range m.NamePrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.NodeLabels) > 0 {
+		for k, v := range m.NodeLabels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	return n
+}
+
+func (m *ListNodesResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Nodes) > 0 {
+		for _, e := range m.Nodes {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *UpdateNodeRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.NodeID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.NodeVersion != nil {
+		l = m.NodeVersion.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *UpdateNodeResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Node != nil {
+		l = m.Node.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveNodeRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.NodeID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Force {
+		n += 2
+	}
+	return n
+}
+
+func (m *RemoveNodeResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *GetTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.TaskID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetTaskResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Task != nil {
+		l = m.Task.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveTaskRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.TaskID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveTaskResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *ListTasksRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Filters != nil {
+		l = m.Filters.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListTasksRequest_Filters) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Names) > 0 {
+		for _, s := range m.Names {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for _, s := range m.IDPrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k, v := range m.Labels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.ServiceIDs) > 0 {
+		for _, s := range m.ServiceIDs {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.NodeIDs) > 0 {
+		for _, s := range m.NodeIDs {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.DesiredStates) > 0 {
+		for _, e := range m.DesiredStates {
+			n += 1 + sovControl(uint64(e))
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for _, s := range m.NamePrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if m.UpToDate {
+		n += 2
+	}
+	if len(m.Runtimes) > 0 {
+		for _, s := range m.Runtimes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListTasksResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Tasks) > 0 {
+		for _, e := range m.Tasks {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *CreateServiceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *CreateServiceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Service != nil {
+		l = m.Service.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetServiceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ServiceID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.InsertDefaults {
+		n += 2
+	}
+	return n
+}
+
+func (m *GetServiceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Service != nil {
+		l = m.Service.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *UpdateServiceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ServiceID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.ServiceVersion != nil {
+		l = m.ServiceVersion.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Rollback != 0 {
+		n += 1 + sovControl(uint64(m.Rollback))
+	}
+	return n
+}
+
+func (m *UpdateServiceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Service != nil {
+		l = m.Service.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveServiceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ServiceID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveServiceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *ListServicesRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Filters != nil {
+		l = m.Filters.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListServicesRequest_Filters) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Names) > 0 {
+		for _, s := range m.Names {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for _, s := range m.IDPrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k, v := range m.Labels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for _, s := range m.NamePrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Runtimes) > 0 {
+		for _, s := range m.Runtimes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListServicesResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Services) > 0 {
+		for _, e := range m.Services {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListServiceStatusesRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Services) > 0 {
+		for _, s := range m.Services {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListServiceStatusesResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Statuses) > 0 {
+		for _, e := range m.Statuses {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListServiceStatusesResponse_ServiceStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ServiceID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.DesiredTasks != 0 {
+		n += 1 + sovControl(uint64(m.DesiredTasks))
+	}
+	if m.RunningTasks != 0 {
+		n += 1 + sovControl(uint64(m.RunningTasks))
+	}
+	if m.CompletedTasks != 0 {
+		n += 1 + sovControl(uint64(m.CompletedTasks))
+	}
+	return n
+}
+
+func (m *CreateNetworkRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *CreateNetworkResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Network != nil {
+		l = m.Network.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetNetworkRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	l = len(m.NetworkID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetNetworkResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Network != nil {
+		l = m.Network.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveNetworkRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	l = len(m.NetworkID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveNetworkResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *ListNetworksRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Filters != nil {
+		l = m.Filters.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListNetworksRequest_Filters) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Names) > 0 {
+		for _, s := range m.Names {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for _, s := range m.IDPrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k, v := range m.Labels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for _, s := range m.NamePrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListNetworksResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Networks) > 0 {
+		for _, e := range m.Networks {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *GetClusterRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ClusterID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetClusterResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Cluster != nil {
+		l = m.Cluster.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListClustersRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Filters != nil {
+		l = m.Filters.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListClustersRequest_Filters) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Names) > 0 {
+		for _, s := range m.Names {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for _, s := range m.IDPrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k, v := range m.Labels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for _, s := range m.NamePrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListClustersResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Clusters) > 0 {
+		for _, e := range m.Clusters {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *KeyRotation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.WorkerJoinToken {
+		n += 2
+	}
+	if m.ManagerJoinToken {
+		n += 2
+	}
+	if m.ManagerUnlockKey {
+		n += 2
+	}
+	return n
+}
+
+func (m *UpdateClusterRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ClusterID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.ClusterVersion != nil {
+		l = m.ClusterVersion.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	l = m.Rotation.Size()
+	n += 1 + l + sovControl(uint64(l))
+	return n
+}
+
+func (m *UpdateClusterResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Cluster != nil {
+		l = m.Cluster.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetSecretRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.SecretID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetSecretResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Secret != nil {
+		l = m.Secret.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *UpdateSecretRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.SecretID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.SecretVersion != nil {
+		l = m.SecretVersion.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *UpdateSecretResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Secret != nil {
+		l = m.Secret.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListSecretsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Filters != nil {
+		l = m.Filters.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListSecretsRequest_Filters) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Names) > 0 {
+		for _, s := range m.Names {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for _, s := range m.IDPrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k, v := range m.Labels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for _, s := range m.NamePrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListSecretsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Secrets) > 0 {
+		for _, e := range m.Secrets {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *CreateSecretRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *CreateSecretResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Secret != nil {
+		l = m.Secret.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveSecretRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.SecretID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveSecretResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *GetConfigRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ConfigID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetConfigResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Config != nil {
+		l = m.Config.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *UpdateConfigRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ConfigID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.ConfigVersion != nil {
+		l = m.ConfigVersion.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *UpdateConfigResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Config != nil {
+		l = m.Config.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListConfigsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Filters != nil {
+		l = m.Filters.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListConfigsRequest_Filters) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Names) > 0 {
+		for _, s := range m.Names {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for _, s := range m.IDPrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k, v := range m.Labels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for _, s := range m.NamePrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ListConfigsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Configs) > 0 {
+		for _, e := range m.Configs {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *CreateConfigRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Spec != nil {
+		l = m.Spec.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *CreateConfigResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Config != nil {
+		l = m.Config.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveConfigRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ConfigID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveConfigResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *CreateExtensionRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Annotations != nil {
+		l = m.Annotations.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	l = len(m.Description)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *CreateExtensionResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Extension != nil {
+		l = m.Extension.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveExtensionRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ExtensionID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveExtensionResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *GetExtensionRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ExtensionID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetExtensionResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Extension != nil {
+		l = m.Extension.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *CreateResourceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Annotations != nil {
+		l = m.Annotations.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	l = len(m.Kind)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Payload != nil {
+		l = m.Payload.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *CreateResourceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Resource != nil {
+		l = m.Resource.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveResourceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ResourceID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *RemoveResourceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *UpdateResourceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ResourceID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.ResourceVersion != nil {
+		l = m.ResourceVersion.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Annotations != nil {
+		l = m.Annotations.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if m.Payload != nil {
+		l = m.Payload.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *UpdateResourceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Resource != nil {
+		l = m.Resource.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetResourceRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ResourceID)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *GetResourceResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Resource != nil {
+		l = m.Resource.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListResourcesRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Filters != nil {
+		l = m.Filters.Size()
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListResourcesRequest_Filters) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Names) > 0 {
+		for _, s := range m.Names {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.IDPrefixes) > 0 {
+		for _, s := range m.IDPrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Labels) > 0 {
+		for k, v := range m.Labels {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.NamePrefixes) > 0 {
+		for _, s := range m.NamePrefixes {
+			l = len(s)
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	l = len(m.Kind)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	return n
+}
+
+func (m *ListResourcesResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Resources) > 0 {
+		for _, e := range m.Resources {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	return n
+}
+
+func sovControl(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozControl(x uint64) (n int) {
+	return sovControl(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *GetNodeRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetNodeRequest{`,
+		`NodeID:` + fmt.Sprintf("%v", this.NodeID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetNodeResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetNodeResponse{`,
+		`Node:` + strings.Replace(fmt.Sprintf("%v", this.Node), "Node", "Node", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListNodesRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListNodesRequest{`,
+		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListNodesRequest_Filters", "ListNodesRequest_Filters", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListNodesRequest_Filters) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForLabels := make([]string, 0, len(this.Labels))
+	for k, _ := range this.Labels {
+		keysForLabels = append(keysForLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
+	mapStringForLabels := "map[string]string{"
+	for _, k := range keysForLabels {
+		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	}
+	mapStringForLabels += "}"
+	keysForNodeLabels := make([]string, 0, len(this.NodeLabels))
+	for k, _ := range this.NodeLabels {
+		keysForNodeLabels = append(keysForNodeLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForNodeLabels)
+	mapStringForNodeLabels := "map[string]string{"
+	for _, k := range keysForNodeLabels {
+		mapStringForNodeLabels += fmt.Sprintf("%v: %v,", k, this.NodeLabels[k])
+	}
+	mapStringForNodeLabels += "}"
+	s := strings.Join([]string{`&ListNodesRequest_Filters{`,
+		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
+		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
+		`Labels:` + mapStringForLabels + `,`,
+		`Memberships:` + fmt.Sprintf("%v", this.Memberships) + `,`,
+		`Roles:` + fmt.Sprintf("%v", this.Roles) + `,`,
+		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
+		`NodeLabels:` + mapStringForNodeLabels + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListNodesResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForNodes := "[]*Node{"
+	for _, f := range this.Nodes {
+		repeatedStringForNodes += strings.Replace(fmt.Sprintf("%v", f), "Node", "Node", 1) + ","
+	}
+	repeatedStringForNodes += "}"
+	s := strings.Join([]string{`&ListNodesResponse{`,
+		`Nodes:` + repeatedStringForNodes + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateNodeRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateNodeRequest{`,
+		`NodeID:` + fmt.Sprintf("%v", this.NodeID) + `,`,
+		`NodeVersion:` + strings.Replace(fmt.Sprintf("%v", this.NodeVersion), "Version", "Version", 1) + `,`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "NodeSpec", "NodeSpec", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateNodeResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateNodeResponse{`,
+		`Node:` + strings.Replace(fmt.Sprintf("%v", this.Node), "Node", "Node", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveNodeRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveNodeRequest{`,
+		`NodeID:` + fmt.Sprintf("%v", this.NodeID) + `,`,
+		`Force:` + fmt.Sprintf("%v", this.Force) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveNodeResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveNodeResponse{`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetTaskRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetTaskRequest{`,
+		`TaskID:` + fmt.Sprintf("%v", this.TaskID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetTaskResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetTaskResponse{`,
+		`Task:` + strings.Replace(fmt.Sprintf("%v", this.Task), "Task", "Task", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveTaskRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveTaskRequest{`,
+		`TaskID:` + fmt.Sprintf("%v", this.TaskID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveTaskResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveTaskResponse{`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListTasksRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListTasksRequest{`,
+		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListTasksRequest_Filters", "ListTasksRequest_Filters", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListTasksRequest_Filters) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForLabels := make([]string, 0, len(this.Labels))
+	for k, _ := range this.Labels {
+		keysForLabels = append(keysForLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
+	mapStringForLabels := "map[string]string{"
+	for _, k := range keysForLabels {
+		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	}
+	mapStringForLabels += "}"
+	s := strings.Join([]string{`&ListTasksRequest_Filters{`,
+		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
+		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
+		`Labels:` + mapStringForLabels + `,`,
+		`ServiceIDs:` + fmt.Sprintf("%v", this.ServiceIDs) + `,`,
+		`NodeIDs:` + fmt.Sprintf("%v", this.NodeIDs) + `,`,
+		`DesiredStates:` + fmt.Sprintf("%v", this.DesiredStates) + `,`,
+		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
+		`UpToDate:` + fmt.Sprintf("%v", this.UpToDate) + `,`,
+		`Runtimes:` + fmt.Sprintf("%v", this.Runtimes) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListTasksResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForTasks := "[]*Task{"
+	for _, f := range this.Tasks {
+		repeatedStringForTasks += strings.Replace(fmt.Sprintf("%v", f), "Task", "Task", 1) + ","
+	}
+	repeatedStringForTasks += "}"
+	s := strings.Join([]string{`&ListTasksResponse{`,
+		`Tasks:` + repeatedStringForTasks + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateServiceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateServiceRequest{`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ServiceSpec", "ServiceSpec", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateServiceResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateServiceResponse{`,
+		`Service:` + strings.Replace(fmt.Sprintf("%v", this.Service), "Service", "Service", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetServiceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetServiceRequest{`,
+		`ServiceID:` + fmt.Sprintf("%v", this.ServiceID) + `,`,
+		`InsertDefaults:` + fmt.Sprintf("%v", this.InsertDefaults) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetServiceResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetServiceResponse{`,
+		`Service:` + strings.Replace(fmt.Sprintf("%v", this.Service), "Service", "Service", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateServiceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateServiceRequest{`,
+		`ServiceID:` + fmt.Sprintf("%v", this.ServiceID) + `,`,
+		`ServiceVersion:` + strings.Replace(fmt.Sprintf("%v", this.ServiceVersion), "Version", "Version", 1) + `,`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ServiceSpec", "ServiceSpec", 1) + `,`,
+		`Rollback:` + fmt.Sprintf("%v", this.Rollback) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateServiceResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateServiceResponse{`,
+		`Service:` + strings.Replace(fmt.Sprintf("%v", this.Service), "Service", "Service", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveServiceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveServiceRequest{`,
+		`ServiceID:` + fmt.Sprintf("%v", this.ServiceID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveServiceResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveServiceResponse{`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListServicesRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListServicesRequest{`,
+		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListServicesRequest_Filters", "ListServicesRequest_Filters", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListServicesRequest_Filters) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForLabels := make([]string, 0, len(this.Labels))
+	for k, _ := range this.Labels {
+		keysForLabels = append(keysForLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
+	mapStringForLabels := "map[string]string{"
+	for _, k := range keysForLabels {
+		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	}
+	mapStringForLabels += "}"
+	s := strings.Join([]string{`&ListServicesRequest_Filters{`,
+		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
+		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
+		`Labels:` + mapStringForLabels + `,`,
+		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
+		`Runtimes:` + fmt.Sprintf("%v", this.Runtimes) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListServicesResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForServices := "[]*Service{"
+	for _, f := range this.Services {
+		repeatedStringForServices += strings.Replace(fmt.Sprintf("%v", f), "Service", "Service", 1) + ","
+	}
+	repeatedStringForServices += "}"
+	s := strings.Join([]string{`&ListServicesResponse{`,
+		`Services:` + repeatedStringForServices + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListServiceStatusesRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListServiceStatusesRequest{`,
+		`Services:` + fmt.Sprintf("%v", this.Services) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListServiceStatusesResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForStatuses := "[]*ListServiceStatusesResponse_ServiceStatus{"
+	for _, f := range this.Statuses {
+		repeatedStringForStatuses += strings.Replace(fmt.Sprintf("%v", f), "ListServiceStatusesResponse_ServiceStatus", "ListServiceStatusesResponse_ServiceStatus", 1) + ","
+	}
+	repeatedStringForStatuses += "}"
+	s := strings.Join([]string{`&ListServiceStatusesResponse{`,
+		`Statuses:` + repeatedStringForStatuses + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListServiceStatusesResponse_ServiceStatus) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListServiceStatusesResponse_ServiceStatus{`,
+		`ServiceID:` + fmt.Sprintf("%v", this.ServiceID) + `,`,
+		`DesiredTasks:` + fmt.Sprintf("%v", this.DesiredTasks) + `,`,
+		`RunningTasks:` + fmt.Sprintf("%v", this.RunningTasks) + `,`,
+		`CompletedTasks:` + fmt.Sprintf("%v", this.CompletedTasks) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateNetworkRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateNetworkRequest{`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "NetworkSpec", "NetworkSpec", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateNetworkResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateNetworkResponse{`,
+		`Network:` + strings.Replace(fmt.Sprintf("%v", this.Network), "Network", "Network", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetNetworkRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetNetworkRequest{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`NetworkID:` + fmt.Sprintf("%v", this.NetworkID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetNetworkResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetNetworkResponse{`,
+		`Network:` + strings.Replace(fmt.Sprintf("%v", this.Network), "Network", "Network", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveNetworkRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveNetworkRequest{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`NetworkID:` + fmt.Sprintf("%v", this.NetworkID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveNetworkResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveNetworkResponse{`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListNetworksRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListNetworksRequest{`,
+		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListNetworksRequest_Filters", "ListNetworksRequest_Filters", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListNetworksRequest_Filters) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForLabels := make([]string, 0, len(this.Labels))
+	for k, _ := range this.Labels {
+		keysForLabels = append(keysForLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
+	mapStringForLabels := "map[string]string{"
+	for _, k := range keysForLabels {
+		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	}
+	mapStringForLabels += "}"
+	s := strings.Join([]string{`&ListNetworksRequest_Filters{`,
+		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
+		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
+		`Labels:` + mapStringForLabels + `,`,
+		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListNetworksResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForNetworks := "[]*Network{"
+	for _, f := range this.Networks {
+		repeatedStringForNetworks += strings.Replace(fmt.Sprintf("%v", f), "Network", "Network", 1) + ","
+	}
+	repeatedStringForNetworks += "}"
+	s := strings.Join([]string{`&ListNetworksResponse{`,
+		`Networks:` + repeatedStringForNetworks + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetClusterRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetClusterRequest{`,
+		`ClusterID:` + fmt.Sprintf("%v", this.ClusterID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetClusterResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetClusterResponse{`,
+		`Cluster:` + strings.Replace(fmt.Sprintf("%v", this.Cluster), "Cluster", "Cluster", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListClustersRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListClustersRequest{`,
+		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListClustersRequest_Filters", "ListClustersRequest_Filters", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListClustersRequest_Filters) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForLabels := make([]string, 0, len(this.Labels))
+	for k, _ := range this.Labels {
+		keysForLabels = append(keysForLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
+	mapStringForLabels := "map[string]string{"
+	for _, k := range keysForLabels {
+		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	}
+	mapStringForLabels += "}"
+	s := strings.Join([]string{`&ListClustersRequest_Filters{`,
+		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
+		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
+		`Labels:` + mapStringForLabels + `,`,
+		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListClustersResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForClusters := "[]*Cluster{"
+	for _, f := range this.Clusters {
+		repeatedStringForClusters += strings.Replace(fmt.Sprintf("%v", f), "Cluster", "Cluster", 1) + ","
+	}
+	repeatedStringForClusters += "}"
+	s := strings.Join([]string{`&ListClustersResponse{`,
+		`Clusters:` + repeatedStringForClusters + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *KeyRotation) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&KeyRotation{`,
+		`WorkerJoinToken:` + fmt.Sprintf("%v", this.WorkerJoinToken) + `,`,
+		`ManagerJoinToken:` + fmt.Sprintf("%v", this.ManagerJoinToken) + `,`,
+		`ManagerUnlockKey:` + fmt.Sprintf("%v", this.ManagerUnlockKey) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateClusterRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateClusterRequest{`,
+		`ClusterID:` + fmt.Sprintf("%v", this.ClusterID) + `,`,
+		`ClusterVersion:` + strings.Replace(fmt.Sprintf("%v", this.ClusterVersion), "Version", "Version", 1) + `,`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ClusterSpec", "ClusterSpec", 1) + `,`,
+		`Rotation:` + strings.Replace(strings.Replace(this.Rotation.String(), "KeyRotation", "KeyRotation", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateClusterResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateClusterResponse{`,
+		`Cluster:` + strings.Replace(fmt.Sprintf("%v", this.Cluster), "Cluster", "Cluster", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetSecretRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetSecretRequest{`,
+		`SecretID:` + fmt.Sprintf("%v", this.SecretID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetSecretResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetSecretResponse{`,
+		`Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "Secret", "Secret", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateSecretRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateSecretRequest{`,
+		`SecretID:` + fmt.Sprintf("%v", this.SecretID) + `,`,
+		`SecretVersion:` + strings.Replace(fmt.Sprintf("%v", this.SecretVersion), "Version", "Version", 1) + `,`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "SecretSpec", "SecretSpec", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateSecretResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateSecretResponse{`,
+		`Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "Secret", "Secret", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListSecretsRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListSecretsRequest{`,
+		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListSecretsRequest_Filters", "ListSecretsRequest_Filters", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListSecretsRequest_Filters) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForLabels := make([]string, 0, len(this.Labels))
+	for k, _ := range this.Labels {
+		keysForLabels = append(keysForLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
+	mapStringForLabels := "map[string]string{"
+	for _, k := range keysForLabels {
+		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	}
+	mapStringForLabels += "}"
+	s := strings.Join([]string{`&ListSecretsRequest_Filters{`,
+		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
+		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
+		`Labels:` + mapStringForLabels + `,`,
+		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListSecretsResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForSecrets := "[]*Secret{"
+	for _, f := range this.Secrets {
+		repeatedStringForSecrets += strings.Replace(fmt.Sprintf("%v", f), "Secret", "Secret", 1) + ","
+	}
+	repeatedStringForSecrets += "}"
+	s := strings.Join([]string{`&ListSecretsResponse{`,
+		`Secrets:` + repeatedStringForSecrets + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateSecretRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateSecretRequest{`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "SecretSpec", "SecretSpec", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateSecretResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateSecretResponse{`,
+		`Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "Secret", "Secret", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveSecretRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveSecretRequest{`,
+		`SecretID:` + fmt.Sprintf("%v", this.SecretID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveSecretResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveSecretResponse{`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetConfigRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetConfigRequest{`,
+		`ConfigID:` + fmt.Sprintf("%v", this.ConfigID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetConfigResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetConfigResponse{`,
+		`Config:` + strings.Replace(fmt.Sprintf("%v", this.Config), "Config", "Config", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateConfigRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateConfigRequest{`,
+		`ConfigID:` + fmt.Sprintf("%v", this.ConfigID) + `,`,
+		`ConfigVersion:` + strings.Replace(fmt.Sprintf("%v", this.ConfigVersion), "Version", "Version", 1) + `,`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ConfigSpec", "ConfigSpec", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateConfigResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateConfigResponse{`,
+		`Config:` + strings.Replace(fmt.Sprintf("%v", this.Config), "Config", "Config", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListConfigsRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListConfigsRequest{`,
+		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListConfigsRequest_Filters", "ListConfigsRequest_Filters", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListConfigsRequest_Filters) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForLabels := make([]string, 0, len(this.Labels))
+	for k, _ := range this.Labels {
+		keysForLabels = append(keysForLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
+	mapStringForLabels := "map[string]string{"
+	for _, k := range keysForLabels {
+		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	}
+	mapStringForLabels += "}"
+	s := strings.Join([]string{`&ListConfigsRequest_Filters{`,
+		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
+		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
+		`Labels:` + mapStringForLabels + `,`,
+		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListConfigsResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForConfigs := "[]*Config{"
+	for _, f := range this.Configs {
+		repeatedStringForConfigs += strings.Replace(fmt.Sprintf("%v", f), "Config", "Config", 1) + ","
+	}
+	repeatedStringForConfigs += "}"
+	s := strings.Join([]string{`&ListConfigsResponse{`,
+		`Configs:` + repeatedStringForConfigs + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateConfigRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateConfigRequest{`,
+		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "ConfigSpec", "ConfigSpec", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateConfigResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateConfigResponse{`,
+		`Config:` + strings.Replace(fmt.Sprintf("%v", this.Config), "Config", "Config", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveConfigRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveConfigRequest{`,
+		`ConfigID:` + fmt.Sprintf("%v", this.ConfigID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveConfigResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveConfigResponse{`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateExtensionRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateExtensionRequest{`,
+		`Annotations:` + strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1) + `,`,
+		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateExtensionResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateExtensionResponse{`,
+		`Extension:` + strings.Replace(fmt.Sprintf("%v", this.Extension), "Extension", "Extension", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveExtensionRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveExtensionRequest{`,
+		`ExtensionID:` + fmt.Sprintf("%v", this.ExtensionID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveExtensionResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveExtensionResponse{`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetExtensionRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetExtensionRequest{`,
+		`ExtensionID:` + fmt.Sprintf("%v", this.ExtensionID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetExtensionResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetExtensionResponse{`,
+		`Extension:` + strings.Replace(fmt.Sprintf("%v", this.Extension), "Extension", "Extension", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateResourceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateResourceRequest{`,
+		`Annotations:` + strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1) + `,`,
+		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
+		`Payload:` + strings.Replace(fmt.Sprintf("%v", this.Payload), "Any", "types.Any", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *CreateResourceResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&CreateResourceResponse{`,
+		`Resource:` + strings.Replace(fmt.Sprintf("%v", this.Resource), "Resource", "Resource", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveResourceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveResourceRequest{`,
+		`ResourceID:` + fmt.Sprintf("%v", this.ResourceID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RemoveResourceResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RemoveResourceResponse{`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateResourceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateResourceRequest{`,
+		`ResourceID:` + fmt.Sprintf("%v", this.ResourceID) + `,`,
+		`ResourceVersion:` + strings.Replace(fmt.Sprintf("%v", this.ResourceVersion), "Version", "Version", 1) + `,`,
+		`Annotations:` + strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1) + `,`,
+		`Payload:` + strings.Replace(fmt.Sprintf("%v", this.Payload), "Any", "types.Any", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *UpdateResourceResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&UpdateResourceResponse{`,
+		`Resource:` + strings.Replace(fmt.Sprintf("%v", this.Resource), "Resource", "Resource", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetResourceRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetResourceRequest{`,
+		`ResourceID:` + fmt.Sprintf("%v", this.ResourceID) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetResourceResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetResourceResponse{`,
+		`Resource:` + strings.Replace(fmt.Sprintf("%v", this.Resource), "Resource", "Resource", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListResourcesRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ListResourcesRequest{`,
+		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "ListResourcesRequest_Filters", "ListResourcesRequest_Filters", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListResourcesRequest_Filters) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForLabels := make([]string, 0, len(this.Labels))
+	for k, _ := range this.Labels {
+		keysForLabels = append(keysForLabels, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
+	mapStringForLabels := "map[string]string{"
+	for _, k := range keysForLabels {
+		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
+	}
+	mapStringForLabels += "}"
+	s := strings.Join([]string{`&ListResourcesRequest_Filters{`,
+		`Names:` + fmt.Sprintf("%v", this.Names) + `,`,
+		`IDPrefixes:` + fmt.Sprintf("%v", this.IDPrefixes) + `,`,
+		`Labels:` + mapStringForLabels + `,`,
+		`NamePrefixes:` + fmt.Sprintf("%v", this.NamePrefixes) + `,`,
+		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ListResourcesResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForResources := "[]*Resource{"
+	for _, f := range this.Resources {
+		repeatedStringForResources += strings.Replace(fmt.Sprintf("%v", f), "Resource", "Resource", 1) + ","
+	}
+	repeatedStringForResources += "}"
+	s := strings.Join([]string{`&ListResourcesResponse{`,
+		`Resources:` + repeatedStringForResources + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringControl(v interface{}) string {
+	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
 		return "nil"
 	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("*%v", pv)
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *GetNodeRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetNodeRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetNodeRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NodeID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NodeID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetNodeResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetNodeResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetNodeResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Node == nil {
+				m.Node = &Node{}
+			}
+			if err := m.Node.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListNodesRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListNodesRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListNodesRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Filters == nil {
+				m.Filters = &ListNodesRequest_Filters{}
+			}
+			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Filters: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Filters: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Names", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Names = append(m.Names, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IDPrefixes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IDPrefixes = append(m.IDPrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Labels == nil {
+				m.Labels = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipControl(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthControl
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Labels[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 4:
+			if wireType == 0 {
+				var v NodeSpec_Membership
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					v |= NodeSpec_Membership(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				m.Memberships = append(m.Memberships, v)
+			} else if wireType == 2 {
+				var packedLen int
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					packedLen |= int(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				if packedLen < 0 {
+					return ErrInvalidLengthControl
+				}
+				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthControl
+				}
+				if postIndex > l {
+					return io.ErrUnexpectedEOF
+				}
+				var elementCount int
+				if elementCount != 0 && len(m.Memberships) == 0 {
+					m.Memberships = make([]NodeSpec_Membership, 0, elementCount)
+				}
+				for iNdEx < postIndex {
+					var v NodeSpec_Membership
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						v |= NodeSpec_Membership(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					m.Memberships = append(m.Memberships, v)
+				}
+			} else {
+				return fmt.Errorf("proto: wrong wireType = %d for field Memberships", wireType)
+			}
+		case 5:
+			if wireType == 0 {
+				var v NodeRole
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					v |= NodeRole(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				m.Roles = append(m.Roles, v)
+			} else if wireType == 2 {
+				var packedLen int
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					packedLen |= int(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				if packedLen < 0 {
+					return ErrInvalidLengthControl
+				}
+				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthControl
+				}
+				if postIndex > l {
+					return io.ErrUnexpectedEOF
+				}
+				var elementCount int
+				if elementCount != 0 && len(m.Roles) == 0 {
+					m.Roles = make([]NodeRole, 0, elementCount)
+				}
+				for iNdEx < postIndex {
+					var v NodeRole
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						v |= NodeRole(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					m.Roles = append(m.Roles, v)
+				}
+			} else {
+				return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType)
+			}
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NodeLabels", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.NodeLabels == nil {
+				m.NodeLabels = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipControl(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthControl
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.NodeLabels[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListNodesResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListNodesResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListNodesResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Nodes", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Nodes = append(m.Nodes, &Node{})
+			if err := m.Nodes[len(m.Nodes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: UpdateNodeRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: UpdateNodeRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NodeID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NodeID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NodeVersion", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.NodeVersion == nil {
+				m.NodeVersion = &Version{}
+			}
+			if err := m.NodeVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Spec == nil {
+				m.Spec = &NodeSpec{}
+			}
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *UpdateNodeResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: UpdateNodeResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: UpdateNodeResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Node == nil {
+				m.Node = &Node{}
+			}
+			if err := m.Node.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RemoveNodeRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RemoveNodeRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RemoveNodeRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NodeID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NodeID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Force", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Force = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RemoveNodeResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RemoveNodeResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RemoveNodeResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetTaskRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetTaskRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetTaskRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TaskID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.TaskID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetTaskResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetTaskResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetTaskResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Task", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Task == nil {
+				m.Task = &Task{}
+			}
+			if err := m.Task.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RemoveTaskRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RemoveTaskRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RemoveTaskRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TaskID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.TaskID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RemoveTaskResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RemoveTaskResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RemoveTaskResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListTasksRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListTasksRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Filters == nil {
+				m.Filters = &ListTasksRequest_Filters{}
+			}
+			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Filters: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Filters: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Names", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Names = append(m.Names, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IDPrefixes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IDPrefixes = append(m.IDPrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Labels == nil {
+				m.Labels = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipControl(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthControl
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Labels[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ServiceIDs", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ServiceIDs = append(m.ServiceIDs, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NodeIDs", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NodeIDs = append(m.NodeIDs, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 6:
+			if wireType == 0 {
+				var v TaskState
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					v |= TaskState(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				m.DesiredStates = append(m.DesiredStates, v)
+			} else if wireType == 2 {
+				var packedLen int
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					packedLen |= int(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				if packedLen < 0 {
+					return ErrInvalidLengthControl
+				}
+				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthControl
+				}
+				if postIndex > l {
+					return io.ErrUnexpectedEOF
+				}
+				var elementCount int
+				if elementCount != 0 && len(m.DesiredStates) == 0 {
+					m.DesiredStates = make([]TaskState, 0, elementCount)
+				}
+				for iNdEx < postIndex {
+					var v TaskState
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						v |= TaskState(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					m.DesiredStates = append(m.DesiredStates, v)
+				}
+			} else {
+				return fmt.Errorf("proto: wrong wireType = %d for field DesiredStates", wireType)
+			}
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UpToDate", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.UpToDate = bool(v != 0)
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Runtimes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Runtimes = append(m.Runtimes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListTasksResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListTasksResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Tasks", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Tasks = append(m.Tasks, &Task{})
+			if err := m.Tasks[len(m.Tasks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CreateServiceRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CreateServiceRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CreateServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Spec == nil {
+				m.Spec = &ServiceSpec{}
+			}
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CreateServiceResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CreateServiceResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CreateServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Service == nil {
+				m.Service = &Service{}
+			}
+			if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetServiceRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetServiceRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ServiceID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ServiceID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field InsertDefaults", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.InsertDefaults = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetServiceResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetServiceResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Service == nil {
+				m.Service = &Service{}
+			}
+			if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: UpdateServiceRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: UpdateServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ServiceID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ServiceID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ServiceVersion", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ServiceVersion == nil {
+				m.ServiceVersion = &Version{}
+			}
+			if err := m.ServiceVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Spec == nil {
+				m.Spec = &ServiceSpec{}
+			}
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rollback", wireType)
+			}
+			m.Rollback = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Rollback |= UpdateServiceRequest_Rollback(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
 }
-func (m *GetNodeRequest) Unmarshal(dAtA []byte) error {
+func (m *UpdateServiceResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -8680,7 +17364,7 @@ func (m *GetNodeRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8688,17 +17372,17 @@ func (m *GetNodeRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetNodeRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: UpdateServiceResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetNodeRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: UpdateServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NodeID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -8708,20 +17392,27 @@ func (m *GetNodeRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NodeID = string(dAtA[iNdEx:postIndex])
+			if m.Service == nil {
+				m.Service = &Service{}
+			}
+			if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -8729,7 +17420,7 @@ func (m *GetNodeRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -8744,7 +17435,7 @@ func (m *GetNodeRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetNodeResponse) Unmarshal(dAtA []byte) error {
+func (m *RemoveServiceRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -8759,7 +17450,7 @@ func (m *GetNodeResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8767,17 +17458,17 @@ func (m *GetNodeResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetNodeResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveServiceRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetNodeResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ServiceID", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -8787,32 +17478,81 @@ func (m *GetNodeResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Node == nil {
-				m.Node = &Node{}
-			}
-			if err := m.Node.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.ServiceID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
 				return err
 			}
-			iNdEx = postIndex
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RemoveServiceResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RemoveServiceResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RemoveServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -8827,7 +17567,7 @@ func (m *GetNodeResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListNodesRequest) Unmarshal(dAtA []byte) error {
+func (m *ListServicesRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -8842,7 +17582,7 @@ func (m *ListNodesRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8850,10 +17590,10 @@ func (m *ListNodesRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListNodesRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListServicesRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListNodesRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListServicesRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -8870,7 +17610,7 @@ func (m *ListNodesRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8879,11 +17619,14 @@ func (m *ListNodesRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Filters == nil {
-				m.Filters = &ListNodesRequest_Filters{}
+				m.Filters = &ListServicesRequest_Filters{}
 			}
 			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -8895,7 +17638,7 @@ func (m *ListNodesRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -8910,7 +17653,7 @@ func (m *ListNodesRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
+func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -8925,7 +17668,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8953,7 +17696,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8963,6 +17706,9 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8982,7 +17728,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8992,6 +17738,9 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9011,7 +17760,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9020,6 +17769,9 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9040,7 +17792,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -9057,7 +17809,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -9067,6 +17819,9 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -9083,7 +17838,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -9093,6 +17848,9 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -9104,7 +17862,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthControl
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -9116,132 +17874,40 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 			m.Labels[mapkey] = mapvalue
 			iNdEx = postIndex
 		case 4:
-			if wireType == 0 {
-				var v NodeSpec_Membership
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					v |= (NodeSpec_Membership(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				m.Memberships = append(m.Memberships, v)
-			} else if wireType == 2 {
-				var packedLen int
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				if packedLen < 0 {
-					return ErrInvalidLengthControl
-				}
-				postIndex := iNdEx + packedLen
-				if postIndex > l {
-					return io.ErrUnexpectedEOF
-				}
-				for iNdEx < postIndex {
-					var v NodeSpec_Membership
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						v |= (NodeSpec_Membership(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					m.Memberships = append(m.Memberships, v)
-				}
-			} else {
-				return fmt.Errorf("proto: wrong wireType = %d for field Memberships", wireType)
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
 			}
-		case 5:
-			if wireType == 0 {
-				var v NodeRole
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					v |= (NodeRole(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				m.Roles = append(m.Roles, v)
-			} else if wireType == 2 {
-				var packedLen int
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				if packedLen < 0 {
-					return ErrInvalidLengthControl
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
 				}
-				postIndex := iNdEx + packedLen
-				if postIndex > l {
+				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
-				for iNdEx < postIndex {
-					var v NodeRole
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						v |= (NodeRole(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					m.Roles = append(m.Roles, v)
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
 				}
-			} else {
-				return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType)
 			}
-		case 6:
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 5:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Runtimes", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -9253,7 +17919,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9263,14 +17929,67 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			m.Runtimes = append(m.Runtimes, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
-		case 7:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListServicesResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListServicesResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListServicesResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NodeLabels", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Services", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -9282,7 +18001,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9291,100 +18010,98 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.NodeLabels == nil {
-				m.NodeLabels = make(map[string]string)
+			m.Services = append(m.Services, &Service{})
+			if err := m.Services[len(m.Services)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListServiceStatusesRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListServiceStatusesRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListServiceStatusesRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Services", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
 				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthControl
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthControl
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipControl(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthControl
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
 				}
 			}
-			m.NodeLabels[mapkey] = mapvalue
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Services = append(m.Services, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -9392,7 +18109,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -9407,7 +18124,7 @@ func (m *ListNodesRequest_Filters) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListNodesResponse) Unmarshal(dAtA []byte) error {
+func (m *ListServiceStatusesResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -9422,7 +18139,7 @@ func (m *ListNodesResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9430,15 +18147,15 @@ func (m *ListNodesResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListNodesResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListServiceStatusesResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListNodesResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListServiceStatusesResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Nodes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Statuses", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -9450,7 +18167,7 @@ func (m *ListNodesResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9459,11 +18176,14 @@ func (m *ListNodesResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Nodes = append(m.Nodes, &Node{})
-			if err := m.Nodes[len(m.Nodes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Statuses = append(m.Statuses, &ListServiceStatusesResponse_ServiceStatus{})
+			if err := m.Statuses[len(m.Statuses)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -9473,7 +18193,7 @@ func (m *ListNodesResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -9488,7 +18208,7 @@ func (m *ListNodesResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
+func (m *ListServiceStatusesResponse_ServiceStatus) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -9503,7 +18223,7 @@ func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9511,15 +18231,15 @@ func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateNodeRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ServiceStatus: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateNodeRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ServiceStatus: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NodeID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ServiceID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -9531,7 +18251,7 @@ func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9541,16 +18261,38 @@ func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NodeID = string(dAtA[iNdEx:postIndex])
+			m.ServiceID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NodeVersion", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field DesiredTasks", wireType)
+			}
+			m.DesiredTasks = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.DesiredTasks |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RunningTasks", wireType)
 			}
-			var msglen int
+			m.RunningTasks = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -9560,30 +18302,16 @@ func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.RunningTasks |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.NodeVersion == nil {
-				m.NodeVersion = &Version{}
-			}
-			if err := m.NodeVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CompletedTasks", wireType)
 			}
-			var msglen int
+			m.CompletedTasks = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -9593,32 +18321,18 @@ func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.CompletedTasks |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Spec == nil {
-				m.Spec = &NodeSpec{}
-			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -9633,7 +18347,7 @@ func (m *UpdateNodeRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateNodeResponse) Unmarshal(dAtA []byte) error {
+func (m *CreateNetworkRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -9648,7 +18362,7 @@ func (m *UpdateNodeResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9656,15 +18370,15 @@ func (m *UpdateNodeResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateNodeResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateNetworkRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateNodeResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateNetworkRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -9676,7 +18390,7 @@ func (m *UpdateNodeResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9685,13 +18399,16 @@ func (m *UpdateNodeResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Node == nil {
-				m.Node = &Node{}
+			if m.Spec == nil {
+				m.Spec = &NetworkSpec{}
 			}
-			if err := m.Node.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -9701,7 +18418,7 @@ func (m *UpdateNodeResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -9716,7 +18433,7 @@ func (m *UpdateNodeResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RemoveNodeRequest) Unmarshal(dAtA []byte) error {
+func (m *CreateNetworkResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -9731,7 +18448,7 @@ func (m *RemoveNodeRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9739,17 +18456,17 @@ func (m *RemoveNodeRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveNodeRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateNetworkResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveNodeRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateNetworkResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NodeID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -9759,48 +18476,35 @@ func (m *RemoveNodeRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NodeID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Force", wireType)
+			if m.Network == nil {
+				m.Network = &Network{}
 			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			if err := m.Network.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Force = bool(v != 0)
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -9815,7 +18519,7 @@ func (m *RemoveNodeRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RemoveNodeResponse) Unmarshal(dAtA []byte) error {
+func (m *GetNetworkRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -9830,7 +18534,7 @@ func (m *RemoveNodeResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9838,65 +18542,47 @@ func (m *RemoveNodeResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveNodeResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetNetworkRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveNodeResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetNetworkRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
 			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
 			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *GetTaskRequest) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
 			}
-			if iNdEx >= l {
+			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: GetTaskRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetTaskRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TaskID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field NetworkID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -9908,7 +18594,7 @@ func (m *GetTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9918,10 +18604,13 @@ func (m *GetTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.TaskID = string(dAtA[iNdEx:postIndex])
+			m.NetworkID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -9929,7 +18618,7 @@ func (m *GetTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -9944,7 +18633,7 @@ func (m *GetTaskRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetTaskResponse) Unmarshal(dAtA []byte) error {
+func (m *GetNetworkResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -9959,7 +18648,7 @@ func (m *GetTaskResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9967,15 +18656,15 @@ func (m *GetTaskResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetTaskResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetNetworkResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetTaskResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetNetworkResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Task", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -9987,7 +18676,7 @@ func (m *GetTaskResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9996,13 +18685,16 @@ func (m *GetTaskResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Task == nil {
-				m.Task = &Task{}
+			if m.Network == nil {
+				m.Network = &Network{}
 			}
-			if err := m.Task.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Network.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -10012,7 +18704,7 @@ func (m *GetTaskResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -10027,7 +18719,7 @@ func (m *GetTaskResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RemoveTaskRequest) Unmarshal(dAtA []byte) error {
+func (m *RemoveNetworkRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -10042,7 +18734,7 @@ func (m *RemoveTaskRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10050,15 +18742,15 @@ func (m *RemoveTaskRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveTaskRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveNetworkRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveTaskRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveNetworkRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TaskID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -10070,7 +18762,7 @@ func (m *RemoveTaskRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10080,10 +18772,45 @@ func (m *RemoveTaskRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.TaskID = string(dAtA[iNdEx:postIndex])
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NetworkID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NetworkID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -10091,7 +18818,7 @@ func (m *RemoveTaskRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -10106,7 +18833,7 @@ func (m *RemoveTaskRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RemoveTaskResponse) Unmarshal(dAtA []byte) error {
+func (m *RemoveNetworkResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -10121,7 +18848,7 @@ func (m *RemoveTaskResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10129,10 +18856,10 @@ func (m *RemoveTaskResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveTaskResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveNetworkResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveTaskResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveNetworkResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		default:
@@ -10141,7 +18868,7 @@ func (m *RemoveTaskResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -10156,7 +18883,7 @@ func (m *RemoveTaskResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
+func (m *ListNetworksRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -10171,7 +18898,7 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10179,10 +18906,10 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListTasksRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListNetworksRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListTasksRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListNetworksRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -10199,7 +18926,7 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10208,11 +18935,14 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Filters == nil {
-				m.Filters = &ListTasksRequest_Filters{}
+				m.Filters = &ListNetworksRequest_Filters{}
 			}
 			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -10224,7 +18954,7 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -10239,7 +18969,7 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
+func (m *ListNetworksRequest_Filters) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -10254,7 +18984,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10282,7 +19012,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10292,6 +19022,9 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10311,7 +19044,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10321,6 +19054,9 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10340,7 +19076,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10349,6 +19085,9 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10369,7 +19108,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -10386,7 +19125,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -10396,6 +19135,9 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -10412,7 +19154,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -10422,6 +19164,9 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -10433,7 +19178,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthControl
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -10446,7 +19191,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 			iNdEx = postIndex
 		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ServiceIDs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -10458,7 +19203,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10468,16 +19213,69 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ServiceIDs = append(m.ServiceIDs, string(dAtA[iNdEx:postIndex]))
+			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
-		case 5:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListNetworksResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListNetworksResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListNetworksResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NodeIDs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Networks", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -10487,88 +19285,163 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NodeIDs = append(m.NodeIDs, string(dAtA[iNdEx:postIndex]))
+			m.Networks = append(m.Networks, &Network{})
+			if err := m.Networks[len(m.Networks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 6:
-			if wireType == 0 {
-				var v TaskState
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					v |= (TaskState(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				m.DesiredStates = append(m.DesiredStates, v)
-			} else if wireType == 2 {
-				var packedLen int
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				if packedLen < 0 {
-					return ErrInvalidLengthControl
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetClusterRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetClusterRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetClusterRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ClusterID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
 				}
-				postIndex := iNdEx + packedLen
-				if postIndex > l {
+				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
-				for iNdEx < postIndex {
-					var v TaskState
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						v |= (TaskState(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					m.DesiredStates = append(m.DesiredStates, v)
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
 				}
-			} else {
-				return fmt.Errorf("proto: wrong wireType = %d for field DesiredStates", wireType)
 			}
-		case 7:
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ClusterID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetClusterResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetClusterResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetClusterResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Cluster", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -10578,46 +19451,83 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			if m.Cluster == nil {
+				m.Cluster = &Cluster{}
+			}
+			if err := m.Cluster.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 8:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field UpToDate", wireType)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
 			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
 			}
-			m.UpToDate = bool(v != 0)
-		case 9:
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ListClustersRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ListClustersRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ListClustersRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Runtimes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -10627,20 +19537,27 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Runtimes = append(m.Runtimes, string(dAtA[iNdEx:postIndex]))
+			if m.Filters == nil {
+				m.Filters = &ListClustersRequest_Filters{}
+			}
+			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -10648,7 +19565,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -10663,7 +19580,7 @@ func (m *ListTasksRequest_Filters) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
+func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -10678,7 +19595,7 @@ func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10686,15 +19603,79 @@ func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListTasksResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: Filters: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListTasksResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Filters: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Tasks", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Names", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Names = append(m.Names, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IDPrefixes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IDPrefixes = append(m.IDPrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -10706,78 +19687,124 @@ func (m *ListTasksResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Tasks = append(m.Tasks, &Task{})
-			if err := m.Tasks[len(m.Tasks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Labels == nil {
+				m.Labels = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipControl(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthControl
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Labels[mapkey] = mapvalue
 			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *CreateServiceRequest) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: CreateServiceRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -10787,24 +19814,23 @@ func (m *CreateServiceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Spec == nil {
-				m.Spec = &ServiceSpec{}
-			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -10812,7 +19838,7 @@ func (m *CreateServiceRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -10827,7 +19853,7 @@ func (m *CreateServiceRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CreateServiceResponse) Unmarshal(dAtA []byte) error {
+func (m *ListClustersResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -10842,7 +19868,7 @@ func (m *CreateServiceResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10850,15 +19876,15 @@ func (m *CreateServiceResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CreateServiceResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListClustersResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListClustersResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Clusters", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -10870,7 +19896,7 @@ func (m *CreateServiceResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10879,13 +19905,14 @@ func (m *CreateServiceResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Service == nil {
-				m.Service = &Service{}
-			}
-			if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Clusters = append(m.Clusters, &Cluster{})
+			if err := m.Clusters[len(m.Clusters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -10895,7 +19922,7 @@ func (m *CreateServiceResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -10910,7 +19937,7 @@ func (m *CreateServiceResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetServiceRequest) Unmarshal(dAtA []byte) error {
+func (m *KeyRotation) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -10925,7 +19952,7 @@ func (m *GetServiceRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10933,17 +19960,17 @@ func (m *GetServiceRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetServiceRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: KeyRotation: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: KeyRotation: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ServiceID", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field WorkerJoinToken", wireType)
 			}
-			var stringLen uint64
+			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -10953,24 +19980,15 @@ func (m *GetServiceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.ServiceID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
+			m.WorkerJoinToken = bool(v != 0)
 		case 2:
 			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field InsertDefaults", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ManagerJoinToken", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
@@ -10982,67 +20000,17 @@ func (m *GetServiceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			m.InsertDefaults = bool(v != 0)
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *GetServiceResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: GetServiceResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType)
+			m.ManagerJoinToken = bool(v != 0)
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ManagerUnlockKey", wireType)
 			}
-			var msglen int
+			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -11052,32 +20020,19 @@ func (m *GetServiceResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Service == nil {
-				m.Service = &Service{}
-			}
-			if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
+			m.ManagerUnlockKey = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -11092,7 +20047,7 @@ func (m *GetServiceResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
+func (m *UpdateClusterRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -11107,7 +20062,7 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11115,15 +20070,15 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateServiceRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: UpdateClusterRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: UpdateClusterRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ServiceID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ClusterID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -11135,7 +20090,7 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11145,14 +20100,17 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ServiceID = string(dAtA[iNdEx:postIndex])
+			m.ClusterID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ServiceVersion", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ClusterVersion", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -11164,7 +20122,7 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11173,13 +20131,16 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ServiceVersion == nil {
-				m.ServiceVersion = &Version{}
+			if m.ClusterVersion == nil {
+				m.ClusterVersion = &Version{}
 			}
-			if err := m.ServiceVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.ClusterVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -11197,7 +20158,7 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11206,21 +20167,24 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Spec == nil {
-				m.Spec = &ServiceSpec{}
+				m.Spec = &ClusterSpec{}
 			}
 			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Rollback", wireType)
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rotation", wireType)
 			}
-			m.Rollback = 0
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -11230,18 +20194,32 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Rollback |= (UpdateServiceRequest_Rollback(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Rotation.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -11256,7 +20234,7 @@ func (m *UpdateServiceRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateServiceResponse) Unmarshal(dAtA []byte) error {
+func (m *UpdateClusterResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -11271,7 +20249,7 @@ func (m *UpdateServiceResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11279,15 +20257,15 @@ func (m *UpdateServiceResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateServiceResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: UpdateClusterResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: UpdateClusterResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Cluster", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -11299,7 +20277,7 @@ func (m *UpdateServiceResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11308,13 +20286,16 @@ func (m *UpdateServiceResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Service == nil {
-				m.Service = &Service{}
+			if m.Cluster == nil {
+				m.Cluster = &Cluster{}
 			}
-			if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Cluster.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -11324,7 +20305,7 @@ func (m *UpdateServiceResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -11339,7 +20320,7 @@ func (m *UpdateServiceResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RemoveServiceRequest) Unmarshal(dAtA []byte) error {
+func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -11354,7 +20335,7 @@ func (m *RemoveServiceRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11362,15 +20343,15 @@ func (m *RemoveServiceRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveServiceRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetSecretRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ServiceID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field SecretID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -11382,7 +20363,7 @@ func (m *RemoveServiceRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11392,68 +20373,21 @@ func (m *RemoveServiceRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.ServiceID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *RemoveServiceResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
+			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveServiceResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
+			m.SecretID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -11468,7 +20402,7 @@ func (m *RemoveServiceResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListServicesRequest) Unmarshal(dAtA []byte) error {
+func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -11483,7 +20417,7 @@ func (m *ListServicesRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11491,15 +20425,15 @@ func (m *ListServicesRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListServicesRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetSecretResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListServicesRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -11511,7 +20445,7 @@ func (m *ListServicesRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11520,13 +20454,16 @@ func (m *ListServicesRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Filters == nil {
-				m.Filters = &ListServicesRequest_Filters{}
+			if m.Secret == nil {
+				m.Secret = &Secret{}
 			}
-			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -11536,7 +20473,7 @@ func (m *ListServicesRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -11551,7 +20488,7 @@ func (m *ListServicesRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
+func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -11566,7 +20503,7 @@ func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11574,44 +20511,15 @@ func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Filters: wiretype end group for non-group")
+			return fmt.Errorf("proto: UpdateSecretRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Filters: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: UpdateSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Names", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Names = append(m.Names, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IDPrefixes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field SecretID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -11623,7 +20531,7 @@ func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11633,134 +20541,19 @@ func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IDPrefixes = append(m.IDPrefixes, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Labels == nil {
-				m.Labels = make(map[string]string)
-			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthControl
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthControl
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipControl(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthControl
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
-			}
-			m.Labels[mapkey] = mapvalue
+			m.SecretID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 4:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field SecretVersion", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -11770,26 +20563,33 @@ func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			if m.SecretVersion == nil {
+				m.SecretVersion = &Version{}
+			}
+			if err := m.SecretVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 5:
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Runtimes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -11799,20 +20599,27 @@ func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Runtimes = append(m.Runtimes, string(dAtA[iNdEx:postIndex]))
+			if m.Spec == nil {
+				m.Spec = &SecretSpec{}
+			}
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -11820,7 +20627,7 @@ func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -11835,7 +20642,7 @@ func (m *ListServicesRequest_Filters) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListServicesResponse) Unmarshal(dAtA []byte) error {
+func (m *UpdateSecretResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -11850,7 +20657,7 @@ func (m *ListServicesResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11858,15 +20665,15 @@ func (m *ListServicesResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListServicesResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: UpdateSecretResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListServicesResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: UpdateSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Services", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -11878,7 +20685,7 @@ func (m *ListServicesResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11887,11 +20694,16 @@ func (m *ListServicesResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Services = append(m.Services, &Service{})
-			if err := m.Services[len(m.Services)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.Secret == nil {
+				m.Secret = &Secret{}
+			}
+			if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -11901,7 +20713,7 @@ func (m *ListServicesResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -11916,7 +20728,7 @@ func (m *ListServicesResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CreateNetworkRequest) Unmarshal(dAtA []byte) error {
+func (m *ListSecretsRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -11931,7 +20743,7 @@ func (m *CreateNetworkRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11939,15 +20751,15 @@ func (m *CreateNetworkRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CreateNetworkRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListSecretsRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateNetworkRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListSecretsRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -11959,7 +20771,7 @@ func (m *CreateNetworkRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11968,13 +20780,16 @@ func (m *CreateNetworkRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Spec == nil {
-				m.Spec = &NetworkSpec{}
+			if m.Filters == nil {
+				m.Filters = &ListSecretsRequest_Filters{}
 			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -11984,7 +20799,7 @@ func (m *CreateNetworkRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -11999,7 +20814,7 @@ func (m *CreateNetworkRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CreateNetworkResponse) Unmarshal(dAtA []byte) error {
+func (m *ListSecretsRequest_Filters) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12014,7 +20829,7 @@ func (m *CreateNetworkResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12022,17 +20837,208 @@ func (m *CreateNetworkResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CreateNetworkResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: Filters: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateNetworkResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Filters: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Names", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Names = append(m.Names, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IDPrefixes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IDPrefixes = append(m.IDPrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Labels == nil {
+				m.Labels = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipControl(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthControl
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Labels[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -12042,24 +21048,23 @@ func (m *CreateNetworkResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Network == nil {
-				m.Network = &Network{}
-			}
-			if err := m.Network.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -12067,7 +21072,7 @@ func (m *CreateNetworkResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -12082,7 +21087,7 @@ func (m *CreateNetworkResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetNetworkRequest) Unmarshal(dAtA []byte) error {
+func (m *ListSecretsResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12097,7 +21102,7 @@ func (m *GetNetworkRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12105,17 +21110,17 @@ func (m *GetNetworkRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetNetworkRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListSecretsResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetNetworkRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListSecretsResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Secrets", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -12125,49 +21130,25 @@ func (m *GetNetworkRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Name = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NetworkID", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NetworkID = string(dAtA[iNdEx:postIndex])
+			m.Secrets = append(m.Secrets, &Secret{})
+			if err := m.Secrets[len(m.Secrets)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -12175,7 +21156,7 @@ func (m *GetNetworkRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -12190,7 +21171,7 @@ func (m *GetNetworkRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetNetworkResponse) Unmarshal(dAtA []byte) error {
+func (m *CreateSecretRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12205,7 +21186,7 @@ func (m *GetNetworkResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12213,15 +21194,15 @@ func (m *GetNetworkResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetNetworkResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateSecretRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetNetworkResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -12233,7 +21214,7 @@ func (m *GetNetworkResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12242,13 +21223,16 @@ func (m *GetNetworkResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Network == nil {
-				m.Network = &Network{}
+			if m.Spec == nil {
+				m.Spec = &SecretSpec{}
 			}
-			if err := m.Network.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -12258,7 +21242,7 @@ func (m *GetNetworkResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -12273,7 +21257,7 @@ func (m *GetNetworkResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RemoveNetworkRequest) Unmarshal(dAtA []byte) error {
+func (m *CreateSecretResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12288,7 +21272,7 @@ func (m *RemoveNetworkRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12296,17 +21280,17 @@ func (m *RemoveNetworkRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveNetworkRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateSecretResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveNetworkRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -12316,107 +21300,35 @@ func (m *RemoveNetworkRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Name = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NetworkID", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NetworkID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *RemoveNetworkResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
+			if m.Secret == nil {
+				m.Secret = &Secret{}
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
+			if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveNetworkResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveNetworkResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -12431,7 +21343,7 @@ func (m *RemoveNetworkResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListNetworksRequest) Unmarshal(dAtA []byte) error {
+func (m *RemoveSecretRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12446,7 +21358,7 @@ func (m *ListNetworksRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12454,17 +21366,17 @@ func (m *ListNetworksRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListNetworksRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveSecretRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListNetworksRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field SecretID", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -12474,24 +21386,23 @@ func (m *ListNetworksRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Filters == nil {
-				m.Filters = &ListNetworksRequest_Filters{}
-			}
-			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.SecretID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -12499,7 +21410,7 @@ func (m *ListNetworksRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -12514,7 +21425,7 @@ func (m *ListNetworksRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListNetworksRequest_Filters) Unmarshal(dAtA []byte) error {
+func (m *RemoveSecretResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12529,7 +21440,7 @@ func (m *ListNetworksRequest_Filters) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12537,191 +21448,65 @@ func (m *ListNetworksRequest_Filters) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Filters: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Filters: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Names", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Names = append(m.Names, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IDPrefixes", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			return fmt.Errorf("proto: RemoveSecretResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RemoveSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
+			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.IDPrefixes = append(m.IDPrefixes, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetConfigRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
 			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
+			if iNdEx >= l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Labels == nil {
-				m.Labels = make(map[string]string)
-			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthControl
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthControl
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipControl(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthControl
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
 			}
-			m.Labels[mapkey] = mapvalue
-			iNdEx = postIndex
-		case 4:
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetConfigRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ConfigID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -12733,7 +21518,7 @@ func (m *ListNetworksRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12743,10 +21528,13 @@ func (m *ListNetworksRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			m.ConfigID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -12754,7 +21542,7 @@ func (m *ListNetworksRequest_Filters) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -12769,7 +21557,7 @@ func (m *ListNetworksRequest_Filters) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListNetworksResponse) Unmarshal(dAtA []byte) error {
+func (m *GetConfigResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12784,7 +21572,7 @@ func (m *ListNetworksResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12792,15 +21580,15 @@ func (m *ListNetworksResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListNetworksResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetConfigResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListNetworksResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Networks", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -12812,7 +21600,7 @@ func (m *ListNetworksResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12821,11 +21609,16 @@ func (m *ListNetworksResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Networks = append(m.Networks, &Network{})
-			if err := m.Networks[len(m.Networks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.Config == nil {
+				m.Config = &Config{}
+			}
+			if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -12835,7 +21628,7 @@ func (m *ListNetworksResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -12850,7 +21643,7 @@ func (m *ListNetworksResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetClusterRequest) Unmarshal(dAtA []byte) error {
+func (m *UpdateConfigRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12865,25 +21658,93 @@ func (m *GetClusterRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: GetClusterRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetClusterRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: UpdateConfigRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: UpdateConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ConfigID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ConfigID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ConfigVersion", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ConfigVersion == nil {
+				m.ConfigVersion = &Version{}
+			}
+			if err := m.ConfigVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ClusterID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -12893,20 +21754,27 @@ func (m *GetClusterRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ClusterID = string(dAtA[iNdEx:postIndex])
+			if m.Spec == nil {
+				m.Spec = &ConfigSpec{}
+			}
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -12914,7 +21782,7 @@ func (m *GetClusterRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -12929,7 +21797,7 @@ func (m *GetClusterRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetClusterResponse) Unmarshal(dAtA []byte) error {
+func (m *UpdateConfigResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -12944,7 +21812,7 @@ func (m *GetClusterResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12952,15 +21820,15 @@ func (m *GetClusterResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetClusterResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: UpdateConfigResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetClusterResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: UpdateConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Cluster", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -12972,7 +21840,7 @@ func (m *GetClusterResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12981,13 +21849,16 @@ func (m *GetClusterResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Cluster == nil {
-				m.Cluster = &Cluster{}
+			if m.Config == nil {
+				m.Config = &Config{}
 			}
-			if err := m.Cluster.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -12997,7 +21868,7 @@ func (m *GetClusterResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -13012,7 +21883,7 @@ func (m *GetClusterResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListClustersRequest) Unmarshal(dAtA []byte) error {
+func (m *ListConfigsRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -13027,7 +21898,7 @@ func (m *ListClustersRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13035,10 +21906,10 @@ func (m *ListClustersRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListClustersRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListConfigsRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListClustersRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListConfigsRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -13055,7 +21926,7 @@ func (m *ListClustersRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13064,11 +21935,14 @@ func (m *ListClustersRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Filters == nil {
-				m.Filters = &ListClustersRequest_Filters{}
+				m.Filters = &ListConfigsRequest_Filters{}
 			}
 			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -13080,7 +21954,7 @@ func (m *ListClustersRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -13095,7 +21969,7 @@ func (m *ListClustersRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
+func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -13110,7 +21984,7 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13138,7 +22012,7 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13148,6 +22022,9 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13167,7 +22044,7 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13177,6 +22054,9 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13196,7 +22076,7 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13205,6 +22085,9 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13225,7 +22108,7 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -13242,7 +22125,7 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -13252,6 +22135,9 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -13268,7 +22154,7 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -13278,6 +22164,9 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -13289,202 +22178,22 @@ func (m *ListClustersRequest_Filters) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthControl
 					}
 					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
-			}
-			m.Labels[mapkey] = mapvalue
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *ListClustersResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ListClustersResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListClustersResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Clusters", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Clusters = append(m.Clusters, &Cluster{})
-			if err := m.Clusters[len(m.Clusters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *KeyRotation) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: KeyRotation: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: KeyRotation: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field WorkerJoinToken", wireType)
-			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
 				}
 			}
-			m.WorkerJoinToken = bool(v != 0)
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ManagerJoinToken", wireType)
+			m.Labels[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
 			}
-			var v int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -13494,39 +22203,31 @@ func (m *KeyRotation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			m.ManagerJoinToken = bool(v != 0)
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ManagerUnlockKey", wireType)
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
 			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
 			}
-			m.ManagerUnlockKey = bool(v != 0)
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -13541,7 +22242,7 @@ func (m *KeyRotation) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateClusterRequest) Unmarshal(dAtA []byte) error {
+func (m *ListConfigsResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -13556,7 +22257,7 @@ func (m *UpdateClusterRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13564,77 +22265,15 @@ func (m *UpdateClusterRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateClusterRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListConfigsResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateClusterRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListConfigsResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ClusterID", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.ClusterID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ClusterVersion", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.ClusterVersion == nil {
-				m.ClusterVersion = &Version{}
-			}
-			if err := m.ClusterVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Configs", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -13646,7 +22285,7 @@ func (m *UpdateClusterRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13655,43 +22294,14 @@ func (m *UpdateClusterRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Spec == nil {
-				m.Spec = &ClusterSpec{}
-			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Rotation", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.Rotation.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Configs = append(m.Configs, &Config{})
+			if err := m.Configs[len(m.Configs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -13701,7 +22311,7 @@ func (m *UpdateClusterRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -13716,7 +22326,7 @@ func (m *UpdateClusterRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateClusterResponse) Unmarshal(dAtA []byte) error {
+func (m *CreateConfigRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -13731,7 +22341,7 @@ func (m *UpdateClusterResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13739,15 +22349,15 @@ func (m *UpdateClusterResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateClusterResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateConfigRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateClusterResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Cluster", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -13759,7 +22369,7 @@ func (m *UpdateClusterResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13768,13 +22378,16 @@ func (m *UpdateClusterResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Cluster == nil {
-				m.Cluster = &Cluster{}
+			if m.Spec == nil {
+				m.Spec = &ConfigSpec{}
 			}
-			if err := m.Cluster.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -13784,7 +22397,7 @@ func (m *UpdateClusterResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -13799,7 +22412,7 @@ func (m *UpdateClusterResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
+func (m *CreateConfigResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -13814,7 +22427,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13822,17 +22435,17 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetSecretRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateConfigResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SecretID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -13842,20 +22455,27 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.SecretID = string(dAtA[iNdEx:postIndex])
+			if m.Config == nil {
+				m.Config = &Config{}
+			}
+			if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -13863,7 +22483,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -13878,7 +22498,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
+func (m *RemoveConfigRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -13893,7 +22513,7 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13901,17 +22521,17 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetSecretResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveConfigRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ConfigID", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -13921,24 +22541,23 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Secret == nil {
-				m.Secret = &Secret{}
-			}
-			if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.ConfigID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -13946,7 +22565,7 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -13961,7 +22580,7 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
+func (m *RemoveConfigResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -13976,7 +22595,7 @@ func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13984,44 +22603,65 @@ func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateSecretRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveConfigResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SecretID", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CreateExtensionRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
 				return io.ErrUnexpectedEOF
 			}
-			m.SecretID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CreateExtensionRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CreateExtensionRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SecretVersion", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -14033,7 +22673,7 @@ func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14042,21 +22682,24 @@ func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.SecretVersion == nil {
-				m.SecretVersion = &Version{}
+			if m.Annotations == nil {
+				m.Annotations = &Annotations{}
 			}
-			if err := m.SecretVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Annotations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 3:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -14066,24 +22709,23 @@ func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Spec == nil {
-				m.Spec = &SecretSpec{}
-			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Description = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -14091,7 +22733,7 @@ func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14106,7 +22748,7 @@ func (m *UpdateSecretRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateSecretResponse) Unmarshal(dAtA []byte) error {
+func (m *CreateExtensionResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14121,7 +22763,7 @@ func (m *UpdateSecretResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14129,15 +22771,15 @@ func (m *UpdateSecretResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateSecretResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateExtensionResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateExtensionResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Extension", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -14149,7 +22791,7 @@ func (m *UpdateSecretResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14158,13 +22800,16 @@ func (m *UpdateSecretResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Secret == nil {
-				m.Secret = &Secret{}
+			if m.Extension == nil {
+				m.Extension = &Extension{}
 			}
-			if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Extension.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -14174,7 +22819,7 @@ func (m *UpdateSecretResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14189,7 +22834,7 @@ func (m *UpdateSecretResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListSecretsRequest) Unmarshal(dAtA []byte) error {
+func (m *RemoveExtensionRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14204,7 +22849,7 @@ func (m *ListSecretsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14212,17 +22857,17 @@ func (m *ListSecretsRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListSecretsRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveExtensionRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListSecretsRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveExtensionRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ExtensionID", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -14232,24 +22877,23 @@ func (m *ListSecretsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Filters == nil {
-				m.Filters = &ListSecretsRequest_Filters{}
-			}
-			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.ExtensionID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -14257,7 +22901,7 @@ func (m *ListSecretsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14272,7 +22916,7 @@ func (m *ListSecretsRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListSecretsRequest_Filters) Unmarshal(dAtA []byte) error {
+func (m *RemoveExtensionResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14287,7 +22931,7 @@ func (m *ListSecretsRequest_Filters) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14295,191 +22939,65 @@ func (m *ListSecretsRequest_Filters) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Filters: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveExtensionResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Filters: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveExtensionResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Names", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Names = append(m.Names, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IDPrefixes", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IDPrefixes = append(m.IDPrefixes, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Labels == nil {
-				m.Labels = make(map[string]string)
-			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthControl
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowControl
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthControl
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipControl(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthControl
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
 			}
-			m.Labels[mapkey] = mapvalue
-			iNdEx = postIndex
-		case 4:
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GetExtensionRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GetExtensionRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GetExtensionRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ExtensionID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -14491,7 +23009,7 @@ func (m *ListSecretsRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14501,10 +23019,13 @@ func (m *ListSecretsRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			m.ExtensionID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -14512,7 +23033,7 @@ func (m *ListSecretsRequest_Filters) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14527,7 +23048,7 @@ func (m *ListSecretsRequest_Filters) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListSecretsResponse) Unmarshal(dAtA []byte) error {
+func (m *GetExtensionResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14542,7 +23063,7 @@ func (m *ListSecretsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14550,15 +23071,15 @@ func (m *ListSecretsResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListSecretsResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetExtensionResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListSecretsResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetExtensionResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Secrets", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Extension", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -14570,7 +23091,7 @@ func (m *ListSecretsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14579,11 +23100,16 @@ func (m *ListSecretsResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Secrets = append(m.Secrets, &Secret{})
-			if err := m.Secrets[len(m.Secrets)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.Extension == nil {
+				m.Extension = &Extension{}
+			}
+			if err := m.Extension.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -14593,7 +23119,7 @@ func (m *ListSecretsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14608,7 +23134,7 @@ func (m *ListSecretsResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CreateSecretRequest) Unmarshal(dAtA []byte) error {
+func (m *CreateResourceRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14623,7 +23149,7 @@ func (m *CreateSecretRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14631,15 +23157,83 @@ func (m *CreateSecretRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CreateSecretRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateResourceRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateResourceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Annotations == nil {
+				m.Annotations = &Annotations{}
+			}
+			if err := m.Annotations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Kind = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Payload", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -14651,7 +23245,7 @@ func (m *CreateSecretRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14660,13 +23254,16 @@ func (m *CreateSecretRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Spec == nil {
-				m.Spec = &SecretSpec{}
+			if m.Payload == nil {
+				m.Payload = &types.Any{}
 			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Payload.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -14676,7 +23273,7 @@ func (m *CreateSecretRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14691,7 +23288,7 @@ func (m *CreateSecretRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CreateSecretResponse) Unmarshal(dAtA []byte) error {
+func (m *CreateResourceResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14706,7 +23303,7 @@ func (m *CreateSecretResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14714,15 +23311,15 @@ func (m *CreateSecretResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CreateSecretResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: CreateResourceResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CreateResourceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -14734,7 +23331,7 @@ func (m *CreateSecretResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14743,13 +23340,16 @@ func (m *CreateSecretResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Secret == nil {
-				m.Secret = &Secret{}
+			if m.Resource == nil {
+				m.Resource = &Resource{}
 			}
-			if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Resource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -14759,7 +23359,7 @@ func (m *CreateSecretResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14774,7 +23374,7 @@ func (m *CreateSecretResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RemoveSecretRequest) Unmarshal(dAtA []byte) error {
+func (m *RemoveResourceRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14789,7 +23389,7 @@ func (m *RemoveSecretRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14797,15 +23397,15 @@ func (m *RemoveSecretRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveSecretRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveResourceRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveResourceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SecretID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -14817,7 +23417,7 @@ func (m *RemoveSecretRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14827,10 +23427,13 @@ func (m *RemoveSecretRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.SecretID = string(dAtA[iNdEx:postIndex])
+			m.ResourceID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -14838,7 +23441,7 @@ func (m *RemoveSecretRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14853,7 +23456,7 @@ func (m *RemoveSecretRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RemoveSecretResponse) Unmarshal(dAtA []byte) error {
+func (m *RemoveResourceResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14868,7 +23471,7 @@ func (m *RemoveSecretResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14876,10 +23479,10 @@ func (m *RemoveSecretResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveSecretResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: RemoveResourceResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RemoveResourceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		default:
@@ -14888,55 +23491,159 @@ func (m *RemoveSecretResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *UpdateResourceRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: UpdateResourceRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: UpdateResourceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResourceID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceVersion", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ResourceVersion == nil {
+				m.ResourceVersion = &Version{}
+			}
+			if err := m.ResourceVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
 				return ErrInvalidLengthControl
 			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *GetConfigRequest) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
 			}
-			if iNdEx >= l {
+			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
+			if m.Annotations == nil {
+				m.Annotations = &Annotations{}
 			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: GetConfigRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+			if err := m.Annotations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ConfigID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Payload", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -14946,20 +23653,27 @@ func (m *GetConfigRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ConfigID = string(dAtA[iNdEx:postIndex])
+			if m.Payload == nil {
+				m.Payload = &types.Any{}
+			}
+			if err := m.Payload.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -14967,7 +23681,7 @@ func (m *GetConfigRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -14982,7 +23696,7 @@ func (m *GetConfigRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GetConfigResponse) Unmarshal(dAtA []byte) error {
+func (m *UpdateResourceResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -14997,7 +23711,7 @@ func (m *GetConfigResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15005,15 +23719,15 @@ func (m *GetConfigResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GetConfigResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: UpdateResourceResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GetConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: UpdateResourceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -15025,7 +23739,7 @@ func (m *GetConfigResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15034,13 +23748,16 @@ func (m *GetConfigResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Config == nil {
-				m.Config = &Config{}
+			if m.Resource == nil {
+				m.Resource = &Resource{}
 			}
-			if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Resource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -15050,7 +23767,7 @@ func (m *GetConfigResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -15065,7 +23782,7 @@ func (m *GetConfigResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateConfigRequest) Unmarshal(dAtA []byte) error {
+func (m *GetResourceRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -15080,7 +23797,7 @@ func (m *UpdateConfigRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15088,15 +23805,15 @@ func (m *UpdateConfigRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateConfigRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetResourceRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetResourceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ConfigID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -15108,7 +23825,7 @@ func (m *UpdateConfigRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15118,76 +23835,13 @@ func (m *UpdateConfigRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.ConfigID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ConfigVersion", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.ConfigVersion == nil {
-				m.ConfigVersion = &Version{}
-			}
-			if err := m.ConfigVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Spec == nil {
-				m.Spec = &ConfigSpec{}
-			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.ResourceID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -15195,7 +23849,7 @@ func (m *UpdateConfigRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -15210,7 +23864,7 @@ func (m *UpdateConfigRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *UpdateConfigResponse) Unmarshal(dAtA []byte) error {
+func (m *GetResourceResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -15225,7 +23879,7 @@ func (m *UpdateConfigResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15233,15 +23887,15 @@ func (m *UpdateConfigResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: UpdateConfigResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetResourceResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: UpdateConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetResourceResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -15253,7 +23907,7 @@ func (m *UpdateConfigResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15262,13 +23916,16 @@ func (m *UpdateConfigResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Config == nil {
-				m.Config = &Config{}
+			if m.Resource == nil {
+				m.Resource = &Resource{}
 			}
-			if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Resource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -15278,7 +23935,7 @@ func (m *UpdateConfigResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -15293,7 +23950,7 @@ func (m *UpdateConfigResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListConfigsRequest) Unmarshal(dAtA []byte) error {
+func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -15308,7 +23965,7 @@ func (m *ListConfigsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15316,10 +23973,10 @@ func (m *ListConfigsRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ListConfigsRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListResourcesRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListConfigsRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListResourcesRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -15336,7 +23993,7 @@ func (m *ListConfigsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15345,11 +24002,14 @@ func (m *ListConfigsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Filters == nil {
-				m.Filters = &ListConfigsRequest_Filters{}
+				m.Filters = &ListResourcesRequest_Filters{}
 			}
 			if err := m.Filters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -15361,7 +24021,7 @@ func (m *ListConfigsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -15376,7 +24036,7 @@ func (m *ListConfigsRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
+func (m *ListResourcesRequest_Filters) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -15391,7 +24051,7 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15419,7 +24079,7 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15429,6 +24089,9 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15448,7 +24111,7 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15458,6 +24121,9 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15477,7 +24143,7 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15486,6 +24152,9 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15506,7 +24175,7 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -15523,7 +24192,7 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -15533,6 +24202,9 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -15549,7 +24221,7 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -15559,6 +24231,9 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -15570,101 +24245,22 @@ func (m *ListConfigsRequest_Filters) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthControl
 					}
 					if (iNdEx + skippy) > postIndex {
 						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
-			}
-			m.Labels[mapkey] = mapvalue
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthControl
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *ListConfigsResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ListConfigsResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ListConfigsResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Labels[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Configs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field NamePrefixes", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -15674,78 +24270,29 @@ func (m *ListConfigsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Configs = append(m.Configs, &Config{})
-			if err := m.Configs[len(m.Configs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *CreateConfigRequest) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
+			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: CreateConfigRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+			m.NamePrefixes = append(m.NamePrefixes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 5:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -15755,24 +24302,23 @@ func (m *CreateConfigRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Spec == nil {
-				m.Spec = &ConfigSpec{}
-			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Kind = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -15780,7 +24326,7 @@ func (m *CreateConfigRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -15795,7 +24341,7 @@ func (m *CreateConfigRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CreateConfigResponse) Unmarshal(dAtA []byte) error {
+func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -15810,7 +24356,7 @@ func (m *CreateConfigResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15818,15 +24364,15 @@ func (m *CreateConfigResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CreateConfigResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: ListResourcesResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CreateConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ListResourcesResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -15838,7 +24384,7 @@ func (m *CreateConfigResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15847,152 +24393,24 @@ func (m *CreateConfigResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Config == nil {
-				m.Config = &Config{}
-			}
-			if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *RemoveConfigRequest) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveConfigRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ConfigID", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ConfigID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipControl(dAtA[iNdEx:])
-			if err != nil {
+			m.Resources = append(m.Resources, &Resource{})
+			if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
-			if skippy < 0 {
-				return ErrInvalidLengthControl
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *RemoveConfigResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowControl
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: RemoveConfigResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RemoveConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipControl(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
@@ -16010,6 +24428,7 @@ func (m *RemoveConfigResponse) Unmarshal(dAtA []byte) error {
 func skipControl(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -16041,10 +24460,8 @@ func skipControl(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -16061,195 +24478,34 @@ func skipControl(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthControl
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipControl(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupControl
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthControl
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthControl = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowControl   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthControl        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowControl          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupControl = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("github.com/docker/swarmkit/api/control.proto", fileDescriptorControl) }
-
-var fileDescriptorControl = []byte{
-	// 2167 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0x4d, 0x73, 0x1b, 0x49,
-	0x19, 0xb6, 0x3e, 0x6c, 0xc9, 0xaf, 0x6c, 0xd9, 0xee, 0x78, 0x41, 0xa5, 0x04, 0x3b, 0x35, 0x21,
-	0x89, 0xb2, 0x65, 0x24, 0x56, 0x61, 0xd9, 0xb0, 0xb0, 0xc0, 0xda, 0xce, 0x66, 0xb5, 0xde, 0x38,
-	0xa9, 0x71, 0xb2, 0xc5, 0x85, 0x52, 0xc9, 0x52, 0xdb, 0x3b, 0x91, 0xac, 0x11, 0x33, 0x23, 0xef,
-	0xba, 0xb8, 0x00, 0x15, 0x7e, 0x02, 0x55, 0x5c, 0x39, 0x51, 0xc5, 0x81, 0x03, 0x27, 0x0e, 0xfc,
-	0x80, 0x14, 0x27, 0x8e, 0x9c, 0x0c, 0xab, 0x2a, 0xaa, 0x38, 0xf1, 0x1b, 0xa8, 0xee, 0x7e, 0x7b,
-	0xbe, 0xd4, 0x33, 0xa3, 0x0f, 0x57, 0x79, 0x4f, 0x96, 0x7a, 0x9e, 0xf7, 0xa3, 0xfb, 0x7d, 0xfa,
-	0x51, 0xf7, 0x3b, 0x86, 0x9d, 0x53, 0xc3, 0xf9, 0x7c, 0x78, 0x5c, 0x6d, 0x9b, 0x67, 0xb5, 0x8e,
-	0xd9, 0xee, 0x52, 0xab, 0x66, 0x7f, 0xd1, 0xb2, 0xce, 0xba, 0x86, 0x53, 0x6b, 0x0d, 0x8c, 0x5a,
-	0xdb, 0xec, 0x3b, 0x96, 0xd9, 0xab, 0x0e, 0x2c, 0xd3, 0x31, 0x09, 0x11, 0x90, 0xaa, 0x84, 0x54,
-	0xcf, 0xdf, 0x29, 0xbf, 0x9d, 0xe0, 0xc1, 0x1e, 0xd0, 0xb6, 0x2d, 0xec, 0xcb, 0x49, 0xd1, 0xcc,
-	0xe3, 0x57, 0xb4, 0xed, 0x48, 0x74, 0x92, 0x67, 0xe7, 0x62, 0x40, 0x25, 0x76, 0xf3, 0xd4, 0x3c,
-	0x35, 0xf9, 0xc7, 0x1a, 0xfb, 0x84, 0xa3, 0xef, 0xc5, 0x78, 0xe0, 0x88, 0xe3, 0xe1, 0x49, 0x6d,
-	0xd0, 0x1b, 0x9e, 0x1a, 0x7d, 0xfc, 0x23, 0x0c, 0xb5, 0x77, 0xa1, 0xf8, 0x84, 0x3a, 0x87, 0x66,
-	0x87, 0xea, 0xf4, 0x17, 0x43, 0x6a, 0x3b, 0xe4, 0x0e, 0xe4, 0xfa, 0x66, 0x87, 0x36, 0x8d, 0x4e,
-	0x29, 0x75, 0x3b, 0x55, 0x59, 0xde, 0x85, 0xd1, 0xe5, 0xf6, 0x12, 0x43, 0x34, 0xf6, 0xf5, 0x25,
-	0xf6, 0xa8, 0xd1, 0xd1, 0x7e, 0x02, 0x6b, 0xae, 0x99, 0x3d, 0x30, 0xfb, 0x36, 0x25, 0x3b, 0x90,
-	0x65, 0x0f, 0xb9, 0x51, 0xa1, 0x5e, 0xaa, 0x8e, 0xaf, 0x60, 0x95, 0xe3, 0x39, 0x4a, 0x7b, 0xbd,
-	0x08, 0xeb, 0x9f, 0x1a, 0x36, 0x77, 0x61, 0xcb, 0xd0, 0x1f, 0x41, 0xee, 0xc4, 0xe8, 0x39, 0xd4,
-	0xb2, 0xd1, 0xcb, 0x8e, 0xca, 0x4b, 0xd8, 0xac, 0xfa, 0x91, 0xb0, 0xd1, 0xa5, 0x71, 0xf9, 0x8f,
-	0x59, 0xc8, 0xe1, 0x20, 0xd9, 0x84, 0xc5, 0x7e, 0xeb, 0x8c, 0x32, 0x8f, 0x99, 0xca, 0xb2, 0x2e,
-	0xbe, 0x90, 0x1a, 0x14, 0x8c, 0x4e, 0x73, 0x60, 0xd1, 0x13, 0xe3, 0x4b, 0x6a, 0x97, 0xd2, 0xec,
-	0xd9, 0x6e, 0x71, 0x74, 0xb9, 0x0d, 0x8d, 0xfd, 0xe7, 0x38, 0xaa, 0x83, 0xd1, 0x91, 0x9f, 0xc9,
-	0x73, 0x58, 0xea, 0xb5, 0x8e, 0x69, 0xcf, 0x2e, 0x65, 0x6e, 0x67, 0x2a, 0x85, 0xfa, 0xa3, 0x69,
-	0x32, 0xab, 0x7e, 0xca, 0x4d, 0x1f, 0xf7, 0x1d, 0xeb, 0x42, 0x47, 0x3f, 0xe4, 0x29, 0x14, 0xce,
-	0xe8, 0xd9, 0x31, 0xb5, 0xec, 0xcf, 0x8d, 0x81, 0x5d, 0xca, 0xde, 0xce, 0x54, 0x8a, 0xf5, 0xfb,
-	0x51, 0xcb, 0x76, 0x34, 0xa0, 0xed, 0xea, 0x53, 0x17, 0xbf, 0x9b, 0x5e, 0x5f, 0xd0, 0xfd, 0xf6,
-	0xe4, 0xfb, 0xb0, 0x68, 0x99, 0x3d, 0x6a, 0x97, 0x16, 0xb9, 0xa3, 0x5b, 0x91, 0xeb, 0x6f, 0xf6,
-	0x28, 0xb7, 0x16, 0x70, 0x72, 0x07, 0x56, 0xd9, 0x92, 0x78, 0x6b, 0xb1, 0xc4, 0xd7, 0x69, 0x85,
-	0x0d, 0xba, 0xb3, 0xff, 0x39, 0x14, 0x38, 0x27, 0x70, 0x09, 0x72, 0x7c, 0x09, 0x7e, 0x34, 0xd5,
-	0x12, 0xb0, 0x41, 0xff, 0x32, 0x40, 0xdf, 0x1d, 0x28, 0xff, 0x00, 0x0a, 0xbe, 0x47, 0x64, 0x1d,
-	0x32, 0x5d, 0x7a, 0x21, 0xd8, 0xa7, 0xb3, 0x8f, 0xac, 0x88, 0xe7, 0xad, 0xde, 0x90, 0x96, 0xd2,
-	0x7c, 0x4c, 0x7c, 0x79, 0x3f, 0xfd, 0x28, 0x55, 0xfe, 0x00, 0xd6, 0x42, 0x9e, 0xa7, 0x31, 0xd7,
-	0xf6, 0x60, 0xc3, 0x97, 0x31, 0x32, 0xb9, 0x0a, 0x8b, 0x2c, 0x39, 0x41, 0x99, 0x38, 0x2a, 0x0b,
-	0x98, 0xf6, 0xa7, 0x14, 0x6c, 0xbc, 0x1c, 0x74, 0x5a, 0x0e, 0x9d, 0x76, 0x1f, 0x91, 0x1f, 0xc3,
-	0x0a, 0x07, 0x9d, 0x53, 0xcb, 0x36, 0xcc, 0x3e, 0x4f, 0xb0, 0x50, 0xbf, 0xa9, 0x8a, 0xf8, 0x99,
-	0x80, 0xe8, 0xbc, 0x12, 0xf8, 0x85, 0x7c, 0x17, 0xb2, 0x4c, 0x76, 0x4a, 0x19, 0x6e, 0x77, 0x2b,
-	0x8e, 0x3d, 0x3a, 0x47, 0x6a, 0xbb, 0x40, 0xfc, 0xb9, 0xce, 0xb4, 0x79, 0x0f, 0x61, 0x43, 0xa7,
-	0x67, 0xe6, 0xf9, 0xf4, 0xf3, 0xdd, 0x84, 0xc5, 0x13, 0xd3, 0x6a, 0x8b, 0x4a, 0xe4, 0x75, 0xf1,
-	0x45, 0xdb, 0x04, 0xe2, 0xf7, 0x27, 0x72, 0x42, 0x69, 0x7a, 0xd1, 0xb2, 0xbb, 0xbe, 0x10, 0x4e,
-	0xcb, 0xee, 0x86, 0x42, 0x30, 0x04, 0x0b, 0xc1, 0x1e, 0xb9, 0xd2, 0x24, 0xcc, 0xbc, 0xd9, 0xb1,
-	0x87, 0x71, 0xb3, 0xe3, 0x78, 0x8e, 0xd2, 0x1e, 0xc9, 0xd9, 0x4d, 0x1d, 0xda, 0x9d, 0x87, 0x3f,
-	0xba, 0xf6, 0xb7, 0xac, 0x90, 0x3a, 0x36, 0x38, 0x83, 0xd4, 0xf9, 0xcd, 0xc6, 0xa5, 0xee, 0x5f,
-	0x99, 0xeb, 0x93, 0x3a, 0x55, 0x66, 0x4a, 0xa9, 0xab, 0x41, 0xc1, 0xa6, 0xd6, 0xb9, 0xd1, 0x66,
-	0xec, 0x10, 0x52, 0x87, 0x29, 0x1c, 0x89, 0xe1, 0xc6, 0xbe, 0xad, 0x03, 0x42, 0x1a, 0x1d, 0x9b,
-	0xdc, 0x83, 0x3c, 0x72, 0x49, 0xe8, 0xd9, 0xf2, 0x6e, 0x61, 0x74, 0xb9, 0x9d, 0x13, 0x64, 0xb2,
-	0xf5, 0x9c, 0x60, 0x93, 0x4d, 0x3e, 0x86, 0x62, 0x87, 0xda, 0x86, 0x45, 0x3b, 0x4d, 0xdb, 0x69,
-	0x39, 0xa8, 0x5e, 0xc5, 0xfa, 0xb7, 0xa2, 0x4a, 0x7c, 0xc4, 0x50, 0x5c, 0xfe, 0x56, 0xd1, 0x90,
-	0x8f, 0x28, 0x64, 0x30, 0xa7, 0x90, 0xc1, 0x5b, 0x00, 0xc3, 0x41, 0xd3, 0x31, 0x9b, 0x6c, 0xff,
-	0x94, 0xf2, 0x9c, 0xc2, 0xf9, 0xe1, 0xe0, 0x85, 0xb9, 0xdf, 0x72, 0x28, 0x29, 0x43, 0xde, 0x1a,
-	0xf6, 0x1d, 0x83, 0x55, 0x60, 0x99, 0x5b, 0xbb, 0xdf, 0xe7, 0x50, 0x38, 0x29, 0x51, 0xb8, 0xd8,
-	0x9e, 0x44, 0x31, 0xce, 0xc5, 0x4a, 0x14, 0x27, 0xa1, 0x80, 0x69, 0x07, 0xb0, 0xb9, 0x67, 0xd1,
-	0x96, 0x43, 0x71, 0xc1, 0x25, 0x0d, 0x1f, 0xa2, 0x7e, 0x08, 0x0e, 0x6e, 0xab, 0xdc, 0xa0, 0x85,
-	0x4f, 0x42, 0x0e, 0xe1, 0xad, 0x90, 0x33, 0xcc, 0xea, 0x5d, 0xc8, 0x61, 0x11, 0xd1, 0xe1, 0xcd,
-	0x18, 0x87, 0xba, 0xc4, 0x6a, 0xaf, 0x60, 0xe3, 0x09, 0x75, 0x42, 0x99, 0xed, 0x00, 0x78, 0x9c,
-	0xc1, 0x3d, 0xb7, 0x3a, 0xba, 0xdc, 0x5e, 0x76, 0x29, 0xa3, 0x2f, 0xbb, 0x8c, 0x21, 0xf7, 0x61,
-	0xcd, 0xe8, 0xdb, 0xd4, 0x72, 0x9a, 0x1d, 0x7a, 0xd2, 0x1a, 0xf6, 0x1c, 0x1b, 0x15, 0xa6, 0x28,
-	0x86, 0xf7, 0x71, 0x54, 0x3b, 0x00, 0xe2, 0x8f, 0x35, 0x5f, 0xe2, 0x7f, 0x49, 0xc3, 0xa6, 0x10,
-	0xd3, 0xb9, 0x92, 0xdf, 0x87, 0x35, 0x89, 0x9e, 0xe2, 0x77, 0xa0, 0x88, 0x36, 0xf2, 0xa7, 0xe0,
-	0x61, 0xe0, 0xa7, 0x60, 0xb2, 0x52, 0x92, 0xa7, 0x90, 0xb7, 0xcc, 0x5e, 0xef, 0xb8, 0xd5, 0xee,
-	0x96, 0xb2, 0xb7, 0x53, 0x95, 0x62, 0xfd, 0x1d, 0x95, 0xa1, 0x6a, 0x92, 0x55, 0x1d, 0x0d, 0x75,
-	0xd7, 0x85, 0xa6, 0x41, 0x5e, 0x8e, 0x92, 0x3c, 0x64, 0x0f, 0x9f, 0x1d, 0x3e, 0x5e, 0x5f, 0x20,
-	0x2b, 0x90, 0x7f, 0xae, 0x3f, 0xfe, 0xac, 0xf1, 0xec, 0xe5, 0xd1, 0x7a, 0x8a, 0xb1, 0x27, 0xe4,
-	0x6e, 0xbe, 0x22, 0xec, 0xc3, 0xa6, 0x10, 0xdd, 0x79, 0x6a, 0xa0, 0x7d, 0x13, 0xde, 0x0a, 0x79,
-	0x41, 0xf5, 0x7e, 0x9d, 0x81, 0x1b, 0x6c, 0xff, 0xe1, 0xb8, 0x2b, 0xe0, 0x8d, 0xb0, 0x80, 0xd7,
-	0xa2, 0x64, 0x32, 0x64, 0x39, 0xae, 0xe1, 0x7f, 0x48, 0x5f, 0xb9, 0x86, 0x1f, 0x85, 0x34, 0xfc,
-	0x87, 0x53, 0x26, 0xa7, 0x94, 0xf1, 0x31, 0x8d, 0xcc, 0x2a, 0x34, 0xd2, 0xaf, 0x82, 0x8b, 0x57,
-	0xa7, 0x82, 0xcf, 0x60, 0x33, 0x98, 0x2e, 0x92, 0xe6, 0x3d, 0xc8, 0x63, 0x11, 0xa5, 0x16, 0xc6,
-	0xb2, 0xc6, 0x05, 0x7b, 0x8a, 0x78, 0x48, 0x9d, 0x2f, 0x4c, 0xab, 0x3b, 0x85, 0x22, 0xa2, 0x85,
-	0x4a, 0x11, 0x5d, 0x67, 0x1e, 0xa7, 0xfb, 0x62, 0x28, 0x8e, 0xd3, 0xd2, 0x4a, 0x62, 0xb5, 0x97,
-	0x5c, 0x11, 0x43, 0x99, 0x11, 0xc8, 0xb2, 0x95, 0xc6, 0xf5, 0xe2, 0x9f, 0x19, 0xc9, 0xd1, 0x86,
-	0x91, 0x3c, 0xed, 0x91, 0x1c, 0x6d, 0x19, 0xc9, 0x11, 0xd0, 0xe8, 0xa0, 0xf8, 0x5d, 0x51, 0x8e,
-	0x3f, 0x93, 0xfb, 0xee, 0xca, 0xd3, 0x74, 0xf7, 0x62, 0x28, 0x53, 0xed, 0xbf, 0x69, 0xb1, 0x17,
-	0x71, 0x7c, 0x86, 0xbd, 0x18, 0xb2, 0x1c, 0xdf, 0x8b, 0xbf, 0xbd, 0xc6, 0xbd, 0x18, 0x91, 0xdc,
-	0xcc, 0x7b, 0xf1, 0x0a, 0xf6, 0x9b, 0x97, 0x92, 0xb7, 0xdf, 0xb0, 0x50, 0xb1, 0xfb, 0x4d, 0x56,
-	0xce, 0x05, 0x6b, 0x1f, 0x72, 0x4a, 0xef, 0xf5, 0x86, 0xb6, 0x43, 0x2d, 0x9f, 0x46, 0xb7, 0xc5,
-	0x48, 0x48, 0xa3, 0x11, 0xc7, 0x78, 0x81, 0x00, 0x97, 0xbe, 0xae, 0x0b, 0x8f, 0xbe, 0x08, 0x89,
-	0xa3, 0xaf, 0xb4, 0x92, 0x58, 0x97, 0x4b, 0xf8, 0x60, 0x06, 0x2e, 0x85, 0x2c, 0xbf, 0x5e, 0x5c,
-	0x8a, 0x48, 0xee, 0x3a, 0xb9, 0xe4, 0xa5, 0xe4, 0x71, 0x09, 0xab, 0x11, 0xcb, 0x25, 0x59, 0x3a,
-	0x17, 0xac, 0xfd, 0x2e, 0x05, 0x85, 0x03, 0x7a, 0xa1, 0x9b, 0x4e, 0xcb, 0x61, 0x47, 0x9f, 0xb7,
-	0x61, 0x83, 0x91, 0x8c, 0x5a, 0xcd, 0x57, 0xa6, 0xd1, 0x6f, 0x3a, 0x66, 0x97, 0xf6, 0x79, 0x6a,
-	0x79, 0x7d, 0x4d, 0x3c, 0xf8, 0xc4, 0x34, 0xfa, 0x2f, 0xd8, 0x30, 0xd9, 0x01, 0x72, 0xd6, 0xea,
-	0xb7, 0x4e, 0x83, 0x60, 0x71, 0x58, 0x5c, 0xc7, 0x27, 0x4a, 0xf4, 0xb0, 0xdf, 0x33, 0xdb, 0xdd,
-	0x26, 0x9b, 0x75, 0x26, 0x80, 0x7e, 0xc9, 0x1f, 0x1c, 0xd0, 0x0b, 0xed, 0x37, 0xee, 0x79, 0x70,
-	0x1e, 0x9e, 0xb3, 0xf3, 0xa0, 0x44, 0x4f, 0x73, 0x1e, 0x44, 0x9b, 0x29, 0xce, 0x83, 0x18, 0xdd,
-	0x77, 0x1e, 0xfc, 0x90, 0x9d, 0x07, 0xc5, 0xaa, 0xf2, 0xf3, 0x60, 0x84, 0xa1, 0x6f, 0xf1, 0x77,
-	0xb3, 0x6f, 0x2e, 0xb7, 0x17, 0x74, 0xd7, 0xcc, 0x3b, 0xdf, 0x5d, 0xd1, 0x46, 0xfd, 0x00, 0xd6,
-	0xf9, 0x89, 0xbd, 0x6d, 0x51, 0x47, 0xae, 0xe7, 0x03, 0x58, 0xb6, 0xf9, 0x80, 0xb7, 0x9c, 0x2b,
-	0xa3, 0xcb, 0xed, 0xbc, 0x40, 0x35, 0xf6, 0xd9, 0xef, 0x3c, 0xff, 0xd4, 0xd1, 0x9e, 0xe0, 0xe5,
-	0x42, 0x98, 0x63, 0x2a, 0x75, 0x58, 0x12, 0x00, 0xcc, 0xa4, 0xac, 0x3e, 0x33, 0x70, 0x1b, 0x44,
-	0x6a, 0x7f, 0x4d, 0xc1, 0x0d, 0x79, 0x70, 0x9d, 0x2d, 0x17, 0xb2, 0x0b, 0x45, 0x84, 0x4e, 0x51,
-	0xd7, 0x55, 0x61, 0x22, 0xcb, 0x5a, 0x0f, 0x94, 0x75, 0x2b, 0x3a, 0x71, 0xdf, 0xf1, 0xe4, 0x13,
-	0xef, 0x9a, 0x32, 0xf7, 0x32, 0xfc, 0x27, 0x0d, 0x44, 0x9c, 0xc4, 0xd8, 0x57, 0x57, 0x36, 0x3f,
-	0x0e, 0xcb, 0x66, 0x35, 0xfa, 0xc4, 0xe9, 0x37, 0x1c, 0x57, 0xcd, 0xd7, 0x57, 0xaf, 0x9a, 0x7a,
-	0x48, 0x35, 0xdf, 0x9f, 0x2e, 0xb7, 0x6b, 0x11, 0xcd, 0x03, 0x79, 0xed, 0xc0, 0x8c, 0xb0, 0x64,
-	0xdf, 0x63, 0x97, 0x24, 0x3e, 0x84, 0x92, 0x19, 0x57, 0x33, 0x09, 0xd5, 0x1a, 0x70, 0x43, 0xde,
-	0xd8, 0xfd, 0xd4, 0xad, 0x07, 0xce, 0xba, 0x13, 0x73, 0x29, 0xe8, 0x6a, 0x0e, 0x2e, 0xfd, 0x14,
-	0x6e, 0xc8, 0x4b, 0xd7, 0x8c, 0xbb, 0xfb, 0x1b, 0xde, 0xe5, 0xcf, 0x9f, 0x0d, 0x8a, 0xc6, 0x9e,
-	0xd9, 0x3f, 0x31, 0x4e, 0x7d, 0x6e, 0xdb, 0x7c, 0x20, 0xe4, 0x56, 0xa0, 0x98, 0x5b, 0xf1, 0xd8,
-	0x15, 0x0d, 0x69, 0xee, 0xcd, 0x50, 0x00, 0xe2, 0x66, 0x88, 0x36, 0x88, 0xf4, 0x89, 0xc6, 0xac,
-	0xb9, 0x30, 0xd1, 0x40, 0xe8, 0x34, 0xa2, 0x21, 0x4c, 0xa6, 0x10, 0x0d, 0x11, 0x59, 0x25, 0x1a,
-	0x57, 0xb0, 0x0c, 0x52, 0x34, 0xc4, 0xf0, 0x0c, 0xa2, 0x11, 0x34, 0xfc, 0x7a, 0x89, 0x86, 0x3a,
-	0xb7, 0xeb, 0x14, 0x0d, 0x37, 0x23, 0x4f, 0x34, 0x44, 0x21, 0x62, 0x45, 0x03, 0x6b, 0x26, 0xa1,
-	0x9e, 0x68, 0x04, 0xa9, 0x3b, 0x81, 0x68, 0xa8, 0xb8, 0x14, 0x74, 0x35, 0x07, 0x97, 0x5c, 0xd1,
-	0x98, 0x79, 0x77, 0xbb, 0xa2, 0x11, 0xcc, 0xa6, 0xfe, 0xeb, 0x9b, 0x90, 0xdb, 0x13, 0xaf, 0x81,
-	0x89, 0x01, 0x39, 0x7c, 0xc1, 0x49, 0x34, 0x55, 0x52, 0xc1, 0x97, 0xa6, 0xe5, 0x3b, 0xb1, 0x18,
-	0x14, 0xa5, 0xb7, 0xfe, 0xfe, 0xe7, 0xff, 0xfd, 0x3e, 0xbd, 0x06, 0xab, 0x1c, 0xf4, 0x1d, 0x3c,
-	0x3e, 0x12, 0x13, 0x96, 0xdd, 0x77, 0x50, 0xe4, 0xdb, 0x93, 0xbc, 0x54, 0x2b, 0xdf, 0x4d, 0x40,
-	0xc5, 0x07, 0xb4, 0x00, 0xbc, 0x57, 0x40, 0xe4, 0x6e, 0x74, 0xc3, 0xcf, 0x3f, 0xc3, 0x7b, 0x49,
-	0xb0, 0xc4, 0x98, 0xde, 0x2b, 0x1e, 0x75, 0xcc, 0xb1, 0x57, 0x4a, 0xea, 0x98, 0x8a, 0x37, 0x45,
-	0x11, 0x31, 0x45, 0x0d, 0x5f, 0xb4, 0xec, 0x6e, 0x64, 0x0d, 0x7d, 0xaf, 0x78, 0x22, 0x6b, 0x18,
-	0x78, 0x99, 0x13, 0x5f, 0x43, 0xde, 0xa4, 0x8f, 0xae, 0xa1, 0xff, 0x85, 0x49, 0x74, 0x0d, 0x03,
-	0x9d, 0xfe, 0xc4, 0xf5, 0xe4, 0xd3, 0x8b, 0x59, 0x4f, 0xff, 0x0c, 0xef, 0x25, 0xc1, 0x12, 0x63,
-	0x7a, 0xbd, 0x73, 0x75, 0xcc, 0xb1, 0x3e, 0xbe, 0x3a, 0xe6, 0x78, 0x0b, 0x3e, 0x2a, 0xe6, 0x97,
-	0xb0, 0xe2, 0xef, 0xfb, 0x91, 0xfb, 0x13, 0x36, 0x32, 0xcb, 0x95, 0x64, 0x60, 0x7c, 0xe4, 0x5f,
-	0xc2, 0x6a, 0xe0, 0x2d, 0x07, 0x51, 0x7a, 0x54, 0xbd, 0x55, 0x29, 0x3f, 0x98, 0x00, 0x99, 0x18,
-	0x3c, 0xd0, 0x24, 0x57, 0x07, 0x57, 0xb5, 0xe5, 0xd5, 0xc1, 0x95, 0x1d, 0xf7, 0x98, 0xe0, 0x81,
-	0x5e, 0xb8, 0x3a, 0xb8, 0xaa, 0xe9, 0xae, 0x0e, 0xae, 0x6e, 0xac, 0xc7, 0x92, 0x0c, 0xfb, 0x47,
-	0x91, 0x24, 0x0b, 0xf6, 0x1c, 0x23, 0x49, 0x16, 0x6e, 0x20, 0xc6, 0x93, 0x4c, 0x36, 0xbb, 0xa2,
-	0x49, 0x16, 0xea, 0xd0, 0x45, 0x93, 0x2c, 0xdc, 0x37, 0x4b, 0x24, 0x99, 0x9c, 0x70, 0x0c, 0xc9,
-	0x42, 0x73, 0x7e, 0x30, 0x01, 0x72, 0xc2, 0x3a, 0xc7, 0x06, 0x57, 0x35, 0x79, 0xe3, 0xea, 0x3c,
-	0x61, 0x70, 0x51, 0x67, 0xbc, 0xed, 0x47, 0xd6, 0x39, 0xd8, 0x47, 0x89, 0xac, 0x73, 0xa8, 0xd5,
-	0x90, 0x50, 0x67, 0xd9, 0x88, 0x8a, 0xae, 0x73, 0xa8, 0x7b, 0x16, 0x5d, 0xe7, 0x70, 0x4f, 0x2b,
-	0x71, 0x3f, 0xcb, 0x09, 0xc7, 0xec, 0xe7, 0xd0, 0x9c, 0x1f, 0x4c, 0x80, 0x4c, 0xfc, 0x71, 0x72,
-	0x5b, 0x20, 0xea, 0x1f, 0xa7, 0x70, 0x83, 0xa5, 0x7c, 0x37, 0x01, 0x95, 0xb8, 0xce, 0xfe, 0x7e,
-	0x83, 0x7a, 0x9d, 0x15, 0xbd, 0x94, 0x72, 0x25, 0x19, 0x18, 0x1f, 0x79, 0x08, 0x05, 0xdf, 0xad,
-	0x99, 0xdc, 0x9b, 0xec, 0xa2, 0x5f, 0xbe, 0x9f, 0x88, 0x4b, 0x9c, 0xb0, 0xff, 0x52, 0xac, 0x9e,
-	0xb0, 0xe2, 0x06, 0x5e, 0xae, 0x24, 0x03, 0x13, 0x23, 0xfb, 0x2f, 0xc0, 0xea, 0xc8, 0x8a, 0x4b,
-	0x76, 0xb9, 0x92, 0x0c, 0x9c, 0x84, 0x55, 0xe2, 0x08, 0x1d, 0xc9, 0xaa, 0xc0, 0x19, 0x3d, 0x92,
-	0x55, 0xc1, 0x73, 0x78, 0x22, 0xab, 0x30, 0x66, 0x0c, 0xab, 0x82, 0x61, 0x2b, 0xc9, 0xc0, 0x89,
-	0x58, 0x85, 0xd7, 0xaa, 0x68, 0x56, 0x05, 0x6f, 0x82, 0xd1, 0xac, 0x0a, 0xdd, 0xcf, 0x12, 0x59,
-	0x15, 0x37, 0x61, 0xc5, 0x15, 0x2d, 0x8e, 0x55, 0x13, 0x2f, 0xb5, 0xff, 0x86, 0x14, 0xc7, 0xaa,
-	0x09, 0x22, 0xab, 0x2e, 0x5b, 0x11, 0x91, 0x77, 0x4b, 0x6f, 0xbe, 0xda, 0x5a, 0xf8, 0xe7, 0x57,
-	0x5b, 0x0b, 0xbf, 0x1a, 0x6d, 0xa5, 0xde, 0x8c, 0xb6, 0x52, 0xff, 0x18, 0x6d, 0xa5, 0xfe, 0x3d,
-	0xda, 0x4a, 0x1d, 0x2f, 0xf1, 0x7f, 0x58, 0x7d, 0xf8, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0x96,
-	0x0e, 0xd9, 0x9f, 0xc9, 0x2b, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/control.proto b/vendor/github.com/docker/swarmkit/api/control.proto
index 66180b8a784e5..c90b78d9b83f2 100644
--- a/vendor/github.com/docker/swarmkit/api/control.proto
+++ b/vendor/github.com/docker/swarmkit/api/control.proto
@@ -6,6 +6,7 @@ import "github.com/docker/swarmkit/api/specs.proto";
 import "github.com/docker/swarmkit/api/objects.proto";
 import "github.com/docker/swarmkit/api/types.proto";
 import "gogoproto/gogo.proto";
+import "google/protobuf/any.proto";
 import "github.com/docker/swarmkit/protobuf/plugin/plugin.proto";
 
 // Control defines the RPC methods for controlling a cluster.
@@ -49,6 +50,16 @@ service Control {
 		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
 	};
 
+	// ListServiceStatuses returns a `ListServiceStatusesResponse` with the
+	// status of the requested services, formed by computing the number of
+	// running vs desired tasks. It is provided as a shortcut or helper method,
+	// which allows a client to avoid having to calculate this value by listing
+	// all Tasks. If any service requested does not exist, it will be returned
+	// but with empty status values.
+	rpc ListServiceStatuses(ListServiceStatusesRequest) returns (ListServiceStatusesResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	};
+
 	rpc GetNetwork(GetNetworkRequest) returns (GetNetworkResponse) {
 		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
 	};
@@ -161,6 +172,80 @@ service Control {
 	rpc RemoveConfig(RemoveConfigRequest) returns (RemoveConfigResponse) {
 		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
 	}
+
+	// --- extension APIs ---
+
+	// GetExtension returns a `GetExtensionResponse` with a `Extension` with the same
+	// id as `GetExtensionRequest.ExtensionId`
+	// - Returns `NotFound` if the Extension with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetExtensionRequest.ExtensionId` is empty.
+	// - Returns an error if the get fails.
+	rpc GetExtension(GetExtensionRequest) returns (GetExtensionResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// CreateExtension creates an `Extension` based on the provided `CreateExtensionRequest.Extension`
+	// and returns a `CreateExtensionResponse`.
+	// - Returns `InvalidArgument` if the `CreateExtensionRequest.Extension` is malformed,
+	//   or fails validation.
+	// - Returns an error if the creation fails.
+	rpc CreateExtension(CreateExtensionRequest) returns (CreateExtensionResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// RemoveExtension removes the extension referenced by `RemoveExtensionRequest.ID`.
+	// - Returns `InvalidArgument` if `RemoveExtensionRequest.ExtensionId` is empty.
+	// - Returns `NotFound` if the an extension named `RemoveExtensionRequest.ExtensionId` is not found.
+	// - Returns an error if the deletion fails.
+	rpc RemoveExtension(RemoveExtensionRequest) returns (RemoveExtensionResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// --- resource APIs ---
+
+	// GetResource returns a `GetResourceResponse` with a `Resource` with the same
+	// id as `GetResourceRequest.Resource`
+	// - Returns `NotFound` if the Resource with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetResourceRequest.Resource` is empty.
+	// - Returns an error if getting fails.
+	rpc GetResource(GetResourceRequest) returns (GetResourceResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// UpdateResource updates the resource with the given `UpdateResourceRequest.Resource.Id` using the given `UpdateResourceRequest.Resource` and returns a `UpdateResourceResponse`.
+	// - Returns `NotFound` if the Resource with the given `UpdateResourceRequest.Resource.Id` is not found.
+	// - Returns `InvalidArgument` if the UpdateResourceRequest.Resource.Id` is empty.
+	// - Returns an error if updating fails.
+	rpc UpdateResource(UpdateResourceRequest) returns (UpdateResourceResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// ListResources returns a `ListResourcesResponse` with a list of `Resource`s stored in the raft store,
+	// or all resources matching any name in `ListConfigsRequest.Names`, any
+	// name prefix in `ListResourcesRequest.NamePrefixes`, any id in
+	// `ListResourcesRequest.ResourceIDs`, or any id prefix in `ListResourcesRequest.IDPrefixes`,
+	// extension name equal to `ListResourcesRequest.Extension`.
+	// - Returns an error if listing fails.
+	rpc ListResources(ListResourcesRequest) returns (ListResourcesResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// CreateResource returns a `CreateResourceResponse` after creating a `Resource` based
+	// on the provided `CreateResourceRequest.Resource`.
+	// - Returns `InvalidArgument` if the `CreateResourceRequest.Resource` is malformed,
+	//   or if the config data is too long or contains invalid characters.
+	// - Returns an error if the creation fails.
+	rpc CreateResource(CreateResourceRequest) returns (CreateResourceResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// RemoveResource removes the `Resource` referenced by `RemoveResourceRequest.ResourceID`.
+	// - Returns `InvalidArgument` if `RemoveResourceRequest.ResourceID` is empty.
+	// - Returns `NotFound` if the a resource named `RemoveResourceRequest.ResourceID` is not found.
+	// - Returns an error if the deletion fails.
+	rpc RemoveResource(RemoveResourceRequest) returns (RemoveResourceResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
 }
 
 message GetNodeRequest {
@@ -322,6 +407,44 @@ message ListServicesResponse {
 	repeated Service services = 1;
 }
 
+// ListServiceStatusesRequest is a request to get the aggregate status of a
+// service by computing the number of running vs desired tasks. It includes
+// only a service ID.
+message ListServiceStatusesRequest {
+	// Services is a list of service IDs to get statuses for.
+	repeated string services = 1;
+}
+
+// ListServiceStatusesResponse is a response containing the aggregate status of
+// a service, formed by computing the number of running vs desired tasks. The
+// values returned are only valid for the point in time at which the request is
+// made.
+message ListServiceStatusesResponse {
+	message ServiceStatus {
+		// ServiceID is the ID of the service this status describes
+		string service_id = 1;
+
+		// DesiredTasks is the number of tasks desired to be running according to the
+		// service definition at request time. It is a uint64 because that is what
+		// the replicas field on the service spec is
+		uint64 desired_tasks = 2;
+		
+		// RunningTasks is the number of tasks currently in the Running state at
+		// request time. This may be larger than desired tasks if, for example, a
+		// service has been scaled down.
+		uint64 running_tasks = 3;
+
+		// CompletedTasks is the number of tasks in state Completed, if this
+		// service is in mode ReplicatedJob or GlobalJob. This must be
+		// cross-referenced with the service type, because the default value of 0
+		// may mean that a service is not in a Job mode, or it may mean the Job has
+		// yet to complete any Tasks.
+		uint64 completed_tasks = 4;
+	}
+
+	repeated ServiceStatus statuses = 1;
+}
+
 message CreateNetworkRequest {
 	NetworkSpec spec = 1;
 }
@@ -556,3 +679,111 @@ message RemoveConfigRequest {
 // RemoveConfigResponse is an empty object indicating the successful removal of
 // a config.
 message RemoveConfigResponse {}
+
+// CreateExtensionRequest creates a new extension as specified by the provided
+// parameters
+message CreateExtensionRequest {
+	Annotations annotations = 1;
+	string description = 2;
+}
+
+// CreateExtensionResponse contains the newly created `Extension` corresponding
+// to the parameters in the CreateExtensionRequest.
+message CreateExtensionResponse {
+	Extension extension = 1;
+}
+
+// RemoveExtensionRequest contains the ID of the extension that should be removed. This
+// removes all versions of the extension.
+message RemoveExtensionRequest {
+	string extension_id = 1;
+}
+
+// RemoveExtensionResponse is an empty object indicating the successful removal
+// of an extension.
+message RemoveExtensionResponse {
+}
+
+// GetResourceRequest is the request to get a Extension object given a extension id.
+message GetExtensionRequest {
+	string extension_id = 1;
+}
+
+// GetExtensionResponse contains the Extension corresponding to the id in
+// `GetExtensionRequest`.
+message GetExtensionResponse {
+	Extension extension = 1;
+}
+
+// CreateResourceRequest creates a new resource specified by the included
+// resource object. An existing resource will not be updated.
+message CreateResourceRequest {
+	Annotations annotations = 1;
+	string kind = 2;
+	google.protobuf.Any payload = 3;
+}
+
+// CreateResourceResponse contains the newly created `Resource` corresponding
+// to the resource in the CreateResourceRequest.
+message CreateResourceResponse {
+	Resource resource = 1;
+}
+
+// RemoveResourceRequest contains the ID of the resource that should be removed. This
+// removes all versions of the resource.
+message RemoveResourceRequest {
+	string resource_id = 1;
+}
+
+// RemoveResourceResponse is an empty object indicating the successful removal
+// of a resource.
+message RemoveResourceResponse {
+}
+
+// UpdateResourceRequest updates the resource specified by the given resource object.
+message UpdateResourceRequest {
+	string resource_id = 1;
+	Version resource_version = 2;
+	// Annotations describes the annotations to update. If the Annotations should
+	// be unchanged, then this field should be left empty. Note that the name of
+	// a Resource cannot be changed, only its labels.
+	Annotations annotations = 3;
+	// Payload describes the new payload of the resource. If the Payload should
+	// be unchanged, then this field should be left empty.
+	google.protobuf.Any payload = 4;
+}
+
+message UpdateResourceResponse {
+	Resource resource = 1;
+}
+
+// GetResourceRequest is the request to get a Resource object given a resource id.
+message GetResourceRequest {
+	string resource_id = 1;
+}
+
+// GetResourceResponse contains the Resource corresponding to the id in
+// `GetResourceRequest`.
+message GetResourceResponse {
+	Resource resource = 1;
+}
+
+// ListResourcesRequest is the request to list all resources in the raft store,
+// or all resources filtered by (name or name prefix or id prefix), labels and extension.
+message ListResourcesRequest {
+	message Filters {
+		repeated string names = 1;
+		repeated string id_prefixes = 2;
+		map<string, string> labels = 3;
+		repeated string name_prefixes = 4;
+		string kind = 5;
+	}
+
+	Filters filters = 1;
+}
+
+// ListResourcesResponse contains a list of all the resources that match the name or
+// name prefix filters provided in `ListResourcesRequest`.
+message ListResourcesResponse {
+	repeated Resource resources = 1;
+}
diff --git a/vendor/github.com/docker/swarmkit/api/dispatcher.pb.go b/vendor/github.com/docker/swarmkit/api/dispatcher.pb.go
index f72d3d9995b5c..96b13a1218a30 100644
--- a/vendor/github.com/docker/swarmkit/api/dispatcher.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/dispatcher.pb.go
@@ -3,33 +3,29 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/docker/swarmkit/protobuf/plugin"
-import _ "github.com/gogo/protobuf/types"
-
-import time "time"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import raftselector "github.com/docker/swarmkit/manager/raftselector"
-import codes "google.golang.org/grpc/codes"
-import status "google.golang.org/grpc/status"
-import metadata "google.golang.org/grpc/metadata"
-import peer "google.golang.org/grpc/peer"
-import rafttime "time"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	raftselector "github.com/docker/swarmkit/manager/raftselector"
+	_ "github.com/docker/swarmkit/protobuf/plugin"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	_ "github.com/gogo/protobuf/types"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	metadata "google.golang.org/grpc/metadata"
+	peer "google.golang.org/grpc/peer"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	rafttime "time"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -37,6 +33,12 @@ var _ = fmt.Errorf
 var _ = math.Inf
 var _ = time.Kitchen
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type AssignmentChange_AssignmentAction int32
 
 const (
@@ -48,6 +50,7 @@ var AssignmentChange_AssignmentAction_name = map[int32]string{
 	0: "UPDATE",
 	1: "REMOVE",
 }
+
 var AssignmentChange_AssignmentAction_value = map[string]int32{
 	"UPDATE": 0,
 	"REMOVE": 1,
@@ -56,8 +59,9 @@ var AssignmentChange_AssignmentAction_value = map[string]int32{
 func (x AssignmentChange_AssignmentAction) String() string {
 	return proto.EnumName(AssignmentChange_AssignmentAction_name, int32(x))
 }
+
 func (AssignmentChange_AssignmentAction) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorDispatcher, []int{10, 0}
+	return fileDescriptor_71002346457e55a8, []int{10, 0}
 }
 
 // AssignmentType specifies whether this assignment message carries
@@ -73,6 +77,7 @@ var AssignmentsMessage_Type_name = map[int32]string{
 	0: "COMPLETE",
 	1: "INCREMENTAL",
 }
+
 var AssignmentsMessage_Type_value = map[string]int32{
 	"COMPLETE":    0,
 	"INCREMENTAL": 1,
@@ -81,13 +86,14 @@ var AssignmentsMessage_Type_value = map[string]int32{
 func (x AssignmentsMessage_Type) String() string {
 	return proto.EnumName(AssignmentsMessage_Type_name, int32(x))
 }
+
 func (AssignmentsMessage_Type) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorDispatcher, []int{11, 0}
+	return fileDescriptor_71002346457e55a8, []int{11, 0}
 }
 
 // SessionRequest starts a session.
 type SessionRequest struct {
-	Description *NodeDescription `protobuf:"bytes,1,opt,name=description" json:"description,omitempty"`
+	Description *NodeDescription `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
 	// SessionID can be provided to attempt resuming an existing session. If the
 	// SessionID is empty or invalid, a new SessionID will be assigned.
 	//
@@ -95,9 +101,37 @@ type SessionRequest struct {
 	SessionID string `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
 }
 
-func (m *SessionRequest) Reset()                    { *m = SessionRequest{} }
-func (*SessionRequest) ProtoMessage()               {}
-func (*SessionRequest) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{0} }
+func (m *SessionRequest) Reset()      { *m = SessionRequest{} }
+func (*SessionRequest) ProtoMessage() {}
+func (*SessionRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{0}
+}
+func (m *SessionRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SessionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SessionRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SessionRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SessionRequest.Merge(m, src)
+}
+func (m *SessionRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *SessionRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_SessionRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SessionRequest proto.InternalMessageInfo
 
 // SessionMessage instructs an agent on various actions as part of the current
 // session. An agent should act immediately on the contents.
@@ -147,55 +181,165 @@ type SessionMessage struct {
 	// directly in the RPC message set.
 	SessionID string `protobuf:"bytes,1,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
 	// Node identifies the registering node.
-	Node *Node `protobuf:"bytes,2,opt,name=node" json:"node,omitempty"`
+	Node *Node `protobuf:"bytes,2,opt,name=node,proto3" json:"node,omitempty"`
 	// Managers provides a weight list of alternative dispatchers
-	Managers []*WeightedPeer `protobuf:"bytes,3,rep,name=managers" json:"managers,omitempty"`
+	Managers []*WeightedPeer `protobuf:"bytes,3,rep,name=managers,proto3" json:"managers,omitempty"`
 	// Symmetric encryption key distributed by the lead manager. Used by agents
 	// for securing network bootstrapping and communication.
-	NetworkBootstrapKeys []*EncryptionKey `protobuf:"bytes,4,rep,name=network_bootstrap_keys,json=networkBootstrapKeys" json:"network_bootstrap_keys,omitempty"`
+	NetworkBootstrapKeys []*EncryptionKey `protobuf:"bytes,4,rep,name=network_bootstrap_keys,json=networkBootstrapKeys,proto3" json:"network_bootstrap_keys,omitempty"`
 	// Which root certificates to trust
 	RootCA []byte `protobuf:"bytes,5,opt,name=RootCA,proto3" json:"RootCA,omitempty"`
 }
 
-func (m *SessionMessage) Reset()                    { *m = SessionMessage{} }
-func (*SessionMessage) ProtoMessage()               {}
-func (*SessionMessage) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{1} }
+func (m *SessionMessage) Reset()      { *m = SessionMessage{} }
+func (*SessionMessage) ProtoMessage() {}
+func (*SessionMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{1}
+}
+func (m *SessionMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SessionMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SessionMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SessionMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SessionMessage.Merge(m, src)
+}
+func (m *SessionMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *SessionMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_SessionMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SessionMessage proto.InternalMessageInfo
 
 // HeartbeatRequest provides identifying properties for a single heartbeat.
 type HeartbeatRequest struct {
 	SessionID string `protobuf:"bytes,1,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
 }
 
-func (m *HeartbeatRequest) Reset()                    { *m = HeartbeatRequest{} }
-func (*HeartbeatRequest) ProtoMessage()               {}
-func (*HeartbeatRequest) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{2} }
+func (m *HeartbeatRequest) Reset()      { *m = HeartbeatRequest{} }
+func (*HeartbeatRequest) ProtoMessage() {}
+func (*HeartbeatRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{2}
+}
+func (m *HeartbeatRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HeartbeatRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_HeartbeatRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *HeartbeatRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HeartbeatRequest.Merge(m, src)
+}
+func (m *HeartbeatRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *HeartbeatRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_HeartbeatRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HeartbeatRequest proto.InternalMessageInfo
 
 type HeartbeatResponse struct {
 	// Period is the duration to wait before sending the next heartbeat.
 	// Well-behaved agents should update this on every heartbeat round trip.
-	Period time.Duration `protobuf:"bytes,1,opt,name=period,stdduration" json:"period"`
+	Period time.Duration `protobuf:"bytes,1,opt,name=period,proto3,stdduration" json:"period"`
+}
+
+func (m *HeartbeatResponse) Reset()      { *m = HeartbeatResponse{} }
+func (*HeartbeatResponse) ProtoMessage() {}
+func (*HeartbeatResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{3}
+}
+func (m *HeartbeatResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HeartbeatResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_HeartbeatResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *HeartbeatResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HeartbeatResponse.Merge(m, src)
+}
+func (m *HeartbeatResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *HeartbeatResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_HeartbeatResponse.DiscardUnknown(m)
 }
 
-func (m *HeartbeatResponse) Reset()                    { *m = HeartbeatResponse{} }
-func (*HeartbeatResponse) ProtoMessage()               {}
-func (*HeartbeatResponse) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{3} }
+var xxx_messageInfo_HeartbeatResponse proto.InternalMessageInfo
 
 type UpdateTaskStatusRequest struct {
 	// Tasks should contain all statuses for running tasks. Only the status
 	// field must be set. The spec is not required.
 	SessionID string                                      `protobuf:"bytes,1,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
-	Updates   []*UpdateTaskStatusRequest_TaskStatusUpdate `protobuf:"bytes,3,rep,name=updates" json:"updates,omitempty"`
+	Updates   []*UpdateTaskStatusRequest_TaskStatusUpdate `protobuf:"bytes,3,rep,name=updates,proto3" json:"updates,omitempty"`
 }
 
 func (m *UpdateTaskStatusRequest) Reset()      { *m = UpdateTaskStatusRequest{} }
 func (*UpdateTaskStatusRequest) ProtoMessage() {}
 func (*UpdateTaskStatusRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptorDispatcher, []int{4}
+	return fileDescriptor_71002346457e55a8, []int{4}
+}
+func (m *UpdateTaskStatusRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateTaskStatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateTaskStatusRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateTaskStatusRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateTaskStatusRequest.Merge(m, src)
+}
+func (m *UpdateTaskStatusRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateTaskStatusRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateTaskStatusRequest.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_UpdateTaskStatusRequest proto.InternalMessageInfo
+
 type UpdateTaskStatusRequest_TaskStatusUpdate struct {
 	TaskID string      `protobuf:"bytes,1,opt,name=task_id,json=taskId,proto3" json:"task_id,omitempty"`
-	Status *TaskStatus `protobuf:"bytes,2,opt,name=status" json:"status,omitempty"`
+	Status *TaskStatus `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"`
 }
 
 func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Reset() {
@@ -203,43 +347,179 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Reset() {
 }
 func (*UpdateTaskStatusRequest_TaskStatusUpdate) ProtoMessage() {}
 func (*UpdateTaskStatusRequest_TaskStatusUpdate) Descriptor() ([]byte, []int) {
-	return fileDescriptorDispatcher, []int{4, 0}
+	return fileDescriptor_71002346457e55a8, []int{4, 0}
+}
+func (m *UpdateTaskStatusRequest_TaskStatusUpdate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateTaskStatusRequest_TaskStatusUpdate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateTaskStatusRequest_TaskStatusUpdate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateTaskStatusRequest_TaskStatusUpdate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateTaskStatusRequest_TaskStatusUpdate.Merge(m, src)
+}
+func (m *UpdateTaskStatusRequest_TaskStatusUpdate) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateTaskStatusRequest_TaskStatusUpdate) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateTaskStatusRequest_TaskStatusUpdate.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_UpdateTaskStatusRequest_TaskStatusUpdate proto.InternalMessageInfo
+
 type UpdateTaskStatusResponse struct {
 }
 
 func (m *UpdateTaskStatusResponse) Reset()      { *m = UpdateTaskStatusResponse{} }
 func (*UpdateTaskStatusResponse) ProtoMessage() {}
 func (*UpdateTaskStatusResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptorDispatcher, []int{5}
+	return fileDescriptor_71002346457e55a8, []int{5}
+}
+func (m *UpdateTaskStatusResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateTaskStatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateTaskStatusResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateTaskStatusResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateTaskStatusResponse.Merge(m, src)
+}
+func (m *UpdateTaskStatusResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateTaskStatusResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateTaskStatusResponse.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_UpdateTaskStatusResponse proto.InternalMessageInfo
+
 type TasksRequest struct {
 	SessionID string `protobuf:"bytes,1,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
 }
 
-func (m *TasksRequest) Reset()                    { *m = TasksRequest{} }
-func (*TasksRequest) ProtoMessage()               {}
-func (*TasksRequest) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{6} }
+func (m *TasksRequest) Reset()      { *m = TasksRequest{} }
+func (*TasksRequest) ProtoMessage() {}
+func (*TasksRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{6}
+}
+func (m *TasksRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TasksRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TasksRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TasksRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TasksRequest.Merge(m, src)
+}
+func (m *TasksRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *TasksRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_TasksRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_TasksRequest proto.InternalMessageInfo
 
 type TasksMessage struct {
 	// Tasks is the set of tasks that should be running on the node.
 	// Tasks outside of this set running on the node should be terminated.
-	Tasks []*Task `protobuf:"bytes,1,rep,name=tasks" json:"tasks,omitempty"`
+	Tasks []*Task `protobuf:"bytes,1,rep,name=tasks,proto3" json:"tasks,omitempty"`
+}
+
+func (m *TasksMessage) Reset()      { *m = TasksMessage{} }
+func (*TasksMessage) ProtoMessage() {}
+func (*TasksMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{7}
+}
+func (m *TasksMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TasksMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TasksMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TasksMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TasksMessage.Merge(m, src)
+}
+func (m *TasksMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *TasksMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_TasksMessage.DiscardUnknown(m)
 }
 
-func (m *TasksMessage) Reset()                    { *m = TasksMessage{} }
-func (*TasksMessage) ProtoMessage()               {}
-func (*TasksMessage) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{7} }
+var xxx_messageInfo_TasksMessage proto.InternalMessageInfo
 
 type AssignmentsRequest struct {
 	SessionID string `protobuf:"bytes,1,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
 }
 
-func (m *AssignmentsRequest) Reset()                    { *m = AssignmentsRequest{} }
-func (*AssignmentsRequest) ProtoMessage()               {}
-func (*AssignmentsRequest) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{8} }
+func (m *AssignmentsRequest) Reset()      { *m = AssignmentsRequest{} }
+func (*AssignmentsRequest) ProtoMessage() {}
+func (*AssignmentsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{8}
+}
+func (m *AssignmentsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AssignmentsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AssignmentsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AssignmentsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AssignmentsRequest.Merge(m, src)
+}
+func (m *AssignmentsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *AssignmentsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_AssignmentsRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AssignmentsRequest proto.InternalMessageInfo
 
 type Assignment struct {
 	// Types that are valid to be assigned to Item:
@@ -249,9 +529,37 @@ type Assignment struct {
 	Item isAssignment_Item `protobuf_oneof:"item"`
 }
 
-func (m *Assignment) Reset()                    { *m = Assignment{} }
-func (*Assignment) ProtoMessage()               {}
-func (*Assignment) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{9} }
+func (m *Assignment) Reset()      { *m = Assignment{} }
+func (*Assignment) ProtoMessage() {}
+func (*Assignment) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{9}
+}
+func (m *Assignment) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Assignment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Assignment.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Assignment) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Assignment.Merge(m, src)
+}
+func (m *Assignment) XXX_Size() int {
+	return m.Size()
+}
+func (m *Assignment) XXX_DiscardUnknown() {
+	xxx_messageInfo_Assignment.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Assignment proto.InternalMessageInfo
 
 type isAssignment_Item interface {
 	isAssignment_Item()
@@ -260,13 +568,13 @@ type isAssignment_Item interface {
 }
 
 type Assignment_Task struct {
-	Task *Task `protobuf:"bytes,1,opt,name=task,oneof"`
+	Task *Task `protobuf:"bytes,1,opt,name=task,proto3,oneof" json:"task,omitempty"`
 }
 type Assignment_Secret struct {
-	Secret *Secret `protobuf:"bytes,2,opt,name=secret,oneof"`
+	Secret *Secret `protobuf:"bytes,2,opt,name=secret,proto3,oneof" json:"secret,omitempty"`
 }
 type Assignment_Config struct {
-	Config *Config `protobuf:"bytes,3,opt,name=config,oneof"`
+	Config *Config `protobuf:"bytes,3,opt,name=config,proto3,oneof" json:"config,omitempty"`
 }
 
 func (*Assignment_Task) isAssignment_Item()   {}
@@ -301,107 +609,51 @@ func (m *Assignment) GetConfig() *Config {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Assignment) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _Assignment_OneofMarshaler, _Assignment_OneofUnmarshaler, _Assignment_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Assignment) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*Assignment_Task)(nil),
 		(*Assignment_Secret)(nil),
 		(*Assignment_Config)(nil),
 	}
 }
 
-func _Assignment_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*Assignment)
-	// item
-	switch x := m.Item.(type) {
-	case *Assignment_Task:
-		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Task); err != nil {
-			return err
-		}
-	case *Assignment_Secret:
-		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Secret); err != nil {
-			return err
-		}
-	case *Assignment_Config:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Config); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("Assignment.Item has unexpected type %T", x)
-	}
-	return nil
+type AssignmentChange struct {
+	Assignment *Assignment                       `protobuf:"bytes,1,opt,name=assignment,proto3" json:"assignment,omitempty"`
+	Action     AssignmentChange_AssignmentAction `protobuf:"varint,2,opt,name=action,proto3,enum=docker.swarmkit.v1.AssignmentChange_AssignmentAction" json:"action,omitempty"`
 }
 
-func _Assignment_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*Assignment)
-	switch tag {
-	case 1: // item.task
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Task)
-		err := b.DecodeMessage(msg)
-		m.Item = &Assignment_Task{msg}
-		return true, err
-	case 2: // item.secret
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Secret)
-		err := b.DecodeMessage(msg)
-		m.Item = &Assignment_Secret{msg}
-		return true, err
-	case 3: // item.config
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Config)
-		err := b.DecodeMessage(msg)
-		m.Item = &Assignment_Config{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _Assignment_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*Assignment)
-	// item
-	switch x := m.Item.(type) {
-	case *Assignment_Task:
-		s := proto.Size(x.Task)
-		n += proto.SizeVarint(1<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Assignment_Secret:
-		s := proto.Size(x.Secret)
-		n += proto.SizeVarint(2<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Assignment_Config:
-		s := proto.Size(x.Config)
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
+func (m *AssignmentChange) Reset()      { *m = AssignmentChange{} }
+func (*AssignmentChange) ProtoMessage() {}
+func (*AssignmentChange) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{10}
+}
+func (m *AssignmentChange) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AssignmentChange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AssignmentChange.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return n
 }
-
-type AssignmentChange struct {
-	Assignment *Assignment                       `protobuf:"bytes,1,opt,name=assignment" json:"assignment,omitempty"`
-	Action     AssignmentChange_AssignmentAction `protobuf:"varint,2,opt,name=action,proto3,enum=docker.swarmkit.v1.AssignmentChange_AssignmentAction" json:"action,omitempty"`
+func (m *AssignmentChange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AssignmentChange.Merge(m, src)
+}
+func (m *AssignmentChange) XXX_Size() int {
+	return m.Size()
+}
+func (m *AssignmentChange) XXX_DiscardUnknown() {
+	xxx_messageInfo_AssignmentChange.DiscardUnknown(m)
 }
 
-func (m *AssignmentChange) Reset()                    { *m = AssignmentChange{} }
-func (*AssignmentChange) ProtoMessage()               {}
-func (*AssignmentChange) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{10} }
+var xxx_messageInfo_AssignmentChange proto.InternalMessageInfo
 
 type AssignmentsMessage struct {
 	Type AssignmentsMessage_Type `protobuf:"varint,1,opt,name=type,proto3,enum=docker.swarmkit.v1.AssignmentsMessage_Type" json:"type,omitempty"`
@@ -416,14 +668,44 @@ type AssignmentsMessage struct {
 	// against missed messages.
 	ResultsIn string `protobuf:"bytes,3,opt,name=results_in,json=resultsIn,proto3" json:"results_in,omitempty"`
 	// AssignmentChange is a set of changes to apply on this node.
-	Changes []*AssignmentChange `protobuf:"bytes,4,rep,name=changes" json:"changes,omitempty"`
+	Changes []*AssignmentChange `protobuf:"bytes,4,rep,name=changes,proto3" json:"changes,omitempty"`
 }
 
-func (m *AssignmentsMessage) Reset()                    { *m = AssignmentsMessage{} }
-func (*AssignmentsMessage) ProtoMessage()               {}
-func (*AssignmentsMessage) Descriptor() ([]byte, []int) { return fileDescriptorDispatcher, []int{11} }
+func (m *AssignmentsMessage) Reset()      { *m = AssignmentsMessage{} }
+func (*AssignmentsMessage) ProtoMessage() {}
+func (*AssignmentsMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_71002346457e55a8, []int{11}
+}
+func (m *AssignmentsMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AssignmentsMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AssignmentsMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AssignmentsMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AssignmentsMessage.Merge(m, src)
+}
+func (m *AssignmentsMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *AssignmentsMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_AssignmentsMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AssignmentsMessage proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.AssignmentChange_AssignmentAction", AssignmentChange_AssignmentAction_name, AssignmentChange_AssignmentAction_value)
+	proto.RegisterEnum("docker.swarmkit.v1.AssignmentsMessage_Type", AssignmentsMessage_Type_name, AssignmentsMessage_Type_value)
 	proto.RegisterType((*SessionRequest)(nil), "docker.swarmkit.v1.SessionRequest")
 	proto.RegisterType((*SessionMessage)(nil), "docker.swarmkit.v1.SessionMessage")
 	proto.RegisterType((*HeartbeatRequest)(nil), "docker.swarmkit.v1.HeartbeatRequest")
@@ -437,8 +719,78 @@ func init() {
 	proto.RegisterType((*Assignment)(nil), "docker.swarmkit.v1.Assignment")
 	proto.RegisterType((*AssignmentChange)(nil), "docker.swarmkit.v1.AssignmentChange")
 	proto.RegisterType((*AssignmentsMessage)(nil), "docker.swarmkit.v1.AssignmentsMessage")
-	proto.RegisterEnum("docker.swarmkit.v1.AssignmentChange_AssignmentAction", AssignmentChange_AssignmentAction_name, AssignmentChange_AssignmentAction_value)
-	proto.RegisterEnum("docker.swarmkit.v1.AssignmentsMessage_Type", AssignmentsMessage_Type_name, AssignmentsMessage_Type_value)
+}
+
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/dispatcher.proto", fileDescriptor_71002346457e55a8)
+}
+
+var fileDescriptor_71002346457e55a8 = []byte{
+	// 1019 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0xcf, 0x4f, 0x1b, 0x47,
+	0x18, 0xf5, 0x18, 0xb3, 0xe0, 0xcf, 0x84, 0xba, 0xa3, 0x88, 0xba, 0x96, 0xb2, 0xb8, 0x4b, 0x82,
+	0x50, 0x43, 0xd7, 0xa9, 0xfb, 0xeb, 0x50, 0x44, 0x8b, 0xb1, 0x25, 0xac, 0x04, 0x82, 0x06, 0x92,
+	0x1c, 0xd1, 0x7a, 0x77, 0xb2, 0x6c, 0x8d, 0x77, 0xb6, 0x3b, 0xe3, 0xa4, 0x3e, 0x54, 0xea, 0xa1,
+	0x91, 0xaa, 0x9e, 0xa2, 0x9e, 0x90, 0xaa, 0xfe, 0x0b, 0x55, 0xff, 0x0c, 0xd4, 0x53, 0x8e, 0x39,
+	0xd1, 0xc6, 0xdc, 0xfb, 0x07, 0xf4, 0x54, 0xed, 0xec, 0xac, 0xed, 0x12, 0x1b, 0x0c, 0x27, 0x7b,
+	0x67, 0xde, 0x7b, 0xf3, 0xf6, 0x7d, 0xdf, 0x7e, 0x03, 0x65, 0xd7, 0x13, 0x87, 0x9d, 0xa6, 0x69,
+	0xb3, 0x76, 0xd9, 0x61, 0x76, 0x8b, 0x86, 0x65, 0xfe, 0xdc, 0x0a, 0xdb, 0x2d, 0x4f, 0x94, 0xad,
+	0xc0, 0x2b, 0x3b, 0x1e, 0x0f, 0x2c, 0x61, 0x1f, 0xd2, 0xd0, 0x0c, 0x42, 0x26, 0x18, 0xc6, 0x31,
+	0xca, 0x4c, 0x50, 0xe6, 0xb3, 0x8f, 0x8b, 0x1f, 0x5e, 0x22, 0x22, 0xba, 0x01, 0xe5, 0x31, 0xbf,
+	0xb8, 0x7a, 0x09, 0x96, 0x35, 0xbf, 0xa1, 0xb6, 0x48, 0xd0, 0x37, 0x5d, 0xe6, 0x32, 0xf9, 0xb7,
+	0x1c, 0xfd, 0x53, 0xab, 0x5f, 0x5c, 0xa0, 0x21, 0x11, 0xcd, 0xce, 0xd3, 0x72, 0x70, 0xd4, 0x71,
+	0x3d, 0x5f, 0xfd, 0x28, 0xa2, 0xee, 0x32, 0xe6, 0x1e, 0xd1, 0x01, 0xc8, 0xe9, 0x84, 0x96, 0xf0,
+	0x98, 0xda, 0x37, 0x5e, 0x20, 0x98, 0xdf, 0xa3, 0x9c, 0x7b, 0xcc, 0x27, 0xf4, 0xdb, 0x0e, 0xe5,
+	0x02, 0xd7, 0x21, 0xe7, 0x50, 0x6e, 0x87, 0x5e, 0x10, 0xe1, 0x0a, 0xa8, 0x84, 0x56, 0x72, 0x95,
+	0x25, 0xf3, 0xed, 0x14, 0xcc, 0x1d, 0xe6, 0xd0, 0xda, 0x00, 0x4a, 0x86, 0x79, 0x78, 0x15, 0x80,
+	0xc7, 0xc2, 0x07, 0x9e, 0x53, 0x48, 0x97, 0xd0, 0x4a, 0xb6, 0x7a, 0xa3, 0x77, 0xba, 0x98, 0x55,
+	0xc7, 0x35, 0x6a, 0x24, 0xab, 0x00, 0x0d, 0xc7, 0xf8, 0x35, 0xdd, 0xf7, 0xb1, 0x4d, 0x39, 0xb7,
+	0x5c, 0x7a, 0x4e, 0x00, 0x5d, 0x2c, 0x80, 0x57, 0x21, 0xe3, 0x33, 0x87, 0xca, 0x83, 0x72, 0x95,
+	0xc2, 0x38, 0xbb, 0x44, 0xa2, 0xf0, 0x1a, 0xcc, 0xb6, 0x2d, 0xdf, 0x72, 0x69, 0xc8, 0x0b, 0x53,
+	0xa5, 0xa9, 0x95, 0x5c, 0xa5, 0x34, 0x8a, 0xf1, 0x84, 0x7a, 0xee, 0xa1, 0xa0, 0xce, 0x2e, 0xa5,
+	0x21, 0xe9, 0x33, 0xf0, 0x13, 0x58, 0xf0, 0xa9, 0x78, 0xce, 0xc2, 0xd6, 0x41, 0x93, 0x31, 0xc1,
+	0x45, 0x68, 0x05, 0x07, 0x2d, 0xda, 0xe5, 0x85, 0x8c, 0xd4, 0xfa, 0x60, 0x94, 0x56, 0xdd, 0xb7,
+	0xc3, 0xae, 0x8c, 0xe6, 0x3e, 0xed, 0x92, 0x9b, 0x4a, 0xa0, 0x9a, 0xf0, 0xef, 0xd3, 0x2e, 0xc7,
+	0x0b, 0xa0, 0x11, 0xc6, 0xc4, 0xe6, 0x46, 0x61, 0xba, 0x84, 0x56, 0xe6, 0x88, 0x7a, 0x32, 0xbe,
+	0x86, 0xfc, 0x16, 0xb5, 0x42, 0xd1, 0xa4, 0x96, 0x48, 0xca, 0x74, 0xa5, 0x78, 0x8c, 0x5d, 0x78,
+	0x77, 0x48, 0x81, 0x07, 0xcc, 0xe7, 0x14, 0x7f, 0x09, 0x5a, 0x40, 0x43, 0x8f, 0x39, 0xaa, 0xc8,
+	0xef, 0x9b, 0x71, 0xb7, 0x98, 0x49, 0xb7, 0x98, 0x35, 0xd5, 0x2d, 0xd5, 0xd9, 0x93, 0xd3, 0xc5,
+	0xd4, 0xf1, 0x5f, 0x8b, 0x88, 0x28, 0x8a, 0xf1, 0x32, 0x0d, 0xef, 0x3d, 0x0a, 0x1c, 0x4b, 0xd0,
+	0x7d, 0x8b, 0xb7, 0xf6, 0x84, 0x25, 0x3a, 0xfc, 0x5a, 0xde, 0xf0, 0x63, 0x98, 0xe9, 0x48, 0xa1,
+	0xa4, 0x16, 0x6b, 0xa3, 0xf2, 0x1b, 0x73, 0x96, 0x39, 0x58, 0x89, 0x11, 0x24, 0x11, 0x2b, 0x32,
+	0xc8, 0x9f, 0xdf, 0xc4, 0x4b, 0x30, 0x23, 0x2c, 0xde, 0x1a, 0xd8, 0x82, 0xde, 0xe9, 0xa2, 0x16,
+	0xc1, 0x1a, 0x35, 0xa2, 0x45, 0x5b, 0x0d, 0x07, 0x7f, 0x0e, 0x1a, 0x97, 0x24, 0xd5, 0x4d, 0xfa,
+	0x28, 0x3f, 0x43, 0x4e, 0x14, 0xda, 0x28, 0x42, 0xe1, 0x6d, 0x97, 0x71, 0xd6, 0xc6, 0x1a, 0xcc,
+	0x45, 0xab, 0xd7, 0x8b, 0xc8, 0x58, 0x57, 0xec, 0xe4, 0xdb, 0x30, 0x61, 0x3a, 0xf2, 0xca, 0x0b,
+	0x48, 0x06, 0x56, 0x18, 0x67, 0x90, 0xc4, 0x30, 0xa3, 0x0a, 0x78, 0x83, 0x73, 0xcf, 0xf5, 0xdb,
+	0xd4, 0x17, 0xd7, 0xf4, 0xf0, 0x07, 0x02, 0x18, 0x88, 0x60, 0x13, 0x32, 0x91, 0xb6, 0x6a, 0x9d,
+	0xb1, 0x0e, 0xb6, 0x52, 0x44, 0xe2, 0xf0, 0xa7, 0xa0, 0x71, 0x6a, 0x87, 0x54, 0xa8, 0x50, 0x8b,
+	0xa3, 0x18, 0x7b, 0x12, 0xb1, 0x95, 0x22, 0x0a, 0x1b, 0xb1, 0x6c, 0xe6, 0x3f, 0xf5, 0xdc, 0xc2,
+	0xd4, 0x78, 0xd6, 0xa6, 0x44, 0x44, 0xac, 0x18, 0x5b, 0xd5, 0x20, 0xe3, 0x09, 0xda, 0x36, 0x5e,
+	0xa4, 0x21, 0x3f, 0xb0, 0xbc, 0x79, 0x68, 0xf9, 0x2e, 0xc5, 0xeb, 0x00, 0x56, 0x7f, 0x4d, 0xd9,
+	0x1f, 0x59, 0xe1, 0x01, 0x93, 0x0c, 0x31, 0xf0, 0x36, 0x68, 0x96, 0x2d, 0x47, 0x63, 0xf4, 0x22,
+	0xf3, 0x95, 0xcf, 0x2e, 0xe6, 0xc6, 0xa7, 0x0e, 0x2d, 0x6c, 0x48, 0x32, 0x51, 0x22, 0x46, 0x73,
+	0xd8, 0x62, 0xbc, 0x87, 0x97, 0x41, 0x7b, 0xb4, 0x5b, 0xdb, 0xd8, 0xaf, 0xe7, 0x53, 0xc5, 0xe2,
+	0xcf, 0xbf, 0x95, 0x16, 0xce, 0x23, 0x54, 0x37, 0x2f, 0x83, 0x46, 0xea, 0xdb, 0x0f, 0x1f, 0xd7,
+	0xf3, 0x68, 0x34, 0x8e, 0xd0, 0x36, 0x7b, 0x46, 0x8d, 0x7f, 0xd1, 0xff, 0xea, 0x9f, 0x74, 0xd1,
+	0x57, 0x90, 0x89, 0x2e, 0x2a, 0x99, 0xc1, 0x7c, 0xe5, 0xee, 0xc5, 0xef, 0x91, 0xb0, 0xcc, 0xfd,
+	0x6e, 0x40, 0x89, 0x24, 0xe2, 0x5b, 0x00, 0x56, 0x10, 0x1c, 0x79, 0x94, 0x1f, 0x08, 0x16, 0xcf,
+	0x78, 0x92, 0x55, 0x2b, 0xfb, 0x2c, 0xda, 0x0e, 0x29, 0xef, 0x1c, 0x09, 0x7e, 0xe0, 0xf9, 0xb2,
+	0x80, 0x59, 0x92, 0x55, 0x2b, 0x0d, 0x1f, 0xaf, 0xc3, 0x8c, 0x2d, 0xc3, 0x49, 0xe6, 0xe6, 0xed,
+	0x49, 0x92, 0x24, 0x09, 0xc9, 0xb8, 0x03, 0x99, 0xc8, 0x0b, 0x9e, 0x83, 0xd9, 0xcd, 0x87, 0xdb,
+	0xbb, 0x0f, 0xea, 0x51, 0x5e, 0xf8, 0x1d, 0xc8, 0x35, 0x76, 0x36, 0x49, 0x7d, 0xbb, 0xbe, 0xb3,
+	0xbf, 0xf1, 0x20, 0x8f, 0x2a, 0xc7, 0xd3, 0x00, 0xb5, 0xfe, 0xa5, 0x8e, 0xbf, 0x83, 0x19, 0xd5,
+	0xde, 0xd8, 0x18, 0xdd, 0x82, 0xc3, 0xb7, 0x61, 0xf1, 0x22, 0x8c, 0x4a, 0xc4, 0x58, 0xfa, 0xf3,
+	0xf7, 0x7f, 0x8e, 0xd3, 0xb7, 0x60, 0x4e, 0x62, 0x3e, 0x8a, 0xe6, 0x3a, 0x0d, 0xe1, 0x46, 0xfc,
+	0xa4, 0x6e, 0x8d, 0x7b, 0x08, 0x7f, 0x0f, 0xd9, 0xfe, 0x0c, 0xc6, 0x23, 0xdf, 0xf5, 0xfc, 0x90,
+	0x2f, 0xde, 0xb9, 0x04, 0xa5, 0x86, 0xcb, 0x24, 0x06, 0xf0, 0x2f, 0x08, 0xf2, 0xe7, 0xc7, 0x13,
+	0xbe, 0x7b, 0x85, 0x51, 0x5b, 0x5c, 0x9d, 0x0c, 0x7c, 0x15, 0x53, 0x1d, 0x98, 0x96, 0x83, 0x0d,
+	0x97, 0xc6, 0x0d, 0x90, 0xfe, 0xe9, 0xe3, 0x11, 0x49, 0x1d, 0x96, 0x27, 0x38, 0xf1, 0xa7, 0x34,
+	0xba, 0x87, 0xf0, 0x8f, 0x08, 0x72, 0x43, 0xad, 0x8d, 0x97, 0x2f, 0xe9, 0xfd, 0xc4, 0xc3, 0xf2,
+	0x64, 0xdf, 0xc8, 0x84, 0x1d, 0x51, 0xbd, 0x7d, 0xf2, 0x46, 0x4f, 0xbd, 0x7e, 0xa3, 0xa7, 0x7e,
+	0xe8, 0xe9, 0xe8, 0xa4, 0xa7, 0xa3, 0x57, 0x3d, 0x1d, 0xfd, 0xdd, 0xd3, 0xd1, 0xcb, 0x33, 0x3d,
+	0xf5, 0xea, 0x4c, 0x4f, 0xbd, 0x3e, 0xd3, 0x53, 0x4d, 0x4d, 0x5e, 0xc7, 0x9f, 0xfc, 0x17, 0x00,
+	0x00, 0xff, 0xff, 0xa9, 0xc4, 0x36, 0xaa, 0xba, 0x0a, 0x00, 0x00,
 }
 
 type authenticatedWrapperDispatcherServer struct {
@@ -508,7 +860,7 @@ func (m *SessionRequest) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Description != nil {
 		m.Description = &NodeDescription{}
-		deepcopy.Copy(m.Description, o.Description)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Description, o.Description)
 	}
 }
 
@@ -527,13 +879,13 @@ func (m *SessionMessage) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Node != nil {
 		m.Node = &Node{}
-		deepcopy.Copy(m.Node, o.Node)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Node, o.Node)
 	}
 	if o.Managers != nil {
 		m.Managers = make([]*WeightedPeer, len(o.Managers))
 		for i := range m.Managers {
 			m.Managers[i] = &WeightedPeer{}
-			deepcopy.Copy(m.Managers[i], o.Managers[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Managers[i], o.Managers[i])
 		}
 	}
 
@@ -541,7 +893,7 @@ func (m *SessionMessage) CopyFrom(src interface{}) {
 		m.NetworkBootstrapKeys = make([]*EncryptionKey, len(o.NetworkBootstrapKeys))
 		for i := range m.NetworkBootstrapKeys {
 			m.NetworkBootstrapKeys[i] = &EncryptionKey{}
-			deepcopy.Copy(m.NetworkBootstrapKeys[i], o.NetworkBootstrapKeys[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.NetworkBootstrapKeys[i], o.NetworkBootstrapKeys[i])
 		}
 	}
 
@@ -579,7 +931,7 @@ func (m *HeartbeatResponse) CopyFrom(src interface{}) {
 
 	o := src.(*HeartbeatResponse)
 	*m = *o
-	deepcopy.Copy(&m.Period, &o.Period)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Period, &o.Period)
 }
 
 func (m *UpdateTaskStatusRequest) Copy() *UpdateTaskStatusRequest {
@@ -599,7 +951,7 @@ func (m *UpdateTaskStatusRequest) CopyFrom(src interface{}) {
 		m.Updates = make([]*UpdateTaskStatusRequest_TaskStatusUpdate, len(o.Updates))
 		for i := range m.Updates {
 			m.Updates[i] = &UpdateTaskStatusRequest_TaskStatusUpdate{}
-			deepcopy.Copy(m.Updates[i], o.Updates[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Updates[i], o.Updates[i])
 		}
 	}
 
@@ -620,7 +972,7 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Status != nil {
 		m.Status = &TaskStatus{}
-		deepcopy.Copy(m.Status, o.Status)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Status, o.Status)
 	}
 }
 
@@ -666,7 +1018,7 @@ func (m *TasksMessage) CopyFrom(src interface{}) {
 		m.Tasks = make([]*Task, len(o.Tasks))
 		for i := range m.Tasks {
 			m.Tasks[i] = &Task{}
-			deepcopy.Copy(m.Tasks[i], o.Tasks[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Tasks[i], o.Tasks[i])
 		}
 	}
 
@@ -706,19 +1058,19 @@ func (m *Assignment) CopyFrom(src interface{}) {
 			v := Assignment_Task{
 				Task: &Task{},
 			}
-			deepcopy.Copy(v.Task, o.GetTask())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Task, o.GetTask())
 			m.Item = &v
 		case *Assignment_Secret:
 			v := Assignment_Secret{
 				Secret: &Secret{},
 			}
-			deepcopy.Copy(v.Secret, o.GetSecret())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Secret, o.GetSecret())
 			m.Item = &v
 		case *Assignment_Config:
 			v := Assignment_Config{
 				Config: &Config{},
 			}
-			deepcopy.Copy(v.Config, o.GetConfig())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Config, o.GetConfig())
 			m.Item = &v
 		}
 	}
@@ -740,7 +1092,7 @@ func (m *AssignmentChange) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Assignment != nil {
 		m.Assignment = &Assignment{}
-		deepcopy.Copy(m.Assignment, o.Assignment)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Assignment, o.Assignment)
 	}
 }
 
@@ -761,7 +1113,7 @@ func (m *AssignmentsMessage) CopyFrom(src interface{}) {
 		m.Changes = make([]*AssignmentChange, len(o.Changes))
 		for i := range m.Changes {
 			m.Changes[i] = &AssignmentChange{}
-			deepcopy.Copy(m.Changes[i], o.Changes[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Changes[i], o.Changes[i])
 		}
 	}
 
@@ -775,8 +1127,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Dispatcher service
-
+// DispatcherClient is the client API for Dispatcher service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type DispatcherClient interface {
 	// Session starts an agent session with the dispatcher. The session is
 	// started after the first SessionMessage is received.
@@ -818,7 +1171,7 @@ func NewDispatcherClient(cc *grpc.ClientConn) DispatcherClient {
 }
 
 func (c *dispatcherClient) Session(ctx context.Context, in *SessionRequest, opts ...grpc.CallOption) (Dispatcher_SessionClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Dispatcher_serviceDesc.Streams[0], c.cc, "/docker.swarmkit.v1.Dispatcher/Session", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Dispatcher_serviceDesc.Streams[0], "/docker.swarmkit.v1.Dispatcher/Session", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -851,7 +1204,7 @@ func (x *dispatcherSessionClient) Recv() (*SessionMessage, error) {
 
 func (c *dispatcherClient) Heartbeat(ctx context.Context, in *HeartbeatRequest, opts ...grpc.CallOption) (*HeartbeatResponse, error) {
 	out := new(HeartbeatResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Dispatcher/Heartbeat", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Dispatcher/Heartbeat", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -860,15 +1213,16 @@ func (c *dispatcherClient) Heartbeat(ctx context.Context, in *HeartbeatRequest,
 
 func (c *dispatcherClient) UpdateTaskStatus(ctx context.Context, in *UpdateTaskStatusRequest, opts ...grpc.CallOption) (*UpdateTaskStatusResponse, error) {
 	out := new(UpdateTaskStatusResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Dispatcher/UpdateTaskStatus", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Dispatcher/UpdateTaskStatus", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
+// Deprecated: Do not use.
 func (c *dispatcherClient) Tasks(ctx context.Context, in *TasksRequest, opts ...grpc.CallOption) (Dispatcher_TasksClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Dispatcher_serviceDesc.Streams[1], c.cc, "/docker.swarmkit.v1.Dispatcher/Tasks", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Dispatcher_serviceDesc.Streams[1], "/docker.swarmkit.v1.Dispatcher/Tasks", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -900,7 +1254,7 @@ func (x *dispatcherTasksClient) Recv() (*TasksMessage, error) {
 }
 
 func (c *dispatcherClient) Assignments(ctx context.Context, in *AssignmentsRequest, opts ...grpc.CallOption) (Dispatcher_AssignmentsClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Dispatcher_serviceDesc.Streams[2], c.cc, "/docker.swarmkit.v1.Dispatcher/Assignments", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Dispatcher_serviceDesc.Streams[2], "/docker.swarmkit.v1.Dispatcher/Assignments", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -931,8 +1285,7 @@ func (x *dispatcherAssignmentsClient) Recv() (*AssignmentsMessage, error) {
 	return m, nil
 }
 
-// Server API for Dispatcher service
-
+// DispatcherServer is the server API for Dispatcher service.
 type DispatcherServer interface {
 	// Session starts an agent session with the dispatcher. The session is
 	// started after the first SessionMessage is received.
@@ -965,6 +1318,26 @@ type DispatcherServer interface {
 	Assignments(*AssignmentsRequest, Dispatcher_AssignmentsServer) error
 }
 
+// UnimplementedDispatcherServer can be embedded to have forward compatible implementations.
+type UnimplementedDispatcherServer struct {
+}
+
+func (*UnimplementedDispatcherServer) Session(req *SessionRequest, srv Dispatcher_SessionServer) error {
+	return status.Errorf(codes.Unimplemented, "method Session not implemented")
+}
+func (*UnimplementedDispatcherServer) Heartbeat(ctx context.Context, req *HeartbeatRequest) (*HeartbeatResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Heartbeat not implemented")
+}
+func (*UnimplementedDispatcherServer) UpdateTaskStatus(ctx context.Context, req *UpdateTaskStatusRequest) (*UpdateTaskStatusResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateTaskStatus not implemented")
+}
+func (*UnimplementedDispatcherServer) Tasks(req *TasksRequest, srv Dispatcher_TasksServer) error {
+	return status.Errorf(codes.Unimplemented, "method Tasks not implemented")
+}
+func (*UnimplementedDispatcherServer) Assignments(req *AssignmentsRequest, srv Dispatcher_AssignmentsServer) error {
+	return status.Errorf(codes.Unimplemented, "method Assignments not implemented")
+}
+
 func RegisterDispatcherServer(s *grpc.Server, srv DispatcherServer) {
 	s.RegisterService(&_Dispatcher_serviceDesc, srv)
 }
@@ -1104,7 +1477,7 @@ var _Dispatcher_serviceDesc = grpc.ServiceDesc{
 func (m *SessionRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1112,33 +1485,41 @@ func (m *SessionRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SessionRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Description != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(m.Description.Size()))
-		n1, err := m.Description.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
-	}
 	if len(m.SessionID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.SessionID)
+		copy(dAtA[i:], m.SessionID)
 		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.SessionID)))
-		i += copy(dAtA[i:], m.SessionID)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if m.Description != nil {
+		{
+			size, err := m.Description.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintDispatcher(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *SessionMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1146,63 +1527,76 @@ func (m *SessionMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SessionMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SessionMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.SessionID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.SessionID)))
-		i += copy(dAtA[i:], m.SessionID)
+	if len(m.RootCA) > 0 {
+		i -= len(m.RootCA)
+		copy(dAtA[i:], m.RootCA)
+		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.RootCA)))
+		i--
+		dAtA[i] = 0x2a
 	}
-	if m.Node != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(m.Node.Size()))
-		n2, err := m.Node.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.NetworkBootstrapKeys) > 0 {
+		for iNdEx := len(m.NetworkBootstrapKeys) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.NetworkBootstrapKeys[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintDispatcher(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
 		}
-		i += n2
 	}
 	if len(m.Managers) > 0 {
-		for _, msg := range m.Managers {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintDispatcher(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Managers) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Managers[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintDispatcher(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if len(m.NetworkBootstrapKeys) > 0 {
-		for _, msg := range m.NetworkBootstrapKeys {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintDispatcher(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Node != nil {
+		{
+			size, err := m.Node.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintDispatcher(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.RootCA) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.RootCA)))
-		i += copy(dAtA[i:], m.RootCA)
+	if len(m.SessionID) > 0 {
+		i -= len(m.SessionID)
+		copy(dAtA[i:], m.SessionID)
+		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.SessionID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *HeartbeatRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1210,23 +1604,29 @@ func (m *HeartbeatRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *HeartbeatRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HeartbeatRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.SessionID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.SessionID)
+		copy(dAtA[i:], m.SessionID)
 		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.SessionID)))
-		i += copy(dAtA[i:], m.SessionID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *HeartbeatResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1234,25 +1634,30 @@ func (m *HeartbeatResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *HeartbeatResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HeartbeatResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintDispatcher(dAtA, i, uint64(types.SizeOfStdDuration(m.Period)))
-	n3, err := types.StdDurationMarshalTo(m.Period, dAtA[i:])
-	if err != nil {
-		return 0, err
+	n3, err3 := github_com_gogo_protobuf_types.StdDurationMarshalTo(m.Period, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdDuration(m.Period):])
+	if err3 != nil {
+		return 0, err3
 	}
-	i += n3
-	return i, nil
+	i -= n3
+	i = encodeVarintDispatcher(dAtA, i, uint64(n3))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateTaskStatusRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1260,35 +1665,43 @@ func (m *UpdateTaskStatusRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateTaskStatusRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateTaskStatusRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.SessionID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.SessionID)))
-		i += copy(dAtA[i:], m.SessionID)
-	}
 	if len(m.Updates) > 0 {
-		for _, msg := range m.Updates {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintDispatcher(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Updates) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Updates[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintDispatcher(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	return i, nil
+	if len(m.SessionID) > 0 {
+		i -= len(m.SessionID)
+		copy(dAtA[i:], m.SessionID)
+		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.SessionID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1296,33 +1709,41 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Marshal() (dAtA []byte, err e
 }
 
 func (m *UpdateTaskStatusRequest_TaskStatusUpdate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateTaskStatusRequest_TaskStatusUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.TaskID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.TaskID)))
-		i += copy(dAtA[i:], m.TaskID)
-	}
 	if m.Status != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(m.Status.Size()))
-		n4, err := m.Status.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintDispatcher(dAtA, i, uint64(size))
 		}
-		i += n4
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.TaskID) > 0 {
+		i -= len(m.TaskID)
+		copy(dAtA[i:], m.TaskID)
+		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.TaskID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateTaskStatusResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1330,17 +1751,22 @@ func (m *UpdateTaskStatusResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateTaskStatusResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateTaskStatusResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TasksRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1348,23 +1774,29 @@ func (m *TasksRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TasksRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TasksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.SessionID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.SessionID)
+		copy(dAtA[i:], m.SessionID)
 		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.SessionID)))
-		i += copy(dAtA[i:], m.SessionID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TasksMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1372,29 +1804,36 @@ func (m *TasksMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TasksMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TasksMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Tasks) > 0 {
-		for _, msg := range m.Tasks {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintDispatcher(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Tasks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Tasks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintDispatcher(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *AssignmentsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1402,23 +1841,29 @@ func (m *AssignmentsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *AssignmentsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AssignmentsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.SessionID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.SessionID)
+		copy(dAtA[i:], m.SessionID)
 		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.SessionID)))
-		i += copy(dAtA[i:], m.SessionID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Assignment) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1426,66 +1871,94 @@ func (m *Assignment) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Assignment) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Assignment) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Item != nil {
-		nn5, err := m.Item.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.Item.Size()
+			i -= size
+			if _, err := m.Item.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn5
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Assignment_Task) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Assignment_Task) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Task != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(m.Task.Size()))
-		n6, err := m.Task.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Task.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintDispatcher(dAtA, i, uint64(size))
 		}
-		i += n6
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Assignment_Secret) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Assignment_Secret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Secret != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(m.Secret.Size()))
-		n7, err := m.Secret.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintDispatcher(dAtA, i, uint64(size))
 		}
-		i += n7
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Assignment_Config) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Assignment_Config) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Config != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(m.Config.Size()))
-		n8, err := m.Config.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Config.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintDispatcher(dAtA, i, uint64(size))
 		}
-		i += n8
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *AssignmentChange) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1493,32 +1966,39 @@ func (m *AssignmentChange) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *AssignmentChange) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AssignmentChange) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Assignment != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(m.Assignment.Size()))
-		n9, err := m.Assignment.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n9
-	}
 	if m.Action != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintDispatcher(dAtA, i, uint64(m.Action))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Assignment != nil {
+		{
+			size, err := m.Assignment.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintDispatcher(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *AssignmentsMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1526,50 +2006,61 @@ func (m *AssignmentsMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *AssignmentsMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AssignmentsMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Type != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(m.Type))
-	}
-	if len(m.AppliesTo) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.AppliesTo)))
-		i += copy(dAtA[i:], m.AppliesTo)
+	if len(m.Changes) > 0 {
+		for iNdEx := len(m.Changes) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Changes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintDispatcher(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
+		}
 	}
 	if len(m.ResultsIn) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.ResultsIn)
+		copy(dAtA[i:], m.ResultsIn)
 		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.ResultsIn)))
-		i += copy(dAtA[i:], m.ResultsIn)
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.Changes) > 0 {
-		for _, msg := range m.Changes {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintDispatcher(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if len(m.AppliesTo) > 0 {
+		i -= len(m.AppliesTo)
+		copy(dAtA[i:], m.AppliesTo)
+		i = encodeVarintDispatcher(dAtA, i, uint64(len(m.AppliesTo)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Type != 0 {
+		i = encodeVarintDispatcher(dAtA, i, uint64(m.Type))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintDispatcher(dAtA []byte, offset int, v uint64) int {
+	offset -= sovDispatcher(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 
 type raftProxyDispatcherServer struct {
@@ -1868,6 +2359,9 @@ func (p *raftProxyDispatcherServer) Assignments(r *AssignmentsRequest, stream Di
 }
 
 func (m *SessionRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Description != nil {
@@ -1882,6 +2376,9 @@ func (m *SessionRequest) Size() (n int) {
 }
 
 func (m *SessionMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.SessionID)
@@ -1912,6 +2409,9 @@ func (m *SessionMessage) Size() (n int) {
 }
 
 func (m *HeartbeatRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.SessionID)
@@ -1922,14 +2422,20 @@ func (m *HeartbeatRequest) Size() (n int) {
 }
 
 func (m *HeartbeatResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
-	l = types.SizeOfStdDuration(m.Period)
+	l = github_com_gogo_protobuf_types.SizeOfStdDuration(m.Period)
 	n += 1 + l + sovDispatcher(uint64(l))
 	return n
 }
 
 func (m *UpdateTaskStatusRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.SessionID)
@@ -1946,6 +2452,9 @@ func (m *UpdateTaskStatusRequest) Size() (n int) {
 }
 
 func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.TaskID)
@@ -1960,12 +2469,18 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Size() (n int) {
 }
 
 func (m *UpdateTaskStatusResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func (m *TasksRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.SessionID)
@@ -1976,6 +2491,9 @@ func (m *TasksRequest) Size() (n int) {
 }
 
 func (m *TasksMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Tasks) > 0 {
@@ -1988,6 +2506,9 @@ func (m *TasksMessage) Size() (n int) {
 }
 
 func (m *AssignmentsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.SessionID)
@@ -1998,6 +2519,9 @@ func (m *AssignmentsRequest) Size() (n int) {
 }
 
 func (m *Assignment) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Item != nil {
@@ -2007,6 +2531,9 @@ func (m *Assignment) Size() (n int) {
 }
 
 func (m *Assignment_Task) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Task != nil {
@@ -2016,6 +2543,9 @@ func (m *Assignment_Task) Size() (n int) {
 	return n
 }
 func (m *Assignment_Secret) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Secret != nil {
@@ -2025,6 +2555,9 @@ func (m *Assignment_Secret) Size() (n int) {
 	return n
 }
 func (m *Assignment_Config) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Config != nil {
@@ -2034,6 +2567,9 @@ func (m *Assignment_Config) Size() (n int) {
 	return n
 }
 func (m *AssignmentChange) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Assignment != nil {
@@ -2047,6 +2583,9 @@ func (m *AssignmentChange) Size() (n int) {
 }
 
 func (m *AssignmentsMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Type != 0 {
@@ -2070,14 +2609,7 @@ func (m *AssignmentsMessage) Size() (n int) {
 }
 
 func sovDispatcher(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozDispatcher(x uint64) (n int) {
 	return sovDispatcher(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -2097,11 +2629,21 @@ func (this *SessionMessage) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForManagers := "[]*WeightedPeer{"
+	for _, f := range this.Managers {
+		repeatedStringForManagers += strings.Replace(fmt.Sprintf("%v", f), "WeightedPeer", "WeightedPeer", 1) + ","
+	}
+	repeatedStringForManagers += "}"
+	repeatedStringForNetworkBootstrapKeys := "[]*EncryptionKey{"
+	for _, f := range this.NetworkBootstrapKeys {
+		repeatedStringForNetworkBootstrapKeys += strings.Replace(fmt.Sprintf("%v", f), "EncryptionKey", "EncryptionKey", 1) + ","
+	}
+	repeatedStringForNetworkBootstrapKeys += "}"
 	s := strings.Join([]string{`&SessionMessage{`,
 		`SessionID:` + fmt.Sprintf("%v", this.SessionID) + `,`,
 		`Node:` + strings.Replace(fmt.Sprintf("%v", this.Node), "Node", "Node", 1) + `,`,
-		`Managers:` + strings.Replace(fmt.Sprintf("%v", this.Managers), "WeightedPeer", "WeightedPeer", 1) + `,`,
-		`NetworkBootstrapKeys:` + strings.Replace(fmt.Sprintf("%v", this.NetworkBootstrapKeys), "EncryptionKey", "EncryptionKey", 1) + `,`,
+		`Managers:` + repeatedStringForManagers + `,`,
+		`NetworkBootstrapKeys:` + repeatedStringForNetworkBootstrapKeys + `,`,
 		`RootCA:` + fmt.Sprintf("%v", this.RootCA) + `,`,
 		`}`,
 	}, "")
@@ -2122,7 +2664,7 @@ func (this *HeartbeatResponse) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&HeartbeatResponse{`,
-		`Period:` + strings.Replace(strings.Replace(this.Period.String(), "Duration", "google_protobuf1.Duration", 1), `&`, ``, 1) + `,`,
+		`Period:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Period), "Duration", "types.Duration", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2131,9 +2673,14 @@ func (this *UpdateTaskStatusRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForUpdates := "[]*UpdateTaskStatusRequest_TaskStatusUpdate{"
+	for _, f := range this.Updates {
+		repeatedStringForUpdates += strings.Replace(fmt.Sprintf("%v", f), "UpdateTaskStatusRequest_TaskStatusUpdate", "UpdateTaskStatusRequest_TaskStatusUpdate", 1) + ","
+	}
+	repeatedStringForUpdates += "}"
 	s := strings.Join([]string{`&UpdateTaskStatusRequest{`,
 		`SessionID:` + fmt.Sprintf("%v", this.SessionID) + `,`,
-		`Updates:` + strings.Replace(fmt.Sprintf("%v", this.Updates), "UpdateTaskStatusRequest_TaskStatusUpdate", "UpdateTaskStatusRequest_TaskStatusUpdate", 1) + `,`,
+		`Updates:` + repeatedStringForUpdates + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2172,8 +2719,13 @@ func (this *TasksMessage) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForTasks := "[]*Task{"
+	for _, f := range this.Tasks {
+		repeatedStringForTasks += strings.Replace(fmt.Sprintf("%v", f), "Task", "Task", 1) + ","
+	}
+	repeatedStringForTasks += "}"
 	s := strings.Join([]string{`&TasksMessage{`,
-		`Tasks:` + strings.Replace(fmt.Sprintf("%v", this.Tasks), "Task", "Task", 1) + `,`,
+		`Tasks:` + repeatedStringForTasks + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2233,7 +2785,7 @@ func (this *AssignmentChange) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&AssignmentChange{`,
-		`Assignment:` + strings.Replace(fmt.Sprintf("%v", this.Assignment), "Assignment", "Assignment", 1) + `,`,
+		`Assignment:` + strings.Replace(this.Assignment.String(), "Assignment", "Assignment", 1) + `,`,
 		`Action:` + fmt.Sprintf("%v", this.Action) + `,`,
 		`}`,
 	}, "")
@@ -2243,11 +2795,16 @@ func (this *AssignmentsMessage) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForChanges := "[]*AssignmentChange{"
+	for _, f := range this.Changes {
+		repeatedStringForChanges += strings.Replace(f.String(), "AssignmentChange", "AssignmentChange", 1) + ","
+	}
+	repeatedStringForChanges += "}"
 	s := strings.Join([]string{`&AssignmentsMessage{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`AppliesTo:` + fmt.Sprintf("%v", this.AppliesTo) + `,`,
 		`ResultsIn:` + fmt.Sprintf("%v", this.ResultsIn) + `,`,
-		`Changes:` + strings.Replace(fmt.Sprintf("%v", this.Changes), "AssignmentChange", "AssignmentChange", 1) + `,`,
+		`Changes:` + repeatedStringForChanges + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2275,7 +2832,7 @@ func (m *SessionRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2303,7 +2860,7 @@ func (m *SessionRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2312,6 +2869,9 @@ func (m *SessionRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2336,7 +2896,7 @@ func (m *SessionRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2346,6 +2906,9 @@ func (m *SessionRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2357,7 +2920,7 @@ func (m *SessionRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -2387,7 +2950,7 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2415,7 +2978,7 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2425,6 +2988,9 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2444,7 +3010,7 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2453,6 +3019,9 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2477,7 +3046,7 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2486,6 +3055,9 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2508,7 +3080,7 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2517,6 +3089,9 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2539,7 +3114,7 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2548,6 +3123,9 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2562,7 +3140,7 @@ func (m *SessionMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -2592,7 +3170,7 @@ func (m *HeartbeatRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2620,7 +3198,7 @@ func (m *HeartbeatRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2630,6 +3208,9 @@ func (m *HeartbeatRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2641,7 +3222,7 @@ func (m *HeartbeatRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -2671,7 +3252,7 @@ func (m *HeartbeatResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2699,7 +3280,7 @@ func (m *HeartbeatResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2708,10 +3289,13 @@ func (m *HeartbeatResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdDurationUnmarshal(&m.Period, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdDurationUnmarshal(&m.Period, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2721,7 +3305,7 @@ func (m *HeartbeatResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -2751,7 +3335,7 @@ func (m *UpdateTaskStatusRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2779,7 +3363,7 @@ func (m *UpdateTaskStatusRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2789,6 +3373,9 @@ func (m *UpdateTaskStatusRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2808,7 +3395,7 @@ func (m *UpdateTaskStatusRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2817,6 +3404,9 @@ func (m *UpdateTaskStatusRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2831,7 +3421,7 @@ func (m *UpdateTaskStatusRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -2861,7 +3451,7 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Unmarshal(dAtA []byte) error
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2889,7 +3479,7 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Unmarshal(dAtA []byte) error
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2899,6 +3489,9 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Unmarshal(dAtA []byte) error
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2918,7 +3511,7 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Unmarshal(dAtA []byte) error
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2927,6 +3520,9 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Unmarshal(dAtA []byte) error
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2943,7 +3539,7 @@ func (m *UpdateTaskStatusRequest_TaskStatusUpdate) Unmarshal(dAtA []byte) error
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -2973,7 +3569,7 @@ func (m *UpdateTaskStatusResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2993,7 +3589,7 @@ func (m *UpdateTaskStatusResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -3023,7 +3619,7 @@ func (m *TasksRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3051,7 +3647,7 @@ func (m *TasksRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3061,6 +3657,9 @@ func (m *TasksRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3072,7 +3671,7 @@ func (m *TasksRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -3102,7 +3701,7 @@ func (m *TasksMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3130,7 +3729,7 @@ func (m *TasksMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3139,6 +3738,9 @@ func (m *TasksMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3153,7 +3755,7 @@ func (m *TasksMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -3183,7 +3785,7 @@ func (m *AssignmentsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3211,7 +3813,7 @@ func (m *AssignmentsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3221,6 +3823,9 @@ func (m *AssignmentsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3232,7 +3837,7 @@ func (m *AssignmentsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -3262,7 +3867,7 @@ func (m *Assignment) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3290,7 +3895,7 @@ func (m *Assignment) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3299,6 +3904,9 @@ func (m *Assignment) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3322,7 +3930,7 @@ func (m *Assignment) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3331,6 +3939,9 @@ func (m *Assignment) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3354,7 +3965,7 @@ func (m *Assignment) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3363,6 +3974,9 @@ func (m *Assignment) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3378,7 +3992,7 @@ func (m *Assignment) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -3408,7 +4022,7 @@ func (m *AssignmentChange) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3436,7 +4050,7 @@ func (m *AssignmentChange) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3445,6 +4059,9 @@ func (m *AssignmentChange) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3469,7 +4086,7 @@ func (m *AssignmentChange) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Action |= (AssignmentChange_AssignmentAction(b) & 0x7F) << shift
+				m.Action |= AssignmentChange_AssignmentAction(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3480,7 +4097,7 @@ func (m *AssignmentChange) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -3510,7 +4127,7 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3538,7 +4155,7 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Type |= (AssignmentsMessage_Type(b) & 0x7F) << shift
+				m.Type |= AssignmentsMessage_Type(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3557,7 +4174,7 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3567,6 +4184,9 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3586,7 +4206,7 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3596,6 +4216,9 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3615,7 +4238,7 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3624,6 +4247,9 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthDispatcher
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthDispatcher
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3638,7 +4264,7 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDispatcher
 			}
 			if (iNdEx + skippy) > l {
@@ -3656,6 +4282,7 @@ func (m *AssignmentsMessage) Unmarshal(dAtA []byte) error {
 func skipDispatcher(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -3687,10 +4314,8 @@ func skipDispatcher(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -3707,124 +4332,34 @@ func skipDispatcher(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthDispatcher
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowDispatcher
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipDispatcher(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupDispatcher
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthDispatcher
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthDispatcher = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowDispatcher   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthDispatcher        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowDispatcher          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupDispatcher = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/docker/swarmkit/api/dispatcher.proto", fileDescriptorDispatcher)
-}
-
-var fileDescriptorDispatcher = []byte{
-	// 1007 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0x4f, 0x6f, 0xe3, 0x44,
-	0x1c, 0xcd, 0xa4, 0xa9, 0xdb, 0xfc, 0xd2, 0x2d, 0x61, 0xb4, 0x2a, 0xc6, 0xd2, 0xa6, 0xc1, 0x65,
-	0xab, 0x8a, 0x2d, 0xce, 0x12, 0xfe, 0x1d, 0xa8, 0x0a, 0x4d, 0x13, 0xa9, 0xd1, 0x6e, 0xbb, 0xd5,
-	0xb4, 0xbb, 0x7b, 0xac, 0x1c, 0x7b, 0xd6, 0x35, 0x69, 0x3c, 0xc6, 0x33, 0xd9, 0x25, 0x07, 0x24,
-	0x0e, 0xac, 0x84, 0x38, 0x21, 0x4e, 0x95, 0x10, 0x5f, 0x01, 0xf1, 0x31, 0x2a, 0x4e, 0x1c, 0x39,
-	0x15, 0x36, 0x1f, 0x80, 0x0f, 0xc0, 0x09, 0x79, 0x3c, 0x4e, 0x42, 0x37, 0x69, 0xd3, 0x9e, 0x12,
-	0xcf, 0xbc, 0xf7, 0xe6, 0xf9, 0xfd, 0x7e, 0xfe, 0x0d, 0x54, 0x3c, 0x5f, 0x1c, 0x77, 0x5b, 0x96,
-	0xc3, 0x3a, 0x15, 0x97, 0x39, 0x6d, 0x1a, 0x55, 0xf8, 0x0b, 0x3b, 0xea, 0xb4, 0x7d, 0x51, 0xb1,
-	0x43, 0xbf, 0xe2, 0xfa, 0x3c, 0xb4, 0x85, 0x73, 0x4c, 0x23, 0x2b, 0x8c, 0x98, 0x60, 0x18, 0x27,
-	0x28, 0x2b, 0x45, 0x59, 0xcf, 0x3f, 0x30, 0xde, 0xbb, 0x42, 0x44, 0xf4, 0x42, 0xca, 0x13, 0xbe,
-	0xb1, 0x7e, 0x05, 0x96, 0xb5, 0xbe, 0xa4, 0x8e, 0x48, 0xd1, 0xb7, 0x3d, 0xe6, 0x31, 0xf9, 0xb7,
-	0x12, 0xff, 0x53, 0xab, 0x9f, 0x5e, 0xa2, 0x21, 0x11, 0xad, 0xee, 0xb3, 0x4a, 0x78, 0xd2, 0xf5,
-	0xfc, 0x40, 0xfd, 0x28, 0x62, 0xc9, 0x63, 0xcc, 0x3b, 0xa1, 0x43, 0x90, 0xdb, 0x8d, 0x6c, 0xe1,
-	0x33, 0xb5, 0x6f, 0xbe, 0x44, 0xb0, 0x78, 0x40, 0x39, 0xf7, 0x59, 0x40, 0xe8, 0x57, 0x5d, 0xca,
-	0x05, 0x6e, 0x40, 0xc1, 0xa5, 0xdc, 0x89, 0xfc, 0x30, 0xc6, 0xe9, 0xa8, 0x8c, 0xd6, 0x0a, 0xd5,
-	0x15, 0xeb, 0xf5, 0x14, 0xac, 0x3d, 0xe6, 0xd2, 0xfa, 0x10, 0x4a, 0x46, 0x79, 0x78, 0x1d, 0x80,
-	0x27, 0xc2, 0x47, 0xbe, 0xab, 0x67, 0xcb, 0x68, 0x2d, 0x5f, 0xbb, 0xd5, 0x3f, 0x5f, 0xce, 0xab,
-	0xe3, 0x9a, 0x75, 0x92, 0x57, 0x80, 0xa6, 0x6b, 0xfe, 0x9c, 0x1d, 0xf8, 0xd8, 0xa5, 0x9c, 0xdb,
-	0x1e, 0xbd, 0x20, 0x80, 0x2e, 0x17, 0xc0, 0xeb, 0x90, 0x0b, 0x98, 0x4b, 0xe5, 0x41, 0x85, 0xaa,
-	0x3e, 0xc9, 0x2e, 0x91, 0x28, 0xbc, 0x01, 0xf3, 0x1d, 0x3b, 0xb0, 0x3d, 0x1a, 0x71, 0x7d, 0xa6,
-	0x3c, 0xb3, 0x56, 0xa8, 0x96, 0xc7, 0x31, 0x9e, 0x52, 0xdf, 0x3b, 0x16, 0xd4, 0xdd, 0xa7, 0x34,
-	0x22, 0x03, 0x06, 0x7e, 0x0a, 0x4b, 0x01, 0x15, 0x2f, 0x58, 0xd4, 0x3e, 0x6a, 0x31, 0x26, 0xb8,
-	0x88, 0xec, 0xf0, 0xa8, 0x4d, 0x7b, 0x5c, 0xcf, 0x49, 0xad, 0x77, 0xc6, 0x69, 0x35, 0x02, 0x27,
-	0xea, 0xc9, 0x68, 0x1e, 0xd0, 0x1e, 0xb9, 0xad, 0x04, 0x6a, 0x29, 0xff, 0x01, 0xed, 0x71, 0xbc,
-	0x04, 0x1a, 0x61, 0x4c, 0x6c, 0x6f, 0xe9, 0xb3, 0x65, 0xb4, 0xb6, 0x40, 0xd4, 0x93, 0xf9, 0x05,
-	0x14, 0x77, 0xa8, 0x1d, 0x89, 0x16, 0xb5, 0x45, 0x5a, 0xa6, 0x6b, 0xc5, 0x63, 0xee, 0xc3, 0x9b,
-	0x23, 0x0a, 0x3c, 0x64, 0x01, 0xa7, 0xf8, 0x33, 0xd0, 0x42, 0x1a, 0xf9, 0xcc, 0x55, 0x45, 0x7e,
-	0xdb, 0x4a, 0xba, 0xc5, 0x4a, 0xbb, 0xc5, 0xaa, 0xab, 0x6e, 0xa9, 0xcd, 0x9f, 0x9d, 0x2f, 0x67,
-	0x4e, 0xff, 0x5a, 0x46, 0x44, 0x51, 0xcc, 0x1f, 0xb3, 0xf0, 0xd6, 0xe3, 0xd0, 0xb5, 0x05, 0x3d,
-	0xb4, 0x79, 0xfb, 0x40, 0xd8, 0xa2, 0xcb, 0x6f, 0xe4, 0x0d, 0x3f, 0x81, 0xb9, 0xae, 0x14, 0x4a,
-	0x6b, 0xb1, 0x31, 0x2e, 0xbf, 0x09, 0x67, 0x59, 0xc3, 0x95, 0x04, 0x41, 0x52, 0x31, 0x83, 0x41,
-	0xf1, 0xe2, 0x26, 0x5e, 0x81, 0x39, 0x61, 0xf3, 0xf6, 0xd0, 0x16, 0xf4, 0xcf, 0x97, 0xb5, 0x18,
-	0xd6, 0xac, 0x13, 0x2d, 0xde, 0x6a, 0xba, 0xf8, 0x13, 0xd0, 0xb8, 0x24, 0xa9, 0x6e, 0x2a, 0x8d,
-	0xf3, 0x33, 0xe2, 0x44, 0xa1, 0x4d, 0x03, 0xf4, 0xd7, 0x5d, 0x26, 0x59, 0x9b, 0x1b, 0xb0, 0x10,
-	0xaf, 0xde, 0x2c, 0x22, 0x73, 0x53, 0xb1, 0xd3, 0x6f, 0xc3, 0x82, 0xd9, 0xd8, 0x2b, 0xd7, 0x91,
-	0x0c, 0x4c, 0x9f, 0x64, 0x90, 0x24, 0x30, 0xb3, 0x06, 0x78, 0x8b, 0x73, 0xdf, 0x0b, 0x3a, 0x34,
-	0x10, 0x37, 0xf4, 0xf0, 0x1b, 0x02, 0x18, 0x8a, 0x60, 0x0b, 0x72, 0xb1, 0xb6, 0x6a, 0x9d, 0x89,
-	0x0e, 0x76, 0x32, 0x44, 0xe2, 0xf0, 0x47, 0xa0, 0x71, 0xea, 0x44, 0x54, 0xa8, 0x50, 0x8d, 0x71,
-	0x8c, 0x03, 0x89, 0xd8, 0xc9, 0x10, 0x85, 0x8d, 0x59, 0x0e, 0x0b, 0x9e, 0xf9, 0x9e, 0x3e, 0x33,
-	0x99, 0xb5, 0x2d, 0x11, 0x31, 0x2b, 0xc1, 0xd6, 0x34, 0xc8, 0xf9, 0x82, 0x76, 0xcc, 0x97, 0x59,
-	0x28, 0x0e, 0x2d, 0x6f, 0x1f, 0xdb, 0x81, 0x47, 0xf1, 0x26, 0x80, 0x3d, 0x58, 0x53, 0xf6, 0xc7,
-	0x56, 0x78, 0xc8, 0x24, 0x23, 0x0c, 0xbc, 0x0b, 0x9a, 0xed, 0xc8, 0xd1, 0x18, 0xbf, 0xc8, 0x62,
-	0xf5, 0xe3, 0xcb, 0xb9, 0xc9, 0xa9, 0x23, 0x0b, 0x5b, 0x92, 0x4c, 0x94, 0x88, 0xd9, 0x1a, 0xb5,
-	0x98, 0xec, 0xe1, 0x55, 0xd0, 0x1e, 0xef, 0xd7, 0xb7, 0x0e, 0x1b, 0xc5, 0x8c, 0x61, 0xfc, 0xf0,
-	0x4b, 0x79, 0xe9, 0x22, 0x42, 0x75, 0xf3, 0x2a, 0x68, 0xa4, 0xb1, 0xfb, 0xe8, 0x49, 0xa3, 0x88,
-	0xc6, 0xe3, 0x08, 0xed, 0xb0, 0xe7, 0xd4, 0xfc, 0x17, 0xfd, 0xaf, 0xfe, 0x69, 0x17, 0x7d, 0x0e,
-	0xb9, 0xf8, 0xa2, 0x92, 0x19, 0x2c, 0x56, 0xef, 0x5d, 0xfe, 0x1e, 0x29, 0xcb, 0x3a, 0xec, 0x85,
-	0x94, 0x48, 0x22, 0xbe, 0x03, 0x60, 0x87, 0xe1, 0x89, 0x4f, 0xf9, 0x91, 0x60, 0xc9, 0x8c, 0x27,
-	0x79, 0xb5, 0x72, 0xc8, 0xe2, 0xed, 0x88, 0xf2, 0xee, 0x89, 0xe0, 0x47, 0x7e, 0x20, 0x0b, 0x98,
-	0x27, 0x79, 0xb5, 0xd2, 0x0c, 0xf0, 0x26, 0xcc, 0x39, 0x32, 0x9c, 0x74, 0x6e, 0xbe, 0x3b, 0x4d,
-	0x92, 0x24, 0x25, 0x99, 0x77, 0x21, 0x17, 0x7b, 0xc1, 0x0b, 0x30, 0xbf, 0xfd, 0x68, 0x77, 0xff,
-	0x61, 0x23, 0xce, 0x0b, 0xbf, 0x01, 0x85, 0xe6, 0xde, 0x36, 0x69, 0xec, 0x36, 0xf6, 0x0e, 0xb7,
-	0x1e, 0x16, 0x51, 0xf5, 0x74, 0x16, 0xa0, 0x3e, 0xb8, 0xd4, 0xf1, 0xd7, 0x30, 0xa7, 0xda, 0x1b,
-	0x9b, 0xe3, 0x5b, 0x70, 0xf4, 0x36, 0x34, 0x2e, 0xc3, 0xa8, 0x44, 0xcc, 0x95, 0xdf, 0x7f, 0xfd,
-	0xe7, 0x34, 0x7b, 0x07, 0x16, 0x24, 0xe6, 0xfd, 0x78, 0xae, 0xd3, 0x08, 0x6e, 0x25, 0x4f, 0xea,
-	0xd6, 0xb8, 0x8f, 0xf0, 0x37, 0x90, 0x1f, 0xcc, 0x60, 0x3c, 0xf6, 0x5d, 0x2f, 0x0e, 0x79, 0xe3,
-	0xee, 0x15, 0x28, 0x35, 0x5c, 0xa6, 0x31, 0x80, 0x7f, 0x42, 0x50, 0xbc, 0x38, 0x9e, 0xf0, 0xbd,
-	0x6b, 0x8c, 0x5a, 0x63, 0x7d, 0x3a, 0xf0, 0x75, 0x4c, 0x75, 0x61, 0x56, 0x0e, 0x36, 0x5c, 0x9e,
-	0x34, 0x40, 0x06, 0xa7, 0x4f, 0x46, 0xa4, 0x75, 0x58, 0x9d, 0xe2, 0xc4, 0xef, 0xb3, 0xe8, 0x3e,
-	0xc2, 0xdf, 0x21, 0x28, 0x8c, 0xb4, 0x36, 0x5e, 0xbd, 0xa2, 0xf7, 0x53, 0x0f, 0xab, 0xd3, 0x7d,
-	0x23, 0x53, 0x76, 0x44, 0x4d, 0x3f, 0x7b, 0x55, 0xca, 0xfc, 0xf9, 0xaa, 0x94, 0xf9, 0xb6, 0x5f,
-	0x42, 0x67, 0xfd, 0x12, 0xfa, 0xa3, 0x5f, 0x42, 0x7f, 0xf7, 0x4b, 0xa8, 0xa5, 0xc9, 0x2b, 0xf8,
-	0xc3, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0xe0, 0xf0, 0x6a, 0xcb, 0xae, 0x0a, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/genericresource/resource_management.go b/vendor/github.com/docker/swarmkit/api/genericresource/resource_management.go
index a89a118d62dc0..506257ab9754f 100644
--- a/vendor/github.com/docker/swarmkit/api/genericresource/resource_management.go
+++ b/vendor/github.com/docker/swarmkit/api/genericresource/resource_management.go
@@ -2,6 +2,7 @@ package genericresource
 
 import (
 	"fmt"
+
 	"github.com/docker/swarmkit/api"
 )
 
diff --git a/vendor/github.com/docker/swarmkit/api/genericresource/validate.go b/vendor/github.com/docker/swarmkit/api/genericresource/validate.go
index eee3706c7416e..0ad49ff75feec 100644
--- a/vendor/github.com/docker/swarmkit/api/genericresource/validate.go
+++ b/vendor/github.com/docker/swarmkit/api/genericresource/validate.go
@@ -2,6 +2,7 @@ package genericresource
 
 import (
 	"fmt"
+
 	"github.com/docker/swarmkit/api"
 )
 
diff --git a/vendor/github.com/docker/swarmkit/api/health.pb.go b/vendor/github.com/docker/swarmkit/api/health.pb.go
index 453e01fc3f65c..3ca506a031089 100644
--- a/vendor/github.com/docker/swarmkit/api/health.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/health.pb.go
@@ -3,32 +3,37 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/docker/swarmkit/protobuf/plugin"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import raftselector "github.com/docker/swarmkit/manager/raftselector"
-import codes "google.golang.org/grpc/codes"
-import status "google.golang.org/grpc/status"
-import metadata "google.golang.org/grpc/metadata"
-import peer "google.golang.org/grpc/peer"
-import rafttime "time"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	raftselector "github.com/docker/swarmkit/manager/raftselector"
+	_ "github.com/docker/swarmkit/protobuf/plugin"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	metadata "google.golang.org/grpc/metadata"
+	peer "google.golang.org/grpc/peer"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	rafttime "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type HealthCheckResponse_ServingStatus int32
 
 const (
@@ -42,6 +47,7 @@ var HealthCheckResponse_ServingStatus_name = map[int32]string{
 	1: "SERVING",
 	2: "NOT_SERVING",
 }
+
 var HealthCheckResponse_ServingStatus_value = map[string]int32{
 	"UNKNOWN":     0,
 	"SERVING":     1,
@@ -51,30 +57,116 @@ var HealthCheckResponse_ServingStatus_value = map[string]int32{
 func (x HealthCheckResponse_ServingStatus) String() string {
 	return proto.EnumName(HealthCheckResponse_ServingStatus_name, int32(x))
 }
+
 func (HealthCheckResponse_ServingStatus) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorHealth, []int{1, 0}
+	return fileDescriptor_288522a148aed5ad, []int{1, 0}
 }
 
 type HealthCheckRequest struct {
 	Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
 }
 
-func (m *HealthCheckRequest) Reset()                    { *m = HealthCheckRequest{} }
-func (*HealthCheckRequest) ProtoMessage()               {}
-func (*HealthCheckRequest) Descriptor() ([]byte, []int) { return fileDescriptorHealth, []int{0} }
+func (m *HealthCheckRequest) Reset()      { *m = HealthCheckRequest{} }
+func (*HealthCheckRequest) ProtoMessage() {}
+func (*HealthCheckRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_288522a148aed5ad, []int{0}
+}
+func (m *HealthCheckRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HealthCheckRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_HealthCheckRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *HealthCheckRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HealthCheckRequest.Merge(m, src)
+}
+func (m *HealthCheckRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *HealthCheckRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_HealthCheckRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HealthCheckRequest proto.InternalMessageInfo
 
 type HealthCheckResponse struct {
 	Status HealthCheckResponse_ServingStatus `protobuf:"varint,1,opt,name=status,proto3,enum=docker.swarmkit.v1.HealthCheckResponse_ServingStatus" json:"status,omitempty"`
 }
 
-func (m *HealthCheckResponse) Reset()                    { *m = HealthCheckResponse{} }
-func (*HealthCheckResponse) ProtoMessage()               {}
-func (*HealthCheckResponse) Descriptor() ([]byte, []int) { return fileDescriptorHealth, []int{1} }
+func (m *HealthCheckResponse) Reset()      { *m = HealthCheckResponse{} }
+func (*HealthCheckResponse) ProtoMessage() {}
+func (*HealthCheckResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_288522a148aed5ad, []int{1}
+}
+func (m *HealthCheckResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HealthCheckResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_HealthCheckResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *HealthCheckResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HealthCheckResponse.Merge(m, src)
+}
+func (m *HealthCheckResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *HealthCheckResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_HealthCheckResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HealthCheckResponse proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.HealthCheckResponse_ServingStatus", HealthCheckResponse_ServingStatus_name, HealthCheckResponse_ServingStatus_value)
 	proto.RegisterType((*HealthCheckRequest)(nil), "docker.swarmkit.v1.HealthCheckRequest")
 	proto.RegisterType((*HealthCheckResponse)(nil), "docker.swarmkit.v1.HealthCheckResponse")
-	proto.RegisterEnum("docker.swarmkit.v1.HealthCheckResponse_ServingStatus", HealthCheckResponse_ServingStatus_name, HealthCheckResponse_ServingStatus_value)
+}
+
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/health.proto", fileDescriptor_288522a148aed5ad)
+}
+
+var fileDescriptor_288522a148aed5ad = []byte{
+	// 328 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xd2, 0x4e, 0xcf, 0x2c, 0xc9,
+	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xc9, 0x4f, 0xce, 0x4e, 0x2d, 0xd2, 0x2f, 0x2e,
+	0x4f, 0x2c, 0xca, 0xcd, 0xce, 0x2c, 0xd1, 0x4f, 0x2c, 0xc8, 0xd4, 0xcf, 0x48, 0x4d, 0xcc, 0x29,
+	0xc9, 0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0x82, 0xa8, 0xd0, 0x83, 0xa9, 0xd0, 0x2b,
+	0x33, 0x94, 0x12, 0x49, 0xcf, 0x4f, 0xcf, 0x07, 0x4b, 0xeb, 0x83, 0x58, 0x10, 0x95, 0x52, 0xe6,
+	0x78, 0x8c, 0x05, 0xab, 0x48, 0x2a, 0x4d, 0xd3, 0x2f, 0xc8, 0x29, 0x4d, 0xcf, 0xcc, 0x83, 0x52,
+	0x10, 0x8d, 0x4a, 0x7a, 0x5c, 0x42, 0x1e, 0x60, 0x2b, 0x9d, 0x33, 0x52, 0x93, 0xb3, 0x83, 0x52,
+	0x0b, 0x4b, 0x53, 0x8b, 0x4b, 0x84, 0x24, 0xb8, 0xd8, 0x8b, 0x53, 0x8b, 0xca, 0x32, 0x93, 0x53,
+	0x25, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0x60, 0x5c, 0xa5, 0x05, 0x8c, 0x5c, 0xc2, 0x28, 0x1a,
+	0x8a, 0x0b, 0xf2, 0xf3, 0x8a, 0x53, 0x85, 0x7c, 0xb9, 0xd8, 0x8a, 0x4b, 0x12, 0x4b, 0x4a, 0x8b,
+	0xc1, 0x1a, 0xf8, 0x8c, 0x4c, 0xf5, 0x30, 0xdd, 0xae, 0x87, 0x45, 0xa3, 0x5e, 0x30, 0xc8, 0xe0,
+	0xbc, 0xf4, 0x60, 0xb0, 0xe6, 0x20, 0xa8, 0x21, 0x4a, 0x56, 0x5c, 0xbc, 0x28, 0x12, 0x42, 0xdc,
+	0x5c, 0xec, 0xa1, 0x7e, 0xde, 0x7e, 0xfe, 0xe1, 0x7e, 0x02, 0x0c, 0x20, 0x4e, 0xb0, 0x6b, 0x50,
+	0x98, 0xa7, 0x9f, 0xbb, 0x00, 0xa3, 0x10, 0x3f, 0x17, 0xb7, 0x9f, 0x7f, 0x48, 0x3c, 0x4c, 0x80,
+	0xc9, 0xa8, 0x92, 0x8b, 0x0d, 0x62, 0x91, 0x50, 0x3e, 0x17, 0x2b, 0xd8, 0x32, 0x21, 0x35, 0x82,
+	0xae, 0x01, 0xfb, 0x5b, 0x4a, 0x9d, 0x48, 0x57, 0x2b, 0x89, 0x9e, 0x5a, 0xf7, 0x6e, 0x06, 0x13,
+	0x3f, 0x17, 0x2f, 0x58, 0xa1, 0x6e, 0x6e, 0x62, 0x5e, 0x62, 0x7a, 0x6a, 0x91, 0x93, 0xca, 0x89,
+	0x87, 0x72, 0x0c, 0x37, 0x1e, 0xca, 0x31, 0x34, 0x3c, 0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1,
+	0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4, 0x18, 0x27, 0x3c, 0x96, 0x63, 0xb8, 0xf0, 0x58, 0x8e,
+	0xe1, 0xc6, 0x63, 0x39, 0x86, 0x24, 0x36, 0x70, 0xd0, 0x1b, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff,
+	0xc9, 0xe8, 0xd3, 0x02, 0x0c, 0x02, 0x00, 0x00,
 }
 
 type authenticatedWrapperHealthServer struct {
@@ -135,8 +227,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Health service
-
+// HealthClient is the client API for Health service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type HealthClient interface {
 	Check(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (*HealthCheckResponse, error)
 }
@@ -151,19 +244,26 @@ func NewHealthClient(cc *grpc.ClientConn) HealthClient {
 
 func (c *healthClient) Check(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (*HealthCheckResponse, error) {
 	out := new(HealthCheckResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Health/Check", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Health/Check", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Health service
-
+// HealthServer is the server API for Health service.
 type HealthServer interface {
 	Check(context.Context, *HealthCheckRequest) (*HealthCheckResponse, error)
 }
 
+// UnimplementedHealthServer can be embedded to have forward compatible implementations.
+type UnimplementedHealthServer struct {
+}
+
+func (*UnimplementedHealthServer) Check(ctx context.Context, req *HealthCheckRequest) (*HealthCheckResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Check not implemented")
+}
+
 func RegisterHealthServer(s *grpc.Server, srv HealthServer) {
 	s.RegisterService(&_Health_serviceDesc, srv)
 }
@@ -202,7 +302,7 @@ var _Health_serviceDesc = grpc.ServiceDesc{
 func (m *HealthCheckRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -210,23 +310,29 @@ func (m *HealthCheckRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *HealthCheckRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HealthCheckRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Service) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Service)
+		copy(dAtA[i:], m.Service)
 		i = encodeVarintHealth(dAtA, i, uint64(len(m.Service)))
-		i += copy(dAtA[i:], m.Service)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *HealthCheckResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -234,26 +340,33 @@ func (m *HealthCheckResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *HealthCheckResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HealthCheckResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Status != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintHealth(dAtA, i, uint64(m.Status))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintHealth(dAtA []byte, offset int, v uint64) int {
+	offset -= sovHealth(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 
 type raftProxyHealthServer struct {
@@ -364,6 +477,9 @@ func (p *raftProxyHealthServer) Check(ctx context.Context, r *HealthCheckRequest
 }
 
 func (m *HealthCheckRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Service)
@@ -374,6 +490,9 @@ func (m *HealthCheckRequest) Size() (n int) {
 }
 
 func (m *HealthCheckResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Status != 0 {
@@ -383,14 +502,7 @@ func (m *HealthCheckResponse) Size() (n int) {
 }
 
 func sovHealth(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozHealth(x uint64) (n int) {
 	return sovHealth(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -438,7 +550,7 @@ func (m *HealthCheckRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -466,7 +578,7 @@ func (m *HealthCheckRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -476,6 +588,9 @@ func (m *HealthCheckRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthHealth
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthHealth
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -487,7 +602,7 @@ func (m *HealthCheckRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthHealth
 			}
 			if (iNdEx + skippy) > l {
@@ -517,7 +632,7 @@ func (m *HealthCheckResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -545,7 +660,7 @@ func (m *HealthCheckResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Status |= (HealthCheckResponse_ServingStatus(b) & 0x7F) << shift
+				m.Status |= HealthCheckResponse_ServingStatus(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -556,7 +671,7 @@ func (m *HealthCheckResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthHealth
 			}
 			if (iNdEx + skippy) > l {
@@ -574,6 +689,7 @@ func (m *HealthCheckResponse) Unmarshal(dAtA []byte) error {
 func skipHealth(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -605,10 +721,8 @@ func skipHealth(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -625,79 +739,34 @@ func skipHealth(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthHealth
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowHealth
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipHealth(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupHealth
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthHealth
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthHealth = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowHealth   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthHealth        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowHealth          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupHealth = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("github.com/docker/swarmkit/api/health.proto", fileDescriptorHealth) }
-
-var fileDescriptorHealth = []byte{
-	// 315 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xd2, 0x4e, 0xcf, 0x2c, 0xc9,
-	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xc9, 0x4f, 0xce, 0x4e, 0x2d, 0xd2, 0x2f, 0x2e,
-	0x4f, 0x2c, 0xca, 0xcd, 0xce, 0x2c, 0xd1, 0x4f, 0x2c, 0xc8, 0xd4, 0xcf, 0x48, 0x4d, 0xcc, 0x29,
-	0xc9, 0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0x82, 0xa8, 0xd0, 0x83, 0xa9, 0xd0, 0x2b,
-	0x33, 0x94, 0x12, 0x49, 0xcf, 0x4f, 0xcf, 0x07, 0x4b, 0xeb, 0x83, 0x58, 0x10, 0x95, 0x52, 0xe6,
-	0x78, 0x8c, 0x05, 0xab, 0x48, 0x2a, 0x4d, 0xd3, 0x2f, 0xc8, 0x29, 0x4d, 0xcf, 0xcc, 0x83, 0x52,
-	0x10, 0x8d, 0x4a, 0x7a, 0x5c, 0x42, 0x1e, 0x60, 0x2b, 0x9d, 0x33, 0x52, 0x93, 0xb3, 0x83, 0x52,
-	0x0b, 0x4b, 0x53, 0x8b, 0x4b, 0x84, 0x24, 0xb8, 0xd8, 0x8b, 0x53, 0x8b, 0xca, 0x32, 0x93, 0x53,
-	0x25, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0x60, 0x5c, 0xa5, 0x05, 0x8c, 0x5c, 0xc2, 0x28, 0x1a,
-	0x8a, 0x0b, 0xf2, 0xf3, 0x8a, 0x53, 0x85, 0x7c, 0xb9, 0xd8, 0x8a, 0x4b, 0x12, 0x4b, 0x4a, 0x8b,
-	0xc1, 0x1a, 0xf8, 0x8c, 0x4c, 0xf5, 0x30, 0xdd, 0xae, 0x87, 0x45, 0xa3, 0x5e, 0x30, 0xc8, 0xe0,
-	0xbc, 0xf4, 0x60, 0xb0, 0xe6, 0x20, 0xa8, 0x21, 0x4a, 0x56, 0x5c, 0xbc, 0x28, 0x12, 0x42, 0xdc,
-	0x5c, 0xec, 0xa1, 0x7e, 0xde, 0x7e, 0xfe, 0xe1, 0x7e, 0x02, 0x0c, 0x20, 0x4e, 0xb0, 0x6b, 0x50,
-	0x98, 0xa7, 0x9f, 0xbb, 0x00, 0xa3, 0x10, 0x3f, 0x17, 0xb7, 0x9f, 0x7f, 0x48, 0x3c, 0x4c, 0x80,
-	0xc9, 0xa8, 0x92, 0x8b, 0x0d, 0x62, 0x91, 0x50, 0x3e, 0x17, 0x2b, 0xd8, 0x32, 0x21, 0x35, 0x82,
-	0xae, 0x01, 0xfb, 0x5b, 0x4a, 0x9d, 0x48, 0x57, 0x2b, 0x89, 0x9e, 0x5a, 0xf7, 0x6e, 0x06, 0x13,
-	0x3f, 0x17, 0x2f, 0x58, 0xa1, 0x6e, 0x6e, 0x62, 0x5e, 0x62, 0x7a, 0x6a, 0x91, 0x93, 0xc4, 0x89,
-	0x87, 0x72, 0x0c, 0x37, 0x1e, 0xca, 0x31, 0x34, 0x3c, 0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1,
-	0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4, 0x18, 0x93, 0xd8, 0xc0, 0xc1, 0x6d, 0x0c, 0x08, 0x00,
-	0x00, 0xff, 0xff, 0x7b, 0xf2, 0xdd, 0x23, 0x00, 0x02, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/logbroker.pb.go b/vendor/github.com/docker/swarmkit/api/logbroker.pb.go
index 5456c85816dc3..1b95b226c7ef0 100644
--- a/vendor/github.com/docker/swarmkit/api/logbroker.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/logbroker.pb.go
@@ -3,35 +3,39 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import google_protobuf "github.com/gogo/protobuf/types"
-import _ "github.com/docker/swarmkit/protobuf/plugin"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import raftselector "github.com/docker/swarmkit/manager/raftselector"
-import codes "google.golang.org/grpc/codes"
-import status "google.golang.org/grpc/status"
-import metadata "google.golang.org/grpc/metadata"
-import peer "google.golang.org/grpc/peer"
-import rafttime "time"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	raftselector "github.com/docker/swarmkit/manager/raftselector"
+	_ "github.com/docker/swarmkit/protobuf/plugin"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	types "github.com/gogo/protobuf/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	metadata "google.golang.org/grpc/metadata"
+	peer "google.golang.org/grpc/peer"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	rafttime "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 // LogStream defines the stream from which the log message came.
 type LogStream int32
 
@@ -46,6 +50,7 @@ var LogStream_name = map[int32]string{
 	1: "LOG_STREAM_STDOUT",
 	2: "LOG_STREAM_STDERR",
 }
+
 var LogStream_value = map[string]int32{
 	"LOG_STREAM_UNKNOWN": 0,
 	"LOG_STREAM_STDOUT":  1,
@@ -55,12 +60,15 @@ var LogStream_value = map[string]int32{
 func (x LogStream) String() string {
 	return proto.EnumName(LogStream_name, int32(x))
 }
-func (LogStream) EnumDescriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{0} }
+
+func (LogStream) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{0}
+}
 
 type LogSubscriptionOptions struct {
 	// Streams defines which log streams should be sent from the task source.
 	// Empty means send all the messages.
-	Streams []LogStream `protobuf:"varint,1,rep,name=streams,enum=docker.swarmkit.v1.LogStream" json:"streams,omitempty"`
+	Streams []LogStream `protobuf:"varint,1,rep,name=streams,proto3,enum=docker.swarmkit.v1.LogStream" json:"streams,omitempty"`
 	// Follow instructs the publisher to continue sending log messages as they
 	// are produced, after satisfying the initial query.
 	Follow bool `protobuf:"varint,2,opt,name=follow,proto3" json:"follow,omitempty"`
@@ -83,12 +91,40 @@ type LogSubscriptionOptions struct {
 	// Since indicates that only log messages produced after this timestamp
 	// should be sent.
 	// Note: can't use stdtime because this field is nullable.
-	Since *google_protobuf.Timestamp `protobuf:"bytes,4,opt,name=since" json:"since,omitempty"`
+	Since *types.Timestamp `protobuf:"bytes,4,opt,name=since,proto3" json:"since,omitempty"`
 }
 
-func (m *LogSubscriptionOptions) Reset()                    { *m = LogSubscriptionOptions{} }
-func (*LogSubscriptionOptions) ProtoMessage()               {}
-func (*LogSubscriptionOptions) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{0} }
+func (m *LogSubscriptionOptions) Reset()      { *m = LogSubscriptionOptions{} }
+func (*LogSubscriptionOptions) ProtoMessage() {}
+func (*LogSubscriptionOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{0}
+}
+func (m *LogSubscriptionOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *LogSubscriptionOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_LogSubscriptionOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *LogSubscriptionOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogSubscriptionOptions.Merge(m, src)
+}
+func (m *LogSubscriptionOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *LogSubscriptionOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_LogSubscriptionOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LogSubscriptionOptions proto.InternalMessageInfo
 
 // LogSelector will match logs from ANY of the defined parameters.
 //
@@ -96,14 +132,42 @@ func (*LogSubscriptionOptions) Descriptor() ([]byte, []int) { return fileDescrip
 // possible. For example, if they want to listen to all the tasks of a service,
 // they should use the service id, rather than specifying the individual tasks.
 type LogSelector struct {
-	ServiceIDs []string `protobuf:"bytes,1,rep,name=service_ids,json=serviceIds" json:"service_ids,omitempty"`
-	NodeIDs    []string `protobuf:"bytes,2,rep,name=node_ids,json=nodeIds" json:"node_ids,omitempty"`
-	TaskIDs    []string `protobuf:"bytes,3,rep,name=task_ids,json=taskIds" json:"task_ids,omitempty"`
+	ServiceIDs []string `protobuf:"bytes,1,rep,name=service_ids,json=serviceIds,proto3" json:"service_ids,omitempty"`
+	NodeIDs    []string `protobuf:"bytes,2,rep,name=node_ids,json=nodeIds,proto3" json:"node_ids,omitempty"`
+	TaskIDs    []string `protobuf:"bytes,3,rep,name=task_ids,json=taskIds,proto3" json:"task_ids,omitempty"`
+}
+
+func (m *LogSelector) Reset()      { *m = LogSelector{} }
+func (*LogSelector) ProtoMessage() {}
+func (*LogSelector) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{1}
+}
+func (m *LogSelector) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *LogSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_LogSelector.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *LogSelector) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogSelector.Merge(m, src)
+}
+func (m *LogSelector) XXX_Size() int {
+	return m.Size()
+}
+func (m *LogSelector) XXX_DiscardUnknown() {
+	xxx_messageInfo_LogSelector.DiscardUnknown(m)
 }
 
-func (m *LogSelector) Reset()                    { *m = LogSelector{} }
-func (*LogSelector) ProtoMessage()               {}
-func (*LogSelector) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{1} }
+var xxx_messageInfo_LogSelector proto.InternalMessageInfo
 
 // LogContext marks the context from which a log message was generated.
 type LogContext struct {
@@ -112,9 +176,37 @@ type LogContext struct {
 	TaskID    string `protobuf:"bytes,3,opt,name=task_id,json=taskId,proto3" json:"task_id,omitempty"`
 }
 
-func (m *LogContext) Reset()                    { *m = LogContext{} }
-func (*LogContext) ProtoMessage()               {}
-func (*LogContext) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{2} }
+func (m *LogContext) Reset()      { *m = LogContext{} }
+func (*LogContext) ProtoMessage() {}
+func (*LogContext) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{2}
+}
+func (m *LogContext) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *LogContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_LogContext.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *LogContext) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogContext.Merge(m, src)
+}
+func (m *LogContext) XXX_Size() int {
+	return m.Size()
+}
+func (m *LogContext) XXX_DiscardUnknown() {
+	xxx_messageInfo_LogContext.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LogContext proto.InternalMessageInfo
 
 // LogAttr is an extra key/value pair that may be have been set by users
 type LogAttr struct {
@@ -122,47 +214,159 @@ type LogAttr struct {
 	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
 }
 
-func (m *LogAttr) Reset()                    { *m = LogAttr{} }
-func (*LogAttr) ProtoMessage()               {}
-func (*LogAttr) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{3} }
+func (m *LogAttr) Reset()      { *m = LogAttr{} }
+func (*LogAttr) ProtoMessage() {}
+func (*LogAttr) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{3}
+}
+func (m *LogAttr) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *LogAttr) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_LogAttr.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *LogAttr) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogAttr.Merge(m, src)
+}
+func (m *LogAttr) XXX_Size() int {
+	return m.Size()
+}
+func (m *LogAttr) XXX_DiscardUnknown() {
+	xxx_messageInfo_LogAttr.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LogAttr proto.InternalMessageInfo
 
 // LogMessage
 type LogMessage struct {
 	// Context identifies the source of the log message.
-	Context LogContext `protobuf:"bytes,1,opt,name=context" json:"context"`
+	Context LogContext `protobuf:"bytes,1,opt,name=context,proto3" json:"context"`
 	// Timestamp is the time at which the message was generated.
 	// Note: can't use stdtime because this field is nullable.
-	Timestamp *google_protobuf.Timestamp `protobuf:"bytes,2,opt,name=timestamp" json:"timestamp,omitempty"`
+	Timestamp *types.Timestamp `protobuf:"bytes,2,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
 	// Stream identifies the stream of the log message, stdout or stderr.
 	Stream LogStream `protobuf:"varint,3,opt,name=stream,proto3,enum=docker.swarmkit.v1.LogStream" json:"stream,omitempty"`
 	// Data is the raw log message, as generated by the application.
 	Data []byte `protobuf:"bytes,4,opt,name=data,proto3" json:"data,omitempty"`
 	// Attrs is a list of key value pairs representing additional log details
 	// that may have been returned from the logger
-	Attrs []LogAttr `protobuf:"bytes,5,rep,name=attrs" json:"attrs"`
+	Attrs []LogAttr `protobuf:"bytes,5,rep,name=attrs,proto3" json:"attrs"`
+}
+
+func (m *LogMessage) Reset()      { *m = LogMessage{} }
+func (*LogMessage) ProtoMessage() {}
+func (*LogMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{4}
+}
+func (m *LogMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *LogMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_LogMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *LogMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogMessage.Merge(m, src)
+}
+func (m *LogMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *LogMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_LogMessage.DiscardUnknown(m)
 }
 
-func (m *LogMessage) Reset()                    { *m = LogMessage{} }
-func (*LogMessage) ProtoMessage()               {}
-func (*LogMessage) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{4} }
+var xxx_messageInfo_LogMessage proto.InternalMessageInfo
 
 type SubscribeLogsRequest struct {
 	// LogSelector describes the logs to which the subscriber is
-	Selector *LogSelector            `protobuf:"bytes,1,opt,name=selector" json:"selector,omitempty"`
-	Options  *LogSubscriptionOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
+	Selector *LogSelector            `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"`
+	Options  *LogSubscriptionOptions `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"`
 }
 
-func (m *SubscribeLogsRequest) Reset()                    { *m = SubscribeLogsRequest{} }
-func (*SubscribeLogsRequest) ProtoMessage()               {}
-func (*SubscribeLogsRequest) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{5} }
+func (m *SubscribeLogsRequest) Reset()      { *m = SubscribeLogsRequest{} }
+func (*SubscribeLogsRequest) ProtoMessage() {}
+func (*SubscribeLogsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{5}
+}
+func (m *SubscribeLogsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SubscribeLogsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SubscribeLogsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SubscribeLogsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SubscribeLogsRequest.Merge(m, src)
+}
+func (m *SubscribeLogsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *SubscribeLogsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_SubscribeLogsRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SubscribeLogsRequest proto.InternalMessageInfo
 
 type SubscribeLogsMessage struct {
-	Messages []LogMessage `protobuf:"bytes,1,rep,name=messages" json:"messages"`
+	Messages []LogMessage `protobuf:"bytes,1,rep,name=messages,proto3" json:"messages"`
 }
 
-func (m *SubscribeLogsMessage) Reset()                    { *m = SubscribeLogsMessage{} }
-func (*SubscribeLogsMessage) ProtoMessage()               {}
-func (*SubscribeLogsMessage) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{6} }
+func (m *SubscribeLogsMessage) Reset()      { *m = SubscribeLogsMessage{} }
+func (*SubscribeLogsMessage) ProtoMessage() {}
+func (*SubscribeLogsMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{6}
+}
+func (m *SubscribeLogsMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SubscribeLogsMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SubscribeLogsMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SubscribeLogsMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SubscribeLogsMessage.Merge(m, src)
+}
+func (m *SubscribeLogsMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *SubscribeLogsMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_SubscribeLogsMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SubscribeLogsMessage proto.InternalMessageInfo
 
 // ListenSubscriptionsRequest is a placeholder to begin listening for
 // subscriptions.
@@ -172,9 +376,35 @@ type ListenSubscriptionsRequest struct {
 func (m *ListenSubscriptionsRequest) Reset()      { *m = ListenSubscriptionsRequest{} }
 func (*ListenSubscriptionsRequest) ProtoMessage() {}
 func (*ListenSubscriptionsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptorLogbroker, []int{7}
+	return fileDescriptor_d5aa8d24ac30376c, []int{7}
+}
+func (m *ListenSubscriptionsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListenSubscriptionsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListenSubscriptionsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListenSubscriptionsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListenSubscriptionsRequest.Merge(m, src)
+}
+func (m *ListenSubscriptionsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListenSubscriptionsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListenSubscriptionsRequest.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_ListenSubscriptionsRequest proto.InternalMessageInfo
+
 // SubscriptionMessage instructs the listener to start publishing messages for
 // the stream or end a subscription.
 //
@@ -183,24 +413,52 @@ type SubscriptionMessage struct {
 	// ID identifies the subscription.
 	ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	// Selector defines which sources should be sent for the subscription.
-	Selector *LogSelector `protobuf:"bytes,2,opt,name=selector" json:"selector,omitempty"`
+	Selector *LogSelector `protobuf:"bytes,2,opt,name=selector,proto3" json:"selector,omitempty"`
 	// Options specify how the subscription should be satisfied.
-	Options *LogSubscriptionOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+	Options *LogSubscriptionOptions `protobuf:"bytes,3,opt,name=options,proto3" json:"options,omitempty"`
 	// Close will be true if the node should shutdown the subscription with the
 	// provided identifier.
 	Close bool `protobuf:"varint,4,opt,name=close,proto3" json:"close,omitempty"`
 }
 
-func (m *SubscriptionMessage) Reset()                    { *m = SubscriptionMessage{} }
-func (*SubscriptionMessage) ProtoMessage()               {}
-func (*SubscriptionMessage) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{8} }
+func (m *SubscriptionMessage) Reset()      { *m = SubscriptionMessage{} }
+func (*SubscriptionMessage) ProtoMessage() {}
+func (*SubscriptionMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{8}
+}
+func (m *SubscriptionMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SubscriptionMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SubscriptionMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SubscriptionMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SubscriptionMessage.Merge(m, src)
+}
+func (m *SubscriptionMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *SubscriptionMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_SubscriptionMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SubscriptionMessage proto.InternalMessageInfo
 
 type PublishLogsMessage struct {
 	// SubscriptionID identifies which subscription the set of messages should
 	// be sent to. We can think of this as a "mail box" for the subscription.
 	SubscriptionID string `protobuf:"bytes,1,opt,name=subscription_id,json=subscriptionId,proto3" json:"subscription_id,omitempty"`
 	// Messages is the log message for publishing.
-	Messages []LogMessage `protobuf:"bytes,2,rep,name=messages" json:"messages"`
+	Messages []LogMessage `protobuf:"bytes,2,rep,name=messages,proto3" json:"messages"`
 	// Close is a boolean for whether or not the client has completed its log
 	// stream. When close is called, the manager can hang up the subscription.
 	// Any further logs from this subscription are an error condition. Any
@@ -208,18 +466,75 @@ type PublishLogsMessage struct {
 	Close bool `protobuf:"varint,3,opt,name=close,proto3" json:"close,omitempty"`
 }
 
-func (m *PublishLogsMessage) Reset()                    { *m = PublishLogsMessage{} }
-func (*PublishLogsMessage) ProtoMessage()               {}
-func (*PublishLogsMessage) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{9} }
+func (m *PublishLogsMessage) Reset()      { *m = PublishLogsMessage{} }
+func (*PublishLogsMessage) ProtoMessage() {}
+func (*PublishLogsMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{9}
+}
+func (m *PublishLogsMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PublishLogsMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PublishLogsMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PublishLogsMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PublishLogsMessage.Merge(m, src)
+}
+func (m *PublishLogsMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *PublishLogsMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_PublishLogsMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PublishLogsMessage proto.InternalMessageInfo
 
 type PublishLogsResponse struct {
 }
 
-func (m *PublishLogsResponse) Reset()                    { *m = PublishLogsResponse{} }
-func (*PublishLogsResponse) ProtoMessage()               {}
-func (*PublishLogsResponse) Descriptor() ([]byte, []int) { return fileDescriptorLogbroker, []int{10} }
+func (m *PublishLogsResponse) Reset()      { *m = PublishLogsResponse{} }
+func (*PublishLogsResponse) ProtoMessage() {}
+func (*PublishLogsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5aa8d24ac30376c, []int{10}
+}
+func (m *PublishLogsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PublishLogsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PublishLogsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PublishLogsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PublishLogsResponse.Merge(m, src)
+}
+func (m *PublishLogsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *PublishLogsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_PublishLogsResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PublishLogsResponse proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.LogStream", LogStream_name, LogStream_value)
 	proto.RegisterType((*LogSubscriptionOptions)(nil), "docker.swarmkit.v1.LogSubscriptionOptions")
 	proto.RegisterType((*LogSelector)(nil), "docker.swarmkit.v1.LogSelector")
 	proto.RegisterType((*LogContext)(nil), "docker.swarmkit.v1.LogContext")
@@ -231,7 +546,76 @@ func init() {
 	proto.RegisterType((*SubscriptionMessage)(nil), "docker.swarmkit.v1.SubscriptionMessage")
 	proto.RegisterType((*PublishLogsMessage)(nil), "docker.swarmkit.v1.PublishLogsMessage")
 	proto.RegisterType((*PublishLogsResponse)(nil), "docker.swarmkit.v1.PublishLogsResponse")
-	proto.RegisterEnum("docker.swarmkit.v1.LogStream", LogStream_name, LogStream_value)
+}
+
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/logbroker.proto", fileDescriptor_d5aa8d24ac30376c)
+}
+
+var fileDescriptor_d5aa8d24ac30376c = []byte{
+	// 979 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x95, 0x41, 0x6f, 0x1b, 0x45,
+	0x14, 0xc7, 0x3d, 0xeb, 0xc4, 0x8e, 0x9f, 0x9b, 0xc4, 0x9d, 0xa4, 0x91, 0x65, 0xe8, 0xda, 0xda,
+	0xa2, 0x62, 0x45, 0x65, 0xdd, 0x1a, 0xa1, 0x22, 0x45, 0x42, 0xd4, 0xa4, 0x42, 0x16, 0x6e, 0x82,
+	0x26, 0x8e, 0xe0, 0x16, 0xad, 0xed, 0xe9, 0x76, 0xe5, 0xf5, 0x8e, 0xd9, 0x19, 0x27, 0x20, 0x71,
+	0xe0, 0x50, 0x24, 0x94, 0x03, 0xe2, 0x82, 0x04, 0x87, 0x9e, 0xe8, 0x05, 0x21, 0x71, 0xe1, 0xc6,
+	0x07, 0x40, 0x11, 0xa7, 0x1e, 0x7b, 0xb2, 0xe8, 0xe6, 0xce, 0x67, 0x40, 0x3b, 0xb3, 0x5e, 0x6f,
+	0xb0, 0x9d, 0xa2, 0x72, 0xb1, 0x67, 0x3c, 0xbf, 0xb7, 0xef, 0xff, 0xfe, 0xf3, 0xde, 0x1a, 0x4c,
+	0xdb, 0x11, 0x8f, 0x46, 0x1d, 0xb3, 0xcb, 0x06, 0xb5, 0x1e, 0xeb, 0xf6, 0xa9, 0x5f, 0xe3, 0x27,
+	0x96, 0x3f, 0xe8, 0x3b, 0xa2, 0x66, 0x0d, 0x9d, 0x9a, 0xcb, 0xec, 0x8e, 0xcf, 0xfa, 0xd4, 0x37,
+	0x87, 0x3e, 0x13, 0x0c, 0x63, 0x05, 0x99, 0x13, 0xc8, 0x3c, 0xbe, 0x53, 0xda, 0xb4, 0x99, 0xcd,
+	0xe4, 0x71, 0x2d, 0x5c, 0x29, 0xb2, 0x54, 0xb6, 0x19, 0xb3, 0x5d, 0x5a, 0x93, 0xbb, 0xce, 0xe8,
+	0x61, 0x4d, 0x38, 0x03, 0xca, 0x85, 0x35, 0x18, 0x46, 0xc0, 0xdd, 0x4b, 0x52, 0xc7, 0x41, 0x43,
+	0x77, 0x64, 0x3b, 0x5e, 0xf4, 0xa5, 0x02, 0x8d, 0xdf, 0x10, 0x6c, 0xb5, 0x98, 0x7d, 0x30, 0xea,
+	0xf0, 0xae, 0xef, 0x0c, 0x85, 0xc3, 0xbc, 0x7d, 0xf9, 0xc9, 0xf1, 0x0e, 0x64, 0xb9, 0xf0, 0xa9,
+	0x35, 0xe0, 0x45, 0x54, 0x49, 0x57, 0xd7, 0xea, 0xd7, 0xcd, 0x59, 0xc1, 0x66, 0x18, 0x2c, 0xa9,
+	0x86, 0x56, 0x48, 0x91, 0x49, 0x04, 0xde, 0x82, 0xcc, 0x43, 0xe6, 0xba, 0xec, 0xa4, 0xa8, 0x55,
+	0x50, 0x75, 0x85, 0x44, 0x3b, 0x8c, 0x61, 0x49, 0x58, 0x8e, 0x5b, 0x4c, 0x57, 0x50, 0x35, 0x4d,
+	0xe4, 0x1a, 0xdf, 0x86, 0x65, 0xee, 0x78, 0x5d, 0x5a, 0x5c, 0xaa, 0xa0, 0x6a, 0xbe, 0x5e, 0x32,
+	0x55, 0xb5, 0xe6, 0x44, 0xb8, 0xd9, 0x9e, 0x54, 0x4b, 0x14, 0x68, 0x7c, 0x8b, 0x20, 0x1f, 0x26,
+	0xa6, 0x2e, 0xed, 0x0a, 0xe6, 0xe3, 0x1a, 0xe4, 0x39, 0xf5, 0x8f, 0x9d, 0x2e, 0x3d, 0x72, 0x7a,
+	0x4a, 0x6e, 0xae, 0xb1, 0x16, 0x8c, 0xcb, 0x70, 0xa0, 0x7e, 0x6e, 0xee, 0x72, 0x02, 0x11, 0xd2,
+	0xec, 0x71, 0x7c, 0x13, 0x56, 0x3c, 0xd6, 0x53, 0xb4, 0x26, 0xe9, 0x7c, 0x30, 0x2e, 0x67, 0xf7,
+	0x58, 0x4f, 0xa2, 0xd9, 0xf0, 0x30, 0xe2, 0x84, 0xc5, 0xfb, 0x92, 0x4b, 0x4f, 0xb9, 0xb6, 0xc5,
+	0xfb, 0x92, 0x0b, 0x0f, 0x9b, 0x3d, 0x6e, 0x3c, 0x46, 0x00, 0x2d, 0x66, 0x7f, 0xc0, 0x3c, 0x41,
+	0x3f, 0x17, 0xf8, 0x16, 0xc0, 0x54, 0x4f, 0x11, 0x55, 0x50, 0x35, 0xd7, 0x58, 0x0d, 0xc6, 0xe5,
+	0x5c, 0x2c, 0x87, 0xe4, 0x62, 0x35, 0xf8, 0x06, 0x64, 0x23, 0x31, 0xd2, 0xac, 0x5c, 0x03, 0x82,
+	0x71, 0x39, 0xa3, 0xb4, 0x90, 0x8c, 0x92, 0x12, 0x42, 0x91, 0x12, 0xe9, 0x5d, 0x04, 0x29, 0x21,
+	0x24, 0xa3, 0x74, 0x18, 0x77, 0x20, 0xdb, 0x62, 0xf6, 0x3d, 0x21, 0x7c, 0x5c, 0x80, 0x74, 0x9f,
+	0x7e, 0xa1, 0x72, 0x93, 0x70, 0x89, 0x37, 0x61, 0xf9, 0xd8, 0x72, 0x47, 0x54, 0x25, 0x21, 0x6a,
+	0x63, 0x9c, 0x6a, 0x52, 0xf9, 0x03, 0xca, 0xb9, 0x65, 0x53, 0xfc, 0x1e, 0x64, 0xbb, 0xaa, 0x08,
+	0x19, 0x9a, 0xaf, 0xeb, 0x0b, 0x2e, 0x3d, 0x2a, 0xb5, 0xb1, 0x74, 0x36, 0x2e, 0xa7, 0xc8, 0x24,
+	0x08, 0xbf, 0x0b, 0xb9, 0xb8, 0x37, 0x65, 0xa2, 0xcb, 0xef, 0x73, 0x0a, 0xe3, 0x77, 0x20, 0xa3,
+	0x9a, 0x47, 0xd6, 0xf7, 0xb2, 0x6e, 0x23, 0x11, 0x1c, 0x36, 0x54, 0xcf, 0x12, 0x96, 0xec, 0x9d,
+	0x2b, 0x44, 0xae, 0xf1, 0x5d, 0x58, 0xb6, 0x84, 0xf0, 0x79, 0x71, 0xb9, 0x92, 0xae, 0xe6, 0xeb,
+	0xaf, 0x2d, 0x78, 0x52, 0xe8, 0x53, 0xa4, 0x5f, 0xf1, 0xc6, 0x8f, 0x08, 0x36, 0xa3, 0x51, 0xe8,
+	0xd0, 0x16, 0xb3, 0x39, 0xa1, 0x9f, 0x8d, 0x28, 0x17, 0x78, 0x07, 0x56, 0x78, 0xd4, 0x6c, 0x91,
+	0x2f, 0xe5, 0x45, 0xf2, 0x22, 0x8c, 0xc4, 0x01, 0x78, 0x17, 0xb2, 0x4c, 0xcd, 0x54, 0xe4, 0xc8,
+	0xf6, 0xa2, 0xd8, 0xd9, 0x29, 0x24, 0x93, 0x50, 0xe3, 0xd3, 0x7f, 0x49, 0x9b, 0xdc, 0xd8, 0xfb,
+	0xb0, 0x32, 0x50, 0x4b, 0xd5, 0xf8, 0x8b, 0xaf, 0x2c, 0x8a, 0x88, 0x4a, 0x8e, 0xa3, 0x8c, 0xd7,
+	0xa1, 0xd4, 0x72, 0xb8, 0xa0, 0x5e, 0x32, 0xff, 0xa4, 0x74, 0xe3, 0x0f, 0x04, 0x1b, 0xc9, 0x83,
+	0x49, 0xde, 0x2d, 0xd0, 0xe2, 0xde, 0xce, 0x04, 0xe3, 0xb2, 0xd6, 0xdc, 0x25, 0x9a, 0xd3, 0xbb,
+	0x60, 0x95, 0xf6, 0x3f, 0xac, 0x4a, 0xbf, 0xb2, 0x55, 0x61, 0xa7, 0x77, 0x5d, 0xc6, 0xd5, 0x0b,
+	0x65, 0x85, 0xa8, 0x8d, 0xf1, 0x33, 0x02, 0xfc, 0xf1, 0xa8, 0xe3, 0x3a, 0xfc, 0x51, 0xd2, 0xbf,
+	0x1d, 0x58, 0xe7, 0x89, 0x87, 0x4d, 0x07, 0x16, 0x07, 0xe3, 0xf2, 0x5a, 0x32, 0x4f, 0x73, 0x97,
+	0xac, 0x25, 0xd1, 0x66, 0xef, 0x82, 0xf9, 0xda, 0xab, 0x98, 0x3f, 0xd5, 0x9a, 0x4e, 0x6a, 0xbd,
+	0x06, 0x1b, 0x09, 0xa9, 0x84, 0xf2, 0x21, 0xf3, 0x38, 0xdd, 0x7e, 0x8a, 0x20, 0x17, 0x8f, 0x00,
+	0xbe, 0x05, 0xb8, 0xb5, 0xff, 0xe1, 0xd1, 0x41, 0x9b, 0xdc, 0xbf, 0xf7, 0xe0, 0xe8, 0x70, 0xef,
+	0xa3, 0xbd, 0xfd, 0x4f, 0xf6, 0x0a, 0xa9, 0xd2, 0xe6, 0xe9, 0x93, 0x4a, 0x21, 0xc6, 0x0e, 0xbd,
+	0xbe, 0xc7, 0x4e, 0x3c, 0xbc, 0x0d, 0x57, 0x13, 0xf4, 0x41, 0x7b, 0x77, 0xff, 0xb0, 0x5d, 0x40,
+	0xa5, 0x8d, 0xd3, 0x27, 0x95, 0xf5, 0x18, 0x3e, 0x10, 0x3d, 0x36, 0x12, 0xb3, 0xec, 0x7d, 0x42,
+	0x0a, 0xda, 0x2c, 0x4b, 0x7d, 0xbf, 0x74, 0xf5, 0x9b, 0x9f, 0xf4, 0xd4, 0xef, 0x4f, 0xf5, 0xa9,
+	0xb0, 0xfa, 0x63, 0x04, 0x4b, 0xa1, 0x6e, 0xfc, 0x25, 0xac, 0x5e, 0xe8, 0x59, 0x5c, 0x9d, 0xe7,
+	0xce, 0xbc, 0x89, 0x2b, 0xbd, 0x9c, 0x8c, 0x1c, 0x35, 0xae, 0xfd, 0xf9, 0xeb, 0xdf, 0x3f, 0x68,
+	0xeb, 0xb0, 0x2a, 0xc9, 0xb7, 0x06, 0x96, 0x67, 0xd9, 0xd4, 0xbf, 0x8d, 0xea, 0xbf, 0x68, 0xd2,
+	0xad, 0x86, 0xfc, 0xcf, 0xc5, 0xdf, 0x23, 0xd8, 0x98, 0xd3, 0xe6, 0xd8, 0x9c, 0x7b, 0x61, 0x0b,
+	0xe7, 0xa1, 0xf4, 0xe6, 0x25, 0xc2, 0x92, 0x03, 0x62, 0xdc, 0x90, 0xba, 0xae, 0xc3, 0x15, 0xa5,
+	0xeb, 0x84, 0xf9, 0x7d, 0xea, 0xcf, 0xa8, 0xc4, 0x5f, 0x23, 0xc8, 0x27, 0xee, 0x1a, 0xdf, 0x9c,
+	0xf7, 0xfc, 0xd9, 0xbe, 0x9d, 0xaf, 0x63, 0x4e, 0xd3, 0xfc, 0x27, 0x1d, 0x55, 0xd4, 0x78, 0xe3,
+	0xec, 0x85, 0x9e, 0x7a, 0xfe, 0x42, 0x4f, 0x7d, 0x15, 0xe8, 0xe8, 0x2c, 0xd0, 0xd1, 0xb3, 0x40,
+	0x47, 0x7f, 0x05, 0x3a, 0xfa, 0xee, 0x5c, 0x4f, 0x3d, 0x3b, 0xd7, 0x53, 0xcf, 0xcf, 0xf5, 0x54,
+	0x27, 0x23, 0x5f, 0xe2, 0x6f, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x00, 0xba, 0x6b, 0x91, 0xec,
+	0x08, 0x00, 0x00,
 }
 
 type authenticatedWrapperLogsServer struct {
@@ -301,8 +685,8 @@ func (m *LogSubscriptionOptions) CopyFrom(src interface{}) {
 	}
 
 	if o.Since != nil {
-		m.Since = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.Since, o.Since)
+		m.Since = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Since, o.Since)
 	}
 }
 
@@ -379,10 +763,10 @@ func (m *LogMessage) CopyFrom(src interface{}) {
 
 	o := src.(*LogMessage)
 	*m = *o
-	deepcopy.Copy(&m.Context, &o.Context)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Context, &o.Context)
 	if o.Timestamp != nil {
-		m.Timestamp = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.Timestamp, o.Timestamp)
+		m.Timestamp = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Timestamp, o.Timestamp)
 	}
 	if o.Data != nil {
 		m.Data = make([]byte, len(o.Data))
@@ -391,7 +775,7 @@ func (m *LogMessage) CopyFrom(src interface{}) {
 	if o.Attrs != nil {
 		m.Attrs = make([]LogAttr, len(o.Attrs))
 		for i := range m.Attrs {
-			deepcopy.Copy(&m.Attrs[i], &o.Attrs[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(&m.Attrs[i], &o.Attrs[i])
 		}
 	}
 
@@ -412,11 +796,11 @@ func (m *SubscribeLogsRequest) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Selector != nil {
 		m.Selector = &LogSelector{}
-		deepcopy.Copy(m.Selector, o.Selector)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Selector, o.Selector)
 	}
 	if o.Options != nil {
 		m.Options = &LogSubscriptionOptions{}
-		deepcopy.Copy(m.Options, o.Options)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Options, o.Options)
 	}
 }
 
@@ -436,7 +820,7 @@ func (m *SubscribeLogsMessage) CopyFrom(src interface{}) {
 	if o.Messages != nil {
 		m.Messages = make([]LogMessage, len(o.Messages))
 		for i := range m.Messages {
-			deepcopy.Copy(&m.Messages[i], &o.Messages[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(&m.Messages[i], &o.Messages[i])
 		}
 	}
 
@@ -467,11 +851,11 @@ func (m *SubscriptionMessage) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Selector != nil {
 		m.Selector = &LogSelector{}
-		deepcopy.Copy(m.Selector, o.Selector)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Selector, o.Selector)
 	}
 	if o.Options != nil {
 		m.Options = &LogSubscriptionOptions{}
-		deepcopy.Copy(m.Options, o.Options)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Options, o.Options)
 	}
 }
 
@@ -491,7 +875,7 @@ func (m *PublishLogsMessage) CopyFrom(src interface{}) {
 	if o.Messages != nil {
 		m.Messages = make([]LogMessage, len(o.Messages))
 		for i := range m.Messages {
-			deepcopy.Copy(&m.Messages[i], &o.Messages[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(&m.Messages[i], &o.Messages[i])
 		}
 	}
 
@@ -516,8 +900,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Logs service
-
+// LogsClient is the client API for Logs service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type LogsClient interface {
 	// SubscribeLogs starts a subscription with the specified selector and options.
 	//
@@ -537,7 +922,7 @@ func NewLogsClient(cc *grpc.ClientConn) LogsClient {
 }
 
 func (c *logsClient) SubscribeLogs(ctx context.Context, in *SubscribeLogsRequest, opts ...grpc.CallOption) (Logs_SubscribeLogsClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Logs_serviceDesc.Streams[0], c.cc, "/docker.swarmkit.v1.Logs/SubscribeLogs", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Logs_serviceDesc.Streams[0], "/docker.swarmkit.v1.Logs/SubscribeLogs", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -568,8 +953,7 @@ func (x *logsSubscribeLogsClient) Recv() (*SubscribeLogsMessage, error) {
 	return m, nil
 }
 
-// Server API for Logs service
-
+// LogsServer is the server API for Logs service.
 type LogsServer interface {
 	// SubscribeLogs starts a subscription with the specified selector and options.
 	//
@@ -580,6 +964,14 @@ type LogsServer interface {
 	SubscribeLogs(*SubscribeLogsRequest, Logs_SubscribeLogsServer) error
 }
 
+// UnimplementedLogsServer can be embedded to have forward compatible implementations.
+type UnimplementedLogsServer struct {
+}
+
+func (*UnimplementedLogsServer) SubscribeLogs(req *SubscribeLogsRequest, srv Logs_SubscribeLogsServer) error {
+	return status.Errorf(codes.Unimplemented, "method SubscribeLogs not implemented")
+}
+
 func RegisterLogsServer(s *grpc.Server, srv LogsServer) {
 	s.RegisterService(&_Logs_serviceDesc, srv)
 }
@@ -619,8 +1011,9 @@ var _Logs_serviceDesc = grpc.ServiceDesc{
 	Metadata: "github.com/docker/swarmkit/api/logbroker.proto",
 }
 
-// Client API for LogBroker service
-
+// LogBrokerClient is the client API for LogBroker service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type LogBrokerClient interface {
 	// ListenSubscriptions starts a subscription stream for the node. For each
 	// message received, the node should attempt to satisfy the subscription.
@@ -642,7 +1035,7 @@ func NewLogBrokerClient(cc *grpc.ClientConn) LogBrokerClient {
 }
 
 func (c *logBrokerClient) ListenSubscriptions(ctx context.Context, in *ListenSubscriptionsRequest, opts ...grpc.CallOption) (LogBroker_ListenSubscriptionsClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_LogBroker_serviceDesc.Streams[0], c.cc, "/docker.swarmkit.v1.LogBroker/ListenSubscriptions", opts...)
+	stream, err := c.cc.NewStream(ctx, &_LogBroker_serviceDesc.Streams[0], "/docker.swarmkit.v1.LogBroker/ListenSubscriptions", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -674,7 +1067,7 @@ func (x *logBrokerListenSubscriptionsClient) Recv() (*SubscriptionMessage, error
 }
 
 func (c *logBrokerClient) PublishLogs(ctx context.Context, opts ...grpc.CallOption) (LogBroker_PublishLogsClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_LogBroker_serviceDesc.Streams[1], c.cc, "/docker.swarmkit.v1.LogBroker/PublishLogs", opts...)
+	stream, err := c.cc.NewStream(ctx, &_LogBroker_serviceDesc.Streams[1], "/docker.swarmkit.v1.LogBroker/PublishLogs", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -707,8 +1100,7 @@ func (x *logBrokerPublishLogsClient) CloseAndRecv() (*PublishLogsResponse, error
 	return m, nil
 }
 
-// Server API for LogBroker service
-
+// LogBrokerServer is the server API for LogBroker service.
 type LogBrokerServer interface {
 	// ListenSubscriptions starts a subscription stream for the node. For each
 	// message received, the node should attempt to satisfy the subscription.
@@ -721,6 +1113,17 @@ type LogBrokerServer interface {
 	PublishLogs(LogBroker_PublishLogsServer) error
 }
 
+// UnimplementedLogBrokerServer can be embedded to have forward compatible implementations.
+type UnimplementedLogBrokerServer struct {
+}
+
+func (*UnimplementedLogBrokerServer) ListenSubscriptions(req *ListenSubscriptionsRequest, srv LogBroker_ListenSubscriptionsServer) error {
+	return status.Errorf(codes.Unimplemented, "method ListenSubscriptions not implemented")
+}
+func (*UnimplementedLogBrokerServer) PublishLogs(srv LogBroker_PublishLogsServer) error {
+	return status.Errorf(codes.Unimplemented, "method PublishLogs not implemented")
+}
+
 func RegisterLogBrokerServer(s *grpc.Server, srv LogBrokerServer) {
 	s.RegisterService(&_LogBroker_serviceDesc, srv)
 }
@@ -794,7 +1197,7 @@ var _LogBroker_serviceDesc = grpc.ServiceDesc{
 func (m *LogSubscriptionOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -802,49 +1205,56 @@ func (m *LogSubscriptionOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *LogSubscriptionOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *LogSubscriptionOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Streams) > 0 {
-		for _, num := range m.Streams {
-			dAtA[i] = 0x8
-			i++
-			i = encodeVarintLogbroker(dAtA, i, uint64(num))
+	if m.Since != nil {
+		{
+			size, err := m.Since.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintLogbroker(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.Tail != 0 {
+		i = encodeVarintLogbroker(dAtA, i, uint64(m.Tail))
+		i--
+		dAtA[i] = 0x18
 	}
 	if m.Follow {
-		dAtA[i] = 0x10
-		i++
+		i--
 		if m.Follow {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if m.Tail != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(m.Tail))
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.Since != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(m.Since.Size()))
-		n1, err := m.Since.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Streams) > 0 {
+		for iNdEx := len(m.Streams) - 1; iNdEx >= 0; iNdEx-- {
+			i = encodeVarintLogbroker(dAtA, i, uint64(m.Streams[iNdEx]))
+			i--
+			dAtA[i] = 0x8
 		}
-		i += n1
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *LogSelector) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -852,62 +1262,49 @@ func (m *LogSelector) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *LogSelector) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *LogSelector) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ServiceIDs) > 0 {
-		for _, s := range m.ServiceIDs {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.TaskIDs) > 0 {
+		for iNdEx := len(m.TaskIDs) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.TaskIDs[iNdEx])
+			copy(dAtA[i:], m.TaskIDs[iNdEx])
+			i = encodeVarintLogbroker(dAtA, i, uint64(len(m.TaskIDs[iNdEx])))
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
 	if len(m.NodeIDs) > 0 {
-		for _, s := range m.NodeIDs {
+		for iNdEx := len(m.NodeIDs) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.NodeIDs[iNdEx])
+			copy(dAtA[i:], m.NodeIDs[iNdEx])
+			i = encodeVarintLogbroker(dAtA, i, uint64(len(m.NodeIDs[iNdEx])))
+			i--
 			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	if len(m.TaskIDs) > 0 {
-		for _, s := range m.TaskIDs {
-			dAtA[i] = 0x1a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.ServiceIDs) > 0 {
+		for iNdEx := len(m.ServiceIDs) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ServiceIDs[iNdEx])
+			copy(dAtA[i:], m.ServiceIDs[iNdEx])
+			i = encodeVarintLogbroker(dAtA, i, uint64(len(m.ServiceIDs[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *LogContext) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -915,35 +1312,43 @@ func (m *LogContext) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *LogContext) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *LogContext) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ServiceID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.ServiceID)))
-		i += copy(dAtA[i:], m.ServiceID)
+	if len(m.TaskID) > 0 {
+		i -= len(m.TaskID)
+		copy(dAtA[i:], m.TaskID)
+		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.TaskID)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.NodeID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
 		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.TaskID) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.TaskID)))
-		i += copy(dAtA[i:], m.TaskID)
+	if len(m.ServiceID) > 0 {
+		i -= len(m.ServiceID)
+		copy(dAtA[i:], m.ServiceID)
+		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.ServiceID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *LogAttr) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -951,29 +1356,36 @@ func (m *LogAttr) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *LogAttr) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *LogAttr) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Key) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
-	}
 	if len(m.Value) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Value)
+		copy(dAtA[i:], m.Value)
 		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.Value)))
-		i += copy(dAtA[i:], m.Value)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Key) > 0 {
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
+		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.Key)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *LogMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -981,58 +1393,70 @@ func (m *LogMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *LogMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *LogMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintLogbroker(dAtA, i, uint64(m.Context.Size()))
-	n2, err := m.Context.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n2
-	if m.Timestamp != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(m.Timestamp.Size()))
-		n3, err := m.Timestamp.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Attrs) > 0 {
+		for iNdEx := len(m.Attrs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Attrs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintLogbroker(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x2a
 		}
-		i += n3
-	}
-	if m.Stream != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(m.Stream))
 	}
 	if len(m.Data) > 0 {
-		dAtA[i] = 0x22
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.Attrs) > 0 {
-		for _, msg := range m.Attrs {
-			dAtA[i] = 0x2a
-			i++
-			i = encodeVarintLogbroker(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Stream != 0 {
+		i = encodeVarintLogbroker(dAtA, i, uint64(m.Stream))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Timestamp != nil {
+		{
+			size, err := m.Timestamp.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintLogbroker(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	{
+		size, err := m.Context.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintLogbroker(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *SubscribeLogsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1040,37 +1464,46 @@ func (m *SubscribeLogsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SubscribeLogsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SubscribeLogsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Selector != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(m.Selector.Size()))
-		n4, err := m.Selector.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n4
-	}
 	if m.Options != nil {
+		{
+			size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintLogbroker(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(m.Options.Size()))
-		n5, err := m.Options.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	if m.Selector != nil {
+		{
+			size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintLogbroker(dAtA, i, uint64(size))
 		}
-		i += n5
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SubscribeLogsMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1078,29 +1511,36 @@ func (m *SubscribeLogsMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SubscribeLogsMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SubscribeLogsMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Messages) > 0 {
-		for _, msg := range m.Messages {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintLogbroker(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Messages) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Messages[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintLogbroker(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListenSubscriptionsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1108,17 +1548,22 @@ func (m *ListenSubscriptionsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListenSubscriptionsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListenSubscriptionsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SubscriptionMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1126,53 +1571,63 @@ func (m *SubscriptionMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SubscriptionMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SubscriptionMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	if m.Selector != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(m.Selector.Size()))
-		n6, err := m.Selector.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n6
-	}
-	if m.Options != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(m.Options.Size()))
-		n7, err := m.Options.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n7
-	}
 	if m.Close {
-		dAtA[i] = 0x20
-		i++
+		i--
 		if m.Close {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Options != nil {
+		{
+			size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintLogbroker(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	if m.Selector != nil {
+		{
+			size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintLogbroker(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *PublishLogsMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1180,45 +1635,53 @@ func (m *PublishLogsMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PublishLogsMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PublishLogsMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.SubscriptionID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.SubscriptionID)))
-		i += copy(dAtA[i:], m.SubscriptionID)
-	}
-	if len(m.Messages) > 0 {
-		for _, msg := range m.Messages {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintLogbroker(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
 	if m.Close {
-		dAtA[i] = 0x18
-		i++
+		i--
 		if m.Close {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.Messages) > 0 {
+		for iNdEx := len(m.Messages) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Messages[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintLogbroker(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
 	}
-	return i, nil
+	if len(m.SubscriptionID) > 0 {
+		i -= len(m.SubscriptionID)
+		copy(dAtA[i:], m.SubscriptionID)
+		i = encodeVarintLogbroker(dAtA, i, uint64(len(m.SubscriptionID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *PublishLogsResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1226,21 +1689,28 @@ func (m *PublishLogsResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PublishLogsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PublishLogsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintLogbroker(dAtA []byte, offset int, v uint64) int {
+	offset -= sovLogbroker(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 
 type raftProxyLogsServer struct {
@@ -1547,6 +2017,9 @@ func (p *raftProxyLogBrokerServer) PublishLogs(stream LogBroker_PublishLogsServe
 }
 
 func (m *LogSubscriptionOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Streams) > 0 {
@@ -1568,6 +2041,9 @@ func (m *LogSubscriptionOptions) Size() (n int) {
 }
 
 func (m *LogSelector) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.ServiceIDs) > 0 {
@@ -1592,6 +2068,9 @@ func (m *LogSelector) Size() (n int) {
 }
 
 func (m *LogContext) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ServiceID)
@@ -1610,6 +2089,9 @@ func (m *LogContext) Size() (n int) {
 }
 
 func (m *LogAttr) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Key)
@@ -1624,6 +2106,9 @@ func (m *LogAttr) Size() (n int) {
 }
 
 func (m *LogMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Context.Size()
@@ -1649,6 +2134,9 @@ func (m *LogMessage) Size() (n int) {
 }
 
 func (m *SubscribeLogsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Selector != nil {
@@ -1663,6 +2151,9 @@ func (m *SubscribeLogsRequest) Size() (n int) {
 }
 
 func (m *SubscribeLogsMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Messages) > 0 {
@@ -1675,12 +2166,18 @@ func (m *SubscribeLogsMessage) Size() (n int) {
 }
 
 func (m *ListenSubscriptionsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func (m *SubscriptionMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1702,6 +2199,9 @@ func (m *SubscriptionMessage) Size() (n int) {
 }
 
 func (m *PublishLogsMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.SubscriptionID)
@@ -1721,20 +2221,16 @@ func (m *PublishLogsMessage) Size() (n int) {
 }
 
 func (m *PublishLogsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func sovLogbroker(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozLogbroker(x uint64) (n int) {
 	return sovLogbroker(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -1747,7 +2243,7 @@ func (this *LogSubscriptionOptions) String() string {
 		`Streams:` + fmt.Sprintf("%v", this.Streams) + `,`,
 		`Follow:` + fmt.Sprintf("%v", this.Follow) + `,`,
 		`Tail:` + fmt.Sprintf("%v", this.Tail) + `,`,
-		`Since:` + strings.Replace(fmt.Sprintf("%v", this.Since), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
+		`Since:` + strings.Replace(fmt.Sprintf("%v", this.Since), "Timestamp", "types.Timestamp", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1791,12 +2287,17 @@ func (this *LogMessage) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForAttrs := "[]LogAttr{"
+	for _, f := range this.Attrs {
+		repeatedStringForAttrs += strings.Replace(strings.Replace(f.String(), "LogAttr", "LogAttr", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForAttrs += "}"
 	s := strings.Join([]string{`&LogMessage{`,
 		`Context:` + strings.Replace(strings.Replace(this.Context.String(), "LogContext", "LogContext", 1), `&`, ``, 1) + `,`,
-		`Timestamp:` + strings.Replace(fmt.Sprintf("%v", this.Timestamp), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
+		`Timestamp:` + strings.Replace(fmt.Sprintf("%v", this.Timestamp), "Timestamp", "types.Timestamp", 1) + `,`,
 		`Stream:` + fmt.Sprintf("%v", this.Stream) + `,`,
 		`Data:` + fmt.Sprintf("%v", this.Data) + `,`,
-		`Attrs:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Attrs), "LogAttr", "LogAttr", 1), `&`, ``, 1) + `,`,
+		`Attrs:` + repeatedStringForAttrs + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1806,8 +2307,8 @@ func (this *SubscribeLogsRequest) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&SubscribeLogsRequest{`,
-		`Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LogSelector", "LogSelector", 1) + `,`,
-		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "LogSubscriptionOptions", "LogSubscriptionOptions", 1) + `,`,
+		`Selector:` + strings.Replace(this.Selector.String(), "LogSelector", "LogSelector", 1) + `,`,
+		`Options:` + strings.Replace(this.Options.String(), "LogSubscriptionOptions", "LogSubscriptionOptions", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1816,8 +2317,13 @@ func (this *SubscribeLogsMessage) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMessages := "[]LogMessage{"
+	for _, f := range this.Messages {
+		repeatedStringForMessages += strings.Replace(strings.Replace(f.String(), "LogMessage", "LogMessage", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForMessages += "}"
 	s := strings.Join([]string{`&SubscribeLogsMessage{`,
-		`Messages:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Messages), "LogMessage", "LogMessage", 1), `&`, ``, 1) + `,`,
+		`Messages:` + repeatedStringForMessages + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1837,8 +2343,8 @@ func (this *SubscriptionMessage) String() string {
 	}
 	s := strings.Join([]string{`&SubscriptionMessage{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
-		`Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LogSelector", "LogSelector", 1) + `,`,
-		`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "LogSubscriptionOptions", "LogSubscriptionOptions", 1) + `,`,
+		`Selector:` + strings.Replace(this.Selector.String(), "LogSelector", "LogSelector", 1) + `,`,
+		`Options:` + strings.Replace(this.Options.String(), "LogSubscriptionOptions", "LogSubscriptionOptions", 1) + `,`,
 		`Close:` + fmt.Sprintf("%v", this.Close) + `,`,
 		`}`,
 	}, "")
@@ -1848,9 +2354,14 @@ func (this *PublishLogsMessage) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMessages := "[]LogMessage{"
+	for _, f := range this.Messages {
+		repeatedStringForMessages += strings.Replace(strings.Replace(f.String(), "LogMessage", "LogMessage", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForMessages += "}"
 	s := strings.Join([]string{`&PublishLogsMessage{`,
 		`SubscriptionID:` + fmt.Sprintf("%v", this.SubscriptionID) + `,`,
-		`Messages:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Messages), "LogMessage", "LogMessage", 1), `&`, ``, 1) + `,`,
+		`Messages:` + repeatedStringForMessages + `,`,
 		`Close:` + fmt.Sprintf("%v", this.Close) + `,`,
 		`}`,
 	}, "")
@@ -1888,7 +2399,7 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1914,7 +2425,7 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					v |= (LogStream(b) & 0x7F) << shift
+					v |= LogStream(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1931,7 +2442,7 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
+					packedLen |= int(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1940,9 +2451,16 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 					return ErrInvalidLengthLogbroker
 				}
 				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthLogbroker
+				}
 				if postIndex > l {
 					return io.ErrUnexpectedEOF
 				}
+				var elementCount int
+				if elementCount != 0 && len(m.Streams) == 0 {
+					m.Streams = make([]LogStream, 0, elementCount)
+				}
 				for iNdEx < postIndex {
 					var v LogStream
 					for shift := uint(0); ; shift += 7 {
@@ -1954,7 +2472,7 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						v |= (LogStream(b) & 0x7F) << shift
+						v |= LogStream(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1978,7 +2496,7 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1998,7 +2516,7 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Tail |= (int64(b) & 0x7F) << shift
+				m.Tail |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2017,7 +2535,7 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2026,11 +2544,14 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Since == nil {
-				m.Since = &google_protobuf.Timestamp{}
+				m.Since = &types.Timestamp{}
 			}
 			if err := m.Since.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2042,7 +2563,7 @@ func (m *LogSubscriptionOptions) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -2072,7 +2593,7 @@ func (m *LogSelector) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2100,7 +2621,7 @@ func (m *LogSelector) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2110,6 +2631,9 @@ func (m *LogSelector) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2129,7 +2653,7 @@ func (m *LogSelector) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2139,6 +2663,9 @@ func (m *LogSelector) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2158,7 +2685,7 @@ func (m *LogSelector) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2168,6 +2695,9 @@ func (m *LogSelector) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2179,7 +2709,7 @@ func (m *LogSelector) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -2209,7 +2739,7 @@ func (m *LogContext) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2237,7 +2767,7 @@ func (m *LogContext) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2247,6 +2777,9 @@ func (m *LogContext) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2266,7 +2799,7 @@ func (m *LogContext) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2276,6 +2809,9 @@ func (m *LogContext) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2295,7 +2831,7 @@ func (m *LogContext) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2305,6 +2841,9 @@ func (m *LogContext) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2316,7 +2855,7 @@ func (m *LogContext) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -2346,7 +2885,7 @@ func (m *LogAttr) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2374,7 +2913,7 @@ func (m *LogAttr) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2384,6 +2923,9 @@ func (m *LogAttr) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2403,7 +2945,7 @@ func (m *LogAttr) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2413,6 +2955,9 @@ func (m *LogAttr) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2424,7 +2969,7 @@ func (m *LogAttr) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -2454,7 +2999,7 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2482,7 +3027,7 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2491,6 +3036,9 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2512,7 +3060,7 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2521,11 +3069,14 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Timestamp == nil {
-				m.Timestamp = &google_protobuf.Timestamp{}
+				m.Timestamp = &types.Timestamp{}
 			}
 			if err := m.Timestamp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2545,7 +3096,7 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Stream |= (LogStream(b) & 0x7F) << shift
+				m.Stream |= LogStream(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2564,7 +3115,7 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2573,6 +3124,9 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2595,7 +3149,7 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2604,6 +3158,9 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2618,7 +3175,7 @@ func (m *LogMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -2648,7 +3205,7 @@ func (m *SubscribeLogsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2676,7 +3233,7 @@ func (m *SubscribeLogsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2685,6 +3242,9 @@ func (m *SubscribeLogsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2709,7 +3269,7 @@ func (m *SubscribeLogsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2718,6 +3278,9 @@ func (m *SubscribeLogsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2734,7 +3297,7 @@ func (m *SubscribeLogsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -2764,7 +3327,7 @@ func (m *SubscribeLogsMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2792,7 +3355,7 @@ func (m *SubscribeLogsMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2801,6 +3364,9 @@ func (m *SubscribeLogsMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2815,7 +3381,7 @@ func (m *SubscribeLogsMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -2845,7 +3411,7 @@ func (m *ListenSubscriptionsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2865,7 +3431,7 @@ func (m *ListenSubscriptionsRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -2895,7 +3461,7 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2923,7 +3489,7 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2933,6 +3499,9 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2952,7 +3521,7 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2961,6 +3530,9 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2985,7 +3557,7 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2994,6 +3566,9 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3018,7 +3593,7 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3030,7 +3605,7 @@ func (m *SubscriptionMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -3060,7 +3635,7 @@ func (m *PublishLogsMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3088,7 +3663,7 @@ func (m *PublishLogsMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3098,6 +3673,9 @@ func (m *PublishLogsMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3117,7 +3695,7 @@ func (m *PublishLogsMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3126,6 +3704,9 @@ func (m *PublishLogsMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthLogbroker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthLogbroker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3148,7 +3729,7 @@ func (m *PublishLogsMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3160,7 +3741,7 @@ func (m *PublishLogsMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -3190,7 +3771,7 @@ func (m *PublishLogsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3210,7 +3791,7 @@ func (m *PublishLogsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthLogbroker
 			}
 			if (iNdEx + skippy) > l {
@@ -3228,6 +3809,7 @@ func (m *PublishLogsResponse) Unmarshal(dAtA []byte) error {
 func skipLogbroker(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -3259,10 +3841,8 @@ func skipLogbroker(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -3279,122 +3859,34 @@ func skipLogbroker(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthLogbroker
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowLogbroker
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipLogbroker(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupLogbroker
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthLogbroker
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthLogbroker = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowLogbroker   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthLogbroker        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowLogbroker          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupLogbroker = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/docker/swarmkit/api/logbroker.proto", fileDescriptorLogbroker)
-}
-
-var fileDescriptorLogbroker = []byte{
-	// 966 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x95, 0x41, 0x6f, 0x1b, 0x45,
-	0x14, 0xc7, 0x3d, 0xeb, 0xc4, 0x8e, 0x9f, 0x9b, 0xc4, 0x9d, 0xa4, 0x91, 0x65, 0xa8, 0x6d, 0x6d,
-	0xa5, 0x62, 0x45, 0x65, 0xdd, 0x1a, 0xa1, 0x22, 0x45, 0x42, 0xd4, 0xb8, 0x42, 0x16, 0x6e, 0x82,
-	0xc6, 0x8e, 0xe0, 0x16, 0xad, 0xbd, 0xd3, 0xed, 0xca, 0xeb, 0x1d, 0xb3, 0x33, 0x4e, 0x40, 0xe2,
-	0xc0, 0xa1, 0x48, 0x28, 0x07, 0x6e, 0x48, 0x70, 0xe8, 0x89, 0x5e, 0x10, 0x12, 0x17, 0x6e, 0x7c,
-	0x00, 0x14, 0x71, 0xe2, 0xc8, 0xc9, 0xa2, 0xfb, 0x01, 0xf8, 0x0c, 0x68, 0x67, 0xd6, 0xeb, 0x0d,
-	0xb6, 0x53, 0x54, 0x2e, 0xf6, 0x8c, 0xe7, 0xf7, 0xf6, 0xfd, 0xdf, 0x7f, 0xde, 0x5b, 0x83, 0x61,
-	0x3b, 0xe2, 0xc9, 0xa4, 0x6f, 0x0c, 0xd8, 0xa8, 0x6e, 0xb1, 0xc1, 0x90, 0xfa, 0x75, 0x7e, 0x66,
-	0xfa, 0xa3, 0xa1, 0x23, 0xea, 0xe6, 0xd8, 0xa9, 0xbb, 0xcc, 0xee, 0xfb, 0x6c, 0x48, 0x7d, 0x63,
-	0xec, 0x33, 0xc1, 0x30, 0x56, 0x90, 0x31, 0x83, 0x8c, 0xd3, 0x7b, 0xa5, 0x5d, 0x9b, 0xd9, 0x4c,
-	0x1e, 0xd7, 0xc3, 0x95, 0x22, 0x4b, 0x15, 0x9b, 0x31, 0xdb, 0xa5, 0x75, 0xb9, 0xeb, 0x4f, 0x1e,
-	0xd7, 0x85, 0x33, 0xa2, 0x5c, 0x98, 0xa3, 0x71, 0x04, 0xdc, 0xbf, 0x22, 0x75, 0x1c, 0x34, 0x76,
-	0x27, 0xb6, 0xe3, 0x45, 0x5f, 0x2a, 0x50, 0xff, 0x05, 0xc1, 0x5e, 0x87, 0xd9, 0xdd, 0x49, 0x9f,
-	0x0f, 0x7c, 0x67, 0x2c, 0x1c, 0xe6, 0x1d, 0xc9, 0x4f, 0x8e, 0x0f, 0x20, 0xcb, 0x85, 0x4f, 0xcd,
-	0x11, 0x2f, 0xa2, 0x6a, 0xba, 0xb6, 0xd5, 0xb8, 0x69, 0x2c, 0x0a, 0x36, 0xc2, 0x60, 0x49, 0x35,
-	0xb5, 0x42, 0x8a, 0xcc, 0x22, 0xf0, 0x1e, 0x64, 0x1e, 0x33, 0xd7, 0x65, 0x67, 0x45, 0xad, 0x8a,
-	0x6a, 0x1b, 0x24, 0xda, 0x61, 0x0c, 0x6b, 0xc2, 0x74, 0xdc, 0x62, 0xba, 0x8a, 0x6a, 0x69, 0x22,
-	0xd7, 0xf8, 0x2e, 0xac, 0x73, 0xc7, 0x1b, 0xd0, 0xe2, 0x5a, 0x15, 0xd5, 0xf2, 0x8d, 0x92, 0xa1,
-	0xaa, 0x35, 0x66, 0xc2, 0x8d, 0xde, 0xac, 0x5a, 0xa2, 0x40, 0xfd, 0x1b, 0x04, 0xf9, 0x30, 0x31,
-	0x75, 0xe9, 0x40, 0x30, 0x1f, 0xd7, 0x21, 0xcf, 0xa9, 0x7f, 0xea, 0x0c, 0xe8, 0x89, 0x63, 0x29,
-	0xb9, 0xb9, 0xe6, 0x56, 0x30, 0xad, 0x40, 0x57, 0xfd, 0xdc, 0x6e, 0x71, 0x02, 0x11, 0xd2, 0xb6,
-	0x38, 0xbe, 0x0d, 0x1b, 0x1e, 0xb3, 0x14, 0xad, 0x49, 0x3a, 0x1f, 0x4c, 0x2b, 0xd9, 0x43, 0x66,
-	0x49, 0x34, 0x1b, 0x1e, 0x46, 0x9c, 0x30, 0xf9, 0x50, 0x72, 0xe9, 0x39, 0xd7, 0x33, 0xf9, 0x50,
-	0x72, 0xe1, 0x61, 0xdb, 0xe2, 0xfa, 0x53, 0x04, 0xd0, 0x61, 0xf6, 0xfb, 0xcc, 0x13, 0xf4, 0x33,
-	0x81, 0xef, 0x00, 0xcc, 0xf5, 0x14, 0x51, 0x15, 0xd5, 0x72, 0xcd, 0xcd, 0x60, 0x5a, 0xc9, 0xc5,
-	0x72, 0x48, 0x2e, 0x56, 0x83, 0x6f, 0x41, 0x36, 0x12, 0x23, 0xcd, 0xca, 0x35, 0x21, 0x98, 0x56,
-	0x32, 0x4a, 0x0b, 0xc9, 0x28, 0x29, 0x21, 0x14, 0x29, 0x91, 0xde, 0x45, 0x90, 0x12, 0x42, 0x32,
-	0x4a, 0x87, 0x7e, 0x0f, 0xb2, 0x1d, 0x66, 0x3f, 0x10, 0xc2, 0xc7, 0x05, 0x48, 0x0f, 0xe9, 0xe7,
-	0x2a, 0x37, 0x09, 0x97, 0x78, 0x17, 0xd6, 0x4f, 0x4d, 0x77, 0x42, 0x55, 0x12, 0xa2, 0x36, 0xfa,
-	0xb9, 0x26, 0x95, 0x3f, 0xa2, 0x9c, 0x9b, 0x36, 0xc5, 0xef, 0x42, 0x76, 0xa0, 0x8a, 0x90, 0xa1,
-	0xf9, 0x46, 0x79, 0xc5, 0xa5, 0x47, 0xa5, 0x36, 0xd7, 0x2e, 0xa6, 0x95, 0x14, 0x99, 0x05, 0xe1,
-	0x77, 0x20, 0x17, 0xf7, 0xa6, 0x4c, 0x74, 0xf5, 0x7d, 0xce, 0x61, 0xfc, 0x36, 0x64, 0x54, 0xf3,
-	0xc8, 0xfa, 0x5e, 0xd6, 0x6d, 0x24, 0x82, 0xc3, 0x86, 0xb2, 0x4c, 0x61, 0xca, 0xde, 0xb9, 0x46,
-	0xe4, 0x1a, 0xdf, 0x87, 0x75, 0x53, 0x08, 0x9f, 0x17, 0xd7, 0xab, 0xe9, 0x5a, 0xbe, 0xf1, 0xda,
-	0x8a, 0x27, 0x85, 0x3e, 0x45, 0xfa, 0x15, 0xaf, 0x7f, 0x8f, 0x60, 0x37, 0x1a, 0x85, 0x3e, 0xed,
-	0x30, 0x9b, 0x13, 0xfa, 0xe9, 0x84, 0x72, 0x81, 0x0f, 0x60, 0x83, 0x47, 0xcd, 0x16, 0xf9, 0x52,
-	0x59, 0x25, 0x2f, 0xc2, 0x48, 0x1c, 0x80, 0x5b, 0x90, 0x65, 0x6a, 0xa6, 0x22, 0x47, 0xf6, 0x57,
-	0xc5, 0x2e, 0x4e, 0x21, 0x99, 0x85, 0xea, 0x9f, 0xfc, 0x4b, 0xda, 0xec, 0xc6, 0xde, 0x83, 0x8d,
-	0x91, 0x5a, 0xaa, 0xc6, 0x5f, 0x7d, 0x65, 0x51, 0x44, 0x54, 0x72, 0x1c, 0xa5, 0xbf, 0x0e, 0xa5,
-	0x8e, 0xc3, 0x05, 0xf5, 0x92, 0xf9, 0x67, 0xa5, 0xeb, 0xbf, 0x21, 0xd8, 0x49, 0x1e, 0xcc, 0xf2,
-	0xee, 0x81, 0x16, 0xf7, 0x76, 0x26, 0x98, 0x56, 0xb4, 0x76, 0x8b, 0x68, 0x8e, 0x75, 0xc9, 0x2a,
-	0xed, 0x7f, 0x58, 0x95, 0x7e, 0x65, 0xab, 0xc2, 0x4e, 0x1f, 0xb8, 0x8c, 0xab, 0x17, 0xca, 0x06,
-	0x51, 0x1b, 0xfd, 0x47, 0x04, 0xf8, 0xa3, 0x49, 0xdf, 0x75, 0xf8, 0x93, 0xa4, 0x7f, 0x07, 0xb0,
-	0xcd, 0x13, 0x0f, 0x9b, 0x0f, 0x2c, 0x0e, 0xa6, 0x95, 0xad, 0x64, 0x9e, 0x76, 0x8b, 0x6c, 0x25,
-	0xd1, 0xb6, 0x75, 0xc9, 0x7c, 0xed, 0x55, 0xcc, 0x9f, 0x6b, 0x4d, 0x27, 0xb5, 0xde, 0x80, 0x9d,
-	0x84, 0x54, 0x42, 0xf9, 0x98, 0x79, 0x9c, 0xee, 0x3f, 0x47, 0x90, 0x8b, 0x47, 0x00, 0xdf, 0x01,
-	0xdc, 0x39, 0xfa, 0xe0, 0xa4, 0xdb, 0x23, 0x0f, 0x1f, 0x3c, 0x3a, 0x39, 0x3e, 0xfc, 0xf0, 0xf0,
-	0xe8, 0xe3, 0xc3, 0x42, 0xaa, 0xb4, 0x7b, 0xfe, 0xac, 0x5a, 0x88, 0xb1, 0x63, 0x6f, 0xe8, 0xb1,
-	0x33, 0x0f, 0xef, 0xc3, 0xf5, 0x04, 0xdd, 0xed, 0xb5, 0x8e, 0x8e, 0x7b, 0x05, 0x54, 0xda, 0x39,
-	0x7f, 0x56, 0xdd, 0x8e, 0xe1, 0xae, 0xb0, 0xd8, 0x44, 0x2c, 0xb2, 0x0f, 0x09, 0x29, 0x68, 0x8b,
-	0x2c, 0xf5, 0xfd, 0xd2, 0xf5, 0xaf, 0x7f, 0x28, 0xa7, 0x7e, 0x7d, 0x5e, 0x9e, 0x0b, 0x6b, 0x3c,
-	0x45, 0xb0, 0x16, 0xea, 0xc6, 0x5f, 0xc0, 0xe6, 0xa5, 0x9e, 0xc5, 0xb5, 0x65, 0xee, 0x2c, 0x9b,
-	0xb8, 0xd2, 0xcb, 0xc9, 0xc8, 0x51, 0xfd, 0xc6, 0xef, 0x3f, 0xff, 0xfd, 0x9d, 0xb6, 0x0d, 0x9b,
-	0x92, 0x7c, 0x73, 0x64, 0x7a, 0xa6, 0x4d, 0xfd, 0xbb, 0xa8, 0xf1, 0x93, 0x26, 0xdd, 0x6a, 0xca,
-	0xff, 0x5c, 0xfc, 0x2d, 0x82, 0x9d, 0x25, 0x6d, 0x8e, 0x8d, 0xa5, 0x17, 0xb6, 0x72, 0x1e, 0x4a,
-	0x6f, 0x5c, 0x21, 0x2c, 0x39, 0x20, 0xfa, 0x2d, 0xa9, 0xeb, 0x26, 0x5c, 0x53, 0xba, 0xce, 0x98,
-	0x3f, 0xa4, 0xfe, 0x82, 0x4a, 0xfc, 0x15, 0x82, 0x7c, 0xe2, 0xae, 0xf1, 0xed, 0x65, 0xcf, 0x5f,
-	0xec, 0xdb, 0xe5, 0x3a, 0x96, 0x34, 0xcd, 0x7f, 0xd2, 0x51, 0x43, 0xcd, 0xe2, 0xc5, 0x8b, 0x72,
-	0xea, 0xcf, 0x17, 0xe5, 0xd4, 0x97, 0x41, 0x19, 0x5d, 0x04, 0x65, 0xf4, 0x47, 0x50, 0x46, 0x7f,
-	0x05, 0x65, 0xd4, 0xcf, 0xc8, 0x17, 0xf7, 0x5b, 0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x95, 0x7b,
-	0x3c, 0x04, 0xe0, 0x08, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/objects.pb.go b/vendor/github.com/docker/swarmkit/api/objects.pb.go
index 4200eda49b519..743e6f9003fc6 100644
--- a/vendor/github.com/docker/swarmkit/api/objects.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/objects.pb.go
@@ -3,64 +3,96 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/gogoproto"
-import google_protobuf3 "github.com/gogo/protobuf/types"
-import _ "github.com/docker/swarmkit/protobuf/plugin"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import go_events "github.com/docker/go-events"
-import strings "strings"
-
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	fmt "fmt"
+	github_com_docker_go_events "github.com/docker/go-events"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	_ "github.com/docker/swarmkit/protobuf/plugin"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 // Meta contains metadata about objects. Every object contains a meta field.
 type Meta struct {
 	// Version tracks the current version of the object.
-	Version Version `protobuf:"bytes,1,opt,name=version" json:"version"`
+	Version Version `protobuf:"bytes,1,opt,name=version,proto3" json:"version"`
 	// Object timestamps.
 	// Note: can't use stdtime because these fields are nullable.
-	CreatedAt *google_protobuf.Timestamp `protobuf:"bytes,2,opt,name=created_at,json=createdAt" json:"created_at,omitempty"`
-	UpdatedAt *google_protobuf.Timestamp `protobuf:"bytes,3,opt,name=updated_at,json=updatedAt" json:"updated_at,omitempty"`
+	CreatedAt *types.Timestamp `protobuf:"bytes,2,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt *types.Timestamp `protobuf:"bytes,3,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+}
+
+func (m *Meta) Reset()      { *m = Meta{} }
+func (*Meta) ProtoMessage() {}
+func (*Meta) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{0}
+}
+func (m *Meta) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Meta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Meta.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Meta) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Meta.Merge(m, src)
+}
+func (m *Meta) XXX_Size() int {
+	return m.Size()
+}
+func (m *Meta) XXX_DiscardUnknown() {
+	xxx_messageInfo_Meta.DiscardUnknown(m)
 }
 
-func (m *Meta) Reset()                    { *m = Meta{} }
-func (*Meta) ProtoMessage()               {}
-func (*Meta) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{0} }
+var xxx_messageInfo_Meta proto.InternalMessageInfo
 
 // Node provides the internal node state as seen by the cluster.
 type Node struct {
 	// ID specifies the identity of the node.
 	ID   string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta Meta   `protobuf:"bytes,2,opt,name=meta" json:"meta"`
+	Meta Meta   `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
 	// Spec defines the desired state of the node as specified by the user.
 	// The system will honor this and will *never* modify it.
-	Spec NodeSpec `protobuf:"bytes,3,opt,name=spec" json:"spec"`
+	Spec NodeSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec"`
 	// Description encapsulated the properties of the Node as reported by the
 	// agent.
-	Description *NodeDescription `protobuf:"bytes,4,opt,name=description" json:"description,omitempty"`
+	Description *NodeDescription `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
 	// Status provides the current status of the node, as seen by the manager.
-	Status NodeStatus `protobuf:"bytes,5,opt,name=status" json:"status"`
+	Status NodeStatus `protobuf:"bytes,5,opt,name=status,proto3" json:"status"`
 	// ManagerStatus provides the current status of the node's manager
 	// component, if the node is a manager.
-	ManagerStatus *ManagerStatus `protobuf:"bytes,6,opt,name=manager_status,json=managerStatus" json:"manager_status,omitempty"`
+	ManagerStatus *ManagerStatus `protobuf:"bytes,6,opt,name=manager_status,json=managerStatus,proto3" json:"manager_status,omitempty"`
 	// DEPRECATED: Use Attachments to find the ingress network
 	// The node attachment to the ingress network.
-	Attachment *NetworkAttachment `protobuf:"bytes,7,opt,name=attachment" json:"attachment,omitempty"`
+	Attachment *NetworkAttachment `protobuf:"bytes,7,opt,name=attachment,proto3" json:"attachment,omitempty"` // Deprecated: Do not use.
 	// Certificate is the TLS certificate issued for the node, if any.
-	Certificate Certificate `protobuf:"bytes,8,opt,name=certificate" json:"certificate"`
+	Certificate Certificate `protobuf:"bytes,8,opt,name=certificate,proto3" json:"certificate"`
 	// Role is the *observed* role for this node. It differs from the
 	// desired role set in Node.Spec.Role because the role here is only
 	// updated after the Raft member list has been reconciled with the
@@ -74,56 +106,155 @@ type Node struct {
 	// Attachments enumerates the network attachments for the node to set up an
 	// endpoint on the node to be used for load balancing. Each overlay
 	// network, including ingress network, will have an NetworkAttachment.
-	Attachments []*NetworkAttachment `protobuf:"bytes,10,rep,name=attachments" json:"attachments,omitempty"`
+	Attachments []*NetworkAttachment `protobuf:"bytes,10,rep,name=attachments,proto3" json:"attachments,omitempty"`
+	// VXLANUDPPort specifies the UDP port for VXLAN traffic.
+	// This information is passed from cluster object to individual nodes.
+	VXLANUDPPort uint32 `protobuf:"varint,11,opt,name=VXLANUDPPort,proto3" json:"VXLANUDPPort,omitempty"`
+}
+
+func (m *Node) Reset()      { *m = Node{} }
+func (*Node) ProtoMessage() {}
+func (*Node) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{1}
+}
+func (m *Node) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Node) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Node.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Node) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Node.Merge(m, src)
+}
+func (m *Node) XXX_Size() int {
+	return m.Size()
+}
+func (m *Node) XXX_DiscardUnknown() {
+	xxx_messageInfo_Node.DiscardUnknown(m)
 }
 
-func (m *Node) Reset()                    { *m = Node{} }
-func (*Node) ProtoMessage()               {}
-func (*Node) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{1} }
+var xxx_messageInfo_Node proto.InternalMessageInfo
 
 type Service struct {
 	ID   string      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta Meta        `protobuf:"bytes,2,opt,name=meta" json:"meta"`
-	Spec ServiceSpec `protobuf:"bytes,3,opt,name=spec" json:"spec"`
+	Meta Meta        `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
+	Spec ServiceSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec"`
 	// SpecVersion versions Spec, to identify changes in the spec. Note that
 	// this is not directly comparable to the service's Version.
-	SpecVersion *Version `protobuf:"bytes,10,opt,name=spec_version,json=specVersion" json:"spec_version,omitempty"`
+	SpecVersion *Version `protobuf:"bytes,10,opt,name=spec_version,json=specVersion,proto3" json:"spec_version,omitempty"`
 	// PreviousSpec is the previous service spec that was in place before
 	// "Spec".
-	PreviousSpec *ServiceSpec `protobuf:"bytes,6,opt,name=previous_spec,json=previousSpec" json:"previous_spec,omitempty"`
+	PreviousSpec *ServiceSpec `protobuf:"bytes,6,opt,name=previous_spec,json=previousSpec,proto3" json:"previous_spec,omitempty"`
 	// PreviousSpecVersion versions PreviousSpec. Note that this is not
 	// directly comparable to the service's Version.
-	PreviousSpecVersion *Version `protobuf:"bytes,11,opt,name=previous_spec_version,json=previousSpecVersion" json:"previous_spec_version,omitempty"`
+	PreviousSpecVersion *Version `protobuf:"bytes,11,opt,name=previous_spec_version,json=previousSpecVersion,proto3" json:"previous_spec_version,omitempty"`
 	// Runtime state of service endpoint. This may be different
 	// from the spec version because the user may not have entered
 	// the optional fields like node_port or virtual_ip and it
 	// could be auto allocated by the system.
-	Endpoint *Endpoint `protobuf:"bytes,4,opt,name=endpoint" json:"endpoint,omitempty"`
+	Endpoint *Endpoint `protobuf:"bytes,4,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
 	// UpdateStatus contains the status of an update, if one is in
 	// progress.
-	UpdateStatus *UpdateStatus `protobuf:"bytes,5,opt,name=update_status,json=updateStatus" json:"update_status,omitempty"`
+	UpdateStatus *UpdateStatus `protobuf:"bytes,5,opt,name=update_status,json=updateStatus,proto3" json:"update_status,omitempty"`
+	// JobStatus contains the status of a Service that is in one of the Job
+	// modes. It is absent on Replicated and Global services.
+	JobStatus *JobStatus `protobuf:"bytes,12,opt,name=job_status,json=jobStatus,proto3" json:"job_status,omitempty"`
+	// PendingDelete indicates that this service's deletion has been requested.
+	// Services, as well as all service-level resources, can only be deleted
+	// after all of the service's containers have properly shut down.
+	// When a user requests a deletion, we just flip this flag
+	// the deallocator will take it from there - it will start monitoring
+	// this service's tasks, and proceed to delete the service itself (and
+	// potentially its associated resources also marked for deletion) when
+	// all of its tasks are gone
+	PendingDelete bool `protobuf:"varint,7,opt,name=pending_delete,json=pendingDelete,proto3" json:"pending_delete,omitempty"`
+}
+
+func (m *Service) Reset()      { *m = Service{} }
+func (*Service) ProtoMessage() {}
+func (*Service) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{2}
+}
+func (m *Service) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Service) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Service.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Service) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Service.Merge(m, src)
+}
+func (m *Service) XXX_Size() int {
+	return m.Size()
+}
+func (m *Service) XXX_DiscardUnknown() {
+	xxx_messageInfo_Service.DiscardUnknown(m)
 }
 
-func (m *Service) Reset()                    { *m = Service{} }
-func (*Service) ProtoMessage()               {}
-func (*Service) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{2} }
+var xxx_messageInfo_Service proto.InternalMessageInfo
 
 // Endpoint specified all the network parameters required to
 // correctly discover and load balance a service
 type Endpoint struct {
-	Spec *EndpointSpec `protobuf:"bytes,1,opt,name=spec" json:"spec,omitempty"`
+	Spec *EndpointSpec `protobuf:"bytes,1,opt,name=spec,proto3" json:"spec,omitempty"`
 	// Runtime state of the exposed ports which may carry
 	// auto-allocated swarm ports in addition to the user
 	// configured information.
-	Ports []*PortConfig `protobuf:"bytes,2,rep,name=ports" json:"ports,omitempty"`
+	Ports []*PortConfig `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"`
 	// VirtualIPs specifies the IP addresses under which this endpoint will be
 	// made available.
-	VirtualIPs []*Endpoint_VirtualIP `protobuf:"bytes,3,rep,name=virtual_ips,json=virtualIps" json:"virtual_ips,omitempty"`
+	VirtualIPs []*Endpoint_VirtualIP `protobuf:"bytes,3,rep,name=virtual_ips,json=virtualIps,proto3" json:"virtual_ips,omitempty"`
+}
+
+func (m *Endpoint) Reset()      { *m = Endpoint{} }
+func (*Endpoint) ProtoMessage() {}
+func (*Endpoint) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{3}
+}
+func (m *Endpoint) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Endpoint) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Endpoint.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Endpoint) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Endpoint.Merge(m, src)
+}
+func (m *Endpoint) XXX_Size() int {
+	return m.Size()
+}
+func (m *Endpoint) XXX_DiscardUnknown() {
+	xxx_messageInfo_Endpoint.DiscardUnknown(m)
 }
 
-func (m *Endpoint) Reset()                    { *m = Endpoint{} }
-func (*Endpoint) ProtoMessage()               {}
-func (*Endpoint) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{3} }
+var xxx_messageInfo_Endpoint proto.InternalMessageInfo
 
 // VirtualIP specifies a set of networks this endpoint will be attached to
 // and the IP addresses the target service will be made available under.
@@ -141,23 +272,51 @@ type Endpoint_VirtualIP struct {
 	Addr string `protobuf:"bytes,2,opt,name=addr,proto3" json:"addr,omitempty"`
 }
 
-func (m *Endpoint_VirtualIP) Reset()                    { *m = Endpoint_VirtualIP{} }
-func (*Endpoint_VirtualIP) ProtoMessage()               {}
-func (*Endpoint_VirtualIP) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{3, 0} }
+func (m *Endpoint_VirtualIP) Reset()      { *m = Endpoint_VirtualIP{} }
+func (*Endpoint_VirtualIP) ProtoMessage() {}
+func (*Endpoint_VirtualIP) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{3, 0}
+}
+func (m *Endpoint_VirtualIP) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Endpoint_VirtualIP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Endpoint_VirtualIP.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Endpoint_VirtualIP) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Endpoint_VirtualIP.Merge(m, src)
+}
+func (m *Endpoint_VirtualIP) XXX_Size() int {
+	return m.Size()
+}
+func (m *Endpoint_VirtualIP) XXX_DiscardUnknown() {
+	xxx_messageInfo_Endpoint_VirtualIP.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Endpoint_VirtualIP proto.InternalMessageInfo
 
 // Task specifies the parameters for implementing a Spec. A task is effectively
 // immutable and idempotent. Once it is dispatched to a node, it will not be
 // dispatched to another node.
 type Task struct {
 	ID   string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta Meta   `protobuf:"bytes,2,opt,name=meta" json:"meta"`
+	Meta Meta   `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
 	// Spec defines the desired state of the task as specified by the user.
 	// The system will honor this and will *never* modify it.
-	Spec TaskSpec `protobuf:"bytes,3,opt,name=spec" json:"spec"`
+	Spec TaskSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec"`
 	// SpecVersion is copied from Service, to identify which version of the
 	// spec this task has. Note that this is not directly comparable to the
 	// service's Version.
-	SpecVersion *Version `protobuf:"bytes,14,opt,name=spec_version,json=specVersion" json:"spec_version,omitempty"`
+	SpecVersion *Version `protobuf:"bytes,14,opt,name=spec_version,json=specVersion,proto3" json:"spec_version,omitempty"`
 	// ServiceID indicates the service under which this task is orchestrated. This
 	// should almost always be set.
 	ServiceID string `protobuf:"bytes,4,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"`
@@ -176,24 +335,24 @@ type Task struct {
 	//
 	// NOTE(stevvooe): The preserves the ability for us to making naming
 	// decisions for tasks in orchestrator, albeit, this is left empty for now.
-	Annotations Annotations `protobuf:"bytes,7,opt,name=annotations" json:"annotations"`
+	Annotations Annotations `protobuf:"bytes,7,opt,name=annotations,proto3" json:"annotations"`
 	// ServiceAnnotations is a direct copy of the service name and labels when
 	// this task is created.
 	//
 	// Labels set here will *not* be propagated to the runtime target, such as a
 	// container. Use labels on the runtime target for that purpose.
-	ServiceAnnotations Annotations `protobuf:"bytes,8,opt,name=service_annotations,json=serviceAnnotations" json:"service_annotations"`
-	Status             TaskStatus  `protobuf:"bytes,9,opt,name=status" json:"status"`
+	ServiceAnnotations Annotations `protobuf:"bytes,8,opt,name=service_annotations,json=serviceAnnotations,proto3" json:"service_annotations"`
+	Status             TaskStatus  `protobuf:"bytes,9,opt,name=status,proto3" json:"status"`
 	// DesiredState is the target state for the task. It is set to
 	// TaskStateRunning when a task is first created, and changed to
 	// TaskStateShutdown if the manager wants to terminate the task. This field
 	// is only written by the manager.
 	DesiredState TaskState `protobuf:"varint,10,opt,name=desired_state,json=desiredState,proto3,enum=docker.swarmkit.v1.TaskState" json:"desired_state,omitempty"`
 	// List of network attachments by the task.
-	Networks []*NetworkAttachment `protobuf:"bytes,11,rep,name=networks" json:"networks,omitempty"`
+	Networks []*NetworkAttachment `protobuf:"bytes,11,rep,name=networks,proto3" json:"networks,omitempty"`
 	// A copy of runtime state of service endpoint from Service
 	// object to be distributed to agents as part of the task.
-	Endpoint *Endpoint `protobuf:"bytes,12,opt,name=endpoint" json:"endpoint,omitempty"`
+	Endpoint *Endpoint `protobuf:"bytes,12,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
 	// LogDriver specifies the selected log driver to use for the task. Agent
 	// processes should always favor the value in this field.
 	//
@@ -202,13 +361,44 @@ type Task struct {
 	// such a cluster default or policy-based value.
 	//
 	// If not present, the daemon's default will be used.
-	LogDriver                *Driver            `protobuf:"bytes,13,opt,name=log_driver,json=logDriver" json:"log_driver,omitempty"`
-	AssignedGenericResources []*GenericResource `protobuf:"bytes,15,rep,name=assigned_generic_resources,json=assignedGenericResources" json:"assigned_generic_resources,omitempty"`
+	LogDriver                *Driver            `protobuf:"bytes,13,opt,name=log_driver,json=logDriver,proto3" json:"log_driver,omitempty"`
+	AssignedGenericResources []*GenericResource `protobuf:"bytes,15,rep,name=assigned_generic_resources,json=assignedGenericResources,proto3" json:"assigned_generic_resources,omitempty"`
+	// JobIteration is the iteration number of the Job-mode Service that this
+	// task belongs to.
+	JobIteration *Version `protobuf:"bytes,16,opt,name=job_iteration,json=jobIteration,proto3" json:"job_iteration,omitempty"`
+}
+
+func (m *Task) Reset()      { *m = Task{} }
+func (*Task) ProtoMessage() {}
+func (*Task) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{4}
+}
+func (m *Task) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Task) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Task.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Task) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Task.Merge(m, src)
+}
+func (m *Task) XXX_Size() int {
+	return m.Size()
+}
+func (m *Task) XXX_DiscardUnknown() {
+	xxx_messageInfo_Task.DiscardUnknown(m)
 }
 
-func (m *Task) Reset()                    { *m = Task{} }
-func (*Task) ProtoMessage()               {}
-func (*Task) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{4} }
+var xxx_messageInfo_Task proto.InternalMessageInfo
 
 // NetworkAttachment specifies the network parameters of attachment to
 // a single network by an object such as task or node.
@@ -216,45 +406,114 @@ type NetworkAttachment struct {
 	// Network state as a whole becomes part of the object so that
 	// it always is available for use in agents so that agents
 	// don't have any other dependency during execution.
-	Network *Network `protobuf:"bytes,1,opt,name=network" json:"network,omitempty"`
+	Network *Network `protobuf:"bytes,1,opt,name=network,proto3" json:"network,omitempty"`
 	// List of IPv4/IPv6 addresses that are assigned to the object
 	// as part of getting attached to this network.
-	Addresses []string `protobuf:"bytes,2,rep,name=addresses" json:"addresses,omitempty"`
+	Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"`
 	// List of aliases by which a task is resolved in a network
-	Aliases []string `protobuf:"bytes,3,rep,name=aliases" json:"aliases,omitempty"`
+	Aliases []string `protobuf:"bytes,3,rep,name=aliases,proto3" json:"aliases,omitempty"`
 	// Map of all the driver attachment options for this network
-	DriverAttachmentOpts map[string]string `protobuf:"bytes,4,rep,name=driver_attachment_opts,json=driverAttachmentOpts" json:"driver_attachment_opts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	DriverAttachmentOpts map[string]string `protobuf:"bytes,4,rep,name=driver_attachment_opts,json=driverAttachmentOpts,proto3" json:"driver_attachment_opts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (m *NetworkAttachment) Reset()      { *m = NetworkAttachment{} }
+func (*NetworkAttachment) ProtoMessage() {}
+func (*NetworkAttachment) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{5}
+}
+func (m *NetworkAttachment) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NetworkAttachment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NetworkAttachment.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NetworkAttachment) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NetworkAttachment.Merge(m, src)
+}
+func (m *NetworkAttachment) XXX_Size() int {
+	return m.Size()
+}
+func (m *NetworkAttachment) XXX_DiscardUnknown() {
+	xxx_messageInfo_NetworkAttachment.DiscardUnknown(m)
 }
 
-func (m *NetworkAttachment) Reset()                    { *m = NetworkAttachment{} }
-func (*NetworkAttachment) ProtoMessage()               {}
-func (*NetworkAttachment) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{5} }
+var xxx_messageInfo_NetworkAttachment proto.InternalMessageInfo
 
 type Network struct {
 	ID   string      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta Meta        `protobuf:"bytes,2,opt,name=meta" json:"meta"`
-	Spec NetworkSpec `protobuf:"bytes,3,opt,name=spec" json:"spec"`
+	Meta Meta        `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
+	Spec NetworkSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec"`
 	// Driver specific operational state provided by the network driver.
-	DriverState *Driver `protobuf:"bytes,4,opt,name=driver_state,json=driverState" json:"driver_state,omitempty"`
+	DriverState *Driver `protobuf:"bytes,4,opt,name=driver_state,json=driverState,proto3" json:"driver_state,omitempty"`
 	// Runtime state of IPAM options. This may not reflect the
 	// ipam options from NetworkSpec.
-	IPAM *IPAMOptions `protobuf:"bytes,5,opt,name=ipam" json:"ipam,omitempty"`
+	IPAM *IPAMOptions `protobuf:"bytes,5,opt,name=ipam,proto3" json:"ipam,omitempty"`
+	// PendingDelete indicates that this network's deletion has been requested.
+	// Services, as well as all service-level resources, can only be deleted
+	// after all the service's containers have properly shut down
+	// when a user requests a deletion, we just flip this flag
+	// the deallocator will take it from there
+	// PendingDelete indicates that this network's deletion has been requested.
+	// Services, as well as all service-level resources, can only be deleted
+	// after all of the service's containers have properly shut down.
+	// When a user requests a deletion of this network, we just flip this flag
+	// the deallocator will take it from there - it will start monitoring
+	// the services that still use this service, and proceed to delete
+	// this network when all of these services are gone
+	PendingDelete bool `protobuf:"varint,6,opt,name=pending_delete,json=pendingDelete,proto3" json:"pending_delete,omitempty"`
+}
+
+func (m *Network) Reset()      { *m = Network{} }
+func (*Network) ProtoMessage() {}
+func (*Network) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{6}
+}
+func (m *Network) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Network) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Network.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Network) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Network.Merge(m, src)
+}
+func (m *Network) XXX_Size() int {
+	return m.Size()
+}
+func (m *Network) XXX_DiscardUnknown() {
+	xxx_messageInfo_Network.DiscardUnknown(m)
 }
 
-func (m *Network) Reset()                    { *m = Network{} }
-func (*Network) ProtoMessage()               {}
-func (*Network) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{6} }
+var xxx_messageInfo_Network proto.InternalMessageInfo
 
 // Cluster provides global cluster settings.
 type Cluster struct {
 	ID   string      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta Meta        `protobuf:"bytes,2,opt,name=meta" json:"meta"`
-	Spec ClusterSpec `protobuf:"bytes,3,opt,name=spec" json:"spec"`
+	Meta Meta        `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
+	Spec ClusterSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec"`
 	// RootCA contains key material for the root CA.
-	RootCA RootCA `protobuf:"bytes,4,opt,name=root_ca,json=rootCa" json:"root_ca"`
+	RootCA RootCA `protobuf:"bytes,4,opt,name=root_ca,json=rootCa,proto3" json:"root_ca"`
 	// Symmetric encryption key distributed by the lead manager. Used by agents
 	// for securing network bootstrapping and communication.
-	NetworkBootstrapKeys []*EncryptionKey `protobuf:"bytes,5,rep,name=network_bootstrap_keys,json=networkBootstrapKeys" json:"network_bootstrap_keys,omitempty"`
+	NetworkBootstrapKeys []*EncryptionKey `protobuf:"bytes,5,rep,name=network_bootstrap_keys,json=networkBootstrapKeys,proto3" json:"network_bootstrap_keys,omitempty"`
 	// Logical clock used to timestamp every key.  It allows other managers
 	// and agents to unambiguously identify the older key to be deleted when
 	// a new key is allocated on key rotation.
@@ -262,13 +521,13 @@ type Cluster struct {
 	// BlacklistedCertificates tracks certificates that should no longer
 	// be honored. It's a mapping from CN -> BlacklistedCertificate.
 	// swarm. Their certificates should effectively be blacklisted.
-	BlacklistedCertificates map[string]*BlacklistedCertificate `protobuf:"bytes,8,rep,name=blacklisted_certificates,json=blacklistedCertificates" json:"blacklisted_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value"`
+	BlacklistedCertificates map[string]*BlacklistedCertificate `protobuf:"bytes,8,rep,name=blacklisted_certificates,json=blacklistedCertificates,proto3" json:"blacklisted_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// UnlockKeys defines the keys that lock node data at rest.  For example,
 	// this would contain the key encrypting key (KEK) that will encrypt the
 	// manager TLS keys at rest and the raft encryption keys at rest.
 	// If the key is empty, the node will be unlocked (will not require a key
 	// to start up from a shut down state).
-	UnlockKeys []*EncryptionKey `protobuf:"bytes,9,rep,name=unlock_keys,json=unlockKeys" json:"unlock_keys,omitempty"`
+	UnlockKeys []*EncryptionKey `protobuf:"bytes,9,rep,name=unlock_keys,json=unlockKeys,proto3" json:"unlock_keys,omitempty"`
 	// FIPS specifies whether this cluster should be in FIPS mode.  This changes
 	// the format of the join tokens, and nodes that are not FIPS-enabled should
 	// reject joining the cluster.  Nodes that report themselves to be non-FIPS
@@ -277,78 +536,220 @@ type Cluster struct {
 	// This field specifies default subnet pools for global scope networks. If
 	// unspecified, Docker will use the predefined subnets as it works on older releases.
 	// Format Example : {"20.20.0.0/16",""20.20.0.0/16"}
-	DefaultAddressPool []string `protobuf:"bytes,11,rep,name=defaultAddressPool" json:"defaultAddressPool,omitempty"`
+	DefaultAddressPool []string `protobuf:"bytes,11,rep,name=defaultAddressPool,proto3" json:"defaultAddressPool,omitempty"`
 	// This flag specifies the default subnet size of global scope networks by giving
 	// the length of the subnet masks for every such network
 	SubnetSize uint32 `protobuf:"varint,12,opt,name=subnetSize,proto3" json:"subnetSize,omitempty"`
+	// VXLANUDPPort specifies the UDP port for VXLAN traffic.
+	VXLANUDPPort uint32 `protobuf:"varint,13,opt,name=VXLANUDPPort,proto3" json:"VXLANUDPPort,omitempty"`
+}
+
+func (m *Cluster) Reset()      { *m = Cluster{} }
+func (*Cluster) ProtoMessage() {}
+func (*Cluster) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{7}
+}
+func (m *Cluster) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Cluster) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Cluster.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Cluster) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Cluster.Merge(m, src)
+}
+func (m *Cluster) XXX_Size() int {
+	return m.Size()
+}
+func (m *Cluster) XXX_DiscardUnknown() {
+	xxx_messageInfo_Cluster.DiscardUnknown(m)
 }
 
-func (m *Cluster) Reset()                    { *m = Cluster{} }
-func (*Cluster) ProtoMessage()               {}
-func (*Cluster) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{7} }
+var xxx_messageInfo_Cluster proto.InternalMessageInfo
 
 // Secret represents a secret that should be passed to a container or a node,
 // and is immutable.
 type Secret struct {
 	ID   string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta Meta   `protobuf:"bytes,2,opt,name=meta" json:"meta"`
+	Meta Meta   `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
 	// Spec contains the actual secret data, as well as any context around the
 	// secret data that the user provides.
-	Spec SecretSpec `protobuf:"bytes,3,opt,name=spec" json:"spec"`
+	Spec SecretSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec"`
 	// Whether the secret is an internal secret (not set by a user) or not.
 	Internal bool `protobuf:"varint,4,opt,name=internal,proto3" json:"internal,omitempty"`
 }
 
-func (m *Secret) Reset()                    { *m = Secret{} }
-func (*Secret) ProtoMessage()               {}
-func (*Secret) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{8} }
+func (m *Secret) Reset()      { *m = Secret{} }
+func (*Secret) ProtoMessage() {}
+func (*Secret) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{8}
+}
+func (m *Secret) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Secret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Secret.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Secret) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Secret.Merge(m, src)
+}
+func (m *Secret) XXX_Size() int {
+	return m.Size()
+}
+func (m *Secret) XXX_DiscardUnknown() {
+	xxx_messageInfo_Secret.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Secret proto.InternalMessageInfo
 
 // Config represents a set of configuration files that should be passed to a
 // container.
 type Config struct {
 	ID   string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta Meta   `protobuf:"bytes,2,opt,name=meta" json:"meta"`
+	Meta Meta   `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
 	// Spec contains the actual config data, as well as any context around the
 	// config data that the user provides.
-	Spec ConfigSpec `protobuf:"bytes,3,opt,name=spec" json:"spec"`
+	Spec ConfigSpec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec"`
+}
+
+func (m *Config) Reset()      { *m = Config{} }
+func (*Config) ProtoMessage() {}
+func (*Config) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{9}
+}
+func (m *Config) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Config.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Config) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Config.Merge(m, src)
+}
+func (m *Config) XXX_Size() int {
+	return m.Size()
+}
+func (m *Config) XXX_DiscardUnknown() {
+	xxx_messageInfo_Config.DiscardUnknown(m)
 }
 
-func (m *Config) Reset()                    { *m = Config{} }
-func (*Config) ProtoMessage()               {}
-func (*Config) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{9} }
+var xxx_messageInfo_Config proto.InternalMessageInfo
 
 // Resource is a top-level object with externally defined content and indexing.
 // SwarmKit can serve as a store for these objects without understanding their
 // meanings.
 type Resource struct {
 	ID          string      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta        Meta        `protobuf:"bytes,2,opt,name=meta" json:"meta"`
-	Annotations Annotations `protobuf:"bytes,3,opt,name=annotations" json:"annotations"`
+	Meta        Meta        `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
+	Annotations Annotations `protobuf:"bytes,3,opt,name=annotations,proto3" json:"annotations"`
 	// Kind identifies this class of object. It is essentially a namespace
 	// to keep IDs or indices from colliding between unrelated Resource
 	// objects. This must correspond to the name of an Extension.
 	Kind string `protobuf:"bytes,4,opt,name=kind,proto3" json:"kind,omitempty"`
 	// Payload bytes. This data is not interpreted in any way by SwarmKit.
 	// By convention, it should be a marshalled protocol buffers message.
-	Payload *google_protobuf3.Any `protobuf:"bytes,5,opt,name=payload" json:"payload,omitempty"`
+	Payload *types.Any `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"`
+}
+
+func (m *Resource) Reset()      { *m = Resource{} }
+func (*Resource) ProtoMessage() {}
+func (*Resource) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{10}
+}
+func (m *Resource) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Resource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Resource.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Resource) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Resource.Merge(m, src)
+}
+func (m *Resource) XXX_Size() int {
+	return m.Size()
+}
+func (m *Resource) XXX_DiscardUnknown() {
+	xxx_messageInfo_Resource.DiscardUnknown(m)
 }
 
-func (m *Resource) Reset()                    { *m = Resource{} }
-func (*Resource) ProtoMessage()               {}
-func (*Resource) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{10} }
+var xxx_messageInfo_Resource proto.InternalMessageInfo
 
 // Extension declares a type of "resource" object. This message provides some
 // metadata about the objects.
 type Extension struct {
 	ID          string      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Meta        Meta        `protobuf:"bytes,2,opt,name=meta" json:"meta"`
-	Annotations Annotations `protobuf:"bytes,3,opt,name=annotations" json:"annotations"`
+	Meta        Meta        `protobuf:"bytes,2,opt,name=meta,proto3" json:"meta"`
+	Annotations Annotations `protobuf:"bytes,3,opt,name=annotations,proto3" json:"annotations"`
 	Description string      `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
 }
 
-func (m *Extension) Reset()                    { *m = Extension{} }
-func (*Extension) ProtoMessage()               {}
-func (*Extension) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{11} }
+func (m *Extension) Reset()      { *m = Extension{} }
+func (*Extension) ProtoMessage() {}
+func (*Extension) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6218a23329ef342d, []int{11}
+}
+func (m *Extension) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Extension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Extension.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Extension) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Extension.Merge(m, src)
+}
+func (m *Extension) XXX_Size() int {
+	return m.Size()
+}
+func (m *Extension) XXX_DiscardUnknown() {
+	xxx_messageInfo_Extension.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Extension proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*Meta)(nil), "docker.swarmkit.v1.Meta")
@@ -358,14 +759,131 @@ func init() {
 	proto.RegisterType((*Endpoint_VirtualIP)(nil), "docker.swarmkit.v1.Endpoint.VirtualIP")
 	proto.RegisterType((*Task)(nil), "docker.swarmkit.v1.Task")
 	proto.RegisterType((*NetworkAttachment)(nil), "docker.swarmkit.v1.NetworkAttachment")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.NetworkAttachment.DriverAttachmentOptsEntry")
 	proto.RegisterType((*Network)(nil), "docker.swarmkit.v1.Network")
 	proto.RegisterType((*Cluster)(nil), "docker.swarmkit.v1.Cluster")
+	proto.RegisterMapType((map[string]*BlacklistedCertificate)(nil), "docker.swarmkit.v1.Cluster.BlacklistedCertificatesEntry")
 	proto.RegisterType((*Secret)(nil), "docker.swarmkit.v1.Secret")
 	proto.RegisterType((*Config)(nil), "docker.swarmkit.v1.Config")
 	proto.RegisterType((*Resource)(nil), "docker.swarmkit.v1.Resource")
 	proto.RegisterType((*Extension)(nil), "docker.swarmkit.v1.Extension")
 }
 
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/objects.proto", fileDescriptor_6218a23329ef342d)
+}
+
+var fileDescriptor_6218a23329ef342d = []byte{
+	// 1700 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x73, 0x1b, 0x49,
+	0x15, 0xf7, 0xc8, 0x13, 0x49, 0xf3, 0xf4, 0x81, 0xe9, 0x35, 0x66, 0x62, 0x8c, 0x6c, 0xb4, 0x2c,
+	0x95, 0xda, 0x4a, 0xc9, 0x4b, 0x58, 0xc0, 0x31, 0xbb, 0x6c, 0x24, 0xdb, 0x64, 0xc5, 0x6e, 0x36,
+	0xae, 0xf6, 0x6e, 0x76, 0x6f, 0x43, 0x6b, 0xa6, 0xad, 0x4c, 0x34, 0x9a, 0x9e, 0x9a, 0x6e, 0x69,
+	0x11, 0x27, 0xce, 0x39, 0x71, 0xcb, 0x8d, 0x03, 0xc5, 0x3f, 0xc1, 0x85, 0x03, 0x07, 0x2a, 0x1c,
+	0xa8, 0xda, 0x13, 0x95, 0x93, 0x8b, 0x28, 0x7f, 0x05, 0x37, 0xaa, 0x7b, 0x7a, 0xa4, 0x71, 0x34,
+	0xb6, 0x1c, 0x2a, 0x95, 0xe2, 0xa4, 0xfe, 0xf8, 0xfd, 0x5e, 0xbf, 0xf7, 0xe6, 0x7d, 0x74, 0x0b,
+	0x6e, 0xf6, 0x7d, 0xf1, 0x70, 0xd4, 0x6b, 0xb9, 0x6c, 0xb8, 0xeb, 0x31, 0x77, 0x40, 0xe3, 0x5d,
+	0xfe, 0x35, 0x89, 0x87, 0x03, 0x5f, 0xec, 0x92, 0xc8, 0xdf, 0x65, 0xbd, 0x47, 0xd4, 0x15, 0xbc,
+	0x15, 0xc5, 0x4c, 0x30, 0x84, 0x12, 0x48, 0x2b, 0x85, 0xb4, 0xc6, 0x3f, 0xde, 0x7c, 0x77, 0x89,
+	0x04, 0x31, 0x89, 0xa8, 0xe6, 0x2f, 0xc5, 0xf2, 0x88, 0xba, 0x29, 0x76, 0xbb, 0xcf, 0x58, 0x3f,
+	0xa0, 0xbb, 0x6a, 0xd6, 0x1b, 0x9d, 0xee, 0x0a, 0x7f, 0x48, 0xb9, 0x20, 0xc3, 0x48, 0x03, 0xd6,
+	0xfb, 0xac, 0xcf, 0xd4, 0x70, 0x57, 0x8e, 0xf4, 0xea, 0xf5, 0x97, 0x69, 0x24, 0x9c, 0xe8, 0xad,
+	0x9f, 0x5f, 0x72, 0xfa, 0x0c, 0x1e, 0x05, 0xa3, 0xbe, 0x1f, 0xea, 0x9f, 0x84, 0xd8, 0xfc, 0x8b,
+	0x01, 0xe6, 0x3d, 0x2a, 0x08, 0xfa, 0x05, 0x94, 0xc6, 0x34, 0xe6, 0x3e, 0x0b, 0x6d, 0x63, 0xc7,
+	0xb8, 0x51, 0xb9, 0xf5, 0xbd, 0xd6, 0xa2, 0x47, 0x5a, 0x0f, 0x12, 0x48, 0xc7, 0x7c, 0x7a, 0xb6,
+	0xbd, 0x82, 0x53, 0x06, 0xba, 0x0d, 0xe0, 0xc6, 0x94, 0x08, 0xea, 0x39, 0x44, 0xd8, 0x05, 0xc5,
+	0xdf, 0x6c, 0x25, 0xea, 0xb6, 0xd2, 0xf3, 0x5b, 0x9f, 0xa7, 0x56, 0x62, 0x4b, 0xa3, 0xdb, 0x42,
+	0x52, 0x47, 0x91, 0x97, 0x52, 0x57, 0x97, 0x53, 0x35, 0xba, 0x2d, 0x9a, 0x7f, 0xbe, 0x06, 0xe6,
+	0x67, 0xcc, 0xa3, 0x68, 0x03, 0x0a, 0xbe, 0xa7, 0xd4, 0xb6, 0x3a, 0xc5, 0xe9, 0xd9, 0x76, 0xa1,
+	0x7b, 0x88, 0x0b, 0xbe, 0x87, 0x6e, 0x81, 0x39, 0xa4, 0x82, 0x68, 0x85, 0xec, 0x3c, 0x83, 0xa4,
+	0xed, 0xda, 0x1a, 0x85, 0x45, 0x3f, 0x03, 0x53, 0x7e, 0x2a, 0xad, 0xc9, 0x56, 0x1e, 0x47, 0x9e,
+	0x79, 0x12, 0x51, 0x37, 0xe5, 0x49, 0x3c, 0x3a, 0x82, 0x8a, 0x47, 0xb9, 0x1b, 0xfb, 0x91, 0x90,
+	0x3e, 0x34, 0x15, 0xfd, 0xed, 0x8b, 0xe8, 0x87, 0x73, 0x28, 0xce, 0xf2, 0xd0, 0x07, 0x50, 0xe4,
+	0x82, 0x88, 0x11, 0xb7, 0xaf, 0x29, 0x09, 0x8d, 0x0b, 0x15, 0x50, 0x28, 0xad, 0x82, 0xe6, 0xa0,
+	0x8f, 0xa1, 0x3e, 0x24, 0x21, 0xe9, 0xd3, 0xd8, 0xd1, 0x52, 0x8a, 0x4a, 0xca, 0x0f, 0x72, 0x4d,
+	0x4f, 0x90, 0x89, 0x20, 0x5c, 0x1b, 0x66, 0xa7, 0xa8, 0x0b, 0x40, 0x84, 0x20, 0xee, 0xc3, 0x21,
+	0x0d, 0x85, 0x5d, 0x52, 0x52, 0xde, 0xc9, 0xd5, 0x85, 0x8a, 0xaf, 0x59, 0x3c, 0x68, 0xcf, 0xc0,
+	0x9d, 0x82, 0x6d, 0xe0, 0x0c, 0x19, 0xdd, 0x85, 0x8a, 0x4b, 0x63, 0xe1, 0x9f, 0xfa, 0x2e, 0x11,
+	0xd4, 0x2e, 0x2b, 0x59, 0xdb, 0x79, 0xb2, 0x0e, 0xe6, 0x30, 0x6d, 0x58, 0x96, 0x89, 0xde, 0x03,
+	0x33, 0x66, 0x01, 0xb5, 0xad, 0x1d, 0xe3, 0x46, 0xfd, 0xe2, 0x4f, 0x83, 0x59, 0x40, 0xb1, 0x42,
+	0xca, 0xa3, 0xe7, 0x8a, 0x70, 0x1b, 0x76, 0x56, 0xaf, 0x6c, 0x06, 0xce, 0x32, 0x51, 0x13, 0xaa,
+	0x0f, 0xbe, 0xfa, 0xb4, 0xfd, 0xd9, 0x17, 0x87, 0xc7, 0xc7, 0x2c, 0x16, 0x76, 0x65, 0xc7, 0xb8,
+	0x51, 0xc3, 0xe7, 0xd6, 0xf6, 0x37, 0x1e, 0x3f, 0x69, 0x22, 0x58, 0x2b, 0x1b, 0x6b, 0x86, 0x8a,
+	0x45, 0xe3, 0x3d, 0xe3, 0x2b, 0xe3, 0x37, 0x46, 0xf3, 0xb9, 0x09, 0xa5, 0x13, 0x1a, 0x8f, 0x7d,
+	0xf7, 0xf5, 0x46, 0xea, 0xed, 0x73, 0x91, 0x9a, 0xeb, 0x50, 0x7d, 0xec, 0x42, 0xb0, 0xfe, 0x12,
+	0xaa, 0xf2, 0xd7, 0x49, 0x33, 0x1e, 0x96, 0x66, 0x3c, 0xae, 0x48, 0x82, 0x9e, 0xa0, 0x43, 0xa8,
+	0x45, 0x31, 0x1d, 0xfb, 0x6c, 0xc4, 0x1d, 0xa5, 0x43, 0xf1, 0x4a, 0x3a, 0xe0, 0x6a, 0xca, 0x92,
+	0x33, 0x74, 0x1f, 0xbe, 0x73, 0x4e, 0xca, 0x4c, 0x9d, 0xca, 0x72, 0x75, 0xde, 0xca, 0x4a, 0x4a,
+	0xd5, 0xda, 0x83, 0x32, 0x0d, 0xbd, 0x88, 0xf9, 0xa1, 0xd0, 0x09, 0x98, 0x1b, 0x24, 0x47, 0x1a,
+	0x83, 0x67, 0x68, 0x74, 0x04, 0xb5, 0xa4, 0xae, 0x38, 0xe7, 0xb2, 0x6f, 0x27, 0x8f, 0xfe, 0x85,
+	0x02, 0xea, 0xb4, 0xa9, 0x8e, 0x32, 0x33, 0xf4, 0x01, 0xc0, 0x23, 0xd6, 0x4b, 0x65, 0x54, 0x95,
+	0x8c, 0xef, 0xe7, 0xc9, 0xf8, 0x35, 0xeb, 0x69, 0x01, 0xd6, 0xa3, 0x74, 0x88, 0xde, 0x81, 0x7a,
+	0x44, 0x43, 0xcf, 0x0f, 0xfb, 0x8e, 0x47, 0x03, 0x2a, 0xa8, 0xca, 0xbb, 0x32, 0xae, 0xe9, 0xd5,
+	0x43, 0xb5, 0xb8, 0x8f, 0x1e, 0x3f, 0x69, 0xd6, 0xa1, 0x9a, 0x8d, 0xb3, 0xe6, 0x1f, 0x0b, 0x50,
+	0x4e, 0xcd, 0x42, 0xef, 0xeb, 0xc0, 0x30, 0x2e, 0xb6, 0x21, 0xc5, 0xaa, 0xaf, 0x92, 0xc4, 0xc4,
+	0xfb, 0x70, 0x2d, 0x62, 0xb1, 0xe0, 0x76, 0x41, 0x65, 0x49, 0x6e, 0xe1, 0x91, 0x71, 0x7e, 0xc0,
+	0xc2, 0x53, 0xbf, 0x8f, 0x13, 0x30, 0xfa, 0x12, 0x2a, 0x63, 0x3f, 0x16, 0x23, 0x12, 0x38, 0x7e,
+	0xc4, 0xed, 0x55, 0xc5, 0xfd, 0xd1, 0x65, 0x47, 0xb6, 0x1e, 0x24, 0xf8, 0xee, 0x71, 0xa7, 0x3e,
+	0x3d, 0xdb, 0x86, 0xd9, 0x94, 0x63, 0xd0, 0xa2, 0xba, 0x11, 0xdf, 0xbc, 0x07, 0xd6, 0x6c, 0x07,
+	0xdd, 0x04, 0x08, 0x93, 0x04, 0x75, 0x66, 0xe9, 0x53, 0x9b, 0x9e, 0x6d, 0x5b, 0x3a, 0x6d, 0xbb,
+	0x87, 0xd8, 0xd2, 0x80, 0xae, 0x87, 0x10, 0x98, 0xc4, 0xf3, 0x62, 0x95, 0x4c, 0x16, 0x56, 0xe3,
+	0xe6, 0x3f, 0x4b, 0x60, 0x7e, 0x4e, 0xf8, 0xe0, 0x4d, 0xf7, 0x0a, 0x79, 0xe6, 0xd2, 0xf4, 0xab,
+	0xbf, 0x62, 0xfa, 0xdd, 0x04, 0xe0, 0x49, 0x56, 0x49, 0x77, 0x98, 0x73, 0x77, 0xe8, 0x5c, 0x93,
+	0xee, 0xd0, 0x80, 0xc4, 0x1d, 0x3c, 0x60, 0x42, 0x85, 0xb4, 0x89, 0xd5, 0x18, 0xbd, 0x0d, 0xa5,
+	0x90, 0x79, 0x8a, 0x5e, 0x54, 0x74, 0x98, 0x9e, 0x6d, 0x17, 0x65, 0xf5, 0xec, 0x1e, 0xe2, 0xa2,
+	0xdc, 0xea, 0x7a, 0xaa, 0x7a, 0x86, 0x21, 0x13, 0x44, 0x76, 0x26, 0xae, 0x9b, 0x40, 0x6e, 0x8e,
+	0xb7, 0xe7, 0xb0, 0xb4, 0x70, 0x67, 0x98, 0xe8, 0x01, 0xbc, 0x95, 0xea, 0x9b, 0x15, 0x58, 0x7e,
+	0x15, 0x81, 0x48, 0x4b, 0xc8, 0xec, 0x64, 0x9a, 0xa5, 0x75, 0x71, 0xb3, 0x54, 0x5f, 0x20, 0xaf,
+	0x59, 0x76, 0xa0, 0xe6, 0x51, 0xee, 0xc7, 0xd4, 0x53, 0x09, 0x4b, 0x55, 0x15, 0xac, 0xe7, 0xe7,
+	0x6b, 0x2a, 0x84, 0xe2, 0xaa, 0xe6, 0xa8, 0x19, 0x6a, 0x43, 0x59, 0xc7, 0x1d, 0xb7, 0x2b, 0xaf,
+	0xd2, 0x5d, 0x66, 0xb4, 0x73, 0x45, 0xab, 0xfa, 0x4a, 0x45, 0xeb, 0x36, 0x40, 0xc0, 0xfa, 0x8e,
+	0x17, 0xfb, 0x63, 0x1a, 0xdb, 0x35, 0x7d, 0x75, 0xca, 0xe1, 0x1e, 0x2a, 0x04, 0xb6, 0x02, 0xd6,
+	0x4f, 0x86, 0x88, 0xc0, 0x26, 0xe1, 0xdc, 0xef, 0x87, 0xd4, 0x73, 0xfa, 0x34, 0xa4, 0xb1, 0xef,
+	0x3a, 0x31, 0xe5, 0x6c, 0x14, 0xbb, 0x94, 0xdb, 0xdf, 0x52, 0x96, 0xe4, 0x5e, 0x5e, 0xee, 0x26,
+	0x60, 0xac, 0xb1, 0xd8, 0x4e, 0xc5, 0xbc, 0xb4, 0xc1, 0xd1, 0x1d, 0xa8, 0xc9, 0x5a, 0xe8, 0x0b,
+	0x1a, 0xab, 0xcf, 0x65, 0xaf, 0x2d, 0x8f, 0xf2, 0xea, 0x23, 0xd6, 0xeb, 0xa6, 0x84, 0xfd, 0xcd,
+	0xc7, 0x4f, 0x9a, 0x1b, 0xb0, 0x9e, 0x2d, 0x74, 0x7b, 0xc6, 0x1d, 0xe3, 0x63, 0xe3, 0xd8, 0x68,
+	0xfe, 0xad, 0x00, 0xdf, 0x5e, 0xf0, 0x2a, 0xfa, 0x29, 0x94, 0xb4, 0x5f, 0x2f, 0xbb, 0xc4, 0x6a,
+	0x1e, 0x4e, 0xb1, 0x68, 0x0b, 0x2c, 0x59, 0x24, 0x28, 0xe7, 0x34, 0x29, 0x7f, 0x16, 0x9e, 0x2f,
+	0x20, 0x1b, 0x4a, 0x24, 0xf0, 0x89, 0xdc, 0x5b, 0x55, 0x7b, 0xe9, 0x14, 0x8d, 0x60, 0x23, 0x71,
+	0xbe, 0x33, 0xbf, 0x2b, 0x38, 0x2c, 0x12, 0xdc, 0x36, 0x95, 0x07, 0x3f, 0xba, 0x52, 0x2c, 0xe8,
+	0xcf, 0x33, 0x5f, 0xb8, 0x1f, 0x09, 0x7e, 0x14, 0x8a, 0x78, 0x82, 0xd7, 0xbd, 0x9c, 0xad, 0xcd,
+	0xbb, 0x70, 0xfd, 0x42, 0x0a, 0x5a, 0x83, 0xd5, 0x01, 0x9d, 0x24, 0x05, 0x0e, 0xcb, 0x21, 0x5a,
+	0x87, 0x6b, 0x63, 0x12, 0x8c, 0xa8, 0xae, 0x87, 0xc9, 0x64, 0xbf, 0xb0, 0x67, 0x34, 0xff, 0x51,
+	0x80, 0x92, 0x56, 0xe7, 0x4d, 0xdf, 0x4c, 0xf4, 0xb1, 0x0b, 0xa5, 0xf1, 0x43, 0xa8, 0x6a, 0x97,
+	0x26, 0x39, 0x69, 0x2e, 0x8d, 0xea, 0x4a, 0x82, 0x4f, 0xf2, 0xf1, 0x43, 0x30, 0xfd, 0x88, 0x0c,
+	0x75, 0xfb, 0xce, 0x3d, 0xb9, 0x7b, 0xdc, 0xbe, 0x77, 0x3f, 0x4a, 0x4a, 0x4b, 0x79, 0x7a, 0xb6,
+	0x6d, 0xca, 0x05, 0xac, 0x68, 0x39, 0x1d, 0xb8, 0x78, 0xd5, 0x0e, 0xfc, 0xf7, 0x22, 0x94, 0x0e,
+	0x82, 0x11, 0x17, 0x34, 0x7e, 0xd3, 0xbe, 0xd4, 0xc7, 0x2e, 0xf8, 0xf2, 0x00, 0x4a, 0x31, 0x63,
+	0xc2, 0x71, 0xc9, 0x65, 0x6e, 0xc4, 0x8c, 0x89, 0x83, 0x76, 0xa7, 0x2e, 0x89, 0xb2, 0x09, 0x24,
+	0x73, 0x5c, 0x94, 0xd4, 0x03, 0x82, 0xbe, 0x84, 0x8d, 0xb4, 0xf5, 0xf6, 0x18, 0x13, 0x5c, 0xc4,
+	0x24, 0x72, 0x06, 0x74, 0x22, 0xaf, 0x48, 0xab, 0x17, 0x3d, 0x2d, 0x8e, 0x42, 0x37, 0x9e, 0x28,
+	0x1f, 0x7f, 0x42, 0x27, 0x78, 0x5d, 0x0b, 0xe8, 0xa4, 0xfc, 0x4f, 0xe8, 0x84, 0xa3, 0x8f, 0x60,
+	0x8b, 0xce, 0x60, 0x52, 0xa2, 0x13, 0x90, 0xa1, 0xbc, 0x54, 0x38, 0x6e, 0xc0, 0xdc, 0x81, 0xf2,
+	0xbc, 0x89, 0xaf, 0xd3, 0xac, 0xa8, 0x4f, 0x13, 0xc4, 0x81, 0x04, 0x20, 0x0e, 0x76, 0x2f, 0x20,
+	0xee, 0x20, 0xf0, 0xb9, 0x7c, 0x3d, 0x66, 0x5e, 0x0a, 0xb2, 0xb5, 0x48, 0xdd, 0xf6, 0x2e, 0xf1,
+	0x56, 0xab, 0x33, 0xe7, 0x66, 0xde, 0x1d, 0x3a, 0xf1, 0xbe, 0xdb, 0xcb, 0xdf, 0x45, 0x1d, 0xa8,
+	0x8c, 0x42, 0x79, 0x7c, 0xe2, 0x03, 0xeb, 0xaa, 0x3e, 0x80, 0x84, 0xa5, 0x2c, 0xdf, 0x02, 0xf3,
+	0x54, 0x5e, 0x96, 0x64, 0xbf, 0x29, 0x27, 0x31, 0xf8, 0xab, 0xee, 0xf1, 0x09, 0x56, 0xab, 0xa8,
+	0x05, 0xc8, 0xa3, 0xa7, 0x64, 0x14, 0x88, 0x76, 0x52, 0x82, 0x8e, 0x19, 0x0b, 0x54, 0x73, 0xb1,
+	0x70, 0xce, 0x0e, 0x6a, 0x00, 0xf0, 0x51, 0x2f, 0xa4, 0xe2, 0xc4, 0xff, 0x1d, 0x55, 0x1d, 0xa4,
+	0x86, 0x33, 0x2b, 0x0b, 0x4f, 0x97, 0xda, 0xe2, 0xd3, 0x65, 0x73, 0x0c, 0x5b, 0x97, 0xb9, 0x23,
+	0xa7, 0xa8, 0xdc, 0xc9, 0x16, 0x95, 0xca, 0xad, 0x77, 0xf3, 0x3c, 0x90, 0x2f, 0x32, 0x53, 0x80,
+	0x72, 0x13, 0xe9, 0xaf, 0x06, 0x14, 0x4f, 0xa8, 0x1b, 0x53, 0xf1, 0x5a, 0xf3, 0x68, 0xef, 0x5c,
+	0x1e, 0x35, 0xf2, 0x5f, 0x2a, 0xf2, 0xd4, 0x85, 0x34, 0xda, 0x84, 0xb2, 0x1f, 0x0a, 0x1a, 0x87,
+	0x24, 0x50, 0x79, 0x54, 0xc6, 0xb3, 0x79, 0xae, 0x01, 0x7f, 0x32, 0xa0, 0x98, 0x5c, 0x92, 0xdf,
+	0xb4, 0x01, 0xc9, 0xa9, 0x2f, 0x1b, 0x90, 0xab, 0xe4, 0x7f, 0x0c, 0x28, 0xa7, 0xbd, 0xfa, 0xb5,
+	0xaa, 0xf9, 0xd2, 0xa5, 0x71, 0xf5, 0x7f, 0xbe, 0x34, 0x22, 0x30, 0x07, 0x7e, 0xa8, 0xaf, 0xb7,
+	0x58, 0x8d, 0x51, 0x0b, 0x4a, 0x11, 0x99, 0x04, 0x8c, 0x78, 0xba, 0xc2, 0xaf, 0x2f, 0xfc, 0x53,
+	0xd4, 0x0e, 0x27, 0x38, 0x05, 0xed, 0xaf, 0x3f, 0x7e, 0xd2, 0x5c, 0x83, 0x7a, 0xd6, 0xf2, 0x87,
+	0x46, 0xf3, 0x5f, 0x06, 0x58, 0x47, 0xbf, 0x15, 0x34, 0x54, 0x97, 0xe9, 0xff, 0x4b, 0xe3, 0x77,
+	0x16, 0xff, 0x4d, 0xb2, 0xce, 0xfd, 0x51, 0x94, 0xf7, 0x51, 0x3b, 0x3f, 0x7c, 0xfa, 0xbc, 0xb1,
+	0xf2, 0xec, 0x79, 0x63, 0xe5, 0xf7, 0xd3, 0x86, 0xf1, 0x74, 0xda, 0x30, 0xbe, 0x99, 0x36, 0x8c,
+	0x7f, 0x4f, 0x1b, 0xc6, 0x1f, 0x5e, 0x34, 0x56, 0xbe, 0x79, 0xd1, 0x58, 0x79, 0xf6, 0xa2, 0xb1,
+	0xd2, 0x2b, 0x2a, 0x5f, 0xfd, 0xe4, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x9e, 0xda, 0xee, 0xd3,
+	0x20, 0x15, 0x00, 0x00,
+}
+
 func (m *Meta) Copy() *Meta {
 	if m == nil {
 		return nil
@@ -379,14 +897,14 @@ func (m *Meta) CopyFrom(src interface{}) {
 
 	o := src.(*Meta)
 	*m = *o
-	deepcopy.Copy(&m.Version, &o.Version)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Version, &o.Version)
 	if o.CreatedAt != nil {
-		m.CreatedAt = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.CreatedAt, o.CreatedAt)
+		m.CreatedAt = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.CreatedAt, o.CreatedAt)
 	}
 	if o.UpdatedAt != nil {
-		m.UpdatedAt = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.UpdatedAt, o.UpdatedAt)
+		m.UpdatedAt = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.UpdatedAt, o.UpdatedAt)
 	}
 }
 
@@ -403,27 +921,27 @@ func (m *Node) CopyFrom(src interface{}) {
 
 	o := src.(*Node)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Spec, &o.Spec)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Spec, &o.Spec)
 	if o.Description != nil {
 		m.Description = &NodeDescription{}
-		deepcopy.Copy(m.Description, o.Description)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Description, o.Description)
 	}
-	deepcopy.Copy(&m.Status, &o.Status)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Status, &o.Status)
 	if o.ManagerStatus != nil {
 		m.ManagerStatus = &ManagerStatus{}
-		deepcopy.Copy(m.ManagerStatus, o.ManagerStatus)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.ManagerStatus, o.ManagerStatus)
 	}
 	if o.Attachment != nil {
 		m.Attachment = &NetworkAttachment{}
-		deepcopy.Copy(m.Attachment, o.Attachment)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Attachment, o.Attachment)
 	}
-	deepcopy.Copy(&m.Certificate, &o.Certificate)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Certificate, &o.Certificate)
 	if o.Attachments != nil {
 		m.Attachments = make([]*NetworkAttachment, len(o.Attachments))
 		for i := range m.Attachments {
 			m.Attachments[i] = &NetworkAttachment{}
-			deepcopy.Copy(m.Attachments[i], o.Attachments[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Attachments[i], o.Attachments[i])
 		}
 	}
 
@@ -442,27 +960,31 @@ func (m *Service) CopyFrom(src interface{}) {
 
 	o := src.(*Service)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Spec, &o.Spec)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Spec, &o.Spec)
 	if o.SpecVersion != nil {
 		m.SpecVersion = &Version{}
-		deepcopy.Copy(m.SpecVersion, o.SpecVersion)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.SpecVersion, o.SpecVersion)
 	}
 	if o.PreviousSpec != nil {
 		m.PreviousSpec = &ServiceSpec{}
-		deepcopy.Copy(m.PreviousSpec, o.PreviousSpec)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.PreviousSpec, o.PreviousSpec)
 	}
 	if o.PreviousSpecVersion != nil {
 		m.PreviousSpecVersion = &Version{}
-		deepcopy.Copy(m.PreviousSpecVersion, o.PreviousSpecVersion)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.PreviousSpecVersion, o.PreviousSpecVersion)
 	}
 	if o.Endpoint != nil {
 		m.Endpoint = &Endpoint{}
-		deepcopy.Copy(m.Endpoint, o.Endpoint)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Endpoint, o.Endpoint)
 	}
 	if o.UpdateStatus != nil {
 		m.UpdateStatus = &UpdateStatus{}
-		deepcopy.Copy(m.UpdateStatus, o.UpdateStatus)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.UpdateStatus, o.UpdateStatus)
+	}
+	if o.JobStatus != nil {
+		m.JobStatus = &JobStatus{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.JobStatus, o.JobStatus)
 	}
 }
 
@@ -481,13 +1003,13 @@ func (m *Endpoint) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Spec != nil {
 		m.Spec = &EndpointSpec{}
-		deepcopy.Copy(m.Spec, o.Spec)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Spec, o.Spec)
 	}
 	if o.Ports != nil {
 		m.Ports = make([]*PortConfig, len(o.Ports))
 		for i := range m.Ports {
 			m.Ports[i] = &PortConfig{}
-			deepcopy.Copy(m.Ports[i], o.Ports[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Ports[i], o.Ports[i])
 		}
 	}
 
@@ -495,7 +1017,7 @@ func (m *Endpoint) CopyFrom(src interface{}) {
 		m.VirtualIPs = make([]*Endpoint_VirtualIP, len(o.VirtualIPs))
 		for i := range m.VirtualIPs {
 			m.VirtualIPs[i] = &Endpoint_VirtualIP{}
-			deepcopy.Copy(m.VirtualIPs[i], o.VirtualIPs[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.VirtualIPs[i], o.VirtualIPs[i])
 		}
 	}
 
@@ -529,39 +1051,43 @@ func (m *Task) CopyFrom(src interface{}) {
 
 	o := src.(*Task)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Spec, &o.Spec)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Spec, &o.Spec)
 	if o.SpecVersion != nil {
 		m.SpecVersion = &Version{}
-		deepcopy.Copy(m.SpecVersion, o.SpecVersion)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.SpecVersion, o.SpecVersion)
 	}
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
-	deepcopy.Copy(&m.ServiceAnnotations, &o.ServiceAnnotations)
-	deepcopy.Copy(&m.Status, &o.Status)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.ServiceAnnotations, &o.ServiceAnnotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Status, &o.Status)
 	if o.Networks != nil {
 		m.Networks = make([]*NetworkAttachment, len(o.Networks))
 		for i := range m.Networks {
 			m.Networks[i] = &NetworkAttachment{}
-			deepcopy.Copy(m.Networks[i], o.Networks[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Networks[i], o.Networks[i])
 		}
 	}
 
 	if o.Endpoint != nil {
 		m.Endpoint = &Endpoint{}
-		deepcopy.Copy(m.Endpoint, o.Endpoint)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Endpoint, o.Endpoint)
 	}
 	if o.LogDriver != nil {
 		m.LogDriver = &Driver{}
-		deepcopy.Copy(m.LogDriver, o.LogDriver)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.LogDriver, o.LogDriver)
 	}
 	if o.AssignedGenericResources != nil {
 		m.AssignedGenericResources = make([]*GenericResource, len(o.AssignedGenericResources))
 		for i := range m.AssignedGenericResources {
 			m.AssignedGenericResources[i] = &GenericResource{}
-			deepcopy.Copy(m.AssignedGenericResources[i], o.AssignedGenericResources[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.AssignedGenericResources[i], o.AssignedGenericResources[i])
 		}
 	}
 
+	if o.JobIteration != nil {
+		m.JobIteration = &Version{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.JobIteration, o.JobIteration)
+	}
 }
 
 func (m *NetworkAttachment) Copy() *NetworkAttachment {
@@ -579,7 +1105,7 @@ func (m *NetworkAttachment) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Network != nil {
 		m.Network = &Network{}
-		deepcopy.Copy(m.Network, o.Network)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Network, o.Network)
 	}
 	if o.Addresses != nil {
 		m.Addresses = make([]string, len(o.Addresses))
@@ -613,15 +1139,15 @@ func (m *Network) CopyFrom(src interface{}) {
 
 	o := src.(*Network)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Spec, &o.Spec)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Spec, &o.Spec)
 	if o.DriverState != nil {
 		m.DriverState = &Driver{}
-		deepcopy.Copy(m.DriverState, o.DriverState)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.DriverState, o.DriverState)
 	}
 	if o.IPAM != nil {
 		m.IPAM = &IPAMOptions{}
-		deepcopy.Copy(m.IPAM, o.IPAM)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.IPAM, o.IPAM)
 	}
 }
 
@@ -638,14 +1164,14 @@ func (m *Cluster) CopyFrom(src interface{}) {
 
 	o := src.(*Cluster)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Spec, &o.Spec)
-	deepcopy.Copy(&m.RootCA, &o.RootCA)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Spec, &o.Spec)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.RootCA, &o.RootCA)
 	if o.NetworkBootstrapKeys != nil {
 		m.NetworkBootstrapKeys = make([]*EncryptionKey, len(o.NetworkBootstrapKeys))
 		for i := range m.NetworkBootstrapKeys {
 			m.NetworkBootstrapKeys[i] = &EncryptionKey{}
-			deepcopy.Copy(m.NetworkBootstrapKeys[i], o.NetworkBootstrapKeys[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.NetworkBootstrapKeys[i], o.NetworkBootstrapKeys[i])
 		}
 	}
 
@@ -653,7 +1179,7 @@ func (m *Cluster) CopyFrom(src interface{}) {
 		m.BlacklistedCertificates = make(map[string]*BlacklistedCertificate, len(o.BlacklistedCertificates))
 		for k, v := range o.BlacklistedCertificates {
 			m.BlacklistedCertificates[k] = &BlacklistedCertificate{}
-			deepcopy.Copy(m.BlacklistedCertificates[k], v)
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.BlacklistedCertificates[k], v)
 		}
 	}
 
@@ -661,7 +1187,7 @@ func (m *Cluster) CopyFrom(src interface{}) {
 		m.UnlockKeys = make([]*EncryptionKey, len(o.UnlockKeys))
 		for i := range m.UnlockKeys {
 			m.UnlockKeys[i] = &EncryptionKey{}
-			deepcopy.Copy(m.UnlockKeys[i], o.UnlockKeys[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.UnlockKeys[i], o.UnlockKeys[i])
 		}
 	}
 
@@ -685,8 +1211,8 @@ func (m *Secret) CopyFrom(src interface{}) {
 
 	o := src.(*Secret)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Spec, &o.Spec)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Spec, &o.Spec)
 }
 
 func (m *Config) Copy() *Config {
@@ -702,8 +1228,8 @@ func (m *Config) CopyFrom(src interface{}) {
 
 	o := src.(*Config)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Spec, &o.Spec)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Spec, &o.Spec)
 }
 
 func (m *Resource) Copy() *Resource {
@@ -719,11 +1245,11 @@ func (m *Resource) CopyFrom(src interface{}) {
 
 	o := src.(*Resource)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
 	if o.Payload != nil {
-		m.Payload = &google_protobuf3.Any{}
-		deepcopy.Copy(m.Payload, o.Payload)
+		m.Payload = &types.Any{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Payload, o.Payload)
 	}
 }
 
@@ -740,14 +1266,14 @@ func (m *Extension) CopyFrom(src interface{}) {
 
 	o := src.(*Extension)
 	*m = *o
-	deepcopy.Copy(&m.Meta, &o.Meta)
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Meta, &o.Meta)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
 }
 
 func (m *Meta) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -755,45 +1281,56 @@ func (m *Meta) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Meta) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Meta) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Version.Size()))
-	n1, err := m.Version.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.UpdatedAt != nil {
+		{
+			size, err := m.UpdatedAt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	i += n1
 	if m.CreatedAt != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.CreatedAt.Size()))
-		n2, err := m.CreatedAt.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.CreatedAt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.UpdatedAt != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.UpdatedAt.Size()))
-		n3, err := m.UpdatedAt.MarshalTo(dAtA[i:])
+	{
+		size, err := m.Version.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n3
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *Node) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -801,102 +1338,129 @@ func (m *Node) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Node) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Node) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.VXLANUDPPort != 0 {
+		i = encodeVarintObjects(dAtA, i, uint64(m.VXLANUDPPort))
+		i--
+		dAtA[i] = 0x58
 	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n4, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Attachments) > 0 {
+		for iNdEx := len(m.Attachments) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Attachments[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintObjects(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x52
+		}
 	}
-	i += n4
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Spec.Size()))
-	n5, err := m.Spec.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Role != 0 {
+		i = encodeVarintObjects(dAtA, i, uint64(m.Role))
+		i--
+		dAtA[i] = 0x48
 	}
-	i += n5
-	if m.Description != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Description.Size()))
-		n6, err := m.Description.MarshalTo(dAtA[i:])
+	{
+		size, err := m.Certificate.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n6
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	dAtA[i] = 0x2a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Status.Size()))
-	n7, err := m.Status.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	i--
+	dAtA[i] = 0x42
+	if m.Attachment != nil {
+		{
+			size, err := m.Attachment.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x3a
 	}
-	i += n7
 	if m.ManagerStatus != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.ManagerStatus.Size()))
-		n8, err := m.ManagerStatus.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.ManagerStatus.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
 		}
-		i += n8
+		i--
+		dAtA[i] = 0x32
 	}
-	if m.Attachment != nil {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Attachment.Size()))
-		n9, err := m.Attachment.MarshalTo(dAtA[i:])
+	{
+		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n9
-	}
-	dAtA[i] = 0x42
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Certificate.Size()))
-	n10, err := m.Certificate.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n10
-	if m.Role != 0 {
-		dAtA[i] = 0x48
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Role))
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if len(m.Attachments) > 0 {
-		for _, msg := range m.Attachments {
-			dAtA[i] = 0x52
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	i--
+	dAtA[i] = 0x2a
+	if m.Description != nil {
+		{
+			size, err := m.Description.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x1a
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Service) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -904,89 +1468,131 @@ func (m *Service) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Service) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Service) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n11, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n11
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Spec.Size()))
-	n12, err := m.Spec.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.JobStatus != nil {
+		{
+			size, err := m.JobStatus.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x62
 	}
-	i += n12
-	if m.Endpoint != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Endpoint.Size()))
-		n13, err := m.Endpoint.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.PreviousSpecVersion != nil {
+		{
+			size, err := m.PreviousSpecVersion.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
 		}
-		i += n13
+		i--
+		dAtA[i] = 0x5a
 	}
-	if m.UpdateStatus != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.UpdateStatus.Size()))
-		n14, err := m.UpdateStatus.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.SpecVersion != nil {
+		{
+			size, err := m.SpecVersion.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
 		}
-		i += n14
+		i--
+		dAtA[i] = 0x52
+	}
+	if m.PendingDelete {
+		i--
+		if m.PendingDelete {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x38
 	}
 	if m.PreviousSpec != nil {
+		{
+			size, err := m.PreviousSpec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x32
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.PreviousSpec.Size()))
-		n15, err := m.PreviousSpec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	if m.UpdateStatus != nil {
+		{
+			size, err := m.UpdateStatus.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
 		}
-		i += n15
+		i--
+		dAtA[i] = 0x2a
 	}
-	if m.SpecVersion != nil {
-		dAtA[i] = 0x52
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.SpecVersion.Size()))
-		n16, err := m.SpecVersion.MarshalTo(dAtA[i:])
+	if m.Endpoint != nil {
+		{
+			size, err := m.Endpoint.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n16
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if m.PreviousSpecVersion != nil {
-		dAtA[i] = 0x5a
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.PreviousSpecVersion.Size()))
-		n17, err := m.PreviousSpecVersion.MarshalTo(dAtA[i:])
+	i--
+	dAtA[i] = 0x1a
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n17
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *Endpoint) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -994,51 +1600,62 @@ func (m *Endpoint) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Endpoint) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Endpoint) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Spec != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Spec.Size()))
-		n18, err := m.Spec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.VirtualIPs) > 0 {
+		for iNdEx := len(m.VirtualIPs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.VirtualIPs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintObjects(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
 		}
-		i += n18
 	}
 	if len(m.Ports) > 0 {
-		for _, msg := range m.Ports {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Ports) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Ports[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintObjects(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	if len(m.VirtualIPs) > 0 {
-		for _, msg := range m.VirtualIPs {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Spec != nil {
+		{
+			size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Endpoint_VirtualIP) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1046,29 +1663,36 @@ func (m *Endpoint_VirtualIP) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Endpoint_VirtualIP) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Endpoint_VirtualIP) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.NetworkID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.NetworkID)))
-		i += copy(dAtA[i:], m.NetworkID)
-	}
 	if len(m.Addr) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Addr)
+		copy(dAtA[i:], m.Addr)
 		i = encodeVarintObjects(dAtA, i, uint64(len(m.Addr)))
-		i += copy(dAtA[i:], m.Addr)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.NetworkID) > 0 {
+		i -= len(m.NetworkID)
+		copy(dAtA[i:], m.NetworkID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.NetworkID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Task) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1076,139 +1700,181 @@ func (m *Task) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Task) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Task) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n19, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n19
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Spec.Size()))
-	n20, err := m.Spec.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n20
-	if len(m.ServiceID) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ServiceID)))
-		i += copy(dAtA[i:], m.ServiceID)
+	if m.JobIteration != nil {
+		{
+			size, err := m.JobIteration.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x82
 	}
-	if m.Slot != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Slot))
+	if len(m.AssignedGenericResources) > 0 {
+		for iNdEx := len(m.AssignedGenericResources) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.AssignedGenericResources[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintObjects(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x7a
+		}
 	}
-	if len(m.NodeID) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
+	if m.SpecVersion != nil {
+		{
+			size, err := m.SpecVersion.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x72
 	}
-	dAtA[i] = 0x3a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Annotations.Size()))
-	n21, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.LogDriver != nil {
+		{
+			size, err := m.LogDriver.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x6a
 	}
-	i += n21
-	dAtA[i] = 0x42
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.ServiceAnnotations.Size()))
-	n22, err := m.ServiceAnnotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Endpoint != nil {
+		{
+			size, err := m.Endpoint.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x62
 	}
-	i += n22
-	dAtA[i] = 0x4a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Status.Size()))
-	n23, err := m.Status.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Networks) > 0 {
+		for iNdEx := len(m.Networks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Networks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintObjects(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x5a
+		}
 	}
-	i += n23
 	if m.DesiredState != 0 {
-		dAtA[i] = 0x50
-		i++
 		i = encodeVarintObjects(dAtA, i, uint64(m.DesiredState))
+		i--
+		dAtA[i] = 0x50
 	}
-	if len(m.Networks) > 0 {
-		for _, msg := range m.Networks {
-			dAtA[i] = 0x5a
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
+	{
+		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if m.Endpoint != nil {
-		dAtA[i] = 0x62
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Endpoint.Size()))
-		n24, err := m.Endpoint.MarshalTo(dAtA[i:])
+	i--
+	dAtA[i] = 0x4a
+	{
+		size, err := m.ServiceAnnotations.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n24
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if m.LogDriver != nil {
-		dAtA[i] = 0x6a
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.LogDriver.Size()))
-		n25, err := m.LogDriver.MarshalTo(dAtA[i:])
+	i--
+	dAtA[i] = 0x42
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n25
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if m.SpecVersion != nil {
-		dAtA[i] = 0x72
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.SpecVersion.Size()))
-		n26, err := m.SpecVersion.MarshalTo(dAtA[i:])
+	i--
+	dAtA[i] = 0x3a
+	if len(m.NodeID) > 0 {
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.NodeID)))
+		i--
+		dAtA[i] = 0x32
+	}
+	if m.Slot != 0 {
+		i = encodeVarintObjects(dAtA, i, uint64(m.Slot))
+		i--
+		dAtA[i] = 0x28
+	}
+	if len(m.ServiceID) > 0 {
+		i -= len(m.ServiceID)
+		copy(dAtA[i:], m.ServiceID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ServiceID)))
+		i--
+		dAtA[i] = 0x22
+	}
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n26
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if len(m.AssignedGenericResources) > 0 {
-		for _, msg := range m.AssignedGenericResources {
-			dAtA[i] = 0x7a
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
+	i--
+	dAtA[i] = 0x1a
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *NetworkAttachment) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1216,74 +1882,71 @@ func (m *NetworkAttachment) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NetworkAttachment) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NetworkAttachment) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Network != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Network.Size()))
-		n27, err := m.Network.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n27
-	}
-	if len(m.Addresses) > 0 {
-		for _, s := range m.Addresses {
+	if len(m.DriverAttachmentOpts) > 0 {
+		for k := range m.DriverAttachmentOpts {
+			v := m.DriverAttachmentOpts[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintObjects(dAtA, i, uint64(len(v)))
+			i--
 			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintObjects(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintObjects(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x22
 		}
 	}
 	if len(m.Aliases) > 0 {
-		for _, s := range m.Aliases {
+		for iNdEx := len(m.Aliases) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Aliases[iNdEx])
+			copy(dAtA[i:], m.Aliases[iNdEx])
+			i = encodeVarintObjects(dAtA, i, uint64(len(m.Aliases[iNdEx])))
+			i--
 			dAtA[i] = 0x1a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	if len(m.DriverAttachmentOpts) > 0 {
-		for k, _ := range m.DriverAttachmentOpts {
-			dAtA[i] = 0x22
-			i++
-			v := m.DriverAttachmentOpts[k]
-			mapSize := 1 + len(k) + sovObjects(uint64(len(k))) + 1 + len(v) + sovObjects(uint64(len(v)))
-			i = encodeVarintObjects(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+	if len(m.Addresses) > 0 {
+		for iNdEx := len(m.Addresses) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Addresses[iNdEx])
+			copy(dAtA[i:], m.Addresses[iNdEx])
+			i = encodeVarintObjects(dAtA, i, uint64(len(m.Addresses[iNdEx])))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if m.Network != nil {
+		{
+			size, err := m.Network.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *Network) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1291,59 +1954,83 @@ func (m *Network) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Network) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Network) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n28, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.PendingDelete {
+		i--
+		if m.PendingDelete {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x30
 	}
-	i += n28
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Spec.Size()))
-	n29, err := m.Spec.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.IPAM != nil {
+		{
+			size, err := m.IPAM.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	i += n29
 	if m.DriverState != nil {
+		{
+			size, err := m.DriverState.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x22
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.DriverState.Size()))
-		n30, err := m.DriverState.MarshalTo(dAtA[i:])
+	}
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n30
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if m.IPAM != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.IPAM.Size()))
-		n31, err := m.IPAM.MarshalTo(dAtA[i:])
+	i--
+	dAtA[i] = 0x1a
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n31
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *Cluster) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1351,134 +2038,147 @@ func (m *Cluster) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Cluster) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Cluster) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.VXLANUDPPort != 0 {
+		i = encodeVarintObjects(dAtA, i, uint64(m.VXLANUDPPort))
+		i--
+		dAtA[i] = 0x68
 	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n32, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.SubnetSize != 0 {
+		i = encodeVarintObjects(dAtA, i, uint64(m.SubnetSize))
+		i--
+		dAtA[i] = 0x60
 	}
-	i += n32
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Spec.Size()))
-	n33, err := m.Spec.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.DefaultAddressPool) > 0 {
+		for iNdEx := len(m.DefaultAddressPool) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.DefaultAddressPool[iNdEx])
+			copy(dAtA[i:], m.DefaultAddressPool[iNdEx])
+			i = encodeVarintObjects(dAtA, i, uint64(len(m.DefaultAddressPool[iNdEx])))
+			i--
+			dAtA[i] = 0x5a
+		}
 	}
-	i += n33
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.RootCA.Size()))
-	n34, err := m.RootCA.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.FIPS {
+		i--
+		if m.FIPS {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x50
 	}
-	i += n34
-	if len(m.NetworkBootstrapKeys) > 0 {
-		for _, msg := range m.NetworkBootstrapKeys {
-			dAtA[i] = 0x2a
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.UnlockKeys) > 0 {
+		for iNdEx := len(m.UnlockKeys) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.UnlockKeys[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintObjects(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x4a
 		}
 	}
-	if m.EncryptionKeyLamportClock != 0 {
-		dAtA[i] = 0x30
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.EncryptionKeyLamportClock))
-	}
 	if len(m.BlacklistedCertificates) > 0 {
-		for k, _ := range m.BlacklistedCertificates {
-			dAtA[i] = 0x42
-			i++
+		for k := range m.BlacklistedCertificates {
 			v := m.BlacklistedCertificates[k]
-			msgSize := 0
+			baseI := i
 			if v != nil {
-				msgSize = v.Size()
-				msgSize += 1 + sovObjects(uint64(msgSize))
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintObjects(dAtA, i, uint64(size))
+				}
+				i--
+				dAtA[i] = 0x12
 			}
-			mapSize := 1 + len(k) + sovObjects(uint64(len(k))) + msgSize
-			i = encodeVarintObjects(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintObjects(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			if v != nil {
-				dAtA[i] = 0x12
-				i++
-				i = encodeVarintObjects(dAtA, i, uint64(v.Size()))
-				n35, err := v.MarshalTo(dAtA[i:])
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintObjects(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x42
+		}
+	}
+	if m.EncryptionKeyLamportClock != 0 {
+		i = encodeVarintObjects(dAtA, i, uint64(m.EncryptionKeyLamportClock))
+		i--
+		dAtA[i] = 0x30
+	}
+	if len(m.NetworkBootstrapKeys) > 0 {
+		for iNdEx := len(m.NetworkBootstrapKeys) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.NetworkBootstrapKeys[iNdEx].MarshalToSizedBuffer(dAtA[:i])
 				if err != nil {
 					return 0, err
 				}
-				i += n35
+				i -= size
+				i = encodeVarintObjects(dAtA, i, uint64(size))
 			}
+			i--
+			dAtA[i] = 0x2a
 		}
 	}
-	if len(m.UnlockKeys) > 0 {
-		for _, msg := range m.UnlockKeys {
-			dAtA[i] = 0x4a
-			i++
-			i = encodeVarintObjects(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
+	{
+		size, err := m.RootCA.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if m.FIPS {
-		dAtA[i] = 0x50
-		i++
-		if m.FIPS {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
+	i--
+	dAtA[i] = 0x22
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
-		i++
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if len(m.DefaultAddressPool) > 0 {
-		for _, s := range m.DefaultAddressPool {
-			dAtA[i] = 0x5a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	i--
+	dAtA[i] = 0x1a
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	if m.SubnetSize != 0 {
-		dAtA[i] = 0x60
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.SubnetSize))
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Secret) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1486,49 +2186,59 @@ func (m *Secret) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Secret) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Secret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n36, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Internal {
+		i--
+		if m.Internal {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x20
 	}
-	i += n36
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Spec.Size()))
-	n37, err := m.Spec.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	i += n37
-	if m.Internal {
-		dAtA[i] = 0x20
-		i++
-		if m.Internal {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
+	i--
+	dAtA[i] = 0x1a
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
-		i++
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Config) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1536,39 +2246,49 @@ func (m *Config) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Config) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Config) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n38, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	i += n38
+	i--
 	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Spec.Size()))
-	n39, err := m.Spec.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	i += n39
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Resource) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1576,55 +2296,68 @@ func (m *Resource) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Resource) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Resource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n40, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n40
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Annotations.Size()))
-	n41, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Payload != nil {
+		{
+			size, err := m.Payload.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintObjects(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	i += n41
 	if len(m.Kind) > 0 {
-		dAtA[i] = 0x22
-		i++
+		i -= len(m.Kind)
+		copy(dAtA[i:], m.Kind)
 		i = encodeVarintObjects(dAtA, i, uint64(len(m.Kind)))
-		i += copy(dAtA[i:], m.Kind)
+		i--
+		dAtA[i] = 0x22
 	}
-	if m.Payload != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(m.Payload.Size()))
-		n42, err := m.Payload.MarshalTo(dAtA[i:])
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x1a
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n42
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Extension) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1632,52 +2365,67 @@ func (m *Extension) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Extension) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Extension) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if len(m.Description) > 0 {
+		i -= len(m.Description)
+		copy(dAtA[i:], m.Description)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.Description)))
+		i--
+		dAtA[i] = 0x22
 	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Meta.Size()))
-	n43, err := m.Meta.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	i += n43
+	i--
 	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintObjects(dAtA, i, uint64(m.Annotations.Size()))
-	n44, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintObjects(dAtA, i, uint64(size))
 	}
-	i += n44
-	if len(m.Description) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintObjects(dAtA, i, uint64(len(m.Description)))
-		i += copy(dAtA[i:], m.Description)
+	i--
+	dAtA[i] = 0x12
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintObjects(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintObjects(dAtA []byte, offset int, v uint64) int {
+	offset -= sovObjects(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
-
 func (m *Meta) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Version.Size()
@@ -1694,6 +2442,9 @@ func (m *Meta) Size() (n int) {
 }
 
 func (m *Node) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1729,10 +2480,16 @@ func (m *Node) Size() (n int) {
 			n += 1 + l + sovObjects(uint64(l))
 		}
 	}
+	if m.VXLANUDPPort != 0 {
+		n += 1 + sovObjects(uint64(m.VXLANUDPPort))
+	}
 	return n
 }
 
 func (m *Service) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1755,6 +2512,9 @@ func (m *Service) Size() (n int) {
 		l = m.PreviousSpec.Size()
 		n += 1 + l + sovObjects(uint64(l))
 	}
+	if m.PendingDelete {
+		n += 2
+	}
 	if m.SpecVersion != nil {
 		l = m.SpecVersion.Size()
 		n += 1 + l + sovObjects(uint64(l))
@@ -1763,10 +2523,17 @@ func (m *Service) Size() (n int) {
 		l = m.PreviousSpecVersion.Size()
 		n += 1 + l + sovObjects(uint64(l))
 	}
+	if m.JobStatus != nil {
+		l = m.JobStatus.Size()
+		n += 1 + l + sovObjects(uint64(l))
+	}
 	return n
 }
 
 func (m *Endpoint) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Spec != nil {
@@ -1789,6 +2556,9 @@ func (m *Endpoint) Size() (n int) {
 }
 
 func (m *Endpoint_VirtualIP) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.NetworkID)
@@ -1803,6 +2573,9 @@ func (m *Endpoint_VirtualIP) Size() (n int) {
 }
 
 func (m *Task) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1857,10 +2630,17 @@ func (m *Task) Size() (n int) {
 			n += 1 + l + sovObjects(uint64(l))
 		}
 	}
+	if m.JobIteration != nil {
+		l = m.JobIteration.Size()
+		n += 2 + l + sovObjects(uint64(l))
+	}
 	return n
 }
 
 func (m *NetworkAttachment) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Network != nil {
@@ -1891,6 +2671,9 @@ func (m *NetworkAttachment) Size() (n int) {
 }
 
 func (m *Network) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1909,10 +2692,16 @@ func (m *Network) Size() (n int) {
 		l = m.IPAM.Size()
 		n += 1 + l + sovObjects(uint64(l))
 	}
+	if m.PendingDelete {
+		n += 2
+	}
 	return n
 }
 
 func (m *Cluster) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1965,10 +2754,16 @@ func (m *Cluster) Size() (n int) {
 	if m.SubnetSize != 0 {
 		n += 1 + sovObjects(uint64(m.SubnetSize))
 	}
+	if m.VXLANUDPPort != 0 {
+		n += 1 + sovObjects(uint64(m.VXLANUDPPort))
+	}
 	return n
 }
 
 func (m *Secret) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1986,6 +2781,9 @@ func (m *Secret) Size() (n int) {
 }
 
 func (m *Config) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -2000,6 +2798,9 @@ func (m *Config) Size() (n int) {
 }
 
 func (m *Resource) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -2022,6 +2823,9 @@ func (m *Resource) Size() (n int) {
 }
 
 func (m *Extension) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -2040,14 +2844,7 @@ func (m *Extension) Size() (n int) {
 }
 
 func sovObjects(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozObjects(x uint64) (n int) {
 	return sovObjects(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -2064,7 +2861,7 @@ type EventCreateNode struct {
 	Checks []NodeCheckFunc
 }
 
-func (e EventCreateNode) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateNode) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateNode)
 	if !ok {
 		return false
@@ -2092,7 +2889,7 @@ type EventUpdateNode struct {
 	Checks  []NodeCheckFunc
 }
 
-func (e EventUpdateNode) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateNode) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateNode)
 	if !ok {
 		return false
@@ -2119,7 +2916,7 @@ type EventDeleteNode struct {
 	Checks []NodeCheckFunc
 }
 
-func (e EventDeleteNode) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteNode) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteNode)
 	if !ok {
 		return false
@@ -2340,7 +3137,7 @@ type EventCreateService struct {
 	Checks  []ServiceCheckFunc
 }
 
-func (e EventCreateService) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateService) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateService)
 	if !ok {
 		return false
@@ -2368,7 +3165,7 @@ type EventUpdateService struct {
 	Checks     []ServiceCheckFunc
 }
 
-func (e EventUpdateService) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateService) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateService)
 	if !ok {
 		return false
@@ -2395,7 +3192,7 @@ type EventDeleteService struct {
 	Checks  []ServiceCheckFunc
 }
 
-func (e EventDeleteService) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteService) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteService)
 	if !ok {
 		return false
@@ -2586,7 +3383,7 @@ type EventCreateTask struct {
 	Checks []TaskCheckFunc
 }
 
-func (e EventCreateTask) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateTask) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateTask)
 	if !ok {
 		return false
@@ -2614,7 +3411,7 @@ type EventUpdateTask struct {
 	Checks  []TaskCheckFunc
 }
 
-func (e EventUpdateTask) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateTask) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateTask)
 	if !ok {
 		return false
@@ -2641,7 +3438,7 @@ type EventDeleteTask struct {
 	Checks []TaskCheckFunc
 }
 
-func (e EventDeleteTask) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteTask) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteTask)
 	if !ok {
 		return false
@@ -2875,7 +3672,7 @@ type EventCreateNetwork struct {
 	Checks  []NetworkCheckFunc
 }
 
-func (e EventCreateNetwork) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateNetwork) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateNetwork)
 	if !ok {
 		return false
@@ -2903,7 +3700,7 @@ type EventUpdateNetwork struct {
 	Checks     []NetworkCheckFunc
 }
 
-func (e EventUpdateNetwork) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateNetwork) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateNetwork)
 	if !ok {
 		return false
@@ -2930,7 +3727,7 @@ type EventDeleteNetwork struct {
 	Checks  []NetworkCheckFunc
 }
 
-func (e EventDeleteNetwork) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteNetwork) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteNetwork)
 	if !ok {
 		return false
@@ -3121,7 +3918,7 @@ type EventCreateCluster struct {
 	Checks  []ClusterCheckFunc
 }
 
-func (e EventCreateCluster) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateCluster) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateCluster)
 	if !ok {
 		return false
@@ -3149,7 +3946,7 @@ type EventUpdateCluster struct {
 	Checks     []ClusterCheckFunc
 }
 
-func (e EventUpdateCluster) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateCluster) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateCluster)
 	if !ok {
 		return false
@@ -3176,7 +3973,7 @@ type EventDeleteCluster struct {
 	Checks  []ClusterCheckFunc
 }
 
-func (e EventDeleteCluster) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteCluster) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteCluster)
 	if !ok {
 		return false
@@ -3367,7 +4164,7 @@ type EventCreateSecret struct {
 	Checks []SecretCheckFunc
 }
 
-func (e EventCreateSecret) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateSecret) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateSecret)
 	if !ok {
 		return false
@@ -3395,7 +4192,7 @@ type EventUpdateSecret struct {
 	Checks    []SecretCheckFunc
 }
 
-func (e EventUpdateSecret) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateSecret) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateSecret)
 	if !ok {
 		return false
@@ -3422,7 +4219,7 @@ type EventDeleteSecret struct {
 	Checks []SecretCheckFunc
 }
 
-func (e EventDeleteSecret) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteSecret) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteSecret)
 	if !ok {
 		return false
@@ -3613,7 +4410,7 @@ type EventCreateConfig struct {
 	Checks []ConfigCheckFunc
 }
 
-func (e EventCreateConfig) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateConfig) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateConfig)
 	if !ok {
 		return false
@@ -3641,7 +4438,7 @@ type EventUpdateConfig struct {
 	Checks    []ConfigCheckFunc
 }
 
-func (e EventUpdateConfig) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateConfig) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateConfig)
 	if !ok {
 		return false
@@ -3668,7 +4465,7 @@ type EventDeleteConfig struct {
 	Checks []ConfigCheckFunc
 }
 
-func (e EventDeleteConfig) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteConfig) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteConfig)
 	if !ok {
 		return false
@@ -3859,7 +4656,7 @@ type EventCreateResource struct {
 	Checks   []ResourceCheckFunc
 }
 
-func (e EventCreateResource) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateResource) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateResource)
 	if !ok {
 		return false
@@ -3887,7 +4684,7 @@ type EventUpdateResource struct {
 	Checks      []ResourceCheckFunc
 }
 
-func (e EventUpdateResource) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateResource) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateResource)
 	if !ok {
 		return false
@@ -3914,7 +4711,7 @@ type EventDeleteResource struct {
 	Checks   []ResourceCheckFunc
 }
 
-func (e EventDeleteResource) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteResource) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteResource)
 	if !ok {
 		return false
@@ -4111,7 +4908,7 @@ type EventCreateExtension struct {
 	Checks    []ExtensionCheckFunc
 }
 
-func (e EventCreateExtension) Matches(apiEvent go_events.Event) bool {
+func (e EventCreateExtension) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventCreateExtension)
 	if !ok {
 		return false
@@ -4139,7 +4936,7 @@ type EventUpdateExtension struct {
 	Checks       []ExtensionCheckFunc
 }
 
-func (e EventUpdateExtension) Matches(apiEvent go_events.Event) bool {
+func (e EventUpdateExtension) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventUpdateExtension)
 	if !ok {
 		return false
@@ -4166,7 +4963,7 @@ type EventDeleteExtension struct {
 	Checks    []ExtensionCheckFunc
 }
 
-func (e EventDeleteExtension) Matches(apiEvent go_events.Event) bool {
+func (e EventDeleteExtension) Matches(apiEvent github_com_docker_go_events.Event) bool {
 	typedEvent, ok := apiEvent.(EventDeleteExtension)
 	if !ok {
 		return false
@@ -4694,9 +5491,9 @@ func (this *Meta) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&Meta{`,
-		`Version:` + strings.Replace(strings.Replace(this.Version.String(), "Version", "Version", 1), `&`, ``, 1) + `,`,
-		`CreatedAt:` + strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
-		`UpdatedAt:` + strings.Replace(fmt.Sprintf("%v", this.UpdatedAt), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
+		`Version:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Version), "Version", "Version", 1), `&`, ``, 1) + `,`,
+		`CreatedAt:` + strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "types.Timestamp", 1) + `,`,
+		`UpdatedAt:` + strings.Replace(fmt.Sprintf("%v", this.UpdatedAt), "Timestamp", "types.Timestamp", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4705,17 +5502,23 @@ func (this *Node) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForAttachments := "[]*NetworkAttachment{"
+	for _, f := range this.Attachments {
+		repeatedStringForAttachments += strings.Replace(f.String(), "NetworkAttachment", "NetworkAttachment", 1) + ","
+	}
+	repeatedStringForAttachments += "}"
 	s := strings.Join([]string{`&Node{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "NodeSpec", "NodeSpec", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Spec), "NodeSpec", "NodeSpec", 1), `&`, ``, 1) + `,`,
 		`Description:` + strings.Replace(fmt.Sprintf("%v", this.Description), "NodeDescription", "NodeDescription", 1) + `,`,
-		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "NodeStatus", "NodeStatus", 1), `&`, ``, 1) + `,`,
+		`Status:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Status), "NodeStatus", "NodeStatus", 1), `&`, ``, 1) + `,`,
 		`ManagerStatus:` + strings.Replace(fmt.Sprintf("%v", this.ManagerStatus), "ManagerStatus", "ManagerStatus", 1) + `,`,
-		`Attachment:` + strings.Replace(fmt.Sprintf("%v", this.Attachment), "NetworkAttachment", "NetworkAttachment", 1) + `,`,
-		`Certificate:` + strings.Replace(strings.Replace(this.Certificate.String(), "Certificate", "Certificate", 1), `&`, ``, 1) + `,`,
+		`Attachment:` + strings.Replace(this.Attachment.String(), "NetworkAttachment", "NetworkAttachment", 1) + `,`,
+		`Certificate:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Certificate), "Certificate", "Certificate", 1), `&`, ``, 1) + `,`,
 		`Role:` + fmt.Sprintf("%v", this.Role) + `,`,
-		`Attachments:` + strings.Replace(fmt.Sprintf("%v", this.Attachments), "NetworkAttachment", "NetworkAttachment", 1) + `,`,
+		`Attachments:` + repeatedStringForAttachments + `,`,
+		`VXLANUDPPort:` + fmt.Sprintf("%v", this.VXLANUDPPort) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4727,12 +5530,14 @@ func (this *Service) String() string {
 	s := strings.Join([]string{`&Service{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "ServiceSpec", "ServiceSpec", 1), `&`, ``, 1) + `,`,
-		`Endpoint:` + strings.Replace(fmt.Sprintf("%v", this.Endpoint), "Endpoint", "Endpoint", 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Spec), "ServiceSpec", "ServiceSpec", 1), `&`, ``, 1) + `,`,
+		`Endpoint:` + strings.Replace(this.Endpoint.String(), "Endpoint", "Endpoint", 1) + `,`,
 		`UpdateStatus:` + strings.Replace(fmt.Sprintf("%v", this.UpdateStatus), "UpdateStatus", "UpdateStatus", 1) + `,`,
 		`PreviousSpec:` + strings.Replace(fmt.Sprintf("%v", this.PreviousSpec), "ServiceSpec", "ServiceSpec", 1) + `,`,
+		`PendingDelete:` + fmt.Sprintf("%v", this.PendingDelete) + `,`,
 		`SpecVersion:` + strings.Replace(fmt.Sprintf("%v", this.SpecVersion), "Version", "Version", 1) + `,`,
 		`PreviousSpecVersion:` + strings.Replace(fmt.Sprintf("%v", this.PreviousSpecVersion), "Version", "Version", 1) + `,`,
+		`JobStatus:` + strings.Replace(fmt.Sprintf("%v", this.JobStatus), "JobStatus", "JobStatus", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4741,10 +5546,20 @@ func (this *Endpoint) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForPorts := "[]*PortConfig{"
+	for _, f := range this.Ports {
+		repeatedStringForPorts += strings.Replace(fmt.Sprintf("%v", f), "PortConfig", "PortConfig", 1) + ","
+	}
+	repeatedStringForPorts += "}"
+	repeatedStringForVirtualIPs := "[]*Endpoint_VirtualIP{"
+	for _, f := range this.VirtualIPs {
+		repeatedStringForVirtualIPs += strings.Replace(fmt.Sprintf("%v", f), "Endpoint_VirtualIP", "Endpoint_VirtualIP", 1) + ","
+	}
+	repeatedStringForVirtualIPs += "}"
 	s := strings.Join([]string{`&Endpoint{`,
 		`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "EndpointSpec", "EndpointSpec", 1) + `,`,
-		`Ports:` + strings.Replace(fmt.Sprintf("%v", this.Ports), "PortConfig", "PortConfig", 1) + `,`,
-		`VirtualIPs:` + strings.Replace(fmt.Sprintf("%v", this.VirtualIPs), "Endpoint_VirtualIP", "Endpoint_VirtualIP", 1) + `,`,
+		`Ports:` + repeatedStringForPorts + `,`,
+		`VirtualIPs:` + repeatedStringForVirtualIPs + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4764,22 +5579,33 @@ func (this *Task) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForNetworks := "[]*NetworkAttachment{"
+	for _, f := range this.Networks {
+		repeatedStringForNetworks += strings.Replace(f.String(), "NetworkAttachment", "NetworkAttachment", 1) + ","
+	}
+	repeatedStringForNetworks += "}"
+	repeatedStringForAssignedGenericResources := "[]*GenericResource{"
+	for _, f := range this.AssignedGenericResources {
+		repeatedStringForAssignedGenericResources += strings.Replace(fmt.Sprintf("%v", f), "GenericResource", "GenericResource", 1) + ","
+	}
+	repeatedStringForAssignedGenericResources += "}"
 	s := strings.Join([]string{`&Task{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "TaskSpec", "TaskSpec", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Spec), "TaskSpec", "TaskSpec", 1), `&`, ``, 1) + `,`,
 		`ServiceID:` + fmt.Sprintf("%v", this.ServiceID) + `,`,
 		`Slot:` + fmt.Sprintf("%v", this.Slot) + `,`,
 		`NodeID:` + fmt.Sprintf("%v", this.NodeID) + `,`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
-		`ServiceAnnotations:` + strings.Replace(strings.Replace(this.ServiceAnnotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
-		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "TaskStatus", "TaskStatus", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`ServiceAnnotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ServiceAnnotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Status:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Status), "TaskStatus", "TaskStatus", 1), `&`, ``, 1) + `,`,
 		`DesiredState:` + fmt.Sprintf("%v", this.DesiredState) + `,`,
-		`Networks:` + strings.Replace(fmt.Sprintf("%v", this.Networks), "NetworkAttachment", "NetworkAttachment", 1) + `,`,
-		`Endpoint:` + strings.Replace(fmt.Sprintf("%v", this.Endpoint), "Endpoint", "Endpoint", 1) + `,`,
+		`Networks:` + repeatedStringForNetworks + `,`,
+		`Endpoint:` + strings.Replace(this.Endpoint.String(), "Endpoint", "Endpoint", 1) + `,`,
 		`LogDriver:` + strings.Replace(fmt.Sprintf("%v", this.LogDriver), "Driver", "Driver", 1) + `,`,
 		`SpecVersion:` + strings.Replace(fmt.Sprintf("%v", this.SpecVersion), "Version", "Version", 1) + `,`,
-		`AssignedGenericResources:` + strings.Replace(fmt.Sprintf("%v", this.AssignedGenericResources), "GenericResource", "GenericResource", 1) + `,`,
+		`AssignedGenericResources:` + repeatedStringForAssignedGenericResources + `,`,
+		`JobIteration:` + strings.Replace(fmt.Sprintf("%v", this.JobIteration), "Version", "Version", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4792,14 +5618,14 @@ func (this *NetworkAttachment) String() string {
 	for k, _ := range this.DriverAttachmentOpts {
 		keysForDriverAttachmentOpts = append(keysForDriverAttachmentOpts, k)
 	}
-	sortkeys.Strings(keysForDriverAttachmentOpts)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForDriverAttachmentOpts)
 	mapStringForDriverAttachmentOpts := "map[string]string{"
 	for _, k := range keysForDriverAttachmentOpts {
 		mapStringForDriverAttachmentOpts += fmt.Sprintf("%v: %v,", k, this.DriverAttachmentOpts[k])
 	}
 	mapStringForDriverAttachmentOpts += "}"
 	s := strings.Join([]string{`&NetworkAttachment{`,
-		`Network:` + strings.Replace(fmt.Sprintf("%v", this.Network), "Network", "Network", 1) + `,`,
+		`Network:` + strings.Replace(this.Network.String(), "Network", "Network", 1) + `,`,
 		`Addresses:` + fmt.Sprintf("%v", this.Addresses) + `,`,
 		`Aliases:` + fmt.Sprintf("%v", this.Aliases) + `,`,
 		`DriverAttachmentOpts:` + mapStringForDriverAttachmentOpts + `,`,
@@ -4814,9 +5640,10 @@ func (this *Network) String() string {
 	s := strings.Join([]string{`&Network{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "NetworkSpec", "NetworkSpec", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Spec), "NetworkSpec", "NetworkSpec", 1), `&`, ``, 1) + `,`,
 		`DriverState:` + strings.Replace(fmt.Sprintf("%v", this.DriverState), "Driver", "Driver", 1) + `,`,
 		`IPAM:` + strings.Replace(fmt.Sprintf("%v", this.IPAM), "IPAMOptions", "IPAMOptions", 1) + `,`,
+		`PendingDelete:` + fmt.Sprintf("%v", this.PendingDelete) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4825,11 +5652,21 @@ func (this *Cluster) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForNetworkBootstrapKeys := "[]*EncryptionKey{"
+	for _, f := range this.NetworkBootstrapKeys {
+		repeatedStringForNetworkBootstrapKeys += strings.Replace(fmt.Sprintf("%v", f), "EncryptionKey", "EncryptionKey", 1) + ","
+	}
+	repeatedStringForNetworkBootstrapKeys += "}"
+	repeatedStringForUnlockKeys := "[]*EncryptionKey{"
+	for _, f := range this.UnlockKeys {
+		repeatedStringForUnlockKeys += strings.Replace(fmt.Sprintf("%v", f), "EncryptionKey", "EncryptionKey", 1) + ","
+	}
+	repeatedStringForUnlockKeys += "}"
 	keysForBlacklistedCertificates := make([]string, 0, len(this.BlacklistedCertificates))
 	for k, _ := range this.BlacklistedCertificates {
 		keysForBlacklistedCertificates = append(keysForBlacklistedCertificates, k)
 	}
-	sortkeys.Strings(keysForBlacklistedCertificates)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForBlacklistedCertificates)
 	mapStringForBlacklistedCertificates := "map[string]*BlacklistedCertificate{"
 	for _, k := range keysForBlacklistedCertificates {
 		mapStringForBlacklistedCertificates += fmt.Sprintf("%v: %v,", k, this.BlacklistedCertificates[k])
@@ -4838,15 +5675,16 @@ func (this *Cluster) String() string {
 	s := strings.Join([]string{`&Cluster{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "ClusterSpec", "ClusterSpec", 1), `&`, ``, 1) + `,`,
-		`RootCA:` + strings.Replace(strings.Replace(this.RootCA.String(), "RootCA", "RootCA", 1), `&`, ``, 1) + `,`,
-		`NetworkBootstrapKeys:` + strings.Replace(fmt.Sprintf("%v", this.NetworkBootstrapKeys), "EncryptionKey", "EncryptionKey", 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Spec), "ClusterSpec", "ClusterSpec", 1), `&`, ``, 1) + `,`,
+		`RootCA:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.RootCA), "RootCA", "RootCA", 1), `&`, ``, 1) + `,`,
+		`NetworkBootstrapKeys:` + repeatedStringForNetworkBootstrapKeys + `,`,
 		`EncryptionKeyLamportClock:` + fmt.Sprintf("%v", this.EncryptionKeyLamportClock) + `,`,
 		`BlacklistedCertificates:` + mapStringForBlacklistedCertificates + `,`,
-		`UnlockKeys:` + strings.Replace(fmt.Sprintf("%v", this.UnlockKeys), "EncryptionKey", "EncryptionKey", 1) + `,`,
+		`UnlockKeys:` + repeatedStringForUnlockKeys + `,`,
 		`FIPS:` + fmt.Sprintf("%v", this.FIPS) + `,`,
 		`DefaultAddressPool:` + fmt.Sprintf("%v", this.DefaultAddressPool) + `,`,
 		`SubnetSize:` + fmt.Sprintf("%v", this.SubnetSize) + `,`,
+		`VXLANUDPPort:` + fmt.Sprintf("%v", this.VXLANUDPPort) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4858,7 +5696,7 @@ func (this *Secret) String() string {
 	s := strings.Join([]string{`&Secret{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "SecretSpec", "SecretSpec", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Spec), "SecretSpec", "SecretSpec", 1), `&`, ``, 1) + `,`,
 		`Internal:` + fmt.Sprintf("%v", this.Internal) + `,`,
 		`}`,
 	}, "")
@@ -4871,7 +5709,7 @@ func (this *Config) String() string {
 	s := strings.Join([]string{`&Config{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "ConfigSpec", "ConfigSpec", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Spec), "ConfigSpec", "ConfigSpec", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4883,9 +5721,9 @@ func (this *Resource) String() string {
 	s := strings.Join([]string{`&Resource{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
 		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
-		`Payload:` + strings.Replace(fmt.Sprintf("%v", this.Payload), "Any", "google_protobuf3.Any", 1) + `,`,
+		`Payload:` + strings.Replace(fmt.Sprintf("%v", this.Payload), "Any", "types.Any", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -4897,7 +5735,7 @@ func (this *Extension) String() string {
 	s := strings.Join([]string{`&Extension{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
 		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
 		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
 		`}`,
 	}, "")
@@ -4926,7 +5764,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4954,7 +5792,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4963,6 +5801,9 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4984,7 +5825,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4993,11 +5834,14 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.CreatedAt == nil {
-				m.CreatedAt = &google_protobuf.Timestamp{}
+				m.CreatedAt = &types.Timestamp{}
 			}
 			if err := m.CreatedAt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -5017,7 +5861,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5026,11 +5870,14 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.UpdatedAt == nil {
-				m.UpdatedAt = &google_protobuf.Timestamp{}
+				m.UpdatedAt = &types.Timestamp{}
 			}
 			if err := m.UpdatedAt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -5042,7 +5889,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -5072,7 +5919,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5100,7 +5947,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5110,6 +5957,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5129,7 +5979,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5138,6 +5988,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5159,7 +6012,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5168,6 +6021,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5189,7 +6045,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5198,6 +6054,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5222,7 +6081,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5231,6 +6090,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5252,7 +6114,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5261,6 +6123,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5285,7 +6150,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5294,6 +6159,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5318,7 +6186,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5327,6 +6195,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5348,7 +6219,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Role |= (NodeRole(b) & 0x7F) << shift
+				m.Role |= NodeRole(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5367,7 +6238,7 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5376,6 +6247,9 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5384,13 +6258,32 @@ func (m *Node) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 11:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field VXLANUDPPort", wireType)
+			}
+			m.VXLANUDPPort = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.VXLANUDPPort |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
 		default:
 			iNdEx = preIndex
 			skippy, err := skipObjects(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -5420,7 +6313,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5448,7 +6341,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5458,6 +6351,9 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5477,7 +6373,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5486,6 +6382,9 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5507,7 +6406,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5516,6 +6415,9 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5537,7 +6439,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5546,6 +6448,9 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5570,28 +6475,87 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthObjects
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.UpdateStatus == nil {
+				m.UpdateStatus = &UpdateStatus{}
+			}
+			if err := m.UpdateStatus.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PreviousSpec", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthObjects
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.PreviousSpec == nil {
+				m.PreviousSpec = &ServiceSpec{}
+			}
+			if err := m.PreviousSpec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PendingDelete", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthObjects
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.UpdateStatus == nil {
-				m.UpdateStatus = &UpdateStatus{}
-			}
-			if err := m.UpdateStatus.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 6:
+			m.PendingDelete = bool(v != 0)
+		case 10:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field PreviousSpec", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field SpecVersion", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -5603,7 +6567,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5612,19 +6576,22 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.PreviousSpec == nil {
-				m.PreviousSpec = &ServiceSpec{}
+			if m.SpecVersion == nil {
+				m.SpecVersion = &Version{}
 			}
-			if err := m.PreviousSpec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.SpecVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 10:
+		case 11:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SpecVersion", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field PreviousSpecVersion", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -5636,7 +6603,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5645,19 +6612,22 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.SpecVersion == nil {
-				m.SpecVersion = &Version{}
+			if m.PreviousSpecVersion == nil {
+				m.PreviousSpecVersion = &Version{}
 			}
-			if err := m.SpecVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.PreviousSpecVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 11:
+		case 12:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field PreviousSpecVersion", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field JobStatus", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -5669,7 +6639,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5678,13 +6648,16 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.PreviousSpecVersion == nil {
-				m.PreviousSpecVersion = &Version{}
+			if m.JobStatus == nil {
+				m.JobStatus = &JobStatus{}
 			}
-			if err := m.PreviousSpecVersion.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.JobStatus.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -5694,7 +6667,7 @@ func (m *Service) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -5724,7 +6697,7 @@ func (m *Endpoint) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5752,7 +6725,7 @@ func (m *Endpoint) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5761,6 +6734,9 @@ func (m *Endpoint) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5785,7 +6761,7 @@ func (m *Endpoint) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5794,6 +6770,9 @@ func (m *Endpoint) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5816,7 +6795,7 @@ func (m *Endpoint) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5825,6 +6804,9 @@ func (m *Endpoint) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5839,7 +6821,7 @@ func (m *Endpoint) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -5869,7 +6851,7 @@ func (m *Endpoint_VirtualIP) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5897,7 +6879,7 @@ func (m *Endpoint_VirtualIP) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5907,6 +6889,9 @@ func (m *Endpoint_VirtualIP) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5926,7 +6911,7 @@ func (m *Endpoint_VirtualIP) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5936,6 +6921,9 @@ func (m *Endpoint_VirtualIP) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5947,7 +6935,7 @@ func (m *Endpoint_VirtualIP) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -5977,7 +6965,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -6005,7 +6993,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6015,6 +7003,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6034,7 +7025,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6043,6 +7034,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6064,7 +7058,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6073,6 +7067,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6094,7 +7091,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6104,6 +7101,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6123,7 +7123,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Slot |= (uint64(b) & 0x7F) << shift
+				m.Slot |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6142,7 +7142,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6152,6 +7152,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6171,7 +7174,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6180,6 +7183,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6201,7 +7207,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6210,6 +7216,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6231,7 +7240,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6240,6 +7249,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6261,7 +7273,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.DesiredState |= (TaskState(b) & 0x7F) << shift
+				m.DesiredState |= TaskState(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6280,7 +7292,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6289,6 +7301,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6311,7 +7326,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6320,6 +7335,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6344,7 +7362,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6353,6 +7371,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6377,7 +7398,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6386,6 +7407,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6410,7 +7434,7 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6419,6 +7443,9 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6427,13 +7454,49 @@ func (m *Task) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 16:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field JobIteration", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthObjects
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.JobIteration == nil {
+				m.JobIteration = &Version{}
+			}
+			if err := m.JobIteration.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipObjects(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -6463,7 +7526,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -6491,7 +7554,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6500,6 +7563,9 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6524,7 +7590,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6534,6 +7600,9 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6553,7 +7622,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6563,6 +7632,9 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6582,7 +7654,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6591,6 +7663,9 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6611,7 +7686,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -6628,7 +7703,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -6638,6 +7713,9 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthObjects
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthObjects
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -6654,7 +7732,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -6664,6 +7742,9 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthObjects
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthObjects
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -6675,7 +7756,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthObjects
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -6692,7 +7773,7 @@ func (m *NetworkAttachment) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -6722,7 +7803,7 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -6750,7 +7831,7 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6760,6 +7841,9 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6779,7 +7863,7 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6788,6 +7872,9 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6809,7 +7896,7 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6818,6 +7905,9 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6839,7 +7929,7 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6848,6 +7938,9 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6872,7 +7965,7 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6881,6 +7974,9 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6891,13 +7987,33 @@ func (m *Network) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PendingDelete", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.PendingDelete = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipObjects(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -6927,7 +8043,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -6955,7 +8071,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6965,6 +8081,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6984,7 +8103,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6993,6 +8112,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7014,7 +8136,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7023,6 +8145,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7044,7 +8169,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7053,6 +8178,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7074,7 +8202,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7083,6 +8211,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7105,7 +8236,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.EncryptionKeyLamportClock |= (uint64(b) & 0x7F) << shift
+				m.EncryptionKeyLamportClock |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7124,7 +8255,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7133,6 +8264,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7153,7 +8287,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -7170,7 +8304,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -7180,6 +8314,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthObjects
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthObjects
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -7196,7 +8333,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						mapmsglen |= (int(b) & 0x7F) << shift
+						mapmsglen |= int(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -7205,7 +8342,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthObjects
 					}
 					postmsgIndex := iNdEx + mapmsglen
-					if mapmsglen < 0 {
+					if postmsgIndex < 0 {
 						return ErrInvalidLengthObjects
 					}
 					if postmsgIndex > l {
@@ -7222,7 +8359,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthObjects
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -7247,7 +8384,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7256,6 +8393,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7278,7 +8418,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7298,7 +8438,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7308,6 +8448,9 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7327,7 +8470,26 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.SubnetSize |= (uint32(b) & 0x7F) << shift
+				m.SubnetSize |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 13:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field VXLANUDPPort", wireType)
+			}
+			m.VXLANUDPPort = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.VXLANUDPPort |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7338,7 +8500,7 @@ func (m *Cluster) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -7368,7 +8530,7 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -7396,7 +8558,7 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7406,6 +8568,9 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7425,7 +8590,7 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7434,6 +8599,9 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7455,7 +8623,7 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7464,6 +8632,9 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7485,7 +8656,7 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7497,7 +8668,7 @@ func (m *Secret) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -7527,7 +8698,7 @@ func (m *Config) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -7555,7 +8726,7 @@ func (m *Config) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7565,6 +8736,9 @@ func (m *Config) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7584,7 +8758,7 @@ func (m *Config) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7593,6 +8767,9 @@ func (m *Config) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7614,7 +8791,7 @@ func (m *Config) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7623,6 +8800,9 @@ func (m *Config) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7636,7 +8816,7 @@ func (m *Config) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -7666,7 +8846,7 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -7694,7 +8874,7 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7704,6 +8884,9 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7723,7 +8906,7 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7732,6 +8915,9 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7753,7 +8939,7 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7762,6 +8948,9 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7783,7 +8972,7 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7793,6 +8982,9 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7812,7 +9004,7 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7821,11 +9013,14 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Payload == nil {
-				m.Payload = &google_protobuf3.Any{}
+				m.Payload = &types.Any{}
 			}
 			if err := m.Payload.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -7837,7 +9032,7 @@ func (m *Resource) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -7867,7 +9062,7 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -7895,7 +9090,7 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7905,6 +9100,9 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7924,7 +9122,7 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7933,6 +9131,9 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7954,7 +9155,7 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7963,6 +9164,9 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -7984,7 +9188,7 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -7994,6 +9198,9 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthObjects
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthObjects
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8005,7 +9212,7 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthObjects
 			}
 			if (iNdEx + skippy) > l {
@@ -8023,6 +9230,7 @@ func (m *Extension) Unmarshal(dAtA []byte) error {
 func skipObjects(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -8054,10 +9262,8 @@ func skipObjects(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -8074,158 +9280,34 @@ func skipObjects(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthObjects
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowObjects
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipObjects(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupObjects
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthObjects
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthObjects = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowObjects   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthObjects        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowObjects          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupObjects = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("github.com/docker/swarmkit/api/objects.proto", fileDescriptorObjects) }
-
-var fileDescriptorObjects = []byte{
-	// 1581 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0x4b, 0x73, 0x1b, 0x4b,
-	0x15, 0xce, 0x48, 0x63, 0x3d, 0x8e, 0x6c, 0x61, 0xfa, 0x1a, 0x33, 0x11, 0x46, 0x32, 0xba, 0x05,
-	0x75, 0xeb, 0x56, 0x4a, 0xbe, 0x98, 0x0b, 0x38, 0x86, 0xcb, 0x8d, 0x64, 0x9b, 0x44, 0x15, 0x42,
-	0x5c, 0xed, 0x90, 0xb0, 0x1b, 0x5a, 0x33, 0x6d, 0x65, 0xd0, 0x68, 0x7a, 0x6a, 0xba, 0xa5, 0x20,
-	0x56, 0x59, 0x9b, 0x1f, 0xe0, 0x1d, 0x8b, 0xfc, 0x0b, 0x36, 0x2c, 0x58, 0x65, 0xc9, 0x8a, 0x62,
-	0xe5, 0x22, 0xfa, 0x17, 0x54, 0xb1, 0xa0, 0xba, 0xa7, 0x47, 0x1a, 0x5b, 0xe3, 0x17, 0x95, 0x72,
-	0xb1, 0x72, 0x3f, 0xbe, 0xef, 0xf4, 0x39, 0x67, 0xce, 0xcb, 0x82, 0x07, 0x7d, 0x4f, 0xbc, 0x1e,
-	0xf5, 0x5a, 0x0e, 0x1b, 0x6e, 0xb9, 0xcc, 0x19, 0xd0, 0x68, 0x8b, 0xbf, 0x21, 0xd1, 0x70, 0xe0,
-	0x89, 0x2d, 0x12, 0x7a, 0x5b, 0xac, 0xf7, 0x7b, 0xea, 0x08, 0xde, 0x0a, 0x23, 0x26, 0x18, 0x42,
-	0x31, 0xa4, 0x95, 0x40, 0x5a, 0xe3, 0x1f, 0xd6, 0x3e, 0xbf, 0x46, 0x82, 0x98, 0x84, 0x54, 0xf3,
-	0xaf, 0xc5, 0xf2, 0x90, 0x3a, 0x09, 0xb6, 0xd1, 0x67, 0xac, 0xef, 0xd3, 0x2d, 0xb5, 0xeb, 0x8d,
-	0x8e, 0xb7, 0x84, 0x37, 0xa4, 0x5c, 0x90, 0x61, 0xa8, 0x01, 0x6b, 0x7d, 0xd6, 0x67, 0x6a, 0xb9,
-	0x25, 0x57, 0xfa, 0xf4, 0xfe, 0x45, 0x1a, 0x09, 0x26, 0xfa, 0xea, 0xa7, 0x57, 0xbc, 0x3e, 0x83,
-	0x87, 0xfe, 0xa8, 0xef, 0x05, 0xfa, 0x4f, 0x4c, 0x6c, 0xfe, 0xc5, 0x00, 0xf3, 0x19, 0x15, 0x04,
-	0xfd, 0x0c, 0x8a, 0x63, 0x1a, 0x71, 0x8f, 0x05, 0x96, 0xb1, 0x69, 0x7c, 0x56, 0xd9, 0xfe, 0x4e,
-	0x6b, 0xd1, 0x23, 0xad, 0x97, 0x31, 0xa4, 0x63, 0xbe, 0x3f, 0x6b, 0xdc, 0xc3, 0x09, 0x03, 0x3d,
-	0x04, 0x70, 0x22, 0x4a, 0x04, 0x75, 0x6d, 0x22, 0xac, 0x9c, 0xe2, 0xd7, 0x5a, 0xb1, 0xba, 0xad,
-	0xe4, 0xfd, 0xd6, 0x8b, 0xc4, 0x4a, 0x5c, 0xd6, 0xe8, 0xb6, 0x90, 0xd4, 0x51, 0xe8, 0x26, 0xd4,
-	0xfc, 0xf5, 0x54, 0x8d, 0x6e, 0x8b, 0xe6, 0xdb, 0x25, 0x30, 0x7f, 0xcd, 0x5c, 0x8a, 0xd6, 0x21,
-	0xe7, 0xb9, 0x4a, 0xed, 0x72, 0xa7, 0x30, 0x3d, 0x6b, 0xe4, 0xba, 0xfb, 0x38, 0xe7, 0xb9, 0x68,
-	0x1b, 0xcc, 0x21, 0x15, 0x44, 0x2b, 0x64, 0x65, 0x19, 0x24, 0x6d, 0xd7, 0xd6, 0x28, 0x2c, 0xfa,
-	0x09, 0x98, 0xf2, 0x53, 0x69, 0x4d, 0x36, 0xb2, 0x38, 0xf2, 0xcd, 0xa3, 0x90, 0x3a, 0x09, 0x4f,
-	0xe2, 0xd1, 0x01, 0x54, 0x5c, 0xca, 0x9d, 0xc8, 0x0b, 0x85, 0xf4, 0xa1, 0xa9, 0xe8, 0x9f, 0x5e,
-	0x46, 0xdf, 0x9f, 0x43, 0x71, 0x9a, 0x87, 0x7e, 0x0e, 0x05, 0x2e, 0x88, 0x18, 0x71, 0x6b, 0x49,
-	0x49, 0xa8, 0x5f, 0xaa, 0x80, 0x42, 0x69, 0x15, 0x34, 0x07, 0x3d, 0x81, 0xea, 0x90, 0x04, 0xa4,
-	0x4f, 0x23, 0x5b, 0x4b, 0x29, 0x28, 0x29, 0xdf, 0xcb, 0x34, 0x3d, 0x46, 0xc6, 0x82, 0xf0, 0xca,
-	0x30, 0xbd, 0x45, 0x5d, 0x00, 0x22, 0x04, 0x71, 0x5e, 0x0f, 0x69, 0x20, 0xac, 0xa2, 0x92, 0xf2,
-	0xfd, 0x4c, 0x5d, 0xa8, 0x78, 0xc3, 0xa2, 0x41, 0x7b, 0x06, 0xee, 0xe4, 0x2c, 0x03, 0xa7, 0xc8,
-	0xe8, 0x31, 0x54, 0x1c, 0x1a, 0x09, 0xef, 0xd8, 0x73, 0x88, 0xa0, 0x56, 0x49, 0xc9, 0x6a, 0x64,
-	0xc9, 0xda, 0x9b, 0xc3, 0xb4, 0x61, 0x69, 0x26, 0xfa, 0x02, 0xcc, 0x88, 0xf9, 0xd4, 0x2a, 0x6f,
-	0x1a, 0x9f, 0x55, 0x2f, 0xff, 0x34, 0x98, 0xf9, 0x14, 0x2b, 0xa4, 0x7c, 0x7a, 0xae, 0x08, 0xb7,
-	0x60, 0x33, 0x7f, 0x63, 0x33, 0x70, 0x9a, 0xb9, 0xbb, 0x7e, 0x72, 0xda, 0x44, 0xb0, 0x5a, 0x32,
-	0x56, 0x0d, 0x15, 0x67, 0xc6, 0x17, 0xc6, 0x6f, 0x8d, 0xdf, 0x19, 0xcd, 0xff, 0xe4, 0xa1, 0x78,
-	0x44, 0xa3, 0xb1, 0xe7, 0x7c, 0xdc, 0x28, 0x7c, 0x78, 0x2e, 0x0a, 0x33, 0x9d, 0xa5, 0x9f, 0x5d,
-	0x08, 0xc4, 0x1d, 0x28, 0xd1, 0xc0, 0x0d, 0x99, 0x17, 0x08, 0x1d, 0x85, 0x99, 0x9e, 0x3a, 0xd0,
-	0x18, 0x3c, 0x43, 0xa3, 0x03, 0x58, 0x89, 0x93, 0xcb, 0x3e, 0x17, 0x82, 0x9b, 0x59, 0xf4, 0xdf,
-	0x28, 0xa0, 0x8e, 0x9d, 0xe5, 0x51, 0x6a, 0x87, 0xf6, 0x61, 0x25, 0x8c, 0xe8, 0xd8, 0x63, 0x23,
-	0x6e, 0x2b, 0x23, 0x0a, 0x37, 0x32, 0x02, 0x2f, 0x27, 0x2c, 0xb9, 0x43, 0xbf, 0x80, 0x65, 0x49,
-	0xb6, 0x93, 0xa2, 0x04, 0xd7, 0x16, 0x25, 0x5c, 0x91, 0x04, 0xbd, 0x41, 0xcf, 0xe1, 0x5b, 0xe7,
-	0xb4, 0x98, 0x09, 0xaa, 0x5c, 0x2f, 0xe8, 0x93, 0xb4, 0x26, 0xfa, 0x70, 0x17, 0x9d, 0x9c, 0x36,
-	0xab, 0xb0, 0x9c, 0x0e, 0x81, 0xe6, 0x9f, 0x73, 0x50, 0x4a, 0x1c, 0x89, 0xbe, 0xd4, 0xdf, 0xcc,
-	0xb8, 0xdc, 0x6b, 0x09, 0x56, 0xd9, 0x1b, 0x7f, 0xae, 0x2f, 0x61, 0x29, 0x64, 0x91, 0xe0, 0x56,
-	0x4e, 0x05, 0x67, 0x66, 0xbe, 0x1f, 0xb2, 0x48, 0xec, 0xb1, 0xe0, 0xd8, 0xeb, 0xe3, 0x18, 0x8c,
-	0x5e, 0x41, 0x65, 0xec, 0x45, 0x62, 0x44, 0x7c, 0xdb, 0x0b, 0xb9, 0x95, 0x57, 0xdc, 0x1f, 0x5c,
-	0xf5, 0x64, 0xeb, 0x65, 0x8c, 0xef, 0x1e, 0x76, 0xaa, 0xd3, 0xb3, 0x06, 0xcc, 0xb6, 0x1c, 0x83,
-	0x16, 0xd5, 0x0d, 0x79, 0xed, 0x19, 0x94, 0x67, 0x37, 0xe8, 0x01, 0x40, 0x10, 0xe7, 0x85, 0x3d,
-	0x8b, 0xec, 0x95, 0xe9, 0x59, 0xa3, 0xac, 0xb3, 0xa5, 0xbb, 0x8f, 0xcb, 0x1a, 0xd0, 0x75, 0x11,
-	0x02, 0x93, 0xb8, 0x6e, 0xa4, 0xe2, 0xbc, 0x8c, 0xd5, 0xba, 0xf9, 0xa7, 0x22, 0x98, 0x2f, 0x08,
-	0x1f, 0xdc, 0x75, 0x89, 0x96, 0x6f, 0x2e, 0x64, 0xc6, 0x03, 0x00, 0x1e, 0xc7, 0x9b, 0x34, 0xc7,
-	0x9c, 0x9b, 0xa3, 0xa3, 0x50, 0x9a, 0xa3, 0x01, 0xb1, 0x39, 0xdc, 0x67, 0x42, 0x25, 0x81, 0x89,
-	0xd5, 0x1a, 0x7d, 0x0a, 0xc5, 0x80, 0xb9, 0x8a, 0x5e, 0x50, 0x74, 0x98, 0x9e, 0x35, 0x0a, 0xb2,
-	0xe8, 0x74, 0xf7, 0x71, 0x41, 0x5e, 0x75, 0x5d, 0x55, 0x74, 0x82, 0x80, 0x09, 0x22, 0x0b, 0x3a,
-	0xd7, 0xb5, 0x33, 0x33, 0xfa, 0xdb, 0x73, 0x58, 0x52, 0xef, 0x52, 0x4c, 0xf4, 0x12, 0x3e, 0x49,
-	0xf4, 0x4d, 0x0b, 0x2c, 0xdd, 0x46, 0x20, 0xd2, 0x12, 0x52, 0x37, 0xa9, 0x1e, 0x53, 0xbe, 0xbc,
-	0xc7, 0x28, 0x0f, 0x66, 0xf5, 0x98, 0x0e, 0xac, 0xb8, 0x94, 0x7b, 0x11, 0x75, 0x55, 0x99, 0xa0,
-	0x2a, 0x33, 0xab, 0xdb, 0xdf, 0xbd, 0x4a, 0x08, 0xc5, 0xcb, 0x9a, 0xa3, 0x76, 0xa8, 0x0d, 0x25,
-	0x1d, 0x37, 0xdc, 0xaa, 0xdc, 0xa6, 0x28, 0xcf, 0x68, 0xe7, 0xca, 0xdc, 0xf2, 0xad, 0xca, 0xdc,
-	0x43, 0x00, 0x9f, 0xf5, 0x6d, 0x37, 0xf2, 0xc6, 0x34, 0xb2, 0x56, 0xf4, 0xc4, 0x91, 0xc1, 0xdd,
-	0x57, 0x08, 0x5c, 0xf6, 0x59, 0x3f, 0x5e, 0x2e, 0x14, 0xa5, 0xea, 0x2d, 0x8b, 0x12, 0x81, 0x1a,
-	0xe1, 0xdc, 0xeb, 0x07, 0xd4, 0xb5, 0xfb, 0x34, 0xa0, 0x91, 0xe7, 0xd8, 0x11, 0xe5, 0x6c, 0x14,
-	0x39, 0x94, 0x5b, 0xdf, 0x50, 0x9e, 0xc8, 0x9c, 0x19, 0x1e, 0xc7, 0x60, 0xac, 0xb1, 0xd8, 0x4a,
-	0xc4, 0x5c, 0xb8, 0xe0, 0xbb, 0xb5, 0x93, 0xd3, 0xe6, 0x3a, 0xac, 0xa5, 0xcb, 0xd4, 0x8e, 0xf1,
-	0xc8, 0x78, 0x62, 0x1c, 0x1a, 0xcd, 0xbf, 0xe5, 0xe0, 0x9b, 0x0b, 0x3e, 0x45, 0x3f, 0x86, 0xa2,
-	0xf6, 0xea, 0x55, 0x93, 0x9f, 0xe6, 0xe1, 0x04, 0x8b, 0x36, 0xa0, 0x2c, 0x53, 0x9c, 0x72, 0x4e,
-	0xe3, 0xe2, 0x55, 0xc6, 0xf3, 0x03, 0x64, 0x41, 0x91, 0xf8, 0x1e, 0x91, 0x77, 0x79, 0x75, 0x97,
-	0x6c, 0xd1, 0x08, 0xd6, 0x63, 0xd7, 0xdb, 0xf3, 0x06, 0x6b, 0xb3, 0x50, 0x70, 0xcb, 0x54, 0xf6,
-	0x7f, 0x7d, 0xa3, 0x48, 0xd0, 0x1f, 0x67, 0x7e, 0xf0, 0x3c, 0x14, 0xfc, 0x20, 0x10, 0xd1, 0x04,
-	0xaf, 0xb9, 0x19, 0x57, 0xb5, 0xc7, 0x70, 0xff, 0x52, 0x0a, 0x5a, 0x85, 0xfc, 0x80, 0x4e, 0xe2,
-	0xf2, 0x84, 0xe5, 0x12, 0xad, 0xc1, 0xd2, 0x98, 0xf8, 0x23, 0xaa, 0xab, 0x59, 0xbc, 0xd9, 0xcd,
-	0xed, 0x18, 0xcd, 0x77, 0x39, 0x28, 0x6a, 0x75, 0xee, 0xba, 0xe5, 0xeb, 0x67, 0x17, 0x0a, 0xdb,
-	0x57, 0xb0, 0xac, 0x5d, 0x1a, 0x67, 0xa4, 0x79, 0x6d, 0x4c, 0x57, 0x62, 0x7c, 0x9c, 0x8d, 0x5f,
-	0x81, 0xe9, 0x85, 0x64, 0xa8, 0xdb, 0x7d, 0xe6, 0xcb, 0xdd, 0xc3, 0xf6, 0xb3, 0xe7, 0x61, 0x5c,
-	0x58, 0x4a, 0xd3, 0xb3, 0x86, 0x29, 0x0f, 0xb0, 0xa2, 0x65, 0x36, 0xc6, 0x77, 0x05, 0x28, 0xee,
-	0xf9, 0x23, 0x2e, 0x68, 0x74, 0xd7, 0x4e, 0xd2, 0xcf, 0x2e, 0x38, 0x69, 0x0f, 0x8a, 0x11, 0x63,
-	0xc2, 0x76, 0xc8, 0x55, 0xfe, 0xc1, 0x8c, 0x89, 0xbd, 0x76, 0xa7, 0x2a, 0x89, 0xb2, 0xb6, 0xc7,
-	0x7b, 0x5c, 0x90, 0xd4, 0x3d, 0x82, 0x5e, 0xc1, 0x7a, 0xd2, 0x11, 0x7b, 0x8c, 0x09, 0x2e, 0x22,
-	0x12, 0xda, 0x03, 0x3a, 0x91, 0xb3, 0x52, 0xfe, 0xb2, 0x41, 0xfb, 0x20, 0x70, 0xa2, 0x89, 0x72,
-	0xde, 0x53, 0x3a, 0xc1, 0x6b, 0x5a, 0x40, 0x27, 0xe1, 0x3f, 0xa5, 0x13, 0x8e, 0xbe, 0x86, 0x0d,
-	0x3a, 0x83, 0x49, 0x89, 0xb6, 0x4f, 0x86, 0xb2, 0xd7, 0xdb, 0x8e, 0xcf, 0x9c, 0x81, 0x6a, 0x37,
-	0x26, 0xbe, 0x4f, 0xd3, 0xa2, 0x7e, 0x15, 0x23, 0xf6, 0x24, 0x00, 0x71, 0xb0, 0x7a, 0x3e, 0x71,
-	0x06, 0xbe, 0xc7, 0xe5, 0xff, 0x52, 0xa9, 0xb9, 0x59, 0x76, 0x0c, 0xa9, 0xdb, 0xce, 0x15, 0xde,
-	0x6a, 0x75, 0xe6, 0xdc, 0xd4, 0x14, 0xae, 0x33, 0xea, 0xdb, 0xbd, 0xec, 0x5b, 0xd4, 0x81, 0xca,
-	0x28, 0x90, 0xcf, 0xc7, 0x3e, 0x28, 0xdf, 0xd4, 0x07, 0x10, 0xb3, 0x94, 0xe5, 0x1b, 0x60, 0x1e,
-	0xcb, 0x19, 0x46, 0xb6, 0x91, 0x52, 0x1c, 0x5c, 0xbf, 0xec, 0x1e, 0x1e, 0x61, 0x75, 0x8a, 0x5a,
-	0x80, 0x5c, 0x7a, 0x4c, 0x46, 0xbe, 0x68, 0xc7, 0xb5, 0xe5, 0x90, 0x31, 0x5f, 0xf5, 0x8c, 0x32,
-	0xce, 0xb8, 0x41, 0x75, 0x00, 0x3e, 0xea, 0x05, 0x54, 0x1c, 0x79, 0x7f, 0xa4, 0xaa, 0x31, 0xac,
-	0xe0, 0xd4, 0x49, 0x6d, 0x0c, 0x1b, 0x57, 0x99, 0x9a, 0x51, 0x09, 0x1e, 0xa5, 0x2b, 0x41, 0x65,
-	0xfb, 0xf3, 0x2c, 0xeb, 0xb2, 0x45, 0xa6, 0xaa, 0x46, 0x66, 0x92, 0xfc, 0xd5, 0x80, 0xc2, 0x11,
-	0x75, 0x22, 0x2a, 0x3e, 0x6a, 0x8e, 0xec, 0x9c, 0xcb, 0x91, 0x7a, 0xf6, 0xd8, 0x2d, 0x5f, 0x5d,
-	0x48, 0x91, 0x1a, 0x94, 0xbc, 0x40, 0xd0, 0x28, 0x20, 0xbe, 0xca, 0x91, 0x12, 0x9e, 0xed, 0xb3,
-	0xb3, 0xdc, 0x80, 0x42, 0x3c, 0x97, 0xde, 0xb5, 0x01, 0xf1, 0xab, 0x17, 0x0d, 0xc8, 0x54, 0xf2,
-	0xdf, 0x06, 0x94, 0x92, 0xf6, 0xf8, 0x51, 0xd5, 0xbc, 0x30, 0xe7, 0xe5, 0xff, 0xe7, 0x39, 0x0f,
-	0x81, 0x39, 0xf0, 0x02, 0x3d, 0x91, 0x62, 0xb5, 0x46, 0x2d, 0x28, 0x86, 0x64, 0xe2, 0x33, 0xe2,
-	0xea, 0xb2, 0xbc, 0xb6, 0xf0, 0x9b, 0x48, 0x3b, 0x98, 0xe0, 0x04, 0xb4, 0xbb, 0x76, 0x72, 0xda,
-	0x5c, 0x85, 0x6a, 0xda, 0xf2, 0xd7, 0x46, 0xf3, 0x1f, 0x06, 0x94, 0x0f, 0xfe, 0x20, 0x68, 0xa0,
-	0xa6, 0x8f, 0xff, 0x4b, 0xe3, 0x37, 0x17, 0x7f, 0x37, 0x29, 0x9f, 0xfb, 0x49, 0x24, 0xeb, 0xa3,
-	0x76, 0xac, 0xf7, 0x1f, 0xea, 0xf7, 0xfe, 0xf9, 0xa1, 0x7e, 0xef, 0xed, 0xb4, 0x6e, 0xbc, 0x9f,
-	0xd6, 0x8d, 0xbf, 0x4f, 0xeb, 0xc6, 0xbf, 0xa6, 0x75, 0xa3, 0x57, 0x50, 0xfe, 0xf9, 0xd1, 0x7f,
-	0x03, 0x00, 0x00, 0xff, 0xff, 0xbc, 0x6b, 0x9b, 0xd8, 0xfe, 0x13, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/objects.proto b/vendor/github.com/docker/swarmkit/api/objects.proto
index 2211395bf5e92..4baf58af0a192 100644
--- a/vendor/github.com/docker/swarmkit/api/objects.proto
+++ b/vendor/github.com/docker/swarmkit/api/objects.proto
@@ -81,6 +81,10 @@ message Node {
 	// endpoint on the node to be used for load balancing. Each overlay
 	// network, including ingress network, will have an NetworkAttachment.
 	repeated NetworkAttachment attachments = 10;
+
+	// VXLANUDPPort specifies the UDP port for VXLAN traffic.
+	// This information is passed from cluster object to individual nodes.
+	uint32 VXLANUDPPort = 11;
 }
 
 message Service {
@@ -122,6 +126,20 @@ message Service {
 	// UpdateStatus contains the status of an update, if one is in
 	// progress.
 	UpdateStatus update_status = 5;
+
+	// JobStatus contains the status of a Service that is in one of the Job
+	// modes. It is absent on Replicated and Global services.
+	JobStatus job_status = 12;
+
+	// PendingDelete indicates that this service's deletion has been requested.
+	// Services, as well as all service-level resources, can only be deleted
+	// after all of the service's containers have properly shut down.
+	// When a user requests a deletion, we just flip this flag
+	// the deallocator will take it from there - it will start monitoring
+	// this service's tasks, and proceed to delete the service itself (and
+	// potentially its associated resources also marked for deletion) when
+	// all of its tasks are gone
+	bool pending_delete = 7;
 }
 
 // Endpoint specified all the network parameters required to
@@ -247,6 +265,10 @@ message Task {
 	Driver log_driver = 13;
 
 	repeated GenericResource assigned_generic_resources = 15;
+
+	// JobIteration is the iteration number of the Job-mode Service that this
+	// task belongs to.
+	Version job_iteration = 16;
 }
 
 // NetworkAttachment specifies the network parameters of attachment to
@@ -292,6 +314,20 @@ message Network {
 	// Runtime state of IPAM options. This may not reflect the
 	// ipam options from NetworkSpec.
 	IPAMOptions ipam = 5 [(gogoproto.customname) = "IPAM"];
+
+	// PendingDelete indicates that this network's deletion has been requested.
+	// Services, as well as all service-level resources, can only be deleted
+	// after all the service's containers have properly shut down
+	// when a user requests a deletion, we just flip this flag
+	// the deallocator will take it from there
+	// PendingDelete indicates that this network's deletion has been requested.
+	// Services, as well as all service-level resources, can only be deleted
+	// after all of the service's containers have properly shut down.
+	// When a user requests a deletion of this network, we just flip this flag
+	// the deallocator will take it from there - it will start monitoring
+	// the services that still use this service, and proceed to delete
+	// this network when all of these services are gone
+	bool pending_delete = 6;
 }
 
 // Cluster provides global cluster settings.
@@ -351,6 +387,9 @@ message Cluster {
 	// This flag specifies the default subnet size of global scope networks by giving
 	// the length of the subnet masks for every such network
 	uint32 subnetSize = 12;
+
+	// VXLANUDPPort specifies the UDP port for VXLAN traffic.
+	uint32 VXLANUDPPort = 13;
 }
 
 // Secret represents a secret that should be passed to a container or a node,
diff --git a/vendor/github.com/docker/swarmkit/api/raft.pb.go b/vendor/github.com/docker/swarmkit/api/raft.pb.go
index a32a6001b92fd..1c2537f5288e9 100644
--- a/vendor/github.com/docker/swarmkit/api/raft.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/raft.pb.go
@@ -3,36 +3,37 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import raftpb "github.com/coreos/etcd/raft/raftpb"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-// skipping weak import docker_protobuf_plugin "github.com/docker/swarmkit/protobuf/plugin"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import raftselector "github.com/docker/swarmkit/manager/raftselector"
-import codes "google.golang.org/grpc/codes"
-import status "google.golang.org/grpc/status"
-import metadata "google.golang.org/grpc/metadata"
-import peer "google.golang.org/grpc/peer"
-import rafttime "time"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	raftpb "github.com/coreos/etcd/raft/raftpb"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	raftselector "github.com/docker/swarmkit/manager/raftselector"
+	proto "github.com/gogo/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	metadata "google.golang.org/grpc/metadata"
+	peer "google.golang.org/grpc/peer"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	rafttime "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 // StoreActionKind defines the operation to take on the store for the target of
 // a storage action.
 type StoreActionKind int32
@@ -50,6 +51,7 @@ var StoreActionKind_name = map[int32]string{
 	2: "STORE_ACTION_UPDATE",
 	3: "STORE_ACTION_REMOVE",
 }
+
 var StoreActionKind_value = map[string]int32{
 	"UNKNOWN":             0,
 	"STORE_ACTION_CREATE": 1,
@@ -60,7 +62,10 @@ var StoreActionKind_value = map[string]int32{
 func (x StoreActionKind) String() string {
 	return proto.EnumName(StoreActionKind_name, int32(x))
 }
-func (StoreActionKind) EnumDescriptor() ([]byte, []int) { return fileDescriptorRaft, []int{0} }
+
+func (StoreActionKind) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{0}
+}
 
 type RaftMember struct {
 	// RaftID specifies the internal ID used by the manager in a raft context, it can never be modified
@@ -71,112 +76,448 @@ type RaftMember struct {
 	// Addr specifies the address of the member
 	Addr string `protobuf:"bytes,3,opt,name=addr,proto3" json:"addr,omitempty"`
 	// Status provides the current status of the manager from the perspective of another manager.
-	Status RaftMemberStatus `protobuf:"bytes,4,opt,name=status" json:"status"`
+	Status RaftMemberStatus `protobuf:"bytes,4,opt,name=status,proto3" json:"status"`
+}
+
+func (m *RaftMember) Reset()      { *m = RaftMember{} }
+func (*RaftMember) ProtoMessage() {}
+func (*RaftMember) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{0}
+}
+func (m *RaftMember) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RaftMember) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RaftMember.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RaftMember) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RaftMember.Merge(m, src)
+}
+func (m *RaftMember) XXX_Size() int {
+	return m.Size()
+}
+func (m *RaftMember) XXX_DiscardUnknown() {
+	xxx_messageInfo_RaftMember.DiscardUnknown(m)
 }
 
-func (m *RaftMember) Reset()                    { *m = RaftMember{} }
-func (*RaftMember) ProtoMessage()               {}
-func (*RaftMember) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{0} }
+var xxx_messageInfo_RaftMember proto.InternalMessageInfo
 
 type JoinRequest struct {
 	// Addr specifies the address of the member
 	Addr string `protobuf:"bytes,1,opt,name=addr,proto3" json:"addr,omitempty"`
 }
 
-func (m *JoinRequest) Reset()                    { *m = JoinRequest{} }
-func (*JoinRequest) ProtoMessage()               {}
-func (*JoinRequest) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{1} }
+func (m *JoinRequest) Reset()      { *m = JoinRequest{} }
+func (*JoinRequest) ProtoMessage() {}
+func (*JoinRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{1}
+}
+func (m *JoinRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *JoinRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_JoinRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *JoinRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_JoinRequest.Merge(m, src)
+}
+func (m *JoinRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *JoinRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_JoinRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_JoinRequest proto.InternalMessageInfo
 
 type JoinResponse struct {
 	// RaftID is the ID assigned to the new member.
 	RaftID uint64 `protobuf:"varint,1,opt,name=raft_id,json=raftId,proto3" json:"raft_id,omitempty"`
 	// Members is the membership set of the cluster.
-	Members []*RaftMember `protobuf:"bytes,2,rep,name=members" json:"members,omitempty"`
+	Members []*RaftMember `protobuf:"bytes,2,rep,name=members,proto3" json:"members,omitempty"`
 	// RemovedMembers is a list of members that have been removed from
 	// the cluster, so the new node can avoid communicating with them.
-	RemovedMembers []uint64 `protobuf:"varint,3,rep,name=removed_members,json=removedMembers" json:"removed_members,omitempty"`
+	RemovedMembers []uint64 `protobuf:"varint,3,rep,name=removed_members,json=removedMembers,proto3" json:"removed_members,omitempty"`
+}
+
+func (m *JoinResponse) Reset()      { *m = JoinResponse{} }
+func (*JoinResponse) ProtoMessage() {}
+func (*JoinResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{2}
+}
+func (m *JoinResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *JoinResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_JoinResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *JoinResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_JoinResponse.Merge(m, src)
+}
+func (m *JoinResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *JoinResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_JoinResponse.DiscardUnknown(m)
 }
 
-func (m *JoinResponse) Reset()                    { *m = JoinResponse{} }
-func (*JoinResponse) ProtoMessage()               {}
-func (*JoinResponse) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{2} }
+var xxx_messageInfo_JoinResponse proto.InternalMessageInfo
 
 type LeaveRequest struct {
-	Node *RaftMember `protobuf:"bytes,1,opt,name=node" json:"node,omitempty"`
+	Node *RaftMember `protobuf:"bytes,1,opt,name=node,proto3" json:"node,omitempty"`
+}
+
+func (m *LeaveRequest) Reset()      { *m = LeaveRequest{} }
+func (*LeaveRequest) ProtoMessage() {}
+func (*LeaveRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{3}
+}
+func (m *LeaveRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *LeaveRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_LeaveRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *LeaveRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LeaveRequest.Merge(m, src)
+}
+func (m *LeaveRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *LeaveRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_LeaveRequest.DiscardUnknown(m)
 }
 
-func (m *LeaveRequest) Reset()                    { *m = LeaveRequest{} }
-func (*LeaveRequest) ProtoMessage()               {}
-func (*LeaveRequest) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{3} }
+var xxx_messageInfo_LeaveRequest proto.InternalMessageInfo
 
 type LeaveResponse struct {
 }
 
-func (m *LeaveResponse) Reset()                    { *m = LeaveResponse{} }
-func (*LeaveResponse) ProtoMessage()               {}
-func (*LeaveResponse) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{4} }
+func (m *LeaveResponse) Reset()      { *m = LeaveResponse{} }
+func (*LeaveResponse) ProtoMessage() {}
+func (*LeaveResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{4}
+}
+func (m *LeaveResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *LeaveResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_LeaveResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *LeaveResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LeaveResponse.Merge(m, src)
+}
+func (m *LeaveResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *LeaveResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_LeaveResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LeaveResponse proto.InternalMessageInfo
 
 type ProcessRaftMessageRequest struct {
-	Message *raftpb.Message `protobuf:"bytes,1,opt,name=message" json:"message,omitempty"`
+	Message *raftpb.Message `protobuf:"bytes,1,opt,name=message,proto3" json:"message,omitempty"`
+}
+
+func (m *ProcessRaftMessageRequest) Reset()      { *m = ProcessRaftMessageRequest{} }
+func (*ProcessRaftMessageRequest) ProtoMessage() {}
+func (*ProcessRaftMessageRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{5}
+}
+func (m *ProcessRaftMessageRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ProcessRaftMessageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ProcessRaftMessageRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ProcessRaftMessageRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ProcessRaftMessageRequest.Merge(m, src)
+}
+func (m *ProcessRaftMessageRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ProcessRaftMessageRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ProcessRaftMessageRequest.DiscardUnknown(m)
 }
 
-func (m *ProcessRaftMessageRequest) Reset()                    { *m = ProcessRaftMessageRequest{} }
-func (*ProcessRaftMessageRequest) ProtoMessage()               {}
-func (*ProcessRaftMessageRequest) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{5} }
+var xxx_messageInfo_ProcessRaftMessageRequest proto.InternalMessageInfo
 
 type ProcessRaftMessageResponse struct {
 }
 
-func (m *ProcessRaftMessageResponse) Reset()                    { *m = ProcessRaftMessageResponse{} }
-func (*ProcessRaftMessageResponse) ProtoMessage()               {}
-func (*ProcessRaftMessageResponse) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{6} }
+func (m *ProcessRaftMessageResponse) Reset()      { *m = ProcessRaftMessageResponse{} }
+func (*ProcessRaftMessageResponse) ProtoMessage() {}
+func (*ProcessRaftMessageResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{6}
+}
+func (m *ProcessRaftMessageResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ProcessRaftMessageResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ProcessRaftMessageResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ProcessRaftMessageResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ProcessRaftMessageResponse.Merge(m, src)
+}
+func (m *ProcessRaftMessageResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ProcessRaftMessageResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ProcessRaftMessageResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ProcessRaftMessageResponse proto.InternalMessageInfo
 
 // Raft message streaming request.
 type StreamRaftMessageRequest struct {
-	Message *raftpb.Message `protobuf:"bytes,1,opt,name=message" json:"message,omitempty"`
+	Message *raftpb.Message `protobuf:"bytes,1,opt,name=message,proto3" json:"message,omitempty"`
+}
+
+func (m *StreamRaftMessageRequest) Reset()      { *m = StreamRaftMessageRequest{} }
+func (*StreamRaftMessageRequest) ProtoMessage() {}
+func (*StreamRaftMessageRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{7}
+}
+func (m *StreamRaftMessageRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StreamRaftMessageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StreamRaftMessageRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StreamRaftMessageRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StreamRaftMessageRequest.Merge(m, src)
+}
+func (m *StreamRaftMessageRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *StreamRaftMessageRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_StreamRaftMessageRequest.DiscardUnknown(m)
 }
 
-func (m *StreamRaftMessageRequest) Reset()                    { *m = StreamRaftMessageRequest{} }
-func (*StreamRaftMessageRequest) ProtoMessage()               {}
-func (*StreamRaftMessageRequest) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{7} }
+var xxx_messageInfo_StreamRaftMessageRequest proto.InternalMessageInfo
 
 // Raft message streaming response.
 type StreamRaftMessageResponse struct {
 }
 
-func (m *StreamRaftMessageResponse) Reset()                    { *m = StreamRaftMessageResponse{} }
-func (*StreamRaftMessageResponse) ProtoMessage()               {}
-func (*StreamRaftMessageResponse) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{8} }
+func (m *StreamRaftMessageResponse) Reset()      { *m = StreamRaftMessageResponse{} }
+func (*StreamRaftMessageResponse) ProtoMessage() {}
+func (*StreamRaftMessageResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{8}
+}
+func (m *StreamRaftMessageResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StreamRaftMessageResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StreamRaftMessageResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StreamRaftMessageResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StreamRaftMessageResponse.Merge(m, src)
+}
+func (m *StreamRaftMessageResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *StreamRaftMessageResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_StreamRaftMessageResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_StreamRaftMessageResponse proto.InternalMessageInfo
 
 type ResolveAddressRequest struct {
 	// raft_id is the ID to resolve to an address.
 	RaftID uint64 `protobuf:"varint,1,opt,name=raft_id,json=raftId,proto3" json:"raft_id,omitempty"`
 }
 
-func (m *ResolveAddressRequest) Reset()                    { *m = ResolveAddressRequest{} }
-func (*ResolveAddressRequest) ProtoMessage()               {}
-func (*ResolveAddressRequest) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{9} }
+func (m *ResolveAddressRequest) Reset()      { *m = ResolveAddressRequest{} }
+func (*ResolveAddressRequest) ProtoMessage() {}
+func (*ResolveAddressRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{9}
+}
+func (m *ResolveAddressRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResolveAddressRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResolveAddressRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResolveAddressRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResolveAddressRequest.Merge(m, src)
+}
+func (m *ResolveAddressRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResolveAddressRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResolveAddressRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ResolveAddressRequest proto.InternalMessageInfo
 
 type ResolveAddressResponse struct {
 	// Addr specifies the address of the member
 	Addr string `protobuf:"bytes,1,opt,name=addr,proto3" json:"addr,omitempty"`
 }
 
-func (m *ResolveAddressResponse) Reset()                    { *m = ResolveAddressResponse{} }
-func (*ResolveAddressResponse) ProtoMessage()               {}
-func (*ResolveAddressResponse) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{10} }
+func (m *ResolveAddressResponse) Reset()      { *m = ResolveAddressResponse{} }
+func (*ResolveAddressResponse) ProtoMessage() {}
+func (*ResolveAddressResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{10}
+}
+func (m *ResolveAddressResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResolveAddressResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResolveAddressResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResolveAddressResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResolveAddressResponse.Merge(m, src)
+}
+func (m *ResolveAddressResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResolveAddressResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResolveAddressResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ResolveAddressResponse proto.InternalMessageInfo
 
 // Contains one of many protobuf encoded objects to replicate
 // over the raft backend with a request ID to track when the
 // action is effectively applied
 type InternalRaftRequest struct {
 	ID     uint64        `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Action []StoreAction `protobuf:"bytes,2,rep,name=action" json:"action"`
+	Action []StoreAction `protobuf:"bytes,2,rep,name=action,proto3" json:"action"`
+}
+
+func (m *InternalRaftRequest) Reset()      { *m = InternalRaftRequest{} }
+func (*InternalRaftRequest) ProtoMessage() {}
+func (*InternalRaftRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{11}
+}
+func (m *InternalRaftRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *InternalRaftRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_InternalRaftRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *InternalRaftRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_InternalRaftRequest.Merge(m, src)
+}
+func (m *InternalRaftRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *InternalRaftRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_InternalRaftRequest.DiscardUnknown(m)
 }
 
-func (m *InternalRaftRequest) Reset()                    { *m = InternalRaftRequest{} }
-func (*InternalRaftRequest) ProtoMessage()               {}
-func (*InternalRaftRequest) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{11} }
+var xxx_messageInfo_InternalRaftRequest proto.InternalMessageInfo
 
 // StoreAction defines a target and operation to apply on the storage system.
 type StoreAction struct {
@@ -194,9 +535,37 @@ type StoreAction struct {
 	Target isStoreAction_Target `protobuf_oneof:"target"`
 }
 
-func (m *StoreAction) Reset()                    { *m = StoreAction{} }
-func (*StoreAction) ProtoMessage()               {}
-func (*StoreAction) Descriptor() ([]byte, []int) { return fileDescriptorRaft, []int{12} }
+func (m *StoreAction) Reset()      { *m = StoreAction{} }
+func (*StoreAction) ProtoMessage() {}
+func (*StoreAction) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d2c32e1e3c930c15, []int{12}
+}
+func (m *StoreAction) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StoreAction) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StoreAction.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StoreAction) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StoreAction.Merge(m, src)
+}
+func (m *StoreAction) XXX_Size() int {
+	return m.Size()
+}
+func (m *StoreAction) XXX_DiscardUnknown() {
+	xxx_messageInfo_StoreAction.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_StoreAction proto.InternalMessageInfo
 
 type isStoreAction_Target interface {
 	isStoreAction_Target()
@@ -205,31 +574,31 @@ type isStoreAction_Target interface {
 }
 
 type StoreAction_Node struct {
-	Node *Node `protobuf:"bytes,2,opt,name=node,oneof"`
+	Node *Node `protobuf:"bytes,2,opt,name=node,proto3,oneof" json:"node,omitempty"`
 }
 type StoreAction_Service struct {
-	Service *Service `protobuf:"bytes,3,opt,name=service,oneof"`
+	Service *Service `protobuf:"bytes,3,opt,name=service,proto3,oneof" json:"service,omitempty"`
 }
 type StoreAction_Task struct {
-	Task *Task `protobuf:"bytes,4,opt,name=task,oneof"`
+	Task *Task `protobuf:"bytes,4,opt,name=task,proto3,oneof" json:"task,omitempty"`
 }
 type StoreAction_Network struct {
-	Network *Network `protobuf:"bytes,5,opt,name=network,oneof"`
+	Network *Network `protobuf:"bytes,5,opt,name=network,proto3,oneof" json:"network,omitempty"`
 }
 type StoreAction_Cluster struct {
-	Cluster *Cluster `protobuf:"bytes,6,opt,name=cluster,oneof"`
+	Cluster *Cluster `protobuf:"bytes,6,opt,name=cluster,proto3,oneof" json:"cluster,omitempty"`
 }
 type StoreAction_Secret struct {
-	Secret *Secret `protobuf:"bytes,7,opt,name=secret,oneof"`
+	Secret *Secret `protobuf:"bytes,7,opt,name=secret,proto3,oneof" json:"secret,omitempty"`
 }
 type StoreAction_Resource struct {
-	Resource *Resource `protobuf:"bytes,8,opt,name=resource,oneof"`
+	Resource *Resource `protobuf:"bytes,8,opt,name=resource,proto3,oneof" json:"resource,omitempty"`
 }
 type StoreAction_Extension struct {
-	Extension *Extension `protobuf:"bytes,9,opt,name=extension,oneof"`
+	Extension *Extension `protobuf:"bytes,9,opt,name=extension,proto3,oneof" json:"extension,omitempty"`
 }
 type StoreAction_Config struct {
-	Config *Config `protobuf:"bytes,10,opt,name=config,oneof"`
+	Config *Config `protobuf:"bytes,10,opt,name=config,proto3,oneof" json:"config,omitempty"`
 }
 
 func (*StoreAction_Node) isStoreAction_Target()      {}
@@ -312,9 +681,9 @@ func (m *StoreAction) GetConfig() *Config {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*StoreAction) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _StoreAction_OneofMarshaler, _StoreAction_OneofUnmarshaler, _StoreAction_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*StoreAction) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*StoreAction_Node)(nil),
 		(*StoreAction_Service)(nil),
 		(*StoreAction_Task)(nil),
@@ -327,199 +696,8 @@ func (*StoreAction) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) e
 	}
 }
 
-func _StoreAction_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*StoreAction)
-	// target
-	switch x := m.Target.(type) {
-	case *StoreAction_Node:
-		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Node); err != nil {
-			return err
-		}
-	case *StoreAction_Service:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Service); err != nil {
-			return err
-		}
-	case *StoreAction_Task:
-		_ = b.EncodeVarint(4<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Task); err != nil {
-			return err
-		}
-	case *StoreAction_Network:
-		_ = b.EncodeVarint(5<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Network); err != nil {
-			return err
-		}
-	case *StoreAction_Cluster:
-		_ = b.EncodeVarint(6<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Cluster); err != nil {
-			return err
-		}
-	case *StoreAction_Secret:
-		_ = b.EncodeVarint(7<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Secret); err != nil {
-			return err
-		}
-	case *StoreAction_Resource:
-		_ = b.EncodeVarint(8<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Resource); err != nil {
-			return err
-		}
-	case *StoreAction_Extension:
-		_ = b.EncodeVarint(9<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Extension); err != nil {
-			return err
-		}
-	case *StoreAction_Config:
-		_ = b.EncodeVarint(10<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Config); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("StoreAction.Target has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _StoreAction_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*StoreAction)
-	switch tag {
-	case 2: // target.node
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Node)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Node{msg}
-		return true, err
-	case 3: // target.service
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Service)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Service{msg}
-		return true, err
-	case 4: // target.task
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Task)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Task{msg}
-		return true, err
-	case 5: // target.network
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Network)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Network{msg}
-		return true, err
-	case 6: // target.cluster
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Cluster)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Cluster{msg}
-		return true, err
-	case 7: // target.secret
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Secret)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Secret{msg}
-		return true, err
-	case 8: // target.resource
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Resource)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Resource{msg}
-		return true, err
-	case 9: // target.extension
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Extension)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Extension{msg}
-		return true, err
-	case 10: // target.config
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Config)
-		err := b.DecodeMessage(msg)
-		m.Target = &StoreAction_Config{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _StoreAction_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*StoreAction)
-	// target
-	switch x := m.Target.(type) {
-	case *StoreAction_Node:
-		s := proto.Size(x.Node)
-		n += proto.SizeVarint(2<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *StoreAction_Service:
-		s := proto.Size(x.Service)
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *StoreAction_Task:
-		s := proto.Size(x.Task)
-		n += proto.SizeVarint(4<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *StoreAction_Network:
-		s := proto.Size(x.Network)
-		n += proto.SizeVarint(5<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *StoreAction_Cluster:
-		s := proto.Size(x.Cluster)
-		n += proto.SizeVarint(6<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *StoreAction_Secret:
-		s := proto.Size(x.Secret)
-		n += proto.SizeVarint(7<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *StoreAction_Resource:
-		s := proto.Size(x.Resource)
-		n += proto.SizeVarint(8<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *StoreAction_Extension:
-		s := proto.Size(x.Extension)
-		n += proto.SizeVarint(9<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *StoreAction_Config:
-		s := proto.Size(x.Config)
-		n += proto.SizeVarint(10<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.StoreActionKind", StoreActionKind_name, StoreActionKind_value)
 	proto.RegisterType((*RaftMember)(nil), "docker.swarmkit.v1.RaftMember")
 	proto.RegisterType((*JoinRequest)(nil), "docker.swarmkit.v1.JoinRequest")
 	proto.RegisterType((*JoinResponse)(nil), "docker.swarmkit.v1.JoinResponse")
@@ -533,7 +711,79 @@ func init() {
 	proto.RegisterType((*ResolveAddressResponse)(nil), "docker.swarmkit.v1.ResolveAddressResponse")
 	proto.RegisterType((*InternalRaftRequest)(nil), "docker.swarmkit.v1.InternalRaftRequest")
 	proto.RegisterType((*StoreAction)(nil), "docker.swarmkit.v1.StoreAction")
-	proto.RegisterEnum("docker.swarmkit.v1.StoreActionKind", StoreActionKind_name, StoreActionKind_value)
+}
+
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/raft.proto", fileDescriptor_d2c32e1e3c930c15)
+}
+
+var fileDescriptor_d2c32e1e3c930c15 = []byte{
+	// 1028 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0x41, 0x73, 0xdb, 0x44,
+	0x14, 0xc7, 0x25, 0x5b, 0x75, 0x9a, 0x97, 0x36, 0x09, 0x5b, 0x12, 0x14, 0xb5, 0x28, 0xae, 0xda,
+	0x19, 0x9c, 0x90, 0xc8, 0x83, 0x61, 0xa6, 0x4c, 0xa1, 0x87, 0x38, 0xf1, 0x4c, 0x4c, 0x5a, 0xa7,
+	0xa3, 0x24, 0xd0, 0x5b, 0x90, 0xa5, 0x8d, 0x2b, 0x1c, 0x6b, 0xcd, 0xee, 0x3a, 0x81, 0x0b, 0xd3,
+	0x23, 0xe4, 0xc4, 0x0d, 0x86, 0x99, 0x0e, 0x07, 0x38, 0xf7, 0x03, 0xf0, 0x01, 0x98, 0x0c, 0xa7,
+	0xde, 0xe8, 0x29, 0x43, 0x9d, 0x3b, 0x7c, 0x05, 0x66, 0x57, 0x52, 0x12, 0x6c, 0xd9, 0xf1, 0x81,
+	0x4b, 0xb2, 0xa3, 0xfd, 0xfd, 0xdf, 0xff, 0xed, 0xee, 0xdb, 0xb7, 0x86, 0x85, 0x46, 0xc0, 0x9f,
+	0x76, 0xea, 0xb6, 0x47, 0x5a, 0x45, 0x9f, 0x78, 0x4d, 0x4c, 0x8b, 0xec, 0xd0, 0xa5, 0xad, 0x66,
+	0xc0, 0x8b, 0x6e, 0x3b, 0x28, 0x52, 0x77, 0x8f, 0xdb, 0x6d, 0x4a, 0x38, 0x41, 0x28, 0x9a, 0xb7,
+	0x93, 0x79, 0xfb, 0xe0, 0x3d, 0x63, 0xe9, 0x12, 0x39, 0xa9, 0x7f, 0x81, 0x3d, 0xce, 0xa2, 0x08,
+	0xc6, 0xe2, 0x25, 0x34, 0xff, 0xba, 0x8d, 0x13, 0x76, 0xf9, 0x02, 0xeb, 0x11, 0x8a, 0x09, 0x2b,
+	0x62, 0xee, 0xf9, 0x32, 0x21, 0xf9, 0xa7, 0x5d, 0xbf, 0x90, 0x9c, 0xf1, 0x66, 0x83, 0x34, 0x88,
+	0x1c, 0x16, 0xc5, 0x28, 0xfe, 0x7a, 0x6f, 0x88, 0xa1, 0x24, 0xea, 0x9d, 0xbd, 0x62, 0x7b, 0xbf,
+	0xd3, 0x08, 0xc2, 0xf8, 0x5f, 0x24, 0xb4, 0x5e, 0xa8, 0x00, 0x8e, 0xbb, 0xc7, 0x1f, 0xe1, 0x56,
+	0x1d, 0x53, 0x74, 0x07, 0xc6, 0x84, 0xd7, 0x6e, 0xe0, 0xeb, 0x6a, 0x5e, 0x2d, 0x68, 0x65, 0xe8,
+	0x9e, 0xcc, 0xe7, 0x04, 0x50, 0x5d, 0x73, 0x72, 0x62, 0xaa, 0xea, 0x0b, 0x28, 0x24, 0x3e, 0x16,
+	0x50, 0x26, 0xaf, 0x16, 0xc6, 0x23, 0xa8, 0x46, 0x7c, 0x2c, 0x20, 0x31, 0x55, 0xf5, 0x11, 0x02,
+	0xcd, 0xf5, 0x7d, 0xaa, 0x67, 0x05, 0xe1, 0xc8, 0x31, 0x2a, 0x43, 0x8e, 0x71, 0x97, 0x77, 0x98,
+	0xae, 0xe5, 0xd5, 0xc2, 0x44, 0xe9, 0xae, 0xdd, 0xbf, 0xd3, 0xf6, 0x79, 0x36, 0x5b, 0x92, 0x2d,
+	0x6b, 0xc7, 0x27, 0xf3, 0x8a, 0x13, 0x2b, 0xad, 0xdb, 0x30, 0xf1, 0x09, 0x09, 0x42, 0x07, 0x7f,
+	0xd9, 0xc1, 0x8c, 0x9f, 0xd9, 0xa8, 0xe7, 0x36, 0xd6, 0x4f, 0x2a, 0x5c, 0x8b, 0x18, 0xd6, 0x26,
+	0x21, 0xc3, 0xa3, 0xad, 0xea, 0x43, 0x18, 0x6b, 0x49, 0x5b, 0xa6, 0x67, 0xf2, 0xd9, 0xc2, 0x44,
+	0xc9, 0x1c, 0x9e, 0x9d, 0x93, 0xe0, 0xe8, 0x5d, 0x98, 0xa2, 0xb8, 0x45, 0x0e, 0xb0, 0xbf, 0x9b,
+	0x44, 0xc8, 0xe6, 0xb3, 0x05, 0xad, 0x9c, 0x99, 0x56, 0x9c, 0xc9, 0x78, 0x2a, 0x12, 0x31, 0xab,
+	0x0c, 0xd7, 0x1e, 0x62, 0xf7, 0x00, 0x27, 0x0b, 0x28, 0x81, 0x26, 0x76, 0x4c, 0x26, 0x76, 0xb9,
+	0xa7, 0x64, 0xad, 0x29, 0xb8, 0x1e, 0xc7, 0x88, 0x16, 0x68, 0x3d, 0x84, 0xb9, 0xc7, 0x94, 0x78,
+	0x98, 0xb1, 0x88, 0x65, 0xcc, 0x6d, 0x9c, 0x39, 0x2c, 0x88, 0x85, 0xc9, 0x2f, 0xb1, 0xc9, 0x94,
+	0x1d, 0x95, 0x95, 0x9d, 0x80, 0xc9, 0xfc, 0x7d, 0xed, 0xd9, 0x0f, 0x96, 0x62, 0xdd, 0x02, 0x23,
+	0x2d, 0x5a, 0xec, 0xb5, 0x01, 0xfa, 0x16, 0xa7, 0xd8, 0x6d, 0xfd, 0x1f, 0x56, 0x37, 0x61, 0x2e,
+	0x25, 0x58, 0xec, 0xf4, 0x31, 0xcc, 0x38, 0x98, 0x91, 0xfd, 0x03, 0xbc, 0xe2, 0xfb, 0x54, 0xa4,
+	0x13, 0xdb, 0x8c, 0x72, 0x9e, 0xd6, 0x12, 0xcc, 0xf6, 0xaa, 0xe3, 0x72, 0x48, 0xab, 0x99, 0x7d,
+	0xb8, 0x51, 0x0d, 0x39, 0xa6, 0xa1, 0xbb, 0x2f, 0xe2, 0x24, 0x4e, 0xb3, 0x90, 0x39, 0x33, 0xc9,
+	0x75, 0x4f, 0xe6, 0x33, 0xd5, 0x35, 0x27, 0x13, 0xf8, 0xe8, 0x01, 0xe4, 0x5c, 0x8f, 0x07, 0x24,
+	0x8c, 0x6b, 0x65, 0x3e, 0xed, 0xdc, 0xb6, 0x38, 0xa1, 0x78, 0x45, 0x62, 0x49, 0x11, 0x47, 0x22,
+	0xeb, 0x77, 0x0d, 0x26, 0x2e, 0xcc, 0xa2, 0x8f, 0xce, 0xc2, 0x09, 0xab, 0xc9, 0xd2, 0x9d, 0x4b,
+	0xc2, 0x6d, 0x04, 0xa1, 0x9f, 0x04, 0x43, 0x76, 0x5c, 0x41, 0x19, 0xb9, 0xe3, 0x7a, 0x9a, 0x54,
+	0xdc, 0xcd, 0x75, 0x25, 0xaa, 0x1e, 0x74, 0x0f, 0xc6, 0x18, 0xa6, 0x07, 0x81, 0x87, 0xe5, 0xe5,
+	0x9c, 0x28, 0xdd, 0x4c, 0x75, 0x8b, 0x90, 0x75, 0xc5, 0x49, 0x68, 0x61, 0xc4, 0x5d, 0xd6, 0x8c,
+	0x2f, 0x6f, 0xaa, 0xd1, 0xb6, 0xcb, 0x9a, 0xc2, 0x48, 0x70, 0xc2, 0x28, 0xc4, 0xfc, 0x90, 0xd0,
+	0xa6, 0x7e, 0x65, 0xb0, 0x51, 0x2d, 0x42, 0x84, 0x51, 0x4c, 0x0b, 0xa1, 0xb7, 0xdf, 0x61, 0x1c,
+	0x53, 0x3d, 0x37, 0x58, 0xb8, 0x1a, 0x21, 0x42, 0x18, 0xd3, 0xe8, 0x03, 0xc8, 0x31, 0xec, 0x51,
+	0xcc, 0xf5, 0x31, 0xa9, 0x33, 0xd2, 0x57, 0x26, 0x88, 0x75, 0xd1, 0x52, 0xe4, 0x08, 0xdd, 0x87,
+	0xab, 0x14, 0x33, 0xd2, 0xa1, 0x1e, 0xd6, 0xaf, 0x4a, 0xdd, 0xad, 0xd4, 0x6b, 0x18, 0x33, 0xeb,
+	0x8a, 0x73, 0xc6, 0xa3, 0x07, 0x30, 0x8e, 0xbf, 0xe2, 0x38, 0x64, 0xe2, 0xf0, 0xc6, 0xa5, 0xf8,
+	0xed, 0x34, 0x71, 0x25, 0x81, 0xd6, 0x15, 0xe7, 0x5c, 0x21, 0x12, 0xf6, 0x48, 0xb8, 0x17, 0x34,
+	0x74, 0x18, 0x9c, 0xf0, 0xaa, 0x24, 0x44, 0xc2, 0x11, 0x5b, 0xbe, 0x0a, 0x39, 0xee, 0xd2, 0x06,
+	0xe6, 0x8b, 0xff, 0xa8, 0x30, 0xd5, 0x53, 0x17, 0xe8, 0x1d, 0x18, 0xdb, 0xa9, 0x6d, 0xd4, 0x36,
+	0x3f, 0xab, 0x4d, 0x2b, 0x86, 0x71, 0xf4, 0x3c, 0x3f, 0xdb, 0x43, 0xec, 0x84, 0xcd, 0x90, 0x1c,
+	0x86, 0xa8, 0x04, 0x37, 0xb6, 0xb6, 0x37, 0x9d, 0xca, 0xee, 0xca, 0xea, 0x76, 0x75, 0xb3, 0xb6,
+	0xbb, 0xea, 0x54, 0x56, 0xb6, 0x2b, 0xd3, 0xaa, 0x31, 0x77, 0xf4, 0x3c, 0x3f, 0xd3, 0x23, 0x5a,
+	0xa5, 0xd8, 0xe5, 0xb8, 0x4f, 0xb3, 0xf3, 0x78, 0x4d, 0x68, 0x32, 0xa9, 0x9a, 0x9d, 0xb6, 0x9f,
+	0xa6, 0x71, 0x2a, 0x8f, 0x36, 0x3f, 0xad, 0x4c, 0x67, 0x53, 0x35, 0x8e, 0x6c, 0x97, 0xc6, 0x5b,
+	0xdf, 0xfe, 0x62, 0x2a, 0xbf, 0xfd, 0x6a, 0xf6, 0xae, 0xae, 0xf4, 0x73, 0x16, 0x34, 0x71, 0x43,
+	0xd1, 0x91, 0x0a, 0xa8, 0xbf, 0x4d, 0xa1, 0xe5, 0xb4, 0x1d, 0x1c, 0xd8, 0x1c, 0x0d, 0x7b, 0x54,
+	0x3c, 0xee, 0x49, 0x33, 0x7f, 0xbc, 0xf8, 0xfb, 0xc7, 0xcc, 0x14, 0x5c, 0x97, 0xfc, 0x72, 0xcb,
+	0x0d, 0xdd, 0x06, 0xa6, 0xe8, 0x3b, 0x15, 0xde, 0xe8, 0x6b, 0x64, 0x68, 0x29, 0xfd, 0x1a, 0xa7,
+	0x37, 0x4f, 0x63, 0x79, 0x44, 0x7a, 0x68, 0x26, 0x05, 0x15, 0x7d, 0x03, 0x93, 0xff, 0x6d, 0x7c,
+	0x68, 0x61, 0x50, 0x39, 0xf7, 0xb5, 0x56, 0x63, 0x71, 0x14, 0x74, 0x68, 0x06, 0xa5, 0x3f, 0x55,
+	0x98, 0x3c, 0x7f, 0xb2, 0xd8, 0xd3, 0xa0, 0x8d, 0x3e, 0x07, 0x4d, 0x3c, 0xc8, 0x28, 0xb5, 0x4d,
+	0x5e, 0x78, 0xce, 0x8d, 0xfc, 0x60, 0x60, 0xf8, 0x01, 0x78, 0x70, 0x45, 0x3e, 0x89, 0x28, 0x35,
+	0xc2, 0xc5, 0x17, 0xd7, 0xb8, 0x3d, 0x84, 0x18, 0x6a, 0x52, 0xbe, 0x7b, 0xfc, 0xda, 0x54, 0x5e,
+	0xbd, 0x36, 0x95, 0x67, 0x5d, 0x53, 0x3d, 0xee, 0x9a, 0xea, 0xcb, 0xae, 0xa9, 0xfe, 0xd5, 0x35,
+	0xd5, 0xef, 0x4f, 0x4d, 0xe5, 0xe5, 0xa9, 0xa9, 0xbc, 0x3a, 0x35, 0x95, 0x27, 0xd9, 0x27, 0x5a,
+	0x3d, 0x27, 0x7f, 0x5d, 0xbd, 0xff, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc9, 0x42, 0x09, 0xd0,
+	0x76, 0x0a, 0x00, 0x00,
 }
 
 type authenticatedWrapperRaftServer struct {
@@ -613,7 +863,7 @@ func (m *RaftMember) CopyFrom(src interface{}) {
 
 	o := src.(*RaftMember)
 	*m = *o
-	deepcopy.Copy(&m.Status, &o.Status)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Status, &o.Status)
 }
 
 func (m *JoinRequest) Copy() *JoinRequest {
@@ -648,7 +898,7 @@ func (m *JoinResponse) CopyFrom(src interface{}) {
 		m.Members = make([]*RaftMember, len(o.Members))
 		for i := range m.Members {
 			m.Members[i] = &RaftMember{}
-			deepcopy.Copy(m.Members[i], o.Members[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Members[i], o.Members[i])
 		}
 	}
 
@@ -674,7 +924,7 @@ func (m *LeaveRequest) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Node != nil {
 		m.Node = &RaftMember{}
-		deepcopy.Copy(m.Node, o.Node)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Node, o.Node)
 	}
 }
 
@@ -754,7 +1004,7 @@ func (m *InternalRaftRequest) CopyFrom(src interface{}) {
 	if o.Action != nil {
 		m.Action = make([]StoreAction, len(o.Action))
 		for i := range m.Action {
-			deepcopy.Copy(&m.Action[i], &o.Action[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(&m.Action[i], &o.Action[i])
 		}
 	}
 
@@ -779,55 +1029,55 @@ func (m *StoreAction) CopyFrom(src interface{}) {
 			v := StoreAction_Node{
 				Node: &Node{},
 			}
-			deepcopy.Copy(v.Node, o.GetNode())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Node, o.GetNode())
 			m.Target = &v
 		case *StoreAction_Service:
 			v := StoreAction_Service{
 				Service: &Service{},
 			}
-			deepcopy.Copy(v.Service, o.GetService())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Service, o.GetService())
 			m.Target = &v
 		case *StoreAction_Task:
 			v := StoreAction_Task{
 				Task: &Task{},
 			}
-			deepcopy.Copy(v.Task, o.GetTask())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Task, o.GetTask())
 			m.Target = &v
 		case *StoreAction_Network:
 			v := StoreAction_Network{
 				Network: &Network{},
 			}
-			deepcopy.Copy(v.Network, o.GetNetwork())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Network, o.GetNetwork())
 			m.Target = &v
 		case *StoreAction_Cluster:
 			v := StoreAction_Cluster{
 				Cluster: &Cluster{},
 			}
-			deepcopy.Copy(v.Cluster, o.GetCluster())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Cluster, o.GetCluster())
 			m.Target = &v
 		case *StoreAction_Secret:
 			v := StoreAction_Secret{
 				Secret: &Secret{},
 			}
-			deepcopy.Copy(v.Secret, o.GetSecret())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Secret, o.GetSecret())
 			m.Target = &v
 		case *StoreAction_Resource:
 			v := StoreAction_Resource{
 				Resource: &Resource{},
 			}
-			deepcopy.Copy(v.Resource, o.GetResource())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Resource, o.GetResource())
 			m.Target = &v
 		case *StoreAction_Extension:
 			v := StoreAction_Extension{
 				Extension: &Extension{},
 			}
-			deepcopy.Copy(v.Extension, o.GetExtension())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Extension, o.GetExtension())
 			m.Target = &v
 		case *StoreAction_Config:
 			v := StoreAction_Config{
 				Config: &Config{},
 			}
-			deepcopy.Copy(v.Config, o.GetConfig())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Config, o.GetConfig())
 			m.Target = &v
 		}
 	}
@@ -842,8 +1092,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Raft service
-
+// RaftClient is the client API for Raft service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type RaftClient interface {
 	// ProcessRaftMessage sends a raft message to be processed on a raft member, it is
 	// called from the RaftMember willing to send a message to its destination ('To' field)
@@ -868,7 +1119,7 @@ func NewRaftClient(cc *grpc.ClientConn) RaftClient {
 
 func (c *raftClient) ProcessRaftMessage(ctx context.Context, in *ProcessRaftMessageRequest, opts ...grpc.CallOption) (*ProcessRaftMessageResponse, error) {
 	out := new(ProcessRaftMessageResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Raft/ProcessRaftMessage", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Raft/ProcessRaftMessage", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -876,7 +1127,7 @@ func (c *raftClient) ProcessRaftMessage(ctx context.Context, in *ProcessRaftMess
 }
 
 func (c *raftClient) StreamRaftMessage(ctx context.Context, opts ...grpc.CallOption) (Raft_StreamRaftMessageClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Raft_serviceDesc.Streams[0], c.cc, "/docker.swarmkit.v1.Raft/StreamRaftMessage", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Raft_serviceDesc.Streams[0], "/docker.swarmkit.v1.Raft/StreamRaftMessage", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -911,15 +1162,14 @@ func (x *raftStreamRaftMessageClient) CloseAndRecv() (*StreamRaftMessageResponse
 
 func (c *raftClient) ResolveAddress(ctx context.Context, in *ResolveAddressRequest, opts ...grpc.CallOption) (*ResolveAddressResponse, error) {
 	out := new(ResolveAddressResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.Raft/ResolveAddress", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.Raft/ResolveAddress", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Raft service
-
+// RaftServer is the server API for Raft service.
 type RaftServer interface {
 	// ProcessRaftMessage sends a raft message to be processed on a raft member, it is
 	// called from the RaftMember willing to send a message to its destination ('To' field)
@@ -934,6 +1184,20 @@ type RaftServer interface {
 	ResolveAddress(context.Context, *ResolveAddressRequest) (*ResolveAddressResponse, error)
 }
 
+// UnimplementedRaftServer can be embedded to have forward compatible implementations.
+type UnimplementedRaftServer struct {
+}
+
+func (*UnimplementedRaftServer) ProcessRaftMessage(ctx context.Context, req *ProcessRaftMessageRequest) (*ProcessRaftMessageResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ProcessRaftMessage not implemented")
+}
+func (*UnimplementedRaftServer) StreamRaftMessage(srv Raft_StreamRaftMessageServer) error {
+	return status.Errorf(codes.Unimplemented, "method StreamRaftMessage not implemented")
+}
+func (*UnimplementedRaftServer) ResolveAddress(ctx context.Context, req *ResolveAddressRequest) (*ResolveAddressResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ResolveAddress not implemented")
+}
+
 func RegisterRaftServer(s *grpc.Server, srv RaftServer) {
 	s.RegisterService(&_Raft_serviceDesc, srv)
 }
@@ -1023,8 +1287,9 @@ var _Raft_serviceDesc = grpc.ServiceDesc{
 	Metadata: "github.com/docker/swarmkit/api/raft.proto",
 }
 
-// Client API for RaftMembership service
-
+// RaftMembershipClient is the client API for RaftMembership service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type RaftMembershipClient interface {
 	// Join adds a RaftMember to the raft cluster.
 	Join(ctx context.Context, in *JoinRequest, opts ...grpc.CallOption) (*JoinResponse, error)
@@ -1042,7 +1307,7 @@ func NewRaftMembershipClient(cc *grpc.ClientConn) RaftMembershipClient {
 
 func (c *raftMembershipClient) Join(ctx context.Context, in *JoinRequest, opts ...grpc.CallOption) (*JoinResponse, error) {
 	out := new(JoinResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.RaftMembership/Join", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.RaftMembership/Join", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -1051,15 +1316,14 @@ func (c *raftMembershipClient) Join(ctx context.Context, in *JoinRequest, opts .
 
 func (c *raftMembershipClient) Leave(ctx context.Context, in *LeaveRequest, opts ...grpc.CallOption) (*LeaveResponse, error) {
 	out := new(LeaveResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.RaftMembership/Leave", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.RaftMembership/Leave", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for RaftMembership service
-
+// RaftMembershipServer is the server API for RaftMembership service.
 type RaftMembershipServer interface {
 	// Join adds a RaftMember to the raft cluster.
 	Join(context.Context, *JoinRequest) (*JoinResponse, error)
@@ -1067,6 +1331,17 @@ type RaftMembershipServer interface {
 	Leave(context.Context, *LeaveRequest) (*LeaveResponse, error)
 }
 
+// UnimplementedRaftMembershipServer can be embedded to have forward compatible implementations.
+type UnimplementedRaftMembershipServer struct {
+}
+
+func (*UnimplementedRaftMembershipServer) Join(ctx context.Context, req *JoinRequest) (*JoinResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Join not implemented")
+}
+func (*UnimplementedRaftMembershipServer) Leave(ctx context.Context, req *LeaveRequest) (*LeaveResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Leave not implemented")
+}
+
 func RegisterRaftMembershipServer(s *grpc.Server, srv RaftMembershipServer) {
 	s.RegisterService(&_RaftMembership_serviceDesc, srv)
 }
@@ -1127,7 +1402,7 @@ var _RaftMembership_serviceDesc = grpc.ServiceDesc{
 func (m *RaftMember) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1135,42 +1410,51 @@ func (m *RaftMember) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RaftMember) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RaftMember) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.RaftID != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.RaftID))
-	}
-	if len(m.NodeID) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
+	{
+		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintRaft(dAtA, i, uint64(size))
 	}
+	i--
+	dAtA[i] = 0x22
 	if len(m.Addr) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.Addr)
+		copy(dAtA[i:], m.Addr)
 		i = encodeVarintRaft(dAtA, i, uint64(len(m.Addr)))
-		i += copy(dAtA[i:], m.Addr)
+		i--
+		dAtA[i] = 0x1a
 	}
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintRaft(dAtA, i, uint64(m.Status.Size()))
-	n1, err := m.Status.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.NodeID) > 0 {
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
+		i = encodeVarintRaft(dAtA, i, uint64(len(m.NodeID)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.RaftID != 0 {
+		i = encodeVarintRaft(dAtA, i, uint64(m.RaftID))
+		i--
+		dAtA[i] = 0x8
 	}
-	i += n1
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *JoinRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1178,23 +1462,29 @@ func (m *JoinRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *JoinRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *JoinRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Addr) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Addr)
+		copy(dAtA[i:], m.Addr)
 		i = encodeVarintRaft(dAtA, i, uint64(len(m.Addr)))
-		i += copy(dAtA[i:], m.Addr)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *JoinResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1202,41 +1492,48 @@ func (m *JoinResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *JoinResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *JoinResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.RaftID != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.RaftID))
+	if len(m.RemovedMembers) > 0 {
+		for iNdEx := len(m.RemovedMembers) - 1; iNdEx >= 0; iNdEx-- {
+			i = encodeVarintRaft(dAtA, i, uint64(m.RemovedMembers[iNdEx]))
+			i--
+			dAtA[i] = 0x18
+		}
 	}
 	if len(m.Members) > 0 {
-		for _, msg := range m.Members {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintRaft(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Members) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Members[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintRaft(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	if len(m.RemovedMembers) > 0 {
-		for _, num := range m.RemovedMembers {
-			dAtA[i] = 0x18
-			i++
-			i = encodeVarintRaft(dAtA, i, uint64(num))
-		}
+	if m.RaftID != 0 {
+		i = encodeVarintRaft(dAtA, i, uint64(m.RaftID))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *LeaveRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1244,27 +1541,34 @@ func (m *LeaveRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *LeaveRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *LeaveRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Node != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Node.Size()))
-		n2, err := m.Node.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Node.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *LeaveResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1272,17 +1576,22 @@ func (m *LeaveResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *LeaveResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *LeaveResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ProcessRaftMessageRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1290,27 +1599,34 @@ func (m *ProcessRaftMessageRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ProcessRaftMessageRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ProcessRaftMessageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Message != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Message.Size()))
-		n3, err := m.Message.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Message.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n3
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ProcessRaftMessageResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1318,17 +1634,22 @@ func (m *ProcessRaftMessageResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ProcessRaftMessageResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ProcessRaftMessageResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StreamRaftMessageRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1336,27 +1657,34 @@ func (m *StreamRaftMessageRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StreamRaftMessageRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StreamRaftMessageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Message != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Message.Size()))
-		n4, err := m.Message.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Message.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n4
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StreamRaftMessageResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1364,17 +1692,22 @@ func (m *StreamRaftMessageResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StreamRaftMessageResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StreamRaftMessageResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ResolveAddressRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1382,22 +1715,27 @@ func (m *ResolveAddressRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ResolveAddressRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResolveAddressRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.RaftID != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintRaft(dAtA, i, uint64(m.RaftID))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ResolveAddressResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1405,23 +1743,29 @@ func (m *ResolveAddressResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ResolveAddressResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResolveAddressResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Addr) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Addr)
+		copy(dAtA[i:], m.Addr)
 		i = encodeVarintRaft(dAtA, i, uint64(len(m.Addr)))
-		i += copy(dAtA[i:], m.Addr)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *InternalRaftRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1429,34 +1773,41 @@ func (m *InternalRaftRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *InternalRaftRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *InternalRaftRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.ID != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.ID))
-	}
 	if len(m.Action) > 0 {
-		for _, msg := range m.Action {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintRaft(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Action) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Action[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintRaft(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	return i, nil
+	if m.ID != 0 {
+		i = encodeVarintRaft(dAtA, i, uint64(m.ID))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *StoreAction) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1464,159 +1815,231 @@ func (m *StoreAction) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StoreAction) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Action != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Action))
-	}
 	if m.Target != nil {
-		nn5, err := m.Target.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.Target.Size()
+			i -= size
+			if _, err := m.Target.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn5
 	}
-	return i, nil
+	if m.Action != 0 {
+		i = encodeVarintRaft(dAtA, i, uint64(m.Action))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *StoreAction_Node) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Node) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Node != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Node.Size()))
-		n6, err := m.Node.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Node.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n6
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *StoreAction_Service) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Service) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Service != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Service.Size()))
-		n7, err := m.Service.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n7
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *StoreAction_Task) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Task) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Task != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Task.Size()))
-		n8, err := m.Task.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Task.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n8
+		i--
+		dAtA[i] = 0x22
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *StoreAction_Network) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Network) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Network != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Network.Size()))
-		n9, err := m.Network.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Network.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n9
+		i--
+		dAtA[i] = 0x2a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *StoreAction_Cluster) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Cluster) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Cluster != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Cluster.Size()))
-		n10, err := m.Cluster.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Cluster.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n10
+		i--
+		dAtA[i] = 0x32
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *StoreAction_Secret) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Secret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Secret != nil {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Secret.Size()))
-		n11, err := m.Secret.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n11
+		i--
+		dAtA[i] = 0x3a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *StoreAction_Resource) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Resource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Resource != nil {
-		dAtA[i] = 0x42
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Resource.Size()))
-		n12, err := m.Resource.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n12
+		i--
+		dAtA[i] = 0x42
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *StoreAction_Extension) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Extension) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Extension != nil {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Extension.Size()))
-		n13, err := m.Extension.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Extension.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n13
+		i--
+		dAtA[i] = 0x4a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *StoreAction_Config) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreAction_Config) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Config != nil {
-		dAtA[i] = 0x52
-		i++
-		i = encodeVarintRaft(dAtA, i, uint64(m.Config.Size()))
-		n14, err := m.Config.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Config.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintRaft(dAtA, i, uint64(size))
 		}
-		i += n14
+		i--
+		dAtA[i] = 0x52
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func encodeVarintRaft(dAtA []byte, offset int, v uint64) int {
+	offset -= sovRaft(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 
 type raftProxyRaftServer struct {
@@ -1961,6 +2384,9 @@ func (p *raftProxyRaftMembershipServer) Leave(ctx context.Context, r *LeaveReque
 }
 
 func (m *RaftMember) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.RaftID != 0 {
@@ -1980,6 +2406,9 @@ func (m *RaftMember) Size() (n int) {
 }
 
 func (m *JoinRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Addr)
@@ -1990,6 +2419,9 @@ func (m *JoinRequest) Size() (n int) {
 }
 
 func (m *JoinResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.RaftID != 0 {
@@ -2010,6 +2442,9 @@ func (m *JoinResponse) Size() (n int) {
 }
 
 func (m *LeaveRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Node != nil {
@@ -2020,12 +2455,18 @@ func (m *LeaveRequest) Size() (n int) {
 }
 
 func (m *LeaveResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func (m *ProcessRaftMessageRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Message != nil {
@@ -2036,12 +2477,18 @@ func (m *ProcessRaftMessageRequest) Size() (n int) {
 }
 
 func (m *ProcessRaftMessageResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func (m *StreamRaftMessageRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Message != nil {
@@ -2052,12 +2499,18 @@ func (m *StreamRaftMessageRequest) Size() (n int) {
 }
 
 func (m *StreamRaftMessageResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func (m *ResolveAddressRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.RaftID != 0 {
@@ -2067,6 +2520,9 @@ func (m *ResolveAddressRequest) Size() (n int) {
 }
 
 func (m *ResolveAddressResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Addr)
@@ -2077,6 +2533,9 @@ func (m *ResolveAddressResponse) Size() (n int) {
 }
 
 func (m *InternalRaftRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.ID != 0 {
@@ -2092,6 +2551,9 @@ func (m *InternalRaftRequest) Size() (n int) {
 }
 
 func (m *StoreAction) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Action != 0 {
@@ -2104,6 +2566,9 @@ func (m *StoreAction) Size() (n int) {
 }
 
 func (m *StoreAction_Node) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Node != nil {
@@ -2113,6 +2578,9 @@ func (m *StoreAction_Node) Size() (n int) {
 	return n
 }
 func (m *StoreAction_Service) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Service != nil {
@@ -2122,6 +2590,9 @@ func (m *StoreAction_Service) Size() (n int) {
 	return n
 }
 func (m *StoreAction_Task) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Task != nil {
@@ -2131,6 +2602,9 @@ func (m *StoreAction_Task) Size() (n int) {
 	return n
 }
 func (m *StoreAction_Network) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Network != nil {
@@ -2140,6 +2614,9 @@ func (m *StoreAction_Network) Size() (n int) {
 	return n
 }
 func (m *StoreAction_Cluster) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Cluster != nil {
@@ -2149,6 +2626,9 @@ func (m *StoreAction_Cluster) Size() (n int) {
 	return n
 }
 func (m *StoreAction_Secret) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Secret != nil {
@@ -2158,6 +2638,9 @@ func (m *StoreAction_Secret) Size() (n int) {
 	return n
 }
 func (m *StoreAction_Resource) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Resource != nil {
@@ -2167,6 +2650,9 @@ func (m *StoreAction_Resource) Size() (n int) {
 	return n
 }
 func (m *StoreAction_Extension) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Extension != nil {
@@ -2176,6 +2662,9 @@ func (m *StoreAction_Extension) Size() (n int) {
 	return n
 }
 func (m *StoreAction_Config) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Config != nil {
@@ -2186,14 +2675,7 @@ func (m *StoreAction_Config) Size() (n int) {
 }
 
 func sovRaft(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozRaft(x uint64) (n int) {
 	return sovRaft(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -2206,7 +2688,7 @@ func (this *RaftMember) String() string {
 		`RaftID:` + fmt.Sprintf("%v", this.RaftID) + `,`,
 		`NodeID:` + fmt.Sprintf("%v", this.NodeID) + `,`,
 		`Addr:` + fmt.Sprintf("%v", this.Addr) + `,`,
-		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "RaftMemberStatus", "RaftMemberStatus", 1), `&`, ``, 1) + `,`,
+		`Status:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Status), "RaftMemberStatus", "RaftMemberStatus", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2225,9 +2707,14 @@ func (this *JoinResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMembers := "[]*RaftMember{"
+	for _, f := range this.Members {
+		repeatedStringForMembers += strings.Replace(f.String(), "RaftMember", "RaftMember", 1) + ","
+	}
+	repeatedStringForMembers += "}"
 	s := strings.Join([]string{`&JoinResponse{`,
 		`RaftID:` + fmt.Sprintf("%v", this.RaftID) + `,`,
-		`Members:` + strings.Replace(fmt.Sprintf("%v", this.Members), "RaftMember", "RaftMember", 1) + `,`,
+		`Members:` + repeatedStringForMembers + `,`,
 		`RemovedMembers:` + fmt.Sprintf("%v", this.RemovedMembers) + `,`,
 		`}`,
 	}, "")
@@ -2238,7 +2725,7 @@ func (this *LeaveRequest) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&LeaveRequest{`,
-		`Node:` + strings.Replace(fmt.Sprintf("%v", this.Node), "RaftMember", "RaftMember", 1) + `,`,
+		`Node:` + strings.Replace(this.Node.String(), "RaftMember", "RaftMember", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2314,9 +2801,14 @@ func (this *InternalRaftRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForAction := "[]StoreAction{"
+	for _, f := range this.Action {
+		repeatedStringForAction += strings.Replace(strings.Replace(f.String(), "StoreAction", "StoreAction", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForAction += "}"
 	s := strings.Join([]string{`&InternalRaftRequest{`,
 		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
-		`Action:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Action), "StoreAction", "StoreAction", 1), `&`, ``, 1) + `,`,
+		`Action:` + repeatedStringForAction + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2445,7 +2937,7 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2473,7 +2965,7 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.RaftID |= (uint64(b) & 0x7F) << shift
+				m.RaftID |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2492,7 +2984,7 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2502,6 +2994,9 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2521,7 +3016,7 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2531,6 +3026,9 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2550,7 +3048,7 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2559,6 +3057,9 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2572,7 +3073,7 @@ func (m *RaftMember) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -2602,7 +3103,7 @@ func (m *JoinRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2630,7 +3131,7 @@ func (m *JoinRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2640,6 +3141,9 @@ func (m *JoinRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2651,7 +3155,7 @@ func (m *JoinRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -2681,7 +3185,7 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2709,7 +3213,7 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.RaftID |= (uint64(b) & 0x7F) << shift
+				m.RaftID |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2728,7 +3232,7 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2737,6 +3241,9 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2757,7 +3264,7 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					v |= (uint64(b) & 0x7F) << shift
+					v |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -2774,7 +3281,7 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
+					packedLen |= int(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -2783,9 +3290,23 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 					return ErrInvalidLengthRaft
 				}
 				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthRaft
+				}
 				if postIndex > l {
 					return io.ErrUnexpectedEOF
 				}
+				var elementCount int
+				var count int
+				for _, integer := range dAtA[iNdEx:postIndex] {
+					if integer < 128 {
+						count++
+					}
+				}
+				elementCount = count
+				if elementCount != 0 && len(m.RemovedMembers) == 0 {
+					m.RemovedMembers = make([]uint64, 0, elementCount)
+				}
 				for iNdEx < postIndex {
 					var v uint64
 					for shift := uint(0); ; shift += 7 {
@@ -2797,7 +3318,7 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						v |= (uint64(b) & 0x7F) << shift
+						v |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2813,7 +3334,7 @@ func (m *JoinResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -2843,7 +3364,7 @@ func (m *LeaveRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2871,7 +3392,7 @@ func (m *LeaveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2880,6 +3401,9 @@ func (m *LeaveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2896,7 +3420,7 @@ func (m *LeaveRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -2926,7 +3450,7 @@ func (m *LeaveResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2946,7 +3470,7 @@ func (m *LeaveResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -2976,7 +3500,7 @@ func (m *ProcessRaftMessageRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3004,7 +3528,7 @@ func (m *ProcessRaftMessageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3013,6 +3537,9 @@ func (m *ProcessRaftMessageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3029,7 +3556,7 @@ func (m *ProcessRaftMessageRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -3059,7 +3586,7 @@ func (m *ProcessRaftMessageResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3079,7 +3606,7 @@ func (m *ProcessRaftMessageResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -3109,7 +3636,7 @@ func (m *StreamRaftMessageRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3137,7 +3664,7 @@ func (m *StreamRaftMessageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3146,6 +3673,9 @@ func (m *StreamRaftMessageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3162,7 +3692,7 @@ func (m *StreamRaftMessageRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -3192,7 +3722,7 @@ func (m *StreamRaftMessageResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3212,7 +3742,7 @@ func (m *StreamRaftMessageResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -3242,7 +3772,7 @@ func (m *ResolveAddressRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3270,7 +3800,7 @@ func (m *ResolveAddressRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.RaftID |= (uint64(b) & 0x7F) << shift
+				m.RaftID |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3281,7 +3811,7 @@ func (m *ResolveAddressRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -3311,7 +3841,7 @@ func (m *ResolveAddressResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3339,7 +3869,7 @@ func (m *ResolveAddressResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3349,6 +3879,9 @@ func (m *ResolveAddressResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3360,7 +3893,7 @@ func (m *ResolveAddressResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -3390,7 +3923,7 @@ func (m *InternalRaftRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3418,7 +3951,7 @@ func (m *InternalRaftRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ID |= (uint64(b) & 0x7F) << shift
+				m.ID |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3437,7 +3970,7 @@ func (m *InternalRaftRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3446,6 +3979,9 @@ func (m *InternalRaftRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3460,7 +3996,7 @@ func (m *InternalRaftRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -3490,7 +4026,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3518,7 +4054,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Action |= (StoreActionKind(b) & 0x7F) << shift
+				m.Action |= StoreActionKind(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3537,7 +4073,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3546,6 +4082,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3569,7 +4108,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3578,6 +4117,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3601,7 +4143,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3610,6 +4152,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3633,7 +4178,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3642,6 +4187,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3665,7 +4213,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3674,6 +4222,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3697,7 +4248,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3706,6 +4257,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3729,7 +4283,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3738,6 +4292,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3761,7 +4318,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3770,6 +4327,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3793,7 +4353,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3802,6 +4362,9 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthRaft
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRaft
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3817,7 +4380,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRaft
 			}
 			if (iNdEx + skippy) > l {
@@ -3835,6 +4398,7 @@ func (m *StoreAction) Unmarshal(dAtA []byte) error {
 func skipRaft(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -3866,10 +4430,8 @@ func skipRaft(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -3886,123 +4448,34 @@ func skipRaft(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthRaft
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowRaft
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipRaft(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupRaft
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthRaft
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthRaft = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowRaft   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthRaft        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowRaft          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupRaft = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("github.com/docker/swarmkit/api/raft.proto", fileDescriptorRaft) }
-
-var fileDescriptorRaft = []byte{
-	// 1015 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0xc1, 0x6e, 0x1b, 0x45,
-	0x18, 0xc7, 0x77, 0xed, 0xad, 0xd3, 0x7c, 0x69, 0x93, 0x30, 0x25, 0x61, 0xb3, 0x2d, 0x8e, 0xbb,
-	0x45, 0xc2, 0x09, 0xc9, 0x5a, 0x18, 0xa4, 0xa2, 0x42, 0x0f, 0x71, 0x62, 0x29, 0x26, 0xad, 0x53,
-	0x6d, 0x12, 0xe8, 0x2d, 0xac, 0x77, 0x27, 0xee, 0x62, 0x7b, 0xc7, 0xcc, 0x8c, 0x1d, 0xb8, 0xa0,
-	0x1e, 0x21, 0x2f, 0x00, 0x42, 0xaa, 0x38, 0xc0, 0xb9, 0x0f, 0xc0, 0x03, 0xa0, 0x88, 0x13, 0x37,
-	0x38, 0x45, 0xd4, 0x0f, 0x00, 0xaf, 0x80, 0x66, 0x76, 0xd7, 0x31, 0xf6, 0xda, 0xf1, 0x81, 0x4b,
-	0x32, 0xda, 0xf9, 0xfd, 0xbf, 0xff, 0x37, 0x33, 0xdf, 0x7c, 0x63, 0x58, 0xab, 0xfb, 0xfc, 0x59,
-	0xa7, 0x66, 0xb9, 0xa4, 0x55, 0xf0, 0x88, 0xdb, 0xc0, 0xb4, 0xc0, 0x4e, 0x1d, 0xda, 0x6a, 0xf8,
-	0xbc, 0xe0, 0xb4, 0xfd, 0x02, 0x75, 0x4e, 0xb8, 0xd5, 0xa6, 0x84, 0x13, 0x84, 0xc2, 0x79, 0x2b,
-	0x9e, 0xb7, 0xba, 0xef, 0x1a, 0x1b, 0x57, 0xc8, 0x49, 0xed, 0x73, 0xec, 0x72, 0x16, 0x46, 0x30,
-	0xd6, 0xaf, 0xa0, 0xf9, 0x57, 0x6d, 0x1c, 0xb3, 0x9b, 0x03, 0xac, 0x4b, 0x28, 0x26, 0xac, 0x80,
-	0xb9, 0xeb, 0xc9, 0x84, 0xe4, 0x9f, 0x76, 0x6d, 0x20, 0x39, 0xe3, 0xf5, 0x3a, 0xa9, 0x13, 0x39,
-	0x2c, 0x88, 0x51, 0xf4, 0xf5, 0xfe, 0x04, 0x43, 0x49, 0xd4, 0x3a, 0x27, 0x85, 0x76, 0xb3, 0x53,
-	0xf7, 0x83, 0xe8, 0x5f, 0x28, 0x34, 0x5f, 0xaa, 0x00, 0xb6, 0x73, 0xc2, 0x1f, 0xe3, 0x56, 0x0d,
-	0x53, 0x74, 0x0f, 0x66, 0x84, 0xd7, 0xb1, 0xef, 0xe9, 0x6a, 0x4e, 0xcd, 0x6b, 0x25, 0xe8, 0x5d,
-	0xac, 0x66, 0x04, 0x50, 0xd9, 0xb1, 0x33, 0x62, 0xaa, 0xe2, 0x09, 0x28, 0x20, 0x1e, 0x16, 0x50,
-	0x2a, 0xa7, 0xe6, 0x67, 0x43, 0xa8, 0x4a, 0x3c, 0x2c, 0x20, 0x31, 0x55, 0xf1, 0x10, 0x02, 0xcd,
-	0xf1, 0x3c, 0xaa, 0xa7, 0x05, 0x61, 0xcb, 0x31, 0x2a, 0x41, 0x86, 0x71, 0x87, 0x77, 0x98, 0xae,
-	0xe5, 0xd4, 0xfc, 0x5c, 0xf1, 0x2d, 0x6b, 0x74, 0xa7, 0xad, 0xcb, 0x6c, 0x0e, 0x24, 0x5b, 0xd2,
-	0xce, 0x2f, 0x56, 0x15, 0x3b, 0x52, 0x9a, 0x77, 0x61, 0xee, 0x63, 0xe2, 0x07, 0x36, 0xfe, 0xa2,
-	0x83, 0x19, 0xef, 0xdb, 0xa8, 0x97, 0x36, 0xe6, 0x0f, 0x2a, 0xdc, 0x08, 0x19, 0xd6, 0x26, 0x01,
-	0xc3, 0xd3, 0xad, 0xea, 0x03, 0x98, 0x69, 0x49, 0x5b, 0xa6, 0xa7, 0x72, 0xe9, 0xfc, 0x5c, 0x31,
-	0x3b, 0x39, 0x3b, 0x3b, 0xc6, 0xd1, 0x3b, 0xb0, 0x40, 0x71, 0x8b, 0x74, 0xb1, 0x77, 0x1c, 0x47,
-	0x48, 0xe7, 0xd2, 0x79, 0xad, 0x94, 0x5a, 0x54, 0xec, 0xf9, 0x68, 0x2a, 0x14, 0x31, 0xb3, 0x04,
-	0x37, 0x1e, 0x61, 0xa7, 0x8b, 0xe3, 0x05, 0x14, 0x41, 0x13, 0x3b, 0x26, 0x13, 0xbb, 0xda, 0x53,
-	0xb2, 0xe6, 0x02, 0xdc, 0x8c, 0x62, 0x84, 0x0b, 0x34, 0x1f, 0xc1, 0xca, 0x13, 0x4a, 0x5c, 0xcc,
-	0x58, 0xc8, 0x32, 0xe6, 0xd4, 0xfb, 0x0e, 0x6b, 0x62, 0x61, 0xf2, 0x4b, 0x64, 0xb2, 0x60, 0x85,
-	0x65, 0x65, 0xc5, 0x60, 0x3c, 0xff, 0x40, 0x7b, 0xfe, 0x9d, 0xa9, 0x98, 0x77, 0xc0, 0x48, 0x8a,
-	0x16, 0x79, 0xed, 0x81, 0x7e, 0xc0, 0x29, 0x76, 0x5a, 0xff, 0x87, 0xd5, 0x6d, 0x58, 0x49, 0x08,
-	0x16, 0x39, 0x7d, 0x04, 0x4b, 0x36, 0x66, 0xa4, 0xd9, 0xc5, 0x5b, 0x9e, 0x47, 0x45, 0x3a, 0x91,
-	0xcd, 0x34, 0xe7, 0x69, 0x6e, 0xc0, 0xf2, 0xb0, 0x3a, 0x2a, 0x87, 0xa4, 0x9a, 0x69, 0xc2, 0xad,
-	0x4a, 0xc0, 0x31, 0x0d, 0x9c, 0xa6, 0x88, 0x13, 0x3b, 0x2d, 0x43, 0xaa, 0x6f, 0x92, 0xe9, 0x5d,
-	0xac, 0xa6, 0x2a, 0x3b, 0x76, 0xca, 0xf7, 0xd0, 0x43, 0xc8, 0x38, 0x2e, 0xf7, 0x49, 0x10, 0xd5,
-	0xca, 0x6a, 0xd2, 0xb9, 0x1d, 0x70, 0x42, 0xf1, 0x96, 0xc4, 0xe2, 0x22, 0x0e, 0x45, 0xe6, 0xaf,
-	0x1a, 0xcc, 0x0d, 0xcc, 0xa2, 0x0f, 0xfb, 0xe1, 0x84, 0xd5, 0x7c, 0xf1, 0xde, 0x15, 0xe1, 0xf6,
-	0xfc, 0xc0, 0x8b, 0x83, 0x21, 0x2b, 0xaa, 0xa0, 0x94, 0xdc, 0x71, 0x3d, 0x49, 0x2a, 0xee, 0xe6,
-	0xae, 0x12, 0x56, 0x0f, 0xba, 0x0f, 0x33, 0x0c, 0xd3, 0xae, 0xef, 0x62, 0x79, 0x39, 0xe7, 0x8a,
-	0xb7, 0x13, 0xdd, 0x42, 0x64, 0x57, 0xb1, 0x63, 0x5a, 0x18, 0x71, 0x87, 0x35, 0xa2, 0xcb, 0x9b,
-	0x68, 0x74, 0xe8, 0xb0, 0x86, 0x30, 0x12, 0x9c, 0x30, 0x0a, 0x30, 0x3f, 0x25, 0xb4, 0xa1, 0x5f,
-	0x1b, 0x6f, 0x54, 0x0d, 0x11, 0x61, 0x14, 0xd1, 0x42, 0xe8, 0x36, 0x3b, 0x8c, 0x63, 0xaa, 0x67,
-	0xc6, 0x0b, 0xb7, 0x43, 0x44, 0x08, 0x23, 0x1a, 0xbd, 0x0f, 0x19, 0x86, 0x5d, 0x8a, 0xb9, 0x3e,
-	0x23, 0x75, 0x46, 0xf2, 0xca, 0x04, 0xb1, 0x2b, 0x5a, 0x8a, 0x1c, 0xa1, 0x07, 0x70, 0x9d, 0x62,
-	0x46, 0x3a, 0xd4, 0xc5, 0xfa, 0x75, 0xa9, 0xbb, 0x93, 0x78, 0x0d, 0x23, 0x66, 0x57, 0xb1, 0xfb,
-	0x3c, 0x7a, 0x08, 0xb3, 0xf8, 0x4b, 0x8e, 0x03, 0x26, 0x0e, 0x6f, 0x56, 0x8a, 0xdf, 0x4c, 0x12,
-	0x97, 0x63, 0x68, 0x57, 0xb1, 0x2f, 0x15, 0x22, 0x61, 0x97, 0x04, 0x27, 0x7e, 0x5d, 0x87, 0xf1,
-	0x09, 0x6f, 0x4b, 0x42, 0x24, 0x1c, 0xb2, 0xa5, 0xeb, 0x90, 0xe1, 0x0e, 0xad, 0x63, 0xbe, 0xfe,
-	0x8f, 0x0a, 0x0b, 0x43, 0x75, 0x81, 0xde, 0x86, 0x99, 0xa3, 0xea, 0x5e, 0x75, 0xff, 0xd3, 0xea,
-	0xa2, 0x62, 0x18, 0x67, 0x2f, 0x72, 0xcb, 0x43, 0xc4, 0x51, 0xd0, 0x08, 0xc8, 0x69, 0x80, 0x8a,
-	0x70, 0xeb, 0xe0, 0x70, 0xdf, 0x2e, 0x1f, 0x6f, 0x6d, 0x1f, 0x56, 0xf6, 0xab, 0xc7, 0xdb, 0x76,
-	0x79, 0xeb, 0xb0, 0xbc, 0xa8, 0x1a, 0x2b, 0x67, 0x2f, 0x72, 0x4b, 0x43, 0xa2, 0x6d, 0x8a, 0x1d,
-	0x8e, 0x47, 0x34, 0x47, 0x4f, 0x76, 0x84, 0x26, 0x95, 0xa8, 0x39, 0x6a, 0x7b, 0x49, 0x1a, 0xbb,
-	0xfc, 0x78, 0xff, 0x93, 0xf2, 0x62, 0x3a, 0x51, 0x63, 0xcb, 0x76, 0x69, 0xbc, 0xf1, 0xcd, 0x4f,
-	0x59, 0xe5, 0x97, 0x9f, 0xb3, 0xc3, 0xab, 0x2b, 0xfe, 0x98, 0x06, 0x4d, 0xdc, 0x50, 0x74, 0xa6,
-	0x02, 0x1a, 0x6d, 0x53, 0x68, 0x33, 0x69, 0x07, 0xc7, 0x36, 0x47, 0xc3, 0x9a, 0x16, 0x8f, 0x7a,
-	0xd2, 0xd2, 0x6f, 0x2f, 0xff, 0xfe, 0x3e, 0xb5, 0x00, 0x37, 0x25, 0xbf, 0xd9, 0x72, 0x02, 0xa7,
-	0x8e, 0x29, 0xfa, 0x56, 0x85, 0xd7, 0x46, 0x1a, 0x19, 0xda, 0x48, 0xbe, 0xc6, 0xc9, 0xcd, 0xd3,
-	0xd8, 0x9c, 0x92, 0x9e, 0x98, 0x49, 0x5e, 0x45, 0x5f, 0xc3, 0xfc, 0x7f, 0x1b, 0x1f, 0x5a, 0x1b,
-	0x57, 0xce, 0x23, 0xad, 0xd5, 0x58, 0x9f, 0x06, 0x9d, 0x98, 0x41, 0xf1, 0x0f, 0x15, 0xe6, 0x2f,
-	0x9f, 0x2c, 0xf6, 0xcc, 0x6f, 0xa3, 0xcf, 0x40, 0x13, 0x0f, 0x32, 0x4a, 0x6c, 0x93, 0x03, 0xcf,
-	0xb9, 0x91, 0x1b, 0x0f, 0x4c, 0x3e, 0x00, 0x17, 0xae, 0xc9, 0x27, 0x11, 0x25, 0x46, 0x18, 0x7c,
-	0x71, 0x8d, 0xbb, 0x13, 0x88, 0x89, 0x26, 0x25, 0xfd, 0xfc, 0x55, 0x56, 0xf9, 0xf3, 0x55, 0x56,
-	0x79, 0xde, 0xcb, 0xaa, 0xe7, 0xbd, 0xac, 0xfa, 0x7b, 0x2f, 0xab, 0xfe, 0xd5, 0xcb, 0xaa, 0x4f,
-	0xd3, 0x4f, 0xb5, 0x5a, 0x46, 0xfe, 0xa2, 0x7a, 0xef, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x3e,
-	0x7a, 0x8b, 0xe7, 0x6a, 0x0a, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/resource.pb.go b/vendor/github.com/docker/swarmkit/api/resource.pb.go
index 2d4741993e9fa..8c9cf71e26184 100644
--- a/vendor/github.com/docker/swarmkit/api/resource.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/resource.pb.go
@@ -3,65 +3,181 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/docker/swarmkit/protobuf/plugin"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import raftselector "github.com/docker/swarmkit/manager/raftselector"
-import codes "google.golang.org/grpc/codes"
-import status "google.golang.org/grpc/status"
-import metadata "google.golang.org/grpc/metadata"
-import peer "google.golang.org/grpc/peer"
-import rafttime "time"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	raftselector "github.com/docker/swarmkit/manager/raftselector"
+	_ "github.com/docker/swarmkit/protobuf/plugin"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	metadata "google.golang.org/grpc/metadata"
+	peer "google.golang.org/grpc/peer"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	rafttime "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type AttachNetworkRequest struct {
-	Config      *NetworkAttachmentConfig `protobuf:"bytes,1,opt,name=config" json:"config,omitempty"`
+	Config      *NetworkAttachmentConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
 	ContainerID string                   `protobuf:"bytes,2,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
 }
 
-func (m *AttachNetworkRequest) Reset()                    { *m = AttachNetworkRequest{} }
-func (*AttachNetworkRequest) ProtoMessage()               {}
-func (*AttachNetworkRequest) Descriptor() ([]byte, []int) { return fileDescriptorResource, []int{0} }
+func (m *AttachNetworkRequest) Reset()      { *m = AttachNetworkRequest{} }
+func (*AttachNetworkRequest) ProtoMessage() {}
+func (*AttachNetworkRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_909455b1b868ddb9, []int{0}
+}
+func (m *AttachNetworkRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AttachNetworkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AttachNetworkRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AttachNetworkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AttachNetworkRequest.Merge(m, src)
+}
+func (m *AttachNetworkRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *AttachNetworkRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_AttachNetworkRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AttachNetworkRequest proto.InternalMessageInfo
 
 type AttachNetworkResponse struct {
 	AttachmentID string `protobuf:"bytes,1,opt,name=attachment_id,json=attachmentId,proto3" json:"attachment_id,omitempty"`
 }
 
-func (m *AttachNetworkResponse) Reset()                    { *m = AttachNetworkResponse{} }
-func (*AttachNetworkResponse) ProtoMessage()               {}
-func (*AttachNetworkResponse) Descriptor() ([]byte, []int) { return fileDescriptorResource, []int{1} }
+func (m *AttachNetworkResponse) Reset()      { *m = AttachNetworkResponse{} }
+func (*AttachNetworkResponse) ProtoMessage() {}
+func (*AttachNetworkResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_909455b1b868ddb9, []int{1}
+}
+func (m *AttachNetworkResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AttachNetworkResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AttachNetworkResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AttachNetworkResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AttachNetworkResponse.Merge(m, src)
+}
+func (m *AttachNetworkResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *AttachNetworkResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_AttachNetworkResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AttachNetworkResponse proto.InternalMessageInfo
 
 type DetachNetworkRequest struct {
 	AttachmentID string `protobuf:"bytes,1,opt,name=attachment_id,json=attachmentId,proto3" json:"attachment_id,omitempty"`
 }
 
-func (m *DetachNetworkRequest) Reset()                    { *m = DetachNetworkRequest{} }
-func (*DetachNetworkRequest) ProtoMessage()               {}
-func (*DetachNetworkRequest) Descriptor() ([]byte, []int) { return fileDescriptorResource, []int{2} }
+func (m *DetachNetworkRequest) Reset()      { *m = DetachNetworkRequest{} }
+func (*DetachNetworkRequest) ProtoMessage() {}
+func (*DetachNetworkRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_909455b1b868ddb9, []int{2}
+}
+func (m *DetachNetworkRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DetachNetworkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DetachNetworkRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DetachNetworkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DetachNetworkRequest.Merge(m, src)
+}
+func (m *DetachNetworkRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DetachNetworkRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DetachNetworkRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_DetachNetworkRequest proto.InternalMessageInfo
 
 type DetachNetworkResponse struct {
 }
 
-func (m *DetachNetworkResponse) Reset()                    { *m = DetachNetworkResponse{} }
-func (*DetachNetworkResponse) ProtoMessage()               {}
-func (*DetachNetworkResponse) Descriptor() ([]byte, []int) { return fileDescriptorResource, []int{3} }
+func (m *DetachNetworkResponse) Reset()      { *m = DetachNetworkResponse{} }
+func (*DetachNetworkResponse) ProtoMessage() {}
+func (*DetachNetworkResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_909455b1b868ddb9, []int{3}
+}
+func (m *DetachNetworkResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DetachNetworkResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DetachNetworkResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DetachNetworkResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DetachNetworkResponse.Merge(m, src)
+}
+func (m *DetachNetworkResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *DetachNetworkResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_DetachNetworkResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_DetachNetworkResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*AttachNetworkRequest)(nil), "docker.swarmkit.v1.AttachNetworkRequest")
@@ -70,6 +186,40 @@ func init() {
 	proto.RegisterType((*DetachNetworkResponse)(nil), "docker.swarmkit.v1.DetachNetworkResponse")
 }
 
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/resource.proto", fileDescriptor_909455b1b868ddb9)
+}
+
+var fileDescriptor_909455b1b868ddb9 = []byte{
+	// 411 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x92, 0x3f, 0x6f, 0xda, 0x40,
+	0x18, 0xc6, 0x7d, 0x0c, 0x48, 0x3d, 0x8c, 0xda, 0x5a, 0xa0, 0x22, 0xa4, 0x1e, 0xc8, 0xed, 0x40,
+	0x5b, 0x61, 0xab, 0x54, 0x55, 0x67, 0xfe, 0x2c, 0x1e, 0xca, 0xe0, 0x2f, 0x50, 0x1d, 0xf6, 0x61,
+	0x2c, 0xb0, 0xcf, 0x3d, 0x9f, 0x83, 0xb2, 0x65, 0xcd, 0x94, 0x8c, 0xf9, 0x0e, 0x91, 0xf2, 0x39,
+	0x50, 0x26, 0x46, 0x26, 0x14, 0xcc, 0x9e, 0xcf, 0x10, 0xe1, 0x33, 0x20, 0x88, 0x95, 0xa0, 0x4c,
+	0x3e, 0x9f, 0x9f, 0xe7, 0x79, 0x7f, 0xef, 0xfb, 0x1a, 0x36, 0x1d, 0x97, 0x8f, 0xa2, 0x81, 0x66,
+	0x51, 0x4f, 0xb7, 0xa9, 0x35, 0x26, 0x4c, 0x0f, 0xa7, 0x98, 0x79, 0x63, 0x97, 0xeb, 0x38, 0x70,
+	0x75, 0x46, 0x42, 0x1a, 0x31, 0x8b, 0x68, 0x01, 0xa3, 0x9c, 0x2a, 0x8a, 0xd0, 0x68, 0x5b, 0x8d,
+	0x76, 0xf6, 0xb3, 0xfa, 0xfd, 0x95, 0x08, 0x7e, 0x1e, 0x90, 0x50, 0xf8, 0xab, 0x25, 0x87, 0x3a,
+	0x34, 0x39, 0xea, 0x9b, 0x53, 0x7a, 0xfb, 0xe7, 0x85, 0x84, 0x44, 0x31, 0x88, 0x86, 0x7a, 0x30,
+	0x89, 0x1c, 0xd7, 0x4f, 0x1f, 0xc2, 0xa8, 0x5e, 0x01, 0x58, 0x6a, 0x73, 0x8e, 0xad, 0x51, 0x9f,
+	0xf0, 0x29, 0x65, 0x63, 0x93, 0xfc, 0x8f, 0x48, 0xc8, 0x95, 0x2e, 0xcc, 0x5b, 0xd4, 0x1f, 0xba,
+	0x4e, 0x05, 0xd4, 0x41, 0xa3, 0xd0, 0xfa, 0xa1, 0x3d, 0x07, 0xd7, 0x52, 0x8f, 0x08, 0xf0, 0x88,
+	0xcf, 0xbb, 0x89, 0xc5, 0x4c, 0xad, 0x4a, 0x0b, 0xca, 0x16, 0xf5, 0x39, 0x76, 0x7d, 0xc2, 0xfe,
+	0xb9, 0x76, 0x25, 0x57, 0x07, 0x8d, 0x77, 0x9d, 0xf7, 0xf1, 0xb2, 0x56, 0xe8, 0x6e, 0xef, 0x8d,
+	0x9e, 0x59, 0xd8, 0x89, 0x0c, 0x5b, 0xed, 0xc3, 0xf2, 0x11, 0x50, 0x18, 0x50, 0x3f, 0x24, 0xca,
+	0x6f, 0x58, 0xc4, 0xbb, 0x42, 0x9b, 0x34, 0x90, 0xa4, 0x7d, 0x88, 0x97, 0x35, 0x79, 0x4f, 0x60,
+	0xf4, 0x4c, 0x79, 0x2f, 0x33, 0x6c, 0xf5, 0x2f, 0x2c, 0xf5, 0x48, 0x46, 0x83, 0x6f, 0x8c, 0xfb,
+	0x04, 0xcb, 0x47, 0x71, 0x02, 0xaf, 0x75, 0x9b, 0x83, 0x1f, 0xcd, 0x74, 0xd7, 0xed, 0xc9, 0x84,
+	0x5a, 0x98, 0x53, 0xa6, 0x5c, 0x02, 0x58, 0x3c, 0x68, 0x47, 0x69, 0x64, 0x0d, 0x32, 0x6b, 0x05,
+	0xd5, 0x6f, 0x27, 0x28, 0x45, 0x71, 0xf5, 0xcb, 0xfd, 0xdd, 0xe3, 0x4d, 0xee, 0x33, 0x94, 0x13,
+	0x69, 0x73, 0xf3, 0x8d, 0x30, 0x58, 0x14, 0x6f, 0x1e, 0xf6, 0xb1, 0x43, 0x04, 0xcb, 0x01, 0x7b,
+	0x36, 0x4b, 0xd6, 0xb4, 0xb2, 0x59, 0x32, 0x07, 0x71, 0x12, 0x4b, 0xe7, 0xeb, 0x6c, 0x85, 0xa4,
+	0xc5, 0x0a, 0x49, 0x17, 0x31, 0x02, 0xb3, 0x18, 0x81, 0x79, 0x8c, 0xc0, 0x43, 0x8c, 0xc0, 0xf5,
+	0x1a, 0x49, 0xf3, 0x35, 0x92, 0x16, 0x6b, 0x24, 0x0d, 0xf2, 0xc9, 0x4f, 0xfa, 0xeb, 0x29, 0x00,
+	0x00, 0xff, 0xff, 0x9d, 0x2f, 0x31, 0x83, 0x64, 0x03, 0x00, 0x00,
+}
+
 type authenticatedWrapperResourceAllocatorServer struct {
 	local     ResourceAllocatorServer
 	authorize func(context.Context, []string) error
@@ -113,7 +263,7 @@ func (m *AttachNetworkRequest) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Config != nil {
 		m.Config = &NetworkAttachmentConfig{}
-		deepcopy.Copy(m.Config, o.Config)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Config, o.Config)
 	}
 }
 
@@ -166,8 +316,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for ResourceAllocator service
-
+// ResourceAllocatorClient is the client API for ResourceAllocator service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type ResourceAllocatorClient interface {
 	AttachNetwork(ctx context.Context, in *AttachNetworkRequest, opts ...grpc.CallOption) (*AttachNetworkResponse, error)
 	DetachNetwork(ctx context.Context, in *DetachNetworkRequest, opts ...grpc.CallOption) (*DetachNetworkResponse, error)
@@ -183,7 +334,7 @@ func NewResourceAllocatorClient(cc *grpc.ClientConn) ResourceAllocatorClient {
 
 func (c *resourceAllocatorClient) AttachNetwork(ctx context.Context, in *AttachNetworkRequest, opts ...grpc.CallOption) (*AttachNetworkResponse, error) {
 	out := new(AttachNetworkResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.ResourceAllocator/AttachNetwork", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.ResourceAllocator/AttachNetwork", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -192,20 +343,30 @@ func (c *resourceAllocatorClient) AttachNetwork(ctx context.Context, in *AttachN
 
 func (c *resourceAllocatorClient) DetachNetwork(ctx context.Context, in *DetachNetworkRequest, opts ...grpc.CallOption) (*DetachNetworkResponse, error) {
 	out := new(DetachNetworkResponse)
-	err := grpc.Invoke(ctx, "/docker.swarmkit.v1.ResourceAllocator/DetachNetwork", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/docker.swarmkit.v1.ResourceAllocator/DetachNetwork", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for ResourceAllocator service
-
+// ResourceAllocatorServer is the server API for ResourceAllocator service.
 type ResourceAllocatorServer interface {
 	AttachNetwork(context.Context, *AttachNetworkRequest) (*AttachNetworkResponse, error)
 	DetachNetwork(context.Context, *DetachNetworkRequest) (*DetachNetworkResponse, error)
 }
 
+// UnimplementedResourceAllocatorServer can be embedded to have forward compatible implementations.
+type UnimplementedResourceAllocatorServer struct {
+}
+
+func (*UnimplementedResourceAllocatorServer) AttachNetwork(ctx context.Context, req *AttachNetworkRequest) (*AttachNetworkResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method AttachNetwork not implemented")
+}
+func (*UnimplementedResourceAllocatorServer) DetachNetwork(ctx context.Context, req *DetachNetworkRequest) (*DetachNetworkResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DetachNetwork not implemented")
+}
+
 func RegisterResourceAllocatorServer(s *grpc.Server, srv ResourceAllocatorServer) {
 	s.RegisterService(&_ResourceAllocator_serviceDesc, srv)
 }
@@ -266,7 +427,7 @@ var _ResourceAllocator_serviceDesc = grpc.ServiceDesc{
 func (m *AttachNetworkRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -274,33 +435,41 @@ func (m *AttachNetworkRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *AttachNetworkRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AttachNetworkRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Config != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintResource(dAtA, i, uint64(m.Config.Size()))
-		n1, err := m.Config.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
-	}
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintResource(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Config != nil {
+		{
+			size, err := m.Config.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintResource(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *AttachNetworkResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -308,23 +477,29 @@ func (m *AttachNetworkResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *AttachNetworkResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AttachNetworkResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.AttachmentID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.AttachmentID)
+		copy(dAtA[i:], m.AttachmentID)
 		i = encodeVarintResource(dAtA, i, uint64(len(m.AttachmentID)))
-		i += copy(dAtA[i:], m.AttachmentID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DetachNetworkRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -332,23 +507,29 @@ func (m *DetachNetworkRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DetachNetworkRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DetachNetworkRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.AttachmentID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.AttachmentID)
+		copy(dAtA[i:], m.AttachmentID)
 		i = encodeVarintResource(dAtA, i, uint64(len(m.AttachmentID)))
-		i += copy(dAtA[i:], m.AttachmentID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DetachNetworkResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -356,21 +537,28 @@ func (m *DetachNetworkResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DetachNetworkResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DetachNetworkResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintResource(dAtA []byte, offset int, v uint64) int {
+	offset -= sovResource(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 
 type raftProxyResourceAllocatorServer struct {
@@ -516,6 +704,9 @@ func (p *raftProxyResourceAllocatorServer) DetachNetwork(ctx context.Context, r
 }
 
 func (m *AttachNetworkRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Config != nil {
@@ -530,6 +721,9 @@ func (m *AttachNetworkRequest) Size() (n int) {
 }
 
 func (m *AttachNetworkResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.AttachmentID)
@@ -540,6 +734,9 @@ func (m *AttachNetworkResponse) Size() (n int) {
 }
 
 func (m *DetachNetworkRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.AttachmentID)
@@ -550,20 +747,16 @@ func (m *DetachNetworkRequest) Size() (n int) {
 }
 
 func (m *DetachNetworkResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func sovResource(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozResource(x uint64) (n int) {
 	return sovResource(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -631,7 +824,7 @@ func (m *AttachNetworkRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -659,7 +852,7 @@ func (m *AttachNetworkRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -668,6 +861,9 @@ func (m *AttachNetworkRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthResource
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthResource
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -692,7 +888,7 @@ func (m *AttachNetworkRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -702,6 +898,9 @@ func (m *AttachNetworkRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthResource
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthResource
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -713,7 +912,7 @@ func (m *AttachNetworkRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthResource
 			}
 			if (iNdEx + skippy) > l {
@@ -743,7 +942,7 @@ func (m *AttachNetworkResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -771,7 +970,7 @@ func (m *AttachNetworkResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -781,6 +980,9 @@ func (m *AttachNetworkResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthResource
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthResource
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -792,7 +994,7 @@ func (m *AttachNetworkResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthResource
 			}
 			if (iNdEx + skippy) > l {
@@ -822,7 +1024,7 @@ func (m *DetachNetworkRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -850,7 +1052,7 @@ func (m *DetachNetworkRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -860,6 +1062,9 @@ func (m *DetachNetworkRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthResource
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthResource
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -871,7 +1076,7 @@ func (m *DetachNetworkRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthResource
 			}
 			if (iNdEx + skippy) > l {
@@ -901,7 +1106,7 @@ func (m *DetachNetworkResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -921,7 +1126,7 @@ func (m *DetachNetworkResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthResource
 			}
 			if (iNdEx + skippy) > l {
@@ -939,6 +1144,7 @@ func (m *DetachNetworkResponse) Unmarshal(dAtA []byte) error {
 func skipResource(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -970,10 +1176,8 @@ func skipResource(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -990,86 +1194,34 @@ func skipResource(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthResource
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowResource
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipResource(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupResource
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthResource
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthResource = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowResource   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthResource        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowResource          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupResource = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/docker/swarmkit/api/resource.proto", fileDescriptorResource)
-}
-
-var fileDescriptorResource = []byte{
-	// 397 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x92, 0xcf, 0x4e, 0xf2, 0x40,
-	0x14, 0xc5, 0x19, 0x16, 0x24, 0xdf, 0x50, 0xf2, 0x69, 0x03, 0x91, 0x90, 0x58, 0x48, 0xdd, 0xa0,
-	0x86, 0x36, 0x62, 0x8c, 0x6b, 0xfe, 0x6c, 0xba, 0x90, 0x45, 0x5f, 0xc0, 0x0c, 0xed, 0x50, 0x1a,
-	0x68, 0xa7, 0x4e, 0xa7, 0x12, 0x77, 0x6e, 0x5d, 0xb9, 0xf5, 0x1d, 0x4c, 0x7c, 0x0e, 0xe2, 0xca,
-	0xa5, 0x2b, 0x22, 0x7d, 0x00, 0x9f, 0xc1, 0xd0, 0x29, 0x10, 0x70, 0xa2, 0xc4, 0x55, 0xa7, 0xd3,
-	0x73, 0xce, 0xfd, 0xdd, 0x7b, 0x0b, 0x1b, 0x8e, 0xcb, 0x86, 0x51, 0x5f, 0xb3, 0x88, 0xa7, 0xdb,
-	0xc4, 0x1a, 0x61, 0xaa, 0x87, 0x13, 0x44, 0xbd, 0x91, 0xcb, 0x74, 0x14, 0xb8, 0x3a, 0xc5, 0x21,
-	0x89, 0xa8, 0x85, 0xb5, 0x80, 0x12, 0x46, 0x64, 0x99, 0x6b, 0xb4, 0xa5, 0x46, 0xbb, 0x3d, 0xab,
-	0x9c, 0xfc, 0x12, 0xc1, 0xee, 0x02, 0x1c, 0x72, 0x7f, 0xa5, 0xe8, 0x10, 0x87, 0x24, 0x47, 0x7d,
-	0x71, 0x4a, 0x6f, 0x2f, 0x7f, 0x48, 0x48, 0x14, 0xfd, 0x68, 0xa0, 0x07, 0xe3, 0xc8, 0x71, 0xfd,
-	0xf4, 0xc1, 0x8d, 0xea, 0x23, 0x80, 0xc5, 0x16, 0x63, 0xc8, 0x1a, 0xf6, 0x30, 0x9b, 0x10, 0x3a,
-	0x32, 0xf1, 0x4d, 0x84, 0x43, 0x26, 0x77, 0x60, 0xce, 0x22, 0xfe, 0xc0, 0x75, 0xca, 0xa0, 0x06,
-	0xea, 0xf9, 0xe6, 0xa9, 0xf6, 0x1d, 0x5c, 0x4b, 0x3d, 0x3c, 0xc0, 0xc3, 0x3e, 0xeb, 0x24, 0x16,
-	0x33, 0xb5, 0xca, 0x4d, 0x28, 0x59, 0xc4, 0x67, 0xc8, 0xf5, 0x31, 0xbd, 0x76, 0xed, 0x72, 0xb6,
-	0x06, 0xea, 0xff, 0xda, 0xff, 0xe3, 0x59, 0x35, 0xdf, 0x59, 0xde, 0x1b, 0x5d, 0x33, 0xbf, 0x12,
-	0x19, 0xb6, 0xda, 0x83, 0xa5, 0x2d, 0xa0, 0x30, 0x20, 0x7e, 0x88, 0xe5, 0x0b, 0x58, 0x40, 0xab,
-	0x42, 0x8b, 0x34, 0x90, 0xa4, 0xed, 0xc5, 0xb3, 0xaa, 0xb4, 0x26, 0x30, 0xba, 0xa6, 0xb4, 0x96,
-	0x19, 0xb6, 0x7a, 0x05, 0x8b, 0x5d, 0x2c, 0x68, 0xf0, 0x8f, 0x71, 0x07, 0xb0, 0xb4, 0x15, 0xc7,
-	0xf1, 0x9a, 0xcf, 0x59, 0xb8, 0x6f, 0xa6, 0xbb, 0x6e, 0x8d, 0xc7, 0xc4, 0x42, 0x8c, 0x50, 0xf9,
-	0x01, 0xc0, 0xc2, 0x46, 0x3b, 0x72, 0x5d, 0x34, 0x48, 0xd1, 0x0a, 0x2a, 0xc7, 0x3b, 0x28, 0x79,
-	0x71, 0xf5, 0xe8, 0xf5, 0xe5, 0xf3, 0x29, 0x7b, 0x08, 0xa5, 0x44, 0xda, 0x58, 0x7c, 0xc3, 0x14,
-	0x16, 0xf8, 0x9b, 0x87, 0x7c, 0xe4, 0x60, 0xce, 0xb2, 0xc1, 0x2e, 0x66, 0x11, 0x4d, 0x4b, 0xcc,
-	0x22, 0x1c, 0xc4, 0x4e, 0x2c, 0xed, 0xf2, 0x74, 0xae, 0x64, 0xde, 0xe7, 0x4a, 0xe6, 0x3e, 0x56,
-	0xc0, 0x34, 0x56, 0xc0, 0x5b, 0xac, 0x80, 0x8f, 0x58, 0x01, 0xfd, 0x5c, 0xf2, 0x63, 0x9e, 0x7f,
-	0x05, 0x00, 0x00, 0xff, 0xff, 0xc1, 0x7a, 0x29, 0xfc, 0x58, 0x03, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/snapshot.pb.go b/vendor/github.com/docker/swarmkit/api/snapshot.pb.go
index 4d6893a90450d..e7f1c35e44554 100644
--- a/vendor/github.com/docker/swarmkit/api/snapshot.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/snapshot.pb.go
@@ -3,24 +3,28 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// skipping weak import gogoproto "github.com/gogo/protobuf/gogoproto"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type Snapshot_Version int32
 
 const (
@@ -31,6 +35,7 @@ const (
 var Snapshot_Version_name = map[int32]string{
 	0: "V0",
 }
+
 var Snapshot_Version_value = map[string]int32{
 	"V0": 0,
 }
@@ -38,50 +43,177 @@ var Snapshot_Version_value = map[string]int32{
 func (x Snapshot_Version) String() string {
 	return proto.EnumName(Snapshot_Version_name, int32(x))
 }
-func (Snapshot_Version) EnumDescriptor() ([]byte, []int) { return fileDescriptorSnapshot, []int{2, 0} }
+
+func (Snapshot_Version) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_c5cad0b62cecd9af, []int{2, 0}
+}
 
 // StoreSnapshot is used to store snapshots of the store.
 type StoreSnapshot struct {
-	Nodes      []*Node      `protobuf:"bytes,1,rep,name=nodes" json:"nodes,omitempty"`
-	Services   []*Service   `protobuf:"bytes,2,rep,name=services" json:"services,omitempty"`
-	Networks   []*Network   `protobuf:"bytes,3,rep,name=networks" json:"networks,omitempty"`
-	Tasks      []*Task      `protobuf:"bytes,4,rep,name=tasks" json:"tasks,omitempty"`
-	Clusters   []*Cluster   `protobuf:"bytes,5,rep,name=clusters" json:"clusters,omitempty"`
-	Secrets    []*Secret    `protobuf:"bytes,6,rep,name=secrets" json:"secrets,omitempty"`
-	Resources  []*Resource  `protobuf:"bytes,7,rep,name=resources" json:"resources,omitempty"`
-	Extensions []*Extension `protobuf:"bytes,8,rep,name=extensions" json:"extensions,omitempty"`
-	Configs    []*Config    `protobuf:"bytes,9,rep,name=configs" json:"configs,omitempty"`
+	Nodes      []*Node      `protobuf:"bytes,1,rep,name=nodes,proto3" json:"nodes,omitempty"`
+	Services   []*Service   `protobuf:"bytes,2,rep,name=services,proto3" json:"services,omitempty"`
+	Networks   []*Network   `protobuf:"bytes,3,rep,name=networks,proto3" json:"networks,omitempty"`
+	Tasks      []*Task      `protobuf:"bytes,4,rep,name=tasks,proto3" json:"tasks,omitempty"`
+	Clusters   []*Cluster   `protobuf:"bytes,5,rep,name=clusters,proto3" json:"clusters,omitempty"`
+	Secrets    []*Secret    `protobuf:"bytes,6,rep,name=secrets,proto3" json:"secrets,omitempty"`
+	Resources  []*Resource  `protobuf:"bytes,7,rep,name=resources,proto3" json:"resources,omitempty"`
+	Extensions []*Extension `protobuf:"bytes,8,rep,name=extensions,proto3" json:"extensions,omitempty"`
+	Configs    []*Config    `protobuf:"bytes,9,rep,name=configs,proto3" json:"configs,omitempty"`
+}
+
+func (m *StoreSnapshot) Reset()      { *m = StoreSnapshot{} }
+func (*StoreSnapshot) ProtoMessage() {}
+func (*StoreSnapshot) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c5cad0b62cecd9af, []int{0}
+}
+func (m *StoreSnapshot) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StoreSnapshot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StoreSnapshot.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StoreSnapshot) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StoreSnapshot.Merge(m, src)
+}
+func (m *StoreSnapshot) XXX_Size() int {
+	return m.Size()
+}
+func (m *StoreSnapshot) XXX_DiscardUnknown() {
+	xxx_messageInfo_StoreSnapshot.DiscardUnknown(m)
 }
 
-func (m *StoreSnapshot) Reset()                    { *m = StoreSnapshot{} }
-func (*StoreSnapshot) ProtoMessage()               {}
-func (*StoreSnapshot) Descriptor() ([]byte, []int) { return fileDescriptorSnapshot, []int{0} }
+var xxx_messageInfo_StoreSnapshot proto.InternalMessageInfo
 
 // ClusterSnapshot stores cluster membership information in snapshots.
 type ClusterSnapshot struct {
-	Members []*RaftMember `protobuf:"bytes,1,rep,name=members" json:"members,omitempty"`
-	Removed []uint64      `protobuf:"varint,2,rep,name=removed" json:"removed,omitempty"`
+	Members []*RaftMember `protobuf:"bytes,1,rep,name=members,proto3" json:"members,omitempty"`
+	Removed []uint64      `protobuf:"varint,2,rep,name=removed,proto3" json:"removed,omitempty"`
 }
 
-func (m *ClusterSnapshot) Reset()                    { *m = ClusterSnapshot{} }
-func (*ClusterSnapshot) ProtoMessage()               {}
-func (*ClusterSnapshot) Descriptor() ([]byte, []int) { return fileDescriptorSnapshot, []int{1} }
+func (m *ClusterSnapshot) Reset()      { *m = ClusterSnapshot{} }
+func (*ClusterSnapshot) ProtoMessage() {}
+func (*ClusterSnapshot) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c5cad0b62cecd9af, []int{1}
+}
+func (m *ClusterSnapshot) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ClusterSnapshot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ClusterSnapshot.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ClusterSnapshot) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ClusterSnapshot.Merge(m, src)
+}
+func (m *ClusterSnapshot) XXX_Size() int {
+	return m.Size()
+}
+func (m *ClusterSnapshot) XXX_DiscardUnknown() {
+	xxx_messageInfo_ClusterSnapshot.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ClusterSnapshot proto.InternalMessageInfo
 
 type Snapshot struct {
 	Version    Snapshot_Version `protobuf:"varint,1,opt,name=version,proto3,enum=docker.swarmkit.v1.Snapshot_Version" json:"version,omitempty"`
-	Membership ClusterSnapshot  `protobuf:"bytes,2,opt,name=membership" json:"membership"`
-	Store      StoreSnapshot    `protobuf:"bytes,3,opt,name=store" json:"store"`
+	Membership ClusterSnapshot  `protobuf:"bytes,2,opt,name=membership,proto3" json:"membership"`
+	Store      StoreSnapshot    `protobuf:"bytes,3,opt,name=store,proto3" json:"store"`
 }
 
-func (m *Snapshot) Reset()                    { *m = Snapshot{} }
-func (*Snapshot) ProtoMessage()               {}
-func (*Snapshot) Descriptor() ([]byte, []int) { return fileDescriptorSnapshot, []int{2} }
+func (m *Snapshot) Reset()      { *m = Snapshot{} }
+func (*Snapshot) ProtoMessage() {}
+func (*Snapshot) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c5cad0b62cecd9af, []int{2}
+}
+func (m *Snapshot) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Snapshot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Snapshot.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Snapshot) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Snapshot.Merge(m, src)
+}
+func (m *Snapshot) XXX_Size() int {
+	return m.Size()
+}
+func (m *Snapshot) XXX_DiscardUnknown() {
+	xxx_messageInfo_Snapshot.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Snapshot proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.Snapshot_Version", Snapshot_Version_name, Snapshot_Version_value)
 	proto.RegisterType((*StoreSnapshot)(nil), "docker.swarmkit.v1.StoreSnapshot")
 	proto.RegisterType((*ClusterSnapshot)(nil), "docker.swarmkit.v1.ClusterSnapshot")
 	proto.RegisterType((*Snapshot)(nil), "docker.swarmkit.v1.Snapshot")
-	proto.RegisterEnum("docker.swarmkit.v1.Snapshot_Version", Snapshot_Version_name, Snapshot_Version_value)
+}
+
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/snapshot.proto", fileDescriptor_c5cad0b62cecd9af)
+}
+
+var fileDescriptor_c5cad0b62cecd9af = []byte{
+	// 507 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x93, 0xcf, 0x6f, 0xd3, 0x30,
+	0x14, 0xc7, 0x93, 0xfe, 0x4a, 0xe7, 0x09, 0x18, 0x16, 0x07, 0xab, 0x0c, 0x53, 0xca, 0x0e, 0x45,
+	0x82, 0x14, 0x0a, 0x12, 0x08, 0x69, 0x1c, 0x3a, 0x71, 0xe0, 0xc0, 0x0e, 0x2e, 0x9a, 0xb8, 0xa6,
+	0xa9, 0xdb, 0x86, 0x90, 0xb8, 0xf2, 0x73, 0x3b, 0x8e, 0xf0, 0x1f, 0xf0, 0x67, 0xf5, 0xb8, 0xe3,
+	0x4e, 0x88, 0xb5, 0x07, 0xfe, 0x0d, 0x64, 0x3b, 0x09, 0x95, 0x48, 0xb7, 0x5b, 0x64, 0x7d, 0x3e,
+	0xef, 0x7d, 0xed, 0xbc, 0x87, 0x9e, 0x4d, 0x23, 0x35, 0x5b, 0x8c, 0xfc, 0x50, 0x24, 0xbd, 0xb1,
+	0x08, 0x63, 0x2e, 0x7b, 0x70, 0x1e, 0xc8, 0x24, 0x8e, 0x54, 0x2f, 0x98, 0x47, 0x3d, 0x48, 0x83,
+	0x39, 0xcc, 0x84, 0xf2, 0xe7, 0x52, 0x28, 0x81, 0xb1, 0x65, 0xfc, 0x9c, 0xf1, 0x97, 0x2f, 0x5a,
+	0x4f, 0x6f, 0x28, 0x21, 0x46, 0x5f, 0x78, 0xa8, 0xc0, 0x56, 0x68, 0x3d, 0xb9, 0x81, 0x96, 0xc1,
+	0x24, 0x6b, 0xd6, 0xba, 0x37, 0x15, 0x53, 0x61, 0x3e, 0x7b, 0xfa, 0xcb, 0x9e, 0x76, 0x7e, 0xd4,
+	0xd0, 0xad, 0xa1, 0x12, 0x92, 0x0f, 0xb3, 0x68, 0xd8, 0x47, 0xf5, 0x54, 0x8c, 0x39, 0x10, 0xb7,
+	0x5d, 0xed, 0xee, 0xf7, 0x89, 0xff, 0x7f, 0x48, 0xff, 0x54, 0x8c, 0x39, 0xb3, 0x18, 0x7e, 0x8d,
+	0x9a, 0xc0, 0xe5, 0x32, 0x0a, 0x39, 0x90, 0x8a, 0x51, 0xee, 0x97, 0x29, 0x43, 0xcb, 0xb0, 0x02,
+	0xd6, 0x62, 0xca, 0xd5, 0xb9, 0x90, 0x31, 0x90, 0xea, 0x6e, 0xf1, 0xd4, 0x32, 0xac, 0x80, 0x75,
+	0x42, 0x15, 0x40, 0x0c, 0xa4, 0xb6, 0x3b, 0xe1, 0xa7, 0x00, 0x62, 0x66, 0x31, 0xdd, 0x28, 0xfc,
+	0xba, 0x00, 0xc5, 0x25, 0x90, 0xfa, 0xee, 0x46, 0x27, 0x96, 0x61, 0x05, 0x8c, 0x5f, 0x21, 0x0f,
+	0x78, 0x28, 0xb9, 0x02, 0xd2, 0x30, 0x5e, 0xab, 0xfc, 0x66, 0x1a, 0x61, 0x39, 0x8a, 0xdf, 0xa2,
+	0x3d, 0xc9, 0x41, 0x2c, 0xa4, 0x7e, 0x11, 0xcf, 0x78, 0x87, 0x65, 0x1e, 0xcb, 0x20, 0xf6, 0x0f,
+	0xc7, 0xc7, 0x08, 0xf1, 0x6f, 0x8a, 0xa7, 0x10, 0x89, 0x14, 0x48, 0xd3, 0xc8, 0x0f, 0xca, 0xe4,
+	0xf7, 0x39, 0xc5, 0xb6, 0x04, 0x1d, 0x38, 0x14, 0xe9, 0x24, 0x9a, 0x02, 0xd9, 0xdb, 0x1d, 0xf8,
+	0xc4, 0x20, 0x2c, 0x47, 0x3b, 0x11, 0xba, 0x93, 0xdd, 0xbd, 0x18, 0x82, 0x37, 0xc8, 0x4b, 0x78,
+	0x32, 0xd2, 0x2f, 0x66, 0xc7, 0x80, 0x96, 0xde, 0x20, 0x98, 0xa8, 0x8f, 0x06, 0x63, 0x39, 0x8e,
+	0x0f, 0x91, 0x27, 0x79, 0x22, 0x96, 0x7c, 0x6c, 0xa6, 0xa1, 0x36, 0xa8, 0x1c, 0x38, 0x2c, 0x3f,
+	0xea, 0xfc, 0x71, 0x51, 0xb3, 0x68, 0xf2, 0x0e, 0x79, 0x4b, 0x2e, 0x75, 0x72, 0xe2, 0xb6, 0xdd,
+	0xee, 0xed, 0xfe, 0x51, 0xe9, 0xf3, 0xe6, 0x3b, 0x73, 0x66, 0x59, 0x96, 0x4b, 0xf8, 0x03, 0x42,
+	0x59, 0xd7, 0x59, 0x34, 0x27, 0x95, 0xb6, 0xdb, 0xdd, 0xef, 0x3f, 0xbe, 0xe6, 0xcf, 0xe6, 0x95,
+	0x06, 0xb5, 0xd5, 0xaf, 0x87, 0x0e, 0xdb, 0x92, 0xf1, 0x31, 0xaa, 0x83, 0xde, 0x02, 0x52, 0x35,
+	0x55, 0x1e, 0x95, 0x06, 0xd9, 0x5e, 0x93, 0xac, 0x86, 0xb5, 0x3a, 0x77, 0x91, 0x97, 0xa5, 0xc3,
+	0x0d, 0x54, 0x39, 0x7b, 0x7e, 0xe0, 0x0c, 0x8e, 0x56, 0x57, 0xd4, 0xb9, 0xbc, 0xa2, 0xce, 0xf7,
+	0x35, 0x75, 0x57, 0x6b, 0xea, 0x5e, 0xac, 0xa9, 0xfb, 0x7b, 0x4d, 0xdd, 0x9f, 0x1b, 0xea, 0x5c,
+	0x6c, 0xa8, 0x73, 0xb9, 0xa1, 0xce, 0xe7, 0xca, 0xa8, 0x61, 0xf6, 0xf0, 0xe5, 0xdf, 0x00, 0x00,
+	0x00, 0xff, 0xff, 0x97, 0x4e, 0xfd, 0x2a, 0x3b, 0x04, 0x00, 0x00,
 }
 
 func (m *StoreSnapshot) Copy() *StoreSnapshot {
@@ -101,7 +233,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Nodes = make([]*Node, len(o.Nodes))
 		for i := range m.Nodes {
 			m.Nodes[i] = &Node{}
-			deepcopy.Copy(m.Nodes[i], o.Nodes[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Nodes[i], o.Nodes[i])
 		}
 	}
 
@@ -109,7 +241,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Services = make([]*Service, len(o.Services))
 		for i := range m.Services {
 			m.Services[i] = &Service{}
-			deepcopy.Copy(m.Services[i], o.Services[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Services[i], o.Services[i])
 		}
 	}
 
@@ -117,7 +249,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Networks = make([]*Network, len(o.Networks))
 		for i := range m.Networks {
 			m.Networks[i] = &Network{}
-			deepcopy.Copy(m.Networks[i], o.Networks[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Networks[i], o.Networks[i])
 		}
 	}
 
@@ -125,7 +257,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Tasks = make([]*Task, len(o.Tasks))
 		for i := range m.Tasks {
 			m.Tasks[i] = &Task{}
-			deepcopy.Copy(m.Tasks[i], o.Tasks[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Tasks[i], o.Tasks[i])
 		}
 	}
 
@@ -133,7 +265,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Clusters = make([]*Cluster, len(o.Clusters))
 		for i := range m.Clusters {
 			m.Clusters[i] = &Cluster{}
-			deepcopy.Copy(m.Clusters[i], o.Clusters[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Clusters[i], o.Clusters[i])
 		}
 	}
 
@@ -141,7 +273,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Secrets = make([]*Secret, len(o.Secrets))
 		for i := range m.Secrets {
 			m.Secrets[i] = &Secret{}
-			deepcopy.Copy(m.Secrets[i], o.Secrets[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Secrets[i], o.Secrets[i])
 		}
 	}
 
@@ -149,7 +281,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Resources = make([]*Resource, len(o.Resources))
 		for i := range m.Resources {
 			m.Resources[i] = &Resource{}
-			deepcopy.Copy(m.Resources[i], o.Resources[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Resources[i], o.Resources[i])
 		}
 	}
 
@@ -157,7 +289,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Extensions = make([]*Extension, len(o.Extensions))
 		for i := range m.Extensions {
 			m.Extensions[i] = &Extension{}
-			deepcopy.Copy(m.Extensions[i], o.Extensions[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Extensions[i], o.Extensions[i])
 		}
 	}
 
@@ -165,7 +297,7 @@ func (m *StoreSnapshot) CopyFrom(src interface{}) {
 		m.Configs = make([]*Config, len(o.Configs))
 		for i := range m.Configs {
 			m.Configs[i] = &Config{}
-			deepcopy.Copy(m.Configs[i], o.Configs[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Configs[i], o.Configs[i])
 		}
 	}
 
@@ -188,7 +320,7 @@ func (m *ClusterSnapshot) CopyFrom(src interface{}) {
 		m.Members = make([]*RaftMember, len(o.Members))
 		for i := range m.Members {
 			m.Members[i] = &RaftMember{}
-			deepcopy.Copy(m.Members[i], o.Members[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Members[i], o.Members[i])
 		}
 	}
 
@@ -212,14 +344,14 @@ func (m *Snapshot) CopyFrom(src interface{}) {
 
 	o := src.(*Snapshot)
 	*m = *o
-	deepcopy.Copy(&m.Membership, &o.Membership)
-	deepcopy.Copy(&m.Store, &o.Store)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Membership, &o.Membership)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Store, &o.Store)
 }
 
 func (m *StoreSnapshot) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -227,125 +359,148 @@ func (m *StoreSnapshot) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StoreSnapshot) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreSnapshot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Nodes) > 0 {
-		for _, msg := range m.Nodes {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Configs) > 0 {
+		for iNdEx := len(m.Configs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Configs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x4a
 		}
 	}
-	if len(m.Services) > 0 {
-		for _, msg := range m.Services {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Extensions) > 0 {
+		for iNdEx := len(m.Extensions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Extensions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x42
 		}
 	}
-	if len(m.Networks) > 0 {
-		for _, msg := range m.Networks {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Resources) > 0 {
+		for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x3a
 		}
 	}
-	if len(m.Tasks) > 0 {
-		for _, msg := range m.Tasks {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Secrets) > 0 {
+		for iNdEx := len(m.Secrets) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Secrets[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x32
 		}
 	}
 	if len(m.Clusters) > 0 {
-		for _, msg := range m.Clusters {
-			dAtA[i] = 0x2a
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Clusters) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Clusters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x2a
 		}
 	}
-	if len(m.Secrets) > 0 {
-		for _, msg := range m.Secrets {
-			dAtA[i] = 0x32
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Tasks) > 0 {
+		for iNdEx := len(m.Tasks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Tasks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x22
 		}
 	}
-	if len(m.Resources) > 0 {
-		for _, msg := range m.Resources {
-			dAtA[i] = 0x3a
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Networks) > 0 {
+		for iNdEx := len(m.Networks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Networks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if len(m.Extensions) > 0 {
-		for _, msg := range m.Extensions {
-			dAtA[i] = 0x42
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Services) > 0 {
+		for iNdEx := len(m.Services) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Services[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	if len(m.Configs) > 0 {
-		for _, msg := range m.Configs {
-			dAtA[i] = 0x4a
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Nodes) > 0 {
+		for iNdEx := len(m.Nodes) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Nodes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ClusterSnapshot) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -353,36 +508,43 @@ func (m *ClusterSnapshot) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ClusterSnapshot) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ClusterSnapshot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Members) > 0 {
-		for _, msg := range m.Members {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
 	if len(m.Removed) > 0 {
-		for _, num := range m.Removed {
+		for iNdEx := len(m.Removed) - 1; iNdEx >= 0; iNdEx-- {
+			i = encodeVarintSnapshot(dAtA, i, uint64(m.Removed[iNdEx]))
+			i--
 			dAtA[i] = 0x10
-			i++
-			i = encodeVarintSnapshot(dAtA, i, uint64(num))
 		}
 	}
-	return i, nil
+	if len(m.Members) > 0 {
+		for iNdEx := len(m.Members) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Members[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSnapshot(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *Snapshot) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -390,45 +552,58 @@ func (m *Snapshot) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Snapshot) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Snapshot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Version != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintSnapshot(dAtA, i, uint64(m.Version))
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintSnapshot(dAtA, i, uint64(m.Membership.Size()))
-	n1, err := m.Membership.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Store.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSnapshot(dAtA, i, uint64(size))
 	}
-	i += n1
+	i--
 	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintSnapshot(dAtA, i, uint64(m.Store.Size()))
-	n2, err := m.Store.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Membership.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSnapshot(dAtA, i, uint64(size))
 	}
-	i += n2
-	return i, nil
+	i--
+	dAtA[i] = 0x12
+	if m.Version != 0 {
+		i = encodeVarintSnapshot(dAtA, i, uint64(m.Version))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintSnapshot(dAtA []byte, offset int, v uint64) int {
+	offset -= sovSnapshot(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
-
 func (m *StoreSnapshot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Nodes) > 0 {
@@ -489,6 +664,9 @@ func (m *StoreSnapshot) Size() (n int) {
 }
 
 func (m *ClusterSnapshot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Members) > 0 {
@@ -506,6 +684,9 @@ func (m *ClusterSnapshot) Size() (n int) {
 }
 
 func (m *Snapshot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Version != 0 {
@@ -519,14 +700,7 @@ func (m *Snapshot) Size() (n int) {
 }
 
 func sovSnapshot(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozSnapshot(x uint64) (n int) {
 	return sovSnapshot(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -535,16 +709,61 @@ func (this *StoreSnapshot) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForNodes := "[]*Node{"
+	for _, f := range this.Nodes {
+		repeatedStringForNodes += strings.Replace(fmt.Sprintf("%v", f), "Node", "Node", 1) + ","
+	}
+	repeatedStringForNodes += "}"
+	repeatedStringForServices := "[]*Service{"
+	for _, f := range this.Services {
+		repeatedStringForServices += strings.Replace(fmt.Sprintf("%v", f), "Service", "Service", 1) + ","
+	}
+	repeatedStringForServices += "}"
+	repeatedStringForNetworks := "[]*Network{"
+	for _, f := range this.Networks {
+		repeatedStringForNetworks += strings.Replace(fmt.Sprintf("%v", f), "Network", "Network", 1) + ","
+	}
+	repeatedStringForNetworks += "}"
+	repeatedStringForTasks := "[]*Task{"
+	for _, f := range this.Tasks {
+		repeatedStringForTasks += strings.Replace(fmt.Sprintf("%v", f), "Task", "Task", 1) + ","
+	}
+	repeatedStringForTasks += "}"
+	repeatedStringForClusters := "[]*Cluster{"
+	for _, f := range this.Clusters {
+		repeatedStringForClusters += strings.Replace(fmt.Sprintf("%v", f), "Cluster", "Cluster", 1) + ","
+	}
+	repeatedStringForClusters += "}"
+	repeatedStringForSecrets := "[]*Secret{"
+	for _, f := range this.Secrets {
+		repeatedStringForSecrets += strings.Replace(fmt.Sprintf("%v", f), "Secret", "Secret", 1) + ","
+	}
+	repeatedStringForSecrets += "}"
+	repeatedStringForResources := "[]*Resource{"
+	for _, f := range this.Resources {
+		repeatedStringForResources += strings.Replace(fmt.Sprintf("%v", f), "Resource", "Resource", 1) + ","
+	}
+	repeatedStringForResources += "}"
+	repeatedStringForExtensions := "[]*Extension{"
+	for _, f := range this.Extensions {
+		repeatedStringForExtensions += strings.Replace(fmt.Sprintf("%v", f), "Extension", "Extension", 1) + ","
+	}
+	repeatedStringForExtensions += "}"
+	repeatedStringForConfigs := "[]*Config{"
+	for _, f := range this.Configs {
+		repeatedStringForConfigs += strings.Replace(fmt.Sprintf("%v", f), "Config", "Config", 1) + ","
+	}
+	repeatedStringForConfigs += "}"
 	s := strings.Join([]string{`&StoreSnapshot{`,
-		`Nodes:` + strings.Replace(fmt.Sprintf("%v", this.Nodes), "Node", "Node", 1) + `,`,
-		`Services:` + strings.Replace(fmt.Sprintf("%v", this.Services), "Service", "Service", 1) + `,`,
-		`Networks:` + strings.Replace(fmt.Sprintf("%v", this.Networks), "Network", "Network", 1) + `,`,
-		`Tasks:` + strings.Replace(fmt.Sprintf("%v", this.Tasks), "Task", "Task", 1) + `,`,
-		`Clusters:` + strings.Replace(fmt.Sprintf("%v", this.Clusters), "Cluster", "Cluster", 1) + `,`,
-		`Secrets:` + strings.Replace(fmt.Sprintf("%v", this.Secrets), "Secret", "Secret", 1) + `,`,
-		`Resources:` + strings.Replace(fmt.Sprintf("%v", this.Resources), "Resource", "Resource", 1) + `,`,
-		`Extensions:` + strings.Replace(fmt.Sprintf("%v", this.Extensions), "Extension", "Extension", 1) + `,`,
-		`Configs:` + strings.Replace(fmt.Sprintf("%v", this.Configs), "Config", "Config", 1) + `,`,
+		`Nodes:` + repeatedStringForNodes + `,`,
+		`Services:` + repeatedStringForServices + `,`,
+		`Networks:` + repeatedStringForNetworks + `,`,
+		`Tasks:` + repeatedStringForTasks + `,`,
+		`Clusters:` + repeatedStringForClusters + `,`,
+		`Secrets:` + repeatedStringForSecrets + `,`,
+		`Resources:` + repeatedStringForResources + `,`,
+		`Extensions:` + repeatedStringForExtensions + `,`,
+		`Configs:` + repeatedStringForConfigs + `,`,
 		`}`,
 	}, "")
 	return s
@@ -553,8 +772,13 @@ func (this *ClusterSnapshot) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMembers := "[]*RaftMember{"
+	for _, f := range this.Members {
+		repeatedStringForMembers += strings.Replace(fmt.Sprintf("%v", f), "RaftMember", "RaftMember", 1) + ","
+	}
+	repeatedStringForMembers += "}"
 	s := strings.Join([]string{`&ClusterSnapshot{`,
-		`Members:` + strings.Replace(fmt.Sprintf("%v", this.Members), "RaftMember", "RaftMember", 1) + `,`,
+		`Members:` + repeatedStringForMembers + `,`,
 		`Removed:` + fmt.Sprintf("%v", this.Removed) + `,`,
 		`}`,
 	}, "")
@@ -595,7 +819,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -623,7 +847,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -632,6 +856,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -654,7 +881,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -663,6 +890,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -685,7 +915,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -694,6 +924,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -716,7 +949,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -725,6 +958,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -747,7 +983,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -756,6 +992,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -778,7 +1017,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -787,6 +1026,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -809,7 +1051,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -818,6 +1060,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -840,7 +1085,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -849,6 +1094,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -871,7 +1119,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -880,6 +1128,9 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -894,7 +1145,7 @@ func (m *StoreSnapshot) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshot
 			}
 			if (iNdEx + skippy) > l {
@@ -924,7 +1175,7 @@ func (m *ClusterSnapshot) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -952,7 +1203,7 @@ func (m *ClusterSnapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -961,6 +1212,9 @@ func (m *ClusterSnapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -981,7 +1235,7 @@ func (m *ClusterSnapshot) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					v |= (uint64(b) & 0x7F) << shift
+					v |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -998,7 +1252,7 @@ func (m *ClusterSnapshot) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					packedLen |= (int(b) & 0x7F) << shift
+					packedLen |= int(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1007,9 +1261,23 @@ func (m *ClusterSnapshot) Unmarshal(dAtA []byte) error {
 					return ErrInvalidLengthSnapshot
 				}
 				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthSnapshot
+				}
 				if postIndex > l {
 					return io.ErrUnexpectedEOF
 				}
+				var elementCount int
+				var count int
+				for _, integer := range dAtA[iNdEx:postIndex] {
+					if integer < 128 {
+						count++
+					}
+				}
+				elementCount = count
+				if elementCount != 0 && len(m.Removed) == 0 {
+					m.Removed = make([]uint64, 0, elementCount)
+				}
 				for iNdEx < postIndex {
 					var v uint64
 					for shift := uint(0); ; shift += 7 {
@@ -1021,7 +1289,7 @@ func (m *ClusterSnapshot) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						v |= (uint64(b) & 0x7F) << shift
+						v |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1037,7 +1305,7 @@ func (m *ClusterSnapshot) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshot
 			}
 			if (iNdEx + skippy) > l {
@@ -1067,7 +1335,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1095,7 +1363,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Version |= (Snapshot_Version(b) & 0x7F) << shift
+				m.Version |= Snapshot_Version(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1114,7 +1382,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1123,6 +1391,9 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1144,7 +1415,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1153,6 +1424,9 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSnapshot
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshot
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1166,7 +1440,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSnapshot
 			}
 			if (iNdEx + skippy) > l {
@@ -1184,6 +1458,7 @@ func (m *Snapshot) Unmarshal(dAtA []byte) error {
 func skipSnapshot(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1215,10 +1490,8 @@ func skipSnapshot(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1235,92 +1508,34 @@ func skipSnapshot(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthSnapshot
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowSnapshot
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipSnapshot(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupSnapshot
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthSnapshot
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthSnapshot = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowSnapshot   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthSnapshot        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowSnapshot          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupSnapshot = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/docker/swarmkit/api/snapshot.proto", fileDescriptorSnapshot)
-}
-
-var fileDescriptorSnapshot = []byte{
-	// 493 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x93, 0xbf, 0x8f, 0xd3, 0x30,
-	0x14, 0xc7, 0x93, 0xf4, 0x47, 0x7a, 0x3e, 0x01, 0x87, 0xc5, 0x60, 0x95, 0x23, 0x94, 0xc2, 0x50,
-	0x24, 0x48, 0xa0, 0x20, 0x81, 0x90, 0x8e, 0xa1, 0x27, 0x06, 0x06, 0x6e, 0x70, 0xd1, 0x89, 0x35,
-	0x4d, 0xdd, 0x36, 0x84, 0xc4, 0x95, 0x9f, 0xdb, 0x63, 0x84, 0xff, 0xae, 0x23, 0x23, 0x13, 0xe2,
-	0xba, 0xf0, 0x6f, 0x20, 0xdb, 0x71, 0xa8, 0x44, 0x7a, 0xb7, 0x45, 0xd6, 0xe7, 0xf3, 0xde, 0xd7,
-	0xce, 0x7b, 0xe8, 0xe9, 0x3c, 0x95, 0x8b, 0xd5, 0x24, 0x4c, 0x78, 0x1e, 0x4d, 0x79, 0x92, 0x31,
-	0x11, 0xc1, 0x45, 0x2c, 0xf2, 0x2c, 0x95, 0x51, 0xbc, 0x4c, 0x23, 0x28, 0xe2, 0x25, 0x2c, 0xb8,
-	0x0c, 0x97, 0x82, 0x4b, 0x8e, 0xb1, 0x61, 0x42, 0xcb, 0x84, 0xeb, 0xe7, 0xdd, 0x27, 0xd7, 0x94,
-	0xe0, 0x93, 0xcf, 0x2c, 0x91, 0x60, 0x2a, 0x74, 0x1f, 0x5f, 0x43, 0x8b, 0x78, 0x56, 0x36, 0xeb,
-	0xde, 0x99, 0xf3, 0x39, 0xd7, 0x9f, 0x91, 0xfa, 0x32, 0xa7, 0xfd, 0xef, 0x4d, 0x74, 0x63, 0x2c,
-	0xb9, 0x60, 0xe3, 0x32, 0x1a, 0x0e, 0x51, 0xab, 0xe0, 0x53, 0x06, 0xc4, 0xed, 0x35, 0x06, 0x87,
-	0x43, 0x12, 0xfe, 0x1f, 0x32, 0x3c, 0xe3, 0x53, 0x46, 0x0d, 0x86, 0x5f, 0xa1, 0x0e, 0x30, 0xb1,
-	0x4e, 0x13, 0x06, 0xc4, 0xd3, 0xca, 0xdd, 0x3a, 0x65, 0x6c, 0x18, 0x5a, 0xc1, 0x4a, 0x2c, 0x98,
-	0xbc, 0xe0, 0x22, 0x03, 0xd2, 0xd8, 0x2f, 0x9e, 0x19, 0x86, 0x56, 0xb0, 0x4a, 0x28, 0x63, 0xc8,
-	0x80, 0x34, 0xf7, 0x27, 0xfc, 0x18, 0x43, 0x46, 0x0d, 0xa6, 0x1a, 0x25, 0x5f, 0x56, 0x20, 0x99,
-	0x00, 0xd2, 0xda, 0xdf, 0xe8, 0xd4, 0x30, 0xb4, 0x82, 0xf1, 0x4b, 0xe4, 0x03, 0x4b, 0x04, 0x93,
-	0x40, 0xda, 0xda, 0xeb, 0xd6, 0xdf, 0x4c, 0x21, 0xd4, 0xa2, 0xf8, 0x0d, 0x3a, 0x10, 0x0c, 0xf8,
-	0x4a, 0xa8, 0x17, 0xf1, 0xb5, 0x77, 0x5c, 0xe7, 0xd1, 0x12, 0xa2, 0xff, 0x70, 0x7c, 0x82, 0x10,
-	0xfb, 0x2a, 0x59, 0x01, 0x29, 0x2f, 0x80, 0x74, 0xb4, 0x7c, 0xaf, 0x4e, 0x7e, 0x67, 0x29, 0xba,
-	0x23, 0xa8, 0xc0, 0x09, 0x2f, 0x66, 0xe9, 0x1c, 0xc8, 0xc1, 0xfe, 0xc0, 0xa7, 0x1a, 0xa1, 0x16,
-	0xed, 0xa7, 0xe8, 0x56, 0x79, 0xf7, 0x6a, 0x08, 0x5e, 0x23, 0x3f, 0x67, 0xf9, 0x44, 0xbd, 0x98,
-	0x19, 0x83, 0xa0, 0xf6, 0x06, 0xf1, 0x4c, 0x7e, 0xd0, 0x18, 0xb5, 0x38, 0x3e, 0x46, 0xbe, 0x60,
-	0x39, 0x5f, 0xb3, 0xa9, 0x9e, 0x86, 0xe6, 0xc8, 0x3b, 0x72, 0xa8, 0x3d, 0xea, 0xff, 0x71, 0x51,
-	0xa7, 0x6a, 0xf2, 0x16, 0xf9, 0x6b, 0x26, 0x54, 0x72, 0xe2, 0xf6, 0xdc, 0xc1, 0xcd, 0xe1, 0xa3,
-	0xda, 0xe7, 0xb5, 0x3b, 0x73, 0x6e, 0x58, 0x6a, 0x25, 0xfc, 0x1e, 0xa1, 0xb2, 0xeb, 0x22, 0x5d,
-	0x12, 0xaf, 0xe7, 0x0e, 0x0e, 0x87, 0x0f, 0xaf, 0xf8, 0xb3, 0xb6, 0xd2, 0xa8, 0xb9, 0xf9, 0x75,
-	0xdf, 0xa1, 0x3b, 0x32, 0x3e, 0x41, 0x2d, 0x50, 0x5b, 0x40, 0x1a, 0xba, 0xca, 0x83, 0xda, 0x20,
-	0xbb, 0x6b, 0x52, 0xd6, 0x30, 0x56, 0xff, 0x36, 0xf2, 0xcb, 0x74, 0xb8, 0x8d, 0xbc, 0xf3, 0x67,
-	0x47, 0xce, 0x88, 0x6c, 0x2e, 0x03, 0xe7, 0xe7, 0x65, 0xe0, 0x7c, 0xdb, 0x06, 0xee, 0x66, 0x1b,
-	0xb8, 0x3f, 0xb6, 0x81, 0xfb, 0x7b, 0x1b, 0xb8, 0x9f, 0xbc, 0x49, 0x5b, 0xef, 0xde, 0x8b, 0xbf,
-	0x01, 0x00, 0x00, 0xff, 0xff, 0xfd, 0xbe, 0x47, 0xec, 0x2f, 0x04, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/specs.pb.go b/vendor/github.com/docker/swarmkit/api/specs.pb.go
index 3adb9129b0939..c04c13a88e177 100644
--- a/vendor/github.com/docker/swarmkit/api/specs.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/specs.pb.go
@@ -3,27 +3,31 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import google_protobuf3 "github.com/gogo/protobuf/types"
-import google_protobuf4 "github.com/gogo/protobuf/types"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type NodeSpec_Membership int32
 
 const (
@@ -35,6 +39,7 @@ var NodeSpec_Membership_name = map[int32]string{
 	0: "PENDING",
 	1: "ACCEPTED",
 }
+
 var NodeSpec_Membership_value = map[string]int32{
 	"PENDING":  0,
 	"ACCEPTED": 1,
@@ -43,7 +48,10 @@ var NodeSpec_Membership_value = map[string]int32{
 func (x NodeSpec_Membership) String() string {
 	return proto.EnumName(NodeSpec_Membership_name, int32(x))
 }
-func (NodeSpec_Membership) EnumDescriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{0, 0} }
+
+func (NodeSpec_Membership) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{0, 0}
+}
 
 type NodeSpec_Availability int32
 
@@ -63,6 +71,7 @@ var NodeSpec_Availability_name = map[int32]string{
 	1: "PAUSE",
 	2: "DRAIN",
 }
+
 var NodeSpec_Availability_value = map[string]int32{
 	"ACTIVE": 0,
 	"PAUSE":  1,
@@ -72,7 +81,10 @@ var NodeSpec_Availability_value = map[string]int32{
 func (x NodeSpec_Availability) String() string {
 	return proto.EnumName(NodeSpec_Availability_name, int32(x))
 }
-func (NodeSpec_Availability) EnumDescriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{0, 1} }
+
+func (NodeSpec_Availability) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{0, 1}
+}
 
 type ContainerSpec_Isolation int32
 
@@ -90,6 +102,7 @@ var ContainerSpec_Isolation_name = map[int32]string{
 	1: "ISOLATION_PROCESS",
 	2: "ISOLATION_HYPERV",
 }
+
 var ContainerSpec_Isolation_value = map[string]int32{
 	"ISOLATION_DEFAULT": 0,
 	"ISOLATION_PROCESS": 1,
@@ -99,8 +112,9 @@ var ContainerSpec_Isolation_value = map[string]int32{
 func (x ContainerSpec_Isolation) String() string {
 	return proto.EnumName(ContainerSpec_Isolation_name, int32(x))
 }
+
 func (ContainerSpec_Isolation) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorSpecs, []int{8, 0}
+	return fileDescriptor_6589acc608f7d4fd, []int{10, 0}
 }
 
 // ResolutionMode specifies the mode of resolution to use for
@@ -127,6 +141,7 @@ var EndpointSpec_ResolutionMode_name = map[int32]string{
 	0: "VIP",
 	1: "DNSRR",
 }
+
 var EndpointSpec_ResolutionMode_value = map[string]int32{
 	"VIP":   0,
 	"DNSRR": 1,
@@ -135,12 +150,13 @@ var EndpointSpec_ResolutionMode_value = map[string]int32{
 func (x EndpointSpec_ResolutionMode) String() string {
 	return proto.EnumName(EndpointSpec_ResolutionMode_name, int32(x))
 }
+
 func (EndpointSpec_ResolutionMode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorSpecs, []int{9, 0}
+	return fileDescriptor_6589acc608f7d4fd, []int{11, 0}
 }
 
 type NodeSpec struct {
-	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations" json:"annotations"`
+	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations,proto3" json:"annotations"`
 	// DesiredRole defines the role the node should have.
 	DesiredRole NodeRole `protobuf:"varint,2,opt,name=desired_role,json=desiredRole,proto3,enum=docker.swarmkit.v1.NodeRole" json:"desired_role,omitempty"`
 	// Membership controls the admission of the node into the cluster.
@@ -150,9 +166,37 @@ type NodeSpec struct {
 	Availability NodeSpec_Availability `protobuf:"varint,4,opt,name=availability,proto3,enum=docker.swarmkit.v1.NodeSpec_Availability" json:"availability,omitempty"`
 }
 
-func (m *NodeSpec) Reset()                    { *m = NodeSpec{} }
-func (*NodeSpec) ProtoMessage()               {}
-func (*NodeSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{0} }
+func (m *NodeSpec) Reset()      { *m = NodeSpec{} }
+func (*NodeSpec) ProtoMessage() {}
+func (*NodeSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{0}
+}
+func (m *NodeSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NodeSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NodeSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NodeSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NodeSpec.Merge(m, src)
+}
+func (m *NodeSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *NodeSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_NodeSpec.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NodeSpec proto.InternalMessageInfo
 
 // ServiceSpec defines the properties of a service.
 //
@@ -161,31 +205,61 @@ func (*NodeSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []in
 // strategy and restart policy, a number of application-level behaviors can be
 // defined.
 type ServiceSpec struct {
-	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations" json:"annotations"`
+	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations,proto3" json:"annotations"`
 	// Task defines the task template this service will spawn.
-	Task TaskSpec `protobuf:"bytes,2,opt,name=task" json:"task"`
+	Task TaskSpec `protobuf:"bytes,2,opt,name=task,proto3" json:"task"`
 	// Types that are valid to be assigned to Mode:
 	//	*ServiceSpec_Replicated
 	//	*ServiceSpec_Global
+	//	*ServiceSpec_ReplicatedJob
+	//	*ServiceSpec_GlobalJob
 	Mode isServiceSpec_Mode `protobuf_oneof:"mode"`
 	// Update contains settings which affect updates.
-	Update *UpdateConfig `protobuf:"bytes,6,opt,name=update" json:"update,omitempty"`
+	Update *UpdateConfig `protobuf:"bytes,6,opt,name=update,proto3" json:"update,omitempty"`
 	// Rollback contains settings which affect rollbacks of updates.
-	Rollback *UpdateConfig `protobuf:"bytes,9,opt,name=rollback" json:"rollback,omitempty"`
+	Rollback *UpdateConfig `protobuf:"bytes,9,opt,name=rollback,proto3" json:"rollback,omitempty"`
 	// ServiceSpec.Networks has been deprecated and is replaced by
 	// Networks field in Task (TaskSpec.Networks).
 	// This field (ServiceSpec.Networks) is kept for compatibility.
 	// In case TaskSpec.Networks does not exist, ServiceSpec.Networks
 	// is still honored if it exists.
-	Networks []*NetworkAttachmentConfig `protobuf:"bytes,7,rep,name=networks" json:"networks,omitempty"`
+	Networks []*NetworkAttachmentConfig `protobuf:"bytes,7,rep,name=networks,proto3" json:"networks,omitempty"` // Deprecated: Do not use.
 	// Service endpoint specifies the user provided configuration
 	// to properly discover and load balance a service.
-	Endpoint *EndpointSpec `protobuf:"bytes,8,opt,name=endpoint" json:"endpoint,omitempty"`
+	Endpoint *EndpointSpec `protobuf:"bytes,8,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
+}
+
+func (m *ServiceSpec) Reset()      { *m = ServiceSpec{} }
+func (*ServiceSpec) ProtoMessage() {}
+func (*ServiceSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{1}
+}
+func (m *ServiceSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ServiceSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ServiceSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ServiceSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServiceSpec.Merge(m, src)
+}
+func (m *ServiceSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *ServiceSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_ServiceSpec.DiscardUnknown(m)
 }
 
-func (m *ServiceSpec) Reset()                    { *m = ServiceSpec{} }
-func (*ServiceSpec) ProtoMessage()               {}
-func (*ServiceSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{1} }
+var xxx_messageInfo_ServiceSpec proto.InternalMessageInfo
 
 type isServiceSpec_Mode interface {
 	isServiceSpec_Mode()
@@ -194,14 +268,22 @@ type isServiceSpec_Mode interface {
 }
 
 type ServiceSpec_Replicated struct {
-	Replicated *ReplicatedService `protobuf:"bytes,3,opt,name=replicated,oneof"`
+	Replicated *ReplicatedService `protobuf:"bytes,3,opt,name=replicated,proto3,oneof" json:"replicated,omitempty"`
 }
 type ServiceSpec_Global struct {
-	Global *GlobalService `protobuf:"bytes,4,opt,name=global,oneof"`
+	Global *GlobalService `protobuf:"bytes,4,opt,name=global,proto3,oneof" json:"global,omitempty"`
+}
+type ServiceSpec_ReplicatedJob struct {
+	ReplicatedJob *ReplicatedJob `protobuf:"bytes,10,opt,name=replicated_job,json=replicatedJob,proto3,oneof" json:"replicated_job,omitempty"`
+}
+type ServiceSpec_GlobalJob struct {
+	GlobalJob *GlobalJob `protobuf:"bytes,11,opt,name=global_job,json=globalJob,proto3,oneof" json:"global_job,omitempty"`
 }
 
-func (*ServiceSpec_Replicated) isServiceSpec_Mode() {}
-func (*ServiceSpec_Global) isServiceSpec_Mode()     {}
+func (*ServiceSpec_Replicated) isServiceSpec_Mode()    {}
+func (*ServiceSpec_Global) isServiceSpec_Mode()        {}
+func (*ServiceSpec_ReplicatedJob) isServiceSpec_Mode() {}
+func (*ServiceSpec_GlobalJob) isServiceSpec_Mode()     {}
 
 func (m *ServiceSpec) GetMode() isServiceSpec_Mode {
 	if m != nil {
@@ -224,78 +306,28 @@ func (m *ServiceSpec) GetGlobal() *GlobalService {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*ServiceSpec) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _ServiceSpec_OneofMarshaler, _ServiceSpec_OneofUnmarshaler, _ServiceSpec_OneofSizer, []interface{}{
-		(*ServiceSpec_Replicated)(nil),
-		(*ServiceSpec_Global)(nil),
+func (m *ServiceSpec) GetReplicatedJob() *ReplicatedJob {
+	if x, ok := m.GetMode().(*ServiceSpec_ReplicatedJob); ok {
+		return x.ReplicatedJob
 	}
+	return nil
 }
 
-func _ServiceSpec_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*ServiceSpec)
-	// mode
-	switch x := m.Mode.(type) {
-	case *ServiceSpec_Replicated:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Replicated); err != nil {
-			return err
-		}
-	case *ServiceSpec_Global:
-		_ = b.EncodeVarint(4<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Global); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("ServiceSpec.Mode has unexpected type %T", x)
+func (m *ServiceSpec) GetGlobalJob() *GlobalJob {
+	if x, ok := m.GetMode().(*ServiceSpec_GlobalJob); ok {
+		return x.GlobalJob
 	}
 	return nil
 }
 
-func _ServiceSpec_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*ServiceSpec)
-	switch tag {
-	case 3: // mode.replicated
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(ReplicatedService)
-		err := b.DecodeMessage(msg)
-		m.Mode = &ServiceSpec_Replicated{msg}
-		return true, err
-	case 4: // mode.global
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(GlobalService)
-		err := b.DecodeMessage(msg)
-		m.Mode = &ServiceSpec_Global{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _ServiceSpec_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*ServiceSpec)
-	// mode
-	switch x := m.Mode.(type) {
-	case *ServiceSpec_Replicated:
-		s := proto.Size(x.Replicated)
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *ServiceSpec_Global:
-		s := proto.Size(x.Global)
-		n += proto.SizeVarint(4<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*ServiceSpec) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*ServiceSpec_Replicated)(nil),
+		(*ServiceSpec_Global)(nil),
+		(*ServiceSpec_ReplicatedJob)(nil),
+		(*ServiceSpec_GlobalJob)(nil),
 	}
-	return n
 }
 
 // ReplicatedService sets the reconciliation target to certain number of replicas.
@@ -303,17 +335,155 @@ type ReplicatedService struct {
 	Replicas uint64 `protobuf:"varint,1,opt,name=replicas,proto3" json:"replicas,omitempty"`
 }
 
-func (m *ReplicatedService) Reset()                    { *m = ReplicatedService{} }
-func (*ReplicatedService) ProtoMessage()               {}
-func (*ReplicatedService) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{2} }
+func (m *ReplicatedService) Reset()      { *m = ReplicatedService{} }
+func (*ReplicatedService) ProtoMessage() {}
+func (*ReplicatedService) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{2}
+}
+func (m *ReplicatedService) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReplicatedService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReplicatedService.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReplicatedService) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReplicatedService.Merge(m, src)
+}
+func (m *ReplicatedService) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReplicatedService) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReplicatedService.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ReplicatedService proto.InternalMessageInfo
 
 // GlobalService represents global service.
 type GlobalService struct {
 }
 
-func (m *GlobalService) Reset()                    { *m = GlobalService{} }
-func (*GlobalService) ProtoMessage()               {}
-func (*GlobalService) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{3} }
+func (m *GlobalService) Reset()      { *m = GlobalService{} }
+func (*GlobalService) ProtoMessage() {}
+func (*GlobalService) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{3}
+}
+func (m *GlobalService) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GlobalService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GlobalService.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GlobalService) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GlobalService.Merge(m, src)
+}
+func (m *GlobalService) XXX_Size() int {
+	return m.Size()
+}
+func (m *GlobalService) XXX_DiscardUnknown() {
+	xxx_messageInfo_GlobalService.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GlobalService proto.InternalMessageInfo
+
+// ReplicatedJob is a certain type of one-off job which executes many Tasks in
+// parallel until the specified number of Tasks have succeeded.
+type ReplicatedJob struct {
+	// MaxConcurrent indicates the maximum number of Tasks that should be
+	// executing simultaneously at any given time.
+	MaxConcurrent uint64 `protobuf:"varint,1,opt,name=max_concurrent,json=maxConcurrent,proto3" json:"max_concurrent,omitempty"`
+	// TotalCompletions sets the total number of Tasks desired to run to
+	// completion. This is also the absolute maximum number of Tasks that will
+	// be executed in parallel. That is, if this number is smaller than
+	// MaxConcurrent, only this many replicas will run.
+	TotalCompletions uint64 `protobuf:"varint,2,opt,name=total_completions,json=totalCompletions,proto3" json:"total_completions,omitempty"`
+}
+
+func (m *ReplicatedJob) Reset()      { *m = ReplicatedJob{} }
+func (*ReplicatedJob) ProtoMessage() {}
+func (*ReplicatedJob) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{4}
+}
+func (m *ReplicatedJob) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReplicatedJob) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReplicatedJob.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReplicatedJob) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReplicatedJob.Merge(m, src)
+}
+func (m *ReplicatedJob) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReplicatedJob) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReplicatedJob.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ReplicatedJob proto.InternalMessageInfo
+
+// GlobalJob is a type of one-off job which executes one Task on every node
+// matching the service's placement constraints.
+type GlobalJob struct {
+}
+
+func (m *GlobalJob) Reset()      { *m = GlobalJob{} }
+func (*GlobalJob) ProtoMessage() {}
+func (*GlobalJob) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{5}
+}
+func (m *GlobalJob) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GlobalJob) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GlobalJob.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GlobalJob) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GlobalJob.Merge(m, src)
+}
+func (m *GlobalJob) XXX_Size() int {
+	return m.Size()
+}
+func (m *GlobalJob) XXX_DiscardUnknown() {
+	xxx_messageInfo_GlobalJob.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GlobalJob proto.InternalMessageInfo
 
 type TaskSpec struct {
 	// Types that are valid to be assigned to Runtime:
@@ -322,18 +492,18 @@ type TaskSpec struct {
 	//	*TaskSpec_Generic
 	Runtime isTaskSpec_Runtime `protobuf_oneof:"runtime"`
 	// Resource requirements for the container.
-	Resources *ResourceRequirements `protobuf:"bytes,2,opt,name=resources" json:"resources,omitempty"`
+	Resources *ResourceRequirements `protobuf:"bytes,2,opt,name=resources,proto3" json:"resources,omitempty"`
 	// RestartPolicy specifies what to do when a task fails or finishes.
-	Restart *RestartPolicy `protobuf:"bytes,4,opt,name=restart" json:"restart,omitempty"`
+	Restart *RestartPolicy `protobuf:"bytes,4,opt,name=restart,proto3" json:"restart,omitempty"`
 	// Placement specifies node selection constraints
-	Placement *Placement `protobuf:"bytes,5,opt,name=placement" json:"placement,omitempty"`
+	Placement *Placement `protobuf:"bytes,5,opt,name=placement,proto3" json:"placement,omitempty"`
 	// LogDriver specifies the log driver to use for the task. Any runtime will
 	// direct logs into the specified driver for the duration of the task.
-	LogDriver *Driver `protobuf:"bytes,6,opt,name=log_driver,json=logDriver" json:"log_driver,omitempty"`
+	LogDriver *Driver `protobuf:"bytes,6,opt,name=log_driver,json=logDriver,proto3" json:"log_driver,omitempty"`
 	// Networks specifies the list of network attachment
 	// configurations (which specify the network and per-network
 	// aliases) that this task spec is bound to.
-	Networks []*NetworkAttachmentConfig `protobuf:"bytes,7,rep,name=networks" json:"networks,omitempty"`
+	Networks []*NetworkAttachmentConfig `protobuf:"bytes,7,rep,name=networks,proto3" json:"networks,omitempty"`
 	// ForceUpdate is a counter that triggers an update even if no relevant
 	// parameters have been changed. We do this to allow forced restarts
 	// using the same reconciliation-based mechanism that performs rolling
@@ -347,12 +517,40 @@ type TaskSpec struct {
 	// dispatcher to send the related objects.
 	//
 	// ResourceReferences is a list of ResourceReferences used by the task.
-	ResourceReferences []ResourceReference `protobuf:"bytes,11,rep,name=resource_references,json=resourceReferences" json:"resource_references"`
+	ResourceReferences []ResourceReference `protobuf:"bytes,11,rep,name=resource_references,json=resourceReferences,proto3" json:"resource_references"`
+}
+
+func (m *TaskSpec) Reset()      { *m = TaskSpec{} }
+func (*TaskSpec) ProtoMessage() {}
+func (*TaskSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{6}
+}
+func (m *TaskSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskSpec.Merge(m, src)
+}
+func (m *TaskSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskSpec.DiscardUnknown(m)
 }
 
-func (m *TaskSpec) Reset()                    { *m = TaskSpec{} }
-func (*TaskSpec) ProtoMessage()               {}
-func (*TaskSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{4} }
+var xxx_messageInfo_TaskSpec proto.InternalMessageInfo
 
 type isTaskSpec_Runtime interface {
 	isTaskSpec_Runtime()
@@ -361,13 +559,13 @@ type isTaskSpec_Runtime interface {
 }
 
 type TaskSpec_Attachment struct {
-	Attachment *NetworkAttachmentSpec `protobuf:"bytes,8,opt,name=attachment,oneof"`
+	Attachment *NetworkAttachmentSpec `protobuf:"bytes,8,opt,name=attachment,proto3,oneof" json:"attachment,omitempty"`
 }
 type TaskSpec_Container struct {
-	Container *ContainerSpec `protobuf:"bytes,1,opt,name=container,oneof"`
+	Container *ContainerSpec `protobuf:"bytes,1,opt,name=container,proto3,oneof" json:"container,omitempty"`
 }
 type TaskSpec_Generic struct {
-	Generic *GenericRuntimeSpec `protobuf:"bytes,10,opt,name=generic,oneof"`
+	Generic *GenericRuntimeSpec `protobuf:"bytes,10,opt,name=generic,proto3,oneof" json:"generic,omitempty"`
 }
 
 func (*TaskSpec_Attachment) isTaskSpec_Runtime() {}
@@ -402,116 +600,88 @@ func (m *TaskSpec) GetGeneric() *GenericRuntimeSpec {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*TaskSpec) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _TaskSpec_OneofMarshaler, _TaskSpec_OneofUnmarshaler, _TaskSpec_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*TaskSpec) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*TaskSpec_Attachment)(nil),
 		(*TaskSpec_Container)(nil),
 		(*TaskSpec_Generic)(nil),
 	}
 }
 
-func _TaskSpec_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*TaskSpec)
-	// runtime
-	switch x := m.Runtime.(type) {
-	case *TaskSpec_Attachment:
-		_ = b.EncodeVarint(8<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Attachment); err != nil {
-			return err
-		}
-	case *TaskSpec_Container:
-		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Container); err != nil {
-			return err
-		}
-	case *TaskSpec_Generic:
-		_ = b.EncodeVarint(10<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Generic); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("TaskSpec.Runtime has unexpected type %T", x)
-	}
-	return nil
+type ResourceReference struct {
+	ResourceID   string       `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
+	ResourceType ResourceType `protobuf:"varint,2,opt,name=resource_type,json=resourceType,proto3,enum=docker.swarmkit.v1.ResourceType" json:"resource_type,omitempty"`
 }
 
-func _TaskSpec_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*TaskSpec)
-	switch tag {
-	case 8: // runtime.attachment
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(NetworkAttachmentSpec)
-		err := b.DecodeMessage(msg)
-		m.Runtime = &TaskSpec_Attachment{msg}
-		return true, err
-	case 1: // runtime.container
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(ContainerSpec)
-		err := b.DecodeMessage(msg)
-		m.Runtime = &TaskSpec_Container{msg}
-		return true, err
-	case 10: // runtime.generic
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(GenericRuntimeSpec)
-		err := b.DecodeMessage(msg)
-		m.Runtime = &TaskSpec_Generic{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _TaskSpec_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*TaskSpec)
-	// runtime
-	switch x := m.Runtime.(type) {
-	case *TaskSpec_Attachment:
-		s := proto.Size(x.Attachment)
-		n += proto.SizeVarint(8<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *TaskSpec_Container:
-		s := proto.Size(x.Container)
-		n += proto.SizeVarint(1<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *TaskSpec_Generic:
-		s := proto.Size(x.Generic)
-		n += proto.SizeVarint(10<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
+func (m *ResourceReference) Reset()      { *m = ResourceReference{} }
+func (*ResourceReference) ProtoMessage() {}
+func (*ResourceReference) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{7}
+}
+func (m *ResourceReference) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResourceReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResourceReference.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return n
 }
-
-type ResourceReference struct {
-	ResourceID   string       `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
-	ResourceType ResourceType `protobuf:"varint,2,opt,name=resource_type,json=resourceType,proto3,enum=docker.swarmkit.v1.ResourceType" json:"resource_type,omitempty"`
+func (m *ResourceReference) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResourceReference.Merge(m, src)
+}
+func (m *ResourceReference) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResourceReference) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResourceReference.DiscardUnknown(m)
 }
 
-func (m *ResourceReference) Reset()                    { *m = ResourceReference{} }
-func (*ResourceReference) ProtoMessage()               {}
-func (*ResourceReference) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{5} }
+var xxx_messageInfo_ResourceReference proto.InternalMessageInfo
 
 type GenericRuntimeSpec struct {
-	Kind    string                `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
-	Payload *google_protobuf3.Any `protobuf:"bytes,2,opt,name=payload" json:"payload,omitempty"`
+	Kind    string     `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
+	Payload *types.Any `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"`
+}
+
+func (m *GenericRuntimeSpec) Reset()      { *m = GenericRuntimeSpec{} }
+func (*GenericRuntimeSpec) ProtoMessage() {}
+func (*GenericRuntimeSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{8}
+}
+func (m *GenericRuntimeSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GenericRuntimeSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GenericRuntimeSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GenericRuntimeSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GenericRuntimeSpec.Merge(m, src)
+}
+func (m *GenericRuntimeSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *GenericRuntimeSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_GenericRuntimeSpec.DiscardUnknown(m)
 }
 
-func (m *GenericRuntimeSpec) Reset()                    { *m = GenericRuntimeSpec{} }
-func (*GenericRuntimeSpec) ProtoMessage()               {}
-func (*GenericRuntimeSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{6} }
+var xxx_messageInfo_GenericRuntimeSpec proto.InternalMessageInfo
 
 // NetworkAttachmentSpec specifies runtime parameters required to attach
 // a container to a network.
@@ -521,9 +691,37 @@ type NetworkAttachmentSpec struct {
 	ContainerID string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
 }
 
-func (m *NetworkAttachmentSpec) Reset()                    { *m = NetworkAttachmentSpec{} }
-func (*NetworkAttachmentSpec) ProtoMessage()               {}
-func (*NetworkAttachmentSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{7} }
+func (m *NetworkAttachmentSpec) Reset()      { *m = NetworkAttachmentSpec{} }
+func (*NetworkAttachmentSpec) ProtoMessage() {}
+func (*NetworkAttachmentSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{9}
+}
+func (m *NetworkAttachmentSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NetworkAttachmentSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NetworkAttachmentSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NetworkAttachmentSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NetworkAttachmentSpec.Merge(m, src)
+}
+func (m *NetworkAttachmentSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *NetworkAttachmentSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_NetworkAttachmentSpec.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NetworkAttachmentSpec proto.InternalMessageInfo
 
 // Container specifies runtime parameters for a container.
 type ContainerSpec struct {
@@ -540,25 +738,25 @@ type ContainerSpec struct {
 	//
 	// This field *must* remain compatible with the Labels field of
 	// Annotations.
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Command to run the the container. The first element is a path to the
 	// executable and the following elements are treated as arguments.
 	//
 	// If command is empty, execution will fall back to the image's entrypoint.
 	//
 	// Command should only be used when overriding entrypoint.
-	Command []string `protobuf:"bytes,3,rep,name=command" json:"command,omitempty"`
+	Command []string `protobuf:"bytes,3,rep,name=command,proto3" json:"command,omitempty"`
 	// Args specifies arguments provided to the image's entrypoint.
 	//
 	// If Command and Args are provided, Args will be appended to Command.
-	Args []string `protobuf:"bytes,4,rep,name=args" json:"args,omitempty"`
+	Args []string `protobuf:"bytes,4,rep,name=args,proto3" json:"args,omitempty"`
 	// Hostname specifies the hostname that will be set on containers created by docker swarm.
 	// All containers for a given service will have the same hostname
 	Hostname string `protobuf:"bytes,14,opt,name=hostname,proto3" json:"hostname,omitempty"`
 	// Env specifies the environment variables for the container in NAME=VALUE
 	// format. These must be compliant with  [IEEE Std
 	// 1003.1-2001](http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html).
-	Env []string `protobuf:"bytes,5,rep,name=env" json:"env,omitempty"`
+	Env []string `protobuf:"bytes,5,rep,name=env,proto3" json:"env,omitempty"`
 	// Dir defines the working directory to set for the container process.
 	Dir string `protobuf:"bytes,6,opt,name=dir,proto3" json:"dir,omitempty"`
 	// User specifies the user that should be employed to run the container.
@@ -568,11 +766,11 @@ type ContainerSpec struct {
 	// `<user>:<group>`.
 	User string `protobuf:"bytes,7,opt,name=user,proto3" json:"user,omitempty"`
 	// Groups specifies supplementary groups available to the user.
-	Groups []string `protobuf:"bytes,11,rep,name=groups" json:"groups,omitempty"`
+	Groups []string `protobuf:"bytes,11,rep,name=groups,proto3" json:"groups,omitempty"`
 	// Privileges specifies security configuration/permissions.
-	Privileges *Privileges `protobuf:"bytes,22,opt,name=privileges" json:"privileges,omitempty"`
+	Privileges *Privileges `protobuf:"bytes,22,opt,name=privileges,proto3" json:"privileges,omitempty"`
 	// Init declares that a custom init will be running inside the container, if null, use the daemon's configured settings
-	Init *google_protobuf4.BoolValue `protobuf:"bytes,23,opt,name=init" json:"init,omitempty"`
+	Init *types.BoolValue `protobuf:"bytes,23,opt,name=init,proto3" json:"init,omitempty"`
 	// TTY declares that a TTY should be attached to the standard streams,
 	// including stdin if it is still open.
 	TTY bool `protobuf:"varint,13,opt,name=tty,proto3" json:"tty,omitempty"`
@@ -585,19 +783,19 @@ type ContainerSpec struct {
 	ReadOnly bool `protobuf:"varint,19,opt,name=read_only,json=readOnly,proto3" json:"read_only,omitempty"`
 	// StopSignal defines the signal to stop the container.
 	StopSignal string  `protobuf:"bytes,20,opt,name=stop_signal,json=stopSignal,proto3" json:"stop_signal,omitempty"`
-	Mounts     []Mount `protobuf:"bytes,8,rep,name=mounts" json:"mounts"`
+	Mounts     []Mount `protobuf:"bytes,8,rep,name=mounts,proto3" json:"mounts"`
 	// StopGracePeriod the grace period for stopping the container before
 	// forcefully killing the container.
 	// Note: Can't use stdduration here because this needs to be nullable.
-	StopGracePeriod *google_protobuf1.Duration `protobuf:"bytes,9,opt,name=stop_grace_period,json=stopGracePeriod" json:"stop_grace_period,omitempty"`
+	StopGracePeriod *types.Duration `protobuf:"bytes,9,opt,name=stop_grace_period,json=stopGracePeriod,proto3" json:"stop_grace_period,omitempty"`
 	// PullOptions parameterize the behavior of image pulls.
-	PullOptions *ContainerSpec_PullOptions `protobuf:"bytes,10,opt,name=pull_options,json=pullOptions" json:"pull_options,omitempty"`
+	PullOptions *ContainerSpec_PullOptions `protobuf:"bytes,10,opt,name=pull_options,json=pullOptions,proto3" json:"pull_options,omitempty"`
 	// SecretReference contains references to zero or more secrets that
 	// will be exposed to the container.
-	Secrets []*SecretReference `protobuf:"bytes,12,rep,name=secrets" json:"secrets,omitempty"`
+	Secrets []*SecretReference `protobuf:"bytes,12,rep,name=secrets,proto3" json:"secrets,omitempty"`
 	// ConfigReference contains references to zero or more configs that
 	// will be exposed to the container.
-	Configs []*ConfigReference `protobuf:"bytes,21,rep,name=configs" json:"configs,omitempty"`
+	Configs []*ConfigReference `protobuf:"bytes,21,rep,name=configs,proto3" json:"configs,omitempty"`
 	// Hosts allow additional entries to be specified in /etc/hosts
 	// that associates IP addresses with hostnames.
 	// Detailed documentation is available in:
@@ -608,14 +806,14 @@ type ContainerSpec struct {
 	// above.
 	// This is different from `docker run --add-host <hostname>:<ip>`
 	// where format is `<hostname>:<ip>`
-	Hosts []string `protobuf:"bytes,17,rep,name=hosts" json:"hosts,omitempty"`
+	Hosts []string `protobuf:"bytes,17,rep,name=hosts,proto3" json:"hosts,omitempty"`
 	// DNSConfig allows one to specify DNS related configuration in resolv.conf
-	DNSConfig *ContainerSpec_DNSConfig `protobuf:"bytes,15,opt,name=dns_config,json=dnsConfig" json:"dns_config,omitempty"`
+	DNSConfig *ContainerSpec_DNSConfig `protobuf:"bytes,15,opt,name=dns_config,json=dnsConfig,proto3" json:"dns_config,omitempty"`
 	// Healthcheck describes how to check the container is healthy. If the
 	// container is considered unhealthy, it will be destroyed, its creating
 	// task will exit and a new task will be rescheduled elsewhere. A container
 	// is considered unhealthy after `Retries` number of consecutive failures.
-	Healthcheck *HealthConfig `protobuf:"bytes,16,opt,name=healthcheck" json:"healthcheck,omitempty"`
+	Healthcheck *HealthConfig `protobuf:"bytes,16,opt,name=healthcheck,proto3" json:"healthcheck,omitempty"`
 	// Isolation defines the isolation level for windows containers (default, process, hyperv).
 	// Runtimes that don't support it ignore that field
 	Isolation ContainerSpec_Isolation `protobuf:"varint,24,opt,name=isolation,proto3,enum=docker.swarmkit.v1.ContainerSpec_Isolation" json:"isolation,omitempty"`
@@ -635,18 +833,47 @@ type ContainerSpec struct {
 	// documentation at:
 	//
 	// https://docs.docker.com/engine/reference/commandline/run/#configure-namespaced-kernel-parameters-sysctls-at-runtime
-	Sysctls map[string]string `protobuf:"bytes,26,rep,name=sysctls" json:"sysctls,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// Swap limit equal to memory plus swap: '-1' to enable unlimited swap
-	MemorySwap int64 `protobuf:"varint,27,opt,name=memory_swap,json=memorySwap,proto3" json:"memory_swap,omitempty"`
-	// Tune container memory swappiness (0 to 100) - if not specified, defaults
-	// to the container OS's default - generally 60, or the value predefined in
-	// the image; set to -1 to unset a previously set value
-	MemorySwappiness *google_protobuf4.Int64Value `protobuf:"bytes,28,opt,name=memory_swappiness,json=memorySwappiness" json:"memory_swappiness,omitempty"`
+	Sysctls map[string]string `protobuf:"bytes,26,rep,name=sysctls,proto3" json:"sysctls,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// CapabilityAdd sets the list of capabilities to add to the default capability list
+	CapabilityAdd []string `protobuf:"bytes,27,rep,name=capability_add,json=capabilityAdd,proto3" json:"capability_add,omitempty"`
+	// CapabilityDrop sets the list of capabilities to drop from the default capability list
+	CapabilityDrop []string `protobuf:"bytes,28,rep,name=capability_drop,json=capabilityDrop,proto3" json:"capability_drop,omitempty"`
+	// Ulimits defines the list of ulimits to set in the container. This option
+	// is equivalent to passing --ulimit to docker run.
+	Ulimits []*ContainerSpec_Ulimit `protobuf:"bytes,29,rep,name=ulimits,proto3" json:"ulimits,omitempty"`
+}
+
+func (m *ContainerSpec) Reset()      { *m = ContainerSpec{} }
+func (*ContainerSpec) ProtoMessage() {}
+func (*ContainerSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{10}
+}
+func (m *ContainerSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerSpec.Merge(m, src)
+}
+func (m *ContainerSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContainerSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerSpec.DiscardUnknown(m)
 }
 
-func (m *ContainerSpec) Reset()                    { *m = ContainerSpec{} }
-func (*ContainerSpec) ProtoMessage()               {}
-func (*ContainerSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{8} }
+var xxx_messageInfo_ContainerSpec proto.InternalMessageInfo
 
 // PullOptions allows one to parameterize an image pull.
 type ContainerSpec_PullOptions struct {
@@ -660,25 +887,117 @@ type ContainerSpec_PullOptions struct {
 func (m *ContainerSpec_PullOptions) Reset()      { *m = ContainerSpec_PullOptions{} }
 func (*ContainerSpec_PullOptions) ProtoMessage() {}
 func (*ContainerSpec_PullOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptorSpecs, []int{8, 1}
+	return fileDescriptor_6589acc608f7d4fd, []int{10, 1}
+}
+func (m *ContainerSpec_PullOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerSpec_PullOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerSpec_PullOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerSpec_PullOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerSpec_PullOptions.Merge(m, src)
+}
+func (m *ContainerSpec_PullOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContainerSpec_PullOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerSpec_PullOptions.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_ContainerSpec_PullOptions proto.InternalMessageInfo
+
 // DNSConfig specifies DNS related configurations in resolver configuration file (resolv.conf)
 // Detailed documentation is available in:
 // http://man7.org/linux/man-pages/man5/resolv.conf.5.html
 // TODO: domain is not supported yet
 type ContainerSpec_DNSConfig struct {
 	// Nameservers specifies the IP addresses of the name servers
-	Nameservers []string `protobuf:"bytes,1,rep,name=nameservers" json:"nameservers,omitempty"`
+	Nameservers []string `protobuf:"bytes,1,rep,name=nameservers,proto3" json:"nameservers,omitempty"`
 	// Search specifies the search list for host-name lookup
-	Search []string `protobuf:"bytes,2,rep,name=search" json:"search,omitempty"`
+	Search []string `protobuf:"bytes,2,rep,name=search,proto3" json:"search,omitempty"`
 	// Options allows certain internal resolver variables to be modified
-	Options []string `protobuf:"bytes,3,rep,name=options" json:"options,omitempty"`
+	Options []string `protobuf:"bytes,3,rep,name=options,proto3" json:"options,omitempty"`
+}
+
+func (m *ContainerSpec_DNSConfig) Reset()      { *m = ContainerSpec_DNSConfig{} }
+func (*ContainerSpec_DNSConfig) ProtoMessage() {}
+func (*ContainerSpec_DNSConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{10, 2}
+}
+func (m *ContainerSpec_DNSConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerSpec_DNSConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerSpec_DNSConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerSpec_DNSConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerSpec_DNSConfig.Merge(m, src)
+}
+func (m *ContainerSpec_DNSConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContainerSpec_DNSConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerSpec_DNSConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ContainerSpec_DNSConfig proto.InternalMessageInfo
+
+type ContainerSpec_Ulimit struct {
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Soft int64  `protobuf:"varint,2,opt,name=soft,proto3" json:"soft,omitempty"`
+	Hard int64  `protobuf:"varint,3,opt,name=hard,proto3" json:"hard,omitempty"`
+}
+
+func (m *ContainerSpec_Ulimit) Reset()      { *m = ContainerSpec_Ulimit{} }
+func (*ContainerSpec_Ulimit) ProtoMessage() {}
+func (*ContainerSpec_Ulimit) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{10, 4}
+}
+func (m *ContainerSpec_Ulimit) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerSpec_Ulimit) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerSpec_Ulimit.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerSpec_Ulimit) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerSpec_Ulimit.Merge(m, src)
+}
+func (m *ContainerSpec_Ulimit) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContainerSpec_Ulimit) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerSpec_Ulimit.DiscardUnknown(m)
 }
 
-func (m *ContainerSpec_DNSConfig) Reset()                    { *m = ContainerSpec_DNSConfig{} }
-func (*ContainerSpec_DNSConfig) ProtoMessage()               {}
-func (*ContainerSpec_DNSConfig) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{8, 2} }
+var xxx_messageInfo_ContainerSpec_Ulimit proto.InternalMessageInfo
 
 // EndpointSpec defines the properties that can be configured to
 // access and loadbalance the service.
@@ -686,24 +1005,52 @@ type EndpointSpec struct {
 	Mode EndpointSpec_ResolutionMode `protobuf:"varint,1,opt,name=mode,proto3,enum=docker.swarmkit.v1.EndpointSpec_ResolutionMode" json:"mode,omitempty"`
 	// List of exposed ports that this service is accessible from
 	// external to the cluster.
-	Ports []*PortConfig `protobuf:"bytes,2,rep,name=ports" json:"ports,omitempty"`
+	Ports []*PortConfig `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"`
+}
+
+func (m *EndpointSpec) Reset()      { *m = EndpointSpec{} }
+func (*EndpointSpec) ProtoMessage() {}
+func (*EndpointSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{11}
+}
+func (m *EndpointSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *EndpointSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_EndpointSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *EndpointSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EndpointSpec.Merge(m, src)
+}
+func (m *EndpointSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *EndpointSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_EndpointSpec.DiscardUnknown(m)
 }
 
-func (m *EndpointSpec) Reset()                    { *m = EndpointSpec{} }
-func (*EndpointSpec) ProtoMessage()               {}
-func (*EndpointSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{9} }
+var xxx_messageInfo_EndpointSpec proto.InternalMessageInfo
 
 // NetworkSpec specifies user defined network parameters.
 type NetworkSpec struct {
-	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations" json:"annotations"`
+	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations,proto3" json:"annotations"`
 	// DriverConfig specific configuration consumed by the network driver.
-	DriverConfig *Driver `protobuf:"bytes,2,opt,name=driver_config,json=driverConfig" json:"driver_config,omitempty"`
+	DriverConfig *Driver `protobuf:"bytes,2,opt,name=driver_config,json=driverConfig,proto3" json:"driver_config,omitempty"`
 	// IPv6Enabled enables support for IPv6 on the network.
 	Ipv6Enabled bool `protobuf:"varint,3,opt,name=ipv6_enabled,json=ipv6Enabled,proto3" json:"ipv6_enabled,omitempty"`
 	// internal restricts external access to the network. This may be
 	// accomplished by disabling the default gateway or through other means.
 	Internal bool         `protobuf:"varint,4,opt,name=internal,proto3" json:"internal,omitempty"`
-	IPAM     *IPAMOptions `protobuf:"bytes,5,opt,name=ipam" json:"ipam,omitempty"`
+	IPAM     *IPAMOptions `protobuf:"bytes,5,opt,name=ipam,proto3" json:"ipam,omitempty"`
 	// Attachable allows external(to swarm) entities to manually
 	// attach to this network. With this flag enabled, external
 	// entities such as containers running in an worker node in
@@ -724,9 +1071,37 @@ type NetworkSpec struct {
 	ConfigFrom isNetworkSpec_ConfigFrom `protobuf_oneof:"config_from"`
 }
 
-func (m *NetworkSpec) Reset()                    { *m = NetworkSpec{} }
-func (*NetworkSpec) ProtoMessage()               {}
-func (*NetworkSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{10} }
+func (m *NetworkSpec) Reset()      { *m = NetworkSpec{} }
+func (*NetworkSpec) ProtoMessage() {}
+func (*NetworkSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{12}
+}
+func (m *NetworkSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NetworkSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NetworkSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NetworkSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NetworkSpec.Merge(m, src)
+}
+func (m *NetworkSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *NetworkSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_NetworkSpec.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NetworkSpec proto.InternalMessageInfo
 
 type isNetworkSpec_ConfigFrom interface {
 	isNetworkSpec_ConfigFrom()
@@ -735,7 +1110,7 @@ type isNetworkSpec_ConfigFrom interface {
 }
 
 type NetworkSpec_Network struct {
-	Network string `protobuf:"bytes,8,opt,name=network,proto3,oneof"`
+	Network string `protobuf:"bytes,8,opt,name=network,proto3,oneof" json:"network,omitempty"`
 }
 
 func (*NetworkSpec_Network) isNetworkSpec_ConfigFrom() {}
@@ -754,85 +1129,69 @@ func (m *NetworkSpec) GetNetwork() string {
 	return ""
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*NetworkSpec) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _NetworkSpec_OneofMarshaler, _NetworkSpec_OneofUnmarshaler, _NetworkSpec_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*NetworkSpec) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*NetworkSpec_Network)(nil),
 	}
 }
 
-func _NetworkSpec_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*NetworkSpec)
-	// config_from
-	switch x := m.ConfigFrom.(type) {
-	case *NetworkSpec_Network:
-		_ = b.EncodeVarint(8<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.Network)
-	case nil:
-	default:
-		return fmt.Errorf("NetworkSpec.ConfigFrom has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _NetworkSpec_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*NetworkSpec)
-	switch tag {
-	case 8: // config_from.network
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.ConfigFrom = &NetworkSpec_Network{x}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _NetworkSpec_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*NetworkSpec)
-	// config_from
-	switch x := m.ConfigFrom.(type) {
-	case *NetworkSpec_Network:
-		n += proto.SizeVarint(8<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.Network)))
-		n += len(x.Network)
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // ClusterSpec specifies global cluster settings.
 type ClusterSpec struct {
-	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations" json:"annotations"`
+	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations,proto3" json:"annotations"`
 	// DEPRECATED: AcceptancePolicy defines the certificate issuance policy.
 	// Acceptance policy is no longer customizable, and secrets have been
 	// replaced with join tokens.
-	AcceptancePolicy AcceptancePolicy `protobuf:"bytes,2,opt,name=acceptance_policy,json=acceptancePolicy" json:"acceptance_policy"`
+	AcceptancePolicy AcceptancePolicy `protobuf:"bytes,2,opt,name=acceptance_policy,json=acceptancePolicy,proto3" json:"acceptance_policy"` // Deprecated: Do not use.
 	// Orchestration defines cluster-level orchestration settings.
-	Orchestration OrchestrationConfig `protobuf:"bytes,3,opt,name=orchestration" json:"orchestration"`
+	Orchestration OrchestrationConfig `protobuf:"bytes,3,opt,name=orchestration,proto3" json:"orchestration"`
 	// Raft defines the cluster's raft settings.
-	Raft RaftConfig `protobuf:"bytes,4,opt,name=raft" json:"raft"`
+	Raft RaftConfig `protobuf:"bytes,4,opt,name=raft,proto3" json:"raft"`
 	// Dispatcher defines cluster-level dispatcher settings.
-	Dispatcher DispatcherConfig `protobuf:"bytes,5,opt,name=dispatcher" json:"dispatcher"`
+	Dispatcher DispatcherConfig `protobuf:"bytes,5,opt,name=dispatcher,proto3" json:"dispatcher"`
 	// CAConfig defines cluster-level certificate authority settings.
-	CAConfig CAConfig `protobuf:"bytes,6,opt,name=ca_config,json=caConfig" json:"ca_config"`
+	CAConfig CAConfig `protobuf:"bytes,6,opt,name=ca_config,json=caConfig,proto3" json:"ca_config"`
 	// TaskDefaults specifies the default values to use for task creation.
-	TaskDefaults TaskDefaults `protobuf:"bytes,7,opt,name=task_defaults,json=taskDefaults" json:"task_defaults"`
+	TaskDefaults TaskDefaults `protobuf:"bytes,7,opt,name=task_defaults,json=taskDefaults,proto3" json:"task_defaults"`
 	// EncryptionConfig defines the cluster's encryption settings.
-	EncryptionConfig EncryptionConfig `protobuf:"bytes,8,opt,name=encryption_config,json=encryptionConfig" json:"encryption_config"`
+	EncryptionConfig EncryptionConfig `protobuf:"bytes,8,opt,name=encryption_config,json=encryptionConfig,proto3" json:"encryption_config"`
+}
+
+func (m *ClusterSpec) Reset()      { *m = ClusterSpec{} }
+func (*ClusterSpec) ProtoMessage() {}
+func (*ClusterSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{13}
+}
+func (m *ClusterSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ClusterSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ClusterSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ClusterSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ClusterSpec.Merge(m, src)
+}
+func (m *ClusterSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *ClusterSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_ClusterSpec.DiscardUnknown(m)
 }
 
-func (m *ClusterSpec) Reset()                    { *m = ClusterSpec{} }
-func (*ClusterSpec) ProtoMessage()               {}
-func (*ClusterSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{11} }
+var xxx_messageInfo_ClusterSpec proto.InternalMessageInfo
 
 // SecretSpec specifies a user-provided secret.
 type SecretSpec struct {
-	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations" json:"annotations"`
+	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations,proto3" json:"annotations"`
 	// Data is the secret payload - the maximum size is 500KB (that is, 500*1024 bytes)
 	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
 	// Templating controls whether and how to evaluate the secret payload as
@@ -840,18 +1199,46 @@ type SecretSpec struct {
 	//
 	// The currently recognized values are:
 	// - golang: Go templating
-	Templating *Driver `protobuf:"bytes,3,opt,name=templating" json:"templating,omitempty"`
+	Templating *Driver `protobuf:"bytes,3,opt,name=templating,proto3" json:"templating,omitempty"`
 	// Driver is the the secret driver that is used to store the specified secret
-	Driver *Driver `protobuf:"bytes,4,opt,name=driver" json:"driver,omitempty"`
+	Driver *Driver `protobuf:"bytes,4,opt,name=driver,proto3" json:"driver,omitempty"`
+}
+
+func (m *SecretSpec) Reset()      { *m = SecretSpec{} }
+func (*SecretSpec) ProtoMessage() {}
+func (*SecretSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{14}
+}
+func (m *SecretSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SecretSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SecretSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SecretSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SecretSpec.Merge(m, src)
+}
+func (m *SecretSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *SecretSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_SecretSpec.DiscardUnknown(m)
 }
 
-func (m *SecretSpec) Reset()                    { *m = SecretSpec{} }
-func (*SecretSpec) ProtoMessage()               {}
-func (*SecretSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{12} }
+var xxx_messageInfo_SecretSpec proto.InternalMessageInfo
 
 // ConfigSpec specifies user-provided configuration files.
 type ConfigSpec struct {
-	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations" json:"annotations"`
+	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations,proto3" json:"annotations"`
 	// Data is the config payload - the maximum size is 500KB (that is, 500*1024 bytes)
 	// TODO(aaronl): Do we want to revise this to include multiple payloads in a single
 	// ConfigSpec? Define this to be a tar? etc...
@@ -861,34 +1248,223 @@ type ConfigSpec struct {
 	//
 	// The currently recognized values are:
 	// - golang: Go templating
-	Templating *Driver `protobuf:"bytes,3,opt,name=templating" json:"templating,omitempty"`
+	Templating *Driver `protobuf:"bytes,3,opt,name=templating,proto3" json:"templating,omitempty"`
+}
+
+func (m *ConfigSpec) Reset()      { *m = ConfigSpec{} }
+func (*ConfigSpec) ProtoMessage() {}
+func (*ConfigSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6589acc608f7d4fd, []int{15}
+}
+func (m *ConfigSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ConfigSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ConfigSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ConfigSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ConfigSpec.Merge(m, src)
+}
+func (m *ConfigSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *ConfigSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_ConfigSpec.DiscardUnknown(m)
 }
 
-func (m *ConfigSpec) Reset()                    { *m = ConfigSpec{} }
-func (*ConfigSpec) ProtoMessage()               {}
-func (*ConfigSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{13} }
+var xxx_messageInfo_ConfigSpec proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.NodeSpec_Membership", NodeSpec_Membership_name, NodeSpec_Membership_value)
+	proto.RegisterEnum("docker.swarmkit.v1.NodeSpec_Availability", NodeSpec_Availability_name, NodeSpec_Availability_value)
+	proto.RegisterEnum("docker.swarmkit.v1.ContainerSpec_Isolation", ContainerSpec_Isolation_name, ContainerSpec_Isolation_value)
+	proto.RegisterEnum("docker.swarmkit.v1.EndpointSpec_ResolutionMode", EndpointSpec_ResolutionMode_name, EndpointSpec_ResolutionMode_value)
 	proto.RegisterType((*NodeSpec)(nil), "docker.swarmkit.v1.NodeSpec")
 	proto.RegisterType((*ServiceSpec)(nil), "docker.swarmkit.v1.ServiceSpec")
 	proto.RegisterType((*ReplicatedService)(nil), "docker.swarmkit.v1.ReplicatedService")
 	proto.RegisterType((*GlobalService)(nil), "docker.swarmkit.v1.GlobalService")
+	proto.RegisterType((*ReplicatedJob)(nil), "docker.swarmkit.v1.ReplicatedJob")
+	proto.RegisterType((*GlobalJob)(nil), "docker.swarmkit.v1.GlobalJob")
 	proto.RegisterType((*TaskSpec)(nil), "docker.swarmkit.v1.TaskSpec")
 	proto.RegisterType((*ResourceReference)(nil), "docker.swarmkit.v1.ResourceReference")
 	proto.RegisterType((*GenericRuntimeSpec)(nil), "docker.swarmkit.v1.GenericRuntimeSpec")
 	proto.RegisterType((*NetworkAttachmentSpec)(nil), "docker.swarmkit.v1.NetworkAttachmentSpec")
 	proto.RegisterType((*ContainerSpec)(nil), "docker.swarmkit.v1.ContainerSpec")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ContainerSpec.LabelsEntry")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ContainerSpec.SysctlsEntry")
 	proto.RegisterType((*ContainerSpec_PullOptions)(nil), "docker.swarmkit.v1.ContainerSpec.PullOptions")
 	proto.RegisterType((*ContainerSpec_DNSConfig)(nil), "docker.swarmkit.v1.ContainerSpec.DNSConfig")
+	proto.RegisterType((*ContainerSpec_Ulimit)(nil), "docker.swarmkit.v1.ContainerSpec.Ulimit")
 	proto.RegisterType((*EndpointSpec)(nil), "docker.swarmkit.v1.EndpointSpec")
 	proto.RegisterType((*NetworkSpec)(nil), "docker.swarmkit.v1.NetworkSpec")
 	proto.RegisterType((*ClusterSpec)(nil), "docker.swarmkit.v1.ClusterSpec")
 	proto.RegisterType((*SecretSpec)(nil), "docker.swarmkit.v1.SecretSpec")
 	proto.RegisterType((*ConfigSpec)(nil), "docker.swarmkit.v1.ConfigSpec")
-	proto.RegisterEnum("docker.swarmkit.v1.NodeSpec_Membership", NodeSpec_Membership_name, NodeSpec_Membership_value)
-	proto.RegisterEnum("docker.swarmkit.v1.NodeSpec_Availability", NodeSpec_Availability_name, NodeSpec_Availability_value)
-	proto.RegisterEnum("docker.swarmkit.v1.ContainerSpec_Isolation", ContainerSpec_Isolation_name, ContainerSpec_Isolation_value)
-	proto.RegisterEnum("docker.swarmkit.v1.EndpointSpec_ResolutionMode", EndpointSpec_ResolutionMode_name, EndpointSpec_ResolutionMode_value)
+}
+
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/specs.proto", fileDescriptor_6589acc608f7d4fd)
+}
+
+var fileDescriptor_6589acc608f7d4fd = []byte{
+	// 2363 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0x4d, 0x73, 0x1b, 0xc7,
+	0xd1, 0x06, 0x48, 0x10, 0x1f, 0xbd, 0x00, 0x05, 0x8e, 0x65, 0x7b, 0x09, 0x49, 0x20, 0x0c, 0xcb,
+	0x36, 0x6d, 0xd7, 0x0b, 0xd6, 0xcb, 0xb8, 0x1c, 0x7f, 0xc4, 0x49, 0x00, 0x02, 0x96, 0x60, 0x49,
+	0x14, 0x6a, 0x40, 0x29, 0x51, 0x55, 0xaa, 0x50, 0x83, 0xdd, 0x21, 0xb0, 0xe1, 0x62, 0x67, 0x33,
+	0x3b, 0xa0, 0x8d, 0x5b, 0x8e, 0x2e, 0xe5, 0x92, 0x3f, 0xc0, 0x53, 0x2a, 0xa7, 0x5c, 0x92, 0x7f,
+	0x90, 0xa3, 0x8f, 0x3e, 0x3a, 0x17, 0x56, 0x4c, 0xff, 0x84, 0xdc, 0x72, 0x49, 0x6a, 0x66, 0x67,
+	0x17, 0x0b, 0x0a, 0x10, 0x95, 0x8a, 0x0e, 0xb9, 0xcd, 0xf4, 0x3e, 0x4f, 0x4f, 0xcf, 0x4c, 0x77,
+	0x4f, 0xf7, 0xc2, 0x7b, 0x23, 0x47, 0x8c, 0xa7, 0xc3, 0x86, 0xc5, 0x26, 0x7b, 0x36, 0xb3, 0x4e,
+	0x28, 0xdf, 0x0b, 0xbe, 0x24, 0x7c, 0x72, 0xe2, 0x88, 0x3d, 0xe2, 0x3b, 0x7b, 0x81, 0x4f, 0xad,
+	0xa0, 0xe1, 0x73, 0x26, 0x18, 0x42, 0x21, 0xa0, 0x11, 0x01, 0x1a, 0xa7, 0xff, 0x5f, 0xb9, 0x8a,
+	0x2f, 0x66, 0x3e, 0xd5, 0xfc, 0xca, 0xf5, 0x11, 0x1b, 0x31, 0x35, 0xdc, 0x93, 0x23, 0x2d, 0xad,
+	0x8e, 0x18, 0x1b, 0xb9, 0x74, 0x4f, 0xcd, 0x86, 0xd3, 0xe3, 0x3d, 0x7b, 0xca, 0x89, 0x70, 0x98,
+	0xa7, 0xbf, 0x6f, 0x5f, 0xfe, 0x4e, 0xbc, 0xd9, 0x2a, 0xea, 0x97, 0x9c, 0xf8, 0x3e, 0xe5, 0x7a,
+	0xc1, 0xfa, 0x59, 0x06, 0xf2, 0x87, 0xcc, 0xa6, 0x7d, 0x9f, 0x5a, 0xe8, 0x0e, 0x18, 0xc4, 0xf3,
+	0x98, 0x50, 0xba, 0x03, 0x33, 0x5d, 0x4b, 0xef, 0x1a, 0xfb, 0x3b, 0x8d, 0x67, 0xf7, 0xd4, 0x68,
+	0xce, 0x61, 0xad, 0xcc, 0x37, 0xe7, 0x3b, 0x29, 0x9c, 0x64, 0xa2, 0x9f, 0x41, 0xd1, 0xa6, 0x81,
+	0xc3, 0xa9, 0x3d, 0xe0, 0xcc, 0xa5, 0xe6, 0x5a, 0x2d, 0xbd, 0xbb, 0xb9, 0x7f, 0x73, 0x99, 0x26,
+	0xb9, 0x38, 0x66, 0x2e, 0xc5, 0x86, 0x66, 0xc8, 0x09, 0xba, 0x03, 0x30, 0xa1, 0x93, 0x21, 0xe5,
+	0xc1, 0xd8, 0xf1, 0xcd, 0x75, 0x45, 0x7f, 0x67, 0x15, 0x5d, 0xda, 0xde, 0x78, 0x10, 0xc3, 0x71,
+	0x82, 0x8a, 0x1e, 0x40, 0x91, 0x9c, 0x12, 0xc7, 0x25, 0x43, 0xc7, 0x75, 0xc4, 0xcc, 0xcc, 0x28,
+	0x55, 0xef, 0x3e, 0x57, 0x55, 0x33, 0x41, 0xc0, 0x0b, 0xf4, 0xba, 0x0d, 0x30, 0x5f, 0x08, 0xbd,
+	0x0d, 0xb9, 0x5e, 0xe7, 0xb0, 0xdd, 0x3d, 0xbc, 0x53, 0x4e, 0x55, 0xb6, 0x9f, 0x9e, 0xd5, 0x5e,
+	0x95, 0x3a, 0xe6, 0x80, 0x1e, 0xf5, 0x6c, 0xc7, 0x1b, 0xa1, 0x5d, 0xc8, 0x37, 0x0f, 0x0e, 0x3a,
+	0xbd, 0xa3, 0x4e, 0xbb, 0x9c, 0xae, 0x54, 0x9e, 0x9e, 0xd5, 0x5e, 0x5b, 0x04, 0x36, 0x2d, 0x8b,
+	0xfa, 0x82, 0xda, 0x95, 0xcc, 0xd7, 0x7f, 0xa8, 0xa6, 0xea, 0x5f, 0xa7, 0xa1, 0x98, 0x34, 0x02,
+	0xbd, 0x0d, 0xd9, 0xe6, 0xc1, 0x51, 0xf7, 0x71, 0xa7, 0x9c, 0x9a, 0xd3, 0x93, 0x88, 0xa6, 0x25,
+	0x9c, 0x53, 0x8a, 0x6e, 0xc3, 0x46, 0xaf, 0xf9, 0xa8, 0xdf, 0x29, 0xa7, 0xe7, 0xe6, 0x24, 0x61,
+	0x3d, 0x32, 0x0d, 0x14, 0xaa, 0x8d, 0x9b, 0xdd, 0xc3, 0xf2, 0xda, 0x72, 0x54, 0x9b, 0x13, 0xc7,
+	0xd3, 0xa6, 0xfc, 0x69, 0x03, 0x8c, 0x3e, 0xe5, 0xa7, 0x8e, 0xf5, 0x92, 0x5d, 0xe4, 0x43, 0xc8,
+	0x08, 0x12, 0x9c, 0x28, 0xd7, 0x30, 0x96, 0xbb, 0xc6, 0x11, 0x09, 0x4e, 0xe4, 0xa2, 0x9a, 0xae,
+	0xf0, 0xd2, 0x33, 0x38, 0xf5, 0x5d, 0xc7, 0x22, 0x82, 0xda, 0xca, 0x33, 0x8c, 0xfd, 0xb7, 0x96,
+	0xb1, 0x71, 0x8c, 0xd2, 0xf6, 0xdf, 0x4d, 0xe1, 0x04, 0x15, 0x7d, 0x0a, 0xd9, 0x91, 0xcb, 0x86,
+	0xc4, 0x55, 0x3e, 0x61, 0xec, 0xbf, 0xb1, 0x4c, 0xc9, 0x1d, 0x85, 0x98, 0x2b, 0xd0, 0x14, 0xf4,
+	0x05, 0x6c, 0xce, 0x55, 0x0d, 0x7e, 0xcd, 0x86, 0x26, 0xac, 0x56, 0x32, 0xb7, 0xe4, 0x0b, 0x36,
+	0xbc, 0x9b, 0xc2, 0x25, 0x9e, 0x14, 0xa0, 0x9f, 0x02, 0x84, 0x5a, 0x95, 0x1e, 0x43, 0xe9, 0xb9,
+	0xb5, 0xda, 0x98, 0x50, 0x47, 0x61, 0x14, 0x4d, 0xd0, 0x47, 0x90, 0x9d, 0xfa, 0x36, 0x11, 0xd4,
+	0xcc, 0x2a, 0x6e, 0x6d, 0x19, 0xf7, 0x91, 0x42, 0x1c, 0x30, 0xef, 0xd8, 0x19, 0x61, 0x8d, 0x47,
+	0x3f, 0x81, 0x3c, 0x67, 0xae, 0x3b, 0x24, 0xd6, 0x89, 0x59, 0x78, 0x41, 0x6e, 0xcc, 0x40, 0xf7,
+	0x20, 0xef, 0x51, 0xf1, 0x25, 0xe3, 0x27, 0x81, 0x99, 0xab, 0xad, 0xef, 0x1a, 0xfb, 0xef, 0x2f,
+	0x0d, 0xab, 0x10, 0xd3, 0x14, 0x82, 0x58, 0xe3, 0x09, 0xf5, 0x44, 0xa8, 0xa8, 0xb5, 0x66, 0xa6,
+	0x71, 0xac, 0x40, 0x9a, 0x42, 0x3d, 0xdb, 0x67, 0x8e, 0x27, 0xcc, 0xfc, 0x6a, 0x53, 0x3a, 0x1a,
+	0x23, 0xdd, 0x02, 0xc7, 0x8c, 0x56, 0x16, 0x32, 0x13, 0x66, 0xd3, 0xfa, 0x1e, 0x6c, 0x3d, 0x73,
+	0xed, 0xa8, 0x02, 0x79, 0x7d, 0xe0, 0xa1, 0xbf, 0x66, 0x70, 0x3c, 0xaf, 0x5f, 0x83, 0xd2, 0xc2,
+	0x15, 0xd7, 0x2d, 0x28, 0x2d, 0x5c, 0x17, 0x7a, 0x0b, 0x36, 0x27, 0xe4, 0xab, 0x81, 0xc5, 0x3c,
+	0x6b, 0xca, 0x39, 0xf5, 0x84, 0xd6, 0x51, 0x9a, 0x90, 0xaf, 0x0e, 0x62, 0x21, 0x7a, 0x1f, 0xb6,
+	0x04, 0x13, 0xc4, 0x1d, 0x58, 0x6c, 0xe2, 0xbb, 0x34, 0x8c, 0x8e, 0x35, 0x85, 0x2c, 0xab, 0x0f,
+	0x07, 0x73, 0x79, 0xdd, 0x80, 0x42, 0x7c, 0x97, 0xf5, 0x3f, 0x6f, 0x40, 0x3e, 0xf2, 0x74, 0x74,
+	0x0f, 0x80, 0xc4, 0x07, 0xa5, 0x0f, 0xe2, 0xdd, 0x17, 0x3a, 0x55, 0x49, 0x97, 0x1e, 0x3e, 0xa7,
+	0xa3, 0x26, 0x14, 0x2c, 0xe6, 0x09, 0xe2, 0x78, 0x94, 0xeb, 0x48, 0x5d, 0xea, 0x9f, 0x07, 0x11,
+	0x48, 0xeb, 0x98, 0xb3, 0x50, 0x0b, 0x72, 0x23, 0xea, 0x51, 0xee, 0x58, 0xda, 0xc1, 0xdf, 0x5e,
+	0xea, 0x98, 0x21, 0x04, 0x4f, 0x3d, 0xe1, 0x4c, 0xa8, 0xd6, 0x12, 0x11, 0xd1, 0xe7, 0x50, 0xe0,
+	0x34, 0x60, 0x53, 0x6e, 0xd1, 0x40, 0x87, 0xfb, 0xee, 0xf2, 0x30, 0x09, 0x41, 0x98, 0xfe, 0x66,
+	0xea, 0x70, 0x2a, 0xb7, 0x10, 0xe0, 0x39, 0x15, 0x7d, 0x0a, 0x39, 0x4e, 0x03, 0x41, 0xb8, 0x78,
+	0x5e, 0xc4, 0xe2, 0x10, 0xd2, 0x63, 0xae, 0x63, 0xcd, 0x70, 0xc4, 0x40, 0x9f, 0x42, 0xc1, 0x77,
+	0x89, 0xa5, 0xb4, 0x9a, 0x1b, 0xab, 0x63, 0xac, 0x17, 0x81, 0xf0, 0x1c, 0x8f, 0x3e, 0x06, 0x70,
+	0xd9, 0x68, 0x60, 0x73, 0xe7, 0x94, 0x72, 0x1d, 0x65, 0x95, 0x65, 0xec, 0xb6, 0x42, 0xe0, 0x82,
+	0xcb, 0x46, 0xe1, 0x10, 0xdd, 0xf9, 0xaf, 0x82, 0x24, 0x11, 0x20, 0x6f, 0x40, 0xf1, 0x98, 0x71,
+	0x8b, 0x0e, 0x74, 0xac, 0x17, 0x94, 0x6f, 0x19, 0x4a, 0x16, 0x06, 0x28, 0xfa, 0x15, 0xbc, 0x12,
+	0x9d, 0xd6, 0x80, 0xd3, 0x63, 0xca, 0xa9, 0x27, 0x8f, 0xdc, 0x50, 0xcb, 0xbe, 0xf5, 0xfc, 0x23,
+	0xd7, 0x68, 0x9d, 0x6a, 0x11, 0xbf, 0xfc, 0x21, 0x68, 0x15, 0x20, 0xc7, 0xc3, 0x0b, 0xae, 0xff,
+	0x2e, 0x2d, 0xe3, 0xec, 0x12, 0x02, 0xed, 0x81, 0x11, 0x2f, 0xef, 0xd8, 0xca, 0xe1, 0x0a, 0xad,
+	0xcd, 0x8b, 0xf3, 0x1d, 0x88, 0xb0, 0xdd, 0xb6, 0xcc, 0xc0, 0x7a, 0x6c, 0xa3, 0x0e, 0x94, 0x62,
+	0x82, 0x2c, 0x82, 0x74, 0x99, 0x50, 0x7b, 0x9e, 0xa5, 0x47, 0x33, 0x9f, 0xe2, 0x22, 0x4f, 0xcc,
+	0xea, 0xbf, 0x04, 0xf4, 0xac, 0x03, 0x22, 0x04, 0x99, 0x13, 0xc7, 0xd3, 0x66, 0x60, 0x35, 0x46,
+	0x0d, 0xc8, 0xf9, 0x64, 0xe6, 0x32, 0x62, 0x6b, 0x3f, 0xbc, 0xde, 0x08, 0xcb, 0xa3, 0x46, 0x54,
+	0x1e, 0x35, 0x9a, 0xde, 0x0c, 0x47, 0xa0, 0xfa, 0x3d, 0x78, 0x75, 0x69, 0x9c, 0xa1, 0x7d, 0x28,
+	0xc6, 0x31, 0x32, 0xdf, 0xeb, 0xb5, 0x8b, 0xf3, 0x1d, 0x23, 0x0e, 0xa6, 0x6e, 0x1b, 0x1b, 0x31,
+	0xa8, 0x6b, 0xd7, 0xff, 0xba, 0x09, 0xa5, 0x85, 0x48, 0x43, 0xd7, 0x61, 0xc3, 0x99, 0x90, 0x11,
+	0xd5, 0x36, 0x86, 0x13, 0xd4, 0x81, 0xac, 0x4b, 0x86, 0xd4, 0x95, 0xb1, 0x22, 0x2f, 0xee, 0xff,
+	0xae, 0x0c, 0xd9, 0xc6, 0x7d, 0x85, 0xef, 0x78, 0x82, 0xcf, 0xb0, 0x26, 0x23, 0x13, 0x72, 0x16,
+	0x9b, 0x4c, 0x88, 0x27, 0x1f, 0xc9, 0xf5, 0xdd, 0x02, 0x8e, 0xa6, 0xf2, 0x64, 0x08, 0x1f, 0x05,
+	0x66, 0x46, 0x89, 0xd5, 0x58, 0xe6, 0xc8, 0x31, 0x0b, 0x84, 0x47, 0x26, 0xd4, 0xdc, 0x54, 0xd6,
+	0xc4, 0x73, 0x54, 0x86, 0x75, 0xea, 0x9d, 0x9a, 0x1b, 0x0a, 0x2e, 0x87, 0x52, 0x62, 0x3b, 0x61,
+	0x20, 0x14, 0xb0, 0x1c, 0x4a, 0x9d, 0xd3, 0x80, 0x72, 0x33, 0x17, 0x9e, 0xb6, 0x1c, 0xa3, 0xd7,
+	0x20, 0x3b, 0xe2, 0x6c, 0xea, 0x87, 0x1e, 0x58, 0xc0, 0x7a, 0x26, 0xdf, 0x3b, 0x9f, 0x3b, 0xa7,
+	0x8e, 0x4b, 0x47, 0x34, 0x30, 0x5f, 0x53, 0x17, 0x51, 0x5d, 0x1a, 0x8b, 0x31, 0x0a, 0x27, 0x18,
+	0xa8, 0x01, 0x19, 0xc7, 0x73, 0x84, 0xf9, 0xba, 0x8e, 0xc3, 0xcb, 0x57, 0xd8, 0x62, 0xcc, 0x7d,
+	0x4c, 0xdc, 0x29, 0xc5, 0x0a, 0x87, 0xb6, 0x61, 0x5d, 0x88, 0x99, 0x59, 0xaa, 0xa5, 0x77, 0xf3,
+	0xad, 0xdc, 0xc5, 0xf9, 0xce, 0xfa, 0xd1, 0xd1, 0x13, 0x2c, 0x65, 0xe8, 0x16, 0x00, 0xf3, 0xa9,
+	0x37, 0x08, 0x84, 0xed, 0x78, 0x26, 0x92, 0x08, 0x5c, 0x90, 0x92, 0xbe, 0x14, 0xa0, 0x1b, 0x32,
+	0x73, 0x11, 0x7b, 0xc0, 0x3c, 0x77, 0x66, 0xbe, 0xa2, 0xbe, 0xe6, 0xa5, 0xe0, 0xa1, 0xe7, 0xce,
+	0xd0, 0x0e, 0x18, 0x81, 0x60, 0xfe, 0x20, 0x70, 0x46, 0x1e, 0x71, 0xcd, 0xeb, 0x6a, 0xe7, 0x20,
+	0x45, 0x7d, 0x25, 0x41, 0x3f, 0x86, 0xec, 0x84, 0x4d, 0x3d, 0x11, 0x98, 0x79, 0x75, 0x91, 0xdb,
+	0xcb, 0xf6, 0xf8, 0x40, 0x22, 0x74, 0xd4, 0x69, 0x38, 0xea, 0xc0, 0x96, 0xd2, 0x3c, 0xe2, 0xc4,
+	0xa2, 0x03, 0x9f, 0x72, 0x87, 0xd9, 0xfa, 0x7d, 0xde, 0x7e, 0x66, 0xb7, 0x6d, 0xdd, 0x0a, 0xe0,
+	0x6b, 0x92, 0x73, 0x47, 0x52, 0x7a, 0x8a, 0x81, 0x7a, 0x50, 0xf4, 0xa7, 0xae, 0x3b, 0x60, 0x7e,
+	0xf8, 0x1a, 0x85, 0x09, 0xfc, 0x05, 0xdc, 0xa9, 0x37, 0x75, 0xdd, 0x87, 0x21, 0x09, 0x1b, 0xfe,
+	0x7c, 0x82, 0x3e, 0x83, 0x5c, 0x40, 0x2d, 0x4e, 0x45, 0x60, 0x16, 0xd5, 0x96, 0xde, 0x5c, 0xa6,
+	0xac, 0xaf, 0x20, 0x71, 0x5e, 0xc0, 0x11, 0x47, 0xd2, 0x2d, 0x95, 0xd6, 0x02, 0xf3, 0xd5, 0xd5,
+	0x74, 0x9d, 0xf9, 0xe6, 0x74, 0xcd, 0x91, 0xe1, 0x22, 0x7d, 0x32, 0x30, 0xb7, 0x94, 0x3b, 0x85,
+	0x13, 0xf4, 0x04, 0xc0, 0xf6, 0x82, 0x41, 0x08, 0x32, 0xaf, 0xa9, 0x3d, 0xbe, 0x7f, 0xf5, 0x1e,
+	0xdb, 0x87, 0x7d, 0x5d, 0x87, 0x94, 0x2e, 0xce, 0x77, 0x0a, 0xf1, 0x14, 0x17, 0x6c, 0x2f, 0x08,
+	0x87, 0xa8, 0x05, 0xc6, 0x98, 0x12, 0x57, 0x8c, 0xad, 0x31, 0xb5, 0x4e, 0xcc, 0xf2, 0xea, 0xb2,
+	0xe4, 0xae, 0x82, 0x69, 0x0d, 0x49, 0x12, 0xea, 0x42, 0xc1, 0x09, 0x98, 0xab, 0xae, 0xc8, 0x34,
+	0x55, 0x7e, 0x7b, 0x01, 0xeb, 0xba, 0x11, 0x05, 0xcf, 0xd9, 0xe8, 0x26, 0x14, 0x7c, 0xc7, 0x0e,
+	0xee, 0x3b, 0x13, 0x47, 0x98, 0xdb, 0xb5, 0xf4, 0xee, 0x3a, 0x9e, 0x0b, 0xd0, 0x5d, 0xc8, 0x05,
+	0xb3, 0xc0, 0x12, 0x6e, 0x60, 0x56, 0xd4, 0xe1, 0x36, 0xae, 0x5e, 0xa6, 0x1f, 0x12, 0xc2, 0xc4,
+	0x11, 0xd1, 0x65, 0xc5, 0x63, 0x11, 0x5f, 0xf7, 0x02, 0x03, 0x62, 0xdb, 0xe6, 0x0d, 0x75, 0xe0,
+	0xa5, 0xb9, 0xb4, 0x69, 0xdb, 0xe8, 0x1d, 0xb8, 0x96, 0x80, 0xd9, 0x9c, 0xf9, 0xe6, 0x4d, 0x85,
+	0x4b, 0xb0, 0xdb, 0x9c, 0xf9, 0xb2, 0x86, 0x98, 0xba, 0xd2, 0xc6, 0xc0, 0xbc, 0xa5, 0x2c, 0xdb,
+	0xbd, 0xda, 0xb2, 0x47, 0x8a, 0x80, 0x23, 0x62, 0xe5, 0x63, 0x30, 0x12, 0x49, 0x4e, 0x26, 0xa0,
+	0x13, 0x3a, 0xd3, 0x79, 0x53, 0x0e, 0xa5, 0x73, 0x9c, 0xca, 0x98, 0x57, 0x89, 0xbd, 0x80, 0xc3,
+	0xc9, 0x27, 0x6b, 0x1f, 0xa5, 0x2b, 0xfb, 0x60, 0x24, 0x1c, 0x1a, 0xbd, 0x29, 0x1f, 0x9d, 0x91,
+	0x13, 0x08, 0x3e, 0x1b, 0x90, 0xa9, 0x18, 0x9b, 0x3f, 0x57, 0x84, 0x62, 0x24, 0x6c, 0x4e, 0xc5,
+	0xb8, 0x32, 0x80, 0xb9, 0x47, 0xa0, 0x1a, 0x18, 0x32, 0x0f, 0x06, 0x94, 0x9f, 0x52, 0x2e, 0x4b,
+	0x48, 0xb9, 0xc9, 0xa4, 0x48, 0x66, 0xba, 0x80, 0x12, 0x6e, 0x8d, 0x55, 0xca, 0x2e, 0x60, 0x3d,
+	0x93, 0x39, 0x38, 0x0a, 0x3e, 0x9d, 0x83, 0xf5, 0xb4, 0xf2, 0x09, 0x14, 0x93, 0x87, 0xff, 0x1f,
+	0x6d, 0xa8, 0x0d, 0xd9, 0xf0, 0x78, 0x64, 0xd6, 0x55, 0x19, 0x5b, 0xbf, 0x71, 0x2a, 0x5b, 0x23,
+	0xc8, 0x04, 0xec, 0x58, 0x28, 0xda, 0x3a, 0x56, 0x63, 0x29, 0x1b, 0x13, 0x1e, 0x76, 0x4b, 0xeb,
+	0x58, 0x8d, 0xeb, 0x7f, 0x49, 0x43, 0x21, 0x76, 0x33, 0xf4, 0x01, 0x6c, 0x75, 0xfb, 0x0f, 0xef,
+	0x37, 0x8f, 0xba, 0x0f, 0x0f, 0x07, 0xed, 0xce, 0xe7, 0xcd, 0x47, 0xf7, 0x8f, 0xca, 0xa9, 0xca,
+	0xad, 0xa7, 0x67, 0xb5, 0xed, 0xf9, 0x8b, 0x16, 0xc1, 0xdb, 0xf4, 0x98, 0x4c, 0x5d, 0xb1, 0xc8,
+	0xea, 0xe1, 0x87, 0x07, 0x9d, 0x7e, 0xbf, 0x9c, 0x5e, 0xc5, 0xea, 0x71, 0x66, 0xd1, 0x20, 0x40,
+	0xfb, 0x50, 0x9e, 0xb3, 0xee, 0x3e, 0xe9, 0x75, 0xf0, 0xe3, 0xf2, 0x5a, 0xe5, 0xe6, 0xd3, 0xb3,
+	0x9a, 0xf9, 0x2c, 0xe9, 0xee, 0xcc, 0xa7, 0xfc, 0xb1, 0x6e, 0x46, 0xff, 0x91, 0x86, 0x62, 0xb2,
+	0x03, 0x40, 0x07, 0x61, 0xdd, 0xaf, 0x0e, 0x60, 0x73, 0x7f, 0xef, 0xaa, 0x8e, 0x41, 0x55, 0x11,
+	0xee, 0x54, 0xea, 0x7d, 0xc0, 0x6c, 0x8a, 0x15, 0x19, 0x7d, 0x00, 0x1b, 0x3e, 0xe3, 0x22, 0x7a,
+	0x6f, 0x97, 0x3f, 0x45, 0x8c, 0x47, 0x25, 0x59, 0x08, 0xae, 0x8f, 0x61, 0x73, 0x51, 0x1b, 0xba,
+	0x0d, 0xeb, 0x8f, 0xbb, 0xbd, 0x72, 0xaa, 0x72, 0xe3, 0xe9, 0x59, 0xed, 0xf5, 0xc5, 0x8f, 0x8f,
+	0x1d, 0x2e, 0xa6, 0xc4, 0xed, 0xf6, 0xd0, 0x7b, 0xb0, 0xd1, 0x3e, 0xec, 0x63, 0x5c, 0x4e, 0x57,
+	0x76, 0x9e, 0x9e, 0xd5, 0x6e, 0x2c, 0xe2, 0xe4, 0x27, 0x36, 0xf5, 0x6c, 0xcc, 0x86, 0x71, 0x0b,
+	0xfe, 0xcf, 0x35, 0x30, 0x74, 0x19, 0xf2, 0xb2, 0xff, 0xd2, 0x94, 0xc2, 0x92, 0x36, 0xca, 0x9e,
+	0x6b, 0x57, 0x56, 0xb6, 0xc5, 0x90, 0xa0, 0x23, 0xe3, 0x0d, 0x28, 0x3a, 0xfe, 0xe9, 0x87, 0x03,
+	0xea, 0x91, 0xa1, 0xab, 0xbb, 0xf1, 0x3c, 0x36, 0xa4, 0xac, 0x13, 0x8a, 0x64, 0x61, 0xe1, 0x78,
+	0x82, 0x72, 0x4f, 0xf7, 0xd9, 0x79, 0x1c, 0xcf, 0xd1, 0x67, 0x90, 0x71, 0x7c, 0x32, 0xd1, 0xe5,
+	0xf8, 0xd2, 0x1d, 0x74, 0x7b, 0xcd, 0x07, 0x3a, 0x72, 0x5b, 0xf9, 0x8b, 0xf3, 0x9d, 0x8c, 0x14,
+	0x60, 0x45, 0x43, 0xd5, 0xa8, 0x57, 0x92, 0x2b, 0xa9, 0x62, 0x24, 0x8f, 0x13, 0x12, 0x19, 0x7d,
+	0x8e, 0x37, 0xe2, 0x34, 0x08, 0x54, 0x59, 0x92, 0xc7, 0xd1, 0x14, 0x55, 0x20, 0xa7, 0xeb, 0x6a,
+	0xd5, 0x62, 0x15, 0x64, 0xb7, 0xa2, 0x05, 0xad, 0x12, 0x18, 0xe1, 0x69, 0x0c, 0x8e, 0x39, 0x9b,
+	0xd4, 0xff, 0x95, 0x01, 0xe3, 0xc0, 0x9d, 0x06, 0x42, 0xd7, 0x6c, 0x2f, 0xed, 0xf0, 0x9f, 0xc0,
+	0x16, 0x51, 0x7f, 0x7d, 0x88, 0x27, 0x1f, 0x79, 0xd5, 0xae, 0xe8, 0x0b, 0xb8, 0xbd, 0x54, 0x5d,
+	0x0c, 0x0e, 0x5b, 0x9b, 0x56, 0x56, 0xea, 0x34, 0xd3, 0xb8, 0x4c, 0x2e, 0x7d, 0x41, 0x7d, 0x28,
+	0x31, 0x6e, 0x8d, 0x69, 0x20, 0xc2, 0xd2, 0x40, 0xff, 0x25, 0x59, 0xfa, 0xff, 0xec, 0x61, 0x12,
+	0xa8, 0x5f, 0xc4, 0xd0, 0xda, 0x45, 0x1d, 0xe8, 0x23, 0xc8, 0x70, 0x72, 0x1c, 0xb5, 0x5e, 0x4b,
+	0x83, 0x04, 0x93, 0x63, 0xb1, 0xa0, 0x42, 0x31, 0xd0, 0x17, 0x00, 0xb6, 0x13, 0xf8, 0x44, 0x58,
+	0x63, 0xca, 0xf5, 0x65, 0x2f, 0xdd, 0x62, 0x3b, 0x46, 0x2d, 0x68, 0x49, 0xb0, 0xd1, 0x3d, 0x28,
+	0x58, 0x24, 0x72, 0xd7, 0xec, 0xea, 0x5f, 0x47, 0x07, 0x4d, 0xad, 0xa2, 0x2c, 0x55, 0x5c, 0x9c,
+	0xef, 0xe4, 0x23, 0x09, 0xce, 0x5b, 0x44, 0xbb, 0xef, 0x3d, 0x28, 0x09, 0x12, 0x9c, 0x0c, 0xec,
+	0x30, 0x9d, 0x85, 0x6e, 0xb2, 0xe2, 0x85, 0x97, 0x1d, 0xba, 0x4e, 0x7b, 0xd1, 0x75, 0x16, 0x45,
+	0x42, 0x86, 0x7e, 0x01, 0x5b, 0xd4, 0xb3, 0xf8, 0x4c, 0x39, 0x6b, 0x64, 0x61, 0x7e, 0xf5, 0x66,
+	0x3b, 0x31, 0x78, 0x61, 0xb3, 0x65, 0x7a, 0x49, 0x5e, 0xff, 0x5b, 0x1a, 0x20, 0x2c, 0xa9, 0x5e,
+	0xae, 0x03, 0x22, 0xc8, 0xd8, 0x44, 0x10, 0xe5, 0x73, 0x45, 0xac, 0xc6, 0xe8, 0x13, 0x00, 0x41,
+	0x27, 0xbe, 0x4c, 0xbd, 0xde, 0x48, 0xbb, 0xcd, 0xf3, 0xd2, 0x41, 0x02, 0x8d, 0xf6, 0x21, 0xab,
+	0x1b, 0xe4, 0xcc, 0x95, 0x3c, 0x8d, 0xac, 0xff, 0x31, 0x0d, 0x10, 0x6e, 0xf3, 0x7f, 0x7a, 0x6f,
+	0xad, 0xdb, 0xdf, 0x7c, 0x5f, 0x4d, 0x7d, 0xf7, 0x7d, 0x35, 0xf5, 0xdb, 0x8b, 0x6a, 0xfa, 0x9b,
+	0x8b, 0x6a, 0xfa, 0xdb, 0x8b, 0x6a, 0xfa, 0xef, 0x17, 0xd5, 0xf4, 0xef, 0x7f, 0xa8, 0xa6, 0xbe,
+	0xfd, 0xa1, 0x9a, 0xfa, 0xee, 0x87, 0x6a, 0x6a, 0x98, 0x55, 0x45, 0xf9, 0x8f, 0xfe, 0x1d, 0x00,
+	0x00, 0xff, 0xff, 0x74, 0x9e, 0x83, 0x44, 0x31, 0x18, 0x00, 0x00,
 }
 
 func (m *NodeSpec) Copy() *NodeSpec {
@@ -904,7 +1480,7 @@ func (m *NodeSpec) CopyFrom(src interface{}) {
 
 	o := src.(*NodeSpec)
 	*m = *o
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
 }
 
 func (m *ServiceSpec) Copy() *ServiceSpec {
@@ -920,27 +1496,27 @@ func (m *ServiceSpec) CopyFrom(src interface{}) {
 
 	o := src.(*ServiceSpec)
 	*m = *o
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
-	deepcopy.Copy(&m.Task, &o.Task)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Task, &o.Task)
 	if o.Update != nil {
 		m.Update = &UpdateConfig{}
-		deepcopy.Copy(m.Update, o.Update)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Update, o.Update)
 	}
 	if o.Rollback != nil {
 		m.Rollback = &UpdateConfig{}
-		deepcopy.Copy(m.Rollback, o.Rollback)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Rollback, o.Rollback)
 	}
 	if o.Networks != nil {
 		m.Networks = make([]*NetworkAttachmentConfig, len(o.Networks))
 		for i := range m.Networks {
 			m.Networks[i] = &NetworkAttachmentConfig{}
-			deepcopy.Copy(m.Networks[i], o.Networks[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Networks[i], o.Networks[i])
 		}
 	}
 
 	if o.Endpoint != nil {
 		m.Endpoint = &EndpointSpec{}
-		deepcopy.Copy(m.Endpoint, o.Endpoint)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Endpoint, o.Endpoint)
 	}
 	if o.Mode != nil {
 		switch o.Mode.(type) {
@@ -948,13 +1524,25 @@ func (m *ServiceSpec) CopyFrom(src interface{}) {
 			v := ServiceSpec_Replicated{
 				Replicated: &ReplicatedService{},
 			}
-			deepcopy.Copy(v.Replicated, o.GetReplicated())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Replicated, o.GetReplicated())
 			m.Mode = &v
 		case *ServiceSpec_Global:
 			v := ServiceSpec_Global{
 				Global: &GlobalService{},
 			}
-			deepcopy.Copy(v.Global, o.GetGlobal())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Global, o.GetGlobal())
+			m.Mode = &v
+		case *ServiceSpec_ReplicatedJob:
+			v := ServiceSpec_ReplicatedJob{
+				ReplicatedJob: &ReplicatedJob{},
+			}
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.ReplicatedJob, o.GetReplicatedJob())
+			m.Mode = &v
+		case *ServiceSpec_GlobalJob:
+			v := ServiceSpec_GlobalJob{
+				GlobalJob: &GlobalJob{},
+			}
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.GlobalJob, o.GetGlobalJob())
 			m.Mode = &v
 		}
 	}
@@ -986,7 +1574,32 @@ func (m *GlobalService) Copy() *GlobalService {
 }
 
 func (m *GlobalService) CopyFrom(src interface{}) {}
-func (m *TaskSpec) Copy() *TaskSpec {
+func (m *ReplicatedJob) Copy() *ReplicatedJob {
+	if m == nil {
+		return nil
+	}
+	o := &ReplicatedJob{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *ReplicatedJob) CopyFrom(src interface{}) {
+
+	o := src.(*ReplicatedJob)
+	*m = *o
+}
+
+func (m *GlobalJob) Copy() *GlobalJob {
+	if m == nil {
+		return nil
+	}
+	o := &GlobalJob{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *GlobalJob) CopyFrom(src interface{}) {}
+func (m *TaskSpec) Copy() *TaskSpec {
 	if m == nil {
 		return nil
 	}
@@ -1001,32 +1614,32 @@ func (m *TaskSpec) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Resources != nil {
 		m.Resources = &ResourceRequirements{}
-		deepcopy.Copy(m.Resources, o.Resources)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Resources, o.Resources)
 	}
 	if o.Restart != nil {
 		m.Restart = &RestartPolicy{}
-		deepcopy.Copy(m.Restart, o.Restart)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Restart, o.Restart)
 	}
 	if o.Placement != nil {
 		m.Placement = &Placement{}
-		deepcopy.Copy(m.Placement, o.Placement)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Placement, o.Placement)
 	}
 	if o.LogDriver != nil {
 		m.LogDriver = &Driver{}
-		deepcopy.Copy(m.LogDriver, o.LogDriver)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.LogDriver, o.LogDriver)
 	}
 	if o.Networks != nil {
 		m.Networks = make([]*NetworkAttachmentConfig, len(o.Networks))
 		for i := range m.Networks {
 			m.Networks[i] = &NetworkAttachmentConfig{}
-			deepcopy.Copy(m.Networks[i], o.Networks[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Networks[i], o.Networks[i])
 		}
 	}
 
 	if o.ResourceReferences != nil {
 		m.ResourceReferences = make([]ResourceReference, len(o.ResourceReferences))
 		for i := range m.ResourceReferences {
-			deepcopy.Copy(&m.ResourceReferences[i], &o.ResourceReferences[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(&m.ResourceReferences[i], &o.ResourceReferences[i])
 		}
 	}
 
@@ -1036,19 +1649,19 @@ func (m *TaskSpec) CopyFrom(src interface{}) {
 			v := TaskSpec_Attachment{
 				Attachment: &NetworkAttachmentSpec{},
 			}
-			deepcopy.Copy(v.Attachment, o.GetAttachment())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Attachment, o.GetAttachment())
 			m.Runtime = &v
 		case *TaskSpec_Container:
 			v := TaskSpec_Container{
 				Container: &ContainerSpec{},
 			}
-			deepcopy.Copy(v.Container, o.GetContainer())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Container, o.GetContainer())
 			m.Runtime = &v
 		case *TaskSpec_Generic:
 			v := TaskSpec_Generic{
 				Generic: &GenericRuntimeSpec{},
 			}
-			deepcopy.Copy(v.Generic, o.GetGeneric())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Generic, o.GetGeneric())
 			m.Runtime = &v
 		}
 	}
@@ -1084,8 +1697,8 @@ func (m *GenericRuntimeSpec) CopyFrom(src interface{}) {
 	o := src.(*GenericRuntimeSpec)
 	*m = *o
 	if o.Payload != nil {
-		m.Payload = &google_protobuf3.Any{}
-		deepcopy.Copy(m.Payload, o.Payload)
+		m.Payload = &types.Any{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Payload, o.Payload)
 	}
 }
 
@@ -1146,32 +1759,32 @@ func (m *ContainerSpec) CopyFrom(src interface{}) {
 
 	if o.Privileges != nil {
 		m.Privileges = &Privileges{}
-		deepcopy.Copy(m.Privileges, o.Privileges)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Privileges, o.Privileges)
 	}
 	if o.Init != nil {
-		m.Init = &google_protobuf4.BoolValue{}
-		deepcopy.Copy(m.Init, o.Init)
+		m.Init = &types.BoolValue{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Init, o.Init)
 	}
 	if o.Mounts != nil {
 		m.Mounts = make([]Mount, len(o.Mounts))
 		for i := range m.Mounts {
-			deepcopy.Copy(&m.Mounts[i], &o.Mounts[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(&m.Mounts[i], &o.Mounts[i])
 		}
 	}
 
 	if o.StopGracePeriod != nil {
-		m.StopGracePeriod = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.StopGracePeriod, o.StopGracePeriod)
+		m.StopGracePeriod = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.StopGracePeriod, o.StopGracePeriod)
 	}
 	if o.PullOptions != nil {
 		m.PullOptions = &ContainerSpec_PullOptions{}
-		deepcopy.Copy(m.PullOptions, o.PullOptions)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.PullOptions, o.PullOptions)
 	}
 	if o.Secrets != nil {
 		m.Secrets = make([]*SecretReference, len(o.Secrets))
 		for i := range m.Secrets {
 			m.Secrets[i] = &SecretReference{}
-			deepcopy.Copy(m.Secrets[i], o.Secrets[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Secrets[i], o.Secrets[i])
 		}
 	}
 
@@ -1179,7 +1792,7 @@ func (m *ContainerSpec) CopyFrom(src interface{}) {
 		m.Configs = make([]*ConfigReference, len(o.Configs))
 		for i := range m.Configs {
 			m.Configs[i] = &ConfigReference{}
-			deepcopy.Copy(m.Configs[i], o.Configs[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Configs[i], o.Configs[i])
 		}
 	}
 
@@ -1190,11 +1803,11 @@ func (m *ContainerSpec) CopyFrom(src interface{}) {
 
 	if o.DNSConfig != nil {
 		m.DNSConfig = &ContainerSpec_DNSConfig{}
-		deepcopy.Copy(m.DNSConfig, o.DNSConfig)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.DNSConfig, o.DNSConfig)
 	}
 	if o.Healthcheck != nil {
 		m.Healthcheck = &HealthConfig{}
-		deepcopy.Copy(m.Healthcheck, o.Healthcheck)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Healthcheck, o.Healthcheck)
 	}
 	if o.Sysctls != nil {
 		m.Sysctls = make(map[string]string, len(o.Sysctls))
@@ -1203,10 +1816,24 @@ func (m *ContainerSpec) CopyFrom(src interface{}) {
 		}
 	}
 
-	if o.MemorySwappiness != nil {
-		m.MemorySwappiness = &google_protobuf4.Int64Value{}
-		deepcopy.Copy(m.MemorySwappiness, o.MemorySwappiness)
+	if o.CapabilityAdd != nil {
+		m.CapabilityAdd = make([]string, len(o.CapabilityAdd))
+		copy(m.CapabilityAdd, o.CapabilityAdd)
+	}
+
+	if o.CapabilityDrop != nil {
+		m.CapabilityDrop = make([]string, len(o.CapabilityDrop))
+		copy(m.CapabilityDrop, o.CapabilityDrop)
+	}
+
+	if o.Ulimits != nil {
+		m.Ulimits = make([]*ContainerSpec_Ulimit, len(o.Ulimits))
+		for i := range m.Ulimits {
+			m.Ulimits[i] = &ContainerSpec_Ulimit{}
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Ulimits[i], o.Ulimits[i])
+		}
 	}
+
 }
 
 func (m *ContainerSpec_PullOptions) Copy() *ContainerSpec_PullOptions {
@@ -1254,6 +1881,21 @@ func (m *ContainerSpec_DNSConfig) CopyFrom(src interface{}) {
 
 }
 
+func (m *ContainerSpec_Ulimit) Copy() *ContainerSpec_Ulimit {
+	if m == nil {
+		return nil
+	}
+	o := &ContainerSpec_Ulimit{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *ContainerSpec_Ulimit) CopyFrom(src interface{}) {
+
+	o := src.(*ContainerSpec_Ulimit)
+	*m = *o
+}
+
 func (m *EndpointSpec) Copy() *EndpointSpec {
 	if m == nil {
 		return nil
@@ -1271,7 +1913,7 @@ func (m *EndpointSpec) CopyFrom(src interface{}) {
 		m.Ports = make([]*PortConfig, len(o.Ports))
 		for i := range m.Ports {
 			m.Ports[i] = &PortConfig{}
-			deepcopy.Copy(m.Ports[i], o.Ports[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Ports[i], o.Ports[i])
 		}
 	}
 
@@ -1290,14 +1932,14 @@ func (m *NetworkSpec) CopyFrom(src interface{}) {
 
 	o := src.(*NetworkSpec)
 	*m = *o
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
 	if o.DriverConfig != nil {
 		m.DriverConfig = &Driver{}
-		deepcopy.Copy(m.DriverConfig, o.DriverConfig)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.DriverConfig, o.DriverConfig)
 	}
 	if o.IPAM != nil {
 		m.IPAM = &IPAMOptions{}
-		deepcopy.Copy(m.IPAM, o.IPAM)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.IPAM, o.IPAM)
 	}
 	if o.ConfigFrom != nil {
 		switch o.ConfigFrom.(type) {
@@ -1324,14 +1966,14 @@ func (m *ClusterSpec) CopyFrom(src interface{}) {
 
 	o := src.(*ClusterSpec)
 	*m = *o
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
-	deepcopy.Copy(&m.AcceptancePolicy, &o.AcceptancePolicy)
-	deepcopy.Copy(&m.Orchestration, &o.Orchestration)
-	deepcopy.Copy(&m.Raft, &o.Raft)
-	deepcopy.Copy(&m.Dispatcher, &o.Dispatcher)
-	deepcopy.Copy(&m.CAConfig, &o.CAConfig)
-	deepcopy.Copy(&m.TaskDefaults, &o.TaskDefaults)
-	deepcopy.Copy(&m.EncryptionConfig, &o.EncryptionConfig)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.AcceptancePolicy, &o.AcceptancePolicy)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Orchestration, &o.Orchestration)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Raft, &o.Raft)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Dispatcher, &o.Dispatcher)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.CAConfig, &o.CAConfig)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.TaskDefaults, &o.TaskDefaults)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.EncryptionConfig, &o.EncryptionConfig)
 }
 
 func (m *SecretSpec) Copy() *SecretSpec {
@@ -1347,18 +1989,18 @@ func (m *SecretSpec) CopyFrom(src interface{}) {
 
 	o := src.(*SecretSpec)
 	*m = *o
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
 	if o.Data != nil {
 		m.Data = make([]byte, len(o.Data))
 		copy(m.Data, o.Data)
 	}
 	if o.Templating != nil {
 		m.Templating = &Driver{}
-		deepcopy.Copy(m.Templating, o.Templating)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Templating, o.Templating)
 	}
 	if o.Driver != nil {
 		m.Driver = &Driver{}
-		deepcopy.Copy(m.Driver, o.Driver)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Driver, o.Driver)
 	}
 }
 
@@ -1375,21 +2017,21 @@ func (m *ConfigSpec) CopyFrom(src interface{}) {
 
 	o := src.(*ConfigSpec)
 	*m = *o
-	deepcopy.Copy(&m.Annotations, &o.Annotations)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Annotations, &o.Annotations)
 	if o.Data != nil {
 		m.Data = make([]byte, len(o.Data))
 		copy(m.Data, o.Data)
 	}
 	if o.Templating != nil {
 		m.Templating = &Driver{}
-		deepcopy.Copy(m.Templating, o.Templating)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Templating, o.Templating)
 	}
 }
 
 func (m *NodeSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1397,40 +2039,47 @@ func (m *NodeSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NodeSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NodeSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size()))
-	n1, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n1
-	if m.DesiredRole != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.DesiredRole))
+	if m.Availability != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.Availability))
+		i--
+		dAtA[i] = 0x20
 	}
 	if m.Membership != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintSpecs(dAtA, i, uint64(m.Membership))
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.Availability != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Availability))
+	if m.DesiredRole != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.DesiredRole))
+		i--
+		dAtA[i] = 0x10
 	}
-	return i, nil
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *ServiceSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1438,110 +2087,185 @@ func (m *ServiceSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ServiceSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ServiceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size()))
-	n2, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n2
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Task.Size()))
-	n3, err := m.Task.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n3
 	if m.Mode != nil {
-		nn4, err := m.Mode.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.Mode.Size()
+			i -= size
+			if _, err := m.Mode.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn4
 	}
-	if m.Update != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Update.Size()))
-		n5, err := m.Update.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Rollback != nil {
+		{
+			size, err := m.Rollback.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x4a
+	}
+	if m.Endpoint != nil {
+		{
+			size, err := m.Endpoint.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n5
+		i--
+		dAtA[i] = 0x42
 	}
 	if len(m.Networks) > 0 {
-		for _, msg := range m.Networks {
+		for iNdEx := len(m.Networks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Networks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSpecs(dAtA, i, uint64(size))
+			}
+			i--
 			dAtA[i] = 0x3a
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+		}
+	}
+	if m.Update != nil {
+		{
+			size, err := m.Update.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x32
 	}
-	if m.Endpoint != nil {
-		dAtA[i] = 0x42
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Endpoint.Size()))
-		n6, err := m.Endpoint.MarshalTo(dAtA[i:])
+	{
+		size, err := m.Task.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n6
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	if m.Rollback != nil {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Rollback.Size()))
-		n7, err := m.Rollback.MarshalTo(dAtA[i:])
+	i--
+	dAtA[i] = 0x12
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n7
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *ServiceSpec_Replicated) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ServiceSpec_Replicated) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Replicated != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Replicated.Size()))
-		n8, err := m.Replicated.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Replicated.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n8
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *ServiceSpec_Global) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ServiceSpec_Global) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Global != nil {
+		{
+			size, err := m.Global.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x22
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Global.Size()))
-		n9, err := m.Global.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	return len(dAtA) - i, nil
+}
+func (m *ServiceSpec_ReplicatedJob) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ServiceSpec_ReplicatedJob) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.ReplicatedJob != nil {
+		{
+			size, err := m.ReplicatedJob.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x52
+	}
+	return len(dAtA) - i, nil
+}
+func (m *ServiceSpec_GlobalJob) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ServiceSpec_GlobalJob) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.GlobalJob != nil {
+		{
+			size, err := m.GlobalJob.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n9
+		i--
+		dAtA[i] = 0x5a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *ReplicatedService) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1549,22 +2273,27 @@ func (m *ReplicatedService) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ReplicatedService) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReplicatedService) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Replicas != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintSpecs(dAtA, i, uint64(m.Replicas))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GlobalService) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1572,17 +2301,78 @@ func (m *GlobalService) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GlobalService) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GlobalService) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	return len(dAtA) - i, nil
+}
+
+func (m *ReplicatedJob) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReplicatedJob) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReplicatedJob) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.TotalCompletions != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.TotalCompletions))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.MaxConcurrent != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.MaxConcurrent))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *GlobalJob) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *GlobalJob) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GlobalJob) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1590,135 +2380,175 @@ func (m *TaskSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Runtime != nil {
-		nn10, err := m.Runtime.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.ResourceReferences) > 0 {
+		for iNdEx := len(m.ResourceReferences) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ResourceReferences[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSpecs(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x5a
 		}
-		i += nn10
 	}
-	if m.Resources != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Resources.Size()))
-		n11, err := m.Resources.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Runtime != nil {
+		{
+			size := m.Runtime.Size()
+			i -= size
+			if _, err := m.Runtime.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += n11
 	}
-	if m.Restart != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Restart.Size()))
-		n12, err := m.Restart.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n12
+	if m.ForceUpdate != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.ForceUpdate))
+		i--
+		dAtA[i] = 0x48
 	}
-	if m.Placement != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Placement.Size()))
-		n13, err := m.Placement.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Networks) > 0 {
+		for iNdEx := len(m.Networks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Networks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSpecs(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
 		}
-		i += n13
 	}
 	if m.LogDriver != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.LogDriver.Size()))
-		n14, err := m.LogDriver.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.LogDriver.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n14
+		i--
+		dAtA[i] = 0x32
 	}
-	if len(m.Networks) > 0 {
-		for _, msg := range m.Networks {
-			dAtA[i] = 0x3a
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Placement != nil {
+		{
+			size, err := m.Placement.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	if m.ForceUpdate != 0 {
-		dAtA[i] = 0x48
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.ForceUpdate))
+	if m.Restart != nil {
+		{
+			size, err := m.Restart.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.ResourceReferences) > 0 {
-		for _, msg := range m.ResourceReferences {
-			dAtA[i] = 0x5a
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Resources != nil {
+		{
+			size, err := m.Resources.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskSpec_Container) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskSpec_Container) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Container != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Container.Size()))
-		n15, err := m.Container.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Container.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n15
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *TaskSpec_Attachment) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskSpec_Attachment) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Attachment != nil {
-		dAtA[i] = 0x42
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Attachment.Size()))
-		n16, err := m.Attachment.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Attachment.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n16
+		i--
+		dAtA[i] = 0x42
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *TaskSpec_Generic) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskSpec_Generic) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Generic != nil {
-		dAtA[i] = 0x52
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Generic.Size()))
-		n17, err := m.Generic.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Generic.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n17
+		i--
+		dAtA[i] = 0x52
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *ResourceReference) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1726,28 +2556,34 @@ func (m *ResourceReference) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ResourceReference) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResourceReference) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ResourceID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(len(m.ResourceID)))
-		i += copy(dAtA[i:], m.ResourceID)
-	}
 	if m.ResourceType != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintSpecs(dAtA, i, uint64(m.ResourceType))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ResourceID) > 0 {
+		i -= len(m.ResourceID)
+		copy(dAtA[i:], m.ResourceID)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.ResourceID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GenericRuntimeSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1755,33 +2591,41 @@ func (m *GenericRuntimeSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GenericRuntimeSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GenericRuntimeSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Kind) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Kind)))
-		i += copy(dAtA[i:], m.Kind)
-	}
 	if m.Payload != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Payload.Size()))
-		n18, err := m.Payload.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Payload.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n18
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Kind) > 0 {
+		i -= len(m.Kind)
+		copy(dAtA[i:], m.Kind)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Kind)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *NetworkAttachmentSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1789,23 +2633,29 @@ func (m *NetworkAttachmentSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NetworkAttachmentSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NetworkAttachmentSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
 		i = encodeVarintSpecs(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ContainerSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1813,333 +2663,354 @@ func (m *ContainerSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContainerSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Image) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Image)))
-		i += copy(dAtA[i:], m.Image)
-	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovSpecs(uint64(len(k))) + 1 + len(v) + sovSpecs(uint64(len(v)))
-			i = encodeVarintSpecs(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+	if len(m.Ulimits) > 0 {
+		for iNdEx := len(m.Ulimits) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Ulimits[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSpecs(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0xea
 		}
 	}
-	if len(m.Command) > 0 {
-		for _, s := range m.Command {
-			dAtA[i] = 0x1a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.CapabilityDrop) > 0 {
+		for iNdEx := len(m.CapabilityDrop) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.CapabilityDrop[iNdEx])
+			copy(dAtA[i:], m.CapabilityDrop[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.CapabilityDrop[iNdEx])))
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0xe2
 		}
 	}
-	if len(m.Args) > 0 {
-		for _, s := range m.Args {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.CapabilityAdd) > 0 {
+		for iNdEx := len(m.CapabilityAdd) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.CapabilityAdd[iNdEx])
+			copy(dAtA[i:], m.CapabilityAdd[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.CapabilityAdd[iNdEx])))
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0xda
 		}
 	}
-	if len(m.Env) > 0 {
-		for _, s := range m.Env {
-			dAtA[i] = 0x2a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.Sysctls) > 0 {
+		for k := range m.Sysctls {
+			v := m.Sysctls[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintSpecs(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintSpecs(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintSpecs(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0xd2
 		}
 	}
-	if len(m.Dir) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Dir)))
-		i += copy(dAtA[i:], m.Dir)
+	if m.PidsLimit != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.PidsLimit))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc8
 	}
-	if len(m.User) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(len(m.User)))
-		i += copy(dAtA[i:], m.User)
+	if m.Isolation != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.Isolation))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc0
 	}
-	if len(m.Mounts) > 0 {
-		for _, msg := range m.Mounts {
-			dAtA[i] = 0x42
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Init != nil {
+		{
+			size, err := m.Init.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
-		}
-	}
-	if m.StopGracePeriod != nil {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.StopGracePeriod.Size()))
-		n19, err := m.StopGracePeriod.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n19
-	}
-	if m.PullOptions != nil {
-		dAtA[i] = 0x52
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.PullOptions.Size()))
-		n20, err := m.PullOptions.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n20
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xba
 	}
-	if len(m.Groups) > 0 {
-		for _, s := range m.Groups {
-			dAtA[i] = 0x5a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if m.Privileges != nil {
+		{
+			size, err := m.Privileges.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xb2
 	}
-	if len(m.Secrets) > 0 {
-		for _, msg := range m.Secrets {
-			dAtA[i] = 0x62
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Configs) > 0 {
+		for iNdEx := len(m.Configs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Configs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSpecs(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0xaa
 		}
 	}
-	if m.TTY {
-		dAtA[i] = 0x68
-		i++
-		if m.TTY {
+	if len(m.StopSignal) > 0 {
+		i -= len(m.StopSignal)
+		copy(dAtA[i:], m.StopSignal)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.StopSignal)))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xa2
+	}
+	if m.ReadOnly {
+		i--
+		if m.ReadOnly {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x98
 	}
-	if len(m.Hostname) > 0 {
-		dAtA[i] = 0x72
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Hostname)))
-		i += copy(dAtA[i:], m.Hostname)
+	if m.OpenStdin {
+		i--
+		if m.OpenStdin {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x90
 	}
-	if m.DNSConfig != nil {
-		dAtA[i] = 0x7a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.DNSConfig.Size()))
-		n21, err := m.DNSConfig.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Hosts) > 0 {
+		for iNdEx := len(m.Hosts) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Hosts[iNdEx])
+			copy(dAtA[i:], m.Hosts[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.Hosts[iNdEx])))
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0x8a
 		}
-		i += n21
 	}
 	if m.Healthcheck != nil {
-		dAtA[i] = 0x82
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Healthcheck.Size()))
-		n22, err := m.Healthcheck.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Healthcheck.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n22
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x82
 	}
-	if len(m.Hosts) > 0 {
-		for _, s := range m.Hosts {
-			dAtA[i] = 0x8a
-			i++
-			dAtA[i] = 0x1
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if m.DNSConfig != nil {
+		{
+			size, err := m.DNSConfig.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x7a
 	}
-	if m.OpenStdin {
-		dAtA[i] = 0x90
-		i++
-		dAtA[i] = 0x1
-		i++
-		if m.OpenStdin {
+	if len(m.Hostname) > 0 {
+		i -= len(m.Hostname)
+		copy(dAtA[i:], m.Hostname)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Hostname)))
+		i--
+		dAtA[i] = 0x72
+	}
+	if m.TTY {
+		i--
+		if m.TTY {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x68
 	}
-	if m.ReadOnly {
-		dAtA[i] = 0x98
-		i++
-		dAtA[i] = 0x1
-		i++
-		if m.ReadOnly {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
+	if len(m.Secrets) > 0 {
+		for iNdEx := len(m.Secrets) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Secrets[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSpecs(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x62
 		}
-		i++
 	}
-	if len(m.StopSignal) > 0 {
-		dAtA[i] = 0xa2
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(len(m.StopSignal)))
-		i += copy(dAtA[i:], m.StopSignal)
+	if len(m.Groups) > 0 {
+		for iNdEx := len(m.Groups) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Groups[iNdEx])
+			copy(dAtA[i:], m.Groups[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.Groups[iNdEx])))
+			i--
+			dAtA[i] = 0x5a
+		}
 	}
-	if len(m.Configs) > 0 {
-		for _, msg := range m.Configs {
-			dAtA[i] = 0xaa
-			i++
-			dAtA[i] = 0x1
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.PullOptions != nil {
+		{
+			size, err := m.PullOptions.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x52
 	}
-	if m.Privileges != nil {
-		dAtA[i] = 0xb2
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Privileges.Size()))
-		n23, err := m.Privileges.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.StopGracePeriod != nil {
+		{
+			size, err := m.StopGracePeriod.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n23
+		i--
+		dAtA[i] = 0x4a
 	}
-	if m.Init != nil {
-		dAtA[i] = 0xba
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Init.Size()))
-		n24, err := m.Init.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Mounts) > 0 {
+		for iNdEx := len(m.Mounts) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Mounts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSpecs(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x42
 		}
-		i += n24
 	}
-	if m.Isolation != 0 {
-		dAtA[i] = 0xc0
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Isolation))
+	if len(m.User) > 0 {
+		i -= len(m.User)
+		copy(dAtA[i:], m.User)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.User)))
+		i--
+		dAtA[i] = 0x3a
 	}
-	if m.PidsLimit != 0 {
-		dAtA[i] = 0xc8
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.PidsLimit))
+	if len(m.Dir) > 0 {
+		i -= len(m.Dir)
+		copy(dAtA[i:], m.Dir)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Dir)))
+		i--
+		dAtA[i] = 0x32
 	}
-	if len(m.Sysctls) > 0 {
-		for k, _ := range m.Sysctls {
-			dAtA[i] = 0xd2
-			i++
-			dAtA[i] = 0x1
-			i++
-			v := m.Sysctls[k]
-			mapSize := 1 + len(k) + sovSpecs(uint64(len(k))) + 1 + len(v) + sovSpecs(uint64(len(v)))
-			i = encodeVarintSpecs(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+	if len(m.Env) > 0 {
+		for iNdEx := len(m.Env) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Env[iNdEx])
+			copy(dAtA[i:], m.Env[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.Env[iNdEx])))
+			i--
+			dAtA[i] = 0x2a
 		}
 	}
-	if m.MemorySwap != 0 {
-		dAtA[i] = 0xd8
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.MemorySwap))
+	if len(m.Args) > 0 {
+		for iNdEx := len(m.Args) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Args[iNdEx])
+			copy(dAtA[i:], m.Args[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.Args[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
 	}
-	if m.MemorySwappiness != nil {
-		dAtA[i] = 0xe2
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.MemorySwappiness.Size()))
-		n25, err := m.MemorySwappiness.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Command) > 0 {
+		for iNdEx := len(m.Command) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Command[iNdEx])
+			copy(dAtA[i:], m.Command[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.Command[iNdEx])))
+			i--
+			dAtA[i] = 0x1a
 		}
-		i += n25
 	}
-	return i, nil
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintSpecs(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintSpecs(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintSpecs(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Image) > 0 {
+		i -= len(m.Image)
+		copy(dAtA[i:], m.Image)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Image)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *ContainerSpec_PullOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -2147,25 +3018,31 @@ func (m *ContainerSpec_PullOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContainerSpec_PullOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerSpec_PullOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.RegistryAuth) > 0 {
-		dAtA[i] = 0x82
-		i++
-		dAtA[i] = 0x4
-		i++
+		i -= len(m.RegistryAuth)
+		copy(dAtA[i:], m.RegistryAuth)
 		i = encodeVarintSpecs(dAtA, i, uint64(len(m.RegistryAuth)))
-		i += copy(dAtA[i:], m.RegistryAuth)
+		i--
+		dAtA[i] = 0x4
+		i--
+		dAtA[i] = 0x82
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ContainerSpec_DNSConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -2173,62 +3050,89 @@ func (m *ContainerSpec_DNSConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContainerSpec_DNSConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerSpec_DNSConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Nameservers) > 0 {
-		for _, s := range m.Nameservers {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.Options) > 0 {
+		for iNdEx := len(m.Options) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Options[iNdEx])
+			copy(dAtA[i:], m.Options[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.Options[iNdEx])))
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
 	if len(m.Search) > 0 {
-		for _, s := range m.Search {
+		for iNdEx := len(m.Search) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Search[iNdEx])
+			copy(dAtA[i:], m.Search[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.Search[iNdEx])))
+			i--
 			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	if len(m.Options) > 0 {
-		for _, s := range m.Options {
-			dAtA[i] = 0x1a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.Nameservers) > 0 {
+		for iNdEx := len(m.Nameservers) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Nameservers[iNdEx])
+			copy(dAtA[i:], m.Nameservers[iNdEx])
+			i = encodeVarintSpecs(dAtA, i, uint64(len(m.Nameservers[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
+}
+
+func (m *ContainerSpec_Ulimit) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ContainerSpec_Ulimit) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerSpec_Ulimit) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Hard != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.Hard))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Soft != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.Soft))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *EndpointSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -2236,34 +3140,41 @@ func (m *EndpointSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *EndpointSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *EndpointSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Mode != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Mode))
-	}
 	if len(m.Ports) > 0 {
-		for _, msg := range m.Ports {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintSpecs(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Ports) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Ports[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintSpecs(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	return i, nil
+	if m.Mode != 0 {
+		i = encodeVarintSpecs(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *NetworkSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -2271,100 +3182,119 @@ func (m *NetworkSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NetworkSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NetworkSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size()))
-	n26, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n26
-	if m.DriverConfig != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.DriverConfig.Size()))
-		n27, err := m.DriverConfig.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.ConfigFrom != nil {
+		{
+			size := m.ConfigFrom.Size()
+			i -= size
+			if _, err := m.ConfigFrom.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += n27
 	}
-	if m.Ipv6Enabled {
-		dAtA[i] = 0x18
-		i++
-		if m.Ipv6Enabled {
+	if m.Ingress {
+		i--
+		if m.Ingress {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x38
 	}
-	if m.Internal {
-		dAtA[i] = 0x20
-		i++
-		if m.Internal {
+	if m.Attachable {
+		i--
+		if m.Attachable {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x30
 	}
 	if m.IPAM != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.IPAM.Size()))
-		n28, err := m.IPAM.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.IPAM.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n28
+		i--
+		dAtA[i] = 0x2a
 	}
-	if m.Attachable {
-		dAtA[i] = 0x30
-		i++
-		if m.Attachable {
+	if m.Internal {
+		i--
+		if m.Internal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.Ingress {
-		dAtA[i] = 0x38
-		i++
-		if m.Ingress {
+	if m.Ipv6Enabled {
+		i--
+		if m.Ipv6Enabled {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.ConfigFrom != nil {
-		nn29, err := m.ConfigFrom.MarshalTo(dAtA[i:])
+	if m.DriverConfig != nil {
+		{
+			size, err := m.DriverConfig.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += nn29
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *NetworkSpec_Network) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x42
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NetworkSpec_Network) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.Network)
+	copy(dAtA[i:], m.Network)
 	i = encodeVarintSpecs(dAtA, i, uint64(len(m.Network)))
-	i += copy(dAtA[i:], m.Network)
-	return i, nil
+	i--
+	dAtA[i] = 0x42
+	return len(dAtA) - i, nil
 }
 func (m *ClusterSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -2372,81 +3302,102 @@ func (m *ClusterSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ClusterSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ClusterSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size()))
-	n30, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.EncryptionConfig.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	i += n30
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.AcceptancePolicy.Size()))
-	n31, err := m.AcceptancePolicy.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	i--
+	dAtA[i] = 0x42
+	{
+		size, err := m.TaskDefaults.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	i += n31
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Orchestration.Size()))
-	n32, err := m.Orchestration.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	i--
+	dAtA[i] = 0x3a
+	{
+		size, err := m.CAConfig.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	i += n32
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Raft.Size()))
-	n33, err := m.Raft.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	i--
+	dAtA[i] = 0x32
+	{
+		size, err := m.Dispatcher.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	i += n33
+	i--
 	dAtA[i] = 0x2a
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Dispatcher.Size()))
-	n34, err := m.Dispatcher.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	{
+		size, err := m.Raft.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	i += n34
-	dAtA[i] = 0x32
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.CAConfig.Size()))
-	n35, err := m.CAConfig.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	i--
+	dAtA[i] = 0x22
+	{
+		size, err := m.Orchestration.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	i += n35
-	dAtA[i] = 0x3a
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.TaskDefaults.Size()))
-	n36, err := m.TaskDefaults.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	i--
+	dAtA[i] = 0x1a
+	{
+		size, err := m.AcceptancePolicy.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	i += n36
-	dAtA[i] = 0x42
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.EncryptionConfig.Size()))
-	n37, err := m.EncryptionConfig.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	i--
+	dAtA[i] = 0x12
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	i += n37
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *SecretSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -2454,51 +3405,63 @@ func (m *SecretSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SecretSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SecretSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size()))
-	n38, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n38
-	if len(m.Data) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+	if m.Driver != nil {
+		{
+			size, err := m.Driver.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
 	}
 	if m.Templating != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Templating.Size()))
-		n39, err := m.Templating.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Templating.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
 		}
-		i += n39
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.Driver != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Driver.Size()))
-		n40, err := m.Driver.MarshalTo(dAtA[i:])
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0x12
+	}
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n40
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func (m *ConfigSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -2506,48 +3469,62 @@ func (m *ConfigSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ConfigSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ConfigSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size()))
-	n41, err := m.Annotations.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Templating != nil {
+		{
+			size, err := m.Templating.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintSpecs(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	i += n41
 	if len(m.Data) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintSpecs(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Templating != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintSpecs(dAtA, i, uint64(m.Templating.Size()))
-		n42, err := m.Templating.MarshalTo(dAtA[i:])
+	{
+		size, err := m.Annotations.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n42
+		i -= size
+		i = encodeVarintSpecs(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintSpecs(dAtA []byte, offset int, v uint64) int {
+	offset -= sovSpecs(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
-
 func (m *NodeSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Annotations.Size()
@@ -2565,6 +3542,9 @@ func (m *NodeSpec) Size() (n int) {
 }
 
 func (m *ServiceSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Annotations.Size()
@@ -2596,6 +3576,9 @@ func (m *ServiceSpec) Size() (n int) {
 }
 
 func (m *ServiceSpec_Replicated) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Replicated != nil {
@@ -2605,6 +3588,9 @@ func (m *ServiceSpec_Replicated) Size() (n int) {
 	return n
 }
 func (m *ServiceSpec_Global) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Global != nil {
@@ -2613,7 +3599,34 @@ func (m *ServiceSpec_Global) Size() (n int) {
 	}
 	return n
 }
+func (m *ServiceSpec_ReplicatedJob) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.ReplicatedJob != nil {
+		l = m.ReplicatedJob.Size()
+		n += 1 + l + sovSpecs(uint64(l))
+	}
+	return n
+}
+func (m *ServiceSpec_GlobalJob) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.GlobalJob != nil {
+		l = m.GlobalJob.Size()
+		n += 1 + l + sovSpecs(uint64(l))
+	}
+	return n
+}
 func (m *ReplicatedService) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Replicas != 0 {
@@ -2623,12 +3636,42 @@ func (m *ReplicatedService) Size() (n int) {
 }
 
 func (m *GlobalService) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
+func (m *ReplicatedJob) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.MaxConcurrent != 0 {
+		n += 1 + sovSpecs(uint64(m.MaxConcurrent))
+	}
+	if m.TotalCompletions != 0 {
+		n += 1 + sovSpecs(uint64(m.TotalCompletions))
+	}
+	return n
+}
+
+func (m *GlobalJob) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func (m *TaskSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Runtime != nil {
@@ -2669,6 +3712,9 @@ func (m *TaskSpec) Size() (n int) {
 }
 
 func (m *TaskSpec_Container) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Container != nil {
@@ -2678,6 +3724,9 @@ func (m *TaskSpec_Container) Size() (n int) {
 	return n
 }
 func (m *TaskSpec_Attachment) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Attachment != nil {
@@ -2687,6 +3736,9 @@ func (m *TaskSpec_Attachment) Size() (n int) {
 	return n
 }
 func (m *TaskSpec_Generic) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Generic != nil {
@@ -2696,6 +3748,9 @@ func (m *TaskSpec_Generic) Size() (n int) {
 	return n
 }
 func (m *ResourceReference) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ResourceID)
@@ -2709,6 +3764,9 @@ func (m *ResourceReference) Size() (n int) {
 }
 
 func (m *GenericRuntimeSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Kind)
@@ -2723,6 +3781,9 @@ func (m *GenericRuntimeSpec) Size() (n int) {
 }
 
 func (m *NetworkAttachmentSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -2733,6 +3794,9 @@ func (m *NetworkAttachmentSpec) Size() (n int) {
 }
 
 func (m *ContainerSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Image)
@@ -2858,17 +3922,31 @@ func (m *ContainerSpec) Size() (n int) {
 			n += mapEntrySize + 2 + sovSpecs(uint64(mapEntrySize))
 		}
 	}
-	if m.MemorySwap != 0 {
-		n += 2 + sovSpecs(uint64(m.MemorySwap))
+	if len(m.CapabilityAdd) > 0 {
+		for _, s := range m.CapabilityAdd {
+			l = len(s)
+			n += 2 + l + sovSpecs(uint64(l))
+		}
+	}
+	if len(m.CapabilityDrop) > 0 {
+		for _, s := range m.CapabilityDrop {
+			l = len(s)
+			n += 2 + l + sovSpecs(uint64(l))
+		}
 	}
-	if m.MemorySwappiness != nil {
-		l = m.MemorySwappiness.Size()
-		n += 2 + l + sovSpecs(uint64(l))
+	if len(m.Ulimits) > 0 {
+		for _, e := range m.Ulimits {
+			l = e.Size()
+			n += 2 + l + sovSpecs(uint64(l))
+		}
 	}
 	return n
 }
 
 func (m *ContainerSpec_PullOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.RegistryAuth)
@@ -2879,6 +3957,9 @@ func (m *ContainerSpec_PullOptions) Size() (n int) {
 }
 
 func (m *ContainerSpec_DNSConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Nameservers) > 0 {
@@ -2902,7 +3983,29 @@ func (m *ContainerSpec_DNSConfig) Size() (n int) {
 	return n
 }
 
+func (m *ContainerSpec_Ulimit) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovSpecs(uint64(l))
+	}
+	if m.Soft != 0 {
+		n += 1 + sovSpecs(uint64(m.Soft))
+	}
+	if m.Hard != 0 {
+		n += 1 + sovSpecs(uint64(m.Hard))
+	}
+	return n
+}
+
 func (m *EndpointSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Mode != 0 {
@@ -2918,6 +4021,9 @@ func (m *EndpointSpec) Size() (n int) {
 }
 
 func (m *NetworkSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Annotations.Size()
@@ -2949,6 +4055,9 @@ func (m *NetworkSpec) Size() (n int) {
 }
 
 func (m *NetworkSpec_Network) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Network)
@@ -2956,6 +4065,9 @@ func (m *NetworkSpec_Network) Size() (n int) {
 	return n
 }
 func (m *ClusterSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Annotations.Size()
@@ -2978,6 +4090,9 @@ func (m *ClusterSpec) Size() (n int) {
 }
 
 func (m *SecretSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Annotations.Size()
@@ -2998,6 +4113,9 @@ func (m *SecretSpec) Size() (n int) {
 }
 
 func (m *ConfigSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = m.Annotations.Size()
@@ -3014,14 +4132,7 @@ func (m *ConfigSpec) Size() (n int) {
 }
 
 func sovSpecs(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozSpecs(x uint64) (n int) {
 	return sovSpecs(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -3031,7 +4142,7 @@ func (this *NodeSpec) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&NodeSpec{`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
 		`DesiredRole:` + fmt.Sprintf("%v", this.DesiredRole) + `,`,
 		`Membership:` + fmt.Sprintf("%v", this.Membership) + `,`,
 		`Availability:` + fmt.Sprintf("%v", this.Availability) + `,`,
@@ -3043,13 +4154,18 @@ func (this *ServiceSpec) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForNetworks := "[]*NetworkAttachmentConfig{"
+	for _, f := range this.Networks {
+		repeatedStringForNetworks += strings.Replace(fmt.Sprintf("%v", f), "NetworkAttachmentConfig", "NetworkAttachmentConfig", 1) + ","
+	}
+	repeatedStringForNetworks += "}"
 	s := strings.Join([]string{`&ServiceSpec{`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
 		`Task:` + strings.Replace(strings.Replace(this.Task.String(), "TaskSpec", "TaskSpec", 1), `&`, ``, 1) + `,`,
 		`Mode:` + fmt.Sprintf("%v", this.Mode) + `,`,
 		`Update:` + strings.Replace(fmt.Sprintf("%v", this.Update), "UpdateConfig", "UpdateConfig", 1) + `,`,
-		`Networks:` + strings.Replace(fmt.Sprintf("%v", this.Networks), "NetworkAttachmentConfig", "NetworkAttachmentConfig", 1) + `,`,
-		`Endpoint:` + strings.Replace(fmt.Sprintf("%v", this.Endpoint), "EndpointSpec", "EndpointSpec", 1) + `,`,
+		`Networks:` + repeatedStringForNetworks + `,`,
+		`Endpoint:` + strings.Replace(this.Endpoint.String(), "EndpointSpec", "EndpointSpec", 1) + `,`,
 		`Rollback:` + strings.Replace(fmt.Sprintf("%v", this.Rollback), "UpdateConfig", "UpdateConfig", 1) + `,`,
 		`}`,
 	}, "")
@@ -3075,6 +4191,26 @@ func (this *ServiceSpec_Global) String() string {
 	}, "")
 	return s
 }
+func (this *ServiceSpec_ReplicatedJob) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ServiceSpec_ReplicatedJob{`,
+		`ReplicatedJob:` + strings.Replace(fmt.Sprintf("%v", this.ReplicatedJob), "ReplicatedJob", "ReplicatedJob", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ServiceSpec_GlobalJob) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ServiceSpec_GlobalJob{`,
+		`GlobalJob:` + strings.Replace(fmt.Sprintf("%v", this.GlobalJob), "GlobalJob", "GlobalJob", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *ReplicatedService) String() string {
 	if this == nil {
 		return "nil"
@@ -3094,19 +4230,49 @@ func (this *GlobalService) String() string {
 	}, "")
 	return s
 }
+func (this *ReplicatedJob) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ReplicatedJob{`,
+		`MaxConcurrent:` + fmt.Sprintf("%v", this.MaxConcurrent) + `,`,
+		`TotalCompletions:` + fmt.Sprintf("%v", this.TotalCompletions) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GlobalJob) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GlobalJob{`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *TaskSpec) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForNetworks := "[]*NetworkAttachmentConfig{"
+	for _, f := range this.Networks {
+		repeatedStringForNetworks += strings.Replace(fmt.Sprintf("%v", f), "NetworkAttachmentConfig", "NetworkAttachmentConfig", 1) + ","
+	}
+	repeatedStringForNetworks += "}"
+	repeatedStringForResourceReferences := "[]ResourceReference{"
+	for _, f := range this.ResourceReferences {
+		repeatedStringForResourceReferences += strings.Replace(strings.Replace(f.String(), "ResourceReference", "ResourceReference", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForResourceReferences += "}"
 	s := strings.Join([]string{`&TaskSpec{`,
 		`Runtime:` + fmt.Sprintf("%v", this.Runtime) + `,`,
 		`Resources:` + strings.Replace(fmt.Sprintf("%v", this.Resources), "ResourceRequirements", "ResourceRequirements", 1) + `,`,
 		`Restart:` + strings.Replace(fmt.Sprintf("%v", this.Restart), "RestartPolicy", "RestartPolicy", 1) + `,`,
 		`Placement:` + strings.Replace(fmt.Sprintf("%v", this.Placement), "Placement", "Placement", 1) + `,`,
 		`LogDriver:` + strings.Replace(fmt.Sprintf("%v", this.LogDriver), "Driver", "Driver", 1) + `,`,
-		`Networks:` + strings.Replace(fmt.Sprintf("%v", this.Networks), "NetworkAttachmentConfig", "NetworkAttachmentConfig", 1) + `,`,
+		`Networks:` + repeatedStringForNetworks + `,`,
 		`ForceUpdate:` + fmt.Sprintf("%v", this.ForceUpdate) + `,`,
-		`ResourceReferences:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ResourceReferences), "ResourceReference", "ResourceReference", 1), `&`, ``, 1) + `,`,
+		`ResourceReferences:` + repeatedStringForResourceReferences + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3158,7 +4324,7 @@ func (this *GenericRuntimeSpec) String() string {
 	}
 	s := strings.Join([]string{`&GenericRuntimeSpec{`,
 		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
-		`Payload:` + strings.Replace(fmt.Sprintf("%v", this.Payload), "Any", "google_protobuf3.Any", 1) + `,`,
+		`Payload:` + strings.Replace(fmt.Sprintf("%v", this.Payload), "Any", "types.Any", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3177,11 +4343,31 @@ func (this *ContainerSpec) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForMounts := "[]Mount{"
+	for _, f := range this.Mounts {
+		repeatedStringForMounts += fmt.Sprintf("%v", f) + ","
+	}
+	repeatedStringForMounts += "}"
+	repeatedStringForSecrets := "[]*SecretReference{"
+	for _, f := range this.Secrets {
+		repeatedStringForSecrets += strings.Replace(fmt.Sprintf("%v", f), "SecretReference", "SecretReference", 1) + ","
+	}
+	repeatedStringForSecrets += "}"
+	repeatedStringForConfigs := "[]*ConfigReference{"
+	for _, f := range this.Configs {
+		repeatedStringForConfigs += strings.Replace(fmt.Sprintf("%v", f), "ConfigReference", "ConfigReference", 1) + ","
+	}
+	repeatedStringForConfigs += "}"
+	repeatedStringForUlimits := "[]*ContainerSpec_Ulimit{"
+	for _, f := range this.Ulimits {
+		repeatedStringForUlimits += strings.Replace(fmt.Sprintf("%v", f), "ContainerSpec_Ulimit", "ContainerSpec_Ulimit", 1) + ","
+	}
+	repeatedStringForUlimits += "}"
 	keysForLabels := make([]string, 0, len(this.Labels))
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -3191,7 +4377,7 @@ func (this *ContainerSpec) String() string {
 	for k, _ := range this.Sysctls {
 		keysForSysctls = append(keysForSysctls, k)
 	}
-	sortkeys.Strings(keysForSysctls)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForSysctls)
 	mapStringForSysctls := "map[string]string{"
 	for _, k := range keysForSysctls {
 		mapStringForSysctls += fmt.Sprintf("%v: %v,", k, this.Sysctls[k])
@@ -3205,11 +4391,11 @@ func (this *ContainerSpec) String() string {
 		`Env:` + fmt.Sprintf("%v", this.Env) + `,`,
 		`Dir:` + fmt.Sprintf("%v", this.Dir) + `,`,
 		`User:` + fmt.Sprintf("%v", this.User) + `,`,
-		`Mounts:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Mounts), "Mount", "Mount", 1), `&`, ``, 1) + `,`,
-		`StopGracePeriod:` + strings.Replace(fmt.Sprintf("%v", this.StopGracePeriod), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`Mounts:` + repeatedStringForMounts + `,`,
+		`StopGracePeriod:` + strings.Replace(fmt.Sprintf("%v", this.StopGracePeriod), "Duration", "types.Duration", 1) + `,`,
 		`PullOptions:` + strings.Replace(fmt.Sprintf("%v", this.PullOptions), "ContainerSpec_PullOptions", "ContainerSpec_PullOptions", 1) + `,`,
 		`Groups:` + fmt.Sprintf("%v", this.Groups) + `,`,
-		`Secrets:` + strings.Replace(fmt.Sprintf("%v", this.Secrets), "SecretReference", "SecretReference", 1) + `,`,
+		`Secrets:` + repeatedStringForSecrets + `,`,
 		`TTY:` + fmt.Sprintf("%v", this.TTY) + `,`,
 		`Hostname:` + fmt.Sprintf("%v", this.Hostname) + `,`,
 		`DNSConfig:` + strings.Replace(fmt.Sprintf("%v", this.DNSConfig), "ContainerSpec_DNSConfig", "ContainerSpec_DNSConfig", 1) + `,`,
@@ -3218,14 +4404,15 @@ func (this *ContainerSpec) String() string {
 		`OpenStdin:` + fmt.Sprintf("%v", this.OpenStdin) + `,`,
 		`ReadOnly:` + fmt.Sprintf("%v", this.ReadOnly) + `,`,
 		`StopSignal:` + fmt.Sprintf("%v", this.StopSignal) + `,`,
-		`Configs:` + strings.Replace(fmt.Sprintf("%v", this.Configs), "ConfigReference", "ConfigReference", 1) + `,`,
+		`Configs:` + repeatedStringForConfigs + `,`,
 		`Privileges:` + strings.Replace(fmt.Sprintf("%v", this.Privileges), "Privileges", "Privileges", 1) + `,`,
-		`Init:` + strings.Replace(fmt.Sprintf("%v", this.Init), "BoolValue", "google_protobuf4.BoolValue", 1) + `,`,
+		`Init:` + strings.Replace(fmt.Sprintf("%v", this.Init), "BoolValue", "types.BoolValue", 1) + `,`,
 		`Isolation:` + fmt.Sprintf("%v", this.Isolation) + `,`,
 		`PidsLimit:` + fmt.Sprintf("%v", this.PidsLimit) + `,`,
 		`Sysctls:` + mapStringForSysctls + `,`,
-		`MemorySwap:` + fmt.Sprintf("%v", this.MemorySwap) + `,`,
-		`MemorySwappiness:` + strings.Replace(fmt.Sprintf("%v", this.MemorySwappiness), "Int64Value", "google_protobuf4.Int64Value", 1) + `,`,
+		`CapabilityAdd:` + fmt.Sprintf("%v", this.CapabilityAdd) + `,`,
+		`CapabilityDrop:` + fmt.Sprintf("%v", this.CapabilityDrop) + `,`,
+		`Ulimits:` + repeatedStringForUlimits + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3252,13 +4439,30 @@ func (this *ContainerSpec_DNSConfig) String() string {
 	}, "")
 	return s
 }
+func (this *ContainerSpec_Ulimit) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ContainerSpec_Ulimit{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Soft:` + fmt.Sprintf("%v", this.Soft) + `,`,
+		`Hard:` + fmt.Sprintf("%v", this.Hard) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *EndpointSpec) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForPorts := "[]*PortConfig{"
+	for _, f := range this.Ports {
+		repeatedStringForPorts += strings.Replace(fmt.Sprintf("%v", f), "PortConfig", "PortConfig", 1) + ","
+	}
+	repeatedStringForPorts += "}"
 	s := strings.Join([]string{`&EndpointSpec{`,
 		`Mode:` + fmt.Sprintf("%v", this.Mode) + `,`,
-		`Ports:` + strings.Replace(fmt.Sprintf("%v", this.Ports), "PortConfig", "PortConfig", 1) + `,`,
+		`Ports:` + repeatedStringForPorts + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3268,7 +4472,7 @@ func (this *NetworkSpec) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&NetworkSpec{`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
 		`DriverConfig:` + strings.Replace(fmt.Sprintf("%v", this.DriverConfig), "Driver", "Driver", 1) + `,`,
 		`Ipv6Enabled:` + fmt.Sprintf("%v", this.Ipv6Enabled) + `,`,
 		`Internal:` + fmt.Sprintf("%v", this.Internal) + `,`,
@@ -3295,14 +4499,14 @@ func (this *ClusterSpec) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&ClusterSpec{`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
-		`AcceptancePolicy:` + strings.Replace(strings.Replace(this.AcceptancePolicy.String(), "AcceptancePolicy", "AcceptancePolicy", 1), `&`, ``, 1) + `,`,
-		`Orchestration:` + strings.Replace(strings.Replace(this.Orchestration.String(), "OrchestrationConfig", "OrchestrationConfig", 1), `&`, ``, 1) + `,`,
-		`Raft:` + strings.Replace(strings.Replace(this.Raft.String(), "RaftConfig", "RaftConfig", 1), `&`, ``, 1) + `,`,
-		`Dispatcher:` + strings.Replace(strings.Replace(this.Dispatcher.String(), "DispatcherConfig", "DispatcherConfig", 1), `&`, ``, 1) + `,`,
-		`CAConfig:` + strings.Replace(strings.Replace(this.CAConfig.String(), "CAConfig", "CAConfig", 1), `&`, ``, 1) + `,`,
-		`TaskDefaults:` + strings.Replace(strings.Replace(this.TaskDefaults.String(), "TaskDefaults", "TaskDefaults", 1), `&`, ``, 1) + `,`,
-		`EncryptionConfig:` + strings.Replace(strings.Replace(this.EncryptionConfig.String(), "EncryptionConfig", "EncryptionConfig", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`AcceptancePolicy:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.AcceptancePolicy), "AcceptancePolicy", "AcceptancePolicy", 1), `&`, ``, 1) + `,`,
+		`Orchestration:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Orchestration), "OrchestrationConfig", "OrchestrationConfig", 1), `&`, ``, 1) + `,`,
+		`Raft:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Raft), "RaftConfig", "RaftConfig", 1), `&`, ``, 1) + `,`,
+		`Dispatcher:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Dispatcher), "DispatcherConfig", "DispatcherConfig", 1), `&`, ``, 1) + `,`,
+		`CAConfig:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CAConfig), "CAConfig", "CAConfig", 1), `&`, ``, 1) + `,`,
+		`TaskDefaults:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.TaskDefaults), "TaskDefaults", "TaskDefaults", 1), `&`, ``, 1) + `,`,
+		`EncryptionConfig:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.EncryptionConfig), "EncryptionConfig", "EncryptionConfig", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3312,7 +4516,7 @@ func (this *SecretSpec) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&SecretSpec{`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
 		`Data:` + fmt.Sprintf("%v", this.Data) + `,`,
 		`Templating:` + strings.Replace(fmt.Sprintf("%v", this.Templating), "Driver", "Driver", 1) + `,`,
 		`Driver:` + strings.Replace(fmt.Sprintf("%v", this.Driver), "Driver", "Driver", 1) + `,`,
@@ -3325,7 +4529,7 @@ func (this *ConfigSpec) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&ConfigSpec{`,
-		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Annotations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Annotations), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
 		`Data:` + fmt.Sprintf("%v", this.Data) + `,`,
 		`Templating:` + strings.Replace(fmt.Sprintf("%v", this.Templating), "Driver", "Driver", 1) + `,`,
 		`}`,
@@ -3355,7 +4559,7 @@ func (m *NodeSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3383,7 +4587,7 @@ func (m *NodeSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3392,6 +4596,9 @@ func (m *NodeSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3413,7 +4620,7 @@ func (m *NodeSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.DesiredRole |= (NodeRole(b) & 0x7F) << shift
+				m.DesiredRole |= NodeRole(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3432,7 +4639,7 @@ func (m *NodeSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Membership |= (NodeSpec_Membership(b) & 0x7F) << shift
+				m.Membership |= NodeSpec_Membership(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3451,7 +4658,7 @@ func (m *NodeSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Availability |= (NodeSpec_Availability(b) & 0x7F) << shift
+				m.Availability |= NodeSpec_Availability(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3462,7 +4669,7 @@ func (m *NodeSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -3492,7 +4699,7 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3520,7 +4727,7 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3529,6 +4736,9 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3550,7 +4760,110 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Task.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Replicated", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &ReplicatedService{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Mode = &ServiceSpec_Replicated{v}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Global", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &GlobalService{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Mode = &ServiceSpec_Global{v}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Update", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3559,16 +4872,22 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.Task.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.Update == nil {
+				m.Update = &UpdateConfig{}
+			}
+			if err := m.Update.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 3:
+		case 7:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Replicated", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Networks", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3580,7 +4899,7 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3589,18 +4908,20 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &ReplicatedService{}
-			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Networks = append(m.Networks, &NetworkAttachmentConfig{})
+			if err := m.Networks[len(m.Networks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
-			m.Mode = &ServiceSpec_Replicated{v}
 			iNdEx = postIndex
-		case 4:
+		case 8:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Global", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Endpoint", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3612,7 +4933,7 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3621,18 +4942,22 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &GlobalService{}
-			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.Endpoint == nil {
+				m.Endpoint = &EndpointSpec{}
+			}
+			if err := m.Endpoint.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
-			m.Mode = &ServiceSpec_Global{v}
 			iNdEx = postIndex
-		case 6:
+		case 9:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Update", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Rollback", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3644,7 +4969,7 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3653,19 +4978,22 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Update == nil {
-				m.Update = &UpdateConfig{}
+			if m.Rollback == nil {
+				m.Rollback = &UpdateConfig{}
 			}
-			if err := m.Update.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Rollback.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 7:
+		case 10:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Networks", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ReplicatedJob", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3677,7 +5005,7 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3686,17 +5014,21 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Networks = append(m.Networks, &NetworkAttachmentConfig{})
-			if err := m.Networks[len(m.Networks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			v := &ReplicatedJob{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
+			m.Mode = &ServiceSpec_ReplicatedJob{v}
 			iNdEx = postIndex
-		case 8:
+		case 11:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Endpoint", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field GlobalJob", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3708,7 +5040,7 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3717,21 +5049,73 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Endpoint == nil {
-				m.Endpoint = &EndpointSpec{}
-			}
-			if err := m.Endpoint.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			v := &GlobalJob{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
+			m.Mode = &ServiceSpec_GlobalJob{v}
 			iNdEx = postIndex
-		case 9:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Rollback", wireType)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipSpecs(dAtA[iNdEx:])
+			if err != nil {
+				return err
 			}
-			var msglen int
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ReplicatedService) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowSpecs
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ReplicatedService: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ReplicatedService: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Replicas", wireType)
+			}
+			m.Replicas = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowSpecs
@@ -3741,32 +5125,68 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.Replicas |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipSpecs(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
+			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Rollback == nil {
-				m.Rollback = &UpdateConfig{}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *GlobalService) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowSpecs
 			}
-			if err := m.Rollback.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
 			}
-			iNdEx = postIndex
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GlobalService: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GlobalService: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
 		default:
 			iNdEx = preIndex
 			skippy, err := skipSpecs(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -3781,7 +5201,7 @@ func (m *ServiceSpec) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ReplicatedService) Unmarshal(dAtA []byte) error {
+func (m *ReplicatedJob) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3796,7 +5216,7 @@ func (m *ReplicatedService) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3804,17 +5224,36 @@ func (m *ReplicatedService) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ReplicatedService: wiretype end group for non-group")
+			return fmt.Errorf("proto: ReplicatedJob: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ReplicatedService: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ReplicatedJob: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Replicas", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field MaxConcurrent", wireType)
 			}
-			m.Replicas = 0
+			m.MaxConcurrent = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.MaxConcurrent |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TotalCompletions", wireType)
+			}
+			m.TotalCompletions = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowSpecs
@@ -3824,7 +5263,7 @@ func (m *ReplicatedService) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Replicas |= (uint64(b) & 0x7F) << shift
+				m.TotalCompletions |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3835,7 +5274,7 @@ func (m *ReplicatedService) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -3850,7 +5289,7 @@ func (m *ReplicatedService) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GlobalService) Unmarshal(dAtA []byte) error {
+func (m *GlobalJob) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3865,7 +5304,7 @@ func (m *GlobalService) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3873,10 +5312,10 @@ func (m *GlobalService) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: GlobalService: wiretype end group for non-group")
+			return fmt.Errorf("proto: GlobalJob: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GlobalService: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GlobalJob: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		default:
@@ -3885,7 +5324,7 @@ func (m *GlobalService) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -3915,7 +5354,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3943,7 +5382,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3952,6 +5391,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3975,7 +5417,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3984,6 +5426,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4008,7 +5453,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4017,6 +5462,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4041,7 +5489,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4050,6 +5498,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4074,7 +5525,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4083,6 +5534,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4107,7 +5561,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4116,6 +5570,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4138,7 +5595,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4147,6 +5604,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4170,7 +5630,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ForceUpdate |= (uint64(b) & 0x7F) << shift
+				m.ForceUpdate |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4189,7 +5649,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4198,6 +5658,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4221,7 +5684,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4230,6 +5693,9 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4244,7 +5710,7 @@ func (m *TaskSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -4274,7 +5740,7 @@ func (m *ResourceReference) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4302,7 +5768,7 @@ func (m *ResourceReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4312,6 +5778,9 @@ func (m *ResourceReference) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4331,7 +5800,7 @@ func (m *ResourceReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ResourceType |= (ResourceType(b) & 0x7F) << shift
+				m.ResourceType |= ResourceType(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4342,7 +5811,7 @@ func (m *ResourceReference) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -4372,7 +5841,7 @@ func (m *GenericRuntimeSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4400,7 +5869,7 @@ func (m *GenericRuntimeSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4410,6 +5879,9 @@ func (m *GenericRuntimeSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4429,7 +5901,7 @@ func (m *GenericRuntimeSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4438,11 +5910,14 @@ func (m *GenericRuntimeSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Payload == nil {
-				m.Payload = &google_protobuf3.Any{}
+				m.Payload = &types.Any{}
 			}
 			if err := m.Payload.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -4454,7 +5929,7 @@ func (m *GenericRuntimeSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -4484,7 +5959,7 @@ func (m *NetworkAttachmentSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4512,7 +5987,7 @@ func (m *NetworkAttachmentSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4522,6 +5997,9 @@ func (m *NetworkAttachmentSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4533,7 +6011,7 @@ func (m *NetworkAttachmentSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -4563,7 +6041,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4591,7 +6069,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4601,6 +6079,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4620,7 +6101,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4629,6 +6110,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4649,7 +6133,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -4666,7 +6150,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -4676,6 +6160,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSpecs
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthSpecs
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -4692,7 +6179,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -4702,6 +6189,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSpecs
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthSpecs
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -4713,7 +6203,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthSpecs
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -4738,7 +6228,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4748,6 +6238,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4767,7 +6260,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4777,6 +6270,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4796,7 +6292,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4806,6 +6302,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4825,7 +6324,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4835,6 +6334,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4854,7 +6356,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4864,6 +6366,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4883,7 +6388,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4892,6 +6397,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4914,7 +6422,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4923,11 +6431,14 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.StopGracePeriod == nil {
-				m.StopGracePeriod = &google_protobuf1.Duration{}
+				m.StopGracePeriod = &types.Duration{}
 			}
 			if err := m.StopGracePeriod.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -4947,7 +6458,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4956,6 +6467,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4980,7 +6494,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4990,6 +6504,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5009,7 +6526,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5018,6 +6535,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5040,7 +6560,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5060,7 +6580,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5069,7 +6589,10 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 			if intStringLen < 0 {
 				return ErrInvalidLengthSpecs
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5089,7 +6612,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5098,6 +6621,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5122,7 +6648,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5131,6 +6657,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5155,7 +6684,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5165,6 +6694,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5184,7 +6716,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5204,7 +6736,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5224,7 +6756,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5234,6 +6766,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5253,7 +6788,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5262,6 +6797,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5284,7 +6822,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5293,6 +6831,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5317,7 +6858,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5326,11 +6867,14 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Init == nil {
-				m.Init = &google_protobuf4.BoolValue{}
+				m.Init = &types.BoolValue{}
 			}
 			if err := m.Init.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -5350,7 +6894,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Isolation |= (ContainerSpec_Isolation(b) & 0x7F) << shift
+				m.Isolation |= ContainerSpec_Isolation(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5369,7 +6913,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.PidsLimit |= (int64(b) & 0x7F) << shift
+				m.PidsLimit |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5388,7 +6932,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5397,6 +6941,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5417,7 +6964,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -5434,7 +6981,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -5444,6 +6991,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSpecs
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthSpecs
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -5460,7 +7010,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -5470,6 +7020,9 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSpecs
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthSpecs
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -5481,7 +7034,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthSpecs
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -5493,10 +7046,10 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 			m.Sysctls[mapkey] = mapvalue
 			iNdEx = postIndex
 		case 27:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MemorySwap", wireType)
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CapabilityAdd", wireType)
 			}
-			m.MemorySwap = 0
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowSpecs
@@ -5506,14 +7059,59 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.MemorySwap |= (int64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CapabilityAdd = append(m.CapabilityAdd, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		case 28:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MemorySwappiness", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field CapabilityDrop", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CapabilityDrop = append(m.CapabilityDrop, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 29:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Ulimits", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -5525,7 +7123,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5534,13 +7132,14 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.MemorySwappiness == nil {
-				m.MemorySwappiness = &google_protobuf4.Int64Value{}
-			}
-			if err := m.MemorySwappiness.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Ulimits = append(m.Ulimits, &ContainerSpec_Ulimit{})
+			if err := m.Ulimits[len(m.Ulimits)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -5550,7 +7149,7 @@ func (m *ContainerSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -5580,7 +7179,7 @@ func (m *ContainerSpec_PullOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5608,7 +7207,7 @@ func (m *ContainerSpec_PullOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5618,6 +7217,9 @@ func (m *ContainerSpec_PullOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5629,7 +7231,7 @@ func (m *ContainerSpec_PullOptions) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -5659,7 +7261,7 @@ func (m *ContainerSpec_DNSConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5687,7 +7289,7 @@ func (m *ContainerSpec_DNSConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5697,6 +7299,9 @@ func (m *ContainerSpec_DNSConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5716,7 +7321,7 @@ func (m *ContainerSpec_DNSConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5726,6 +7331,9 @@ func (m *ContainerSpec_DNSConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5745,7 +7353,7 @@ func (m *ContainerSpec_DNSConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5755,6 +7363,9 @@ func (m *ContainerSpec_DNSConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5766,7 +7377,127 @@ func (m *ContainerSpec_DNSConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ContainerSpec_Ulimit) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowSpecs
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Ulimit: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Ulimit: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Soft", wireType)
+			}
+			m.Soft = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Soft |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Hard", wireType)
+			}
+			m.Hard = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Hard |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipSpecs(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -5796,7 +7527,7 @@ func (m *EndpointSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5824,7 +7555,7 @@ func (m *EndpointSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Mode |= (EndpointSpec_ResolutionMode(b) & 0x7F) << shift
+				m.Mode |= EndpointSpec_ResolutionMode(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5843,7 +7574,7 @@ func (m *EndpointSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5852,6 +7583,9 @@ func (m *EndpointSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5866,7 +7600,7 @@ func (m *EndpointSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -5896,7 +7630,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5924,7 +7658,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5933,6 +7667,9 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5954,7 +7691,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5963,6 +7700,9 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -5987,7 +7727,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6007,7 +7747,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6027,7 +7767,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6036,6 +7776,9 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6060,7 +7803,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6080,7 +7823,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6100,7 +7843,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6110,6 +7853,9 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6121,7 +7867,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -6151,7 +7897,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -6179,7 +7925,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6188,6 +7934,9 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6209,7 +7958,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6218,6 +7967,9 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6239,7 +7991,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6248,6 +8000,9 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6269,7 +8024,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6278,6 +8033,9 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6299,7 +8057,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6308,6 +8066,9 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6329,7 +8090,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6338,6 +8099,9 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6359,7 +8123,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6368,6 +8132,9 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6389,7 +8156,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6398,6 +8165,9 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6411,7 +8181,7 @@ func (m *ClusterSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -6441,7 +8211,7 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -6469,7 +8239,7 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6478,6 +8248,9 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6499,7 +8272,7 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6508,6 +8281,9 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6530,7 +8306,7 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6539,6 +8315,9 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6563,7 +8342,7 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6572,6 +8351,9 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6588,7 +8370,7 @@ func (m *SecretSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -6618,7 +8400,7 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -6646,7 +8428,7 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6655,6 +8437,9 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6676,7 +8461,7 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6685,6 +8470,9 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6707,7 +8495,7 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -6716,6 +8504,9 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSpecs
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSpecs
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -6732,7 +8523,7 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSpecs
 			}
 			if (iNdEx + skippy) > l {
@@ -6750,6 +8541,7 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error {
 func skipSpecs(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -6781,10 +8573,8 @@ func skipSpecs(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -6801,198 +8591,34 @@ func skipSpecs(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthSpecs
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowSpecs
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipSpecs(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupSpecs
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthSpecs
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthSpecs = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowSpecs   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthSpecs        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowSpecs          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupSpecs = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("github.com/docker/swarmkit/api/specs.proto", fileDescriptorSpecs) }
-
-var fileDescriptorSpecs = []byte{
-	// 2213 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcf, 0x6f, 0x1b, 0xb9,
-	0xf5, 0xb7, 0x6c, 0x59, 0x3f, 0xde, 0xc8, 0x89, 0xcc, 0xcd, 0xee, 0x8e, 0x95, 0xac, 0xad, 0xd5,
-	0x66, 0xf3, 0xf5, 0xee, 0xe2, 0x2b, 0xa3, 0x6e, 0x90, 0x66, 0x93, 0x6e, 0x5b, 0xc9, 0xd2, 0xda,
-	0x6a, 0x12, 0x5b, 0xa0, 0x1c, 0xb7, 0x01, 0x0a, 0x08, 0xf4, 0x0c, 0x2d, 0x0d, 0x3c, 0x1a, 0x4e,
-	0x49, 0xca, 0x81, 0x6e, 0x3d, 0x2e, 0xdc, 0xbf, 0xc1, 0xe8, 0xa1, 0xe8, 0xbd, 0xfd, 0x2f, 0x72,
-	0x6c, 0x6f, 0xed, 0xc5, 0xe8, 0xfa, 0x5f, 0xe8, 0xad, 0x97, 0x16, 0xe4, 0x70, 0xa4, 0x91, 0x2d,
-	0xc7, 0x29, 0x9a, 0x43, 0x6f, 0xe4, 0x9b, 0xcf, 0xe7, 0x91, 0x7c, 0xfc, 0xf0, 0xf1, 0x71, 0xe0,
-	0xcb, 0x9e, 0x27, 0xfb, 0xc3, 0xc3, 0xaa, 0xc3, 0x06, 0x1b, 0x2e, 0x73, 0x8e, 0x29, 0xdf, 0x10,
-	0xaf, 0x09, 0x1f, 0x1c, 0x7b, 0x72, 0x83, 0x84, 0xde, 0x86, 0x08, 0xa9, 0x23, 0xaa, 0x21, 0x67,
-	0x92, 0x21, 0x14, 0x01, 0xaa, 0x31, 0xa0, 0x7a, 0xf2, 0x83, 0xd2, 0x4d, 0x7c, 0x39, 0x0a, 0xa9,
-	0xe1, 0x97, 0xee, 0xf4, 0x58, 0x8f, 0xe9, 0xe6, 0x86, 0x6a, 0x19, 0xeb, 0x6a, 0x8f, 0xb1, 0x9e,
-	0x4f, 0x37, 0x74, 0xef, 0x70, 0x78, 0xb4, 0xe1, 0x0e, 0x39, 0x91, 0x1e, 0x0b, 0xcc, 0xf7, 0x95,
-	0xcb, 0xdf, 0x49, 0x30, 0xba, 0x8e, 0xfa, 0x9a, 0x93, 0x30, 0xa4, 0xdc, 0x0c, 0x58, 0x39, 0x4b,
-	0x43, 0x6e, 0x97, 0xb9, 0xb4, 0x13, 0x52, 0x07, 0x6d, 0x83, 0x45, 0x82, 0x80, 0x49, 0xed, 0x5b,
-	0xd8, 0xa9, 0x72, 0x6a, 0xdd, 0xda, 0x5c, 0xab, 0x5e, 0x5d, 0x53, 0xb5, 0x36, 0x81, 0xd5, 0xd3,
-	0x6f, 0xce, 0xd7, 0xe6, 0x70, 0x92, 0x89, 0x7e, 0x0a, 0x05, 0x97, 0x0a, 0x8f, 0x53, 0xb7, 0xcb,
-	0x99, 0x4f, 0xed, 0xf9, 0x72, 0x6a, 0xfd, 0xd6, 0xe6, 0xbd, 0x59, 0x9e, 0xd4, 0xe0, 0x98, 0xf9,
-	0x14, 0x5b, 0x86, 0xa1, 0x3a, 0x68, 0x1b, 0x60, 0x40, 0x07, 0x87, 0x94, 0x8b, 0xbe, 0x17, 0xda,
-	0x0b, 0x9a, 0xfe, 0x7f, 0xd7, 0xd1, 0xd5, 0xdc, 0xab, 0x2f, 0xc6, 0x70, 0x9c, 0xa0, 0xa2, 0x17,
-	0x50, 0x20, 0x27, 0xc4, 0xf3, 0xc9, 0xa1, 0xe7, 0x7b, 0x72, 0x64, 0xa7, 0xb5, 0xab, 0x2f, 0xde,
-	0xea, 0xaa, 0x96, 0x20, 0xe0, 0x29, 0x7a, 0xc5, 0x05, 0x98, 0x0c, 0x84, 0x1e, 0x40, 0xb6, 0xdd,
-	0xdc, 0x6d, 0xb4, 0x76, 0xb7, 0x8b, 0x73, 0xa5, 0x95, 0xd3, 0xb3, 0xf2, 0x87, 0xca, 0xc7, 0x04,
-	0xd0, 0xa6, 0x81, 0xeb, 0x05, 0x3d, 0xb4, 0x0e, 0xb9, 0xda, 0xd6, 0x56, 0xb3, 0xbd, 0xdf, 0x6c,
-	0x14, 0x53, 0xa5, 0xd2, 0xe9, 0x59, 0xf9, 0xa3, 0x69, 0x60, 0xcd, 0x71, 0x68, 0x28, 0xa9, 0x5b,
-	0x4a, 0x7f, 0xf7, 0xfb, 0xd5, 0xb9, 0xca, 0x77, 0x29, 0x28, 0x24, 0x27, 0x81, 0x1e, 0x40, 0xa6,
-	0xb6, 0xb5, 0xdf, 0x3a, 0x68, 0x16, 0xe7, 0x26, 0xf4, 0x24, 0xa2, 0xe6, 0x48, 0xef, 0x84, 0xa2,
-	0xfb, 0xb0, 0xd8, 0xae, 0xbd, 0xec, 0x34, 0x8b, 0xa9, 0xc9, 0x74, 0x92, 0xb0, 0x36, 0x19, 0x0a,
-	0x8d, 0x6a, 0xe0, 0x5a, 0x6b, 0xb7, 0x38, 0x3f, 0x1b, 0xd5, 0xe0, 0xc4, 0x0b, 0xcc, 0x54, 0x7e,
-	0x97, 0x06, 0xab, 0x43, 0xf9, 0x89, 0xe7, 0xbc, 0x67, 0x89, 0x3c, 0x82, 0xb4, 0x24, 0xe2, 0x58,
-	0x4b, 0xc3, 0x9a, 0x2d, 0x8d, 0x7d, 0x22, 0x8e, 0xd5, 0xa0, 0x86, 0xae, 0xf1, 0x4a, 0x19, 0x9c,
-	0x86, 0xbe, 0xe7, 0x10, 0x49, 0x5d, 0xad, 0x0c, 0x6b, 0xf3, 0xf3, 0x59, 0x6c, 0x3c, 0x46, 0x99,
-	0xf9, 0xef, 0xcc, 0xe1, 0x04, 0x15, 0x3d, 0x85, 0x4c, 0xcf, 0x67, 0x87, 0xc4, 0xd7, 0x9a, 0xb0,
-	0x36, 0x3f, 0x9d, 0xe5, 0x64, 0x5b, 0x23, 0x26, 0x0e, 0x0c, 0x05, 0x3d, 0x86, 0xcc, 0x30, 0x74,
-	0x89, 0xa4, 0x76, 0x46, 0x93, 0xcb, 0xb3, 0xc8, 0x2f, 0x35, 0x62, 0x8b, 0x05, 0x47, 0x5e, 0x0f,
-	0x1b, 0x3c, 0x7a, 0x06, 0xb9, 0x80, 0xca, 0xd7, 0x8c, 0x1f, 0x0b, 0x3b, 0x5b, 0x5e, 0x58, 0xb7,
-	0x36, 0xbf, 0x9a, 0x29, 0xc6, 0x08, 0x53, 0x93, 0x92, 0x38, 0xfd, 0x01, 0x0d, 0x64, 0xe4, 0xa6,
-	0x3e, 0x6f, 0xa7, 0xf0, 0xd8, 0x01, 0xfa, 0x31, 0xe4, 0x68, 0xe0, 0x86, 0xcc, 0x0b, 0xa4, 0x9d,
-	0xbb, 0x7e, 0x22, 0x4d, 0x83, 0x51, 0xc1, 0xc4, 0x63, 0x86, 0x62, 0x73, 0xe6, 0xfb, 0x87, 0xc4,
-	0x39, 0xb6, 0xf3, 0xef, 0xb8, 0x8c, 0x31, 0xa3, 0x9e, 0x81, 0xf4, 0x80, 0xb9, 0xb4, 0xb2, 0x01,
-	0xcb, 0x57, 0x42, 0x8d, 0x4a, 0x90, 0x33, 0xa1, 0x8e, 0x34, 0x92, 0xc6, 0xe3, 0x7e, 0xe5, 0x36,
-	0x2c, 0x4d, 0x85, 0xb5, 0xf2, 0xc7, 0x45, 0xc8, 0xc5, 0x7b, 0x8d, 0x6a, 0x90, 0x77, 0x58, 0x20,
-	0x89, 0x17, 0x50, 0x6e, 0xe4, 0x35, 0x73, 0x67, 0xb6, 0x62, 0x90, 0x62, 0xed, 0xcc, 0xe1, 0x09,
-	0x0b, 0x7d, 0x0b, 0x79, 0x4e, 0x05, 0x1b, 0x72, 0x87, 0x0a, 0xa3, 0xaf, 0xf5, 0xd9, 0x0a, 0x89,
-	0x40, 0x98, 0xfe, 0x7a, 0xe8, 0x71, 0xaa, 0xa2, 0x2c, 0xf0, 0x84, 0x8a, 0x9e, 0x42, 0x96, 0x53,
-	0x21, 0x09, 0x97, 0x6f, 0x93, 0x08, 0x8e, 0x20, 0x6d, 0xe6, 0x7b, 0xce, 0x08, 0xc7, 0x0c, 0xf4,
-	0x14, 0xf2, 0xa1, 0x4f, 0x1c, 0xed, 0xd5, 0x5e, 0xd4, 0xf4, 0x4f, 0x66, 0xd1, 0xdb, 0x31, 0x08,
-	0x4f, 0xf0, 0xe8, 0x6b, 0x00, 0x9f, 0xf5, 0xba, 0x2e, 0xf7, 0x4e, 0x28, 0x37, 0x12, 0x2b, 0xcd,
-	0x62, 0x37, 0x34, 0x02, 0xe7, 0x7d, 0xd6, 0x8b, 0x9a, 0x68, 0xfb, 0xbf, 0xd2, 0x57, 0x42, 0x5b,
-	0xcf, 0x00, 0xc8, 0xf8, 0xab, 0x51, 0xd7, 0x17, 0xef, 0xe4, 0xca, 0xec, 0x48, 0x82, 0x8e, 0x3e,
-	0x85, 0xc2, 0x11, 0xe3, 0x0e, 0xed, 0x9a, 0x53, 0x93, 0xd7, 0x9a, 0xb0, 0xb4, 0x2d, 0xd2, 0x17,
-	0xaa, 0x43, 0xb6, 0x47, 0x03, 0xca, 0x3d, 0xc7, 0x06, 0x3d, 0xd8, 0x83, 0x99, 0x07, 0x32, 0x82,
-	0xe0, 0x61, 0x20, 0xbd, 0x01, 0x35, 0x23, 0xc5, 0x44, 0xf4, 0x2b, 0xf8, 0x20, 0xde, 0xbe, 0x2e,
-	0xa7, 0x47, 0x94, 0xd3, 0x40, 0x69, 0xc0, 0xd2, 0x71, 0xf8, 0xfc, 0xed, 0x1a, 0x30, 0x68, 0x93,
-	0x6c, 0x10, 0xbf, 0xfc, 0x41, 0xd4, 0xf3, 0x90, 0xe5, 0xd1, 0xb8, 0x95, 0xdf, 0xa6, 0x94, 0xea,
-	0x2f, 0x21, 0xd0, 0x06, 0x58, 0xe3, 0xe1, 0x3d, 0x57, 0xab, 0x37, 0x5f, 0xbf, 0x75, 0x71, 0xbe,
-	0x06, 0x31, 0xb6, 0xd5, 0x50, 0x39, 0xc8, 0xb4, 0x5d, 0xd4, 0x84, 0xa5, 0x31, 0x41, 0x95, 0x01,
-	0xe6, 0xa2, 0x2c, 0xbf, 0x6d, 0xa6, 0xfb, 0xa3, 0x90, 0xe2, 0x02, 0x4f, 0xf4, 0x2a, 0xbf, 0x04,
-	0x74, 0x35, 0x2e, 0x08, 0x41, 0xfa, 0xd8, 0x0b, 0xcc, 0x34, 0xb0, 0x6e, 0xa3, 0x2a, 0x64, 0x43,
-	0x32, 0xf2, 0x19, 0x71, 0xcd, 0xc1, 0xb8, 0x53, 0x8d, 0x0a, 0x84, 0x6a, 0x5c, 0x20, 0x54, 0x6b,
-	0xc1, 0x08, 0xc7, 0xa0, 0xca, 0x33, 0xf8, 0x70, 0xe6, 0xf6, 0xa2, 0x4d, 0x28, 0x8c, 0x0f, 0xdc,
-	0x64, 0xad, 0xb7, 0x2f, 0xce, 0xd7, 0xac, 0xf1, 0xc9, 0x6c, 0x35, 0xb0, 0x35, 0x06, 0xb5, 0xdc,
-	0xca, 0x5f, 0x96, 0x60, 0x69, 0xea, 0xd8, 0xa2, 0x3b, 0xb0, 0xe8, 0x0d, 0x48, 0x8f, 0x9a, 0x39,
-	0x46, 0x1d, 0xd4, 0x84, 0x8c, 0x4f, 0x0e, 0xa9, 0xaf, 0x0e, 0xaf, 0xda, 0xb8, 0xff, 0xbf, 0xf1,
-	0xfc, 0x57, 0x9f, 0x6b, 0x7c, 0x33, 0x90, 0x7c, 0x84, 0x0d, 0x19, 0xd9, 0x90, 0x75, 0xd8, 0x60,
-	0x40, 0x02, 0x75, 0x4d, 0x2c, 0xac, 0xe7, 0x71, 0xdc, 0x55, 0x91, 0x21, 0xbc, 0x27, 0xec, 0xb4,
-	0x36, 0xeb, 0x36, 0x2a, 0xc2, 0x02, 0x0d, 0x4e, 0xec, 0x45, 0x6d, 0x52, 0x4d, 0x65, 0x71, 0xbd,
-	0xe8, 0xf4, 0xe5, 0xb1, 0x6a, 0x2a, 0xde, 0x50, 0x50, 0x6e, 0x67, 0xa3, 0x88, 0xaa, 0x36, 0xfa,
-	0x11, 0x64, 0x06, 0x6c, 0x18, 0x48, 0x61, 0xe7, 0xf4, 0x64, 0x57, 0x66, 0x4d, 0xf6, 0x85, 0x42,
-	0x18, 0x65, 0x19, 0x38, 0x6a, 0xc2, 0xb2, 0x90, 0x2c, 0xec, 0xf6, 0x38, 0x71, 0x68, 0x37, 0xa4,
-	0xdc, 0x63, 0xae, 0x49, 0xc3, 0x2b, 0x57, 0x36, 0xa5, 0x61, 0x0a, 0x3e, 0x7c, 0x5b, 0x71, 0xb6,
-	0x15, 0xa5, 0xad, 0x19, 0xa8, 0x0d, 0x85, 0x70, 0xe8, 0xfb, 0x5d, 0x16, 0x46, 0x37, 0x72, 0x74,
-	0x76, 0xde, 0x21, 0x64, 0xed, 0xa1, 0xef, 0xef, 0x45, 0x24, 0x6c, 0x85, 0x93, 0x0e, 0xfa, 0x08,
-	0x32, 0x3d, 0xce, 0x86, 0x61, 0x74, 0x6e, 0xf2, 0xd8, 0xf4, 0xd0, 0x37, 0x90, 0x15, 0xd4, 0xe1,
-	0x54, 0x0a, 0xbb, 0xa0, 0x97, 0xfa, 0xd9, 0xac, 0x41, 0x3a, 0x1a, 0x32, 0x3e, 0x13, 0x38, 0xe6,
-	0xa0, 0x15, 0x58, 0x90, 0x72, 0x64, 0x2f, 0x95, 0x53, 0xeb, 0xb9, 0x7a, 0xf6, 0xe2, 0x7c, 0x6d,
-	0x61, 0x7f, 0xff, 0x15, 0x56, 0x36, 0x75, 0x5b, 0xf4, 0x99, 0x90, 0x01, 0x19, 0x50, 0xfb, 0x96,
-	0x8e, 0xed, 0xb8, 0x8f, 0x5e, 0x01, 0xb8, 0x81, 0xe8, 0x3a, 0x3a, 0x3d, 0xd9, 0xb7, 0xf5, 0xea,
-	0xbe, 0xba, 0x79, 0x75, 0x8d, 0xdd, 0x8e, 0xb9, 0x31, 0x97, 0x2e, 0xce, 0xd7, 0xf2, 0xe3, 0x2e,
-	0xce, 0xbb, 0x81, 0x88, 0x9a, 0xa8, 0x0e, 0x56, 0x9f, 0x12, 0x5f, 0xf6, 0x9d, 0x3e, 0x75, 0x8e,
-	0xed, 0xe2, 0xf5, 0x57, 0xe0, 0x8e, 0x86, 0x19, 0x0f, 0x49, 0x92, 0x52, 0xb0, 0x9a, 0xaa, 0xb0,
-	0x97, 0x75, 0xac, 0xa2, 0x0e, 0xfa, 0x04, 0x80, 0x85, 0x34, 0xe8, 0x0a, 0xe9, 0x7a, 0x81, 0x8d,
-	0xd4, 0x92, 0x71, 0x5e, 0x59, 0x3a, 0xca, 0x80, 0xee, 0xaa, 0x0b, 0x8a, 0xb8, 0x5d, 0x16, 0xf8,
-	0x23, 0xfb, 0x03, 0xfd, 0x35, 0xa7, 0x0c, 0x7b, 0x81, 0x3f, 0x42, 0x6b, 0x60, 0x69, 0x5d, 0x08,
-	0xaf, 0x17, 0x10, 0xdf, 0xbe, 0xa3, 0xe3, 0x01, 0xca, 0xd4, 0xd1, 0x16, 0xb5, 0x0f, 0x51, 0x34,
-	0x84, 0xfd, 0xe1, 0xf5, 0xfb, 0x60, 0x26, 0x3b, 0xd9, 0x07, 0xc3, 0x41, 0x3f, 0x01, 0x08, 0xb9,
-	0x77, 0xe2, 0xf9, 0xb4, 0x47, 0x85, 0xfd, 0x91, 0x5e, 0xf4, 0xea, 0xcc, 0x9b, 0x69, 0x8c, 0xc2,
-	0x09, 0x06, 0xaa, 0x42, 0xda, 0x0b, 0x3c, 0x69, 0x7f, 0x6c, 0x6e, 0xa5, 0xcb, 0x52, 0xad, 0x33,
-	0xe6, 0x1f, 0x10, 0x7f, 0x48, 0xb1, 0xc6, 0xa1, 0x16, 0xe4, 0x3d, 0xc1, 0x7c, 0x2d, 0x5f, 0xdb,
-	0xd6, 0xf9, 0xed, 0x1d, 0xf6, 0xaf, 0x15, 0x53, 0xf0, 0x84, 0x8d, 0xee, 0x41, 0x3e, 0xf4, 0x5c,
-	0xf1, 0xdc, 0x1b, 0x78, 0xd2, 0x5e, 0x29, 0xa7, 0xd6, 0x17, 0xf0, 0xc4, 0x80, 0x76, 0x20, 0x2b,
-	0x46, 0xc2, 0x91, 0xbe, 0xb0, 0x4b, 0x3a, 0x2e, 0xd5, 0x9b, 0x87, 0xe9, 0x44, 0x84, 0x28, 0x71,
-	0xc4, 0x74, 0xb5, 0x05, 0x03, 0x3a, 0x60, 0x7c, 0xd4, 0x15, 0xaf, 0x49, 0x68, 0xdf, 0xd5, 0x23,
-	0x41, 0x64, 0xea, 0xbc, 0x26, 0x21, 0xda, 0x81, 0xe5, 0x04, 0x20, 0xf4, 0x02, 0x2a, 0x84, 0x7d,
-	0x4f, 0x07, 0xe4, 0xee, 0x95, 0x80, 0xb4, 0x02, 0xf9, 0xe8, 0x61, 0x14, 0x91, 0xe2, 0xc4, 0x47,
-	0x44, 0x2a, 0x7d, 0x0d, 0x56, 0x22, 0x77, 0xa9, 0x9c, 0x73, 0x4c, 0x47, 0x26, 0x1d, 0xaa, 0xa6,
-	0x12, 0xd8, 0x89, 0xe2, 0xea, 0x7c, 0x9d, 0xc7, 0x51, 0xe7, 0xc9, 0xfc, 0xe3, 0x54, 0x69, 0x13,
-	0xac, 0xc4, 0x19, 0x46, 0x9f, 0xa9, 0xbb, 0xa4, 0xe7, 0x09, 0xc9, 0x47, 0x5d, 0x32, 0x94, 0x7d,
-	0xfb, 0x67, 0x9a, 0x50, 0x88, 0x8d, 0xb5, 0xa1, 0xec, 0x97, 0xba, 0x30, 0x39, 0x0a, 0xa8, 0x0c,
-	0x96, 0x3a, 0x62, 0x82, 0xf2, 0x13, 0xca, 0x55, 0x9d, 0xa6, 0x14, 0x9c, 0x34, 0xa9, 0x54, 0x20,
-	0x28, 0xe1, 0x4e, 0x5f, 0x67, 0xe2, 0x3c, 0x36, 0x3d, 0x95, 0x5a, 0xe3, 0x7c, 0x63, 0x52, 0xab,
-	0xe9, 0x96, 0x9e, 0x40, 0x21, 0x19, 0xd3, 0xff, 0x64, 0x41, 0x95, 0x3f, 0xa5, 0x20, 0x3f, 0xde,
-	0x77, 0xf4, 0x10, 0x96, 0x5b, 0x9d, 0xbd, 0xe7, 0xb5, 0xfd, 0xd6, 0xde, 0x6e, 0xb7, 0xd1, 0xfc,
-	0xb6, 0xf6, 0xf2, 0xf9, 0x7e, 0x71, 0xae, 0xf4, 0xc9, 0xe9, 0x59, 0x79, 0x65, 0x72, 0xc5, 0xc4,
-	0xf0, 0x06, 0x3d, 0x22, 0x43, 0x5f, 0x4e, 0xb3, 0xda, 0x78, 0x6f, 0xab, 0xd9, 0xe9, 0x14, 0x53,
-	0xd7, 0xb1, 0xda, 0x9c, 0x39, 0x54, 0x08, 0xb4, 0x09, 0xc5, 0x09, 0x6b, 0xe7, 0x55, 0xbb, 0x89,
-	0x0f, 0x8a, 0xf3, 0xa5, 0x7b, 0xa7, 0x67, 0x65, 0xfb, 0x2a, 0x69, 0x67, 0x14, 0x52, 0x7e, 0x60,
-	0xde, 0x47, 0xff, 0x48, 0x41, 0x21, 0x59, 0x5e, 0xa3, 0xad, 0xa8, 0x2c, 0xd6, 0x2b, 0xbe, 0xb5,
-	0xb9, 0x71, 0x53, 0x39, 0xae, 0xaf, 0x75, 0x7f, 0xa8, 0xfc, 0xbe, 0x50, 0x2f, 0x61, 0x4d, 0x46,
-	0x0f, 0x61, 0x31, 0x64, 0x5c, 0xc6, 0x17, 0xe0, 0xec, 0xe3, 0xc9, 0x78, 0x5c, 0xb4, 0x45, 0xe0,
-	0x4a, 0x1f, 0x6e, 0x4d, 0x7b, 0x43, 0xf7, 0x61, 0xe1, 0xa0, 0xd5, 0x2e, 0xce, 0x95, 0xee, 0x9e,
-	0x9e, 0x95, 0x3f, 0x9e, 0xfe, 0x78, 0xe0, 0x71, 0x39, 0x24, 0x7e, 0xab, 0x8d, 0xbe, 0x84, 0xc5,
-	0xc6, 0x6e, 0x07, 0xe3, 0x62, 0xaa, 0xb4, 0x76, 0x7a, 0x56, 0xbe, 0x3b, 0x8d, 0x53, 0x9f, 0xd8,
-	0x30, 0x70, 0x31, 0x3b, 0x1c, 0xbf, 0x0a, 0xff, 0x39, 0x0f, 0x96, 0xa9, 0x0b, 0xde, 0xf7, 0x8f,
-	0x83, 0xa5, 0xa8, 0xe8, 0x8d, 0x13, 0xfe, 0xfc, 0x8d, 0xb5, 0x6f, 0x21, 0x22, 0x18, 0x4d, 0x7f,
-	0x0a, 0x05, 0x2f, 0x3c, 0x79, 0xd4, 0xa5, 0x01, 0x39, 0xf4, 0xcd, 0x03, 0x31, 0x87, 0x2d, 0x65,
-	0x6b, 0x46, 0x26, 0x75, 0xdb, 0x78, 0x81, 0xa4, 0x3c, 0x30, 0x4f, 0xbf, 0x1c, 0x1e, 0xf7, 0xd1,
-	0x37, 0x90, 0xf6, 0x42, 0x32, 0x30, 0x05, 0xfb, 0xcc, 0x15, 0xb4, 0xda, 0xb5, 0x17, 0xe6, 0xcc,
-	0xd5, 0x73, 0x17, 0xe7, 0x6b, 0x69, 0x65, 0xc0, 0x9a, 0x86, 0x56, 0xe3, 0x9a, 0x59, 0x8d, 0xa4,
-	0x2b, 0x87, 0x1c, 0x4e, 0x58, 0xd4, 0xb9, 0xf1, 0x82, 0x1e, 0x57, 0xd9, 0x22, 0xab, 0x3f, 0xc6,
-	0x5d, 0x54, 0x82, 0xac, 0xa9, 0xbc, 0x75, 0xa9, 0x9d, 0x57, 0x55, 0xad, 0x31, 0xd4, 0x97, 0xc0,
-	0x8a, 0xa2, 0xd1, 0x3d, 0xe2, 0x6c, 0x50, 0xf9, 0x57, 0x1a, 0xac, 0x2d, 0x7f, 0x28, 0xa4, 0x29,
-	0xa2, 0xde, 0x5b, 0xf0, 0x5f, 0xc1, 0x32, 0xd1, 0x3f, 0x22, 0x48, 0xa0, 0x2a, 0x12, 0xfd, 0xa0,
-	0x31, 0x1b, 0x70, 0x7f, 0xa6, 0xbb, 0x31, 0x38, 0x7a, 0xfc, 0xd4, 0x33, 0xca, 0xa7, 0x9d, 0xc2,
-	0x45, 0x72, 0xe9, 0x0b, 0xea, 0xc0, 0x12, 0xe3, 0x4e, 0x9f, 0x0a, 0x19, 0xd5, 0x31, 0xe6, 0xe1,
-	0x3e, 0xf3, 0x97, 0xce, 0x5e, 0x12, 0x68, 0x2e, 0xf1, 0x68, 0xb6, 0xd3, 0x3e, 0xd0, 0x63, 0x48,
-	0x73, 0x72, 0x14, 0x3f, 0xce, 0x66, 0x1e, 0x12, 0x4c, 0x8e, 0xe4, 0x94, 0x0b, 0xcd, 0x40, 0x3f,
-	0x07, 0x70, 0x3d, 0x11, 0x12, 0xe9, 0xf4, 0x29, 0x37, 0x9b, 0x3d, 0x73, 0x89, 0x8d, 0x31, 0x6a,
-	0xca, 0x4b, 0x82, 0x8d, 0x9e, 0x41, 0xde, 0x21, 0xb1, 0x5c, 0x33, 0xd7, 0xff, 0xcd, 0xd8, 0xaa,
-	0x19, 0x17, 0x45, 0xe5, 0xe2, 0xe2, 0x7c, 0x2d, 0x17, 0x5b, 0x70, 0xce, 0x21, 0x46, 0xbe, 0xcf,
-	0x60, 0x49, 0x12, 0x71, 0xdc, 0x75, 0xa3, 0x74, 0x16, 0xc9, 0xe4, 0x9a, 0xa2, 0x44, 0x3d, 0x99,
-	0x4d, 0xda, 0x8b, 0xb7, 0xb3, 0x20, 0x13, 0x36, 0xf4, 0x0b, 0x58, 0xa6, 0x81, 0xc3, 0x47, 0x5a,
-	0xac, 0xf1, 0x0c, 0x73, 0xd7, 0x2f, 0xb6, 0x39, 0x06, 0x4f, 0x2d, 0xb6, 0x48, 0x2f, 0xd9, 0x2b,
-	0x7f, 0x4b, 0x01, 0x44, 0x75, 0xde, 0xfb, 0x15, 0x20, 0x82, 0xb4, 0x4b, 0x24, 0xd1, 0x9a, 0x2b,
-	0x60, 0xdd, 0x46, 0x4f, 0x00, 0x24, 0x1d, 0x84, 0x2a, 0xf5, 0x06, 0x3d, 0x23, 0x9b, 0xb7, 0xa5,
-	0x83, 0x04, 0x1a, 0x6d, 0x42, 0xc6, 0x3c, 0xa1, 0xd3, 0x37, 0xf2, 0x0c, 0xb2, 0xf2, 0x87, 0x14,
-	0x40, 0xb4, 0xcc, 0xff, 0xe9, 0xb5, 0xd5, 0xed, 0x37, 0xdf, 0xaf, 0xce, 0xfd, 0xf5, 0xfb, 0xd5,
-	0xb9, 0xdf, 0x5c, 0xac, 0xa6, 0xde, 0x5c, 0xac, 0xa6, 0xfe, 0x7c, 0xb1, 0x9a, 0xfa, 0xfb, 0xc5,
-	0x6a, 0xea, 0x30, 0xa3, 0x2b, 0x8f, 0x1f, 0xfe, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x67, 0x32, 0x8c,
-	0x8f, 0xb8, 0x16, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/specs.proto b/vendor/github.com/docker/swarmkit/api/specs.proto
index 069419c8d4c9e..80e0e523784ad 100644
--- a/vendor/github.com/docker/swarmkit/api/specs.proto
+++ b/vendor/github.com/docker/swarmkit/api/specs.proto
@@ -69,6 +69,8 @@ message ServiceSpec {
 	oneof mode {
 		ReplicatedService replicated = 3;
 		GlobalService global = 4;
+		ReplicatedJob replicated_job = 10;
+		GlobalJob global_job = 11;
 	}
 
 	// Update contains settings which affect updates.
@@ -99,6 +101,26 @@ message GlobalService {
 	// Empty message for now.
 }
 
+// ReplicatedJob is a certain type of one-off job which executes many Tasks in
+// parallel until the specified number of Tasks have succeeded.
+message ReplicatedJob {
+	// MaxConcurrent indicates the maximum number of Tasks that should be
+	// executing simultaneously at any given time.
+	uint64 max_concurrent = 1;
+
+	// TotalCompletions sets the total number of Tasks desired to run to
+	// completion. This is also the absolute maximum number of Tasks that will
+	// be executed in parallel. That is, if this number is smaller than
+	// MaxConcurrent, only this many replicas will run.
+	uint64 total_completions = 2;
+}
+
+// GlobalJob is a type of one-off job which executes one Task on every node
+// matching the service's placement constraints.
+message GlobalJob {
+	// Empty message for now.
+}
+
 message TaskSpec {
 	oneof runtime {
 		NetworkAttachmentSpec attachment = 8;
@@ -334,13 +356,20 @@ message ContainerSpec {
 	// https://docs.docker.com/engine/reference/commandline/run/#configure-namespaced-kernel-parameters-sysctls-at-runtime
 	map<string, string> sysctls = 26;
 
-	// Swap limit equal to memory plus swap: '-1' to enable unlimited swap
-	int64 memory_swap = 27;
+	// CapabilityAdd sets the list of capabilities to add to the default capability list
+	repeated string capability_add = 27;
+	// CapabilityDrop sets the list of capabilities to drop from the default capability list
+	repeated string capability_drop = 28;
+
+	message Ulimit {
+		string name = 1;
+		int64 soft = 2;
+		int64 hard = 3;
+	}
 
-	// Tune container memory swappiness (0 to 100) - if not specified, defaults
-	// to the container OS's default - generally 60, or the value predefined in
-	// the image; set to -1 to unset a previously set value
-	google.protobuf.Int64Value memory_swappiness = 28;
+	// Ulimits defines the list of ulimits to set in the container. This option
+	// is equivalent to passing --ulimit to docker run.
+	repeated Ulimit ulimits = 29;
 }
 
 // EndpointSpec defines the properties that can be configured to
diff --git a/vendor/github.com/docker/swarmkit/api/types.pb.go b/vendor/github.com/docker/swarmkit/api/types.pb.go
index f5843467cb405..d941916ff62a6 100644
--- a/vendor/github.com/docker/swarmkit/api/types.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/types.pb.go
@@ -3,26 +3,23 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/types"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-import _ "github.com/gogo/protobuf/gogoproto"
-
-import os "os"
-import time "time"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import binary "encoding/binary"
-import types "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	encoding_binary "encoding/binary"
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	os "os"
+	reflect "reflect"
+	strings "strings"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -30,6 +27,12 @@ var _ = fmt.Errorf
 var _ = math.Inf
 var _ = time.Kitchen
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type ResourceType int32
 
 const (
@@ -43,6 +46,7 @@ var ResourceType_name = map[int32]string{
 	1: "SECRET",
 	2: "CONFIG",
 }
+
 var ResourceType_value = map[string]int32{
 	"TASK":   0,
 	"SECRET": 1,
@@ -52,7 +56,10 @@ var ResourceType_value = map[string]int32{
 func (x ResourceType) String() string {
 	return proto.EnumName(ResourceType_name, int32(x))
 }
-func (ResourceType) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{0} }
+
+func (ResourceType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{0}
+}
 
 // Only the manager create a NEW task, and move the task to PENDING and ASSIGNED.
 // Afterward, the manager must rely on the agent to update the task status
@@ -104,6 +111,7 @@ var TaskState_name = map[int32]string{
 	800: "REMOVE",
 	832: "ORPHANED",
 }
+
 var TaskState_value = map[string]int32{
 	"NEW":       0,
 	"PENDING":   64,
@@ -124,7 +132,10 @@ var TaskState_value = map[string]int32{
 func (x TaskState) String() string {
 	return proto.EnumName(TaskState_name, int32(x))
 }
-func (TaskState) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{1} }
+
+func (TaskState) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{1}
+}
 
 type NodeRole int32
 
@@ -137,6 +148,7 @@ var NodeRole_name = map[int32]string{
 	0: "WORKER",
 	1: "MANAGER",
 }
+
 var NodeRole_value = map[string]int32{
 	"WORKER":  0,
 	"MANAGER": 1,
@@ -145,7 +157,10 @@ var NodeRole_value = map[string]int32{
 func (x NodeRole) String() string {
 	return proto.EnumName(NodeRole_name, int32(x))
 }
-func (NodeRole) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{2} }
+
+func (NodeRole) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{2}
+}
 
 type RaftMemberStatus_Reachability int32
 
@@ -165,6 +180,7 @@ var RaftMemberStatus_Reachability_name = map[int32]string{
 	1: "UNREACHABLE",
 	2: "REACHABLE",
 }
+
 var RaftMemberStatus_Reachability_value = map[string]int32{
 	"UNKNOWN":     0,
 	"UNREACHABLE": 1,
@@ -174,8 +190,9 @@ var RaftMemberStatus_Reachability_value = map[string]int32{
 func (x RaftMemberStatus_Reachability) String() string {
 	return proto.EnumName(RaftMemberStatus_Reachability_name, int32(x))
 }
+
 func (RaftMemberStatus_Reachability) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{13, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{13, 0}
 }
 
 // TODO(aluzzardi) These should be using `gogoproto.enumvalue_customname`.
@@ -198,6 +215,7 @@ var NodeStatus_State_name = map[int32]string{
 	2: "READY",
 	3: "DISCONNECTED",
 }
+
 var NodeStatus_State_value = map[string]int32{
 	"UNKNOWN":      0,
 	"DOWN":         1,
@@ -208,7 +226,10 @@ var NodeStatus_State_value = map[string]int32{
 func (x NodeStatus_State) String() string {
 	return proto.EnumName(NodeStatus_State_name, int32(x))
 }
-func (NodeStatus_State) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{14, 0} }
+
+func (NodeStatus_State) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{14, 0}
+}
 
 type Mount_MountType int32
 
@@ -225,6 +246,7 @@ var Mount_MountType_name = map[int32]string{
 	2: "TMPFS",
 	3: "NPIPE",
 }
+
 var Mount_MountType_value = map[string]int32{
 	"BIND":   0,
 	"VOLUME": 1,
@@ -235,7 +257,10 @@ var Mount_MountType_value = map[string]int32{
 func (x Mount_MountType) String() string {
 	return proto.EnumName(Mount_MountType_name, int32(x))
 }
-func (Mount_MountType) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16, 0} }
+
+func (Mount_MountType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{16, 0}
+}
 
 // Consistency indicates the tolerable level of file system consistency
 type Mount_MountConsistency int32
@@ -253,6 +278,7 @@ var Mount_MountConsistency_name = map[int32]string{
 	2: "CACHED",
 	3: "DELEGATED",
 }
+
 var Mount_MountConsistency_value = map[string]int32{
 	"DEFAULT":    0,
 	"CONSISTENT": 1,
@@ -263,8 +289,9 @@ var Mount_MountConsistency_value = map[string]int32{
 func (x Mount_MountConsistency) String() string {
 	return proto.EnumName(Mount_MountConsistency_name, int32(x))
 }
+
 func (Mount_MountConsistency) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{16, 1}
+	return fileDescriptor_0b5eafd0404ded3d, []int{16, 1}
 }
 
 type Mount_BindOptions_MountPropagation int32
@@ -286,6 +313,7 @@ var Mount_BindOptions_MountPropagation_name = map[int32]string{
 	4: "RSLAVE",
 	5: "SLAVE",
 }
+
 var Mount_BindOptions_MountPropagation_value = map[string]int32{
 	"RPRIVATE": 0,
 	"PRIVATE":  1,
@@ -298,8 +326,9 @@ var Mount_BindOptions_MountPropagation_value = map[string]int32{
 func (x Mount_BindOptions_MountPropagation) String() string {
 	return proto.EnumName(Mount_BindOptions_MountPropagation_name, int32(x))
 }
+
 func (Mount_BindOptions_MountPropagation) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{16, 0, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{16, 0, 0}
 }
 
 type RestartPolicy_RestartCondition int32
@@ -315,6 +344,7 @@ var RestartPolicy_RestartCondition_name = map[int32]string{
 	1: "ON_FAILURE",
 	2: "ANY",
 }
+
 var RestartPolicy_RestartCondition_value = map[string]int32{
 	"NONE":       0,
 	"ON_FAILURE": 1,
@@ -324,8 +354,9 @@ var RestartPolicy_RestartCondition_value = map[string]int32{
 func (x RestartPolicy_RestartCondition) String() string {
 	return proto.EnumName(RestartPolicy_RestartCondition_name, int32(x))
 }
+
 func (RestartPolicy_RestartCondition) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{17, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{17, 0}
 }
 
 type UpdateConfig_FailureAction int32
@@ -341,6 +372,7 @@ var UpdateConfig_FailureAction_name = map[int32]string{
 	1: "CONTINUE",
 	2: "ROLLBACK",
 }
+
 var UpdateConfig_FailureAction_value = map[string]int32{
 	"PAUSE":    0,
 	"CONTINUE": 1,
@@ -350,8 +382,9 @@ var UpdateConfig_FailureAction_value = map[string]int32{
 func (x UpdateConfig_FailureAction) String() string {
 	return proto.EnumName(UpdateConfig_FailureAction_name, int32(x))
 }
+
 func (UpdateConfig_FailureAction) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{18, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{18, 0}
 }
 
 // UpdateOrder controls the order of operations when rolling out an
@@ -369,6 +402,7 @@ var UpdateConfig_UpdateOrder_name = map[int32]string{
 	0: "STOP_FIRST",
 	1: "START_FIRST",
 }
+
 var UpdateConfig_UpdateOrder_value = map[string]int32{
 	"STOP_FIRST":  0,
 	"START_FIRST": 1,
@@ -377,8 +411,9 @@ var UpdateConfig_UpdateOrder_value = map[string]int32{
 func (x UpdateConfig_UpdateOrder) String() string {
 	return proto.EnumName(UpdateConfig_UpdateOrder_name, int32(x))
 }
+
 func (UpdateConfig_UpdateOrder) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{18, 1}
+	return fileDescriptor_0b5eafd0404ded3d, []int{18, 1}
 }
 
 type UpdateStatus_UpdateState int32
@@ -402,6 +437,7 @@ var UpdateStatus_UpdateState_name = map[int32]string{
 	5: "ROLLBACK_PAUSED",
 	6: "ROLLBACK_COMPLETED",
 }
+
 var UpdateStatus_UpdateState_value = map[string]int32{
 	"UNKNOWN":            0,
 	"UPDATING":           1,
@@ -415,8 +451,9 @@ var UpdateStatus_UpdateState_value = map[string]int32{
 func (x UpdateStatus_UpdateState) String() string {
 	return proto.EnumName(UpdateStatus_UpdateState_name, int32(x))
 }
+
 func (UpdateStatus_UpdateState) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{19, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{19, 0}
 }
 
 // AddressFamily specifies the network address family that
@@ -434,6 +471,7 @@ var IPAMConfig_AddressFamily_name = map[int32]string{
 	4: "IPV4",
 	6: "IPV6",
 }
+
 var IPAMConfig_AddressFamily_value = map[string]int32{
 	"UNKNOWN": 0,
 	"IPV4":    4,
@@ -443,8 +481,9 @@ var IPAMConfig_AddressFamily_value = map[string]int32{
 func (x IPAMConfig_AddressFamily) String() string {
 	return proto.EnumName(IPAMConfig_AddressFamily_name, int32(x))
 }
+
 func (IPAMConfig_AddressFamily) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{24, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{24, 0}
 }
 
 type PortConfig_Protocol int32
@@ -460,6 +499,7 @@ var PortConfig_Protocol_name = map[int32]string{
 	1: "UDP",
 	2: "SCTP",
 }
+
 var PortConfig_Protocol_value = map[string]int32{
 	"TCP":  0,
 	"UDP":  1,
@@ -469,7 +509,10 @@ var PortConfig_Protocol_value = map[string]int32{
 func (x PortConfig_Protocol) String() string {
 	return proto.EnumName(PortConfig_Protocol_name, int32(x))
 }
-func (PortConfig_Protocol) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{25, 0} }
+
+func (PortConfig_Protocol) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{25, 0}
+}
 
 // PublishMode controls how ports are published on the swarm.
 type PortConfig_PublishMode int32
@@ -488,6 +531,7 @@ var PortConfig_PublishMode_name = map[int32]string{
 	0: "INGRESS",
 	1: "HOST",
 }
+
 var PortConfig_PublishMode_value = map[string]int32{
 	"INGRESS": 0,
 	"HOST":    1,
@@ -496,8 +540,9 @@ var PortConfig_PublishMode_value = map[string]int32{
 func (x PortConfig_PublishMode) String() string {
 	return proto.EnumName(PortConfig_PublishMode_name, int32(x))
 }
+
 func (PortConfig_PublishMode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{25, 1}
+	return fileDescriptor_0b5eafd0404ded3d, []int{25, 1}
 }
 
 type IssuanceStatus_State int32
@@ -525,6 +570,7 @@ var IssuanceStatus_State_name = map[int32]string{
 	4: "FAILED",
 	5: "ROTATE",
 }
+
 var IssuanceStatus_State_value = map[string]int32{
 	"UNKNOWN": 0,
 	"RENEW":   1,
@@ -537,7 +583,10 @@ var IssuanceStatus_State_value = map[string]int32{
 func (x IssuanceStatus_State) String() string {
 	return proto.EnumName(IssuanceStatus_State_name, int32(x))
 }
-func (IssuanceStatus_State) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{30, 0} }
+
+func (IssuanceStatus_State) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{30, 0}
+}
 
 type ExternalCA_CAProtocol int32
 
@@ -548,6 +597,7 @@ const (
 var ExternalCA_CAProtocol_name = map[int32]string{
 	0: "CFSSL",
 }
+
 var ExternalCA_CAProtocol_value = map[string]int32{
 	"CFSSL": 0,
 }
@@ -555,8 +605,9 @@ var ExternalCA_CAProtocol_value = map[string]int32{
 func (x ExternalCA_CAProtocol) String() string {
 	return proto.EnumName(ExternalCA_CAProtocol_name, int32(x))
 }
+
 func (ExternalCA_CAProtocol) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{32, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{32, 0}
 }
 
 // Encryption algorithm that can implemented using this key
@@ -569,6 +620,7 @@ const (
 var EncryptionKey_Algorithm_name = map[int32]string{
 	0: "AES_128_GCM",
 }
+
 var EncryptionKey_Algorithm_value = map[string]int32{
 	"AES_128_GCM": 0,
 }
@@ -576,8 +628,9 @@ var EncryptionKey_Algorithm_value = map[string]int32{
 func (x EncryptionKey_Algorithm) String() string {
 	return proto.EnumName(EncryptionKey_Algorithm_name, int32(x))
 }
+
 func (EncryptionKey_Algorithm) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{45, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{45, 0}
 }
 
 type MaybeEncryptedRecord_Algorithm int32
@@ -593,6 +646,7 @@ var MaybeEncryptedRecord_Algorithm_name = map[int32]string{
 	1: "SECRETBOX_SALSA20_POLY1305",
 	2: "FERNET_AES_128_CBC",
 }
+
 var MaybeEncryptedRecord_Algorithm_value = map[string]int32{
 	"NONE":                       0,
 	"SECRETBOX_SALSA20_POLY1305": 1,
@@ -602,8 +656,9 @@ var MaybeEncryptedRecord_Algorithm_value = map[string]int32{
 func (x MaybeEncryptedRecord_Algorithm) String() string {
 	return proto.EnumName(MaybeEncryptedRecord_Algorithm_name, int32(x))
 }
+
 func (MaybeEncryptedRecord_Algorithm) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{52, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{53, 0}
 }
 
 // Version tracks the last time an object in the store was updated.
@@ -611,32 +666,116 @@ type Version struct {
 	Index uint64 `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
 }
 
-func (m *Version) Reset()                    { *m = Version{} }
-func (*Version) ProtoMessage()               {}
-func (*Version) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{0} }
+func (m *Version) Reset()      { *m = Version{} }
+func (*Version) ProtoMessage() {}
+func (*Version) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{0}
+}
+func (m *Version) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Version) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Version.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Version) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Version.Merge(m, src)
+}
+func (m *Version) XXX_Size() int {
+	return m.Size()
+}
+func (m *Version) XXX_DiscardUnknown() {
+	xxx_messageInfo_Version.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Version proto.InternalMessageInfo
 
 type IndexEntry struct {
 	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
 	Val string `protobuf:"bytes,2,opt,name=val,proto3" json:"val,omitempty"`
 }
 
-func (m *IndexEntry) Reset()                    { *m = IndexEntry{} }
-func (*IndexEntry) ProtoMessage()               {}
-func (*IndexEntry) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{1} }
+func (m *IndexEntry) Reset()      { *m = IndexEntry{} }
+func (*IndexEntry) ProtoMessage() {}
+func (*IndexEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{1}
+}
+func (m *IndexEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *IndexEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_IndexEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *IndexEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_IndexEntry.Merge(m, src)
+}
+func (m *IndexEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *IndexEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_IndexEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_IndexEntry proto.InternalMessageInfo
 
 // Annotations provide useful information to identify API objects. They are
 // common to all API specs.
 type Annotations struct {
 	Name   string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Indices provides keys and values for indexing this object.
 	// A single key may have multiple values.
-	Indices []IndexEntry `protobuf:"bytes,4,rep,name=indices" json:"indices"`
+	Indices []IndexEntry `protobuf:"bytes,4,rep,name=indices,proto3" json:"indices"`
+}
+
+func (m *Annotations) Reset()      { *m = Annotations{} }
+func (*Annotations) ProtoMessage() {}
+func (*Annotations) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{2}
+}
+func (m *Annotations) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Annotations) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Annotations.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Annotations) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Annotations.Merge(m, src)
+}
+func (m *Annotations) XXX_Size() int {
+	return m.Size()
+}
+func (m *Annotations) XXX_DiscardUnknown() {
+	xxx_messageInfo_Annotations.DiscardUnknown(m)
 }
 
-func (m *Annotations) Reset()                    { *m = Annotations{} }
-func (*Annotations) ProtoMessage()               {}
-func (*Annotations) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{2} }
+var xxx_messageInfo_Annotations proto.InternalMessageInfo
 
 // NamedGenericResource represents a "user defined" resource which is defined
 // as a string.
@@ -647,9 +786,37 @@ type NamedGenericResource struct {
 	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
 }
 
-func (m *NamedGenericResource) Reset()                    { *m = NamedGenericResource{} }
-func (*NamedGenericResource) ProtoMessage()               {}
-func (*NamedGenericResource) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{3} }
+func (m *NamedGenericResource) Reset()      { *m = NamedGenericResource{} }
+func (*NamedGenericResource) ProtoMessage() {}
+func (*NamedGenericResource) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{3}
+}
+func (m *NamedGenericResource) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NamedGenericResource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NamedGenericResource.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NamedGenericResource) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NamedGenericResource.Merge(m, src)
+}
+func (m *NamedGenericResource) XXX_Size() int {
+	return m.Size()
+}
+func (m *NamedGenericResource) XXX_DiscardUnknown() {
+	xxx_messageInfo_NamedGenericResource.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NamedGenericResource proto.InternalMessageInfo
 
 // DiscreteGenericResource represents a "user defined" resource which is defined
 // as an integer
@@ -660,9 +827,37 @@ type DiscreteGenericResource struct {
 	Value int64  `protobuf:"varint,2,opt,name=value,proto3" json:"value,omitempty"`
 }
 
-func (m *DiscreteGenericResource) Reset()                    { *m = DiscreteGenericResource{} }
-func (*DiscreteGenericResource) ProtoMessage()               {}
-func (*DiscreteGenericResource) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{4} }
+func (m *DiscreteGenericResource) Reset()      { *m = DiscreteGenericResource{} }
+func (*DiscreteGenericResource) ProtoMessage() {}
+func (*DiscreteGenericResource) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{4}
+}
+func (m *DiscreteGenericResource) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DiscreteGenericResource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DiscreteGenericResource.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DiscreteGenericResource) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DiscreteGenericResource.Merge(m, src)
+}
+func (m *DiscreteGenericResource) XXX_Size() int {
+	return m.Size()
+}
+func (m *DiscreteGenericResource) XXX_DiscardUnknown() {
+	xxx_messageInfo_DiscreteGenericResource.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_DiscreteGenericResource proto.InternalMessageInfo
 
 // GenericResource represents a "user defined" resource which can
 // be either an integer (e.g: SSD=3) or a string (e.g: SSD=sda1)
@@ -673,9 +868,37 @@ type GenericResource struct {
 	Resource isGenericResource_Resource `protobuf_oneof:"resource"`
 }
 
-func (m *GenericResource) Reset()                    { *m = GenericResource{} }
-func (*GenericResource) ProtoMessage()               {}
-func (*GenericResource) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{5} }
+func (m *GenericResource) Reset()      { *m = GenericResource{} }
+func (*GenericResource) ProtoMessage() {}
+func (*GenericResource) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{5}
+}
+func (m *GenericResource) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GenericResource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GenericResource.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GenericResource) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GenericResource.Merge(m, src)
+}
+func (m *GenericResource) XXX_Size() int {
+	return m.Size()
+}
+func (m *GenericResource) XXX_DiscardUnknown() {
+	xxx_messageInfo_GenericResource.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GenericResource proto.InternalMessageInfo
 
 type isGenericResource_Resource interface {
 	isGenericResource_Resource()
@@ -684,10 +907,10 @@ type isGenericResource_Resource interface {
 }
 
 type GenericResource_NamedResourceSpec struct {
-	NamedResourceSpec *NamedGenericResource `protobuf:"bytes,1,opt,name=named_resource_spec,json=namedResourceSpec,oneof"`
+	NamedResourceSpec *NamedGenericResource `protobuf:"bytes,1,opt,name=named_resource_spec,json=namedResourceSpec,proto3,oneof" json:"named_resource_spec,omitempty"`
 }
 type GenericResource_DiscreteResourceSpec struct {
-	DiscreteResourceSpec *DiscreteGenericResource `protobuf:"bytes,2,opt,name=discrete_resource_spec,json=discreteResourceSpec,oneof"`
+	DiscreteResourceSpec *DiscreteGenericResource `protobuf:"bytes,2,opt,name=discrete_resource_spec,json=discreteResourceSpec,proto3,oneof" json:"discrete_resource_spec,omitempty"`
 }
 
 func (*GenericResource_NamedResourceSpec) isGenericResource_Resource()    {}
@@ -714,101 +937,100 @@ func (m *GenericResource) GetDiscreteResourceSpec() *DiscreteGenericResource {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*GenericResource) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _GenericResource_OneofMarshaler, _GenericResource_OneofUnmarshaler, _GenericResource_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*GenericResource) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*GenericResource_NamedResourceSpec)(nil),
 		(*GenericResource_DiscreteResourceSpec)(nil),
 	}
 }
 
-func _GenericResource_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*GenericResource)
-	// resource
-	switch x := m.Resource.(type) {
-	case *GenericResource_NamedResourceSpec:
-		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.NamedResourceSpec); err != nil {
-			return err
-		}
-	case *GenericResource_DiscreteResourceSpec:
-		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.DiscreteResourceSpec); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("GenericResource.Resource has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _GenericResource_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*GenericResource)
-	switch tag {
-	case 1: // resource.named_resource_spec
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(NamedGenericResource)
-		err := b.DecodeMessage(msg)
-		m.Resource = &GenericResource_NamedResourceSpec{msg}
-		return true, err
-	case 2: // resource.discrete_resource_spec
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(DiscreteGenericResource)
-		err := b.DecodeMessage(msg)
-		m.Resource = &GenericResource_DiscreteResourceSpec{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _GenericResource_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*GenericResource)
-	// resource
-	switch x := m.Resource.(type) {
-	case *GenericResource_NamedResourceSpec:
-		s := proto.Size(x.NamedResourceSpec)
-		n += proto.SizeVarint(1<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *GenericResource_DiscreteResourceSpec:
-		s := proto.Size(x.DiscreteResourceSpec)
-		n += proto.SizeVarint(2<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 type Resources struct {
 	// Amount of CPUs (e.g. 2000000000 = 2 CPU cores)
 	NanoCPUs int64 `protobuf:"varint,1,opt,name=nano_cpus,json=nanoCpus,proto3" json:"nano_cpus,omitempty"`
 	// Amount of memory in bytes.
 	MemoryBytes int64 `protobuf:"varint,2,opt,name=memory_bytes,json=memoryBytes,proto3" json:"memory_bytes,omitempty"`
 	// User specified resource (e.g: bananas=2;apple={red,yellow,green})
-	Generic []*GenericResource `protobuf:"bytes,3,rep,name=generic" json:"generic,omitempty"`
+	Generic []*GenericResource `protobuf:"bytes,3,rep,name=generic,proto3" json:"generic,omitempty"`
+}
+
+func (m *Resources) Reset()      { *m = Resources{} }
+func (*Resources) ProtoMessage() {}
+func (*Resources) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{6}
+}
+func (m *Resources) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Resources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Resources.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Resources) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Resources.Merge(m, src)
+}
+func (m *Resources) XXX_Size() int {
+	return m.Size()
+}
+func (m *Resources) XXX_DiscardUnknown() {
+	xxx_messageInfo_Resources.DiscardUnknown(m)
 }
 
-func (m *Resources) Reset()                    { *m = Resources{} }
-func (*Resources) ProtoMessage()               {}
-func (*Resources) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{6} }
+var xxx_messageInfo_Resources proto.InternalMessageInfo
 
 type ResourceRequirements struct {
-	Limits       *Resources `protobuf:"bytes,1,opt,name=limits" json:"limits,omitempty"`
-	Reservations *Resources `protobuf:"bytes,2,opt,name=reservations" json:"reservations,omitempty"`
+	Limits       *Resources `protobuf:"bytes,1,opt,name=limits,proto3" json:"limits,omitempty"`
+	Reservations *Resources `protobuf:"bytes,2,opt,name=reservations,proto3" json:"reservations,omitempty"`
+	// Amount of swap in bytes - can only be used together with a memory limit
+	// -1 means unlimited
+	// a null pointer indicates that the default behaviour of granting twice
+	// the memory is maintained
+	SwapBytes *types.Int64Value `protobuf:"bytes,3,opt,name=swap_bytes,json=swapBytes,proto3" json:"swap_bytes,omitempty"`
+	// Tune container memory swappiness (0 to 100) - if not specified, defaults
+	// to the container OS's default - generally 60, or the value predefined in
+	// the image; set to -1 to unset a previously set value
+	MemorySwappiness *types.Int64Value `protobuf:"bytes,4,opt,name=memory_swappiness,json=memorySwappiness,proto3" json:"memory_swappiness,omitempty"`
+}
+
+func (m *ResourceRequirements) Reset()      { *m = ResourceRequirements{} }
+func (*ResourceRequirements) ProtoMessage() {}
+func (*ResourceRequirements) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{7}
+}
+func (m *ResourceRequirements) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResourceRequirements) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResourceRequirements.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResourceRequirements) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResourceRequirements.Merge(m, src)
+}
+func (m *ResourceRequirements) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResourceRequirements) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResourceRequirements.DiscardUnknown(m)
 }
 
-func (m *ResourceRequirements) Reset()                    { *m = ResourceRequirements{} }
-func (*ResourceRequirements) ProtoMessage()               {}
-func (*ResourceRequirements) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{7} }
+var xxx_messageInfo_ResourceRequirements proto.InternalMessageInfo
 
 type Platform struct {
 	// Architecture (e.g. x86_64)
@@ -817,9 +1039,37 @@ type Platform struct {
 	OS string `protobuf:"bytes,2,opt,name=os,proto3" json:"os,omitempty"`
 }
 
-func (m *Platform) Reset()                    { *m = Platform{} }
-func (*Platform) ProtoMessage()               {}
-func (*Platform) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{8} }
+func (m *Platform) Reset()      { *m = Platform{} }
+func (*Platform) ProtoMessage() {}
+func (*Platform) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{8}
+}
+func (m *Platform) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Platform) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Platform.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Platform) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Platform.Merge(m, src)
+}
+func (m *Platform) XXX_Size() int {
+	return m.Size()
+}
+func (m *Platform) XXX_DiscardUnknown() {
+	xxx_messageInfo_Platform.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Platform proto.InternalMessageInfo
 
 // PluginDescription describes an engine plugin.
 type PluginDescription struct {
@@ -831,42 +1081,126 @@ type PluginDescription struct {
 	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
 }
 
-func (m *PluginDescription) Reset()                    { *m = PluginDescription{} }
-func (*PluginDescription) ProtoMessage()               {}
-func (*PluginDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{9} }
+func (m *PluginDescription) Reset()      { *m = PluginDescription{} }
+func (*PluginDescription) ProtoMessage() {}
+func (*PluginDescription) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{9}
+}
+func (m *PluginDescription) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PluginDescription) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PluginDescription.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PluginDescription) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PluginDescription.Merge(m, src)
+}
+func (m *PluginDescription) XXX_Size() int {
+	return m.Size()
+}
+func (m *PluginDescription) XXX_DiscardUnknown() {
+	xxx_messageInfo_PluginDescription.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PluginDescription proto.InternalMessageInfo
 
 type EngineDescription struct {
 	// Docker daemon version running on the node.
 	EngineVersion string `protobuf:"bytes,1,opt,name=engine_version,json=engineVersion,proto3" json:"engine_version,omitempty"`
 	// Labels attached to the engine.
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Volume, Network, and Auth plugins
-	Plugins []PluginDescription `protobuf:"bytes,3,rep,name=plugins" json:"plugins"`
+	Plugins []PluginDescription `protobuf:"bytes,3,rep,name=plugins,proto3" json:"plugins"`
+}
+
+func (m *EngineDescription) Reset()      { *m = EngineDescription{} }
+func (*EngineDescription) ProtoMessage() {}
+func (*EngineDescription) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{10}
+}
+func (m *EngineDescription) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *EngineDescription) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_EngineDescription.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *EngineDescription) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EngineDescription.Merge(m, src)
+}
+func (m *EngineDescription) XXX_Size() int {
+	return m.Size()
+}
+func (m *EngineDescription) XXX_DiscardUnknown() {
+	xxx_messageInfo_EngineDescription.DiscardUnknown(m)
 }
 
-func (m *EngineDescription) Reset()                    { *m = EngineDescription{} }
-func (*EngineDescription) ProtoMessage()               {}
-func (*EngineDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{10} }
+var xxx_messageInfo_EngineDescription proto.InternalMessageInfo
 
 type NodeDescription struct {
 	// Hostname of the node as reported by the agent.
 	// This is different from spec.meta.name which is user-defined.
 	Hostname string `protobuf:"bytes,1,opt,name=hostname,proto3" json:"hostname,omitempty"`
 	// Platform of the node.
-	Platform *Platform `protobuf:"bytes,2,opt,name=platform" json:"platform,omitempty"`
+	Platform *Platform `protobuf:"bytes,2,opt,name=platform,proto3" json:"platform,omitempty"`
 	// Total resources on the node.
-	Resources *Resources `protobuf:"bytes,3,opt,name=resources" json:"resources,omitempty"`
+	Resources *Resources `protobuf:"bytes,3,opt,name=resources,proto3" json:"resources,omitempty"`
 	// Information about the Docker Engine on the node.
-	Engine *EngineDescription `protobuf:"bytes,4,opt,name=engine" json:"engine,omitempty"`
+	Engine *EngineDescription `protobuf:"bytes,4,opt,name=engine,proto3" json:"engine,omitempty"`
 	// Information on the node's TLS setup
-	TLSInfo *NodeTLSInfo `protobuf:"bytes,5,opt,name=tls_info,json=tlsInfo" json:"tls_info,omitempty"`
+	TLSInfo *NodeTLSInfo `protobuf:"bytes,5,opt,name=tls_info,json=tlsInfo,proto3" json:"tls_info,omitempty"`
 	// FIPS indicates whether the node has FIPS-enabled
 	FIPS bool `protobuf:"varint,6,opt,name=fips,proto3" json:"fips,omitempty"`
 }
 
-func (m *NodeDescription) Reset()                    { *m = NodeDescription{} }
-func (*NodeDescription) ProtoMessage()               {}
-func (*NodeDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{11} }
+func (m *NodeDescription) Reset()      { *m = NodeDescription{} }
+func (*NodeDescription) ProtoMessage() {}
+func (*NodeDescription) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{11}
+}
+func (m *NodeDescription) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NodeDescription) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NodeDescription.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NodeDescription) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NodeDescription.Merge(m, src)
+}
+func (m *NodeDescription) XXX_Size() int {
+	return m.Size()
+}
+func (m *NodeDescription) XXX_DiscardUnknown() {
+	xxx_messageInfo_NodeDescription.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NodeDescription proto.InternalMessageInfo
 
 type NodeTLSInfo struct {
 	// Information about which root certs the node trusts
@@ -876,9 +1210,37 @@ type NodeTLSInfo struct {
 	CertIssuerPublicKey []byte `protobuf:"bytes,3,opt,name=cert_issuer_public_key,json=certIssuerPublicKey,proto3" json:"cert_issuer_public_key,omitempty"`
 }
 
-func (m *NodeTLSInfo) Reset()                    { *m = NodeTLSInfo{} }
-func (*NodeTLSInfo) ProtoMessage()               {}
-func (*NodeTLSInfo) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{12} }
+func (m *NodeTLSInfo) Reset()      { *m = NodeTLSInfo{} }
+func (*NodeTLSInfo) ProtoMessage() {}
+func (*NodeTLSInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{12}
+}
+func (m *NodeTLSInfo) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NodeTLSInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NodeTLSInfo.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NodeTLSInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NodeTLSInfo.Merge(m, src)
+}
+func (m *NodeTLSInfo) XXX_Size() int {
+	return m.Size()
+}
+func (m *NodeTLSInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_NodeTLSInfo.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NodeTLSInfo proto.InternalMessageInfo
 
 type RaftMemberStatus struct {
 	Leader       bool                          `protobuf:"varint,1,opt,name=leader,proto3" json:"leader,omitempty"`
@@ -886,9 +1248,37 @@ type RaftMemberStatus struct {
 	Message      string                        `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"`
 }
 
-func (m *RaftMemberStatus) Reset()                    { *m = RaftMemberStatus{} }
-func (*RaftMemberStatus) ProtoMessage()               {}
-func (*RaftMemberStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{13} }
+func (m *RaftMemberStatus) Reset()      { *m = RaftMemberStatus{} }
+func (*RaftMemberStatus) ProtoMessage() {}
+func (*RaftMemberStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{13}
+}
+func (m *RaftMemberStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RaftMemberStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RaftMemberStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RaftMemberStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RaftMemberStatus.Merge(m, src)
+}
+func (m *RaftMemberStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *RaftMemberStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_RaftMemberStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RaftMemberStatus proto.InternalMessageInfo
 
 type NodeStatus struct {
 	State   NodeStatus_State `protobuf:"varint,1,opt,name=state,proto3,enum=docker.swarmkit.v1.NodeStatus_State" json:"state,omitempty"`
@@ -897,9 +1287,37 @@ type NodeStatus struct {
 	Addr string `protobuf:"bytes,3,opt,name=addr,proto3" json:"addr,omitempty"`
 }
 
-func (m *NodeStatus) Reset()                    { *m = NodeStatus{} }
-func (*NodeStatus) ProtoMessage()               {}
-func (*NodeStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{14} }
+func (m *NodeStatus) Reset()      { *m = NodeStatus{} }
+func (*NodeStatus) ProtoMessage() {}
+func (*NodeStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{14}
+}
+func (m *NodeStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NodeStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NodeStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NodeStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NodeStatus.Merge(m, src)
+}
+func (m *NodeStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *NodeStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_NodeStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NodeStatus proto.InternalMessageInfo
 
 type Image struct {
 	// reference is a docker image reference. This can include a rpository, tag
@@ -908,9 +1326,37 @@ type Image struct {
 	Reference string `protobuf:"bytes,1,opt,name=reference,proto3" json:"reference,omitempty"`
 }
 
-func (m *Image) Reset()                    { *m = Image{} }
-func (*Image) ProtoMessage()               {}
-func (*Image) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{15} }
+func (m *Image) Reset()      { *m = Image{} }
+func (*Image) ProtoMessage() {}
+func (*Image) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{15}
+}
+func (m *Image) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Image) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Image.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Image) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Image.Merge(m, src)
+}
+func (m *Image) XXX_Size() int {
+	return m.Size()
+}
+func (m *Image) XXX_DiscardUnknown() {
+	xxx_messageInfo_Image.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Image proto.InternalMessageInfo
 
 // Mount describes volume mounts for a container.
 //
@@ -932,48 +1378,134 @@ type Mount struct {
 	// BindOptions configures properties of a bind mount type.
 	//
 	// For mounts of type bind, the source must be an absolute host path.
-	BindOptions *Mount_BindOptions `protobuf:"bytes,5,opt,name=bind_options,json=bindOptions" json:"bind_options,omitempty"`
+	BindOptions *Mount_BindOptions `protobuf:"bytes,5,opt,name=bind_options,json=bindOptions,proto3" json:"bind_options,omitempty"`
 	// VolumeOptions configures the properties specific to a volume mount type.
 	//
 	// For mounts of type volume, the source will be used as the volume name.
-	VolumeOptions *Mount_VolumeOptions `protobuf:"bytes,6,opt,name=volume_options,json=volumeOptions" json:"volume_options,omitempty"`
+	VolumeOptions *Mount_VolumeOptions `protobuf:"bytes,6,opt,name=volume_options,json=volumeOptions,proto3" json:"volume_options,omitempty"`
 	// TmpfsOptions allows one to set options for mounting a temporary
 	// filesystem.
 	//
 	// The source field will be ignored when using mounts of type tmpfs.
-	TmpfsOptions *Mount_TmpfsOptions `protobuf:"bytes,7,opt,name=tmpfs_options,json=tmpfsOptions" json:"tmpfs_options,omitempty"`
+	TmpfsOptions *Mount_TmpfsOptions `protobuf:"bytes,7,opt,name=tmpfs_options,json=tmpfsOptions,proto3" json:"tmpfs_options,omitempty"`
+}
+
+func (m *Mount) Reset()      { *m = Mount{} }
+func (*Mount) ProtoMessage() {}
+func (*Mount) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{16}
+}
+func (m *Mount) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Mount) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Mount.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Mount) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Mount.Merge(m, src)
+}
+func (m *Mount) XXX_Size() int {
+	return m.Size()
+}
+func (m *Mount) XXX_DiscardUnknown() {
+	xxx_messageInfo_Mount.DiscardUnknown(m)
 }
 
-func (m *Mount) Reset()                    { *m = Mount{} }
-func (*Mount) ProtoMessage()               {}
-func (*Mount) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16} }
+var xxx_messageInfo_Mount proto.InternalMessageInfo
 
 // BindOptions specifies options that are specific to a bind mount.
 type Mount_BindOptions struct {
 	// Propagation mode of mount.
 	Propagation Mount_BindOptions_MountPropagation `protobuf:"varint,1,opt,name=propagation,proto3,enum=docker.swarmkit.v1.Mount_BindOptions_MountPropagation" json:"propagation,omitempty"`
+	// allows non-recursive bind-mount, i.e. mount(2) with "bind" rather than "rbind".
+	NonRecursive bool `protobuf:"varint,2,opt,name=nonrecursive,proto3" json:"nonrecursive,omitempty"`
+}
+
+func (m *Mount_BindOptions) Reset()      { *m = Mount_BindOptions{} }
+func (*Mount_BindOptions) ProtoMessage() {}
+func (*Mount_BindOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{16, 0}
+}
+func (m *Mount_BindOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Mount_BindOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Mount_BindOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Mount_BindOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Mount_BindOptions.Merge(m, src)
+}
+func (m *Mount_BindOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *Mount_BindOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_Mount_BindOptions.DiscardUnknown(m)
 }
 
-func (m *Mount_BindOptions) Reset()                    { *m = Mount_BindOptions{} }
-func (*Mount_BindOptions) ProtoMessage()               {}
-func (*Mount_BindOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16, 0} }
+var xxx_messageInfo_Mount_BindOptions proto.InternalMessageInfo
 
 // VolumeOptions contains parameters for mounting the volume.
 type Mount_VolumeOptions struct {
 	// nocopy prevents automatic copying of data to the volume with data from target
 	NoCopy bool `protobuf:"varint,1,opt,name=nocopy,proto3" json:"nocopy,omitempty"`
 	// labels to apply to the volume if creating
-	Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// DriverConfig specifies the options that may be passed to the driver
 	// if the volume is created.
 	//
 	// If this is empty, no volume will be created if the volume is missing.
-	DriverConfig *Driver `protobuf:"bytes,3,opt,name=driver_config,json=driverConfig" json:"driver_config,omitempty"`
+	DriverConfig *Driver `protobuf:"bytes,3,opt,name=driver_config,json=driverConfig,proto3" json:"driver_config,omitempty"`
+}
+
+func (m *Mount_VolumeOptions) Reset()      { *m = Mount_VolumeOptions{} }
+func (*Mount_VolumeOptions) ProtoMessage() {}
+func (*Mount_VolumeOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{16, 1}
+}
+func (m *Mount_VolumeOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Mount_VolumeOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Mount_VolumeOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Mount_VolumeOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Mount_VolumeOptions.Merge(m, src)
+}
+func (m *Mount_VolumeOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *Mount_VolumeOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_Mount_VolumeOptions.DiscardUnknown(m)
 }
 
-func (m *Mount_VolumeOptions) Reset()                    { *m = Mount_VolumeOptions{} }
-func (*Mount_VolumeOptions) ProtoMessage()               {}
-func (*Mount_VolumeOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16, 1} }
+var xxx_messageInfo_Mount_VolumeOptions proto.InternalMessageInfo
 
 type Mount_TmpfsOptions struct {
 	// Size sets the size of the tmpfs, in bytes.
@@ -987,29 +1519,87 @@ type Mount_TmpfsOptions struct {
 	SizeBytes int64 `protobuf:"varint,1,opt,name=size_bytes,json=sizeBytes,proto3" json:"size_bytes,omitempty"`
 	// Mode of the tmpfs upon creation
 	Mode os.FileMode `protobuf:"varint,2,opt,name=mode,proto3,customtype=os.FileMode" json:"mode"`
+	// Options passed to tmpfs mount
+	Options string `protobuf:"bytes,3,opt,name=options,proto3" json:"options,omitempty"`
 }
 
-func (m *Mount_TmpfsOptions) Reset()                    { *m = Mount_TmpfsOptions{} }
-func (*Mount_TmpfsOptions) ProtoMessage()               {}
-func (*Mount_TmpfsOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16, 2} }
-
-type RestartPolicy struct {
-	Condition RestartPolicy_RestartCondition `protobuf:"varint,1,opt,name=condition,proto3,enum=docker.swarmkit.v1.RestartPolicy_RestartCondition" json:"condition,omitempty"`
-	// Delay between restart attempts
-	// Note: can't use stdduration because this field needs to be nullable.
-	Delay *google_protobuf1.Duration `protobuf:"bytes,2,opt,name=delay" json:"delay,omitempty"`
-	// MaxAttempts is the maximum number of restarts to attempt on an
-	// instance before giving up. Ignored if 0.
-	MaxAttempts uint64 `protobuf:"varint,3,opt,name=max_attempts,json=maxAttempts,proto3" json:"max_attempts,omitempty"`
+func (m *Mount_TmpfsOptions) Reset()      { *m = Mount_TmpfsOptions{} }
+func (*Mount_TmpfsOptions) ProtoMessage() {}
+func (*Mount_TmpfsOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{16, 2}
+}
+func (m *Mount_TmpfsOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Mount_TmpfsOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Mount_TmpfsOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Mount_TmpfsOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Mount_TmpfsOptions.Merge(m, src)
+}
+func (m *Mount_TmpfsOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *Mount_TmpfsOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_Mount_TmpfsOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Mount_TmpfsOptions proto.InternalMessageInfo
+
+type RestartPolicy struct {
+	Condition RestartPolicy_RestartCondition `protobuf:"varint,1,opt,name=condition,proto3,enum=docker.swarmkit.v1.RestartPolicy_RestartCondition" json:"condition,omitempty"`
+	// Delay between restart attempts
+	// Note: can't use stdduration because this field needs to be nullable.
+	Delay *types.Duration `protobuf:"bytes,2,opt,name=delay,proto3" json:"delay,omitempty"`
+	// MaxAttempts is the maximum number of restarts to attempt on an
+	// instance before giving up. Ignored if 0.
+	MaxAttempts uint64 `protobuf:"varint,3,opt,name=max_attempts,json=maxAttempts,proto3" json:"max_attempts,omitempty"`
 	// Window is the time window used to evaluate the restart policy.
 	// The time window is unbounded if this is 0.
 	// Note: can't use stdduration because this field needs to be nullable.
-	Window *google_protobuf1.Duration `protobuf:"bytes,4,opt,name=window" json:"window,omitempty"`
+	Window *types.Duration `protobuf:"bytes,4,opt,name=window,proto3" json:"window,omitempty"`
+}
+
+func (m *RestartPolicy) Reset()      { *m = RestartPolicy{} }
+func (*RestartPolicy) ProtoMessage() {}
+func (*RestartPolicy) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{17}
+}
+func (m *RestartPolicy) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RestartPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RestartPolicy.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RestartPolicy) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RestartPolicy.Merge(m, src)
+}
+func (m *RestartPolicy) XXX_Size() int {
+	return m.Size()
+}
+func (m *RestartPolicy) XXX_DiscardUnknown() {
+	xxx_messageInfo_RestartPolicy.DiscardUnknown(m)
 }
 
-func (m *RestartPolicy) Reset()                    { *m = RestartPolicy{} }
-func (*RestartPolicy) ProtoMessage()               {}
-func (*RestartPolicy) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{17} }
+var xxx_messageInfo_RestartPolicy proto.InternalMessageInfo
 
 // UpdateConfig specifies the rate and policy of updates.
 // TODO(aluzzardi): Consider making this a oneof with RollingStrategy and LockstepStrategy.
@@ -1018,7 +1608,7 @@ type UpdateConfig struct {
 	// 0 means unlimited parallelism.
 	Parallelism uint64 `protobuf:"varint,1,opt,name=parallelism,proto3" json:"parallelism,omitempty"`
 	// Amount of time between updates.
-	Delay time.Duration `protobuf:"bytes,2,opt,name=delay,stdduration" json:"delay"`
+	Delay time.Duration `protobuf:"bytes,2,opt,name=delay,proto3,stdduration" json:"delay"`
 	// FailureAction is the action to take when an update failures.
 	FailureAction UpdateConfig_FailureAction `protobuf:"varint,3,opt,name=failure_action,json=failureAction,proto3,enum=docker.swarmkit.v1.UpdateConfig_FailureAction" json:"failure_action,omitempty"`
 	// Monitor indicates how long to monitor a task for failure after it is
@@ -1028,7 +1618,7 @@ type UpdateConfig struct {
 	// count as a failure. If Monitor is unspecified, a default value will
 	// be used.
 	// Note: can't use stdduration because this field needs to be nullable.
-	Monitor *google_protobuf1.Duration `protobuf:"bytes,4,opt,name=monitor" json:"monitor,omitempty"`
+	Monitor *types.Duration `protobuf:"bytes,4,opt,name=monitor,proto3" json:"monitor,omitempty"`
 	// MaxFailureRatio is the fraction of tasks that may fail during
 	// an update before the failure action is invoked. Any task created by
 	// the current update which ends up in one of the states REJECTED,
@@ -1047,9 +1637,37 @@ type UpdateConfig struct {
 	Order           UpdateConfig_UpdateOrder `protobuf:"varint,6,opt,name=order,proto3,enum=docker.swarmkit.v1.UpdateConfig_UpdateOrder" json:"order,omitempty"`
 }
 
-func (m *UpdateConfig) Reset()                    { *m = UpdateConfig{} }
-func (*UpdateConfig) ProtoMessage()               {}
-func (*UpdateConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{18} }
+func (m *UpdateConfig) Reset()      { *m = UpdateConfig{} }
+func (*UpdateConfig) ProtoMessage() {}
+func (*UpdateConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{18}
+}
+func (m *UpdateConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateConfig.Merge(m, src)
+}
+func (m *UpdateConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateConfig proto.InternalMessageInfo
 
 // UpdateStatus is the status of an update in progress.
 type UpdateStatus struct {
@@ -1059,11 +1677,11 @@ type UpdateStatus struct {
 	State UpdateStatus_UpdateState `protobuf:"varint,1,opt,name=state,proto3,enum=docker.swarmkit.v1.UpdateStatus_UpdateState" json:"state,omitempty"`
 	// StartedAt is the time at which the update was started.
 	// Note: can't use stdtime because this field is nullable.
-	StartedAt *google_protobuf.Timestamp `protobuf:"bytes,2,opt,name=started_at,json=startedAt" json:"started_at,omitempty"`
+	StartedAt *types.Timestamp `protobuf:"bytes,2,opt,name=started_at,json=startedAt,proto3" json:"started_at,omitempty"`
 	// CompletedAt is the time at which the update completed successfully,
 	// paused, or finished rolling back.
 	// Note: can't use stdtime because this field is nullable.
-	CompletedAt *google_protobuf.Timestamp `protobuf:"bytes,3,opt,name=completed_at,json=completedAt" json:"completed_at,omitempty"`
+	CompletedAt *types.Timestamp `protobuf:"bytes,3,opt,name=completed_at,json=completedAt,proto3" json:"completed_at,omitempty"`
 	// Message explains how the update got into its current state. For
 	// example, if the update is paused, it will explain what is preventing
 	// the update from proceeding (typically the failure of a task to start up
@@ -1071,9 +1689,37 @@ type UpdateStatus struct {
 	Message string `protobuf:"bytes,4,opt,name=message,proto3" json:"message,omitempty"`
 }
 
-func (m *UpdateStatus) Reset()                    { *m = UpdateStatus{} }
-func (*UpdateStatus) ProtoMessage()               {}
-func (*UpdateStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{19} }
+func (m *UpdateStatus) Reset()      { *m = UpdateStatus{} }
+func (*UpdateStatus) ProtoMessage() {}
+func (*UpdateStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{19}
+}
+func (m *UpdateStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UpdateStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UpdateStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UpdateStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateStatus.Merge(m, src)
+}
+func (m *UpdateStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *UpdateStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateStatus proto.InternalMessageInfo
 
 // Container specific status.
 type ContainerStatus struct {
@@ -1082,23 +1728,79 @@ type ContainerStatus struct {
 	ExitCode    int32  `protobuf:"varint,3,opt,name=exit_code,json=exitCode,proto3" json:"exit_code,omitempty"`
 }
 
-func (m *ContainerStatus) Reset()                    { *m = ContainerStatus{} }
-func (*ContainerStatus) ProtoMessage()               {}
-func (*ContainerStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{20} }
+func (m *ContainerStatus) Reset()      { *m = ContainerStatus{} }
+func (*ContainerStatus) ProtoMessage() {}
+func (*ContainerStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{20}
+}
+func (m *ContainerStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ContainerStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ContainerStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ContainerStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContainerStatus.Merge(m, src)
+}
+func (m *ContainerStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *ContainerStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContainerStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ContainerStatus proto.InternalMessageInfo
 
 // PortStatus specifies the actual allocated runtime state of a list
 // of port configs.
 type PortStatus struct {
-	Ports []*PortConfig `protobuf:"bytes,1,rep,name=ports" json:"ports,omitempty"`
+	Ports []*PortConfig `protobuf:"bytes,1,rep,name=ports,proto3" json:"ports,omitempty"`
+}
+
+func (m *PortStatus) Reset()      { *m = PortStatus{} }
+func (*PortStatus) ProtoMessage() {}
+func (*PortStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{21}
+}
+func (m *PortStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PortStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PortStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PortStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PortStatus.Merge(m, src)
+}
+func (m *PortStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *PortStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_PortStatus.DiscardUnknown(m)
 }
 
-func (m *PortStatus) Reset()                    { *m = PortStatus{} }
-func (*PortStatus) ProtoMessage()               {}
-func (*PortStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{21} }
+var xxx_messageInfo_PortStatus proto.InternalMessageInfo
 
 type TaskStatus struct {
 	// Note: can't use stdtime because this field is nullable.
-	Timestamp *google_protobuf.Timestamp `protobuf:"bytes,1,opt,name=timestamp" json:"timestamp,omitempty"`
+	Timestamp *types.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
 	// State expresses the current state of the task.
 	State TaskState `protobuf:"varint,2,opt,name=state,proto3,enum=docker.swarmkit.v1.TaskState" json:"state,omitempty"`
 	// Message reports a message for the task status. This should provide a
@@ -1117,7 +1819,7 @@ type TaskStatus struct {
 	//
 	// The following states should report a companion error:
 	//
-	// 	FAILED, REJECTED
+	//	FAILED, REJECTED
 	//
 	// In general, messages that should be surfaced to users belong in the
 	// Err field, and notes on routine state transitions belong in Message.
@@ -1131,19 +1833,47 @@ type TaskStatus struct {
 	RuntimeStatus isTaskStatus_RuntimeStatus `protobuf_oneof:"runtime_status"`
 	// HostPorts provides a list of ports allocated at the host
 	// level.
-	PortStatus *PortStatus `protobuf:"bytes,6,opt,name=port_status,json=portStatus" json:"port_status,omitempty"`
+	PortStatus *PortStatus `protobuf:"bytes,6,opt,name=port_status,json=portStatus,proto3" json:"port_status,omitempty"`
 	// AppliedBy gives the node ID of the manager that applied this task
 	// status update to the Task object.
 	AppliedBy string `protobuf:"bytes,7,opt,name=applied_by,json=appliedBy,proto3" json:"applied_by,omitempty"`
 	// AppliedAt gives a timestamp of when this status update was applied to
 	// the Task object.
 	// Note: can't use stdtime because this field is nullable.
-	AppliedAt *google_protobuf.Timestamp `protobuf:"bytes,8,opt,name=applied_at,json=appliedAt" json:"applied_at,omitempty"`
+	AppliedAt *types.Timestamp `protobuf:"bytes,8,opt,name=applied_at,json=appliedAt,proto3" json:"applied_at,omitempty"`
+}
+
+func (m *TaskStatus) Reset()      { *m = TaskStatus{} }
+func (*TaskStatus) ProtoMessage() {}
+func (*TaskStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{22}
+}
+func (m *TaskStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskStatus.Merge(m, src)
+}
+func (m *TaskStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskStatus.DiscardUnknown(m)
 }
 
-func (m *TaskStatus) Reset()                    { *m = TaskStatus{} }
-func (*TaskStatus) ProtoMessage()               {}
-func (*TaskStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{22} }
+var xxx_messageInfo_TaskStatus proto.InternalMessageInfo
 
 type isTaskStatus_RuntimeStatus interface {
 	isTaskStatus_RuntimeStatus()
@@ -1152,7 +1882,7 @@ type isTaskStatus_RuntimeStatus interface {
 }
 
 type TaskStatus_Container struct {
-	Container *ContainerStatus `protobuf:"bytes,5,opt,name=container,oneof"`
+	Container *ContainerStatus `protobuf:"bytes,5,opt,name=container,proto3,oneof" json:"container,omitempty"`
 }
 
 func (*TaskStatus_Container) isTaskStatus_RuntimeStatus() {}
@@ -1171,61 +1901,13 @@ func (m *TaskStatus) GetContainer() *ContainerStatus {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*TaskStatus) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _TaskStatus_OneofMarshaler, _TaskStatus_OneofUnmarshaler, _TaskStatus_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*TaskStatus) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*TaskStatus_Container)(nil),
 	}
 }
 
-func _TaskStatus_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*TaskStatus)
-	// runtime_status
-	switch x := m.RuntimeStatus.(type) {
-	case *TaskStatus_Container:
-		_ = b.EncodeVarint(5<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Container); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("TaskStatus.RuntimeStatus has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _TaskStatus_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*TaskStatus)
-	switch tag {
-	case 5: // runtime_status.container
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(ContainerStatus)
-		err := b.DecodeMessage(msg)
-		m.RuntimeStatus = &TaskStatus_Container{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _TaskStatus_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*TaskStatus)
-	// runtime_status
-	switch x := m.RuntimeStatus.(type) {
-	case *TaskStatus_Container:
-		s := proto.Size(x.Container)
-		n += proto.SizeVarint(5<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // NetworkAttachmentConfig specifies how a service should be attached to a particular network.
 //
 // For now, this is a simple struct, but this can include future information
@@ -1236,18 +1918,46 @@ type NetworkAttachmentConfig struct {
 	// network ID.
 	Target string `protobuf:"bytes,1,opt,name=target,proto3" json:"target,omitempty"`
 	// Aliases specifies a list of discoverable alternate names for the service on this Target.
-	Aliases []string `protobuf:"bytes,2,rep,name=aliases" json:"aliases,omitempty"`
+	Aliases []string `protobuf:"bytes,2,rep,name=aliases,proto3" json:"aliases,omitempty"`
 	// Addresses specifies a list of ipv4 and ipv6 addresses
 	// preferred. If these addresses are not available then the
 	// attachment might fail.
-	Addresses []string `protobuf:"bytes,3,rep,name=addresses" json:"addresses,omitempty"`
+	Addresses []string `protobuf:"bytes,3,rep,name=addresses,proto3" json:"addresses,omitempty"`
 	// DriverAttachmentOpts is a map of driver attachment options for the network target
-	DriverAttachmentOpts map[string]string `protobuf:"bytes,4,rep,name=driver_attachment_opts,json=driverAttachmentOpts" json:"driver_attachment_opts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	DriverAttachmentOpts map[string]string `protobuf:"bytes,4,rep,name=driver_attachment_opts,json=driverAttachmentOpts,proto3" json:"driver_attachment_opts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (m *NetworkAttachmentConfig) Reset()      { *m = NetworkAttachmentConfig{} }
+func (*NetworkAttachmentConfig) ProtoMessage() {}
+func (*NetworkAttachmentConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{23}
+}
+func (m *NetworkAttachmentConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NetworkAttachmentConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NetworkAttachmentConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NetworkAttachmentConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NetworkAttachmentConfig.Merge(m, src)
+}
+func (m *NetworkAttachmentConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *NetworkAttachmentConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_NetworkAttachmentConfig.DiscardUnknown(m)
 }
 
-func (m *NetworkAttachmentConfig) Reset()                    { *m = NetworkAttachmentConfig{} }
-func (*NetworkAttachmentConfig) ProtoMessage()               {}
-func (*NetworkAttachmentConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{23} }
+var xxx_messageInfo_NetworkAttachmentConfig proto.InternalMessageInfo
 
 // IPAMConfig specifies parameters for IP Address Management.
 type IPAMConfig struct {
@@ -1263,12 +1973,40 @@ type IPAMConfig struct {
 	// Reserved is a list of address from the master pool that should *not* be
 	// allocated. These addresses may have already been allocated or may be
 	// reserved for another allocation manager.
-	Reserved map[string]string `protobuf:"bytes,5,rep,name=reserved" json:"reserved,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Reserved map[string]string `protobuf:"bytes,5,rep,name=reserved,proto3" json:"reserved,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (m *IPAMConfig) Reset()      { *m = IPAMConfig{} }
+func (*IPAMConfig) ProtoMessage() {}
+func (*IPAMConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{24}
+}
+func (m *IPAMConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *IPAMConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_IPAMConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *IPAMConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_IPAMConfig.Merge(m, src)
+}
+func (m *IPAMConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *IPAMConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_IPAMConfig.DiscardUnknown(m)
 }
 
-func (m *IPAMConfig) Reset()                    { *m = IPAMConfig{} }
-func (*IPAMConfig) ProtoMessage()               {}
-func (*IPAMConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{24} }
+var xxx_messageInfo_IPAMConfig proto.InternalMessageInfo
 
 // PortConfig specifies an exposed port which can be
 // addressed using the given name. This can be later queried
@@ -1292,9 +2030,37 @@ type PortConfig struct {
 	PublishMode PortConfig_PublishMode `protobuf:"varint,5,opt,name=publish_mode,json=publishMode,proto3,enum=docker.swarmkit.v1.PortConfig_PublishMode" json:"publish_mode,omitempty"`
 }
 
-func (m *PortConfig) Reset()                    { *m = PortConfig{} }
-func (*PortConfig) ProtoMessage()               {}
-func (*PortConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{25} }
+func (m *PortConfig) Reset()      { *m = PortConfig{} }
+func (*PortConfig) ProtoMessage() {}
+func (*PortConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{25}
+}
+func (m *PortConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PortConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PortConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PortConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PortConfig.Merge(m, src)
+}
+func (m *PortConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *PortConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_PortConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PortConfig proto.InternalMessageInfo
 
 // Driver is a generic driver type to be used throughout the API. For now, a
 // driver is simply a name and set of options. The field contents depend on the
@@ -1302,21 +2068,77 @@ func (*PortConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []
 // have different rules than a volume driver.
 type Driver struct {
 	Name    string            `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Options map[string]string `protobuf:"bytes,2,rep,name=options" json:"options,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Options map[string]string `protobuf:"bytes,2,rep,name=options,proto3" json:"options,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (m *Driver) Reset()      { *m = Driver{} }
+func (*Driver) ProtoMessage() {}
+func (*Driver) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{26}
+}
+func (m *Driver) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Driver) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Driver.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Driver) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Driver.Merge(m, src)
+}
+func (m *Driver) XXX_Size() int {
+	return m.Size()
+}
+func (m *Driver) XXX_DiscardUnknown() {
+	xxx_messageInfo_Driver.DiscardUnknown(m)
 }
 
-func (m *Driver) Reset()                    { *m = Driver{} }
-func (*Driver) ProtoMessage()               {}
-func (*Driver) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{26} }
+var xxx_messageInfo_Driver proto.InternalMessageInfo
 
 type IPAMOptions struct {
-	Driver  *Driver       `protobuf:"bytes,1,opt,name=driver" json:"driver,omitempty"`
-	Configs []*IPAMConfig `protobuf:"bytes,3,rep,name=configs" json:"configs,omitempty"`
+	Driver  *Driver       `protobuf:"bytes,1,opt,name=driver,proto3" json:"driver,omitempty"`
+	Configs []*IPAMConfig `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"`
+}
+
+func (m *IPAMOptions) Reset()      { *m = IPAMOptions{} }
+func (*IPAMOptions) ProtoMessage() {}
+func (*IPAMOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{27}
+}
+func (m *IPAMOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *IPAMOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_IPAMOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *IPAMOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_IPAMOptions.Merge(m, src)
+}
+func (m *IPAMOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *IPAMOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_IPAMOptions.DiscardUnknown(m)
 }
 
-func (m *IPAMOptions) Reset()                    { *m = IPAMOptions{} }
-func (*IPAMOptions) ProtoMessage()               {}
-func (*IPAMOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{27} }
+var xxx_messageInfo_IPAMOptions proto.InternalMessageInfo
 
 // Peer should be used anywhere where we are describing a remote peer.
 type Peer struct {
@@ -1324,40 +2146,152 @@ type Peer struct {
 	Addr   string `protobuf:"bytes,2,opt,name=addr,proto3" json:"addr,omitempty"`
 }
 
-func (m *Peer) Reset()                    { *m = Peer{} }
-func (*Peer) ProtoMessage()               {}
-func (*Peer) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{28} }
+func (m *Peer) Reset()      { *m = Peer{} }
+func (*Peer) ProtoMessage() {}
+func (*Peer) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{28}
+}
+func (m *Peer) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Peer) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Peer.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Peer) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Peer.Merge(m, src)
+}
+func (m *Peer) XXX_Size() int {
+	return m.Size()
+}
+func (m *Peer) XXX_DiscardUnknown() {
+	xxx_messageInfo_Peer.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Peer proto.InternalMessageInfo
 
 // WeightedPeer should be used anywhere where we are describing a remote peer
 // with a weight.
 type WeightedPeer struct {
-	Peer   *Peer `protobuf:"bytes,1,opt,name=peer" json:"peer,omitempty"`
+	Peer   *Peer `protobuf:"bytes,1,opt,name=peer,proto3" json:"peer,omitempty"`
 	Weight int64 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
 }
 
-func (m *WeightedPeer) Reset()                    { *m = WeightedPeer{} }
-func (*WeightedPeer) ProtoMessage()               {}
-func (*WeightedPeer) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{29} }
+func (m *WeightedPeer) Reset()      { *m = WeightedPeer{} }
+func (*WeightedPeer) ProtoMessage() {}
+func (*WeightedPeer) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{29}
+}
+func (m *WeightedPeer) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WeightedPeer) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WeightedPeer.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WeightedPeer) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WeightedPeer.Merge(m, src)
+}
+func (m *WeightedPeer) XXX_Size() int {
+	return m.Size()
+}
+func (m *WeightedPeer) XXX_DiscardUnknown() {
+	xxx_messageInfo_WeightedPeer.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WeightedPeer proto.InternalMessageInfo
 
 type IssuanceStatus struct {
 	State IssuanceStatus_State `protobuf:"varint,1,opt,name=state,proto3,enum=docker.swarmkit.v1.IssuanceStatus_State" json:"state,omitempty"`
 	// Err is set if the Certificate Issuance is in an error state.
 	// The following states should report a companion error:
-	// 	FAILED
+	//	FAILED
 	Err string `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"`
 }
 
-func (m *IssuanceStatus) Reset()                    { *m = IssuanceStatus{} }
-func (*IssuanceStatus) ProtoMessage()               {}
-func (*IssuanceStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{30} }
+func (m *IssuanceStatus) Reset()      { *m = IssuanceStatus{} }
+func (*IssuanceStatus) ProtoMessage() {}
+func (*IssuanceStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{30}
+}
+func (m *IssuanceStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *IssuanceStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_IssuanceStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *IssuanceStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_IssuanceStatus.Merge(m, src)
+}
+func (m *IssuanceStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *IssuanceStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_IssuanceStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_IssuanceStatus proto.InternalMessageInfo
 
 type AcceptancePolicy struct {
-	Policies []*AcceptancePolicy_RoleAdmissionPolicy `protobuf:"bytes,1,rep,name=policies" json:"policies,omitempty"`
+	Policies []*AcceptancePolicy_RoleAdmissionPolicy `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
+}
+
+func (m *AcceptancePolicy) Reset()      { *m = AcceptancePolicy{} }
+func (*AcceptancePolicy) ProtoMessage() {}
+func (*AcceptancePolicy) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{31}
+}
+func (m *AcceptancePolicy) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AcceptancePolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AcceptancePolicy.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AcceptancePolicy) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AcceptancePolicy.Merge(m, src)
+}
+func (m *AcceptancePolicy) XXX_Size() int {
+	return m.Size()
+}
+func (m *AcceptancePolicy) XXX_DiscardUnknown() {
+	xxx_messageInfo_AcceptancePolicy.DiscardUnknown(m)
 }
 
-func (m *AcceptancePolicy) Reset()                    { *m = AcceptancePolicy{} }
-func (*AcceptancePolicy) ProtoMessage()               {}
-func (*AcceptancePolicy) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{31} }
+var xxx_messageInfo_AcceptancePolicy proto.InternalMessageInfo
 
 type AcceptancePolicy_RoleAdmissionPolicy struct {
 	Role NodeRole `protobuf:"varint,1,opt,name=role,proto3,enum=docker.swarmkit.v1.NodeRole" json:"role,omitempty"`
@@ -1366,14 +2300,40 @@ type AcceptancePolicy_RoleAdmissionPolicy struct {
 	Autoaccept bool `protobuf:"varint,2,opt,name=autoaccept,proto3" json:"autoaccept,omitempty"`
 	// Secret represents a user-provided string that is necessary for new
 	// nodes to join the cluster
-	Secret *AcceptancePolicy_RoleAdmissionPolicy_Secret `protobuf:"bytes,3,opt,name=secret" json:"secret,omitempty"`
+	Secret *AcceptancePolicy_RoleAdmissionPolicy_Secret `protobuf:"bytes,3,opt,name=secret,proto3" json:"secret,omitempty"`
 }
 
 func (m *AcceptancePolicy_RoleAdmissionPolicy) Reset()      { *m = AcceptancePolicy_RoleAdmissionPolicy{} }
 func (*AcceptancePolicy_RoleAdmissionPolicy) ProtoMessage() {}
 func (*AcceptancePolicy_RoleAdmissionPolicy) Descriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{31, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{31, 0}
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AcceptancePolicy_RoleAdmissionPolicy.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AcceptancePolicy_RoleAdmissionPolicy.Merge(m, src)
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy) XXX_Size() int {
+	return m.Size()
 }
+func (m *AcceptancePolicy_RoleAdmissionPolicy) XXX_DiscardUnknown() {
+	xxx_messageInfo_AcceptancePolicy_RoleAdmissionPolicy.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AcceptancePolicy_RoleAdmissionPolicy proto.InternalMessageInfo
 
 type AcceptancePolicy_RoleAdmissionPolicy_Secret struct {
 	// The actual content (possibly hashed)
@@ -1387,9 +2347,35 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Reset() {
 }
 func (*AcceptancePolicy_RoleAdmissionPolicy_Secret) ProtoMessage() {}
 func (*AcceptancePolicy_RoleAdmissionPolicy_Secret) Descriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{31, 0, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{31, 0, 0}
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_AcceptancePolicy_RoleAdmissionPolicy_Secret.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AcceptancePolicy_RoleAdmissionPolicy_Secret.Merge(m, src)
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) XXX_Size() int {
+	return m.Size()
+}
+func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) XXX_DiscardUnknown() {
+	xxx_messageInfo_AcceptancePolicy_RoleAdmissionPolicy_Secret.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_AcceptancePolicy_RoleAdmissionPolicy_Secret proto.InternalMessageInfo
+
 type ExternalCA struct {
 	// Protocol is the protocol used by this external CA.
 	Protocol ExternalCA_CAProtocol `protobuf:"varint,1,opt,name=protocol,proto3,enum=docker.swarmkit.v1.ExternalCA_CAProtocol" json:"protocol,omitempty"`
@@ -1397,22 +2383,50 @@ type ExternalCA struct {
 	URL string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
 	// Options is a set of additional key/value pairs whose interpretation
 	// depends on the specified CA type.
-	Options map[string]string `protobuf:"bytes,3,rep,name=options" json:"options,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Options map[string]string `protobuf:"bytes,3,rep,name=options,proto3" json:"options,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// CACert specifies which root CA is used by this external CA
 	CACert []byte `protobuf:"bytes,4,opt,name=ca_cert,json=caCert,proto3" json:"ca_cert,omitempty"`
 }
 
-func (m *ExternalCA) Reset()                    { *m = ExternalCA{} }
-func (*ExternalCA) ProtoMessage()               {}
-func (*ExternalCA) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{32} }
+func (m *ExternalCA) Reset()      { *m = ExternalCA{} }
+func (*ExternalCA) ProtoMessage() {}
+func (*ExternalCA) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{32}
+}
+func (m *ExternalCA) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExternalCA) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ExternalCA.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ExternalCA) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExternalCA.Merge(m, src)
+}
+func (m *ExternalCA) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExternalCA) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExternalCA.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExternalCA proto.InternalMessageInfo
 
 type CAConfig struct {
 	// NodeCertExpiry is the duration certificates should be issued for
 	// Note: can't use stdduration because this field needs to be nullable.
-	NodeCertExpiry *google_protobuf1.Duration `protobuf:"bytes,1,opt,name=node_cert_expiry,json=nodeCertExpiry" json:"node_cert_expiry,omitempty"`
+	NodeCertExpiry *types.Duration `protobuf:"bytes,1,opt,name=node_cert_expiry,json=nodeCertExpiry,proto3" json:"node_cert_expiry,omitempty"`
 	// ExternalCAs is a list of CAs to which a manager node will make
 	// certificate signing requests for node certificates.
-	ExternalCAs []*ExternalCA `protobuf:"bytes,2,rep,name=external_cas,json=externalCas" json:"external_cas,omitempty"`
+	ExternalCAs []*ExternalCA `protobuf:"bytes,2,rep,name=external_cas,json=externalCas,proto3" json:"external_cas,omitempty"`
 	// SigningCACert is the desired CA certificate to be used as the root and
 	// signing CA for the swarm.  If not provided, indicates that we are either happy
 	// with the current configuration, or (together with a bump in the ForceRotate value)
@@ -1427,9 +2441,37 @@ type CAConfig struct {
 	ForceRotate uint64 `protobuf:"varint,5,opt,name=force_rotate,json=forceRotate,proto3" json:"force_rotate,omitempty"`
 }
 
-func (m *CAConfig) Reset()                    { *m = CAConfig{} }
-func (*CAConfig) ProtoMessage()               {}
-func (*CAConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{33} }
+func (m *CAConfig) Reset()      { *m = CAConfig{} }
+func (*CAConfig) ProtoMessage() {}
+func (*CAConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{33}
+}
+func (m *CAConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CAConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CAConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CAConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CAConfig.Merge(m, src)
+}
+func (m *CAConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *CAConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_CAConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CAConfig proto.InternalMessageInfo
 
 // OrchestrationConfig defines cluster-level orchestration settings.
 type OrchestrationConfig struct {
@@ -1438,9 +2480,37 @@ type OrchestrationConfig struct {
 	TaskHistoryRetentionLimit int64 `protobuf:"varint,1,opt,name=task_history_retention_limit,json=taskHistoryRetentionLimit,proto3" json:"task_history_retention_limit,omitempty"`
 }
 
-func (m *OrchestrationConfig) Reset()                    { *m = OrchestrationConfig{} }
-func (*OrchestrationConfig) ProtoMessage()               {}
-func (*OrchestrationConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{34} }
+func (m *OrchestrationConfig) Reset()      { *m = OrchestrationConfig{} }
+func (*OrchestrationConfig) ProtoMessage() {}
+func (*OrchestrationConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{34}
+}
+func (m *OrchestrationConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *OrchestrationConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_OrchestrationConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *OrchestrationConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_OrchestrationConfig.Merge(m, src)
+}
+func (m *OrchestrationConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *OrchestrationConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_OrchestrationConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_OrchestrationConfig proto.InternalMessageInfo
 
 // TaskDefaults specifies default values for task creation.
 type TaskDefaults struct {
@@ -1449,24 +2519,80 @@ type TaskDefaults struct {
 	//
 	// If this is changed, only new tasks will pick up the new log driver.
 	// Existing tasks will continue to use the previous default until rescheduled.
-	LogDriver *Driver `protobuf:"bytes,1,opt,name=log_driver,json=logDriver" json:"log_driver,omitempty"`
+	LogDriver *Driver `protobuf:"bytes,1,opt,name=log_driver,json=logDriver,proto3" json:"log_driver,omitempty"`
+}
+
+func (m *TaskDefaults) Reset()      { *m = TaskDefaults{} }
+func (*TaskDefaults) ProtoMessage() {}
+func (*TaskDefaults) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{35}
+}
+func (m *TaskDefaults) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TaskDefaults) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TaskDefaults.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TaskDefaults) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TaskDefaults.Merge(m, src)
+}
+func (m *TaskDefaults) XXX_Size() int {
+	return m.Size()
+}
+func (m *TaskDefaults) XXX_DiscardUnknown() {
+	xxx_messageInfo_TaskDefaults.DiscardUnknown(m)
 }
 
-func (m *TaskDefaults) Reset()                    { *m = TaskDefaults{} }
-func (*TaskDefaults) ProtoMessage()               {}
-func (*TaskDefaults) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{35} }
+var xxx_messageInfo_TaskDefaults proto.InternalMessageInfo
 
 // DispatcherConfig defines cluster-level dispatcher settings.
 type DispatcherConfig struct {
 	// HeartbeatPeriod defines how often agent should send heartbeats to
 	// dispatcher.
 	// Note: can't use stdduration because this field needs to be nullable.
-	HeartbeatPeriod *google_protobuf1.Duration `protobuf:"bytes,1,opt,name=heartbeat_period,json=heartbeatPeriod" json:"heartbeat_period,omitempty"`
+	HeartbeatPeriod *types.Duration `protobuf:"bytes,1,opt,name=heartbeat_period,json=heartbeatPeriod,proto3" json:"heartbeat_period,omitempty"`
+}
+
+func (m *DispatcherConfig) Reset()      { *m = DispatcherConfig{} }
+func (*DispatcherConfig) ProtoMessage() {}
+func (*DispatcherConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{36}
+}
+func (m *DispatcherConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DispatcherConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DispatcherConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DispatcherConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DispatcherConfig.Merge(m, src)
+}
+func (m *DispatcherConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *DispatcherConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_DispatcherConfig.DiscardUnknown(m)
 }
 
-func (m *DispatcherConfig) Reset()                    { *m = DispatcherConfig{} }
-func (*DispatcherConfig) ProtoMessage()               {}
-func (*DispatcherConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{36} }
+var xxx_messageInfo_DispatcherConfig proto.InternalMessageInfo
 
 // RaftConfig defines raft settings for the cluster.
 type RaftConfig struct {
@@ -1486,28 +2612,112 @@ type RaftConfig struct {
 	ElectionTick uint32 `protobuf:"varint,5,opt,name=election_tick,json=electionTick,proto3" json:"election_tick,omitempty"`
 }
 
-func (m *RaftConfig) Reset()                    { *m = RaftConfig{} }
-func (*RaftConfig) ProtoMessage()               {}
-func (*RaftConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{37} }
-
-type EncryptionConfig struct {
-	// AutoLockManagers specifies whether or not managers TLS keys and raft data
-	// should be encrypted at rest in such a way that they must be unlocked
-	// before the manager node starts up again.
-	AutoLockManagers bool `protobuf:"varint,1,opt,name=auto_lock_managers,json=autoLockManagers,proto3" json:"auto_lock_managers,omitempty"`
+func (m *RaftConfig) Reset()      { *m = RaftConfig{} }
+func (*RaftConfig) ProtoMessage() {}
+func (*RaftConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{37}
+}
+func (m *RaftConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RaftConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RaftConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RaftConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RaftConfig.Merge(m, src)
+}
+func (m *RaftConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *RaftConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_RaftConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RaftConfig proto.InternalMessageInfo
+
+type EncryptionConfig struct {
+	// AutoLockManagers specifies whether or not managers TLS keys and raft data
+	// should be encrypted at rest in such a way that they must be unlocked
+	// before the manager node starts up again.
+	AutoLockManagers bool `protobuf:"varint,1,opt,name=auto_lock_managers,json=autoLockManagers,proto3" json:"auto_lock_managers,omitempty"`
 }
 
-func (m *EncryptionConfig) Reset()                    { *m = EncryptionConfig{} }
-func (*EncryptionConfig) ProtoMessage()               {}
-func (*EncryptionConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{38} }
-
+func (m *EncryptionConfig) Reset()      { *m = EncryptionConfig{} }
+func (*EncryptionConfig) ProtoMessage() {}
+func (*EncryptionConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{38}
+}
+func (m *EncryptionConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *EncryptionConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_EncryptionConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *EncryptionConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EncryptionConfig.Merge(m, src)
+}
+func (m *EncryptionConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *EncryptionConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_EncryptionConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_EncryptionConfig proto.InternalMessageInfo
+
 type SpreadOver struct {
 	SpreadDescriptor string `protobuf:"bytes,1,opt,name=spread_descriptor,json=spreadDescriptor,proto3" json:"spread_descriptor,omitempty"`
 }
 
-func (m *SpreadOver) Reset()                    { *m = SpreadOver{} }
-func (*SpreadOver) ProtoMessage()               {}
-func (*SpreadOver) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{39} }
+func (m *SpreadOver) Reset()      { *m = SpreadOver{} }
+func (*SpreadOver) ProtoMessage() {}
+func (*SpreadOver) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{39}
+}
+func (m *SpreadOver) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SpreadOver) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SpreadOver.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SpreadOver) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SpreadOver.Merge(m, src)
+}
+func (m *SpreadOver) XXX_Size() int {
+	return m.Size()
+}
+func (m *SpreadOver) XXX_DiscardUnknown() {
+	xxx_messageInfo_SpreadOver.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SpreadOver proto.InternalMessageInfo
 
 type PlacementPreference struct {
 	// Types that are valid to be assigned to Preference:
@@ -1515,9 +2725,37 @@ type PlacementPreference struct {
 	Preference isPlacementPreference_Preference `protobuf_oneof:"Preference"`
 }
 
-func (m *PlacementPreference) Reset()                    { *m = PlacementPreference{} }
-func (*PlacementPreference) ProtoMessage()               {}
-func (*PlacementPreference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{40} }
+func (m *PlacementPreference) Reset()      { *m = PlacementPreference{} }
+func (*PlacementPreference) ProtoMessage() {}
+func (*PlacementPreference) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{40}
+}
+func (m *PlacementPreference) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PlacementPreference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PlacementPreference.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PlacementPreference) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PlacementPreference.Merge(m, src)
+}
+func (m *PlacementPreference) XXX_Size() int {
+	return m.Size()
+}
+func (m *PlacementPreference) XXX_DiscardUnknown() {
+	xxx_messageInfo_PlacementPreference.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PlacementPreference proto.InternalMessageInfo
 
 type isPlacementPreference_Preference interface {
 	isPlacementPreference_Preference()
@@ -1526,7 +2764,7 @@ type isPlacementPreference_Preference interface {
 }
 
 type PlacementPreference_Spread struct {
-	Spread *SpreadOver `protobuf:"bytes,1,opt,name=spread,oneof"`
+	Spread *SpreadOver `protobuf:"bytes,1,opt,name=spread,proto3,oneof" json:"spread,omitempty"`
 }
 
 func (*PlacementPreference_Spread) isPlacementPreference_Preference() {}
@@ -1545,78 +2783,60 @@ func (m *PlacementPreference) GetSpread() *SpreadOver {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*PlacementPreference) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _PlacementPreference_OneofMarshaler, _PlacementPreference_OneofUnmarshaler, _PlacementPreference_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*PlacementPreference) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*PlacementPreference_Spread)(nil),
 	}
 }
 
-func _PlacementPreference_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*PlacementPreference)
-	// Preference
-	switch x := m.Preference.(type) {
-	case *PlacementPreference_Spread:
-		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Spread); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("PlacementPreference.Preference has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _PlacementPreference_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*PlacementPreference)
-	switch tag {
-	case 1: // Preference.spread
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(SpreadOver)
-		err := b.DecodeMessage(msg)
-		m.Preference = &PlacementPreference_Spread{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _PlacementPreference_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*PlacementPreference)
-	// Preference
-	switch x := m.Preference.(type) {
-	case *PlacementPreference_Spread:
-		s := proto.Size(x.Spread)
-		n += proto.SizeVarint(1<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // Placement specifies task distribution constraints.
 type Placement struct {
 	// Constraints specifies a set of requirements a node should meet for a task.
-	Constraints []string `protobuf:"bytes,1,rep,name=constraints" json:"constraints,omitempty"`
+	Constraints []string `protobuf:"bytes,1,rep,name=constraints,proto3" json:"constraints,omitempty"`
 	// Preferences provide a way to make the scheduler aware of factors
 	// such as topology. They are provided in order from highest to lowest
 	// precedence.
-	Preferences []*PlacementPreference `protobuf:"bytes,2,rep,name=preferences" json:"preferences,omitempty"`
+	Preferences []*PlacementPreference `protobuf:"bytes,2,rep,name=preferences,proto3" json:"preferences,omitempty"`
 	// Platforms stores all the platforms that the image can run on.
 	// This field is used in the platform filter for scheduling. If empty,
 	// then the platform filter is off, meaning there are no scheduling restrictions.
-	Platforms []*Platform `protobuf:"bytes,3,rep,name=platforms" json:"platforms,omitempty"`
+	Platforms []*Platform `protobuf:"bytes,3,rep,name=platforms,proto3" json:"platforms,omitempty"`
+	// MaxReplicas specifies the limit for maximum number of replicas running on one node.
+	MaxReplicas uint64 `protobuf:"varint,4,opt,name=max_replicas,json=maxReplicas,proto3" json:"max_replicas,omitempty"`
+}
+
+func (m *Placement) Reset()      { *m = Placement{} }
+func (*Placement) ProtoMessage() {}
+func (*Placement) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{41}
+}
+func (m *Placement) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Placement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Placement.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Placement) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Placement.Merge(m, src)
+}
+func (m *Placement) XXX_Size() int {
+	return m.Size()
+}
+func (m *Placement) XXX_DiscardUnknown() {
+	xxx_messageInfo_Placement.DiscardUnknown(m)
 }
 
-func (m *Placement) Reset()                    { *m = Placement{} }
-func (*Placement) ProtoMessage()               {}
-func (*Placement) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{41} }
+var xxx_messageInfo_Placement proto.InternalMessageInfo
 
 // JoinToken contains the join tokens for workers and managers.
 type JoinTokens struct {
@@ -1626,9 +2846,37 @@ type JoinTokens struct {
 	Manager string `protobuf:"bytes,2,opt,name=manager,proto3" json:"manager,omitempty"`
 }
 
-func (m *JoinTokens) Reset()                    { *m = JoinTokens{} }
-func (*JoinTokens) ProtoMessage()               {}
-func (*JoinTokens) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{42} }
+func (m *JoinTokens) Reset()      { *m = JoinTokens{} }
+func (*JoinTokens) ProtoMessage() {}
+func (*JoinTokens) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{42}
+}
+func (m *JoinTokens) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *JoinTokens) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_JoinTokens.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *JoinTokens) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_JoinTokens.Merge(m, src)
+}
+func (m *JoinTokens) XXX_Size() int {
+	return m.Size()
+}
+func (m *JoinTokens) XXX_DiscardUnknown() {
+	xxx_messageInfo_JoinTokens.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_JoinTokens proto.InternalMessageInfo
 
 type RootCA struct {
 	// CAKey is the root CA private key.
@@ -1638,31 +2886,87 @@ type RootCA struct {
 	// CACertHash is the digest of the CA Certificate.
 	CACertHash string `protobuf:"bytes,3,opt,name=ca_cert_hash,json=caCertHash,proto3" json:"ca_cert_hash,omitempty"`
 	// JoinTokens contains the join tokens for workers and managers.
-	JoinTokens JoinTokens `protobuf:"bytes,4,opt,name=join_tokens,json=joinTokens" json:"join_tokens"`
+	JoinTokens JoinTokens `protobuf:"bytes,4,opt,name=join_tokens,json=joinTokens,proto3" json:"join_tokens"`
 	// RootRotation contains the new root cert and key we want to rotate to - if this is nil, we are not in the
 	// middle of a root rotation
-	RootRotation *RootRotation `protobuf:"bytes,5,opt,name=root_rotation,json=rootRotation" json:"root_rotation,omitempty"`
+	RootRotation *RootRotation `protobuf:"bytes,5,opt,name=root_rotation,json=rootRotation,proto3" json:"root_rotation,omitempty"`
 	// LastForcedRotation matches the Cluster Spec's CAConfig's ForceRotation counter.
 	// It indicates when the current CA cert and key were generated (or updated).
 	LastForcedRotation uint64 `protobuf:"varint,6,opt,name=last_forced_rotation,json=lastForcedRotation,proto3" json:"last_forced_rotation,omitempty"`
 }
 
-func (m *RootCA) Reset()                    { *m = RootCA{} }
-func (*RootCA) ProtoMessage()               {}
-func (*RootCA) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{43} }
+func (m *RootCA) Reset()      { *m = RootCA{} }
+func (*RootCA) ProtoMessage() {}
+func (*RootCA) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{43}
+}
+func (m *RootCA) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RootCA) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RootCA.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RootCA) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RootCA.Merge(m, src)
+}
+func (m *RootCA) XXX_Size() int {
+	return m.Size()
+}
+func (m *RootCA) XXX_DiscardUnknown() {
+	xxx_messageInfo_RootCA.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RootCA proto.InternalMessageInfo
 
 type Certificate struct {
 	Role        NodeRole       `protobuf:"varint,1,opt,name=role,proto3,enum=docker.swarmkit.v1.NodeRole" json:"role,omitempty"`
 	CSR         []byte         `protobuf:"bytes,2,opt,name=csr,proto3" json:"csr,omitempty"`
-	Status      IssuanceStatus `protobuf:"bytes,3,opt,name=status" json:"status"`
+	Status      IssuanceStatus `protobuf:"bytes,3,opt,name=status,proto3" json:"status"`
 	Certificate []byte         `protobuf:"bytes,4,opt,name=certificate,proto3" json:"certificate,omitempty"`
 	// CN represents the node ID.
 	CN string `protobuf:"bytes,5,opt,name=cn,proto3" json:"cn,omitempty"`
 }
 
-func (m *Certificate) Reset()                    { *m = Certificate{} }
-func (*Certificate) ProtoMessage()               {}
-func (*Certificate) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{44} }
+func (m *Certificate) Reset()      { *m = Certificate{} }
+func (*Certificate) ProtoMessage() {}
+func (*Certificate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{44}
+}
+func (m *Certificate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Certificate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Certificate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Certificate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Certificate.Merge(m, src)
+}
+func (m *Certificate) XXX_Size() int {
+	return m.Size()
+}
+func (m *Certificate) XXX_DiscardUnknown() {
+	xxx_messageInfo_Certificate.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Certificate proto.InternalMessageInfo
 
 // Symmetric keys to encrypt inter-agent communication.
 type EncryptionKey struct {
@@ -1676,9 +2980,37 @@ type EncryptionKey struct {
 	LamportTime uint64 `protobuf:"varint,4,opt,name=lamport_time,json=lamportTime,proto3" json:"lamport_time,omitempty"`
 }
 
-func (m *EncryptionKey) Reset()                    { *m = EncryptionKey{} }
-func (*EncryptionKey) ProtoMessage()               {}
-func (*EncryptionKey) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{45} }
+func (m *EncryptionKey) Reset()      { *m = EncryptionKey{} }
+func (*EncryptionKey) ProtoMessage() {}
+func (*EncryptionKey) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{45}
+}
+func (m *EncryptionKey) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *EncryptionKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_EncryptionKey.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *EncryptionKey) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EncryptionKey.Merge(m, src)
+}
+func (m *EncryptionKey) XXX_Size() int {
+	return m.Size()
+}
+func (m *EncryptionKey) XXX_DiscardUnknown() {
+	xxx_messageInfo_EncryptionKey.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_EncryptionKey proto.InternalMessageInfo
 
 // ManagerStatus provides informations about the state of a manager in the cluster.
 type ManagerStatus struct {
@@ -1693,9 +3025,37 @@ type ManagerStatus struct {
 	Reachability RaftMemberStatus_Reachability `protobuf:"varint,4,opt,name=reachability,proto3,enum=docker.swarmkit.v1.RaftMemberStatus_Reachability" json:"reachability,omitempty"`
 }
 
-func (m *ManagerStatus) Reset()                    { *m = ManagerStatus{} }
-func (*ManagerStatus) ProtoMessage()               {}
-func (*ManagerStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{46} }
+func (m *ManagerStatus) Reset()      { *m = ManagerStatus{} }
+func (*ManagerStatus) ProtoMessage() {}
+func (*ManagerStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{46}
+}
+func (m *ManagerStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ManagerStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ManagerStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ManagerStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ManagerStatus.Merge(m, src)
+}
+func (m *ManagerStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *ManagerStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_ManagerStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ManagerStatus proto.InternalMessageInfo
 
 // FileTarget represents a specific target that is backed by a file
 type FileTarget struct {
@@ -1709,9 +3069,76 @@ type FileTarget struct {
 	Mode os.FileMode `protobuf:"varint,4,opt,name=mode,proto3,customtype=os.FileMode" json:"mode"`
 }
 
-func (m *FileTarget) Reset()                    { *m = FileTarget{} }
-func (*FileTarget) ProtoMessage()               {}
-func (*FileTarget) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{47} }
+func (m *FileTarget) Reset()      { *m = FileTarget{} }
+func (*FileTarget) ProtoMessage() {}
+func (*FileTarget) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{47}
+}
+func (m *FileTarget) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FileTarget) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_FileTarget.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *FileTarget) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileTarget.Merge(m, src)
+}
+func (m *FileTarget) XXX_Size() int {
+	return m.Size()
+}
+func (m *FileTarget) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileTarget.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FileTarget proto.InternalMessageInfo
+
+// RuntimeTarget represents that this secret is _not_ mounted into the
+// container, but is used for some other purpose by the container runtime.
+//
+// Currently, RuntimeTarget has no fields; it's just a placeholder.
+type RuntimeTarget struct {
+}
+
+func (m *RuntimeTarget) Reset()      { *m = RuntimeTarget{} }
+func (*RuntimeTarget) ProtoMessage() {}
+func (*RuntimeTarget) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{48}
+}
+func (m *RuntimeTarget) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RuntimeTarget) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RuntimeTarget.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RuntimeTarget) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RuntimeTarget.Merge(m, src)
+}
+func (m *RuntimeTarget) XXX_Size() int {
+	return m.Size()
+}
+func (m *RuntimeTarget) XXX_DiscardUnknown() {
+	xxx_messageInfo_RuntimeTarget.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RuntimeTarget proto.InternalMessageInfo
 
 // SecretReference is the linkage between a service and a secret that it uses.
 type SecretReference struct {
@@ -1729,9 +3156,37 @@ type SecretReference struct {
 	Target isSecretReference_Target `protobuf_oneof:"target"`
 }
 
-func (m *SecretReference) Reset()                    { *m = SecretReference{} }
-func (*SecretReference) ProtoMessage()               {}
-func (*SecretReference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{48} }
+func (m *SecretReference) Reset()      { *m = SecretReference{} }
+func (*SecretReference) ProtoMessage() {}
+func (*SecretReference) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{49}
+}
+func (m *SecretReference) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SecretReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SecretReference.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SecretReference) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SecretReference.Merge(m, src)
+}
+func (m *SecretReference) XXX_Size() int {
+	return m.Size()
+}
+func (m *SecretReference) XXX_DiscardUnknown() {
+	xxx_messageInfo_SecretReference.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SecretReference proto.InternalMessageInfo
 
 type isSecretReference_Target interface {
 	isSecretReference_Target()
@@ -1740,7 +3195,7 @@ type isSecretReference_Target interface {
 }
 
 type SecretReference_File struct {
-	File *FileTarget `protobuf:"bytes,3,opt,name=file,oneof"`
+	File *FileTarget `protobuf:"bytes,3,opt,name=file,proto3,oneof" json:"file,omitempty"`
 }
 
 func (*SecretReference_File) isSecretReference_Target() {}
@@ -1759,61 +3214,13 @@ func (m *SecretReference) GetFile() *FileTarget {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*SecretReference) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _SecretReference_OneofMarshaler, _SecretReference_OneofUnmarshaler, _SecretReference_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*SecretReference) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*SecretReference_File)(nil),
 	}
 }
 
-func _SecretReference_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*SecretReference)
-	// target
-	switch x := m.Target.(type) {
-	case *SecretReference_File:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.File); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("SecretReference.Target has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _SecretReference_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*SecretReference)
-	switch tag {
-	case 3: // target.file
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(FileTarget)
-		err := b.DecodeMessage(msg)
-		m.Target = &SecretReference_File{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _SecretReference_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*SecretReference)
-	// target
-	switch x := m.Target.(type) {
-	case *SecretReference_File:
-		s := proto.Size(x.File)
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // ConfigReference is the linkage between a service and a config that it uses.
 type ConfigReference struct {
 	// ConfigID represents the ID of the specific Config that we're
@@ -1822,16 +3229,45 @@ type ConfigReference struct {
 	// ConfigName is the name of the config that this references, but this is just provided for
 	// lookup/display purposes. The config in the reference will be identified by its ID.
 	ConfigName string `protobuf:"bytes,2,opt,name=config_name,json=configName,proto3" json:"config_name,omitempty"`
-	// Target specifies how this secret should be exposed to the task.
+	// Target specifies how this config should be exposed to the task.
 	//
 	// Types that are valid to be assigned to Target:
 	//	*ConfigReference_File
+	//	*ConfigReference_Runtime
 	Target isConfigReference_Target `protobuf_oneof:"target"`
 }
 
-func (m *ConfigReference) Reset()                    { *m = ConfigReference{} }
-func (*ConfigReference) ProtoMessage()               {}
-func (*ConfigReference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{49} }
+func (m *ConfigReference) Reset()      { *m = ConfigReference{} }
+func (*ConfigReference) ProtoMessage() {}
+func (*ConfigReference) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{50}
+}
+func (m *ConfigReference) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ConfigReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ConfigReference.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ConfigReference) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ConfigReference.Merge(m, src)
+}
+func (m *ConfigReference) XXX_Size() int {
+	return m.Size()
+}
+func (m *ConfigReference) XXX_DiscardUnknown() {
+	xxx_messageInfo_ConfigReference.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ConfigReference proto.InternalMessageInfo
 
 type isConfigReference_Target interface {
 	isConfigReference_Target()
@@ -1840,10 +3276,14 @@ type isConfigReference_Target interface {
 }
 
 type ConfigReference_File struct {
-	File *FileTarget `protobuf:"bytes,3,opt,name=file,oneof"`
+	File *FileTarget `protobuf:"bytes,3,opt,name=file,proto3,oneof" json:"file,omitempty"`
+}
+type ConfigReference_Runtime struct {
+	Runtime *RuntimeTarget `protobuf:"bytes,4,opt,name=runtime,proto3,oneof" json:"runtime,omitempty"`
 }
 
-func (*ConfigReference_File) isConfigReference_Target() {}
+func (*ConfigReference_File) isConfigReference_Target()    {}
+func (*ConfigReference_Runtime) isConfigReference_Target() {}
 
 func (m *ConfigReference) GetTarget() isConfigReference_Target {
 	if m != nil {
@@ -1859,59 +3299,19 @@ func (m *ConfigReference) GetFile() *FileTarget {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*ConfigReference) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _ConfigReference_OneofMarshaler, _ConfigReference_OneofUnmarshaler, _ConfigReference_OneofSizer, []interface{}{
-		(*ConfigReference_File)(nil),
-	}
-}
-
-func _ConfigReference_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*ConfigReference)
-	// target
-	switch x := m.Target.(type) {
-	case *ConfigReference_File:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.File); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("ConfigReference.Target has unexpected type %T", x)
+func (m *ConfigReference) GetRuntime() *RuntimeTarget {
+	if x, ok := m.GetTarget().(*ConfigReference_Runtime); ok {
+		return x.Runtime
 	}
 	return nil
 }
 
-func _ConfigReference_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*ConfigReference)
-	switch tag {
-	case 3: // target.file
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(FileTarget)
-		err := b.DecodeMessage(msg)
-		m.Target = &ConfigReference_File{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _ConfigReference_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*ConfigReference)
-	// target
-	switch x := m.Target.(type) {
-	case *ConfigReference_File:
-		s := proto.Size(x.File)
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*ConfigReference) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*ConfigReference_File)(nil),
+		(*ConfigReference_Runtime)(nil),
 	}
-	return n
 }
 
 // BlacklistedCertificate is a record for a blacklisted certificate. It does not
@@ -1920,12 +3320,40 @@ type BlacklistedCertificate struct {
 	// Expiry is the latest known expiration time of a certificate that
 	// was issued for the given CN.
 	// Note: can't use stdtime because this field is nullable.
-	Expiry *google_protobuf.Timestamp `protobuf:"bytes,1,opt,name=expiry" json:"expiry,omitempty"`
+	Expiry *types.Timestamp `protobuf:"bytes,1,opt,name=expiry,proto3" json:"expiry,omitempty"`
+}
+
+func (m *BlacklistedCertificate) Reset()      { *m = BlacklistedCertificate{} }
+func (*BlacklistedCertificate) ProtoMessage() {}
+func (*BlacklistedCertificate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{51}
+}
+func (m *BlacklistedCertificate) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BlacklistedCertificate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BlacklistedCertificate.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BlacklistedCertificate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BlacklistedCertificate.Merge(m, src)
+}
+func (m *BlacklistedCertificate) XXX_Size() int {
+	return m.Size()
+}
+func (m *BlacklistedCertificate) XXX_DiscardUnknown() {
+	xxx_messageInfo_BlacklistedCertificate.DiscardUnknown(m)
 }
 
-func (m *BlacklistedCertificate) Reset()                    { *m = BlacklistedCertificate{} }
-func (*BlacklistedCertificate) ProtoMessage()               {}
-func (*BlacklistedCertificate) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{50} }
+var xxx_messageInfo_BlacklistedCertificate proto.InternalMessageInfo
 
 // HealthConfig holds configuration settings for the HEALTHCHECK feature.
 type HealthConfig struct {
@@ -1936,26 +3364,54 @@ type HealthConfig struct {
 	// {"NONE"} : disable healthcheck
 	// {"CMD", args...} : exec arguments directly
 	// {"CMD-SHELL", command} : run command with system's default shell
-	Test []string `protobuf:"bytes,1,rep,name=test" json:"test,omitempty"`
+	Test []string `protobuf:"bytes,1,rep,name=test,proto3" json:"test,omitempty"`
 	// Interval is the time to wait between checks. Zero means inherit.
 	// Note: can't use stdduration because this field needs to be nullable.
-	Interval *google_protobuf1.Duration `protobuf:"bytes,2,opt,name=interval" json:"interval,omitempty"`
+	Interval *types.Duration `protobuf:"bytes,2,opt,name=interval,proto3" json:"interval,omitempty"`
 	// Timeout is the time to wait before considering the check to have hung.
 	// Zero means inherit.
 	// Note: can't use stdduration because this field needs to be nullable.
-	Timeout *google_protobuf1.Duration `protobuf:"bytes,3,opt,name=timeout" json:"timeout,omitempty"`
+	Timeout *types.Duration `protobuf:"bytes,3,opt,name=timeout,proto3" json:"timeout,omitempty"`
 	// Retries is the number of consecutive failures needed to consider a
 	// container as unhealthy. Zero means inherit.
 	Retries int32 `protobuf:"varint,4,opt,name=retries,proto3" json:"retries,omitempty"`
 	// Start period is the period for container initialization during
 	// which health check failures will note count towards the maximum
 	// number of retries.
-	StartPeriod *google_protobuf1.Duration `protobuf:"bytes,5,opt,name=start_period,json=startPeriod" json:"start_period,omitempty"`
+	StartPeriod *types.Duration `protobuf:"bytes,5,opt,name=start_period,json=startPeriod,proto3" json:"start_period,omitempty"`
+}
+
+func (m *HealthConfig) Reset()      { *m = HealthConfig{} }
+func (*HealthConfig) ProtoMessage() {}
+func (*HealthConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{52}
+}
+func (m *HealthConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HealthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_HealthConfig.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *HealthConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HealthConfig.Merge(m, src)
+}
+func (m *HealthConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *HealthConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_HealthConfig.DiscardUnknown(m)
 }
 
-func (m *HealthConfig) Reset()                    { *m = HealthConfig{} }
-func (*HealthConfig) ProtoMessage()               {}
-func (*HealthConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{51} }
+var xxx_messageInfo_HealthConfig proto.InternalMessageInfo
 
 type MaybeEncryptedRecord struct {
 	Algorithm MaybeEncryptedRecord_Algorithm `protobuf:"varint,1,opt,name=algorithm,proto3,enum=docker.swarmkit.v1.MaybeEncryptedRecord_Algorithm" json:"algorithm,omitempty"`
@@ -1963,9 +3419,37 @@ type MaybeEncryptedRecord struct {
 	Nonce     []byte                         `protobuf:"bytes,3,opt,name=nonce,proto3" json:"nonce,omitempty"`
 }
 
-func (m *MaybeEncryptedRecord) Reset()                    { *m = MaybeEncryptedRecord{} }
-func (*MaybeEncryptedRecord) ProtoMessage()               {}
-func (*MaybeEncryptedRecord) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{52} }
+func (m *MaybeEncryptedRecord) Reset()      { *m = MaybeEncryptedRecord{} }
+func (*MaybeEncryptedRecord) ProtoMessage() {}
+func (*MaybeEncryptedRecord) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{53}
+}
+func (m *MaybeEncryptedRecord) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MaybeEncryptedRecord) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MaybeEncryptedRecord.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MaybeEncryptedRecord) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MaybeEncryptedRecord.Merge(m, src)
+}
+func (m *MaybeEncryptedRecord) XXX_Size() int {
+	return m.Size()
+}
+func (m *MaybeEncryptedRecord) XXX_DiscardUnknown() {
+	xxx_messageInfo_MaybeEncryptedRecord.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MaybeEncryptedRecord proto.InternalMessageInfo
 
 type RootRotation struct {
 	CACert []byte `protobuf:"bytes,1,opt,name=ca_cert,json=caCert,proto3" json:"ca_cert,omitempty"`
@@ -1974,34 +3458,117 @@ type RootRotation struct {
 	CrossSignedCACert []byte `protobuf:"bytes,3,opt,name=cross_signed_ca_cert,json=crossSignedCaCert,proto3" json:"cross_signed_ca_cert,omitempty"`
 }
 
-func (m *RootRotation) Reset()                    { *m = RootRotation{} }
-func (*RootRotation) ProtoMessage()               {}
-func (*RootRotation) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{53} }
+func (m *RootRotation) Reset()      { *m = RootRotation{} }
+func (*RootRotation) ProtoMessage() {}
+func (*RootRotation) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{54}
+}
+func (m *RootRotation) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RootRotation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RootRotation.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RootRotation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RootRotation.Merge(m, src)
+}
+func (m *RootRotation) XXX_Size() int {
+	return m.Size()
+}
+func (m *RootRotation) XXX_DiscardUnknown() {
+	xxx_messageInfo_RootRotation.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RootRotation proto.InternalMessageInfo
 
 // Privileges specifies security configuration/permissions.
 type Privileges struct {
-	CredentialSpec *Privileges_CredentialSpec `protobuf:"bytes,1,opt,name=credential_spec,json=credentialSpec" json:"credential_spec,omitempty"`
-	SELinuxContext *Privileges_SELinuxContext `protobuf:"bytes,2,opt,name=selinux_context,json=selinuxContext" json:"selinux_context,omitempty"`
+	CredentialSpec *Privileges_CredentialSpec `protobuf:"bytes,1,opt,name=credential_spec,json=credentialSpec,proto3" json:"credential_spec,omitempty"`
+	SELinuxContext *Privileges_SELinuxContext `protobuf:"bytes,2,opt,name=selinux_context,json=selinuxContext,proto3" json:"selinux_context,omitempty"`
+}
+
+func (m *Privileges) Reset()      { *m = Privileges{} }
+func (*Privileges) ProtoMessage() {}
+func (*Privileges) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{55}
+}
+func (m *Privileges) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Privileges) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Privileges.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Privileges) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Privileges.Merge(m, src)
+}
+func (m *Privileges) XXX_Size() int {
+	return m.Size()
+}
+func (m *Privileges) XXX_DiscardUnknown() {
+	xxx_messageInfo_Privileges.DiscardUnknown(m)
 }
 
-func (m *Privileges) Reset()                    { *m = Privileges{} }
-func (*Privileges) ProtoMessage()               {}
-func (*Privileges) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{54} }
+var xxx_messageInfo_Privileges proto.InternalMessageInfo
 
 // CredentialSpec for managed service account (Windows only).
 type Privileges_CredentialSpec struct {
 	// Types that are valid to be assigned to Source:
 	//	*Privileges_CredentialSpec_File
 	//	*Privileges_CredentialSpec_Registry
+	//	*Privileges_CredentialSpec_Config
 	Source isPrivileges_CredentialSpec_Source `protobuf_oneof:"source"`
 }
 
 func (m *Privileges_CredentialSpec) Reset()      { *m = Privileges_CredentialSpec{} }
 func (*Privileges_CredentialSpec) ProtoMessage() {}
 func (*Privileges_CredentialSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{54, 0}
+	return fileDescriptor_0b5eafd0404ded3d, []int{55, 0}
+}
+func (m *Privileges_CredentialSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Privileges_CredentialSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Privileges_CredentialSpec.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Privileges_CredentialSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Privileges_CredentialSpec.Merge(m, src)
+}
+func (m *Privileges_CredentialSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *Privileges_CredentialSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_Privileges_CredentialSpec.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_Privileges_CredentialSpec proto.InternalMessageInfo
+
 type isPrivileges_CredentialSpec_Source interface {
 	isPrivileges_CredentialSpec_Source()
 	MarshalTo([]byte) (int, error)
@@ -2009,14 +3576,18 @@ type isPrivileges_CredentialSpec_Source interface {
 }
 
 type Privileges_CredentialSpec_File struct {
-	File string `protobuf:"bytes,1,opt,name=file,proto3,oneof"`
+	File string `protobuf:"bytes,1,opt,name=file,proto3,oneof" json:"file,omitempty"`
 }
 type Privileges_CredentialSpec_Registry struct {
-	Registry string `protobuf:"bytes,2,opt,name=registry,proto3,oneof"`
+	Registry string `protobuf:"bytes,2,opt,name=registry,proto3,oneof" json:"registry,omitempty"`
+}
+type Privileges_CredentialSpec_Config struct {
+	Config string `protobuf:"bytes,3,opt,name=config,proto3,oneof" json:"config,omitempty"`
 }
 
 func (*Privileges_CredentialSpec_File) isPrivileges_CredentialSpec_Source()     {}
 func (*Privileges_CredentialSpec_Registry) isPrivileges_CredentialSpec_Source() {}
+func (*Privileges_CredentialSpec_Config) isPrivileges_CredentialSpec_Source()   {}
 
 func (m *Privileges_CredentialSpec) GetSource() isPrivileges_CredentialSpec_Source {
 	if m != nil {
@@ -2039,70 +3610,20 @@ func (m *Privileges_CredentialSpec) GetRegistry() string {
 	return ""
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Privileges_CredentialSpec) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _Privileges_CredentialSpec_OneofMarshaler, _Privileges_CredentialSpec_OneofUnmarshaler, _Privileges_CredentialSpec_OneofSizer, []interface{}{
-		(*Privileges_CredentialSpec_File)(nil),
-		(*Privileges_CredentialSpec_Registry)(nil),
+func (m *Privileges_CredentialSpec) GetConfig() string {
+	if x, ok := m.GetSource().(*Privileges_CredentialSpec_Config); ok {
+		return x.Config
 	}
+	return ""
 }
 
-func _Privileges_CredentialSpec_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*Privileges_CredentialSpec)
-	// source
-	switch x := m.Source.(type) {
-	case *Privileges_CredentialSpec_File:
-		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.File)
-	case *Privileges_CredentialSpec_Registry:
-		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.Registry)
-	case nil:
-	default:
-		return fmt.Errorf("Privileges_CredentialSpec.Source has unexpected type %T", x)
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Privileges_CredentialSpec) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*Privileges_CredentialSpec_File)(nil),
+		(*Privileges_CredentialSpec_Registry)(nil),
+		(*Privileges_CredentialSpec_Config)(nil),
 	}
-	return nil
-}
-
-func _Privileges_CredentialSpec_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*Privileges_CredentialSpec)
-	switch tag {
-	case 1: // source.file
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Source = &Privileges_CredentialSpec_File{x}
-		return true, err
-	case 2: // source.registry
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Source = &Privileges_CredentialSpec_Registry{x}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _Privileges_CredentialSpec_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*Privileges_CredentialSpec)
-	// source
-	switch x := m.Source.(type) {
-	case *Privileges_CredentialSpec_File:
-		n += proto.SizeVarint(1<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.File)))
-		n += len(x.File)
-	case *Privileges_CredentialSpec_Registry:
-		n += proto.SizeVarint(2<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.Registry)))
-		n += len(x.Registry)
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
 }
 
 // SELinuxContext contains the SELinux labels for the container.
@@ -2117,13 +3638,106 @@ type Privileges_SELinuxContext struct {
 func (m *Privileges_SELinuxContext) Reset()      { *m = Privileges_SELinuxContext{} }
 func (*Privileges_SELinuxContext) ProtoMessage() {}
 func (*Privileges_SELinuxContext) Descriptor() ([]byte, []int) {
-	return fileDescriptorTypes, []int{54, 1}
+	return fileDescriptor_0b5eafd0404ded3d, []int{55, 1}
+}
+func (m *Privileges_SELinuxContext) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Privileges_SELinuxContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Privileges_SELinuxContext.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Privileges_SELinuxContext) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Privileges_SELinuxContext.Merge(m, src)
+}
+func (m *Privileges_SELinuxContext) XXX_Size() int {
+	return m.Size()
+}
+func (m *Privileges_SELinuxContext) XXX_DiscardUnknown() {
+	xxx_messageInfo_Privileges_SELinuxContext.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Privileges_SELinuxContext proto.InternalMessageInfo
+
+// JobStatus indicates the status of a Service that is in one of the Job modes.
+type JobStatus struct {
+	// JobIteration is the count of how many times the Job has been excecuted,
+	// successfully or otherwise. "Executed" refers to the job as a whole being
+	// started, not to the individual Tasks being launched. This is used to
+	// disambiguate which Tasks belong to which iteration of a Job.
+	JobIteration Version `protobuf:"bytes,1,opt,name=job_iteration,json=jobIteration,proto3" json:"job_iteration"`
+	// LastExecution is the time that the job was last executed. This is set by
+	// the orchestrator in the same transaction that JobIteration is incremented.
+	// While time is a fungible concept in distributed systems like Swarmkit,
+	// this value gives us a best-effort attempt to prevent weird behavior like
+	// newly added nodes executing long-forgotten jobs.
+	LastExecution *types.Timestamp `protobuf:"bytes,2,opt,name=last_execution,json=lastExecution,proto3" json:"last_execution,omitempty"`
+}
+
+func (m *JobStatus) Reset()      { *m = JobStatus{} }
+func (*JobStatus) ProtoMessage() {}
+func (*JobStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0b5eafd0404ded3d, []int{56}
+}
+func (m *JobStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *JobStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_JobStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *JobStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_JobStatus.Merge(m, src)
+}
+func (m *JobStatus) XXX_Size() int {
+	return m.Size()
 }
+func (m *JobStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_JobStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_JobStatus proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.ResourceType", ResourceType_name, ResourceType_value)
+	proto.RegisterEnum("docker.swarmkit.v1.TaskState", TaskState_name, TaskState_value)
+	proto.RegisterEnum("docker.swarmkit.v1.NodeRole", NodeRole_name, NodeRole_value)
+	proto.RegisterEnum("docker.swarmkit.v1.RaftMemberStatus_Reachability", RaftMemberStatus_Reachability_name, RaftMemberStatus_Reachability_value)
+	proto.RegisterEnum("docker.swarmkit.v1.NodeStatus_State", NodeStatus_State_name, NodeStatus_State_value)
+	proto.RegisterEnum("docker.swarmkit.v1.Mount_MountType", Mount_MountType_name, Mount_MountType_value)
+	proto.RegisterEnum("docker.swarmkit.v1.Mount_MountConsistency", Mount_MountConsistency_name, Mount_MountConsistency_value)
+	proto.RegisterEnum("docker.swarmkit.v1.Mount_BindOptions_MountPropagation", Mount_BindOptions_MountPropagation_name, Mount_BindOptions_MountPropagation_value)
+	proto.RegisterEnum("docker.swarmkit.v1.RestartPolicy_RestartCondition", RestartPolicy_RestartCondition_name, RestartPolicy_RestartCondition_value)
+	proto.RegisterEnum("docker.swarmkit.v1.UpdateConfig_FailureAction", UpdateConfig_FailureAction_name, UpdateConfig_FailureAction_value)
+	proto.RegisterEnum("docker.swarmkit.v1.UpdateConfig_UpdateOrder", UpdateConfig_UpdateOrder_name, UpdateConfig_UpdateOrder_value)
+	proto.RegisterEnum("docker.swarmkit.v1.UpdateStatus_UpdateState", UpdateStatus_UpdateState_name, UpdateStatus_UpdateState_value)
+	proto.RegisterEnum("docker.swarmkit.v1.IPAMConfig_AddressFamily", IPAMConfig_AddressFamily_name, IPAMConfig_AddressFamily_value)
+	proto.RegisterEnum("docker.swarmkit.v1.PortConfig_Protocol", PortConfig_Protocol_name, PortConfig_Protocol_value)
+	proto.RegisterEnum("docker.swarmkit.v1.PortConfig_PublishMode", PortConfig_PublishMode_name, PortConfig_PublishMode_value)
+	proto.RegisterEnum("docker.swarmkit.v1.IssuanceStatus_State", IssuanceStatus_State_name, IssuanceStatus_State_value)
+	proto.RegisterEnum("docker.swarmkit.v1.ExternalCA_CAProtocol", ExternalCA_CAProtocol_name, ExternalCA_CAProtocol_value)
+	proto.RegisterEnum("docker.swarmkit.v1.EncryptionKey_Algorithm", EncryptionKey_Algorithm_name, EncryptionKey_Algorithm_value)
+	proto.RegisterEnum("docker.swarmkit.v1.MaybeEncryptedRecord_Algorithm", MaybeEncryptedRecord_Algorithm_name, MaybeEncryptedRecord_Algorithm_value)
 	proto.RegisterType((*Version)(nil), "docker.swarmkit.v1.Version")
 	proto.RegisterType((*IndexEntry)(nil), "docker.swarmkit.v1.IndexEntry")
 	proto.RegisterType((*Annotations)(nil), "docker.swarmkit.v1.Annotations")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.Annotations.LabelsEntry")
 	proto.RegisterType((*NamedGenericResource)(nil), "docker.swarmkit.v1.NamedGenericResource")
 	proto.RegisterType((*DiscreteGenericResource)(nil), "docker.swarmkit.v1.DiscreteGenericResource")
 	proto.RegisterType((*GenericResource)(nil), "docker.swarmkit.v1.GenericResource")
@@ -2132,6 +3746,7 @@ func init() {
 	proto.RegisterType((*Platform)(nil), "docker.swarmkit.v1.Platform")
 	proto.RegisterType((*PluginDescription)(nil), "docker.swarmkit.v1.PluginDescription")
 	proto.RegisterType((*EngineDescription)(nil), "docker.swarmkit.v1.EngineDescription")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.EngineDescription.LabelsEntry")
 	proto.RegisterType((*NodeDescription)(nil), "docker.swarmkit.v1.NodeDescription")
 	proto.RegisterType((*NodeTLSInfo)(nil), "docker.swarmkit.v1.NodeTLSInfo")
 	proto.RegisterType((*RaftMemberStatus)(nil), "docker.swarmkit.v1.RaftMemberStatus")
@@ -2140,6 +3755,7 @@ func init() {
 	proto.RegisterType((*Mount)(nil), "docker.swarmkit.v1.Mount")
 	proto.RegisterType((*Mount_BindOptions)(nil), "docker.swarmkit.v1.Mount.BindOptions")
 	proto.RegisterType((*Mount_VolumeOptions)(nil), "docker.swarmkit.v1.Mount.VolumeOptions")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.Mount.VolumeOptions.LabelsEntry")
 	proto.RegisterType((*Mount_TmpfsOptions)(nil), "docker.swarmkit.v1.Mount.TmpfsOptions")
 	proto.RegisterType((*RestartPolicy)(nil), "docker.swarmkit.v1.RestartPolicy")
 	proto.RegisterType((*UpdateConfig)(nil), "docker.swarmkit.v1.UpdateConfig")
@@ -2148,9 +3764,12 @@ func init() {
 	proto.RegisterType((*PortStatus)(nil), "docker.swarmkit.v1.PortStatus")
 	proto.RegisterType((*TaskStatus)(nil), "docker.swarmkit.v1.TaskStatus")
 	proto.RegisterType((*NetworkAttachmentConfig)(nil), "docker.swarmkit.v1.NetworkAttachmentConfig")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.NetworkAttachmentConfig.DriverAttachmentOptsEntry")
 	proto.RegisterType((*IPAMConfig)(nil), "docker.swarmkit.v1.IPAMConfig")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.IPAMConfig.ReservedEntry")
 	proto.RegisterType((*PortConfig)(nil), "docker.swarmkit.v1.PortConfig")
 	proto.RegisterType((*Driver)(nil), "docker.swarmkit.v1.Driver")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.Driver.OptionsEntry")
 	proto.RegisterType((*IPAMOptions)(nil), "docker.swarmkit.v1.IPAMOptions")
 	proto.RegisterType((*Peer)(nil), "docker.swarmkit.v1.Peer")
 	proto.RegisterType((*WeightedPeer)(nil), "docker.swarmkit.v1.WeightedPeer")
@@ -2159,6 +3778,7 @@ func init() {
 	proto.RegisterType((*AcceptancePolicy_RoleAdmissionPolicy)(nil), "docker.swarmkit.v1.AcceptancePolicy.RoleAdmissionPolicy")
 	proto.RegisterType((*AcceptancePolicy_RoleAdmissionPolicy_Secret)(nil), "docker.swarmkit.v1.AcceptancePolicy.RoleAdmissionPolicy.Secret")
 	proto.RegisterType((*ExternalCA)(nil), "docker.swarmkit.v1.ExternalCA")
+	proto.RegisterMapType((map[string]string)(nil), "docker.swarmkit.v1.ExternalCA.OptionsEntry")
 	proto.RegisterType((*CAConfig)(nil), "docker.swarmkit.v1.CAConfig")
 	proto.RegisterType((*OrchestrationConfig)(nil), "docker.swarmkit.v1.OrchestrationConfig")
 	proto.RegisterType((*TaskDefaults)(nil), "docker.swarmkit.v1.TaskDefaults")
@@ -2174,6 +3794,7 @@ func init() {
 	proto.RegisterType((*EncryptionKey)(nil), "docker.swarmkit.v1.EncryptionKey")
 	proto.RegisterType((*ManagerStatus)(nil), "docker.swarmkit.v1.ManagerStatus")
 	proto.RegisterType((*FileTarget)(nil), "docker.swarmkit.v1.FileTarget")
+	proto.RegisterType((*RuntimeTarget)(nil), "docker.swarmkit.v1.RuntimeTarget")
 	proto.RegisterType((*SecretReference)(nil), "docker.swarmkit.v1.SecretReference")
 	proto.RegisterType((*ConfigReference)(nil), "docker.swarmkit.v1.ConfigReference")
 	proto.RegisterType((*BlacklistedCertificate)(nil), "docker.swarmkit.v1.BlacklistedCertificate")
@@ -2183,25 +3804,350 @@ func init() {
 	proto.RegisterType((*Privileges)(nil), "docker.swarmkit.v1.Privileges")
 	proto.RegisterType((*Privileges_CredentialSpec)(nil), "docker.swarmkit.v1.Privileges.CredentialSpec")
 	proto.RegisterType((*Privileges_SELinuxContext)(nil), "docker.swarmkit.v1.Privileges.SELinuxContext")
-	proto.RegisterEnum("docker.swarmkit.v1.ResourceType", ResourceType_name, ResourceType_value)
-	proto.RegisterEnum("docker.swarmkit.v1.TaskState", TaskState_name, TaskState_value)
-	proto.RegisterEnum("docker.swarmkit.v1.NodeRole", NodeRole_name, NodeRole_value)
-	proto.RegisterEnum("docker.swarmkit.v1.RaftMemberStatus_Reachability", RaftMemberStatus_Reachability_name, RaftMemberStatus_Reachability_value)
-	proto.RegisterEnum("docker.swarmkit.v1.NodeStatus_State", NodeStatus_State_name, NodeStatus_State_value)
-	proto.RegisterEnum("docker.swarmkit.v1.Mount_MountType", Mount_MountType_name, Mount_MountType_value)
-	proto.RegisterEnum("docker.swarmkit.v1.Mount_MountConsistency", Mount_MountConsistency_name, Mount_MountConsistency_value)
-	proto.RegisterEnum("docker.swarmkit.v1.Mount_BindOptions_MountPropagation", Mount_BindOptions_MountPropagation_name, Mount_BindOptions_MountPropagation_value)
-	proto.RegisterEnum("docker.swarmkit.v1.RestartPolicy_RestartCondition", RestartPolicy_RestartCondition_name, RestartPolicy_RestartCondition_value)
-	proto.RegisterEnum("docker.swarmkit.v1.UpdateConfig_FailureAction", UpdateConfig_FailureAction_name, UpdateConfig_FailureAction_value)
-	proto.RegisterEnum("docker.swarmkit.v1.UpdateConfig_UpdateOrder", UpdateConfig_UpdateOrder_name, UpdateConfig_UpdateOrder_value)
-	proto.RegisterEnum("docker.swarmkit.v1.UpdateStatus_UpdateState", UpdateStatus_UpdateState_name, UpdateStatus_UpdateState_value)
-	proto.RegisterEnum("docker.swarmkit.v1.IPAMConfig_AddressFamily", IPAMConfig_AddressFamily_name, IPAMConfig_AddressFamily_value)
-	proto.RegisterEnum("docker.swarmkit.v1.PortConfig_Protocol", PortConfig_Protocol_name, PortConfig_Protocol_value)
-	proto.RegisterEnum("docker.swarmkit.v1.PortConfig_PublishMode", PortConfig_PublishMode_name, PortConfig_PublishMode_value)
-	proto.RegisterEnum("docker.swarmkit.v1.IssuanceStatus_State", IssuanceStatus_State_name, IssuanceStatus_State_value)
-	proto.RegisterEnum("docker.swarmkit.v1.ExternalCA_CAProtocol", ExternalCA_CAProtocol_name, ExternalCA_CAProtocol_value)
-	proto.RegisterEnum("docker.swarmkit.v1.EncryptionKey_Algorithm", EncryptionKey_Algorithm_name, EncryptionKey_Algorithm_value)
-	proto.RegisterEnum("docker.swarmkit.v1.MaybeEncryptedRecord_Algorithm", MaybeEncryptedRecord_Algorithm_name, MaybeEncryptedRecord_Algorithm_value)
+	proto.RegisterType((*JobStatus)(nil), "docker.swarmkit.v1.JobStatus")
+}
+
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/types.proto", fileDescriptor_0b5eafd0404ded3d)
+}
+
+var fileDescriptor_0b5eafd0404ded3d = []byte{
+	// 5345 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x3a, 0x4b, 0x6c, 0x24, 0x49,
+	0x56, 0xae, 0x72, 0x55, 0xb9, 0xea, 0x55, 0xd9, 0xce, 0x8e, 0xf6, 0xf6, 0xb8, 0x6b, 0x7a, 0x6c,
+	0x4f, 0xce, 0xf4, 0xce, 0xec, 0xec, 0xe0, 0xfe, 0xcd, 0x8e, 0x7a, 0x66, 0x98, 0x9d, 0xa9, 0x4f,
+	0xba, 0x5d, 0xdb, 0x76, 0x55, 0x29, 0xaa, 0xdc, 0xbd, 0x8b, 0x04, 0x49, 0x3a, 0x33, 0x5c, 0xce,
+	0x76, 0x56, 0x46, 0x92, 0x99, 0x65, 0x77, 0xb1, 0x20, 0xe6, 0x04, 0xc8, 0x27, 0xb8, 0x2c, 0xbb,
+	0x42, 0x96, 0x90, 0xe0, 0xc6, 0x81, 0x03, 0x07, 0x16, 0x4e, 0x83, 0x84, 0xd0, 0x8a, 0x0b, 0xbb,
+	0x20, 0xc1, 0x0a, 0x90, 0x61, 0xbc, 0x12, 0x37, 0x04, 0x17, 0xc4, 0x85, 0x03, 0x8a, 0x4f, 0x66,
+	0xa5, 0xab, 0xd3, 0xf6, 0xcc, 0x2e, 0x17, 0xbb, 0xe2, 0xfd, 0xf2, 0xc5, 0x8b, 0x17, 0x2f, 0xde,
+	0x7b, 0x11, 0xf0, 0xd6, 0xc0, 0x0e, 0xf7, 0x47, 0xbb, 0xeb, 0x26, 0x1d, 0xde, 0xb1, 0xa8, 0x79,
+	0x40, 0xfc, 0x3b, 0xc1, 0x91, 0xe1, 0x0f, 0x0f, 0xec, 0xf0, 0x8e, 0xe1, 0xd9, 0x77, 0xc2, 0xb1,
+	0x47, 0x82, 0x75, 0xcf, 0xa7, 0x21, 0x45, 0x48, 0x10, 0xac, 0x47, 0x04, 0xeb, 0x87, 0xf7, 0xaa,
+	0xab, 0x03, 0x4a, 0x07, 0x0e, 0xb9, 0xc3, 0x29, 0x76, 0x47, 0x7b, 0x77, 0x42, 0x7b, 0x48, 0x82,
+	0xd0, 0x18, 0x7a, 0x82, 0xa9, 0xba, 0x32, 0x4d, 0x60, 0x8d, 0x7c, 0x23, 0xb4, 0xa9, 0x7b, 0x11,
+	0xfe, 0xc8, 0x37, 0x3c, 0x8f, 0xf8, 0xf2, 0xa3, 0xd5, 0xa5, 0x01, 0x1d, 0x50, 0xfe, 0xf3, 0x0e,
+	0xfb, 0x25, 0xa0, 0xea, 0x2a, 0xcc, 0x3d, 0x21, 0x7e, 0x60, 0x53, 0x17, 0x2d, 0x41, 0xde, 0x76,
+	0x2d, 0xf2, 0x7c, 0x39, 0xb3, 0x96, 0x79, 0x33, 0x87, 0xc5, 0x40, 0xbd, 0x0b, 0xd0, 0x62, 0x3f,
+	0x34, 0x37, 0xf4, 0xc7, 0x48, 0x81, 0xd9, 0x03, 0x32, 0xe6, 0x14, 0x25, 0xcc, 0x7e, 0x32, 0xc8,
+	0xa1, 0xe1, 0x2c, 0x67, 0x05, 0xe4, 0xd0, 0x70, 0xd4, 0xcf, 0x32, 0x50, 0xae, 0xb9, 0x2e, 0x0d,
+	0xb9, 0x76, 0x01, 0x42, 0x90, 0x73, 0x8d, 0x21, 0x91, 0x4c, 0xfc, 0x37, 0x6a, 0x40, 0xc1, 0x31,
+	0x76, 0x89, 0x13, 0x2c, 0x67, 0xd7, 0x66, 0xdf, 0x2c, 0xdf, 0xff, 0xea, 0xfa, 0x8b, 0x26, 0x59,
+	0x4f, 0x08, 0x59, 0xdf, 0xe2, 0xd4, 0x5c, 0x09, 0x2c, 0x59, 0xd1, 0xd7, 0x61, 0xce, 0x76, 0x2d,
+	0xdb, 0x24, 0xc1, 0x72, 0x8e, 0x4b, 0x59, 0x49, 0x93, 0x32, 0xd1, 0xbe, 0x9e, 0xfb, 0xc1, 0xe9,
+	0xea, 0x0c, 0x8e, 0x98, 0xaa, 0xef, 0x41, 0x39, 0x21, 0x36, 0x65, 0x6e, 0x4b, 0x90, 0x3f, 0x34,
+	0x9c, 0x11, 0x91, 0xb3, 0x13, 0x83, 0xf7, 0xb3, 0x0f, 0x33, 0xea, 0xc7, 0xb0, 0xd4, 0x36, 0x86,
+	0xc4, 0x7a, 0x44, 0x5c, 0xe2, 0xdb, 0x26, 0x26, 0x01, 0x1d, 0xf9, 0x26, 0x61, 0x73, 0x3d, 0xb0,
+	0x5d, 0x2b, 0x9a, 0x2b, 0xfb, 0x9d, 0x2e, 0x45, 0x6d, 0xc0, 0x4b, 0x4d, 0x3b, 0x30, 0x7d, 0x12,
+	0x92, 0x2f, 0x2c, 0x64, 0x36, 0x12, 0x72, 0x9a, 0x81, 0xc5, 0x69, 0xee, 0x5f, 0x80, 0xeb, 0xcc,
+	0xc4, 0x96, 0xee, 0x4b, 0x88, 0x1e, 0x78, 0xc4, 0xe4, 0xc2, 0xca, 0xf7, 0xdf, 0x4c, 0xb3, 0x50,
+	0xda, 0x4c, 0x36, 0x67, 0xf0, 0x35, 0x2e, 0x26, 0x02, 0xf4, 0x3c, 0x62, 0x22, 0x13, 0x6e, 0x58,
+	0x52, 0xe9, 0x29, 0xf1, 0x59, 0x2e, 0x3e, 0x75, 0x19, 0x2f, 0x98, 0xe6, 0xe6, 0x0c, 0x5e, 0x8a,
+	0x84, 0x25, 0x3f, 0x52, 0x07, 0x28, 0x46, 0xb2, 0xd5, 0xef, 0x66, 0xa0, 0x14, 0x21, 0x03, 0xf4,
+	0x15, 0x28, 0xb9, 0x86, 0x4b, 0x75, 0xd3, 0x1b, 0x05, 0x7c, 0x42, 0xb3, 0xf5, 0xca, 0xd9, 0xe9,
+	0x6a, 0xb1, 0x6d, 0xb8, 0xb4, 0xd1, 0xdd, 0x09, 0x70, 0x91, 0xa1, 0x1b, 0xde, 0x28, 0x40, 0xaf,
+	0x42, 0x65, 0x48, 0x86, 0xd4, 0x1f, 0xeb, 0xbb, 0xe3, 0x90, 0x04, 0xd2, 0x6c, 0x65, 0x01, 0xab,
+	0x33, 0x10, 0xfa, 0x10, 0xe6, 0x06, 0x42, 0xa5, 0xe5, 0x59, 0xee, 0x3e, 0xaf, 0xa5, 0x69, 0x3f,
+	0xa5, 0x35, 0x8e, 0x78, 0xd4, 0xef, 0x64, 0x61, 0x29, 0x86, 0x92, 0x5f, 0x19, 0xd9, 0x3e, 0x19,
+	0x12, 0x37, 0x0c, 0xd0, 0xd7, 0xa0, 0xe0, 0xd8, 0x43, 0x3b, 0x0c, 0xa4, 0xcd, 0x5f, 0x49, 0x13,
+	0x1b, 0x4f, 0x0a, 0x4b, 0x62, 0x54, 0x83, 0x8a, 0x4f, 0x02, 0xe2, 0x1f, 0x0a, 0x8f, 0x97, 0x16,
+	0xbd, 0x82, 0xf9, 0x1c, 0x0b, 0x7a, 0x1f, 0x20, 0x38, 0x32, 0x3c, 0x39, 0xe5, 0x59, 0x2e, 0xe0,
+	0xe5, 0x75, 0x11, 0x17, 0xd6, 0xa3, 0xb8, 0xb0, 0xde, 0x72, 0xc3, 0x77, 0xdf, 0x79, 0xc2, 0xfc,
+	0x07, 0x97, 0x18, 0xb9, 0xb0, 0xc6, 0x26, 0x5c, 0x93, 0x06, 0x63, 0x30, 0xcf, 0x76, 0x49, 0xc0,
+	0xb6, 0xd5, 0x95, 0x22, 0x14, 0xc1, 0xd5, 0x8b, 0x99, 0xd4, 0x0d, 0x28, 0x76, 0x1d, 0x23, 0xdc,
+	0xa3, 0xfe, 0x10, 0xa9, 0x50, 0x31, 0x7c, 0x73, 0xdf, 0x0e, 0x89, 0x19, 0x8e, 0xfc, 0x28, 0x06,
+	0x9c, 0x83, 0xa1, 0x1b, 0x90, 0xa5, 0x62, 0xba, 0xa5, 0x7a, 0xe1, 0xec, 0x74, 0x35, 0xdb, 0xe9,
+	0xe1, 0x2c, 0x0d, 0xd4, 0x0f, 0xe0, 0x5a, 0xd7, 0x19, 0x0d, 0x6c, 0xb7, 0x49, 0x02, 0xd3, 0xb7,
+	0x3d, 0x36, 0x47, 0xb6, 0x37, 0x58, 0x24, 0x8d, 0xf6, 0x06, 0xfb, 0x1d, 0x07, 0x98, 0xec, 0x24,
+	0xc0, 0xa8, 0xbf, 0x95, 0x85, 0x6b, 0x9a, 0x3b, 0xb0, 0x5d, 0x92, 0xe4, 0xbe, 0x0d, 0x0b, 0x84,
+	0x03, 0xf5, 0x43, 0x11, 0xf4, 0xa4, 0x9c, 0x79, 0x01, 0x8d, 0x22, 0x61, 0x6b, 0x2a, 0x3a, 0xdd,
+	0x4b, 0x5b, 0x84, 0x17, 0xa4, 0xa7, 0xc6, 0x28, 0x0d, 0xe6, 0x3c, 0x3e, 0x89, 0x40, 0x3a, 0xd9,
+	0xed, 0x34, 0x59, 0x2f, 0xcc, 0x33, 0x0a, 0x55, 0x92, 0xf7, 0x67, 0x09, 0x55, 0x7f, 0x93, 0x85,
+	0xc5, 0x36, 0xb5, 0xce, 0xd9, 0xa1, 0x0a, 0xc5, 0x7d, 0x1a, 0x84, 0x89, 0xb0, 0x1c, 0x8f, 0xd1,
+	0x43, 0x28, 0x7a, 0x72, 0xf9, 0xa4, 0x0f, 0xde, 0x4a, 0x57, 0x59, 0xd0, 0xe0, 0x98, 0x1a, 0x7d,
+	0x00, 0xa5, 0x68, 0xe3, 0x46, 0xde, 0x77, 0x85, 0xfb, 0x4e, 0xe8, 0xd1, 0x87, 0x50, 0x10, 0x8b,
+	0x20, 0x9d, 0xee, 0xf6, 0xe7, 0xb2, 0x39, 0x96, 0x4c, 0xe8, 0x11, 0x14, 0x43, 0x27, 0xd0, 0x6d,
+	0x77, 0x8f, 0x2e, 0xe7, 0xb9, 0x80, 0xd5, 0xd4, 0x50, 0x47, 0x2d, 0xd2, 0xdf, 0xea, 0xb5, 0xdc,
+	0x3d, 0x5a, 0x2f, 0x9f, 0x9d, 0xae, 0xce, 0xc9, 0x01, 0x9e, 0x0b, 0x9d, 0x80, 0xfd, 0x40, 0xb7,
+	0x20, 0xb7, 0x67, 0x7b, 0xc1, 0x72, 0x61, 0x2d, 0xf3, 0x66, 0xb1, 0x5e, 0x3c, 0x3b, 0x5d, 0xcd,
+	0x6d, 0xb4, 0xba, 0x3d, 0xcc, 0xa1, 0xea, 0xef, 0x66, 0xa0, 0x9c, 0x90, 0x81, 0x5e, 0x01, 0x08,
+	0xfd, 0x51, 0x10, 0xea, 0x3e, 0xa5, 0x21, 0x37, 0x65, 0x05, 0x97, 0x38, 0x04, 0x53, 0x1a, 0xa2,
+	0x75, 0xb8, 0x6e, 0x12, 0x3f, 0xd4, 0xed, 0x20, 0x18, 0x11, 0x5f, 0x0f, 0x46, 0xbb, 0xcf, 0x88,
+	0x19, 0x72, 0xb3, 0x56, 0xf0, 0x35, 0x86, 0x6a, 0x71, 0x4c, 0x4f, 0x20, 0xd0, 0x03, 0xb8, 0x91,
+	0xa4, 0xf7, 0x46, 0xbb, 0x8e, 0x6d, 0xea, 0x6c, 0xa9, 0x67, 0x39, 0xcb, 0xf5, 0x09, 0x4b, 0x97,
+	0xe3, 0x1e, 0x93, 0xb1, 0xfa, 0xe3, 0x0c, 0x28, 0xd8, 0xd8, 0x0b, 0xb7, 0xc9, 0x70, 0x97, 0xf8,
+	0xbd, 0xd0, 0x08, 0x47, 0x01, 0xba, 0x01, 0x05, 0x87, 0x18, 0x16, 0xf1, 0xb9, 0x52, 0x45, 0x2c,
+	0x47, 0x68, 0x87, 0x45, 0x19, 0xc3, 0xdc, 0x37, 0x76, 0x6d, 0xc7, 0x0e, 0xc7, 0x5c, 0x95, 0x85,
+	0x74, 0x07, 0x9f, 0x96, 0xb9, 0x8e, 0x13, 0x8c, 0xf8, 0x9c, 0x18, 0xb4, 0x0c, 0x73, 0x43, 0x12,
+	0x04, 0xc6, 0x80, 0x70, 0x4d, 0x4b, 0x38, 0x1a, 0xaa, 0x1f, 0x40, 0x25, 0xc9, 0x87, 0xca, 0x30,
+	0xb7, 0xd3, 0x7e, 0xdc, 0xee, 0x3c, 0x6d, 0x2b, 0x33, 0x68, 0x11, 0xca, 0x3b, 0x6d, 0xac, 0xd5,
+	0x1a, 0x9b, 0xb5, 0xfa, 0x96, 0xa6, 0x64, 0xd0, 0x3c, 0x94, 0x26, 0xc3, 0xac, 0xfa, 0xa7, 0x19,
+	0x00, 0x66, 0x6e, 0x39, 0xa9, 0xf7, 0x21, 0x1f, 0x84, 0x46, 0x28, 0x7c, 0x76, 0xe1, 0xfe, 0xeb,
+	0x17, 0xad, 0xb0, 0xd4, 0x97, 0xfd, 0x23, 0x58, 0xb0, 0x24, 0x35, 0xcc, 0x9e, 0xd3, 0x90, 0x85,
+	0x0f, 0xc3, 0xb2, 0x7c, 0xa9, 0x38, 0xff, 0xad, 0x7e, 0x00, 0x79, 0xce, 0x7d, 0x5e, 0xdd, 0x22,
+	0xe4, 0x9a, 0xec, 0x57, 0x06, 0x95, 0x20, 0x8f, 0xb5, 0x5a, 0xf3, 0x5b, 0x4a, 0x16, 0x29, 0x50,
+	0x69, 0xb6, 0x7a, 0x8d, 0x4e, 0xbb, 0xad, 0x35, 0xfa, 0x5a, 0x53, 0x99, 0x55, 0x6f, 0x43, 0xbe,
+	0x35, 0x64, 0x92, 0x6f, 0xb1, 0x0d, 0xb1, 0x47, 0x7c, 0xe2, 0x9a, 0xd1, 0x3e, 0x9b, 0x00, 0xd4,
+	0xcf, 0x2a, 0x90, 0xdf, 0xa6, 0x23, 0x37, 0x44, 0xf7, 0x13, 0x41, 0x6d, 0x21, 0x3d, 0x8b, 0xe1,
+	0x84, 0xeb, 0xfd, 0xb1, 0x47, 0x64, 0xd0, 0xbb, 0x01, 0x05, 0xb1, 0x75, 0xe4, 0x74, 0xe4, 0x88,
+	0xc1, 0x43, 0xc3, 0x1f, 0x90, 0x50, 0xce, 0x47, 0x8e, 0xd0, 0x9b, 0xec, 0x54, 0x35, 0x2c, 0xea,
+	0x3a, 0x63, 0xbe, 0xc3, 0x8a, 0xe2, 0xe8, 0xc4, 0xc4, 0xb0, 0x3a, 0xae, 0x33, 0xc6, 0x31, 0x16,
+	0x3d, 0x82, 0xb2, 0x49, 0xdd, 0xc0, 0x0e, 0x42, 0xe2, 0x9a, 0xe3, 0xe5, 0x22, 0x57, 0xea, 0xf6,
+	0xc5, 0x4a, 0x35, 0x26, 0xc4, 0x38, 0xc9, 0x89, 0x36, 0xa1, 0xb2, 0x6b, 0xbb, 0x96, 0x4e, 0x3d,
+	0x71, 0xa2, 0xe5, 0x2f, 0xde, 0xd8, 0x42, 0x52, 0xdd, 0x76, 0xad, 0x8e, 0x20, 0xc6, 0xe5, 0xdd,
+	0xc9, 0x00, 0xb5, 0x61, 0xe1, 0x90, 0x3a, 0xa3, 0x21, 0x89, 0x65, 0x15, 0xb8, 0xac, 0x37, 0x2e,
+	0x96, 0xf5, 0x84, 0xd3, 0x47, 0xd2, 0xe6, 0x0f, 0x93, 0x43, 0xf4, 0x18, 0xe6, 0xc3, 0xa1, 0xb7,
+	0x17, 0xc4, 0xe2, 0xe6, 0xb8, 0xb8, 0x2f, 0x5f, 0x62, 0x79, 0x46, 0x1e, 0x49, 0xab, 0x84, 0x89,
+	0x51, 0xf5, 0xfb, 0xb3, 0x50, 0x4e, 0x68, 0x8e, 0x7a, 0x50, 0xf6, 0x7c, 0xea, 0x19, 0x03, 0x7e,
+	0x2a, 0xcb, 0x45, 0xbd, 0xf7, 0xb9, 0x66, 0xbd, 0xde, 0x9d, 0x30, 0xe2, 0xa4, 0x14, 0xf4, 0x0e,
+	0x54, 0x5c, 0xea, 0xfa, 0xc4, 0x1c, 0xf9, 0x81, 0x7d, 0x28, 0x16, 0xbd, 0x58, 0x57, 0xce, 0x4e,
+	0x57, 0x2b, 0x6d, 0xea, 0xe2, 0x08, 0x8e, 0xcf, 0x51, 0xa9, 0x27, 0x59, 0x28, 0x27, 0x44, 0xa2,
+	0xb7, 0xa0, 0x88, 0xbb, 0xb8, 0xf5, 0xa4, 0xd6, 0xd7, 0x94, 0x99, 0xea, 0xad, 0xe3, 0x93, 0xb5,
+	0x65, 0xae, 0x43, 0xf2, 0xb3, 0x5d, 0xdf, 0x3e, 0x64, 0x9e, 0xff, 0x26, 0xcc, 0x45, 0xa4, 0x99,
+	0xea, 0xcb, 0xc7, 0x27, 0x6b, 0x2f, 0x4d, 0x93, 0x26, 0x28, 0x71, 0x6f, 0xb3, 0x86, 0xb5, 0xa6,
+	0x92, 0x4d, 0xa7, 0xc4, 0xbd, 0x7d, 0xc3, 0x27, 0x16, 0xfa, 0x32, 0x14, 0x24, 0xe1, 0x6c, 0xb5,
+	0x7a, 0x7c, 0xb2, 0x76, 0x63, 0x9a, 0x70, 0x42, 0x87, 0x7b, 0x5b, 0xb5, 0x27, 0x9a, 0x92, 0x4b,
+	0xa7, 0xc3, 0x3d, 0xc7, 0x38, 0x24, 0xe8, 0x75, 0xc8, 0x0b, 0xb2, 0x7c, 0xf5, 0xe6, 0xf1, 0xc9,
+	0xda, 0x97, 0x5e, 0x10, 0xc7, 0xa8, 0xaa, 0xcb, 0xbf, 0xfd, 0x87, 0x2b, 0x33, 0x7f, 0xf1, 0x47,
+	0x2b, 0xca, 0x34, 0xba, 0xfa, 0xbf, 0x19, 0x98, 0x3f, 0xe7, 0x28, 0x48, 0x85, 0x82, 0x4b, 0x4d,
+	0xea, 0x89, 0xc3, 0xb5, 0x58, 0x87, 0xb3, 0xd3, 0xd5, 0x42, 0x9b, 0x36, 0xa8, 0x37, 0xc6, 0x12,
+	0x83, 0x1e, 0x4f, 0xa5, 0x07, 0x0f, 0x3e, 0xa7, 0x17, 0xa6, 0x26, 0x08, 0x1f, 0xc1, 0xbc, 0xe5,
+	0xdb, 0x87, 0xc4, 0xd7, 0x4d, 0xea, 0xee, 0xd9, 0x03, 0x79, 0x70, 0x56, 0x53, 0x33, 0x69, 0x4e,
+	0x88, 0x2b, 0x82, 0xa1, 0xc1, 0xe9, 0x7f, 0x86, 0xd4, 0xa0, 0xea, 0x41, 0x25, 0xe9, 0xd7, 0xec,
+	0x34, 0x0b, 0xec, 0x5f, 0x25, 0x32, 0x7f, 0xe4, 0x09, 0x36, 0x2e, 0x31, 0x88, 0x48, 0x11, 0xdf,
+	0x80, 0xdc, 0x90, 0x5a, 0x42, 0xce, 0x7c, 0xfd, 0x3a, 0xcb, 0x50, 0xfe, 0xe9, 0x74, 0xb5, 0x4c,
+	0x83, 0xf5, 0x0d, 0xdb, 0x21, 0xdb, 0xd4, 0x22, 0x98, 0x13, 0xb0, 0x58, 0x1b, 0x6d, 0x2c, 0x79,
+	0x1a, 0xc8, 0xa1, 0xfa, 0xbd, 0x0c, 0xe4, 0x58, 0x10, 0x43, 0x2f, 0x43, 0xae, 0xde, 0x6a, 0x37,
+	0x95, 0x99, 0xea, 0xb5, 0xe3, 0x93, 0xb5, 0x79, 0x6e, 0x2d, 0x86, 0x60, 0x9b, 0x01, 0xad, 0x42,
+	0xe1, 0x49, 0x67, 0x6b, 0x67, 0x9b, 0x79, 0xde, 0xf5, 0xe3, 0x93, 0xb5, 0xc5, 0x18, 0x2d, 0xec,
+	0x89, 0x5e, 0x81, 0x7c, 0x7f, 0xbb, 0xbb, 0xd1, 0x53, 0xb2, 0x55, 0x74, 0x7c, 0xb2, 0xb6, 0x10,
+	0xe3, 0xf9, 0x74, 0xd0, 0xab, 0x90, 0x6f, 0x77, 0x5b, 0x5d, 0x4d, 0x99, 0xad, 0xde, 0x38, 0x3e,
+	0x59, 0x43, 0x31, 0x9a, 0x57, 0x3a, 0x5d, 0xdb, 0x23, 0xd5, 0x6b, 0xd2, 0x27, 0x4a, 0x31, 0x4e,
+	0xfd, 0x51, 0x06, 0xca, 0x89, 0x58, 0xc6, 0xdc, 0xba, 0xa9, 0x6d, 0xd4, 0x76, 0xb6, 0xfa, 0xca,
+	0x4c, 0xc2, 0xad, 0x13, 0x24, 0x4d, 0xb2, 0x67, 0x8c, 0x1c, 0x16, 0x5b, 0xa1, 0xd1, 0x69, 0xf7,
+	0x5a, 0xbd, 0xbe, 0xd6, 0xee, 0x2b, 0x99, 0xea, 0xf2, 0xf1, 0xc9, 0xda, 0xd2, 0x34, 0xf1, 0xc6,
+	0xc8, 0x71, 0x98, 0x63, 0x37, 0x6a, 0x8d, 0x4d, 0xbe, 0x53, 0x26, 0x8e, 0x9d, 0xa0, 0x6a, 0x18,
+	0xe6, 0x3e, 0xb1, 0xd0, 0xdb, 0x50, 0x6a, 0x6a, 0x5b, 0xda, 0xa3, 0x1a, 0x3f, 0x51, 0xaa, 0xaf,
+	0x1c, 0x9f, 0xac, 0xdd, 0x7c, 0xf1, 0xeb, 0x0e, 0x19, 0x18, 0x21, 0xb1, 0xa6, 0x1c, 0x3c, 0x41,
+	0xa2, 0xfe, 0x77, 0x16, 0xe6, 0x31, 0x09, 0x42, 0xc3, 0x0f, 0xbb, 0xd4, 0xb1, 0xcd, 0x31, 0xea,
+	0x42, 0xc9, 0xa4, 0xae, 0x65, 0x27, 0x62, 0xd3, 0xfd, 0x0b, 0x92, 0xb4, 0x09, 0x57, 0x34, 0x6a,
+	0x44, 0x9c, 0x78, 0x22, 0x04, 0xdd, 0x81, 0xbc, 0x45, 0x1c, 0x63, 0x2c, 0xb3, 0xc5, 0x9b, 0x2f,
+	0x54, 0x0b, 0x4d, 0xd9, 0xa8, 0xc0, 0x82, 0x8e, 0xd7, 0x66, 0xc6, 0x73, 0xdd, 0x08, 0x43, 0x32,
+	0xf4, 0x42, 0xe1, 0x23, 0x39, 0x5c, 0x1e, 0x1a, 0xcf, 0x6b, 0x12, 0x84, 0xee, 0x41, 0xe1, 0xc8,
+	0x76, 0x2d, 0x7a, 0x24, 0xb3, 0xc1, 0x4b, 0x84, 0x4a, 0x42, 0xf5, 0x98, 0xa5, 0x41, 0x53, 0x6a,
+	0x32, 0x37, 0x6b, 0x77, 0xda, 0x5a, 0xe4, 0x66, 0x12, 0xdf, 0x71, 0xdb, 0xd4, 0x65, 0xd1, 0x03,
+	0x3a, 0x6d, 0x7d, 0xa3, 0xd6, 0xda, 0xda, 0xc1, 0xcc, 0xd5, 0x96, 0x8e, 0x4f, 0xd6, 0x94, 0x98,
+	0x64, 0xc3, 0xb0, 0x1d, 0x56, 0x9e, 0xdc, 0x84, 0xd9, 0x5a, 0xfb, 0x5b, 0x4a, 0xb6, 0xaa, 0x1c,
+	0x9f, 0xac, 0x55, 0x62, 0x74, 0xcd, 0x1d, 0x4f, 0xec, 0x3e, 0xfd, 0x5d, 0xf5, 0x6f, 0x67, 0xa1,
+	0xb2, 0xe3, 0x59, 0x46, 0x48, 0xc4, 0x2e, 0x45, 0x6b, 0x50, 0xf6, 0x0c, 0xdf, 0x70, 0x1c, 0xe2,
+	0xd8, 0xc1, 0x50, 0xb6, 0x58, 0x92, 0x20, 0xf4, 0xde, 0xe7, 0x35, 0x63, 0xbd, 0xc8, 0x76, 0xde,
+	0x77, 0xff, 0x75, 0x35, 0x13, 0x19, 0x74, 0x07, 0x16, 0xf6, 0x84, 0xb6, 0xba, 0x61, 0xf2, 0x85,
+	0x9d, 0xe5, 0x0b, 0xbb, 0x9e, 0xb6, 0xb0, 0x49, 0xb5, 0xd6, 0xe5, 0x24, 0x6b, 0x9c, 0x0b, 0xcf,
+	0xef, 0x25, 0x87, 0xe8, 0x01, 0xcc, 0x0d, 0xa9, 0x6b, 0x87, 0xd4, 0xbf, 0x7a, 0x15, 0x22, 0x4a,
+	0xf4, 0x16, 0x5c, 0x63, 0x8b, 0x1b, 0xe9, 0xc3, 0xd1, 0xfc, 0xe4, 0xcf, 0xe2, 0xc5, 0xa1, 0xf1,
+	0x5c, 0x7e, 0x10, 0x33, 0x30, 0xaa, 0x43, 0x9e, 0xfa, 0x2c, 0x47, 0x2d, 0x70, 0x75, 0xdf, 0xbe,
+	0x52, 0x5d, 0x31, 0xe8, 0x30, 0x1e, 0x2c, 0x58, 0xd5, 0x77, 0x61, 0xfe, 0xdc, 0x24, 0x58, 0x6a,
+	0xd6, 0xad, 0xed, 0xf4, 0x34, 0x65, 0x06, 0x55, 0xa0, 0xd8, 0xe8, 0xb4, 0xfb, 0xad, 0xf6, 0x0e,
+	0xcb, 0x2d, 0x2b, 0x50, 0xc4, 0x9d, 0xad, 0xad, 0x7a, 0xad, 0xf1, 0x58, 0xc9, 0xaa, 0xeb, 0x50,
+	0x4e, 0x48, 0x43, 0x0b, 0x00, 0xbd, 0x7e, 0xa7, 0xab, 0x6f, 0xb4, 0x70, 0xaf, 0x2f, 0x32, 0xd3,
+	0x5e, 0xbf, 0x86, 0xfb, 0x12, 0x90, 0x51, 0xff, 0x33, 0x1b, 0xad, 0xa8, 0x4c, 0x46, 0xeb, 0xe7,
+	0x93, 0xd1, 0x4b, 0x94, 0x97, 0xe9, 0xe8, 0x64, 0x10, 0x27, 0xa5, 0xef, 0x01, 0x70, 0xc7, 0x21,
+	0x96, 0x6e, 0x84, 0x72, 0xe1, 0xab, 0x2f, 0x18, 0xb9, 0x1f, 0x75, 0x02, 0x71, 0x49, 0x52, 0xd7,
+	0x42, 0xf4, 0x21, 0x54, 0x4c, 0x3a, 0xf4, 0x1c, 0x22, 0x99, 0x67, 0xaf, 0x64, 0x2e, 0xc7, 0xf4,
+	0xb5, 0x30, 0x99, 0x0e, 0xe7, 0xce, 0x27, 0xec, 0xbf, 0x99, 0x89, 0x2c, 0x93, 0x92, 0x01, 0x57,
+	0xa0, 0xb8, 0xd3, 0x6d, 0xd6, 0xfa, 0xad, 0xf6, 0x23, 0x25, 0x83, 0x00, 0x0a, 0xdc, 0xd4, 0x4d,
+	0x25, 0xcb, 0x32, 0xf7, 0x46, 0x67, 0xbb, 0xbb, 0xa5, 0xf1, 0x88, 0x85, 0x96, 0x40, 0x89, 0x8c,
+	0xad, 0x73, 0x43, 0x6a, 0x4d, 0x25, 0x87, 0xae, 0xc3, 0x62, 0x0c, 0x95, 0x9c, 0x79, 0x74, 0x03,
+	0x50, 0x0c, 0x9c, 0x88, 0x28, 0xa8, 0xbf, 0x0e, 0x8b, 0x0d, 0xea, 0x86, 0x86, 0xed, 0xc6, 0x55,
+	0xcd, 0x7d, 0x36, 0x69, 0x09, 0xd2, 0x6d, 0xd9, 0x21, 0xab, 0x2f, 0x9e, 0x9d, 0xae, 0x96, 0x63,
+	0xd2, 0x56, 0x93, 0x67, 0xa1, 0x72, 0x60, 0xb1, 0xfd, 0xeb, 0xd9, 0x16, 0x37, 0x6e, 0xbe, 0x3e,
+	0x77, 0x76, 0xba, 0x3a, 0xdb, 0x6d, 0x35, 0x31, 0x83, 0xa1, 0x97, 0xa1, 0x44, 0x9e, 0xdb, 0xa1,
+	0x6e, 0xb2, 0x53, 0x8d, 0x19, 0x30, 0x8f, 0x8b, 0x0c, 0xd0, 0xa0, 0x16, 0x51, 0xeb, 0x00, 0x5d,
+	0xea, 0x87, 0xf2, 0xcb, 0xef, 0x40, 0xde, 0xa3, 0x3e, 0xef, 0xe9, 0x5c, 0xd8, 0x69, 0x64, 0xe4,
+	0xc2, 0x51, 0xb1, 0x20, 0x56, 0xbf, 0x37, 0x0b, 0xd0, 0x37, 0x82, 0x03, 0x29, 0xe4, 0x21, 0x94,
+	0xe2, 0xae, 0xae, 0x6c, 0x0e, 0x5d, 0xba, 0xda, 0x31, 0x31, 0x7a, 0x10, 0x39, 0x9b, 0xa8, 0xd7,
+	0x52, 0xcb, 0xea, 0xe8, 0x43, 0x69, 0x25, 0xcf, 0xf9, 0xa2, 0x8c, 0x25, 0x09, 0xc4, 0xf7, 0xe5,
+	0xca, 0xb3, 0x9f, 0xa8, 0xc1, 0x8f, 0x05, 0x61, 0x34, 0x99, 0xa8, 0xa7, 0xb6, 0xc3, 0xa6, 0x56,
+	0x64, 0x73, 0x06, 0x4f, 0xf8, 0xd0, 0x47, 0x50, 0x66, 0xf3, 0xd6, 0x03, 0x8e, 0x93, 0x39, 0xfa,
+	0x85, 0xa6, 0x12, 0x12, 0x30, 0x78, 0x13, 0x2b, 0xbf, 0x02, 0x60, 0x78, 0x9e, 0x63, 0x13, 0x4b,
+	0xdf, 0x1d, 0xf3, 0xa4, 0xbc, 0x84, 0x4b, 0x12, 0x52, 0x1f, 0xb3, 0xed, 0x12, 0xa1, 0x8d, 0x90,
+	0x17, 0x26, 0x57, 0x18, 0x50, 0x52, 0xd7, 0xc2, 0xba, 0x02, 0x0b, 0xfe, 0xc8, 0x65, 0x06, 0x95,
+	0xda, 0xa9, 0x7f, 0x92, 0x85, 0x97, 0xda, 0x24, 0x3c, 0xa2, 0xfe, 0x41, 0x2d, 0x0c, 0x0d, 0x73,
+	0x7f, 0x48, 0x5c, 0xb9, 0x7c, 0x89, 0x22, 0x2a, 0x73, 0xae, 0x88, 0x5a, 0x86, 0x39, 0xc3, 0xb1,
+	0x8d, 0x80, 0x88, 0xd4, 0xaf, 0x84, 0xa3, 0x21, 0x2b, 0xf5, 0x58, 0xe1, 0x48, 0x82, 0x80, 0x88,
+	0x4e, 0x0f, 0x53, 0x3c, 0x02, 0xa0, 0x6f, 0xc3, 0x0d, 0x99, 0xe4, 0x19, 0xf1, 0xa7, 0x58, 0xed,
+	0x11, 0x35, 0xae, 0xb5, 0xd4, 0x4a, 0x36, 0x5d, 0x39, 0x99, 0x05, 0x4e, 0xc0, 0x1d, 0x2f, 0x94,
+	0x39, 0xe5, 0x92, 0x95, 0x82, 0xaa, 0x3e, 0x82, 0x9b, 0x17, 0xb2, 0x7c, 0xa1, 0x4e, 0xd2, 0xdf,
+	0x67, 0x01, 0x5a, 0xdd, 0xda, 0xb6, 0x34, 0x52, 0x13, 0x0a, 0x7b, 0xc6, 0xd0, 0x76, 0xc6, 0x97,
+	0x45, 0xc0, 0x09, 0xfd, 0x7a, 0x4d, 0x98, 0x63, 0x83, 0xf3, 0x60, 0xc9, 0xcb, 0xeb, 0xd8, 0xd1,
+	0xae, 0x4b, 0xc2, 0xb8, 0x8e, 0xe5, 0x23, 0xa6, 0x86, 0x6f, 0xb8, 0xb1, 0xeb, 0x8a, 0x01, 0x5b,
+	0x00, 0x96, 0xf2, 0x1c, 0x19, 0xe3, 0x28, 0x6c, 0xc9, 0x21, 0xda, 0xe4, 0x5d, 0x63, 0xe2, 0x1f,
+	0x12, 0x6b, 0x39, 0xcf, 0x8d, 0x7a, 0x95, 0x3e, 0x58, 0x92, 0x0b, 0xdb, 0xc5, 0xdc, 0xd5, 0x0f,
+	0x78, 0xca, 0x34, 0x41, 0x7d, 0x21, 0x1b, 0xdd, 0x85, 0xf9, 0x73, 0xf3, 0x7c, 0xa1, 0x81, 0xd0,
+	0xea, 0x3e, 0x79, 0x47, 0xc9, 0xc9, 0x5f, 0xef, 0x2a, 0x05, 0xf5, 0xaf, 0x67, 0x45, 0xa0, 0x91,
+	0x56, 0x4d, 0xbf, 0x2d, 0x29, 0x72, 0xef, 0x36, 0xa9, 0x23, 0x03, 0xc0, 0x1b, 0x97, 0xc7, 0x1f,
+	0x56, 0x47, 0x72, 0x72, 0x1c, 0x33, 0xa2, 0x55, 0x28, 0x0b, 0x2f, 0xd6, 0xd9, 0x86, 0xe3, 0x66,
+	0x9d, 0xc7, 0x20, 0x40, 0x8c, 0x13, 0xdd, 0x86, 0x05, 0xde, 0x70, 0x0a, 0xf6, 0x89, 0x25, 0x68,
+	0x72, 0x9c, 0x66, 0x3e, 0x86, 0x72, 0xb2, 0x6d, 0xa8, 0x48, 0x80, 0xce, 0xab, 0x81, 0x3c, 0x57,
+	0xe8, 0xad, 0xab, 0x14, 0x12, 0x2c, 0xbc, 0x48, 0x28, 0x7b, 0x93, 0x81, 0xfa, 0xcb, 0x50, 0x8c,
+	0x94, 0x45, 0xcb, 0x30, 0xdb, 0x6f, 0x74, 0x95, 0x99, 0xea, 0xe2, 0xf1, 0xc9, 0x5a, 0x39, 0x02,
+	0xf7, 0x1b, 0x5d, 0x86, 0xd9, 0x69, 0x76, 0x95, 0xcc, 0x79, 0xcc, 0x4e, 0xb3, 0x8b, 0xaa, 0x90,
+	0xeb, 0x35, 0xfa, 0xdd, 0x28, 0x3f, 0x8b, 0x50, 0x0c, 0x56, 0xcd, 0xb1, 0xfc, 0x4c, 0xdd, 0x83,
+	0x72, 0xe2, 0xeb, 0xe8, 0x35, 0x98, 0x6b, 0xb5, 0x1f, 0x61, 0xad, 0xd7, 0x53, 0x66, 0x44, 0x79,
+	0x90, 0xc0, 0xb6, 0xdc, 0x01, 0x5b, 0x3b, 0xf4, 0x0a, 0xe4, 0x36, 0x3b, 0xec, 0xdc, 0x17, 0xf5,
+	0x47, 0x82, 0x62, 0x93, 0x06, 0x61, 0xf5, 0xba, 0x4c, 0xfc, 0x92, 0x82, 0xd5, 0xdf, 0xcf, 0x40,
+	0x41, 0x6c, 0xb4, 0xd4, 0x45, 0xac, 0x4d, 0x8a, 0x22, 0x51, 0x36, 0xbe, 0x71, 0x71, 0x89, 0xb7,
+	0x2e, 0x2b, 0x32, 0xe1, 0x9a, 0x11, 0x5f, 0xf5, 0x7d, 0xa8, 0x24, 0x11, 0x5f, 0xc8, 0x31, 0xbf,
+	0x0d, 0x65, 0xe6, 0xfb, 0x51, 0xa9, 0x77, 0x1f, 0x0a, 0x22, 0x58, 0xc4, 0xe7, 0xd0, 0xc5, 0xf5,
+	0xa6, 0xa4, 0x44, 0x0f, 0x61, 0x4e, 0xd4, 0xa8, 0x51, 0x2f, 0x7b, 0xe5, 0xf2, 0x1d, 0x86, 0x23,
+	0x72, 0xf5, 0x23, 0xc8, 0x75, 0x09, 0xf1, 0x99, 0xed, 0x5d, 0x6a, 0x91, 0xc9, 0xd1, 0x2d, 0xcb,
+	0x6b, 0x8b, 0xb4, 0x9a, 0xac, 0xbc, 0xb6, 0x48, 0xcb, 0x8a, 0xfb, 0x71, 0xd9, 0x44, 0x3f, 0xae,
+	0x0f, 0x95, 0xa7, 0xc4, 0x1e, 0xec, 0x87, 0xc4, 0xe2, 0x82, 0xde, 0x86, 0x9c, 0x47, 0x62, 0xe5,
+	0x97, 0x53, 0x9d, 0x8f, 0x10, 0x1f, 0x73, 0x2a, 0x16, 0x63, 0x8e, 0x38, 0xb7, 0xbc, 0x06, 0x92,
+	0x23, 0xf5, 0xef, 0xb2, 0xb0, 0xd0, 0x0a, 0x82, 0x91, 0xe1, 0x9a, 0x51, 0x56, 0xf7, 0xf5, 0xf3,
+	0x59, 0x5d, 0xea, 0x7d, 0xd9, 0x79, 0x96, 0xf3, 0x6d, 0x46, 0x79, 0xb2, 0x66, 0xe3, 0x93, 0x55,
+	0xfd, 0x8f, 0x4c, 0xd4, 0x4b, 0xbc, 0x9d, 0x08, 0x05, 0xa2, 0x46, 0x4c, 0x4a, 0x22, 0x3b, 0xee,
+	0x81, 0x4b, 0x8f, 0x5c, 0x56, 0xbd, 0x62, 0xad, 0xad, 0x3d, 0x55, 0x32, 0xc2, 0x3d, 0xcf, 0x11,
+	0x61, 0xe2, 0x92, 0x23, 0x26, 0xa9, 0xab, 0xb5, 0x9b, 0x2c, 0x0b, 0xcb, 0xa6, 0x48, 0xea, 0x12,
+	0xd7, 0xb2, 0xdd, 0x01, 0x7a, 0x0d, 0x0a, 0xad, 0x5e, 0x6f, 0x87, 0x97, 0x90, 0x2f, 0x1d, 0x9f,
+	0xac, 0x5d, 0x3f, 0x47, 0xc5, 0xfb, 0xc8, 0x16, 0x23, 0x62, 0x25, 0x10, 0xcb, 0xcf, 0x52, 0x88,
+	0x58, 0x6e, 0x2d, 0x88, 0x70, 0xa7, 0x5f, 0xeb, 0x6b, 0x4a, 0x3e, 0x85, 0x08, 0x53, 0xf6, 0x57,
+	0x6e, 0xb7, 0x7f, 0xce, 0x82, 0x52, 0x33, 0x4d, 0xe2, 0x85, 0x0c, 0x2f, 0xab, 0xce, 0x3e, 0x14,
+	0x3d, 0xf6, 0xcb, 0x26, 0x51, 0x06, 0xf5, 0x30, 0xf5, 0xc6, 0x77, 0x8a, 0x6f, 0x1d, 0x53, 0x87,
+	0xd4, 0xac, 0xa1, 0x1d, 0x04, 0x36, 0x75, 0x05, 0x0c, 0xc7, 0x92, 0xaa, 0xff, 0x95, 0x81, 0xeb,
+	0x29, 0x14, 0xe8, 0x2e, 0xe4, 0x7c, 0xea, 0x44, 0x6b, 0x78, 0xeb, 0xa2, 0x36, 0x31, 0x63, 0xc5,
+	0x9c, 0x12, 0xad, 0x00, 0x18, 0xa3, 0x90, 0x1a, 0xfc, 0xfb, 0xa2, 0xb9, 0x86, 0x13, 0x10, 0xf4,
+	0x14, 0x0a, 0x01, 0x31, 0x7d, 0x12, 0xe5, 0xd9, 0x1f, 0xfd, 0xb4, 0xda, 0xaf, 0xf7, 0xb8, 0x18,
+	0x2c, 0xc5, 0x55, 0xd7, 0xa1, 0x20, 0x20, 0xcc, 0xed, 0x2d, 0x23, 0x34, 0xe4, 0x25, 0x02, 0xff,
+	0xcd, 0xbc, 0xc9, 0x70, 0x06, 0x91, 0x37, 0x19, 0xce, 0x40, 0xfd, 0xab, 0x2c, 0x80, 0xf6, 0x3c,
+	0x24, 0xbe, 0x6b, 0x38, 0x8d, 0x1a, 0xd2, 0x12, 0x27, 0x83, 0x98, 0xed, 0x57, 0x52, 0xef, 0x4d,
+	0x62, 0x8e, 0xf5, 0x46, 0x2d, 0xe5, 0x6c, 0xb8, 0x09, 0xb3, 0x23, 0x5f, 0x5e, 0xe2, 0x8b, 0x1c,
+	0x79, 0x07, 0x6f, 0x61, 0x06, 0x43, 0x5a, 0xb2, 0x97, 0x73, 0xe1, 0x55, 0x7d, 0xe2, 0x03, 0xa9,
+	0xa1, 0x8b, 0xed, 0x7c, 0xd3, 0xd0, 0x4d, 0x22, 0x4f, 0x95, 0x8a, 0xd8, 0xf9, 0x8d, 0x5a, 0x83,
+	0xf8, 0x21, 0x2e, 0x98, 0x06, 0xfb, 0xff, 0x33, 0xc5, 0xb7, 0xb7, 0x01, 0x26, 0x53, 0x43, 0x2b,
+	0x90, 0x6f, 0x6c, 0xf4, 0x7a, 0x5b, 0xca, 0x8c, 0x08, 0xe0, 0x13, 0x14, 0x07, 0xab, 0x7f, 0x9e,
+	0x85, 0x62, 0xa3, 0x26, 0x8f, 0xdc, 0x06, 0x28, 0x3c, 0x2a, 0xf1, 0xab, 0x17, 0xf2, 0xdc, 0xb3,
+	0xfd, 0xb1, 0x0c, 0x2c, 0x97, 0x14, 0xbc, 0x0b, 0x8c, 0x85, 0x69, 0xad, 0x71, 0x06, 0x84, 0xa1,
+	0x42, 0xa4, 0x11, 0x74, 0xd3, 0x88, 0x62, 0xfc, 0xca, 0xe5, 0xc6, 0x12, 0xa5, 0xcb, 0x64, 0x1c,
+	0xe0, 0x72, 0x24, 0xa4, 0x61, 0x04, 0xe8, 0x3d, 0x58, 0x0c, 0xec, 0x81, 0x6b, 0xbb, 0x03, 0x3d,
+	0x32, 0x1e, 0xbf, 0x07, 0xaa, 0x5f, 0x3b, 0x3b, 0x5d, 0x9d, 0xef, 0x09, 0x94, 0xb4, 0xe1, 0xbc,
+	0xa4, 0x6c, 0x70, 0x53, 0xa2, 0x77, 0x61, 0x21, 0xc1, 0xca, 0xac, 0x28, 0xcc, 0xce, 0x3b, 0xc6,
+	0x31, 0xe7, 0x63, 0x32, 0xc6, 0x95, 0x98, 0xf1, 0x31, 0xe1, 0xbd, 0x99, 0x3d, 0xea, 0x9b, 0x44,
+	0xf7, 0xf9, 0x9e, 0xe6, 0xa7, 0x7b, 0x0e, 0x97, 0x39, 0x4c, 0x6c, 0x73, 0xf5, 0x09, 0x5c, 0xef,
+	0xf8, 0xe6, 0x3e, 0x09, 0x42, 0x61, 0x0a, 0x69, 0xc5, 0x8f, 0xe0, 0x56, 0x68, 0x04, 0x07, 0xfa,
+	0xbe, 0x1d, 0x84, 0xd4, 0x1f, 0xeb, 0x3e, 0x09, 0x89, 0xcb, 0xf0, 0x3a, 0xbf, 0xe0, 0x96, 0xed,
+	0xc4, 0x9b, 0x8c, 0x66, 0x53, 0x90, 0xe0, 0x88, 0x62, 0x8b, 0x11, 0xa8, 0x2d, 0xa8, 0xb0, 0x12,
+	0x46, 0x36, 0xd5, 0xd8, 0xec, 0xc1, 0xa1, 0x03, 0xfd, 0x73, 0x1f, 0x53, 0x25, 0x87, 0x0e, 0xc4,
+	0x4f, 0xf5, 0x9b, 0xa0, 0x34, 0xed, 0xc0, 0x33, 0x42, 0x73, 0x3f, 0xea, 0x93, 0xa2, 0x26, 0x28,
+	0xfb, 0xc4, 0xf0, 0xc3, 0x5d, 0x62, 0x84, 0xba, 0x47, 0x7c, 0x9b, 0x5a, 0x57, 0xaf, 0xf2, 0x62,
+	0xcc, 0xd2, 0xe5, 0x1c, 0xea, 0xff, 0x64, 0x00, 0xb0, 0xb1, 0x17, 0x65, 0x6b, 0x5f, 0x85, 0x6b,
+	0x81, 0x6b, 0x78, 0xc1, 0x3e, 0x0d, 0x75, 0xdb, 0x0d, 0x89, 0x7f, 0x68, 0x38, 0xb2, 0xb9, 0xa3,
+	0x44, 0x88, 0x96, 0x84, 0xa3, 0xb7, 0x01, 0x1d, 0x10, 0xe2, 0xe9, 0xd4, 0xb1, 0xf4, 0x08, 0x29,
+	0x2e, 0xbe, 0x73, 0x58, 0x61, 0x98, 0x8e, 0x63, 0xf5, 0x22, 0x38, 0xaa, 0xc3, 0x0a, 0x9b, 0x3e,
+	0x71, 0x43, 0xdf, 0x26, 0x81, 0xbe, 0x47, 0x7d, 0x3d, 0x70, 0xe8, 0x91, 0xbe, 0x47, 0x1d, 0x87,
+	0x1e, 0x11, 0x3f, 0xea, 0x9b, 0x55, 0x1d, 0x3a, 0xd0, 0x04, 0xd1, 0x06, 0xf5, 0x7b, 0x0e, 0x3d,
+	0xda, 0x88, 0x28, 0x58, 0x4a, 0x37, 0x99, 0x73, 0x68, 0x9b, 0x07, 0x51, 0x4a, 0x17, 0x43, 0xfb,
+	0xb6, 0x79, 0x80, 0x5e, 0x83, 0x79, 0xe2, 0x10, 0xde, 0x3e, 0x11, 0x54, 0x79, 0x4e, 0x55, 0x89,
+	0x80, 0x8c, 0x48, 0xfd, 0x18, 0x14, 0xcd, 0x35, 0xfd, 0xb1, 0x97, 0x58, 0xf3, 0xb7, 0x01, 0xb1,
+	0x20, 0xa9, 0x3b, 0xd4, 0x3c, 0xd0, 0x87, 0x86, 0x6b, 0x0c, 0x98, 0x5e, 0xe2, 0xc6, 0x51, 0x61,
+	0x98, 0x2d, 0x6a, 0x1e, 0x6c, 0x4b, 0xb8, 0xfa, 0x1e, 0x40, 0xcf, 0xf3, 0x89, 0x61, 0x75, 0x58,
+	0x36, 0xc1, 0x4c, 0xc7, 0x47, 0xba, 0x25, 0xef, 0x73, 0xa9, 0x2f, 0xb7, 0xba, 0x22, 0x10, 0xcd,
+	0x18, 0xae, 0xfe, 0x22, 0x5c, 0xef, 0x3a, 0x86, 0xc9, 0x5f, 0x58, 0x74, 0xe3, 0x2b, 0x34, 0xf4,
+	0x10, 0x0a, 0x82, 0x54, 0xae, 0x64, 0xea, 0x76, 0x9b, 0x7c, 0x73, 0x73, 0x06, 0x4b, 0xfa, 0x7a,
+	0x05, 0x60, 0x22, 0x47, 0xfd, 0xc7, 0x0c, 0x94, 0x62, 0xf9, 0x68, 0x4d, 0x5c, 0x80, 0x85, 0xbe,
+	0x61, 0xbb, 0xb2, 0xe2, 0x2f, 0xe1, 0x24, 0x08, 0xb5, 0xa0, 0xec, 0xc5, 0xdc, 0x97, 0xe6, 0x73,
+	0x29, 0x5a, 0xe3, 0x24, 0x2f, 0x7a, 0x1f, 0x4a, 0xd1, 0x05, 0x7a, 0x14, 0x61, 0x2f, 0xbf, 0x6f,
+	0x9f, 0x90, 0x47, 0x8d, 0x54, 0x9f, 0x78, 0x8e, 0xcd, 0x62, 0x4e, 0x2e, 0x6e, 0xa4, 0x62, 0x09,
+	0x52, 0xbf, 0x0e, 0xf0, 0x0d, 0x6a, 0xbb, 0x7d, 0x7a, 0x40, 0x5c, 0x7e, 0x2b, 0xcc, 0x4a, 0x4a,
+	0x12, 0x19, 0x5a, 0x8e, 0x78, 0xa7, 0x40, 0xac, 0x52, 0x7c, 0x39, 0x2a, 0x86, 0xea, 0x5f, 0x66,
+	0xa1, 0x80, 0x29, 0x0d, 0x1b, 0x35, 0xb4, 0x06, 0x05, 0x19, 0x4a, 0xf8, 0x11, 0x55, 0x2f, 0x9d,
+	0x9d, 0xae, 0xe6, 0x45, 0x0c, 0xc9, 0x9b, 0x3c, 0x78, 0x24, 0x82, 0x7c, 0xf6, 0xa2, 0x20, 0x8f,
+	0xee, 0x42, 0x45, 0x12, 0xe9, 0xfb, 0x46, 0xb0, 0x2f, 0xea, 0xbb, 0xfa, 0xc2, 0xd9, 0xe9, 0x2a,
+	0x08, 0xca, 0x4d, 0x23, 0xd8, 0xc7, 0x20, 0xa8, 0xd9, 0x6f, 0xa4, 0x41, 0xf9, 0x19, 0xb5, 0x5d,
+	0x3d, 0xe4, 0x93, 0x90, 0xbd, 0xc8, 0xd4, 0xa5, 0x9e, 0x4c, 0x55, 0x3e, 0xa0, 0x80, 0x67, 0x93,
+	0xc9, 0x6b, 0x30, 0xef, 0x53, 0x1a, 0x8a, 0xc8, 0x66, 0x53, 0x57, 0xb6, 0x39, 0xd6, 0x52, 0xbb,
+	0xdf, 0x94, 0x86, 0x58, 0xd2, 0xe1, 0x8a, 0x9f, 0x18, 0xa1, 0xbb, 0xb0, 0xe4, 0x18, 0x41, 0xa8,
+	0xf3, 0x90, 0x68, 0x4d, 0xa4, 0x15, 0xb8, 0xf1, 0x11, 0xc3, 0x6d, 0x70, 0x54, 0xc4, 0xa1, 0xfe,
+	0x43, 0x06, 0xca, 0x6c, 0x32, 0xf6, 0x9e, 0x6d, 0xb2, 0x3c, 0xf0, 0x8b, 0xa7, 0x27, 0x37, 0x61,
+	0xd6, 0x0c, 0x7c, 0x69, 0x54, 0x7e, 0x3e, 0x37, 0x7a, 0x18, 0x33, 0x18, 0xfa, 0x18, 0x0a, 0xb2,
+	0xdd, 0x22, 0x32, 0x13, 0xf5, 0xea, 0x8c, 0x55, 0xda, 0x46, 0xf2, 0x71, 0x77, 0x9f, 0x68, 0x27,
+	0xce, 0x09, 0x9c, 0x04, 0xa1, 0x1b, 0x90, 0x35, 0x85, 0xb9, 0xe4, 0x0b, 0x9d, 0x46, 0x1b, 0x67,
+	0x4d, 0x57, 0xfd, 0x51, 0x06, 0xe6, 0x27, 0x31, 0x81, 0x79, 0xc0, 0x2d, 0x28, 0x05, 0xa3, 0xdd,
+	0x60, 0x1c, 0x84, 0x64, 0x18, 0xdd, 0x78, 0xc7, 0x00, 0xd4, 0x82, 0x92, 0xe1, 0x0c, 0xa8, 0x6f,
+	0x87, 0xfb, 0x43, 0x59, 0xc8, 0xa6, 0x67, 0x13, 0x49, 0x99, 0xeb, 0xb5, 0x88, 0x05, 0x4f, 0xb8,
+	0xa3, 0xd4, 0x40, 0x3c, 0x8b, 0xe0, 0xa9, 0xc1, 0xab, 0x50, 0x71, 0x8c, 0x21, 0xef, 0x3f, 0x85,
+	0xf6, 0x90, 0x44, 0x9b, 0x41, 0xc2, 0xfa, 0xf6, 0x90, 0xa8, 0x2a, 0x94, 0x62, 0x61, 0x68, 0x11,
+	0xca, 0x35, 0xad, 0xa7, 0xdf, 0xbb, 0xff, 0x50, 0x7f, 0xd4, 0xd8, 0x56, 0x66, 0x64, 0xfa, 0xfa,
+	0x67, 0x19, 0x98, 0x97, 0x11, 0x4b, 0x96, 0x04, 0xaf, 0xc1, 0x9c, 0x6f, 0xec, 0x85, 0x51, 0xd1,
+	0x92, 0x13, 0x5e, 0xcd, 0x0e, 0x01, 0x56, 0xb4, 0x30, 0x54, 0x7a, 0xd1, 0x92, 0x78, 0x83, 0x31,
+	0x7b, 0xe9, 0x1b, 0x8c, 0xdc, 0xff, 0xcb, 0x1b, 0x0c, 0xf5, 0x37, 0x00, 0x36, 0x6c, 0x87, 0xf4,
+	0x45, 0xab, 0x2a, 0xad, 0x04, 0x65, 0x69, 0x9e, 0x6c, 0x85, 0x46, 0x69, 0x5e, 0xab, 0x89, 0x19,
+	0x8c, 0xa1, 0x06, 0xb6, 0x25, 0x37, 0x23, 0x47, 0x3d, 0x62, 0xa8, 0x81, 0x6d, 0xc5, 0xd7, 0x7e,
+	0xb9, 0x2b, 0xae, 0xfd, 0xd4, 0x45, 0x98, 0xc7, 0xa2, 0xc7, 0x26, 0x74, 0x50, 0x4f, 0x32, 0xb0,
+	0x28, 0xf3, 0xdd, 0x38, 0x64, 0x7f, 0x05, 0x4a, 0x22, 0xf5, 0x9d, 0x14, 0x81, 0xfc, 0x21, 0x82,
+	0xa0, 0x6b, 0x35, 0x71, 0x51, 0xa0, 0x5b, 0x16, 0x5a, 0x85, 0xb2, 0x24, 0x4d, 0x3c, 0xef, 0x02,
+	0x01, 0x6a, 0xb3, 0xf9, 0xbc, 0x03, 0xb9, 0x3d, 0xdb, 0x21, 0xd2, 0xf3, 0x53, 0x23, 0xc2, 0xc4,
+	0x22, 0x9b, 0x33, 0x98, 0x53, 0xd7, 0x8b, 0x51, 0x73, 0x4f, 0xfd, 0x97, 0x0c, 0x6f, 0x31, 0xb3,
+	0x52, 0x35, 0xa9, 0x9f, 0xa8, 0x5a, 0xa7, 0xf4, 0x13, 0x74, 0x4c, 0x3f, 0x81, 0x16, 0xfa, 0x49,
+	0xd2, 0xa4, 0x7e, 0x02, 0xf4, 0xd3, 0xeb, 0x87, 0x3e, 0x84, 0x39, 0xd9, 0xaa, 0x94, 0xa1, 0xee,
+	0xd5, 0x54, 0xcf, 0x48, 0x5a, 0x7a, 0x73, 0x06, 0x47, 0x3c, 0x89, 0xe9, 0x6d, 0xc1, 0x8d, 0xba,
+	0x63, 0x98, 0x07, 0x8e, 0x1d, 0x84, 0xc4, 0x4a, 0x46, 0xa0, 0xfb, 0x50, 0x38, 0x97, 0xe7, 0x5e,
+	0xd6, 0x44, 0x95, 0x94, 0xea, 0xbf, 0x67, 0xa0, 0xb2, 0x49, 0x0c, 0x27, 0xdc, 0x9f, 0x74, 0xaa,
+	0x42, 0x12, 0x84, 0xf2, 0x7c, 0xe4, 0xbf, 0xd1, 0xd7, 0xa0, 0x18, 0xa7, 0x41, 0x57, 0x5e, 0x07,
+	0xc6, 0xa4, 0xe8, 0x01, 0xcc, 0x31, 0xdd, 0xe9, 0x28, 0xaa, 0xaf, 0x2e, 0xbb, 0x69, 0x92, 0x94,
+	0xec, 0xd0, 0xf2, 0x09, 0xcf, 0x7b, 0xb8, 0x9d, 0xf2, 0x38, 0x1a, 0xa2, 0x9f, 0x87, 0x0a, 0xbf,
+	0x28, 0x89, 0xd2, 0xbc, 0xfc, 0x55, 0x32, 0xcb, 0xe2, 0xae, 0x53, 0xa4, 0x78, 0x7f, 0x9c, 0x85,
+	0xa5, 0x6d, 0x63, 0xbc, 0x4b, 0x64, 0x18, 0x22, 0x16, 0x26, 0x26, 0xf5, 0x2d, 0xd4, 0x4d, 0x86,
+	0xaf, 0x4b, 0xae, 0x4e, 0xd3, 0x98, 0xd3, 0xa3, 0x58, 0x54, 0xf3, 0x65, 0x13, 0x35, 0xdf, 0x12,
+	0xe4, 0x5d, 0xea, 0x9a, 0x44, 0xc6, 0x36, 0x31, 0x50, 0xbf, 0x93, 0x49, 0xc6, 0xae, 0x6a, 0x7c,
+	0xad, 0xc9, 0x9b, 0x5e, 0x6d, 0x1a, 0xc6, 0x9f, 0x43, 0x1f, 0x43, 0xb5, 0xa7, 0x35, 0xb0, 0xd6,
+	0xaf, 0x77, 0xbe, 0xa9, 0xf7, 0x6a, 0x5b, 0xbd, 0xda, 0xfd, 0xbb, 0x7a, 0xb7, 0xb3, 0xf5, 0xad,
+	0x7b, 0x0f, 0xee, 0x7e, 0x4d, 0xc9, 0x54, 0xd7, 0x8e, 0x4f, 0xd6, 0x6e, 0xb5, 0x6b, 0x8d, 0x2d,
+	0xb1, 0xe3, 0x76, 0xe9, 0xf3, 0x9e, 0xe1, 0x04, 0xc6, 0xfd, 0xbb, 0x5d, 0xea, 0x8c, 0x19, 0x0d,
+	0xfa, 0x2a, 0xa0, 0x0d, 0x0d, 0xb7, 0xb5, 0xbe, 0x1e, 0x05, 0xc8, 0x46, 0xbd, 0xa1, 0x64, 0x45,
+	0x25, 0xb5, 0x41, 0x7c, 0x97, 0x84, 0x35, 0xad, 0x77, 0xef, 0xfe, 0xc3, 0x46, 0xbd, 0xc1, 0xf6,
+	0x78, 0x25, 0x79, 0x5a, 0x26, 0x93, 0x80, 0xcc, 0x85, 0x49, 0xc0, 0x24, 0x97, 0xc8, 0x5e, 0x90,
+	0x4b, 0x6c, 0xc0, 0x92, 0xe9, 0xd3, 0x20, 0xd0, 0x59, 0x79, 0x42, 0xac, 0xa9, 0x02, 0xe8, 0x4b,
+	0x67, 0xa7, 0xab, 0xd7, 0x1a, 0x0c, 0xdf, 0xe3, 0x68, 0x29, 0xfe, 0x9a, 0x99, 0x00, 0xf1, 0x2f,
+	0xa9, 0xdf, 0x9f, 0x65, 0x99, 0x9e, 0x7d, 0x68, 0x3b, 0x64, 0x40, 0x02, 0xf4, 0x04, 0x16, 0x4d,
+	0x9f, 0x58, 0xac, 0xee, 0x30, 0x9c, 0xe4, 0xcb, 0xe8, 0x9f, 0x4b, 0x4d, 0xba, 0x62, 0xc6, 0xf5,
+	0x46, 0xcc, 0xd5, 0xf3, 0x88, 0x89, 0x17, 0xcc, 0x73, 0x63, 0xf4, 0x0c, 0x16, 0x03, 0xe2, 0xd8,
+	0xee, 0xe8, 0xb9, 0x6e, 0x52, 0x37, 0x24, 0xcf, 0xa3, 0xeb, 0xbc, 0xab, 0xe4, 0xf6, 0xb4, 0x2d,
+	0xc6, 0xd5, 0x10, 0x4c, 0x75, 0x74, 0x76, 0xba, 0xba, 0x70, 0x1e, 0x86, 0x17, 0xa4, 0x64, 0x39,
+	0xae, 0xee, 0xc3, 0xc2, 0x79, 0x6d, 0xd0, 0x92, 0x0c, 0x34, 0x3c, 0x5e, 0xc5, 0x81, 0xe4, 0x16,
+	0x14, 0x7d, 0x32, 0xb0, 0x83, 0xd0, 0x17, 0x66, 0x66, 0x98, 0x18, 0x82, 0x96, 0xa1, 0x90, 0x78,
+	0x71, 0xc2, 0x70, 0x72, 0xcc, 0x22, 0x88, 0x78, 0x4c, 0x56, 0xfd, 0x35, 0x98, 0xd2, 0x85, 0x6d,
+	0x3a, 0xcb, 0x0e, 0x8c, 0x5d, 0xf9, 0xb1, 0x22, 0x8e, 0x86, 0xcc, 0x97, 0x47, 0x41, 0x9c, 0x40,
+	0xf2, 0xdf, 0x0c, 0xc6, 0x33, 0x1d, 0xf9, 0xb4, 0x8e, 0xe7, 0x32, 0xd1, 0x0b, 0xde, 0x5c, 0xe2,
+	0x05, 0xef, 0x12, 0xe4, 0x1d, 0x72, 0x48, 0x1c, 0x91, 0x63, 0x60, 0x31, 0xe0, 0x3e, 0xff, 0x0d,
+	0xba, 0x2b, 0x8f, 0xe1, 0x0d, 0x98, 0x7f, 0x46, 0x77, 0x75, 0x3b, 0x24, 0xfe, 0xe4, 0x61, 0x55,
+	0xf9, 0xfe, 0xcb, 0x69, 0xf6, 0x95, 0x0f, 0x79, 0x65, 0xa2, 0x53, 0x79, 0x46, 0x77, 0x5b, 0x11,
+	0x1b, 0xaa, 0xc1, 0x02, 0xcf, 0xdf, 0xc8, 0x73, 0x62, 0x8e, 0xb8, 0xa0, 0xab, 0xef, 0x5d, 0xe7,
+	0x19, 0x87, 0x16, 0x31, 0xbc, 0x75, 0x17, 0x2a, 0xd1, 0x1b, 0x56, 0xfe, 0x98, 0xa5, 0x08, 0xb9,
+	0x7e, 0xad, 0xf7, 0x58, 0x99, 0x41, 0x00, 0x05, 0xb1, 0xf9, 0xc4, 0xed, 0x68, 0xa3, 0xd3, 0xde,
+	0x68, 0x3d, 0x52, 0xb2, 0x6f, 0xfd, 0x5e, 0x0e, 0x4a, 0xf1, 0xfd, 0x1c, 0x3b, 0x6c, 0xdb, 0xda,
+	0xd3, 0x68, 0xf7, 0xc6, 0xf0, 0x36, 0x39, 0x42, 0xaf, 0x4e, 0x3a, 0x7b, 0x1f, 0x8b, 0x07, 0x09,
+	0x31, 0x3a, 0xea, 0xea, 0xbd, 0x0e, 0xc5, 0x5a, 0xaf, 0xd7, 0x7a, 0xd4, 0xd6, 0x9a, 0xca, 0xa7,
+	0x99, 0xea, 0x97, 0x8e, 0x4f, 0xd6, 0xae, 0xc5, 0x44, 0xb5, 0x40, 0xec, 0x17, 0x4e, 0xd5, 0x68,
+	0x68, 0xdd, 0xbe, 0xd6, 0x54, 0x3e, 0xc9, 0x4e, 0x53, 0xf1, 0x4e, 0x15, 0x7f, 0x68, 0x55, 0xea,
+	0x62, 0xad, 0x5b, 0xc3, 0xec, 0x83, 0x9f, 0x66, 0x45, 0xc3, 0x71, 0xf2, 0x45, 0x9f, 0x78, 0x86,
+	0xcf, 0xbe, 0xb9, 0x12, 0xbd, 0x77, 0xfc, 0x64, 0x56, 0xbc, 0xb8, 0x99, 0x5c, 0x36, 0x12, 0xc3,
+	0x1a, 0xb3, 0xaf, 0xf1, 0x5b, 0x5e, 0x2e, 0x66, 0x76, 0xea, 0x6b, 0x3d, 0x16, 0x5c, 0x99, 0x14,
+	0x15, 0xe6, 0xf0, 0x4e, 0xbb, 0xcd, 0x88, 0x3e, 0xc9, 0x4d, 0xcd, 0x0e, 0x8f, 0x5c, 0x97, 0xd1,
+	0xdc, 0x86, 0x62, 0x74, 0x09, 0xac, 0x7c, 0x9a, 0x9b, 0x52, 0xa8, 0x11, 0xdd, 0x60, 0xf3, 0x0f,
+	0x6e, 0xee, 0xf4, 0xf9, 0x73, 0xcc, 0x4f, 0xf2, 0xd3, 0x1f, 0xdc, 0x1f, 0x85, 0x16, 0x3d, 0x72,
+	0x59, 0x98, 0x91, 0xbd, 0xcd, 0x4f, 0xf3, 0x22, 0x7c, 0xc5, 0x34, 0xb2, 0xb1, 0xf9, 0x3a, 0x14,
+	0xb1, 0xf6, 0x0d, 0xf1, 0x72, 0xf3, 0x93, 0xc2, 0x94, 0x1c, 0x4c, 0x9e, 0x11, 0x93, 0x7d, 0x6d,
+	0x0d, 0x0a, 0x58, 0xdb, 0xee, 0x3c, 0xd1, 0x94, 0x3f, 0x28, 0x4c, 0xc9, 0xc1, 0x64, 0x48, 0xf9,
+	0x4b, 0xb4, 0x62, 0x07, 0x77, 0x37, 0x6b, 0x7c, 0x51, 0xa6, 0xe5, 0x74, 0x7c, 0x6f, 0xdf, 0x70,
+	0x89, 0x35, 0x79, 0x75, 0x14, 0xa3, 0xde, 0xfa, 0x25, 0x28, 0x46, 0xc9, 0x3e, 0x5a, 0x81, 0xc2,
+	0xd3, 0x0e, 0x7e, 0xac, 0x61, 0x65, 0x46, 0x58, 0x39, 0xc2, 0x3c, 0x15, 0x65, 0xda, 0x1a, 0xcc,
+	0x6d, 0xd7, 0xda, 0xb5, 0x47, 0x1a, 0x8e, 0x2e, 0x26, 0x22, 0x02, 0x99, 0xb1, 0x56, 0x15, 0xf9,
+	0x81, 0x58, 0x66, 0xfd, 0xf5, 0x1f, 0x7c, 0xb6, 0x32, 0xf3, 0xe3, 0xcf, 0x56, 0x66, 0x3e, 0x39,
+	0x5b, 0xc9, 0xfc, 0xe0, 0x6c, 0x25, 0xf3, 0xc3, 0xb3, 0x95, 0xcc, 0xbf, 0x9d, 0xad, 0x64, 0x7e,
+	0xe7, 0x27, 0x2b, 0x33, 0x3f, 0xfc, 0xc9, 0xca, 0xcc, 0x8f, 0x7f, 0xb2, 0x32, 0xb3, 0x5b, 0xe0,
+	0x4e, 0xff, 0xe0, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0xde, 0x15, 0x00, 0xb1, 0xc6, 0x34, 0x00,
+	0x00,
 }
 
 func (m *Version) Copy() *Version {
@@ -2257,7 +4203,7 @@ func (m *Annotations) CopyFrom(src interface{}) {
 	if o.Indices != nil {
 		m.Indices = make([]IndexEntry, len(o.Indices))
 		for i := range m.Indices {
-			deepcopy.Copy(&m.Indices[i], &o.Indices[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(&m.Indices[i], &o.Indices[i])
 		}
 	}
 
@@ -2312,13 +4258,13 @@ func (m *GenericResource) CopyFrom(src interface{}) {
 			v := GenericResource_NamedResourceSpec{
 				NamedResourceSpec: &NamedGenericResource{},
 			}
-			deepcopy.Copy(v.NamedResourceSpec, o.GetNamedResourceSpec())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.NamedResourceSpec, o.GetNamedResourceSpec())
 			m.Resource = &v
 		case *GenericResource_DiscreteResourceSpec:
 			v := GenericResource_DiscreteResourceSpec{
 				DiscreteResourceSpec: &DiscreteGenericResource{},
 			}
-			deepcopy.Copy(v.DiscreteResourceSpec, o.GetDiscreteResourceSpec())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.DiscreteResourceSpec, o.GetDiscreteResourceSpec())
 			m.Resource = &v
 		}
 	}
@@ -2342,7 +4288,7 @@ func (m *Resources) CopyFrom(src interface{}) {
 		m.Generic = make([]*GenericResource, len(o.Generic))
 		for i := range m.Generic {
 			m.Generic[i] = &GenericResource{}
-			deepcopy.Copy(m.Generic[i], o.Generic[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Generic[i], o.Generic[i])
 		}
 	}
 
@@ -2363,11 +4309,19 @@ func (m *ResourceRequirements) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Limits != nil {
 		m.Limits = &Resources{}
-		deepcopy.Copy(m.Limits, o.Limits)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Limits, o.Limits)
 	}
 	if o.Reservations != nil {
 		m.Reservations = &Resources{}
-		deepcopy.Copy(m.Reservations, o.Reservations)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Reservations, o.Reservations)
+	}
+	if o.SwapBytes != nil {
+		m.SwapBytes = &types.Int64Value{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.SwapBytes, o.SwapBytes)
+	}
+	if o.MemorySwappiness != nil {
+		m.MemorySwappiness = &types.Int64Value{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.MemorySwappiness, o.MemorySwappiness)
 	}
 }
 
@@ -2424,7 +4378,7 @@ func (m *EngineDescription) CopyFrom(src interface{}) {
 	if o.Plugins != nil {
 		m.Plugins = make([]PluginDescription, len(o.Plugins))
 		for i := range m.Plugins {
-			deepcopy.Copy(&m.Plugins[i], &o.Plugins[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(&m.Plugins[i], &o.Plugins[i])
 		}
 	}
 
@@ -2445,19 +4399,19 @@ func (m *NodeDescription) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Platform != nil {
 		m.Platform = &Platform{}
-		deepcopy.Copy(m.Platform, o.Platform)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Platform, o.Platform)
 	}
 	if o.Resources != nil {
 		m.Resources = &Resources{}
-		deepcopy.Copy(m.Resources, o.Resources)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Resources, o.Resources)
 	}
 	if o.Engine != nil {
 		m.Engine = &EngineDescription{}
-		deepcopy.Copy(m.Engine, o.Engine)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Engine, o.Engine)
 	}
 	if o.TLSInfo != nil {
 		m.TLSInfo = &NodeTLSInfo{}
-		deepcopy.Copy(m.TLSInfo, o.TLSInfo)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.TLSInfo, o.TLSInfo)
 	}
 }
 
@@ -2548,15 +4502,15 @@ func (m *Mount) CopyFrom(src interface{}) {
 	*m = *o
 	if o.BindOptions != nil {
 		m.BindOptions = &Mount_BindOptions{}
-		deepcopy.Copy(m.BindOptions, o.BindOptions)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.BindOptions, o.BindOptions)
 	}
 	if o.VolumeOptions != nil {
 		m.VolumeOptions = &Mount_VolumeOptions{}
-		deepcopy.Copy(m.VolumeOptions, o.VolumeOptions)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.VolumeOptions, o.VolumeOptions)
 	}
 	if o.TmpfsOptions != nil {
 		m.TmpfsOptions = &Mount_TmpfsOptions{}
-		deepcopy.Copy(m.TmpfsOptions, o.TmpfsOptions)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.TmpfsOptions, o.TmpfsOptions)
 	}
 }
 
@@ -2597,7 +4551,7 @@ func (m *Mount_VolumeOptions) CopyFrom(src interface{}) {
 
 	if o.DriverConfig != nil {
 		m.DriverConfig = &Driver{}
-		deepcopy.Copy(m.DriverConfig, o.DriverConfig)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.DriverConfig, o.DriverConfig)
 	}
 }
 
@@ -2630,12 +4584,12 @@ func (m *RestartPolicy) CopyFrom(src interface{}) {
 	o := src.(*RestartPolicy)
 	*m = *o
 	if o.Delay != nil {
-		m.Delay = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.Delay, o.Delay)
+		m.Delay = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Delay, o.Delay)
 	}
 	if o.Window != nil {
-		m.Window = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.Window, o.Window)
+		m.Window = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Window, o.Window)
 	}
 }
 
@@ -2652,10 +4606,10 @@ func (m *UpdateConfig) CopyFrom(src interface{}) {
 
 	o := src.(*UpdateConfig)
 	*m = *o
-	deepcopy.Copy(&m.Delay, &o.Delay)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Delay, &o.Delay)
 	if o.Monitor != nil {
-		m.Monitor = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.Monitor, o.Monitor)
+		m.Monitor = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Monitor, o.Monitor)
 	}
 }
 
@@ -2673,12 +4627,12 @@ func (m *UpdateStatus) CopyFrom(src interface{}) {
 	o := src.(*UpdateStatus)
 	*m = *o
 	if o.StartedAt != nil {
-		m.StartedAt = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.StartedAt, o.StartedAt)
+		m.StartedAt = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.StartedAt, o.StartedAt)
 	}
 	if o.CompletedAt != nil {
-		m.CompletedAt = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.CompletedAt, o.CompletedAt)
+		m.CompletedAt = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.CompletedAt, o.CompletedAt)
 	}
 }
 
@@ -2714,7 +4668,7 @@ func (m *PortStatus) CopyFrom(src interface{}) {
 		m.Ports = make([]*PortConfig, len(o.Ports))
 		for i := range m.Ports {
 			m.Ports[i] = &PortConfig{}
-			deepcopy.Copy(m.Ports[i], o.Ports[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Ports[i], o.Ports[i])
 		}
 	}
 
@@ -2734,16 +4688,16 @@ func (m *TaskStatus) CopyFrom(src interface{}) {
 	o := src.(*TaskStatus)
 	*m = *o
 	if o.Timestamp != nil {
-		m.Timestamp = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.Timestamp, o.Timestamp)
+		m.Timestamp = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Timestamp, o.Timestamp)
 	}
 	if o.PortStatus != nil {
 		m.PortStatus = &PortStatus{}
-		deepcopy.Copy(m.PortStatus, o.PortStatus)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.PortStatus, o.PortStatus)
 	}
 	if o.AppliedAt != nil {
-		m.AppliedAt = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.AppliedAt, o.AppliedAt)
+		m.AppliedAt = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.AppliedAt, o.AppliedAt)
 	}
 	if o.RuntimeStatus != nil {
 		switch o.RuntimeStatus.(type) {
@@ -2751,7 +4705,7 @@ func (m *TaskStatus) CopyFrom(src interface{}) {
 			v := TaskStatus_Container{
 				Container: &ContainerStatus{},
 			}
-			deepcopy.Copy(v.Container, o.GetContainer())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Container, o.GetContainer())
 			m.RuntimeStatus = &v
 		}
 	}
@@ -2864,13 +4818,13 @@ func (m *IPAMOptions) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Driver != nil {
 		m.Driver = &Driver{}
-		deepcopy.Copy(m.Driver, o.Driver)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Driver, o.Driver)
 	}
 	if o.Configs != nil {
 		m.Configs = make([]*IPAMConfig, len(o.Configs))
 		for i := range m.Configs {
 			m.Configs[i] = &IPAMConfig{}
-			deepcopy.Copy(m.Configs[i], o.Configs[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Configs[i], o.Configs[i])
 		}
 	}
 
@@ -2906,7 +4860,7 @@ func (m *WeightedPeer) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Peer != nil {
 		m.Peer = &Peer{}
-		deepcopy.Copy(m.Peer, o.Peer)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Peer, o.Peer)
 	}
 }
 
@@ -2942,7 +4896,7 @@ func (m *AcceptancePolicy) CopyFrom(src interface{}) {
 		m.Policies = make([]*AcceptancePolicy_RoleAdmissionPolicy, len(o.Policies))
 		for i := range m.Policies {
 			m.Policies[i] = &AcceptancePolicy_RoleAdmissionPolicy{}
-			deepcopy.Copy(m.Policies[i], o.Policies[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Policies[i], o.Policies[i])
 		}
 	}
 
@@ -2963,7 +4917,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Secret != nil {
 		m.Secret = &AcceptancePolicy_RoleAdmissionPolicy_Secret{}
-		deepcopy.Copy(m.Secret, o.Secret)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Secret, o.Secret)
 	}
 }
 
@@ -3026,14 +4980,14 @@ func (m *CAConfig) CopyFrom(src interface{}) {
 	o := src.(*CAConfig)
 	*m = *o
 	if o.NodeCertExpiry != nil {
-		m.NodeCertExpiry = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.NodeCertExpiry, o.NodeCertExpiry)
+		m.NodeCertExpiry = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.NodeCertExpiry, o.NodeCertExpiry)
 	}
 	if o.ExternalCAs != nil {
 		m.ExternalCAs = make([]*ExternalCA, len(o.ExternalCAs))
 		for i := range m.ExternalCAs {
 			m.ExternalCAs[i] = &ExternalCA{}
-			deepcopy.Copy(m.ExternalCAs[i], o.ExternalCAs[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.ExternalCAs[i], o.ExternalCAs[i])
 		}
 	}
 
@@ -3077,7 +5031,7 @@ func (m *TaskDefaults) CopyFrom(src interface{}) {
 	*m = *o
 	if o.LogDriver != nil {
 		m.LogDriver = &Driver{}
-		deepcopy.Copy(m.LogDriver, o.LogDriver)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.LogDriver, o.LogDriver)
 	}
 }
 
@@ -3095,8 +5049,8 @@ func (m *DispatcherConfig) CopyFrom(src interface{}) {
 	o := src.(*DispatcherConfig)
 	*m = *o
 	if o.HeartbeatPeriod != nil {
-		m.HeartbeatPeriod = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.HeartbeatPeriod, o.HeartbeatPeriod)
+		m.HeartbeatPeriod = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.HeartbeatPeriod, o.HeartbeatPeriod)
 	}
 }
 
@@ -3164,7 +5118,7 @@ func (m *PlacementPreference) CopyFrom(src interface{}) {
 			v := PlacementPreference_Spread{
 				Spread: &SpreadOver{},
 			}
-			deepcopy.Copy(v.Spread, o.GetSpread())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Spread, o.GetSpread())
 			m.Preference = &v
 		}
 	}
@@ -3193,7 +5147,7 @@ func (m *Placement) CopyFrom(src interface{}) {
 		m.Preferences = make([]*PlacementPreference, len(o.Preferences))
 		for i := range m.Preferences {
 			m.Preferences[i] = &PlacementPreference{}
-			deepcopy.Copy(m.Preferences[i], o.Preferences[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Preferences[i], o.Preferences[i])
 		}
 	}
 
@@ -3201,7 +5155,7 @@ func (m *Placement) CopyFrom(src interface{}) {
 		m.Platforms = make([]*Platform, len(o.Platforms))
 		for i := range m.Platforms {
 			m.Platforms[i] = &Platform{}
-			deepcopy.Copy(m.Platforms[i], o.Platforms[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Platforms[i], o.Platforms[i])
 		}
 	}
 
@@ -3243,10 +5197,10 @@ func (m *RootCA) CopyFrom(src interface{}) {
 		m.CACert = make([]byte, len(o.CACert))
 		copy(m.CACert, o.CACert)
 	}
-	deepcopy.Copy(&m.JoinTokens, &o.JoinTokens)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.JoinTokens, &o.JoinTokens)
 	if o.RootRotation != nil {
 		m.RootRotation = &RootRotation{}
-		deepcopy.Copy(m.RootRotation, o.RootRotation)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.RootRotation, o.RootRotation)
 	}
 }
 
@@ -3267,7 +5221,7 @@ func (m *Certificate) CopyFrom(src interface{}) {
 		m.CSR = make([]byte, len(o.CSR))
 		copy(m.CSR, o.CSR)
 	}
-	deepcopy.Copy(&m.Status, &o.Status)
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.Status, &o.Status)
 	if o.Certificate != nil {
 		m.Certificate = make([]byte, len(o.Certificate))
 		copy(m.Certificate, o.Certificate)
@@ -3323,6 +5277,16 @@ func (m *FileTarget) CopyFrom(src interface{}) {
 	*m = *o
 }
 
+func (m *RuntimeTarget) Copy() *RuntimeTarget {
+	if m == nil {
+		return nil
+	}
+	o := &RuntimeTarget{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *RuntimeTarget) CopyFrom(src interface{}) {}
 func (m *SecretReference) Copy() *SecretReference {
 	if m == nil {
 		return nil
@@ -3342,7 +5306,7 @@ func (m *SecretReference) CopyFrom(src interface{}) {
 			v := SecretReference_File{
 				File: &FileTarget{},
 			}
-			deepcopy.Copy(v.File, o.GetFile())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.File, o.GetFile())
 			m.Target = &v
 		}
 	}
@@ -3368,7 +5332,13 @@ func (m *ConfigReference) CopyFrom(src interface{}) {
 			v := ConfigReference_File{
 				File: &FileTarget{},
 			}
-			deepcopy.Copy(v.File, o.GetFile())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.File, o.GetFile())
+			m.Target = &v
+		case *ConfigReference_Runtime:
+			v := ConfigReference_Runtime{
+				Runtime: &RuntimeTarget{},
+			}
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Runtime, o.GetRuntime())
 			m.Target = &v
 		}
 	}
@@ -3389,8 +5359,8 @@ func (m *BlacklistedCertificate) CopyFrom(src interface{}) {
 	o := src.(*BlacklistedCertificate)
 	*m = *o
 	if o.Expiry != nil {
-		m.Expiry = &google_protobuf.Timestamp{}
-		deepcopy.Copy(m.Expiry, o.Expiry)
+		m.Expiry = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Expiry, o.Expiry)
 	}
 }
 
@@ -3413,16 +5383,16 @@ func (m *HealthConfig) CopyFrom(src interface{}) {
 	}
 
 	if o.Interval != nil {
-		m.Interval = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.Interval, o.Interval)
+		m.Interval = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Interval, o.Interval)
 	}
 	if o.Timeout != nil {
-		m.Timeout = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.Timeout, o.Timeout)
+		m.Timeout = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Timeout, o.Timeout)
 	}
 	if o.StartPeriod != nil {
-		m.StartPeriod = &google_protobuf1.Duration{}
-		deepcopy.Copy(m.StartPeriod, o.StartPeriod)
+		m.StartPeriod = &types.Duration{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.StartPeriod, o.StartPeriod)
 	}
 }
 
@@ -3491,11 +5461,11 @@ func (m *Privileges) CopyFrom(src interface{}) {
 	*m = *o
 	if o.CredentialSpec != nil {
 		m.CredentialSpec = &Privileges_CredentialSpec{}
-		deepcopy.Copy(m.CredentialSpec, o.CredentialSpec)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.CredentialSpec, o.CredentialSpec)
 	}
 	if o.SELinuxContext != nil {
 		m.SELinuxContext = &Privileges_SELinuxContext{}
-		deepcopy.Copy(m.SELinuxContext, o.SELinuxContext)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.SELinuxContext, o.SELinuxContext)
 	}
 }
 
@@ -3524,6 +5494,11 @@ func (m *Privileges_CredentialSpec) CopyFrom(src interface{}) {
 				Registry: o.GetRegistry(),
 			}
 			m.Source = &v
+		case *Privileges_CredentialSpec_Config:
+			v := Privileges_CredentialSpec_Config{
+				Config: o.GetConfig(),
+			}
+			m.Source = &v
 		}
 	}
 
@@ -3544,10 +5519,30 @@ func (m *Privileges_SELinuxContext) CopyFrom(src interface{}) {
 	*m = *o
 }
 
+func (m *JobStatus) Copy() *JobStatus {
+	if m == nil {
+		return nil
+	}
+	o := &JobStatus{}
+	o.CopyFrom(m)
+	return o
+}
+
+func (m *JobStatus) CopyFrom(src interface{}) {
+
+	o := src.(*JobStatus)
+	*m = *o
+	github_com_docker_swarmkit_api_deepcopy.Copy(&m.JobIteration, &o.JobIteration)
+	if o.LastExecution != nil {
+		m.LastExecution = &types.Timestamp{}
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.LastExecution, o.LastExecution)
+	}
+}
+
 func (m *Version) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3555,22 +5550,27 @@ func (m *Version) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Version) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Version) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Index != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.Index))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *IndexEntry) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3578,29 +5578,36 @@ func (m *IndexEntry) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *IndexEntry) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *IndexEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Key) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
-	}
 	if len(m.Val) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Val)
+		copy(dAtA[i:], m.Val)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Val)))
-		i += copy(dAtA[i:], m.Val)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Key) > 0 {
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Key)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Annotations) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3608,52 +5615,62 @@ func (m *Annotations) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Annotations) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Annotations) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if len(m.Indices) > 0 {
+		for iNdEx := len(m.Indices) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Indices[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
+		}
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
-			i = encodeVarintTypes(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	if len(m.Indices) > 0 {
-		for _, msg := range m.Indices {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *NamedGenericResource) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3661,29 +5678,36 @@ func (m *NamedGenericResource) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NamedGenericResource) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NamedGenericResource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Kind) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
-		i += copy(dAtA[i:], m.Kind)
-	}
 	if len(m.Value) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Value)
+		copy(dAtA[i:], m.Value)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
-		i += copy(dAtA[i:], m.Value)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Kind) > 0 {
+		i -= len(m.Kind)
+		copy(dAtA[i:], m.Kind)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DiscreteGenericResource) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3691,28 +5715,34 @@ func (m *DiscreteGenericResource) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DiscreteGenericResource) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DiscreteGenericResource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Kind) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
-		i += copy(dAtA[i:], m.Kind)
-	}
 	if m.Value != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.Value))
+		i--
+		dAtA[i] = 0x10
 	}
-	return i, nil
+	if len(m.Kind) > 0 {
+		i -= len(m.Kind)
+		copy(dAtA[i:], m.Kind)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *GenericResource) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3720,52 +5750,73 @@ func (m *GenericResource) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GenericResource) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GenericResource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Resource != nil {
-		nn1, err := m.Resource.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.Resource.Size()
+			i -= size
+			if _, err := m.Resource.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn1
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *GenericResource_NamedResourceSpec) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GenericResource_NamedResourceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.NamedResourceSpec != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.NamedResourceSpec.Size()))
-		n2, err := m.NamedResourceSpec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.NamedResourceSpec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *GenericResource_DiscreteResourceSpec) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GenericResource_DiscreteResourceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.DiscreteResourceSpec != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.DiscreteResourceSpec.Size()))
-		n3, err := m.DiscreteResourceSpec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.DiscreteResourceSpec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n3
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Resources) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3773,39 +5824,46 @@ func (m *Resources) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Resources) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Resources) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.NanoCPUs != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.NanoCPUs))
+	if len(m.Generic) > 0 {
+		for iNdEx := len(m.Generic) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Generic[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
 	}
 	if m.MemoryBytes != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.MemoryBytes))
+		i--
+		dAtA[i] = 0x10
 	}
-	if len(m.Generic) > 0 {
-		for _, msg := range m.Generic {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if m.NanoCPUs != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.NanoCPUs))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ResourceRequirements) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3813,37 +5871,70 @@ func (m *ResourceRequirements) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ResourceRequirements) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResourceRequirements) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Limits != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Limits.Size()))
-		n4, err := m.Limits.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.MemorySwappiness != nil {
+		{
+			size, err := m.MemorySwappiness.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.SwapBytes != nil {
+		{
+			size, err := m.SwapBytes.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n4
+		i--
+		dAtA[i] = 0x1a
 	}
 	if m.Reservations != nil {
+		{
+			size, err := m.Reservations.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Reservations.Size()))
-		n5, err := m.Reservations.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	if m.Limits != nil {
+		{
+			size, err := m.Limits.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n5
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Platform) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3851,29 +5942,36 @@ func (m *Platform) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Platform) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Platform) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Architecture) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Architecture)))
-		i += copy(dAtA[i:], m.Architecture)
-	}
 	if len(m.OS) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.OS)
+		copy(dAtA[i:], m.OS)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.OS)))
-		i += copy(dAtA[i:], m.OS)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
-}
-
-func (m *PluginDescription) Marshal() (dAtA []byte, err error) {
+	if len(m.Architecture) > 0 {
+		i -= len(m.Architecture)
+		copy(dAtA[i:], m.Architecture)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Architecture)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *PluginDescription) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3881,29 +5979,36 @@ func (m *PluginDescription) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PluginDescription) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PluginDescription) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Type) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
-		i += copy(dAtA[i:], m.Type)
-	}
 	if len(m.Name) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Type) > 0 {
+		i -= len(m.Type)
+		copy(dAtA[i:], m.Type)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *EngineDescription) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3911,52 +6016,62 @@ func (m *EngineDescription) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *EngineDescription) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *EngineDescription) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.EngineVersion) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.EngineVersion)))
-		i += copy(dAtA[i:], m.EngineVersion)
+	if len(m.Plugins) > 0 {
+		for iNdEx := len(m.Plugins) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Plugins[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
-			i = encodeVarintTypes(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	if len(m.Plugins) > 0 {
-		for _, msg := range m.Plugins {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if len(m.EngineVersion) > 0 {
+		i -= len(m.EngineVersion)
+		copy(dAtA[i:], m.EngineVersion)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.EngineVersion)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *NodeDescription) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -3964,73 +6079,87 @@ func (m *NodeDescription) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NodeDescription) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NodeDescription) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Hostname) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
-		i += copy(dAtA[i:], m.Hostname)
-	}
-	if m.Platform != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Platform.Size()))
-		n6, err := m.Platform.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.FIPS {
+		i--
+		if m.FIPS {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
-		i += n6
+		i--
+		dAtA[i] = 0x30
 	}
-	if m.Resources != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Resources.Size()))
-		n7, err := m.Resources.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.TLSInfo != nil {
+		{
+			size, err := m.TLSInfo.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n7
+		i--
+		dAtA[i] = 0x2a
 	}
 	if m.Engine != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Engine.Size()))
-		n8, err := m.Engine.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Engine.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n8
+		i--
+		dAtA[i] = 0x22
 	}
-	if m.TLSInfo != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.TLSInfo.Size()))
-		n9, err := m.TLSInfo.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Resources != nil {
+		{
+			size, err := m.Resources.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n9
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.FIPS {
-		dAtA[i] = 0x30
-		i++
-		if m.FIPS {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
+	if m.Platform != nil {
+		{
+			size, err := m.Platform.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i++
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Hostname) > 0 {
+		i -= len(m.Hostname)
+		copy(dAtA[i:], m.Hostname)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *NodeTLSInfo) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4038,35 +6167,43 @@ func (m *NodeTLSInfo) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NodeTLSInfo) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NodeTLSInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.TrustRoot) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.TrustRoot)))
-		i += copy(dAtA[i:], m.TrustRoot)
+	if len(m.CertIssuerPublicKey) > 0 {
+		i -= len(m.CertIssuerPublicKey)
+		copy(dAtA[i:], m.CertIssuerPublicKey)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CertIssuerPublicKey)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.CertIssuerSubject) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.CertIssuerSubject)
+		copy(dAtA[i:], m.CertIssuerSubject)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.CertIssuerSubject)))
-		i += copy(dAtA[i:], m.CertIssuerSubject)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.CertIssuerPublicKey) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CertIssuerPublicKey)))
-		i += copy(dAtA[i:], m.CertIssuerPublicKey)
+	if len(m.TrustRoot) > 0 {
+		i -= len(m.TrustRoot)
+		copy(dAtA[i:], m.TrustRoot)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.TrustRoot)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *RaftMemberStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4074,38 +6211,44 @@ func (m *RaftMemberStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RaftMemberStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RaftMemberStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if len(m.Message) > 0 {
+		i -= len(m.Message)
+		copy(dAtA[i:], m.Message)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.Reachability != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Reachability))
+		i--
+		dAtA[i] = 0x10
+	}
 	if m.Leader {
-		dAtA[i] = 0x8
-		i++
+		i--
 		if m.Leader {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if m.Reachability != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Reachability))
-	}
-	if len(m.Message) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
-		i += copy(dAtA[i:], m.Message)
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *NodeStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4113,34 +6256,41 @@ func (m *NodeStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NodeStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NodeStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.State != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.State))
+	if len(m.Addr) > 0 {
+		i -= len(m.Addr)
+		copy(dAtA[i:], m.Addr)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.Message) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Message)
+		copy(dAtA[i:], m.Message)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
-		i += copy(dAtA[i:], m.Message)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Addr) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
-		i += copy(dAtA[i:], m.Addr)
+	if m.State != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.State))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Image) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4148,23 +6298,29 @@ func (m *Image) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Image) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Image) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Reference) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Reference)
+		copy(dAtA[i:], m.Reference)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Reference)))
-		i += copy(dAtA[i:], m.Reference)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Mount) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4172,79 +6328,92 @@ func (m *Mount) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Mount) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Mount) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Type != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Type))
+	if m.Consistency != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Consistency))
+		i--
+		dAtA[i] = 0x40
 	}
-	if len(m.Source) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Source)))
-		i += copy(dAtA[i:], m.Source)
+	if m.TmpfsOptions != nil {
+		{
+			size, err := m.TmpfsOptions.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x3a
 	}
-	if len(m.Target) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Target)))
-		i += copy(dAtA[i:], m.Target)
+	if m.VolumeOptions != nil {
+		{
+			size, err := m.VolumeOptions.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x32
+	}
+	if m.BindOptions != nil {
+		{
+			size, err := m.BindOptions.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
 	}
 	if m.ReadOnly {
-		dAtA[i] = 0x20
-		i++
+		i--
 		if m.ReadOnly {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if m.BindOptions != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.BindOptions.Size()))
-		n10, err := m.BindOptions.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n10
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.VolumeOptions != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.VolumeOptions.Size()))
-		n11, err := m.VolumeOptions.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n11
+	if len(m.Target) > 0 {
+		i -= len(m.Target)
+		copy(dAtA[i:], m.Target)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Target)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.TmpfsOptions != nil {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.TmpfsOptions.Size()))
-		n12, err := m.TmpfsOptions.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n12
+	if len(m.Source) > 0 {
+		i -= len(m.Source)
+		copy(dAtA[i:], m.Source)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Source)))
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Consistency != 0 {
-		dAtA[i] = 0x40
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Consistency))
+	if m.Type != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Type))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Mount_BindOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4252,22 +6421,37 @@ func (m *Mount_BindOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Mount_BindOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Mount_BindOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.NonRecursive {
+		i--
+		if m.NonRecursive {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x10
+	}
 	if m.Propagation != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.Propagation))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Mount_VolumeOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4275,54 +6459,63 @@ func (m *Mount_VolumeOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Mount_VolumeOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Mount_VolumeOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.NoCopy {
-		dAtA[i] = 0x8
-		i++
-		if m.NoCopy {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
+	if m.DriverConfig != nil {
+		{
+			size, err := m.DriverConfig.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i++
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Labels {
 			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
-			i = encodeVarintTypes(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	if m.DriverConfig != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.DriverConfig.Size()))
-		n13, err := m.DriverConfig.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.NoCopy {
+		i--
+		if m.NoCopy {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
-		i += n13
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Mount_TmpfsOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4330,27 +6523,39 @@ func (m *Mount_TmpfsOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Mount_TmpfsOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Mount_TmpfsOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.SizeBytes != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.SizeBytes))
+	if len(m.Options) > 0 {
+		i -= len(m.Options)
+		copy(dAtA[i:], m.Options)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Options)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if m.Mode != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.SizeBytes != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.SizeBytes))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *RestartPolicy) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4358,47 +6563,56 @@ func (m *RestartPolicy) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RestartPolicy) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RestartPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Condition != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Condition))
-	}
-	if m.Delay != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Delay.Size()))
-		n14, err := m.Delay.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Window != nil {
+		{
+			size, err := m.Window.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n14
+		i--
+		dAtA[i] = 0x22
 	}
 	if m.MaxAttempts != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.MaxAttempts))
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.Window != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Window.Size()))
-		n15, err := m.Window.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.Delay != nil {
+		{
+			size, err := m.Delay.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n15
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if m.Condition != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Condition))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4406,56 +6620,63 @@ func (m *UpdateConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Parallelism != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Parallelism))
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintTypes(dAtA, i, uint64(types.SizeOfStdDuration(m.Delay)))
-	n16, err := types.StdDurationMarshalTo(m.Delay, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.Order != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Order))
+		i--
+		dAtA[i] = 0x30
 	}
-	i += n16
-	if m.FailureAction != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.FailureAction))
+	if m.MaxFailureRatio != 0 {
+		i -= 4
+		encoding_binary.LittleEndian.PutUint32(dAtA[i:], uint32(math.Float32bits(float32(m.MaxFailureRatio))))
+		i--
+		dAtA[i] = 0x2d
 	}
 	if m.Monitor != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Monitor.Size()))
-		n17, err := m.Monitor.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Monitor.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n17
+		i--
+		dAtA[i] = 0x22
 	}
-	if m.MaxFailureRatio != 0 {
-		dAtA[i] = 0x2d
-		i++
-		binary.LittleEndian.PutUint32(dAtA[i:], uint32(math.Float32bits(float32(m.MaxFailureRatio))))
-		i += 4
+	if m.FailureAction != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.FailureAction))
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.Order != 0 {
-		dAtA[i] = 0x30
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Order))
+	n18, err18 := github_com_gogo_protobuf_types.StdDurationMarshalTo(m.Delay, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdDuration(m.Delay):])
+	if err18 != nil {
+		return 0, err18
+	}
+	i -= n18
+	i = encodeVarintTypes(dAtA, i, uint64(n18))
+	i--
+	dAtA[i] = 0x12
+	if m.Parallelism != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Parallelism))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UpdateStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4463,48 +6684,58 @@ func (m *UpdateStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UpdateStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UpdateStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.State != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.State))
-	}
-	if m.StartedAt != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.StartedAt.Size()))
-		n18, err := m.StartedAt.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n18
+	if len(m.Message) > 0 {
+		i -= len(m.Message)
+		copy(dAtA[i:], m.Message)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
+		i--
+		dAtA[i] = 0x22
 	}
 	if m.CompletedAt != nil {
+		{
+			size, err := m.CompletedAt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.CompletedAt.Size()))
-		n19, err := m.CompletedAt.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	if m.StartedAt != nil {
+		{
+			size, err := m.StartedAt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n19
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Message) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
-		i += copy(dAtA[i:], m.Message)
+	if m.State != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.State))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ContainerStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4512,33 +6743,39 @@ func (m *ContainerStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ContainerStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ContainerStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ContainerID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.ContainerID)))
-		i += copy(dAtA[i:], m.ContainerID)
+	if m.ExitCode != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.ExitCode))
+		i--
+		dAtA[i] = 0x18
 	}
 	if m.PID != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.PID))
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.ExitCode != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.ExitCode))
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *PortStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4546,29 +6783,36 @@ func (m *PortStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PortStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PortStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Ports) > 0 {
-		for _, msg := range m.Ports {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Ports) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Ports[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4576,91 +6820,114 @@ func (m *TaskStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Timestamp != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Timestamp.Size()))
-		n20, err := m.Timestamp.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.AppliedAt != nil {
+		{
+			size, err := m.AppliedAt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n20
-	}
-	if m.State != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.State))
+		i--
+		dAtA[i] = 0x42
 	}
-	if len(m.Message) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
-		i += copy(dAtA[i:], m.Message)
+	if len(m.AppliedBy) > 0 {
+		i -= len(m.AppliedBy)
+		copy(dAtA[i:], m.AppliedBy)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.AppliedBy)))
+		i--
+		dAtA[i] = 0x3a
 	}
-	if len(m.Err) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Err)))
-		i += copy(dAtA[i:], m.Err)
+	if m.PortStatus != nil {
+		{
+			size, err := m.PortStatus.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x32
 	}
 	if m.RuntimeStatus != nil {
-		nn21, err := m.RuntimeStatus.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.RuntimeStatus.Size()
+			i -= size
+			if _, err := m.RuntimeStatus.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn21
 	}
-	if m.PortStatus != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.PortStatus.Size()))
-		n22, err := m.PortStatus.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n22
+	if len(m.Err) > 0 {
+		i -= len(m.Err)
+		copy(dAtA[i:], m.Err)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Err)))
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.AppliedBy) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.AppliedBy)))
-		i += copy(dAtA[i:], m.AppliedBy)
+	if len(m.Message) > 0 {
+		i -= len(m.Message)
+		copy(dAtA[i:], m.Message)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.AppliedAt != nil {
-		dAtA[i] = 0x42
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.AppliedAt.Size()))
-		n23, err := m.AppliedAt.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if m.State != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.State))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Timestamp != nil {
+		{
+			size, err := m.Timestamp.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n23
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskStatus_Container) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskStatus_Container) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Container != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Container.Size()))
-		n24, err := m.Container.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Container.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n24
+		i--
+		dAtA[i] = 0x2a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *NetworkAttachmentConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4668,70 +6935,66 @@ func (m *NetworkAttachmentConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *NetworkAttachmentConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NetworkAttachmentConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Target) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Target)))
-		i += copy(dAtA[i:], m.Target)
-	}
-	if len(m.Aliases) > 0 {
-		for _, s := range m.Aliases {
+	if len(m.DriverAttachmentOpts) > 0 {
+		for k := range m.DriverAttachmentOpts {
+			v := m.DriverAttachmentOpts[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
+			i--
 			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x22
 		}
 	}
 	if len(m.Addresses) > 0 {
-		for _, s := range m.Addresses {
+		for iNdEx := len(m.Addresses) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Addresses[iNdEx])
+			copy(dAtA[i:], m.Addresses[iNdEx])
+			i = encodeVarintTypes(dAtA, i, uint64(len(m.Addresses[iNdEx])))
+			i--
 			dAtA[i] = 0x1a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	if len(m.DriverAttachmentOpts) > 0 {
-		for k, _ := range m.DriverAttachmentOpts {
-			dAtA[i] = 0x22
-			i++
-			v := m.DriverAttachmentOpts[k]
-			mapSize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
-			i = encodeVarintTypes(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+	if len(m.Aliases) > 0 {
+		for iNdEx := len(m.Aliases) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Aliases[iNdEx])
+			copy(dAtA[i:], m.Aliases[iNdEx])
+			i = encodeVarintTypes(dAtA, i, uint64(len(m.Aliases[iNdEx])))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if len(m.Target) > 0 {
+		i -= len(m.Target)
+		copy(dAtA[i:], m.Target)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Target)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *IPAMConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4739,57 +7002,67 @@ func (m *IPAMConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *IPAMConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *IPAMConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Family != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Family))
+	if len(m.Reserved) > 0 {
+		for k := range m.Reserved {
+			v := m.Reserved[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x2a
+		}
 	}
-	if len(m.Subnet) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Subnet)))
-		i += copy(dAtA[i:], m.Subnet)
+	if len(m.Gateway) > 0 {
+		i -= len(m.Gateway)
+		copy(dAtA[i:], m.Gateway)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Gateway)))
+		i--
+		dAtA[i] = 0x22
 	}
 	if len(m.Range) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.Range)
+		copy(dAtA[i:], m.Range)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Range)))
-		i += copy(dAtA[i:], m.Range)
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.Gateway) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Gateway)))
-		i += copy(dAtA[i:], m.Gateway)
+	if len(m.Subnet) > 0 {
+		i -= len(m.Subnet)
+		copy(dAtA[i:], m.Subnet)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Subnet)))
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Reserved) > 0 {
-		for k, _ := range m.Reserved {
-			dAtA[i] = 0x2a
-			i++
-			v := m.Reserved[k]
-			mapSize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
-			i = encodeVarintTypes(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+	if m.Family != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Family))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *PortConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4797,43 +7070,49 @@ func (m *PortConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PortConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PortConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.PublishMode != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.PublishMode))
+		i--
+		dAtA[i] = 0x28
 	}
-	if m.Protocol != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Protocol))
+	if m.PublishedPort != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.PublishedPort))
+		i--
+		dAtA[i] = 0x20
 	}
 	if m.TargetPort != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.TargetPort))
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.PublishedPort != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.PublishedPort))
+	if m.Protocol != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Protocol))
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.PublishMode != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.PublishMode))
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Driver) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4841,40 +7120,48 @@ func (m *Driver) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Driver) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Driver) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
-	}
 	if len(m.Options) > 0 {
-		for k, _ := range m.Options {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Options {
 			v := m.Options[k]
-			mapSize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
-			i = encodeVarintTypes(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *IPAMOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4882,39 +7169,48 @@ func (m *IPAMOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *IPAMOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *IPAMOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Driver != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Driver.Size()))
-		n25, err := m.Driver.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n25
-	}
 	if len(m.Configs) > 0 {
-		for _, msg := range m.Configs {
+		for iNdEx := len(m.Configs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Configs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
+			}
+			i--
 			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+		}
+	}
+	if m.Driver != nil {
+		{
+			size, err := m.Driver.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Peer) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4922,29 +7218,36 @@ func (m *Peer) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Peer) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Peer) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.NodeID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.NodeID)))
-		i += copy(dAtA[i:], m.NodeID)
-	}
 	if len(m.Addr) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Addr)
+		copy(dAtA[i:], m.Addr)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
-		i += copy(dAtA[i:], m.Addr)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.NodeID) > 0 {
+		i -= len(m.NodeID)
+		copy(dAtA[i:], m.NodeID)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.NodeID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WeightedPeer) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4952,32 +7255,39 @@ func (m *WeightedPeer) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WeightedPeer) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WeightedPeer) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Peer != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Peer.Size()))
-		n26, err := m.Peer.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n26
-	}
 	if m.Weight != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.Weight))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Peer != nil {
+		{
+			size, err := m.Peer.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *IssuanceStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -4985,28 +7295,34 @@ func (m *IssuanceStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *IssuanceStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *IssuanceStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.State != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.State))
-	}
 	if len(m.Err) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Err)
+		copy(dAtA[i:], m.Err)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Err)))
-		i += copy(dAtA[i:], m.Err)
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.State != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.State))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *AcceptancePolicy) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5014,29 +7330,36 @@ func (m *AcceptancePolicy) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *AcceptancePolicy) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AcceptancePolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Policies) > 0 {
-		for _, msg := range m.Policies {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Policies) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Policies[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *AcceptancePolicy_RoleAdmissionPolicy) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5044,42 +7367,49 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) Marshal() (dAtA []byte, err error
 }
 
 func (m *AcceptancePolicy_RoleAdmissionPolicy) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AcceptancePolicy_RoleAdmissionPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Role != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Role))
+	if m.Secret != nil {
+		{
+			size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
 	if m.Autoaccept {
-		dAtA[i] = 0x10
-		i++
+		i--
 		if m.Autoaccept {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.Secret != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Secret.Size()))
-		n27, err := m.Secret.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n27
+	if m.Role != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Role))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5087,29 +7417,36 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Marshal() (dAtA []byte, er
 }
 
 func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Data) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
-	}
 	if len(m.Alg) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Alg)
+		copy(dAtA[i:], m.Alg)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Alg)))
-		i += copy(dAtA[i:], m.Alg)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ExternalCA) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5117,51 +7454,60 @@ func (m *ExternalCA) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ExternalCA) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExternalCA) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
-	_ = l
-	if m.Protocol != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Protocol))
-	}
-	if len(m.URL) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.URL)))
-		i += copy(dAtA[i:], m.URL)
+	_ = l
+	if len(m.CACert) > 0 {
+		i -= len(m.CACert)
+		copy(dAtA[i:], m.CACert)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
+		i--
+		dAtA[i] = 0x22
 	}
 	if len(m.Options) > 0 {
-		for k, _ := range m.Options {
-			dAtA[i] = 0x1a
-			i++
+		for k := range m.Options {
 			v := m.Options[k]
-			mapSize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
-			i = encodeVarintTypes(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintTypes(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintTypes(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if len(m.CACert) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
-		i += copy(dAtA[i:], m.CACert)
+	if len(m.URL) > 0 {
+		i -= len(m.URL)
+		copy(dAtA[i:], m.URL)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.URL)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Protocol != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Protocol))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CAConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5169,56 +7515,67 @@ func (m *CAConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CAConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CAConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.NodeCertExpiry != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.NodeCertExpiry.Size()))
-		n28, err := m.NodeCertExpiry.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n28
+	if m.ForceRotate != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.ForceRotate))
+		i--
+		dAtA[i] = 0x28
+	}
+	if len(m.SigningCAKey) > 0 {
+		i -= len(m.SigningCAKey)
+		copy(dAtA[i:], m.SigningCAKey)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.SigningCAKey)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.SigningCACert) > 0 {
+		i -= len(m.SigningCACert)
+		copy(dAtA[i:], m.SigningCACert)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.SigningCACert)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.ExternalCAs) > 0 {
-		for _, msg := range m.ExternalCAs {
+		for iNdEx := len(m.ExternalCAs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ExternalCAs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
+			}
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+		}
+	}
+	if m.NodeCertExpiry != nil {
+		{
+			size, err := m.NodeCertExpiry.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	if len(m.SigningCACert) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.SigningCACert)))
-		i += copy(dAtA[i:], m.SigningCACert)
-	}
-	if len(m.SigningCAKey) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.SigningCAKey)))
-		i += copy(dAtA[i:], m.SigningCAKey)
-	}
-	if m.ForceRotate != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.ForceRotate))
-	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *OrchestrationConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5226,22 +7583,27 @@ func (m *OrchestrationConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *OrchestrationConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *OrchestrationConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.TaskHistoryRetentionLimit != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.TaskHistoryRetentionLimit))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TaskDefaults) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5249,27 +7611,34 @@ func (m *TaskDefaults) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TaskDefaults) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TaskDefaults) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.LogDriver != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.LogDriver.Size()))
-		n29, err := m.LogDriver.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.LogDriver.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n29
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DispatcherConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5277,27 +7646,34 @@ func (m *DispatcherConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DispatcherConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DispatcherConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.HeartbeatPeriod != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.HeartbeatPeriod.Size()))
-		n30, err := m.HeartbeatPeriod.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.HeartbeatPeriod.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n30
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *RaftConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5305,42 +7681,47 @@ func (m *RaftConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RaftConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RaftConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.SnapshotInterval != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.SnapshotInterval))
+	if m.ElectionTick != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.ElectionTick))
+		i--
+		dAtA[i] = 0x28
 	}
-	if m.KeepOldSnapshots != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.KeepOldSnapshots))
+	if m.HeartbeatTick != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.HeartbeatTick))
+		i--
+		dAtA[i] = 0x20
 	}
 	if m.LogEntriesForSlowFollowers != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintTypes(dAtA, i, uint64(m.LogEntriesForSlowFollowers))
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.HeartbeatTick != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.HeartbeatTick))
+	if m.KeepOldSnapshots != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.KeepOldSnapshots))
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.ElectionTick != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.ElectionTick))
+	if m.SnapshotInterval != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.SnapshotInterval))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *EncryptionConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5348,27 +7729,32 @@ func (m *EncryptionConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *EncryptionConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *EncryptionConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.AutoLockManagers {
-		dAtA[i] = 0x8
-		i++
+		i--
 		if m.AutoLockManagers {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SpreadOver) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5376,23 +7762,29 @@ func (m *SpreadOver) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SpreadOver) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SpreadOver) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.SpreadDescriptor) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.SpreadDescriptor)
+		copy(dAtA[i:], m.SpreadDescriptor)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.SpreadDescriptor)))
-		i += copy(dAtA[i:], m.SpreadDescriptor)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *PlacementPreference) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5400,38 +7792,52 @@ func (m *PlacementPreference) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PlacementPreference) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PlacementPreference) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Preference != nil {
-		nn31, err := m.Preference.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.Preference.Size()
+			i -= size
+			if _, err := m.Preference.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn31
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *PlacementPreference_Spread) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PlacementPreference_Spread) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Spread != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Spread.Size()))
-		n32, err := m.Spread.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Spread.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n32
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Placement) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5439,56 +7845,64 @@ func (m *Placement) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Placement) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Placement) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Constraints) > 0 {
-		for _, s := range m.Constraints {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if m.MaxReplicas != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.MaxReplicas))
+		i--
+		dAtA[i] = 0x20
+	}
+	if len(m.Platforms) > 0 {
+		for iNdEx := len(m.Platforms) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Platforms[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
 	if len(m.Preferences) > 0 {
-		for _, msg := range m.Preferences {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Preferences) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Preferences[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintTypes(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	if len(m.Platforms) > 0 {
-		for _, msg := range m.Platforms {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintTypes(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
+	if len(m.Constraints) > 0 {
+		for iNdEx := len(m.Constraints) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Constraints[iNdEx])
+			copy(dAtA[i:], m.Constraints[iNdEx])
+			i = encodeVarintTypes(dAtA, i, uint64(len(m.Constraints[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *JoinTokens) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5496,29 +7910,36 @@ func (m *JoinTokens) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *JoinTokens) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *JoinTokens) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Worker) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Worker)))
-		i += copy(dAtA[i:], m.Worker)
-	}
 	if len(m.Manager) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Manager)
+		copy(dAtA[i:], m.Manager)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Manager)))
-		i += copy(dAtA[i:], m.Manager)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Worker) > 0 {
+		i -= len(m.Worker)
+		copy(dAtA[i:], m.Worker)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Worker)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *RootCA) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5526,58 +7947,70 @@ func (m *RootCA) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RootCA) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RootCA) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.CAKey) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CAKey)))
-		i += copy(dAtA[i:], m.CAKey)
-	}
-	if len(m.CACert) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
-		i += copy(dAtA[i:], m.CACert)
-	}
-	if len(m.CACertHash) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CACertHash)))
-		i += copy(dAtA[i:], m.CACertHash)
-	}
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintTypes(dAtA, i, uint64(m.JoinTokens.Size()))
-	n33, err := m.JoinTokens.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.LastForcedRotation != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.LastForcedRotation))
+		i--
+		dAtA[i] = 0x30
 	}
-	i += n33
 	if m.RootRotation != nil {
+		{
+			size, err := m.RootRotation.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.RootRotation.Size()))
-		n34, err := m.RootRotation.MarshalTo(dAtA[i:])
+	}
+	{
+		size, err := m.JoinTokens.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n34
+		i -= size
+		i = encodeVarintTypes(dAtA, i, uint64(size))
 	}
-	if m.LastForcedRotation != 0 {
-		dAtA[i] = 0x30
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.LastForcedRotation))
+	i--
+	dAtA[i] = 0x22
+	if len(m.CACertHash) > 0 {
+		i -= len(m.CACertHash)
+		copy(dAtA[i:], m.CACertHash)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CACertHash)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.CACert) > 0 {
+		i -= len(m.CACert)
+		copy(dAtA[i:], m.CACert)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.CAKey) > 0 {
+		i -= len(m.CAKey)
+		copy(dAtA[i:], m.CAKey)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CAKey)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Certificate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5585,48 +8018,58 @@ func (m *Certificate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Certificate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Certificate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Role != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Role))
-	}
-	if len(m.CSR) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CSR)))
-		i += copy(dAtA[i:], m.CSR)
-	}
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintTypes(dAtA, i, uint64(m.Status.Size()))
-	n35, err := m.Status.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.CN) > 0 {
+		i -= len(m.CN)
+		copy(dAtA[i:], m.CN)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CN)))
+		i--
+		dAtA[i] = 0x2a
 	}
-	i += n35
 	if len(m.Certificate) > 0 {
-		dAtA[i] = 0x22
-		i++
+		i -= len(m.Certificate)
+		copy(dAtA[i:], m.Certificate)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Certificate)))
-		i += copy(dAtA[i:], m.Certificate)
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.CN) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CN)))
-		i += copy(dAtA[i:], m.CN)
+	{
+		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintTypes(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x1a
+	if len(m.CSR) > 0 {
+		i -= len(m.CSR)
+		copy(dAtA[i:], m.CSR)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CSR)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Role != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Role))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *EncryptionKey) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5634,39 +8077,46 @@ func (m *EncryptionKey) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *EncryptionKey) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *EncryptionKey) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Subsystem) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Subsystem)))
-		i += copy(dAtA[i:], m.Subsystem)
-	}
-	if m.Algorithm != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Algorithm))
+	if m.LamportTime != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.LamportTime))
+		i--
+		dAtA[i] = 0x20
 	}
 	if len(m.Key) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.Key)
+		copy(dAtA[i:], m.Key)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Key)))
-		i += copy(dAtA[i:], m.Key)
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.LamportTime != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.LamportTime))
+	if m.Algorithm != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Algorithm))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Subsystem) > 0 {
+		i -= len(m.Subsystem)
+		copy(dAtA[i:], m.Subsystem)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Subsystem)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ManagerStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5674,43 +8124,49 @@ func (m *ManagerStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ManagerStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ManagerStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.RaftID != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.RaftID))
-	}
-	if len(m.Addr) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
-		i += copy(dAtA[i:], m.Addr)
+	if m.Reachability != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Reachability))
+		i--
+		dAtA[i] = 0x20
 	}
 	if m.Leader {
-		dAtA[i] = 0x18
-		i++
+		i--
 		if m.Leader {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.Reachability != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Reachability))
+	if len(m.Addr) > 0 {
+		i -= len(m.Addr)
+		copy(dAtA[i:], m.Addr)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.RaftID != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.RaftID))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *FileTarget) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5718,40 +8174,71 @@ func (m *FileTarget) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *FileTarget) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileTarget) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Name) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.Mode != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x20
+	}
+	if len(m.GID) > 0 {
+		i -= len(m.GID)
+		copy(dAtA[i:], m.GID)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.GID)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.UID) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.UID)
+		copy(dAtA[i:], m.UID)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.UID)))
-		i += copy(dAtA[i:], m.UID)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.GID) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.GID)))
-		i += copy(dAtA[i:], m.GID)
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
 	}
-	if m.Mode != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Mode))
+	return len(dAtA) - i, nil
+}
+
+func (m *RuntimeTarget) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return dAtA[:n], nil
+}
+
+func (m *RuntimeTarget) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RuntimeTarget) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	return len(dAtA) - i, nil
 }
 
 func (m *SecretReference) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5759,50 +8246,66 @@ func (m *SecretReference) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SecretReference) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SecretReference) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.SecretID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.SecretID)))
-		i += copy(dAtA[i:], m.SecretID)
+	if m.Target != nil {
+		{
+			size := m.Target.Size()
+			i -= size
+			if _, err := m.Target.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
+		}
 	}
 	if len(m.SecretName) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.SecretName)
+		copy(dAtA[i:], m.SecretName)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.SecretName)))
-		i += copy(dAtA[i:], m.SecretName)
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Target != nil {
-		nn36, err := m.Target.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += nn36
+	if len(m.SecretID) > 0 {
+		i -= len(m.SecretID)
+		copy(dAtA[i:], m.SecretID)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.SecretID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SecretReference_File) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SecretReference_File) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.File != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.File.Size()))
-		n37, err := m.File.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.File.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n37
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *ConfigReference) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5810,50 +8313,87 @@ func (m *ConfigReference) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ConfigReference) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ConfigReference) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ConfigID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.ConfigID)))
-		i += copy(dAtA[i:], m.ConfigID)
+	if m.Target != nil {
+		{
+			size := m.Target.Size()
+			i -= size
+			if _, err := m.Target.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
+		}
 	}
 	if len(m.ConfigName) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ConfigName)
+		copy(dAtA[i:], m.ConfigName)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.ConfigName)))
-		i += copy(dAtA[i:], m.ConfigName)
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Target != nil {
-		nn38, err := m.Target.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += nn38
+	if len(m.ConfigID) > 0 {
+		i -= len(m.ConfigID)
+		copy(dAtA[i:], m.ConfigID)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.ConfigID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ConfigReference_File) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ConfigReference_File) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.File != nil {
+		{
+			size, err := m.File.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.File.Size()))
-		n39, err := m.File.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	return len(dAtA) - i, nil
+}
+func (m *ConfigReference_Runtime) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ConfigReference_Runtime) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Runtime != nil {
+		{
+			size, err := m.Runtime.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n39
+		i--
+		dAtA[i] = 0x22
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *BlacklistedCertificate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5861,27 +8401,34 @@ func (m *BlacklistedCertificate) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *BlacklistedCertificate) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BlacklistedCertificate) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Expiry != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Expiry.Size()))
-		n40, err := m.Expiry.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Expiry.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n40
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *HealthConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5889,67 +8436,72 @@ func (m *HealthConfig) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *HealthConfig) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HealthConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Test) > 0 {
-		for _, s := range m.Test {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if m.StartPeriod != nil {
+		{
+			size, err := m.StartPeriod.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	if m.Interval != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Interval.Size()))
-		n41, err := m.Interval.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n41
+	if m.Retries != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Retries))
+		i--
+		dAtA[i] = 0x20
 	}
 	if m.Timeout != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Timeout.Size()))
-		n42, err := m.Timeout.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Timeout.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n42
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.Retries != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Retries))
+	if m.Interval != nil {
+		{
+			size, err := m.Interval.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.StartPeriod != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.StartPeriod.Size()))
-		n43, err := m.StartPeriod.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Test) > 0 {
+		for iNdEx := len(m.Test) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Test[iNdEx])
+			copy(dAtA[i:], m.Test[iNdEx])
+			i = encodeVarintTypes(dAtA, i, uint64(len(m.Test[iNdEx])))
+			i--
+			dAtA[i] = 0xa
 		}
-		i += n43
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *MaybeEncryptedRecord) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5957,34 +8509,41 @@ func (m *MaybeEncryptedRecord) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *MaybeEncryptedRecord) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MaybeEncryptedRecord) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Algorithm != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.Algorithm))
+	if len(m.Nonce) > 0 {
+		i -= len(m.Nonce)
+		copy(dAtA[i:], m.Nonce)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Nonce)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.Data) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Nonce) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Nonce)))
-		i += copy(dAtA[i:], m.Nonce)
+	if m.Algorithm != 0 {
+		i = encodeVarintTypes(dAtA, i, uint64(m.Algorithm))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *RootRotation) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -5992,35 +8551,43 @@ func (m *RootRotation) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RootRotation) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RootRotation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.CACert) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
-		i += copy(dAtA[i:], m.CACert)
+	if len(m.CrossSignedCACert) > 0 {
+		i -= len(m.CrossSignedCACert)
+		copy(dAtA[i:], m.CrossSignedCACert)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CrossSignedCACert)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.CAKey) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.CAKey)
+		copy(dAtA[i:], m.CAKey)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.CAKey)))
-		i += copy(dAtA[i:], m.CAKey)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.CrossSignedCACert) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.CrossSignedCACert)))
-		i += copy(dAtA[i:], m.CrossSignedCACert)
+	if len(m.CACert) > 0 {
+		i -= len(m.CACert)
+		copy(dAtA[i:], m.CACert)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Privileges) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -6028,37 +8595,46 @@ func (m *Privileges) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Privileges) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Privileges) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.CredentialSpec != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.CredentialSpec.Size()))
-		n44, err := m.CredentialSpec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n44
-	}
 	if m.SELinuxContext != nil {
+		{
+			size, err := m.SELinuxContext.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(m.SELinuxContext.Size()))
-		n45, err := m.SELinuxContext.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	if m.CredentialSpec != nil {
+		{
+			size, err := m.CredentialSpec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
 		}
-		i += n45
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Privileges_CredentialSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -6066,40 +8642,73 @@ func (m *Privileges_CredentialSpec) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Privileges_CredentialSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Privileges_CredentialSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Source != nil {
-		nn46, err := m.Source.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.Source.Size()
+			i -= size
+			if _, err := m.Source.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn46
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Privileges_CredentialSpec_File) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0xa
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Privileges_CredentialSpec_File) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.File)
+	copy(dAtA[i:], m.File)
 	i = encodeVarintTypes(dAtA, i, uint64(len(m.File)))
-	i += copy(dAtA[i:], m.File)
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 func (m *Privileges_CredentialSpec_Registry) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x12
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Privileges_CredentialSpec_Registry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.Registry)
+	copy(dAtA[i:], m.Registry)
 	i = encodeVarintTypes(dAtA, i, uint64(len(m.Registry)))
-	i += copy(dAtA[i:], m.Registry)
-	return i, nil
+	i--
+	dAtA[i] = 0x12
+	return len(dAtA) - i, nil
+}
+func (m *Privileges_CredentialSpec_Config) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Privileges_CredentialSpec_Config) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.Config)
+	copy(dAtA[i:], m.Config)
+	i = encodeVarintTypes(dAtA, i, uint64(len(m.Config)))
+	i--
+	dAtA[i] = 0x1a
+	return len(dAtA) - i, nil
 }
 func (m *Privileges_SELinuxContext) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -6107,58 +8716,116 @@ func (m *Privileges_SELinuxContext) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Privileges_SELinuxContext) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Privileges_SELinuxContext) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if len(m.Level) > 0 {
+		i -= len(m.Level)
+		copy(dAtA[i:], m.Level)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Level)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if len(m.Type) > 0 {
+		i -= len(m.Type)
+		copy(dAtA[i:], m.Type)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.Role) > 0 {
+		i -= len(m.Role)
+		copy(dAtA[i:], m.Role)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Role)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.User) > 0 {
+		i -= len(m.User)
+		copy(dAtA[i:], m.User)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
+		i--
+		dAtA[i] = 0x12
+	}
 	if m.Disable {
-		dAtA[i] = 0x8
-		i++
+		i--
 		if m.Disable {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if len(m.User) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
-		i += copy(dAtA[i:], m.User)
+		i--
+		dAtA[i] = 0x8
 	}
-	if len(m.Role) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Role)))
-		i += copy(dAtA[i:], m.Role)
+	return len(dAtA) - i, nil
+}
+
+func (m *JobStatus) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	if len(m.Type) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
-		i += copy(dAtA[i:], m.Type)
+	return dAtA[:n], nil
+}
+
+func (m *JobStatus) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *JobStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LastExecution != nil {
+		{
+			size, err := m.LastExecution.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintTypes(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Level) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintTypes(dAtA, i, uint64(len(m.Level)))
-		i += copy(dAtA[i:], m.Level)
+	{
+		size, err := m.JobIteration.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintTypes(dAtA, i, uint64(size))
 	}
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintTypes(dAtA []byte, offset int, v uint64) int {
+	offset -= sovTypes(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
-
 func (m *Version) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Index != 0 {
@@ -6168,6 +8835,9 @@ func (m *Version) Size() (n int) {
 }
 
 func (m *IndexEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Key)
@@ -6182,6 +8852,9 @@ func (m *IndexEntry) Size() (n int) {
 }
 
 func (m *Annotations) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -6206,6 +8879,9 @@ func (m *Annotations) Size() (n int) {
 }
 
 func (m *NamedGenericResource) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Kind)
@@ -6220,6 +8896,9 @@ func (m *NamedGenericResource) Size() (n int) {
 }
 
 func (m *DiscreteGenericResource) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Kind)
@@ -6233,6 +8912,9 @@ func (m *DiscreteGenericResource) Size() (n int) {
 }
 
 func (m *GenericResource) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Resource != nil {
@@ -6242,6 +8924,9 @@ func (m *GenericResource) Size() (n int) {
 }
 
 func (m *GenericResource_NamedResourceSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.NamedResourceSpec != nil {
@@ -6251,6 +8936,9 @@ func (m *GenericResource_NamedResourceSpec) Size() (n int) {
 	return n
 }
 func (m *GenericResource_DiscreteResourceSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.DiscreteResourceSpec != nil {
@@ -6260,6 +8948,9 @@ func (m *GenericResource_DiscreteResourceSpec) Size() (n int) {
 	return n
 }
 func (m *Resources) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.NanoCPUs != 0 {
@@ -6278,6 +8969,9 @@ func (m *Resources) Size() (n int) {
 }
 
 func (m *ResourceRequirements) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Limits != nil {
@@ -6288,10 +8982,21 @@ func (m *ResourceRequirements) Size() (n int) {
 		l = m.Reservations.Size()
 		n += 1 + l + sovTypes(uint64(l))
 	}
+	if m.SwapBytes != nil {
+		l = m.SwapBytes.Size()
+		n += 1 + l + sovTypes(uint64(l))
+	}
+	if m.MemorySwappiness != nil {
+		l = m.MemorySwappiness.Size()
+		n += 1 + l + sovTypes(uint64(l))
+	}
 	return n
 }
 
 func (m *Platform) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Architecture)
@@ -6306,6 +9011,9 @@ func (m *Platform) Size() (n int) {
 }
 
 func (m *PluginDescription) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Type)
@@ -6320,6 +9028,9 @@ func (m *PluginDescription) Size() (n int) {
 }
 
 func (m *EngineDescription) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.EngineVersion)
@@ -6344,6 +9055,9 @@ func (m *EngineDescription) Size() (n int) {
 }
 
 func (m *NodeDescription) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Hostname)
@@ -6373,6 +9087,9 @@ func (m *NodeDescription) Size() (n int) {
 }
 
 func (m *NodeTLSInfo) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.TrustRoot)
@@ -6391,6 +9108,9 @@ func (m *NodeTLSInfo) Size() (n int) {
 }
 
 func (m *RaftMemberStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Leader {
@@ -6407,6 +9127,9 @@ func (m *RaftMemberStatus) Size() (n int) {
 }
 
 func (m *NodeStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.State != 0 {
@@ -6424,6 +9147,9 @@ func (m *NodeStatus) Size() (n int) {
 }
 
 func (m *Image) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Reference)
@@ -6434,6 +9160,9 @@ func (m *Image) Size() (n int) {
 }
 
 func (m *Mount) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Type != 0 {
@@ -6469,15 +9198,24 @@ func (m *Mount) Size() (n int) {
 }
 
 func (m *Mount_BindOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Propagation != 0 {
 		n += 1 + sovTypes(uint64(m.Propagation))
 	}
+	if m.NonRecursive {
+		n += 2
+	}
 	return n
 }
 
 func (m *Mount_VolumeOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.NoCopy {
@@ -6499,6 +9237,9 @@ func (m *Mount_VolumeOptions) Size() (n int) {
 }
 
 func (m *Mount_TmpfsOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.SizeBytes != 0 {
@@ -6507,10 +9248,17 @@ func (m *Mount_TmpfsOptions) Size() (n int) {
 	if m.Mode != 0 {
 		n += 1 + sovTypes(uint64(m.Mode))
 	}
+	l = len(m.Options)
+	if l > 0 {
+		n += 1 + l + sovTypes(uint64(l))
+	}
 	return n
 }
 
 func (m *RestartPolicy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Condition != 0 {
@@ -6531,12 +9279,15 @@ func (m *RestartPolicy) Size() (n int) {
 }
 
 func (m *UpdateConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Parallelism != 0 {
 		n += 1 + sovTypes(uint64(m.Parallelism))
 	}
-	l = types.SizeOfStdDuration(m.Delay)
+	l = github_com_gogo_protobuf_types.SizeOfStdDuration(m.Delay)
 	n += 1 + l + sovTypes(uint64(l))
 	if m.FailureAction != 0 {
 		n += 1 + sovTypes(uint64(m.FailureAction))
@@ -6555,6 +9306,9 @@ func (m *UpdateConfig) Size() (n int) {
 }
 
 func (m *UpdateStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.State != 0 {
@@ -6576,6 +9330,9 @@ func (m *UpdateStatus) Size() (n int) {
 }
 
 func (m *ContainerStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ContainerID)
@@ -6592,6 +9349,9 @@ func (m *ContainerStatus) Size() (n int) {
 }
 
 func (m *PortStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Ports) > 0 {
@@ -6604,6 +9364,9 @@ func (m *PortStatus) Size() (n int) {
 }
 
 func (m *TaskStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Timestamp != nil {
@@ -6640,6 +9403,9 @@ func (m *TaskStatus) Size() (n int) {
 }
 
 func (m *TaskStatus_Container) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Container != nil {
@@ -6649,6 +9415,9 @@ func (m *TaskStatus_Container) Size() (n int) {
 	return n
 }
 func (m *NetworkAttachmentConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Target)
@@ -6679,6 +9448,9 @@ func (m *NetworkAttachmentConfig) Size() (n int) {
 }
 
 func (m *IPAMConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Family != 0 {
@@ -6708,6 +9480,9 @@ func (m *IPAMConfig) Size() (n int) {
 }
 
 func (m *PortConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -6730,6 +9505,9 @@ func (m *PortConfig) Size() (n int) {
 }
 
 func (m *Driver) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -6748,6 +9526,9 @@ func (m *Driver) Size() (n int) {
 }
 
 func (m *IPAMOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Driver != nil {
@@ -6764,6 +9545,9 @@ func (m *IPAMOptions) Size() (n int) {
 }
 
 func (m *Peer) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.NodeID)
@@ -6778,6 +9562,9 @@ func (m *Peer) Size() (n int) {
 }
 
 func (m *WeightedPeer) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Peer != nil {
@@ -6791,6 +9578,9 @@ func (m *WeightedPeer) Size() (n int) {
 }
 
 func (m *IssuanceStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.State != 0 {
@@ -6804,6 +9594,9 @@ func (m *IssuanceStatus) Size() (n int) {
 }
 
 func (m *AcceptancePolicy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Policies) > 0 {
@@ -6816,6 +9609,9 @@ func (m *AcceptancePolicy) Size() (n int) {
 }
 
 func (m *AcceptancePolicy_RoleAdmissionPolicy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Role != 0 {
@@ -6832,6 +9628,9 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) Size() (n int) {
 }
 
 func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Data)
@@ -6846,6 +9645,9 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Size() (n int) {
 }
 
 func (m *ExternalCA) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Protocol != 0 {
@@ -6871,6 +9673,9 @@ func (m *ExternalCA) Size() (n int) {
 }
 
 func (m *CAConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.NodeCertExpiry != nil {
@@ -6898,6 +9703,9 @@ func (m *CAConfig) Size() (n int) {
 }
 
 func (m *OrchestrationConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.TaskHistoryRetentionLimit != 0 {
@@ -6907,6 +9715,9 @@ func (m *OrchestrationConfig) Size() (n int) {
 }
 
 func (m *TaskDefaults) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.LogDriver != nil {
@@ -6917,6 +9728,9 @@ func (m *TaskDefaults) Size() (n int) {
 }
 
 func (m *DispatcherConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.HeartbeatPeriod != nil {
@@ -6927,6 +9741,9 @@ func (m *DispatcherConfig) Size() (n int) {
 }
 
 func (m *RaftConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.SnapshotInterval != 0 {
@@ -6948,6 +9765,9 @@ func (m *RaftConfig) Size() (n int) {
 }
 
 func (m *EncryptionConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.AutoLockManagers {
@@ -6957,6 +9777,9 @@ func (m *EncryptionConfig) Size() (n int) {
 }
 
 func (m *SpreadOver) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.SpreadDescriptor)
@@ -6967,6 +9790,9 @@ func (m *SpreadOver) Size() (n int) {
 }
 
 func (m *PlacementPreference) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Preference != nil {
@@ -6976,6 +9802,9 @@ func (m *PlacementPreference) Size() (n int) {
 }
 
 func (m *PlacementPreference_Spread) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Spread != nil {
@@ -6985,6 +9814,9 @@ func (m *PlacementPreference_Spread) Size() (n int) {
 	return n
 }
 func (m *Placement) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Constraints) > 0 {
@@ -7005,10 +9837,16 @@ func (m *Placement) Size() (n int) {
 			n += 1 + l + sovTypes(uint64(l))
 		}
 	}
+	if m.MaxReplicas != 0 {
+		n += 1 + sovTypes(uint64(m.MaxReplicas))
+	}
 	return n
 }
 
 func (m *JoinTokens) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Worker)
@@ -7023,6 +9861,9 @@ func (m *JoinTokens) Size() (n int) {
 }
 
 func (m *RootCA) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.CAKey)
@@ -7050,6 +9891,9 @@ func (m *RootCA) Size() (n int) {
 }
 
 func (m *Certificate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Role != 0 {
@@ -7073,6 +9917,9 @@ func (m *Certificate) Size() (n int) {
 }
 
 func (m *EncryptionKey) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Subsystem)
@@ -7093,6 +9940,9 @@ func (m *EncryptionKey) Size() (n int) {
 }
 
 func (m *ManagerStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.RaftID != 0 {
@@ -7112,6 +9962,9 @@ func (m *ManagerStatus) Size() (n int) {
 }
 
 func (m *FileTarget) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -7132,7 +9985,19 @@ func (m *FileTarget) Size() (n int) {
 	return n
 }
 
+func (m *RuntimeTarget) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	return n
+}
+
 func (m *SecretReference) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.SecretID)
@@ -7150,6 +10015,9 @@ func (m *SecretReference) Size() (n int) {
 }
 
 func (m *SecretReference_File) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.File != nil {
@@ -7159,6 +10027,9 @@ func (m *SecretReference_File) Size() (n int) {
 	return n
 }
 func (m *ConfigReference) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ConfigID)
@@ -7176,6 +10047,9 @@ func (m *ConfigReference) Size() (n int) {
 }
 
 func (m *ConfigReference_File) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.File != nil {
@@ -7184,7 +10058,22 @@ func (m *ConfigReference_File) Size() (n int) {
 	}
 	return n
 }
+func (m *ConfigReference_Runtime) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Runtime != nil {
+		l = m.Runtime.Size()
+		n += 1 + l + sovTypes(uint64(l))
+	}
+	return n
+}
 func (m *BlacklistedCertificate) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Expiry != nil {
@@ -7195,6 +10084,9 @@ func (m *BlacklistedCertificate) Size() (n int) {
 }
 
 func (m *HealthConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Test) > 0 {
@@ -7222,6 +10114,9 @@ func (m *HealthConfig) Size() (n int) {
 }
 
 func (m *MaybeEncryptedRecord) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Algorithm != 0 {
@@ -7239,6 +10134,9 @@ func (m *MaybeEncryptedRecord) Size() (n int) {
 }
 
 func (m *RootRotation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.CACert)
@@ -7257,6 +10155,9 @@ func (m *RootRotation) Size() (n int) {
 }
 
 func (m *Privileges) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.CredentialSpec != nil {
@@ -7271,6 +10172,9 @@ func (m *Privileges) Size() (n int) {
 }
 
 func (m *Privileges_CredentialSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Source != nil {
@@ -7280,20 +10184,39 @@ func (m *Privileges_CredentialSpec) Size() (n int) {
 }
 
 func (m *Privileges_CredentialSpec_File) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.File)
 	n += 1 + l + sovTypes(uint64(l))
 	return n
 }
-func (m *Privileges_CredentialSpec_Registry) Size() (n int) {
+func (m *Privileges_CredentialSpec_Registry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Registry)
+	n += 1 + l + sovTypes(uint64(l))
+	return n
+}
+func (m *Privileges_CredentialSpec_Config) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
-	l = len(m.Registry)
+	l = len(m.Config)
 	n += 1 + l + sovTypes(uint64(l))
 	return n
 }
 func (m *Privileges_SELinuxContext) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Disable {
@@ -7318,16 +10241,24 @@ func (m *Privileges_SELinuxContext) Size() (n int) {
 	return n
 }
 
-func sovTypes(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
+func (m *JobStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.JobIteration.Size()
+	n += 1 + l + sovTypes(uint64(l))
+	if m.LastExecution != nil {
+		l = m.LastExecution.Size()
+		n += 1 + l + sovTypes(uint64(l))
 	}
 	return n
 }
+
+func sovTypes(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
 func sozTypes(x uint64) (n int) {
 	return sovTypes(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
@@ -7356,11 +10287,16 @@ func (this *Annotations) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForIndices := "[]IndexEntry{"
+	for _, f := range this.Indices {
+		repeatedStringForIndices += strings.Replace(strings.Replace(f.String(), "IndexEntry", "IndexEntry", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForIndices += "}"
 	keysForLabels := make([]string, 0, len(this.Labels))
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -7369,7 +10305,7 @@ func (this *Annotations) String() string {
 	s := strings.Join([]string{`&Annotations{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
-		`Indices:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Indices), "IndexEntry", "IndexEntry", 1), `&`, ``, 1) + `,`,
+		`Indices:` + repeatedStringForIndices + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7430,10 +10366,15 @@ func (this *Resources) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForGeneric := "[]*GenericResource{"
+	for _, f := range this.Generic {
+		repeatedStringForGeneric += strings.Replace(f.String(), "GenericResource", "GenericResource", 1) + ","
+	}
+	repeatedStringForGeneric += "}"
 	s := strings.Join([]string{`&Resources{`,
 		`NanoCPUs:` + fmt.Sprintf("%v", this.NanoCPUs) + `,`,
 		`MemoryBytes:` + fmt.Sprintf("%v", this.MemoryBytes) + `,`,
-		`Generic:` + strings.Replace(fmt.Sprintf("%v", this.Generic), "GenericResource", "GenericResource", 1) + `,`,
+		`Generic:` + repeatedStringForGeneric + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7443,8 +10384,10 @@ func (this *ResourceRequirements) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&ResourceRequirements{`,
-		`Limits:` + strings.Replace(fmt.Sprintf("%v", this.Limits), "Resources", "Resources", 1) + `,`,
-		`Reservations:` + strings.Replace(fmt.Sprintf("%v", this.Reservations), "Resources", "Resources", 1) + `,`,
+		`Limits:` + strings.Replace(this.Limits.String(), "Resources", "Resources", 1) + `,`,
+		`Reservations:` + strings.Replace(this.Reservations.String(), "Resources", "Resources", 1) + `,`,
+		`SwapBytes:` + strings.Replace(fmt.Sprintf("%v", this.SwapBytes), "Int64Value", "types.Int64Value", 1) + `,`,
+		`MemorySwappiness:` + strings.Replace(fmt.Sprintf("%v", this.MemorySwappiness), "Int64Value", "types.Int64Value", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7475,11 +10418,16 @@ func (this *EngineDescription) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForPlugins := "[]PluginDescription{"
+	for _, f := range this.Plugins {
+		repeatedStringForPlugins += strings.Replace(strings.Replace(f.String(), "PluginDescription", "PluginDescription", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForPlugins += "}"
 	keysForLabels := make([]string, 0, len(this.Labels))
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -7488,7 +10436,7 @@ func (this *EngineDescription) String() string {
 	s := strings.Join([]string{`&EngineDescription{`,
 		`EngineVersion:` + fmt.Sprintf("%v", this.EngineVersion) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
-		`Plugins:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Plugins), "PluginDescription", "PluginDescription", 1), `&`, ``, 1) + `,`,
+		`Plugins:` + repeatedStringForPlugins + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7499,10 +10447,10 @@ func (this *NodeDescription) String() string {
 	}
 	s := strings.Join([]string{`&NodeDescription{`,
 		`Hostname:` + fmt.Sprintf("%v", this.Hostname) + `,`,
-		`Platform:` + strings.Replace(fmt.Sprintf("%v", this.Platform), "Platform", "Platform", 1) + `,`,
-		`Resources:` + strings.Replace(fmt.Sprintf("%v", this.Resources), "Resources", "Resources", 1) + `,`,
-		`Engine:` + strings.Replace(fmt.Sprintf("%v", this.Engine), "EngineDescription", "EngineDescription", 1) + `,`,
-		`TLSInfo:` + strings.Replace(fmt.Sprintf("%v", this.TLSInfo), "NodeTLSInfo", "NodeTLSInfo", 1) + `,`,
+		`Platform:` + strings.Replace(this.Platform.String(), "Platform", "Platform", 1) + `,`,
+		`Resources:` + strings.Replace(this.Resources.String(), "Resources", "Resources", 1) + `,`,
+		`Engine:` + strings.Replace(this.Engine.String(), "EngineDescription", "EngineDescription", 1) + `,`,
+		`TLSInfo:` + strings.Replace(this.TLSInfo.String(), "NodeTLSInfo", "NodeTLSInfo", 1) + `,`,
 		`FIPS:` + fmt.Sprintf("%v", this.FIPS) + `,`,
 		`}`,
 	}, "")
@@ -7577,6 +10525,7 @@ func (this *Mount_BindOptions) String() string {
 	}
 	s := strings.Join([]string{`&Mount_BindOptions{`,
 		`Propagation:` + fmt.Sprintf("%v", this.Propagation) + `,`,
+		`NonRecursive:` + fmt.Sprintf("%v", this.NonRecursive) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7589,7 +10538,7 @@ func (this *Mount_VolumeOptions) String() string {
 	for k, _ := range this.Labels {
 		keysForLabels = append(keysForLabels, k)
 	}
-	sortkeys.Strings(keysForLabels)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForLabels)
 	mapStringForLabels := "map[string]string{"
 	for _, k := range keysForLabels {
 		mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k])
@@ -7598,7 +10547,7 @@ func (this *Mount_VolumeOptions) String() string {
 	s := strings.Join([]string{`&Mount_VolumeOptions{`,
 		`NoCopy:` + fmt.Sprintf("%v", this.NoCopy) + `,`,
 		`Labels:` + mapStringForLabels + `,`,
-		`DriverConfig:` + strings.Replace(fmt.Sprintf("%v", this.DriverConfig), "Driver", "Driver", 1) + `,`,
+		`DriverConfig:` + strings.Replace(this.DriverConfig.String(), "Driver", "Driver", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7610,6 +10559,7 @@ func (this *Mount_TmpfsOptions) String() string {
 	s := strings.Join([]string{`&Mount_TmpfsOptions{`,
 		`SizeBytes:` + fmt.Sprintf("%v", this.SizeBytes) + `,`,
 		`Mode:` + fmt.Sprintf("%v", this.Mode) + `,`,
+		`Options:` + fmt.Sprintf("%v", this.Options) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7620,9 +10570,9 @@ func (this *RestartPolicy) String() string {
 	}
 	s := strings.Join([]string{`&RestartPolicy{`,
 		`Condition:` + fmt.Sprintf("%v", this.Condition) + `,`,
-		`Delay:` + strings.Replace(fmt.Sprintf("%v", this.Delay), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`Delay:` + strings.Replace(fmt.Sprintf("%v", this.Delay), "Duration", "types.Duration", 1) + `,`,
 		`MaxAttempts:` + fmt.Sprintf("%v", this.MaxAttempts) + `,`,
-		`Window:` + strings.Replace(fmt.Sprintf("%v", this.Window), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`Window:` + strings.Replace(fmt.Sprintf("%v", this.Window), "Duration", "types.Duration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7633,9 +10583,9 @@ func (this *UpdateConfig) String() string {
 	}
 	s := strings.Join([]string{`&UpdateConfig{`,
 		`Parallelism:` + fmt.Sprintf("%v", this.Parallelism) + `,`,
-		`Delay:` + strings.Replace(strings.Replace(this.Delay.String(), "Duration", "google_protobuf1.Duration", 1), `&`, ``, 1) + `,`,
+		`Delay:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Delay), "Duration", "types.Duration", 1), `&`, ``, 1) + `,`,
 		`FailureAction:` + fmt.Sprintf("%v", this.FailureAction) + `,`,
-		`Monitor:` + strings.Replace(fmt.Sprintf("%v", this.Monitor), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`Monitor:` + strings.Replace(fmt.Sprintf("%v", this.Monitor), "Duration", "types.Duration", 1) + `,`,
 		`MaxFailureRatio:` + fmt.Sprintf("%v", this.MaxFailureRatio) + `,`,
 		`Order:` + fmt.Sprintf("%v", this.Order) + `,`,
 		`}`,
@@ -7648,8 +10598,8 @@ func (this *UpdateStatus) String() string {
 	}
 	s := strings.Join([]string{`&UpdateStatus{`,
 		`State:` + fmt.Sprintf("%v", this.State) + `,`,
-		`StartedAt:` + strings.Replace(fmt.Sprintf("%v", this.StartedAt), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
-		`CompletedAt:` + strings.Replace(fmt.Sprintf("%v", this.CompletedAt), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
+		`StartedAt:` + strings.Replace(fmt.Sprintf("%v", this.StartedAt), "Timestamp", "types.Timestamp", 1) + `,`,
+		`CompletedAt:` + strings.Replace(fmt.Sprintf("%v", this.CompletedAt), "Timestamp", "types.Timestamp", 1) + `,`,
 		`Message:` + fmt.Sprintf("%v", this.Message) + `,`,
 		`}`,
 	}, "")
@@ -7671,8 +10621,13 @@ func (this *PortStatus) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForPorts := "[]*PortConfig{"
+	for _, f := range this.Ports {
+		repeatedStringForPorts += strings.Replace(f.String(), "PortConfig", "PortConfig", 1) + ","
+	}
+	repeatedStringForPorts += "}"
 	s := strings.Join([]string{`&PortStatus{`,
-		`Ports:` + strings.Replace(fmt.Sprintf("%v", this.Ports), "PortConfig", "PortConfig", 1) + `,`,
+		`Ports:` + repeatedStringForPorts + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7682,14 +10637,14 @@ func (this *TaskStatus) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&TaskStatus{`,
-		`Timestamp:` + strings.Replace(fmt.Sprintf("%v", this.Timestamp), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
+		`Timestamp:` + strings.Replace(fmt.Sprintf("%v", this.Timestamp), "Timestamp", "types.Timestamp", 1) + `,`,
 		`State:` + fmt.Sprintf("%v", this.State) + `,`,
 		`Message:` + fmt.Sprintf("%v", this.Message) + `,`,
 		`Err:` + fmt.Sprintf("%v", this.Err) + `,`,
 		`RuntimeStatus:` + fmt.Sprintf("%v", this.RuntimeStatus) + `,`,
-		`PortStatus:` + strings.Replace(fmt.Sprintf("%v", this.PortStatus), "PortStatus", "PortStatus", 1) + `,`,
+		`PortStatus:` + strings.Replace(this.PortStatus.String(), "PortStatus", "PortStatus", 1) + `,`,
 		`AppliedBy:` + fmt.Sprintf("%v", this.AppliedBy) + `,`,
-		`AppliedAt:` + strings.Replace(fmt.Sprintf("%v", this.AppliedAt), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
+		`AppliedAt:` + strings.Replace(fmt.Sprintf("%v", this.AppliedAt), "Timestamp", "types.Timestamp", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7712,7 +10667,7 @@ func (this *NetworkAttachmentConfig) String() string {
 	for k, _ := range this.DriverAttachmentOpts {
 		keysForDriverAttachmentOpts = append(keysForDriverAttachmentOpts, k)
 	}
-	sortkeys.Strings(keysForDriverAttachmentOpts)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForDriverAttachmentOpts)
 	mapStringForDriverAttachmentOpts := "map[string]string{"
 	for _, k := range keysForDriverAttachmentOpts {
 		mapStringForDriverAttachmentOpts += fmt.Sprintf("%v: %v,", k, this.DriverAttachmentOpts[k])
@@ -7735,7 +10690,7 @@ func (this *IPAMConfig) String() string {
 	for k, _ := range this.Reserved {
 		keysForReserved = append(keysForReserved, k)
 	}
-	sortkeys.Strings(keysForReserved)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForReserved)
 	mapStringForReserved := "map[string]string{"
 	for _, k := range keysForReserved {
 		mapStringForReserved += fmt.Sprintf("%v: %v,", k, this.Reserved[k])
@@ -7773,7 +10728,7 @@ func (this *Driver) String() string {
 	for k, _ := range this.Options {
 		keysForOptions = append(keysForOptions, k)
 	}
-	sortkeys.Strings(keysForOptions)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForOptions)
 	mapStringForOptions := "map[string]string{"
 	for _, k := range keysForOptions {
 		mapStringForOptions += fmt.Sprintf("%v: %v,", k, this.Options[k])
@@ -7790,9 +10745,14 @@ func (this *IPAMOptions) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForConfigs := "[]*IPAMConfig{"
+	for _, f := range this.Configs {
+		repeatedStringForConfigs += strings.Replace(f.String(), "IPAMConfig", "IPAMConfig", 1) + ","
+	}
+	repeatedStringForConfigs += "}"
 	s := strings.Join([]string{`&IPAMOptions{`,
-		`Driver:` + strings.Replace(fmt.Sprintf("%v", this.Driver), "Driver", "Driver", 1) + `,`,
-		`Configs:` + strings.Replace(fmt.Sprintf("%v", this.Configs), "IPAMConfig", "IPAMConfig", 1) + `,`,
+		`Driver:` + strings.Replace(this.Driver.String(), "Driver", "Driver", 1) + `,`,
+		`Configs:` + repeatedStringForConfigs + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7813,7 +10773,7 @@ func (this *WeightedPeer) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&WeightedPeer{`,
-		`Peer:` + strings.Replace(fmt.Sprintf("%v", this.Peer), "Peer", "Peer", 1) + `,`,
+		`Peer:` + strings.Replace(this.Peer.String(), "Peer", "Peer", 1) + `,`,
 		`Weight:` + fmt.Sprintf("%v", this.Weight) + `,`,
 		`}`,
 	}, "")
@@ -7834,8 +10794,13 @@ func (this *AcceptancePolicy) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForPolicies := "[]*AcceptancePolicy_RoleAdmissionPolicy{"
+	for _, f := range this.Policies {
+		repeatedStringForPolicies += strings.Replace(fmt.Sprintf("%v", f), "AcceptancePolicy_RoleAdmissionPolicy", "AcceptancePolicy_RoleAdmissionPolicy", 1) + ","
+	}
+	repeatedStringForPolicies += "}"
 	s := strings.Join([]string{`&AcceptancePolicy{`,
-		`Policies:` + strings.Replace(fmt.Sprintf("%v", this.Policies), "AcceptancePolicy_RoleAdmissionPolicy", "AcceptancePolicy_RoleAdmissionPolicy", 1) + `,`,
+		`Policies:` + repeatedStringForPolicies + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7871,7 +10836,7 @@ func (this *ExternalCA) String() string {
 	for k, _ := range this.Options {
 		keysForOptions = append(keysForOptions, k)
 	}
-	sortkeys.Strings(keysForOptions)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForOptions)
 	mapStringForOptions := "map[string]string{"
 	for _, k := range keysForOptions {
 		mapStringForOptions += fmt.Sprintf("%v: %v,", k, this.Options[k])
@@ -7890,9 +10855,14 @@ func (this *CAConfig) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForExternalCAs := "[]*ExternalCA{"
+	for _, f := range this.ExternalCAs {
+		repeatedStringForExternalCAs += strings.Replace(f.String(), "ExternalCA", "ExternalCA", 1) + ","
+	}
+	repeatedStringForExternalCAs += "}"
 	s := strings.Join([]string{`&CAConfig{`,
-		`NodeCertExpiry:` + strings.Replace(fmt.Sprintf("%v", this.NodeCertExpiry), "Duration", "google_protobuf1.Duration", 1) + `,`,
-		`ExternalCAs:` + strings.Replace(fmt.Sprintf("%v", this.ExternalCAs), "ExternalCA", "ExternalCA", 1) + `,`,
+		`NodeCertExpiry:` + strings.Replace(fmt.Sprintf("%v", this.NodeCertExpiry), "Duration", "types.Duration", 1) + `,`,
+		`ExternalCAs:` + repeatedStringForExternalCAs + `,`,
 		`SigningCACert:` + fmt.Sprintf("%v", this.SigningCACert) + `,`,
 		`SigningCAKey:` + fmt.Sprintf("%v", this.SigningCAKey) + `,`,
 		`ForceRotate:` + fmt.Sprintf("%v", this.ForceRotate) + `,`,
@@ -7915,7 +10885,7 @@ func (this *TaskDefaults) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&TaskDefaults{`,
-		`LogDriver:` + strings.Replace(fmt.Sprintf("%v", this.LogDriver), "Driver", "Driver", 1) + `,`,
+		`LogDriver:` + strings.Replace(this.LogDriver.String(), "Driver", "Driver", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7925,7 +10895,7 @@ func (this *DispatcherConfig) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&DispatcherConfig{`,
-		`HeartbeatPeriod:` + strings.Replace(fmt.Sprintf("%v", this.HeartbeatPeriod), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`HeartbeatPeriod:` + strings.Replace(fmt.Sprintf("%v", this.HeartbeatPeriod), "Duration", "types.Duration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -7988,10 +10958,21 @@ func (this *Placement) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForPreferences := "[]*PlacementPreference{"
+	for _, f := range this.Preferences {
+		repeatedStringForPreferences += strings.Replace(f.String(), "PlacementPreference", "PlacementPreference", 1) + ","
+	}
+	repeatedStringForPreferences += "}"
+	repeatedStringForPlatforms := "[]*Platform{"
+	for _, f := range this.Platforms {
+		repeatedStringForPlatforms += strings.Replace(f.String(), "Platform", "Platform", 1) + ","
+	}
+	repeatedStringForPlatforms += "}"
 	s := strings.Join([]string{`&Placement{`,
 		`Constraints:` + fmt.Sprintf("%v", this.Constraints) + `,`,
-		`Preferences:` + strings.Replace(fmt.Sprintf("%v", this.Preferences), "PlacementPreference", "PlacementPreference", 1) + `,`,
-		`Platforms:` + strings.Replace(fmt.Sprintf("%v", this.Platforms), "Platform", "Platform", 1) + `,`,
+		`Preferences:` + repeatedStringForPreferences + `,`,
+		`Platforms:` + repeatedStringForPlatforms + `,`,
+		`MaxReplicas:` + fmt.Sprintf("%v", this.MaxReplicas) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -8016,7 +10997,7 @@ func (this *RootCA) String() string {
 		`CACert:` + fmt.Sprintf("%v", this.CACert) + `,`,
 		`CACertHash:` + fmt.Sprintf("%v", this.CACertHash) + `,`,
 		`JoinTokens:` + strings.Replace(strings.Replace(this.JoinTokens.String(), "JoinTokens", "JoinTokens", 1), `&`, ``, 1) + `,`,
-		`RootRotation:` + strings.Replace(fmt.Sprintf("%v", this.RootRotation), "RootRotation", "RootRotation", 1) + `,`,
+		`RootRotation:` + strings.Replace(this.RootRotation.String(), "RootRotation", "RootRotation", 1) + `,`,
 		`LastForcedRotation:` + fmt.Sprintf("%v", this.LastForcedRotation) + `,`,
 		`}`,
 	}, "")
@@ -8075,6 +11056,15 @@ func (this *FileTarget) String() string {
 	}, "")
 	return s
 }
+func (this *RuntimeTarget) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RuntimeTarget{`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *SecretReference) String() string {
 	if this == nil {
 		return "nil"
@@ -8119,12 +11109,22 @@ func (this *ConfigReference_File) String() string {
 	}, "")
 	return s
 }
+func (this *ConfigReference_Runtime) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ConfigReference_Runtime{`,
+		`Runtime:` + strings.Replace(fmt.Sprintf("%v", this.Runtime), "RuntimeTarget", "RuntimeTarget", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *BlacklistedCertificate) String() string {
 	if this == nil {
 		return "nil"
 	}
 	s := strings.Join([]string{`&BlacklistedCertificate{`,
-		`Expiry:` + strings.Replace(fmt.Sprintf("%v", this.Expiry), "Timestamp", "google_protobuf.Timestamp", 1) + `,`,
+		`Expiry:` + strings.Replace(fmt.Sprintf("%v", this.Expiry), "Timestamp", "types.Timestamp", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -8135,10 +11135,10 @@ func (this *HealthConfig) String() string {
 	}
 	s := strings.Join([]string{`&HealthConfig{`,
 		`Test:` + fmt.Sprintf("%v", this.Test) + `,`,
-		`Interval:` + strings.Replace(fmt.Sprintf("%v", this.Interval), "Duration", "google_protobuf1.Duration", 1) + `,`,
-		`Timeout:` + strings.Replace(fmt.Sprintf("%v", this.Timeout), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`Interval:` + strings.Replace(fmt.Sprintf("%v", this.Interval), "Duration", "types.Duration", 1) + `,`,
+		`Timeout:` + strings.Replace(fmt.Sprintf("%v", this.Timeout), "Duration", "types.Duration", 1) + `,`,
 		`Retries:` + fmt.Sprintf("%v", this.Retries) + `,`,
-		`StartPeriod:` + strings.Replace(fmt.Sprintf("%v", this.StartPeriod), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`StartPeriod:` + strings.Replace(fmt.Sprintf("%v", this.StartPeriod), "Duration", "types.Duration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -8208,6 +11208,16 @@ func (this *Privileges_CredentialSpec_Registry) String() string {
 	}, "")
 	return s
 }
+func (this *Privileges_CredentialSpec_Config) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Privileges_CredentialSpec_Config{`,
+		`Config:` + fmt.Sprintf("%v", this.Config) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *Privileges_SELinuxContext) String() string {
 	if this == nil {
 		return "nil"
@@ -8222,6 +11232,17 @@ func (this *Privileges_SELinuxContext) String() string {
 	}, "")
 	return s
 }
+func (this *JobStatus) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&JobStatus{`,
+		`JobIteration:` + strings.Replace(strings.Replace(this.JobIteration.String(), "Version", "Version", 1), `&`, ``, 1) + `,`,
+		`LastExecution:` + strings.Replace(fmt.Sprintf("%v", this.LastExecution), "Timestamp", "types.Timestamp", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func valueToStringTypes(v interface{}) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -8245,7 +11266,7 @@ func (m *Version) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8273,7 +11294,7 @@ func (m *Version) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Index |= (uint64(b) & 0x7F) << shift
+				m.Index |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8284,7 +11305,7 @@ func (m *Version) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -8314,7 +11335,7 @@ func (m *IndexEntry) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8342,7 +11363,7 @@ func (m *IndexEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8352,6 +11373,9 @@ func (m *IndexEntry) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8371,7 +11395,7 @@ func (m *IndexEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8381,6 +11405,9 @@ func (m *IndexEntry) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8392,7 +11419,7 @@ func (m *IndexEntry) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -8422,7 +11449,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8450,7 +11477,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8460,6 +11487,9 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8479,7 +11509,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8488,6 +11518,9 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8508,7 +11541,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -8525,7 +11558,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -8535,6 +11568,9 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -8551,7 +11587,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -8561,6 +11597,9 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -8572,7 +11611,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthTypes
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -8597,7 +11636,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8606,6 +11645,9 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8620,7 +11662,7 @@ func (m *Annotations) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -8650,7 +11692,7 @@ func (m *NamedGenericResource) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8678,7 +11720,7 @@ func (m *NamedGenericResource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8688,6 +11730,9 @@ func (m *NamedGenericResource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8707,7 +11752,7 @@ func (m *NamedGenericResource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8717,6 +11762,9 @@ func (m *NamedGenericResource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8728,7 +11776,7 @@ func (m *NamedGenericResource) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -8758,7 +11806,7 @@ func (m *DiscreteGenericResource) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8786,7 +11834,7 @@ func (m *DiscreteGenericResource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8796,6 +11844,9 @@ func (m *DiscreteGenericResource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8815,7 +11866,7 @@ func (m *DiscreteGenericResource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Value |= (int64(b) & 0x7F) << shift
+				m.Value |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8826,7 +11877,7 @@ func (m *DiscreteGenericResource) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -8856,7 +11907,7 @@ func (m *GenericResource) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8884,7 +11935,7 @@ func (m *GenericResource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8893,6 +11944,9 @@ func (m *GenericResource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8916,7 +11970,7 @@ func (m *GenericResource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -8925,6 +11979,9 @@ func (m *GenericResource) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -8940,7 +11997,7 @@ func (m *GenericResource) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -8970,7 +12027,7 @@ func (m *Resources) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -8998,7 +12055,7 @@ func (m *Resources) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.NanoCPUs |= (int64(b) & 0x7F) << shift
+				m.NanoCPUs |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9017,7 +12074,7 @@ func (m *Resources) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.MemoryBytes |= (int64(b) & 0x7F) << shift
+				m.MemoryBytes |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9036,7 +12093,7 @@ func (m *Resources) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9045,6 +12102,9 @@ func (m *Resources) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9059,7 +12119,7 @@ func (m *Resources) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -9089,7 +12149,7 @@ func (m *ResourceRequirements) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9117,7 +12177,7 @@ func (m *ResourceRequirements) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9126,6 +12186,9 @@ func (m *ResourceRequirements) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9150,7 +12213,7 @@ func (m *ResourceRequirements) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9159,6 +12222,9 @@ func (m *ResourceRequirements) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9169,13 +12235,85 @@ func (m *ResourceRequirements) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SwapBytes", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.SwapBytes == nil {
+				m.SwapBytes = &types.Int64Value{}
+			}
+			if err := m.SwapBytes.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MemorySwappiness", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.MemorySwappiness == nil {
+				m.MemorySwappiness = &types.Int64Value{}
+			}
+			if err := m.MemorySwappiness.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -9205,7 +12343,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9233,7 +12371,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9243,6 +12381,9 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9262,7 +12403,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9272,6 +12413,9 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9283,7 +12427,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -9313,7 +12457,7 @@ func (m *PluginDescription) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9341,7 +12485,7 @@ func (m *PluginDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9351,6 +12495,9 @@ func (m *PluginDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9370,7 +12517,7 @@ func (m *PluginDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9380,6 +12527,9 @@ func (m *PluginDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9391,7 +12541,7 @@ func (m *PluginDescription) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -9421,7 +12571,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9449,7 +12599,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9459,6 +12609,9 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9478,7 +12631,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9487,6 +12640,9 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9507,7 +12663,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -9524,7 +12680,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -9534,6 +12690,9 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -9550,7 +12709,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -9560,6 +12719,9 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -9571,7 +12733,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthTypes
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -9596,7 +12758,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9605,6 +12767,9 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9619,7 +12784,7 @@ func (m *EngineDescription) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -9649,7 +12814,7 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9677,7 +12842,7 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9687,6 +12852,9 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9706,7 +12874,7 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9715,6 +12883,9 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9739,7 +12910,7 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9748,6 +12919,9 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9772,7 +12946,7 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9781,6 +12955,9 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9805,7 +12982,7 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9814,6 +12991,9 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9838,7 +13018,7 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9850,7 +13030,7 @@ func (m *NodeDescription) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -9880,7 +13060,7 @@ func (m *NodeTLSInfo) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -9908,7 +13088,7 @@ func (m *NodeTLSInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9917,6 +13097,9 @@ func (m *NodeTLSInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9939,7 +13122,7 @@ func (m *NodeTLSInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9948,6 +13131,9 @@ func (m *NodeTLSInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9970,7 +13156,7 @@ func (m *NodeTLSInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -9979,6 +13165,9 @@ func (m *NodeTLSInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -9993,7 +13182,7 @@ func (m *NodeTLSInfo) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -10023,7 +13212,7 @@ func (m *RaftMemberStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10051,7 +13240,7 @@ func (m *RaftMemberStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10071,7 +13260,7 @@ func (m *RaftMemberStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Reachability |= (RaftMemberStatus_Reachability(b) & 0x7F) << shift
+				m.Reachability |= RaftMemberStatus_Reachability(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10090,7 +13279,7 @@ func (m *RaftMemberStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10100,6 +13289,9 @@ func (m *RaftMemberStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10111,7 +13303,7 @@ func (m *RaftMemberStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -10141,7 +13333,7 @@ func (m *NodeStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10169,7 +13361,7 @@ func (m *NodeStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.State |= (NodeStatus_State(b) & 0x7F) << shift
+				m.State |= NodeStatus_State(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10188,7 +13380,7 @@ func (m *NodeStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10198,6 +13390,9 @@ func (m *NodeStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10217,7 +13412,7 @@ func (m *NodeStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10227,6 +13422,9 @@ func (m *NodeStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10238,7 +13436,7 @@ func (m *NodeStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -10268,7 +13466,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10296,7 +13494,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10306,6 +13504,9 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10317,7 +13518,7 @@ func (m *Image) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -10347,7 +13548,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10375,7 +13576,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Type |= (Mount_MountType(b) & 0x7F) << shift
+				m.Type |= Mount_MountType(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10394,7 +13595,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10404,6 +13605,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10423,7 +13627,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10433,6 +13637,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10452,7 +13659,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10472,7 +13679,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10481,6 +13688,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10505,7 +13715,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10514,6 +13724,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10538,7 +13751,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10547,6 +13760,9 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10571,7 +13787,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Consistency |= (Mount_MountConsistency(b) & 0x7F) << shift
+				m.Consistency |= Mount_MountConsistency(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10582,7 +13798,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -10612,7 +13828,7 @@ func (m *Mount_BindOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10640,18 +13856,38 @@ func (m *Mount_BindOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Propagation |= (Mount_BindOptions_MountPropagation(b) & 0x7F) << shift
+				m.Propagation |= Mount_BindOptions_MountPropagation(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NonRecursive", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			m.NonRecursive = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -10681,7 +13917,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10709,7 +13945,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10729,7 +13965,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10738,6 +13974,9 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10758,7 +13997,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -10775,7 +14014,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -10785,6 +14024,9 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -10801,7 +14043,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -10811,6 +14053,9 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -10822,7 +14067,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthTypes
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -10847,7 +14092,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10856,6 +14101,9 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -10872,7 +14120,7 @@ func (m *Mount_VolumeOptions) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -10902,7 +14150,7 @@ func (m *Mount_TmpfsOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -10930,7 +14178,7 @@ func (m *Mount_TmpfsOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.SizeBytes |= (int64(b) & 0x7F) << shift
+				m.SizeBytes |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -10939,7 +14187,26 @@ func (m *Mount_TmpfsOptions) Unmarshal(dAtA []byte) error {
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
 			}
-			m.Mode = 0
+			m.Mode = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Mode |= os.FileMode(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType)
+			}
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
@@ -10949,18 +14216,31 @@ func (m *Mount_TmpfsOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Mode |= (os.FileMode(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Options = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -10990,7 +14270,7 @@ func (m *RestartPolicy) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11018,7 +14298,7 @@ func (m *RestartPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Condition |= (RestartPolicy_RestartCondition(b) & 0x7F) << shift
+				m.Condition |= RestartPolicy_RestartCondition(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11037,7 +14317,7 @@ func (m *RestartPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11046,11 +14326,14 @@ func (m *RestartPolicy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Delay == nil {
-				m.Delay = &google_protobuf1.Duration{}
+				m.Delay = &types.Duration{}
 			}
 			if err := m.Delay.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -11070,7 +14353,7 @@ func (m *RestartPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.MaxAttempts |= (uint64(b) & 0x7F) << shift
+				m.MaxAttempts |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11089,7 +14372,7 @@ func (m *RestartPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11098,11 +14381,14 @@ func (m *RestartPolicy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Window == nil {
-				m.Window = &google_protobuf1.Duration{}
+				m.Window = &types.Duration{}
 			}
 			if err := m.Window.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -11114,7 +14400,7 @@ func (m *RestartPolicy) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -11144,7 +14430,7 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11172,7 +14458,7 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Parallelism |= (uint64(b) & 0x7F) << shift
+				m.Parallelism |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11191,7 +14477,7 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11200,10 +14486,13 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdDurationUnmarshal(&m.Delay, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdDurationUnmarshal(&m.Delay, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -11221,7 +14510,7 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.FailureAction |= (UpdateConfig_FailureAction(b) & 0x7F) << shift
+				m.FailureAction |= UpdateConfig_FailureAction(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11240,7 +14529,7 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11249,11 +14538,14 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Monitor == nil {
-				m.Monitor = &google_protobuf1.Duration{}
+				m.Monitor = &types.Duration{}
 			}
 			if err := m.Monitor.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -11267,7 +14559,7 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 			if (iNdEx + 4) > l {
 				return io.ErrUnexpectedEOF
 			}
-			v = uint32(binary.LittleEndian.Uint32(dAtA[iNdEx:]))
+			v = uint32(encoding_binary.LittleEndian.Uint32(dAtA[iNdEx:]))
 			iNdEx += 4
 			m.MaxFailureRatio = float32(math.Float32frombits(v))
 		case 6:
@@ -11284,7 +14576,7 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Order |= (UpdateConfig_UpdateOrder(b) & 0x7F) << shift
+				m.Order |= UpdateConfig_UpdateOrder(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11295,7 +14587,7 @@ func (m *UpdateConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -11325,7 +14617,7 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11353,7 +14645,7 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.State |= (UpdateStatus_UpdateState(b) & 0x7F) << shift
+				m.State |= UpdateStatus_UpdateState(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11372,7 +14664,7 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11381,11 +14673,14 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.StartedAt == nil {
-				m.StartedAt = &google_protobuf.Timestamp{}
+				m.StartedAt = &types.Timestamp{}
 			}
 			if err := m.StartedAt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -11405,7 +14700,7 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11414,11 +14709,14 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.CompletedAt == nil {
-				m.CompletedAt = &google_protobuf.Timestamp{}
+				m.CompletedAt = &types.Timestamp{}
 			}
 			if err := m.CompletedAt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -11438,7 +14736,7 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11448,6 +14746,9 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -11459,7 +14760,7 @@ func (m *UpdateStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -11489,7 +14790,7 @@ func (m *ContainerStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11517,7 +14818,7 @@ func (m *ContainerStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11527,6 +14828,9 @@ func (m *ContainerStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -11546,7 +14850,7 @@ func (m *ContainerStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.PID |= (int32(b) & 0x7F) << shift
+				m.PID |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11565,7 +14869,7 @@ func (m *ContainerStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ExitCode |= (int32(b) & 0x7F) << shift
+				m.ExitCode |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11576,7 +14880,7 @@ func (m *ContainerStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -11606,7 +14910,7 @@ func (m *PortStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11634,7 +14938,7 @@ func (m *PortStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11643,6 +14947,9 @@ func (m *PortStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -11657,7 +14964,7 @@ func (m *PortStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -11687,7 +14994,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -11715,7 +15022,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11724,11 +15031,14 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Timestamp == nil {
-				m.Timestamp = &google_protobuf.Timestamp{}
+				m.Timestamp = &types.Timestamp{}
 			}
 			if err := m.Timestamp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -11748,7 +15058,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.State |= (TaskState(b) & 0x7F) << shift
+				m.State |= TaskState(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11767,7 +15077,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11777,6 +15087,9 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -11796,7 +15109,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11806,6 +15119,9 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -11825,7 +15141,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11834,6 +15150,9 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -11857,7 +15176,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11866,6 +15185,9 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -11890,7 +15212,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11900,6 +15222,9 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -11919,7 +15244,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -11928,11 +15253,14 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.AppliedAt == nil {
-				m.AppliedAt = &google_protobuf.Timestamp{}
+				m.AppliedAt = &types.Timestamp{}
 			}
 			if err := m.AppliedAt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -11944,7 +15272,7 @@ func (m *TaskStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -11974,7 +15302,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12002,7 +15330,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12012,6 +15340,9 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12031,7 +15362,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12041,6 +15372,9 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12060,7 +15394,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12070,6 +15404,9 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12089,7 +15426,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12098,6 +15435,9 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12118,7 +15458,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -12135,7 +15475,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -12145,6 +15485,9 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -12161,7 +15504,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -12171,6 +15514,9 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -12182,7 +15528,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthTypes
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -12199,7 +15545,7 @@ func (m *NetworkAttachmentConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -12229,7 +15575,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12257,7 +15603,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Family |= (IPAMConfig_AddressFamily(b) & 0x7F) << shift
+				m.Family |= IPAMConfig_AddressFamily(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12276,7 +15622,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12286,6 +15632,9 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12305,7 +15654,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12315,6 +15664,9 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12334,7 +15686,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12344,6 +15696,9 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12363,7 +15718,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12372,6 +15727,9 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12392,7 +15750,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -12409,7 +15767,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -12419,6 +15777,9 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -12435,7 +15796,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -12445,6 +15806,9 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -12456,7 +15820,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthTypes
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -12473,7 +15837,7 @@ func (m *IPAMConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -12503,7 +15867,7 @@ func (m *PortConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12531,7 +15895,7 @@ func (m *PortConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12541,6 +15905,9 @@ func (m *PortConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12560,7 +15927,7 @@ func (m *PortConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Protocol |= (PortConfig_Protocol(b) & 0x7F) << shift
+				m.Protocol |= PortConfig_Protocol(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12579,7 +15946,7 @@ func (m *PortConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.TargetPort |= (uint32(b) & 0x7F) << shift
+				m.TargetPort |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12598,7 +15965,7 @@ func (m *PortConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.PublishedPort |= (uint32(b) & 0x7F) << shift
+				m.PublishedPort |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12617,7 +15984,7 @@ func (m *PortConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.PublishMode |= (PortConfig_PublishMode(b) & 0x7F) << shift
+				m.PublishMode |= PortConfig_PublishMode(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12628,7 +15995,7 @@ func (m *PortConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -12658,7 +16025,7 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12686,7 +16053,7 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12696,6 +16063,9 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12715,7 +16085,7 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12724,6 +16094,9 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12744,7 +16117,7 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -12761,7 +16134,7 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -12771,6 +16144,9 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -12787,7 +16163,7 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -12797,6 +16173,9 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -12808,7 +16187,7 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthTypes
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -12825,7 +16204,7 @@ func (m *Driver) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -12855,7 +16234,7 @@ func (m *IPAMOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12883,7 +16262,7 @@ func (m *IPAMOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12892,6 +16271,9 @@ func (m *IPAMOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12916,7 +16298,7 @@ func (m *IPAMOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -12925,6 +16307,9 @@ func (m *IPAMOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -12939,7 +16324,7 @@ func (m *IPAMOptions) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -12969,7 +16354,7 @@ func (m *Peer) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -12997,7 +16382,7 @@ func (m *Peer) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13007,6 +16392,9 @@ func (m *Peer) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13026,7 +16414,7 @@ func (m *Peer) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13036,6 +16424,9 @@ func (m *Peer) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13047,7 +16438,7 @@ func (m *Peer) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -13077,7 +16468,7 @@ func (m *WeightedPeer) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13105,7 +16496,7 @@ func (m *WeightedPeer) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13114,6 +16505,9 @@ func (m *WeightedPeer) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13138,7 +16532,7 @@ func (m *WeightedPeer) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Weight |= (int64(b) & 0x7F) << shift
+				m.Weight |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13149,7 +16543,7 @@ func (m *WeightedPeer) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -13179,7 +16573,7 @@ func (m *IssuanceStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13207,7 +16601,7 @@ func (m *IssuanceStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.State |= (IssuanceStatus_State(b) & 0x7F) << shift
+				m.State |= IssuanceStatus_State(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13226,7 +16620,7 @@ func (m *IssuanceStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13236,6 +16630,9 @@ func (m *IssuanceStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13247,7 +16644,7 @@ func (m *IssuanceStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -13277,7 +16674,7 @@ func (m *AcceptancePolicy) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13305,7 +16702,7 @@ func (m *AcceptancePolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13314,6 +16711,9 @@ func (m *AcceptancePolicy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13328,7 +16728,7 @@ func (m *AcceptancePolicy) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -13358,7 +16758,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13386,7 +16786,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Role |= (NodeRole(b) & 0x7F) << shift
+				m.Role |= NodeRole(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13405,7 +16805,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13425,7 +16825,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13434,6 +16834,9 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13450,7 +16853,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -13480,7 +16883,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Unmarshal(dAtA []byte) err
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13508,7 +16911,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Unmarshal(dAtA []byte) err
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13517,6 +16920,9 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Unmarshal(dAtA []byte) err
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13539,7 +16945,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Unmarshal(dAtA []byte) err
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13549,6 +16955,9 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Unmarshal(dAtA []byte) err
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13560,7 +16969,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Unmarshal(dAtA []byte) err
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -13590,7 +16999,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13618,7 +17027,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Protocol |= (ExternalCA_CAProtocol(b) & 0x7F) << shift
+				m.Protocol |= ExternalCA_CAProtocol(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13637,7 +17046,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13647,6 +17056,9 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13666,7 +17078,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13675,6 +17087,9 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13695,7 +17110,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -13712,7 +17127,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -13722,6 +17137,9 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -13738,7 +17156,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -13748,6 +17166,9 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthTypes
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthTypes
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -13759,7 +17180,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthTypes
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -13784,7 +17205,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13793,6 +17214,9 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13807,7 +17231,7 @@ func (m *ExternalCA) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -13837,7 +17261,7 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -13865,7 +17289,7 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13874,11 +17298,14 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.NodeCertExpiry == nil {
-				m.NodeCertExpiry = &google_protobuf1.Duration{}
+				m.NodeCertExpiry = &types.Duration{}
 			}
 			if err := m.NodeCertExpiry.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -13898,7 +17325,7 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13907,6 +17334,9 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13929,7 +17359,7 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13938,6 +17368,9 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13960,7 +17393,7 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -13969,6 +17402,9 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -13991,7 +17427,7 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ForceRotate |= (uint64(b) & 0x7F) << shift
+				m.ForceRotate |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14002,7 +17438,7 @@ func (m *CAConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14032,7 +17468,7 @@ func (m *OrchestrationConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14060,7 +17496,7 @@ func (m *OrchestrationConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.TaskHistoryRetentionLimit |= (int64(b) & 0x7F) << shift
+				m.TaskHistoryRetentionLimit |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14071,7 +17507,7 @@ func (m *OrchestrationConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14101,7 +17537,7 @@ func (m *TaskDefaults) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14129,7 +17565,7 @@ func (m *TaskDefaults) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14138,6 +17574,9 @@ func (m *TaskDefaults) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14154,7 +17593,7 @@ func (m *TaskDefaults) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14184,7 +17623,7 @@ func (m *DispatcherConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14212,7 +17651,7 @@ func (m *DispatcherConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14221,11 +17660,14 @@ func (m *DispatcherConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.HeartbeatPeriod == nil {
-				m.HeartbeatPeriod = &google_protobuf1.Duration{}
+				m.HeartbeatPeriod = &types.Duration{}
 			}
 			if err := m.HeartbeatPeriod.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -14237,7 +17679,7 @@ func (m *DispatcherConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14267,7 +17709,7 @@ func (m *RaftConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14295,7 +17737,7 @@ func (m *RaftConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.SnapshotInterval |= (uint64(b) & 0x7F) << shift
+				m.SnapshotInterval |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14314,7 +17756,7 @@ func (m *RaftConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.KeepOldSnapshots |= (uint64(b) & 0x7F) << shift
+				m.KeepOldSnapshots |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14333,7 +17775,7 @@ func (m *RaftConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.LogEntriesForSlowFollowers |= (uint64(b) & 0x7F) << shift
+				m.LogEntriesForSlowFollowers |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14352,7 +17794,7 @@ func (m *RaftConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.HeartbeatTick |= (uint32(b) & 0x7F) << shift
+				m.HeartbeatTick |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14371,7 +17813,7 @@ func (m *RaftConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ElectionTick |= (uint32(b) & 0x7F) << shift
+				m.ElectionTick |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14382,7 +17824,7 @@ func (m *RaftConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14412,7 +17854,7 @@ func (m *EncryptionConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14440,7 +17882,7 @@ func (m *EncryptionConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14452,7 +17894,7 @@ func (m *EncryptionConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14482,7 +17924,7 @@ func (m *SpreadOver) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14510,7 +17952,7 @@ func (m *SpreadOver) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14520,6 +17962,9 @@ func (m *SpreadOver) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14531,7 +17976,7 @@ func (m *SpreadOver) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14561,7 +18006,7 @@ func (m *PlacementPreference) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14589,7 +18034,7 @@ func (m *PlacementPreference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14598,6 +18043,9 @@ func (m *PlacementPreference) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14613,7 +18061,7 @@ func (m *PlacementPreference) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14643,7 +18091,7 @@ func (m *Placement) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14671,7 +18119,7 @@ func (m *Placement) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14681,6 +18129,9 @@ func (m *Placement) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14700,7 +18151,7 @@ func (m *Placement) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14709,6 +18160,9 @@ func (m *Placement) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14731,7 +18185,7 @@ func (m *Placement) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14740,6 +18194,9 @@ func (m *Placement) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14748,13 +18205,32 @@ func (m *Placement) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MaxReplicas", wireType)
+			}
+			m.MaxReplicas = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.MaxReplicas |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14784,7 +18260,7 @@ func (m *JoinTokens) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14812,7 +18288,7 @@ func (m *JoinTokens) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14822,6 +18298,9 @@ func (m *JoinTokens) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14841,7 +18320,7 @@ func (m *JoinTokens) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14851,6 +18330,9 @@ func (m *JoinTokens) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14862,7 +18344,7 @@ func (m *JoinTokens) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -14892,7 +18374,7 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -14920,7 +18402,7 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14929,6 +18411,9 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14951,7 +18436,7 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14960,6 +18445,9 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -14982,7 +18470,7 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -14992,6 +18480,9 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15011,7 +18502,7 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15020,6 +18511,9 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15041,7 +18535,7 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15050,6 +18544,9 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15074,7 +18571,7 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.LastForcedRotation |= (uint64(b) & 0x7F) << shift
+				m.LastForcedRotation |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15085,7 +18582,7 @@ func (m *RootCA) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -15115,7 +18612,7 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15143,7 +18640,7 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Role |= (NodeRole(b) & 0x7F) << shift
+				m.Role |= NodeRole(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15162,7 +18659,7 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15171,6 +18668,9 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15193,7 +18693,7 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15202,6 +18702,9 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15223,7 +18726,7 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15232,6 +18735,9 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15254,7 +18760,7 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15264,6 +18770,9 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15275,7 +18784,7 @@ func (m *Certificate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -15305,7 +18814,7 @@ func (m *EncryptionKey) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15333,7 +18842,7 @@ func (m *EncryptionKey) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15343,6 +18852,9 @@ func (m *EncryptionKey) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15362,7 +18874,7 @@ func (m *EncryptionKey) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Algorithm |= (EncryptionKey_Algorithm(b) & 0x7F) << shift
+				m.Algorithm |= EncryptionKey_Algorithm(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15381,7 +18893,7 @@ func (m *EncryptionKey) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15390,6 +18902,9 @@ func (m *EncryptionKey) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15412,7 +18927,7 @@ func (m *EncryptionKey) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.LamportTime |= (uint64(b) & 0x7F) << shift
+				m.LamportTime |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15423,7 +18938,7 @@ func (m *EncryptionKey) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -15453,7 +18968,7 @@ func (m *ManagerStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15481,7 +18996,7 @@ func (m *ManagerStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.RaftID |= (uint64(b) & 0x7F) << shift
+				m.RaftID |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15500,7 +19015,7 @@ func (m *ManagerStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15510,6 +19025,9 @@ func (m *ManagerStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15529,7 +19047,7 @@ func (m *ManagerStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15549,7 +19067,7 @@ func (m *ManagerStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Reachability |= (RaftMemberStatus_Reachability(b) & 0x7F) << shift
+				m.Reachability |= RaftMemberStatus_Reachability(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15560,7 +19078,7 @@ func (m *ManagerStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -15590,7 +19108,7 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15618,7 +19136,7 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15628,6 +19146,9 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15647,7 +19168,7 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15657,6 +19178,9 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15676,7 +19200,7 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15686,6 +19210,9 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15705,7 +19232,7 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Mode |= (os.FileMode(b) & 0x7F) << shift
+				m.Mode |= os.FileMode(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15716,7 +19243,57 @@ func (m *FileTarget) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RuntimeTarget) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowTypes
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RuntimeTarget: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RuntimeTarget: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipTypes(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -15746,7 +19323,7 @@ func (m *SecretReference) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15774,7 +19351,7 @@ func (m *SecretReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15784,6 +19361,9 @@ func (m *SecretReference) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15803,7 +19383,7 @@ func (m *SecretReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15813,6 +19393,9 @@ func (m *SecretReference) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15832,7 +19415,7 @@ func (m *SecretReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15841,6 +19424,9 @@ func (m *SecretReference) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15856,7 +19442,7 @@ func (m *SecretReference) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -15886,7 +19472,7 @@ func (m *ConfigReference) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -15914,7 +19500,7 @@ func (m *ConfigReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15924,6 +19510,9 @@ func (m *ConfigReference) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15943,7 +19532,7 @@ func (m *ConfigReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15953,6 +19542,9 @@ func (m *ConfigReference) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15972,7 +19564,7 @@ func (m *ConfigReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -15981,6 +19573,9 @@ func (m *ConfigReference) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -15990,13 +19585,48 @@ func (m *ConfigReference) Unmarshal(dAtA []byte) error {
 			}
 			m.Target = &ConfigReference_File{v}
 			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Runtime", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &RuntimeTarget{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Target = &ConfigReference_Runtime{v}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -16026,7 +19656,7 @@ func (m *BlacklistedCertificate) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -16054,7 +19684,7 @@ func (m *BlacklistedCertificate) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16063,11 +19693,14 @@ func (m *BlacklistedCertificate) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Expiry == nil {
-				m.Expiry = &google_protobuf.Timestamp{}
+				m.Expiry = &types.Timestamp{}
 			}
 			if err := m.Expiry.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -16079,7 +19712,7 @@ func (m *BlacklistedCertificate) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -16109,7 +19742,7 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -16137,7 +19770,7 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16147,6 +19780,9 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16166,7 +19802,7 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16175,11 +19811,14 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Interval == nil {
-				m.Interval = &google_protobuf1.Duration{}
+				m.Interval = &types.Duration{}
 			}
 			if err := m.Interval.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -16199,7 +19838,7 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16208,11 +19847,14 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Timeout == nil {
-				m.Timeout = &google_protobuf1.Duration{}
+				m.Timeout = &types.Duration{}
 			}
 			if err := m.Timeout.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -16232,7 +19874,7 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Retries |= (int32(b) & 0x7F) << shift
+				m.Retries |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16251,7 +19893,7 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16260,11 +19902,14 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.StartPeriod == nil {
-				m.StartPeriod = &google_protobuf1.Duration{}
+				m.StartPeriod = &types.Duration{}
 			}
 			if err := m.StartPeriod.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -16276,7 +19921,7 @@ func (m *HealthConfig) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -16306,7 +19951,7 @@ func (m *MaybeEncryptedRecord) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -16334,7 +19979,7 @@ func (m *MaybeEncryptedRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Algorithm |= (MaybeEncryptedRecord_Algorithm(b) & 0x7F) << shift
+				m.Algorithm |= MaybeEncryptedRecord_Algorithm(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16353,7 +19998,7 @@ func (m *MaybeEncryptedRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16362,6 +20007,9 @@ func (m *MaybeEncryptedRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16384,7 +20032,7 @@ func (m *MaybeEncryptedRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16393,6 +20041,9 @@ func (m *MaybeEncryptedRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16407,7 +20058,7 @@ func (m *MaybeEncryptedRecord) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -16437,7 +20088,7 @@ func (m *RootRotation) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -16465,7 +20116,7 @@ func (m *RootRotation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16474,6 +20125,9 @@ func (m *RootRotation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16496,7 +20150,7 @@ func (m *RootRotation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16505,6 +20159,9 @@ func (m *RootRotation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16527,7 +20184,7 @@ func (m *RootRotation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16536,6 +20193,9 @@ func (m *RootRotation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16550,7 +20210,7 @@ func (m *RootRotation) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -16580,7 +20240,7 @@ func (m *Privileges) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -16608,7 +20268,7 @@ func (m *Privileges) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16617,6 +20277,9 @@ func (m *Privileges) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16641,7 +20304,7 @@ func (m *Privileges) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16650,6 +20313,9 @@ func (m *Privileges) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16666,7 +20332,7 @@ func (m *Privileges) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -16696,7 +20362,7 @@ func (m *Privileges_CredentialSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -16724,7 +20390,7 @@ func (m *Privileges_CredentialSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16734,6 +20400,9 @@ func (m *Privileges_CredentialSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16753,7 +20422,7 @@ func (m *Privileges_CredentialSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16763,18 +20432,53 @@ func (m *Privileges_CredentialSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.Source = &Privileges_CredentialSpec_Registry{string(dAtA[iNdEx:postIndex])}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Source = &Privileges_CredentialSpec_Config{string(dAtA[iNdEx:postIndex])}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -16804,7 +20508,7 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -16832,7 +20536,7 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16852,7 +20556,7 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16862,6 +20566,9 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16881,7 +20588,7 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16891,6 +20598,9 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16910,7 +20620,7 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16920,6 +20630,9 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16939,7 +20652,7 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -16949,6 +20662,9 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -16960,7 +20676,126 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *JobStatus) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowTypes
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: JobStatus: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: JobStatus: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field JobIteration", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.JobIteration.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LastExecution", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.LastExecution == nil {
+				m.LastExecution = &types.Timestamp{}
+			}
+			if err := m.LastExecution.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipTypes(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
@@ -16978,6 +20813,7 @@ func (m *Privileges_SELinuxContext) Unmarshal(dAtA []byte) error {
 func skipTypes(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -17009,10 +20845,8 @@ func skipTypes(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -17029,380 +20863,34 @@ func skipTypes(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthTypes
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowTypes
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipTypes(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupTypes
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthTypes
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthTypes = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowTypes   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthTypes        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowTypes          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupTypes = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("github.com/docker/swarmkit/api/types.proto", fileDescriptorTypes) }
-
-var fileDescriptorTypes = []byte{
-	// 5135 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x7a, 0x4d, 0x6c, 0x24, 0x49,
-	0x56, 0xbf, 0xeb, 0xd3, 0x55, 0xaf, 0xca, 0x76, 0x76, 0xb4, 0xb7, 0xc7, 0x5d, 0xdb, 0x63, 0xd7,
-	0xe4, 0x4c, 0xef, 0xcc, 0xf6, 0xce, 0xbf, 0xfa, 0x6b, 0x77, 0xd5, 0x33, 0xf3, 0xdf, 0x9d, 0xa9,
-	0x8f, 0x74, 0xbb, 0xb6, 0xed, 0xaa, 0x52, 0x54, 0xb9, 0x7b, 0xf7, 0x2f, 0xfd, 0x49, 0xd2, 0x99,
-	0xe1, 0x72, 0x8e, 0xb3, 0x32, 0x8a, 0xcc, 0x2c, 0xbb, 0x8b, 0x05, 0x31, 0xe2, 0x00, 0xc8, 0x27,
-	0xf6, 0x02, 0xbb, 0x42, 0x46, 0x48, 0x70, 0xe3, 0xc0, 0x01, 0x24, 0x04, 0xa7, 0x41, 0x42, 0x68,
-	0xc5, 0x05, 0x16, 0x24, 0xb4, 0x02, 0xc9, 0xb0, 0x3e, 0x70, 0x43, 0x70, 0x41, 0x5c, 0x38, 0xa0,
-	0xf8, 0xc8, 0xac, 0x74, 0x75, 0xda, 0x9e, 0x61, 0xf7, 0x62, 0x57, 0xbc, 0xf7, 0x7b, 0x2f, 0x22,
-	0x5e, 0x44, 0xbc, 0x78, 0xef, 0x45, 0xc2, 0xbd, 0xa1, 0x1d, 0x1c, 0x4c, 0xf6, 0x6a, 0x26, 0x1d,
-	0xdd, 0xb7, 0xa8, 0x79, 0x48, 0xbc, 0xfb, 0xfe, 0xb1, 0xe1, 0x8d, 0x0e, 0xed, 0xe0, 0xbe, 0x31,
-	0xb6, 0xef, 0x07, 0xd3, 0x31, 0xf1, 0x6b, 0x63, 0x8f, 0x06, 0x14, 0x21, 0x01, 0xa8, 0x85, 0x80,
-	0xda, 0xd1, 0xc3, 0xca, 0xc6, 0x90, 0xd2, 0xa1, 0x43, 0xee, 0x73, 0xc4, 0xde, 0x64, 0xff, 0x7e,
-	0x60, 0x8f, 0x88, 0x1f, 0x18, 0xa3, 0xb1, 0x10, 0xaa, 0xac, 0xcf, 0x03, 0xac, 0x89, 0x67, 0x04,
-	0x36, 0x75, 0x25, 0x7f, 0x75, 0x48, 0x87, 0x94, 0xff, 0xbc, 0xcf, 0x7e, 0x09, 0xaa, 0xba, 0x01,
-	0x8b, 0xcf, 0x89, 0xe7, 0xdb, 0xd4, 0x45, 0xab, 0x90, 0xb3, 0x5d, 0x8b, 0xbc, 0x5c, 0x4b, 0x55,
-	0x53, 0xef, 0x64, 0xb1, 0x68, 0xa8, 0x0f, 0x00, 0xda, 0xec, 0x87, 0xe6, 0x06, 0xde, 0x14, 0x29,
-	0x90, 0x39, 0x24, 0x53, 0x8e, 0x28, 0x62, 0xf6, 0x93, 0x51, 0x8e, 0x0c, 0x67, 0x2d, 0x2d, 0x28,
-	0x47, 0x86, 0xa3, 0xfe, 0x24, 0x05, 0xa5, 0xba, 0xeb, 0xd2, 0x80, 0xf7, 0xee, 0x23, 0x04, 0x59,
-	0xd7, 0x18, 0x11, 0x29, 0xc4, 0x7f, 0xa3, 0x26, 0xe4, 0x1d, 0x63, 0x8f, 0x38, 0xfe, 0x5a, 0xba,
-	0x9a, 0x79, 0xa7, 0xf4, 0xe8, 0x2b, 0xb5, 0x57, 0xa7, 0x5c, 0x8b, 0x29, 0xa9, 0x6d, 0x73, 0x34,
-	0x1f, 0x04, 0x96, 0xa2, 0xe8, 0x9b, 0xb0, 0x68, 0xbb, 0x96, 0x6d, 0x12, 0x7f, 0x2d, 0xcb, 0xb5,
-	0xac, 0x27, 0x69, 0x99, 0x8d, 0xbe, 0x91, 0xfd, 0xe1, 0xd9, 0xc6, 0x02, 0x0e, 0x85, 0x2a, 0xef,
-	0x41, 0x29, 0xa6, 0x36, 0x61, 0x6e, 0xab, 0x90, 0x3b, 0x32, 0x9c, 0x09, 0x91, 0xb3, 0x13, 0x8d,
-	0xf7, 0xd3, 0x4f, 0x52, 0xea, 0x47, 0xb0, 0xda, 0x31, 0x46, 0xc4, 0x7a, 0x4a, 0x5c, 0xe2, 0xd9,
-	0x26, 0x26, 0x3e, 0x9d, 0x78, 0x26, 0x61, 0x73, 0x3d, 0xb4, 0x5d, 0x2b, 0x9c, 0x2b, 0xfb, 0x9d,
-	0xac, 0x45, 0x6d, 0xc2, 0x6b, 0x2d, 0xdb, 0x37, 0x3d, 0x12, 0x90, 0xcf, 0xad, 0x24, 0x13, 0x2a,
-	0x39, 0x4b, 0xc1, 0xca, 0xbc, 0xf4, 0xff, 0x83, 0x9b, 0xcc, 0xc4, 0x96, 0xee, 0x49, 0x8a, 0xee,
-	0x8f, 0x89, 0xc9, 0x95, 0x95, 0x1e, 0xbd, 0x93, 0x64, 0xa1, 0xa4, 0x99, 0x6c, 0x2d, 0xe0, 0x1b,
-	0x5c, 0x4d, 0x48, 0xe8, 0x8f, 0x89, 0x89, 0x4c, 0xb8, 0x65, 0xc9, 0x41, 0xcf, 0xa9, 0x4f, 0x73,
-	0xf5, 0x89, 0xcb, 0x78, 0xc9, 0x34, 0xb7, 0x16, 0xf0, 0x6a, 0xa8, 0x2c, 0xde, 0x49, 0x03, 0xa0,
-	0x10, 0xea, 0x56, 0xbf, 0x9f, 0x82, 0x62, 0xc8, 0xf4, 0xd1, 0x97, 0xa1, 0xe8, 0x1a, 0x2e, 0xd5,
-	0xcd, 0xf1, 0xc4, 0xe7, 0x13, 0xca, 0x34, 0xca, 0xe7, 0x67, 0x1b, 0x85, 0x8e, 0xe1, 0xd2, 0x66,
-	0x6f, 0xd7, 0xc7, 0x05, 0xc6, 0x6e, 0x8e, 0x27, 0x3e, 0x7a, 0x03, 0xca, 0x23, 0x32, 0xa2, 0xde,
-	0x54, 0xdf, 0x9b, 0x06, 0xc4, 0x97, 0x66, 0x2b, 0x09, 0x5a, 0x83, 0x91, 0xd0, 0x37, 0x60, 0x71,
-	0x28, 0x86, 0xb4, 0x96, 0xe1, 0xdb, 0xe7, 0xcd, 0xa4, 0xd1, 0xcf, 0x8d, 0x1a, 0x87, 0x32, 0xea,
-	0x6f, 0xa6, 0x60, 0x35, 0xa2, 0x92, 0x5f, 0x98, 0xd8, 0x1e, 0x19, 0x11, 0x37, 0xf0, 0xd1, 0xd7,
-	0x20, 0xef, 0xd8, 0x23, 0x3b, 0xf0, 0xa5, 0xcd, 0x5f, 0x4f, 0x52, 0x1b, 0x4d, 0x0a, 0x4b, 0x30,
-	0xaa, 0x43, 0xd9, 0x23, 0x3e, 0xf1, 0x8e, 0xc4, 0x8e, 0x97, 0x16, 0xbd, 0x46, 0xf8, 0x82, 0x88,
-	0xba, 0x09, 0x85, 0x9e, 0x63, 0x04, 0xfb, 0xd4, 0x1b, 0x21, 0x15, 0xca, 0x86, 0x67, 0x1e, 0xd8,
-	0x01, 0x31, 0x83, 0x89, 0x17, 0x9e, 0xbe, 0x0b, 0x34, 0x74, 0x0b, 0xd2, 0x54, 0x74, 0x54, 0x6c,
-	0xe4, 0xcf, 0xcf, 0x36, 0xd2, 0xdd, 0x3e, 0x4e, 0x53, 0x5f, 0xfd, 0x00, 0x6e, 0xf4, 0x9c, 0xc9,
-	0xd0, 0x76, 0x5b, 0xc4, 0x37, 0x3d, 0x7b, 0xcc, 0xb4, 0xb3, 0x5d, 0xc9, 0x7c, 0x54, 0xb8, 0x2b,
-	0xd9, 0xef, 0xe8, 0x68, 0xa7, 0x67, 0x47, 0x5b, 0xfd, 0xf5, 0x34, 0xdc, 0xd0, 0xdc, 0xa1, 0xed,
-	0x92, 0xb8, 0xf4, 0x5d, 0x58, 0x26, 0x9c, 0xa8, 0x1f, 0x09, 0x77, 0x23, 0xf5, 0x2c, 0x09, 0x6a,
-	0xe8, 0x83, 0xda, 0x73, 0x7e, 0xe1, 0x61, 0xd2, 0xf4, 0x5f, 0xd1, 0x9e, 0xe8, 0x1d, 0x34, 0x58,
-	0x1c, 0xf3, 0x49, 0xf8, 0x72, 0x79, 0xef, 0x26, 0xe9, 0x7a, 0x65, 0x9e, 0xa1, 0x93, 0x90, 0xb2,
-	0x3f, 0x8d, 0x93, 0xf8, 0xeb, 0x34, 0xac, 0x74, 0xa8, 0x75, 0xc1, 0x0e, 0x15, 0x28, 0x1c, 0x50,
-	0x3f, 0x88, 0x39, 0xc4, 0xa8, 0x8d, 0x9e, 0x40, 0x61, 0x2c, 0x97, 0x4f, 0xae, 0xfe, 0x9d, 0xe4,
-	0x21, 0x0b, 0x0c, 0x8e, 0xd0, 0xe8, 0x03, 0x28, 0x86, 0x47, 0x86, 0xcd, 0xf6, 0x33, 0x6c, 0x9c,
-	0x19, 0x1e, 0x7d, 0x03, 0xf2, 0x62, 0x11, 0xd6, 0xb2, 0x5c, 0xf2, 0xee, 0x67, 0xb2, 0x39, 0x96,
-	0x42, 0xe8, 0x29, 0x14, 0x02, 0xc7, 0xd7, 0x6d, 0x77, 0x9f, 0xae, 0xe5, 0xb8, 0x82, 0x8d, 0x44,
-	0x27, 0x43, 0x2d, 0x32, 0xd8, 0xee, 0xb7, 0xdd, 0x7d, 0xda, 0x28, 0x9d, 0x9f, 0x6d, 0x2c, 0xca,
-	0x06, 0x5e, 0x0c, 0x1c, 0x9f, 0xfd, 0x40, 0x77, 0x20, 0xbb, 0x6f, 0x8f, 0xfd, 0xb5, 0x7c, 0x35,
-	0xf5, 0x4e, 0xa1, 0x51, 0x38, 0x3f, 0xdb, 0xc8, 0x6e, 0xb6, 0x7b, 0x7d, 0xcc, 0xa9, 0xea, 0xf7,
-	0x52, 0x50, 0x8a, 0xe9, 0x40, 0xaf, 0x03, 0x04, 0xde, 0xc4, 0x0f, 0x74, 0x8f, 0xd2, 0x80, 0x9b,
-	0xb2, 0x8c, 0x8b, 0x9c, 0x82, 0x29, 0x0d, 0x50, 0x0d, 0x6e, 0x9a, 0xc4, 0x0b, 0x74, 0xdb, 0xf7,
-	0x27, 0xc4, 0xd3, 0xfd, 0xc9, 0xde, 0xc7, 0xc4, 0x0c, 0xb8, 0x59, 0xcb, 0xf8, 0x06, 0x63, 0xb5,
-	0x39, 0xa7, 0x2f, 0x18, 0xe8, 0x31, 0xdc, 0x8a, 0xe3, 0xc7, 0x93, 0x3d, 0xc7, 0x36, 0x75, 0xb6,
-	0xd4, 0x19, 0x2e, 0x72, 0x73, 0x26, 0xd2, 0xe3, 0xbc, 0x67, 0x64, 0xaa, 0xfe, 0x38, 0x05, 0x0a,
-	0x36, 0xf6, 0x83, 0x1d, 0x32, 0xda, 0x23, 0x5e, 0x3f, 0x30, 0x82, 0x89, 0x8f, 0x6e, 0x41, 0xde,
-	0x21, 0x86, 0x45, 0x3c, 0x3e, 0xa8, 0x02, 0x96, 0x2d, 0xb4, 0xcb, 0xce, 0xb7, 0x61, 0x1e, 0x18,
-	0x7b, 0xb6, 0x63, 0x07, 0x53, 0x3e, 0x94, 0xe5, 0xe4, 0x0d, 0x3e, 0xaf, 0xb3, 0x86, 0x63, 0x82,
-	0xf8, 0x82, 0x1a, 0xb4, 0x06, 0x8b, 0x23, 0xe2, 0xfb, 0xc6, 0x90, 0xf0, 0x91, 0x16, 0x71, 0xd8,
-	0x54, 0x3f, 0x80, 0x72, 0x5c, 0x0e, 0x95, 0x60, 0x71, 0xb7, 0xf3, 0xac, 0xd3, 0x7d, 0xd1, 0x51,
-	0x16, 0xd0, 0x0a, 0x94, 0x76, 0x3b, 0x58, 0xab, 0x37, 0xb7, 0xea, 0x8d, 0x6d, 0x4d, 0x49, 0xa1,
-	0x25, 0x28, 0xce, 0x9a, 0x69, 0xf5, 0x8f, 0x53, 0x00, 0xcc, 0xdc, 0x72, 0x52, 0xef, 0x43, 0xce,
-	0x0f, 0x8c, 0x40, 0xec, 0xd9, 0xe5, 0x47, 0x6f, 0x5d, 0xb6, 0xc2, 0x72, 0xbc, 0xec, 0x1f, 0xc1,
-	0x42, 0x24, 0x3e, 0xc2, 0xf4, 0x85, 0x11, 0x32, 0xf7, 0x61, 0x58, 0x96, 0x27, 0x07, 0xce, 0x7f,
-	0xab, 0x1f, 0x40, 0x8e, 0x4b, 0x5f, 0x1c, 0x6e, 0x01, 0xb2, 0x2d, 0xf6, 0x2b, 0x85, 0x8a, 0x90,
-	0xc3, 0x5a, 0xbd, 0xf5, 0x1d, 0x25, 0x8d, 0x14, 0x28, 0xb7, 0xda, 0xfd, 0x66, 0xb7, 0xd3, 0xd1,
-	0x9a, 0x03, 0xad, 0xa5, 0x64, 0xd4, 0xbb, 0x90, 0x6b, 0x8f, 0x98, 0xe6, 0x3b, 0xec, 0x40, 0xec,
-	0x13, 0x8f, 0xb8, 0x66, 0x78, 0xce, 0x66, 0x04, 0xf5, 0x7b, 0x65, 0xc8, 0xed, 0xd0, 0x89, 0x1b,
-	0xa0, 0x47, 0x31, 0xa7, 0xb6, 0x9c, 0x1c, 0x3f, 0x70, 0x60, 0x6d, 0x30, 0x1d, 0x13, 0xe9, 0xf4,
-	0x6e, 0x41, 0x5e, 0x1c, 0x1d, 0x39, 0x1d, 0xd9, 0x62, 0xf4, 0xc0, 0xf0, 0x86, 0x24, 0x90, 0xf3,
-	0x91, 0x2d, 0xf4, 0x0e, 0xbb, 0xcf, 0x0c, 0x8b, 0xba, 0xce, 0x94, 0x9f, 0xb0, 0x82, 0xb8, 0xb4,
-	0x30, 0x31, 0xac, 0xae, 0xeb, 0x4c, 0x71, 0xc4, 0x45, 0x5b, 0x50, 0xde, 0xb3, 0x5d, 0x4b, 0xa7,
-	0x63, 0x71, 0x05, 0xe4, 0x2e, 0x3f, 0x8f, 0x62, 0x54, 0x0d, 0xdb, 0xb5, 0xba, 0x02, 0x8c, 0x4b,
-	0x7b, 0xb3, 0x06, 0xea, 0xc0, 0xf2, 0x11, 0x75, 0x26, 0x23, 0x12, 0xe9, 0xca, 0x73, 0x5d, 0x6f,
-	0x5f, 0xae, 0xeb, 0x39, 0xc7, 0x87, 0xda, 0x96, 0x8e, 0xe2, 0x4d, 0xf4, 0x0c, 0x96, 0x82, 0xd1,
-	0x78, 0xdf, 0x8f, 0xd4, 0x2d, 0x72, 0x75, 0x5f, 0xba, 0xc2, 0x60, 0x0c, 0x1e, 0x6a, 0x2b, 0x07,
-	0xb1, 0x16, 0x7a, 0x0a, 0x25, 0x93, 0xba, 0xbe, 0xed, 0x07, 0xc4, 0x35, 0xa7, 0x6b, 0x05, 0x6e,
-	0xfb, 0x2b, 0x66, 0xd9, 0x9c, 0x81, 0x71, 0x5c, 0xb2, 0xf2, 0xab, 0x19, 0x28, 0xc5, 0x4c, 0x80,
-	0xfa, 0x50, 0x1a, 0x7b, 0x74, 0x6c, 0x0c, 0xf9, 0x7d, 0x28, 0x17, 0xf5, 0xe1, 0x67, 0x32, 0x5f,
-	0xad, 0x37, 0x13, 0xc4, 0x71, 0x2d, 0xea, 0x69, 0x1a, 0x4a, 0x31, 0x26, 0xba, 0x07, 0x05, 0xdc,
-	0xc3, 0xed, 0xe7, 0xf5, 0x81, 0xa6, 0x2c, 0x54, 0xee, 0x9c, 0x9c, 0x56, 0xd7, 0xb8, 0xb6, 0xb8,
-	0x82, 0x9e, 0x67, 0x1f, 0xb1, 0x3d, 0xfc, 0x0e, 0x2c, 0x86, 0xd0, 0x54, 0xe5, 0x8b, 0x27, 0xa7,
-	0xd5, 0xd7, 0xe6, 0xa1, 0x31, 0x24, 0xee, 0x6f, 0xd5, 0xb1, 0xd6, 0x52, 0xd2, 0xc9, 0x48, 0xdc,
-	0x3f, 0x30, 0x3c, 0x62, 0xa1, 0x2f, 0x41, 0x5e, 0x02, 0x33, 0x95, 0xca, 0xc9, 0x69, 0xf5, 0xd6,
-	0x3c, 0x70, 0x86, 0xc3, 0xfd, 0xed, 0xfa, 0x73, 0x4d, 0xc9, 0x26, 0xe3, 0x70, 0xdf, 0x31, 0x8e,
-	0x08, 0x7a, 0x0b, 0x72, 0x02, 0x96, 0xab, 0xdc, 0x3e, 0x39, 0xad, 0x7e, 0xe1, 0x15, 0x75, 0x0c,
-	0x55, 0x59, 0xfb, 0x8d, 0xdf, 0x5f, 0x5f, 0xf8, 0xf3, 0x3f, 0x58, 0x57, 0xe6, 0xd9, 0x95, 0xff,
-	0x4e, 0xc1, 0xd2, 0x85, 0xbd, 0x83, 0x54, 0xc8, 0xbb, 0xd4, 0xa4, 0x63, 0x71, 0x4d, 0x16, 0x1a,
-	0x70, 0x7e, 0xb6, 0x91, 0xef, 0xd0, 0x26, 0x1d, 0x4f, 0xb1, 0xe4, 0xa0, 0x67, 0x73, 0x17, 0xfd,
-	0xe3, 0xcf, 0xb8, 0x31, 0x13, 0xaf, 0xfa, 0x0f, 0x61, 0xc9, 0xf2, 0xec, 0x23, 0xe2, 0xe9, 0x26,
-	0x75, 0xf7, 0xed, 0xa1, 0xbc, 0x02, 0x2b, 0x89, 0xd1, 0x28, 0x07, 0xe2, 0xb2, 0x10, 0x68, 0x72,
-	0xfc, 0x4f, 0x71, 0xc9, 0x57, 0x9e, 0x43, 0x39, 0xbe, 0xd5, 0xd9, 0xbd, 0xe4, 0xdb, 0xbf, 0x48,
-	0x64, 0xd8, 0xc9, 0x83, 0x54, 0x5c, 0x64, 0x14, 0x11, 0x74, 0xbe, 0x0d, 0xd9, 0x11, 0xb5, 0x84,
-	0x9e, 0xa5, 0xc6, 0x4d, 0x16, 0x6b, 0xfc, 0xe3, 0xd9, 0x46, 0x89, 0xfa, 0xb5, 0x4d, 0xdb, 0x21,
-	0x3b, 0xd4, 0x22, 0x98, 0x03, 0xd4, 0x1f, 0xa4, 0x20, 0xcb, 0x9c, 0x0e, 0xfa, 0x22, 0x64, 0x1b,
-	0xed, 0x4e, 0x4b, 0x59, 0xa8, 0xdc, 0x38, 0x39, 0xad, 0x2e, 0x71, 0x9b, 0x30, 0x06, 0xdb, 0xbc,
-	0x68, 0x03, 0xf2, 0xcf, 0xbb, 0xdb, 0xbb, 0x3b, 0x6c, 0x7f, 0xdd, 0x3c, 0x39, 0xad, 0xae, 0x44,
-	0x6c, 0x61, 0x35, 0xf4, 0x3a, 0xe4, 0x06, 0x3b, 0xbd, 0xcd, 0xbe, 0x92, 0xae, 0xa0, 0x93, 0xd3,
-	0xea, 0x72, 0xc4, 0xe7, 0x83, 0x46, 0x6f, 0x40, 0xae, 0xd3, 0x6b, 0xf7, 0x34, 0x25, 0x53, 0xb9,
-	0x75, 0x72, 0x5a, 0x45, 0x11, 0x9b, 0xe7, 0x04, 0x3d, 0x7b, 0x4c, 0x2a, 0x37, 0xe4, 0xca, 0x17,
-	0x23, 0x9e, 0xfa, 0xa3, 0x14, 0x94, 0x62, 0x87, 0x92, 0x6d, 0xde, 0x96, 0xb6, 0x59, 0xdf, 0xdd,
-	0x1e, 0x28, 0x0b, 0xb1, 0xcd, 0x1b, 0x83, 0xb4, 0xc8, 0xbe, 0x31, 0x71, 0x98, 0x2f, 0x84, 0x66,
-	0xb7, 0xd3, 0x6f, 0xf7, 0x07, 0x5a, 0x67, 0xa0, 0xa4, 0x2a, 0x6b, 0x27, 0xa7, 0xd5, 0xd5, 0x79,
-	0xf0, 0xe6, 0xc4, 0x71, 0xd8, 0xf6, 0x6d, 0xd6, 0x9b, 0x5b, 0xfc, 0x3c, 0xcc, 0xb6, 0x6f, 0x0c,
-	0xd5, 0x34, 0xcc, 0x03, 0x62, 0xa1, 0x77, 0xa1, 0xd8, 0xd2, 0xb6, 0xb5, 0xa7, 0x75, 0x7e, 0x03,
-	0x54, 0x5e, 0x3f, 0x39, 0xad, 0xde, 0x7e, 0xb5, 0x77, 0x87, 0x0c, 0x8d, 0x80, 0x58, 0x73, 0xdb,
-	0x38, 0x06, 0x51, 0xff, 0x33, 0x0d, 0x4b, 0x98, 0x25, 0xd4, 0x5e, 0xd0, 0xa3, 0x8e, 0x6d, 0x4e,
-	0x51, 0x0f, 0x8a, 0x26, 0x75, 0x2d, 0x3b, 0xe6, 0x4b, 0x1e, 0x5d, 0x12, 0x54, 0xcd, 0xa4, 0xc2,
-	0x56, 0x33, 0x94, 0xc4, 0x33, 0x25, 0xe8, 0x3e, 0xe4, 0x2c, 0xe2, 0x18, 0x53, 0x19, 0xdd, 0xdd,
-	0xae, 0x89, 0x94, 0xbd, 0x16, 0xa6, 0xec, 0xb5, 0x96, 0x4c, 0xd9, 0xb1, 0xc0, 0xf1, 0x2c, 0xc6,
-	0x78, 0xa9, 0x1b, 0x41, 0x40, 0x46, 0xe3, 0x40, 0x84, 0x76, 0x59, 0x5c, 0x1a, 0x19, 0x2f, 0xeb,
-	0x92, 0x84, 0x1e, 0x42, 0xfe, 0xd8, 0x76, 0x2d, 0x7a, 0x2c, 0xa3, 0xb7, 0x2b, 0x94, 0x4a, 0xa0,
-	0x7a, 0xc2, 0xc2, 0x96, 0xb9, 0x61, 0xb2, 0x6d, 0xd6, 0xe9, 0x76, 0xb4, 0x70, 0x9b, 0x49, 0x7e,
-	0xd7, 0xed, 0x50, 0x97, 0xf9, 0x08, 0xe8, 0x76, 0xf4, 0xcd, 0x7a, 0x7b, 0x7b, 0x17, 0xb3, 0xad,
-	0xb6, 0x7a, 0x72, 0x5a, 0x55, 0x22, 0xc8, 0xa6, 0x61, 0x3b, 0x2c, 0x9d, 0xb8, 0x0d, 0x99, 0x7a,
-	0xe7, 0x3b, 0x4a, 0xba, 0xa2, 0x9c, 0x9c, 0x56, 0xcb, 0x11, 0xbb, 0xee, 0x4e, 0x67, 0x76, 0x9f,
-	0xef, 0x57, 0xfd, 0x9b, 0x0c, 0x94, 0x77, 0xc7, 0x96, 0x11, 0x10, 0x71, 0x16, 0x51, 0x15, 0x4a,
-	0x63, 0xc3, 0x33, 0x1c, 0x87, 0x38, 0xb6, 0x3f, 0x92, 0xc5, 0x88, 0x38, 0x09, 0xbd, 0xf7, 0x59,
-	0xcd, 0xd8, 0x28, 0xb0, 0xf3, 0xf5, 0xfd, 0x7f, 0xde, 0x48, 0x85, 0x06, 0xdd, 0x85, 0xe5, 0x7d,
-	0x31, 0x5a, 0xdd, 0x30, 0xf9, 0xc2, 0x66, 0xf8, 0xc2, 0xd6, 0x92, 0x16, 0x36, 0x3e, 0xac, 0x9a,
-	0x9c, 0x64, 0x9d, 0x4b, 0xe1, 0xa5, 0xfd, 0x78, 0x13, 0x3d, 0x86, 0xc5, 0x11, 0x75, 0xed, 0x80,
-	0x7a, 0xd7, 0xaf, 0x42, 0x88, 0x44, 0xf7, 0xe0, 0x06, 0x5b, 0xdc, 0x70, 0x3c, 0x9c, 0xcd, 0xaf,
-	0xfc, 0x34, 0x5e, 0x19, 0x19, 0x2f, 0x65, 0x87, 0x98, 0x91, 0x51, 0x03, 0x72, 0xd4, 0x63, 0x31,
-	0x65, 0x9e, 0x0f, 0xf7, 0xdd, 0x6b, 0x87, 0x2b, 0x1a, 0x5d, 0x26, 0x83, 0x85, 0xa8, 0xfa, 0x75,
-	0x58, 0xba, 0x30, 0x09, 0x16, 0x4a, 0xf5, 0xea, 0xbb, 0x7d, 0x4d, 0x59, 0x40, 0x65, 0x28, 0x34,
-	0xbb, 0x9d, 0x41, 0xbb, 0xb3, 0xcb, 0x62, 0xc1, 0x32, 0x14, 0x70, 0x77, 0x7b, 0xbb, 0x51, 0x6f,
-	0x3e, 0x53, 0xd2, 0x6a, 0x0d, 0x4a, 0x31, 0x6d, 0x68, 0x19, 0xa0, 0x3f, 0xe8, 0xf6, 0xf4, 0xcd,
-	0x36, 0xee, 0x0f, 0x44, 0x24, 0xd9, 0x1f, 0xd4, 0xf1, 0x40, 0x12, 0x52, 0xea, 0xbf, 0xa7, 0xc3,
-	0x15, 0x95, 0xc1, 0x63, 0xe3, 0x62, 0xf0, 0x78, 0xc5, 0xe0, 0x65, 0xf8, 0x38, 0x6b, 0x44, 0x41,
-	0xe4, 0x7b, 0x00, 0x7c, 0xe3, 0x10, 0x4b, 0x37, 0x02, 0xb9, 0xf0, 0x95, 0x57, 0x8c, 0x3c, 0x08,
-	0x6b, 0x62, 0xb8, 0x28, 0xd1, 0xf5, 0x00, 0x7d, 0x03, 0xca, 0x26, 0x1d, 0x8d, 0x1d, 0x22, 0x85,
-	0x33, 0xd7, 0x0a, 0x97, 0x22, 0x7c, 0x3d, 0x88, 0x87, 0xaf, 0xd9, 0x8b, 0x01, 0xf6, 0xaf, 0xa5,
-	0x42, 0xcb, 0x24, 0x44, 0xac, 0x65, 0x28, 0xec, 0xf6, 0x5a, 0xf5, 0x41, 0xbb, 0xf3, 0x54, 0x49,
-	0x21, 0x80, 0x3c, 0x37, 0x75, 0x4b, 0x49, 0xb3, 0x48, 0xbb, 0xd9, 0xdd, 0xe9, 0x6d, 0x6b, 0xdc,
-	0x63, 0xa1, 0x55, 0x50, 0x42, 0x63, 0xeb, 0xdc, 0x90, 0x5a, 0x4b, 0xc9, 0xa2, 0x9b, 0xb0, 0x12,
-	0x51, 0xa5, 0x64, 0x0e, 0xdd, 0x02, 0x14, 0x11, 0x67, 0x2a, 0xf2, 0xea, 0x2f, 0xc3, 0x4a, 0x93,
-	0xba, 0x81, 0x61, 0xbb, 0x51, 0x16, 0xf2, 0x88, 0x4d, 0x5a, 0x92, 0x74, 0x5b, 0xd6, 0x92, 0x1a,
-	0x2b, 0xe7, 0x67, 0x1b, 0xa5, 0x08, 0xda, 0x6e, 0xf1, 0x70, 0x4a, 0x36, 0x2c, 0x76, 0x7e, 0xc7,
-	0xb6, 0xc5, 0x8d, 0x9b, 0x6b, 0x2c, 0x9e, 0x9f, 0x6d, 0x64, 0x7a, 0xed, 0x16, 0x66, 0x34, 0xf4,
-	0x45, 0x28, 0x92, 0x97, 0x76, 0xa0, 0x9b, 0xec, 0xee, 0x62, 0x06, 0xcc, 0xe1, 0x02, 0x23, 0x34,
-	0xd9, 0x55, 0xd5, 0x00, 0xe8, 0x51, 0x2f, 0x90, 0x3d, 0x7f, 0x15, 0x72, 0x63, 0xea, 0xf1, 0xea,
-	0xc7, 0xa5, 0x35, 0x39, 0x06, 0x17, 0x1b, 0x15, 0x0b, 0xb0, 0xfa, 0x83, 0x0c, 0xc0, 0xc0, 0xf0,
-	0x0f, 0xa5, 0x92, 0x27, 0x50, 0x8c, 0xea, 0x9b, 0xb2, 0x8c, 0x72, 0xe5, 0x6a, 0x47, 0x60, 0xf4,
-	0x38, 0xdc, 0x6c, 0x22, 0xbf, 0x4a, 0x4c, 0x83, 0xc3, 0x8e, 0x92, 0x52, 0x94, 0x8b, 0x49, 0x14,
-	0x0b, 0x05, 0x88, 0xe7, 0xc9, 0x95, 0x67, 0x3f, 0x51, 0x93, 0x5f, 0x0b, 0xc2, 0x68, 0x32, 0x42,
-	0x4f, 0x2c, 0x1c, 0xcd, 0xad, 0xc8, 0xd6, 0x02, 0x9e, 0xc9, 0xa1, 0x0f, 0xa1, 0xc4, 0xe6, 0xad,
-	0xfb, 0x9c, 0x27, 0x83, 0xf3, 0x4b, 0x4d, 0x25, 0x34, 0x60, 0x18, 0xcf, 0xac, 0xfc, 0x3a, 0x80,
-	0x31, 0x1e, 0x3b, 0x36, 0xb1, 0xf4, 0xbd, 0x29, 0x8f, 0xc6, 0x8b, 0xb8, 0x28, 0x29, 0x8d, 0x29,
-	0x3b, 0x2e, 0x21, 0xdb, 0x08, 0x78, 0x84, 0x7d, 0x8d, 0x01, 0x25, 0xba, 0x1e, 0x34, 0x14, 0x58,
-	0xf6, 0x26, 0x2e, 0x33, 0xa8, 0x1c, 0x9d, 0xfa, 0x47, 0x69, 0x78, 0xad, 0x43, 0x82, 0x63, 0xea,
-	0x1d, 0xd6, 0x83, 0xc0, 0x30, 0x0f, 0x46, 0xc4, 0x95, 0xcb, 0x17, 0x4b, 0x7a, 0x52, 0x17, 0x92,
-	0x9e, 0x35, 0x58, 0x34, 0x1c, 0xdb, 0xf0, 0x89, 0x08, 0xf0, 0x8a, 0x38, 0x6c, 0xb2, 0xd4, 0x8c,
-	0x25, 0x7a, 0xc4, 0xf7, 0x89, 0xa8, 0xcc, 0xb0, 0x81, 0x87, 0x04, 0xf4, 0x5d, 0xb8, 0x25, 0x43,
-	0x39, 0x23, 0xea, 0x8a, 0x25, 0x1d, 0x61, 0x89, 0x57, 0x4b, 0xcc, 0x3c, 0x93, 0x07, 0x27, 0x63,
-	0xbd, 0x19, 0xb9, 0x3b, 0x0e, 0x64, 0xe4, 0xb8, 0x6a, 0x25, 0xb0, 0x2a, 0x4f, 0xe1, 0xf6, 0xa5,
-	0x22, 0x9f, 0xab, 0xf2, 0xf3, 0xf7, 0x69, 0x80, 0x76, 0xaf, 0xbe, 0x23, 0x8d, 0xd4, 0x82, 0xfc,
-	0xbe, 0x31, 0xb2, 0x9d, 0xe9, 0x55, 0x1e, 0x70, 0x86, 0xaf, 0xd5, 0x85, 0x39, 0x36, 0xb9, 0x0c,
-	0x96, 0xb2, 0x3c, 0xef, 0x9c, 0xec, 0xb9, 0x24, 0x88, 0xf2, 0x4e, 0xde, 0x62, 0xc3, 0xf0, 0x0c,
-	0x37, 0xda, 0xba, 0xa2, 0xc1, 0x16, 0x80, 0x85, 0x3c, 0xc7, 0xc6, 0x34, 0x74, 0x5b, 0xb2, 0x89,
-	0xb6, 0x78, 0x7d, 0x95, 0x78, 0x47, 0xc4, 0x5a, 0xcb, 0x71, 0xa3, 0x5e, 0x37, 0x1e, 0x2c, 0xe1,
-	0xc2, 0x76, 0x91, 0x74, 0xe5, 0x03, 0x1e, 0x32, 0xcd, 0x58, 0x9f, 0xcb, 0x46, 0x0f, 0x60, 0xe9,
-	0xc2, 0x3c, 0x5f, 0x49, 0xf8, 0xdb, 0xbd, 0xe7, 0x5f, 0x55, 0xb2, 0xf2, 0xd7, 0xd7, 0x95, 0xbc,
-	0xfa, 0x57, 0x19, 0xe1, 0x68, 0xa4, 0x55, 0x93, 0xdf, 0x15, 0x0a, 0x7c, 0x77, 0x9b, 0xd4, 0x91,
-	0x0e, 0xe0, 0xed, 0xab, 0xfd, 0x0f, 0xcb, 0xfb, 0x38, 0x1c, 0x47, 0x82, 0x68, 0x03, 0x4a, 0x62,
-	0x17, 0xeb, 0xec, 0xc0, 0x71, 0xb3, 0x2e, 0x61, 0x10, 0x24, 0x26, 0x89, 0xee, 0xc2, 0x32, 0x2f,
-	0x10, 0xf9, 0x07, 0xc4, 0x12, 0x98, 0x2c, 0xc7, 0x2c, 0x45, 0x54, 0x0e, 0xdb, 0x81, 0xb2, 0x24,
-	0xe8, 0x3c, 0xe6, 0xcf, 0xf1, 0x01, 0xdd, 0xbb, 0x6e, 0x40, 0x42, 0x84, 0xa7, 0x02, 0xa5, 0xf1,
-	0xac, 0xa1, 0xfe, 0x3c, 0x14, 0xc2, 0xc1, 0xa2, 0x35, 0xc8, 0x0c, 0x9a, 0x3d, 0x65, 0xa1, 0xb2,
-	0x72, 0x72, 0x5a, 0x2d, 0x85, 0xe4, 0x41, 0xb3, 0xc7, 0x38, 0xbb, 0xad, 0x9e, 0x92, 0xba, 0xc8,
-	0xd9, 0x6d, 0xf5, 0x50, 0x05, 0xb2, 0xfd, 0xe6, 0xa0, 0x17, 0xc6, 0x67, 0x21, 0x8b, 0xd1, 0x2a,
-	0x59, 0x16, 0x9f, 0xa9, 0xfb, 0x50, 0x8a, 0xf5, 0x8e, 0xde, 0x84, 0xc5, 0x76, 0xe7, 0x29, 0xd6,
-	0xfa, 0x7d, 0x65, 0x41, 0xa4, 0x07, 0x31, 0x6e, 0xdb, 0x1d, 0xb2, 0xb5, 0x43, 0xaf, 0x43, 0x76,
-	0xab, 0xcb, 0xee, 0x7d, 0x91, 0x7f, 0xc4, 0x10, 0x5b, 0xd4, 0x0f, 0x2a, 0x37, 0x65, 0xe0, 0x17,
-	0x57, 0xac, 0xfe, 0x4e, 0x0a, 0xf2, 0xe2, 0xa0, 0x25, 0x2e, 0x62, 0x1d, 0x16, 0xc3, 0x32, 0x83,
-	0x48, 0x0e, 0xdf, 0xbe, 0x3c, 0x91, 0xab, 0xc9, 0xbc, 0x4b, 0x6c, 0xcd, 0x50, 0xae, 0xf2, 0x3e,
-	0x94, 0xe3, 0x8c, 0xcf, 0xb5, 0x31, 0xbf, 0x0b, 0x25, 0xb6, 0xf7, 0xc3, 0x84, 0xee, 0x11, 0xe4,
-	0x85, 0xb3, 0x88, 0xee, 0xa1, 0xcb, 0xb3, 0x4a, 0x89, 0x44, 0x4f, 0x60, 0x51, 0x64, 0xa2, 0x61,
-	0xed, 0x79, 0xfd, 0xea, 0x13, 0x86, 0x43, 0xb8, 0xfa, 0x21, 0x64, 0x7b, 0x84, 0x78, 0xcc, 0xf6,
-	0x2e, 0xb5, 0xc8, 0xec, 0xea, 0x96, 0x49, 0xb4, 0x45, 0xda, 0x2d, 0x96, 0x44, 0x5b, 0xa4, 0x6d,
-	0x45, 0xf5, 0xb3, 0x74, 0xac, 0x7e, 0x36, 0x80, 0xf2, 0x0b, 0x62, 0x0f, 0x0f, 0x02, 0x62, 0x71,
-	0x45, 0xef, 0x42, 0x76, 0x4c, 0xa2, 0xc1, 0xaf, 0x25, 0x6e, 0x3e, 0x42, 0x3c, 0xcc, 0x51, 0xcc,
-	0xc7, 0x1c, 0x73, 0x69, 0xf9, 0x60, 0x22, 0x5b, 0xea, 0xdf, 0xa5, 0x61, 0xb9, 0xed, 0xfb, 0x13,
-	0xc3, 0x35, 0xc3, 0xa8, 0xee, 0x9b, 0x17, 0xa3, 0xba, 0xc4, 0x97, 0xa5, 0x8b, 0x22, 0x17, 0xcb,
-	0x82, 0xf2, 0x66, 0x4d, 0x47, 0x37, 0xab, 0xfa, 0x6f, 0xa9, 0xb0, 0xf6, 0x77, 0x37, 0xe6, 0x0a,
-	0x44, 0x8e, 0x18, 0xd7, 0x44, 0x76, 0xdd, 0x43, 0x97, 0x1e, 0xbb, 0x2c, 0x7b, 0xc5, 0x5a, 0x47,
-	0x7b, 0xa1, 0xa4, 0xc4, 0xf6, 0xbc, 0x00, 0xc2, 0xc4, 0x25, 0xc7, 0x4c, 0x53, 0x4f, 0xeb, 0xb4,
-	0x58, 0x14, 0x96, 0x4e, 0xd0, 0xd4, 0x23, 0xae, 0x65, 0xbb, 0x43, 0xf4, 0x26, 0xe4, 0xdb, 0xfd,
-	0xfe, 0x2e, 0x4f, 0x21, 0x5f, 0x3b, 0x39, 0xad, 0xde, 0xbc, 0x80, 0xe2, 0x75, 0x5f, 0x8b, 0x81,
-	0x58, 0x0a, 0xc4, 0xe2, 0xb3, 0x04, 0x10, 0x8b, 0xad, 0x05, 0x08, 0x77, 0x07, 0xf5, 0x81, 0xa6,
-	0xe4, 0x12, 0x40, 0x98, 0xb2, 0xbf, 0xf2, 0xb8, 0xfd, 0x53, 0x1a, 0x94, 0xba, 0x69, 0x92, 0x71,
-	0xc0, 0xf8, 0x32, 0xeb, 0x1c, 0x40, 0x61, 0xcc, 0x7e, 0xd9, 0x24, 0x8c, 0xa0, 0x9e, 0x24, 0xbe,
-	0x8d, 0xce, 0xc9, 0xd5, 0x30, 0x75, 0x48, 0xdd, 0x1a, 0xd9, 0xbe, 0x6f, 0x53, 0x57, 0xd0, 0x70,
-	0xa4, 0xa9, 0xf2, 0x1f, 0x29, 0xb8, 0x99, 0x80, 0x40, 0x0f, 0x20, 0xeb, 0x51, 0x27, 0x5c, 0xc3,
-	0x3b, 0x97, 0x95, 0x75, 0x99, 0x28, 0xe6, 0x48, 0xb4, 0x0e, 0x60, 0x4c, 0x02, 0x6a, 0xf0, 0xfe,
-	0xf9, 0xea, 0x15, 0x70, 0x8c, 0x82, 0x5e, 0x40, 0xde, 0x27, 0xa6, 0x47, 0xc2, 0x38, 0xfb, 0xc3,
-	0xff, 0xed, 0xe8, 0x6b, 0x7d, 0xae, 0x06, 0x4b, 0x75, 0x95, 0x1a, 0xe4, 0x05, 0x85, 0x6d, 0x7b,
-	0xcb, 0x08, 0x0c, 0x59, 0xf4, 0xe7, 0xbf, 0xd9, 0x6e, 0x32, 0x9c, 0x61, 0xb8, 0x9b, 0x0c, 0x67,
-	0xa8, 0xfe, 0x65, 0x1a, 0x40, 0x7b, 0x19, 0x10, 0xcf, 0x35, 0x9c, 0x66, 0x1d, 0x69, 0xb1, 0x9b,
-	0x41, 0xcc, 0xf6, 0xcb, 0x89, 0xef, 0x1c, 0x91, 0x44, 0xad, 0x59, 0x4f, 0xb8, 0x1b, 0x6e, 0x43,
-	0x66, 0xe2, 0xc9, 0xe7, 0x6e, 0x11, 0x23, 0xef, 0xe2, 0x6d, 0xcc, 0x68, 0x48, 0x9b, 0xb9, 0xad,
-	0xcc, 0xe5, 0x8f, 0xda, 0xb1, 0x0e, 0x12, 0x5d, 0x17, 0x3b, 0xf9, 0xa6, 0xa1, 0x9b, 0x44, 0xde,
-	0x2a, 0x65, 0x71, 0xf2, 0x9b, 0xf5, 0x26, 0xf1, 0x02, 0x9c, 0x37, 0x0d, 0xf6, 0xff, 0xa7, 0xf2,
-	0x6f, 0xef, 0x02, 0xcc, 0xa6, 0x86, 0xd6, 0x21, 0xd7, 0xdc, 0xec, 0xf7, 0xb7, 0x95, 0x05, 0xe1,
-	0xc0, 0x67, 0x2c, 0x4e, 0x56, 0xff, 0x2c, 0x0d, 0x85, 0x66, 0x5d, 0x5e, 0xb9, 0x4d, 0x50, 0xb8,
-	0x57, 0xe2, 0x4f, 0x25, 0xe4, 0xe5, 0xd8, 0xf6, 0xa6, 0xd2, 0xb1, 0x5c, 0x91, 0xf0, 0x2e, 0x33,
-	0x11, 0x36, 0x6a, 0x8d, 0x0b, 0x20, 0x0c, 0x65, 0x22, 0x8d, 0xa0, 0x9b, 0x46, 0xe8, 0xe3, 0xd7,
-	0xaf, 0x36, 0x96, 0x48, 0x5d, 0x66, 0x6d, 0x1f, 0x97, 0x42, 0x25, 0x4d, 0xc3, 0x47, 0xef, 0xc1,
-	0x8a, 0x6f, 0x0f, 0x5d, 0xdb, 0x1d, 0xea, 0xa1, 0xf1, 0xf8, 0xbb, 0x4d, 0xe3, 0xc6, 0xf9, 0xd9,
-	0xc6, 0x52, 0x5f, 0xb0, 0xa4, 0x0d, 0x97, 0x24, 0xb2, 0xc9, 0x4d, 0x89, 0xbe, 0x0e, 0xcb, 0x31,
-	0x51, 0x66, 0x45, 0x61, 0x76, 0xe5, 0xfc, 0x6c, 0xa3, 0x1c, 0x49, 0x3e, 0x23, 0x53, 0x5c, 0x8e,
-	0x04, 0x9f, 0x11, 0x5e, 0x9b, 0xd9, 0xa7, 0x9e, 0x49, 0x74, 0x8f, 0x9f, 0x69, 0x7e, 0xbb, 0x67,
-	0x71, 0x89, 0xd3, 0xc4, 0x31, 0x57, 0x9f, 0xc3, 0xcd, 0xae, 0x67, 0x1e, 0x10, 0x3f, 0x10, 0xa6,
-	0x90, 0x56, 0xfc, 0x10, 0xee, 0x04, 0x86, 0x7f, 0xa8, 0x1f, 0xd8, 0x7e, 0x40, 0xbd, 0xa9, 0xee,
-	0x91, 0x80, 0xb8, 0x8c, 0xaf, 0xf3, 0xa7, 0x60, 0x59, 0x34, 0xbc, 0xcd, 0x30, 0x5b, 0x02, 0x82,
-	0x43, 0xc4, 0x36, 0x03, 0xa8, 0x6d, 0x28, 0xb3, 0x14, 0x46, 0x16, 0xd5, 0xd8, 0xec, 0xc1, 0xa1,
-	0x43, 0xfd, 0x33, 0x5f, 0x53, 0x45, 0x87, 0x0e, 0xc5, 0x4f, 0xf5, 0xdb, 0xa0, 0xb4, 0x6c, 0x7f,
-	0x6c, 0x04, 0xe6, 0x41, 0x58, 0x0d, 0x45, 0x2d, 0x50, 0x0e, 0x88, 0xe1, 0x05, 0x7b, 0xc4, 0x08,
-	0xf4, 0x31, 0xf1, 0x6c, 0x6a, 0x5d, 0xbf, 0xca, 0x2b, 0x91, 0x48, 0x8f, 0x4b, 0xa8, 0xff, 0x95,
-	0x02, 0xc0, 0xc6, 0x7e, 0x18, 0xad, 0x7d, 0x05, 0x6e, 0xf8, 0xae, 0x31, 0xf6, 0x0f, 0x68, 0xa0,
-	0xdb, 0x6e, 0x40, 0xbc, 0x23, 0xc3, 0x91, 0xc5, 0x1d, 0x25, 0x64, 0xb4, 0x25, 0x1d, 0xbd, 0x0b,
-	0xe8, 0x90, 0x90, 0xb1, 0x4e, 0x1d, 0x4b, 0x0f, 0x99, 0xe2, 0xa1, 0x3a, 0x8b, 0x15, 0xc6, 0xe9,
-	0x3a, 0x56, 0x3f, 0xa4, 0xa3, 0x06, 0xac, 0xb3, 0xe9, 0x13, 0x37, 0xf0, 0x6c, 0xe2, 0xeb, 0xfb,
-	0xd4, 0xd3, 0x7d, 0x87, 0x1e, 0xeb, 0xfb, 0xd4, 0x71, 0xe8, 0x31, 0xf1, 0xc2, 0xba, 0x59, 0xc5,
-	0xa1, 0x43, 0x4d, 0x80, 0x36, 0xa9, 0xd7, 0x77, 0xe8, 0xf1, 0x66, 0x88, 0x60, 0x21, 0xdd, 0x6c,
-	0xce, 0x81, 0x6d, 0x1e, 0x86, 0x21, 0x5d, 0x44, 0x1d, 0xd8, 0xe6, 0x21, 0x7a, 0x13, 0x96, 0x88,
-	0x43, 0x78, 0xf9, 0x44, 0xa0, 0x72, 0x1c, 0x55, 0x0e, 0x89, 0x0c, 0xa4, 0x7e, 0x04, 0x8a, 0xe6,
-	0x9a, 0xde, 0x74, 0x1c, 0x5b, 0xf3, 0x77, 0x01, 0x31, 0x27, 0xa9, 0x3b, 0xd4, 0x3c, 0xd4, 0x47,
-	0x86, 0x6b, 0x0c, 0xd9, 0xb8, 0xc4, 0x0b, 0xa1, 0xc2, 0x38, 0xdb, 0xd4, 0x3c, 0xdc, 0x91, 0x74,
-	0xf5, 0x3d, 0x80, 0xfe, 0xd8, 0x23, 0x86, 0xd5, 0x65, 0xd1, 0x04, 0x33, 0x1d, 0x6f, 0xe9, 0x96,
-	0x7c, 0x7f, 0xa5, 0x9e, 0x3c, 0xea, 0x8a, 0x60, 0xb4, 0x22, 0xba, 0xfa, 0xff, 0xe1, 0x66, 0xcf,
-	0x31, 0x4c, 0xfe, 0x2d, 0x42, 0x2f, 0x7a, 0xf2, 0x42, 0x4f, 0x20, 0x2f, 0xa0, 0x72, 0x25, 0x13,
-	0x8f, 0xdb, 0xac, 0xcf, 0xad, 0x05, 0x2c, 0xf1, 0x8d, 0x32, 0xc0, 0x4c, 0x8f, 0xfa, 0x27, 0x29,
-	0x28, 0x46, 0xfa, 0x51, 0x55, 0xbc, 0xe4, 0x04, 0x9e, 0x61, 0xbb, 0x32, 0xe3, 0x2f, 0xe2, 0x38,
-	0x09, 0xb5, 0xa1, 0x34, 0x8e, 0xa4, 0xaf, 0x8c, 0xe7, 0x12, 0x46, 0x8d, 0xe3, 0xb2, 0xe8, 0x7d,
-	0x28, 0x86, 0x0f, 0xde, 0xa1, 0x87, 0xbd, 0xfa, 0x7d, 0x7c, 0x06, 0x57, 0xbf, 0x09, 0xf0, 0x2d,
-	0x6a, 0xbb, 0x03, 0x7a, 0x48, 0x5c, 0xfe, 0x44, 0xcb, 0xf2, 0x45, 0x12, 0x5a, 0x51, 0xb6, 0x78,
-	0x19, 0x40, 0x2c, 0x41, 0xf4, 0x52, 0x29, 0x9a, 0xea, 0x5f, 0xa4, 0x21, 0x8f, 0x29, 0x0d, 0x9a,
-	0x75, 0x54, 0x85, 0xbc, 0xf4, 0x13, 0xfc, 0xfe, 0x69, 0x14, 0xcf, 0xcf, 0x36, 0x72, 0xc2, 0x41,
-	0xe4, 0x4c, 0xee, 0x19, 0x62, 0x1e, 0x3c, 0x7d, 0x99, 0x07, 0x47, 0x0f, 0xa0, 0x2c, 0x41, 0xfa,
-	0x81, 0xe1, 0x1f, 0x88, 0xe4, 0xad, 0xb1, 0x7c, 0x7e, 0xb6, 0x01, 0x02, 0xb9, 0x65, 0xf8, 0x07,
-	0x18, 0x04, 0x9a, 0xfd, 0x46, 0x1a, 0x94, 0x3e, 0xa6, 0xb6, 0xab, 0x07, 0x7c, 0x12, 0xb2, 0xd0,
-	0x98, 0xb8, 0x8e, 0xb3, 0xa9, 0xca, 0xaf, 0x19, 0xe0, 0xe3, 0xd9, 0xe4, 0x35, 0x58, 0xf2, 0x28,
-	0x0d, 0x84, 0xdb, 0xb2, 0xa9, 0x2b, 0x6b, 0x18, 0xd5, 0xc4, 0xd2, 0x36, 0xa5, 0x01, 0x96, 0x38,
-	0x5c, 0xf6, 0x62, 0x2d, 0xf4, 0x00, 0x56, 0x1d, 0xc3, 0x0f, 0x74, 0xee, 0xef, 0xac, 0x99, 0xb6,
-	0x3c, 0x3f, 0x6a, 0x88, 0xf1, 0x36, 0x39, 0x2b, 0x94, 0x50, 0xff, 0x21, 0x05, 0x25, 0x36, 0x19,
-	0x7b, 0xdf, 0x36, 0x59, 0x90, 0xf7, 0xf9, 0x63, 0x8f, 0xdb, 0x90, 0x31, 0x7d, 0x4f, 0x1a, 0x95,
-	0x5f, 0xbe, 0xcd, 0x3e, 0xc6, 0x8c, 0x86, 0x3e, 0x82, 0xbc, 0xac, 0xa5, 0x88, 0xb0, 0x43, 0xbd,
-	0x3e, 0x1c, 0x95, 0xb6, 0x91, 0x72, 0x7c, 0x2f, 0xcf, 0x46, 0x27, 0x2e, 0x01, 0x1c, 0x27, 0xa1,
-	0x5b, 0x90, 0x36, 0x85, 0xb9, 0xe4, 0xe7, 0x32, 0xcd, 0x0e, 0x4e, 0x9b, 0xae, 0xfa, 0xa3, 0x14,
-	0x2c, 0xcd, 0x0e, 0x3c, 0xdb, 0x01, 0x77, 0xa0, 0xe8, 0x4f, 0xf6, 0xfc, 0xa9, 0x1f, 0x90, 0x51,
-	0xf8, 0xfc, 0x1c, 0x11, 0x50, 0x1b, 0x8a, 0x86, 0x33, 0xa4, 0x9e, 0x1d, 0x1c, 0x8c, 0x64, 0x96,
-	0x9a, 0x1c, 0x2a, 0xc4, 0x75, 0xd6, 0xea, 0xa1, 0x08, 0x9e, 0x49, 0x87, 0xf7, 0xbe, 0xf8, 0x46,
-	0x81, 0xdf, 0xfb, 0x6f, 0x40, 0xd9, 0x31, 0x46, 0xbc, 0xb8, 0x14, 0xd8, 0x23, 0x31, 0x8f, 0x2c,
-	0x2e, 0x49, 0xda, 0xc0, 0x1e, 0x11, 0x55, 0x85, 0x62, 0xa4, 0x0c, 0xad, 0x40, 0xa9, 0xae, 0xf5,
-	0xf5, 0x87, 0x8f, 0x9e, 0xe8, 0x4f, 0x9b, 0x3b, 0xca, 0x82, 0x8c, 0x4d, 0xff, 0x34, 0x05, 0x4b,
-	0xd2, 0x1d, 0xc9, 0x78, 0xff, 0x4d, 0x58, 0xf4, 0x8c, 0xfd, 0x20, 0xcc, 0x48, 0xb2, 0x62, 0x57,
-	0x33, 0x0f, 0xcf, 0x32, 0x12, 0xc6, 0x4a, 0xce, 0x48, 0x62, 0x1f, 0x44, 0x64, 0xae, 0xfc, 0x20,
-	0x22, 0xfb, 0x33, 0xf9, 0x20, 0x42, 0xfd, 0x15, 0x80, 0x4d, 0xdb, 0x21, 0x03, 0x51, 0x87, 0x4a,
-	0xca, 0x2f, 0x59, 0x0c, 0x27, 0xeb, 0x9c, 0x61, 0x0c, 0xd7, 0x6e, 0x61, 0x46, 0x63, 0xac, 0xa1,
-	0x6d, 0xc9, 0xc3, 0xc8, 0x59, 0x4f, 0x19, 0x6b, 0x68, 0x5b, 0xd1, 0xcb, 0x5d, 0xf6, 0xba, 0x97,
-	0xbb, 0xd3, 0x14, 0xac, 0xc8, 0xd8, 0x35, 0x72, 0xbf, 0x5f, 0x86, 0xa2, 0x08, 0x63, 0x67, 0x09,
-	0x1d, 0xff, 0x08, 0x40, 0xe0, 0xda, 0x2d, 0x5c, 0x10, 0xec, 0xb6, 0x85, 0x36, 0xa0, 0x24, 0xa1,
-	0xb1, 0x4f, 0xab, 0x40, 0x90, 0x3a, 0x6c, 0xf8, 0x5f, 0x85, 0xec, 0xbe, 0xed, 0x10, 0xb9, 0xd1,
-	0x13, 0x1d, 0xc0, 0xcc, 0x00, 0x5b, 0x0b, 0x98, 0xa3, 0x1b, 0x85, 0xb0, 0x50, 0xc7, 0xc7, 0x27,
-	0xd3, 0xce, 0xf8, 0xf8, 0x44, 0x06, 0x3a, 0x37, 0x3e, 0x81, 0x63, 0xe3, 0x13, 0x6c, 0x31, 0x3e,
-	0x09, 0x8d, 0x8f, 0x4f, 0x90, 0x7e, 0x26, 0xe3, 0xdb, 0x86, 0x5b, 0x0d, 0xc7, 0x30, 0x0f, 0x1d,
-	0xdb, 0x0f, 0x88, 0x15, 0xf7, 0x18, 0x8f, 0x20, 0x7f, 0x21, 0xe8, 0xbc, 0xaa, 0xa2, 0x29, 0x91,
-	0xea, 0xbf, 0xa6, 0xa0, 0xbc, 0x45, 0x0c, 0x27, 0x38, 0x98, 0x95, 0x8d, 0x02, 0xe2, 0x07, 0xf2,
-	0xb2, 0xe2, 0xbf, 0xd1, 0xd7, 0xa0, 0x10, 0xc5, 0x24, 0xd7, 0xbe, 0xcd, 0x45, 0x50, 0xf4, 0x18,
-	0x16, 0xd9, 0x19, 0xa3, 0x93, 0x30, 0xd9, 0xb9, 0xea, 0xd9, 0x47, 0x22, 0xd9, 0x25, 0xe3, 0x11,
-	0x1e, 0x84, 0xf0, 0xad, 0x94, 0xc3, 0x61, 0x13, 0xfd, 0x5f, 0x28, 0xf3, 0x57, 0x8b, 0x30, 0xe6,
-	0xca, 0x5d, 0xa7, 0xb3, 0x24, 0x1e, 0x1e, 0x45, 0xbc, 0xf5, 0x87, 0x69, 0x58, 0xdd, 0x31, 0xa6,
-	0x7b, 0x44, 0xba, 0x0d, 0x62, 0x61, 0x62, 0x52, 0xcf, 0x42, 0xbd, 0xb8, 0xbb, 0xb9, 0xe2, 0x1d,
-	0x33, 0x49, 0x38, 0xd9, 0xeb, 0x84, 0x09, 0x58, 0x3a, 0x96, 0x80, 0xad, 0x42, 0xce, 0xa5, 0xae,
-	0x49, 0xa4, 0x2f, 0x12, 0x0d, 0xf5, 0xb7, 0x52, 0x71, 0x5f, 0x53, 0x89, 0xde, 0x18, 0x79, 0x05,
-	0xaa, 0x43, 0x83, 0xa8, 0x3b, 0xf4, 0x11, 0x54, 0xfa, 0x5a, 0x13, 0x6b, 0x83, 0x46, 0xf7, 0xdb,
-	0x7a, 0xbf, 0xbe, 0xdd, 0xaf, 0x3f, 0x7a, 0xa0, 0xf7, 0xba, 0xdb, 0xdf, 0x79, 0xf8, 0xf8, 0xc1,
-	0xd7, 0x94, 0x54, 0xa5, 0x7a, 0x72, 0x5a, 0xbd, 0xd3, 0xa9, 0x37, 0xb7, 0xc5, 0x91, 0xd9, 0xa3,
-	0x2f, 0xfb, 0x86, 0xe3, 0x1b, 0x8f, 0x1e, 0xf4, 0xa8, 0x33, 0x65, 0x18, 0xf4, 0x15, 0x40, 0x9b,
-	0x1a, 0xee, 0x68, 0x03, 0x3d, 0x74, 0x68, 0xcd, 0x46, 0x53, 0x49, 0x8b, 0xb4, 0x66, 0x93, 0x78,
-	0x2e, 0x09, 0xea, 0x5a, 0xff, 0xe1, 0xa3, 0x27, 0xcd, 0x46, 0x93, 0x1d, 0x82, 0x72, 0xfc, 0x76,
-	0x8b, 0x5f, 0xda, 0xa9, 0x4b, 0x2f, 0xed, 0xd9, 0xdd, 0x9f, 0xbe, 0xe4, 0xee, 0xdf, 0x84, 0x55,
-	0xd3, 0xa3, 0xbe, 0xaf, 0xb3, 0x5c, 0x81, 0x58, 0x73, 0xd9, 0xc8, 0x17, 0xce, 0xcf, 0x36, 0x6e,
-	0x34, 0x19, 0xbf, 0xcf, 0xd9, 0x52, 0xfd, 0x0d, 0x33, 0x46, 0xe2, 0x3d, 0xa9, 0xbf, 0x9b, 0x61,
-	0x61, 0x97, 0x7d, 0x64, 0x3b, 0x64, 0x48, 0x7c, 0xf4, 0x1c, 0x56, 0x4c, 0x8f, 0x58, 0x2c, 0x09,
-	0x30, 0x9c, 0xf8, 0x07, 0xbd, 0xff, 0x27, 0x31, 0x02, 0x8a, 0x04, 0x6b, 0xcd, 0x48, 0xaa, 0x3f,
-	0x26, 0x26, 0x5e, 0x36, 0x2f, 0xb4, 0xd1, 0xc7, 0xb0, 0xe2, 0x13, 0xc7, 0x76, 0x27, 0x2f, 0x75,
-	0x93, 0xba, 0x01, 0x79, 0x19, 0xbe, 0xad, 0x5d, 0xa7, 0xb7, 0xaf, 0x6d, 0x33, 0xa9, 0xa6, 0x10,
-	0x6a, 0xa0, 0xf3, 0xb3, 0x8d, 0xe5, 0x8b, 0x34, 0xbc, 0x2c, 0x35, 0xcb, 0x76, 0xa5, 0x03, 0xcb,
-	0x17, 0x47, 0x83, 0x56, 0xa5, 0xa7, 0xe0, 0x0e, 0x27, 0xf4, 0x04, 0xe8, 0x0e, 0x14, 0x3c, 0x32,
-	0xb4, 0xfd, 0xc0, 0x13, 0x66, 0x66, 0x9c, 0x88, 0xc2, 0xfc, 0x84, 0xf8, 0xde, 0xaa, 0xf2, 0x4b,
-	0x30, 0xd7, 0x23, 0x3b, 0x5a, 0x96, 0xed, 0x1b, 0x7b, 0x52, 0x65, 0x01, 0x87, 0x4d, 0xb6, 0x63,
-	0x27, 0x7e, 0x14, 0xd6, 0xf1, 0xdf, 0x8c, 0xc6, 0xe3, 0x0f, 0xf9, 0xf5, 0x19, 0x8f, 0x30, 0xc2,
-	0x8f, 0x5c, 0xb3, 0xb1, 0x8f, 0x5c, 0x57, 0x21, 0xe7, 0x90, 0x23, 0xe2, 0x88, 0x9b, 0x1f, 0x8b,
-	0xc6, 0xbd, 0x07, 0x50, 0x0e, 0xbf, 0xa6, 0xe4, 0x9f, 0x69, 0x14, 0x20, 0x3b, 0xa8, 0xf7, 0x9f,
-	0x29, 0x0b, 0x08, 0x20, 0x2f, 0x76, 0xb2, 0x78, 0xf7, 0x6b, 0x76, 0x3b, 0x9b, 0xed, 0xa7, 0x4a,
-	0xfa, 0xde, 0x6f, 0x67, 0xa1, 0x18, 0xbd, 0x3c, 0xb1, 0x9b, 0xa6, 0xa3, 0xbd, 0x08, 0x8f, 0x42,
-	0x44, 0xef, 0x90, 0x63, 0xf4, 0xc6, 0xac, 0x66, 0xf5, 0x91, 0x78, 0x6a, 0x8f, 0xd8, 0x61, 0xbd,
-	0xea, 0x2d, 0x28, 0xd4, 0xfb, 0xfd, 0xf6, 0xd3, 0x8e, 0xd6, 0x52, 0x3e, 0x4d, 0x55, 0xbe, 0x70,
-	0x72, 0x5a, 0xbd, 0x11, 0x81, 0xea, 0xbe, 0xd8, 0x7c, 0x1c, 0xd5, 0x6c, 0x6a, 0xbd, 0x81, 0xd6,
-	0x52, 0x3e, 0x49, 0xcf, 0xa3, 0x78, 0x0d, 0x86, 0x7f, 0x28, 0x54, 0xec, 0x61, 0xad, 0x57, 0xc7,
-	0xac, 0xc3, 0x4f, 0xd3, 0xa2, 0x94, 0x36, 0xeb, 0xd1, 0x23, 0x63, 0xc3, 0x63, 0x7d, 0xae, 0x87,
-	0x5f, 0xde, 0x7d, 0x92, 0x11, 0xdf, 0x92, 0xcc, 0x9e, 0xd1, 0x88, 0x61, 0x4d, 0x59, 0x6f, 0xfc,
-	0xfd, 0x92, 0xab, 0xc9, 0xcc, 0xf5, 0xd6, 0x67, 0x9e, 0x8a, 0x69, 0x51, 0x61, 0x11, 0xef, 0x76,
-	0x3a, 0x0c, 0xf4, 0x49, 0x76, 0x6e, 0x76, 0x78, 0xe2, 0xb2, 0xfc, 0x1a, 0xdd, 0x85, 0x42, 0xf8,
-	0xbc, 0xa9, 0x7c, 0x9a, 0x9d, 0x1b, 0x50, 0x33, 0x7c, 0x9b, 0xe5, 0x1d, 0x6e, 0xed, 0x0e, 0xf8,
-	0x87, 0x81, 0x9f, 0xe4, 0xe6, 0x3b, 0x3c, 0x98, 0x04, 0x16, 0x3d, 0x76, 0xd9, 0x99, 0x95, 0x55,
-	0xbb, 0x4f, 0x73, 0xc2, 0x17, 0x44, 0x18, 0x59, 0xb2, 0x7b, 0x0b, 0x0a, 0x58, 0xfb, 0x96, 0xf8,
-	0x86, 0xf0, 0x93, 0xfc, 0x9c, 0x1e, 0x4c, 0x3e, 0x26, 0x26, 0xeb, 0xad, 0x0a, 0x79, 0xac, 0xed,
-	0x74, 0x9f, 0x6b, 0xca, 0xef, 0xe5, 0xe7, 0xf4, 0x60, 0x32, 0xa2, 0xfc, 0x4b, 0xaa, 0x42, 0x17,
-	0xf7, 0xb6, 0xea, 0x7c, 0x51, 0xe6, 0xf5, 0x74, 0xbd, 0xf1, 0x81, 0xe1, 0x12, 0x6b, 0xf6, 0x3d,
-	0x4d, 0xc4, 0xba, 0xf7, 0x73, 0x50, 0x08, 0x23, 0x5d, 0xb4, 0x0e, 0xf9, 0x17, 0x5d, 0xfc, 0x4c,
-	0xc3, 0xca, 0x82, 0xb0, 0x72, 0xc8, 0x79, 0x21, 0x72, 0x94, 0x2a, 0x2c, 0xee, 0xd4, 0x3b, 0xf5,
-	0xa7, 0x1a, 0x0e, 0x4b, 0xee, 0x21, 0x40, 0x86, 0x6b, 0x15, 0x45, 0x76, 0x10, 0xe9, 0x6c, 0xac,
-	0xfd, 0xf0, 0x27, 0xeb, 0x0b, 0x3f, 0xfe, 0xc9, 0xfa, 0xc2, 0x27, 0xe7, 0xeb, 0xa9, 0x1f, 0x9e,
-	0xaf, 0xa7, 0xfe, 0xf6, 0x7c, 0x3d, 0xf5, 0x2f, 0xe7, 0xeb, 0xa9, 0xbd, 0x3c, 0xbf, 0x54, 0x1e,
-	0xff, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xac, 0xef, 0xe8, 0x11, 0x9e, 0x32, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/api/types.proto b/vendor/github.com/docker/swarmkit/api/types.proto
index e075534a07821..bdd1972ca9889 100644
--- a/vendor/github.com/docker/swarmkit/api/types.proto
+++ b/vendor/github.com/docker/swarmkit/api/types.proto
@@ -4,6 +4,7 @@ package docker.swarmkit.v1;
 
 import "google/protobuf/timestamp.proto";
 import "google/protobuf/duration.proto";
+import "google/protobuf/wrappers.proto";
 import "gogoproto/gogo.proto";
 
 // This file contains types that are common to objects and spec or that are not
@@ -77,6 +78,17 @@ message Resources {
 message ResourceRequirements {
 	Resources limits = 1;
 	Resources reservations = 2;
+
+	// Amount of swap in bytes - can only be used together with a memory limit
+	// -1 means unlimited
+	// a null pointer indicates that the default behaviour of granting twice
+	// the memory is maintained
+	google.protobuf.Int64Value swap_bytes = 3;
+
+	// Tune container memory swappiness (0 to 100) - if not specified, defaults
+	// to the container OS's default - generally 60, or the value predefined in
+	// the image; set to -1 to unset a previously set value
+	google.protobuf.Int64Value memory_swappiness = 4;
 }
 
 message Platform {
@@ -246,6 +258,8 @@ message Mount {
 
 		// Propagation mode of mount.
 		Propagation propagation = 1;
+		// allows non-recursive bind-mount, i.e. mount(2) with "bind" rather than "rbind".
+		bool nonrecursive = 2 [(gogoproto.customname) = "NonRecursive"];
 	}
 
 	// VolumeOptions contains parameters for mounting the volume.
@@ -277,6 +291,8 @@ message Mount {
 		// Mode of the tmpfs upon creation
 		uint32 mode = 2 [(gogoproto.customtype) = "os.FileMode", (gogoproto.nullable) = false];
 
+		// Options passed to tmpfs mount
+		string options = 3;
 		// TODO(stevvooe): There are several more tmpfs flags, specified in the
 		// daemon, that are accepted. Only the most basic are added for now.
 		//
@@ -862,6 +878,9 @@ message Placement {
 	// This field is used in the platform filter for scheduling. If empty,
 	// then the platform filter is off, meaning there are no scheduling restrictions.
 	repeated Platform platforms = 3;
+
+	// MaxReplicas specifies the limit for maximum number of replicas running on one node.
+	uint64 max_replicas = 4;
 }
 
 // JoinToken contains the join tokens for workers and managers.
@@ -971,6 +990,12 @@ message FileTarget {
 	uint32 mode = 4 [(gogoproto.customtype) = "os.FileMode", (gogoproto.nullable) = false];
 }
 
+// RuntimeTarget represents that this secret is _not_ mounted into the
+// container, but is used for some other purpose by the container runtime.
+//
+// Currently, RuntimeTarget has no fields; it's just a placeholder.
+message RuntimeTarget {}
+
 // SecretReference is the linkage between a service and a secret that it uses.
 message SecretReference {
 	// SecretID represents the ID of the specific Secret that we're
@@ -998,9 +1023,10 @@ message ConfigReference {
 	// lookup/display purposes. The config in the reference will be identified by its ID.
 	string config_name = 2;
 
-	// Target specifies how this secret should be exposed to the task.
+	// Target specifies how this config should be exposed to the task.
 	oneof target {
 		FileTarget file = 3;
+		RuntimeTarget runtime = 4;
 	}
 }
 
@@ -1070,6 +1096,10 @@ message Privileges {
 		oneof source {
 			string file = 1;
 			string registry = 2;
+
+			// Config represents a Config ID from which to get the CredentialSpec.
+			// The Config MUST be included in the SecretReferences with a RuntimeTarget
+			string config = 3;
 		}
 	}
 	CredentialSpec credential_spec = 1;
@@ -1085,3 +1115,19 @@ message Privileges {
 	}
 	SELinuxContext selinux_context = 2 [(gogoproto.customname) = "SELinuxContext"];
 }
+
+// JobStatus indicates the status of a Service that is in one of the Job modes.
+message JobStatus {
+	// JobIteration is the count of how many times the Job has been excecuted,
+	// successfully or otherwise. "Executed" refers to the job as a whole being
+	// started, not to the individual Tasks being launched. This is used to
+	// disambiguate which Tasks belong to which iteration of a Job.
+	Version job_iteration = 1 [(gogoproto.nullable) = false];
+
+	// LastExecution is the time that the job was last executed. This is set by
+	// the orchestrator in the same transaction that JobIteration is incremented.
+	// While time is a fungible concept in distributed systems like Swarmkit,
+	// this value gives us a best-effort attempt to prevent weird behavior like
+	// newly added nodes executing long-forgotten jobs.
+	google.protobuf.Timestamp last_execution = 2;
+}
diff --git a/vendor/github.com/docker/swarmkit/api/watch.pb.go b/vendor/github.com/docker/swarmkit/api/watch.pb.go
index 9d152514cc3c1..cdae947d607d7 100644
--- a/vendor/github.com/docker/swarmkit/api/watch.pb.go
+++ b/vendor/github.com/docker/swarmkit/api/watch.pb.go
@@ -3,34 +3,38 @@
 
 package api
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/docker/swarmkit/protobuf/plugin"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import raftselector "github.com/docker/swarmkit/manager/raftselector"
-import codes "google.golang.org/grpc/codes"
-import status "google.golang.org/grpc/status"
-import metadata "google.golang.org/grpc/metadata"
-import peer "google.golang.org/grpc/peer"
-import rafttime "time"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	raftselector "github.com/docker/swarmkit/manager/raftselector"
+	_ "github.com/docker/swarmkit/protobuf/plugin"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	metadata "google.golang.org/grpc/metadata"
+	peer "google.golang.org/grpc/peer"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+	rafttime "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 // WatchActionKind distinguishes between creations, updates, and removals. It
 // is structured as a bitmap so multiple kinds of events can be requested with
 // a mask.
@@ -49,6 +53,7 @@ var WatchActionKind_name = map[int32]string{
 	2: "WATCH_ACTION_UPDATE",
 	4: "WATCH_ACTION_REMOVE",
 }
+
 var WatchActionKind_value = map[string]int32{
 	"WATCH_ACTION_UNKNOWN": 0,
 	"WATCH_ACTION_CREATE":  1,
@@ -59,7 +64,10 @@ var WatchActionKind_value = map[string]int32{
 func (x WatchActionKind) String() string {
 	return proto.EnumName(WatchActionKind_name, int32(x))
 }
-func (WatchActionKind) EnumDescriptor() ([]byte, []int) { return fileDescriptorWatch, []int{0} }
+
+func (WatchActionKind) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{0}
+}
 
 type Object struct {
 	// Types that are valid to be assigned to Object:
@@ -75,9 +83,37 @@ type Object struct {
 	Object isObject_Object `protobuf_oneof:"Object"`
 }
 
-func (m *Object) Reset()                    { *m = Object{} }
-func (*Object) ProtoMessage()               {}
-func (*Object) Descriptor() ([]byte, []int) { return fileDescriptorWatch, []int{0} }
+func (m *Object) Reset()      { *m = Object{} }
+func (*Object) ProtoMessage() {}
+func (*Object) Descriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{0}
+}
+func (m *Object) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Object) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Object.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Object) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Object.Merge(m, src)
+}
+func (m *Object) XXX_Size() int {
+	return m.Size()
+}
+func (m *Object) XXX_DiscardUnknown() {
+	xxx_messageInfo_Object.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Object proto.InternalMessageInfo
 
 type isObject_Object interface {
 	isObject_Object()
@@ -86,31 +122,31 @@ type isObject_Object interface {
 }
 
 type Object_Node struct {
-	Node *Node `protobuf:"bytes,1,opt,name=node,oneof"`
+	Node *Node `protobuf:"bytes,1,opt,name=node,proto3,oneof" json:"node,omitempty"`
 }
 type Object_Service struct {
-	Service *Service `protobuf:"bytes,2,opt,name=service,oneof"`
+	Service *Service `protobuf:"bytes,2,opt,name=service,proto3,oneof" json:"service,omitempty"`
 }
 type Object_Network struct {
-	Network *Network `protobuf:"bytes,3,opt,name=network,oneof"`
+	Network *Network `protobuf:"bytes,3,opt,name=network,proto3,oneof" json:"network,omitempty"`
 }
 type Object_Task struct {
-	Task *Task `protobuf:"bytes,4,opt,name=task,oneof"`
+	Task *Task `protobuf:"bytes,4,opt,name=task,proto3,oneof" json:"task,omitempty"`
 }
 type Object_Cluster struct {
-	Cluster *Cluster `protobuf:"bytes,5,opt,name=cluster,oneof"`
+	Cluster *Cluster `protobuf:"bytes,5,opt,name=cluster,proto3,oneof" json:"cluster,omitempty"`
 }
 type Object_Secret struct {
-	Secret *Secret `protobuf:"bytes,6,opt,name=secret,oneof"`
+	Secret *Secret `protobuf:"bytes,6,opt,name=secret,proto3,oneof" json:"secret,omitempty"`
 }
 type Object_Resource struct {
-	Resource *Resource `protobuf:"bytes,7,opt,name=resource,oneof"`
+	Resource *Resource `protobuf:"bytes,7,opt,name=resource,proto3,oneof" json:"resource,omitempty"`
 }
 type Object_Extension struct {
-	Extension *Extension `protobuf:"bytes,8,opt,name=extension,oneof"`
+	Extension *Extension `protobuf:"bytes,8,opt,name=extension,proto3,oneof" json:"extension,omitempty"`
 }
 type Object_Config struct {
-	Config *Config `protobuf:"bytes,9,opt,name=config,oneof"`
+	Config *Config `protobuf:"bytes,9,opt,name=config,proto3,oneof" json:"config,omitempty"`
 }
 
 func (*Object_Node) isObject_Object()      {}
@@ -193,9 +229,9 @@ func (m *Object) GetConfig() *Config {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Object) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _Object_OneofMarshaler, _Object_OneofUnmarshaler, _Object_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Object) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*Object_Node)(nil),
 		(*Object_Service)(nil),
 		(*Object_Network)(nil),
@@ -208,198 +244,6 @@ func (*Object) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error,
 	}
 }
 
-func _Object_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*Object)
-	// Object
-	switch x := m.Object.(type) {
-	case *Object_Node:
-		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Node); err != nil {
-			return err
-		}
-	case *Object_Service:
-		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Service); err != nil {
-			return err
-		}
-	case *Object_Network:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Network); err != nil {
-			return err
-		}
-	case *Object_Task:
-		_ = b.EncodeVarint(4<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Task); err != nil {
-			return err
-		}
-	case *Object_Cluster:
-		_ = b.EncodeVarint(5<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Cluster); err != nil {
-			return err
-		}
-	case *Object_Secret:
-		_ = b.EncodeVarint(6<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Secret); err != nil {
-			return err
-		}
-	case *Object_Resource:
-		_ = b.EncodeVarint(7<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Resource); err != nil {
-			return err
-		}
-	case *Object_Extension:
-		_ = b.EncodeVarint(8<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Extension); err != nil {
-			return err
-		}
-	case *Object_Config:
-		_ = b.EncodeVarint(9<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Config); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("Object.Object has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _Object_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*Object)
-	switch tag {
-	case 1: // Object.node
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Node)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Node{msg}
-		return true, err
-	case 2: // Object.service
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Service)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Service{msg}
-		return true, err
-	case 3: // Object.network
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Network)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Network{msg}
-		return true, err
-	case 4: // Object.task
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Task)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Task{msg}
-		return true, err
-	case 5: // Object.cluster
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Cluster)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Cluster{msg}
-		return true, err
-	case 6: // Object.secret
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Secret)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Secret{msg}
-		return true, err
-	case 7: // Object.resource
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Resource)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Resource{msg}
-		return true, err
-	case 8: // Object.extension
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Extension)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Extension{msg}
-		return true, err
-	case 9: // Object.config
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Config)
-		err := b.DecodeMessage(msg)
-		m.Object = &Object_Config{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _Object_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*Object)
-	// Object
-	switch x := m.Object.(type) {
-	case *Object_Node:
-		s := proto.Size(x.Node)
-		n += proto.SizeVarint(1<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Object_Service:
-		s := proto.Size(x.Service)
-		n += proto.SizeVarint(2<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Object_Network:
-		s := proto.Size(x.Network)
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Object_Task:
-		s := proto.Size(x.Task)
-		n += proto.SizeVarint(4<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Object_Cluster:
-		s := proto.Size(x.Cluster)
-		n += proto.SizeVarint(5<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Object_Secret:
-		s := proto.Size(x.Secret)
-		n += proto.SizeVarint(6<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Object_Resource:
-		s := proto.Size(x.Resource)
-		n += proto.SizeVarint(7<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Object_Extension:
-		s := proto.Size(x.Extension)
-		n += proto.SizeVarint(8<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Object_Config:
-		s := proto.Size(x.Config)
-		n += proto.SizeVarint(9<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // FIXME(aaronl): These messages should ideally be embedded in SelectBy, but
 // protoc generates bad code for that.
 type SelectBySlot struct {
@@ -407,9 +251,37 @@ type SelectBySlot struct {
 	Slot      uint64 `protobuf:"varint,2,opt,name=slot,proto3" json:"slot,omitempty"`
 }
 
-func (m *SelectBySlot) Reset()                    { *m = SelectBySlot{} }
-func (*SelectBySlot) ProtoMessage()               {}
-func (*SelectBySlot) Descriptor() ([]byte, []int) { return fileDescriptorWatch, []int{1} }
+func (m *SelectBySlot) Reset()      { *m = SelectBySlot{} }
+func (*SelectBySlot) ProtoMessage() {}
+func (*SelectBySlot) Descriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{1}
+}
+func (m *SelectBySlot) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SelectBySlot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SelectBySlot.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SelectBySlot) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SelectBySlot.Merge(m, src)
+}
+func (m *SelectBySlot) XXX_Size() int {
+	return m.Size()
+}
+func (m *SelectBySlot) XXX_DiscardUnknown() {
+	xxx_messageInfo_SelectBySlot.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SelectBySlot proto.InternalMessageInfo
 
 type SelectByCustom struct {
 	Kind  string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
@@ -417,9 +289,37 @@ type SelectByCustom struct {
 	Value string `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
 }
 
-func (m *SelectByCustom) Reset()                    { *m = SelectByCustom{} }
-func (*SelectByCustom) ProtoMessage()               {}
-func (*SelectByCustom) Descriptor() ([]byte, []int) { return fileDescriptorWatch, []int{2} }
+func (m *SelectByCustom) Reset()      { *m = SelectByCustom{} }
+func (*SelectByCustom) ProtoMessage() {}
+func (*SelectByCustom) Descriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{2}
+}
+func (m *SelectByCustom) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SelectByCustom) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SelectByCustom.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SelectByCustom) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SelectByCustom.Merge(m, src)
+}
+func (m *SelectByCustom) XXX_Size() int {
+	return m.Size()
+}
+func (m *SelectByCustom) XXX_DiscardUnknown() {
+	xxx_messageInfo_SelectByCustom.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SelectByCustom proto.InternalMessageInfo
 
 type SelectBy struct {
 	// TODO(aaronl): Are all of these things we want to expose in
@@ -446,9 +346,37 @@ type SelectBy struct {
 	By isSelectBy_By `protobuf_oneof:"By"`
 }
 
-func (m *SelectBy) Reset()                    { *m = SelectBy{} }
-func (*SelectBy) ProtoMessage()               {}
-func (*SelectBy) Descriptor() ([]byte, []int) { return fileDescriptorWatch, []int{3} }
+func (m *SelectBy) Reset()      { *m = SelectBy{} }
+func (*SelectBy) ProtoMessage() {}
+func (*SelectBy) Descriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{3}
+}
+func (m *SelectBy) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SelectBy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SelectBy.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SelectBy) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SelectBy.Merge(m, src)
+}
+func (m *SelectBy) XXX_Size() int {
+	return m.Size()
+}
+func (m *SelectBy) XXX_DiscardUnknown() {
+	xxx_messageInfo_SelectBy.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SelectBy proto.InternalMessageInfo
 
 type isSelectBy_By interface {
 	isSelectBy_By()
@@ -457,52 +385,52 @@ type isSelectBy_By interface {
 }
 
 type SelectBy_ID struct {
-	ID string `protobuf:"bytes,1,opt,name=id,proto3,oneof"`
+	ID string `protobuf:"bytes,1,opt,name=id,proto3,oneof" json:"id,omitempty"`
 }
 type SelectBy_IDPrefix struct {
-	IDPrefix string `protobuf:"bytes,2,opt,name=id_prefix,json=idPrefix,proto3,oneof"`
+	IDPrefix string `protobuf:"bytes,2,opt,name=id_prefix,json=idPrefix,proto3,oneof" json:"id_prefix,omitempty"`
 }
 type SelectBy_Name struct {
-	Name string `protobuf:"bytes,3,opt,name=name,proto3,oneof"`
+	Name string `protobuf:"bytes,3,opt,name=name,proto3,oneof" json:"name,omitempty"`
 }
 type SelectBy_NamePrefix struct {
-	NamePrefix string `protobuf:"bytes,4,opt,name=name_prefix,json=namePrefix,proto3,oneof"`
+	NamePrefix string `protobuf:"bytes,4,opt,name=name_prefix,json=namePrefix,proto3,oneof" json:"name_prefix,omitempty"`
 }
 type SelectBy_Custom struct {
-	Custom *SelectByCustom `protobuf:"bytes,5,opt,name=custom,oneof"`
+	Custom *SelectByCustom `protobuf:"bytes,5,opt,name=custom,proto3,oneof" json:"custom,omitempty"`
 }
 type SelectBy_CustomPrefix struct {
-	CustomPrefix *SelectByCustom `protobuf:"bytes,6,opt,name=custom_prefix,json=customPrefix,oneof"`
+	CustomPrefix *SelectByCustom `protobuf:"bytes,6,opt,name=custom_prefix,json=customPrefix,proto3,oneof" json:"custom_prefix,omitempty"`
 }
 type SelectBy_ServiceID struct {
-	ServiceID string `protobuf:"bytes,7,opt,name=service_id,json=serviceId,proto3,oneof"`
+	ServiceID string `protobuf:"bytes,7,opt,name=service_id,json=serviceId,proto3,oneof" json:"service_id,omitempty"`
 }
 type SelectBy_NodeID struct {
-	NodeID string `protobuf:"bytes,8,opt,name=node_id,json=nodeId,proto3,oneof"`
+	NodeID string `protobuf:"bytes,8,opt,name=node_id,json=nodeId,proto3,oneof" json:"node_id,omitempty"`
 }
 type SelectBy_Slot struct {
-	Slot *SelectBySlot `protobuf:"bytes,9,opt,name=slot,oneof"`
+	Slot *SelectBySlot `protobuf:"bytes,9,opt,name=slot,proto3,oneof" json:"slot,omitempty"`
 }
 type SelectBy_DesiredState struct {
-	DesiredState TaskState `protobuf:"varint,10,opt,name=desired_state,json=desiredState,proto3,enum=docker.swarmkit.v1.TaskState,oneof"`
+	DesiredState TaskState `protobuf:"varint,10,opt,name=desired_state,json=desiredState,proto3,enum=docker.swarmkit.v1.TaskState,oneof" json:"desired_state,omitempty"`
 }
 type SelectBy_Role struct {
-	Role NodeRole `protobuf:"varint,11,opt,name=role,proto3,enum=docker.swarmkit.v1.NodeRole,oneof"`
+	Role NodeRole `protobuf:"varint,11,opt,name=role,proto3,enum=docker.swarmkit.v1.NodeRole,oneof" json:"role,omitempty"`
 }
 type SelectBy_Membership struct {
-	Membership NodeSpec_Membership `protobuf:"varint,12,opt,name=membership,proto3,enum=docker.swarmkit.v1.NodeSpec_Membership,oneof"`
+	Membership NodeSpec_Membership `protobuf:"varint,12,opt,name=membership,proto3,enum=docker.swarmkit.v1.NodeSpec_Membership,oneof" json:"membership,omitempty"`
 }
 type SelectBy_ReferencedNetworkID struct {
-	ReferencedNetworkID string `protobuf:"bytes,13,opt,name=referenced_network_id,json=referencedNetworkId,proto3,oneof"`
+	ReferencedNetworkID string `protobuf:"bytes,13,opt,name=referenced_network_id,json=referencedNetworkId,proto3,oneof" json:"referenced_network_id,omitempty"`
 }
 type SelectBy_ReferencedSecretID struct {
-	ReferencedSecretID string `protobuf:"bytes,14,opt,name=referenced_secret_id,json=referencedSecretId,proto3,oneof"`
+	ReferencedSecretID string `protobuf:"bytes,14,opt,name=referenced_secret_id,json=referencedSecretId,proto3,oneof" json:"referenced_secret_id,omitempty"`
 }
 type SelectBy_ReferencedConfigID struct {
-	ReferencedConfigID string `protobuf:"bytes,16,opt,name=referenced_config_id,json=referencedConfigId,proto3,oneof"`
+	ReferencedConfigID string `protobuf:"bytes,16,opt,name=referenced_config_id,json=referencedConfigId,proto3,oneof" json:"referenced_config_id,omitempty"`
 }
 type SelectBy_Kind struct {
-	Kind string `protobuf:"bytes,15,opt,name=kind,proto3,oneof"`
+	Kind string `protobuf:"bytes,15,opt,name=kind,proto3,oneof" json:"kind,omitempty"`
 }
 
 func (*SelectBy_ID) isSelectBy_By()                  {}
@@ -641,9 +569,9 @@ func (m *SelectBy) GetKind() string {
 	return ""
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*SelectBy) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _SelectBy_OneofMarshaler, _SelectBy_OneofUnmarshaler, _SelectBy_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*SelectBy) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*SelectBy_ID)(nil),
 		(*SelectBy_IDPrefix)(nil),
 		(*SelectBy_Name)(nil),
@@ -663,280 +591,17 @@ func (*SelectBy) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) erro
 	}
 }
 
-func _SelectBy_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*SelectBy)
-	// By
-	switch x := m.By.(type) {
-	case *SelectBy_ID:
-		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.ID)
-	case *SelectBy_IDPrefix:
-		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.IDPrefix)
-	case *SelectBy_Name:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.Name)
-	case *SelectBy_NamePrefix:
-		_ = b.EncodeVarint(4<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.NamePrefix)
-	case *SelectBy_Custom:
-		_ = b.EncodeVarint(5<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Custom); err != nil {
-			return err
-		}
-	case *SelectBy_CustomPrefix:
-		_ = b.EncodeVarint(6<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.CustomPrefix); err != nil {
-			return err
-		}
-	case *SelectBy_ServiceID:
-		_ = b.EncodeVarint(7<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.ServiceID)
-	case *SelectBy_NodeID:
-		_ = b.EncodeVarint(8<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.NodeID)
-	case *SelectBy_Slot:
-		_ = b.EncodeVarint(9<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Slot); err != nil {
-			return err
-		}
-	case *SelectBy_DesiredState:
-		_ = b.EncodeVarint(10<<3 | proto.WireVarint)
-		_ = b.EncodeVarint(uint64(x.DesiredState))
-	case *SelectBy_Role:
-		_ = b.EncodeVarint(11<<3 | proto.WireVarint)
-		_ = b.EncodeVarint(uint64(x.Role))
-	case *SelectBy_Membership:
-		_ = b.EncodeVarint(12<<3 | proto.WireVarint)
-		_ = b.EncodeVarint(uint64(x.Membership))
-	case *SelectBy_ReferencedNetworkID:
-		_ = b.EncodeVarint(13<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.ReferencedNetworkID)
-	case *SelectBy_ReferencedSecretID:
-		_ = b.EncodeVarint(14<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.ReferencedSecretID)
-	case *SelectBy_ReferencedConfigID:
-		_ = b.EncodeVarint(16<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.ReferencedConfigID)
-	case *SelectBy_Kind:
-		_ = b.EncodeVarint(15<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.Kind)
-	case nil:
-	default:
-		return fmt.Errorf("SelectBy.By has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _SelectBy_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*SelectBy)
-	switch tag {
-	case 1: // By.id
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_ID{x}
-		return true, err
-	case 2: // By.id_prefix
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_IDPrefix{x}
-		return true, err
-	case 3: // By.name
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_Name{x}
-		return true, err
-	case 4: // By.name_prefix
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_NamePrefix{x}
-		return true, err
-	case 5: // By.custom
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(SelectByCustom)
-		err := b.DecodeMessage(msg)
-		m.By = &SelectBy_Custom{msg}
-		return true, err
-	case 6: // By.custom_prefix
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(SelectByCustom)
-		err := b.DecodeMessage(msg)
-		m.By = &SelectBy_CustomPrefix{msg}
-		return true, err
-	case 7: // By.service_id
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_ServiceID{x}
-		return true, err
-	case 8: // By.node_id
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_NodeID{x}
-		return true, err
-	case 9: // By.slot
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(SelectBySlot)
-		err := b.DecodeMessage(msg)
-		m.By = &SelectBy_Slot{msg}
-		return true, err
-	case 10: // By.desired_state
-		if wire != proto.WireVarint {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeVarint()
-		m.By = &SelectBy_DesiredState{TaskState(x)}
-		return true, err
-	case 11: // By.role
-		if wire != proto.WireVarint {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeVarint()
-		m.By = &SelectBy_Role{NodeRole(x)}
-		return true, err
-	case 12: // By.membership
-		if wire != proto.WireVarint {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeVarint()
-		m.By = &SelectBy_Membership{NodeSpec_Membership(x)}
-		return true, err
-	case 13: // By.referenced_network_id
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_ReferencedNetworkID{x}
-		return true, err
-	case 14: // By.referenced_secret_id
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_ReferencedSecretID{x}
-		return true, err
-	case 16: // By.referenced_config_id
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_ReferencedConfigID{x}
-		return true, err
-	case 15: // By.kind
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.By = &SelectBy_Kind{x}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _SelectBy_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*SelectBy)
-	// By
-	switch x := m.By.(type) {
-	case *SelectBy_ID:
-		n += proto.SizeVarint(1<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.ID)))
-		n += len(x.ID)
-	case *SelectBy_IDPrefix:
-		n += proto.SizeVarint(2<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.IDPrefix)))
-		n += len(x.IDPrefix)
-	case *SelectBy_Name:
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.Name)))
-		n += len(x.Name)
-	case *SelectBy_NamePrefix:
-		n += proto.SizeVarint(4<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.NamePrefix)))
-		n += len(x.NamePrefix)
-	case *SelectBy_Custom:
-		s := proto.Size(x.Custom)
-		n += proto.SizeVarint(5<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *SelectBy_CustomPrefix:
-		s := proto.Size(x.CustomPrefix)
-		n += proto.SizeVarint(6<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *SelectBy_ServiceID:
-		n += proto.SizeVarint(7<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.ServiceID)))
-		n += len(x.ServiceID)
-	case *SelectBy_NodeID:
-		n += proto.SizeVarint(8<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.NodeID)))
-		n += len(x.NodeID)
-	case *SelectBy_Slot:
-		s := proto.Size(x.Slot)
-		n += proto.SizeVarint(9<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *SelectBy_DesiredState:
-		n += proto.SizeVarint(10<<3 | proto.WireVarint)
-		n += proto.SizeVarint(uint64(x.DesiredState))
-	case *SelectBy_Role:
-		n += proto.SizeVarint(11<<3 | proto.WireVarint)
-		n += proto.SizeVarint(uint64(x.Role))
-	case *SelectBy_Membership:
-		n += proto.SizeVarint(12<<3 | proto.WireVarint)
-		n += proto.SizeVarint(uint64(x.Membership))
-	case *SelectBy_ReferencedNetworkID:
-		n += proto.SizeVarint(13<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.ReferencedNetworkID)))
-		n += len(x.ReferencedNetworkID)
-	case *SelectBy_ReferencedSecretID:
-		n += proto.SizeVarint(14<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.ReferencedSecretID)))
-		n += len(x.ReferencedSecretID)
-	case *SelectBy_ReferencedConfigID:
-		n += proto.SizeVarint(16<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.ReferencedConfigID)))
-		n += len(x.ReferencedConfigID)
-	case *SelectBy_Kind:
-		n += proto.SizeVarint(15<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.Kind)))
-		n += len(x.Kind)
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 type WatchRequest struct {
 	// Multiple entries are combined using OR logic - i.e. if an event
 	// matches all of the selectors specified in any single watch entry,
 	// the event will be sent to the client.
-	Entries []*WatchRequest_WatchEntry `protobuf:"bytes,1,rep,name=entries" json:"entries,omitempty"`
+	Entries []*WatchRequest_WatchEntry `protobuf:"bytes,1,rep,name=entries,proto3" json:"entries,omitempty"`
 	// ResumeFrom provides an version to resume the watch from, if non-nil.
 	// The watch will return changes since this version, and continue to
 	// return new changes afterwards. Watch will return an error if the
 	// server has compacted its log and no longer has complete history to
 	// this point.
-	ResumeFrom *Version `protobuf:"bytes,2,opt,name=resume_from,json=resumeFrom" json:"resume_from,omitempty"`
+	ResumeFrom *Version `protobuf:"bytes,2,opt,name=resume_from,json=resumeFrom,proto3" json:"resume_from,omitempty"`
 	// IncludeOldObject causes WatchMessages to include a copy of the
 	// previous version of the object on updates. Note that only live
 	// changes will include the old object (not historical changes
@@ -944,9 +609,37 @@ type WatchRequest struct {
 	IncludeOldObject bool `protobuf:"varint,3,opt,name=include_old_object,json=includeOldObject,proto3" json:"include_old_object,omitempty"`
 }
 
-func (m *WatchRequest) Reset()                    { *m = WatchRequest{} }
-func (*WatchRequest) ProtoMessage()               {}
-func (*WatchRequest) Descriptor() ([]byte, []int) { return fileDescriptorWatch, []int{4} }
+func (m *WatchRequest) Reset()      { *m = WatchRequest{} }
+func (*WatchRequest) ProtoMessage() {}
+func (*WatchRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{4}
+}
+func (m *WatchRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WatchRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WatchRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WatchRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WatchRequest.Merge(m, src)
+}
+func (m *WatchRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *WatchRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_WatchRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WatchRequest proto.InternalMessageInfo
 
 type WatchRequest_WatchEntry struct {
 	// Kind can contain a builtin type such as "node", "secret", etc. or
@@ -957,26 +650,82 @@ type WatchRequest_WatchEntry struct {
 	Action WatchActionKind `protobuf:"varint,2,opt,name=action,proto3,enum=docker.swarmkit.v1.WatchActionKind" json:"action,omitempty"`
 	// Filters are combined using AND logic - an event must match
 	// all of them to pass the filter.
-	Filters []*SelectBy `protobuf:"bytes,3,rep,name=filters" json:"filters,omitempty"`
+	Filters []*SelectBy `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (m *WatchRequest_WatchEntry) Reset()      { *m = WatchRequest_WatchEntry{} }
+func (*WatchRequest_WatchEntry) ProtoMessage() {}
+func (*WatchRequest_WatchEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{4, 0}
+}
+func (m *WatchRequest_WatchEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WatchRequest_WatchEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WatchRequest_WatchEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WatchRequest_WatchEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WatchRequest_WatchEntry.Merge(m, src)
+}
+func (m *WatchRequest_WatchEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *WatchRequest_WatchEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_WatchRequest_WatchEntry.DiscardUnknown(m)
 }
 
-func (m *WatchRequest_WatchEntry) Reset()                    { *m = WatchRequest_WatchEntry{} }
-func (*WatchRequest_WatchEntry) ProtoMessage()               {}
-func (*WatchRequest_WatchEntry) Descriptor() ([]byte, []int) { return fileDescriptorWatch, []int{4, 0} }
+var xxx_messageInfo_WatchRequest_WatchEntry proto.InternalMessageInfo
 
 // WatchMessage is the type of the stream that's returned to the client by
 // Watch. Note that the first item of this stream will always be a WatchMessage
 // with a nil Object, to signal that the stream has started.
 type WatchMessage struct {
-	Events []*WatchMessage_Event `protobuf:"bytes,1,rep,name=events" json:"events,omitempty"`
+	Events []*WatchMessage_Event `protobuf:"bytes,1,rep,name=events,proto3" json:"events,omitempty"`
 	// Index versions this change to the data store. It can be used to
 	// resume the watch from this point.
-	Version *Version `protobuf:"bytes,2,opt,name=version" json:"version,omitempty"`
+	Version *Version `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
+}
+
+func (m *WatchMessage) Reset()      { *m = WatchMessage{} }
+func (*WatchMessage) ProtoMessage() {}
+func (*WatchMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{5}
+}
+func (m *WatchMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WatchMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WatchMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WatchMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WatchMessage.Merge(m, src)
+}
+func (m *WatchMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *WatchMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_WatchMessage.DiscardUnknown(m)
 }
 
-func (m *WatchMessage) Reset()                    { *m = WatchMessage{} }
-func (*WatchMessage) ProtoMessage()               {}
-func (*WatchMessage) Descriptor() ([]byte, []int) { return fileDescriptorWatch, []int{5} }
+var xxx_messageInfo_WatchMessage proto.InternalMessageInfo
 
 type WatchMessage_Event struct {
 	// Action (create/update/delete)
@@ -984,18 +733,47 @@ type WatchMessage_Event struct {
 	// mark transaction boundaries.
 	Action WatchActionKind `protobuf:"varint,1,opt,name=action,proto3,enum=docker.swarmkit.v1.WatchActionKind" json:"action,omitempty"`
 	// Matched object
-	Object *Object `protobuf:"bytes,2,opt,name=object" json:"object,omitempty"`
+	Object *Object `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"`
 	// For updates, OldObject will optionally be included in the
 	// watch message, containing the previous version of the
 	// object, if IncludeOldObject was set in WatchRequest.
-	OldObject *Object `protobuf:"bytes,3,opt,name=old_object,json=oldObject" json:"old_object,omitempty"`
+	OldObject *Object `protobuf:"bytes,3,opt,name=old_object,json=oldObject,proto3" json:"old_object,omitempty"`
+}
+
+func (m *WatchMessage_Event) Reset()      { *m = WatchMessage_Event{} }
+func (*WatchMessage_Event) ProtoMessage() {}
+func (*WatchMessage_Event) Descriptor() ([]byte, []int) {
+	return fileDescriptor_da25266013800cd9, []int{5, 0}
+}
+func (m *WatchMessage_Event) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WatchMessage_Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WatchMessage_Event.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WatchMessage_Event) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WatchMessage_Event.Merge(m, src)
+}
+func (m *WatchMessage_Event) XXX_Size() int {
+	return m.Size()
+}
+func (m *WatchMessage_Event) XXX_DiscardUnknown() {
+	xxx_messageInfo_WatchMessage_Event.DiscardUnknown(m)
 }
 
-func (m *WatchMessage_Event) Reset()                    { *m = WatchMessage_Event{} }
-func (*WatchMessage_Event) ProtoMessage()               {}
-func (*WatchMessage_Event) Descriptor() ([]byte, []int) { return fileDescriptorWatch, []int{5, 0} }
+var xxx_messageInfo_WatchMessage_Event proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterEnum("docker.swarmkit.v1.WatchActionKind", WatchActionKind_name, WatchActionKind_value)
 	proto.RegisterType((*Object)(nil), "docker.swarmkit.v1.Object")
 	proto.RegisterType((*SelectBySlot)(nil), "docker.swarmkit.v1.SelectBySlot")
 	proto.RegisterType((*SelectByCustom)(nil), "docker.swarmkit.v1.SelectByCustom")
@@ -1004,7 +782,89 @@ func init() {
 	proto.RegisterType((*WatchRequest_WatchEntry)(nil), "docker.swarmkit.v1.WatchRequest.WatchEntry")
 	proto.RegisterType((*WatchMessage)(nil), "docker.swarmkit.v1.WatchMessage")
 	proto.RegisterType((*WatchMessage_Event)(nil), "docker.swarmkit.v1.WatchMessage.Event")
-	proto.RegisterEnum("docker.swarmkit.v1.WatchActionKind", WatchActionKind_name, WatchActionKind_value)
+}
+
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/api/watch.proto", fileDescriptor_da25266013800cd9)
+}
+
+var fileDescriptor_da25266013800cd9 = []byte{
+	// 1199 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x96, 0xbd, 0x73, 0x1b, 0xc5,
+	0x1b, 0xc7, 0xef, 0x14, 0xf9, 0x24, 0x3d, 0xb6, 0x13, 0xcf, 0xc6, 0x49, 0xee, 0xa7, 0x5f, 0x90,
+	0x85, 0x78, 0xcb, 0x24, 0x41, 0x06, 0x13, 0x92, 0x01, 0x02, 0x33, 0x96, 0x2c, 0x46, 0x22, 0xe3,
+	0x97, 0x59, 0xdb, 0x49, 0xa9, 0x39, 0xdf, 0x3d, 0x56, 0x0e, 0xdf, 0xdd, 0x8a, 0xbd, 0x93, 0x1d,
+	0x77, 0x14, 0x14, 0x4c, 0x2a, 0x1a, 0x66, 0x68, 0x52, 0x41, 0x4d, 0x43, 0x07, 0xff, 0x40, 0x86,
+	0x2a, 0x65, 0x68, 0x3c, 0x44, 0xe9, 0x28, 0xf8, 0x0b, 0x28, 0x98, 0x7d, 0x39, 0xdb, 0x51, 0x4e,
+	0x36, 0xa9, 0xb4, 0xb7, 0xf7, 0xf9, 0x3e, 0xfb, 0xec, 0xf3, 0x76, 0x82, 0xab, 0x3d, 0x3f, 0xb9,
+	0x3f, 0xd8, 0xaa, 0xbb, 0x2c, 0x9c, 0xf7, 0x98, 0xbb, 0x83, 0x7c, 0x3e, 0xde, 0x73, 0x78, 0xb8,
+	0xe3, 0x27, 0xf3, 0x4e, 0xdf, 0x9f, 0xdf, 0x73, 0x12, 0xf7, 0x7e, 0xbd, 0xcf, 0x59, 0xc2, 0x08,
+	0x51, 0x40, 0x3d, 0x05, 0xea, 0xbb, 0xef, 0x97, 0x4f, 0xd3, 0xc7, 0x7d, 0x74, 0x63, 0xa5, 0x2f,
+	0x5f, 0x3f, 0x85, 0x65, 0x5b, 0x5f, 0xa2, 0x9b, 0xa4, 0xf4, 0x69, 0x96, 0x93, 0xfd, 0x3e, 0xa6,
+	0xec, 0x6c, 0x8f, 0xf5, 0x98, 0x5c, 0xce, 0x8b, 0x95, 0xde, 0xbd, 0x75, 0x82, 0x05, 0x49, 0x6c,
+	0x0d, 0xb6, 0xe7, 0xfb, 0xc1, 0xa0, 0xe7, 0x47, 0xfa, 0x47, 0x09, 0x6b, 0xdf, 0xe4, 0xc1, 0x5a,
+	0x95, 0xce, 0x90, 0x3a, 0xe4, 0x23, 0xe6, 0xa1, 0x6d, 0x56, 0xcd, 0x2b, 0x93, 0x0b, 0x76, 0xfd,
+	0xe5, 0x10, 0xd4, 0x57, 0x98, 0x87, 0x6d, 0x83, 0x4a, 0x8e, 0xdc, 0x82, 0x42, 0x8c, 0x7c, 0xd7,
+	0x77, 0xd1, 0xce, 0x49, 0xc9, 0xff, 0xb3, 0x24, 0xeb, 0x0a, 0x69, 0x1b, 0x34, 0xa5, 0x85, 0x30,
+	0xc2, 0x64, 0x8f, 0xf1, 0x1d, 0xfb, 0xcc, 0x78, 0xe1, 0x8a, 0x42, 0x84, 0x50, 0xd3, 0xc2, 0xc3,
+	0xc4, 0x89, 0x77, 0xec, 0xfc, 0x78, 0x0f, 0x37, 0x9c, 0x58, 0x48, 0x24, 0x27, 0x0e, 0x72, 0x83,
+	0x41, 0x9c, 0x20, 0xb7, 0x27, 0xc6, 0x1f, 0xd4, 0x54, 0x88, 0x38, 0x48, 0xd3, 0xe4, 0x06, 0x58,
+	0x31, 0xba, 0x1c, 0x13, 0xdb, 0x92, 0xba, 0x72, 0xf6, 0xcd, 0x04, 0xd1, 0x36, 0xa8, 0x66, 0xc9,
+	0xc7, 0x50, 0xe4, 0x18, 0xb3, 0x01, 0x77, 0xd1, 0x2e, 0x48, 0xdd, 0xe5, 0x2c, 0x1d, 0xd5, 0x4c,
+	0xdb, 0xa0, 0x87, 0x3c, 0xf9, 0x14, 0x4a, 0xf8, 0x20, 0xc1, 0x28, 0xf6, 0x59, 0x64, 0x17, 0xa5,
+	0xf8, 0xb5, 0x2c, 0x71, 0x2b, 0x85, 0xda, 0x06, 0x3d, 0x52, 0x08, 0x87, 0x5d, 0x16, 0x6d, 0xfb,
+	0x3d, 0xbb, 0x34, 0xde, 0xe1, 0xa6, 0x24, 0x84, 0xc3, 0x8a, 0x6d, 0x14, 0xd3, 0xdc, 0xd7, 0xd6,
+	0x60, 0x6a, 0x1d, 0x03, 0x74, 0x93, 0xc6, 0xfe, 0x7a, 0xc0, 0x12, 0x72, 0x1d, 0x40, 0x67, 0xab,
+	0xeb, 0x7b, 0xb2, 0x22, 0x4a, 0x8d, 0xe9, 0xe1, 0xc1, 0x5c, 0x49, 0xa7, 0xb3, 0xb3, 0x44, 0x4b,
+	0x1a, 0xe8, 0x78, 0x84, 0x40, 0x3e, 0x0e, 0x58, 0x22, 0xcb, 0x20, 0x4f, 0xe5, 0xba, 0xb6, 0x06,
+	0x67, 0x53, 0x8b, 0xcd, 0x41, 0x9c, 0xb0, 0x50, 0x50, 0x3b, 0x7e, 0xa4, 0xad, 0x51, 0xb9, 0x26,
+	0xb3, 0x30, 0xe1, 0x47, 0x1e, 0x3e, 0x90, 0xd2, 0x12, 0x55, 0x0f, 0x62, 0x77, 0xd7, 0x09, 0x06,
+	0x28, 0xcb, 0xa3, 0x44, 0xd5, 0x43, 0xed, 0x2f, 0x0b, 0x8a, 0xa9, 0x49, 0x62, 0x43, 0xee, 0xd0,
+	0x31, 0x6b, 0x78, 0x30, 0x97, 0xeb, 0x2c, 0xb5, 0x0d, 0x9a, 0xf3, 0x3d, 0x72, 0x0d, 0x4a, 0xbe,
+	0xd7, 0xed, 0x73, 0xdc, 0xf6, 0xb5, 0xd9, 0xc6, 0xd4, 0xf0, 0x60, 0xae, 0xd8, 0x59, 0x5a, 0x93,
+	0x7b, 0x22, 0xec, 0xbe, 0xa7, 0xd6, 0x64, 0x16, 0xf2, 0x91, 0x13, 0xea, 0x83, 0x64, 0x65, 0x3b,
+	0x21, 0x92, 0xd7, 0x61, 0x52, 0xfc, 0xa6, 0x46, 0xf2, 0xfa, 0x25, 0x88, 0x4d, 0x2d, 0xbc, 0x0d,
+	0x96, 0x2b, 0xaf, 0xa5, 0x2b, 0xab, 0x96, 0x5d, 0x21, 0xc7, 0x03, 0x20, 0x03, 0xaf, 0x42, 0xd1,
+	0x81, 0x69, 0xb5, 0x4a, 0x8f, 0xb0, 0x5e, 0xc1, 0xc8, 0x94, 0x92, 0x6a, 0x47, 0xea, 0x2f, 0x64,
+	0xaa, 0x90, 0x91, 0x29, 0x51, 0x29, 0x47, 0xb9, 0x7a, 0x0b, 0x0a, 0xa2, 0x7b, 0x05, 0x5c, 0x94,
+	0x30, 0x0c, 0x0f, 0xe6, 0x2c, 0xd1, 0xd8, 0x92, 0xb4, 0xc4, 0xcb, 0x8e, 0x47, 0x6e, 0xea, 0x94,
+	0xaa, 0x72, 0xaa, 0x9e, 0xe4, 0x98, 0x28, 0x18, 0x11, 0x3a, 0xc1, 0x93, 0x25, 0x98, 0xf6, 0x30,
+	0xf6, 0x39, 0x7a, 0xdd, 0x38, 0x71, 0x12, 0xb4, 0xa1, 0x6a, 0x5e, 0x39, 0x9b, 0x5d, 0xcb, 0xa2,
+	0x57, 0xd7, 0x05, 0x24, 0x2e, 0xa5, 0x55, 0xf2, 0x99, 0x2c, 0x40, 0x9e, 0xb3, 0x00, 0xed, 0x49,
+	0x29, 0xbe, 0x3c, 0x6e, 0x14, 0x51, 0x16, 0xc8, 0x71, 0x24, 0x58, 0xd2, 0x01, 0x08, 0x31, 0xdc,
+	0x42, 0x1e, 0xdf, 0xf7, 0xfb, 0xf6, 0x94, 0x54, 0xbe, 0x33, 0x4e, 0xb9, 0xde, 0x47, 0xb7, 0xbe,
+	0x7c, 0x88, 0x8b, 0xe4, 0x1e, 0x89, 0xc9, 0x32, 0x5c, 0xe0, 0xb8, 0x8d, 0x1c, 0x23, 0x17, 0xbd,
+	0xae, 0x9e, 0x3e, 0x22, 0x62, 0xd3, 0x32, 0x62, 0x97, 0x86, 0x07, 0x73, 0xe7, 0xe9, 0x21, 0xa0,
+	0x07, 0x95, 0x0c, 0xdf, 0x79, 0xfe, 0xd2, 0xb6, 0x47, 0xbe, 0x80, 0xd9, 0x63, 0xe6, 0xd4, 0xb0,
+	0x10, 0xd6, 0xce, 0x4a, 0x6b, 0x17, 0x87, 0x07, 0x73, 0xe4, 0xc8, 0x9a, 0x9a, 0x2a, 0xd2, 0x18,
+	0xe1, 0xa3, 0xbb, 0xa3, 0xb6, 0x54, 0x1f, 0x0b, 0x5b, 0x33, 0x59, 0xb6, 0x54, 0xc3, 0x8f, 0xda,
+	0xd2, 0xbb, 0xa2, 0xf9, 0x54, 0x43, 0x9e, 0x4b, 0x8b, 0x5f, 0x3c, 0x35, 0xf2, 0x90, 0x6b, 0xec,
+	0xd7, 0xfe, 0xc8, 0xc1, 0xd4, 0x3d, 0xf1, 0x41, 0xa4, 0xf8, 0xd5, 0x00, 0xe3, 0x84, 0xb4, 0xa0,
+	0x80, 0x51, 0xc2, 0x7d, 0x8c, 0x6d, 0xb3, 0x7a, 0xe6, 0xca, 0xe4, 0xc2, 0xb5, 0xac, 0xd8, 0x1e,
+	0x97, 0xa8, 0x87, 0x56, 0x94, 0xf0, 0x7d, 0x9a, 0x6a, 0xc9, 0x6d, 0x98, 0xe4, 0x18, 0x0f, 0x42,
+	0xec, 0x6e, 0x73, 0x16, 0x9e, 0xf4, 0xe1, 0xb8, 0x8b, 0x5c, 0x8c, 0x36, 0x0a, 0x8a, 0xff, 0x9c,
+	0xb3, 0x90, 0x5c, 0x07, 0xe2, 0x47, 0x6e, 0x30, 0xf0, 0xb0, 0xcb, 0x02, 0xaf, 0xab, 0xbe, 0xa2,
+	0xb2, 0x79, 0x8b, 0x74, 0x46, 0xbf, 0x59, 0x0d, 0x3c, 0x35, 0xd4, 0xca, 0xdf, 0x9b, 0x00, 0x47,
+	0x3e, 0x64, 0xce, 0x9f, 0x4f, 0xc0, 0x72, 0xdc, 0x44, 0xcc, 0xdc, 0x9c, 0x2c, 0x98, 0x37, 0xc6,
+	0x5e, 0x6a, 0x51, 0x62, 0x77, 0xfc, 0xc8, 0xa3, 0x5a, 0x42, 0x6e, 0x42, 0x61, 0xdb, 0x0f, 0x12,
+	0xe4, 0xb1, 0x7d, 0x46, 0x86, 0xe4, 0xf2, 0x49, 0x6d, 0x42, 0x53, 0xb8, 0xf6, 0x5b, 0x1a, 0xdb,
+	0x65, 0x8c, 0x63, 0xa7, 0x87, 0xe4, 0x33, 0xb0, 0x70, 0x17, 0xa3, 0x24, 0x0d, 0xed, 0xdb, 0x63,
+	0xbd, 0xd0, 0x8a, 0x7a, 0x4b, 0xe0, 0x54, 0xab, 0xc8, 0x87, 0x50, 0xd8, 0x55, 0xd1, 0xfa, 0x2f,
+	0x01, 0x4d, 0xd9, 0xf2, 0x2f, 0x26, 0x4c, 0x48, 0x43, 0xc7, 0xc2, 0x60, 0xbe, 0x7a, 0x18, 0x16,
+	0xc0, 0xd2, 0x89, 0xc8, 0x8d, 0xff, 0xf6, 0xa8, 0x94, 0x50, 0x4d, 0x92, 0x8f, 0x00, 0x46, 0x12,
+	0x78, 0xb2, 0xae, 0xc4, 0xd2, 0xac, 0x5e, 0xfd, 0xc7, 0x84, 0x73, 0x23, 0xae, 0x90, 0x1b, 0x30,
+	0x7b, 0x6f, 0x71, 0xa3, 0xd9, 0xee, 0x2e, 0x36, 0x37, 0x3a, 0xab, 0x2b, 0xdd, 0xcd, 0x95, 0x3b,
+	0x2b, 0xab, 0xf7, 0x56, 0x66, 0x8c, 0x72, 0xf9, 0xe1, 0xa3, 0xea, 0xc5, 0x11, 0x7c, 0x33, 0xda,
+	0x89, 0xd8, 0x9e, 0x70, 0xfc, 0xfc, 0x0b, 0xaa, 0x26, 0x6d, 0x2d, 0x6e, 0xb4, 0x66, 0xcc, 0xf2,
+	0xff, 0x1e, 0x3e, 0xaa, 0x5e, 0x18, 0x11, 0x35, 0x39, 0xaa, 0xc9, 0xf4, 0xa2, 0x66, 0x73, 0x6d,
+	0x49, 0x68, 0x72, 0x99, 0x9a, 0xcd, 0xbe, 0x97, 0xa5, 0xa1, 0xad, 0xe5, 0xd5, 0xbb, 0xad, 0x99,
+	0x7c, 0xa6, 0x86, 0x62, 0xc8, 0x76, 0xb1, 0x7c, 0xe9, 0xdb, 0x1f, 0x2b, 0xc6, 0xaf, 0x3f, 0x55,
+	0x46, 0xaf, 0xba, 0x10, 0xc2, 0x84, 0xdc, 0x22, 0x5e, 0xba, 0xa8, 0x9e, 0xd6, 0x88, 0xe5, 0xea,
+	0x69, 0xf5, 0x54, 0xbb, 0xf0, 0xfb, 0xcf, 0x7f, 0xff, 0x90, 0x3b, 0x07, 0xd3, 0x92, 0x78, 0x37,
+	0x74, 0x22, 0xa7, 0x87, 0xfc, 0x3d, 0xb3, 0xf1, 0xe6, 0xe3, 0x67, 0x15, 0xe3, 0xe9, 0xb3, 0x8a,
+	0xf1, 0xf5, 0xb0, 0x62, 0x3e, 0x1e, 0x56, 0xcc, 0x27, 0xc3, 0x8a, 0xf9, 0xe7, 0xb0, 0x62, 0x7e,
+	0xf7, 0xbc, 0x62, 0x3c, 0x79, 0x5e, 0x31, 0x9e, 0x3e, 0xaf, 0x18, 0x5b, 0x96, 0xfc, 0x33, 0xf9,
+	0xc1, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x96, 0x4e, 0x58, 0x61, 0x63, 0x0b, 0x00, 0x00,
 }
 
 type authenticatedWrapperWatchServer struct {
@@ -1046,55 +906,55 @@ func (m *Object) CopyFrom(src interface{}) {
 			v := Object_Node{
 				Node: &Node{},
 			}
-			deepcopy.Copy(v.Node, o.GetNode())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Node, o.GetNode())
 			m.Object = &v
 		case *Object_Service:
 			v := Object_Service{
 				Service: &Service{},
 			}
-			deepcopy.Copy(v.Service, o.GetService())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Service, o.GetService())
 			m.Object = &v
 		case *Object_Network:
 			v := Object_Network{
 				Network: &Network{},
 			}
-			deepcopy.Copy(v.Network, o.GetNetwork())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Network, o.GetNetwork())
 			m.Object = &v
 		case *Object_Task:
 			v := Object_Task{
 				Task: &Task{},
 			}
-			deepcopy.Copy(v.Task, o.GetTask())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Task, o.GetTask())
 			m.Object = &v
 		case *Object_Cluster:
 			v := Object_Cluster{
 				Cluster: &Cluster{},
 			}
-			deepcopy.Copy(v.Cluster, o.GetCluster())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Cluster, o.GetCluster())
 			m.Object = &v
 		case *Object_Secret:
 			v := Object_Secret{
 				Secret: &Secret{},
 			}
-			deepcopy.Copy(v.Secret, o.GetSecret())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Secret, o.GetSecret())
 			m.Object = &v
 		case *Object_Resource:
 			v := Object_Resource{
 				Resource: &Resource{},
 			}
-			deepcopy.Copy(v.Resource, o.GetResource())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Resource, o.GetResource())
 			m.Object = &v
 		case *Object_Extension:
 			v := Object_Extension{
 				Extension: &Extension{},
 			}
-			deepcopy.Copy(v.Extension, o.GetExtension())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Extension, o.GetExtension())
 			m.Object = &v
 		case *Object_Config:
 			v := Object_Config{
 				Config: &Config{},
 			}
-			deepcopy.Copy(v.Config, o.GetConfig())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Config, o.GetConfig())
 			m.Object = &v
 		}
 	}
@@ -1170,13 +1030,13 @@ func (m *SelectBy) CopyFrom(src interface{}) {
 			v := SelectBy_Custom{
 				Custom: &SelectByCustom{},
 			}
-			deepcopy.Copy(v.Custom, o.GetCustom())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Custom, o.GetCustom())
 			m.By = &v
 		case *SelectBy_CustomPrefix:
 			v := SelectBy_CustomPrefix{
 				CustomPrefix: &SelectByCustom{},
 			}
-			deepcopy.Copy(v.CustomPrefix, o.GetCustomPrefix())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.CustomPrefix, o.GetCustomPrefix())
 			m.By = &v
 		case *SelectBy_ServiceID:
 			v := SelectBy_ServiceID{
@@ -1192,7 +1052,7 @@ func (m *SelectBy) CopyFrom(src interface{}) {
 			v := SelectBy_Slot{
 				Slot: &SelectBySlot{},
 			}
-			deepcopy.Copy(v.Slot, o.GetSlot())
+			github_com_docker_swarmkit_api_deepcopy.Copy(v.Slot, o.GetSlot())
 			m.By = &v
 		case *SelectBy_DesiredState:
 			v := SelectBy_DesiredState{
@@ -1251,13 +1111,13 @@ func (m *WatchRequest) CopyFrom(src interface{}) {
 		m.Entries = make([]*WatchRequest_WatchEntry, len(o.Entries))
 		for i := range m.Entries {
 			m.Entries[i] = &WatchRequest_WatchEntry{}
-			deepcopy.Copy(m.Entries[i], o.Entries[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Entries[i], o.Entries[i])
 		}
 	}
 
 	if o.ResumeFrom != nil {
 		m.ResumeFrom = &Version{}
-		deepcopy.Copy(m.ResumeFrom, o.ResumeFrom)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.ResumeFrom, o.ResumeFrom)
 	}
 }
 
@@ -1278,7 +1138,7 @@ func (m *WatchRequest_WatchEntry) CopyFrom(src interface{}) {
 		m.Filters = make([]*SelectBy, len(o.Filters))
 		for i := range m.Filters {
 			m.Filters[i] = &SelectBy{}
-			deepcopy.Copy(m.Filters[i], o.Filters[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Filters[i], o.Filters[i])
 		}
 	}
 
@@ -1301,13 +1161,13 @@ func (m *WatchMessage) CopyFrom(src interface{}) {
 		m.Events = make([]*WatchMessage_Event, len(o.Events))
 		for i := range m.Events {
 			m.Events[i] = &WatchMessage_Event{}
-			deepcopy.Copy(m.Events[i], o.Events[i])
+			github_com_docker_swarmkit_api_deepcopy.Copy(m.Events[i], o.Events[i])
 		}
 	}
 
 	if o.Version != nil {
 		m.Version = &Version{}
-		deepcopy.Copy(m.Version, o.Version)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Version, o.Version)
 	}
 }
 
@@ -1326,11 +1186,11 @@ func (m *WatchMessage_Event) CopyFrom(src interface{}) {
 	*m = *o
 	if o.Object != nil {
 		m.Object = &Object{}
-		deepcopy.Copy(m.Object, o.Object)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.Object, o.Object)
 	}
 	if o.OldObject != nil {
 		m.OldObject = &Object{}
-		deepcopy.Copy(m.OldObject, o.OldObject)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.OldObject, o.OldObject)
 	}
 }
 
@@ -1342,8 +1202,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Watch service
-
+// WatchClient is the client API for Watch service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type WatchClient interface {
 	// Watch starts a stream that returns any changes to objects that match
 	// the specified selectors. When the stream begins, it immediately sends
@@ -1362,7 +1223,7 @@ func NewWatchClient(cc *grpc.ClientConn) WatchClient {
 }
 
 func (c *watchClient) Watch(ctx context.Context, in *WatchRequest, opts ...grpc.CallOption) (Watch_WatchClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Watch_serviceDesc.Streams[0], c.cc, "/docker.swarmkit.v1.Watch/Watch", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Watch_serviceDesc.Streams[0], "/docker.swarmkit.v1.Watch/Watch", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -1393,8 +1254,7 @@ func (x *watchWatchClient) Recv() (*WatchMessage, error) {
 	return m, nil
 }
 
-// Server API for Watch service
-
+// WatchServer is the server API for Watch service.
 type WatchServer interface {
 	// Watch starts a stream that returns any changes to objects that match
 	// the specified selectors. When the stream begins, it immediately sends
@@ -1404,6 +1264,14 @@ type WatchServer interface {
 	Watch(*WatchRequest, Watch_WatchServer) error
 }
 
+// UnimplementedWatchServer can be embedded to have forward compatible implementations.
+type UnimplementedWatchServer struct {
+}
+
+func (*UnimplementedWatchServer) Watch(req *WatchRequest, srv Watch_WatchServer) error {
+	return status.Errorf(codes.Unimplemented, "method Watch not implemented")
+}
+
 func RegisterWatchServer(s *grpc.Server, srv WatchServer) {
 	s.RegisterService(&_Watch_serviceDesc, srv)
 }
@@ -1446,7 +1314,7 @@ var _Watch_serviceDesc = grpc.ServiceDesc{
 func (m *Object) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1454,150 +1322,220 @@ func (m *Object) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Object) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.Object != nil {
-		nn1, err := m.Object.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.Object.Size()
+			i -= size
+			if _, err := m.Object.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn1
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Object_Node) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Node) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Node != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Node.Size()))
-		n2, err := m.Node.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Node.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n2
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Object_Service) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Service) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Service != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Service.Size()))
-		n3, err := m.Service.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n3
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Object_Network) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Network) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Network != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Network.Size()))
-		n4, err := m.Network.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Network.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n4
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Object_Task) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Task) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Task != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Task.Size()))
-		n5, err := m.Task.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Task.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n5
+		i--
+		dAtA[i] = 0x22
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Object_Cluster) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Cluster) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Cluster != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Cluster.Size()))
-		n6, err := m.Cluster.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Cluster.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n6
+		i--
+		dAtA[i] = 0x2a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Object_Secret) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Secret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Secret != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Secret.Size()))
-		n7, err := m.Secret.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n7
+		i--
+		dAtA[i] = 0x32
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Object_Resource) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Resource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Resource != nil {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Resource.Size()))
-		n8, err := m.Resource.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n8
+		i--
+		dAtA[i] = 0x3a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Object_Extension) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Extension) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Extension != nil {
-		dAtA[i] = 0x42
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Extension.Size()))
-		n9, err := m.Extension.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Extension.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n9
+		i--
+		dAtA[i] = 0x42
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Object_Config) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Object_Config) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Config != nil {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Config.Size()))
-		n10, err := m.Config.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Config.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n10
+		i--
+		dAtA[i] = 0x4a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *SelectBySlot) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1605,28 +1543,34 @@ func (m *SelectBySlot) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SelectBySlot) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBySlot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ServiceID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(len(m.ServiceID)))
-		i += copy(dAtA[i:], m.ServiceID)
-	}
 	if m.Slot != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintWatch(dAtA, i, uint64(m.Slot))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ServiceID) > 0 {
+		i -= len(m.ServiceID)
+		copy(dAtA[i:], m.ServiceID)
+		i = encodeVarintWatch(dAtA, i, uint64(len(m.ServiceID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SelectByCustom) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1634,35 +1578,43 @@ func (m *SelectByCustom) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SelectByCustom) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectByCustom) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Kind) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(len(m.Kind)))
-		i += copy(dAtA[i:], m.Kind)
+	if len(m.Value) > 0 {
+		i -= len(m.Value)
+		copy(dAtA[i:], m.Value)
+		i = encodeVarintWatch(dAtA, i, uint64(len(m.Value)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.Index) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Index)
+		copy(dAtA[i:], m.Index)
 		i = encodeVarintWatch(dAtA, i, uint64(len(m.Index)))
-		i += copy(dAtA[i:], m.Index)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Value) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(len(m.Value)))
-		i += copy(dAtA[i:], m.Value)
+	if len(m.Kind) > 0 {
+		i -= len(m.Kind)
+		copy(dAtA[i:], m.Kind)
+		i = encodeVarintWatch(dAtA, i, uint64(len(m.Kind)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SelectBy) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1670,169 +1622,272 @@ func (m *SelectBy) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SelectBy) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.By != nil {
-		nn11, err := m.By.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.By.Size()
+			i -= size
+			if _, err := m.By.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn11
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *SelectBy_ID) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0xa
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_ID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.ID)
+	copy(dAtA[i:], m.ID)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.ID)))
-	i += copy(dAtA[i:], m.ID)
-	return i, nil
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_IDPrefix) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x12
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_IDPrefix) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.IDPrefix)
+	copy(dAtA[i:], m.IDPrefix)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.IDPrefix)))
-	i += copy(dAtA[i:], m.IDPrefix)
-	return i, nil
+	i--
+	dAtA[i] = 0x12
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_Name) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x1a
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_Name) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.Name)))
-	i += copy(dAtA[i:], m.Name)
-	return i, nil
+	i--
+	dAtA[i] = 0x1a
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_NamePrefix) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x22
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_NamePrefix) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.NamePrefix)
+	copy(dAtA[i:], m.NamePrefix)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.NamePrefix)))
-	i += copy(dAtA[i:], m.NamePrefix)
-	return i, nil
+	i--
+	dAtA[i] = 0x22
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_Custom) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_Custom) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Custom != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Custom.Size()))
-		n12, err := m.Custom.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Custom.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n12
+		i--
+		dAtA[i] = 0x2a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_CustomPrefix) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_CustomPrefix) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.CustomPrefix != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.CustomPrefix.Size()))
-		n13, err := m.CustomPrefix.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.CustomPrefix.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n13
+		i--
+		dAtA[i] = 0x32
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_ServiceID) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x3a
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_ServiceID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.ServiceID)
+	copy(dAtA[i:], m.ServiceID)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.ServiceID)))
-	i += copy(dAtA[i:], m.ServiceID)
-	return i, nil
+	i--
+	dAtA[i] = 0x3a
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_NodeID) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x42
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_NodeID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.NodeID)
+	copy(dAtA[i:], m.NodeID)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.NodeID)))
-	i += copy(dAtA[i:], m.NodeID)
-	return i, nil
+	i--
+	dAtA[i] = 0x42
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_Slot) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_Slot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.Slot != nil {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Slot.Size()))
-		n14, err := m.Slot.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Slot.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n14
+		i--
+		dAtA[i] = 0x4a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_DesiredState) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x50
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_DesiredState) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	i = encodeVarintWatch(dAtA, i, uint64(m.DesiredState))
-	return i, nil
+	i--
+	dAtA[i] = 0x50
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_Role) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x58
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_Role) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	i = encodeVarintWatch(dAtA, i, uint64(m.Role))
-	return i, nil
+	i--
+	dAtA[i] = 0x58
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_Membership) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x60
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_Membership) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	i = encodeVarintWatch(dAtA, i, uint64(m.Membership))
-	return i, nil
+	i--
+	dAtA[i] = 0x60
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_ReferencedNetworkID) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x6a
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_ReferencedNetworkID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.ReferencedNetworkID)
+	copy(dAtA[i:], m.ReferencedNetworkID)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.ReferencedNetworkID)))
-	i += copy(dAtA[i:], m.ReferencedNetworkID)
-	return i, nil
+	i--
+	dAtA[i] = 0x6a
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_ReferencedSecretID) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x72
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_ReferencedSecretID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.ReferencedSecretID)
+	copy(dAtA[i:], m.ReferencedSecretID)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.ReferencedSecretID)))
-	i += copy(dAtA[i:], m.ReferencedSecretID)
-	return i, nil
+	i--
+	dAtA[i] = 0x72
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_Kind) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x7a
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_Kind) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.Kind)
+	copy(dAtA[i:], m.Kind)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.Kind)))
-	i += copy(dAtA[i:], m.Kind)
-	return i, nil
+	i--
+	dAtA[i] = 0x7a
+	return len(dAtA) - i, nil
 }
 func (m *SelectBy_ReferencedConfigID) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x82
-	i++
-	dAtA[i] = 0x1
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectBy_ReferencedConfigID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.ReferencedConfigID)
+	copy(dAtA[i:], m.ReferencedConfigID)
 	i = encodeVarintWatch(dAtA, i, uint64(len(m.ReferencedConfigID)))
-	i += copy(dAtA[i:], m.ReferencedConfigID)
-	return i, nil
+	i--
+	dAtA[i] = 0x1
+	i--
+	dAtA[i] = 0x82
+	return len(dAtA) - i, nil
 }
 func (m *WatchRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1840,49 +1895,58 @@ func (m *WatchRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WatchRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WatchRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Entries) > 0 {
-		for _, msg := range m.Entries {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintWatch(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.IncludeOldObject {
+		i--
+		if m.IncludeOldObject {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.ResumeFrom != nil {
+		{
+			size, err := m.ResumeFrom.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-	}
-	if m.ResumeFrom != nil {
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.ResumeFrom.Size()))
-		n15, err := m.ResumeFrom.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n15
 	}
-	if m.IncludeOldObject {
-		dAtA[i] = 0x18
-		i++
-		if m.IncludeOldObject {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
+	if len(m.Entries) > 0 {
+		for iNdEx := len(m.Entries) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Entries[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintWatch(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
 		}
-		i++
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WatchRequest_WatchEntry) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1890,40 +1954,48 @@ func (m *WatchRequest_WatchEntry) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WatchRequest_WatchEntry) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WatchRequest_WatchEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Kind) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(len(m.Kind)))
-		i += copy(dAtA[i:], m.Kind)
+	if len(m.Filters) > 0 {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Filters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintWatch(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
 	}
 	if m.Action != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintWatch(dAtA, i, uint64(m.Action))
+		i--
+		dAtA[i] = 0x10
 	}
-	if len(m.Filters) > 0 {
-		for _, msg := range m.Filters {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintWatch(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	if len(m.Kind) > 0 {
+		i -= len(m.Kind)
+		copy(dAtA[i:], m.Kind)
+		i = encodeVarintWatch(dAtA, i, uint64(len(m.Kind)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WatchMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1931,39 +2003,48 @@ func (m *WatchMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WatchMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WatchMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Events) > 0 {
-		for _, msg := range m.Events {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintWatch(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
+	if m.Version != nil {
+		{
+			size, err := m.Version.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
-			i += n
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-	}
-	if m.Version != nil {
+		i--
 		dAtA[i] = 0x12
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Version.Size()))
-		n16, err := m.Version.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+	}
+	if len(m.Events) > 0 {
+		for iNdEx := len(m.Events) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Events[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintWatch(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
 		}
-		i += n16
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *WatchMessage_Event) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1971,46 +2052,57 @@ func (m *WatchMessage_Event) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WatchMessage_Event) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WatchMessage_Event) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Action != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Action))
+	if m.OldObject != nil {
+		{
+			size, err := m.OldObject.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
 	if m.Object != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.Object.Size()))
-		n17, err := m.Object.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Object.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWatch(dAtA, i, uint64(size))
 		}
-		i += n17
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.OldObject != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintWatch(dAtA, i, uint64(m.OldObject.Size()))
-		n18, err := m.OldObject.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n18
+	if m.Action != 0 {
+		i = encodeVarintWatch(dAtA, i, uint64(m.Action))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintWatch(dAtA []byte, offset int, v uint64) int {
+	offset -= sovWatch(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 
 type raftProxyWatchServer struct {
@@ -2137,6 +2229,9 @@ func (p *raftProxyWatchServer) Watch(r *WatchRequest, stream Watch_WatchServer)
 }
 
 func (m *Object) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Object != nil {
@@ -2146,6 +2241,9 @@ func (m *Object) Size() (n int) {
 }
 
 func (m *Object_Node) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Node != nil {
@@ -2155,6 +2253,9 @@ func (m *Object_Node) Size() (n int) {
 	return n
 }
 func (m *Object_Service) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Service != nil {
@@ -2164,6 +2265,9 @@ func (m *Object_Service) Size() (n int) {
 	return n
 }
 func (m *Object_Network) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Network != nil {
@@ -2173,6 +2277,9 @@ func (m *Object_Network) Size() (n int) {
 	return n
 }
 func (m *Object_Task) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Task != nil {
@@ -2182,6 +2289,9 @@ func (m *Object_Task) Size() (n int) {
 	return n
 }
 func (m *Object_Cluster) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Cluster != nil {
@@ -2191,6 +2301,9 @@ func (m *Object_Cluster) Size() (n int) {
 	return n
 }
 func (m *Object_Secret) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Secret != nil {
@@ -2200,6 +2313,9 @@ func (m *Object_Secret) Size() (n int) {
 	return n
 }
 func (m *Object_Resource) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Resource != nil {
@@ -2209,6 +2325,9 @@ func (m *Object_Resource) Size() (n int) {
 	return n
 }
 func (m *Object_Extension) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Extension != nil {
@@ -2218,6 +2337,9 @@ func (m *Object_Extension) Size() (n int) {
 	return n
 }
 func (m *Object_Config) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Config != nil {
@@ -2227,6 +2349,9 @@ func (m *Object_Config) Size() (n int) {
 	return n
 }
 func (m *SelectBySlot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ServiceID)
@@ -2240,6 +2365,9 @@ func (m *SelectBySlot) Size() (n int) {
 }
 
 func (m *SelectByCustom) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Kind)
@@ -2258,6 +2386,9 @@ func (m *SelectByCustom) Size() (n int) {
 }
 
 func (m *SelectBy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.By != nil {
@@ -2267,6 +2398,9 @@ func (m *SelectBy) Size() (n int) {
 }
 
 func (m *SelectBy_ID) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -2274,6 +2408,9 @@ func (m *SelectBy_ID) Size() (n int) {
 	return n
 }
 func (m *SelectBy_IDPrefix) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.IDPrefix)
@@ -2281,6 +2418,9 @@ func (m *SelectBy_IDPrefix) Size() (n int) {
 	return n
 }
 func (m *SelectBy_Name) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -2288,6 +2428,9 @@ func (m *SelectBy_Name) Size() (n int) {
 	return n
 }
 func (m *SelectBy_NamePrefix) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.NamePrefix)
@@ -2295,6 +2438,9 @@ func (m *SelectBy_NamePrefix) Size() (n int) {
 	return n
 }
 func (m *SelectBy_Custom) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Custom != nil {
@@ -2304,6 +2450,9 @@ func (m *SelectBy_Custom) Size() (n int) {
 	return n
 }
 func (m *SelectBy_CustomPrefix) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.CustomPrefix != nil {
@@ -2313,6 +2462,9 @@ func (m *SelectBy_CustomPrefix) Size() (n int) {
 	return n
 }
 func (m *SelectBy_ServiceID) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ServiceID)
@@ -2320,6 +2472,9 @@ func (m *SelectBy_ServiceID) Size() (n int) {
 	return n
 }
 func (m *SelectBy_NodeID) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.NodeID)
@@ -2327,6 +2482,9 @@ func (m *SelectBy_NodeID) Size() (n int) {
 	return n
 }
 func (m *SelectBy_Slot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Slot != nil {
@@ -2336,24 +2494,36 @@ func (m *SelectBy_Slot) Size() (n int) {
 	return n
 }
 func (m *SelectBy_DesiredState) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovWatch(uint64(m.DesiredState))
 	return n
 }
 func (m *SelectBy_Role) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovWatch(uint64(m.Role))
 	return n
 }
 func (m *SelectBy_Membership) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovWatch(uint64(m.Membership))
 	return n
 }
 func (m *SelectBy_ReferencedNetworkID) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ReferencedNetworkID)
@@ -2361,6 +2531,9 @@ func (m *SelectBy_ReferencedNetworkID) Size() (n int) {
 	return n
 }
 func (m *SelectBy_ReferencedSecretID) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ReferencedSecretID)
@@ -2368,6 +2541,9 @@ func (m *SelectBy_ReferencedSecretID) Size() (n int) {
 	return n
 }
 func (m *SelectBy_Kind) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Kind)
@@ -2375,6 +2551,9 @@ func (m *SelectBy_Kind) Size() (n int) {
 	return n
 }
 func (m *SelectBy_ReferencedConfigID) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ReferencedConfigID)
@@ -2382,6 +2561,9 @@ func (m *SelectBy_ReferencedConfigID) Size() (n int) {
 	return n
 }
 func (m *WatchRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Entries) > 0 {
@@ -2401,6 +2583,9 @@ func (m *WatchRequest) Size() (n int) {
 }
 
 func (m *WatchRequest_WatchEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Kind)
@@ -2420,6 +2605,9 @@ func (m *WatchRequest_WatchEntry) Size() (n int) {
 }
 
 func (m *WatchMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Events) > 0 {
@@ -2436,6 +2624,9 @@ func (m *WatchMessage) Size() (n int) {
 }
 
 func (m *WatchMessage_Event) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Action != 0 {
@@ -2453,14 +2644,7 @@ func (m *WatchMessage_Event) Size() (n int) {
 }
 
 func sovWatch(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozWatch(x uint64) (n int) {
 	return sovWatch(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -2762,8 +2946,13 @@ func (this *WatchRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForEntries := "[]*WatchRequest_WatchEntry{"
+	for _, f := range this.Entries {
+		repeatedStringForEntries += strings.Replace(fmt.Sprintf("%v", f), "WatchRequest_WatchEntry", "WatchRequest_WatchEntry", 1) + ","
+	}
+	repeatedStringForEntries += "}"
 	s := strings.Join([]string{`&WatchRequest{`,
-		`Entries:` + strings.Replace(fmt.Sprintf("%v", this.Entries), "WatchRequest_WatchEntry", "WatchRequest_WatchEntry", 1) + `,`,
+		`Entries:` + repeatedStringForEntries + `,`,
 		`ResumeFrom:` + strings.Replace(fmt.Sprintf("%v", this.ResumeFrom), "Version", "Version", 1) + `,`,
 		`IncludeOldObject:` + fmt.Sprintf("%v", this.IncludeOldObject) + `,`,
 		`}`,
@@ -2774,10 +2963,15 @@ func (this *WatchRequest_WatchEntry) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForFilters := "[]*SelectBy{"
+	for _, f := range this.Filters {
+		repeatedStringForFilters += strings.Replace(f.String(), "SelectBy", "SelectBy", 1) + ","
+	}
+	repeatedStringForFilters += "}"
 	s := strings.Join([]string{`&WatchRequest_WatchEntry{`,
 		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
 		`Action:` + fmt.Sprintf("%v", this.Action) + `,`,
-		`Filters:` + strings.Replace(fmt.Sprintf("%v", this.Filters), "SelectBy", "SelectBy", 1) + `,`,
+		`Filters:` + repeatedStringForFilters + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2786,8 +2980,13 @@ func (this *WatchMessage) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForEvents := "[]*WatchMessage_Event{"
+	for _, f := range this.Events {
+		repeatedStringForEvents += strings.Replace(fmt.Sprintf("%v", f), "WatchMessage_Event", "WatchMessage_Event", 1) + ","
+	}
+	repeatedStringForEvents += "}"
 	s := strings.Join([]string{`&WatchMessage{`,
-		`Events:` + strings.Replace(fmt.Sprintf("%v", this.Events), "WatchMessage_Event", "WatchMessage_Event", 1) + `,`,
+		`Events:` + repeatedStringForEvents + `,`,
 		`Version:` + strings.Replace(fmt.Sprintf("%v", this.Version), "Version", "Version", 1) + `,`,
 		`}`,
 	}, "")
@@ -2799,8 +2998,8 @@ func (this *WatchMessage_Event) String() string {
 	}
 	s := strings.Join([]string{`&WatchMessage_Event{`,
 		`Action:` + fmt.Sprintf("%v", this.Action) + `,`,
-		`Object:` + strings.Replace(fmt.Sprintf("%v", this.Object), "Object", "Object", 1) + `,`,
-		`OldObject:` + strings.Replace(fmt.Sprintf("%v", this.OldObject), "Object", "Object", 1) + `,`,
+		`Object:` + strings.Replace(this.Object.String(), "Object", "Object", 1) + `,`,
+		`OldObject:` + strings.Replace(this.OldObject.String(), "Object", "Object", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2828,7 +3027,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2856,7 +3055,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2865,6 +3064,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2888,7 +3090,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2897,6 +3099,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2920,7 +3125,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2929,6 +3134,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2952,7 +3160,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2961,6 +3169,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2984,7 +3195,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2993,6 +3204,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3016,7 +3230,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3025,6 +3239,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3048,7 +3265,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3057,6 +3274,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3080,7 +3300,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3089,6 +3309,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3112,7 +3335,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3121,6 +3344,9 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3136,7 +3362,7 @@ func (m *Object) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWatch
 			}
 			if (iNdEx + skippy) > l {
@@ -3166,7 +3392,7 @@ func (m *SelectBySlot) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3194,7 +3420,7 @@ func (m *SelectBySlot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3204,6 +3430,9 @@ func (m *SelectBySlot) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3223,7 +3452,7 @@ func (m *SelectBySlot) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Slot |= (uint64(b) & 0x7F) << shift
+				m.Slot |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3234,7 +3463,7 @@ func (m *SelectBySlot) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWatch
 			}
 			if (iNdEx + skippy) > l {
@@ -3264,7 +3493,7 @@ func (m *SelectByCustom) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3292,7 +3521,7 @@ func (m *SelectByCustom) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3302,6 +3531,9 @@ func (m *SelectByCustom) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3321,7 +3553,7 @@ func (m *SelectByCustom) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3331,6 +3563,9 @@ func (m *SelectByCustom) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3350,7 +3585,7 @@ func (m *SelectByCustom) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3360,6 +3595,9 @@ func (m *SelectByCustom) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3371,7 +3609,7 @@ func (m *SelectByCustom) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWatch
 			}
 			if (iNdEx + skippy) > l {
@@ -3401,7 +3639,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3429,7 +3667,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3439,6 +3677,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3458,7 +3699,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3468,6 +3709,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3487,7 +3731,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3497,6 +3741,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3516,7 +3763,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3526,6 +3773,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3545,7 +3795,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3554,6 +3804,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3577,7 +3830,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3586,6 +3839,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3609,7 +3865,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3619,6 +3875,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3638,7 +3897,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3648,6 +3907,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3667,7 +3929,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3676,6 +3938,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3699,7 +3964,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (TaskState(b) & 0x7F) << shift
+				v |= TaskState(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3719,7 +3984,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (NodeRole(b) & 0x7F) << shift
+				v |= NodeRole(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3739,7 +4004,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (NodeSpec_Membership(b) & 0x7F) << shift
+				v |= NodeSpec_Membership(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3759,7 +4024,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3769,6 +4034,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3788,7 +4056,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3798,6 +4066,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3817,7 +4088,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3827,6 +4098,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3846,7 +4120,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3856,6 +4130,9 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3867,7 +4144,7 @@ func (m *SelectBy) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWatch
 			}
 			if (iNdEx + skippy) > l {
@@ -3897,7 +4174,7 @@ func (m *WatchRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3925,7 +4202,7 @@ func (m *WatchRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3934,6 +4211,9 @@ func (m *WatchRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3956,7 +4236,7 @@ func (m *WatchRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3965,6 +4245,9 @@ func (m *WatchRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3989,7 +4272,7 @@ func (m *WatchRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4001,7 +4284,7 @@ func (m *WatchRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWatch
 			}
 			if (iNdEx + skippy) > l {
@@ -4031,7 +4314,7 @@ func (m *WatchRequest_WatchEntry) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4059,7 +4342,7 @@ func (m *WatchRequest_WatchEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4069,6 +4352,9 @@ func (m *WatchRequest_WatchEntry) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4088,7 +4374,7 @@ func (m *WatchRequest_WatchEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Action |= (WatchActionKind(b) & 0x7F) << shift
+				m.Action |= WatchActionKind(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4107,7 +4393,7 @@ func (m *WatchRequest_WatchEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4116,6 +4402,9 @@ func (m *WatchRequest_WatchEntry) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4130,7 +4419,7 @@ func (m *WatchRequest_WatchEntry) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWatch
 			}
 			if (iNdEx + skippy) > l {
@@ -4160,7 +4449,7 @@ func (m *WatchMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4188,7 +4477,7 @@ func (m *WatchMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4197,6 +4486,9 @@ func (m *WatchMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4219,7 +4511,7 @@ func (m *WatchMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4228,6 +4520,9 @@ func (m *WatchMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4244,7 +4539,7 @@ func (m *WatchMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWatch
 			}
 			if (iNdEx + skippy) > l {
@@ -4274,7 +4569,7 @@ func (m *WatchMessage_Event) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4302,7 +4597,7 @@ func (m *WatchMessage_Event) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Action |= (WatchActionKind(b) & 0x7F) << shift
+				m.Action |= WatchActionKind(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4321,7 +4616,7 @@ func (m *WatchMessage_Event) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4330,6 +4625,9 @@ func (m *WatchMessage_Event) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4354,7 +4652,7 @@ func (m *WatchMessage_Event) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4363,6 +4661,9 @@ func (m *WatchMessage_Event) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWatch
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWatch
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4379,7 +4680,7 @@ func (m *WatchMessage_Event) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWatch
 			}
 			if (iNdEx + skippy) > l {
@@ -4397,6 +4698,7 @@ func (m *WatchMessage_Event) Unmarshal(dAtA []byte) error {
 func skipWatch(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -4428,10 +4730,8 @@ func skipWatch(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -4448,134 +4748,34 @@ func skipWatch(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthWatch
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowWatch
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipWatch(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupWatch
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthWatch
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthWatch = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowWatch   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthWatch        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowWatch          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupWatch = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("github.com/docker/swarmkit/api/watch.proto", fileDescriptorWatch) }
-
-var fileDescriptorWatch = []byte{
-	// 1186 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x96, 0xbd, 0x73, 0x1b, 0xc5,
-	0x1b, 0xc7, 0x75, 0x8a, 0x7c, 0x92, 0x1e, 0xdb, 0x89, 0x67, 0xe3, 0x24, 0xf7, 0xd3, 0x2f, 0xc8,
-	0x42, 0x0c, 0x90, 0x49, 0x82, 0x0c, 0x26, 0x24, 0x03, 0x04, 0x66, 0x2c, 0x59, 0x8c, 0x44, 0xc6,
-	0x2f, 0xb3, 0xb6, 0x93, 0x52, 0x73, 0xbe, 0x7b, 0xac, 0x1c, 0xba, 0xbb, 0x15, 0x7b, 0x27, 0x39,
-	0xee, 0x28, 0x28, 0x98, 0xf4, 0xcc, 0xd0, 0xa4, 0x82, 0x9a, 0x86, 0x0e, 0xfe, 0x81, 0x0c, 0x15,
-	0x25, 0x34, 0x1a, 0xa2, 0x92, 0x82, 0xbf, 0x80, 0x82, 0xd9, 0x97, 0xf3, 0x8b, 0x72, 0xb2, 0x49,
-	0xa5, 0xbd, 0xbd, 0xcf, 0xf7, 0xd9, 0x67, 0x9f, 0xb7, 0x13, 0xdc, 0xec, 0x7a, 0xf1, 0xe3, 0xc1,
-	0x5e, 0xcd, 0x61, 0xc1, 0xb2, 0xcb, 0x9c, 0x1e, 0xf2, 0xe5, 0xe8, 0xc0, 0xe6, 0x41, 0xcf, 0x8b,
-	0x97, 0xed, 0xbe, 0xb7, 0x7c, 0x60, 0xc7, 0xce, 0xe3, 0x5a, 0x9f, 0xb3, 0x98, 0x11, 0xa2, 0x80,
-	0x5a, 0x02, 0xd4, 0x86, 0xef, 0x95, 0xce, 0xd3, 0x47, 0x7d, 0x74, 0x22, 0xa5, 0x2f, 0xdd, 0x3e,
-	0x87, 0x65, 0x7b, 0x5f, 0xa0, 0x13, 0x27, 0xf4, 0x79, 0x96, 0xe3, 0xc3, 0x3e, 0x26, 0xec, 0x62,
-	0x97, 0x75, 0x99, 0x5c, 0x2e, 0x8b, 0x95, 0xde, 0xbd, 0x77, 0x86, 0x05, 0x49, 0xec, 0x0d, 0xf6,
-	0x97, 0xfb, 0xfe, 0xa0, 0xeb, 0x85, 0xfa, 0x47, 0x09, 0xab, 0x5f, 0xe7, 0xc0, 0xdc, 0x94, 0xce,
-	0x90, 0x1a, 0xe4, 0x42, 0xe6, 0xa2, 0x65, 0x54, 0x8c, 0x1b, 0xb3, 0x2b, 0x56, 0xed, 0xe5, 0x10,
-	0xd4, 0x36, 0x98, 0x8b, 0xad, 0x0c, 0x95, 0x1c, 0xb9, 0x07, 0xf9, 0x08, 0xf9, 0xd0, 0x73, 0xd0,
-	0xca, 0x4a, 0xc9, 0xff, 0xd3, 0x24, 0xdb, 0x0a, 0x69, 0x65, 0x68, 0x42, 0x0b, 0x61, 0x88, 0xf1,
-	0x01, 0xe3, 0x3d, 0xeb, 0xc2, 0x74, 0xe1, 0x86, 0x42, 0x84, 0x50, 0xd3, 0xc2, 0xc3, 0xd8, 0x8e,
-	0x7a, 0x56, 0x6e, 0xba, 0x87, 0x3b, 0x76, 0x24, 0x24, 0x92, 0x13, 0x07, 0x39, 0xfe, 0x20, 0x8a,
-	0x91, 0x5b, 0x33, 0xd3, 0x0f, 0x6a, 0x28, 0x44, 0x1c, 0xa4, 0x69, 0x72, 0x07, 0xcc, 0x08, 0x1d,
-	0x8e, 0xb1, 0x65, 0x4a, 0x5d, 0x29, 0xfd, 0x66, 0x82, 0x68, 0x65, 0xa8, 0x66, 0xc9, 0x47, 0x50,
-	0xe0, 0x18, 0xb1, 0x01, 0x77, 0xd0, 0xca, 0x4b, 0xdd, 0xf5, 0x34, 0x1d, 0xd5, 0x4c, 0x2b, 0x43,
-	0x8f, 0x78, 0xf2, 0x09, 0x14, 0xf1, 0x49, 0x8c, 0x61, 0xe4, 0xb1, 0xd0, 0x2a, 0x48, 0xf1, 0x6b,
-	0x69, 0xe2, 0x66, 0x02, 0xb5, 0x32, 0xf4, 0x58, 0x21, 0x1c, 0x76, 0x58, 0xb8, 0xef, 0x75, 0xad,
-	0xe2, 0x74, 0x87, 0x1b, 0x92, 0x10, 0x0e, 0x2b, 0xb6, 0x5e, 0x48, 0x72, 0x5f, 0xdd, 0x82, 0xb9,
-	0x6d, 0xf4, 0xd1, 0x89, 0xeb, 0x87, 0xdb, 0x3e, 0x8b, 0xc9, 0x6d, 0x00, 0x9d, 0xad, 0x8e, 0xe7,
-	0xca, 0x8a, 0x28, 0xd6, 0xe7, 0xc7, 0xa3, 0xa5, 0xa2, 0x4e, 0x67, 0x7b, 0x8d, 0x16, 0x35, 0xd0,
-	0x76, 0x09, 0x81, 0x5c, 0xe4, 0xb3, 0x58, 0x96, 0x41, 0x8e, 0xca, 0x75, 0x75, 0x0b, 0x2e, 0x26,
-	0x16, 0x1b, 0x83, 0x28, 0x66, 0x81, 0xa0, 0x7a, 0x5e, 0xa8, 0xad, 0x51, 0xb9, 0x26, 0x8b, 0x30,
-	0xe3, 0x85, 0x2e, 0x3e, 0x91, 0xd2, 0x22, 0x55, 0x0f, 0x62, 0x77, 0x68, 0xfb, 0x03, 0x94, 0xe5,
-	0x51, 0xa4, 0xea, 0xa1, 0xfa, 0x97, 0x09, 0x85, 0xc4, 0x24, 0xb1, 0x20, 0x7b, 0xe4, 0x98, 0x39,
-	0x1e, 0x2d, 0x65, 0xdb, 0x6b, 0xad, 0x0c, 0xcd, 0x7a, 0x2e, 0xb9, 0x05, 0x45, 0xcf, 0xed, 0xf4,
-	0x39, 0xee, 0x7b, 0xda, 0x6c, 0x7d, 0x6e, 0x3c, 0x5a, 0x2a, 0xb4, 0xd7, 0xb6, 0xe4, 0x9e, 0x08,
-	0xbb, 0xe7, 0xaa, 0x35, 0x59, 0x84, 0x5c, 0x68, 0x07, 0xfa, 0x20, 0x59, 0xd9, 0x76, 0x80, 0xe4,
-	0x75, 0x98, 0x15, 0xbf, 0x89, 0x91, 0x9c, 0x7e, 0x09, 0x62, 0x53, 0x0b, 0xef, 0x83, 0xe9, 0xc8,
-	0x6b, 0xe9, 0xca, 0xaa, 0xa6, 0x57, 0xc8, 0xc9, 0x00, 0xc8, 0xc0, 0xab, 0x50, 0xb4, 0x61, 0x5e,
-	0xad, 0x92, 0x23, 0xcc, 0x57, 0x30, 0x32, 0xa7, 0xa4, 0xda, 0x91, 0xda, 0xa9, 0x4c, 0xe5, 0x53,
-	0x32, 0x25, 0x2a, 0xe5, 0x38, 0x57, 0x6f, 0x42, 0x5e, 0x74, 0xaf, 0x80, 0x0b, 0x12, 0x86, 0xf1,
-	0x68, 0xc9, 0x14, 0x8d, 0x2d, 0x49, 0x53, 0xbc, 0x6c, 0xbb, 0xe4, 0xae, 0x4e, 0xa9, 0x2a, 0xa7,
-	0xca, 0x59, 0x8e, 0x89, 0x82, 0x11, 0xa1, 0x13, 0x3c, 0x59, 0x83, 0x79, 0x17, 0x23, 0x8f, 0xa3,
-	0xdb, 0x89, 0x62, 0x3b, 0x46, 0x0b, 0x2a, 0xc6, 0x8d, 0x8b, 0xe9, 0xb5, 0x2c, 0x7a, 0x75, 0x5b,
-	0x40, 0xe2, 0x52, 0x5a, 0x25, 0x9f, 0xc9, 0x0a, 0xe4, 0x38, 0xf3, 0xd1, 0x9a, 0x95, 0xe2, 0xeb,
-	0xd3, 0x46, 0x11, 0x65, 0xbe, 0x1c, 0x47, 0x82, 0x25, 0x6d, 0x80, 0x00, 0x83, 0x3d, 0xe4, 0xd1,
-	0x63, 0xaf, 0x6f, 0xcd, 0x49, 0xe5, 0xdb, 0xd3, 0x94, 0xdb, 0x7d, 0x74, 0x6a, 0xeb, 0x47, 0xb8,
-	0x48, 0xee, 0xb1, 0x98, 0xac, 0xc3, 0x15, 0x8e, 0xfb, 0xc8, 0x31, 0x74, 0xd0, 0xed, 0xe8, 0xe9,
-	0x23, 0x22, 0x36, 0x2f, 0x23, 0x76, 0x6d, 0x3c, 0x5a, 0xba, 0x4c, 0x8f, 0x00, 0x3d, 0xa8, 0x64,
-	0xf8, 0x2e, 0xf3, 0x97, 0xb6, 0x5d, 0xf2, 0x39, 0x2c, 0x9e, 0x30, 0xa7, 0x86, 0x85, 0xb0, 0x76,
-	0x51, 0x5a, 0xbb, 0x3a, 0x1e, 0x2d, 0x91, 0x63, 0x6b, 0x6a, 0xaa, 0x48, 0x63, 0x84, 0x4f, 0xee,
-	0x8a, 0x86, 0x51, 0x4d, 0x74, 0x29, 0x29, 0x58, 0xd9, 0x46, 0xa7, 0x4f, 0x50, 0xdd, 0x2d, 0x4e,
-	0x58, 0x48, 0x3b, 0x41, 0x8d, 0x81, 0xc9, 0x13, 0xf4, 0xae, 0x5b, 0xcf, 0x41, 0xb6, 0x7e, 0x58,
-	0xfd, 0x23, 0x0b, 0x73, 0x8f, 0xc4, 0x07, 0x91, 0xe2, 0x97, 0x03, 0x8c, 0x62, 0xd2, 0x84, 0x3c,
-	0x86, 0x31, 0xf7, 0x30, 0xb2, 0x8c, 0xca, 0x85, 0x1b, 0xb3, 0x2b, 0xb7, 0xd2, 0x62, 0x7b, 0x52,
-	0xa2, 0x1e, 0x9a, 0x61, 0xcc, 0x0f, 0x69, 0xa2, 0x25, 0xf7, 0x61, 0x96, 0x63, 0x34, 0x08, 0xb0,
-	0xb3, 0xcf, 0x59, 0x70, 0xd6, 0x87, 0xe3, 0x21, 0x72, 0x31, 0xda, 0x28, 0x28, 0xfe, 0x33, 0xce,
-	0x02, 0x72, 0x1b, 0x88, 0x17, 0x3a, 0xfe, 0xc0, 0xc5, 0x0e, 0xf3, 0xdd, 0x8e, 0xfa, 0x8a, 0xca,
-	0xe6, 0x2d, 0xd0, 0x05, 0xfd, 0x66, 0xd3, 0x77, 0xd5, 0x50, 0x2b, 0x7d, 0x6b, 0x00, 0x1c, 0xfb,
-	0x90, 0x3a, 0x7f, 0x3e, 0x06, 0xd3, 0x76, 0x62, 0x31, 0x73, 0xb3, 0xb2, 0x60, 0xde, 0x98, 0x7a,
-	0xa9, 0x55, 0x89, 0x3d, 0xf0, 0x42, 0x97, 0x6a, 0x09, 0xb9, 0x0b, 0xf9, 0x7d, 0xcf, 0x8f, 0x91,
-	0x47, 0xd6, 0x05, 0x19, 0x92, 0xeb, 0x67, 0xb5, 0x09, 0x4d, 0xe0, 0xea, 0x2f, 0x49, 0x6c, 0xd7,
-	0x31, 0x8a, 0xec, 0x2e, 0x92, 0x4f, 0xc1, 0xc4, 0x21, 0x86, 0x71, 0x12, 0xda, 0xb7, 0xa6, 0x7a,
-	0xa1, 0x15, 0xb5, 0xa6, 0xc0, 0xa9, 0x56, 0x91, 0x0f, 0x20, 0x3f, 0x54, 0xd1, 0xfa, 0x2f, 0x01,
-	0x4d, 0xd8, 0xd2, 0x4f, 0x06, 0xcc, 0x48, 0x43, 0x27, 0xc2, 0x60, 0xbc, 0x7a, 0x18, 0x56, 0xc0,
-	0xd4, 0x89, 0xc8, 0x4e, 0xff, 0xf6, 0xa8, 0x94, 0x50, 0x4d, 0x92, 0x0f, 0x01, 0x26, 0x12, 0x78,
-	0xb6, 0xae, 0xc8, 0x92, 0xac, 0xde, 0xfc, 0xc7, 0x80, 0x4b, 0x13, 0xae, 0x90, 0x3b, 0xb0, 0xf8,
-	0x68, 0x75, 0xa7, 0xd1, 0xea, 0xac, 0x36, 0x76, 0xda, 0x9b, 0x1b, 0x9d, 0xdd, 0x8d, 0x07, 0x1b,
-	0x9b, 0x8f, 0x36, 0x16, 0x32, 0xa5, 0xd2, 0xd3, 0x67, 0x95, 0xab, 0x13, 0xf8, 0x6e, 0xd8, 0x0b,
-	0xd9, 0x81, 0x70, 0xfc, 0xf2, 0x29, 0x55, 0x83, 0x36, 0x57, 0x77, 0x9a, 0x0b, 0x46, 0xe9, 0x7f,
-	0x4f, 0x9f, 0x55, 0xae, 0x4c, 0x88, 0x1a, 0x1c, 0xd5, 0x64, 0x3a, 0xad, 0xd9, 0xdd, 0x5a, 0x13,
-	0x9a, 0x6c, 0xaa, 0x66, 0xb7, 0xef, 0xa6, 0x69, 0x68, 0x73, 0x7d, 0xf3, 0x61, 0x73, 0x21, 0x97,
-	0xaa, 0xa1, 0x18, 0xb0, 0x21, 0x96, 0xae, 0x7d, 0xf3, 0x7d, 0x39, 0xf3, 0xf3, 0x0f, 0xe5, 0xc9,
-	0xab, 0xae, 0x04, 0x30, 0x23, 0xb7, 0x88, 0x9b, 0x2c, 0x2a, 0xe7, 0x35, 0x62, 0xa9, 0x72, 0x5e,
-	0x3d, 0x55, 0xaf, 0xfc, 0xfa, 0xe3, 0xdf, 0xdf, 0x65, 0x2f, 0xc1, 0xbc, 0x24, 0xde, 0x09, 0xec,
-	0xd0, 0xee, 0x22, 0x7f, 0xd7, 0xa8, 0x5b, 0xcf, 0x5f, 0x94, 0x33, 0xbf, 0xbf, 0x28, 0x67, 0xbe,
-	0x1a, 0x97, 0x8d, 0xe7, 0xe3, 0xb2, 0xf1, 0xdb, 0xb8, 0x6c, 0xfc, 0x39, 0x2e, 0x1b, 0x7b, 0xa6,
-	0xfc, 0x03, 0xf9, 0xfe, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xe6, 0x76, 0x89, 0xef, 0x57, 0x0b,
-	0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/ca/auth.go b/vendor/github.com/docker/swarmkit/ca/auth.go
index df4547fb13600..e0ff898c19bc8 100644
--- a/vendor/github.com/docker/swarmkit/ca/auth.go
+++ b/vendor/github.com/docker/swarmkit/ca/auth.go
@@ -1,6 +1,7 @@
 package ca
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509/pkix"
 	"strings"
@@ -9,7 +10,6 @@ import (
 
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/peer"
diff --git a/vendor/github.com/docker/swarmkit/ca/certificates.go b/vendor/github.com/docker/swarmkit/ca/certificates.go
index ad2be2c571a24..dd0297ab4f41e 100644
--- a/vendor/github.com/docker/swarmkit/ca/certificates.go
+++ b/vendor/github.com/docker/swarmkit/ca/certificates.go
@@ -2,6 +2,7 @@ package ca
 
 import (
 	"bytes"
+	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -31,7 +32,6 @@ import (
 	"github.com/docker/swarmkit/ioutils"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
diff --git a/vendor/github.com/docker/swarmkit/ca/config.go b/vendor/github.com/docker/swarmkit/ca/config.go
index 4a7230ac2f27f..4befee5bccf3d 100644
--- a/vendor/github.com/docker/swarmkit/ca/config.go
+++ b/vendor/github.com/docker/swarmkit/ca/config.go
@@ -1,6 +1,7 @@
 package ca
 
 import (
+	"context"
 	cryptorand "crypto/rand"
 	"crypto/tls"
 	"crypto/x509"
@@ -23,8 +24,6 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc/credentials"
-
-	"golang.org/x/net/context"
 )
 
 const (
@@ -32,7 +31,6 @@ const (
 	rootCAKeyFilename   = "swarm-root-ca.key"
 	nodeTLSCertFilename = "swarm-node.crt"
 	nodeTLSKeyFilename  = "swarm-node.key"
-	nodeCSRFilename     = "swarm-node.csr"
 
 	// DefaultRootCN represents the root CN that we should create roots CAs with by default
 	DefaultRootCN = "swarm-ca"
@@ -626,10 +624,10 @@ func calculateRandomExpiry(validFrom, validUntil time.Time) time.Duration {
 	if maxValidity-minValidity < 1 {
 		randomExpiry = minValidity
 	} else {
-		randomExpiry = rand.Intn(maxValidity-minValidity) + int(minValidity)
+		randomExpiry = rand.Intn(maxValidity-minValidity) + minValidity
 	}
 
-	expiry := validFrom.Add(time.Duration(randomExpiry) * time.Minute).Sub(time.Now())
+	expiry := time.Until(validFrom.Add(time.Duration(randomExpiry) * time.Minute))
 	if expiry < 0 {
 		return 0
 	}
diff --git a/vendor/github.com/docker/swarmkit/ca/external.go b/vendor/github.com/docker/swarmkit/ca/external.go
index 789361eb61d9c..6b81204595dbf 100644
--- a/vendor/github.com/docker/swarmkit/ca/external.go
+++ b/vendor/github.com/docker/swarmkit/ca/external.go
@@ -2,6 +2,7 @@ package ca
 
 import (
 	"bytes"
+	"context"
 	cryptorand "crypto/rand"
 	"crypto/tls"
 	"crypto/x509"
@@ -21,7 +22,6 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"golang.org/x/net/context/ctxhttp"
 )
 
diff --git a/vendor/github.com/docker/swarmkit/ca/forward.go b/vendor/github.com/docker/swarmkit/ca/forward.go
index a05cf53aaf65b..7ad7c7dd0b788 100644
--- a/vendor/github.com/docker/swarmkit/ca/forward.go
+++ b/vendor/github.com/docker/swarmkit/ca/forward.go
@@ -1,7 +1,8 @@
 package ca
 
 import (
-	"golang.org/x/net/context"
+	"context"
+
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/peer"
 )
diff --git a/vendor/github.com/docker/swarmkit/ca/renewer.go b/vendor/github.com/docker/swarmkit/ca/renewer.go
index 2a2fae7808c39..e5d165f6a8722 100644
--- a/vendor/github.com/docker/swarmkit/ca/renewer.go
+++ b/vendor/github.com/docker/swarmkit/ca/renewer.go
@@ -1,6 +1,7 @@
 package ca
 
 import (
+	"context"
 	"sync"
 	"time"
 
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 )
 
 // RenewTLSExponentialBackoff sets the exponential backoff when trying to renew TLS certificates that have expired
diff --git a/vendor/github.com/docker/swarmkit/ca/server.go b/vendor/github.com/docker/swarmkit/ca/server.go
index a456df7900810..01959972e994b 100644
--- a/vendor/github.com/docker/swarmkit/ca/server.go
+++ b/vendor/github.com/docker/swarmkit/ca/server.go
@@ -2,6 +2,7 @@ package ca
 
 import (
 	"bytes"
+	"context"
 	"crypto/subtle"
 	"crypto/x509"
 	"sync"
@@ -15,7 +16,6 @@ import (
 	gogotypes "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -323,7 +323,7 @@ func (s *Server) IssueNodeCertificate(ctx context.Context, request *api.IssueNod
 					Availability: request.Availability,
 				},
 			}
-
+			node.VXLANUDPPort = clusters[0].VXLANUDPPort
 			return store.CreateNode(tx, node)
 		})
 		if err == nil {
diff --git a/vendor/github.com/docker/swarmkit/ca/transport.go b/vendor/github.com/docker/swarmkit/ca/transport.go
index 35943afbcb8fd..69c4379b36a4e 100644
--- a/vendor/github.com/docker/swarmkit/ca/transport.go
+++ b/vendor/github.com/docker/swarmkit/ca/transport.go
@@ -1,6 +1,7 @@
 package ca
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
@@ -9,7 +10,6 @@ import (
 	"sync"
 
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/credentials"
 )
 
@@ -18,12 +18,6 @@ var (
 	alpnProtoStr = []string{"h2"}
 )
 
-type timeoutError struct{}
-
-func (timeoutError) Error() string   { return "mutablecredentials: Dial timed out" }
-func (timeoutError) Timeout() bool   { return true }
-func (timeoutError) Temporary() bool { return true }
-
 // MutableTLSCreds is the credentials required for authenticating a connection using TLS.
 type MutableTLSCreds struct {
 	// Mutex for the tls config
diff --git a/vendor/github.com/docker/swarmkit/identity/combined_id.go b/vendor/github.com/docker/swarmkit/identity/combined_id.go
new file mode 100644
index 0000000000000..2c4a292761b2b
--- /dev/null
+++ b/vendor/github.com/docker/swarmkit/identity/combined_id.go
@@ -0,0 +1,8 @@
+package identity
+
+import "fmt"
+
+// CombineTwoIDs combines the given IDs into a new ID, e.g. a secret and a task ID.
+func CombineTwoIDs(id1, id2 string) string {
+	return fmt.Sprintf("%s.%s", id1, id2)
+}
diff --git a/vendor/github.com/docker/swarmkit/log/context.go b/vendor/github.com/docker/swarmkit/log/context.go
index ac4f8488069ef..cc1d590f111e4 100644
--- a/vendor/github.com/docker/swarmkit/log/context.go
+++ b/vendor/github.com/docker/swarmkit/log/context.go
@@ -1,10 +1,10 @@
 package log
 
 import (
+	"context"
 	"path"
 
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 )
 
 var (
diff --git a/vendor/github.com/docker/swarmkit/log/grpc.go b/vendor/github.com/docker/swarmkit/log/grpc.go
index 0417c944c550b..bced5cfa1b9f6 100644
--- a/vendor/github.com/docker/swarmkit/log/grpc.go
+++ b/vendor/github.com/docker/swarmkit/log/grpc.go
@@ -1,8 +1,9 @@
 package log
 
 import (
+	"context"
+
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/grpclog"
 )
 
diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/allocator.go b/vendor/github.com/docker/swarmkit/manager/allocator/allocator.go
index e8b7e88c47368..b4cc1c9e86478 100644
--- a/vendor/github.com/docker/swarmkit/manager/allocator/allocator.go
+++ b/vendor/github.com/docker/swarmkit/manager/allocator/allocator.go
@@ -1,6 +1,7 @@
 package allocator
 
 import (
+	"context"
 	"sync"
 
 	"github.com/docker/docker/pkg/plugingetter"
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/swarmkit/manager/allocator/cnmallocator"
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 // Allocator controls how the allocation stage in the manager is handled.
diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_darwin.go b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_darwin.go
index 8cbedbd6b82f8..1767ee0f1c282 100644
--- a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_darwin.go
+++ b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_darwin.go
@@ -1,8 +1,8 @@
 package cnmallocator
 
 import (
-	"github.com/docker/libnetwork/drivers/overlay/ovmanager"
-	"github.com/docker/libnetwork/drivers/remote"
+	"github.com/docker/docker/libnetwork/drivers/overlay/ovmanager"
+	"github.com/docker/docker/libnetwork/drivers/remote"
 	"github.com/docker/swarmkit/manager/allocator/networkallocator"
 )
 
diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_ipam.go b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_ipam.go
index 39bce0615c70e..1b9617d31e08f 100644
--- a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_ipam.go
+++ b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_ipam.go
@@ -4,12 +4,12 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/libnetwork/drvregistry"
-	"github.com/docker/libnetwork/ipamapi"
-	builtinIpam "github.com/docker/libnetwork/ipams/builtin"
-	nullIpam "github.com/docker/libnetwork/ipams/null"
-	remoteIpam "github.com/docker/libnetwork/ipams/remote"
-	"github.com/docker/libnetwork/ipamutils"
+	"github.com/docker/docker/libnetwork/drvregistry"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	builtinIpam "github.com/docker/docker/libnetwork/ipams/builtin"
+	nullIpam "github.com/docker/docker/libnetwork/ipams/null"
+	remoteIpam "github.com/docker/docker/libnetwork/ipams/remote"
+	"github.com/docker/docker/libnetwork/ipamutils"
 	"github.com/sirupsen/logrus"
 )
 
@@ -31,6 +31,7 @@ func initIPAMDrivers(r *drvregistry.DrvRegistry, netConfig *NetworkConfig) error
 		}
 		str.WriteString(": Size ")
 		str.WriteString(strconv.Itoa(int(netConfig.SubnetSize)))
+
 	}
 	if err := ipamutils.ConfigGlobalScopeDefaultNetworks(addressPool); err != nil {
 		return err
diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_linux.go b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_linux.go
index 5d6a0e74bf3b3..9d3b0e51cbdd2 100644
--- a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_linux.go
+++ b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_linux.go
@@ -1,12 +1,12 @@
 package cnmallocator
 
 import (
-	"github.com/docker/libnetwork/drivers/bridge/brmanager"
-	"github.com/docker/libnetwork/drivers/host"
-	"github.com/docker/libnetwork/drivers/ipvlan/ivmanager"
-	"github.com/docker/libnetwork/drivers/macvlan/mvmanager"
-	"github.com/docker/libnetwork/drivers/overlay/ovmanager"
-	"github.com/docker/libnetwork/drivers/remote"
+	"github.com/docker/docker/libnetwork/drivers/bridge/brmanager"
+	"github.com/docker/docker/libnetwork/drivers/host"
+	"github.com/docker/docker/libnetwork/drivers/ipvlan/ivmanager"
+	"github.com/docker/docker/libnetwork/drivers/macvlan/mvmanager"
+	"github.com/docker/docker/libnetwork/drivers/overlay/ovmanager"
+	"github.com/docker/docker/libnetwork/drivers/remote"
 	"github.com/docker/swarmkit/manager/allocator/networkallocator"
 )
 
diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_windows.go b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_windows.go
index 8cbedbd6b82f8..1767ee0f1c282 100644
--- a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_windows.go
+++ b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_windows.go
@@ -1,8 +1,8 @@
 package cnmallocator
 
 import (
-	"github.com/docker/libnetwork/drivers/overlay/ovmanager"
-	"github.com/docker/libnetwork/drivers/remote"
+	"github.com/docker/docker/libnetwork/drivers/overlay/ovmanager"
+	"github.com/docker/docker/libnetwork/drivers/remote"
 	"github.com/docker/swarmkit/manager/allocator/networkallocator"
 )
 
diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/networkallocator.go b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/networkallocator.go
index 7a786406e1494..a21ba1cfa636b 100644
--- a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/networkallocator.go
+++ b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/networkallocator.go
@@ -1,22 +1,22 @@
 package cnmallocator
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"strings"
 
+	"github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/drvregistry"
+	"github.com/docker/docker/libnetwork/ipamapi"
+	"github.com/docker/docker/libnetwork/netlabel"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/libnetwork/datastore"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/drvregistry"
-	"github.com/docker/libnetwork/ipamapi"
-	"github.com/docker/libnetwork/netlabel"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/allocator/networkallocator"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 )
 
 const (
@@ -94,6 +94,9 @@ type NetworkConfig struct {
 	// SubnetSize specifies the subnet size of the networks created from
 	// the default subnet pool
 	SubnetSize uint32
+
+	// VXLANUDPPort specifies the UDP port number for VXLAN traffic
+	VXLANUDPPort uint32
 }
 
 // New returns a new NetworkAllocator handle
@@ -482,7 +485,7 @@ func (na *cnmNetworkAllocator) IsAttachmentAllocated(node *api.Node, networkAtta
 		return false
 	}
 
-	if networkAttachment == nil {
+	if networkAttachment == nil || networkAttachment.Network == nil {
 		return false
 	}
 
@@ -815,8 +818,7 @@ func (na *cnmNetworkAllocator) resolveDriver(n *api.Network) (*networkDriver, er
 
 	d, drvcap := na.drvRegistry.Driver(dName)
 	if d == nil {
-		var err error
-		err = na.loadDriver(dName)
+		err := na.loadDriver(dName)
 		if err != nil {
 			return nil, err
 		}
diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/portallocator.go b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/portallocator.go
index 113f9002422cc..f5e4b60bd1630 100644
--- a/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/portallocator.go
+++ b/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/portallocator.go
@@ -3,7 +3,7 @@ package cnmallocator
 import (
 	"fmt"
 
-	"github.com/docker/libnetwork/idm"
+	"github.com/docker/docker/libnetwork/idm"
 	"github.com/docker/swarmkit/api"
 )
 
@@ -407,12 +407,12 @@ func (ps *portSpace) allocate(p *api.PortConfig) (err error) {
 	}
 	defer func() {
 		if err != nil {
-			ps.dynamicPortSpace.Release(uint64(swarmPort))
+			ps.dynamicPortSpace.Release(swarmPort)
 		}
 	}()
 
 	// Make sure we allocate the same port from the master space.
-	if err = ps.masterPortSpace.GetSpecificID(uint64(swarmPort)); err != nil {
+	if err = ps.masterPortSpace.GetSpecificID(swarmPort); err != nil {
 		return
 	}
 
diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/network.go b/vendor/github.com/docker/swarmkit/manager/allocator/network.go
index e4d5b61827adb..fee3bf1d44b58 100644
--- a/vendor/github.com/docker/swarmkit/manager/allocator/network.go
+++ b/vendor/github.com/docker/swarmkit/manager/allocator/network.go
@@ -1,6 +1,7 @@
 package allocator
 
 import (
+	"context"
 	"fmt"
 	"time"
 
@@ -13,7 +14,6 @@ import (
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/protobuf/ptypes"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 )
 
 const (
@@ -69,10 +69,22 @@ type networkContext struct {
 
 func (a *Allocator) doNetworkInit(ctx context.Context) (err error) {
 	var netConfig *cnmallocator.NetworkConfig
-	if a.networkConfig != nil && a.networkConfig.DefaultAddrPool != nil {
-		netConfig = &cnmallocator.NetworkConfig{
-			DefaultAddrPool: a.networkConfig.DefaultAddrPool,
-			SubnetSize:      a.networkConfig.SubnetSize,
+	// There are two ways user can invoke swarm init
+	// with default address pool & vxlan port  or with only vxlan port
+	// hence we need two different way to construct netconfig
+	if a.networkConfig != nil {
+		if a.networkConfig.DefaultAddrPool != nil {
+			netConfig = &cnmallocator.NetworkConfig{
+				DefaultAddrPool: a.networkConfig.DefaultAddrPool,
+				SubnetSize:      a.networkConfig.SubnetSize,
+				VXLANUDPPort:    a.networkConfig.VXLANUDPPort,
+			}
+		} else if a.networkConfig.VXLANUDPPort != 0 {
+			netConfig = &cnmallocator.NetworkConfig{
+				DefaultAddrPool: nil,
+				SubnetSize:      0,
+				VXLANUDPPort:    a.networkConfig.VXLANUDPPort,
+			}
 		}
 	}
 
@@ -172,7 +184,7 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) {
 		}
 		if IsIngressNetwork(n) && nc.ingressNetwork != nil {
 			log.G(ctx).Errorf("Cannot allocate ingress network %s (%s) because another ingress network is already present: %s (%s)",
-				n.ID, n.Spec.Annotations.Name, nc.ingressNetwork.ID, nc.ingressNetwork.Spec.Annotations)
+				n.ID, n.Spec.Annotations.Name, nc.ingressNetwork.ID, nc.ingressNetwork.Spec.Annotations.Name)
 			break
 		}
 
@@ -977,8 +989,11 @@ func (a *Allocator) allocateNode(ctx context.Context, node *api.Node, existingAd
 
 	nc := a.netCtx
 
+	var nwIDs = make(map[string]struct{}, len(networks))
+
 	// go through all of the networks we've passed in
 	for _, network := range networks {
+		nwIDs[network.ID] = struct{}{}
 
 		// for each one, create space for an attachment. then, search through
 		// all of the attachments already on the node. if the attachment
@@ -998,6 +1013,10 @@ func (a *Allocator) allocateNode(ctx context.Context, node *api.Node, existingAd
 		}
 
 		if lbAttachment == nil {
+			// if we're restoring state, we should not add an attachment here.
+			if existingAddressesOnly {
+				continue
+			}
 			lbAttachment = &api.NetworkAttachment{}
 			node.Attachments = append(node.Attachments, lbAttachment)
 		}
@@ -1033,17 +1052,8 @@ func (a *Allocator) allocateNode(ctx context.Context, node *api.Node, existingAd
 	// https://github.com/golang/go/wiki/SliceTricks#filtering-without-allocating
 	attachments := node.Attachments[:0]
 	for _, attach := range node.Attachments {
-		// for every attachment, go through every network. if the attachment
-		// belongs to one of the networks, then go to the next attachment. if
-		// no network matches, then the the attachment should be removed.
-		attachmentBelongs := false
-		for _, network := range networks {
-			if network.ID == attach.Network.ID {
-				attachmentBelongs = true
-				break
-			}
-		}
-		if attachmentBelongs {
+		if _, ok := nwIDs[attach.Network.ID]; ok {
+			// attachment belongs to one of the networks, so keep it
 			attachments = append(attachments, attach)
 		} else {
 			// free the attachment and remove it from the node's attachments by
diff --git a/vendor/github.com/docker/swarmkit/manager/constraint/constraint.go b/vendor/github.com/docker/swarmkit/manager/constraint/constraint.go
index 9f13217ae4b55..6c49c0772840b 100644
--- a/vendor/github.com/docker/swarmkit/manager/constraint/constraint.go
+++ b/vendor/github.com/docker/swarmkit/manager/constraint/constraint.go
@@ -56,7 +56,7 @@ func Parse(env []string) ([]Constraint, error) {
 			part0 := strings.TrimSpace(parts[0])
 			// validate key
 			matched := alphaNumeric.MatchString(part0)
-			if matched == false {
+			if !matched {
 				return nil, fmt.Errorf("key '%s' is invalid", part0)
 			}
 
@@ -64,7 +64,7 @@ func Parse(env []string) ([]Constraint, error) {
 
 			// validate Value
 			matched = valuePattern.MatchString(part1)
-			if matched == false {
+			if !matched {
 				return nil, fmt.Errorf("value '%s' is invalid", part1)
 			}
 			// TODO(dongluochen): revisit requirements to see if globing or regex are useful
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/ca_rotation.go b/vendor/github.com/docker/swarmkit/manager/controlapi/ca_rotation.go
index d39c7d2b693a3..91869a8d0af46 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/ca_rotation.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/ca_rotation.go
@@ -203,6 +203,24 @@ func validateCAConfig(ctx context.Context, securityConfig *ca.SecurityConfig, cl
 
 	var oldCertExtCAs []*api.ExternalCA
 	if !hasSigningKey(&cluster.RootCA) {
+
+		// If we are going from external -> internal, but providing the external CA's signing key,
+		// then we don't need to validate any external CAs.  We can in fact abort any outstanding root
+		// rotations if we are just adding a key.  Because we have a key, we don't care if there are
+		// no external CAs matching the certificate.
+		if bytes.Equal(normalizedRootCA, newConfig.SigningCACert) && hasSigningKey(newConfig) {
+			// validate that the key and cert indeed match - if they don't then just fail now rather
+			// than go through all the external CA URLs, which is a more expensive operation
+			if _, err := ca.NewRootCA(newConfig.SigningCACert, newConfig.SigningCACert, newConfig.SigningCAKey, ca.DefaultNodeCertExpiration, nil); err != nil {
+				return nil, err
+			}
+			copied := cluster.RootCA.Copy()
+			copied.CAKey = newConfig.SigningCAKey
+			copied.RootRotation = nil
+			copied.LastForcedRotation = newConfig.ForceRotate
+			return copied, nil
+		}
+
 		oldCertExtCAs, err = validateHasAtLeastOneExternalCA(ctx, extCAs, securityConfig, normalizedRootCA, "current")
 		if err != nil {
 			return nil, err
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/cluster.go b/vendor/github.com/docker/swarmkit/manager/controlapi/cluster.go
index ad248044844a0..73915f3eae583 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/cluster.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/cluster.go
@@ -1,6 +1,7 @@
 package controlapi
 
 import (
+	"context"
 	"strings"
 	"time"
 
@@ -10,7 +11,6 @@ import (
 	"github.com/docker/swarmkit/manager/encryption"
 	"github.com/docker/swarmkit/manager/state/store"
 	gogotypes "github.com/gogo/protobuf/types"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -21,6 +21,8 @@ const (
 	expiredCertGrace = 24 * time.Hour * 7
 	// inbuilt default subnet size
 	inbuiltSubnetSize = 24
+	// VXLAN default port
+	defaultVXLANPort = 4789
 )
 
 var (
@@ -274,6 +276,7 @@ func redactClusters(clusters []*api.Cluster) []*api.Cluster {
 			BlacklistedCertificates: cluster.BlacklistedCertificates,
 			DefaultAddressPool:      cluster.DefaultAddressPool,
 			SubnetSize:              cluster.SubnetSize,
+			VXLANUDPPort:            cluster.VXLANUDPPort,
 		}
 		if newCluster.DefaultAddressPool == nil {
 			// This is just for CLI display. Set the inbuilt default pool for
@@ -281,6 +284,9 @@ func redactClusters(clusters []*api.Cluster) []*api.Cluster {
 			newCluster.DefaultAddressPool = inbuiltDefaultAddressPool
 			newCluster.SubnetSize = inbuiltSubnetSize
 		}
+		if newCluster.VXLANUDPPort == 0 {
+			newCluster.VXLANUDPPort = defaultVXLANPort
+		}
 		redactedClusters = append(redactedClusters, newCluster)
 	}
 
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/common.go b/vendor/github.com/docker/swarmkit/manager/controlapi/common.go
index 9e521794648c9..6a4b92add4a4f 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/common.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/common.go
@@ -4,9 +4,9 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/ipamapi"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/manager/allocator"
 	"github.com/docker/swarmkit/manager/state/store"
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/config.go b/vendor/github.com/docker/swarmkit/manager/controlapi/config.go
index ae08885b001d1..bc8726fb86862 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/config.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/config.go
@@ -2,6 +2,7 @@ package controlapi
 
 import (
 	"bytes"
+	"context"
 	"strings"
 
 	"github.com/docker/swarmkit/api"
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/extension.go b/vendor/github.com/docker/swarmkit/manager/controlapi/extension.go
new file mode 100644
index 0000000000000..321ec762d3829
--- /dev/null
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/extension.go
@@ -0,0 +1,133 @@
+package controlapi
+
+import (
+	"context"
+	"strings"
+
+	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/identity"
+	"github.com/docker/swarmkit/log"
+	"github.com/docker/swarmkit/manager/state/store"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// CreateExtension creates an `Extension` based on the provided `CreateExtensionRequest.Extension`
+// and returns a `CreateExtensionResponse`.
+// - Returns `InvalidArgument` if the `CreateExtensionRequest.Extension` is malformed,
+//   or fails validation.
+// - Returns an error if the creation fails.
+func (s *Server) CreateExtension(ctx context.Context, request *api.CreateExtensionRequest) (*api.CreateExtensionResponse, error) {
+	if request.Annotations == nil || request.Annotations.Name == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "extension name must be provided")
+	}
+
+	extension := &api.Extension{
+		ID:          identity.NewID(),
+		Annotations: *request.Annotations,
+		Description: request.Description,
+	}
+
+	err := s.store.Update(func(tx store.Tx) error {
+		return store.CreateExtension(tx, extension)
+	})
+
+	switch err {
+	case store.ErrNameConflict:
+		return nil, status.Errorf(codes.AlreadyExists, "extension %s already exists", request.Annotations.Name)
+	case nil:
+		log.G(ctx).WithFields(logrus.Fields{
+			"extension.Name": request.Annotations.Name,
+			"method":         "CreateExtension",
+		}).Debugf("extension created")
+
+		return &api.CreateExtensionResponse{Extension: extension}, nil
+	default:
+		return nil, status.Errorf(codes.Internal, "could not create extension: %v", err.Error())
+	}
+}
+
+// GetExtension returns a `GetExtensionResponse` with a `Extension` with the same
+// id as `GetExtensionRequest.extension_id`
+// - Returns `NotFound` if the Extension with the given id is not found.
+// - Returns `InvalidArgument` if the `GetExtensionRequest.extension_id` is empty.
+// - Returns an error if the get fails.
+func (s *Server) GetExtension(ctx context.Context, request *api.GetExtensionRequest) (*api.GetExtensionResponse, error) {
+	if request.ExtensionID == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "extension ID must be provided")
+	}
+
+	var extension *api.Extension
+	s.store.View(func(tx store.ReadTx) {
+		extension = store.GetExtension(tx, request.ExtensionID)
+	})
+
+	if extension == nil {
+		return nil, status.Errorf(codes.NotFound, "extension %s not found", request.ExtensionID)
+	}
+
+	return &api.GetExtensionResponse{Extension: extension}, nil
+}
+
+// RemoveExtension removes the extension referenced by `RemoveExtensionRequest.ID`.
+// - Returns `InvalidArgument` if `RemoveExtensionRequest.extension_id` is empty.
+// - Returns `NotFound` if the an extension named `RemoveExtensionRequest.extension_id` is not found.
+// - Returns an error if the deletion fails.
+func (s *Server) RemoveExtension(ctx context.Context, request *api.RemoveExtensionRequest) (*api.RemoveExtensionResponse, error) {
+	if request.ExtensionID == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "extension ID must be provided")
+	}
+
+	err := s.store.Update(func(tx store.Tx) error {
+		// Check if the extension exists
+		extension := store.GetExtension(tx, request.ExtensionID)
+		if extension == nil {
+			return status.Errorf(codes.NotFound, "could not find extension %s", request.ExtensionID)
+		}
+
+		// Check if any resources of this type present in the store, return error if so
+		resources, err := store.FindResources(tx, store.ByKind(request.ExtensionID))
+		if err != nil {
+			return status.Errorf(codes.Internal, "could not find resources using extension %s: %v", request.ExtensionID, err)
+		}
+
+		if len(resources) != 0 {
+			resourceNames := make([]string, 0, len(resources))
+			// Number of resources for an extension could be quite large.
+			// Show a limited number of resources for debugging.
+			attachedResourceForDebug := 10
+			for _, resource := range resources {
+				resourceNames = append(resourceNames, resource.Annotations.Name)
+				attachedResourceForDebug = attachedResourceForDebug - 1
+				if attachedResourceForDebug == 0 {
+					break
+				}
+			}
+
+			extensionName := extension.Annotations.Name
+			resourceNameStr := strings.Join(resourceNames, ", ")
+			resourceStr := "resources"
+			if len(resourceNames) == 1 {
+				resourceStr = "resource"
+			}
+
+			return status.Errorf(codes.InvalidArgument, "extension '%s' is in use by the following %s: %v", extensionName, resourceStr, resourceNameStr)
+		}
+
+		return store.DeleteExtension(tx, request.ExtensionID)
+	})
+	switch err {
+	case store.ErrNotExist:
+		return nil, status.Errorf(codes.NotFound, "extension %s not found", request.ExtensionID)
+	case nil:
+		log.G(ctx).WithFields(logrus.Fields{
+			"extension.ID": request.ExtensionID,
+			"method":       "RemoveExtension",
+		}).Debugf("extension removed")
+
+		return &api.RemoveExtensionResponse{}, nil
+	default:
+		return nil, err
+	}
+}
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/network.go b/vendor/github.com/docker/swarmkit/manager/controlapi/network.go
index 481b0cfe4b9ee..ccb885d01032f 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/network.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/network.go
@@ -1,17 +1,17 @@
 package controlapi
 
 import (
+	"context"
 	"net"
 
+	"github.com/docker/docker/libnetwork/driverapi"
+	"github.com/docker/docker/libnetwork/ipamapi"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/libnetwork/driverapi"
-	"github.com/docker/libnetwork/ipamapi"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/identity"
 	"github.com/docker/swarmkit/manager/allocator"
 	"github.com/docker/swarmkit/manager/allocator/networkallocator"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/node.go b/vendor/github.com/docker/swarmkit/manager/controlapi/node.go
index b2d15df07a7e6..6e8bdba5bd6c3 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/node.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/node.go
@@ -1,6 +1,7 @@
 package controlapi
 
 import (
+	"context"
 	"crypto/x509"
 	"encoding/pem"
 
@@ -8,7 +9,6 @@ import (
 	"github.com/docker/swarmkit/manager/state/raft/membership"
 	"github.com/docker/swarmkit/manager/state/store"
 	gogotypes "github.com/gogo/protobuf/types"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -254,24 +254,33 @@ func (s *Server) UpdateNode(ctx context.Context, request *api.UpdateNodeRequest)
 	}, nil
 }
 
-func removeNodeAttachments(tx store.Tx, nodeID string) error {
-	// orphan the node's attached containers. if we don't do this, the
-	// network these attachments are connected to will never be removeable
+func orphanNodeTasks(tx store.Tx, nodeID string) error {
+	// when a node is deleted, all of its tasks are irrecoverably removed.
+	// additionally, the Dispatcher can no longer be relied on to update the
+	// task status. Therefore, when the node is removed, we must additionally
+	// move all of its assigned tasks to the Orphaned state, so that their
+	// resources can be cleaned up.
 	tasks, err := store.FindTasks(tx, store.ByNodeID(nodeID))
 	if err != nil {
 		return err
 	}
 	for _, task := range tasks {
-		// if the task is an attachment, then we just delete it. the allocator
-		// will do the heavy lifting. basically, GetAttachment will return the
-		// attachment if that's the kind of runtime, or nil if it's not.
-		if task.Spec.GetAttachment() != nil {
-			// don't delete the task. instead, update it to `ORPHANED` so that
-			// the taskreaper will clean it up.
-			task.Status.State = api.TaskStateOrphaned
-			if err := store.UpdateTask(tx, task); err != nil {
-				return err
+		// this operation must occur within the same transaction boundary. If
+		// we cannot accomplish this task orphaning in the same transaction, we
+		// could crash or die between transactions and not get a chance to do
+		// this. however, in cases were there is an exceptionally large number
+		// of tasks for a node, this may cause the transaction to exceed the
+		// max message size.
+		//
+		// therefore, we restrict updating to only tasks in a non-terminal
+		// state. Tasks in a terminal state do not need to be updated.
+		if task.Status.State < api.TaskStateCompleted {
+			task.Status = api.TaskStatus{
+				Timestamp: gogotypes.TimestampNow(),
+				State:     api.TaskStateOrphaned,
+				Message:   "Task belonged to a node that has been deleted",
 			}
+			store.UpdateTask(tx, task)
 		}
 	}
 	return nil
@@ -342,7 +351,7 @@ func (s *Server) RemoveNode(ctx context.Context, request *api.RemoveNodeRequest)
 			return err
 		}
 
-		if err := removeNodeAttachments(tx, request.NodeID); err != nil {
+		if err := orphanNodeTasks(tx, request.NodeID); err != nil {
 			return err
 		}
 
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/resource.go b/vendor/github.com/docker/swarmkit/manager/controlapi/resource.go
new file mode 100644
index 0000000000000..8ae5cb1375169
--- /dev/null
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/resource.go
@@ -0,0 +1,226 @@
+package controlapi
+
+import (
+	"context"
+
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/identity"
+	"github.com/docker/swarmkit/log"
+	"github.com/docker/swarmkit/manager/state/store"
+)
+
+// CreateResource returns a `CreateResourceResponse` after creating a `Resource` based
+// on the provided `CreateResourceRequest.Resource`.
+// - Returns `InvalidArgument` if the `CreateResourceRequest.Resource` is malformed,
+//   or if the config data is too long or contains invalid characters.
+// - Returns an error if the creation fails.
+func (s *Server) CreateResource(ctx context.Context, request *api.CreateResourceRequest) (*api.CreateResourceResponse, error) {
+	if request.Annotations == nil || request.Annotations.Name == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "Resource must have a name")
+	}
+
+	// finally, validate that Kind is not an emptystring. We know that creating
+	// with Kind as empty string should fail at the store level, but to make
+	// errors clearer, special case this.
+	if request.Kind == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "Resource must belong to an Extension")
+	}
+	r := &api.Resource{
+		ID:          identity.NewID(),
+		Annotations: *request.Annotations,
+		Kind:        request.Kind,
+		Payload:     request.Payload,
+	}
+
+	err := s.store.Update(func(tx store.Tx) error {
+		return store.CreateResource(tx, r)
+	})
+
+	switch err {
+	case store.ErrNoKind:
+		return nil, status.Errorf(codes.InvalidArgument, "Kind %v is not registered", r.Kind)
+	case store.ErrNameConflict:
+		return nil, status.Errorf(
+			codes.AlreadyExists,
+			"A resource with name %v already exists",
+			r.Annotations.Name,
+		)
+	case nil:
+		log.G(ctx).WithFields(logrus.Fields{
+			"resource.Name": r.Annotations.Name,
+			"method":        "CreateResource",
+		}).Debugf("resource created")
+		return &api.CreateResourceResponse{Resource: r}, nil
+	default:
+		return nil, err
+	}
+}
+
+// GetResource returns a `GetResourceResponse` with a `Resource` with the same
+// id as `GetResourceRequest.Resource`
+// - Returns `NotFound` if the Resource with the given id is not found.
+// - Returns `InvalidArgument` if the `GetResourceRequest.Resource` is empty.
+// - Returns an error if getting fails.
+func (s *Server) GetResource(ctx context.Context, request *api.GetResourceRequest) (*api.GetResourceResponse, error) {
+	if request.ResourceID == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "resource ID must be present")
+	}
+	var resource *api.Resource
+	s.store.View(func(tx store.ReadTx) {
+		resource = store.GetResource(tx, request.ResourceID)
+	})
+
+	if resource == nil {
+		return nil, status.Errorf(codes.NotFound, "resource %s not found", request.ResourceID)
+	}
+
+	return &api.GetResourceResponse{Resource: resource}, nil
+}
+
+// RemoveResource removes the `Resource` referenced by `RemoveResourceRequest.ResourceID`.
+// - Returns `InvalidArgument` if `RemoveResourceRequest.ResourceID` is empty.
+// - Returns `NotFound` if the a resource named `RemoveResourceRequest.ResourceID` is not found.
+// - Returns an error if the deletion fails.
+func (s *Server) RemoveResource(ctx context.Context, request *api.RemoveResourceRequest) (*api.RemoveResourceResponse, error) {
+	if request.ResourceID == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "resource ID must be present")
+	}
+	err := s.store.Update(func(tx store.Tx) error {
+		return store.DeleteResource(tx, request.ResourceID)
+	})
+	switch err {
+	case store.ErrNotExist:
+		return nil, status.Errorf(codes.NotFound, "resource %s not found", request.ResourceID)
+	case nil:
+		return &api.RemoveResourceResponse{}, nil
+	default:
+		return nil, err
+	}
+}
+
+// ListResources returns a `ListResourcesResponse` with a list of `Resource`s stored in the raft store,
+// or all resources matching any name in `ListConfigsRequest.Names`, any
+// name prefix in `ListResourcesRequest.NamePrefixes`, any id in
+// `ListResourcesRequest.ResourceIDs`, or any id prefix in `ListResourcesRequest.IDPrefixes`.
+// - Returns an error if listing fails.
+func (s *Server) ListResources(ctx context.Context, request *api.ListResourcesRequest) (*api.ListResourcesResponse, error) {
+	var (
+		resources     []*api.Resource
+		respResources []*api.Resource
+		err           error
+		byFilters     []store.By
+		by            store.By
+		labels        map[string]string
+	)
+
+	// andKind is set to true if the Extension filter is not the only filter
+	// being used. If this is the case, we do not have to compare by strings,
+	// which could be slow.
+	var andKind bool
+
+	if request.Filters != nil {
+		for _, name := range request.Filters.Names {
+			byFilters = append(byFilters, store.ByName(name))
+		}
+		for _, prefix := range request.Filters.NamePrefixes {
+			byFilters = append(byFilters, store.ByNamePrefix(prefix))
+		}
+		for _, prefix := range request.Filters.IDPrefixes {
+			byFilters = append(byFilters, store.ByIDPrefix(prefix))
+		}
+		labels = request.Filters.Labels
+		if request.Filters.Kind != "" {
+			// if we're filtering on Extensions, then set this to true. If Kind is
+			// the _only_ kind of filter, we'll set this to false below.
+			andKind = true
+		}
+	}
+
+	switch len(byFilters) {
+	case 0:
+		// NOTE(dperny): currently, filtering using store.ByKind would apply an
+		// Or operation, which means that filtering by kind would return a
+		// union. However, for Kind filters, we actually want the
+		// _intersection_; that is, _only_ objects of the specified kind. we
+		// could dig into the db code to figure out how to write and use an
+		// efficient And combinator, but I don't have the time nor expertise to
+		// do so at the moment. instead, we'll filter by kind after the fact.
+		// however, if there are no other kinds of filters, and we're ONLY
+		// listing by Kind, we can set that to be the only filter.
+		if andKind {
+			by = store.ByKind(request.Filters.Kind)
+			andKind = false
+		} else {
+			by = store.All
+		}
+	case 1:
+		by = byFilters[0]
+	default:
+		by = store.Or(byFilters...)
+	}
+
+	s.store.View(func(tx store.ReadTx) {
+		resources, err = store.FindResources(tx, by)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// filter by label and extension
+	for _, resource := range resources {
+		if !filterMatchLabels(resource.Annotations.Labels, labels) {
+			continue
+		}
+		if andKind && resource.Kind != request.Filters.Kind {
+			continue
+		}
+		respResources = append(respResources, resource)
+	}
+
+	return &api.ListResourcesResponse{Resources: respResources}, nil
+}
+
+// UpdateResource updates the resource with the given `UpdateResourceRequest.Resource.Id` using the given `UpdateResourceRequest.Resource` and returns a `UpdateResourceResponse`.
+// - Returns `NotFound` if the Resource with the given `UpdateResourceRequest.Resource.Id` is not found.
+// - Returns `InvalidArgument` if the UpdateResourceRequest.Resource.Id` is empty.
+// - Returns an error if updating fails.
+func (s *Server) UpdateResource(ctx context.Context, request *api.UpdateResourceRequest) (*api.UpdateResourceResponse, error) {
+	if request.ResourceID == "" || request.ResourceVersion == nil {
+		return nil, status.Errorf(codes.InvalidArgument, "must include ID and version")
+	}
+	var r *api.Resource
+	err := s.store.Update(func(tx store.Tx) error {
+		r = store.GetResource(tx, request.ResourceID)
+		if r == nil {
+			return status.Errorf(codes.NotFound, "resource %v not found", request.ResourceID)
+		}
+
+		if request.Annotations != nil {
+			if r.Annotations.Name != request.Annotations.Name {
+				return status.Errorf(codes.InvalidArgument, "cannot change resource name")
+			}
+			r.Annotations = *request.Annotations
+		}
+		r.Meta.Version = *request.ResourceVersion
+		// only alter the payload if the
+		if request.Payload != nil {
+			r.Payload = request.Payload
+		}
+
+		return store.UpdateResource(tx, r)
+	})
+	switch err {
+	case store.ErrSequenceConflict:
+		return nil, status.Errorf(codes.InvalidArgument, "update out of sequence")
+	case nil:
+		return &api.UpdateResourceResponse{
+			Resource: r,
+		}, nil
+	default:
+		return nil, err
+	}
+}
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/secret.go b/vendor/github.com/docker/swarmkit/manager/controlapi/secret.go
index fdcd2c412c686..f3d87d1a7cfca 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/secret.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/secret.go
@@ -1,6 +1,7 @@
 package controlapi
 
 import (
+	"context"
 	"crypto/subtle"
 	"strings"
 
@@ -10,7 +11,6 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/service.go b/vendor/github.com/docker/swarmkit/manager/controlapi/service.go
index 3912052bf0004..e4db20b17f7a7 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/service.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/service.go
@@ -1,6 +1,7 @@
 package controlapi
 
 import (
+	"context"
 	"errors"
 	"reflect"
 	"strings"
@@ -18,7 +19,6 @@ import (
 	"github.com/docker/swarmkit/protobuf/ptypes"
 	"github.com/docker/swarmkit/template"
 	gogotypes "github.com/gogo/protobuf/types"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -197,7 +197,7 @@ func validateHealthCheck(hc *api.HealthConfig) error {
 		if err != nil {
 			return err
 		}
-		if interval != 0 && interval < time.Duration(minimumDuration) {
+		if interval != 0 && interval < minimumDuration {
 			return status.Errorf(codes.InvalidArgument, "ContainerSpec: Interval in HealthConfig cannot be less than %s", minimumDuration)
 		}
 	}
@@ -207,7 +207,7 @@ func validateHealthCheck(hc *api.HealthConfig) error {
 		if err != nil {
 			return err
 		}
-		if timeout != 0 && timeout < time.Duration(minimumDuration) {
+		if timeout != 0 && timeout < minimumDuration {
 			return status.Errorf(codes.InvalidArgument, "ContainerSpec: Timeout in HealthConfig cannot be less than %s", minimumDuration)
 		}
 	}
@@ -217,7 +217,7 @@ func validateHealthCheck(hc *api.HealthConfig) error {
 		if err != nil {
 			return err
 		}
-		if sp != 0 && sp < time.Duration(minimumDuration) {
+		if sp != 0 && sp < minimumDuration {
 			return status.Errorf(codes.InvalidArgument, "ContainerSpec: StartPeriod in HealthConfig cannot be less than %s", minimumDuration)
 		}
 	}
@@ -392,6 +392,21 @@ func validateConfigRefsSpec(spec api.TaskSpec) error {
 		return nil
 	}
 
+	// check if we're using a config as a CredentialSpec -- if so, we need to
+	// verify
+	var (
+		credSpecConfig      string
+		credSpecConfigFound bool
+	)
+	if p := container.Privileges; p != nil {
+		if cs := p.CredentialSpec; cs != nil {
+			// if there is no config in the credspec, then this will just be
+			// assigned to emptystring anyway, so we don't need to check
+			// existence.
+			credSpecConfig = cs.GetConfig()
+		}
+	}
+
 	// Keep a map to track all the targets that will be exposed
 	// The string returned is only used for logging. It could as well be struct{}{}
 	existingTargets := make(map[string]string)
@@ -421,6 +436,20 @@ func validateConfigRefsSpec(spec api.TaskSpec) error {
 
 			existingTargets[fileName] = configRef.ConfigName
 		}
+
+		if configRef.GetRuntime() != nil {
+			if configRef.ConfigID == credSpecConfig {
+				credSpecConfigFound = true
+			}
+		}
+	}
+
+	if credSpecConfig != "" && !credSpecConfigFound {
+		return status.Errorf(
+			codes.InvalidArgument,
+			"CredentialSpec references config '%s', but that config isn't in config references with RuntimeTarget",
+			credSpecConfig,
+		)
 	}
 
 	return nil
@@ -445,12 +474,32 @@ func (s *Server) validateNetworks(networks []*api.NetworkAttachmentConfig) error
 
 func validateMode(s *api.ServiceSpec) error {
 	m := s.GetMode()
-	switch m.(type) {
+	switch mode := m.(type) {
 	case *api.ServiceSpec_Replicated:
-		if int64(m.(*api.ServiceSpec_Replicated).Replicated.Replicas) < 0 {
+		if int64(mode.Replicated.Replicas) < 0 {
 			return status.Errorf(codes.InvalidArgument, "Number of replicas must be non-negative")
 		}
 	case *api.ServiceSpec_Global:
+	case *api.ServiceSpec_ReplicatedJob:
+		// this check shouldn't be required as the point of uint64 is to
+		// constrain the possible values to positive numbers, but it almost
+		// certainly is required because there are almost certainly blind casts
+		// from int64 to uint64, and uint64(-1) is almost certain to crash the
+		// cluster because of how large it is.
+		if int64(mode.ReplicatedJob.MaxConcurrent) < 0 {
+			return status.Errorf(
+				codes.InvalidArgument,
+				"Maximum concurrent jobs must not be negative",
+			)
+		}
+
+		if int64(mode.ReplicatedJob.TotalCompletions) < 0 {
+			return status.Errorf(
+				codes.InvalidArgument,
+				"Total completed jobs must not be negative",
+			)
+		}
+	case *api.ServiceSpec_GlobalJob:
 	default:
 		return status.Errorf(codes.InvalidArgument, "Unrecognized service mode")
 	}
@@ -458,6 +507,13 @@ func validateMode(s *api.ServiceSpec) error {
 	return nil
 }
 
+func validateJob(spec *api.ServiceSpec) error {
+	if spec.Update != nil {
+		return status.Errorf(codes.InvalidArgument, "Jobs may not have an update config")
+	}
+	return nil
+}
+
 func validateServiceSpec(spec *api.ServiceSpec) error {
 	if spec == nil {
 		return status.Errorf(codes.InvalidArgument, errInvalidArgument.Error())
@@ -468,13 +524,32 @@ func validateServiceSpec(spec *api.ServiceSpec) error {
 	if err := validateTaskSpec(spec.Task); err != nil {
 		return err
 	}
-	if err := validateUpdate(spec.Update); err != nil {
+	err := validateMode(spec)
+	if err != nil {
 		return err
 	}
-	if err := validateEndpointSpec(spec.Endpoint); err != nil {
-		return err
+
+	// job-mode services are validated differently. most notably, they do not
+	// have UpdateConfigs, which is why this case statement skips update
+	// validation.
+	if isJobSpec(spec) {
+		if err := validateJob(spec); err != nil {
+			return err
+		}
+	} else {
+		if err := validateUpdate(spec.Update); err != nil {
+			return err
+		}
 	}
-	return validateMode(spec)
+
+	return validateEndpointSpec(spec.Endpoint)
+}
+
+func isJobSpec(spec *api.ServiceSpec) bool {
+	mode := spec.GetMode()
+	_, isGlobalJob := mode.(*api.ServiceSpec_GlobalJob)
+	_, isReplicatedJob := mode.(*api.ServiceSpec_ReplicatedJob)
+	return isGlobalJob || isReplicatedJob
 }
 
 // checkPortConflicts does a best effort to find if the passed in spec has port
@@ -660,6 +735,12 @@ func (s *Server) CreateService(ctx context.Context, request *api.CreateServiceRe
 		SpecVersion: &api.Version{},
 	}
 
+	if isJobSpec(request.Spec) {
+		service.JobStatus = &api.JobStatus{
+			LastExecution: gogotypes.TimestampNow(),
+		}
+	}
+
 	if allocator.IsIngressNetworkNeeded(service) {
 		if _, err := allocator.GetIngressNetwork(s.store); err == allocator.ErrNoIngress {
 			return nil, status.Errorf(codes.FailedPrecondition, "service needs ingress network, but no ingress network is present")
@@ -680,13 +761,17 @@ func (s *Server) CreateService(ctx context.Context, request *api.CreateServiceRe
 
 		return store.CreateService(tx, service)
 	})
-	if err != nil {
+	switch err {
+	case store.ErrNameConflict:
+		// Enhance the name-confict error to include the service name. The original
+		// `ErrNameConflict` error-message is included for backward-compatibility
+		// with older consumers of the API performing string-matching.
+		return nil, status.Errorf(codes.AlreadyExists, "%s: service %s already exists", err.Error(), request.Spec.Annotations.Name)
+	case nil:
+		return &api.CreateServiceResponse{Service: service}, nil
+	default:
 		return nil, err
 	}
-
-	return &api.CreateServiceResponse{
-		Service: service,
-	}, nil
 }
 
 // GetService returns a Service given a ServiceID.
@@ -786,6 +871,13 @@ func (s *Server) UpdateService(ctx context.Context, request *api.UpdateServiceRe
 
 		service.Meta.Version = *request.ServiceVersion
 
+		// if the service has a JobStatus, that means it must be a Job, and we
+		// should increment the JobIteration
+		if service.JobStatus != nil {
+			service.JobStatus.JobIteration.Index = service.JobStatus.JobIteration.Index + 1
+			service.JobStatus.LastExecution = gogotypes.TimestampNow()
+		}
+
 		if request.Rollback == api.UpdateServiceRequest_PREVIOUS {
 			if service.PreviousSpec == nil {
 				return status.Errorf(codes.FailedPrecondition, "service %s does not have a previous spec", request.ServiceID)
@@ -896,7 +988,12 @@ func (s *Server) ListServices(ctx context.Context, request *api.ListServicesRequ
 		}
 	})
 	if err != nil {
-		return nil, err
+		switch err {
+		case store.ErrInvalidFindBy:
+			return nil, status.Errorf(codes.InvalidArgument, err.Error())
+		default:
+			return nil, err
+		}
 	}
 
 	if request.Filters != nil {
@@ -930,3 +1027,100 @@ func (s *Server) ListServices(ctx context.Context, request *api.ListServicesRequ
 		Services: services,
 	}, nil
 }
+
+// ListServiceStatuses returns a `ListServiceStatusesResponse` with the status
+// of the requested services, formed by computing the number of running vs
+// desired tasks. It is provided as a shortcut or helper method, which allows a
+// client to avoid having to calculate this value by listing all Tasks.  If any
+// service requested does not exist, it will be returned but with empty status
+// values.
+func (s *Server) ListServiceStatuses(ctx context.Context, req *api.ListServiceStatusesRequest) (*api.ListServiceStatusesResponse, error) {
+	resp := &api.ListServiceStatusesResponse{}
+	if req == nil {
+		return resp, nil
+	}
+
+	s.store.View(func(tx store.ReadTx) {
+		for _, id := range req.Services {
+			status := &api.ListServiceStatusesResponse_ServiceStatus{
+				ServiceID: id,
+			}
+			// no matter what, add this status to the list.
+			resp.Statuses = append(resp.Statuses, status)
+
+			tasks, findErr := store.FindTasks(tx, store.ByServiceID(id))
+			if findErr != nil {
+				// if there is another kind of error here (not sure what it
+				// could be) then still return 0/0 for this service.
+				continue
+			}
+
+			// use a boolean to see global vs replicated. this avoids us having to
+			// iterate the task list twice.
+			global := false
+			// jobIteration is the iteration that the Job is currently
+			// operating on, to distinguish Tasks in old executions from tasks
+			// in the current one. if nil, service is not a Job
+			var jobIteration *api.Version
+			service := store.GetService(tx, id)
+			// a service might be deleted, but it may still have tasks. in that
+			// case, we will be using 0 as the desired task count.
+			if service != nil {
+				// figure out how many tasks the service requires. for replicated
+				// services, this is easy: we can just check the replicas field. for
+				// global services, this is a bit harder and we'll need to do some
+				// numbercrunchin
+				if replicated := service.Spec.GetReplicated(); replicated != nil {
+					status.DesiredTasks = replicated.Replicas
+				} else if replicatedJob := service.Spec.GetReplicatedJob(); replicatedJob != nil {
+					status.DesiredTasks = replicatedJob.MaxConcurrent
+				} else {
+					// global applies to both GlobalJob and regular Global
+					global = true
+				}
+
+				if service.JobStatus != nil {
+					jobIteration = &service.JobStatus.JobIteration
+				}
+			}
+
+			// now, figure out how many tasks are running. Pretty easy, and
+			// universal across both global and replicated services
+			for _, task := range tasks {
+				// if the service is a Job, jobIteration will be non-nil. This
+				// means we should check if the task belongs to the current job
+				// iteration. If not, skip accounting the task.
+				if jobIteration != nil {
+					if task.JobIteration == nil || task.JobIteration.Index != jobIteration.Index {
+						continue
+					}
+
+					// additionally, since we've verified that the service is a
+					// job and the task belongs to this iteration, we should
+					// increment CompletedTasks
+					if task.Status.State == api.TaskStateCompleted {
+						status.CompletedTasks++
+					}
+				}
+				if task.Status.State == api.TaskStateRunning {
+					status.RunningTasks++
+				}
+
+				// if the service is global, a shortcut for figuring out the
+				// number of tasks desired is to look at all tasks, and take a
+				// count of the ones whose desired state is not Shutdown.
+				if global && task.DesiredState == api.TaskStateRunning {
+					status.DesiredTasks++
+				}
+
+				// for jobs, this is any task with desired state Completed
+				// which is not actually in that state.
+				if global && task.Status.State != api.TaskStateCompleted && task.DesiredState == api.TaskStateCompleted {
+					status.DesiredTasks++
+				}
+			}
+		}
+	})
+
+	return resp, nil
+}
diff --git a/vendor/github.com/docker/swarmkit/manager/controlapi/task.go b/vendor/github.com/docker/swarmkit/manager/controlapi/task.go
index dc56e7410543c..5f85f9a93c1d2 100644
--- a/vendor/github.com/docker/swarmkit/manager/controlapi/task.go
+++ b/vendor/github.com/docker/swarmkit/manager/controlapi/task.go
@@ -1,11 +1,12 @@
 package controlapi
 
 import (
+	"context"
+
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/api/naming"
 	"github.com/docker/swarmkit/manager/orchestrator"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
diff --git a/vendor/github.com/docker/swarmkit/manager/dispatcher/assignments.go b/vendor/github.com/docker/swarmkit/manager/dispatcher/assignments.go
index 5a56348053d72..101c449eddd38 100644
--- a/vendor/github.com/docker/swarmkit/manager/dispatcher/assignments.go
+++ b/vendor/github.com/docker/swarmkit/manager/dispatcher/assignments.go
@@ -6,6 +6,7 @@ import (
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/api/equality"
 	"github.com/docker/swarmkit/api/validation"
+	"github.com/docker/swarmkit/identity"
 	"github.com/docker/swarmkit/manager/drivers"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/sirupsen/logrus"
@@ -35,8 +36,10 @@ func newAssignmentSet(log *logrus.Entry, dp *drivers.DriverProvider) *assignment
 }
 
 func assignSecret(a *assignmentSet, readTx store.ReadTx, mapKey typeAndID, t *api.Task) {
-	a.tasksUsingDependency[mapKey] = make(map[string]struct{})
-	secret, err := a.secret(readTx, t, mapKey.id)
+	if _, exists := a.tasksUsingDependency[mapKey]; !exists {
+		a.tasksUsingDependency[mapKey] = make(map[string]struct{})
+	}
+	secret, doNotReuse, err := a.secret(readTx, t, mapKey.id)
 	if err != nil {
 		a.log.WithFields(logrus.Fields{
 			"resource.type": "secret",
@@ -45,6 +48,19 @@ func assignSecret(a *assignmentSet, readTx store.ReadTx, mapKey typeAndID, t *ap
 		}).Debug("failed to fetch secret")
 		return
 	}
+	// If the secret should not be reused for other tasks, give it a unique ID for the task to allow different values for different tasks.
+	if doNotReuse {
+		// Give the secret a new ID and mark it as internal
+		originalSecretID := secret.ID
+		taskSpecificID := identity.CombineTwoIDs(originalSecretID, t.ID)
+		secret.ID = taskSpecificID
+		secret.Internal = true
+		// Create a new mapKey with the new ID and insert it into the dependencies map for the task.
+		// This will make the changes map contain an entry with the new ID rather than the original one.
+		mapKey = typeAndID{objType: mapKey.objType, id: secret.ID}
+		a.tasksUsingDependency[mapKey] = make(map[string]struct{})
+		a.tasksUsingDependency[mapKey][t.ID] = struct{}{}
+	}
 	a.changes[mapKey] = &api.AssignmentChange{
 		Assignment: &api.Assignment{
 			Item: &api.Assignment_Secret{
@@ -104,7 +120,12 @@ func (a *assignmentSet) addTaskDependencies(readTx store.ReadTx, t *api.Task) {
 		secretID := secretRef.SecretID
 		mapKey := typeAndID{objType: api.ResourceType_SECRET, id: secretID}
 
-		if len(a.tasksUsingDependency[mapKey]) == 0 {
+		// This checks for the presence of each task in the dependency map for the
+		// secret. This is currently only done for secrets since the other types of
+		// dependencies do not support driver plugins. Arguably, the same task would
+		// not have the same secret as a dependency more than once, but this check
+		// makes sure the task only gets the secret assigned once.
+		if _, exists := a.tasksUsingDependency[mapKey][t.ID]; !exists {
 			assignSecret(a, readTx, mapKey, t)
 		}
 		a.tasksUsingDependency[mapKey][t.ID] = struct{}{}
@@ -290,27 +311,29 @@ func (a *assignmentSet) message() api.AssignmentsMessage {
 }
 
 // secret populates the secret value from raft store. For external secrets, the value is populated
-// from the secret driver.
-func (a *assignmentSet) secret(readTx store.ReadTx, task *api.Task, secretID string) (*api.Secret, error) {
+// from the secret driver. The function returns: a secret object; an indication of whether the value
+// is to be reused across tasks; and an error if the secret is not found in the store, if the secret
+// driver responds with one or if the payload does not pass validation.
+func (a *assignmentSet) secret(readTx store.ReadTx, task *api.Task, secretID string) (*api.Secret, bool, error) {
 	secret := store.GetSecret(readTx, secretID)
 	if secret == nil {
-		return nil, fmt.Errorf("secret not found")
+		return nil, false, fmt.Errorf("secret not found")
 	}
 	if secret.Spec.Driver == nil {
-		return secret, nil
+		return secret, false, nil
 	}
 	d, err := a.dp.NewSecretDriver(secret.Spec.Driver)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
-	value, err := d.Get(&secret.Spec, task)
+	value, doNotReuse, err := d.Get(&secret.Spec, task)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	if err := validation.ValidateSecretPayload(value); err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	// Assign the secret
 	secret.Spec.Data = value
-	return secret, nil
+	return secret, doNotReuse, nil
 }
diff --git a/vendor/github.com/docker/swarmkit/manager/dispatcher/dispatcher.go b/vendor/github.com/docker/swarmkit/manager/dispatcher/dispatcher.go
index 569ab26375865..d1db2fdc83c16 100644
--- a/vendor/github.com/docker/swarmkit/manager/dispatcher/dispatcher.go
+++ b/vendor/github.com/docker/swarmkit/manager/dispatcher/dispatcher.go
@@ -1,6 +1,7 @@
 package dispatcher
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"strconv"
@@ -21,7 +22,6 @@ import (
 	gogotypes "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -238,7 +238,7 @@ func (d *Dispatcher) Run(ctx context.Context) error {
 			if err != nil {
 				return err
 			}
-			if err == nil && len(clusters) == 1 {
+			if len(clusters) == 1 {
 				heartbeatPeriod, err := gogotypes.DurationFromProto(clusters[0].Spec.Dispatcher.HeartbeatPeriod)
 				if err == nil && heartbeatPeriod > 0 {
 					d.config.HeartbeatPeriod = heartbeatPeriod
@@ -1090,14 +1090,10 @@ func (d *Dispatcher) moveTasksToOrphaned(nodeID string) error {
 				task.Status.State = api.TaskStateOrphaned
 			}
 
-			if err := batch.Update(func(tx store.Tx) error {
-				err := store.UpdateTask(tx, task)
-				if err != nil {
-					return err
-				}
-
-				return nil
-			}); err != nil {
+			err := batch.Update(func(tx store.Tx) error {
+				return store.UpdateTask(tx, task)
+			})
+			if err != nil {
 				return err
 			}
 
diff --git a/vendor/github.com/docker/swarmkit/manager/dispatcher/nodes.go b/vendor/github.com/docker/swarmkit/manager/dispatcher/nodes.go
index cf35bb869aae8..fae6dc5f82c60 100644
--- a/vendor/github.com/docker/swarmkit/manager/dispatcher/nodes.go
+++ b/vendor/github.com/docker/swarmkit/manager/dispatcher/nodes.go
@@ -156,7 +156,7 @@ func (s *nodeStore) Heartbeat(id, sid string) (time.Duration, error) {
 		return 0, err
 	}
 	period := s.periodChooser.Choose() // base period for node
-	grace := period * time.Duration(s.gracePeriodMultiplierNormal)
+	grace := period * s.gracePeriodMultiplierNormal
 	rn.mu.Lock()
 	rn.Heartbeat.Update(grace)
 	rn.Heartbeat.Beat()
diff --git a/vendor/github.com/docker/swarmkit/manager/drivers/provider.go b/vendor/github.com/docker/swarmkit/manager/drivers/provider.go
index 0d9be6119d1a7..97c36fe73d96b 100644
--- a/vendor/github.com/docker/swarmkit/manager/drivers/provider.go
+++ b/vendor/github.com/docker/swarmkit/manager/drivers/provider.go
@@ -22,7 +22,7 @@ func (m *DriverProvider) NewSecretDriver(driver *api.Driver) (*SecretDriver, err
 	if m.pluginGetter == nil {
 		return nil, fmt.Errorf("plugin getter is nil")
 	}
-	if driver == nil && driver.Name == "" {
+	if driver == nil || driver.Name == "" {
 		return nil, fmt.Errorf("driver specification is nil")
 	}
 	// Search for the specified plugin
diff --git a/vendor/github.com/docker/swarmkit/manager/drivers/secrets.go b/vendor/github.com/docker/swarmkit/manager/drivers/secrets.go
index 2e7bc392b60a7..642d244690ea1 100644
--- a/vendor/github.com/docker/swarmkit/manager/drivers/secrets.go
+++ b/vendor/github.com/docker/swarmkit/manager/drivers/secrets.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/api/naming"
 )
 
 const (
@@ -25,20 +26,29 @@ func NewSecretDriver(plugin plugingetter.CompatPlugin) *SecretDriver {
 	return &SecretDriver{plugin: plugin}
 }
 
-// Get gets a secret from the secret provider
-func (d *SecretDriver) Get(spec *api.SecretSpec, task *api.Task) ([]byte, error) {
+// Get gets a secret from the secret provider. The function returns: the secret value;
+// a bool indicating whether the value should be reused across different tasks (defaults to false);
+// and an error if either the spec or task are nil, if calling the driver returns an error, or if
+// the driver returns an error in the payload.
+func (d *SecretDriver) Get(spec *api.SecretSpec, task *api.Task) ([]byte, bool, error) {
 	if spec == nil {
-		return nil, fmt.Errorf("secret spec is nil")
+		return nil, false, fmt.Errorf("secret spec is nil")
 	}
 	if task == nil {
-		return nil, fmt.Errorf("task is nil")
+		return nil, false, fmt.Errorf("task is nil")
 	}
 
 	var secretResp SecretsProviderResponse
 	secretReq := &SecretsProviderRequest{
 		SecretName:    spec.Annotations.Name,
+		SecretLabels:  spec.Annotations.Labels,
+		ServiceID:     task.ServiceID,
 		ServiceName:   task.ServiceAnnotations.Name,
 		ServiceLabels: task.ServiceAnnotations.Labels,
+		TaskID:        task.ID,
+		TaskName:      naming.Task(task),
+		TaskImage:     task.Spec.GetContainer().Image,
+		NodeID:        task.NodeID,
 	}
 	container := task.Spec.GetContainer()
 	if container != nil {
@@ -67,21 +77,27 @@ func (d *SecretDriver) Get(spec *api.SecretSpec, task *api.Task) ([]byte, error)
 
 	err := d.plugin.Client().Call(SecretsProviderAPI, secretReq, &secretResp)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	if secretResp.Err != "" {
-		return nil, fmt.Errorf(secretResp.Err)
+		return nil, secretResp.DoNotReuse, fmt.Errorf(secretResp.Err)
 	}
 	// Assign the secret value
-	return secretResp.Value, nil
+	return secretResp.Value, secretResp.DoNotReuse, nil
 }
 
 // SecretsProviderRequest is the secrets provider request.
 type SecretsProviderRequest struct {
 	SecretName          string            `json:",omitempty"` // SecretName is the name of the secret to request from the plugin
+	SecretLabels        map[string]string `json:",omitempty"` // SecretLabels capture environment names and other metadata pertaining to the secret
 	ServiceHostname     string            `json:",omitempty"` // ServiceHostname is the hostname of the service, can be used for x509 certificate
+	ServiceID           string            `json:",omitempty"` // ServiceID is the name of the service that requested the secret
 	ServiceName         string            `json:",omitempty"` // ServiceName is the name of the service that requested the secret
-	ServiceLabels       map[string]string `json:",omitempty"` // ServiceLabels capture environment names and other metadata
+	ServiceLabels       map[string]string `json:",omitempty"` // ServiceLabels capture environment names and other metadata pertaining to the service
+	TaskID              string            `json:",omitempty"` // TaskID is the ID of the task that the secret will be assigned to
+	TaskName            string            `json:",omitempty"` // TaskName is the name of the task that the secret will be assigned to
+	TaskImage           string            `json:",omitempty"` // TaskName is the image of the task that the secret will be assigned to
+	NodeID              string            `json:",omitempty"` // NodeID is the ID of the node that the task will be executed on
 	ServiceEndpointSpec *EndpointSpec     `json:",omitempty"` // ServiceEndpointSpec holds the specification for endpoints
 }
 
@@ -89,6 +105,11 @@ type SecretsProviderRequest struct {
 type SecretsProviderResponse struct {
 	Value []byte `json:",omitempty"` // Value is the value of the secret
 	Err   string `json:",omitempty"` // Err is the error response of the plugin
+
+	// DoNotReuse indicates that the secret returned from this request should
+	// only be used for one task, and any further tasks should call the secret
+	// driver again.
+	DoNotReuse bool `json:",omitempty"`
 }
 
 // EndpointSpec represents the spec of an endpoint.
diff --git a/vendor/github.com/docker/swarmkit/manager/health/health.go b/vendor/github.com/docker/swarmkit/manager/health/health.go
index ef6658b09ddd7..d75cbf4b60234 100644
--- a/vendor/github.com/docker/swarmkit/manager/health/health.go
+++ b/vendor/github.com/docker/swarmkit/manager/health/health.go
@@ -8,10 +8,10 @@
 package health
 
 import (
+	"context"
 	"sync"
 
 	"github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
diff --git a/vendor/github.com/docker/swarmkit/manager/keymanager/keymanager.go b/vendor/github.com/docker/swarmkit/manager/keymanager/keymanager.go
index e61979cb36179..7a5d7bf14d784 100644
--- a/vendor/github.com/docker/swarmkit/manager/keymanager/keymanager.go
+++ b/vendor/github.com/docker/swarmkit/manager/keymanager/keymanager.go
@@ -6,6 +6,7 @@ package keymanager
 // which is used to exchange service discovery and overlay network control
 // plane information. It can also be used to encrypt overlay data traffic.
 import (
+	"context"
 	cryptorand "crypto/rand"
 	"encoding/binary"
 	"sync"
@@ -15,7 +16,6 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 )
 
 const (
diff --git a/vendor/github.com/docker/swarmkit/manager/logbroker/broker.go b/vendor/github.com/docker/swarmkit/manager/logbroker/broker.go
index dfc898e0702e8..c19438a27aa5f 100644
--- a/vendor/github.com/docker/swarmkit/manager/logbroker/broker.go
+++ b/vendor/github.com/docker/swarmkit/manager/logbroker/broker.go
@@ -1,6 +1,7 @@
 package logbroker
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -14,7 +15,6 @@ import (
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/watch"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
diff --git a/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go b/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go
index b9c9c7b403839..45295bb40aded 100644
--- a/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go
+++ b/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go
@@ -1,6 +1,7 @@
 package logbroker
 
 import (
+	"context"
 	"fmt"
 	"strings"
 	"sync"
@@ -11,7 +12,6 @@ import (
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/watch"
-	"golang.org/x/net/context"
 )
 
 type subscription struct {
@@ -204,20 +204,31 @@ func (s *subscription) watch(ch <-chan events.Event) error {
 	}
 
 	add := func(t *api.Task) {
+		// this mutex does not have a deferred unlock, because there is work
+		// we need to do after we release it.
 		s.mu.Lock()
-		defer s.mu.Unlock()
 
 		// Un-allocated task.
 		if t.NodeID == "" {
 			s.pendingTasks[t.ID] = struct{}{}
+			s.mu.Unlock()
 			return
 		}
 
 		delete(s.pendingTasks, t.ID)
 		if _, ok := s.nodes[t.NodeID]; !ok {
 			s.nodes[t.NodeID] = struct{}{}
+
+			s.mu.Unlock()
+
+			// if we try to call Publish before we release the lock, we can end
+			// up in a situation where the receiver is trying to acquire a read
+			// lock on it. it's hard to explain.
 			s.changed.Publish(s)
+			return
 		}
+
+		s.mu.Unlock()
 	}
 
 	for {
diff --git a/vendor/github.com/docker/swarmkit/manager/manager.go b/vendor/github.com/docker/swarmkit/manager/manager.go
index 106c8e2b585c2..2eaaeaa02554d 100644
--- a/vendor/github.com/docker/swarmkit/manager/manager.go
+++ b/vendor/github.com/docker/swarmkit/manager/manager.go
@@ -1,8 +1,10 @@
 package manager
 
 import (
+	"context"
 	"crypto/tls"
 	"fmt"
+	"math"
 	"net"
 	"os"
 	"path/filepath"
@@ -31,6 +33,7 @@ import (
 	"github.com/docker/swarmkit/manager/metrics"
 	"github.com/docker/swarmkit/manager/orchestrator/constraintenforcer"
 	"github.com/docker/swarmkit/manager/orchestrator/global"
+	"github.com/docker/swarmkit/manager/orchestrator/jobs"
 	"github.com/docker/swarmkit/manager/orchestrator/replicated"
 	"github.com/docker/swarmkit/manager/orchestrator/taskreaper"
 	"github.com/docker/swarmkit/manager/resourceapi"
@@ -45,7 +48,6 @@ import (
 	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
@@ -145,6 +147,7 @@ type Manager struct {
 	watchServer            *watchapi.Server
 	replicatedOrchestrator *replicated.Orchestrator
 	globalOrchestrator     *global.Orchestrator
+	jobsOrchestrator       *jobs.Orchestrator
 	taskReaper             *taskreaper.TaskReaper
 	constraintEnforcer     *constraintenforcer.ConstraintEnforcer
 	scheduler              *scheduler.Scheduler
@@ -680,6 +683,9 @@ func (m *Manager) Stop(ctx context.Context, clearData bool) {
 	if m.globalOrchestrator != nil {
 		m.globalOrchestrator.Stop()
 	}
+	if m.jobsOrchestrator != nil {
+		m.jobsOrchestrator.Stop()
+	}
 	if m.taskReaper != nil {
 		m.taskReaper.Stop()
 	}
@@ -758,6 +764,7 @@ func (m *Manager) updateKEK(ctx context.Context, cluster *api.Cluster) error {
 					func(addr string, timeout time.Duration) (net.Conn, error) {
 						return xnet.DialTimeoutLocal(addr, timeout)
 					}),
+				grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(math.MaxInt32)),
 			)
 			if err != nil {
 				logger.WithError(err).Error("failed to connect to local manager socket after locking the cluster")
@@ -942,23 +949,30 @@ func (m *Manager) becomeLeader(ctx context.Context) {
 			rootCA,
 			m.config.FIPS,
 			nil,
+			0,
 			0)
 
 		// If defaultAddrPool is valid we update cluster object with new value
-		if m.config.NetworkConfig != nil && m.config.NetworkConfig.DefaultAddrPool != nil {
-			clusterObj.DefaultAddressPool = m.config.NetworkConfig.DefaultAddrPool
-			clusterObj.SubnetSize = m.config.NetworkConfig.SubnetSize
-		}
+		// If VXLANUDPPort is not 0 then we call update cluster object with new value
+		if m.config.NetworkConfig != nil {
+			if m.config.NetworkConfig.DefaultAddrPool != nil {
+				clusterObj.DefaultAddressPool = m.config.NetworkConfig.DefaultAddrPool
+				clusterObj.SubnetSize = m.config.NetworkConfig.SubnetSize
+			}
 
+			if m.config.NetworkConfig.VXLANUDPPort != 0 {
+				clusterObj.VXLANUDPPort = m.config.NetworkConfig.VXLANUDPPort
+			}
+		}
 		err := store.CreateCluster(tx, clusterObj)
 
-		if err != nil && err != store.ErrExist {
+		if err != nil && (err != store.ErrExist || err != store.ErrNameConflict) {
 			log.G(ctx).WithError(err).Errorf("error creating cluster object")
 		}
 
 		// Add Node entry for ourself, if one
 		// doesn't exist already.
-		freshCluster := nil == store.CreateNode(tx, managerNode(nodeID, m.config.Availability))
+		freshCluster := nil == store.CreateNode(tx, managerNode(nodeID, m.config.Availability, clusterObj.VXLANUDPPort))
 
 		if freshCluster {
 			// This is a fresh swarm cluster. Add to store now any initial
@@ -985,28 +999,37 @@ func (m *Manager) becomeLeader(ctx context.Context) {
 	m.replicatedOrchestrator = replicated.NewReplicatedOrchestrator(s)
 	m.constraintEnforcer = constraintenforcer.New(s)
 	m.globalOrchestrator = global.NewGlobalOrchestrator(s)
+	m.jobsOrchestrator = jobs.NewOrchestrator(s)
 	m.taskReaper = taskreaper.New(s)
 	m.scheduler = scheduler.New(s)
 	m.keyManager = keymanager.New(s, keymanager.DefaultConfig())
 	m.roleManager = newRoleManager(s, m.raftNode)
 
 	// TODO(stevvooe): Allocate a context that can be used to
-	// shutdown underlying manager processes when leadership is
+	// shutdown underlying manager processes when leadership isTestUpdaterRollback
 	// lost.
 
 	// If DefaultAddrPool is null, Read from store and check if
 	// DefaultAddrPool info is stored in cluster object
-	if m.config.NetworkConfig == nil || m.config.NetworkConfig.DefaultAddrPool == nil {
+	// If VXLANUDPPort is 0, read it from the store - cluster object
+	if m.config.NetworkConfig == nil || m.config.NetworkConfig.DefaultAddrPool == nil || m.config.NetworkConfig.VXLANUDPPort == 0 {
 		var cluster *api.Cluster
 		s.View(func(tx store.ReadTx) {
 			cluster = store.GetCluster(tx, clusterID)
 		})
 		if cluster.DefaultAddressPool != nil {
-			for _, address := range cluster.DefaultAddressPool {
-				m.config.NetworkConfig.DefaultAddrPool = append(m.config.NetworkConfig.DefaultAddrPool, address)
+			if m.config.NetworkConfig == nil {
+				m.config.NetworkConfig = &cnmallocator.NetworkConfig{}
 			}
+			m.config.NetworkConfig.DefaultAddrPool = append(m.config.NetworkConfig.DefaultAddrPool, cluster.DefaultAddressPool...)
 			m.config.NetworkConfig.SubnetSize = cluster.SubnetSize
 		}
+		if cluster.VXLANUDPPort != 0 {
+			if m.config.NetworkConfig == nil {
+				m.config.NetworkConfig = &cnmallocator.NetworkConfig{}
+			}
+			m.config.NetworkConfig.VXLANUDPPort = cluster.VXLANUDPPort
+		}
 	}
 
 	m.allocator, err = allocator.New(s, m.config.PluginGetter, m.config.NetworkConfig)
@@ -1026,7 +1049,16 @@ func (m *Manager) becomeLeader(ctx context.Context) {
 
 	go func(d *dispatcher.Dispatcher) {
 		// Initialize the dispatcher.
-		d.Init(m.raftNode, dispatcher.DefaultConfig(), drivers.New(m.config.PluginGetter), m.config.SecurityConfig)
+		var cluster *api.Cluster
+		s.View(func(tx store.ReadTx) {
+			cluster = store.GetCluster(tx, clusterID)
+		})
+		var defaultConfig = dispatcher.DefaultConfig()
+		heartbeatPeriod, err := gogotypes.DurationFromProto(cluster.Spec.Dispatcher.HeartbeatPeriod)
+		if err == nil {
+			defaultConfig.HeartbeatPeriod = heartbeatPeriod
+		}
+		d.Init(m.raftNode, defaultConfig, drivers.New(m.config.PluginGetter), m.config.SecurityConfig)
 		if err := d.Run(ctx); err != nil {
 			log.G(ctx).WithError(err).Error("Dispatcher exited with an error")
 		}
@@ -1073,6 +1105,11 @@ func (m *Manager) becomeLeader(ctx context.Context) {
 		}
 	}(m.replicatedOrchestrator)
 
+	go func(orchestrator *jobs.Orchestrator) {
+		// jobs orchestrator does not return errors.
+		orchestrator.Run(ctx)
+	}(m.jobsOrchestrator)
+
 	go func(globalOrchestrator *global.Orchestrator) {
 		if err := globalOrchestrator.Run(ctx); err != nil {
 			log.G(ctx).WithError(err).Error("global orchestrator exited with an error")
@@ -1133,7 +1170,8 @@ func defaultClusterObject(
 	rootCA *ca.RootCA,
 	fips bool,
 	defaultAddressPool []string,
-	subnetSize uint32) *api.Cluster {
+	subnetSize uint32,
+	vxlanUDPPort uint32) *api.Cluster {
 	var caKey []byte
 	if rcaSigner, err := rootCA.Signer(); err == nil {
 		caKey = rcaSigner.Key
@@ -1168,11 +1206,12 @@ func defaultClusterObject(
 		FIPS:               fips,
 		DefaultAddressPool: defaultAddressPool,
 		SubnetSize:         subnetSize,
+		VXLANUDPPort:       vxlanUDPPort,
 	}
 }
 
 // managerNode creates a new node with NodeRoleManager role.
-func managerNode(nodeID string, availability api.NodeSpec_Availability) *api.Node {
+func managerNode(nodeID string, availability api.NodeSpec_Availability, vxlanPort uint32) *api.Node {
 	return &api.Node{
 		ID: nodeID,
 		Certificate: api.Certificate{
@@ -1187,6 +1226,7 @@ func managerNode(nodeID string, availability api.NodeSpec_Availability) *api.Nod
 			Membership:   api.NodeMembershipAccepted,
 			Availability: availability,
 		},
+		VXLANUDPPort: vxlanPort,
 	}
 }
 
@@ -1204,12 +1244,8 @@ func newIngressNetwork() *api.Network {
 			},
 			DriverConfig: &api.Driver{},
 			IPAM: &api.IPAMOptions{
-				Driver: &api.Driver{},
-				Configs: []*api.IPAMConfig{
-					{
-						Subnet: "10.255.0.0/16",
-					},
-				},
+				Driver:  &api.Driver{},
+				Configs: []*api.IPAMConfig{},
 			},
 		},
 	}
diff --git a/vendor/github.com/docker/swarmkit/manager/metrics/collector.go b/vendor/github.com/docker/swarmkit/manager/metrics/collector.go
index 384743707d6fc..5539a898ca9ef 100644
--- a/vendor/github.com/docker/swarmkit/manager/metrics/collector.go
+++ b/vendor/github.com/docker/swarmkit/manager/metrics/collector.go
@@ -188,7 +188,6 @@ func (c *Collector) handleNodeEvent(event events.Event) {
 	if newNode != nil {
 		nodesMetric.WithValues(strings.ToLower(newNode.Status.State.String())).Inc(1)
 	}
-	return
 }
 
 func (c *Collector) handleTaskEvent(event events.Event) {
@@ -218,8 +217,6 @@ func (c *Collector) handleTaskEvent(event events.Event) {
 			strings.ToLower(newTask.Status.State.String()),
 		).Inc(1)
 	}
-
-	return
 }
 
 func (c *Collector) handleServiceEvent(event events.Event) {
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/constraintenforcer/constraint_enforcer.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/constraintenforcer/constraint_enforcer.go
index 7aa7651db726c..6b179de3f7078 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/constraintenforcer/constraint_enforcer.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/constraintenforcer/constraint_enforcer.go
@@ -76,8 +76,22 @@ func (ce *ConstraintEnforcer) rejectNoncompliantTasks(node *api.Node) {
 		err   error
 	)
 
+	services := map[string]*api.Service{}
 	ce.store.View(func(tx store.ReadTx) {
 		tasks, err = store.FindTasks(tx, store.ByNodeID(node.ID))
+		if err != nil {
+			return
+		}
+
+		// Deduplicate service IDs using the services map. It's okay for the
+		// values to be nil for now, we will look them up from the store next.
+		for _, task := range tasks {
+			services[task.ServiceID] = nil
+		}
+
+		for serviceID := range services {
+			services[serviceID] = store.GetService(tx, serviceID)
+		}
 	})
 
 	if err != nil {
@@ -101,14 +115,48 @@ func (ce *ConstraintEnforcer) rejectNoncompliantTasks(node *api.Node) {
 	// to remove the most resource-intensive tasks.
 loop:
 	for _, t := range tasks {
-		if t.DesiredState < api.TaskStateAssigned || t.DesiredState > api.TaskStateRunning {
+		if t.DesiredState < api.TaskStateAssigned || t.DesiredState > api.TaskStateCompleted {
 			continue
 		}
 
-		// Ensure that the task still meets scheduling
-		// constraints.
-		if t.Spec.Placement != nil && len(t.Spec.Placement.Constraints) != 0 {
-			constraints, _ := constraint.Parse(t.Spec.Placement.Constraints)
+		// Ensure that the node still satisfies placement constraints.
+		// NOTE: If the task is associacted with a service then we must use the
+		// constraints from the current service spec rather than the
+		// constraints from the task spec because they may be outdated. This
+		// will happen if the service was previously updated in a way which
+		// only changes the placement constraints and the node matched the
+		// placement constraints both before and after that update. In the case
+		// of such updates, the tasks are not considered "dirty" and are not
+		// restarted but it will mean that the task spec's placement
+		// constraints are outdated. Consider this example:
+		// - A service is created with no constraints and a task is scheduled
+		//   to a node.
+		// - The node is updated to add a label, this doesn't affect the task
+		//   on that node because it has no constraints.
+		// - The service is updated to add a node label constraint which
+		//   matches the label which was just added to the node. The updater
+		//   does not shut down the task because the only the constraints have
+		//   changed and the node still matches the updated constraints.
+		// - The node is updated to remove the node label. The node no longer
+		//   satisfies the placement constraints of the service, so the task
+		//   should be shutdown. However, the task's spec still has the
+		//   original and outdated constraints (that are still satisfied by
+		//   the node). If we used those original constraints then the task
+		//   would incorrectly not be removed. This is why the constraints
+		//   from the service spec should be used instead.
+		var placement *api.Placement
+		if service := services[t.ServiceID]; service != nil {
+			// This task is associated with a service, so we use the service's
+			// current placement constraints.
+			placement = service.Spec.Task.Placement
+		} else {
+			// This task is not associated with a service (or the service no
+			// longer exists), so we use the placement constraints from the
+			// original task spec.
+			placement = t.Spec.Placement
+		}
+		if placement != nil && len(placement.Constraints) > 0 {
+			constraints, _ := constraint.Parse(placement.Constraints)
 			if !constraint.NodeMatches(constraints, node) {
 				removeTasks[t.ID] = t
 				continue
@@ -147,7 +195,7 @@ loop:
 			for _, t := range removeTasks {
 				err := batch.Update(func(tx store.Tx) error {
 					t = store.GetTask(tx, t.ID)
-					if t == nil || t.DesiredState > api.TaskStateRunning {
+					if t == nil || t.DesiredState > api.TaskStateCompleted {
 						return nil
 					}
 
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/global/global.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/global/global.go
index 2b20813ce2af3..715781e817118 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/global/global.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/global/global.go
@@ -1,6 +1,8 @@
 package global
 
 import (
+	"context"
+
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/constraint"
@@ -9,7 +11,6 @@ import (
 	"github.com/docker/swarmkit/manager/orchestrator/taskinit"
 	"github.com/docker/swarmkit/manager/orchestrator/update"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 type globalService struct {
@@ -585,11 +586,3 @@ func (g *Orchestrator) SlotTuple(t *api.Task) orchestrator.SlotTuple {
 		NodeID:    t.NodeID,
 	}
 }
-
-func isTaskCompleted(t *api.Task, restartPolicy api.RestartPolicy_RestartCondition) bool {
-	if t == nil || t.DesiredState <= api.TaskStateRunning {
-		return false
-	}
-	return restartPolicy == api.RestartOnNone ||
-		(restartPolicy == api.RestartOnFailure && t.Status.State == api.TaskStateCompleted)
-}
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/global/reconciler.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/global/reconciler.go
new file mode 100644
index 0000000000000..00e95804c36cd
--- /dev/null
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/global/reconciler.go
@@ -0,0 +1,301 @@
+package global
+
+import (
+	"context"
+
+	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/manager/constraint"
+	"github.com/docker/swarmkit/manager/orchestrator"
+	"github.com/docker/swarmkit/manager/state/store"
+)
+
+// restartSupervisor is an interface representing the methods from the
+// restart.SupervisorInterface that are actually needed by the reconciler. This
+// more limited interface allows us to write a less ugly fake for unit testing.
+type restartSupervisor interface {
+	Restart(context.Context, store.Tx, *api.Cluster, *api.Service, api.Task) error
+}
+
+// Reconciler is an object that manages reconciliation of global jobs. It is
+// blocking and non-asynchronous, for ease of testing. It implements the
+// Reconciler interface from the orchestrator package above it, and the
+// taskinit.InitHandler interface.
+type Reconciler struct {
+	store *store.MemoryStore
+
+	restart restartSupervisor
+}
+
+// NewReconciler creates a new global job reconciler.
+func NewReconciler(store *store.MemoryStore, restart restartSupervisor) *Reconciler {
+	return &Reconciler{
+		store:   store,
+		restart: restart,
+	}
+}
+
+// ReconcileService reconciles one global job service.
+func (r *Reconciler) ReconcileService(id string) error {
+	var (
+		service *api.Service
+		cluster *api.Cluster
+		tasks   []*api.Task
+		nodes   []*api.Node
+		viewErr error
+	)
+
+	// we need to first get the latest iteration of the service, its tasks, and
+	// the nodes in the cluster.
+	r.store.View(func(tx store.ReadTx) {
+		service = store.GetService(tx, id)
+		if service == nil {
+			return
+		}
+
+		// getting tasks with FindTasks should only return an error if we've
+		// made a mistake coding; there's no user-input or even reasonable
+		// system state that can cause it. If it returns an error, we'll just
+		// panic and crash.
+		tasks, viewErr = store.FindTasks(tx, store.ByServiceID(id))
+		if viewErr != nil {
+			return
+		}
+
+		// same as with FindTasks
+		nodes, viewErr = store.FindNodes(tx, store.All)
+		if viewErr != nil {
+			return
+		}
+
+		clusters, _ := store.FindClusters(tx, store.All)
+		if len(clusters) == 1 {
+			cluster = clusters[0]
+		} else if len(clusters) > 1 {
+			panic("there should never be more than one cluster object")
+		}
+	})
+
+	if viewErr != nil {
+		return viewErr
+	}
+
+	// the service may be nil if the service has been deleted before we entered
+	// the View.
+	if service == nil {
+		return nil
+	}
+
+	if service.JobStatus == nil {
+		service.JobStatus = &api.JobStatus{}
+	}
+
+	// we need to compute the constraints on the service so we know which nodes
+	// to schedule it on
+	var constraints []constraint.Constraint
+	if service.Spec.Task.Placement != nil && len(service.Spec.Task.Placement.Constraints) != 0 {
+		// constraint.Parse does return an error, but we don't need to check
+		// it, because it was already checked when the service was created or
+		// updated.
+		constraints, _ = constraint.Parse(service.Spec.Task.Placement.Constraints)
+	}
+
+	var candidateNodes []string
+	var invalidNodes []string
+	for _, node := range nodes {
+		// instead of having a big ugly multi-line boolean expression in the
+		// if-statement, we'll have several if-statements, and bail out of
+		// this loop iteration with continue if the node is not acceptable
+		if !constraint.NodeMatches(constraints, node) {
+			continue
+		}
+
+		// if a node is invalid, we should remove any tasks that might be on it
+		if orchestrator.InvalidNode(node) {
+			invalidNodes = append(invalidNodes, node.ID)
+			continue
+		}
+
+		if node.Spec.Availability != api.NodeAvailabilityActive {
+			continue
+		}
+		if node.Status.State != api.NodeStatus_READY {
+			continue
+		}
+		// you can append to a nil slice and get a non-nil slice, which is
+		// pretty slick.
+		candidateNodes = append(candidateNodes, node.ID)
+	}
+
+	// now, we have a list of all nodes that match constraints. it's time to
+	// match running tasks to the nodes. we need to identify all nodes that
+	// need new tasks, which is any node that doesn't have a task of this job
+	// iteration. trade some space for some time by building a node ID to task
+	// ID mapping, so that we're just doing 2x linear operation, instead of a
+	// quadratic operation.
+	nodeToTask := map[string]string{}
+	// additionally, while we're iterating through tasks, if any of those tasks
+	// are failed, we'll hand them to the restart supervisor to handle
+	restartTasks := []string{}
+	// and if there are any tasks belonging to old job iterations, set them to
+	// be removed
+	removeTasks := []string{}
+	for _, task := range tasks {
+		// match all tasks belonging to this job iteration which are in desired
+		// state completed, including failed tasks. We only want to create
+		// tasks for nodes on which there are no existing tasks.
+		if task.JobIteration != nil {
+			if task.JobIteration.Index == service.JobStatus.JobIteration.Index &&
+				task.DesiredState <= api.TaskStateCompleted {
+				// we already know the task is desired to be executing (because its
+				// desired state is Completed). Check here to see if it's already
+				// failed, so we can restart it
+				if task.Status.State > api.TaskStateCompleted {
+					restartTasks = append(restartTasks, task.ID)
+				}
+				nodeToTask[task.NodeID] = task.ID
+			}
+
+			if task.JobIteration.Index != service.JobStatus.JobIteration.Index {
+				if task.DesiredState != api.TaskStateRemove {
+					removeTasks = append(removeTasks, task.ID)
+				}
+			}
+		}
+	}
+
+	return r.store.Batch(func(batch *store.Batch) error {
+		// first, create any new tasks required.
+		for _, node := range candidateNodes {
+			// check if there is a task for this node ID. If not, then we need
+			// to create one.
+			if _, ok := nodeToTask[node]; !ok {
+				if err := batch.Update(func(tx store.Tx) error {
+					// if the node does not already have a running or completed
+					// task, create a task for this node.
+					task := orchestrator.NewTask(cluster, service, 0, node)
+					task.JobIteration = &service.JobStatus.JobIteration
+					task.DesiredState = api.TaskStateCompleted
+					return store.CreateTask(tx, task)
+				}); err != nil {
+					return err
+				}
+			}
+		}
+
+		// then, restart any tasks that are failed
+		for _, taskID := range restartTasks {
+			if err := batch.Update(func(tx store.Tx) error {
+				// get the latest version of the task for the restart
+				t := store.GetTask(tx, taskID)
+				// if it's deleted, nothing to do
+				if t == nil {
+					return nil
+				}
+
+				// if it's not still desired to be running, then don't restart
+				// it.
+				if t.DesiredState > api.TaskStateCompleted {
+					return nil
+				}
+
+				// Finally, restart it
+				// TODO(dperny): pass in context to ReconcileService, so we can
+				// pass it in here.
+				return r.restart.Restart(context.Background(), tx, cluster, service, *t)
+			}); err != nil {
+				// TODO(dperny): probably should log like in the other
+				// orchestrators instead of returning here.
+				return err
+			}
+		}
+
+		// remove tasks that need to be removed
+		for _, taskID := range removeTasks {
+			if err := batch.Update(func(tx store.Tx) error {
+				t := store.GetTask(tx, taskID)
+				if t == nil {
+					return nil
+				}
+
+				if t.DesiredState == api.TaskStateRemove {
+					return nil
+				}
+
+				t.DesiredState = api.TaskStateRemove
+				return store.UpdateTask(tx, t)
+			}); err != nil {
+				return err
+			}
+		}
+
+		// finally, shut down any tasks on invalid nodes
+		for _, nodeID := range invalidNodes {
+			if taskID, ok := nodeToTask[nodeID]; ok {
+				if err := batch.Update(func(tx store.Tx) error {
+					t := store.GetTask(tx, taskID)
+					if t == nil {
+						return nil
+					}
+					// if the task is still desired to be running, and is still
+					// actually, running, then it still needs to be shut down.
+					if t.DesiredState > api.TaskStateCompleted || t.Status.State <= api.TaskStateRunning {
+						t.DesiredState = api.TaskStateShutdown
+						return store.UpdateTask(tx, t)
+					}
+					return nil
+				}); err != nil {
+					return err
+				}
+			}
+		}
+		return nil
+	})
+}
+
+// IsRelatedService returns true if the task is a global job. This method
+// fulfills the taskinit.InitHandler interface. Because it is just a wrapper
+// around a well-tested function call, it has no tests of its own.
+func (r *Reconciler) IsRelatedService(service *api.Service) bool {
+	return orchestrator.IsGlobalJob(service)
+}
+
+// FixTask validates that a task is compliant with the rest of the cluster
+// state, and fixes it if it's not. This covers some main scenarios:
+//
+// * The node that the task is running on is now paused or drained. we do not
+//   need to check if the node still meets constraints -- that is the purview
+//   of the constraint enforcer.
+// * The task has failed and needs to be restarted.
+//
+// This implements the FixTask method of the taskinit.InitHandler interface.
+func (r *Reconciler) FixTask(ctx context.Context, batch *store.Batch, t *api.Task) {
+	// tasks already desired to be shut down need no action.
+	if t.DesiredState > api.TaskStateCompleted {
+		return
+	}
+
+	batch.Update(func(tx store.Tx) error {
+		node := store.GetNode(tx, t.NodeID)
+		// if the node is no longer a valid node for this task, we need to shut
+		// it down
+		if orchestrator.InvalidNode(node) {
+			task := store.GetTask(tx, t.ID)
+			if task != nil && task.DesiredState < api.TaskStateShutdown {
+				task.DesiredState = api.TaskStateShutdown
+				return store.UpdateTask(tx, task)
+			}
+		}
+		// we will reconcile all services after fixing the tasks, so we don't
+		// need to restart tasks right now; we'll do so after this.
+		return nil
+	})
+}
+
+// SlotTuple returns a slot tuple representing this task. It implements the
+// taskinit.InitHandler interface.
+func (r *Reconciler) SlotTuple(t *api.Task) orchestrator.SlotTuple {
+	return orchestrator.SlotTuple{
+		ServiceID: t.ServiceID,
+		NodeID:    t.NodeID,
+	}
+}
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/orchestrator.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/orchestrator.go
new file mode 100644
index 0000000000000..d244d3c65b1cd
--- /dev/null
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/orchestrator.go
@@ -0,0 +1,250 @@
+package jobs
+
+import (
+	"context"
+	"sync"
+
+	"github.com/docker/go-events"
+
+	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/log"
+	"github.com/docker/swarmkit/manager/orchestrator"
+	"github.com/docker/swarmkit/manager/orchestrator/jobs/global"
+	"github.com/docker/swarmkit/manager/orchestrator/jobs/replicated"
+	"github.com/docker/swarmkit/manager/orchestrator/restart"
+	"github.com/docker/swarmkit/manager/orchestrator/taskinit"
+	"github.com/docker/swarmkit/manager/state/store"
+)
+
+// Reconciler is the type that holds the reconciliation logic for the
+// orchestrator. It exists so that the logic of actually reconciling and
+// writing to the store is separated from the orchestrator, to make the event
+// handling logic in the orchestrator easier to test.
+type Reconciler interface {
+	taskinit.InitHandler
+
+	ReconcileService(id string) error
+}
+
+// Orchestrator is the combined orchestrator controlling both Global and
+// Replicated Jobs. Initially, these job types were two separate orchestrators,
+// like the Replicated and Global orchestrators. However, it became apparent
+// that because of the simplicity of Jobs as compared to Services, one combined
+// orchestrator suffices for both job types.
+type Orchestrator struct {
+	store *store.MemoryStore
+
+	// two reconcilers, one for each service type
+
+	replicatedReconciler Reconciler
+	globalReconciler     Reconciler
+
+	// startOnce is a function that stops the orchestrator from being started
+	// multiple times.
+	startOnce sync.Once
+
+	// restartSupervisor is the component that handles restarting tasks
+	restartSupervisor restart.SupervisorInterface
+
+	// stopChan is a channel that is closed to signal the orchestrator to stop
+	// running
+	stopChan chan struct{}
+	// stopOnce is used to ensure that stopChan can only be closed once, just
+	// in case some freak accident causes subsequent calls to Stop.
+	stopOnce sync.Once
+	// doneChan is closed when the orchestrator actually stops running
+	doneChan chan struct{}
+
+	// checkTasksFunc is a variable that hold taskinit.CheckTasks, but allows
+	// swapping it out in testing.
+	checkTasksFunc func(context.Context, *store.MemoryStore, store.ReadTx, taskinit.InitHandler, restart.SupervisorInterface) error
+
+	// the watchChan and watchCancel provide the event stream
+	watchChan   chan events.Event
+	watchCancel func()
+}
+
+func NewOrchestrator(store *store.MemoryStore) *Orchestrator {
+	return &Orchestrator{
+		store:    store,
+		stopChan: make(chan struct{}),
+		doneChan: make(chan struct{}),
+	}
+}
+
+// Run runs the Orchestrator reconciliation loop. It takes a context as an
+// argument, but canceling this context will not stop the routine; this context
+// is only for passing in logging information. Call Stop to stop the
+// Orchestrator
+func (o *Orchestrator) Run(ctx context.Context) {
+	o.startOnce.Do(func() { o.run(ctx) })
+}
+
+// init runs the once-off initialization logic for the orchestrator. This
+// includes initializing the sub-components, starting the channel watch, and
+// running the initial reconciliation pass. this runs as part of the run
+// method, but is broken out for the purpose of testing.
+func (o *Orchestrator) init(ctx context.Context) {
+	var (
+		services []*api.Service
+	)
+
+	// there are several components to the Orchestrator that are interfaces
+	// designed to be swapped out in testing. in production, these fields will
+	// all be unset, and be initialized here. in testing, we will set fakes,
+	// and this initialization will be skipped.
+
+	if o.restartSupervisor == nil {
+		o.restartSupervisor = restart.NewSupervisor(o.store)
+	}
+
+	if o.replicatedReconciler == nil {
+		// the cluster might be nil, but that doesn't matter.
+		o.replicatedReconciler = replicated.NewReconciler(o.store, o.restartSupervisor)
+	}
+
+	if o.globalReconciler == nil {
+		o.globalReconciler = global.NewReconciler(o.store, o.restartSupervisor)
+	}
+
+	if o.checkTasksFunc == nil {
+		o.checkTasksFunc = taskinit.CheckTasks
+	}
+
+	o.watchChan, o.watchCancel, _ = store.ViewAndWatch(o.store, func(tx store.ReadTx) error {
+		services, _ = store.FindServices(tx, store.All)
+		return nil
+	})
+
+	// checkTasksFunc is used to resume any in-progress restarts that were
+	// interrupted by a leadership change. In other orchestrators, this
+	// additionally queues up some tasks to be restarted. However, the jobs
+	// orchestrator will make a reconciliation pass across all services
+	// immediately after this, and so does not need to restart any tasks; they
+	// will be restarted during this pass.
+	//
+	// we cannot call o.checkTasksFunc inside of store.ViewAndWatch above.
+	// despite taking a callback with a ReadTx, it actually performs an Update,
+	// which acquires a lock and will result in a deadlock. instead, do
+	// o.checkTasksFunc here.
+	o.store.View(func(tx store.ReadTx) {
+		o.checkTasksFunc(ctx, o.store, tx, o.replicatedReconciler, o.restartSupervisor)
+		o.checkTasksFunc(ctx, o.store, tx, o.globalReconciler, o.restartSupervisor)
+	})
+
+	for _, service := range services {
+		if orchestrator.IsReplicatedJob(service) {
+			if err := o.replicatedReconciler.ReconcileService(service.ID); err != nil {
+				log.G(ctx).WithField(
+					"service.id", service.ID,
+				).WithError(err).Error("error reconciling replicated job")
+			}
+		}
+
+		if orchestrator.IsGlobalJob(service) {
+			if err := o.globalReconciler.ReconcileService(service.ID); err != nil {
+				log.G(ctx).WithField(
+					"service.id", service.ID,
+				).WithError(err).Error("error reconciling global job")
+			}
+		}
+	}
+}
+
+// run provides the actual meat of the the run operation. The call to run is
+// made inside of Run, and is enclosed in a sync.Once to stop this from being
+// called multiple times
+func (o *Orchestrator) run(ctx context.Context) {
+	ctx = log.WithModule(ctx, "orchestrator/jobs")
+
+	// closing doneChan should be the absolute last thing that happens in this
+	// method, and so should be the absolute first thing we defer.
+	defer close(o.doneChan)
+
+	o.init(ctx)
+	defer o.watchCancel()
+
+	for {
+		// first, before taking any action, see if we should stop the
+		// orchestrator. if both the stop channel and the watch channel are
+		// available to read, the channel that gets read is picked at random,
+		// but we always want to stop if it's possible.
+		select {
+		case <-o.stopChan:
+			return
+		default:
+		}
+
+		select {
+		case event := <-o.watchChan:
+			o.handleEvent(ctx, event)
+		case <-o.stopChan:
+			// we also need to check for stop in here, in case there are no
+			// updates to cause the loop to turn over.
+			return
+		}
+	}
+}
+
+// handle event does the logic of handling one event message and calling the
+// reconciler as needed. by handling the event logic in this function, we can
+// make an end-run around the run-loop and avoid being at the mercy of the go
+// scheduler when testing the orchestrator.
+func (o *Orchestrator) handleEvent(ctx context.Context, event events.Event) {
+	var (
+		service *api.Service
+		task    *api.Task
+	)
+
+	switch ev := event.(type) {
+	case api.EventCreateService:
+		service = ev.Service
+	case api.EventUpdateService:
+		service = ev.Service
+	case api.EventUpdateTask:
+		task = ev.Task
+	}
+
+	// if this is a task event, we should check if it means the service
+	// should be reconciled.
+	if task != nil {
+		// only bother with all this if the task has entered a terminal
+		// state and we don't want that to have happened.
+		if task.Status.State > api.TaskStateRunning && task.DesiredState <= api.TaskStateCompleted {
+			o.store.View(func(tx store.ReadTx) {
+				// if for any reason the service ID is invalid, then
+				// service will just be nil and nothing needs to be
+				// done
+				service = store.GetService(tx, task.ServiceID)
+			})
+		}
+	}
+
+	if orchestrator.IsReplicatedJob(service) {
+		if err := o.replicatedReconciler.ReconcileService(service.ID); err != nil {
+			log.G(ctx).WithField(
+				"service.id", service.ID,
+			).WithError(err).Error("error reconciling replicated job")
+		}
+	}
+
+	if orchestrator.IsGlobalJob(service) {
+		if err := o.globalReconciler.ReconcileService(service.ID); err != nil {
+			log.G(ctx).WithField(
+				"service.id", service.ID,
+			).WithError(err).Error("error reconciling global job")
+		}
+	}
+}
+
+// Stop stops the Orchestrator
+func (o *Orchestrator) Stop() {
+	// close stopChan inside of the Once so that there can be no races
+	// involving multiple attempts to close stopChan.
+	o.stopOnce.Do(func() {
+		close(o.stopChan)
+	})
+	// now, we wait for the Orchestrator to stop. this wait is unqualified; we
+	// will not return until Orchestrator has stopped successfully.
+	<-o.doneChan
+}
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/replicated/reconciler.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/replicated/reconciler.go
new file mode 100644
index 0000000000000..886ac8d91e1a9
--- /dev/null
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/jobs/replicated/reconciler.go
@@ -0,0 +1,296 @@
+package replicated
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/manager/orchestrator"
+	"github.com/docker/swarmkit/manager/state/store"
+)
+
+// restartSupervisor is an interface representing the methods from the
+// restart.SupervisorInterface that are actually needed by the reconciler. This
+// more limited interface allows us to write a less ugly fake for unit testing.
+type restartSupervisor interface {
+	Restart(context.Context, store.Tx, *api.Cluster, *api.Service, api.Task) error
+}
+
+// Reconciler is an object that manages reconciliation of replicated jobs. It
+// is blocking and non-asynchronous, for ease of testing. It implements two
+// interfaces. The first is the Reconciler interface of the Orchestrator
+// package above this one. The second is the taskinit.InitHandler interface.
+type Reconciler struct {
+	// we need the store, of course, to do updates
+	store *store.MemoryStore
+
+	restart restartSupervisor
+}
+
+// newReconciler creates a new reconciler object
+func NewReconciler(store *store.MemoryStore, restart restartSupervisor) *Reconciler {
+	return &Reconciler{
+		store:   store,
+		restart: restart,
+	}
+}
+
+// ReconcileService reconciles the replicated job service with the given ID by
+// checking to see if new replicas should be created. reconcileService returns
+// an error if there is some case prevent it from correctly reconciling the
+// service.
+func (r *Reconciler) ReconcileService(id string) error {
+	var (
+		service *api.Service
+		tasks   []*api.Task
+		cluster *api.Cluster
+		viewErr error
+	)
+	// first, get the service and all of its tasks
+	r.store.View(func(tx store.ReadTx) {
+		service = store.GetService(tx, id)
+
+		tasks, viewErr = store.FindTasks(tx, store.ByServiceID(id))
+
+		// there should only ever be 1 cluster object, but for reasons
+		// forgotten by me, it needs to be retrieved in a rather roundabout way
+		// from the store
+		var clusters []*api.Cluster
+		clusters, viewErr = store.FindClusters(tx, store.All)
+		if len(clusters) == 1 {
+			cluster = clusters[0]
+		} else if len(clusters) > 1 {
+			// this should never happen, and indicates that the system is
+			// broken.
+			panic("there should never be more than one cluster object")
+		}
+	})
+
+	// errors during view should only happen in a few rather catastrophic
+	// cases, but here it's not unreasonable to just return an error anyway.
+	if viewErr != nil {
+		return viewErr
+	}
+
+	// if the service has already been deleted, there's nothing to do here.
+	if service == nil {
+		return nil
+	}
+
+	// if this is the first iteration of the service, it may not yet have a
+	// JobStatus, so we should create one if so. this won't actually be
+	// committed, though.
+	if service.JobStatus == nil {
+		service.JobStatus = &api.JobStatus{}
+	}
+
+	// Jobs can be run in multiple iterations. The JobStatus of the service
+	// indicates which Version of iteration we're on. We should only be looking
+	// at tasks of the latest Version
+
+	jobVersion := service.JobStatus.JobIteration.Index
+
+	// now, check how many tasks we need and how many we have running. note
+	// that some of these Running tasks may complete before we even finish this
+	// code block, and so we might have to immediately re-enter reconciliation,
+	// so this number is 100% definitive, but it is accurate for this
+	// particular moment in time, and it won't result in us going OVER the
+	// needed task count
+	//
+	// importantly, we are computing only how many _new_ tasks are needed. Some
+	// tasks may need to be restarted as well, but we don't do this directly;
+	// restarting tasks is under the purview of the restartSupervisor.
+	//
+	// also also, for the math later, we need these values to be of type uint64.
+	runningTasks := uint64(0)
+	completeTasks := uint64(0)
+	restartTasks := []string{}
+	removeTasks := []string{}
+
+	// for replicated jobs, each task will get a different slot number, so that
+	// when the job has completed, there will be one Completed task in every
+	// slot number [0, TotalCompletions-1].
+	//
+	// By assigning each task to a unique slot, we simply handling of
+	// restarting failed tasks through the restart manager.
+	slots := map[uint64]bool{}
+	for _, task := range tasks {
+		// we only care about tasks from this job iteration. tasks from the
+		// previous job iteration are not important
+		if task.JobIteration != nil {
+			if task.JobIteration.Index == jobVersion {
+				if task.Status.State == api.TaskStateCompleted {
+					completeTasks++
+					slots[task.Slot] = true
+				}
+
+				// the Restart Manager may put a task in the desired state Ready,
+				// so we should match not only tasks in desired state Completed,
+				// but also those in any valid running state.
+				if task.Status.State != api.TaskStateCompleted && task.DesiredState <= api.TaskStateCompleted {
+					runningTasks++
+					slots[task.Slot] = true
+
+					// if the task is in a terminal state, we might need to restart
+					// it. throw it on the pile if so. this is still counted as a
+					// running task for the purpose of determining how many new
+					// tasks to create.
+					if task.Status.State > api.TaskStateCompleted {
+						restartTasks = append(restartTasks, task.ID)
+					}
+				}
+			} else {
+				// tasks belonging to a previous iteration of the job may
+				// exist. if any such tasks exist, they should have their task
+				// state set to Remove
+				if task.Status.State <= api.TaskStateRunning && task.DesiredState != api.TaskStateRemove {
+					removeTasks = append(removeTasks, task.ID)
+				}
+			}
+		}
+	}
+
+	// now that we have our counts, we need to see how many new tasks to
+	// create. this number can never exceed MaxConcurrent, but also should not
+	// result in us exceeding TotalCompletions. first, get these numbers out of
+	// the service spec.
+	rj := service.Spec.GetReplicatedJob()
+
+	// possibleNewTasks gives us the upper bound for how many tasks we'll
+	// create. also, ugh, subtracting uints. there's no way this can ever go
+	// wrong.
+	possibleNewTasks := rj.MaxConcurrent - runningTasks
+
+	// allowedNewTasks is how many tasks we could create, if there were no
+	// restriction on maximum concurrency. This is the total number of tasks
+	// we want completed, minus the tasks that are already completed, minus
+	// the tasks that are in progress.
+	//
+	// seriously, ugh, subtracting unsigned ints. totally a fine and not at all
+	// risky operation, with no possibility for catastrophe
+	allowedNewTasks := rj.TotalCompletions - completeTasks - runningTasks
+
+	// the lower number of allowedNewTasks and possibleNewTasks is how many we
+	// can create. we'll just use an if statement instead of some fancy floor
+	// function.
+	actualNewTasks := allowedNewTasks
+	if possibleNewTasks < allowedNewTasks {
+		actualNewTasks = possibleNewTasks
+	}
+
+	// this check might seem odd, but it protects us from an underflow of the
+	// above subtractions, which, again, is a totally impossible thing that can
+	// never happen, ever, obviously.
+	if actualNewTasks > rj.TotalCompletions {
+		return fmt.Errorf(
+			"uint64 underflow, we're not going to create %v tasks",
+			actualNewTasks,
+		)
+	}
+
+	// finally, we can create these tasks. do this in a batch operation, to
+	// avoid exceeding transaction size limits
+	err := r.store.Batch(func(batch *store.Batch) error {
+		for i := uint64(0); i < actualNewTasks; i++ {
+			if err := batch.Update(func(tx store.Tx) error {
+				var slot uint64
+				// each task will go into a unique slot, and at the end, there
+				// should be the same number of slots as there are desired
+				// total completions. We could simplify this logic by simply
+				// assuming that slots are filled in order, but it's a more
+				// robust solution to not assume that, and instead assure that
+				// the slot is unoccupied.
+				for s := uint64(0); s < rj.TotalCompletions; s++ {
+					// when we're iterating through, if the service has slots
+					// that haven't been used yet (for example, if this is the
+					// first time we're running this iteration), then doing
+					// a map lookup for the number will return the 0-value
+					// (false) even if the number doesn't exist in the map.
+					if !slots[s] {
+						slot = s
+						// once we've found a slot, mark it as occupied, so we
+						// don't double assign in subsequent iterations.
+						slots[slot] = true
+						break
+					}
+				}
+
+				task := orchestrator.NewTask(cluster, service, slot, "")
+				// when we create the task, we also need to set the
+				// JobIteration.
+				task.JobIteration = &api.Version{Index: jobVersion}
+				task.DesiredState = api.TaskStateCompleted
+
+				// finally, create the task in the store.
+				return store.CreateTask(tx, task)
+			}); err != nil {
+				return err
+			}
+		}
+
+		for _, taskID := range restartTasks {
+			if err := batch.Update(func(tx store.Tx) error {
+				t := store.GetTask(tx, taskID)
+				if t == nil {
+					return nil
+				}
+
+				if t.DesiredState > api.TaskStateCompleted {
+					return nil
+				}
+
+				// TODO(dperny): pass in context from above
+				return r.restart.Restart(context.Background(), tx, cluster, service, *t)
+			}); err != nil {
+				return err
+			}
+		}
+
+		for _, taskID := range removeTasks {
+			if err := batch.Update(func(tx store.Tx) error {
+				t := store.GetTask(tx, taskID)
+				if t == nil {
+					return nil
+				}
+
+				// don't do unnecessary updates
+				if t.DesiredState == api.TaskStateRemove {
+					return nil
+				}
+				t.DesiredState = api.TaskStateRemove
+				return store.UpdateTask(tx, t)
+			}); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	})
+
+	return err
+}
+
+// IsRelatedService returns true if the task is a replicated job. This method
+// fulfills the taskinit.InitHandler interface. Because it is just a wrapper
+// around a well-tested function call, it has no tests of its own.
+func (r *Reconciler) IsRelatedService(service *api.Service) bool {
+	return orchestrator.IsReplicatedJob(service)
+}
+
+// FixTask ostensibly validates that a task is compliant with the rest of the
+// cluster state. However, in the replicated jobs case, the only action we
+// can take with a noncompliant task is to restart it. Because the replicated
+// jobs orchestrator reconciles the whole service at once, any tasks that
+// need to be restarted will be done when we make the reconiliation pass over
+// all services. Therefore, in this instance, FixTask does nothing except
+// implement the FixTask method of the taskinit.InitHandler interface.
+func (r *Reconciler) FixTask(_ context.Context, _ *store.Batch, _ *api.Task) {}
+
+// SlotTuple returns an orchestrator.SlotTuple object for this task. It
+// implements the taskinit.InitHandler interface
+func (r *Reconciler) SlotTuple(t *api.Task) orchestrator.SlotTuple {
+	return orchestrator.SlotTuple{
+		ServiceID: t.ServiceID,
+		Slot:      t.Slot,
+	}
+}
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/replicated.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/replicated.go
index 18b8e24abaf20..dc455286826c9 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/replicated.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/replicated.go
@@ -1,12 +1,13 @@
 package replicated
 
 import (
+	"context"
+
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/manager/orchestrator/restart"
 	"github.com/docker/swarmkit/manager/orchestrator/update"
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 // An Orchestrator runs a reconciliation loop to create and destroy
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/services.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/services.go
index 04aea8795a4ee..b5e6bb12e8192 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/services.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/services.go
@@ -1,6 +1,7 @@
 package replicated
 
 import (
+	"context"
 	"sort"
 
 	"github.com/docker/go-events"
@@ -8,7 +9,6 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/orchestrator"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 // This file provices service-level orchestration. It observes changes to
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/slot.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/slot.go
index cee9fe10a0fe1..1160d4c96c030 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/slot.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/slot.go
@@ -1,10 +1,11 @@
 package replicated
 
 import (
+	"context"
+
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/manager/orchestrator"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 type slotsByRunningState []orchestrator.Slot
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/tasks.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/tasks.go
index 66000e5d86781..b6336aa88a0ac 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/tasks.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/replicated/tasks.go
@@ -1,13 +1,14 @@
 package replicated
 
 import (
+	"context"
+
 	"github.com/docker/go-events"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/orchestrator"
 	"github.com/docker/swarmkit/manager/orchestrator/taskinit"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 // This file provides task-level orchestration. It observes changes to task
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/restart/restart.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/restart/restart.go
index 6af44b734c558..44e1309f6c042 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/restart/restart.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/restart/restart.go
@@ -2,6 +2,7 @@ package restart
 
 import (
 	"container/list"
+	"context"
 	"errors"
 	"sync"
 	"time"
@@ -14,7 +15,6 @@ import (
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
 	gogotypes "github.com/gogo/protobuf/types"
-	"golang.org/x/net/context"
 )
 
 const defaultOldTaskTimeout = time.Minute
@@ -49,6 +49,20 @@ type delayedStart struct {
 	waiter bool
 }
 
+// SupervisorInterface is an interface implemented by the Supervisor. It exists
+// to make testing easier, by allowing the restart supervisor to be mocked or
+// faked where desired.
+type SupervisorInterface interface {
+	Restart(context.Context, store.Tx, *api.Cluster, *api.Service, api.Task) error
+	UpdatableTasksInSlot(context.Context, orchestrator.Slot, *api.Service) orchestrator.Slot
+	RecordRestartHistory(orchestrator.SlotTuple, *api.Task)
+	DelayStart(context.Context, store.Tx, *api.Task, string, time.Duration, bool) <-chan struct{}
+	StartNow(store.Tx, string) error
+	Cancel(string)
+	CancelAll()
+	ClearServiceHistory(string)
+}
+
 // Supervisor initiates and manages restarts. It's responsible for
 // delaying restarts when applicable.
 type Supervisor struct {
@@ -121,7 +135,7 @@ func (r *Supervisor) Restart(ctx context.Context, tx store.Tx, cluster *api.Clus
 	// Sanity check: was the task shut down already by a separate call to
 	// Restart? If so, we must avoid restarting it, because this will create
 	// an extra task. This should never happen unless there is a bug.
-	if t.DesiredState > api.TaskStateRunning {
+	if t.DesiredState > api.TaskStateCompleted {
 		return errors.New("Restart called on task that was already shut down")
 	}
 
@@ -138,15 +152,21 @@ func (r *Supervisor) Restart(ctx context.Context, tx store.Tx, cluster *api.Clus
 
 	var restartTask *api.Task
 
-	if orchestrator.IsReplicatedService(service) {
+	if orchestrator.IsReplicatedService(service) || orchestrator.IsReplicatedJob(service) {
 		restartTask = orchestrator.NewTask(cluster, service, t.Slot, "")
-	} else if orchestrator.IsGlobalService(service) {
+	} else if orchestrator.IsGlobalService(service) || orchestrator.IsGlobalJob(service) {
 		restartTask = orchestrator.NewTask(cluster, service, 0, t.NodeID)
 	} else {
 		log.G(ctx).Error("service not supported by restart supervisor")
 		return nil
 	}
 
+	if orchestrator.IsReplicatedJob(service) || orchestrator.IsGlobalJob(service) {
+		restartTask.JobIteration = &api.Version{
+			Index: service.JobStatus.JobIteration.Index,
+		}
+	}
+
 	n := store.GetNode(tx, t.NodeID)
 
 	restartTask.DesiredState = api.TaskStateReady
@@ -194,10 +214,28 @@ func (r *Supervisor) Restart(ctx context.Context, tx store.Tx, cluster *api.Clus
 // restart policy.
 func (r *Supervisor) shouldRestart(ctx context.Context, t *api.Task, service *api.Service) bool {
 	// TODO(aluzzardi): This function should not depend on `service`.
-	condition := orchestrator.RestartCondition(t)
-
-	if condition != api.RestartOnAny &&
-		(condition != api.RestartOnFailure || t.Status.State == api.TaskStateCompleted) {
+	// There are 3 possible restart policies.
+	switch orchestrator.RestartCondition(t) {
+	case api.RestartOnAny:
+		// we will be restarting, we just need to do a few more checks.
+		// however, if the task belongs to a job, then we will treat
+		// RestartOnAny the same as RestartOnFailure, as it would be
+		// nonsensical to restart completed jobs.
+		if orchestrator.IsReplicatedJob(service) || orchestrator.IsGlobalJob(service) {
+			// it'd be nice to put a fallthrough here, but we can't fallthrough
+			// from inside of an if statement.
+			if t.Status.State == api.TaskStateCompleted {
+				return false
+			}
+		}
+	case api.RestartOnFailure:
+		// we won't restart if the task is in TaskStateCompleted, as this is a
+		// not a failed state -- it indicates that the task exited with 0
+		if t.Status.State == api.TaskStateCompleted {
+			return false
+		}
+	case api.RestartOnNone:
+		// RestartOnNone means we just don't restart, ever
 		return false
 	}
 
@@ -490,7 +528,15 @@ func (r *Supervisor) StartNow(tx store.Tx, taskID string) error {
 	if t == nil || t.DesiredState >= api.TaskStateRunning {
 		return nil
 	}
-	t.DesiredState = api.TaskStateRunning
+
+	// only tasks belonging to jobs will have a JobIteration, so this can be
+	// used to distinguish whether this is a job task without looking at the
+	// service.
+	if t.JobIteration != nil {
+		t.DesiredState = api.TaskStateCompleted
+	} else {
+		t.DesiredState = api.TaskStateRunning
+	}
 	return store.UpdateTask(tx, t)
 }
 
@@ -508,20 +554,13 @@ func (r *Supervisor) Cancel(taskID string) {
 	<-delay.doneCh
 }
 
-// CancelAll aborts all pending restarts and waits for any instances of
-// StartNow that have already triggered to complete.
+// CancelAll aborts all pending restarts
 func (r *Supervisor) CancelAll() {
-	var cancelled []delayedStart
-
 	r.mu.Lock()
 	for _, delay := range r.delays {
 		delay.cancel()
 	}
 	r.mu.Unlock()
-
-	for _, delay := range cancelled {
-		<-delay.doneCh
-	}
 }
 
 // ClearServiceHistory forgets restart history related to a given service ID.
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/service.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/service.go
index 7356c38cd533c..adc5181b5046c 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/service.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/service.go
@@ -1,10 +1,11 @@
 package orchestrator
 
 import (
+	"context"
+
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 // IsReplicatedService checks if a service is a replicated service.
@@ -27,6 +28,26 @@ func IsGlobalService(service *api.Service) bool {
 	return ok
 }
 
+// IsReplicatedJob returns true if the service is a replicated job.
+func IsReplicatedJob(service *api.Service) bool {
+	if service == nil {
+		return false
+	}
+
+	_, ok := service.Spec.GetMode().(*api.ServiceSpec_ReplicatedJob)
+	return ok
+}
+
+// IsGlobalJob returns true if the service is a global job.
+func IsGlobalJob(service *api.Service) bool {
+	if service == nil {
+		return false
+	}
+
+	_, ok := service.Spec.GetMode().(*api.ServiceSpec_GlobalJob)
+	return ok
+}
+
 // SetServiceTasksRemove sets the desired state of tasks associated with a service
 // to REMOVE, so that they can be properly shut down by the agent and later removed
 // by the task reaper.
@@ -46,22 +67,27 @@ func SetServiceTasksRemove(ctx context.Context, s *store.MemoryStore, service *a
 	err = s.Batch(func(batch *store.Batch) error {
 		for _, t := range tasks {
 			err := batch.Update(func(tx store.Tx) error {
+				// the task may have changed for some reason in the meantime
+				// since we read it out, so we need to get from the store again
+				// within the boundaries of a transaction
+				latestTask := store.GetTask(tx, t.ID)
+
 				// time travel is not allowed. if the current desired state is
 				// above the one we're trying to go to we can't go backwards.
 				// we have nothing to do and we should skip to the next task
-				if t.DesiredState > api.TaskStateRemove {
+				if latestTask.DesiredState > api.TaskStateRemove {
 					// log a warning, though. we shouln't be trying to rewrite
 					// a state to an earlier state
 					log.G(ctx).Warnf(
 						"cannot update task %v in desired state %v to an earlier desired state %v",
-						t.ID, t.DesiredState, api.TaskStateRemove,
+						latestTask.ID, latestTask.DesiredState, api.TaskStateRemove,
 					)
 					return nil
 				}
 				// update desired state to REMOVE
-				t.DesiredState = api.TaskStateRemove
+				latestTask.DesiredState = api.TaskStateRemove
 
-				if err := store.UpdateTask(tx, t); err != nil {
+				if err := store.UpdateTask(tx, latestTask); err != nil {
 					log.G(ctx).WithError(err).Errorf("failed transaction: update task desired state to REMOVE")
 				}
 				return nil
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/taskinit/init.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/taskinit/init.go
index b893428d514be..5636c3c699a85 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/taskinit/init.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/taskinit/init.go
@@ -1,6 +1,7 @@
 package taskinit
 
 import (
+	"context"
 	"sort"
 	"time"
 
@@ -11,7 +12,6 @@ import (
 	"github.com/docker/swarmkit/manager/orchestrator/restart"
 	"github.com/docker/swarmkit/manager/state/store"
 	gogotypes "github.com/gogo/protobuf/types"
-	"golang.org/x/net/context"
 )
 
 // InitHandler defines orchestrator's action to fix tasks at start.
@@ -23,7 +23,7 @@ type InitHandler interface {
 
 // CheckTasks fixes tasks in the store before orchestrator runs. The previous leader might
 // not have finished processing their updates and left them in an inconsistent state.
-func CheckTasks(ctx context.Context, s *store.MemoryStore, readTx store.ReadTx, initHandler InitHandler, startSupervisor *restart.Supervisor) error {
+func CheckTasks(ctx context.Context, s *store.MemoryStore, readTx store.ReadTx, initHandler InitHandler, startSupervisor restart.SupervisorInterface) error {
 	instances := make(map[orchestrator.SlotTuple][]*api.Task)
 	err := s.Batch(func(batch *store.Batch) error {
 		tasks, err := store.FindTasks(readTx, store.All)
@@ -59,7 +59,7 @@ func CheckTasks(ctx context.Context, s *store.MemoryStore, readTx store.ReadTx,
 
 			// desired state ready is a transient state that it should be started.
 			// however previous leader may not have started it, retry start here
-			if t.DesiredState != api.TaskStateReady || t.Status.State > api.TaskStateRunning {
+			if t.DesiredState != api.TaskStateReady || t.Status.State > api.TaskStateCompleted {
 				continue
 			}
 			restartDelay, _ := gogotypes.DurationFromProto(defaults.Service.Task.Restart.Delay)
@@ -80,7 +80,7 @@ func CheckTasks(ctx context.Context, s *store.MemoryStore, readTx store.ReadTx,
 				}
 				if err == nil {
 					restartTime := timestamp.Add(restartDelay)
-					calculatedRestartDelay := restartTime.Sub(time.Now())
+					calculatedRestartDelay := time.Until(restartTime)
 					if calculatedRestartDelay < restartDelay {
 						restartDelay = calculatedRestartDelay
 					}
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/taskreaper/task_reaper.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/taskreaper/task_reaper.go
index cbeb321de9ff6..7fdb0a65d0cf6 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/taskreaper/task_reaper.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/taskreaper/task_reaper.go
@@ -1,6 +1,7 @@
 package taskreaper
 
 import (
+	"context"
 	"sort"
 	"sync"
 	"time"
@@ -10,7 +11,6 @@ import (
 	"github.com/docker/swarmkit/manager/orchestrator"
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 const (
@@ -31,7 +31,7 @@ type TaskReaper struct {
 	// taskHistory is the number of tasks to keep
 	taskHistory int64
 
-	// List of slot tubles to be inspected for task history cleanup.
+	// List of slot tuples to be inspected for task history cleanup.
 	dirty map[orchestrator.SlotTuple]struct{}
 
 	// List of tasks collected for cleanup, which includes two kinds of tasks
@@ -61,7 +61,7 @@ func New(store *store.MemoryStore) *TaskReaper {
 // Run is the TaskReaper's watch loop which collects candidates for cleanup.
 // Task history is mainly used in task restarts but is also available for administrative purposes.
 // Note that the task history is stored per-slot-per-service for replicated services
-// and per-node-per-service for global services. History does not apply to serviceless
+// and per-node-per-service for global services. History does not apply to serviceless tasks
 // since they are not attached to a service. In addition, the TaskReaper watch loop is also
 // responsible for cleaning up tasks associated with slots that were removed as part of
 // service scale down or service removal.
@@ -196,11 +196,9 @@ func (tr *TaskReaper) Run(ctx context.Context) {
 				}
 				isTimerStopped = true
 				tr.tick()
-			} else {
-				if isTimerStopped {
-					timer.Reset(reaperBatchingInterval)
-					isTimerStopped = false
-				}
+			} else if isTimerStopped {
+				timer.Reset(reaperBatchingInterval)
+				isTimerStopped = false
 			}
 		case <-timer.C:
 			// we can safely ignore draining off of the timer channel, because
diff --git a/vendor/github.com/docker/swarmkit/manager/orchestrator/update/updater.go b/vendor/github.com/docker/swarmkit/manager/orchestrator/update/updater.go
index 5a7d61231c940..e181a4ffa2915 100644
--- a/vendor/github.com/docker/swarmkit/manager/orchestrator/update/updater.go
+++ b/vendor/github.com/docker/swarmkit/manager/orchestrator/update/updater.go
@@ -1,14 +1,13 @@
 package update
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"reflect"
 	"sync"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/go-events"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/api/defaults"
@@ -281,6 +280,11 @@ slotsLoop:
 	wg.Wait()
 
 	if !stopped {
+		// if a delay is set we need to monitor for a period longer than the delay
+		// otherwise we will leave the monitorLoop before the task is done delaying
+		if updateConfig.Delay >= monitoringPeriod {
+			monitoringPeriod = updateConfig.Delay + 1*time.Second
+		}
 		// Keep watching for task failures for one more monitoringPeriod,
 		// before declaring the update complete.
 		doneMonitoring := time.After(monitoringPeriod)
@@ -502,7 +506,10 @@ func (u *Updater) removeOldTasks(ctx context.Context, batch *store.Batch, remove
 				return fmt.Errorf("task %s not found while trying to shut it down", original.ID)
 			}
 			if t.DesiredState > api.TaskStateRunning {
-				return fmt.Errorf("task %s was already shut down when reached by updater", original.ID)
+				return fmt.Errorf(
+					"task %s was already shut down when reached by updater (state: %v)",
+					original.ID, t.DesiredState,
+				)
 			}
 			t.DesiredState = api.TaskStateShutdown
 			return store.UpdateTask(tx, t)
diff --git a/vendor/github.com/docker/swarmkit/manager/raftselector/raftselector.go b/vendor/github.com/docker/swarmkit/manager/raftselector/raftselector.go
index 89e7918a3d440..47adcf0fd9f6d 100644
--- a/vendor/github.com/docker/swarmkit/manager/raftselector/raftselector.go
+++ b/vendor/github.com/docker/swarmkit/manager/raftselector/raftselector.go
@@ -1,10 +1,9 @@
 package raftselector
 
 import (
+	"context"
 	"errors"
 
-	"golang.org/x/net/context"
-
 	"google.golang.org/grpc"
 )
 
diff --git a/vendor/github.com/docker/swarmkit/manager/resourceapi/allocator.go b/vendor/github.com/docker/swarmkit/manager/resourceapi/allocator.go
index ec19fba85047b..545e4ded99bc4 100644
--- a/vendor/github.com/docker/swarmkit/manager/resourceapi/allocator.go
+++ b/vendor/github.com/docker/swarmkit/manager/resourceapi/allocator.go
@@ -1,6 +1,7 @@
 package resourceapi
 
 import (
+	"context"
 	"errors"
 	"time"
 
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/swarmkit/identity"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/protobuf/ptypes"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
diff --git a/vendor/github.com/docker/swarmkit/manager/role_manager.go b/vendor/github.com/docker/swarmkit/manager/role_manager.go
index e5cf27b62fd82..e5901525b922c 100644
--- a/vendor/github.com/docker/swarmkit/manager/role_manager.go
+++ b/vendor/github.com/docker/swarmkit/manager/role_manager.go
@@ -1,15 +1,15 @@
 package manager
 
 import (
+	"context"
 	"time"
 
+	"code.cloudfoundry.org/clock"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/state/raft"
 	"github.com/docker/swarmkit/manager/state/raft/membership"
 	"github.com/docker/swarmkit/manager/state/store"
-	"github.com/pivotal-golang/clock"
-	"golang.org/x/net/context"
 )
 
 const (
diff --git a/vendor/github.com/docker/swarmkit/manager/scheduler/filter.go b/vendor/github.com/docker/swarmkit/manager/scheduler/filter.go
index dab3c6695d4b2..df0ccbc2a65ed 100644
--- a/vendor/github.com/docker/swarmkit/manager/scheduler/filter.go
+++ b/vendor/github.com/docker/swarmkit/manager/scheduler/filter.go
@@ -359,3 +359,28 @@ func (f *HostPortFilter) Explain(nodes int) string {
 	}
 	return fmt.Sprintf("host-mode port already in use on %d nodes", nodes)
 }
+
+// MaxReplicasFilter selects only nodes that does not exceed max replicas per node.
+type MaxReplicasFilter struct {
+	t *api.Task
+}
+
+// SetTask returns true when max replicas per node filter > 0 for a given task.
+func (f *MaxReplicasFilter) SetTask(t *api.Task) bool {
+	if t.Spec.Placement != nil && t.Spec.Placement.MaxReplicas > 0 {
+		f.t = t
+		return true
+	}
+
+	return false
+}
+
+// Check returns true if there is less active (assigned or pre-assigned) tasks for this service on current node than set to MaxReplicas limit
+func (f *MaxReplicasFilter) Check(n *NodeInfo) bool {
+	return uint64(n.ActiveTasksCountByService[f.t.ServiceID]) < f.t.Spec.Placement.MaxReplicas
+}
+
+// Explain returns an explanation of a failure.
+func (f *MaxReplicasFilter) Explain(nodes int) string {
+	return "max replicas per node limit exceed"
+}
diff --git a/vendor/github.com/docker/swarmkit/manager/scheduler/nodeinfo.go b/vendor/github.com/docker/swarmkit/manager/scheduler/nodeinfo.go
index 7f490586975bf..a854ab63e61cb 100644
--- a/vendor/github.com/docker/swarmkit/manager/scheduler/nodeinfo.go
+++ b/vendor/github.com/docker/swarmkit/manager/scheduler/nodeinfo.go
@@ -1,12 +1,12 @@
 package scheduler
 
 import (
+	"context"
 	"time"
 
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/api/genericresource"
 	"github.com/docker/swarmkit/log"
-	"golang.org/x/net/context"
 )
 
 // hostPortSpec specifies a used host port.
@@ -70,7 +70,7 @@ func (nodeInfo *NodeInfo) removeTask(t *api.Task) bool {
 	}
 
 	delete(nodeInfo.Tasks, t.ID)
-	if oldTask.DesiredState <= api.TaskStateRunning {
+	if oldTask.DesiredState <= api.TaskStateCompleted {
 		nodeInfo.ActiveTasksCount--
 		nodeInfo.ActiveTasksCountByService[t.ServiceID]--
 	}
@@ -108,12 +108,12 @@ func (nodeInfo *NodeInfo) removeTask(t *api.Task) bool {
 func (nodeInfo *NodeInfo) addTask(t *api.Task) bool {
 	oldTask, ok := nodeInfo.Tasks[t.ID]
 	if ok {
-		if t.DesiredState <= api.TaskStateRunning && oldTask.DesiredState > api.TaskStateRunning {
+		if t.DesiredState <= api.TaskStateCompleted && oldTask.DesiredState > api.TaskStateCompleted {
 			nodeInfo.Tasks[t.ID] = t
 			nodeInfo.ActiveTasksCount++
 			nodeInfo.ActiveTasksCountByService[t.ServiceID]++
 			return true
-		} else if t.DesiredState > api.TaskStateRunning && oldTask.DesiredState <= api.TaskStateRunning {
+		} else if t.DesiredState > api.TaskStateCompleted && oldTask.DesiredState <= api.TaskStateCompleted {
 			nodeInfo.Tasks[t.ID] = t
 			nodeInfo.ActiveTasksCount--
 			nodeInfo.ActiveTasksCountByService[t.ServiceID]--
@@ -145,7 +145,7 @@ func (nodeInfo *NodeInfo) addTask(t *api.Task) bool {
 		}
 	}
 
-	if t.DesiredState <= api.TaskStateRunning {
+	if t.DesiredState <= api.TaskStateCompleted {
 		nodeInfo.ActiveTasksCount++
 		nodeInfo.ActiveTasksCountByService[t.ServiceID]++
 	}
diff --git a/vendor/github.com/docker/swarmkit/manager/scheduler/pipeline.go b/vendor/github.com/docker/swarmkit/manager/scheduler/pipeline.go
index c577fbcd20ae9..a3dac4939b51f 100644
--- a/vendor/github.com/docker/swarmkit/manager/scheduler/pipeline.go
+++ b/vendor/github.com/docker/swarmkit/manager/scheduler/pipeline.go
@@ -15,6 +15,7 @@ var (
 		&ConstraintFilter{},
 		&PlatformFilter{},
 		&HostPortFilter{},
+		&MaxReplicasFilter{},
 	}
 )
 
diff --git a/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go b/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go
index 9e708ed1b6b09..78dd7dc3fed17 100644
--- a/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go
+++ b/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go
@@ -1,6 +1,7 @@
 package scheduler
 
 import (
+	"context"
 	"time"
 
 	"github.com/docker/swarmkit/api"
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/protobuf/ptypes"
-	"golang.org/x/net/context"
 )
 
 const (
@@ -74,9 +74,10 @@ func (s *Scheduler) setupTasksList(tx store.ReadTx) error {
 			continue
 		}
 
-		// Also ignore tasks that have not yet been assigned but desired state is beyond TaskStateRunning
-		// This can happen if you update, delete or scale down a service before its tasks were assigned.
-		if t.Status.State == api.TaskStatePending && t.DesiredState > api.TaskStateRunning {
+		// Also ignore tasks that have not yet been assigned but desired state
+		// is beyond TaskStateCompleted. This can happen if you update, delete
+		// or scale down a service before its tasks were assigned.
+		if t.Status.State == api.TaskStatePending && t.DesiredState > api.TaskStateCompleted {
 			continue
 		}
 
@@ -720,15 +721,32 @@ func (s *Scheduler) noSuitableNode(ctx context.Context, taskGroup map[string]*ap
 
 		newT := *t
 		newT.Status.Timestamp = ptypes.MustTimestampProto(time.Now())
-		if explanation != "" {
-			newT.Status.Err = "no suitable node (" + explanation + ")"
+		sv := service.SpecVersion
+		tv := newT.SpecVersion
+		if sv != nil && tv != nil && sv.Index > tv.Index {
+			log.G(ctx).WithField("task.id", t.ID).Debug(
+				"task belongs to old revision of service",
+			)
+			if t.Status.State == api.TaskStatePending && t.DesiredState >= api.TaskStateShutdown {
+				log.G(ctx).WithField("task.id", t.ID).Debug(
+					"task is desired shutdown, scheduler will go ahead and do so",
+				)
+				newT.Status.State = api.TaskStateShutdown
+				newT.Status.Err = ""
+			}
 		} else {
-			newT.Status.Err = "no suitable node"
+			if explanation != "" {
+				newT.Status.Err = "no suitable node (" + explanation + ")"
+			} else {
+				newT.Status.Err = "no suitable node"
+			}
+
+			// re-enqueue a task that should still be attempted
+			s.enqueue(&newT)
 		}
+
 		s.allTasks[t.ID] = &newT
 		schedulingDecisions[t.ID] = schedulingDecision{old: t, new: &newT}
-
-		s.enqueue(&newT)
 	}
 }
 
diff --git a/vendor/github.com/docker/swarmkit/manager/state/proposer.go b/vendor/github.com/docker/swarmkit/manager/state/proposer.go
index 4967f98a1ec3f..8d53f5772f0a0 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/proposer.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/proposer.go
@@ -1,8 +1,9 @@
 package state
 
 import (
+	"context"
+
 	"github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
 )
 
 // A Change includes a version number and a set of store actions from a
diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/raft.go b/vendor/github.com/docker/swarmkit/manager/state/raft/raft.go
index 38c61c7bd2f5d..9d744b35e1a98 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/raft/raft.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/raft/raft.go
@@ -1,19 +1,22 @@
 package raft
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"math"
 	"math/rand"
 	"net"
+	"os"
+	"runtime"
 	"sync"
 	"sync/atomic"
 	"time"
 
+	"code.cloudfoundry.org/clock"
 	"github.com/coreos/etcd/pkg/idutil"
 	"github.com/coreos/etcd/raft"
 	"github.com/coreos/etcd/raft/raftpb"
-	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/go-events"
 	"github.com/docker/go-metrics"
 	"github.com/docker/swarmkit/api"
@@ -27,10 +30,8 @@ import (
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/watch"
 	"github.com/gogo/protobuf/proto"
-	"github.com/pivotal-golang/clock"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"golang.org/x/time/rate"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -594,7 +595,7 @@ func (n *Node) Run(ctx context.Context) error {
 				transferLeadershipLimit.Allow() {
 				log.G(ctx).Error("Attempting to transfer leadership")
 				if !n.opts.DisableStackDump {
-					signal.DumpStacks("")
+					stackDump()
 				}
 				transferee, err := n.transport.LongestActive()
 				if err != nil {
@@ -1182,11 +1183,8 @@ func (n *Node) CanRemoveMember(id uint64) bool {
 	}
 
 	nquorum := (len(members)-1)/2 + 1
-	if nreachable < nquorum {
-		return false
-	}
 
-	return true
+	return nreachable >= nquorum
 }
 
 func (n *Node) removeMember(ctx context.Context, id uint64) error {
@@ -1591,10 +1589,7 @@ func (n *Node) ProposeValue(ctx context.Context, storeAction []api.StoreAction,
 	defer cancel()
 	_, err := n.processInternalRaftRequest(ctx, &api.InternalRaftRequest{Action: storeAction}, cb)
 
-	if err != nil {
-		return err
-	}
-	return nil
+	return err
 }
 
 // GetVersion returns the sequence information for the current raft round.
@@ -2137,3 +2132,21 @@ func getIDs(snap *raftpb.Snapshot, ents []raftpb.Entry) []uint64 {
 func (n *Node) reqTimeout() time.Duration {
 	return 5*time.Second + 2*time.Duration(n.Config.ElectionTick)*n.opts.TickInterval
 }
+
+// stackDump outputs the runtime stack to os.StdErr.
+//
+// It is based on Moby's stack.Dump(); https://github.com/moby/moby/blob/471fd27709777d2cce3251129887e14e8bb2e0c7/pkg/stack/stackdump.go#L41-L57
+func stackDump() {
+	var (
+		buf       []byte
+		stackSize int
+	)
+	bufferLen := 16384
+	for stackSize == len(buf) {
+		buf = make([]byte, bufferLen)
+		stackSize = runtime.Stack(buf, true)
+		bufferLen *= 2
+	}
+	buf = buf[:stackSize]
+	_, _ = os.Stderr.Write(buf)
+}
diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/storage.go b/vendor/github.com/docker/swarmkit/manager/state/raft/storage.go
index 547b775645672..915cc3f24148a 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/raft/storage.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/raft/storage.go
@@ -1,6 +1,7 @@
 package raft
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/coreos/etcd/raft"
@@ -13,7 +14,6 @@ import (
 	"github.com/docker/swarmkit/manager/state/raft/storage"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 )
 
 var (
diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/storage/storage.go b/vendor/github.com/docker/swarmkit/manager/state/raft/storage/storage.go
index bbd262f37ce21..64d821894ef7c 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/raft/storage/storage.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/raft/storage/storage.go
@@ -1,13 +1,12 @@
 package storage
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"path/filepath"
 	"sync"
 
-	"golang.org/x/net/context"
-
 	"github.com/coreos/etcd/pkg/fileutil"
 	"github.com/coreos/etcd/raft/raftpb"
 	"github.com/coreos/etcd/snap"
diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go b/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go
index 3c1208cdd0c97..d1155975bf924 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go
@@ -1,6 +1,7 @@
 package storage
 
 import (
+	"context"
 	"io"
 	"io/ioutil"
 	"os"
@@ -14,7 +15,6 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/encryption"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 )
 
 // This package wraps the github.com/coreos/etcd/wal package, and encrypts
diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/transport/peer.go b/vendor/github.com/docker/swarmkit/manager/state/raft/transport/peer.go
index 644e295214e70..6fb39523cafb1 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/raft/transport/peer.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/raft/transport/peer.go
@@ -1,12 +1,11 @@
 package transport
 
 import (
+	"context"
 	"fmt"
 	"sync"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 
diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/transport/transport.go b/vendor/github.com/docker/swarmkit/manager/state/raft/transport/transport.go
index b741c4aa67996..6bd0bc32ef811 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/raft/transport/transport.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/raft/transport/transport.go
@@ -3,12 +3,12 @@
 package transport
 
 import (
+	"context"
+	"math"
 	"net"
 	"sync"
 	"time"
 
-	"golang.org/x/net/context"
-
 	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -355,6 +355,15 @@ func (t *Transport) dial(addr string) (*grpc.ClientConn, error) {
 			return net.DialTimeout("tcp", addr, timeout)
 		}))
 
+	// TODO(dperny): this changes the max received message size for outgoing
+	// client connections. this means if the server sends a message larger than
+	// this, we will still accept and unmarshal it. i'm unsure what the
+	// potential consequences are of setting this to be effectively unbounded,
+	// so after docker/swarmkit#2774 is fixed, we should remove this option
+	grpcOptions = append(grpcOptions, grpc.WithDefaultCallOptions(
+		grpc.MaxCallRecvMsgSize(math.MaxInt32),
+	))
+
 	cc, err := grpc.Dial(addr, grpcOptions...)
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/util.go b/vendor/github.com/docker/swarmkit/manager/state/raft/util.go
index da44dca6a5a0e..1a49f76cb4bcb 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/raft/util.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/raft/util.go
@@ -1,10 +1,10 @@
 package raft
 
 import (
+	"context"
+	"net"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
@@ -15,11 +15,15 @@ import (
 
 // dial returns a grpc client connection
 func dial(addr string, protocol string, creds credentials.TransportCredentials, timeout time.Duration) (*grpc.ClientConn, error) {
+	// gRPC dialer connects to proxy first. Provide a custom dialer here avoid that.
 	grpcOptions := []grpc.DialOption{
 		grpc.WithBackoffMaxDelay(2 * time.Second),
 		grpc.WithTransportCredentials(creds),
 		grpc.WithUnaryInterceptor(grpc_prometheus.UnaryClientInterceptor),
 		grpc.WithStreamInterceptor(grpc_prometheus.StreamClientInterceptor),
+		grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
+			return net.DialTimeout("tcp", addr, timeout)
+		}),
 	}
 
 	if timeout != 0 {
diff --git a/vendor/github.com/docker/swarmkit/manager/state/store/memory.go b/vendor/github.com/docker/swarmkit/manager/state/store/memory.go
index 423f04cad3647..d0319c7f65aa2 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/store/memory.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/store/memory.go
@@ -1,6 +1,7 @@
 package store
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"runtime"
@@ -18,7 +19,6 @@ import (
 	"github.com/docker/swarmkit/watch"
 	gogotypes "github.com/gogo/protobuf/types"
 	memdb "github.com/hashicorp/go-memdb"
-	"golang.org/x/net/context"
 )
 
 const (
@@ -689,7 +689,7 @@ func (tx readTx) findIterators(table string, by By, checkType func(By) error) ([
 		}
 		return []memdb.ResultIterator{it}, nil
 	case bySlot:
-		it, err := tx.memDBTx.Get(table, indexSlot, v.serviceID+"\x00"+strconv.FormatUint(uint64(v.slot), 10))
+		it, err := tx.memDBTx.Get(table, indexSlot, v.serviceID+"\x00"+strconv.FormatUint(v.slot, 10))
 		if err != nil {
 			return nil, err
 		}
diff --git a/vendor/github.com/docker/swarmkit/manager/state/store/networks.go b/vendor/github.com/docker/swarmkit/manager/state/store/networks.go
index 3042def1bf65f..fa887b3b11674 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/store/networks.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/store/networks.go
@@ -105,7 +105,7 @@ func GetNetwork(tx ReadTx, id string) *api.Network {
 func FindNetworks(tx ReadTx, by By) ([]*api.Network, error) {
 	checkType := func(by By) error {
 		switch by.(type) {
-		case byName, byNamePrefix, byIDPrefix, byCustom, byCustomPrefix:
+		case byName, byNamePrefix, byIDPrefix, byCustom, byCustomPrefix, byAll:
 			return nil
 		default:
 			return ErrInvalidFindBy
diff --git a/vendor/github.com/docker/swarmkit/manager/state/store/resources.go b/vendor/github.com/docker/swarmkit/manager/state/store/resources.go
index 1f2c3904f1db0..9852f64fe043c 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/store/resources.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/store/resources.go
@@ -1,6 +1,8 @@
 package store
 
 import (
+	"strings"
+
 	"github.com/docker/swarmkit/api"
 	memdb "github.com/hashicorp/go-memdb"
 	"github.com/pkg/errors"
@@ -8,6 +10,12 @@ import (
 
 const tableResource = "resource"
 
+var (
+	// ErrNoKind is returned by resource create operations if the provided Kind
+	// of the resource does not exist
+	ErrNoKind = errors.New("object kind is unregistered")
+)
+
 func init() {
 	register(ObjectStoreConfig{
 		Table: &memdb.TableSchema{
@@ -87,17 +95,26 @@ func confirmExtension(tx Tx, r *api.Resource) error {
 		return errors.Wrap(err, "failed to query extensions")
 	}
 	if len(extensions) == 0 {
-		return errors.Errorf("object kind %s is unregistered", r.Kind)
+		return ErrNoKind
 	}
 	return nil
 }
 
 // CreateResource adds a new resource object to the store.
 // Returns ErrExist if the ID is already taken.
+// Returns ErrNameConflict if a Resource with this Name already exists
+// Returns ErrNoKind if the specified Kind does not exist
 func CreateResource(tx Tx, r *api.Resource) error {
 	if err := confirmExtension(tx, r); err != nil {
 		return err
 	}
+	// TODO(dperny): currently the "name" index is unique, which means only one
+	// Resource of _any_ Kind can exist with that name. This isn't a problem
+	// right now, but the ideal case would be for names to be namespaced to the
+	// kind.
+	if tx.lookup(tableResource, indexName, strings.ToLower(r.Annotations.Name)) != nil {
+		return ErrNameConflict
+	}
 	return tx.create(tableResource, resourceEntry{r})
 }
 
@@ -130,7 +147,7 @@ func GetResource(tx ReadTx, id string) *api.Resource {
 func FindResources(tx ReadTx, by By) ([]*api.Resource, error) {
 	checkType := func(by By) error {
 		switch by.(type) {
-		case byIDPrefix, byName, byKind, byCustom, byCustomPrefix:
+		case byIDPrefix, byName, byNamePrefix, byKind, byCustom, byCustomPrefix:
 			return nil
 		default:
 			return ErrInvalidFindBy
diff --git a/vendor/github.com/docker/swarmkit/manager/state/store/services.go b/vendor/github.com/docker/swarmkit/manager/state/store/services.go
index 1adbb87fe45de..a581737369b81 100644
--- a/vendor/github.com/docker/swarmkit/manager/state/store/services.go
+++ b/vendor/github.com/docker/swarmkit/manager/state/store/services.go
@@ -126,7 +126,7 @@ func GetService(tx ReadTx, id string) *api.Service {
 func FindServices(tx ReadTx, by By) ([]*api.Service, error) {
 	checkType := func(by By) error {
 		switch by.(type) {
-		case byName, byNamePrefix, byIDPrefix, byRuntime, byReferencedNetworkID, byReferencedSecretID, byReferencedConfigID, byCustom, byCustomPrefix:
+		case byName, byNamePrefix, byIDPrefix, byRuntime, byReferencedNetworkID, byReferencedSecretID, byReferencedConfigID, byCustom, byCustomPrefix, byAll:
 			return nil
 		default:
 			return ErrInvalidFindBy
diff --git a/vendor/github.com/docker/swarmkit/manager/watchapi/server.go b/vendor/github.com/docker/swarmkit/manager/watchapi/server.go
index 6d49dca715d77..eb086b8ac0ff7 100644
--- a/vendor/github.com/docker/swarmkit/manager/watchapi/server.go
+++ b/vendor/github.com/docker/swarmkit/manager/watchapi/server.go
@@ -1,11 +1,11 @@
 package watchapi
 
 import (
+	"context"
 	"errors"
 	"sync"
 
 	"github.com/docker/swarmkit/manager/state/store"
-	"golang.org/x/net/context"
 )
 
 var (
diff --git a/vendor/github.com/docker/swarmkit/node/node.go b/vendor/github.com/docker/swarmkit/node/node.go
index 6cbf265c5d3ea..c4ce906e34e2b 100644
--- a/vendor/github.com/docker/swarmkit/node/node.go
+++ b/vendor/github.com/docker/swarmkit/node/node.go
@@ -2,9 +2,11 @@ package node
 
 import (
 	"bytes"
+	"context"
 	"crypto/tls"
 	"encoding/json"
 	"io/ioutil"
+	"math"
 	"net"
 	"os"
 	"path/filepath"
@@ -17,8 +19,9 @@ import (
 	"github.com/docker/swarmkit/ca/keyutils"
 	"github.com/docker/swarmkit/identity"
 
+	"github.com/docker/docker/libnetwork/drivers/overlay/overlayutils"
 	"github.com/docker/docker/pkg/plugingetter"
-	metrics "github.com/docker/go-metrics"
+	"github.com/docker/go-metrics"
 	"github.com/docker/swarmkit/agent"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
@@ -35,7 +38,6 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	bolt "go.etcd.io/bbolt"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/status"
@@ -161,6 +163,7 @@ type Node struct {
 	manager          *manager.Manager
 	notifyNodeChange chan *agent.NodeChanges // used by the agent to relay node updates from the dispatcher Session stream to (*Node).run
 	unlockKey        []byte
+	vxlanUDPPort     uint32
 }
 
 type lastSeenRole struct {
@@ -269,6 +272,15 @@ func (n *Node) currentRole() api.NodeRole {
 	return currentRole
 }
 
+// configVXLANUDPPort sets vxlan port in libnetwork
+func configVXLANUDPPort(ctx context.Context, vxlanUDPPort uint32) {
+	if err := overlayutils.ConfigVXLANUDPPort(vxlanUDPPort); err != nil {
+		log.G(ctx).WithError(err).Error("failed to configure VXLAN UDP port")
+		return
+	}
+	logrus.Infof("initialized VXLAN UDP port to %d ", vxlanUDPPort)
+}
+
 func (n *Node) run(ctx context.Context) (err error) {
 	defer func() {
 		n.err = err
@@ -358,6 +370,10 @@ func (n *Node) run(ctx context.Context) (err error) {
 				return
 			case nodeChanges := <-n.notifyNodeChange:
 				if nodeChanges.Node != nil {
+					if nodeChanges.Node.VXLANUDPPort != 0 {
+						n.vxlanUDPPort = nodeChanges.Node.VXLANUDPPort
+						configVXLANUDPPort(ctx, n.vxlanUDPPort)
+					}
 					// This is a bit complex to be backward compatible with older CAs that
 					// don't support the Node.Role field. They only use what's presently
 					// called DesiredRole.
@@ -896,6 +912,7 @@ func (n *Node) initManagerConnection(ctx context.Context, ready chan<- struct{})
 	opts := []grpc.DialOption{
 		grpc.WithUnaryInterceptor(grpc_prometheus.UnaryClientInterceptor),
 		grpc.WithStreamInterceptor(grpc_prometheus.StreamClientInterceptor),
+		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(math.MaxInt32)),
 	}
 	insecureCreds := credentials.NewTLS(&tls.Config{InsecureSkipVerify: true})
 	opts = append(opts, grpc.WithTransportCredentials(insecureCreds))
@@ -1204,19 +1221,16 @@ func (s *persistentRemotes) Observe(peer api.Peer, weight int) {
 	s.c.Broadcast()
 	if err := s.save(); err != nil {
 		logrus.Errorf("error writing cluster state file: %v", err)
-		return
 	}
-	return
 }
+
 func (s *persistentRemotes) Remove(peers ...api.Peer) {
 	s.Lock()
 	defer s.Unlock()
 	s.Remotes.Remove(peers...)
 	if err := s.save(); err != nil {
 		logrus.Errorf("error writing cluster state file: %v", err)
-		return
 	}
-	return
 }
 
 func (s *persistentRemotes) save() error {
diff --git a/vendor/github.com/docker/swarmkit/protobuf/plugin/plugin.pb.go b/vendor/github.com/docker/swarmkit/protobuf/plugin/plugin.pb.go
index 0d08eb6eb3179..1ff8cdc382d78 100644
--- a/vendor/github.com/docker/swarmkit/protobuf/plugin/plugin.pb.go
+++ b/vendor/github.com/docker/swarmkit/protobuf/plugin/plugin.pb.go
@@ -1,30 +1,20 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: github.com/docker/swarmkit/protobuf/plugin/plugin.proto
 
-/*
-	Package plugin is a generated protocol buffer package.
-
-	It is generated from these files:
-		github.com/docker/swarmkit/protobuf/plugin/plugin.proto
-
-	It has these top-level messages:
-		WatchSelectors
-		StoreObject
-		TLSAuthorization
-*/
 package plugin
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/protoc-gen-gogo/descriptor"
-
-import deepcopy "github.com/docker/swarmkit/api/deepcopy"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	fmt "fmt"
+	github_com_docker_swarmkit_api_deepcopy "github.com/docker/swarmkit/api/deepcopy"
+	github_com_gogo_protobuf_proto "github.com/gogo/protobuf/proto"
+	proto "github.com/gogo/protobuf/proto"
+	descriptor "github.com/gogo/protobuf/protoc-gen-gogo/descriptor"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -35,7 +25,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type WatchSelectors struct {
 	// supported by all object types
@@ -54,22 +44,76 @@ type WatchSelectors struct {
 	Role       *bool `protobuf:"varint,11,opt,name=role" json:"role,omitempty"`
 	Membership *bool `protobuf:"varint,12,opt,name=membership" json:"membership,omitempty"`
 	// supported by: resource
-	Kind             *bool  `protobuf:"varint,13,opt,name=kind" json:"kind,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
+	Kind *bool `protobuf:"varint,13,opt,name=kind" json:"kind,omitempty"`
+}
+
+func (m *WatchSelectors) Reset()      { *m = WatchSelectors{} }
+func (*WatchSelectors) ProtoMessage() {}
+func (*WatchSelectors) Descriptor() ([]byte, []int) {
+	return fileDescriptor_3708583e03e1c1e3, []int{0}
+}
+func (m *WatchSelectors) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WatchSelectors) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WatchSelectors.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WatchSelectors) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WatchSelectors.Merge(m, src)
+}
+func (m *WatchSelectors) XXX_Size() int {
+	return m.Size()
+}
+func (m *WatchSelectors) XXX_DiscardUnknown() {
+	xxx_messageInfo_WatchSelectors.DiscardUnknown(m)
 }
 
-func (m *WatchSelectors) Reset()                    { *m = WatchSelectors{} }
-func (*WatchSelectors) ProtoMessage()               {}
-func (*WatchSelectors) Descriptor() ([]byte, []int) { return fileDescriptorPlugin, []int{0} }
+var xxx_messageInfo_WatchSelectors proto.InternalMessageInfo
 
 type StoreObject struct {
-	WatchSelectors   *WatchSelectors `protobuf:"bytes,1,req,name=watch_selectors,json=watchSelectors" json:"watch_selectors,omitempty"`
-	XXX_unrecognized []byte          `json:"-"`
+	WatchSelectors *WatchSelectors `protobuf:"bytes,1,req,name=watch_selectors,json=watchSelectors" json:"watch_selectors,omitempty"`
 }
 
-func (m *StoreObject) Reset()                    { *m = StoreObject{} }
-func (*StoreObject) ProtoMessage()               {}
-func (*StoreObject) Descriptor() ([]byte, []int) { return fileDescriptorPlugin, []int{1} }
+func (m *StoreObject) Reset()      { *m = StoreObject{} }
+func (*StoreObject) ProtoMessage() {}
+func (*StoreObject) Descriptor() ([]byte, []int) {
+	return fileDescriptor_3708583e03e1c1e3, []int{1}
+}
+func (m *StoreObject) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StoreObject) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StoreObject.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StoreObject) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StoreObject.Merge(m, src)
+}
+func (m *StoreObject) XXX_Size() int {
+	return m.Size()
+}
+func (m *StoreObject) XXX_DiscardUnknown() {
+	xxx_messageInfo_StoreObject.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_StoreObject proto.InternalMessageInfo
 
 type TLSAuthorization struct {
 	// Roles contains the acceptable TLS OU roles for the handler.
@@ -77,16 +121,43 @@ type TLSAuthorization struct {
 	// Insecure is set to true if this method does not require
 	// authorization. NOTE: Specifying both "insecure" and a nonempty
 	// list of roles is invalid. This would fail at codegen time.
-	Insecure         *bool  `protobuf:"varint,2,opt,name=insecure" json:"insecure,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
+	Insecure *bool `protobuf:"varint,2,opt,name=insecure" json:"insecure,omitempty"`
 }
 
-func (m *TLSAuthorization) Reset()                    { *m = TLSAuthorization{} }
-func (*TLSAuthorization) ProtoMessage()               {}
-func (*TLSAuthorization) Descriptor() ([]byte, []int) { return fileDescriptorPlugin, []int{2} }
+func (m *TLSAuthorization) Reset()      { *m = TLSAuthorization{} }
+func (*TLSAuthorization) ProtoMessage() {}
+func (*TLSAuthorization) Descriptor() ([]byte, []int) {
+	return fileDescriptor_3708583e03e1c1e3, []int{2}
+}
+func (m *TLSAuthorization) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TLSAuthorization) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_TLSAuthorization.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *TLSAuthorization) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TLSAuthorization.Merge(m, src)
+}
+func (m *TLSAuthorization) XXX_Size() int {
+	return m.Size()
+}
+func (m *TLSAuthorization) XXX_DiscardUnknown() {
+	xxx_messageInfo_TLSAuthorization.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_TLSAuthorization proto.InternalMessageInfo
 
 var E_Deepcopy = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         70000,
 	Name:          "docker.protobuf.plugin.deepcopy",
@@ -95,20 +166,20 @@ var E_Deepcopy = &proto.ExtensionDesc{
 }
 
 var E_StoreObject = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*StoreObject)(nil),
 	Field:         70001,
 	Name:          "docker.protobuf.plugin.store_object",
-	Tag:           "bytes,70001,opt,name=store_object,json=storeObject",
+	Tag:           "bytes,70001,opt,name=store_object",
 	Filename:      "github.com/docker/swarmkit/protobuf/plugin/plugin.proto",
 }
 
 var E_TlsAuthorization = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MethodOptions)(nil),
+	ExtendedType:  (*descriptor.MethodOptions)(nil),
 	ExtensionType: (*TLSAuthorization)(nil),
 	Field:         73626345,
 	Name:          "docker.protobuf.plugin.tls_authorization",
-	Tag:           "bytes,73626345,opt,name=tls_authorization,json=tlsAuthorization",
+	Tag:           "bytes,73626345,opt,name=tls_authorization",
 	Filename:      "github.com/docker/swarmkit/protobuf/plugin/plugin.proto",
 }
 
@@ -121,6 +192,51 @@ func init() {
 	proto.RegisterExtension(E_TlsAuthorization)
 }
 
+func init() {
+	proto.RegisterFile("github.com/docker/swarmkit/protobuf/plugin/plugin.proto", fileDescriptor_3708583e03e1c1e3)
+}
+
+var fileDescriptor_3708583e03e1c1e3 = []byte{
+	// 588 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x52, 0x41, 0x6f, 0xd3, 0x4c,
+	0x10, 0x8d, 0xd3, 0x36, 0x4d, 0x26, 0x69, 0xbf, 0x7e, 0x2b, 0x54, 0x59, 0x3d, 0x38, 0x55, 0x83,
+	0x50, 0x90, 0x90, 0x23, 0xf5, 0x82, 0x94, 0x1b, 0x25, 0x97, 0x48, 0x40, 0x91, 0x83, 0xc4, 0x8d,
+	0xc8, 0xf1, 0x4e, 0x93, 0xa5, 0x8e, 0xd7, 0xda, 0x5d, 0xd3, 0xc2, 0x89, 0x3f, 0x80, 0xc4, 0x95,
+	0x2b, 0xbf, 0xa6, 0xc7, 0x1e, 0x7b, 0x8a, 0xa8, 0x23, 0x0e, 0xdc, 0xe0, 0x1f, 0xa0, 0xdd, 0x75,
+	0x1a, 0x82, 0x5a, 0x71, 0xf2, 0xcc, 0x9b, 0xf7, 0x66, 0xe6, 0xed, 0x18, 0x1e, 0x8f, 0x99, 0x9a,
+	0x64, 0x23, 0x3f, 0xe2, 0xd3, 0x0e, 0xe5, 0xd1, 0x29, 0x8a, 0x8e, 0x3c, 0x0b, 0xc5, 0xf4, 0x94,
+	0xa9, 0x4e, 0x2a, 0xb8, 0xe2, 0xa3, 0xec, 0xa4, 0x93, 0xc6, 0xd9, 0x98, 0x25, 0xc5, 0xc7, 0x37,
+	0x30, 0xd9, 0xb5, 0x6c, 0x7f, 0x41, 0xf2, 0x6d, 0x75, 0x6f, 0x7f, 0xcc, 0xf9, 0x38, 0xc6, 0xa5,
+	0x98, 0xa2, 0x8c, 0x04, 0x4b, 0x15, 0x2f, 0xb8, 0x07, 0x5f, 0xd6, 0x60, 0xfb, 0x75, 0xa8, 0xa2,
+	0xc9, 0x00, 0x63, 0x8c, 0x14, 0x17, 0x92, 0xec, 0x42, 0x99, 0x51, 0xd7, 0xd9, 0x77, 0xda, 0xd5,
+	0xa3, 0x4a, 0x3e, 0x6b, 0x96, 0xfb, 0xbd, 0xa0, 0xcc, 0x28, 0x79, 0x08, 0x35, 0x46, 0x87, 0xa9,
+	0xc0, 0x13, 0x76, 0xee, 0x96, 0x4d, 0xb9, 0x91, 0xcf, 0x9a, 0xd5, 0x7e, 0xef, 0xa5, 0xc1, 0x82,
+	0x2a, 0xa3, 0x36, 0x22, 0x04, 0xd6, 0x93, 0x70, 0x8a, 0xee, 0x9a, 0x66, 0x05, 0x26, 0x26, 0x4d,
+	0xa8, 0xeb, 0xef, 0xa2, 0xc1, 0xba, 0x29, 0x81, 0x86, 0x0a, 0xd1, 0x2e, 0x54, 0xa2, 0x4c, 0x2a,
+	0x3e, 0x75, 0x37, 0x4c, 0xad, 0xc8, 0x48, 0x0b, 0xb6, 0x6c, 0xb4, 0x90, 0x56, 0x4c, 0xb9, 0x61,
+	0xc1, 0x42, 0xfc, 0x08, 0x40, 0xa2, 0x78, 0xc7, 0x22, 0x1c, 0x32, 0xea, 0x6e, 0x9a, 0xed, 0xb6,
+	0xf2, 0x59, 0xb3, 0x36, 0xb0, 0x68, 0xbf, 0x17, 0xd4, 0x0a, 0x42, 0x9f, 0x92, 0x16, 0x6c, 0x26,
+	0x9c, 0x1a, 0x6a, 0xd5, 0x50, 0x21, 0x9f, 0x35, 0x2b, 0x2f, 0x38, 0xd5, 0xbc, 0x8a, 0x2e, 0xf5,
+	0xa9, 0x36, 0x21, 0x63, 0xae, 0xdc, 0x9a, 0x35, 0xa1, 0x63, 0xbd, 0x0b, 0x45, 0xc9, 0x04, 0xd2,
+	0xa1, 0x54, 0xa1, 0x42, 0x17, 0xec, 0x2e, 0x05, 0x38, 0xd0, 0x98, 0x16, 0x0a, 0x1e, 0xa3, 0x5b,
+	0xb7, 0x42, 0x1d, 0x13, 0x0f, 0x60, 0x8a, 0xd3, 0x11, 0x0a, 0x39, 0x61, 0xa9, 0xdb, 0xb0, 0xe6,
+	0x97, 0x88, 0xd6, 0x9c, 0xb2, 0x84, 0xba, 0x5b, 0x56, 0xa3, 0xe3, 0x83, 0x37, 0x50, 0x1f, 0x28,
+	0x2e, 0xf0, 0x78, 0xf4, 0x16, 0x23, 0x45, 0x8e, 0xe1, 0xbf, 0x33, 0x7d, 0xa9, 0xa1, 0x5c, 0x9c,
+	0xca, 0x75, 0xf6, 0xcb, 0xed, 0xfa, 0xe1, 0x03, 0xff, 0xf6, 0xf3, 0xfb, 0xab, 0x87, 0x0d, 0xb6,
+	0xcf, 0x56, 0xf2, 0x83, 0x1e, 0xec, 0xbc, 0x7a, 0x36, 0x78, 0x92, 0xa9, 0x09, 0x17, 0xec, 0x43,
+	0xa8, 0x18, 0x4f, 0xc8, 0x3d, 0xd8, 0xd0, 0xfb, 0xea, 0xd6, 0x6b, 0xed, 0x5a, 0x60, 0x13, 0xb2,
+	0x07, 0x55, 0x96, 0x48, 0x8c, 0x32, 0x81, 0xf6, 0xf2, 0xc1, 0x4d, 0xde, 0x7d, 0x0a, 0x55, 0x8a,
+	0x98, 0x46, 0x3c, 0x7d, 0x4f, 0x9a, 0xbe, 0xfd, 0xe1, 0x96, 0x9b, 0x3c, 0x47, 0x29, 0xc3, 0x31,
+	0x1e, 0xa7, 0xba, 0xbb, 0x74, 0x7f, 0x7e, 0x35, 0x77, 0xef, 0xae, 0x2b, 0x91, 0x61, 0x70, 0x23,
+	0xec, 0x32, 0x68, 0x48, 0x6d, 0x75, 0xc8, 0xad, 0xd7, 0x7f, 0x36, 0xfa, 0x65, 0x1a, 0xd5, 0x0f,
+	0x5b, 0x77, 0x79, 0xff, 0xe3, 0xe5, 0x82, 0xba, 0x5c, 0x26, 0xdd, 0x73, 0xf8, 0x5f, 0xc5, 0x72,
+	0x18, 0xae, 0xd8, 0xf6, 0x6e, 0x99, 0xa7, 0x26, 0x9c, 0x2e, 0xc6, 0xfd, 0xf8, 0xfe, 0xa9, 0x65,
+	0xe6, 0xb5, 0xef, 0x9a, 0xf7, 0xf7, 0x4b, 0x06, 0x3b, 0x2a, 0x96, 0x2b, 0xc8, 0xd1, 0xfd, 0x8b,
+	0x6b, 0xaf, 0x74, 0x75, 0xed, 0x95, 0x3e, 0xe6, 0x9e, 0x73, 0x91, 0x7b, 0xce, 0x65, 0xee, 0x39,
+	0xdf, 0x72, 0xcf, 0xf9, 0x3c, 0xf7, 0x4a, 0x97, 0x73, 0xaf, 0x74, 0x35, 0xf7, 0x4a, 0xbf, 0x03,
+	0x00, 0x00, 0xff, 0xff, 0x0f, 0x50, 0xb9, 0xa3, 0x05, 0x04, 0x00, 0x00,
+}
+
 func (m *WatchSelectors) Copy() *WatchSelectors {
 	if m == nil {
 		return nil
@@ -151,7 +267,7 @@ func (m *StoreObject) CopyFrom(src interface{}) {
 	*m = *o
 	if o.WatchSelectors != nil {
 		m.WatchSelectors = &WatchSelectors{}
-		deepcopy.Copy(m.WatchSelectors, o.WatchSelectors)
+		github_com_docker_swarmkit_api_deepcopy.Copy(m.WatchSelectors, o.WatchSelectors)
 	}
 }
 
@@ -178,7 +294,7 @@ func (m *TLSAuthorization) CopyFrom(src interface{}) {
 func (m *WatchSelectors) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -186,150 +302,152 @@ func (m *WatchSelectors) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WatchSelectors) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WatchSelectors) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.ID != nil {
-		dAtA[i] = 0x8
-		i++
-		if *m.ID {
+	if m.Kind != nil {
+		i--
+		if *m.Kind {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x68
 	}
-	if m.IDPrefix != nil {
-		dAtA[i] = 0x10
-		i++
-		if *m.IDPrefix {
+	if m.Membership != nil {
+		i--
+		if *m.Membership {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x60
 	}
-	if m.Name != nil {
-		dAtA[i] = 0x18
-		i++
-		if *m.Name {
+	if m.Role != nil {
+		i--
+		if *m.Role {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x58
 	}
-	if m.NamePrefix != nil {
-		dAtA[i] = 0x20
-		i++
-		if *m.NamePrefix {
+	if m.DesiredState != nil {
+		i--
+		if *m.DesiredState {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x50
 	}
-	if m.Custom != nil {
-		dAtA[i] = 0x28
-		i++
-		if *m.Custom {
+	if m.Slot != nil {
+		i--
+		if *m.Slot {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x48
 	}
-	if m.CustomPrefix != nil {
-		dAtA[i] = 0x30
-		i++
-		if *m.CustomPrefix {
+	if m.NodeID != nil {
+		i--
+		if *m.NodeID {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x40
 	}
 	if m.ServiceID != nil {
-		dAtA[i] = 0x38
-		i++
+		i--
 		if *m.ServiceID {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x38
 	}
-	if m.NodeID != nil {
-		dAtA[i] = 0x40
-		i++
-		if *m.NodeID {
+	if m.CustomPrefix != nil {
+		i--
+		if *m.CustomPrefix {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x30
 	}
-	if m.Slot != nil {
-		dAtA[i] = 0x48
-		i++
-		if *m.Slot {
+	if m.Custom != nil {
+		i--
+		if *m.Custom {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x28
 	}
-	if m.DesiredState != nil {
-		dAtA[i] = 0x50
-		i++
-		if *m.DesiredState {
+	if m.NamePrefix != nil {
+		i--
+		if *m.NamePrefix {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.Role != nil {
-		dAtA[i] = 0x58
-		i++
-		if *m.Role {
+	if m.Name != nil {
+		i--
+		if *m.Name {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.Membership != nil {
-		dAtA[i] = 0x60
-		i++
-		if *m.Membership {
+	if m.IDPrefix != nil {
+		i--
+		if *m.IDPrefix {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.Kind != nil {
-		dAtA[i] = 0x68
-		i++
-		if *m.Kind {
+	if m.ID != nil {
+		i--
+		if *m.ID {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StoreObject) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -337,32 +455,36 @@ func (m *StoreObject) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StoreObject) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StoreObject) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.WatchSelectors == nil {
-		return 0, proto.NewRequiredNotSetError("watch_selectors")
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("watch_selectors")
 	} else {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintPlugin(dAtA, i, uint64(m.WatchSelectors.Size()))
-		n1, err := m.WatchSelectors.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.WatchSelectors.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintPlugin(dAtA, i, uint64(size))
 		}
-		i += n1
-	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *TLSAuthorization) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -370,52 +492,52 @@ func (m *TLSAuthorization) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *TLSAuthorization) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TLSAuthorization) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Roles) > 0 {
-		for _, s := range m.Roles {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
 	if m.Insecure != nil {
-		dAtA[i] = 0x10
-		i++
+		i--
 		if *m.Insecure {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+	if len(m.Roles) > 0 {
+		for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Roles[iNdEx])
+			copy(dAtA[i:], m.Roles[iNdEx])
+			i = encodeVarintPlugin(dAtA, i, uint64(len(m.Roles[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintPlugin(dAtA []byte, offset int, v uint64) int {
+	offset -= sovPlugin(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
-
 func (m *WatchSelectors) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.ID != nil {
@@ -457,26 +579,26 @@ func (m *WatchSelectors) Size() (n int) {
 	if m.Kind != nil {
 		n += 2
 	}
-	if m.XXX_unrecognized != nil {
-		n += len(m.XXX_unrecognized)
-	}
 	return n
 }
 
 func (m *StoreObject) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.WatchSelectors != nil {
 		l = m.WatchSelectors.Size()
 		n += 1 + l + sovPlugin(uint64(l))
 	}
-	if m.XXX_unrecognized != nil {
-		n += len(m.XXX_unrecognized)
-	}
 	return n
 }
 
 func (m *TLSAuthorization) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Roles) > 0 {
@@ -488,21 +610,11 @@ func (m *TLSAuthorization) Size() (n int) {
 	if m.Insecure != nil {
 		n += 2
 	}
-	if m.XXX_unrecognized != nil {
-		n += len(m.XXX_unrecognized)
-	}
 	return n
 }
 
 func sovPlugin(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozPlugin(x uint64) (n int) {
 	return sovPlugin(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -525,7 +637,6 @@ func (this *WatchSelectors) String() string {
 		`Role:` + valueToStringPlugin(this.Role) + `,`,
 		`Membership:` + valueToStringPlugin(this.Membership) + `,`,
 		`Kind:` + valueToStringPlugin(this.Kind) + `,`,
-		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -535,8 +646,7 @@ func (this *StoreObject) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&StoreObject{`,
-		`WatchSelectors:` + strings.Replace(fmt.Sprintf("%v", this.WatchSelectors), "WatchSelectors", "WatchSelectors", 1) + `,`,
-		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`WatchSelectors:` + strings.Replace(this.WatchSelectors.String(), "WatchSelectors", "WatchSelectors", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -548,7 +658,6 @@ func (this *TLSAuthorization) String() string {
 	s := strings.Join([]string{`&TLSAuthorization{`,
 		`Roles:` + fmt.Sprintf("%v", this.Roles) + `,`,
 		`Insecure:` + valueToStringPlugin(this.Insecure) + `,`,
-		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -576,7 +685,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -604,7 +713,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -625,7 +734,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -646,7 +755,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -667,7 +776,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -688,7 +797,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -709,7 +818,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -730,7 +839,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -751,7 +860,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -772,7 +881,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -793,7 +902,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -814,7 +923,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -835,7 +944,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -856,7 +965,7 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -869,13 +978,12 @@ func (m *WatchSelectors) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthPlugin
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -901,7 +1009,7 @@ func (m *StoreObject) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -929,7 +1037,7 @@ func (m *StoreObject) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -938,6 +1046,9 @@ func (m *StoreObject) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthPlugin
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -955,18 +1066,17 @@ func (m *StoreObject) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthPlugin
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
 	if hasFields[0]&uint64(0x00000001) == 0 {
-		return proto.NewRequiredNotSetError("watch_selectors")
+		return github_com_gogo_protobuf_proto.NewRequiredNotSetError("watch_selectors")
 	}
 
 	if iNdEx > l {
@@ -989,7 +1099,7 @@ func (m *TLSAuthorization) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1017,7 +1127,7 @@ func (m *TLSAuthorization) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1027,6 +1137,9 @@ func (m *TLSAuthorization) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthPlugin
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1046,7 +1159,7 @@ func (m *TLSAuthorization) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1059,13 +1172,12 @@ func (m *TLSAuthorization) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthPlugin
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1078,6 +1190,7 @@ func (m *TLSAuthorization) Unmarshal(dAtA []byte) error {
 func skipPlugin(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1109,10 +1222,8 @@ func skipPlugin(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1129,97 +1240,34 @@ func skipPlugin(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthPlugin
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowPlugin
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipPlugin(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupPlugin
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthPlugin
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthPlugin = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowPlugin   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthPlugin        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowPlugin          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupPlugin = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() {
-	proto.RegisterFile("github.com/docker/swarmkit/protobuf/plugin/plugin.proto", fileDescriptorPlugin)
-}
-
-var fileDescriptorPlugin = []byte{
-	// 575 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x52, 0xc1, 0x6e, 0xd3, 0x4c,
-	0x10, 0xae, 0xd3, 0x36, 0x4d, 0x26, 0x69, 0xff, 0xfe, 0x2b, 0x54, 0xad, 0x7a, 0x70, 0xaa, 0x46,
-	0x42, 0x41, 0x42, 0x8e, 0xd4, 0x0b, 0x52, 0x6e, 0x94, 0x5c, 0x22, 0x01, 0x45, 0x0e, 0x12, 0x37,
-	0x22, 0xc7, 0x3b, 0x4d, 0x96, 0x3a, 0x5e, 0x6b, 0x77, 0x4d, 0x0a, 0x27, 0x5e, 0x80, 0x07, 0xe0,
-	0xca, 0xd3, 0xf4, 0xc8, 0x91, 0x53, 0x44, 0x2d, 0x71, 0xe0, 0x06, 0x6f, 0x80, 0x76, 0xd7, 0x69,
-	0x08, 0x6a, 0xc5, 0xc9, 0x33, 0xdf, 0x7c, 0xdf, 0xcc, 0x7c, 0x3b, 0x86, 0x47, 0x13, 0xae, 0xa7,
-	0xf9, 0x38, 0x88, 0xc5, 0xac, 0xcb, 0x44, 0x7c, 0x81, 0xb2, 0xab, 0xe6, 0x91, 0x9c, 0x5d, 0x70,
-	0xdd, 0xcd, 0xa4, 0xd0, 0x62, 0x9c, 0x9f, 0x77, 0xb3, 0x24, 0x9f, 0xf0, 0xb4, 0xfc, 0x04, 0x16,
-	0x26, 0x07, 0x8e, 0x1d, 0x2c, 0x49, 0x81, 0xab, 0x1e, 0x1e, 0x4d, 0x84, 0x98, 0x24, 0xb8, 0x12,
-	0x33, 0x54, 0xb1, 0xe4, 0x99, 0x16, 0x25, 0xf7, 0xf8, 0xd3, 0x26, 0xec, 0xbd, 0x8a, 0x74, 0x3c,
-	0x1d, 0x62, 0x82, 0xb1, 0x16, 0x52, 0x91, 0x03, 0xa8, 0x70, 0x46, 0xbd, 0x23, 0xaf, 0x53, 0x3b,
-	0xad, 0x16, 0x8b, 0x56, 0x65, 0xd0, 0x0f, 0x2b, 0x9c, 0x91, 0x07, 0x50, 0xe7, 0x6c, 0x94, 0x49,
-	0x3c, 0xe7, 0x97, 0xb4, 0x62, 0xcb, 0xcd, 0x62, 0xd1, 0xaa, 0x0d, 0xfa, 0x2f, 0x2c, 0x16, 0xd6,
-	0x38, 0x73, 0x11, 0x21, 0xb0, 0x95, 0x46, 0x33, 0xa4, 0x9b, 0x86, 0x15, 0xda, 0x98, 0xb4, 0xa0,
-	0x61, 0xbe, 0xcb, 0x06, 0x5b, 0xb6, 0x04, 0x06, 0x2a, 0x45, 0x07, 0x50, 0x8d, 0x73, 0xa5, 0xc5,
-	0x8c, 0x6e, 0xdb, 0x5a, 0x99, 0x91, 0x36, 0xec, 0xba, 0x68, 0x29, 0xad, 0xda, 0x72, 0xd3, 0x81,
-	0xa5, 0xf8, 0x21, 0x80, 0x42, 0xf9, 0x96, 0xc7, 0x38, 0xe2, 0x8c, 0xee, 0xd8, 0xed, 0x76, 0x8b,
-	0x45, 0xab, 0x3e, 0x74, 0xe8, 0xa0, 0x1f, 0xd6, 0x4b, 0xc2, 0x80, 0x91, 0x36, 0xec, 0xa4, 0x82,
-	0x59, 0x6a, 0xcd, 0x52, 0xa1, 0x58, 0xb4, 0xaa, 0xcf, 0x05, 0x33, 0xbc, 0xaa, 0x29, 0x0d, 0x98,
-	0x31, 0xa1, 0x12, 0xa1, 0x69, 0xdd, 0x99, 0x30, 0xb1, 0xd9, 0x85, 0xa1, 0xe2, 0x12, 0xd9, 0x48,
-	0xe9, 0x48, 0x23, 0x05, 0xb7, 0x4b, 0x09, 0x0e, 0x0d, 0x66, 0x84, 0x52, 0x24, 0x48, 0x1b, 0x4e,
-	0x68, 0x62, 0xe2, 0x03, 0xcc, 0x70, 0x36, 0x46, 0xa9, 0xa6, 0x3c, 0xa3, 0x4d, 0x67, 0x7e, 0x85,
-	0x18, 0xcd, 0x05, 0x4f, 0x19, 0xdd, 0x75, 0x1a, 0x13, 0x1f, 0xbf, 0x86, 0xc6, 0x50, 0x0b, 0x89,
-	0x67, 0xe3, 0x37, 0x18, 0x6b, 0x72, 0x06, 0xff, 0xcd, 0xcd, 0xa5, 0x46, 0x6a, 0x79, 0x2a, 0xea,
-	0x1d, 0x55, 0x3a, 0x8d, 0x93, 0xfb, 0xc1, 0xed, 0xe7, 0x0f, 0xd6, 0x0f, 0x1b, 0xee, 0xcd, 0xd7,
-	0xf2, 0xe3, 0x3e, 0xec, 0xbf, 0x7c, 0x3a, 0x7c, 0x9c, 0xeb, 0xa9, 0x90, 0xfc, 0x7d, 0xa4, 0xb9,
-	0x48, 0xc9, 0x3d, 0xd8, 0x36, 0xfb, 0x9a, 0xd6, 0x9b, 0x9d, 0x7a, 0xe8, 0x12, 0x72, 0x08, 0x35,
-	0x9e, 0x2a, 0x8c, 0x73, 0x89, 0xee, 0xf2, 0xe1, 0x4d, 0xde, 0x7b, 0x02, 0x35, 0x86, 0x98, 0xc5,
-	0x22, 0x7b, 0x47, 0x5a, 0x81, 0xfb, 0xe1, 0x56, 0x9b, 0x3c, 0x43, 0xa5, 0xa2, 0x09, 0x9e, 0x65,
-	0xa6, 0xbb, 0xa2, 0x3f, 0x3f, 0xdb, 0xbb, 0xf7, 0xb6, 0xb4, 0xcc, 0x31, 0xbc, 0x11, 0xf6, 0x38,
-	0x34, 0x95, 0xb1, 0x3a, 0x12, 0xce, 0xeb, 0x3f, 0x1b, 0xfd, 0xb2, 0x8d, 0x1a, 0x27, 0xed, 0xbb,
-	0xbc, 0xff, 0xf1, 0x72, 0x61, 0x43, 0xad, 0x92, 0xde, 0x25, 0xfc, 0xaf, 0x13, 0x35, 0x8a, 0xd6,
-	0x6c, 0xfb, 0xb7, 0xcc, 0xd3, 0x53, 0xc1, 0x96, 0xe3, 0x7e, 0x7c, 0xff, 0xd8, 0xb6, 0xf3, 0x3a,
-	0x77, 0xcd, 0xfb, 0xfb, 0x25, 0xc3, 0x7d, 0x9d, 0xa8, 0x35, 0xe4, 0x94, 0x5e, 0x5d, 0xfb, 0x1b,
-	0x5f, 0xaf, 0xfd, 0x8d, 0x0f, 0x85, 0xef, 0x5d, 0x15, 0xbe, 0xf7, 0xa5, 0xf0, 0xbd, 0x6f, 0x85,
-	0xef, 0xfd, 0x0e, 0x00, 0x00, 0xff, 0xff, 0xb3, 0x99, 0x7d, 0xfb, 0xf9, 0x03, 0x00, 0x00,
-}
diff --git a/vendor/github.com/docker/swarmkit/vendor.conf b/vendor/github.com/docker/swarmkit/vendor.conf
index f91ea497e0af1..fe8a3cd498e6f 100644
--- a/vendor/github.com/docker/swarmkit/vendor.conf
+++ b/vendor/github.com/docker/swarmkit/vendor.conf
@@ -8,60 +8,72 @@
 # In >=1.11, those errors were brought back but the string had changed again.
 # After updating GRPC, if integration test failures occur, verify that the
 # string matching there is correct.
-google.golang.org/grpc v1.12.0
-github.com/gogo/protobuf v1.0.0
-github.com/golang/protobuf v1.1.0
-github.com/matttproud/golang_protobuf_extensions v1.0.0
-google.golang.org/genproto 694d95ba50e67b2e363f3483057db5d4910c18f9
+google.golang.org/grpc                              f495f5b15ae7ccda3b38c53a1bfcde4c1a58a2bc # v1.27.1
+github.com/gogo/protobuf                            b03c65ea87cdc3521ede29f62fe3ce239267c1bc # v1.3.2
+github.com/golang/protobuf                          84668698ea25b64748563aa20726db66a6b8d299 # v1.3.5
+github.com/matttproud/golang_protobuf_extensions    c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
+google.golang.org/genproto                          3f1135a288c9a07e340ae8ba4cc6c7065a3160e8
 
 # metrics
-github.com/grpc-ecosystem/go-grpc-prometheus 6b7015e65d366bf3f19b2b2a000a831940f0f7e0
-github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18
+github.com/grpc-ecosystem/go-grpc-prometheus        c225b8c3b01faf2899099b768856a9e916e5087b # v1.2.0
+github.com/docker/go-metrics                        b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
 
 # etcd/raft
-github.com/coreos/etcd v3.2.1
-github.com/coreos/go-systemd v17
-github.com/coreos/pkg v3
-github.com/prometheus/client_golang 52437c81da6b127a9925d17eb3a382a2e5fd395e
-github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6
-github.com/prometheus/common ebdfc6da46522d58825777cf1f90490a5b1ef1d8
-github.com/prometheus/procfs abf152e5f3e97f2fafac028d2cc06c1feb87ffa5
+github.com/coreos/etcd                              2c834459e1aab78a5d5219c7dfe42335fc4b617a # v3.3.25
 
-github.com/docker/distribution 83389a148052d74ac602f5f1d62f86ff2f3c4aa5
-github.com/docker/docker b9bb3bae5161f931c1dede43c67948c599197f50
-github.com/docker/go-connections 7beb39f0b969b075d1325fecb092faf27fd357b6
-github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
-github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
-github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef
-github.com/docker/libnetwork a79d3687931697244b8e03485bf7b2042f8ec6b6
-github.com/opencontainers/runc ad0f5255060d36872be04de22f8731f38ef2d7b1
-github.com/opencontainers/go-digest v1.0.0-rc1
-github.com/opencontainers/image-spec v1.0.1
-github.com/ishidawataru/sctp 07191f837fedd2f13d1ec7b5f885f0f3ec54b1cb
+# go-systemd v17 is required by github.com/coreos/pkg/capnslog/journald_formatter.go
+github.com/coreos/go-systemd                        39ca1b05acc7ad1220e09f133283b8859a8b71ab # v17
+github.com/coreos/pkg                               97fdf19511ea361ae1c100dd393cc47f8dcfa1e1 # v4
+github.com/prometheus/client_golang                 6edbbd9e560190e318cdc5b4d3e630b442858380 # v1.6.0
+github.com/prometheus/client_model                  7bc5445566f0fe75b15de23e6b93886e982d7bf9 # v0.2.0
+github.com/prometheus/common                        d978bcb1309602d68bb4ba69cf3f8ed900e07308 # v0.9.1
+github.com/prometheus/procfs                        46159f73e74d1cb8dc223deef9b2d049286f46b1 # v0.0.11
+github.com/cespare/xxhash/v2                        d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
 
-github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 # v1.1.0
-github.com/Microsoft/go-winio v0.4.8
-github.com/sirupsen/logrus v1.0.3
-github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
-github.com/cloudflare/cfssl 1.3.2
-github.com/dustin/go-humanize 8929fe90cee4b2cb9deb468b51fb34eba64d1bf0
-github.com/fernet/fernet-go 1b2437bc582b3cfbb341ee5a29f8ef5b42912ff2
-github.com/google/certificate-transparency-go v1.0.20
-github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
-github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad
-github.com/hashicorp/golang-lru a0d98a5f288019575c6d1f4bb1573fef2d1fcdc4
-github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
-github.com/phayes/permbits f7e3ac5e859d0b919c5068d581cc4c5d4f4f9bc5
-github.com/pivotal-golang/clock 3fd3c1944c59d9742e1cd333672181cd1a6f9fa0
-github.com/pkg/errors 645ef00459ed84a119197bfb8d8205042c6df63d
-github.com/pmezard/go-difflib 792786c7400a136282c1664665ae0a8db921c6c2
-github.com/rcrowley/go-metrics 51425a2415d21afadfd55cd93432c0bc69e9598d
-github.com/spf13/cobra 8e91712f174ced10270cf66615e0a9127e7c4de5
-github.com/spf13/pflag 7f60f83a2c81bc3c3c0d5297f61ddfa68da9d3b7
-github.com/stretchr/testify v1.1.4
-go.etcd.io/bbolt v1.3.1-etcd.8
-golang.org/x/crypto 1a580b3eff7814fc9b40602fd35256c63b50f491
-golang.org/x/net 0ed95abb35c445290478a5348a7b38bb154135fd
-golang.org/x/sys 37707fdb30a5b38865cfb95e5aab41707daec7fd
-golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
-golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb
+github.com/docker/distribution                      0d3efadf0154c2b8a4e7b6621fff9809655cc580
+github.com/docker/docker                            471fd27709777d2cce3251129887e14e8bb2e0c7 # master / v21.xx-dev
+github.com/docker/go-connections                    7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
+github.com/docker/go-events                         e31b211e4f1cd09aa76fe4ac244571fab96ae47f
+github.com/docker/go-units                          519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
+github.com/docker/libkv                             458977154600b9f23984d9f4b82e79570b5ae12b
+github.com/opencontainers/runc                      b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 # v1.0.0-rc95
+github.com/opencontainers/go-digest                 ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0
+github.com/opencontainers/image-spec                d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
+github.com/ishidawataru/sctp                        f2269e66cdee387bd321445d5d300893449805be
+github.com/containerd/containerd                    36cc874494a56a253cd181a1a685b44b58a2e34a # v1.5.2
+
+github.com/davecgh/go-spew                          8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
+github.com/Microsoft/go-winio                       5b44b70ab3ab4d291a7c1d28afe7b4afeced0ed4 # v0.4.15
+github.com/sirupsen/logrus                          6699a89a232f3db797f2e280639854bbc4b89725 # v1.7.0
+github.com/beorn7/perks                             37c8de3658fcb183f997c4e13e8337516ab753e6 # v1.0.1
+github.com/cloudflare/cfssl                         5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
+github.com/dustin/go-humanize                       9f541cc9db5d55bce703bd99987c9d5cb8eea45e # v1.0.0
+github.com/fernet/fernet-go                         9eac43b88a5efb8651d24de9b68e87567e029736
+github.com/google/certificate-transparency-go       37a384cd035e722ea46e55029093e26687138edf # v1.0.20
+github.com/hashicorp/go-immutable-radix             826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
+github.com/hashicorp/go-memdb                       cb9a474f84cc5e41b273b20c6927680b2a8776ad
+github.com/hashicorp/golang-lru                     7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
+github.com/inconshreveable/mousetrap                76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0.0
+github.com/phayes/permbits                          f7e3ac5e859d0b919c5068d581cc4c5d4f4f9bc5
+code.cloudfoundry.org/clock                         02e53af36e6c978af692887ed449b74026d76fec # v1.0.0
+github.com/pkg/errors                               614d223910a179a466c1767a985424175c39b465 # v0.9.1
+github.com/pmezard/go-difflib                       792786c7400a136282c1664665ae0a8db921c6c2 # v1.0.0
+github.com/rcrowley/go-metrics                      51425a2415d21afadfd55cd93432c0bc69e9598d
+github.com/spf13/cobra                              8380ddd3132bdf8fd77731725b550c181dda0aa8 # v1.1.3
+github.com/spf13/pflag                              2e9d26c8c37aae03e3f9d4e90b7116f5accb7cab # v1.0.5
+github.com/stretchr/testify                         ffdc059bfe9ce6a4e144ba849dbedead332c6053 # v1.3.0
+go.etcd.io/bbolt                                    232d8fc87f50244f9c808f4745759e08a304c029 # v1.3.5
+golang.org/x/crypto                                 c1f2f97bffc9c53fc40a1a28a5b460094c0050d9
+golang.org/x/net                                    6772e930b67bb09bf22262c7378e7d2f67cf59d1
+golang.org/x/sys                                    d19ff857e887eacb631721f188c7d365c2331456
+golang.org/x/text                                   23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3
+golang.org/x/time                                   555d28b269f0569763d25dbe1a237ae74c6bcc82
+
+# ginkgo is used for testing in some places in the code. this is it and its
+# sub-dependencies.
+github.com/onsi/ginkgo                              eea6ad008b96acdaa524f5b409513bf062b500ad # v1.8.0
+github.com/onsi/gomega                              90e289841c1ed79b7a598a7cd9959750cb5e89e2 # v1.5.0
+gopkg.in/yaml.v2                                    7649d4548cb53a614db133b2a8ac1f31859dda8c # v2.4.0
+github.com/hpcloud/tail                             a30252cb686a21eb2d0b98132633053ec2f7f1e5 # v1.0.0
+gopkg.in/fsnotify.v1                                c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9 # v1.4.7
+gopkg.in/tomb.v1                                    dd632973f1e7218eb1089048e0798ec9ae7dceb8 # v1
diff --git a/vendor/github.com/fernet/fernet-go/fernet.go b/vendor/github.com/fernet/fernet-go/fernet.go
index 8549e69c45e04..9e4bcce35ce14 100644
--- a/vendor/github.com/fernet/fernet-go/fernet.go
+++ b/vendor/github.com/fernet/fernet-go/fernet.go
@@ -67,7 +67,7 @@ func verify(msg, tok []byte, ttl time.Duration, now time.Time, k *Key) []byte {
 		return nil
 	}
 	ts := time.Unix(int64(binary.BigEndian.Uint64(tok[1:])), 0)
-	if ttl >= 0 && (now.After(ts.Add(ttl)) || ts.After(now.Add(maxClockSkew))) {
+	if ttl > 0 && (now.After(ts.Add(ttl)) || ts.After(now.Add(maxClockSkew))) {
 		return nil
 	}
 	n := len(tok) - sha256.Size
diff --git a/vendor/github.com/fluent/fluent-logger-golang/README.md b/vendor/github.com/fluent/fluent-logger-golang/README.md
index cbb8bdc5420f9..554619a31cd0e 100644
--- a/vendor/github.com/fluent/fluent-logger-golang/README.md
+++ b/vendor/github.com/fluent/fluent-logger-golang/README.md
@@ -1,7 +1,8 @@
 fluent-logger-golang
 ====
 
-[![Build Status](https://travis-ci.org/fluent/fluent-logger-golang.png?branch=master)](https://travis-ci.org/fluent/fluent-logger-golang)
+[![Build Status](https://github.com/fluent/fluent-logger-golang/actions/workflows/ci.yaml/badge.svg?branch=master)](https://github.com/fluent/fluent-logger-golang/actions)
+[![GoDoc](https://godoc.org/github.com/fluent/fluent-logger-golang/fluent?status.svg)](https://godoc.org/github.com/fluent/fluent-logger-golang/fluent)
 
 ## A structured event logger for Fluentd (Golang)
 
@@ -19,8 +20,6 @@ Install the package with `go get` and use `import` to include it in your project
 import "github.com/fluent/fluent-logger-golang/fluent"
 ```
 
-GoDoc: http://godoc.org/github.com/fluent/fluent-logger-golang/fluent
-
 ## Example
 
 ```go
@@ -29,7 +28,7 @@ package main
 import (
   "github.com/fluent/fluent-logger-golang/fluent"
   "fmt"
-  "time"
+  //"time"
 )
 
 func main() {
@@ -59,12 +58,125 @@ func main() {
 f := fluent.New(fluent.Config{FluentPort: 80, FluentHost: "example.com"})
 ```
 
+### FluentNetwork
+
+Specify the network protocol. The supported values are:
+
+ * "tcp" (use `FluentHost` and `FluentPort`)
+ * "tls" (use`FluentHost` and `FluentPort`)
+ * "unix" (use `FluentSocketPath`)
+
+The default is "tcp".
+
+### FluentHost
+
+Specify a hostname or IP address as a string for the destination of the "tcp" protocol.
+The default is "127.0.0.1".
+
+### FluentPort
+
+Specify the TCP port of the destination. The default is 24224.
+
+### FluentSocketPath
+
+Specify the unix socket path when `FluentNetwork` is "unix".
+
+### Timeout
+
+Set the timeout value of `time.Duration` to connect to the destination.
+The default is 3 seconds.
+
 ### WriteTimeout
 
-Sets the timeout for Write call of logger.Post.
+Sets the timeout value of `time.Duration` for Write call of `logger.Post`.
 Since the default is zero value, Write will not time out.
 
+### BufferLimit
+
+Sets the number of events buffered on the memory. Records will be stored in memory up to this number. If the buffer is full, the call to record logs will fail.
+The default is 8192.
+
+### RetryWait
+
+Set the duration of the initial wait for the first retry, in milliseconds. The actual retry wait will be `r * 1.5^(N-1)` (r: this value, N: the number of retries).
+The default is 500.
+
+### MaxRetry
+
+Sets the maximum number of retries. If the number of retries become larger than this value, the write/send operation will fail.
+The default is 13.
+
+### MaxRetryWait
+
+The maximum duration of wait between retries, in milliseconds. If the calculated retry wait is larger than this value, the actual retry wait will be this value.
+The default is 60,000 (60 seconds).
+
+### TagPrefix
+
+Sets the prefix string of the tag. Prefix will be appended with a dot `.`, like `ppp.tag` (ppp: the value of this parameter, tag: the tag string specified in a call).
+The default is blank.
+
+### Async
+
+Enable asynchronous I/O (connect and write) for sending events to Fluentd.
+The default is false.
+
+### ForceStopAsyncSend
+
+When Async is enabled, immediately discard the event queue on close() and return (instead of trying MaxRetry times for each event in the queue before returning)
+The default is false.
+
+### AsyncResultCallback
+
+When Async is enabled, if this is callback is provided, it will be called on every write to Fluentd. The callback function
+takes two arguments - a `[]byte` of the message that was to be sent and an `error`. If the `error` is not nil this means the 
+delivery of the message was unsuccessful.
+
+### SubSecondPrecision
+
+Enable time encoding as EventTime, which contains sub-second precision values. The messages encoded with this option can be received only by Fluentd v0.14 or later.
+The default is false.
+
+### MarshalAsJson
+
+Enable Json data marshaling to send messages using Json format (instead of the standard MessagePack). It is supported by Fluentd `in_forward` plugin.
+The default is false.
+
+### RequestAck
+
+Sets whether to request acknowledgment from Fluentd to increase the reliability
+of the connection. The default is false.
+
+### TlsInsecureSkipVerify
+
+Skip verifying the server certificate. Useful for development and testing. The default is false.
+
+## FAQ
+
+### Does this logger support the features of Fluentd Forward Protocol v1?
+
+"the features" includes heartbeat messages (for TCP keepalive), TLS transport and shared key authentication.
+
+This logger doesn't support those features. Patches are welcome!
+
+### Is it allowed to call `Fluent.Post()` after connection close?
+
+Before v1.8.0, the Fluent logger silently reopened connections whenever
+`Fluent.Post()` was called.
+
+```go
+logger, _ := fluent.New(fluent.Config{})
+logger.Post(tag, data)
+logger.Close()
+logger.Post(tag, data)  /* reopen connection */
+```
+
+However, this behavior was confusing, in particular when multiple goroutines
+were involved. Starting v1.8.0, the logger no longer accepts `Fluent.Post()`
+after `Fluent.Close()`, and instead returns a "Logger already closed" error.
+
 ## Tests
 ```
+
 go test
 ```
diff --git a/vendor/github.com/fluent/fluent-logger-golang/fluent/fluent.go b/vendor/github.com/fluent/fluent-logger-golang/fluent/fluent.go
index 4693c5c3b5898..c2e1b25955586 100644
--- a/vendor/github.com/fluent/fluent-logger-golang/fluent/fluent.go
+++ b/vendor/github.com/fluent/fluent-logger-golang/fluent/fluent.go
@@ -1,16 +1,24 @@
 package fluent
 
 import (
+	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"math"
+	"math/rand"
 	"net"
+	"os"
 	"reflect"
 	"strconv"
 	"sync"
 	"time"
 
+	"bytes"
+	"encoding/base64"
+	"encoding/binary"
+
 	"github.com/tinylib/msgp/msgp"
 )
 
@@ -21,47 +29,104 @@ const (
 	defaultPort                   = 24224
 	defaultTimeout                = 3 * time.Second
 	defaultWriteTimeout           = time.Duration(0) // Write() will not time out
-	defaultBufferLimit            = 8 * 1024 * 1024
+	defaultBufferLimit            = 8 * 1024
 	defaultRetryWait              = 500
+	defaultMaxRetryWait           = 60000
 	defaultMaxRetry               = 13
 	defaultReconnectWaitIncreRate = 1.5
 	// Default sub-second precision value to false since it is only compatible
 	// with fluentd versions v0.14 and above.
 	defaultSubSecondPrecision = false
+
+	// Default value whether to skip checking insecure certs on TLS connections.
+	defaultTlsInsecureSkipVerify = false
 )
 
+// randomGenerator is used by getUniqueId to generate ack hashes. Its value is replaced
+// during tests with a deterministic function.
+var randomGenerator = rand.Uint64
+
 type Config struct {
-	FluentPort       int           `json:"fluent_port"`
-	FluentHost       string        `json:"fluent_host"`
-	FluentNetwork    string        `json:"fluent_network"`
-	FluentSocketPath string        `json:"fluent_socket_path"`
-	Timeout          time.Duration `json:"timeout"`
-	WriteTimeout     time.Duration `json:"write_timeout"`
-	BufferLimit      int           `json:"buffer_limit"`
-	RetryWait        int           `json:"retry_wait"`
-	MaxRetry         int           `json:"max_retry"`
-	TagPrefix        string        `json:"tag_prefix"`
-	AsyncConnect     bool          `json:"async_connect"`
-	MarshalAsJSON    bool          `json:"marshal_as_json"`
+	FluentPort          int           `json:"fluent_port"`
+	FluentHost          string        `json:"fluent_host"`
+	FluentNetwork       string        `json:"fluent_network"`
+	FluentSocketPath    string        `json:"fluent_socket_path"`
+	Timeout             time.Duration `json:"timeout"`
+	WriteTimeout        time.Duration `json:"write_timeout"`
+	BufferLimit         int           `json:"buffer_limit"`
+	RetryWait           int           `json:"retry_wait"`
+	MaxRetry            int           `json:"max_retry"`
+	MaxRetryWait        int           `json:"max_retry_wait"`
+	TagPrefix           string        `json:"tag_prefix"`
+	Async               bool          `json:"async"`
+	ForceStopAsyncSend  bool          `json:"force_stop_async_send"`
+	AsyncResultCallback func(data []byte, err error)
+	// Deprecated: Use Async instead
+	AsyncConnect  bool `json:"async_connect"`
+	MarshalAsJSON bool `json:"marshal_as_json"`
 
 	// Sub-second precision timestamps are only possible for those using fluentd
 	// v0.14+ and serializing their messages with msgpack.
 	SubSecondPrecision bool `json:"sub_second_precision"`
+
+	// RequestAck sends the chunk option with a unique ID. The server will
+	// respond with an acknowledgement. This option improves the reliability
+	// of the message transmission.
+	RequestAck bool `json:"request_ack"`
+
+	// Flag to skip verifying insecure certs on TLS connections
+	TlsInsecureSkipVerify bool `json: "tls_insecure_skip_verify"`
+}
+
+type ErrUnknownNetwork struct {
+	network string
+}
+
+func (e *ErrUnknownNetwork) Error() string {
+	return "unknown network " + e.network
+}
+
+func NewErrUnknownNetwork(network string) error {
+	return &ErrUnknownNetwork{network}
+}
+
+type msgToSend struct {
+	data []byte
+	ack  string
 }
 
 type Fluent struct {
 	Config
 
-	mubuff  sync.Mutex
-	pending []byte
+	dialer dialer
+	// stopRunning is used in async mode to signal to run() it should abort.
+	stopRunning chan struct{}
+	// cancelDialings is used by Close() to stop any in-progress dialing.
+	cancelDialings context.CancelFunc
+	pending        chan *msgToSend
+	pendingMutex   sync.RWMutex
+	closed         bool
+	wg             sync.WaitGroup
+
+	muconn sync.RWMutex
+	conn   net.Conn
+}
 
-	muconn       sync.Mutex
-	conn         net.Conn
-	reconnecting bool
+type dialer interface {
+	DialContext(ctx context.Context, network, address string) (net.Conn, error)
 }
 
 // New creates a new Logger.
-func New(config Config) (f *Fluent, err error) {
+func New(config Config) (*Fluent, error) {
+	if config.Timeout == 0 {
+		config.Timeout = defaultTimeout
+	}
+	return newWithDialer(config, &net.Dialer{
+		Timeout: config.Timeout,
+	})
+}
+
+func newWithDialer(config Config, d dialer) (f *Fluent, err error) {
 	if config.FluentNetwork == "" {
 		config.FluentNetwork = defaultNetwork
 	}
@@ -74,9 +139,6 @@ func New(config Config) (f *Fluent, err error) {
 	if config.FluentSocketPath == "" {
 		config.FluentSocketPath = defaultSocketPath
 	}
-	if config.Timeout == 0 {
-		config.Timeout = defaultTimeout
-	}
 	if config.WriteTimeout == 0 {
 		config.WriteTimeout = defaultWriteTimeout
 	}
@@ -89,12 +151,39 @@ func New(config Config) (f *Fluent, err error) {
 	if config.MaxRetry == 0 {
 		config.MaxRetry = defaultMaxRetry
 	}
+	if config.MaxRetryWait == 0 {
+		config.MaxRetryWait = defaultMaxRetryWait
+	}
+	if !config.TlsInsecureSkipVerify {
+		config.TlsInsecureSkipVerify = defaultTlsInsecureSkipVerify
+	}
 	if config.AsyncConnect {
-		f = &Fluent{Config: config, reconnecting: true}
-		go f.reconnect()
+		fmt.Fprintf(os.Stderr, "fluent#New: AsyncConnect is now deprecated, please use Async instead")
+		config.Async = config.Async || config.AsyncConnect
+	}
+
+	if config.Async {
+		ctx, cancel := context.WithCancel(context.Background())
+
+		f = &Fluent{
+			Config:         config,
+			dialer:         d,
+			stopRunning:    make(chan struct{}),
+			cancelDialings: cancel,
+			pending:        make(chan *msgToSend, config.BufferLimit),
+			pendingMutex:   sync.RWMutex{},
+			muconn:         sync.RWMutex{},
+		}
+
+		f.wg.Add(1)
+		go f.run(ctx)
 	} else {
-		f = &Fluent{Config: config, reconnecting: false}
-		err = f.connect()
+		f = &Fluent{
+			Config: config,
+			dialer: d,
+			muconn: sync.RWMutex{},
+		}
+		err = f.connect(context.Background())
 	}
 	return
 }
@@ -147,13 +236,18 @@ func (f *Fluent) PostWithTime(tag string, tm time.Time, message interface{}) err
 		fields := msgtype.NumField()
 		for i := 0; i < fields; i++ {
 			field := msgtype.Field(i)
+			value := msg.FieldByIndex(field.Index)
+			// ignore unexported fields
+			if !value.CanInterface() {
+				continue
+			}
 			name := field.Name
 			if n1 := field.Tag.Get("msg"); n1 != "" {
 				name = n1
 			} else if n2 := field.Tag.Get("codec"); n2 != "" {
 				name = n2
 			}
-			kv[name] = msg.FieldByIndex(field.Index).Interface()
+			kv[name] = value.Interface()
 		}
 		return f.EncodeAndPostData(tag, tm, kv)
 	}
@@ -173,28 +267,29 @@ func (f *Fluent) PostWithTime(tag string, tm time.Time, message interface{}) err
 }
 
 func (f *Fluent) EncodeAndPostData(tag string, tm time.Time, message interface{}) error {
-	var data []byte
+	var msg *msgToSend
 	var err error
-	if data, err = f.EncodeData(tag, tm, message); err != nil {
+	if msg, err = f.EncodeData(tag, tm, message); err != nil {
 		return fmt.Errorf("fluent#EncodeAndPostData: can't convert '%#v' to msgpack:%v", message, err)
 	}
-	return f.postRawData(data)
+	return f.postRawData(msg)
 }
 
 // Deprecated: Use EncodeAndPostData instead
-func (f *Fluent) PostRawData(data []byte) {
-	f.postRawData(data)
+func (f *Fluent) PostRawData(msg *msgToSend) {
+	f.postRawData(msg)
 }
 
-func (f *Fluent) postRawData(data []byte) error {
-	if err := f.appendBuffer(data); err != nil {
-		return err
+func (f *Fluent) postRawData(msg *msgToSend) error {
+	if f.Config.Async {
+		return f.appendBuffer(msg)
 	}
-	if err := f.send(); err != nil {
-		f.close()
-		return err
+
+	// Synchronous write
+	if f.closed {
+		return fmt.Errorf("fluent#postRawData: Logger already closed")
 	}
-	return nil
+	return f.writeWithRetry(context.Background(), msg)
 }
 
 // For sending forward protocol adopted JSON
@@ -207,126 +302,315 @@ type MessageChunk struct {
 // So, it should write JSON marshaler by hand.
 func (chunk *MessageChunk) MarshalJSON() ([]byte, error) {
 	data, err := json.Marshal(chunk.message.Record)
-	return []byte(fmt.Sprintf("[\"%s\",%d,%s,null]", chunk.message.Tag,
-		chunk.message.Time, data)), err
+	if err != nil {
+		return nil, err
+	}
+	option, err := json.Marshal(chunk.message.Option)
+	if err != nil {
+		return nil, err
+	}
+	return []byte(fmt.Sprintf("[\"%s\",%d,%s,%s]", chunk.message.Tag,
+		chunk.message.Time, data, option)), err
+}
+
+// getUniqueID returns a base64 encoded unique ID that can be used for chunk/ack
+// mechanism, see
+// https://github.com/fluent/fluentd/wiki/Forward-Protocol-Specification-v1#option
+func getUniqueID(timeUnix int64) (string, error) {
+	buf := bytes.NewBuffer(nil)
+	enc := base64.NewEncoder(base64.StdEncoding, buf)
+	if err := binary.Write(enc, binary.LittleEndian, timeUnix); err != nil {
+		enc.Close()
+		return "", err
+	}
+	if err := binary.Write(enc, binary.LittleEndian, randomGenerator()); err != nil {
+		enc.Close()
+		return "", err
+	}
+	// encoder needs to be closed before buf.String(), defer does not work
+	// here
+	enc.Close()
+	return buf.String(), nil
 }
 
-func (f *Fluent) EncodeData(tag string, tm time.Time, message interface{}) (data []byte, err error) {
+func (f *Fluent) EncodeData(tag string, tm time.Time, message interface{}) (msg *msgToSend, err error) {
+	option := make(map[string]string)
+	msg = &msgToSend{}
 	timeUnix := tm.Unix()
+	if f.Config.RequestAck {
+		var err error
+		msg.ack, err = getUniqueID(timeUnix)
+		if err != nil {
+			return nil, err
+		}
+		option["chunk"] = msg.ack
+	}
 	if f.Config.MarshalAsJSON {
-		msg := Message{Tag: tag, Time: timeUnix, Record: message}
-		chunk := &MessageChunk{message: msg}
-		data, err = json.Marshal(chunk)
+		m := Message{Tag: tag, Time: timeUnix, Record: message, Option: option}
+		chunk := &MessageChunk{message: m}
+		msg.data, err = json.Marshal(chunk)
 	} else if f.Config.SubSecondPrecision {
-		msg := &MessageExt{Tag: tag, Time: EventTime(tm), Record: message}
-		data, err = msg.MarshalMsg(nil)
+		m := &MessageExt{Tag: tag, Time: EventTime(tm), Record: message, Option: option}
+		msg.data, err = m.MarshalMsg(nil)
 	} else {
-		msg := &Message{Tag: tag, Time: timeUnix, Record: message}
-		data, err = msg.MarshalMsg(nil)
+		m := &Message{Tag: tag, Time: timeUnix, Record: message, Option: option}
+		msg.data, err = m.MarshalMsg(nil)
 	}
 	return
 }
 
-// Close closes the connection.
+// Close closes the connection, waiting for pending logs to be sent. If the client is
+// running in async mode, the run() goroutine exits before Close() returns.
 func (f *Fluent) Close() (err error) {
-	if len(f.pending) > 0 {
-		err = f.send()
+	if f.Config.Async {
+		f.pendingMutex.Lock()
+		if f.closed {
+			f.pendingMutex.Unlock()
+			return nil
+		}
+		f.closed = true
+		f.pendingMutex.Unlock()
+
+		if f.Config.ForceStopAsyncSend {
+			close(f.stopRunning)
+			f.cancelDialings()
+		}
+
+		close(f.pending)
+		// If ForceStopAsyncSend is false, all logs in the channel have to be sent
+		// before closing the connection. At this point closed is true so no more
+		// logs are written to the channel and f.pending has been closed, so run()
+		// goroutine will exit as soon as all logs in the channel are sent.
+		if !f.Config.ForceStopAsyncSend {
+			f.wg.Wait()
+		}
 	}
+
+	f.muconn.Lock()
 	f.close()
+	f.closed = true
+	f.muconn.Unlock()
+
+	// If ForceStopAsyncSend is true, we shall close the connection before waiting for
+	// run() goroutine to exit to be sure we aren't waiting on ack message that might
+	// never come (eg. because fluentd server is down). However we want to be sure the
+	// run() goroutine stops before returning from Close().
+	if f.Config.ForceStopAsyncSend {
+		f.wg.Wait()
+	}
 	return
 }
 
 // appendBuffer appends data to buffer with lock.
-func (f *Fluent) appendBuffer(data []byte) error {
-	f.mubuff.Lock()
-	defer f.mubuff.Unlock()
-	if len(f.pending)+len(data) > f.Config.BufferLimit {
-		return errors.New(fmt.Sprintf("fluent#appendBuffer: Buffer full, limit %v", f.Config.BufferLimit))
+func (f *Fluent) appendBuffer(msg *msgToSend) error {
+	f.pendingMutex.RLock()
+	defer f.pendingMutex.RUnlock()
+	if f.closed {
+		return fmt.Errorf("fluent#appendBuffer: Logger already closed")
+	}
+	select {
+	case f.pending <- msg:
+	default:
+		return fmt.Errorf("fluent#appendBuffer: Buffer full, limit %v", f.Config.BufferLimit)
 	}
-	f.pending = append(f.pending, data...)
 	return nil
 }
 
-// close closes the connection.
+// close closes the connection. Callers should take care of locking muconn first.
 func (f *Fluent) close() {
-	f.muconn.Lock()
 	if f.conn != nil {
 		f.conn.Close()
 		f.conn = nil
 	}
-	f.muconn.Unlock()
 }
 
-// connect establishes a new connection using the specified transport.
-func (f *Fluent) connect() (err error) {
-	f.muconn.Lock()
-	defer f.muconn.Unlock()
-
+// connect establishes a new connection using the specified transport. Caller should
+// take care of locking muconn first.
+func (f *Fluent) connect(ctx context.Context) (err error) {
 	switch f.Config.FluentNetwork {
 	case "tcp":
-		f.conn, err = net.DialTimeout(f.Config.FluentNetwork, f.Config.FluentHost+":"+strconv.Itoa(f.Config.FluentPort), f.Config.Timeout)
+		f.conn, err = f.dialer.DialContext(ctx,
+			f.Config.FluentNetwork,
+			f.Config.FluentHost+":"+strconv.Itoa(f.Config.FluentPort))
+	case "tls":
+		tlsConfig := &tls.Config{InsecureSkipVerify: f.Config.TlsInsecureSkipVerify}
+		f.conn, err = tls.DialWithDialer(
+			&net.Dialer{Timeout: f.Config.Timeout},
+			"tcp",
+			f.Config.FluentHost+":"+strconv.Itoa(f.Config.FluentPort), tlsConfig,
+		)
 	case "unix":
-		f.conn, err = net.DialTimeout(f.Config.FluentNetwork, f.Config.FluentSocketPath, f.Config.Timeout)
+		f.conn, err = f.dialer.DialContext(ctx,
+			f.Config.FluentNetwork,
+			f.Config.FluentSocketPath)
 	default:
-		err = net.UnknownNetworkError(f.Config.FluentNetwork)
+		err = NewErrUnknownNetwork(f.Config.FluentNetwork)
 	}
 
-	if err == nil {
-		f.reconnecting = false
+	return err
+}
+
+var errIsClosing = errors.New("fluent logger is closing")
+
+// Caller should take care of locking muconn first.
+func (f *Fluent) connectWithRetry(ctx context.Context) error {
+	// A Time channel is used instead of time.Sleep() to avoid blocking this
+	// goroutine during way too much time (because of the exponential back-off
+	// retry).
+	// time.NewTimer() is used instead of time.After() to avoid leaking the
+	// timer channel (cf. https://pkg.go.dev/time#After).
+	timeout := time.NewTimer(time.Duration(0))
+	defer func() {
+		// timeout.Stop() is called in a function literal instead of being
+		// defered directly as it's re-assigned below when the retry loop spins.
+		timeout.Stop()
+	}()
+
+	for i := 0; i < f.Config.MaxRetry; i++ {
+		select {
+		case <-timeout.C:
+			err := f.connect(ctx)
+			if err == nil {
+				return nil
+			}
+
+			if _, ok := err.(*ErrUnknownNetwork); ok {
+				return err
+			}
+			if err == context.Canceled {
+				return errIsClosing
+			}
+
+			waitTime := f.Config.RetryWait * e(defaultReconnectWaitIncreRate, float64(i-1))
+			if waitTime > f.Config.MaxRetryWait {
+				waitTime = f.Config.MaxRetryWait
+			}
+
+			timeout = time.NewTimer(time.Duration(waitTime) * time.Millisecond)
+		case <-ctx.Done():
+			return errIsClosing
+		}
+	}
+
+	return fmt.Errorf("could not connect to fluentd after %d retries", f.Config.MaxRetry)
+}
+
+// run is the goroutine used to unqueue and write logs in async mode. That
+// goroutine is meant to run during the whole life of the Fluent logger.
+func (f *Fluent) run(ctx context.Context) {
+	for {
+		select {
+		case entry, ok := <-f.pending:
+			// f.stopRunning is closed before f.pending only when ForceStopAsyncSend
+			// is enabled. Otherwise, f.pending is closed when Close() is called.
+			if !ok {
+				f.wg.Done()
+				return
+			}
+
+			err := f.writeWithRetry(ctx, entry)
+			if err != nil && err != errIsClosing {
+				fmt.Fprintf(os.Stderr, "[%s] Unable to send logs to fluentd, reconnecting...\n", time.Now().Format(time.RFC3339))
+			}
+			if f.AsyncResultCallback != nil {
+				var data []byte
+				if entry != nil {
+					data = entry.data
+				}
+				f.AsyncResultCallback(data, err)
+			}
+		case <-f.stopRunning:
+			fmt.Fprintf(os.Stderr, "[%s] Discarding queued events...\n", time.Now().Format(time.RFC3339))
+
+			f.wg.Done()
+			return
+		}
 	}
-	return
 }
 
 func e(x, y float64) int {
 	return int(math.Pow(x, y))
 }
 
-func (f *Fluent) reconnect() {
-	for i := 0; ; i++ {
-		err := f.connect()
-		if err == nil {
-			f.send()
-			return
+func (f *Fluent) writeWithRetry(ctx context.Context, msg *msgToSend) error {
+	for i := 0; i < f.Config.MaxRetry; i++ {
+		if retry, err := f.write(ctx, msg); !retry {
+			return err
 		}
-		if i == f.Config.MaxRetry {
-			// TODO: What we can do when connection failed MaxRetry times?
-			panic("fluent#reconnect: failed to reconnect!")
-		}
-		waitTime := f.Config.RetryWait * e(defaultReconnectWaitIncreRate, float64(i-1))
-		time.Sleep(time.Duration(waitTime) * time.Millisecond)
 	}
+
+	return fmt.Errorf("fluent#write: failed to write after %d attempts", f.Config.MaxRetry)
 }
 
-func (f *Fluent) send() error {
-	f.muconn.Lock()
-	defer f.muconn.Unlock()
+// write writes the provided msg to fluentd server. Its first return values is
+// a bool indicating whether the write should be retried.
+// This method relies on function literals to execute muconn.Unlock or
+// muconn.RUnlock in deferred calls to ensure the mutex is unlocked even in
+// the case of panic recovering.
+func (f *Fluent) write(ctx context.Context, msg *msgToSend) (bool, error) {
+	closer := func() {
+		f.muconn.Lock()
+		defer f.muconn.Unlock()
 
-	if f.conn == nil {
-		if f.reconnecting == false {
-			f.reconnecting = true
-			go f.reconnect()
+		f.close()
+	}
+
+	if err := func() (err error) {
+		f.muconn.Lock()
+		defer f.muconn.Unlock()
+
+		if f.conn == nil {
+			err = f.connectWithRetry(ctx)
 		}
-		return errors.New("fluent#send: can't send logs, client is reconnecting")
+
+		return err
+	}(); err != nil {
+		// Here, we don't want to retry the write since connectWithRetry already
+		// retries Config.MaxRetry times to connect.
+		return false, fmt.Errorf("fluent#write: %v", err)
 	}
 
-	f.mubuff.Lock()
-	defer f.mubuff.Unlock()
+	if err := func() (err error) {
+		f.muconn.RLock()
+		defer f.muconn.RUnlock()
+
+		if f.conn == nil {
+			return fmt.Errorf("connection has been closed before writing to it")
+		}
 
-	var err error
-	if len(f.pending) > 0 {
 		t := f.Config.WriteTimeout
 		if time.Duration(0) < t {
 			f.conn.SetWriteDeadline(time.Now().Add(t))
 		} else {
 			f.conn.SetWriteDeadline(time.Time{})
 		}
-		_, err = f.conn.Write(f.pending)
-		if err != nil {
-			f.conn.Close()
-			f.conn = nil
+
+		_, err = f.conn.Write(msg.data)
+		return err
+	}(); err != nil {
+		closer()
+		return true, fmt.Errorf("fluent#write: %v", err)
+	}
+
+	// Acknowledgment check
+	if msg.ack != "" {
+		resp := &AckResp{}
+		var err error
+		if f.Config.MarshalAsJSON {
+			dec := json.NewDecoder(f.conn)
+			err = dec.Decode(resp)
 		} else {
-			f.pending = f.pending[:0]
+			r := msgp.NewReader(f.conn)
+			err = resp.DecodeMsg(r)
+		}
+
+		if err != nil || resp.Ack != msg.ack {
+			fmt.Fprintf(os.Stderr, "fluent#write: message ack (%s) doesn't match expected one (%s). Closing connection...", resp.Ack, msg.ack)
+
+			closer()
+			return true, err
 		}
 	}
-	return err
+
+	return false, nil
 }
diff --git a/vendor/github.com/fluent/fluent-logger-golang/fluent/proto.go b/vendor/github.com/fluent/fluent-logger-golang/fluent/proto.go
index 158e22da71cfd..95faa9624a77f 100644
--- a/vendor/github.com/fluent/fluent-logger-golang/fluent/proto.go
+++ b/vendor/github.com/fluent/fluent-logger-golang/fluent/proto.go
@@ -3,6 +3,7 @@
 package fluent
 
 import (
+	"fmt"
 	"time"
 
 	"github.com/tinylib/msgp/msgp"
@@ -16,9 +17,9 @@ type Entry struct {
 
 //msgp:tuple Forward
 type Forward struct {
-	Tag     string      `msg:"tag"`
-	Entries []Entry     `msg:"entries"`
-	Option  interface{} `msg:"option"`
+	Tag     string  `msg:"tag"`
+	Entries []Entry `msg:"entries"`
+	Option  map[string]string
 }
 
 //msgp:tuple Message
@@ -26,7 +27,7 @@ type Message struct {
 	Tag    string      `msg:"tag"`
 	Time   int64       `msg:"time"`
 	Record interface{} `msg:"record"`
-	Option interface{} `msg:"option"`
+	Option map[string]string
 }
 
 //msgp:tuple MessageExt
@@ -34,7 +35,11 @@ type MessageExt struct {
 	Tag    string      `msg:"tag"`
 	Time   EventTime   `msg:"time,extension"`
 	Record interface{} `msg:"record"`
-	Option interface{} `msg:"option"`
+	Option map[string]string
+}
+
+type AckResp struct {
+	Ack string `json:"ack" msg:"ack"`
 }
 
 // EventTime is an extension to the serialized time value. It builds in support
@@ -89,8 +94,19 @@ func (t *EventTime) MarshalBinaryTo(b []byte) error {
 	return nil
 }
 
-// UnmarshalBinary is not implemented since decoding messages is not supported
-// by this library.
+// Although decoding messages is not officially supported by this library,
+// UnmarshalBinary is implemented for testing and general completeness.
 func (t *EventTime) UnmarshalBinary(b []byte) error {
+	if len(b) != length {
+		return fmt.Errorf("Invalid EventTime byte length: %d", len(b))
+	}
+
+	sec := (int32(b[0]) << 24) | (int32(b[1]) << 16)
+	sec = sec | (int32(b[2]) << 8) | int32(b[3])
+
+	nsec := (int32(b[4]) << 24) | (int32(b[5]) << 16)
+	nsec = nsec | (int32(b[6]) << 8) | int32(b[7])
+
+	*t = EventTime(time.Unix(int64(sec), int64(nsec)))
 	return nil
 }
diff --git a/vendor/github.com/fluent/fluent-logger-golang/fluent/proto_gen.go b/vendor/github.com/fluent/fluent-logger-golang/fluent/proto_gen.go
index 5b88a688f86b5..e808880c6ab03 100644
--- a/vendor/github.com/fluent/fluent-logger-golang/fluent/proto_gen.go
+++ b/vendor/github.com/fluent/fluent-logger-golang/fluent/proto_gen.go
@@ -1,30 +1,134 @@
 package fluent
 
-// NOTE: THIS FILE WAS PRODUCED BY THE
-// MSGP CODE GENERATION TOOL (github.com/tinylib/msgp)
-// DO NOT EDIT
+// Code generated by github.com/tinylib/msgp DO NOT EDIT.
 
 import (
 	"github.com/tinylib/msgp/msgp"
 )
 
+// DecodeMsg implements msgp.Decodable
+func (z *AckResp) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "ack":
+			z.Ack, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Ack")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z AckResp) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 1
+	// write "ack"
+	err = en.Append(0x81, 0xa3, 0x61, 0x63, 0x6b)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Ack)
+	if err != nil {
+		err = msgp.WrapError(err, "Ack")
+		return
+	}
+	return
+}
+
+// MarshalMsg implements msgp.Marshaler
+func (z AckResp) MarshalMsg(b []byte) (o []byte, err error) {
+	o = msgp.Require(b, z.Msgsize())
+	// map header, size 1
+	// string "ack"
+	o = append(o, 0x81, 0xa3, 0x61, 0x63, 0x6b)
+	o = msgp.AppendString(o, z.Ack)
+	return
+}
+
+// UnmarshalMsg implements msgp.Unmarshaler
+func (z *AckResp) UnmarshalMsg(bts []byte) (o []byte, err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, bts, err = msgp.ReadMapHeaderBytes(bts)
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, bts, err = msgp.ReadMapKeyZC(bts)
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "ack":
+			z.Ack, bts, err = msgp.ReadStringBytes(bts)
+			if err != nil {
+				err = msgp.WrapError(err, "Ack")
+				return
+			}
+		default:
+			bts, err = msgp.Skip(bts)
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	o = bts
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z AckResp) Msgsize() (s int) {
+	s = 1 + 4 + msgp.StringPrefixSize + len(z.Ack)
+	return
+}
+
 // DecodeMsg implements msgp.Decodable
 func (z *Entry) DecodeMsg(dc *msgp.Reader) (err error) {
-	var zxvk uint32
-	zxvk, err = dc.ReadArrayHeader()
+	var zb0001 uint32
+	zb0001, err = dc.ReadArrayHeader()
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	if zxvk != 2 {
-		err = msgp.ArrayError{Wanted: 2, Got: zxvk}
+	if zb0001 != 2 {
+		err = msgp.ArrayError{Wanted: 2, Got: zb0001}
 		return
 	}
 	z.Time, err = dc.ReadInt64()
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	z.Record, err = dc.ReadIntf()
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
 	return
@@ -35,14 +139,16 @@ func (z Entry) EncodeMsg(en *msgp.Writer) (err error) {
 	// array header, size 2
 	err = en.Append(0x92)
 	if err != nil {
-		return err
+		return
 	}
 	err = en.WriteInt64(z.Time)
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	err = en.WriteIntf(z.Record)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
 	return
@@ -56,6 +162,7 @@ func (z Entry) MarshalMsg(b []byte) (o []byte, err error) {
 	o = msgp.AppendInt64(o, z.Time)
 	o, err = msgp.AppendIntf(o, z.Record)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
 	return
@@ -63,21 +170,24 @@ func (z Entry) MarshalMsg(b []byte) (o []byte, err error) {
 
 // UnmarshalMsg implements msgp.Unmarshaler
 func (z *Entry) UnmarshalMsg(bts []byte) (o []byte, err error) {
-	var zbzg uint32
-	zbzg, bts, err = msgp.ReadArrayHeaderBytes(bts)
+	var zb0001 uint32
+	zb0001, bts, err = msgp.ReadArrayHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	if zbzg != 2 {
-		err = msgp.ArrayError{Wanted: 2, Got: zbzg}
+	if zb0001 != 2 {
+		err = msgp.ArrayError{Wanted: 2, Got: zb0001}
 		return
 	}
 	z.Time, bts, err = msgp.ReadInt64Bytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	z.Record, bts, err = msgp.ReadIntfBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
 	o = bts
@@ -92,52 +202,83 @@ func (z Entry) Msgsize() (s int) {
 
 // DecodeMsg implements msgp.Decodable
 func (z *Forward) DecodeMsg(dc *msgp.Reader) (err error) {
-	var zcmr uint32
-	zcmr, err = dc.ReadArrayHeader()
+	var zb0001 uint32
+	zb0001, err = dc.ReadArrayHeader()
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	if zcmr != 3 {
-		err = msgp.ArrayError{Wanted: 3, Got: zcmr}
+	if zb0001 != 3 {
+		err = msgp.ArrayError{Wanted: 3, Got: zb0001}
 		return
 	}
 	z.Tag, err = dc.ReadString()
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
-	var zajw uint32
-	zajw, err = dc.ReadArrayHeader()
+	var zb0002 uint32
+	zb0002, err = dc.ReadArrayHeader()
 	if err != nil {
+		err = msgp.WrapError(err, "Entries")
 		return
 	}
-	if cap(z.Entries) >= int(zajw) {
-		z.Entries = (z.Entries)[:zajw]
+	if cap(z.Entries) >= int(zb0002) {
+		z.Entries = (z.Entries)[:zb0002]
 	} else {
-		z.Entries = make([]Entry, zajw)
+		z.Entries = make([]Entry, zb0002)
 	}
-	for zbai := range z.Entries {
-		var zwht uint32
-		zwht, err = dc.ReadArrayHeader()
+	for za0001 := range z.Entries {
+		var zb0003 uint32
+		zb0003, err = dc.ReadArrayHeader()
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001)
 			return
 		}
-		if zwht != 2 {
-			err = msgp.ArrayError{Wanted: 2, Got: zwht}
+		if zb0003 != 2 {
+			err = msgp.ArrayError{Wanted: 2, Got: zb0003}
 			return
 		}
-		z.Entries[zbai].Time, err = dc.ReadInt64()
+		z.Entries[za0001].Time, err = dc.ReadInt64()
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001, "Time")
 			return
 		}
-		z.Entries[zbai].Record, err = dc.ReadIntf()
+		z.Entries[za0001].Record, err = dc.ReadIntf()
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001, "Record")
 			return
 		}
 	}
-	z.Option, err = dc.ReadIntf()
+	var zb0004 uint32
+	zb0004, err = dc.ReadMapHeader()
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	if z.Option == nil {
+		z.Option = make(map[string]string, zb0004)
+	} else if len(z.Option) > 0 {
+		for key := range z.Option {
+			delete(z.Option, key)
+		}
+	}
+	for zb0004 > 0 {
+		zb0004--
+		var za0002 string
+		var za0003 string
+		za0002, err = dc.ReadString()
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		za0003, err = dc.ReadString()
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0002)
+			return
+		}
+		z.Option[za0002] = za0003
+	}
 	return
 }
 
@@ -146,35 +287,52 @@ func (z *Forward) EncodeMsg(en *msgp.Writer) (err error) {
 	// array header, size 3
 	err = en.Append(0x93)
 	if err != nil {
-		return err
+		return
 	}
 	err = en.WriteString(z.Tag)
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
 	err = en.WriteArrayHeader(uint32(len(z.Entries)))
 	if err != nil {
+		err = msgp.WrapError(err, "Entries")
 		return
 	}
-	for zbai := range z.Entries {
+	for za0001 := range z.Entries {
 		// array header, size 2
 		err = en.Append(0x92)
 		if err != nil {
-			return err
+			return
 		}
-		err = en.WriteInt64(z.Entries[zbai].Time)
+		err = en.WriteInt64(z.Entries[za0001].Time)
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001, "Time")
 			return
 		}
-		err = en.WriteIntf(z.Entries[zbai].Record)
+		err = en.WriteIntf(z.Entries[za0001].Record)
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001, "Record")
 			return
 		}
 	}
-	err = en.WriteIntf(z.Option)
+	err = en.WriteMapHeader(uint32(len(z.Option)))
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	for za0002, za0003 := range z.Option {
+		err = en.WriteString(za0002)
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		err = en.WriteString(za0003)
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0002)
+			return
+		}
+	}
 	return
 }
 
@@ -185,70 +343,103 @@ func (z *Forward) MarshalMsg(b []byte) (o []byte, err error) {
 	o = append(o, 0x93)
 	o = msgp.AppendString(o, z.Tag)
 	o = msgp.AppendArrayHeader(o, uint32(len(z.Entries)))
-	for zbai := range z.Entries {
+	for za0001 := range z.Entries {
 		// array header, size 2
 		o = append(o, 0x92)
-		o = msgp.AppendInt64(o, z.Entries[zbai].Time)
-		o, err = msgp.AppendIntf(o, z.Entries[zbai].Record)
+		o = msgp.AppendInt64(o, z.Entries[za0001].Time)
+		o, err = msgp.AppendIntf(o, z.Entries[za0001].Record)
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001, "Record")
 			return
 		}
 	}
-	o, err = msgp.AppendIntf(o, z.Option)
-	if err != nil {
-		return
+	o = msgp.AppendMapHeader(o, uint32(len(z.Option)))
+	for za0002, za0003 := range z.Option {
+		o = msgp.AppendString(o, za0002)
+		o = msgp.AppendString(o, za0003)
 	}
 	return
 }
 
 // UnmarshalMsg implements msgp.Unmarshaler
 func (z *Forward) UnmarshalMsg(bts []byte) (o []byte, err error) {
-	var zhct uint32
-	zhct, bts, err = msgp.ReadArrayHeaderBytes(bts)
+	var zb0001 uint32
+	zb0001, bts, err = msgp.ReadArrayHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	if zhct != 3 {
-		err = msgp.ArrayError{Wanted: 3, Got: zhct}
+	if zb0001 != 3 {
+		err = msgp.ArrayError{Wanted: 3, Got: zb0001}
 		return
 	}
 	z.Tag, bts, err = msgp.ReadStringBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
-	var zcua uint32
-	zcua, bts, err = msgp.ReadArrayHeaderBytes(bts)
+	var zb0002 uint32
+	zb0002, bts, err = msgp.ReadArrayHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Entries")
 		return
 	}
-	if cap(z.Entries) >= int(zcua) {
-		z.Entries = (z.Entries)[:zcua]
+	if cap(z.Entries) >= int(zb0002) {
+		z.Entries = (z.Entries)[:zb0002]
 	} else {
-		z.Entries = make([]Entry, zcua)
+		z.Entries = make([]Entry, zb0002)
 	}
-	for zbai := range z.Entries {
-		var zxhx uint32
-		zxhx, bts, err = msgp.ReadArrayHeaderBytes(bts)
+	for za0001 := range z.Entries {
+		var zb0003 uint32
+		zb0003, bts, err = msgp.ReadArrayHeaderBytes(bts)
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001)
 			return
 		}
-		if zxhx != 2 {
-			err = msgp.ArrayError{Wanted: 2, Got: zxhx}
+		if zb0003 != 2 {
+			err = msgp.ArrayError{Wanted: 2, Got: zb0003}
 			return
 		}
-		z.Entries[zbai].Time, bts, err = msgp.ReadInt64Bytes(bts)
+		z.Entries[za0001].Time, bts, err = msgp.ReadInt64Bytes(bts)
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001, "Time")
 			return
 		}
-		z.Entries[zbai].Record, bts, err = msgp.ReadIntfBytes(bts)
+		z.Entries[za0001].Record, bts, err = msgp.ReadIntfBytes(bts)
 		if err != nil {
+			err = msgp.WrapError(err, "Entries", za0001, "Record")
 			return
 		}
 	}
-	z.Option, bts, err = msgp.ReadIntfBytes(bts)
+	var zb0004 uint32
+	zb0004, bts, err = msgp.ReadMapHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	if z.Option == nil {
+		z.Option = make(map[string]string, zb0004)
+	} else if len(z.Option) > 0 {
+		for key := range z.Option {
+			delete(z.Option, key)
+		}
+	}
+	for zb0004 > 0 {
+		var za0002 string
+		var za0003 string
+		zb0004--
+		za0002, bts, err = msgp.ReadStringBytes(bts)
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		za0003, bts, err = msgp.ReadStringBytes(bts)
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0002)
+			return
+		}
+		z.Option[za0002] = za0003
+	}
 	o = bts
 	return
 }
@@ -256,40 +447,75 @@ func (z *Forward) UnmarshalMsg(bts []byte) (o []byte, err error) {
 // Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
 func (z *Forward) Msgsize() (s int) {
 	s = 1 + msgp.StringPrefixSize + len(z.Tag) + msgp.ArrayHeaderSize
-	for zbai := range z.Entries {
-		s += 1 + msgp.Int64Size + msgp.GuessSize(z.Entries[zbai].Record)
+	for za0001 := range z.Entries {
+		s += 1 + msgp.Int64Size + msgp.GuessSize(z.Entries[za0001].Record)
+	}
+	s += msgp.MapHeaderSize
+	if z.Option != nil {
+		for za0002, za0003 := range z.Option {
+			_ = za0003
+			s += msgp.StringPrefixSize + len(za0002) + msgp.StringPrefixSize + len(za0003)
+		}
 	}
-	s += msgp.GuessSize(z.Option)
 	return
 }
 
 // DecodeMsg implements msgp.Decodable
 func (z *Message) DecodeMsg(dc *msgp.Reader) (err error) {
-	var zlqf uint32
-	zlqf, err = dc.ReadArrayHeader()
+	var zb0001 uint32
+	zb0001, err = dc.ReadArrayHeader()
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	if zlqf != 4 {
-		err = msgp.ArrayError{Wanted: 4, Got: zlqf}
+	if zb0001 != 4 {
+		err = msgp.ArrayError{Wanted: 4, Got: zb0001}
 		return
 	}
 	z.Tag, err = dc.ReadString()
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
 	z.Time, err = dc.ReadInt64()
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	z.Record, err = dc.ReadIntf()
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
-	z.Option, err = dc.ReadIntf()
+	var zb0002 uint32
+	zb0002, err = dc.ReadMapHeader()
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	if z.Option == nil {
+		z.Option = make(map[string]string, zb0002)
+	} else if len(z.Option) > 0 {
+		for key := range z.Option {
+			delete(z.Option, key)
+		}
+	}
+	for zb0002 > 0 {
+		zb0002--
+		var za0001 string
+		var za0002 string
+		za0001, err = dc.ReadString()
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		za0002, err = dc.ReadString()
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0001)
+			return
+		}
+		z.Option[za0001] = za0002
+	}
 	return
 }
 
@@ -298,24 +524,40 @@ func (z *Message) EncodeMsg(en *msgp.Writer) (err error) {
 	// array header, size 4
 	err = en.Append(0x94)
 	if err != nil {
-		return err
+		return
 	}
 	err = en.WriteString(z.Tag)
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
 	err = en.WriteInt64(z.Time)
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	err = en.WriteIntf(z.Record)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
-	err = en.WriteIntf(z.Option)
+	err = en.WriteMapHeader(uint32(len(z.Option)))
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	for za0001, za0002 := range z.Option {
+		err = en.WriteString(za0001)
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		err = en.WriteString(za0002)
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0001)
+			return
+		}
+	}
 	return
 }
 
@@ -328,79 +570,145 @@ func (z *Message) MarshalMsg(b []byte) (o []byte, err error) {
 	o = msgp.AppendInt64(o, z.Time)
 	o, err = msgp.AppendIntf(o, z.Record)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
-	o, err = msgp.AppendIntf(o, z.Option)
-	if err != nil {
-		return
+	o = msgp.AppendMapHeader(o, uint32(len(z.Option)))
+	for za0001, za0002 := range z.Option {
+		o = msgp.AppendString(o, za0001)
+		o = msgp.AppendString(o, za0002)
 	}
 	return
 }
 
 // UnmarshalMsg implements msgp.Unmarshaler
 func (z *Message) UnmarshalMsg(bts []byte) (o []byte, err error) {
-	var zdaf uint32
-	zdaf, bts, err = msgp.ReadArrayHeaderBytes(bts)
+	var zb0001 uint32
+	zb0001, bts, err = msgp.ReadArrayHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	if zdaf != 4 {
-		err = msgp.ArrayError{Wanted: 4, Got: zdaf}
+	if zb0001 != 4 {
+		err = msgp.ArrayError{Wanted: 4, Got: zb0001}
 		return
 	}
 	z.Tag, bts, err = msgp.ReadStringBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
 	z.Time, bts, err = msgp.ReadInt64Bytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	z.Record, bts, err = msgp.ReadIntfBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
-	z.Option, bts, err = msgp.ReadIntfBytes(bts)
+	var zb0002 uint32
+	zb0002, bts, err = msgp.ReadMapHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	if z.Option == nil {
+		z.Option = make(map[string]string, zb0002)
+	} else if len(z.Option) > 0 {
+		for key := range z.Option {
+			delete(z.Option, key)
+		}
+	}
+	for zb0002 > 0 {
+		var za0001 string
+		var za0002 string
+		zb0002--
+		za0001, bts, err = msgp.ReadStringBytes(bts)
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		za0002, bts, err = msgp.ReadStringBytes(bts)
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0001)
+			return
+		}
+		z.Option[za0001] = za0002
+	}
 	o = bts
 	return
 }
 
 // Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
 func (z *Message) Msgsize() (s int) {
-	s = 1 + msgp.StringPrefixSize + len(z.Tag) + msgp.Int64Size + msgp.GuessSize(z.Record) + msgp.GuessSize(z.Option)
+	s = 1 + msgp.StringPrefixSize + len(z.Tag) + msgp.Int64Size + msgp.GuessSize(z.Record) + msgp.MapHeaderSize
+	if z.Option != nil {
+		for za0001, za0002 := range z.Option {
+			_ = za0002
+			s += msgp.StringPrefixSize + len(za0001) + msgp.StringPrefixSize + len(za0002)
+		}
+	}
 	return
 }
 
 // DecodeMsg implements msgp.Decodable
 func (z *MessageExt) DecodeMsg(dc *msgp.Reader) (err error) {
-	var zpks uint32
-	zpks, err = dc.ReadArrayHeader()
+	var zb0001 uint32
+	zb0001, err = dc.ReadArrayHeader()
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	if zpks != 4 {
-		err = msgp.ArrayError{Wanted: 4, Got: zpks}
+	if zb0001 != 4 {
+		err = msgp.ArrayError{Wanted: 4, Got: zb0001}
 		return
 	}
 	z.Tag, err = dc.ReadString()
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
 	err = dc.ReadExtension(&z.Time)
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	z.Record, err = dc.ReadIntf()
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
-	z.Option, err = dc.ReadIntf()
+	var zb0002 uint32
+	zb0002, err = dc.ReadMapHeader()
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	if z.Option == nil {
+		z.Option = make(map[string]string, zb0002)
+	} else if len(z.Option) > 0 {
+		for key := range z.Option {
+			delete(z.Option, key)
+		}
+	}
+	for zb0002 > 0 {
+		zb0002--
+		var za0001 string
+		var za0002 string
+		za0001, err = dc.ReadString()
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		za0002, err = dc.ReadString()
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0001)
+			return
+		}
+		z.Option[za0001] = za0002
+	}
 	return
 }
 
@@ -409,24 +717,40 @@ func (z *MessageExt) EncodeMsg(en *msgp.Writer) (err error) {
 	// array header, size 4
 	err = en.Append(0x94)
 	if err != nil {
-		return err
+		return
 	}
 	err = en.WriteString(z.Tag)
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
 	err = en.WriteExtension(&z.Time)
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	err = en.WriteIntf(z.Record)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
-	err = en.WriteIntf(z.Option)
+	err = en.WriteMapHeader(uint32(len(z.Option)))
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	for za0001, za0002 := range z.Option {
+		err = en.WriteString(za0001)
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		err = en.WriteString(za0002)
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0001)
+			return
+		}
+	}
 	return
 }
 
@@ -438,52 +762,90 @@ func (z *MessageExt) MarshalMsg(b []byte) (o []byte, err error) {
 	o = msgp.AppendString(o, z.Tag)
 	o, err = msgp.AppendExtension(o, &z.Time)
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	o, err = msgp.AppendIntf(o, z.Record)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
-	o, err = msgp.AppendIntf(o, z.Option)
-	if err != nil {
-		return
+	o = msgp.AppendMapHeader(o, uint32(len(z.Option)))
+	for za0001, za0002 := range z.Option {
+		o = msgp.AppendString(o, za0001)
+		o = msgp.AppendString(o, za0002)
 	}
 	return
 }
 
 // UnmarshalMsg implements msgp.Unmarshaler
 func (z *MessageExt) UnmarshalMsg(bts []byte) (o []byte, err error) {
-	var zjfb uint32
-	zjfb, bts, err = msgp.ReadArrayHeaderBytes(bts)
+	var zb0001 uint32
+	zb0001, bts, err = msgp.ReadArrayHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	if zjfb != 4 {
-		err = msgp.ArrayError{Wanted: 4, Got: zjfb}
+	if zb0001 != 4 {
+		err = msgp.ArrayError{Wanted: 4, Got: zb0001}
 		return
 	}
 	z.Tag, bts, err = msgp.ReadStringBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Tag")
 		return
 	}
 	bts, err = msgp.ReadExtensionBytes(bts, &z.Time)
 	if err != nil {
+		err = msgp.WrapError(err, "Time")
 		return
 	}
 	z.Record, bts, err = msgp.ReadIntfBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Record")
 		return
 	}
-	z.Option, bts, err = msgp.ReadIntfBytes(bts)
+	var zb0002 uint32
+	zb0002, bts, err = msgp.ReadMapHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err, "Option")
 		return
 	}
+	if z.Option == nil {
+		z.Option = make(map[string]string, zb0002)
+	} else if len(z.Option) > 0 {
+		for key := range z.Option {
+			delete(z.Option, key)
+		}
+	}
+	for zb0002 > 0 {
+		var za0001 string
+		var za0002 string
+		zb0002--
+		za0001, bts, err = msgp.ReadStringBytes(bts)
+		if err != nil {
+			err = msgp.WrapError(err, "Option")
+			return
+		}
+		za0002, bts, err = msgp.ReadStringBytes(bts)
+		if err != nil {
+			err = msgp.WrapError(err, "Option", za0001)
+			return
+		}
+		z.Option[za0001] = za0002
+	}
 	o = bts
 	return
 }
 
 // Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
 func (z *MessageExt) Msgsize() (s int) {
-	s = 1 + msgp.StringPrefixSize + len(z.Tag) + msgp.ExtensionPrefixSize + z.Time.Len() + msgp.GuessSize(z.Record) + msgp.GuessSize(z.Option)
+	s = 1 + msgp.StringPrefixSize + len(z.Tag) + msgp.ExtensionPrefixSize + z.Time.Len() + msgp.GuessSize(z.Record) + msgp.MapHeaderSize
+	if z.Option != nil {
+		for za0001, za0002 := range z.Option {
+			_ = za0002
+			s += msgp.StringPrefixSize + len(za0001) + msgp.StringPrefixSize + len(za0002)
+		}
+	}
 	return
 }
diff --git a/vendor/github.com/fluent/fluent-logger-golang/fluent/test_message_gen.go b/vendor/github.com/fluent/fluent-logger-golang/fluent/test_message_gen.go
index 17a45e22a34f5..591e1a97576ad 100644
--- a/vendor/github.com/fluent/fluent-logger-golang/fluent/test_message_gen.go
+++ b/vendor/github.com/fluent/fluent-logger-golang/fluent/test_message_gen.go
@@ -1,8 +1,6 @@
 package fluent
 
-// NOTE: THIS FILE WAS PRODUCED BY THE
-// MSGP CODE GENERATION TOOL (github.com/tinylib/msgp)
-// DO NOT EDIT
+// Code generated by github.com/tinylib/msgp DO NOT EDIT.
 
 import (
 	"github.com/tinylib/msgp/msgp"
@@ -12,31 +10,36 @@ import (
 func (z *TestMessage) DecodeMsg(dc *msgp.Reader) (err error) {
 	var field []byte
 	_ = field
-	var zxvk uint32
-	zxvk, err = dc.ReadMapHeader()
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	for zxvk > 0 {
-		zxvk--
+	for zb0001 > 0 {
+		zb0001--
 		field, err = dc.ReadMapKeyPtr()
 		if err != nil {
+			err = msgp.WrapError(err)
 			return
 		}
 		switch msgp.UnsafeString(field) {
 		case "foo":
 			z.Foo, err = dc.ReadString()
 			if err != nil {
+				err = msgp.WrapError(err, "Foo")
 				return
 			}
 		case "hoge":
 			z.Hoge, err = dc.ReadString()
 			if err != nil {
+				err = msgp.WrapError(err, "Hoge")
 				return
 			}
 		default:
 			err = dc.Skip()
 			if err != nil {
+				err = msgp.WrapError(err)
 				return
 			}
 		}
@@ -50,19 +53,21 @@ func (z TestMessage) EncodeMsg(en *msgp.Writer) (err error) {
 	// write "foo"
 	err = en.Append(0x82, 0xa3, 0x66, 0x6f, 0x6f)
 	if err != nil {
-		return err
+		return
 	}
 	err = en.WriteString(z.Foo)
 	if err != nil {
+		err = msgp.WrapError(err, "Foo")
 		return
 	}
 	// write "hoge"
 	err = en.Append(0xa4, 0x68, 0x6f, 0x67, 0x65)
 	if err != nil {
-		return err
+		return
 	}
 	err = en.WriteString(z.Hoge)
 	if err != nil {
+		err = msgp.WrapError(err, "Hoge")
 		return
 	}
 	return
@@ -85,31 +90,36 @@ func (z TestMessage) MarshalMsg(b []byte) (o []byte, err error) {
 func (z *TestMessage) UnmarshalMsg(bts []byte) (o []byte, err error) {
 	var field []byte
 	_ = field
-	var zbzg uint32
-	zbzg, bts, err = msgp.ReadMapHeaderBytes(bts)
+	var zb0001 uint32
+	zb0001, bts, err = msgp.ReadMapHeaderBytes(bts)
 	if err != nil {
+		err = msgp.WrapError(err)
 		return
 	}
-	for zbzg > 0 {
-		zbzg--
+	for zb0001 > 0 {
+		zb0001--
 		field, bts, err = msgp.ReadMapKeyZC(bts)
 		if err != nil {
+			err = msgp.WrapError(err)
 			return
 		}
 		switch msgp.UnsafeString(field) {
 		case "foo":
 			z.Foo, bts, err = msgp.ReadStringBytes(bts)
 			if err != nil {
+				err = msgp.WrapError(err, "Foo")
 				return
 			}
 		case "hoge":
 			z.Hoge, bts, err = msgp.ReadStringBytes(bts)
 			if err != nil {
+				err = msgp.WrapError(err, "Hoge")
 				return
 			}
 		default:
 			bts, err = msgp.Skip(bts)
 			if err != nil {
+				err = msgp.WrapError(err)
 				return
 			}
 		}
diff --git a/vendor/github.com/fluent/fluent-logger-golang/fluent/version.go b/vendor/github.com/fluent/fluent-logger-golang/fluent/version.go
index c6ec7e41e2473..83e8932492eab 100644
--- a/vendor/github.com/fluent/fluent-logger-golang/fluent/version.go
+++ b/vendor/github.com/fluent/fluent-logger-golang/fluent/version.go
@@ -1,3 +1,3 @@
 package fluent
 
-const Version = "1.3.0"
+const Version = "1.4.0"
diff --git a/vendor/github.com/fsnotify/fsnotify/LICENSE b/vendor/github.com/fsnotify/fsnotify/LICENSE
index f21e54080090f..e180c8fb0599c 100644
--- a/vendor/github.com/fsnotify/fsnotify/LICENSE
+++ b/vendor/github.com/fsnotify/fsnotify/LICENSE
@@ -1,5 +1,5 @@
 Copyright (c) 2012 The Go Authors. All rights reserved.
-Copyright (c) 2012 fsnotify Authors. All rights reserved.
+Copyright (c) 2012-2019 fsnotify Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
diff --git a/vendor/github.com/fsnotify/fsnotify/README.md b/vendor/github.com/fsnotify/fsnotify/README.md
index 3993207413a75..b2629e5229ca4 100644
--- a/vendor/github.com/fsnotify/fsnotify/README.md
+++ b/vendor/github.com/fsnotify/fsnotify/README.md
@@ -10,16 +10,16 @@ go get -u golang.org/x/sys/...
 
 Cross platform: Windows, Linux, BSD and macOS.
 
-|Adapter   |OS        |Status    |
-|----------|----------|----------|
-|inotify   |Linux 2.6.27 or later, Android\*|Supported [![Build Status](https://travis-ci.org/fsnotify/fsnotify.svg?branch=master)](https://travis-ci.org/fsnotify/fsnotify)|
-|kqueue    |BSD, macOS, iOS\*|Supported [![Build Status](https://travis-ci.org/fsnotify/fsnotify.svg?branch=master)](https://travis-ci.org/fsnotify/fsnotify)|
-|ReadDirectoryChangesW|Windows|Supported [![Build status](https://ci.appveyor.com/api/projects/status/ivwjubaih4r0udeh/branch/master?svg=true)](https://ci.appveyor.com/project/NathanYoungman/fsnotify/branch/master)|
-|FSEvents  |macOS         |[Planned](https://github.com/fsnotify/fsnotify/issues/11)|
-|FEN       |Solaris 11    |[In Progress](https://github.com/fsnotify/fsnotify/issues/12)|
-|fanotify  |Linux 2.6.37+ | |
-|USN Journals |Windows    |[Maybe](https://github.com/fsnotify/fsnotify/issues/53)|
-|Polling   |*All*         |[Maybe](https://github.com/fsnotify/fsnotify/issues/9)|
+| Adapter               | OS                               | Status                                                                                                                          |
+| --------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
+| inotify               | Linux 2.6.27 or later, Android\* | Supported [![Build Status](https://travis-ci.org/fsnotify/fsnotify.svg?branch=master)](https://travis-ci.org/fsnotify/fsnotify) |
+| kqueue                | BSD, macOS, iOS\*                | Supported [![Build Status](https://travis-ci.org/fsnotify/fsnotify.svg?branch=master)](https://travis-ci.org/fsnotify/fsnotify) |
+| ReadDirectoryChangesW | Windows                          | Supported [![Build Status](https://travis-ci.org/fsnotify/fsnotify.svg?branch=master)](https://travis-ci.org/fsnotify/fsnotify) |
+| FSEvents              | macOS                            | [Planned](https://github.com/fsnotify/fsnotify/issues/11)                                                                       |
+| FEN                   | Solaris 11                       | [In Progress](https://github.com/fsnotify/fsnotify/issues/12)                                                                   |
+| fanotify              | Linux 2.6.37+                    | [Planned](https://github.com/fsnotify/fsnotify/issues/114)                                                                      |
+| USN Journals          | Windows                          | [Maybe](https://github.com/fsnotify/fsnotify/issues/53)                                                                         |
+| Polling               | *All*                            | [Maybe](https://github.com/fsnotify/fsnotify/issues/9)                                                                          |
 
 \* Android and iOS are untested.
 
@@ -33,6 +33,53 @@ All [releases](https://github.com/fsnotify/fsnotify/releases) are tagged based o
 
 Go 1.6 supports dependencies located in the `vendor/` folder. Unless you are creating a library, it is recommended that you copy fsnotify into `vendor/github.com/fsnotify/fsnotify` within your project, and likewise for `golang.org/x/sys`.
 
+## Usage
+
+```go
+package main
+
+import (
+	"log"
+
+	"github.com/fsnotify/fsnotify"
+)
+
+func main() {
+	watcher, err := fsnotify.NewWatcher()
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer watcher.Close()
+
+	done := make(chan bool)
+	go func() {
+		for {
+			select {
+			case event, ok := <-watcher.Events:
+				if !ok {
+					return
+				}
+				log.Println("event:", event)
+				if event.Op&fsnotify.Write == fsnotify.Write {
+					log.Println("modified file:", event.Name)
+				}
+			case err, ok := <-watcher.Errors:
+				if !ok {
+					return
+				}
+				log.Println("error:", err)
+			}
+		}
+	}()
+
+	err = watcher.Add("/tmp/foo")
+	if err != nil {
+		log.Fatal(err)
+	}
+	<-done
+}
+```
+
 ## Contributing
 
 Please refer to [CONTRIBUTING][] before opening an issue or pull request.
@@ -65,6 +112,10 @@ There are OS-specific limits as to how many watches can be created:
 * Linux: /proc/sys/fs/inotify/max_user_watches contains the limit, reaching this limit results in a "no space left on device" error.
 * BSD / OSX: sysctl variables "kern.maxfiles" and "kern.maxfilesperproc", reaching these limits results in a "too many open files" error.
 
+**Why don't notifications work with NFS filesystems or filesystem in userspace (FUSE)?**
+
+fsnotify requires support from underlying OS to work. The current NFS protocol does not provide network level support for file notifications.
+
 [#62]: https://github.com/howeyc/fsnotify/issues/62
 [#18]: https://github.com/fsnotify/fsnotify/issues/18
 [#11]: https://github.com/fsnotify/fsnotify/issues/11
diff --git a/vendor/github.com/fsnotify/fsnotify/fsnotify.go b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
index 190bf0de57562..89cab046d124b 100644
--- a/vendor/github.com/fsnotify/fsnotify/fsnotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
@@ -63,4 +63,6 @@ func (e Event) String() string {
 }
 
 // Common errors that can be reported by a watcher
-var ErrEventOverflow = errors.New("fsnotify queue overflow")
+var (
+	ErrEventOverflow = errors.New("fsnotify queue overflow")
+)
diff --git a/vendor/github.com/fsnotify/fsnotify/go.mod b/vendor/github.com/fsnotify/fsnotify/go.mod
new file mode 100644
index 0000000000000..ff11e13f22403
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/go.mod
@@ -0,0 +1,5 @@
+module github.com/fsnotify/fsnotify
+
+go 1.13
+
+require golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9
diff --git a/vendor/github.com/fsnotify/fsnotify/inotify_poller.go b/vendor/github.com/fsnotify/fsnotify/inotify_poller.go
index cc7db4b22ef5b..b33f2b4d4b799 100644
--- a/vendor/github.com/fsnotify/fsnotify/inotify_poller.go
+++ b/vendor/github.com/fsnotify/fsnotify/inotify_poller.go
@@ -40,12 +40,12 @@ func newFdPoller(fd int) (*fdPoller, error) {
 	poller.fd = fd
 
 	// Create epoll fd
-	poller.epfd, errno = unix.EpollCreate1(0)
+	poller.epfd, errno = unix.EpollCreate1(unix.EPOLL_CLOEXEC)
 	if poller.epfd == -1 {
 		return nil, errno
 	}
 	// Create pipe; pipe[0] is the read end, pipe[1] the write end.
-	errno = unix.Pipe2(poller.pipe[:], unix.O_NONBLOCK)
+	errno = unix.Pipe2(poller.pipe[:], unix.O_NONBLOCK|unix.O_CLOEXEC)
 	if errno != nil {
 		return nil, errno
 	}
diff --git a/vendor/github.com/fsnotify/fsnotify/open_mode_bsd.go b/vendor/github.com/fsnotify/fsnotify/open_mode_bsd.go
index 7d8de14513ede..2306c4620bf6d 100644
--- a/vendor/github.com/fsnotify/fsnotify/open_mode_bsd.go
+++ b/vendor/github.com/fsnotify/fsnotify/open_mode_bsd.go
@@ -8,4 +8,4 @@ package fsnotify
 
 import "golang.org/x/sys/unix"
 
-const openMode = unix.O_NONBLOCK | unix.O_RDONLY
+const openMode = unix.O_NONBLOCK | unix.O_RDONLY | unix.O_CLOEXEC
diff --git a/vendor/github.com/fsnotify/fsnotify/open_mode_darwin.go b/vendor/github.com/fsnotify/fsnotify/open_mode_darwin.go
index 9139e17161bfb..870c4d6d18450 100644
--- a/vendor/github.com/fsnotify/fsnotify/open_mode_darwin.go
+++ b/vendor/github.com/fsnotify/fsnotify/open_mode_darwin.go
@@ -9,4 +9,4 @@ package fsnotify
 import "golang.org/x/sys/unix"
 
 // note: this constant is not defined on BSD
-const openMode = unix.O_EVTONLY
+const openMode = unix.O_EVTONLY | unix.O_CLOEXEC
diff --git a/vendor/github.com/go-check/check/LICENSE b/vendor/github.com/go-check/check/LICENSE
deleted file mode 100644
index 545cf2d3311b0..0000000000000
--- a/vendor/github.com/go-check/check/LICENSE
+++ /dev/null
@@ -1,25 +0,0 @@
-Gocheck - A rich testing framework for Go
- 
-Copyright (c) 2010-2013 Gustavo Niemeyer <gustavo@niemeyer.net>
-
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met: 
-
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer. 
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution. 
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/go-check/check/README.md b/vendor/github.com/go-check/check/README.md
deleted file mode 100644
index 0ca78d97e81a6..0000000000000
--- a/vendor/github.com/go-check/check/README.md
+++ /dev/null
@@ -1,10 +0,0 @@
-Go-check
-========
-
-This is a fork of https://github.com/go-check/check
-
-The intention of this fork is not to change any of the original behavior, but add
-some specific behaviors needed for some of my projects already using this test suite.
-For documentation on the main behavior of go-check see the aforementioned repo.
-
-The original branch is intact at `orig_v1`
diff --git a/vendor/github.com/go-check/check/benchmark.go b/vendor/github.com/go-check/check/benchmark.go
deleted file mode 100644
index 46ea9dc6dad69..0000000000000
--- a/vendor/github.com/go-check/check/benchmark.go
+++ /dev/null
@@ -1,187 +0,0 @@
-// Copyright (c) 2012 The Go Authors. All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-// 
-//    * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//    * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//    * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package check
-
-import (
-	"fmt"
-	"runtime"
-	"time"
-)
-
-var memStats runtime.MemStats
-
-// testingB is a type passed to Benchmark functions to manage benchmark
-// timing and to specify the number of iterations to run.
-type timer struct {
-	start     time.Time // Time test or benchmark started
-	duration  time.Duration
-	N         int
-	bytes     int64
-	timerOn   bool
-	benchTime time.Duration
-	// The initial states of memStats.Mallocs and memStats.TotalAlloc.
-	startAllocs uint64
-	startBytes  uint64
-	// The net total of this test after being run.
-	netAllocs uint64
-	netBytes  uint64
-}
-
-// StartTimer starts timing a test. This function is called automatically
-// before a benchmark starts, but it can also used to resume timing after
-// a call to StopTimer.
-func (c *C) StartTimer() {
-	if !c.timerOn {
-		c.start = time.Now()
-		c.timerOn = true
-
-		runtime.ReadMemStats(&memStats)
-		c.startAllocs = memStats.Mallocs
-		c.startBytes = memStats.TotalAlloc
-	}
-}
-
-// StopTimer stops timing a test. This can be used to pause the timer
-// while performing complex initialization that you don't
-// want to measure.
-func (c *C) StopTimer() {
-	if c.timerOn {
-		c.duration += time.Now().Sub(c.start)
-		c.timerOn = false
-		runtime.ReadMemStats(&memStats)
-		c.netAllocs += memStats.Mallocs - c.startAllocs
-		c.netBytes += memStats.TotalAlloc - c.startBytes
-	}
-}
-
-// ResetTimer sets the elapsed benchmark time to zero.
-// It does not affect whether the timer is running.
-func (c *C) ResetTimer() {
-	if c.timerOn {
-		c.start = time.Now()
-		runtime.ReadMemStats(&memStats)
-		c.startAllocs = memStats.Mallocs
-		c.startBytes = memStats.TotalAlloc
-	}
-	c.duration = 0
-	c.netAllocs = 0
-	c.netBytes = 0
-}
-
-// SetBytes informs the number of bytes that the benchmark processes
-// on each iteration. If this is called in a benchmark it will also
-// report MB/s.
-func (c *C) SetBytes(n int64) {
-	c.bytes = n
-}
-
-func (c *C) nsPerOp() int64 {
-	if c.N <= 0 {
-		return 0
-	}
-	return c.duration.Nanoseconds() / int64(c.N)
-}
-
-func (c *C) mbPerSec() float64 {
-	if c.bytes <= 0 || c.duration <= 0 || c.N <= 0 {
-		return 0
-	}
-	return (float64(c.bytes) * float64(c.N) / 1e6) / c.duration.Seconds()
-}
-
-func (c *C) timerString() string {
-	if c.N <= 0 {
-		return fmt.Sprintf("%3.3fs", float64(c.duration.Nanoseconds())/1e9)
-	}
-	mbs := c.mbPerSec()
-	mb := ""
-	if mbs != 0 {
-		mb = fmt.Sprintf("\t%7.2f MB/s", mbs)
-	}
-	nsop := c.nsPerOp()
-	ns := fmt.Sprintf("%10d ns/op", nsop)
-	if c.N > 0 && nsop < 100 {
-		// The format specifiers here make sure that
-		// the ones digits line up for all three possible formats.
-		if nsop < 10 {
-			ns = fmt.Sprintf("%13.2f ns/op", float64(c.duration.Nanoseconds())/float64(c.N))
-		} else {
-			ns = fmt.Sprintf("%12.1f ns/op", float64(c.duration.Nanoseconds())/float64(c.N))
-		}
-	}
-	memStats := ""
-	if c.benchMem {
-		allocedBytes := fmt.Sprintf("%8d B/op", int64(c.netBytes)/int64(c.N))
-		allocs := fmt.Sprintf("%8d allocs/op", int64(c.netAllocs)/int64(c.N))
-		memStats = fmt.Sprintf("\t%s\t%s", allocedBytes, allocs)
-	}
-	return fmt.Sprintf("%8d\t%s%s%s", c.N, ns, mb, memStats)
-}
-
-func min(x, y int) int {
-	if x > y {
-		return y
-	}
-	return x
-}
-
-func max(x, y int) int {
-	if x < y {
-		return y
-	}
-	return x
-}
-
-// roundDown10 rounds a number down to the nearest power of 10.
-func roundDown10(n int) int {
-	var tens = 0
-	// tens = floor(log_10(n))
-	for n > 10 {
-		n = n / 10
-		tens++
-	}
-	// result = 10^tens
-	result := 1
-	for i := 0; i < tens; i++ {
-		result *= 10
-	}
-	return result
-}
-
-// roundUp rounds x up to a number of the form [1eX, 2eX, 5eX].
-func roundUp(n int) int {
-	base := roundDown10(n)
-	if n < (2 * base) {
-		return 2 * base
-	}
-	if n < (5 * base) {
-		return 5 * base
-	}
-	return 10 * base
-}
diff --git a/vendor/github.com/go-check/check/check.go b/vendor/github.com/go-check/check/check.go
deleted file mode 100644
index a4e60903c2717..0000000000000
--- a/vendor/github.com/go-check/check/check.go
+++ /dev/null
@@ -1,939 +0,0 @@
-// Package check is a rich testing extension for Go's testing package.
-//
-// For details about the project, see:
-//
-//     http://labix.org/gocheck
-//
-package check
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"math/rand"
-	"os"
-	"path"
-	"path/filepath"
-	"reflect"
-	"regexp"
-	"runtime"
-	"strconv"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-)
-
-// -----------------------------------------------------------------------
-// Internal type which deals with suite method calling.
-
-const (
-	fixtureKd = iota
-	testKd
-)
-
-type funcKind int
-
-const (
-	succeededSt = iota
-	failedSt
-	skippedSt
-	panickedSt
-	fixturePanickedSt
-	missedSt
-)
-
-type funcStatus uint32
-
-// A method value can't reach its own Method structure.
-type methodType struct {
-	reflect.Value
-	Info reflect.Method
-}
-
-func newMethod(receiver reflect.Value, i int) *methodType {
-	return &methodType{receiver.Method(i), receiver.Type().Method(i)}
-}
-
-func (method *methodType) PC() uintptr {
-	return method.Info.Func.Pointer()
-}
-
-func (method *methodType) suiteName() string {
-	t := method.Info.Type.In(0)
-	if t.Kind() == reflect.Ptr {
-		t = t.Elem()
-	}
-	return t.Name()
-}
-
-func (method *methodType) String() string {
-	return method.suiteName() + "." + method.Info.Name
-}
-
-func (method *methodType) matches(re *regexp.Regexp) bool {
-	return (re.MatchString(method.Info.Name) ||
-		re.MatchString(method.suiteName()) ||
-		re.MatchString(method.String()))
-}
-
-type C struct {
-	method    *methodType
-	kind      funcKind
-	testName  string
-	_status   funcStatus
-	logb      *logger
-	logw      io.Writer
-	done      chan *C
-	reason    string
-	mustFail  bool
-	tempDir   *tempDir
-	benchMem  bool
-	startTime time.Time
-	timer
-}
-
-func (c *C) status() funcStatus {
-	return funcStatus(atomic.LoadUint32((*uint32)(&c._status)))
-}
-
-func (c *C) setStatus(s funcStatus) {
-	atomic.StoreUint32((*uint32)(&c._status), uint32(s))
-}
-
-func (c *C) stopNow() {
-	runtime.Goexit()
-}
-
-// logger is a concurrency safe byte.Buffer
-type logger struct {
-	sync.Mutex
-	writer bytes.Buffer
-}
-
-func (l *logger) Write(buf []byte) (int, error) {
-	l.Lock()
-	defer l.Unlock()
-	return l.writer.Write(buf)
-}
-
-func (l *logger) WriteTo(w io.Writer) (int64, error) {
-	l.Lock()
-	defer l.Unlock()
-	return l.writer.WriteTo(w)
-}
-
-func (l *logger) String() string {
-	l.Lock()
-	defer l.Unlock()
-	return l.writer.String()
-}
-
-// -----------------------------------------------------------------------
-// Handling of temporary files and directories.
-
-type tempDir struct {
-	sync.Mutex
-	path    string
-	counter int
-}
-
-func (td *tempDir) newPath() string {
-	td.Lock()
-	defer td.Unlock()
-	if td.path == "" {
-		var err error
-		for i := 0; i != 100; i++ {
-			path := fmt.Sprintf("%s%ccheck-%d", os.TempDir(), os.PathSeparator, rand.Int())
-			if err = os.Mkdir(path, 0700); err == nil {
-				td.path = path
-				break
-			}
-		}
-		if td.path == "" {
-			panic("Couldn't create temporary directory: " + err.Error())
-		}
-	}
-	result := filepath.Join(td.path, strconv.Itoa(td.counter))
-	td.counter += 1
-	return result
-}
-
-func (td *tempDir) removeAll() {
-	td.Lock()
-	defer td.Unlock()
-	if td.path != "" {
-		err := os.RemoveAll(td.path)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "WARNING: Error cleaning up temporaries: "+err.Error())
-		}
-	}
-}
-
-// Create a new temporary directory which is automatically removed after
-// the suite finishes running.
-func (c *C) MkDir() string {
-	path := c.tempDir.newPath()
-	if err := os.Mkdir(path, 0700); err != nil {
-		panic(fmt.Sprintf("Couldn't create temporary directory %s: %s", path, err.Error()))
-	}
-	return path
-}
-
-// -----------------------------------------------------------------------
-// Low-level logging functions.
-
-func (c *C) log(args ...interface{}) {
-	c.writeLog([]byte(fmt.Sprint(args...) + "\n"))
-}
-
-func (c *C) logf(format string, args ...interface{}) {
-	c.writeLog([]byte(fmt.Sprintf(format+"\n", args...)))
-}
-
-func (c *C) logNewLine() {
-	c.writeLog([]byte{'\n'})
-}
-
-func (c *C) writeLog(buf []byte) {
-	c.logb.Write(buf)
-	if c.logw != nil {
-		c.logw.Write(buf)
-	}
-}
-
-func hasStringOrError(x interface{}) (ok bool) {
-	_, ok = x.(fmt.Stringer)
-	if ok {
-		return
-	}
-	_, ok = x.(error)
-	return
-}
-
-func (c *C) logValue(label string, value interface{}) {
-	if label == "" {
-		if hasStringOrError(value) {
-			c.logf("... %#v (%q)", value, value)
-		} else {
-			c.logf("... %#v", value)
-		}
-	} else if value == nil {
-		c.logf("... %s = nil", label)
-	} else {
-		if hasStringOrError(value) {
-			fv := fmt.Sprintf("%#v", value)
-			qv := fmt.Sprintf("%q", value)
-			if fv != qv {
-				c.logf("... %s %s = %s (%s)", label, reflect.TypeOf(value), fv, qv)
-				return
-			}
-		}
-		if s, ok := value.(string); ok && isMultiLine(s) {
-			c.logf(`... %s %s = "" +`, label, reflect.TypeOf(value))
-			c.logMultiLine(s)
-		} else {
-			c.logf("... %s %s = %#v", label, reflect.TypeOf(value), value)
-		}
-	}
-}
-
-func (c *C) logMultiLine(s string) {
-	b := make([]byte, 0, len(s)*2)
-	i := 0
-	n := len(s)
-	for i < n {
-		j := i + 1
-		for j < n && s[j-1] != '\n' {
-			j++
-		}
-		b = append(b, "...     "...)
-		b = strconv.AppendQuote(b, s[i:j])
-		if j < n {
-			b = append(b, " +"...)
-		}
-		b = append(b, '\n')
-		i = j
-	}
-	c.writeLog(b)
-}
-
-func isMultiLine(s string) bool {
-	for i := 0; i+1 < len(s); i++ {
-		if s[i] == '\n' {
-			return true
-		}
-	}
-	return false
-}
-
-func (c *C) logString(issue string) {
-	c.log("... ", issue)
-}
-
-func (c *C) logCaller(skip int) {
-	// This is a bit heavier than it ought to be.
-	skip += 1 // Our own frame.
-	pc, callerFile, callerLine, ok := runtime.Caller(skip)
-	if !ok {
-		return
-	}
-	var testFile string
-	var testLine int
-	testFunc := runtime.FuncForPC(c.method.PC())
-	if runtime.FuncForPC(pc) != testFunc {
-		for {
-			skip += 1
-			if pc, file, line, ok := runtime.Caller(skip); ok {
-				// Note that the test line may be different on
-				// distinct calls for the same test.  Showing
-				// the "internal" line is helpful when debugging.
-				if runtime.FuncForPC(pc) == testFunc {
-					testFile, testLine = file, line
-					break
-				}
-			} else {
-				break
-			}
-		}
-	}
-	if testFile != "" && (testFile != callerFile || testLine != callerLine) {
-		c.logCode(testFile, testLine)
-	}
-	c.logCode(callerFile, callerLine)
-}
-
-func (c *C) logCode(path string, line int) {
-	c.logf("%s:%d:", nicePath(path), line)
-	code, err := printLine(path, line)
-	if code == "" {
-		code = "..." // XXX Open the file and take the raw line.
-		if err != nil {
-			code += err.Error()
-		}
-	}
-	c.log(indent(code, "    "))
-}
-
-var valueGo = filepath.Join("reflect", "value.go")
-var asmGo = filepath.Join("runtime", "asm_")
-
-func (c *C) logPanic(skip int, value interface{}) {
-	skip++ // Our own frame.
-	initialSkip := skip
-	for ; ; skip++ {
-		if pc, file, line, ok := runtime.Caller(skip); ok {
-			if skip == initialSkip {
-				c.logf("... Panic: %s (PC=0x%X)\n", value, pc)
-			}
-			name := niceFuncName(pc)
-			path := nicePath(file)
-			if strings.Contains(path, "/gopkg.in/check.v") {
-				continue
-			}
-			if name == "Value.call" && strings.HasSuffix(path, valueGo) {
-				continue
-			}
-			if (name == "call16" || name == "call32") && strings.Contains(path, asmGo) {
-				continue
-			}
-			c.logf("%s:%d\n  in %s", nicePath(file), line, name)
-		} else {
-			break
-		}
-	}
-}
-
-func (c *C) logSoftPanic(issue string) {
-	c.log("... Panic: ", issue)
-}
-
-func (c *C) logArgPanic(method *methodType, expectedType string) {
-	c.logf("... Panic: %s argument should be %s",
-		niceFuncName(method.PC()), expectedType)
-}
-
-// -----------------------------------------------------------------------
-// Some simple formatting helpers.
-
-var initWD, initWDErr = os.Getwd()
-
-func init() {
-	if initWDErr == nil {
-		initWD = strings.Replace(initWD, "\\", "/", -1) + "/"
-	}
-}
-
-func nicePath(path string) string {
-	if initWDErr == nil {
-		if strings.HasPrefix(path, initWD) {
-			return path[len(initWD):]
-		}
-	}
-	return path
-}
-
-func niceFuncPath(pc uintptr) string {
-	function := runtime.FuncForPC(pc)
-	if function != nil {
-		filename, line := function.FileLine(pc)
-		return fmt.Sprintf("%s:%d", nicePath(filename), line)
-	}
-	return "<unknown path>"
-}
-
-func niceFuncName(pc uintptr) string {
-	function := runtime.FuncForPC(pc)
-	if function != nil {
-		name := path.Base(function.Name())
-		if i := strings.Index(name, "."); i > 0 {
-			name = name[i+1:]
-		}
-		if strings.HasPrefix(name, "(*") {
-			if i := strings.Index(name, ")"); i > 0 {
-				name = name[2:i] + name[i+1:]
-			}
-		}
-		if i := strings.LastIndex(name, ".*"); i != -1 {
-			name = name[:i] + "." + name[i+2:]
-		}
-		if i := strings.LastIndex(name, "·"); i != -1 {
-			name = name[:i] + "." + name[i+2:]
-		}
-		return name
-	}
-	return "<unknown function>"
-}
-
-// -----------------------------------------------------------------------
-// Result tracker to aggregate call results.
-
-type Result struct {
-	Succeeded        int
-	Failed           int
-	Skipped          int
-	Panicked         int
-	FixturePanicked  int
-	ExpectedFailures int
-	Missed           int    // Not even tried to run, related to a panic in the fixture.
-	RunError         error  // Houston, we've got a problem.
-	WorkDir          string // If KeepWorkDir is true
-}
-
-type resultTracker struct {
-	result          Result
-	_lastWasProblem bool
-	_waiting        int
-	_missed         int
-	_expectChan     chan *C
-	_doneChan       chan *C
-	_stopChan       chan bool
-}
-
-func newResultTracker() *resultTracker {
-	return &resultTracker{_expectChan: make(chan *C), // Synchronous
-		_doneChan: make(chan *C, 32), // Asynchronous
-		_stopChan: make(chan bool)}   // Synchronous
-}
-
-func (tracker *resultTracker) start() {
-	go tracker._loopRoutine()
-}
-
-func (tracker *resultTracker) waitAndStop() {
-	<-tracker._stopChan
-}
-
-func (tracker *resultTracker) expectCall(c *C) {
-	tracker._expectChan <- c
-}
-
-func (tracker *resultTracker) callDone(c *C) {
-	tracker._doneChan <- c
-}
-
-func (tracker *resultTracker) _loopRoutine() {
-	for {
-		var c *C
-		if tracker._waiting > 0 {
-			// Calls still running. Can't stop.
-			select {
-			// XXX Reindent this (not now to make diff clear)
-			case c = <-tracker._expectChan:
-				tracker._waiting += 1
-			case c = <-tracker._doneChan:
-				tracker._waiting -= 1
-				switch c.status() {
-				case succeededSt:
-					if c.kind == testKd {
-						if c.mustFail {
-							tracker.result.ExpectedFailures++
-						} else {
-							tracker.result.Succeeded++
-						}
-					}
-				case failedSt:
-					tracker.result.Failed++
-				case panickedSt:
-					if c.kind == fixtureKd {
-						tracker.result.FixturePanicked++
-					} else {
-						tracker.result.Panicked++
-					}
-				case fixturePanickedSt:
-					// Track it as missed, since the panic
-					// was on the fixture, not on the test.
-					tracker.result.Missed++
-				case missedSt:
-					tracker.result.Missed++
-				case skippedSt:
-					if c.kind == testKd {
-						tracker.result.Skipped++
-					}
-				}
-			}
-		} else {
-			// No calls.  Can stop, but no done calls here.
-			select {
-			case tracker._stopChan <- true:
-				return
-			case c = <-tracker._expectChan:
-				tracker._waiting += 1
-			case c = <-tracker._doneChan:
-				panic("Tracker got an unexpected done call.")
-			}
-		}
-	}
-}
-
-// -----------------------------------------------------------------------
-// The underlying suite runner.
-
-type suiteRunner struct {
-	suite                     interface{}
-	setUpSuite, tearDownSuite *methodType
-	setUpTest, tearDownTest   *methodType
-	onTimeout                 *methodType
-	tests                     []*methodType
-	tracker                   *resultTracker
-	tempDir                   *tempDir
-	keepDir                   bool
-	output                    *outputWriter
-	reportedProblemLast       bool
-	benchTime                 time.Duration
-	benchMem                  bool
-	checkTimeout              time.Duration
-}
-
-type RunConf struct {
-	Output        io.Writer
-	Stream        bool
-	Verbose       bool
-	Filter        string
-	Benchmark     bool
-	BenchmarkTime time.Duration // Defaults to 1 second
-	BenchmarkMem  bool
-	KeepWorkDir   bool
-	CheckTimeout  time.Duration
-}
-
-// Create a new suiteRunner able to run all methods in the given suite.
-func newSuiteRunner(suite interface{}, runConf *RunConf) *suiteRunner {
-	var conf RunConf
-	if runConf != nil {
-		conf = *runConf
-	}
-	if conf.Output == nil {
-		conf.Output = os.Stdout
-	}
-	if conf.Benchmark {
-		conf.Verbose = true
-	}
-
-	suiteType := reflect.TypeOf(suite)
-	suiteNumMethods := suiteType.NumMethod()
-	suiteValue := reflect.ValueOf(suite)
-
-	runner := &suiteRunner{
-		suite:        suite,
-		output:       newOutputWriter(conf.Output, conf.Stream, conf.Verbose),
-		tracker:      newResultTracker(),
-		benchTime:    conf.BenchmarkTime,
-		benchMem:     conf.BenchmarkMem,
-		tempDir:      &tempDir{},
-		keepDir:      conf.KeepWorkDir,
-		tests:        make([]*methodType, 0, suiteNumMethods),
-		checkTimeout: conf.CheckTimeout,
-	}
-	if runner.benchTime == 0 {
-		runner.benchTime = 1 * time.Second
-	}
-
-	var filterRegexp *regexp.Regexp
-	if conf.Filter != "" {
-		if regexp, err := regexp.Compile(conf.Filter); err != nil {
-			msg := "Bad filter expression: " + err.Error()
-			runner.tracker.result.RunError = errors.New(msg)
-			return runner
-		} else {
-			filterRegexp = regexp
-		}
-	}
-
-	for i := 0; i != suiteNumMethods; i++ {
-		method := newMethod(suiteValue, i)
-		switch method.Info.Name {
-		case "SetUpSuite":
-			runner.setUpSuite = method
-		case "TearDownSuite":
-			runner.tearDownSuite = method
-		case "SetUpTest":
-			runner.setUpTest = method
-		case "TearDownTest":
-			runner.tearDownTest = method
-		case "OnTimeout":
-			runner.onTimeout = method
-		default:
-			prefix := "Test"
-			if conf.Benchmark {
-				prefix = "Benchmark"
-			}
-			if !strings.HasPrefix(method.Info.Name, prefix) {
-				continue
-			}
-			if filterRegexp == nil || method.matches(filterRegexp) {
-				runner.tests = append(runner.tests, method)
-			}
-		}
-	}
-	return runner
-}
-
-// Run all methods in the given suite.
-func (runner *suiteRunner) run() *Result {
-	if runner.tracker.result.RunError == nil && len(runner.tests) > 0 {
-		runner.tracker.start()
-		if runner.checkFixtureArgs() {
-			c := runner.runFixture(runner.setUpSuite, "", nil)
-			if c == nil || c.status() == succeededSt {
-				for i := 0; i != len(runner.tests); i++ {
-					c := runner.runTest(runner.tests[i])
-					if c.status() == fixturePanickedSt {
-						runner.skipTests(missedSt, runner.tests[i+1:])
-						break
-					}
-				}
-			} else if c != nil && c.status() == skippedSt {
-				runner.skipTests(skippedSt, runner.tests)
-			} else {
-				runner.skipTests(missedSt, runner.tests)
-			}
-			runner.runFixture(runner.tearDownSuite, "", nil)
-		} else {
-			runner.skipTests(missedSt, runner.tests)
-		}
-		runner.tracker.waitAndStop()
-		if runner.keepDir {
-			runner.tracker.result.WorkDir = runner.tempDir.path
-		} else {
-			runner.tempDir.removeAll()
-		}
-	}
-	return &runner.tracker.result
-}
-
-// Create a call object with the given suite method, and fork a
-// goroutine with the provided dispatcher for running it.
-func (runner *suiteRunner) forkCall(method *methodType, kind funcKind, testName string, logb *logger, dispatcher func(c *C)) *C {
-	var logw io.Writer
-	if runner.output.Stream {
-		logw = runner.output
-	}
-	if logb == nil {
-		logb = new(logger)
-	}
-	c := &C{
-		method:    method,
-		kind:      kind,
-		testName:  testName,
-		logb:      logb,
-		logw:      logw,
-		tempDir:   runner.tempDir,
-		done:      make(chan *C, 1),
-		timer:     timer{benchTime: runner.benchTime},
-		startTime: time.Now(),
-		benchMem:  runner.benchMem,
-	}
-	runner.tracker.expectCall(c)
-	go (func() {
-		runner.reportCallStarted(c)
-		defer runner.callDone(c)
-		dispatcher(c)
-	})()
-	return c
-}
-
-type timeoutErr struct {
-	method *methodType
-	t      time.Duration
-}
-
-func (e timeoutErr) Error() string {
-	return fmt.Sprintf("%s test timed out after %v", e.method.String(), e.t)
-}
-
-func isTimeout(e error) bool {
-	if e == nil {
-		return false
-	}
-	_, ok := e.(timeoutErr)
-	return ok
-}
-
-// Same as forkCall(), but wait for call to finish before returning.
-func (runner *suiteRunner) runFunc(method *methodType, kind funcKind, testName string, logb *logger, dispatcher func(c *C)) *C {
-	var timeout <-chan time.Time
-	if runner.checkTimeout != 0 {
-		timeout = time.After(runner.checkTimeout)
-	}
-	c := runner.forkCall(method, kind, testName, logb, dispatcher)
-	select {
-	case <-c.done:
-	case <-timeout:
-		if runner.onTimeout != nil {
-			// run the OnTimeout callback, allowing the suite to collect any sort of debug information it can
-			// `runFixture` is syncronous, so run this in a separate goroutine with a timeout
-			cChan := make(chan *C)
-			go func() {
-				cChan <- runner.runFixture(runner.onTimeout, c.testName, c.logb)
-			}()
-			select {
-			case <-cChan:
-			case <-time.After(runner.checkTimeout):
-			}
-		}
-		panic(timeoutErr{method, runner.checkTimeout})
-	}
-	return c
-}
-
-// Handle a finished call.  If there were any panics, update the call status
-// accordingly.  Then, mark the call as done and report to the tracker.
-func (runner *suiteRunner) callDone(c *C) {
-	value := recover()
-	if value != nil {
-		switch v := value.(type) {
-		case *fixturePanic:
-			if v.status == skippedSt {
-				c.setStatus(skippedSt)
-			} else {
-				c.logSoftPanic("Fixture has panicked (see related PANIC)")
-				c.setStatus(fixturePanickedSt)
-			}
-		default:
-			c.logPanic(1, value)
-			c.setStatus(panickedSt)
-		}
-	}
-	if c.mustFail {
-		switch c.status() {
-		case failedSt:
-			c.setStatus(succeededSt)
-		case succeededSt:
-			c.setStatus(failedSt)
-			c.logString("Error: Test succeeded, but was expected to fail")
-			c.logString("Reason: " + c.reason)
-		}
-	}
-
-	runner.reportCallDone(c)
-	c.done <- c
-}
-
-// Runs a fixture call synchronously.  The fixture will still be run in a
-// goroutine like all suite methods, but this method will not return
-// while the fixture goroutine is not done, because the fixture must be
-// run in a desired order.
-func (runner *suiteRunner) runFixture(method *methodType, testName string, logb *logger) *C {
-	if method != nil {
-		c := runner.runFunc(method, fixtureKd, testName, logb, func(c *C) {
-			c.ResetTimer()
-			c.StartTimer()
-			defer c.StopTimer()
-			c.method.Call([]reflect.Value{reflect.ValueOf(c)})
-		})
-		return c
-	}
-	return nil
-}
-
-// Run the fixture method with runFixture(), but panic with a fixturePanic{}
-// in case the fixture method panics.  This makes it easier to track the
-// fixture panic together with other call panics within forkTest().
-func (runner *suiteRunner) runFixtureWithPanic(method *methodType, testName string, logb *logger, skipped *bool) *C {
-	if skipped != nil && *skipped {
-		return nil
-	}
-	c := runner.runFixture(method, testName, logb)
-	if c != nil && c.status() != succeededSt {
-		if skipped != nil {
-			*skipped = c.status() == skippedSt
-		}
-		panic(&fixturePanic{c.status(), method})
-	}
-	return c
-}
-
-type fixturePanic struct {
-	status funcStatus
-	method *methodType
-}
-
-// Run the suite test method, together with the test-specific fixture,
-// asynchronously.
-func (runner *suiteRunner) forkTest(method *methodType) *C {
-	testName := method.String()
-	return runner.forkCall(method, testKd, testName, nil, func(c *C) {
-		var skipped bool
-		defer runner.runFixtureWithPanic(runner.tearDownTest, testName, nil, &skipped)
-		defer c.StopTimer()
-		benchN := 1
-		for {
-			runner.runFixtureWithPanic(runner.setUpTest, testName, c.logb, &skipped)
-			mt := c.method.Type()
-			if mt.NumIn() != 1 || mt.In(0) != reflect.TypeOf(c) {
-				// Rather than a plain panic, provide a more helpful message when
-				// the argument type is incorrect.
-				c.setStatus(panickedSt)
-				c.logArgPanic(c.method, "*check.C")
-				return
-			}
-
-			if strings.HasPrefix(c.method.Info.Name, "Test") {
-				c.ResetTimer()
-				c.StartTimer()
-				c.method.Call([]reflect.Value{reflect.ValueOf(c)})
-				return
-			}
-
-			if !strings.HasPrefix(c.method.Info.Name, "Benchmark") {
-				panic("unexpected method prefix: " + c.method.Info.Name)
-			}
-
-			runtime.GC()
-			c.N = benchN
-			c.ResetTimer()
-			c.StartTimer()
-
-			c.method.Call([]reflect.Value{reflect.ValueOf(c)})
-			c.StopTimer()
-			if c.status() != succeededSt || c.duration >= c.benchTime || benchN >= 1e9 {
-				return
-			}
-			perOpN := int(1e9)
-			if c.nsPerOp() != 0 {
-				perOpN = int(c.benchTime.Nanoseconds() / c.nsPerOp())
-			}
-
-			// Logic taken from the stock testing package:
-			// - Run more iterations than we think we'll need for a second (1.5x).
-			// - Don't grow too fast in case we had timing errors previously.
-			// - Be sure to run at least one more than last time.
-			benchN = max(min(perOpN+perOpN/2, 100*benchN), benchN+1)
-			benchN = roundUp(benchN)
-
-			skipped = true // Don't run the deferred one if this panics.
-			runner.runFixtureWithPanic(runner.tearDownTest, testName, nil, nil)
-			skipped = false
-		}
-	})
-}
-
-// Same as forkTest(), but wait for the test to finish before returning.
-func (runner *suiteRunner) runTest(method *methodType) *C {
-	var timeout <-chan time.Time
-	if runner.checkTimeout != 0 {
-		timeout = time.After(runner.checkTimeout)
-	}
-	c := runner.forkTest(method)
-	select {
-	case <-c.done:
-	case <-timeout:
-		if runner.onTimeout != nil {
-			// run the OnTimeout callback, allowing the suite to collect any sort of debug information it can
-			// `runFixture` is syncronous, so run this in a separate goroutine with a timeout
-			cChan := make(chan *C)
-			go func() {
-				cChan <- runner.runFixture(runner.onTimeout, c.testName, c.logb)
-			}()
-			select {
-			case <-cChan:
-			case <-time.After(runner.checkTimeout):
-			}
-		}
-		panic(timeoutErr{method, runner.checkTimeout})
-	}
-	return c
-}
-
-// Helper to mark tests as skipped or missed.  A bit heavy for what
-// it does, but it enables homogeneous handling of tracking, including
-// nice verbose output.
-func (runner *suiteRunner) skipTests(status funcStatus, methods []*methodType) {
-	for _, method := range methods {
-		runner.runFunc(method, testKd, "", nil, func(c *C) {
-			c.setStatus(status)
-		})
-	}
-}
-
-// Verify if the fixture arguments are *check.C.  In case of errors,
-// log the error as a panic in the fixture method call, and return false.
-func (runner *suiteRunner) checkFixtureArgs() bool {
-	succeeded := true
-	argType := reflect.TypeOf(&C{})
-	for _, method := range []*methodType{runner.setUpSuite, runner.tearDownSuite, runner.setUpTest, runner.tearDownTest, runner.onTimeout} {
-		if method != nil {
-			mt := method.Type()
-			if mt.NumIn() != 1 || mt.In(0) != argType {
-				succeeded = false
-				runner.runFunc(method, fixtureKd, "", nil, func(c *C) {
-					c.logArgPanic(method, "*check.C")
-					c.setStatus(panickedSt)
-				})
-			}
-		}
-	}
-	return succeeded
-}
-
-func (runner *suiteRunner) reportCallStarted(c *C) {
-	runner.output.WriteCallStarted("START", c)
-}
-
-func (runner *suiteRunner) reportCallDone(c *C) {
-	runner.tracker.callDone(c)
-	switch c.status() {
-	case succeededSt:
-		if c.mustFail {
-			runner.output.WriteCallSuccess("FAIL EXPECTED", c)
-		} else {
-			runner.output.WriteCallSuccess("PASS", c)
-		}
-	case skippedSt:
-		runner.output.WriteCallSuccess("SKIP", c)
-	case failedSt:
-		runner.output.WriteCallProblem("FAIL", c)
-	case panickedSt:
-		runner.output.WriteCallProblem("PANIC", c)
-	case fixturePanickedSt:
-		// That's a testKd call reporting that its fixture
-		// has panicked. The fixture call which caused the
-		// panic itself was tracked above. We'll report to
-		// aid debugging.
-		runner.output.WriteCallProblem("PANIC", c)
-	case missedSt:
-		runner.output.WriteCallSuccess("MISS", c)
-	}
-}
diff --git a/vendor/github.com/go-check/check/checkers.go b/vendor/github.com/go-check/check/checkers.go
deleted file mode 100644
index bac338729c887..0000000000000
--- a/vendor/github.com/go-check/check/checkers.go
+++ /dev/null
@@ -1,458 +0,0 @@
-package check
-
-import (
-	"fmt"
-	"reflect"
-	"regexp"
-)
-
-// -----------------------------------------------------------------------
-// CommentInterface and Commentf helper, to attach extra information to checks.
-
-type comment struct {
-	format string
-	args   []interface{}
-}
-
-// Commentf returns an infomational value to use with Assert or Check calls.
-// If the checker test fails, the provided arguments will be passed to
-// fmt.Sprintf, and will be presented next to the logged failure.
-//
-// For example:
-//
-//     c.Assert(v, Equals, 42, Commentf("Iteration #%d failed.", i))
-//
-// Note that if the comment is constant, a better option is to
-// simply use a normal comment right above or next to the line, as
-// it will also get printed with any errors:
-//
-//     c.Assert(l, Equals, 8192) // Ensure buffer size is correct (bug #123)
-//
-func Commentf(format string, args ...interface{}) CommentInterface {
-	return &comment{format, args}
-}
-
-// CommentInterface must be implemented by types that attach extra
-// information to failed checks. See the Commentf function for details.
-type CommentInterface interface {
-	CheckCommentString() string
-}
-
-func (c *comment) CheckCommentString() string {
-	return fmt.Sprintf(c.format, c.args...)
-}
-
-// -----------------------------------------------------------------------
-// The Checker interface.
-
-// The Checker interface must be provided by checkers used with
-// the Assert and Check verification methods.
-type Checker interface {
-	Info() *CheckerInfo
-	Check(params []interface{}, names []string) (result bool, error string)
-}
-
-// See the Checker interface.
-type CheckerInfo struct {
-	Name   string
-	Params []string
-}
-
-func (info *CheckerInfo) Info() *CheckerInfo {
-	return info
-}
-
-// -----------------------------------------------------------------------
-// Not checker logic inverter.
-
-// The Not checker inverts the logic of the provided checker.  The
-// resulting checker will succeed where the original one failed, and
-// vice-versa.
-//
-// For example:
-//
-//     c.Assert(a, Not(Equals), b)
-//
-func Not(checker Checker) Checker {
-	return &notChecker{checker}
-}
-
-type notChecker struct {
-	sub Checker
-}
-
-func (checker *notChecker) Info() *CheckerInfo {
-	info := *checker.sub.Info()
-	info.Name = "Not(" + info.Name + ")"
-	return &info
-}
-
-func (checker *notChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	result, error = checker.sub.Check(params, names)
-	result = !result
-	return
-}
-
-// -----------------------------------------------------------------------
-// IsNil checker.
-
-type isNilChecker struct {
-	*CheckerInfo
-}
-
-// The IsNil checker tests whether the obtained value is nil.
-//
-// For example:
-//
-//    c.Assert(err, IsNil)
-//
-var IsNil Checker = &isNilChecker{
-	&CheckerInfo{Name: "IsNil", Params: []string{"value"}},
-}
-
-func (checker *isNilChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	return isNil(params[0]), ""
-}
-
-func isNil(obtained interface{}) (result bool) {
-	if obtained == nil {
-		result = true
-	} else {
-		switch v := reflect.ValueOf(obtained); v.Kind() {
-		case reflect.Chan, reflect.Func, reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
-			return v.IsNil()
-		}
-	}
-	return
-}
-
-// -----------------------------------------------------------------------
-// NotNil checker. Alias for Not(IsNil), since it's so common.
-
-type notNilChecker struct {
-	*CheckerInfo
-}
-
-// The NotNil checker verifies that the obtained value is not nil.
-//
-// For example:
-//
-//     c.Assert(iface, NotNil)
-//
-// This is an alias for Not(IsNil), made available since it's a
-// fairly common check.
-//
-var NotNil Checker = &notNilChecker{
-	&CheckerInfo{Name: "NotNil", Params: []string{"value"}},
-}
-
-func (checker *notNilChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	return !isNil(params[0]), ""
-}
-
-// -----------------------------------------------------------------------
-// Equals checker.
-
-type equalsChecker struct {
-	*CheckerInfo
-}
-
-// The Equals checker verifies that the obtained value is equal to
-// the expected value, according to usual Go semantics for ==.
-//
-// For example:
-//
-//     c.Assert(value, Equals, 42)
-//
-var Equals Checker = &equalsChecker{
-	&CheckerInfo{Name: "Equals", Params: []string{"obtained", "expected"}},
-}
-
-func (checker *equalsChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	defer func() {
-		if v := recover(); v != nil {
-			result = false
-			error = fmt.Sprint(v)
-		}
-	}()
-	return params[0] == params[1], ""
-}
-
-// -----------------------------------------------------------------------
-// DeepEquals checker.
-
-type deepEqualsChecker struct {
-	*CheckerInfo
-}
-
-// The DeepEquals checker verifies that the obtained value is deep-equal to
-// the expected value.  The check will work correctly even when facing
-// slices, interfaces, and values of different types (which always fail
-// the test).
-//
-// For example:
-//
-//     c.Assert(value, DeepEquals, 42)
-//     c.Assert(array, DeepEquals, []string{"hi", "there"})
-//
-var DeepEquals Checker = &deepEqualsChecker{
-	&CheckerInfo{Name: "DeepEquals", Params: []string{"obtained", "expected"}},
-}
-
-func (checker *deepEqualsChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	return reflect.DeepEqual(params[0], params[1]), ""
-}
-
-// -----------------------------------------------------------------------
-// HasLen checker.
-
-type hasLenChecker struct {
-	*CheckerInfo
-}
-
-// The HasLen checker verifies that the obtained value has the
-// provided length. In many cases this is superior to using Equals
-// in conjuction with the len function because in case the check
-// fails the value itself will be printed, instead of its length,
-// providing more details for figuring the problem.
-//
-// For example:
-//
-//     c.Assert(list, HasLen, 5)
-//
-var HasLen Checker = &hasLenChecker{
-	&CheckerInfo{Name: "HasLen", Params: []string{"obtained", "n"}},
-}
-
-func (checker *hasLenChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	n, ok := params[1].(int)
-	if !ok {
-		return false, "n must be an int"
-	}
-	value := reflect.ValueOf(params[0])
-	switch value.Kind() {
-	case reflect.Map, reflect.Array, reflect.Slice, reflect.Chan, reflect.String:
-	default:
-		return false, "obtained value type has no length"
-	}
-	return value.Len() == n, ""
-}
-
-// -----------------------------------------------------------------------
-// ErrorMatches checker.
-
-type errorMatchesChecker struct {
-	*CheckerInfo
-}
-
-// The ErrorMatches checker verifies that the error value
-// is non nil and matches the regular expression provided.
-//
-// For example:
-//
-//     c.Assert(err, ErrorMatches, "perm.*denied")
-//
-var ErrorMatches Checker = errorMatchesChecker{
-	&CheckerInfo{Name: "ErrorMatches", Params: []string{"value", "regex"}},
-}
-
-func (checker errorMatchesChecker) Check(params []interface{}, names []string) (result bool, errStr string) {
-	if params[0] == nil {
-		return false, "Error value is nil"
-	}
-	err, ok := params[0].(error)
-	if !ok {
-		return false, "Value is not an error"
-	}
-	params[0] = err.Error()
-	names[0] = "error"
-	return matches(params[0], params[1])
-}
-
-// -----------------------------------------------------------------------
-// Matches checker.
-
-type matchesChecker struct {
-	*CheckerInfo
-}
-
-// The Matches checker verifies that the string provided as the obtained
-// value (or the string resulting from obtained.String()) matches the
-// regular expression provided.
-//
-// For example:
-//
-//     c.Assert(err, Matches, "perm.*denied")
-//
-var Matches Checker = &matchesChecker{
-	&CheckerInfo{Name: "Matches", Params: []string{"value", "regex"}},
-}
-
-func (checker *matchesChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	return matches(params[0], params[1])
-}
-
-func matches(value, regex interface{}) (result bool, error string) {
-	reStr, ok := regex.(string)
-	if !ok {
-		return false, "Regex must be a string"
-	}
-	valueStr, valueIsStr := value.(string)
-	if !valueIsStr {
-		if valueWithStr, valueHasStr := value.(fmt.Stringer); valueHasStr {
-			valueStr, valueIsStr = valueWithStr.String(), true
-		}
-	}
-	if valueIsStr {
-		matches, err := regexp.MatchString("^"+reStr+"$", valueStr)
-		if err != nil {
-			return false, "Can't compile regex: " + err.Error()
-		}
-		return matches, ""
-	}
-	return false, "Obtained value is not a string and has no .String()"
-}
-
-// -----------------------------------------------------------------------
-// Panics checker.
-
-type panicsChecker struct {
-	*CheckerInfo
-}
-
-// The Panics checker verifies that calling the provided zero-argument
-// function will cause a panic which is deep-equal to the provided value.
-//
-// For example:
-//
-//     c.Assert(func() { f(1, 2) }, Panics, &SomeErrorType{"BOOM"}).
-//
-//
-var Panics Checker = &panicsChecker{
-	&CheckerInfo{Name: "Panics", Params: []string{"function", "expected"}},
-}
-
-func (checker *panicsChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	f := reflect.ValueOf(params[0])
-	if f.Kind() != reflect.Func || f.Type().NumIn() != 0 {
-		return false, "Function must take zero arguments"
-	}
-	defer func() {
-		// If the function has not panicked, then don't do the check.
-		if error != "" {
-			return
-		}
-		params[0] = recover()
-		names[0] = "panic"
-		result = reflect.DeepEqual(params[0], params[1])
-	}()
-	f.Call(nil)
-	return false, "Function has not panicked"
-}
-
-type panicMatchesChecker struct {
-	*CheckerInfo
-}
-
-// The PanicMatches checker verifies that calling the provided zero-argument
-// function will cause a panic with an error value matching
-// the regular expression provided.
-//
-// For example:
-//
-//     c.Assert(func() { f(1, 2) }, PanicMatches, `open.*: no such file or directory`).
-//
-//
-var PanicMatches Checker = &panicMatchesChecker{
-	&CheckerInfo{Name: "PanicMatches", Params: []string{"function", "expected"}},
-}
-
-func (checker *panicMatchesChecker) Check(params []interface{}, names []string) (result bool, errmsg string) {
-	f := reflect.ValueOf(params[0])
-	if f.Kind() != reflect.Func || f.Type().NumIn() != 0 {
-		return false, "Function must take zero arguments"
-	}
-	defer func() {
-		// If the function has not panicked, then don't do the check.
-		if errmsg != "" {
-			return
-		}
-		obtained := recover()
-		names[0] = "panic"
-		if e, ok := obtained.(error); ok {
-			params[0] = e.Error()
-		} else if _, ok := obtained.(string); ok {
-			params[0] = obtained
-		} else {
-			errmsg = "Panic value is not a string or an error"
-			return
-		}
-		result, errmsg = matches(params[0], params[1])
-	}()
-	f.Call(nil)
-	return false, "Function has not panicked"
-}
-
-// -----------------------------------------------------------------------
-// FitsTypeOf checker.
-
-type fitsTypeChecker struct {
-	*CheckerInfo
-}
-
-// The FitsTypeOf checker verifies that the obtained value is
-// assignable to a variable with the same type as the provided
-// sample value.
-//
-// For example:
-//
-//     c.Assert(value, FitsTypeOf, int64(0))
-//     c.Assert(value, FitsTypeOf, os.Error(nil))
-//
-var FitsTypeOf Checker = &fitsTypeChecker{
-	&CheckerInfo{Name: "FitsTypeOf", Params: []string{"obtained", "sample"}},
-}
-
-func (checker *fitsTypeChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	obtained := reflect.ValueOf(params[0])
-	sample := reflect.ValueOf(params[1])
-	if !obtained.IsValid() {
-		return false, ""
-	}
-	if !sample.IsValid() {
-		return false, "Invalid sample value"
-	}
-	return obtained.Type().AssignableTo(sample.Type()), ""
-}
-
-// -----------------------------------------------------------------------
-// Implements checker.
-
-type implementsChecker struct {
-	*CheckerInfo
-}
-
-// The Implements checker verifies that the obtained value
-// implements the interface specified via a pointer to an interface
-// variable.
-//
-// For example:
-//
-//     var e os.Error
-//     c.Assert(err, Implements, &e)
-//
-var Implements Checker = &implementsChecker{
-	&CheckerInfo{Name: "Implements", Params: []string{"obtained", "ifaceptr"}},
-}
-
-func (checker *implementsChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	obtained := reflect.ValueOf(params[0])
-	ifaceptr := reflect.ValueOf(params[1])
-	if !obtained.IsValid() {
-		return false, ""
-	}
-	if !ifaceptr.IsValid() || ifaceptr.Kind() != reflect.Ptr || ifaceptr.Elem().Kind() != reflect.Interface {
-		return false, "ifaceptr should be a pointer to an interface variable"
-	}
-	return obtained.Type().Implements(ifaceptr.Elem().Type()), ""
-}
diff --git a/vendor/github.com/go-check/check/helpers.go b/vendor/github.com/go-check/check/helpers.go
deleted file mode 100644
index 58a733b50f6dc..0000000000000
--- a/vendor/github.com/go-check/check/helpers.go
+++ /dev/null
@@ -1,231 +0,0 @@
-package check
-
-import (
-	"fmt"
-	"strings"
-	"time"
-)
-
-// TestName returns the current test name in the form "SuiteName.TestName"
-func (c *C) TestName() string {
-	return c.testName
-}
-
-// -----------------------------------------------------------------------
-// Basic succeeding/failing logic.
-
-// Failed returns whether the currently running test has already failed.
-func (c *C) Failed() bool {
-	return c.status() == failedSt
-}
-
-// Fail marks the currently running test as failed.
-//
-// Something ought to have been previously logged so the developer can tell
-// what went wrong. The higher level helper functions will fail the test
-// and do the logging properly.
-func (c *C) Fail() {
-	c.setStatus(failedSt)
-}
-
-// FailNow marks the currently running test as failed and stops running it.
-// Something ought to have been previously logged so the developer can tell
-// what went wrong. The higher level helper functions will fail the test
-// and do the logging properly.
-func (c *C) FailNow() {
-	c.Fail()
-	c.stopNow()
-}
-
-// Succeed marks the currently running test as succeeded, undoing any
-// previous failures.
-func (c *C) Succeed() {
-	c.setStatus(succeededSt)
-}
-
-// SucceedNow marks the currently running test as succeeded, undoing any
-// previous failures, and stops running the test.
-func (c *C) SucceedNow() {
-	c.Succeed()
-	c.stopNow()
-}
-
-// ExpectFailure informs that the running test is knowingly broken for
-// the provided reason. If the test does not fail, an error will be reported
-// to raise attention to this fact. This method is useful to temporarily
-// disable tests which cover well known problems until a better time to
-// fix the problem is found, without forgetting about the fact that a
-// failure still exists.
-func (c *C) ExpectFailure(reason string) {
-	if reason == "" {
-		panic("Missing reason why the test is expected to fail")
-	}
-	c.mustFail = true
-	c.reason = reason
-}
-
-// Skip skips the running test for the provided reason. If run from within
-// SetUpTest, the individual test being set up will be skipped, and if run
-// from within SetUpSuite, the whole suite is skipped.
-func (c *C) Skip(reason string) {
-	if reason == "" {
-		panic("Missing reason why the test is being skipped")
-	}
-	c.reason = reason
-	c.setStatus(skippedSt)
-	c.stopNow()
-}
-
-// -----------------------------------------------------------------------
-// Basic logging.
-
-// GetTestLog returns the current test error output.
-func (c *C) GetTestLog() string {
-	return c.logb.String()
-}
-
-// Log logs some information into the test error output.
-// The provided arguments are assembled together into a string with fmt.Sprint.
-func (c *C) Log(args ...interface{}) {
-	c.log(args...)
-}
-
-// Log logs some information into the test error output.
-// The provided arguments are assembled together into a string with fmt.Sprintf.
-func (c *C) Logf(format string, args ...interface{}) {
-	c.logf(format, args...)
-}
-
-// Output enables *C to be used as a logger in functions that require only
-// the minimum interface of *log.Logger.
-func (c *C) Output(calldepth int, s string) error {
-	d := time.Now().Sub(c.startTime)
-	msec := d / time.Millisecond
-	sec := d / time.Second
-	min := d / time.Minute
-
-	c.Logf("[LOG] %d:%02d.%03d %s", min, sec%60, msec%1000, s)
-	return nil
-}
-
-// Error logs an error into the test error output and marks the test as failed.
-// The provided arguments are assembled together into a string with fmt.Sprint.
-func (c *C) Error(args ...interface{}) {
-	c.logCaller(1)
-	c.logString(fmt.Sprint("Error: ", fmt.Sprint(args...)))
-	c.logNewLine()
-	c.Fail()
-}
-
-// Errorf logs an error into the test error output and marks the test as failed.
-// The provided arguments are assembled together into a string with fmt.Sprintf.
-func (c *C) Errorf(format string, args ...interface{}) {
-	c.logCaller(1)
-	c.logString(fmt.Sprintf("Error: "+format, args...))
-	c.logNewLine()
-	c.Fail()
-}
-
-// Fatal logs an error into the test error output, marks the test as failed, and
-// stops the test execution. The provided arguments are assembled together into
-// a string with fmt.Sprint.
-func (c *C) Fatal(args ...interface{}) {
-	c.logCaller(1)
-	c.logString(fmt.Sprint("Error: ", fmt.Sprint(args...)))
-	c.logNewLine()
-	c.FailNow()
-}
-
-// Fatlaf logs an error into the test error output, marks the test as failed, and
-// stops the test execution. The provided arguments are assembled together into
-// a string with fmt.Sprintf.
-func (c *C) Fatalf(format string, args ...interface{}) {
-	c.logCaller(1)
-	c.logString(fmt.Sprint("Error: ", fmt.Sprintf(format, args...)))
-	c.logNewLine()
-	c.FailNow()
-}
-
-// -----------------------------------------------------------------------
-// Generic checks and assertions based on checkers.
-
-// Check verifies if the first value matches the expected value according
-// to the provided checker. If they do not match, an error is logged, the
-// test is marked as failed, and the test execution continues.
-//
-// Some checkers may not need the expected argument (e.g. IsNil).
-//
-// Extra arguments provided to the function are logged next to the reported
-// problem when the matching fails.
-func (c *C) Check(obtained interface{}, checker Checker, args ...interface{}) bool {
-	return c.internalCheck("Check", obtained, checker, args...)
-}
-
-// Assert ensures that the first value matches the expected value according
-// to the provided checker. If they do not match, an error is logged, the
-// test is marked as failed, and the test execution stops.
-//
-// Some checkers may not need the expected argument (e.g. IsNil).
-//
-// Extra arguments provided to the function are logged next to the reported
-// problem when the matching fails.
-func (c *C) Assert(obtained interface{}, checker Checker, args ...interface{}) {
-	if !c.internalCheck("Assert", obtained, checker, args...) {
-		c.stopNow()
-	}
-}
-
-func (c *C) internalCheck(funcName string, obtained interface{}, checker Checker, args ...interface{}) bool {
-	if checker == nil {
-		c.logCaller(2)
-		c.logString(fmt.Sprintf("%s(obtained, nil!?, ...):", funcName))
-		c.logString("Oops.. you've provided a nil checker!")
-		c.logNewLine()
-		c.Fail()
-		return false
-	}
-
-	// If the last argument is a bug info, extract it out.
-	var comment CommentInterface
-	if len(args) > 0 {
-		if c, ok := args[len(args)-1].(CommentInterface); ok {
-			comment = c
-			args = args[:len(args)-1]
-		}
-	}
-
-	params := append([]interface{}{obtained}, args...)
-	info := checker.Info()
-
-	if len(params) != len(info.Params) {
-		names := append([]string{info.Params[0], info.Name}, info.Params[1:]...)
-		c.logCaller(2)
-		c.logString(fmt.Sprintf("%s(%s):", funcName, strings.Join(names, ", ")))
-		c.logString(fmt.Sprintf("Wrong number of parameters for %s: want %d, got %d", info.Name, len(names), len(params)+1))
-		c.logNewLine()
-		c.Fail()
-		return false
-	}
-
-	// Copy since it may be mutated by Check.
-	names := append([]string{}, info.Params...)
-
-	// Do the actual check.
-	result, error := checker.Check(params, names)
-	if !result || error != "" {
-		c.logCaller(2)
-		for i := 0; i != len(params); i++ {
-			c.logValue(names[i], params[i])
-		}
-		if comment != nil {
-			c.logString(comment.CheckCommentString())
-		}
-		if error != "" {
-			c.logString(error)
-		}
-		c.logNewLine()
-		c.Fail()
-		return false
-	}
-	return true
-}
diff --git a/vendor/github.com/go-check/check/printer.go b/vendor/github.com/go-check/check/printer.go
deleted file mode 100644
index e0f7557b5cc76..0000000000000
--- a/vendor/github.com/go-check/check/printer.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package check
-
-import (
-	"bytes"
-	"go/ast"
-	"go/parser"
-	"go/printer"
-	"go/token"
-	"os"
-)
-
-func indent(s, with string) (r string) {
-	eol := true
-	for i := 0; i != len(s); i++ {
-		c := s[i]
-		switch {
-		case eol && c == '\n' || c == '\r':
-		case c == '\n' || c == '\r':
-			eol = true
-		case eol:
-			eol = false
-			s = s[:i] + with + s[i:]
-			i += len(with)
-		}
-	}
-	return s
-}
-
-func printLine(filename string, line int) (string, error) {
-	fset := token.NewFileSet()
-	file, err := os.Open(filename)
-	if err != nil {
-		return "", err
-	}
-	fnode, err := parser.ParseFile(fset, filename, file, parser.ParseComments)
-	if err != nil {
-		return "", err
-	}
-	config := &printer.Config{Mode: printer.UseSpaces, Tabwidth: 4}
-	lp := &linePrinter{fset: fset, fnode: fnode, line: line, config: config}
-	ast.Walk(lp, fnode)
-	result := lp.output.Bytes()
-	// Comments leave \n at the end.
-	n := len(result)
-	for n > 0 && result[n-1] == '\n' {
-		n--
-	}
-	return string(result[:n]), nil
-}
-
-type linePrinter struct {
-	config *printer.Config
-	fset   *token.FileSet
-	fnode  *ast.File
-	line   int
-	output bytes.Buffer
-	stmt   ast.Stmt
-}
-
-func (lp *linePrinter) emit() bool {
-	if lp.stmt != nil {
-		lp.trim(lp.stmt)
-		lp.printWithComments(lp.stmt)
-		lp.stmt = nil
-		return true
-	}
-	return false
-}
-
-func (lp *linePrinter) printWithComments(n ast.Node) {
-	nfirst := lp.fset.Position(n.Pos()).Line
-	nlast := lp.fset.Position(n.End()).Line
-	for _, g := range lp.fnode.Comments {
-		cfirst := lp.fset.Position(g.Pos()).Line
-		clast := lp.fset.Position(g.End()).Line
-		if clast == nfirst-1 && lp.fset.Position(n.Pos()).Column == lp.fset.Position(g.Pos()).Column {
-			for _, c := range g.List {
-				lp.output.WriteString(c.Text)
-				lp.output.WriteByte('\n')
-			}
-		}
-		if cfirst >= nfirst && cfirst <= nlast && n.End() <= g.List[0].Slash {
-			// The printer will not include the comment if it starts past
-			// the node itself. Trick it into printing by overlapping the
-			// slash with the end of the statement.
-			g.List[0].Slash = n.End() - 1
-		}
-	}
-	node := &printer.CommentedNode{n, lp.fnode.Comments}
-	lp.config.Fprint(&lp.output, lp.fset, node)
-}
-
-func (lp *linePrinter) Visit(n ast.Node) (w ast.Visitor) {
-	if n == nil {
-		if lp.output.Len() == 0 {
-			lp.emit()
-		}
-		return nil
-	}
-	first := lp.fset.Position(n.Pos()).Line
-	last := lp.fset.Position(n.End()).Line
-	if first <= lp.line && last >= lp.line {
-		// Print the innermost statement containing the line.
-		if stmt, ok := n.(ast.Stmt); ok {
-			if _, ok := n.(*ast.BlockStmt); !ok {
-				lp.stmt = stmt
-			}
-		}
-		if first == lp.line && lp.emit() {
-			return nil
-		}
-		return lp
-	}
-	return nil
-}
-
-func (lp *linePrinter) trim(n ast.Node) bool {
-	stmt, ok := n.(ast.Stmt)
-	if !ok {
-		return true
-	}
-	line := lp.fset.Position(n.Pos()).Line
-	if line != lp.line {
-		return false
-	}
-	switch stmt := stmt.(type) {
-	case *ast.IfStmt:
-		stmt.Body = lp.trimBlock(stmt.Body)
-	case *ast.SwitchStmt:
-		stmt.Body = lp.trimBlock(stmt.Body)
-	case *ast.TypeSwitchStmt:
-		stmt.Body = lp.trimBlock(stmt.Body)
-	case *ast.CaseClause:
-		stmt.Body = lp.trimList(stmt.Body)
-	case *ast.CommClause:
-		stmt.Body = lp.trimList(stmt.Body)
-	case *ast.BlockStmt:
-		stmt.List = lp.trimList(stmt.List)
-	}
-	return true
-}
-
-func (lp *linePrinter) trimBlock(stmt *ast.BlockStmt) *ast.BlockStmt {
-	if !lp.trim(stmt) {
-		return lp.emptyBlock(stmt)
-	}
-	stmt.Rbrace = stmt.Lbrace
-	return stmt
-}
-
-func (lp *linePrinter) trimList(stmts []ast.Stmt) []ast.Stmt {
-	for i := 0; i != len(stmts); i++ {
-		if !lp.trim(stmts[i]) {
-			stmts[i] = lp.emptyStmt(stmts[i])
-			break
-		}
-	}
-	return stmts
-}
-
-func (lp *linePrinter) emptyStmt(n ast.Node) *ast.ExprStmt {
-	return &ast.ExprStmt{&ast.Ellipsis{n.Pos(), nil}}
-}
-
-func (lp *linePrinter) emptyBlock(n ast.Node) *ast.BlockStmt {
-	p := n.Pos()
-	return &ast.BlockStmt{p, []ast.Stmt{lp.emptyStmt(n)}, p}
-}
diff --git a/vendor/github.com/go-check/check/reporter.go b/vendor/github.com/go-check/check/reporter.go
deleted file mode 100644
index fb04f76f64d80..0000000000000
--- a/vendor/github.com/go-check/check/reporter.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package check
-
-import (
-	"fmt"
-	"io"
-	"sync"
-)
-
-// -----------------------------------------------------------------------
-// Output writer manages atomic output writing according to settings.
-
-type outputWriter struct {
-	m                    sync.Mutex
-	writer               io.Writer
-	wroteCallProblemLast bool
-	Stream               bool
-	Verbose              bool
-}
-
-func newOutputWriter(writer io.Writer, stream, verbose bool) *outputWriter {
-	return &outputWriter{writer: writer, Stream: stream, Verbose: verbose}
-}
-
-func (ow *outputWriter) Write(content []byte) (n int, err error) {
-	ow.m.Lock()
-	n, err = ow.writer.Write(content)
-	ow.m.Unlock()
-	return
-}
-
-func (ow *outputWriter) WriteCallStarted(label string, c *C) {
-	if ow.Stream {
-		header := renderCallHeader(label, c, "", "\n")
-		ow.m.Lock()
-		ow.writer.Write([]byte(header))
-		ow.m.Unlock()
-	}
-}
-
-func (ow *outputWriter) WriteCallProblem(label string, c *C) {
-	var prefix string
-	if !ow.Stream {
-		prefix = "\n-----------------------------------" +
-			"-----------------------------------\n"
-	}
-	header := renderCallHeader(label, c, prefix, "\n\n")
-	ow.m.Lock()
-	ow.wroteCallProblemLast = true
-	ow.writer.Write([]byte(header))
-	if !ow.Stream {
-		c.logb.WriteTo(ow.writer)
-	}
-	ow.m.Unlock()
-}
-
-func (ow *outputWriter) WriteCallSuccess(label string, c *C) {
-	if ow.Stream || (ow.Verbose && c.kind == testKd) {
-		// TODO Use a buffer here.
-		var suffix string
-		if c.reason != "" {
-			suffix = " (" + c.reason + ")"
-		}
-		if c.status() == succeededSt {
-			suffix += "\t" + c.timerString()
-		}
-		suffix += "\n"
-		if ow.Stream {
-			suffix += "\n"
-		}
-		header := renderCallHeader(label, c, "", suffix)
-		ow.m.Lock()
-		// Resist temptation of using line as prefix above due to race.
-		if !ow.Stream && ow.wroteCallProblemLast {
-			header = "\n-----------------------------------" +
-				"-----------------------------------\n" +
-				header
-		}
-		ow.wroteCallProblemLast = false
-		ow.writer.Write([]byte(header))
-		ow.m.Unlock()
-	}
-}
-
-func renderCallHeader(label string, c *C, prefix, suffix string) string {
-	pc := c.method.PC()
-	return fmt.Sprintf("%s%s: %s: %s%s", prefix, label, niceFuncPath(pc),
-		niceFuncName(pc), suffix)
-}
diff --git a/vendor/github.com/go-check/check/run.go b/vendor/github.com/go-check/check/run.go
deleted file mode 100644
index f72119656d0bb..0000000000000
--- a/vendor/github.com/go-check/check/run.go
+++ /dev/null
@@ -1,183 +0,0 @@
-package check
-
-import (
-	"bufio"
-	"flag"
-	"fmt"
-	"os"
-	"testing"
-	"time"
-)
-
-// -----------------------------------------------------------------------
-// Test suite registry.
-
-var allSuites []interface{}
-
-// Suite registers the given value as a test suite to be run. Any methods
-// starting with the Test prefix in the given value will be considered as
-// a test method.
-func Suite(suite interface{}) interface{} {
-	allSuites = append(allSuites, suite)
-	return suite
-}
-
-// -----------------------------------------------------------------------
-// Public running interface.
-
-var (
-	oldFilterFlag  = flag.String("gocheck.f", "", "Regular expression selecting which tests and/or suites to run")
-	oldVerboseFlag = flag.Bool("gocheck.v", false, "Verbose mode")
-	oldStreamFlag  = flag.Bool("gocheck.vv", false, "Super verbose mode (disables output caching)")
-	oldBenchFlag   = flag.Bool("gocheck.b", false, "Run benchmarks")
-	oldBenchTime   = flag.Duration("gocheck.btime", 1*time.Second, "approximate run time for each benchmark")
-	oldListFlag    = flag.Bool("gocheck.list", false, "List the names of all tests that will be run")
-	oldWorkFlag    = flag.Bool("gocheck.work", false, "Display and do not remove the test working directory")
-
-	newFilterFlag  = flag.String("check.f", "", "Regular expression selecting which tests and/or suites to run")
-	newVerboseFlag = flag.Bool("check.v", false, "Verbose mode")
-	newStreamFlag  = flag.Bool("check.vv", false, "Super verbose mode (disables output caching)")
-	newBenchFlag   = flag.Bool("check.b", false, "Run benchmarks")
-	newBenchTime   = flag.Duration("check.btime", 1*time.Second, "approximate run time for each benchmark")
-	newBenchMem    = flag.Bool("check.bmem", false, "Report memory benchmarks")
-	newListFlag    = flag.Bool("check.list", false, "List the names of all tests that will be run")
-	newWorkFlag    = flag.Bool("check.work", false, "Display and do not remove the test working directory")
-	checkTimeout   = flag.String("check.timeout", "", "Panic if test runs longer than specified duration")
-)
-
-// TestingT runs all test suites registered with the Suite function,
-// printing results to stdout, and reporting any failures back to
-// the "testing" package.
-func TestingT(testingT *testing.T) {
-	benchTime := *newBenchTime
-	if benchTime == 1*time.Second {
-		benchTime = *oldBenchTime
-	}
-	conf := &RunConf{
-		Filter:        *oldFilterFlag + *newFilterFlag,
-		Verbose:       *oldVerboseFlag || *newVerboseFlag,
-		Stream:        *oldStreamFlag || *newStreamFlag,
-		Benchmark:     *oldBenchFlag || *newBenchFlag,
-		BenchmarkTime: benchTime,
-		BenchmarkMem:  *newBenchMem,
-		KeepWorkDir:   *oldWorkFlag || *newWorkFlag,
-	}
-	if *checkTimeout != "" {
-		timeout, err := time.ParseDuration(*checkTimeout)
-		if err != nil {
-			testingT.Fatalf("error parsing specified timeout flag: %v", err)
-		}
-		conf.CheckTimeout = timeout
-	}
-	if *oldListFlag || *newListFlag {
-		w := bufio.NewWriter(os.Stdout)
-		for _, name := range ListAll(conf) {
-			fmt.Fprintln(w, name)
-		}
-		w.Flush()
-		return
-	}
-	result := RunAll(conf)
-	println(result.String())
-	if !result.Passed() {
-		testingT.Fail()
-	}
-}
-
-// RunAll runs all test suites registered with the Suite function, using the
-// provided run configuration.
-func RunAll(runConf *RunConf) *Result {
-	result := Result{}
-	for _, suite := range allSuites {
-		result.Add(Run(suite, runConf))
-	}
-	return &result
-}
-
-// Run runs the provided test suite using the provided run configuration.
-func Run(suite interface{}, runConf *RunConf) *Result {
-	runner := newSuiteRunner(suite, runConf)
-	return runner.run()
-}
-
-// ListAll returns the names of all the test functions registered with the
-// Suite function that will be run with the provided run configuration.
-func ListAll(runConf *RunConf) []string {
-	var names []string
-	for _, suite := range allSuites {
-		names = append(names, List(suite, runConf)...)
-	}
-	return names
-}
-
-// List returns the names of the test functions in the given
-// suite that will be run with the provided run configuration.
-func List(suite interface{}, runConf *RunConf) []string {
-	var names []string
-	runner := newSuiteRunner(suite, runConf)
-	for _, t := range runner.tests {
-		names = append(names, t.String())
-	}
-	return names
-}
-
-// -----------------------------------------------------------------------
-// Result methods.
-
-func (r *Result) Add(other *Result) {
-	r.Succeeded += other.Succeeded
-	r.Skipped += other.Skipped
-	r.Failed += other.Failed
-	r.Panicked += other.Panicked
-	r.FixturePanicked += other.FixturePanicked
-	r.ExpectedFailures += other.ExpectedFailures
-	r.Missed += other.Missed
-	if r.WorkDir != "" && other.WorkDir != "" {
-		r.WorkDir += ":" + other.WorkDir
-	} else if other.WorkDir != "" {
-		r.WorkDir = other.WorkDir
-	}
-}
-
-func (r *Result) Passed() bool {
-	return (r.Failed == 0 && r.Panicked == 0 &&
-		r.FixturePanicked == 0 && r.Missed == 0 &&
-		r.RunError == nil)
-}
-
-func (r *Result) String() string {
-	if r.RunError != nil {
-		return "ERROR: " + r.RunError.Error()
-	}
-
-	var value string
-	if r.Failed == 0 && r.Panicked == 0 && r.FixturePanicked == 0 &&
-		r.Missed == 0 {
-		value = "OK: "
-	} else {
-		value = "OOPS: "
-	}
-	value += fmt.Sprintf("%d passed", r.Succeeded)
-	if r.Skipped != 0 {
-		value += fmt.Sprintf(", %d skipped", r.Skipped)
-	}
-	if r.ExpectedFailures != 0 {
-		value += fmt.Sprintf(", %d expected failures", r.ExpectedFailures)
-	}
-	if r.Failed != 0 {
-		value += fmt.Sprintf(", %d FAILED", r.Failed)
-	}
-	if r.Panicked != 0 {
-		value += fmt.Sprintf(", %d PANICKED", r.Panicked)
-	}
-	if r.FixturePanicked != 0 {
-		value += fmt.Sprintf(", %d FIXTURE-PANICKED", r.FixturePanicked)
-	}
-	if r.Missed != 0 {
-		value += fmt.Sprintf(", %d MISSED", r.Missed)
-	}
-	if r.WorkDir != "" {
-		value += "\nWORK=" + r.WorkDir
-	}
-	return value
-}
diff --git a/vendor/github.com/go-ini/ini/README.md b/vendor/github.com/go-ini/ini/README.md
deleted file mode 100644
index 85947422d70e7..0000000000000
--- a/vendor/github.com/go-ini/ini/README.md
+++ /dev/null
@@ -1,740 +0,0 @@
-INI [![Build Status](https://travis-ci.org/go-ini/ini.svg?branch=master)](https://travis-ci.org/go-ini/ini) [![Sourcegraph](https://sourcegraph.com/github.com/go-ini/ini/-/badge.svg)](https://sourcegraph.com/github.com/go-ini/ini?badge)
-===
-
-![](https://avatars0.githubusercontent.com/u/10216035?v=3&s=200)
-
-Package ini provides INI file read and write functionality in Go.
-
-[简体中文](README_ZH.md)
-
-## Feature
-
-- Load multiple data sources(`[]byte`, file and `io.ReadCloser`) with overwrites.
-- Read with recursion values.
-- Read with parent-child sections.
-- Read with auto-increment key names.
-- Read with multiple-line values.
-- Read with tons of helper methods.
-- Read and convert values to Go types.
-- Read and **WRITE** comments of sections and keys.
-- Manipulate sections, keys and comments with ease.
-- Keep sections and keys in order as you parse and save.
-
-## Installation
-
-To use a tagged revision:
-
-	go get gopkg.in/ini.v1
-
-To use with latest changes:
-
-	go get github.com/go-ini/ini
-
-Please add `-u` flag to update in the future.
-
-### Testing
-
-If you want to test on your machine, please apply `-t` flag:
-
-	go get -t gopkg.in/ini.v1
-
-Please add `-u` flag to update in the future.
-
-## Getting Started
-
-### Loading from data sources
-
-A **Data Source** is either raw data in type `[]byte`, a file name with type `string` or `io.ReadCloser`. You can load **as many data sources as you want**. Passing other types will simply return an error.
-
-```go
-cfg, err := ini.Load([]byte("raw data"), "filename", ioutil.NopCloser(bytes.NewReader([]byte("some other data"))))
-```
-
-Or start with an empty object:
-
-```go
-cfg := ini.Empty()
-```
-
-When you cannot decide how many data sources to load at the beginning, you will still be able to **Append()** them later.
-
-```go
-err := cfg.Append("other file", []byte("other raw data"))
-```
-
-If you have a list of files with possibilities that some of them may not available at the time, and you don't know exactly which ones, you can use `LooseLoad` to ignore nonexistent files without returning error.
-
-```go
-cfg, err := ini.LooseLoad("filename", "filename_404")
-```
-
-The cool thing is, whenever the file is available to load while you're calling `Reload` method, it will be counted as usual.
-
-#### Ignore cases of key name
-
-When you do not care about cases of section and key names, you can use `InsensitiveLoad` to force all names to be lowercased while parsing.
-
-```go
-cfg, err := ini.InsensitiveLoad("filename")
-//...
-
-// sec1 and sec2 are the exactly same section object
-sec1, err := cfg.GetSection("Section")
-sec2, err := cfg.GetSection("SecTIOn")
-
-// key1 and key2 are the exactly same key object
-key1, err := cfg.GetKey("Key")
-key2, err := cfg.GetKey("KeY")
-```
-
-#### MySQL-like boolean key 
-
-MySQL's configuration allows a key without value as follows:
-
-```ini
-[mysqld]
-...
-skip-host-cache
-skip-name-resolve
-```
-
-By default, this is considered as missing value. But if you know you're going to deal with those cases, you can assign advanced load options:
-
-```go
-cfg, err := LoadSources(LoadOptions{AllowBooleanKeys: true}, "my.cnf"))
-```
-
-The value of those keys are always `true`, and when you save to a file, it will keep in the same foramt as you read.
-
-To generate such keys in your program, you could use `NewBooleanKey`:
-
-```go
-key, err := sec.NewBooleanKey("skip-host-cache")
-```
-
-#### Comment
-
-Take care that following format will be treated as comment:
-
-1. Line begins with `#` or `;`
-2. Words after `#` or `;`
-3. Words after section name (i.e words after `[some section name]`)
-
-If you want to save a value with `#` or `;`, please quote them with ``` ` ``` or ``` """ ```.
-
-### Working with sections
-
-To get a section, you would need to:
-
-```go
-section, err := cfg.GetSection("section name")
-```
-
-For a shortcut for default section, just give an empty string as name:
-
-```go
-section, err := cfg.GetSection("")
-```
-
-When you're pretty sure the section exists, following code could make your life easier:
-
-```go
-section := cfg.Section("section name")
-```
-
-What happens when the section somehow does not exist? Don't panic, it automatically creates and returns a new section to you.
-
-To create a new section:
-
-```go
-err := cfg.NewSection("new section")
-```
-
-To get a list of sections or section names:
-
-```go
-sections := cfg.Sections()
-names := cfg.SectionStrings()
-```
-
-### Working with keys
-
-To get a key under a section:
-
-```go
-key, err := cfg.Section("").GetKey("key name")
-```
-
-Same rule applies to key operations:
-
-```go
-key := cfg.Section("").Key("key name")
-```
-
-To check if a key exists:
-
-```go
-yes := cfg.Section("").HasKey("key name")
-```
-
-To create a new key:
-
-```go
-err := cfg.Section("").NewKey("name", "value")
-```
-
-To get a list of keys or key names:
-
-```go
-keys := cfg.Section("").Keys()
-names := cfg.Section("").KeyStrings()
-```
-
-To get a clone hash of keys and corresponding values:
-
-```go
-hash := cfg.Section("").KeysHash()
-```
-
-### Working with values
-
-To get a string value:
-
-```go
-val := cfg.Section("").Key("key name").String()
-```
-
-To validate key value on the fly:
-
-```go
-val := cfg.Section("").Key("key name").Validate(func(in string) string {
-	if len(in) == 0 {
-		return "default"
-	}
-	return in
-})
-```
-
-If you do not want any auto-transformation (such as recursive read) for the values, you can get raw value directly (this way you get much better performance):
-
-```go
-val := cfg.Section("").Key("key name").Value()
-```
-
-To check if raw value exists:
-
-```go
-yes := cfg.Section("").HasValue("test value")
-```
-
-To get value with types:
-
-```go
-// For boolean values:
-// true when value is: 1, t, T, TRUE, true, True, YES, yes, Yes, y, ON, on, On
-// false when value is: 0, f, F, FALSE, false, False, NO, no, No, n, OFF, off, Off
-v, err = cfg.Section("").Key("BOOL").Bool()
-v, err = cfg.Section("").Key("FLOAT64").Float64()
-v, err = cfg.Section("").Key("INT").Int()
-v, err = cfg.Section("").Key("INT64").Int64()
-v, err = cfg.Section("").Key("UINT").Uint()
-v, err = cfg.Section("").Key("UINT64").Uint64()
-v, err = cfg.Section("").Key("TIME").TimeFormat(time.RFC3339)
-v, err = cfg.Section("").Key("TIME").Time() // RFC3339
-
-v = cfg.Section("").Key("BOOL").MustBool()
-v = cfg.Section("").Key("FLOAT64").MustFloat64()
-v = cfg.Section("").Key("INT").MustInt()
-v = cfg.Section("").Key("INT64").MustInt64()
-v = cfg.Section("").Key("UINT").MustUint()
-v = cfg.Section("").Key("UINT64").MustUint64()
-v = cfg.Section("").Key("TIME").MustTimeFormat(time.RFC3339)
-v = cfg.Section("").Key("TIME").MustTime() // RFC3339
-
-// Methods start with Must also accept one argument for default value
-// when key not found or fail to parse value to given type.
-// Except method MustString, which you have to pass a default value.
-
-v = cfg.Section("").Key("String").MustString("default")
-v = cfg.Section("").Key("BOOL").MustBool(true)
-v = cfg.Section("").Key("FLOAT64").MustFloat64(1.25)
-v = cfg.Section("").Key("INT").MustInt(10)
-v = cfg.Section("").Key("INT64").MustInt64(99)
-v = cfg.Section("").Key("UINT").MustUint(3)
-v = cfg.Section("").Key("UINT64").MustUint64(6)
-v = cfg.Section("").Key("TIME").MustTimeFormat(time.RFC3339, time.Now())
-v = cfg.Section("").Key("TIME").MustTime(time.Now()) // RFC3339
-```
-
-What if my value is three-line long?
-
-```ini
-[advance]
-ADDRESS = """404 road,
-NotFound, State, 5000
-Earth"""
-```
-
-Not a problem!
-
-```go
-cfg.Section("advance").Key("ADDRESS").String()
-
-/* --- start ---
-404 road,
-NotFound, State, 5000
-Earth
-------  end  --- */
-```
-
-That's cool, how about continuation lines?
-
-```ini
-[advance]
-two_lines = how about \
-	continuation lines?
-lots_of_lines = 1 \
-	2 \
-	3 \
-	4
-```
-
-Piece of cake!
-
-```go
-cfg.Section("advance").Key("two_lines").String() // how about continuation lines?
-cfg.Section("advance").Key("lots_of_lines").String() // 1 2 3 4
-```
-
-Well, I hate continuation lines, how do I disable that?
-
-```go
-cfg, err := ini.LoadSources(ini.LoadOptions{
-	IgnoreContinuation: true,
-}, "filename")
-```
-
-Holy crap! 
-
-Note that single quotes around values will be stripped:
-
-```ini
-foo = "some value" // foo: some value
-bar = 'some value' // bar: some value
-```
-
-That's all? Hmm, no.
-
-#### Helper methods of working with values
-
-To get value with given candidates:
-
-```go
-v = cfg.Section("").Key("STRING").In("default", []string{"str", "arr", "types"})
-v = cfg.Section("").Key("FLOAT64").InFloat64(1.1, []float64{1.25, 2.5, 3.75})
-v = cfg.Section("").Key("INT").InInt(5, []int{10, 20, 30})
-v = cfg.Section("").Key("INT64").InInt64(10, []int64{10, 20, 30})
-v = cfg.Section("").Key("UINT").InUint(4, []int{3, 6, 9})
-v = cfg.Section("").Key("UINT64").InUint64(8, []int64{3, 6, 9})
-v = cfg.Section("").Key("TIME").InTimeFormat(time.RFC3339, time.Now(), []time.Time{time1, time2, time3})
-v = cfg.Section("").Key("TIME").InTime(time.Now(), []time.Time{time1, time2, time3}) // RFC3339
-```
-
-Default value will be presented if value of key is not in candidates you given, and default value does not need be one of candidates.
-
-To validate value in a given range:
-
-```go
-vals = cfg.Section("").Key("FLOAT64").RangeFloat64(0.0, 1.1, 2.2)
-vals = cfg.Section("").Key("INT").RangeInt(0, 10, 20)
-vals = cfg.Section("").Key("INT64").RangeInt64(0, 10, 20)
-vals = cfg.Section("").Key("UINT").RangeUint(0, 3, 9)
-vals = cfg.Section("").Key("UINT64").RangeUint64(0, 3, 9)
-vals = cfg.Section("").Key("TIME").RangeTimeFormat(time.RFC3339, time.Now(), minTime, maxTime)
-vals = cfg.Section("").Key("TIME").RangeTime(time.Now(), minTime, maxTime) // RFC3339
-```
-
-##### Auto-split values into a slice
-
-To use zero value of type for invalid inputs:
-
-```go
-// Input: 1.1, 2.2, 3.3, 4.4 -> [1.1 2.2 3.3 4.4]
-// Input: how, 2.2, are, you -> [0.0 2.2 0.0 0.0]
-vals = cfg.Section("").Key("STRINGS").Strings(",")
-vals = cfg.Section("").Key("FLOAT64S").Float64s(",")
-vals = cfg.Section("").Key("INTS").Ints(",")
-vals = cfg.Section("").Key("INT64S").Int64s(",")
-vals = cfg.Section("").Key("UINTS").Uints(",")
-vals = cfg.Section("").Key("UINT64S").Uint64s(",")
-vals = cfg.Section("").Key("TIMES").Times(",")
-```
-
-To exclude invalid values out of result slice:
-
-```go
-// Input: 1.1, 2.2, 3.3, 4.4 -> [1.1 2.2 3.3 4.4]
-// Input: how, 2.2, are, you -> [2.2]
-vals = cfg.Section("").Key("FLOAT64S").ValidFloat64s(",")
-vals = cfg.Section("").Key("INTS").ValidInts(",")
-vals = cfg.Section("").Key("INT64S").ValidInt64s(",")
-vals = cfg.Section("").Key("UINTS").ValidUints(",")
-vals = cfg.Section("").Key("UINT64S").ValidUint64s(",")
-vals = cfg.Section("").Key("TIMES").ValidTimes(",")
-```
-
-Or to return nothing but error when have invalid inputs:
-
-```go
-// Input: 1.1, 2.2, 3.3, 4.4 -> [1.1 2.2 3.3 4.4]
-// Input: how, 2.2, are, you -> error
-vals = cfg.Section("").Key("FLOAT64S").StrictFloat64s(",")
-vals = cfg.Section("").Key("INTS").StrictInts(",")
-vals = cfg.Section("").Key("INT64S").StrictInt64s(",")
-vals = cfg.Section("").Key("UINTS").StrictUints(",")
-vals = cfg.Section("").Key("UINT64S").StrictUint64s(",")
-vals = cfg.Section("").Key("TIMES").StrictTimes(",")
-```
-
-### Save your configuration
-
-Finally, it's time to save your configuration to somewhere.
-
-A typical way to save configuration is writing it to a file:
-
-```go
-// ...
-err = cfg.SaveTo("my.ini")
-err = cfg.SaveToIndent("my.ini", "\t")
-```
-
-Another way to save is writing to a `io.Writer` interface:
-
-```go
-// ...
-cfg.WriteTo(writer)
-cfg.WriteToIndent(writer, "\t")
-```
-
-By default, spaces are used to align "=" sign between key and values, to disable that:
-
-```go
-ini.PrettyFormat = false
-``` 
-
-## Advanced Usage
-
-### Recursive Values
-
-For all value of keys, there is a special syntax `%(<name>)s`, where `<name>` is the key name in same section or default section, and `%(<name>)s` will be replaced by corresponding value(empty string if key not found). You can use this syntax at most 99 level of recursions.
-
-```ini
-NAME = ini
-
-[author]
-NAME = Unknwon
-GITHUB = https://github.com/%(NAME)s
-
-[package]
-FULL_NAME = github.com/go-ini/%(NAME)s
-```
-
-```go
-cfg.Section("author").Key("GITHUB").String()		// https://github.com/Unknwon
-cfg.Section("package").Key("FULL_NAME").String()	// github.com/go-ini/ini
-```
-
-### Parent-child Sections
-
-You can use `.` in section name to indicate parent-child relationship between two or more sections. If the key not found in the child section, library will try again on its parent section until there is no parent section.
-
-```ini
-NAME = ini
-VERSION = v1
-IMPORT_PATH = gopkg.in/%(NAME)s.%(VERSION)s
-
-[package]
-CLONE_URL = https://%(IMPORT_PATH)s
-
-[package.sub]
-```
-
-```go
-cfg.Section("package.sub").Key("CLONE_URL").String()	// https://gopkg.in/ini.v1
-```
-
-#### Retrieve parent keys available to a child section
-
-```go
-cfg.Section("package.sub").ParentKeys() // ["CLONE_URL"]
-```
-
-### Unparseable Sections
-
-Sometimes, you have sections that do not contain key-value pairs but raw content, to handle such case, you can use `LoadOptions.UnparsableSections`:
-
-```go
-cfg, err := LoadSources(LoadOptions{UnparseableSections: []string{"COMMENTS"}}, `[COMMENTS]
-<1><L.Slide#2> This slide has the fuel listed in the wrong units <e.1>`))
-
-body := cfg.Section("COMMENTS").Body()
-
-/* --- start ---
-<1><L.Slide#2> This slide has the fuel listed in the wrong units <e.1>
-------  end  --- */
-```
-
-### Auto-increment Key Names
-
-If key name is `-` in data source, then it would be seen as special syntax for auto-increment key name start from 1, and every section is independent on counter.
-
-```ini
-[features]
--: Support read/write comments of keys and sections
--: Support auto-increment of key names
--: Support load multiple files to overwrite key values
-```
-
-```go
-cfg.Section("features").KeyStrings()	// []{"#1", "#2", "#3"}
-```
-
-### Map To Struct
-
-Want more objective way to play with INI? Cool.
-
-```ini
-Name = Unknwon
-age = 21
-Male = true
-Born = 1993-01-01T20:17:05Z
-
-[Note]
-Content = Hi is a good man!
-Cities = HangZhou, Boston
-```
-
-```go
-type Note struct {
-	Content string
-	Cities  []string
-}
-
-type Person struct {
-	Name string
-	Age  int `ini:"age"`
-	Male bool
-	Born time.Time
-	Note
-	Created time.Time `ini:"-"`
-}
-
-func main() {
-	cfg, err := ini.Load("path/to/ini")
-	// ...
-	p := new(Person)
-	err = cfg.MapTo(p)
-	// ...
-
-	// Things can be simpler.
-	err = ini.MapTo(p, "path/to/ini")
-	// ...
-
-	// Just map a section? Fine.
-	n := new(Note)
-	err = cfg.Section("Note").MapTo(n)
-	// ...
-}
-```
-
-Can I have default value for field? Absolutely.
-
-Assign it before you map to struct. It will keep the value as it is if the key is not presented or got wrong type.
-
-```go
-// ...
-p := &Person{
-	Name: "Joe",
-}
-// ...
-```
-
-It's really cool, but what's the point if you can't give me my file back from struct?
-
-### Reflect From Struct
-
-Why not?
-
-```go
-type Embeded struct {
-	Dates  []time.Time `delim:"|"`
-	Places []string    `ini:"places,omitempty"`
-	None   []int       `ini:",omitempty"`
-}
-
-type Author struct {
-	Name      string `ini:"NAME"`
-	Male      bool
-	Age       int
-	GPA       float64
-	NeverMind string `ini:"-"`
-	*Embeded
-}
-
-func main() {
-	a := &Author{"Unknwon", true, 21, 2.8, "",
-		&Embeded{
-			[]time.Time{time.Now(), time.Now()},
-			[]string{"HangZhou", "Boston"},
-			[]int{},
-		}}
-	cfg := ini.Empty()
-	err = ini.ReflectFrom(cfg, a)
-	// ...
-}
-```
-
-So, what do I get?
-
-```ini
-NAME = Unknwon
-Male = true
-Age = 21
-GPA = 2.8
-
-[Embeded]
-Dates = 2015-08-07T22:14:22+08:00|2015-08-07T22:14:22+08:00
-places = HangZhou,Boston
-```
-
-#### Name Mapper
-
-To save your time and make your code cleaner, this library supports [`NameMapper`](https://gowalker.org/gopkg.in/ini.v1#NameMapper) between struct field and actual section and key name.
-
-There are 2 built-in name mappers:
-
-- `AllCapsUnderscore`: it converts to format `ALL_CAPS_UNDERSCORE` then match section or key.
-- `TitleUnderscore`: it converts to format `title_underscore` then match section or key.
-
-To use them:
-
-```go
-type Info struct {
-	PackageName string
-}
-
-func main() {
-	err = ini.MapToWithMapper(&Info{}, ini.TitleUnderscore, []byte("package_name=ini"))
-	// ...
-
-	cfg, err := ini.Load([]byte("PACKAGE_NAME=ini"))
-	// ...
-	info := new(Info)
-	cfg.NameMapper = ini.AllCapsUnderscore
-	err = cfg.MapTo(info)
-	// ...
-}
-```
-
-Same rules of name mapper apply to `ini.ReflectFromWithMapper` function.
-
-#### Value Mapper
-
-To expand values (e.g. from environment variables), you can use the `ValueMapper` to transform values:
-
-```go
-type Env struct {
-	Foo string `ini:"foo"`
-}
-
-func main() {
-	cfg, err := ini.Load([]byte("[env]\nfoo = ${MY_VAR}\n")
-	cfg.ValueMapper = os.ExpandEnv
-	// ...
-	env := &Env{}
-	err = cfg.Section("env").MapTo(env)
-}
-```
-
-This would set the value of `env.Foo` to the value of the environment variable `MY_VAR`.
-
-#### Other Notes On Map/Reflect
-
-Any embedded struct is treated as a section by default, and there is no automatic parent-child relations in map/reflect feature:
-
-```go
-type Child struct {
-	Age string
-}
-
-type Parent struct {
-	Name string
-	Child
-}
-
-type Config struct {
-	City string
-	Parent
-}
-```
-
-Example configuration:
-
-```ini
-City = Boston
-
-[Parent]
-Name = Unknwon
-
-[Child]
-Age = 21
-```
-
-What if, yes, I'm paranoid, I want embedded struct to be in the same section. Well, all roads lead to Rome.
-
-```go
-type Child struct {
-	Age string
-}
-
-type Parent struct {
-	Name string
-	Child `ini:"Parent"`
-}
-
-type Config struct {
-	City string
-	Parent
-}
-```
-
-Example configuration:
-
-```ini
-City = Boston
-
-[Parent]
-Name = Unknwon
-Age = 21
-```
-
-## Getting Help
-
-- [API Documentation](https://gowalker.org/gopkg.in/ini.v1)
-- [File An Issue](https://github.com/go-ini/ini/issues/new)
-
-## FAQs
-
-### What does `BlockMode` field do?
-
-By default, library lets you read and write values so we need a locker to make sure your data is safe. But in cases that you are very sure about only reading data through the library, you can set `cfg.BlockMode = false` to speed up read operations about **50-70%** faster.
-
-### Why another INI library?
-
-Many people are using my another INI library [goconfig](https://github.com/Unknwon/goconfig), so the reason for this one is I would like to make more Go style code. Also when you set `cfg.BlockMode = false`, this one is about **10-30%** faster.
-
-To make those changes I have to confirm API broken, so it's safer to keep it in another place and start using `gopkg.in` to version my package at this time.(PS: shorter import path)
-
-## License
-
-This project is under Apache v2 License. See the [LICENSE](LICENSE) file for the full license text.
diff --git a/vendor/github.com/go-ini/ini/README_ZH.md b/vendor/github.com/go-ini/ini/README_ZH.md
deleted file mode 100644
index 163432db9affe..0000000000000
--- a/vendor/github.com/go-ini/ini/README_ZH.md
+++ /dev/null
@@ -1,727 +0,0 @@
-本包提供了 Go 语言中读写 INI 文件的功能。
-
-## 功能特性
-
-- 支持覆盖加载多个数据源（`[]byte`、文件和 `io.ReadCloser`）
-- 支持递归读取键值
-- 支持读取父子分区
-- 支持读取自增键名
-- 支持读取多行的键值
-- 支持大量辅助方法
-- 支持在读取时直接转换为 Go 语言类型
-- 支持读取和 **写入** 分区和键的注释
-- 轻松操作分区、键值和注释
-- 在保存文件时分区和键值会保持原有的顺序
-
-## 下载安装
-
-使用一个特定版本：
-
-    go get gopkg.in/ini.v1
-
-使用最新版：
-
-	go get github.com/go-ini/ini
-
-如需更新请添加 `-u` 选项。
-
-### 测试安装
-
-如果您想要在自己的机器上运行测试，请使用 `-t` 标记：
-
-	go get -t gopkg.in/ini.v1
-
-如需更新请添加 `-u` 选项。
-
-## 开始使用
-
-### 从数据源加载
-
-一个 **数据源** 可以是 `[]byte` 类型的原始数据，`string` 类型的文件路径或 `io.ReadCloser`。您可以加载 **任意多个** 数据源。如果您传递其它类型的数据源，则会直接返回错误。
-
-```go
-cfg, err := ini.Load([]byte("raw data"), "filename", ioutil.NopCloser(bytes.NewReader([]byte("some other data"))))
-```
-
-或者从一个空白的文件开始：
-
-```go
-cfg := ini.Empty()
-```
-
-当您在一开始无法决定需要加载哪些数据源时，仍可以使用 **Append()** 在需要的时候加载它们。
-
-```go
-err := cfg.Append("other file", []byte("other raw data"))
-```
-
-当您想要加载一系列文件，但是不能够确定其中哪些文件是不存在的，可以通过调用函数 `LooseLoad` 来忽略它们（`Load` 会因为文件不存在而返回错误）：
-
-```go
-cfg, err := ini.LooseLoad("filename", "filename_404")
-```
-
-更牛逼的是，当那些之前不存在的文件在重新调用 `Reload` 方法的时候突然出现了，那么它们会被正常加载。
-
-#### 忽略键名的大小写
-
-有时候分区和键的名称大小写混合非常烦人，这个时候就可以通过 `InsensitiveLoad` 将所有分区和键名在读取里强制转换为小写：
-
-```go
-cfg, err := ini.InsensitiveLoad("filename")
-//...
-
-// sec1 和 sec2 指向同一个分区对象
-sec1, err := cfg.GetSection("Section")
-sec2, err := cfg.GetSection("SecTIOn")
-
-// key1 和 key2 指向同一个键对象
-key1, err := cfg.GetKey("Key")
-key2, err := cfg.GetKey("KeY")
-```
-
-#### 类似 MySQL 配置中的布尔值键
-
-MySQL 的配置文件中会出现没有具体值的布尔类型的键：
-
-```ini
-[mysqld]
-...
-skip-host-cache
-skip-name-resolve
-```
-
-默认情况下这被认为是缺失值而无法完成解析，但可以通过高级的加载选项对它们进行处理：
-
-```go
-cfg, err := LoadSources(LoadOptions{AllowBooleanKeys: true}, "my.cnf"))
-```
-
-这些键的值永远为 `true`，且在保存到文件时也只会输出键名。
-
-如果您想要通过程序来生成此类键，则可以使用 `NewBooleanKey`：
-
-```go
-key, err := sec.NewBooleanKey("skip-host-cache")
-```
-
-#### 关于注释
-
-下述几种情况的内容将被视为注释：
-
-1. 所有以 `#` 或 `;` 开头的行
-2. 所有在 `#` 或 `;` 之后的内容
-3. 分区标签后的文字 (即 `[分区名]` 之后的内容)
-
-如果你希望使用包含 `#` 或 `;` 的值，请使用 ``` ` ``` 或 ``` """ ``` 进行包覆。
-
-### 操作分区（Section）
-
-获取指定分区：
-
-```go
-section, err := cfg.GetSection("section name")
-```
-
-如果您想要获取默认分区，则可以用空字符串代替分区名：
-
-```go
-section, err := cfg.GetSection("")
-```
-
-当您非常确定某个分区是存在的，可以使用以下简便方法：
-
-```go
-section := cfg.Section("section name")
-```
-
-如果不小心判断错了，要获取的分区其实是不存在的，那会发生什么呢？没事的，它会自动创建并返回一个对应的分区对象给您。
-
-创建一个分区：
-
-```go
-err := cfg.NewSection("new section")
-```
-
-获取所有分区对象或名称：
-
-```go
-sections := cfg.Sections()
-names := cfg.SectionStrings()
-```
-
-### 操作键（Key）
-
-获取某个分区下的键：
-
-```go
-key, err := cfg.Section("").GetKey("key name")
-```
-
-和分区一样，您也可以直接获取键而忽略错误处理：
-
-```go
-key := cfg.Section("").Key("key name")
-```
-
-判断某个键是否存在：
-
-```go
-yes := cfg.Section("").HasKey("key name")
-```
-
-创建一个新的键：
-
-```go
-err := cfg.Section("").NewKey("name", "value")
-```
-
-获取分区下的所有键或键名：
-
-```go
-keys := cfg.Section("").Keys()
-names := cfg.Section("").KeyStrings()
-```
-
-获取分区下的所有键值对的克隆：
-
-```go
-hash := cfg.Section("").KeysHash()
-```
-
-### 操作键值（Value）
-
-获取一个类型为字符串（string）的值：
-
-```go
-val := cfg.Section("").Key("key name").String()
-```
-
-获取值的同时通过自定义函数进行处理验证：
-
-```go
-val := cfg.Section("").Key("key name").Validate(func(in string) string {
-	if len(in) == 0 {
-		return "default"
-	}
-	return in
-})
-```
-
-如果您不需要任何对值的自动转变功能（例如递归读取），可以直接获取原值（这种方式性能最佳）：
-
-```go
-val := cfg.Section("").Key("key name").Value()
-```
-
-判断某个原值是否存在：
-
-```go
-yes := cfg.Section("").HasValue("test value")
-```
-
-获取其它类型的值：
-
-```go
-// 布尔值的规则：
-// true 当值为：1, t, T, TRUE, true, True, YES, yes, Yes, y, ON, on, On
-// false 当值为：0, f, F, FALSE, false, False, NO, no, No, n, OFF, off, Off
-v, err = cfg.Section("").Key("BOOL").Bool()
-v, err = cfg.Section("").Key("FLOAT64").Float64()
-v, err = cfg.Section("").Key("INT").Int()
-v, err = cfg.Section("").Key("INT64").Int64()
-v, err = cfg.Section("").Key("UINT").Uint()
-v, err = cfg.Section("").Key("UINT64").Uint64()
-v, err = cfg.Section("").Key("TIME").TimeFormat(time.RFC3339)
-v, err = cfg.Section("").Key("TIME").Time() // RFC3339
-
-v = cfg.Section("").Key("BOOL").MustBool()
-v = cfg.Section("").Key("FLOAT64").MustFloat64()
-v = cfg.Section("").Key("INT").MustInt()
-v = cfg.Section("").Key("INT64").MustInt64()
-v = cfg.Section("").Key("UINT").MustUint()
-v = cfg.Section("").Key("UINT64").MustUint64()
-v = cfg.Section("").Key("TIME").MustTimeFormat(time.RFC3339)
-v = cfg.Section("").Key("TIME").MustTime() // RFC3339
-
-// 由 Must 开头的方法名允许接收一个相同类型的参数来作为默认值，
-// 当键不存在或者转换失败时，则会直接返回该默认值。
-// 但是，MustString 方法必须传递一个默认值。
-
-v = cfg.Seciont("").Key("String").MustString("default")
-v = cfg.Section("").Key("BOOL").MustBool(true)
-v = cfg.Section("").Key("FLOAT64").MustFloat64(1.25)
-v = cfg.Section("").Key("INT").MustInt(10)
-v = cfg.Section("").Key("INT64").MustInt64(99)
-v = cfg.Section("").Key("UINT").MustUint(3)
-v = cfg.Section("").Key("UINT64").MustUint64(6)
-v = cfg.Section("").Key("TIME").MustTimeFormat(time.RFC3339, time.Now())
-v = cfg.Section("").Key("TIME").MustTime(time.Now()) // RFC3339
-```
-
-如果我的值有好多行怎么办？
-
-```ini
-[advance]
-ADDRESS = """404 road,
-NotFound, State, 5000
-Earth"""
-```
-
-嗯哼？小 case！
-
-```go
-cfg.Section("advance").Key("ADDRESS").String()
-
-/* --- start ---
-404 road,
-NotFound, State, 5000
-Earth
-------  end  --- */
-```
-
-赞爆了！那要是我属于一行的内容写不下想要写到第二行怎么办？
-
-```ini
-[advance]
-two_lines = how about \
-	continuation lines?
-lots_of_lines = 1 \
-	2 \
-	3 \
-	4
-```
-
-简直是小菜一碟！
-
-```go
-cfg.Section("advance").Key("two_lines").String() // how about continuation lines?
-cfg.Section("advance").Key("lots_of_lines").String() // 1 2 3 4
-```
-
-可是我有时候觉得两行连在一起特别没劲，怎么才能不自动连接两行呢？
-
-```go
-cfg, err := ini.LoadSources(ini.LoadOptions{
-	IgnoreContinuation: true,
-}, "filename")
-```
-
-哇靠给力啊！
-
-需要注意的是，值两侧的单引号会被自动剔除：
-
-```ini
-foo = "some value" // foo: some value
-bar = 'some value' // bar: some value
-```
-
-这就是全部了？哈哈，当然不是。
-
-#### 操作键值的辅助方法
-
-获取键值时设定候选值：
-
-```go
-v = cfg.Section("").Key("STRING").In("default", []string{"str", "arr", "types"})
-v = cfg.Section("").Key("FLOAT64").InFloat64(1.1, []float64{1.25, 2.5, 3.75})
-v = cfg.Section("").Key("INT").InInt(5, []int{10, 20, 30})
-v = cfg.Section("").Key("INT64").InInt64(10, []int64{10, 20, 30})
-v = cfg.Section("").Key("UINT").InUint(4, []int{3, 6, 9})
-v = cfg.Section("").Key("UINT64").InUint64(8, []int64{3, 6, 9})
-v = cfg.Section("").Key("TIME").InTimeFormat(time.RFC3339, time.Now(), []time.Time{time1, time2, time3})
-v = cfg.Section("").Key("TIME").InTime(time.Now(), []time.Time{time1, time2, time3}) // RFC3339
-```
-
-如果获取到的值不是候选值的任意一个，则会返回默认值，而默认值不需要是候选值中的一员。
-
-验证获取的值是否在指定范围内：
-
-```go
-vals = cfg.Section("").Key("FLOAT64").RangeFloat64(0.0, 1.1, 2.2)
-vals = cfg.Section("").Key("INT").RangeInt(0, 10, 20)
-vals = cfg.Section("").Key("INT64").RangeInt64(0, 10, 20)
-vals = cfg.Section("").Key("UINT").RangeUint(0, 3, 9)
-vals = cfg.Section("").Key("UINT64").RangeUint64(0, 3, 9)
-vals = cfg.Section("").Key("TIME").RangeTimeFormat(time.RFC3339, time.Now(), minTime, maxTime)
-vals = cfg.Section("").Key("TIME").RangeTime(time.Now(), minTime, maxTime) // RFC3339
-```
-
-##### 自动分割键值到切片（slice）
-
-当存在无效输入时，使用零值代替：
-
-```go
-// Input: 1.1, 2.2, 3.3, 4.4 -> [1.1 2.2 3.3 4.4]
-// Input: how, 2.2, are, you -> [0.0 2.2 0.0 0.0]
-vals = cfg.Section("").Key("STRINGS").Strings(",")
-vals = cfg.Section("").Key("FLOAT64S").Float64s(",")
-vals = cfg.Section("").Key("INTS").Ints(",")
-vals = cfg.Section("").Key("INT64S").Int64s(",")
-vals = cfg.Section("").Key("UINTS").Uints(",")
-vals = cfg.Section("").Key("UINT64S").Uint64s(",")
-vals = cfg.Section("").Key("TIMES").Times(",")
-```
-
-从结果切片中剔除无效输入：
-
-```go
-// Input: 1.1, 2.2, 3.3, 4.4 -> [1.1 2.2 3.3 4.4]
-// Input: how, 2.2, are, you -> [2.2]
-vals = cfg.Section("").Key("FLOAT64S").ValidFloat64s(",")
-vals = cfg.Section("").Key("INTS").ValidInts(",")
-vals = cfg.Section("").Key("INT64S").ValidInt64s(",")
-vals = cfg.Section("").Key("UINTS").ValidUints(",")
-vals = cfg.Section("").Key("UINT64S").ValidUint64s(",")
-vals = cfg.Section("").Key("TIMES").ValidTimes(",")
-```
-
-当存在无效输入时，直接返回错误：
-
-```go
-// Input: 1.1, 2.2, 3.3, 4.4 -> [1.1 2.2 3.3 4.4]
-// Input: how, 2.2, are, you -> error
-vals = cfg.Section("").Key("FLOAT64S").StrictFloat64s(",")
-vals = cfg.Section("").Key("INTS").StrictInts(",")
-vals = cfg.Section("").Key("INT64S").StrictInt64s(",")
-vals = cfg.Section("").Key("UINTS").StrictUints(",")
-vals = cfg.Section("").Key("UINT64S").StrictUint64s(",")
-vals = cfg.Section("").Key("TIMES").StrictTimes(",")
-```
-
-### 保存配置
-
-终于到了这个时刻，是时候保存一下配置了。
-
-比较原始的做法是输出配置到某个文件：
-
-```go
-// ...
-err = cfg.SaveTo("my.ini")
-err = cfg.SaveToIndent("my.ini", "\t")
-```
-
-另一个比较高级的做法是写入到任何实现 `io.Writer` 接口的对象中：
-
-```go
-// ...
-cfg.WriteTo(writer)
-cfg.WriteToIndent(writer, "\t")
-```
-
-默认情况下，空格将被用于对齐键值之间的等号以美化输出结果，以下代码可以禁用该功能：
-
-```go
-ini.PrettyFormat = false
-``` 
-
-## 高级用法
-
-### 递归读取键值
-
-在获取所有键值的过程中，特殊语法 `%(<name>)s` 会被应用，其中 `<name>` 可以是相同分区或者默认分区下的键名。字符串 `%(<name>)s` 会被相应的键值所替代，如果指定的键不存在，则会用空字符串替代。您可以最多使用 99 层的递归嵌套。
-
-```ini
-NAME = ini
-
-[author]
-NAME = Unknwon
-GITHUB = https://github.com/%(NAME)s
-
-[package]
-FULL_NAME = github.com/go-ini/%(NAME)s
-```
-
-```go
-cfg.Section("author").Key("GITHUB").String()		// https://github.com/Unknwon
-cfg.Section("package").Key("FULL_NAME").String()	// github.com/go-ini/ini
-```
-
-### 读取父子分区
-
-您可以在分区名称中使用 `.` 来表示两个或多个分区之间的父子关系。如果某个键在子分区中不存在，则会去它的父分区中再次寻找，直到没有父分区为止。
-
-```ini
-NAME = ini
-VERSION = v1
-IMPORT_PATH = gopkg.in/%(NAME)s.%(VERSION)s
-
-[package]
-CLONE_URL = https://%(IMPORT_PATH)s
-
-[package.sub]
-```
-
-```go
-cfg.Section("package.sub").Key("CLONE_URL").String()	// https://gopkg.in/ini.v1
-```
-
-#### 获取上级父分区下的所有键名
-
-```go
-cfg.Section("package.sub").ParentKeys() // ["CLONE_URL"]
-```
-
-### 无法解析的分区
-
-如果遇到一些比较特殊的分区，它们不包含常见的键值对，而是没有固定格式的纯文本，则可以使用 `LoadOptions.UnparsableSections` 进行处理：
-
-```go
-cfg, err := LoadSources(LoadOptions{UnparseableSections: []string{"COMMENTS"}}, `[COMMENTS]
-<1><L.Slide#2> This slide has the fuel listed in the wrong units <e.1>`))
-
-body := cfg.Section("COMMENTS").Body()
-
-/* --- start ---
-<1><L.Slide#2> This slide has the fuel listed in the wrong units <e.1>
-------  end  --- */
-```
-
-### 读取自增键名
-
-如果数据源中的键名为 `-`，则认为该键使用了自增键名的特殊语法。计数器从 1 开始，并且分区之间是相互独立的。
-
-```ini
-[features]
--: Support read/write comments of keys and sections
--: Support auto-increment of key names
--: Support load multiple files to overwrite key values
-```
-
-```go
-cfg.Section("features").KeyStrings()	// []{"#1", "#2", "#3"}
-```
-
-### 映射到结构
-
-想要使用更加面向对象的方式玩转 INI 吗？好主意。
-
-```ini
-Name = Unknwon
-age = 21
-Male = true
-Born = 1993-01-01T20:17:05Z
-
-[Note]
-Content = Hi is a good man!
-Cities = HangZhou, Boston
-```
-
-```go
-type Note struct {
-	Content string
-	Cities  []string
-}
-
-type Person struct {
-	Name string
-	Age  int `ini:"age"`
-	Male bool
-	Born time.Time
-	Note
-	Created time.Time `ini:"-"`
-}
-
-func main() {
-	cfg, err := ini.Load("path/to/ini")
-	// ...
-	p := new(Person)
-	err = cfg.MapTo(p)
-	// ...
-
-	// 一切竟可以如此的简单。
-	err = ini.MapTo(p, "path/to/ini")
-	// ...
-
-	// 嗯哼？只需要映射一个分区吗？
-	n := new(Note)
-	err = cfg.Section("Note").MapTo(n)
-	// ...
-}
-```
-
-结构的字段怎么设置默认值呢？很简单，只要在映射之前对指定字段进行赋值就可以了。如果键未找到或者类型错误，该值不会发生改变。
-
-```go
-// ...
-p := &Person{
-	Name: "Joe",
-}
-// ...
-```
-
-这样玩 INI 真的好酷啊！然而，如果不能还给我原来的配置文件，有什么卵用？
-
-### 从结构反射
-
-可是，我有说不能吗？
-
-```go
-type Embeded struct {
-	Dates  []time.Time `delim:"|"`
-	Places []string    `ini:"places,omitempty"`
-	None   []int       `ini:",omitempty"`
-}
-
-type Author struct {
-	Name      string `ini:"NAME"`
-	Male      bool
-	Age       int
-	GPA       float64
-	NeverMind string `ini:"-"`
-	*Embeded
-}
-
-func main() {
-	a := &Author{"Unknwon", true, 21, 2.8, "",
-		&Embeded{
-			[]time.Time{time.Now(), time.Now()},
-			[]string{"HangZhou", "Boston"},
-			[]int{},
-		}}
-	cfg := ini.Empty()
-	err = ini.ReflectFrom(cfg, a)
-	// ...
-}
-```
-
-瞧瞧，奇迹发生了。
-
-```ini
-NAME = Unknwon
-Male = true
-Age = 21
-GPA = 2.8
-
-[Embeded]
-Dates = 2015-08-07T22:14:22+08:00|2015-08-07T22:14:22+08:00
-places = HangZhou,Boston
-```
-
-#### 名称映射器（Name Mapper）
-
-为了节省您的时间并简化代码，本库支持类型为 [`NameMapper`](https://gowalker.org/gopkg.in/ini.v1#NameMapper) 的名称映射器，该映射器负责结构字段名与分区名和键名之间的映射。
-
-目前有 2 款内置的映射器：
-
-- `AllCapsUnderscore`：该映射器将字段名转换至格式 `ALL_CAPS_UNDERSCORE` 后再去匹配分区名和键名。
-- `TitleUnderscore`：该映射器将字段名转换至格式 `title_underscore` 后再去匹配分区名和键名。
-
-使用方法：
-
-```go
-type Info struct{
-	PackageName string
-}
-
-func main() {
-	err = ini.MapToWithMapper(&Info{}, ini.TitleUnderscore, []byte("package_name=ini"))
-	// ...
-
-	cfg, err := ini.Load([]byte("PACKAGE_NAME=ini"))
-	// ...
-	info := new(Info)
-	cfg.NameMapper = ini.AllCapsUnderscore
-	err = cfg.MapTo(info)
-	// ...
-}
-```
-
-使用函数 `ini.ReflectFromWithMapper` 时也可应用相同的规则。
-
-#### 值映射器（Value Mapper）
-
-值映射器允许使用一个自定义函数自动展开值的具体内容，例如：运行时获取环境变量：
-
-```go
-type Env struct {
-	Foo string `ini:"foo"`
-}
-
-func main() {
-	cfg, err := ini.Load([]byte("[env]\nfoo = ${MY_VAR}\n")
-	cfg.ValueMapper = os.ExpandEnv
-	// ...
-	env := &Env{}
-	err = cfg.Section("env").MapTo(env)
-}
-```
-
-本例中，`env.Foo` 将会是运行时所获取到环境变量 `MY_VAR` 的值。
-
-#### 映射/反射的其它说明
-
-任何嵌入的结构都会被默认认作一个不同的分区，并且不会自动产生所谓的父子分区关联：
-
-```go
-type Child struct {
-	Age string
-}
-
-type Parent struct {
-	Name string
-	Child
-}
-
-type Config struct {
-	City string
-	Parent
-}
-```
-
-示例配置文件：
-
-```ini
-City = Boston
-
-[Parent]
-Name = Unknwon
-
-[Child]
-Age = 21
-```
-
-很好，但是，我就是要嵌入结构也在同一个分区。好吧，你爹是李刚！
-
-```go
-type Child struct {
-	Age string
-}
-
-type Parent struct {
-	Name string
-	Child `ini:"Parent"`
-}
-
-type Config struct {
-	City string
-	Parent
-}
-```
-
-示例配置文件：
-
-```ini
-City = Boston
-
-[Parent]
-Name = Unknwon
-Age = 21
-```
-
-## 获取帮助
-
-- [API 文档](https://gowalker.org/gopkg.in/ini.v1)
-- [创建工单](https://github.com/go-ini/ini/issues/new)
-
-## 常见问题
-
-### 字段 `BlockMode` 是什么？
-
-默认情况下，本库会在您进行读写操作时采用锁机制来确保数据时间。但在某些情况下，您非常确定只进行读操作。此时，您可以通过设置 `cfg.BlockMode = false` 来将读操作提升大约 **50-70%** 的性能。
-
-### 为什么要写另一个 INI 解析库？
-
-许多人都在使用我的 [goconfig](https://github.com/Unknwon/goconfig) 来完成对 INI 文件的操作，但我希望使用更加 Go 风格的代码。并且当您设置 `cfg.BlockMode = false` 时，会有大约 **10-30%** 的性能提升。
-
-为了做出这些改变，我必须对 API 进行破坏，所以新开一个仓库是最安全的做法。除此之外，本库直接使用 `gopkg.in` 来进行版本化发布。（其实真相是导入路径更短了）
diff --git a/vendor/github.com/go-ini/ini/error.go b/vendor/github.com/go-ini/ini/error.go
deleted file mode 100644
index 80afe7431584a..0000000000000
--- a/vendor/github.com/go-ini/ini/error.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2016 Unknwon
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package ini
-
-import (
-	"fmt"
-)
-
-type ErrDelimiterNotFound struct {
-	Line string
-}
-
-func IsErrDelimiterNotFound(err error) bool {
-	_, ok := err.(ErrDelimiterNotFound)
-	return ok
-}
-
-func (err ErrDelimiterNotFound) Error() string {
-	return fmt.Sprintf("key-value delimiter not found: %s", err.Line)
-}
diff --git a/vendor/github.com/go-ini/ini/ini.go b/vendor/github.com/go-ini/ini/ini.go
deleted file mode 100644
index 68d73aa750c7f..0000000000000
--- a/vendor/github.com/go-ini/ini/ini.go
+++ /dev/null
@@ -1,549 +0,0 @@
-// Copyright 2014 Unknwon
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-// Package ini provides INI file read and write functionality in Go.
-package ini
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"regexp"
-	"runtime"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-)
-
-const (
-	// Name for default section. You can use this constant or the string literal.
-	// In most of cases, an empty string is all you need to access the section.
-	DEFAULT_SECTION = "DEFAULT"
-
-	// Maximum allowed depth when recursively substituing variable names.
-	_DEPTH_VALUES = 99
-	_VERSION      = "1.25.4"
-)
-
-// Version returns current package version literal.
-func Version() string {
-	return _VERSION
-}
-
-var (
-	// Delimiter to determine or compose a new line.
-	// This variable will be changed to "\r\n" automatically on Windows
-	// at package init time.
-	LineBreak = "\n"
-
-	// Variable regexp pattern: %(variable)s
-	varPattern = regexp.MustCompile(`%\(([^\)]+)\)s`)
-
-	// Indicate whether to align "=" sign with spaces to produce pretty output
-	// or reduce all possible spaces for compact format.
-	PrettyFormat = true
-
-	// Explicitly write DEFAULT section header
-	DefaultHeader = false
-)
-
-func init() {
-	if runtime.GOOS == "windows" {
-		LineBreak = "\r\n"
-	}
-}
-
-func inSlice(str string, s []string) bool {
-	for _, v := range s {
-		if str == v {
-			return true
-		}
-	}
-	return false
-}
-
-// dataSource is an interface that returns object which can be read and closed.
-type dataSource interface {
-	ReadCloser() (io.ReadCloser, error)
-}
-
-// sourceFile represents an object that contains content on the local file system.
-type sourceFile struct {
-	name string
-}
-
-func (s sourceFile) ReadCloser() (_ io.ReadCloser, err error) {
-	return os.Open(s.name)
-}
-
-type bytesReadCloser struct {
-	reader io.Reader
-}
-
-func (rc *bytesReadCloser) Read(p []byte) (n int, err error) {
-	return rc.reader.Read(p)
-}
-
-func (rc *bytesReadCloser) Close() error {
-	return nil
-}
-
-// sourceData represents an object that contains content in memory.
-type sourceData struct {
-	data []byte
-}
-
-func (s *sourceData) ReadCloser() (io.ReadCloser, error) {
-	return ioutil.NopCloser(bytes.NewReader(s.data)), nil
-}
-
-// sourceReadCloser represents an input stream with Close method.
-type sourceReadCloser struct {
-	reader io.ReadCloser
-}
-
-func (s *sourceReadCloser) ReadCloser() (io.ReadCloser, error) {
-	return s.reader, nil
-}
-
-// File represents a combination of a or more INI file(s) in memory.
-type File struct {
-	// Should make things safe, but sometimes doesn't matter.
-	BlockMode bool
-	// Make sure data is safe in multiple goroutines.
-	lock sync.RWMutex
-
-	// Allow combination of multiple data sources.
-	dataSources []dataSource
-	// Actual data is stored here.
-	sections map[string]*Section
-
-	// To keep data in order.
-	sectionList []string
-
-	options LoadOptions
-
-	NameMapper
-	ValueMapper
-}
-
-// newFile initializes File object with given data sources.
-func newFile(dataSources []dataSource, opts LoadOptions) *File {
-	return &File{
-		BlockMode:   true,
-		dataSources: dataSources,
-		sections:    make(map[string]*Section),
-		sectionList: make([]string, 0, 10),
-		options:     opts,
-	}
-}
-
-func parseDataSource(source interface{}) (dataSource, error) {
-	switch s := source.(type) {
-	case string:
-		return sourceFile{s}, nil
-	case []byte:
-		return &sourceData{s}, nil
-	case io.ReadCloser:
-		return &sourceReadCloser{s}, nil
-	default:
-		return nil, fmt.Errorf("error parsing data source: unknown type '%s'", s)
-	}
-}
-
-type LoadOptions struct {
-	// Loose indicates whether the parser should ignore nonexistent files or return error.
-	Loose bool
-	// Insensitive indicates whether the parser forces all section and key names to lowercase.
-	Insensitive bool
-	// IgnoreContinuation indicates whether to ignore continuation lines while parsing.
-	IgnoreContinuation bool
-	// AllowBooleanKeys indicates whether to allow boolean type keys or treat as value is missing.
-	// This type of keys are mostly used in my.cnf.
-	AllowBooleanKeys bool
-	// AllowShadows indicates whether to keep track of keys with same name under same section.
-	AllowShadows bool
-	// Some INI formats allow group blocks that store a block of raw content that doesn't otherwise
-	// conform to key/value pairs. Specify the names of those blocks here.
-	UnparseableSections []string
-}
-
-func LoadSources(opts LoadOptions, source interface{}, others ...interface{}) (_ *File, err error) {
-	sources := make([]dataSource, len(others)+1)
-	sources[0], err = parseDataSource(source)
-	if err != nil {
-		return nil, err
-	}
-	for i := range others {
-		sources[i+1], err = parseDataSource(others[i])
-		if err != nil {
-			return nil, err
-		}
-	}
-	f := newFile(sources, opts)
-	if err = f.Reload(); err != nil {
-		return nil, err
-	}
-	return f, nil
-}
-
-// Load loads and parses from INI data sources.
-// Arguments can be mixed of file name with string type, or raw data in []byte.
-// It will return error if list contains nonexistent files.
-func Load(source interface{}, others ...interface{}) (*File, error) {
-	return LoadSources(LoadOptions{}, source, others...)
-}
-
-// LooseLoad has exactly same functionality as Load function
-// except it ignores nonexistent files instead of returning error.
-func LooseLoad(source interface{}, others ...interface{}) (*File, error) {
-	return LoadSources(LoadOptions{Loose: true}, source, others...)
-}
-
-// InsensitiveLoad has exactly same functionality as Load function
-// except it forces all section and key names to be lowercased.
-func InsensitiveLoad(source interface{}, others ...interface{}) (*File, error) {
-	return LoadSources(LoadOptions{Insensitive: true}, source, others...)
-}
-
-// InsensitiveLoad has exactly same functionality as Load function
-// except it allows have shadow keys.
-func ShadowLoad(source interface{}, others ...interface{}) (*File, error) {
-	return LoadSources(LoadOptions{AllowShadows: true}, source, others...)
-}
-
-// Empty returns an empty file object.
-func Empty() *File {
-	// Ignore error here, we sure our data is good.
-	f, _ := Load([]byte(""))
-	return f
-}
-
-// NewSection creates a new section.
-func (f *File) NewSection(name string) (*Section, error) {
-	if len(name) == 0 {
-		return nil, errors.New("error creating new section: empty section name")
-	} else if f.options.Insensitive && name != DEFAULT_SECTION {
-		name = strings.ToLower(name)
-	}
-
-	if f.BlockMode {
-		f.lock.Lock()
-		defer f.lock.Unlock()
-	}
-
-	if inSlice(name, f.sectionList) {
-		return f.sections[name], nil
-	}
-
-	f.sectionList = append(f.sectionList, name)
-	f.sections[name] = newSection(f, name)
-	return f.sections[name], nil
-}
-
-// NewRawSection creates a new section with an unparseable body.
-func (f *File) NewRawSection(name, body string) (*Section, error) {
-	section, err := f.NewSection(name)
-	if err != nil {
-		return nil, err
-	}
-
-	section.isRawSection = true
-	section.rawBody = body
-	return section, nil
-}
-
-// NewSections creates a list of sections.
-func (f *File) NewSections(names ...string) (err error) {
-	for _, name := range names {
-		if _, err = f.NewSection(name); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// GetSection returns section by given name.
-func (f *File) GetSection(name string) (*Section, error) {
-	if len(name) == 0 {
-		name = DEFAULT_SECTION
-	} else if f.options.Insensitive {
-		name = strings.ToLower(name)
-	}
-
-	if f.BlockMode {
-		f.lock.RLock()
-		defer f.lock.RUnlock()
-	}
-
-	sec := f.sections[name]
-	if sec == nil {
-		return nil, fmt.Errorf("section '%s' does not exist", name)
-	}
-	return sec, nil
-}
-
-// Section assumes named section exists and returns a zero-value when not.
-func (f *File) Section(name string) *Section {
-	sec, err := f.GetSection(name)
-	if err != nil {
-		// Note: It's OK here because the only possible error is empty section name,
-		// but if it's empty, this piece of code won't be executed.
-		sec, _ = f.NewSection(name)
-		return sec
-	}
-	return sec
-}
-
-// Section returns list of Section.
-func (f *File) Sections() []*Section {
-	sections := make([]*Section, len(f.sectionList))
-	for i := range f.sectionList {
-		sections[i] = f.Section(f.sectionList[i])
-	}
-	return sections
-}
-
-// SectionStrings returns list of section names.
-func (f *File) SectionStrings() []string {
-	list := make([]string, len(f.sectionList))
-	copy(list, f.sectionList)
-	return list
-}
-
-// DeleteSection deletes a section.
-func (f *File) DeleteSection(name string) {
-	if f.BlockMode {
-		f.lock.Lock()
-		defer f.lock.Unlock()
-	}
-
-	if len(name) == 0 {
-		name = DEFAULT_SECTION
-	}
-
-	for i, s := range f.sectionList {
-		if s == name {
-			f.sectionList = append(f.sectionList[:i], f.sectionList[i+1:]...)
-			delete(f.sections, name)
-			return
-		}
-	}
-}
-
-func (f *File) reload(s dataSource) error {
-	r, err := s.ReadCloser()
-	if err != nil {
-		return err
-	}
-	defer r.Close()
-
-	return f.parse(r)
-}
-
-// Reload reloads and parses all data sources.
-func (f *File) Reload() (err error) {
-	for _, s := range f.dataSources {
-		if err = f.reload(s); err != nil {
-			// In loose mode, we create an empty default section for nonexistent files.
-			if os.IsNotExist(err) && f.options.Loose {
-				f.parse(bytes.NewBuffer(nil))
-				continue
-			}
-			return err
-		}
-	}
-	return nil
-}
-
-// Append appends one or more data sources and reloads automatically.
-func (f *File) Append(source interface{}, others ...interface{}) error {
-	ds, err := parseDataSource(source)
-	if err != nil {
-		return err
-	}
-	f.dataSources = append(f.dataSources, ds)
-	for _, s := range others {
-		ds, err = parseDataSource(s)
-		if err != nil {
-			return err
-		}
-		f.dataSources = append(f.dataSources, ds)
-	}
-	return f.Reload()
-}
-
-// WriteToIndent writes content into io.Writer with given indention.
-// If PrettyFormat has been set to be true,
-// it will align "=" sign with spaces under each section.
-func (f *File) WriteToIndent(w io.Writer, indent string) (n int64, err error) {
-	equalSign := "="
-	if PrettyFormat {
-		equalSign = " = "
-	}
-
-	// Use buffer to make sure target is safe until finish encoding.
-	buf := bytes.NewBuffer(nil)
-	for i, sname := range f.sectionList {
-		sec := f.Section(sname)
-		if len(sec.Comment) > 0 {
-			if sec.Comment[0] != '#' && sec.Comment[0] != ';' {
-				sec.Comment = "; " + sec.Comment
-			}
-			if _, err = buf.WriteString(sec.Comment + LineBreak); err != nil {
-				return 0, err
-			}
-		}
-
-		if i > 0 || DefaultHeader {
-			if _, err = buf.WriteString("[" + sname + "]" + LineBreak); err != nil {
-				return 0, err
-			}
-		} else {
-			// Write nothing if default section is empty
-			if len(sec.keyList) == 0 {
-				continue
-			}
-		}
-
-		if sec.isRawSection {
-			if _, err = buf.WriteString(sec.rawBody); err != nil {
-				return 0, err
-			}
-			continue
-		}
-
-		// Count and generate alignment length and buffer spaces using the
-		// longest key. Keys may be modifed if they contain certain characters so
-		// we need to take that into account in our calculation.
-		alignLength := 0
-		if PrettyFormat {
-			for _, kname := range sec.keyList {
-				keyLength := len(kname)
-				// First case will surround key by ` and second by """
-				if strings.ContainsAny(kname, "\"=:") {
-					keyLength += 2
-				} else if strings.Contains(kname, "`") {
-					keyLength += 6
-				}
-
-				if keyLength > alignLength {
-					alignLength = keyLength
-				}
-			}
-		}
-		alignSpaces := bytes.Repeat([]byte(" "), alignLength)
-
-	KEY_LIST:
-		for _, kname := range sec.keyList {
-			key := sec.Key(kname)
-			if len(key.Comment) > 0 {
-				if len(indent) > 0 && sname != DEFAULT_SECTION {
-					buf.WriteString(indent)
-				}
-				if key.Comment[0] != '#' && key.Comment[0] != ';' {
-					key.Comment = "; " + key.Comment
-				}
-				if _, err = buf.WriteString(key.Comment + LineBreak); err != nil {
-					return 0, err
-				}
-			}
-
-			if len(indent) > 0 && sname != DEFAULT_SECTION {
-				buf.WriteString(indent)
-			}
-
-			switch {
-			case key.isAutoIncrement:
-				kname = "-"
-			case strings.ContainsAny(kname, "\"=:"):
-				kname = "`" + kname + "`"
-			case strings.Contains(kname, "`"):
-				kname = `"""` + kname + `"""`
-			}
-
-			for _, val := range key.ValueWithShadows() {
-				if _, err = buf.WriteString(kname); err != nil {
-					return 0, err
-				}
-
-				if key.isBooleanType {
-					if kname != sec.keyList[len(sec.keyList)-1] {
-						buf.WriteString(LineBreak)
-					}
-					continue KEY_LIST
-				}
-
-				// Write out alignment spaces before "=" sign
-				if PrettyFormat {
-					buf.Write(alignSpaces[:alignLength-len(kname)])
-				}
-
-				// In case key value contains "\n", "`", "\"", "#" or ";"
-				if strings.ContainsAny(val, "\n`") {
-					val = `"""` + val + `"""`
-				} else if strings.ContainsAny(val, "#;") {
-					val = "`" + val + "`"
-				}
-				if _, err = buf.WriteString(equalSign + val + LineBreak); err != nil {
-					return 0, err
-				}
-			}
-		}
-
-		// Put a line between sections
-		if _, err = buf.WriteString(LineBreak); err != nil {
-			return 0, err
-		}
-	}
-
-	return buf.WriteTo(w)
-}
-
-// WriteTo writes file content into io.Writer.
-func (f *File) WriteTo(w io.Writer) (int64, error) {
-	return f.WriteToIndent(w, "")
-}
-
-// SaveToIndent writes content to file system with given value indention.
-func (f *File) SaveToIndent(filename, indent string) error {
-	// Note: Because we are truncating with os.Create,
-	// 	so it's safer to save to a temporary file location and rename afte done.
-	tmpPath := filename + "." + strconv.Itoa(time.Now().Nanosecond()) + ".tmp"
-	defer os.Remove(tmpPath)
-
-	fw, err := os.Create(tmpPath)
-	if err != nil {
-		return err
-	}
-
-	if _, err = f.WriteToIndent(fw, indent); err != nil {
-		fw.Close()
-		return err
-	}
-	fw.Close()
-
-	// Remove old file and rename the new one.
-	os.Remove(filename)
-	return os.Rename(tmpPath, filename)
-}
-
-// SaveTo writes content to file system.
-func (f *File) SaveTo(filename string) error {
-	return f.SaveToIndent(filename, "")
-}
diff --git a/vendor/github.com/go-ini/ini/key.go b/vendor/github.com/go-ini/ini/key.go
deleted file mode 100644
index 852696f4c4fa6..0000000000000
--- a/vendor/github.com/go-ini/ini/key.go
+++ /dev/null
@@ -1,703 +0,0 @@
-// Copyright 2014 Unknwon
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package ini
-
-import (
-	"errors"
-	"fmt"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// Key represents a key under a section.
-type Key struct {
-	s               *Section
-	name            string
-	value           string
-	isAutoIncrement bool
-	isBooleanType   bool
-
-	isShadow bool
-	shadows  []*Key
-
-	Comment string
-}
-
-// newKey simply return a key object with given values.
-func newKey(s *Section, name, val string) *Key {
-	return &Key{
-		s:     s,
-		name:  name,
-		value: val,
-	}
-}
-
-func (k *Key) addShadow(val string) error {
-	if k.isShadow {
-		return errors.New("cannot add shadow to another shadow key")
-	} else if k.isAutoIncrement || k.isBooleanType {
-		return errors.New("cannot add shadow to auto-increment or boolean key")
-	}
-
-	shadow := newKey(k.s, k.name, val)
-	shadow.isShadow = true
-	k.shadows = append(k.shadows, shadow)
-	return nil
-}
-
-// AddShadow adds a new shadow key to itself.
-func (k *Key) AddShadow(val string) error {
-	if !k.s.f.options.AllowShadows {
-		return errors.New("shadow key is not allowed")
-	}
-	return k.addShadow(val)
-}
-
-// ValueMapper represents a mapping function for values, e.g. os.ExpandEnv
-type ValueMapper func(string) string
-
-// Name returns name of key.
-func (k *Key) Name() string {
-	return k.name
-}
-
-// Value returns raw value of key for performance purpose.
-func (k *Key) Value() string {
-	return k.value
-}
-
-// ValueWithShadows returns raw values of key and its shadows if any.
-func (k *Key) ValueWithShadows() []string {
-	if len(k.shadows) == 0 {
-		return []string{k.value}
-	}
-	vals := make([]string, len(k.shadows)+1)
-	vals[0] = k.value
-	for i := range k.shadows {
-		vals[i+1] = k.shadows[i].value
-	}
-	return vals
-}
-
-// transformValue takes a raw value and transforms to its final string.
-func (k *Key) transformValue(val string) string {
-	if k.s.f.ValueMapper != nil {
-		val = k.s.f.ValueMapper(val)
-	}
-
-	// Fail-fast if no indicate char found for recursive value
-	if !strings.Contains(val, "%") {
-		return val
-	}
-	for i := 0; i < _DEPTH_VALUES; i++ {
-		vr := varPattern.FindString(val)
-		if len(vr) == 0 {
-			break
-		}
-
-		// Take off leading '%(' and trailing ')s'.
-		noption := strings.TrimLeft(vr, "%(")
-		noption = strings.TrimRight(noption, ")s")
-
-		// Search in the same section.
-		nk, err := k.s.GetKey(noption)
-		if err != nil {
-			// Search again in default section.
-			nk, _ = k.s.f.Section("").GetKey(noption)
-		}
-
-		// Substitute by new value and take off leading '%(' and trailing ')s'.
-		val = strings.Replace(val, vr, nk.value, -1)
-	}
-	return val
-}
-
-// String returns string representation of value.
-func (k *Key) String() string {
-	return k.transformValue(k.value)
-}
-
-// Validate accepts a validate function which can
-// return modifed result as key value.
-func (k *Key) Validate(fn func(string) string) string {
-	return fn(k.String())
-}
-
-// parseBool returns the boolean value represented by the string.
-//
-// It accepts 1, t, T, TRUE, true, True, YES, yes, Yes, y, ON, on, On,
-// 0, f, F, FALSE, false, False, NO, no, No, n, OFF, off, Off.
-// Any other value returns an error.
-func parseBool(str string) (value bool, err error) {
-	switch str {
-	case "1", "t", "T", "true", "TRUE", "True", "YES", "yes", "Yes", "y", "ON", "on", "On":
-		return true, nil
-	case "0", "f", "F", "false", "FALSE", "False", "NO", "no", "No", "n", "OFF", "off", "Off":
-		return false, nil
-	}
-	return false, fmt.Errorf("parsing \"%s\": invalid syntax", str)
-}
-
-// Bool returns bool type value.
-func (k *Key) Bool() (bool, error) {
-	return parseBool(k.String())
-}
-
-// Float64 returns float64 type value.
-func (k *Key) Float64() (float64, error) {
-	return strconv.ParseFloat(k.String(), 64)
-}
-
-// Int returns int type value.
-func (k *Key) Int() (int, error) {
-	return strconv.Atoi(k.String())
-}
-
-// Int64 returns int64 type value.
-func (k *Key) Int64() (int64, error) {
-	return strconv.ParseInt(k.String(), 10, 64)
-}
-
-// Uint returns uint type valued.
-func (k *Key) Uint() (uint, error) {
-	u, e := strconv.ParseUint(k.String(), 10, 64)
-	return uint(u), e
-}
-
-// Uint64 returns uint64 type value.
-func (k *Key) Uint64() (uint64, error) {
-	return strconv.ParseUint(k.String(), 10, 64)
-}
-
-// Duration returns time.Duration type value.
-func (k *Key) Duration() (time.Duration, error) {
-	return time.ParseDuration(k.String())
-}
-
-// TimeFormat parses with given format and returns time.Time type value.
-func (k *Key) TimeFormat(format string) (time.Time, error) {
-	return time.Parse(format, k.String())
-}
-
-// Time parses with RFC3339 format and returns time.Time type value.
-func (k *Key) Time() (time.Time, error) {
-	return k.TimeFormat(time.RFC3339)
-}
-
-// MustString returns default value if key value is empty.
-func (k *Key) MustString(defaultVal string) string {
-	val := k.String()
-	if len(val) == 0 {
-		k.value = defaultVal
-		return defaultVal
-	}
-	return val
-}
-
-// MustBool always returns value without error,
-// it returns false if error occurs.
-func (k *Key) MustBool(defaultVal ...bool) bool {
-	val, err := k.Bool()
-	if len(defaultVal) > 0 && err != nil {
-		k.value = strconv.FormatBool(defaultVal[0])
-		return defaultVal[0]
-	}
-	return val
-}
-
-// MustFloat64 always returns value without error,
-// it returns 0.0 if error occurs.
-func (k *Key) MustFloat64(defaultVal ...float64) float64 {
-	val, err := k.Float64()
-	if len(defaultVal) > 0 && err != nil {
-		k.value = strconv.FormatFloat(defaultVal[0], 'f', -1, 64)
-		return defaultVal[0]
-	}
-	return val
-}
-
-// MustInt always returns value without error,
-// it returns 0 if error occurs.
-func (k *Key) MustInt(defaultVal ...int) int {
-	val, err := k.Int()
-	if len(defaultVal) > 0 && err != nil {
-		k.value = strconv.FormatInt(int64(defaultVal[0]), 10)
-		return defaultVal[0]
-	}
-	return val
-}
-
-// MustInt64 always returns value without error,
-// it returns 0 if error occurs.
-func (k *Key) MustInt64(defaultVal ...int64) int64 {
-	val, err := k.Int64()
-	if len(defaultVal) > 0 && err != nil {
-		k.value = strconv.FormatInt(defaultVal[0], 10)
-		return defaultVal[0]
-	}
-	return val
-}
-
-// MustUint always returns value without error,
-// it returns 0 if error occurs.
-func (k *Key) MustUint(defaultVal ...uint) uint {
-	val, err := k.Uint()
-	if len(defaultVal) > 0 && err != nil {
-		k.value = strconv.FormatUint(uint64(defaultVal[0]), 10)
-		return defaultVal[0]
-	}
-	return val
-}
-
-// MustUint64 always returns value without error,
-// it returns 0 if error occurs.
-func (k *Key) MustUint64(defaultVal ...uint64) uint64 {
-	val, err := k.Uint64()
-	if len(defaultVal) > 0 && err != nil {
-		k.value = strconv.FormatUint(defaultVal[0], 10)
-		return defaultVal[0]
-	}
-	return val
-}
-
-// MustDuration always returns value without error,
-// it returns zero value if error occurs.
-func (k *Key) MustDuration(defaultVal ...time.Duration) time.Duration {
-	val, err := k.Duration()
-	if len(defaultVal) > 0 && err != nil {
-		k.value = defaultVal[0].String()
-		return defaultVal[0]
-	}
-	return val
-}
-
-// MustTimeFormat always parses with given format and returns value without error,
-// it returns zero value if error occurs.
-func (k *Key) MustTimeFormat(format string, defaultVal ...time.Time) time.Time {
-	val, err := k.TimeFormat(format)
-	if len(defaultVal) > 0 && err != nil {
-		k.value = defaultVal[0].Format(format)
-		return defaultVal[0]
-	}
-	return val
-}
-
-// MustTime always parses with RFC3339 format and returns value without error,
-// it returns zero value if error occurs.
-func (k *Key) MustTime(defaultVal ...time.Time) time.Time {
-	return k.MustTimeFormat(time.RFC3339, defaultVal...)
-}
-
-// In always returns value without error,
-// it returns default value if error occurs or doesn't fit into candidates.
-func (k *Key) In(defaultVal string, candidates []string) string {
-	val := k.String()
-	for _, cand := range candidates {
-		if val == cand {
-			return val
-		}
-	}
-	return defaultVal
-}
-
-// InFloat64 always returns value without error,
-// it returns default value if error occurs or doesn't fit into candidates.
-func (k *Key) InFloat64(defaultVal float64, candidates []float64) float64 {
-	val := k.MustFloat64()
-	for _, cand := range candidates {
-		if val == cand {
-			return val
-		}
-	}
-	return defaultVal
-}
-
-// InInt always returns value without error,
-// it returns default value if error occurs or doesn't fit into candidates.
-func (k *Key) InInt(defaultVal int, candidates []int) int {
-	val := k.MustInt()
-	for _, cand := range candidates {
-		if val == cand {
-			return val
-		}
-	}
-	return defaultVal
-}
-
-// InInt64 always returns value without error,
-// it returns default value if error occurs or doesn't fit into candidates.
-func (k *Key) InInt64(defaultVal int64, candidates []int64) int64 {
-	val := k.MustInt64()
-	for _, cand := range candidates {
-		if val == cand {
-			return val
-		}
-	}
-	return defaultVal
-}
-
-// InUint always returns value without error,
-// it returns default value if error occurs or doesn't fit into candidates.
-func (k *Key) InUint(defaultVal uint, candidates []uint) uint {
-	val := k.MustUint()
-	for _, cand := range candidates {
-		if val == cand {
-			return val
-		}
-	}
-	return defaultVal
-}
-
-// InUint64 always returns value without error,
-// it returns default value if error occurs or doesn't fit into candidates.
-func (k *Key) InUint64(defaultVal uint64, candidates []uint64) uint64 {
-	val := k.MustUint64()
-	for _, cand := range candidates {
-		if val == cand {
-			return val
-		}
-	}
-	return defaultVal
-}
-
-// InTimeFormat always parses with given format and returns value without error,
-// it returns default value if error occurs or doesn't fit into candidates.
-func (k *Key) InTimeFormat(format string, defaultVal time.Time, candidates []time.Time) time.Time {
-	val := k.MustTimeFormat(format)
-	for _, cand := range candidates {
-		if val == cand {
-			return val
-		}
-	}
-	return defaultVal
-}
-
-// InTime always parses with RFC3339 format and returns value without error,
-// it returns default value if error occurs or doesn't fit into candidates.
-func (k *Key) InTime(defaultVal time.Time, candidates []time.Time) time.Time {
-	return k.InTimeFormat(time.RFC3339, defaultVal, candidates)
-}
-
-// RangeFloat64 checks if value is in given range inclusively,
-// and returns default value if it's not.
-func (k *Key) RangeFloat64(defaultVal, min, max float64) float64 {
-	val := k.MustFloat64()
-	if val < min || val > max {
-		return defaultVal
-	}
-	return val
-}
-
-// RangeInt checks if value is in given range inclusively,
-// and returns default value if it's not.
-func (k *Key) RangeInt(defaultVal, min, max int) int {
-	val := k.MustInt()
-	if val < min || val > max {
-		return defaultVal
-	}
-	return val
-}
-
-// RangeInt64 checks if value is in given range inclusively,
-// and returns default value if it's not.
-func (k *Key) RangeInt64(defaultVal, min, max int64) int64 {
-	val := k.MustInt64()
-	if val < min || val > max {
-		return defaultVal
-	}
-	return val
-}
-
-// RangeTimeFormat checks if value with given format is in given range inclusively,
-// and returns default value if it's not.
-func (k *Key) RangeTimeFormat(format string, defaultVal, min, max time.Time) time.Time {
-	val := k.MustTimeFormat(format)
-	if val.Unix() < min.Unix() || val.Unix() > max.Unix() {
-		return defaultVal
-	}
-	return val
-}
-
-// RangeTime checks if value with RFC3339 format is in given range inclusively,
-// and returns default value if it's not.
-func (k *Key) RangeTime(defaultVal, min, max time.Time) time.Time {
-	return k.RangeTimeFormat(time.RFC3339, defaultVal, min, max)
-}
-
-// Strings returns list of string divided by given delimiter.
-func (k *Key) Strings(delim string) []string {
-	str := k.String()
-	if len(str) == 0 {
-		return []string{}
-	}
-
-	vals := strings.Split(str, delim)
-	for i := range vals {
-		// vals[i] = k.transformValue(strings.TrimSpace(vals[i]))
-		vals[i] = strings.TrimSpace(vals[i])
-	}
-	return vals
-}
-
-// StringsWithShadows returns list of string divided by given delimiter.
-// Shadows will also be appended if any.
-func (k *Key) StringsWithShadows(delim string) []string {
-	vals := k.ValueWithShadows()
-	results := make([]string, 0, len(vals)*2)
-	for i := range vals {
-		if len(vals) == 0 {
-			continue
-		}
-
-		results = append(results, strings.Split(vals[i], delim)...)
-	}
-
-	for i := range results {
-		results[i] = k.transformValue(strings.TrimSpace(results[i]))
-	}
-	return results
-}
-
-// Float64s returns list of float64 divided by given delimiter. Any invalid input will be treated as zero value.
-func (k *Key) Float64s(delim string) []float64 {
-	vals, _ := k.getFloat64s(delim, true, false)
-	return vals
-}
-
-// Ints returns list of int divided by given delimiter. Any invalid input will be treated as zero value.
-func (k *Key) Ints(delim string) []int {
-	vals, _ := k.parseInts(k.Strings(delim), true, false)
-	return vals
-}
-
-// Int64s returns list of int64 divided by given delimiter. Any invalid input will be treated as zero value.
-func (k *Key) Int64s(delim string) []int64 {
-	vals, _ := k.parseInt64s(k.Strings(delim), true, false)
-	return vals
-}
-
-// Uints returns list of uint divided by given delimiter. Any invalid input will be treated as zero value.
-func (k *Key) Uints(delim string) []uint {
-	vals, _ := k.getUints(delim, true, false)
-	return vals
-}
-
-// Uint64s returns list of uint64 divided by given delimiter. Any invalid input will be treated as zero value.
-func (k *Key) Uint64s(delim string) []uint64 {
-	vals, _ := k.getUint64s(delim, true, false)
-	return vals
-}
-
-// TimesFormat parses with given format and returns list of time.Time divided by given delimiter.
-// Any invalid input will be treated as zero value (0001-01-01 00:00:00 +0000 UTC).
-func (k *Key) TimesFormat(format, delim string) []time.Time {
-	vals, _ := k.getTimesFormat(format, delim, true, false)
-	return vals
-}
-
-// Times parses with RFC3339 format and returns list of time.Time divided by given delimiter.
-// Any invalid input will be treated as zero value (0001-01-01 00:00:00 +0000 UTC).
-func (k *Key) Times(delim string) []time.Time {
-	return k.TimesFormat(time.RFC3339, delim)
-}
-
-// ValidFloat64s returns list of float64 divided by given delimiter. If some value is not float, then
-// it will not be included to result list.
-func (k *Key) ValidFloat64s(delim string) []float64 {
-	vals, _ := k.getFloat64s(delim, false, false)
-	return vals
-}
-
-// ValidInts returns list of int divided by given delimiter. If some value is not integer, then it will
-// not be included to result list.
-func (k *Key) ValidInts(delim string) []int {
-	vals, _ := k.parseInts(k.Strings(delim), false, false)
-	return vals
-}
-
-// ValidInt64s returns list of int64 divided by given delimiter. If some value is not 64-bit integer,
-// then it will not be included to result list.
-func (k *Key) ValidInt64s(delim string) []int64 {
-	vals, _ := k.parseInt64s(k.Strings(delim), false, false)
-	return vals
-}
-
-// ValidUints returns list of uint divided by given delimiter. If some value is not unsigned integer,
-// then it will not be included to result list.
-func (k *Key) ValidUints(delim string) []uint {
-	vals, _ := k.getUints(delim, false, false)
-	return vals
-}
-
-// ValidUint64s returns list of uint64 divided by given delimiter. If some value is not 64-bit unsigned
-// integer, then it will not be included to result list.
-func (k *Key) ValidUint64s(delim string) []uint64 {
-	vals, _ := k.getUint64s(delim, false, false)
-	return vals
-}
-
-// ValidTimesFormat parses with given format and returns list of time.Time divided by given delimiter.
-func (k *Key) ValidTimesFormat(format, delim string) []time.Time {
-	vals, _ := k.getTimesFormat(format, delim, false, false)
-	return vals
-}
-
-// ValidTimes parses with RFC3339 format and returns list of time.Time divided by given delimiter.
-func (k *Key) ValidTimes(delim string) []time.Time {
-	return k.ValidTimesFormat(time.RFC3339, delim)
-}
-
-// StrictFloat64s returns list of float64 divided by given delimiter or error on first invalid input.
-func (k *Key) StrictFloat64s(delim string) ([]float64, error) {
-	return k.getFloat64s(delim, false, true)
-}
-
-// StrictInts returns list of int divided by given delimiter or error on first invalid input.
-func (k *Key) StrictInts(delim string) ([]int, error) {
-	return k.parseInts(k.Strings(delim), false, true)
-}
-
-// StrictInt64s returns list of int64 divided by given delimiter or error on first invalid input.
-func (k *Key) StrictInt64s(delim string) ([]int64, error) {
-	return k.parseInt64s(k.Strings(delim), false, true)
-}
-
-// StrictUints returns list of uint divided by given delimiter or error on first invalid input.
-func (k *Key) StrictUints(delim string) ([]uint, error) {
-	return k.getUints(delim, false, true)
-}
-
-// StrictUint64s returns list of uint64 divided by given delimiter or error on first invalid input.
-func (k *Key) StrictUint64s(delim string) ([]uint64, error) {
-	return k.getUint64s(delim, false, true)
-}
-
-// StrictTimesFormat parses with given format and returns list of time.Time divided by given delimiter
-// or error on first invalid input.
-func (k *Key) StrictTimesFormat(format, delim string) ([]time.Time, error) {
-	return k.getTimesFormat(format, delim, false, true)
-}
-
-// StrictTimes parses with RFC3339 format and returns list of time.Time divided by given delimiter
-// or error on first invalid input.
-func (k *Key) StrictTimes(delim string) ([]time.Time, error) {
-	return k.StrictTimesFormat(time.RFC3339, delim)
-}
-
-// getFloat64s returns list of float64 divided by given delimiter.
-func (k *Key) getFloat64s(delim string, addInvalid, returnOnInvalid bool) ([]float64, error) {
-	strs := k.Strings(delim)
-	vals := make([]float64, 0, len(strs))
-	for _, str := range strs {
-		val, err := strconv.ParseFloat(str, 64)
-		if err != nil && returnOnInvalid {
-			return nil, err
-		}
-		if err == nil || addInvalid {
-			vals = append(vals, val)
-		}
-	}
-	return vals, nil
-}
-
-// parseInts transforms strings to ints.
-func (k *Key) parseInts(strs []string, addInvalid, returnOnInvalid bool) ([]int, error) {
-	vals := make([]int, 0, len(strs))
-	for _, str := range strs {
-		val, err := strconv.Atoi(str)
-		if err != nil && returnOnInvalid {
-			return nil, err
-		}
-		if err == nil || addInvalid {
-			vals = append(vals, val)
-		}
-	}
-	return vals, nil
-}
-
-// parseInt64s transforms strings to int64s.
-func (k *Key) parseInt64s(strs []string, addInvalid, returnOnInvalid bool) ([]int64, error) {
-	vals := make([]int64, 0, len(strs))
-	for _, str := range strs {
-		val, err := strconv.ParseInt(str, 10, 64)
-		if err != nil && returnOnInvalid {
-			return nil, err
-		}
-		if err == nil || addInvalid {
-			vals = append(vals, val)
-		}
-	}
-	return vals, nil
-}
-
-// getUints returns list of uint divided by given delimiter.
-func (k *Key) getUints(delim string, addInvalid, returnOnInvalid bool) ([]uint, error) {
-	strs := k.Strings(delim)
-	vals := make([]uint, 0, len(strs))
-	for _, str := range strs {
-		val, err := strconv.ParseUint(str, 10, 0)
-		if err != nil && returnOnInvalid {
-			return nil, err
-		}
-		if err == nil || addInvalid {
-			vals = append(vals, uint(val))
-		}
-	}
-	return vals, nil
-}
-
-// getUint64s returns list of uint64 divided by given delimiter.
-func (k *Key) getUint64s(delim string, addInvalid, returnOnInvalid bool) ([]uint64, error) {
-	strs := k.Strings(delim)
-	vals := make([]uint64, 0, len(strs))
-	for _, str := range strs {
-		val, err := strconv.ParseUint(str, 10, 64)
-		if err != nil && returnOnInvalid {
-			return nil, err
-		}
-		if err == nil || addInvalid {
-			vals = append(vals, val)
-		}
-	}
-	return vals, nil
-}
-
-// getTimesFormat parses with given format and returns list of time.Time divided by given delimiter.
-func (k *Key) getTimesFormat(format, delim string, addInvalid, returnOnInvalid bool) ([]time.Time, error) {
-	strs := k.Strings(delim)
-	vals := make([]time.Time, 0, len(strs))
-	for _, str := range strs {
-		val, err := time.Parse(format, str)
-		if err != nil && returnOnInvalid {
-			return nil, err
-		}
-		if err == nil || addInvalid {
-			vals = append(vals, val)
-		}
-	}
-	return vals, nil
-}
-
-// SetValue changes key value.
-func (k *Key) SetValue(v string) {
-	if k.s.f.BlockMode {
-		k.s.f.lock.Lock()
-		defer k.s.f.lock.Unlock()
-	}
-
-	k.value = v
-	k.s.keysHash[k.name] = v
-}
diff --git a/vendor/github.com/go-ini/ini/parser.go b/vendor/github.com/go-ini/ini/parser.go
deleted file mode 100644
index 673ef80ca2674..0000000000000
--- a/vendor/github.com/go-ini/ini/parser.go
+++ /dev/null
@@ -1,358 +0,0 @@
-// Copyright 2015 Unknwon
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package ini
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-	"unicode"
-)
-
-type tokenType int
-
-const (
-	_TOKEN_INVALID tokenType = iota
-	_TOKEN_COMMENT
-	_TOKEN_SECTION
-	_TOKEN_KEY
-)
-
-type parser struct {
-	buf     *bufio.Reader
-	isEOF   bool
-	count   int
-	comment *bytes.Buffer
-}
-
-func newParser(r io.Reader) *parser {
-	return &parser{
-		buf:     bufio.NewReader(r),
-		count:   1,
-		comment: &bytes.Buffer{},
-	}
-}
-
-// BOM handles header of UTF-8, UTF-16 LE and UTF-16 BE's BOM format.
-// http://en.wikipedia.org/wiki/Byte_order_mark#Representations_of_byte_order_marks_by_encoding
-func (p *parser) BOM() error {
-	mask, err := p.buf.Peek(2)
-	if err != nil && err != io.EOF {
-		return err
-	} else if len(mask) < 2 {
-		return nil
-	}
-
-	switch {
-	case mask[0] == 254 && mask[1] == 255:
-		fallthrough
-	case mask[0] == 255 && mask[1] == 254:
-		p.buf.Read(mask)
-	case mask[0] == 239 && mask[1] == 187:
-		mask, err := p.buf.Peek(3)
-		if err != nil && err != io.EOF {
-			return err
-		} else if len(mask) < 3 {
-			return nil
-		}
-		if mask[2] == 191 {
-			p.buf.Read(mask)
-		}
-	}
-	return nil
-}
-
-func (p *parser) readUntil(delim byte) ([]byte, error) {
-	data, err := p.buf.ReadBytes(delim)
-	if err != nil {
-		if err == io.EOF {
-			p.isEOF = true
-		} else {
-			return nil, err
-		}
-	}
-	return data, nil
-}
-
-func cleanComment(in []byte) ([]byte, bool) {
-	i := bytes.IndexAny(in, "#;")
-	if i == -1 {
-		return nil, false
-	}
-	return in[i:], true
-}
-
-func readKeyName(in []byte) (string, int, error) {
-	line := string(in)
-
-	// Check if key name surrounded by quotes.
-	var keyQuote string
-	if line[0] == '"' {
-		if len(line) > 6 && string(line[0:3]) == `"""` {
-			keyQuote = `"""`
-		} else {
-			keyQuote = `"`
-		}
-	} else if line[0] == '`' {
-		keyQuote = "`"
-	}
-
-	// Get out key name
-	endIdx := -1
-	if len(keyQuote) > 0 {
-		startIdx := len(keyQuote)
-		// FIXME: fail case -> """"""name"""=value
-		pos := strings.Index(line[startIdx:], keyQuote)
-		if pos == -1 {
-			return "", -1, fmt.Errorf("missing closing key quote: %s", line)
-		}
-		pos += startIdx
-
-		// Find key-value delimiter
-		i := strings.IndexAny(line[pos+startIdx:], "=:")
-		if i < 0 {
-			return "", -1, ErrDelimiterNotFound{line}
-		}
-		endIdx = pos + i
-		return strings.TrimSpace(line[startIdx:pos]), endIdx + startIdx + 1, nil
-	}
-
-	endIdx = strings.IndexAny(line, "=:")
-	if endIdx < 0 {
-		return "", -1, ErrDelimiterNotFound{line}
-	}
-	return strings.TrimSpace(line[0:endIdx]), endIdx + 1, nil
-}
-
-func (p *parser) readMultilines(line, val, valQuote string) (string, error) {
-	for {
-		data, err := p.readUntil('\n')
-		if err != nil {
-			return "", err
-		}
-		next := string(data)
-
-		pos := strings.LastIndex(next, valQuote)
-		if pos > -1 {
-			val += next[:pos]
-
-			comment, has := cleanComment([]byte(next[pos:]))
-			if has {
-				p.comment.Write(bytes.TrimSpace(comment))
-			}
-			break
-		}
-		val += next
-		if p.isEOF {
-			return "", fmt.Errorf("missing closing key quote from '%s' to '%s'", line, next)
-		}
-	}
-	return val, nil
-}
-
-func (p *parser) readContinuationLines(val string) (string, error) {
-	for {
-		data, err := p.readUntil('\n')
-		if err != nil {
-			return "", err
-		}
-		next := strings.TrimSpace(string(data))
-
-		if len(next) == 0 {
-			break
-		}
-		val += next
-		if val[len(val)-1] != '\\' {
-			break
-		}
-		val = val[:len(val)-1]
-	}
-	return val, nil
-}
-
-// hasSurroundedQuote check if and only if the first and last characters
-// are quotes \" or \'.
-// It returns false if any other parts also contain same kind of quotes.
-func hasSurroundedQuote(in string, quote byte) bool {
-	return len(in) > 2 && in[0] == quote && in[len(in)-1] == quote &&
-		strings.IndexByte(in[1:], quote) == len(in)-2
-}
-
-func (p *parser) readValue(in []byte, ignoreContinuation bool) (string, error) {
-	line := strings.TrimLeftFunc(string(in), unicode.IsSpace)
-	if len(line) == 0 {
-		return "", nil
-	}
-
-	var valQuote string
-	if len(line) > 3 && string(line[0:3]) == `"""` {
-		valQuote = `"""`
-	} else if line[0] == '`' {
-		valQuote = "`"
-	}
-
-	if len(valQuote) > 0 {
-		startIdx := len(valQuote)
-		pos := strings.LastIndex(line[startIdx:], valQuote)
-		// Check for multi-line value
-		if pos == -1 {
-			return p.readMultilines(line, line[startIdx:], valQuote)
-		}
-
-		return line[startIdx : pos+startIdx], nil
-	}
-
-	// Won't be able to reach here if value only contains whitespace.
-	line = strings.TrimSpace(line)
-
-	// Check continuation lines when desired.
-	if !ignoreContinuation && line[len(line)-1] == '\\' {
-		return p.readContinuationLines(line[:len(line)-1])
-	}
-
-	i := strings.IndexAny(line, "#;")
-	if i > -1 {
-		p.comment.WriteString(line[i:])
-		line = strings.TrimSpace(line[:i])
-	}
-
-	// Trim single quotes
-	if hasSurroundedQuote(line, '\'') ||
-		hasSurroundedQuote(line, '"') {
-		line = line[1 : len(line)-1]
-	}
-	return line, nil
-}
-
-// parse parses data through an io.Reader.
-func (f *File) parse(reader io.Reader) (err error) {
-	p := newParser(reader)
-	if err = p.BOM(); err != nil {
-		return fmt.Errorf("BOM: %v", err)
-	}
-
-	// Ignore error because default section name is never empty string.
-	section, _ := f.NewSection(DEFAULT_SECTION)
-
-	var line []byte
-	var inUnparseableSection bool
-	for !p.isEOF {
-		line, err = p.readUntil('\n')
-		if err != nil {
-			return err
-		}
-
-		line = bytes.TrimLeftFunc(line, unicode.IsSpace)
-		if len(line) == 0 {
-			continue
-		}
-
-		// Comments
-		if line[0] == '#' || line[0] == ';' {
-			// Note: we do not care ending line break,
-			// it is needed for adding second line,
-			// so just clean it once at the end when set to value.
-			p.comment.Write(line)
-			continue
-		}
-
-		// Section
-		if line[0] == '[' {
-			// Read to the next ']' (TODO: support quoted strings)
-			// TODO(unknwon): use LastIndexByte when stop supporting Go1.4
-			closeIdx := bytes.LastIndex(line, []byte("]"))
-			if closeIdx == -1 {
-				return fmt.Errorf("unclosed section: %s", line)
-			}
-
-			name := string(line[1:closeIdx])
-			section, err = f.NewSection(name)
-			if err != nil {
-				return err
-			}
-
-			comment, has := cleanComment(line[closeIdx+1:])
-			if has {
-				p.comment.Write(comment)
-			}
-
-			section.Comment = strings.TrimSpace(p.comment.String())
-
-			// Reset aotu-counter and comments
-			p.comment.Reset()
-			p.count = 1
-
-			inUnparseableSection = false
-			for i := range f.options.UnparseableSections {
-				if f.options.UnparseableSections[i] == name ||
-					(f.options.Insensitive && strings.ToLower(f.options.UnparseableSections[i]) == strings.ToLower(name)) {
-					inUnparseableSection = true
-					continue
-				}
-			}
-			continue
-		}
-
-		if inUnparseableSection {
-			section.isRawSection = true
-			section.rawBody += string(line)
-			continue
-		}
-
-		kname, offset, err := readKeyName(line)
-		if err != nil {
-			// Treat as boolean key when desired, and whole line is key name.
-			if IsErrDelimiterNotFound(err) && f.options.AllowBooleanKeys {
-				kname, err := p.readValue(line, f.options.IgnoreContinuation)
-				if err != nil {
-					return err
-				}
-				key, err := section.NewBooleanKey(kname)
-				if err != nil {
-					return err
-				}
-				key.Comment = strings.TrimSpace(p.comment.String())
-				p.comment.Reset()
-				continue
-			}
-			return err
-		}
-
-		// Auto increment.
-		isAutoIncr := false
-		if kname == "-" {
-			isAutoIncr = true
-			kname = "#" + strconv.Itoa(p.count)
-			p.count++
-		}
-
-		value, err := p.readValue(line[offset:], f.options.IgnoreContinuation)
-		if err != nil {
-			return err
-		}
-
-		key, err := section.NewKey(kname, value)
-		if err != nil {
-			return err
-		}
-		key.isAutoIncrement = isAutoIncr
-		key.Comment = strings.TrimSpace(p.comment.String())
-		p.comment.Reset()
-	}
-	return nil
-}
diff --git a/vendor/github.com/go-ini/ini/section.go b/vendor/github.com/go-ini/ini/section.go
deleted file mode 100644
index c9fa27e9ca7c6..0000000000000
--- a/vendor/github.com/go-ini/ini/section.go
+++ /dev/null
@@ -1,234 +0,0 @@
-// Copyright 2014 Unknwon
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package ini
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-)
-
-// Section represents a config section.
-type Section struct {
-	f        *File
-	Comment  string
-	name     string
-	keys     map[string]*Key
-	keyList  []string
-	keysHash map[string]string
-
-	isRawSection bool
-	rawBody      string
-}
-
-func newSection(f *File, name string) *Section {
-	return &Section{
-		f:        f,
-		name:     name,
-		keys:     make(map[string]*Key),
-		keyList:  make([]string, 0, 10),
-		keysHash: make(map[string]string),
-	}
-}
-
-// Name returns name of Section.
-func (s *Section) Name() string {
-	return s.name
-}
-
-// Body returns rawBody of Section if the section was marked as unparseable.
-// It still follows the other rules of the INI format surrounding leading/trailing whitespace.
-func (s *Section) Body() string {
-	return strings.TrimSpace(s.rawBody)
-}
-
-// NewKey creates a new key to given section.
-func (s *Section) NewKey(name, val string) (*Key, error) {
-	if len(name) == 0 {
-		return nil, errors.New("error creating new key: empty key name")
-	} else if s.f.options.Insensitive {
-		name = strings.ToLower(name)
-	}
-
-	if s.f.BlockMode {
-		s.f.lock.Lock()
-		defer s.f.lock.Unlock()
-	}
-
-	if inSlice(name, s.keyList) {
-		if s.f.options.AllowShadows {
-			if err := s.keys[name].addShadow(val); err != nil {
-				return nil, err
-			}
-		} else {
-			s.keys[name].value = val
-		}
-		return s.keys[name], nil
-	}
-
-	s.keyList = append(s.keyList, name)
-	s.keys[name] = newKey(s, name, val)
-	s.keysHash[name] = val
-	return s.keys[name], nil
-}
-
-// NewBooleanKey creates a new boolean type key to given section.
-func (s *Section) NewBooleanKey(name string) (*Key, error) {
-	key, err := s.NewKey(name, "true")
-	if err != nil {
-		return nil, err
-	}
-
-	key.isBooleanType = true
-	return key, nil
-}
-
-// GetKey returns key in section by given name.
-func (s *Section) GetKey(name string) (*Key, error) {
-	// FIXME: change to section level lock?
-	if s.f.BlockMode {
-		s.f.lock.RLock()
-	}
-	if s.f.options.Insensitive {
-		name = strings.ToLower(name)
-	}
-	key := s.keys[name]
-	if s.f.BlockMode {
-		s.f.lock.RUnlock()
-	}
-
-	if key == nil {
-		// Check if it is a child-section.
-		sname := s.name
-		for {
-			if i := strings.LastIndex(sname, "."); i > -1 {
-				sname = sname[:i]
-				sec, err := s.f.GetSection(sname)
-				if err != nil {
-					continue
-				}
-				return sec.GetKey(name)
-			} else {
-				break
-			}
-		}
-		return nil, fmt.Errorf("error when getting key of section '%s': key '%s' not exists", s.name, name)
-	}
-	return key, nil
-}
-
-// HasKey returns true if section contains a key with given name.
-func (s *Section) HasKey(name string) bool {
-	key, _ := s.GetKey(name)
-	return key != nil
-}
-
-// Haskey is a backwards-compatible name for HasKey.
-func (s *Section) Haskey(name string) bool {
-	return s.HasKey(name)
-}
-
-// HasValue returns true if section contains given raw value.
-func (s *Section) HasValue(value string) bool {
-	if s.f.BlockMode {
-		s.f.lock.RLock()
-		defer s.f.lock.RUnlock()
-	}
-
-	for _, k := range s.keys {
-		if value == k.value {
-			return true
-		}
-	}
-	return false
-}
-
-// Key assumes named Key exists in section and returns a zero-value when not.
-func (s *Section) Key(name string) *Key {
-	key, err := s.GetKey(name)
-	if err != nil {
-		// It's OK here because the only possible error is empty key name,
-		// but if it's empty, this piece of code won't be executed.
-		key, _ = s.NewKey(name, "")
-		return key
-	}
-	return key
-}
-
-// Keys returns list of keys of section.
-func (s *Section) Keys() []*Key {
-	keys := make([]*Key, len(s.keyList))
-	for i := range s.keyList {
-		keys[i] = s.Key(s.keyList[i])
-	}
-	return keys
-}
-
-// ParentKeys returns list of keys of parent section.
-func (s *Section) ParentKeys() []*Key {
-	var parentKeys []*Key
-	sname := s.name
-	for {
-		if i := strings.LastIndex(sname, "."); i > -1 {
-			sname = sname[:i]
-			sec, err := s.f.GetSection(sname)
-			if err != nil {
-				continue
-			}
-			parentKeys = append(parentKeys, sec.Keys()...)
-		} else {
-			break
-		}
-
-	}
-	return parentKeys
-}
-
-// KeyStrings returns list of key names of section.
-func (s *Section) KeyStrings() []string {
-	list := make([]string, len(s.keyList))
-	copy(list, s.keyList)
-	return list
-}
-
-// KeysHash returns keys hash consisting of names and values.
-func (s *Section) KeysHash() map[string]string {
-	if s.f.BlockMode {
-		s.f.lock.RLock()
-		defer s.f.lock.RUnlock()
-	}
-
-	hash := map[string]string{}
-	for key, value := range s.keysHash {
-		hash[key] = value
-	}
-	return hash
-}
-
-// DeleteKey deletes a key from section.
-func (s *Section) DeleteKey(name string) {
-	if s.f.BlockMode {
-		s.f.lock.Lock()
-		defer s.f.lock.Unlock()
-	}
-
-	for i, k := range s.keyList {
-		if k == name {
-			s.keyList = append(s.keyList[:i], s.keyList[i+1:]...)
-			delete(s.keys, name)
-			return
-		}
-	}
-}
diff --git a/vendor/github.com/go-ini/ini/struct.go b/vendor/github.com/go-ini/ini/struct.go
deleted file mode 100644
index 509c682fa6df4..0000000000000
--- a/vendor/github.com/go-ini/ini/struct.go
+++ /dev/null
@@ -1,450 +0,0 @@
-// Copyright 2014 Unknwon
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package ini
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"reflect"
-	"strings"
-	"time"
-	"unicode"
-)
-
-// NameMapper represents a ini tag name mapper.
-type NameMapper func(string) string
-
-// Built-in name getters.
-var (
-	// AllCapsUnderscore converts to format ALL_CAPS_UNDERSCORE.
-	AllCapsUnderscore NameMapper = func(raw string) string {
-		newstr := make([]rune, 0, len(raw))
-		for i, chr := range raw {
-			if isUpper := 'A' <= chr && chr <= 'Z'; isUpper {
-				if i > 0 {
-					newstr = append(newstr, '_')
-				}
-			}
-			newstr = append(newstr, unicode.ToUpper(chr))
-		}
-		return string(newstr)
-	}
-	// TitleUnderscore converts to format title_underscore.
-	TitleUnderscore NameMapper = func(raw string) string {
-		newstr := make([]rune, 0, len(raw))
-		for i, chr := range raw {
-			if isUpper := 'A' <= chr && chr <= 'Z'; isUpper {
-				if i > 0 {
-					newstr = append(newstr, '_')
-				}
-				chr -= ('A' - 'a')
-			}
-			newstr = append(newstr, chr)
-		}
-		return string(newstr)
-	}
-)
-
-func (s *Section) parseFieldName(raw, actual string) string {
-	if len(actual) > 0 {
-		return actual
-	}
-	if s.f.NameMapper != nil {
-		return s.f.NameMapper(raw)
-	}
-	return raw
-}
-
-func parseDelim(actual string) string {
-	if len(actual) > 0 {
-		return actual
-	}
-	return ","
-}
-
-var reflectTime = reflect.TypeOf(time.Now()).Kind()
-
-// setSliceWithProperType sets proper values to slice based on its type.
-func setSliceWithProperType(key *Key, field reflect.Value, delim string, allowShadow bool) error {
-	var strs []string
-	if allowShadow {
-		strs = key.StringsWithShadows(delim)
-	} else {
-		strs = key.Strings(delim)
-	}
-
-	numVals := len(strs)
-	if numVals == 0 {
-		return nil
-	}
-
-	var vals interface{}
-
-	sliceOf := field.Type().Elem().Kind()
-	switch sliceOf {
-	case reflect.String:
-		vals = strs
-	case reflect.Int:
-		vals, _ = key.parseInts(strs, true, false)
-	case reflect.Int64:
-		vals, _ = key.parseInt64s(strs, true, false)
-	case reflect.Uint:
-		vals = key.Uints(delim)
-	case reflect.Uint64:
-		vals = key.Uint64s(delim)
-	case reflect.Float64:
-		vals = key.Float64s(delim)
-	case reflectTime:
-		vals = key.Times(delim)
-	default:
-		return fmt.Errorf("unsupported type '[]%s'", sliceOf)
-	}
-
-	slice := reflect.MakeSlice(field.Type(), numVals, numVals)
-	for i := 0; i < numVals; i++ {
-		switch sliceOf {
-		case reflect.String:
-			slice.Index(i).Set(reflect.ValueOf(vals.([]string)[i]))
-		case reflect.Int:
-			slice.Index(i).Set(reflect.ValueOf(vals.([]int)[i]))
-		case reflect.Int64:
-			slice.Index(i).Set(reflect.ValueOf(vals.([]int64)[i]))
-		case reflect.Uint:
-			slice.Index(i).Set(reflect.ValueOf(vals.([]uint)[i]))
-		case reflect.Uint64:
-			slice.Index(i).Set(reflect.ValueOf(vals.([]uint64)[i]))
-		case reflect.Float64:
-			slice.Index(i).Set(reflect.ValueOf(vals.([]float64)[i]))
-		case reflectTime:
-			slice.Index(i).Set(reflect.ValueOf(vals.([]time.Time)[i]))
-		}
-	}
-	field.Set(slice)
-	return nil
-}
-
-// setWithProperType sets proper value to field based on its type,
-// but it does not return error for failing parsing,
-// because we want to use default value that is already assigned to strcut.
-func setWithProperType(t reflect.Type, key *Key, field reflect.Value, delim string, allowShadow bool) error {
-	switch t.Kind() {
-	case reflect.String:
-		if len(key.String()) == 0 {
-			return nil
-		}
-		field.SetString(key.String())
-	case reflect.Bool:
-		boolVal, err := key.Bool()
-		if err != nil {
-			return nil
-		}
-		field.SetBool(boolVal)
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		durationVal, err := key.Duration()
-		// Skip zero value
-		if err == nil && int(durationVal) > 0 {
-			field.Set(reflect.ValueOf(durationVal))
-			return nil
-		}
-
-		intVal, err := key.Int64()
-		if err != nil || intVal == 0 {
-			return nil
-		}
-		field.SetInt(intVal)
-	//	byte is an alias for uint8, so supporting uint8 breaks support for byte
-	case reflect.Uint, reflect.Uint16, reflect.Uint32, reflect.Uint64:
-		durationVal, err := key.Duration()
-		// Skip zero value
-		if err == nil && int(durationVal) > 0 {
-			field.Set(reflect.ValueOf(durationVal))
-			return nil
-		}
-
-		uintVal, err := key.Uint64()
-		if err != nil {
-			return nil
-		}
-		field.SetUint(uintVal)
-
-	case reflect.Float32, reflect.Float64:
-		floatVal, err := key.Float64()
-		if err != nil {
-			return nil
-		}
-		field.SetFloat(floatVal)
-	case reflectTime:
-		timeVal, err := key.Time()
-		if err != nil {
-			return nil
-		}
-		field.Set(reflect.ValueOf(timeVal))
-	case reflect.Slice:
-		return setSliceWithProperType(key, field, delim, allowShadow)
-	default:
-		return fmt.Errorf("unsupported type '%s'", t)
-	}
-	return nil
-}
-
-func parseTagOptions(tag string) (rawName string, omitEmpty bool, allowShadow bool) {
-	opts := strings.SplitN(tag, ",", 3)
-	rawName = opts[0]
-	if len(opts) > 1 {
-		omitEmpty = opts[1] == "omitempty"
-	}
-	if len(opts) > 2 {
-		allowShadow = opts[2] == "allowshadow"
-	}
-	return rawName, omitEmpty, allowShadow
-}
-
-func (s *Section) mapTo(val reflect.Value) error {
-	if val.Kind() == reflect.Ptr {
-		val = val.Elem()
-	}
-	typ := val.Type()
-
-	for i := 0; i < typ.NumField(); i++ {
-		field := val.Field(i)
-		tpField := typ.Field(i)
-
-		tag := tpField.Tag.Get("ini")
-		if tag == "-" {
-			continue
-		}
-
-		rawName, _, allowShadow := parseTagOptions(tag)
-		fieldName := s.parseFieldName(tpField.Name, rawName)
-		if len(fieldName) == 0 || !field.CanSet() {
-			continue
-		}
-
-		isAnonymous := tpField.Type.Kind() == reflect.Ptr && tpField.Anonymous
-		isStruct := tpField.Type.Kind() == reflect.Struct
-		if isAnonymous {
-			field.Set(reflect.New(tpField.Type.Elem()))
-		}
-
-		if isAnonymous || isStruct {
-			if sec, err := s.f.GetSection(fieldName); err == nil {
-				if err = sec.mapTo(field); err != nil {
-					return fmt.Errorf("error mapping field(%s): %v", fieldName, err)
-				}
-				continue
-			}
-		}
-
-		if key, err := s.GetKey(fieldName); err == nil {
-			delim := parseDelim(tpField.Tag.Get("delim"))
-			if err = setWithProperType(tpField.Type, key, field, delim, allowShadow); err != nil {
-				return fmt.Errorf("error mapping field(%s): %v", fieldName, err)
-			}
-		}
-	}
-	return nil
-}
-
-// MapTo maps section to given struct.
-func (s *Section) MapTo(v interface{}) error {
-	typ := reflect.TypeOf(v)
-	val := reflect.ValueOf(v)
-	if typ.Kind() == reflect.Ptr {
-		typ = typ.Elem()
-		val = val.Elem()
-	} else {
-		return errors.New("cannot map to non-pointer struct")
-	}
-
-	return s.mapTo(val)
-}
-
-// MapTo maps file to given struct.
-func (f *File) MapTo(v interface{}) error {
-	return f.Section("").MapTo(v)
-}
-
-// MapTo maps data sources to given struct with name mapper.
-func MapToWithMapper(v interface{}, mapper NameMapper, source interface{}, others ...interface{}) error {
-	cfg, err := Load(source, others...)
-	if err != nil {
-		return err
-	}
-	cfg.NameMapper = mapper
-	return cfg.MapTo(v)
-}
-
-// MapTo maps data sources to given struct.
-func MapTo(v, source interface{}, others ...interface{}) error {
-	return MapToWithMapper(v, nil, source, others...)
-}
-
-// reflectSliceWithProperType does the opposite thing as setSliceWithProperType.
-func reflectSliceWithProperType(key *Key, field reflect.Value, delim string) error {
-	slice := field.Slice(0, field.Len())
-	if field.Len() == 0 {
-		return nil
-	}
-
-	var buf bytes.Buffer
-	sliceOf := field.Type().Elem().Kind()
-	for i := 0; i < field.Len(); i++ {
-		switch sliceOf {
-		case reflect.String:
-			buf.WriteString(slice.Index(i).String())
-		case reflect.Int, reflect.Int64:
-			buf.WriteString(fmt.Sprint(slice.Index(i).Int()))
-		case reflect.Uint, reflect.Uint64:
-			buf.WriteString(fmt.Sprint(slice.Index(i).Uint()))
-		case reflect.Float64:
-			buf.WriteString(fmt.Sprint(slice.Index(i).Float()))
-		case reflectTime:
-			buf.WriteString(slice.Index(i).Interface().(time.Time).Format(time.RFC3339))
-		default:
-			return fmt.Errorf("unsupported type '[]%s'", sliceOf)
-		}
-		buf.WriteString(delim)
-	}
-	key.SetValue(buf.String()[:buf.Len()-1])
-	return nil
-}
-
-// reflectWithProperType does the opposite thing as setWithProperType.
-func reflectWithProperType(t reflect.Type, key *Key, field reflect.Value, delim string) error {
-	switch t.Kind() {
-	case reflect.String:
-		key.SetValue(field.String())
-	case reflect.Bool:
-		key.SetValue(fmt.Sprint(field.Bool()))
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		key.SetValue(fmt.Sprint(field.Int()))
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
-		key.SetValue(fmt.Sprint(field.Uint()))
-	case reflect.Float32, reflect.Float64:
-		key.SetValue(fmt.Sprint(field.Float()))
-	case reflectTime:
-		key.SetValue(fmt.Sprint(field.Interface().(time.Time).Format(time.RFC3339)))
-	case reflect.Slice:
-		return reflectSliceWithProperType(key, field, delim)
-	default:
-		return fmt.Errorf("unsupported type '%s'", t)
-	}
-	return nil
-}
-
-// CR: copied from encoding/json/encode.go with modifications of time.Time support.
-// TODO: add more test coverage.
-func isEmptyValue(v reflect.Value) bool {
-	switch v.Kind() {
-	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
-		return v.Len() == 0
-	case reflect.Bool:
-		return !v.Bool()
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		return v.Int() == 0
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		return v.Uint() == 0
-	case reflect.Float32, reflect.Float64:
-		return v.Float() == 0
-	case reflectTime:
-		return v.Interface().(time.Time).IsZero()
-	case reflect.Interface, reflect.Ptr:
-		return v.IsNil()
-	}
-	return false
-}
-
-func (s *Section) reflectFrom(val reflect.Value) error {
-	if val.Kind() == reflect.Ptr {
-		val = val.Elem()
-	}
-	typ := val.Type()
-
-	for i := 0; i < typ.NumField(); i++ {
-		field := val.Field(i)
-		tpField := typ.Field(i)
-
-		tag := tpField.Tag.Get("ini")
-		if tag == "-" {
-			continue
-		}
-
-		opts := strings.SplitN(tag, ",", 2)
-		if len(opts) == 2 && opts[1] == "omitempty" && isEmptyValue(field) {
-			continue
-		}
-
-		fieldName := s.parseFieldName(tpField.Name, opts[0])
-		if len(fieldName) == 0 || !field.CanSet() {
-			continue
-		}
-
-		if (tpField.Type.Kind() == reflect.Ptr && tpField.Anonymous) ||
-			(tpField.Type.Kind() == reflect.Struct && tpField.Type.Name() != "Time") {
-			// Note: The only error here is section doesn't exist.
-			sec, err := s.f.GetSection(fieldName)
-			if err != nil {
-				// Note: fieldName can never be empty here, ignore error.
-				sec, _ = s.f.NewSection(fieldName)
-			}
-			if err = sec.reflectFrom(field); err != nil {
-				return fmt.Errorf("error reflecting field (%s): %v", fieldName, err)
-			}
-			continue
-		}
-
-		// Note: Same reason as secion.
-		key, err := s.GetKey(fieldName)
-		if err != nil {
-			key, _ = s.NewKey(fieldName, "")
-		}
-		if err = reflectWithProperType(tpField.Type, key, field, parseDelim(tpField.Tag.Get("delim"))); err != nil {
-			return fmt.Errorf("error reflecting field (%s): %v", fieldName, err)
-		}
-
-	}
-	return nil
-}
-
-// ReflectFrom reflects secion from given struct.
-func (s *Section) ReflectFrom(v interface{}) error {
-	typ := reflect.TypeOf(v)
-	val := reflect.ValueOf(v)
-	if typ.Kind() == reflect.Ptr {
-		typ = typ.Elem()
-		val = val.Elem()
-	} else {
-		return errors.New("cannot reflect from non-pointer struct")
-	}
-
-	return s.reflectFrom(val)
-}
-
-// ReflectFrom reflects file from given struct.
-func (f *File) ReflectFrom(v interface{}) error {
-	return f.Section("").ReflectFrom(v)
-}
-
-// ReflectFrom reflects data sources from given struct with name mapper.
-func ReflectFromWithMapper(cfg *File, v interface{}, mapper NameMapper) error {
-	cfg.NameMapper = mapper
-	return cfg.ReflectFrom(v)
-}
-
-// ReflectFrom reflects data sources from given struct.
-func ReflectFrom(cfg *File, v interface{}) error {
-	return ReflectFromWithMapper(cfg, v, nil)
-}
diff --git a/vendor/github.com/godbus/dbus/README.markdown b/vendor/github.com/godbus/dbus/README.markdown
deleted file mode 100644
index 0a6e7e5bfb096..0000000000000
--- a/vendor/github.com/godbus/dbus/README.markdown
+++ /dev/null
@@ -1,41 +0,0 @@
-dbus
-----
-
-dbus is a simple library that implements native Go client bindings for the
-D-Bus message bus system.
-
-### Features
-
-* Complete native implementation of the D-Bus message protocol
-* Go-like API (channels for signals / asynchronous method calls, Goroutine-safe connections)
-* Subpackages that help with the introspection / property interfaces
-
-### Installation
-
-This packages requires Go 1.1. If you installed it and set up your GOPATH, just run:
-
-```
-go get github.com/godbus/dbus
-```
-
-If you want to use the subpackages, you can install them the same way.
-
-### Usage
-
-The complete package documentation and some simple examples are available at
-[godoc.org](http://godoc.org/github.com/godbus/dbus). Also, the
-[_examples](https://github.com/godbus/dbus/tree/master/_examples) directory
-gives a short overview over the basic usage. 
-
-#### Projects using godbus
-- [notify](https://github.com/esiqveland/notify) provides desktop notifications over dbus into a library.
-
-Please note that the API is considered unstable for now and may change without
-further notice.
-
-### License
-
-go.dbus is available under the Simplified BSD License; see LICENSE for the full
-text.
-
-Nearly all of the credit for this library goes to github.com/guelfey/go.dbus.
diff --git a/vendor/github.com/godbus/dbus/auth.go b/vendor/github.com/godbus/dbus/auth.go
deleted file mode 100644
index 98017b693eec5..0000000000000
--- a/vendor/github.com/godbus/dbus/auth.go
+++ /dev/null
@@ -1,253 +0,0 @@
-package dbus
-
-import (
-	"bufio"
-	"bytes"
-	"errors"
-	"io"
-	"os"
-	"strconv"
-)
-
-// AuthStatus represents the Status of an authentication mechanism.
-type AuthStatus byte
-
-const (
-	// AuthOk signals that authentication is finished; the next command
-	// from the server should be an OK.
-	AuthOk AuthStatus = iota
-
-	// AuthContinue signals that additional data is needed; the next command
-	// from the server should be a DATA.
-	AuthContinue
-
-	// AuthError signals an error; the server sent invalid data or some
-	// other unexpected thing happened and the current authentication
-	// process should be aborted.
-	AuthError
-)
-
-type authState byte
-
-const (
-	waitingForData authState = iota
-	waitingForOk
-	waitingForReject
-)
-
-// Auth defines the behaviour of an authentication mechanism.
-type Auth interface {
-	// Return the name of the mechnism, the argument to the first AUTH command
-	// and the next status.
-	FirstData() (name, resp []byte, status AuthStatus)
-
-	// Process the given DATA command, and return the argument to the DATA
-	// command and the next status. If len(resp) == 0, no DATA command is sent.
-	HandleData(data []byte) (resp []byte, status AuthStatus)
-}
-
-// Auth authenticates the connection, trying the given list of authentication
-// mechanisms (in that order). If nil is passed, the EXTERNAL and
-// DBUS_COOKIE_SHA1 mechanisms are tried for the current user. For private
-// connections, this method must be called before sending any messages to the
-// bus. Auth must not be called on shared connections.
-func (conn *Conn) Auth(methods []Auth) error {
-	if methods == nil {
-		uid := strconv.Itoa(os.Getuid())
-		methods = []Auth{AuthExternal(uid), AuthCookieSha1(uid, getHomeDir())}
-	}
-	in := bufio.NewReader(conn.transport)
-	err := conn.transport.SendNullByte()
-	if err != nil {
-		return err
-	}
-	err = authWriteLine(conn.transport, []byte("AUTH"))
-	if err != nil {
-		return err
-	}
-	s, err := authReadLine(in)
-	if err != nil {
-		return err
-	}
-	if len(s) < 2 || !bytes.Equal(s[0], []byte("REJECTED")) {
-		return errors.New("dbus: authentication protocol error")
-	}
-	s = s[1:]
-	for _, v := range s {
-		for _, m := range methods {
-			if name, data, status := m.FirstData(); bytes.Equal(v, name) {
-				var ok bool
-				err = authWriteLine(conn.transport, []byte("AUTH"), []byte(v), data)
-				if err != nil {
-					return err
-				}
-				switch status {
-				case AuthOk:
-					err, ok = conn.tryAuth(m, waitingForOk, in)
-				case AuthContinue:
-					err, ok = conn.tryAuth(m, waitingForData, in)
-				default:
-					panic("dbus: invalid authentication status")
-				}
-				if err != nil {
-					return err
-				}
-				if ok {
-					if conn.transport.SupportsUnixFDs() {
-						err = authWriteLine(conn, []byte("NEGOTIATE_UNIX_FD"))
-						if err != nil {
-							return err
-						}
-						line, err := authReadLine(in)
-						if err != nil {
-							return err
-						}
-						switch {
-						case bytes.Equal(line[0], []byte("AGREE_UNIX_FD")):
-							conn.EnableUnixFDs()
-							conn.unixFD = true
-						case bytes.Equal(line[0], []byte("ERROR")):
-						default:
-							return errors.New("dbus: authentication protocol error")
-						}
-					}
-					err = authWriteLine(conn.transport, []byte("BEGIN"))
-					if err != nil {
-						return err
-					}
-					go conn.inWorker()
-					go conn.outWorker()
-					return nil
-				}
-			}
-		}
-	}
-	return errors.New("dbus: authentication failed")
-}
-
-// tryAuth tries to authenticate with m as the mechanism, using state as the
-// initial authState and in for reading input. It returns (nil, true) on
-// success, (nil, false) on a REJECTED and (someErr, false) if some other
-// error occured.
-func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, bool) {
-	for {
-		s, err := authReadLine(in)
-		if err != nil {
-			return err, false
-		}
-		switch {
-		case state == waitingForData && string(s[0]) == "DATA":
-			if len(s) != 2 {
-				err = authWriteLine(conn.transport, []byte("ERROR"))
-				if err != nil {
-					return err, false
-				}
-				continue
-			}
-			data, status := m.HandleData(s[1])
-			switch status {
-			case AuthOk, AuthContinue:
-				if len(data) != 0 {
-					err = authWriteLine(conn.transport, []byte("DATA"), data)
-					if err != nil {
-						return err, false
-					}
-				}
-				if status == AuthOk {
-					state = waitingForOk
-				}
-			case AuthError:
-				err = authWriteLine(conn.transport, []byte("ERROR"))
-				if err != nil {
-					return err, false
-				}
-			}
-		case state == waitingForData && string(s[0]) == "REJECTED":
-			return nil, false
-		case state == waitingForData && string(s[0]) == "ERROR":
-			err = authWriteLine(conn.transport, []byte("CANCEL"))
-			if err != nil {
-				return err, false
-			}
-			state = waitingForReject
-		case state == waitingForData && string(s[0]) == "OK":
-			if len(s) != 2 {
-				err = authWriteLine(conn.transport, []byte("CANCEL"))
-				if err != nil {
-					return err, false
-				}
-				state = waitingForReject
-			}
-			conn.uuid = string(s[1])
-			return nil, true
-		case state == waitingForData:
-			err = authWriteLine(conn.transport, []byte("ERROR"))
-			if err != nil {
-				return err, false
-			}
-		case state == waitingForOk && string(s[0]) == "OK":
-			if len(s) != 2 {
-				err = authWriteLine(conn.transport, []byte("CANCEL"))
-				if err != nil {
-					return err, false
-				}
-				state = waitingForReject
-			}
-			conn.uuid = string(s[1])
-			return nil, true
-		case state == waitingForOk && string(s[0]) == "REJECTED":
-			return nil, false
-		case state == waitingForOk && (string(s[0]) == "DATA" ||
-			string(s[0]) == "ERROR"):
-
-			err = authWriteLine(conn.transport, []byte("CANCEL"))
-			if err != nil {
-				return err, false
-			}
-			state = waitingForReject
-		case state == waitingForOk:
-			err = authWriteLine(conn.transport, []byte("ERROR"))
-			if err != nil {
-				return err, false
-			}
-		case state == waitingForReject && string(s[0]) == "REJECTED":
-			return nil, false
-		case state == waitingForReject:
-			return errors.New("dbus: authentication protocol error"), false
-		default:
-			panic("dbus: invalid auth state")
-		}
-	}
-}
-
-// authReadLine reads a line and separates it into its fields.
-func authReadLine(in *bufio.Reader) ([][]byte, error) {
-	data, err := in.ReadBytes('\n')
-	if err != nil {
-		return nil, err
-	}
-	data = bytes.TrimSuffix(data, []byte("\r\n"))
-	return bytes.Split(data, []byte{' '}), nil
-}
-
-// authWriteLine writes the given line in the authentication protocol format
-// (elements of data separated by a " " and terminated by "\r\n").
-func authWriteLine(out io.Writer, data ...[]byte) error {
-	buf := make([]byte, 0)
-	for i, v := range data {
-		buf = append(buf, v...)
-		if i != len(data)-1 {
-			buf = append(buf, ' ')
-		}
-	}
-	buf = append(buf, '\r')
-	buf = append(buf, '\n')
-	n, err := out.Write(buf)
-	if err != nil {
-		return err
-	}
-	if n != len(buf) {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
diff --git a/vendor/github.com/godbus/dbus/call.go b/vendor/github.com/godbus/dbus/call.go
deleted file mode 100644
index ba6e73f607a9d..0000000000000
--- a/vendor/github.com/godbus/dbus/call.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package dbus
-
-import (
-	"errors"
-)
-
-// Call represents a pending or completed method call.
-type Call struct {
-	Destination string
-	Path        ObjectPath
-	Method      string
-	Args        []interface{}
-
-	// Strobes when the call is complete.
-	Done chan *Call
-
-	// After completion, the error status. If this is non-nil, it may be an
-	// error message from the peer (with Error as its type) or some other error.
-	Err error
-
-	// Holds the response once the call is done.
-	Body []interface{}
-}
-
-var errSignature = errors.New("dbus: mismatched signature")
-
-// Store stores the body of the reply into the provided pointers. It returns
-// an error if the signatures of the body and retvalues don't match, or if
-// the error status is not nil.
-func (c *Call) Store(retvalues ...interface{}) error {
-	if c.Err != nil {
-		return c.Err
-	}
-
-	return Store(c.Body, retvalues...)
-}
diff --git a/vendor/github.com/godbus/dbus/conn.go b/vendor/github.com/godbus/dbus/conn.go
deleted file mode 100644
index 9aa2e128099dd..0000000000000
--- a/vendor/github.com/godbus/dbus/conn.go
+++ /dev/null
@@ -1,634 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"io"
-	"os"
-	"reflect"
-	"strings"
-	"sync"
-)
-
-const defaultSystemBusAddress = "unix:path=/var/run/dbus/system_bus_socket"
-
-var (
-	systemBus     *Conn
-	systemBusLck  sync.Mutex
-	sessionBus    *Conn
-	sessionBusLck sync.Mutex
-	sessionEnvLck sync.Mutex
-)
-
-// ErrClosed is the error returned by calls on a closed connection.
-var ErrClosed = errors.New("dbus: connection closed by user")
-
-// Conn represents a connection to a message bus (usually, the system or
-// session bus).
-//
-// Connections are either shared or private. Shared connections
-// are shared between calls to the functions that return them. As a result,
-// the methods Close, Auth and Hello must not be called on them.
-//
-// Multiple goroutines may invoke methods on a connection simultaneously.
-type Conn struct {
-	transport
-
-	busObj BusObject
-	unixFD bool
-	uuid   string
-
-	names    []string
-	namesLck sync.RWMutex
-
-	serialLck  sync.Mutex
-	nextSerial uint32
-	serialUsed map[uint32]bool
-
-	calls    map[uint32]*Call
-	callsLck sync.RWMutex
-
-	handlers    map[ObjectPath]map[string]exportedObj
-	handlersLck sync.RWMutex
-
-	out    chan *Message
-	closed bool
-	outLck sync.RWMutex
-
-	signals    []chan<- *Signal
-	signalsLck sync.Mutex
-
-	eavesdropped    chan<- *Message
-	eavesdroppedLck sync.Mutex
-}
-
-// SessionBus returns a shared connection to the session bus, connecting to it
-// if not already done.
-func SessionBus() (conn *Conn, err error) {
-	sessionBusLck.Lock()
-	defer sessionBusLck.Unlock()
-	if sessionBus != nil {
-		return sessionBus, nil
-	}
-	defer func() {
-		if conn != nil {
-			sessionBus = conn
-		}
-	}()
-	conn, err = SessionBusPrivate()
-	if err != nil {
-		return
-	}
-	if err = conn.Auth(nil); err != nil {
-		conn.Close()
-		conn = nil
-		return
-	}
-	if err = conn.Hello(); err != nil {
-		conn.Close()
-		conn = nil
-	}
-	return
-}
-
-// SessionBusPrivate returns a new private connection to the session bus.
-func SessionBusPrivate() (*Conn, error) {
-	sessionEnvLck.Lock()
-	defer sessionEnvLck.Unlock()
-	address := os.Getenv("DBUS_SESSION_BUS_ADDRESS")
-	if address != "" && address != "autolaunch:" {
-		return Dial(address)
-	}
-
-	return sessionBusPlatform()
-}
-
-// SystemBus returns a shared connection to the system bus, connecting to it if
-// not already done.
-func SystemBus() (conn *Conn, err error) {
-	systemBusLck.Lock()
-	defer systemBusLck.Unlock()
-	if systemBus != nil {
-		return systemBus, nil
-	}
-	defer func() {
-		if conn != nil {
-			systemBus = conn
-		}
-	}()
-	conn, err = SystemBusPrivate()
-	if err != nil {
-		return
-	}
-	if err = conn.Auth(nil); err != nil {
-		conn.Close()
-		conn = nil
-		return
-	}
-	if err = conn.Hello(); err != nil {
-		conn.Close()
-		conn = nil
-	}
-	return
-}
-
-// SystemBusPrivate returns a new private connection to the system bus.
-func SystemBusPrivate() (*Conn, error) {
-	address := os.Getenv("DBUS_SYSTEM_BUS_ADDRESS")
-	if address != "" {
-		return Dial(address)
-	}
-	return Dial(defaultSystemBusAddress)
-}
-
-// Dial establishes a new private connection to the message bus specified by address.
-func Dial(address string) (*Conn, error) {
-	tr, err := getTransport(address)
-	if err != nil {
-		return nil, err
-	}
-	return newConn(tr)
-}
-
-// NewConn creates a new private *Conn from an already established connection.
-func NewConn(conn io.ReadWriteCloser) (*Conn, error) {
-	return newConn(genericTransport{conn})
-}
-
-// newConn creates a new *Conn from a transport.
-func newConn(tr transport) (*Conn, error) {
-	conn := new(Conn)
-	conn.transport = tr
-	conn.calls = make(map[uint32]*Call)
-	conn.out = make(chan *Message, 10)
-	conn.handlers = make(map[ObjectPath]map[string]exportedObj)
-	conn.nextSerial = 1
-	conn.serialUsed = map[uint32]bool{0: true}
-	conn.busObj = conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus")
-	return conn, nil
-}
-
-// BusObject returns the object owned by the bus daemon which handles
-// administrative requests.
-func (conn *Conn) BusObject() BusObject {
-	return conn.busObj
-}
-
-// Close closes the connection. Any blocked operations will return with errors
-// and the channels passed to Eavesdrop and Signal are closed. This method must
-// not be called on shared connections.
-func (conn *Conn) Close() error {
-	conn.outLck.Lock()
-	if conn.closed {
-		// inWorker calls Close on read error, the read error may
-		// be caused by another caller calling Close to shutdown the
-		// dbus connection, a double-close scenario we prevent here.
-		conn.outLck.Unlock()
-		return nil
-	}
-	close(conn.out)
-	conn.closed = true
-	conn.outLck.Unlock()
-	conn.signalsLck.Lock()
-	for _, ch := range conn.signals {
-		close(ch)
-	}
-	conn.signalsLck.Unlock()
-	conn.eavesdroppedLck.Lock()
-	if conn.eavesdropped != nil {
-		close(conn.eavesdropped)
-	}
-	conn.eavesdroppedLck.Unlock()
-	return conn.transport.Close()
-}
-
-// Eavesdrop causes conn to send all incoming messages to the given channel
-// without further processing. Method replies, errors and signals will not be
-// sent to the appropiate channels and method calls will not be handled. If nil
-// is passed, the normal behaviour is restored.
-//
-// The caller has to make sure that ch is sufficiently buffered;
-// if a message arrives when a write to ch is not possible, the message is
-// discarded.
-func (conn *Conn) Eavesdrop(ch chan<- *Message) {
-	conn.eavesdroppedLck.Lock()
-	conn.eavesdropped = ch
-	conn.eavesdroppedLck.Unlock()
-}
-
-// getSerial returns an unused serial.
-func (conn *Conn) getSerial() uint32 {
-	conn.serialLck.Lock()
-	defer conn.serialLck.Unlock()
-	n := conn.nextSerial
-	for conn.serialUsed[n] {
-		n++
-	}
-	conn.serialUsed[n] = true
-	conn.nextSerial = n + 1
-	return n
-}
-
-// Hello sends the initial org.freedesktop.DBus.Hello call. This method must be
-// called after authentication, but before sending any other messages to the
-// bus. Hello must not be called for shared connections.
-func (conn *Conn) Hello() error {
-	var s string
-	err := conn.busObj.Call("org.freedesktop.DBus.Hello", 0).Store(&s)
-	if err != nil {
-		return err
-	}
-	conn.namesLck.Lock()
-	conn.names = make([]string, 1)
-	conn.names[0] = s
-	conn.namesLck.Unlock()
-	return nil
-}
-
-// inWorker runs in an own goroutine, reading incoming messages from the
-// transport and dispatching them appropiately.
-func (conn *Conn) inWorker() {
-	for {
-		msg, err := conn.ReadMessage()
-		if err == nil {
-			conn.eavesdroppedLck.Lock()
-			if conn.eavesdropped != nil {
-				select {
-				case conn.eavesdropped <- msg:
-				default:
-				}
-				conn.eavesdroppedLck.Unlock()
-				continue
-			}
-			conn.eavesdroppedLck.Unlock()
-			dest, _ := msg.Headers[FieldDestination].value.(string)
-			found := false
-			if dest == "" {
-				found = true
-			} else {
-				conn.namesLck.RLock()
-				if len(conn.names) == 0 {
-					found = true
-				}
-				for _, v := range conn.names {
-					if dest == v {
-						found = true
-						break
-					}
-				}
-				conn.namesLck.RUnlock()
-			}
-			if !found {
-				// Eavesdropped a message, but no channel for it is registered.
-				// Ignore it.
-				continue
-			}
-			switch msg.Type {
-			case TypeMethodReply, TypeError:
-				serial := msg.Headers[FieldReplySerial].value.(uint32)
-				conn.callsLck.Lock()
-				if c, ok := conn.calls[serial]; ok {
-					if msg.Type == TypeError {
-						name, _ := msg.Headers[FieldErrorName].value.(string)
-						c.Err = Error{name, msg.Body}
-					} else {
-						c.Body = msg.Body
-					}
-					c.Done <- c
-					conn.serialLck.Lock()
-					delete(conn.serialUsed, serial)
-					conn.serialLck.Unlock()
-					delete(conn.calls, serial)
-				}
-				conn.callsLck.Unlock()
-			case TypeSignal:
-				iface := msg.Headers[FieldInterface].value.(string)
-				member := msg.Headers[FieldMember].value.(string)
-				// as per http://dbus.freedesktop.org/doc/dbus-specification.html ,
-				// sender is optional for signals.
-				sender, _ := msg.Headers[FieldSender].value.(string)
-				if iface == "org.freedesktop.DBus" && sender == "org.freedesktop.DBus" {
-					if member == "NameLost" {
-						// If we lost the name on the bus, remove it from our
-						// tracking list.
-						name, ok := msg.Body[0].(string)
-						if !ok {
-							panic("Unable to read the lost name")
-						}
-						conn.namesLck.Lock()
-						for i, v := range conn.names {
-							if v == name {
-								conn.names = append(conn.names[:i],
-									conn.names[i+1:]...)
-							}
-						}
-						conn.namesLck.Unlock()
-					} else if member == "NameAcquired" {
-						// If we acquired the name on the bus, add it to our
-						// tracking list.
-						name, ok := msg.Body[0].(string)
-						if !ok {
-							panic("Unable to read the acquired name")
-						}
-						conn.namesLck.Lock()
-						conn.names = append(conn.names, name)
-						conn.namesLck.Unlock()
-					}
-				}
-				signal := &Signal{
-					Sender: sender,
-					Path:   msg.Headers[FieldPath].value.(ObjectPath),
-					Name:   iface + "." + member,
-					Body:   msg.Body,
-				}
-				conn.signalsLck.Lock()
-				for _, ch := range conn.signals {
-					ch <- signal
-				}
-				conn.signalsLck.Unlock()
-			case TypeMethodCall:
-				go conn.handleCall(msg)
-			}
-		} else if _, ok := err.(InvalidMessageError); !ok {
-			// Some read error occured (usually EOF); we can't really do
-			// anything but to shut down all stuff and returns errors to all
-			// pending replies.
-			conn.Close()
-			conn.callsLck.RLock()
-			for _, v := range conn.calls {
-				v.Err = err
-				v.Done <- v
-			}
-			conn.callsLck.RUnlock()
-			return
-		}
-		// invalid messages are ignored
-	}
-}
-
-// Names returns the list of all names that are currently owned by this
-// connection. The slice is always at least one element long, the first element
-// being the unique name of the connection.
-func (conn *Conn) Names() []string {
-	conn.namesLck.RLock()
-	// copy the slice so it can't be modified
-	s := make([]string, len(conn.names))
-	copy(s, conn.names)
-	conn.namesLck.RUnlock()
-	return s
-}
-
-// Object returns the object identified by the given destination name and path.
-func (conn *Conn) Object(dest string, path ObjectPath) BusObject {
-	return &Object{conn, dest, path}
-}
-
-// outWorker runs in an own goroutine, encoding and sending messages that are
-// sent to conn.out.
-func (conn *Conn) outWorker() {
-	for msg := range conn.out {
-		err := conn.SendMessage(msg)
-		conn.callsLck.RLock()
-		if err != nil {
-			if c := conn.calls[msg.serial]; c != nil {
-				c.Err = err
-				c.Done <- c
-			}
-			conn.serialLck.Lock()
-			delete(conn.serialUsed, msg.serial)
-			conn.serialLck.Unlock()
-		} else if msg.Type != TypeMethodCall {
-			conn.serialLck.Lock()
-			delete(conn.serialUsed, msg.serial)
-			conn.serialLck.Unlock()
-		}
-		conn.callsLck.RUnlock()
-	}
-}
-
-// Send sends the given message to the message bus. You usually don't need to
-// use this; use the higher-level equivalents (Call / Go, Emit and Export)
-// instead. If msg is a method call and NoReplyExpected is not set, a non-nil
-// call is returned and the same value is sent to ch (which must be buffered)
-// once the call is complete. Otherwise, ch is ignored and a Call structure is
-// returned of which only the Err member is valid.
-func (conn *Conn) Send(msg *Message, ch chan *Call) *Call {
-	var call *Call
-
-	msg.serial = conn.getSerial()
-	if msg.Type == TypeMethodCall && msg.Flags&FlagNoReplyExpected == 0 {
-		if ch == nil {
-			ch = make(chan *Call, 5)
-		} else if cap(ch) == 0 {
-			panic("dbus: unbuffered channel passed to (*Conn).Send")
-		}
-		call = new(Call)
-		call.Destination, _ = msg.Headers[FieldDestination].value.(string)
-		call.Path, _ = msg.Headers[FieldPath].value.(ObjectPath)
-		iface, _ := msg.Headers[FieldInterface].value.(string)
-		member, _ := msg.Headers[FieldMember].value.(string)
-		call.Method = iface + "." + member
-		call.Args = msg.Body
-		call.Done = ch
-		conn.callsLck.Lock()
-		conn.calls[msg.serial] = call
-		conn.callsLck.Unlock()
-		conn.outLck.RLock()
-		if conn.closed {
-			call.Err = ErrClosed
-			call.Done <- call
-		} else {
-			conn.out <- msg
-		}
-		conn.outLck.RUnlock()
-	} else {
-		conn.outLck.RLock()
-		if conn.closed {
-			call = &Call{Err: ErrClosed}
-		} else {
-			conn.out <- msg
-			call = &Call{Err: nil}
-		}
-		conn.outLck.RUnlock()
-	}
-	return call
-}
-
-// sendError creates an error message corresponding to the parameters and sends
-// it to conn.out.
-func (conn *Conn) sendError(e Error, dest string, serial uint32) {
-	msg := new(Message)
-	msg.Type = TypeError
-	msg.serial = conn.getSerial()
-	msg.Headers = make(map[HeaderField]Variant)
-	if dest != "" {
-		msg.Headers[FieldDestination] = MakeVariant(dest)
-	}
-	msg.Headers[FieldErrorName] = MakeVariant(e.Name)
-	msg.Headers[FieldReplySerial] = MakeVariant(serial)
-	msg.Body = e.Body
-	if len(e.Body) > 0 {
-		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(e.Body...))
-	}
-	conn.outLck.RLock()
-	if !conn.closed {
-		conn.out <- msg
-	}
-	conn.outLck.RUnlock()
-}
-
-// sendReply creates a method reply message corresponding to the parameters and
-// sends it to conn.out.
-func (conn *Conn) sendReply(dest string, serial uint32, values ...interface{}) {
-	msg := new(Message)
-	msg.Type = TypeMethodReply
-	msg.serial = conn.getSerial()
-	msg.Headers = make(map[HeaderField]Variant)
-	if dest != "" {
-		msg.Headers[FieldDestination] = MakeVariant(dest)
-	}
-	msg.Headers[FieldReplySerial] = MakeVariant(serial)
-	msg.Body = values
-	if len(values) > 0 {
-		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
-	}
-	conn.outLck.RLock()
-	if !conn.closed {
-		conn.out <- msg
-	}
-	conn.outLck.RUnlock()
-}
-
-// Signal registers the given channel to be passed all received signal messages.
-// The caller has to make sure that ch is sufficiently buffered; if a message
-// arrives when a write to c is not possible, it is discarded.
-//
-// Multiple of these channels can be registered at the same time.
-//
-// These channels are "overwritten" by Eavesdrop; i.e., if there currently is a
-// channel for eavesdropped messages, this channel receives all signals, and
-// none of the channels passed to Signal will receive any signals.
-func (conn *Conn) Signal(ch chan<- *Signal) {
-	conn.signalsLck.Lock()
-	conn.signals = append(conn.signals, ch)
-	conn.signalsLck.Unlock()
-}
-
-// RemoveSignal removes the given channel from the list of the registered channels.
-func (conn *Conn) RemoveSignal(ch chan<- *Signal) {
-	conn.signalsLck.Lock()
-	for i := len(conn.signals) - 1; i >= 0; i-- {
-		if ch == conn.signals[i] {
-			copy(conn.signals[i:], conn.signals[i+1:])
-			conn.signals[len(conn.signals)-1] = nil
-			conn.signals = conn.signals[:len(conn.signals)-1]
-		}
-	}
-	conn.signalsLck.Unlock()
-}
-
-// SupportsUnixFDs returns whether the underlying transport supports passing of
-// unix file descriptors. If this is false, method calls containing unix file
-// descriptors will return an error and emitted signals containing them will
-// not be sent.
-func (conn *Conn) SupportsUnixFDs() bool {
-	return conn.unixFD
-}
-
-// Error represents a D-Bus message of type Error.
-type Error struct {
-	Name string
-	Body []interface{}
-}
-
-func NewError(name string, body []interface{}) *Error {
-	return &Error{name, body}
-}
-
-func (e Error) Error() string {
-	if len(e.Body) >= 1 {
-		s, ok := e.Body[0].(string)
-		if ok {
-			return s
-		}
-	}
-	return e.Name
-}
-
-// Signal represents a D-Bus message of type Signal. The name member is given in
-// "interface.member" notation, e.g. org.freedesktop.D-Bus.NameLost.
-type Signal struct {
-	Sender string
-	Path   ObjectPath
-	Name   string
-	Body   []interface{}
-}
-
-// transport is a D-Bus transport.
-type transport interface {
-	// Read and Write raw data (for example, for the authentication protocol).
-	io.ReadWriteCloser
-
-	// Send the initial null byte used for the EXTERNAL mechanism.
-	SendNullByte() error
-
-	// Returns whether this transport supports passing Unix FDs.
-	SupportsUnixFDs() bool
-
-	// Signal the transport that Unix FD passing is enabled for this connection.
-	EnableUnixFDs()
-
-	// Read / send a message, handling things like Unix FDs.
-	ReadMessage() (*Message, error)
-	SendMessage(*Message) error
-}
-
-var (
-	transports = make(map[string]func(string) (transport, error))
-)
-
-func getTransport(address string) (transport, error) {
-	var err error
-	var t transport
-
-	addresses := strings.Split(address, ";")
-	for _, v := range addresses {
-		i := strings.IndexRune(v, ':')
-		if i == -1 {
-			err = errors.New("dbus: invalid bus address (no transport)")
-			continue
-		}
-		f := transports[v[:i]]
-		if f == nil {
-			err = errors.New("dbus: invalid bus address (invalid or unsupported transport)")
-			continue
-		}
-		t, err = f(v[i+1:])
-		if err == nil {
-			return t, nil
-		}
-	}
-	return nil, err
-}
-
-// dereferenceAll returns a slice that, assuming that vs is a slice of pointers
-// of arbitrary types, containes the values that are obtained from dereferencing
-// all elements in vs.
-func dereferenceAll(vs []interface{}) []interface{} {
-	for i := range vs {
-		v := reflect.ValueOf(vs[i])
-		v = v.Elem()
-		vs[i] = v.Interface()
-	}
-	return vs
-}
-
-// getKey gets a key from a the list of keys. Returns "" on error / not found...
-func getKey(s, key string) string {
-	for _, keyEqualsValue := range strings.Split(s, ",") {
-		keyValue := strings.SplitN(keyEqualsValue, "=", 2)
-		if len(keyValue) == 2 && keyValue[0] == key {
-			return keyValue[1]
-		}
-	}
-	return ""
-}
diff --git a/vendor/github.com/godbus/dbus/conn_darwin.go b/vendor/github.com/godbus/dbus/conn_darwin.go
deleted file mode 100644
index b67bb1b81da68..0000000000000
--- a/vendor/github.com/godbus/dbus/conn_darwin.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"os/exec"
-)
-
-func sessionBusPlatform() (*Conn, error) {
-	cmd := exec.Command("launchctl", "getenv", "DBUS_LAUNCHD_SESSION_BUS_SOCKET")
-	b, err := cmd.CombinedOutput()
-
-	if err != nil {
-		return nil, err
-	}
-
-	if len(b) == 0 {
-		return nil, errors.New("dbus: couldn't determine address of session bus")
-	}
-
-	return Dial("unix:path=" + string(b[:len(b)-1]))
-}
diff --git a/vendor/github.com/godbus/dbus/conn_other.go b/vendor/github.com/godbus/dbus/conn_other.go
deleted file mode 100644
index 289e8c5d2be47..0000000000000
--- a/vendor/github.com/godbus/dbus/conn_other.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// +build !darwin
-
-package dbus
-
-import (
-	"bytes"
-	"errors"
-	"os"
-	"os/exec"
-)
-
-func sessionBusPlatform() (*Conn, error) {
-	cmd := exec.Command("dbus-launch")
-	b, err := cmd.CombinedOutput()
-
-	if err != nil {
-		return nil, err
-	}
-
-	i := bytes.IndexByte(b, '=')
-	j := bytes.IndexByte(b, '\n')
-
-	if i == -1 || j == -1 {
-		return nil, errors.New("dbus: couldn't determine address of session bus")
-	}
-
-	env, addr := string(b[0:i]), string(b[i+1:j])
-	os.Setenv(env, addr)
-
-	return Dial(addr)
-}
diff --git a/vendor/github.com/godbus/dbus/dbus.go b/vendor/github.com/godbus/dbus/dbus.go
deleted file mode 100644
index 2ce68735cdf92..0000000000000
--- a/vendor/github.com/godbus/dbus/dbus.go
+++ /dev/null
@@ -1,258 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"reflect"
-	"strings"
-)
-
-var (
-	byteType        = reflect.TypeOf(byte(0))
-	boolType        = reflect.TypeOf(false)
-	uint8Type       = reflect.TypeOf(uint8(0))
-	int16Type       = reflect.TypeOf(int16(0))
-	uint16Type      = reflect.TypeOf(uint16(0))
-	int32Type       = reflect.TypeOf(int32(0))
-	uint32Type      = reflect.TypeOf(uint32(0))
-	int64Type       = reflect.TypeOf(int64(0))
-	uint64Type      = reflect.TypeOf(uint64(0))
-	float64Type     = reflect.TypeOf(float64(0))
-	stringType      = reflect.TypeOf("")
-	signatureType   = reflect.TypeOf(Signature{""})
-	objectPathType  = reflect.TypeOf(ObjectPath(""))
-	variantType     = reflect.TypeOf(Variant{Signature{""}, nil})
-	interfacesType  = reflect.TypeOf([]interface{}{})
-	unixFDType      = reflect.TypeOf(UnixFD(0))
-	unixFDIndexType = reflect.TypeOf(UnixFDIndex(0))
-)
-
-// An InvalidTypeError signals that a value which cannot be represented in the
-// D-Bus wire format was passed to a function.
-type InvalidTypeError struct {
-	Type reflect.Type
-}
-
-func (e InvalidTypeError) Error() string {
-	return "dbus: invalid type " + e.Type.String()
-}
-
-// Store copies the values contained in src to dest, which must be a slice of
-// pointers. It converts slices of interfaces from src to corresponding structs
-// in dest. An error is returned if the lengths of src and dest or the types of
-// their elements don't match.
-func Store(src []interface{}, dest ...interface{}) error {
-	if len(src) != len(dest) {
-		return errors.New("dbus.Store: length mismatch")
-	}
-
-	for i := range src {
-		if err := store(src[i], dest[i]); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func store(src, dest interface{}) error {
-	if reflect.TypeOf(dest).Elem() == reflect.TypeOf(src) {
-		reflect.ValueOf(dest).Elem().Set(reflect.ValueOf(src))
-		return nil
-	} else if hasStruct(dest) {
-		rv := reflect.ValueOf(dest).Elem()
-		switch rv.Kind() {
-		case reflect.Struct:
-			vs, ok := src.([]interface{})
-			if !ok {
-				return errors.New("dbus.Store: type mismatch")
-			}
-			t := rv.Type()
-			ndest := make([]interface{}, 0, rv.NumField())
-			for i := 0; i < rv.NumField(); i++ {
-				field := t.Field(i)
-				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
-					ndest = append(ndest, rv.Field(i).Addr().Interface())
-				}
-			}
-			if len(vs) != len(ndest) {
-				return errors.New("dbus.Store: type mismatch")
-			}
-			err := Store(vs, ndest...)
-			if err != nil {
-				return errors.New("dbus.Store: type mismatch")
-			}
-		case reflect.Slice:
-			sv := reflect.ValueOf(src)
-			if sv.Kind() != reflect.Slice {
-				return errors.New("dbus.Store: type mismatch")
-			}
-			rv.Set(reflect.MakeSlice(rv.Type(), sv.Len(), sv.Len()))
-			for i := 0; i < sv.Len(); i++ {
-				if err := store(sv.Index(i).Interface(), rv.Index(i).Addr().Interface()); err != nil {
-					return err
-				}
-			}
-		case reflect.Map:
-			sv := reflect.ValueOf(src)
-			if sv.Kind() != reflect.Map {
-				return errors.New("dbus.Store: type mismatch")
-			}
-			keys := sv.MapKeys()
-			rv.Set(reflect.MakeMap(sv.Type()))
-			for _, key := range keys {
-				v := reflect.New(sv.Type().Elem())
-				if err := store(v, sv.MapIndex(key).Interface()); err != nil {
-					return err
-				}
-				rv.SetMapIndex(key, v.Elem())
-			}
-		default:
-			return errors.New("dbus.Store: type mismatch")
-		}
-		return nil
-	} else {
-		return errors.New("dbus.Store: type mismatch")
-	}
-}
-
-func hasStruct(v interface{}) bool {
-	t := reflect.TypeOf(v)
-	for {
-		switch t.Kind() {
-		case reflect.Struct:
-			return true
-		case reflect.Slice, reflect.Ptr, reflect.Map:
-			t = t.Elem()
-		default:
-			return false
-		}
-	}
-}
-
-// An ObjectPath is an object path as defined by the D-Bus spec.
-type ObjectPath string
-
-// IsValid returns whether the object path is valid.
-func (o ObjectPath) IsValid() bool {
-	s := string(o)
-	if len(s) == 0 {
-		return false
-	}
-	if s[0] != '/' {
-		return false
-	}
-	if s[len(s)-1] == '/' && len(s) != 1 {
-		return false
-	}
-	// probably not used, but technically possible
-	if s == "/" {
-		return true
-	}
-	split := strings.Split(s[1:], "/")
-	for _, v := range split {
-		if len(v) == 0 {
-			return false
-		}
-		for _, c := range v {
-			if !isMemberChar(c) {
-				return false
-			}
-		}
-	}
-	return true
-}
-
-// A UnixFD is a Unix file descriptor sent over the wire. See the package-level
-// documentation for more information about Unix file descriptor passsing.
-type UnixFD int32
-
-// A UnixFDIndex is the representation of a Unix file descriptor in a message.
-type UnixFDIndex uint32
-
-// alignment returns the alignment of values of type t.
-func alignment(t reflect.Type) int {
-	switch t {
-	case variantType:
-		return 1
-	case objectPathType:
-		return 4
-	case signatureType:
-		return 1
-	case interfacesType: // sometimes used for structs
-		return 8
-	}
-	switch t.Kind() {
-	case reflect.Uint8:
-		return 1
-	case reflect.Uint16, reflect.Int16:
-		return 2
-	case reflect.Uint32, reflect.Int32, reflect.String, reflect.Array, reflect.Slice, reflect.Map:
-		return 4
-	case reflect.Uint64, reflect.Int64, reflect.Float64, reflect.Struct:
-		return 8
-	case reflect.Ptr:
-		return alignment(t.Elem())
-	}
-	return 1
-}
-
-// isKeyType returns whether t is a valid type for a D-Bus dict.
-func isKeyType(t reflect.Type) bool {
-	switch t.Kind() {
-	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
-		reflect.Int16, reflect.Int32, reflect.Int64, reflect.Float64,
-		reflect.String:
-
-		return true
-	}
-	return false
-}
-
-// isValidInterface returns whether s is a valid name for an interface.
-func isValidInterface(s string) bool {
-	if len(s) == 0 || len(s) > 255 || s[0] == '.' {
-		return false
-	}
-	elem := strings.Split(s, ".")
-	if len(elem) < 2 {
-		return false
-	}
-	for _, v := range elem {
-		if len(v) == 0 {
-			return false
-		}
-		if v[0] >= '0' && v[0] <= '9' {
-			return false
-		}
-		for _, c := range v {
-			if !isMemberChar(c) {
-				return false
-			}
-		}
-	}
-	return true
-}
-
-// isValidMember returns whether s is a valid name for a member.
-func isValidMember(s string) bool {
-	if len(s) == 0 || len(s) > 255 {
-		return false
-	}
-	i := strings.Index(s, ".")
-	if i != -1 {
-		return false
-	}
-	if s[0] >= '0' && s[0] <= '9' {
-		return false
-	}
-	for _, c := range s {
-		if !isMemberChar(c) {
-			return false
-		}
-	}
-	return true
-}
-
-func isMemberChar(c rune) bool {
-	return (c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') ||
-		(c >= 'a' && c <= 'z') || c == '_'
-}
diff --git a/vendor/github.com/godbus/dbus/decoder.go b/vendor/github.com/godbus/dbus/decoder.go
deleted file mode 100644
index ef50dcab98d0d..0000000000000
--- a/vendor/github.com/godbus/dbus/decoder.go
+++ /dev/null
@@ -1,228 +0,0 @@
-package dbus
-
-import (
-	"encoding/binary"
-	"io"
-	"reflect"
-)
-
-type decoder struct {
-	in    io.Reader
-	order binary.ByteOrder
-	pos   int
-}
-
-// newDecoder returns a new decoder that reads values from in. The input is
-// expected to be in the given byte order.
-func newDecoder(in io.Reader, order binary.ByteOrder) *decoder {
-	dec := new(decoder)
-	dec.in = in
-	dec.order = order
-	return dec
-}
-
-// align aligns the input to the given boundary and panics on error.
-func (dec *decoder) align(n int) {
-	if dec.pos%n != 0 {
-		newpos := (dec.pos + n - 1) & ^(n - 1)
-		empty := make([]byte, newpos-dec.pos)
-		if _, err := io.ReadFull(dec.in, empty); err != nil {
-			panic(err)
-		}
-		dec.pos = newpos
-	}
-}
-
-// Calls binary.Read(dec.in, dec.order, v) and panics on read errors.
-func (dec *decoder) binread(v interface{}) {
-	if err := binary.Read(dec.in, dec.order, v); err != nil {
-		panic(err)
-	}
-}
-
-func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) {
-	defer func() {
-		var ok bool
-		v := recover()
-		if err, ok = v.(error); ok {
-			if err == io.EOF || err == io.ErrUnexpectedEOF {
-				err = FormatError("unexpected EOF")
-			}
-		}
-	}()
-	vs = make([]interface{}, 0)
-	s := sig.str
-	for s != "" {
-		err, rem := validSingle(s, 0)
-		if err != nil {
-			return nil, err
-		}
-		v := dec.decode(s[:len(s)-len(rem)], 0)
-		vs = append(vs, v)
-		s = rem
-	}
-	return vs, nil
-}
-
-func (dec *decoder) decode(s string, depth int) interface{} {
-	dec.align(alignment(typeFor(s)))
-	switch s[0] {
-	case 'y':
-		var b [1]byte
-		if _, err := dec.in.Read(b[:]); err != nil {
-			panic(err)
-		}
-		dec.pos++
-		return b[0]
-	case 'b':
-		i := dec.decode("u", depth).(uint32)
-		switch {
-		case i == 0:
-			return false
-		case i == 1:
-			return true
-		default:
-			panic(FormatError("invalid value for boolean"))
-		}
-	case 'n':
-		var i int16
-		dec.binread(&i)
-		dec.pos += 2
-		return i
-	case 'i':
-		var i int32
-		dec.binread(&i)
-		dec.pos += 4
-		return i
-	case 'x':
-		var i int64
-		dec.binread(&i)
-		dec.pos += 8
-		return i
-	case 'q':
-		var i uint16
-		dec.binread(&i)
-		dec.pos += 2
-		return i
-	case 'u':
-		var i uint32
-		dec.binread(&i)
-		dec.pos += 4
-		return i
-	case 't':
-		var i uint64
-		dec.binread(&i)
-		dec.pos += 8
-		return i
-	case 'd':
-		var f float64
-		dec.binread(&f)
-		dec.pos += 8
-		return f
-	case 's':
-		length := dec.decode("u", depth).(uint32)
-		b := make([]byte, int(length)+1)
-		if _, err := io.ReadFull(dec.in, b); err != nil {
-			panic(err)
-		}
-		dec.pos += int(length) + 1
-		return string(b[:len(b)-1])
-	case 'o':
-		return ObjectPath(dec.decode("s", depth).(string))
-	case 'g':
-		length := dec.decode("y", depth).(byte)
-		b := make([]byte, int(length)+1)
-		if _, err := io.ReadFull(dec.in, b); err != nil {
-			panic(err)
-		}
-		dec.pos += int(length) + 1
-		sig, err := ParseSignature(string(b[:len(b)-1]))
-		if err != nil {
-			panic(err)
-		}
-		return sig
-	case 'v':
-		if depth >= 64 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		var variant Variant
-		sig := dec.decode("g", depth).(Signature)
-		if len(sig.str) == 0 {
-			panic(FormatError("variant signature is empty"))
-		}
-		err, rem := validSingle(sig.str, 0)
-		if err != nil {
-			panic(err)
-		}
-		if rem != "" {
-			panic(FormatError("variant signature has multiple types"))
-		}
-		variant.sig = sig
-		variant.value = dec.decode(sig.str, depth+1)
-		return variant
-	case 'h':
-		return UnixFDIndex(dec.decode("u", depth).(uint32))
-	case 'a':
-		if len(s) > 1 && s[1] == '{' {
-			ksig := s[2:3]
-			vsig := s[3 : len(s)-1]
-			v := reflect.MakeMap(reflect.MapOf(typeFor(ksig), typeFor(vsig)))
-			if depth >= 63 {
-				panic(FormatError("input exceeds container depth limit"))
-			}
-			length := dec.decode("u", depth).(uint32)
-			// Even for empty maps, the correct padding must be included
-			dec.align(8)
-			spos := dec.pos
-			for dec.pos < spos+int(length) {
-				dec.align(8)
-				if !isKeyType(v.Type().Key()) {
-					panic(InvalidTypeError{v.Type()})
-				}
-				kv := dec.decode(ksig, depth+2)
-				vv := dec.decode(vsig, depth+2)
-				v.SetMapIndex(reflect.ValueOf(kv), reflect.ValueOf(vv))
-			}
-			return v.Interface()
-		}
-		if depth >= 64 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		length := dec.decode("u", depth).(uint32)
-		v := reflect.MakeSlice(reflect.SliceOf(typeFor(s[1:])), 0, int(length))
-		// Even for empty arrays, the correct padding must be included
-		dec.align(alignment(typeFor(s[1:])))
-		spos := dec.pos
-		for dec.pos < spos+int(length) {
-			ev := dec.decode(s[1:], depth+1)
-			v = reflect.Append(v, reflect.ValueOf(ev))
-		}
-		return v.Interface()
-	case '(':
-		if depth >= 64 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		dec.align(8)
-		v := make([]interface{}, 0)
-		s = s[1 : len(s)-1]
-		for s != "" {
-			err, rem := validSingle(s, 0)
-			if err != nil {
-				panic(err)
-			}
-			ev := dec.decode(s[:len(s)-len(rem)], depth+1)
-			v = append(v, ev)
-			s = rem
-		}
-		return v
-	default:
-		panic(SignatureError{Sig: s})
-	}
-}
-
-// A FormatError is an error in the wire format.
-type FormatError string
-
-func (e FormatError) Error() string {
-	return "dbus: wire format error: " + string(e)
-}
diff --git a/vendor/github.com/godbus/dbus/doc.go b/vendor/github.com/godbus/dbus/doc.go
deleted file mode 100644
index deff554a381ad..0000000000000
--- a/vendor/github.com/godbus/dbus/doc.go
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-Package dbus implements bindings to the D-Bus message bus system.
-
-To use the message bus API, you first need to connect to a bus (usually the
-session or system bus). The acquired connection then can be used to call methods
-on remote objects and emit or receive signals. Using the Export method, you can
-arrange D-Bus methods calls to be directly translated to method calls on a Go
-value.
-
-Conversion Rules
-
-For outgoing messages, Go types are automatically converted to the
-corresponding D-Bus types. The following types are directly encoded as their
-respective D-Bus equivalents:
-
-     Go type     | D-Bus type
-     ------------+-----------
-     byte        | BYTE
-     bool        | BOOLEAN
-     int16       | INT16
-     uint16      | UINT16
-     int32       | INT32
-     uint32      | UINT32
-     int64       | INT64
-     uint64      | UINT64
-     float64     | DOUBLE
-     string      | STRING
-     ObjectPath  | OBJECT_PATH
-     Signature   | SIGNATURE
-     Variant     | VARIANT
-     UnixFDIndex | UNIX_FD
-
-Slices and arrays encode as ARRAYs of their element type.
-
-Maps encode as DICTs, provided that their key type can be used as a key for
-a DICT.
-
-Structs other than Variant and Signature encode as a STRUCT containing their
-exported fields. Fields whose tags contain `dbus:"-"` and unexported fields will
-be skipped.
-
-Pointers encode as the value they're pointed to.
-
-Trying to encode any other type or a slice, map or struct containing an
-unsupported type will result in an InvalidTypeError.
-
-For incoming messages, the inverse of these rules are used, with the exception
-of STRUCTs. Incoming STRUCTS are represented as a slice of empty interfaces
-containing the struct fields in the correct order. The Store function can be
-used to convert such values to Go structs.
-
-Unix FD passing
-
-Handling Unix file descriptors deserves special mention. To use them, you should
-first check that they are supported on a connection by calling SupportsUnixFDs.
-If it returns true, all method of Connection will translate messages containing
-UnixFD's to messages that are accompanied by the given file descriptors with the
-UnixFD values being substituted by the correct indices. Similarily, the indices
-of incoming messages are automatically resolved. It shouldn't be necessary to use
-UnixFDIndex.
-
-*/
-package dbus
diff --git a/vendor/github.com/godbus/dbus/encoder.go b/vendor/github.com/godbus/dbus/encoder.go
deleted file mode 100644
index 9f0a9e89eabfe..0000000000000
--- a/vendor/github.com/godbus/dbus/encoder.go
+++ /dev/null
@@ -1,208 +0,0 @@
-package dbus
-
-import (
-	"bytes"
-	"encoding/binary"
-	"io"
-	"reflect"
-)
-
-// An encoder encodes values to the D-Bus wire format.
-type encoder struct {
-	out   io.Writer
-	order binary.ByteOrder
-	pos   int
-}
-
-// NewEncoder returns a new encoder that writes to out in the given byte order.
-func newEncoder(out io.Writer, order binary.ByteOrder) *encoder {
-	return newEncoderAtOffset(out, 0, order)
-}
-
-// newEncoderAtOffset returns a new encoder that writes to out in the given
-// byte order. Specify the offset to initialize pos for proper alignment
-// computation.
-func newEncoderAtOffset(out io.Writer, offset int, order binary.ByteOrder) *encoder {
-	enc := new(encoder)
-	enc.out = out
-	enc.order = order
-	enc.pos = offset
-	return enc
-}
-
-// Aligns the next output to be on a multiple of n. Panics on write errors.
-func (enc *encoder) align(n int) {
-	pad := enc.padding(0, n)
-	if pad > 0 {
-		empty := make([]byte, pad)
-		if _, err := enc.out.Write(empty); err != nil {
-			panic(err)
-		}
-		enc.pos += pad
-	}
-}
-
-// pad returns the number of bytes of padding, based on current position and additional offset.
-// and alignment.
-func (enc *encoder) padding(offset, algn int) int {
-	abs := enc.pos + offset
-	if abs%algn != 0 {
-		newabs := (abs + algn - 1) & ^(algn - 1)
-		return newabs - abs
-	}
-	return 0
-}
-
-// Calls binary.Write(enc.out, enc.order, v) and panics on write errors.
-func (enc *encoder) binwrite(v interface{}) {
-	if err := binary.Write(enc.out, enc.order, v); err != nil {
-		panic(err)
-	}
-}
-
-// Encode encodes the given values to the underyling reader. All written values
-// are aligned properly as required by the D-Bus spec.
-func (enc *encoder) Encode(vs ...interface{}) (err error) {
-	defer func() {
-		err, _ = recover().(error)
-	}()
-	for _, v := range vs {
-		enc.encode(reflect.ValueOf(v), 0)
-	}
-	return nil
-}
-
-// encode encodes the given value to the writer and panics on error. depth holds
-// the depth of the container nesting.
-func (enc *encoder) encode(v reflect.Value, depth int) {
-	enc.align(alignment(v.Type()))
-	switch v.Kind() {
-	case reflect.Uint8:
-		var b [1]byte
-		b[0] = byte(v.Uint())
-		if _, err := enc.out.Write(b[:]); err != nil {
-			panic(err)
-		}
-		enc.pos++
-	case reflect.Bool:
-		if v.Bool() {
-			enc.encode(reflect.ValueOf(uint32(1)), depth)
-		} else {
-			enc.encode(reflect.ValueOf(uint32(0)), depth)
-		}
-	case reflect.Int16:
-		enc.binwrite(int16(v.Int()))
-		enc.pos += 2
-	case reflect.Uint16:
-		enc.binwrite(uint16(v.Uint()))
-		enc.pos += 2
-	case reflect.Int32:
-		enc.binwrite(int32(v.Int()))
-		enc.pos += 4
-	case reflect.Uint32:
-		enc.binwrite(uint32(v.Uint()))
-		enc.pos += 4
-	case reflect.Int64:
-		enc.binwrite(v.Int())
-		enc.pos += 8
-	case reflect.Uint64:
-		enc.binwrite(v.Uint())
-		enc.pos += 8
-	case reflect.Float64:
-		enc.binwrite(v.Float())
-		enc.pos += 8
-	case reflect.String:
-		enc.encode(reflect.ValueOf(uint32(len(v.String()))), depth)
-		b := make([]byte, v.Len()+1)
-		copy(b, v.String())
-		b[len(b)-1] = 0
-		n, err := enc.out.Write(b)
-		if err != nil {
-			panic(err)
-		}
-		enc.pos += n
-	case reflect.Ptr:
-		enc.encode(v.Elem(), depth)
-	case reflect.Slice, reflect.Array:
-		if depth >= 64 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		// Lookahead offset: 4 bytes for uint32 length (with alignment),
-		// plus alignment for elements.
-		n := enc.padding(0, 4) + 4
-		offset := enc.pos + n + enc.padding(n, alignment(v.Type().Elem()))
-
-		var buf bytes.Buffer
-		bufenc := newEncoderAtOffset(&buf, offset, enc.order)
-
-		for i := 0; i < v.Len(); i++ {
-			bufenc.encode(v.Index(i), depth+1)
-		}
-		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
-		length := buf.Len()
-		enc.align(alignment(v.Type().Elem()))
-		if _, err := buf.WriteTo(enc.out); err != nil {
-			panic(err)
-		}
-		enc.pos += length
-	case reflect.Struct:
-		if depth >= 64 && v.Type() != signatureType {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		switch t := v.Type(); t {
-		case signatureType:
-			str := v.Field(0)
-			enc.encode(reflect.ValueOf(byte(str.Len())), depth+1)
-			b := make([]byte, str.Len()+1)
-			copy(b, str.String())
-			b[len(b)-1] = 0
-			n, err := enc.out.Write(b)
-			if err != nil {
-				panic(err)
-			}
-			enc.pos += n
-		case variantType:
-			variant := v.Interface().(Variant)
-			enc.encode(reflect.ValueOf(variant.sig), depth+1)
-			enc.encode(reflect.ValueOf(variant.value), depth+1)
-		default:
-			for i := 0; i < v.Type().NumField(); i++ {
-				field := t.Field(i)
-				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
-					enc.encode(v.Field(i), depth+1)
-				}
-			}
-		}
-	case reflect.Map:
-		// Maps are arrays of structures, so they actually increase the depth by
-		// 2.
-		if depth >= 63 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		if !isKeyType(v.Type().Key()) {
-			panic(InvalidTypeError{v.Type()})
-		}
-		keys := v.MapKeys()
-		// Lookahead offset: 4 bytes for uint32 length (with alignment),
-		// plus 8-byte alignment
-		n := enc.padding(0, 4) + 4
-		offset := enc.pos + n + enc.padding(n, 8)
-
-		var buf bytes.Buffer
-		bufenc := newEncoderAtOffset(&buf, offset, enc.order)
-		for _, k := range keys {
-			bufenc.align(8)
-			bufenc.encode(k, depth+2)
-			bufenc.encode(v.MapIndex(k), depth+2)
-		}
-		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
-		length := buf.Len()
-		enc.align(8)
-		if _, err := buf.WriteTo(enc.out); err != nil {
-			panic(err)
-		}
-		enc.pos += length
-	default:
-		panic(InvalidTypeError{v.Type()})
-	}
-}
diff --git a/vendor/github.com/godbus/dbus/export.go b/vendor/github.com/godbus/dbus/export.go
deleted file mode 100644
index 6c3352202665a..0000000000000
--- a/vendor/github.com/godbus/dbus/export.go
+++ /dev/null
@@ -1,468 +0,0 @@
-package dbus
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"reflect"
-	"strings"
-)
-
-var (
-	errmsgInvalidArg = Error{
-		"org.freedesktop.DBus.Error.InvalidArgs",
-		[]interface{}{"Invalid type / number of args"},
-	}
-	errmsgNoObject = Error{
-		"org.freedesktop.DBus.Error.NoSuchObject",
-		[]interface{}{"No such object"},
-	}
-	errmsgUnknownMethod = Error{
-		"org.freedesktop.DBus.Error.UnknownMethod",
-		[]interface{}{"Unknown / invalid method"},
-	}
-)
-
-// exportedObj represents an exported object. It stores a precomputed
-// method table that represents the methods exported on the bus.
-type exportedObj struct {
-	methods map[string]reflect.Value
-
-	// Whether or not this export is for the entire subtree
-	includeSubtree bool
-}
-
-func (obj exportedObj) Method(name string) (reflect.Value, bool) {
-	out, exists := obj.methods[name]
-	return out, exists
-}
-
-// Sender is a type which can be used in exported methods to receive the message
-// sender.
-type Sender string
-
-func computeMethodName(name string, mapping map[string]string) string {
-	newname, ok := mapping[name]
-	if ok {
-		name = newname
-	}
-	return name
-}
-
-func getMethods(in interface{}, mapping map[string]string) map[string]reflect.Value {
-	if in == nil {
-		return nil
-	}
-	methods := make(map[string]reflect.Value)
-	val := reflect.ValueOf(in)
-	typ := val.Type()
-	for i := 0; i < typ.NumMethod(); i++ {
-		methtype := typ.Method(i)
-		method := val.Method(i)
-		t := method.Type()
-		// only track valid methods must return *Error as last arg
-		// and must be exported
-		if t.NumOut() == 0 ||
-			t.Out(t.NumOut()-1) != reflect.TypeOf(&errmsgInvalidArg) ||
-			methtype.PkgPath != "" {
-			continue
-		}
-		// map names while building table
-		methods[computeMethodName(methtype.Name, mapping)] = method
-	}
-	return methods
-}
-
-// searchHandlers will look through all registered handlers looking for one
-// to handle the given path. If a verbatim one isn't found, it will check for
-// a subtree registration for the path as well.
-func (conn *Conn) searchHandlers(path ObjectPath) (map[string]exportedObj, bool) {
-	conn.handlersLck.RLock()
-	defer conn.handlersLck.RUnlock()
-
-	handlers, ok := conn.handlers[path]
-	if ok {
-		return handlers, ok
-	}
-
-	// If handlers weren't found for this exact path, look for a matching subtree
-	// registration
-	handlers = make(map[string]exportedObj)
-	path = path[:strings.LastIndex(string(path), "/")]
-	for len(path) > 0 {
-		var subtreeHandlers map[string]exportedObj
-		subtreeHandlers, ok = conn.handlers[path]
-		if ok {
-			for iface, handler := range subtreeHandlers {
-				// Only include this handler if it registered for the subtree
-				if handler.includeSubtree {
-					handlers[iface] = handler
-				}
-			}
-
-			break
-		}
-
-		path = path[:strings.LastIndex(string(path), "/")]
-	}
-
-	return handlers, ok
-}
-
-// handleCall handles the given method call (i.e. looks if it's one of the
-// pre-implemented ones and searches for a corresponding handler if not).
-func (conn *Conn) handleCall(msg *Message) {
-	name := msg.Headers[FieldMember].value.(string)
-	path := msg.Headers[FieldPath].value.(ObjectPath)
-	ifaceName, hasIface := msg.Headers[FieldInterface].value.(string)
-	sender, hasSender := msg.Headers[FieldSender].value.(string)
-	serial := msg.serial
-	if ifaceName == "org.freedesktop.DBus.Peer" {
-		switch name {
-		case "Ping":
-			conn.sendReply(sender, serial)
-		case "GetMachineId":
-			conn.sendReply(sender, serial, conn.uuid)
-		default:
-			conn.sendError(errmsgUnknownMethod, sender, serial)
-		}
-		return
-	} else if ifaceName == "org.freedesktop.DBus.Introspectable" && name == "Introspect" {
-		if _, ok := conn.handlers[path]; !ok {
-			subpath := make(map[string]struct{})
-			var xml bytes.Buffer
-			xml.WriteString("<node>")
-			for h, _ := range conn.handlers {
-				p := string(path)
-				if p != "/" {
-					p += "/"
-				}
-				if strings.HasPrefix(string(h), p) {
-					node_name := strings.Split(string(h[len(p):]), "/")[0]
-					subpath[node_name] = struct{}{}
-				}
-			}
-			for s, _ := range subpath {
-				xml.WriteString("\n\t<node name=\"" + s + "\"/>")
-			}
-			xml.WriteString("\n</node>")
-			conn.sendReply(sender, serial, xml.String())
-			return
-		}
-	}
-	if len(name) == 0 {
-		conn.sendError(errmsgUnknownMethod, sender, serial)
-	}
-
-	// Find the exported handler (if any) for this path
-	handlers, ok := conn.searchHandlers(path)
-	if !ok {
-		conn.sendError(errmsgNoObject, sender, serial)
-		return
-	}
-
-	var m reflect.Value
-	var exists bool
-	if hasIface {
-		iface := handlers[ifaceName]
-		m, exists = iface.Method(name)
-	} else {
-		for _, v := range handlers {
-			m, exists = v.Method(name)
-			if exists {
-				break
-			}
-		}
-	}
-
-	if !exists {
-		conn.sendError(errmsgUnknownMethod, sender, serial)
-		return
-	}
-
-	t := m.Type()
-	vs := msg.Body
-	pointers := make([]interface{}, t.NumIn())
-	decode := make([]interface{}, 0, len(vs))
-	for i := 0; i < t.NumIn(); i++ {
-		tp := t.In(i)
-		val := reflect.New(tp)
-		pointers[i] = val.Interface()
-		if tp == reflect.TypeOf((*Sender)(nil)).Elem() {
-			val.Elem().SetString(sender)
-		} else if tp == reflect.TypeOf((*Message)(nil)).Elem() {
-			val.Elem().Set(reflect.ValueOf(*msg))
-		} else {
-			decode = append(decode, pointers[i])
-		}
-	}
-
-	if len(decode) != len(vs) {
-		conn.sendError(errmsgInvalidArg, sender, serial)
-		return
-	}
-
-	if err := Store(vs, decode...); err != nil {
-		conn.sendError(errmsgInvalidArg, sender, serial)
-		return
-	}
-
-	// Extract parameters
-	params := make([]reflect.Value, len(pointers))
-	for i := 0; i < len(pointers); i++ {
-		params[i] = reflect.ValueOf(pointers[i]).Elem()
-	}
-
-	// Call method
-	ret := m.Call(params)
-	if em := ret[t.NumOut()-1].Interface().(*Error); em != nil {
-		conn.sendError(*em, sender, serial)
-		return
-	}
-
-	if msg.Flags&FlagNoReplyExpected == 0 {
-		reply := new(Message)
-		reply.Type = TypeMethodReply
-		reply.serial = conn.getSerial()
-		reply.Headers = make(map[HeaderField]Variant)
-		if hasSender {
-			reply.Headers[FieldDestination] = msg.Headers[FieldSender]
-		}
-		reply.Headers[FieldReplySerial] = MakeVariant(msg.serial)
-		reply.Body = make([]interface{}, len(ret)-1)
-		for i := 0; i < len(ret)-1; i++ {
-			reply.Body[i] = ret[i].Interface()
-		}
-		if len(ret) != 1 {
-			reply.Headers[FieldSignature] = MakeVariant(SignatureOf(reply.Body...))
-		}
-		conn.outLck.RLock()
-		if !conn.closed {
-			conn.out <- reply
-		}
-		conn.outLck.RUnlock()
-	}
-}
-
-// Emit emits the given signal on the message bus. The name parameter must be
-// formatted as "interface.member", e.g., "org.freedesktop.DBus.NameLost".
-func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) error {
-	if !path.IsValid() {
-		return errors.New("dbus: invalid object path")
-	}
-	i := strings.LastIndex(name, ".")
-	if i == -1 {
-		return errors.New("dbus: invalid method name")
-	}
-	iface := name[:i]
-	member := name[i+1:]
-	if !isValidMember(member) {
-		return errors.New("dbus: invalid method name")
-	}
-	if !isValidInterface(iface) {
-		return errors.New("dbus: invalid interface name")
-	}
-	msg := new(Message)
-	msg.Type = TypeSignal
-	msg.serial = conn.getSerial()
-	msg.Headers = make(map[HeaderField]Variant)
-	msg.Headers[FieldInterface] = MakeVariant(iface)
-	msg.Headers[FieldMember] = MakeVariant(member)
-	msg.Headers[FieldPath] = MakeVariant(path)
-	msg.Body = values
-	if len(values) > 0 {
-		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
-	}
-	conn.outLck.RLock()
-	defer conn.outLck.RUnlock()
-	if conn.closed {
-		return ErrClosed
-	}
-	conn.out <- msg
-	return nil
-}
-
-// Export registers the given value to be exported as an object on the
-// message bus.
-//
-// If a method call on the given path and interface is received, an exported
-// method with the same name is called with v as the receiver if the
-// parameters match and the last return value is of type *Error. If this
-// *Error is not nil, it is sent back to the caller as an error.
-// Otherwise, a method reply is sent with the other return values as its body.
-//
-// Any parameters with the special type Sender are set to the sender of the
-// dbus message when the method is called. Parameters of this type do not
-// contribute to the dbus signature of the method (i.e. the method is exposed
-// as if the parameters of type Sender were not there).
-//
-// Similarly, any parameters with the type Message are set to the raw message
-// received on the bus. Again, parameters of this type do not contribute to the
-// dbus signature of the method.
-//
-// Every method call is executed in a new goroutine, so the method may be called
-// in multiple goroutines at once.
-//
-// Method calls on the interface org.freedesktop.DBus.Peer will be automatically
-// handled for every object.
-//
-// Passing nil as the first parameter will cause conn to cease handling calls on
-// the given combination of path and interface.
-//
-// Export returns an error if path is not a valid path name.
-func (conn *Conn) Export(v interface{}, path ObjectPath, iface string) error {
-	return conn.ExportWithMap(v, nil, path, iface)
-}
-
-// ExportWithMap works exactly like Export but provides the ability to remap
-// method names (e.g. export a lower-case method).
-//
-// The keys in the map are the real method names (exported on the struct), and
-// the values are the method names to be exported on DBus.
-func (conn *Conn) ExportWithMap(v interface{}, mapping map[string]string, path ObjectPath, iface string) error {
-	return conn.export(getMethods(v, mapping), path, iface, false)
-}
-
-// ExportSubtree works exactly like Export but registers the given value for
-// an entire subtree rather under the root path provided.
-//
-// In order to make this useful, one parameter in each of the value's exported
-// methods should be a Message, in which case it will contain the raw message
-// (allowing one to get access to the path that caused the method to be called).
-//
-// Note that more specific export paths take precedence over less specific. For
-// example, a method call using the ObjectPath /foo/bar/baz will call a method
-// exported on /foo/bar before a method exported on /foo.
-func (conn *Conn) ExportSubtree(v interface{}, path ObjectPath, iface string) error {
-	return conn.ExportSubtreeWithMap(v, nil, path, iface)
-}
-
-// ExportSubtreeWithMap works exactly like ExportSubtree but provides the
-// ability to remap method names (e.g. export a lower-case method).
-//
-// The keys in the map are the real method names (exported on the struct), and
-// the values are the method names to be exported on DBus.
-func (conn *Conn) ExportSubtreeWithMap(v interface{}, mapping map[string]string, path ObjectPath, iface string) error {
-	return conn.export(getMethods(v, mapping), path, iface, true)
-}
-
-// ExportMethodTable like Export registers the given methods as an object
-// on the message bus. Unlike Export the it uses a method table to define
-// the object instead of a native go object.
-//
-// The method table is a map from method name to function closure
-// representing the method. This allows an object exported on the bus to not
-// necessarily be a native go object. It can be useful for generating exposed
-// methods on the fly.
-//
-// Any non-function objects in the method table are ignored.
-func (conn *Conn) ExportMethodTable(methods map[string]interface{}, path ObjectPath, iface string) error {
-	return conn.exportMethodTable(methods, path, iface, false)
-}
-
-// Like ExportSubtree, but with the same caveats as ExportMethodTable.
-func (conn *Conn) ExportSubtreeMethodTable(methods map[string]interface{}, path ObjectPath, iface string) error {
-	return conn.exportMethodTable(methods, path, iface, true)
-}
-
-func (conn *Conn) exportMethodTable(methods map[string]interface{}, path ObjectPath, iface string, includeSubtree bool) error {
-	out := make(map[string]reflect.Value)
-	for name, method := range methods {
-		rval := reflect.ValueOf(method)
-		if rval.Kind() != reflect.Func {
-			continue
-		}
-		t := rval.Type()
-		// only track valid methods must return *Error as last arg
-		if t.NumOut() == 0 ||
-			t.Out(t.NumOut()-1) != reflect.TypeOf(&errmsgInvalidArg) {
-			continue
-		}
-		out[name] = rval
-	}
-	return conn.export(out, path, iface, includeSubtree)
-}
-
-// exportWithMap is the worker function for all exports/registrations.
-func (conn *Conn) export(methods map[string]reflect.Value, path ObjectPath, iface string, includeSubtree bool) error {
-	if !path.IsValid() {
-		return fmt.Errorf(`dbus: Invalid path name: "%s"`, path)
-	}
-
-	conn.handlersLck.Lock()
-	defer conn.handlersLck.Unlock()
-
-	// Remove a previous export if the interface is nil
-	if methods == nil {
-		if _, ok := conn.handlers[path]; ok {
-			delete(conn.handlers[path], iface)
-			if len(conn.handlers[path]) == 0 {
-				delete(conn.handlers, path)
-			}
-		}
-
-		return nil
-	}
-
-	// If this is the first handler for this path, make a new map to hold all
-	// handlers for this path.
-	if _, ok := conn.handlers[path]; !ok {
-		conn.handlers[path] = make(map[string]exportedObj)
-	}
-
-	// Finally, save this handler
-	conn.handlers[path][iface] = exportedObj{
-		methods:        methods,
-		includeSubtree: includeSubtree,
-	}
-
-	return nil
-}
-
-// ReleaseName calls org.freedesktop.DBus.ReleaseName and awaits a response.
-func (conn *Conn) ReleaseName(name string) (ReleaseNameReply, error) {
-	var r uint32
-	err := conn.busObj.Call("org.freedesktop.DBus.ReleaseName", 0, name).Store(&r)
-	if err != nil {
-		return 0, err
-	}
-	return ReleaseNameReply(r), nil
-}
-
-// RequestName calls org.freedesktop.DBus.RequestName and awaits a response.
-func (conn *Conn) RequestName(name string, flags RequestNameFlags) (RequestNameReply, error) {
-	var r uint32
-	err := conn.busObj.Call("org.freedesktop.DBus.RequestName", 0, name, flags).Store(&r)
-	if err != nil {
-		return 0, err
-	}
-	return RequestNameReply(r), nil
-}
-
-// ReleaseNameReply is the reply to a ReleaseName call.
-type ReleaseNameReply uint32
-
-const (
-	ReleaseNameReplyReleased ReleaseNameReply = 1 + iota
-	ReleaseNameReplyNonExistent
-	ReleaseNameReplyNotOwner
-)
-
-// RequestNameFlags represents the possible flags for a RequestName call.
-type RequestNameFlags uint32
-
-const (
-	NameFlagAllowReplacement RequestNameFlags = 1 << iota
-	NameFlagReplaceExisting
-	NameFlagDoNotQueue
-)
-
-// RequestNameReply is the reply to a RequestName call.
-type RequestNameReply uint32
-
-const (
-	RequestNameReplyPrimaryOwner RequestNameReply = 1 + iota
-	RequestNameReplyInQueue
-	RequestNameReplyExists
-	RequestNameReplyAlreadyOwner
-)
diff --git a/vendor/github.com/godbus/dbus/object.go b/vendor/github.com/godbus/dbus/object.go
deleted file mode 100644
index 9573b7095ab99..0000000000000
--- a/vendor/github.com/godbus/dbus/object.go
+++ /dev/null
@@ -1,136 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"strings"
-)
-
-// BusObject is the interface of a remote object on which methods can be
-// invoked.
-type BusObject interface {
-	Call(method string, flags Flags, args ...interface{}) *Call
-	Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call
-	GetProperty(p string) (Variant, error)
-	Destination() string
-	Path() ObjectPath
-}
-
-// Object represents a remote object on which methods can be invoked.
-type Object struct {
-	conn *Conn
-	dest string
-	path ObjectPath
-}
-
-// Call calls a method with (*Object).Go and waits for its reply.
-func (o *Object) Call(method string, flags Flags, args ...interface{}) *Call {
-	return <-o.Go(method, flags, make(chan *Call, 1), args...).Done
-}
-
-// AddMatchSignal subscribes BusObject to signals from specified interface and
-// method (member).
-func (o *Object) AddMatchSignal(iface, member string) *Call {
-	return o.Call(
-		"org.freedesktop.DBus.AddMatch",
-		0,
-		"type='signal',interface='"+iface+"',member='"+member+"'",
-	)
-}
-
-// Go calls a method with the given arguments asynchronously. It returns a
-// Call structure representing this method call. The passed channel will
-// return the same value once the call is done. If ch is nil, a new channel
-// will be allocated. Otherwise, ch has to be buffered or Go will panic.
-//
-// If the flags include FlagNoReplyExpected, ch is ignored and a Call structure
-// is returned of which only the Err member is valid.
-//
-// If the method parameter contains a dot ('.'), the part before the last dot
-// specifies the interface on which the method is called.
-func (o *Object) Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call {
-	iface := ""
-	i := strings.LastIndex(method, ".")
-	if i != -1 {
-		iface = method[:i]
-	}
-	method = method[i+1:]
-	msg := new(Message)
-	msg.Type = TypeMethodCall
-	msg.serial = o.conn.getSerial()
-	msg.Flags = flags & (FlagNoAutoStart | FlagNoReplyExpected)
-	msg.Headers = make(map[HeaderField]Variant)
-	msg.Headers[FieldPath] = MakeVariant(o.path)
-	msg.Headers[FieldDestination] = MakeVariant(o.dest)
-	msg.Headers[FieldMember] = MakeVariant(method)
-	if iface != "" {
-		msg.Headers[FieldInterface] = MakeVariant(iface)
-	}
-	msg.Body = args
-	if len(args) > 0 {
-		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(args...))
-	}
-	if msg.Flags&FlagNoReplyExpected == 0 {
-		if ch == nil {
-			ch = make(chan *Call, 10)
-		} else if cap(ch) == 0 {
-			panic("dbus: unbuffered channel passed to (*Object).Go")
-		}
-		call := &Call{
-			Destination: o.dest,
-			Path:        o.path,
-			Method:      method,
-			Args:        args,
-			Done:        ch,
-		}
-		o.conn.callsLck.Lock()
-		o.conn.calls[msg.serial] = call
-		o.conn.callsLck.Unlock()
-		o.conn.outLck.RLock()
-		if o.conn.closed {
-			call.Err = ErrClosed
-			call.Done <- call
-		} else {
-			o.conn.out <- msg
-		}
-		o.conn.outLck.RUnlock()
-		return call
-	}
-	o.conn.outLck.RLock()
-	defer o.conn.outLck.RUnlock()
-	if o.conn.closed {
-		return &Call{Err: ErrClosed}
-	}
-	o.conn.out <- msg
-	return &Call{Err: nil}
-}
-
-// GetProperty calls org.freedesktop.DBus.Properties.GetProperty on the given
-// object. The property name must be given in interface.member notation.
-func (o *Object) GetProperty(p string) (Variant, error) {
-	idx := strings.LastIndex(p, ".")
-	if idx == -1 || idx+1 == len(p) {
-		return Variant{}, errors.New("dbus: invalid property " + p)
-	}
-
-	iface := p[:idx]
-	prop := p[idx+1:]
-
-	result := Variant{}
-	err := o.Call("org.freedesktop.DBus.Properties.Get", 0, iface, prop).Store(&result)
-
-	if err != nil {
-		return Variant{}, err
-	}
-
-	return result, nil
-}
-
-// Destination returns the destination that calls on o are sent to.
-func (o *Object) Destination() string {
-	return o.dest
-}
-
-// Path returns the path that calls on o are sent to.
-func (o *Object) Path() ObjectPath {
-	return o.path
-}
diff --git a/vendor/github.com/godbus/dbus/transport_generic.go b/vendor/github.com/godbus/dbus/transport_generic.go
deleted file mode 100644
index 46f8f49d699b7..0000000000000
--- a/vendor/github.com/godbus/dbus/transport_generic.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package dbus
-
-import (
-	"encoding/binary"
-	"errors"
-	"io"
-)
-
-type genericTransport struct {
-	io.ReadWriteCloser
-}
-
-func (t genericTransport) SendNullByte() error {
-	_, err := t.Write([]byte{0})
-	return err
-}
-
-func (t genericTransport) SupportsUnixFDs() bool {
-	return false
-}
-
-func (t genericTransport) EnableUnixFDs() {}
-
-func (t genericTransport) ReadMessage() (*Message, error) {
-	return DecodeMessage(t)
-}
-
-func (t genericTransport) SendMessage(msg *Message) error {
-	for _, v := range msg.Body {
-		if _, ok := v.(UnixFD); ok {
-			return errors.New("dbus: unix fd passing not enabled")
-		}
-	}
-	return msg.EncodeTo(t, binary.LittleEndian)
-}
diff --git a/vendor/github.com/godbus/dbus/LICENSE b/vendor/github.com/godbus/dbus/v5/LICENSE
similarity index 100%
rename from vendor/github.com/godbus/dbus/LICENSE
rename to vendor/github.com/godbus/dbus/v5/LICENSE
diff --git a/vendor/github.com/godbus/dbus/v5/README.markdown b/vendor/github.com/godbus/dbus/v5/README.markdown
new file mode 100644
index 0000000000000..1fb2eacaa15a7
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/README.markdown
@@ -0,0 +1,46 @@
+![Build Status](https://github.com/godbus/dbus/workflows/Go/badge.svg)
+
+dbus
+----
+
+dbus is a simple library that implements native Go client bindings for the
+D-Bus message bus system.
+
+### Features
+
+* Complete native implementation of the D-Bus message protocol
+* Go-like API (channels for signals / asynchronous method calls, Goroutine-safe connections)
+* Subpackages that help with the introspection / property interfaces
+
+### Installation
+
+This packages requires Go 1.7. If you installed it and set up your GOPATH, just run:
+
+```
+go get github.com/godbus/dbus
+```
+
+If you want to use the subpackages, you can install them the same way.
+
+### Usage
+
+The complete package documentation and some simple examples are available at
+[godoc.org](http://godoc.org/github.com/godbus/dbus). Also, the
+[_examples](https://github.com/godbus/dbus/tree/master/_examples) directory
+gives a short overview over the basic usage. 
+
+#### Projects using godbus
+- [notify](https://github.com/esiqveland/notify) provides desktop notifications over dbus into a library.
+- [go-bluetooth](https://github.com/muka/go-bluetooth) provides a bluetooth client over bluez dbus API.
+- [playerbm](https://github.com/altdesktop/playerbm) a bookmark utility for media players.
+- [iwd](https://github.com/shibumi/iwd) go bindings for the internet wireless daemon "iwd".
+
+Please note that the API is considered unstable for now and may change without
+further notice.
+
+### License
+
+go.dbus is available under the Simplified BSD License; see LICENSE for the full
+text.
+
+Nearly all of the credit for this library goes to github.com/guelfey/go.dbus.
diff --git a/vendor/github.com/godbus/dbus/v5/auth.go b/vendor/github.com/godbus/dbus/v5/auth.go
new file mode 100644
index 0000000000000..283487a0e3138
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/auth.go
@@ -0,0 +1,252 @@
+package dbus
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"io"
+	"os"
+	"strconv"
+)
+
+// AuthStatus represents the Status of an authentication mechanism.
+type AuthStatus byte
+
+const (
+	// AuthOk signals that authentication is finished; the next command
+	// from the server should be an OK.
+	AuthOk AuthStatus = iota
+
+	// AuthContinue signals that additional data is needed; the next command
+	// from the server should be a DATA.
+	AuthContinue
+
+	// AuthError signals an error; the server sent invalid data or some
+	// other unexpected thing happened and the current authentication
+	// process should be aborted.
+	AuthError
+)
+
+type authState byte
+
+const (
+	waitingForData authState = iota
+	waitingForOk
+	waitingForReject
+)
+
+// Auth defines the behaviour of an authentication mechanism.
+type Auth interface {
+	// Return the name of the mechanism, the argument to the first AUTH command
+	// and the next status.
+	FirstData() (name, resp []byte, status AuthStatus)
+
+	// Process the given DATA command, and return the argument to the DATA
+	// command and the next status. If len(resp) == 0, no DATA command is sent.
+	HandleData(data []byte) (resp []byte, status AuthStatus)
+}
+
+// Auth authenticates the connection, trying the given list of authentication
+// mechanisms (in that order). If nil is passed, the EXTERNAL and
+// DBUS_COOKIE_SHA1 mechanisms are tried for the current user. For private
+// connections, this method must be called before sending any messages to the
+// bus. Auth must not be called on shared connections.
+func (conn *Conn) Auth(methods []Auth) error {
+	if methods == nil {
+		uid := strconv.Itoa(os.Getuid())
+		methods = []Auth{AuthExternal(uid), AuthCookieSha1(uid, getHomeDir())}
+	}
+	in := bufio.NewReader(conn.transport)
+	err := conn.transport.SendNullByte()
+	if err != nil {
+		return err
+	}
+	err = authWriteLine(conn.transport, []byte("AUTH"))
+	if err != nil {
+		return err
+	}
+	s, err := authReadLine(in)
+	if err != nil {
+		return err
+	}
+	if len(s) < 2 || !bytes.Equal(s[0], []byte("REJECTED")) {
+		return errors.New("dbus: authentication protocol error")
+	}
+	s = s[1:]
+	for _, v := range s {
+		for _, m := range methods {
+			if name, data, status := m.FirstData(); bytes.Equal(v, name) {
+				var ok bool
+				err = authWriteLine(conn.transport, []byte("AUTH"), v, data)
+				if err != nil {
+					return err
+				}
+				switch status {
+				case AuthOk:
+					err, ok = conn.tryAuth(m, waitingForOk, in)
+				case AuthContinue:
+					err, ok = conn.tryAuth(m, waitingForData, in)
+				default:
+					panic("dbus: invalid authentication status")
+				}
+				if err != nil {
+					return err
+				}
+				if ok {
+					if conn.transport.SupportsUnixFDs() {
+						err = authWriteLine(conn, []byte("NEGOTIATE_UNIX_FD"))
+						if err != nil {
+							return err
+						}
+						line, err := authReadLine(in)
+						if err != nil {
+							return err
+						}
+						switch {
+						case bytes.Equal(line[0], []byte("AGREE_UNIX_FD")):
+							conn.EnableUnixFDs()
+							conn.unixFD = true
+						case bytes.Equal(line[0], []byte("ERROR")):
+						default:
+							return errors.New("dbus: authentication protocol error")
+						}
+					}
+					err = authWriteLine(conn.transport, []byte("BEGIN"))
+					if err != nil {
+						return err
+					}
+					go conn.inWorker()
+					return nil
+				}
+			}
+		}
+	}
+	return errors.New("dbus: authentication failed")
+}
+
+// tryAuth tries to authenticate with m as the mechanism, using state as the
+// initial authState and in for reading input. It returns (nil, true) on
+// success, (nil, false) on a REJECTED and (someErr, false) if some other
+// error occurred.
+func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, bool) {
+	for {
+		s, err := authReadLine(in)
+		if err != nil {
+			return err, false
+		}
+		switch {
+		case state == waitingForData && string(s[0]) == "DATA":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("ERROR"))
+				if err != nil {
+					return err, false
+				}
+				continue
+			}
+			data, status := m.HandleData(s[1])
+			switch status {
+			case AuthOk, AuthContinue:
+				if len(data) != 0 {
+					err = authWriteLine(conn.transport, []byte("DATA"), data)
+					if err != nil {
+						return err, false
+					}
+				}
+				if status == AuthOk {
+					state = waitingForOk
+				}
+			case AuthError:
+				err = authWriteLine(conn.transport, []byte("ERROR"))
+				if err != nil {
+					return err, false
+				}
+			}
+		case state == waitingForData && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForData && string(s[0]) == "ERROR":
+			err = authWriteLine(conn.transport, []byte("CANCEL"))
+			if err != nil {
+				return err, false
+			}
+			state = waitingForReject
+		case state == waitingForData && string(s[0]) == "OK":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("CANCEL"))
+				if err != nil {
+					return err, false
+				}
+				state = waitingForReject
+			}
+			conn.uuid = string(s[1])
+			return nil, true
+		case state == waitingForData:
+			err = authWriteLine(conn.transport, []byte("ERROR"))
+			if err != nil {
+				return err, false
+			}
+		case state == waitingForOk && string(s[0]) == "OK":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("CANCEL"))
+				if err != nil {
+					return err, false
+				}
+				state = waitingForReject
+			}
+			conn.uuid = string(s[1])
+			return nil, true
+		case state == waitingForOk && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForOk && (string(s[0]) == "DATA" ||
+			string(s[0]) == "ERROR"):
+
+			err = authWriteLine(conn.transport, []byte("CANCEL"))
+			if err != nil {
+				return err, false
+			}
+			state = waitingForReject
+		case state == waitingForOk:
+			err = authWriteLine(conn.transport, []byte("ERROR"))
+			if err != nil {
+				return err, false
+			}
+		case state == waitingForReject && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForReject:
+			return errors.New("dbus: authentication protocol error"), false
+		default:
+			panic("dbus: invalid auth state")
+		}
+	}
+}
+
+// authReadLine reads a line and separates it into its fields.
+func authReadLine(in *bufio.Reader) ([][]byte, error) {
+	data, err := in.ReadBytes('\n')
+	if err != nil {
+		return nil, err
+	}
+	data = bytes.TrimSuffix(data, []byte("\r\n"))
+	return bytes.Split(data, []byte{' '}), nil
+}
+
+// authWriteLine writes the given line in the authentication protocol format
+// (elements of data separated by a " " and terminated by "\r\n").
+func authWriteLine(out io.Writer, data ...[]byte) error {
+	buf := make([]byte, 0)
+	for i, v := range data {
+		buf = append(buf, v...)
+		if i != len(data)-1 {
+			buf = append(buf, ' ')
+		}
+	}
+	buf = append(buf, '\r')
+	buf = append(buf, '\n')
+	n, err := out.Write(buf)
+	if err != nil {
+		return err
+	}
+	if n != len(buf) {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
diff --git a/vendor/github.com/godbus/dbus/v5/auth_anonymous.go b/vendor/github.com/godbus/dbus/v5/auth_anonymous.go
new file mode 100644
index 0000000000000..75f3ad34d7aa5
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/auth_anonymous.go
@@ -0,0 +1,16 @@
+package dbus
+
+// AuthAnonymous returns an Auth that uses the ANONYMOUS mechanism.
+func AuthAnonymous() Auth {
+	return &authAnonymous{}
+}
+
+type authAnonymous struct{}
+
+func (a *authAnonymous) FirstData() (name, resp []byte, status AuthStatus) {
+	return []byte("ANONYMOUS"), nil, AuthOk
+}
+
+func (a *authAnonymous) HandleData(data []byte) (resp []byte, status AuthStatus) {
+	return nil, AuthError
+}
diff --git a/vendor/github.com/godbus/dbus/auth_external.go b/vendor/github.com/godbus/dbus/v5/auth_external.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/auth_external.go
rename to vendor/github.com/godbus/dbus/v5/auth_external.go
diff --git a/vendor/github.com/godbus/dbus/auth_sha1.go b/vendor/github.com/godbus/dbus/v5/auth_sha1.go
similarity index 96%
rename from vendor/github.com/godbus/dbus/auth_sha1.go
rename to vendor/github.com/godbus/dbus/v5/auth_sha1.go
index df15b46119895..80286700b6d1d 100644
--- a/vendor/github.com/godbus/dbus/auth_sha1.go
+++ b/vendor/github.com/godbus/dbus/v5/auth_sha1.go
@@ -60,7 +60,7 @@ func (a authCookieSha1) HandleData(data []byte) ([]byte, AuthStatus) {
 
 // getCookie searches for the cookie identified by id in context and returns
 // the cookie content or nil. (Since HandleData can't return a specific error,
-// but only whether an error occured, this function also doesn't bother to
+// but only whether an error occurred, this function also doesn't bother to
 // return an error.)
 func (a authCookieSha1) getCookie(context, id []byte) []byte {
 	file, err := os.Open(a.home + "/.dbus-keyrings/" + string(context))
diff --git a/vendor/github.com/godbus/dbus/v5/call.go b/vendor/github.com/godbus/dbus/v5/call.go
new file mode 100644
index 0000000000000..b06b063580fc5
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/call.go
@@ -0,0 +1,69 @@
+package dbus
+
+import (
+	"context"
+	"errors"
+)
+
+var errSignature = errors.New("dbus: mismatched signature")
+
+// Call represents a pending or completed method call.
+type Call struct {
+	Destination string
+	Path        ObjectPath
+	Method      string
+	Args        []interface{}
+
+	// Strobes when the call is complete.
+	Done chan *Call
+
+	// After completion, the error status. If this is non-nil, it may be an
+	// error message from the peer (with Error as its type) or some other error.
+	Err error
+
+	// Holds the response once the call is done.
+	Body []interface{}
+
+	// ResponseSequence stores the sequence number of the DBus message containing
+	// the call response (or error). This can be compared to the sequence number
+	// of other call responses and signals on this connection to determine their
+	// relative ordering on the underlying DBus connection.
+	// For errors, ResponseSequence is populated only if the error came from a
+	// DBusMessage that was received or if there was an error receiving. In case of
+	// failure to make the call, ResponseSequence will be NoSequence.
+	ResponseSequence Sequence
+
+	// tracks context and canceler
+	ctx         context.Context
+	ctxCanceler context.CancelFunc
+}
+
+func (c *Call) Context() context.Context {
+	if c.ctx == nil {
+		return context.Background()
+	}
+
+	return c.ctx
+}
+
+func (c *Call) ContextCancel() {
+	if c.ctxCanceler != nil {
+		c.ctxCanceler()
+	}
+}
+
+// Store stores the body of the reply into the provided pointers. It returns
+// an error if the signatures of the body and retvalues don't match, or if
+// the error status is not nil.
+func (c *Call) Store(retvalues ...interface{}) error {
+	if c.Err != nil {
+		return c.Err
+	}
+
+	return Store(c.Body, retvalues...)
+}
+
+func (c *Call) done() {
+	c.Done <- c
+	c.ContextCancel()
+}
diff --git a/vendor/github.com/godbus/dbus/v5/conn.go b/vendor/github.com/godbus/dbus/v5/conn.go
new file mode 100644
index 0000000000000..29fe018ad823b
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/conn.go
@@ -0,0 +1,959 @@
+package dbus
+
+import (
+	"context"
+	"errors"
+	"io"
+	"os"
+	"strings"
+	"sync"
+)
+
+var (
+	systemBus     *Conn
+	systemBusLck  sync.Mutex
+	sessionBus    *Conn
+	sessionBusLck sync.Mutex
+)
+
+// ErrClosed is the error returned by calls on a closed connection.
+var ErrClosed = errors.New("dbus: connection closed by user")
+
+// Conn represents a connection to a message bus (usually, the system or
+// session bus).
+//
+// Connections are either shared or private. Shared connections
+// are shared between calls to the functions that return them. As a result,
+// the methods Close, Auth and Hello must not be called on them.
+//
+// Multiple goroutines may invoke methods on a connection simultaneously.
+type Conn struct {
+	transport
+
+	ctx       context.Context
+	cancelCtx context.CancelFunc
+
+	closeOnce sync.Once
+	closeErr  error
+
+	busObj BusObject
+	unixFD bool
+	uuid   string
+
+	handler       Handler
+	signalHandler SignalHandler
+	serialGen     SerialGenerator
+	inInt         Interceptor
+	outInt        Interceptor
+	auth          []Auth
+
+	names      *nameTracker
+	calls      *callTracker
+	outHandler *outputHandler
+
+	eavesdropped    chan<- *Message
+	eavesdroppedLck sync.Mutex
+}
+
+// SessionBus returns a shared connection to the session bus, connecting to it
+// if not already done.
+func SessionBus() (conn *Conn, err error) {
+	sessionBusLck.Lock()
+	defer sessionBusLck.Unlock()
+	if sessionBus != nil &&
+		sessionBus.Connected() {
+		return sessionBus, nil
+	}
+	defer func() {
+		if conn != nil {
+			sessionBus = conn
+		}
+	}()
+	conn, err = ConnectSessionBus()
+	return
+}
+
+func getSessionBusAddress() (string, error) {
+	if address := os.Getenv("DBUS_SESSION_BUS_ADDRESS"); address != "" && address != "autolaunch:" {
+		return address, nil
+
+	} else if address := tryDiscoverDbusSessionBusAddress(); address != "" {
+		os.Setenv("DBUS_SESSION_BUS_ADDRESS", address)
+		return address, nil
+	}
+	return getSessionBusPlatformAddress()
+}
+
+// SessionBusPrivate returns a new private connection to the session bus.
+func SessionBusPrivate(opts ...ConnOption) (*Conn, error) {
+	address, err := getSessionBusAddress()
+	if err != nil {
+		return nil, err
+	}
+
+	return Dial(address, opts...)
+}
+
+// SessionBusPrivate returns a new private connection to the session bus.
+//
+// Deprecated: use SessionBusPrivate with options instead.
+func SessionBusPrivateHandler(handler Handler, signalHandler SignalHandler) (*Conn, error) {
+	return SessionBusPrivate(WithHandler(handler), WithSignalHandler(signalHandler))
+}
+
+// SystemBus returns a shared connection to the system bus, connecting to it if
+// not already done.
+func SystemBus() (conn *Conn, err error) {
+	systemBusLck.Lock()
+	defer systemBusLck.Unlock()
+	if systemBus != nil &&
+		systemBus.Connected() {
+		return systemBus, nil
+	}
+	defer func() {
+		if conn != nil {
+			systemBus = conn
+		}
+	}()
+	conn, err = ConnectSystemBus()
+	return
+}
+
+// ConnectSessionBus connects to the session bus.
+func ConnectSessionBus(opts ...ConnOption) (*Conn, error) {
+	address, err := getSessionBusAddress()
+	if err != nil {
+		return nil, err
+	}
+	return Connect(address, opts...)
+}
+
+// ConnectSystemBus connects to the system bus.
+func ConnectSystemBus(opts ...ConnOption) (*Conn, error) {
+	return Connect(getSystemBusPlatformAddress(), opts...)
+}
+
+// Connect connects to the given address.
+//
+// Returned connection is ready to use and doesn't require calling
+// Auth and Hello methods to make it usable.
+func Connect(address string, opts ...ConnOption) (*Conn, error) {
+	conn, err := Dial(address, opts...)
+	if err != nil {
+		return nil, err
+	}
+	if err = conn.Auth(conn.auth); err != nil {
+		_ = conn.Close()
+		return nil, err
+	}
+	if err = conn.Hello(); err != nil {
+		_ = conn.Close()
+		return nil, err
+	}
+	return conn, nil
+}
+
+// SystemBusPrivate returns a new private connection to the system bus.
+// Note: this connection is not ready to use. One must perform Auth and Hello
+// on the connection before it is useable.
+func SystemBusPrivate(opts ...ConnOption) (*Conn, error) {
+	return Dial(getSystemBusPlatformAddress(), opts...)
+}
+
+// SystemBusPrivateHandler returns a new private connection to the system bus, using the provided handlers.
+//
+// Deprecated: use SystemBusPrivate with options instead.
+func SystemBusPrivateHandler(handler Handler, signalHandler SignalHandler) (*Conn, error) {
+	return SystemBusPrivate(WithHandler(handler), WithSignalHandler(signalHandler))
+}
+
+// Dial establishes a new private connection to the message bus specified by address.
+func Dial(address string, opts ...ConnOption) (*Conn, error) {
+	tr, err := getTransport(address)
+	if err != nil {
+		return nil, err
+	}
+	return newConn(tr, opts...)
+}
+
+// DialHandler establishes a new private connection to the message bus specified by address, using the supplied handlers.
+//
+// Deprecated: use Dial with options instead.
+func DialHandler(address string, handler Handler, signalHandler SignalHandler) (*Conn, error) {
+	return Dial(address, WithSignalHandler(signalHandler))
+}
+
+// ConnOption is a connection option.
+type ConnOption func(conn *Conn) error
+
+// WithHandler overrides the default handler.
+func WithHandler(handler Handler) ConnOption {
+	return func(conn *Conn) error {
+		conn.handler = handler
+		return nil
+	}
+}
+
+// WithSignalHandler overrides the default signal handler.
+func WithSignalHandler(handler SignalHandler) ConnOption {
+	return func(conn *Conn) error {
+		conn.signalHandler = handler
+		return nil
+	}
+}
+
+// WithSerialGenerator overrides the default signals generator.
+func WithSerialGenerator(gen SerialGenerator) ConnOption {
+	return func(conn *Conn) error {
+		conn.serialGen = gen
+		return nil
+	}
+}
+
+// WithAuth sets authentication methods for the auth conversation.
+func WithAuth(methods ...Auth) ConnOption {
+	return func(conn *Conn) error {
+		conn.auth = methods
+		return nil
+	}
+}
+
+// Interceptor intercepts incoming and outgoing messages.
+type Interceptor func(msg *Message)
+
+// WithIncomingInterceptor sets the given interceptor for incoming messages.
+func WithIncomingInterceptor(interceptor Interceptor) ConnOption {
+	return func(conn *Conn) error {
+		conn.inInt = interceptor
+		return nil
+	}
+}
+
+// WithOutgoingInterceptor sets the given interceptor for outgoing messages.
+func WithOutgoingInterceptor(interceptor Interceptor) ConnOption {
+	return func(conn *Conn) error {
+		conn.outInt = interceptor
+		return nil
+	}
+}
+
+// WithContext overrides  the default context for the connection.
+func WithContext(ctx context.Context) ConnOption {
+	return func(conn *Conn) error {
+		conn.ctx = ctx
+		return nil
+	}
+}
+
+// NewConn creates a new private *Conn from an already established connection.
+func NewConn(conn io.ReadWriteCloser, opts ...ConnOption) (*Conn, error) {
+	return newConn(genericTransport{conn}, opts...)
+}
+
+// NewConnHandler creates a new private *Conn from an already established connection, using the supplied handlers.
+//
+// Deprecated: use NewConn with options instead.
+func NewConnHandler(conn io.ReadWriteCloser, handler Handler, signalHandler SignalHandler) (*Conn, error) {
+	return NewConn(genericTransport{conn}, WithHandler(handler), WithSignalHandler(signalHandler))
+}
+
+// newConn creates a new *Conn from a transport.
+func newConn(tr transport, opts ...ConnOption) (*Conn, error) {
+	conn := new(Conn)
+	conn.transport = tr
+	for _, opt := range opts {
+		if err := opt(conn); err != nil {
+			return nil, err
+		}
+	}
+	if conn.ctx == nil {
+		conn.ctx = context.Background()
+	}
+	conn.ctx, conn.cancelCtx = context.WithCancel(conn.ctx)
+	go func() {
+		<-conn.ctx.Done()
+		conn.Close()
+	}()
+
+	conn.calls = newCallTracker()
+	if conn.handler == nil {
+		conn.handler = NewDefaultHandler()
+	}
+	if conn.signalHandler == nil {
+		conn.signalHandler = NewDefaultSignalHandler()
+	}
+	if conn.serialGen == nil {
+		conn.serialGen = newSerialGenerator()
+	}
+	conn.outHandler = &outputHandler{conn: conn}
+	conn.names = newNameTracker()
+	conn.busObj = conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus")
+	return conn, nil
+}
+
+// BusObject returns the object owned by the bus daemon which handles
+// administrative requests.
+func (conn *Conn) BusObject() BusObject {
+	return conn.busObj
+}
+
+// Close closes the connection. Any blocked operations will return with errors
+// and the channels passed to Eavesdrop and Signal are closed. This method must
+// not be called on shared connections.
+func (conn *Conn) Close() error {
+	conn.closeOnce.Do(func() {
+		conn.outHandler.close()
+		if term, ok := conn.signalHandler.(Terminator); ok {
+			term.Terminate()
+		}
+
+		if term, ok := conn.handler.(Terminator); ok {
+			term.Terminate()
+		}
+
+		conn.eavesdroppedLck.Lock()
+		if conn.eavesdropped != nil {
+			close(conn.eavesdropped)
+		}
+		conn.eavesdroppedLck.Unlock()
+
+		conn.cancelCtx()
+
+		conn.closeErr = conn.transport.Close()
+	})
+	return conn.closeErr
+}
+
+// Context returns the context associated with the connection.  The
+// context will be cancelled when the connection is closed.
+func (conn *Conn) Context() context.Context {
+	return conn.ctx
+}
+
+// Connected returns whether conn is connected
+func (conn *Conn) Connected() bool {
+	return conn.ctx.Err() == nil
+}
+
+// Eavesdrop causes conn to send all incoming messages to the given channel
+// without further processing. Method replies, errors and signals will not be
+// sent to the appropriate channels and method calls will not be handled. If nil
+// is passed, the normal behaviour is restored.
+//
+// The caller has to make sure that ch is sufficiently buffered;
+// if a message arrives when a write to ch is not possible, the message is
+// discarded.
+func (conn *Conn) Eavesdrop(ch chan<- *Message) {
+	conn.eavesdroppedLck.Lock()
+	conn.eavesdropped = ch
+	conn.eavesdroppedLck.Unlock()
+}
+
+// getSerial returns an unused serial.
+func (conn *Conn) getSerial() uint32 {
+	return conn.serialGen.GetSerial()
+}
+
+// Hello sends the initial org.freedesktop.DBus.Hello call. This method must be
+// called after authentication, but before sending any other messages to the
+// bus. Hello must not be called for shared connections.
+func (conn *Conn) Hello() error {
+	var s string
+	err := conn.busObj.Call("org.freedesktop.DBus.Hello", 0).Store(&s)
+	if err != nil {
+		return err
+	}
+	conn.names.acquireUniqueConnectionName(s)
+	return nil
+}
+
+// inWorker runs in an own goroutine, reading incoming messages from the
+// transport and dispatching them appropriately.
+func (conn *Conn) inWorker() {
+	sequenceGen := newSequenceGenerator()
+	for {
+		msg, err := conn.ReadMessage()
+		if err != nil {
+			if _, ok := err.(InvalidMessageError); !ok {
+				// Some read error occurred (usually EOF); we can't really do
+				// anything but to shut down all stuff and returns errors to all
+				// pending replies.
+				conn.Close()
+				conn.calls.finalizeAllWithError(sequenceGen, err)
+				return
+			}
+			// invalid messages are ignored
+			continue
+		}
+		conn.eavesdroppedLck.Lock()
+		if conn.eavesdropped != nil {
+			select {
+			case conn.eavesdropped <- msg:
+			default:
+			}
+			conn.eavesdroppedLck.Unlock()
+			continue
+		}
+		conn.eavesdroppedLck.Unlock()
+		dest, _ := msg.Headers[FieldDestination].value.(string)
+		found := dest == "" ||
+			!conn.names.uniqueNameIsKnown() ||
+			conn.names.isKnownName(dest)
+		if !found {
+			// Eavesdropped a message, but no channel for it is registered.
+			// Ignore it.
+			continue
+		}
+
+		if conn.inInt != nil {
+			conn.inInt(msg)
+		}
+		sequence := sequenceGen.next()
+		switch msg.Type {
+		case TypeError:
+			conn.serialGen.RetireSerial(conn.calls.handleDBusError(sequence, msg))
+		case TypeMethodReply:
+			conn.serialGen.RetireSerial(conn.calls.handleReply(sequence, msg))
+		case TypeSignal:
+			conn.handleSignal(sequence, msg)
+		case TypeMethodCall:
+			go conn.handleCall(msg)
+		}
+
+	}
+}
+
+func (conn *Conn) handleSignal(sequence Sequence, msg *Message) {
+	iface := msg.Headers[FieldInterface].value.(string)
+	member := msg.Headers[FieldMember].value.(string)
+	// as per http://dbus.freedesktop.org/doc/dbus-specification.html ,
+	// sender is optional for signals.
+	sender, _ := msg.Headers[FieldSender].value.(string)
+	if iface == "org.freedesktop.DBus" && sender == "org.freedesktop.DBus" {
+		if member == "NameLost" {
+			// If we lost the name on the bus, remove it from our
+			// tracking list.
+			name, ok := msg.Body[0].(string)
+			if !ok {
+				panic("Unable to read the lost name")
+			}
+			conn.names.loseName(name)
+		} else if member == "NameAcquired" {
+			// If we acquired the name on the bus, add it to our
+			// tracking list.
+			name, ok := msg.Body[0].(string)
+			if !ok {
+				panic("Unable to read the acquired name")
+			}
+			conn.names.acquireName(name)
+		}
+	}
+	signal := &Signal{
+		Sender:   sender,
+		Path:     msg.Headers[FieldPath].value.(ObjectPath),
+		Name:     iface + "." + member,
+		Body:     msg.Body,
+		Sequence: sequence,
+	}
+	conn.signalHandler.DeliverSignal(iface, member, signal)
+}
+
+// Names returns the list of all names that are currently owned by this
+// connection. The slice is always at least one element long, the first element
+// being the unique name of the connection.
+func (conn *Conn) Names() []string {
+	return conn.names.listKnownNames()
+}
+
+// Object returns the object identified by the given destination name and path.
+func (conn *Conn) Object(dest string, path ObjectPath) BusObject {
+	return &Object{conn, dest, path}
+}
+
+func (conn *Conn) sendMessageAndIfClosed(msg *Message, ifClosed func()) {
+	if msg.serial == 0 {
+		msg.serial = conn.getSerial()
+	}
+	if conn.outInt != nil {
+		conn.outInt(msg)
+	}
+	err := conn.outHandler.sendAndIfClosed(msg, ifClosed)
+	conn.calls.handleSendError(msg, err)
+	if err != nil {
+		conn.serialGen.RetireSerial(msg.serial)
+	} else if msg.Type != TypeMethodCall {
+		conn.serialGen.RetireSerial(msg.serial)
+	}
+}
+
+// Send sends the given message to the message bus. You usually don't need to
+// use this; use the higher-level equivalents (Call / Go, Emit and Export)
+// instead. If msg is a method call and NoReplyExpected is not set, a non-nil
+// call is returned and the same value is sent to ch (which must be buffered)
+// once the call is complete. Otherwise, ch is ignored and a Call structure is
+// returned of which only the Err member is valid.
+func (conn *Conn) Send(msg *Message, ch chan *Call) *Call {
+	return conn.send(context.Background(), msg, ch)
+}
+
+// SendWithContext acts like Send but takes a context
+func (conn *Conn) SendWithContext(ctx context.Context, msg *Message, ch chan *Call) *Call {
+	return conn.send(ctx, msg, ch)
+}
+
+func (conn *Conn) send(ctx context.Context, msg *Message, ch chan *Call) *Call {
+	if ctx == nil {
+		panic("nil context")
+	}
+	if ch == nil {
+		ch = make(chan *Call, 1)
+	} else if cap(ch) == 0 {
+		panic("dbus: unbuffered channel passed to (*Conn).Send")
+	}
+
+	var call *Call
+	ctx, canceler := context.WithCancel(ctx)
+	msg.serial = conn.getSerial()
+	if msg.Type == TypeMethodCall && msg.Flags&FlagNoReplyExpected == 0 {
+		call = new(Call)
+		call.Destination, _ = msg.Headers[FieldDestination].value.(string)
+		call.Path, _ = msg.Headers[FieldPath].value.(ObjectPath)
+		iface, _ := msg.Headers[FieldInterface].value.(string)
+		member, _ := msg.Headers[FieldMember].value.(string)
+		call.Method = iface + "." + member
+		call.Args = msg.Body
+		call.Done = ch
+		call.ctx = ctx
+		call.ctxCanceler = canceler
+		conn.calls.track(msg.serial, call)
+		go func() {
+			<-ctx.Done()
+			conn.calls.handleSendError(msg, ctx.Err())
+		}()
+		conn.sendMessageAndIfClosed(msg, func() {
+			conn.calls.handleSendError(msg, ErrClosed)
+			canceler()
+		})
+	} else {
+		canceler()
+		call = &Call{Err: nil, Done: ch}
+		ch <- call
+		conn.sendMessageAndIfClosed(msg, func() {
+			call = &Call{Err: ErrClosed}
+		})
+	}
+	return call
+}
+
+// sendError creates an error message corresponding to the parameters and sends
+// it to conn.out.
+func (conn *Conn) sendError(err error, dest string, serial uint32) {
+	var e *Error
+	switch em := err.(type) {
+	case Error:
+		e = &em
+	case *Error:
+		e = em
+	case DBusError:
+		name, body := em.DBusError()
+		e = NewError(name, body)
+	default:
+		e = MakeFailedError(err)
+	}
+	msg := new(Message)
+	msg.Type = TypeError
+	msg.Headers = make(map[HeaderField]Variant)
+	if dest != "" {
+		msg.Headers[FieldDestination] = MakeVariant(dest)
+	}
+	msg.Headers[FieldErrorName] = MakeVariant(e.Name)
+	msg.Headers[FieldReplySerial] = MakeVariant(serial)
+	msg.Body = e.Body
+	if len(e.Body) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(e.Body...))
+	}
+	conn.sendMessageAndIfClosed(msg, nil)
+}
+
+// sendReply creates a method reply message corresponding to the parameters and
+// sends it to conn.out.
+func (conn *Conn) sendReply(dest string, serial uint32, values ...interface{}) {
+	msg := new(Message)
+	msg.Type = TypeMethodReply
+	msg.Headers = make(map[HeaderField]Variant)
+	if dest != "" {
+		msg.Headers[FieldDestination] = MakeVariant(dest)
+	}
+	msg.Headers[FieldReplySerial] = MakeVariant(serial)
+	msg.Body = values
+	if len(values) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
+	}
+	conn.sendMessageAndIfClosed(msg, nil)
+}
+
+// AddMatchSignal registers the given match rule to receive broadcast
+// signals based on their contents.
+func (conn *Conn) AddMatchSignal(options ...MatchOption) error {
+	return conn.AddMatchSignalContext(context.Background(), options...)
+}
+
+// AddMatchSignalContext acts like AddMatchSignal but takes a context.
+func (conn *Conn) AddMatchSignalContext(ctx context.Context, options ...MatchOption) error {
+	options = append([]MatchOption{withMatchType("signal")}, options...)
+	return conn.busObj.CallWithContext(
+		ctx,
+		"org.freedesktop.DBus.AddMatch", 0,
+		formatMatchOptions(options),
+	).Store()
+}
+
+// RemoveMatchSignal removes the first rule that matches previously registered with AddMatchSignal.
+func (conn *Conn) RemoveMatchSignal(options ...MatchOption) error {
+	return conn.RemoveMatchSignalContext(context.Background(), options...)
+}
+
+// RemoveMatchSignalContext acts like RemoveMatchSignal but takes a context.
+func (conn *Conn) RemoveMatchSignalContext(ctx context.Context, options ...MatchOption) error {
+	options = append([]MatchOption{withMatchType("signal")}, options...)
+	return conn.busObj.CallWithContext(
+		ctx,
+		"org.freedesktop.DBus.RemoveMatch", 0,
+		formatMatchOptions(options),
+	).Store()
+}
+
+// Signal registers the given channel to be passed all received signal messages.
+//
+// Multiple of these channels can be registered at the same time.
+//
+// These channels are "overwritten" by Eavesdrop; i.e., if there currently is a
+// channel for eavesdropped messages, this channel receives all signals, and
+// none of the channels passed to Signal will receive any signals.
+//
+// Panics if the signal handler is not a `SignalRegistrar`.
+func (conn *Conn) Signal(ch chan<- *Signal) {
+	handler, ok := conn.signalHandler.(SignalRegistrar)
+	if !ok {
+		panic("cannot use this method with a non SignalRegistrar handler")
+	}
+	handler.AddSignal(ch)
+}
+
+// RemoveSignal removes the given channel from the list of the registered channels.
+//
+// Panics if the signal handler is not a `SignalRegistrar`.
+func (conn *Conn) RemoveSignal(ch chan<- *Signal) {
+	handler, ok := conn.signalHandler.(SignalRegistrar)
+	if !ok {
+		panic("cannot use this method with a non SignalRegistrar handler")
+	}
+	handler.RemoveSignal(ch)
+}
+
+// SupportsUnixFDs returns whether the underlying transport supports passing of
+// unix file descriptors. If this is false, method calls containing unix file
+// descriptors will return an error and emitted signals containing them will
+// not be sent.
+func (conn *Conn) SupportsUnixFDs() bool {
+	return conn.unixFD
+}
+
+// Error represents a D-Bus message of type Error.
+type Error struct {
+	Name string
+	Body []interface{}
+}
+
+func NewError(name string, body []interface{}) *Error {
+	return &Error{name, body}
+}
+
+func (e Error) Error() string {
+	if len(e.Body) >= 1 {
+		s, ok := e.Body[0].(string)
+		if ok {
+			return s
+		}
+	}
+	return e.Name
+}
+
+// Signal represents a D-Bus message of type Signal. The name member is given in
+// "interface.member" notation, e.g. org.freedesktop.D-Bus.NameLost.
+type Signal struct {
+	Sender   string
+	Path     ObjectPath
+	Name     string
+	Body     []interface{}
+	Sequence Sequence
+}
+
+// transport is a D-Bus transport.
+type transport interface {
+	// Read and Write raw data (for example, for the authentication protocol).
+	io.ReadWriteCloser
+
+	// Send the initial null byte used for the EXTERNAL mechanism.
+	SendNullByte() error
+
+	// Returns whether this transport supports passing Unix FDs.
+	SupportsUnixFDs() bool
+
+	// Signal the transport that Unix FD passing is enabled for this connection.
+	EnableUnixFDs()
+
+	// Read / send a message, handling things like Unix FDs.
+	ReadMessage() (*Message, error)
+	SendMessage(*Message) error
+}
+
+var (
+	transports = make(map[string]func(string) (transport, error))
+)
+
+func getTransport(address string) (transport, error) {
+	var err error
+	var t transport
+
+	addresses := strings.Split(address, ";")
+	for _, v := range addresses {
+		i := strings.IndexRune(v, ':')
+		if i == -1 {
+			err = errors.New("dbus: invalid bus address (no transport)")
+			continue
+		}
+		f := transports[v[:i]]
+		if f == nil {
+			err = errors.New("dbus: invalid bus address (invalid or unsupported transport)")
+			continue
+		}
+		t, err = f(v[i+1:])
+		if err == nil {
+			return t, nil
+		}
+	}
+	return nil, err
+}
+
+// getKey gets a key from a the list of keys. Returns "" on error / not found...
+func getKey(s, key string) string {
+	for _, keyEqualsValue := range strings.Split(s, ",") {
+		keyValue := strings.SplitN(keyEqualsValue, "=", 2)
+		if len(keyValue) == 2 && keyValue[0] == key {
+			return keyValue[1]
+		}
+	}
+	return ""
+}
+
+type outputHandler struct {
+	conn    *Conn
+	sendLck sync.Mutex
+	closed  struct {
+		isClosed bool
+		lck      sync.RWMutex
+	}
+}
+
+func (h *outputHandler) sendAndIfClosed(msg *Message, ifClosed func()) error {
+	h.closed.lck.RLock()
+	defer h.closed.lck.RUnlock()
+	if h.closed.isClosed {
+		if ifClosed != nil {
+			ifClosed()
+		}
+		return nil
+	}
+	h.sendLck.Lock()
+	defer h.sendLck.Unlock()
+	return h.conn.SendMessage(msg)
+}
+
+func (h *outputHandler) close() {
+	h.closed.lck.Lock()
+	defer h.closed.lck.Unlock()
+	h.closed.isClosed = true
+}
+
+type serialGenerator struct {
+	lck        sync.Mutex
+	nextSerial uint32
+	serialUsed map[uint32]bool
+}
+
+func newSerialGenerator() *serialGenerator {
+	return &serialGenerator{
+		serialUsed: map[uint32]bool{0: true},
+		nextSerial: 1,
+	}
+}
+
+func (gen *serialGenerator) GetSerial() uint32 {
+	gen.lck.Lock()
+	defer gen.lck.Unlock()
+	n := gen.nextSerial
+	for gen.serialUsed[n] {
+		n++
+	}
+	gen.serialUsed[n] = true
+	gen.nextSerial = n + 1
+	return n
+}
+
+func (gen *serialGenerator) RetireSerial(serial uint32) {
+	gen.lck.Lock()
+	defer gen.lck.Unlock()
+	delete(gen.serialUsed, serial)
+}
+
+type nameTracker struct {
+	lck    sync.RWMutex
+	unique string
+	names  map[string]struct{}
+}
+
+func newNameTracker() *nameTracker {
+	return &nameTracker{names: map[string]struct{}{}}
+}
+func (tracker *nameTracker) acquireUniqueConnectionName(name string) {
+	tracker.lck.Lock()
+	defer tracker.lck.Unlock()
+	tracker.unique = name
+}
+func (tracker *nameTracker) acquireName(name string) {
+	tracker.lck.Lock()
+	defer tracker.lck.Unlock()
+	tracker.names[name] = struct{}{}
+}
+func (tracker *nameTracker) loseName(name string) {
+	tracker.lck.Lock()
+	defer tracker.lck.Unlock()
+	delete(tracker.names, name)
+}
+
+func (tracker *nameTracker) uniqueNameIsKnown() bool {
+	tracker.lck.RLock()
+	defer tracker.lck.RUnlock()
+	return tracker.unique != ""
+}
+func (tracker *nameTracker) isKnownName(name string) bool {
+	tracker.lck.RLock()
+	defer tracker.lck.RUnlock()
+	_, ok := tracker.names[name]
+	return ok || name == tracker.unique
+}
+func (tracker *nameTracker) listKnownNames() []string {
+	tracker.lck.RLock()
+	defer tracker.lck.RUnlock()
+	out := make([]string, 0, len(tracker.names)+1)
+	out = append(out, tracker.unique)
+	for k := range tracker.names {
+		out = append(out, k)
+	}
+	return out
+}
+
+type callTracker struct {
+	calls map[uint32]*Call
+	lck   sync.RWMutex
+}
+
+func newCallTracker() *callTracker {
+	return &callTracker{calls: map[uint32]*Call{}}
+}
+
+func (tracker *callTracker) track(sn uint32, call *Call) {
+	tracker.lck.Lock()
+	tracker.calls[sn] = call
+	tracker.lck.Unlock()
+}
+
+func (tracker *callTracker) handleReply(sequence Sequence, msg *Message) uint32 {
+	serial := msg.Headers[FieldReplySerial].value.(uint32)
+	tracker.lck.RLock()
+	_, ok := tracker.calls[serial]
+	tracker.lck.RUnlock()
+	if ok {
+		tracker.finalizeWithBody(serial, sequence, msg.Body)
+	}
+	return serial
+}
+
+func (tracker *callTracker) handleDBusError(sequence Sequence, msg *Message) uint32 {
+	serial := msg.Headers[FieldReplySerial].value.(uint32)
+	tracker.lck.RLock()
+	_, ok := tracker.calls[serial]
+	tracker.lck.RUnlock()
+	if ok {
+		name, _ := msg.Headers[FieldErrorName].value.(string)
+		tracker.finalizeWithError(serial, sequence, Error{name, msg.Body})
+	}
+	return serial
+}
+
+func (tracker *callTracker) handleSendError(msg *Message, err error) {
+	if err == nil {
+		return
+	}
+	tracker.lck.RLock()
+	_, ok := tracker.calls[msg.serial]
+	tracker.lck.RUnlock()
+	if ok {
+		tracker.finalizeWithError(msg.serial, NoSequence, err)
+	}
+}
+
+// finalize was the only func that did not strobe Done
+func (tracker *callTracker) finalize(sn uint32) {
+	tracker.lck.Lock()
+	defer tracker.lck.Unlock()
+	c, ok := tracker.calls[sn]
+	if ok {
+		delete(tracker.calls, sn)
+		c.ContextCancel()
+	}
+}
+
+func (tracker *callTracker) finalizeWithBody(sn uint32, sequence Sequence, body []interface{}) {
+	tracker.lck.Lock()
+	c, ok := tracker.calls[sn]
+	if ok {
+		delete(tracker.calls, sn)
+	}
+	tracker.lck.Unlock()
+	if ok {
+		c.Body = body
+		c.ResponseSequence = sequence
+		c.done()
+	}
+}
+
+func (tracker *callTracker) finalizeWithError(sn uint32, sequence Sequence, err error) {
+	tracker.lck.Lock()
+	c, ok := tracker.calls[sn]
+	if ok {
+		delete(tracker.calls, sn)
+	}
+	tracker.lck.Unlock()
+	if ok {
+		c.Err = err
+		c.ResponseSequence = sequence
+		c.done()
+	}
+}
+
+func (tracker *callTracker) finalizeAllWithError(sequenceGen *sequenceGenerator, err error) {
+	tracker.lck.Lock()
+	closedCalls := make([]*Call, 0, len(tracker.calls))
+	for sn := range tracker.calls {
+		closedCalls = append(closedCalls, tracker.calls[sn])
+	}
+	tracker.calls = map[uint32]*Call{}
+	tracker.lck.Unlock()
+	for _, call := range closedCalls {
+		call.Err = err
+		call.ResponseSequence = sequenceGen.next()
+		call.done()
+	}
+}
diff --git a/vendor/github.com/godbus/dbus/v5/conn_darwin.go b/vendor/github.com/godbus/dbus/v5/conn_darwin.go
new file mode 100644
index 0000000000000..6e2e402021650
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/conn_darwin.go
@@ -0,0 +1,37 @@
+package dbus
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+)
+
+const defaultSystemBusAddress = "unix:path=/opt/local/var/run/dbus/system_bus_socket"
+
+func getSessionBusPlatformAddress() (string, error) {
+	cmd := exec.Command("launchctl", "getenv", "DBUS_LAUNCHD_SESSION_BUS_SOCKET")
+	b, err := cmd.CombinedOutput()
+
+	if err != nil {
+		return "", err
+	}
+
+	if len(b) == 0 {
+		return "", errors.New("dbus: couldn't determine address of session bus")
+	}
+
+	return "unix:path=" + string(b[:len(b)-1]), nil
+}
+
+func getSystemBusPlatformAddress() string {
+	address := os.Getenv("DBUS_LAUNCHD_SESSION_BUS_SOCKET")
+	if address != "" {
+		return fmt.Sprintf("unix:path=%s", address)
+	}
+	return defaultSystemBusAddress
+}
+
+func tryDiscoverDbusSessionBusAddress() string {
+	return ""
+}
diff --git a/vendor/github.com/godbus/dbus/v5/conn_other.go b/vendor/github.com/godbus/dbus/v5/conn_other.go
new file mode 100644
index 0000000000000..616dcf66449f7
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/conn_other.go
@@ -0,0 +1,93 @@
+// +build !darwin
+
+package dbus
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"os/user"
+	"path"
+	"strings"
+)
+
+var execCommand = exec.Command
+
+func getSessionBusPlatformAddress() (string, error) {
+	cmd := execCommand("dbus-launch")
+	b, err := cmd.CombinedOutput()
+
+	if err != nil {
+		return "", err
+	}
+
+	i := bytes.IndexByte(b, '=')
+	j := bytes.IndexByte(b, '\n')
+
+	if i == -1 || j == -1 || i > j {
+		return "", errors.New("dbus: couldn't determine address of session bus")
+	}
+
+	env, addr := string(b[0:i]), string(b[i+1:j])
+	os.Setenv(env, addr)
+
+	return addr, nil
+}
+
+// tryDiscoverDbusSessionBusAddress tries to discover an existing dbus session
+// and return the value of its DBUS_SESSION_BUS_ADDRESS.
+// It tries different techniques employed by different operating systems,
+// returning the first valid address it finds, or an empty string.
+//
+// * /run/user/<uid>/bus           if this exists, it *is* the bus socket. present on
+//                                 Ubuntu 18.04
+// * /run/user/<uid>/dbus-session: if this exists, it can be parsed for the bus
+//                                 address. present on Ubuntu 16.04
+//
+// See https://dbus.freedesktop.org/doc/dbus-launch.1.html
+func tryDiscoverDbusSessionBusAddress() string {
+	if runtimeDirectory, err := getRuntimeDirectory(); err == nil {
+
+		if runUserBusFile := path.Join(runtimeDirectory, "bus"); fileExists(runUserBusFile) {
+			// if /run/user/<uid>/bus exists, that file itself
+			// *is* the unix socket, so return its path
+			return fmt.Sprintf("unix:path=%s", runUserBusFile)
+		}
+		if runUserSessionDbusFile := path.Join(runtimeDirectory, "dbus-session"); fileExists(runUserSessionDbusFile) {
+			// if /run/user/<uid>/dbus-session exists, it's a
+			// text file // containing the address of the socket, e.g.:
+			// DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-E1c73yNqrG
+
+			if f, err := ioutil.ReadFile(runUserSessionDbusFile); err == nil {
+				fileContent := string(f)
+
+				prefix := "DBUS_SESSION_BUS_ADDRESS="
+
+				if strings.HasPrefix(fileContent, prefix) {
+					address := strings.TrimRight(strings.TrimPrefix(fileContent, prefix), "\n\r")
+					return address
+				}
+			}
+		}
+	}
+	return ""
+}
+
+func getRuntimeDirectory() (string, error) {
+	if currentUser, err := user.Current(); err != nil {
+		return "", err
+	} else {
+		return fmt.Sprintf("/run/user/%s", currentUser.Uid), nil
+	}
+}
+
+func fileExists(filename string) bool {
+	if _, err := os.Stat(filename); !os.IsNotExist(err) {
+		return true
+	} else {
+		return false
+	}
+}
diff --git a/vendor/github.com/godbus/dbus/v5/conn_unix.go b/vendor/github.com/godbus/dbus/v5/conn_unix.go
new file mode 100644
index 0000000000000..58aee7d2af5eb
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/conn_unix.go
@@ -0,0 +1,17 @@
+//+build !windows,!solaris,!darwin
+
+package dbus
+
+import (
+	"os"
+)
+
+const defaultSystemBusAddress = "unix:path=/var/run/dbus/system_bus_socket"
+
+func getSystemBusPlatformAddress() string {
+	address := os.Getenv("DBUS_SYSTEM_BUS_ADDRESS")
+	if address != "" {
+		return address
+	}
+	return defaultSystemBusAddress
+}
diff --git a/vendor/github.com/godbus/dbus/v5/conn_windows.go b/vendor/github.com/godbus/dbus/v5/conn_windows.go
new file mode 100644
index 0000000000000..4291e4519cc01
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/conn_windows.go
@@ -0,0 +1,15 @@
+//+build windows
+
+package dbus
+
+import "os"
+
+const defaultSystemBusAddress = "tcp:host=127.0.0.1,port=12434"
+
+func getSystemBusPlatformAddress() string {
+	address := os.Getenv("DBUS_SYSTEM_BUS_ADDRESS")
+	if address != "" {
+		return address
+	}
+	return defaultSystemBusAddress
+}
diff --git a/vendor/github.com/godbus/dbus/v5/dbus.go b/vendor/github.com/godbus/dbus/v5/dbus.go
new file mode 100644
index 0000000000000..ddf3b7afde9d3
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/dbus.go
@@ -0,0 +1,432 @@
+package dbus
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"strings"
+)
+
+var (
+	byteType        = reflect.TypeOf(byte(0))
+	boolType        = reflect.TypeOf(false)
+	uint8Type       = reflect.TypeOf(uint8(0))
+	int16Type       = reflect.TypeOf(int16(0))
+	uint16Type      = reflect.TypeOf(uint16(0))
+	intType         = reflect.TypeOf(int(0))
+	uintType        = reflect.TypeOf(uint(0))
+	int32Type       = reflect.TypeOf(int32(0))
+	uint32Type      = reflect.TypeOf(uint32(0))
+	int64Type       = reflect.TypeOf(int64(0))
+	uint64Type      = reflect.TypeOf(uint64(0))
+	float64Type     = reflect.TypeOf(float64(0))
+	stringType      = reflect.TypeOf("")
+	signatureType   = reflect.TypeOf(Signature{""})
+	objectPathType  = reflect.TypeOf(ObjectPath(""))
+	variantType     = reflect.TypeOf(Variant{Signature{""}, nil})
+	interfacesType  = reflect.TypeOf([]interface{}{})
+	interfaceType   = reflect.TypeOf((*interface{})(nil)).Elem()
+	unixFDType      = reflect.TypeOf(UnixFD(0))
+	unixFDIndexType = reflect.TypeOf(UnixFDIndex(0))
+	errType         = reflect.TypeOf((*error)(nil)).Elem()
+)
+
+// An InvalidTypeError signals that a value which cannot be represented in the
+// D-Bus wire format was passed to a function.
+type InvalidTypeError struct {
+	Type reflect.Type
+}
+
+func (e InvalidTypeError) Error() string {
+	return "dbus: invalid type " + e.Type.String()
+}
+
+// Store copies the values contained in src to dest, which must be a slice of
+// pointers. It converts slices of interfaces from src to corresponding structs
+// in dest. An error is returned if the lengths of src and dest or the types of
+// their elements don't match.
+func Store(src []interface{}, dest ...interface{}) error {
+	if len(src) != len(dest) {
+		return errors.New("dbus.Store: length mismatch")
+	}
+
+	for i := range src {
+		if err := storeInterfaces(src[i], dest[i]); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func storeInterfaces(src, dest interface{}) error {
+	return store(reflect.ValueOf(dest), reflect.ValueOf(src))
+}
+
+func store(dest, src reflect.Value) error {
+	if dest.Kind() == reflect.Ptr {
+		if dest.IsNil() {
+			dest.Set(reflect.New(dest.Type().Elem()))
+		}
+		return store(dest.Elem(), src)
+	}
+	switch src.Kind() {
+	case reflect.Slice:
+		return storeSlice(dest, src)
+	case reflect.Map:
+		return storeMap(dest, src)
+	default:
+		return storeBase(dest, src)
+	}
+}
+
+func storeBase(dest, src reflect.Value) error {
+	return setDest(dest, src)
+}
+
+func setDest(dest, src reflect.Value) error {
+	if !isVariant(src.Type()) && isVariant(dest.Type()) {
+		//special conversion for dbus.Variant
+		dest.Set(reflect.ValueOf(MakeVariant(src.Interface())))
+		return nil
+	}
+	if isVariant(src.Type()) && !isVariant(dest.Type()) {
+		src = getVariantValue(src)
+		return store(dest, src)
+	}
+	if !src.Type().ConvertibleTo(dest.Type()) {
+		return fmt.Errorf(
+			"dbus.Store: type mismatch: cannot convert %s to %s",
+			src.Type(), dest.Type())
+	}
+	dest.Set(src.Convert(dest.Type()))
+	return nil
+}
+
+func kindsAreCompatible(dest, src reflect.Type) bool {
+	switch {
+	case isVariant(dest):
+		return true
+	case dest.Kind() == reflect.Interface:
+		return true
+	default:
+		return dest.Kind() == src.Kind()
+	}
+}
+
+func isConvertibleTo(dest, src reflect.Type) bool {
+	switch {
+	case isVariant(dest):
+		return true
+	case dest.Kind() == reflect.Interface:
+		return true
+	case dest.Kind() == reflect.Slice:
+		return src.Kind() == reflect.Slice &&
+			isConvertibleTo(dest.Elem(), src.Elem())
+	case dest.Kind() == reflect.Struct:
+		return src == interfacesType
+	default:
+		return src.ConvertibleTo(dest)
+	}
+}
+
+func storeMap(dest, src reflect.Value) error {
+	switch {
+	case !kindsAreCompatible(dest.Type(), src.Type()):
+		return fmt.Errorf(
+			"dbus.Store: type mismatch: "+
+				"map: cannot store a value of %s into %s",
+			src.Type(), dest.Type())
+	case isVariant(dest.Type()):
+		return storeMapIntoVariant(dest, src)
+	case dest.Kind() == reflect.Interface:
+		return storeMapIntoInterface(dest, src)
+	case isConvertibleTo(dest.Type().Key(), src.Type().Key()) &&
+		isConvertibleTo(dest.Type().Elem(), src.Type().Elem()):
+		return storeMapIntoMap(dest, src)
+	default:
+		return fmt.Errorf(
+			"dbus.Store: type mismatch: "+
+				"map: cannot convert a value of %s into %s",
+			src.Type(), dest.Type())
+	}
+}
+
+func storeMapIntoVariant(dest, src reflect.Value) error {
+	dv := reflect.MakeMap(src.Type())
+	err := store(dv, src)
+	if err != nil {
+		return err
+	}
+	return storeBase(dest, dv)
+}
+
+func storeMapIntoInterface(dest, src reflect.Value) error {
+	var dv reflect.Value
+	if isVariant(src.Type().Elem()) {
+		//Convert variants to interface{} recursively when converting
+		//to interface{}
+		dv = reflect.MakeMap(
+			reflect.MapOf(src.Type().Key(), interfaceType))
+	} else {
+		dv = reflect.MakeMap(src.Type())
+	}
+	err := store(dv, src)
+	if err != nil {
+		return err
+	}
+	return storeBase(dest, dv)
+}
+
+func storeMapIntoMap(dest, src reflect.Value) error {
+	if dest.IsNil() {
+		dest.Set(reflect.MakeMap(dest.Type()))
+	}
+	keys := src.MapKeys()
+	for _, key := range keys {
+		dkey := key.Convert(dest.Type().Key())
+		dval := reflect.New(dest.Type().Elem()).Elem()
+		err := store(dval, getVariantValue(src.MapIndex(key)))
+		if err != nil {
+			return err
+		}
+		dest.SetMapIndex(dkey, dval)
+	}
+	return nil
+}
+
+func storeSlice(dest, src reflect.Value) error {
+	switch {
+	case src.Type() == interfacesType && dest.Kind() == reflect.Struct:
+		//The decoder always decodes structs as slices of interface{}
+		return storeStruct(dest, src)
+	case !kindsAreCompatible(dest.Type(), src.Type()):
+		return fmt.Errorf(
+			"dbus.Store: type mismatch: "+
+				"slice: cannot store a value of %s into %s",
+			src.Type(), dest.Type())
+	case isVariant(dest.Type()):
+		return storeSliceIntoVariant(dest, src)
+	case dest.Kind() == reflect.Interface:
+		return storeSliceIntoInterface(dest, src)
+	case isConvertibleTo(dest.Type().Elem(), src.Type().Elem()):
+		return storeSliceIntoSlice(dest, src)
+	default:
+		return fmt.Errorf(
+			"dbus.Store: type mismatch: "+
+				"slice: cannot convert a value of %s into %s",
+			src.Type(), dest.Type())
+	}
+}
+
+func storeStruct(dest, src reflect.Value) error {
+	if isVariant(dest.Type()) {
+		return storeBase(dest, src)
+	}
+	dval := make([]interface{}, 0, dest.NumField())
+	dtype := dest.Type()
+	for i := 0; i < dest.NumField(); i++ {
+		field := dest.Field(i)
+		ftype := dtype.Field(i)
+		if ftype.PkgPath != "" {
+			continue
+		}
+		if ftype.Tag.Get("dbus") == "-" {
+			continue
+		}
+		dval = append(dval, field.Addr().Interface())
+	}
+	if src.Len() != len(dval) {
+		return fmt.Errorf(
+			"dbus.Store: type mismatch: "+
+				"destination struct does not have "+
+				"enough fields need: %d have: %d",
+			src.Len(), len(dval))
+	}
+	return Store(src.Interface().([]interface{}), dval...)
+}
+
+func storeSliceIntoVariant(dest, src reflect.Value) error {
+	dv := reflect.MakeSlice(src.Type(), src.Len(), src.Cap())
+	err := store(dv, src)
+	if err != nil {
+		return err
+	}
+	return storeBase(dest, dv)
+}
+
+func storeSliceIntoInterface(dest, src reflect.Value) error {
+	var dv reflect.Value
+	if isVariant(src.Type().Elem()) {
+		//Convert variants to interface{} recursively when converting
+		//to interface{}
+		dv = reflect.MakeSlice(reflect.SliceOf(interfaceType),
+			src.Len(), src.Cap())
+	} else {
+		dv = reflect.MakeSlice(src.Type(), src.Len(), src.Cap())
+	}
+	err := store(dv, src)
+	if err != nil {
+		return err
+	}
+	return storeBase(dest, dv)
+}
+
+func storeSliceIntoSlice(dest, src reflect.Value) error {
+	if dest.IsNil() || dest.Len() < src.Len() {
+		dest.Set(reflect.MakeSlice(dest.Type(), src.Len(), src.Cap()))
+	}
+	if dest.Len() != src.Len() {
+		return fmt.Errorf(
+			"dbus.Store: type mismatch: "+
+				"slices are different lengths "+
+				"need: %d have: %d",
+			src.Len(), dest.Len())
+	}
+	for i := 0; i < src.Len(); i++ {
+		err := store(dest.Index(i), getVariantValue(src.Index(i)))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func getVariantValue(in reflect.Value) reflect.Value {
+	if isVariant(in.Type()) {
+		return reflect.ValueOf(in.Interface().(Variant).Value())
+	}
+	return in
+}
+
+func isVariant(t reflect.Type) bool {
+	return t == variantType
+}
+
+// An ObjectPath is an object path as defined by the D-Bus spec.
+type ObjectPath string
+
+// IsValid returns whether the object path is valid.
+func (o ObjectPath) IsValid() bool {
+	s := string(o)
+	if len(s) == 0 {
+		return false
+	}
+	if s[0] != '/' {
+		return false
+	}
+	if s[len(s)-1] == '/' && len(s) != 1 {
+		return false
+	}
+	// probably not used, but technically possible
+	if s == "/" {
+		return true
+	}
+	split := strings.Split(s[1:], "/")
+	for _, v := range split {
+		if len(v) == 0 {
+			return false
+		}
+		for _, c := range v {
+			if !isMemberChar(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// A UnixFD is a Unix file descriptor sent over the wire. See the package-level
+// documentation for more information about Unix file descriptor passsing.
+type UnixFD int32
+
+// A UnixFDIndex is the representation of a Unix file descriptor in a message.
+type UnixFDIndex uint32
+
+// alignment returns the alignment of values of type t.
+func alignment(t reflect.Type) int {
+	switch t {
+	case variantType:
+		return 1
+	case objectPathType:
+		return 4
+	case signatureType:
+		return 1
+	case interfacesType:
+		return 4
+	}
+	switch t.Kind() {
+	case reflect.Uint8:
+		return 1
+	case reflect.Uint16, reflect.Int16:
+		return 2
+	case reflect.Uint, reflect.Int, reflect.Uint32, reflect.Int32, reflect.String, reflect.Array, reflect.Slice, reflect.Map:
+		return 4
+	case reflect.Uint64, reflect.Int64, reflect.Float64, reflect.Struct:
+		return 8
+	case reflect.Ptr:
+		return alignment(t.Elem())
+	}
+	return 1
+}
+
+// isKeyType returns whether t is a valid type for a D-Bus dict.
+func isKeyType(t reflect.Type) bool {
+	switch t.Kind() {
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
+		reflect.Int16, reflect.Int32, reflect.Int64, reflect.Float64,
+		reflect.String, reflect.Uint, reflect.Int:
+
+		return true
+	}
+	return false
+}
+
+// isValidInterface returns whether s is a valid name for an interface.
+func isValidInterface(s string) bool {
+	if len(s) == 0 || len(s) > 255 || s[0] == '.' {
+		return false
+	}
+	elem := strings.Split(s, ".")
+	if len(elem) < 2 {
+		return false
+	}
+	for _, v := range elem {
+		if len(v) == 0 {
+			return false
+		}
+		if v[0] >= '0' && v[0] <= '9' {
+			return false
+		}
+		for _, c := range v {
+			if !isMemberChar(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// isValidMember returns whether s is a valid name for a member.
+func isValidMember(s string) bool {
+	if len(s) == 0 || len(s) > 255 {
+		return false
+	}
+	i := strings.Index(s, ".")
+	if i != -1 {
+		return false
+	}
+	if s[0] >= '0' && s[0] <= '9' {
+		return false
+	}
+	for _, c := range s {
+		if !isMemberChar(c) {
+			return false
+		}
+	}
+	return true
+}
+
+func isMemberChar(c rune) bool {
+	return (c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') ||
+		(c >= 'a' && c <= 'z') || c == '_'
+}
diff --git a/vendor/github.com/godbus/dbus/v5/decoder.go b/vendor/github.com/godbus/dbus/v5/decoder.go
new file mode 100644
index 0000000000000..ede91575b3e86
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/decoder.go
@@ -0,0 +1,286 @@
+package dbus
+
+import (
+	"encoding/binary"
+	"io"
+	"reflect"
+)
+
+type decoder struct {
+	in    io.Reader
+	order binary.ByteOrder
+	pos   int
+}
+
+// newDecoder returns a new decoder that reads values from in. The input is
+// expected to be in the given byte order.
+func newDecoder(in io.Reader, order binary.ByteOrder) *decoder {
+	dec := new(decoder)
+	dec.in = in
+	dec.order = order
+	return dec
+}
+
+// align aligns the input to the given boundary and panics on error.
+func (dec *decoder) align(n int) {
+	if dec.pos%n != 0 {
+		newpos := (dec.pos + n - 1) & ^(n - 1)
+		empty := make([]byte, newpos-dec.pos)
+		if _, err := io.ReadFull(dec.in, empty); err != nil {
+			panic(err)
+		}
+		dec.pos = newpos
+	}
+}
+
+// Calls binary.Read(dec.in, dec.order, v) and panics on read errors.
+func (dec *decoder) binread(v interface{}) {
+	if err := binary.Read(dec.in, dec.order, v); err != nil {
+		panic(err)
+	}
+}
+
+func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) {
+	defer func() {
+		var ok bool
+		v := recover()
+		if err, ok = v.(error); ok {
+			if err == io.EOF || err == io.ErrUnexpectedEOF {
+				err = FormatError("unexpected EOF")
+			}
+		}
+	}()
+	vs = make([]interface{}, 0)
+	s := sig.str
+	for s != "" {
+		err, rem := validSingle(s, 0)
+		if err != nil {
+			return nil, err
+		}
+		v := dec.decode(s[:len(s)-len(rem)], 0)
+		vs = append(vs, v)
+		s = rem
+	}
+	return vs, nil
+}
+
+func (dec *decoder) decode(s string, depth int) interface{} {
+	dec.align(alignment(typeFor(s)))
+	switch s[0] {
+	case 'y':
+		var b [1]byte
+		if _, err := dec.in.Read(b[:]); err != nil {
+			panic(err)
+		}
+		dec.pos++
+		return b[0]
+	case 'b':
+		i := dec.decode("u", depth).(uint32)
+		switch {
+		case i == 0:
+			return false
+		case i == 1:
+			return true
+		default:
+			panic(FormatError("invalid value for boolean"))
+		}
+	case 'n':
+		var i int16
+		dec.binread(&i)
+		dec.pos += 2
+		return i
+	case 'i':
+		var i int32
+		dec.binread(&i)
+		dec.pos += 4
+		return i
+	case 'x':
+		var i int64
+		dec.binread(&i)
+		dec.pos += 8
+		return i
+	case 'q':
+		var i uint16
+		dec.binread(&i)
+		dec.pos += 2
+		return i
+	case 'u':
+		var i uint32
+		dec.binread(&i)
+		dec.pos += 4
+		return i
+	case 't':
+		var i uint64
+		dec.binread(&i)
+		dec.pos += 8
+		return i
+	case 'd':
+		var f float64
+		dec.binread(&f)
+		dec.pos += 8
+		return f
+	case 's':
+		length := dec.decode("u", depth).(uint32)
+		b := make([]byte, int(length)+1)
+		if _, err := io.ReadFull(dec.in, b); err != nil {
+			panic(err)
+		}
+		dec.pos += int(length) + 1
+		return string(b[:len(b)-1])
+	case 'o':
+		return ObjectPath(dec.decode("s", depth).(string))
+	case 'g':
+		length := dec.decode("y", depth).(byte)
+		b := make([]byte, int(length)+1)
+		if _, err := io.ReadFull(dec.in, b); err != nil {
+			panic(err)
+		}
+		dec.pos += int(length) + 1
+		sig, err := ParseSignature(string(b[:len(b)-1]))
+		if err != nil {
+			panic(err)
+		}
+		return sig
+	case 'v':
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		var variant Variant
+		sig := dec.decode("g", depth).(Signature)
+		if len(sig.str) == 0 {
+			panic(FormatError("variant signature is empty"))
+		}
+		err, rem := validSingle(sig.str, 0)
+		if err != nil {
+			panic(err)
+		}
+		if rem != "" {
+			panic(FormatError("variant signature has multiple types"))
+		}
+		variant.sig = sig
+		variant.value = dec.decode(sig.str, depth+1)
+		return variant
+	case 'h':
+		return UnixFDIndex(dec.decode("u", depth).(uint32))
+	case 'a':
+		if len(s) > 1 && s[1] == '{' {
+			ksig := s[2:3]
+			vsig := s[3 : len(s)-1]
+			v := reflect.MakeMap(reflect.MapOf(typeFor(ksig), typeFor(vsig)))
+			if depth >= 63 {
+				panic(FormatError("input exceeds container depth limit"))
+			}
+			length := dec.decode("u", depth).(uint32)
+			// Even for empty maps, the correct padding must be included
+			dec.align(8)
+			spos := dec.pos
+			for dec.pos < spos+int(length) {
+				dec.align(8)
+				if !isKeyType(v.Type().Key()) {
+					panic(InvalidTypeError{v.Type()})
+				}
+				kv := dec.decode(ksig, depth+2)
+				vv := dec.decode(vsig, depth+2)
+				v.SetMapIndex(reflect.ValueOf(kv), reflect.ValueOf(vv))
+			}
+			return v.Interface()
+		}
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		sig := s[1:]
+		length := dec.decode("u", depth).(uint32)
+		// capacity can be determined only for fixed-size element types
+		var capacity int
+		if s := sigByteSize(sig); s != 0 {
+			capacity = int(length) / s
+		}
+		v := reflect.MakeSlice(reflect.SliceOf(typeFor(sig)), 0, capacity)
+		// Even for empty arrays, the correct padding must be included
+		align := alignment(typeFor(s[1:]))
+		if len(s) > 1 && s[1] == '(' {
+			//Special case for arrays of structs
+			//structs decode as a slice of interface{} values
+			//but the dbus alignment does not match this
+			align = 8
+		}
+		dec.align(align)
+		spos := dec.pos
+		for dec.pos < spos+int(length) {
+			ev := dec.decode(s[1:], depth+1)
+			v = reflect.Append(v, reflect.ValueOf(ev))
+		}
+		return v.Interface()
+	case '(':
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		dec.align(8)
+		v := make([]interface{}, 0)
+		s = s[1 : len(s)-1]
+		for s != "" {
+			err, rem := validSingle(s, 0)
+			if err != nil {
+				panic(err)
+			}
+			ev := dec.decode(s[:len(s)-len(rem)], depth+1)
+			v = append(v, ev)
+			s = rem
+		}
+		return v
+	default:
+		panic(SignatureError{Sig: s})
+	}
+}
+
+// sigByteSize tries to calculates size of the given signature in bytes.
+//
+// It returns zero when it can't, for example when it contains non-fixed size
+// types such as strings, maps and arrays that require reading of the transmitted
+// data, for that we would need to implement the unread method for Decoder first.
+func sigByteSize(sig string) int {
+	var total int
+	for offset := 0; offset < len(sig); {
+		switch sig[offset] {
+		case 'y':
+			total += 1
+			offset += 1
+		case 'n', 'q':
+			total += 2
+			offset += 1
+		case 'b', 'i', 'u', 'h':
+			total += 4
+			offset += 1
+		case 'x', 't', 'd':
+			total += 8
+			offset += 1
+		case '(':
+			i := 1
+			depth := 1
+			for i < len(sig[offset:]) && depth != 0 {
+				if sig[offset+i] == '(' {
+					depth++
+				} else if sig[offset+i] == ')' {
+					depth--
+				}
+				i++
+			}
+			s := sigByteSize(sig[offset+1 : offset+i-1])
+			if s == 0 {
+				return 0
+			}
+			total += s
+			offset += i
+		default:
+			return 0
+		}
+	}
+	return total
+}
+
+// A FormatError is an error in the wire format.
+type FormatError string
+
+func (e FormatError) Error() string {
+	return "dbus: wire format error: " + string(e)
+}
diff --git a/vendor/github.com/godbus/dbus/v5/default_handler.go b/vendor/github.com/godbus/dbus/v5/default_handler.go
new file mode 100644
index 0000000000000..13132c6b47970
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/default_handler.go
@@ -0,0 +1,342 @@
+package dbus
+
+import (
+	"bytes"
+	"reflect"
+	"strings"
+	"sync"
+)
+
+func newIntrospectIntf(h *defaultHandler) *exportedIntf {
+	methods := make(map[string]Method)
+	methods["Introspect"] = exportedMethod{
+		reflect.ValueOf(func(msg Message) (string, *Error) {
+			path := msg.Headers[FieldPath].value.(ObjectPath)
+			return h.introspectPath(path), nil
+		}),
+	}
+	return newExportedIntf(methods, true)
+}
+
+//NewDefaultHandler returns an instance of the default
+//call handler. This is useful if you want to implement only
+//one of the two handlers but not both.
+//
+// Deprecated: this is the default value, don't use it, it will be unexported.
+func NewDefaultHandler() *defaultHandler {
+	h := &defaultHandler{
+		objects:     make(map[ObjectPath]*exportedObj),
+		defaultIntf: make(map[string]*exportedIntf),
+	}
+	h.defaultIntf["org.freedesktop.DBus.Introspectable"] = newIntrospectIntf(h)
+	return h
+}
+
+type defaultHandler struct {
+	sync.RWMutex
+	objects     map[ObjectPath]*exportedObj
+	defaultIntf map[string]*exportedIntf
+}
+
+func (h *defaultHandler) PathExists(path ObjectPath) bool {
+	_, ok := h.objects[path]
+	return ok
+}
+
+func (h *defaultHandler) introspectPath(path ObjectPath) string {
+	subpath := make(map[string]struct{})
+	var xml bytes.Buffer
+	xml.WriteString("<node>")
+	for obj := range h.objects {
+		p := string(path)
+		if p != "/" {
+			p += "/"
+		}
+		if strings.HasPrefix(string(obj), p) {
+			node_name := strings.Split(string(obj[len(p):]), "/")[0]
+			subpath[node_name] = struct{}{}
+		}
+	}
+	for s := range subpath {
+		xml.WriteString("\n\t<node name=\"" + s + "\"/>")
+	}
+	xml.WriteString("\n</node>")
+	return xml.String()
+}
+
+func (h *defaultHandler) LookupObject(path ObjectPath) (ServerObject, bool) {
+	h.RLock()
+	defer h.RUnlock()
+	object, ok := h.objects[path]
+	if ok {
+		return object, ok
+	}
+
+	// If an object wasn't found for this exact path,
+	// look for a matching subtree registration
+	subtreeObject := newExportedObject()
+	path = path[:strings.LastIndex(string(path), "/")]
+	for len(path) > 0 {
+		object, ok = h.objects[path]
+		if ok {
+			for name, iface := range object.interfaces {
+				// Only include this handler if it registered for the subtree
+				if iface.isFallbackInterface() {
+					subtreeObject.interfaces[name] = iface
+				}
+			}
+			break
+		}
+
+		path = path[:strings.LastIndex(string(path), "/")]
+	}
+
+	for name, intf := range h.defaultIntf {
+		if _, exists := subtreeObject.interfaces[name]; exists {
+			continue
+		}
+		subtreeObject.interfaces[name] = intf
+	}
+
+	return subtreeObject, true
+}
+
+func (h *defaultHandler) AddObject(path ObjectPath, object *exportedObj) {
+	h.Lock()
+	h.objects[path] = object
+	h.Unlock()
+}
+
+func (h *defaultHandler) DeleteObject(path ObjectPath) {
+	h.Lock()
+	delete(h.objects, path)
+	h.Unlock()
+}
+
+type exportedMethod struct {
+	reflect.Value
+}
+
+func (m exportedMethod) Call(args ...interface{}) ([]interface{}, error) {
+	t := m.Type()
+
+	params := make([]reflect.Value, len(args))
+	for i := 0; i < len(args); i++ {
+		params[i] = reflect.ValueOf(args[i]).Elem()
+	}
+
+	ret := m.Value.Call(params)
+	var err error
+	nilErr := false // The reflection will find almost-nils, let's only pass back clean ones!
+	if t.NumOut() > 0 {
+		if e, ok := ret[t.NumOut()-1].Interface().(*Error); ok { // godbus *Error
+			nilErr = ret[t.NumOut()-1].IsNil()
+			ret = ret[:t.NumOut()-1]
+			err = e
+		} else if ret[t.NumOut()-1].Type().Implements(errType) { // Go error
+			i := ret[t.NumOut()-1].Interface()
+			if i == nil {
+				nilErr = ret[t.NumOut()-1].IsNil()
+			} else {
+				err = i.(error)
+			}
+			ret = ret[:t.NumOut()-1]
+		}
+	}
+	out := make([]interface{}, len(ret))
+	for i, val := range ret {
+		out[i] = val.Interface()
+	}
+	if nilErr || err == nil {
+		//concrete type to interface nil is a special case
+		return out, nil
+	}
+	return out, err
+}
+
+func (m exportedMethod) NumArguments() int {
+	return m.Value.Type().NumIn()
+}
+
+func (m exportedMethod) ArgumentValue(i int) interface{} {
+	return reflect.Zero(m.Type().In(i)).Interface()
+}
+
+func (m exportedMethod) NumReturns() int {
+	return m.Value.Type().NumOut()
+}
+
+func (m exportedMethod) ReturnValue(i int) interface{} {
+	return reflect.Zero(m.Type().Out(i)).Interface()
+}
+
+func newExportedObject() *exportedObj {
+	return &exportedObj{
+		interfaces: make(map[string]*exportedIntf),
+	}
+}
+
+type exportedObj struct {
+	mu         sync.RWMutex
+	interfaces map[string]*exportedIntf
+}
+
+func (obj *exportedObj) LookupInterface(name string) (Interface, bool) {
+	if name == "" {
+		return obj, true
+	}
+	obj.mu.RLock()
+	defer obj.mu.RUnlock()
+	intf, exists := obj.interfaces[name]
+	return intf, exists
+}
+
+func (obj *exportedObj) AddInterface(name string, iface *exportedIntf) {
+	obj.mu.Lock()
+	defer obj.mu.Unlock()
+	obj.interfaces[name] = iface
+}
+
+func (obj *exportedObj) DeleteInterface(name string) {
+	obj.mu.Lock()
+	defer obj.mu.Unlock()
+	delete(obj.interfaces, name)
+}
+
+func (obj *exportedObj) LookupMethod(name string) (Method, bool) {
+	obj.mu.RLock()
+	defer obj.mu.RUnlock()
+	for _, intf := range obj.interfaces {
+		method, exists := intf.LookupMethod(name)
+		if exists {
+			return method, exists
+		}
+	}
+	return nil, false
+}
+
+func (obj *exportedObj) isFallbackInterface() bool {
+	return false
+}
+
+func newExportedIntf(methods map[string]Method, includeSubtree bool) *exportedIntf {
+	return &exportedIntf{
+		methods:        methods,
+		includeSubtree: includeSubtree,
+	}
+}
+
+type exportedIntf struct {
+	methods map[string]Method
+
+	// Whether or not this export is for the entire subtree
+	includeSubtree bool
+}
+
+func (obj *exportedIntf) LookupMethod(name string) (Method, bool) {
+	out, exists := obj.methods[name]
+	return out, exists
+}
+
+func (obj *exportedIntf) isFallbackInterface() bool {
+	return obj.includeSubtree
+}
+
+//NewDefaultSignalHandler returns an instance of the default
+//signal handler. This is useful if you want to implement only
+//one of the two handlers but not both.
+//
+// Deprecated: this is the default value, don't use it, it will be unexported.
+func NewDefaultSignalHandler() *defaultSignalHandler {
+	return &defaultSignalHandler{}
+}
+
+type defaultSignalHandler struct {
+	mu      sync.RWMutex
+	closed  bool
+	signals []*signalChannelData
+}
+
+func (sh *defaultSignalHandler) DeliverSignal(intf, name string, signal *Signal) {
+	sh.mu.RLock()
+	defer sh.mu.RUnlock()
+	if sh.closed {
+		return
+	}
+	for _, scd := range sh.signals {
+		scd.deliver(signal)
+	}
+}
+
+func (sh *defaultSignalHandler) Terminate() {
+	sh.mu.Lock()
+	defer sh.mu.Unlock()
+	if sh.closed {
+		return
+	}
+
+	for _, scd := range sh.signals {
+		scd.close()
+		close(scd.ch)
+	}
+	sh.closed = true
+	sh.signals = nil
+}
+
+func (sh *defaultSignalHandler) AddSignal(ch chan<- *Signal) {
+	sh.mu.Lock()
+	defer sh.mu.Unlock()
+	if sh.closed {
+		return
+	}
+	sh.signals = append(sh.signals, &signalChannelData{
+		ch:   ch,
+		done: make(chan struct{}),
+	})
+}
+
+func (sh *defaultSignalHandler) RemoveSignal(ch chan<- *Signal) {
+	sh.mu.Lock()
+	defer sh.mu.Unlock()
+	if sh.closed {
+		return
+	}
+	for i := len(sh.signals) - 1; i >= 0; i-- {
+		if ch == sh.signals[i].ch {
+			sh.signals[i].close()
+			copy(sh.signals[i:], sh.signals[i+1:])
+			sh.signals[len(sh.signals)-1] = nil
+			sh.signals = sh.signals[:len(sh.signals)-1]
+		}
+	}
+}
+
+type signalChannelData struct {
+	wg   sync.WaitGroup
+	ch   chan<- *Signal
+	done chan struct{}
+}
+
+func (scd *signalChannelData) deliver(signal *Signal) {
+	select {
+	case scd.ch <- signal:
+	case <-scd.done:
+		return
+	default:
+		scd.wg.Add(1)
+		go scd.deferredDeliver(signal)
+	}
+}
+
+func (scd *signalChannelData) deferredDeliver(signal *Signal) {
+	select {
+	case scd.ch <- signal:
+	case <-scd.done:
+	}
+	scd.wg.Done()
+}
+
+func (scd *signalChannelData) close() {
+	close(scd.done)
+	scd.wg.Wait() // wait until all spawned goroutines return
+}
diff --git a/vendor/github.com/godbus/dbus/v5/doc.go b/vendor/github.com/godbus/dbus/v5/doc.go
new file mode 100644
index 0000000000000..ade1df951cd22
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/doc.go
@@ -0,0 +1,69 @@
+/*
+Package dbus implements bindings to the D-Bus message bus system.
+
+To use the message bus API, you first need to connect to a bus (usually the
+session or system bus). The acquired connection then can be used to call methods
+on remote objects and emit or receive signals. Using the Export method, you can
+arrange D-Bus methods calls to be directly translated to method calls on a Go
+value.
+
+Conversion Rules
+
+For outgoing messages, Go types are automatically converted to the
+corresponding D-Bus types. The following types are directly encoded as their
+respective D-Bus equivalents:
+
+     Go type     | D-Bus type
+     ------------+-----------
+     byte        | BYTE
+     bool        | BOOLEAN
+     int16       | INT16
+     uint16      | UINT16
+     int         | INT32
+     uint        | UINT32
+     int32       | INT32
+     uint32      | UINT32
+     int64       | INT64
+     uint64      | UINT64
+     float64     | DOUBLE
+     string      | STRING
+     ObjectPath  | OBJECT_PATH
+     Signature   | SIGNATURE
+     Variant     | VARIANT
+     interface{} | VARIANT
+     UnixFDIndex | UNIX_FD
+
+Slices and arrays encode as ARRAYs of their element type.
+
+Maps encode as DICTs, provided that their key type can be used as a key for
+a DICT.
+
+Structs other than Variant and Signature encode as a STRUCT containing their
+exported fields. Fields whose tags contain `dbus:"-"` and unexported fields will
+be skipped.
+
+Pointers encode as the value they're pointed to.
+
+Types convertible to one of the base types above will be mapped as the
+base type.
+
+Trying to encode any other type or a slice, map or struct containing an
+unsupported type will result in an InvalidTypeError.
+
+For incoming messages, the inverse of these rules are used, with the exception
+of STRUCTs. Incoming STRUCTS are represented as a slice of empty interfaces
+containing the struct fields in the correct order. The Store function can be
+used to convert such values to Go structs.
+
+Unix FD passing
+
+Handling Unix file descriptors deserves special mention. To use them, you should
+first check that they are supported on a connection by calling SupportsUnixFDs.
+If it returns true, all method of Connection will translate messages containing
+UnixFD's to messages that are accompanied by the given file descriptors with the
+UnixFD values being substituted by the correct indices. Similarly, the indices
+of incoming messages are automatically resolved. It shouldn't be necessary to use
+UnixFDIndex.
+
+*/
+package dbus
diff --git a/vendor/github.com/godbus/dbus/v5/encoder.go b/vendor/github.com/godbus/dbus/v5/encoder.go
new file mode 100644
index 0000000000000..adfbb75c5595b
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/encoder.go
@@ -0,0 +1,210 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io"
+	"reflect"
+)
+
+// An encoder encodes values to the D-Bus wire format.
+type encoder struct {
+	out   io.Writer
+	order binary.ByteOrder
+	pos   int
+}
+
+// NewEncoder returns a new encoder that writes to out in the given byte order.
+func newEncoder(out io.Writer, order binary.ByteOrder) *encoder {
+	return newEncoderAtOffset(out, 0, order)
+}
+
+// newEncoderAtOffset returns a new encoder that writes to out in the given
+// byte order. Specify the offset to initialize pos for proper alignment
+// computation.
+func newEncoderAtOffset(out io.Writer, offset int, order binary.ByteOrder) *encoder {
+	enc := new(encoder)
+	enc.out = out
+	enc.order = order
+	enc.pos = offset
+	return enc
+}
+
+// Aligns the next output to be on a multiple of n. Panics on write errors.
+func (enc *encoder) align(n int) {
+	pad := enc.padding(0, n)
+	if pad > 0 {
+		empty := make([]byte, pad)
+		if _, err := enc.out.Write(empty); err != nil {
+			panic(err)
+		}
+		enc.pos += pad
+	}
+}
+
+// pad returns the number of bytes of padding, based on current position and additional offset.
+// and alignment.
+func (enc *encoder) padding(offset, algn int) int {
+	abs := enc.pos + offset
+	if abs%algn != 0 {
+		newabs := (abs + algn - 1) & ^(algn - 1)
+		return newabs - abs
+	}
+	return 0
+}
+
+// Calls binary.Write(enc.out, enc.order, v) and panics on write errors.
+func (enc *encoder) binwrite(v interface{}) {
+	if err := binary.Write(enc.out, enc.order, v); err != nil {
+		panic(err)
+	}
+}
+
+// Encode encodes the given values to the underlying reader. All written values
+// are aligned properly as required by the D-Bus spec.
+func (enc *encoder) Encode(vs ...interface{}) (err error) {
+	defer func() {
+		err, _ = recover().(error)
+	}()
+	for _, v := range vs {
+		enc.encode(reflect.ValueOf(v), 0)
+	}
+	return nil
+}
+
+// encode encodes the given value to the writer and panics on error. depth holds
+// the depth of the container nesting.
+func (enc *encoder) encode(v reflect.Value, depth int) {
+	enc.align(alignment(v.Type()))
+	switch v.Kind() {
+	case reflect.Uint8:
+		var b [1]byte
+		b[0] = byte(v.Uint())
+		if _, err := enc.out.Write(b[:]); err != nil {
+			panic(err)
+		}
+		enc.pos++
+	case reflect.Bool:
+		if v.Bool() {
+			enc.encode(reflect.ValueOf(uint32(1)), depth)
+		} else {
+			enc.encode(reflect.ValueOf(uint32(0)), depth)
+		}
+	case reflect.Int16:
+		enc.binwrite(int16(v.Int()))
+		enc.pos += 2
+	case reflect.Uint16:
+		enc.binwrite(uint16(v.Uint()))
+		enc.pos += 2
+	case reflect.Int, reflect.Int32:
+		enc.binwrite(int32(v.Int()))
+		enc.pos += 4
+	case reflect.Uint, reflect.Uint32:
+		enc.binwrite(uint32(v.Uint()))
+		enc.pos += 4
+	case reflect.Int64:
+		enc.binwrite(v.Int())
+		enc.pos += 8
+	case reflect.Uint64:
+		enc.binwrite(v.Uint())
+		enc.pos += 8
+	case reflect.Float64:
+		enc.binwrite(v.Float())
+		enc.pos += 8
+	case reflect.String:
+		enc.encode(reflect.ValueOf(uint32(len(v.String()))), depth)
+		b := make([]byte, v.Len()+1)
+		copy(b, v.String())
+		b[len(b)-1] = 0
+		n, err := enc.out.Write(b)
+		if err != nil {
+			panic(err)
+		}
+		enc.pos += n
+	case reflect.Ptr:
+		enc.encode(v.Elem(), depth)
+	case reflect.Slice, reflect.Array:
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		// Lookahead offset: 4 bytes for uint32 length (with alignment),
+		// plus alignment for elements.
+		n := enc.padding(0, 4) + 4
+		offset := enc.pos + n + enc.padding(n, alignment(v.Type().Elem()))
+
+		var buf bytes.Buffer
+		bufenc := newEncoderAtOffset(&buf, offset, enc.order)
+
+		for i := 0; i < v.Len(); i++ {
+			bufenc.encode(v.Index(i), depth+1)
+		}
+		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
+		length := buf.Len()
+		enc.align(alignment(v.Type().Elem()))
+		if _, err := buf.WriteTo(enc.out); err != nil {
+			panic(err)
+		}
+		enc.pos += length
+	case reflect.Struct:
+		if depth >= 64 && v.Type() != signatureType {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		switch t := v.Type(); t {
+		case signatureType:
+			str := v.Field(0)
+			enc.encode(reflect.ValueOf(byte(str.Len())), depth+1)
+			b := make([]byte, str.Len()+1)
+			copy(b, str.String())
+			b[len(b)-1] = 0
+			n, err := enc.out.Write(b)
+			if err != nil {
+				panic(err)
+			}
+			enc.pos += n
+		case variantType:
+			variant := v.Interface().(Variant)
+			enc.encode(reflect.ValueOf(variant.sig), depth+1)
+			enc.encode(reflect.ValueOf(variant.value), depth+1)
+		default:
+			for i := 0; i < v.Type().NumField(); i++ {
+				field := t.Field(i)
+				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
+					enc.encode(v.Field(i), depth+1)
+				}
+			}
+		}
+	case reflect.Map:
+		// Maps are arrays of structures, so they actually increase the depth by
+		// 2.
+		if depth >= 63 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		if !isKeyType(v.Type().Key()) {
+			panic(InvalidTypeError{v.Type()})
+		}
+		keys := v.MapKeys()
+		// Lookahead offset: 4 bytes for uint32 length (with alignment),
+		// plus 8-byte alignment
+		n := enc.padding(0, 4) + 4
+		offset := enc.pos + n + enc.padding(n, 8)
+
+		var buf bytes.Buffer
+		bufenc := newEncoderAtOffset(&buf, offset, enc.order)
+		for _, k := range keys {
+			bufenc.align(8)
+			bufenc.encode(k, depth+2)
+			bufenc.encode(v.MapIndex(k), depth+2)
+		}
+		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
+		length := buf.Len()
+		enc.align(8)
+		if _, err := buf.WriteTo(enc.out); err != nil {
+			panic(err)
+		}
+		enc.pos += length
+	case reflect.Interface:
+		enc.encode(reflect.ValueOf(MakeVariant(v.Interface())), depth)
+	default:
+		panic(InvalidTypeError{v.Type()})
+	}
+}
diff --git a/vendor/github.com/godbus/dbus/v5/export.go b/vendor/github.com/godbus/dbus/v5/export.go
new file mode 100644
index 0000000000000..2447b51d469d3
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/export.go
@@ -0,0 +1,441 @@
+package dbus
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"strings"
+)
+
+var (
+	ErrMsgInvalidArg = Error{
+		"org.freedesktop.DBus.Error.InvalidArgs",
+		[]interface{}{"Invalid type / number of args"},
+	}
+	ErrMsgNoObject = Error{
+		"org.freedesktop.DBus.Error.NoSuchObject",
+		[]interface{}{"No such object"},
+	}
+	ErrMsgUnknownMethod = Error{
+		"org.freedesktop.DBus.Error.UnknownMethod",
+		[]interface{}{"Unknown / invalid method"},
+	}
+	ErrMsgUnknownInterface = Error{
+		"org.freedesktop.DBus.Error.UnknownInterface",
+		[]interface{}{"Object does not implement the interface"},
+	}
+)
+
+func MakeFailedError(err error) *Error {
+	return &Error{
+		"org.freedesktop.DBus.Error.Failed",
+		[]interface{}{err.Error()},
+	}
+}
+
+// Sender is a type which can be used in exported methods to receive the message
+// sender.
+type Sender string
+
+func computeMethodName(name string, mapping map[string]string) string {
+	newname, ok := mapping[name]
+	if ok {
+		name = newname
+	}
+	return name
+}
+
+func getMethods(in interface{}, mapping map[string]string) map[string]reflect.Value {
+	if in == nil {
+		return nil
+	}
+	methods := make(map[string]reflect.Value)
+	val := reflect.ValueOf(in)
+	typ := val.Type()
+	for i := 0; i < typ.NumMethod(); i++ {
+		methtype := typ.Method(i)
+		method := val.Method(i)
+		t := method.Type()
+		// only track valid methods must return *Error as last arg
+		// and must be exported
+		if t.NumOut() == 0 ||
+			t.Out(t.NumOut()-1) != reflect.TypeOf(&ErrMsgInvalidArg) ||
+			methtype.PkgPath != "" {
+			continue
+		}
+		// map names while building table
+		methods[computeMethodName(methtype.Name, mapping)] = method
+	}
+	return methods
+}
+
+func getAllMethods(in interface{}, mapping map[string]string) map[string]reflect.Value {
+	if in == nil {
+		return nil
+	}
+	methods := make(map[string]reflect.Value)
+	val := reflect.ValueOf(in)
+	typ := val.Type()
+	for i := 0; i < typ.NumMethod(); i++ {
+		methtype := typ.Method(i)
+		method := val.Method(i)
+		// map names while building table
+		methods[computeMethodName(methtype.Name, mapping)] = method
+	}
+	return methods
+}
+
+func standardMethodArgumentDecode(m Method, sender string, msg *Message, body []interface{}) ([]interface{}, error) {
+	pointers := make([]interface{}, m.NumArguments())
+	decode := make([]interface{}, 0, len(body))
+
+	for i := 0; i < m.NumArguments(); i++ {
+		tp := reflect.TypeOf(m.ArgumentValue(i))
+		val := reflect.New(tp)
+		pointers[i] = val.Interface()
+		if tp == reflect.TypeOf((*Sender)(nil)).Elem() {
+			val.Elem().SetString(sender)
+		} else if tp == reflect.TypeOf((*Message)(nil)).Elem() {
+			val.Elem().Set(reflect.ValueOf(*msg))
+		} else {
+			decode = append(decode, pointers[i])
+		}
+	}
+
+	if len(decode) != len(body) {
+		return nil, ErrMsgInvalidArg
+	}
+
+	if err := Store(body, decode...); err != nil {
+		return nil, ErrMsgInvalidArg
+	}
+
+	return pointers, nil
+}
+
+func (conn *Conn) decodeArguments(m Method, sender string, msg *Message) ([]interface{}, error) {
+	if decoder, ok := m.(ArgumentDecoder); ok {
+		return decoder.DecodeArguments(conn, sender, msg, msg.Body)
+	}
+	return standardMethodArgumentDecode(m, sender, msg, msg.Body)
+}
+
+// handleCall handles the given method call (i.e. looks if it's one of the
+// pre-implemented ones and searches for a corresponding handler if not).
+func (conn *Conn) handleCall(msg *Message) {
+	name := msg.Headers[FieldMember].value.(string)
+	path := msg.Headers[FieldPath].value.(ObjectPath)
+	ifaceName, _ := msg.Headers[FieldInterface].value.(string)
+	sender, hasSender := msg.Headers[FieldSender].value.(string)
+	serial := msg.serial
+	if ifaceName == "org.freedesktop.DBus.Peer" {
+		switch name {
+		case "Ping":
+			conn.sendReply(sender, serial)
+		case "GetMachineId":
+			conn.sendReply(sender, serial, conn.uuid)
+		default:
+			conn.sendError(ErrMsgUnknownMethod, sender, serial)
+		}
+		return
+	}
+	if len(name) == 0 {
+		conn.sendError(ErrMsgUnknownMethod, sender, serial)
+	}
+
+	object, ok := conn.handler.LookupObject(path)
+	if !ok {
+		conn.sendError(ErrMsgNoObject, sender, serial)
+		return
+	}
+
+	iface, exists := object.LookupInterface(ifaceName)
+	if !exists {
+		conn.sendError(ErrMsgUnknownInterface, sender, serial)
+		return
+	}
+
+	m, exists := iface.LookupMethod(name)
+	if !exists {
+		conn.sendError(ErrMsgUnknownMethod, sender, serial)
+		return
+	}
+	args, err := conn.decodeArguments(m, sender, msg)
+	if err != nil {
+		conn.sendError(err, sender, serial)
+		return
+	}
+
+	ret, err := m.Call(args...)
+	if err != nil {
+		conn.sendError(err, sender, serial)
+		return
+	}
+
+	if msg.Flags&FlagNoReplyExpected == 0 {
+		reply := new(Message)
+		reply.Type = TypeMethodReply
+		reply.Headers = make(map[HeaderField]Variant)
+		if hasSender {
+			reply.Headers[FieldDestination] = msg.Headers[FieldSender]
+		}
+		reply.Headers[FieldReplySerial] = MakeVariant(msg.serial)
+		reply.Body = make([]interface{}, len(ret))
+		for i := 0; i < len(ret); i++ {
+			reply.Body[i] = ret[i]
+		}
+		reply.Headers[FieldSignature] = MakeVariant(SignatureOf(reply.Body...))
+
+		conn.sendMessageAndIfClosed(reply, nil)
+	}
+}
+
+// Emit emits the given signal on the message bus. The name parameter must be
+// formatted as "interface.member", e.g., "org.freedesktop.DBus.NameLost".
+func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) error {
+	if !path.IsValid() {
+		return errors.New("dbus: invalid object path")
+	}
+	i := strings.LastIndex(name, ".")
+	if i == -1 {
+		return errors.New("dbus: invalid method name")
+	}
+	iface := name[:i]
+	member := name[i+1:]
+	if !isValidMember(member) {
+		return errors.New("dbus: invalid method name")
+	}
+	if !isValidInterface(iface) {
+		return errors.New("dbus: invalid interface name")
+	}
+	msg := new(Message)
+	msg.Type = TypeSignal
+	msg.Headers = make(map[HeaderField]Variant)
+	msg.Headers[FieldInterface] = MakeVariant(iface)
+	msg.Headers[FieldMember] = MakeVariant(member)
+	msg.Headers[FieldPath] = MakeVariant(path)
+	msg.Body = values
+	if len(values) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
+	}
+
+	var closed bool
+	conn.sendMessageAndIfClosed(msg, func() {
+		closed = true
+	})
+	if closed {
+		return ErrClosed
+	}
+	return nil
+}
+
+// Export registers the given value to be exported as an object on the
+// message bus.
+//
+// If a method call on the given path and interface is received, an exported
+// method with the same name is called with v as the receiver if the
+// parameters match and the last return value is of type *Error. If this
+// *Error is not nil, it is sent back to the caller as an error.
+// Otherwise, a method reply is sent with the other return values as its body.
+//
+// Any parameters with the special type Sender are set to the sender of the
+// dbus message when the method is called. Parameters of this type do not
+// contribute to the dbus signature of the method (i.e. the method is exposed
+// as if the parameters of type Sender were not there).
+//
+// Similarly, any parameters with the type Message are set to the raw message
+// received on the bus. Again, parameters of this type do not contribute to the
+// dbus signature of the method.
+//
+// Every method call is executed in a new goroutine, so the method may be called
+// in multiple goroutines at once.
+//
+// Method calls on the interface org.freedesktop.DBus.Peer will be automatically
+// handled for every object.
+//
+// Passing nil as the first parameter will cause conn to cease handling calls on
+// the given combination of path and interface.
+//
+// Export returns an error if path is not a valid path name.
+func (conn *Conn) Export(v interface{}, path ObjectPath, iface string) error {
+	return conn.ExportWithMap(v, nil, path, iface)
+}
+
+// ExportAll registers all exported methods defined by the given object on
+// the message bus.
+//
+// Unlike Export there is no requirement to have the last parameter as type
+// *Error. If you want to be able to return error then you can append an error
+// type parameter to your method signature. If the error returned is not nil,
+// it is sent back to the caller as an error. Otherwise, a method reply is
+// sent with the other return values as its body.
+func (conn *Conn) ExportAll(v interface{}, path ObjectPath, iface string) error {
+	return conn.export(getAllMethods(v, nil), path, iface, false)
+}
+
+// ExportWithMap works exactly like Export but provides the ability to remap
+// method names (e.g. export a lower-case method).
+//
+// The keys in the map are the real method names (exported on the struct), and
+// the values are the method names to be exported on DBus.
+func (conn *Conn) ExportWithMap(v interface{}, mapping map[string]string, path ObjectPath, iface string) error {
+	return conn.export(getMethods(v, mapping), path, iface, false)
+}
+
+// ExportSubtree works exactly like Export but registers the given value for
+// an entire subtree rather under the root path provided.
+//
+// In order to make this useful, one parameter in each of the value's exported
+// methods should be a Message, in which case it will contain the raw message
+// (allowing one to get access to the path that caused the method to be called).
+//
+// Note that more specific export paths take precedence over less specific. For
+// example, a method call using the ObjectPath /foo/bar/baz will call a method
+// exported on /foo/bar before a method exported on /foo.
+func (conn *Conn) ExportSubtree(v interface{}, path ObjectPath, iface string) error {
+	return conn.ExportSubtreeWithMap(v, nil, path, iface)
+}
+
+// ExportSubtreeWithMap works exactly like ExportSubtree but provides the
+// ability to remap method names (e.g. export a lower-case method).
+//
+// The keys in the map are the real method names (exported on the struct), and
+// the values are the method names to be exported on DBus.
+func (conn *Conn) ExportSubtreeWithMap(v interface{}, mapping map[string]string, path ObjectPath, iface string) error {
+	return conn.export(getMethods(v, mapping), path, iface, true)
+}
+
+// ExportMethodTable like Export registers the given methods as an object
+// on the message bus. Unlike Export the it uses a method table to define
+// the object instead of a native go object.
+//
+// The method table is a map from method name to function closure
+// representing the method. This allows an object exported on the bus to not
+// necessarily be a native go object. It can be useful for generating exposed
+// methods on the fly.
+//
+// Any non-function objects in the method table are ignored.
+func (conn *Conn) ExportMethodTable(methods map[string]interface{}, path ObjectPath, iface string) error {
+	return conn.exportMethodTable(methods, path, iface, false)
+}
+
+// Like ExportSubtree, but with the same caveats as ExportMethodTable.
+func (conn *Conn) ExportSubtreeMethodTable(methods map[string]interface{}, path ObjectPath, iface string) error {
+	return conn.exportMethodTable(methods, path, iface, true)
+}
+
+func (conn *Conn) exportMethodTable(methods map[string]interface{}, path ObjectPath, iface string, includeSubtree bool) error {
+	var out map[string]reflect.Value
+	if methods != nil {
+		out = make(map[string]reflect.Value)
+		for name, method := range methods {
+			rval := reflect.ValueOf(method)
+			if rval.Kind() != reflect.Func {
+				continue
+			}
+			t := rval.Type()
+			// only track valid methods must return *Error as last arg
+			if t.NumOut() == 0 ||
+				t.Out(t.NumOut()-1) != reflect.TypeOf(&ErrMsgInvalidArg) {
+				continue
+			}
+			out[name] = rval
+		}
+	}
+	return conn.export(out, path, iface, includeSubtree)
+}
+
+func (conn *Conn) unexport(h *defaultHandler, path ObjectPath, iface string) error {
+	if h.PathExists(path) {
+		obj := h.objects[path]
+		obj.DeleteInterface(iface)
+		if len(obj.interfaces) == 0 {
+			h.DeleteObject(path)
+		}
+	}
+	return nil
+}
+
+// export is the worker function for all exports/registrations.
+func (conn *Conn) export(methods map[string]reflect.Value, path ObjectPath, iface string, includeSubtree bool) error {
+	h, ok := conn.handler.(*defaultHandler)
+	if !ok {
+		return fmt.Errorf(
+			`dbus: export only allowed on the default handler. Received: %T"`,
+			conn.handler)
+	}
+
+	if !path.IsValid() {
+		return fmt.Errorf(`dbus: Invalid path name: "%s"`, path)
+	}
+
+	// Remove a previous export if the interface is nil
+	if methods == nil {
+		return conn.unexport(h, path, iface)
+	}
+
+	// If this is the first handler for this path, make a new map to hold all
+	// handlers for this path.
+	if !h.PathExists(path) {
+		h.AddObject(path, newExportedObject())
+	}
+
+	exportedMethods := make(map[string]Method)
+	for name, method := range methods {
+		exportedMethods[name] = exportedMethod{method}
+	}
+
+	// Finally, save this handler
+	obj := h.objects[path]
+	obj.AddInterface(iface, newExportedIntf(exportedMethods, includeSubtree))
+
+	return nil
+}
+
+// ReleaseName calls org.freedesktop.DBus.ReleaseName and awaits a response.
+func (conn *Conn) ReleaseName(name string) (ReleaseNameReply, error) {
+	var r uint32
+	err := conn.busObj.Call("org.freedesktop.DBus.ReleaseName", 0, name).Store(&r)
+	if err != nil {
+		return 0, err
+	}
+	return ReleaseNameReply(r), nil
+}
+
+// RequestName calls org.freedesktop.DBus.RequestName and awaits a response.
+func (conn *Conn) RequestName(name string, flags RequestNameFlags) (RequestNameReply, error) {
+	var r uint32
+	err := conn.busObj.Call("org.freedesktop.DBus.RequestName", 0, name, flags).Store(&r)
+	if err != nil {
+		return 0, err
+	}
+	return RequestNameReply(r), nil
+}
+
+// ReleaseNameReply is the reply to a ReleaseName call.
+type ReleaseNameReply uint32
+
+const (
+	ReleaseNameReplyReleased ReleaseNameReply = 1 + iota
+	ReleaseNameReplyNonExistent
+	ReleaseNameReplyNotOwner
+)
+
+// RequestNameFlags represents the possible flags for a RequestName call.
+type RequestNameFlags uint32
+
+const (
+	NameFlagAllowReplacement RequestNameFlags = 1 << iota
+	NameFlagReplaceExisting
+	NameFlagDoNotQueue
+)
+
+// RequestNameReply is the reply to a RequestName call.
+type RequestNameReply uint32
+
+const (
+	RequestNameReplyPrimaryOwner RequestNameReply = 1 + iota
+	RequestNameReplyInQueue
+	RequestNameReplyExists
+	RequestNameReplyAlreadyOwner
+)
diff --git a/vendor/github.com/godbus/dbus/v5/go.mod b/vendor/github.com/godbus/dbus/v5/go.mod
new file mode 100644
index 0000000000000..15b920203c554
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/go.mod
@@ -0,0 +1,3 @@
+module github.com/godbus/dbus/v5
+
+go 1.12
diff --git a/vendor/github.com/godbus/dbus/homedir.go b/vendor/github.com/godbus/dbus/v5/homedir.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/homedir.go
rename to vendor/github.com/godbus/dbus/v5/homedir.go
diff --git a/vendor/github.com/godbus/dbus/homedir_dynamic.go b/vendor/github.com/godbus/dbus/v5/homedir_dynamic.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/homedir_dynamic.go
rename to vendor/github.com/godbus/dbus/v5/homedir_dynamic.go
diff --git a/vendor/github.com/godbus/dbus/homedir_static.go b/vendor/github.com/godbus/dbus/v5/homedir_static.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/homedir_static.go
rename to vendor/github.com/godbus/dbus/v5/homedir_static.go
diff --git a/vendor/github.com/godbus/dbus/v5/match.go b/vendor/github.com/godbus/dbus/v5/match.go
new file mode 100644
index 0000000000000..5a607e53e4107
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/match.go
@@ -0,0 +1,89 @@
+package dbus
+
+import (
+	"strconv"
+	"strings"
+)
+
+// MatchOption specifies option for dbus routing match rule. Options can be constructed with WithMatch* helpers.
+// For full list of available options consult
+// https://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-routing-match-rules
+type MatchOption struct {
+	key   string
+	value string
+}
+
+func formatMatchOptions(options []MatchOption) string {
+	items := make([]string, 0, len(options))
+	for _, option := range options {
+		items = append(items, option.key+"='"+option.value+"'")
+	}
+	return strings.Join(items, ",")
+}
+
+// WithMatchOption creates match option with given key and value
+func WithMatchOption(key, value string) MatchOption {
+	return MatchOption{key, value}
+}
+
+// doesn't make sense to export this option because clients can only
+// subscribe to messages with signal type.
+func withMatchType(typ string) MatchOption {
+	return WithMatchOption("type", typ)
+}
+
+// WithMatchSender sets sender match option.
+func WithMatchSender(sender string) MatchOption {
+	return WithMatchOption("sender", sender)
+}
+
+// WithMatchSender sets interface match option.
+func WithMatchInterface(iface string) MatchOption {
+	return WithMatchOption("interface", iface)
+}
+
+// WithMatchMember sets member match option.
+func WithMatchMember(member string) MatchOption {
+	return WithMatchOption("member", member)
+}
+
+// WithMatchObjectPath creates match option that filters events based on given path
+func WithMatchObjectPath(path ObjectPath) MatchOption {
+	return WithMatchOption("path", string(path))
+}
+
+// WithMatchPathNamespace sets path_namespace match option.
+func WithMatchPathNamespace(namespace ObjectPath) MatchOption {
+	return WithMatchOption("path_namespace", string(namespace))
+}
+
+// WithMatchDestination sets destination match option.
+func WithMatchDestination(destination string) MatchOption {
+	return WithMatchOption("destination", destination)
+}
+
+// WithMatchArg sets argN match option, range of N is 0 to 63.
+func WithMatchArg(argIdx int, value string) MatchOption {
+	if argIdx < 0 || argIdx > 63 {
+		panic("range of argument index is 0 to 63")
+	}
+	return WithMatchOption("arg"+strconv.Itoa(argIdx), value)
+}
+
+// WithMatchArgPath sets argN path match option, range of N is 0 to 63.
+func WithMatchArgPath(argIdx int, path string) MatchOption {
+	if argIdx < 0 || argIdx > 63 {
+		panic("range of argument index is 0 to 63")
+	}
+	return WithMatchOption("arg"+strconv.Itoa(argIdx)+"path", path)
+}
+
+// WithMatchArg0Namespace sets arg0namespace match option.
+func WithMatchArg0Namespace(arg0Namespace string) MatchOption {
+	return WithMatchOption("arg0namespace", arg0Namespace)
+}
+
+// WithMatchEavesdrop sets eavesdrop match option.
+func WithMatchEavesdrop(eavesdrop bool) MatchOption {
+	return WithMatchOption("eavesdrop", strconv.FormatBool(eavesdrop))
+}
diff --git a/vendor/github.com/godbus/dbus/message.go b/vendor/github.com/godbus/dbus/v5/message.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/message.go
rename to vendor/github.com/godbus/dbus/v5/message.go
diff --git a/vendor/github.com/godbus/dbus/v5/object.go b/vendor/github.com/godbus/dbus/v5/object.go
new file mode 100644
index 0000000000000..664abb7fbabb6
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/object.go
@@ -0,0 +1,174 @@
+package dbus
+
+import (
+	"context"
+	"errors"
+	"strings"
+)
+
+// BusObject is the interface of a remote object on which methods can be
+// invoked.
+type BusObject interface {
+	Call(method string, flags Flags, args ...interface{}) *Call
+	CallWithContext(ctx context.Context, method string, flags Flags, args ...interface{}) *Call
+	Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call
+	GoWithContext(ctx context.Context, method string, flags Flags, ch chan *Call, args ...interface{}) *Call
+	AddMatchSignal(iface, member string, options ...MatchOption) *Call
+	RemoveMatchSignal(iface, member string, options ...MatchOption) *Call
+	GetProperty(p string) (Variant, error)
+	StoreProperty(p string, value interface{}) error
+	SetProperty(p string, v interface{}) error
+	Destination() string
+	Path() ObjectPath
+}
+
+// Object represents a remote object on which methods can be invoked.
+type Object struct {
+	conn *Conn
+	dest string
+	path ObjectPath
+}
+
+// Call calls a method with (*Object).Go and waits for its reply.
+func (o *Object) Call(method string, flags Flags, args ...interface{}) *Call {
+	return <-o.createCall(context.Background(), method, flags, make(chan *Call, 1), args...).Done
+}
+
+// CallWithContext acts like Call but takes a context
+func (o *Object) CallWithContext(ctx context.Context, method string, flags Flags, args ...interface{}) *Call {
+	return <-o.createCall(ctx, method, flags, make(chan *Call, 1), args...).Done
+}
+
+// AddMatchSignal subscribes BusObject to signals from specified interface,
+// method (member). Additional filter rules can be added via WithMatch* option constructors.
+// Note: To filter events by object path you have to specify this path via an option.
+//
+// Deprecated: use (*Conn) AddMatchSignal instead.
+func (o *Object) AddMatchSignal(iface, member string, options ...MatchOption) *Call {
+	base := []MatchOption{
+		withMatchType("signal"),
+		WithMatchInterface(iface),
+		WithMatchMember(member),
+	}
+
+	options = append(base, options...)
+	return o.conn.BusObject().Call(
+		"org.freedesktop.DBus.AddMatch",
+		0,
+		formatMatchOptions(options),
+	)
+}
+
+// RemoveMatchSignal unsubscribes BusObject from signals from specified interface,
+// method (member). Additional filter rules can be added via WithMatch* option constructors
+//
+// Deprecated: use (*Conn) RemoveMatchSignal instead.
+func (o *Object) RemoveMatchSignal(iface, member string, options ...MatchOption) *Call {
+	base := []MatchOption{
+		withMatchType("signal"),
+		WithMatchInterface(iface),
+		WithMatchMember(member),
+	}
+
+	options = append(base, options...)
+	return o.conn.BusObject().Call(
+		"org.freedesktop.DBus.RemoveMatch",
+		0,
+		formatMatchOptions(options),
+	)
+}
+
+// Go calls a method with the given arguments asynchronously. It returns a
+// Call structure representing this method call. The passed channel will
+// return the same value once the call is done. If ch is nil, a new channel
+// will be allocated. Otherwise, ch has to be buffered or Go will panic.
+//
+// If the flags include FlagNoReplyExpected, ch is ignored and a Call structure
+// is returned with any error in Err and a closed channel in Done containing
+// the returned Call as it's one entry.
+//
+// If the method parameter contains a dot ('.'), the part before the last dot
+// specifies the interface on which the method is called.
+func (o *Object) Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call {
+	return o.createCall(context.Background(), method, flags, ch, args...)
+}
+
+// GoWithContext acts like Go but takes a context
+func (o *Object) GoWithContext(ctx context.Context, method string, flags Flags, ch chan *Call, args ...interface{}) *Call {
+	return o.createCall(ctx, method, flags, ch, args...)
+}
+
+func (o *Object) createCall(ctx context.Context, method string, flags Flags, ch chan *Call, args ...interface{}) *Call {
+	if ctx == nil {
+		panic("nil context")
+	}
+	iface := ""
+	i := strings.LastIndex(method, ".")
+	if i != -1 {
+		iface = method[:i]
+	}
+	method = method[i+1:]
+	msg := new(Message)
+	msg.Type = TypeMethodCall
+	msg.Flags = flags & (FlagNoAutoStart | FlagNoReplyExpected)
+	msg.Headers = make(map[HeaderField]Variant)
+	msg.Headers[FieldPath] = MakeVariant(o.path)
+	msg.Headers[FieldDestination] = MakeVariant(o.dest)
+	msg.Headers[FieldMember] = MakeVariant(method)
+	if iface != "" {
+		msg.Headers[FieldInterface] = MakeVariant(iface)
+	}
+	msg.Body = args
+	if len(args) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(args...))
+	}
+	return o.conn.SendWithContext(ctx, msg, ch)
+}
+
+// GetProperty calls org.freedesktop.DBus.Properties.Get on the given
+// object. The property name must be given in interface.member notation.
+func (o *Object) GetProperty(p string) (Variant, error) {
+	var result Variant
+	err := o.StoreProperty(p, &result)
+	return result, err
+}
+
+// StoreProperty calls org.freedesktop.DBus.Properties.Get on the given
+// object. The property name must be given in interface.member notation.
+// It stores the returned property into the provided value.
+func (o *Object) StoreProperty(p string, value interface{}) error {
+	idx := strings.LastIndex(p, ".")
+	if idx == -1 || idx+1 == len(p) {
+		return errors.New("dbus: invalid property " + p)
+	}
+
+	iface := p[:idx]
+	prop := p[idx+1:]
+
+	return o.Call("org.freedesktop.DBus.Properties.Get", 0, iface, prop).
+		Store(value)
+}
+
+// SetProperty calls org.freedesktop.DBus.Properties.Set on the given
+// object. The property name must be given in interface.member notation.
+func (o *Object) SetProperty(p string, v interface{}) error {
+	idx := strings.LastIndex(p, ".")
+	if idx == -1 || idx+1 == len(p) {
+		return errors.New("dbus: invalid property " + p)
+	}
+
+	iface := p[:idx]
+	prop := p[idx+1:]
+
+	return o.Call("org.freedesktop.DBus.Properties.Set", 0, iface, prop, v).Err
+}
+
+// Destination returns the destination that calls on (o *Object) are sent to.
+func (o *Object) Destination() string {
+	return o.dest
+}
+
+// Path returns the path that calls on (o *Object") are sent to.
+func (o *Object) Path() ObjectPath {
+	return o.path
+}
diff --git a/vendor/github.com/godbus/dbus/v5/sequence.go b/vendor/github.com/godbus/dbus/v5/sequence.go
new file mode 100644
index 0000000000000..89435d3933bdb
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/sequence.go
@@ -0,0 +1,24 @@
+package dbus
+
+// Sequence represents the value of a monotonically increasing counter.
+type Sequence uint64
+
+const (
+	// NoSequence indicates the absence of a sequence value.
+	NoSequence Sequence = 0
+)
+
+// sequenceGenerator represents a monotonically increasing counter.
+type sequenceGenerator struct {
+	nextSequence Sequence
+}
+
+func (generator *sequenceGenerator) next() Sequence {
+	result := generator.nextSequence
+	generator.nextSequence++
+	return result
+}
+
+func newSequenceGenerator() *sequenceGenerator {
+	return &sequenceGenerator{nextSequence: 1}
+}
diff --git a/vendor/github.com/godbus/dbus/v5/sequential_handler.go b/vendor/github.com/godbus/dbus/v5/sequential_handler.go
new file mode 100644
index 0000000000000..ef2fcdba179cf
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/sequential_handler.go
@@ -0,0 +1,125 @@
+package dbus
+
+import (
+	"sync"
+)
+
+// NewSequentialSignalHandler returns an instance of a new
+// signal handler that guarantees sequential processing of signals. It is a
+// guarantee of this signal handler that signals will be written to
+// channels in the order they are received on the DBus connection.
+func NewSequentialSignalHandler() SignalHandler {
+	return &sequentialSignalHandler{}
+}
+
+type sequentialSignalHandler struct {
+	mu      sync.RWMutex
+	closed  bool
+	signals []*sequentialSignalChannelData
+}
+
+func (sh *sequentialSignalHandler) DeliverSignal(intf, name string, signal *Signal) {
+	sh.mu.RLock()
+	defer sh.mu.RUnlock()
+	if sh.closed {
+		return
+	}
+	for _, scd := range sh.signals {
+		scd.deliver(signal)
+	}
+}
+
+func (sh *sequentialSignalHandler) Terminate() {
+	sh.mu.Lock()
+	defer sh.mu.Unlock()
+	if sh.closed {
+		return
+	}
+
+	for _, scd := range sh.signals {
+		scd.close()
+		close(scd.ch)
+	}
+	sh.closed = true
+	sh.signals = nil
+}
+
+func (sh *sequentialSignalHandler) AddSignal(ch chan<- *Signal) {
+	sh.mu.Lock()
+	defer sh.mu.Unlock()
+	if sh.closed {
+		return
+	}
+	sh.signals = append(sh.signals, newSequentialSignalChannelData(ch))
+}
+
+func (sh *sequentialSignalHandler) RemoveSignal(ch chan<- *Signal) {
+	sh.mu.Lock()
+	defer sh.mu.Unlock()
+	if sh.closed {
+		return
+	}
+	for i := len(sh.signals) - 1; i >= 0; i-- {
+		if ch == sh.signals[i].ch {
+			sh.signals[i].close()
+			copy(sh.signals[i:], sh.signals[i+1:])
+			sh.signals[len(sh.signals)-1] = nil
+			sh.signals = sh.signals[:len(sh.signals)-1]
+		}
+	}
+}
+
+type sequentialSignalChannelData struct {
+	ch   chan<- *Signal
+	in   chan *Signal
+	done chan struct{}
+}
+
+func newSequentialSignalChannelData(ch chan<- *Signal) *sequentialSignalChannelData {
+	scd := &sequentialSignalChannelData{
+		ch:   ch,
+		in:   make(chan *Signal),
+		done: make(chan struct{}),
+	}
+	go scd.bufferSignals()
+	return scd
+}
+
+func (scd *sequentialSignalChannelData) bufferSignals() {
+	defer close(scd.done)
+
+	// Ensure that signals are delivered to scd.ch in the same
+	// order they are received from scd.in.
+	var queue []*Signal
+	for {
+		if len(queue) == 0 {
+			signal, ok := <- scd.in
+			if !ok {
+				return
+			}
+			queue = append(queue, signal)
+		}
+		select {
+		case scd.ch <- queue[0]:
+			copy(queue, queue[1:])
+			queue[len(queue)-1] = nil
+			queue = queue[:len(queue)-1]
+		case signal, ok := <-scd.in:
+			if !ok {
+				return
+			}
+			queue = append(queue, signal)
+		}
+	}
+}
+
+func (scd *sequentialSignalChannelData) deliver(signal *Signal) {
+	scd.in <- signal
+}
+
+func (scd *sequentialSignalChannelData) close() {
+	close(scd.in)
+	// Ensure that bufferSignals() has exited and won't attempt
+	// any future sends on scd.ch
+	<-scd.done
+}
diff --git a/vendor/github.com/godbus/dbus/v5/server_interfaces.go b/vendor/github.com/godbus/dbus/v5/server_interfaces.go
new file mode 100644
index 0000000000000..79d97edf3ece9
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/server_interfaces.go
@@ -0,0 +1,107 @@
+package dbus
+
+// Terminator allows a handler to implement a shutdown mechanism that
+// is called when the connection terminates.
+type Terminator interface {
+	Terminate()
+}
+
+// Handler is the representation of a D-Bus Application.
+//
+// The Handler must have a way to lookup objects given
+// an ObjectPath. The returned object must implement the
+// ServerObject interface.
+type Handler interface {
+	LookupObject(path ObjectPath) (ServerObject, bool)
+}
+
+// ServerObject is the representation of an D-Bus Object.
+//
+// Objects are registered at a path for a given Handler.
+// The Objects implement D-Bus interfaces. The semantics
+// of Interface lookup is up to the implementation of
+// the ServerObject. The ServerObject implementation may
+// choose to implement empty string as a valid interface
+// represeting all methods or not per the D-Bus specification.
+type ServerObject interface {
+	LookupInterface(name string) (Interface, bool)
+}
+
+// An Interface is the representation of a D-Bus Interface.
+//
+// Interfaces are a grouping of methods implemented by the Objects.
+// Interfaces are responsible for routing method calls.
+type Interface interface {
+	LookupMethod(name string) (Method, bool)
+}
+
+// A Method represents the exposed methods on D-Bus.
+type Method interface {
+	// Call requires that all arguments are decoded before being passed to it.
+	Call(args ...interface{}) ([]interface{}, error)
+	NumArguments() int
+	NumReturns() int
+	// ArgumentValue returns a representative value for the argument at position
+	// it should be of the proper type. reflect.Zero would be a good mechanism
+	// to use for this Value.
+	ArgumentValue(position int) interface{}
+	// ReturnValue returns a representative value for the return at position
+	// it should be of the proper type. reflect.Zero would be a good mechanism
+	// to use for this Value.
+	ReturnValue(position int) interface{}
+}
+
+// An Argument Decoder can decode arguments using the non-standard mechanism
+//
+// If a method implements this interface then the non-standard
+// decoder will be used.
+//
+// Method arguments must be decoded from the message.
+// The mechanism for doing this will vary based on the
+// implementation of the method. A normal approach is provided
+// as part of this library, but may be replaced with
+// any other decoding scheme.
+type ArgumentDecoder interface {
+	// To decode the arguments of a method the sender and message are
+	// provided incase the semantics of the implementer provides access
+	// to these as part of the method invocation.
+	DecodeArguments(conn *Conn, sender string, msg *Message, args []interface{}) ([]interface{}, error)
+}
+
+// A SignalHandler is responsible for delivering a signal.
+//
+// Signal delivery may be changed from the default channel
+// based approach by Handlers implementing the SignalHandler
+// interface.
+type SignalHandler interface {
+	DeliverSignal(iface, name string, signal *Signal)
+}
+
+// SignalRegistrar manages signal delivery channels.
+//
+// This is an optional set of methods for `SignalHandler`.
+type SignalRegistrar interface {
+	AddSignal(ch chan<- *Signal)
+	RemoveSignal(ch chan<- *Signal)
+}
+
+// A DBusError is used to convert a generic object to a D-Bus error.
+//
+// Any custom error mechanism may implement this interface to provide
+// a custom encoding of the error on D-Bus. By default if a normal
+// error is returned, it will be encoded as the generic
+// "org.freedesktop.DBus.Error.Failed" error. By implementing this
+// interface as well a custom encoding may be provided.
+type DBusError interface {
+	DBusError() (string, []interface{})
+}
+
+// SerialGenerator is responsible for serials generation.
+//
+// Different approaches for the serial generation can be used,
+// maintaining a map guarded with a mutex (the standard way) or
+// simply increment an atomic counter.
+type SerialGenerator interface {
+	GetSerial() uint32
+	RetireSerial(serial uint32)
+}
diff --git a/vendor/github.com/godbus/dbus/sig.go b/vendor/github.com/godbus/dbus/v5/sig.go
similarity index 96%
rename from vendor/github.com/godbus/dbus/sig.go
rename to vendor/github.com/godbus/dbus/v5/sig.go
index f45b53ce1b275..2d326cebc0d84 100644
--- a/vendor/github.com/godbus/dbus/sig.go
+++ b/vendor/github.com/godbus/dbus/v5/sig.go
@@ -57,12 +57,12 @@ func getSignature(t reflect.Type) string {
 		return "n"
 	case reflect.Uint16:
 		return "q"
-	case reflect.Int32:
+	case reflect.Int, reflect.Int32:
 		if t == unixFDType {
 			return "h"
 		}
 		return "i"
-	case reflect.Uint32:
+	case reflect.Uint, reflect.Uint32:
 		if t == unixFDIndexType {
 			return "h"
 		}
@@ -101,6 +101,8 @@ func getSignature(t reflect.Type) string {
 			panic(InvalidTypeError{t})
 		}
 		return "a{" + getSignature(t.Key()) + getSignature(t.Elem()) + "}"
+	case reflect.Interface:
+		return "v"
 	}
 	panic(InvalidTypeError{t})
 }
@@ -135,7 +137,7 @@ func ParseSignatureMust(s string) Signature {
 	return sig
 }
 
-// Empty retruns whether the signature is the empty signature.
+// Empty returns whether the signature is the empty signature.
 func (s Signature) Empty() bool {
 	return s.str == ""
 }
@@ -162,7 +164,7 @@ func (e SignatureError) Error() string {
 	return fmt.Sprintf("dbus: invalid signature: %q (%s)", e.Sig, e.Reason)
 }
 
-// Try to read a single type from this string. If it was successfull, err is nil
+// Try to read a single type from this string. If it was successful, err is nil
 // and rem is the remaining unparsed part. Otherwise, err is a non-nil
 // SignatureError and rem is "". depth is the current recursion depth which may
 // not be greater than 64 and should be given as 0 on the first call.
diff --git a/vendor/github.com/godbus/dbus/transport_darwin.go b/vendor/github.com/godbus/dbus/v5/transport_darwin.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/transport_darwin.go
rename to vendor/github.com/godbus/dbus/v5/transport_darwin.go
diff --git a/vendor/github.com/godbus/dbus/v5/transport_generic.go b/vendor/github.com/godbus/dbus/v5/transport_generic.go
new file mode 100644
index 0000000000000..718a1ff0219a1
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/transport_generic.go
@@ -0,0 +1,50 @@
+package dbus
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+	"unsafe"
+)
+
+var nativeEndian binary.ByteOrder
+
+func detectEndianness() binary.ByteOrder {
+	var x uint32 = 0x01020304
+	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
+		return binary.BigEndian
+	}
+	return binary.LittleEndian
+}
+
+func init() {
+	nativeEndian = detectEndianness()
+}
+
+type genericTransport struct {
+	io.ReadWriteCloser
+}
+
+func (t genericTransport) SendNullByte() error {
+	_, err := t.Write([]byte{0})
+	return err
+}
+
+func (t genericTransport) SupportsUnixFDs() bool {
+	return false
+}
+
+func (t genericTransport) EnableUnixFDs() {}
+
+func (t genericTransport) ReadMessage() (*Message, error) {
+	return DecodeMessage(t)
+}
+
+func (t genericTransport) SendMessage(msg *Message) error {
+	for _, v := range msg.Body {
+		if _, ok := v.(UnixFD); ok {
+			return errors.New("dbus: unix fd passing not enabled")
+		}
+	}
+	return msg.EncodeTo(t, nativeEndian)
+}
diff --git a/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go b/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go
new file mode 100644
index 0000000000000..697739efafbfb
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go
@@ -0,0 +1,39 @@
+//+build !windows
+
+package dbus
+
+import (
+	"errors"
+	"io/ioutil"
+	"net"
+)
+
+func init() {
+	transports["nonce-tcp"] = newNonceTcpTransport
+}
+
+func newNonceTcpTransport(keys string) (transport, error) {
+	host := getKey(keys, "host")
+	port := getKey(keys, "port")
+	noncefile := getKey(keys, "noncefile")
+	if host == "" || port == "" || noncefile == "" {
+		return nil, errors.New("dbus: unsupported address (must set host, port and noncefile)")
+	}
+	protocol, err := tcpFamily(keys)
+	if err != nil {
+		return nil, err
+	}
+	socket, err := net.Dial(protocol, net.JoinHostPort(host, port))
+	if err != nil {
+		return nil, err
+	}
+	b, err := ioutil.ReadFile(noncefile)
+	if err != nil {
+		return nil, err
+	}
+	_, err = socket.Write(b)
+	if err != nil {
+		return nil, err
+	}
+	return NewConn(socket)
+}
diff --git a/vendor/github.com/godbus/dbus/transport_tcp.go b/vendor/github.com/godbus/dbus/v5/transport_tcp.go
similarity index 97%
rename from vendor/github.com/godbus/dbus/transport_tcp.go
rename to vendor/github.com/godbus/dbus/v5/transport_tcp.go
index dd1c8e59c5b86..f91c9b7d709cb 100644
--- a/vendor/github.com/godbus/dbus/transport_tcp.go
+++ b/vendor/github.com/godbus/dbus/v5/transport_tcp.go
@@ -1,5 +1,3 @@
-//+build !windows
-
 package dbus
 
 import (
diff --git a/vendor/github.com/godbus/dbus/transport_unix.go b/vendor/github.com/godbus/dbus/v5/transport_unix.go
similarity index 84%
rename from vendor/github.com/godbus/dbus/transport_unix.go
rename to vendor/github.com/godbus/dbus/v5/transport_unix.go
index a1d00cbc1247f..c7cd02f97fdf2 100644
--- a/vendor/github.com/godbus/dbus/transport_unix.go
+++ b/vendor/github.com/godbus/dbus/v5/transport_unix.go
@@ -31,6 +31,7 @@ func (o *oobReader) Read(b []byte) (n int, err error) {
 
 type unixTransport struct {
 	*net.UnixConn
+	rdr        *oobReader
 	hasUnixFDs bool
 }
 
@@ -79,10 +80,15 @@ func (t *unixTransport) ReadMessage() (*Message, error) {
 	// To be sure that all bytes of out-of-band data are read, we use a special
 	// reader that uses ReadUnix on the underlying connection instead of Read
 	// and gathers the out-of-band data in a buffer.
-	rd := &oobReader{conn: t.UnixConn}
+	if t.rdr == nil {
+		t.rdr = &oobReader{conn: t.UnixConn}
+	} else {
+		t.rdr.oob = nil
+	}
+
 	// read the first 16 bytes (the part of the header that has a constant size),
 	// from which we can figure out the length of the rest of the message
-	if _, err := io.ReadFull(rd, csheader[:]); err != nil {
+	if _, err := io.ReadFull(t.rdr, csheader[:]); err != nil {
 		return nil, err
 	}
 	switch csheader[0] {
@@ -104,7 +110,7 @@ func (t *unixTransport) ReadMessage() (*Message, error) {
 	// decode headers and look for unix fds
 	headerdata := make([]byte, hlen+4)
 	copy(headerdata, csheader[12:])
-	if _, err := io.ReadFull(t, headerdata[4:]); err != nil {
+	if _, err := io.ReadFull(t.rdr, headerdata[4:]); err != nil {
 		return nil, err
 	}
 	dec := newDecoder(bytes.NewBuffer(headerdata), order)
@@ -122,7 +128,7 @@ func (t *unixTransport) ReadMessage() (*Message, error) {
 	all := make([]byte, 16+hlen+blen)
 	copy(all, csheader[:])
 	copy(all[16:], headerdata[4:])
-	if _, err := io.ReadFull(rd, all[16+hlen:]); err != nil {
+	if _, err := io.ReadFull(t.rdr, all[16+hlen:]); err != nil {
 		return nil, err
 	}
 	if unixfds != 0 {
@@ -130,7 +136,7 @@ func (t *unixTransport) ReadMessage() (*Message, error) {
 			return nil, errors.New("dbus: got unix fds on unsupported transport")
 		}
 		// read the fds from the OOB data
-		scms, err := syscall.ParseSocketControlMessage(rd.oob)
+		scms, err := syscall.ParseSocketControlMessage(t.rdr.oob)
 		if err != nil {
 			return nil, err
 		}
@@ -148,11 +154,23 @@ func (t *unixTransport) ReadMessage() (*Message, error) {
 		// substitute the values in the message body (which are indices for the
 		// array receiver via OOB) with the actual values
 		for i, v := range msg.Body {
-			if j, ok := v.(UnixFDIndex); ok {
+			switch v.(type) {
+			case UnixFDIndex:
+				j := v.(UnixFDIndex)
 				if uint32(j) >= unixfds {
 					return nil, InvalidMessageError("invalid index for unix fd")
 				}
 				msg.Body[i] = UnixFD(fds[j])
+			case []UnixFDIndex:
+				idxArray := v.([]UnixFDIndex)
+				fdArray := make([]UnixFD, len(idxArray))
+				for k, j := range idxArray {
+					if uint32(j) >= unixfds {
+						return nil, InvalidMessageError("invalid index for unix fd")
+					}
+					fdArray[k] = UnixFD(fds[j])
+				}
+				msg.Body[i] = fdArray
 			}
 		}
 		return msg, nil
@@ -175,7 +193,7 @@ func (t *unixTransport) SendMessage(msg *Message) error {
 		msg.Headers[FieldUnixFDs] = MakeVariant(uint32(len(fds)))
 		oob := syscall.UnixRights(fds...)
 		buf := new(bytes.Buffer)
-		msg.EncodeTo(buf, binary.LittleEndian)
+		msg.EncodeTo(buf, nativeEndian)
 		n, oobn, err := t.UnixConn.WriteMsgUnix(buf.Bytes(), oob, nil)
 		if err != nil {
 			return err
@@ -184,8 +202,8 @@ func (t *unixTransport) SendMessage(msg *Message) error {
 			return io.ErrShortWrite
 		}
 	} else {
-		if err := msg.EncodeTo(t, binary.LittleEndian); err != nil {
-			return nil
+		if err := msg.EncodeTo(t, nativeEndian); err != nil {
+			return err
 		}
 	}
 	return nil
diff --git a/vendor/github.com/godbus/dbus/transport_unixcred_dragonfly.go b/vendor/github.com/godbus/dbus/v5/transport_unixcred_dragonfly.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/transport_unixcred_dragonfly.go
rename to vendor/github.com/godbus/dbus/v5/transport_unixcred_dragonfly.go
diff --git a/vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go b/vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go
new file mode 100644
index 0000000000000..1b5ed2089d0b9
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go
@@ -0,0 +1,92 @@
+// The UnixCredentials system call is currently only implemented on Linux
+// http://golang.org/src/pkg/syscall/sockcmsg_linux.go
+// https://golang.org/s/go1.4-syscall
+// http://code.google.com/p/go/source/browse/unix/sockcmsg_linux.go?repo=sys
+
+// Local implementation of the UnixCredentials system call for FreeBSD
+
+package dbus
+
+/*
+const int sizeofPtr = sizeof(void*);
+#define _WANT_UCRED
+#include <sys/types.h>
+#include <sys/ucred.h>
+*/
+import "C"
+
+import (
+	"io"
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+// http://golang.org/src/pkg/syscall/ztypes_linux_amd64.go
+// https://golang.org/src/syscall/ztypes_freebsd_amd64.go
+type Ucred struct {
+	Pid int32
+	Uid uint32
+	Gid uint32
+}
+
+// http://golang.org/src/pkg/syscall/types_linux.go
+// https://golang.org/src/syscall/types_freebsd.go
+// https://github.com/freebsd/freebsd/blob/master/sys/sys/ucred.h
+const (
+	SizeofUcred = C.sizeof_struct_ucred
+)
+
+// http://golang.org/src/pkg/syscall/sockcmsg_unix.go
+func cmsgAlignOf(salen int) int {
+	salign := C.sizeofPtr
+
+	return (salen + salign - 1) & ^(salign - 1)
+}
+
+// http://golang.org/src/pkg/syscall/sockcmsg_unix.go
+func cmsgData(h *syscall.Cmsghdr) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(unsafe.Pointer(h)) + uintptr(cmsgAlignOf(syscall.SizeofCmsghdr)))
+}
+
+// http://golang.org/src/pkg/syscall/sockcmsg_linux.go
+// UnixCredentials encodes credentials into a socket control message
+// for sending to another process. This can be used for
+// authentication.
+func UnixCredentials(ucred *Ucred) []byte {
+	b := make([]byte, syscall.CmsgSpace(SizeofUcred))
+	h := (*syscall.Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = syscall.SOL_SOCKET
+	h.Type = syscall.SCM_CREDS
+	h.SetLen(syscall.CmsgLen(SizeofUcred))
+	*((*Ucred)(cmsgData(h))) = *ucred
+	return b
+}
+
+// http://golang.org/src/pkg/syscall/sockcmsg_linux.go
+// ParseUnixCredentials decodes a socket control message that contains
+// credentials in a Ucred structure. To receive such a message, the
+// SO_PASSCRED option must be enabled on the socket.
+func ParseUnixCredentials(m *syscall.SocketControlMessage) (*Ucred, error) {
+	if m.Header.Level != syscall.SOL_SOCKET {
+		return nil, syscall.EINVAL
+	}
+	if m.Header.Type != syscall.SCM_CREDS {
+		return nil, syscall.EINVAL
+	}
+	ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
+	return &ucred, nil
+}
+
+func (t *unixTransport) SendNullByte() error {
+	ucred := &Ucred{Pid: int32(os.Getpid()), Uid: uint32(os.Getuid()), Gid: uint32(os.Getgid())}
+	b := UnixCredentials(ucred)
+	_, oobn, err := t.UnixConn.WriteMsgUnix([]byte{0}, b, nil)
+	if err != nil {
+		return err
+	}
+	if oobn != len(b) {
+		return io.ErrShortWrite
+	}
+	return nil
+}
diff --git a/vendor/github.com/godbus/dbus/transport_unixcred_linux.go b/vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/transport_unixcred_linux.go
rename to vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go
diff --git a/vendor/github.com/godbus/dbus/v5/transport_unixcred_openbsd.go b/vendor/github.com/godbus/dbus/v5/transport_unixcred_openbsd.go
new file mode 100644
index 0000000000000..af7bafdf953b8
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/transport_unixcred_openbsd.go
@@ -0,0 +1,14 @@
+package dbus
+
+import "io"
+
+func (t *unixTransport) SendNullByte() error {
+	n, _, err := t.UnixConn.WriteMsgUnix([]byte{0}, nil, nil)
+	if err != nil {
+		return err
+	}
+	if n != 1 {
+		return io.ErrShortWrite
+	}
+	return nil
+}
diff --git a/vendor/github.com/godbus/dbus/variant.go b/vendor/github.com/godbus/dbus/v5/variant.go
similarity index 84%
rename from vendor/github.com/godbus/dbus/variant.go
rename to vendor/github.com/godbus/dbus/v5/variant.go
index b7b13ae90ddf1..f1e81f3ede671 100644
--- a/vendor/github.com/godbus/dbus/variant.go
+++ b/vendor/github.com/godbus/dbus/v5/variant.go
@@ -17,11 +17,16 @@ type Variant struct {
 // MakeVariant converts the given value to a Variant. It panics if v cannot be
 // represented as a D-Bus type.
 func MakeVariant(v interface{}) Variant {
-	return Variant{SignatureOf(v), v}
+	return MakeVariantWithSignature(v, SignatureOf(v))
+}
+
+// MakeVariantWithSignature converts the given value to a Variant.
+func MakeVariantWithSignature(v interface{}, s Signature) Variant {
+	return Variant{s, v}
 }
 
 // ParseVariant parses the given string as a variant as described at
-// https://developer.gnome.org/glib/unstable/gvariant-text.html. If sig is not
+// https://developer.gnome.org/glib/stable/gvariant-text.html. If sig is not
 // empty, it is taken to be the expected signature for the variant.
 func ParseVariant(s string, sig Signature) (Variant, error) {
 	tokens := varLex(s)
@@ -124,7 +129,7 @@ func (v Variant) Signature() Signature {
 }
 
 // String returns the string representation of the underlying value of v as
-// described at https://developer.gnome.org/glib/unstable/gvariant-text.html.
+// described at https://developer.gnome.org/glib/stable/gvariant-text.html.
 func (v Variant) String() string {
 	s, unamb := v.format()
 	if !unamb {
@@ -137,3 +142,9 @@ func (v Variant) String() string {
 func (v Variant) Value() interface{} {
 	return v.value
 }
+
+// Store converts the variant into a native go type using the same
+// mechanism as the "Store" function.
+func (v Variant) Store(value interface{}) error {
+	return storeInterfaces(v.value, value)
+}
diff --git a/vendor/github.com/godbus/dbus/variant_lexer.go b/vendor/github.com/godbus/dbus/v5/variant_lexer.go
similarity index 95%
rename from vendor/github.com/godbus/dbus/variant_lexer.go
rename to vendor/github.com/godbus/dbus/v5/variant_lexer.go
index 332007d6f1232..bf1398c8f0572 100644
--- a/vendor/github.com/godbus/dbus/variant_lexer.go
+++ b/vendor/github.com/godbus/dbus/v5/variant_lexer.go
@@ -51,7 +51,7 @@ func varLex(s string) []varToken {
 }
 
 func (l *varLexer) accept(valid string) bool {
-	if strings.IndexRune(valid, l.next()) >= 0 {
+	if strings.ContainsRune(valid, l.next()) {
 		return true
 	}
 	l.backup()
@@ -214,17 +214,17 @@ func varLexNumber(l *varLexer) lexState {
 			digits = "01234567"
 		}
 	}
-	for strings.IndexRune(digits, l.next()) >= 0 {
+	for strings.ContainsRune(digits, l.next()) {
 	}
 	l.backup()
 	if l.accept(".") {
-		for strings.IndexRune(digits, l.next()) >= 0 {
+		for strings.ContainsRune(digits, l.next()) {
 		}
 		l.backup()
 	}
 	if l.accept("eE") {
 		l.accept("+-")
-		for strings.IndexRune("0123456789", l.next()) >= 0 {
+		for strings.ContainsRune("0123456789", l.next()) {
 		}
 		l.backup()
 	}
diff --git a/vendor/github.com/godbus/dbus/variant_parser.go b/vendor/github.com/godbus/dbus/v5/variant_parser.go
similarity index 100%
rename from vendor/github.com/godbus/dbus/variant_parser.go
rename to vendor/github.com/godbus/dbus/v5/variant_parser.go
diff --git a/vendor/github.com/gofrs/flock/LICENSE b/vendor/github.com/gofrs/flock/LICENSE
new file mode 100644
index 0000000000000..8b8ff36fe4269
--- /dev/null
+++ b/vendor/github.com/gofrs/flock/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2015-2020, Tim Heckman
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of gofrs nor the names of its contributors may be used
+  to endorse or promote products derived from this software without
+  specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/gofrs/flock/README.md b/vendor/github.com/gofrs/flock/README.md
new file mode 100644
index 0000000000000..71ce63692e8e3
--- /dev/null
+++ b/vendor/github.com/gofrs/flock/README.md
@@ -0,0 +1,41 @@
+# flock
+[![TravisCI Build Status](https://img.shields.io/travis/gofrs/flock/master.svg?style=flat)](https://travis-ci.org/gofrs/flock)
+[![GoDoc](https://img.shields.io/badge/godoc-flock-blue.svg?style=flat)](https://godoc.org/github.com/gofrs/flock)
+[![License](https://img.shields.io/badge/license-BSD_3--Clause-brightgreen.svg?style=flat)](https://github.com/gofrs/flock/blob/master/LICENSE)
+[![Go Report Card](https://goreportcard.com/badge/github.com/gofrs/flock)](https://goreportcard.com/report/github.com/gofrs/flock)
+
+`flock` implements a thread-safe sync.Locker interface for file locking. It also
+includes a non-blocking TryLock() function to allow locking without blocking execution.
+
+## License
+`flock` is released under the BSD 3-Clause License. See the `LICENSE` file for more details.
+
+## Go Compatibility
+This package makes use of the `context` package that was introduced in Go 1.7. As such, this
+package has an implicit dependency on Go 1.7+.
+
+## Installation
+```
+go get -u github.com/gofrs/flock
+```
+
+## Usage
+```Go
+import "github.com/gofrs/flock"
+
+fileLock := flock.New("/var/lock/go-lock.lock")
+
+locked, err := fileLock.TryLock()
+
+if err != nil {
+	// handle locking error
+}
+
+if locked {
+	// do work
+	fileLock.Unlock()
+}
+```
+
+For more detailed usage information take a look at the package API docs on
+[GoDoc](https://godoc.org/github.com/gofrs/flock).
diff --git a/vendor/github.com/gofrs/flock/flock.go b/vendor/github.com/gofrs/flock/flock.go
new file mode 100644
index 0000000000000..2fd16033763dc
--- /dev/null
+++ b/vendor/github.com/gofrs/flock/flock.go
@@ -0,0 +1,135 @@
+// Copyright 2015 Tim Heckman. All rights reserved.
+// Use of this source code is governed by the BSD 3-Clause
+// license that can be found in the LICENSE file.
+
+// Package flock implements a thread-safe interface for file locking.
+// It also includes a non-blocking TryLock() function to allow locking
+// without blocking execution.
+//
+// Package flock is released under the BSD 3-Clause License. See the LICENSE file
+// for more details.
+//
+// While using this library, remember that the locking behaviors are not
+// guaranteed to be the same on each platform. For example, some UNIX-like
+// operating systems will transparently convert a shared lock to an exclusive
+// lock. If you Unlock() the flock from a location where you believe that you
+// have the shared lock, you may accidentally drop the exclusive lock.
+package flock
+
+import (
+	"context"
+	"os"
+	"sync"
+	"time"
+)
+
+// Flock is the struct type to handle file locking. All fields are unexported,
+// with access to some of the fields provided by getter methods (Path() and Locked()).
+type Flock struct {
+	path string
+	m    sync.RWMutex
+	fh   *os.File
+	l    bool
+	r    bool
+}
+
+// New returns a new instance of *Flock. The only parameter
+// it takes is the path to the desired lockfile.
+func New(path string) *Flock {
+	return &Flock{path: path}
+}
+
+// NewFlock returns a new instance of *Flock. The only parameter
+// it takes is the path to the desired lockfile.
+//
+// Deprecated: Use New instead.
+func NewFlock(path string) *Flock {
+	return New(path)
+}
+
+// Close is equivalent to calling Unlock.
+//
+// This will release the lock and close the underlying file descriptor.
+// It will not remove the file from disk, that's up to your application.
+func (f *Flock) Close() error {
+	return f.Unlock()
+}
+
+// Path returns the path as provided in NewFlock().
+func (f *Flock) Path() string {
+	return f.path
+}
+
+// Locked returns the lock state (locked: true, unlocked: false).
+//
+// Warning: by the time you use the returned value, the state may have changed.
+func (f *Flock) Locked() bool {
+	f.m.RLock()
+	defer f.m.RUnlock()
+	return f.l
+}
+
+// RLocked returns the read lock state (locked: true, unlocked: false).
+//
+// Warning: by the time you use the returned value, the state may have changed.
+func (f *Flock) RLocked() bool {
+	f.m.RLock()
+	defer f.m.RUnlock()
+	return f.r
+}
+
+func (f *Flock) String() string {
+	return f.path
+}
+
+// TryLockContext repeatedly tries to take an exclusive lock until one of the
+// conditions is met: TryLock succeeds, TryLock fails with error, or Context
+// Done channel is closed.
+func (f *Flock) TryLockContext(ctx context.Context, retryDelay time.Duration) (bool, error) {
+	return tryCtx(ctx, f.TryLock, retryDelay)
+}
+
+// TryRLockContext repeatedly tries to take a shared lock until one of the
+// conditions is met: TryRLock succeeds, TryRLock fails with error, or Context
+// Done channel is closed.
+func (f *Flock) TryRLockContext(ctx context.Context, retryDelay time.Duration) (bool, error) {
+	return tryCtx(ctx, f.TryRLock, retryDelay)
+}
+
+func tryCtx(ctx context.Context, fn func() (bool, error), retryDelay time.Duration) (bool, error) {
+	if ctx.Err() != nil {
+		return false, ctx.Err()
+	}
+	for {
+		if ok, err := fn(); ok || err != nil {
+			return ok, err
+		}
+		select {
+		case <-ctx.Done():
+			return false, ctx.Err()
+		case <-time.After(retryDelay):
+			// try again
+		}
+	}
+}
+
+func (f *Flock) setFh() error {
+	// open a new os.File instance
+	// create it if it doesn't exist, and open the file read-only.
+	fh, err := os.OpenFile(f.path, os.O_CREATE|os.O_RDONLY, os.FileMode(0600))
+	if err != nil {
+		return err
+	}
+
+	// set the filehandle on the struct
+	f.fh = fh
+	return nil
+}
+
+// ensure the file handle is closed if no lock is held
+func (f *Flock) ensureFhState() {
+	if !f.l && !f.r && f.fh != nil {
+		f.fh.Close()
+		f.fh = nil
+	}
+}
diff --git a/vendor/github.com/gofrs/flock/flock_unix.go b/vendor/github.com/gofrs/flock/flock_unix.go
new file mode 100644
index 0000000000000..366a60ca6d3b3
--- /dev/null
+++ b/vendor/github.com/gofrs/flock/flock_unix.go
@@ -0,0 +1,197 @@
+// Copyright 2015 Tim Heckman. All rights reserved.
+// Use of this source code is governed by the BSD 3-Clause
+// license that can be found in the LICENSE file.
+
+// +build !windows
+
+package flock
+
+import (
+	"os"
+	"syscall"
+)
+
+// Lock is a blocking call to try and take an exclusive file lock. It will wait
+// until it is able to obtain the exclusive file lock. It's recommended that
+// TryLock() be used over this function. This function may block the ability to
+// query the current Locked() or RLocked() status due to a RW-mutex lock.
+//
+// If we are already exclusive-locked, this function short-circuits and returns
+// immediately assuming it can take the mutex lock.
+//
+// If the *Flock has a shared lock (RLock), this may transparently replace the
+// shared lock with an exclusive lock on some UNIX-like operating systems. Be
+// careful when using exclusive locks in conjunction with shared locks
+// (RLock()), because calling Unlock() may accidentally release the exclusive
+// lock that was once a shared lock.
+func (f *Flock) Lock() error {
+	return f.lock(&f.l, syscall.LOCK_EX)
+}
+
+// RLock is a blocking call to try and take a shared file lock. It will wait
+// until it is able to obtain the shared file lock. It's recommended that
+// TryRLock() be used over this function. This function may block the ability to
+// query the current Locked() or RLocked() status due to a RW-mutex lock.
+//
+// If we are already shared-locked, this function short-circuits and returns
+// immediately assuming it can take the mutex lock.
+func (f *Flock) RLock() error {
+	return f.lock(&f.r, syscall.LOCK_SH)
+}
+
+func (f *Flock) lock(locked *bool, flag int) error {
+	f.m.Lock()
+	defer f.m.Unlock()
+
+	if *locked {
+		return nil
+	}
+
+	if f.fh == nil {
+		if err := f.setFh(); err != nil {
+			return err
+		}
+		defer f.ensureFhState()
+	}
+
+	if err := syscall.Flock(int(f.fh.Fd()), flag); err != nil {
+		shouldRetry, reopenErr := f.reopenFDOnError(err)
+		if reopenErr != nil {
+			return reopenErr
+		}
+
+		if !shouldRetry {
+			return err
+		}
+
+		if err = syscall.Flock(int(f.fh.Fd()), flag); err != nil {
+			return err
+		}
+	}
+
+	*locked = true
+	return nil
+}
+
+// Unlock is a function to unlock the file. This file takes a RW-mutex lock, so
+// while it is running the Locked() and RLocked() functions will be blocked.
+//
+// This function short-circuits if we are unlocked already. If not, it calls
+// syscall.LOCK_UN on the file and closes the file descriptor. It does not
+// remove the file from disk. It's up to your application to do.
+//
+// Please note, if your shared lock became an exclusive lock this may
+// unintentionally drop the exclusive lock if called by the consumer that
+// believes they have a shared lock. Please see Lock() for more details.
+func (f *Flock) Unlock() error {
+	f.m.Lock()
+	defer f.m.Unlock()
+
+	// if we aren't locked or if the lockfile instance is nil
+	// just return a nil error because we are unlocked
+	if (!f.l && !f.r) || f.fh == nil {
+		return nil
+	}
+
+	// mark the file as unlocked
+	if err := syscall.Flock(int(f.fh.Fd()), syscall.LOCK_UN); err != nil {
+		return err
+	}
+
+	f.fh.Close()
+
+	f.l = false
+	f.r = false
+	f.fh = nil
+
+	return nil
+}
+
+// TryLock is the preferred function for taking an exclusive file lock. This
+// function takes an RW-mutex lock before it tries to lock the file, so there is
+// the possibility that this function may block for a short time if another
+// goroutine is trying to take any action.
+//
+// The actual file lock is non-blocking. If we are unable to get the exclusive
+// file lock, the function will return false instead of waiting for the lock. If
+// we get the lock, we also set the *Flock instance as being exclusive-locked.
+func (f *Flock) TryLock() (bool, error) {
+	return f.try(&f.l, syscall.LOCK_EX)
+}
+
+// TryRLock is the preferred function for taking a shared file lock. This
+// function takes an RW-mutex lock before it tries to lock the file, so there is
+// the possibility that this function may block for a short time if another
+// goroutine is trying to take any action.
+//
+// The actual file lock is non-blocking. If we are unable to get the shared file
+// lock, the function will return false instead of waiting for the lock. If we
+// get the lock, we also set the *Flock instance as being share-locked.
+func (f *Flock) TryRLock() (bool, error) {
+	return f.try(&f.r, syscall.LOCK_SH)
+}
+
+func (f *Flock) try(locked *bool, flag int) (bool, error) {
+	f.m.Lock()
+	defer f.m.Unlock()
+
+	if *locked {
+		return true, nil
+	}
+
+	if f.fh == nil {
+		if err := f.setFh(); err != nil {
+			return false, err
+		}
+		defer f.ensureFhState()
+	}
+
+	var retried bool
+retry:
+	err := syscall.Flock(int(f.fh.Fd()), flag|syscall.LOCK_NB)
+
+	switch err {
+	case syscall.EWOULDBLOCK:
+		return false, nil
+	case nil:
+		*locked = true
+		return true, nil
+	}
+	if !retried {
+		if shouldRetry, reopenErr := f.reopenFDOnError(err); reopenErr != nil {
+			return false, reopenErr
+		} else if shouldRetry {
+			retried = true
+			goto retry
+		}
+	}
+
+	return false, err
+}
+
+// reopenFDOnError determines whether we should reopen the file handle
+// in readwrite mode and try again. This comes from util-linux/sys-utils/flock.c:
+//  Since Linux 3.4 (commit 55725513)
+//  Probably NFSv4 where flock() is emulated by fcntl().
+func (f *Flock) reopenFDOnError(err error) (bool, error) {
+	if err != syscall.EIO && err != syscall.EBADF {
+		return false, nil
+	}
+	if st, err := f.fh.Stat(); err == nil {
+		// if the file is able to be read and written
+		if st.Mode()&0600 == 0600 {
+			f.fh.Close()
+			f.fh = nil
+
+			// reopen in read-write mode and set the filehandle
+			fh, err := os.OpenFile(f.path, os.O_CREATE|os.O_RDWR, os.FileMode(0600))
+			if err != nil {
+				return false, err
+			}
+			f.fh = fh
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
diff --git a/vendor/github.com/gofrs/flock/flock_winapi.go b/vendor/github.com/gofrs/flock/flock_winapi.go
new file mode 100644
index 0000000000000..fe405a255ae58
--- /dev/null
+++ b/vendor/github.com/gofrs/flock/flock_winapi.go
@@ -0,0 +1,76 @@
+// Copyright 2015 Tim Heckman. All rights reserved.
+// Use of this source code is governed by the BSD 3-Clause
+// license that can be found in the LICENSE file.
+
+// +build windows
+
+package flock
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var (
+	kernel32, _         = syscall.LoadLibrary("kernel32.dll")
+	procLockFileEx, _   = syscall.GetProcAddress(kernel32, "LockFileEx")
+	procUnlockFileEx, _ = syscall.GetProcAddress(kernel32, "UnlockFileEx")
+)
+
+const (
+	winLockfileFailImmediately = 0x00000001
+	winLockfileExclusiveLock   = 0x00000002
+	winLockfileSharedLock      = 0x00000000
+)
+
+// Use of 0x00000000 for the shared lock is a guess based on some the MS Windows
+// `LockFileEX` docs, which document the `LOCKFILE_EXCLUSIVE_LOCK` flag as:
+//
+// > The function requests an exclusive lock. Otherwise, it requests a shared
+// > lock.
+//
+// https://msdn.microsoft.com/en-us/library/windows/desktop/aa365203(v=vs.85).aspx
+
+func lockFileEx(handle syscall.Handle, flags uint32, reserved uint32, numberOfBytesToLockLow uint32, numberOfBytesToLockHigh uint32, offset *syscall.Overlapped) (bool, syscall.Errno) {
+	r1, _, errNo := syscall.Syscall6(
+		uintptr(procLockFileEx),
+		6,
+		uintptr(handle),
+		uintptr(flags),
+		uintptr(reserved),
+		uintptr(numberOfBytesToLockLow),
+		uintptr(numberOfBytesToLockHigh),
+		uintptr(unsafe.Pointer(offset)))
+
+	if r1 != 1 {
+		if errNo == 0 {
+			return false, syscall.EINVAL
+		}
+
+		return false, errNo
+	}
+
+	return true, 0
+}
+
+func unlockFileEx(handle syscall.Handle, reserved uint32, numberOfBytesToLockLow uint32, numberOfBytesToLockHigh uint32, offset *syscall.Overlapped) (bool, syscall.Errno) {
+	r1, _, errNo := syscall.Syscall6(
+		uintptr(procUnlockFileEx),
+		5,
+		uintptr(handle),
+		uintptr(reserved),
+		uintptr(numberOfBytesToLockLow),
+		uintptr(numberOfBytesToLockHigh),
+		uintptr(unsafe.Pointer(offset)),
+		0)
+
+	if r1 != 1 {
+		if errNo == 0 {
+			return false, syscall.EINVAL
+		}
+
+		return false, errNo
+	}
+
+	return true, 0
+}
diff --git a/vendor/github.com/gofrs/flock/flock_windows.go b/vendor/github.com/gofrs/flock/flock_windows.go
new file mode 100644
index 0000000000000..ddb534ccef097
--- /dev/null
+++ b/vendor/github.com/gofrs/flock/flock_windows.go
@@ -0,0 +1,142 @@
+// Copyright 2015 Tim Heckman. All rights reserved.
+// Use of this source code is governed by the BSD 3-Clause
+// license that can be found in the LICENSE file.
+
+package flock
+
+import (
+	"syscall"
+)
+
+// ErrorLockViolation is the error code returned from the Windows syscall when a
+// lock would block and you ask to fail immediately.
+const ErrorLockViolation syscall.Errno = 0x21 // 33
+
+// Lock is a blocking call to try and take an exclusive file lock. It will wait
+// until it is able to obtain the exclusive file lock. It's recommended that
+// TryLock() be used over this function. This function may block the ability to
+// query the current Locked() or RLocked() status due to a RW-mutex lock.
+//
+// If we are already locked, this function short-circuits and returns
+// immediately assuming it can take the mutex lock.
+func (f *Flock) Lock() error {
+	return f.lock(&f.l, winLockfileExclusiveLock)
+}
+
+// RLock is a blocking call to try and take a shared file lock. It will wait
+// until it is able to obtain the shared file lock. It's recommended that
+// TryRLock() be used over this function. This function may block the ability to
+// query the current Locked() or RLocked() status due to a RW-mutex lock.
+//
+// If we are already locked, this function short-circuits and returns
+// immediately assuming it can take the mutex lock.
+func (f *Flock) RLock() error {
+	return f.lock(&f.r, winLockfileSharedLock)
+}
+
+func (f *Flock) lock(locked *bool, flag uint32) error {
+	f.m.Lock()
+	defer f.m.Unlock()
+
+	if *locked {
+		return nil
+	}
+
+	if f.fh == nil {
+		if err := f.setFh(); err != nil {
+			return err
+		}
+		defer f.ensureFhState()
+	}
+
+	if _, errNo := lockFileEx(syscall.Handle(f.fh.Fd()), flag, 0, 1, 0, &syscall.Overlapped{}); errNo > 0 {
+		return errNo
+	}
+
+	*locked = true
+	return nil
+}
+
+// Unlock is a function to unlock the file. This file takes a RW-mutex lock, so
+// while it is running the Locked() and RLocked() functions will be blocked.
+//
+// This function short-circuits if we are unlocked already. If not, it calls
+// UnlockFileEx() on the file and closes the file descriptor. It does not remove
+// the file from disk. It's up to your application to do.
+func (f *Flock) Unlock() error {
+	f.m.Lock()
+	defer f.m.Unlock()
+
+	// if we aren't locked or if the lockfile instance is nil
+	// just return a nil error because we are unlocked
+	if (!f.l && !f.r) || f.fh == nil {
+		return nil
+	}
+
+	// mark the file as unlocked
+	if _, errNo := unlockFileEx(syscall.Handle(f.fh.Fd()), 0, 1, 0, &syscall.Overlapped{}); errNo > 0 {
+		return errNo
+	}
+
+	f.fh.Close()
+
+	f.l = false
+	f.r = false
+	f.fh = nil
+
+	return nil
+}
+
+// TryLock is the preferred function for taking an exclusive file lock. This
+// function does take a RW-mutex lock before it tries to lock the file, so there
+// is the possibility that this function may block for a short time if another
+// goroutine is trying to take any action.
+//
+// The actual file lock is non-blocking. If we are unable to get the exclusive
+// file lock, the function will return false instead of waiting for the lock. If
+// we get the lock, we also set the *Flock instance as being exclusive-locked.
+func (f *Flock) TryLock() (bool, error) {
+	return f.try(&f.l, winLockfileExclusiveLock)
+}
+
+// TryRLock is the preferred function for taking a shared file lock. This
+// function does take a RW-mutex lock before it tries to lock the file, so there
+// is the possibility that this function may block for a short time if another
+// goroutine is trying to take any action.
+//
+// The actual file lock is non-blocking. If we are unable to get the shared file
+// lock, the function will return false instead of waiting for the lock. If we
+// get the lock, we also set the *Flock instance as being shared-locked.
+func (f *Flock) TryRLock() (bool, error) {
+	return f.try(&f.r, winLockfileSharedLock)
+}
+
+func (f *Flock) try(locked *bool, flag uint32) (bool, error) {
+	f.m.Lock()
+	defer f.m.Unlock()
+
+	if *locked {
+		return true, nil
+	}
+
+	if f.fh == nil {
+		if err := f.setFh(); err != nil {
+			return false, err
+		}
+		defer f.ensureFhState()
+	}
+
+	_, errNo := lockFileEx(syscall.Handle(f.fh.Fd()), flag|winLockfileFailImmediately, 0, 1, 0, &syscall.Overlapped{})
+
+	if errNo > 0 {
+		if errNo == ErrorLockViolation || errNo == syscall.ERROR_IO_PENDING {
+			return false, nil
+		}
+
+		return false, errNo
+	}
+
+	*locked = true
+
+	return true, nil
+}
diff --git a/vendor/github.com/gogo/googleapis/LICENSE b/vendor/github.com/gogo/googleapis/LICENSE
new file mode 100644
index 0000000000000..d6f85b181780d
--- /dev/null
+++ b/vendor/github.com/gogo/googleapis/LICENSE
@@ -0,0 +1,203 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2015, Google Inc
+   Copyright 2018, GoGo Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/vendor/github.com/gogo/googleapis/go.mod b/vendor/github.com/gogo/googleapis/go.mod
new file mode 100644
index 0000000000000..89be4cf8789e6
--- /dev/null
+++ b/vendor/github.com/gogo/googleapis/go.mod
@@ -0,0 +1,5 @@
+module github.com/gogo/googleapis
+
+go 1.12
+
+require github.com/gogo/protobuf v1.3.1
diff --git a/vendor/github.com/gogo/googleapis/google/rpc/code.pb.go b/vendor/github.com/gogo/googleapis/google/rpc/code.pb.go
index 2a77c1bfae87a..1f4d4d432217d 100644
--- a/vendor/github.com/gogo/googleapis/google/rpc/code.pb.go
+++ b/vendor/github.com/gogo/googleapis/google/rpc/code.pb.go
@@ -3,17 +3,24 @@
 
 package rpc
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import strconv "strconv"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	math "math"
+	strconv "strconv"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 // The canonical error codes for Google APIs.
 //
 //
@@ -181,6 +188,7 @@ var Code_name = map[int32]string{
 	14: "UNAVAILABLE",
 	15: "DATA_LOSS",
 }
+
 var Code_value = map[string]int32{
 	"OK":                  0,
 	"CANCELLED":           1,
@@ -201,22 +209,17 @@ var Code_value = map[string]int32{
 	"DATA_LOSS":           15,
 }
 
-func (Code) EnumDescriptor() ([]byte, []int) { return fileDescriptorCode, []int{0} }
+func (Code) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_fe593a732623ccf0, []int{0}
+}
 
 func init() {
 	proto.RegisterEnum("google.rpc.Code", Code_name, Code_value)
 }
-func (x Code) String() string {
-	s, ok := Code_name[int32(x)]
-	if ok {
-		return s
-	}
-	return strconv.Itoa(int(x))
-}
 
-func init() { proto.RegisterFile("google/rpc/code.proto", fileDescriptorCode) }
+func init() { proto.RegisterFile("google/rpc/code.proto", fileDescriptor_fe593a732623ccf0) }
 
-var fileDescriptorCode = []byte{
+var fileDescriptor_fe593a732623ccf0 = []byte{
 	// 393 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x44, 0x91, 0x3d, 0x6e, 0x13, 0x41,
 	0x14, 0xc7, 0x3d, 0x76, 0x70, 0xe2, 0xf1, 0xd7, 0xcb, 0x84, 0x40, 0x37, 0x07, 0xa0, 0x70, 0x0a,
@@ -244,3 +247,11 @@ var fileDescriptorCode = []byte{
 	0xf3, 0xb5, 0x3f, 0x08, 0x65, 0xf1, 0x61, 0xf8, 0xb7, 0xaa, 0xd7, 0x7f, 0x02, 0x00, 0x00, 0xff,
 	0xff, 0x03, 0xd4, 0x27, 0xff, 0xc3, 0x01, 0x00, 0x00,
 }
+
+func (x Code) String() string {
+	s, ok := Code_name[int32(x)]
+	if ok {
+		return s
+	}
+	return strconv.Itoa(int(x))
+}
diff --git a/vendor/github.com/gogo/googleapis/google/rpc/code.proto b/vendor/github.com/gogo/googleapis/google/rpc/code.proto
index d832de11e9810..0540a4f6c5832 100644
--- a/vendor/github.com/gogo/googleapis/google/rpc/code.proto
+++ b/vendor/github.com/gogo/googleapis/google/rpc/code.proto
@@ -22,7 +22,6 @@ option java_outer_classname = "CodeProto";
 option java_package = "com.google.rpc";
 option objc_class_prefix = "RPC";
 
-
 // The canonical error codes for Google APIs.
 //
 //
diff --git a/vendor/github.com/gogo/googleapis/google/rpc/error_details.pb.go b/vendor/github.com/gogo/googleapis/google/rpc/error_details.pb.go
index 5677581f1e4d5..07d251d4b1536 100644
--- a/vendor/github.com/gogo/googleapis/google/rpc/error_details.pb.go
+++ b/vendor/github.com/gogo/googleapis/google/rpc/error_details.pb.go
@@ -3,21 +3,29 @@
 
 package rpc
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf1 "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 // Describes when the clients can retry a failed request. Clients could ignore
 // the recommendation here or retry when this information is missing from error
 // responses.
@@ -33,14 +41,45 @@ var _ = math.Inf
 // reached.
 type RetryInfo struct {
 	// Clients should wait at least this long between retrying the same request.
-	RetryDelay *google_protobuf1.Duration `protobuf:"bytes,1,opt,name=retry_delay,json=retryDelay" json:"retry_delay,omitempty"`
+	RetryDelay           *types.Duration `protobuf:"bytes,1,opt,name=retry_delay,json=retryDelay,proto3" json:"retry_delay,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *RetryInfo) Reset()      { *m = RetryInfo{} }
+func (*RetryInfo) ProtoMessage() {}
+func (*RetryInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{0}
+}
+func (m *RetryInfo) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RetryInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RetryInfo.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RetryInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RetryInfo.Merge(m, src)
+}
+func (m *RetryInfo) XXX_Size() int {
+	return m.Size()
+}
+func (m *RetryInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_RetryInfo.DiscardUnknown(m)
 }
 
-func (m *RetryInfo) Reset()                    { *m = RetryInfo{} }
-func (*RetryInfo) ProtoMessage()               {}
-func (*RetryInfo) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{0} }
+var xxx_messageInfo_RetryInfo proto.InternalMessageInfo
 
-func (m *RetryInfo) GetRetryDelay() *google_protobuf1.Duration {
+func (m *RetryInfo) GetRetryDelay() *types.Duration {
 	if m != nil {
 		return m.RetryDelay
 	}
@@ -54,14 +93,45 @@ func (*RetryInfo) XXX_MessageName() string {
 // Describes additional debugging info.
 type DebugInfo struct {
 	// The stack trace entries indicating where the error occurred.
-	StackEntries []string `protobuf:"bytes,1,rep,name=stack_entries,json=stackEntries" json:"stack_entries,omitempty"`
+	StackEntries []string `protobuf:"bytes,1,rep,name=stack_entries,json=stackEntries,proto3" json:"stack_entries,omitempty"`
 	// Additional debugging information provided by the server.
-	Detail string `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"`
+	Detail               string   `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DebugInfo) Reset()      { *m = DebugInfo{} }
+func (*DebugInfo) ProtoMessage() {}
+func (*DebugInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{1}
+}
+func (m *DebugInfo) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DebugInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DebugInfo.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DebugInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DebugInfo.Merge(m, src)
+}
+func (m *DebugInfo) XXX_Size() int {
+	return m.Size()
+}
+func (m *DebugInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_DebugInfo.DiscardUnknown(m)
 }
 
-func (m *DebugInfo) Reset()                    { *m = DebugInfo{} }
-func (*DebugInfo) ProtoMessage()               {}
-func (*DebugInfo) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{1} }
+var xxx_messageInfo_DebugInfo proto.InternalMessageInfo
 
 func (m *DebugInfo) GetStackEntries() []string {
 	if m != nil {
@@ -94,12 +164,43 @@ func (*DebugInfo) XXX_MessageName() string {
 // quota failure.
 type QuotaFailure struct {
 	// Describes all quota violations.
-	Violations []*QuotaFailure_Violation `protobuf:"bytes,1,rep,name=violations" json:"violations,omitempty"`
+	Violations           []*QuotaFailure_Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                  `json:"-"`
+	XXX_unrecognized     []byte                    `json:"-"`
+	XXX_sizecache        int32                     `json:"-"`
+}
+
+func (m *QuotaFailure) Reset()      { *m = QuotaFailure{} }
+func (*QuotaFailure) ProtoMessage() {}
+func (*QuotaFailure) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{2}
+}
+func (m *QuotaFailure) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *QuotaFailure) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_QuotaFailure.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *QuotaFailure) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_QuotaFailure.Merge(m, src)
+}
+func (m *QuotaFailure) XXX_Size() int {
+	return m.Size()
+}
+func (m *QuotaFailure) XXX_DiscardUnknown() {
+	xxx_messageInfo_QuotaFailure.DiscardUnknown(m)
 }
 
-func (m *QuotaFailure) Reset()                    { *m = QuotaFailure{} }
-func (*QuotaFailure) ProtoMessage()               {}
-func (*QuotaFailure) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{2} }
+var xxx_messageInfo_QuotaFailure proto.InternalMessageInfo
 
 func (m *QuotaFailure) GetViolations() []*QuotaFailure_Violation {
 	if m != nil {
@@ -126,14 +227,43 @@ type QuotaFailure_Violation struct {
 	//
 	// For example: "Service disabled" or "Daily Limit for read operations
 	// exceeded".
-	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	Description          string   `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *QuotaFailure_Violation) Reset()      { *m = QuotaFailure_Violation{} }
 func (*QuotaFailure_Violation) ProtoMessage() {}
 func (*QuotaFailure_Violation) Descriptor() ([]byte, []int) {
-	return fileDescriptorErrorDetails, []int{2, 0}
+	return fileDescriptor_851816e4d6b6361a, []int{2, 0}
+}
+func (m *QuotaFailure_Violation) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *QuotaFailure_Violation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_QuotaFailure_Violation.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *QuotaFailure_Violation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_QuotaFailure_Violation.Merge(m, src)
 }
+func (m *QuotaFailure_Violation) XXX_Size() int {
+	return m.Size()
+}
+func (m *QuotaFailure_Violation) XXX_DiscardUnknown() {
+	xxx_messageInfo_QuotaFailure_Violation.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_QuotaFailure_Violation proto.InternalMessageInfo
 
 func (m *QuotaFailure_Violation) GetSubject() string {
 	if m != nil {
@@ -160,12 +290,43 @@ func (*QuotaFailure_Violation) XXX_MessageName() string {
 // PreconditionFailure message.
 type PreconditionFailure struct {
 	// Describes all precondition violations.
-	Violations []*PreconditionFailure_Violation `protobuf:"bytes,1,rep,name=violations" json:"violations,omitempty"`
+	Violations           []*PreconditionFailure_Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                         `json:"-"`
+	XXX_unrecognized     []byte                           `json:"-"`
+	XXX_sizecache        int32                            `json:"-"`
+}
+
+func (m *PreconditionFailure) Reset()      { *m = PreconditionFailure{} }
+func (*PreconditionFailure) ProtoMessage() {}
+func (*PreconditionFailure) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{3}
+}
+func (m *PreconditionFailure) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PreconditionFailure) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PreconditionFailure.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PreconditionFailure) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PreconditionFailure.Merge(m, src)
+}
+func (m *PreconditionFailure) XXX_Size() int {
+	return m.Size()
+}
+func (m *PreconditionFailure) XXX_DiscardUnknown() {
+	xxx_messageInfo_PreconditionFailure.DiscardUnknown(m)
 }
 
-func (m *PreconditionFailure) Reset()                    { *m = PreconditionFailure{} }
-func (*PreconditionFailure) ProtoMessage()               {}
-func (*PreconditionFailure) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{3} }
+var xxx_messageInfo_PreconditionFailure proto.InternalMessageInfo
 
 func (m *PreconditionFailure) GetViolations() []*PreconditionFailure_Violation {
 	if m != nil {
@@ -192,15 +353,44 @@ type PreconditionFailure_Violation struct {
 	// description to understand how to fix the failure.
 	//
 	// For example: "Terms of service not accepted".
-	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Description          string   `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *PreconditionFailure_Violation) Reset()      { *m = PreconditionFailure_Violation{} }
 func (*PreconditionFailure_Violation) ProtoMessage() {}
 func (*PreconditionFailure_Violation) Descriptor() ([]byte, []int) {
-	return fileDescriptorErrorDetails, []int{3, 0}
+	return fileDescriptor_851816e4d6b6361a, []int{3, 0}
+}
+func (m *PreconditionFailure_Violation) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PreconditionFailure_Violation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PreconditionFailure_Violation.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PreconditionFailure_Violation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PreconditionFailure_Violation.Merge(m, src)
+}
+func (m *PreconditionFailure_Violation) XXX_Size() int {
+	return m.Size()
+}
+func (m *PreconditionFailure_Violation) XXX_DiscardUnknown() {
+	xxx_messageInfo_PreconditionFailure_Violation.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_PreconditionFailure_Violation proto.InternalMessageInfo
+
 func (m *PreconditionFailure_Violation) GetType() string {
 	if m != nil {
 		return m.Type
@@ -230,12 +420,43 @@ func (*PreconditionFailure_Violation) XXX_MessageName() string {
 // syntactic aspects of the request.
 type BadRequest struct {
 	// Describes all violations in a client request.
-	FieldViolations []*BadRequest_FieldViolation `protobuf:"bytes,1,rep,name=field_violations,json=fieldViolations" json:"field_violations,omitempty"`
+	FieldViolations      []*BadRequest_FieldViolation `protobuf:"bytes,1,rep,name=field_violations,json=fieldViolations,proto3" json:"field_violations,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                     `json:"-"`
+	XXX_unrecognized     []byte                       `json:"-"`
+	XXX_sizecache        int32                        `json:"-"`
+}
+
+func (m *BadRequest) Reset()      { *m = BadRequest{} }
+func (*BadRequest) ProtoMessage() {}
+func (*BadRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{4}
+}
+func (m *BadRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BadRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BadRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BadRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BadRequest.Merge(m, src)
+}
+func (m *BadRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *BadRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_BadRequest.DiscardUnknown(m)
 }
 
-func (m *BadRequest) Reset()                    { *m = BadRequest{} }
-func (*BadRequest) ProtoMessage()               {}
-func (*BadRequest) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{4} }
+var xxx_messageInfo_BadRequest proto.InternalMessageInfo
 
 func (m *BadRequest) GetFieldViolations() []*BadRequest_FieldViolation {
 	if m != nil {
@@ -255,14 +476,43 @@ type BadRequest_FieldViolation struct {
 	// field. E.g., "field_violations.field" would identify this field.
 	Field string `protobuf:"bytes,1,opt,name=field,proto3" json:"field,omitempty"`
 	// A description of why the request element is bad.
-	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	Description          string   `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *BadRequest_FieldViolation) Reset()      { *m = BadRequest_FieldViolation{} }
 func (*BadRequest_FieldViolation) ProtoMessage() {}
 func (*BadRequest_FieldViolation) Descriptor() ([]byte, []int) {
-	return fileDescriptorErrorDetails, []int{4, 0}
+	return fileDescriptor_851816e4d6b6361a, []int{4, 0}
 }
+func (m *BadRequest_FieldViolation) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BadRequest_FieldViolation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BadRequest_FieldViolation.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BadRequest_FieldViolation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BadRequest_FieldViolation.Merge(m, src)
+}
+func (m *BadRequest_FieldViolation) XXX_Size() int {
+	return m.Size()
+}
+func (m *BadRequest_FieldViolation) XXX_DiscardUnknown() {
+	xxx_messageInfo_BadRequest_FieldViolation.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_BadRequest_FieldViolation proto.InternalMessageInfo
 
 func (m *BadRequest_FieldViolation) GetField() string {
 	if m != nil {
@@ -290,12 +540,43 @@ type RequestInfo struct {
 	RequestId string `protobuf:"bytes,1,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
 	// Any data that was used to serve this request. For example, an encrypted
 	// stack trace that can be sent back to the service provider for debugging.
-	ServingData string `protobuf:"bytes,2,opt,name=serving_data,json=servingData,proto3" json:"serving_data,omitempty"`
+	ServingData          string   `protobuf:"bytes,2,opt,name=serving_data,json=servingData,proto3" json:"serving_data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *RequestInfo) Reset()      { *m = RequestInfo{} }
+func (*RequestInfo) ProtoMessage() {}
+func (*RequestInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{5}
+}
+func (m *RequestInfo) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RequestInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RequestInfo.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RequestInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RequestInfo.Merge(m, src)
+}
+func (m *RequestInfo) XXX_Size() int {
+	return m.Size()
+}
+func (m *RequestInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_RequestInfo.DiscardUnknown(m)
 }
 
-func (m *RequestInfo) Reset()                    { *m = RequestInfo{} }
-func (*RequestInfo) ProtoMessage()               {}
-func (*RequestInfo) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{5} }
+var xxx_messageInfo_RequestInfo proto.InternalMessageInfo
 
 func (m *RequestInfo) GetRequestId() string {
 	if m != nil {
@@ -323,7 +604,8 @@ type ResourceInfo struct {
 	ResourceType string `protobuf:"bytes,1,opt,name=resource_type,json=resourceType,proto3" json:"resource_type,omitempty"`
 	// The name of the resource being accessed.  For example, a shared calendar
 	// name: "example.com_4fghdhgsrgh@group.calendar.google.com", if the current
-	// error is [google.rpc.Code.PERMISSION_DENIED][google.rpc.Code.PERMISSION_DENIED].
+	// error is
+	// [google.rpc.Code.PERMISSION_DENIED][google.rpc.Code.PERMISSION_DENIED].
 	ResourceName string `protobuf:"bytes,2,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"`
 	// The owner of the resource (optional).
 	// For example, "user:<owner email>" or "project:<Google developer project
@@ -332,12 +614,43 @@ type ResourceInfo struct {
 	// Describes what error is encountered when accessing this resource.
 	// For example, updating a cloud project may require the `writer` permission
 	// on the developer console project.
-	Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	Description          string   `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ResourceInfo) Reset()      { *m = ResourceInfo{} }
+func (*ResourceInfo) ProtoMessage() {}
+func (*ResourceInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{6}
+}
+func (m *ResourceInfo) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResourceInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResourceInfo.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResourceInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResourceInfo.Merge(m, src)
+}
+func (m *ResourceInfo) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResourceInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResourceInfo.DiscardUnknown(m)
 }
 
-func (m *ResourceInfo) Reset()                    { *m = ResourceInfo{} }
-func (*ResourceInfo) ProtoMessage()               {}
-func (*ResourceInfo) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{6} }
+var xxx_messageInfo_ResourceInfo proto.InternalMessageInfo
 
 func (m *ResourceInfo) GetResourceType() string {
 	if m != nil {
@@ -378,12 +691,43 @@ func (*ResourceInfo) XXX_MessageName() string {
 // directly to the right place in the developer console to flip the bit.
 type Help struct {
 	// URL(s) pointing to additional information on handling the current error.
-	Links []*Help_Link `protobuf:"bytes,1,rep,name=links" json:"links,omitempty"`
+	Links                []*Help_Link `protobuf:"bytes,1,rep,name=links,proto3" json:"links,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
+	XXX_unrecognized     []byte       `json:"-"`
+	XXX_sizecache        int32        `json:"-"`
+}
+
+func (m *Help) Reset()      { *m = Help{} }
+func (*Help) ProtoMessage() {}
+func (*Help) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{7}
+}
+func (m *Help) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Help) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Help.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Help) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Help.Merge(m, src)
+}
+func (m *Help) XXX_Size() int {
+	return m.Size()
+}
+func (m *Help) XXX_DiscardUnknown() {
+	xxx_messageInfo_Help.DiscardUnknown(m)
 }
 
-func (m *Help) Reset()                    { *m = Help{} }
-func (*Help) ProtoMessage()               {}
-func (*Help) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{7} }
+var xxx_messageInfo_Help proto.InternalMessageInfo
 
 func (m *Help) GetLinks() []*Help_Link {
 	if m != nil {
@@ -401,12 +745,43 @@ type Help_Link struct {
 	// Describes what the link offers.
 	Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
 	// The URL of the link.
-	Url string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
+	Url                  string   `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Help_Link) Reset()      { *m = Help_Link{} }
+func (*Help_Link) ProtoMessage() {}
+func (*Help_Link) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{7, 0}
+}
+func (m *Help_Link) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Help_Link) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Help_Link.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Help_Link) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Help_Link.Merge(m, src)
+}
+func (m *Help_Link) XXX_Size() int {
+	return m.Size()
+}
+func (m *Help_Link) XXX_DiscardUnknown() {
+	xxx_messageInfo_Help_Link.DiscardUnknown(m)
 }
 
-func (m *Help_Link) Reset()                    { *m = Help_Link{} }
-func (*Help_Link) ProtoMessage()               {}
-func (*Help_Link) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{7, 0} }
+var xxx_messageInfo_Help_Link proto.InternalMessageInfo
 
 func (m *Help_Link) GetDescription() string {
 	if m != nil {
@@ -434,12 +809,43 @@ type LocalizedMessage struct {
 	// Examples are: "en-US", "fr-CH", "es-MX"
 	Locale string `protobuf:"bytes,1,opt,name=locale,proto3" json:"locale,omitempty"`
 	// The localized error message in the above locale.
-	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	Message              string   `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *LocalizedMessage) Reset()      { *m = LocalizedMessage{} }
+func (*LocalizedMessage) ProtoMessage() {}
+func (*LocalizedMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_851816e4d6b6361a, []int{8}
+}
+func (m *LocalizedMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *LocalizedMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_LocalizedMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *LocalizedMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LocalizedMessage.Merge(m, src)
+}
+func (m *LocalizedMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *LocalizedMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_LocalizedMessage.DiscardUnknown(m)
 }
 
-func (m *LocalizedMessage) Reset()                    { *m = LocalizedMessage{} }
-func (*LocalizedMessage) ProtoMessage()               {}
-func (*LocalizedMessage) Descriptor() ([]byte, []int) { return fileDescriptorErrorDetails, []int{8} }
+var xxx_messageInfo_LocalizedMessage proto.InternalMessageInfo
 
 func (m *LocalizedMessage) GetLocale() string {
 	if m != nil {
@@ -473,6 +879,52 @@ func init() {
 	proto.RegisterType((*Help_Link)(nil), "google.rpc.Help.Link")
 	proto.RegisterType((*LocalizedMessage)(nil), "google.rpc.LocalizedMessage")
 }
+
+func init() { proto.RegisterFile("google/rpc/error_details.proto", fileDescriptor_851816e4d6b6361a) }
+
+var fileDescriptor_851816e4d6b6361a = []byte{
+	// 624 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xbf, 0x6f, 0xd3, 0x40,
+	0x18, 0xed, 0x35, 0x69, 0x91, 0xbf, 0x84, 0x52, 0xcc, 0x0f, 0x85, 0x48, 0x9c, 0x82, 0x11, 0x52,
+	0x11, 0x92, 0x2b, 0x95, 0xad, 0x63, 0x48, 0x7f, 0x49, 0x05, 0x82, 0x85, 0x18, 0x60, 0xb0, 0x2e,
+	0xf6, 0x97, 0xe8, 0xa8, 0xe3, 0x33, 0x67, 0xbb, 0xa8, 0x4c, 0xfc, 0x09, 0xec, 0x6c, 0x4c, 0xfd,
+	0x27, 0xd8, 0x3b, 0x76, 0x64, 0x24, 0xe9, 0xc2, 0xd8, 0x91, 0x11, 0x9d, 0x7d, 0xd7, 0xba, 0x4d,
+	0x41, 0x6c, 0x7e, 0xef, 0xde, 0x3d, 0xbf, 0xf7, 0xe9, 0xee, 0x80, 0x8e, 0x84, 0x18, 0x45, 0xb8,
+	0x2a, 0x93, 0x60, 0x15, 0xa5, 0x14, 0xd2, 0x0f, 0x31, 0x63, 0x3c, 0x4a, 0xdd, 0x44, 0x8a, 0x4c,
+	0xd8, 0x50, 0xae, 0xbb, 0x32, 0x09, 0xda, 0x46, 0x5b, 0xac, 0x0c, 0xf2, 0xe1, 0x6a, 0x98, 0x4b,
+	0x96, 0x71, 0x11, 0x97, 0x5a, 0x67, 0x0b, 0x2c, 0x0f, 0x33, 0x79, 0xb0, 0x13, 0x0f, 0x85, 0xbd,
+	0x0e, 0x0d, 0xa9, 0x80, 0x1f, 0x62, 0xc4, 0x0e, 0x5a, 0xa4, 0x43, 0x56, 0x1a, 0x6b, 0xf7, 0x5c,
+	0x6d, 0x67, 0x2c, 0xdc, 0x9e, 0xb6, 0xf0, 0xa0, 0x50, 0xf7, 0x94, 0xd8, 0xd9, 0x06, 0xab, 0x87,
+	0x83, 0x7c, 0x54, 0x18, 0x3d, 0x84, 0xeb, 0x69, 0xc6, 0x82, 0x3d, 0x1f, 0xe3, 0x4c, 0x72, 0x4c,
+	0x5b, 0xa4, 0x53, 0x5b, 0xb1, 0xbc, 0x66, 0x41, 0x6e, 0x94, 0x9c, 0x7d, 0x17, 0x16, 0xcb, 0xdc,
+	0xad, 0xf9, 0x0e, 0x59, 0xb1, 0x3c, 0x8d, 0x9c, 0xaf, 0x04, 0x9a, 0xaf, 0x72, 0x91, 0xb1, 0x4d,
+	0xc6, 0xa3, 0x5c, 0xa2, 0xdd, 0x05, 0xd8, 0xe7, 0x22, 0x2a, 0xfe, 0x59, 0x5a, 0x35, 0xd6, 0x1c,
+	0xf7, 0xbc, 0xa4, 0x5b, 0x55, 0xbb, 0x6f, 0x8c, 0xd4, 0xab, 0xec, 0x6a, 0x6f, 0x81, 0x75, 0xb6,
+	0x60, 0xb7, 0xe0, 0x5a, 0x9a, 0x0f, 0xde, 0x63, 0x90, 0x15, 0x1d, 0x2d, 0xcf, 0x40, 0xbb, 0x03,
+	0x8d, 0x10, 0xd3, 0x40, 0xf2, 0x44, 0x09, 0x75, 0xb0, 0x2a, 0xe5, 0x7c, 0x27, 0x70, 0xab, 0x2f,
+	0x31, 0x10, 0x71, 0xc8, 0x15, 0x61, 0x42, 0xee, 0x5c, 0x11, 0xf2, 0x71, 0x35, 0xe4, 0x15, 0x9b,
+	0xfe, 0x92, 0xf5, 0x5d, 0x35, 0xab, 0x0d, 0xf5, 0xec, 0x20, 0x41, 0x1d, 0xb4, 0xf8, 0xae, 0xe6,
+	0x9f, 0xff, 0x67, 0xfe, 0xda, 0x6c, 0xfe, 0x43, 0x02, 0xd0, 0x65, 0xa1, 0x87, 0x1f, 0x72, 0x4c,
+	0x33, 0xbb, 0x0f, 0xcb, 0x43, 0x8e, 0x51, 0xe8, 0xcf, 0x84, 0x7f, 0x54, 0x0d, 0x7f, 0xbe, 0xc3,
+	0xdd, 0x54, 0xf2, 0xf3, 0xe0, 0x37, 0x86, 0x17, 0x70, 0xda, 0xde, 0x86, 0xa5, 0x8b, 0x12, 0xfb,
+	0x36, 0x2c, 0x14, 0x22, 0xdd, 0xa1, 0x04, 0xff, 0x31, 0xea, 0x97, 0xd0, 0xd0, 0x3f, 0x2d, 0x0e,
+	0xd5, 0x7d, 0x00, 0x59, 0x42, 0x9f, 0x1b, 0x2f, 0x4b, 0x33, 0x3b, 0xa1, 0xfd, 0x00, 0x9a, 0x29,
+	0xca, 0x7d, 0x1e, 0x8f, 0xfc, 0x90, 0x65, 0xcc, 0x18, 0x6a, 0xae, 0xc7, 0x32, 0xe6, 0x7c, 0x21,
+	0xd0, 0xf4, 0x30, 0x15, 0xb9, 0x0c, 0xd0, 0x9c, 0x53, 0xa9, 0xb1, 0x5f, 0x99, 0x72, 0xd3, 0x90,
+	0xaf, 0xd5, 0xb4, 0xab, 0xa2, 0x98, 0x8d, 0x51, 0x3b, 0x9f, 0x89, 0x5e, 0xb0, 0x31, 0xaa, 0x8e,
+	0xe2, 0x63, 0x8c, 0x52, 0x8f, 0xbc, 0x04, 0x97, 0x3b, 0xd6, 0x67, 0x3b, 0x0a, 0xa8, 0x6f, 0x63,
+	0x94, 0xd8, 0x4f, 0x60, 0x21, 0xe2, 0xf1, 0x9e, 0x19, 0xfe, 0x9d, 0xea, 0xf0, 0x95, 0xc0, 0xdd,
+	0xe5, 0xf1, 0x9e, 0x57, 0x6a, 0xda, 0xeb, 0x50, 0x57, 0xf0, 0xb2, 0x3d, 0x99, 0xb1, 0xb7, 0x97,
+	0xa1, 0x96, 0x4b, 0x73, 0xc1, 0xd4, 0xa7, 0xd3, 0x83, 0xe5, 0x5d, 0x11, 0xb0, 0x88, 0x7f, 0xc2,
+	0xf0, 0x39, 0xa6, 0x29, 0x1b, 0xa1, 0xba, 0x89, 0x91, 0xe2, 0x4c, 0x7f, 0x8d, 0xd4, 0x39, 0x1b,
+	0x97, 0x12, 0x73, 0xce, 0x34, 0xec, 0x86, 0xc7, 0x13, 0x3a, 0xf7, 0x63, 0x42, 0xe7, 0x4e, 0x27,
+	0x94, 0xfc, 0x9e, 0x50, 0xf2, 0x79, 0x4a, 0xc9, 0xe1, 0x94, 0x92, 0xa3, 0x29, 0x25, 0xc7, 0x53,
+	0x4a, 0x7e, 0x4e, 0x29, 0xf9, 0x35, 0xa5, 0x73, 0xa7, 0x8a, 0x3f, 0xa1, 0xe4, 0xe8, 0x84, 0x12,
+	0x58, 0x0a, 0xc4, 0xb8, 0x52, 0xac, 0x7b, 0x73, 0x43, 0xbd, 0x5e, 0xbd, 0xf2, 0xf1, 0xea, 0xab,
+	0xe7, 0xa5, 0x4f, 0xde, 0xd6, 0x64, 0x12, 0x7c, 0x9b, 0xaf, 0x79, 0xfd, 0x67, 0x83, 0xc5, 0xe2,
+	0xc9, 0x79, 0xfa, 0x27, 0x00, 0x00, 0xff, 0xff, 0x63, 0xe4, 0x76, 0x26, 0xf1, 0x04, 0x00, 0x00,
+}
+
 func (this *RetryInfo) Compare(that interface{}) int {
 	if that == nil {
 		if this == nil {
@@ -501,6 +953,9 @@ func (this *RetryInfo) Compare(that interface{}) int {
 	if c := this.RetryDelay.Compare(that1.RetryDelay); c != 0 {
 		return c
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *DebugInfo) Compare(that interface{}) int {
@@ -548,6 +1003,9 @@ func (this *DebugInfo) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *QuotaFailure) Compare(that interface{}) int {
@@ -586,6 +1044,9 @@ func (this *QuotaFailure) Compare(that interface{}) int {
 			return c
 		}
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *QuotaFailure_Violation) Compare(that interface{}) int {
@@ -625,6 +1086,9 @@ func (this *QuotaFailure_Violation) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *PreconditionFailure) Compare(that interface{}) int {
@@ -663,6 +1127,9 @@ func (this *PreconditionFailure) Compare(that interface{}) int {
 			return c
 		}
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *PreconditionFailure_Violation) Compare(that interface{}) int {
@@ -708,6 +1175,9 @@ func (this *PreconditionFailure_Violation) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *BadRequest) Compare(that interface{}) int {
@@ -746,6 +1216,9 @@ func (this *BadRequest) Compare(that interface{}) int {
 			return c
 		}
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *BadRequest_FieldViolation) Compare(that interface{}) int {
@@ -785,6 +1258,9 @@ func (this *BadRequest_FieldViolation) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *RequestInfo) Compare(that interface{}) int {
@@ -824,6 +1300,9 @@ func (this *RequestInfo) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *ResourceInfo) Compare(that interface{}) int {
@@ -875,6 +1354,9 @@ func (this *ResourceInfo) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Help) Compare(that interface{}) int {
@@ -913,6 +1395,9 @@ func (this *Help) Compare(that interface{}) int {
 			return c
 		}
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Help_Link) Compare(that interface{}) int {
@@ -952,6 +1437,9 @@ func (this *Help_Link) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *LocalizedMessage) Compare(that interface{}) int {
@@ -991,6 +1479,9 @@ func (this *LocalizedMessage) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *RetryInfo) Equal(that interface{}) bool {
@@ -1015,6 +1506,9 @@ func (this *RetryInfo) Equal(that interface{}) bool {
 	if !this.RetryDelay.Equal(that1.RetryDelay) {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *DebugInfo) Equal(that interface{}) bool {
@@ -1047,6 +1541,9 @@ func (this *DebugInfo) Equal(that interface{}) bool {
 	if this.Detail != that1.Detail {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *QuotaFailure) Equal(that interface{}) bool {
@@ -1076,6 +1573,9 @@ func (this *QuotaFailure) Equal(that interface{}) bool {
 			return false
 		}
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *QuotaFailure_Violation) Equal(that interface{}) bool {
@@ -1103,6 +1603,9 @@ func (this *QuotaFailure_Violation) Equal(that interface{}) bool {
 	if this.Description != that1.Description {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *PreconditionFailure) Equal(that interface{}) bool {
@@ -1132,6 +1635,9 @@ func (this *PreconditionFailure) Equal(that interface{}) bool {
 			return false
 		}
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *PreconditionFailure_Violation) Equal(that interface{}) bool {
@@ -1162,6 +1668,9 @@ func (this *PreconditionFailure_Violation) Equal(that interface{}) bool {
 	if this.Description != that1.Description {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *BadRequest) Equal(that interface{}) bool {
@@ -1191,6 +1700,9 @@ func (this *BadRequest) Equal(that interface{}) bool {
 			return false
 		}
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *BadRequest_FieldViolation) Equal(that interface{}) bool {
@@ -1218,6 +1730,9 @@ func (this *BadRequest_FieldViolation) Equal(that interface{}) bool {
 	if this.Description != that1.Description {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *RequestInfo) Equal(that interface{}) bool {
@@ -1245,6 +1760,9 @@ func (this *RequestInfo) Equal(that interface{}) bool {
 	if this.ServingData != that1.ServingData {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *ResourceInfo) Equal(that interface{}) bool {
@@ -1278,6 +1796,9 @@ func (this *ResourceInfo) Equal(that interface{}) bool {
 	if this.Description != that1.Description {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Help) Equal(that interface{}) bool {
@@ -1307,6 +1828,9 @@ func (this *Help) Equal(that interface{}) bool {
 			return false
 		}
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Help_Link) Equal(that interface{}) bool {
@@ -1334,6 +1858,9 @@ func (this *Help_Link) Equal(that interface{}) bool {
 	if this.Url != that1.Url {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *LocalizedMessage) Equal(that interface{}) bool {
@@ -1361,6 +1888,9 @@ func (this *LocalizedMessage) Equal(that interface{}) bool {
 	if this.Message != that1.Message {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *RetryInfo) GoString() string {
@@ -1372,6 +1902,9 @@ func (this *RetryInfo) GoString() string {
 	if this.RetryDelay != nil {
 		s = append(s, "RetryDelay: "+fmt.Sprintf("%#v", this.RetryDelay)+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1383,6 +1916,9 @@ func (this *DebugInfo) GoString() string {
 	s = append(s, "&rpc.DebugInfo{")
 	s = append(s, "StackEntries: "+fmt.Sprintf("%#v", this.StackEntries)+",\n")
 	s = append(s, "Detail: "+fmt.Sprintf("%#v", this.Detail)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1395,6 +1931,9 @@ func (this *QuotaFailure) GoString() string {
 	if this.Violations != nil {
 		s = append(s, "Violations: "+fmt.Sprintf("%#v", this.Violations)+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1406,6 +1945,9 @@ func (this *QuotaFailure_Violation) GoString() string {
 	s = append(s, "&rpc.QuotaFailure_Violation{")
 	s = append(s, "Subject: "+fmt.Sprintf("%#v", this.Subject)+",\n")
 	s = append(s, "Description: "+fmt.Sprintf("%#v", this.Description)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1418,6 +1960,9 @@ func (this *PreconditionFailure) GoString() string {
 	if this.Violations != nil {
 		s = append(s, "Violations: "+fmt.Sprintf("%#v", this.Violations)+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1430,6 +1975,9 @@ func (this *PreconditionFailure_Violation) GoString() string {
 	s = append(s, "Type: "+fmt.Sprintf("%#v", this.Type)+",\n")
 	s = append(s, "Subject: "+fmt.Sprintf("%#v", this.Subject)+",\n")
 	s = append(s, "Description: "+fmt.Sprintf("%#v", this.Description)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1442,6 +1990,9 @@ func (this *BadRequest) GoString() string {
 	if this.FieldViolations != nil {
 		s = append(s, "FieldViolations: "+fmt.Sprintf("%#v", this.FieldViolations)+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1453,6 +2004,9 @@ func (this *BadRequest_FieldViolation) GoString() string {
 	s = append(s, "&rpc.BadRequest_FieldViolation{")
 	s = append(s, "Field: "+fmt.Sprintf("%#v", this.Field)+",\n")
 	s = append(s, "Description: "+fmt.Sprintf("%#v", this.Description)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1464,6 +2018,9 @@ func (this *RequestInfo) GoString() string {
 	s = append(s, "&rpc.RequestInfo{")
 	s = append(s, "RequestId: "+fmt.Sprintf("%#v", this.RequestId)+",\n")
 	s = append(s, "ServingData: "+fmt.Sprintf("%#v", this.ServingData)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1477,6 +2034,9 @@ func (this *ResourceInfo) GoString() string {
 	s = append(s, "ResourceName: "+fmt.Sprintf("%#v", this.ResourceName)+",\n")
 	s = append(s, "Owner: "+fmt.Sprintf("%#v", this.Owner)+",\n")
 	s = append(s, "Description: "+fmt.Sprintf("%#v", this.Description)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1489,6 +2049,9 @@ func (this *Help) GoString() string {
 	if this.Links != nil {
 		s = append(s, "Links: "+fmt.Sprintf("%#v", this.Links)+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1500,6 +2063,9 @@ func (this *Help_Link) GoString() string {
 	s = append(s, "&rpc.Help_Link{")
 	s = append(s, "Description: "+fmt.Sprintf("%#v", this.Description)+",\n")
 	s = append(s, "Url: "+fmt.Sprintf("%#v", this.Url)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1511,6 +2077,9 @@ func (this *LocalizedMessage) GoString() string {
 	s = append(s, "&rpc.LocalizedMessage{")
 	s = append(s, "Locale: "+fmt.Sprintf("%#v", this.Locale)+",\n")
 	s = append(s, "Message: "+fmt.Sprintf("%#v", this.Message)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1525,7 +2094,7 @@ func valueToGoStringErrorDetails(v interface{}, typ string) string {
 func (m *RetryInfo) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1533,27 +2102,38 @@ func (m *RetryInfo) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RetryInfo) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RetryInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.RetryDelay != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(m.RetryDelay.Size()))
-		n1, err := m.RetryDelay.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.RetryDelay.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintErrorDetails(dAtA, i, uint64(size))
 		}
-		i += n1
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DebugInfo) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1561,38 +2141,42 @@ func (m *DebugInfo) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DebugInfo) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DebugInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.StackEntries) > 0 {
-		for _, s := range m.StackEntries {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Detail) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Detail)
+		copy(dAtA[i:], m.Detail)
 		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Detail)))
-		i += copy(dAtA[i:], m.Detail)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.StackEntries) > 0 {
+		for iNdEx := len(m.StackEntries) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.StackEntries[iNdEx])
+			copy(dAtA[i:], m.StackEntries[iNdEx])
+			i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.StackEntries[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *QuotaFailure) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1600,29 +2184,40 @@ func (m *QuotaFailure) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *QuotaFailure) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *QuotaFailure) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Violations) > 0 {
-		for _, msg := range m.Violations {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintErrorDetails(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Violations) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Violations[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintErrorDetails(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *QuotaFailure_Violation) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1630,29 +2225,40 @@ func (m *QuotaFailure_Violation) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *QuotaFailure_Violation) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *QuotaFailure_Violation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Subject) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Subject)))
-		i += copy(dAtA[i:], m.Subject)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Description) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Description)
+		copy(dAtA[i:], m.Description)
 		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Description)))
-		i += copy(dAtA[i:], m.Description)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Subject) > 0 {
+		i -= len(m.Subject)
+		copy(dAtA[i:], m.Subject)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Subject)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *PreconditionFailure) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1660,29 +2266,40 @@ func (m *PreconditionFailure) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PreconditionFailure) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PreconditionFailure) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Violations) > 0 {
-		for _, msg := range m.Violations {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintErrorDetails(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Violations) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Violations[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintErrorDetails(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *PreconditionFailure_Violation) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1690,35 +2307,47 @@ func (m *PreconditionFailure_Violation) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PreconditionFailure_Violation) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PreconditionFailure_Violation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Type) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Type)))
-		i += copy(dAtA[i:], m.Type)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Description) > 0 {
+		i -= len(m.Description)
+		copy(dAtA[i:], m.Description)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Description)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if len(m.Subject) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Subject)
+		copy(dAtA[i:], m.Subject)
 		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Subject)))
-		i += copy(dAtA[i:], m.Subject)
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.Description) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Description)))
-		i += copy(dAtA[i:], m.Description)
+	if len(m.Type) > 0 {
+		i -= len(m.Type)
+		copy(dAtA[i:], m.Type)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Type)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *BadRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1726,29 +2355,40 @@ func (m *BadRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *BadRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BadRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.FieldViolations) > 0 {
-		for _, msg := range m.FieldViolations {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintErrorDetails(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.FieldViolations) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.FieldViolations[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintErrorDetails(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *BadRequest_FieldViolation) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1756,29 +2396,40 @@ func (m *BadRequest_FieldViolation) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *BadRequest_FieldViolation) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BadRequest_FieldViolation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Field) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Field)))
-		i += copy(dAtA[i:], m.Field)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Description) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Description)
+		copy(dAtA[i:], m.Description)
 		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Description)))
-		i += copy(dAtA[i:], m.Description)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.Field) > 0 {
+		i -= len(m.Field)
+		copy(dAtA[i:], m.Field)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Field)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *RequestInfo) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1786,29 +2437,40 @@ func (m *RequestInfo) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *RequestInfo) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RequestInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.RequestId) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.RequestId)))
-		i += copy(dAtA[i:], m.RequestId)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.ServingData) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.ServingData)
+		copy(dAtA[i:], m.ServingData)
 		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.ServingData)))
-		i += copy(dAtA[i:], m.ServingData)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.RequestId) > 0 {
+		i -= len(m.RequestId)
+		copy(dAtA[i:], m.RequestId)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.RequestId)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ResourceInfo) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1816,41 +2478,54 @@ func (m *ResourceInfo) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ResourceInfo) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResourceInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ResourceType) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.ResourceType)))
-		i += copy(dAtA[i:], m.ResourceType)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.ResourceName) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.ResourceName)))
-		i += copy(dAtA[i:], m.ResourceName)
+	if len(m.Description) > 0 {
+		i -= len(m.Description)
+		copy(dAtA[i:], m.Description)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Description)))
+		i--
+		dAtA[i] = 0x22
 	}
 	if len(m.Owner) > 0 {
-		dAtA[i] = 0x1a
-		i++
+		i -= len(m.Owner)
+		copy(dAtA[i:], m.Owner)
 		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Owner)))
-		i += copy(dAtA[i:], m.Owner)
+		i--
+		dAtA[i] = 0x1a
 	}
-	if len(m.Description) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Description)))
-		i += copy(dAtA[i:], m.Description)
+	if len(m.ResourceName) > 0 {
+		i -= len(m.ResourceName)
+		copy(dAtA[i:], m.ResourceName)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.ResourceName)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ResourceType) > 0 {
+		i -= len(m.ResourceType)
+		copy(dAtA[i:], m.ResourceType)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.ResourceType)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Help) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1858,29 +2533,40 @@ func (m *Help) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Help) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Help) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Links) > 0 {
-		for _, msg := range m.Links {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintErrorDetails(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Links) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Links[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintErrorDetails(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Help_Link) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1888,29 +2574,40 @@ func (m *Help_Link) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Help_Link) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Help_Link) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Description) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Description)))
-		i += copy(dAtA[i:], m.Description)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Url) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Url)
+		copy(dAtA[i:], m.Url)
 		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Url)))
-		i += copy(dAtA[i:], m.Url)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Description) > 0 {
+		i -= len(m.Description)
+		copy(dAtA[i:], m.Description)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Description)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *LocalizedMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1918,40 +2615,54 @@ func (m *LocalizedMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *LocalizedMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *LocalizedMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Locale) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Locale)))
-		i += copy(dAtA[i:], m.Locale)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Message) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Message)
+		copy(dAtA[i:], m.Message)
 		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Message)))
-		i += copy(dAtA[i:], m.Message)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Locale) > 0 {
+		i -= len(m.Locale)
+		copy(dAtA[i:], m.Locale)
+		i = encodeVarintErrorDetails(dAtA, i, uint64(len(m.Locale)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintErrorDetails(dAtA []byte, offset int, v uint64) int {
+	offset -= sovErrorDetails(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func NewPopulatedRetryInfo(r randyErrorDetails, easy bool) *RetryInfo {
 	this := &RetryInfo{}
-	if r.Intn(10) != 0 {
-		this.RetryDelay = google_protobuf1.NewPopulatedDuration(r, easy)
+	if r.Intn(5) != 0 {
+		this.RetryDelay = types.NewPopulatedDuration(r, easy)
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 2)
 	}
 	return this
 }
@@ -1965,13 +2676,14 @@ func NewPopulatedDebugInfo(r randyErrorDetails, easy bool) *DebugInfo {
 	}
 	this.Detail = string(randStringErrorDetails(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 3)
 	}
 	return this
 }
 
 func NewPopulatedQuotaFailure(r randyErrorDetails, easy bool) *QuotaFailure {
 	this := &QuotaFailure{}
-	if r.Intn(10) != 0 {
+	if r.Intn(5) != 0 {
 		v2 := r.Intn(5)
 		this.Violations = make([]*QuotaFailure_Violation, v2)
 		for i := 0; i < v2; i++ {
@@ -1979,6 +2691,7 @@ func NewPopulatedQuotaFailure(r randyErrorDetails, easy bool) *QuotaFailure {
 		}
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 2)
 	}
 	return this
 }
@@ -1988,13 +2701,14 @@ func NewPopulatedQuotaFailure_Violation(r randyErrorDetails, easy bool) *QuotaFa
 	this.Subject = string(randStringErrorDetails(r))
 	this.Description = string(randStringErrorDetails(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 3)
 	}
 	return this
 }
 
 func NewPopulatedPreconditionFailure(r randyErrorDetails, easy bool) *PreconditionFailure {
 	this := &PreconditionFailure{}
-	if r.Intn(10) != 0 {
+	if r.Intn(5) != 0 {
 		v3 := r.Intn(5)
 		this.Violations = make([]*PreconditionFailure_Violation, v3)
 		for i := 0; i < v3; i++ {
@@ -2002,6 +2716,7 @@ func NewPopulatedPreconditionFailure(r randyErrorDetails, easy bool) *Preconditi
 		}
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 2)
 	}
 	return this
 }
@@ -2012,13 +2727,14 @@ func NewPopulatedPreconditionFailure_Violation(r randyErrorDetails, easy bool) *
 	this.Subject = string(randStringErrorDetails(r))
 	this.Description = string(randStringErrorDetails(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 4)
 	}
 	return this
 }
 
 func NewPopulatedBadRequest(r randyErrorDetails, easy bool) *BadRequest {
 	this := &BadRequest{}
-	if r.Intn(10) != 0 {
+	if r.Intn(5) != 0 {
 		v4 := r.Intn(5)
 		this.FieldViolations = make([]*BadRequest_FieldViolation, v4)
 		for i := 0; i < v4; i++ {
@@ -2026,6 +2742,7 @@ func NewPopulatedBadRequest(r randyErrorDetails, easy bool) *BadRequest {
 		}
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 2)
 	}
 	return this
 }
@@ -2035,6 +2752,7 @@ func NewPopulatedBadRequest_FieldViolation(r randyErrorDetails, easy bool) *BadR
 	this.Field = string(randStringErrorDetails(r))
 	this.Description = string(randStringErrorDetails(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 3)
 	}
 	return this
 }
@@ -2044,6 +2762,7 @@ func NewPopulatedRequestInfo(r randyErrorDetails, easy bool) *RequestInfo {
 	this.RequestId = string(randStringErrorDetails(r))
 	this.ServingData = string(randStringErrorDetails(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 3)
 	}
 	return this
 }
@@ -2055,13 +2774,14 @@ func NewPopulatedResourceInfo(r randyErrorDetails, easy bool) *ResourceInfo {
 	this.Owner = string(randStringErrorDetails(r))
 	this.Description = string(randStringErrorDetails(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 5)
 	}
 	return this
 }
 
 func NewPopulatedHelp(r randyErrorDetails, easy bool) *Help {
 	this := &Help{}
-	if r.Intn(10) != 0 {
+	if r.Intn(5) != 0 {
 		v5 := r.Intn(5)
 		this.Links = make([]*Help_Link, v5)
 		for i := 0; i < v5; i++ {
@@ -2069,6 +2789,7 @@ func NewPopulatedHelp(r randyErrorDetails, easy bool) *Help {
 		}
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 2)
 	}
 	return this
 }
@@ -2078,6 +2799,7 @@ func NewPopulatedHelp_Link(r randyErrorDetails, easy bool) *Help_Link {
 	this.Description = string(randStringErrorDetails(r))
 	this.Url = string(randStringErrorDetails(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 3)
 	}
 	return this
 }
@@ -2087,6 +2809,7 @@ func NewPopulatedLocalizedMessage(r randyErrorDetails, easy bool) *LocalizedMess
 	this.Locale = string(randStringErrorDetails(r))
 	this.Message = string(randStringErrorDetails(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedErrorDetails(r, 3)
 	}
 	return this
 }
@@ -2164,16 +2887,25 @@ func encodeVarintPopulateErrorDetails(dAtA []byte, v uint64) []byte {
 	return dAtA
 }
 func (m *RetryInfo) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.RetryDelay != nil {
 		l = m.RetryDelay.Size()
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DebugInfo) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.StackEntries) > 0 {
@@ -2186,10 +2918,16 @@ func (m *DebugInfo) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *QuotaFailure) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Violations) > 0 {
@@ -2198,10 +2936,16 @@ func (m *QuotaFailure) Size() (n int) {
 			n += 1 + l + sovErrorDetails(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *QuotaFailure_Violation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Subject)
@@ -2212,10 +2956,16 @@ func (m *QuotaFailure_Violation) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *PreconditionFailure) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Violations) > 0 {
@@ -2224,10 +2974,16 @@ func (m *PreconditionFailure) Size() (n int) {
 			n += 1 + l + sovErrorDetails(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *PreconditionFailure_Violation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Type)
@@ -2242,10 +2998,16 @@ func (m *PreconditionFailure_Violation) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *BadRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.FieldViolations) > 0 {
@@ -2254,10 +3016,16 @@ func (m *BadRequest) Size() (n int) {
 			n += 1 + l + sovErrorDetails(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *BadRequest_FieldViolation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Field)
@@ -2268,10 +3036,16 @@ func (m *BadRequest_FieldViolation) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *RequestInfo) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.RequestId)
@@ -2282,10 +3056,16 @@ func (m *RequestInfo) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ResourceInfo) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ResourceType)
@@ -2304,10 +3084,16 @@ func (m *ResourceInfo) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Help) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Links) > 0 {
@@ -2316,10 +3102,16 @@ func (m *Help) Size() (n int) {
 			n += 1 + l + sovErrorDetails(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Help_Link) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Description)
@@ -2330,10 +3122,16 @@ func (m *Help_Link) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *LocalizedMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Locale)
@@ -2344,18 +3142,14 @@ func (m *LocalizedMessage) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovErrorDetails(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovErrorDetails(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozErrorDetails(x uint64) (n int) {
 	return sovErrorDetails(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -2365,7 +3159,8 @@ func (this *RetryInfo) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&RetryInfo{`,
-		`RetryDelay:` + strings.Replace(fmt.Sprintf("%v", this.RetryDelay), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`RetryDelay:` + strings.Replace(fmt.Sprintf("%v", this.RetryDelay), "Duration", "types.Duration", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2377,6 +3172,7 @@ func (this *DebugInfo) String() string {
 	s := strings.Join([]string{`&DebugInfo{`,
 		`StackEntries:` + fmt.Sprintf("%v", this.StackEntries) + `,`,
 		`Detail:` + fmt.Sprintf("%v", this.Detail) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2385,8 +3181,14 @@ func (this *QuotaFailure) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForViolations := "[]*QuotaFailure_Violation{"
+	for _, f := range this.Violations {
+		repeatedStringForViolations += strings.Replace(fmt.Sprintf("%v", f), "QuotaFailure_Violation", "QuotaFailure_Violation", 1) + ","
+	}
+	repeatedStringForViolations += "}"
 	s := strings.Join([]string{`&QuotaFailure{`,
-		`Violations:` + strings.Replace(fmt.Sprintf("%v", this.Violations), "QuotaFailure_Violation", "QuotaFailure_Violation", 1) + `,`,
+		`Violations:` + repeatedStringForViolations + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2398,6 +3200,7 @@ func (this *QuotaFailure_Violation) String() string {
 	s := strings.Join([]string{`&QuotaFailure_Violation{`,
 		`Subject:` + fmt.Sprintf("%v", this.Subject) + `,`,
 		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2406,8 +3209,14 @@ func (this *PreconditionFailure) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForViolations := "[]*PreconditionFailure_Violation{"
+	for _, f := range this.Violations {
+		repeatedStringForViolations += strings.Replace(fmt.Sprintf("%v", f), "PreconditionFailure_Violation", "PreconditionFailure_Violation", 1) + ","
+	}
+	repeatedStringForViolations += "}"
 	s := strings.Join([]string{`&PreconditionFailure{`,
-		`Violations:` + strings.Replace(fmt.Sprintf("%v", this.Violations), "PreconditionFailure_Violation", "PreconditionFailure_Violation", 1) + `,`,
+		`Violations:` + repeatedStringForViolations + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2420,6 +3229,7 @@ func (this *PreconditionFailure_Violation) String() string {
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Subject:` + fmt.Sprintf("%v", this.Subject) + `,`,
 		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2428,8 +3238,14 @@ func (this *BadRequest) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForFieldViolations := "[]*BadRequest_FieldViolation{"
+	for _, f := range this.FieldViolations {
+		repeatedStringForFieldViolations += strings.Replace(fmt.Sprintf("%v", f), "BadRequest_FieldViolation", "BadRequest_FieldViolation", 1) + ","
+	}
+	repeatedStringForFieldViolations += "}"
 	s := strings.Join([]string{`&BadRequest{`,
-		`FieldViolations:` + strings.Replace(fmt.Sprintf("%v", this.FieldViolations), "BadRequest_FieldViolation", "BadRequest_FieldViolation", 1) + `,`,
+		`FieldViolations:` + repeatedStringForFieldViolations + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2441,6 +3257,7 @@ func (this *BadRequest_FieldViolation) String() string {
 	s := strings.Join([]string{`&BadRequest_FieldViolation{`,
 		`Field:` + fmt.Sprintf("%v", this.Field) + `,`,
 		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2452,6 +3269,7 @@ func (this *RequestInfo) String() string {
 	s := strings.Join([]string{`&RequestInfo{`,
 		`RequestId:` + fmt.Sprintf("%v", this.RequestId) + `,`,
 		`ServingData:` + fmt.Sprintf("%v", this.ServingData) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2465,6 +3283,7 @@ func (this *ResourceInfo) String() string {
 		`ResourceName:` + fmt.Sprintf("%v", this.ResourceName) + `,`,
 		`Owner:` + fmt.Sprintf("%v", this.Owner) + `,`,
 		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2473,8 +3292,14 @@ func (this *Help) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForLinks := "[]*Help_Link{"
+	for _, f := range this.Links {
+		repeatedStringForLinks += strings.Replace(fmt.Sprintf("%v", f), "Help_Link", "Help_Link", 1) + ","
+	}
+	repeatedStringForLinks += "}"
 	s := strings.Join([]string{`&Help{`,
-		`Links:` + strings.Replace(fmt.Sprintf("%v", this.Links), "Help_Link", "Help_Link", 1) + `,`,
+		`Links:` + repeatedStringForLinks + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2486,6 +3311,7 @@ func (this *Help_Link) String() string {
 	s := strings.Join([]string{`&Help_Link{`,
 		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
 		`Url:` + fmt.Sprintf("%v", this.Url) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2497,6 +3323,7 @@ func (this *LocalizedMessage) String() string {
 	s := strings.Join([]string{`&LocalizedMessage{`,
 		`Locale:` + fmt.Sprintf("%v", this.Locale) + `,`,
 		`Message:` + fmt.Sprintf("%v", this.Message) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2524,7 +3351,7 @@ func (m *RetryInfo) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2552,7 +3379,7 @@ func (m *RetryInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2561,11 +3388,14 @@ func (m *RetryInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.RetryDelay == nil {
-				m.RetryDelay = &google_protobuf1.Duration{}
+				m.RetryDelay = &types.Duration{}
 			}
 			if err := m.RetryDelay.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2580,9 +3410,13 @@ func (m *RetryInfo) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2607,7 +3441,7 @@ func (m *DebugInfo) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2635,7 +3469,7 @@ func (m *DebugInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2645,6 +3479,9 @@ func (m *DebugInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2664,7 +3501,7 @@ func (m *DebugInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2674,6 +3511,9 @@ func (m *DebugInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2688,9 +3528,13 @@ func (m *DebugInfo) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2715,7 +3559,7 @@ func (m *QuotaFailure) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2743,7 +3587,7 @@ func (m *QuotaFailure) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2752,6 +3596,9 @@ func (m *QuotaFailure) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2769,9 +3616,13 @@ func (m *QuotaFailure) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2796,7 +3647,7 @@ func (m *QuotaFailure_Violation) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2824,7 +3675,7 @@ func (m *QuotaFailure_Violation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2834,6 +3685,9 @@ func (m *QuotaFailure_Violation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2853,7 +3707,7 @@ func (m *QuotaFailure_Violation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2863,6 +3717,9 @@ func (m *QuotaFailure_Violation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2877,9 +3734,13 @@ func (m *QuotaFailure_Violation) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2904,7 +3765,7 @@ func (m *PreconditionFailure) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2932,7 +3793,7 @@ func (m *PreconditionFailure) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2941,6 +3802,9 @@ func (m *PreconditionFailure) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2958,9 +3822,13 @@ func (m *PreconditionFailure) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2985,7 +3853,7 @@ func (m *PreconditionFailure_Violation) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3013,7 +3881,7 @@ func (m *PreconditionFailure_Violation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3023,6 +3891,9 @@ func (m *PreconditionFailure_Violation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3042,7 +3913,7 @@ func (m *PreconditionFailure_Violation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3052,6 +3923,9 @@ func (m *PreconditionFailure_Violation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3071,7 +3945,7 @@ func (m *PreconditionFailure_Violation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3081,6 +3955,9 @@ func (m *PreconditionFailure_Violation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3095,9 +3972,13 @@ func (m *PreconditionFailure_Violation) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3122,7 +4003,7 @@ func (m *BadRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3150,7 +4031,7 @@ func (m *BadRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3159,6 +4040,9 @@ func (m *BadRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3176,9 +4060,13 @@ func (m *BadRequest) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3203,7 +4091,7 @@ func (m *BadRequest_FieldViolation) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3231,7 +4119,7 @@ func (m *BadRequest_FieldViolation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3241,6 +4129,9 @@ func (m *BadRequest_FieldViolation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3260,7 +4151,7 @@ func (m *BadRequest_FieldViolation) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3270,6 +4161,9 @@ func (m *BadRequest_FieldViolation) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3284,9 +4178,13 @@ func (m *BadRequest_FieldViolation) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3311,7 +4209,7 @@ func (m *RequestInfo) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3339,7 +4237,7 @@ func (m *RequestInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3349,6 +4247,9 @@ func (m *RequestInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3368,7 +4269,7 @@ func (m *RequestInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3378,6 +4279,9 @@ func (m *RequestInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3392,9 +4296,13 @@ func (m *RequestInfo) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3419,7 +4327,7 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3447,7 +4355,7 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3457,6 +4365,9 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3476,7 +4387,7 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3486,6 +4397,9 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3505,7 +4419,7 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3515,6 +4429,9 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3534,7 +4451,7 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3544,6 +4461,9 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3558,9 +4478,13 @@ func (m *ResourceInfo) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3585,7 +4509,7 @@ func (m *Help) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3613,7 +4537,7 @@ func (m *Help) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3622,6 +4546,9 @@ func (m *Help) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3639,9 +4566,13 @@ func (m *Help) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3666,7 +4597,7 @@ func (m *Help_Link) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3694,7 +4625,7 @@ func (m *Help_Link) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3704,6 +4635,9 @@ func (m *Help_Link) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3723,7 +4657,7 @@ func (m *Help_Link) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3733,6 +4667,9 @@ func (m *Help_Link) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3747,9 +4684,13 @@ func (m *Help_Link) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3774,7 +4715,7 @@ func (m *LocalizedMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3802,7 +4743,7 @@ func (m *LocalizedMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3812,6 +4753,9 @@ func (m *LocalizedMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3831,7 +4775,7 @@ func (m *LocalizedMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3841,6 +4785,9 @@ func (m *LocalizedMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthErrorDetails
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3855,9 +4802,13 @@ func (m *LocalizedMessage) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthErrorDetails
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthErrorDetails
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3870,6 +4821,7 @@ func (m *LocalizedMessage) Unmarshal(dAtA []byte) error {
 func skipErrorDetails(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -3901,10 +4853,8 @@ func skipErrorDetails(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -3921,98 +4871,34 @@ func skipErrorDetails(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthErrorDetails
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowErrorDetails
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipErrorDetails(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupErrorDetails
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthErrorDetails
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthErrorDetails = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowErrorDetails   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthErrorDetails        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowErrorDetails          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupErrorDetails = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("google/rpc/error_details.proto", fileDescriptorErrorDetails) }
-
-var fileDescriptorErrorDetails = []byte{
-	// 624 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xbf, 0x6f, 0xd3, 0x40,
-	0x18, 0xed, 0x35, 0x69, 0x91, 0xbf, 0x84, 0x52, 0xcc, 0x0f, 0x85, 0x48, 0x9c, 0x82, 0x11, 0x52,
-	0x11, 0x92, 0x2b, 0x95, 0xad, 0x63, 0x48, 0x7f, 0x49, 0x05, 0x82, 0x85, 0x18, 0x60, 0xb0, 0x2e,
-	0xf6, 0x97, 0xe8, 0xa8, 0xe3, 0x33, 0x67, 0xbb, 0xa8, 0x4c, 0xfc, 0x09, 0xec, 0x6c, 0x4c, 0xfd,
-	0x27, 0xd8, 0x3b, 0x76, 0x64, 0x24, 0xe9, 0xc2, 0xd8, 0x91, 0x11, 0x9d, 0x7d, 0xd7, 0xba, 0x4d,
-	0x41, 0x6c, 0x7e, 0xef, 0xde, 0x3d, 0xbf, 0xf7, 0xe9, 0xee, 0x80, 0x8e, 0x84, 0x18, 0x45, 0xb8,
-	0x2a, 0x93, 0x60, 0x15, 0xa5, 0x14, 0xd2, 0x0f, 0x31, 0x63, 0x3c, 0x4a, 0xdd, 0x44, 0x8a, 0x4c,
-	0xd8, 0x50, 0xae, 0xbb, 0x32, 0x09, 0xda, 0x46, 0x5b, 0xac, 0x0c, 0xf2, 0xe1, 0x6a, 0x98, 0x4b,
-	0x96, 0x71, 0x11, 0x97, 0x5a, 0x67, 0x0b, 0x2c, 0x0f, 0x33, 0x79, 0xb0, 0x13, 0x0f, 0x85, 0xbd,
-	0x0e, 0x0d, 0xa9, 0x80, 0x1f, 0x62, 0xc4, 0x0e, 0x5a, 0xa4, 0x43, 0x56, 0x1a, 0x6b, 0xf7, 0x5c,
-	0x6d, 0x67, 0x2c, 0xdc, 0x9e, 0xb6, 0xf0, 0xa0, 0x50, 0xf7, 0x94, 0xd8, 0xd9, 0x06, 0xab, 0x87,
-	0x83, 0x7c, 0x54, 0x18, 0x3d, 0x84, 0xeb, 0x69, 0xc6, 0x82, 0x3d, 0x1f, 0xe3, 0x4c, 0x72, 0x4c,
-	0x5b, 0xa4, 0x53, 0x5b, 0xb1, 0xbc, 0x66, 0x41, 0x6e, 0x94, 0x9c, 0x7d, 0x17, 0x16, 0xcb, 0xdc,
-	0xad, 0xf9, 0x0e, 0x59, 0xb1, 0x3c, 0x8d, 0x9c, 0xaf, 0x04, 0x9a, 0xaf, 0x72, 0x91, 0xb1, 0x4d,
-	0xc6, 0xa3, 0x5c, 0xa2, 0xdd, 0x05, 0xd8, 0xe7, 0x22, 0x2a, 0xfe, 0x59, 0x5a, 0x35, 0xd6, 0x1c,
-	0xf7, 0xbc, 0xa4, 0x5b, 0x55, 0xbb, 0x6f, 0x8c, 0xd4, 0xab, 0xec, 0x6a, 0x6f, 0x81, 0x75, 0xb6,
-	0x60, 0xb7, 0xe0, 0x5a, 0x9a, 0x0f, 0xde, 0x63, 0x90, 0x15, 0x1d, 0x2d, 0xcf, 0x40, 0xbb, 0x03,
-	0x8d, 0x10, 0xd3, 0x40, 0xf2, 0x44, 0x09, 0x75, 0xb0, 0x2a, 0xe5, 0x7c, 0x27, 0x70, 0xab, 0x2f,
-	0x31, 0x10, 0x71, 0xc8, 0x15, 0x61, 0x42, 0xee, 0x5c, 0x11, 0xf2, 0x71, 0x35, 0xe4, 0x15, 0x9b,
-	0xfe, 0x92, 0xf5, 0x5d, 0x35, 0xab, 0x0d, 0xf5, 0xec, 0x20, 0x41, 0x1d, 0xb4, 0xf8, 0xae, 0xe6,
-	0x9f, 0xff, 0x67, 0xfe, 0xda, 0x6c, 0xfe, 0x43, 0x02, 0xd0, 0x65, 0xa1, 0x87, 0x1f, 0x72, 0x4c,
-	0x33, 0xbb, 0x0f, 0xcb, 0x43, 0x8e, 0x51, 0xe8, 0xcf, 0x84, 0x7f, 0x54, 0x0d, 0x7f, 0xbe, 0xc3,
-	0xdd, 0x54, 0xf2, 0xf3, 0xe0, 0x37, 0x86, 0x17, 0x70, 0xda, 0xde, 0x86, 0xa5, 0x8b, 0x12, 0xfb,
-	0x36, 0x2c, 0x14, 0x22, 0xdd, 0xa1, 0x04, 0xff, 0x31, 0xea, 0x97, 0xd0, 0xd0, 0x3f, 0x2d, 0x0e,
-	0xd5, 0x7d, 0x00, 0x59, 0x42, 0x9f, 0x1b, 0x2f, 0x4b, 0x33, 0x3b, 0xa1, 0xfd, 0x00, 0x9a, 0x29,
-	0xca, 0x7d, 0x1e, 0x8f, 0xfc, 0x90, 0x65, 0xcc, 0x18, 0x6a, 0xae, 0xc7, 0x32, 0xe6, 0x7c, 0x21,
-	0xd0, 0xf4, 0x30, 0x15, 0xb9, 0x0c, 0xd0, 0x9c, 0x53, 0xa9, 0xb1, 0x5f, 0x99, 0x72, 0xd3, 0x90,
-	0xaf, 0xd5, 0xb4, 0xab, 0xa2, 0x98, 0x8d, 0x51, 0x3b, 0x9f, 0x89, 0x5e, 0xb0, 0x31, 0xaa, 0x8e,
-	0xe2, 0x63, 0x8c, 0x52, 0x8f, 0xbc, 0x04, 0x97, 0x3b, 0xd6, 0x67, 0x3b, 0x0a, 0xa8, 0x6f, 0x63,
-	0x94, 0xd8, 0x4f, 0x60, 0x21, 0xe2, 0xf1, 0x9e, 0x19, 0xfe, 0x9d, 0xea, 0xf0, 0x95, 0xc0, 0xdd,
-	0xe5, 0xf1, 0x9e, 0x57, 0x6a, 0xda, 0xeb, 0x50, 0x57, 0xf0, 0xb2, 0x3d, 0x99, 0xb1, 0xb7, 0x97,
-	0xa1, 0x96, 0x4b, 0x73, 0xc1, 0xd4, 0xa7, 0xd3, 0x83, 0xe5, 0x5d, 0x11, 0xb0, 0x88, 0x7f, 0xc2,
-	0xf0, 0x39, 0xa6, 0x29, 0x1b, 0xa1, 0xba, 0x89, 0x91, 0xe2, 0x4c, 0x7f, 0x8d, 0xd4, 0x39, 0x1b,
-	0x97, 0x12, 0x73, 0xce, 0x34, 0xec, 0x86, 0xc7, 0x13, 0x3a, 0xf7, 0x63, 0x42, 0xe7, 0x4e, 0x27,
-	0x94, 0xfc, 0x9e, 0x50, 0xf2, 0x79, 0x4a, 0xc9, 0xe1, 0x94, 0x92, 0xa3, 0x29, 0x25, 0xc7, 0x53,
-	0x4a, 0x7e, 0x4e, 0x29, 0xf9, 0x35, 0xa5, 0x73, 0xa7, 0x8a, 0x3f, 0xa1, 0xe4, 0xe8, 0x84, 0x12,
-	0x58, 0x0a, 0xc4, 0xb8, 0x52, 0xac, 0x7b, 0x73, 0x43, 0xbd, 0x5e, 0xbd, 0xf2, 0xf1, 0xea, 0xab,
-	0xe7, 0xa5, 0x4f, 0xde, 0xd6, 0x64, 0x12, 0x7c, 0x9b, 0xaf, 0x79, 0xfd, 0x67, 0x83, 0xc5, 0xe2,
-	0xc9, 0x79, 0xfa, 0x27, 0x00, 0x00, 0xff, 0xff, 0x63, 0xe4, 0x76, 0x26, 0xf1, 0x04, 0x00, 0x00,
-}
diff --git a/vendor/github.com/gogo/googleapis/google/rpc/error_details.proto b/vendor/github.com/gogo/googleapis/google/rpc/error_details.proto
index a62078ba0a0ec..0682cc97bb895 100644
--- a/vendor/github.com/gogo/googleapis/google/rpc/error_details.proto
+++ b/vendor/github.com/gogo/googleapis/google/rpc/error_details.proto
@@ -24,7 +24,6 @@ option java_outer_classname = "ErrorDetailsProto";
 option java_package = "com.google.rpc";
 option objc_class_prefix = "RPC";
 
-
 // Describes when the clients can retry a failed request. Clients could ignore
 // the recommendation here or retry when this information is missing from error
 // responses.
@@ -154,7 +153,8 @@ message ResourceInfo {
 
   // The name of the resource being accessed.  For example, a shared calendar
   // name: "example.com_4fghdhgsrgh@group.calendar.google.com", if the current
-  // error is [google.rpc.Code.PERMISSION_DENIED][google.rpc.Code.PERMISSION_DENIED].
+  // error is
+  // [google.rpc.Code.PERMISSION_DENIED][google.rpc.Code.PERMISSION_DENIED].
   string resource_name = 2;
 
   // The owner of the resource (optional).
diff --git a/vendor/github.com/gogo/googleapis/google/rpc/status.pb.go b/vendor/github.com/gogo/googleapis/google/rpc/status.pb.go
index 2d123908f78af..59793ba3809c4 100644
--- a/vendor/github.com/gogo/googleapis/google/rpc/status.pb.go
+++ b/vendor/github.com/gogo/googleapis/google/rpc/status.pb.go
@@ -1,37 +1,19 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: google/rpc/status.proto
 
-/*
-	Package rpc is a generated protocol buffer package.
-
-	It is generated from these files:
-		google/rpc/status.proto
-		google/rpc/error_details.proto
-		google/rpc/code.proto
-
-	It has these top-level messages:
-		Status
-		RetryInfo
-		DebugInfo
-		QuotaFailure
-		PreconditionFailure
-		BadRequest
-		RequestInfo
-		ResourceInfo
-		Help
-		LocalizedMessage
-*/
 package rpc
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/types"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	types "github.com/gogo/protobuf/types"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -42,26 +24,27 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
-// The `Status` type defines a logical error model that is suitable for different
-// programming environments, including REST APIs and RPC APIs. It is used by
-// [gRPC](https://github.com/grpc). The error model is designed to be:
+// The `Status` type defines a logical error model that is suitable for
+// different programming environments, including REST APIs and RPC APIs. It is
+// used by [gRPC](https://github.com/grpc). The error model is designed to be:
 //
 // - Simple to use and understand for most users
 // - Flexible enough to meet unexpected needs
 //
 // # Overview
 //
-// The `Status` message contains three pieces of data: error code, error message,
-// and error details. The error code should be an enum value of
-// [google.rpc.Code][google.rpc.Code], but it may accept additional error codes if needed.  The
-// error message should be a developer-facing English message that helps
-// developers *understand* and *resolve* the error. If a localized user-facing
-// error message is needed, put the localized message in the error details or
-// localize it in the client. The optional error details may contain arbitrary
-// information about the error. There is a predefined set of error detail types
-// in the package `google.rpc` that can be used for common error conditions.
+// The `Status` message contains three pieces of data: error code, error
+// message, and error details. The error code should be an enum value of
+// [google.rpc.Code][google.rpc.Code], but it may accept additional error codes
+// if needed.  The error message should be a developer-facing English message
+// that helps developers *understand* and *resolve* the error. If a localized
+// user-facing error message is needed, put the localized message in the error
+// details or localize it in the client. The optional error details may contain
+// arbitrary information about the error. There is a predefined set of error
+// detail types in the package `google.rpc` that can be used for common error
+// conditions.
 //
 // # Language mapping
 //
@@ -97,20 +80,53 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 // - Logging. If some API errors are stored in logs, the message `Status` could
 //     be used directly after any stripping needed for security/privacy reasons.
 type Status struct {
-	// The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
+	// The status code, which should be an enum value of
+	// [google.rpc.Code][google.rpc.Code].
 	Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
 	// A developer-facing error message, which should be in English. Any
 	// user-facing error message should be localized and sent in the
-	// [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
+	// [google.rpc.Status.details][google.rpc.Status.details] field, or localized
+	// by the client.
 	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
 	// A list of messages that carry the error details.  There is a common set of
 	// message types for APIs to use.
-	Details []*google_protobuf.Any `protobuf:"bytes,3,rep,name=details" json:"details,omitempty"`
+	Details              []*types.Any `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
+	XXX_unrecognized     []byte       `json:"-"`
+	XXX_sizecache        int32        `json:"-"`
 }
 
-func (m *Status) Reset()                    { *m = Status{} }
-func (*Status) ProtoMessage()               {}
-func (*Status) Descriptor() ([]byte, []int) { return fileDescriptorStatus, []int{0} }
+func (m *Status) Reset()      { *m = Status{} }
+func (*Status) ProtoMessage() {}
+func (*Status) Descriptor() ([]byte, []int) {
+	return fileDescriptor_24d244abaf643bfe, []int{0}
+}
+func (m *Status) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Status) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Status.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Status) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Status.Merge(m, src)
+}
+func (m *Status) XXX_Size() int {
+	return m.Size()
+}
+func (m *Status) XXX_DiscardUnknown() {
+	xxx_messageInfo_Status.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Status proto.InternalMessageInfo
 
 func (m *Status) GetCode() int32 {
 	if m != nil {
@@ -126,7 +142,7 @@ func (m *Status) GetMessage() string {
 	return ""
 }
 
-func (m *Status) GetDetails() []*google_protobuf.Any {
+func (m *Status) GetDetails() []*types.Any {
 	if m != nil {
 		return m.Details
 	}
@@ -139,6 +155,28 @@ func (*Status) XXX_MessageName() string {
 func init() {
 	proto.RegisterType((*Status)(nil), "google.rpc.Status")
 }
+
+func init() { proto.RegisterFile("google/rpc/status.proto", fileDescriptor_24d244abaf643bfe) }
+
+var fileDescriptor_24d244abaf643bfe = []byte{
+	// 235 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4f, 0xcf, 0xcf, 0x4f,
+	0xcf, 0x49, 0xd5, 0x2f, 0x2a, 0x48, 0xd6, 0x2f, 0x2e, 0x49, 0x2c, 0x29, 0x2d, 0xd6, 0x2b, 0x28,
+	0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x82, 0x48, 0xe8, 0x15, 0x15, 0x24, 0x4b, 0x49, 0x42, 0x15, 0x81,
+	0x65, 0x92, 0x4a, 0xd3, 0xf4, 0x13, 0xf3, 0x2a, 0x21, 0xca, 0x94, 0xd2, 0xb8, 0xd8, 0x82, 0xc1,
+	0xda, 0x84, 0x84, 0xb8, 0x58, 0x92, 0xf3, 0x53, 0x52, 0x25, 0x18, 0x15, 0x18, 0x35, 0x58, 0x83,
+	0xc0, 0x6c, 0x21, 0x09, 0x2e, 0xf6, 0xdc, 0xd4, 0xe2, 0xe2, 0xc4, 0xf4, 0x54, 0x09, 0x26, 0x05,
+	0x46, 0x0d, 0xce, 0x20, 0x18, 0x57, 0x48, 0x8f, 0x8b, 0x3d, 0x25, 0xb5, 0x24, 0x31, 0x33, 0xa7,
+	0x58, 0x82, 0x59, 0x81, 0x59, 0x83, 0xdb, 0x48, 0x44, 0x0f, 0x6a, 0x21, 0xcc, 0x12, 0x3d, 0xc7,
+	0xbc, 0xca, 0x20, 0x98, 0x22, 0xa7, 0xb8, 0x0b, 0x0f, 0xe5, 0x18, 0x6e, 0x3c, 0x94, 0x63, 0xf8,
+	0xf0, 0x50, 0x8e, 0xf1, 0xc7, 0x43, 0x39, 0xc6, 0x86, 0x47, 0x72, 0x8c, 0x2b, 0x1e, 0xc9, 0x31,
+	0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c, 0xe3, 0x83, 0x47, 0x72, 0x8c, 0x2f, 0x1e, 0xc9,
+	0x31, 0x7c, 0x00, 0x89, 0x3f, 0x96, 0x63, 0x3c, 0xf1, 0x58, 0x8e, 0x91, 0x8b, 0x2f, 0x39, 0x3f,
+	0x57, 0x0f, 0xe1, 0x11, 0x27, 0x6e, 0x88, 0x5b, 0x03, 0x40, 0x56, 0x04, 0x30, 0x46, 0x31, 0x17,
+	0x15, 0x24, 0x2f, 0x62, 0x62, 0x0e, 0x0a, 0x70, 0x4e, 0x62, 0x03, 0x5b, 0x6b, 0x0c, 0x08, 0x00,
+	0x00, 0xff, 0xff, 0xaa, 0x06, 0xa1, 0xaa, 0x10, 0x01, 0x00, 0x00,
+}
+
 func (this *Status) Compare(that interface{}) int {
 	if that == nil {
 		if this == nil {
@@ -187,6 +225,9 @@ func (this *Status) Compare(that interface{}) int {
 			return c
 		}
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Status) Equal(that interface{}) bool {
@@ -222,6 +263,9 @@ func (this *Status) Equal(that interface{}) bool {
 			return false
 		}
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Status) GoString() string {
@@ -235,6 +279,9 @@ func (this *Status) GoString() string {
 	if this.Details != nil {
 		s = append(s, "Details: "+fmt.Sprintf("%#v", this.Details)+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -249,7 +296,7 @@ func valueToGoStringStatus(v interface{}, typ string) string {
 func (m *Status) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -257,44 +304,58 @@ func (m *Status) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Status) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Status) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Code != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintStatus(dAtA, i, uint64(m.Code))
-	}
-	if len(m.Message) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintStatus(dAtA, i, uint64(len(m.Message)))
-		i += copy(dAtA[i:], m.Message)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Details) > 0 {
-		for _, msg := range m.Details {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintStatus(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Details) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Details[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintStatus(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	return i, nil
+	if len(m.Message) > 0 {
+		i -= len(m.Message)
+		copy(dAtA[i:], m.Message)
+		i = encodeVarintStatus(dAtA, i, uint64(len(m.Message)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Code != 0 {
+		i = encodeVarintStatus(dAtA, i, uint64(m.Code))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintStatus(dAtA []byte, offset int, v uint64) int {
+	offset -= sovStatus(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func NewPopulatedStatus(r randyStatus, easy bool) *Status {
 	this := &Status{}
@@ -303,14 +364,15 @@ func NewPopulatedStatus(r randyStatus, easy bool) *Status {
 		this.Code *= -1
 	}
 	this.Message = string(randStringStatus(r))
-	if r.Intn(10) != 0 {
+	if r.Intn(5) != 0 {
 		v1 := r.Intn(5)
-		this.Details = make([]*google_protobuf.Any, v1)
+		this.Details = make([]*types.Any, v1)
 		for i := 0; i < v1; i++ {
-			this.Details[i] = google_protobuf.NewPopulatedAny(r, easy)
+			this.Details[i] = types.NewPopulatedAny(r, easy)
 		}
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedStatus(r, 4)
 	}
 	return this
 }
@@ -388,6 +450,9 @@ func encodeVarintPopulateStatus(dAtA []byte, v uint64) []byte {
 	return dAtA
 }
 func (m *Status) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Code != 0 {
@@ -403,18 +468,14 @@ func (m *Status) Size() (n int) {
 			n += 1 + l + sovStatus(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovStatus(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozStatus(x uint64) (n int) {
 	return sovStatus(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -423,10 +484,16 @@ func (this *Status) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForDetails := "[]*Any{"
+	for _, f := range this.Details {
+		repeatedStringForDetails += strings.Replace(fmt.Sprintf("%v", f), "Any", "types.Any", 1) + ","
+	}
+	repeatedStringForDetails += "}"
 	s := strings.Join([]string{`&Status{`,
 		`Code:` + fmt.Sprintf("%v", this.Code) + `,`,
 		`Message:` + fmt.Sprintf("%v", this.Message) + `,`,
-		`Details:` + strings.Replace(fmt.Sprintf("%v", this.Details), "Any", "google_protobuf.Any", 1) + `,`,
+		`Details:` + repeatedStringForDetails + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -454,7 +521,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -482,7 +549,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Code |= (int32(b) & 0x7F) << shift
+				m.Code |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -501,7 +568,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -511,6 +578,9 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStatus
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthStatus
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -530,7 +600,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -539,10 +609,13 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStatus
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthStatus
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Details = append(m.Details, &google_protobuf.Any{})
+			m.Details = append(m.Details, &types.Any{})
 			if err := m.Details[len(m.Details)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -556,9 +629,13 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthStatus
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthStatus
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -571,6 +648,7 @@ func (m *Status) Unmarshal(dAtA []byte) error {
 func skipStatus(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -602,10 +680,8 @@ func skipStatus(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -622,74 +698,34 @@ func skipStatus(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthStatus
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowStatus
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipStatus(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupStatus
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthStatus
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthStatus = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowStatus   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthStatus        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowStatus          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupStatus = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("google/rpc/status.proto", fileDescriptorStatus) }
-
-var fileDescriptorStatus = []byte{
-	// 235 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4f, 0xcf, 0xcf, 0x4f,
-	0xcf, 0x49, 0xd5, 0x2f, 0x2a, 0x48, 0xd6, 0x2f, 0x2e, 0x49, 0x2c, 0x29, 0x2d, 0xd6, 0x2b, 0x28,
-	0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x82, 0x48, 0xe8, 0x15, 0x15, 0x24, 0x4b, 0x49, 0x42, 0x15, 0x81,
-	0x65, 0x92, 0x4a, 0xd3, 0xf4, 0x13, 0xf3, 0x2a, 0x21, 0xca, 0x94, 0xd2, 0xb8, 0xd8, 0x82, 0xc1,
-	0xda, 0x84, 0x84, 0xb8, 0x58, 0x92, 0xf3, 0x53, 0x52, 0x25, 0x18, 0x15, 0x18, 0x35, 0x58, 0x83,
-	0xc0, 0x6c, 0x21, 0x09, 0x2e, 0xf6, 0xdc, 0xd4, 0xe2, 0xe2, 0xc4, 0xf4, 0x54, 0x09, 0x26, 0x05,
-	0x46, 0x0d, 0xce, 0x20, 0x18, 0x57, 0x48, 0x8f, 0x8b, 0x3d, 0x25, 0xb5, 0x24, 0x31, 0x33, 0xa7,
-	0x58, 0x82, 0x59, 0x81, 0x59, 0x83, 0xdb, 0x48, 0x44, 0x0f, 0x6a, 0x21, 0xcc, 0x12, 0x3d, 0xc7,
-	0xbc, 0xca, 0x20, 0x98, 0x22, 0xa7, 0xb8, 0x0b, 0x0f, 0xe5, 0x18, 0x6e, 0x3c, 0x94, 0x63, 0xf8,
-	0xf0, 0x50, 0x8e, 0xf1, 0xc7, 0x43, 0x39, 0xc6, 0x86, 0x47, 0x72, 0x8c, 0x2b, 0x1e, 0xc9, 0x31,
-	0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c, 0xe3, 0x83, 0x47, 0x72, 0x8c, 0x2f, 0x1e, 0xc9,
-	0x31, 0x7c, 0x00, 0x89, 0x3f, 0x96, 0x63, 0x3c, 0xf1, 0x58, 0x8e, 0x91, 0x8b, 0x2f, 0x39, 0x3f,
-	0x57, 0x0f, 0xe1, 0x11, 0x27, 0x6e, 0x88, 0x5b, 0x03, 0x40, 0x56, 0x04, 0x30, 0x46, 0x31, 0x17,
-	0x15, 0x24, 0x2f, 0x62, 0x62, 0x0e, 0x0a, 0x70, 0x4e, 0x62, 0x03, 0x5b, 0x6b, 0x0c, 0x08, 0x00,
-	0x00, 0xff, 0xff, 0xaa, 0x06, 0xa1, 0xaa, 0x10, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/gogo/googleapis/google/rpc/status.proto b/vendor/github.com/gogo/googleapis/google/rpc/status.proto
index db3226ee06fc0..abcd4534317f9 100644
--- a/vendor/github.com/gogo/googleapis/google/rpc/status.proto
+++ b/vendor/github.com/gogo/googleapis/google/rpc/status.proto
@@ -24,25 +24,25 @@ option java_outer_classname = "StatusProto";
 option java_package = "com.google.rpc";
 option objc_class_prefix = "RPC";
 
-
-// The `Status` type defines a logical error model that is suitable for different
-// programming environments, including REST APIs and RPC APIs. It is used by
-// [gRPC](https://github.com/grpc). The error model is designed to be:
+// The `Status` type defines a logical error model that is suitable for
+// different programming environments, including REST APIs and RPC APIs. It is
+// used by [gRPC](https://github.com/grpc). The error model is designed to be:
 //
 // - Simple to use and understand for most users
 // - Flexible enough to meet unexpected needs
 //
 // # Overview
 //
-// The `Status` message contains three pieces of data: error code, error message,
-// and error details. The error code should be an enum value of
-// [google.rpc.Code][google.rpc.Code], but it may accept additional error codes if needed.  The
-// error message should be a developer-facing English message that helps
-// developers *understand* and *resolve* the error. If a localized user-facing
-// error message is needed, put the localized message in the error details or
-// localize it in the client. The optional error details may contain arbitrary
-// information about the error. There is a predefined set of error detail types
-// in the package `google.rpc` that can be used for common error conditions.
+// The `Status` message contains three pieces of data: error code, error
+// message, and error details. The error code should be an enum value of
+// [google.rpc.Code][google.rpc.Code], but it may accept additional error codes
+// if needed.  The error message should be a developer-facing English message
+// that helps developers *understand* and *resolve* the error. If a localized
+// user-facing error message is needed, put the localized message in the error
+// details or localize it in the client. The optional error details may contain
+// arbitrary information about the error. There is a predefined set of error
+// detail types in the package `google.rpc` that can be used for common error
+// conditions.
 //
 // # Language mapping
 //
@@ -78,12 +78,14 @@ option objc_class_prefix = "RPC";
 // - Logging. If some API errors are stored in logs, the message `Status` could
 //     be used directly after any stripping needed for security/privacy reasons.
 message Status {
-  // The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
+  // The status code, which should be an enum value of
+  // [google.rpc.Code][google.rpc.Code].
   int32 code = 1;
 
   // A developer-facing error message, which should be in English. Any
   // user-facing error message should be localized and sent in the
-  // [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
+  // [google.rpc.Status.details][google.rpc.Status.details] field, or localized
+  // by the client.
   string message = 2;
 
   // A list of messages that carry the error details.  There is a common set of
diff --git a/vendor/github.com/gogo/protobuf/LICENSE b/vendor/github.com/gogo/protobuf/LICENSE
index 7be0cc7b62cf0..f57de90da8ac3 100644
--- a/vendor/github.com/gogo/protobuf/LICENSE
+++ b/vendor/github.com/gogo/protobuf/LICENSE
@@ -1,7 +1,6 @@
-Protocol Buffers for Go with Gadgets
-
 Copyright (c) 2013, The GoGo Authors. All rights reserved.
-http://github.com/gogo/protobuf
+
+Protocol Buffers for Go with Gadgets
 
 Go support for Protocol Buffers - Google's data interchange format
 
diff --git a/vendor/github.com/gogo/protobuf/README b/vendor/github.com/gogo/protobuf/README
index 035426df559af..6af26af75d843 100644
--- a/vendor/github.com/gogo/protobuf/README
+++ b/vendor/github.com/gogo/protobuf/README
@@ -1,13 +1,18 @@
-GoGoProtobuf http://github.com/gogo/protobuf extends 
+Protocol Buffers for Go with Gadgets
+
+GoGoProtobuf http://github.com/gogo/protobuf extends
 GoProtobuf http://github.com/golang/protobuf
 
+Copyright (c) 2013, The GoGo Authors. All rights reserved.
+
+
 # Go support for Protocol Buffers
 
 Google's data interchange format.
 Copyright 2010 The Go Authors.
 https://github.com/golang/protobuf
 
-This package and the code it generates requires at least Go 1.4.
+This package and the code it generates requires at least Go 1.6.
 
 This software implements Go bindings for protocol buffers.  For
 information about protocol buffers themselves, see
@@ -24,11 +29,19 @@ To use this software, you must:
 	https://golang.org/doc/install
   for details or, if you are using gccgo, follow the instructions at
 	https://golang.org/doc/install/gccgo
-- Grab the code from the repository and install the proto package.
+- Grab the code from the repository and install the `proto` package.
   The simplest way is to run `go get -u github.com/golang/protobuf/protoc-gen-go`.
-  The compiler plugin, protoc-gen-go, will be installed in $GOBIN,
-  defaulting to $GOPATH/bin.  It must be in your $PATH for the protocol
-  compiler, protoc, to find it.
+  The compiler plugin, `protoc-gen-go`, will be installed in `$GOPATH/bin`
+  unless `$GOBIN` is set. It must be in your `$PATH` for the protocol
+  compiler, `protoc`, to find it.
+- If you need a particular version of `protoc-gen-go` (e.g., to match your
+  `proto` package version), one option is
+  ```shell
+  GIT_TAG="v1.2.0" # change as needed
+  go get -d -u github.com/golang/protobuf/protoc-gen-go
+  git -C "$(go env GOPATH)"/src/github.com/golang/protobuf checkout $GIT_TAG
+  go install github.com/golang/protobuf/protoc-gen-go
+  ```
 
 This software has two parts: a 'protocol compiler plugin' that
 generates Go source files that, once compiled, can access and manage
@@ -58,6 +71,45 @@ parameter set to the directory you want to output the Go code to.
 The generated files will be suffixed .pb.go.  See the Test code below
 for an example using such a file.
 
+## Packages and input paths ##
+
+The protocol buffer language has a concept of "packages" which does not
+correspond well to the Go notion of packages. In generated Go code,
+each source `.proto` file is associated with a single Go package. The
+name and import path for this package is specified with the `go_package`
+proto option:
+
+	option go_package = "github.com/gogo/protobuf/types";
+
+The protocol buffer compiler will attempt to derive a package name and
+import path if a `go_package` option is not present, but it is
+best to always specify one explicitly.
+
+There is a one-to-one relationship between source `.proto` files and
+generated `.pb.go` files, but any number of `.pb.go` files may be
+contained in the same Go package.
+
+The output name of a generated file is produced by replacing the
+`.proto` suffix with `.pb.go` (e.g., `foo.proto` produces `foo.pb.go`).
+However, the output directory is selected in one of two ways.  Let
+us say we have `inputs/x.proto` with a `go_package` option of
+`github.com/golang/protobuf/p`. The corresponding output file may
+be:
+
+- Relative to the import path:
+
+	protoc --gogo_out=. inputs/x.proto
+	# writes ./github.com/gogo/protobuf/p/x.pb.go
+
+  (This can work well with `--gogo_out=$GOPATH`.)
+
+- Relative to the input file:
+
+	protoc --gogo_out=paths=source_relative:. inputs/x.proto
+	# generate ./inputs/x.pb.go
+
+## Generated code ##
+
 The package comment for the proto library contains text describing
 the interface provided in Go for protocol buffers. Here is an edited
 version.
@@ -125,16 +177,13 @@ Consider file test.proto, containing
 ```proto
 	syntax = "proto2";
 	package example;
-	
+
 	enum FOO { X = 17; };
-	
+
 	message Test {
 	  required string label = 1;
 	  optional int32 type = 2 [default=77];
 	  repeated int64 reps = 3;
-	  optional group OptionalGroup = 4 {
-	    required string RequiredField = 5;
-	  }
 	}
 ```
 
@@ -151,13 +200,10 @@ To create and play with a Test object from the example package,
 	)
 
 	func main() {
-		test := &example.Test {
+		test := &example.Test{
 			Label: proto.String("hello"),
 			Type:  proto.Int32(17),
 			Reps:  []int64{1, 2, 3},
-			Optionalgroup: &example.Test_OptionalGroup {
-				RequiredField: proto.String("good bye"),
-			},
 		}
 		data, err := proto.Marshal(test)
 		if err != nil {
@@ -185,19 +231,23 @@ parameter list separated from the output directory by a colon:
 
 	protoc --gogo_out=plugins=grpc,import_path=mypackage:. *.proto
 
-
-- `import_prefix=xxx` - a prefix that is added onto the beginning of
-  all imports. Useful for things like generating protos in a
-  subdirectory, or regenerating vendored protobufs in-place.
-- `import_path=foo/bar` - used as the package if no input files
-  declare `go_package`. If it contains slashes, everything up to the
-  rightmost slash is ignored.
+- `paths=(import | source_relative)` - specifies how the paths of
+  generated files are structured. See the "Packages and imports paths"
+  section above. The default is `import`.
 - `plugins=plugin1+plugin2` - specifies the list of sub-plugins to
   load. The only plugin in this repo is `grpc`.
 - `Mfoo/bar.proto=quux/shme` - declares that foo/bar.proto is
   associated with Go package quux/shme.  This is subject to the
   import_prefix parameter.
 
+The following parameters are deprecated and should not be used:
+
+- `import_prefix=xxx` - a prefix that is added onto the beginning of
+  all imports.
+- `import_path=foo/bar` - used as the package if no input files
+  declare `go_package`. If it contains slashes, everything up to the
+  rightmost slash is ignored.
+
 ## gRPC Support ##
 
 If a proto file specifies RPC services, protoc-gen-go can be instructed to
@@ -251,8 +301,6 @@ generated code and declare a new package-level constant whose name incorporates
 the latest version number.  Removing a compatibility constant is considered a
 breaking change and would be subject to the announcement policy stated above.
 
-## Plugins ##
-
 The `protoc-gen-go/generator` package exposes a plugin interface,
 which is used by the gRPC code generation. This interface is not
 supported and is subject to incompatible changes without notice.
diff --git a/vendor/github.com/gogo/protobuf/Readme.md b/vendor/github.com/gogo/protobuf/Readme.md
index a4ad3eecd0656..e11dad70cf092 100644
--- a/vendor/github.com/gogo/protobuf/Readme.md
+++ b/vendor/github.com/gogo/protobuf/Readme.md
@@ -1,6 +1,9 @@
+[GoGo Protobuf looking for new ownership](https://github.com/gogo/protobuf/issues/691)
+
 # Protocol Buffers for Go with Gadgets
 
-[![Build Status](https://travis-ci.org/gogo/protobuf.svg?branch=master)](https://travis-ci.org/gogo/protobuf)
+[![Build Status](https://github.com/gogo/protobuf/workflows/Continuous%20Integration/badge.svg)](https://github.com/gogo/protobuf/actions)
+[![GoDoc](https://godoc.org/github.com/gogo/protobuf?status.svg)](http://godoc.org/github.com/gogo/protobuf)
 
 gogoprotobuf is a fork of <a href="https://github.com/golang/protobuf">golang/protobuf</a> with extra code generation features.
 
@@ -16,6 +19,18 @@ This code generation is used to achieve:
 Keeping track of how up to date gogoprotobuf is relative to golang/protobuf is done in this
 <a href="https://github.com/gogo/protobuf/issues/191">issue</a>
 
+## Release v1.3.0
+
+The project has updated to release v1.3.0. Check out the release notes <a href="https://github.com/gogo/protobuf/releases/tag/v1.3.0">here</a>.
+
+With this new release comes a new internal library version. This means any newly generated *pb.go files generated with the v1.3.0 library will not be compatible with the old library version (v1.2.1). However, current *pb.go files (generated with v1.2.1) should still work with the new library.
+
+Please make sure you manage your dependencies correctly when upgrading your project. If you are still using v1.2.1 and you update your dependencies, one of which could include a new *pb.go (generated with v1.3.0), you could get a compile time error.
+
+Our upstream repo, golang/protobuf, also had to go through this process in order to update their library version.
+Here is a link explaining <a href="https://github.com/golang/protobuf/issues/763#issuecomment-442434870">hermetic builds</a>.
+
+
 ## Users
 
 These projects use gogoprotobuf:
@@ -45,6 +60,11 @@ These projects use gogoprotobuf:
   - <a href="https://github.com/go-graphite">carbonzipper stack</a>
   - <a href="https://sendgrid.com/">sendgrid</a>
   - <a href="https://github.com/zero-os/0-stor">zero-os/0-stor</a>
+  - <a href="https://github.com/spacemeshos/go-spacemesh">go-spacemesh</a>
+  - <a href="https://github.com/weaveworks/cortex">cortex</a> - <a href="https://github.com/weaveworks/cortex/blob/fee02a59729d3771ef888f7bf0fd050e1197c56e/pkg/ingester/client/cortex.proto">sample proto file</a>
+  - <a href="http://skywalking.apache.org/">Apache SkyWalking APM</a> - Istio telemetry receiver based on Mixer bypass protocol
+  - <a href="https://github.com/hyperledger/burrow">Hyperledger Burrow</a> - a permissioned DLT framework
+  - <a href="https://github.com/iov-one/weave">IOV Weave</a> - a blockchain framework - <a href="https://github.com/iov-one/weave/tree/23f9856f1e316f93cb3d45d92c4c6a0c4810f6bf/spec/gogo">sample proto files</a>
 
 Please let us know if you are using gogoprotobuf by posting on our <a href="https://groups.google.com/forum/#!topic/gogoprotobuf/Brw76BxmFpQ">GoogleGroup</a>.
 
@@ -53,6 +73,12 @@ Please let us know if you are using gogoprotobuf by posting on our <a href="http
   - <a href="http://www.slideshare.net/albertstrasheim/serialization-in-go">Cloudflare - go serialization talk - Albert Strasheim</a>
   - <a href="https://youtu.be/4xB46Xl9O9Q?t=557">GopherCon 2014 Writing High Performance Databases in Go by Ben Johnson</a>
   - <a href="https://github.com/alecthomas/go_serialization_benchmarks">alecthomas' go serialization benchmarks</a>
+  - <a href="http://agniva.me/go/2017/11/18/gogoproto.html">Go faster with gogoproto - Agniva De Sarker</a>
+  - <a href="https://www.youtube.com/watch?v=CY9T020HLP8">Evolution of protobuf (Gource Visualization) - Landon Wilkins</a>
+  - <a href="https://fosdem.org/2018/schedule/event/gopherjs/">Creating GopherJS Apps with gRPC-Web - Johan Brandhorst</a>
+  - <a href="https://jbrandhorst.com/post/gogoproto/">So you want to use GoGo Protobuf - Johan Brandhorst</a>
+  - <a href="https://jbrandhorst.com/post/grpc-errors/">Advanced gRPC Error Usage - Johan Brandhorst</a>
+  - <a href="https://www.udemy.com/grpc-golang/?couponCode=GITHUB10">gRPC Golang Course on Udemy - Stephane Maarek</a>
 
 ## Getting Started
 
@@ -65,10 +91,11 @@ After that you can choose:
 
 ### Installation
 
-To install it, you must first have Go (at least version 1.6.3) installed (see [http://golang.org/doc/install](http://golang.org/doc/install)). Latest patch versions of Go 1.8, 1.9 and 1.10 are continuously tested.
+To install it, you must first have Go (at least version 1.6.3 or 1.9 if you are using gRPC) installed (see [http://golang.org/doc/install](http://golang.org/doc/install)).
+Latest patch versions of 1.12 and 1.15 are continuously tested.
 
 Next, install the standard protocol buffer implementation from [https://github.com/google/protobuf](https://github.com/google/protobuf).
-Most versions from 2.3.1 should not give any problems, but 2.6.1, 3.0.2 and 3.5.1 are continuously tested.
+Most versions from 2.3.1 should not give any problems, but 2.6.1, 3.0.2 and 3.14.0 are continuously tested.
 
 ### Speed
 
@@ -114,7 +141,7 @@ To use proto files from "google/protobuf" you need to add additional args to pro
     Mgoogle/protobuf/timestamp.proto=github.com/gogo/protobuf/types,\
     Mgoogle/protobuf/wrappers.proto=github.com/gogo/protobuf/types:. \
     myproto.proto
-    
+
 Note that in the protoc command, {binary} does not contain the initial prefix of "protoc-gen".
 
 ### Most Speed and most customization
@@ -137,3 +164,12 @@ It works the same as golang/protobuf, simply specify the plugin.
 Here is an example using gofast:
 
     protoc --gofast_out=plugins=grpc:. my.proto
+
+See [https://github.com/gogo/grpc-example](https://github.com/gogo/grpc-example) for an example of using gRPC with gogoprotobuf and the wider grpc-ecosystem.
+
+
+## License
+This software is licensed under the 3-Clause BSD License
+("BSD License 2.0", "Revised BSD License", "New BSD License", or "Modified BSD License").
+
+
diff --git a/vendor/github.com/gogo/protobuf/go.mod b/vendor/github.com/gogo/protobuf/go.mod
new file mode 100644
index 0000000000000..001b419c95dad
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/go.mod
@@ -0,0 +1,9 @@
+module github.com/gogo/protobuf
+
+go 1.15
+
+require (
+	github.com/kisielk/errcheck v1.5.0 // indirect
+	github.com/kisielk/gotool v1.0.0 // indirect
+	golang.org/x/tools v0.0.0-20210106214847-113979e3529a // indirect
+)
diff --git a/vendor/github.com/gogo/protobuf/gogoproto/doc.go b/vendor/github.com/gogo/protobuf/gogoproto/doc.go
index 147b5ecc62fda..081c86fa8ecba 100644
--- a/vendor/github.com/gogo/protobuf/gogoproto/doc.go
+++ b/vendor/github.com/gogo/protobuf/gogoproto/doc.go
@@ -162,7 +162,7 @@ The most complete way to see examples is to look at
 	github.com/gogo/protobuf/test/thetest.proto
 
 Gogoprototest is a seperate project,
-because we want to keep gogoprotobuf independant of goprotobuf,
+because we want to keep gogoprotobuf independent of goprotobuf,
 but we still want to test it thoroughly.
 
 */
diff --git a/vendor/github.com/gogo/protobuf/gogoproto/gogo.pb.go b/vendor/github.com/gogo/protobuf/gogoproto/gogo.pb.go
index 5765acb15300d..1e91766aeeae0 100644
--- a/vendor/github.com/gogo/protobuf/gogoproto/gogo.pb.go
+++ b/vendor/github.com/gogo/protobuf/gogoproto/gogo.pb.go
@@ -1,20 +1,14 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: gogo.proto
 
-/*
-Package gogoproto is a generated protocol buffer package.
-
-It is generated from these files:
-	gogo.proto
-
-It has these top-level messages:
-*/
 package gogoproto
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import google_protobuf "github.com/gogo/protobuf/protoc-gen-gogo/descriptor"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	descriptor "github.com/gogo/protobuf/protoc-gen-gogo/descriptor"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -25,46 +19,46 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 var E_GoprotoEnumPrefix = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.EnumOptions)(nil),
+	ExtendedType:  (*descriptor.EnumOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         62001,
 	Name:          "gogoproto.goproto_enum_prefix",
-	Tag:           "varint,62001,opt,name=goproto_enum_prefix,json=goprotoEnumPrefix",
+	Tag:           "varint,62001,opt,name=goproto_enum_prefix",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoEnumStringer = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.EnumOptions)(nil),
+	ExtendedType:  (*descriptor.EnumOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         62021,
 	Name:          "gogoproto.goproto_enum_stringer",
-	Tag:           "varint,62021,opt,name=goproto_enum_stringer,json=goprotoEnumStringer",
+	Tag:           "varint,62021,opt,name=goproto_enum_stringer",
 	Filename:      "gogo.proto",
 }
 
 var E_EnumStringer = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.EnumOptions)(nil),
+	ExtendedType:  (*descriptor.EnumOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         62022,
 	Name:          "gogoproto.enum_stringer",
-	Tag:           "varint,62022,opt,name=enum_stringer,json=enumStringer",
+	Tag:           "varint,62022,opt,name=enum_stringer",
 	Filename:      "gogo.proto",
 }
 
 var E_EnumCustomname = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.EnumOptions)(nil),
+	ExtendedType:  (*descriptor.EnumOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         62023,
 	Name:          "gogoproto.enum_customname",
-	Tag:           "bytes,62023,opt,name=enum_customname,json=enumCustomname",
+	Tag:           "bytes,62023,opt,name=enum_customname",
 	Filename:      "gogo.proto",
 }
 
 var E_Enumdecl = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.EnumOptions)(nil),
+	ExtendedType:  (*descriptor.EnumOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         62024,
 	Name:          "gogoproto.enumdecl",
@@ -73,304 +67,331 @@ var E_Enumdecl = &proto.ExtensionDesc{
 }
 
 var E_EnumvalueCustomname = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.EnumValueOptions)(nil),
+	ExtendedType:  (*descriptor.EnumValueOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         66001,
 	Name:          "gogoproto.enumvalue_customname",
-	Tag:           "bytes,66001,opt,name=enumvalue_customname,json=enumvalueCustomname",
+	Tag:           "bytes,66001,opt,name=enumvalue_customname",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoGettersAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63001,
 	Name:          "gogoproto.goproto_getters_all",
-	Tag:           "varint,63001,opt,name=goproto_getters_all,json=goprotoGettersAll",
+	Tag:           "varint,63001,opt,name=goproto_getters_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoEnumPrefixAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63002,
 	Name:          "gogoproto.goproto_enum_prefix_all",
-	Tag:           "varint,63002,opt,name=goproto_enum_prefix_all,json=goprotoEnumPrefixAll",
+	Tag:           "varint,63002,opt,name=goproto_enum_prefix_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoStringerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63003,
 	Name:          "gogoproto.goproto_stringer_all",
-	Tag:           "varint,63003,opt,name=goproto_stringer_all,json=goprotoStringerAll",
+	Tag:           "varint,63003,opt,name=goproto_stringer_all",
 	Filename:      "gogo.proto",
 }
 
 var E_VerboseEqualAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63004,
 	Name:          "gogoproto.verbose_equal_all",
-	Tag:           "varint,63004,opt,name=verbose_equal_all,json=verboseEqualAll",
+	Tag:           "varint,63004,opt,name=verbose_equal_all",
 	Filename:      "gogo.proto",
 }
 
 var E_FaceAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63005,
 	Name:          "gogoproto.face_all",
-	Tag:           "varint,63005,opt,name=face_all,json=faceAll",
+	Tag:           "varint,63005,opt,name=face_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GostringAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63006,
 	Name:          "gogoproto.gostring_all",
-	Tag:           "varint,63006,opt,name=gostring_all,json=gostringAll",
+	Tag:           "varint,63006,opt,name=gostring_all",
 	Filename:      "gogo.proto",
 }
 
 var E_PopulateAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63007,
 	Name:          "gogoproto.populate_all",
-	Tag:           "varint,63007,opt,name=populate_all,json=populateAll",
+	Tag:           "varint,63007,opt,name=populate_all",
 	Filename:      "gogo.proto",
 }
 
 var E_StringerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63008,
 	Name:          "gogoproto.stringer_all",
-	Tag:           "varint,63008,opt,name=stringer_all,json=stringerAll",
+	Tag:           "varint,63008,opt,name=stringer_all",
 	Filename:      "gogo.proto",
 }
 
 var E_OnlyoneAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63009,
 	Name:          "gogoproto.onlyone_all",
-	Tag:           "varint,63009,opt,name=onlyone_all,json=onlyoneAll",
+	Tag:           "varint,63009,opt,name=onlyone_all",
 	Filename:      "gogo.proto",
 }
 
 var E_EqualAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63013,
 	Name:          "gogoproto.equal_all",
-	Tag:           "varint,63013,opt,name=equal_all,json=equalAll",
+	Tag:           "varint,63013,opt,name=equal_all",
 	Filename:      "gogo.proto",
 }
 
 var E_DescriptionAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63014,
 	Name:          "gogoproto.description_all",
-	Tag:           "varint,63014,opt,name=description_all,json=descriptionAll",
+	Tag:           "varint,63014,opt,name=description_all",
 	Filename:      "gogo.proto",
 }
 
 var E_TestgenAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63015,
 	Name:          "gogoproto.testgen_all",
-	Tag:           "varint,63015,opt,name=testgen_all,json=testgenAll",
+	Tag:           "varint,63015,opt,name=testgen_all",
 	Filename:      "gogo.proto",
 }
 
 var E_BenchgenAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63016,
 	Name:          "gogoproto.benchgen_all",
-	Tag:           "varint,63016,opt,name=benchgen_all,json=benchgenAll",
+	Tag:           "varint,63016,opt,name=benchgen_all",
 	Filename:      "gogo.proto",
 }
 
 var E_MarshalerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63017,
 	Name:          "gogoproto.marshaler_all",
-	Tag:           "varint,63017,opt,name=marshaler_all,json=marshalerAll",
+	Tag:           "varint,63017,opt,name=marshaler_all",
 	Filename:      "gogo.proto",
 }
 
 var E_UnmarshalerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63018,
 	Name:          "gogoproto.unmarshaler_all",
-	Tag:           "varint,63018,opt,name=unmarshaler_all,json=unmarshalerAll",
+	Tag:           "varint,63018,opt,name=unmarshaler_all",
 	Filename:      "gogo.proto",
 }
 
 var E_StableMarshalerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63019,
 	Name:          "gogoproto.stable_marshaler_all",
-	Tag:           "varint,63019,opt,name=stable_marshaler_all,json=stableMarshalerAll",
+	Tag:           "varint,63019,opt,name=stable_marshaler_all",
 	Filename:      "gogo.proto",
 }
 
 var E_SizerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63020,
 	Name:          "gogoproto.sizer_all",
-	Tag:           "varint,63020,opt,name=sizer_all,json=sizerAll",
+	Tag:           "varint,63020,opt,name=sizer_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoEnumStringerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63021,
 	Name:          "gogoproto.goproto_enum_stringer_all",
-	Tag:           "varint,63021,opt,name=goproto_enum_stringer_all,json=goprotoEnumStringerAll",
+	Tag:           "varint,63021,opt,name=goproto_enum_stringer_all",
 	Filename:      "gogo.proto",
 }
 
 var E_EnumStringerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63022,
 	Name:          "gogoproto.enum_stringer_all",
-	Tag:           "varint,63022,opt,name=enum_stringer_all,json=enumStringerAll",
+	Tag:           "varint,63022,opt,name=enum_stringer_all",
 	Filename:      "gogo.proto",
 }
 
 var E_UnsafeMarshalerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63023,
 	Name:          "gogoproto.unsafe_marshaler_all",
-	Tag:           "varint,63023,opt,name=unsafe_marshaler_all,json=unsafeMarshalerAll",
+	Tag:           "varint,63023,opt,name=unsafe_marshaler_all",
 	Filename:      "gogo.proto",
 }
 
 var E_UnsafeUnmarshalerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63024,
 	Name:          "gogoproto.unsafe_unmarshaler_all",
-	Tag:           "varint,63024,opt,name=unsafe_unmarshaler_all,json=unsafeUnmarshalerAll",
+	Tag:           "varint,63024,opt,name=unsafe_unmarshaler_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoExtensionsMapAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63025,
 	Name:          "gogoproto.goproto_extensions_map_all",
-	Tag:           "varint,63025,opt,name=goproto_extensions_map_all,json=goprotoExtensionsMapAll",
+	Tag:           "varint,63025,opt,name=goproto_extensions_map_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoUnrecognizedAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63026,
 	Name:          "gogoproto.goproto_unrecognized_all",
-	Tag:           "varint,63026,opt,name=goproto_unrecognized_all,json=goprotoUnrecognizedAll",
+	Tag:           "varint,63026,opt,name=goproto_unrecognized_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GogoprotoImport = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63027,
 	Name:          "gogoproto.gogoproto_import",
-	Tag:           "varint,63027,opt,name=gogoproto_import,json=gogoprotoImport",
+	Tag:           "varint,63027,opt,name=gogoproto_import",
 	Filename:      "gogo.proto",
 }
 
 var E_ProtosizerAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63028,
 	Name:          "gogoproto.protosizer_all",
-	Tag:           "varint,63028,opt,name=protosizer_all,json=protosizerAll",
+	Tag:           "varint,63028,opt,name=protosizer_all",
 	Filename:      "gogo.proto",
 }
 
 var E_CompareAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63029,
 	Name:          "gogoproto.compare_all",
-	Tag:           "varint,63029,opt,name=compare_all,json=compareAll",
+	Tag:           "varint,63029,opt,name=compare_all",
 	Filename:      "gogo.proto",
 }
 
 var E_TypedeclAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63030,
 	Name:          "gogoproto.typedecl_all",
-	Tag:           "varint,63030,opt,name=typedecl_all,json=typedeclAll",
+	Tag:           "varint,63030,opt,name=typedecl_all",
 	Filename:      "gogo.proto",
 }
 
 var E_EnumdeclAll = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63031,
 	Name:          "gogoproto.enumdecl_all",
-	Tag:           "varint,63031,opt,name=enumdecl_all,json=enumdeclAll",
+	Tag:           "varint,63031,opt,name=enumdecl_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoRegistration = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FileOptions)(nil),
+	ExtendedType:  (*descriptor.FileOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         63032,
 	Name:          "gogoproto.goproto_registration",
-	Tag:           "varint,63032,opt,name=goproto_registration,json=goprotoRegistration",
+	Tag:           "varint,63032,opt,name=goproto_registration",
+	Filename:      "gogo.proto",
+}
+
+var E_MessagenameAll = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.FileOptions)(nil),
+	ExtensionType: (*bool)(nil),
+	Field:         63033,
+	Name:          "gogoproto.messagename_all",
+	Tag:           "varint,63033,opt,name=messagename_all",
+	Filename:      "gogo.proto",
+}
+
+var E_GoprotoSizecacheAll = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.FileOptions)(nil),
+	ExtensionType: (*bool)(nil),
+	Field:         63034,
+	Name:          "gogoproto.goproto_sizecache_all",
+	Tag:           "varint,63034,opt,name=goproto_sizecache_all",
+	Filename:      "gogo.proto",
+}
+
+var E_GoprotoUnkeyedAll = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.FileOptions)(nil),
+	ExtensionType: (*bool)(nil),
+	Field:         63035,
+	Name:          "gogoproto.goproto_unkeyed_all",
+	Tag:           "varint,63035,opt,name=goproto_unkeyed_all",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoGetters = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64001,
 	Name:          "gogoproto.goproto_getters",
-	Tag:           "varint,64001,opt,name=goproto_getters,json=goprotoGetters",
+	Tag:           "varint,64001,opt,name=goproto_getters",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoStringer = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64003,
 	Name:          "gogoproto.goproto_stringer",
-	Tag:           "varint,64003,opt,name=goproto_stringer,json=goprotoStringer",
+	Tag:           "varint,64003,opt,name=goproto_stringer",
 	Filename:      "gogo.proto",
 }
 
 var E_VerboseEqual = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64004,
 	Name:          "gogoproto.verbose_equal",
-	Tag:           "varint,64004,opt,name=verbose_equal,json=verboseEqual",
+	Tag:           "varint,64004,opt,name=verbose_equal",
 	Filename:      "gogo.proto",
 }
 
 var E_Face = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64005,
 	Name:          "gogoproto.face",
@@ -379,7 +400,7 @@ var E_Face = &proto.ExtensionDesc{
 }
 
 var E_Gostring = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64006,
 	Name:          "gogoproto.gostring",
@@ -388,7 +409,7 @@ var E_Gostring = &proto.ExtensionDesc{
 }
 
 var E_Populate = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64007,
 	Name:          "gogoproto.populate",
@@ -397,7 +418,7 @@ var E_Populate = &proto.ExtensionDesc{
 }
 
 var E_Stringer = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         67008,
 	Name:          "gogoproto.stringer",
@@ -406,7 +427,7 @@ var E_Stringer = &proto.ExtensionDesc{
 }
 
 var E_Onlyone = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64009,
 	Name:          "gogoproto.onlyone",
@@ -415,7 +436,7 @@ var E_Onlyone = &proto.ExtensionDesc{
 }
 
 var E_Equal = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64013,
 	Name:          "gogoproto.equal",
@@ -424,7 +445,7 @@ var E_Equal = &proto.ExtensionDesc{
 }
 
 var E_Description = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64014,
 	Name:          "gogoproto.description",
@@ -433,7 +454,7 @@ var E_Description = &proto.ExtensionDesc{
 }
 
 var E_Testgen = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64015,
 	Name:          "gogoproto.testgen",
@@ -442,7 +463,7 @@ var E_Testgen = &proto.ExtensionDesc{
 }
 
 var E_Benchgen = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64016,
 	Name:          "gogoproto.benchgen",
@@ -451,7 +472,7 @@ var E_Benchgen = &proto.ExtensionDesc{
 }
 
 var E_Marshaler = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64017,
 	Name:          "gogoproto.marshaler",
@@ -460,7 +481,7 @@ var E_Marshaler = &proto.ExtensionDesc{
 }
 
 var E_Unmarshaler = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64018,
 	Name:          "gogoproto.unmarshaler",
@@ -469,16 +490,16 @@ var E_Unmarshaler = &proto.ExtensionDesc{
 }
 
 var E_StableMarshaler = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64019,
 	Name:          "gogoproto.stable_marshaler",
-	Tag:           "varint,64019,opt,name=stable_marshaler,json=stableMarshaler",
+	Tag:           "varint,64019,opt,name=stable_marshaler",
 	Filename:      "gogo.proto",
 }
 
 var E_Sizer = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64020,
 	Name:          "gogoproto.sizer",
@@ -487,43 +508,43 @@ var E_Sizer = &proto.ExtensionDesc{
 }
 
 var E_UnsafeMarshaler = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64023,
 	Name:          "gogoproto.unsafe_marshaler",
-	Tag:           "varint,64023,opt,name=unsafe_marshaler,json=unsafeMarshaler",
+	Tag:           "varint,64023,opt,name=unsafe_marshaler",
 	Filename:      "gogo.proto",
 }
 
 var E_UnsafeUnmarshaler = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64024,
 	Name:          "gogoproto.unsafe_unmarshaler",
-	Tag:           "varint,64024,opt,name=unsafe_unmarshaler,json=unsafeUnmarshaler",
+	Tag:           "varint,64024,opt,name=unsafe_unmarshaler",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoExtensionsMap = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64025,
 	Name:          "gogoproto.goproto_extensions_map",
-	Tag:           "varint,64025,opt,name=goproto_extensions_map,json=goprotoExtensionsMap",
+	Tag:           "varint,64025,opt,name=goproto_extensions_map",
 	Filename:      "gogo.proto",
 }
 
 var E_GoprotoUnrecognized = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64026,
 	Name:          "gogoproto.goproto_unrecognized",
-	Tag:           "varint,64026,opt,name=goproto_unrecognized,json=goprotoUnrecognized",
+	Tag:           "varint,64026,opt,name=goproto_unrecognized",
 	Filename:      "gogo.proto",
 }
 
 var E_Protosizer = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64028,
 	Name:          "gogoproto.protosizer",
@@ -532,7 +553,7 @@ var E_Protosizer = &proto.ExtensionDesc{
 }
 
 var E_Compare = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64029,
 	Name:          "gogoproto.compare",
@@ -541,7 +562,7 @@ var E_Compare = &proto.ExtensionDesc{
 }
 
 var E_Typedecl = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.MessageOptions)(nil),
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         64030,
 	Name:          "gogoproto.typedecl",
@@ -549,8 +570,35 @@ var E_Typedecl = &proto.ExtensionDesc{
 	Filename:      "gogo.proto",
 }
 
+var E_Messagename = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
+	ExtensionType: (*bool)(nil),
+	Field:         64033,
+	Name:          "gogoproto.messagename",
+	Tag:           "varint,64033,opt,name=messagename",
+	Filename:      "gogo.proto",
+}
+
+var E_GoprotoSizecache = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
+	ExtensionType: (*bool)(nil),
+	Field:         64034,
+	Name:          "gogoproto.goproto_sizecache",
+	Tag:           "varint,64034,opt,name=goproto_sizecache",
+	Filename:      "gogo.proto",
+}
+
+var E_GoprotoUnkeyed = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
+	ExtensionType: (*bool)(nil),
+	Field:         64035,
+	Name:          "gogoproto.goproto_unkeyed",
+	Tag:           "varint,64035,opt,name=goproto_unkeyed",
+	Filename:      "gogo.proto",
+}
+
 var E_Nullable = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         65001,
 	Name:          "gogoproto.nullable",
@@ -559,7 +607,7 @@ var E_Nullable = &proto.ExtensionDesc{
 }
 
 var E_Embed = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         65002,
 	Name:          "gogoproto.embed",
@@ -568,7 +616,7 @@ var E_Embed = &proto.ExtensionDesc{
 }
 
 var E_Customtype = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         65003,
 	Name:          "gogoproto.customtype",
@@ -577,7 +625,7 @@ var E_Customtype = &proto.ExtensionDesc{
 }
 
 var E_Customname = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         65004,
 	Name:          "gogoproto.customname",
@@ -586,7 +634,7 @@ var E_Customname = &proto.ExtensionDesc{
 }
 
 var E_Jsontag = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         65005,
 	Name:          "gogoproto.jsontag",
@@ -595,7 +643,7 @@ var E_Jsontag = &proto.ExtensionDesc{
 }
 
 var E_Moretags = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         65006,
 	Name:          "gogoproto.moretags",
@@ -604,7 +652,7 @@ var E_Moretags = &proto.ExtensionDesc{
 }
 
 var E_Casttype = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         65007,
 	Name:          "gogoproto.casttype",
@@ -613,7 +661,7 @@ var E_Casttype = &proto.ExtensionDesc{
 }
 
 var E_Castkey = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         65008,
 	Name:          "gogoproto.castkey",
@@ -622,7 +670,7 @@ var E_Castkey = &proto.ExtensionDesc{
 }
 
 var E_Castvalue = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*string)(nil),
 	Field:         65009,
 	Name:          "gogoproto.castvalue",
@@ -631,7 +679,7 @@ var E_Castvalue = &proto.ExtensionDesc{
 }
 
 var E_Stdtime = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         65010,
 	Name:          "gogoproto.stdtime",
@@ -640,7 +688,7 @@ var E_Stdtime = &proto.ExtensionDesc{
 }
 
 var E_Stdduration = &proto.ExtensionDesc{
-	ExtendedType:  (*google_protobuf.FieldOptions)(nil),
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
 	ExtensionType: (*bool)(nil),
 	Field:         65011,
 	Name:          "gogoproto.stdduration",
@@ -648,6 +696,15 @@ var E_Stdduration = &proto.ExtensionDesc{
 	Filename:      "gogo.proto",
 }
 
+var E_Wktpointer = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
+	ExtensionType: (*bool)(nil),
+	Field:         65012,
+	Name:          "gogoproto.wktpointer",
+	Tag:           "varint,65012,opt,name=wktpointer",
+	Filename:      "gogo.proto",
+}
+
 func init() {
 	proto.RegisterExtension(E_GoprotoEnumPrefix)
 	proto.RegisterExtension(E_GoprotoEnumStringer)
@@ -684,6 +741,9 @@ func init() {
 	proto.RegisterExtension(E_TypedeclAll)
 	proto.RegisterExtension(E_EnumdeclAll)
 	proto.RegisterExtension(E_GoprotoRegistration)
+	proto.RegisterExtension(E_MessagenameAll)
+	proto.RegisterExtension(E_GoprotoSizecacheAll)
+	proto.RegisterExtension(E_GoprotoUnkeyedAll)
 	proto.RegisterExtension(E_GoprotoGetters)
 	proto.RegisterExtension(E_GoprotoStringer)
 	proto.RegisterExtension(E_VerboseEqual)
@@ -707,6 +767,9 @@ func init() {
 	proto.RegisterExtension(E_Protosizer)
 	proto.RegisterExtension(E_Compare)
 	proto.RegisterExtension(E_Typedecl)
+	proto.RegisterExtension(E_Messagename)
+	proto.RegisterExtension(E_GoprotoSizecache)
+	proto.RegisterExtension(E_GoprotoUnkeyed)
 	proto.RegisterExtension(E_Nullable)
 	proto.RegisterExtension(E_Embed)
 	proto.RegisterExtension(E_Customtype)
@@ -718,87 +781,94 @@ func init() {
 	proto.RegisterExtension(E_Castvalue)
 	proto.RegisterExtension(E_Stdtime)
 	proto.RegisterExtension(E_Stdduration)
-}
-
-func init() { proto.RegisterFile("gogo.proto", fileDescriptorGogo) }
-
-var fileDescriptorGogo = []byte{
-	// 1220 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x98, 0x4b, 0x6f, 0x1c, 0x45,
-	0x10, 0x80, 0x85, 0x48, 0x14, 0x6f, 0xd9, 0x8e, 0xf1, 0xda, 0x98, 0x10, 0x81, 0x08, 0x9c, 0x38,
-	0xd9, 0xa7, 0x08, 0xa5, 0xad, 0xc8, 0x72, 0x2c, 0xc7, 0x4a, 0x84, 0xc1, 0x98, 0x38, 0xbc, 0x0e,
-	0xab, 0xd9, 0xdd, 0xf6, 0x78, 0x60, 0x66, 0x7a, 0x98, 0xe9, 0x89, 0xe2, 0xdc, 0x50, 0x78, 0x08,
-	0x21, 0xde, 0x48, 0x90, 0x90, 0x04, 0x38, 0xf0, 0x7e, 0x86, 0xf7, 0x91, 0x0b, 0x8f, 0x2b, 0xff,
-	0x81, 0x0b, 0x60, 0xde, 0xbe, 0xf9, 0x82, 0x6a, 0xb6, 0x6a, 0xb6, 0x67, 0xbd, 0x52, 0xf7, 0xde,
-	0xc6, 0xeb, 0xfe, 0xbe, 0xad, 0xa9, 0x9a, 0xae, 0xea, 0x59, 0x00, 0x5f, 0xf9, 0x6a, 0x3a, 0x49,
-	0x95, 0x56, 0xf5, 0x1a, 0x5e, 0x17, 0x97, 0x07, 0x0f, 0xf9, 0x4a, 0xf9, 0xa1, 0x9c, 0x29, 0xfe,
-	0x6a, 0xe6, 0xeb, 0x33, 0x6d, 0x99, 0xb5, 0xd2, 0x20, 0xd1, 0x2a, 0xed, 0x2c, 0x16, 0x77, 0xc1,
-	0x04, 0x2d, 0x6e, 0xc8, 0x38, 0x8f, 0x1a, 0x49, 0x2a, 0xd7, 0x83, 0xb3, 0xf5, 0x9b, 0xa6, 0x3b,
-	0xe4, 0x34, 0x93, 0xd3, 0x8b, 0x71, 0x1e, 0xdd, 0x9d, 0xe8, 0x40, 0xc5, 0xd9, 0x81, 0xab, 0xbf,
-	0x5c, 0x7b, 0xe8, 0x9a, 0xdb, 0x87, 0x56, 0xc7, 0x09, 0xc5, 0xff, 0xad, 0x14, 0xa0, 0x58, 0x85,
-	0xeb, 0x2b, 0xbe, 0x4c, 0xa7, 0x41, 0xec, 0xcb, 0xd4, 0x62, 0xfc, 0x9e, 0x8c, 0x13, 0x86, 0xf1,
-	0x5e, 0x42, 0xc5, 0x02, 0x8c, 0x0e, 0xe2, 0xfa, 0x81, 0x5c, 0x23, 0xd2, 0x94, 0x2c, 0xc1, 0x58,
-	0x21, 0x69, 0xe5, 0x99, 0x56, 0x51, 0xec, 0x45, 0xd2, 0xa2, 0xf9, 0xb1, 0xd0, 0xd4, 0x56, 0xf7,
-	0x23, 0xb6, 0x50, 0x52, 0x42, 0xc0, 0x10, 0x7e, 0xd2, 0x96, 0xad, 0xd0, 0x62, 0xf8, 0x89, 0x02,
-	0x29, 0xd7, 0x8b, 0xd3, 0x30, 0x89, 0xd7, 0x67, 0xbc, 0x30, 0x97, 0x66, 0x24, 0xb7, 0xf6, 0xf5,
-	0x9c, 0xc6, 0x65, 0x2c, 0xfb, 0xf9, 0xfc, 0x9e, 0x22, 0x9c, 0x89, 0x52, 0x60, 0xc4, 0x64, 0x54,
-	0xd1, 0x97, 0x5a, 0xcb, 0x34, 0x6b, 0x78, 0x61, 0xbf, 0xf0, 0x8e, 0x07, 0x61, 0x69, 0xbc, 0xb0,
-	0x55, 0xad, 0xe2, 0x52, 0x87, 0x9c, 0x0f, 0x43, 0xb1, 0x06, 0x37, 0xf4, 0x79, 0x2a, 0x1c, 0x9c,
-	0x17, 0xc9, 0x39, 0xb9, 0xeb, 0xc9, 0x40, 0xed, 0x0a, 0xf0, 0xe7, 0x65, 0x2d, 0x1d, 0x9c, 0xaf,
-	0x93, 0xb3, 0x4e, 0x2c, 0x97, 0x14, 0x8d, 0x27, 0x61, 0xfc, 0x8c, 0x4c, 0x9b, 0x2a, 0x93, 0x0d,
-	0xf9, 0x68, 0xee, 0x85, 0x0e, 0xba, 0x4b, 0xa4, 0x1b, 0x23, 0x70, 0x11, 0x39, 0x74, 0x1d, 0x81,
-	0xa1, 0x75, 0xaf, 0x25, 0x1d, 0x14, 0x97, 0x49, 0xb1, 0x0f, 0xd7, 0x23, 0x3a, 0x0f, 0x23, 0xbe,
-	0xea, 0xdc, 0x92, 0x03, 0x7e, 0x85, 0xf0, 0x61, 0x66, 0x48, 0x91, 0xa8, 0x24, 0x0f, 0x3d, 0xed,
-	0x12, 0xc1, 0x1b, 0xac, 0x60, 0x86, 0x14, 0x03, 0xa4, 0xf5, 0x4d, 0x56, 0x64, 0x46, 0x3e, 0xe7,
-	0x60, 0x58, 0xc5, 0xe1, 0xa6, 0x8a, 0x5d, 0x82, 0x78, 0x8b, 0x0c, 0x40, 0x08, 0x0a, 0x66, 0xa1,
-	0xe6, 0x5a, 0x88, 0xb7, 0xb7, 0x78, 0x7b, 0x70, 0x05, 0x96, 0x60, 0x8c, 0x1b, 0x54, 0xa0, 0x62,
-	0x07, 0xc5, 0x3b, 0xa4, 0xd8, 0x6f, 0x60, 0x74, 0x1b, 0x5a, 0x66, 0xda, 0x97, 0x2e, 0x92, 0x77,
-	0xf9, 0x36, 0x08, 0xa1, 0x54, 0x36, 0x65, 0xdc, 0xda, 0x70, 0x33, 0xbc, 0xc7, 0xa9, 0x64, 0x06,
-	0x15, 0x0b, 0x30, 0x1a, 0x79, 0x69, 0xb6, 0xe1, 0x85, 0x4e, 0xe5, 0x78, 0x9f, 0x1c, 0x23, 0x25,
-	0x44, 0x19, 0xc9, 0xe3, 0x41, 0x34, 0x1f, 0x70, 0x46, 0x0c, 0x8c, 0xb6, 0x5e, 0xa6, 0xbd, 0x66,
-	0x28, 0x1b, 0x83, 0xd8, 0x3e, 0xe4, 0xad, 0xd7, 0x61, 0x97, 0x4d, 0xe3, 0x2c, 0xd4, 0xb2, 0xe0,
-	0x9c, 0x93, 0xe6, 0x23, 0xae, 0x74, 0x01, 0x20, 0xfc, 0x00, 0xdc, 0xd8, 0x77, 0x4c, 0x38, 0xc8,
-	0x3e, 0x26, 0xd9, 0x54, 0x9f, 0x51, 0x41, 0x2d, 0x61, 0x50, 0xe5, 0x27, 0xdc, 0x12, 0x64, 0x8f,
-	0x6b, 0x05, 0x26, 0xf3, 0x38, 0xf3, 0xd6, 0x07, 0xcb, 0xda, 0xa7, 0x9c, 0xb5, 0x0e, 0x5b, 0xc9,
-	0xda, 0x29, 0x98, 0x22, 0xe3, 0x60, 0x75, 0xfd, 0x8c, 0x1b, 0x6b, 0x87, 0x5e, 0xab, 0x56, 0xf7,
-	0x21, 0x38, 0x58, 0xa6, 0xf3, 0xac, 0x96, 0x71, 0x86, 0x4c, 0x23, 0xf2, 0x12, 0x07, 0xf3, 0x55,
-	0x32, 0x73, 0xc7, 0x5f, 0x2c, 0x05, 0xcb, 0x5e, 0x82, 0xf2, 0xfb, 0xe1, 0x00, 0xcb, 0xf3, 0x38,
-	0x95, 0x2d, 0xe5, 0xc7, 0xc1, 0x39, 0xd9, 0x76, 0x50, 0x7f, 0xde, 0x53, 0xaa, 0x35, 0x03, 0x47,
-	0xf3, 0x09, 0xb8, 0xae, 0x3c, 0xab, 0x34, 0x82, 0x28, 0x51, 0xa9, 0xb6, 0x18, 0xbf, 0xe0, 0x4a,
-	0x95, 0xdc, 0x89, 0x02, 0x13, 0x8b, 0xb0, 0xbf, 0xf8, 0xd3, 0xf5, 0x91, 0xfc, 0x92, 0x44, 0xa3,
-	0x5d, 0x8a, 0x1a, 0x47, 0x4b, 0x45, 0x89, 0x97, 0xba, 0xf4, 0xbf, 0xaf, 0xb8, 0x71, 0x10, 0x42,
-	0x8d, 0x43, 0x6f, 0x26, 0x12, 0xa7, 0xbd, 0x83, 0xe1, 0x6b, 0x6e, 0x1c, 0xcc, 0x90, 0x82, 0x0f,
-	0x0c, 0x0e, 0x8a, 0x6f, 0x58, 0xc1, 0x0c, 0x2a, 0xee, 0xe9, 0x0e, 0xda, 0x54, 0xfa, 0x41, 0xa6,
-	0x53, 0x0f, 0x57, 0x5b, 0x54, 0xdf, 0x6e, 0x55, 0x0f, 0x61, 0xab, 0x06, 0x2a, 0x4e, 0xc2, 0x58,
-	0xcf, 0x11, 0xa3, 0x7e, 0xcb, 0x2e, 0xdb, 0xb2, 0xcc, 0x32, 0xcf, 0x2f, 0x85, 0x8f, 0x6d, 0x53,
-	0x33, 0xaa, 0x9e, 0x30, 0xc4, 0x9d, 0x58, 0xf7, 0xea, 0x39, 0xc0, 0x2e, 0x3b, 0xbf, 0x5d, 0x96,
-	0xbe, 0x72, 0x0c, 0x10, 0xc7, 0x61, 0xb4, 0x72, 0x06, 0xb0, 0xab, 0x1e, 0x27, 0xd5, 0x88, 0x79,
-	0x04, 0x10, 0x87, 0x61, 0x0f, 0xce, 0x73, 0x3b, 0xfe, 0x04, 0xe1, 0xc5, 0x72, 0x71, 0x14, 0x86,
-	0x78, 0x8e, 0xdb, 0xd1, 0x27, 0x09, 0x2d, 0x11, 0xc4, 0x79, 0x86, 0xdb, 0xf1, 0xa7, 0x18, 0x67,
-	0x04, 0x71, 0xf7, 0x14, 0x7e, 0xf7, 0xcc, 0x1e, 0xea, 0xc3, 0x9c, 0xbb, 0x59, 0xd8, 0x47, 0xc3,
-	0xdb, 0x4e, 0x3f, 0x4d, 0x5f, 0xce, 0x84, 0xb8, 0x03, 0xf6, 0x3a, 0x26, 0xfc, 0x59, 0x42, 0x3b,
-	0xeb, 0xc5, 0x02, 0x0c, 0x1b, 0x03, 0xdb, 0x8e, 0x3f, 0x47, 0xb8, 0x49, 0x61, 0xe8, 0x34, 0xb0,
-	0xed, 0x82, 0xe7, 0x39, 0x74, 0x22, 0x30, 0x6d, 0x3c, 0xab, 0xed, 0xf4, 0x0b, 0x9c, 0x75, 0x46,
-	0xc4, 0x1c, 0xd4, 0xca, 0xfe, 0x6b, 0xe7, 0x5f, 0x24, 0xbe, 0xcb, 0x60, 0x06, 0x8c, 0xfe, 0x6f,
-	0x57, 0xbc, 0xc4, 0x19, 0x30, 0x28, 0xdc, 0x46, 0xbd, 0x33, 0xdd, 0x6e, 0x7a, 0x99, 0xb7, 0x51,
-	0xcf, 0x48, 0xc7, 0x6a, 0x16, 0x6d, 0xd0, 0xae, 0x78, 0x85, 0xab, 0x59, 0xac, 0xc7, 0x30, 0x7a,
-	0x87, 0xa4, 0xdd, 0xf1, 0x2a, 0x87, 0xd1, 0x33, 0x23, 0xc5, 0x0a, 0xd4, 0x77, 0x0f, 0x48, 0xbb,
-	0xef, 0x35, 0xf2, 0x8d, 0xef, 0x9a, 0x8f, 0xe2, 0x3e, 0x98, 0xea, 0x3f, 0x1c, 0xed, 0xd6, 0x0b,
-	0xdb, 0x3d, 0xaf, 0x33, 0xe6, 0x6c, 0x14, 0xa7, 0xba, 0x5d, 0xd6, 0x1c, 0x8c, 0x76, 0xed, 0xc5,
-	0xed, 0x6a, 0xa3, 0x35, 0xe7, 0xa2, 0x98, 0x07, 0xe8, 0xce, 0x24, 0xbb, 0xeb, 0x12, 0xb9, 0x0c,
-	0x08, 0xb7, 0x06, 0x8d, 0x24, 0x3b, 0x7f, 0x99, 0xb7, 0x06, 0x11, 0xb8, 0x35, 0x78, 0x1a, 0xd9,
-	0xe9, 0x2b, 0xbc, 0x35, 0x18, 0x11, 0xb3, 0x30, 0x14, 0xe7, 0x61, 0x88, 0xcf, 0x56, 0xfd, 0xe6,
-	0x3e, 0xe3, 0x46, 0x86, 0x6d, 0x86, 0x7f, 0xdd, 0x21, 0x98, 0x01, 0x71, 0x18, 0xf6, 0xca, 0xa8,
-	0x29, 0xdb, 0x36, 0xf2, 0xb7, 0x1d, 0xee, 0x27, 0xb8, 0x5a, 0xcc, 0x01, 0x74, 0x5e, 0xa6, 0x31,
-	0x0a, 0x1b, 0xfb, 0xfb, 0x4e, 0xe7, 0xbd, 0xde, 0x40, 0xba, 0x82, 0xe2, 0x6d, 0xdc, 0x22, 0xd8,
-	0xaa, 0x0a, 0x8a, 0x17, 0xf0, 0x23, 0xb0, 0xef, 0xe1, 0x4c, 0xc5, 0xda, 0xf3, 0x6d, 0xf4, 0x1f,
-	0x44, 0xf3, 0x7a, 0x4c, 0x58, 0xa4, 0x52, 0xa9, 0x3d, 0x3f, 0xb3, 0xb1, 0x7f, 0x12, 0x5b, 0x02,
-	0x08, 0xb7, 0xbc, 0x4c, 0xbb, 0xdc, 0xf7, 0x5f, 0x0c, 0x33, 0x80, 0x41, 0xe3, 0xf5, 0x23, 0x72,
-	0xd3, 0xc6, 0xfe, 0xcd, 0x41, 0xd3, 0x7a, 0x71, 0x14, 0x6a, 0x78, 0x59, 0xfc, 0x0e, 0x61, 0x83,
-	0xff, 0x21, 0xb8, 0x4b, 0xe0, 0x37, 0x67, 0xba, 0xad, 0x03, 0x7b, 0xb2, 0xff, 0xa5, 0x4a, 0xf3,
-	0x7a, 0x31, 0x0f, 0xc3, 0x99, 0x6e, 0xb7, 0x73, 0x3a, 0xd1, 0x58, 0xf0, 0xff, 0x76, 0xca, 0x97,
-	0xdc, 0x92, 0x39, 0xb6, 0x08, 0x13, 0x2d, 0x15, 0xf5, 0x82, 0xc7, 0x60, 0x49, 0x2d, 0xa9, 0x95,
-	0x62, 0x17, 0x3d, 0x78, 0x9b, 0x1f, 0xe8, 0x8d, 0xbc, 0x39, 0xdd, 0x52, 0xd1, 0x0c, 0x1e, 0x35,
-	0xbb, 0xbf, 0xa0, 0x95, 0x07, 0xcf, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, 0xed, 0x5f, 0x6c, 0x20,
-	0x74, 0x13, 0x00, 0x00,
+	proto.RegisterExtension(E_Wktpointer)
+}
+
+func init() { proto.RegisterFile("gogo.proto", fileDescriptor_592445b5231bc2b9) }
+
+var fileDescriptor_592445b5231bc2b9 = []byte{
+	// 1328 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x98, 0x49, 0x6f, 0x1c, 0x45,
+	0x14, 0x80, 0x85, 0x48, 0x64, 0x4f, 0x79, 0x8b, 0xc7, 0xc6, 0x84, 0x08, 0x44, 0xe0, 0xc4, 0xc9,
+	0x3e, 0x45, 0x28, 0x65, 0x45, 0x96, 0x63, 0x39, 0x56, 0x10, 0x0e, 0xc6, 0x89, 0xc3, 0x76, 0x18,
+	0xf5, 0xf4, 0x94, 0xdb, 0x8d, 0xbb, 0xbb, 0x9a, 0xee, 0xea, 0x10, 0xe7, 0x86, 0xc2, 0x22, 0x84,
+	0xd8, 0x91, 0x20, 0x21, 0x09, 0x04, 0xc4, 0xbe, 0x86, 0x7d, 0xb9, 0x70, 0x61, 0xb9, 0xf2, 0x1f,
+	0xb8, 0x00, 0x66, 0xf7, 0xcd, 0x17, 0xf4, 0xba, 0xdf, 0xeb, 0xa9, 0x69, 0x8f, 0x54, 0x35, 0xb7,
+	0xf6, 0xb8, 0xbe, 0x6f, 0xaa, 0xdf, 0xeb, 0x7a, 0xef, 0x4d, 0x33, 0xe6, 0x49, 0x4f, 0x4e, 0xc6,
+	0x89, 0x54, 0xb2, 0x5e, 0x83, 0xeb, 0xfc, 0x72, 0xdf, 0x7e, 0x4f, 0x4a, 0x2f, 0x10, 0x53, 0xf9,
+	0x5f, 0xcd, 0x6c, 0x75, 0xaa, 0x25, 0x52, 0x37, 0xf1, 0x63, 0x25, 0x93, 0x62, 0x31, 0x3f, 0xc6,
+	0xc6, 0x70, 0x71, 0x43, 0x44, 0x59, 0xd8, 0x88, 0x13, 0xb1, 0xea, 0x9f, 0xae, 0x5f, 0x3f, 0x59,
+	0x90, 0x93, 0x44, 0x4e, 0xce, 0x47, 0x59, 0x78, 0x47, 0xac, 0x7c, 0x19, 0xa5, 0x7b, 0xaf, 0xfc,
+	0x72, 0xf5, 0xfe, 0xab, 0x6e, 0xe9, 0x5f, 0x1e, 0x45, 0x14, 0xfe, 0xb7, 0x94, 0x83, 0x7c, 0x99,
+	0x5d, 0xd3, 0xe1, 0x4b, 0x55, 0xe2, 0x47, 0x9e, 0x48, 0x0c, 0xc6, 0xef, 0xd1, 0x38, 0xa6, 0x19,
+	0x8f, 0x23, 0xca, 0xe7, 0xd8, 0x50, 0x2f, 0xae, 0x1f, 0xd0, 0x35, 0x28, 0x74, 0xc9, 0x02, 0x1b,
+	0xc9, 0x25, 0x6e, 0x96, 0x2a, 0x19, 0x46, 0x4e, 0x28, 0x0c, 0x9a, 0x1f, 0x73, 0x4d, 0x6d, 0x79,
+	0x18, 0xb0, 0xb9, 0x92, 0xe2, 0x9c, 0xf5, 0xc3, 0x27, 0x2d, 0xe1, 0x06, 0x06, 0xc3, 0x4f, 0xb8,
+	0x91, 0x72, 0x3d, 0x3f, 0xc9, 0xc6, 0xe1, 0xfa, 0x94, 0x13, 0x64, 0x42, 0xdf, 0xc9, 0x4d, 0x5d,
+	0x3d, 0x27, 0x61, 0x19, 0xc9, 0x7e, 0x3e, 0xbb, 0x2b, 0xdf, 0xce, 0x58, 0x29, 0xd0, 0xf6, 0xa4,
+	0x65, 0xd1, 0x13, 0x4a, 0x89, 0x24, 0x6d, 0x38, 0x41, 0xb7, 0xed, 0x1d, 0xf1, 0x83, 0xd2, 0x78,
+	0x6e, 0xb3, 0x33, 0x8b, 0x0b, 0x05, 0x39, 0x1b, 0x04, 0x7c, 0x85, 0x5d, 0xdb, 0xe5, 0xa9, 0xb0,
+	0x70, 0x9e, 0x47, 0xe7, 0xf8, 0x8e, 0x27, 0x03, 0xb4, 0x4b, 0x8c, 0x3e, 0x2f, 0x73, 0x69, 0xe1,
+	0x7c, 0x19, 0x9d, 0x75, 0x64, 0x29, 0xa5, 0x60, 0xbc, 0x8d, 0x8d, 0x9e, 0x12, 0x49, 0x53, 0xa6,
+	0xa2, 0x21, 0x1e, 0xc8, 0x9c, 0xc0, 0x42, 0x77, 0x01, 0x75, 0x23, 0x08, 0xce, 0x03, 0x07, 0xae,
+	0x83, 0xac, 0x7f, 0xd5, 0x71, 0x85, 0x85, 0xe2, 0x22, 0x2a, 0xfa, 0x60, 0x3d, 0xa0, 0xb3, 0x6c,
+	0xd0, 0x93, 0xc5, 0x2d, 0x59, 0xe0, 0x97, 0x10, 0x1f, 0x20, 0x06, 0x15, 0xb1, 0x8c, 0xb3, 0xc0,
+	0x51, 0x36, 0x3b, 0x78, 0x85, 0x14, 0xc4, 0xa0, 0xa2, 0x87, 0xb0, 0xbe, 0x4a, 0x8a, 0x54, 0x8b,
+	0xe7, 0x0c, 0x1b, 0x90, 0x51, 0xb0, 0x21, 0x23, 0x9b, 0x4d, 0x5c, 0x46, 0x03, 0x43, 0x04, 0x04,
+	0xd3, 0xac, 0x66, 0x9b, 0x88, 0x37, 0x36, 0xe9, 0x78, 0x50, 0x06, 0x16, 0xd8, 0x08, 0x15, 0x28,
+	0x5f, 0x46, 0x16, 0x8a, 0x37, 0x51, 0x31, 0xac, 0x61, 0x78, 0x1b, 0x4a, 0xa4, 0xca, 0x13, 0x36,
+	0x92, 0xb7, 0xe8, 0x36, 0x10, 0xc1, 0x50, 0x36, 0x45, 0xe4, 0xae, 0xd9, 0x19, 0xde, 0xa6, 0x50,
+	0x12, 0x03, 0x8a, 0x39, 0x36, 0x14, 0x3a, 0x49, 0xba, 0xe6, 0x04, 0x56, 0xe9, 0x78, 0x07, 0x1d,
+	0x83, 0x25, 0x84, 0x11, 0xc9, 0xa2, 0x5e, 0x34, 0xef, 0x52, 0x44, 0x34, 0x0c, 0x8f, 0x5e, 0xaa,
+	0x9c, 0x66, 0x20, 0x1a, 0xbd, 0xd8, 0xde, 0xa3, 0xa3, 0x57, 0xb0, 0x8b, 0xba, 0x71, 0x9a, 0xd5,
+	0x52, 0xff, 0x8c, 0x95, 0xe6, 0x7d, 0xca, 0x74, 0x0e, 0x00, 0x7c, 0x0f, 0xbb, 0xae, 0x6b, 0x9b,
+	0xb0, 0x90, 0x7d, 0x80, 0xb2, 0x89, 0x2e, 0xad, 0x02, 0x4b, 0x42, 0xaf, 0xca, 0x0f, 0xa9, 0x24,
+	0x88, 0x8a, 0x6b, 0x89, 0x8d, 0x67, 0x51, 0xea, 0xac, 0xf6, 0x16, 0xb5, 0x8f, 0x28, 0x6a, 0x05,
+	0xdb, 0x11, 0xb5, 0x13, 0x6c, 0x02, 0x8d, 0xbd, 0xe5, 0xf5, 0x63, 0x2a, 0xac, 0x05, 0xbd, 0xd2,
+	0x99, 0xdd, 0xfb, 0xd8, 0xbe, 0x32, 0x9c, 0xa7, 0x95, 0x88, 0x52, 0x60, 0x1a, 0xa1, 0x13, 0x5b,
+	0x98, 0xaf, 0xa0, 0x99, 0x2a, 0xfe, 0x7c, 0x29, 0x58, 0x74, 0x62, 0x90, 0xdf, 0xcd, 0xf6, 0x92,
+	0x3c, 0x8b, 0x12, 0xe1, 0x4a, 0x2f, 0xf2, 0xcf, 0x88, 0x96, 0x85, 0xfa, 0x93, 0x4a, 0xaa, 0x56,
+	0x34, 0x1c, 0xcc, 0x47, 0xd9, 0x9e, 0x72, 0x56, 0x69, 0xf8, 0x61, 0x2c, 0x13, 0x65, 0x30, 0x7e,
+	0x4a, 0x99, 0x2a, 0xb9, 0xa3, 0x39, 0xc6, 0xe7, 0xd9, 0x70, 0xfe, 0xa7, 0xed, 0x23, 0xf9, 0x19,
+	0x8a, 0x86, 0xda, 0x14, 0x16, 0x0e, 0x57, 0x86, 0xb1, 0x93, 0xd8, 0xd4, 0xbf, 0xcf, 0xa9, 0x70,
+	0x20, 0x82, 0x85, 0x43, 0x6d, 0xc4, 0x02, 0xba, 0xbd, 0x85, 0xe1, 0x0b, 0x2a, 0x1c, 0xc4, 0xa0,
+	0x82, 0x06, 0x06, 0x0b, 0xc5, 0x97, 0xa4, 0x20, 0x06, 0x14, 0x77, 0xb6, 0x1b, 0x6d, 0x22, 0x3c,
+	0x3f, 0x55, 0x89, 0x03, 0xab, 0x0d, 0xaa, 0xaf, 0x36, 0x3b, 0x87, 0xb0, 0x65, 0x0d, 0x85, 0x4a,
+	0x14, 0x8a, 0x34, 0x75, 0x3c, 0x01, 0x13, 0x87, 0xc5, 0xc6, 0xbe, 0xa6, 0x4a, 0xa4, 0x61, 0xb0,
+	0x37, 0x6d, 0x42, 0x84, 0xb0, 0xbb, 0x8e, 0xbb, 0x66, 0xa3, 0xfb, 0xa6, 0xb2, 0xb9, 0xe3, 0xc4,
+	0x82, 0x53, 0x9b, 0x7f, 0xb2, 0x68, 0x5d, 0x6c, 0x58, 0x3d, 0x9d, 0xdf, 0x56, 0xe6, 0x9f, 0x95,
+	0x82, 0x2c, 0x6a, 0xc8, 0x48, 0x65, 0x9e, 0xaa, 0xdf, 0xb8, 0xc3, 0xb5, 0x58, 0xdc, 0x17, 0xe9,
+	0x1e, 0xda, 0xc2, 0xfb, 0xed, 0x1c, 0xa7, 0xf8, 0xed, 0xf0, 0x90, 0x77, 0x0e, 0x3d, 0x66, 0xd9,
+	0xd9, 0xad, 0xf2, 0x39, 0xef, 0x98, 0x79, 0xf8, 0x11, 0x36, 0xd4, 0x31, 0xf0, 0x98, 0x55, 0x0f,
+	0xa3, 0x6a, 0x50, 0x9f, 0x77, 0xf8, 0x01, 0xb6, 0x0b, 0x86, 0x17, 0x33, 0xfe, 0x08, 0xe2, 0xf9,
+	0x72, 0x7e, 0x88, 0xf5, 0xd3, 0xd0, 0x62, 0x46, 0x1f, 0x45, 0xb4, 0x44, 0x00, 0xa7, 0x81, 0xc5,
+	0x8c, 0x3f, 0x46, 0x38, 0x21, 0x80, 0xdb, 0x87, 0xf0, 0xbb, 0x27, 0x76, 0x61, 0xd3, 0xa1, 0xd8,
+	0x4d, 0xb3, 0x3e, 0x9c, 0x54, 0xcc, 0xf4, 0xe3, 0xf8, 0xe5, 0x44, 0xf0, 0x5b, 0xd9, 0x6e, 0xcb,
+	0x80, 0x3f, 0x89, 0x68, 0xb1, 0x9e, 0xcf, 0xb1, 0x01, 0x6d, 0x3a, 0x31, 0xe3, 0x4f, 0x21, 0xae,
+	0x53, 0xb0, 0x75, 0x9c, 0x4e, 0xcc, 0x82, 0xa7, 0x69, 0xeb, 0x48, 0x40, 0xd8, 0x68, 0x30, 0x31,
+	0xd3, 0xcf, 0x50, 0xd4, 0x09, 0xe1, 0x33, 0xac, 0x56, 0x36, 0x1b, 0x33, 0xff, 0x2c, 0xf2, 0x6d,
+	0x06, 0x22, 0xa0, 0x35, 0x3b, 0xb3, 0xe2, 0x39, 0x8a, 0x80, 0x46, 0xc1, 0x31, 0xaa, 0x0e, 0x30,
+	0x66, 0xd3, 0xf3, 0x74, 0x8c, 0x2a, 0xf3, 0x0b, 0x64, 0x33, 0xaf, 0xf9, 0x66, 0xc5, 0x0b, 0x94,
+	0xcd, 0x7c, 0x3d, 0x6c, 0xa3, 0x3a, 0x11, 0x98, 0x1d, 0x2f, 0xd2, 0x36, 0x2a, 0x03, 0x01, 0x5f,
+	0x62, 0xf5, 0x9d, 0xd3, 0x80, 0xd9, 0xf7, 0x12, 0xfa, 0x46, 0x77, 0x0c, 0x03, 0xfc, 0x2e, 0x36,
+	0xd1, 0x7d, 0x12, 0x30, 0x5b, 0xcf, 0x6d, 0x55, 0x7e, 0xbb, 0xe9, 0x83, 0x00, 0x3f, 0xd1, 0x6e,
+	0x29, 0xfa, 0x14, 0x60, 0xd6, 0x9e, 0xdf, 0xea, 0x2c, 0xdc, 0xfa, 0x10, 0xc0, 0x67, 0x19, 0x6b,
+	0x37, 0x60, 0xb3, 0xeb, 0x02, 0xba, 0x34, 0x08, 0x8e, 0x06, 0xf6, 0x5f, 0x33, 0x7f, 0x91, 0x8e,
+	0x06, 0x12, 0x70, 0x34, 0xa8, 0xf5, 0x9a, 0xe9, 0x4b, 0x74, 0x34, 0x08, 0x81, 0x27, 0x5b, 0xeb,
+	0x6e, 0x66, 0xc3, 0x65, 0x7a, 0xb2, 0x35, 0x8a, 0x1f, 0x63, 0xa3, 0x3b, 0x1a, 0xa2, 0x59, 0xf5,
+	0x1a, 0xaa, 0xf6, 0x54, 0xfb, 0xa1, 0xde, 0xbc, 0xb0, 0x19, 0x9a, 0x6d, 0xaf, 0x57, 0x9a, 0x17,
+	0xf6, 0x42, 0x3e, 0xcd, 0xfa, 0xa3, 0x2c, 0x08, 0xe0, 0xf0, 0xd4, 0x6f, 0xe8, 0xd2, 0x4d, 0x45,
+	0xd0, 0x22, 0xc5, 0xaf, 0xdb, 0x18, 0x1d, 0x02, 0xf8, 0x01, 0xb6, 0x5b, 0x84, 0x4d, 0xd1, 0x32,
+	0x91, 0xbf, 0x6d, 0x53, 0xc1, 0x84, 0xd5, 0x7c, 0x86, 0xb1, 0xe2, 0xd5, 0x08, 0x84, 0xd9, 0xc4,
+	0xfe, 0xbe, 0x5d, 0xbc, 0xa5, 0xd1, 0x90, 0xb6, 0x20, 0x4f, 0x8a, 0x41, 0xb0, 0xd9, 0x29, 0xc8,
+	0x33, 0x72, 0x90, 0xf5, 0xdd, 0x9f, 0xca, 0x48, 0x39, 0x9e, 0x89, 0xfe, 0x03, 0x69, 0x5a, 0x0f,
+	0x01, 0x0b, 0x65, 0x22, 0x94, 0xe3, 0xa5, 0x26, 0xf6, 0x4f, 0x64, 0x4b, 0x00, 0x60, 0xd7, 0x49,
+	0x95, 0xcd, 0x7d, 0xff, 0x45, 0x30, 0x01, 0xb0, 0x69, 0xb8, 0x5e, 0x17, 0x1b, 0x26, 0xf6, 0x6f,
+	0xda, 0x34, 0xae, 0xe7, 0x87, 0x58, 0x0d, 0x2e, 0xf3, 0xb7, 0x4a, 0x26, 0xf8, 0x1f, 0x84, 0xdb,
+	0x04, 0x7c, 0x73, 0xaa, 0x5a, 0xca, 0x37, 0x07, 0xfb, 0x5f, 0xcc, 0x34, 0xad, 0xe7, 0xb3, 0x6c,
+	0x20, 0x55, 0xad, 0x56, 0x86, 0xf3, 0xa9, 0x01, 0xff, 0x6f, 0xbb, 0x7c, 0x65, 0x51, 0x32, 0x90,
+	0xed, 0x07, 0xd7, 0x55, 0x2c, 0xfd, 0x48, 0x89, 0xc4, 0x64, 0xd8, 0x42, 0x83, 0x86, 0x1c, 0x9e,
+	0x67, 0x63, 0xae, 0x0c, 0xab, 0xdc, 0x61, 0xb6, 0x20, 0x17, 0xe4, 0x52, 0x5e, 0x67, 0xee, 0xbd,
+	0xd9, 0xf3, 0xd5, 0x5a, 0xd6, 0x9c, 0x74, 0x65, 0x38, 0x05, 0xbf, 0x3c, 0xda, 0x2f, 0x54, 0xcb,
+	0xdf, 0x21, 0xff, 0x07, 0x00, 0x00, 0xff, 0xff, 0x9c, 0xaf, 0x70, 0x4e, 0x83, 0x15, 0x00, 0x00,
 }
diff --git a/vendor/github.com/gogo/protobuf/gogoproto/gogo.proto b/vendor/github.com/gogo/protobuf/gogoproto/gogo.proto
index 7f09979358972..b80c85653f74a 100644
--- a/vendor/github.com/gogo/protobuf/gogoproto/gogo.proto
+++ b/vendor/github.com/gogo/protobuf/gogoproto/gogo.proto
@@ -83,6 +83,10 @@ extend google.protobuf.FileOptions {
     optional bool enumdecl_all = 63031;
 
 	optional bool goproto_registration = 63032;
+	optional bool messagename_all = 63033;
+
+	optional bool goproto_sizecache_all = 63034;
+	optional bool goproto_unkeyed_all = 63035;
 }
 
 extend google.protobuf.MessageOptions {
@@ -115,6 +119,11 @@ extend google.protobuf.MessageOptions {
 	optional bool compare = 64029;
 
 	optional bool typedecl = 64030;
+
+	optional bool messagename = 64033;
+
+	optional bool goproto_sizecache = 64034;
+	optional bool goproto_unkeyed = 64035;
 }
 
 extend google.protobuf.FieldOptions {
@@ -130,4 +139,6 @@ extend google.protobuf.FieldOptions {
 
 	optional bool stdtime = 65010;
 	optional bool stdduration = 65011;
+	optional bool wktpointer = 65012;
+
 }
diff --git a/vendor/github.com/gogo/protobuf/gogoproto/helper.go b/vendor/github.com/gogo/protobuf/gogoproto/helper.go
index 6b851c562396d..390d4e4be6b83 100644
--- a/vendor/github.com/gogo/protobuf/gogoproto/helper.go
+++ b/vendor/github.com/gogo/protobuf/gogoproto/helper.go
@@ -47,6 +47,55 @@ func IsStdDuration(field *google_protobuf.FieldDescriptorProto) bool {
 	return proto.GetBoolExtension(field.Options, E_Stdduration, false)
 }
 
+func IsStdDouble(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.DoubleValue"
+}
+
+func IsStdFloat(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.FloatValue"
+}
+
+func IsStdInt64(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.Int64Value"
+}
+
+func IsStdUInt64(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.UInt64Value"
+}
+
+func IsStdInt32(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.Int32Value"
+}
+
+func IsStdUInt32(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.UInt32Value"
+}
+
+func IsStdBool(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.BoolValue"
+}
+
+func IsStdString(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.StringValue"
+}
+
+func IsStdBytes(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false) && *field.TypeName == ".google.protobuf.BytesValue"
+}
+
+func IsStdType(field *google_protobuf.FieldDescriptorProto) bool {
+	return (IsStdTime(field) || IsStdDuration(field) ||
+		IsStdDouble(field) || IsStdFloat(field) ||
+		IsStdInt64(field) || IsStdUInt64(field) ||
+		IsStdInt32(field) || IsStdUInt32(field) ||
+		IsStdBool(field) ||
+		IsStdString(field) || IsStdBytes(field))
+}
+
+func IsWktPtr(field *google_protobuf.FieldDescriptorProto) bool {
+	return proto.GetBoolExtension(field.Options, E_Wktpointer, false)
+}
+
 func NeedsNilCheck(proto3 bool, field *google_protobuf.FieldDescriptorProto) bool {
 	nullable := IsNullable(field)
 	if field.IsMessage() || IsCustomType(field) {
@@ -334,9 +383,6 @@ func HasExtensionsMap(file *google_protobuf.FileDescriptorProto, message *google
 }
 
 func HasUnrecognized(file *google_protobuf.FileDescriptorProto, message *google_protobuf.DescriptorProto) bool {
-	if IsProto3(file) {
-		return false
-	}
 	return proto.GetBoolExtension(message.Options, E_GoprotoUnrecognized, proto.GetBoolExtension(file.Options, E_GoprotoUnrecognizedAll, true))
 }
 
@@ -355,3 +401,15 @@ func HasCompare(file *google_protobuf.FileDescriptorProto, message *google_proto
 func RegistersGolangProto(file *google_protobuf.FileDescriptorProto) bool {
 	return proto.GetBoolExtension(file.Options, E_GoprotoRegistration, false)
 }
+
+func HasMessageName(file *google_protobuf.FileDescriptorProto, message *google_protobuf.DescriptorProto) bool {
+	return proto.GetBoolExtension(message.Options, E_Messagename, proto.GetBoolExtension(file.Options, E_MessagenameAll, false))
+}
+
+func HasSizecache(file *google_protobuf.FileDescriptorProto, message *google_protobuf.DescriptorProto) bool {
+	return proto.GetBoolExtension(message.Options, E_GoprotoSizecache, proto.GetBoolExtension(file.Options, E_GoprotoSizecacheAll, true))
+}
+
+func HasUnkeyed(file *google_protobuf.FileDescriptorProto, message *google_protobuf.DescriptorProto) bool {
+	return proto.GetBoolExtension(message.Options, E_GoprotoUnkeyed, proto.GetBoolExtension(file.Options, E_GoprotoUnkeyedAll, true))
+}
diff --git a/vendor/github.com/gogo/protobuf/io/uint32.go b/vendor/github.com/gogo/protobuf/io/uint32.go
index fc43857dd77f8..233b909242960 100644
--- a/vendor/github.com/gogo/protobuf/io/uint32.go
+++ b/vendor/github.com/gogo/protobuf/io/uint32.go
@@ -120,7 +120,7 @@ func (this *uint32Reader) ReadMsg(msg proto.Message) error {
 	if length < 0 || length > this.maxSize {
 		return io.ErrShortBuffer
 	}
-	if length >= len(this.buf) {
+	if length > len(this.buf) {
 		this.buf = make([]byte, length)
 	}
 	_, err := io.ReadFull(this.r, this.buf[:length])
diff --git a/vendor/github.com/gogo/protobuf/io/varint.go b/vendor/github.com/gogo/protobuf/io/varint.go
index a72e14a583e68..e81e296e4f58d 100644
--- a/vendor/github.com/gogo/protobuf/io/varint.go
+++ b/vendor/github.com/gogo/protobuf/io/varint.go
@@ -42,7 +42,7 @@ var (
 )
 
 func NewDelimitedWriter(w io.Writer) WriteCloser {
-	return &varintWriter{w, make([]byte, 10), nil}
+	return &varintWriter{w, make([]byte, binary.MaxVarintLen64), nil}
 }
 
 type varintWriter struct {
@@ -55,26 +55,25 @@ func (this *varintWriter) WriteMsg(msg proto.Message) (err error) {
 	var data []byte
 	if m, ok := msg.(marshaler); ok {
 		n, ok := getSize(m)
-		if !ok {
-			data, err = proto.Marshal(msg)
+		if ok {
+			if n+binary.MaxVarintLen64 >= len(this.buffer) {
+				this.buffer = make([]byte, n+binary.MaxVarintLen64)
+			}
+			lenOff := binary.PutUvarint(this.buffer, uint64(n))
+			_, err = m.MarshalTo(this.buffer[lenOff:])
 			if err != nil {
 				return err
 			}
-		}
-		if n >= len(this.buffer) {
-			this.buffer = make([]byte, n)
-		}
-		_, err = m.MarshalTo(this.buffer)
-		if err != nil {
-			return err
-		}
-		data = this.buffer[:n]
-	} else {
-		data, err = proto.Marshal(msg)
-		if err != nil {
+			_, err = this.w.Write(this.buffer[:lenOff+n])
 			return err
 		}
 	}
+
+	// fallback
+	data, err = proto.Marshal(msg)
+	if err != nil {
+		return err
+	}
 	length := uint64(len(data))
 	n := binary.PutUvarint(this.lenBuf, length)
 	_, err = this.w.Write(this.lenBuf[:n])
diff --git a/vendor/github.com/gogo/protobuf/proto/clone.go b/vendor/github.com/gogo/protobuf/proto/clone.go
index 5d4cba4b51c6c..a26b046d94f1a 100644
--- a/vendor/github.com/gogo/protobuf/proto/clone.go
+++ b/vendor/github.com/gogo/protobuf/proto/clone.go
@@ -35,22 +35,39 @@
 package proto
 
 import (
+	"fmt"
 	"log"
 	"reflect"
 	"strings"
 )
 
 // Clone returns a deep copy of a protocol buffer.
-func Clone(pb Message) Message {
-	in := reflect.ValueOf(pb)
+func Clone(src Message) Message {
+	in := reflect.ValueOf(src)
 	if in.IsNil() {
-		return pb
+		return src
 	}
-
 	out := reflect.New(in.Type().Elem())
-	// out is empty so a merge is a deep copy.
-	mergeStruct(out.Elem(), in.Elem())
-	return out.Interface().(Message)
+	dst := out.Interface().(Message)
+	Merge(dst, src)
+	return dst
+}
+
+// Merger is the interface representing objects that can merge messages of the same type.
+type Merger interface {
+	// Merge merges src into this message.
+	// Required and optional fields that are set in src will be set to that value in dst.
+	// Elements of repeated fields will be appended.
+	//
+	// Merge may panic if called with a different argument type than the receiver.
+	Merge(src Message)
+}
+
+// generatedMerger is the custom merge method that generated protos will have.
+// We must add this method since a generate Merge method will conflict with
+// many existing protos that have a Merge data field already defined.
+type generatedMerger interface {
+	XXX_Merge(src Message)
 }
 
 // Merge merges src into dst.
@@ -58,17 +75,24 @@ func Clone(pb Message) Message {
 // Elements of repeated fields will be appended.
 // Merge panics if src and dst are not the same type, or if dst is nil.
 func Merge(dst, src Message) {
+	if m, ok := dst.(Merger); ok {
+		m.Merge(src)
+		return
+	}
+
 	in := reflect.ValueOf(src)
 	out := reflect.ValueOf(dst)
 	if out.IsNil() {
 		panic("proto: nil destination")
 	}
 	if in.Type() != out.Type() {
-		// Explicit test prior to mergeStruct so that mistyped nils will fail
-		panic("proto: type mismatch")
+		panic(fmt.Sprintf("proto.Merge(%T, %T) type mismatch", dst, src))
 	}
 	if in.IsNil() {
-		// Merging nil into non-nil is a quiet no-op
+		return // Merge from nil src is a noop
+	}
+	if m, ok := dst.(generatedMerger); ok {
+		m.XXX_Merge(src)
 		return
 	}
 	mergeStruct(out.Elem(), in.Elem())
@@ -89,7 +113,7 @@ func mergeStruct(out, in reflect.Value) {
 		bIn := emIn.GetExtensions()
 		bOut := emOut.GetExtensions()
 		*bOut = append(*bOut, *bIn...)
-	} else if emIn, ok := extendable(in.Addr().Interface()); ok {
+	} else if emIn, err := extendable(in.Addr().Interface()); err == nil {
 		emOut, _ := extendable(out.Addr().Interface())
 		mIn, muIn := emIn.extensionsRead()
 		if mIn != nil {
diff --git a/vendor/github.com/gogo/protobuf/proto/custom_gogo.go b/vendor/github.com/gogo/protobuf/proto/custom_gogo.go
new file mode 100644
index 0000000000000..24552483c6cea
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/custom_gogo.go
@@ -0,0 +1,39 @@
+// Protocol Buffers for Go with Gadgets
+//
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
+// http://github.com/gogo/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import "reflect"
+
+type custom interface {
+	Marshal() ([]byte, error)
+	Unmarshal(data []byte) error
+	Size() int
+}
+
+var customType = reflect.TypeOf((*custom)(nil)).Elem()
diff --git a/vendor/github.com/gogo/protobuf/proto/decode.go b/vendor/github.com/gogo/protobuf/proto/decode.go
index 737f2731d45dc..63b0f08bef2a0 100644
--- a/vendor/github.com/gogo/protobuf/proto/decode.go
+++ b/vendor/github.com/gogo/protobuf/proto/decode.go
@@ -39,8 +39,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"os"
-	"reflect"
 )
 
 // errOverflow is returned when an integer is too large to be represented.
@@ -50,10 +48,6 @@ var errOverflow = errors.New("proto: integer overflow")
 // wire type is encountered. It does not get returned to user code.
 var ErrInternalBadWireType = errors.New("proto: internal error: bad wiretype for oneof")
 
-// The fundamental decoders that interpret bytes on the wire.
-// Those that take integer types all return uint64 and are
-// therefore of type valueDecoder.
-
 // DecodeVarint reads a varint-encoded integer from the slice.
 // It returns the integer and the number of bytes consumed, or
 // zero if there is not enough.
@@ -192,7 +186,6 @@ func (p *Buffer) DecodeVarint() (x uint64, err error) {
 	if b&0x80 == 0 {
 		goto done
 	}
-	// x -= 0x80 << 63 // Always zero.
 
 	return 0, errOverflow
 
@@ -267,9 +260,6 @@ func (p *Buffer) DecodeZigzag32() (x uint64, err error) {
 	return
 }
 
-// These are not ValueDecoders: they produce an array of bytes or a string.
-// bytes, embedded messages
-
 // DecodeRawBytes reads a count-delimited byte buffer from the Buffer.
 // This is the format used for the bytes protocol buffer
 // type and for embedded messages.
@@ -311,81 +301,29 @@ func (p *Buffer) DecodeStringBytes() (s string, err error) {
 	return string(buf), nil
 }
 
-// Skip the next item in the buffer. Its wire type is decoded and presented as an argument.
-// If the protocol buffer has extensions, and the field matches, add it as an extension.
-// Otherwise, if the XXX_unrecognized field exists, append the skipped data there.
-func (o *Buffer) skipAndSave(t reflect.Type, tag, wire int, base structPointer, unrecField field) error {
-	oi := o.index
-
-	err := o.skip(t, tag, wire)
-	if err != nil {
-		return err
-	}
-
-	if !unrecField.IsValid() {
-		return nil
-	}
-
-	ptr := structPointer_Bytes(base, unrecField)
-
-	// Add the skipped field to struct field
-	obuf := o.buf
-
-	o.buf = *ptr
-	o.EncodeVarint(uint64(tag<<3 | wire))
-	*ptr = append(o.buf, obuf[oi:o.index]...)
-
-	o.buf = obuf
-
-	return nil
-}
-
-// Skip the next item in the buffer. Its wire type is decoded and presented as an argument.
-func (o *Buffer) skip(t reflect.Type, tag, wire int) error {
-
-	var u uint64
-	var err error
-
-	switch wire {
-	case WireVarint:
-		_, err = o.DecodeVarint()
-	case WireFixed64:
-		_, err = o.DecodeFixed64()
-	case WireBytes:
-		_, err = o.DecodeRawBytes(false)
-	case WireFixed32:
-		_, err = o.DecodeFixed32()
-	case WireStartGroup:
-		for {
-			u, err = o.DecodeVarint()
-			if err != nil {
-				break
-			}
-			fwire := int(u & 0x7)
-			if fwire == WireEndGroup {
-				break
-			}
-			ftag := int(u >> 3)
-			err = o.skip(t, ftag, fwire)
-			if err != nil {
-				break
-			}
-		}
-	default:
-		err = fmt.Errorf("proto: can't skip unknown wire type %d for %s", wire, t)
-	}
-	return err
-}
-
 // Unmarshaler is the interface representing objects that can
-// unmarshal themselves.  The method should reset the receiver before
-// decoding starts.  The argument points to data that may be
+// unmarshal themselves.  The argument points to data that may be
 // overwritten, so implementations should not keep references to the
 // buffer.
+// Unmarshal implementations should not clear the receiver.
+// Any unmarshaled data should be merged into the receiver.
+// Callers of Unmarshal that do not want to retain existing data
+// should Reset the receiver before calling Unmarshal.
 type Unmarshaler interface {
 	Unmarshal([]byte) error
 }
 
+// newUnmarshaler is the interface representing objects that can
+// unmarshal themselves. The semantics are identical to Unmarshaler.
+//
+// This exists to support protoc-gen-go generated messages.
+// The proto package will stop type-asserting to this interface in the future.
+//
+// DO NOT DEPEND ON THIS.
+type newUnmarshaler interface {
+	XXX_Unmarshal([]byte) error
+}
+
 // Unmarshal parses the protocol buffer representation in buf and places the
 // decoded result in pb.  If the struct underlying pb does not match
 // the data in buf, the results can be unpredictable.
@@ -395,7 +333,13 @@ type Unmarshaler interface {
 // to preserve and append to existing data.
 func Unmarshal(buf []byte, pb Message) error {
 	pb.Reset()
-	return UnmarshalMerge(buf, pb)
+	if u, ok := pb.(newUnmarshaler); ok {
+		return u.XXX_Unmarshal(buf)
+	}
+	if u, ok := pb.(Unmarshaler); ok {
+		return u.Unmarshal(buf)
+	}
+	return NewBuffer(buf).Unmarshal(pb)
 }
 
 // UnmarshalMerge parses the protocol buffer representation in buf and
@@ -405,8 +349,16 @@ func Unmarshal(buf []byte, pb Message) error {
 // UnmarshalMerge merges into existing data in pb.
 // Most code should use Unmarshal instead.
 func UnmarshalMerge(buf []byte, pb Message) error {
-	// If the object can unmarshal itself, let it.
+	if u, ok := pb.(newUnmarshaler); ok {
+		return u.XXX_Unmarshal(buf)
+	}
 	if u, ok := pb.(Unmarshaler); ok {
+		// NOTE: The history of proto have unfortunately been inconsistent
+		// whether Unmarshaler should or should not implicitly clear itself.
+		// Some implementations do, most do not.
+		// Thus, calling this here may or may not do what people want.
+		//
+		// See https://github.com/golang/protobuf/issues/424
 		return u.Unmarshal(buf)
 	}
 	return NewBuffer(buf).Unmarshal(pb)
@@ -422,12 +374,17 @@ func (p *Buffer) DecodeMessage(pb Message) error {
 }
 
 // DecodeGroup reads a tag-delimited group from the Buffer.
+// StartGroup tag is already consumed. This function consumes
+// EndGroup tag.
 func (p *Buffer) DecodeGroup(pb Message) error {
-	typ, base, err := getbase(pb)
-	if err != nil {
-		return err
+	b := p.buf[p.index:]
+	x, y := findEndGroup(b)
+	if x < 0 {
+		return io.ErrUnexpectedEOF
 	}
-	return p.unmarshalType(typ.Elem(), GetProperties(typ.Elem()), true, base)
+	err := Unmarshal(b[:x], pb)
+	p.index += y
+	return err
 }
 
 // Unmarshal parses the protocol buffer representation in the
@@ -438,541 +395,33 @@ func (p *Buffer) DecodeGroup(pb Message) error {
 // Unlike proto.Unmarshal, this does not reset pb before starting to unmarshal.
 func (p *Buffer) Unmarshal(pb Message) error {
 	// If the object can unmarshal itself, let it.
-	if u, ok := pb.(Unmarshaler); ok {
-		err := u.Unmarshal(p.buf[p.index:])
+	if u, ok := pb.(newUnmarshaler); ok {
+		err := u.XXX_Unmarshal(p.buf[p.index:])
 		p.index = len(p.buf)
 		return err
 	}
-
-	typ, base, err := getbase(pb)
-	if err != nil {
-		return err
-	}
-
-	err = p.unmarshalType(typ.Elem(), GetProperties(typ.Elem()), false, base)
-
-	if collectStats {
-		stats.Decode++
-	}
-
-	return err
-}
-
-// unmarshalType does the work of unmarshaling a structure.
-func (o *Buffer) unmarshalType(st reflect.Type, prop *StructProperties, is_group bool, base structPointer) error {
-	var state errorState
-	required, reqFields := prop.reqCount, uint64(0)
-
-	var err error
-	for err == nil && o.index < len(o.buf) {
-		oi := o.index
-		var u uint64
-		u, err = o.DecodeVarint()
-		if err != nil {
-			break
-		}
-		wire := int(u & 0x7)
-		if wire == WireEndGroup {
-			if is_group {
-				if required > 0 {
-					// Not enough information to determine the exact field.
-					// (See below.)
-					return &RequiredNotSetError{"{Unknown}"}
-				}
-				return nil // input is satisfied
-			}
-			return fmt.Errorf("proto: %s: wiretype end group for non-group", st)
-		}
-		tag := int(u >> 3)
-		if tag <= 0 {
-			return fmt.Errorf("proto: %s: illegal tag %d (wire type %d)", st, tag, wire)
-		}
-		fieldnum, ok := prop.decoderTags.get(tag)
-		if !ok {
-			// Maybe it's an extension?
-			if prop.extendable {
-				if e, eok := structPointer_Interface(base, st).(extensionsBytes); eok {
-					if isExtensionField(e, int32(tag)) {
-						if err = o.skip(st, tag, wire); err == nil {
-							ext := e.GetExtensions()
-							*ext = append(*ext, o.buf[oi:o.index]...)
-						}
-						continue
-					}
-				} else if e, _ := extendable(structPointer_Interface(base, st)); isExtensionField(e, int32(tag)) {
-					if err = o.skip(st, tag, wire); err == nil {
-						extmap := e.extensionsWrite()
-						ext := extmap[int32(tag)] // may be missing
-						ext.enc = append(ext.enc, o.buf[oi:o.index]...)
-						extmap[int32(tag)] = ext
-					}
-					continue
-				}
-			}
-			// Maybe it's a oneof?
-			if prop.oneofUnmarshaler != nil {
-				m := structPointer_Interface(base, st).(Message)
-				// First return value indicates whether tag is a oneof field.
-				ok, err = prop.oneofUnmarshaler(m, tag, wire, o)
-				if err == ErrInternalBadWireType {
-					// Map the error to something more descriptive.
-					// Do the formatting here to save generated code space.
-					err = fmt.Errorf("bad wiretype for oneof field in %T", m)
-				}
-				if ok {
-					continue
-				}
-			}
-			err = o.skipAndSave(st, tag, wire, base, prop.unrecField)
-			continue
-		}
-		p := prop.Prop[fieldnum]
-
-		if p.dec == nil {
-			fmt.Fprintf(os.Stderr, "proto: no protobuf decoder for %s.%s\n", st, st.Field(fieldnum).Name)
-			continue
-		}
-		dec := p.dec
-		if wire != WireStartGroup && wire != p.WireType {
-			if wire == WireBytes && p.packedDec != nil {
-				// a packable field
-				dec = p.packedDec
-			} else {
-				err = fmt.Errorf("proto: bad wiretype for field %s.%s: got wiretype %d, want %d", st, st.Field(fieldnum).Name, wire, p.WireType)
-				continue
-			}
-		}
-		decErr := dec(o, p, base)
-		if decErr != nil && !state.shouldContinue(decErr, p) {
-			err = decErr
-		}
-		if err == nil && p.Required {
-			// Successfully decoded a required field.
-			if tag <= 64 {
-				// use bitmap for fields 1-64 to catch field reuse.
-				var mask uint64 = 1 << uint64(tag-1)
-				if reqFields&mask == 0 {
-					// new required field
-					reqFields |= mask
-					required--
-				}
-			} else {
-				// This is imprecise. It can be fooled by a required field
-				// with a tag > 64 that is encoded twice; that's very rare.
-				// A fully correct implementation would require allocating
-				// a data structure, which we would like to avoid.
-				required--
-			}
-		}
-	}
-	if err == nil {
-		if is_group {
-			return io.ErrUnexpectedEOF
-		}
-		if state.err != nil {
-			return state.err
-		}
-		if required > 0 {
-			// Not enough information to determine the exact field. If we use extra
-			// CPU, we could determine the field only if the missing required field
-			// has a tag <= 64 and we check reqFields.
-			return &RequiredNotSetError{"{Unknown}"}
-		}
-	}
-	return err
-}
-
-// Individual type decoders
-// For each,
-//	u is the decoded value,
-//	v is a pointer to the field (pointer) in the struct
-
-// Sizes of the pools to allocate inside the Buffer.
-// The goal is modest amortization and allocation
-// on at least 16-byte boundaries.
-const (
-	boolPoolSize   = 16
-	uint32PoolSize = 8
-	uint64PoolSize = 4
-)
-
-// Decode a bool.
-func (o *Buffer) dec_bool(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-	if len(o.bools) == 0 {
-		o.bools = make([]bool, boolPoolSize)
-	}
-	o.bools[0] = u != 0
-	*structPointer_Bool(base, p.field) = &o.bools[0]
-	o.bools = o.bools[1:]
-	return nil
-}
-
-func (o *Buffer) dec_proto3_bool(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-	*structPointer_BoolVal(base, p.field) = u != 0
-	return nil
-}
-
-// Decode an int32.
-func (o *Buffer) dec_int32(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-	word32_Set(structPointer_Word32(base, p.field), o, uint32(u))
-	return nil
-}
-
-func (o *Buffer) dec_proto3_int32(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-	word32Val_Set(structPointer_Word32Val(base, p.field), uint32(u))
-	return nil
-}
-
-// Decode an int64.
-func (o *Buffer) dec_int64(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-	word64_Set(structPointer_Word64(base, p.field), o, u)
-	return nil
-}
-
-func (o *Buffer) dec_proto3_int64(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-	word64Val_Set(structPointer_Word64Val(base, p.field), o, u)
-	return nil
-}
-
-// Decode a string.
-func (o *Buffer) dec_string(p *Properties, base structPointer) error {
-	s, err := o.DecodeStringBytes()
-	if err != nil {
-		return err
-	}
-	*structPointer_String(base, p.field) = &s
-	return nil
-}
-
-func (o *Buffer) dec_proto3_string(p *Properties, base structPointer) error {
-	s, err := o.DecodeStringBytes()
-	if err != nil {
-		return err
-	}
-	*structPointer_StringVal(base, p.field) = s
-	return nil
-}
-
-// Decode a slice of bytes ([]byte).
-func (o *Buffer) dec_slice_byte(p *Properties, base structPointer) error {
-	b, err := o.DecodeRawBytes(true)
-	if err != nil {
-		return err
-	}
-	*structPointer_Bytes(base, p.field) = b
-	return nil
-}
-
-// Decode a slice of bools ([]bool).
-func (o *Buffer) dec_slice_bool(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-	v := structPointer_BoolSlice(base, p.field)
-	*v = append(*v, u != 0)
-	return nil
-}
-
-// Decode a slice of bools ([]bool) in packed format.
-func (o *Buffer) dec_slice_packed_bool(p *Properties, base structPointer) error {
-	v := structPointer_BoolSlice(base, p.field)
-
-	nn, err := o.DecodeVarint()
-	if err != nil {
-		return err
-	}
-	nb := int(nn) // number of bytes of encoded bools
-	fin := o.index + nb
-	if fin < o.index {
-		return errOverflow
-	}
-
-	y := *v
-	for o.index < fin {
-		u, err := p.valDec(o)
-		if err != nil {
-			return err
-		}
-		y = append(y, u != 0)
-	}
-
-	*v = y
-	return nil
-}
-
-// Decode a slice of int32s ([]int32).
-func (o *Buffer) dec_slice_int32(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-	structPointer_Word32Slice(base, p.field).Append(uint32(u))
-	return nil
-}
-
-// Decode a slice of int32s ([]int32) in packed format.
-func (o *Buffer) dec_slice_packed_int32(p *Properties, base structPointer) error {
-	v := structPointer_Word32Slice(base, p.field)
-
-	nn, err := o.DecodeVarint()
-	if err != nil {
-		return err
-	}
-	nb := int(nn) // number of bytes of encoded int32s
-
-	fin := o.index + nb
-	if fin < o.index {
-		return errOverflow
-	}
-	for o.index < fin {
-		u, err := p.valDec(o)
-		if err != nil {
-			return err
-		}
-		v.Append(uint32(u))
-	}
-	return nil
-}
-
-// Decode a slice of int64s ([]int64).
-func (o *Buffer) dec_slice_int64(p *Properties, base structPointer) error {
-	u, err := p.valDec(o)
-	if err != nil {
-		return err
-	}
-
-	structPointer_Word64Slice(base, p.field).Append(u)
-	return nil
-}
-
-// Decode a slice of int64s ([]int64) in packed format.
-func (o *Buffer) dec_slice_packed_int64(p *Properties, base structPointer) error {
-	v := structPointer_Word64Slice(base, p.field)
-
-	nn, err := o.DecodeVarint()
-	if err != nil {
-		return err
-	}
-	nb := int(nn) // number of bytes of encoded int64s
-
-	fin := o.index + nb
-	if fin < o.index {
-		return errOverflow
-	}
-	for o.index < fin {
-		u, err := p.valDec(o)
-		if err != nil {
-			return err
-		}
-		v.Append(u)
-	}
-	return nil
-}
-
-// Decode a slice of strings ([]string).
-func (o *Buffer) dec_slice_string(p *Properties, base structPointer) error {
-	s, err := o.DecodeStringBytes()
-	if err != nil {
-		return err
-	}
-	v := structPointer_StringSlice(base, p.field)
-	*v = append(*v, s)
-	return nil
-}
-
-// Decode a slice of slice of bytes ([][]byte).
-func (o *Buffer) dec_slice_slice_byte(p *Properties, base structPointer) error {
-	b, err := o.DecodeRawBytes(true)
-	if err != nil {
-		return err
-	}
-	v := structPointer_BytesSlice(base, p.field)
-	*v = append(*v, b)
-	return nil
-}
-
-// Decode a map field.
-func (o *Buffer) dec_new_map(p *Properties, base structPointer) error {
-	raw, err := o.DecodeRawBytes(false)
-	if err != nil {
-		return err
-	}
-	oi := o.index       // index at the end of this map entry
-	o.index -= len(raw) // move buffer back to start of map entry
-
-	mptr := structPointer_NewAt(base, p.field, p.mtype) // *map[K]V
-	if mptr.Elem().IsNil() {
-		mptr.Elem().Set(reflect.MakeMap(mptr.Type().Elem()))
-	}
-	v := mptr.Elem() // map[K]V
-
-	// Prepare addressable doubly-indirect placeholders for the key and value types.
-	// See enc_new_map for why.
-	keyptr := reflect.New(reflect.PtrTo(p.mtype.Key())).Elem() // addressable *K
-	keybase := toStructPointer(keyptr.Addr())                  // **K
-
-	var valbase structPointer
-	var valptr reflect.Value
-	switch p.mtype.Elem().Kind() {
-	case reflect.Slice:
-		// []byte
-		var dummy []byte
-		valptr = reflect.ValueOf(&dummy)  // *[]byte
-		valbase = toStructPointer(valptr) // *[]byte
-	case reflect.Ptr:
-		// message; valptr is **Msg; need to allocate the intermediate pointer
-		valptr = reflect.New(reflect.PtrTo(p.mtype.Elem())).Elem() // addressable *V
-		valptr.Set(reflect.New(valptr.Type().Elem()))
-		valbase = toStructPointer(valptr)
-	default:
-		// everything else
-		valptr = reflect.New(reflect.PtrTo(p.mtype.Elem())).Elem() // addressable *V
-		valbase = toStructPointer(valptr.Addr())                   // **V
-	}
-
-	// Decode.
-	// This parses a restricted wire format, namely the encoding of a message
-	// with two fields. See enc_new_map for the format.
-	for o.index < oi {
-		// tagcode for key and value properties are always a single byte
-		// because they have tags 1 and 2.
-		tagcode := o.buf[o.index]
-		o.index++
-		switch tagcode {
-		case p.mkeyprop.tagcode[0]:
-			if err := p.mkeyprop.dec(o, p.mkeyprop, keybase); err != nil {
-				return err
-			}
-		case p.mvalprop.tagcode[0]:
-			if err := p.mvalprop.dec(o, p.mvalprop, valbase); err != nil {
-				return err
-			}
-		default:
-			// TODO: Should we silently skip this instead?
-			return fmt.Errorf("proto: bad map data tag %d", raw[0])
-		}
-	}
-	keyelem, valelem := keyptr.Elem(), valptr.Elem()
-	if !keyelem.IsValid() {
-		keyelem = reflect.Zero(p.mtype.Key())
-	}
-	if !valelem.IsValid() {
-		valelem = reflect.Zero(p.mtype.Elem())
-	}
-
-	v.SetMapIndex(keyelem, valelem)
-	return nil
-}
-
-// Decode a group.
-func (o *Buffer) dec_struct_group(p *Properties, base structPointer) error {
-	bas := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(bas) {
-		// allocate new nested message
-		bas = toStructPointer(reflect.New(p.stype))
-		structPointer_SetStructPointer(base, p.field, bas)
-	}
-	return o.unmarshalType(p.stype, p.sprop, true, bas)
-}
-
-// Decode an embedded message.
-func (o *Buffer) dec_struct_message(p *Properties, base structPointer) (err error) {
-	raw, e := o.DecodeRawBytes(false)
-	if e != nil {
-		return e
-	}
-
-	bas := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(bas) {
-		// allocate new nested message
-		bas = toStructPointer(reflect.New(p.stype))
-		structPointer_SetStructPointer(base, p.field, bas)
-	}
-
-	// If the object can unmarshal itself, let it.
-	if p.isUnmarshaler {
-		iv := structPointer_Interface(bas, p.stype)
-		return iv.(Unmarshaler).Unmarshal(raw)
-	}
-
-	obuf := o.buf
-	oi := o.index
-	o.buf = raw
-	o.index = 0
-
-	err = o.unmarshalType(p.stype, p.sprop, false, bas)
-	o.buf = obuf
-	o.index = oi
-
-	return err
-}
-
-// Decode a slice of embedded messages.
-func (o *Buffer) dec_slice_struct_message(p *Properties, base structPointer) error {
-	return o.dec_slice_struct(p, false, base)
-}
-
-// Decode a slice of embedded groups.
-func (o *Buffer) dec_slice_struct_group(p *Properties, base structPointer) error {
-	return o.dec_slice_struct(p, true, base)
-}
-
-// Decode a slice of structs ([]*struct).
-func (o *Buffer) dec_slice_struct(p *Properties, is_group bool, base structPointer) error {
-	v := reflect.New(p.stype)
-	bas := toStructPointer(v)
-	structPointer_StructPointerSlice(base, p.field).Append(bas)
-
-	if is_group {
-		err := o.unmarshalType(p.stype, p.sprop, is_group, bas)
-		return err
-	}
-
-	raw, err := o.DecodeRawBytes(false)
-	if err != nil {
+	if u, ok := pb.(Unmarshaler); ok {
+		// NOTE: The history of proto have unfortunately been inconsistent
+		// whether Unmarshaler should or should not implicitly clear itself.
+		// Some implementations do, most do not.
+		// Thus, calling this here may or may not do what people want.
+		//
+		// See https://github.com/golang/protobuf/issues/424
+		err := u.Unmarshal(p.buf[p.index:])
+		p.index = len(p.buf)
 		return err
 	}
 
-	// If the object can unmarshal itself, let it.
-	if p.isUnmarshaler {
-		iv := v.Interface()
-		return iv.(Unmarshaler).Unmarshal(raw)
-	}
-
-	obuf := o.buf
-	oi := o.index
-	o.buf = raw
-	o.index = 0
-
-	err = o.unmarshalType(p.stype, p.sprop, is_group, bas)
-
-	o.buf = obuf
-	o.index = oi
-
+	// Slow workaround for messages that aren't Unmarshalers.
+	// This includes some hand-coded .pb.go files and
+	// bootstrap protos.
+	// TODO: fix all of those and then add Unmarshal to
+	// the Message interface. Then:
+	// The cast above and code below can be deleted.
+	// The old unmarshaler can be deleted.
+	// Clients can call Unmarshal directly (can already do that, actually).
+	var info InternalMessageInfo
+	err := info.Unmarshal(pb, p.buf[p.index:])
+	p.index = len(p.buf)
 	return err
 }
diff --git a/vendor/github.com/gogo/protobuf/proto/decode_gogo.go b/vendor/github.com/gogo/protobuf/proto/decode_gogo.go
deleted file mode 100644
index 6fb74de4cc94c..0000000000000
--- a/vendor/github.com/gogo/protobuf/proto/decode_gogo.go
+++ /dev/null
@@ -1,172 +0,0 @@
-// Protocol Buffers for Go with Gadgets
-//
-// Copyright (c) 2013, The GoGo Authors. All rights reserved.
-// http://github.com/gogo/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-import (
-	"reflect"
-)
-
-// Decode a reference to a struct pointer.
-func (o *Buffer) dec_ref_struct_message(p *Properties, base structPointer) (err error) {
-	raw, e := o.DecodeRawBytes(false)
-	if e != nil {
-		return e
-	}
-
-	// If the object can unmarshal itself, let it.
-	if p.isUnmarshaler {
-		panic("not supported, since this is a pointer receiver")
-	}
-
-	obuf := o.buf
-	oi := o.index
-	o.buf = raw
-	o.index = 0
-
-	bas := structPointer_FieldPointer(base, p.field)
-
-	err = o.unmarshalType(p.stype, p.sprop, false, bas)
-	o.buf = obuf
-	o.index = oi
-
-	return err
-}
-
-// Decode a slice of references to struct pointers ([]struct).
-func (o *Buffer) dec_slice_ref_struct(p *Properties, is_group bool, base structPointer) error {
-	newBas := appendStructPointer(base, p.field, p.sstype)
-
-	if is_group {
-		panic("not supported, maybe in future, if requested.")
-	}
-
-	raw, err := o.DecodeRawBytes(false)
-	if err != nil {
-		return err
-	}
-
-	// If the object can unmarshal itself, let it.
-	if p.isUnmarshaler {
-		panic("not supported, since this is not a pointer receiver.")
-	}
-
-	obuf := o.buf
-	oi := o.index
-	o.buf = raw
-	o.index = 0
-
-	err = o.unmarshalType(p.stype, p.sprop, is_group, newBas)
-
-	o.buf = obuf
-	o.index = oi
-
-	return err
-}
-
-// Decode a slice of references to struct pointers.
-func (o *Buffer) dec_slice_ref_struct_message(p *Properties, base structPointer) error {
-	return o.dec_slice_ref_struct(p, false, base)
-}
-
-func setPtrCustomType(base structPointer, f field, v interface{}) {
-	if v == nil {
-		return
-	}
-	structPointer_SetStructPointer(base, f, toStructPointer(reflect.ValueOf(v)))
-}
-
-func setCustomType(base structPointer, f field, value interface{}) {
-	if value == nil {
-		return
-	}
-	v := reflect.ValueOf(value).Elem()
-	t := reflect.TypeOf(value).Elem()
-	kind := t.Kind()
-	switch kind {
-	case reflect.Slice:
-		slice := reflect.MakeSlice(t, v.Len(), v.Cap())
-		reflect.Copy(slice, v)
-		oldHeader := structPointer_GetSliceHeader(base, f)
-		oldHeader.Data = slice.Pointer()
-		oldHeader.Len = v.Len()
-		oldHeader.Cap = v.Cap()
-	default:
-		size := reflect.TypeOf(value).Elem().Size()
-		structPointer_Copy(toStructPointer(reflect.ValueOf(value)), structPointer_Add(base, f), int(size))
-	}
-}
-
-func (o *Buffer) dec_custom_bytes(p *Properties, base structPointer) error {
-	b, err := o.DecodeRawBytes(true)
-	if err != nil {
-		return err
-	}
-	i := reflect.New(p.ctype.Elem()).Interface()
-	custom := (i).(Unmarshaler)
-	if err := custom.Unmarshal(b); err != nil {
-		return err
-	}
-	setPtrCustomType(base, p.field, custom)
-	return nil
-}
-
-func (o *Buffer) dec_custom_ref_bytes(p *Properties, base structPointer) error {
-	b, err := o.DecodeRawBytes(true)
-	if err != nil {
-		return err
-	}
-	i := reflect.New(p.ctype).Interface()
-	custom := (i).(Unmarshaler)
-	if err := custom.Unmarshal(b); err != nil {
-		return err
-	}
-	if custom != nil {
-		setCustomType(base, p.field, custom)
-	}
-	return nil
-}
-
-// Decode a slice of bytes ([]byte) into a slice of custom types.
-func (o *Buffer) dec_custom_slice_bytes(p *Properties, base structPointer) error {
-	b, err := o.DecodeRawBytes(true)
-	if err != nil {
-		return err
-	}
-	i := reflect.New(p.ctype.Elem()).Interface()
-	custom := (i).(Unmarshaler)
-	if err := custom.Unmarshal(b); err != nil {
-		return err
-	}
-	newBas := appendStructPointer(base, p.field, p.ctype)
-
-	var zero field
-	setCustomType(newBas, zero, custom)
-
-	return nil
-}
diff --git a/vendor/github.com/gogo/protobuf/proto/deprecated.go b/vendor/github.com/gogo/protobuf/proto/deprecated.go
new file mode 100644
index 0000000000000..35b882c09aaf9
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/deprecated.go
@@ -0,0 +1,63 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2018 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import "errors"
+
+// Deprecated: do not use.
+type Stats struct{ Emalloc, Dmalloc, Encode, Decode, Chit, Cmiss, Size uint64 }
+
+// Deprecated: do not use.
+func GetStats() Stats { return Stats{} }
+
+// Deprecated: do not use.
+func MarshalMessageSet(interface{}) ([]byte, error) {
+	return nil, errors.New("proto: not implemented")
+}
+
+// Deprecated: do not use.
+func UnmarshalMessageSet([]byte, interface{}) error {
+	return errors.New("proto: not implemented")
+}
+
+// Deprecated: do not use.
+func MarshalMessageSetJSON(interface{}) ([]byte, error) {
+	return nil, errors.New("proto: not implemented")
+}
+
+// Deprecated: do not use.
+func UnmarshalMessageSetJSON([]byte, interface{}) error {
+	return errors.New("proto: not implemented")
+}
+
+// Deprecated: do not use.
+func RegisterMessageSetType(Message, int32, string) {}
diff --git a/vendor/github.com/gogo/protobuf/proto/discard.go b/vendor/github.com/gogo/protobuf/proto/discard.go
index bd0e3bb4c8510..fe1bd7d904e24 100644
--- a/vendor/github.com/gogo/protobuf/proto/discard.go
+++ b/vendor/github.com/gogo/protobuf/proto/discard.go
@@ -35,8 +35,14 @@ import (
 	"fmt"
 	"reflect"
 	"strings"
+	"sync"
+	"sync/atomic"
 )
 
+type generatedDiscarder interface {
+	XXX_DiscardUnknown()
+}
+
 // DiscardUnknown recursively discards all unknown fields from this message
 // and all embedded messages.
 //
@@ -49,9 +55,202 @@ import (
 // For proto2 messages, the unknown fields of message extensions are only
 // discarded from messages that have been accessed via GetExtension.
 func DiscardUnknown(m Message) {
+	if m, ok := m.(generatedDiscarder); ok {
+		m.XXX_DiscardUnknown()
+		return
+	}
+	// TODO: Dynamically populate a InternalMessageInfo for legacy messages,
+	// but the master branch has no implementation for InternalMessageInfo,
+	// so it would be more work to replicate that approach.
 	discardLegacy(m)
 }
 
+// DiscardUnknown recursively discards all unknown fields.
+func (a *InternalMessageInfo) DiscardUnknown(m Message) {
+	di := atomicLoadDiscardInfo(&a.discard)
+	if di == nil {
+		di = getDiscardInfo(reflect.TypeOf(m).Elem())
+		atomicStoreDiscardInfo(&a.discard, di)
+	}
+	di.discard(toPointer(&m))
+}
+
+type discardInfo struct {
+	typ reflect.Type
+
+	initialized int32 // 0: only typ is valid, 1: everything is valid
+	lock        sync.Mutex
+
+	fields       []discardFieldInfo
+	unrecognized field
+}
+
+type discardFieldInfo struct {
+	field   field // Offset of field, guaranteed to be valid
+	discard func(src pointer)
+}
+
+var (
+	discardInfoMap  = map[reflect.Type]*discardInfo{}
+	discardInfoLock sync.Mutex
+)
+
+func getDiscardInfo(t reflect.Type) *discardInfo {
+	discardInfoLock.Lock()
+	defer discardInfoLock.Unlock()
+	di := discardInfoMap[t]
+	if di == nil {
+		di = &discardInfo{typ: t}
+		discardInfoMap[t] = di
+	}
+	return di
+}
+
+func (di *discardInfo) discard(src pointer) {
+	if src.isNil() {
+		return // Nothing to do.
+	}
+
+	if atomic.LoadInt32(&di.initialized) == 0 {
+		di.computeDiscardInfo()
+	}
+
+	for _, fi := range di.fields {
+		sfp := src.offset(fi.field)
+		fi.discard(sfp)
+	}
+
+	// For proto2 messages, only discard unknown fields in message extensions
+	// that have been accessed via GetExtension.
+	if em, err := extendable(src.asPointerTo(di.typ).Interface()); err == nil {
+		// Ignore lock since DiscardUnknown is not concurrency safe.
+		emm, _ := em.extensionsRead()
+		for _, mx := range emm {
+			if m, ok := mx.value.(Message); ok {
+				DiscardUnknown(m)
+			}
+		}
+	}
+
+	if di.unrecognized.IsValid() {
+		*src.offset(di.unrecognized).toBytes() = nil
+	}
+}
+
+func (di *discardInfo) computeDiscardInfo() {
+	di.lock.Lock()
+	defer di.lock.Unlock()
+	if di.initialized != 0 {
+		return
+	}
+	t := di.typ
+	n := t.NumField()
+
+	for i := 0; i < n; i++ {
+		f := t.Field(i)
+		if strings.HasPrefix(f.Name, "XXX_") {
+			continue
+		}
+
+		dfi := discardFieldInfo{field: toField(&f)}
+		tf := f.Type
+
+		// Unwrap tf to get its most basic type.
+		var isPointer, isSlice bool
+		if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 {
+			isSlice = true
+			tf = tf.Elem()
+		}
+		if tf.Kind() == reflect.Ptr {
+			isPointer = true
+			tf = tf.Elem()
+		}
+		if isPointer && isSlice && tf.Kind() != reflect.Struct {
+			panic(fmt.Sprintf("%v.%s cannot be a slice of pointers to primitive types", t, f.Name))
+		}
+
+		switch tf.Kind() {
+		case reflect.Struct:
+			switch {
+			case !isPointer:
+				panic(fmt.Sprintf("%v.%s cannot be a direct struct value", t, f.Name))
+			case isSlice: // E.g., []*pb.T
+				discardInfo := getDiscardInfo(tf)
+				dfi.discard = func(src pointer) {
+					sps := src.getPointerSlice()
+					for _, sp := range sps {
+						if !sp.isNil() {
+							discardInfo.discard(sp)
+						}
+					}
+				}
+			default: // E.g., *pb.T
+				discardInfo := getDiscardInfo(tf)
+				dfi.discard = func(src pointer) {
+					sp := src.getPointer()
+					if !sp.isNil() {
+						discardInfo.discard(sp)
+					}
+				}
+			}
+		case reflect.Map:
+			switch {
+			case isPointer || isSlice:
+				panic(fmt.Sprintf("%v.%s cannot be a pointer to a map or a slice of map values", t, f.Name))
+			default: // E.g., map[K]V
+				if tf.Elem().Kind() == reflect.Ptr { // Proto struct (e.g., *T)
+					dfi.discard = func(src pointer) {
+						sm := src.asPointerTo(tf).Elem()
+						if sm.Len() == 0 {
+							return
+						}
+						for _, key := range sm.MapKeys() {
+							val := sm.MapIndex(key)
+							DiscardUnknown(val.Interface().(Message))
+						}
+					}
+				} else {
+					dfi.discard = func(pointer) {} // Noop
+				}
+			}
+		case reflect.Interface:
+			// Must be oneof field.
+			switch {
+			case isPointer || isSlice:
+				panic(fmt.Sprintf("%v.%s cannot be a pointer to a interface or a slice of interface values", t, f.Name))
+			default: // E.g., interface{}
+				// TODO: Make this faster?
+				dfi.discard = func(src pointer) {
+					su := src.asPointerTo(tf).Elem()
+					if !su.IsNil() {
+						sv := su.Elem().Elem().Field(0)
+						if sv.Kind() == reflect.Ptr && sv.IsNil() {
+							return
+						}
+						switch sv.Type().Kind() {
+						case reflect.Ptr: // Proto struct (e.g., *T)
+							DiscardUnknown(sv.Interface().(Message))
+						}
+					}
+				}
+			}
+		default:
+			continue
+		}
+		di.fields = append(di.fields, dfi)
+	}
+
+	di.unrecognized = invalidField
+	if f, ok := t.FieldByName("XXX_unrecognized"); ok {
+		if f.Type != reflect.TypeOf([]byte{}) {
+			panic("expected XXX_unrecognized to be of type []byte")
+		}
+		di.unrecognized = toField(&f)
+	}
+
+	atomic.StoreInt32(&di.initialized, 1)
+}
+
 func discardLegacy(m Message) {
 	v := reflect.ValueOf(m)
 	if v.Kind() != reflect.Ptr || v.IsNil() {
@@ -139,7 +338,7 @@ func discardLegacy(m Message) {
 
 	// For proto2 messages, only discard unknown fields in message extensions
 	// that have been accessed via GetExtension.
-	if em, ok := extendable(m); ok {
+	if em, err := extendable(m); err == nil {
 		// Ignore lock since discardLegacy is not concurrency safe.
 		emm, _ := em.extensionsRead()
 		for _, mx := range emm {
diff --git a/vendor/github.com/gogo/protobuf/proto/duration_gogo.go b/vendor/github.com/gogo/protobuf/proto/duration_gogo.go
index 18e2a5f77654f..e748e1730e1cc 100644
--- a/vendor/github.com/gogo/protobuf/proto/duration_gogo.go
+++ b/vendor/github.com/gogo/protobuf/proto/duration_gogo.go
@@ -47,157 +47,3 @@ func (*duration) String() string { return "duration<string>" }
 func init() {
 	RegisterType((*duration)(nil), "gogo.protobuf.proto.duration")
 }
-
-func (o *Buffer) decDuration() (time.Duration, error) {
-	b, err := o.DecodeRawBytes(true)
-	if err != nil {
-		return 0, err
-	}
-	dproto := &duration{}
-	if err := Unmarshal(b, dproto); err != nil {
-		return 0, err
-	}
-	return durationFromProto(dproto)
-}
-
-func (o *Buffer) dec_duration(p *Properties, base structPointer) error {
-	d, err := o.decDuration()
-	if err != nil {
-		return err
-	}
-	word64_Set(structPointer_Word64(base, p.field), o, uint64(d))
-	return nil
-}
-
-func (o *Buffer) dec_ref_duration(p *Properties, base structPointer) error {
-	d, err := o.decDuration()
-	if err != nil {
-		return err
-	}
-	word64Val_Set(structPointer_Word64Val(base, p.field), o, uint64(d))
-	return nil
-}
-
-func (o *Buffer) dec_slice_duration(p *Properties, base structPointer) error {
-	d, err := o.decDuration()
-	if err != nil {
-		return err
-	}
-	newBas := appendStructPointer(base, p.field, reflect.SliceOf(reflect.PtrTo(durationType)))
-	var zero field
-	setPtrCustomType(newBas, zero, &d)
-	return nil
-}
-
-func (o *Buffer) dec_slice_ref_duration(p *Properties, base structPointer) error {
-	d, err := o.decDuration()
-	if err != nil {
-		return err
-	}
-	structPointer_Word64Slice(base, p.field).Append(uint64(d))
-	return nil
-}
-
-func size_duration(p *Properties, base structPointer) (n int) {
-	structp := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(structp) {
-		return 0
-	}
-	dur := structPointer_Interface(structp, durationType).(*time.Duration)
-	d := durationProto(*dur)
-	size := Size(d)
-	return size + sizeVarint(uint64(size)) + len(p.tagcode)
-}
-
-func (o *Buffer) enc_duration(p *Properties, base structPointer) error {
-	structp := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(structp) {
-		return ErrNil
-	}
-	dur := structPointer_Interface(structp, durationType).(*time.Duration)
-	d := durationProto(*dur)
-	data, err := Marshal(d)
-	if err != nil {
-		return err
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeRawBytes(data)
-	return nil
-}
-
-func size_ref_duration(p *Properties, base structPointer) (n int) {
-	dur := structPointer_InterfaceAt(base, p.field, durationType).(*time.Duration)
-	d := durationProto(*dur)
-	size := Size(d)
-	return size + sizeVarint(uint64(size)) + len(p.tagcode)
-}
-
-func (o *Buffer) enc_ref_duration(p *Properties, base structPointer) error {
-	dur := structPointer_InterfaceAt(base, p.field, durationType).(*time.Duration)
-	d := durationProto(*dur)
-	data, err := Marshal(d)
-	if err != nil {
-		return err
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeRawBytes(data)
-	return nil
-}
-
-func size_slice_duration(p *Properties, base structPointer) (n int) {
-	pdurs := structPointer_InterfaceAt(base, p.field, reflect.SliceOf(reflect.PtrTo(durationType))).(*[]*time.Duration)
-	durs := *pdurs
-	for i := 0; i < len(durs); i++ {
-		if durs[i] == nil {
-			return 0
-		}
-		dproto := durationProto(*durs[i])
-		size := Size(dproto)
-		n += len(p.tagcode) + size + sizeVarint(uint64(size))
-	}
-	return n
-}
-
-func (o *Buffer) enc_slice_duration(p *Properties, base structPointer) error {
-	pdurs := structPointer_InterfaceAt(base, p.field, reflect.SliceOf(reflect.PtrTo(durationType))).(*[]*time.Duration)
-	durs := *pdurs
-	for i := 0; i < len(durs); i++ {
-		if durs[i] == nil {
-			return errRepeatedHasNil
-		}
-		dproto := durationProto(*durs[i])
-		data, err := Marshal(dproto)
-		if err != nil {
-			return err
-		}
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeRawBytes(data)
-	}
-	return nil
-}
-
-func size_slice_ref_duration(p *Properties, base structPointer) (n int) {
-	pdurs := structPointer_InterfaceAt(base, p.field, reflect.SliceOf(durationType)).(*[]time.Duration)
-	durs := *pdurs
-	for i := 0; i < len(durs); i++ {
-		dproto := durationProto(durs[i])
-		size := Size(dproto)
-		n += len(p.tagcode) + size + sizeVarint(uint64(size))
-	}
-	return n
-}
-
-func (o *Buffer) enc_slice_ref_duration(p *Properties, base structPointer) error {
-	pdurs := structPointer_InterfaceAt(base, p.field, reflect.SliceOf(durationType)).(*[]time.Duration)
-	durs := *pdurs
-	for i := 0; i < len(durs); i++ {
-		dproto := durationProto(durs[i])
-		data, err := Marshal(dproto)
-		if err != nil {
-			return err
-		}
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeRawBytes(data)
-	}
-	return nil
-}
diff --git a/vendor/github.com/gogo/protobuf/proto/encode.go b/vendor/github.com/gogo/protobuf/proto/encode.go
index 8b84d1b22d4c0..9581ccd3042fc 100644
--- a/vendor/github.com/gogo/protobuf/proto/encode.go
+++ b/vendor/github.com/gogo/protobuf/proto/encode.go
@@ -37,28 +37,9 @@ package proto
 
 import (
 	"errors"
-	"fmt"
 	"reflect"
-	"sort"
 )
 
-// RequiredNotSetError is the error returned if Marshal is called with
-// a protocol buffer struct whose required fields have not
-// all been initialized. It is also the error returned if Unmarshal is
-// called with an encoded protocol buffer that does not include all the
-// required fields.
-//
-// When printed, RequiredNotSetError reports the first unset required field in a
-// message. If the field cannot be precisely determined, it is reported as
-// "{Unknown}".
-type RequiredNotSetError struct {
-	field string
-}
-
-func (e *RequiredNotSetError) Error() string {
-	return fmt.Sprintf("proto: required field %q not set", e.field)
-}
-
 var (
 	// errRepeatedHasNil is the error returned if Marshal is called with
 	// a struct with a repeated field containing a nil element.
@@ -82,10 +63,6 @@ var (
 
 const maxVarintBytes = 10 // maximum length of a varint
 
-// maxMarshalSize is the largest allowed size of an encoded protobuf,
-// since C++ and Java use signed int32s for the size.
-const maxMarshalSize = 1<<31 - 1
-
 // EncodeVarint returns the varint encoding of x.
 // This is the format for the
 // int32, int64, uint32, uint64, bool, and enum
@@ -119,18 +96,27 @@ func (p *Buffer) EncodeVarint(x uint64) error {
 
 // SizeVarint returns the varint encoding size of an integer.
 func SizeVarint(x uint64) int {
-	return sizeVarint(x)
-}
-
-func sizeVarint(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	switch {
+	case x < 1<<7:
+		return 1
+	case x < 1<<14:
+		return 2
+	case x < 1<<21:
+		return 3
+	case x < 1<<28:
+		return 4
+	case x < 1<<35:
+		return 5
+	case x < 1<<42:
+		return 6
+	case x < 1<<49:
+		return 7
+	case x < 1<<56:
+		return 8
+	case x < 1<<63:
+		return 9
+	}
+	return 10
 }
 
 // EncodeFixed64 writes a 64-bit integer to the Buffer.
@@ -149,10 +135,6 @@ func (p *Buffer) EncodeFixed64(x uint64) error {
 	return nil
 }
 
-func sizeFixed64(x uint64) int {
-	return 8
-}
-
 // EncodeFixed32 writes a 32-bit integer to the Buffer.
 // This is the format for the
 // fixed32, sfixed32, and float protocol buffer types.
@@ -165,20 +147,12 @@ func (p *Buffer) EncodeFixed32(x uint64) error {
 	return nil
 }
 
-func sizeFixed32(x uint64) int {
-	return 4
-}
-
 // EncodeZigzag64 writes a zigzag-encoded 64-bit integer
 // to the Buffer.
 // This is the format used for the sint64 protocol buffer type.
 func (p *Buffer) EncodeZigzag64(x uint64) error {
 	// use signed number to get arithmetic right shift.
-	return p.EncodeVarint((x << 1) ^ uint64((int64(x) >> 63)))
-}
-
-func sizeZigzag64(x uint64) int {
-	return sizeVarint((x << 1) ^ uint64((int64(x) >> 63)))
+	return p.EncodeVarint(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
 
 // EncodeZigzag32 writes a zigzag-encoded 32-bit integer
@@ -189,10 +163,6 @@ func (p *Buffer) EncodeZigzag32(x uint64) error {
 	return p.EncodeVarint(uint64((uint32(x) << 1) ^ uint32((int32(x) >> 31))))
 }
 
-func sizeZigzag32(x uint64) int {
-	return sizeVarint(uint64((uint32(x) << 1) ^ uint32((int32(x) >> 31))))
-}
-
 // EncodeRawBytes writes a count-delimited byte buffer to the Buffer.
 // This is the format used for the bytes protocol buffer
 // type and for embedded messages.
@@ -202,11 +172,6 @@ func (p *Buffer) EncodeRawBytes(b []byte) error {
 	return nil
 }
 
-func sizeRawBytes(b []byte) int {
-	return sizeVarint(uint64(len(b))) +
-		len(b)
-}
-
 // EncodeStringBytes writes an encoded string to the Buffer.
 // This is the format used for the proto2 string type.
 func (p *Buffer) EncodeStringBytes(s string) error {
@@ -215,319 +180,19 @@ func (p *Buffer) EncodeStringBytes(s string) error {
 	return nil
 }
 
-func sizeStringBytes(s string) int {
-	return sizeVarint(uint64(len(s))) +
-		len(s)
-}
-
 // Marshaler is the interface representing objects that can marshal themselves.
 type Marshaler interface {
 	Marshal() ([]byte, error)
 }
 
-// Marshal takes the protocol buffer
-// and encodes it into the wire format, returning the data.
-func Marshal(pb Message) ([]byte, error) {
-	// Can the object marshal itself?
-	if m, ok := pb.(Marshaler); ok {
-		return m.Marshal()
-	}
-	p := NewBuffer(nil)
-	err := p.Marshal(pb)
-	if p.buf == nil && err == nil {
-		// Return a non-nil slice on success.
-		return []byte{}, nil
-	}
-	return p.buf, err
-}
-
 // EncodeMessage writes the protocol buffer to the Buffer,
 // prefixed by a varint-encoded length.
 func (p *Buffer) EncodeMessage(pb Message) error {
-	t, base, err := getbase(pb)
-	if structPointer_IsNil(base) {
-		return ErrNil
-	}
-	if err == nil {
-		var state errorState
-		err = p.enc_len_struct(GetProperties(t.Elem()), base, &state)
-	}
-	return err
-}
-
-// Marshal takes the protocol buffer
-// and encodes it into the wire format, writing the result to the
-// Buffer.
-func (p *Buffer) Marshal(pb Message) error {
-	// Can the object marshal itself?
-	if m, ok := pb.(Marshaler); ok {
-		data, err := m.Marshal()
-		p.buf = append(p.buf, data...)
-		return err
-	}
-
-	t, base, err := getbase(pb)
-	if structPointer_IsNil(base) {
-		return ErrNil
-	}
-	if err == nil {
-		err = p.enc_struct(GetProperties(t.Elem()), base)
-	}
-
-	if collectStats {
-		(stats).Encode++ // Parens are to work around a goimports bug.
-	}
-
-	if len(p.buf) > maxMarshalSize {
-		return ErrTooLarge
-	}
-	return err
-}
-
-// Size returns the encoded size of a protocol buffer.
-func Size(pb Message) (n int) {
-	// Can the object marshal itself?  If so, Size is slow.
-	// TODO: add Size to Marshaler, or add a Sizer interface.
-	if m, ok := pb.(Marshaler); ok {
-		b, _ := m.Marshal()
-		return len(b)
-	}
-
-	t, base, err := getbase(pb)
-	if structPointer_IsNil(base) {
-		return 0
-	}
-	if err == nil {
-		n = size_struct(GetProperties(t.Elem()), base)
-	}
-
-	if collectStats {
-		(stats).Size++ // Parens are to work around a goimports bug.
-	}
-
-	return
-}
-
-// Individual type encoders.
-
-// Encode a bool.
-func (o *Buffer) enc_bool(p *Properties, base structPointer) error {
-	v := *structPointer_Bool(base, p.field)
-	if v == nil {
-		return ErrNil
-	}
-	x := 0
-	if *v {
-		x = 1
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, uint64(x))
-	return nil
-}
-
-func (o *Buffer) enc_proto3_bool(p *Properties, base structPointer) error {
-	v := *structPointer_BoolVal(base, p.field)
-	if !v {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, 1)
-	return nil
-}
-
-func size_bool(p *Properties, base structPointer) int {
-	v := *structPointer_Bool(base, p.field)
-	if v == nil {
-		return 0
-	}
-	return len(p.tagcode) + 1 // each bool takes exactly one byte
-}
-
-func size_proto3_bool(p *Properties, base structPointer) int {
-	v := *structPointer_BoolVal(base, p.field)
-	if !v && !p.oneof {
-		return 0
-	}
-	return len(p.tagcode) + 1 // each bool takes exactly one byte
-}
-
-// Encode an int32.
-func (o *Buffer) enc_int32(p *Properties, base structPointer) error {
-	v := structPointer_Word32(base, p.field)
-	if word32_IsNil(v) {
-		return ErrNil
-	}
-	x := int32(word32_Get(v)) // permit sign extension to use full 64-bit range
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, uint64(x))
-	return nil
-}
-
-func (o *Buffer) enc_proto3_int32(p *Properties, base structPointer) error {
-	v := structPointer_Word32Val(base, p.field)
-	x := int32(word32Val_Get(v)) // permit sign extension to use full 64-bit range
-	if x == 0 {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, uint64(x))
-	return nil
-}
-
-func size_int32(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word32(base, p.field)
-	if word32_IsNil(v) {
-		return 0
-	}
-	x := int32(word32_Get(v)) // permit sign extension to use full 64-bit range
-	n += len(p.tagcode)
-	n += p.valSize(uint64(x))
-	return
-}
-
-func size_proto3_int32(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word32Val(base, p.field)
-	x := int32(word32Val_Get(v)) // permit sign extension to use full 64-bit range
-	if x == 0 && !p.oneof {
-		return 0
-	}
-	n += len(p.tagcode)
-	n += p.valSize(uint64(x))
-	return
-}
-
-// Encode a uint32.
-// Exactly the same as int32, except for no sign extension.
-func (o *Buffer) enc_uint32(p *Properties, base structPointer) error {
-	v := structPointer_Word32(base, p.field)
-	if word32_IsNil(v) {
-		return ErrNil
-	}
-	x := word32_Get(v)
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, uint64(x))
-	return nil
-}
-
-func (o *Buffer) enc_proto3_uint32(p *Properties, base structPointer) error {
-	v := structPointer_Word32Val(base, p.field)
-	x := word32Val_Get(v)
-	if x == 0 {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, uint64(x))
-	return nil
-}
-
-func size_uint32(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word32(base, p.field)
-	if word32_IsNil(v) {
-		return 0
-	}
-	x := word32_Get(v)
-	n += len(p.tagcode)
-	n += p.valSize(uint64(x))
-	return
-}
-
-func size_proto3_uint32(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word32Val(base, p.field)
-	x := word32Val_Get(v)
-	if x == 0 && !p.oneof {
-		return 0
-	}
-	n += len(p.tagcode)
-	n += p.valSize(uint64(x))
-	return
-}
-
-// Encode an int64.
-func (o *Buffer) enc_int64(p *Properties, base structPointer) error {
-	v := structPointer_Word64(base, p.field)
-	if word64_IsNil(v) {
-		return ErrNil
-	}
-	x := word64_Get(v)
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, x)
-	return nil
-}
-
-func (o *Buffer) enc_proto3_int64(p *Properties, base structPointer) error {
-	v := structPointer_Word64Val(base, p.field)
-	x := word64Val_Get(v)
-	if x == 0 {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, x)
-	return nil
-}
-
-func size_int64(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word64(base, p.field)
-	if word64_IsNil(v) {
-		return 0
-	}
-	x := word64_Get(v)
-	n += len(p.tagcode)
-	n += p.valSize(x)
-	return
-}
-
-func size_proto3_int64(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word64Val(base, p.field)
-	x := word64Val_Get(v)
-	if x == 0 && !p.oneof {
-		return 0
-	}
-	n += len(p.tagcode)
-	n += p.valSize(x)
-	return
-}
-
-// Encode a string.
-func (o *Buffer) enc_string(p *Properties, base structPointer) error {
-	v := *structPointer_String(base, p.field)
-	if v == nil {
-		return ErrNil
-	}
-	x := *v
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeStringBytes(x)
-	return nil
-}
-
-func (o *Buffer) enc_proto3_string(p *Properties, base structPointer) error {
-	v := *structPointer_StringVal(base, p.field)
-	if v == "" {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeStringBytes(v)
-	return nil
-}
-
-func size_string(p *Properties, base structPointer) (n int) {
-	v := *structPointer_String(base, p.field)
-	if v == nil {
-		return 0
-	}
-	x := *v
-	n += len(p.tagcode)
-	n += sizeStringBytes(x)
-	return
-}
-
-func size_proto3_string(p *Properties, base structPointer) (n int) {
-	v := *structPointer_StringVal(base, p.field)
-	if v == "" && !p.oneof {
-		return 0
-	}
-	n += len(p.tagcode)
-	n += sizeStringBytes(v)
-	return
+	siz := Size(pb)
+	sizVar := SizeVarint(uint64(siz))
+	p.grow(siz + sizVar)
+	p.EncodeVarint(uint64(siz))
+	return p.Marshal(pb)
 }
 
 // All protocol buffer fields are nillable, but be careful.
@@ -538,825 +203,3 @@ func isNil(v reflect.Value) bool {
 	}
 	return false
 }
-
-// Encode a message struct.
-func (o *Buffer) enc_struct_message(p *Properties, base structPointer) error {
-	var state errorState
-	structp := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(structp) {
-		return ErrNil
-	}
-
-	// Can the object marshal itself?
-	if p.isMarshaler {
-		m := structPointer_Interface(structp, p.stype).(Marshaler)
-		data, err := m.Marshal()
-		if err != nil && !state.shouldContinue(err, nil) {
-			return err
-		}
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeRawBytes(data)
-		return state.err
-	}
-
-	o.buf = append(o.buf, p.tagcode...)
-	return o.enc_len_struct(p.sprop, structp, &state)
-}
-
-func size_struct_message(p *Properties, base structPointer) int {
-	structp := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(structp) {
-		return 0
-	}
-
-	// Can the object marshal itself?
-	if p.isMarshaler {
-		m := structPointer_Interface(structp, p.stype).(Marshaler)
-		data, _ := m.Marshal()
-		n0 := len(p.tagcode)
-		n1 := sizeRawBytes(data)
-		return n0 + n1
-	}
-
-	n0 := len(p.tagcode)
-	n1 := size_struct(p.sprop, structp)
-	n2 := sizeVarint(uint64(n1)) // size of encoded length
-	return n0 + n1 + n2
-}
-
-// Encode a group struct.
-func (o *Buffer) enc_struct_group(p *Properties, base structPointer) error {
-	var state errorState
-	b := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(b) {
-		return ErrNil
-	}
-
-	o.EncodeVarint(uint64((p.Tag << 3) | WireStartGroup))
-	err := o.enc_struct(p.sprop, b)
-	if err != nil && !state.shouldContinue(err, nil) {
-		return err
-	}
-	o.EncodeVarint(uint64((p.Tag << 3) | WireEndGroup))
-	return state.err
-}
-
-func size_struct_group(p *Properties, base structPointer) (n int) {
-	b := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(b) {
-		return 0
-	}
-
-	n += sizeVarint(uint64((p.Tag << 3) | WireStartGroup))
-	n += size_struct(p.sprop, b)
-	n += sizeVarint(uint64((p.Tag << 3) | WireEndGroup))
-	return
-}
-
-// Encode a slice of bools ([]bool).
-func (o *Buffer) enc_slice_bool(p *Properties, base structPointer) error {
-	s := *structPointer_BoolSlice(base, p.field)
-	l := len(s)
-	if l == 0 {
-		return ErrNil
-	}
-	for _, x := range s {
-		o.buf = append(o.buf, p.tagcode...)
-		v := uint64(0)
-		if x {
-			v = 1
-		}
-		p.valEnc(o, v)
-	}
-	return nil
-}
-
-func size_slice_bool(p *Properties, base structPointer) int {
-	s := *structPointer_BoolSlice(base, p.field)
-	l := len(s)
-	if l == 0 {
-		return 0
-	}
-	return l * (len(p.tagcode) + 1) // each bool takes exactly one byte
-}
-
-// Encode a slice of bools ([]bool) in packed format.
-func (o *Buffer) enc_slice_packed_bool(p *Properties, base structPointer) error {
-	s := *structPointer_BoolSlice(base, p.field)
-	l := len(s)
-	if l == 0 {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeVarint(uint64(l)) // each bool takes exactly one byte
-	for _, x := range s {
-		v := uint64(0)
-		if x {
-			v = 1
-		}
-		p.valEnc(o, v)
-	}
-	return nil
-}
-
-func size_slice_packed_bool(p *Properties, base structPointer) (n int) {
-	s := *structPointer_BoolSlice(base, p.field)
-	l := len(s)
-	if l == 0 {
-		return 0
-	}
-	n += len(p.tagcode)
-	n += sizeVarint(uint64(l))
-	n += l // each bool takes exactly one byte
-	return
-}
-
-// Encode a slice of bytes ([]byte).
-func (o *Buffer) enc_slice_byte(p *Properties, base structPointer) error {
-	s := *structPointer_Bytes(base, p.field)
-	if s == nil {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeRawBytes(s)
-	return nil
-}
-
-func (o *Buffer) enc_proto3_slice_byte(p *Properties, base structPointer) error {
-	s := *structPointer_Bytes(base, p.field)
-	if len(s) == 0 {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeRawBytes(s)
-	return nil
-}
-
-func size_slice_byte(p *Properties, base structPointer) (n int) {
-	s := *structPointer_Bytes(base, p.field)
-	if s == nil && !p.oneof {
-		return 0
-	}
-	n += len(p.tagcode)
-	n += sizeRawBytes(s)
-	return
-}
-
-func size_proto3_slice_byte(p *Properties, base structPointer) (n int) {
-	s := *structPointer_Bytes(base, p.field)
-	if len(s) == 0 && !p.oneof {
-		return 0
-	}
-	n += len(p.tagcode)
-	n += sizeRawBytes(s)
-	return
-}
-
-// Encode a slice of int32s ([]int32).
-func (o *Buffer) enc_slice_int32(p *Properties, base structPointer) error {
-	s := structPointer_Word32Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return ErrNil
-	}
-	for i := 0; i < l; i++ {
-		o.buf = append(o.buf, p.tagcode...)
-		x := int32(s.Index(i)) // permit sign extension to use full 64-bit range
-		p.valEnc(o, uint64(x))
-	}
-	return nil
-}
-
-func size_slice_int32(p *Properties, base structPointer) (n int) {
-	s := structPointer_Word32Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return 0
-	}
-	for i := 0; i < l; i++ {
-		n += len(p.tagcode)
-		x := int32(s.Index(i)) // permit sign extension to use full 64-bit range
-		n += p.valSize(uint64(x))
-	}
-	return
-}
-
-// Encode a slice of int32s ([]int32) in packed format.
-func (o *Buffer) enc_slice_packed_int32(p *Properties, base structPointer) error {
-	s := structPointer_Word32Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return ErrNil
-	}
-	// TODO: Reuse a Buffer.
-	buf := NewBuffer(nil)
-	for i := 0; i < l; i++ {
-		x := int32(s.Index(i)) // permit sign extension to use full 64-bit range
-		p.valEnc(buf, uint64(x))
-	}
-
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeVarint(uint64(len(buf.buf)))
-	o.buf = append(o.buf, buf.buf...)
-	return nil
-}
-
-func size_slice_packed_int32(p *Properties, base structPointer) (n int) {
-	s := structPointer_Word32Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return 0
-	}
-	var bufSize int
-	for i := 0; i < l; i++ {
-		x := int32(s.Index(i)) // permit sign extension to use full 64-bit range
-		bufSize += p.valSize(uint64(x))
-	}
-
-	n += len(p.tagcode)
-	n += sizeVarint(uint64(bufSize))
-	n += bufSize
-	return
-}
-
-// Encode a slice of uint32s ([]uint32).
-// Exactly the same as int32, except for no sign extension.
-func (o *Buffer) enc_slice_uint32(p *Properties, base structPointer) error {
-	s := structPointer_Word32Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return ErrNil
-	}
-	for i := 0; i < l; i++ {
-		o.buf = append(o.buf, p.tagcode...)
-		x := s.Index(i)
-		p.valEnc(o, uint64(x))
-	}
-	return nil
-}
-
-func size_slice_uint32(p *Properties, base structPointer) (n int) {
-	s := structPointer_Word32Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return 0
-	}
-	for i := 0; i < l; i++ {
-		n += len(p.tagcode)
-		x := s.Index(i)
-		n += p.valSize(uint64(x))
-	}
-	return
-}
-
-// Encode a slice of uint32s ([]uint32) in packed format.
-// Exactly the same as int32, except for no sign extension.
-func (o *Buffer) enc_slice_packed_uint32(p *Properties, base structPointer) error {
-	s := structPointer_Word32Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return ErrNil
-	}
-	// TODO: Reuse a Buffer.
-	buf := NewBuffer(nil)
-	for i := 0; i < l; i++ {
-		p.valEnc(buf, uint64(s.Index(i)))
-	}
-
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeVarint(uint64(len(buf.buf)))
-	o.buf = append(o.buf, buf.buf...)
-	return nil
-}
-
-func size_slice_packed_uint32(p *Properties, base structPointer) (n int) {
-	s := structPointer_Word32Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return 0
-	}
-	var bufSize int
-	for i := 0; i < l; i++ {
-		bufSize += p.valSize(uint64(s.Index(i)))
-	}
-
-	n += len(p.tagcode)
-	n += sizeVarint(uint64(bufSize))
-	n += bufSize
-	return
-}
-
-// Encode a slice of int64s ([]int64).
-func (o *Buffer) enc_slice_int64(p *Properties, base structPointer) error {
-	s := structPointer_Word64Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return ErrNil
-	}
-	for i := 0; i < l; i++ {
-		o.buf = append(o.buf, p.tagcode...)
-		p.valEnc(o, s.Index(i))
-	}
-	return nil
-}
-
-func size_slice_int64(p *Properties, base structPointer) (n int) {
-	s := structPointer_Word64Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return 0
-	}
-	for i := 0; i < l; i++ {
-		n += len(p.tagcode)
-		n += p.valSize(s.Index(i))
-	}
-	return
-}
-
-// Encode a slice of int64s ([]int64) in packed format.
-func (o *Buffer) enc_slice_packed_int64(p *Properties, base structPointer) error {
-	s := structPointer_Word64Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return ErrNil
-	}
-	// TODO: Reuse a Buffer.
-	buf := NewBuffer(nil)
-	for i := 0; i < l; i++ {
-		p.valEnc(buf, s.Index(i))
-	}
-
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeVarint(uint64(len(buf.buf)))
-	o.buf = append(o.buf, buf.buf...)
-	return nil
-}
-
-func size_slice_packed_int64(p *Properties, base structPointer) (n int) {
-	s := structPointer_Word64Slice(base, p.field)
-	l := s.Len()
-	if l == 0 {
-		return 0
-	}
-	var bufSize int
-	for i := 0; i < l; i++ {
-		bufSize += p.valSize(s.Index(i))
-	}
-
-	n += len(p.tagcode)
-	n += sizeVarint(uint64(bufSize))
-	n += bufSize
-	return
-}
-
-// Encode a slice of slice of bytes ([][]byte).
-func (o *Buffer) enc_slice_slice_byte(p *Properties, base structPointer) error {
-	ss := *structPointer_BytesSlice(base, p.field)
-	l := len(ss)
-	if l == 0 {
-		return ErrNil
-	}
-	for i := 0; i < l; i++ {
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeRawBytes(ss[i])
-	}
-	return nil
-}
-
-func size_slice_slice_byte(p *Properties, base structPointer) (n int) {
-	ss := *structPointer_BytesSlice(base, p.field)
-	l := len(ss)
-	if l == 0 {
-		return 0
-	}
-	n += l * len(p.tagcode)
-	for i := 0; i < l; i++ {
-		n += sizeRawBytes(ss[i])
-	}
-	return
-}
-
-// Encode a slice of strings ([]string).
-func (o *Buffer) enc_slice_string(p *Properties, base structPointer) error {
-	ss := *structPointer_StringSlice(base, p.field)
-	l := len(ss)
-	for i := 0; i < l; i++ {
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeStringBytes(ss[i])
-	}
-	return nil
-}
-
-func size_slice_string(p *Properties, base structPointer) (n int) {
-	ss := *structPointer_StringSlice(base, p.field)
-	l := len(ss)
-	n += l * len(p.tagcode)
-	for i := 0; i < l; i++ {
-		n += sizeStringBytes(ss[i])
-	}
-	return
-}
-
-// Encode a slice of message structs ([]*struct).
-func (o *Buffer) enc_slice_struct_message(p *Properties, base structPointer) error {
-	var state errorState
-	s := structPointer_StructPointerSlice(base, p.field)
-	l := s.Len()
-
-	for i := 0; i < l; i++ {
-		structp := s.Index(i)
-		if structPointer_IsNil(structp) {
-			return errRepeatedHasNil
-		}
-
-		// Can the object marshal itself?
-		if p.isMarshaler {
-			m := structPointer_Interface(structp, p.stype).(Marshaler)
-			data, err := m.Marshal()
-			if err != nil && !state.shouldContinue(err, nil) {
-				return err
-			}
-			o.buf = append(o.buf, p.tagcode...)
-			o.EncodeRawBytes(data)
-			continue
-		}
-
-		o.buf = append(o.buf, p.tagcode...)
-		err := o.enc_len_struct(p.sprop, structp, &state)
-		if err != nil && !state.shouldContinue(err, nil) {
-			if err == ErrNil {
-				return errRepeatedHasNil
-			}
-			return err
-		}
-	}
-	return state.err
-}
-
-func size_slice_struct_message(p *Properties, base structPointer) (n int) {
-	s := structPointer_StructPointerSlice(base, p.field)
-	l := s.Len()
-	n += l * len(p.tagcode)
-	for i := 0; i < l; i++ {
-		structp := s.Index(i)
-		if structPointer_IsNil(structp) {
-			return // return the size up to this point
-		}
-
-		// Can the object marshal itself?
-		if p.isMarshaler {
-			m := structPointer_Interface(structp, p.stype).(Marshaler)
-			data, _ := m.Marshal()
-			n += sizeRawBytes(data)
-			continue
-		}
-
-		n0 := size_struct(p.sprop, structp)
-		n1 := sizeVarint(uint64(n0)) // size of encoded length
-		n += n0 + n1
-	}
-	return
-}
-
-// Encode a slice of group structs ([]*struct).
-func (o *Buffer) enc_slice_struct_group(p *Properties, base structPointer) error {
-	var state errorState
-	s := structPointer_StructPointerSlice(base, p.field)
-	l := s.Len()
-
-	for i := 0; i < l; i++ {
-		b := s.Index(i)
-		if structPointer_IsNil(b) {
-			return errRepeatedHasNil
-		}
-
-		o.EncodeVarint(uint64((p.Tag << 3) | WireStartGroup))
-
-		err := o.enc_struct(p.sprop, b)
-
-		if err != nil && !state.shouldContinue(err, nil) {
-			if err == ErrNil {
-				return errRepeatedHasNil
-			}
-			return err
-		}
-
-		o.EncodeVarint(uint64((p.Tag << 3) | WireEndGroup))
-	}
-	return state.err
-}
-
-func size_slice_struct_group(p *Properties, base structPointer) (n int) {
-	s := structPointer_StructPointerSlice(base, p.field)
-	l := s.Len()
-
-	n += l * sizeVarint(uint64((p.Tag<<3)|WireStartGroup))
-	n += l * sizeVarint(uint64((p.Tag<<3)|WireEndGroup))
-	for i := 0; i < l; i++ {
-		b := s.Index(i)
-		if structPointer_IsNil(b) {
-			return // return size up to this point
-		}
-
-		n += size_struct(p.sprop, b)
-	}
-	return
-}
-
-// Encode an extension map.
-func (o *Buffer) enc_map(p *Properties, base structPointer) error {
-	exts := structPointer_ExtMap(base, p.field)
-	if err := encodeExtensionsMap(*exts); err != nil {
-		return err
-	}
-
-	return o.enc_map_body(*exts)
-}
-
-func (o *Buffer) enc_exts(p *Properties, base structPointer) error {
-	exts := structPointer_Extensions(base, p.field)
-
-	v, mu := exts.extensionsRead()
-	if v == nil {
-		return nil
-	}
-
-	mu.Lock()
-	defer mu.Unlock()
-	if err := encodeExtensionsMap(v); err != nil {
-		return err
-	}
-
-	return o.enc_map_body(v)
-}
-
-func (o *Buffer) enc_map_body(v map[int32]Extension) error {
-	// Fast-path for common cases: zero or one extensions.
-	if len(v) <= 1 {
-		for _, e := range v {
-			o.buf = append(o.buf, e.enc...)
-		}
-		return nil
-	}
-
-	// Sort keys to provide a deterministic encoding.
-	keys := make([]int, 0, len(v))
-	for k := range v {
-		keys = append(keys, int(k))
-	}
-	sort.Ints(keys)
-
-	for _, k := range keys {
-		o.buf = append(o.buf, v[int32(k)].enc...)
-	}
-	return nil
-}
-
-func size_map(p *Properties, base structPointer) int {
-	v := structPointer_ExtMap(base, p.field)
-	return extensionsMapSize(*v)
-}
-
-func size_exts(p *Properties, base structPointer) int {
-	v := structPointer_Extensions(base, p.field)
-	return extensionsSize(v)
-}
-
-// Encode a map field.
-func (o *Buffer) enc_new_map(p *Properties, base structPointer) error {
-	var state errorState // XXX: or do we need to plumb this through?
-
-	/*
-		A map defined as
-			map<key_type, value_type> map_field = N;
-		is encoded in the same way as
-			message MapFieldEntry {
-				key_type key = 1;
-				value_type value = 2;
-			}
-			repeated MapFieldEntry map_field = N;
-	*/
-
-	v := structPointer_NewAt(base, p.field, p.mtype).Elem() // map[K]V
-	if v.Len() == 0 {
-		return nil
-	}
-
-	keycopy, valcopy, keybase, valbase := mapEncodeScratch(p.mtype)
-
-	enc := func() error {
-		if err := p.mkeyprop.enc(o, p.mkeyprop, keybase); err != nil {
-			return err
-		}
-		if err := p.mvalprop.enc(o, p.mvalprop, valbase); err != nil && err != ErrNil {
-			return err
-		}
-		return nil
-	}
-
-	// Don't sort map keys. It is not required by the spec, and C++ doesn't do it.
-	for _, key := range v.MapKeys() {
-		val := v.MapIndex(key)
-
-		keycopy.Set(key)
-		valcopy.Set(val)
-
-		o.buf = append(o.buf, p.tagcode...)
-		if err := o.enc_len_thing(enc, &state); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func size_new_map(p *Properties, base structPointer) int {
-	v := structPointer_NewAt(base, p.field, p.mtype).Elem() // map[K]V
-
-	keycopy, valcopy, keybase, valbase := mapEncodeScratch(p.mtype)
-
-	n := 0
-	for _, key := range v.MapKeys() {
-		val := v.MapIndex(key)
-		keycopy.Set(key)
-		valcopy.Set(val)
-
-		// Tag codes for key and val are the responsibility of the sub-sizer.
-		keysize := p.mkeyprop.size(p.mkeyprop, keybase)
-		valsize := p.mvalprop.size(p.mvalprop, valbase)
-		entry := keysize + valsize
-		// Add on tag code and length of map entry itself.
-		n += len(p.tagcode) + sizeVarint(uint64(entry)) + entry
-	}
-	return n
-}
-
-// mapEncodeScratch returns a new reflect.Value matching the map's value type,
-// and a structPointer suitable for passing to an encoder or sizer.
-func mapEncodeScratch(mapType reflect.Type) (keycopy, valcopy reflect.Value, keybase, valbase structPointer) {
-	// Prepare addressable doubly-indirect placeholders for the key and value types.
-	// This is needed because the element-type encoders expect **T, but the map iteration produces T.
-
-	keycopy = reflect.New(mapType.Key()).Elem()                 // addressable K
-	keyptr := reflect.New(reflect.PtrTo(keycopy.Type())).Elem() // addressable *K
-	keyptr.Set(keycopy.Addr())                                  //
-	keybase = toStructPointer(keyptr.Addr())                    // **K
-
-	// Value types are more varied and require special handling.
-	switch mapType.Elem().Kind() {
-	case reflect.Slice:
-		// []byte
-		var dummy []byte
-		valcopy = reflect.ValueOf(&dummy).Elem() // addressable []byte
-		valbase = toStructPointer(valcopy.Addr())
-	case reflect.Ptr:
-		// message; the generated field type is map[K]*Msg (so V is *Msg),
-		// so we only need one level of indirection.
-		valcopy = reflect.New(mapType.Elem()).Elem() // addressable V
-		valbase = toStructPointer(valcopy.Addr())
-	default:
-		// everything else
-		valcopy = reflect.New(mapType.Elem()).Elem()                // addressable V
-		valptr := reflect.New(reflect.PtrTo(valcopy.Type())).Elem() // addressable *V
-		valptr.Set(valcopy.Addr())                                  //
-		valbase = toStructPointer(valptr.Addr())                    // **V
-	}
-	return
-}
-
-// Encode a struct.
-func (o *Buffer) enc_struct(prop *StructProperties, base structPointer) error {
-	var state errorState
-	// Encode fields in tag order so that decoders may use optimizations
-	// that depend on the ordering.
-	// https://developers.google.com/protocol-buffers/docs/encoding#order
-	for _, i := range prop.order {
-		p := prop.Prop[i]
-		if p.enc != nil {
-			err := p.enc(o, p, base)
-			if err != nil {
-				if err == ErrNil {
-					if p.Required && state.err == nil {
-						state.err = &RequiredNotSetError{p.Name}
-					}
-				} else if err == errRepeatedHasNil {
-					// Give more context to nil values in repeated fields.
-					return errors.New("repeated field " + p.OrigName + " has nil element")
-				} else if !state.shouldContinue(err, p) {
-					return err
-				}
-			}
-			if len(o.buf) > maxMarshalSize {
-				return ErrTooLarge
-			}
-		}
-	}
-
-	// Do oneof fields.
-	if prop.oneofMarshaler != nil {
-		m := structPointer_Interface(base, prop.stype).(Message)
-		if err := prop.oneofMarshaler(m, o); err == ErrNil {
-			return errOneofHasNil
-		} else if err != nil {
-			return err
-		}
-	}
-
-	// Add unrecognized fields at the end.
-	if prop.unrecField.IsValid() {
-		v := *structPointer_Bytes(base, prop.unrecField)
-		if len(o.buf)+len(v) > maxMarshalSize {
-			return ErrTooLarge
-		}
-		if len(v) > 0 {
-			o.buf = append(o.buf, v...)
-		}
-	}
-
-	return state.err
-}
-
-func size_struct(prop *StructProperties, base structPointer) (n int) {
-	for _, i := range prop.order {
-		p := prop.Prop[i]
-		if p.size != nil {
-			n += p.size(p, base)
-		}
-	}
-
-	// Add unrecognized fields at the end.
-	if prop.unrecField.IsValid() {
-		v := *structPointer_Bytes(base, prop.unrecField)
-		n += len(v)
-	}
-
-	// Factor in any oneof fields.
-	if prop.oneofSizer != nil {
-		m := structPointer_Interface(base, prop.stype).(Message)
-		n += prop.oneofSizer(m)
-	}
-
-	return
-}
-
-var zeroes [20]byte // longer than any conceivable sizeVarint
-
-// Encode a struct, preceded by its encoded length (as a varint).
-func (o *Buffer) enc_len_struct(prop *StructProperties, base structPointer, state *errorState) error {
-	return o.enc_len_thing(func() error { return o.enc_struct(prop, base) }, state)
-}
-
-// Encode something, preceded by its encoded length (as a varint).
-func (o *Buffer) enc_len_thing(enc func() error, state *errorState) error {
-	iLen := len(o.buf)
-	o.buf = append(o.buf, 0, 0, 0, 0) // reserve four bytes for length
-	iMsg := len(o.buf)
-	err := enc()
-	if err != nil && !state.shouldContinue(err, nil) {
-		return err
-	}
-	lMsg := len(o.buf) - iMsg
-	lLen := sizeVarint(uint64(lMsg))
-	switch x := lLen - (iMsg - iLen); {
-	case x > 0: // actual length is x bytes larger than the space we reserved
-		// Move msg x bytes right.
-		o.buf = append(o.buf, zeroes[:x]...)
-		copy(o.buf[iMsg+x:], o.buf[iMsg:iMsg+lMsg])
-	case x < 0: // actual length is x bytes smaller than the space we reserved
-		// Move msg x bytes left.
-		copy(o.buf[iMsg+x:], o.buf[iMsg:iMsg+lMsg])
-		o.buf = o.buf[:len(o.buf)+x] // x is negative
-	}
-	// Encode the length in the reserved space.
-	o.buf = o.buf[:iLen]
-	o.EncodeVarint(uint64(lMsg))
-	o.buf = o.buf[:len(o.buf)+lMsg]
-	return state.err
-}
-
-// errorState maintains the first error that occurs and updates that error
-// with additional context.
-type errorState struct {
-	err error
-}
-
-// shouldContinue reports whether encoding should continue upon encountering the
-// given error. If the error is RequiredNotSetError, shouldContinue returns true
-// and, if this is the first appearance of that error, remembers it for future
-// reporting.
-//
-// If prop is not nil, it may update any error with additional context about the
-// field with the error.
-func (s *errorState) shouldContinue(err error, prop *Properties) bool {
-	// Ignore unset required fields.
-	reqNotSet, ok := err.(*RequiredNotSetError)
-	if !ok {
-		return false
-	}
-	if s.err == nil {
-		if prop != nil {
-			err = &RequiredNotSetError{prop.Name + "." + reqNotSet.field}
-		}
-		s.err = err
-	}
-	return true
-}
diff --git a/vendor/github.com/gogo/protobuf/proto/encode_gogo.go b/vendor/github.com/gogo/protobuf/proto/encode_gogo.go
index 32111b7f41d79..0f5fb173e9fd0 100644
--- a/vendor/github.com/gogo/protobuf/proto/encode_gogo.go
+++ b/vendor/github.com/gogo/protobuf/proto/encode_gogo.go
@@ -3,11 +3,6 @@
 // Copyright (c) 2013, The GoGo Authors. All rights reserved.
 // http://github.com/gogo/protobuf
 //
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// http://github.com/golang/protobuf/
-//
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
@@ -18,9 +13,6 @@
 // copyright notice, this list of conditions and the following disclaimer
 // in the documentation and/or other materials provided with the
 // distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
 //
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@@ -36,315 +28,6 @@
 
 package proto
 
-import (
-	"reflect"
-)
-
 func NewRequiredNotSetError(field string) *RequiredNotSetError {
 	return &RequiredNotSetError{field}
 }
-
-type Sizer interface {
-	Size() int
-}
-
-func (o *Buffer) enc_ext_slice_byte(p *Properties, base structPointer) error {
-	s := *structPointer_Bytes(base, p.field)
-	if s == nil {
-		return ErrNil
-	}
-	o.buf = append(o.buf, s...)
-	return nil
-}
-
-func size_ext_slice_byte(p *Properties, base structPointer) (n int) {
-	s := *structPointer_Bytes(base, p.field)
-	if s == nil {
-		return 0
-	}
-	n += len(s)
-	return
-}
-
-// Encode a reference to bool pointer.
-func (o *Buffer) enc_ref_bool(p *Properties, base structPointer) error {
-	v := *structPointer_BoolVal(base, p.field)
-	x := 0
-	if v {
-		x = 1
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, uint64(x))
-	return nil
-}
-
-func size_ref_bool(p *Properties, base structPointer) int {
-	return len(p.tagcode) + 1 // each bool takes exactly one byte
-}
-
-// Encode a reference to int32 pointer.
-func (o *Buffer) enc_ref_int32(p *Properties, base structPointer) error {
-	v := structPointer_Word32Val(base, p.field)
-	x := int32(word32Val_Get(v))
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, uint64(x))
-	return nil
-}
-
-func size_ref_int32(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word32Val(base, p.field)
-	x := int32(word32Val_Get(v))
-	n += len(p.tagcode)
-	n += p.valSize(uint64(x))
-	return
-}
-
-func (o *Buffer) enc_ref_uint32(p *Properties, base structPointer) error {
-	v := structPointer_Word32Val(base, p.field)
-	x := word32Val_Get(v)
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, uint64(x))
-	return nil
-}
-
-func size_ref_uint32(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word32Val(base, p.field)
-	x := word32Val_Get(v)
-	n += len(p.tagcode)
-	n += p.valSize(uint64(x))
-	return
-}
-
-// Encode a reference to an int64 pointer.
-func (o *Buffer) enc_ref_int64(p *Properties, base structPointer) error {
-	v := structPointer_Word64Val(base, p.field)
-	x := word64Val_Get(v)
-	o.buf = append(o.buf, p.tagcode...)
-	p.valEnc(o, x)
-	return nil
-}
-
-func size_ref_int64(p *Properties, base structPointer) (n int) {
-	v := structPointer_Word64Val(base, p.field)
-	x := word64Val_Get(v)
-	n += len(p.tagcode)
-	n += p.valSize(x)
-	return
-}
-
-// Encode a reference to a string pointer.
-func (o *Buffer) enc_ref_string(p *Properties, base structPointer) error {
-	v := *structPointer_StringVal(base, p.field)
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeStringBytes(v)
-	return nil
-}
-
-func size_ref_string(p *Properties, base structPointer) (n int) {
-	v := *structPointer_StringVal(base, p.field)
-	n += len(p.tagcode)
-	n += sizeStringBytes(v)
-	return
-}
-
-// Encode a reference to a message struct.
-func (o *Buffer) enc_ref_struct_message(p *Properties, base structPointer) error {
-	var state errorState
-	structp := structPointer_GetRefStructPointer(base, p.field)
-	if structPointer_IsNil(structp) {
-		return ErrNil
-	}
-
-	// Can the object marshal itself?
-	if p.isMarshaler {
-		m := structPointer_Interface(structp, p.stype).(Marshaler)
-		data, err := m.Marshal()
-		if err != nil && !state.shouldContinue(err, nil) {
-			return err
-		}
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeRawBytes(data)
-		return nil
-	}
-
-	o.buf = append(o.buf, p.tagcode...)
-	return o.enc_len_struct(p.sprop, structp, &state)
-}
-
-//TODO this is only copied, please fix this
-func size_ref_struct_message(p *Properties, base structPointer) int {
-	structp := structPointer_GetRefStructPointer(base, p.field)
-	if structPointer_IsNil(structp) {
-		return 0
-	}
-
-	// Can the object marshal itself?
-	if p.isMarshaler {
-		m := structPointer_Interface(structp, p.stype).(Marshaler)
-		data, _ := m.Marshal()
-		n0 := len(p.tagcode)
-		n1 := sizeRawBytes(data)
-		return n0 + n1
-	}
-
-	n0 := len(p.tagcode)
-	n1 := size_struct(p.sprop, structp)
-	n2 := sizeVarint(uint64(n1)) // size of encoded length
-	return n0 + n1 + n2
-}
-
-// Encode a slice of references to message struct pointers ([]struct).
-func (o *Buffer) enc_slice_ref_struct_message(p *Properties, base structPointer) error {
-	var state errorState
-	ss := structPointer_StructRefSlice(base, p.field, p.stype.Size())
-	l := ss.Len()
-	for i := 0; i < l; i++ {
-		structp := ss.Index(i)
-		if structPointer_IsNil(structp) {
-			return errRepeatedHasNil
-		}
-
-		// Can the object marshal itself?
-		if p.isMarshaler {
-			m := structPointer_Interface(structp, p.stype).(Marshaler)
-			data, err := m.Marshal()
-			if err != nil && !state.shouldContinue(err, nil) {
-				return err
-			}
-			o.buf = append(o.buf, p.tagcode...)
-			o.EncodeRawBytes(data)
-			continue
-		}
-
-		o.buf = append(o.buf, p.tagcode...)
-		err := o.enc_len_struct(p.sprop, structp, &state)
-		if err != nil && !state.shouldContinue(err, nil) {
-			if err == ErrNil {
-				return errRepeatedHasNil
-			}
-			return err
-		}
-
-	}
-	return state.err
-}
-
-//TODO this is only copied, please fix this
-func size_slice_ref_struct_message(p *Properties, base structPointer) (n int) {
-	ss := structPointer_StructRefSlice(base, p.field, p.stype.Size())
-	l := ss.Len()
-	n += l * len(p.tagcode)
-	for i := 0; i < l; i++ {
-		structp := ss.Index(i)
-		if structPointer_IsNil(structp) {
-			return // return the size up to this point
-		}
-
-		// Can the object marshal itself?
-		if p.isMarshaler {
-			m := structPointer_Interface(structp, p.stype).(Marshaler)
-			data, _ := m.Marshal()
-			n += len(p.tagcode)
-			n += sizeRawBytes(data)
-			continue
-		}
-
-		n0 := size_struct(p.sprop, structp)
-		n1 := sizeVarint(uint64(n0)) // size of encoded length
-		n += n0 + n1
-	}
-	return
-}
-
-func (o *Buffer) enc_custom_bytes(p *Properties, base structPointer) error {
-	i := structPointer_InterfaceRef(base, p.field, p.ctype)
-	if i == nil {
-		return ErrNil
-	}
-	custom := i.(Marshaler)
-	data, err := custom.Marshal()
-	if err != nil {
-		return err
-	}
-	if data == nil {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeRawBytes(data)
-	return nil
-}
-
-func size_custom_bytes(p *Properties, base structPointer) (n int) {
-	n += len(p.tagcode)
-	i := structPointer_InterfaceRef(base, p.field, p.ctype)
-	if i == nil {
-		return 0
-	}
-	custom := i.(Marshaler)
-	data, _ := custom.Marshal()
-	n += sizeRawBytes(data)
-	return
-}
-
-func (o *Buffer) enc_custom_ref_bytes(p *Properties, base structPointer) error {
-	custom := structPointer_InterfaceAt(base, p.field, p.ctype).(Marshaler)
-	data, err := custom.Marshal()
-	if err != nil {
-		return err
-	}
-	if data == nil {
-		return ErrNil
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeRawBytes(data)
-	return nil
-}
-
-func size_custom_ref_bytes(p *Properties, base structPointer) (n int) {
-	n += len(p.tagcode)
-	i := structPointer_InterfaceAt(base, p.field, p.ctype)
-	if i == nil {
-		return 0
-	}
-	custom := i.(Marshaler)
-	data, _ := custom.Marshal()
-	n += sizeRawBytes(data)
-	return
-}
-
-func (o *Buffer) enc_custom_slice_bytes(p *Properties, base structPointer) error {
-	inter := structPointer_InterfaceRef(base, p.field, p.ctype)
-	if inter == nil {
-		return ErrNil
-	}
-	slice := reflect.ValueOf(inter)
-	l := slice.Len()
-	for i := 0; i < l; i++ {
-		v := slice.Index(i)
-		custom := v.Interface().(Marshaler)
-		data, err := custom.Marshal()
-		if err != nil {
-			return err
-		}
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeRawBytes(data)
-	}
-	return nil
-}
-
-func size_custom_slice_bytes(p *Properties, base structPointer) (n int) {
-	inter := structPointer_InterfaceRef(base, p.field, p.ctype)
-	if inter == nil {
-		return 0
-	}
-	slice := reflect.ValueOf(inter)
-	l := slice.Len()
-	n += l * len(p.tagcode)
-	for i := 0; i < l; i++ {
-		v := slice.Index(i)
-		custom := v.Interface().(Marshaler)
-		data, _ := custom.Marshal()
-		n += sizeRawBytes(data)
-	}
-	return
-}
diff --git a/vendor/github.com/gogo/protobuf/proto/equal.go b/vendor/github.com/gogo/protobuf/proto/equal.go
index 2ed1cf596664d..d4db5a1c14577 100644
--- a/vendor/github.com/gogo/protobuf/proto/equal.go
+++ b/vendor/github.com/gogo/protobuf/proto/equal.go
@@ -109,15 +109,6 @@ func equalStruct(v1, v2 reflect.Value) bool {
 				// set/unset mismatch
 				return false
 			}
-			b1, ok := f1.Interface().(raw)
-			if ok {
-				b2 := f2.Interface().(raw)
-				// RawMessage
-				if !bytes.Equal(b1.Bytes(), b2.Bytes()) {
-					return false
-				}
-				continue
-			}
 			f1, f2 = f1.Elem(), f2.Elem()
 		}
 		if !equalAny(f1, f2, sprop.Prop[i]) {
@@ -146,11 +137,7 @@ func equalStruct(v1, v2 reflect.Value) bool {
 
 	u1 := uf.Bytes()
 	u2 := v2.FieldByName("XXX_unrecognized").Bytes()
-	if !bytes.Equal(u1, u2) {
-		return false
-	}
-
-	return true
+	return bytes.Equal(u1, u2)
 }
 
 // v1 and v2 are known to have the same type.
@@ -261,6 +248,15 @@ func equalExtMap(base reflect.Type, em1, em2 map[int32]Extension) bool {
 
 		m1, m2 := e1.value, e2.value
 
+		if m1 == nil && m2 == nil {
+			// Both have only encoded form.
+			if bytes.Equal(e1.enc, e2.enc) {
+				continue
+			}
+			// The bytes are different, but the extensions might still be
+			// equal. We need to decode them to compare.
+		}
+
 		if m1 != nil && m2 != nil {
 			// Both are unencoded.
 			if !equalAny(reflect.ValueOf(m1), reflect.ValueOf(m2), nil) {
@@ -276,8 +272,12 @@ func equalExtMap(base reflect.Type, em1, em2 map[int32]Extension) bool {
 			desc = m[extNum]
 		}
 		if desc == nil {
+			// If both have only encoded form and the bytes are the same,
+			// it is handled above. We get here when the bytes are different.
+			// We don't know how to decode it, so just compare them as byte
+			// slices.
 			log.Printf("proto: don't know how to compare extension %d of %v", extNum, base)
-			continue
+			return false
 		}
 		var err error
 		if m1 == nil {
diff --git a/vendor/github.com/gogo/protobuf/proto/extensions.go b/vendor/github.com/gogo/protobuf/proto/extensions.go
index 0dfcb538e8f1b..341c6f57f5210 100644
--- a/vendor/github.com/gogo/protobuf/proto/extensions.go
+++ b/vendor/github.com/gogo/protobuf/proto/extensions.go
@@ -38,6 +38,7 @@ package proto
 import (
 	"errors"
 	"fmt"
+	"io"
 	"reflect"
 	"strconv"
 	"sync"
@@ -69,12 +70,6 @@ type extendableProtoV1 interface {
 	ExtensionMap() map[int32]Extension
 }
 
-type extensionsBytes interface {
-	Message
-	ExtensionRangeArray() []ExtensionRange
-	GetExtensions() *[]byte
-}
-
 // extensionAdapter is a wrapper around extendableProtoV1 that implements extendableProto.
 type extensionAdapter struct {
 	extendableProtoV1
@@ -97,14 +92,31 @@ func (n notLocker) Unlock() {}
 // extendable returns the extendableProto interface for the given generated proto message.
 // If the proto message has the old extension format, it returns a wrapper that implements
 // the extendableProto interface.
-func extendable(p interface{}) (extendableProto, bool) {
-	if ep, ok := p.(extendableProto); ok {
-		return ep, ok
-	}
-	if ep, ok := p.(extendableProtoV1); ok {
-		return extensionAdapter{ep}, ok
+func extendable(p interface{}) (extendableProto, error) {
+	switch p := p.(type) {
+	case extendableProto:
+		if isNilPtr(p) {
+			return nil, fmt.Errorf("proto: nil %T is not extendable", p)
+		}
+		return p, nil
+	case extendableProtoV1:
+		if isNilPtr(p) {
+			return nil, fmt.Errorf("proto: nil %T is not extendable", p)
+		}
+		return extensionAdapter{p}, nil
+	case extensionsBytes:
+		return slowExtensionAdapter{p}, nil
 	}
-	return nil, false
+	// Don't allocate a specific error containing %T:
+	// this is the hot path for Clone and MarshalText.
+	return nil, errNotExtendable
+}
+
+var errNotExtendable = errors.New("proto: not an extendable proto.Message")
+
+func isNilPtr(x interface{}) bool {
+	v := reflect.ValueOf(x)
+	return v.Kind() == reflect.Ptr && v.IsNil()
 }
 
 // XXX_InternalExtensions is an internal representation of proto extensions.
@@ -149,16 +161,6 @@ func (e *XXX_InternalExtensions) extensionsRead() (map[int32]Extension, sync.Loc
 	return e.p.extensionMap, &e.p.mu
 }
 
-type extensionRange interface {
-	Message
-	ExtensionRangeArray() []ExtensionRange
-}
-
-var extendableProtoType = reflect.TypeOf((*extendableProto)(nil)).Elem()
-var extendableProtoV1Type = reflect.TypeOf((*extendableProtoV1)(nil)).Elem()
-var extendableBytesType = reflect.TypeOf((*extensionsBytes)(nil)).Elem()
-var extensionRangeType = reflect.TypeOf((*extensionRange)(nil)).Elem()
-
 // ExtensionDesc represents an extension specification.
 // Used in generated code from the protocol compiler.
 type ExtensionDesc struct {
@@ -198,8 +200,8 @@ func SetRawExtension(base Message, id int32, b []byte) {
 		*ext = append(*ext, b...)
 		return
 	}
-	epb, ok := extendable(base)
-	if !ok {
+	epb, err := extendable(base)
+	if err != nil {
 		return
 	}
 	extmap := epb.extensionsWrite()
@@ -207,7 +209,7 @@ func SetRawExtension(base Message, id int32, b []byte) {
 }
 
 // isExtensionField returns true iff the given field number is in an extension range.
-func isExtensionField(pb extensionRange, field int32) bool {
+func isExtensionField(pb extendableProto, field int32) bool {
 	for _, er := range pb.ExtensionRangeArray() {
 		if er.Start <= field && field <= er.End {
 			return true
@@ -223,8 +225,11 @@ func checkExtensionTypes(pb extendableProto, extension *ExtensionDesc) error {
 	if ea, ok := pbi.(extensionAdapter); ok {
 		pbi = ea.extendableProtoV1
 	}
+	if ea, ok := pbi.(slowExtensionAdapter); ok {
+		pbi = ea.extensionsBytes
+	}
 	if a, b := reflect.TypeOf(pbi), reflect.TypeOf(extension.ExtendedType); a != b {
-		return errors.New("proto: bad extended type; " + b.String() + " does not extend " + a.String())
+		return fmt.Errorf("proto: bad extended type; %v does not extend %v", b, a)
 	}
 	// Check the range.
 	if !isExtensionField(pb, extension.Field) {
@@ -269,80 +274,6 @@ func extensionProperties(ed *ExtensionDesc) *Properties {
 	return prop
 }
 
-// encode encodes any unmarshaled (unencoded) extensions in e.
-func encodeExtensions(e *XXX_InternalExtensions) error {
-	m, mu := e.extensionsRead()
-	if m == nil {
-		return nil // fast path
-	}
-	mu.Lock()
-	defer mu.Unlock()
-	return encodeExtensionsMap(m)
-}
-
-// encode encodes any unmarshaled (unencoded) extensions in e.
-func encodeExtensionsMap(m map[int32]Extension) error {
-	for k, e := range m {
-		if e.value == nil || e.desc == nil {
-			// Extension is only in its encoded form.
-			continue
-		}
-
-		// We don't skip extensions that have an encoded form set,
-		// because the extension value may have been mutated after
-		// the last time this function was called.
-
-		et := reflect.TypeOf(e.desc.ExtensionType)
-		props := extensionProperties(e.desc)
-
-		p := NewBuffer(nil)
-		// If e.value has type T, the encoder expects a *struct{ X T }.
-		// Pass a *T with a zero field and hope it all works out.
-		x := reflect.New(et)
-		x.Elem().Set(reflect.ValueOf(e.value))
-		if err := props.enc(p, props, toStructPointer(x)); err != nil {
-			return err
-		}
-		e.enc = p.buf
-		m[k] = e
-	}
-	return nil
-}
-
-func extensionsSize(e *XXX_InternalExtensions) (n int) {
-	m, mu := e.extensionsRead()
-	if m == nil {
-		return 0
-	}
-	mu.Lock()
-	defer mu.Unlock()
-	return extensionsMapSize(m)
-}
-
-func extensionsMapSize(m map[int32]Extension) (n int) {
-	for _, e := range m {
-		if e.value == nil || e.desc == nil {
-			// Extension is only in its encoded form.
-			n += len(e.enc)
-			continue
-		}
-
-		// We don't skip extensions that have an encoded form set,
-		// because the extension value may have been mutated after
-		// the last time this function was called.
-
-		et := reflect.TypeOf(e.desc.ExtensionType)
-		props := extensionProperties(e.desc)
-
-		// If e.value has type T, the encoder expects a *struct{ X T }.
-		// Pass a *T with a zero field and hope it all works out.
-		x := reflect.New(et)
-		x.Elem().Set(reflect.ValueOf(e.value))
-		n += props.size(props, toStructPointer(x))
-	}
-	return
-}
-
 // HasExtension returns whether the given extension is present in pb.
 func HasExtension(pb Message, extension *ExtensionDesc) bool {
 	if epb, doki := pb.(extensionsBytes); doki {
@@ -366,8 +297,8 @@ func HasExtension(pb Message, extension *ExtensionDesc) bool {
 		return false
 	}
 	// TODO: Check types, field numbers, etc.?
-	epb, ok := extendable(pb)
-	if !ok {
+	epb, err := extendable(pb)
+	if err != nil {
 		return false
 	}
 	extmap, mu := epb.extensionsRead()
@@ -375,46 +306,26 @@ func HasExtension(pb Message, extension *ExtensionDesc) bool {
 		return false
 	}
 	mu.Lock()
-	_, ok = extmap[extension.Field]
+	_, ok := extmap[extension.Field]
 	mu.Unlock()
 	return ok
 }
 
-func deleteExtension(pb extensionsBytes, theFieldNum int32, offset int) int {
-	ext := pb.GetExtensions()
-	for offset < len(*ext) {
-		tag, n1 := DecodeVarint((*ext)[offset:])
-		fieldNum := int32(tag >> 3)
-		wireType := int(tag & 0x7)
-		n2, err := size((*ext)[offset+n1:], wireType)
-		if err != nil {
-			panic(err)
-		}
-		newOffset := offset + n1 + n2
-		if fieldNum == theFieldNum {
-			*ext = append((*ext)[:offset], (*ext)[newOffset:]...)
-			return offset
-		}
-		offset = newOffset
-	}
-	return -1
-}
-
 // ClearExtension removes the given extension from pb.
 func ClearExtension(pb Message, extension *ExtensionDesc) {
 	clearExtension(pb, extension.Field)
 }
 
 func clearExtension(pb Message, fieldNum int32) {
-	if epb, doki := pb.(extensionsBytes); doki {
+	if epb, ok := pb.(extensionsBytes); ok {
 		offset := 0
 		for offset != -1 {
 			offset = deleteExtension(epb, fieldNum, offset)
 		}
 		return
 	}
-	epb, ok := extendable(pb)
-	if !ok {
+	epb, err := extendable(pb)
+	if err != nil {
 		return
 	}
 	// TODO: Check types, field numbers, etc.?
@@ -422,39 +333,33 @@ func clearExtension(pb Message, fieldNum int32) {
 	delete(extmap, fieldNum)
 }
 
-// GetExtension parses and returns the given extension of pb.
-// If the extension is not present and has no default value it returns ErrMissingExtension.
+// GetExtension retrieves a proto2 extended field from pb.
+//
+// If the descriptor is type complete (i.e., ExtensionDesc.ExtensionType is non-nil),
+// then GetExtension parses the encoded field and returns a Go value of the specified type.
+// If the field is not present, then the default value is returned (if one is specified),
+// otherwise ErrMissingExtension is reported.
+//
+// If the descriptor is not type complete (i.e., ExtensionDesc.ExtensionType is nil),
+// then GetExtension returns the raw encoded bytes of the field extension.
 func GetExtension(pb Message, extension *ExtensionDesc) (interface{}, error) {
 	if epb, doki := pb.(extensionsBytes); doki {
 		ext := epb.GetExtensions()
-		o := 0
-		for o < len(*ext) {
-			tag, n := DecodeVarint((*ext)[o:])
-			fieldNum := int32(tag >> 3)
-			wireType := int(tag & 0x7)
-			l, err := size((*ext)[o+n:], wireType)
-			if err != nil {
-				return nil, err
-			}
-			if int32(fieldNum) == extension.Field {
-				v, err := decodeExtension((*ext)[o:o+n+l], extension)
-				if err != nil {
-					return nil, err
-				}
-				return v, nil
-			}
-			o += n + l
-		}
-		return defaultExtensionValue(extension)
+		return decodeExtensionFromBytes(extension, *ext)
 	}
-	epb, ok := extendable(pb)
-	if !ok {
-		return nil, errors.New("proto: not an extendable proto")
-	}
-	if err := checkExtensionTypes(epb, extension); err != nil {
+
+	epb, err := extendable(pb)
+	if err != nil {
 		return nil, err
 	}
 
+	if extension.ExtendedType != nil {
+		// can only check type if this is a complete descriptor
+		if cerr := checkExtensionTypes(epb, extension); cerr != nil {
+			return nil, cerr
+		}
+	}
+
 	emap, mu := epb.extensionsRead()
 	if emap == nil {
 		return defaultExtensionValue(extension)
@@ -479,6 +384,11 @@ func GetExtension(pb Message, extension *ExtensionDesc) (interface{}, error) {
 		return e.value, nil
 	}
 
+	if extension.ExtensionType == nil {
+		// incomplete descriptor
+		return e.enc, nil
+	}
+
 	v, err := decodeExtension(e.enc, extension)
 	if err != nil {
 		return nil, err
@@ -496,6 +406,11 @@ func GetExtension(pb Message, extension *ExtensionDesc) (interface{}, error) {
 // defaultExtensionValue returns the default value for extension.
 // If no default for an extension is defined ErrMissingExtension is returned.
 func defaultExtensionValue(extension *ExtensionDesc) (interface{}, error) {
+	if extension.ExtensionType == nil {
+		// incomplete descriptor, so no default
+		return nil, ErrMissingExtension
+	}
+
 	t := reflect.TypeOf(extension.ExtensionType)
 	props := extensionProperties(extension)
 
@@ -530,31 +445,28 @@ func defaultExtensionValue(extension *ExtensionDesc) (interface{}, error) {
 
 // decodeExtension decodes an extension encoded in b.
 func decodeExtension(b []byte, extension *ExtensionDesc) (interface{}, error) {
-	o := NewBuffer(b)
-
 	t := reflect.TypeOf(extension.ExtensionType)
-
-	props := extensionProperties(extension)
+	unmarshal := typeUnmarshaler(t, extension.Tag)
 
 	// t is a pointer to a struct, pointer to basic type or a slice.
-	// Allocate a "field" to store the pointer/slice itself; the
-	// pointer/slice will be stored here. We pass
-	// the address of this field to props.dec.
-	// This passes a zero field and a *t and lets props.dec
-	// interpret it as a *struct{ x t }.
+	// Allocate space to store the pointer/slice.
 	value := reflect.New(t).Elem()
 
+	var err error
 	for {
-		// Discard wire type and field number varint. It isn't needed.
-		if _, err := o.DecodeVarint(); err != nil {
-			return nil, err
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
 		}
+		b = b[n:]
+		wire := int(x) & 7
 
-		if err := props.dec(o, props, toStructPointer(value.Addr())); err != nil {
+		b, err = unmarshal(b, valToPointer(value.Addr()), wire)
+		if err != nil {
 			return nil, err
 		}
 
-		if o.index >= len(o.buf) {
+		if len(b) == 0 {
 			break
 		}
 	}
@@ -564,9 +476,13 @@ func decodeExtension(b []byte, extension *ExtensionDesc) (interface{}, error) {
 // GetExtensions returns a slice of the extensions present in pb that are also listed in es.
 // The returned slice has the same length as es; missing extensions will appear as nil elements.
 func GetExtensions(pb Message, es []*ExtensionDesc) (extensions []interface{}, err error) {
+	epb, err := extendable(pb)
+	if err != nil {
+		return nil, err
+	}
 	extensions = make([]interface{}, len(es))
 	for i, e := range es {
-		extensions[i], err = GetExtension(pb, e)
+		extensions[i], err = GetExtension(epb, e)
 		if err == ErrMissingExtension {
 			err = nil
 		}
@@ -581,9 +497,9 @@ func GetExtensions(pb Message, es []*ExtensionDesc) (extensions []interface{}, e
 // For non-registered extensions, ExtensionDescs returns an incomplete descriptor containing
 // just the Field field, which defines the extension's field number.
 func ExtensionDescs(pb Message) ([]*ExtensionDesc, error) {
-	epb, ok := extendable(pb)
-	if !ok {
-		return nil, fmt.Errorf("proto: %T is not an extendable proto.Message", pb)
+	epb, err := extendable(pb)
+	if err != nil {
+		return nil, err
 	}
 	registeredExtensions := RegisteredExtensions(pb)
 
@@ -610,30 +526,26 @@ func ExtensionDescs(pb Message) ([]*ExtensionDesc, error) {
 
 // SetExtension sets the specified extension of pb to the specified value.
 func SetExtension(pb Message, extension *ExtensionDesc, value interface{}) error {
-	if epb, doki := pb.(extensionsBytes); doki {
+	if epb, ok := pb.(extensionsBytes); ok {
 		ClearExtension(pb, extension)
-		ext := epb.GetExtensions()
-		et := reflect.TypeOf(extension.ExtensionType)
-		props := extensionProperties(extension)
-		p := NewBuffer(nil)
-		x := reflect.New(et)
-		x.Elem().Set(reflect.ValueOf(value))
-		if err := props.enc(p, props, toStructPointer(x)); err != nil {
+		newb, err := encodeExtension(extension, value)
+		if err != nil {
 			return err
 		}
-		*ext = append(*ext, p.buf...)
+		bb := epb.GetExtensions()
+		*bb = append(*bb, newb...)
 		return nil
 	}
-	epb, ok := extendable(pb)
-	if !ok {
-		return errors.New("proto: not an extendable proto")
+	epb, err := extendable(pb)
+	if err != nil {
+		return err
 	}
 	if err := checkExtensionTypes(epb, extension); err != nil {
 		return err
 	}
 	typ := reflect.TypeOf(extension.ExtensionType)
 	if typ != reflect.TypeOf(value) {
-		return errors.New("proto: bad extension value type")
+		return fmt.Errorf("proto: bad extension value type. got: %T, want: %T", value, extension.ExtensionType)
 	}
 	// nil extension values need to be caught early, because the
 	// encoder can't distinguish an ErrNil due to a nil extension
@@ -656,8 +568,8 @@ func ClearAllExtensions(pb Message) {
 		*ext = []byte{}
 		return
 	}
-	epb, ok := extendable(pb)
-	if !ok {
+	epb, err := extendable(pb)
+	if err != nil {
 		return
 	}
 	m := epb.extensionsWrite()
diff --git a/vendor/github.com/gogo/protobuf/proto/extensions_gogo.go b/vendor/github.com/gogo/protobuf/proto/extensions_gogo.go
index ea6478f009d7f..6f1ae120ece58 100644
--- a/vendor/github.com/gogo/protobuf/proto/extensions_gogo.go
+++ b/vendor/github.com/gogo/protobuf/proto/extensions_gogo.go
@@ -32,12 +32,36 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	"io"
 	"reflect"
 	"sort"
 	"strings"
 	"sync"
 )
 
+type extensionsBytes interface {
+	Message
+	ExtensionRangeArray() []ExtensionRange
+	GetExtensions() *[]byte
+}
+
+type slowExtensionAdapter struct {
+	extensionsBytes
+}
+
+func (s slowExtensionAdapter) extensionsWrite() map[int32]Extension {
+	panic("Please report a bug to github.com/gogo/protobuf if you see this message: Writing extensions is not supported for extensions stored in a byte slice field.")
+}
+
+func (s slowExtensionAdapter) extensionsRead() (map[int32]Extension, sync.Locker) {
+	b := s.GetExtensions()
+	m, err := BytesToExtensionsMap(*b)
+	if err != nil {
+		panic(err)
+	}
+	return m, notLocker{}
+}
+
 func GetBoolExtension(pb Message, extension *ExtensionDesc, ifnotset bool) bool {
 	if reflect.ValueOf(pb).IsNil() {
 		return ifnotset
@@ -56,19 +80,28 @@ func GetBoolExtension(pb Message, extension *ExtensionDesc, ifnotset bool) bool
 }
 
 func (this *Extension) Equal(that *Extension) bool {
+	if err := this.Encode(); err != nil {
+		return false
+	}
+	if err := that.Encode(); err != nil {
+		return false
+	}
 	return bytes.Equal(this.enc, that.enc)
 }
 
 func (this *Extension) Compare(that *Extension) int {
+	if err := this.Encode(); err != nil {
+		return 1
+	}
+	if err := that.Encode(); err != nil {
+		return -1
+	}
 	return bytes.Compare(this.enc, that.enc)
 }
 
 func SizeOfInternalExtension(m extendableProto) (n int) {
-	return SizeOfExtensionMap(m.extensionsWrite())
-}
-
-func SizeOfExtensionMap(m map[int32]Extension) (n int) {
-	return extensionsMapSize(m)
+	info := getMarshalInfo(reflect.TypeOf(m))
+	return info.sizeV1Extensions(m.extensionsWrite())
 }
 
 type sortableMapElem struct {
@@ -121,29 +154,48 @@ func EncodeInternalExtension(m extendableProto, data []byte) (n int, err error)
 	return EncodeExtensionMap(m.extensionsWrite(), data)
 }
 
+func EncodeInternalExtensionBackwards(m extendableProto, data []byte) (n int, err error) {
+	return EncodeExtensionMapBackwards(m.extensionsWrite(), data)
+}
+
 func EncodeExtensionMap(m map[int32]Extension, data []byte) (n int, err error) {
-	if err := encodeExtensionsMap(m); err != nil {
-		return 0, err
-	}
-	keys := make([]int, 0, len(m))
-	for k := range m {
-		keys = append(keys, int(k))
+	o := 0
+	for _, e := range m {
+		if err := e.Encode(); err != nil {
+			return 0, err
+		}
+		n := copy(data[o:], e.enc)
+		if n != len(e.enc) {
+			return 0, io.ErrShortBuffer
+		}
+		o += n
 	}
-	sort.Ints(keys)
-	for _, k := range keys {
-		n += copy(data[n:], m[int32(k)].enc)
+	return o, nil
+}
+
+func EncodeExtensionMapBackwards(m map[int32]Extension, data []byte) (n int, err error) {
+	o := 0
+	end := len(data)
+	for _, e := range m {
+		if err := e.Encode(); err != nil {
+			return 0, err
+		}
+		n := copy(data[end-len(e.enc):], e.enc)
+		if n != len(e.enc) {
+			return 0, io.ErrShortBuffer
+		}
+		end -= n
+		o += n
 	}
-	return n, nil
+	return o, nil
 }
 
 func GetRawExtension(m map[int32]Extension, id int32) ([]byte, error) {
-	if m[id].value == nil || m[id].desc == nil {
-		return m[id].enc, nil
-	}
-	if err := encodeExtensionsMap(m); err != nil {
+	e := m[id]
+	if err := e.Encode(); err != nil {
 		return nil, err
 	}
-	return m[id].enc, nil
+	return e.enc, nil
 }
 
 func size(buf []byte, wire int) (int, error) {
@@ -218,35 +270,58 @@ func AppendExtension(e Message, tag int32, buf []byte) {
 	}
 }
 
-func encodeExtension(e *Extension) error {
-	if e.value == nil || e.desc == nil {
-		// Extension is only in its encoded form.
-		return nil
+func encodeExtension(extension *ExtensionDesc, value interface{}) ([]byte, error) {
+	u := getMarshalInfo(reflect.TypeOf(extension.ExtendedType))
+	ei := u.getExtElemInfo(extension)
+	v := value
+	p := toAddrPointer(&v, ei.isptr)
+	siz := ei.sizer(p, SizeVarint(ei.wiretag))
+	buf := make([]byte, 0, siz)
+	return ei.marshaler(buf, p, ei.wiretag, false)
+}
+
+func decodeExtensionFromBytes(extension *ExtensionDesc, buf []byte) (interface{}, error) {
+	o := 0
+	for o < len(buf) {
+		tag, n := DecodeVarint((buf)[o:])
+		fieldNum := int32(tag >> 3)
+		wireType := int(tag & 0x7)
+		if o+n > len(buf) {
+			return nil, fmt.Errorf("unable to decode extension")
+		}
+		l, err := size((buf)[o+n:], wireType)
+		if err != nil {
+			return nil, err
+		}
+		if int32(fieldNum) == extension.Field {
+			if o+n+l > len(buf) {
+				return nil, fmt.Errorf("unable to decode extension")
+			}
+			v, err := decodeExtension((buf)[o:o+n+l], extension)
+			if err != nil {
+				return nil, err
+			}
+			return v, nil
+		}
+		o += n + l
 	}
-	// We don't skip extensions that have an encoded form set,
-	// because the extension value may have been mutated after
-	// the last time this function was called.
-
-	et := reflect.TypeOf(e.desc.ExtensionType)
-	props := extensionProperties(e.desc)
-
-	p := NewBuffer(nil)
-	// If e.value has type T, the encoder expects a *struct{ X T }.
-	// Pass a *T with a zero field and hope it all works out.
-	x := reflect.New(et)
-	x.Elem().Set(reflect.ValueOf(e.value))
-	if err := props.enc(p, props, toStructPointer(x)); err != nil {
-		return err
+	return defaultExtensionValue(extension)
+}
+
+func (this *Extension) Encode() error {
+	if this.enc == nil {
+		var err error
+		this.enc, err = encodeExtension(this.desc, this.value)
+		if err != nil {
+			return err
+		}
 	}
-	e.enc = p.buf
 	return nil
 }
 
 func (this Extension) GoString() string {
-	if this.enc == nil {
-		if err := encodeExtension(&this); err != nil {
-			panic(err)
-		}
+	if err := this.Encode(); err != nil {
+		return fmt.Sprintf("error encoding extension: %v", err)
 	}
 	return fmt.Sprintf("proto.NewExtension(%#v)", this.enc)
 }
@@ -292,3 +367,23 @@ func GetUnsafeExtensionsMap(extendable Message) map[int32]Extension {
 	pb := extendable.(extendableProto)
 	return pb.extensionsWrite()
 }
+
+func deleteExtension(pb extensionsBytes, theFieldNum int32, offset int) int {
+	ext := pb.GetExtensions()
+	for offset < len(*ext) {
+		tag, n1 := DecodeVarint((*ext)[offset:])
+		fieldNum := int32(tag >> 3)
+		wireType := int(tag & 0x7)
+		n2, err := size((*ext)[offset+n1:], wireType)
+		if err != nil {
+			panic(err)
+		}
+		newOffset := offset + n1 + n2
+		if fieldNum == theFieldNum {
+			*ext = append((*ext)[:offset], (*ext)[newOffset:]...)
+			return offset
+		}
+		offset = newOffset
+	}
+	return -1
+}
diff --git a/vendor/github.com/gogo/protobuf/proto/lib.go b/vendor/github.com/gogo/protobuf/proto/lib.go
index c98d73da49ea2..80db1c155b597 100644
--- a/vendor/github.com/gogo/protobuf/proto/lib.go
+++ b/vendor/github.com/gogo/protobuf/proto/lib.go
@@ -273,32 +273,73 @@ import (
 	"sync"
 )
 
-// Message is implemented by generated protocol buffer messages.
-type Message interface {
-	Reset()
-	String() string
-	ProtoMessage()
+// RequiredNotSetError is an error type returned by either Marshal or Unmarshal.
+// Marshal reports this when a required field is not initialized.
+// Unmarshal reports this when a required field is missing from the wire data.
+type RequiredNotSetError struct{ field string }
+
+func (e *RequiredNotSetError) Error() string {
+	if e.field == "" {
+		return fmt.Sprintf("proto: required field not set")
+	}
+	return fmt.Sprintf("proto: required field %q not set", e.field)
 }
+func (e *RequiredNotSetError) RequiredNotSet() bool {
+	return true
+}
+
+type invalidUTF8Error struct{ field string }
 
-// Stats records allocation details about the protocol buffer encoders
-// and decoders.  Useful for tuning the library itself.
-type Stats struct {
-	Emalloc uint64 // mallocs in encode
-	Dmalloc uint64 // mallocs in decode
-	Encode  uint64 // number of encodes
-	Decode  uint64 // number of decodes
-	Chit    uint64 // number of cache hits
-	Cmiss   uint64 // number of cache misses
-	Size    uint64 // number of sizes
+func (e *invalidUTF8Error) Error() string {
+	if e.field == "" {
+		return "proto: invalid UTF-8 detected"
+	}
+	return fmt.Sprintf("proto: field %q contains invalid UTF-8", e.field)
+}
+func (e *invalidUTF8Error) InvalidUTF8() bool {
+	return true
 }
 
-// Set to true to enable stats collection.
-const collectStats = false
+// errInvalidUTF8 is a sentinel error to identify fields with invalid UTF-8.
+// This error should not be exposed to the external API as such errors should
+// be recreated with the field information.
+var errInvalidUTF8 = &invalidUTF8Error{}
 
-var stats Stats
+// isNonFatal reports whether the error is either a RequiredNotSet error
+// or a InvalidUTF8 error.
+func isNonFatal(err error) bool {
+	if re, ok := err.(interface{ RequiredNotSet() bool }); ok && re.RequiredNotSet() {
+		return true
+	}
+	if re, ok := err.(interface{ InvalidUTF8() bool }); ok && re.InvalidUTF8() {
+		return true
+	}
+	return false
+}
+
+type nonFatal struct{ E error }
 
-// GetStats returns a copy of the global Stats structure.
-func GetStats() Stats { return stats }
+// Merge merges err into nf and reports whether it was successful.
+// Otherwise it returns false for any fatal non-nil errors.
+func (nf *nonFatal) Merge(err error) (ok bool) {
+	if err == nil {
+		return true // not an error
+	}
+	if !isNonFatal(err) {
+		return false // fatal error
+	}
+	if nf.E == nil {
+		nf.E = err // store first instance of non-fatal error
+	}
+	return true
+}
+
+// Message is implemented by generated protocol buffer messages.
+type Message interface {
+	Reset()
+	String() string
+	ProtoMessage()
+}
 
 // A Buffer is a buffer manager for marshaling and unmarshaling
 // protocol buffers.  It may be reused between invocations to
@@ -309,16 +350,7 @@ type Buffer struct {
 	buf   []byte // encode/decode byte stream
 	index int    // read point
 
-	// pools of basic types to amortize allocation.
-	bools   []bool
-	uint32s []uint32
-	uint64s []uint64
-
-	// extra pools, only used with pointer_reflect.go
-	int32s   []int32
-	int64s   []int64
-	float32s []float32
-	float64s []float64
+	deterministic bool
 }
 
 // NewBuffer allocates a new Buffer and initializes its internal data to
@@ -343,6 +375,30 @@ func (p *Buffer) SetBuf(s []byte) {
 // Bytes returns the contents of the Buffer.
 func (p *Buffer) Bytes() []byte { return p.buf }
 
+// SetDeterministic sets whether to use deterministic serialization.
+//
+// Deterministic serialization guarantees that for a given binary, equal
+// messages will always be serialized to the same bytes. This implies:
+//
+//   - Repeated serialization of a message will return the same bytes.
+//   - Different processes of the same binary (which may be executing on
+//     different machines) will serialize equal messages to the same bytes.
+//
+// Note that the deterministic serialization is NOT canonical across
+// languages. It is not guaranteed to remain stable over time. It is unstable
+// across different builds with schema changes due to unknown fields.
+// Users who need canonical serialization (e.g., persistent storage in a
+// canonical form, fingerprinting, etc.) should define their own
+// canonicalization specification and implement their own serializer rather
+// than relying on this API.
+//
+// If deterministic serialization is requested, map entries will be sorted
+// by keys in lexographical order. This is an implementation detail and
+// subject to change.
+func (p *Buffer) SetDeterministic(deterministic bool) {
+	p.deterministic = deterministic
+}
+
 /*
  * Helper routines for simplifying the creation of optional fields of basic type.
  */
@@ -552,9 +608,11 @@ func SetDefaults(pb Message) {
 	setDefaults(reflect.ValueOf(pb), true, false)
 }
 
-// v is a pointer to a struct.
+// v is a struct.
 func setDefaults(v reflect.Value, recur, zeros bool) {
-	v = v.Elem()
+	if v.Kind() == reflect.Ptr {
+		v = v.Elem()
+	}
 
 	defaultMu.RLock()
 	dm, ok := defaults[v.Type()]
@@ -656,8 +714,11 @@ func setDefaults(v reflect.Value, recur, zeros bool) {
 
 	for _, ni := range dm.nested {
 		f := v.Field(ni)
-		// f is *T or []*T or map[T]*T
+		// f is *T or T or []*T or []T
 		switch f.Kind() {
+		case reflect.Struct:
+			setDefaults(f, recur, zeros)
+
 		case reflect.Ptr:
 			if f.IsNil() {
 				continue
@@ -667,7 +728,7 @@ func setDefaults(v reflect.Value, recur, zeros bool) {
 		case reflect.Slice:
 			for i := 0; i < f.Len(); i++ {
 				e := f.Index(i)
-				if e.IsNil() {
+				if e.Kind() == reflect.Ptr && e.IsNil() {
 					continue
 				}
 				setDefaults(e, recur, zeros)
@@ -739,6 +800,9 @@ func buildDefaultMessage(t reflect.Type) (dm defaultMessage) {
 func fieldDefault(ft reflect.Type, prop *Properties) (sf *scalarField, nestedMessage bool, err error) {
 	var canHaveDefault bool
 	switch ft.Kind() {
+	case reflect.Struct:
+		nestedMessage = true // non-nullable
+
 	case reflect.Ptr:
 		if ft.Elem().Kind() == reflect.Struct {
 			nestedMessage = true
@@ -748,7 +812,7 @@ func fieldDefault(ft reflect.Type, prop *Properties) (sf *scalarField, nestedMes
 
 	case reflect.Slice:
 		switch ft.Elem().Kind() {
-		case reflect.Ptr:
+		case reflect.Ptr, reflect.Struct:
 			nestedMessage = true // repeated message
 		case reflect.Uint8:
 			canHaveDefault = true // bytes field
@@ -831,22 +895,12 @@ func fieldDefault(ft reflect.Type, prop *Properties) (sf *scalarField, nestedMes
 	return sf, false, nil
 }
 
+// mapKeys returns a sort.Interface to be used for sorting the map keys.
 // Map fields may have key types of non-float scalars, strings and enums.
-// The easiest way to sort them in some deterministic order is to use fmt.
-// If this turns out to be inefficient we can always consider other options,
-// such as doing a Schwartzian transform.
-
 func mapKeys(vs []reflect.Value) sort.Interface {
-	s := mapKeySorter{
-		vs: vs,
-		// default Less function: textual comparison
-		less: func(a, b reflect.Value) bool {
-			return fmt.Sprint(a.Interface()) < fmt.Sprint(b.Interface())
-		},
-	}
+	s := mapKeySorter{vs: vs}
 
-	// Type specialization per https://developers.google.com/protocol-buffers/docs/proto#maps;
-	// numeric keys are sorted numerically.
+	// Type specialization per https://developers.google.com/protocol-buffers/docs/proto#maps.
 	if len(vs) == 0 {
 		return s
 	}
@@ -855,6 +909,12 @@ func mapKeys(vs []reflect.Value) sort.Interface {
 		s.less = func(a, b reflect.Value) bool { return a.Int() < b.Int() }
 	case reflect.Uint32, reflect.Uint64:
 		s.less = func(a, b reflect.Value) bool { return a.Uint() < b.Uint() }
+	case reflect.Bool:
+		s.less = func(a, b reflect.Value) bool { return !a.Bool() && b.Bool() } // false < true
+	case reflect.String:
+		s.less = func(a, b reflect.Value) bool { return a.String() < b.String() }
+	default:
+		panic(fmt.Sprintf("unsupported map key type: %v", vs[0].Kind()))
 	}
 
 	return s
@@ -888,10 +948,26 @@ func isProto3Zero(v reflect.Value) bool {
 	return false
 }
 
-// ProtoPackageIsVersion2 is referenced from generated protocol buffer files
-// to assert that that code is compatible with this version of the proto package.
-const GoGoProtoPackageIsVersion2 = true
+const (
+	// ProtoPackageIsVersion3 is referenced from generated protocol buffer files
+	// to assert that that code is compatible with this version of the proto package.
+	GoGoProtoPackageIsVersion3 = true
+
+	// ProtoPackageIsVersion2 is referenced from generated protocol buffer files
+	// to assert that that code is compatible with this version of the proto package.
+	GoGoProtoPackageIsVersion2 = true
 
-// ProtoPackageIsVersion1 is referenced from generated protocol buffer files
-// to assert that that code is compatible with this version of the proto package.
-const GoGoProtoPackageIsVersion1 = true
+	// ProtoPackageIsVersion1 is referenced from generated protocol buffer files
+	// to assert that that code is compatible with this version of the proto package.
+	GoGoProtoPackageIsVersion1 = true
+)
+
+// InternalMessageInfo is a type used internally by generated .pb.go files.
+// This type is not intended to be used by non-generated code.
+// This type is not subject to any compatibility guarantee.
+type InternalMessageInfo struct {
+	marshal   *marshalInfo
+	unmarshal *unmarshalInfo
+	merge     *mergeInfo
+	discard   *discardInfo
+}
diff --git a/vendor/github.com/gogo/protobuf/proto/lib_gogo.go b/vendor/github.com/gogo/protobuf/proto/lib_gogo.go
index 4b4f7c909e6ba..b3aa39190a130 100644
--- a/vendor/github.com/gogo/protobuf/proto/lib_gogo.go
+++ b/vendor/github.com/gogo/protobuf/proto/lib_gogo.go
@@ -33,6 +33,14 @@ import (
 	"strconv"
 )
 
+type Sizer interface {
+	Size() int
+}
+
+type ProtoSizer interface {
+	ProtoSize() int
+}
+
 func MarshalJSONEnum(m map[int32]string, value int32) ([]byte, error) {
 	s, ok := m[value]
 	if !ok {
diff --git a/vendor/github.com/gogo/protobuf/proto/message_set.go b/vendor/github.com/gogo/protobuf/proto/message_set.go
index fd982decd66e4..f48a756761ead 100644
--- a/vendor/github.com/gogo/protobuf/proto/message_set.go
+++ b/vendor/github.com/gogo/protobuf/proto/message_set.go
@@ -36,12 +36,7 @@ package proto
  */
 
 import (
-	"bytes"
-	"encoding/json"
 	"errors"
-	"fmt"
-	"reflect"
-	"sort"
 )
 
 // errNoMessageTypeID occurs when a protocol buffer does not have a message type ID.
@@ -94,10 +89,7 @@ func (ms *messageSet) find(pb Message) *_MessageSet_Item {
 }
 
 func (ms *messageSet) Has(pb Message) bool {
-	if ms.find(pb) != nil {
-		return true
-	}
-	return false
+	return ms.find(pb) != nil
 }
 
 func (ms *messageSet) Unmarshal(pb Message) error {
@@ -147,50 +139,9 @@ func skipVarint(buf []byte) []byte {
 	return buf[i+1:]
 }
 
-// MarshalMessageSet encodes the extension map represented by m in the message set wire format.
-// It is called by generated Marshal methods on protocol buffer messages with the message_set_wire_format option.
-func MarshalMessageSet(exts interface{}) ([]byte, error) {
-	var m map[int32]Extension
-	switch exts := exts.(type) {
-	case *XXX_InternalExtensions:
-		if err := encodeExtensions(exts); err != nil {
-			return nil, err
-		}
-		m, _ = exts.extensionsRead()
-	case map[int32]Extension:
-		if err := encodeExtensionsMap(exts); err != nil {
-			return nil, err
-		}
-		m = exts
-	default:
-		return nil, errors.New("proto: not an extension map")
-	}
-
-	// Sort extension IDs to provide a deterministic encoding.
-	// See also enc_map in encode.go.
-	ids := make([]int, 0, len(m))
-	for id := range m {
-		ids = append(ids, int(id))
-	}
-	sort.Ints(ids)
-
-	ms := &messageSet{Item: make([]*_MessageSet_Item, 0, len(m))}
-	for _, id := range ids {
-		e := m[int32(id)]
-		// Remove the wire type and field number varint, as well as the length varint.
-		msg := skipVarint(skipVarint(e.enc))
-
-		ms.Item = append(ms.Item, &_MessageSet_Item{
-			TypeId:  Int32(int32(id)),
-			Message: msg,
-		})
-	}
-	return Marshal(ms)
-}
-
-// UnmarshalMessageSet decodes the extension map encoded in buf in the message set wire format.
-// It is called by generated Unmarshal methods on protocol buffer messages with the message_set_wire_format option.
-func UnmarshalMessageSet(buf []byte, exts interface{}) error {
+// unmarshalMessageSet decodes the extension map encoded in buf in the message set wire format.
+// It is called by Unmarshal methods on protocol buffer messages with the message_set_wire_format option.
+func unmarshalMessageSet(buf []byte, exts interface{}) error {
 	var m map[int32]Extension
 	switch exts := exts.(type) {
 	case *XXX_InternalExtensions:
@@ -228,84 +179,3 @@ func UnmarshalMessageSet(buf []byte, exts interface{}) error {
 	}
 	return nil
 }
-
-// MarshalMessageSetJSON encodes the extension map represented by m in JSON format.
-// It is called by generated MarshalJSON methods on protocol buffer messages with the message_set_wire_format option.
-func MarshalMessageSetJSON(exts interface{}) ([]byte, error) {
-	var m map[int32]Extension
-	switch exts := exts.(type) {
-	case *XXX_InternalExtensions:
-		m, _ = exts.extensionsRead()
-	case map[int32]Extension:
-		m = exts
-	default:
-		return nil, errors.New("proto: not an extension map")
-	}
-	var b bytes.Buffer
-	b.WriteByte('{')
-
-	// Process the map in key order for deterministic output.
-	ids := make([]int32, 0, len(m))
-	for id := range m {
-		ids = append(ids, id)
-	}
-	sort.Sort(int32Slice(ids)) // int32Slice defined in text.go
-
-	for i, id := range ids {
-		ext := m[id]
-		if i > 0 {
-			b.WriteByte(',')
-		}
-
-		msd, ok := messageSetMap[id]
-		if !ok {
-			// Unknown type; we can't render it, so skip it.
-			continue
-		}
-		fmt.Fprintf(&b, `"[%s]":`, msd.name)
-
-		x := ext.value
-		if x == nil {
-			x = reflect.New(msd.t.Elem()).Interface()
-			if err := Unmarshal(ext.enc, x.(Message)); err != nil {
-				return nil, err
-			}
-		}
-		d, err := json.Marshal(x)
-		if err != nil {
-			return nil, err
-		}
-		b.Write(d)
-	}
-	b.WriteByte('}')
-	return b.Bytes(), nil
-}
-
-// UnmarshalMessageSetJSON decodes the extension map encoded in buf in JSON format.
-// It is called by generated UnmarshalJSON methods on protocol buffer messages with the message_set_wire_format option.
-func UnmarshalMessageSetJSON(buf []byte, exts interface{}) error {
-	// Common-case fast path.
-	if len(buf) == 0 || bytes.Equal(buf, []byte("{}")) {
-		return nil
-	}
-
-	// This is fairly tricky, and it's not clear that it is needed.
-	return errors.New("TODO: UnmarshalMessageSetJSON not yet implemented")
-}
-
-// A global registry of types that can be used in a MessageSet.
-
-var messageSetMap = make(map[int32]messageSetDesc)
-
-type messageSetDesc struct {
-	t    reflect.Type // pointer to struct
-	name string
-}
-
-// RegisterMessageSetType is called from the generated code.
-func RegisterMessageSetType(m Message, fieldNum int32, name string) {
-	messageSetMap[fieldNum] = messageSetDesc{
-		t:    reflect.TypeOf(m),
-		name: name,
-	}
-}
diff --git a/vendor/github.com/gogo/protobuf/proto/pointer_reflect.go b/vendor/github.com/gogo/protobuf/proto/pointer_reflect.go
index fb512e2e16dce..b6cad90834b31 100644
--- a/vendor/github.com/gogo/protobuf/proto/pointer_reflect.go
+++ b/vendor/github.com/gogo/protobuf/proto/pointer_reflect.go
@@ -29,7 +29,7 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-// +build appengine js
+// +build purego appengine js
 
 // This file contains an implementation of proto field accesses using package reflect.
 // It is slower than the code in pointer_unsafe.go but it avoids package unsafe and can
@@ -38,32 +38,13 @@
 package proto
 
 import (
-	"math"
 	"reflect"
+	"sync"
 )
 
-// A structPointer is a pointer to a struct.
-type structPointer struct {
-	v reflect.Value
-}
-
-// toStructPointer returns a structPointer equivalent to the given reflect value.
-// The reflect value must itself be a pointer to a struct.
-func toStructPointer(v reflect.Value) structPointer {
-	return structPointer{v}
-}
-
-// IsNil reports whether p is nil.
-func structPointer_IsNil(p structPointer) bool {
-	return p.v.IsNil()
-}
+const unsafeAllowed = false
 
-// Interface returns the struct pointer as an interface value.
-func structPointer_Interface(p structPointer, _ reflect.Type) interface{} {
-	return p.v.Interface()
-}
-
-// A field identifies a field in a struct, accessible from a structPointer.
+// A field identifies a field in a struct, accessible from a pointer.
 // In this implementation, a field is identified by the sequence of field indices
 // passed to reflect's FieldByIndex.
 type field []int
@@ -76,409 +57,301 @@ func toField(f *reflect.StructField) field {
 // invalidField is an invalid field identifier.
 var invalidField = field(nil)
 
+// zeroField is a noop when calling pointer.offset.
+var zeroField = field([]int{})
+
 // IsValid reports whether the field identifier is valid.
 func (f field) IsValid() bool { return f != nil }
 
-// field returns the given field in the struct as a reflect value.
-func structPointer_field(p structPointer, f field) reflect.Value {
-	// Special case: an extension map entry with a value of type T
-	// passes a *T to the struct-handling code with a zero field,
-	// expecting that it will be treated as equivalent to *struct{ X T },
-	// which has the same memory layout. We have to handle that case
-	// specially, because reflect will panic if we call FieldByIndex on a
-	// non-struct.
-	if f == nil {
-		return p.v.Elem()
-	}
-
-	return p.v.Elem().FieldByIndex(f)
+// The pointer type is for the table-driven decoder.
+// The implementation here uses a reflect.Value of pointer type to
+// create a generic pointer. In pointer_unsafe.go we use unsafe
+// instead of reflect to implement the same (but faster) interface.
+type pointer struct {
+	v reflect.Value
 }
 
-// ifield returns the given field in the struct as an interface value.
-func structPointer_ifield(p structPointer, f field) interface{} {
-	return structPointer_field(p, f).Addr().Interface()
+// toPointer converts an interface of pointer type to a pointer
+// that points to the same target.
+func toPointer(i *Message) pointer {
+	return pointer{v: reflect.ValueOf(*i)}
 }
 
-// Bytes returns the address of a []byte field in the struct.
-func structPointer_Bytes(p structPointer, f field) *[]byte {
-	return structPointer_ifield(p, f).(*[]byte)
+// toAddrPointer converts an interface to a pointer that points to
+// the interface data.
+func toAddrPointer(i *interface{}, isptr bool) pointer {
+	v := reflect.ValueOf(*i)
+	u := reflect.New(v.Type())
+	u.Elem().Set(v)
+	return pointer{v: u}
 }
 
-// BytesSlice returns the address of a [][]byte field in the struct.
-func structPointer_BytesSlice(p structPointer, f field) *[][]byte {
-	return structPointer_ifield(p, f).(*[][]byte)
+// valToPointer converts v to a pointer.  v must be of pointer type.
+func valToPointer(v reflect.Value) pointer {
+	return pointer{v: v}
 }
 
-// Bool returns the address of a *bool field in the struct.
-func structPointer_Bool(p structPointer, f field) **bool {
-	return structPointer_ifield(p, f).(**bool)
+// offset converts from a pointer to a structure to a pointer to
+// one of its fields.
+func (p pointer) offset(f field) pointer {
+	return pointer{v: p.v.Elem().FieldByIndex(f).Addr()}
 }
 
-// BoolVal returns the address of a bool field in the struct.
-func structPointer_BoolVal(p structPointer, f field) *bool {
-	return structPointer_ifield(p, f).(*bool)
+func (p pointer) isNil() bool {
+	return p.v.IsNil()
 }
 
-// BoolSlice returns the address of a []bool field in the struct.
-func structPointer_BoolSlice(p structPointer, f field) *[]bool {
-	return structPointer_ifield(p, f).(*[]bool)
+// grow updates the slice s in place to make it one element longer.
+// s must be addressable.
+// Returns the (addressable) new element.
+func grow(s reflect.Value) reflect.Value {
+	n, m := s.Len(), s.Cap()
+	if n < m {
+		s.SetLen(n + 1)
+	} else {
+		s.Set(reflect.Append(s, reflect.Zero(s.Type().Elem())))
+	}
+	return s.Index(n)
 }
 
-// String returns the address of a *string field in the struct.
-func structPointer_String(p structPointer, f field) **string {
-	return structPointer_ifield(p, f).(**string)
+func (p pointer) toInt64() *int64 {
+	return p.v.Interface().(*int64)
 }
-
-// StringVal returns the address of a string field in the struct.
-func structPointer_StringVal(p structPointer, f field) *string {
-	return structPointer_ifield(p, f).(*string)
+func (p pointer) toInt64Ptr() **int64 {
+	return p.v.Interface().(**int64)
 }
-
-// StringSlice returns the address of a []string field in the struct.
-func structPointer_StringSlice(p structPointer, f field) *[]string {
-	return structPointer_ifield(p, f).(*[]string)
+func (p pointer) toInt64Slice() *[]int64 {
+	return p.v.Interface().(*[]int64)
 }
 
-// Extensions returns the address of an extension map field in the struct.
-func structPointer_Extensions(p structPointer, f field) *XXX_InternalExtensions {
-	return structPointer_ifield(p, f).(*XXX_InternalExtensions)
-}
+var int32ptr = reflect.TypeOf((*int32)(nil))
 
-// ExtMap returns the address of an extension map field in the struct.
-func structPointer_ExtMap(p structPointer, f field) *map[int32]Extension {
-	return structPointer_ifield(p, f).(*map[int32]Extension)
+func (p pointer) toInt32() *int32 {
+	return p.v.Convert(int32ptr).Interface().(*int32)
 }
 
-// NewAt returns the reflect.Value for a pointer to a field in the struct.
-func structPointer_NewAt(p structPointer, f field, typ reflect.Type) reflect.Value {
-	return structPointer_field(p, f).Addr()
+// The toInt32Ptr/Slice methods don't work because of enums.
+// Instead, we must use set/get methods for the int32ptr/slice case.
+/*
+	func (p pointer) toInt32Ptr() **int32 {
+		return p.v.Interface().(**int32)
 }
-
-// SetStructPointer writes a *struct field in the struct.
-func structPointer_SetStructPointer(p structPointer, f field, q structPointer) {
-	structPointer_field(p, f).Set(q.v)
+	func (p pointer) toInt32Slice() *[]int32 {
+		return p.v.Interface().(*[]int32)
 }
-
-// GetStructPointer reads a *struct field in the struct.
-func structPointer_GetStructPointer(p structPointer, f field) structPointer {
-	return structPointer{structPointer_field(p, f)}
+*/
+func (p pointer) getInt32Ptr() *int32 {
+	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
+		// raw int32 type
+		return p.v.Elem().Interface().(*int32)
+	}
+	// an enum
+	return p.v.Elem().Convert(int32PtrType).Interface().(*int32)
+}
+func (p pointer) setInt32Ptr(v int32) {
+	// Allocate value in a *int32. Possibly convert that to a *enum.
+	// Then assign it to a **int32 or **enum.
+	// Note: we can convert *int32 to *enum, but we can't convert
+	// **int32 to **enum!
+	p.v.Elem().Set(reflect.ValueOf(&v).Convert(p.v.Type().Elem()))
+}
+
+// getInt32Slice copies []int32 from p as a new slice.
+// This behavior differs from the implementation in pointer_unsafe.go.
+func (p pointer) getInt32Slice() []int32 {
+	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
+		// raw int32 type
+		return p.v.Elem().Interface().([]int32)
+	}
+	// an enum
+	// Allocate a []int32, then assign []enum's values into it.
+	// Note: we can't convert []enum to []int32.
+	slice := p.v.Elem()
+	s := make([]int32, slice.Len())
+	for i := 0; i < slice.Len(); i++ {
+		s[i] = int32(slice.Index(i).Int())
+	}
+	return s
 }
 
-// StructPointerSlice the address of a []*struct field in the struct.
-func structPointer_StructPointerSlice(p structPointer, f field) structPointerSlice {
-	return structPointerSlice{structPointer_field(p, f)}
+// setInt32Slice copies []int32 into p as a new slice.
+// This behavior differs from the implementation in pointer_unsafe.go.
+func (p pointer) setInt32Slice(v []int32) {
+	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
+		// raw int32 type
+		p.v.Elem().Set(reflect.ValueOf(v))
+		return
+	}
+	// an enum
+	// Allocate a []enum, then assign []int32's values into it.
+	// Note: we can't convert []enum to []int32.
+	slice := reflect.MakeSlice(p.v.Type().Elem(), len(v), cap(v))
+	for i, x := range v {
+		slice.Index(i).SetInt(int64(x))
+	}
+	p.v.Elem().Set(slice)
 }
-
-// A structPointerSlice represents the address of a slice of pointers to structs
-// (themselves messages or groups). That is, v.Type() is *[]*struct{...}.
-type structPointerSlice struct {
-	v reflect.Value
+func (p pointer) appendInt32Slice(v int32) {
+	grow(p.v.Elem()).SetInt(int64(v))
 }
 
-func (p structPointerSlice) Len() int                  { return p.v.Len() }
-func (p structPointerSlice) Index(i int) structPointer { return structPointer{p.v.Index(i)} }
-func (p structPointerSlice) Append(q structPointer) {
-	p.v.Set(reflect.Append(p.v, q.v))
+func (p pointer) toUint64() *uint64 {
+	return p.v.Interface().(*uint64)
 }
-
-var (
-	int32Type   = reflect.TypeOf(int32(0))
-	uint32Type  = reflect.TypeOf(uint32(0))
-	float32Type = reflect.TypeOf(float32(0))
-	int64Type   = reflect.TypeOf(int64(0))
-	uint64Type  = reflect.TypeOf(uint64(0))
-	float64Type = reflect.TypeOf(float64(0))
-)
-
-// A word32 represents a field of type *int32, *uint32, *float32, or *enum.
-// That is, v.Type() is *int32, *uint32, *float32, or *enum and v is assignable.
-type word32 struct {
-	v reflect.Value
+func (p pointer) toUint64Ptr() **uint64 {
+	return p.v.Interface().(**uint64)
 }
-
-// IsNil reports whether p is nil.
-func word32_IsNil(p word32) bool {
-	return p.v.IsNil()
+func (p pointer) toUint64Slice() *[]uint64 {
+	return p.v.Interface().(*[]uint64)
 }
-
-// Set sets p to point at a newly allocated word with bits set to x.
-func word32_Set(p word32, o *Buffer, x uint32) {
-	t := p.v.Type().Elem()
-	switch t {
-	case int32Type:
-		if len(o.int32s) == 0 {
-			o.int32s = make([]int32, uint32PoolSize)
-		}
-		o.int32s[0] = int32(x)
-		p.v.Set(reflect.ValueOf(&o.int32s[0]))
-		o.int32s = o.int32s[1:]
-		return
-	case uint32Type:
-		if len(o.uint32s) == 0 {
-			o.uint32s = make([]uint32, uint32PoolSize)
-		}
-		o.uint32s[0] = x
-		p.v.Set(reflect.ValueOf(&o.uint32s[0]))
-		o.uint32s = o.uint32s[1:]
-		return
-	case float32Type:
-		if len(o.float32s) == 0 {
-			o.float32s = make([]float32, uint32PoolSize)
-		}
-		o.float32s[0] = math.Float32frombits(x)
-		p.v.Set(reflect.ValueOf(&o.float32s[0]))
-		o.float32s = o.float32s[1:]
-		return
-	}
-
-	// must be enum
-	p.v.Set(reflect.New(t))
-	p.v.Elem().SetInt(int64(int32(x)))
+func (p pointer) toUint32() *uint32 {
+	return p.v.Interface().(*uint32)
 }
-
-// Get gets the bits pointed at by p, as a uint32.
-func word32_Get(p word32) uint32 {
-	elem := p.v.Elem()
-	switch elem.Kind() {
-	case reflect.Int32:
-		return uint32(elem.Int())
-	case reflect.Uint32:
-		return uint32(elem.Uint())
-	case reflect.Float32:
-		return math.Float32bits(float32(elem.Float()))
-	}
-	panic("unreachable")
+func (p pointer) toUint32Ptr() **uint32 {
+	return p.v.Interface().(**uint32)
 }
-
-// Word32 returns a reference to a *int32, *uint32, *float32, or *enum field in the struct.
-func structPointer_Word32(p structPointer, f field) word32 {
-	return word32{structPointer_field(p, f)}
+func (p pointer) toUint32Slice() *[]uint32 {
+	return p.v.Interface().(*[]uint32)
 }
-
-// A word32Val represents a field of type int32, uint32, float32, or enum.
-// That is, v.Type() is int32, uint32, float32, or enum and v is assignable.
-type word32Val struct {
-	v reflect.Value
+func (p pointer) toBool() *bool {
+	return p.v.Interface().(*bool)
 }
-
-// Set sets *p to x.
-func word32Val_Set(p word32Val, x uint32) {
-	switch p.v.Type() {
-	case int32Type:
-		p.v.SetInt(int64(x))
-		return
-	case uint32Type:
-		p.v.SetUint(uint64(x))
-		return
-	case float32Type:
-		p.v.SetFloat(float64(math.Float32frombits(x)))
-		return
-	}
-
-	// must be enum
-	p.v.SetInt(int64(int32(x)))
+func (p pointer) toBoolPtr() **bool {
+	return p.v.Interface().(**bool)
 }
-
-// Get gets the bits pointed at by p, as a uint32.
-func word32Val_Get(p word32Val) uint32 {
-	elem := p.v
-	switch elem.Kind() {
-	case reflect.Int32:
-		return uint32(elem.Int())
-	case reflect.Uint32:
-		return uint32(elem.Uint())
-	case reflect.Float32:
-		return math.Float32bits(float32(elem.Float()))
-	}
-	panic("unreachable")
+func (p pointer) toBoolSlice() *[]bool {
+	return p.v.Interface().(*[]bool)
 }
-
-// Word32Val returns a reference to a int32, uint32, float32, or enum field in the struct.
-func structPointer_Word32Val(p structPointer, f field) word32Val {
-	return word32Val{structPointer_field(p, f)}
+func (p pointer) toFloat64() *float64 {
+	return p.v.Interface().(*float64)
 }
-
-// A word32Slice is a slice of 32-bit values.
-// That is, v.Type() is []int32, []uint32, []float32, or []enum.
-type word32Slice struct {
-	v reflect.Value
+func (p pointer) toFloat64Ptr() **float64 {
+	return p.v.Interface().(**float64)
 }
-
-func (p word32Slice) Append(x uint32) {
-	n, m := p.v.Len(), p.v.Cap()
-	if n < m {
-		p.v.SetLen(n + 1)
-	} else {
-		t := p.v.Type().Elem()
-		p.v.Set(reflect.Append(p.v, reflect.Zero(t)))
-	}
-	elem := p.v.Index(n)
-	switch elem.Kind() {
-	case reflect.Int32:
-		elem.SetInt(int64(int32(x)))
-	case reflect.Uint32:
-		elem.SetUint(uint64(x))
-	case reflect.Float32:
-		elem.SetFloat(float64(math.Float32frombits(x)))
-	}
+func (p pointer) toFloat64Slice() *[]float64 {
+	return p.v.Interface().(*[]float64)
 }
-
-func (p word32Slice) Len() int {
-	return p.v.Len()
+func (p pointer) toFloat32() *float32 {
+	return p.v.Interface().(*float32)
 }
-
-func (p word32Slice) Index(i int) uint32 {
-	elem := p.v.Index(i)
-	switch elem.Kind() {
-	case reflect.Int32:
-		return uint32(elem.Int())
-	case reflect.Uint32:
-		return uint32(elem.Uint())
-	case reflect.Float32:
-		return math.Float32bits(float32(elem.Float()))
-	}
-	panic("unreachable")
+func (p pointer) toFloat32Ptr() **float32 {
+	return p.v.Interface().(**float32)
 }
-
-// Word32Slice returns a reference to a []int32, []uint32, []float32, or []enum field in the struct.
-func structPointer_Word32Slice(p structPointer, f field) word32Slice {
-	return word32Slice{structPointer_field(p, f)}
+func (p pointer) toFloat32Slice() *[]float32 {
+	return p.v.Interface().(*[]float32)
 }
-
-// word64 is like word32 but for 64-bit values.
-type word64 struct {
-	v reflect.Value
+func (p pointer) toString() *string {
+	return p.v.Interface().(*string)
 }
-
-func word64_Set(p word64, o *Buffer, x uint64) {
-	t := p.v.Type().Elem()
-	switch t {
-	case int64Type:
-		if len(o.int64s) == 0 {
-			o.int64s = make([]int64, uint64PoolSize)
-		}
-		o.int64s[0] = int64(x)
-		p.v.Set(reflect.ValueOf(&o.int64s[0]))
-		o.int64s = o.int64s[1:]
-		return
-	case uint64Type:
-		if len(o.uint64s) == 0 {
-			o.uint64s = make([]uint64, uint64PoolSize)
-		}
-		o.uint64s[0] = x
-		p.v.Set(reflect.ValueOf(&o.uint64s[0]))
-		o.uint64s = o.uint64s[1:]
-		return
-	case float64Type:
-		if len(o.float64s) == 0 {
-			o.float64s = make([]float64, uint64PoolSize)
-		}
-		o.float64s[0] = math.Float64frombits(x)
-		p.v.Set(reflect.ValueOf(&o.float64s[0]))
-		o.float64s = o.float64s[1:]
-		return
-	}
-	panic("unreachable")
+func (p pointer) toStringPtr() **string {
+	return p.v.Interface().(**string)
 }
-
-func word64_IsNil(p word64) bool {
-	return p.v.IsNil()
+func (p pointer) toStringSlice() *[]string {
+	return p.v.Interface().(*[]string)
 }
-
-func word64_Get(p word64) uint64 {
-	elem := p.v.Elem()
-	switch elem.Kind() {
-	case reflect.Int64:
-		return uint64(elem.Int())
-	case reflect.Uint64:
-		return elem.Uint()
-	case reflect.Float64:
-		return math.Float64bits(elem.Float())
-	}
-	panic("unreachable")
+func (p pointer) toBytes() *[]byte {
+	return p.v.Interface().(*[]byte)
 }
-
-func structPointer_Word64(p structPointer, f field) word64 {
-	return word64{structPointer_field(p, f)}
+func (p pointer) toBytesSlice() *[][]byte {
+	return p.v.Interface().(*[][]byte)
+}
+func (p pointer) toExtensions() *XXX_InternalExtensions {
+	return p.v.Interface().(*XXX_InternalExtensions)
+}
+func (p pointer) toOldExtensions() *map[int32]Extension {
+	return p.v.Interface().(*map[int32]Extension)
+}
+func (p pointer) getPointer() pointer {
+	return pointer{v: p.v.Elem()}
+}
+func (p pointer) setPointer(q pointer) {
+	p.v.Elem().Set(q.v)
+}
+func (p pointer) appendPointer(q pointer) {
+	grow(p.v.Elem()).Set(q.v)
 }
 
-// word64Val is like word32Val but for 64-bit values.
-type word64Val struct {
-	v reflect.Value
+// getPointerSlice copies []*T from p as a new []pointer.
+// This behavior differs from the implementation in pointer_unsafe.go.
+func (p pointer) getPointerSlice() []pointer {
+	if p.v.IsNil() {
+		return nil
+	}
+	n := p.v.Elem().Len()
+	s := make([]pointer, n)
+	for i := 0; i < n; i++ {
+		s[i] = pointer{v: p.v.Elem().Index(i)}
+	}
+	return s
 }
 
-func word64Val_Set(p word64Val, o *Buffer, x uint64) {
-	switch p.v.Type() {
-	case int64Type:
-		p.v.SetInt(int64(x))
-		return
-	case uint64Type:
-		p.v.SetUint(x)
-		return
-	case float64Type:
-		p.v.SetFloat(math.Float64frombits(x))
+// setPointerSlice copies []pointer into p as a new []*T.
+// This behavior differs from the implementation in pointer_unsafe.go.
+func (p pointer) setPointerSlice(v []pointer) {
+	if v == nil {
+		p.v.Elem().Set(reflect.New(p.v.Elem().Type()).Elem())
 		return
 	}
-	panic("unreachable")
+	s := reflect.MakeSlice(p.v.Elem().Type(), 0, len(v))
+	for _, p := range v {
+		s = reflect.Append(s, p.v)
+	}
+	p.v.Elem().Set(s)
 }
 
-func word64Val_Get(p word64Val) uint64 {
-	elem := p.v
-	switch elem.Kind() {
-	case reflect.Int64:
-		return uint64(elem.Int())
-	case reflect.Uint64:
-		return elem.Uint()
-	case reflect.Float64:
-		return math.Float64bits(elem.Float())
+// getInterfacePointer returns a pointer that points to the
+// interface data of the interface pointed by p.
+func (p pointer) getInterfacePointer() pointer {
+	if p.v.Elem().IsNil() {
+		return pointer{v: p.v.Elem()}
 	}
-	panic("unreachable")
+	return pointer{v: p.v.Elem().Elem().Elem().Field(0).Addr()} // *interface -> interface -> *struct -> struct
 }
 
-func structPointer_Word64Val(p structPointer, f field) word64Val {
-	return word64Val{structPointer_field(p, f)}
+func (p pointer) asPointerTo(t reflect.Type) reflect.Value {
+	// TODO: check that p.v.Type().Elem() == t?
+	return p.v
 }
 
-type word64Slice struct {
-	v reflect.Value
+func atomicLoadUnmarshalInfo(p **unmarshalInfo) *unmarshalInfo {
+	atomicLock.Lock()
+	defer atomicLock.Unlock()
+	return *p
 }
-
-func (p word64Slice) Append(x uint64) {
-	n, m := p.v.Len(), p.v.Cap()
-	if n < m {
-		p.v.SetLen(n + 1)
-	} else {
-		t := p.v.Type().Elem()
-		p.v.Set(reflect.Append(p.v, reflect.Zero(t)))
-	}
-	elem := p.v.Index(n)
-	switch elem.Kind() {
-	case reflect.Int64:
-		elem.SetInt(int64(int64(x)))
-	case reflect.Uint64:
-		elem.SetUint(uint64(x))
-	case reflect.Float64:
-		elem.SetFloat(float64(math.Float64frombits(x)))
-	}
+func atomicStoreUnmarshalInfo(p **unmarshalInfo, v *unmarshalInfo) {
+	atomicLock.Lock()
+	defer atomicLock.Unlock()
+	*p = v
 }
-
-func (p word64Slice) Len() int {
-	return p.v.Len()
+func atomicLoadMarshalInfo(p **marshalInfo) *marshalInfo {
+	atomicLock.Lock()
+	defer atomicLock.Unlock()
+	return *p
 }
-
-func (p word64Slice) Index(i int) uint64 {
-	elem := p.v.Index(i)
-	switch elem.Kind() {
-	case reflect.Int64:
-		return uint64(elem.Int())
-	case reflect.Uint64:
-		return uint64(elem.Uint())
-	case reflect.Float64:
-		return math.Float64bits(float64(elem.Float()))
-	}
-	panic("unreachable")
+func atomicStoreMarshalInfo(p **marshalInfo, v *marshalInfo) {
+	atomicLock.Lock()
+	defer atomicLock.Unlock()
+	*p = v
 }
-
-func structPointer_Word64Slice(p structPointer, f field) word64Slice {
-	return word64Slice{structPointer_field(p, f)}
+func atomicLoadMergeInfo(p **mergeInfo) *mergeInfo {
+	atomicLock.Lock()
+	defer atomicLock.Unlock()
+	return *p
+}
+func atomicStoreMergeInfo(p **mergeInfo, v *mergeInfo) {
+	atomicLock.Lock()
+	defer atomicLock.Unlock()
+	*p = v
 }
+func atomicLoadDiscardInfo(p **discardInfo) *discardInfo {
+	atomicLock.Lock()
+	defer atomicLock.Unlock()
+	return *p
+}
+func atomicStoreDiscardInfo(p **discardInfo, v *discardInfo) {
+	atomicLock.Lock()
+	defer atomicLock.Unlock()
+	*p = v
+}
+
+var atomicLock sync.Mutex
diff --git a/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go b/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go
index 1763a5f227a0c..7ffd3c29d90c3 100644
--- a/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go
+++ b/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go
@@ -1,6 +1,6 @@
 // Protocol Buffers for Go with Gadgets
 //
-// Copyright (c) 2016, The GoGo Authors. All rights reserved.
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
 // http://github.com/gogo/protobuf
 //
 // Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,11 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-// +build appengine js
+// +build purego appengine js
+
+// This file contains an implementation of proto field accesses using package reflect.
+// It is slower than the code in pointer_unsafe.go but it avoids package unsafe and can
+// be used on App Engine.
 
 package proto
 
@@ -34,52 +38,22 @@ import (
 	"reflect"
 )
 
-func structPointer_FieldPointer(p structPointer, f field) structPointer {
-	panic("not implemented")
-}
-
-func appendStructPointer(base structPointer, f field, typ reflect.Type) structPointer {
-	panic("not implemented")
-}
-
-func structPointer_InterfaceAt(p structPointer, f field, t reflect.Type) interface{} {
-	panic("not implemented")
-}
-
-func structPointer_InterfaceRef(p structPointer, f field, t reflect.Type) interface{} {
-	panic("not implemented")
-}
-
-func structPointer_GetRefStructPointer(p structPointer, f field) structPointer {
-	panic("not implemented")
-}
+// TODO: untested, so probably incorrect.
 
-func structPointer_Add(p structPointer, size field) structPointer {
-	panic("not implemented")
+func (p pointer) getRef() pointer {
+	return pointer{v: p.v.Addr()}
 }
 
-func structPointer_Len(p structPointer, f field) int {
-	panic("not implemented")
-}
-
-func structPointer_GetSliceHeader(p structPointer, f field) *reflect.SliceHeader {
-	panic("not implemented")
-}
-
-func structPointer_Copy(oldptr structPointer, newptr structPointer, size int) {
-	panic("not implemented")
-}
-
-func structPointer_StructRefSlice(p structPointer, f field, size uintptr) *structRefSlice {
-	panic("not implemented")
-}
-
-type structRefSlice struct{}
-
-func (v *structRefSlice) Len() int {
-	panic("not implemented")
+func (p pointer) appendRef(v pointer, typ reflect.Type) {
+	slice := p.getSlice(typ)
+	elem := v.asPointerTo(typ).Elem()
+	newSlice := reflect.Append(slice, elem)
+	slice.Set(newSlice)
 }
 
-func (v *structRefSlice) Index(i int) structPointer {
-	panic("not implemented")
+func (p pointer) getSlice(typ reflect.Type) reflect.Value {
+	sliceTyp := reflect.SliceOf(typ)
+	slice := p.asPointerTo(sliceTyp)
+	slice = slice.Elem()
+	return slice
 }
diff --git a/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go b/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go
index 6b5567d47cd39..d55a335d94532 100644
--- a/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go
+++ b/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go
@@ -29,7 +29,7 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-// +build !appengine,!js
+// +build !purego,!appengine,!js
 
 // This file contains the implementation of the proto field accesses using package unsafe.
 
@@ -37,38 +37,13 @@ package proto
 
 import (
 	"reflect"
+	"sync/atomic"
 	"unsafe"
 )
 
-// NOTE: These type_Foo functions would more idiomatically be methods,
-// but Go does not allow methods on pointer types, and we must preserve
-// some pointer type for the garbage collector. We use these
-// funcs with clunky names as our poor approximation to methods.
-//
-// An alternative would be
-//	type structPointer struct { p unsafe.Pointer }
-// but that does not registerize as well.
-
-// A structPointer is a pointer to a struct.
-type structPointer unsafe.Pointer
-
-// toStructPointer returns a structPointer equivalent to the given reflect value.
-func toStructPointer(v reflect.Value) structPointer {
-	return structPointer(unsafe.Pointer(v.Pointer()))
-}
-
-// IsNil reports whether p is nil.
-func structPointer_IsNil(p structPointer) bool {
-	return p == nil
-}
-
-// Interface returns the struct pointer, assumed to have element type t,
-// as an interface value.
-func structPointer_Interface(p structPointer, t reflect.Type) interface{} {
-	return reflect.NewAt(t, unsafe.Pointer(p)).Interface()
-}
+const unsafeAllowed = true
 
-// A field identifies a field in a struct, accessible from a structPointer.
+// A field identifies a field in a struct, accessible from a pointer.
 // In this implementation, a field is identified by its byte offset from the start of the struct.
 type field uintptr
 
@@ -80,191 +55,254 @@ func toField(f *reflect.StructField) field {
 // invalidField is an invalid field identifier.
 const invalidField = ^field(0)
 
+// zeroField is a noop when calling pointer.offset.
+const zeroField = field(0)
+
 // IsValid reports whether the field identifier is valid.
 func (f field) IsValid() bool {
-	return f != ^field(0)
+	return f != invalidField
 }
 
-// Bytes returns the address of a []byte field in the struct.
-func structPointer_Bytes(p structPointer, f field) *[]byte {
-	return (*[]byte)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+// The pointer type below is for the new table-driven encoder/decoder.
+// The implementation here uses unsafe.Pointer to create a generic pointer.
+// In pointer_reflect.go we use reflect instead of unsafe to implement
+// the same (but slower) interface.
+type pointer struct {
+	p unsafe.Pointer
 }
 
-// BytesSlice returns the address of a [][]byte field in the struct.
-func structPointer_BytesSlice(p structPointer, f field) *[][]byte {
-	return (*[][]byte)(unsafe.Pointer(uintptr(p) + uintptr(f)))
-}
+// size of pointer
+var ptrSize = unsafe.Sizeof(uintptr(0))
 
-// Bool returns the address of a *bool field in the struct.
-func structPointer_Bool(p structPointer, f field) **bool {
-	return (**bool)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+// toPointer converts an interface of pointer type to a pointer
+// that points to the same target.
+func toPointer(i *Message) pointer {
+	// Super-tricky - read pointer out of data word of interface value.
+	// Saves ~25ns over the equivalent:
+	// return valToPointer(reflect.ValueOf(*i))
+	return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
 }
 
-// BoolVal returns the address of a bool field in the struct.
-func structPointer_BoolVal(p structPointer, f field) *bool {
-	return (*bool)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+// toAddrPointer converts an interface to a pointer that points to
+// the interface data.
+func toAddrPointer(i *interface{}, isptr bool) pointer {
+	// Super-tricky - read or get the address of data word of interface value.
+	if isptr {
+		// The interface is of pointer type, thus it is a direct interface.
+		// The data word is the pointer data itself. We take its address.
+		return pointer{p: unsafe.Pointer(uintptr(unsafe.Pointer(i)) + ptrSize)}
+	}
+	// The interface is not of pointer type. The data word is the pointer
+	// to the data.
+	return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
 }
 
-// BoolSlice returns the address of a []bool field in the struct.
-func structPointer_BoolSlice(p structPointer, f field) *[]bool {
-	return (*[]bool)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+// valToPointer converts v to a pointer. v must be of pointer type.
+func valToPointer(v reflect.Value) pointer {
+	return pointer{p: unsafe.Pointer(v.Pointer())}
 }
 
-// String returns the address of a *string field in the struct.
-func structPointer_String(p structPointer, f field) **string {
-	return (**string)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+// offset converts from a pointer to a structure to a pointer to
+// one of its fields.
+func (p pointer) offset(f field) pointer {
+	// For safety, we should panic if !f.IsValid, however calling panic causes
+	// this to no longer be inlineable, which is a serious performance cost.
+	/*
+		if !f.IsValid() {
+			panic("invalid field")
+		}
+	*/
+	return pointer{p: unsafe.Pointer(uintptr(p.p) + uintptr(f))}
 }
 
-// StringVal returns the address of a string field in the struct.
-func structPointer_StringVal(p structPointer, f field) *string {
-	return (*string)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+func (p pointer) isNil() bool {
+	return p.p == nil
 }
 
-// StringSlice returns the address of a []string field in the struct.
-func structPointer_StringSlice(p structPointer, f field) *[]string {
-	return (*[]string)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+func (p pointer) toInt64() *int64 {
+	return (*int64)(p.p)
 }
-
-// ExtMap returns the address of an extension map field in the struct.
-func structPointer_Extensions(p structPointer, f field) *XXX_InternalExtensions {
-	return (*XXX_InternalExtensions)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+func (p pointer) toInt64Ptr() **int64 {
+	return (**int64)(p.p)
 }
-
-func structPointer_ExtMap(p structPointer, f field) *map[int32]Extension {
-	return (*map[int32]Extension)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+func (p pointer) toInt64Slice() *[]int64 {
+	return (*[]int64)(p.p)
 }
-
-// NewAt returns the reflect.Value for a pointer to a field in the struct.
-func structPointer_NewAt(p structPointer, f field, typ reflect.Type) reflect.Value {
-	return reflect.NewAt(typ, unsafe.Pointer(uintptr(p)+uintptr(f)))
+func (p pointer) toInt32() *int32 {
+	return (*int32)(p.p)
 }
 
-// SetStructPointer writes a *struct field in the struct.
-func structPointer_SetStructPointer(p structPointer, f field, q structPointer) {
-	*(*structPointer)(unsafe.Pointer(uintptr(p) + uintptr(f))) = q
+// See pointer_reflect.go for why toInt32Ptr/Slice doesn't exist.
+/*
+	func (p pointer) toInt32Ptr() **int32 {
+		return (**int32)(p.p)
+	}
+	func (p pointer) toInt32Slice() *[]int32 {
+		return (*[]int32)(p.p)
+	}
+*/
+func (p pointer) getInt32Ptr() *int32 {
+	return *(**int32)(p.p)
 }
-
-// GetStructPointer reads a *struct field in the struct.
-func structPointer_GetStructPointer(p structPointer, f field) structPointer {
-	return *(*structPointer)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+func (p pointer) setInt32Ptr(v int32) {
+	*(**int32)(p.p) = &v
 }
 
-// StructPointerSlice the address of a []*struct field in the struct.
-func structPointer_StructPointerSlice(p structPointer, f field) *structPointerSlice {
-	return (*structPointerSlice)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+// getInt32Slice loads a []int32 from p.
+// The value returned is aliased with the original slice.
+// This behavior differs from the implementation in pointer_reflect.go.
+func (p pointer) getInt32Slice() []int32 {
+	return *(*[]int32)(p.p)
 }
 
-// A structPointerSlice represents a slice of pointers to structs (themselves submessages or groups).
-type structPointerSlice []structPointer
-
-func (v *structPointerSlice) Len() int                  { return len(*v) }
-func (v *structPointerSlice) Index(i int) structPointer { return (*v)[i] }
-func (v *structPointerSlice) Append(p structPointer)    { *v = append(*v, p) }
-
-// A word32 is the address of a "pointer to 32-bit value" field.
-type word32 **uint32
-
-// IsNil reports whether *v is nil.
-func word32_IsNil(p word32) bool {
-	return *p == nil
+// setInt32Slice stores a []int32 to p.
+// The value set is aliased with the input slice.
+// This behavior differs from the implementation in pointer_reflect.go.
+func (p pointer) setInt32Slice(v []int32) {
+	*(*[]int32)(p.p) = v
 }
 
-// Set sets *v to point at a newly allocated word set to x.
-func word32_Set(p word32, o *Buffer, x uint32) {
-	if len(o.uint32s) == 0 {
-		o.uint32s = make([]uint32, uint32PoolSize)
-	}
-	o.uint32s[0] = x
-	*p = &o.uint32s[0]
-	o.uint32s = o.uint32s[1:]
+// TODO: Can we get rid of appendInt32Slice and use setInt32Slice instead?
+func (p pointer) appendInt32Slice(v int32) {
+	s := (*[]int32)(p.p)
+	*s = append(*s, v)
 }
 
-// Get gets the value pointed at by *v.
-func word32_Get(p word32) uint32 {
-	return **p
+func (p pointer) toUint64() *uint64 {
+	return (*uint64)(p.p)
 }
-
-// Word32 returns the address of a *int32, *uint32, *float32, or *enum field in the struct.
-func structPointer_Word32(p structPointer, f field) word32 {
-	return word32((**uint32)(unsafe.Pointer(uintptr(p) + uintptr(f))))
+func (p pointer) toUint64Ptr() **uint64 {
+	return (**uint64)(p.p)
 }
-
-// A word32Val is the address of a 32-bit value field.
-type word32Val *uint32
-
-// Set sets *p to x.
-func word32Val_Set(p word32Val, x uint32) {
-	*p = x
+func (p pointer) toUint64Slice() *[]uint64 {
+	return (*[]uint64)(p.p)
 }
-
-// Get gets the value pointed at by p.
-func word32Val_Get(p word32Val) uint32 {
-	return *p
+func (p pointer) toUint32() *uint32 {
+	return (*uint32)(p.p)
 }
-
-// Word32Val returns the address of a *int32, *uint32, *float32, or *enum field in the struct.
-func structPointer_Word32Val(p structPointer, f field) word32Val {
-	return word32Val((*uint32)(unsafe.Pointer(uintptr(p) + uintptr(f))))
+func (p pointer) toUint32Ptr() **uint32 {
+	return (**uint32)(p.p)
 }
-
-// A word32Slice is a slice of 32-bit values.
-type word32Slice []uint32
-
-func (v *word32Slice) Append(x uint32)    { *v = append(*v, x) }
-func (v *word32Slice) Len() int           { return len(*v) }
-func (v *word32Slice) Index(i int) uint32 { return (*v)[i] }
-
-// Word32Slice returns the address of a []int32, []uint32, []float32, or []enum field in the struct.
-func structPointer_Word32Slice(p structPointer, f field) *word32Slice {
-	return (*word32Slice)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+func (p pointer) toUint32Slice() *[]uint32 {
+	return (*[]uint32)(p.p)
 }
-
-// word64 is like word32 but for 64-bit values.
-type word64 **uint64
-
-func word64_Set(p word64, o *Buffer, x uint64) {
-	if len(o.uint64s) == 0 {
-		o.uint64s = make([]uint64, uint64PoolSize)
-	}
-	o.uint64s[0] = x
-	*p = &o.uint64s[0]
-	o.uint64s = o.uint64s[1:]
+func (p pointer) toBool() *bool {
+	return (*bool)(p.p)
 }
-
-func word64_IsNil(p word64) bool {
-	return *p == nil
+func (p pointer) toBoolPtr() **bool {
+	return (**bool)(p.p)
 }
-
-func word64_Get(p word64) uint64 {
-	return **p
+func (p pointer) toBoolSlice() *[]bool {
+	return (*[]bool)(p.p)
+}
+func (p pointer) toFloat64() *float64 {
+	return (*float64)(p.p)
+}
+func (p pointer) toFloat64Ptr() **float64 {
+	return (**float64)(p.p)
+}
+func (p pointer) toFloat64Slice() *[]float64 {
+	return (*[]float64)(p.p)
+}
+func (p pointer) toFloat32() *float32 {
+	return (*float32)(p.p)
+}
+func (p pointer) toFloat32Ptr() **float32 {
+	return (**float32)(p.p)
+}
+func (p pointer) toFloat32Slice() *[]float32 {
+	return (*[]float32)(p.p)
+}
+func (p pointer) toString() *string {
+	return (*string)(p.p)
+}
+func (p pointer) toStringPtr() **string {
+	return (**string)(p.p)
+}
+func (p pointer) toStringSlice() *[]string {
+	return (*[]string)(p.p)
+}
+func (p pointer) toBytes() *[]byte {
+	return (*[]byte)(p.p)
+}
+func (p pointer) toBytesSlice() *[][]byte {
+	return (*[][]byte)(p.p)
+}
+func (p pointer) toExtensions() *XXX_InternalExtensions {
+	return (*XXX_InternalExtensions)(p.p)
+}
+func (p pointer) toOldExtensions() *map[int32]Extension {
+	return (*map[int32]Extension)(p.p)
 }
 
-func structPointer_Word64(p structPointer, f field) word64 {
-	return word64((**uint64)(unsafe.Pointer(uintptr(p) + uintptr(f))))
+// getPointerSlice loads []*T from p as a []pointer.
+// The value returned is aliased with the original slice.
+// This behavior differs from the implementation in pointer_reflect.go.
+func (p pointer) getPointerSlice() []pointer {
+	// Super-tricky - p should point to a []*T where T is a
+	// message type. We load it as []pointer.
+	return *(*[]pointer)(p.p)
 }
 
-// word64Val is like word32Val but for 64-bit values.
-type word64Val *uint64
+// setPointerSlice stores []pointer into p as a []*T.
+// The value set is aliased with the input slice.
+// This behavior differs from the implementation in pointer_reflect.go.
+func (p pointer) setPointerSlice(v []pointer) {
+	// Super-tricky - p should point to a []*T where T is a
+	// message type. We store it as []pointer.
+	*(*[]pointer)(p.p) = v
+}
 
-func word64Val_Set(p word64Val, o *Buffer, x uint64) {
-	*p = x
+// getPointer loads the pointer at p and returns it.
+func (p pointer) getPointer() pointer {
+	return pointer{p: *(*unsafe.Pointer)(p.p)}
 }
 
-func word64Val_Get(p word64Val) uint64 {
-	return *p
+// setPointer stores the pointer q at p.
+func (p pointer) setPointer(q pointer) {
+	*(*unsafe.Pointer)(p.p) = q.p
 }
 
-func structPointer_Word64Val(p structPointer, f field) word64Val {
-	return word64Val((*uint64)(unsafe.Pointer(uintptr(p) + uintptr(f))))
+// append q to the slice pointed to by p.
+func (p pointer) appendPointer(q pointer) {
+	s := (*[]unsafe.Pointer)(p.p)
+	*s = append(*s, q.p)
 }
 
-// word64Slice is like word32Slice but for 64-bit values.
-type word64Slice []uint64
+// getInterfacePointer returns a pointer that points to the
+// interface data of the interface pointed by p.
+func (p pointer) getInterfacePointer() pointer {
+	// Super-tricky - read pointer out of data word of interface value.
+	return pointer{p: (*(*[2]unsafe.Pointer)(p.p))[1]}
+}
 
-func (v *word64Slice) Append(x uint64)    { *v = append(*v, x) }
-func (v *word64Slice) Len() int           { return len(*v) }
-func (v *word64Slice) Index(i int) uint64 { return (*v)[i] }
+// asPointerTo returns a reflect.Value that is a pointer to an
+// object of type t stored at p.
+func (p pointer) asPointerTo(t reflect.Type) reflect.Value {
+	return reflect.NewAt(t, p.p)
+}
 
-func structPointer_Word64Slice(p structPointer, f field) *word64Slice {
-	return (*word64Slice)(unsafe.Pointer(uintptr(p) + uintptr(f)))
+func atomicLoadUnmarshalInfo(p **unmarshalInfo) *unmarshalInfo {
+	return (*unmarshalInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
+}
+func atomicStoreUnmarshalInfo(p **unmarshalInfo, v *unmarshalInfo) {
+	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
+}
+func atomicLoadMarshalInfo(p **marshalInfo) *marshalInfo {
+	return (*marshalInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
+}
+func atomicStoreMarshalInfo(p **marshalInfo, v *marshalInfo) {
+	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
+}
+func atomicLoadMergeInfo(p **mergeInfo) *mergeInfo {
+	return (*mergeInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
+}
+func atomicStoreMergeInfo(p **mergeInfo, v *mergeInfo) {
+	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
+}
+func atomicLoadDiscardInfo(p **discardInfo) *discardInfo {
+	return (*discardInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
+}
+func atomicStoreDiscardInfo(p **discardInfo, v *discardInfo) {
+	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
 }
diff --git a/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go b/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go
index f156a29f0e830..aca8eed02a11e 100644
--- a/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go
+++ b/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go
@@ -1,6 +1,6 @@
 // Protocol Buffers for Go with Gadgets
 //
-// Copyright (c) 2013, The GoGo Authors. All rights reserved.
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
 // http://github.com/gogo/protobuf
 //
 // Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-// +build !appengine,!js
+// +build !purego,!appengine,!js
 
 // This file contains the implementation of the proto field accesses using package unsafe.
 
@@ -37,92 +37,20 @@ import (
 	"unsafe"
 )
 
-func structPointer_InterfaceAt(p structPointer, f field, t reflect.Type) interface{} {
-	point := unsafe.Pointer(uintptr(p) + uintptr(f))
-	r := reflect.NewAt(t, point)
-	return r.Interface()
+func (p pointer) getRef() pointer {
+	return pointer{p: (unsafe.Pointer)(&p.p)}
 }
 
-func structPointer_InterfaceRef(p structPointer, f field, t reflect.Type) interface{} {
-	point := unsafe.Pointer(uintptr(p) + uintptr(f))
-	r := reflect.NewAt(t, point)
-	if r.Elem().IsNil() {
-		return nil
-	}
-	return r.Elem().Interface()
+func (p pointer) appendRef(v pointer, typ reflect.Type) {
+	slice := p.getSlice(typ)
+	elem := v.asPointerTo(typ).Elem()
+	newSlice := reflect.Append(slice, elem)
+	slice.Set(newSlice)
 }
 
-func copyUintPtr(oldptr, newptr uintptr, size int) {
-	oldbytes := make([]byte, 0)
-	oldslice := (*reflect.SliceHeader)(unsafe.Pointer(&oldbytes))
-	oldslice.Data = oldptr
-	oldslice.Len = size
-	oldslice.Cap = size
-	newbytes := make([]byte, 0)
-	newslice := (*reflect.SliceHeader)(unsafe.Pointer(&newbytes))
-	newslice.Data = newptr
-	newslice.Len = size
-	newslice.Cap = size
-	copy(newbytes, oldbytes)
-}
-
-func structPointer_Copy(oldptr structPointer, newptr structPointer, size int) {
-	copyUintPtr(uintptr(oldptr), uintptr(newptr), size)
-}
-
-func appendStructPointer(base structPointer, f field, typ reflect.Type) structPointer {
-	size := typ.Elem().Size()
-
-	oldHeader := structPointer_GetSliceHeader(base, f)
-	oldSlice := reflect.NewAt(typ, unsafe.Pointer(oldHeader)).Elem()
-	newLen := oldHeader.Len + 1
-	newSlice := reflect.MakeSlice(typ, newLen, newLen)
-	reflect.Copy(newSlice, oldSlice)
-	bas := toStructPointer(newSlice)
-	oldHeader.Data = uintptr(bas)
-	oldHeader.Len = newLen
-	oldHeader.Cap = newLen
-
-	return structPointer(unsafe.Pointer(uintptr(unsafe.Pointer(bas)) + uintptr(uintptr(newLen-1)*size)))
-}
-
-func structPointer_FieldPointer(p structPointer, f field) structPointer {
-	return structPointer(unsafe.Pointer(uintptr(p) + uintptr(f)))
-}
-
-func structPointer_GetRefStructPointer(p structPointer, f field) structPointer {
-	return structPointer((*structPointer)(unsafe.Pointer(uintptr(p) + uintptr(f))))
-}
-
-func structPointer_GetSliceHeader(p structPointer, f field) *reflect.SliceHeader {
-	return (*reflect.SliceHeader)(unsafe.Pointer(uintptr(p) + uintptr(f)))
-}
-
-func structPointer_Add(p structPointer, size field) structPointer {
-	return structPointer(unsafe.Pointer(uintptr(p) + uintptr(size)))
-}
-
-func structPointer_Len(p structPointer, f field) int {
-	return len(*(*[]interface{})(unsafe.Pointer(structPointer_GetRefStructPointer(p, f))))
-}
-
-func structPointer_StructRefSlice(p structPointer, f field, size uintptr) *structRefSlice {
-	return &structRefSlice{p: p, f: f, size: size}
-}
-
-// A structRefSlice represents a slice of structs (themselves submessages or groups).
-type structRefSlice struct {
-	p    structPointer
-	f    field
-	size uintptr
-}
-
-func (v *structRefSlice) Len() int {
-	return structPointer_Len(v.p, v.f)
-}
-
-func (v *structRefSlice) Index(i int) structPointer {
-	ss := structPointer_GetStructPointer(v.p, v.f)
-	ss1 := structPointer_GetRefStructPointer(ss, 0)
-	return structPointer_Add(ss1, field(uintptr(i)*v.size))
+func (p pointer) getSlice(typ reflect.Type) reflect.Value {
+	sliceTyp := reflect.SliceOf(typ)
+	slice := p.asPointerTo(sliceTyp)
+	slice = slice.Elem()
+	return slice
 }
diff --git a/vendor/github.com/gogo/protobuf/proto/properties.go b/vendor/github.com/gogo/protobuf/proto/properties.go
index 2a69e8862d564..28da1475fb397 100644
--- a/vendor/github.com/gogo/protobuf/proto/properties.go
+++ b/vendor/github.com/gogo/protobuf/proto/properties.go
@@ -43,7 +43,6 @@ package proto
 import (
 	"fmt"
 	"log"
-	"os"
 	"reflect"
 	"sort"
 	"strconv"
@@ -63,42 +62,6 @@ const (
 	WireFixed32    = 5
 )
 
-const startSize = 10 // initial slice/string sizes
-
-// Encoders are defined in encode.go
-// An encoder outputs the full representation of a field, including its
-// tag and encoder type.
-type encoder func(p *Buffer, prop *Properties, base structPointer) error
-
-// A valueEncoder encodes a single integer in a particular encoding.
-type valueEncoder func(o *Buffer, x uint64) error
-
-// Sizers are defined in encode.go
-// A sizer returns the encoded size of a field, including its tag and encoder
-// type.
-type sizer func(prop *Properties, base structPointer) int
-
-// A valueSizer returns the encoded size of a single integer in a particular
-// encoding.
-type valueSizer func(x uint64) int
-
-// Decoders are defined in decode.go
-// A decoder creates a value from its wire representation.
-// Unrecognized subelements are saved in unrec.
-type decoder func(p *Buffer, prop *Properties, base structPointer) error
-
-// A valueDecoder decodes a single integer in a particular encoding.
-type valueDecoder func(o *Buffer) (x uint64, err error)
-
-// A oneofMarshaler does the marshaling for all oneof fields in a message.
-type oneofMarshaler func(Message, *Buffer) error
-
-// A oneofUnmarshaler does the unmarshaling for a oneof field in a message.
-type oneofUnmarshaler func(Message, int, int, *Buffer) (bool, error)
-
-// A oneofSizer does the sizing for all oneof fields in a message.
-type oneofSizer func(Message) int
-
 // tagMap is an optimization over map[int]int for typical protocol buffer
 // use-cases. Encoded protocol buffers are often in tag order with small tag
 // numbers.
@@ -145,13 +108,6 @@ type StructProperties struct {
 	decoderTags      tagMap         // map from proto tag to struct field number
 	decoderOrigNames map[string]int // map from original name to struct field number
 	order            []int          // list of struct field numbers in tag order
-	unrecField       field          // field id of the XXX_unrecognized []byte field
-	extendable       bool           // is this an extendable proto
-
-	oneofMarshaler   oneofMarshaler
-	oneofUnmarshaler oneofUnmarshaler
-	oneofSizer       oneofSizer
-	stype            reflect.Type
 
 	// OneofTypes contains information about the oneof fields in this message.
 	// It is keyed by the original name of a field.
@@ -187,7 +143,7 @@ type Properties struct {
 	Repeated bool
 	Packed   bool   // relevant for repeated primitives only
 	Enum     string // set for enum types only
-	proto3   bool   // whether this is known to be a proto3 field; set for []byte only
+	proto3   bool   // whether this is known to be a proto3 field
 	oneof    bool   // whether this is a oneof field
 
 	Default     string // default value
@@ -196,37 +152,21 @@ type Properties struct {
 	CastType    string
 	StdTime     bool
 	StdDuration bool
+	WktPointer  bool
+
+	stype reflect.Type      // set for struct types only
+	ctype reflect.Type      // set for custom types only
+	sprop *StructProperties // set for struct types only
 
-	enc           encoder
-	valEnc        valueEncoder // set for bool and numeric types only
-	field         field
-	tagcode       []byte // encoding of EncodeVarint((Tag<<3)|WireType)
-	tagbuf        [8]byte
-	stype         reflect.Type      // set for struct types only
-	sstype        reflect.Type      // set for slices of structs types only
-	ctype         reflect.Type      // set for custom types only
-	sprop         *StructProperties // set for struct types only
-	isMarshaler   bool
-	isUnmarshaler bool
-
-	mtype    reflect.Type // set for map types only
-	mkeyprop *Properties  // set for map types only
-	mvalprop *Properties  // set for map types only
-
-	size    sizer
-	valSize valueSizer // set for bool and numeric types only
-
-	dec    decoder
-	valDec valueDecoder // set for bool and numeric types only
-
-	// If this is a packable field, this will be the decoder for the packed version of the field.
-	packedDec decoder
+	mtype      reflect.Type // set for map types only
+	MapKeyProp *Properties  // set for map types only
+	MapValProp *Properties  // set for map types only
 }
 
 // String formats the properties in the protobuf struct field tag style.
 func (p *Properties) String() string {
 	s := p.Wire
-	s = ","
+	s += ","
 	s += strconv.Itoa(p.Tag)
 	if p.Required {
 		s += ",req"
@@ -264,7 +204,7 @@ func (p *Properties) Parse(s string) {
 	// "bytes,49,opt,name=foo,def=hello!"
 	fields := strings.Split(s, ",") // breaks def=, but handled below.
 	if len(fields) < 2 {
-		fmt.Fprintf(os.Stderr, "proto: tag has too few fields: %q\n", s)
+		log.Printf("proto: tag has too few fields: %q", s)
 		return
 	}
 
@@ -272,34 +212,19 @@ func (p *Properties) Parse(s string) {
 	switch p.Wire {
 	case "varint":
 		p.WireType = WireVarint
-		p.valEnc = (*Buffer).EncodeVarint
-		p.valDec = (*Buffer).DecodeVarint
-		p.valSize = sizeVarint
 	case "fixed32":
 		p.WireType = WireFixed32
-		p.valEnc = (*Buffer).EncodeFixed32
-		p.valDec = (*Buffer).DecodeFixed32
-		p.valSize = sizeFixed32
 	case "fixed64":
 		p.WireType = WireFixed64
-		p.valEnc = (*Buffer).EncodeFixed64
-		p.valDec = (*Buffer).DecodeFixed64
-		p.valSize = sizeFixed64
 	case "zigzag32":
 		p.WireType = WireVarint
-		p.valEnc = (*Buffer).EncodeZigzag32
-		p.valDec = (*Buffer).DecodeZigzag32
-		p.valSize = sizeZigzag32
 	case "zigzag64":
 		p.WireType = WireVarint
-		p.valEnc = (*Buffer).EncodeZigzag64
-		p.valDec = (*Buffer).DecodeZigzag64
-		p.valSize = sizeZigzag64
 	case "bytes", "group":
 		p.WireType = WireBytes
 		// no numeric converter for non-numeric types
 	default:
-		fmt.Fprintf(os.Stderr, "proto: tag has unknown wire type: %q\n", s)
+		log.Printf("proto: tag has unknown wire type: %q", s)
 		return
 	}
 
@@ -309,6 +234,7 @@ func (p *Properties) Parse(s string) {
 		return
 	}
 
+outer:
 	for i := 2; i < len(fields); i++ {
 		f := fields[i]
 		switch {
@@ -336,7 +262,7 @@ func (p *Properties) Parse(s string) {
 			if i+1 < len(fields) {
 				// Commas aren't escaped, and def is always last.
 				p.Default += "," + strings.Join(fields[i+1:], ",")
-				break
+				break outer
 			}
 		case strings.HasPrefix(f, "embedded="):
 			p.OrigName = strings.Split(f, "=")[1]
@@ -348,301 +274,58 @@ func (p *Properties) Parse(s string) {
 			p.StdTime = true
 		case f == "stdduration":
 			p.StdDuration = true
+		case f == "wktptr":
+			p.WktPointer = true
 		}
 	}
 }
 
-func logNoSliceEnc(t1, t2 reflect.Type) {
-	fmt.Fprintf(os.Stderr, "proto: no slice oenc for %T = []%T\n", t1, t2)
-}
-
 var protoMessageType = reflect.TypeOf((*Message)(nil)).Elem()
 
-// Initialize the fields for encoding and decoding.
-func (p *Properties) setEncAndDec(typ reflect.Type, f *reflect.StructField, lockGetProp bool) {
-	p.enc = nil
-	p.dec = nil
-	p.size = nil
+// setFieldProps initializes the field properties for submessages and maps.
+func (p *Properties) setFieldProps(typ reflect.Type, f *reflect.StructField, lockGetProp bool) {
 	isMap := typ.Kind() == reflect.Map
 	if len(p.CustomType) > 0 && !isMap {
-		p.setCustomEncAndDec(typ)
+		p.ctype = typ
 		p.setTag(lockGetProp)
 		return
 	}
 	if p.StdTime && !isMap {
-		p.setTimeEncAndDec(typ)
 		p.setTag(lockGetProp)
 		return
 	}
 	if p.StdDuration && !isMap {
-		p.setDurationEncAndDec(typ)
+		p.setTag(lockGetProp)
+		return
+	}
+	if p.WktPointer && !isMap {
 		p.setTag(lockGetProp)
 		return
 	}
 	switch t1 := typ; t1.Kind() {
-	default:
-		fmt.Fprintf(os.Stderr, "proto: no coders for %v\n", t1)
-
-	// proto3 scalar types
-
-	case reflect.Bool:
-		if p.proto3 {
-			p.enc = (*Buffer).enc_proto3_bool
-			p.dec = (*Buffer).dec_proto3_bool
-			p.size = size_proto3_bool
-		} else {
-			p.enc = (*Buffer).enc_ref_bool
-			p.dec = (*Buffer).dec_proto3_bool
-			p.size = size_ref_bool
-		}
-	case reflect.Int32:
-		if p.proto3 {
-			p.enc = (*Buffer).enc_proto3_int32
-			p.dec = (*Buffer).dec_proto3_int32
-			p.size = size_proto3_int32
-		} else {
-			p.enc = (*Buffer).enc_ref_int32
-			p.dec = (*Buffer).dec_proto3_int32
-			p.size = size_ref_int32
-		}
-	case reflect.Uint32:
-		if p.proto3 {
-			p.enc = (*Buffer).enc_proto3_uint32
-			p.dec = (*Buffer).dec_proto3_int32 // can reuse
-			p.size = size_proto3_uint32
-		} else {
-			p.enc = (*Buffer).enc_ref_uint32
-			p.dec = (*Buffer).dec_proto3_int32 // can reuse
-			p.size = size_ref_uint32
-		}
-	case reflect.Int64, reflect.Uint64:
-		if p.proto3 {
-			p.enc = (*Buffer).enc_proto3_int64
-			p.dec = (*Buffer).dec_proto3_int64
-			p.size = size_proto3_int64
-		} else {
-			p.enc = (*Buffer).enc_ref_int64
-			p.dec = (*Buffer).dec_proto3_int64
-			p.size = size_ref_int64
-		}
-	case reflect.Float32:
-		if p.proto3 {
-			p.enc = (*Buffer).enc_proto3_uint32 // can just treat them as bits
-			p.dec = (*Buffer).dec_proto3_int32
-			p.size = size_proto3_uint32
-		} else {
-			p.enc = (*Buffer).enc_ref_uint32 // can just treat them as bits
-			p.dec = (*Buffer).dec_proto3_int32
-			p.size = size_ref_uint32
-		}
-	case reflect.Float64:
-		if p.proto3 {
-			p.enc = (*Buffer).enc_proto3_int64 // can just treat them as bits
-			p.dec = (*Buffer).dec_proto3_int64
-			p.size = size_proto3_int64
-		} else {
-			p.enc = (*Buffer).enc_ref_int64 // can just treat them as bits
-			p.dec = (*Buffer).dec_proto3_int64
-			p.size = size_ref_int64
-		}
-	case reflect.String:
-		if p.proto3 {
-			p.enc = (*Buffer).enc_proto3_string
-			p.dec = (*Buffer).dec_proto3_string
-			p.size = size_proto3_string
-		} else {
-			p.enc = (*Buffer).enc_ref_string
-			p.dec = (*Buffer).dec_proto3_string
-			p.size = size_ref_string
-		}
 	case reflect.Struct:
 		p.stype = typ
-		p.isMarshaler = isMarshaler(typ)
-		p.isUnmarshaler = isUnmarshaler(typ)
-		if p.Wire == "bytes" {
-			p.enc = (*Buffer).enc_ref_struct_message
-			p.dec = (*Buffer).dec_ref_struct_message
-			p.size = size_ref_struct_message
-		} else {
-			fmt.Fprintf(os.Stderr, "proto: no coders for struct %T\n", typ)
-		}
-
 	case reflect.Ptr:
-		switch t2 := t1.Elem(); t2.Kind() {
-		default:
-			fmt.Fprintf(os.Stderr, "proto: no encoder function for %v -> %v\n", t1, t2)
-			break
-		case reflect.Bool:
-			p.enc = (*Buffer).enc_bool
-			p.dec = (*Buffer).dec_bool
-			p.size = size_bool
-		case reflect.Int32:
-			p.enc = (*Buffer).enc_int32
-			p.dec = (*Buffer).dec_int32
-			p.size = size_int32
-		case reflect.Uint32:
-			p.enc = (*Buffer).enc_uint32
-			p.dec = (*Buffer).dec_int32 // can reuse
-			p.size = size_uint32
-		case reflect.Int64, reflect.Uint64:
-			p.enc = (*Buffer).enc_int64
-			p.dec = (*Buffer).dec_int64
-			p.size = size_int64
-		case reflect.Float32:
-			p.enc = (*Buffer).enc_uint32 // can just treat them as bits
-			p.dec = (*Buffer).dec_int32
-			p.size = size_uint32
-		case reflect.Float64:
-			p.enc = (*Buffer).enc_int64 // can just treat them as bits
-			p.dec = (*Buffer).dec_int64
-			p.size = size_int64
-		case reflect.String:
-			p.enc = (*Buffer).enc_string
-			p.dec = (*Buffer).dec_string
-			p.size = size_string
-		case reflect.Struct:
+		if t1.Elem().Kind() == reflect.Struct {
 			p.stype = t1.Elem()
-			p.isMarshaler = isMarshaler(t1)
-			p.isUnmarshaler = isUnmarshaler(t1)
-			if p.Wire == "bytes" {
-				p.enc = (*Buffer).enc_struct_message
-				p.dec = (*Buffer).dec_struct_message
-				p.size = size_struct_message
-			} else {
-				p.enc = (*Buffer).enc_struct_group
-				p.dec = (*Buffer).dec_struct_group
-				p.size = size_struct_group
-			}
 		}
-
 	case reflect.Slice:
 		switch t2 := t1.Elem(); t2.Kind() {
-		default:
-			logNoSliceEnc(t1, t2)
-			break
-		case reflect.Bool:
-			if p.Packed {
-				p.enc = (*Buffer).enc_slice_packed_bool
-				p.size = size_slice_packed_bool
-			} else {
-				p.enc = (*Buffer).enc_slice_bool
-				p.size = size_slice_bool
-			}
-			p.dec = (*Buffer).dec_slice_bool
-			p.packedDec = (*Buffer).dec_slice_packed_bool
-		case reflect.Int32:
-			if p.Packed {
-				p.enc = (*Buffer).enc_slice_packed_int32
-				p.size = size_slice_packed_int32
-			} else {
-				p.enc = (*Buffer).enc_slice_int32
-				p.size = size_slice_int32
-			}
-			p.dec = (*Buffer).dec_slice_int32
-			p.packedDec = (*Buffer).dec_slice_packed_int32
-		case reflect.Uint32:
-			if p.Packed {
-				p.enc = (*Buffer).enc_slice_packed_uint32
-				p.size = size_slice_packed_uint32
-			} else {
-				p.enc = (*Buffer).enc_slice_uint32
-				p.size = size_slice_uint32
-			}
-			p.dec = (*Buffer).dec_slice_int32
-			p.packedDec = (*Buffer).dec_slice_packed_int32
-		case reflect.Int64, reflect.Uint64:
-			if p.Packed {
-				p.enc = (*Buffer).enc_slice_packed_int64
-				p.size = size_slice_packed_int64
-			} else {
-				p.enc = (*Buffer).enc_slice_int64
-				p.size = size_slice_int64
-			}
-			p.dec = (*Buffer).dec_slice_int64
-			p.packedDec = (*Buffer).dec_slice_packed_int64
-		case reflect.Uint8:
-			p.dec = (*Buffer).dec_slice_byte
-			if p.proto3 {
-				p.enc = (*Buffer).enc_proto3_slice_byte
-				p.size = size_proto3_slice_byte
-			} else {
-				p.enc = (*Buffer).enc_slice_byte
-				p.size = size_slice_byte
-			}
-		case reflect.Float32, reflect.Float64:
-			switch t2.Bits() {
-			case 32:
-				// can just treat them as bits
-				if p.Packed {
-					p.enc = (*Buffer).enc_slice_packed_uint32
-					p.size = size_slice_packed_uint32
-				} else {
-					p.enc = (*Buffer).enc_slice_uint32
-					p.size = size_slice_uint32
-				}
-				p.dec = (*Buffer).dec_slice_int32
-				p.packedDec = (*Buffer).dec_slice_packed_int32
-			case 64:
-				// can just treat them as bits
-				if p.Packed {
-					p.enc = (*Buffer).enc_slice_packed_int64
-					p.size = size_slice_packed_int64
-				} else {
-					p.enc = (*Buffer).enc_slice_int64
-					p.size = size_slice_int64
-				}
-				p.dec = (*Buffer).dec_slice_int64
-				p.packedDec = (*Buffer).dec_slice_packed_int64
-			default:
-				logNoSliceEnc(t1, t2)
-				break
-			}
-		case reflect.String:
-			p.enc = (*Buffer).enc_slice_string
-			p.dec = (*Buffer).dec_slice_string
-			p.size = size_slice_string
 		case reflect.Ptr:
 			switch t3 := t2.Elem(); t3.Kind() {
-			default:
-				fmt.Fprintf(os.Stderr, "proto: no ptr oenc for %T -> %T -> %T\n", t1, t2, t3)
-				break
 			case reflect.Struct:
-				p.stype = t2.Elem()
-				p.isMarshaler = isMarshaler(t2)
-				p.isUnmarshaler = isUnmarshaler(t2)
-				if p.Wire == "bytes" {
-					p.enc = (*Buffer).enc_slice_struct_message
-					p.dec = (*Buffer).dec_slice_struct_message
-					p.size = size_slice_struct_message
-				} else {
-					p.enc = (*Buffer).enc_slice_struct_group
-					p.dec = (*Buffer).dec_slice_struct_group
-					p.size = size_slice_struct_group
-				}
-			}
-		case reflect.Slice:
-			switch t2.Elem().Kind() {
-			default:
-				fmt.Fprintf(os.Stderr, "proto: no slice elem oenc for %T -> %T -> %T\n", t1, t2, t2.Elem())
-				break
-			case reflect.Uint8:
-				p.enc = (*Buffer).enc_slice_slice_byte
-				p.dec = (*Buffer).dec_slice_slice_byte
-				p.size = size_slice_slice_byte
+				p.stype = t3
 			}
 		case reflect.Struct:
-			p.setSliceOfNonPointerStructs(t1)
+			p.stype = t2
 		}
 
 	case reflect.Map:
-		p.enc = (*Buffer).enc_new_map
-		p.dec = (*Buffer).dec_new_map
-		p.size = size_new_map
 
 		p.mtype = t1
-		p.mkeyprop = &Properties{}
-		p.mkeyprop.init(reflect.PtrTo(p.mtype.Key()), "Key", f.Tag.Get("protobuf_key"), nil, lockGetProp)
-		p.mvalprop = &Properties{}
+		p.MapKeyProp = &Properties{}
+		p.MapKeyProp.init(reflect.PtrTo(p.mtype.Key()), "Key", f.Tag.Get("protobuf_key"), nil, lockGetProp)
+		p.MapValProp = &Properties{}
 		vtype := p.mtype.Elem()
 		if vtype.Kind() != reflect.Ptr && vtype.Kind() != reflect.Slice {
 			// The value type is not a message (*T) or bytes ([]byte),
@@ -650,29 +333,16 @@ func (p *Properties) setEncAndDec(typ reflect.Type, f *reflect.StructField, lock
 			vtype = reflect.PtrTo(vtype)
 		}
 
-		p.mvalprop.CustomType = p.CustomType
-		p.mvalprop.StdDuration = p.StdDuration
-		p.mvalprop.StdTime = p.StdTime
-		p.mvalprop.init(vtype, "Value", f.Tag.Get("protobuf_val"), nil, lockGetProp)
+		p.MapValProp.CustomType = p.CustomType
+		p.MapValProp.StdDuration = p.StdDuration
+		p.MapValProp.StdTime = p.StdTime
+		p.MapValProp.WktPointer = p.WktPointer
+		p.MapValProp.init(vtype, "Value", f.Tag.Get("protobuf_val"), nil, lockGetProp)
 	}
 	p.setTag(lockGetProp)
 }
 
 func (p *Properties) setTag(lockGetProp bool) {
-	// precalculate tag code
-	wire := p.WireType
-	if p.Packed {
-		wire = WireBytes
-	}
-	x := uint32(p.Tag)<<3 | uint32(wire)
-	i := 0
-	for i = 0; x > 127; i++ {
-		p.tagbuf[i] = 0x80 | uint8(x&0x7F)
-		x >>= 7
-	}
-	p.tagbuf[i] = uint8(x)
-	p.tagcode = p.tagbuf[0 : i+1]
-
 	if p.stype != nil {
 		if lockGetProp {
 			p.sprop = GetProperties(p.stype)
@@ -683,20 +353,9 @@ func (p *Properties) setTag(lockGetProp bool) {
 }
 
 var (
-	marshalerType   = reflect.TypeOf((*Marshaler)(nil)).Elem()
-	unmarshalerType = reflect.TypeOf((*Unmarshaler)(nil)).Elem()
+	marshalerType = reflect.TypeOf((*Marshaler)(nil)).Elem()
 )
 
-// isMarshaler reports whether type t implements Marshaler.
-func isMarshaler(t reflect.Type) bool {
-	return t.Implements(marshalerType)
-}
-
-// isUnmarshaler reports whether type t implements Unmarshaler.
-func isUnmarshaler(t reflect.Type) bool {
-	return t.Implements(unmarshalerType)
-}
-
 // Init populates the properties from a protocol buffer struct tag.
 func (p *Properties) Init(typ reflect.Type, name, tag string, f *reflect.StructField) {
 	p.init(typ, name, tag, f, true)
@@ -706,14 +365,11 @@ func (p *Properties) init(typ reflect.Type, name, tag string, f *reflect.StructF
 	// "bytes,49,opt,def=hello!"
 	p.Name = name
 	p.OrigName = name
-	if f != nil {
-		p.field = toField(f)
-	}
 	if tag == "" {
 		return
 	}
 	p.Parse(tag)
-	p.setEncAndDec(typ, f, lockGetProp)
+	p.setFieldProps(typ, f, lockGetProp)
 }
 
 var (
@@ -734,9 +390,6 @@ func GetProperties(t reflect.Type) *StructProperties {
 	sprop, ok := propertiesMap[t]
 	propertiesMu.RUnlock()
 	if ok {
-		if collectStats {
-			stats.Chit++
-		}
 		return sprop
 	}
 
@@ -746,27 +399,26 @@ func GetProperties(t reflect.Type) *StructProperties {
 	return sprop
 }
 
+type (
+	oneofFuncsIface interface {
+		XXX_OneofFuncs() (func(Message, *Buffer) error, func(Message, int, int, *Buffer) (bool, error), func(Message) int, []interface{})
+	}
+	oneofWrappersIface interface {
+		XXX_OneofWrappers() []interface{}
+	}
+)
+
 // getPropertiesLocked requires that propertiesMu is held.
 func getPropertiesLocked(t reflect.Type) *StructProperties {
 	if prop, ok := propertiesMap[t]; ok {
-		if collectStats {
-			stats.Chit++
-		}
 		return prop
 	}
-	if collectStats {
-		stats.Cmiss++
-	}
 
 	prop := new(StructProperties)
 	// in case of recursive protos, fill this in now.
 	propertiesMap[t] = prop
 
 	// build properties
-	prop.extendable = reflect.PtrTo(t).Implements(extendableProtoType) ||
-		reflect.PtrTo(t).Implements(extendableProtoV1Type) ||
-		reflect.PtrTo(t).Implements(extendableBytesType)
-	prop.unrecField = invalidField
 	prop.Prop = make([]*Properties, t.NumField())
 	prop.order = make([]int, t.NumField())
 
@@ -777,23 +429,6 @@ func getPropertiesLocked(t reflect.Type) *StructProperties {
 		name := f.Name
 		p.init(f.Type, name, f.Tag.Get("protobuf"), &f, false)
 
-		if f.Name == "XXX_InternalExtensions" { // special case
-			p.enc = (*Buffer).enc_exts
-			p.dec = nil // not needed
-			p.size = size_exts
-		} else if f.Name == "XXX_extensions" { // special case
-			if len(f.Tag.Get("protobuf")) > 0 {
-				p.enc = (*Buffer).enc_ext_slice_byte
-				p.dec = nil // not needed
-				p.size = size_ext_slice_byte
-			} else {
-				p.enc = (*Buffer).enc_map
-				p.dec = nil // not needed
-				p.size = size_map
-			}
-		} else if f.Name == "XXX_unrecognized" { // special case
-			prop.unrecField = toField(&f)
-		}
 		oneof := f.Tag.Get("protobuf_oneof") // special case
 		if oneof != "" {
 			isOneofMessage = true
@@ -809,46 +444,45 @@ func getPropertiesLocked(t reflect.Type) *StructProperties {
 			}
 			print("\n")
 		}
-		if p.enc == nil && !strings.HasPrefix(f.Name, "XXX_") && oneof == "" {
-			fmt.Fprintln(os.Stderr, "proto: no encoder for", f.Name, f.Type.String(), "[GetProperties]")
-		}
 	}
 
 	// Re-order prop.order.
 	sort.Sort(prop)
 
-	type oneofMessage interface {
-		XXX_OneofFuncs() (func(Message, *Buffer) error, func(Message, int, int, *Buffer) (bool, error), func(Message) int, []interface{})
-	}
-	if om, ok := reflect.Zero(reflect.PtrTo(t)).Interface().(oneofMessage); isOneofMessage && ok {
+	if isOneofMessage {
 		var oots []interface{}
-		prop.oneofMarshaler, prop.oneofUnmarshaler, prop.oneofSizer, oots = om.XXX_OneofFuncs()
-		prop.stype = t
-
-		// Interpret oneof metadata.
-		prop.OneofTypes = make(map[string]*OneofProperties)
-		for _, oot := range oots {
-			oop := &OneofProperties{
-				Type: reflect.ValueOf(oot).Type(), // *T
-				Prop: new(Properties),
-			}
-			sft := oop.Type.Elem().Field(0)
-			oop.Prop.Name = sft.Name
-			oop.Prop.Parse(sft.Tag.Get("protobuf"))
-			// There will be exactly one interface field that
-			// this new value is assignable to.
-			for i := 0; i < t.NumField(); i++ {
-				f := t.Field(i)
-				if f.Type.Kind() != reflect.Interface {
-					continue
+		switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
+		case oneofFuncsIface:
+			_, _, _, oots = m.XXX_OneofFuncs()
+		case oneofWrappersIface:
+			oots = m.XXX_OneofWrappers()
+		}
+		if len(oots) > 0 {
+			// Interpret oneof metadata.
+			prop.OneofTypes = make(map[string]*OneofProperties)
+			for _, oot := range oots {
+				oop := &OneofProperties{
+					Type: reflect.ValueOf(oot).Type(), // *T
+					Prop: new(Properties),
 				}
-				if !oop.Type.AssignableTo(f.Type) {
-					continue
+				sft := oop.Type.Elem().Field(0)
+				oop.Prop.Name = sft.Name
+				oop.Prop.Parse(sft.Tag.Get("protobuf"))
+				// There will be exactly one interface field that
+				// this new value is assignable to.
+				for i := 0; i < t.NumField(); i++ {
+					f := t.Field(i)
+					if f.Type.Kind() != reflect.Interface {
+						continue
+					}
+					if !oop.Type.AssignableTo(f.Type) {
+						continue
+					}
+					oop.Field = i
+					break
 				}
-				oop.Field = i
-				break
+				prop.OneofTypes[oop.Prop.OrigName] = oop
 			}
-			prop.OneofTypes[oop.Prop.OrigName] = oop
 		}
 	}
 
@@ -873,30 +507,6 @@ func getPropertiesLocked(t reflect.Type) *StructProperties {
 	return prop
 }
 
-// Return the Properties object for the x[0]'th field of the structure.
-func propByIndex(t reflect.Type, x []int) *Properties {
-	if len(x) != 1 {
-		fmt.Fprintf(os.Stderr, "proto: field index dimension %d (not 1) for type %s\n", len(x), t)
-		return nil
-	}
-	prop := GetProperties(t)
-	return prop.Prop[x[0]]
-}
-
-// Get the address and type of a pointer to a struct from an interface.
-func getbase(pb Message) (t reflect.Type, b structPointer, err error) {
-	if pb == nil {
-		err = ErrNil
-		return
-	}
-	// get the reflect type of the pointer to the struct.
-	t = reflect.TypeOf(pb)
-	// get the address of the struct.
-	value := reflect.ValueOf(pb)
-	b = toStructPointer(value)
-	return
-}
-
 // A global registry of enum types.
 // The generated code will register the generated maps by calling RegisterEnum.
 
@@ -925,20 +535,42 @@ func EnumValueMap(enumType string) map[string]int32 {
 // A registry of all linked message types.
 // The string is a fully-qualified proto name ("pkg.Message").
 var (
-	protoTypes    = make(map[string]reflect.Type)
-	revProtoTypes = make(map[reflect.Type]string)
+	protoTypedNils = make(map[string]Message)      // a map from proto names to typed nil pointers
+	protoMapTypes  = make(map[string]reflect.Type) // a map from proto names to map types
+	revProtoTypes  = make(map[reflect.Type]string)
 )
 
 // RegisterType is called from generated code and maps from the fully qualified
 // proto name to the type (pointer to struct) of the protocol buffer.
 func RegisterType(x Message, name string) {
-	if _, ok := protoTypes[name]; ok {
+	if _, ok := protoTypedNils[name]; ok {
 		// TODO: Some day, make this a panic.
 		log.Printf("proto: duplicate proto type registered: %s", name)
 		return
 	}
 	t := reflect.TypeOf(x)
-	protoTypes[name] = t
+	if v := reflect.ValueOf(x); v.Kind() == reflect.Ptr && v.Pointer() == 0 {
+		// Generated code always calls RegisterType with nil x.
+		// This check is just for extra safety.
+		protoTypedNils[name] = x
+	} else {
+		protoTypedNils[name] = reflect.Zero(t).Interface().(Message)
+	}
+	revProtoTypes[t] = name
+}
+
+// RegisterMapType is called from generated code and maps from the fully qualified
+// proto name to the native map type of the proto map definition.
+func RegisterMapType(x interface{}, name string) {
+	if reflect.TypeOf(x).Kind() != reflect.Map {
+		panic(fmt.Sprintf("RegisterMapType(%T, %q); want map", x, name))
+	}
+	if _, ok := protoMapTypes[name]; ok {
+		log.Printf("proto: duplicate proto type registered: %s", name)
+		return
+	}
+	t := reflect.TypeOf(x)
+	protoMapTypes[name] = t
 	revProtoTypes[t] = name
 }
 
@@ -954,7 +586,14 @@ func MessageName(x Message) string {
 }
 
 // MessageType returns the message type (pointer to struct) for a named message.
-func MessageType(name string) reflect.Type { return protoTypes[name] }
+// The type is not guaranteed to implement proto.Message if the name refers to a
+// map entry.
+func MessageType(name string) reflect.Type {
+	if t, ok := protoTypedNils[name]; ok {
+		return reflect.TypeOf(t)
+	}
+	return protoMapTypes[name]
+}
 
 // A registry of all linked proto files.
 var (
diff --git a/vendor/github.com/gogo/protobuf/proto/properties_gogo.go b/vendor/github.com/gogo/protobuf/proto/properties_gogo.go
index b6b7176c5656f..40ea3dd935c27 100644
--- a/vendor/github.com/gogo/protobuf/proto/properties_gogo.go
+++ b/vendor/github.com/gogo/protobuf/proto/properties_gogo.go
@@ -1,6 +1,6 @@
 // Protocol Buffers for Go with Gadgets
 //
-// Copyright (c) 2013, The GoGo Authors. All rights reserved.
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
 // http://github.com/gogo/protobuf
 //
 // Redistribution and use in source and binary forms, with or without
@@ -29,83 +29,8 @@
 package proto
 
 import (
-	"fmt"
-	"os"
 	"reflect"
 )
 
-func (p *Properties) setCustomEncAndDec(typ reflect.Type) {
-	p.ctype = typ
-	if p.Repeated {
-		p.enc = (*Buffer).enc_custom_slice_bytes
-		p.dec = (*Buffer).dec_custom_slice_bytes
-		p.size = size_custom_slice_bytes
-	} else if typ.Kind() == reflect.Ptr {
-		p.enc = (*Buffer).enc_custom_bytes
-		p.dec = (*Buffer).dec_custom_bytes
-		p.size = size_custom_bytes
-	} else {
-		p.enc = (*Buffer).enc_custom_ref_bytes
-		p.dec = (*Buffer).dec_custom_ref_bytes
-		p.size = size_custom_ref_bytes
-	}
-}
-
-func (p *Properties) setDurationEncAndDec(typ reflect.Type) {
-	if p.Repeated {
-		if typ.Elem().Kind() == reflect.Ptr {
-			p.enc = (*Buffer).enc_slice_duration
-			p.dec = (*Buffer).dec_slice_duration
-			p.size = size_slice_duration
-		} else {
-			p.enc = (*Buffer).enc_slice_ref_duration
-			p.dec = (*Buffer).dec_slice_ref_duration
-			p.size = size_slice_ref_duration
-		}
-	} else if typ.Kind() == reflect.Ptr {
-		p.enc = (*Buffer).enc_duration
-		p.dec = (*Buffer).dec_duration
-		p.size = size_duration
-	} else {
-		p.enc = (*Buffer).enc_ref_duration
-		p.dec = (*Buffer).dec_ref_duration
-		p.size = size_ref_duration
-	}
-}
-
-func (p *Properties) setTimeEncAndDec(typ reflect.Type) {
-	if p.Repeated {
-		if typ.Elem().Kind() == reflect.Ptr {
-			p.enc = (*Buffer).enc_slice_time
-			p.dec = (*Buffer).dec_slice_time
-			p.size = size_slice_time
-		} else {
-			p.enc = (*Buffer).enc_slice_ref_time
-			p.dec = (*Buffer).dec_slice_ref_time
-			p.size = size_slice_ref_time
-		}
-	} else if typ.Kind() == reflect.Ptr {
-		p.enc = (*Buffer).enc_time
-		p.dec = (*Buffer).dec_time
-		p.size = size_time
-	} else {
-		p.enc = (*Buffer).enc_ref_time
-		p.dec = (*Buffer).dec_ref_time
-		p.size = size_ref_time
-	}
-
-}
-
-func (p *Properties) setSliceOfNonPointerStructs(typ reflect.Type) {
-	t2 := typ.Elem()
-	p.sstype = typ
-	p.stype = t2
-	p.isMarshaler = isMarshaler(t2)
-	p.isUnmarshaler = isUnmarshaler(t2)
-	p.enc = (*Buffer).enc_slice_ref_struct_message
-	p.dec = (*Buffer).dec_slice_ref_struct_message
-	p.size = size_slice_ref_struct_message
-	if p.Wire != "bytes" {
-		fmt.Fprintf(os.Stderr, "proto: no ptr oenc for %T -> %T \n", typ, t2)
-	}
-}
+var sizerType = reflect.TypeOf((*Sizer)(nil)).Elem()
+var protosizerType = reflect.TypeOf((*ProtoSizer)(nil)).Elem()
diff --git a/vendor/github.com/gogo/protobuf/proto/table_marshal.go b/vendor/github.com/gogo/protobuf/proto/table_marshal.go
new file mode 100644
index 0000000000000..f8babdefab94e
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/table_marshal.go
@@ -0,0 +1,3009 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2016 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import (
+	"errors"
+	"fmt"
+	"math"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"unicode/utf8"
+)
+
+// a sizer takes a pointer to a field and the size of its tag, computes the size of
+// the encoded data.
+type sizer func(pointer, int) int
+
+// a marshaler takes a byte slice, a pointer to a field, and its tag (in wire format),
+// marshals the field to the end of the slice, returns the slice and error (if any).
+type marshaler func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error)
+
+// marshalInfo is the information used for marshaling a message.
+type marshalInfo struct {
+	typ          reflect.Type
+	fields       []*marshalFieldInfo
+	unrecognized field                      // offset of XXX_unrecognized
+	extensions   field                      // offset of XXX_InternalExtensions
+	v1extensions field                      // offset of XXX_extensions
+	sizecache    field                      // offset of XXX_sizecache
+	initialized  int32                      // 0 -- only typ is set, 1 -- fully initialized
+	messageset   bool                       // uses message set wire format
+	hasmarshaler bool                       // has custom marshaler
+	sync.RWMutex                            // protect extElems map, also for initialization
+	extElems     map[int32]*marshalElemInfo // info of extension elements
+
+	hassizer      bool // has custom sizer
+	hasprotosizer bool // has custom protosizer
+
+	bytesExtensions field // offset of XXX_extensions where the field type is []byte
+}
+
+// marshalFieldInfo is the information used for marshaling a field of a message.
+type marshalFieldInfo struct {
+	field      field
+	wiretag    uint64 // tag in wire format
+	tagsize    int    // size of tag in wire format
+	sizer      sizer
+	marshaler  marshaler
+	isPointer  bool
+	required   bool                              // field is required
+	name       string                            // name of the field, for error reporting
+	oneofElems map[reflect.Type]*marshalElemInfo // info of oneof elements
+}
+
+// marshalElemInfo is the information used for marshaling an extension or oneof element.
+type marshalElemInfo struct {
+	wiretag   uint64 // tag in wire format
+	tagsize   int    // size of tag in wire format
+	sizer     sizer
+	marshaler marshaler
+	isptr     bool // elem is pointer typed, thus interface of this type is a direct interface (extension only)
+}
+
+var (
+	marshalInfoMap  = map[reflect.Type]*marshalInfo{}
+	marshalInfoLock sync.Mutex
+
+	uint8SliceType = reflect.TypeOf(([]uint8)(nil)).Kind()
+)
+
+// getMarshalInfo returns the information to marshal a given type of message.
+// The info it returns may not necessarily initialized.
+// t is the type of the message (NOT the pointer to it).
+func getMarshalInfo(t reflect.Type) *marshalInfo {
+	marshalInfoLock.Lock()
+	u, ok := marshalInfoMap[t]
+	if !ok {
+		u = &marshalInfo{typ: t}
+		marshalInfoMap[t] = u
+	}
+	marshalInfoLock.Unlock()
+	return u
+}
+
+// Size is the entry point from generated code,
+// and should be ONLY called by generated code.
+// It computes the size of encoded data of msg.
+// a is a pointer to a place to store cached marshal info.
+func (a *InternalMessageInfo) Size(msg Message) int {
+	u := getMessageMarshalInfo(msg, a)
+	ptr := toPointer(&msg)
+	if ptr.isNil() {
+		// We get here if msg is a typed nil ((*SomeMessage)(nil)),
+		// so it satisfies the interface, and msg == nil wouldn't
+		// catch it. We don't want crash in this case.
+		return 0
+	}
+	return u.size(ptr)
+}
+
+// Marshal is the entry point from generated code,
+// and should be ONLY called by generated code.
+// It marshals msg to the end of b.
+// a is a pointer to a place to store cached marshal info.
+func (a *InternalMessageInfo) Marshal(b []byte, msg Message, deterministic bool) ([]byte, error) {
+	u := getMessageMarshalInfo(msg, a)
+	ptr := toPointer(&msg)
+	if ptr.isNil() {
+		// We get here if msg is a typed nil ((*SomeMessage)(nil)),
+		// so it satisfies the interface, and msg == nil wouldn't
+		// catch it. We don't want crash in this case.
+		return b, ErrNil
+	}
+	return u.marshal(b, ptr, deterministic)
+}
+
+func getMessageMarshalInfo(msg interface{}, a *InternalMessageInfo) *marshalInfo {
+	// u := a.marshal, but atomically.
+	// We use an atomic here to ensure memory consistency.
+	u := atomicLoadMarshalInfo(&a.marshal)
+	if u == nil {
+		// Get marshal information from type of message.
+		t := reflect.ValueOf(msg).Type()
+		if t.Kind() != reflect.Ptr {
+			panic(fmt.Sprintf("cannot handle non-pointer message type %v", t))
+		}
+		u = getMarshalInfo(t.Elem())
+		// Store it in the cache for later users.
+		// a.marshal = u, but atomically.
+		atomicStoreMarshalInfo(&a.marshal, u)
+	}
+	return u
+}
+
+// size is the main function to compute the size of the encoded data of a message.
+// ptr is the pointer to the message.
+func (u *marshalInfo) size(ptr pointer) int {
+	if atomic.LoadInt32(&u.initialized) == 0 {
+		u.computeMarshalInfo()
+	}
+
+	// If the message can marshal itself, let it do it, for compatibility.
+	// NOTE: This is not efficient.
+	if u.hasmarshaler {
+		// Uses the message's Size method if available
+		if u.hassizer {
+			s := ptr.asPointerTo(u.typ).Interface().(Sizer)
+			return s.Size()
+		}
+		// Uses the message's ProtoSize method if available
+		if u.hasprotosizer {
+			s := ptr.asPointerTo(u.typ).Interface().(ProtoSizer)
+			return s.ProtoSize()
+		}
+
+		m := ptr.asPointerTo(u.typ).Interface().(Marshaler)
+		b, _ := m.Marshal()
+		return len(b)
+	}
+
+	n := 0
+	for _, f := range u.fields {
+		if f.isPointer && ptr.offset(f.field).getPointer().isNil() {
+			// nil pointer always marshals to nothing
+			continue
+		}
+		n += f.sizer(ptr.offset(f.field), f.tagsize)
+	}
+	if u.extensions.IsValid() {
+		e := ptr.offset(u.extensions).toExtensions()
+		if u.messageset {
+			n += u.sizeMessageSet(e)
+		} else {
+			n += u.sizeExtensions(e)
+		}
+	}
+	if u.v1extensions.IsValid() {
+		m := *ptr.offset(u.v1extensions).toOldExtensions()
+		n += u.sizeV1Extensions(m)
+	}
+	if u.bytesExtensions.IsValid() {
+		s := *ptr.offset(u.bytesExtensions).toBytes()
+		n += len(s)
+	}
+	if u.unrecognized.IsValid() {
+		s := *ptr.offset(u.unrecognized).toBytes()
+		n += len(s)
+	}
+
+	// cache the result for use in marshal
+	if u.sizecache.IsValid() {
+		atomic.StoreInt32(ptr.offset(u.sizecache).toInt32(), int32(n))
+	}
+	return n
+}
+
+// cachedsize gets the size from cache. If there is no cache (i.e. message is not generated),
+// fall back to compute the size.
+func (u *marshalInfo) cachedsize(ptr pointer) int {
+	if u.sizecache.IsValid() {
+		return int(atomic.LoadInt32(ptr.offset(u.sizecache).toInt32()))
+	}
+	return u.size(ptr)
+}
+
+// marshal is the main function to marshal a message. It takes a byte slice and appends
+// the encoded data to the end of the slice, returns the slice and error (if any).
+// ptr is the pointer to the message.
+// If deterministic is true, map is marshaled in deterministic order.
+func (u *marshalInfo) marshal(b []byte, ptr pointer, deterministic bool) ([]byte, error) {
+	if atomic.LoadInt32(&u.initialized) == 0 {
+		u.computeMarshalInfo()
+	}
+
+	// If the message can marshal itself, let it do it, for compatibility.
+	// NOTE: This is not efficient.
+	if u.hasmarshaler {
+		m := ptr.asPointerTo(u.typ).Interface().(Marshaler)
+		b1, err := m.Marshal()
+		b = append(b, b1...)
+		return b, err
+	}
+
+	var err, errLater error
+	// The old marshaler encodes extensions at beginning.
+	if u.extensions.IsValid() {
+		e := ptr.offset(u.extensions).toExtensions()
+		if u.messageset {
+			b, err = u.appendMessageSet(b, e, deterministic)
+		} else {
+			b, err = u.appendExtensions(b, e, deterministic)
+		}
+		if err != nil {
+			return b, err
+		}
+	}
+	if u.v1extensions.IsValid() {
+		m := *ptr.offset(u.v1extensions).toOldExtensions()
+		b, err = u.appendV1Extensions(b, m, deterministic)
+		if err != nil {
+			return b, err
+		}
+	}
+	if u.bytesExtensions.IsValid() {
+		s := *ptr.offset(u.bytesExtensions).toBytes()
+		b = append(b, s...)
+	}
+	for _, f := range u.fields {
+		if f.required {
+			if f.isPointer && ptr.offset(f.field).getPointer().isNil() {
+				// Required field is not set.
+				// We record the error but keep going, to give a complete marshaling.
+				if errLater == nil {
+					errLater = &RequiredNotSetError{f.name}
+				}
+				continue
+			}
+		}
+		if f.isPointer && ptr.offset(f.field).getPointer().isNil() {
+			// nil pointer always marshals to nothing
+			continue
+		}
+		b, err = f.marshaler(b, ptr.offset(f.field), f.wiretag, deterministic)
+		if err != nil {
+			if err1, ok := err.(*RequiredNotSetError); ok {
+				// Required field in submessage is not set.
+				// We record the error but keep going, to give a complete marshaling.
+				if errLater == nil {
+					errLater = &RequiredNotSetError{f.name + "." + err1.field}
+				}
+				continue
+			}
+			if err == errRepeatedHasNil {
+				err = errors.New("proto: repeated field " + f.name + " has nil element")
+			}
+			if err == errInvalidUTF8 {
+				if errLater == nil {
+					fullName := revProtoTypes[reflect.PtrTo(u.typ)] + "." + f.name
+					errLater = &invalidUTF8Error{fullName}
+				}
+				continue
+			}
+			return b, err
+		}
+	}
+	if u.unrecognized.IsValid() {
+		s := *ptr.offset(u.unrecognized).toBytes()
+		b = append(b, s...)
+	}
+	return b, errLater
+}
+
+// computeMarshalInfo initializes the marshal info.
+func (u *marshalInfo) computeMarshalInfo() {
+	u.Lock()
+	defer u.Unlock()
+	if u.initialized != 0 { // non-atomic read is ok as it is protected by the lock
+		return
+	}
+
+	t := u.typ
+	u.unrecognized = invalidField
+	u.extensions = invalidField
+	u.v1extensions = invalidField
+	u.bytesExtensions = invalidField
+	u.sizecache = invalidField
+	isOneofMessage := false
+
+	if reflect.PtrTo(t).Implements(sizerType) {
+		u.hassizer = true
+	}
+	if reflect.PtrTo(t).Implements(protosizerType) {
+		u.hasprotosizer = true
+	}
+	// If the message can marshal itself, let it do it, for compatibility.
+	// NOTE: This is not efficient.
+	if reflect.PtrTo(t).Implements(marshalerType) {
+		u.hasmarshaler = true
+		atomic.StoreInt32(&u.initialized, 1)
+		return
+	}
+
+	n := t.NumField()
+
+	// deal with XXX fields first
+	for i := 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+		if f.Tag.Get("protobuf_oneof") != "" {
+			isOneofMessage = true
+		}
+		if !strings.HasPrefix(f.Name, "XXX_") {
+			continue
+		}
+		switch f.Name {
+		case "XXX_sizecache":
+			u.sizecache = toField(&f)
+		case "XXX_unrecognized":
+			u.unrecognized = toField(&f)
+		case "XXX_InternalExtensions":
+			u.extensions = toField(&f)
+			u.messageset = f.Tag.Get("protobuf_messageset") == "1"
+		case "XXX_extensions":
+			if f.Type.Kind() == reflect.Map {
+				u.v1extensions = toField(&f)
+			} else {
+				u.bytesExtensions = toField(&f)
+			}
+		case "XXX_NoUnkeyedLiteral":
+			// nothing to do
+		default:
+			panic("unknown XXX field: " + f.Name)
+		}
+		n--
+	}
+
+	// get oneof implementers
+	var oneofImplementers []interface{}
+	// gogo: isOneofMessage is needed for embedded oneof messages, without a marshaler and unmarshaler
+	if isOneofMessage {
+		switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
+		case oneofFuncsIface:
+			_, _, _, oneofImplementers = m.XXX_OneofFuncs()
+		case oneofWrappersIface:
+			oneofImplementers = m.XXX_OneofWrappers()
+		}
+	}
+
+	// normal fields
+	fields := make([]marshalFieldInfo, n) // batch allocation
+	u.fields = make([]*marshalFieldInfo, 0, n)
+	for i, j := 0, 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+
+		if strings.HasPrefix(f.Name, "XXX_") {
+			continue
+		}
+		field := &fields[j]
+		j++
+		field.name = f.Name
+		u.fields = append(u.fields, field)
+		if f.Tag.Get("protobuf_oneof") != "" {
+			field.computeOneofFieldInfo(&f, oneofImplementers)
+			continue
+		}
+		if f.Tag.Get("protobuf") == "" {
+			// field has no tag (not in generated message), ignore it
+			u.fields = u.fields[:len(u.fields)-1]
+			j--
+			continue
+		}
+		field.computeMarshalFieldInfo(&f)
+	}
+
+	// fields are marshaled in tag order on the wire.
+	sort.Sort(byTag(u.fields))
+
+	atomic.StoreInt32(&u.initialized, 1)
+}
+
+// helper for sorting fields by tag
+type byTag []*marshalFieldInfo
+
+func (a byTag) Len() int           { return len(a) }
+func (a byTag) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a byTag) Less(i, j int) bool { return a[i].wiretag < a[j].wiretag }
+
+// getExtElemInfo returns the information to marshal an extension element.
+// The info it returns is initialized.
+func (u *marshalInfo) getExtElemInfo(desc *ExtensionDesc) *marshalElemInfo {
+	// get from cache first
+	u.RLock()
+	e, ok := u.extElems[desc.Field]
+	u.RUnlock()
+	if ok {
+		return e
+	}
+
+	t := reflect.TypeOf(desc.ExtensionType) // pointer or slice to basic type or struct
+	tags := strings.Split(desc.Tag, ",")
+	tag, err := strconv.Atoi(tags[1])
+	if err != nil {
+		panic("tag is not an integer")
+	}
+	wt := wiretype(tags[0])
+	sizr, marshalr := typeMarshaler(t, tags, false, false)
+	e = &marshalElemInfo{
+		wiretag:   uint64(tag)<<3 | wt,
+		tagsize:   SizeVarint(uint64(tag) << 3),
+		sizer:     sizr,
+		marshaler: marshalr,
+		isptr:     t.Kind() == reflect.Ptr,
+	}
+
+	// update cache
+	u.Lock()
+	if u.extElems == nil {
+		u.extElems = make(map[int32]*marshalElemInfo)
+	}
+	u.extElems[desc.Field] = e
+	u.Unlock()
+	return e
+}
+
+// computeMarshalFieldInfo fills up the information to marshal a field.
+func (fi *marshalFieldInfo) computeMarshalFieldInfo(f *reflect.StructField) {
+	// parse protobuf tag of the field.
+	// tag has format of "bytes,49,opt,name=foo,def=hello!"
+	tags := strings.Split(f.Tag.Get("protobuf"), ",")
+	if tags[0] == "" {
+		return
+	}
+	tag, err := strconv.Atoi(tags[1])
+	if err != nil {
+		panic("tag is not an integer")
+	}
+	wt := wiretype(tags[0])
+	if tags[2] == "req" {
+		fi.required = true
+	}
+	fi.setTag(f, tag, wt)
+	fi.setMarshaler(f, tags)
+}
+
+func (fi *marshalFieldInfo) computeOneofFieldInfo(f *reflect.StructField, oneofImplementers []interface{}) {
+	fi.field = toField(f)
+	fi.wiretag = math.MaxInt32 // Use a large tag number, make oneofs sorted at the end. This tag will not appear on the wire.
+	fi.isPointer = true
+	fi.sizer, fi.marshaler = makeOneOfMarshaler(fi, f)
+	fi.oneofElems = make(map[reflect.Type]*marshalElemInfo)
+
+	ityp := f.Type // interface type
+	for _, o := range oneofImplementers {
+		t := reflect.TypeOf(o)
+		if !t.Implements(ityp) {
+			continue
+		}
+		sf := t.Elem().Field(0) // oneof implementer is a struct with a single field
+		tags := strings.Split(sf.Tag.Get("protobuf"), ",")
+		tag, err := strconv.Atoi(tags[1])
+		if err != nil {
+			panic("tag is not an integer")
+		}
+		wt := wiretype(tags[0])
+		sizr, marshalr := typeMarshaler(sf.Type, tags, false, true) // oneof should not omit any zero value
+		fi.oneofElems[t.Elem()] = &marshalElemInfo{
+			wiretag:   uint64(tag)<<3 | wt,
+			tagsize:   SizeVarint(uint64(tag) << 3),
+			sizer:     sizr,
+			marshaler: marshalr,
+		}
+	}
+}
+
+// wiretype returns the wire encoding of the type.
+func wiretype(encoding string) uint64 {
+	switch encoding {
+	case "fixed32":
+		return WireFixed32
+	case "fixed64":
+		return WireFixed64
+	case "varint", "zigzag32", "zigzag64":
+		return WireVarint
+	case "bytes":
+		return WireBytes
+	case "group":
+		return WireStartGroup
+	}
+	panic("unknown wire type " + encoding)
+}
+
+// setTag fills up the tag (in wire format) and its size in the info of a field.
+func (fi *marshalFieldInfo) setTag(f *reflect.StructField, tag int, wt uint64) {
+	fi.field = toField(f)
+	fi.wiretag = uint64(tag)<<3 | wt
+	fi.tagsize = SizeVarint(uint64(tag) << 3)
+}
+
+// setMarshaler fills up the sizer and marshaler in the info of a field.
+func (fi *marshalFieldInfo) setMarshaler(f *reflect.StructField, tags []string) {
+	switch f.Type.Kind() {
+	case reflect.Map:
+		// map field
+		fi.isPointer = true
+		fi.sizer, fi.marshaler = makeMapMarshaler(f)
+		return
+	case reflect.Ptr, reflect.Slice:
+		fi.isPointer = true
+	}
+	fi.sizer, fi.marshaler = typeMarshaler(f.Type, tags, true, false)
+}
+
+// typeMarshaler returns the sizer and marshaler of a given field.
+// t is the type of the field.
+// tags is the generated "protobuf" tag of the field.
+// If nozero is true, zero value is not marshaled to the wire.
+// If oneof is true, it is a oneof field.
+func typeMarshaler(t reflect.Type, tags []string, nozero, oneof bool) (sizer, marshaler) {
+	encoding := tags[0]
+
+	pointer := false
+	slice := false
+	if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 {
+		slice = true
+		t = t.Elem()
+	}
+	if t.Kind() == reflect.Ptr {
+		pointer = true
+		t = t.Elem()
+	}
+
+	packed := false
+	proto3 := false
+	ctype := false
+	isTime := false
+	isDuration := false
+	isWktPointer := false
+	validateUTF8 := true
+	for i := 2; i < len(tags); i++ {
+		if tags[i] == "packed" {
+			packed = true
+		}
+		if tags[i] == "proto3" {
+			proto3 = true
+		}
+		if strings.HasPrefix(tags[i], "customtype=") {
+			ctype = true
+		}
+		if tags[i] == "stdtime" {
+			isTime = true
+		}
+		if tags[i] == "stdduration" {
+			isDuration = true
+		}
+		if tags[i] == "wktptr" {
+			isWktPointer = true
+		}
+	}
+	validateUTF8 = validateUTF8 && proto3
+	if !proto3 && !pointer && !slice {
+		nozero = false
+	}
+
+	if ctype {
+		if reflect.PtrTo(t).Implements(customType) {
+			if slice {
+				return makeMessageRefSliceMarshaler(getMarshalInfo(t))
+			}
+			if pointer {
+				return makeCustomPtrMarshaler(getMarshalInfo(t))
+			}
+			return makeCustomMarshaler(getMarshalInfo(t))
+		} else {
+			panic(fmt.Sprintf("custom type: type: %v, does not implement the proto.custom interface", t))
+		}
+	}
+
+	if isTime {
+		if pointer {
+			if slice {
+				return makeTimePtrSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeTimePtrMarshaler(getMarshalInfo(t))
+		}
+		if slice {
+			return makeTimeSliceMarshaler(getMarshalInfo(t))
+		}
+		return makeTimeMarshaler(getMarshalInfo(t))
+	}
+
+	if isDuration {
+		if pointer {
+			if slice {
+				return makeDurationPtrSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeDurationPtrMarshaler(getMarshalInfo(t))
+		}
+		if slice {
+			return makeDurationSliceMarshaler(getMarshalInfo(t))
+		}
+		return makeDurationMarshaler(getMarshalInfo(t))
+	}
+
+	if isWktPointer {
+		switch t.Kind() {
+		case reflect.Float64:
+			if pointer {
+				if slice {
+					return makeStdDoubleValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdDoubleValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdDoubleValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdDoubleValueMarshaler(getMarshalInfo(t))
+		case reflect.Float32:
+			if pointer {
+				if slice {
+					return makeStdFloatValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdFloatValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdFloatValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdFloatValueMarshaler(getMarshalInfo(t))
+		case reflect.Int64:
+			if pointer {
+				if slice {
+					return makeStdInt64ValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdInt64ValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdInt64ValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdInt64ValueMarshaler(getMarshalInfo(t))
+		case reflect.Uint64:
+			if pointer {
+				if slice {
+					return makeStdUInt64ValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdUInt64ValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdUInt64ValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdUInt64ValueMarshaler(getMarshalInfo(t))
+		case reflect.Int32:
+			if pointer {
+				if slice {
+					return makeStdInt32ValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdInt32ValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdInt32ValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdInt32ValueMarshaler(getMarshalInfo(t))
+		case reflect.Uint32:
+			if pointer {
+				if slice {
+					return makeStdUInt32ValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdUInt32ValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdUInt32ValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdUInt32ValueMarshaler(getMarshalInfo(t))
+		case reflect.Bool:
+			if pointer {
+				if slice {
+					return makeStdBoolValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdBoolValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdBoolValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdBoolValueMarshaler(getMarshalInfo(t))
+		case reflect.String:
+			if pointer {
+				if slice {
+					return makeStdStringValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdStringValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdStringValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdStringValueMarshaler(getMarshalInfo(t))
+		case uint8SliceType:
+			if pointer {
+				if slice {
+					return makeStdBytesValuePtrSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeStdBytesValuePtrMarshaler(getMarshalInfo(t))
+			}
+			if slice {
+				return makeStdBytesValueSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeStdBytesValueMarshaler(getMarshalInfo(t))
+		default:
+			panic(fmt.Sprintf("unknown wktpointer type %#v", t))
+		}
+	}
+
+	switch t.Kind() {
+	case reflect.Bool:
+		if pointer {
+			return sizeBoolPtr, appendBoolPtr
+		}
+		if slice {
+			if packed {
+				return sizeBoolPackedSlice, appendBoolPackedSlice
+			}
+			return sizeBoolSlice, appendBoolSlice
+		}
+		if nozero {
+			return sizeBoolValueNoZero, appendBoolValueNoZero
+		}
+		return sizeBoolValue, appendBoolValue
+	case reflect.Uint32:
+		switch encoding {
+		case "fixed32":
+			if pointer {
+				return sizeFixed32Ptr, appendFixed32Ptr
+			}
+			if slice {
+				if packed {
+					return sizeFixed32PackedSlice, appendFixed32PackedSlice
+				}
+				return sizeFixed32Slice, appendFixed32Slice
+			}
+			if nozero {
+				return sizeFixed32ValueNoZero, appendFixed32ValueNoZero
+			}
+			return sizeFixed32Value, appendFixed32Value
+		case "varint":
+			if pointer {
+				return sizeVarint32Ptr, appendVarint32Ptr
+			}
+			if slice {
+				if packed {
+					return sizeVarint32PackedSlice, appendVarint32PackedSlice
+				}
+				return sizeVarint32Slice, appendVarint32Slice
+			}
+			if nozero {
+				return sizeVarint32ValueNoZero, appendVarint32ValueNoZero
+			}
+			return sizeVarint32Value, appendVarint32Value
+		}
+	case reflect.Int32:
+		switch encoding {
+		case "fixed32":
+			if pointer {
+				return sizeFixedS32Ptr, appendFixedS32Ptr
+			}
+			if slice {
+				if packed {
+					return sizeFixedS32PackedSlice, appendFixedS32PackedSlice
+				}
+				return sizeFixedS32Slice, appendFixedS32Slice
+			}
+			if nozero {
+				return sizeFixedS32ValueNoZero, appendFixedS32ValueNoZero
+			}
+			return sizeFixedS32Value, appendFixedS32Value
+		case "varint":
+			if pointer {
+				return sizeVarintS32Ptr, appendVarintS32Ptr
+			}
+			if slice {
+				if packed {
+					return sizeVarintS32PackedSlice, appendVarintS32PackedSlice
+				}
+				return sizeVarintS32Slice, appendVarintS32Slice
+			}
+			if nozero {
+				return sizeVarintS32ValueNoZero, appendVarintS32ValueNoZero
+			}
+			return sizeVarintS32Value, appendVarintS32Value
+		case "zigzag32":
+			if pointer {
+				return sizeZigzag32Ptr, appendZigzag32Ptr
+			}
+			if slice {
+				if packed {
+					return sizeZigzag32PackedSlice, appendZigzag32PackedSlice
+				}
+				return sizeZigzag32Slice, appendZigzag32Slice
+			}
+			if nozero {
+				return sizeZigzag32ValueNoZero, appendZigzag32ValueNoZero
+			}
+			return sizeZigzag32Value, appendZigzag32Value
+		}
+	case reflect.Uint64:
+		switch encoding {
+		case "fixed64":
+			if pointer {
+				return sizeFixed64Ptr, appendFixed64Ptr
+			}
+			if slice {
+				if packed {
+					return sizeFixed64PackedSlice, appendFixed64PackedSlice
+				}
+				return sizeFixed64Slice, appendFixed64Slice
+			}
+			if nozero {
+				return sizeFixed64ValueNoZero, appendFixed64ValueNoZero
+			}
+			return sizeFixed64Value, appendFixed64Value
+		case "varint":
+			if pointer {
+				return sizeVarint64Ptr, appendVarint64Ptr
+			}
+			if slice {
+				if packed {
+					return sizeVarint64PackedSlice, appendVarint64PackedSlice
+				}
+				return sizeVarint64Slice, appendVarint64Slice
+			}
+			if nozero {
+				return sizeVarint64ValueNoZero, appendVarint64ValueNoZero
+			}
+			return sizeVarint64Value, appendVarint64Value
+		}
+	case reflect.Int64:
+		switch encoding {
+		case "fixed64":
+			if pointer {
+				return sizeFixedS64Ptr, appendFixedS64Ptr
+			}
+			if slice {
+				if packed {
+					return sizeFixedS64PackedSlice, appendFixedS64PackedSlice
+				}
+				return sizeFixedS64Slice, appendFixedS64Slice
+			}
+			if nozero {
+				return sizeFixedS64ValueNoZero, appendFixedS64ValueNoZero
+			}
+			return sizeFixedS64Value, appendFixedS64Value
+		case "varint":
+			if pointer {
+				return sizeVarintS64Ptr, appendVarintS64Ptr
+			}
+			if slice {
+				if packed {
+					return sizeVarintS64PackedSlice, appendVarintS64PackedSlice
+				}
+				return sizeVarintS64Slice, appendVarintS64Slice
+			}
+			if nozero {
+				return sizeVarintS64ValueNoZero, appendVarintS64ValueNoZero
+			}
+			return sizeVarintS64Value, appendVarintS64Value
+		case "zigzag64":
+			if pointer {
+				return sizeZigzag64Ptr, appendZigzag64Ptr
+			}
+			if slice {
+				if packed {
+					return sizeZigzag64PackedSlice, appendZigzag64PackedSlice
+				}
+				return sizeZigzag64Slice, appendZigzag64Slice
+			}
+			if nozero {
+				return sizeZigzag64ValueNoZero, appendZigzag64ValueNoZero
+			}
+			return sizeZigzag64Value, appendZigzag64Value
+		}
+	case reflect.Float32:
+		if pointer {
+			return sizeFloat32Ptr, appendFloat32Ptr
+		}
+		if slice {
+			if packed {
+				return sizeFloat32PackedSlice, appendFloat32PackedSlice
+			}
+			return sizeFloat32Slice, appendFloat32Slice
+		}
+		if nozero {
+			return sizeFloat32ValueNoZero, appendFloat32ValueNoZero
+		}
+		return sizeFloat32Value, appendFloat32Value
+	case reflect.Float64:
+		if pointer {
+			return sizeFloat64Ptr, appendFloat64Ptr
+		}
+		if slice {
+			if packed {
+				return sizeFloat64PackedSlice, appendFloat64PackedSlice
+			}
+			return sizeFloat64Slice, appendFloat64Slice
+		}
+		if nozero {
+			return sizeFloat64ValueNoZero, appendFloat64ValueNoZero
+		}
+		return sizeFloat64Value, appendFloat64Value
+	case reflect.String:
+		if validateUTF8 {
+			if pointer {
+				return sizeStringPtr, appendUTF8StringPtr
+			}
+			if slice {
+				return sizeStringSlice, appendUTF8StringSlice
+			}
+			if nozero {
+				return sizeStringValueNoZero, appendUTF8StringValueNoZero
+			}
+			return sizeStringValue, appendUTF8StringValue
+		}
+		if pointer {
+			return sizeStringPtr, appendStringPtr
+		}
+		if slice {
+			return sizeStringSlice, appendStringSlice
+		}
+		if nozero {
+			return sizeStringValueNoZero, appendStringValueNoZero
+		}
+		return sizeStringValue, appendStringValue
+	case reflect.Slice:
+		if slice {
+			return sizeBytesSlice, appendBytesSlice
+		}
+		if oneof {
+			// Oneof bytes field may also have "proto3" tag.
+			// We want to marshal it as a oneof field. Do this
+			// check before the proto3 check.
+			return sizeBytesOneof, appendBytesOneof
+		}
+		if proto3 {
+			return sizeBytes3, appendBytes3
+		}
+		return sizeBytes, appendBytes
+	case reflect.Struct:
+		switch encoding {
+		case "group":
+			if slice {
+				return makeGroupSliceMarshaler(getMarshalInfo(t))
+			}
+			return makeGroupMarshaler(getMarshalInfo(t))
+		case "bytes":
+			if pointer {
+				if slice {
+					return makeMessageSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeMessageMarshaler(getMarshalInfo(t))
+			} else {
+				if slice {
+					return makeMessageRefSliceMarshaler(getMarshalInfo(t))
+				}
+				return makeMessageRefMarshaler(getMarshalInfo(t))
+			}
+		}
+	}
+	panic(fmt.Sprintf("unknown or mismatched type: type: %v, wire type: %v", t, encoding))
+}
+
+// Below are functions to size/marshal a specific type of a field.
+// They are stored in the field's info, and called by function pointers.
+// They have type sizer or marshaler.
+
+func sizeFixed32Value(_ pointer, tagsize int) int {
+	return 4 + tagsize
+}
+func sizeFixed32ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toUint32()
+	if v == 0 {
+		return 0
+	}
+	return 4 + tagsize
+}
+func sizeFixed32Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toUint32Ptr()
+	if p == nil {
+		return 0
+	}
+	return 4 + tagsize
+}
+func sizeFixed32Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toUint32Slice()
+	return (4 + tagsize) * len(s)
+}
+func sizeFixed32PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toUint32Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize
+}
+func sizeFixedS32Value(_ pointer, tagsize int) int {
+	return 4 + tagsize
+}
+func sizeFixedS32ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toInt32()
+	if v == 0 {
+		return 0
+	}
+	return 4 + tagsize
+}
+func sizeFixedS32Ptr(ptr pointer, tagsize int) int {
+	p := ptr.getInt32Ptr()
+	if p == nil {
+		return 0
+	}
+	return 4 + tagsize
+}
+func sizeFixedS32Slice(ptr pointer, tagsize int) int {
+	s := ptr.getInt32Slice()
+	return (4 + tagsize) * len(s)
+}
+func sizeFixedS32PackedSlice(ptr pointer, tagsize int) int {
+	s := ptr.getInt32Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize
+}
+func sizeFloat32Value(_ pointer, tagsize int) int {
+	return 4 + tagsize
+}
+func sizeFloat32ValueNoZero(ptr pointer, tagsize int) int {
+	v := math.Float32bits(*ptr.toFloat32())
+	if v == 0 {
+		return 0
+	}
+	return 4 + tagsize
+}
+func sizeFloat32Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toFloat32Ptr()
+	if p == nil {
+		return 0
+	}
+	return 4 + tagsize
+}
+func sizeFloat32Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toFloat32Slice()
+	return (4 + tagsize) * len(s)
+}
+func sizeFloat32PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toFloat32Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize
+}
+func sizeFixed64Value(_ pointer, tagsize int) int {
+	return 8 + tagsize
+}
+func sizeFixed64ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toUint64()
+	if v == 0 {
+		return 0
+	}
+	return 8 + tagsize
+}
+func sizeFixed64Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toUint64Ptr()
+	if p == nil {
+		return 0
+	}
+	return 8 + tagsize
+}
+func sizeFixed64Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toUint64Slice()
+	return (8 + tagsize) * len(s)
+}
+func sizeFixed64PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toUint64Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize
+}
+func sizeFixedS64Value(_ pointer, tagsize int) int {
+	return 8 + tagsize
+}
+func sizeFixedS64ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toInt64()
+	if v == 0 {
+		return 0
+	}
+	return 8 + tagsize
+}
+func sizeFixedS64Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toInt64Ptr()
+	if p == nil {
+		return 0
+	}
+	return 8 + tagsize
+}
+func sizeFixedS64Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toInt64Slice()
+	return (8 + tagsize) * len(s)
+}
+func sizeFixedS64PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toInt64Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize
+}
+func sizeFloat64Value(_ pointer, tagsize int) int {
+	return 8 + tagsize
+}
+func sizeFloat64ValueNoZero(ptr pointer, tagsize int) int {
+	v := math.Float64bits(*ptr.toFloat64())
+	if v == 0 {
+		return 0
+	}
+	return 8 + tagsize
+}
+func sizeFloat64Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toFloat64Ptr()
+	if p == nil {
+		return 0
+	}
+	return 8 + tagsize
+}
+func sizeFloat64Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toFloat64Slice()
+	return (8 + tagsize) * len(s)
+}
+func sizeFloat64PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toFloat64Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize
+}
+func sizeVarint32Value(ptr pointer, tagsize int) int {
+	v := *ptr.toUint32()
+	return SizeVarint(uint64(v)) + tagsize
+}
+func sizeVarint32ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toUint32()
+	if v == 0 {
+		return 0
+	}
+	return SizeVarint(uint64(v)) + tagsize
+}
+func sizeVarint32Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toUint32Ptr()
+	if p == nil {
+		return 0
+	}
+	return SizeVarint(uint64(*p)) + tagsize
+}
+func sizeVarint32Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toUint32Slice()
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v)) + tagsize
+	}
+	return n
+}
+func sizeVarint32PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toUint32Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v))
+	}
+	return n + SizeVarint(uint64(n)) + tagsize
+}
+func sizeVarintS32Value(ptr pointer, tagsize int) int {
+	v := *ptr.toInt32()
+	return SizeVarint(uint64(v)) + tagsize
+}
+func sizeVarintS32ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toInt32()
+	if v == 0 {
+		return 0
+	}
+	return SizeVarint(uint64(v)) + tagsize
+}
+func sizeVarintS32Ptr(ptr pointer, tagsize int) int {
+	p := ptr.getInt32Ptr()
+	if p == nil {
+		return 0
+	}
+	return SizeVarint(uint64(*p)) + tagsize
+}
+func sizeVarintS32Slice(ptr pointer, tagsize int) int {
+	s := ptr.getInt32Slice()
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v)) + tagsize
+	}
+	return n
+}
+func sizeVarintS32PackedSlice(ptr pointer, tagsize int) int {
+	s := ptr.getInt32Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v))
+	}
+	return n + SizeVarint(uint64(n)) + tagsize
+}
+func sizeVarint64Value(ptr pointer, tagsize int) int {
+	v := *ptr.toUint64()
+	return SizeVarint(v) + tagsize
+}
+func sizeVarint64ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toUint64()
+	if v == 0 {
+		return 0
+	}
+	return SizeVarint(v) + tagsize
+}
+func sizeVarint64Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toUint64Ptr()
+	if p == nil {
+		return 0
+	}
+	return SizeVarint(*p) + tagsize
+}
+func sizeVarint64Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toUint64Slice()
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(v) + tagsize
+	}
+	return n
+}
+func sizeVarint64PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toUint64Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(v)
+	}
+	return n + SizeVarint(uint64(n)) + tagsize
+}
+func sizeVarintS64Value(ptr pointer, tagsize int) int {
+	v := *ptr.toInt64()
+	return SizeVarint(uint64(v)) + tagsize
+}
+func sizeVarintS64ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toInt64()
+	if v == 0 {
+		return 0
+	}
+	return SizeVarint(uint64(v)) + tagsize
+}
+func sizeVarintS64Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toInt64Ptr()
+	if p == nil {
+		return 0
+	}
+	return SizeVarint(uint64(*p)) + tagsize
+}
+func sizeVarintS64Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toInt64Slice()
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v)) + tagsize
+	}
+	return n
+}
+func sizeVarintS64PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toInt64Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v))
+	}
+	return n + SizeVarint(uint64(n)) + tagsize
+}
+func sizeZigzag32Value(ptr pointer, tagsize int) int {
+	v := *ptr.toInt32()
+	return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize
+}
+func sizeZigzag32ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toInt32()
+	if v == 0 {
+		return 0
+	}
+	return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize
+}
+func sizeZigzag32Ptr(ptr pointer, tagsize int) int {
+	p := ptr.getInt32Ptr()
+	if p == nil {
+		return 0
+	}
+	v := *p
+	return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize
+}
+func sizeZigzag32Slice(ptr pointer, tagsize int) int {
+	s := ptr.getInt32Slice()
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize
+	}
+	return n
+}
+func sizeZigzag32PackedSlice(ptr pointer, tagsize int) int {
+	s := ptr.getInt32Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64((uint32(v) << 1) ^ uint32((int32(v) >> 31))))
+	}
+	return n + SizeVarint(uint64(n)) + tagsize
+}
+func sizeZigzag64Value(ptr pointer, tagsize int) int {
+	v := *ptr.toInt64()
+	return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize
+}
+func sizeZigzag64ValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toInt64()
+	if v == 0 {
+		return 0
+	}
+	return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize
+}
+func sizeZigzag64Ptr(ptr pointer, tagsize int) int {
+	p := *ptr.toInt64Ptr()
+	if p == nil {
+		return 0
+	}
+	v := *p
+	return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize
+}
+func sizeZigzag64Slice(ptr pointer, tagsize int) int {
+	s := *ptr.toInt64Slice()
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize
+	}
+	return n
+}
+func sizeZigzag64PackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toInt64Slice()
+	if len(s) == 0 {
+		return 0
+	}
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v<<1) ^ uint64((int64(v) >> 63)))
+	}
+	return n + SizeVarint(uint64(n)) + tagsize
+}
+func sizeBoolValue(_ pointer, tagsize int) int {
+	return 1 + tagsize
+}
+func sizeBoolValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toBool()
+	if !v {
+		return 0
+	}
+	return 1 + tagsize
+}
+func sizeBoolPtr(ptr pointer, tagsize int) int {
+	p := *ptr.toBoolPtr()
+	if p == nil {
+		return 0
+	}
+	return 1 + tagsize
+}
+func sizeBoolSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toBoolSlice()
+	return (1 + tagsize) * len(s)
+}
+func sizeBoolPackedSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toBoolSlice()
+	if len(s) == 0 {
+		return 0
+	}
+	return len(s) + SizeVarint(uint64(len(s))) + tagsize
+}
+func sizeStringValue(ptr pointer, tagsize int) int {
+	v := *ptr.toString()
+	return len(v) + SizeVarint(uint64(len(v))) + tagsize
+}
+func sizeStringValueNoZero(ptr pointer, tagsize int) int {
+	v := *ptr.toString()
+	if v == "" {
+		return 0
+	}
+	return len(v) + SizeVarint(uint64(len(v))) + tagsize
+}
+func sizeStringPtr(ptr pointer, tagsize int) int {
+	p := *ptr.toStringPtr()
+	if p == nil {
+		return 0
+	}
+	v := *p
+	return len(v) + SizeVarint(uint64(len(v))) + tagsize
+}
+func sizeStringSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toStringSlice()
+	n := 0
+	for _, v := range s {
+		n += len(v) + SizeVarint(uint64(len(v))) + tagsize
+	}
+	return n
+}
+func sizeBytes(ptr pointer, tagsize int) int {
+	v := *ptr.toBytes()
+	if v == nil {
+		return 0
+	}
+	return len(v) + SizeVarint(uint64(len(v))) + tagsize
+}
+func sizeBytes3(ptr pointer, tagsize int) int {
+	v := *ptr.toBytes()
+	if len(v) == 0 {
+		return 0
+	}
+	return len(v) + SizeVarint(uint64(len(v))) + tagsize
+}
+func sizeBytesOneof(ptr pointer, tagsize int) int {
+	v := *ptr.toBytes()
+	return len(v) + SizeVarint(uint64(len(v))) + tagsize
+}
+func sizeBytesSlice(ptr pointer, tagsize int) int {
+	s := *ptr.toBytesSlice()
+	n := 0
+	for _, v := range s {
+		n += len(v) + SizeVarint(uint64(len(v))) + tagsize
+	}
+	return n
+}
+
+// appendFixed32 appends an encoded fixed32 to b.
+func appendFixed32(b []byte, v uint32) []byte {
+	b = append(b,
+		byte(v),
+		byte(v>>8),
+		byte(v>>16),
+		byte(v>>24))
+	return b
+}
+
+// appendFixed64 appends an encoded fixed64 to b.
+func appendFixed64(b []byte, v uint64) []byte {
+	b = append(b,
+		byte(v),
+		byte(v>>8),
+		byte(v>>16),
+		byte(v>>24),
+		byte(v>>32),
+		byte(v>>40),
+		byte(v>>48),
+		byte(v>>56))
+	return b
+}
+
+// appendVarint appends an encoded varint to b.
+func appendVarint(b []byte, v uint64) []byte {
+	// TODO: make 1-byte (maybe 2-byte) case inline-able, once we
+	// have non-leaf inliner.
+	switch {
+	case v < 1<<7:
+		b = append(b, byte(v))
+	case v < 1<<14:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte(v>>7))
+	case v < 1<<21:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte((v>>7)&0x7f|0x80),
+			byte(v>>14))
+	case v < 1<<28:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte((v>>7)&0x7f|0x80),
+			byte((v>>14)&0x7f|0x80),
+			byte(v>>21))
+	case v < 1<<35:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte((v>>7)&0x7f|0x80),
+			byte((v>>14)&0x7f|0x80),
+			byte((v>>21)&0x7f|0x80),
+			byte(v>>28))
+	case v < 1<<42:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte((v>>7)&0x7f|0x80),
+			byte((v>>14)&0x7f|0x80),
+			byte((v>>21)&0x7f|0x80),
+			byte((v>>28)&0x7f|0x80),
+			byte(v>>35))
+	case v < 1<<49:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte((v>>7)&0x7f|0x80),
+			byte((v>>14)&0x7f|0x80),
+			byte((v>>21)&0x7f|0x80),
+			byte((v>>28)&0x7f|0x80),
+			byte((v>>35)&0x7f|0x80),
+			byte(v>>42))
+	case v < 1<<56:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte((v>>7)&0x7f|0x80),
+			byte((v>>14)&0x7f|0x80),
+			byte((v>>21)&0x7f|0x80),
+			byte((v>>28)&0x7f|0x80),
+			byte((v>>35)&0x7f|0x80),
+			byte((v>>42)&0x7f|0x80),
+			byte(v>>49))
+	case v < 1<<63:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte((v>>7)&0x7f|0x80),
+			byte((v>>14)&0x7f|0x80),
+			byte((v>>21)&0x7f|0x80),
+			byte((v>>28)&0x7f|0x80),
+			byte((v>>35)&0x7f|0x80),
+			byte((v>>42)&0x7f|0x80),
+			byte((v>>49)&0x7f|0x80),
+			byte(v>>56))
+	default:
+		b = append(b,
+			byte(v&0x7f|0x80),
+			byte((v>>7)&0x7f|0x80),
+			byte((v>>14)&0x7f|0x80),
+			byte((v>>21)&0x7f|0x80),
+			byte((v>>28)&0x7f|0x80),
+			byte((v>>35)&0x7f|0x80),
+			byte((v>>42)&0x7f|0x80),
+			byte((v>>49)&0x7f|0x80),
+			byte((v>>56)&0x7f|0x80),
+			1)
+	}
+	return b
+}
+
+func appendFixed32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toUint32()
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, v)
+	return b, nil
+}
+func appendFixed32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toUint32()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, v)
+	return b, nil
+}
+func appendFixed32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toUint32Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, *p)
+	return b, nil
+}
+func appendFixed32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toUint32Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendFixed32(b, v)
+	}
+	return b, nil
+}
+func appendFixed32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toUint32Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	b = appendVarint(b, uint64(4*len(s)))
+	for _, v := range s {
+		b = appendFixed32(b, v)
+	}
+	return b, nil
+}
+func appendFixedS32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt32()
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, uint32(v))
+	return b, nil
+}
+func appendFixedS32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt32()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, uint32(v))
+	return b, nil
+}
+func appendFixedS32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := ptr.getInt32Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, uint32(*p))
+	return b, nil
+}
+func appendFixedS32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := ptr.getInt32Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendFixed32(b, uint32(v))
+	}
+	return b, nil
+}
+func appendFixedS32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := ptr.getInt32Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	b = appendVarint(b, uint64(4*len(s)))
+	for _, v := range s {
+		b = appendFixed32(b, uint32(v))
+	}
+	return b, nil
+}
+func appendFloat32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := math.Float32bits(*ptr.toFloat32())
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, v)
+	return b, nil
+}
+func appendFloat32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := math.Float32bits(*ptr.toFloat32())
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, v)
+	return b, nil
+}
+func appendFloat32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toFloat32Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed32(b, math.Float32bits(*p))
+	return b, nil
+}
+func appendFloat32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toFloat32Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendFixed32(b, math.Float32bits(v))
+	}
+	return b, nil
+}
+func appendFloat32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toFloat32Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	b = appendVarint(b, uint64(4*len(s)))
+	for _, v := range s {
+		b = appendFixed32(b, math.Float32bits(v))
+	}
+	return b, nil
+}
+func appendFixed64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toUint64()
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, v)
+	return b, nil
+}
+func appendFixed64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toUint64()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, v)
+	return b, nil
+}
+func appendFixed64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toUint64Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, *p)
+	return b, nil
+}
+func appendFixed64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toUint64Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendFixed64(b, v)
+	}
+	return b, nil
+}
+func appendFixed64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toUint64Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	b = appendVarint(b, uint64(8*len(s)))
+	for _, v := range s {
+		b = appendFixed64(b, v)
+	}
+	return b, nil
+}
+func appendFixedS64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt64()
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, uint64(v))
+	return b, nil
+}
+func appendFixedS64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt64()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, uint64(v))
+	return b, nil
+}
+func appendFixedS64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toInt64Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, uint64(*p))
+	return b, nil
+}
+func appendFixedS64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toInt64Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendFixed64(b, uint64(v))
+	}
+	return b, nil
+}
+func appendFixedS64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toInt64Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	b = appendVarint(b, uint64(8*len(s)))
+	for _, v := range s {
+		b = appendFixed64(b, uint64(v))
+	}
+	return b, nil
+}
+func appendFloat64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := math.Float64bits(*ptr.toFloat64())
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, v)
+	return b, nil
+}
+func appendFloat64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := math.Float64bits(*ptr.toFloat64())
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, v)
+	return b, nil
+}
+func appendFloat64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toFloat64Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendFixed64(b, math.Float64bits(*p))
+	return b, nil
+}
+func appendFloat64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toFloat64Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendFixed64(b, math.Float64bits(v))
+	}
+	return b, nil
+}
+func appendFloat64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toFloat64Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	b = appendVarint(b, uint64(8*len(s)))
+	for _, v := range s {
+		b = appendFixed64(b, math.Float64bits(v))
+	}
+	return b, nil
+}
+func appendVarint32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toUint32()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(v))
+	return b, nil
+}
+func appendVarint32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toUint32()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(v))
+	return b, nil
+}
+func appendVarint32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toUint32Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(*p))
+	return b, nil
+}
+func appendVarint32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toUint32Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64(v))
+	}
+	return b, nil
+}
+func appendVarint32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toUint32Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	// compute size
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v))
+	}
+	b = appendVarint(b, uint64(n))
+	for _, v := range s {
+		b = appendVarint(b, uint64(v))
+	}
+	return b, nil
+}
+func appendVarintS32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt32()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(v))
+	return b, nil
+}
+func appendVarintS32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt32()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(v))
+	return b, nil
+}
+func appendVarintS32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := ptr.getInt32Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(*p))
+	return b, nil
+}
+func appendVarintS32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := ptr.getInt32Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64(v))
+	}
+	return b, nil
+}
+func appendVarintS32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := ptr.getInt32Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	// compute size
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v))
+	}
+	b = appendVarint(b, uint64(n))
+	for _, v := range s {
+		b = appendVarint(b, uint64(v))
+	}
+	return b, nil
+}
+func appendVarint64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toUint64()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, v)
+	return b, nil
+}
+func appendVarint64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toUint64()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, v)
+	return b, nil
+}
+func appendVarint64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toUint64Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, *p)
+	return b, nil
+}
+func appendVarint64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toUint64Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, v)
+	}
+	return b, nil
+}
+func appendVarint64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toUint64Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	// compute size
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(v)
+	}
+	b = appendVarint(b, uint64(n))
+	for _, v := range s {
+		b = appendVarint(b, v)
+	}
+	return b, nil
+}
+func appendVarintS64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt64()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(v))
+	return b, nil
+}
+func appendVarintS64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt64()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(v))
+	return b, nil
+}
+func appendVarintS64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toInt64Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(*p))
+	return b, nil
+}
+func appendVarintS64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toInt64Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64(v))
+	}
+	return b, nil
+}
+func appendVarintS64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toInt64Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	// compute size
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v))
+	}
+	b = appendVarint(b, uint64(n))
+	for _, v := range s {
+		b = appendVarint(b, uint64(v))
+	}
+	return b, nil
+}
+func appendZigzag32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt32()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
+	return b, nil
+}
+func appendZigzag32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt32()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
+	return b, nil
+}
+func appendZigzag32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := ptr.getInt32Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	v := *p
+	b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
+	return b, nil
+}
+func appendZigzag32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := ptr.getInt32Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
+	}
+	return b, nil
+}
+func appendZigzag32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := ptr.getInt32Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	// compute size
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64((uint32(v) << 1) ^ uint32((int32(v) >> 31))))
+	}
+	b = appendVarint(b, uint64(n))
+	for _, v := range s {
+		b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
+	}
+	return b, nil
+}
+func appendZigzag64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt64()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
+	return b, nil
+}
+func appendZigzag64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toInt64()
+	if v == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
+	return b, nil
+}
+func appendZigzag64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toInt64Ptr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	v := *p
+	b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
+	return b, nil
+}
+func appendZigzag64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toInt64Slice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
+	}
+	return b, nil
+}
+func appendZigzag64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toInt64Slice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	// compute size
+	n := 0
+	for _, v := range s {
+		n += SizeVarint(uint64(v<<1) ^ uint64((int64(v) >> 63)))
+	}
+	b = appendVarint(b, uint64(n))
+	for _, v := range s {
+		b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
+	}
+	return b, nil
+}
+func appendBoolValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toBool()
+	b = appendVarint(b, wiretag)
+	if v {
+		b = append(b, 1)
+	} else {
+		b = append(b, 0)
+	}
+	return b, nil
+}
+func appendBoolValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toBool()
+	if !v {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = append(b, 1)
+	return b, nil
+}
+
+func appendBoolPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toBoolPtr()
+	if p == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	if *p {
+		b = append(b, 1)
+	} else {
+		b = append(b, 0)
+	}
+	return b, nil
+}
+func appendBoolSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toBoolSlice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		if v {
+			b = append(b, 1)
+		} else {
+			b = append(b, 0)
+		}
+	}
+	return b, nil
+}
+func appendBoolPackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toBoolSlice()
+	if len(s) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag&^7|WireBytes)
+	b = appendVarint(b, uint64(len(s)))
+	for _, v := range s {
+		if v {
+			b = append(b, 1)
+		} else {
+			b = append(b, 0)
+		}
+	}
+	return b, nil
+}
+func appendStringValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toString()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendStringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toString()
+	if v == "" {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendStringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toStringPtr()
+	if p == nil {
+		return b, nil
+	}
+	v := *p
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendStringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toStringSlice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64(len(v)))
+		b = append(b, v...)
+	}
+	return b, nil
+}
+func appendUTF8StringValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	var invalidUTF8 bool
+	v := *ptr.toString()
+	if !utf8.ValidString(v) {
+		invalidUTF8 = true
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	if invalidUTF8 {
+		return b, errInvalidUTF8
+	}
+	return b, nil
+}
+func appendUTF8StringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	var invalidUTF8 bool
+	v := *ptr.toString()
+	if v == "" {
+		return b, nil
+	}
+	if !utf8.ValidString(v) {
+		invalidUTF8 = true
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	if invalidUTF8 {
+		return b, errInvalidUTF8
+	}
+	return b, nil
+}
+func appendUTF8StringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	var invalidUTF8 bool
+	p := *ptr.toStringPtr()
+	if p == nil {
+		return b, nil
+	}
+	v := *p
+	if !utf8.ValidString(v) {
+		invalidUTF8 = true
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	if invalidUTF8 {
+		return b, errInvalidUTF8
+	}
+	return b, nil
+}
+func appendUTF8StringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	var invalidUTF8 bool
+	s := *ptr.toStringSlice()
+	for _, v := range s {
+		if !utf8.ValidString(v) {
+			invalidUTF8 = true
+		}
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64(len(v)))
+		b = append(b, v...)
+	}
+	if invalidUTF8 {
+		return b, errInvalidUTF8
+	}
+	return b, nil
+}
+func appendBytes(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toBytes()
+	if v == nil {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendBytes3(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toBytes()
+	if len(v) == 0 {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendBytesOneof(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toBytes()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendBytesSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toBytesSlice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64(len(v)))
+		b = append(b, v...)
+	}
+	return b, nil
+}
+
+// makeGroupMarshaler returns the sizer and marshaler for a group.
+// u is the marshal info of the underlying message.
+func makeGroupMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			p := ptr.getPointer()
+			if p.isNil() {
+				return 0
+			}
+			return u.size(p) + 2*tagsize
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			p := ptr.getPointer()
+			if p.isNil() {
+				return b, nil
+			}
+			var err error
+			b = appendVarint(b, wiretag) // start group
+			b, err = u.marshal(b, p, deterministic)
+			b = appendVarint(b, wiretag+(WireEndGroup-WireStartGroup)) // end group
+			return b, err
+		}
+}
+
+// makeGroupSliceMarshaler returns the sizer and marshaler for a group slice.
+// u is the marshal info of the underlying message.
+func makeGroupSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getPointerSlice()
+			n := 0
+			for _, v := range s {
+				if v.isNil() {
+					continue
+				}
+				n += u.size(v) + 2*tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getPointerSlice()
+			var err error
+			var nerr nonFatal
+			for _, v := range s {
+				if v.isNil() {
+					return b, errRepeatedHasNil
+				}
+				b = appendVarint(b, wiretag) // start group
+				b, err = u.marshal(b, v, deterministic)
+				b = appendVarint(b, wiretag+(WireEndGroup-WireStartGroup)) // end group
+				if !nerr.Merge(err) {
+					if err == ErrNil {
+						err = errRepeatedHasNil
+					}
+					return b, err
+				}
+			}
+			return b, nerr.E
+		}
+}
+
+// makeMessageMarshaler returns the sizer and marshaler for a message field.
+// u is the marshal info of the message.
+func makeMessageMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			p := ptr.getPointer()
+			if p.isNil() {
+				return 0
+			}
+			siz := u.size(p)
+			return siz + SizeVarint(uint64(siz)) + tagsize
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			p := ptr.getPointer()
+			if p.isNil() {
+				return b, nil
+			}
+			b = appendVarint(b, wiretag)
+			siz := u.cachedsize(p)
+			b = appendVarint(b, uint64(siz))
+			return u.marshal(b, p, deterministic)
+		}
+}
+
+// makeMessageSliceMarshaler returns the sizer and marshaler for a message slice.
+// u is the marshal info of the message.
+func makeMessageSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getPointerSlice()
+			n := 0
+			for _, v := range s {
+				if v.isNil() {
+					continue
+				}
+				siz := u.size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getPointerSlice()
+			var err error
+			var nerr nonFatal
+			for _, v := range s {
+				if v.isNil() {
+					return b, errRepeatedHasNil
+				}
+				b = appendVarint(b, wiretag)
+				siz := u.cachedsize(v)
+				b = appendVarint(b, uint64(siz))
+				b, err = u.marshal(b, v, deterministic)
+
+				if !nerr.Merge(err) {
+					if err == ErrNil {
+						err = errRepeatedHasNil
+					}
+					return b, err
+				}
+			}
+			return b, nerr.E
+		}
+}
+
+// makeMapMarshaler returns the sizer and marshaler for a map field.
+// f is the pointer to the reflect data structure of the field.
+func makeMapMarshaler(f *reflect.StructField) (sizer, marshaler) {
+	// figure out key and value type
+	t := f.Type
+	keyType := t.Key()
+	valType := t.Elem()
+	tags := strings.Split(f.Tag.Get("protobuf"), ",")
+	keyTags := strings.Split(f.Tag.Get("protobuf_key"), ",")
+	valTags := strings.Split(f.Tag.Get("protobuf_val"), ",")
+	stdOptions := false
+	for _, t := range tags {
+		if strings.HasPrefix(t, "customtype=") {
+			valTags = append(valTags, t)
+		}
+		if t == "stdtime" {
+			valTags = append(valTags, t)
+			stdOptions = true
+		}
+		if t == "stdduration" {
+			valTags = append(valTags, t)
+			stdOptions = true
+		}
+		if t == "wktptr" {
+			valTags = append(valTags, t)
+		}
+	}
+	keySizer, keyMarshaler := typeMarshaler(keyType, keyTags, false, false) // don't omit zero value in map
+	valSizer, valMarshaler := typeMarshaler(valType, valTags, false, false) // don't omit zero value in map
+	keyWireTag := 1<<3 | wiretype(keyTags[0])
+	valWireTag := 2<<3 | wiretype(valTags[0])
+
+	// We create an interface to get the addresses of the map key and value.
+	// If value is pointer-typed, the interface is a direct interface, the
+	// idata itself is the value. Otherwise, the idata is the pointer to the
+	// value.
+	// Key cannot be pointer-typed.
+	valIsPtr := valType.Kind() == reflect.Ptr
+
+	// If value is a message with nested maps, calling
+	// valSizer in marshal may be quadratic. We should use
+	// cached version in marshal (but not in size).
+	// If value is not message type, we don't have size cache,
+	// but it cannot be nested either. Just use valSizer.
+	valCachedSizer := valSizer
+	if valIsPtr && !stdOptions && valType.Elem().Kind() == reflect.Struct {
+		u := getMarshalInfo(valType.Elem())
+		valCachedSizer = func(ptr pointer, tagsize int) int {
+			// Same as message sizer, but use cache.
+			p := ptr.getPointer()
+			if p.isNil() {
+				return 0
+			}
+			siz := u.cachedsize(p)
+			return siz + SizeVarint(uint64(siz)) + tagsize
+		}
+	}
+	return func(ptr pointer, tagsize int) int {
+			m := ptr.asPointerTo(t).Elem() // the map
+			n := 0
+			for _, k := range m.MapKeys() {
+				ki := k.Interface()
+				vi := m.MapIndex(k).Interface()
+				kaddr := toAddrPointer(&ki, false)             // pointer to key
+				vaddr := toAddrPointer(&vi, valIsPtr)          // pointer to value
+				siz := keySizer(kaddr, 1) + valSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, tag uint64, deterministic bool) ([]byte, error) {
+			m := ptr.asPointerTo(t).Elem() // the map
+			var err error
+			keys := m.MapKeys()
+			if len(keys) > 1 && deterministic {
+				sort.Sort(mapKeys(keys))
+			}
+
+			var nerr nonFatal
+			for _, k := range keys {
+				ki := k.Interface()
+				vi := m.MapIndex(k).Interface()
+				kaddr := toAddrPointer(&ki, false)    // pointer to key
+				vaddr := toAddrPointer(&vi, valIsPtr) // pointer to value
+				b = appendVarint(b, tag)
+				siz := keySizer(kaddr, 1) + valCachedSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1)
+				b = appendVarint(b, uint64(siz))
+				b, err = keyMarshaler(b, kaddr, keyWireTag, deterministic)
+				if !nerr.Merge(err) {
+					return b, err
+				}
+				b, err = valMarshaler(b, vaddr, valWireTag, deterministic)
+				if err != ErrNil && !nerr.Merge(err) { // allow nil value in map
+					return b, err
+				}
+			}
+			return b, nerr.E
+		}
+}
+
+// makeOneOfMarshaler returns the sizer and marshaler for a oneof field.
+// fi is the marshal info of the field.
+// f is the pointer to the reflect data structure of the field.
+func makeOneOfMarshaler(fi *marshalFieldInfo, f *reflect.StructField) (sizer, marshaler) {
+	// Oneof field is an interface. We need to get the actual data type on the fly.
+	t := f.Type
+	return func(ptr pointer, _ int) int {
+			p := ptr.getInterfacePointer()
+			if p.isNil() {
+				return 0
+			}
+			v := ptr.asPointerTo(t).Elem().Elem().Elem() // *interface -> interface -> *struct -> struct
+			telem := v.Type()
+			e := fi.oneofElems[telem]
+			return e.sizer(p, e.tagsize)
+		},
+		func(b []byte, ptr pointer, _ uint64, deterministic bool) ([]byte, error) {
+			p := ptr.getInterfacePointer()
+			if p.isNil() {
+				return b, nil
+			}
+			v := ptr.asPointerTo(t).Elem().Elem().Elem() // *interface -> interface -> *struct -> struct
+			telem := v.Type()
+			if telem.Field(0).Type.Kind() == reflect.Ptr && p.getPointer().isNil() {
+				return b, errOneofHasNil
+			}
+			e := fi.oneofElems[telem]
+			return e.marshaler(b, p, e.wiretag, deterministic)
+		}
+}
+
+// sizeExtensions computes the size of encoded data for a XXX_InternalExtensions field.
+func (u *marshalInfo) sizeExtensions(ext *XXX_InternalExtensions) int {
+	m, mu := ext.extensionsRead()
+	if m == nil {
+		return 0
+	}
+	mu.Lock()
+
+	n := 0
+	for _, e := range m {
+		if e.value == nil || e.desc == nil {
+			// Extension is only in its encoded form.
+			n += len(e.enc)
+			continue
+		}
+
+		// We don't skip extensions that have an encoded form set,
+		// because the extension value may have been mutated after
+		// the last time this function was called.
+		ei := u.getExtElemInfo(e.desc)
+		v := e.value
+		p := toAddrPointer(&v, ei.isptr)
+		n += ei.sizer(p, ei.tagsize)
+	}
+	mu.Unlock()
+	return n
+}
+
+// appendExtensions marshals a XXX_InternalExtensions field to the end of byte slice b.
+func (u *marshalInfo) appendExtensions(b []byte, ext *XXX_InternalExtensions, deterministic bool) ([]byte, error) {
+	m, mu := ext.extensionsRead()
+	if m == nil {
+		return b, nil
+	}
+	mu.Lock()
+	defer mu.Unlock()
+
+	var err error
+	var nerr nonFatal
+
+	// Fast-path for common cases: zero or one extensions.
+	// Don't bother sorting the keys.
+	if len(m) <= 1 {
+		for _, e := range m {
+			if e.value == nil || e.desc == nil {
+				// Extension is only in its encoded form.
+				b = append(b, e.enc...)
+				continue
+			}
+
+			// We don't skip extensions that have an encoded form set,
+			// because the extension value may have been mutated after
+			// the last time this function was called.
+
+			ei := u.getExtElemInfo(e.desc)
+			v := e.value
+			p := toAddrPointer(&v, ei.isptr)
+			b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
+			if !nerr.Merge(err) {
+				return b, err
+			}
+		}
+		return b, nerr.E
+	}
+
+	// Sort the keys to provide a deterministic encoding.
+	// Not sure this is required, but the old code does it.
+	keys := make([]int, 0, len(m))
+	for k := range m {
+		keys = append(keys, int(k))
+	}
+	sort.Ints(keys)
+
+	for _, k := range keys {
+		e := m[int32(k)]
+		if e.value == nil || e.desc == nil {
+			// Extension is only in its encoded form.
+			b = append(b, e.enc...)
+			continue
+		}
+
+		// We don't skip extensions that have an encoded form set,
+		// because the extension value may have been mutated after
+		// the last time this function was called.
+
+		ei := u.getExtElemInfo(e.desc)
+		v := e.value
+		p := toAddrPointer(&v, ei.isptr)
+		b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
+		if !nerr.Merge(err) {
+			return b, err
+		}
+	}
+	return b, nerr.E
+}
+
+// message set format is:
+//   message MessageSet {
+//     repeated group Item = 1 {
+//       required int32 type_id = 2;
+//       required string message = 3;
+//     };
+//   }
+
+// sizeMessageSet computes the size of encoded data for a XXX_InternalExtensions field
+// in message set format (above).
+func (u *marshalInfo) sizeMessageSet(ext *XXX_InternalExtensions) int {
+	m, mu := ext.extensionsRead()
+	if m == nil {
+		return 0
+	}
+	mu.Lock()
+
+	n := 0
+	for id, e := range m {
+		n += 2                          // start group, end group. tag = 1 (size=1)
+		n += SizeVarint(uint64(id)) + 1 // type_id, tag = 2 (size=1)
+
+		if e.value == nil || e.desc == nil {
+			// Extension is only in its encoded form.
+			msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint
+			siz := len(msgWithLen)
+			n += siz + 1 // message, tag = 3 (size=1)
+			continue
+		}
+
+		// We don't skip extensions that have an encoded form set,
+		// because the extension value may have been mutated after
+		// the last time this function was called.
+
+		ei := u.getExtElemInfo(e.desc)
+		v := e.value
+		p := toAddrPointer(&v, ei.isptr)
+		n += ei.sizer(p, 1) // message, tag = 3 (size=1)
+	}
+	mu.Unlock()
+	return n
+}
+
+// appendMessageSet marshals a XXX_InternalExtensions field in message set format (above)
+// to the end of byte slice b.
+func (u *marshalInfo) appendMessageSet(b []byte, ext *XXX_InternalExtensions, deterministic bool) ([]byte, error) {
+	m, mu := ext.extensionsRead()
+	if m == nil {
+		return b, nil
+	}
+	mu.Lock()
+	defer mu.Unlock()
+
+	var err error
+	var nerr nonFatal
+
+	// Fast-path for common cases: zero or one extensions.
+	// Don't bother sorting the keys.
+	if len(m) <= 1 {
+		for id, e := range m {
+			b = append(b, 1<<3|WireStartGroup)
+			b = append(b, 2<<3|WireVarint)
+			b = appendVarint(b, uint64(id))
+
+			if e.value == nil || e.desc == nil {
+				// Extension is only in its encoded form.
+				msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint
+				b = append(b, 3<<3|WireBytes)
+				b = append(b, msgWithLen...)
+				b = append(b, 1<<3|WireEndGroup)
+				continue
+			}
+
+			// We don't skip extensions that have an encoded form set,
+			// because the extension value may have been mutated after
+			// the last time this function was called.
+
+			ei := u.getExtElemInfo(e.desc)
+			v := e.value
+			p := toAddrPointer(&v, ei.isptr)
+			b, err = ei.marshaler(b, p, 3<<3|WireBytes, deterministic)
+			if !nerr.Merge(err) {
+				return b, err
+			}
+			b = append(b, 1<<3|WireEndGroup)
+		}
+		return b, nerr.E
+	}
+
+	// Sort the keys to provide a deterministic encoding.
+	keys := make([]int, 0, len(m))
+	for k := range m {
+		keys = append(keys, int(k))
+	}
+	sort.Ints(keys)
+
+	for _, id := range keys {
+		e := m[int32(id)]
+		b = append(b, 1<<3|WireStartGroup)
+		b = append(b, 2<<3|WireVarint)
+		b = appendVarint(b, uint64(id))
+
+		if e.value == nil || e.desc == nil {
+			// Extension is only in its encoded form.
+			msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint
+			b = append(b, 3<<3|WireBytes)
+			b = append(b, msgWithLen...)
+			b = append(b, 1<<3|WireEndGroup)
+			continue
+		}
+
+		// We don't skip extensions that have an encoded form set,
+		// because the extension value may have been mutated after
+		// the last time this function was called.
+
+		ei := u.getExtElemInfo(e.desc)
+		v := e.value
+		p := toAddrPointer(&v, ei.isptr)
+		b, err = ei.marshaler(b, p, 3<<3|WireBytes, deterministic)
+		b = append(b, 1<<3|WireEndGroup)
+		if !nerr.Merge(err) {
+			return b, err
+		}
+	}
+	return b, nerr.E
+}
+
+// sizeV1Extensions computes the size of encoded data for a V1-API extension field.
+func (u *marshalInfo) sizeV1Extensions(m map[int32]Extension) int {
+	if m == nil {
+		return 0
+	}
+
+	n := 0
+	for _, e := range m {
+		if e.value == nil || e.desc == nil {
+			// Extension is only in its encoded form.
+			n += len(e.enc)
+			continue
+		}
+
+		// We don't skip extensions that have an encoded form set,
+		// because the extension value may have been mutated after
+		// the last time this function was called.
+
+		ei := u.getExtElemInfo(e.desc)
+		v := e.value
+		p := toAddrPointer(&v, ei.isptr)
+		n += ei.sizer(p, ei.tagsize)
+	}
+	return n
+}
+
+// appendV1Extensions marshals a V1-API extension field to the end of byte slice b.
+func (u *marshalInfo) appendV1Extensions(b []byte, m map[int32]Extension, deterministic bool) ([]byte, error) {
+	if m == nil {
+		return b, nil
+	}
+
+	// Sort the keys to provide a deterministic encoding.
+	keys := make([]int, 0, len(m))
+	for k := range m {
+		keys = append(keys, int(k))
+	}
+	sort.Ints(keys)
+
+	var err error
+	var nerr nonFatal
+	for _, k := range keys {
+		e := m[int32(k)]
+		if e.value == nil || e.desc == nil {
+			// Extension is only in its encoded form.
+			b = append(b, e.enc...)
+			continue
+		}
+
+		// We don't skip extensions that have an encoded form set,
+		// because the extension value may have been mutated after
+		// the last time this function was called.
+
+		ei := u.getExtElemInfo(e.desc)
+		v := e.value
+		p := toAddrPointer(&v, ei.isptr)
+		b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
+		if !nerr.Merge(err) {
+			return b, err
+		}
+	}
+	return b, nerr.E
+}
+
+// newMarshaler is the interface representing objects that can marshal themselves.
+//
+// This exists to support protoc-gen-go generated messages.
+// The proto package will stop type-asserting to this interface in the future.
+//
+// DO NOT DEPEND ON THIS.
+type newMarshaler interface {
+	XXX_Size() int
+	XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
+}
+
+// Size returns the encoded size of a protocol buffer message.
+// This is the main entry point.
+func Size(pb Message) int {
+	if m, ok := pb.(newMarshaler); ok {
+		return m.XXX_Size()
+	}
+	if m, ok := pb.(Marshaler); ok {
+		// If the message can marshal itself, let it do it, for compatibility.
+		// NOTE: This is not efficient.
+		b, _ := m.Marshal()
+		return len(b)
+	}
+	// in case somehow we didn't generate the wrapper
+	if pb == nil {
+		return 0
+	}
+	var info InternalMessageInfo
+	return info.Size(pb)
+}
+
+// Marshal takes a protocol buffer message
+// and encodes it into the wire format, returning the data.
+// This is the main entry point.
+func Marshal(pb Message) ([]byte, error) {
+	if m, ok := pb.(newMarshaler); ok {
+		siz := m.XXX_Size()
+		b := make([]byte, 0, siz)
+		return m.XXX_Marshal(b, false)
+	}
+	if m, ok := pb.(Marshaler); ok {
+		// If the message can marshal itself, let it do it, for compatibility.
+		// NOTE: This is not efficient.
+		return m.Marshal()
+	}
+	// in case somehow we didn't generate the wrapper
+	if pb == nil {
+		return nil, ErrNil
+	}
+	var info InternalMessageInfo
+	siz := info.Size(pb)
+	b := make([]byte, 0, siz)
+	return info.Marshal(b, pb, false)
+}
+
+// Marshal takes a protocol buffer message
+// and encodes it into the wire format, writing the result to the
+// Buffer.
+// This is an alternative entry point. It is not necessary to use
+// a Buffer for most applications.
+func (p *Buffer) Marshal(pb Message) error {
+	var err error
+	if p.deterministic {
+		if _, ok := pb.(Marshaler); ok {
+			return fmt.Errorf("proto: deterministic not supported by the Marshal method of %T", pb)
+		}
+	}
+	if m, ok := pb.(newMarshaler); ok {
+		siz := m.XXX_Size()
+		p.grow(siz) // make sure buf has enough capacity
+		pp := p.buf[len(p.buf) : len(p.buf) : len(p.buf)+siz]
+		pp, err = m.XXX_Marshal(pp, p.deterministic)
+		p.buf = append(p.buf, pp...)
+		return err
+	}
+	if m, ok := pb.(Marshaler); ok {
+		// If the message can marshal itself, let it do it, for compatibility.
+		// NOTE: This is not efficient.
+		var b []byte
+		b, err = m.Marshal()
+		p.buf = append(p.buf, b...)
+		return err
+	}
+	// in case somehow we didn't generate the wrapper
+	if pb == nil {
+		return ErrNil
+	}
+	var info InternalMessageInfo
+	siz := info.Size(pb)
+	p.grow(siz) // make sure buf has enough capacity
+	p.buf, err = info.Marshal(p.buf, pb, p.deterministic)
+	return err
+}
+
+// grow grows the buffer's capacity, if necessary, to guarantee space for
+// another n bytes. After grow(n), at least n bytes can be written to the
+// buffer without another allocation.
+func (p *Buffer) grow(n int) {
+	need := len(p.buf) + n
+	if need <= cap(p.buf) {
+		return
+	}
+	newCap := len(p.buf) * 2
+	if newCap < need {
+		newCap = need
+	}
+	p.buf = append(make([]byte, 0, newCap), p.buf...)
+}
diff --git a/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go b/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go
new file mode 100644
index 0000000000000..997f57c1e1027
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go
@@ -0,0 +1,388 @@
+// Protocol Buffers for Go with Gadgets
+//
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
+// http://github.com/gogo/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import (
+	"reflect"
+	"time"
+)
+
+// makeMessageRefMarshaler differs a bit from makeMessageMarshaler
+// It marshal a message T instead of a *T
+func makeMessageRefMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			siz := u.size(ptr)
+			return siz + SizeVarint(uint64(siz)) + tagsize
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			b = appendVarint(b, wiretag)
+			siz := u.cachedsize(ptr)
+			b = appendVarint(b, uint64(siz))
+			return u.marshal(b, ptr, deterministic)
+		}
+}
+
+// makeMessageRefSliceMarshaler differs quite a lot from makeMessageSliceMarshaler
+// It marshals a slice of messages []T instead of []*T
+func makeMessageRefSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				e := elem.Interface()
+				v := toAddrPointer(&e, false)
+				siz := u.size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			var err, errreq error
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				e := elem.Interface()
+				v := toAddrPointer(&e, false)
+				b = appendVarint(b, wiretag)
+				siz := u.size(v)
+				b = appendVarint(b, uint64(siz))
+				b, err = u.marshal(b, v, deterministic)
+
+				if err != nil {
+					if _, ok := err.(*RequiredNotSetError); ok {
+						// Required field in submessage is not set.
+						// We record the error but keep going, to give a complete marshaling.
+						if errreq == nil {
+							errreq = err
+						}
+						continue
+					}
+					if err == ErrNil {
+						err = errRepeatedHasNil
+					}
+					return b, err
+				}
+			}
+
+			return b, errreq
+		}
+}
+
+func makeCustomPtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			m := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(custom)
+			siz := m.Size()
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			m := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(custom)
+			siz := m.Size()
+			buf, err := m.Marshal()
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(siz))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeCustomMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			m := ptr.asPointerTo(u.typ).Interface().(custom)
+			siz := m.Size()
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			m := ptr.asPointerTo(u.typ).Interface().(custom)
+			siz := m.Size()
+			buf, err := m.Marshal()
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(siz))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeTimeMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*time.Time)
+			ts, err := timestampProto(*t)
+			if err != nil {
+				return 0
+			}
+			siz := Size(ts)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*time.Time)
+			ts, err := timestampProto(*t)
+			if err != nil {
+				return nil, err
+			}
+			buf, err := Marshal(ts)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeTimePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*time.Time)
+			ts, err := timestampProto(*t)
+			if err != nil {
+				return 0
+			}
+			siz := Size(ts)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*time.Time)
+			ts, err := timestampProto(*t)
+			if err != nil {
+				return nil, err
+			}
+			buf, err := Marshal(ts)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeTimeSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(time.Time)
+				ts, err := timestampProto(t)
+				if err != nil {
+					return 0
+				}
+				siz := Size(ts)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(time.Time)
+				ts, err := timestampProto(t)
+				if err != nil {
+					return nil, err
+				}
+				siz := Size(ts)
+				buf, err := Marshal(ts)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeTimePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*time.Time)
+				ts, err := timestampProto(*t)
+				if err != nil {
+					return 0
+				}
+				siz := Size(ts)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*time.Time)
+				ts, err := timestampProto(*t)
+				if err != nil {
+					return nil, err
+				}
+				siz := Size(ts)
+				buf, err := Marshal(ts)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeDurationMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			d := ptr.asPointerTo(u.typ).Interface().(*time.Duration)
+			dur := durationProto(*d)
+			siz := Size(dur)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			d := ptr.asPointerTo(u.typ).Interface().(*time.Duration)
+			dur := durationProto(*d)
+			buf, err := Marshal(dur)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeDurationPtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			d := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*time.Duration)
+			dur := durationProto(*d)
+			siz := Size(dur)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			d := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*time.Duration)
+			dur := durationProto(*d)
+			buf, err := Marshal(dur)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeDurationSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				d := elem.Interface().(time.Duration)
+				dur := durationProto(d)
+				siz := Size(dur)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				d := elem.Interface().(time.Duration)
+				dur := durationProto(d)
+				siz := Size(dur)
+				buf, err := Marshal(dur)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeDurationPtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				d := elem.Interface().(*time.Duration)
+				dur := durationProto(*d)
+				siz := Size(dur)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				d := elem.Interface().(*time.Duration)
+				dur := durationProto(*d)
+				siz := Size(dur)
+				buf, err := Marshal(dur)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
diff --git a/vendor/github.com/gogo/protobuf/proto/table_merge.go b/vendor/github.com/gogo/protobuf/proto/table_merge.go
new file mode 100644
index 0000000000000..60dcf70d1e6c6
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/table_merge.go
@@ -0,0 +1,676 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2016 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+	"sync"
+	"sync/atomic"
+)
+
+// Merge merges the src message into dst.
+// This assumes that dst and src of the same type and are non-nil.
+func (a *InternalMessageInfo) Merge(dst, src Message) {
+	mi := atomicLoadMergeInfo(&a.merge)
+	if mi == nil {
+		mi = getMergeInfo(reflect.TypeOf(dst).Elem())
+		atomicStoreMergeInfo(&a.merge, mi)
+	}
+	mi.merge(toPointer(&dst), toPointer(&src))
+}
+
+type mergeInfo struct {
+	typ reflect.Type
+
+	initialized int32 // 0: only typ is valid, 1: everything is valid
+	lock        sync.Mutex
+
+	fields       []mergeFieldInfo
+	unrecognized field // Offset of XXX_unrecognized
+}
+
+type mergeFieldInfo struct {
+	field field // Offset of field, guaranteed to be valid
+
+	// isPointer reports whether the value in the field is a pointer.
+	// This is true for the following situations:
+	//	* Pointer to struct
+	//	* Pointer to basic type (proto2 only)
+	//	* Slice (first value in slice header is a pointer)
+	//	* String (first value in string header is a pointer)
+	isPointer bool
+
+	// basicWidth reports the width of the field assuming that it is directly
+	// embedded in the struct (as is the case for basic types in proto3).
+	// The possible values are:
+	// 	0: invalid
+	//	1: bool
+	//	4: int32, uint32, float32
+	//	8: int64, uint64, float64
+	basicWidth int
+
+	// Where dst and src are pointers to the types being merged.
+	merge func(dst, src pointer)
+}
+
+var (
+	mergeInfoMap  = map[reflect.Type]*mergeInfo{}
+	mergeInfoLock sync.Mutex
+)
+
+func getMergeInfo(t reflect.Type) *mergeInfo {
+	mergeInfoLock.Lock()
+	defer mergeInfoLock.Unlock()
+	mi := mergeInfoMap[t]
+	if mi == nil {
+		mi = &mergeInfo{typ: t}
+		mergeInfoMap[t] = mi
+	}
+	return mi
+}
+
+// merge merges src into dst assuming they are both of type *mi.typ.
+func (mi *mergeInfo) merge(dst, src pointer) {
+	if dst.isNil() {
+		panic("proto: nil destination")
+	}
+	if src.isNil() {
+		return // Nothing to do.
+	}
+
+	if atomic.LoadInt32(&mi.initialized) == 0 {
+		mi.computeMergeInfo()
+	}
+
+	for _, fi := range mi.fields {
+		sfp := src.offset(fi.field)
+
+		// As an optimization, we can avoid the merge function call cost
+		// if we know for sure that the source will have no effect
+		// by checking if it is the zero value.
+		if unsafeAllowed {
+			if fi.isPointer && sfp.getPointer().isNil() { // Could be slice or string
+				continue
+			}
+			if fi.basicWidth > 0 {
+				switch {
+				case fi.basicWidth == 1 && !*sfp.toBool():
+					continue
+				case fi.basicWidth == 4 && *sfp.toUint32() == 0:
+					continue
+				case fi.basicWidth == 8 && *sfp.toUint64() == 0:
+					continue
+				}
+			}
+		}
+
+		dfp := dst.offset(fi.field)
+		fi.merge(dfp, sfp)
+	}
+
+	// TODO: Make this faster?
+	out := dst.asPointerTo(mi.typ).Elem()
+	in := src.asPointerTo(mi.typ).Elem()
+	if emIn, err := extendable(in.Addr().Interface()); err == nil {
+		emOut, _ := extendable(out.Addr().Interface())
+		mIn, muIn := emIn.extensionsRead()
+		if mIn != nil {
+			mOut := emOut.extensionsWrite()
+			muIn.Lock()
+			mergeExtension(mOut, mIn)
+			muIn.Unlock()
+		}
+	}
+
+	if mi.unrecognized.IsValid() {
+		if b := *src.offset(mi.unrecognized).toBytes(); len(b) > 0 {
+			*dst.offset(mi.unrecognized).toBytes() = append([]byte(nil), b...)
+		}
+	}
+}
+
+func (mi *mergeInfo) computeMergeInfo() {
+	mi.lock.Lock()
+	defer mi.lock.Unlock()
+	if mi.initialized != 0 {
+		return
+	}
+	t := mi.typ
+	n := t.NumField()
+
+	props := GetProperties(t)
+	for i := 0; i < n; i++ {
+		f := t.Field(i)
+		if strings.HasPrefix(f.Name, "XXX_") {
+			continue
+		}
+
+		mfi := mergeFieldInfo{field: toField(&f)}
+		tf := f.Type
+
+		// As an optimization, we can avoid the merge function call cost
+		// if we know for sure that the source will have no effect
+		// by checking if it is the zero value.
+		if unsafeAllowed {
+			switch tf.Kind() {
+			case reflect.Ptr, reflect.Slice, reflect.String:
+				// As a special case, we assume slices and strings are pointers
+				// since we know that the first field in the SliceSlice or
+				// StringHeader is a data pointer.
+				mfi.isPointer = true
+			case reflect.Bool:
+				mfi.basicWidth = 1
+			case reflect.Int32, reflect.Uint32, reflect.Float32:
+				mfi.basicWidth = 4
+			case reflect.Int64, reflect.Uint64, reflect.Float64:
+				mfi.basicWidth = 8
+			}
+		}
+
+		// Unwrap tf to get at its most basic type.
+		var isPointer, isSlice bool
+		if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 {
+			isSlice = true
+			tf = tf.Elem()
+		}
+		if tf.Kind() == reflect.Ptr {
+			isPointer = true
+			tf = tf.Elem()
+		}
+		if isPointer && isSlice && tf.Kind() != reflect.Struct {
+			panic("both pointer and slice for basic type in " + tf.Name())
+		}
+
+		switch tf.Kind() {
+		case reflect.Int32:
+			switch {
+			case isSlice: // E.g., []int32
+				mfi.merge = func(dst, src pointer) {
+					// NOTE: toInt32Slice is not defined (see pointer_reflect.go).
+					/*
+						sfsp := src.toInt32Slice()
+						if *sfsp != nil {
+							dfsp := dst.toInt32Slice()
+							*dfsp = append(*dfsp, *sfsp...)
+							if *dfsp == nil {
+								*dfsp = []int64{}
+							}
+						}
+					*/
+					sfs := src.getInt32Slice()
+					if sfs != nil {
+						dfs := dst.getInt32Slice()
+						dfs = append(dfs, sfs...)
+						if dfs == nil {
+							dfs = []int32{}
+						}
+						dst.setInt32Slice(dfs)
+					}
+				}
+			case isPointer: // E.g., *int32
+				mfi.merge = func(dst, src pointer) {
+					// NOTE: toInt32Ptr is not defined (see pointer_reflect.go).
+					/*
+						sfpp := src.toInt32Ptr()
+						if *sfpp != nil {
+							dfpp := dst.toInt32Ptr()
+							if *dfpp == nil {
+								*dfpp = Int32(**sfpp)
+							} else {
+								**dfpp = **sfpp
+							}
+						}
+					*/
+					sfp := src.getInt32Ptr()
+					if sfp != nil {
+						dfp := dst.getInt32Ptr()
+						if dfp == nil {
+							dst.setInt32Ptr(*sfp)
+						} else {
+							*dfp = *sfp
+						}
+					}
+				}
+			default: // E.g., int32
+				mfi.merge = func(dst, src pointer) {
+					if v := *src.toInt32(); v != 0 {
+						*dst.toInt32() = v
+					}
+				}
+			}
+		case reflect.Int64:
+			switch {
+			case isSlice: // E.g., []int64
+				mfi.merge = func(dst, src pointer) {
+					sfsp := src.toInt64Slice()
+					if *sfsp != nil {
+						dfsp := dst.toInt64Slice()
+						*dfsp = append(*dfsp, *sfsp...)
+						if *dfsp == nil {
+							*dfsp = []int64{}
+						}
+					}
+				}
+			case isPointer: // E.g., *int64
+				mfi.merge = func(dst, src pointer) {
+					sfpp := src.toInt64Ptr()
+					if *sfpp != nil {
+						dfpp := dst.toInt64Ptr()
+						if *dfpp == nil {
+							*dfpp = Int64(**sfpp)
+						} else {
+							**dfpp = **sfpp
+						}
+					}
+				}
+			default: // E.g., int64
+				mfi.merge = func(dst, src pointer) {
+					if v := *src.toInt64(); v != 0 {
+						*dst.toInt64() = v
+					}
+				}
+			}
+		case reflect.Uint32:
+			switch {
+			case isSlice: // E.g., []uint32
+				mfi.merge = func(dst, src pointer) {
+					sfsp := src.toUint32Slice()
+					if *sfsp != nil {
+						dfsp := dst.toUint32Slice()
+						*dfsp = append(*dfsp, *sfsp...)
+						if *dfsp == nil {
+							*dfsp = []uint32{}
+						}
+					}
+				}
+			case isPointer: // E.g., *uint32
+				mfi.merge = func(dst, src pointer) {
+					sfpp := src.toUint32Ptr()
+					if *sfpp != nil {
+						dfpp := dst.toUint32Ptr()
+						if *dfpp == nil {
+							*dfpp = Uint32(**sfpp)
+						} else {
+							**dfpp = **sfpp
+						}
+					}
+				}
+			default: // E.g., uint32
+				mfi.merge = func(dst, src pointer) {
+					if v := *src.toUint32(); v != 0 {
+						*dst.toUint32() = v
+					}
+				}
+			}
+		case reflect.Uint64:
+			switch {
+			case isSlice: // E.g., []uint64
+				mfi.merge = func(dst, src pointer) {
+					sfsp := src.toUint64Slice()
+					if *sfsp != nil {
+						dfsp := dst.toUint64Slice()
+						*dfsp = append(*dfsp, *sfsp...)
+						if *dfsp == nil {
+							*dfsp = []uint64{}
+						}
+					}
+				}
+			case isPointer: // E.g., *uint64
+				mfi.merge = func(dst, src pointer) {
+					sfpp := src.toUint64Ptr()
+					if *sfpp != nil {
+						dfpp := dst.toUint64Ptr()
+						if *dfpp == nil {
+							*dfpp = Uint64(**sfpp)
+						} else {
+							**dfpp = **sfpp
+						}
+					}
+				}
+			default: // E.g., uint64
+				mfi.merge = func(dst, src pointer) {
+					if v := *src.toUint64(); v != 0 {
+						*dst.toUint64() = v
+					}
+				}
+			}
+		case reflect.Float32:
+			switch {
+			case isSlice: // E.g., []float32
+				mfi.merge = func(dst, src pointer) {
+					sfsp := src.toFloat32Slice()
+					if *sfsp != nil {
+						dfsp := dst.toFloat32Slice()
+						*dfsp = append(*dfsp, *sfsp...)
+						if *dfsp == nil {
+							*dfsp = []float32{}
+						}
+					}
+				}
+			case isPointer: // E.g., *float32
+				mfi.merge = func(dst, src pointer) {
+					sfpp := src.toFloat32Ptr()
+					if *sfpp != nil {
+						dfpp := dst.toFloat32Ptr()
+						if *dfpp == nil {
+							*dfpp = Float32(**sfpp)
+						} else {
+							**dfpp = **sfpp
+						}
+					}
+				}
+			default: // E.g., float32
+				mfi.merge = func(dst, src pointer) {
+					if v := *src.toFloat32(); v != 0 {
+						*dst.toFloat32() = v
+					}
+				}
+			}
+		case reflect.Float64:
+			switch {
+			case isSlice: // E.g., []float64
+				mfi.merge = func(dst, src pointer) {
+					sfsp := src.toFloat64Slice()
+					if *sfsp != nil {
+						dfsp := dst.toFloat64Slice()
+						*dfsp = append(*dfsp, *sfsp...)
+						if *dfsp == nil {
+							*dfsp = []float64{}
+						}
+					}
+				}
+			case isPointer: // E.g., *float64
+				mfi.merge = func(dst, src pointer) {
+					sfpp := src.toFloat64Ptr()
+					if *sfpp != nil {
+						dfpp := dst.toFloat64Ptr()
+						if *dfpp == nil {
+							*dfpp = Float64(**sfpp)
+						} else {
+							**dfpp = **sfpp
+						}
+					}
+				}
+			default: // E.g., float64
+				mfi.merge = func(dst, src pointer) {
+					if v := *src.toFloat64(); v != 0 {
+						*dst.toFloat64() = v
+					}
+				}
+			}
+		case reflect.Bool:
+			switch {
+			case isSlice: // E.g., []bool
+				mfi.merge = func(dst, src pointer) {
+					sfsp := src.toBoolSlice()
+					if *sfsp != nil {
+						dfsp := dst.toBoolSlice()
+						*dfsp = append(*dfsp, *sfsp...)
+						if *dfsp == nil {
+							*dfsp = []bool{}
+						}
+					}
+				}
+			case isPointer: // E.g., *bool
+				mfi.merge = func(dst, src pointer) {
+					sfpp := src.toBoolPtr()
+					if *sfpp != nil {
+						dfpp := dst.toBoolPtr()
+						if *dfpp == nil {
+							*dfpp = Bool(**sfpp)
+						} else {
+							**dfpp = **sfpp
+						}
+					}
+				}
+			default: // E.g., bool
+				mfi.merge = func(dst, src pointer) {
+					if v := *src.toBool(); v {
+						*dst.toBool() = v
+					}
+				}
+			}
+		case reflect.String:
+			switch {
+			case isSlice: // E.g., []string
+				mfi.merge = func(dst, src pointer) {
+					sfsp := src.toStringSlice()
+					if *sfsp != nil {
+						dfsp := dst.toStringSlice()
+						*dfsp = append(*dfsp, *sfsp...)
+						if *dfsp == nil {
+							*dfsp = []string{}
+						}
+					}
+				}
+			case isPointer: // E.g., *string
+				mfi.merge = func(dst, src pointer) {
+					sfpp := src.toStringPtr()
+					if *sfpp != nil {
+						dfpp := dst.toStringPtr()
+						if *dfpp == nil {
+							*dfpp = String(**sfpp)
+						} else {
+							**dfpp = **sfpp
+						}
+					}
+				}
+			default: // E.g., string
+				mfi.merge = func(dst, src pointer) {
+					if v := *src.toString(); v != "" {
+						*dst.toString() = v
+					}
+				}
+			}
+		case reflect.Slice:
+			isProto3 := props.Prop[i].proto3
+			switch {
+			case isPointer:
+				panic("bad pointer in byte slice case in " + tf.Name())
+			case tf.Elem().Kind() != reflect.Uint8:
+				panic("bad element kind in byte slice case in " + tf.Name())
+			case isSlice: // E.g., [][]byte
+				mfi.merge = func(dst, src pointer) {
+					sbsp := src.toBytesSlice()
+					if *sbsp != nil {
+						dbsp := dst.toBytesSlice()
+						for _, sb := range *sbsp {
+							if sb == nil {
+								*dbsp = append(*dbsp, nil)
+							} else {
+								*dbsp = append(*dbsp, append([]byte{}, sb...))
+							}
+						}
+						if *dbsp == nil {
+							*dbsp = [][]byte{}
+						}
+					}
+				}
+			default: // E.g., []byte
+				mfi.merge = func(dst, src pointer) {
+					sbp := src.toBytes()
+					if *sbp != nil {
+						dbp := dst.toBytes()
+						if !isProto3 || len(*sbp) > 0 {
+							*dbp = append([]byte{}, *sbp...)
+						}
+					}
+				}
+			}
+		case reflect.Struct:
+			switch {
+			case isSlice && !isPointer: // E.g. []pb.T
+				mergeInfo := getMergeInfo(tf)
+				zero := reflect.Zero(tf)
+				mfi.merge = func(dst, src pointer) {
+					// TODO: Make this faster?
+					dstsp := dst.asPointerTo(f.Type)
+					dsts := dstsp.Elem()
+					srcs := src.asPointerTo(f.Type).Elem()
+					for i := 0; i < srcs.Len(); i++ {
+						dsts = reflect.Append(dsts, zero)
+						srcElement := srcs.Index(i).Addr()
+						dstElement := dsts.Index(dsts.Len() - 1).Addr()
+						mergeInfo.merge(valToPointer(dstElement), valToPointer(srcElement))
+					}
+					if dsts.IsNil() {
+						dsts = reflect.MakeSlice(f.Type, 0, 0)
+					}
+					dstsp.Elem().Set(dsts)
+				}
+			case !isPointer:
+				mergeInfo := getMergeInfo(tf)
+				mfi.merge = func(dst, src pointer) {
+					mergeInfo.merge(dst, src)
+				}
+			case isSlice: // E.g., []*pb.T
+				mergeInfo := getMergeInfo(tf)
+				mfi.merge = func(dst, src pointer) {
+					sps := src.getPointerSlice()
+					if sps != nil {
+						dps := dst.getPointerSlice()
+						for _, sp := range sps {
+							var dp pointer
+							if !sp.isNil() {
+								dp = valToPointer(reflect.New(tf))
+								mergeInfo.merge(dp, sp)
+							}
+							dps = append(dps, dp)
+						}
+						if dps == nil {
+							dps = []pointer{}
+						}
+						dst.setPointerSlice(dps)
+					}
+				}
+			default: // E.g., *pb.T
+				mergeInfo := getMergeInfo(tf)
+				mfi.merge = func(dst, src pointer) {
+					sp := src.getPointer()
+					if !sp.isNil() {
+						dp := dst.getPointer()
+						if dp.isNil() {
+							dp = valToPointer(reflect.New(tf))
+							dst.setPointer(dp)
+						}
+						mergeInfo.merge(dp, sp)
+					}
+				}
+			}
+		case reflect.Map:
+			switch {
+			case isPointer || isSlice:
+				panic("bad pointer or slice in map case in " + tf.Name())
+			default: // E.g., map[K]V
+				mfi.merge = func(dst, src pointer) {
+					sm := src.asPointerTo(tf).Elem()
+					if sm.Len() == 0 {
+						return
+					}
+					dm := dst.asPointerTo(tf).Elem()
+					if dm.IsNil() {
+						dm.Set(reflect.MakeMap(tf))
+					}
+
+					switch tf.Elem().Kind() {
+					case reflect.Ptr: // Proto struct (e.g., *T)
+						for _, key := range sm.MapKeys() {
+							val := sm.MapIndex(key)
+							val = reflect.ValueOf(Clone(val.Interface().(Message)))
+							dm.SetMapIndex(key, val)
+						}
+					case reflect.Slice: // E.g. Bytes type (e.g., []byte)
+						for _, key := range sm.MapKeys() {
+							val := sm.MapIndex(key)
+							val = reflect.ValueOf(append([]byte{}, val.Bytes()...))
+							dm.SetMapIndex(key, val)
+						}
+					default: // Basic type (e.g., string)
+						for _, key := range sm.MapKeys() {
+							val := sm.MapIndex(key)
+							dm.SetMapIndex(key, val)
+						}
+					}
+				}
+			}
+		case reflect.Interface:
+			// Must be oneof field.
+			switch {
+			case isPointer || isSlice:
+				panic("bad pointer or slice in interface case in " + tf.Name())
+			default: // E.g., interface{}
+				// TODO: Make this faster?
+				mfi.merge = func(dst, src pointer) {
+					su := src.asPointerTo(tf).Elem()
+					if !su.IsNil() {
+						du := dst.asPointerTo(tf).Elem()
+						typ := su.Elem().Type()
+						if du.IsNil() || du.Elem().Type() != typ {
+							du.Set(reflect.New(typ.Elem())) // Initialize interface if empty
+						}
+						sv := su.Elem().Elem().Field(0)
+						if sv.Kind() == reflect.Ptr && sv.IsNil() {
+							return
+						}
+						dv := du.Elem().Elem().Field(0)
+						if dv.Kind() == reflect.Ptr && dv.IsNil() {
+							dv.Set(reflect.New(sv.Type().Elem())) // Initialize proto message if empty
+						}
+						switch sv.Type().Kind() {
+						case reflect.Ptr: // Proto struct (e.g., *T)
+							Merge(dv.Interface().(Message), sv.Interface().(Message))
+						case reflect.Slice: // E.g. Bytes type (e.g., []byte)
+							dv.Set(reflect.ValueOf(append([]byte{}, sv.Bytes()...)))
+						default: // Basic type (e.g., string)
+							dv.Set(sv)
+						}
+					}
+				}
+			}
+		default:
+			panic(fmt.Sprintf("merger not found for type:%s", tf))
+		}
+		mi.fields = append(mi.fields, mfi)
+	}
+
+	mi.unrecognized = invalidField
+	if f, ok := t.FieldByName("XXX_unrecognized"); ok {
+		if f.Type != reflect.TypeOf([]byte{}) {
+			panic("expected XXX_unrecognized to be of type []byte")
+		}
+		mi.unrecognized = toField(&f)
+	}
+
+	atomic.StoreInt32(&mi.initialized, 1)
+}
diff --git a/vendor/github.com/gogo/protobuf/proto/table_unmarshal.go b/vendor/github.com/gogo/protobuf/proto/table_unmarshal.go
new file mode 100644
index 0000000000000..937229386a27c
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/table_unmarshal.go
@@ -0,0 +1,2249 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2016 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"reflect"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"unicode/utf8"
+)
+
+// Unmarshal is the entry point from the generated .pb.go files.
+// This function is not intended to be used by non-generated code.
+// This function is not subject to any compatibility guarantee.
+// msg contains a pointer to a protocol buffer struct.
+// b is the data to be unmarshaled into the protocol buffer.
+// a is a pointer to a place to store cached unmarshal information.
+func (a *InternalMessageInfo) Unmarshal(msg Message, b []byte) error {
+	// Load the unmarshal information for this message type.
+	// The atomic load ensures memory consistency.
+	u := atomicLoadUnmarshalInfo(&a.unmarshal)
+	if u == nil {
+		// Slow path: find unmarshal info for msg, update a with it.
+		u = getUnmarshalInfo(reflect.TypeOf(msg).Elem())
+		atomicStoreUnmarshalInfo(&a.unmarshal, u)
+	}
+	// Then do the unmarshaling.
+	err := u.unmarshal(toPointer(&msg), b)
+	return err
+}
+
+type unmarshalInfo struct {
+	typ reflect.Type // type of the protobuf struct
+
+	// 0 = only typ field is initialized
+	// 1 = completely initialized
+	initialized     int32
+	lock            sync.Mutex                    // prevents double initialization
+	dense           []unmarshalFieldInfo          // fields indexed by tag #
+	sparse          map[uint64]unmarshalFieldInfo // fields indexed by tag #
+	reqFields       []string                      // names of required fields
+	reqMask         uint64                        // 1<<len(reqFields)-1
+	unrecognized    field                         // offset of []byte to put unrecognized data (or invalidField if we should throw it away)
+	extensions      field                         // offset of extensions field (of type proto.XXX_InternalExtensions), or invalidField if it does not exist
+	oldExtensions   field                         // offset of old-form extensions field (of type map[int]Extension)
+	extensionRanges []ExtensionRange              // if non-nil, implies extensions field is valid
+	isMessageSet    bool                          // if true, implies extensions field is valid
+
+	bytesExtensions field // offset of XXX_extensions with type []byte
+}
+
+// An unmarshaler takes a stream of bytes and a pointer to a field of a message.
+// It decodes the field, stores it at f, and returns the unused bytes.
+// w is the wire encoding.
+// b is the data after the tag and wire encoding have been read.
+type unmarshaler func(b []byte, f pointer, w int) ([]byte, error)
+
+type unmarshalFieldInfo struct {
+	// location of the field in the proto message structure.
+	field field
+
+	// function to unmarshal the data for the field.
+	unmarshal unmarshaler
+
+	// if a required field, contains a single set bit at this field's index in the required field list.
+	reqMask uint64
+
+	name string // name of the field, for error reporting
+}
+
+var (
+	unmarshalInfoMap  = map[reflect.Type]*unmarshalInfo{}
+	unmarshalInfoLock sync.Mutex
+)
+
+// getUnmarshalInfo returns the data structure which can be
+// subsequently used to unmarshal a message of the given type.
+// t is the type of the message (note: not pointer to message).
+func getUnmarshalInfo(t reflect.Type) *unmarshalInfo {
+	// It would be correct to return a new unmarshalInfo
+	// unconditionally. We would end up allocating one
+	// per occurrence of that type as a message or submessage.
+	// We use a cache here just to reduce memory usage.
+	unmarshalInfoLock.Lock()
+	defer unmarshalInfoLock.Unlock()
+	u := unmarshalInfoMap[t]
+	if u == nil {
+		u = &unmarshalInfo{typ: t}
+		// Note: we just set the type here. The rest of the fields
+		// will be initialized on first use.
+		unmarshalInfoMap[t] = u
+	}
+	return u
+}
+
+// unmarshal does the main work of unmarshaling a message.
+// u provides type information used to unmarshal the message.
+// m is a pointer to a protocol buffer message.
+// b is a byte stream to unmarshal into m.
+// This is top routine used when recursively unmarshaling submessages.
+func (u *unmarshalInfo) unmarshal(m pointer, b []byte) error {
+	if atomic.LoadInt32(&u.initialized) == 0 {
+		u.computeUnmarshalInfo()
+	}
+	if u.isMessageSet {
+		return unmarshalMessageSet(b, m.offset(u.extensions).toExtensions())
+	}
+	var reqMask uint64 // bitmask of required fields we've seen.
+	var errLater error
+	for len(b) > 0 {
+		// Read tag and wire type.
+		// Special case 1 and 2 byte varints.
+		var x uint64
+		if b[0] < 128 {
+			x = uint64(b[0])
+			b = b[1:]
+		} else if len(b) >= 2 && b[1] < 128 {
+			x = uint64(b[0]&0x7f) + uint64(b[1])<<7
+			b = b[2:]
+		} else {
+			var n int
+			x, n = decodeVarint(b)
+			if n == 0 {
+				return io.ErrUnexpectedEOF
+			}
+			b = b[n:]
+		}
+		tag := x >> 3
+		wire := int(x) & 7
+
+		// Dispatch on the tag to one of the unmarshal* functions below.
+		var f unmarshalFieldInfo
+		if tag < uint64(len(u.dense)) {
+			f = u.dense[tag]
+		} else {
+			f = u.sparse[tag]
+		}
+		if fn := f.unmarshal; fn != nil {
+			var err error
+			b, err = fn(b, m.offset(f.field), wire)
+			if err == nil {
+				reqMask |= f.reqMask
+				continue
+			}
+			if r, ok := err.(*RequiredNotSetError); ok {
+				// Remember this error, but keep parsing. We need to produce
+				// a full parse even if a required field is missing.
+				if errLater == nil {
+					errLater = r
+				}
+				reqMask |= f.reqMask
+				continue
+			}
+			if err != errInternalBadWireType {
+				if err == errInvalidUTF8 {
+					if errLater == nil {
+						fullName := revProtoTypes[reflect.PtrTo(u.typ)] + "." + f.name
+						errLater = &invalidUTF8Error{fullName}
+					}
+					continue
+				}
+				return err
+			}
+			// Fragments with bad wire type are treated as unknown fields.
+		}
+
+		// Unknown tag.
+		if !u.unrecognized.IsValid() {
+			// Don't keep unrecognized data; just skip it.
+			var err error
+			b, err = skipField(b, wire)
+			if err != nil {
+				return err
+			}
+			continue
+		}
+		// Keep unrecognized data around.
+		// maybe in extensions, maybe in the unrecognized field.
+		z := m.offset(u.unrecognized).toBytes()
+		var emap map[int32]Extension
+		var e Extension
+		for _, r := range u.extensionRanges {
+			if uint64(r.Start) <= tag && tag <= uint64(r.End) {
+				if u.extensions.IsValid() {
+					mp := m.offset(u.extensions).toExtensions()
+					emap = mp.extensionsWrite()
+					e = emap[int32(tag)]
+					z = &e.enc
+					break
+				}
+				if u.oldExtensions.IsValid() {
+					p := m.offset(u.oldExtensions).toOldExtensions()
+					emap = *p
+					if emap == nil {
+						emap = map[int32]Extension{}
+						*p = emap
+					}
+					e = emap[int32(tag)]
+					z = &e.enc
+					break
+				}
+				if u.bytesExtensions.IsValid() {
+					z = m.offset(u.bytesExtensions).toBytes()
+					break
+				}
+				panic("no extensions field available")
+			}
+		}
+		// Use wire type to skip data.
+		var err error
+		b0 := b
+		b, err = skipField(b, wire)
+		if err != nil {
+			return err
+		}
+		*z = encodeVarint(*z, tag<<3|uint64(wire))
+		*z = append(*z, b0[:len(b0)-len(b)]...)
+
+		if emap != nil {
+			emap[int32(tag)] = e
+		}
+	}
+	if reqMask != u.reqMask && errLater == nil {
+		// A required field of this message is missing.
+		for _, n := range u.reqFields {
+			if reqMask&1 == 0 {
+				errLater = &RequiredNotSetError{n}
+			}
+			reqMask >>= 1
+		}
+	}
+	return errLater
+}
+
+// computeUnmarshalInfo fills in u with information for use
+// in unmarshaling protocol buffers of type u.typ.
+func (u *unmarshalInfo) computeUnmarshalInfo() {
+	u.lock.Lock()
+	defer u.lock.Unlock()
+	if u.initialized != 0 {
+		return
+	}
+	t := u.typ
+	n := t.NumField()
+
+	// Set up the "not found" value for the unrecognized byte buffer.
+	// This is the default for proto3.
+	u.unrecognized = invalidField
+	u.extensions = invalidField
+	u.oldExtensions = invalidField
+	u.bytesExtensions = invalidField
+
+	// List of the generated type and offset for each oneof field.
+	type oneofField struct {
+		ityp  reflect.Type // interface type of oneof field
+		field field        // offset in containing message
+	}
+	var oneofFields []oneofField
+
+	for i := 0; i < n; i++ {
+		f := t.Field(i)
+		if f.Name == "XXX_unrecognized" {
+			// The byte slice used to hold unrecognized input is special.
+			if f.Type != reflect.TypeOf(([]byte)(nil)) {
+				panic("bad type for XXX_unrecognized field: " + f.Type.Name())
+			}
+			u.unrecognized = toField(&f)
+			continue
+		}
+		if f.Name == "XXX_InternalExtensions" {
+			// Ditto here.
+			if f.Type != reflect.TypeOf(XXX_InternalExtensions{}) {
+				panic("bad type for XXX_InternalExtensions field: " + f.Type.Name())
+			}
+			u.extensions = toField(&f)
+			if f.Tag.Get("protobuf_messageset") == "1" {
+				u.isMessageSet = true
+			}
+			continue
+		}
+		if f.Name == "XXX_extensions" {
+			// An older form of the extensions field.
+			if f.Type == reflect.TypeOf((map[int32]Extension)(nil)) {
+				u.oldExtensions = toField(&f)
+				continue
+			} else if f.Type == reflect.TypeOf(([]byte)(nil)) {
+				u.bytesExtensions = toField(&f)
+				continue
+			}
+			panic("bad type for XXX_extensions field: " + f.Type.Name())
+		}
+		if f.Name == "XXX_NoUnkeyedLiteral" || f.Name == "XXX_sizecache" {
+			continue
+		}
+
+		oneof := f.Tag.Get("protobuf_oneof")
+		if oneof != "" {
+			oneofFields = append(oneofFields, oneofField{f.Type, toField(&f)})
+			// The rest of oneof processing happens below.
+			continue
+		}
+
+		tags := f.Tag.Get("protobuf")
+		tagArray := strings.Split(tags, ",")
+		if len(tagArray) < 2 {
+			panic("protobuf tag not enough fields in " + t.Name() + "." + f.Name + ": " + tags)
+		}
+		tag, err := strconv.Atoi(tagArray[1])
+		if err != nil {
+			panic("protobuf tag field not an integer: " + tagArray[1])
+		}
+
+		name := ""
+		for _, tag := range tagArray[3:] {
+			if strings.HasPrefix(tag, "name=") {
+				name = tag[5:]
+			}
+		}
+
+		// Extract unmarshaling function from the field (its type and tags).
+		unmarshal := fieldUnmarshaler(&f)
+
+		// Required field?
+		var reqMask uint64
+		if tagArray[2] == "req" {
+			bit := len(u.reqFields)
+			u.reqFields = append(u.reqFields, name)
+			reqMask = uint64(1) << uint(bit)
+			// TODO: if we have more than 64 required fields, we end up
+			// not verifying that all required fields are present.
+			// Fix this, perhaps using a count of required fields?
+		}
+
+		// Store the info in the correct slot in the message.
+		u.setTag(tag, toField(&f), unmarshal, reqMask, name)
+	}
+
+	// Find any types associated with oneof fields.
+	// gogo: len(oneofFields) > 0 is needed for embedded oneof messages, without a marshaler and unmarshaler
+	if len(oneofFields) > 0 {
+		var oneofImplementers []interface{}
+		switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
+		case oneofFuncsIface:
+			_, _, _, oneofImplementers = m.XXX_OneofFuncs()
+		case oneofWrappersIface:
+			oneofImplementers = m.XXX_OneofWrappers()
+		}
+		for _, v := range oneofImplementers {
+			tptr := reflect.TypeOf(v) // *Msg_X
+			typ := tptr.Elem()        // Msg_X
+
+			f := typ.Field(0) // oneof implementers have one field
+			baseUnmarshal := fieldUnmarshaler(&f)
+			tags := strings.Split(f.Tag.Get("protobuf"), ",")
+			fieldNum, err := strconv.Atoi(tags[1])
+			if err != nil {
+				panic("protobuf tag field not an integer: " + tags[1])
+			}
+			var name string
+			for _, tag := range tags {
+				if strings.HasPrefix(tag, "name=") {
+					name = strings.TrimPrefix(tag, "name=")
+					break
+				}
+			}
+
+			// Find the oneof field that this struct implements.
+			// Might take O(n^2) to process all of the oneofs, but who cares.
+			for _, of := range oneofFields {
+				if tptr.Implements(of.ityp) {
+					// We have found the corresponding interface for this struct.
+					// That lets us know where this struct should be stored
+					// when we encounter it during unmarshaling.
+					unmarshal := makeUnmarshalOneof(typ, of.ityp, baseUnmarshal)
+					u.setTag(fieldNum, of.field, unmarshal, 0, name)
+				}
+			}
+
+		}
+	}
+
+	// Get extension ranges, if any.
+	fn := reflect.Zero(reflect.PtrTo(t)).MethodByName("ExtensionRangeArray")
+	if fn.IsValid() {
+		if !u.extensions.IsValid() && !u.oldExtensions.IsValid() && !u.bytesExtensions.IsValid() {
+			panic("a message with extensions, but no extensions field in " + t.Name())
+		}
+		u.extensionRanges = fn.Call(nil)[0].Interface().([]ExtensionRange)
+	}
+
+	// Explicitly disallow tag 0. This will ensure we flag an error
+	// when decoding a buffer of all zeros. Without this code, we
+	// would decode and skip an all-zero buffer of even length.
+	// [0 0] is [tag=0/wiretype=varint varint-encoded-0].
+	u.setTag(0, zeroField, func(b []byte, f pointer, w int) ([]byte, error) {
+		return nil, fmt.Errorf("proto: %s: illegal tag 0 (wire type %d)", t, w)
+	}, 0, "")
+
+	// Set mask for required field check.
+	u.reqMask = uint64(1)<<uint(len(u.reqFields)) - 1
+
+	atomic.StoreInt32(&u.initialized, 1)
+}
+
+// setTag stores the unmarshal information for the given tag.
+// tag = tag # for field
+// field/unmarshal = unmarshal info for that field.
+// reqMask = if required, bitmask for field position in required field list. 0 otherwise.
+// name = short name of the field.
+func (u *unmarshalInfo) setTag(tag int, field field, unmarshal unmarshaler, reqMask uint64, name string) {
+	i := unmarshalFieldInfo{field: field, unmarshal: unmarshal, reqMask: reqMask, name: name}
+	n := u.typ.NumField()
+	if tag >= 0 && (tag < 16 || tag < 2*n) { // TODO: what are the right numbers here?
+		for len(u.dense) <= tag {
+			u.dense = append(u.dense, unmarshalFieldInfo{})
+		}
+		u.dense[tag] = i
+		return
+	}
+	if u.sparse == nil {
+		u.sparse = map[uint64]unmarshalFieldInfo{}
+	}
+	u.sparse[uint64(tag)] = i
+}
+
+// fieldUnmarshaler returns an unmarshaler for the given field.
+func fieldUnmarshaler(f *reflect.StructField) unmarshaler {
+	if f.Type.Kind() == reflect.Map {
+		return makeUnmarshalMap(f)
+	}
+	return typeUnmarshaler(f.Type, f.Tag.Get("protobuf"))
+}
+
+// typeUnmarshaler returns an unmarshaler for the given field type / field tag pair.
+func typeUnmarshaler(t reflect.Type, tags string) unmarshaler {
+	tagArray := strings.Split(tags, ",")
+	encoding := tagArray[0]
+	name := "unknown"
+	ctype := false
+	isTime := false
+	isDuration := false
+	isWktPointer := false
+	proto3 := false
+	validateUTF8 := true
+	for _, tag := range tagArray[3:] {
+		if strings.HasPrefix(tag, "name=") {
+			name = tag[5:]
+		}
+		if tag == "proto3" {
+			proto3 = true
+		}
+		if strings.HasPrefix(tag, "customtype=") {
+			ctype = true
+		}
+		if tag == "stdtime" {
+			isTime = true
+		}
+		if tag == "stdduration" {
+			isDuration = true
+		}
+		if tag == "wktptr" {
+			isWktPointer = true
+		}
+	}
+	validateUTF8 = validateUTF8 && proto3
+
+	// Figure out packaging (pointer, slice, or both)
+	slice := false
+	pointer := false
+	if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 {
+		slice = true
+		t = t.Elem()
+	}
+	if t.Kind() == reflect.Ptr {
+		pointer = true
+		t = t.Elem()
+	}
+
+	if ctype {
+		if reflect.PtrTo(t).Implements(customType) {
+			if slice {
+				return makeUnmarshalCustomSlice(getUnmarshalInfo(t), name)
+			}
+			if pointer {
+				return makeUnmarshalCustomPtr(getUnmarshalInfo(t), name)
+			}
+			return makeUnmarshalCustom(getUnmarshalInfo(t), name)
+		} else {
+			panic(fmt.Sprintf("custom type: type: %v, does not implement the proto.custom interface", t))
+		}
+	}
+
+	if isTime {
+		if pointer {
+			if slice {
+				return makeUnmarshalTimePtrSlice(getUnmarshalInfo(t), name)
+			}
+			return makeUnmarshalTimePtr(getUnmarshalInfo(t), name)
+		}
+		if slice {
+			return makeUnmarshalTimeSlice(getUnmarshalInfo(t), name)
+		}
+		return makeUnmarshalTime(getUnmarshalInfo(t), name)
+	}
+
+	if isDuration {
+		if pointer {
+			if slice {
+				return makeUnmarshalDurationPtrSlice(getUnmarshalInfo(t), name)
+			}
+			return makeUnmarshalDurationPtr(getUnmarshalInfo(t), name)
+		}
+		if slice {
+			return makeUnmarshalDurationSlice(getUnmarshalInfo(t), name)
+		}
+		return makeUnmarshalDuration(getUnmarshalInfo(t), name)
+	}
+
+	if isWktPointer {
+		switch t.Kind() {
+		case reflect.Float64:
+			if pointer {
+				if slice {
+					return makeStdDoubleValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdDoubleValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdDoubleValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdDoubleValueUnmarshaler(getUnmarshalInfo(t), name)
+		case reflect.Float32:
+			if pointer {
+				if slice {
+					return makeStdFloatValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdFloatValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdFloatValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdFloatValueUnmarshaler(getUnmarshalInfo(t), name)
+		case reflect.Int64:
+			if pointer {
+				if slice {
+					return makeStdInt64ValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdInt64ValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdInt64ValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdInt64ValueUnmarshaler(getUnmarshalInfo(t), name)
+		case reflect.Uint64:
+			if pointer {
+				if slice {
+					return makeStdUInt64ValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdUInt64ValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdUInt64ValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdUInt64ValueUnmarshaler(getUnmarshalInfo(t), name)
+		case reflect.Int32:
+			if pointer {
+				if slice {
+					return makeStdInt32ValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdInt32ValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdInt32ValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdInt32ValueUnmarshaler(getUnmarshalInfo(t), name)
+		case reflect.Uint32:
+			if pointer {
+				if slice {
+					return makeStdUInt32ValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdUInt32ValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdUInt32ValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdUInt32ValueUnmarshaler(getUnmarshalInfo(t), name)
+		case reflect.Bool:
+			if pointer {
+				if slice {
+					return makeStdBoolValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdBoolValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdBoolValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdBoolValueUnmarshaler(getUnmarshalInfo(t), name)
+		case reflect.String:
+			if pointer {
+				if slice {
+					return makeStdStringValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdStringValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdStringValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdStringValueUnmarshaler(getUnmarshalInfo(t), name)
+		case uint8SliceType:
+			if pointer {
+				if slice {
+					return makeStdBytesValuePtrSliceUnmarshaler(getUnmarshalInfo(t), name)
+				}
+				return makeStdBytesValuePtrUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			if slice {
+				return makeStdBytesValueSliceUnmarshaler(getUnmarshalInfo(t), name)
+			}
+			return makeStdBytesValueUnmarshaler(getUnmarshalInfo(t), name)
+		default:
+			panic(fmt.Sprintf("unknown wktpointer type %#v", t))
+		}
+	}
+
+	// We'll never have both pointer and slice for basic types.
+	if pointer && slice && t.Kind() != reflect.Struct {
+		panic("both pointer and slice for basic type in " + t.Name())
+	}
+
+	switch t.Kind() {
+	case reflect.Bool:
+		if pointer {
+			return unmarshalBoolPtr
+		}
+		if slice {
+			return unmarshalBoolSlice
+		}
+		return unmarshalBoolValue
+	case reflect.Int32:
+		switch encoding {
+		case "fixed32":
+			if pointer {
+				return unmarshalFixedS32Ptr
+			}
+			if slice {
+				return unmarshalFixedS32Slice
+			}
+			return unmarshalFixedS32Value
+		case "varint":
+			// this could be int32 or enum
+			if pointer {
+				return unmarshalInt32Ptr
+			}
+			if slice {
+				return unmarshalInt32Slice
+			}
+			return unmarshalInt32Value
+		case "zigzag32":
+			if pointer {
+				return unmarshalSint32Ptr
+			}
+			if slice {
+				return unmarshalSint32Slice
+			}
+			return unmarshalSint32Value
+		}
+	case reflect.Int64:
+		switch encoding {
+		case "fixed64":
+			if pointer {
+				return unmarshalFixedS64Ptr
+			}
+			if slice {
+				return unmarshalFixedS64Slice
+			}
+			return unmarshalFixedS64Value
+		case "varint":
+			if pointer {
+				return unmarshalInt64Ptr
+			}
+			if slice {
+				return unmarshalInt64Slice
+			}
+			return unmarshalInt64Value
+		case "zigzag64":
+			if pointer {
+				return unmarshalSint64Ptr
+			}
+			if slice {
+				return unmarshalSint64Slice
+			}
+			return unmarshalSint64Value
+		}
+	case reflect.Uint32:
+		switch encoding {
+		case "fixed32":
+			if pointer {
+				return unmarshalFixed32Ptr
+			}
+			if slice {
+				return unmarshalFixed32Slice
+			}
+			return unmarshalFixed32Value
+		case "varint":
+			if pointer {
+				return unmarshalUint32Ptr
+			}
+			if slice {
+				return unmarshalUint32Slice
+			}
+			return unmarshalUint32Value
+		}
+	case reflect.Uint64:
+		switch encoding {
+		case "fixed64":
+			if pointer {
+				return unmarshalFixed64Ptr
+			}
+			if slice {
+				return unmarshalFixed64Slice
+			}
+			return unmarshalFixed64Value
+		case "varint":
+			if pointer {
+				return unmarshalUint64Ptr
+			}
+			if slice {
+				return unmarshalUint64Slice
+			}
+			return unmarshalUint64Value
+		}
+	case reflect.Float32:
+		if pointer {
+			return unmarshalFloat32Ptr
+		}
+		if slice {
+			return unmarshalFloat32Slice
+		}
+		return unmarshalFloat32Value
+	case reflect.Float64:
+		if pointer {
+			return unmarshalFloat64Ptr
+		}
+		if slice {
+			return unmarshalFloat64Slice
+		}
+		return unmarshalFloat64Value
+	case reflect.Map:
+		panic("map type in typeUnmarshaler in " + t.Name())
+	case reflect.Slice:
+		if pointer {
+			panic("bad pointer in slice case in " + t.Name())
+		}
+		if slice {
+			return unmarshalBytesSlice
+		}
+		return unmarshalBytesValue
+	case reflect.String:
+		if validateUTF8 {
+			if pointer {
+				return unmarshalUTF8StringPtr
+			}
+			if slice {
+				return unmarshalUTF8StringSlice
+			}
+			return unmarshalUTF8StringValue
+		}
+		if pointer {
+			return unmarshalStringPtr
+		}
+		if slice {
+			return unmarshalStringSlice
+		}
+		return unmarshalStringValue
+	case reflect.Struct:
+		// message or group field
+		if !pointer {
+			switch encoding {
+			case "bytes":
+				if slice {
+					return makeUnmarshalMessageSlice(getUnmarshalInfo(t), name)
+				}
+				return makeUnmarshalMessage(getUnmarshalInfo(t), name)
+			}
+		}
+		switch encoding {
+		case "bytes":
+			if slice {
+				return makeUnmarshalMessageSlicePtr(getUnmarshalInfo(t), name)
+			}
+			return makeUnmarshalMessagePtr(getUnmarshalInfo(t), name)
+		case "group":
+			if slice {
+				return makeUnmarshalGroupSlicePtr(getUnmarshalInfo(t), name)
+			}
+			return makeUnmarshalGroupPtr(getUnmarshalInfo(t), name)
+		}
+	}
+	panic(fmt.Sprintf("unmarshaler not found type:%s encoding:%s", t, encoding))
+}
+
+// Below are all the unmarshalers for individual fields of various types.
+
+func unmarshalInt64Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int64(x)
+	*f.toInt64() = v
+	return b, nil
+}
+
+func unmarshalInt64Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int64(x)
+	*f.toInt64Ptr() = &v
+	return b, nil
+}
+
+func unmarshalInt64Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			x, n = decodeVarint(b)
+			if n == 0 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			b = b[n:]
+			v := int64(x)
+			s := f.toInt64Slice()
+			*s = append(*s, v)
+		}
+		return res, nil
+	}
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int64(x)
+	s := f.toInt64Slice()
+	*s = append(*s, v)
+	return b, nil
+}
+
+func unmarshalSint64Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int64(x>>1) ^ int64(x)<<63>>63
+	*f.toInt64() = v
+	return b, nil
+}
+
+func unmarshalSint64Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int64(x>>1) ^ int64(x)<<63>>63
+	*f.toInt64Ptr() = &v
+	return b, nil
+}
+
+func unmarshalSint64Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			x, n = decodeVarint(b)
+			if n == 0 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			b = b[n:]
+			v := int64(x>>1) ^ int64(x)<<63>>63
+			s := f.toInt64Slice()
+			*s = append(*s, v)
+		}
+		return res, nil
+	}
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int64(x>>1) ^ int64(x)<<63>>63
+	s := f.toInt64Slice()
+	*s = append(*s, v)
+	return b, nil
+}
+
+func unmarshalUint64Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := uint64(x)
+	*f.toUint64() = v
+	return b, nil
+}
+
+func unmarshalUint64Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := uint64(x)
+	*f.toUint64Ptr() = &v
+	return b, nil
+}
+
+func unmarshalUint64Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			x, n = decodeVarint(b)
+			if n == 0 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			b = b[n:]
+			v := uint64(x)
+			s := f.toUint64Slice()
+			*s = append(*s, v)
+		}
+		return res, nil
+	}
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := uint64(x)
+	s := f.toUint64Slice()
+	*s = append(*s, v)
+	return b, nil
+}
+
+func unmarshalInt32Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int32(x)
+	*f.toInt32() = v
+	return b, nil
+}
+
+func unmarshalInt32Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int32(x)
+	f.setInt32Ptr(v)
+	return b, nil
+}
+
+func unmarshalInt32Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			x, n = decodeVarint(b)
+			if n == 0 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			b = b[n:]
+			v := int32(x)
+			f.appendInt32Slice(v)
+		}
+		return res, nil
+	}
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int32(x)
+	f.appendInt32Slice(v)
+	return b, nil
+}
+
+func unmarshalSint32Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int32(x>>1) ^ int32(x)<<31>>31
+	*f.toInt32() = v
+	return b, nil
+}
+
+func unmarshalSint32Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int32(x>>1) ^ int32(x)<<31>>31
+	f.setInt32Ptr(v)
+	return b, nil
+}
+
+func unmarshalSint32Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			x, n = decodeVarint(b)
+			if n == 0 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			b = b[n:]
+			v := int32(x>>1) ^ int32(x)<<31>>31
+			f.appendInt32Slice(v)
+		}
+		return res, nil
+	}
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := int32(x>>1) ^ int32(x)<<31>>31
+	f.appendInt32Slice(v)
+	return b, nil
+}
+
+func unmarshalUint32Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := uint32(x)
+	*f.toUint32() = v
+	return b, nil
+}
+
+func unmarshalUint32Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := uint32(x)
+	*f.toUint32Ptr() = &v
+	return b, nil
+}
+
+func unmarshalUint32Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			x, n = decodeVarint(b)
+			if n == 0 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			b = b[n:]
+			v := uint32(x)
+			s := f.toUint32Slice()
+			*s = append(*s, v)
+		}
+		return res, nil
+	}
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	v := uint32(x)
+	s := f.toUint32Slice()
+	*s = append(*s, v)
+	return b, nil
+}
+
+func unmarshalFixed64Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+	*f.toUint64() = v
+	return b[8:], nil
+}
+
+func unmarshalFixed64Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+	*f.toUint64Ptr() = &v
+	return b[8:], nil
+}
+
+func unmarshalFixed64Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			if len(b) < 8 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+			s := f.toUint64Slice()
+			*s = append(*s, v)
+			b = b[8:]
+		}
+		return res, nil
+	}
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+	s := f.toUint64Slice()
+	*s = append(*s, v)
+	return b[8:], nil
+}
+
+func unmarshalFixedS64Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56
+	*f.toInt64() = v
+	return b[8:], nil
+}
+
+func unmarshalFixedS64Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56
+	*f.toInt64Ptr() = &v
+	return b[8:], nil
+}
+
+func unmarshalFixedS64Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			if len(b) < 8 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56
+			s := f.toInt64Slice()
+			*s = append(*s, v)
+			b = b[8:]
+		}
+		return res, nil
+	}
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56
+	s := f.toInt64Slice()
+	*s = append(*s, v)
+	return b[8:], nil
+}
+
+func unmarshalFixed32Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+	*f.toUint32() = v
+	return b[4:], nil
+}
+
+func unmarshalFixed32Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+	*f.toUint32Ptr() = &v
+	return b[4:], nil
+}
+
+func unmarshalFixed32Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			if len(b) < 4 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+			s := f.toUint32Slice()
+			*s = append(*s, v)
+			b = b[4:]
+		}
+		return res, nil
+	}
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+	s := f.toUint32Slice()
+	*s = append(*s, v)
+	return b[4:], nil
+}
+
+func unmarshalFixedS32Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24
+	*f.toInt32() = v
+	return b[4:], nil
+}
+
+func unmarshalFixedS32Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24
+	f.setInt32Ptr(v)
+	return b[4:], nil
+}
+
+func unmarshalFixedS32Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			if len(b) < 4 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24
+			f.appendInt32Slice(v)
+			b = b[4:]
+		}
+		return res, nil
+	}
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24
+	f.appendInt32Slice(v)
+	return b[4:], nil
+}
+
+func unmarshalBoolValue(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	// Note: any length varint is allowed, even though any sane
+	// encoder will use one byte.
+	// See https://github.com/golang/protobuf/issues/76
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	// TODO: check if x>1? Tests seem to indicate no.
+	v := x != 0
+	*f.toBool() = v
+	return b[n:], nil
+}
+
+func unmarshalBoolPtr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := x != 0
+	*f.toBoolPtr() = &v
+	return b[n:], nil
+}
+
+func unmarshalBoolSlice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			x, n = decodeVarint(b)
+			if n == 0 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			v := x != 0
+			s := f.toBoolSlice()
+			*s = append(*s, v)
+			b = b[n:]
+		}
+		return res, nil
+	}
+	if w != WireVarint {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := x != 0
+	s := f.toBoolSlice()
+	*s = append(*s, v)
+	return b[n:], nil
+}
+
+func unmarshalFloat64Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56)
+	*f.toFloat64() = v
+	return b[8:], nil
+}
+
+func unmarshalFloat64Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56)
+	*f.toFloat64Ptr() = &v
+	return b[8:], nil
+}
+
+func unmarshalFloat64Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			if len(b) < 8 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56)
+			s := f.toFloat64Slice()
+			*s = append(*s, v)
+			b = b[8:]
+		}
+		return res, nil
+	}
+	if w != WireFixed64 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 8 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56)
+	s := f.toFloat64Slice()
+	*s = append(*s, v)
+	return b[8:], nil
+}
+
+func unmarshalFloat32Value(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24)
+	*f.toFloat32() = v
+	return b[4:], nil
+}
+
+func unmarshalFloat32Ptr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24)
+	*f.toFloat32Ptr() = &v
+	return b[4:], nil
+}
+
+func unmarshalFloat32Slice(b []byte, f pointer, w int) ([]byte, error) {
+	if w == WireBytes { // packed
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		res := b[x:]
+		b = b[:x]
+		for len(b) > 0 {
+			if len(b) < 4 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24)
+			s := f.toFloat32Slice()
+			*s = append(*s, v)
+			b = b[4:]
+		}
+		return res, nil
+	}
+	if w != WireFixed32 {
+		return b, errInternalBadWireType
+	}
+	if len(b) < 4 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24)
+	s := f.toFloat32Slice()
+	*s = append(*s, v)
+	return b[4:], nil
+}
+
+func unmarshalStringValue(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := string(b[:x])
+	*f.toString() = v
+	return b[x:], nil
+}
+
+func unmarshalStringPtr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := string(b[:x])
+	*f.toStringPtr() = &v
+	return b[x:], nil
+}
+
+func unmarshalStringSlice(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := string(b[:x])
+	s := f.toStringSlice()
+	*s = append(*s, v)
+	return b[x:], nil
+}
+
+func unmarshalUTF8StringValue(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := string(b[:x])
+	*f.toString() = v
+	if !utf8.ValidString(v) {
+		return b[x:], errInvalidUTF8
+	}
+	return b[x:], nil
+}
+
+func unmarshalUTF8StringPtr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := string(b[:x])
+	*f.toStringPtr() = &v
+	if !utf8.ValidString(v) {
+		return b[x:], errInvalidUTF8
+	}
+	return b[x:], nil
+}
+
+func unmarshalUTF8StringSlice(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := string(b[:x])
+	s := f.toStringSlice()
+	*s = append(*s, v)
+	if !utf8.ValidString(v) {
+		return b[x:], errInvalidUTF8
+	}
+	return b[x:], nil
+}
+
+var emptyBuf [0]byte
+
+func unmarshalBytesValue(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	// The use of append here is a trick which avoids the zeroing
+	// that would be required if we used a make/copy pair.
+	// We append to emptyBuf instead of nil because we want
+	// a non-nil result even when the length is 0.
+	v := append(emptyBuf[:], b[:x]...)
+	*f.toBytes() = v
+	return b[x:], nil
+}
+
+func unmarshalBytesSlice(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := append(emptyBuf[:], b[:x]...)
+	s := f.toBytesSlice()
+	*s = append(*s, v)
+	return b[x:], nil
+}
+
+func makeUnmarshalMessagePtr(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return b, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		// First read the message field to see if something is there.
+		// The semantics of multiple submessages are weird.  Instead of
+		// the last one winning (as it is for all other fields), multiple
+		// submessages are merged.
+		v := f.getPointer()
+		if v.isNil() {
+			v = valToPointer(reflect.New(sub.typ))
+			f.setPointer(v)
+		}
+		err := sub.unmarshal(v, b[:x])
+		if err != nil {
+			if r, ok := err.(*RequiredNotSetError); ok {
+				r.field = name + "." + r.field
+			} else {
+				return nil, err
+			}
+		}
+		return b[x:], err
+	}
+}
+
+func makeUnmarshalMessageSlicePtr(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return b, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		v := valToPointer(reflect.New(sub.typ))
+		err := sub.unmarshal(v, b[:x])
+		if err != nil {
+			if r, ok := err.(*RequiredNotSetError); ok {
+				r.field = name + "." + r.field
+			} else {
+				return nil, err
+			}
+		}
+		f.appendPointer(v)
+		return b[x:], err
+	}
+}
+
+func makeUnmarshalGroupPtr(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireStartGroup {
+			return b, errInternalBadWireType
+		}
+		x, y := findEndGroup(b)
+		if x < 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		v := f.getPointer()
+		if v.isNil() {
+			v = valToPointer(reflect.New(sub.typ))
+			f.setPointer(v)
+		}
+		err := sub.unmarshal(v, b[:x])
+		if err != nil {
+			if r, ok := err.(*RequiredNotSetError); ok {
+				r.field = name + "." + r.field
+			} else {
+				return nil, err
+			}
+		}
+		return b[y:], err
+	}
+}
+
+func makeUnmarshalGroupSlicePtr(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireStartGroup {
+			return b, errInternalBadWireType
+		}
+		x, y := findEndGroup(b)
+		if x < 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		v := valToPointer(reflect.New(sub.typ))
+		err := sub.unmarshal(v, b[:x])
+		if err != nil {
+			if r, ok := err.(*RequiredNotSetError); ok {
+				r.field = name + "." + r.field
+			} else {
+				return nil, err
+			}
+		}
+		f.appendPointer(v)
+		return b[y:], err
+	}
+}
+
+func makeUnmarshalMap(f *reflect.StructField) unmarshaler {
+	t := f.Type
+	kt := t.Key()
+	vt := t.Elem()
+	tagArray := strings.Split(f.Tag.Get("protobuf"), ",")
+	valTags := strings.Split(f.Tag.Get("protobuf_val"), ",")
+	for _, t := range tagArray {
+		if strings.HasPrefix(t, "customtype=") {
+			valTags = append(valTags, t)
+		}
+		if t == "stdtime" {
+			valTags = append(valTags, t)
+		}
+		if t == "stdduration" {
+			valTags = append(valTags, t)
+		}
+		if t == "wktptr" {
+			valTags = append(valTags, t)
+		}
+	}
+	unmarshalKey := typeUnmarshaler(kt, f.Tag.Get("protobuf_key"))
+	unmarshalVal := typeUnmarshaler(vt, strings.Join(valTags, ","))
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		// The map entry is a submessage. Figure out how big it is.
+		if w != WireBytes {
+			return nil, fmt.Errorf("proto: bad wiretype for map field: got %d want %d", w, WireBytes)
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		r := b[x:] // unused data to return
+		b = b[:x]  // data for map entry
+
+		// Note: we could use #keys * #values ~= 200 functions
+		// to do map decoding without reflection. Probably not worth it.
+		// Maps will be somewhat slow. Oh well.
+
+		// Read key and value from data.
+		var nerr nonFatal
+		k := reflect.New(kt)
+		v := reflect.New(vt)
+		for len(b) > 0 {
+			x, n := decodeVarint(b)
+			if n == 0 {
+				return nil, io.ErrUnexpectedEOF
+			}
+			wire := int(x) & 7
+			b = b[n:]
+
+			var err error
+			switch x >> 3 {
+			case 1:
+				b, err = unmarshalKey(b, valToPointer(k), wire)
+			case 2:
+				b, err = unmarshalVal(b, valToPointer(v), wire)
+			default:
+				err = errInternalBadWireType // skip unknown tag
+			}
+
+			if nerr.Merge(err) {
+				continue
+			}
+			if err != errInternalBadWireType {
+				return nil, err
+			}
+
+			// Skip past unknown fields.
+			b, err = skipField(b, wire)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Get map, allocate if needed.
+		m := f.asPointerTo(t).Elem() // an addressable map[K]T
+		if m.IsNil() {
+			m.Set(reflect.MakeMap(t))
+		}
+
+		// Insert into map.
+		m.SetMapIndex(k.Elem(), v.Elem())
+
+		return r, nerr.E
+	}
+}
+
+// makeUnmarshalOneof makes an unmarshaler for oneof fields.
+// for:
+// message Msg {
+//   oneof F {
+//     int64 X = 1;
+//     float64 Y = 2;
+//   }
+// }
+// typ is the type of the concrete entry for a oneof case (e.g. Msg_X).
+// ityp is the interface type of the oneof field (e.g. isMsg_F).
+// unmarshal is the unmarshaler for the base type of the oneof case (e.g. int64).
+// Note that this function will be called once for each case in the oneof.
+func makeUnmarshalOneof(typ, ityp reflect.Type, unmarshal unmarshaler) unmarshaler {
+	sf := typ.Field(0)
+	field0 := toField(&sf)
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		// Allocate holder for value.
+		v := reflect.New(typ)
+
+		// Unmarshal data into holder.
+		// We unmarshal into the first field of the holder object.
+		var err error
+		var nerr nonFatal
+		b, err = unmarshal(b, valToPointer(v).offset(field0), w)
+		if !nerr.Merge(err) {
+			return nil, err
+		}
+
+		// Write pointer to holder into target field.
+		f.asPointerTo(ityp).Elem().Set(v)
+
+		return b, nerr.E
+	}
+}
+
+// Error used by decode internally.
+var errInternalBadWireType = errors.New("proto: internal error: bad wiretype")
+
+// skipField skips past a field of type wire and returns the remaining bytes.
+func skipField(b []byte, wire int) ([]byte, error) {
+	switch wire {
+	case WireVarint:
+		_, k := decodeVarint(b)
+		if k == 0 {
+			return b, io.ErrUnexpectedEOF
+		}
+		b = b[k:]
+	case WireFixed32:
+		if len(b) < 4 {
+			return b, io.ErrUnexpectedEOF
+		}
+		b = b[4:]
+	case WireFixed64:
+		if len(b) < 8 {
+			return b, io.ErrUnexpectedEOF
+		}
+		b = b[8:]
+	case WireBytes:
+		m, k := decodeVarint(b)
+		if k == 0 || uint64(len(b)-k) < m {
+			return b, io.ErrUnexpectedEOF
+		}
+		b = b[uint64(k)+m:]
+	case WireStartGroup:
+		_, i := findEndGroup(b)
+		if i == -1 {
+			return b, io.ErrUnexpectedEOF
+		}
+		b = b[i:]
+	default:
+		return b, fmt.Errorf("proto: can't skip unknown wire type %d", wire)
+	}
+	return b, nil
+}
+
+// findEndGroup finds the index of the next EndGroup tag.
+// Groups may be nested, so the "next" EndGroup tag is the first
+// unpaired EndGroup.
+// findEndGroup returns the indexes of the start and end of the EndGroup tag.
+// Returns (-1,-1) if it can't find one.
+func findEndGroup(b []byte) (int, int) {
+	depth := 1
+	i := 0
+	for {
+		x, n := decodeVarint(b[i:])
+		if n == 0 {
+			return -1, -1
+		}
+		j := i
+		i += n
+		switch x & 7 {
+		case WireVarint:
+			_, k := decodeVarint(b[i:])
+			if k == 0 {
+				return -1, -1
+			}
+			i += k
+		case WireFixed32:
+			if len(b)-4 < i {
+				return -1, -1
+			}
+			i += 4
+		case WireFixed64:
+			if len(b)-8 < i {
+				return -1, -1
+			}
+			i += 8
+		case WireBytes:
+			m, k := decodeVarint(b[i:])
+			if k == 0 {
+				return -1, -1
+			}
+			i += k
+			if uint64(len(b)-i) < m {
+				return -1, -1
+			}
+			i += int(m)
+		case WireStartGroup:
+			depth++
+		case WireEndGroup:
+			depth--
+			if depth == 0 {
+				return j, i
+			}
+		default:
+			return -1, -1
+		}
+	}
+}
+
+// encodeVarint appends a varint-encoded integer to b and returns the result.
+func encodeVarint(b []byte, x uint64) []byte {
+	for x >= 1<<7 {
+		b = append(b, byte(x&0x7f|0x80))
+		x >>= 7
+	}
+	return append(b, byte(x))
+}
+
+// decodeVarint reads a varint-encoded integer from b.
+// Returns the decoded integer and the number of bytes read.
+// If there is an error, it returns 0,0.
+func decodeVarint(b []byte) (uint64, int) {
+	var x, y uint64
+	if len(b) == 0 {
+		goto bad
+	}
+	x = uint64(b[0])
+	if x < 0x80 {
+		return x, 1
+	}
+	x -= 0x80
+
+	if len(b) <= 1 {
+		goto bad
+	}
+	y = uint64(b[1])
+	x += y << 7
+	if y < 0x80 {
+		return x, 2
+	}
+	x -= 0x80 << 7
+
+	if len(b) <= 2 {
+		goto bad
+	}
+	y = uint64(b[2])
+	x += y << 14
+	if y < 0x80 {
+		return x, 3
+	}
+	x -= 0x80 << 14
+
+	if len(b) <= 3 {
+		goto bad
+	}
+	y = uint64(b[3])
+	x += y << 21
+	if y < 0x80 {
+		return x, 4
+	}
+	x -= 0x80 << 21
+
+	if len(b) <= 4 {
+		goto bad
+	}
+	y = uint64(b[4])
+	x += y << 28
+	if y < 0x80 {
+		return x, 5
+	}
+	x -= 0x80 << 28
+
+	if len(b) <= 5 {
+		goto bad
+	}
+	y = uint64(b[5])
+	x += y << 35
+	if y < 0x80 {
+		return x, 6
+	}
+	x -= 0x80 << 35
+
+	if len(b) <= 6 {
+		goto bad
+	}
+	y = uint64(b[6])
+	x += y << 42
+	if y < 0x80 {
+		return x, 7
+	}
+	x -= 0x80 << 42
+
+	if len(b) <= 7 {
+		goto bad
+	}
+	y = uint64(b[7])
+	x += y << 49
+	if y < 0x80 {
+		return x, 8
+	}
+	x -= 0x80 << 49
+
+	if len(b) <= 8 {
+		goto bad
+	}
+	y = uint64(b[8])
+	x += y << 56
+	if y < 0x80 {
+		return x, 9
+	}
+	x -= 0x80 << 56
+
+	if len(b) <= 9 {
+		goto bad
+	}
+	y = uint64(b[9])
+	x += y << 63
+	if y < 2 {
+		return x, 10
+	}
+
+bad:
+	return 0, 0
+}
diff --git a/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go b/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go
new file mode 100644
index 0000000000000..00d6c7ad9376a
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go
@@ -0,0 +1,385 @@
+// Protocol Buffers for Go with Gadgets
+//
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
+// http://github.com/gogo/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import (
+	"io"
+	"reflect"
+)
+
+func makeUnmarshalMessage(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		// First read the message field to see if something is there.
+		// The semantics of multiple submessages are weird.  Instead of
+		// the last one winning (as it is for all other fields), multiple
+		// submessages are merged.
+		v := f // gogo: changed from v := f.getPointer()
+		if v.isNil() {
+			v = valToPointer(reflect.New(sub.typ))
+			f.setPointer(v)
+		}
+		err := sub.unmarshal(v, b[:x])
+		if err != nil {
+			if r, ok := err.(*RequiredNotSetError); ok {
+				r.field = name + "." + r.field
+			} else {
+				return nil, err
+			}
+		}
+		return b[x:], err
+	}
+}
+
+func makeUnmarshalMessageSlice(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		v := valToPointer(reflect.New(sub.typ))
+		err := sub.unmarshal(v, b[:x])
+		if err != nil {
+			if r, ok := err.(*RequiredNotSetError); ok {
+				r.field = name + "." + r.field
+			} else {
+				return nil, err
+			}
+		}
+		f.appendRef(v, sub.typ) // gogo: changed from f.appendPointer(v)
+		return b[x:], err
+	}
+}
+
+func makeUnmarshalCustomPtr(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.New(sub.typ))
+		m := s.Interface().(custom)
+		if err := m.Unmarshal(b[:x]); err != nil {
+			return nil, err
+		}
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalCustomSlice(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := reflect.New(sub.typ)
+		c := m.Interface().(custom)
+		if err := c.Unmarshal(b[:x]); err != nil {
+			return nil, err
+		}
+		v := valToPointer(m)
+		f.appendRef(v, sub.typ)
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalCustom(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+
+		m := f.asPointerTo(sub.typ).Interface().(custom)
+		if err := m.Unmarshal(b[:x]); err != nil {
+			return nil, err
+		}
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalTime(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &timestamp{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		t, err := timestampFromProto(m)
+		if err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(t))
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalTimePtr(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &timestamp{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		t, err := timestampFromProto(m)
+		if err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&t))
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalTimePtrSlice(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &timestamp{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		t, err := timestampFromProto(m)
+		if err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&t))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalTimeSlice(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &timestamp{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		t, err := timestampFromProto(m)
+		if err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(t))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalDurationPtr(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &duration{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		d, err := durationFromProto(m)
+		if err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&d))
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalDuration(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &duration{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		d, err := durationFromProto(m)
+		if err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(d))
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalDurationPtrSlice(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &duration{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		d, err := durationFromProto(m)
+		if err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&d))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeUnmarshalDurationSlice(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &duration{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		d, err := durationFromProto(m)
+		if err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(d))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
diff --git a/vendor/github.com/gogo/protobuf/proto/text.go b/vendor/github.com/gogo/protobuf/proto/text.go
index f609d1d453b04..87416afe95507 100644
--- a/vendor/github.com/gogo/protobuf/proto/text.go
+++ b/vendor/github.com/gogo/protobuf/proto/text.go
@@ -57,7 +57,6 @@ import (
 var (
 	newline         = []byte("\n")
 	spaces          = []byte("                                        ")
-	gtNewline       = []byte(">\n")
 	endBraceNewline = []byte("}\n")
 	backslashN      = []byte{'\\', 'n'}
 	backslashR      = []byte{'\\', 'r'}
@@ -177,11 +176,6 @@ func writeName(w *textWriter, props *Properties) error {
 	return nil
 }
 
-// raw is the interface satisfied by RawMessage.
-type raw interface {
-	Bytes() []byte
-}
-
 func requiresQuotes(u string) bool {
 	// When type URL contains any characters except [0-9A-Za-z./\-]*, it must be quoted.
 	for _, ch := range u {
@@ -276,6 +270,10 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 		props := sprops.Prop[i]
 		name := st.Field(i).Name
 
+		if name == "XXX_NoUnkeyedLiteral" {
+			continue
+		}
+
 		if strings.HasPrefix(name, "XXX_") {
 			// There are two XXX_ fields:
 			//   XXX_unrecognized []byte
@@ -366,7 +364,7 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 						return err
 					}
 				}
-				if err := tm.writeAny(w, key, props.mkeyprop); err != nil {
+				if err := tm.writeAny(w, key, props.MapKeyProp); err != nil {
 					return err
 				}
 				if err := w.WriteByte('\n'); err != nil {
@@ -383,7 +381,7 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 							return err
 						}
 					}
-					if err := tm.writeAny(w, val, props.mvalprop); err != nil {
+					if err := tm.writeAny(w, val, props.MapValProp); err != nil {
 						return err
 					}
 					if err := w.WriteByte('\n'); err != nil {
@@ -447,12 +445,6 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 				return err
 			}
 		}
-		if b, ok := fv.Interface().(raw); ok {
-			if err := writeRaw(w, b.Bytes()); err != nil {
-				return err
-			}
-			continue
-		}
 
 		if len(props.Enum) > 0 {
 			if err := tm.writeEnum(w, fv, props); err != nil {
@@ -475,7 +467,7 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 		pv = reflect.New(sv.Type())
 		pv.Elem().Set(sv)
 	}
-	if pv.Type().Implements(extensionRangeType) {
+	if _, err := extendable(pv.Interface()); err == nil {
 		if err := tm.writeExtensions(w, pv); err != nil {
 			return err
 		}
@@ -484,26 +476,7 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 	return nil
 }
 
-// writeRaw writes an uninterpreted raw message.
-func writeRaw(w *textWriter, b []byte) error {
-	if err := w.WriteByte('<'); err != nil {
-		return err
-	}
-	if !w.compact {
-		if err := w.WriteByte('\n'); err != nil {
-			return err
-		}
-	}
-	w.indent()
-	if err := writeUnknownStruct(w, b); err != nil {
-		return err
-	}
-	w.unindent()
-	if err := w.WriteByte('>'); err != nil {
-		return err
-	}
-	return nil
-}
+var textMarshalerType = reflect.TypeOf((*encoding.TextMarshaler)(nil)).Elem()
 
 // writeAny writes an arbitrary field.
 func (tm *TextMarshaler) writeAny(w *textWriter, v reflect.Value, props *Properties) error {
@@ -605,16 +578,34 @@ func (tm *TextMarshaler) writeAny(w *textWriter, v reflect.Value, props *Propert
 			}
 		}
 		w.indent()
-		if etm, ok := v.Interface().(encoding.TextMarshaler); ok {
-			text, err := etm.MarshalText()
+		if v.CanAddr() {
+			// Calling v.Interface on a struct causes the reflect package to
+			// copy the entire struct. This is racy with the new Marshaler
+			// since we atomically update the XXX_sizecache.
+			//
+			// Thus, we retrieve a pointer to the struct if possible to avoid
+			// a race since v.Interface on the pointer doesn't copy the struct.
+			//
+			// If v is not addressable, then we are not worried about a race
+			// since it implies that the binary Marshaler cannot possibly be
+			// mutating this value.
+			v = v.Addr()
+		}
+		if v.Type().Implements(textMarshalerType) {
+			text, err := v.Interface().(encoding.TextMarshaler).MarshalText()
 			if err != nil {
 				return err
 			}
 			if _, err = w.Write(text); err != nil {
 				return err
 			}
-		} else if err := tm.writeStruct(w, v); err != nil {
-			return err
+		} else {
+			if v.Kind() == reflect.Ptr {
+				v = v.Elem()
+			}
+			if err := tm.writeStruct(w, v); err != nil {
+				return err
+			}
 		}
 		w.unindent()
 		if err := w.WriteByte(ket); err != nil {
diff --git a/vendor/github.com/gogo/protobuf/proto/text_parser.go b/vendor/github.com/gogo/protobuf/proto/text_parser.go
index f1276729a3543..f85c0cc81a768 100644
--- a/vendor/github.com/gogo/protobuf/proto/text_parser.go
+++ b/vendor/github.com/gogo/protobuf/proto/text_parser.go
@@ -212,7 +212,6 @@ func (p *textParser) advance() {
 
 var (
 	errBadUTF8 = errors.New("proto: bad UTF-8")
-	errBadHex  = errors.New("proto: bad hexadecimal")
 )
 
 func unquoteC(s string, quote rune) (string, error) {
@@ -283,60 +282,47 @@ func unescape(s string) (ch string, tail string, err error) {
 		return "?", s, nil // trigraph workaround
 	case '\'', '"', '\\':
 		return string(r), s, nil
-	case '0', '1', '2', '3', '4', '5', '6', '7', 'x', 'X':
+	case '0', '1', '2', '3', '4', '5', '6', '7':
 		if len(s) < 2 {
 			return "", "", fmt.Errorf(`\%c requires 2 following digits`, r)
 		}
-		base := 8
-		ss := s[:2]
+		ss := string(r) + s[:2]
 		s = s[2:]
-		if r == 'x' || r == 'X' {
-			base = 16
-		} else {
-			ss = string(r) + ss
-		}
-		i, err := strconv.ParseUint(ss, base, 8)
+		i, err := strconv.ParseUint(ss, 8, 8)
 		if err != nil {
-			return "", "", err
+			return "", "", fmt.Errorf(`\%s contains non-octal digits`, ss)
 		}
 		return string([]byte{byte(i)}), s, nil
-	case 'u', 'U':
-		n := 4
-		if r == 'U' {
+	case 'x', 'X', 'u', 'U':
+		var n int
+		switch r {
+		case 'x', 'X':
+			n = 2
+		case 'u':
+			n = 4
+		case 'U':
 			n = 8
 		}
 		if len(s) < n {
-			return "", "", fmt.Errorf(`\%c requires %d digits`, r, n)
-		}
-
-		bs := make([]byte, n/2)
-		for i := 0; i < n; i += 2 {
-			a, ok1 := unhex(s[i])
-			b, ok2 := unhex(s[i+1])
-			if !ok1 || !ok2 {
-				return "", "", errBadHex
-			}
-			bs[i/2] = a<<4 | b
+			return "", "", fmt.Errorf(`\%c requires %d following digits`, r, n)
 		}
+		ss := s[:n]
 		s = s[n:]
-		return string(bs), s, nil
+		i, err := strconv.ParseUint(ss, 16, 64)
+		if err != nil {
+			return "", "", fmt.Errorf(`\%c%s contains non-hexadecimal digits`, r, ss)
+		}
+		if r == 'x' || r == 'X' {
+			return string([]byte{byte(i)}), s, nil
+		}
+		if i > utf8.MaxRune {
+			return "", "", fmt.Errorf(`\%c%s is not a valid Unicode code point`, r, ss)
+		}
+		return string(rune(i)), s, nil
 	}
 	return "", "", fmt.Errorf(`unknown escape \%c`, r)
 }
 
-// Adapted from src/pkg/strconv/quote.go.
-func unhex(b byte) (v byte, ok bool) {
-	switch {
-	case '0' <= b && b <= '9':
-		return b - '0', true
-	case 'a' <= b && b <= 'f':
-		return b - 'a' + 10, true
-	case 'A' <= b && b <= 'F':
-		return b - 'A' + 10, true
-	}
-	return 0, false
-}
-
 // Back off the parser by one token. Can only be done between calls to next().
 // It makes the next advance() a no-op.
 func (p *textParser) back() { p.backed = true }
@@ -650,17 +636,17 @@ func (p *textParser) readStruct(sv reflect.Value, terminator string) error {
 					if err := p.consumeToken(":"); err != nil {
 						return err
 					}
-					if err := p.readAny(key, props.mkeyprop); err != nil {
+					if err := p.readAny(key, props.MapKeyProp); err != nil {
 						return err
 					}
 					if err := p.consumeOptionalSeparator(); err != nil {
 						return err
 					}
 				case "value":
-					if err := p.checkForColon(props.mvalprop, dst.Type().Elem()); err != nil {
+					if err := p.checkForColon(props.MapValProp, dst.Type().Elem()); err != nil {
 						return err
 					}
-					if err := p.readAny(val, props.mvalprop); err != nil {
+					if err := p.readAny(val, props.MapValProp); err != nil {
 						return err
 					}
 					if err := p.consumeOptionalSeparator(); err != nil {
@@ -734,6 +720,9 @@ func (p *textParser) consumeExtName() (string, error) {
 		if tok.err != nil {
 			return "", p.errorf("unrecognized type_url or extension name: %s", tok.err)
 		}
+		if p.done && tok.value != "]" {
+			return "", p.errorf("unclosed type_url or extension name")
+		}
 	}
 	return strings.Join(parts, ""), nil
 }
@@ -934,6 +923,16 @@ func (p *textParser) readAny(v reflect.Value, props *Properties) error {
 			fv.SetFloat(f)
 			return nil
 		}
+	case reflect.Int8:
+		if x, err := strconv.ParseInt(tok.value, 0, 8); err == nil {
+			fv.SetInt(x)
+			return nil
+		}
+	case reflect.Int16:
+		if x, err := strconv.ParseInt(tok.value, 0, 16); err == nil {
+			fv.SetInt(x)
+			return nil
+		}
 	case reflect.Int32:
 		if x, err := strconv.ParseInt(tok.value, 0, 32); err == nil {
 			fv.SetInt(x)
@@ -981,9 +980,19 @@ func (p *textParser) readAny(v reflect.Value, props *Properties) error {
 		}
 		// TODO: Handle nested messages which implement encoding.TextUnmarshaler.
 		return p.readStruct(fv, terminator)
+	case reflect.Uint8:
+		if x, err := strconv.ParseUint(tok.value, 0, 8); err == nil {
+			fv.SetUint(x)
+			return nil
+		}
+	case reflect.Uint16:
+		if x, err := strconv.ParseUint(tok.value, 0, 16); err == nil {
+			fv.SetUint(x)
+			return nil
+		}
 	case reflect.Uint32:
 		if x, err := strconv.ParseUint(tok.value, 0, 32); err == nil {
-			fv.SetUint(x)
+			fv.SetUint(uint64(x))
 			return nil
 		}
 	case reflect.Uint64:
@@ -1001,13 +1010,9 @@ func (p *textParser) readAny(v reflect.Value, props *Properties) error {
 // UnmarshalText returns *RequiredNotSetError.
 func UnmarshalText(s string, pb Message) error {
 	if um, ok := pb.(encoding.TextUnmarshaler); ok {
-		err := um.UnmarshalText([]byte(s))
-		return err
+		return um.UnmarshalText([]byte(s))
 	}
 	pb.Reset()
 	v := reflect.ValueOf(pb)
-	if pe := newTextParser(s).readStruct(v.Elem(), ""); pe != nil {
-		return pe
-	}
-	return nil
+	return newTextParser(s).readStruct(v.Elem(), "")
 }
diff --git a/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go b/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go
index d427647436066..38439fa990132 100644
--- a/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go
+++ b/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go
@@ -47,183 +47,3 @@ func (*timestamp) String() string { return "timestamp<string>" }
 func init() {
 	RegisterType((*timestamp)(nil), "gogo.protobuf.proto.timestamp")
 }
-
-func (o *Buffer) decTimestamp() (time.Time, error) {
-	b, err := o.DecodeRawBytes(true)
-	if err != nil {
-		return time.Time{}, err
-	}
-	tproto := &timestamp{}
-	if err := Unmarshal(b, tproto); err != nil {
-		return time.Time{}, err
-	}
-	return timestampFromProto(tproto)
-}
-
-func (o *Buffer) dec_time(p *Properties, base structPointer) error {
-	t, err := o.decTimestamp()
-	if err != nil {
-		return err
-	}
-	setPtrCustomType(base, p.field, &t)
-	return nil
-}
-
-func (o *Buffer) dec_ref_time(p *Properties, base structPointer) error {
-	t, err := o.decTimestamp()
-	if err != nil {
-		return err
-	}
-	setCustomType(base, p.field, &t)
-	return nil
-}
-
-func (o *Buffer) dec_slice_time(p *Properties, base structPointer) error {
-	t, err := o.decTimestamp()
-	if err != nil {
-		return err
-	}
-	newBas := appendStructPointer(base, p.field, reflect.SliceOf(reflect.PtrTo(timeType)))
-	var zero field
-	setPtrCustomType(newBas, zero, &t)
-	return nil
-}
-
-func (o *Buffer) dec_slice_ref_time(p *Properties, base structPointer) error {
-	t, err := o.decTimestamp()
-	if err != nil {
-		return err
-	}
-	newBas := appendStructPointer(base, p.field, reflect.SliceOf(timeType))
-	var zero field
-	setCustomType(newBas, zero, &t)
-	return nil
-}
-
-func size_time(p *Properties, base structPointer) (n int) {
-	structp := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(structp) {
-		return 0
-	}
-	tim := structPointer_Interface(structp, timeType).(*time.Time)
-	t, err := timestampProto(*tim)
-	if err != nil {
-		return 0
-	}
-	size := Size(t)
-	return size + sizeVarint(uint64(size)) + len(p.tagcode)
-}
-
-func (o *Buffer) enc_time(p *Properties, base structPointer) error {
-	structp := structPointer_GetStructPointer(base, p.field)
-	if structPointer_IsNil(structp) {
-		return ErrNil
-	}
-	tim := structPointer_Interface(structp, timeType).(*time.Time)
-	t, err := timestampProto(*tim)
-	if err != nil {
-		return err
-	}
-	data, err := Marshal(t)
-	if err != nil {
-		return err
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeRawBytes(data)
-	return nil
-}
-
-func size_ref_time(p *Properties, base structPointer) (n int) {
-	tim := structPointer_InterfaceAt(base, p.field, timeType).(*time.Time)
-	t, err := timestampProto(*tim)
-	if err != nil {
-		return 0
-	}
-	size := Size(t)
-	return size + sizeVarint(uint64(size)) + len(p.tagcode)
-}
-
-func (o *Buffer) enc_ref_time(p *Properties, base structPointer) error {
-	tim := structPointer_InterfaceAt(base, p.field, timeType).(*time.Time)
-	t, err := timestampProto(*tim)
-	if err != nil {
-		return err
-	}
-	data, err := Marshal(t)
-	if err != nil {
-		return err
-	}
-	o.buf = append(o.buf, p.tagcode...)
-	o.EncodeRawBytes(data)
-	return nil
-}
-
-func size_slice_time(p *Properties, base structPointer) (n int) {
-	ptims := structPointer_InterfaceAt(base, p.field, reflect.SliceOf(reflect.PtrTo(timeType))).(*[]*time.Time)
-	tims := *ptims
-	for i := 0; i < len(tims); i++ {
-		if tims[i] == nil {
-			return 0
-		}
-		tproto, err := timestampProto(*tims[i])
-		if err != nil {
-			return 0
-		}
-		size := Size(tproto)
-		n += len(p.tagcode) + size + sizeVarint(uint64(size))
-	}
-	return n
-}
-
-func (o *Buffer) enc_slice_time(p *Properties, base structPointer) error {
-	ptims := structPointer_InterfaceAt(base, p.field, reflect.SliceOf(reflect.PtrTo(timeType))).(*[]*time.Time)
-	tims := *ptims
-	for i := 0; i < len(tims); i++ {
-		if tims[i] == nil {
-			return errRepeatedHasNil
-		}
-		tproto, err := timestampProto(*tims[i])
-		if err != nil {
-			return err
-		}
-		data, err := Marshal(tproto)
-		if err != nil {
-			return err
-		}
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeRawBytes(data)
-	}
-	return nil
-}
-
-func size_slice_ref_time(p *Properties, base structPointer) (n int) {
-	ptims := structPointer_InterfaceAt(base, p.field, reflect.SliceOf(timeType)).(*[]time.Time)
-	tims := *ptims
-	for i := 0; i < len(tims); i++ {
-		tproto, err := timestampProto(tims[i])
-		if err != nil {
-			return 0
-		}
-		size := Size(tproto)
-		n += len(p.tagcode) + size + sizeVarint(uint64(size))
-	}
-	return n
-}
-
-func (o *Buffer) enc_slice_ref_time(p *Properties, base structPointer) error {
-	ptims := structPointer_InterfaceAt(base, p.field, reflect.SliceOf(timeType)).(*[]time.Time)
-	tims := *ptims
-	for i := 0; i < len(tims); i++ {
-		tproto, err := timestampProto(tims[i])
-		if err != nil {
-			return err
-		}
-		data, err := Marshal(tproto)
-		if err != nil {
-			return err
-		}
-		o.buf = append(o.buf, p.tagcode...)
-		o.EncodeRawBytes(data)
-	}
-	return nil
-}
diff --git a/vendor/github.com/gogo/protobuf/proto/wrappers.go b/vendor/github.com/gogo/protobuf/proto/wrappers.go
new file mode 100644
index 0000000000000..b175d1b642346
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/wrappers.go
@@ -0,0 +1,1888 @@
+// Protocol Buffers for Go with Gadgets
+//
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
+// http://github.com/gogo/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import (
+	"io"
+	"reflect"
+)
+
+func makeStdDoubleValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*float64)
+			v := &float64Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*float64)
+			v := &float64Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdDoubleValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*float64)
+			v := &float64Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*float64)
+			v := &float64Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdDoubleValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(float64)
+				v := &float64Value{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(float64)
+				v := &float64Value{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdDoubleValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*float64)
+				v := &float64Value{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*float64)
+				v := &float64Value{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdDoubleValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &float64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdDoubleValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &float64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdDoubleValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &float64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdDoubleValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &float64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdFloatValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*float32)
+			v := &float32Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*float32)
+			v := &float32Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdFloatValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*float32)
+			v := &float32Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*float32)
+			v := &float32Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdFloatValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(float32)
+				v := &float32Value{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(float32)
+				v := &float32Value{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdFloatValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*float32)
+				v := &float32Value{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*float32)
+				v := &float32Value{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdFloatValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &float32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdFloatValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &float32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdFloatValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &float32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdFloatValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &float32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdInt64ValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*int64)
+			v := &int64Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*int64)
+			v := &int64Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdInt64ValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*int64)
+			v := &int64Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*int64)
+			v := &int64Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdInt64ValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(int64)
+				v := &int64Value{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(int64)
+				v := &int64Value{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdInt64ValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*int64)
+				v := &int64Value{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*int64)
+				v := &int64Value{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdInt64ValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &int64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdInt64ValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &int64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdInt64ValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &int64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdInt64ValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &int64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdUInt64ValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*uint64)
+			v := &uint64Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*uint64)
+			v := &uint64Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdUInt64ValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*uint64)
+			v := &uint64Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*uint64)
+			v := &uint64Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdUInt64ValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(uint64)
+				v := &uint64Value{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(uint64)
+				v := &uint64Value{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdUInt64ValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*uint64)
+				v := &uint64Value{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*uint64)
+				v := &uint64Value{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdUInt64ValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &uint64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdUInt64ValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &uint64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdUInt64ValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &uint64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdUInt64ValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &uint64Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdInt32ValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*int32)
+			v := &int32Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*int32)
+			v := &int32Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdInt32ValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*int32)
+			v := &int32Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*int32)
+			v := &int32Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdInt32ValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(int32)
+				v := &int32Value{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(int32)
+				v := &int32Value{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdInt32ValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*int32)
+				v := &int32Value{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*int32)
+				v := &int32Value{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdInt32ValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &int32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdInt32ValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &int32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdInt32ValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &int32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdInt32ValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &int32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdUInt32ValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*uint32)
+			v := &uint32Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*uint32)
+			v := &uint32Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdUInt32ValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*uint32)
+			v := &uint32Value{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*uint32)
+			v := &uint32Value{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdUInt32ValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(uint32)
+				v := &uint32Value{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(uint32)
+				v := &uint32Value{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdUInt32ValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*uint32)
+				v := &uint32Value{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*uint32)
+				v := &uint32Value{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdUInt32ValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &uint32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdUInt32ValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &uint32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdUInt32ValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &uint32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdUInt32ValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &uint32Value{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdBoolValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*bool)
+			v := &boolValue{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*bool)
+			v := &boolValue{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdBoolValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*bool)
+			v := &boolValue{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*bool)
+			v := &boolValue{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdBoolValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(bool)
+				v := &boolValue{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(bool)
+				v := &boolValue{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdBoolValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*bool)
+				v := &boolValue{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*bool)
+				v := &boolValue{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdBoolValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &boolValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdBoolValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &boolValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdBoolValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &boolValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdBoolValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &boolValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdStringValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*string)
+			v := &stringValue{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*string)
+			v := &stringValue{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdStringValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*string)
+			v := &stringValue{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*string)
+			v := &stringValue{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdStringValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(string)
+				v := &stringValue{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(string)
+				v := &stringValue{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdStringValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*string)
+				v := &stringValue{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*string)
+				v := &stringValue{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdStringValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &stringValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdStringValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &stringValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdStringValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &stringValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdStringValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &stringValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdBytesValueMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			t := ptr.asPointerTo(u.typ).Interface().(*[]byte)
+			v := &bytesValue{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			t := ptr.asPointerTo(u.typ).Interface().(*[]byte)
+			v := &bytesValue{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdBytesValuePtrMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			if ptr.isNil() {
+				return 0
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*[]byte)
+			v := &bytesValue{*t}
+			siz := Size(v)
+			return tagsize + SizeVarint(uint64(siz)) + siz
+		}, func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			if ptr.isNil() {
+				return b, nil
+			}
+			t := ptr.asPointerTo(reflect.PtrTo(u.typ)).Elem().Interface().(*[]byte)
+			v := &bytesValue{*t}
+			buf, err := Marshal(v)
+			if err != nil {
+				return nil, err
+			}
+			b = appendVarint(b, wiretag)
+			b = appendVarint(b, uint64(len(buf)))
+			b = append(b, buf...)
+			return b, nil
+		}
+}
+
+func makeStdBytesValueSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(u.typ)
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().([]byte)
+				v := &bytesValue{t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(u.typ)
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().([]byte)
+				v := &bytesValue{t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdBytesValuePtrSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
+	return func(ptr pointer, tagsize int) int {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			n := 0
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*[]byte)
+				v := &bytesValue{*t}
+				siz := Size(v)
+				n += siz + SizeVarint(uint64(siz)) + tagsize
+			}
+			return n
+		},
+		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
+			s := ptr.getSlice(reflect.PtrTo(u.typ))
+			for i := 0; i < s.Len(); i++ {
+				elem := s.Index(i)
+				t := elem.Interface().(*[]byte)
+				v := &bytesValue{*t}
+				siz := Size(v)
+				buf, err := Marshal(v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendVarint(b, wiretag)
+				b = appendVarint(b, uint64(siz))
+				b = append(b, buf...)
+			}
+
+			return b, nil
+		}
+}
+
+func makeStdBytesValueUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &bytesValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(sub.typ).Elem()
+		s.Set(reflect.ValueOf(m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdBytesValuePtrUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &bytesValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		s := f.asPointerTo(reflect.PtrTo(sub.typ)).Elem()
+		s.Set(reflect.ValueOf(&m.Value))
+		return b[x:], nil
+	}
+}
+
+func makeStdBytesValuePtrSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &bytesValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(reflect.PtrTo(sub.typ))
+		newSlice := reflect.Append(slice, reflect.ValueOf(&m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
+
+func makeStdBytesValueSliceUnmarshaler(sub *unmarshalInfo, name string) unmarshaler {
+	return func(b []byte, f pointer, w int) ([]byte, error) {
+		if w != WireBytes {
+			return nil, errInternalBadWireType
+		}
+		x, n := decodeVarint(b)
+		if n == 0 {
+			return nil, io.ErrUnexpectedEOF
+		}
+		b = b[n:]
+		if x > uint64(len(b)) {
+			return nil, io.ErrUnexpectedEOF
+		}
+		m := &bytesValue{}
+		if err := Unmarshal(b[:x], m); err != nil {
+			return nil, err
+		}
+		slice := f.getSlice(sub.typ)
+		newSlice := reflect.Append(slice, reflect.ValueOf(m.Value))
+		slice.Set(newSlice)
+		return b[x:], nil
+	}
+}
diff --git a/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go b/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go
new file mode 100644
index 0000000000000..c1cf7bf85e9ad
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go
@@ -0,0 +1,113 @@
+// Protocol Buffers for Go with Gadgets
+//
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
+// http://github.com/gogo/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+type float64Value struct {
+	Value float64 `protobuf:"fixed64,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *float64Value) Reset()       { *m = float64Value{} }
+func (*float64Value) ProtoMessage()  {}
+func (*float64Value) String() string { return "float64<string>" }
+
+type float32Value struct {
+	Value float32 `protobuf:"fixed32,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *float32Value) Reset()       { *m = float32Value{} }
+func (*float32Value) ProtoMessage()  {}
+func (*float32Value) String() string { return "float32<string>" }
+
+type int64Value struct {
+	Value int64 `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *int64Value) Reset()       { *m = int64Value{} }
+func (*int64Value) ProtoMessage()  {}
+func (*int64Value) String() string { return "int64<string>" }
+
+type uint64Value struct {
+	Value uint64 `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *uint64Value) Reset()       { *m = uint64Value{} }
+func (*uint64Value) ProtoMessage()  {}
+func (*uint64Value) String() string { return "uint64<string>" }
+
+type int32Value struct {
+	Value int32 `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *int32Value) Reset()       { *m = int32Value{} }
+func (*int32Value) ProtoMessage()  {}
+func (*int32Value) String() string { return "int32<string>" }
+
+type uint32Value struct {
+	Value uint32 `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *uint32Value) Reset()       { *m = uint32Value{} }
+func (*uint32Value) ProtoMessage()  {}
+func (*uint32Value) String() string { return "uint32<string>" }
+
+type boolValue struct {
+	Value bool `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *boolValue) Reset()       { *m = boolValue{} }
+func (*boolValue) ProtoMessage()  {}
+func (*boolValue) String() string { return "bool<string>" }
+
+type stringValue struct {
+	Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *stringValue) Reset()       { *m = stringValue{} }
+func (*stringValue) ProtoMessage()  {}
+func (*stringValue) String() string { return "string<string>" }
+
+type bytesValue struct {
+	Value []byte `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (m *bytesValue) Reset()       { *m = bytesValue{} }
+func (*bytesValue) ProtoMessage()  {}
+func (*bytesValue) String() string { return "[]byte<string>" }
+
+func init() {
+	RegisterType((*float64Value)(nil), "gogo.protobuf.proto.DoubleValue")
+	RegisterType((*float32Value)(nil), "gogo.protobuf.proto.FloatValue")
+	RegisterType((*int64Value)(nil), "gogo.protobuf.proto.Int64Value")
+	RegisterType((*uint64Value)(nil), "gogo.protobuf.proto.UInt64Value")
+	RegisterType((*int32Value)(nil), "gogo.protobuf.proto.Int32Value")
+	RegisterType((*uint32Value)(nil), "gogo.protobuf.proto.UInt32Value")
+	RegisterType((*boolValue)(nil), "gogo.protobuf.proto.BoolValue")
+	RegisterType((*stringValue)(nil), "gogo.protobuf.proto.StringValue")
+	RegisterType((*bytesValue)(nil), "gogo.protobuf.proto.BytesValue")
+}
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/any.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/any.proto
index d9519f5cf7a28..4cf3843bd79d6 100644
--- a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/any.proto
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/any.proto
@@ -120,17 +120,19 @@ option objc_class_prefix = "GPB";
 //     }
 //
 message Any {
-  // A URL/resource name whose content describes the type of the
-  // serialized protocol buffer message.
+  // A URL/resource name that uniquely identifies the type of the serialized
+  // protocol buffer message. This string must contain at least
+  // one "/" character. The last segment of the URL's path must represent
+  // the fully qualified name of the type (as in
+  // `path/google.protobuf.Duration`). The name should be in a canonical form
+  // (e.g., leading "." is not accepted).
   //
-  // For URLs which use the scheme `http`, `https`, or no scheme, the
-  // following restrictions and interpretations apply:
+  // In practice, teams usually precompile into the binary all types that they
+  // expect it to use in the context of Any. However, for URLs which use the
+  // scheme `http`, `https`, or no scheme, one can optionally set up a type
+  // server that maps type URLs to message definitions as follows:
   //
   // * If no scheme is provided, `https` is assumed.
-  // * The last segment of the URL's path must represent the fully
-  //   qualified name of the type (as in `path/google.protobuf.Duration`).
-  //   The name should be in a canonical form (e.g., leading "." is
-  //   not accepted).
   // * An HTTP GET on the URL must yield a [google.protobuf.Type][]
   //   value in binary format, or produce an error.
   // * Applications are allowed to cache lookup results based on the
@@ -139,6 +141,10 @@ message Any {
   //   on changes to types. (Use versioned type names to manage
   //   breaking changes.)
   //
+  // Note: this functionality is not currently available in the official
+  // protobuf release, and it is not used for type URLs beginning with
+  // type.googleapis.com.
+  //
   // Schemes other than `http`, `https` (or the empty scheme) might be
   // used with implementation specific semantics.
   //
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/api.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/api.proto
new file mode 100644
index 0000000000000..67c1ddbd9d3c8
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/api.proto
@@ -0,0 +1,210 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+import "google/protobuf/source_context.proto";
+import "google/protobuf/type.proto";
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "ApiProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+option go_package = "types";
+
+// Api is a light-weight descriptor for an API Interface.
+//
+// Interfaces are also described as "protocol buffer services" in some contexts,
+// such as by the "service" keyword in a .proto file, but they are different
+// from API Services, which represent a concrete implementation of an interface
+// as opposed to simply a description of methods and bindings. They are also
+// sometimes simply referred to as "APIs" in other contexts, such as the name of
+// this message itself. See https://cloud.google.com/apis/design/glossary for
+// detailed terminology.
+message Api {
+
+  // The fully qualified name of this interface, including package name
+  // followed by the interface's simple name.
+  string name = 1;
+
+  // The methods of this interface, in unspecified order.
+  repeated Method methods = 2;
+
+  // Any metadata attached to the interface.
+  repeated Option options = 3;
+
+  // A version string for this interface. If specified, must have the form
+  // `major-version.minor-version`, as in `1.10`. If the minor version is
+  // omitted, it defaults to zero. If the entire version field is empty, the
+  // major version is derived from the package name, as outlined below. If the
+  // field is not empty, the version in the package name will be verified to be
+  // consistent with what is provided here.
+  //
+  // The versioning schema uses [semantic
+  // versioning](http://semver.org) where the major version number
+  // indicates a breaking change and the minor version an additive,
+  // non-breaking change. Both version numbers are signals to users
+  // what to expect from different versions, and should be carefully
+  // chosen based on the product plan.
+  //
+  // The major version is also reflected in the package name of the
+  // interface, which must end in `v<major-version>`, as in
+  // `google.feature.v1`. For major versions 0 and 1, the suffix can
+  // be omitted. Zero major versions must only be used for
+  // experimental, non-GA interfaces.
+  //
+  //
+  string version = 4;
+
+  // Source context for the protocol buffer service represented by this
+  // message.
+  SourceContext source_context = 5;
+
+  // Included interfaces. See [Mixin][].
+  repeated Mixin mixins = 6;
+
+  // The source syntax of the service.
+  Syntax syntax = 7;
+}
+
+// Method represents a method of an API interface.
+message Method {
+
+  // The simple name of this method.
+  string name = 1;
+
+  // A URL of the input message type.
+  string request_type_url = 2;
+
+  // If true, the request is streamed.
+  bool request_streaming = 3;
+
+  // The URL of the output message type.
+  string response_type_url = 4;
+
+  // If true, the response is streamed.
+  bool response_streaming = 5;
+
+  // Any metadata attached to the method.
+  repeated Option options = 6;
+
+  // The source syntax of this method.
+  Syntax syntax = 7;
+}
+
+// Declares an API Interface to be included in this interface. The including
+// interface must redeclare all the methods from the included interface, but
+// documentation and options are inherited as follows:
+//
+// - If after comment and whitespace stripping, the documentation
+//   string of the redeclared method is empty, it will be inherited
+//   from the original method.
+//
+// - Each annotation belonging to the service config (http,
+//   visibility) which is not set in the redeclared method will be
+//   inherited.
+//
+// - If an http annotation is inherited, the path pattern will be
+//   modified as follows. Any version prefix will be replaced by the
+//   version of the including interface plus the [root][] path if
+//   specified.
+//
+// Example of a simple mixin:
+//
+//     package google.acl.v1;
+//     service AccessControl {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v1/{resource=**}:getAcl";
+//       }
+//     }
+//
+//     package google.storage.v2;
+//     service Storage {
+//       rpc GetAcl(GetAclRequest) returns (Acl);
+//
+//       // Get a data record.
+//       rpc GetData(GetDataRequest) returns (Data) {
+//         option (google.api.http).get = "/v2/{resource=**}";
+//       }
+//     }
+//
+// Example of a mixin configuration:
+//
+//     apis:
+//     - name: google.storage.v2.Storage
+//       mixins:
+//       - name: google.acl.v1.AccessControl
+//
+// The mixin construct implies that all methods in `AccessControl` are
+// also declared with same name and request/response types in
+// `Storage`. A documentation generator or annotation processor will
+// see the effective `Storage.GetAcl` method after inherting
+// documentation and annotations as follows:
+//
+//     service Storage {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v2/{resource=**}:getAcl";
+//       }
+//       ...
+//     }
+//
+// Note how the version in the path pattern changed from `v1` to `v2`.
+//
+// If the `root` field in the mixin is specified, it should be a
+// relative path under which inherited HTTP paths are placed. Example:
+//
+//     apis:
+//     - name: google.storage.v2.Storage
+//       mixins:
+//       - name: google.acl.v1.AccessControl
+//         root: acls
+//
+// This implies the following inherited HTTP annotation:
+//
+//     service Storage {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v2/acls/{resource=**}:getAcl";
+//       }
+//       ...
+//     }
+message Mixin {
+  // The fully qualified name of the interface which is included.
+  string name = 1;
+
+  // If non-empty specifies a path under which inherited HTTP paths
+  // are rooted.
+  string root = 2;
+}
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/compiler/plugin.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/compiler/plugin.proto
index e85c852fcf33f..4a88adf148834 100644
--- a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/compiler/plugin.proto
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/compiler/plugin.proto
@@ -45,6 +45,7 @@
 // flag "--${NAME}_out" is passed to protoc.
 
 syntax = "proto2";
+
 package google.protobuf.compiler;
 option java_package = "com.google.protobuf.compiler";
 option java_outer_classname = "PluginProtos";
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/descriptor.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/descriptor.proto
index 411cd9de2d088..4a08905a56fbf 100644
--- a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/descriptor.proto
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/descriptor.proto
@@ -40,6 +40,7 @@
 syntax = "proto2";
 
 package google.protobuf;
+
 option go_package = "descriptor";
 option java_package = "com.google.protobuf";
 option java_outer_classname = "DescriptorProtos";
@@ -59,8 +60,8 @@ message FileDescriptorSet {
 
 // Describes a complete .proto file.
 message FileDescriptorProto {
-  optional string name = 1;       // file name, relative to root of source tree
-  optional string package = 2;    // e.g. "foo", "foo.bar", etc.
+  optional string name = 1;     // file name, relative to root of source tree
+  optional string package = 2;  // e.g. "foo", "foo.bar", etc.
 
   // Names of files imported by this file.
   repeated string dependency = 3;
@@ -100,8 +101,8 @@ message DescriptorProto {
   repeated EnumDescriptorProto enum_type = 4;
 
   message ExtensionRange {
-    optional int32 start = 1;
-    optional int32 end = 2;
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Exclusive.
 
     optional ExtensionRangeOptions options = 3;
   }
@@ -115,8 +116,8 @@ message DescriptorProto {
   // fields or extension ranges in the same message. Reserved ranges may
   // not overlap.
   message ReservedRange {
-    optional int32 start = 1; // Inclusive.
-    optional int32 end = 2;   // Exclusive.
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Exclusive.
   }
   repeated ReservedRange reserved_range = 9;
   // Reserved field names, which may not be used by fields in the same message.
@@ -137,42 +138,42 @@ message FieldDescriptorProto {
   enum Type {
     // 0 is reserved for errors.
     // Order is weird for historical reasons.
-    TYPE_DOUBLE         = 1;
-    TYPE_FLOAT          = 2;
+    TYPE_DOUBLE = 1;
+    TYPE_FLOAT = 2;
     // Not ZigZag encoded.  Negative numbers take 10 bytes.  Use TYPE_SINT64 if
     // negative values are likely.
-    TYPE_INT64          = 3;
-    TYPE_UINT64         = 4;
+    TYPE_INT64 = 3;
+    TYPE_UINT64 = 4;
     // Not ZigZag encoded.  Negative numbers take 10 bytes.  Use TYPE_SINT32 if
     // negative values are likely.
-    TYPE_INT32          = 5;
-    TYPE_FIXED64        = 6;
-    TYPE_FIXED32        = 7;
-    TYPE_BOOL           = 8;
-    TYPE_STRING         = 9;
+    TYPE_INT32 = 5;
+    TYPE_FIXED64 = 6;
+    TYPE_FIXED32 = 7;
+    TYPE_BOOL = 8;
+    TYPE_STRING = 9;
     // Tag-delimited aggregate.
     // Group type is deprecated and not supported in proto3. However, Proto3
     // implementations should still be able to parse the group wire format and
     // treat group fields as unknown fields.
-    TYPE_GROUP          = 10;
-    TYPE_MESSAGE        = 11;  // Length-delimited aggregate.
+    TYPE_GROUP = 10;
+    TYPE_MESSAGE = 11;  // Length-delimited aggregate.
 
     // New in version 2.
-    TYPE_BYTES          = 12;
-    TYPE_UINT32         = 13;
-    TYPE_ENUM           = 14;
-    TYPE_SFIXED32       = 15;
-    TYPE_SFIXED64       = 16;
-    TYPE_SINT32         = 17;  // Uses ZigZag encoding.
-    TYPE_SINT64         = 18;  // Uses ZigZag encoding.
-  };
+    TYPE_BYTES = 12;
+    TYPE_UINT32 = 13;
+    TYPE_ENUM = 14;
+    TYPE_SFIXED32 = 15;
+    TYPE_SFIXED64 = 16;
+    TYPE_SINT32 = 17;  // Uses ZigZag encoding.
+    TYPE_SINT64 = 18;  // Uses ZigZag encoding.
+  }
 
   enum Label {
     // 0 is reserved for errors
-    LABEL_OPTIONAL      = 1;
-    LABEL_REQUIRED      = 2;
-    LABEL_REPEATED      = 3;
-  };
+    LABEL_OPTIONAL = 1;
+    LABEL_REQUIRED = 2;
+    LABEL_REPEATED = 3;
+  }
 
   optional string name = 1;
   optional int32 number = 3;
@@ -234,8 +235,8 @@ message EnumDescriptorProto {
   // is inclusive such that it can appropriately represent the entire int32
   // domain.
   message EnumReservedRange {
-    optional int32 start = 1; // Inclusive.
-    optional int32 end = 2;   // Inclusive.
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Inclusive.
   }
 
   // Range of reserved numeric values. Reserved numeric values may not be used
@@ -276,9 +277,9 @@ message MethodDescriptorProto {
   optional MethodOptions options = 4;
 
   // Identifies if client streams multiple client messages
-  optional bool client_streaming = 5 [default=false];
+  optional bool client_streaming = 5 [default = false];
   // Identifies if server streams multiple server messages
-  optional bool server_streaming = 6 [default=false];
+  optional bool server_streaming = 6 [default = false];
 }
 
 
@@ -314,7 +315,6 @@ message MethodDescriptorProto {
 //   If this turns out to be popular, a web service will be set up
 //   to automatically assign option numbers.
 
-
 message FileOptions {
 
   // Sets the Java package where classes generated from this .proto will be
@@ -337,7 +337,7 @@ message FileOptions {
   // named by java_outer_classname.  However, the outer class will still be
   // generated to contain the file's getDescriptor() method as well as any
   // top-level extensions defined in the file.
-  optional bool java_multiple_files = 10 [default=false];
+  optional bool java_multiple_files = 10 [default = false];
 
   // This option does nothing.
   optional bool java_generate_equals_and_hash = 20 [deprecated=true];
@@ -348,17 +348,17 @@ message FileOptions {
   // Message reflection will do the same.
   // However, an extension field still accepts non-UTF-8 byte sequences.
   // This option has no effect on when used with the lite runtime.
-  optional bool java_string_check_utf8 = 27 [default=false];
+  optional bool java_string_check_utf8 = 27 [default = false];
 
 
   // Generated classes can be optimized for speed or code size.
   enum OptimizeMode {
-    SPEED = 1;        // Generate complete code for parsing, serialization,
-                      // etc.
-    CODE_SIZE = 2;    // Use ReflectionOps to implement these methods.
-    LITE_RUNTIME = 3; // Generate code using MessageLite and the lite runtime.
+    SPEED = 1;         // Generate complete code for parsing, serialization,
+                       // etc.
+    CODE_SIZE = 2;     // Use ReflectionOps to implement these methods.
+    LITE_RUNTIME = 3;  // Generate code using MessageLite and the lite runtime.
   }
-  optional OptimizeMode optimize_for = 9 [default=SPEED];
+  optional OptimizeMode optimize_for = 9 [default = SPEED];
 
   // Sets the Go package where structs generated from this .proto will be
   // placed. If omitted, the Go package will be derived from the following:
@@ -369,6 +369,7 @@ message FileOptions {
 
 
 
+
   // Should generic services be generated in each language?  "Generic" services
   // are not specific to any particular RPC system.  They are generated by the
   // main code generators in each language (without additional plugins).
@@ -379,20 +380,20 @@ message FileOptions {
   // that generate code specific to your particular RPC system.  Therefore,
   // these default to false.  Old code which depends on generic services should
   // explicitly set them to true.
-  optional bool cc_generic_services = 16 [default=false];
-  optional bool java_generic_services = 17 [default=false];
-  optional bool py_generic_services = 18 [default=false];
-  optional bool php_generic_services = 42 [default=false];
+  optional bool cc_generic_services = 16 [default = false];
+  optional bool java_generic_services = 17 [default = false];
+  optional bool py_generic_services = 18 [default = false];
+  optional bool php_generic_services = 42 [default = false];
 
   // Is this file deprecated?
   // Depending on the target platform, this can emit Deprecated annotations
   // for everything in the file, or it will be completely ignored; in the very
   // least, this is a formalization for deprecating files.
-  optional bool deprecated = 23 [default=false];
+  optional bool deprecated = 23 [default = false];
 
   // Enables the use of arenas for the proto messages in this file. This applies
   // only to generated classes for C++.
-  optional bool cc_enable_arenas = 31 [default=false];
+  optional bool cc_enable_arenas = 31 [default = false];
 
 
   // Sets the objective c class prefix which is prepended to all objective c
@@ -417,10 +418,23 @@ message FileOptions {
   // determining the namespace.
   optional string php_namespace = 41;
 
-  // The parser stores options it doesn't recognize here. See above.
+  // Use this option to change the namespace of php generated metadata classes.
+  // Default is empty. When this option is empty, the proto file name will be
+  // used for determining the namespace.
+  optional string php_metadata_namespace = 44;
+
+  // Use this option to change the package of ruby generated classes. Default
+  // is empty. When this option is not set, the package name will be used for
+  // determining the ruby package.
+  optional string ruby_package = 45;
+
+
+  // The parser stores options it doesn't recognize here.
+  // See the documentation for the "Options" section above.
   repeated UninterpretedOption uninterpreted_option = 999;
 
-  // Clients can define custom options in extensions of this message. See above.
+  // Clients can define custom options in extensions of this message.
+  // See the documentation for the "Options" section above.
   extensions 1000 to max;
 
   //reserved 38;
@@ -445,18 +459,18 @@ message MessageOptions {
   //
   // Because this is an option, the above two restrictions are not enforced by
   // the protocol compiler.
-  optional bool message_set_wire_format = 1 [default=false];
+  optional bool message_set_wire_format = 1 [default = false];
 
   // Disables the generation of the standard "descriptor()" accessor, which can
   // conflict with a field of the same name.  This is meant to make migration
   // from proto1 easier; new code should avoid fields named "descriptor".
-  optional bool no_standard_descriptor_accessor = 2 [default=false];
+  optional bool no_standard_descriptor_accessor = 2 [default = false];
 
   // Is this message deprecated?
   // Depending on the target platform, this can emit Deprecated annotations
   // for the message, or it will be completely ignored; in the very least,
   // this is a formalization for deprecating messages.
-  optional bool deprecated = 3 [default=false];
+  optional bool deprecated = 3 [default = false];
 
   // Whether the message is an automatically generated map entry type for the
   // maps field.
@@ -473,7 +487,7 @@ message MessageOptions {
   //
   // Implementations may choose not to generate the map_entry=true message, but
   // use a native map in the target language to hold the keys and values.
-  // The reflection APIs in such implementions still need to work as
+  // The reflection APIs in such implementations still need to work as
   // if the field is a repeated message field.
   //
   // NOTE: Do not set the option in .proto files. Always use the maps syntax
@@ -484,6 +498,7 @@ message MessageOptions {
   //reserved 8;  // javalite_serializable
   //reserved 9;  // javanano_as_lite
 
+
   // The parser stores options it doesn't recognize here. See above.
   repeated UninterpretedOption uninterpreted_option = 999;
 
@@ -563,16 +578,16 @@ message FieldOptions {
   // implementation must either *always* check its required fields, or *never*
   // check its required fields, regardless of whether or not the message has
   // been parsed.
-  optional bool lazy = 5 [default=false];
+  optional bool lazy = 5 [default = false];
 
   // Is this field deprecated?
   // Depending on the target platform, this can emit Deprecated annotations
   // for accessors, or it will be completely ignored; in the very least, this
   // is a formalization for deprecating fields.
-  optional bool deprecated = 3 [default=false];
+  optional bool deprecated = 3 [default = false];
 
   // For Google-internal migration only. Do not use.
-  optional bool weak = 10 [default=false];
+  optional bool weak = 10 [default = false];
 
 
   // The parser stores options it doesn't recognize here. See above.
@@ -602,7 +617,7 @@ message EnumOptions {
   // Depending on the target platform, this can emit Deprecated annotations
   // for the enum, or it will be completely ignored; in the very least, this
   // is a formalization for deprecating enums.
-  optional bool deprecated = 3 [default=false];
+  optional bool deprecated = 3 [default = false];
 
   //reserved 5;  // javanano_as_lite
 
@@ -618,7 +633,7 @@ message EnumValueOptions {
   // Depending on the target platform, this can emit Deprecated annotations
   // for the enum value, or it will be completely ignored; in the very least,
   // this is a formalization for deprecating enum values.
-  optional bool deprecated = 1 [default=false];
+  optional bool deprecated = 1 [default = false];
 
   // The parser stores options it doesn't recognize here. See above.
   repeated UninterpretedOption uninterpreted_option = 999;
@@ -638,7 +653,7 @@ message ServiceOptions {
   // Depending on the target platform, this can emit Deprecated annotations
   // for the service, or it will be completely ignored; in the very least,
   // this is a formalization for deprecating services.
-  optional bool deprecated = 33 [default=false];
+  optional bool deprecated = 33 [default = false];
 
   // The parser stores options it doesn't recognize here. See above.
   repeated UninterpretedOption uninterpreted_option = 999;
@@ -658,18 +673,18 @@ message MethodOptions {
   // Depending on the target platform, this can emit Deprecated annotations
   // for the method, or it will be completely ignored; in the very least,
   // this is a formalization for deprecating methods.
-  optional bool deprecated = 33 [default=false];
+  optional bool deprecated = 33 [default = false];
 
   // Is this method side-effect-free (or safe in HTTP parlance), or idempotent,
   // or neither? HTTP based RPC implementation may choose GET verb for safe
   // methods, and PUT verb for idempotent methods instead of the default POST.
   enum IdempotencyLevel {
     IDEMPOTENCY_UNKNOWN = 0;
-    NO_SIDE_EFFECTS     = 1; // implies idempotent
-    IDEMPOTENT          = 2; // idempotent, but may have side effects
+    NO_SIDE_EFFECTS = 1;  // implies idempotent
+    IDEMPOTENT = 2;       // idempotent, but may have side effects
   }
-  optional IdempotencyLevel idempotency_level =
-      34 [default=IDEMPOTENCY_UNKNOWN];
+  optional IdempotencyLevel idempotency_level = 34
+      [default = IDEMPOTENCY_UNKNOWN];
 
   // The parser stores options it doesn't recognize here. See above.
   repeated UninterpretedOption uninterpreted_option = 999;
@@ -750,7 +765,7 @@ message SourceCodeInfo {
   //   beginning of the "extend" block and is shared by all extensions within
   //   the block.
   // - Just because a location's span is a subset of some other location's span
-  //   does not mean that it is a descendent.  For example, a "group" defines
+  //   does not mean that it is a descendant.  For example, a "group" defines
   //   both a type and a field in a single declaration.  Thus, the locations
   //   corresponding to the type and field and their components will overlap.
   // - Code which tries to interpret locations should probably be designed to
@@ -781,14 +796,14 @@ message SourceCodeInfo {
     //   [ 4, 3, 2, 7 ]
     // this path refers to the whole field declaration (from the beginning
     // of the label to the terminating semicolon).
-    repeated int32 path = 1 [packed=true];
+    repeated int32 path = 1 [packed = true];
 
     // Always has exactly three or four elements: start line, start column,
     // end line (optional, otherwise assumed same as start line), end column.
     // These are packed into a single field for efficiency.  Note that line
     // and column numbers are zero-based -- typically you will want to add
     // 1 to each before displaying to a user.
-    repeated int32 span = 2 [packed=true];
+    repeated int32 span = 2 [packed = true];
 
     // If this SourceCodeInfo represents a complete declaration, these are any
     // comments appearing before and after the declaration which appear to be
@@ -853,7 +868,7 @@ message GeneratedCodeInfo {
   message Annotation {
     // Identifies the element in the original source .proto file. This field
     // is formatted the same as SourceCodeInfo.Location.path.
-    repeated int32 path = 1 [packed=true];
+    repeated int32 path = 1 [packed = true];
 
     // Identifies the filesystem path to the original source .proto.
     optional string source_file = 2;
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/duration.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/duration.proto
index 8bbaa8b6228e4..b14bea5d01226 100644
--- a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/duration.proto
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/duration.proto
@@ -101,7 +101,6 @@ option objc_class_prefix = "GPB";
 //
 //
 message Duration {
-
   // Signed seconds of the span of time. Must be from -315,576,000,000
   // to +315,576,000,000 inclusive. Note: these bounds are computed from:
   // 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/field_mask.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/field_mask.proto
index 994af79f03c61..7b77007b7e6bc 100644
--- a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/field_mask.proto
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/field_mask.proto
@@ -38,6 +38,7 @@ option java_outer_classname = "FieldMaskProto";
 option java_multiple_files = true;
 option objc_class_prefix = "GPB";
 option go_package = "types";
+option cc_enable_arenas = true;
 
 // `FieldMask` represents a set of symbolic field paths, for example:
 //
@@ -107,57 +108,49 @@ option go_package = "types";
 // describe the updated values, the API ignores the values of all
 // fields not covered by the mask.
 //
-// If a repeated field is specified for an update operation, the existing
-// repeated values in the target resource will be overwritten by the new values.
-// Note that a repeated field is only allowed in the last position of a `paths`
-// string.
+// If a repeated field is specified for an update operation, new values will
+// be appended to the existing repeated field in the target resource. Note that
+// a repeated field is only allowed in the last position of a `paths` string.
 //
 // If a sub-message is specified in the last position of the field mask for an
-// update operation, then the existing sub-message in the target resource is
-// overwritten. Given the target message:
+// update operation, then new value will be merged into the existing sub-message
+// in the target resource.
+//
+// For example, given the target message:
 //
 //     f {
 //       b {
-//         d : 1
-//         x : 2
+//         d: 1
+//         x: 2
 //       }
-//       c : 1
+//       c: [1]
 //     }
 //
 // And an update message:
 //
 //     f {
 //       b {
-//         d : 10
+//         d: 10
 //       }
+//       c: [2]
 //     }
 //
 // then if the field mask is:
 //
-//  paths: "f.b"
+//  paths: ["f.b", "f.c"]
 //
 // then the result will be:
 //
 //     f {
 //       b {
-//         d : 10
+//         d: 10
+//         x: 2
 //       }
-//       c : 1
+//       c: [1, 2]
 //     }
 //
-// However, if the update mask was:
-//
-//  paths: "f.b.d"
-//
-// then the result would be:
-//
-//     f {
-//       b {
-//         d : 10
-//         x : 2
-//       }
-//       c : 1
-//     }
+// An implementation may provide options to override this default behavior for
+// repeated and message fields.
 //
 // In order to reset a field's value to the default, the field must
 // be in the mask and set to the default value in the provided resource.
@@ -240,6 +233,12 @@ option go_package = "types";
 //
 // Note that oneof type names ("test_oneof" in this case) cannot be used in
 // paths.
+//
+// ## Field Mask Verification
+//
+// The implementation of any API method which has a FieldMask type field in the
+// request should verify the included field paths, and return an
+// `INVALID_ARGUMENT` error if any path is duplicated or unmappable.
 message FieldMask {
   // The set of field mask paths.
   repeated string paths = 1;
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/source_context.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/source_context.proto
new file mode 100644
index 0000000000000..8654578c770dc
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/source_context.proto
@@ -0,0 +1,48 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "SourceContextProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+option go_package = "types";
+
+// `SourceContext` represents information about the source of a
+// protobuf element, like the file in which it is defined.
+message SourceContext {
+  // The path-qualified name of the .proto file that contained the associated
+  // protobuf element.  For example: `"google/protobuf/source_context.proto"`.
+  string file_name = 1;
+}
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/struct.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/struct.proto
index 4f78641fa9182..9db0771592921 100644
--- a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/struct.proto
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/struct.proto
@@ -40,7 +40,6 @@ option java_outer_classname = "StructProto";
 option java_multiple_files = true;
 option objc_class_prefix = "GPB";
 
-
 // `Struct` represents a structured data value, consisting of fields
 // which map to dynamically typed values. In some languages, `Struct`
 // might be supported by a native representation. For example, in
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/timestamp.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/timestamp.proto
index 4ba0b97b2acbf..0ebe36ea732e2 100644
--- a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/timestamp.proto
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/timestamp.proto
@@ -40,17 +40,19 @@ option java_outer_classname = "TimestampProto";
 option java_multiple_files = true;
 option objc_class_prefix = "GPB";
 
-// A Timestamp represents a point in time independent of any time zone
-// or calendar, represented as seconds and fractions of seconds at
-// nanosecond resolution in UTC Epoch time. It is encoded using the
-// Proleptic Gregorian Calendar which extends the Gregorian calendar
-// backwards to year one. It is encoded assuming all minutes are 60
-// seconds long, i.e. leap seconds are "smeared" so that no leap second
-// table is needed for interpretation. Range is from
-// 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z.
-// By restricting to that range, we ensure that we can convert to
-// and from  RFC 3339 date strings.
-// See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).
+// A Timestamp represents a point in time independent of any time zone or local
+// calendar, encoded as a count of seconds and fractions of seconds at
+// nanosecond resolution. The count is relative to an epoch at UTC midnight on
+// January 1, 1970, in the proleptic Gregorian calendar which extends the
+// Gregorian calendar backwards to year one.
+//
+// All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
+// second table is needed for interpretation, using a [24-hour linear
+// smear](https://developers.google.com/time/smear).
+//
+// The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
+// restricting to that range, we ensure that we can convert to and from [RFC
+// 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
 //
 // # Examples
 //
@@ -103,23 +105,26 @@ option objc_class_prefix = "GPB";
 // {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
 // seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
 // are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
-// is required, though only UTC (as indicated by "Z") is presently supported.
+// is required. A proto3 JSON serializer should always use UTC (as indicated by
+// "Z") when printing the Timestamp type and a proto3 JSON parser should be
+// able to accept both UTC and other timezones (as indicated by an offset).
 //
 // For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
 // 01:30 UTC on January 15, 2017.
 //
 // In JavaScript, one can convert a Date object to this format using the
-// standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString]
+// standard
+// [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
 // method. In Python, a standard `datetime.datetime` object can be converted
-// to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)
-// with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one
-// can use the Joda Time's [`ISODateTimeFormat.dateTime()`](
-// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime())
-// to obtain a formatter capable of generating timestamps in this format.
+// to this format using
+// [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
+// the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
+// the Joda Time's [`ISODateTimeFormat.dateTime()`](
+// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// ) to obtain a formatter capable of generating timestamps in this format.
 //
 //
 message Timestamp {
-
   // Represents seconds of UTC time since Unix epoch
   // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
   // 9999-12-31T23:59:59Z inclusive.
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/type.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/type.proto
new file mode 100644
index 0000000000000..cc626250deae5
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/type.proto
@@ -0,0 +1,187 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/source_context.proto";
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option cc_enable_arenas = true;
+option java_package = "com.google.protobuf";
+option java_outer_classname = "TypeProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+option go_package = "types";
+
+// A protocol buffer message type.
+message Type {
+  // The fully qualified message name.
+  string name = 1;
+  // The list of fields.
+  repeated Field fields = 2;
+  // The list of types appearing in `oneof` definitions in this type.
+  repeated string oneofs = 3;
+  // The protocol buffer options.
+  repeated Option options = 4;
+  // The source context.
+  SourceContext source_context = 5;
+  // The source syntax.
+  Syntax syntax = 6;
+}
+
+// A single field of a message type.
+message Field {
+  // Basic field types.
+  enum Kind {
+    // Field type unknown.
+    TYPE_UNKNOWN = 0;
+    // Field type double.
+    TYPE_DOUBLE = 1;
+    // Field type float.
+    TYPE_FLOAT = 2;
+    // Field type int64.
+    TYPE_INT64 = 3;
+    // Field type uint64.
+    TYPE_UINT64 = 4;
+    // Field type int32.
+    TYPE_INT32 = 5;
+    // Field type fixed64.
+    TYPE_FIXED64 = 6;
+    // Field type fixed32.
+    TYPE_FIXED32 = 7;
+    // Field type bool.
+    TYPE_BOOL = 8;
+    // Field type string.
+    TYPE_STRING = 9;
+    // Field type group. Proto2 syntax only, and deprecated.
+    TYPE_GROUP = 10;
+    // Field type message.
+    TYPE_MESSAGE = 11;
+    // Field type bytes.
+    TYPE_BYTES = 12;
+    // Field type uint32.
+    TYPE_UINT32 = 13;
+    // Field type enum.
+    TYPE_ENUM = 14;
+    // Field type sfixed32.
+    TYPE_SFIXED32 = 15;
+    // Field type sfixed64.
+    TYPE_SFIXED64 = 16;
+    // Field type sint32.
+    TYPE_SINT32 = 17;
+    // Field type sint64.
+    TYPE_SINT64 = 18;
+  }
+
+  // Whether a field is optional, required, or repeated.
+  enum Cardinality {
+    // For fields with unknown cardinality.
+    CARDINALITY_UNKNOWN = 0;
+    // For optional fields.
+    CARDINALITY_OPTIONAL = 1;
+    // For required fields. Proto2 syntax only.
+    CARDINALITY_REQUIRED = 2;
+    // For repeated fields.
+    CARDINALITY_REPEATED = 3;
+  };
+
+  // The field type.
+  Kind kind = 1;
+  // The field cardinality.
+  Cardinality cardinality = 2;
+  // The field number.
+  int32 number = 3;
+  // The field name.
+  string name = 4;
+  // The field type URL, without the scheme, for message or enumeration
+  // types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
+  string type_url = 6;
+  // The index of the field type in `Type.oneofs`, for message or enumeration
+  // types. The first type has index 1; zero means the type is not in the list.
+  int32 oneof_index = 7;
+  // Whether to use alternative packed wire representation.
+  bool packed = 8;
+  // The protocol buffer options.
+  repeated Option options = 9;
+  // The field JSON name.
+  string json_name = 10;
+  // The string value of the default value of this field. Proto2 syntax only.
+  string default_value = 11;
+}
+
+// Enum type definition.
+message Enum {
+  // Enum type name.
+  string name = 1;
+  // Enum value definitions.
+  repeated EnumValue enumvalue = 2;
+  // Protocol buffer options.
+  repeated Option options = 3;
+  // The source context.
+  SourceContext source_context = 4;
+  // The source syntax.
+  Syntax syntax = 5;
+}
+
+// Enum value definition.
+message EnumValue {
+  // Enum value name.
+  string name = 1;
+  // Enum value number.
+  int32 number = 2;
+  // Protocol buffer options.
+  repeated Option options = 3;
+}
+
+// A protocol buffer option, which can be attached to a message, field,
+// enumeration, etc.
+message Option {
+  // The option's name. For protobuf built-in options (options defined in
+  // descriptor.proto), this is the short name. For example, `"map_entry"`.
+  // For custom options, it should be the fully-qualified name. For example,
+  // `"google.api.http"`.
+  string name = 1;
+  // The option's value packed in an Any message. If the value is a primitive,
+  // the corresponding wrapper type defined in google/protobuf/wrappers.proto
+  // should be used. If the value is an enum, it should be stored as an int32
+  // value using the google.protobuf.Int32Value type.
+  Any value = 2;
+}
+
+// The syntax in which a protocol buffer element is defined.
+enum Syntax {
+  // Syntax `proto2`.
+  SYNTAX_PROTO2 = 0;
+  // Syntax `proto3`.
+  SYNTAX_PROTO3 = 1;
+}
diff --git a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/wrappers.proto b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/wrappers.proto
index c5632e5ca999a..59b76acde8c91 100644
--- a/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/wrappers.proto
+++ b/vendor/github.com/gogo/protobuf/protobuf/google/protobuf/wrappers.proto
@@ -32,6 +32,11 @@
 // for embedding primitives in the `google.protobuf.Any` type and for places
 // where we need to distinguish between the absence of a primitive
 // typed field and its default value.
+//
+// These wrappers have no meaningful use within repeated fields as they lack
+// the ability to detect presence on individual elements.
+// These wrappers have no meaningful use within a map or a oneof since
+// individual entries of a map or fields of a oneof can already detect presence.
 
 syntax = "proto3";
 
diff --git a/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go b/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go
index 4174cbd9f3d6a..18b2a3318a573 100644
--- a/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go
+++ b/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go
@@ -1,40 +1,13 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: descriptor.proto
 
-/*
-Package descriptor is a generated protocol buffer package.
-
-It is generated from these files:
-	descriptor.proto
-
-It has these top-level messages:
-	FileDescriptorSet
-	FileDescriptorProto
-	DescriptorProto
-	ExtensionRangeOptions
-	FieldDescriptorProto
-	OneofDescriptorProto
-	EnumDescriptorProto
-	EnumValueDescriptorProto
-	ServiceDescriptorProto
-	MethodDescriptorProto
-	FileOptions
-	MessageOptions
-	FieldOptions
-	OneofOptions
-	EnumOptions
-	EnumValueOptions
-	ServiceOptions
-	MethodOptions
-	UninterpretedOption
-	SourceCodeInfo
-	GeneratedCodeInfo
-*/
 package descriptor
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -45,7 +18,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type FieldDescriptorProto_Type int32
 
@@ -101,6 +74,7 @@ var FieldDescriptorProto_Type_name = map[int32]string{
 	17: "TYPE_SINT32",
 	18: "TYPE_SINT64",
 }
+
 var FieldDescriptorProto_Type_value = map[string]int32{
 	"TYPE_DOUBLE":   1,
 	"TYPE_FLOAT":    2,
@@ -127,9 +101,11 @@ func (x FieldDescriptorProto_Type) Enum() *FieldDescriptorProto_Type {
 	*p = x
 	return p
 }
+
 func (x FieldDescriptorProto_Type) String() string {
 	return proto.EnumName(FieldDescriptorProto_Type_name, int32(x))
 }
+
 func (x *FieldDescriptorProto_Type) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FieldDescriptorProto_Type_value, data, "FieldDescriptorProto_Type")
 	if err != nil {
@@ -138,8 +114,9 @@ func (x *FieldDescriptorProto_Type) UnmarshalJSON(data []byte) error {
 	*x = FieldDescriptorProto_Type(value)
 	return nil
 }
+
 func (FieldDescriptorProto_Type) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{4, 0}
+	return fileDescriptor_308767df5ffe18af, []int{4, 0}
 }
 
 type FieldDescriptorProto_Label int32
@@ -156,6 +133,7 @@ var FieldDescriptorProto_Label_name = map[int32]string{
 	2: "LABEL_REQUIRED",
 	3: "LABEL_REPEATED",
 }
+
 var FieldDescriptorProto_Label_value = map[string]int32{
 	"LABEL_OPTIONAL": 1,
 	"LABEL_REQUIRED": 2,
@@ -167,9 +145,11 @@ func (x FieldDescriptorProto_Label) Enum() *FieldDescriptorProto_Label {
 	*p = x
 	return p
 }
+
 func (x FieldDescriptorProto_Label) String() string {
 	return proto.EnumName(FieldDescriptorProto_Label_name, int32(x))
 }
+
 func (x *FieldDescriptorProto_Label) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FieldDescriptorProto_Label_value, data, "FieldDescriptorProto_Label")
 	if err != nil {
@@ -178,8 +158,9 @@ func (x *FieldDescriptorProto_Label) UnmarshalJSON(data []byte) error {
 	*x = FieldDescriptorProto_Label(value)
 	return nil
 }
+
 func (FieldDescriptorProto_Label) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{4, 1}
+	return fileDescriptor_308767df5ffe18af, []int{4, 1}
 }
 
 // Generated classes can be optimized for speed or code size.
@@ -197,6 +178,7 @@ var FileOptions_OptimizeMode_name = map[int32]string{
 	2: "CODE_SIZE",
 	3: "LITE_RUNTIME",
 }
+
 var FileOptions_OptimizeMode_value = map[string]int32{
 	"SPEED":        1,
 	"CODE_SIZE":    2,
@@ -208,9 +190,11 @@ func (x FileOptions_OptimizeMode) Enum() *FileOptions_OptimizeMode {
 	*p = x
 	return p
 }
+
 func (x FileOptions_OptimizeMode) String() string {
 	return proto.EnumName(FileOptions_OptimizeMode_name, int32(x))
 }
+
 func (x *FileOptions_OptimizeMode) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FileOptions_OptimizeMode_value, data, "FileOptions_OptimizeMode")
 	if err != nil {
@@ -219,8 +203,9 @@ func (x *FileOptions_OptimizeMode) UnmarshalJSON(data []byte) error {
 	*x = FileOptions_OptimizeMode(value)
 	return nil
 }
+
 func (FileOptions_OptimizeMode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{10, 0}
+	return fileDescriptor_308767df5ffe18af, []int{10, 0}
 }
 
 type FieldOptions_CType int32
@@ -237,6 +222,7 @@ var FieldOptions_CType_name = map[int32]string{
 	1: "CORD",
 	2: "STRING_PIECE",
 }
+
 var FieldOptions_CType_value = map[string]int32{
 	"STRING":       0,
 	"CORD":         1,
@@ -248,9 +234,11 @@ func (x FieldOptions_CType) Enum() *FieldOptions_CType {
 	*p = x
 	return p
 }
+
 func (x FieldOptions_CType) String() string {
 	return proto.EnumName(FieldOptions_CType_name, int32(x))
 }
+
 func (x *FieldOptions_CType) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FieldOptions_CType_value, data, "FieldOptions_CType")
 	if err != nil {
@@ -259,8 +247,9 @@ func (x *FieldOptions_CType) UnmarshalJSON(data []byte) error {
 	*x = FieldOptions_CType(value)
 	return nil
 }
+
 func (FieldOptions_CType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{12, 0}
+	return fileDescriptor_308767df5ffe18af, []int{12, 0}
 }
 
 type FieldOptions_JSType int32
@@ -279,6 +268,7 @@ var FieldOptions_JSType_name = map[int32]string{
 	1: "JS_STRING",
 	2: "JS_NUMBER",
 }
+
 var FieldOptions_JSType_value = map[string]int32{
 	"JS_NORMAL": 0,
 	"JS_STRING": 1,
@@ -290,9 +280,11 @@ func (x FieldOptions_JSType) Enum() *FieldOptions_JSType {
 	*p = x
 	return p
 }
+
 func (x FieldOptions_JSType) String() string {
 	return proto.EnumName(FieldOptions_JSType_name, int32(x))
 }
+
 func (x *FieldOptions_JSType) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FieldOptions_JSType_value, data, "FieldOptions_JSType")
 	if err != nil {
@@ -301,8 +293,9 @@ func (x *FieldOptions_JSType) UnmarshalJSON(data []byte) error {
 	*x = FieldOptions_JSType(value)
 	return nil
 }
+
 func (FieldOptions_JSType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{12, 1}
+	return fileDescriptor_308767df5ffe18af, []int{12, 1}
 }
 
 // Is this method side-effect-free (or safe in HTTP parlance), or idempotent,
@@ -321,6 +314,7 @@ var MethodOptions_IdempotencyLevel_name = map[int32]string{
 	1: "NO_SIDE_EFFECTS",
 	2: "IDEMPOTENT",
 }
+
 var MethodOptions_IdempotencyLevel_value = map[string]int32{
 	"IDEMPOTENCY_UNKNOWN": 0,
 	"NO_SIDE_EFFECTS":     1,
@@ -332,9 +326,11 @@ func (x MethodOptions_IdempotencyLevel) Enum() *MethodOptions_IdempotencyLevel {
 	*p = x
 	return p
 }
+
 func (x MethodOptions_IdempotencyLevel) String() string {
 	return proto.EnumName(MethodOptions_IdempotencyLevel_name, int32(x))
 }
+
 func (x *MethodOptions_IdempotencyLevel) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(MethodOptions_IdempotencyLevel_value, data, "MethodOptions_IdempotencyLevel")
 	if err != nil {
@@ -343,21 +339,43 @@ func (x *MethodOptions_IdempotencyLevel) UnmarshalJSON(data []byte) error {
 	*x = MethodOptions_IdempotencyLevel(value)
 	return nil
 }
+
 func (MethodOptions_IdempotencyLevel) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{17, 0}
+	return fileDescriptor_308767df5ffe18af, []int{17, 0}
 }
 
 // The protocol compiler can output a FileDescriptorSet containing the .proto
 // files it parses.
 type FileDescriptorSet struct {
-	File             []*FileDescriptorProto `protobuf:"bytes,1,rep,name=file" json:"file,omitempty"`
-	XXX_unrecognized []byte                 `json:"-"`
+	File                 []*FileDescriptorProto `protobuf:"bytes,1,rep,name=file" json:"file,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
+	XXX_unrecognized     []byte                 `json:"-"`
+	XXX_sizecache        int32                  `json:"-"`
+}
+
+func (m *FileDescriptorSet) Reset()         { *m = FileDescriptorSet{} }
+func (m *FileDescriptorSet) String() string { return proto.CompactTextString(m) }
+func (*FileDescriptorSet) ProtoMessage()    {}
+func (*FileDescriptorSet) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{0}
+}
+func (m *FileDescriptorSet) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_FileDescriptorSet.Unmarshal(m, b)
+}
+func (m *FileDescriptorSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_FileDescriptorSet.Marshal(b, m, deterministic)
+}
+func (m *FileDescriptorSet) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileDescriptorSet.Merge(m, src)
+}
+func (m *FileDescriptorSet) XXX_Size() int {
+	return xxx_messageInfo_FileDescriptorSet.Size(m)
+}
+func (m *FileDescriptorSet) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileDescriptorSet.DiscardUnknown(m)
 }
 
-func (m *FileDescriptorSet) Reset()                    { *m = FileDescriptorSet{} }
-func (m *FileDescriptorSet) String() string            { return proto.CompactTextString(m) }
-func (*FileDescriptorSet) ProtoMessage()               {}
-func (*FileDescriptorSet) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{0} }
+var xxx_messageInfo_FileDescriptorSet proto.InternalMessageInfo
 
 func (m *FileDescriptorSet) GetFile() []*FileDescriptorProto {
 	if m != nil {
@@ -390,14 +408,35 @@ type FileDescriptorProto struct {
 	SourceCodeInfo *SourceCodeInfo `protobuf:"bytes,9,opt,name=source_code_info,json=sourceCodeInfo" json:"source_code_info,omitempty"`
 	// The syntax of the proto file.
 	// The supported values are "proto2" and "proto3".
-	Syntax           *string `protobuf:"bytes,12,opt,name=syntax" json:"syntax,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
+	Syntax               *string  `protobuf:"bytes,12,opt,name=syntax" json:"syntax,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *FileDescriptorProto) Reset()                    { *m = FileDescriptorProto{} }
-func (m *FileDescriptorProto) String() string            { return proto.CompactTextString(m) }
-func (*FileDescriptorProto) ProtoMessage()               {}
-func (*FileDescriptorProto) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{1} }
+func (m *FileDescriptorProto) Reset()         { *m = FileDescriptorProto{} }
+func (m *FileDescriptorProto) String() string { return proto.CompactTextString(m) }
+func (*FileDescriptorProto) ProtoMessage()    {}
+func (*FileDescriptorProto) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{1}
+}
+func (m *FileDescriptorProto) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_FileDescriptorProto.Unmarshal(m, b)
+}
+func (m *FileDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_FileDescriptorProto.Marshal(b, m, deterministic)
+}
+func (m *FileDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileDescriptorProto.Merge(m, src)
+}
+func (m *FileDescriptorProto) XXX_Size() int {
+	return xxx_messageInfo_FileDescriptorProto.Size(m)
+}
+func (m *FileDescriptorProto) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileDescriptorProto.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FileDescriptorProto proto.InternalMessageInfo
 
 func (m *FileDescriptorProto) GetName() string {
 	if m != nil && m.Name != nil {
@@ -496,14 +535,35 @@ type DescriptorProto struct {
 	ReservedRange  []*DescriptorProto_ReservedRange  `protobuf:"bytes,9,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"`
 	// Reserved field names, which may not be used by fields in the same message.
 	// A given name may only be reserved once.
-	ReservedName     []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	ReservedName         []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DescriptorProto) Reset()         { *m = DescriptorProto{} }
+func (m *DescriptorProto) String() string { return proto.CompactTextString(m) }
+func (*DescriptorProto) ProtoMessage()    {}
+func (*DescriptorProto) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{2}
+}
+func (m *DescriptorProto) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_DescriptorProto.Unmarshal(m, b)
+}
+func (m *DescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_DescriptorProto.Marshal(b, m, deterministic)
+}
+func (m *DescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DescriptorProto.Merge(m, src)
+}
+func (m *DescriptorProto) XXX_Size() int {
+	return xxx_messageInfo_DescriptorProto.Size(m)
+}
+func (m *DescriptorProto) XXX_DiscardUnknown() {
+	xxx_messageInfo_DescriptorProto.DiscardUnknown(m)
 }
 
-func (m *DescriptorProto) Reset()                    { *m = DescriptorProto{} }
-func (m *DescriptorProto) String() string            { return proto.CompactTextString(m) }
-func (*DescriptorProto) ProtoMessage()               {}
-func (*DescriptorProto) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{2} }
+var xxx_messageInfo_DescriptorProto proto.InternalMessageInfo
 
 func (m *DescriptorProto) GetName() string {
 	if m != nil && m.Name != nil {
@@ -576,19 +636,38 @@ func (m *DescriptorProto) GetReservedName() []string {
 }
 
 type DescriptorProto_ExtensionRange struct {
-	Start            *int32                 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"`
-	End              *int32                 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`
-	Options          *ExtensionRangeOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
-	XXX_unrecognized []byte                 `json:"-"`
+	Start                *int32                 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"`
+	End                  *int32                 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`
+	Options              *ExtensionRangeOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
+	XXX_unrecognized     []byte                 `json:"-"`
+	XXX_sizecache        int32                  `json:"-"`
 }
 
 func (m *DescriptorProto_ExtensionRange) Reset()         { *m = DescriptorProto_ExtensionRange{} }
 func (m *DescriptorProto_ExtensionRange) String() string { return proto.CompactTextString(m) }
 func (*DescriptorProto_ExtensionRange) ProtoMessage()    {}
 func (*DescriptorProto_ExtensionRange) Descriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{2, 0}
+	return fileDescriptor_308767df5ffe18af, []int{2, 0}
+}
+func (m *DescriptorProto_ExtensionRange) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_DescriptorProto_ExtensionRange.Unmarshal(m, b)
+}
+func (m *DescriptorProto_ExtensionRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_DescriptorProto_ExtensionRange.Marshal(b, m, deterministic)
+}
+func (m *DescriptorProto_ExtensionRange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DescriptorProto_ExtensionRange.Merge(m, src)
+}
+func (m *DescriptorProto_ExtensionRange) XXX_Size() int {
+	return xxx_messageInfo_DescriptorProto_ExtensionRange.Size(m)
+}
+func (m *DescriptorProto_ExtensionRange) XXX_DiscardUnknown() {
+	xxx_messageInfo_DescriptorProto_ExtensionRange.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_DescriptorProto_ExtensionRange proto.InternalMessageInfo
+
 func (m *DescriptorProto_ExtensionRange) GetStart() int32 {
 	if m != nil && m.Start != nil {
 		return *m.Start
@@ -614,18 +693,37 @@ func (m *DescriptorProto_ExtensionRange) GetOptions() *ExtensionRangeOptions {
 // fields or extension ranges in the same message. Reserved ranges may
 // not overlap.
 type DescriptorProto_ReservedRange struct {
-	Start            *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"`
-	End              *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
+	Start                *int32   `protobuf:"varint,1,opt,name=start" json:"start,omitempty"`
+	End                  *int32   `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *DescriptorProto_ReservedRange) Reset()         { *m = DescriptorProto_ReservedRange{} }
 func (m *DescriptorProto_ReservedRange) String() string { return proto.CompactTextString(m) }
 func (*DescriptorProto_ReservedRange) ProtoMessage()    {}
 func (*DescriptorProto_ReservedRange) Descriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{2, 1}
+	return fileDescriptor_308767df5ffe18af, []int{2, 1}
+}
+func (m *DescriptorProto_ReservedRange) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_DescriptorProto_ReservedRange.Unmarshal(m, b)
+}
+func (m *DescriptorProto_ReservedRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_DescriptorProto_ReservedRange.Marshal(b, m, deterministic)
+}
+func (m *DescriptorProto_ReservedRange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DescriptorProto_ReservedRange.Merge(m, src)
+}
+func (m *DescriptorProto_ReservedRange) XXX_Size() int {
+	return xxx_messageInfo_DescriptorProto_ReservedRange.Size(m)
+}
+func (m *DescriptorProto_ReservedRange) XXX_DiscardUnknown() {
+	xxx_messageInfo_DescriptorProto_ReservedRange.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_DescriptorProto_ReservedRange proto.InternalMessageInfo
+
 func (m *DescriptorProto_ReservedRange) GetStart() int32 {
 	if m != nil && m.Start != nil {
 		return *m.Start
@@ -643,14 +741,18 @@ func (m *DescriptorProto_ReservedRange) GetEnd() int32 {
 type ExtensionRangeOptions struct {
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *ExtensionRangeOptions) Reset()                    { *m = ExtensionRangeOptions{} }
-func (m *ExtensionRangeOptions) String() string            { return proto.CompactTextString(m) }
-func (*ExtensionRangeOptions) ProtoMessage()               {}
-func (*ExtensionRangeOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{3} }
+func (m *ExtensionRangeOptions) Reset()         { *m = ExtensionRangeOptions{} }
+func (m *ExtensionRangeOptions) String() string { return proto.CompactTextString(m) }
+func (*ExtensionRangeOptions) ProtoMessage()    {}
+func (*ExtensionRangeOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{3}
+}
 
 var extRange_ExtensionRangeOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -660,6 +762,24 @@ func (*ExtensionRangeOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_ExtensionRangeOptions
 }
 
+func (m *ExtensionRangeOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ExtensionRangeOptions.Unmarshal(m, b)
+}
+func (m *ExtensionRangeOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ExtensionRangeOptions.Marshal(b, m, deterministic)
+}
+func (m *ExtensionRangeOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExtensionRangeOptions.Merge(m, src)
+}
+func (m *ExtensionRangeOptions) XXX_Size() int {
+	return xxx_messageInfo_ExtensionRangeOptions.Size(m)
+}
+func (m *ExtensionRangeOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExtensionRangeOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExtensionRangeOptions proto.InternalMessageInfo
+
 func (m *ExtensionRangeOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if m != nil {
 		return m.UninterpretedOption
@@ -697,15 +817,36 @@ type FieldDescriptorProto struct {
 	// user has set a "json_name" option on this field, that option's value
 	// will be used. Otherwise, it's deduced from the field's name by converting
 	// it to camelCase.
-	JsonName         *string       `protobuf:"bytes,10,opt,name=json_name,json=jsonName" json:"json_name,omitempty"`
-	Options          *FieldOptions `protobuf:"bytes,8,opt,name=options" json:"options,omitempty"`
-	XXX_unrecognized []byte        `json:"-"`
+	JsonName             *string       `protobuf:"bytes,10,opt,name=json_name,json=jsonName" json:"json_name,omitempty"`
+	Options              *FieldOptions `protobuf:"bytes,8,opt,name=options" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
+	XXX_unrecognized     []byte        `json:"-"`
+	XXX_sizecache        int32         `json:"-"`
 }
 
-func (m *FieldDescriptorProto) Reset()                    { *m = FieldDescriptorProto{} }
-func (m *FieldDescriptorProto) String() string            { return proto.CompactTextString(m) }
-func (*FieldDescriptorProto) ProtoMessage()               {}
-func (*FieldDescriptorProto) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{4} }
+func (m *FieldDescriptorProto) Reset()         { *m = FieldDescriptorProto{} }
+func (m *FieldDescriptorProto) String() string { return proto.CompactTextString(m) }
+func (*FieldDescriptorProto) ProtoMessage()    {}
+func (*FieldDescriptorProto) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{4}
+}
+func (m *FieldDescriptorProto) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_FieldDescriptorProto.Unmarshal(m, b)
+}
+func (m *FieldDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_FieldDescriptorProto.Marshal(b, m, deterministic)
+}
+func (m *FieldDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FieldDescriptorProto.Merge(m, src)
+}
+func (m *FieldDescriptorProto) XXX_Size() int {
+	return xxx_messageInfo_FieldDescriptorProto.Size(m)
+}
+func (m *FieldDescriptorProto) XXX_DiscardUnknown() {
+	xxx_messageInfo_FieldDescriptorProto.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FieldDescriptorProto proto.InternalMessageInfo
 
 func (m *FieldDescriptorProto) GetName() string {
 	if m != nil && m.Name != nil {
@@ -779,15 +920,36 @@ func (m *FieldDescriptorProto) GetOptions() *FieldOptions {
 
 // Describes a oneof.
 type OneofDescriptorProto struct {
-	Name             *string       `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Options          *OneofOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
-	XXX_unrecognized []byte        `json:"-"`
+	Name                 *string       `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Options              *OneofOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
+	XXX_unrecognized     []byte        `json:"-"`
+	XXX_sizecache        int32         `json:"-"`
+}
+
+func (m *OneofDescriptorProto) Reset()         { *m = OneofDescriptorProto{} }
+func (m *OneofDescriptorProto) String() string { return proto.CompactTextString(m) }
+func (*OneofDescriptorProto) ProtoMessage()    {}
+func (*OneofDescriptorProto) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{5}
+}
+func (m *OneofDescriptorProto) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_OneofDescriptorProto.Unmarshal(m, b)
+}
+func (m *OneofDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_OneofDescriptorProto.Marshal(b, m, deterministic)
+}
+func (m *OneofDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_OneofDescriptorProto.Merge(m, src)
+}
+func (m *OneofDescriptorProto) XXX_Size() int {
+	return xxx_messageInfo_OneofDescriptorProto.Size(m)
+}
+func (m *OneofDescriptorProto) XXX_DiscardUnknown() {
+	xxx_messageInfo_OneofDescriptorProto.DiscardUnknown(m)
 }
 
-func (m *OneofDescriptorProto) Reset()                    { *m = OneofDescriptorProto{} }
-func (m *OneofDescriptorProto) String() string            { return proto.CompactTextString(m) }
-func (*OneofDescriptorProto) ProtoMessage()               {}
-func (*OneofDescriptorProto) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{5} }
+var xxx_messageInfo_OneofDescriptorProto proto.InternalMessageInfo
 
 func (m *OneofDescriptorProto) GetName() string {
 	if m != nil && m.Name != nil {
@@ -814,14 +976,35 @@ type EnumDescriptorProto struct {
 	ReservedRange []*EnumDescriptorProto_EnumReservedRange `protobuf:"bytes,4,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"`
 	// Reserved enum value names, which may not be reused. A given name may only
 	// be reserved once.
-	ReservedName     []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	ReservedName         []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *EnumDescriptorProto) Reset()                    { *m = EnumDescriptorProto{} }
-func (m *EnumDescriptorProto) String() string            { return proto.CompactTextString(m) }
-func (*EnumDescriptorProto) ProtoMessage()               {}
-func (*EnumDescriptorProto) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{6} }
+func (m *EnumDescriptorProto) Reset()         { *m = EnumDescriptorProto{} }
+func (m *EnumDescriptorProto) String() string { return proto.CompactTextString(m) }
+func (*EnumDescriptorProto) ProtoMessage()    {}
+func (*EnumDescriptorProto) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{6}
+}
+func (m *EnumDescriptorProto) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_EnumDescriptorProto.Unmarshal(m, b)
+}
+func (m *EnumDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_EnumDescriptorProto.Marshal(b, m, deterministic)
+}
+func (m *EnumDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumDescriptorProto.Merge(m, src)
+}
+func (m *EnumDescriptorProto) XXX_Size() int {
+	return xxx_messageInfo_EnumDescriptorProto.Size(m)
+}
+func (m *EnumDescriptorProto) XXX_DiscardUnknown() {
+	xxx_messageInfo_EnumDescriptorProto.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_EnumDescriptorProto proto.InternalMessageInfo
 
 func (m *EnumDescriptorProto) GetName() string {
 	if m != nil && m.Name != nil {
@@ -865,18 +1048,37 @@ func (m *EnumDescriptorProto) GetReservedName() []string {
 // is inclusive such that it can appropriately represent the entire int32
 // domain.
 type EnumDescriptorProto_EnumReservedRange struct {
-	Start            *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"`
-	End              *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
+	Start                *int32   `protobuf:"varint,1,opt,name=start" json:"start,omitempty"`
+	End                  *int32   `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *EnumDescriptorProto_EnumReservedRange) Reset()         { *m = EnumDescriptorProto_EnumReservedRange{} }
 func (m *EnumDescriptorProto_EnumReservedRange) String() string { return proto.CompactTextString(m) }
 func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage()    {}
 func (*EnumDescriptorProto_EnumReservedRange) Descriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{6, 0}
+	return fileDescriptor_308767df5ffe18af, []int{6, 0}
+}
+func (m *EnumDescriptorProto_EnumReservedRange) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Unmarshal(m, b)
+}
+func (m *EnumDescriptorProto_EnumReservedRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Marshal(b, m, deterministic)
+}
+func (m *EnumDescriptorProto_EnumReservedRange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Merge(m, src)
+}
+func (m *EnumDescriptorProto_EnumReservedRange) XXX_Size() int {
+	return xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Size(m)
+}
+func (m *EnumDescriptorProto_EnumReservedRange) XXX_DiscardUnknown() {
+	xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_EnumDescriptorProto_EnumReservedRange proto.InternalMessageInfo
+
 func (m *EnumDescriptorProto_EnumReservedRange) GetStart() int32 {
 	if m != nil && m.Start != nil {
 		return *m.Start
@@ -893,19 +1095,38 @@ func (m *EnumDescriptorProto_EnumReservedRange) GetEnd() int32 {
 
 // Describes a value within an enum.
 type EnumValueDescriptorProto struct {
-	Name             *string           `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Number           *int32            `protobuf:"varint,2,opt,name=number" json:"number,omitempty"`
-	Options          *EnumValueOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
-	XXX_unrecognized []byte            `json:"-"`
+	Name                 *string           `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Number               *int32            `protobuf:"varint,2,opt,name=number" json:"number,omitempty"`
+	Options              *EnumValueOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
 }
 
 func (m *EnumValueDescriptorProto) Reset()         { *m = EnumValueDescriptorProto{} }
 func (m *EnumValueDescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*EnumValueDescriptorProto) ProtoMessage()    {}
 func (*EnumValueDescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{7}
+	return fileDescriptor_308767df5ffe18af, []int{7}
+}
+func (m *EnumValueDescriptorProto) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_EnumValueDescriptorProto.Unmarshal(m, b)
+}
+func (m *EnumValueDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_EnumValueDescriptorProto.Marshal(b, m, deterministic)
+}
+func (m *EnumValueDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumValueDescriptorProto.Merge(m, src)
+}
+func (m *EnumValueDescriptorProto) XXX_Size() int {
+	return xxx_messageInfo_EnumValueDescriptorProto.Size(m)
+}
+func (m *EnumValueDescriptorProto) XXX_DiscardUnknown() {
+	xxx_messageInfo_EnumValueDescriptorProto.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_EnumValueDescriptorProto proto.InternalMessageInfo
+
 func (m *EnumValueDescriptorProto) GetName() string {
 	if m != nil && m.Name != nil {
 		return *m.Name
@@ -929,16 +1150,37 @@ func (m *EnumValueDescriptorProto) GetOptions() *EnumValueOptions {
 
 // Describes a service.
 type ServiceDescriptorProto struct {
-	Name             *string                  `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Method           []*MethodDescriptorProto `protobuf:"bytes,2,rep,name=method" json:"method,omitempty"`
-	Options          *ServiceOptions          `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
-	XXX_unrecognized []byte                   `json:"-"`
+	Name                 *string                  `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Method               []*MethodDescriptorProto `protobuf:"bytes,2,rep,name=method" json:"method,omitempty"`
+	Options              *ServiceOptions          `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
+	XXX_unrecognized     []byte                   `json:"-"`
+	XXX_sizecache        int32                    `json:"-"`
 }
 
-func (m *ServiceDescriptorProto) Reset()                    { *m = ServiceDescriptorProto{} }
-func (m *ServiceDescriptorProto) String() string            { return proto.CompactTextString(m) }
-func (*ServiceDescriptorProto) ProtoMessage()               {}
-func (*ServiceDescriptorProto) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{8} }
+func (m *ServiceDescriptorProto) Reset()         { *m = ServiceDescriptorProto{} }
+func (m *ServiceDescriptorProto) String() string { return proto.CompactTextString(m) }
+func (*ServiceDescriptorProto) ProtoMessage()    {}
+func (*ServiceDescriptorProto) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{8}
+}
+func (m *ServiceDescriptorProto) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ServiceDescriptorProto.Unmarshal(m, b)
+}
+func (m *ServiceDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ServiceDescriptorProto.Marshal(b, m, deterministic)
+}
+func (m *ServiceDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServiceDescriptorProto.Merge(m, src)
+}
+func (m *ServiceDescriptorProto) XXX_Size() int {
+	return xxx_messageInfo_ServiceDescriptorProto.Size(m)
+}
+func (m *ServiceDescriptorProto) XXX_DiscardUnknown() {
+	xxx_messageInfo_ServiceDescriptorProto.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ServiceDescriptorProto proto.InternalMessageInfo
 
 func (m *ServiceDescriptorProto) GetName() string {
 	if m != nil && m.Name != nil {
@@ -972,14 +1214,35 @@ type MethodDescriptorProto struct {
 	// Identifies if client streams multiple client messages
 	ClientStreaming *bool `protobuf:"varint,5,opt,name=client_streaming,json=clientStreaming,def=0" json:"client_streaming,omitempty"`
 	// Identifies if server streams multiple server messages
-	ServerStreaming  *bool  `protobuf:"varint,6,opt,name=server_streaming,json=serverStreaming,def=0" json:"server_streaming,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
+	ServerStreaming      *bool    `protobuf:"varint,6,opt,name=server_streaming,json=serverStreaming,def=0" json:"server_streaming,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *MethodDescriptorProto) Reset()         { *m = MethodDescriptorProto{} }
+func (m *MethodDescriptorProto) String() string { return proto.CompactTextString(m) }
+func (*MethodDescriptorProto) ProtoMessage()    {}
+func (*MethodDescriptorProto) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{9}
+}
+func (m *MethodDescriptorProto) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_MethodDescriptorProto.Unmarshal(m, b)
+}
+func (m *MethodDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_MethodDescriptorProto.Marshal(b, m, deterministic)
+}
+func (m *MethodDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MethodDescriptorProto.Merge(m, src)
+}
+func (m *MethodDescriptorProto) XXX_Size() int {
+	return xxx_messageInfo_MethodDescriptorProto.Size(m)
+}
+func (m *MethodDescriptorProto) XXX_DiscardUnknown() {
+	xxx_messageInfo_MethodDescriptorProto.DiscardUnknown(m)
 }
 
-func (m *MethodDescriptorProto) Reset()                    { *m = MethodDescriptorProto{} }
-func (m *MethodDescriptorProto) String() string            { return proto.CompactTextString(m) }
-func (*MethodDescriptorProto) ProtoMessage()               {}
-func (*MethodDescriptorProto) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{9} }
+var xxx_messageInfo_MethodDescriptorProto proto.InternalMessageInfo
 
 const Default_MethodDescriptorProto_ClientStreaming bool = false
 const Default_MethodDescriptorProto_ServerStreaming bool = false
@@ -1046,7 +1309,7 @@ type FileOptions struct {
 	// top-level extensions defined in the file.
 	JavaMultipleFiles *bool `protobuf:"varint,10,opt,name=java_multiple_files,json=javaMultipleFiles,def=0" json:"java_multiple_files,omitempty"`
 	// This option does nothing.
-	JavaGenerateEqualsAndHash *bool `protobuf:"varint,20,opt,name=java_generate_equals_and_hash,json=javaGenerateEqualsAndHash" json:"java_generate_equals_and_hash,omitempty"`
+	JavaGenerateEqualsAndHash *bool `protobuf:"varint,20,opt,name=java_generate_equals_and_hash,json=javaGenerateEqualsAndHash" json:"java_generate_equals_and_hash,omitempty"` // Deprecated: Do not use.
 	// If set true, then the Java2 code generator will generate code that
 	// throws an exception whenever an attempt is made to assign a non-UTF-8
 	// byte sequence to a string field.
@@ -1100,16 +1363,29 @@ type FileOptions struct {
 	// is empty. When this option is empty, the package name will be used for
 	// determining the namespace.
 	PhpNamespace *string `protobuf:"bytes,41,opt,name=php_namespace,json=phpNamespace" json:"php_namespace,omitempty"`
-	// The parser stores options it doesn't recognize here. See above.
+	// Use this option to change the namespace of php generated metadata classes.
+	// Default is empty. When this option is empty, the proto file name will be
+	// used for determining the namespace.
+	PhpMetadataNamespace *string `protobuf:"bytes,44,opt,name=php_metadata_namespace,json=phpMetadataNamespace" json:"php_metadata_namespace,omitempty"`
+	// Use this option to change the package of ruby generated classes. Default
+	// is empty. When this option is not set, the package name will be used for
+	// determining the ruby package.
+	RubyPackage *string `protobuf:"bytes,45,opt,name=ruby_package,json=rubyPackage" json:"ruby_package,omitempty"`
+	// The parser stores options it doesn't recognize here.
+	// See the documentation for the "Options" section above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *FileOptions) Reset()                    { *m = FileOptions{} }
-func (m *FileOptions) String() string            { return proto.CompactTextString(m) }
-func (*FileOptions) ProtoMessage()               {}
-func (*FileOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{10} }
+func (m *FileOptions) Reset()         { *m = FileOptions{} }
+func (m *FileOptions) String() string { return proto.CompactTextString(m) }
+func (*FileOptions) ProtoMessage()    {}
+func (*FileOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{10}
+}
 
 var extRange_FileOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -1119,6 +1395,24 @@ func (*FileOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_FileOptions
 }
 
+func (m *FileOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_FileOptions.Unmarshal(m, b)
+}
+func (m *FileOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_FileOptions.Marshal(b, m, deterministic)
+}
+func (m *FileOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileOptions.Merge(m, src)
+}
+func (m *FileOptions) XXX_Size() int {
+	return xxx_messageInfo_FileOptions.Size(m)
+}
+func (m *FileOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FileOptions proto.InternalMessageInfo
+
 const Default_FileOptions_JavaMultipleFiles bool = false
 const Default_FileOptions_JavaStringCheckUtf8 bool = false
 const Default_FileOptions_OptimizeFor FileOptions_OptimizeMode = FileOptions_SPEED
@@ -1150,6 +1444,7 @@ func (m *FileOptions) GetJavaMultipleFiles() bool {
 	return Default_FileOptions_JavaMultipleFiles
 }
 
+// Deprecated: Do not use.
 func (m *FileOptions) GetJavaGenerateEqualsAndHash() bool {
 	if m != nil && m.JavaGenerateEqualsAndHash != nil {
 		return *m.JavaGenerateEqualsAndHash
@@ -1255,6 +1550,20 @@ func (m *FileOptions) GetPhpNamespace() string {
 	return ""
 }
 
+func (m *FileOptions) GetPhpMetadataNamespace() string {
+	if m != nil && m.PhpMetadataNamespace != nil {
+		return *m.PhpMetadataNamespace
+	}
+	return ""
+}
+
+func (m *FileOptions) GetRubyPackage() string {
+	if m != nil && m.RubyPackage != nil {
+		return *m.RubyPackage
+	}
+	return ""
+}
+
 func (m *FileOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if m != nil {
 		return m.UninterpretedOption
@@ -1306,7 +1615,7 @@ type MessageOptions struct {
 	//
 	// Implementations may choose not to generate the map_entry=true message, but
 	// use a native map in the target language to hold the keys and values.
-	// The reflection APIs in such implementions still need to work as
+	// The reflection APIs in such implementations still need to work as
 	// if the field is a repeated message field.
 	//
 	// NOTE: Do not set the option in .proto files. Always use the maps syntax
@@ -1315,14 +1624,18 @@ type MessageOptions struct {
 	MapEntry *bool `protobuf:"varint,7,opt,name=map_entry,json=mapEntry" json:"map_entry,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *MessageOptions) Reset()                    { *m = MessageOptions{} }
-func (m *MessageOptions) String() string            { return proto.CompactTextString(m) }
-func (*MessageOptions) ProtoMessage()               {}
-func (*MessageOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{11} }
+func (m *MessageOptions) Reset()         { *m = MessageOptions{} }
+func (m *MessageOptions) String() string { return proto.CompactTextString(m) }
+func (*MessageOptions) ProtoMessage()    {}
+func (*MessageOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{11}
+}
 
 var extRange_MessageOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -1332,6 +1645,24 @@ func (*MessageOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_MessageOptions
 }
 
+func (m *MessageOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_MessageOptions.Unmarshal(m, b)
+}
+func (m *MessageOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_MessageOptions.Marshal(b, m, deterministic)
+}
+func (m *MessageOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MessageOptions.Merge(m, src)
+}
+func (m *MessageOptions) XXX_Size() int {
+	return xxx_messageInfo_MessageOptions.Size(m)
+}
+func (m *MessageOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_MessageOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MessageOptions proto.InternalMessageInfo
+
 const Default_MessageOptions_MessageSetWireFormat bool = false
 const Default_MessageOptions_NoStandardDescriptorAccessor bool = false
 const Default_MessageOptions_Deprecated bool = false
@@ -1433,14 +1764,18 @@ type FieldOptions struct {
 	Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *FieldOptions) Reset()                    { *m = FieldOptions{} }
-func (m *FieldOptions) String() string            { return proto.CompactTextString(m) }
-func (*FieldOptions) ProtoMessage()               {}
-func (*FieldOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{12} }
+func (m *FieldOptions) Reset()         { *m = FieldOptions{} }
+func (m *FieldOptions) String() string { return proto.CompactTextString(m) }
+func (*FieldOptions) ProtoMessage()    {}
+func (*FieldOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{12}
+}
 
 var extRange_FieldOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -1450,6 +1785,24 @@ func (*FieldOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_FieldOptions
 }
 
+func (m *FieldOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_FieldOptions.Unmarshal(m, b)
+}
+func (m *FieldOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_FieldOptions.Marshal(b, m, deterministic)
+}
+func (m *FieldOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FieldOptions.Merge(m, src)
+}
+func (m *FieldOptions) XXX_Size() int {
+	return xxx_messageInfo_FieldOptions.Size(m)
+}
+func (m *FieldOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_FieldOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FieldOptions proto.InternalMessageInfo
+
 const Default_FieldOptions_Ctype FieldOptions_CType = FieldOptions_STRING
 const Default_FieldOptions_Jstype FieldOptions_JSType = FieldOptions_JS_NORMAL
 const Default_FieldOptions_Lazy bool = false
@@ -1508,14 +1861,18 @@ func (m *FieldOptions) GetUninterpretedOption() []*UninterpretedOption {
 type OneofOptions struct {
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *OneofOptions) Reset()                    { *m = OneofOptions{} }
-func (m *OneofOptions) String() string            { return proto.CompactTextString(m) }
-func (*OneofOptions) ProtoMessage()               {}
-func (*OneofOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{13} }
+func (m *OneofOptions) Reset()         { *m = OneofOptions{} }
+func (m *OneofOptions) String() string { return proto.CompactTextString(m) }
+func (*OneofOptions) ProtoMessage()    {}
+func (*OneofOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{13}
+}
 
 var extRange_OneofOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -1525,6 +1882,24 @@ func (*OneofOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_OneofOptions
 }
 
+func (m *OneofOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_OneofOptions.Unmarshal(m, b)
+}
+func (m *OneofOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_OneofOptions.Marshal(b, m, deterministic)
+}
+func (m *OneofOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_OneofOptions.Merge(m, src)
+}
+func (m *OneofOptions) XXX_Size() int {
+	return xxx_messageInfo_OneofOptions.Size(m)
+}
+func (m *OneofOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_OneofOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_OneofOptions proto.InternalMessageInfo
+
 func (m *OneofOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if m != nil {
 		return m.UninterpretedOption
@@ -1543,14 +1918,18 @@ type EnumOptions struct {
 	Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *EnumOptions) Reset()                    { *m = EnumOptions{} }
-func (m *EnumOptions) String() string            { return proto.CompactTextString(m) }
-func (*EnumOptions) ProtoMessage()               {}
-func (*EnumOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{14} }
+func (m *EnumOptions) Reset()         { *m = EnumOptions{} }
+func (m *EnumOptions) String() string { return proto.CompactTextString(m) }
+func (*EnumOptions) ProtoMessage()    {}
+func (*EnumOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{14}
+}
 
 var extRange_EnumOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -1560,6 +1939,24 @@ func (*EnumOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_EnumOptions
 }
 
+func (m *EnumOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_EnumOptions.Unmarshal(m, b)
+}
+func (m *EnumOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_EnumOptions.Marshal(b, m, deterministic)
+}
+func (m *EnumOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumOptions.Merge(m, src)
+}
+func (m *EnumOptions) XXX_Size() int {
+	return xxx_messageInfo_EnumOptions.Size(m)
+}
+func (m *EnumOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_EnumOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_EnumOptions proto.InternalMessageInfo
+
 const Default_EnumOptions_Deprecated bool = false
 
 func (m *EnumOptions) GetAllowAlias() bool {
@@ -1591,14 +1988,18 @@ type EnumValueOptions struct {
 	Deprecated *bool `protobuf:"varint,1,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *EnumValueOptions) Reset()                    { *m = EnumValueOptions{} }
-func (m *EnumValueOptions) String() string            { return proto.CompactTextString(m) }
-func (*EnumValueOptions) ProtoMessage()               {}
-func (*EnumValueOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{15} }
+func (m *EnumValueOptions) Reset()         { *m = EnumValueOptions{} }
+func (m *EnumValueOptions) String() string { return proto.CompactTextString(m) }
+func (*EnumValueOptions) ProtoMessage()    {}
+func (*EnumValueOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{15}
+}
 
 var extRange_EnumValueOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -1608,6 +2009,24 @@ func (*EnumValueOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_EnumValueOptions
 }
 
+func (m *EnumValueOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_EnumValueOptions.Unmarshal(m, b)
+}
+func (m *EnumValueOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_EnumValueOptions.Marshal(b, m, deterministic)
+}
+func (m *EnumValueOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumValueOptions.Merge(m, src)
+}
+func (m *EnumValueOptions) XXX_Size() int {
+	return xxx_messageInfo_EnumValueOptions.Size(m)
+}
+func (m *EnumValueOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_EnumValueOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_EnumValueOptions proto.InternalMessageInfo
+
 const Default_EnumValueOptions_Deprecated bool = false
 
 func (m *EnumValueOptions) GetDeprecated() bool {
@@ -1632,14 +2051,18 @@ type ServiceOptions struct {
 	Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *ServiceOptions) Reset()                    { *m = ServiceOptions{} }
-func (m *ServiceOptions) String() string            { return proto.CompactTextString(m) }
-func (*ServiceOptions) ProtoMessage()               {}
-func (*ServiceOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{16} }
+func (m *ServiceOptions) Reset()         { *m = ServiceOptions{} }
+func (m *ServiceOptions) String() string { return proto.CompactTextString(m) }
+func (*ServiceOptions) ProtoMessage()    {}
+func (*ServiceOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{16}
+}
 
 var extRange_ServiceOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -1649,6 +2072,24 @@ func (*ServiceOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_ServiceOptions
 }
 
+func (m *ServiceOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ServiceOptions.Unmarshal(m, b)
+}
+func (m *ServiceOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ServiceOptions.Marshal(b, m, deterministic)
+}
+func (m *ServiceOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServiceOptions.Merge(m, src)
+}
+func (m *ServiceOptions) XXX_Size() int {
+	return xxx_messageInfo_ServiceOptions.Size(m)
+}
+func (m *ServiceOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_ServiceOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ServiceOptions proto.InternalMessageInfo
+
 const Default_ServiceOptions_Deprecated bool = false
 
 func (m *ServiceOptions) GetDeprecated() bool {
@@ -1674,14 +2115,18 @@ type MethodOptions struct {
 	IdempotencyLevel *MethodOptions_IdempotencyLevel `protobuf:"varint,34,opt,name=idempotency_level,json=idempotencyLevel,enum=google.protobuf.MethodOptions_IdempotencyLevel,def=0" json:"idempotency_level,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+	XXX_NoUnkeyedLiteral         struct{}               `json:"-"`
 	proto.XXX_InternalExtensions `json:"-"`
 	XXX_unrecognized             []byte `json:"-"`
+	XXX_sizecache                int32  `json:"-"`
 }
 
-func (m *MethodOptions) Reset()                    { *m = MethodOptions{} }
-func (m *MethodOptions) String() string            { return proto.CompactTextString(m) }
-func (*MethodOptions) ProtoMessage()               {}
-func (*MethodOptions) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{17} }
+func (m *MethodOptions) Reset()         { *m = MethodOptions{} }
+func (m *MethodOptions) String() string { return proto.CompactTextString(m) }
+func (*MethodOptions) ProtoMessage()    {}
+func (*MethodOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{17}
+}
 
 var extRange_MethodOptions = []proto.ExtensionRange{
 	{Start: 1000, End: 536870911},
@@ -1691,6 +2136,24 @@ func (*MethodOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_MethodOptions
 }
 
+func (m *MethodOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_MethodOptions.Unmarshal(m, b)
+}
+func (m *MethodOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_MethodOptions.Marshal(b, m, deterministic)
+}
+func (m *MethodOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MethodOptions.Merge(m, src)
+}
+func (m *MethodOptions) XXX_Size() int {
+	return xxx_messageInfo_MethodOptions.Size(m)
+}
+func (m *MethodOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_MethodOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MethodOptions proto.InternalMessageInfo
+
 const Default_MethodOptions_Deprecated bool = false
 const Default_MethodOptions_IdempotencyLevel MethodOptions_IdempotencyLevel = MethodOptions_IDEMPOTENCY_UNKNOWN
 
@@ -1725,19 +2188,40 @@ type UninterpretedOption struct {
 	Name []*UninterpretedOption_NamePart `protobuf:"bytes,2,rep,name=name" json:"name,omitempty"`
 	// The value of the uninterpreted option, in whatever type the tokenizer
 	// identified it as during parsing. Exactly one of these should be set.
-	IdentifierValue  *string  `protobuf:"bytes,3,opt,name=identifier_value,json=identifierValue" json:"identifier_value,omitempty"`
-	PositiveIntValue *uint64  `protobuf:"varint,4,opt,name=positive_int_value,json=positiveIntValue" json:"positive_int_value,omitempty"`
-	NegativeIntValue *int64   `protobuf:"varint,5,opt,name=negative_int_value,json=negativeIntValue" json:"negative_int_value,omitempty"`
-	DoubleValue      *float64 `protobuf:"fixed64,6,opt,name=double_value,json=doubleValue" json:"double_value,omitempty"`
-	StringValue      []byte   `protobuf:"bytes,7,opt,name=string_value,json=stringValue" json:"string_value,omitempty"`
-	AggregateValue   *string  `protobuf:"bytes,8,opt,name=aggregate_value,json=aggregateValue" json:"aggregate_value,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	IdentifierValue      *string  `protobuf:"bytes,3,opt,name=identifier_value,json=identifierValue" json:"identifier_value,omitempty"`
+	PositiveIntValue     *uint64  `protobuf:"varint,4,opt,name=positive_int_value,json=positiveIntValue" json:"positive_int_value,omitempty"`
+	NegativeIntValue     *int64   `protobuf:"varint,5,opt,name=negative_int_value,json=negativeIntValue" json:"negative_int_value,omitempty"`
+	DoubleValue          *float64 `protobuf:"fixed64,6,opt,name=double_value,json=doubleValue" json:"double_value,omitempty"`
+	StringValue          []byte   `protobuf:"bytes,7,opt,name=string_value,json=stringValue" json:"string_value,omitempty"`
+	AggregateValue       *string  `protobuf:"bytes,8,opt,name=aggregate_value,json=aggregateValue" json:"aggregate_value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UninterpretedOption) Reset()         { *m = UninterpretedOption{} }
+func (m *UninterpretedOption) String() string { return proto.CompactTextString(m) }
+func (*UninterpretedOption) ProtoMessage()    {}
+func (*UninterpretedOption) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{18}
+}
+func (m *UninterpretedOption) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_UninterpretedOption.Unmarshal(m, b)
+}
+func (m *UninterpretedOption) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_UninterpretedOption.Marshal(b, m, deterministic)
+}
+func (m *UninterpretedOption) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UninterpretedOption.Merge(m, src)
+}
+func (m *UninterpretedOption) XXX_Size() int {
+	return xxx_messageInfo_UninterpretedOption.Size(m)
+}
+func (m *UninterpretedOption) XXX_DiscardUnknown() {
+	xxx_messageInfo_UninterpretedOption.DiscardUnknown(m)
 }
 
-func (m *UninterpretedOption) Reset()                    { *m = UninterpretedOption{} }
-func (m *UninterpretedOption) String() string            { return proto.CompactTextString(m) }
-func (*UninterpretedOption) ProtoMessage()               {}
-func (*UninterpretedOption) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{18} }
+var xxx_messageInfo_UninterpretedOption proto.InternalMessageInfo
 
 func (m *UninterpretedOption) GetName() []*UninterpretedOption_NamePart {
 	if m != nil {
@@ -1794,17 +2278,36 @@ func (m *UninterpretedOption) GetAggregateValue() string {
 // E.g.,{ ["foo", false], ["bar.baz", true], ["qux", false] } represents
 // "foo.(bar.baz).qux".
 type UninterpretedOption_NamePart struct {
-	NamePart         *string `protobuf:"bytes,1,req,name=name_part,json=namePart" json:"name_part,omitempty"`
-	IsExtension      *bool   `protobuf:"varint,2,req,name=is_extension,json=isExtension" json:"is_extension,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
+	NamePart             *string  `protobuf:"bytes,1,req,name=name_part,json=namePart" json:"name_part,omitempty"`
+	IsExtension          *bool    `protobuf:"varint,2,req,name=is_extension,json=isExtension" json:"is_extension,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *UninterpretedOption_NamePart) Reset()         { *m = UninterpretedOption_NamePart{} }
 func (m *UninterpretedOption_NamePart) String() string { return proto.CompactTextString(m) }
 func (*UninterpretedOption_NamePart) ProtoMessage()    {}
 func (*UninterpretedOption_NamePart) Descriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{18, 0}
+	return fileDescriptor_308767df5ffe18af, []int{18, 0}
 }
+func (m *UninterpretedOption_NamePart) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_UninterpretedOption_NamePart.Unmarshal(m, b)
+}
+func (m *UninterpretedOption_NamePart) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_UninterpretedOption_NamePart.Marshal(b, m, deterministic)
+}
+func (m *UninterpretedOption_NamePart) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UninterpretedOption_NamePart.Merge(m, src)
+}
+func (m *UninterpretedOption_NamePart) XXX_Size() int {
+	return xxx_messageInfo_UninterpretedOption_NamePart.Size(m)
+}
+func (m *UninterpretedOption_NamePart) XXX_DiscardUnknown() {
+	xxx_messageInfo_UninterpretedOption_NamePart.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UninterpretedOption_NamePart proto.InternalMessageInfo
 
 func (m *UninterpretedOption_NamePart) GetNamePart() string {
 	if m != nil && m.NamePart != nil {
@@ -1860,20 +2363,41 @@ type SourceCodeInfo struct {
 	//   beginning of the "extend" block and is shared by all extensions within
 	//   the block.
 	// - Just because a location's span is a subset of some other location's span
-	//   does not mean that it is a descendent.  For example, a "group" defines
+	//   does not mean that it is a descendant.  For example, a "group" defines
 	//   both a type and a field in a single declaration.  Thus, the locations
 	//   corresponding to the type and field and their components will overlap.
 	// - Code which tries to interpret locations should probably be designed to
 	//   ignore those that it doesn't understand, as more types of locations could
 	//   be recorded in the future.
-	Location         []*SourceCodeInfo_Location `protobuf:"bytes,1,rep,name=location" json:"location,omitempty"`
-	XXX_unrecognized []byte                     `json:"-"`
+	Location             []*SourceCodeInfo_Location `protobuf:"bytes,1,rep,name=location" json:"location,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
+	XXX_unrecognized     []byte                     `json:"-"`
+	XXX_sizecache        int32                      `json:"-"`
 }
 
-func (m *SourceCodeInfo) Reset()                    { *m = SourceCodeInfo{} }
-func (m *SourceCodeInfo) String() string            { return proto.CompactTextString(m) }
-func (*SourceCodeInfo) ProtoMessage()               {}
-func (*SourceCodeInfo) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{19} }
+func (m *SourceCodeInfo) Reset()         { *m = SourceCodeInfo{} }
+func (m *SourceCodeInfo) String() string { return proto.CompactTextString(m) }
+func (*SourceCodeInfo) ProtoMessage()    {}
+func (*SourceCodeInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{19}
+}
+func (m *SourceCodeInfo) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_SourceCodeInfo.Unmarshal(m, b)
+}
+func (m *SourceCodeInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_SourceCodeInfo.Marshal(b, m, deterministic)
+}
+func (m *SourceCodeInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SourceCodeInfo.Merge(m, src)
+}
+func (m *SourceCodeInfo) XXX_Size() int {
+	return xxx_messageInfo_SourceCodeInfo.Size(m)
+}
+func (m *SourceCodeInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_SourceCodeInfo.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SourceCodeInfo proto.InternalMessageInfo
 
 func (m *SourceCodeInfo) GetLocation() []*SourceCodeInfo_Location {
 	if m != nil {
@@ -1963,15 +2487,34 @@ type SourceCodeInfo_Location struct {
 	LeadingComments         *string  `protobuf:"bytes,3,opt,name=leading_comments,json=leadingComments" json:"leading_comments,omitempty"`
 	TrailingComments        *string  `protobuf:"bytes,4,opt,name=trailing_comments,json=trailingComments" json:"trailing_comments,omitempty"`
 	LeadingDetachedComments []string `protobuf:"bytes,6,rep,name=leading_detached_comments,json=leadingDetachedComments" json:"leading_detached_comments,omitempty"`
+	XXX_NoUnkeyedLiteral    struct{} `json:"-"`
 	XXX_unrecognized        []byte   `json:"-"`
+	XXX_sizecache           int32    `json:"-"`
 }
 
 func (m *SourceCodeInfo_Location) Reset()         { *m = SourceCodeInfo_Location{} }
 func (m *SourceCodeInfo_Location) String() string { return proto.CompactTextString(m) }
 func (*SourceCodeInfo_Location) ProtoMessage()    {}
 func (*SourceCodeInfo_Location) Descriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{19, 0}
+	return fileDescriptor_308767df5ffe18af, []int{19, 0}
+}
+func (m *SourceCodeInfo_Location) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_SourceCodeInfo_Location.Unmarshal(m, b)
+}
+func (m *SourceCodeInfo_Location) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_SourceCodeInfo_Location.Marshal(b, m, deterministic)
 }
+func (m *SourceCodeInfo_Location) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SourceCodeInfo_Location.Merge(m, src)
+}
+func (m *SourceCodeInfo_Location) XXX_Size() int {
+	return xxx_messageInfo_SourceCodeInfo_Location.Size(m)
+}
+func (m *SourceCodeInfo_Location) XXX_DiscardUnknown() {
+	xxx_messageInfo_SourceCodeInfo_Location.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SourceCodeInfo_Location proto.InternalMessageInfo
 
 func (m *SourceCodeInfo_Location) GetPath() []int32 {
 	if m != nil {
@@ -2014,14 +2557,35 @@ func (m *SourceCodeInfo_Location) GetLeadingDetachedComments() []string {
 type GeneratedCodeInfo struct {
 	// An Annotation connects some span of text in generated code to an element
 	// of its generating .proto file.
-	Annotation       []*GeneratedCodeInfo_Annotation `protobuf:"bytes,1,rep,name=annotation" json:"annotation,omitempty"`
-	XXX_unrecognized []byte                          `json:"-"`
+	Annotation           []*GeneratedCodeInfo_Annotation `protobuf:"bytes,1,rep,name=annotation" json:"annotation,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                        `json:"-"`
+	XXX_unrecognized     []byte                          `json:"-"`
+	XXX_sizecache        int32                           `json:"-"`
 }
 
-func (m *GeneratedCodeInfo) Reset()                    { *m = GeneratedCodeInfo{} }
-func (m *GeneratedCodeInfo) String() string            { return proto.CompactTextString(m) }
-func (*GeneratedCodeInfo) ProtoMessage()               {}
-func (*GeneratedCodeInfo) Descriptor() ([]byte, []int) { return fileDescriptorDescriptor, []int{20} }
+func (m *GeneratedCodeInfo) Reset()         { *m = GeneratedCodeInfo{} }
+func (m *GeneratedCodeInfo) String() string { return proto.CompactTextString(m) }
+func (*GeneratedCodeInfo) ProtoMessage()    {}
+func (*GeneratedCodeInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_308767df5ffe18af, []int{20}
+}
+func (m *GeneratedCodeInfo) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GeneratedCodeInfo.Unmarshal(m, b)
+}
+func (m *GeneratedCodeInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GeneratedCodeInfo.Marshal(b, m, deterministic)
+}
+func (m *GeneratedCodeInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GeneratedCodeInfo.Merge(m, src)
+}
+func (m *GeneratedCodeInfo) XXX_Size() int {
+	return xxx_messageInfo_GeneratedCodeInfo.Size(m)
+}
+func (m *GeneratedCodeInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_GeneratedCodeInfo.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GeneratedCodeInfo proto.InternalMessageInfo
 
 func (m *GeneratedCodeInfo) GetAnnotation() []*GeneratedCodeInfo_Annotation {
 	if m != nil {
@@ -2042,16 +2606,35 @@ type GeneratedCodeInfo_Annotation struct {
 	// Identifies the ending offset in bytes in the generated code that
 	// relates to the identified offset. The end offset should be one past
 	// the last relevant byte (so the length of the text = end - begin).
-	End              *int32 `protobuf:"varint,4,opt,name=end" json:"end,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
+	End                  *int32   `protobuf:"varint,4,opt,name=end" json:"end,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *GeneratedCodeInfo_Annotation) Reset()         { *m = GeneratedCodeInfo_Annotation{} }
 func (m *GeneratedCodeInfo_Annotation) String() string { return proto.CompactTextString(m) }
 func (*GeneratedCodeInfo_Annotation) ProtoMessage()    {}
 func (*GeneratedCodeInfo_Annotation) Descriptor() ([]byte, []int) {
-	return fileDescriptorDescriptor, []int{20, 0}
+	return fileDescriptor_308767df5ffe18af, []int{20, 0}
+}
+func (m *GeneratedCodeInfo_Annotation) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GeneratedCodeInfo_Annotation.Unmarshal(m, b)
+}
+func (m *GeneratedCodeInfo_Annotation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GeneratedCodeInfo_Annotation.Marshal(b, m, deterministic)
+}
+func (m *GeneratedCodeInfo_Annotation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GeneratedCodeInfo_Annotation.Merge(m, src)
+}
+func (m *GeneratedCodeInfo_Annotation) XXX_Size() int {
+	return xxx_messageInfo_GeneratedCodeInfo_Annotation.Size(m)
 }
+func (m *GeneratedCodeInfo_Annotation) XXX_DiscardUnknown() {
+	xxx_messageInfo_GeneratedCodeInfo_Annotation.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GeneratedCodeInfo_Annotation proto.InternalMessageInfo
 
 func (m *GeneratedCodeInfo_Annotation) GetPath() []int32 {
 	if m != nil {
@@ -2082,6 +2665,12 @@ func (m *GeneratedCodeInfo_Annotation) GetEnd() int32 {
 }
 
 func init() {
+	proto.RegisterEnum("google.protobuf.FieldDescriptorProto_Type", FieldDescriptorProto_Type_name, FieldDescriptorProto_Type_value)
+	proto.RegisterEnum("google.protobuf.FieldDescriptorProto_Label", FieldDescriptorProto_Label_name, FieldDescriptorProto_Label_value)
+	proto.RegisterEnum("google.protobuf.FileOptions_OptimizeMode", FileOptions_OptimizeMode_name, FileOptions_OptimizeMode_value)
+	proto.RegisterEnum("google.protobuf.FieldOptions_CType", FieldOptions_CType_name, FieldOptions_CType_value)
+	proto.RegisterEnum("google.protobuf.FieldOptions_JSType", FieldOptions_JSType_name, FieldOptions_JSType_value)
+	proto.RegisterEnum("google.protobuf.MethodOptions_IdempotencyLevel", MethodOptions_IdempotencyLevel_name, MethodOptions_IdempotencyLevel_value)
 	proto.RegisterType((*FileDescriptorSet)(nil), "google.protobuf.FileDescriptorSet")
 	proto.RegisterType((*FileDescriptorProto)(nil), "google.protobuf.FileDescriptorProto")
 	proto.RegisterType((*DescriptorProto)(nil), "google.protobuf.DescriptorProto")
@@ -2109,172 +2698,168 @@ func init() {
 	proto.RegisterType((*SourceCodeInfo_Location)(nil), "google.protobuf.SourceCodeInfo.Location")
 	proto.RegisterType((*GeneratedCodeInfo)(nil), "google.protobuf.GeneratedCodeInfo")
 	proto.RegisterType((*GeneratedCodeInfo_Annotation)(nil), "google.protobuf.GeneratedCodeInfo.Annotation")
-	proto.RegisterEnum("google.protobuf.FieldDescriptorProto_Type", FieldDescriptorProto_Type_name, FieldDescriptorProto_Type_value)
-	proto.RegisterEnum("google.protobuf.FieldDescriptorProto_Label", FieldDescriptorProto_Label_name, FieldDescriptorProto_Label_value)
-	proto.RegisterEnum("google.protobuf.FileOptions_OptimizeMode", FileOptions_OptimizeMode_name, FileOptions_OptimizeMode_value)
-	proto.RegisterEnum("google.protobuf.FieldOptions_CType", FieldOptions_CType_name, FieldOptions_CType_value)
-	proto.RegisterEnum("google.protobuf.FieldOptions_JSType", FieldOptions_JSType_name, FieldOptions_JSType_value)
-	proto.RegisterEnum("google.protobuf.MethodOptions_IdempotencyLevel", MethodOptions_IdempotencyLevel_name, MethodOptions_IdempotencyLevel_value)
 }
 
-func init() { proto.RegisterFile("descriptor.proto", fileDescriptorDescriptor) }
+func init() { proto.RegisterFile("descriptor.proto", fileDescriptor_308767df5ffe18af) }
 
-var fileDescriptorDescriptor = []byte{
-	// 2487 bytes of a gzipped FileDescriptorProto
+var fileDescriptor_308767df5ffe18af = []byte{
+	// 2522 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x59, 0xcd, 0x6f, 0xdb, 0xc8,
-	0x15, 0x5f, 0x7d, 0x5a, 0x7a, 0x92, 0xe5, 0xf1, 0xd8, 0x9b, 0x30, 0xde, 0x8f, 0x38, 0xda, 0x8f,
-	0x38, 0x49, 0xab, 0x2c, 0x9c, 0xc4, 0xc9, 0x3a, 0xc5, 0xb6, 0xb2, 0xc4, 0x78, 0x95, 0xca, 0x92,
+	0x15, 0x5f, 0x7d, 0x5a, 0x7a, 0x92, 0x65, 0x7a, 0xec, 0x75, 0x18, 0xef, 0x47, 0x1c, 0xed, 0x66,
+	0xe3, 0x24, 0xbb, 0xca, 0xc2, 0x49, 0x9c, 0xac, 0x53, 0x6c, 0x2b, 0x4b, 0x8c, 0x57, 0xa9, 0xbe,
 	0x4a, 0xc9, 0xdd, 0x64, 0x8b, 0x82, 0x18, 0x93, 0x23, 0x89, 0x09, 0x45, 0x72, 0x49, 0x2a, 0x89,
-	0x83, 0x1e, 0x02, 0xf4, 0xd4, 0xff, 0xa0, 0x28, 0x8a, 0x1e, 0x7a, 0x59, 0xa0, 0xd7, 0x02, 0x05,
-	0xda, 0x7b, 0xaf, 0x05, 0x7a, 0xef, 0xa1, 0x40, 0x0b, 0xb4, 0x7f, 0x42, 0x8f, 0xc5, 0xcc, 0x90,
-	0x14, 0xf5, 0x95, 0x78, 0x17, 0x48, 0xf6, 0x64, 0xcf, 0xef, 0xfd, 0xde, 0xe3, 0x9b, 0x37, 0x6f,
-	0xde, 0xbc, 0x19, 0x01, 0xd2, 0xa9, 0xa7, 0xb9, 0x86, 0xe3, 0xdb, 0x6e, 0xc5, 0x71, 0x6d, 0xdf,
-	0xc6, 0x6b, 0x03, 0xdb, 0x1e, 0x98, 0x54, 0x8c, 0x4e, 0xc6, 0xfd, 0xf2, 0x11, 0xac, 0xdf, 0x33,
-	0x4c, 0x5a, 0x8f, 0x88, 0x5d, 0xea, 0xe3, 0x3b, 0x90, 0xee, 0x1b, 0x26, 0x95, 0x12, 0xdb, 0xa9,
-	0x9d, 0xc2, 0xee, 0x87, 0x95, 0x19, 0xa5, 0xca, 0xb4, 0x46, 0x87, 0xc1, 0x0a, 0xd7, 0x28, 0xff,
-	0x3b, 0x0d, 0x1b, 0x0b, 0xa4, 0x18, 0x43, 0xda, 0x22, 0x23, 0x66, 0x31, 0xb1, 0x93, 0x57, 0xf8,
-	0xff, 0x58, 0x82, 0x15, 0x87, 0x68, 0x8f, 0xc9, 0x80, 0x4a, 0x49, 0x0e, 0x87, 0x43, 0xfc, 0x3e,
-	0x80, 0x4e, 0x1d, 0x6a, 0xe9, 0xd4, 0xd2, 0x4e, 0xa5, 0xd4, 0x76, 0x6a, 0x27, 0xaf, 0xc4, 0x10,
-	0x7c, 0x0d, 0xd6, 0x9d, 0xf1, 0x89, 0x69, 0x68, 0x6a, 0x8c, 0x06, 0xdb, 0xa9, 0x9d, 0x8c, 0x82,
-	0x84, 0xa0, 0x3e, 0x21, 0x5f, 0x86, 0xb5, 0xa7, 0x94, 0x3c, 0x8e, 0x53, 0x0b, 0x9c, 0x5a, 0x62,
-	0x70, 0x8c, 0x58, 0x83, 0xe2, 0x88, 0x7a, 0x1e, 0x19, 0x50, 0xd5, 0x3f, 0x75, 0xa8, 0x94, 0xe6,
-	0xb3, 0xdf, 0x9e, 0x9b, 0xfd, 0xec, 0xcc, 0x0b, 0x81, 0x56, 0xef, 0xd4, 0xa1, 0xb8, 0x0a, 0x79,
-	0x6a, 0x8d, 0x47, 0xc2, 0x42, 0x66, 0x49, 0xfc, 0x64, 0x6b, 0x3c, 0x9a, 0xb5, 0x92, 0x63, 0x6a,
-	0x81, 0x89, 0x15, 0x8f, 0xba, 0x4f, 0x0c, 0x8d, 0x4a, 0x59, 0x6e, 0xe0, 0xf2, 0x9c, 0x81, 0xae,
-	0x90, 0xcf, 0xda, 0x08, 0xf5, 0x70, 0x0d, 0xf2, 0xf4, 0x99, 0x4f, 0x2d, 0xcf, 0xb0, 0x2d, 0x69,
-	0x85, 0x1b, 0xf9, 0x68, 0xc1, 0x2a, 0x52, 0x53, 0x9f, 0x35, 0x31, 0xd1, 0xc3, 0x7b, 0xb0, 0x62,
-	0x3b, 0xbe, 0x61, 0x5b, 0x9e, 0x94, 0xdb, 0x4e, 0xec, 0x14, 0x76, 0xdf, 0x5d, 0x98, 0x08, 0x6d,
-	0xc1, 0x51, 0x42, 0x32, 0x6e, 0x00, 0xf2, 0xec, 0xb1, 0xab, 0x51, 0x55, 0xb3, 0x75, 0xaa, 0x1a,
-	0x56, 0xdf, 0x96, 0xf2, 0xdc, 0xc0, 0xc5, 0xf9, 0x89, 0x70, 0x62, 0xcd, 0xd6, 0x69, 0xc3, 0xea,
-	0xdb, 0x4a, 0xc9, 0x9b, 0x1a, 0xe3, 0x73, 0x90, 0xf5, 0x4e, 0x2d, 0x9f, 0x3c, 0x93, 0x8a, 0x3c,
-	0x43, 0x82, 0x51, 0xf9, 0xcf, 0x59, 0x58, 0x3b, 0x4b, 0x8a, 0xdd, 0x85, 0x4c, 0x9f, 0xcd, 0x52,
-	0x4a, 0x7e, 0x93, 0x18, 0x08, 0x9d, 0xe9, 0x20, 0x66, 0xbf, 0x65, 0x10, 0xab, 0x50, 0xb0, 0xa8,
-	0xe7, 0x53, 0x5d, 0x64, 0x44, 0xea, 0x8c, 0x39, 0x05, 0x42, 0x69, 0x3e, 0xa5, 0xd2, 0xdf, 0x2a,
-	0xa5, 0x1e, 0xc0, 0x5a, 0xe4, 0x92, 0xea, 0x12, 0x6b, 0x10, 0xe6, 0xe6, 0xf5, 0x57, 0x79, 0x52,
-	0x91, 0x43, 0x3d, 0x85, 0xa9, 0x29, 0x25, 0x3a, 0x35, 0xc6, 0x75, 0x00, 0xdb, 0xa2, 0x76, 0x5f,
-	0xd5, 0xa9, 0x66, 0x4a, 0xb9, 0x25, 0x51, 0x6a, 0x33, 0xca, 0x5c, 0x94, 0x6c, 0x81, 0x6a, 0x26,
-	0xfe, 0x74, 0x92, 0x6a, 0x2b, 0x4b, 0x32, 0xe5, 0x48, 0x6c, 0xb2, 0xb9, 0x6c, 0x3b, 0x86, 0x92,
-	0x4b, 0x59, 0xde, 0x53, 0x3d, 0x98, 0x59, 0x9e, 0x3b, 0x51, 0x79, 0xe5, 0xcc, 0x94, 0x40, 0x4d,
-	0x4c, 0x6c, 0xd5, 0x8d, 0x0f, 0xf1, 0x07, 0x10, 0x01, 0x2a, 0x4f, 0x2b, 0xe0, 0x55, 0xa8, 0x18,
-	0x82, 0x2d, 0x32, 0xa2, 0x5b, 0xcf, 0xa1, 0x34, 0x1d, 0x1e, 0xbc, 0x09, 0x19, 0xcf, 0x27, 0xae,
-	0xcf, 0xb3, 0x30, 0xa3, 0x88, 0x01, 0x46, 0x90, 0xa2, 0x96, 0xce, 0xab, 0x5c, 0x46, 0x61, 0xff,
-	0xe2, 0x1f, 0x4d, 0x26, 0x9c, 0xe2, 0x13, 0xfe, 0x78, 0x7e, 0x45, 0xa7, 0x2c, 0xcf, 0xce, 0x7b,
-	0xeb, 0x36, 0xac, 0x4e, 0x4d, 0xe0, 0xac, 0x9f, 0x2e, 0xff, 0x02, 0xde, 0x5e, 0x68, 0x1a, 0x3f,
-	0x80, 0xcd, 0xb1, 0x65, 0x58, 0x3e, 0x75, 0x1d, 0x97, 0xb2, 0x8c, 0x15, 0x9f, 0x92, 0xfe, 0xb3,
-	0xb2, 0x24, 0xe7, 0x8e, 0xe3, 0x6c, 0x61, 0x45, 0xd9, 0x18, 0xcf, 0x83, 0x57, 0xf3, 0xb9, 0xff,
-	0xae, 0xa0, 0x17, 0x2f, 0x5e, 0xbc, 0x48, 0x96, 0x7f, 0x9d, 0x85, 0xcd, 0x45, 0x7b, 0x66, 0xe1,
-	0xf6, 0x3d, 0x07, 0x59, 0x6b, 0x3c, 0x3a, 0xa1, 0x2e, 0x0f, 0x52, 0x46, 0x09, 0x46, 0xb8, 0x0a,
-	0x19, 0x93, 0x9c, 0x50, 0x53, 0x4a, 0x6f, 0x27, 0x76, 0x4a, 0xbb, 0xd7, 0xce, 0xb4, 0x2b, 0x2b,
-	0x4d, 0xa6, 0xa2, 0x08, 0x4d, 0xfc, 0x19, 0xa4, 0x83, 0x12, 0xcd, 0x2c, 0x5c, 0x3d, 0x9b, 0x05,
-	0xb6, 0x97, 0x14, 0xae, 0x87, 0xdf, 0x81, 0x3c, 0xfb, 0x2b, 0x72, 0x23, 0xcb, 0x7d, 0xce, 0x31,
-	0x80, 0xe5, 0x05, 0xde, 0x82, 0x1c, 0xdf, 0x26, 0x3a, 0x0d, 0x8f, 0xb6, 0x68, 0xcc, 0x12, 0x4b,
-	0xa7, 0x7d, 0x32, 0x36, 0x7d, 0xf5, 0x09, 0x31, 0xc7, 0x94, 0x27, 0x7c, 0x5e, 0x29, 0x06, 0xe0,
-	0x4f, 0x19, 0x86, 0x2f, 0x42, 0x41, 0xec, 0x2a, 0xc3, 0xd2, 0xe9, 0x33, 0x5e, 0x3d, 0x33, 0x8a,
-	0xd8, 0x68, 0x0d, 0x86, 0xb0, 0xcf, 0x3f, 0xf2, 0x6c, 0x2b, 0x4c, 0x4d, 0xfe, 0x09, 0x06, 0xf0,
-	0xcf, 0xdf, 0x9e, 0x2d, 0xdc, 0xef, 0x2d, 0x9e, 0xde, 0x6c, 0x4e, 0x95, 0xff, 0x94, 0x84, 0x34,
-	0xaf, 0x17, 0x6b, 0x50, 0xe8, 0x3d, 0xec, 0xc8, 0x6a, 0xbd, 0x7d, 0x7c, 0xd0, 0x94, 0x51, 0x02,
-	0x97, 0x00, 0x38, 0x70, 0xaf, 0xd9, 0xae, 0xf6, 0x50, 0x32, 0x1a, 0x37, 0x5a, 0xbd, 0xbd, 0x9b,
-	0x28, 0x15, 0x29, 0x1c, 0x0b, 0x20, 0x1d, 0x27, 0xdc, 0xd8, 0x45, 0x19, 0x8c, 0xa0, 0x28, 0x0c,
-	0x34, 0x1e, 0xc8, 0xf5, 0xbd, 0x9b, 0x28, 0x3b, 0x8d, 0xdc, 0xd8, 0x45, 0x2b, 0x78, 0x15, 0xf2,
-	0x1c, 0x39, 0x68, 0xb7, 0x9b, 0x28, 0x17, 0xd9, 0xec, 0xf6, 0x94, 0x46, 0xeb, 0x10, 0xe5, 0x23,
-	0x9b, 0x87, 0x4a, 0xfb, 0xb8, 0x83, 0x20, 0xb2, 0x70, 0x24, 0x77, 0xbb, 0xd5, 0x43, 0x19, 0x15,
-	0x22, 0xc6, 0xc1, 0xc3, 0x9e, 0xdc, 0x45, 0xc5, 0x29, 0xb7, 0x6e, 0xec, 0xa2, 0xd5, 0xe8, 0x13,
-	0x72, 0xeb, 0xf8, 0x08, 0x95, 0xf0, 0x3a, 0xac, 0x8a, 0x4f, 0x84, 0x4e, 0xac, 0xcd, 0x40, 0x7b,
-	0x37, 0x11, 0x9a, 0x38, 0x22, 0xac, 0xac, 0x4f, 0x01, 0x7b, 0x37, 0x11, 0x2e, 0xd7, 0x20, 0xc3,
-	0xb3, 0x0b, 0x63, 0x28, 0x35, 0xab, 0x07, 0x72, 0x53, 0x6d, 0x77, 0x7a, 0x8d, 0x76, 0xab, 0xda,
-	0x44, 0x89, 0x09, 0xa6, 0xc8, 0x3f, 0x39, 0x6e, 0x28, 0x72, 0x1d, 0x25, 0xe3, 0x58, 0x47, 0xae,
-	0xf6, 0xe4, 0x3a, 0x4a, 0x95, 0x35, 0xd8, 0x5c, 0x54, 0x27, 0x17, 0xee, 0x8c, 0xd8, 0x12, 0x27,
-	0x97, 0x2c, 0x31, 0xb7, 0x35, 0xb7, 0xc4, 0xff, 0x4a, 0xc2, 0xc6, 0x82, 0xb3, 0x62, 0xe1, 0x47,
-	0x7e, 0x08, 0x19, 0x91, 0xa2, 0xe2, 0xf4, 0xbc, 0xb2, 0xf0, 0xd0, 0xe1, 0x09, 0x3b, 0x77, 0x82,
-	0x72, 0xbd, 0x78, 0x07, 0x91, 0x5a, 0xd2, 0x41, 0x30, 0x13, 0x73, 0x35, 0xfd, 0xe7, 0x73, 0x35,
-	0x5d, 0x1c, 0x7b, 0x7b, 0x67, 0x39, 0xf6, 0x38, 0xf6, 0xcd, 0x6a, 0x7b, 0x66, 0x41, 0x6d, 0xbf,
-	0x0b, 0xeb, 0x73, 0x86, 0xce, 0x5c, 0x63, 0x7f, 0x99, 0x00, 0x69, 0x59, 0x70, 0x5e, 0x51, 0xe9,
-	0x92, 0x53, 0x95, 0xee, 0xee, 0x6c, 0x04, 0x2f, 0x2d, 0x5f, 0x84, 0xb9, 0xb5, 0xfe, 0x3a, 0x01,
-	0xe7, 0x16, 0x77, 0x8a, 0x0b, 0x7d, 0xf8, 0x0c, 0xb2, 0x23, 0xea, 0x0f, 0xed, 0xb0, 0x5b, 0xfa,
-	0x78, 0xc1, 0x19, 0xcc, 0xc4, 0xb3, 0x8b, 0x1d, 0x68, 0xc5, 0x0f, 0xf1, 0xd4, 0xb2, 0x76, 0x4f,
-	0x78, 0x33, 0xe7, 0xe9, 0xaf, 0x92, 0xf0, 0xf6, 0x42, 0xe3, 0x0b, 0x1d, 0x7d, 0x0f, 0xc0, 0xb0,
-	0x9c, 0xb1, 0x2f, 0x3a, 0x22, 0x51, 0x60, 0xf3, 0x1c, 0xe1, 0xc5, 0x8b, 0x15, 0xcf, 0xb1, 0x1f,
-	0xc9, 0x53, 0x5c, 0x0e, 0x02, 0xe2, 0x84, 0x3b, 0x13, 0x47, 0xd3, 0xdc, 0xd1, 0xf7, 0x97, 0xcc,
-	0x74, 0x2e, 0x31, 0x3f, 0x01, 0xa4, 0x99, 0x06, 0xb5, 0x7c, 0xd5, 0xf3, 0x5d, 0x4a, 0x46, 0x86,
-	0x35, 0xe0, 0x27, 0x48, 0x6e, 0x3f, 0xd3, 0x27, 0xa6, 0x47, 0x95, 0x35, 0x21, 0xee, 0x86, 0x52,
-	0xa6, 0xc1, 0x13, 0xc8, 0x8d, 0x69, 0x64, 0xa7, 0x34, 0x84, 0x38, 0xd2, 0x28, 0xff, 0x31, 0x07,
-	0x85, 0x58, 0x5f, 0x8d, 0x2f, 0x41, 0xf1, 0x11, 0x79, 0x42, 0xd4, 0xf0, 0xae, 0x24, 0x22, 0x51,
-	0x60, 0x58, 0x27, 0xb8, 0x2f, 0x7d, 0x02, 0x9b, 0x9c, 0x62, 0x8f, 0x7d, 0xea, 0xaa, 0x9a, 0x49,
-	0x3c, 0x8f, 0x07, 0x2d, 0xc7, 0xa9, 0x98, 0xc9, 0xda, 0x4c, 0x54, 0x0b, 0x25, 0xf8, 0x16, 0x6c,
-	0x70, 0x8d, 0xd1, 0xd8, 0xf4, 0x0d, 0xc7, 0xa4, 0x2a, 0xbb, 0xbd, 0x79, 0xfc, 0x24, 0x89, 0x3c,
-	0x5b, 0x67, 0x8c, 0xa3, 0x80, 0xc0, 0x3c, 0xf2, 0x70, 0x1d, 0xde, 0xe3, 0x6a, 0x03, 0x6a, 0x51,
-	0x97, 0xf8, 0x54, 0xa5, 0x5f, 0x8d, 0x89, 0xe9, 0xa9, 0xc4, 0xd2, 0xd5, 0x21, 0xf1, 0x86, 0xd2,
-	0x26, 0x33, 0x70, 0x90, 0x94, 0x12, 0xca, 0x05, 0x46, 0x3c, 0x0c, 0x78, 0x32, 0xa7, 0x55, 0x2d,
-	0xfd, 0x73, 0xe2, 0x0d, 0xf1, 0x3e, 0x9c, 0xe3, 0x56, 0x3c, 0xdf, 0x35, 0xac, 0x81, 0xaa, 0x0d,
-	0xa9, 0xf6, 0x58, 0x1d, 0xfb, 0xfd, 0x3b, 0xd2, 0x3b, 0xf1, 0xef, 0x73, 0x0f, 0xbb, 0x9c, 0x53,
-	0x63, 0x94, 0x63, 0xbf, 0x7f, 0x07, 0x77, 0xa1, 0xc8, 0x16, 0x63, 0x64, 0x3c, 0xa7, 0x6a, 0xdf,
-	0x76, 0xf9, 0xd1, 0x58, 0x5a, 0x50, 0x9a, 0x62, 0x11, 0xac, 0xb4, 0x03, 0x85, 0x23, 0x5b, 0xa7,
-	0xfb, 0x99, 0x6e, 0x47, 0x96, 0xeb, 0x4a, 0x21, 0xb4, 0x72, 0xcf, 0x76, 0x59, 0x42, 0x0d, 0xec,
-	0x28, 0xc0, 0x05, 0x91, 0x50, 0x03, 0x3b, 0x0c, 0xef, 0x2d, 0xd8, 0xd0, 0x34, 0x31, 0x67, 0x43,
-	0x53, 0x83, 0x3b, 0x96, 0x27, 0xa1, 0xa9, 0x60, 0x69, 0xda, 0xa1, 0x20, 0x04, 0x39, 0xee, 0xe1,
-	0x4f, 0xe1, 0xed, 0x49, 0xb0, 0xe2, 0x8a, 0xeb, 0x73, 0xb3, 0x9c, 0x55, 0xbd, 0x05, 0x1b, 0xce,
-	0xe9, 0xbc, 0x22, 0x9e, 0xfa, 0xa2, 0x73, 0x3a, 0xab, 0x76, 0x1b, 0x36, 0x9d, 0xa1, 0x33, 0xaf,
-	0x77, 0x35, 0xae, 0x87, 0x9d, 0xa1, 0x33, 0xab, 0xf8, 0x11, 0xbf, 0x70, 0xbb, 0x54, 0x23, 0x3e,
-	0xd5, 0xa5, 0xf3, 0x71, 0x7a, 0x4c, 0x80, 0xaf, 0x03, 0xd2, 0x34, 0x95, 0x5a, 0xe4, 0xc4, 0xa4,
-	0x2a, 0x71, 0xa9, 0x45, 0x3c, 0xe9, 0x62, 0x9c, 0x5c, 0xd2, 0x34, 0x99, 0x4b, 0xab, 0x5c, 0x88,
-	0xaf, 0xc2, 0xba, 0x7d, 0xf2, 0x48, 0x13, 0x29, 0xa9, 0x3a, 0x2e, 0xed, 0x1b, 0xcf, 0xa4, 0x0f,
-	0x79, 0x7c, 0xd7, 0x98, 0x80, 0x27, 0x64, 0x87, 0xc3, 0xf8, 0x0a, 0x20, 0xcd, 0x1b, 0x12, 0xd7,
-	0xe1, 0x35, 0xd9, 0x73, 0x88, 0x46, 0xa5, 0x8f, 0x04, 0x55, 0xe0, 0xad, 0x10, 0x66, 0x5b, 0xc2,
-	0x7b, 0x6a, 0xf4, 0xfd, 0xd0, 0xe2, 0x65, 0xb1, 0x25, 0x38, 0x16, 0x58, 0xdb, 0x01, 0xc4, 0x42,
-	0x31, 0xf5, 0xe1, 0x1d, 0x4e, 0x2b, 0x39, 0x43, 0x27, 0xfe, 0xdd, 0x0f, 0x60, 0x95, 0x31, 0x27,
-	0x1f, 0xbd, 0x22, 0x1a, 0x32, 0x67, 0x18, 0xfb, 0xe2, 0x6b, 0xeb, 0x8d, 0xcb, 0xfb, 0x50, 0x8c,
-	0xe7, 0x27, 0xce, 0x83, 0xc8, 0x50, 0x94, 0x60, 0xcd, 0x4a, 0xad, 0x5d, 0x67, 0x6d, 0xc6, 0x97,
-	0x32, 0x4a, 0xb2, 0x76, 0xa7, 0xd9, 0xe8, 0xc9, 0xaa, 0x72, 0xdc, 0xea, 0x35, 0x8e, 0x64, 0x94,
-	0x8a, 0xf7, 0xd5, 0x7f, 0x4d, 0x42, 0x69, 0xfa, 0x8a, 0x84, 0x7f, 0x00, 0xe7, 0xc3, 0xf7, 0x0c,
-	0x8f, 0xfa, 0xea, 0x53, 0xc3, 0xe5, 0x5b, 0x66, 0x44, 0xc4, 0xf1, 0x15, 0x2d, 0xda, 0x66, 0xc0,
-	0xea, 0x52, 0xff, 0x0b, 0xc3, 0x65, 0x1b, 0x62, 0x44, 0x7c, 0xdc, 0x84, 0x8b, 0x96, 0xad, 0x7a,
-	0x3e, 0xb1, 0x74, 0xe2, 0xea, 0xea, 0xe4, 0x25, 0x49, 0x25, 0x9a, 0x46, 0x3d, 0xcf, 0x16, 0x47,
-	0x55, 0x64, 0xe5, 0x5d, 0xcb, 0xee, 0x06, 0xe4, 0x49, 0x0d, 0xaf, 0x06, 0xd4, 0x99, 0x04, 0x4b,
-	0x2d, 0x4b, 0xb0, 0x77, 0x20, 0x3f, 0x22, 0x8e, 0x4a, 0x2d, 0xdf, 0x3d, 0xe5, 0x8d, 0x71, 0x4e,
-	0xc9, 0x8d, 0x88, 0x23, 0xb3, 0xf1, 0x9b, 0xb9, 0x9f, 0xfc, 0x23, 0x05, 0xc5, 0x78, 0x73, 0xcc,
-	0xee, 0x1a, 0x1a, 0x3f, 0x47, 0x12, 0xbc, 0xd2, 0x7c, 0xf0, 0xd2, 0x56, 0xba, 0x52, 0x63, 0x07,
-	0xcc, 0x7e, 0x56, 0xb4, 0xac, 0x8a, 0xd0, 0x64, 0x87, 0x3b, 0xab, 0x2d, 0x54, 0xb4, 0x08, 0x39,
-	0x25, 0x18, 0xe1, 0x43, 0xc8, 0x3e, 0xf2, 0xb8, 0xed, 0x2c, 0xb7, 0xfd, 0xe1, 0xcb, 0x6d, 0xdf,
-	0xef, 0x72, 0xe3, 0xf9, 0xfb, 0x5d, 0xb5, 0xd5, 0x56, 0x8e, 0xaa, 0x4d, 0x25, 0x50, 0xc7, 0x17,
-	0x20, 0x6d, 0x92, 0xe7, 0xa7, 0xd3, 0x47, 0x11, 0x87, 0xce, 0x1a, 0xf8, 0x0b, 0x90, 0x7e, 0x4a,
-	0xc9, 0xe3, 0xe9, 0x03, 0x80, 0x43, 0xaf, 0x31, 0xf5, 0xaf, 0x43, 0x86, 0xc7, 0x0b, 0x03, 0x04,
-	0x11, 0x43, 0x6f, 0xe1, 0x1c, 0xa4, 0x6b, 0x6d, 0x85, 0xa5, 0x3f, 0x82, 0xa2, 0x40, 0xd5, 0x4e,
-	0x43, 0xae, 0xc9, 0x28, 0x59, 0xbe, 0x05, 0x59, 0x11, 0x04, 0xb6, 0x35, 0xa2, 0x30, 0xa0, 0xb7,
-	0x82, 0x61, 0x60, 0x23, 0x11, 0x4a, 0x8f, 0x8f, 0x0e, 0x64, 0x05, 0x25, 0xe3, 0xcb, 0xeb, 0x41,
-	0x31, 0xde, 0x17, 0xbf, 0x99, 0x9c, 0xfa, 0x4b, 0x02, 0x0a, 0xb1, 0x3e, 0x97, 0x35, 0x28, 0xc4,
-	0x34, 0xed, 0xa7, 0x2a, 0x31, 0x0d, 0xe2, 0x05, 0x49, 0x01, 0x1c, 0xaa, 0x32, 0xe4, 0xac, 0x8b,
-	0xf6, 0x46, 0x9c, 0xff, 0x5d, 0x02, 0xd0, 0x6c, 0x8b, 0x39, 0xe3, 0x60, 0xe2, 0x3b, 0x75, 0xf0,
-	0xb7, 0x09, 0x28, 0x4d, 0xf7, 0x95, 0x33, 0xee, 0x5d, 0xfa, 0x4e, 0xdd, 0xfb, 0x67, 0x12, 0x56,
-	0xa7, 0xba, 0xc9, 0xb3, 0x7a, 0xf7, 0x15, 0xac, 0x1b, 0x3a, 0x1d, 0x39, 0xb6, 0x4f, 0x2d, 0xed,
-	0x54, 0x35, 0xe9, 0x13, 0x6a, 0x4a, 0x65, 0x5e, 0x28, 0xae, 0xbf, 0xbc, 0x5f, 0xad, 0x34, 0x26,
-	0x7a, 0x4d, 0xa6, 0xb6, 0xbf, 0xd1, 0xa8, 0xcb, 0x47, 0x9d, 0x76, 0x4f, 0x6e, 0xd5, 0x1e, 0xaa,
-	0xc7, 0xad, 0x1f, 0xb7, 0xda, 0x5f, 0xb4, 0x14, 0x64, 0xcc, 0xd0, 0x5e, 0xe3, 0x56, 0xef, 0x00,
-	0x9a, 0x75, 0x0a, 0x9f, 0x87, 0x45, 0x6e, 0xa1, 0xb7, 0xf0, 0x06, 0xac, 0xb5, 0xda, 0x6a, 0xb7,
-	0x51, 0x97, 0x55, 0xf9, 0xde, 0x3d, 0xb9, 0xd6, 0xeb, 0x8a, 0x17, 0x88, 0x88, 0xdd, 0x9b, 0xde,
-	0xd4, 0xbf, 0x49, 0xc1, 0xc6, 0x02, 0x4f, 0x70, 0x35, 0xb8, 0x3b, 0x88, 0xeb, 0xcc, 0xf7, 0xcf,
-	0xe2, 0x7d, 0x85, 0x1d, 0xf9, 0x1d, 0xe2, 0xfa, 0xc1, 0x55, 0xe3, 0x0a, 0xb0, 0x28, 0x59, 0xbe,
-	0xd1, 0x37, 0xa8, 0x1b, 0x3c, 0xd8, 0x88, 0x0b, 0xc5, 0xda, 0x04, 0x17, 0x6f, 0x36, 0xdf, 0x03,
-	0xec, 0xd8, 0x9e, 0xe1, 0x1b, 0x4f, 0xa8, 0x6a, 0x58, 0xe1, 0xeb, 0x0e, 0xbb, 0x60, 0xa4, 0x15,
-	0x14, 0x4a, 0x1a, 0x96, 0x1f, 0xb1, 0x2d, 0x3a, 0x20, 0x33, 0x6c, 0x56, 0xc0, 0x53, 0x0a, 0x0a,
-	0x25, 0x11, 0xfb, 0x12, 0x14, 0x75, 0x7b, 0xcc, 0xba, 0x2e, 0xc1, 0x63, 0xe7, 0x45, 0x42, 0x29,
-	0x08, 0x2c, 0xa2, 0x04, 0xfd, 0xf4, 0xe4, 0x59, 0xa9, 0xa8, 0x14, 0x04, 0x26, 0x28, 0x97, 0x61,
-	0x8d, 0x0c, 0x06, 0x2e, 0x33, 0x1e, 0x1a, 0x12, 0x37, 0x84, 0x52, 0x04, 0x73, 0xe2, 0xd6, 0x7d,
-	0xc8, 0x85, 0x71, 0x60, 0x47, 0x32, 0x8b, 0x84, 0xea, 0x88, 0x6b, 0x6f, 0x72, 0x27, 0xaf, 0xe4,
-	0xac, 0x50, 0x78, 0x09, 0x8a, 0x86, 0xa7, 0x4e, 0x5e, 0xc9, 0x93, 0xdb, 0xc9, 0x9d, 0x9c, 0x52,
-	0x30, 0xbc, 0xe8, 0x85, 0xb1, 0xfc, 0x75, 0x12, 0x4a, 0xd3, 0xaf, 0xfc, 0xb8, 0x0e, 0x39, 0xd3,
-	0xd6, 0x08, 0x4f, 0x2d, 0xf1, 0x13, 0xd3, 0xce, 0x2b, 0x7e, 0x18, 0xa8, 0x34, 0x03, 0xbe, 0x12,
-	0x69, 0x6e, 0xfd, 0x2d, 0x01, 0xb9, 0x10, 0xc6, 0xe7, 0x20, 0xed, 0x10, 0x7f, 0xc8, 0xcd, 0x65,
-	0x0e, 0x92, 0x28, 0xa1, 0xf0, 0x31, 0xc3, 0x3d, 0x87, 0x58, 0x3c, 0x05, 0x02, 0x9c, 0x8d, 0xd9,
-	0xba, 0x9a, 0x94, 0xe8, 0xfc, 0xfa, 0x61, 0x8f, 0x46, 0xd4, 0xf2, 0xbd, 0x70, 0x5d, 0x03, 0xbc,
-	0x16, 0xc0, 0xf8, 0x1a, 0xac, 0xfb, 0x2e, 0x31, 0xcc, 0x29, 0x6e, 0x9a, 0x73, 0x51, 0x28, 0x88,
-	0xc8, 0xfb, 0x70, 0x21, 0xb4, 0xab, 0x53, 0x9f, 0x68, 0x43, 0xaa, 0x4f, 0x94, 0xb2, 0xfc, 0x99,
-	0xe1, 0x7c, 0x40, 0xa8, 0x07, 0xf2, 0x50, 0xb7, 0xfc, 0xf7, 0x04, 0xac, 0x87, 0x17, 0x26, 0x3d,
-	0x0a, 0xd6, 0x11, 0x00, 0xb1, 0x2c, 0xdb, 0x8f, 0x87, 0x6b, 0x3e, 0x95, 0xe7, 0xf4, 0x2a, 0xd5,
-	0x48, 0x49, 0x89, 0x19, 0xd8, 0x1a, 0x01, 0x4c, 0x24, 0x4b, 0xc3, 0x76, 0x11, 0x0a, 0xc1, 0x4f,
-	0x38, 0xfc, 0x77, 0x40, 0x71, 0xc5, 0x06, 0x01, 0xb1, 0x9b, 0x15, 0xde, 0x84, 0xcc, 0x09, 0x1d,
-	0x18, 0x56, 0xf0, 0x30, 0x2b, 0x06, 0xe1, 0x43, 0x48, 0x3a, 0x7a, 0x08, 0x39, 0xf8, 0x19, 0x6c,
-	0x68, 0xf6, 0x68, 0xd6, 0xdd, 0x03, 0x34, 0x73, 0xcd, 0xf7, 0x3e, 0x4f, 0x7c, 0x09, 0x93, 0x16,
-	0xf3, 0x7f, 0x89, 0xc4, 0xef, 0x93, 0xa9, 0xc3, 0xce, 0xc1, 0x1f, 0x92, 0x5b, 0x87, 0x42, 0xb5,
-	0x13, 0xce, 0x54, 0xa1, 0x7d, 0x93, 0x6a, 0xcc, 0xfb, 0xff, 0x07, 0x00, 0x00, 0xff, 0xff, 0xa3,
-	0x58, 0x22, 0x30, 0xdf, 0x1c, 0x00, 0x00,
+	0x83, 0x1e, 0x02, 0xf4, 0x54, 0xa0, 0x7f, 0x40, 0x51, 0x14, 0x3d, 0xf4, 0xb2, 0x40, 0xff, 0x80,
+	0x02, 0xed, 0xbd, 0xd7, 0x02, 0xbd, 0xf7, 0x50, 0xa0, 0x05, 0xda, 0x3f, 0xa1, 0xc7, 0x62, 0x66,
+	0x48, 0x8a, 0xd4, 0x47, 0xe2, 0x5d, 0x20, 0xd9, 0x93, 0x3d, 0xef, 0xfd, 0xde, 0x9b, 0x37, 0x8f,
+	0xbf, 0x79, 0xf3, 0x66, 0x04, 0x82, 0x46, 0x5c, 0xd5, 0xd1, 0x6d, 0xcf, 0x72, 0x2a, 0xb6, 0x63,
+	0x79, 0x16, 0x5a, 0x1b, 0x5a, 0xd6, 0xd0, 0x20, 0x7c, 0x74, 0x32, 0x19, 0x94, 0x5b, 0xb0, 0x7e,
+	0x4f, 0x37, 0x48, 0x3d, 0x04, 0xf6, 0x88, 0x87, 0xee, 0x40, 0x7a, 0xa0, 0x1b, 0x44, 0x4c, 0xec,
+	0xa4, 0x76, 0x0b, 0x7b, 0x1f, 0x56, 0x66, 0x8c, 0x2a, 0x71, 0x8b, 0x2e, 0x15, 0xcb, 0xcc, 0xa2,
+	0xfc, 0xef, 0x34, 0x6c, 0x2c, 0xd0, 0x22, 0x04, 0x69, 0x13, 0x8f, 0xa9, 0xc7, 0xc4, 0x6e, 0x5e,
+	0x66, 0xff, 0x23, 0x11, 0x56, 0x6c, 0xac, 0x3e, 0xc6, 0x43, 0x22, 0x26, 0x99, 0x38, 0x18, 0xa2,
+	0xf7, 0x01, 0x34, 0x62, 0x13, 0x53, 0x23, 0xa6, 0x7a, 0x2a, 0xa6, 0x76, 0x52, 0xbb, 0x79, 0x39,
+	0x22, 0x41, 0xd7, 0x60, 0xdd, 0x9e, 0x9c, 0x18, 0xba, 0xaa, 0x44, 0x60, 0xb0, 0x93, 0xda, 0xcd,
+	0xc8, 0x02, 0x57, 0xd4, 0xa7, 0xe0, 0xcb, 0xb0, 0xf6, 0x94, 0xe0, 0xc7, 0x51, 0x68, 0x81, 0x41,
+	0x4b, 0x54, 0x1c, 0x01, 0xd6, 0xa0, 0x38, 0x26, 0xae, 0x8b, 0x87, 0x44, 0xf1, 0x4e, 0x6d, 0x22,
+	0xa6, 0xd9, 0xea, 0x77, 0xe6, 0x56, 0x3f, 0xbb, 0xf2, 0x82, 0x6f, 0xd5, 0x3f, 0xb5, 0x09, 0xaa,
+	0x42, 0x9e, 0x98, 0x93, 0x31, 0xf7, 0x90, 0x59, 0x92, 0x3f, 0xc9, 0x9c, 0x8c, 0x67, 0xbd, 0xe4,
+	0xa8, 0x99, 0xef, 0x62, 0xc5, 0x25, 0xce, 0x13, 0x5d, 0x25, 0x62, 0x96, 0x39, 0xb8, 0x3c, 0xe7,
+	0xa0, 0xc7, 0xf5, 0xb3, 0x3e, 0x02, 0x3b, 0x54, 0x83, 0x3c, 0x79, 0xe6, 0x11, 0xd3, 0xd5, 0x2d,
+	0x53, 0x5c, 0x61, 0x4e, 0x2e, 0x2d, 0xf8, 0x8a, 0xc4, 0xd0, 0x66, 0x5d, 0x4c, 0xed, 0xd0, 0x3e,
+	0xac, 0x58, 0xb6, 0xa7, 0x5b, 0xa6, 0x2b, 0xe6, 0x76, 0x12, 0xbb, 0x85, 0xbd, 0x77, 0x17, 0x12,
+	0xa1, 0xc3, 0x31, 0x72, 0x00, 0x46, 0x0d, 0x10, 0x5c, 0x6b, 0xe2, 0xa8, 0x44, 0x51, 0x2d, 0x8d,
+	0x28, 0xba, 0x39, 0xb0, 0xc4, 0x3c, 0x73, 0x70, 0x61, 0x7e, 0x21, 0x0c, 0x58, 0xb3, 0x34, 0xd2,
+	0x30, 0x07, 0x96, 0x5c, 0x72, 0x63, 0x63, 0xb4, 0x05, 0x59, 0xf7, 0xd4, 0xf4, 0xf0, 0x33, 0xb1,
+	0xc8, 0x18, 0xe2, 0x8f, 0xca, 0x7f, 0xce, 0xc2, 0xda, 0x59, 0x28, 0x76, 0x17, 0x32, 0x03, 0xba,
+	0x4a, 0x31, 0xf9, 0x6d, 0x72, 0xc0, 0x6d, 0xe2, 0x49, 0xcc, 0x7e, 0xc7, 0x24, 0x56, 0xa1, 0x60,
+	0x12, 0xd7, 0x23, 0x1a, 0x67, 0x44, 0xea, 0x8c, 0x9c, 0x02, 0x6e, 0x34, 0x4f, 0xa9, 0xf4, 0x77,
+	0xa2, 0xd4, 0x03, 0x58, 0x0b, 0x43, 0x52, 0x1c, 0x6c, 0x0e, 0x03, 0x6e, 0x5e, 0x7f, 0x55, 0x24,
+	0x15, 0x29, 0xb0, 0x93, 0xa9, 0x99, 0x5c, 0x22, 0xb1, 0x31, 0xaa, 0x03, 0x58, 0x26, 0xb1, 0x06,
+	0x8a, 0x46, 0x54, 0x43, 0xcc, 0x2d, 0xc9, 0x52, 0x87, 0x42, 0xe6, 0xb2, 0x64, 0x71, 0xa9, 0x6a,
+	0xa0, 0xcf, 0xa6, 0x54, 0x5b, 0x59, 0xc2, 0x94, 0x16, 0xdf, 0x64, 0x73, 0x6c, 0x3b, 0x86, 0x92,
+	0x43, 0x28, 0xef, 0x89, 0xe6, 0xaf, 0x2c, 0xcf, 0x82, 0xa8, 0xbc, 0x72, 0x65, 0xb2, 0x6f, 0xc6,
+	0x17, 0xb6, 0xea, 0x44, 0x87, 0xe8, 0x03, 0x08, 0x05, 0x0a, 0xa3, 0x15, 0xb0, 0x2a, 0x54, 0x0c,
+	0x84, 0x6d, 0x3c, 0x26, 0xdb, 0xcf, 0xa1, 0x14, 0x4f, 0x0f, 0xda, 0x84, 0x8c, 0xeb, 0x61, 0xc7,
+	0x63, 0x2c, 0xcc, 0xc8, 0x7c, 0x80, 0x04, 0x48, 0x11, 0x53, 0x63, 0x55, 0x2e, 0x23, 0xd3, 0x7f,
+	0xd1, 0x8f, 0xa6, 0x0b, 0x4e, 0xb1, 0x05, 0x7f, 0x34, 0xff, 0x45, 0x63, 0x9e, 0x67, 0xd7, 0xbd,
+	0x7d, 0x1b, 0x56, 0x63, 0x0b, 0x38, 0xeb, 0xd4, 0xe5, 0x5f, 0xc0, 0xdb, 0x0b, 0x5d, 0xa3, 0x07,
+	0xb0, 0x39, 0x31, 0x75, 0xd3, 0x23, 0x8e, 0xed, 0x10, 0xca, 0x58, 0x3e, 0x95, 0xf8, 0x9f, 0x95,
+	0x25, 0x9c, 0x3b, 0x8e, 0xa2, 0xb9, 0x17, 0x79, 0x63, 0x32, 0x2f, 0xbc, 0x9a, 0xcf, 0xfd, 0x77,
+	0x45, 0x78, 0xf1, 0xe2, 0xc5, 0x8b, 0x64, 0xf9, 0x37, 0x59, 0xd8, 0x5c, 0xb4, 0x67, 0x16, 0x6e,
+	0xdf, 0x2d, 0xc8, 0x9a, 0x93, 0xf1, 0x09, 0x71, 0x58, 0x92, 0x32, 0xb2, 0x3f, 0x42, 0x55, 0xc8,
+	0x18, 0xf8, 0x84, 0x18, 0x62, 0x7a, 0x27, 0xb1, 0x5b, 0xda, 0xbb, 0x76, 0xa6, 0x5d, 0x59, 0x69,
+	0x52, 0x13, 0x99, 0x5b, 0xa2, 0xcf, 0x21, 0xed, 0x97, 0x68, 0xea, 0xe1, 0xea, 0xd9, 0x3c, 0xd0,
+	0xbd, 0x24, 0x33, 0x3b, 0xf4, 0x0e, 0xe4, 0xe9, 0x5f, 0xce, 0x8d, 0x2c, 0x8b, 0x39, 0x47, 0x05,
+	0x94, 0x17, 0x68, 0x1b, 0x72, 0x6c, 0x9b, 0x68, 0x24, 0x38, 0xda, 0xc2, 0x31, 0x25, 0x96, 0x46,
+	0x06, 0x78, 0x62, 0x78, 0xca, 0x13, 0x6c, 0x4c, 0x08, 0x23, 0x7c, 0x5e, 0x2e, 0xfa, 0xc2, 0x9f,
+	0x52, 0x19, 0xba, 0x00, 0x05, 0xbe, 0xab, 0x74, 0x53, 0x23, 0xcf, 0x58, 0xf5, 0xcc, 0xc8, 0x7c,
+	0xa3, 0x35, 0xa8, 0x84, 0x4e, 0xff, 0xc8, 0xb5, 0xcc, 0x80, 0x9a, 0x6c, 0x0a, 0x2a, 0x60, 0xd3,
+	0xdf, 0x9e, 0x2d, 0xdc, 0xef, 0x2d, 0x5e, 0xde, 0x2c, 0xa7, 0xca, 0x7f, 0x4a, 0x42, 0x9a, 0xd5,
+	0x8b, 0x35, 0x28, 0xf4, 0x1f, 0x76, 0x25, 0xa5, 0xde, 0x39, 0x3e, 0x6c, 0x4a, 0x42, 0x02, 0x95,
+	0x00, 0x98, 0xe0, 0x5e, 0xb3, 0x53, 0xed, 0x0b, 0xc9, 0x70, 0xdc, 0x68, 0xf7, 0xf7, 0x6f, 0x0a,
+	0xa9, 0xd0, 0xe0, 0x98, 0x0b, 0xd2, 0x51, 0xc0, 0x8d, 0x3d, 0x21, 0x83, 0x04, 0x28, 0x72, 0x07,
+	0x8d, 0x07, 0x52, 0x7d, 0xff, 0xa6, 0x90, 0x8d, 0x4b, 0x6e, 0xec, 0x09, 0x2b, 0x68, 0x15, 0xf2,
+	0x4c, 0x72, 0xd8, 0xe9, 0x34, 0x85, 0x5c, 0xe8, 0xb3, 0xd7, 0x97, 0x1b, 0xed, 0x23, 0x21, 0x1f,
+	0xfa, 0x3c, 0x92, 0x3b, 0xc7, 0x5d, 0x01, 0x42, 0x0f, 0x2d, 0xa9, 0xd7, 0xab, 0x1e, 0x49, 0x42,
+	0x21, 0x44, 0x1c, 0x3e, 0xec, 0x4b, 0x3d, 0xa1, 0x18, 0x0b, 0xeb, 0xc6, 0x9e, 0xb0, 0x1a, 0x4e,
+	0x21, 0xb5, 0x8f, 0x5b, 0x42, 0x09, 0xad, 0xc3, 0x2a, 0x9f, 0x22, 0x08, 0x62, 0x6d, 0x46, 0xb4,
+	0x7f, 0x53, 0x10, 0xa6, 0x81, 0x70, 0x2f, 0xeb, 0x31, 0xc1, 0xfe, 0x4d, 0x01, 0x95, 0x6b, 0x90,
+	0x61, 0xec, 0x42, 0x08, 0x4a, 0xcd, 0xea, 0xa1, 0xd4, 0x54, 0x3a, 0xdd, 0x7e, 0xa3, 0xd3, 0xae,
+	0x36, 0x85, 0xc4, 0x54, 0x26, 0x4b, 0x3f, 0x39, 0x6e, 0xc8, 0x52, 0x5d, 0x48, 0x46, 0x65, 0x5d,
+	0xa9, 0xda, 0x97, 0xea, 0x42, 0xaa, 0xac, 0xc2, 0xe6, 0xa2, 0x3a, 0xb9, 0x70, 0x67, 0x44, 0x3e,
+	0x71, 0x72, 0xc9, 0x27, 0x66, 0xbe, 0xe6, 0x3e, 0xf1, 0xbf, 0x92, 0xb0, 0xb1, 0xe0, 0xac, 0x58,
+	0x38, 0xc9, 0x0f, 0x21, 0xc3, 0x29, 0xca, 0x4f, 0xcf, 0x2b, 0x0b, 0x0f, 0x1d, 0x46, 0xd8, 0xb9,
+	0x13, 0x94, 0xd9, 0x45, 0x3b, 0x88, 0xd4, 0x92, 0x0e, 0x82, 0xba, 0x98, 0xab, 0xe9, 0x3f, 0x9f,
+	0xab, 0xe9, 0xfc, 0xd8, 0xdb, 0x3f, 0xcb, 0xb1, 0xc7, 0x64, 0xdf, 0xae, 0xb6, 0x67, 0x16, 0xd4,
+	0xf6, 0xbb, 0xb0, 0x3e, 0xe7, 0xe8, 0xcc, 0x35, 0xf6, 0x97, 0x09, 0x10, 0x97, 0x25, 0xe7, 0x15,
+	0x95, 0x2e, 0x19, 0xab, 0x74, 0x77, 0x67, 0x33, 0x78, 0x71, 0xf9, 0x47, 0x98, 0xfb, 0xd6, 0xdf,
+	0x24, 0x60, 0x6b, 0x71, 0xa7, 0xb8, 0x30, 0x86, 0xcf, 0x21, 0x3b, 0x26, 0xde, 0xc8, 0x0a, 0xba,
+	0xa5, 0x8f, 0x16, 0x9c, 0xc1, 0x54, 0x3d, 0xfb, 0xb1, 0x7d, 0xab, 0xe8, 0x21, 0x9e, 0x5a, 0xd6,
+	0xee, 0xf1, 0x68, 0xe6, 0x22, 0xfd, 0x55, 0x12, 0xde, 0x5e, 0xe8, 0x7c, 0x61, 0xa0, 0xef, 0x01,
+	0xe8, 0xa6, 0x3d, 0xf1, 0x78, 0x47, 0xc4, 0x0b, 0x6c, 0x9e, 0x49, 0x58, 0xf1, 0xa2, 0xc5, 0x73,
+	0xe2, 0x85, 0xfa, 0x14, 0xd3, 0x03, 0x17, 0x31, 0xc0, 0x9d, 0x69, 0xa0, 0x69, 0x16, 0xe8, 0xfb,
+	0x4b, 0x56, 0x3a, 0x47, 0xcc, 0x4f, 0x41, 0x50, 0x0d, 0x9d, 0x98, 0x9e, 0xe2, 0x7a, 0x0e, 0xc1,
+	0x63, 0xdd, 0x1c, 0xb2, 0x13, 0x24, 0x77, 0x90, 0x19, 0x60, 0xc3, 0x25, 0xf2, 0x1a, 0x57, 0xf7,
+	0x02, 0x2d, 0xb5, 0x60, 0x04, 0x72, 0x22, 0x16, 0xd9, 0x98, 0x05, 0x57, 0x87, 0x16, 0xe5, 0x5f,
+	0xe7, 0xa1, 0x10, 0xe9, 0xab, 0xd1, 0x45, 0x28, 0x3e, 0xc2, 0x4f, 0xb0, 0x12, 0xdc, 0x95, 0x78,
+	0x26, 0x0a, 0x54, 0xd6, 0xf5, 0xef, 0x4b, 0x9f, 0xc2, 0x26, 0x83, 0x58, 0x13, 0x8f, 0x38, 0x8a,
+	0x6a, 0x60, 0xd7, 0x65, 0x49, 0xcb, 0x31, 0x28, 0xa2, 0xba, 0x0e, 0x55, 0xd5, 0x02, 0x0d, 0xba,
+	0x05, 0x1b, 0xcc, 0x62, 0x3c, 0x31, 0x3c, 0xdd, 0x36, 0x88, 0x42, 0x6f, 0x6f, 0x2e, 0x3b, 0x49,
+	0xc2, 0xc8, 0xd6, 0x29, 0xa2, 0xe5, 0x03, 0x68, 0x44, 0x2e, 0xaa, 0xc3, 0x7b, 0xcc, 0x6c, 0x48,
+	0x4c, 0xe2, 0x60, 0x8f, 0x28, 0xe4, 0xeb, 0x09, 0x36, 0x5c, 0x05, 0x9b, 0x9a, 0x32, 0xc2, 0xee,
+	0x48, 0xdc, 0xa4, 0x0e, 0x0e, 0x93, 0x62, 0x42, 0x3e, 0x4f, 0x81, 0x47, 0x3e, 0x4e, 0x62, 0xb0,
+	0xaa, 0xa9, 0x7d, 0x81, 0xdd, 0x11, 0x3a, 0x80, 0x2d, 0xe6, 0xc5, 0xf5, 0x1c, 0xdd, 0x1c, 0x2a,
+	0xea, 0x88, 0xa8, 0x8f, 0x95, 0x89, 0x37, 0xb8, 0x23, 0xbe, 0x13, 0x9d, 0x9f, 0x45, 0xd8, 0x63,
+	0x98, 0x1a, 0x85, 0x1c, 0x7b, 0x83, 0x3b, 0xa8, 0x07, 0x45, 0xfa, 0x31, 0xc6, 0xfa, 0x73, 0xa2,
+	0x0c, 0x2c, 0x87, 0x1d, 0x8d, 0xa5, 0x05, 0xa5, 0x29, 0x92, 0xc1, 0x4a, 0xc7, 0x37, 0x68, 0x59,
+	0x1a, 0x39, 0xc8, 0xf4, 0xba, 0x92, 0x54, 0x97, 0x0b, 0x81, 0x97, 0x7b, 0x96, 0x43, 0x09, 0x35,
+	0xb4, 0xc2, 0x04, 0x17, 0x38, 0xa1, 0x86, 0x56, 0x90, 0xde, 0x5b, 0xb0, 0xa1, 0xaa, 0x7c, 0xcd,
+	0xba, 0xaa, 0xf8, 0x77, 0x2c, 0x57, 0x14, 0x62, 0xc9, 0x52, 0xd5, 0x23, 0x0e, 0xf0, 0x39, 0xee,
+	0xa2, 0xcf, 0xe0, 0xed, 0x69, 0xb2, 0xa2, 0x86, 0xeb, 0x73, 0xab, 0x9c, 0x35, 0xbd, 0x05, 0x1b,
+	0xf6, 0xe9, 0xbc, 0x21, 0x8a, 0xcd, 0x68, 0x9f, 0xce, 0x9a, 0xdd, 0x86, 0x4d, 0x7b, 0x64, 0xcf,
+	0xdb, 0x5d, 0x8d, 0xda, 0x21, 0x7b, 0x64, 0xcf, 0x1a, 0x5e, 0x62, 0x17, 0x6e, 0x87, 0xa8, 0xd8,
+	0x23, 0x9a, 0x78, 0x2e, 0x0a, 0x8f, 0x28, 0xd0, 0x75, 0x10, 0x54, 0x55, 0x21, 0x26, 0x3e, 0x31,
+	0x88, 0x82, 0x1d, 0x62, 0x62, 0x57, 0xbc, 0x10, 0x05, 0x97, 0x54, 0x55, 0x62, 0xda, 0x2a, 0x53,
+	0xa2, 0xab, 0xb0, 0x6e, 0x9d, 0x3c, 0x52, 0x39, 0x25, 0x15, 0xdb, 0x21, 0x03, 0xfd, 0x99, 0xf8,
+	0x21, 0xcb, 0xef, 0x1a, 0x55, 0x30, 0x42, 0x76, 0x99, 0x18, 0x5d, 0x01, 0x41, 0x75, 0x47, 0xd8,
+	0xb1, 0x59, 0x4d, 0x76, 0x6d, 0xac, 0x12, 0xf1, 0x12, 0x87, 0x72, 0x79, 0x3b, 0x10, 0xd3, 0x2d,
+	0xe1, 0x3e, 0xd5, 0x07, 0x5e, 0xe0, 0xf1, 0x32, 0xdf, 0x12, 0x4c, 0xe6, 0x7b, 0xdb, 0x05, 0x81,
+	0xa6, 0x22, 0x36, 0xf1, 0x2e, 0x83, 0x95, 0xec, 0x91, 0x1d, 0x9d, 0xf7, 0x03, 0x58, 0xa5, 0xc8,
+	0xe9, 0xa4, 0x57, 0x78, 0x43, 0x66, 0x8f, 0x22, 0x33, 0xde, 0x84, 0x2d, 0x0a, 0x1a, 0x13, 0x0f,
+	0x6b, 0xd8, 0xc3, 0x11, 0xf4, 0xc7, 0x0c, 0x4d, 0xf3, 0xde, 0xf2, 0x95, 0xb1, 0x38, 0x9d, 0xc9,
+	0xc9, 0x69, 0xc8, 0xac, 0x4f, 0x78, 0x9c, 0x54, 0x16, 0x70, 0xeb, 0xb5, 0x35, 0xdd, 0xe5, 0x03,
+	0x28, 0x46, 0x89, 0x8f, 0xf2, 0xc0, 0xa9, 0x2f, 0x24, 0x68, 0x17, 0x54, 0xeb, 0xd4, 0x69, 0xff,
+	0xf2, 0x95, 0x24, 0x24, 0x69, 0x1f, 0xd5, 0x6c, 0xf4, 0x25, 0x45, 0x3e, 0x6e, 0xf7, 0x1b, 0x2d,
+	0x49, 0x48, 0x45, 0x1b, 0xf6, 0xbf, 0x26, 0xa1, 0x14, 0xbf, 0x7b, 0xa1, 0x1f, 0xc0, 0xb9, 0xe0,
+	0xa1, 0xc4, 0x25, 0x9e, 0xf2, 0x54, 0x77, 0xd8, 0x5e, 0x1c, 0x63, 0x7e, 0x2e, 0x86, 0x6c, 0xd8,
+	0xf4, 0x51, 0x3d, 0xe2, 0x7d, 0xa9, 0x3b, 0x74, 0xa7, 0x8d, 0xb1, 0x87, 0x9a, 0x70, 0xc1, 0xb4,
+	0x14, 0xd7, 0xc3, 0xa6, 0x86, 0x1d, 0x4d, 0x99, 0x3e, 0x51, 0x29, 0x58, 0x55, 0x89, 0xeb, 0x5a,
+	0xfc, 0x0c, 0x0c, 0xbd, 0xbc, 0x6b, 0x5a, 0x3d, 0x1f, 0x3c, 0x3d, 0x1c, 0xaa, 0x3e, 0x74, 0x86,
+	0xb9, 0xa9, 0x65, 0xcc, 0x7d, 0x07, 0xf2, 0x63, 0x6c, 0x2b, 0xc4, 0xf4, 0x9c, 0x53, 0xd6, 0x71,
+	0xe7, 0xe4, 0xdc, 0x18, 0xdb, 0x12, 0x1d, 0xbf, 0x99, 0x8b, 0xcf, 0x3f, 0x52, 0x50, 0x8c, 0x76,
+	0xdd, 0xf4, 0x12, 0xa3, 0xb2, 0x03, 0x2a, 0xc1, 0x4a, 0xd8, 0x07, 0x2f, 0xed, 0xd1, 0x2b, 0x35,
+	0x7a, 0x72, 0x1d, 0x64, 0x79, 0x2f, 0x2c, 0x73, 0x4b, 0xda, 0x35, 0x50, 0x6a, 0x11, 0xde, 0x7b,
+	0xe4, 0x64, 0x7f, 0x84, 0x8e, 0x20, 0xfb, 0xc8, 0x65, 0xbe, 0xb3, 0xcc, 0xf7, 0x87, 0x2f, 0xf7,
+	0x7d, 0xbf, 0xc7, 0x9c, 0xe7, 0xef, 0xf7, 0x94, 0x76, 0x47, 0x6e, 0x55, 0x9b, 0xb2, 0x6f, 0x8e,
+	0xce, 0x43, 0xda, 0xc0, 0xcf, 0x4f, 0xe3, 0x67, 0x1c, 0x13, 0x9d, 0x35, 0xf1, 0xe7, 0x21, 0xfd,
+	0x94, 0xe0, 0xc7, 0xf1, 0x93, 0x85, 0x89, 0x5e, 0x23, 0xf5, 0xaf, 0x43, 0x86, 0xe5, 0x0b, 0x01,
+	0xf8, 0x19, 0x13, 0xde, 0x42, 0x39, 0x48, 0xd7, 0x3a, 0x32, 0xa5, 0xbf, 0x00, 0x45, 0x2e, 0x55,
+	0xba, 0x0d, 0xa9, 0x26, 0x09, 0xc9, 0xf2, 0x2d, 0xc8, 0xf2, 0x24, 0xd0, 0xad, 0x11, 0xa6, 0x41,
+	0x78, 0xcb, 0x1f, 0xfa, 0x3e, 0x12, 0x81, 0xf6, 0xb8, 0x75, 0x28, 0xc9, 0x42, 0x32, 0xfa, 0x79,
+	0x5d, 0x28, 0x46, 0x1b, 0xee, 0x37, 0xc3, 0xa9, 0xbf, 0x24, 0xa0, 0x10, 0x69, 0xa0, 0x69, 0xe7,
+	0x83, 0x0d, 0xc3, 0x7a, 0xaa, 0x60, 0x43, 0xc7, 0xae, 0x4f, 0x0a, 0x60, 0xa2, 0x2a, 0x95, 0x9c,
+	0xf5, 0xa3, 0xbd, 0x91, 0xe0, 0x7f, 0x9f, 0x00, 0x61, 0xb6, 0x77, 0x9d, 0x09, 0x30, 0xf1, 0xbd,
+	0x06, 0xf8, 0xbb, 0x04, 0x94, 0xe2, 0x0d, 0xeb, 0x4c, 0x78, 0x17, 0xbf, 0xd7, 0xf0, 0xfe, 0x99,
+	0x84, 0xd5, 0x58, 0x9b, 0x7a, 0xd6, 0xe8, 0xbe, 0x86, 0x75, 0x5d, 0x23, 0x63, 0xdb, 0xf2, 0x88,
+	0xa9, 0x9e, 0x2a, 0x06, 0x79, 0x42, 0x0c, 0xb1, 0xcc, 0x0a, 0xc5, 0xf5, 0x97, 0x37, 0xc2, 0x95,
+	0xc6, 0xd4, 0xae, 0x49, 0xcd, 0x0e, 0x36, 0x1a, 0x75, 0xa9, 0xd5, 0xed, 0xf4, 0xa5, 0x76, 0xed,
+	0xa1, 0x72, 0xdc, 0xfe, 0x71, 0xbb, 0xf3, 0x65, 0x5b, 0x16, 0xf4, 0x19, 0xd8, 0x6b, 0xdc, 0xea,
+	0x5d, 0x10, 0x66, 0x83, 0x42, 0xe7, 0x60, 0x51, 0x58, 0xc2, 0x5b, 0x68, 0x03, 0xd6, 0xda, 0x1d,
+	0xa5, 0xd7, 0xa8, 0x4b, 0x8a, 0x74, 0xef, 0x9e, 0x54, 0xeb, 0xf7, 0xf8, 0xd3, 0x46, 0x88, 0xee,
+	0xc7, 0x37, 0xf5, 0x6f, 0x53, 0xb0, 0xb1, 0x20, 0x12, 0x54, 0xf5, 0x2f, 0x25, 0xfc, 0x9e, 0xf4,
+	0xc9, 0x59, 0xa2, 0xaf, 0xd0, 0xae, 0xa0, 0x8b, 0x1d, 0xcf, 0xbf, 0xc3, 0x5c, 0x01, 0x9a, 0x25,
+	0xd3, 0xd3, 0x07, 0x3a, 0x71, 0xfc, 0x97, 0x20, 0x7e, 0x53, 0x59, 0x9b, 0xca, 0xf9, 0x63, 0xd0,
+	0xc7, 0x80, 0x6c, 0xcb, 0xd5, 0x3d, 0xfd, 0x09, 0x51, 0x74, 0x33, 0x78, 0x36, 0xa2, 0x37, 0x97,
+	0xb4, 0x2c, 0x04, 0x9a, 0x86, 0xe9, 0x85, 0x68, 0x93, 0x0c, 0xf1, 0x0c, 0x9a, 0x16, 0xf0, 0x94,
+	0x2c, 0x04, 0x9a, 0x10, 0x7d, 0x11, 0x8a, 0x9a, 0x35, 0xa1, 0xed, 0x1c, 0xc7, 0xd1, 0xf3, 0x22,
+	0x21, 0x17, 0xb8, 0x2c, 0x84, 0xf8, 0x8d, 0xfa, 0xf4, 0xbd, 0xaa, 0x28, 0x17, 0xb8, 0x8c, 0x43,
+	0x2e, 0xc3, 0x1a, 0x1e, 0x0e, 0x1d, 0xea, 0x3c, 0x70, 0xc4, 0xaf, 0x1e, 0xa5, 0x50, 0xcc, 0x80,
+	0xdb, 0xf7, 0x21, 0x17, 0xe4, 0x81, 0x1e, 0xc9, 0x34, 0x13, 0x8a, 0xcd, 0xef, 0xd3, 0xc9, 0xdd,
+	0xbc, 0x9c, 0x33, 0x03, 0xe5, 0x45, 0x28, 0xea, 0xae, 0x32, 0x7d, 0x7e, 0x4f, 0xee, 0x24, 0x77,
+	0x73, 0x72, 0x41, 0x77, 0xc3, 0xa7, 0xcb, 0xf2, 0x37, 0x49, 0x28, 0xc5, 0x7f, 0x3e, 0x40, 0x75,
+	0xc8, 0x19, 0x96, 0x8a, 0x19, 0xb5, 0xf8, 0x6f, 0x57, 0xbb, 0xaf, 0xf8, 0xc5, 0xa1, 0xd2, 0xf4,
+	0xf1, 0x72, 0x68, 0xb9, 0xfd, 0xb7, 0x04, 0xe4, 0x02, 0x31, 0xda, 0x82, 0xb4, 0x8d, 0xbd, 0x11,
+	0x73, 0x97, 0x39, 0x4c, 0x0a, 0x09, 0x99, 0x8d, 0xa9, 0xdc, 0xb5, 0xb1, 0xc9, 0x28, 0xe0, 0xcb,
+	0xe9, 0x98, 0x7e, 0x57, 0x83, 0x60, 0x8d, 0xdd, 0x6b, 0xac, 0xf1, 0x98, 0x98, 0x9e, 0x1b, 0x7c,
+	0x57, 0x5f, 0x5e, 0xf3, 0xc5, 0xe8, 0x1a, 0xac, 0x7b, 0x0e, 0xd6, 0x8d, 0x18, 0x36, 0xcd, 0xb0,
+	0x42, 0xa0, 0x08, 0xc1, 0x07, 0x70, 0x3e, 0xf0, 0xab, 0x11, 0x0f, 0xab, 0x23, 0xa2, 0x4d, 0x8d,
+	0xb2, 0xec, 0xfd, 0xe2, 0x9c, 0x0f, 0xa8, 0xfb, 0xfa, 0xc0, 0xb6, 0xfc, 0xf7, 0x04, 0xac, 0x07,
+	0x37, 0x31, 0x2d, 0x4c, 0x56, 0x0b, 0x00, 0x9b, 0xa6, 0xe5, 0x45, 0xd3, 0x35, 0x4f, 0xe5, 0x39,
+	0xbb, 0x4a, 0x35, 0x34, 0x92, 0x23, 0x0e, 0xb6, 0xc7, 0x00, 0x53, 0xcd, 0xd2, 0xb4, 0x5d, 0x80,
+	0x82, 0xff, 0xdb, 0x10, 0xfb, 0x81, 0x91, 0xdf, 0xdd, 0x81, 0x8b, 0xe8, 0x95, 0x0d, 0x6d, 0x42,
+	0xe6, 0x84, 0x0c, 0x75, 0xd3, 0x7f, 0xf1, 0xe5, 0x83, 0xe0, 0x85, 0x25, 0x1d, 0xbe, 0xb0, 0x1c,
+	0xfe, 0x0c, 0x36, 0x54, 0x6b, 0x3c, 0x1b, 0xee, 0xa1, 0x30, 0xf3, 0x7e, 0xe0, 0x7e, 0x91, 0xf8,
+	0x0a, 0xa6, 0x2d, 0xe6, 0xff, 0x12, 0x89, 0x3f, 0x24, 0x53, 0x47, 0xdd, 0xc3, 0x3f, 0x26, 0xb7,
+	0x8f, 0xb8, 0x69, 0x37, 0x58, 0xa9, 0x4c, 0x06, 0x06, 0x51, 0x69, 0xf4, 0xff, 0x0f, 0x00, 0x00,
+	0xff, 0xff, 0x88, 0x17, 0xc1, 0xbe, 0x38, 0x1d, 0x00, 0x00,
 }
diff --git a/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor_gostring.gen.go b/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor_gostring.gen.go
index 3b95a775754b5..165b2110df8ba 100644
--- a/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor_gostring.gen.go
+++ b/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor_gostring.gen.go
@@ -1,44 +1,18 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: descriptor.proto
 
-/*
-Package descriptor is a generated protocol buffer package.
-
-It is generated from these files:
-	descriptor.proto
-
-It has these top-level messages:
-	FileDescriptorSet
-	FileDescriptorProto
-	DescriptorProto
-	ExtensionRangeOptions
-	FieldDescriptorProto
-	OneofDescriptorProto
-	EnumDescriptorProto
-	EnumValueDescriptorProto
-	ServiceDescriptorProto
-	MethodDescriptorProto
-	FileOptions
-	MessageOptions
-	FieldOptions
-	OneofOptions
-	EnumOptions
-	EnumValueOptions
-	ServiceOptions
-	MethodOptions
-	UninterpretedOption
-	SourceCodeInfo
-	GeneratedCodeInfo
-*/
 package descriptor
 
-import fmt "fmt"
-import strings "strings"
-import proto "github.com/gogo/protobuf/proto"
-import sort "sort"
-import strconv "strconv"
-import reflect "reflect"
-import math "math"
+import (
+	fmt "fmt"
+	github_com_gogo_protobuf_proto "github.com/gogo/protobuf/proto"
+	proto "github.com/gogo/protobuf/proto"
+	math "math"
+	reflect "reflect"
+	sort "sort"
+	strconv "strconv"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -386,7 +360,7 @@ func (this *FileOptions) GoString() string {
 	if this == nil {
 		return "nil"
 	}
-	s := make([]string, 0, 23)
+	s := make([]string, 0, 25)
 	s = append(s, "&descriptor.FileOptions{")
 	if this.JavaPackage != nil {
 		s = append(s, "JavaPackage: "+valueToGoStringDescriptor(this.JavaPackage, "string")+",\n")
@@ -442,6 +416,12 @@ func (this *FileOptions) GoString() string {
 	if this.PhpNamespace != nil {
 		s = append(s, "PhpNamespace: "+valueToGoStringDescriptor(this.PhpNamespace, "string")+",\n")
 	}
+	if this.PhpMetadataNamespace != nil {
+		s = append(s, "PhpMetadataNamespace: "+valueToGoStringDescriptor(this.PhpMetadataNamespace, "string")+",\n")
+	}
+	if this.RubyPackage != nil {
+		s = append(s, "RubyPackage: "+valueToGoStringDescriptor(this.RubyPackage, "string")+",\n")
+	}
 	if this.UninterpretedOption != nil {
 		s = append(s, "UninterpretedOption: "+fmt.Sprintf("%#v", this.UninterpretedOption)+",\n")
 	}
@@ -752,8 +732,8 @@ func valueToGoStringDescriptor(v interface{}, typ string) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
 }
-func extensionToGoStringDescriptor(m proto.Message) string {
-	e := proto.GetUnsafeExtensionsMap(m)
+func extensionToGoStringDescriptor(m github_com_gogo_protobuf_proto.Message) string {
+	e := github_com_gogo_protobuf_proto.GetUnsafeExtensionsMap(m)
 	if e == nil {
 		return "nil"
 	}
diff --git a/vendor/github.com/gogo/protobuf/types/any.go b/vendor/github.com/gogo/protobuf/types/any.go
index d83c3ad0076a9..df4787de37c52 100644
--- a/vendor/github.com/gogo/protobuf/types/any.go
+++ b/vendor/github.com/gogo/protobuf/types/any.go
@@ -129,10 +129,12 @@ func UnmarshalAny(any *Any, pb proto.Message) error {
 
 // Is returns true if any value contains a given message type.
 func Is(any *Any, pb proto.Message) bool {
-	aname, err := AnyMessageName(any)
-	if err != nil {
+	// The following is equivalent to AnyMessageName(any) == proto.MessageName(pb),
+	// but it avoids scanning TypeUrl for the slash.
+	if any == nil {
 		return false
 	}
-
-	return aname == proto.MessageName(pb)
+	name := proto.MessageName(pb)
+	prefix := len(any.TypeUrl) - len(name)
+	return prefix >= 1 && any.TypeUrl[prefix-1] == '/' && any.TypeUrl[prefix:] == name
 }
diff --git a/vendor/github.com/gogo/protobuf/types/any.pb.go b/vendor/github.com/gogo/protobuf/types/any.pb.go
index 4b5f5705a9ca6..e3d4d9490f5e3 100644
--- a/vendor/github.com/gogo/protobuf/types/any.pb.go
+++ b/vendor/github.com/gogo/protobuf/types/any.pb.go
@@ -1,27 +1,18 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: any.proto
+// source: google/protobuf/any.proto
 
-/*
-	Package types is a generated protocol buffer package.
-
-	It is generated from these files:
-		any.proto
-
-	It has these top-level messages:
-		Any
-*/
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import bytes "bytes"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -32,7 +23,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // `Any` contains an arbitrary serialized protocol buffer message along with a
 // URL that describes the type of the serialized message.
@@ -115,17 +106,19 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 //     }
 //
 type Any struct {
-	// A URL/resource name whose content describes the type of the
-	// serialized protocol buffer message.
+	// A URL/resource name that uniquely identifies the type of the serialized
+	// protocol buffer message. This string must contain at least
+	// one "/" character. The last segment of the URL's path must represent
+	// the fully qualified name of the type (as in
+	// `path/google.protobuf.Duration`). The name should be in a canonical form
+	// (e.g., leading "." is not accepted).
 	//
-	// For URLs which use the scheme `http`, `https`, or no scheme, the
-	// following restrictions and interpretations apply:
+	// In practice, teams usually precompile into the binary all types that they
+	// expect it to use in the context of Any. However, for URLs which use the
+	// scheme `http`, `https`, or no scheme, one can optionally set up a type
+	// server that maps type URLs to message definitions as follows:
 	//
 	// * If no scheme is provided, `https` is assumed.
-	// * The last segment of the URL's path must represent the fully
-	//   qualified name of the type (as in `path/google.protobuf.Duration`).
-	//   The name should be in a canonical form (e.g., leading "." is
-	//   not accepted).
 	// * An HTTP GET on the URL must yield a [google.protobuf.Type][]
 	//   value in binary format, or produce an error.
 	// * Applications are allowed to cache lookup results based on the
@@ -134,18 +127,53 @@ type Any struct {
 	//   on changes to types. (Use versioned type names to manage
 	//   breaking changes.)
 	//
+	// Note: this functionality is not currently available in the official
+	// protobuf release, and it is not used for type URLs beginning with
+	// type.googleapis.com.
+	//
 	// Schemes other than `http`, `https` (or the empty scheme) might be
 	// used with implementation specific semantics.
 	//
 	TypeUrl string `protobuf:"bytes,1,opt,name=type_url,json=typeUrl,proto3" json:"type_url,omitempty"`
 	// Must be a valid serialized protocol buffer of the above specified type.
-	Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+	Value                []byte   `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *Any) Reset()                    { *m = Any{} }
-func (*Any) ProtoMessage()               {}
-func (*Any) Descriptor() ([]byte, []int) { return fileDescriptorAny, []int{0} }
-func (*Any) XXX_WellKnownType() string   { return "Any" }
+func (m *Any) Reset()      { *m = Any{} }
+func (*Any) ProtoMessage() {}
+func (*Any) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b53526c13ae22eb4, []int{0}
+}
+func (*Any) XXX_WellKnownType() string { return "Any" }
+func (m *Any) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Any) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Any.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Any) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Any.Merge(m, src)
+}
+func (m *Any) XXX_Size() int {
+	return m.Size()
+}
+func (m *Any) XXX_DiscardUnknown() {
+	xxx_messageInfo_Any.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Any proto.InternalMessageInfo
 
 func (m *Any) GetTypeUrl() string {
 	if m != nil {
@@ -161,9 +189,33 @@ func (m *Any) GetValue() []byte {
 	return nil
 }
 
+func (*Any) XXX_MessageName() string {
+	return "google.protobuf.Any"
+}
 func init() {
 	proto.RegisterType((*Any)(nil), "google.protobuf.Any")
 }
+
+func init() { proto.RegisterFile("google/protobuf/any.proto", fileDescriptor_b53526c13ae22eb4) }
+
+var fileDescriptor_b53526c13ae22eb4 = []byte{
+	// 211 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4c, 0xcf, 0xcf, 0x4f,
+	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0xcc, 0xab, 0xd4,
+	0x03, 0x73, 0x84, 0xf8, 0x21, 0x52, 0x7a, 0x30, 0x29, 0x25, 0x33, 0x2e, 0x66, 0xc7, 0xbc, 0x4a,
+	0x21, 0x49, 0x2e, 0x8e, 0x92, 0xca, 0x82, 0xd4, 0xf8, 0xd2, 0xa2, 0x1c, 0x09, 0x46, 0x05, 0x46,
+	0x0d, 0xce, 0x20, 0x76, 0x10, 0x3f, 0xb4, 0x28, 0x47, 0x48, 0x84, 0x8b, 0xb5, 0x2c, 0x31, 0xa7,
+	0x34, 0x55, 0x82, 0x49, 0x81, 0x51, 0x83, 0x27, 0x08, 0xc2, 0x71, 0xaa, 0xbf, 0xf1, 0x50, 0x8e,
+	0xe1, 0xc3, 0x43, 0x39, 0xc6, 0x1f, 0x0f, 0xe5, 0x18, 0x1b, 0x1e, 0xc9, 0x31, 0xae, 0x78, 0x24,
+	0xc7, 0x78, 0xe2, 0x91, 0x1c, 0xe3, 0x85, 0x47, 0x72, 0x8c, 0x0f, 0x1e, 0xc9, 0x31, 0xbe, 0x78,
+	0x24, 0xc7, 0xf0, 0x01, 0x24, 0xfe, 0x58, 0x8e, 0xf1, 0xc4, 0x63, 0x39, 0x46, 0x2e, 0xe1, 0xe4,
+	0xfc, 0x5c, 0x3d, 0x34, 0xeb, 0x9d, 0x38, 0x1c, 0xf3, 0x2a, 0x03, 0x40, 0x9c, 0x00, 0xc6, 0x28,
+	0x56, 0x90, 0x8d, 0xc5, 0x8b, 0x98, 0x98, 0xdd, 0x03, 0x9c, 0x56, 0x31, 0xc9, 0xb9, 0x43, 0x94,
+	0x06, 0x40, 0x95, 0xea, 0x85, 0xa7, 0xe6, 0xe4, 0x78, 0xe7, 0xe5, 0x97, 0xe7, 0x85, 0x80, 0x94,
+	0x25, 0xb1, 0x81, 0xcd, 0x30, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0xb7, 0x81, 0x82, 0xd3, 0xed,
+	0x00, 0x00, 0x00,
+}
+
 func (this *Any) Compare(that interface{}) int {
 	if that == nil {
 		if this == nil {
@@ -198,6 +250,9 @@ func (this *Any) Compare(that interface{}) int {
 	if c := bytes.Compare(this.Value, that1.Value); c != 0 {
 		return c
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Any) Equal(that interface{}) bool {
@@ -225,6 +280,9 @@ func (this *Any) Equal(that interface{}) bool {
 	if !bytes.Equal(this.Value, that1.Value) {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Any) GoString() string {
@@ -235,6 +293,9 @@ func (this *Any) GoString() string {
 	s = append(s, "&types.Any{")
 	s = append(s, "TypeUrl: "+fmt.Sprintf("%#v", this.TypeUrl)+",\n")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -249,7 +310,7 @@ func valueToGoStringAny(v interface{}, typ string) string {
 func (m *Any) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -257,33 +318,46 @@ func (m *Any) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Any) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Any) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.TypeUrl) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintAny(dAtA, i, uint64(len(m.TypeUrl)))
-		i += copy(dAtA[i:], m.TypeUrl)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.Value) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Value)
+		copy(dAtA[i:], m.Value)
 		i = encodeVarintAny(dAtA, i, uint64(len(m.Value)))
-		i += copy(dAtA[i:], m.Value)
+		i--
+		dAtA[i] = 0x12
 	}
-	return i, nil
+	if len(m.TypeUrl) > 0 {
+		i -= len(m.TypeUrl)
+		copy(dAtA[i:], m.TypeUrl)
+		i = encodeVarintAny(dAtA, i, uint64(len(m.TypeUrl)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintAny(dAtA []byte, offset int, v uint64) int {
+	offset -= sovAny(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func NewPopulatedAny(r randyAny, easy bool) *Any {
 	this := &Any{}
@@ -294,6 +368,7 @@ func NewPopulatedAny(r randyAny, easy bool) *Any {
 		this.Value[i] = byte(r.Intn(256))
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedAny(r, 3)
 	}
 	return this
 }
@@ -371,6 +446,9 @@ func encodeVarintPopulateAny(dAtA []byte, v uint64) []byte {
 	return dAtA
 }
 func (m *Any) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.TypeUrl)
@@ -381,18 +459,14 @@ func (m *Any) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovAny(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovAny(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozAny(x uint64) (n int) {
 	return sovAny(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -404,6 +478,7 @@ func (this *Any) String() string {
 	s := strings.Join([]string{`&Any{`,
 		`TypeUrl:` + fmt.Sprintf("%v", this.TypeUrl) + `,`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -431,7 +506,7 @@ func (m *Any) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -459,7 +534,7 @@ func (m *Any) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -469,6 +544,9 @@ func (m *Any) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthAny
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAny
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -488,7 +566,7 @@ func (m *Any) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -497,6 +575,9 @@ func (m *Any) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthAny
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAny
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -511,12 +592,13 @@ func (m *Any) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthAny
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -529,6 +611,7 @@ func (m *Any) Unmarshal(dAtA []byte) error {
 func skipAny(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -560,10 +643,8 @@ func skipAny(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -580,72 +661,34 @@ func skipAny(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthAny
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowAny
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipAny(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupAny
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthAny
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthAny = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowAny   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthAny        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowAny          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupAny = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("any.proto", fileDescriptorAny) }
-
-var fileDescriptorAny = []byte{
-	// 204 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0xcc, 0xab, 0xd4,
-	0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x4f, 0xcf, 0xcf, 0x4f, 0xcf, 0x49, 0x85, 0xf0, 0x92,
-	0x4a, 0xd3, 0x94, 0xcc, 0xb8, 0x98, 0x1d, 0xf3, 0x2a, 0x85, 0x24, 0xb9, 0x38, 0x4a, 0x2a, 0x0b,
-	0x52, 0xe3, 0x4b, 0x8b, 0x72, 0x24, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0xd8, 0x41, 0xfc, 0xd0,
-	0xa2, 0x1c, 0x21, 0x11, 0x2e, 0xd6, 0xb2, 0xc4, 0x9c, 0xd2, 0x54, 0x09, 0x26, 0x05, 0x46, 0x0d,
-	0x9e, 0x20, 0x08, 0xc7, 0xa9, 0xfe, 0xc2, 0x43, 0x39, 0x86, 0x1b, 0x0f, 0xe5, 0x18, 0x3e, 0x3c,
-	0x94, 0x63, 0xfc, 0xf1, 0x50, 0x8e, 0xb1, 0xe1, 0x91, 0x1c, 0xe3, 0x8a, 0x47, 0x72, 0x8c, 0x27,
-	0x1e, 0xc9, 0x31, 0x5e, 0x78, 0x24, 0xc7, 0xf8, 0xe0, 0x91, 0x1c, 0xe3, 0x8b, 0x47, 0x72, 0x0c,
-	0x1f, 0x40, 0xe2, 0x8f, 0xe5, 0x18, 0xb9, 0x84, 0x93, 0xf3, 0x73, 0xf5, 0xd0, 0xac, 0x77, 0xe2,
-	0x70, 0xcc, 0xab, 0x0c, 0x00, 0x71, 0x02, 0x18, 0xa3, 0x58, 0x41, 0x36, 0x16, 0x2f, 0x62, 0x62,
-	0x76, 0x0f, 0x70, 0x5a, 0xc5, 0x24, 0xe7, 0x0e, 0x51, 0x1a, 0x00, 0x55, 0xaa, 0x17, 0x9e, 0x9a,
-	0x93, 0xe3, 0x9d, 0x97, 0x5f, 0x9e, 0x17, 0x02, 0x52, 0x96, 0xc4, 0x06, 0x36, 0xc3, 0x18, 0x10,
-	0x00, 0x00, 0xff, 0xff, 0xb7, 0x39, 0x2f, 0x89, 0xdd, 0x00, 0x00, 0x00,
-}
diff --git a/vendor/github.com/gogo/protobuf/types/api.pb.go b/vendor/github.com/gogo/protobuf/types/api.pb.go
new file mode 100644
index 0000000000000..83e8869206fe2
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/types/api.pb.go
@@ -0,0 +1,2134 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: google/protobuf/api.proto
+
+package types
+
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
+// Api is a light-weight descriptor for an API Interface.
+//
+// Interfaces are also described as "protocol buffer services" in some contexts,
+// such as by the "service" keyword in a .proto file, but they are different
+// from API Services, which represent a concrete implementation of an interface
+// as opposed to simply a description of methods and bindings. They are also
+// sometimes simply referred to as "APIs" in other contexts, such as the name of
+// this message itself. See https://cloud.google.com/apis/design/glossary for
+// detailed terminology.
+type Api struct {
+	// The fully qualified name of this interface, including package name
+	// followed by the interface's simple name.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// The methods of this interface, in unspecified order.
+	Methods []*Method `protobuf:"bytes,2,rep,name=methods,proto3" json:"methods,omitempty"`
+	// Any metadata attached to the interface.
+	Options []*Option `protobuf:"bytes,3,rep,name=options,proto3" json:"options,omitempty"`
+	// A version string for this interface. If specified, must have the form
+	// `major-version.minor-version`, as in `1.10`. If the minor version is
+	// omitted, it defaults to zero. If the entire version field is empty, the
+	// major version is derived from the package name, as outlined below. If the
+	// field is not empty, the version in the package name will be verified to be
+	// consistent with what is provided here.
+	//
+	// The versioning schema uses [semantic
+	// versioning](http://semver.org) where the major version number
+	// indicates a breaking change and the minor version an additive,
+	// non-breaking change. Both version numbers are signals to users
+	// what to expect from different versions, and should be carefully
+	// chosen based on the product plan.
+	//
+	// The major version is also reflected in the package name of the
+	// interface, which must end in `v<major-version>`, as in
+	// `google.feature.v1`. For major versions 0 and 1, the suffix can
+	// be omitted. Zero major versions must only be used for
+	// experimental, non-GA interfaces.
+	//
+	//
+	Version string `protobuf:"bytes,4,opt,name=version,proto3" json:"version,omitempty"`
+	// Source context for the protocol buffer service represented by this
+	// message.
+	SourceContext *SourceContext `protobuf:"bytes,5,opt,name=source_context,json=sourceContext,proto3" json:"source_context,omitempty"`
+	// Included interfaces. See [Mixin][].
+	Mixins []*Mixin `protobuf:"bytes,6,rep,name=mixins,proto3" json:"mixins,omitempty"`
+	// The source syntax of the service.
+	Syntax               Syntax   `protobuf:"varint,7,opt,name=syntax,proto3,enum=google.protobuf.Syntax" json:"syntax,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Api) Reset()      { *m = Api{} }
+func (*Api) ProtoMessage() {}
+func (*Api) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a2ec32096296c143, []int{0}
+}
+func (m *Api) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Api) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Api.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Api) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Api.Merge(m, src)
+}
+func (m *Api) XXX_Size() int {
+	return m.Size()
+}
+func (m *Api) XXX_DiscardUnknown() {
+	xxx_messageInfo_Api.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Api proto.InternalMessageInfo
+
+func (m *Api) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Api) GetMethods() []*Method {
+	if m != nil {
+		return m.Methods
+	}
+	return nil
+}
+
+func (m *Api) GetOptions() []*Option {
+	if m != nil {
+		return m.Options
+	}
+	return nil
+}
+
+func (m *Api) GetVersion() string {
+	if m != nil {
+		return m.Version
+	}
+	return ""
+}
+
+func (m *Api) GetSourceContext() *SourceContext {
+	if m != nil {
+		return m.SourceContext
+	}
+	return nil
+}
+
+func (m *Api) GetMixins() []*Mixin {
+	if m != nil {
+		return m.Mixins
+	}
+	return nil
+}
+
+func (m *Api) GetSyntax() Syntax {
+	if m != nil {
+		return m.Syntax
+	}
+	return Syntax_SYNTAX_PROTO2
+}
+
+func (*Api) XXX_MessageName() string {
+	return "google.protobuf.Api"
+}
+
+// Method represents a method of an API interface.
+type Method struct {
+	// The simple name of this method.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// A URL of the input message type.
+	RequestTypeUrl string `protobuf:"bytes,2,opt,name=request_type_url,json=requestTypeUrl,proto3" json:"request_type_url,omitempty"`
+	// If true, the request is streamed.
+	RequestStreaming bool `protobuf:"varint,3,opt,name=request_streaming,json=requestStreaming,proto3" json:"request_streaming,omitempty"`
+	// The URL of the output message type.
+	ResponseTypeUrl string `protobuf:"bytes,4,opt,name=response_type_url,json=responseTypeUrl,proto3" json:"response_type_url,omitempty"`
+	// If true, the response is streamed.
+	ResponseStreaming bool `protobuf:"varint,5,opt,name=response_streaming,json=responseStreaming,proto3" json:"response_streaming,omitempty"`
+	// Any metadata attached to the method.
+	Options []*Option `protobuf:"bytes,6,rep,name=options,proto3" json:"options,omitempty"`
+	// The source syntax of this method.
+	Syntax               Syntax   `protobuf:"varint,7,opt,name=syntax,proto3,enum=google.protobuf.Syntax" json:"syntax,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Method) Reset()      { *m = Method{} }
+func (*Method) ProtoMessage() {}
+func (*Method) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a2ec32096296c143, []int{1}
+}
+func (m *Method) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Method) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Method.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Method) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Method.Merge(m, src)
+}
+func (m *Method) XXX_Size() int {
+	return m.Size()
+}
+func (m *Method) XXX_DiscardUnknown() {
+	xxx_messageInfo_Method.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Method proto.InternalMessageInfo
+
+func (m *Method) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Method) GetRequestTypeUrl() string {
+	if m != nil {
+		return m.RequestTypeUrl
+	}
+	return ""
+}
+
+func (m *Method) GetRequestStreaming() bool {
+	if m != nil {
+		return m.RequestStreaming
+	}
+	return false
+}
+
+func (m *Method) GetResponseTypeUrl() string {
+	if m != nil {
+		return m.ResponseTypeUrl
+	}
+	return ""
+}
+
+func (m *Method) GetResponseStreaming() bool {
+	if m != nil {
+		return m.ResponseStreaming
+	}
+	return false
+}
+
+func (m *Method) GetOptions() []*Option {
+	if m != nil {
+		return m.Options
+	}
+	return nil
+}
+
+func (m *Method) GetSyntax() Syntax {
+	if m != nil {
+		return m.Syntax
+	}
+	return Syntax_SYNTAX_PROTO2
+}
+
+func (*Method) XXX_MessageName() string {
+	return "google.protobuf.Method"
+}
+
+// Declares an API Interface to be included in this interface. The including
+// interface must redeclare all the methods from the included interface, but
+// documentation and options are inherited as follows:
+//
+// - If after comment and whitespace stripping, the documentation
+//   string of the redeclared method is empty, it will be inherited
+//   from the original method.
+//
+// - Each annotation belonging to the service config (http,
+//   visibility) which is not set in the redeclared method will be
+//   inherited.
+//
+// - If an http annotation is inherited, the path pattern will be
+//   modified as follows. Any version prefix will be replaced by the
+//   version of the including interface plus the [root][] path if
+//   specified.
+//
+// Example of a simple mixin:
+//
+//     package google.acl.v1;
+//     service AccessControl {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v1/{resource=**}:getAcl";
+//       }
+//     }
+//
+//     package google.storage.v2;
+//     service Storage {
+//       rpc GetAcl(GetAclRequest) returns (Acl);
+//
+//       // Get a data record.
+//       rpc GetData(GetDataRequest) returns (Data) {
+//         option (google.api.http).get = "/v2/{resource=**}";
+//       }
+//     }
+//
+// Example of a mixin configuration:
+//
+//     apis:
+//     - name: google.storage.v2.Storage
+//       mixins:
+//       - name: google.acl.v1.AccessControl
+//
+// The mixin construct implies that all methods in `AccessControl` are
+// also declared with same name and request/response types in
+// `Storage`. A documentation generator or annotation processor will
+// see the effective `Storage.GetAcl` method after inherting
+// documentation and annotations as follows:
+//
+//     service Storage {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v2/{resource=**}:getAcl";
+//       }
+//       ...
+//     }
+//
+// Note how the version in the path pattern changed from `v1` to `v2`.
+//
+// If the `root` field in the mixin is specified, it should be a
+// relative path under which inherited HTTP paths are placed. Example:
+//
+//     apis:
+//     - name: google.storage.v2.Storage
+//       mixins:
+//       - name: google.acl.v1.AccessControl
+//         root: acls
+//
+// This implies the following inherited HTTP annotation:
+//
+//     service Storage {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v2/acls/{resource=**}:getAcl";
+//       }
+//       ...
+//     }
+type Mixin struct {
+	// The fully qualified name of the interface which is included.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// If non-empty specifies a path under which inherited HTTP paths
+	// are rooted.
+	Root                 string   `protobuf:"bytes,2,opt,name=root,proto3" json:"root,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Mixin) Reset()      { *m = Mixin{} }
+func (*Mixin) ProtoMessage() {}
+func (*Mixin) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a2ec32096296c143, []int{2}
+}
+func (m *Mixin) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Mixin) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Mixin.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Mixin) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Mixin.Merge(m, src)
+}
+func (m *Mixin) XXX_Size() int {
+	return m.Size()
+}
+func (m *Mixin) XXX_DiscardUnknown() {
+	xxx_messageInfo_Mixin.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Mixin proto.InternalMessageInfo
+
+func (m *Mixin) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Mixin) GetRoot() string {
+	if m != nil {
+		return m.Root
+	}
+	return ""
+}
+
+func (*Mixin) XXX_MessageName() string {
+	return "google.protobuf.Mixin"
+}
+func init() {
+	proto.RegisterType((*Api)(nil), "google.protobuf.Api")
+	proto.RegisterType((*Method)(nil), "google.protobuf.Method")
+	proto.RegisterType((*Mixin)(nil), "google.protobuf.Mixin")
+}
+
+func init() { proto.RegisterFile("google/protobuf/api.proto", fileDescriptor_a2ec32096296c143) }
+
+var fileDescriptor_a2ec32096296c143 = []byte{
+	// 467 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x91, 0x31, 0x6f, 0x13, 0x31,
+	0x14, 0xc7, 0xeb, 0xbb, 0xe4, 0x52, 0x5c, 0x91, 0x82, 0x91, 0xc0, 0x64, 0xb0, 0x4e, 0x15, 0xc3,
+	0x09, 0xc4, 0x45, 0x94, 0x4f, 0xd0, 0x20, 0xd4, 0x01, 0x21, 0xa2, 0x0b, 0x08, 0x89, 0x25, 0x4a,
+	0x83, 0x09, 0x96, 0xee, 0x6c, 0x63, 0x3b, 0x90, 0x4c, 0xf0, 0x59, 0x98, 0x10, 0x23, 0xdf, 0x80,
+	0xad, 0x23, 0x23, 0x23, 0xb9, 0x2e, 0x8c, 0x1d, 0x19, 0x91, 0x7d, 0xe7, 0xa6, 0x5c, 0x83, 0x04,
+	0x9b, 0xdf, 0xfb, 0xff, 0xfc, 0xf7, 0x7b, 0x7f, 0xc3, 0x9b, 0x33, 0x21, 0x66, 0x39, 0xed, 0x4b,
+	0x25, 0x8c, 0x38, 0x9a, 0xbf, 0xea, 0x4f, 0x24, 0x4b, 0x5d, 0x81, 0x76, 0x2b, 0x29, 0xf5, 0x52,
+	0xef, 0x56, 0x93, 0xd5, 0x62, 0xae, 0xa6, 0x74, 0x3c, 0x15, 0xdc, 0xd0, 0x85, 0xa9, 0xc0, 0x5e,
+	0xaf, 0x49, 0x99, 0xa5, 0xac, 0x4d, 0xf6, 0xbe, 0x06, 0x30, 0x3c, 0x90, 0x0c, 0x21, 0xd8, 0xe2,
+	0x93, 0x82, 0x62, 0x10, 0x83, 0xe4, 0x52, 0xe6, 0xce, 0xe8, 0x1e, 0xec, 0x14, 0xd4, 0xbc, 0x16,
+	0x2f, 0x35, 0x0e, 0xe2, 0x30, 0xd9, 0xd9, 0xbf, 0x91, 0x36, 0x06, 0x48, 0x1f, 0x3b, 0x3d, 0xf3,
+	0x9c, 0xbd, 0x22, 0xa4, 0x61, 0x82, 0x6b, 0x1c, 0xfe, 0xe5, 0xca, 0x13, 0xa7, 0x67, 0x9e, 0x43,
+	0x18, 0x76, 0xde, 0x52, 0xa5, 0x99, 0xe0, 0xb8, 0xe5, 0x1e, 0xf7, 0x25, 0x7a, 0x08, 0xbb, 0x7f,
+	0xee, 0x83, 0xdb, 0x31, 0x48, 0x76, 0xf6, 0xc9, 0x05, 0xcf, 0x91, 0xc3, 0x1e, 0x54, 0x54, 0x76,
+	0x59, 0x9f, 0x2f, 0x51, 0x0a, 0xa3, 0x82, 0x2d, 0x18, 0xd7, 0x38, 0x72, 0x23, 0x5d, 0xbf, 0xb8,
+	0x85, 0x95, 0xb3, 0x9a, 0x42, 0x7d, 0x18, 0xe9, 0x25, 0x37, 0x93, 0x05, 0xee, 0xc4, 0x20, 0xe9,
+	0x6e, 0x58, 0x61, 0xe4, 0xe4, 0xac, 0xc6, 0xf6, 0xbe, 0x04, 0x30, 0xaa, 0x82, 0xd8, 0x18, 0x63,
+	0x02, 0xaf, 0x28, 0xfa, 0x66, 0x4e, 0xb5, 0x19, 0xdb, 0xe0, 0xc7, 0x73, 0x95, 0xe3, 0xc0, 0xe9,
+	0xdd, 0xba, 0xff, 0x74, 0x29, 0xe9, 0x33, 0x95, 0xa3, 0x3b, 0xf0, 0xaa, 0x27, 0xb5, 0x51, 0x74,
+	0x52, 0x30, 0x3e, 0xc3, 0x61, 0x0c, 0x92, 0xed, 0xcc, 0x5b, 0x8c, 0x7c, 0x1f, 0xdd, 0xb6, 0xb0,
+	0x96, 0x82, 0x6b, 0xba, 0xf6, 0xad, 0x12, 0xdc, 0xf5, 0x82, 0x37, 0xbe, 0x0b, 0xd1, 0x19, 0xbb,
+	0x76, 0x6e, 0x3b, 0xe7, 0x33, 0x97, 0xb5, 0xf5, 0xb9, 0x5f, 0x8c, 0xfe, 0xf1, 0x17, 0xff, 0x3b,
+	0xb4, 0x3e, 0x6c, 0xbb, 0xd8, 0x37, 0x46, 0x86, 0x60, 0x4b, 0x09, 0x61, 0xea, 0x98, 0xdc, 0x79,
+	0xf0, 0xfe, 0xfb, 0x8a, 0x6c, 0x9d, 0xae, 0x08, 0xf8, 0xb5, 0x22, 0xe0, 0x43, 0x49, 0xc0, 0xa7,
+	0x92, 0x80, 0xe3, 0x92, 0x80, 0x6f, 0x25, 0x01, 0x3f, 0x4a, 0x02, 0x7e, 0x96, 0x64, 0xeb, 0xd4,
+	0xf6, 0x4f, 0x08, 0x38, 0x3e, 0x21, 0x00, 0x5e, 0x9b, 0x8a, 0xa2, 0x39, 0xc6, 0x60, 0xfb, 0x40,
+	0xb2, 0xa1, 0x2d, 0x86, 0xe0, 0x45, 0xdb, 0xe6, 0xa6, 0x3f, 0x06, 0xe1, 0xe1, 0x70, 0xf0, 0x39,
+	0x20, 0x87, 0x15, 0x3a, 0xf4, 0x13, 0x3f, 0xa7, 0x79, 0xfe, 0x88, 0x8b, 0x77, 0xdc, 0xc6, 0xa8,
+	0x8f, 0x22, 0xe7, 0x71, 0xff, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0x2b, 0x64, 0x40, 0x40, 0xa1,
+	0x03, 0x00, 0x00,
+}
+
+func (this *Api) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Api)
+	if !ok {
+		that2, ok := that.(Api)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.Name != that1.Name {
+		if this.Name < that1.Name {
+			return -1
+		}
+		return 1
+	}
+	if len(this.Methods) != len(that1.Methods) {
+		if len(this.Methods) < len(that1.Methods) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Methods {
+		if c := this.Methods[i].Compare(that1.Methods[i]); c != 0 {
+			return c
+		}
+	}
+	if len(this.Options) != len(that1.Options) {
+		if len(this.Options) < len(that1.Options) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Options {
+		if c := this.Options[i].Compare(that1.Options[i]); c != 0 {
+			return c
+		}
+	}
+	if this.Version != that1.Version {
+		if this.Version < that1.Version {
+			return -1
+		}
+		return 1
+	}
+	if c := this.SourceContext.Compare(that1.SourceContext); c != 0 {
+		return c
+	}
+	if len(this.Mixins) != len(that1.Mixins) {
+		if len(this.Mixins) < len(that1.Mixins) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Mixins {
+		if c := this.Mixins[i].Compare(that1.Mixins[i]); c != 0 {
+			return c
+		}
+	}
+	if this.Syntax != that1.Syntax {
+		if this.Syntax < that1.Syntax {
+			return -1
+		}
+		return 1
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Method) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Method)
+	if !ok {
+		that2, ok := that.(Method)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.Name != that1.Name {
+		if this.Name < that1.Name {
+			return -1
+		}
+		return 1
+	}
+	if this.RequestTypeUrl != that1.RequestTypeUrl {
+		if this.RequestTypeUrl < that1.RequestTypeUrl {
+			return -1
+		}
+		return 1
+	}
+	if this.RequestStreaming != that1.RequestStreaming {
+		if !this.RequestStreaming {
+			return -1
+		}
+		return 1
+	}
+	if this.ResponseTypeUrl != that1.ResponseTypeUrl {
+		if this.ResponseTypeUrl < that1.ResponseTypeUrl {
+			return -1
+		}
+		return 1
+	}
+	if this.ResponseStreaming != that1.ResponseStreaming {
+		if !this.ResponseStreaming {
+			return -1
+		}
+		return 1
+	}
+	if len(this.Options) != len(that1.Options) {
+		if len(this.Options) < len(that1.Options) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Options {
+		if c := this.Options[i].Compare(that1.Options[i]); c != 0 {
+			return c
+		}
+	}
+	if this.Syntax != that1.Syntax {
+		if this.Syntax < that1.Syntax {
+			return -1
+		}
+		return 1
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Mixin) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Mixin)
+	if !ok {
+		that2, ok := that.(Mixin)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.Name != that1.Name {
+		if this.Name < that1.Name {
+			return -1
+		}
+		return 1
+	}
+	if this.Root != that1.Root {
+		if this.Root < that1.Root {
+			return -1
+		}
+		return 1
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Api) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*Api)
+	if !ok {
+		that2, ok := that.(Api)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Name != that1.Name {
+		return false
+	}
+	if len(this.Methods) != len(that1.Methods) {
+		return false
+	}
+	for i := range this.Methods {
+		if !this.Methods[i].Equal(that1.Methods[i]) {
+			return false
+		}
+	}
+	if len(this.Options) != len(that1.Options) {
+		return false
+	}
+	for i := range this.Options {
+		if !this.Options[i].Equal(that1.Options[i]) {
+			return false
+		}
+	}
+	if this.Version != that1.Version {
+		return false
+	}
+	if !this.SourceContext.Equal(that1.SourceContext) {
+		return false
+	}
+	if len(this.Mixins) != len(that1.Mixins) {
+		return false
+	}
+	for i := range this.Mixins {
+		if !this.Mixins[i].Equal(that1.Mixins[i]) {
+			return false
+		}
+	}
+	if this.Syntax != that1.Syntax {
+		return false
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *Method) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*Method)
+	if !ok {
+		that2, ok := that.(Method)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Name != that1.Name {
+		return false
+	}
+	if this.RequestTypeUrl != that1.RequestTypeUrl {
+		return false
+	}
+	if this.RequestStreaming != that1.RequestStreaming {
+		return false
+	}
+	if this.ResponseTypeUrl != that1.ResponseTypeUrl {
+		return false
+	}
+	if this.ResponseStreaming != that1.ResponseStreaming {
+		return false
+	}
+	if len(this.Options) != len(that1.Options) {
+		return false
+	}
+	for i := range this.Options {
+		if !this.Options[i].Equal(that1.Options[i]) {
+			return false
+		}
+	}
+	if this.Syntax != that1.Syntax {
+		return false
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *Mixin) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*Mixin)
+	if !ok {
+		that2, ok := that.(Mixin)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Name != that1.Name {
+		return false
+	}
+	if this.Root != that1.Root {
+		return false
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *Api) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 11)
+	s = append(s, "&types.Api{")
+	s = append(s, "Name: "+fmt.Sprintf("%#v", this.Name)+",\n")
+	if this.Methods != nil {
+		s = append(s, "Methods: "+fmt.Sprintf("%#v", this.Methods)+",\n")
+	}
+	if this.Options != nil {
+		s = append(s, "Options: "+fmt.Sprintf("%#v", this.Options)+",\n")
+	}
+	s = append(s, "Version: "+fmt.Sprintf("%#v", this.Version)+",\n")
+	if this.SourceContext != nil {
+		s = append(s, "SourceContext: "+fmt.Sprintf("%#v", this.SourceContext)+",\n")
+	}
+	if this.Mixins != nil {
+		s = append(s, "Mixins: "+fmt.Sprintf("%#v", this.Mixins)+",\n")
+	}
+	s = append(s, "Syntax: "+fmt.Sprintf("%#v", this.Syntax)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *Method) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 11)
+	s = append(s, "&types.Method{")
+	s = append(s, "Name: "+fmt.Sprintf("%#v", this.Name)+",\n")
+	s = append(s, "RequestTypeUrl: "+fmt.Sprintf("%#v", this.RequestTypeUrl)+",\n")
+	s = append(s, "RequestStreaming: "+fmt.Sprintf("%#v", this.RequestStreaming)+",\n")
+	s = append(s, "ResponseTypeUrl: "+fmt.Sprintf("%#v", this.ResponseTypeUrl)+",\n")
+	s = append(s, "ResponseStreaming: "+fmt.Sprintf("%#v", this.ResponseStreaming)+",\n")
+	if this.Options != nil {
+		s = append(s, "Options: "+fmt.Sprintf("%#v", this.Options)+",\n")
+	}
+	s = append(s, "Syntax: "+fmt.Sprintf("%#v", this.Syntax)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *Mixin) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 6)
+	s = append(s, "&types.Mixin{")
+	s = append(s, "Name: "+fmt.Sprintf("%#v", this.Name)+",\n")
+	s = append(s, "Root: "+fmt.Sprintf("%#v", this.Root)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func valueToGoStringApi(v interface{}, typ string) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
+}
+func (m *Api) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Api) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Api) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Syntax != 0 {
+		i = encodeVarintApi(dAtA, i, uint64(m.Syntax))
+		i--
+		dAtA[i] = 0x38
+	}
+	if len(m.Mixins) > 0 {
+		for iNdEx := len(m.Mixins) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Mixins[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintApi(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x32
+		}
+	}
+	if m.SourceContext != nil {
+		{
+			size, err := m.SourceContext.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintApi(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
+	}
+	if len(m.Version) > 0 {
+		i -= len(m.Version)
+		copy(dAtA[i:], m.Version)
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Version)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.Options) > 0 {
+		for iNdEx := len(m.Options) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Options[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintApi(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.Methods) > 0 {
+		for iNdEx := len(m.Methods) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Methods[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintApi(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Method) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Method) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Method) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Syntax != 0 {
+		i = encodeVarintApi(dAtA, i, uint64(m.Syntax))
+		i--
+		dAtA[i] = 0x38
+	}
+	if len(m.Options) > 0 {
+		for iNdEx := len(m.Options) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Options[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintApi(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x32
+		}
+	}
+	if m.ResponseStreaming {
+		i--
+		if m.ResponseStreaming {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x28
+	}
+	if len(m.ResponseTypeUrl) > 0 {
+		i -= len(m.ResponseTypeUrl)
+		copy(dAtA[i:], m.ResponseTypeUrl)
+		i = encodeVarintApi(dAtA, i, uint64(len(m.ResponseTypeUrl)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.RequestStreaming {
+		i--
+		if m.RequestStreaming {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.RequestTypeUrl) > 0 {
+		i -= len(m.RequestTypeUrl)
+		copy(dAtA[i:], m.RequestTypeUrl)
+		i = encodeVarintApi(dAtA, i, uint64(len(m.RequestTypeUrl)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Mixin) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Mixin) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Mixin) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Root) > 0 {
+		i -= len(m.Root)
+		copy(dAtA[i:], m.Root)
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Root)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintApi(dAtA []byte, offset int, v uint64) int {
+	offset -= sovApi(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func NewPopulatedApi(r randyApi, easy bool) *Api {
+	this := &Api{}
+	this.Name = string(randStringApi(r))
+	if r.Intn(5) != 0 {
+		v1 := r.Intn(5)
+		this.Methods = make([]*Method, v1)
+		for i := 0; i < v1; i++ {
+			this.Methods[i] = NewPopulatedMethod(r, easy)
+		}
+	}
+	if r.Intn(5) != 0 {
+		v2 := r.Intn(5)
+		this.Options = make([]*Option, v2)
+		for i := 0; i < v2; i++ {
+			this.Options[i] = NewPopulatedOption(r, easy)
+		}
+	}
+	this.Version = string(randStringApi(r))
+	if r.Intn(5) != 0 {
+		this.SourceContext = NewPopulatedSourceContext(r, easy)
+	}
+	if r.Intn(5) != 0 {
+		v3 := r.Intn(5)
+		this.Mixins = make([]*Mixin, v3)
+		for i := 0; i < v3; i++ {
+			this.Mixins[i] = NewPopulatedMixin(r, easy)
+		}
+	}
+	this.Syntax = Syntax([]int32{0, 1}[r.Intn(2)])
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedApi(r, 8)
+	}
+	return this
+}
+
+func NewPopulatedMethod(r randyApi, easy bool) *Method {
+	this := &Method{}
+	this.Name = string(randStringApi(r))
+	this.RequestTypeUrl = string(randStringApi(r))
+	this.RequestStreaming = bool(bool(r.Intn(2) == 0))
+	this.ResponseTypeUrl = string(randStringApi(r))
+	this.ResponseStreaming = bool(bool(r.Intn(2) == 0))
+	if r.Intn(5) != 0 {
+		v4 := r.Intn(5)
+		this.Options = make([]*Option, v4)
+		for i := 0; i < v4; i++ {
+			this.Options[i] = NewPopulatedOption(r, easy)
+		}
+	}
+	this.Syntax = Syntax([]int32{0, 1}[r.Intn(2)])
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedApi(r, 8)
+	}
+	return this
+}
+
+func NewPopulatedMixin(r randyApi, easy bool) *Mixin {
+	this := &Mixin{}
+	this.Name = string(randStringApi(r))
+	this.Root = string(randStringApi(r))
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedApi(r, 3)
+	}
+	return this
+}
+
+type randyApi interface {
+	Float32() float32
+	Float64() float64
+	Int63() int64
+	Int31() int32
+	Uint32() uint32
+	Intn(n int) int
+}
+
+func randUTF8RuneApi(r randyApi) rune {
+	ru := r.Intn(62)
+	if ru < 10 {
+		return rune(ru + 48)
+	} else if ru < 36 {
+		return rune(ru + 55)
+	}
+	return rune(ru + 61)
+}
+func randStringApi(r randyApi) string {
+	v5 := r.Intn(100)
+	tmps := make([]rune, v5)
+	for i := 0; i < v5; i++ {
+		tmps[i] = randUTF8RuneApi(r)
+	}
+	return string(tmps)
+}
+func randUnrecognizedApi(r randyApi, maxFieldNumber int) (dAtA []byte) {
+	l := r.Intn(5)
+	for i := 0; i < l; i++ {
+		wire := r.Intn(4)
+		if wire == 3 {
+			wire = 5
+		}
+		fieldNumber := maxFieldNumber + r.Intn(100)
+		dAtA = randFieldApi(dAtA, r, fieldNumber, wire)
+	}
+	return dAtA
+}
+func randFieldApi(dAtA []byte, r randyApi, fieldNumber int, wire int) []byte {
+	key := uint32(fieldNumber)<<3 | uint32(wire)
+	switch wire {
+	case 0:
+		dAtA = encodeVarintPopulateApi(dAtA, uint64(key))
+		v6 := r.Int63()
+		if r.Intn(2) == 0 {
+			v6 *= -1
+		}
+		dAtA = encodeVarintPopulateApi(dAtA, uint64(v6))
+	case 1:
+		dAtA = encodeVarintPopulateApi(dAtA, uint64(key))
+		dAtA = append(dAtA, byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)))
+	case 2:
+		dAtA = encodeVarintPopulateApi(dAtA, uint64(key))
+		ll := r.Intn(100)
+		dAtA = encodeVarintPopulateApi(dAtA, uint64(ll))
+		for j := 0; j < ll; j++ {
+			dAtA = append(dAtA, byte(r.Intn(256)))
+		}
+	default:
+		dAtA = encodeVarintPopulateApi(dAtA, uint64(key))
+		dAtA = append(dAtA, byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)))
+	}
+	return dAtA
+}
+func encodeVarintPopulateApi(dAtA []byte, v uint64) []byte {
+	for v >= 1<<7 {
+		dAtA = append(dAtA, uint8(uint64(v)&0x7f|0x80))
+		v >>= 7
+	}
+	dAtA = append(dAtA, uint8(v))
+	return dAtA
+}
+func (m *Api) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	if len(m.Methods) > 0 {
+		for _, e := range m.Methods {
+			l = e.Size()
+			n += 1 + l + sovApi(uint64(l))
+		}
+	}
+	if len(m.Options) > 0 {
+		for _, e := range m.Options {
+			l = e.Size()
+			n += 1 + l + sovApi(uint64(l))
+		}
+	}
+	l = len(m.Version)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	if m.SourceContext != nil {
+		l = m.SourceContext.Size()
+		n += 1 + l + sovApi(uint64(l))
+	}
+	if len(m.Mixins) > 0 {
+		for _, e := range m.Mixins {
+			l = e.Size()
+			n += 1 + l + sovApi(uint64(l))
+		}
+	}
+	if m.Syntax != 0 {
+		n += 1 + sovApi(uint64(m.Syntax))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *Method) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	l = len(m.RequestTypeUrl)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	if m.RequestStreaming {
+		n += 2
+	}
+	l = len(m.ResponseTypeUrl)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	if m.ResponseStreaming {
+		n += 2
+	}
+	if len(m.Options) > 0 {
+		for _, e := range m.Options {
+			l = e.Size()
+			n += 1 + l + sovApi(uint64(l))
+		}
+	}
+	if m.Syntax != 0 {
+		n += 1 + sovApi(uint64(m.Syntax))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *Mixin) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	l = len(m.Root)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func sovApi(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozApi(x uint64) (n int) {
+	return sovApi(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *Api) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForMethods := "[]*Method{"
+	for _, f := range this.Methods {
+		repeatedStringForMethods += strings.Replace(f.String(), "Method", "Method", 1) + ","
+	}
+	repeatedStringForMethods += "}"
+	repeatedStringForOptions := "[]*Option{"
+	for _, f := range this.Options {
+		repeatedStringForOptions += strings.Replace(fmt.Sprintf("%v", f), "Option", "Option", 1) + ","
+	}
+	repeatedStringForOptions += "}"
+	repeatedStringForMixins := "[]*Mixin{"
+	for _, f := range this.Mixins {
+		repeatedStringForMixins += strings.Replace(f.String(), "Mixin", "Mixin", 1) + ","
+	}
+	repeatedStringForMixins += "}"
+	s := strings.Join([]string{`&Api{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Methods:` + repeatedStringForMethods + `,`,
+		`Options:` + repeatedStringForOptions + `,`,
+		`Version:` + fmt.Sprintf("%v", this.Version) + `,`,
+		`SourceContext:` + strings.Replace(fmt.Sprintf("%v", this.SourceContext), "SourceContext", "SourceContext", 1) + `,`,
+		`Mixins:` + repeatedStringForMixins + `,`,
+		`Syntax:` + fmt.Sprintf("%v", this.Syntax) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Method) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForOptions := "[]*Option{"
+	for _, f := range this.Options {
+		repeatedStringForOptions += strings.Replace(fmt.Sprintf("%v", f), "Option", "Option", 1) + ","
+	}
+	repeatedStringForOptions += "}"
+	s := strings.Join([]string{`&Method{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`RequestTypeUrl:` + fmt.Sprintf("%v", this.RequestTypeUrl) + `,`,
+		`RequestStreaming:` + fmt.Sprintf("%v", this.RequestStreaming) + `,`,
+		`ResponseTypeUrl:` + fmt.Sprintf("%v", this.ResponseTypeUrl) + `,`,
+		`ResponseStreaming:` + fmt.Sprintf("%v", this.ResponseStreaming) + `,`,
+		`Options:` + repeatedStringForOptions + `,`,
+		`Syntax:` + fmt.Sprintf("%v", this.Syntax) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Mixin) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Mixin{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Root:` + fmt.Sprintf("%v", this.Root) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringApi(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *Api) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Api: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Api: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Methods", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Methods = append(m.Methods, &Method{})
+			if err := m.Methods[len(m.Methods)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Options = append(m.Options, &Option{})
+			if err := m.Options[len(m.Options)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Version = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SourceContext", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.SourceContext == nil {
+				m.SourceContext = &SourceContext{}
+			}
+			if err := m.SourceContext.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mixins", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Mixins = append(m.Mixins, &Mixin{})
+			if err := m.Mixins[len(m.Mixins)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Syntax", wireType)
+			}
+			m.Syntax = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Syntax |= Syntax(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApi(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthApi
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Method) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Method: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Method: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RequestTypeUrl", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.RequestTypeUrl = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RequestStreaming", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.RequestStreaming = bool(v != 0)
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResponseTypeUrl", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResponseTypeUrl = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResponseStreaming", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.ResponseStreaming = bool(v != 0)
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Options = append(m.Options, &Option{})
+			if err := m.Options[len(m.Options)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Syntax", wireType)
+			}
+			m.Syntax = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Syntax |= Syntax(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApi(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthApi
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Mixin) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Mixin: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Mixin: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Root", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApi
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Root = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApi(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthApi
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipApi(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	depth := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+		case 1:
+			iNdEx += 8
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if length < 0 {
+				return 0, ErrInvalidLengthApi
+			}
+			iNdEx += length
+		case 3:
+			depth++
+		case 4:
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupApi
+			}
+			depth--
+		case 5:
+			iNdEx += 4
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthApi
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
+	}
+	return 0, io.ErrUnexpectedEOF
+}
+
+var (
+	ErrInvalidLengthApi        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowApi          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupApi = fmt.Errorf("proto: unexpected end of group")
+)
diff --git a/vendor/github.com/gogo/protobuf/types/duration.go b/vendor/github.com/gogo/protobuf/types/duration.go
index 475d61f1db292..979b8e78a4efc 100644
--- a/vendor/github.com/gogo/protobuf/types/duration.go
+++ b/vendor/github.com/gogo/protobuf/types/duration.go
@@ -80,7 +80,7 @@ func DurationFromProto(p *Duration) (time.Duration, error) {
 		return 0, fmt.Errorf("duration: %#v is out of range for time.Duration", p)
 	}
 	if p.Nanos != 0 {
-		d += time.Duration(p.Nanos)
+		d += time.Duration(p.Nanos) * time.Nanosecond
 		if (d < 0) != (p.Nanos < 0) {
 			return 0, fmt.Errorf("duration: %#v is out of range for time.Duration", p)
 		}
diff --git a/vendor/github.com/gogo/protobuf/types/duration.pb.go b/vendor/github.com/gogo/protobuf/types/duration.pb.go
index ee9deacfd3225..4deafcb1ce957 100644
--- a/vendor/github.com/gogo/protobuf/types/duration.pb.go
+++ b/vendor/github.com/gogo/protobuf/types/duration.pb.go
@@ -1,25 +1,18 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: duration.proto
+// source: google/protobuf/duration.proto
 
-/*
-	Package types is a generated protocol buffer package.
-
-	It is generated from these files:
-		duration.proto
-
-	It has these top-level messages:
-		Duration
-*/
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -30,7 +23,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // A Duration represents a signed, fixed-length span of time represented
 // as a count of seconds and fractions of seconds at nanosecond
@@ -103,13 +96,44 @@ type Duration struct {
 	// of one second or more, a non-zero value for the `nanos` field must be
 	// of the same sign as the `seconds` field. Must be from -999,999,999
 	// to +999,999,999 inclusive.
-	Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
+	Nanos                int32    `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Duration) Reset()      { *m = Duration{} }
+func (*Duration) ProtoMessage() {}
+func (*Duration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_23597b2ebd7ac6c5, []int{0}
+}
+func (*Duration) XXX_WellKnownType() string { return "Duration" }
+func (m *Duration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Duration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Duration.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Duration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Duration.Merge(m, src)
+}
+func (m *Duration) XXX_Size() int {
+	return m.Size()
+}
+func (m *Duration) XXX_DiscardUnknown() {
+	xxx_messageInfo_Duration.DiscardUnknown(m)
 }
 
-func (m *Duration) Reset()                    { *m = Duration{} }
-func (*Duration) ProtoMessage()               {}
-func (*Duration) Descriptor() ([]byte, []int) { return fileDescriptorDuration, []int{0} }
-func (*Duration) XXX_WellKnownType() string   { return "Duration" }
+var xxx_messageInfo_Duration proto.InternalMessageInfo
 
 func (m *Duration) GetSeconds() int64 {
 	if m != nil {
@@ -125,9 +149,33 @@ func (m *Duration) GetNanos() int32 {
 	return 0
 }
 
+func (*Duration) XXX_MessageName() string {
+	return "google.protobuf.Duration"
+}
 func init() {
 	proto.RegisterType((*Duration)(nil), "google.protobuf.Duration")
 }
+
+func init() { proto.RegisterFile("google/protobuf/duration.proto", fileDescriptor_23597b2ebd7ac6c5) }
+
+var fileDescriptor_23597b2ebd7ac6c5 = []byte{
+	// 209 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4b, 0xcf, 0xcf, 0x4f,
+	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0x29, 0x2d, 0x4a,
+	0x2c, 0xc9, 0xcc, 0xcf, 0xd3, 0x03, 0x8b, 0x08, 0xf1, 0x43, 0xe4, 0xf5, 0x60, 0xf2, 0x4a, 0x56,
+	0x5c, 0x1c, 0x2e, 0x50, 0x25, 0x42, 0x12, 0x5c, 0xec, 0xc5, 0xa9, 0xc9, 0xf9, 0x79, 0x29, 0xc5,
+	0x12, 0x8c, 0x0a, 0x8c, 0x1a, 0xcc, 0x41, 0x30, 0xae, 0x90, 0x08, 0x17, 0x6b, 0x5e, 0x62, 0x5e,
+	0x7e, 0xb1, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x6b, 0x10, 0x84, 0xe3, 0x54, 0x7f, 0xe3, 0xa1, 0x1c,
+	0xc3, 0x87, 0x87, 0x72, 0x8c, 0x2b, 0x1e, 0xc9, 0x31, 0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91,
+	0x1c, 0xe3, 0x83, 0x47, 0x72, 0x8c, 0x2f, 0x1e, 0xc9, 0x31, 0x7c, 0x78, 0x24, 0xc7, 0xb8, 0xe2,
+	0xb1, 0x1c, 0xe3, 0x89, 0xc7, 0x72, 0x8c, 0x5c, 0xc2, 0xc9, 0xf9, 0xb9, 0x7a, 0x68, 0x56, 0x3b,
+	0xf1, 0xc2, 0x2c, 0x0e, 0x00, 0x89, 0x04, 0x30, 0x46, 0xb1, 0x96, 0x54, 0x16, 0xa4, 0x16, 0xff,
+	0x60, 0x64, 0x5c, 0xc4, 0xc4, 0xec, 0x1e, 0xe0, 0xb4, 0x8a, 0x49, 0xce, 0x1d, 0xa2, 0x25, 0x00,
+	0xaa, 0x45, 0x2f, 0x3c, 0x35, 0x27, 0xc7, 0x3b, 0x2f, 0xbf, 0x3c, 0x2f, 0x04, 0xa4, 0x32, 0x89,
+	0x0d, 0x6c, 0x96, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0x8a, 0x1c, 0x64, 0x4e, 0xf6, 0x00, 0x00,
+	0x00,
+}
+
 func (this *Duration) Compare(that interface{}) int {
 	if that == nil {
 		if this == nil {
@@ -165,6 +213,9 @@ func (this *Duration) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Duration) Equal(that interface{}) bool {
@@ -192,6 +243,9 @@ func (this *Duration) Equal(that interface{}) bool {
 	if this.Nanos != that1.Nanos {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Duration) GoString() string {
@@ -202,6 +256,9 @@ func (this *Duration) GoString() string {
 	s = append(s, "&types.Duration{")
 	s = append(s, "Seconds: "+fmt.Sprintf("%#v", this.Seconds)+",\n")
 	s = append(s, "Nanos: "+fmt.Sprintf("%#v", this.Nanos)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -216,7 +273,7 @@ func valueToGoStringDuration(v interface{}, typ string) string {
 func (m *Duration) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -224,33 +281,47 @@ func (m *Duration) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Duration) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Duration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Seconds != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintDuration(dAtA, i, uint64(m.Seconds))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Nanos != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintDuration(dAtA, i, uint64(m.Nanos))
+		i--
+		dAtA[i] = 0x10
 	}
-	return i, nil
+	if m.Seconds != 0 {
+		i = encodeVarintDuration(dAtA, i, uint64(m.Seconds))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintDuration(dAtA []byte, offset int, v uint64) int {
+	offset -= sovDuration(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Duration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Seconds != 0 {
@@ -259,18 +330,14 @@ func (m *Duration) Size() (n int) {
 	if m.Nanos != 0 {
 		n += 1 + sovDuration(uint64(m.Nanos))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovDuration(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozDuration(x uint64) (n int) {
 	return sovDuration(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -290,7 +357,7 @@ func (m *Duration) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -318,7 +385,7 @@ func (m *Duration) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Seconds |= (int64(b) & 0x7F) << shift
+				m.Seconds |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -337,7 +404,7 @@ func (m *Duration) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Nanos |= (int32(b) & 0x7F) << shift
+				m.Nanos |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -348,12 +415,13 @@ func (m *Duration) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthDuration
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -366,6 +434,7 @@ func (m *Duration) Unmarshal(dAtA []byte) error {
 func skipDuration(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -397,10 +466,8 @@ func skipDuration(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -417,72 +484,34 @@ func skipDuration(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthDuration
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowDuration
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipDuration(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupDuration
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthDuration
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthDuration = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowDuration   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthDuration        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowDuration          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupDuration = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("duration.proto", fileDescriptorDuration) }
-
-var fileDescriptorDuration = []byte{
-	// 203 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4b, 0x29, 0x2d, 0x4a,
-	0x2c, 0xc9, 0xcc, 0xcf, 0xd3, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x4f, 0xcf, 0xcf, 0x4f,
-	0xcf, 0x49, 0x85, 0xf0, 0x92, 0x4a, 0xd3, 0x94, 0xac, 0xb8, 0x38, 0x5c, 0xa0, 0x4a, 0x84, 0x24,
-	0xb8, 0xd8, 0x8b, 0x53, 0x93, 0xf3, 0xf3, 0x52, 0x8a, 0x25, 0x18, 0x15, 0x18, 0x35, 0x98, 0x83,
-	0x60, 0x5c, 0x21, 0x11, 0x2e, 0xd6, 0xbc, 0xc4, 0xbc, 0xfc, 0x62, 0x09, 0x26, 0x05, 0x46, 0x0d,
-	0xd6, 0x20, 0x08, 0xc7, 0xa9, 0xfe, 0xc2, 0x43, 0x39, 0x86, 0x1b, 0x0f, 0xe5, 0x18, 0x3e, 0x3c,
-	0x94, 0x63, 0x5c, 0xf1, 0x48, 0x8e, 0xf1, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x1f,
-	0x3c, 0x92, 0x63, 0x7c, 0xf1, 0x48, 0x8e, 0xe1, 0xc3, 0x23, 0x39, 0xc6, 0x15, 0x8f, 0xe5, 0x18,
-	0xb9, 0x84, 0x93, 0xf3, 0x73, 0xf5, 0xd0, 0xac, 0x76, 0xe2, 0x85, 0x59, 0x1c, 0x00, 0x12, 0x09,
-	0x60, 0x8c, 0x62, 0x2d, 0xa9, 0x2c, 0x48, 0x2d, 0xfe, 0xc1, 0xc8, 0xb8, 0x88, 0x89, 0xd9, 0x3d,
-	0xc0, 0x69, 0x15, 0x93, 0x9c, 0x3b, 0x44, 0x4b, 0x00, 0x54, 0x8b, 0x5e, 0x78, 0x6a, 0x4e, 0x8e,
-	0x77, 0x5e, 0x7e, 0x79, 0x5e, 0x08, 0x48, 0x65, 0x12, 0x1b, 0xd8, 0x2c, 0x63, 0x40, 0x00, 0x00,
-	0x00, 0xff, 0xff, 0x9d, 0x5a, 0x25, 0xa5, 0xe6, 0x00, 0x00, 0x00,
-}
diff --git a/vendor/github.com/gogo/protobuf/types/empty.pb.go b/vendor/github.com/gogo/protobuf/types/empty.pb.go
index e7018b905d45e..9e94748b3a33b 100644
--- a/vendor/github.com/gogo/protobuf/types/empty.pb.go
+++ b/vendor/github.com/gogo/protobuf/types/empty.pb.go
@@ -1,25 +1,18 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: empty.proto
+// source: google/protobuf/empty.proto
 
-/*
-Package types is a generated protocol buffer package.
-
-It is generated from these files:
-	empty.proto
-
-It has these top-level messages:
-	Empty
-*/
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -30,7 +23,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // A generic empty message that you can re-use to avoid defining duplicated
 // empty messages in your APIs. A typical example is to use it as the request
@@ -42,16 +35,68 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 //
 // The JSON representation for `Empty` is empty JSON object `{}`.
 type Empty struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Empty) Reset()      { *m = Empty{} }
+func (*Empty) ProtoMessage() {}
+func (*Empty) Descriptor() ([]byte, []int) {
+	return fileDescriptor_900544acb223d5b8, []int{0}
+}
+func (*Empty) XXX_WellKnownType() string { return "Empty" }
+func (m *Empty) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Empty.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Empty) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Empty.Merge(m, src)
+}
+func (m *Empty) XXX_Size() int {
+	return m.Size()
+}
+func (m *Empty) XXX_DiscardUnknown() {
+	xxx_messageInfo_Empty.DiscardUnknown(m)
 }
 
-func (m *Empty) Reset()                    { *m = Empty{} }
-func (*Empty) ProtoMessage()               {}
-func (*Empty) Descriptor() ([]byte, []int) { return fileDescriptorEmpty, []int{0} }
-func (*Empty) XXX_WellKnownType() string   { return "Empty" }
+var xxx_messageInfo_Empty proto.InternalMessageInfo
 
+func (*Empty) XXX_MessageName() string {
+	return "google.protobuf.Empty"
+}
 func init() {
 	proto.RegisterType((*Empty)(nil), "google.protobuf.Empty")
 }
+
+func init() { proto.RegisterFile("google/protobuf/empty.proto", fileDescriptor_900544acb223d5b8) }
+
+var fileDescriptor_900544acb223d5b8 = []byte{
+	// 176 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4e, 0xcf, 0xcf, 0x4f,
+	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0xcd, 0x2d, 0x28,
+	0xa9, 0xd4, 0x03, 0x73, 0x85, 0xf8, 0x21, 0x92, 0x7a, 0x30, 0x49, 0x25, 0x76, 0x2e, 0x56, 0x57,
+	0x90, 0xbc, 0x53, 0x0b, 0xe3, 0x8d, 0x87, 0x72, 0x0c, 0x1f, 0x1e, 0xca, 0x31, 0xfe, 0x78, 0x28,
+	0xc7, 0xd8, 0xf0, 0x48, 0x8e, 0x71, 0xc5, 0x23, 0x39, 0xc6, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c,
+	0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0xf1, 0xc5, 0x23, 0x39, 0x86, 0x0f, 0x20, 0xf1, 0xc7, 0x72,
+	0x8c, 0x27, 0x1e, 0xcb, 0x31, 0x72, 0x09, 0x27, 0xe7, 0xe7, 0xea, 0xa1, 0x19, 0xe8, 0xc4, 0x05,
+	0x36, 0x2e, 0x00, 0xc4, 0x0d, 0x60, 0x8c, 0x62, 0x2d, 0xa9, 0x2c, 0x48, 0x2d, 0xfe, 0xc1, 0xc8,
+	0xb8, 0x88, 0x89, 0xd9, 0x3d, 0xc0, 0x69, 0x15, 0x93, 0x9c, 0x3b, 0x44, 0x7d, 0x00, 0x54, 0xbd,
+	0x5e, 0x78, 0x6a, 0x4e, 0x8e, 0x77, 0x5e, 0x7e, 0x79, 0x5e, 0x08, 0x48, 0x65, 0x12, 0x1b, 0xd8,
+	0x20, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0x21, 0xbe, 0xb6, 0x31, 0xc6, 0x00, 0x00, 0x00,
+}
+
 func (this *Empty) Compare(that interface{}) int {
 	if that == nil {
 		if this == nil {
@@ -77,6 +122,9 @@ func (this *Empty) Compare(that interface{}) int {
 	} else if this == nil {
 		return -1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Empty) Equal(that interface{}) bool {
@@ -98,6 +146,9 @@ func (this *Empty) Equal(that interface{}) bool {
 	} else if this == nil {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Empty) GoString() string {
@@ -106,6 +157,9 @@ func (this *Empty) GoString() string {
 	}
 	s := make([]string, 0, 4)
 	s = append(s, "&types.Empty{")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -120,7 +174,7 @@ func valueToGoStringEmpty(v interface{}, typ string) string {
 func (m *Empty) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -128,25 +182,37 @@ func (m *Empty) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Empty) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Empty) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintEmpty(dAtA []byte, offset int, v uint64) int {
+	offset -= sovEmpty(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func NewPopulatedEmpty(r randyEmpty, easy bool) *Empty {
 	this := &Empty{}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedEmpty(r, 1)
 	}
 	return this
 }
@@ -224,20 +290,19 @@ func encodeVarintPopulateEmpty(dAtA []byte, v uint64) []byte {
 	return dAtA
 }
 func (m *Empty) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovEmpty(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozEmpty(x uint64) (n int) {
 	return sovEmpty(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -247,6 +312,7 @@ func (this *Empty) String() string {
 		return "nil"
 	}
 	s := strings.Join([]string{`&Empty{`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -274,7 +340,7 @@ func (m *Empty) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -294,12 +360,13 @@ func (m *Empty) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthEmpty
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -312,6 +379,7 @@ func (m *Empty) Unmarshal(dAtA []byte) error {
 func skipEmpty(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -343,10 +411,8 @@ func skipEmpty(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -363,70 +429,34 @@ func skipEmpty(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthEmpty
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowEmpty
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipEmpty(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupEmpty
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthEmpty
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthEmpty = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowEmpty   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthEmpty        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowEmpty          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupEmpty = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("empty.proto", fileDescriptorEmpty) }
-
-var fileDescriptorEmpty = []byte{
-	// 169 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4e, 0xcd, 0x2d, 0x28,
-	0xa9, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x4f, 0xcf, 0xcf, 0x4f, 0xcf, 0x49, 0x85,
-	0xf0, 0x92, 0x4a, 0xd3, 0x94, 0xd8, 0xb9, 0x58, 0x5d, 0x41, 0xf2, 0x4e, 0x2d, 0x8c, 0x17, 0x1e,
-	0xca, 0x31, 0xdc, 0x78, 0x28, 0xc7, 0xf0, 0xe1, 0xa1, 0x1c, 0xe3, 0x8f, 0x87, 0x72, 0x8c, 0x0d,
-	0x8f, 0xe4, 0x18, 0x57, 0x3c, 0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6,
-	0x07, 0x8f, 0xe4, 0x18, 0x5f, 0x3c, 0x92, 0x63, 0xf8, 0x00, 0x12, 0x7f, 0x2c, 0xc7, 0xc8, 0x25,
-	0x9c, 0x9c, 0x9f, 0xab, 0x87, 0x66, 0xa0, 0x13, 0x17, 0xd8, 0xb8, 0x00, 0x10, 0x37, 0x80, 0x31,
-	0x8a, 0xb5, 0xa4, 0xb2, 0x20, 0xb5, 0xf8, 0x07, 0x23, 0xe3, 0x22, 0x26, 0x66, 0xf7, 0x00, 0xa7,
-	0x55, 0x4c, 0x72, 0xee, 0x10, 0xf5, 0x01, 0x50, 0xf5, 0x7a, 0xe1, 0xa9, 0x39, 0x39, 0xde, 0x79,
-	0xf9, 0xe5, 0x79, 0x21, 0x20, 0x95, 0x49, 0x6c, 0x60, 0x83, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff,
-	0xff, 0x7c, 0xa8, 0xf0, 0xc4, 0xb6, 0x00, 0x00, 0x00,
-}
diff --git a/vendor/github.com/gogo/protobuf/types/field_mask.pb.go b/vendor/github.com/gogo/protobuf/types/field_mask.pb.go
index 22e8b4f0db494..6ae346d92527c 100644
--- a/vendor/github.com/gogo/protobuf/types/field_mask.pb.go
+++ b/vendor/github.com/gogo/protobuf/types/field_mask.pb.go
@@ -1,25 +1,18 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: field_mask.proto
+// source: google/protobuf/field_mask.proto
 
-/*
-Package types is a generated protocol buffer package.
-
-It is generated from these files:
-	field_mask.proto
-
-It has these top-level messages:
-	FieldMask
-*/
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -30,7 +23,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // `FieldMask` represents a set of symbolic field paths, for example:
 //
@@ -100,57 +93,49 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 // describe the updated values, the API ignores the values of all
 // fields not covered by the mask.
 //
-// If a repeated field is specified for an update operation, the existing
-// repeated values in the target resource will be overwritten by the new values.
-// Note that a repeated field is only allowed in the last position of a `paths`
-// string.
+// If a repeated field is specified for an update operation, new values will
+// be appended to the existing repeated field in the target resource. Note that
+// a repeated field is only allowed in the last position of a `paths` string.
 //
 // If a sub-message is specified in the last position of the field mask for an
-// update operation, then the existing sub-message in the target resource is
-// overwritten. Given the target message:
+// update operation, then new value will be merged into the existing sub-message
+// in the target resource.
+//
+// For example, given the target message:
 //
 //     f {
 //       b {
-//         d : 1
-//         x : 2
+//         d: 1
+//         x: 2
 //       }
-//       c : 1
+//       c: [1]
 //     }
 //
 // And an update message:
 //
 //     f {
 //       b {
-//         d : 10
+//         d: 10
 //       }
+//       c: [2]
 //     }
 //
 // then if the field mask is:
 //
-//  paths: "f.b"
+//  paths: ["f.b", "f.c"]
 //
 // then the result will be:
 //
 //     f {
 //       b {
-//         d : 10
+//         d: 10
+//         x: 2
 //       }
-//       c : 1
+//       c: [1, 2]
 //     }
 //
-// However, if the update mask was:
-//
-//  paths: "f.b.d"
-//
-// then the result would be:
-//
-//     f {
-//       b {
-//         d : 10
-//         x : 2
-//       }
-//       c : 1
-//     }
+// An implementation may provide options to override this default behavior for
+// repeated and message fields.
 //
 // In order to reset a field's value to the default, the field must
 // be in the mask and set to the default value in the provided resource.
@@ -233,14 +218,51 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 //
 // Note that oneof type names ("test_oneof" in this case) cannot be used in
 // paths.
+//
+// ## Field Mask Verification
+//
+// The implementation of any API method which has a FieldMask type field in the
+// request should verify the included field paths, and return an
+// `INVALID_ARGUMENT` error if any path is duplicated or unmappable.
 type FieldMask struct {
 	// The set of field mask paths.
-	Paths []string `protobuf:"bytes,1,rep,name=paths" json:"paths,omitempty"`
+	Paths                []string `protobuf:"bytes,1,rep,name=paths,proto3" json:"paths,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *FieldMask) Reset()                    { *m = FieldMask{} }
-func (*FieldMask) ProtoMessage()               {}
-func (*FieldMask) Descriptor() ([]byte, []int) { return fileDescriptorFieldMask, []int{0} }
+func (m *FieldMask) Reset()      { *m = FieldMask{} }
+func (*FieldMask) ProtoMessage() {}
+func (*FieldMask) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5158202634f0da48, []int{0}
+}
+func (m *FieldMask) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FieldMask) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_FieldMask.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *FieldMask) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FieldMask.Merge(m, src)
+}
+func (m *FieldMask) XXX_Size() int {
+	return m.Size()
+}
+func (m *FieldMask) XXX_DiscardUnknown() {
+	xxx_messageInfo_FieldMask.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FieldMask proto.InternalMessageInfo
 
 func (m *FieldMask) GetPaths() []string {
 	if m != nil {
@@ -249,9 +271,32 @@ func (m *FieldMask) GetPaths() []string {
 	return nil
 }
 
+func (*FieldMask) XXX_MessageName() string {
+	return "google.protobuf.FieldMask"
+}
 func init() {
 	proto.RegisterType((*FieldMask)(nil), "google.protobuf.FieldMask")
 }
+
+func init() { proto.RegisterFile("google/protobuf/field_mask.proto", fileDescriptor_5158202634f0da48) }
+
+var fileDescriptor_5158202634f0da48 = []byte{
+	// 203 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x48, 0xcf, 0xcf, 0x4f,
+	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0xcb, 0x4c, 0xcd,
+	0x49, 0x89, 0xcf, 0x4d, 0x2c, 0xce, 0xd6, 0x03, 0x8b, 0x09, 0xf1, 0x43, 0x54, 0xe8, 0xc1, 0x54,
+	0x28, 0x29, 0x72, 0x71, 0xba, 0x81, 0x14, 0xf9, 0x26, 0x16, 0x67, 0x0b, 0x89, 0x70, 0xb1, 0x16,
+	0x24, 0x96, 0x64, 0x14, 0x4b, 0x30, 0x2a, 0x30, 0x6b, 0x70, 0x06, 0x41, 0x38, 0x4e, 0x1d, 0x8c,
+	0x37, 0x1e, 0xca, 0x31, 0x7c, 0x78, 0x28, 0xc7, 0xf8, 0xe3, 0xa1, 0x1c, 0x63, 0xc3, 0x23, 0x39,
+	0xc6, 0x15, 0x8f, 0xe4, 0x18, 0x4f, 0x3c, 0x92, 0x63, 0xbc, 0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23,
+	0x39, 0xc6, 0x17, 0x8f, 0xe4, 0x18, 0x3e, 0x80, 0xc4, 0x1f, 0xcb, 0x31, 0x9e, 0x78, 0x2c, 0xc7,
+	0xc8, 0x25, 0x9c, 0x9c, 0x9f, 0xab, 0x87, 0x66, 0x95, 0x13, 0x1f, 0xdc, 0xa2, 0x00, 0x90, 0x50,
+	0x00, 0x63, 0x14, 0x6b, 0x49, 0x65, 0x41, 0x6a, 0xf1, 0x0f, 0x46, 0xc6, 0x45, 0x4c, 0xcc, 0xee,
+	0x01, 0x4e, 0xab, 0x98, 0xe4, 0xdc, 0x21, 0x7a, 0x02, 0xa0, 0x7a, 0xf4, 0xc2, 0x53, 0x73, 0x72,
+	0xbc, 0xf3, 0xf2, 0xcb, 0xf3, 0x42, 0x40, 0x2a, 0x93, 0xd8, 0xc0, 0x86, 0x19, 0x03, 0x02, 0x00,
+	0x00, 0xff, 0xff, 0x43, 0xa0, 0x83, 0xd0, 0xe9, 0x00, 0x00, 0x00,
+}
+
 func (this *FieldMask) Compare(that interface{}) int {
 	if that == nil {
 		if this == nil {
@@ -291,6 +336,9 @@ func (this *FieldMask) Compare(that interface{}) int {
 			return 1
 		}
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *FieldMask) Equal(that interface{}) bool {
@@ -320,6 +368,9 @@ func (this *FieldMask) Equal(that interface{}) bool {
 			return false
 		}
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *FieldMask) GoString() string {
@@ -329,6 +380,9 @@ func (this *FieldMask) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.FieldMask{")
 	s = append(s, "Paths: "+fmt.Sprintf("%#v", this.Paths)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -343,7 +397,7 @@ func valueToGoStringFieldMask(v interface{}, typ string) string {
 func (m *FieldMask) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -351,36 +405,41 @@ func (m *FieldMask) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *FieldMask) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FieldMask) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Paths) > 0 {
-		for _, s := range m.Paths {
+		for iNdEx := len(m.Paths) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Paths[iNdEx])
+			copy(dAtA[i:], m.Paths[iNdEx])
+			i = encodeVarintFieldMask(dAtA, i, uint64(len(m.Paths[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintFieldMask(dAtA []byte, offset int, v uint64) int {
+	offset -= sovFieldMask(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func NewPopulatedFieldMask(r randyFieldMask, easy bool) *FieldMask {
 	this := &FieldMask{}
@@ -390,6 +449,7 @@ func NewPopulatedFieldMask(r randyFieldMask, easy bool) *FieldMask {
 		this.Paths[i] = string(randStringFieldMask(r))
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedFieldMask(r, 2)
 	}
 	return this
 }
@@ -467,6 +527,9 @@ func encodeVarintPopulateFieldMask(dAtA []byte, v uint64) []byte {
 	return dAtA
 }
 func (m *FieldMask) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Paths) > 0 {
@@ -475,18 +538,14 @@ func (m *FieldMask) Size() (n int) {
 			n += 1 + l + sovFieldMask(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovFieldMask(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozFieldMask(x uint64) (n int) {
 	return sovFieldMask(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -497,6 +556,7 @@ func (this *FieldMask) String() string {
 	}
 	s := strings.Join([]string{`&FieldMask{`,
 		`Paths:` + fmt.Sprintf("%v", this.Paths) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -524,7 +584,7 @@ func (m *FieldMask) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -552,7 +612,7 @@ func (m *FieldMask) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -562,6 +622,9 @@ func (m *FieldMask) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthFieldMask
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthFieldMask
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -573,12 +636,13 @@ func (m *FieldMask) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthFieldMask
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -591,6 +655,7 @@ func (m *FieldMask) Unmarshal(dAtA []byte) error {
 func skipFieldMask(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -622,10 +687,8 @@ func skipFieldMask(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -642,72 +705,34 @@ func skipFieldMask(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthFieldMask
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowFieldMask
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipFieldMask(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupFieldMask
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthFieldMask
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthFieldMask = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowFieldMask   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthFieldMask        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowFieldMask          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupFieldMask = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("field_mask.proto", fileDescriptorFieldMask) }
-
-var fileDescriptorFieldMask = []byte{
-	// 193 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x48, 0xcb, 0x4c, 0xcd,
-	0x49, 0x89, 0xcf, 0x4d, 0x2c, 0xce, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x4f, 0xcf,
-	0xcf, 0x4f, 0xcf, 0x49, 0x85, 0xf0, 0x92, 0x4a, 0xd3, 0x94, 0x14, 0xb9, 0x38, 0xdd, 0x40, 0x8a,
-	0x7c, 0x13, 0x8b, 0xb3, 0x85, 0x44, 0xb8, 0x58, 0x0b, 0x12, 0x4b, 0x32, 0x8a, 0x25, 0x18, 0x15,
-	0x98, 0x35, 0x38, 0x83, 0x20, 0x1c, 0xa7, 0x56, 0xc6, 0x0b, 0x0f, 0xe5, 0x18, 0x6e, 0x3c, 0x94,
-	0x63, 0xf8, 0xf0, 0x50, 0x8e, 0xf1, 0xc7, 0x43, 0x39, 0xc6, 0x86, 0x47, 0x72, 0x8c, 0x2b, 0x1e,
-	0xc9, 0x31, 0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c, 0xe3, 0x83, 0x47, 0x72, 0x8c, 0x2f,
-	0x1e, 0xc9, 0x31, 0x7c, 0x00, 0x89, 0x3f, 0x96, 0x63, 0xe4, 0x12, 0x4e, 0xce, 0xcf, 0xd5, 0x43,
-	0xb3, 0xca, 0x89, 0x0f, 0x6e, 0x51, 0x00, 0x48, 0x28, 0x80, 0x31, 0x8a, 0xb5, 0xa4, 0xb2, 0x20,
-	0xb5, 0x78, 0x11, 0x13, 0xb3, 0x7b, 0x80, 0xd3, 0x2a, 0x26, 0x39, 0x77, 0x88, 0x86, 0x00, 0xa8,
-	0x06, 0xbd, 0xf0, 0xd4, 0x9c, 0x1c, 0xef, 0xbc, 0xfc, 0xf2, 0xbc, 0x10, 0x90, 0xb2, 0x24, 0x36,
-	0xb0, 0x49, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x51, 0x31, 0x89, 0xb5, 0xd6, 0x00, 0x00,
-	0x00,
-}
diff --git a/vendor/github.com/gogo/protobuf/types/protosize.go b/vendor/github.com/gogo/protobuf/types/protosize.go
new file mode 100644
index 0000000000000..3a2d1b7e1118d
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/types/protosize.go
@@ -0,0 +1,34 @@
+package types
+
+func (m *Any) ProtoSize() (n int)               { return m.Size() }
+func (m *Api) ProtoSize() (n int)               { return m.Size() }
+func (m *Method) ProtoSize() (n int)            { return m.Size() }
+func (m *Mixin) ProtoSize() (n int)             { return m.Size() }
+func (m *Duration) ProtoSize() (n int)          { return m.Size() }
+func (m *Empty) ProtoSize() (n int)             { return m.Size() }
+func (m *FieldMask) ProtoSize() (n int)         { return m.Size() }
+func (m *SourceContext) ProtoSize() (n int)     { return m.Size() }
+func (m *Struct) ProtoSize() (n int)            { return m.Size() }
+func (m *Value) ProtoSize() (n int)             { return m.Size() }
+func (m *Value_NullValue) ProtoSize() (n int)   { return m.Size() }
+func (m *Value_NumberValue) ProtoSize() (n int) { return m.Size() }
+func (m *Value_StringValue) ProtoSize() (n int) { return m.Size() }
+func (m *Value_BoolValue) ProtoSize() (n int)   { return m.Size() }
+func (m *Value_StructValue) ProtoSize() (n int) { return m.Size() }
+func (m *Value_ListValue) ProtoSize() (n int)   { return m.Size() }
+func (m *ListValue) ProtoSize() (n int)         { return m.Size() }
+func (m *Timestamp) ProtoSize() (n int)         { return m.Size() }
+func (m *Type) ProtoSize() (n int)              { return m.Size() }
+func (m *Field) ProtoSize() (n int)             { return m.Size() }
+func (m *Enum) ProtoSize() (n int)              { return m.Size() }
+func (m *EnumValue) ProtoSize() (n int)         { return m.Size() }
+func (m *Option) ProtoSize() (n int)            { return m.Size() }
+func (m *DoubleValue) ProtoSize() (n int)       { return m.Size() }
+func (m *FloatValue) ProtoSize() (n int)        { return m.Size() }
+func (m *Int64Value) ProtoSize() (n int)        { return m.Size() }
+func (m *UInt64Value) ProtoSize() (n int)       { return m.Size() }
+func (m *Int32Value) ProtoSize() (n int)        { return m.Size() }
+func (m *UInt32Value) ProtoSize() (n int)       { return m.Size() }
+func (m *BoolValue) ProtoSize() (n int)         { return m.Size() }
+func (m *StringValue) ProtoSize() (n int)       { return m.Size() }
+func (m *BytesValue) ProtoSize() (n int)        { return m.Size() }
diff --git a/vendor/github.com/gogo/protobuf/types/source_context.pb.go b/vendor/github.com/gogo/protobuf/types/source_context.pb.go
new file mode 100644
index 0000000000000..8e6ce71b275eb
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/types/source_context.pb.go
@@ -0,0 +1,524 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: google/protobuf/source_context.proto
+
+package types
+
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
+// `SourceContext` represents information about the source of a
+// protobuf element, like the file in which it is defined.
+type SourceContext struct {
+	// The path-qualified name of the .proto file that contained the associated
+	// protobuf element.  For example: `"google/protobuf/source_context.proto"`.
+	FileName             string   `protobuf:"bytes,1,opt,name=file_name,json=fileName,proto3" json:"file_name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *SourceContext) Reset()      { *m = SourceContext{} }
+func (*SourceContext) ProtoMessage() {}
+func (*SourceContext) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b686cdb126d509db, []int{0}
+}
+func (m *SourceContext) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SourceContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SourceContext.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SourceContext) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SourceContext.Merge(m, src)
+}
+func (m *SourceContext) XXX_Size() int {
+	return m.Size()
+}
+func (m *SourceContext) XXX_DiscardUnknown() {
+	xxx_messageInfo_SourceContext.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SourceContext proto.InternalMessageInfo
+
+func (m *SourceContext) GetFileName() string {
+	if m != nil {
+		return m.FileName
+	}
+	return ""
+}
+
+func (*SourceContext) XXX_MessageName() string {
+	return "google.protobuf.SourceContext"
+}
+func init() {
+	proto.RegisterType((*SourceContext)(nil), "google.protobuf.SourceContext")
+}
+
+func init() {
+	proto.RegisterFile("google/protobuf/source_context.proto", fileDescriptor_b686cdb126d509db)
+}
+
+var fileDescriptor_b686cdb126d509db = []byte{
+	// 212 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x49, 0xcf, 0xcf, 0x4f,
+	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0xce, 0x2f, 0x2d,
+	0x4a, 0x4e, 0x8d, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xad, 0x28, 0xd1, 0x03, 0x8b, 0x0b, 0xf1, 0x43,
+	0x54, 0xe9, 0xc1, 0x54, 0x29, 0xe9, 0x70, 0xf1, 0x06, 0x83, 0x15, 0x3a, 0x43, 0xd4, 0x09, 0x49,
+	0x73, 0x71, 0xa6, 0x65, 0xe6, 0xa4, 0xc6, 0xe7, 0x25, 0xe6, 0xa6, 0x4a, 0x30, 0x2a, 0x30, 0x6a,
+	0x70, 0x06, 0x71, 0x80, 0x04, 0xfc, 0x12, 0x73, 0x53, 0x9d, 0x3a, 0x19, 0x6f, 0x3c, 0x94, 0x63,
+	0xf8, 0xf0, 0x50, 0x8e, 0xf1, 0xc7, 0x43, 0x39, 0xc6, 0x86, 0x47, 0x72, 0x8c, 0x2b, 0x1e, 0xc9,
+	0x31, 0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c, 0xe3, 0x83, 0x47, 0x72, 0x8c, 0x2f, 0x1e,
+	0xc9, 0x31, 0x7c, 0x00, 0x89, 0x3f, 0x96, 0x63, 0x3c, 0xf1, 0x58, 0x8e, 0x91, 0x4b, 0x38, 0x39,
+	0x3f, 0x57, 0x0f, 0xcd, 0x56, 0x27, 0x21, 0x14, 0x3b, 0x03, 0x40, 0xc2, 0x01, 0x8c, 0x51, 0xac,
+	0x25, 0x95, 0x05, 0xa9, 0xc5, 0x8b, 0x98, 0x98, 0xdd, 0x03, 0x9c, 0x56, 0x31, 0xc9, 0xb9, 0x43,
+	0x34, 0x05, 0x40, 0x35, 0xe9, 0x85, 0xa7, 0xe6, 0xe4, 0x78, 0xe7, 0xe5, 0x97, 0xe7, 0x85, 0x80,
+	0x94, 0x25, 0xb1, 0x81, 0x4d, 0x33, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0xb8, 0x37, 0x2a, 0xa1,
+	0xf9, 0x00, 0x00, 0x00,
+}
+
+func (this *SourceContext) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*SourceContext)
+	if !ok {
+		that2, ok := that.(SourceContext)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.FileName != that1.FileName {
+		if this.FileName < that1.FileName {
+			return -1
+		}
+		return 1
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *SourceContext) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*SourceContext)
+	if !ok {
+		that2, ok := that.(SourceContext)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.FileName != that1.FileName {
+		return false
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *SourceContext) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 5)
+	s = append(s, "&types.SourceContext{")
+	s = append(s, "FileName: "+fmt.Sprintf("%#v", this.FileName)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func valueToGoStringSourceContext(v interface{}, typ string) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
+}
+func (m *SourceContext) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SourceContext) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SourceContext) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.FileName) > 0 {
+		i -= len(m.FileName)
+		copy(dAtA[i:], m.FileName)
+		i = encodeVarintSourceContext(dAtA, i, uint64(len(m.FileName)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintSourceContext(dAtA []byte, offset int, v uint64) int {
+	offset -= sovSourceContext(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func NewPopulatedSourceContext(r randySourceContext, easy bool) *SourceContext {
+	this := &SourceContext{}
+	this.FileName = string(randStringSourceContext(r))
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedSourceContext(r, 2)
+	}
+	return this
+}
+
+type randySourceContext interface {
+	Float32() float32
+	Float64() float64
+	Int63() int64
+	Int31() int32
+	Uint32() uint32
+	Intn(n int) int
+}
+
+func randUTF8RuneSourceContext(r randySourceContext) rune {
+	ru := r.Intn(62)
+	if ru < 10 {
+		return rune(ru + 48)
+	} else if ru < 36 {
+		return rune(ru + 55)
+	}
+	return rune(ru + 61)
+}
+func randStringSourceContext(r randySourceContext) string {
+	v1 := r.Intn(100)
+	tmps := make([]rune, v1)
+	for i := 0; i < v1; i++ {
+		tmps[i] = randUTF8RuneSourceContext(r)
+	}
+	return string(tmps)
+}
+func randUnrecognizedSourceContext(r randySourceContext, maxFieldNumber int) (dAtA []byte) {
+	l := r.Intn(5)
+	for i := 0; i < l; i++ {
+		wire := r.Intn(4)
+		if wire == 3 {
+			wire = 5
+		}
+		fieldNumber := maxFieldNumber + r.Intn(100)
+		dAtA = randFieldSourceContext(dAtA, r, fieldNumber, wire)
+	}
+	return dAtA
+}
+func randFieldSourceContext(dAtA []byte, r randySourceContext, fieldNumber int, wire int) []byte {
+	key := uint32(fieldNumber)<<3 | uint32(wire)
+	switch wire {
+	case 0:
+		dAtA = encodeVarintPopulateSourceContext(dAtA, uint64(key))
+		v2 := r.Int63()
+		if r.Intn(2) == 0 {
+			v2 *= -1
+		}
+		dAtA = encodeVarintPopulateSourceContext(dAtA, uint64(v2))
+	case 1:
+		dAtA = encodeVarintPopulateSourceContext(dAtA, uint64(key))
+		dAtA = append(dAtA, byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)))
+	case 2:
+		dAtA = encodeVarintPopulateSourceContext(dAtA, uint64(key))
+		ll := r.Intn(100)
+		dAtA = encodeVarintPopulateSourceContext(dAtA, uint64(ll))
+		for j := 0; j < ll; j++ {
+			dAtA = append(dAtA, byte(r.Intn(256)))
+		}
+	default:
+		dAtA = encodeVarintPopulateSourceContext(dAtA, uint64(key))
+		dAtA = append(dAtA, byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)))
+	}
+	return dAtA
+}
+func encodeVarintPopulateSourceContext(dAtA []byte, v uint64) []byte {
+	for v >= 1<<7 {
+		dAtA = append(dAtA, uint8(uint64(v)&0x7f|0x80))
+		v >>= 7
+	}
+	dAtA = append(dAtA, uint8(v))
+	return dAtA
+}
+func (m *SourceContext) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.FileName)
+	if l > 0 {
+		n += 1 + l + sovSourceContext(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func sovSourceContext(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozSourceContext(x uint64) (n int) {
+	return sovSourceContext(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *SourceContext) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&SourceContext{`,
+		`FileName:` + fmt.Sprintf("%v", this.FileName) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringSourceContext(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *SourceContext) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowSourceContext
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SourceContext: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SourceContext: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FileName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSourceContext
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthSourceContext
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSourceContext
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.FileName = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipSourceContext(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthSourceContext
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipSourceContext(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	depth := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowSourceContext
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowSourceContext
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+		case 1:
+			iNdEx += 8
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowSourceContext
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if length < 0 {
+				return 0, ErrInvalidLengthSourceContext
+			}
+			iNdEx += length
+		case 3:
+			depth++
+		case 4:
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupSourceContext
+			}
+			depth--
+		case 5:
+			iNdEx += 4
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthSourceContext
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
+	}
+	return 0, io.ErrUnexpectedEOF
+}
+
+var (
+	ErrInvalidLengthSourceContext        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowSourceContext          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupSourceContext = fmt.Errorf("proto: unexpected end of group")
+)
diff --git a/vendor/github.com/gogo/protobuf/types/struct.pb.go b/vendor/github.com/gogo/protobuf/types/struct.pb.go
index 7d5372b03108c..c0457312e67f5 100644
--- a/vendor/github.com/gogo/protobuf/types/struct.pb.go
+++ b/vendor/github.com/gogo/protobuf/types/struct.pb.go
@@ -1,32 +1,21 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: struct.proto
+// source: google/protobuf/struct.proto
 
-/*
-	Package types is a generated protocol buffer package.
-
-	It is generated from these files:
-		struct.proto
-
-	It has these top-level messages:
-		Struct
-		Value
-		ListValue
-*/
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import strconv "strconv"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import binary "encoding/binary"
-
-import io "io"
+import (
+	bytes "bytes"
+	encoding_binary "encoding/binary"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strconv "strconv"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -37,7 +26,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // `NullValue` is a singleton enumeration to represent the null value for the
 // `Value` type union.
@@ -47,18 +36,22 @@ type NullValue int32
 
 const (
 	// Null value.
-	NULL_VALUE NullValue = 0
+	NullValue_NULL_VALUE NullValue = 0
 )
 
 var NullValue_name = map[int32]string{
 	0: "NULL_VALUE",
 }
+
 var NullValue_value = map[string]int32{
 	"NULL_VALUE": 0,
 }
 
-func (NullValue) EnumDescriptor() ([]byte, []int) { return fileDescriptorStruct, []int{0} }
-func (NullValue) XXX_WellKnownType() string       { return "NullValue" }
+func (NullValue) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_df322afd6c9fb402, []int{0}
+}
+
+func (NullValue) XXX_WellKnownType() string { return "NullValue" }
 
 // `Struct` represents a structured data value, consisting of fields
 // which map to dynamically typed values. In some languages, `Struct`
@@ -70,13 +63,44 @@ func (NullValue) XXX_WellKnownType() string       { return "NullValue" }
 // The JSON representation for `Struct` is JSON object.
 type Struct struct {
 	// Unordered map of dynamically typed values.
-	Fields map[string]*Value `protobuf:"bytes,1,rep,name=fields" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value"`
+	Fields               map[string]*Value `protobuf:"bytes,1,rep,name=fields,proto3" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Struct) Reset()      { *m = Struct{} }
+func (*Struct) ProtoMessage() {}
+func (*Struct) Descriptor() ([]byte, []int) {
+	return fileDescriptor_df322afd6c9fb402, []int{0}
+}
+func (*Struct) XXX_WellKnownType() string { return "Struct" }
+func (m *Struct) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Struct) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Struct.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Struct) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Struct.Merge(m, src)
+}
+func (m *Struct) XXX_Size() int {
+	return m.Size()
+}
+func (m *Struct) XXX_DiscardUnknown() {
+	xxx_messageInfo_Struct.DiscardUnknown(m)
 }
 
-func (m *Struct) Reset()                    { *m = Struct{} }
-func (*Struct) ProtoMessage()               {}
-func (*Struct) Descriptor() ([]byte, []int) { return fileDescriptorStruct, []int{0} }
-func (*Struct) XXX_WellKnownType() string   { return "Struct" }
+var xxx_messageInfo_Struct proto.InternalMessageInfo
 
 func (m *Struct) GetFields() map[string]*Value {
 	if m != nil {
@@ -85,6 +109,10 @@ func (m *Struct) GetFields() map[string]*Value {
 	return nil
 }
 
+func (*Struct) XXX_MessageName() string {
+	return "google.protobuf.Struct"
+}
+
 // `Value` represents a dynamically typed value which can be either
 // null, a number, a string, a boolean, a recursive struct value, or a
 // list of values. A producer of value is expected to set one of that
@@ -101,38 +129,70 @@ type Value struct {
 	//	*Value_BoolValue
 	//	*Value_StructValue
 	//	*Value_ListValue
-	Kind isValue_Kind `protobuf_oneof:"kind"`
+	Kind                 isValue_Kind `protobuf_oneof:"kind"`
+	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
+	XXX_unrecognized     []byte       `json:"-"`
+	XXX_sizecache        int32        `json:"-"`
+}
+
+func (m *Value) Reset()      { *m = Value{} }
+func (*Value) ProtoMessage() {}
+func (*Value) Descriptor() ([]byte, []int) {
+	return fileDescriptor_df322afd6c9fb402, []int{1}
+}
+func (*Value) XXX_WellKnownType() string { return "Value" }
+func (m *Value) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Value) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Value.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Value) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Value.Merge(m, src)
+}
+func (m *Value) XXX_Size() int {
+	return m.Size()
+}
+func (m *Value) XXX_DiscardUnknown() {
+	xxx_messageInfo_Value.DiscardUnknown(m)
 }
 
-func (m *Value) Reset()                    { *m = Value{} }
-func (*Value) ProtoMessage()               {}
-func (*Value) Descriptor() ([]byte, []int) { return fileDescriptorStruct, []int{1} }
-func (*Value) XXX_WellKnownType() string   { return "Value" }
+var xxx_messageInfo_Value proto.InternalMessageInfo
 
 type isValue_Kind interface {
 	isValue_Kind()
 	Equal(interface{}) bool
 	MarshalTo([]byte) (int, error)
 	Size() int
+	Compare(interface{}) int
 }
 
 type Value_NullValue struct {
-	NullValue NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=google.protobuf.NullValue,oneof"`
+	NullValue NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=google.protobuf.NullValue,oneof" json:"null_value,omitempty"`
 }
 type Value_NumberValue struct {
-	NumberValue float64 `protobuf:"fixed64,2,opt,name=number_value,json=numberValue,proto3,oneof"`
+	NumberValue float64 `protobuf:"fixed64,2,opt,name=number_value,json=numberValue,proto3,oneof" json:"number_value,omitempty"`
 }
 type Value_StringValue struct {
-	StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,proto3,oneof"`
+	StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,proto3,oneof" json:"string_value,omitempty"`
 }
 type Value_BoolValue struct {
-	BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,proto3,oneof"`
+	BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,proto3,oneof" json:"bool_value,omitempty"`
 }
 type Value_StructValue struct {
-	StructValue *Struct `protobuf:"bytes,5,opt,name=struct_value,json=structValue,oneof"`
+	StructValue *Struct `protobuf:"bytes,5,opt,name=struct_value,json=structValue,proto3,oneof" json:"struct_value,omitempty"`
 }
 type Value_ListValue struct {
-	ListValue *ListValue `protobuf:"bytes,6,opt,name=list_value,json=listValue,oneof"`
+	ListValue *ListValue `protobuf:"bytes,6,opt,name=list_value,json=listValue,proto3,oneof" json:"list_value,omitempty"`
 }
 
 func (*Value_NullValue) isValue_Kind()   {}
@@ -153,7 +213,7 @@ func (m *Value) GetNullValue() NullValue {
 	if x, ok := m.GetKind().(*Value_NullValue); ok {
 		return x.NullValue
 	}
-	return NULL_VALUE
+	return NullValue_NULL_VALUE
 }
 
 func (m *Value) GetNumberValue() float64 {
@@ -191,9 +251,9 @@ func (m *Value) GetListValue() *ListValue {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Value) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _Value_OneofMarshaler, _Value_OneofUnmarshaler, _Value_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Value) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*Value_NullValue)(nil),
 		(*Value_NumberValue)(nil),
 		(*Value_StringValue)(nil),
@@ -203,127 +263,8 @@ func (*Value) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error,
 	}
 }
 
-func _Value_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*Value)
-	// kind
-	switch x := m.Kind.(type) {
-	case *Value_NullValue:
-		_ = b.EncodeVarint(1<<3 | proto.WireVarint)
-		_ = b.EncodeVarint(uint64(x.NullValue))
-	case *Value_NumberValue:
-		_ = b.EncodeVarint(2<<3 | proto.WireFixed64)
-		_ = b.EncodeFixed64(math.Float64bits(x.NumberValue))
-	case *Value_StringValue:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.StringValue)
-	case *Value_BoolValue:
-		t := uint64(0)
-		if x.BoolValue {
-			t = 1
-		}
-		_ = b.EncodeVarint(4<<3 | proto.WireVarint)
-		_ = b.EncodeVarint(t)
-	case *Value_StructValue:
-		_ = b.EncodeVarint(5<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.StructValue); err != nil {
-			return err
-		}
-	case *Value_ListValue:
-		_ = b.EncodeVarint(6<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.ListValue); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("Value.Kind has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _Value_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*Value)
-	switch tag {
-	case 1: // kind.null_value
-		if wire != proto.WireVarint {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeVarint()
-		m.Kind = &Value_NullValue{NullValue(x)}
-		return true, err
-	case 2: // kind.number_value
-		if wire != proto.WireFixed64 {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeFixed64()
-		m.Kind = &Value_NumberValue{math.Float64frombits(x)}
-		return true, err
-	case 3: // kind.string_value
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Kind = &Value_StringValue{x}
-		return true, err
-	case 4: // kind.bool_value
-		if wire != proto.WireVarint {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeVarint()
-		m.Kind = &Value_BoolValue{x != 0}
-		return true, err
-	case 5: // kind.struct_value
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Struct)
-		err := b.DecodeMessage(msg)
-		m.Kind = &Value_StructValue{msg}
-		return true, err
-	case 6: // kind.list_value
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(ListValue)
-		err := b.DecodeMessage(msg)
-		m.Kind = &Value_ListValue{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _Value_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*Value)
-	// kind
-	switch x := m.Kind.(type) {
-	case *Value_NullValue:
-		n += proto.SizeVarint(1<<3 | proto.WireVarint)
-		n += proto.SizeVarint(uint64(x.NullValue))
-	case *Value_NumberValue:
-		n += proto.SizeVarint(2<<3 | proto.WireFixed64)
-		n += 8
-	case *Value_StringValue:
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.StringValue)))
-		n += len(x.StringValue)
-	case *Value_BoolValue:
-		n += proto.SizeVarint(4<<3 | proto.WireVarint)
-		n += 1
-	case *Value_StructValue:
-		s := proto.Size(x.StructValue)
-		n += proto.SizeVarint(5<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Value_ListValue:
-		s := proto.Size(x.ListValue)
-		n += proto.SizeVarint(6<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
+func (*Value) XXX_MessageName() string {
+	return "google.protobuf.Value"
 }
 
 // `ListValue` is a wrapper around a repeated field of values.
@@ -331,13 +272,44 @@ func _Value_OneofSizer(msg proto.Message) (n int) {
 // The JSON representation for `ListValue` is JSON array.
 type ListValue struct {
 	// Repeated field of dynamically typed values.
-	Values []*Value `protobuf:"bytes,1,rep,name=values" json:"values,omitempty"`
+	Values               []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *ListValue) Reset()                    { *m = ListValue{} }
-func (*ListValue) ProtoMessage()               {}
-func (*ListValue) Descriptor() ([]byte, []int) { return fileDescriptorStruct, []int{2} }
-func (*ListValue) XXX_WellKnownType() string   { return "ListValue" }
+func (m *ListValue) Reset()      { *m = ListValue{} }
+func (*ListValue) ProtoMessage() {}
+func (*ListValue) Descriptor() ([]byte, []int) {
+	return fileDescriptor_df322afd6c9fb402, []int{2}
+}
+func (*ListValue) XXX_WellKnownType() string { return "ListValue" }
+func (m *ListValue) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListValue.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListValue) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListValue.Merge(m, src)
+}
+func (m *ListValue) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListValue) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListValue.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListValue proto.InternalMessageInfo
 
 func (m *ListValue) GetValues() []*Value {
 	if m != nil {
@@ -346,11 +318,405 @@ func (m *ListValue) GetValues() []*Value {
 	return nil
 }
 
+func (*ListValue) XXX_MessageName() string {
+	return "google.protobuf.ListValue"
+}
 func init() {
+	proto.RegisterEnum("google.protobuf.NullValue", NullValue_name, NullValue_value)
 	proto.RegisterType((*Struct)(nil), "google.protobuf.Struct")
+	proto.RegisterMapType((map[string]*Value)(nil), "google.protobuf.Struct.FieldsEntry")
 	proto.RegisterType((*Value)(nil), "google.protobuf.Value")
 	proto.RegisterType((*ListValue)(nil), "google.protobuf.ListValue")
-	proto.RegisterEnum("google.protobuf.NullValue", NullValue_name, NullValue_value)
+}
+
+func init() { proto.RegisterFile("google/protobuf/struct.proto", fileDescriptor_df322afd6c9fb402) }
+
+var fileDescriptor_df322afd6c9fb402 = []byte{
+	// 443 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0xb1, 0x6f, 0xd3, 0x40,
+	0x14, 0xc6, 0xfd, 0x9c, 0xc6, 0x22, 0xcf, 0xa8, 0x54, 0x87, 0x04, 0x51, 0x41, 0x47, 0x94, 0x2e,
+	0x11, 0x42, 0xae, 0x14, 0x16, 0x44, 0x58, 0x88, 0x54, 0x5a, 0x89, 0xa8, 0x32, 0x86, 0x16, 0x89,
+	0x25, 0xc2, 0xae, 0x1b, 0x59, 0xbd, 0xde, 0x55, 0xf6, 0x1d, 0x28, 0x1b, 0x0b, 0xff, 0x03, 0x33,
+	0x13, 0x62, 0xe4, 0xaf, 0xe8, 0xc8, 0xc8, 0x48, 0xdc, 0x85, 0xb1, 0x63, 0x47, 0x74, 0x77, 0xb6,
+	0x41, 0x8d, 0xb2, 0xf9, 0x7d, 0xf7, 0x7b, 0xdf, 0x7b, 0xdf, 0x33, 0xde, 0x9f, 0x09, 0x31, 0x63,
+	0xe9, 0xf6, 0x59, 0x2e, 0xa4, 0x88, 0xd5, 0xf1, 0x76, 0x21, 0x73, 0x95, 0xc8, 0xc0, 0xd4, 0xe4,
+	0x96, 0x7d, 0x0d, 0xea, 0xd7, 0xfe, 0x17, 0x40, 0xef, 0xb5, 0x21, 0xc8, 0x08, 0xbd, 0xe3, 0x2c,
+	0x65, 0x47, 0x45, 0x17, 0x7a, 0xad, 0x81, 0x3f, 0xdc, 0x0a, 0xae, 0xc1, 0x81, 0x05, 0x83, 0x17,
+	0x86, 0xda, 0xe1, 0x32, 0x9f, 0x47, 0x55, 0xcb, 0xe6, 0x2b, 0xf4, 0xff, 0x93, 0xc9, 0x06, 0xb6,
+	0x4e, 0xd2, 0x79, 0x17, 0x7a, 0x30, 0xe8, 0x44, 0xfa, 0x93, 0x3c, 0xc2, 0xf6, 0x87, 0xf7, 0x4c,
+	0xa5, 0x5d, 0xb7, 0x07, 0x03, 0x7f, 0x78, 0x67, 0xc9, 0xfc, 0x50, 0xbf, 0x46, 0x16, 0x7a, 0xea,
+	0x3e, 0x81, 0xfe, 0x0f, 0x17, 0xdb, 0x46, 0x24, 0x23, 0x44, 0xae, 0x18, 0x9b, 0x5a, 0x03, 0x6d,
+	0xba, 0x3e, 0xdc, 0x5c, 0x32, 0xd8, 0x57, 0x8c, 0x19, 0x7e, 0xcf, 0x89, 0x3a, 0xbc, 0x2e, 0xc8,
+	0x16, 0xde, 0xe4, 0xea, 0x34, 0x4e, 0xf3, 0xe9, 0xbf, 0xf9, 0xb0, 0xe7, 0x44, 0xbe, 0x55, 0x1b,
+	0xa8, 0x90, 0x79, 0xc6, 0x67, 0x15, 0xd4, 0xd2, 0x8b, 0x6b, 0xc8, 0xaa, 0x16, 0x7a, 0x80, 0x18,
+	0x0b, 0x51, 0xaf, 0xb1, 0xd6, 0x83, 0xc1, 0x0d, 0x3d, 0x4a, 0x6b, 0x16, 0x78, 0x66, 0x5c, 0x54,
+	0x22, 0x2b, 0xa4, 0x6d, 0xa2, 0xde, 0x5d, 0x71, 0xc7, 0xca, 0x5e, 0x25, 0xb2, 0x49, 0xc9, 0xb2,
+	0xa2, 0xee, 0xf5, 0x4c, 0xef, 0x72, 0xca, 0x49, 0x56, 0xc8, 0x26, 0x25, 0xab, 0x8b, 0xb1, 0x87,
+	0x6b, 0x27, 0x19, 0x3f, 0xea, 0x8f, 0xb0, 0xd3, 0x10, 0x24, 0x40, 0xcf, 0x98, 0xd5, 0x7f, 0x74,
+	0xd5, 0xd1, 0x2b, 0xea, 0xe1, 0x3d, 0xec, 0x34, 0x47, 0x24, 0xeb, 0x88, 0xfb, 0x07, 0x93, 0xc9,
+	0xf4, 0xf0, 0xf9, 0xe4, 0x60, 0x67, 0xc3, 0x19, 0x7f, 0x86, 0x5f, 0x0b, 0xea, 0x5c, 0x2e, 0x28,
+	0x5c, 0x2d, 0x28, 0x7c, 0x2a, 0x29, 0x7c, 0x2b, 0x29, 0x9c, 0x97, 0x14, 0x7e, 0x96, 0x14, 0x7e,
+	0x97, 0x14, 0xfe, 0x94, 0xd4, 0xb9, 0xd4, 0xfa, 0x05, 0x85, 0xf3, 0x0b, 0x0a, 0x78, 0x3b, 0x11,
+	0xa7, 0xd7, 0x47, 0x8e, 0x7d, 0x9b, 0x3e, 0xd4, 0x75, 0x08, 0xef, 0xda, 0x72, 0x7e, 0x96, 0x16,
+	0x57, 0x00, 0x5f, 0xdd, 0xd6, 0x6e, 0x38, 0xfe, 0xee, 0xd2, 0x5d, 0xdb, 0x10, 0xd6, 0x3b, 0xbe,
+	0x4d, 0x19, 0x7b, 0xc9, 0xc5, 0x47, 0xfe, 0x46, 0x93, 0xb1, 0x67, 0x9c, 0x1e, 0xff, 0x0d, 0x00,
+	0x00, 0xff, 0xff, 0x26, 0x30, 0xdb, 0xbe, 0xe9, 0x02, 0x00, 0x00,
+}
+
+func (this *Struct) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Struct)
+	if !ok {
+		that2, ok := that.(Struct)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if len(this.Fields) != len(that1.Fields) {
+		if len(this.Fields) < len(that1.Fields) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Fields {
+		if c := this.Fields[i].Compare(that1.Fields[i]); c != 0 {
+			return c
+		}
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Value) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Value)
+	if !ok {
+		that2, ok := that.(Value)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if that1.Kind == nil {
+		if this.Kind != nil {
+			return 1
+		}
+	} else if this.Kind == nil {
+		return -1
+	} else {
+		thisType := -1
+		switch this.Kind.(type) {
+		case *Value_NullValue:
+			thisType = 0
+		case *Value_NumberValue:
+			thisType = 1
+		case *Value_StringValue:
+			thisType = 2
+		case *Value_BoolValue:
+			thisType = 3
+		case *Value_StructValue:
+			thisType = 4
+		case *Value_ListValue:
+			thisType = 5
+		default:
+			panic(fmt.Sprintf("compare: unexpected type %T in oneof", this.Kind))
+		}
+		that1Type := -1
+		switch that1.Kind.(type) {
+		case *Value_NullValue:
+			that1Type = 0
+		case *Value_NumberValue:
+			that1Type = 1
+		case *Value_StringValue:
+			that1Type = 2
+		case *Value_BoolValue:
+			that1Type = 3
+		case *Value_StructValue:
+			that1Type = 4
+		case *Value_ListValue:
+			that1Type = 5
+		default:
+			panic(fmt.Sprintf("compare: unexpected type %T in oneof", that1.Kind))
+		}
+		if thisType == that1Type {
+			if c := this.Kind.Compare(that1.Kind); c != 0 {
+				return c
+			}
+		} else if thisType < that1Type {
+			return -1
+		} else if thisType > that1Type {
+			return 1
+		}
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Value_NullValue) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Value_NullValue)
+	if !ok {
+		that2, ok := that.(Value_NullValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.NullValue != that1.NullValue {
+		if this.NullValue < that1.NullValue {
+			return -1
+		}
+		return 1
+	}
+	return 0
+}
+func (this *Value_NumberValue) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Value_NumberValue)
+	if !ok {
+		that2, ok := that.(Value_NumberValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.NumberValue != that1.NumberValue {
+		if this.NumberValue < that1.NumberValue {
+			return -1
+		}
+		return 1
+	}
+	return 0
+}
+func (this *Value_StringValue) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Value_StringValue)
+	if !ok {
+		that2, ok := that.(Value_StringValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.StringValue != that1.StringValue {
+		if this.StringValue < that1.StringValue {
+			return -1
+		}
+		return 1
+	}
+	return 0
+}
+func (this *Value_BoolValue) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Value_BoolValue)
+	if !ok {
+		that2, ok := that.(Value_BoolValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.BoolValue != that1.BoolValue {
+		if !this.BoolValue {
+			return -1
+		}
+		return 1
+	}
+	return 0
+}
+func (this *Value_StructValue) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Value_StructValue)
+	if !ok {
+		that2, ok := that.(Value_StructValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if c := this.StructValue.Compare(that1.StructValue); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Value_ListValue) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Value_ListValue)
+	if !ok {
+		that2, ok := that.(Value_ListValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if c := this.ListValue.Compare(that1.ListValue); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *ListValue) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*ListValue)
+	if !ok {
+		that2, ok := that.(ListValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if len(this.Values) != len(that1.Values) {
+		if len(this.Values) < len(that1.Values) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Values {
+		if c := this.Values[i].Compare(that1.Values[i]); c != 0 {
+			return c
+		}
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
 }
 func (x NullValue) String() string {
 	s, ok := NullValue_name[int32(x)]
@@ -386,6 +752,9 @@ func (this *Struct) Equal(that interface{}) bool {
 			return false
 		}
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Value) Equal(that interface{}) bool {
@@ -416,6 +785,9 @@ func (this *Value) Equal(that interface{}) bool {
 	} else if !this.Kind.Equal(that1.Kind) {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Value_NullValue) Equal(that interface{}) bool {
@@ -589,6 +961,9 @@ func (this *ListValue) Equal(that interface{}) bool {
 			return false
 		}
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Struct) GoString() string {
@@ -601,7 +976,7 @@ func (this *Struct) GoString() string {
 	for k := range this.Fields {
 		keysForFields = append(keysForFields, k)
 	}
-	sortkeys.Strings(keysForFields)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForFields)
 	mapStringForFields := "map[string]*Value{"
 	for _, k := range keysForFields {
 		mapStringForFields += fmt.Sprintf("%#v: %#v,", k, this.Fields[k])
@@ -610,6 +985,9 @@ func (this *Struct) GoString() string {
 	if this.Fields != nil {
 		s = append(s, "Fields: "+mapStringForFields+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -622,6 +1000,9 @@ func (this *Value) GoString() string {
 	if this.Kind != nil {
 		s = append(s, "Kind: "+fmt.Sprintf("%#v", this.Kind)+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -682,6 +1063,9 @@ func (this *ListValue) GoString() string {
 	if this.Values != nil {
 		s = append(s, "Values: "+fmt.Sprintf("%#v", this.Values)+",\n")
 	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -696,7 +1080,7 @@ func valueToGoStringStruct(v interface{}, typ string) string {
 func (m *Struct) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -704,45 +1088,52 @@ func (m *Struct) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Struct) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Struct) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Fields) > 0 {
 		for k := range m.Fields {
-			dAtA[i] = 0xa
-			i++
 			v := m.Fields[k]
-			msgSize := 0
-			if v != nil {
-				msgSize = v.Size()
-				msgSize += 1 + sovStruct(uint64(msgSize))
-			}
-			mapSize := 1 + len(k) + sovStruct(uint64(len(k))) + msgSize
-			i = encodeVarintStruct(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintStruct(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			baseI := i
 			if v != nil {
-				dAtA[i] = 0x12
-				i++
-				i = encodeVarintStruct(dAtA, i, uint64(v.Size()))
-				n1, err := v.MarshalTo(dAtA[i:])
-				if err != nil {
-					return 0, err
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintStruct(dAtA, i, uint64(size))
 				}
-				i += n1
+				i--
+				dAtA[i] = 0x12
 			}
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintStruct(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintStruct(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Value) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -750,87 +1141,133 @@ func (m *Value) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Value) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Value) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Kind != nil {
-		nn2, err := m.Kind.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size := m.Kind.Size()
+			i -= size
+			if _, err := m.Kind.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
 		}
-		i += nn2
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Value_NullValue) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x8
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Value_NullValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	i = encodeVarintStruct(dAtA, i, uint64(m.NullValue))
-	return i, nil
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 func (m *Value_NumberValue) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Value_NumberValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= 8
+	encoding_binary.LittleEndian.PutUint64(dAtA[i:], uint64(math.Float64bits(float64(m.NumberValue))))
+	i--
 	dAtA[i] = 0x11
-	i++
-	binary.LittleEndian.PutUint64(dAtA[i:], uint64(math.Float64bits(float64(m.NumberValue))))
-	i += 8
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Value_StringValue) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x1a
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Value_StringValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.StringValue)
+	copy(dAtA[i:], m.StringValue)
 	i = encodeVarintStruct(dAtA, i, uint64(len(m.StringValue)))
-	i += copy(dAtA[i:], m.StringValue)
-	return i, nil
+	i--
+	dAtA[i] = 0x1a
+	return len(dAtA) - i, nil
 }
 func (m *Value_BoolValue) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0x20
-	i++
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Value_BoolValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i--
 	if m.BoolValue {
 		dAtA[i] = 1
 	} else {
 		dAtA[i] = 0
 	}
-	i++
-	return i, nil
+	i--
+	dAtA[i] = 0x20
+	return len(dAtA) - i, nil
 }
 func (m *Value_StructValue) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Value_StructValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.StructValue != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintStruct(dAtA, i, uint64(m.StructValue.Size()))
-		n3, err := m.StructValue.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.StructValue.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintStruct(dAtA, i, uint64(size))
 		}
-		i += n3
+		i--
+		dAtA[i] = 0x2a
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *Value_ListValue) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Value_ListValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	if m.ListValue != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintStruct(dAtA, i, uint64(m.ListValue.Size()))
-		n4, err := m.ListValue.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.ListValue.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintStruct(dAtA, i, uint64(size))
 		}
-		i += n4
+		i--
+		dAtA[i] = 0x32
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 func (m *ListValue) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -838,37 +1275,50 @@ func (m *ListValue) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListValue) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Values) > 0 {
-		for _, msg := range m.Values {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintStruct(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Values) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Values[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintStruct(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintStruct(dAtA []byte, offset int, v uint64) int {
+	offset -= sovStruct(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func NewPopulatedStruct(r randyStruct, easy bool) *Struct {
 	this := &Struct{}
-	if r.Intn(10) == 0 {
+	if r.Intn(5) == 0 {
 		v1 := r.Intn(10)
 		this.Fields = make(map[string]*Value)
 		for i := 0; i < v1; i++ {
@@ -876,6 +1326,7 @@ func NewPopulatedStruct(r randyStruct, easy bool) *Struct {
 		}
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedStruct(r, 2)
 	}
 	return this
 }
@@ -898,6 +1349,7 @@ func NewPopulatedValue(r randyStruct, easy bool) *Value {
 		this.Kind = NewPopulatedValue_ListValue(r, easy)
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedStruct(r, 7)
 	}
 	return this
 }
@@ -937,7 +1389,7 @@ func NewPopulatedValue_ListValue(r randyStruct, easy bool) *Value_ListValue {
 }
 func NewPopulatedListValue(r randyStruct, easy bool) *ListValue {
 	this := &ListValue{}
-	if r.Intn(10) == 0 {
+	if r.Intn(5) == 0 {
 		v2 := r.Intn(5)
 		this.Values = make([]*Value, v2)
 		for i := 0; i < v2; i++ {
@@ -945,6 +1397,7 @@ func NewPopulatedListValue(r randyStruct, easy bool) *ListValue {
 		}
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedStruct(r, 2)
 	}
 	return this
 }
@@ -1022,6 +1475,9 @@ func encodeVarintPopulateStruct(dAtA []byte, v uint64) []byte {
 	return dAtA
 }
 func (m *Struct) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Fields) > 0 {
@@ -1037,31 +1493,49 @@ func (m *Struct) Size() (n int) {
 			n += mapEntrySize + 1 + sovStruct(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Value) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Kind != nil {
 		n += m.Kind.Size()
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Value_NullValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 1 + sovStruct(uint64(m.NullValue))
 	return n
 }
 func (m *Value_NumberValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 9
 	return n
 }
 func (m *Value_StringValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.StringValue)
@@ -1069,12 +1543,18 @@ func (m *Value_StringValue) Size() (n int) {
 	return n
 }
 func (m *Value_BoolValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	n += 2
 	return n
 }
 func (m *Value_StructValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.StructValue != nil {
@@ -1084,6 +1564,9 @@ func (m *Value_StructValue) Size() (n int) {
 	return n
 }
 func (m *Value_ListValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.ListValue != nil {
@@ -1093,6 +1576,9 @@ func (m *Value_ListValue) Size() (n int) {
 	return n
 }
 func (m *ListValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Values) > 0 {
@@ -1101,18 +1587,14 @@ func (m *ListValue) Size() (n int) {
 			n += 1 + l + sovStruct(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovStruct(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozStruct(x uint64) (n int) {
 	return sovStruct(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -1125,7 +1607,7 @@ func (this *Struct) String() string {
 	for k := range this.Fields {
 		keysForFields = append(keysForFields, k)
 	}
-	sortkeys.Strings(keysForFields)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForFields)
 	mapStringForFields := "map[string]*Value{"
 	for _, k := range keysForFields {
 		mapStringForFields += fmt.Sprintf("%v: %v,", k, this.Fields[k])
@@ -1133,6 +1615,7 @@ func (this *Struct) String() string {
 	mapStringForFields += "}"
 	s := strings.Join([]string{`&Struct{`,
 		`Fields:` + mapStringForFields + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1143,6 +1626,7 @@ func (this *Value) String() string {
 	}
 	s := strings.Join([]string{`&Value{`,
 		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1211,8 +1695,14 @@ func (this *ListValue) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForValues := "[]*Value{"
+	for _, f := range this.Values {
+		repeatedStringForValues += strings.Replace(f.String(), "Value", "Value", 1) + ","
+	}
+	repeatedStringForValues += "}"
 	s := strings.Join([]string{`&ListValue{`,
-		`Values:` + strings.Replace(fmt.Sprintf("%v", this.Values), "Value", "Value", 1) + `,`,
+		`Values:` + repeatedStringForValues + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1240,7 +1730,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1268,7 +1758,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1277,6 +1767,9 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStruct
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthStruct
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1297,7 +1790,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -1314,7 +1807,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1324,6 +1817,9 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthStruct
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthStruct
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -1340,7 +1836,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						mapmsglen |= (int(b) & 0x7F) << shift
+						mapmsglen |= int(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -1349,7 +1845,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthStruct
 					}
 					postmsgIndex := iNdEx + mapmsglen
-					if mapmsglen < 0 {
+					if postmsgIndex < 0 {
 						return ErrInvalidLengthStruct
 					}
 					if postmsgIndex > l {
@@ -1366,7 +1862,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthStruct
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -1383,12 +1879,13 @@ func (m *Struct) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthStruct
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1413,7 +1910,7 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1441,7 +1938,7 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (NullValue(b) & 0x7F) << shift
+				v |= NullValue(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1455,7 +1952,7 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 			if (iNdEx + 8) > l {
 				return io.ErrUnexpectedEOF
 			}
-			v = uint64(binary.LittleEndian.Uint64(dAtA[iNdEx:]))
+			v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:]))
 			iNdEx += 8
 			m.Kind = &Value_NumberValue{float64(math.Float64frombits(v))}
 		case 3:
@@ -1472,7 +1969,7 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1482,6 +1979,9 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStruct
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthStruct
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1501,7 +2001,7 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1522,7 +2022,7 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1531,6 +2031,9 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStruct
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthStruct
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1554,7 +2057,7 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1563,6 +2066,9 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStruct
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthStruct
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1578,12 +2084,13 @@ func (m *Value) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthStruct
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1608,7 +2115,7 @@ func (m *ListValue) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1636,7 +2143,7 @@ func (m *ListValue) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1645,6 +2152,9 @@ func (m *ListValue) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStruct
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthStruct
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1659,12 +2169,13 @@ func (m *ListValue) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthStruct
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1677,6 +2188,7 @@ func (m *ListValue) Unmarshal(dAtA []byte) error {
 func skipStruct(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1708,10 +2220,8 @@ func skipStruct(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1728,86 +2238,34 @@ func skipStruct(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthStruct
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowStruct
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipStruct(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupStruct
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthStruct
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthStruct = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowStruct   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthStruct        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowStruct          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupStruct = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("struct.proto", fileDescriptorStruct) }
-
-var fileDescriptorStruct = []byte{
-	// 432 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0xb1, 0x6f, 0xd3, 0x40,
-	0x14, 0xc6, 0xfd, 0x9c, 0xc6, 0x22, 0xcf, 0x55, 0xa9, 0x0e, 0x09, 0xa2, 0x22, 0x1d, 0x51, 0xba,
-	0x58, 0x08, 0x79, 0x08, 0x0b, 0x22, 0x2c, 0x58, 0x2a, 0xad, 0x84, 0x55, 0x19, 0x43, 0x8b, 0xc4,
-	0x12, 0xe1, 0xd4, 0x8d, 0xac, 0x5e, 0xef, 0x2a, 0xfb, 0x0c, 0xca, 0x06, 0xff, 0x05, 0x33, 0x13,
-	0x62, 0xe4, 0xaf, 0x60, 0xec, 0xc8, 0x88, 0x3d, 0x31, 0x76, 0xec, 0x88, 0xee, 0xce, 0x36, 0xa8,
-	0x51, 0x36, 0xbf, 0xcf, 0xbf, 0xf7, 0xbd, 0xf7, 0xbd, 0xc3, 0xcd, 0x42, 0xe6, 0xe5, 0x5c, 0xfa,
-	0x17, 0xb9, 0x90, 0x82, 0xdc, 0x5e, 0x08, 0xb1, 0x60, 0xa9, 0xa9, 0x92, 0xf2, 0x74, 0xfc, 0x05,
-	0xd0, 0x79, 0xad, 0x09, 0x32, 0x45, 0xe7, 0x34, 0x4b, 0xd9, 0x49, 0x31, 0x84, 0x51, 0xcf, 0x73,
-	0x27, 0xbb, 0xfe, 0x0d, 0xd8, 0x37, 0xa0, 0xff, 0x42, 0x53, 0x7b, 0x5c, 0xe6, 0xcb, 0xb8, 0x69,
-	0xd9, 0x79, 0x85, 0xee, 0x7f, 0x32, 0xd9, 0xc6, 0xde, 0x59, 0xba, 0x1c, 0xc2, 0x08, 0xbc, 0x41,
-	0xac, 0x3e, 0xc9, 0x23, 0xec, 0x7f, 0x78, 0xcf, 0xca, 0x74, 0x68, 0x8f, 0xc0, 0x73, 0x27, 0x77,
-	0x57, 0xcc, 0x8f, 0xd5, 0xdf, 0xd8, 0x40, 0x4f, 0xed, 0x27, 0x30, 0xfe, 0x61, 0x63, 0x5f, 0x8b,
-	0x64, 0x8a, 0xc8, 0x4b, 0xc6, 0x66, 0xc6, 0x40, 0x99, 0x6e, 0x4d, 0x76, 0x56, 0x0c, 0x0e, 0x4b,
-	0xc6, 0x34, 0x7f, 0x60, 0xc5, 0x03, 0xde, 0x16, 0x64, 0x17, 0x37, 0x79, 0x79, 0x9e, 0xa4, 0xf9,
-	0xec, 0xdf, 0x7c, 0x38, 0xb0, 0x62, 0xd7, 0xa8, 0x1d, 0x54, 0xc8, 0x3c, 0xe3, 0x8b, 0x06, 0xea,
-	0xa9, 0xc5, 0x15, 0x64, 0x54, 0x03, 0x3d, 0x40, 0x4c, 0x84, 0x68, 0xd7, 0xd8, 0x18, 0x81, 0x77,
-	0x4b, 0x8d, 0x52, 0x9a, 0x01, 0x9e, 0xb5, 0xd7, 0x6e, 0x90, 0xbe, 0x8e, 0x7a, 0x6f, 0xcd, 0x1d,
-	0x1b, 0xfb, 0x72, 0x2e, 0xbb, 0x94, 0x2c, 0x2b, 0xda, 0x5e, 0x47, 0xf7, 0xae, 0xa6, 0x0c, 0xb3,
-	0x42, 0x76, 0x29, 0x59, 0x5b, 0x04, 0x0e, 0x6e, 0x9c, 0x65, 0xfc, 0x64, 0x3c, 0xc5, 0x41, 0x47,
-	0x10, 0x1f, 0x1d, 0x6d, 0xd6, 0xbe, 0xe8, 0xba, 0xa3, 0x37, 0xd4, 0xc3, 0xfb, 0x38, 0xe8, 0x8e,
-	0x48, 0xb6, 0x10, 0x0f, 0x8f, 0xc2, 0x70, 0x76, 0xfc, 0x3c, 0x3c, 0xda, 0xdb, 0xb6, 0x82, 0xcf,
-	0x70, 0x59, 0x51, 0xeb, 0x57, 0x45, 0xad, 0xab, 0x8a, 0xc2, 0x75, 0x45, 0xe1, 0x53, 0x4d, 0xe1,
-	0x5b, 0x4d, 0xe1, 0x67, 0x4d, 0xe1, 0xb2, 0xa6, 0xf0, 0xbb, 0xa6, 0xf0, 0xa7, 0xa6, 0xd6, 0x55,
-	0x4d, 0x01, 0xef, 0xcc, 0xc5, 0xf9, 0xcd, 0x71, 0x81, 0x6b, 0x92, 0x47, 0xaa, 0x8e, 0xe0, 0x5d,
-	0x5f, 0x2e, 0x2f, 0xd2, 0xe2, 0x1a, 0xe0, 0xab, 0xdd, 0xdb, 0x8f, 0x82, 0xef, 0x36, 0xdd, 0x37,
-	0x0d, 0x51, 0xbb, 0xdf, 0xdb, 0x94, 0xb1, 0x97, 0x5c, 0x7c, 0xe4, 0x6f, 0x14, 0x99, 0x38, 0xda,
-	0xe9, 0xf1, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x75, 0xc5, 0x1c, 0x3b, 0xd5, 0x02, 0x00, 0x00,
-}
diff --git a/vendor/github.com/gogo/protobuf/types/timestamp.go b/vendor/github.com/gogo/protobuf/types/timestamp.go
index 7ae54d8b3ff68..232ada57ce420 100644
--- a/vendor/github.com/gogo/protobuf/types/timestamp.go
+++ b/vendor/github.com/gogo/protobuf/types/timestamp.go
@@ -109,11 +109,9 @@ func TimestampNow() *Timestamp {
 // TimestampProto converts the time.Time to a google.protobuf.Timestamp proto.
 // It returns an error if the resulting Timestamp is invalid.
 func TimestampProto(t time.Time) (*Timestamp, error) {
-	seconds := t.Unix()
-	nanos := int32(t.Sub(time.Unix(seconds, 0)))
 	ts := &Timestamp{
-		Seconds: seconds,
-		Nanos:   nanos,
+		Seconds: t.Unix(),
+		Nanos:   int32(t.Nanosecond()),
 	}
 	if err := validateTimestamp(ts); err != nil {
 		return nil, err
diff --git a/vendor/github.com/gogo/protobuf/types/timestamp.pb.go b/vendor/github.com/gogo/protobuf/types/timestamp.pb.go
index 41b18f941f4ee..45db7b3bb1c8a 100644
--- a/vendor/github.com/gogo/protobuf/types/timestamp.pb.go
+++ b/vendor/github.com/gogo/protobuf/types/timestamp.pb.go
@@ -1,25 +1,18 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: timestamp.proto
+// source: google/protobuf/timestamp.proto
 
-/*
-	Package types is a generated protocol buffer package.
-
-	It is generated from these files:
-		timestamp.proto
-
-	It has these top-level messages:
-		Timestamp
-*/
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -30,19 +23,21 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
-// A Timestamp represents a point in time independent of any time zone
-// or calendar, represented as seconds and fractions of seconds at
-// nanosecond resolution in UTC Epoch time. It is encoded using the
-// Proleptic Gregorian Calendar which extends the Gregorian calendar
-// backwards to year one. It is encoded assuming all minutes are 60
-// seconds long, i.e. leap seconds are "smeared" so that no leap second
-// table is needed for interpretation. Range is from
-// 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z.
-// By restricting to that range, we ensure that we can convert to
-// and from  RFC 3339 date strings.
-// See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).
+// A Timestamp represents a point in time independent of any time zone or local
+// calendar, encoded as a count of seconds and fractions of seconds at
+// nanosecond resolution. The count is relative to an epoch at UTC midnight on
+// January 1, 1970, in the proleptic Gregorian calendar which extends the
+// Gregorian calendar backwards to year one.
+//
+// All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
+// second table is needed for interpretation, using a [24-hour linear
+// smear](https://developers.google.com/time/smear).
+//
+// The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
+// restricting to that range, we ensure that we can convert to and from [RFC
+// 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
 //
 // # Examples
 //
@@ -95,19 +90,23 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 // {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
 // seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
 // are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
-// is required, though only UTC (as indicated by "Z") is presently supported.
+// is required. A proto3 JSON serializer should always use UTC (as indicated by
+// "Z") when printing the Timestamp type and a proto3 JSON parser should be
+// able to accept both UTC and other timezones (as indicated by an offset).
 //
 // For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
 // 01:30 UTC on January 15, 2017.
 //
 // In JavaScript, one can convert a Date object to this format using the
-// standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString]
+// standard
+// [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
 // method. In Python, a standard `datetime.datetime` object can be converted
-// to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)
-// with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one
-// can use the Joda Time's [`ISODateTimeFormat.dateTime()`](
-// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime())
-// to obtain a formatter capable of generating timestamps in this format.
+// to this format using
+// [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
+// the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
+// the Joda Time's [`ISODateTimeFormat.dateTime()`](
+// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// ) to obtain a formatter capable of generating timestamps in this format.
 //
 //
 type Timestamp struct {
@@ -119,13 +118,44 @@ type Timestamp struct {
 	// second values with fractions must still have non-negative nanos values
 	// that count forward in time. Must be from 0 to 999,999,999
 	// inclusive.
-	Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
+	Nanos                int32    `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Timestamp) Reset()      { *m = Timestamp{} }
+func (*Timestamp) ProtoMessage() {}
+func (*Timestamp) Descriptor() ([]byte, []int) {
+	return fileDescriptor_292007bbfe81227e, []int{0}
+}
+func (*Timestamp) XXX_WellKnownType() string { return "Timestamp" }
+func (m *Timestamp) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Timestamp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Timestamp.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Timestamp) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Timestamp.Merge(m, src)
+}
+func (m *Timestamp) XXX_Size() int {
+	return m.Size()
+}
+func (m *Timestamp) XXX_DiscardUnknown() {
+	xxx_messageInfo_Timestamp.DiscardUnknown(m)
 }
 
-func (m *Timestamp) Reset()                    { *m = Timestamp{} }
-func (*Timestamp) ProtoMessage()               {}
-func (*Timestamp) Descriptor() ([]byte, []int) { return fileDescriptorTimestamp, []int{0} }
-func (*Timestamp) XXX_WellKnownType() string   { return "Timestamp" }
+var xxx_messageInfo_Timestamp proto.InternalMessageInfo
 
 func (m *Timestamp) GetSeconds() int64 {
 	if m != nil {
@@ -141,9 +171,33 @@ func (m *Timestamp) GetNanos() int32 {
 	return 0
 }
 
+func (*Timestamp) XXX_MessageName() string {
+	return "google.protobuf.Timestamp"
+}
 func init() {
 	proto.RegisterType((*Timestamp)(nil), "google.protobuf.Timestamp")
 }
+
+func init() { proto.RegisterFile("google/protobuf/timestamp.proto", fileDescriptor_292007bbfe81227e) }
+
+var fileDescriptor_292007bbfe81227e = []byte{
+	// 212 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4f, 0xcf, 0xcf, 0x4f,
+	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0xc9, 0xcc, 0x4d,
+	0x2d, 0x2e, 0x49, 0xcc, 0x2d, 0xd0, 0x03, 0x0b, 0x09, 0xf1, 0x43, 0x14, 0xe8, 0xc1, 0x14, 0x28,
+	0x59, 0x73, 0x71, 0x86, 0xc0, 0xd4, 0x08, 0x49, 0x70, 0xb1, 0x17, 0xa7, 0x26, 0xe7, 0xe7, 0xa5,
+	0x14, 0x4b, 0x30, 0x2a, 0x30, 0x6a, 0x30, 0x07, 0xc1, 0xb8, 0x42, 0x22, 0x5c, 0xac, 0x79, 0x89,
+	0x79, 0xf9, 0xc5, 0x12, 0x4c, 0x0a, 0x8c, 0x1a, 0xac, 0x41, 0x10, 0x8e, 0x53, 0x03, 0xe3, 0x8d,
+	0x87, 0x72, 0x0c, 0x1f, 0x1e, 0xca, 0x31, 0xae, 0x78, 0x24, 0xc7, 0x78, 0xe2, 0x91, 0x1c, 0xe3,
+	0x85, 0x47, 0x72, 0x8c, 0x0f, 0x1e, 0xc9, 0x31, 0xbe, 0x78, 0x24, 0xc7, 0xf0, 0xe1, 0x91, 0x1c,
+	0xe3, 0x8a, 0xc7, 0x72, 0x8c, 0x27, 0x1e, 0xcb, 0x31, 0x72, 0x09, 0x27, 0xe7, 0xe7, 0xea, 0xa1,
+	0x59, 0xee, 0xc4, 0x07, 0xb7, 0x3a, 0x00, 0x24, 0x14, 0xc0, 0x18, 0xc5, 0x5a, 0x52, 0x59, 0x90,
+	0x5a, 0xfc, 0x83, 0x91, 0x71, 0x11, 0x13, 0xb3, 0x7b, 0x80, 0xd3, 0x2a, 0x26, 0x39, 0x77, 0x88,
+	0x9e, 0x00, 0xa8, 0x1e, 0xbd, 0xf0, 0xd4, 0x9c, 0x1c, 0xef, 0xbc, 0xfc, 0xf2, 0xbc, 0x10, 0x90,
+	0xca, 0x24, 0x36, 0xb0, 0x61, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x0b, 0x23, 0x83, 0xdd,
+	0xfa, 0x00, 0x00, 0x00,
+}
+
 func (this *Timestamp) Compare(that interface{}) int {
 	if that == nil {
 		if this == nil {
@@ -181,6 +235,9 @@ func (this *Timestamp) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Timestamp) Equal(that interface{}) bool {
@@ -208,6 +265,9 @@ func (this *Timestamp) Equal(that interface{}) bool {
 	if this.Nanos != that1.Nanos {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Timestamp) GoString() string {
@@ -218,6 +278,9 @@ func (this *Timestamp) GoString() string {
 	s = append(s, "&types.Timestamp{")
 	s = append(s, "Seconds: "+fmt.Sprintf("%#v", this.Seconds)+",\n")
 	s = append(s, "Nanos: "+fmt.Sprintf("%#v", this.Nanos)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -232,7 +295,7 @@ func valueToGoStringTimestamp(v interface{}, typ string) string {
 func (m *Timestamp) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -240,33 +303,47 @@ func (m *Timestamp) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Timestamp) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Timestamp) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Seconds != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintTimestamp(dAtA, i, uint64(m.Seconds))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Nanos != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintTimestamp(dAtA, i, uint64(m.Nanos))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Seconds != 0 {
+		i = encodeVarintTimestamp(dAtA, i, uint64(m.Seconds))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintTimestamp(dAtA []byte, offset int, v uint64) int {
+	offset -= sovTimestamp(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Timestamp) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Seconds != 0 {
@@ -275,18 +352,14 @@ func (m *Timestamp) Size() (n int) {
 	if m.Nanos != 0 {
 		n += 1 + sovTimestamp(uint64(m.Nanos))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovTimestamp(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozTimestamp(x uint64) (n int) {
 	return sovTimestamp(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -306,7 +379,7 @@ func (m *Timestamp) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -334,7 +407,7 @@ func (m *Timestamp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Seconds |= (int64(b) & 0x7F) << shift
+				m.Seconds |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -353,7 +426,7 @@ func (m *Timestamp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Nanos |= (int32(b) & 0x7F) << shift
+				m.Nanos |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -364,12 +437,13 @@ func (m *Timestamp) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthTimestamp
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -382,6 +456,7 @@ func (m *Timestamp) Unmarshal(dAtA []byte) error {
 func skipTimestamp(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -413,10 +488,8 @@ func skipTimestamp(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -433,72 +506,34 @@ func skipTimestamp(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthTimestamp
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowTimestamp
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipTimestamp(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupTimestamp
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthTimestamp
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthTimestamp = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowTimestamp   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthTimestamp        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowTimestamp          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupTimestamp = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("timestamp.proto", fileDescriptorTimestamp) }
-
-var fileDescriptorTimestamp = []byte{
-	// 205 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2f, 0xc9, 0xcc, 0x4d,
-	0x2d, 0x2e, 0x49, 0xcc, 0x2d, 0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x4f, 0xcf, 0xcf,
-	0x4f, 0xcf, 0x49, 0x85, 0xf0, 0x92, 0x4a, 0xd3, 0x94, 0xac, 0xb9, 0x38, 0x43, 0x60, 0x6a, 0x84,
-	0x24, 0xb8, 0xd8, 0x8b, 0x53, 0x93, 0xf3, 0xf3, 0x52, 0x8a, 0x25, 0x18, 0x15, 0x18, 0x35, 0x98,
-	0x83, 0x60, 0x5c, 0x21, 0x11, 0x2e, 0xd6, 0xbc, 0xc4, 0xbc, 0xfc, 0x62, 0x09, 0x26, 0x05, 0x46,
-	0x0d, 0xd6, 0x20, 0x08, 0xc7, 0xa9, 0x81, 0xf1, 0xc2, 0x43, 0x39, 0x86, 0x1b, 0x0f, 0xe5, 0x18,
-	0x3e, 0x3c, 0x94, 0x63, 0x5c, 0xf1, 0x48, 0x8e, 0xf1, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4,
-	0x18, 0x1f, 0x3c, 0x92, 0x63, 0x7c, 0xf1, 0x48, 0x8e, 0xe1, 0xc3, 0x23, 0x39, 0xc6, 0x15, 0x8f,
-	0xe5, 0x18, 0xb9, 0x84, 0x93, 0xf3, 0x73, 0xf5, 0xd0, 0x2c, 0x77, 0xe2, 0x83, 0x5b, 0x1d, 0x00,
-	0x12, 0x0a, 0x60, 0x8c, 0x62, 0x2d, 0xa9, 0x2c, 0x48, 0x2d, 0xfe, 0xc1, 0xc8, 0xb8, 0x88, 0x89,
-	0xd9, 0x3d, 0xc0, 0x69, 0x15, 0x93, 0x9c, 0x3b, 0x44, 0x4f, 0x00, 0x54, 0x8f, 0x5e, 0x78, 0x6a,
-	0x4e, 0x8e, 0x77, 0x5e, 0x7e, 0x79, 0x5e, 0x08, 0x48, 0x65, 0x12, 0x1b, 0xd8, 0x30, 0x63, 0x40,
-	0x00, 0x00, 0x00, 0xff, 0xff, 0x9b, 0xa2, 0x42, 0xda, 0xea, 0x00, 0x00, 0x00,
-}
diff --git a/vendor/github.com/gogo/protobuf/types/type.pb.go b/vendor/github.com/gogo/protobuf/types/type.pb.go
new file mode 100644
index 0000000000000..791427bb228aa
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/types/type.pb.go
@@ -0,0 +1,3355 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: google/protobuf/type.proto
+
+package types
+
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strconv "strconv"
+	strings "strings"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
+// The syntax in which a protocol buffer element is defined.
+type Syntax int32
+
+const (
+	// Syntax `proto2`.
+	Syntax_SYNTAX_PROTO2 Syntax = 0
+	// Syntax `proto3`.
+	Syntax_SYNTAX_PROTO3 Syntax = 1
+)
+
+var Syntax_name = map[int32]string{
+	0: "SYNTAX_PROTO2",
+	1: "SYNTAX_PROTO3",
+}
+
+var Syntax_value = map[string]int32{
+	"SYNTAX_PROTO2": 0,
+	"SYNTAX_PROTO3": 1,
+}
+
+func (Syntax) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_dd271cc1e348c538, []int{0}
+}
+
+// Basic field types.
+type Field_Kind int32
+
+const (
+	// Field type unknown.
+	Field_TYPE_UNKNOWN Field_Kind = 0
+	// Field type double.
+	Field_TYPE_DOUBLE Field_Kind = 1
+	// Field type float.
+	Field_TYPE_FLOAT Field_Kind = 2
+	// Field type int64.
+	Field_TYPE_INT64 Field_Kind = 3
+	// Field type uint64.
+	Field_TYPE_UINT64 Field_Kind = 4
+	// Field type int32.
+	Field_TYPE_INT32 Field_Kind = 5
+	// Field type fixed64.
+	Field_TYPE_FIXED64 Field_Kind = 6
+	// Field type fixed32.
+	Field_TYPE_FIXED32 Field_Kind = 7
+	// Field type bool.
+	Field_TYPE_BOOL Field_Kind = 8
+	// Field type string.
+	Field_TYPE_STRING Field_Kind = 9
+	// Field type group. Proto2 syntax only, and deprecated.
+	Field_TYPE_GROUP Field_Kind = 10
+	// Field type message.
+	Field_TYPE_MESSAGE Field_Kind = 11
+	// Field type bytes.
+	Field_TYPE_BYTES Field_Kind = 12
+	// Field type uint32.
+	Field_TYPE_UINT32 Field_Kind = 13
+	// Field type enum.
+	Field_TYPE_ENUM Field_Kind = 14
+	// Field type sfixed32.
+	Field_TYPE_SFIXED32 Field_Kind = 15
+	// Field type sfixed64.
+	Field_TYPE_SFIXED64 Field_Kind = 16
+	// Field type sint32.
+	Field_TYPE_SINT32 Field_Kind = 17
+	// Field type sint64.
+	Field_TYPE_SINT64 Field_Kind = 18
+)
+
+var Field_Kind_name = map[int32]string{
+	0:  "TYPE_UNKNOWN",
+	1:  "TYPE_DOUBLE",
+	2:  "TYPE_FLOAT",
+	3:  "TYPE_INT64",
+	4:  "TYPE_UINT64",
+	5:  "TYPE_INT32",
+	6:  "TYPE_FIXED64",
+	7:  "TYPE_FIXED32",
+	8:  "TYPE_BOOL",
+	9:  "TYPE_STRING",
+	10: "TYPE_GROUP",
+	11: "TYPE_MESSAGE",
+	12: "TYPE_BYTES",
+	13: "TYPE_UINT32",
+	14: "TYPE_ENUM",
+	15: "TYPE_SFIXED32",
+	16: "TYPE_SFIXED64",
+	17: "TYPE_SINT32",
+	18: "TYPE_SINT64",
+}
+
+var Field_Kind_value = map[string]int32{
+	"TYPE_UNKNOWN":  0,
+	"TYPE_DOUBLE":   1,
+	"TYPE_FLOAT":    2,
+	"TYPE_INT64":    3,
+	"TYPE_UINT64":   4,
+	"TYPE_INT32":    5,
+	"TYPE_FIXED64":  6,
+	"TYPE_FIXED32":  7,
+	"TYPE_BOOL":     8,
+	"TYPE_STRING":   9,
+	"TYPE_GROUP":    10,
+	"TYPE_MESSAGE":  11,
+	"TYPE_BYTES":    12,
+	"TYPE_UINT32":   13,
+	"TYPE_ENUM":     14,
+	"TYPE_SFIXED32": 15,
+	"TYPE_SFIXED64": 16,
+	"TYPE_SINT32":   17,
+	"TYPE_SINT64":   18,
+}
+
+func (Field_Kind) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_dd271cc1e348c538, []int{1, 0}
+}
+
+// Whether a field is optional, required, or repeated.
+type Field_Cardinality int32
+
+const (
+	// For fields with unknown cardinality.
+	Field_CARDINALITY_UNKNOWN Field_Cardinality = 0
+	// For optional fields.
+	Field_CARDINALITY_OPTIONAL Field_Cardinality = 1
+	// For required fields. Proto2 syntax only.
+	Field_CARDINALITY_REQUIRED Field_Cardinality = 2
+	// For repeated fields.
+	Field_CARDINALITY_REPEATED Field_Cardinality = 3
+)
+
+var Field_Cardinality_name = map[int32]string{
+	0: "CARDINALITY_UNKNOWN",
+	1: "CARDINALITY_OPTIONAL",
+	2: "CARDINALITY_REQUIRED",
+	3: "CARDINALITY_REPEATED",
+}
+
+var Field_Cardinality_value = map[string]int32{
+	"CARDINALITY_UNKNOWN":  0,
+	"CARDINALITY_OPTIONAL": 1,
+	"CARDINALITY_REQUIRED": 2,
+	"CARDINALITY_REPEATED": 3,
+}
+
+func (Field_Cardinality) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_dd271cc1e348c538, []int{1, 1}
+}
+
+// A protocol buffer message type.
+type Type struct {
+	// The fully qualified message name.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// The list of fields.
+	Fields []*Field `protobuf:"bytes,2,rep,name=fields,proto3" json:"fields,omitempty"`
+	// The list of types appearing in `oneof` definitions in this type.
+	Oneofs []string `protobuf:"bytes,3,rep,name=oneofs,proto3" json:"oneofs,omitempty"`
+	// The protocol buffer options.
+	Options []*Option `protobuf:"bytes,4,rep,name=options,proto3" json:"options,omitempty"`
+	// The source context.
+	SourceContext *SourceContext `protobuf:"bytes,5,opt,name=source_context,json=sourceContext,proto3" json:"source_context,omitempty"`
+	// The source syntax.
+	Syntax               Syntax   `protobuf:"varint,6,opt,name=syntax,proto3,enum=google.protobuf.Syntax" json:"syntax,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Type) Reset()      { *m = Type{} }
+func (*Type) ProtoMessage() {}
+func (*Type) Descriptor() ([]byte, []int) {
+	return fileDescriptor_dd271cc1e348c538, []int{0}
+}
+func (m *Type) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Type) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Type.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Type) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Type.Merge(m, src)
+}
+func (m *Type) XXX_Size() int {
+	return m.Size()
+}
+func (m *Type) XXX_DiscardUnknown() {
+	xxx_messageInfo_Type.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Type proto.InternalMessageInfo
+
+func (m *Type) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Type) GetFields() []*Field {
+	if m != nil {
+		return m.Fields
+	}
+	return nil
+}
+
+func (m *Type) GetOneofs() []string {
+	if m != nil {
+		return m.Oneofs
+	}
+	return nil
+}
+
+func (m *Type) GetOptions() []*Option {
+	if m != nil {
+		return m.Options
+	}
+	return nil
+}
+
+func (m *Type) GetSourceContext() *SourceContext {
+	if m != nil {
+		return m.SourceContext
+	}
+	return nil
+}
+
+func (m *Type) GetSyntax() Syntax {
+	if m != nil {
+		return m.Syntax
+	}
+	return Syntax_SYNTAX_PROTO2
+}
+
+func (*Type) XXX_MessageName() string {
+	return "google.protobuf.Type"
+}
+
+// A single field of a message type.
+type Field struct {
+	// The field type.
+	Kind Field_Kind `protobuf:"varint,1,opt,name=kind,proto3,enum=google.protobuf.Field_Kind" json:"kind,omitempty"`
+	// The field cardinality.
+	Cardinality Field_Cardinality `protobuf:"varint,2,opt,name=cardinality,proto3,enum=google.protobuf.Field_Cardinality" json:"cardinality,omitempty"`
+	// The field number.
+	Number int32 `protobuf:"varint,3,opt,name=number,proto3" json:"number,omitempty"`
+	// The field name.
+	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
+	// The field type URL, without the scheme, for message or enumeration
+	// types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
+	TypeUrl string `protobuf:"bytes,6,opt,name=type_url,json=typeUrl,proto3" json:"type_url,omitempty"`
+	// The index of the field type in `Type.oneofs`, for message or enumeration
+	// types. The first type has index 1; zero means the type is not in the list.
+	OneofIndex int32 `protobuf:"varint,7,opt,name=oneof_index,json=oneofIndex,proto3" json:"oneof_index,omitempty"`
+	// Whether to use alternative packed wire representation.
+	Packed bool `protobuf:"varint,8,opt,name=packed,proto3" json:"packed,omitempty"`
+	// The protocol buffer options.
+	Options []*Option `protobuf:"bytes,9,rep,name=options,proto3" json:"options,omitempty"`
+	// The field JSON name.
+	JsonName string `protobuf:"bytes,10,opt,name=json_name,json=jsonName,proto3" json:"json_name,omitempty"`
+	// The string value of the default value of this field. Proto2 syntax only.
+	DefaultValue         string   `protobuf:"bytes,11,opt,name=default_value,json=defaultValue,proto3" json:"default_value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Field) Reset()      { *m = Field{} }
+func (*Field) ProtoMessage() {}
+func (*Field) Descriptor() ([]byte, []int) {
+	return fileDescriptor_dd271cc1e348c538, []int{1}
+}
+func (m *Field) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Field) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Field.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Field) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Field.Merge(m, src)
+}
+func (m *Field) XXX_Size() int {
+	return m.Size()
+}
+func (m *Field) XXX_DiscardUnknown() {
+	xxx_messageInfo_Field.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Field proto.InternalMessageInfo
+
+func (m *Field) GetKind() Field_Kind {
+	if m != nil {
+		return m.Kind
+	}
+	return Field_TYPE_UNKNOWN
+}
+
+func (m *Field) GetCardinality() Field_Cardinality {
+	if m != nil {
+		return m.Cardinality
+	}
+	return Field_CARDINALITY_UNKNOWN
+}
+
+func (m *Field) GetNumber() int32 {
+	if m != nil {
+		return m.Number
+	}
+	return 0
+}
+
+func (m *Field) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Field) GetTypeUrl() string {
+	if m != nil {
+		return m.TypeUrl
+	}
+	return ""
+}
+
+func (m *Field) GetOneofIndex() int32 {
+	if m != nil {
+		return m.OneofIndex
+	}
+	return 0
+}
+
+func (m *Field) GetPacked() bool {
+	if m != nil {
+		return m.Packed
+	}
+	return false
+}
+
+func (m *Field) GetOptions() []*Option {
+	if m != nil {
+		return m.Options
+	}
+	return nil
+}
+
+func (m *Field) GetJsonName() string {
+	if m != nil {
+		return m.JsonName
+	}
+	return ""
+}
+
+func (m *Field) GetDefaultValue() string {
+	if m != nil {
+		return m.DefaultValue
+	}
+	return ""
+}
+
+func (*Field) XXX_MessageName() string {
+	return "google.protobuf.Field"
+}
+
+// Enum type definition.
+type Enum struct {
+	// Enum type name.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Enum value definitions.
+	Enumvalue []*EnumValue `protobuf:"bytes,2,rep,name=enumvalue,proto3" json:"enumvalue,omitempty"`
+	// Protocol buffer options.
+	Options []*Option `protobuf:"bytes,3,rep,name=options,proto3" json:"options,omitempty"`
+	// The source context.
+	SourceContext *SourceContext `protobuf:"bytes,4,opt,name=source_context,json=sourceContext,proto3" json:"source_context,omitempty"`
+	// The source syntax.
+	Syntax               Syntax   `protobuf:"varint,5,opt,name=syntax,proto3,enum=google.protobuf.Syntax" json:"syntax,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Enum) Reset()      { *m = Enum{} }
+func (*Enum) ProtoMessage() {}
+func (*Enum) Descriptor() ([]byte, []int) {
+	return fileDescriptor_dd271cc1e348c538, []int{2}
+}
+func (m *Enum) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Enum) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Enum.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Enum) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Enum.Merge(m, src)
+}
+func (m *Enum) XXX_Size() int {
+	return m.Size()
+}
+func (m *Enum) XXX_DiscardUnknown() {
+	xxx_messageInfo_Enum.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Enum proto.InternalMessageInfo
+
+func (m *Enum) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Enum) GetEnumvalue() []*EnumValue {
+	if m != nil {
+		return m.Enumvalue
+	}
+	return nil
+}
+
+func (m *Enum) GetOptions() []*Option {
+	if m != nil {
+		return m.Options
+	}
+	return nil
+}
+
+func (m *Enum) GetSourceContext() *SourceContext {
+	if m != nil {
+		return m.SourceContext
+	}
+	return nil
+}
+
+func (m *Enum) GetSyntax() Syntax {
+	if m != nil {
+		return m.Syntax
+	}
+	return Syntax_SYNTAX_PROTO2
+}
+
+func (*Enum) XXX_MessageName() string {
+	return "google.protobuf.Enum"
+}
+
+// Enum value definition.
+type EnumValue struct {
+	// Enum value name.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Enum value number.
+	Number int32 `protobuf:"varint,2,opt,name=number,proto3" json:"number,omitempty"`
+	// Protocol buffer options.
+	Options              []*Option `protobuf:"bytes,3,rep,name=options,proto3" json:"options,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *EnumValue) Reset()      { *m = EnumValue{} }
+func (*EnumValue) ProtoMessage() {}
+func (*EnumValue) Descriptor() ([]byte, []int) {
+	return fileDescriptor_dd271cc1e348c538, []int{3}
+}
+func (m *EnumValue) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *EnumValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_EnumValue.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *EnumValue) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumValue.Merge(m, src)
+}
+func (m *EnumValue) XXX_Size() int {
+	return m.Size()
+}
+func (m *EnumValue) XXX_DiscardUnknown() {
+	xxx_messageInfo_EnumValue.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_EnumValue proto.InternalMessageInfo
+
+func (m *EnumValue) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *EnumValue) GetNumber() int32 {
+	if m != nil {
+		return m.Number
+	}
+	return 0
+}
+
+func (m *EnumValue) GetOptions() []*Option {
+	if m != nil {
+		return m.Options
+	}
+	return nil
+}
+
+func (*EnumValue) XXX_MessageName() string {
+	return "google.protobuf.EnumValue"
+}
+
+// A protocol buffer option, which can be attached to a message, field,
+// enumeration, etc.
+type Option struct {
+	// The option's name. For protobuf built-in options (options defined in
+	// descriptor.proto), this is the short name. For example, `"map_entry"`.
+	// For custom options, it should be the fully-qualified name. For example,
+	// `"google.api.http"`.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// The option's value packed in an Any message. If the value is a primitive,
+	// the corresponding wrapper type defined in google/protobuf/wrappers.proto
+	// should be used. If the value is an enum, it should be stored as an int32
+	// value using the google.protobuf.Int32Value type.
+	Value                *Any     `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Option) Reset()      { *m = Option{} }
+func (*Option) ProtoMessage() {}
+func (*Option) Descriptor() ([]byte, []int) {
+	return fileDescriptor_dd271cc1e348c538, []int{4}
+}
+func (m *Option) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Option) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Option.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Option) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Option.Merge(m, src)
+}
+func (m *Option) XXX_Size() int {
+	return m.Size()
+}
+func (m *Option) XXX_DiscardUnknown() {
+	xxx_messageInfo_Option.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Option proto.InternalMessageInfo
+
+func (m *Option) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Option) GetValue() *Any {
+	if m != nil {
+		return m.Value
+	}
+	return nil
+}
+
+func (*Option) XXX_MessageName() string {
+	return "google.protobuf.Option"
+}
+func init() {
+	proto.RegisterEnum("google.protobuf.Syntax", Syntax_name, Syntax_value)
+	proto.RegisterEnum("google.protobuf.Field_Kind", Field_Kind_name, Field_Kind_value)
+	proto.RegisterEnum("google.protobuf.Field_Cardinality", Field_Cardinality_name, Field_Cardinality_value)
+	proto.RegisterType((*Type)(nil), "google.protobuf.Type")
+	proto.RegisterType((*Field)(nil), "google.protobuf.Field")
+	proto.RegisterType((*Enum)(nil), "google.protobuf.Enum")
+	proto.RegisterType((*EnumValue)(nil), "google.protobuf.EnumValue")
+	proto.RegisterType((*Option)(nil), "google.protobuf.Option")
+}
+
+func init() { proto.RegisterFile("google/protobuf/type.proto", fileDescriptor_dd271cc1e348c538) }
+
+var fileDescriptor_dd271cc1e348c538 = []byte{
+	// 840 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0xcf, 0x73, 0xda, 0x46,
+	0x14, 0xf6, 0x0a, 0x21, 0xa3, 0x87, 0xc1, 0x9b, 0x4d, 0x26, 0x51, 0x9c, 0x19, 0x95, 0xa1, 0x3d,
+	0x30, 0x39, 0xe0, 0x29, 0x78, 0x3c, 0xbd, 0x82, 0x91, 0x29, 0x63, 0x22, 0xa9, 0x8b, 0x68, 0xe2,
+	0x5e, 0x18, 0x0c, 0x72, 0x86, 0x44, 0xac, 0x18, 0x24, 0x5a, 0x73, 0xeb, 0x4c, 0xcf, 0xfd, 0x27,
+	0x7a, 0xea, 0xf4, 0xdc, 0x3f, 0xc2, 0xc7, 0x1e, 0x7b, 0xac, 0xc9, 0xa5, 0xc7, 0x1c, 0x73, 0x6b,
+	0x67, 0x57, 0x20, 0x8b, 0x1f, 0x9d, 0x49, 0xdb, 0x1b, 0xef, 0xfb, 0xbe, 0xf7, 0x73, 0x9f, 0x1e,
+	0x70, 0xf4, 0xda, 0xf7, 0x5f, 0x7b, 0xee, 0xf1, 0x64, 0xea, 0x87, 0xfe, 0xd5, 0xec, 0xfa, 0x38,
+	0x9c, 0x4f, 0xdc, 0xb2, 0xb0, 0xc8, 0x61, 0xc4, 0x95, 0x57, 0xdc, 0xd1, 0xd3, 0x4d, 0x71, 0x9f,
+	0xcd, 0x23, 0xf6, 0xe8, 0xb3, 0x4d, 0x2a, 0xf0, 0x67, 0xd3, 0x81, 0xdb, 0x1b, 0xf8, 0x2c, 0x74,
+	0x6f, 0xc2, 0x48, 0x55, 0xfc, 0x51, 0x02, 0xd9, 0x99, 0x4f, 0x5c, 0x42, 0x40, 0x66, 0xfd, 0xb1,
+	0xab, 0xa1, 0x02, 0x2a, 0xa9, 0x54, 0xfc, 0x26, 0x65, 0x50, 0xae, 0x47, 0xae, 0x37, 0x0c, 0x34,
+	0xa9, 0x90, 0x2a, 0x65, 0x2b, 0x8f, 0xcb, 0x1b, 0xf9, 0xcb, 0xe7, 0x9c, 0xa6, 0x4b, 0x15, 0x79,
+	0x0c, 0x8a, 0xcf, 0x5c, 0xff, 0x3a, 0xd0, 0x52, 0x85, 0x54, 0x49, 0xa5, 0x4b, 0x8b, 0x7c, 0x0e,
+	0xfb, 0xfe, 0x24, 0x1c, 0xf9, 0x2c, 0xd0, 0x64, 0x11, 0xe8, 0xc9, 0x56, 0x20, 0x4b, 0xf0, 0x74,
+	0xa5, 0x23, 0x06, 0xe4, 0xd7, 0xeb, 0xd5, 0xd2, 0x05, 0x54, 0xca, 0x56, 0xf4, 0x2d, 0xcf, 0x8e,
+	0x90, 0x9d, 0x45, 0x2a, 0x9a, 0x0b, 0x92, 0x26, 0x39, 0x06, 0x25, 0x98, 0xb3, 0xb0, 0x7f, 0xa3,
+	0x29, 0x05, 0x54, 0xca, 0xef, 0x48, 0xdc, 0x11, 0x34, 0x5d, 0xca, 0x8a, 0xbf, 0x2a, 0x90, 0x16,
+	0x4d, 0x91, 0x63, 0x90, 0xdf, 0x8e, 0xd8, 0x50, 0x0c, 0x24, 0x5f, 0x79, 0xb6, 0xbb, 0xf5, 0xf2,
+	0xc5, 0x88, 0x0d, 0xa9, 0x10, 0x92, 0x06, 0x64, 0x07, 0xfd, 0xe9, 0x70, 0xc4, 0xfa, 0xde, 0x28,
+	0x9c, 0x6b, 0x92, 0xf0, 0x2b, 0xfe, 0x83, 0xdf, 0xd9, 0xbd, 0x92, 0x26, 0xdd, 0xf8, 0x0c, 0xd9,
+	0x6c, 0x7c, 0xe5, 0x4e, 0xb5, 0x54, 0x01, 0x95, 0xd2, 0x74, 0x69, 0xc5, 0xef, 0x23, 0x27, 0xde,
+	0xe7, 0x29, 0x64, 0xf8, 0x72, 0xf4, 0x66, 0x53, 0x4f, 0xf4, 0xa7, 0xd2, 0x7d, 0x6e, 0x77, 0xa7,
+	0x1e, 0xf9, 0x04, 0xb2, 0x62, 0xf8, 0xbd, 0x11, 0x1b, 0xba, 0x37, 0xda, 0xbe, 0x88, 0x05, 0x02,
+	0x6a, 0x71, 0x84, 0xe7, 0x99, 0xf4, 0x07, 0x6f, 0xdd, 0xa1, 0x96, 0x29, 0xa0, 0x52, 0x86, 0x2e,
+	0xad, 0xe4, 0x5b, 0xa9, 0x1f, 0xf9, 0x56, 0xcf, 0x40, 0x7d, 0x13, 0xf8, 0xac, 0x27, 0xea, 0x03,
+	0x51, 0x47, 0x86, 0x03, 0x26, 0xaf, 0xf1, 0x53, 0xc8, 0x0d, 0xdd, 0xeb, 0xfe, 0xcc, 0x0b, 0x7b,
+	0xdf, 0xf6, 0xbd, 0x99, 0xab, 0x65, 0x85, 0xe0, 0x60, 0x09, 0x7e, 0xcd, 0xb1, 0xe2, 0xad, 0x04,
+	0x32, 0x9f, 0x24, 0xc1, 0x70, 0xe0, 0x5c, 0xda, 0x46, 0xaf, 0x6b, 0x5e, 0x98, 0xd6, 0x4b, 0x13,
+	0xef, 0x91, 0x43, 0xc8, 0x0a, 0xa4, 0x61, 0x75, 0xeb, 0x6d, 0x03, 0x23, 0x92, 0x07, 0x10, 0xc0,
+	0x79, 0xdb, 0xaa, 0x39, 0x58, 0x8a, 0xed, 0x96, 0xe9, 0x9c, 0x9e, 0xe0, 0x54, 0xec, 0xd0, 0x8d,
+	0x00, 0x39, 0x29, 0xa8, 0x56, 0x70, 0x3a, 0xce, 0x71, 0xde, 0x7a, 0x65, 0x34, 0x4e, 0x4f, 0xb0,
+	0xb2, 0x8e, 0x54, 0x2b, 0x78, 0x9f, 0xe4, 0x40, 0x15, 0x48, 0xdd, 0xb2, 0xda, 0x38, 0x13, 0xc7,
+	0xec, 0x38, 0xb4, 0x65, 0x36, 0xb1, 0x1a, 0xc7, 0x6c, 0x52, 0xab, 0x6b, 0x63, 0x88, 0x23, 0xbc,
+	0x30, 0x3a, 0x9d, 0x5a, 0xd3, 0xc0, 0xd9, 0x58, 0x51, 0xbf, 0x74, 0x8c, 0x0e, 0x3e, 0x58, 0x2b,
+	0xab, 0x5a, 0xc1, 0xb9, 0x38, 0x85, 0x61, 0x76, 0x5f, 0xe0, 0x3c, 0x79, 0x00, 0xb9, 0x28, 0xc5,
+	0xaa, 0x88, 0xc3, 0x0d, 0xe8, 0xf4, 0x04, 0xe3, 0xfb, 0x42, 0xa2, 0x28, 0x0f, 0xd6, 0x80, 0xd3,
+	0x13, 0x4c, 0x8a, 0x21, 0x64, 0x13, 0xbb, 0x45, 0x9e, 0xc0, 0xc3, 0xb3, 0x1a, 0x6d, 0xb4, 0xcc,
+	0x5a, 0xbb, 0xe5, 0x5c, 0x26, 0xe6, 0xaa, 0xc1, 0xa3, 0x24, 0x61, 0xd9, 0x4e, 0xcb, 0x32, 0x6b,
+	0x6d, 0x8c, 0x36, 0x19, 0x6a, 0x7c, 0xd5, 0x6d, 0x51, 0xa3, 0x81, 0xa5, 0x6d, 0xc6, 0x36, 0x6a,
+	0x8e, 0xd1, 0xc0, 0xa9, 0xe2, 0x5f, 0x08, 0x64, 0x83, 0xcd, 0xc6, 0x3b, 0xcf, 0xc8, 0x17, 0xa0,
+	0xba, 0x6c, 0x36, 0x8e, 0x9e, 0x3f, 0xba, 0x24, 0x47, 0x5b, 0x4b, 0xc5, 0xbd, 0xc5, 0x32, 0xd0,
+	0x7b, 0x71, 0x72, 0x19, 0x53, 0xff, 0xf9, 0x70, 0xc8, 0xff, 0xef, 0x70, 0xa4, 0x3f, 0xee, 0x70,
+	0xbc, 0x01, 0x35, 0x6e, 0x61, 0xe7, 0x14, 0xee, 0x3f, 0x6c, 0x69, 0xed, 0xc3, 0xfe, 0xf7, 0x3d,
+	0x16, 0xbf, 0x04, 0x25, 0x82, 0x76, 0x26, 0x7a, 0x0e, 0xe9, 0xd5, 0xa8, 0x79, 0xe3, 0x8f, 0xb6,
+	0xc2, 0xd5, 0xd8, 0x9c, 0x46, 0x92, 0xe7, 0x65, 0x50, 0xa2, 0x3e, 0xf8, 0xb2, 0x75, 0x2e, 0x4d,
+	0xa7, 0xf6, 0xaa, 0x67, 0x53, 0xcb, 0xb1, 0x2a, 0x78, 0x6f, 0x13, 0xaa, 0x62, 0x54, 0xff, 0x01,
+	0xfd, 0x7e, 0xa7, 0xef, 0xbd, 0xbf, 0xd3, 0xd1, 0x87, 0x3b, 0x1d, 0x7d, 0xbf, 0xd0, 0xd1, 0xcf,
+	0x0b, 0x1d, 0xdd, 0x2e, 0x74, 0xf4, 0xdb, 0x42, 0x47, 0x7f, 0x2c, 0x74, 0xf4, 0xe7, 0x42, 0xdf,
+	0x7b, 0xcf, 0xf1, 0x77, 0x3a, 0xba, 0x7d, 0xa7, 0x23, 0x78, 0x38, 0xf0, 0xc7, 0x9b, 0x25, 0xd4,
+	0x55, 0xfe, 0x9f, 0x63, 0x73, 0xcb, 0x46, 0xdf, 0xa4, 0xf9, 0xd1, 0x0a, 0x3e, 0x20, 0xf4, 0x93,
+	0x94, 0x6a, 0xda, 0xf5, 0x5f, 0x24, 0xbd, 0x19, 0xc9, 0xed, 0x55, 0xc5, 0x2f, 0x5d, 0xcf, 0xbb,
+	0x60, 0xfe, 0x77, 0x8c, 0xbb, 0x05, 0x57, 0x8a, 0x88, 0x53, 0xfd, 0x3b, 0x00, 0x00, 0xff, 0xff,
+	0xbc, 0x2a, 0x5e, 0x82, 0x2b, 0x07, 0x00, 0x00,
+}
+
+func (this *Type) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Type)
+	if !ok {
+		that2, ok := that.(Type)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.Name != that1.Name {
+		if this.Name < that1.Name {
+			return -1
+		}
+		return 1
+	}
+	if len(this.Fields) != len(that1.Fields) {
+		if len(this.Fields) < len(that1.Fields) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Fields {
+		if c := this.Fields[i].Compare(that1.Fields[i]); c != 0 {
+			return c
+		}
+	}
+	if len(this.Oneofs) != len(that1.Oneofs) {
+		if len(this.Oneofs) < len(that1.Oneofs) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Oneofs {
+		if this.Oneofs[i] != that1.Oneofs[i] {
+			if this.Oneofs[i] < that1.Oneofs[i] {
+				return -1
+			}
+			return 1
+		}
+	}
+	if len(this.Options) != len(that1.Options) {
+		if len(this.Options) < len(that1.Options) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Options {
+		if c := this.Options[i].Compare(that1.Options[i]); c != 0 {
+			return c
+		}
+	}
+	if c := this.SourceContext.Compare(that1.SourceContext); c != 0 {
+		return c
+	}
+	if this.Syntax != that1.Syntax {
+		if this.Syntax < that1.Syntax {
+			return -1
+		}
+		return 1
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Field) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Field)
+	if !ok {
+		that2, ok := that.(Field)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.Kind != that1.Kind {
+		if this.Kind < that1.Kind {
+			return -1
+		}
+		return 1
+	}
+	if this.Cardinality != that1.Cardinality {
+		if this.Cardinality < that1.Cardinality {
+			return -1
+		}
+		return 1
+	}
+	if this.Number != that1.Number {
+		if this.Number < that1.Number {
+			return -1
+		}
+		return 1
+	}
+	if this.Name != that1.Name {
+		if this.Name < that1.Name {
+			return -1
+		}
+		return 1
+	}
+	if this.TypeUrl != that1.TypeUrl {
+		if this.TypeUrl < that1.TypeUrl {
+			return -1
+		}
+		return 1
+	}
+	if this.OneofIndex != that1.OneofIndex {
+		if this.OneofIndex < that1.OneofIndex {
+			return -1
+		}
+		return 1
+	}
+	if this.Packed != that1.Packed {
+		if !this.Packed {
+			return -1
+		}
+		return 1
+	}
+	if len(this.Options) != len(that1.Options) {
+		if len(this.Options) < len(that1.Options) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Options {
+		if c := this.Options[i].Compare(that1.Options[i]); c != 0 {
+			return c
+		}
+	}
+	if this.JsonName != that1.JsonName {
+		if this.JsonName < that1.JsonName {
+			return -1
+		}
+		return 1
+	}
+	if this.DefaultValue != that1.DefaultValue {
+		if this.DefaultValue < that1.DefaultValue {
+			return -1
+		}
+		return 1
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Enum) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Enum)
+	if !ok {
+		that2, ok := that.(Enum)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.Name != that1.Name {
+		if this.Name < that1.Name {
+			return -1
+		}
+		return 1
+	}
+	if len(this.Enumvalue) != len(that1.Enumvalue) {
+		if len(this.Enumvalue) < len(that1.Enumvalue) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Enumvalue {
+		if c := this.Enumvalue[i].Compare(that1.Enumvalue[i]); c != 0 {
+			return c
+		}
+	}
+	if len(this.Options) != len(that1.Options) {
+		if len(this.Options) < len(that1.Options) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Options {
+		if c := this.Options[i].Compare(that1.Options[i]); c != 0 {
+			return c
+		}
+	}
+	if c := this.SourceContext.Compare(that1.SourceContext); c != 0 {
+		return c
+	}
+	if this.Syntax != that1.Syntax {
+		if this.Syntax < that1.Syntax {
+			return -1
+		}
+		return 1
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *EnumValue) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*EnumValue)
+	if !ok {
+		that2, ok := that.(EnumValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.Name != that1.Name {
+		if this.Name < that1.Name {
+			return -1
+		}
+		return 1
+	}
+	if this.Number != that1.Number {
+		if this.Number < that1.Number {
+			return -1
+		}
+		return 1
+	}
+	if len(this.Options) != len(that1.Options) {
+		if len(this.Options) < len(that1.Options) {
+			return -1
+		}
+		return 1
+	}
+	for i := range this.Options {
+		if c := this.Options[i].Compare(that1.Options[i]); c != 0 {
+			return c
+		}
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (this *Option) Compare(that interface{}) int {
+	if that == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	}
+
+	that1, ok := that.(*Option)
+	if !ok {
+		that2, ok := that.(Option)
+		if ok {
+			that1 = &that2
+		} else {
+			return 1
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return 0
+		}
+		return 1
+	} else if this == nil {
+		return -1
+	}
+	if this.Name != that1.Name {
+		if this.Name < that1.Name {
+			return -1
+		}
+		return 1
+	}
+	if c := this.Value.Compare(that1.Value); c != 0 {
+		return c
+	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
+	return 0
+}
+func (x Syntax) String() string {
+	s, ok := Syntax_name[int32(x)]
+	if ok {
+		return s
+	}
+	return strconv.Itoa(int(x))
+}
+func (x Field_Kind) String() string {
+	s, ok := Field_Kind_name[int32(x)]
+	if ok {
+		return s
+	}
+	return strconv.Itoa(int(x))
+}
+func (x Field_Cardinality) String() string {
+	s, ok := Field_Cardinality_name[int32(x)]
+	if ok {
+		return s
+	}
+	return strconv.Itoa(int(x))
+}
+func (this *Type) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*Type)
+	if !ok {
+		that2, ok := that.(Type)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Name != that1.Name {
+		return false
+	}
+	if len(this.Fields) != len(that1.Fields) {
+		return false
+	}
+	for i := range this.Fields {
+		if !this.Fields[i].Equal(that1.Fields[i]) {
+			return false
+		}
+	}
+	if len(this.Oneofs) != len(that1.Oneofs) {
+		return false
+	}
+	for i := range this.Oneofs {
+		if this.Oneofs[i] != that1.Oneofs[i] {
+			return false
+		}
+	}
+	if len(this.Options) != len(that1.Options) {
+		return false
+	}
+	for i := range this.Options {
+		if !this.Options[i].Equal(that1.Options[i]) {
+			return false
+		}
+	}
+	if !this.SourceContext.Equal(that1.SourceContext) {
+		return false
+	}
+	if this.Syntax != that1.Syntax {
+		return false
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *Field) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*Field)
+	if !ok {
+		that2, ok := that.(Field)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Kind != that1.Kind {
+		return false
+	}
+	if this.Cardinality != that1.Cardinality {
+		return false
+	}
+	if this.Number != that1.Number {
+		return false
+	}
+	if this.Name != that1.Name {
+		return false
+	}
+	if this.TypeUrl != that1.TypeUrl {
+		return false
+	}
+	if this.OneofIndex != that1.OneofIndex {
+		return false
+	}
+	if this.Packed != that1.Packed {
+		return false
+	}
+	if len(this.Options) != len(that1.Options) {
+		return false
+	}
+	for i := range this.Options {
+		if !this.Options[i].Equal(that1.Options[i]) {
+			return false
+		}
+	}
+	if this.JsonName != that1.JsonName {
+		return false
+	}
+	if this.DefaultValue != that1.DefaultValue {
+		return false
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *Enum) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*Enum)
+	if !ok {
+		that2, ok := that.(Enum)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Name != that1.Name {
+		return false
+	}
+	if len(this.Enumvalue) != len(that1.Enumvalue) {
+		return false
+	}
+	for i := range this.Enumvalue {
+		if !this.Enumvalue[i].Equal(that1.Enumvalue[i]) {
+			return false
+		}
+	}
+	if len(this.Options) != len(that1.Options) {
+		return false
+	}
+	for i := range this.Options {
+		if !this.Options[i].Equal(that1.Options[i]) {
+			return false
+		}
+	}
+	if !this.SourceContext.Equal(that1.SourceContext) {
+		return false
+	}
+	if this.Syntax != that1.Syntax {
+		return false
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *EnumValue) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*EnumValue)
+	if !ok {
+		that2, ok := that.(EnumValue)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Name != that1.Name {
+		return false
+	}
+	if this.Number != that1.Number {
+		return false
+	}
+	if len(this.Options) != len(that1.Options) {
+		return false
+	}
+	for i := range this.Options {
+		if !this.Options[i].Equal(that1.Options[i]) {
+			return false
+		}
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *Option) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*Option)
+	if !ok {
+		that2, ok := that.(Option)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Name != that1.Name {
+		return false
+	}
+	if !this.Value.Equal(that1.Value) {
+		return false
+	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
+	return true
+}
+func (this *Type) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 10)
+	s = append(s, "&types.Type{")
+	s = append(s, "Name: "+fmt.Sprintf("%#v", this.Name)+",\n")
+	if this.Fields != nil {
+		s = append(s, "Fields: "+fmt.Sprintf("%#v", this.Fields)+",\n")
+	}
+	s = append(s, "Oneofs: "+fmt.Sprintf("%#v", this.Oneofs)+",\n")
+	if this.Options != nil {
+		s = append(s, "Options: "+fmt.Sprintf("%#v", this.Options)+",\n")
+	}
+	if this.SourceContext != nil {
+		s = append(s, "SourceContext: "+fmt.Sprintf("%#v", this.SourceContext)+",\n")
+	}
+	s = append(s, "Syntax: "+fmt.Sprintf("%#v", this.Syntax)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *Field) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 14)
+	s = append(s, "&types.Field{")
+	s = append(s, "Kind: "+fmt.Sprintf("%#v", this.Kind)+",\n")
+	s = append(s, "Cardinality: "+fmt.Sprintf("%#v", this.Cardinality)+",\n")
+	s = append(s, "Number: "+fmt.Sprintf("%#v", this.Number)+",\n")
+	s = append(s, "Name: "+fmt.Sprintf("%#v", this.Name)+",\n")
+	s = append(s, "TypeUrl: "+fmt.Sprintf("%#v", this.TypeUrl)+",\n")
+	s = append(s, "OneofIndex: "+fmt.Sprintf("%#v", this.OneofIndex)+",\n")
+	s = append(s, "Packed: "+fmt.Sprintf("%#v", this.Packed)+",\n")
+	if this.Options != nil {
+		s = append(s, "Options: "+fmt.Sprintf("%#v", this.Options)+",\n")
+	}
+	s = append(s, "JsonName: "+fmt.Sprintf("%#v", this.JsonName)+",\n")
+	s = append(s, "DefaultValue: "+fmt.Sprintf("%#v", this.DefaultValue)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *Enum) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 9)
+	s = append(s, "&types.Enum{")
+	s = append(s, "Name: "+fmt.Sprintf("%#v", this.Name)+",\n")
+	if this.Enumvalue != nil {
+		s = append(s, "Enumvalue: "+fmt.Sprintf("%#v", this.Enumvalue)+",\n")
+	}
+	if this.Options != nil {
+		s = append(s, "Options: "+fmt.Sprintf("%#v", this.Options)+",\n")
+	}
+	if this.SourceContext != nil {
+		s = append(s, "SourceContext: "+fmt.Sprintf("%#v", this.SourceContext)+",\n")
+	}
+	s = append(s, "Syntax: "+fmt.Sprintf("%#v", this.Syntax)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *EnumValue) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 7)
+	s = append(s, "&types.EnumValue{")
+	s = append(s, "Name: "+fmt.Sprintf("%#v", this.Name)+",\n")
+	s = append(s, "Number: "+fmt.Sprintf("%#v", this.Number)+",\n")
+	if this.Options != nil {
+		s = append(s, "Options: "+fmt.Sprintf("%#v", this.Options)+",\n")
+	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *Option) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 6)
+	s = append(s, "&types.Option{")
+	s = append(s, "Name: "+fmt.Sprintf("%#v", this.Name)+",\n")
+	if this.Value != nil {
+		s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	}
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func valueToGoStringType(v interface{}, typ string) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
+}
+func (m *Type) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Type) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Type) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Syntax != 0 {
+		i = encodeVarintType(dAtA, i, uint64(m.Syntax))
+		i--
+		dAtA[i] = 0x30
+	}
+	if m.SourceContext != nil {
+		{
+			size, err := m.SourceContext.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintType(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
+	}
+	if len(m.Options) > 0 {
+		for iNdEx := len(m.Options) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Options[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintType(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
+		}
+	}
+	if len(m.Oneofs) > 0 {
+		for iNdEx := len(m.Oneofs) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Oneofs[iNdEx])
+			copy(dAtA[i:], m.Oneofs[iNdEx])
+			i = encodeVarintType(dAtA, i, uint64(len(m.Oneofs[iNdEx])))
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.Fields) > 0 {
+		for iNdEx := len(m.Fields) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Fields[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintType(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintType(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Field) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Field) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Field) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.DefaultValue) > 0 {
+		i -= len(m.DefaultValue)
+		copy(dAtA[i:], m.DefaultValue)
+		i = encodeVarintType(dAtA, i, uint64(len(m.DefaultValue)))
+		i--
+		dAtA[i] = 0x5a
+	}
+	if len(m.JsonName) > 0 {
+		i -= len(m.JsonName)
+		copy(dAtA[i:], m.JsonName)
+		i = encodeVarintType(dAtA, i, uint64(len(m.JsonName)))
+		i--
+		dAtA[i] = 0x52
+	}
+	if len(m.Options) > 0 {
+		for iNdEx := len(m.Options) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Options[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintType(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x4a
+		}
+	}
+	if m.Packed {
+		i--
+		if m.Packed {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x40
+	}
+	if m.OneofIndex != 0 {
+		i = encodeVarintType(dAtA, i, uint64(m.OneofIndex))
+		i--
+		dAtA[i] = 0x38
+	}
+	if len(m.TypeUrl) > 0 {
+		i -= len(m.TypeUrl)
+		copy(dAtA[i:], m.TypeUrl)
+		i = encodeVarintType(dAtA, i, uint64(len(m.TypeUrl)))
+		i--
+		dAtA[i] = 0x32
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintType(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.Number != 0 {
+		i = encodeVarintType(dAtA, i, uint64(m.Number))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Cardinality != 0 {
+		i = encodeVarintType(dAtA, i, uint64(m.Cardinality))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Kind != 0 {
+		i = encodeVarintType(dAtA, i, uint64(m.Kind))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Enum) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Enum) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Enum) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Syntax != 0 {
+		i = encodeVarintType(dAtA, i, uint64(m.Syntax))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.SourceContext != nil {
+		{
+			size, err := m.SourceContext.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintType(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.Options) > 0 {
+		for iNdEx := len(m.Options) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Options[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintType(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.Enumvalue) > 0 {
+		for iNdEx := len(m.Enumvalue) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Enumvalue[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintType(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintType(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *EnumValue) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *EnumValue) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *EnumValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Options) > 0 {
+		for iNdEx := len(m.Options) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Options[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintType(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if m.Number != 0 {
+		i = encodeVarintType(dAtA, i, uint64(m.Number))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintType(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Option) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Option) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Option) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Value != nil {
+		{
+			size, err := m.Value.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintType(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintType(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintType(dAtA []byte, offset int, v uint64) int {
+	offset -= sovType(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func NewPopulatedType(r randyType, easy bool) *Type {
+	this := &Type{}
+	this.Name = string(randStringType(r))
+	if r.Intn(5) != 0 {
+		v1 := r.Intn(5)
+		this.Fields = make([]*Field, v1)
+		for i := 0; i < v1; i++ {
+			this.Fields[i] = NewPopulatedField(r, easy)
+		}
+	}
+	v2 := r.Intn(10)
+	this.Oneofs = make([]string, v2)
+	for i := 0; i < v2; i++ {
+		this.Oneofs[i] = string(randStringType(r))
+	}
+	if r.Intn(5) != 0 {
+		v3 := r.Intn(5)
+		this.Options = make([]*Option, v3)
+		for i := 0; i < v3; i++ {
+			this.Options[i] = NewPopulatedOption(r, easy)
+		}
+	}
+	if r.Intn(5) != 0 {
+		this.SourceContext = NewPopulatedSourceContext(r, easy)
+	}
+	this.Syntax = Syntax([]int32{0, 1}[r.Intn(2)])
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedType(r, 7)
+	}
+	return this
+}
+
+func NewPopulatedField(r randyType, easy bool) *Field {
+	this := &Field{}
+	this.Kind = Field_Kind([]int32{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18}[r.Intn(19)])
+	this.Cardinality = Field_Cardinality([]int32{0, 1, 2, 3}[r.Intn(4)])
+	this.Number = int32(r.Int31())
+	if r.Intn(2) == 0 {
+		this.Number *= -1
+	}
+	this.Name = string(randStringType(r))
+	this.TypeUrl = string(randStringType(r))
+	this.OneofIndex = int32(r.Int31())
+	if r.Intn(2) == 0 {
+		this.OneofIndex *= -1
+	}
+	this.Packed = bool(bool(r.Intn(2) == 0))
+	if r.Intn(5) != 0 {
+		v4 := r.Intn(5)
+		this.Options = make([]*Option, v4)
+		for i := 0; i < v4; i++ {
+			this.Options[i] = NewPopulatedOption(r, easy)
+		}
+	}
+	this.JsonName = string(randStringType(r))
+	this.DefaultValue = string(randStringType(r))
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedType(r, 12)
+	}
+	return this
+}
+
+func NewPopulatedEnum(r randyType, easy bool) *Enum {
+	this := &Enum{}
+	this.Name = string(randStringType(r))
+	if r.Intn(5) != 0 {
+		v5 := r.Intn(5)
+		this.Enumvalue = make([]*EnumValue, v5)
+		for i := 0; i < v5; i++ {
+			this.Enumvalue[i] = NewPopulatedEnumValue(r, easy)
+		}
+	}
+	if r.Intn(5) != 0 {
+		v6 := r.Intn(5)
+		this.Options = make([]*Option, v6)
+		for i := 0; i < v6; i++ {
+			this.Options[i] = NewPopulatedOption(r, easy)
+		}
+	}
+	if r.Intn(5) != 0 {
+		this.SourceContext = NewPopulatedSourceContext(r, easy)
+	}
+	this.Syntax = Syntax([]int32{0, 1}[r.Intn(2)])
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedType(r, 6)
+	}
+	return this
+}
+
+func NewPopulatedEnumValue(r randyType, easy bool) *EnumValue {
+	this := &EnumValue{}
+	this.Name = string(randStringType(r))
+	this.Number = int32(r.Int31())
+	if r.Intn(2) == 0 {
+		this.Number *= -1
+	}
+	if r.Intn(5) != 0 {
+		v7 := r.Intn(5)
+		this.Options = make([]*Option, v7)
+		for i := 0; i < v7; i++ {
+			this.Options[i] = NewPopulatedOption(r, easy)
+		}
+	}
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedType(r, 4)
+	}
+	return this
+}
+
+func NewPopulatedOption(r randyType, easy bool) *Option {
+	this := &Option{}
+	this.Name = string(randStringType(r))
+	if r.Intn(5) != 0 {
+		this.Value = NewPopulatedAny(r, easy)
+	}
+	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedType(r, 3)
+	}
+	return this
+}
+
+type randyType interface {
+	Float32() float32
+	Float64() float64
+	Int63() int64
+	Int31() int32
+	Uint32() uint32
+	Intn(n int) int
+}
+
+func randUTF8RuneType(r randyType) rune {
+	ru := r.Intn(62)
+	if ru < 10 {
+		return rune(ru + 48)
+	} else if ru < 36 {
+		return rune(ru + 55)
+	}
+	return rune(ru + 61)
+}
+func randStringType(r randyType) string {
+	v8 := r.Intn(100)
+	tmps := make([]rune, v8)
+	for i := 0; i < v8; i++ {
+		tmps[i] = randUTF8RuneType(r)
+	}
+	return string(tmps)
+}
+func randUnrecognizedType(r randyType, maxFieldNumber int) (dAtA []byte) {
+	l := r.Intn(5)
+	for i := 0; i < l; i++ {
+		wire := r.Intn(4)
+		if wire == 3 {
+			wire = 5
+		}
+		fieldNumber := maxFieldNumber + r.Intn(100)
+		dAtA = randFieldType(dAtA, r, fieldNumber, wire)
+	}
+	return dAtA
+}
+func randFieldType(dAtA []byte, r randyType, fieldNumber int, wire int) []byte {
+	key := uint32(fieldNumber)<<3 | uint32(wire)
+	switch wire {
+	case 0:
+		dAtA = encodeVarintPopulateType(dAtA, uint64(key))
+		v9 := r.Int63()
+		if r.Intn(2) == 0 {
+			v9 *= -1
+		}
+		dAtA = encodeVarintPopulateType(dAtA, uint64(v9))
+	case 1:
+		dAtA = encodeVarintPopulateType(dAtA, uint64(key))
+		dAtA = append(dAtA, byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)))
+	case 2:
+		dAtA = encodeVarintPopulateType(dAtA, uint64(key))
+		ll := r.Intn(100)
+		dAtA = encodeVarintPopulateType(dAtA, uint64(ll))
+		for j := 0; j < ll; j++ {
+			dAtA = append(dAtA, byte(r.Intn(256)))
+		}
+	default:
+		dAtA = encodeVarintPopulateType(dAtA, uint64(key))
+		dAtA = append(dAtA, byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)))
+	}
+	return dAtA
+}
+func encodeVarintPopulateType(dAtA []byte, v uint64) []byte {
+	for v >= 1<<7 {
+		dAtA = append(dAtA, uint8(uint64(v)&0x7f|0x80))
+		v >>= 7
+	}
+	dAtA = append(dAtA, uint8(v))
+	return dAtA
+}
+func (m *Type) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovType(uint64(l))
+	}
+	if len(m.Fields) > 0 {
+		for _, e := range m.Fields {
+			l = e.Size()
+			n += 1 + l + sovType(uint64(l))
+		}
+	}
+	if len(m.Oneofs) > 0 {
+		for _, s := range m.Oneofs {
+			l = len(s)
+			n += 1 + l + sovType(uint64(l))
+		}
+	}
+	if len(m.Options) > 0 {
+		for _, e := range m.Options {
+			l = e.Size()
+			n += 1 + l + sovType(uint64(l))
+		}
+	}
+	if m.SourceContext != nil {
+		l = m.SourceContext.Size()
+		n += 1 + l + sovType(uint64(l))
+	}
+	if m.Syntax != 0 {
+		n += 1 + sovType(uint64(m.Syntax))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *Field) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Kind != 0 {
+		n += 1 + sovType(uint64(m.Kind))
+	}
+	if m.Cardinality != 0 {
+		n += 1 + sovType(uint64(m.Cardinality))
+	}
+	if m.Number != 0 {
+		n += 1 + sovType(uint64(m.Number))
+	}
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovType(uint64(l))
+	}
+	l = len(m.TypeUrl)
+	if l > 0 {
+		n += 1 + l + sovType(uint64(l))
+	}
+	if m.OneofIndex != 0 {
+		n += 1 + sovType(uint64(m.OneofIndex))
+	}
+	if m.Packed {
+		n += 2
+	}
+	if len(m.Options) > 0 {
+		for _, e := range m.Options {
+			l = e.Size()
+			n += 1 + l + sovType(uint64(l))
+		}
+	}
+	l = len(m.JsonName)
+	if l > 0 {
+		n += 1 + l + sovType(uint64(l))
+	}
+	l = len(m.DefaultValue)
+	if l > 0 {
+		n += 1 + l + sovType(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *Enum) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovType(uint64(l))
+	}
+	if len(m.Enumvalue) > 0 {
+		for _, e := range m.Enumvalue {
+			l = e.Size()
+			n += 1 + l + sovType(uint64(l))
+		}
+	}
+	if len(m.Options) > 0 {
+		for _, e := range m.Options {
+			l = e.Size()
+			n += 1 + l + sovType(uint64(l))
+		}
+	}
+	if m.SourceContext != nil {
+		l = m.SourceContext.Size()
+		n += 1 + l + sovType(uint64(l))
+	}
+	if m.Syntax != 0 {
+		n += 1 + sovType(uint64(m.Syntax))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *EnumValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovType(uint64(l))
+	}
+	if m.Number != 0 {
+		n += 1 + sovType(uint64(m.Number))
+	}
+	if len(m.Options) > 0 {
+		for _, e := range m.Options {
+			l = e.Size()
+			n += 1 + l + sovType(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *Option) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovType(uint64(l))
+	}
+	if m.Value != nil {
+		l = m.Value.Size()
+		n += 1 + l + sovType(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func sovType(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozType(x uint64) (n int) {
+	return sovType(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *Type) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForFields := "[]*Field{"
+	for _, f := range this.Fields {
+		repeatedStringForFields += strings.Replace(f.String(), "Field", "Field", 1) + ","
+	}
+	repeatedStringForFields += "}"
+	repeatedStringForOptions := "[]*Option{"
+	for _, f := range this.Options {
+		repeatedStringForOptions += strings.Replace(f.String(), "Option", "Option", 1) + ","
+	}
+	repeatedStringForOptions += "}"
+	s := strings.Join([]string{`&Type{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Fields:` + repeatedStringForFields + `,`,
+		`Oneofs:` + fmt.Sprintf("%v", this.Oneofs) + `,`,
+		`Options:` + repeatedStringForOptions + `,`,
+		`SourceContext:` + strings.Replace(fmt.Sprintf("%v", this.SourceContext), "SourceContext", "SourceContext", 1) + `,`,
+		`Syntax:` + fmt.Sprintf("%v", this.Syntax) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Field) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForOptions := "[]*Option{"
+	for _, f := range this.Options {
+		repeatedStringForOptions += strings.Replace(f.String(), "Option", "Option", 1) + ","
+	}
+	repeatedStringForOptions += "}"
+	s := strings.Join([]string{`&Field{`,
+		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
+		`Cardinality:` + fmt.Sprintf("%v", this.Cardinality) + `,`,
+		`Number:` + fmt.Sprintf("%v", this.Number) + `,`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`TypeUrl:` + fmt.Sprintf("%v", this.TypeUrl) + `,`,
+		`OneofIndex:` + fmt.Sprintf("%v", this.OneofIndex) + `,`,
+		`Packed:` + fmt.Sprintf("%v", this.Packed) + `,`,
+		`Options:` + repeatedStringForOptions + `,`,
+		`JsonName:` + fmt.Sprintf("%v", this.JsonName) + `,`,
+		`DefaultValue:` + fmt.Sprintf("%v", this.DefaultValue) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Enum) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForEnumvalue := "[]*EnumValue{"
+	for _, f := range this.Enumvalue {
+		repeatedStringForEnumvalue += strings.Replace(f.String(), "EnumValue", "EnumValue", 1) + ","
+	}
+	repeatedStringForEnumvalue += "}"
+	repeatedStringForOptions := "[]*Option{"
+	for _, f := range this.Options {
+		repeatedStringForOptions += strings.Replace(f.String(), "Option", "Option", 1) + ","
+	}
+	repeatedStringForOptions += "}"
+	s := strings.Join([]string{`&Enum{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Enumvalue:` + repeatedStringForEnumvalue + `,`,
+		`Options:` + repeatedStringForOptions + `,`,
+		`SourceContext:` + strings.Replace(fmt.Sprintf("%v", this.SourceContext), "SourceContext", "SourceContext", 1) + `,`,
+		`Syntax:` + fmt.Sprintf("%v", this.Syntax) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *EnumValue) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForOptions := "[]*Option{"
+	for _, f := range this.Options {
+		repeatedStringForOptions += strings.Replace(f.String(), "Option", "Option", 1) + ","
+	}
+	repeatedStringForOptions += "}"
+	s := strings.Join([]string{`&EnumValue{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Number:` + fmt.Sprintf("%v", this.Number) + `,`,
+		`Options:` + repeatedStringForOptions + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Option) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Option{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Value:` + strings.Replace(fmt.Sprintf("%v", this.Value), "Any", "Any", 1) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringType(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *Type) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowType
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Type: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Type: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Fields", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Fields = append(m.Fields, &Field{})
+			if err := m.Fields[len(m.Fields)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Oneofs", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Oneofs = append(m.Oneofs, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Options = append(m.Options, &Option{})
+			if err := m.Options[len(m.Options)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SourceContext", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.SourceContext == nil {
+				m.SourceContext = &SourceContext{}
+			}
+			if err := m.SourceContext.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Syntax", wireType)
+			}
+			m.Syntax = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Syntax |= Syntax(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipType(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthType
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Field) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowType
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Field: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Field: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType)
+			}
+			m.Kind = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Kind |= Field_Kind(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Cardinality", wireType)
+			}
+			m.Cardinality = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Cardinality |= Field_Cardinality(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Number", wireType)
+			}
+			m.Number = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Number |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TypeUrl", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.TypeUrl = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OneofIndex", wireType)
+			}
+			m.OneofIndex = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.OneofIndex |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Packed", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Packed = bool(v != 0)
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Options = append(m.Options, &Option{})
+			if err := m.Options[len(m.Options)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field JsonName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.JsonName = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field DefaultValue", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.DefaultValue = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipType(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthType
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Enum) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowType
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Enum: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Enum: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Enumvalue", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Enumvalue = append(m.Enumvalue, &EnumValue{})
+			if err := m.Enumvalue[len(m.Enumvalue)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Options = append(m.Options, &Option{})
+			if err := m.Options[len(m.Options)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SourceContext", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.SourceContext == nil {
+				m.SourceContext = &SourceContext{}
+			}
+			if err := m.SourceContext.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Syntax", wireType)
+			}
+			m.Syntax = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Syntax |= Syntax(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipType(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthType
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *EnumValue) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowType
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: EnumValue: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: EnumValue: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Number", wireType)
+			}
+			m.Number = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Number |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Options = append(m.Options, &Option{})
+			if err := m.Options[len(m.Options)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipType(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthType
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Option) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowType
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Option: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Option: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthType
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthType
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Value == nil {
+				m.Value = &Any{}
+			}
+			if err := m.Value.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipType(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthType
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipType(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	depth := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowType
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+		case 1:
+			iNdEx += 8
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowType
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if length < 0 {
+				return 0, ErrInvalidLengthType
+			}
+			iNdEx += length
+		case 3:
+			depth++
+		case 4:
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupType
+			}
+			depth--
+		case 5:
+			iNdEx += 4
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthType
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
+	}
+	return 0, io.ErrUnexpectedEOF
+}
+
+var (
+	ErrInvalidLengthType        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowType          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupType = fmt.Errorf("proto: unexpected end of group")
+)
diff --git a/vendor/github.com/gogo/protobuf/types/wrappers.pb.go b/vendor/github.com/gogo/protobuf/types/wrappers.pb.go
index 18b384ea35256..8d415420a74d8 100644
--- a/vendor/github.com/gogo/protobuf/types/wrappers.pb.go
+++ b/vendor/github.com/gogo/protobuf/types/wrappers.pb.go
@@ -1,37 +1,19 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: wrappers.proto
-
-/*
-Package types is a generated protocol buffer package.
-
-It is generated from these files:
-	wrappers.proto
-
-It has these top-level messages:
-	DoubleValue
-	FloatValue
-	Int64Value
-	UInt64Value
-	Int32Value
-	UInt32Value
-	BoolValue
-	StringValue
-	BytesValue
-*/
-package types
-
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import bytes "bytes"
-
-import strings "strings"
-import reflect "reflect"
+// source: google/protobuf/wrappers.proto
 
-import binary "encoding/binary"
+package types
 
-import io "io"
+import (
+	bytes "bytes"
+	encoding_binary "encoding/binary"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -42,20 +24,51 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // Wrapper message for `double`.
 //
 // The JSON representation for `DoubleValue` is JSON number.
 type DoubleValue struct {
 	// The double value.
-	Value float64 `protobuf:"fixed64,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                float64  `protobuf:"fixed64,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DoubleValue) Reset()      { *m = DoubleValue{} }
+func (*DoubleValue) ProtoMessage() {}
+func (*DoubleValue) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{0}
+}
+func (*DoubleValue) XXX_WellKnownType() string { return "DoubleValue" }
+func (m *DoubleValue) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DoubleValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DoubleValue.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DoubleValue) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DoubleValue.Merge(m, src)
+}
+func (m *DoubleValue) XXX_Size() int {
+	return m.Size()
+}
+func (m *DoubleValue) XXX_DiscardUnknown() {
+	xxx_messageInfo_DoubleValue.DiscardUnknown(m)
 }
 
-func (m *DoubleValue) Reset()                    { *m = DoubleValue{} }
-func (*DoubleValue) ProtoMessage()               {}
-func (*DoubleValue) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{0} }
-func (*DoubleValue) XXX_WellKnownType() string   { return "DoubleValue" }
+var xxx_messageInfo_DoubleValue proto.InternalMessageInfo
 
 func (m *DoubleValue) GetValue() float64 {
 	if m != nil {
@@ -64,18 +77,53 @@ func (m *DoubleValue) GetValue() float64 {
 	return 0
 }
 
+func (*DoubleValue) XXX_MessageName() string {
+	return "google.protobuf.DoubleValue"
+}
+
 // Wrapper message for `float`.
 //
 // The JSON representation for `FloatValue` is JSON number.
 type FloatValue struct {
 	// The float value.
-	Value float32 `protobuf:"fixed32,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                float32  `protobuf:"fixed32,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *FloatValue) Reset()      { *m = FloatValue{} }
+func (*FloatValue) ProtoMessage() {}
+func (*FloatValue) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{1}
+}
+func (*FloatValue) XXX_WellKnownType() string { return "FloatValue" }
+func (m *FloatValue) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FloatValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_FloatValue.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *FloatValue) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FloatValue.Merge(m, src)
+}
+func (m *FloatValue) XXX_Size() int {
+	return m.Size()
+}
+func (m *FloatValue) XXX_DiscardUnknown() {
+	xxx_messageInfo_FloatValue.DiscardUnknown(m)
 }
 
-func (m *FloatValue) Reset()                    { *m = FloatValue{} }
-func (*FloatValue) ProtoMessage()               {}
-func (*FloatValue) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{1} }
-func (*FloatValue) XXX_WellKnownType() string   { return "FloatValue" }
+var xxx_messageInfo_FloatValue proto.InternalMessageInfo
 
 func (m *FloatValue) GetValue() float32 {
 	if m != nil {
@@ -84,18 +132,53 @@ func (m *FloatValue) GetValue() float32 {
 	return 0
 }
 
+func (*FloatValue) XXX_MessageName() string {
+	return "google.protobuf.FloatValue"
+}
+
 // Wrapper message for `int64`.
 //
 // The JSON representation for `Int64Value` is JSON string.
 type Int64Value struct {
 	// The int64 value.
-	Value int64 `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                int64    `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Int64Value) Reset()      { *m = Int64Value{} }
+func (*Int64Value) ProtoMessage() {}
+func (*Int64Value) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{2}
+}
+func (*Int64Value) XXX_WellKnownType() string { return "Int64Value" }
+func (m *Int64Value) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Int64Value) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Int64Value.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Int64Value) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Int64Value.Merge(m, src)
+}
+func (m *Int64Value) XXX_Size() int {
+	return m.Size()
+}
+func (m *Int64Value) XXX_DiscardUnknown() {
+	xxx_messageInfo_Int64Value.DiscardUnknown(m)
 }
 
-func (m *Int64Value) Reset()                    { *m = Int64Value{} }
-func (*Int64Value) ProtoMessage()               {}
-func (*Int64Value) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{2} }
-func (*Int64Value) XXX_WellKnownType() string   { return "Int64Value" }
+var xxx_messageInfo_Int64Value proto.InternalMessageInfo
 
 func (m *Int64Value) GetValue() int64 {
 	if m != nil {
@@ -104,18 +187,53 @@ func (m *Int64Value) GetValue() int64 {
 	return 0
 }
 
+func (*Int64Value) XXX_MessageName() string {
+	return "google.protobuf.Int64Value"
+}
+
 // Wrapper message for `uint64`.
 //
 // The JSON representation for `UInt64Value` is JSON string.
 type UInt64Value struct {
 	// The uint64 value.
-	Value uint64 `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                uint64   `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UInt64Value) Reset()      { *m = UInt64Value{} }
+func (*UInt64Value) ProtoMessage() {}
+func (*UInt64Value) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{3}
+}
+func (*UInt64Value) XXX_WellKnownType() string { return "UInt64Value" }
+func (m *UInt64Value) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UInt64Value) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UInt64Value.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UInt64Value) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UInt64Value.Merge(m, src)
+}
+func (m *UInt64Value) XXX_Size() int {
+	return m.Size()
+}
+func (m *UInt64Value) XXX_DiscardUnknown() {
+	xxx_messageInfo_UInt64Value.DiscardUnknown(m)
 }
 
-func (m *UInt64Value) Reset()                    { *m = UInt64Value{} }
-func (*UInt64Value) ProtoMessage()               {}
-func (*UInt64Value) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{3} }
-func (*UInt64Value) XXX_WellKnownType() string   { return "UInt64Value" }
+var xxx_messageInfo_UInt64Value proto.InternalMessageInfo
 
 func (m *UInt64Value) GetValue() uint64 {
 	if m != nil {
@@ -124,18 +242,53 @@ func (m *UInt64Value) GetValue() uint64 {
 	return 0
 }
 
+func (*UInt64Value) XXX_MessageName() string {
+	return "google.protobuf.UInt64Value"
+}
+
 // Wrapper message for `int32`.
 //
 // The JSON representation for `Int32Value` is JSON number.
 type Int32Value struct {
 	// The int32 value.
-	Value int32 `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                int32    `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Int32Value) Reset()      { *m = Int32Value{} }
+func (*Int32Value) ProtoMessage() {}
+func (*Int32Value) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{4}
+}
+func (*Int32Value) XXX_WellKnownType() string { return "Int32Value" }
+func (m *Int32Value) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Int32Value) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Int32Value.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Int32Value) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Int32Value.Merge(m, src)
+}
+func (m *Int32Value) XXX_Size() int {
+	return m.Size()
+}
+func (m *Int32Value) XXX_DiscardUnknown() {
+	xxx_messageInfo_Int32Value.DiscardUnknown(m)
 }
 
-func (m *Int32Value) Reset()                    { *m = Int32Value{} }
-func (*Int32Value) ProtoMessage()               {}
-func (*Int32Value) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{4} }
-func (*Int32Value) XXX_WellKnownType() string   { return "Int32Value" }
+var xxx_messageInfo_Int32Value proto.InternalMessageInfo
 
 func (m *Int32Value) GetValue() int32 {
 	if m != nil {
@@ -144,18 +297,53 @@ func (m *Int32Value) GetValue() int32 {
 	return 0
 }
 
+func (*Int32Value) XXX_MessageName() string {
+	return "google.protobuf.Int32Value"
+}
+
 // Wrapper message for `uint32`.
 //
 // The JSON representation for `UInt32Value` is JSON number.
 type UInt32Value struct {
 	// The uint32 value.
-	Value uint32 `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                uint32   `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UInt32Value) Reset()      { *m = UInt32Value{} }
+func (*UInt32Value) ProtoMessage() {}
+func (*UInt32Value) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{5}
+}
+func (*UInt32Value) XXX_WellKnownType() string { return "UInt32Value" }
+func (m *UInt32Value) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UInt32Value) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UInt32Value.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UInt32Value) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UInt32Value.Merge(m, src)
+}
+func (m *UInt32Value) XXX_Size() int {
+	return m.Size()
+}
+func (m *UInt32Value) XXX_DiscardUnknown() {
+	xxx_messageInfo_UInt32Value.DiscardUnknown(m)
 }
 
-func (m *UInt32Value) Reset()                    { *m = UInt32Value{} }
-func (*UInt32Value) ProtoMessage()               {}
-func (*UInt32Value) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{5} }
-func (*UInt32Value) XXX_WellKnownType() string   { return "UInt32Value" }
+var xxx_messageInfo_UInt32Value proto.InternalMessageInfo
 
 func (m *UInt32Value) GetValue() uint32 {
 	if m != nil {
@@ -164,18 +352,53 @@ func (m *UInt32Value) GetValue() uint32 {
 	return 0
 }
 
+func (*UInt32Value) XXX_MessageName() string {
+	return "google.protobuf.UInt32Value"
+}
+
 // Wrapper message for `bool`.
 //
 // The JSON representation for `BoolValue` is JSON `true` and `false`.
 type BoolValue struct {
 	// The bool value.
-	Value bool `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                bool     `protobuf:"varint,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *BoolValue) Reset()      { *m = BoolValue{} }
+func (*BoolValue) ProtoMessage() {}
+func (*BoolValue) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{6}
+}
+func (*BoolValue) XXX_WellKnownType() string { return "BoolValue" }
+func (m *BoolValue) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BoolValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BoolValue.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BoolValue) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BoolValue.Merge(m, src)
+}
+func (m *BoolValue) XXX_Size() int {
+	return m.Size()
+}
+func (m *BoolValue) XXX_DiscardUnknown() {
+	xxx_messageInfo_BoolValue.DiscardUnknown(m)
 }
 
-func (m *BoolValue) Reset()                    { *m = BoolValue{} }
-func (*BoolValue) ProtoMessage()               {}
-func (*BoolValue) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{6} }
-func (*BoolValue) XXX_WellKnownType() string   { return "BoolValue" }
+var xxx_messageInfo_BoolValue proto.InternalMessageInfo
 
 func (m *BoolValue) GetValue() bool {
 	if m != nil {
@@ -184,18 +407,53 @@ func (m *BoolValue) GetValue() bool {
 	return false
 }
 
+func (*BoolValue) XXX_MessageName() string {
+	return "google.protobuf.BoolValue"
+}
+
 // Wrapper message for `string`.
 //
 // The JSON representation for `StringValue` is JSON string.
 type StringValue struct {
 	// The string value.
-	Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                string   `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StringValue) Reset()      { *m = StringValue{} }
+func (*StringValue) ProtoMessage() {}
+func (*StringValue) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{7}
+}
+func (*StringValue) XXX_WellKnownType() string { return "StringValue" }
+func (m *StringValue) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StringValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StringValue.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StringValue) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StringValue.Merge(m, src)
+}
+func (m *StringValue) XXX_Size() int {
+	return m.Size()
+}
+func (m *StringValue) XXX_DiscardUnknown() {
+	xxx_messageInfo_StringValue.DiscardUnknown(m)
 }
 
-func (m *StringValue) Reset()                    { *m = StringValue{} }
-func (*StringValue) ProtoMessage()               {}
-func (*StringValue) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{7} }
-func (*StringValue) XXX_WellKnownType() string   { return "StringValue" }
+var xxx_messageInfo_StringValue proto.InternalMessageInfo
 
 func (m *StringValue) GetValue() string {
 	if m != nil {
@@ -204,18 +462,53 @@ func (m *StringValue) GetValue() string {
 	return ""
 }
 
+func (*StringValue) XXX_MessageName() string {
+	return "google.protobuf.StringValue"
+}
+
 // Wrapper message for `bytes`.
 //
 // The JSON representation for `BytesValue` is JSON string.
 type BytesValue struct {
 	// The bytes value.
-	Value []byte `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
+	Value                []byte   `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *BytesValue) Reset()      { *m = BytesValue{} }
+func (*BytesValue) ProtoMessage() {}
+func (*BytesValue) Descriptor() ([]byte, []int) {
+	return fileDescriptor_5377b62bda767935, []int{8}
+}
+func (*BytesValue) XXX_WellKnownType() string { return "BytesValue" }
+func (m *BytesValue) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BytesValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BytesValue.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BytesValue) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BytesValue.Merge(m, src)
+}
+func (m *BytesValue) XXX_Size() int {
+	return m.Size()
+}
+func (m *BytesValue) XXX_DiscardUnknown() {
+	xxx_messageInfo_BytesValue.DiscardUnknown(m)
 }
 
-func (m *BytesValue) Reset()                    { *m = BytesValue{} }
-func (*BytesValue) ProtoMessage()               {}
-func (*BytesValue) Descriptor() ([]byte, []int) { return fileDescriptorWrappers, []int{8} }
-func (*BytesValue) XXX_WellKnownType() string   { return "BytesValue" }
+var xxx_messageInfo_BytesValue proto.InternalMessageInfo
 
 func (m *BytesValue) GetValue() []byte {
 	if m != nil {
@@ -224,6 +517,9 @@ func (m *BytesValue) GetValue() []byte {
 	return nil
 }
 
+func (*BytesValue) XXX_MessageName() string {
+	return "google.protobuf.BytesValue"
+}
 func init() {
 	proto.RegisterType((*DoubleValue)(nil), "google.protobuf.DoubleValue")
 	proto.RegisterType((*FloatValue)(nil), "google.protobuf.FloatValue")
@@ -235,6 +531,31 @@ func init() {
 	proto.RegisterType((*StringValue)(nil), "google.protobuf.StringValue")
 	proto.RegisterType((*BytesValue)(nil), "google.protobuf.BytesValue")
 }
+
+func init() { proto.RegisterFile("google/protobuf/wrappers.proto", fileDescriptor_5377b62bda767935) }
+
+var fileDescriptor_5377b62bda767935 = []byte{
+	// 285 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4b, 0xcf, 0xcf, 0x4f,
+	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0x2f, 0x4a, 0x2c,
+	0x28, 0x48, 0x2d, 0x2a, 0xd6, 0x03, 0x8b, 0x08, 0xf1, 0x43, 0xe4, 0xf5, 0x60, 0xf2, 0x4a, 0xca,
+	0x5c, 0xdc, 0x2e, 0xf9, 0xa5, 0x49, 0x39, 0xa9, 0x61, 0x89, 0x39, 0xa5, 0xa9, 0x42, 0x22, 0x5c,
+	0xac, 0x65, 0x20, 0x86, 0x04, 0xa3, 0x02, 0xa3, 0x06, 0x63, 0x10, 0x84, 0xa3, 0xa4, 0xc4, 0xc5,
+	0xe5, 0x96, 0x93, 0x9f, 0x58, 0x82, 0x45, 0x0d, 0x13, 0x92, 0x1a, 0xcf, 0xbc, 0x12, 0x33, 0x13,
+	0x2c, 0x6a, 0x98, 0x61, 0x6a, 0x94, 0xb9, 0xb8, 0x43, 0x71, 0x29, 0x62, 0x41, 0x35, 0xc8, 0xd8,
+	0x08, 0x8b, 0x1a, 0x56, 0x34, 0x83, 0xb0, 0x2a, 0xe2, 0x85, 0x29, 0x52, 0xe4, 0xe2, 0x74, 0xca,
+	0xcf, 0xcf, 0xc1, 0xa2, 0x84, 0x03, 0xc9, 0x9c, 0xe0, 0x92, 0xa2, 0xcc, 0xbc, 0x74, 0x2c, 0x8a,
+	0x38, 0x91, 0x1c, 0xe4, 0x54, 0x59, 0x92, 0x5a, 0x8c, 0x45, 0x0d, 0x0f, 0x54, 0x8d, 0x53, 0x3b,
+	0xe3, 0x8d, 0x87, 0x72, 0x0c, 0x1f, 0x1e, 0xca, 0x31, 0xfe, 0x78, 0x28, 0xc7, 0xd8, 0xf0, 0x48,
+	0x8e, 0x71, 0xc5, 0x23, 0x39, 0xc6, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0,
+	0x48, 0x8e, 0xf1, 0xc5, 0x23, 0x39, 0x86, 0x0f, 0x20, 0xf1, 0xc7, 0x72, 0x8c, 0x27, 0x1e, 0xcb,
+	0x31, 0x72, 0x09, 0x27, 0xe7, 0xe7, 0xea, 0xa1, 0x45, 0x87, 0x13, 0x6f, 0x38, 0x34, 0xbe, 0x02,
+	0x40, 0x22, 0x01, 0x8c, 0x51, 0xac, 0x25, 0x95, 0x05, 0xa9, 0xc5, 0x3f, 0x18, 0x19, 0x17, 0x31,
+	0x31, 0xbb, 0x07, 0x38, 0xad, 0x62, 0x92, 0x73, 0x87, 0x68, 0x09, 0x80, 0x6a, 0xd1, 0x0b, 0x4f,
+	0xcd, 0xc9, 0xf1, 0xce, 0xcb, 0x2f, 0xcf, 0x0b, 0x01, 0xa9, 0x4c, 0x62, 0x03, 0x9b, 0x65, 0x0c,
+	0x08, 0x00, 0x00, 0xff, 0xff, 0x31, 0x55, 0x64, 0x90, 0x0a, 0x02, 0x00, 0x00,
+}
+
 func (this *DoubleValue) Compare(that interface{}) int {
 	if that == nil {
 		if this == nil {
@@ -266,6 +587,9 @@ func (this *DoubleValue) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *FloatValue) Compare(that interface{}) int {
@@ -299,6 +623,9 @@ func (this *FloatValue) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Int64Value) Compare(that interface{}) int {
@@ -332,6 +659,9 @@ func (this *Int64Value) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *UInt64Value) Compare(that interface{}) int {
@@ -365,6 +695,9 @@ func (this *UInt64Value) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *Int32Value) Compare(that interface{}) int {
@@ -398,6 +731,9 @@ func (this *Int32Value) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *UInt32Value) Compare(that interface{}) int {
@@ -431,6 +767,9 @@ func (this *UInt32Value) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *BoolValue) Compare(that interface{}) int {
@@ -464,6 +803,9 @@ func (this *BoolValue) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *StringValue) Compare(that interface{}) int {
@@ -497,6 +839,9 @@ func (this *StringValue) Compare(that interface{}) int {
 		}
 		return 1
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *BytesValue) Compare(that interface{}) int {
@@ -527,6 +872,9 @@ func (this *BytesValue) Compare(that interface{}) int {
 	if c := bytes.Compare(this.Value, that1.Value); c != 0 {
 		return c
 	}
+	if c := bytes.Compare(this.XXX_unrecognized, that1.XXX_unrecognized); c != 0 {
+		return c
+	}
 	return 0
 }
 func (this *DoubleValue) Equal(that interface{}) bool {
@@ -551,6 +899,9 @@ func (this *DoubleValue) Equal(that interface{}) bool {
 	if this.Value != that1.Value {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *FloatValue) Equal(that interface{}) bool {
@@ -575,6 +926,9 @@ func (this *FloatValue) Equal(that interface{}) bool {
 	if this.Value != that1.Value {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Int64Value) Equal(that interface{}) bool {
@@ -599,6 +953,9 @@ func (this *Int64Value) Equal(that interface{}) bool {
 	if this.Value != that1.Value {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *UInt64Value) Equal(that interface{}) bool {
@@ -623,6 +980,9 @@ func (this *UInt64Value) Equal(that interface{}) bool {
 	if this.Value != that1.Value {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *Int32Value) Equal(that interface{}) bool {
@@ -647,6 +1007,9 @@ func (this *Int32Value) Equal(that interface{}) bool {
 	if this.Value != that1.Value {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *UInt32Value) Equal(that interface{}) bool {
@@ -671,6 +1034,9 @@ func (this *UInt32Value) Equal(that interface{}) bool {
 	if this.Value != that1.Value {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *BoolValue) Equal(that interface{}) bool {
@@ -695,6 +1061,9 @@ func (this *BoolValue) Equal(that interface{}) bool {
 	if this.Value != that1.Value {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *StringValue) Equal(that interface{}) bool {
@@ -719,6 +1088,9 @@ func (this *StringValue) Equal(that interface{}) bool {
 	if this.Value != that1.Value {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *BytesValue) Equal(that interface{}) bool {
@@ -743,6 +1115,9 @@ func (this *BytesValue) Equal(that interface{}) bool {
 	if !bytes.Equal(this.Value, that1.Value) {
 		return false
 	}
+	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
+		return false
+	}
 	return true
 }
 func (this *DoubleValue) GoString() string {
@@ -752,6 +1127,9 @@ func (this *DoubleValue) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.DoubleValue{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -762,6 +1140,9 @@ func (this *FloatValue) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.FloatValue{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -772,6 +1153,9 @@ func (this *Int64Value) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.Int64Value{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -782,6 +1166,9 @@ func (this *UInt64Value) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.UInt64Value{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -792,6 +1179,9 @@ func (this *Int32Value) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.Int32Value{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -802,6 +1192,9 @@ func (this *UInt32Value) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.UInt32Value{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -812,6 +1205,9 @@ func (this *BoolValue) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.BoolValue{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -822,6 +1218,9 @@ func (this *StringValue) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.StringValue{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -832,6 +1231,9 @@ func (this *BytesValue) GoString() string {
 	s := make([]string, 0, 5)
 	s = append(s, "&types.BytesValue{")
 	s = append(s, "Value: "+fmt.Sprintf("%#v", this.Value)+",\n")
+	if this.XXX_unrecognized != nil {
+		s = append(s, "XXX_unrecognized:"+fmt.Sprintf("%#v", this.XXX_unrecognized)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -846,7 +1248,7 @@ func valueToGoStringWrappers(v interface{}, typ string) string {
 func (m *DoubleValue) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -854,23 +1256,32 @@ func (m *DoubleValue) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DoubleValue) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DoubleValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Value != 0 {
+		i -= 8
+		encoding_binary.LittleEndian.PutUint64(dAtA[i:], uint64(math.Float64bits(float64(m.Value))))
+		i--
 		dAtA[i] = 0x9
-		i++
-		binary.LittleEndian.PutUint64(dAtA[i:], uint64(math.Float64bits(float64(m.Value))))
-		i += 8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *FloatValue) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -878,23 +1289,32 @@ func (m *FloatValue) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *FloatValue) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FloatValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Value != 0 {
+		i -= 4
+		encoding_binary.LittleEndian.PutUint32(dAtA[i:], uint32(math.Float32bits(float32(m.Value))))
+		i--
 		dAtA[i] = 0xd
-		i++
-		binary.LittleEndian.PutUint32(dAtA[i:], uint32(math.Float32bits(float32(m.Value))))
-		i += 4
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Int64Value) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -902,22 +1322,31 @@ func (m *Int64Value) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Int64Value) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Int64Value) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Value != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintWrappers(dAtA, i, uint64(m.Value))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UInt64Value) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -925,22 +1354,31 @@ func (m *UInt64Value) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UInt64Value) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UInt64Value) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Value != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintWrappers(dAtA, i, uint64(m.Value))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Int32Value) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -948,22 +1386,31 @@ func (m *Int32Value) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Int32Value) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Int32Value) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Value != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintWrappers(dAtA, i, uint64(m.Value))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UInt32Value) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -971,22 +1418,31 @@ func (m *UInt32Value) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UInt32Value) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UInt32Value) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Value != 0 {
-		dAtA[i] = 0x8
-		i++
 		i = encodeVarintWrappers(dAtA, i, uint64(m.Value))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *BoolValue) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -994,27 +1450,36 @@ func (m *BoolValue) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *BoolValue) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BoolValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if m.Value {
-		dAtA[i] = 0x8
-		i++
+		i--
 		if m.Value {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StringValue) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1022,23 +1487,33 @@ func (m *StringValue) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StringValue) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StringValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Value) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Value)
+		copy(dAtA[i:], m.Value)
 		i = encodeVarintWrappers(dAtA, i, uint64(len(m.Value)))
-		i += copy(dAtA[i:], m.Value)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *BytesValue) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1046,27 +1521,39 @@ func (m *BytesValue) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *BytesValue) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BytesValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Value) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Value)
+		copy(dAtA[i:], m.Value)
 		i = encodeVarintWrappers(dAtA, i, uint64(len(m.Value)))
-		i += copy(dAtA[i:], m.Value)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintWrappers(dAtA []byte, offset int, v uint64) int {
+	offset -= sovWrappers(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func NewPopulatedDoubleValue(r randyWrappers, easy bool) *DoubleValue {
 	this := &DoubleValue{}
@@ -1075,6 +1562,7 @@ func NewPopulatedDoubleValue(r randyWrappers, easy bool) *DoubleValue {
 		this.Value *= -1
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1086,6 +1574,7 @@ func NewPopulatedFloatValue(r randyWrappers, easy bool) *FloatValue {
 		this.Value *= -1
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1097,6 +1586,7 @@ func NewPopulatedInt64Value(r randyWrappers, easy bool) *Int64Value {
 		this.Value *= -1
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1105,6 +1595,7 @@ func NewPopulatedUInt64Value(r randyWrappers, easy bool) *UInt64Value {
 	this := &UInt64Value{}
 	this.Value = uint64(uint64(r.Uint32()))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1116,6 +1607,7 @@ func NewPopulatedInt32Value(r randyWrappers, easy bool) *Int32Value {
 		this.Value *= -1
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1124,6 +1616,7 @@ func NewPopulatedUInt32Value(r randyWrappers, easy bool) *UInt32Value {
 	this := &UInt32Value{}
 	this.Value = uint32(r.Uint32())
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1132,6 +1625,7 @@ func NewPopulatedBoolValue(r randyWrappers, easy bool) *BoolValue {
 	this := &BoolValue{}
 	this.Value = bool(bool(r.Intn(2) == 0))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1140,6 +1634,7 @@ func NewPopulatedStringValue(r randyWrappers, easy bool) *StringValue {
 	this := &StringValue{}
 	this.Value = string(randStringWrappers(r))
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1152,6 +1647,7 @@ func NewPopulatedBytesValue(r randyWrappers, easy bool) *BytesValue {
 		this.Value[i] = byte(r.Intn(256))
 	}
 	if !easy && r.Intn(10) != 0 {
+		this.XXX_unrecognized = randUnrecognizedWrappers(r, 2)
 	}
 	return this
 }
@@ -1229,97 +1725,144 @@ func encodeVarintPopulateWrappers(dAtA []byte, v uint64) []byte {
 	return dAtA
 }
 func (m *DoubleValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Value != 0 {
 		n += 9
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *FloatValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Value != 0 {
 		n += 5
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Int64Value) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Value != 0 {
 		n += 1 + sovWrappers(uint64(m.Value))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UInt64Value) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Value != 0 {
 		n += 1 + sovWrappers(uint64(m.Value))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Int32Value) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Value != 0 {
 		n += 1 + sovWrappers(uint64(m.Value))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UInt32Value) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Value != 0 {
 		n += 1 + sovWrappers(uint64(m.Value))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *BoolValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Value {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StringValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Value)
 	if l > 0 {
 		n += 1 + l + sovWrappers(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *BytesValue) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Value)
 	if l > 0 {
 		n += 1 + l + sovWrappers(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovWrappers(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozWrappers(x uint64) (n int) {
 	return sovWrappers(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -1330,6 +1873,7 @@ func (this *DoubleValue) String() string {
 	}
 	s := strings.Join([]string{`&DoubleValue{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1340,6 +1884,7 @@ func (this *FloatValue) String() string {
 	}
 	s := strings.Join([]string{`&FloatValue{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1350,6 +1895,7 @@ func (this *Int64Value) String() string {
 	}
 	s := strings.Join([]string{`&Int64Value{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1360,6 +1906,7 @@ func (this *UInt64Value) String() string {
 	}
 	s := strings.Join([]string{`&UInt64Value{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1370,6 +1917,7 @@ func (this *Int32Value) String() string {
 	}
 	s := strings.Join([]string{`&Int32Value{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1380,6 +1928,7 @@ func (this *UInt32Value) String() string {
 	}
 	s := strings.Join([]string{`&UInt32Value{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1390,6 +1939,7 @@ func (this *BoolValue) String() string {
 	}
 	s := strings.Join([]string{`&BoolValue{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1400,6 +1950,7 @@ func (this *StringValue) String() string {
 	}
 	s := strings.Join([]string{`&StringValue{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1410,6 +1961,7 @@ func (this *BytesValue) String() string {
 	}
 	s := strings.Join([]string{`&BytesValue{`,
 		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1437,7 +1989,7 @@ func (m *DoubleValue) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1459,7 +2011,7 @@ func (m *DoubleValue) Unmarshal(dAtA []byte) error {
 			if (iNdEx + 8) > l {
 				return io.ErrUnexpectedEOF
 			}
-			v = uint64(binary.LittleEndian.Uint64(dAtA[iNdEx:]))
+			v = uint64(encoding_binary.LittleEndian.Uint64(dAtA[iNdEx:]))
 			iNdEx += 8
 			m.Value = float64(math.Float64frombits(v))
 		default:
@@ -1468,12 +2020,13 @@ func (m *DoubleValue) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1498,7 +2051,7 @@ func (m *FloatValue) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1520,7 +2073,7 @@ func (m *FloatValue) Unmarshal(dAtA []byte) error {
 			if (iNdEx + 4) > l {
 				return io.ErrUnexpectedEOF
 			}
-			v = uint32(binary.LittleEndian.Uint32(dAtA[iNdEx:]))
+			v = uint32(encoding_binary.LittleEndian.Uint32(dAtA[iNdEx:]))
 			iNdEx += 4
 			m.Value = float32(math.Float32frombits(v))
 		default:
@@ -1529,12 +2082,13 @@ func (m *FloatValue) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1559,7 +2113,7 @@ func (m *Int64Value) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1587,7 +2141,7 @@ func (m *Int64Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Value |= (int64(b) & 0x7F) << shift
+				m.Value |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1598,12 +2152,13 @@ func (m *Int64Value) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1628,7 +2183,7 @@ func (m *UInt64Value) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1656,7 +2211,7 @@ func (m *UInt64Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Value |= (uint64(b) & 0x7F) << shift
+				m.Value |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1667,12 +2222,13 @@ func (m *UInt64Value) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1697,7 +2253,7 @@ func (m *Int32Value) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1725,7 +2281,7 @@ func (m *Int32Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Value |= (int32(b) & 0x7F) << shift
+				m.Value |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1736,12 +2292,13 @@ func (m *Int32Value) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1766,7 +2323,7 @@ func (m *UInt32Value) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1794,7 +2351,7 @@ func (m *UInt32Value) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Value |= (uint32(b) & 0x7F) << shift
+				m.Value |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1805,12 +2362,13 @@ func (m *UInt32Value) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1835,7 +2393,7 @@ func (m *BoolValue) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1863,7 +2421,7 @@ func (m *BoolValue) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1875,12 +2433,13 @@ func (m *BoolValue) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1905,7 +2464,7 @@ func (m *StringValue) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1933,7 +2492,7 @@ func (m *StringValue) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1943,6 +2502,9 @@ func (m *StringValue) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWrappers
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWrappers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -1954,12 +2516,13 @@ func (m *StringValue) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -1984,7 +2547,7 @@ func (m *BytesValue) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2012,7 +2575,7 @@ func (m *BytesValue) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2021,6 +2584,9 @@ func (m *BytesValue) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWrappers
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWrappers
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2035,12 +2601,13 @@ func (m *BytesValue) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWrappers
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2053,6 +2620,7 @@ func (m *BytesValue) Unmarshal(dAtA []byte) error {
 func skipWrappers(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -2084,10 +2652,8 @@ func skipWrappers(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -2104,77 +2670,34 @@ func skipWrappers(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthWrappers
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowWrappers
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipWrappers(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupWrappers
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthWrappers
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthWrappers = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowWrappers   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthWrappers        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowWrappers          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupWrappers = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("wrappers.proto", fileDescriptorWrappers) }
-
-var fileDescriptorWrappers = []byte{
-	// 278 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2b, 0x2f, 0x4a, 0x2c,
-	0x28, 0x48, 0x2d, 0x2a, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x4f, 0xcf, 0xcf, 0x4f,
-	0xcf, 0x49, 0x85, 0xf0, 0x92, 0x4a, 0xd3, 0x94, 0x94, 0xb9, 0xb8, 0x5d, 0xf2, 0x4b, 0x93, 0x72,
-	0x52, 0xc3, 0x12, 0x73, 0x4a, 0x53, 0x85, 0x44, 0xb8, 0x58, 0xcb, 0x40, 0x0c, 0x09, 0x46, 0x05,
-	0x46, 0x0d, 0xc6, 0x20, 0x08, 0x47, 0x49, 0x89, 0x8b, 0xcb, 0x2d, 0x27, 0x3f, 0xb1, 0x04, 0x8b,
-	0x1a, 0x26, 0x24, 0x35, 0x9e, 0x79, 0x25, 0x66, 0x26, 0x58, 0xd4, 0x30, 0xc3, 0xd4, 0x28, 0x73,
-	0x71, 0x87, 0xe2, 0x52, 0xc4, 0x82, 0x6a, 0x90, 0xb1, 0x11, 0x16, 0x35, 0xac, 0x68, 0x06, 0x61,
-	0x55, 0xc4, 0x0b, 0x53, 0xa4, 0xc8, 0xc5, 0xe9, 0x94, 0x9f, 0x9f, 0x83, 0x45, 0x09, 0x07, 0x92,
-	0x39, 0xc1, 0x25, 0x45, 0x99, 0x79, 0xe9, 0x58, 0x14, 0x71, 0x22, 0x39, 0xc8, 0xa9, 0xb2, 0x24,
-	0xb5, 0x18, 0x8b, 0x1a, 0x1e, 0xa8, 0x1a, 0xa7, 0x76, 0xc6, 0x0b, 0x0f, 0xe5, 0x18, 0x6e, 0x3c,
-	0x94, 0x63, 0xf8, 0xf0, 0x50, 0x8e, 0xf1, 0xc7, 0x43, 0x39, 0xc6, 0x86, 0x47, 0x72, 0x8c, 0x2b,
-	0x1e, 0xc9, 0x31, 0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c, 0xe3, 0x83, 0x47, 0x72, 0x8c,
-	0x2f, 0x1e, 0xc9, 0x31, 0x7c, 0x00, 0x89, 0x3f, 0x96, 0x63, 0xe4, 0x12, 0x4e, 0xce, 0xcf, 0xd5,
-	0x43, 0x8b, 0x0e, 0x27, 0xde, 0x70, 0x68, 0x7c, 0x05, 0x80, 0x44, 0x02, 0x18, 0xa3, 0x58, 0x4b,
-	0x2a, 0x0b, 0x52, 0x8b, 0x7f, 0x30, 0x32, 0x2e, 0x62, 0x62, 0x76, 0x0f, 0x70, 0x5a, 0xc5, 0x24,
-	0xe7, 0x0e, 0xd1, 0x12, 0x00, 0xd5, 0xa2, 0x17, 0x9e, 0x9a, 0x93, 0xe3, 0x9d, 0x97, 0x5f, 0x9e,
-	0x17, 0x02, 0x52, 0x99, 0xc4, 0x06, 0x36, 0xcb, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0x23, 0x27,
-	0x6c, 0x5f, 0xfa, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/gogo/protobuf/types/wrappers_gogo.go b/vendor/github.com/gogo/protobuf/types/wrappers_gogo.go
new file mode 100644
index 0000000000000..d905df36055d0
--- /dev/null
+++ b/vendor/github.com/gogo/protobuf/types/wrappers_gogo.go
@@ -0,0 +1,300 @@
+// Protocol Buffers for Go with Gadgets
+//
+// Copyright (c) 2018, The GoGo Authors. All rights reserved.
+// http://github.com/gogo/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package types
+
+func NewPopulatedStdDouble(r randyWrappers, easy bool) *float64 {
+	v := NewPopulatedDoubleValue(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdDouble(v float64) int {
+	pv := &DoubleValue{Value: v}
+	return pv.Size()
+}
+
+func StdDoubleMarshal(v float64) ([]byte, error) {
+	size := SizeOfStdDouble(v)
+	buf := make([]byte, size)
+	_, err := StdDoubleMarshalTo(v, buf)
+	return buf, err
+}
+
+func StdDoubleMarshalTo(v float64, data []byte) (int, error) {
+	pv := &DoubleValue{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdDoubleUnmarshal(v *float64, data []byte) error {
+	pv := &DoubleValue{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
+func NewPopulatedStdFloat(r randyWrappers, easy bool) *float32 {
+	v := NewPopulatedFloatValue(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdFloat(v float32) int {
+	pv := &FloatValue{Value: v}
+	return pv.Size()
+}
+
+func StdFloatMarshal(v float32) ([]byte, error) {
+	size := SizeOfStdFloat(v)
+	buf := make([]byte, size)
+	_, err := StdFloatMarshalTo(v, buf)
+	return buf, err
+}
+
+func StdFloatMarshalTo(v float32, data []byte) (int, error) {
+	pv := &FloatValue{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdFloatUnmarshal(v *float32, data []byte) error {
+	pv := &FloatValue{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
+func NewPopulatedStdInt64(r randyWrappers, easy bool) *int64 {
+	v := NewPopulatedInt64Value(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdInt64(v int64) int {
+	pv := &Int64Value{Value: v}
+	return pv.Size()
+}
+
+func StdInt64Marshal(v int64) ([]byte, error) {
+	size := SizeOfStdInt64(v)
+	buf := make([]byte, size)
+	_, err := StdInt64MarshalTo(v, buf)
+	return buf, err
+}
+
+func StdInt64MarshalTo(v int64, data []byte) (int, error) {
+	pv := &Int64Value{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdInt64Unmarshal(v *int64, data []byte) error {
+	pv := &Int64Value{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
+func NewPopulatedStdUInt64(r randyWrappers, easy bool) *uint64 {
+	v := NewPopulatedUInt64Value(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdUInt64(v uint64) int {
+	pv := &UInt64Value{Value: v}
+	return pv.Size()
+}
+
+func StdUInt64Marshal(v uint64) ([]byte, error) {
+	size := SizeOfStdUInt64(v)
+	buf := make([]byte, size)
+	_, err := StdUInt64MarshalTo(v, buf)
+	return buf, err
+}
+
+func StdUInt64MarshalTo(v uint64, data []byte) (int, error) {
+	pv := &UInt64Value{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdUInt64Unmarshal(v *uint64, data []byte) error {
+	pv := &UInt64Value{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
+func NewPopulatedStdInt32(r randyWrappers, easy bool) *int32 {
+	v := NewPopulatedInt32Value(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdInt32(v int32) int {
+	pv := &Int32Value{Value: v}
+	return pv.Size()
+}
+
+func StdInt32Marshal(v int32) ([]byte, error) {
+	size := SizeOfStdInt32(v)
+	buf := make([]byte, size)
+	_, err := StdInt32MarshalTo(v, buf)
+	return buf, err
+}
+
+func StdInt32MarshalTo(v int32, data []byte) (int, error) {
+	pv := &Int32Value{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdInt32Unmarshal(v *int32, data []byte) error {
+	pv := &Int32Value{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
+func NewPopulatedStdUInt32(r randyWrappers, easy bool) *uint32 {
+	v := NewPopulatedUInt32Value(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdUInt32(v uint32) int {
+	pv := &UInt32Value{Value: v}
+	return pv.Size()
+}
+
+func StdUInt32Marshal(v uint32) ([]byte, error) {
+	size := SizeOfStdUInt32(v)
+	buf := make([]byte, size)
+	_, err := StdUInt32MarshalTo(v, buf)
+	return buf, err
+}
+
+func StdUInt32MarshalTo(v uint32, data []byte) (int, error) {
+	pv := &UInt32Value{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdUInt32Unmarshal(v *uint32, data []byte) error {
+	pv := &UInt32Value{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
+func NewPopulatedStdBool(r randyWrappers, easy bool) *bool {
+	v := NewPopulatedBoolValue(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdBool(v bool) int {
+	pv := &BoolValue{Value: v}
+	return pv.Size()
+}
+
+func StdBoolMarshal(v bool) ([]byte, error) {
+	size := SizeOfStdBool(v)
+	buf := make([]byte, size)
+	_, err := StdBoolMarshalTo(v, buf)
+	return buf, err
+}
+
+func StdBoolMarshalTo(v bool, data []byte) (int, error) {
+	pv := &BoolValue{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdBoolUnmarshal(v *bool, data []byte) error {
+	pv := &BoolValue{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
+func NewPopulatedStdString(r randyWrappers, easy bool) *string {
+	v := NewPopulatedStringValue(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdString(v string) int {
+	pv := &StringValue{Value: v}
+	return pv.Size()
+}
+
+func StdStringMarshal(v string) ([]byte, error) {
+	size := SizeOfStdString(v)
+	buf := make([]byte, size)
+	_, err := StdStringMarshalTo(v, buf)
+	return buf, err
+}
+
+func StdStringMarshalTo(v string, data []byte) (int, error) {
+	pv := &StringValue{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdStringUnmarshal(v *string, data []byte) error {
+	pv := &StringValue{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
+func NewPopulatedStdBytes(r randyWrappers, easy bool) *[]byte {
+	v := NewPopulatedBytesValue(r, easy)
+	return &v.Value
+}
+
+func SizeOfStdBytes(v []byte) int {
+	pv := &BytesValue{Value: v}
+	return pv.Size()
+}
+
+func StdBytesMarshal(v []byte) ([]byte, error) {
+	size := SizeOfStdBytes(v)
+	buf := make([]byte, size)
+	_, err := StdBytesMarshalTo(v, buf)
+	return buf, err
+}
+
+func StdBytesMarshalTo(v []byte, data []byte) (int, error) {
+	pv := &BytesValue{Value: v}
+	return pv.MarshalTo(data)
+}
+
+func StdBytesUnmarshal(v *[]byte, data []byte) error {
+	pv := &BytesValue{}
+	if err := pv.Unmarshal(data); err != nil {
+		return err
+	}
+	*v = pv.Value
+	return nil
+}
diff --git a/vendor/github.com/golang/gddo/README.markdown b/vendor/github.com/golang/gddo/README.markdown
index 7194f4c08c227..f1b019afd73e1 100644
--- a/vendor/github.com/golang/gddo/README.markdown
+++ b/vendor/github.com/golang/gddo/README.markdown
@@ -1,6 +1,6 @@
-This project is the source for http://godoc.org/
+This project is the source for https://godoc.org/
 
-[![GoDoc](https://godoc.org/github.com/golang/gddo?status.svg)](http://godoc.org/github.com/golang/gddo)
+[![GoDoc](https://godoc.org/github.com/golang/gddo?status.svg)](https://godoc.org/github.com/golang/gddo)
 [![Build
 Status](https://travis-ci.org/golang/gddo.svg?branch=master)](https://travis-ci.org/golang/gddo)
 
@@ -19,8 +19,6 @@ Contributions to this project are welcome, though please [file an
 issue](https://github.com/golang/gddo/issues/new). before starting work on
 anything major.
 
-**We do not accept GitHub pull requests**
-
 Please refer to the [Contribution
 Guidelines](https://golang.org/doc/contribute.html) on how to submit changes.
 
diff --git a/vendor/github.com/golang/groupcache/LICENSE b/vendor/github.com/golang/groupcache/LICENSE
new file mode 100644
index 0000000000000..37ec93a14fdcd
--- /dev/null
+++ b/vendor/github.com/golang/groupcache/LICENSE
@@ -0,0 +1,191 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, "control" means (i) the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+"Object" form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work (an example is provided in the Appendix below).
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work
+by the copyright owner or by an individual or Legal Entity authorized to submit
+on behalf of the copyright owner. For the purposes of this definition,
+"submitted" means any form of electronic, verbal, or written communication sent
+to the Licensor or its representatives, including but not limited to
+communication on electronic mailing lists, source code control systems, and
+issue tracking systems that are managed by, or on behalf of, the Licensor for
+the purpose of discussing and improving the Work, but excluding communication
+that is conspicuously marked or otherwise designated in writing by the copyright
+owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+2. Grant of Copyright License.
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.
+
+3. Grant of Patent License.
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable (except as stated in this section) patent license to make, have
+made, use, offer to sell, sell, import, and otherwise transfer the Work, where
+such license applies only to those patent claims licensable by such Contributor
+that are necessarily infringed by their Contribution(s) alone or by combination
+of their Contribution(s) with the Work to which such Contribution(s) was
+submitted. If You institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the Work or a
+Contribution incorporated within the Work constitutes direct or contributory
+patent infringement, then any patent licenses granted to You under this License
+for that Work shall terminate as of the date such litigation is filed.
+
+4. Redistribution.
+
+You may reproduce and distribute copies of the Work or Derivative Works thereof
+in any medium, with or without modifications, and in Source or Object form,
+provided that You meet the following conditions:
+
+You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+You must retain, in the Source form of any Derivative Works that You distribute,
+all copyright, patent, trademark, and attribution notices from the Source form
+of the Work, excluding those notices that do not pertain to any part of the
+Derivative Works; and
+If the Work includes a "NOTICE" text file as part of its distribution, then any
+Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the
+Derivative Works; within the Source form or documentation, if provided along
+with the Derivative Works; or, within a display generated by the Derivative
+Works, if and wherever such third-party notices normally appear. The contents of
+the NOTICE file are for informational purposes only and do not modify the
+License. You may add Your own attribution notices within Derivative Works that
+You distribute, alongside or as an addendum to the NOTICE text from the Work,
+provided that such additional attribution notices cannot be construed as
+modifying the License.
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+5. Submission of Contributions.
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted
+for inclusion in the Work by You to the Licensor shall be under the terms and
+conditions of this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify the terms of
+any separate license agreement you may have executed with Licensor regarding
+such Contributions.
+
+6. Trademarks.
+
+This License does not grant permission to use the trade names, trademarks,
+service marks, or product names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty.
+
+Unless required by applicable law or agreed to in writing, Licensor provides the
+Work (and each Contributor provides its Contributions) on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
+including, without limitation, any warranties or conditions of TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
+solely responsible for determining the appropriateness of using or
+redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.
+
+8. Limitation of Liability.
+
+In no event and under no legal theory, whether in tort (including negligence),
+contract, or otherwise, unless required by applicable law (such as deliberate
+and grossly negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special, incidental,
+or consequential damages of any character arising as a result of this License or
+out of the use or inability to use the Work (including but not limited to
+damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has
+been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability.
+
+While redistributing the Work or Derivative Works thereof, You may choose to
+offer, and charge a fee for, acceptance of support, warranty, indemnity, or
+other liability obligations and/or rights consistent with this License. However,
+in accepting such obligations, You may act only on Your own behalf and on Your
+sole responsibility, not on behalf of any other Contributor, and only if You
+agree to indemnify, defend, and hold each Contributor harmless for any liability
+incurred by, or claims asserted against, such Contributor by reason of your
+accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work
+
+To apply the Apache License to your work, attach the following boilerplate
+notice, with the fields enclosed by brackets "[]" replaced with your own
+identifying information. (Don't include the brackets!) The text should be
+enclosed in the appropriate comment syntax for the file format. We also
+recommend that a file or class name and description of purpose be included on
+the same "printed page" as the copyright notice for easier identification within
+third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/golang/groupcache/README.md b/vendor/github.com/golang/groupcache/README.md
new file mode 100644
index 0000000000000..70c29da16026f
--- /dev/null
+++ b/vendor/github.com/golang/groupcache/README.md
@@ -0,0 +1,73 @@
+# groupcache
+
+## Summary
+
+groupcache is a caching and cache-filling library, intended as a
+replacement for memcached in many cases.
+
+For API docs and examples, see http://godoc.org/github.com/golang/groupcache
+
+## Comparison to memcached
+
+### **Like memcached**, groupcache:
+
+ * shards by key to select which peer is responsible for that key
+
+### **Unlike memcached**, groupcache:
+
+ * does not require running a separate set of servers, thus massively
+   reducing deployment/configuration pain.  groupcache is a client
+   library as well as a server.  It connects to its own peers.
+
+ * comes with a cache filling mechanism.  Whereas memcached just says
+   "Sorry, cache miss", often resulting in a thundering herd of
+   database (or whatever) loads from an unbounded number of clients
+   (which has resulted in several fun outages), groupcache coordinates
+   cache fills such that only one load in one process of an entire
+   replicated set of processes populates the cache, then multiplexes
+   the loaded value to all callers.
+
+ * does not support versioned values.  If key "foo" is value "bar",
+   key "foo" must always be "bar".  There are neither cache expiration
+   times, nor explicit cache evictions.  Thus there is also no CAS,
+   nor Increment/Decrement.  This also means that groupcache....
+
+ * ... supports automatic mirroring of super-hot items to multiple
+   processes.  This prevents memcached hot spotting where a machine's
+   CPU and/or NIC are overloaded by very popular keys/values.
+
+ * is currently only available for Go.  It's very unlikely that I
+   (bradfitz@) will port the code to any other language.
+
+## Loading process
+
+In a nutshell, a groupcache lookup of **Get("foo")** looks like:
+
+(On machine #5 of a set of N machines running the same code)
+
+ 1. Is the value of "foo" in local memory because it's super hot?  If so, use it.
+
+ 2. Is the value of "foo" in local memory because peer #5 (the current
+    peer) is the owner of it?  If so, use it.
+
+ 3. Amongst all the peers in my set of N, am I the owner of the key
+    "foo"?  (e.g. does it consistent hash to 5?)  If so, load it.  If
+    other callers come in, via the same process or via RPC requests
+    from peers, they block waiting for the load to finish and get the
+    same answer.  If not, RPC to the peer that's the owner and get
+    the answer.  If the RPC fails, just load it locally (still with
+    local dup suppression).
+
+## Users
+
+groupcache is in production use by dl.google.com (its original user),
+parts of Blogger, parts of Google Code, parts of Google Fiber, parts
+of Google production monitoring systems, etc.
+
+## Presentations
+
+See http://talks.golang.org/2013/oscon-dl.slide
+
+## Help
+
+Use the golang-nuts mailing list for any discussion or questions.
diff --git a/vendor/github.com/golang/groupcache/lru/lru.go b/vendor/github.com/golang/groupcache/lru/lru.go
new file mode 100644
index 0000000000000..eac1c7664f995
--- /dev/null
+++ b/vendor/github.com/golang/groupcache/lru/lru.go
@@ -0,0 +1,133 @@
+/*
+Copyright 2013 Google Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package lru implements an LRU cache.
+package lru
+
+import "container/list"
+
+// Cache is an LRU cache. It is not safe for concurrent access.
+type Cache struct {
+	// MaxEntries is the maximum number of cache entries before
+	// an item is evicted. Zero means no limit.
+	MaxEntries int
+
+	// OnEvicted optionally specifies a callback function to be
+	// executed when an entry is purged from the cache.
+	OnEvicted func(key Key, value interface{})
+
+	ll    *list.List
+	cache map[interface{}]*list.Element
+}
+
+// A Key may be any value that is comparable. See http://golang.org/ref/spec#Comparison_operators
+type Key interface{}
+
+type entry struct {
+	key   Key
+	value interface{}
+}
+
+// New creates a new Cache.
+// If maxEntries is zero, the cache has no limit and it's assumed
+// that eviction is done by the caller.
+func New(maxEntries int) *Cache {
+	return &Cache{
+		MaxEntries: maxEntries,
+		ll:         list.New(),
+		cache:      make(map[interface{}]*list.Element),
+	}
+}
+
+// Add adds a value to the cache.
+func (c *Cache) Add(key Key, value interface{}) {
+	if c.cache == nil {
+		c.cache = make(map[interface{}]*list.Element)
+		c.ll = list.New()
+	}
+	if ee, ok := c.cache[key]; ok {
+		c.ll.MoveToFront(ee)
+		ee.Value.(*entry).value = value
+		return
+	}
+	ele := c.ll.PushFront(&entry{key, value})
+	c.cache[key] = ele
+	if c.MaxEntries != 0 && c.ll.Len() > c.MaxEntries {
+		c.RemoveOldest()
+	}
+}
+
+// Get looks up a key's value from the cache.
+func (c *Cache) Get(key Key) (value interface{}, ok bool) {
+	if c.cache == nil {
+		return
+	}
+	if ele, hit := c.cache[key]; hit {
+		c.ll.MoveToFront(ele)
+		return ele.Value.(*entry).value, true
+	}
+	return
+}
+
+// Remove removes the provided key from the cache.
+func (c *Cache) Remove(key Key) {
+	if c.cache == nil {
+		return
+	}
+	if ele, hit := c.cache[key]; hit {
+		c.removeElement(ele)
+	}
+}
+
+// RemoveOldest removes the oldest item from the cache.
+func (c *Cache) RemoveOldest() {
+	if c.cache == nil {
+		return
+	}
+	ele := c.ll.Back()
+	if ele != nil {
+		c.removeElement(ele)
+	}
+}
+
+func (c *Cache) removeElement(e *list.Element) {
+	c.ll.Remove(e)
+	kv := e.Value.(*entry)
+	delete(c.cache, kv.key)
+	if c.OnEvicted != nil {
+		c.OnEvicted(kv.key, kv.value)
+	}
+}
+
+// Len returns the number of items in the cache.
+func (c *Cache) Len() int {
+	if c.cache == nil {
+		return 0
+	}
+	return c.ll.Len()
+}
+
+// Clear purges all stored items from the cache.
+func (c *Cache) Clear() {
+	if c.OnEvicted != nil {
+		for _, e := range c.cache {
+			kv := e.Value.(*entry)
+			c.OnEvicted(kv.key, kv.value)
+		}
+	}
+	c.ll = nil
+	c.cache = nil
+}
diff --git a/vendor/github.com/golang/protobuf/LICENSE b/vendor/github.com/golang/protobuf/LICENSE
index 1b1b1921efa6d..0f646931a4627 100644
--- a/vendor/github.com/golang/protobuf/LICENSE
+++ b/vendor/github.com/golang/protobuf/LICENSE
@@ -1,7 +1,4 @@
-Go support for Protocol Buffers - Google's data interchange format
-
 Copyright 2010 The Go Authors.  All rights reserved.
-https://github.com/golang/protobuf
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
diff --git a/vendor/github.com/golang/protobuf/README.md b/vendor/github.com/golang/protobuf/README.md
index 01b29daf2631a..2e253e6f872a4 100644
--- a/vendor/github.com/golang/protobuf/README.md
+++ b/vendor/github.com/golang/protobuf/README.md
@@ -1,4 +1,4 @@
-# Go support for Protocol Buffers
+# Go support for Protocol Buffers - Google's data interchange format
 
 [![Build Status](https://travis-ci.org/golang/protobuf.svg?branch=master)](https://travis-ci.org/golang/protobuf)
 [![GoDoc](https://godoc.org/github.com/golang/protobuf?status.svg)](https://godoc.org/github.com/golang/protobuf)
@@ -7,7 +7,7 @@ Google's data interchange format.
 Copyright 2010 The Go Authors.
 https://github.com/golang/protobuf
 
-This package and the code it generates requires at least Go 1.6.
+This package and the code it generates requires at least Go 1.9.
 
 This software implements Go bindings for protocol buffers.  For
 information about protocol buffers themselves, see
@@ -24,11 +24,22 @@ To use this software, you must:
 	https://golang.org/doc/install
   for details or, if you are using gccgo, follow the instructions at
 	https://golang.org/doc/install/gccgo
-- Grab the code from the repository and install the proto package.
-  The simplest way is to run `go get -u github.com/golang/protobuf/protoc-gen-go`.
-  The compiler plugin, protoc-gen-go, will be installed in $GOBIN,
-  defaulting to $GOPATH/bin.  It must be in your $PATH for the protocol
-  compiler, protoc, to find it.
+- Grab the code from the repository and install the `proto` package.
+  The simplest way is to run:
+  ```
+  go get -u github.com/golang/protobuf/protoc-gen-go
+  ```
+  The compiler plugin, `protoc-gen-go`, will be installed in `$GOPATH/bin`
+  unless `$GOBIN` is set. It must be in your `$PATH` for the protocol
+  compiler, `protoc`, to find it.
+- If you need a particular version of `protoc-gen-go` (e.g., to match your
+  `proto` package version), one option is
+  ```shell
+  GIT_TAG="v1.2.0" # change as needed
+  go get -d -u github.com/golang/protobuf/protoc-gen-go
+  git -C "$(go env GOPATH)"/src/github.com/golang/protobuf checkout $GIT_TAG
+  go install github.com/golang/protobuf/protoc-gen-go
+  ```
 
 This software has two parts: a 'protocol compiler plugin' that
 generates Go source files that, once compiled, can access and manage
@@ -83,15 +94,19 @@ be:
 
 - Relative to the import path:
 
-	protoc --go_out=. inputs/x.proto
-	# writes ./github.com/golang/protobuf/p/x.pb.go
+```shell
+  protoc --go_out=. inputs/x.proto
+  # writes ./github.com/golang/protobuf/p/x.pb.go
+```
 
   (This can work well with `--go_out=$GOPATH`.)
 
 - Relative to the input file:
 
-	protoc --go_out=paths=source_relative:. inputs/x.proto
-	# generate ./inputs/x.pb.go
+```shell
+protoc --go_out=paths=source_relative:. inputs/x.proto
+# generate ./inputs/x.pb.go
+```
 
 ## Generated code ##
 
@@ -157,9 +172,6 @@ Consider file test.proto, containing
 	  required string label = 1;
 	  optional int32 type = 2 [default=77];
 	  repeated int64 reps = 3;
-	  optional group OptionalGroup = 4 {
-	    required string RequiredField = 5;
-	  }
 	}
 ```
 
@@ -176,13 +188,10 @@ To create and play with a Test object from the example package,
 	)
 
 	func main() {
-		test := &example.Test {
+		test := &example.Test{
 			Label: proto.String("hello"),
 			Type:  proto.Int32(17),
 			Reps:  []int64{1, 2, 3},
-			Optionalgroup: &example.Test_OptionalGroup {
-				RequiredField: proto.String("good bye"),
-			},
 		}
 		data, err := proto.Marshal(test)
 		if err != nil {
diff --git a/vendor/github.com/golang/protobuf/go.mod b/vendor/github.com/golang/protobuf/go.mod
new file mode 100644
index 0000000000000..aa055824d89fe
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/go.mod
@@ -0,0 +1,3 @@
+module github.com/golang/protobuf
+
+go 1.9
diff --git a/vendor/github.com/golang/protobuf/jsonpb/jsonpb.go b/vendor/github.com/golang/protobuf/jsonpb/jsonpb.go
new file mode 100644
index 0000000000000..f0d66befbb8ef
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/jsonpb/jsonpb.go
@@ -0,0 +1,1290 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2015 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+/*
+Package jsonpb provides marshaling and unmarshaling between protocol buffers and JSON.
+It follows the specification at https://developers.google.com/protocol-buffers/docs/proto3#json.
+
+This package produces a different output than the standard "encoding/json" package,
+which does not operate correctly on protocol buffers.
+*/
+package jsonpb
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+
+	stpb "github.com/golang/protobuf/ptypes/struct"
+)
+
+const secondInNanos = int64(time.Second / time.Nanosecond)
+const maxSecondsInDuration = 315576000000
+
+// Marshaler is a configurable object for converting between
+// protocol buffer objects and a JSON representation for them.
+type Marshaler struct {
+	// Whether to render enum values as integers, as opposed to string values.
+	EnumsAsInts bool
+
+	// Whether to render fields with zero values.
+	EmitDefaults bool
+
+	// A string to indent each level by. The presence of this field will
+	// also cause a space to appear between the field separator and
+	// value, and for newlines to be appear between fields and array
+	// elements.
+	Indent string
+
+	// Whether to use the original (.proto) name for fields.
+	OrigName bool
+
+	// A custom URL resolver to use when marshaling Any messages to JSON.
+	// If unset, the default resolution strategy is to extract the
+	// fully-qualified type name from the type URL and pass that to
+	// proto.MessageType(string).
+	AnyResolver AnyResolver
+}
+
+// AnyResolver takes a type URL, present in an Any message, and resolves it into
+// an instance of the associated message.
+type AnyResolver interface {
+	Resolve(typeUrl string) (proto.Message, error)
+}
+
+func defaultResolveAny(typeUrl string) (proto.Message, error) {
+	// Only the part of typeUrl after the last slash is relevant.
+	mname := typeUrl
+	if slash := strings.LastIndex(mname, "/"); slash >= 0 {
+		mname = mname[slash+1:]
+	}
+	mt := proto.MessageType(mname)
+	if mt == nil {
+		return nil, fmt.Errorf("unknown message type %q", mname)
+	}
+	return reflect.New(mt.Elem()).Interface().(proto.Message), nil
+}
+
+// JSONPBMarshaler is implemented by protobuf messages that customize the
+// way they are marshaled to JSON. Messages that implement this should
+// also implement JSONPBUnmarshaler so that the custom format can be
+// parsed.
+//
+// The JSON marshaling must follow the proto to JSON specification:
+//	https://developers.google.com/protocol-buffers/docs/proto3#json
+type JSONPBMarshaler interface {
+	MarshalJSONPB(*Marshaler) ([]byte, error)
+}
+
+// JSONPBUnmarshaler is implemented by protobuf messages that customize
+// the way they are unmarshaled from JSON. Messages that implement this
+// should also implement JSONPBMarshaler so that the custom format can be
+// produced.
+//
+// The JSON unmarshaling must follow the JSON to proto specification:
+//	https://developers.google.com/protocol-buffers/docs/proto3#json
+type JSONPBUnmarshaler interface {
+	UnmarshalJSONPB(*Unmarshaler, []byte) error
+}
+
+// Marshal marshals a protocol buffer into JSON.
+func (m *Marshaler) Marshal(out io.Writer, pb proto.Message) error {
+	v := reflect.ValueOf(pb)
+	if pb == nil || (v.Kind() == reflect.Ptr && v.IsNil()) {
+		return errors.New("Marshal called with nil")
+	}
+	// Check for unset required fields first.
+	if err := checkRequiredFields(pb); err != nil {
+		return err
+	}
+	writer := &errWriter{writer: out}
+	return m.marshalObject(writer, pb, "", "")
+}
+
+// MarshalToString converts a protocol buffer object to JSON string.
+func (m *Marshaler) MarshalToString(pb proto.Message) (string, error) {
+	var buf bytes.Buffer
+	if err := m.Marshal(&buf, pb); err != nil {
+		return "", err
+	}
+	return buf.String(), nil
+}
+
+type int32Slice []int32
+
+var nonFinite = map[string]float64{
+	`"NaN"`:       math.NaN(),
+	`"Infinity"`:  math.Inf(1),
+	`"-Infinity"`: math.Inf(-1),
+}
+
+// For sorting extensions ids to ensure stable output.
+func (s int32Slice) Len() int           { return len(s) }
+func (s int32Slice) Less(i, j int) bool { return s[i] < s[j] }
+func (s int32Slice) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
+
+type wkt interface {
+	XXX_WellKnownType() string
+}
+
+var (
+	wktType     = reflect.TypeOf((*wkt)(nil)).Elem()
+	messageType = reflect.TypeOf((*proto.Message)(nil)).Elem()
+)
+
+// marshalObject writes a struct to the Writer.
+func (m *Marshaler) marshalObject(out *errWriter, v proto.Message, indent, typeURL string) error {
+	if jsm, ok := v.(JSONPBMarshaler); ok {
+		b, err := jsm.MarshalJSONPB(m)
+		if err != nil {
+			return err
+		}
+		if typeURL != "" {
+			// we are marshaling this object to an Any type
+			var js map[string]*json.RawMessage
+			if err = json.Unmarshal(b, &js); err != nil {
+				return fmt.Errorf("type %T produced invalid JSON: %v", v, err)
+			}
+			turl, err := json.Marshal(typeURL)
+			if err != nil {
+				return fmt.Errorf("failed to marshal type URL %q to JSON: %v", typeURL, err)
+			}
+			js["@type"] = (*json.RawMessage)(&turl)
+			if m.Indent != "" {
+				b, err = json.MarshalIndent(js, indent, m.Indent)
+			} else {
+				b, err = json.Marshal(js)
+			}
+			if err != nil {
+				return err
+			}
+		}
+
+		out.write(string(b))
+		return out.err
+	}
+
+	s := reflect.ValueOf(v).Elem()
+
+	// Handle well-known types.
+	if wkt, ok := v.(wkt); ok {
+		switch wkt.XXX_WellKnownType() {
+		case "DoubleValue", "FloatValue", "Int64Value", "UInt64Value",
+			"Int32Value", "UInt32Value", "BoolValue", "StringValue", "BytesValue":
+			// "Wrappers use the same representation in JSON
+			//  as the wrapped primitive type, ..."
+			sprop := proto.GetProperties(s.Type())
+			return m.marshalValue(out, sprop.Prop[0], s.Field(0), indent)
+		case "Any":
+			// Any is a bit more involved.
+			return m.marshalAny(out, v, indent)
+		case "Duration":
+			s, ns := s.Field(0).Int(), s.Field(1).Int()
+			if s < -maxSecondsInDuration || s > maxSecondsInDuration {
+				return fmt.Errorf("seconds out of range %v", s)
+			}
+			if ns <= -secondInNanos || ns >= secondInNanos {
+				return fmt.Errorf("ns out of range (%v, %v)", -secondInNanos, secondInNanos)
+			}
+			if (s > 0 && ns < 0) || (s < 0 && ns > 0) {
+				return errors.New("signs of seconds and nanos do not match")
+			}
+			// Generated output always contains 0, 3, 6, or 9 fractional digits,
+			// depending on required precision, followed by the suffix "s".
+			f := "%d.%09d"
+			if ns < 0 {
+				ns = -ns
+				if s == 0 {
+					f = "-%d.%09d"
+				}
+			}
+			x := fmt.Sprintf(f, s, ns)
+			x = strings.TrimSuffix(x, "000")
+			x = strings.TrimSuffix(x, "000")
+			x = strings.TrimSuffix(x, ".000")
+			out.write(`"`)
+			out.write(x)
+			out.write(`s"`)
+			return out.err
+		case "Struct", "ListValue":
+			// Let marshalValue handle the `Struct.fields` map or the `ListValue.values` slice.
+			// TODO: pass the correct Properties if needed.
+			return m.marshalValue(out, &proto.Properties{}, s.Field(0), indent)
+		case "Timestamp":
+			// "RFC 3339, where generated output will always be Z-normalized
+			//  and uses 0, 3, 6 or 9 fractional digits."
+			s, ns := s.Field(0).Int(), s.Field(1).Int()
+			if ns < 0 || ns >= secondInNanos {
+				return fmt.Errorf("ns out of range [0, %v)", secondInNanos)
+			}
+			t := time.Unix(s, ns).UTC()
+			// time.RFC3339Nano isn't exactly right (we need to get 3/6/9 fractional digits).
+			x := t.Format("2006-01-02T15:04:05.000000000")
+			x = strings.TrimSuffix(x, "000")
+			x = strings.TrimSuffix(x, "000")
+			x = strings.TrimSuffix(x, ".000")
+			out.write(`"`)
+			out.write(x)
+			out.write(`Z"`)
+			return out.err
+		case "Value":
+			// Value has a single oneof.
+			kind := s.Field(0)
+			if kind.IsNil() {
+				// "absence of any variant indicates an error"
+				return errors.New("nil Value")
+			}
+			// oneof -> *T -> T -> T.F
+			x := kind.Elem().Elem().Field(0)
+			// TODO: pass the correct Properties if needed.
+			return m.marshalValue(out, &proto.Properties{}, x, indent)
+		}
+	}
+
+	out.write("{")
+	if m.Indent != "" {
+		out.write("\n")
+	}
+
+	firstField := true
+
+	if typeURL != "" {
+		if err := m.marshalTypeURL(out, indent, typeURL); err != nil {
+			return err
+		}
+		firstField = false
+	}
+
+	for i := 0; i < s.NumField(); i++ {
+		value := s.Field(i)
+		valueField := s.Type().Field(i)
+		if strings.HasPrefix(valueField.Name, "XXX_") {
+			continue
+		}
+
+		// IsNil will panic on most value kinds.
+		switch value.Kind() {
+		case reflect.Chan, reflect.Func, reflect.Interface:
+			if value.IsNil() {
+				continue
+			}
+		}
+
+		if !m.EmitDefaults {
+			switch value.Kind() {
+			case reflect.Bool:
+				if !value.Bool() {
+					continue
+				}
+			case reflect.Int32, reflect.Int64:
+				if value.Int() == 0 {
+					continue
+				}
+			case reflect.Uint32, reflect.Uint64:
+				if value.Uint() == 0 {
+					continue
+				}
+			case reflect.Float32, reflect.Float64:
+				if value.Float() == 0 {
+					continue
+				}
+			case reflect.String:
+				if value.Len() == 0 {
+					continue
+				}
+			case reflect.Map, reflect.Ptr, reflect.Slice:
+				if value.IsNil() {
+					continue
+				}
+			}
+		}
+
+		// Oneof fields need special handling.
+		if valueField.Tag.Get("protobuf_oneof") != "" {
+			// value is an interface containing &T{real_value}.
+			sv := value.Elem().Elem() // interface -> *T -> T
+			value = sv.Field(0)
+			valueField = sv.Type().Field(0)
+		}
+		prop := jsonProperties(valueField, m.OrigName)
+		if !firstField {
+			m.writeSep(out)
+		}
+		if err := m.marshalField(out, prop, value, indent); err != nil {
+			return err
+		}
+		firstField = false
+	}
+
+	// Handle proto2 extensions.
+	if ep, ok := v.(proto.Message); ok {
+		extensions := proto.RegisteredExtensions(v)
+		// Sort extensions for stable output.
+		ids := make([]int32, 0, len(extensions))
+		for id, desc := range extensions {
+			if !proto.HasExtension(ep, desc) {
+				continue
+			}
+			ids = append(ids, id)
+		}
+		sort.Sort(int32Slice(ids))
+		for _, id := range ids {
+			desc := extensions[id]
+			if desc == nil {
+				// unknown extension
+				continue
+			}
+			ext, extErr := proto.GetExtension(ep, desc)
+			if extErr != nil {
+				return extErr
+			}
+			value := reflect.ValueOf(ext)
+			var prop proto.Properties
+			prop.Parse(desc.Tag)
+			prop.JSONName = fmt.Sprintf("[%s]", desc.Name)
+			if !firstField {
+				m.writeSep(out)
+			}
+			if err := m.marshalField(out, &prop, value, indent); err != nil {
+				return err
+			}
+			firstField = false
+		}
+
+	}
+
+	if m.Indent != "" {
+		out.write("\n")
+		out.write(indent)
+	}
+	out.write("}")
+	return out.err
+}
+
+func (m *Marshaler) writeSep(out *errWriter) {
+	if m.Indent != "" {
+		out.write(",\n")
+	} else {
+		out.write(",")
+	}
+}
+
+func (m *Marshaler) marshalAny(out *errWriter, any proto.Message, indent string) error {
+	// "If the Any contains a value that has a special JSON mapping,
+	//  it will be converted as follows: {"@type": xxx, "value": yyy}.
+	//  Otherwise, the value will be converted into a JSON object,
+	//  and the "@type" field will be inserted to indicate the actual data type."
+	v := reflect.ValueOf(any).Elem()
+	turl := v.Field(0).String()
+	val := v.Field(1).Bytes()
+
+	var msg proto.Message
+	var err error
+	if m.AnyResolver != nil {
+		msg, err = m.AnyResolver.Resolve(turl)
+	} else {
+		msg, err = defaultResolveAny(turl)
+	}
+	if err != nil {
+		return err
+	}
+
+	if err := proto.Unmarshal(val, msg); err != nil {
+		return err
+	}
+
+	if _, ok := msg.(wkt); ok {
+		out.write("{")
+		if m.Indent != "" {
+			out.write("\n")
+		}
+		if err := m.marshalTypeURL(out, indent, turl); err != nil {
+			return err
+		}
+		m.writeSep(out)
+		if m.Indent != "" {
+			out.write(indent)
+			out.write(m.Indent)
+			out.write(`"value": `)
+		} else {
+			out.write(`"value":`)
+		}
+		if err := m.marshalObject(out, msg, indent+m.Indent, ""); err != nil {
+			return err
+		}
+		if m.Indent != "" {
+			out.write("\n")
+			out.write(indent)
+		}
+		out.write("}")
+		return out.err
+	}
+
+	return m.marshalObject(out, msg, indent, turl)
+}
+
+func (m *Marshaler) marshalTypeURL(out *errWriter, indent, typeURL string) error {
+	if m.Indent != "" {
+		out.write(indent)
+		out.write(m.Indent)
+	}
+	out.write(`"@type":`)
+	if m.Indent != "" {
+		out.write(" ")
+	}
+	b, err := json.Marshal(typeURL)
+	if err != nil {
+		return err
+	}
+	out.write(string(b))
+	return out.err
+}
+
+// marshalField writes field description and value to the Writer.
+func (m *Marshaler) marshalField(out *errWriter, prop *proto.Properties, v reflect.Value, indent string) error {
+	if m.Indent != "" {
+		out.write(indent)
+		out.write(m.Indent)
+	}
+	out.write(`"`)
+	out.write(prop.JSONName)
+	out.write(`":`)
+	if m.Indent != "" {
+		out.write(" ")
+	}
+	if err := m.marshalValue(out, prop, v, indent); err != nil {
+		return err
+	}
+	return nil
+}
+
+// marshalValue writes the value to the Writer.
+func (m *Marshaler) marshalValue(out *errWriter, prop *proto.Properties, v reflect.Value, indent string) error {
+	var err error
+	v = reflect.Indirect(v)
+
+	// Handle nil pointer
+	if v.Kind() == reflect.Invalid {
+		out.write("null")
+		return out.err
+	}
+
+	// Handle repeated elements.
+	if v.Kind() == reflect.Slice && v.Type().Elem().Kind() != reflect.Uint8 {
+		out.write("[")
+		comma := ""
+		for i := 0; i < v.Len(); i++ {
+			sliceVal := v.Index(i)
+			out.write(comma)
+			if m.Indent != "" {
+				out.write("\n")
+				out.write(indent)
+				out.write(m.Indent)
+				out.write(m.Indent)
+			}
+			if err := m.marshalValue(out, prop, sliceVal, indent+m.Indent); err != nil {
+				return err
+			}
+			comma = ","
+		}
+		if m.Indent != "" {
+			out.write("\n")
+			out.write(indent)
+			out.write(m.Indent)
+		}
+		out.write("]")
+		return out.err
+	}
+
+	// Handle well-known types.
+	// Most are handled up in marshalObject (because 99% are messages).
+	if v.Type().Implements(wktType) {
+		wkt := v.Interface().(wkt)
+		switch wkt.XXX_WellKnownType() {
+		case "NullValue":
+			out.write("null")
+			return out.err
+		}
+	}
+
+	// Handle enumerations.
+	if !m.EnumsAsInts && prop.Enum != "" {
+		// Unknown enum values will are stringified by the proto library as their
+		// value. Such values should _not_ be quoted or they will be interpreted
+		// as an enum string instead of their value.
+		enumStr := v.Interface().(fmt.Stringer).String()
+		var valStr string
+		if v.Kind() == reflect.Ptr {
+			valStr = strconv.Itoa(int(v.Elem().Int()))
+		} else {
+			valStr = strconv.Itoa(int(v.Int()))
+		}
+		isKnownEnum := enumStr != valStr
+		if isKnownEnum {
+			out.write(`"`)
+		}
+		out.write(enumStr)
+		if isKnownEnum {
+			out.write(`"`)
+		}
+		return out.err
+	}
+
+	// Handle nested messages.
+	if v.Kind() == reflect.Struct {
+		return m.marshalObject(out, v.Addr().Interface().(proto.Message), indent+m.Indent, "")
+	}
+
+	// Handle maps.
+	// Since Go randomizes map iteration, we sort keys for stable output.
+	if v.Kind() == reflect.Map {
+		out.write(`{`)
+		keys := v.MapKeys()
+		sort.Sort(mapKeys(keys))
+		for i, k := range keys {
+			if i > 0 {
+				out.write(`,`)
+			}
+			if m.Indent != "" {
+				out.write("\n")
+				out.write(indent)
+				out.write(m.Indent)
+				out.write(m.Indent)
+			}
+
+			// TODO handle map key prop properly
+			b, err := json.Marshal(k.Interface())
+			if err != nil {
+				return err
+			}
+			s := string(b)
+
+			// If the JSON is not a string value, encode it again to make it one.
+			if !strings.HasPrefix(s, `"`) {
+				b, err := json.Marshal(s)
+				if err != nil {
+					return err
+				}
+				s = string(b)
+			}
+
+			out.write(s)
+			out.write(`:`)
+			if m.Indent != "" {
+				out.write(` `)
+			}
+
+			vprop := prop
+			if prop != nil && prop.MapValProp != nil {
+				vprop = prop.MapValProp
+			}
+			if err := m.marshalValue(out, vprop, v.MapIndex(k), indent+m.Indent); err != nil {
+				return err
+			}
+		}
+		if m.Indent != "" {
+			out.write("\n")
+			out.write(indent)
+			out.write(m.Indent)
+		}
+		out.write(`}`)
+		return out.err
+	}
+
+	// Handle non-finite floats, e.g. NaN, Infinity and -Infinity.
+	if v.Kind() == reflect.Float32 || v.Kind() == reflect.Float64 {
+		f := v.Float()
+		var sval string
+		switch {
+		case math.IsInf(f, 1):
+			sval = `"Infinity"`
+		case math.IsInf(f, -1):
+			sval = `"-Infinity"`
+		case math.IsNaN(f):
+			sval = `"NaN"`
+		}
+		if sval != "" {
+			out.write(sval)
+			return out.err
+		}
+	}
+
+	// Default handling defers to the encoding/json library.
+	b, err := json.Marshal(v.Interface())
+	if err != nil {
+		return err
+	}
+	needToQuote := string(b[0]) != `"` && (v.Kind() == reflect.Int64 || v.Kind() == reflect.Uint64)
+	if needToQuote {
+		out.write(`"`)
+	}
+	out.write(string(b))
+	if needToQuote {
+		out.write(`"`)
+	}
+	return out.err
+}
+
+// Unmarshaler is a configurable object for converting from a JSON
+// representation to a protocol buffer object.
+type Unmarshaler struct {
+	// Whether to allow messages to contain unknown fields, as opposed to
+	// failing to unmarshal.
+	AllowUnknownFields bool
+
+	// A custom URL resolver to use when unmarshaling Any messages from JSON.
+	// If unset, the default resolution strategy is to extract the
+	// fully-qualified type name from the type URL and pass that to
+	// proto.MessageType(string).
+	AnyResolver AnyResolver
+}
+
+// UnmarshalNext unmarshals the next protocol buffer from a JSON object stream.
+// This function is lenient and will decode any options permutations of the
+// related Marshaler.
+func (u *Unmarshaler) UnmarshalNext(dec *json.Decoder, pb proto.Message) error {
+	inputValue := json.RawMessage{}
+	if err := dec.Decode(&inputValue); err != nil {
+		return err
+	}
+	if err := u.unmarshalValue(reflect.ValueOf(pb).Elem(), inputValue, nil); err != nil {
+		return err
+	}
+	return checkRequiredFields(pb)
+}
+
+// Unmarshal unmarshals a JSON object stream into a protocol
+// buffer. This function is lenient and will decode any options
+// permutations of the related Marshaler.
+func (u *Unmarshaler) Unmarshal(r io.Reader, pb proto.Message) error {
+	dec := json.NewDecoder(r)
+	return u.UnmarshalNext(dec, pb)
+}
+
+// UnmarshalNext unmarshals the next protocol buffer from a JSON object stream.
+// This function is lenient and will decode any options permutations of the
+// related Marshaler.
+func UnmarshalNext(dec *json.Decoder, pb proto.Message) error {
+	return new(Unmarshaler).UnmarshalNext(dec, pb)
+}
+
+// Unmarshal unmarshals a JSON object stream into a protocol
+// buffer. This function is lenient and will decode any options
+// permutations of the related Marshaler.
+func Unmarshal(r io.Reader, pb proto.Message) error {
+	return new(Unmarshaler).Unmarshal(r, pb)
+}
+
+// UnmarshalString will populate the fields of a protocol buffer based
+// on a JSON string. This function is lenient and will decode any options
+// permutations of the related Marshaler.
+func UnmarshalString(str string, pb proto.Message) error {
+	return new(Unmarshaler).Unmarshal(strings.NewReader(str), pb)
+}
+
+// unmarshalValue converts/copies a value into the target.
+// prop may be nil.
+func (u *Unmarshaler) unmarshalValue(target reflect.Value, inputValue json.RawMessage, prop *proto.Properties) error {
+	targetType := target.Type()
+
+	// Allocate memory for pointer fields.
+	if targetType.Kind() == reflect.Ptr {
+		// If input value is "null" and target is a pointer type, then the field should be treated as not set
+		// UNLESS the target is structpb.Value, in which case it should be set to structpb.NullValue.
+		_, isJSONPBUnmarshaler := target.Interface().(JSONPBUnmarshaler)
+		if string(inputValue) == "null" && targetType != reflect.TypeOf(&stpb.Value{}) && !isJSONPBUnmarshaler {
+			return nil
+		}
+		target.Set(reflect.New(targetType.Elem()))
+
+		return u.unmarshalValue(target.Elem(), inputValue, prop)
+	}
+
+	if jsu, ok := target.Addr().Interface().(JSONPBUnmarshaler); ok {
+		return jsu.UnmarshalJSONPB(u, []byte(inputValue))
+	}
+
+	// Handle well-known types that are not pointers.
+	if w, ok := target.Addr().Interface().(wkt); ok {
+		switch w.XXX_WellKnownType() {
+		case "DoubleValue", "FloatValue", "Int64Value", "UInt64Value",
+			"Int32Value", "UInt32Value", "BoolValue", "StringValue", "BytesValue":
+			return u.unmarshalValue(target.Field(0), inputValue, prop)
+		case "Any":
+			// Use json.RawMessage pointer type instead of value to support pre-1.8 version.
+			// 1.8 changed RawMessage.MarshalJSON from pointer type to value type, see
+			// https://github.com/golang/go/issues/14493
+			var jsonFields map[string]*json.RawMessage
+			if err := json.Unmarshal(inputValue, &jsonFields); err != nil {
+				return err
+			}
+
+			val, ok := jsonFields["@type"]
+			if !ok || val == nil {
+				return errors.New("Any JSON doesn't have '@type'")
+			}
+
+			var turl string
+			if err := json.Unmarshal([]byte(*val), &turl); err != nil {
+				return fmt.Errorf("can't unmarshal Any's '@type': %q", *val)
+			}
+			target.Field(0).SetString(turl)
+
+			var m proto.Message
+			var err error
+			if u.AnyResolver != nil {
+				m, err = u.AnyResolver.Resolve(turl)
+			} else {
+				m, err = defaultResolveAny(turl)
+			}
+			if err != nil {
+				return err
+			}
+
+			if _, ok := m.(wkt); ok {
+				val, ok := jsonFields["value"]
+				if !ok {
+					return errors.New("Any JSON doesn't have 'value'")
+				}
+
+				if err := u.unmarshalValue(reflect.ValueOf(m).Elem(), *val, nil); err != nil {
+					return fmt.Errorf("can't unmarshal Any nested proto %T: %v", m, err)
+				}
+			} else {
+				delete(jsonFields, "@type")
+				nestedProto, err := json.Marshal(jsonFields)
+				if err != nil {
+					return fmt.Errorf("can't generate JSON for Any's nested proto to be unmarshaled: %v", err)
+				}
+
+				if err = u.unmarshalValue(reflect.ValueOf(m).Elem(), nestedProto, nil); err != nil {
+					return fmt.Errorf("can't unmarshal Any nested proto %T: %v", m, err)
+				}
+			}
+
+			b, err := proto.Marshal(m)
+			if err != nil {
+				return fmt.Errorf("can't marshal proto %T into Any.Value: %v", m, err)
+			}
+			target.Field(1).SetBytes(b)
+
+			return nil
+		case "Duration":
+			unq, err := unquote(string(inputValue))
+			if err != nil {
+				return err
+			}
+
+			d, err := time.ParseDuration(unq)
+			if err != nil {
+				return fmt.Errorf("bad Duration: %v", err)
+			}
+
+			ns := d.Nanoseconds()
+			s := ns / 1e9
+			ns %= 1e9
+			target.Field(0).SetInt(s)
+			target.Field(1).SetInt(ns)
+			return nil
+		case "Timestamp":
+			unq, err := unquote(string(inputValue))
+			if err != nil {
+				return err
+			}
+
+			t, err := time.Parse(time.RFC3339Nano, unq)
+			if err != nil {
+				return fmt.Errorf("bad Timestamp: %v", err)
+			}
+
+			target.Field(0).SetInt(t.Unix())
+			target.Field(1).SetInt(int64(t.Nanosecond()))
+			return nil
+		case "Struct":
+			var m map[string]json.RawMessage
+			if err := json.Unmarshal(inputValue, &m); err != nil {
+				return fmt.Errorf("bad StructValue: %v", err)
+			}
+
+			target.Field(0).Set(reflect.ValueOf(map[string]*stpb.Value{}))
+			for k, jv := range m {
+				pv := &stpb.Value{}
+				if err := u.unmarshalValue(reflect.ValueOf(pv).Elem(), jv, prop); err != nil {
+					return fmt.Errorf("bad value in StructValue for key %q: %v", k, err)
+				}
+				target.Field(0).SetMapIndex(reflect.ValueOf(k), reflect.ValueOf(pv))
+			}
+			return nil
+		case "ListValue":
+			var s []json.RawMessage
+			if err := json.Unmarshal(inputValue, &s); err != nil {
+				return fmt.Errorf("bad ListValue: %v", err)
+			}
+
+			target.Field(0).Set(reflect.ValueOf(make([]*stpb.Value, len(s))))
+			for i, sv := range s {
+				if err := u.unmarshalValue(target.Field(0).Index(i), sv, prop); err != nil {
+					return err
+				}
+			}
+			return nil
+		case "Value":
+			ivStr := string(inputValue)
+			if ivStr == "null" {
+				target.Field(0).Set(reflect.ValueOf(&stpb.Value_NullValue{}))
+			} else if v, err := strconv.ParseFloat(ivStr, 0); err == nil {
+				target.Field(0).Set(reflect.ValueOf(&stpb.Value_NumberValue{v}))
+			} else if v, err := unquote(ivStr); err == nil {
+				target.Field(0).Set(reflect.ValueOf(&stpb.Value_StringValue{v}))
+			} else if v, err := strconv.ParseBool(ivStr); err == nil {
+				target.Field(0).Set(reflect.ValueOf(&stpb.Value_BoolValue{v}))
+			} else if err := json.Unmarshal(inputValue, &[]json.RawMessage{}); err == nil {
+				lv := &stpb.ListValue{}
+				target.Field(0).Set(reflect.ValueOf(&stpb.Value_ListValue{lv}))
+				return u.unmarshalValue(reflect.ValueOf(lv).Elem(), inputValue, prop)
+			} else if err := json.Unmarshal(inputValue, &map[string]json.RawMessage{}); err == nil {
+				sv := &stpb.Struct{}
+				target.Field(0).Set(reflect.ValueOf(&stpb.Value_StructValue{sv}))
+				return u.unmarshalValue(reflect.ValueOf(sv).Elem(), inputValue, prop)
+			} else {
+				return fmt.Errorf("unrecognized type for Value %q", ivStr)
+			}
+			return nil
+		}
+	}
+
+	// Handle enums, which have an underlying type of int32,
+	// and may appear as strings.
+	// The case of an enum appearing as a number is handled
+	// at the bottom of this function.
+	if inputValue[0] == '"' && prop != nil && prop.Enum != "" {
+		vmap := proto.EnumValueMap(prop.Enum)
+		// Don't need to do unquoting; valid enum names
+		// are from a limited character set.
+		s := inputValue[1 : len(inputValue)-1]
+		n, ok := vmap[string(s)]
+		if !ok {
+			return fmt.Errorf("unknown value %q for enum %s", s, prop.Enum)
+		}
+		if target.Kind() == reflect.Ptr { // proto2
+			target.Set(reflect.New(targetType.Elem()))
+			target = target.Elem()
+		}
+		if targetType.Kind() != reflect.Int32 {
+			return fmt.Errorf("invalid target %q for enum %s", targetType.Kind(), prop.Enum)
+		}
+		target.SetInt(int64(n))
+		return nil
+	}
+
+	// Handle nested messages.
+	if targetType.Kind() == reflect.Struct {
+		var jsonFields map[string]json.RawMessage
+		if err := json.Unmarshal(inputValue, &jsonFields); err != nil {
+			return err
+		}
+
+		consumeField := func(prop *proto.Properties) (json.RawMessage, bool) {
+			// Be liberal in what names we accept; both orig_name and camelName are okay.
+			fieldNames := acceptedJSONFieldNames(prop)
+
+			vOrig, okOrig := jsonFields[fieldNames.orig]
+			vCamel, okCamel := jsonFields[fieldNames.camel]
+			if !okOrig && !okCamel {
+				return nil, false
+			}
+			// If, for some reason, both are present in the data, favour the camelName.
+			var raw json.RawMessage
+			if okOrig {
+				raw = vOrig
+				delete(jsonFields, fieldNames.orig)
+			}
+			if okCamel {
+				raw = vCamel
+				delete(jsonFields, fieldNames.camel)
+			}
+			return raw, true
+		}
+
+		sprops := proto.GetProperties(targetType)
+		for i := 0; i < target.NumField(); i++ {
+			ft := target.Type().Field(i)
+			if strings.HasPrefix(ft.Name, "XXX_") {
+				continue
+			}
+
+			valueForField, ok := consumeField(sprops.Prop[i])
+			if !ok {
+				continue
+			}
+
+			if err := u.unmarshalValue(target.Field(i), valueForField, sprops.Prop[i]); err != nil {
+				return err
+			}
+		}
+		// Check for any oneof fields.
+		if len(jsonFields) > 0 {
+			for _, oop := range sprops.OneofTypes {
+				raw, ok := consumeField(oop.Prop)
+				if !ok {
+					continue
+				}
+				nv := reflect.New(oop.Type.Elem())
+				target.Field(oop.Field).Set(nv)
+				if err := u.unmarshalValue(nv.Elem().Field(0), raw, oop.Prop); err != nil {
+					return err
+				}
+			}
+		}
+		// Handle proto2 extensions.
+		if len(jsonFields) > 0 {
+			if ep, ok := target.Addr().Interface().(proto.Message); ok {
+				for _, ext := range proto.RegisteredExtensions(ep) {
+					name := fmt.Sprintf("[%s]", ext.Name)
+					raw, ok := jsonFields[name]
+					if !ok {
+						continue
+					}
+					delete(jsonFields, name)
+					nv := reflect.New(reflect.TypeOf(ext.ExtensionType).Elem())
+					if err := u.unmarshalValue(nv.Elem(), raw, nil); err != nil {
+						return err
+					}
+					if err := proto.SetExtension(ep, ext, nv.Interface()); err != nil {
+						return err
+					}
+				}
+			}
+		}
+		if !u.AllowUnknownFields && len(jsonFields) > 0 {
+			// Pick any field to be the scapegoat.
+			var f string
+			for fname := range jsonFields {
+				f = fname
+				break
+			}
+			return fmt.Errorf("unknown field %q in %v", f, targetType)
+		}
+		return nil
+	}
+
+	// Handle arrays (which aren't encoded bytes)
+	if targetType.Kind() == reflect.Slice && targetType.Elem().Kind() != reflect.Uint8 {
+		var slc []json.RawMessage
+		if err := json.Unmarshal(inputValue, &slc); err != nil {
+			return err
+		}
+		if slc != nil {
+			l := len(slc)
+			target.Set(reflect.MakeSlice(targetType, l, l))
+			for i := 0; i < l; i++ {
+				if err := u.unmarshalValue(target.Index(i), slc[i], prop); err != nil {
+					return err
+				}
+			}
+		}
+		return nil
+	}
+
+	// Handle maps (whose keys are always strings)
+	if targetType.Kind() == reflect.Map {
+		var mp map[string]json.RawMessage
+		if err := json.Unmarshal(inputValue, &mp); err != nil {
+			return err
+		}
+		if mp != nil {
+			target.Set(reflect.MakeMap(targetType))
+			for ks, raw := range mp {
+				// Unmarshal map key. The core json library already decoded the key into a
+				// string, so we handle that specially. Other types were quoted post-serialization.
+				var k reflect.Value
+				if targetType.Key().Kind() == reflect.String {
+					k = reflect.ValueOf(ks)
+				} else {
+					k = reflect.New(targetType.Key()).Elem()
+					var kprop *proto.Properties
+					if prop != nil && prop.MapKeyProp != nil {
+						kprop = prop.MapKeyProp
+					}
+					if err := u.unmarshalValue(k, json.RawMessage(ks), kprop); err != nil {
+						return err
+					}
+				}
+
+				// Unmarshal map value.
+				v := reflect.New(targetType.Elem()).Elem()
+				var vprop *proto.Properties
+				if prop != nil && prop.MapValProp != nil {
+					vprop = prop.MapValProp
+				}
+				if err := u.unmarshalValue(v, raw, vprop); err != nil {
+					return err
+				}
+				target.SetMapIndex(k, v)
+			}
+		}
+		return nil
+	}
+
+	// Non-finite numbers can be encoded as strings.
+	isFloat := targetType.Kind() == reflect.Float32 || targetType.Kind() == reflect.Float64
+	if isFloat {
+		if num, ok := nonFinite[string(inputValue)]; ok {
+			target.SetFloat(num)
+			return nil
+		}
+	}
+
+	// integers & floats can be encoded as strings. In this case we drop
+	// the quotes and proceed as normal.
+	isNum := targetType.Kind() == reflect.Int64 || targetType.Kind() == reflect.Uint64 ||
+		targetType.Kind() == reflect.Int32 || targetType.Kind() == reflect.Uint32 ||
+		targetType.Kind() == reflect.Float32 || targetType.Kind() == reflect.Float64
+	if isNum && strings.HasPrefix(string(inputValue), `"`) {
+		inputValue = inputValue[1 : len(inputValue)-1]
+	}
+
+	// Use the encoding/json for parsing other value types.
+	return json.Unmarshal(inputValue, target.Addr().Interface())
+}
+
+func unquote(s string) (string, error) {
+	var ret string
+	err := json.Unmarshal([]byte(s), &ret)
+	return ret, err
+}
+
+// jsonProperties returns parsed proto.Properties for the field and corrects JSONName attribute.
+func jsonProperties(f reflect.StructField, origName bool) *proto.Properties {
+	var prop proto.Properties
+	prop.Init(f.Type, f.Name, f.Tag.Get("protobuf"), &f)
+	if origName || prop.JSONName == "" {
+		prop.JSONName = prop.OrigName
+	}
+	return &prop
+}
+
+type fieldNames struct {
+	orig, camel string
+}
+
+func acceptedJSONFieldNames(prop *proto.Properties) fieldNames {
+	opts := fieldNames{orig: prop.OrigName, camel: prop.OrigName}
+	if prop.JSONName != "" {
+		opts.camel = prop.JSONName
+	}
+	return opts
+}
+
+// Writer wrapper inspired by https://blog.golang.org/errors-are-values
+type errWriter struct {
+	writer io.Writer
+	err    error
+}
+
+func (w *errWriter) write(str string) {
+	if w.err != nil {
+		return
+	}
+	_, w.err = w.writer.Write([]byte(str))
+}
+
+// Map fields may have key types of non-float scalars, strings and enums.
+// The easiest way to sort them in some deterministic order is to use fmt.
+// If this turns out to be inefficient we can always consider other options,
+// such as doing a Schwartzian transform.
+//
+// Numeric keys are sorted in numeric order per
+// https://developers.google.com/protocol-buffers/docs/proto#maps.
+type mapKeys []reflect.Value
+
+func (s mapKeys) Len() int      { return len(s) }
+func (s mapKeys) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+func (s mapKeys) Less(i, j int) bool {
+	if k := s[i].Kind(); k == s[j].Kind() {
+		switch k {
+		case reflect.String:
+			return s[i].String() < s[j].String()
+		case reflect.Int32, reflect.Int64:
+			return s[i].Int() < s[j].Int()
+		case reflect.Uint32, reflect.Uint64:
+			return s[i].Uint() < s[j].Uint()
+		}
+	}
+	return fmt.Sprint(s[i].Interface()) < fmt.Sprint(s[j].Interface())
+}
+
+// checkRequiredFields returns an error if any required field in the given proto message is not set.
+// This function is used by both Marshal and Unmarshal.  While required fields only exist in a
+// proto2 message, a proto3 message can contain proto2 message(s).
+func checkRequiredFields(pb proto.Message) error {
+	// Most well-known type messages do not contain required fields.  The "Any" type may contain
+	// a message that has required fields.
+	//
+	// When an Any message is being marshaled, the code will invoked proto.Unmarshal on Any.Value
+	// field in order to transform that into JSON, and that should have returned an error if a
+	// required field is not set in the embedded message.
+	//
+	// When an Any message is being unmarshaled, the code will have invoked proto.Marshal on the
+	// embedded message to store the serialized message in Any.Value field, and that should have
+	// returned an error if a required field is not set.
+	if _, ok := pb.(wkt); ok {
+		return nil
+	}
+
+	v := reflect.ValueOf(pb)
+	// Skip message if it is not a struct pointer.
+	if v.Kind() != reflect.Ptr {
+		return nil
+	}
+	v = v.Elem()
+	if v.Kind() != reflect.Struct {
+		return nil
+	}
+
+	for i := 0; i < v.NumField(); i++ {
+		field := v.Field(i)
+		sfield := v.Type().Field(i)
+
+		if sfield.PkgPath != "" {
+			// blank PkgPath means the field is exported; skip if not exported
+			continue
+		}
+
+		if strings.HasPrefix(sfield.Name, "XXX_") {
+			continue
+		}
+
+		// Oneof field is an interface implemented by wrapper structs containing the actual oneof
+		// field, i.e. an interface containing &T{real_value}.
+		if sfield.Tag.Get("protobuf_oneof") != "" {
+			if field.Kind() != reflect.Interface {
+				continue
+			}
+			v := field.Elem()
+			if v.Kind() != reflect.Ptr || v.IsNil() {
+				continue
+			}
+			v = v.Elem()
+			if v.Kind() != reflect.Struct || v.NumField() < 1 {
+				continue
+			}
+			field = v.Field(0)
+			sfield = v.Type().Field(0)
+		}
+
+		protoTag := sfield.Tag.Get("protobuf")
+		if protoTag == "" {
+			continue
+		}
+		var prop proto.Properties
+		prop.Init(sfield.Type, sfield.Name, protoTag, &sfield)
+
+		switch field.Kind() {
+		case reflect.Map:
+			if field.IsNil() {
+				continue
+			}
+			// Check each map value.
+			keys := field.MapKeys()
+			for _, k := range keys {
+				v := field.MapIndex(k)
+				if err := checkRequiredFieldsInValue(v); err != nil {
+					return err
+				}
+			}
+		case reflect.Slice:
+			// Handle non-repeated type, e.g. bytes.
+			if !prop.Repeated {
+				if prop.Required && field.IsNil() {
+					return fmt.Errorf("required field %q is not set", prop.Name)
+				}
+				continue
+			}
+
+			// Handle repeated type.
+			if field.IsNil() {
+				continue
+			}
+			// Check each slice item.
+			for i := 0; i < field.Len(); i++ {
+				v := field.Index(i)
+				if err := checkRequiredFieldsInValue(v); err != nil {
+					return err
+				}
+			}
+		case reflect.Ptr:
+			if field.IsNil() {
+				if prop.Required {
+					return fmt.Errorf("required field %q is not set", prop.Name)
+				}
+				continue
+			}
+			if err := checkRequiredFieldsInValue(field); err != nil {
+				return err
+			}
+		}
+	}
+
+	// Handle proto2 extensions.
+	for _, ext := range proto.RegisteredExtensions(pb) {
+		if !proto.HasExtension(pb, ext) {
+			continue
+		}
+		ep, err := proto.GetExtension(pb, ext)
+		if err != nil {
+			return err
+		}
+		err = checkRequiredFieldsInValue(reflect.ValueOf(ep))
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func checkRequiredFieldsInValue(v reflect.Value) error {
+	if v.Type().Implements(messageType) {
+		return checkRequiredFields(v.Interface().(proto.Message))
+	}
+	return nil
+}
diff --git a/vendor/github.com/golang/protobuf/proto/decode.go b/vendor/github.com/golang/protobuf/proto/decode.go
index d9aa3c42d666e..63b0f08bef2a0 100644
--- a/vendor/github.com/golang/protobuf/proto/decode.go
+++ b/vendor/github.com/golang/protobuf/proto/decode.go
@@ -186,7 +186,6 @@ func (p *Buffer) DecodeVarint() (x uint64, err error) {
 	if b&0x80 == 0 {
 		goto done
 	}
-	// x -= 0x80 << 63 // Always zero.
 
 	return 0, errOverflow
 
diff --git a/vendor/github.com/golang/protobuf/proto/deprecated.go b/vendor/github.com/golang/protobuf/proto/deprecated.go
new file mode 100644
index 0000000000000..35b882c09aaf9
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/deprecated.go
@@ -0,0 +1,63 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2018 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package proto
+
+import "errors"
+
+// Deprecated: do not use.
+type Stats struct{ Emalloc, Dmalloc, Encode, Decode, Chit, Cmiss, Size uint64 }
+
+// Deprecated: do not use.
+func GetStats() Stats { return Stats{} }
+
+// Deprecated: do not use.
+func MarshalMessageSet(interface{}) ([]byte, error) {
+	return nil, errors.New("proto: not implemented")
+}
+
+// Deprecated: do not use.
+func UnmarshalMessageSet([]byte, interface{}) error {
+	return errors.New("proto: not implemented")
+}
+
+// Deprecated: do not use.
+func MarshalMessageSetJSON(interface{}) ([]byte, error) {
+	return nil, errors.New("proto: not implemented")
+}
+
+// Deprecated: do not use.
+func UnmarshalMessageSetJSON([]byte, interface{}) error {
+	return errors.New("proto: not implemented")
+}
+
+// Deprecated: do not use.
+func RegisterMessageSetType(Message, int32, string) {}
diff --git a/vendor/github.com/golang/protobuf/proto/encode.go b/vendor/github.com/golang/protobuf/proto/encode.go
index c27d35f866bb0..3abfed2cff04b 100644
--- a/vendor/github.com/golang/protobuf/proto/encode.go
+++ b/vendor/github.com/golang/protobuf/proto/encode.go
@@ -37,27 +37,9 @@ package proto
 
 import (
 	"errors"
-	"fmt"
 	"reflect"
 )
 
-// RequiredNotSetError is the error returned if Marshal is called with
-// a protocol buffer struct whose required fields have not
-// all been initialized. It is also the error returned if Unmarshal is
-// called with an encoded protocol buffer that does not include all the
-// required fields.
-//
-// When printed, RequiredNotSetError reports the first unset required field in a
-// message. If the field cannot be precisely determined, it is reported as
-// "{Unknown}".
-type RequiredNotSetError struct {
-	field string
-}
-
-func (e *RequiredNotSetError) Error() string {
-	return fmt.Sprintf("proto: required field %q not set", e.field)
-}
-
 var (
 	// errRepeatedHasNil is the error returned if Marshal is called with
 	// a struct with a repeated field containing a nil element.
diff --git a/vendor/github.com/golang/protobuf/proto/equal.go b/vendor/github.com/golang/protobuf/proto/equal.go
index d4db5a1c14577..f9b6e41b3c108 100644
--- a/vendor/github.com/golang/protobuf/proto/equal.go
+++ b/vendor/github.com/golang/protobuf/proto/equal.go
@@ -246,7 +246,8 @@ func equalExtMap(base reflect.Type, em1, em2 map[int32]Extension) bool {
 			return false
 		}
 
-		m1, m2 := e1.value, e2.value
+		m1 := extensionAsLegacyType(e1.value)
+		m2 := extensionAsLegacyType(e2.value)
 
 		if m1 == nil && m2 == nil {
 			// Both have only encoded form.
diff --git a/vendor/github.com/golang/protobuf/proto/extensions.go b/vendor/github.com/golang/protobuf/proto/extensions.go
index 816a3b9d6c09f..fa88add30a41f 100644
--- a/vendor/github.com/golang/protobuf/proto/extensions.go
+++ b/vendor/github.com/golang/protobuf/proto/extensions.go
@@ -185,9 +185,25 @@ type Extension struct {
 	// extension will have only enc set. When such an extension is
 	// accessed using GetExtension (or GetExtensions) desc and value
 	// will be set.
-	desc  *ExtensionDesc
+	desc *ExtensionDesc
+
+	// value is a concrete value for the extension field. Let the type of
+	// desc.ExtensionType be the "API type" and the type of Extension.value
+	// be the "storage type". The API type and storage type are the same except:
+	//	* For scalars (except []byte), the API type uses *T,
+	//	while the storage type uses T.
+	//	* For repeated fields, the API type uses []T, while the storage type
+	//	uses *[]T.
+	//
+	// The reason for the divergence is so that the storage type more naturally
+	// matches what is expected of when retrieving the values through the
+	// protobuf reflection APIs.
+	//
+	// The value may only be populated if desc is also populated.
 	value interface{}
-	enc   []byte
+
+	// enc is the raw bytes for the extension field.
+	enc []byte
 }
 
 // SetRawExtension is for testing only.
@@ -334,7 +350,7 @@ func GetExtension(pb Message, extension *ExtensionDesc) (interface{}, error) {
 			// descriptors with the same field number.
 			return nil, errors.New("proto: descriptor conflict")
 		}
-		return e.value, nil
+		return extensionAsLegacyType(e.value), nil
 	}
 
 	if extension.ExtensionType == nil {
@@ -349,11 +365,11 @@ func GetExtension(pb Message, extension *ExtensionDesc) (interface{}, error) {
 
 	// Remember the decoded version and drop the encoded version.
 	// That way it is safe to mutate what we return.
-	e.value = v
+	e.value = extensionAsStorageType(v)
 	e.desc = extension
 	e.enc = nil
 	emap[extension.Field] = e
-	return e.value, nil
+	return extensionAsLegacyType(e.value), nil
 }
 
 // defaultExtensionValue returns the default value for extension.
@@ -488,7 +504,7 @@ func SetExtension(pb Message, extension *ExtensionDesc, value interface{}) error
 	}
 	typ := reflect.TypeOf(extension.ExtensionType)
 	if typ != reflect.TypeOf(value) {
-		return errors.New("proto: bad extension value type")
+		return fmt.Errorf("proto: bad extension value type. got: %T, want: %T", value, extension.ExtensionType)
 	}
 	// nil extension values need to be caught early, because the
 	// encoder can't distinguish an ErrNil due to a nil extension
@@ -500,7 +516,7 @@ func SetExtension(pb Message, extension *ExtensionDesc, value interface{}) error
 	}
 
 	extmap := epb.extensionsWrite()
-	extmap[extension.Field] = Extension{desc: extension, value: value}
+	extmap[extension.Field] = Extension{desc: extension, value: extensionAsStorageType(value)}
 	return nil
 }
 
@@ -541,3 +557,51 @@ func RegisterExtension(desc *ExtensionDesc) {
 func RegisteredExtensions(pb Message) map[int32]*ExtensionDesc {
 	return extensionMaps[reflect.TypeOf(pb).Elem()]
 }
+
+// extensionAsLegacyType converts an value in the storage type as the API type.
+// See Extension.value.
+func extensionAsLegacyType(v interface{}) interface{} {
+	switch rv := reflect.ValueOf(v); rv.Kind() {
+	case reflect.Bool, reflect.Int32, reflect.Int64, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64, reflect.String:
+		// Represent primitive types as a pointer to the value.
+		rv2 := reflect.New(rv.Type())
+		rv2.Elem().Set(rv)
+		v = rv2.Interface()
+	case reflect.Ptr:
+		// Represent slice types as the value itself.
+		switch rv.Type().Elem().Kind() {
+		case reflect.Slice:
+			if rv.IsNil() {
+				v = reflect.Zero(rv.Type().Elem()).Interface()
+			} else {
+				v = rv.Elem().Interface()
+			}
+		}
+	}
+	return v
+}
+
+// extensionAsStorageType converts an value in the API type as the storage type.
+// See Extension.value.
+func extensionAsStorageType(v interface{}) interface{} {
+	switch rv := reflect.ValueOf(v); rv.Kind() {
+	case reflect.Ptr:
+		// Represent slice types as the value itself.
+		switch rv.Type().Elem().Kind() {
+		case reflect.Bool, reflect.Int32, reflect.Int64, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64, reflect.String:
+			if rv.IsNil() {
+				v = reflect.Zero(rv.Type().Elem()).Interface()
+			} else {
+				v = rv.Elem().Interface()
+			}
+		}
+	case reflect.Slice:
+		// Represent slice types as a pointer to the value.
+		if rv.Type().Elem().Kind() != reflect.Uint8 {
+			rv2 := reflect.New(rv.Type())
+			rv2.Elem().Set(rv)
+			v = rv2.Interface()
+		}
+	}
+	return v
+}
diff --git a/vendor/github.com/golang/protobuf/proto/lib.go b/vendor/github.com/golang/protobuf/proto/lib.go
index 0e2191b8ada36..70fbda5329cb3 100644
--- a/vendor/github.com/golang/protobuf/proto/lib.go
+++ b/vendor/github.com/golang/protobuf/proto/lib.go
@@ -265,7 +265,6 @@ package proto
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"log"
 	"reflect"
@@ -274,34 +273,73 @@ import (
 	"sync"
 )
 
-var errInvalidUTF8 = errors.New("proto: invalid UTF-8 string")
+// RequiredNotSetError is an error type returned by either Marshal or Unmarshal.
+// Marshal reports this when a required field is not initialized.
+// Unmarshal reports this when a required field is missing from the wire data.
+type RequiredNotSetError struct{ field string }
 
-// Message is implemented by generated protocol buffer messages.
-type Message interface {
-	Reset()
-	String() string
-	ProtoMessage()
+func (e *RequiredNotSetError) Error() string {
+	if e.field == "" {
+		return fmt.Sprintf("proto: required field not set")
+	}
+	return fmt.Sprintf("proto: required field %q not set", e.field)
+}
+func (e *RequiredNotSetError) RequiredNotSet() bool {
+	return true
 }
 
-// Stats records allocation details about the protocol buffer encoders
-// and decoders.  Useful for tuning the library itself.
-type Stats struct {
-	Emalloc uint64 // mallocs in encode
-	Dmalloc uint64 // mallocs in decode
-	Encode  uint64 // number of encodes
-	Decode  uint64 // number of decodes
-	Chit    uint64 // number of cache hits
-	Cmiss   uint64 // number of cache misses
-	Size    uint64 // number of sizes
+type invalidUTF8Error struct{ field string }
+
+func (e *invalidUTF8Error) Error() string {
+	if e.field == "" {
+		return "proto: invalid UTF-8 detected"
+	}
+	return fmt.Sprintf("proto: field %q contains invalid UTF-8", e.field)
+}
+func (e *invalidUTF8Error) InvalidUTF8() bool {
+	return true
+}
+
+// errInvalidUTF8 is a sentinel error to identify fields with invalid UTF-8.
+// This error should not be exposed to the external API as such errors should
+// be recreated with the field information.
+var errInvalidUTF8 = &invalidUTF8Error{}
+
+// isNonFatal reports whether the error is either a RequiredNotSet error
+// or a InvalidUTF8 error.
+func isNonFatal(err error) bool {
+	if re, ok := err.(interface{ RequiredNotSet() bool }); ok && re.RequiredNotSet() {
+		return true
+	}
+	if re, ok := err.(interface{ InvalidUTF8() bool }); ok && re.InvalidUTF8() {
+		return true
+	}
+	return false
 }
 
-// Set to true to enable stats collection.
-const collectStats = false
+type nonFatal struct{ E error }
 
-var stats Stats
+// Merge merges err into nf and reports whether it was successful.
+// Otherwise it returns false for any fatal non-nil errors.
+func (nf *nonFatal) Merge(err error) (ok bool) {
+	if err == nil {
+		return true // not an error
+	}
+	if !isNonFatal(err) {
+		return false // fatal error
+	}
+	if nf.E == nil {
+		nf.E = err // store first instance of non-fatal error
+	}
+	return true
+}
 
-// GetStats returns a copy of the global Stats structure.
-func GetStats() Stats { return stats }
+// Message is implemented by generated protocol buffer messages.
+type Message interface {
+	Reset()
+	String() string
+	ProtoMessage()
+}
 
 // A Buffer is a buffer manager for marshaling and unmarshaling
 // protocol buffers.  It may be reused between invocations to
@@ -355,7 +393,7 @@ func (p *Buffer) Bytes() []byte { return p.buf }
 // than relying on this API.
 //
 // If deterministic serialization is requested, map entries will be sorted
-// by keys in lexographical order. This is an implementation detail and
+// by keys in lexicographical order. This is an implementation detail and
 // subject to change.
 func (p *Buffer) SetDeterministic(deterministic bool) {
 	p.deterministic = deterministic
@@ -902,13 +940,19 @@ func isProto3Zero(v reflect.Value) bool {
 	return false
 }
 
-// ProtoPackageIsVersion2 is referenced from generated protocol buffer files
-// to assert that that code is compatible with this version of the proto package.
-const ProtoPackageIsVersion2 = true
+const (
+	// ProtoPackageIsVersion3 is referenced from generated protocol buffer files
+	// to assert that that code is compatible with this version of the proto package.
+	ProtoPackageIsVersion3 = true
+
+	// ProtoPackageIsVersion2 is referenced from generated protocol buffer files
+	// to assert that that code is compatible with this version of the proto package.
+	ProtoPackageIsVersion2 = true
 
-// ProtoPackageIsVersion1 is referenced from generated protocol buffer files
-// to assert that that code is compatible with this version of the proto package.
-const ProtoPackageIsVersion1 = true
+	// ProtoPackageIsVersion1 is referenced from generated protocol buffer files
+	// to assert that that code is compatible with this version of the proto package.
+	ProtoPackageIsVersion1 = true
+)
 
 // InternalMessageInfo is a type used internally by generated .pb.go files.
 // This type is not intended to be used by non-generated code.
diff --git a/vendor/github.com/golang/protobuf/proto/message_set.go b/vendor/github.com/golang/protobuf/proto/message_set.go
index 3b6ca41d5e554..f48a756761ead 100644
--- a/vendor/github.com/golang/protobuf/proto/message_set.go
+++ b/vendor/github.com/golang/protobuf/proto/message_set.go
@@ -36,13 +36,7 @@ package proto
  */
 
 import (
-	"bytes"
-	"encoding/json"
 	"errors"
-	"fmt"
-	"reflect"
-	"sort"
-	"sync"
 )
 
 // errNoMessageTypeID occurs when a protocol buffer does not have a message type ID.
@@ -145,46 +139,9 @@ func skipVarint(buf []byte) []byte {
 	return buf[i+1:]
 }
 
-// MarshalMessageSet encodes the extension map represented by m in the message set wire format.
-// It is called by generated Marshal methods on protocol buffer messages with the message_set_wire_format option.
-func MarshalMessageSet(exts interface{}) ([]byte, error) {
-	return marshalMessageSet(exts, false)
-}
-
-// marshaMessageSet implements above function, with the opt to turn on / off deterministic during Marshal.
-func marshalMessageSet(exts interface{}, deterministic bool) ([]byte, error) {
-	switch exts := exts.(type) {
-	case *XXX_InternalExtensions:
-		var u marshalInfo
-		siz := u.sizeMessageSet(exts)
-		b := make([]byte, 0, siz)
-		return u.appendMessageSet(b, exts, deterministic)
-
-	case map[int32]Extension:
-		// This is an old-style extension map.
-		// Wrap it in a new-style XXX_InternalExtensions.
-		ie := XXX_InternalExtensions{
-			p: &struct {
-				mu           sync.Mutex
-				extensionMap map[int32]Extension
-			}{
-				extensionMap: exts,
-			},
-		}
-
-		var u marshalInfo
-		siz := u.sizeMessageSet(&ie)
-		b := make([]byte, 0, siz)
-		return u.appendMessageSet(b, &ie, deterministic)
-
-	default:
-		return nil, errors.New("proto: not an extension map")
-	}
-}
-
-// UnmarshalMessageSet decodes the extension map encoded in buf in the message set wire format.
+// unmarshalMessageSet decodes the extension map encoded in buf in the message set wire format.
 // It is called by Unmarshal methods on protocol buffer messages with the message_set_wire_format option.
-func UnmarshalMessageSet(buf []byte, exts interface{}) error {
+func unmarshalMessageSet(buf []byte, exts interface{}) error {
 	var m map[int32]Extension
 	switch exts := exts.(type) {
 	case *XXX_InternalExtensions:
@@ -222,93 +179,3 @@ func UnmarshalMessageSet(buf []byte, exts interface{}) error {
 	}
 	return nil
 }
-
-// MarshalMessageSetJSON encodes the extension map represented by m in JSON format.
-// It is called by generated MarshalJSON methods on protocol buffer messages with the message_set_wire_format option.
-func MarshalMessageSetJSON(exts interface{}) ([]byte, error) {
-	var m map[int32]Extension
-	switch exts := exts.(type) {
-	case *XXX_InternalExtensions:
-		var mu sync.Locker
-		m, mu = exts.extensionsRead()
-		if m != nil {
-			// Keep the extensions map locked until we're done marshaling to prevent
-			// races between marshaling and unmarshaling the lazily-{en,de}coded
-			// values.
-			mu.Lock()
-			defer mu.Unlock()
-		}
-	case map[int32]Extension:
-		m = exts
-	default:
-		return nil, errors.New("proto: not an extension map")
-	}
-	var b bytes.Buffer
-	b.WriteByte('{')
-
-	// Process the map in key order for deterministic output.
-	ids := make([]int32, 0, len(m))
-	for id := range m {
-		ids = append(ids, id)
-	}
-	sort.Sort(int32Slice(ids)) // int32Slice defined in text.go
-
-	for i, id := range ids {
-		ext := m[id]
-		msd, ok := messageSetMap[id]
-		if !ok {
-			// Unknown type; we can't render it, so skip it.
-			continue
-		}
-
-		if i > 0 && b.Len() > 1 {
-			b.WriteByte(',')
-		}
-
-		fmt.Fprintf(&b, `"[%s]":`, msd.name)
-
-		x := ext.value
-		if x == nil {
-			x = reflect.New(msd.t.Elem()).Interface()
-			if err := Unmarshal(ext.enc, x.(Message)); err != nil {
-				return nil, err
-			}
-		}
-		d, err := json.Marshal(x)
-		if err != nil {
-			return nil, err
-		}
-		b.Write(d)
-	}
-	b.WriteByte('}')
-	return b.Bytes(), nil
-}
-
-// UnmarshalMessageSetJSON decodes the extension map encoded in buf in JSON format.
-// It is called by generated UnmarshalJSON methods on protocol buffer messages with the message_set_wire_format option.
-func UnmarshalMessageSetJSON(buf []byte, exts interface{}) error {
-	// Common-case fast path.
-	if len(buf) == 0 || bytes.Equal(buf, []byte("{}")) {
-		return nil
-	}
-
-	// This is fairly tricky, and it's not clear that it is needed.
-	return errors.New("TODO: UnmarshalMessageSetJSON not yet implemented")
-}
-
-// A global registry of types that can be used in a MessageSet.
-
-var messageSetMap = make(map[int32]messageSetDesc)
-
-type messageSetDesc struct {
-	t    reflect.Type // pointer to struct
-	name string
-}
-
-// RegisterMessageSetType is called from the generated code.
-func RegisterMessageSetType(m Message, fieldNum int32, name string) {
-	messageSetMap[fieldNum] = messageSetDesc{
-		t:    reflect.TypeOf(m),
-		name: name,
-	}
-}
diff --git a/vendor/github.com/golang/protobuf/proto/pointer_reflect.go b/vendor/github.com/golang/protobuf/proto/pointer_reflect.go
index b6cad90834b31..94fa9194a8823 100644
--- a/vendor/github.com/golang/protobuf/proto/pointer_reflect.go
+++ b/vendor/github.com/golang/protobuf/proto/pointer_reflect.go
@@ -79,10 +79,13 @@ func toPointer(i *Message) pointer {
 
 // toAddrPointer converts an interface to a pointer that points to
 // the interface data.
-func toAddrPointer(i *interface{}, isptr bool) pointer {
+func toAddrPointer(i *interface{}, isptr, deref bool) pointer {
 	v := reflect.ValueOf(*i)
 	u := reflect.New(v.Type())
 	u.Elem().Set(v)
+	if deref {
+		u = u.Elem()
+	}
 	return pointer{v: u}
 }
 
diff --git a/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go b/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go
index d55a335d94532..dbfffe071b82a 100644
--- a/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go
+++ b/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go
@@ -85,16 +85,21 @@ func toPointer(i *Message) pointer {
 
 // toAddrPointer converts an interface to a pointer that points to
 // the interface data.
-func toAddrPointer(i *interface{}, isptr bool) pointer {
+func toAddrPointer(i *interface{}, isptr, deref bool) (p pointer) {
 	// Super-tricky - read or get the address of data word of interface value.
 	if isptr {
 		// The interface is of pointer type, thus it is a direct interface.
 		// The data word is the pointer data itself. We take its address.
-		return pointer{p: unsafe.Pointer(uintptr(unsafe.Pointer(i)) + ptrSize)}
+		p = pointer{p: unsafe.Pointer(uintptr(unsafe.Pointer(i)) + ptrSize)}
+	} else {
+		// The interface is not of pointer type. The data word is the pointer
+		// to the data.
+		p = pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
 	}
-	// The interface is not of pointer type. The data word is the pointer
-	// to the data.
-	return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
+	if deref {
+		p.p = *(*unsafe.Pointer)(p.p)
+	}
+	return p
 }
 
 // valToPointer converts v to a pointer. v must be of pointer type.
diff --git a/vendor/github.com/golang/protobuf/proto/properties.go b/vendor/github.com/golang/protobuf/proto/properties.go
index f710adab09246..a4b8c0cd3a861 100644
--- a/vendor/github.com/golang/protobuf/proto/properties.go
+++ b/vendor/github.com/golang/protobuf/proto/properties.go
@@ -38,7 +38,6 @@ package proto
 import (
 	"fmt"
 	"log"
-	"os"
 	"reflect"
 	"sort"
 	"strconv"
@@ -139,7 +138,7 @@ type Properties struct {
 	Repeated bool
 	Packed   bool   // relevant for repeated primitives only
 	Enum     string // set for enum types only
-	proto3   bool   // whether this is known to be a proto3 field; set for []byte only
+	proto3   bool   // whether this is known to be a proto3 field
 	oneof    bool   // whether this is a oneof field
 
 	Default    string // default value
@@ -148,9 +147,9 @@ type Properties struct {
 	stype reflect.Type      // set for struct types only
 	sprop *StructProperties // set for struct types only
 
-	mtype    reflect.Type // set for map types only
-	mkeyprop *Properties  // set for map types only
-	mvalprop *Properties  // set for map types only
+	mtype      reflect.Type // set for map types only
+	MapKeyProp *Properties  // set for map types only
+	MapValProp *Properties  // set for map types only
 }
 
 // String formats the properties in the protobuf struct field tag style.
@@ -194,7 +193,7 @@ func (p *Properties) Parse(s string) {
 	// "bytes,49,opt,name=foo,def=hello!"
 	fields := strings.Split(s, ",") // breaks def=, but handled below.
 	if len(fields) < 2 {
-		fmt.Fprintf(os.Stderr, "proto: tag has too few fields: %q\n", s)
+		log.Printf("proto: tag has too few fields: %q", s)
 		return
 	}
 
@@ -214,7 +213,7 @@ func (p *Properties) Parse(s string) {
 		p.WireType = WireBytes
 		// no numeric converter for non-numeric types
 	default:
-		fmt.Fprintf(os.Stderr, "proto: tag has unknown wire type: %q\n", s)
+		log.Printf("proto: tag has unknown wire type: %q", s)
 		return
 	}
 
@@ -275,16 +274,16 @@ func (p *Properties) setFieldProps(typ reflect.Type, f *reflect.StructField, loc
 
 	case reflect.Map:
 		p.mtype = t1
-		p.mkeyprop = &Properties{}
-		p.mkeyprop.init(reflect.PtrTo(p.mtype.Key()), "Key", f.Tag.Get("protobuf_key"), nil, lockGetProp)
-		p.mvalprop = &Properties{}
+		p.MapKeyProp = &Properties{}
+		p.MapKeyProp.init(reflect.PtrTo(p.mtype.Key()), "Key", f.Tag.Get("protobuf_key"), nil, lockGetProp)
+		p.MapValProp = &Properties{}
 		vtype := p.mtype.Elem()
 		if vtype.Kind() != reflect.Ptr && vtype.Kind() != reflect.Slice {
 			// The value type is not a message (*T) or bytes ([]byte),
 			// so we need encoders for the pointer to this type.
 			vtype = reflect.PtrTo(vtype)
 		}
-		p.mvalprop.init(vtype, "Value", f.Tag.Get("protobuf_val"), nil, lockGetProp)
+		p.MapValProp.init(vtype, "Value", f.Tag.Get("protobuf_val"), nil, lockGetProp)
 	}
 
 	if p.stype != nil {
@@ -334,9 +333,6 @@ func GetProperties(t reflect.Type) *StructProperties {
 	sprop, ok := propertiesMap[t]
 	propertiesMu.RUnlock()
 	if ok {
-		if collectStats {
-			stats.Chit++
-		}
 		return sprop
 	}
 
@@ -346,17 +342,20 @@ func GetProperties(t reflect.Type) *StructProperties {
 	return sprop
 }
 
+type (
+	oneofFuncsIface interface {
+		XXX_OneofFuncs() (func(Message, *Buffer) error, func(Message, int, int, *Buffer) (bool, error), func(Message) int, []interface{})
+	}
+	oneofWrappersIface interface {
+		XXX_OneofWrappers() []interface{}
+	}
+)
+
 // getPropertiesLocked requires that propertiesMu is held.
 func getPropertiesLocked(t reflect.Type) *StructProperties {
 	if prop, ok := propertiesMap[t]; ok {
-		if collectStats {
-			stats.Chit++
-		}
 		return prop
 	}
-	if collectStats {
-		stats.Cmiss++
-	}
 
 	prop := new(StructProperties)
 	// in case of recursive protos, fill this in now.
@@ -391,13 +390,14 @@ func getPropertiesLocked(t reflect.Type) *StructProperties {
 	// Re-order prop.order.
 	sort.Sort(prop)
 
-	type oneofMessage interface {
-		XXX_OneofFuncs() (func(Message, *Buffer) error, func(Message, int, int, *Buffer) (bool, error), func(Message) int, []interface{})
+	var oots []interface{}
+	switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
+	case oneofFuncsIface:
+		_, _, _, oots = m.XXX_OneofFuncs()
+	case oneofWrappersIface:
+		oots = m.XXX_OneofWrappers()
 	}
-	if om, ok := reflect.Zero(reflect.PtrTo(t)).Interface().(oneofMessage); ok {
-		var oots []interface{}
-		_, _, _, oots = om.XXX_OneofFuncs()
-
+	if len(oots) > 0 {
 		// Interpret oneof metadata.
 		prop.OneofTypes = make(map[string]*OneofProperties)
 		for _, oot := range oots {
diff --git a/vendor/github.com/golang/protobuf/proto/table_marshal.go b/vendor/github.com/golang/protobuf/proto/table_marshal.go
index 0f212b3029d2d..5cb11fa955e4d 100644
--- a/vendor/github.com/golang/protobuf/proto/table_marshal.go
+++ b/vendor/github.com/golang/protobuf/proto/table_marshal.go
@@ -87,6 +87,7 @@ type marshalElemInfo struct {
 	sizer     sizer
 	marshaler marshaler
 	isptr     bool // elem is pointer typed, thus interface of this type is a direct interface (extension only)
+	deref     bool // dereference the pointer before operating on it; implies isptr
 }
 
 var (
@@ -231,7 +232,7 @@ func (u *marshalInfo) marshal(b []byte, ptr pointer, deterministic bool) ([]byte
 		return b, err
 	}
 
-	var err, errreq error
+	var err, errLater error
 	// The old marshaler encodes extensions at beginning.
 	if u.extensions.IsValid() {
 		e := ptr.offset(u.extensions).toExtensions()
@@ -252,11 +253,13 @@ func (u *marshalInfo) marshal(b []byte, ptr pointer, deterministic bool) ([]byte
 		}
 	}
 	for _, f := range u.fields {
-		if f.required && errreq == nil {
+		if f.required {
 			if ptr.offset(f.field).getPointer().isNil() {
 				// Required field is not set.
 				// We record the error but keep going, to give a complete marshaling.
-				errreq = &RequiredNotSetError{f.name}
+				if errLater == nil {
+					errLater = &RequiredNotSetError{f.name}
+				}
 				continue
 			}
 		}
@@ -269,14 +272,21 @@ func (u *marshalInfo) marshal(b []byte, ptr pointer, deterministic bool) ([]byte
 			if err1, ok := err.(*RequiredNotSetError); ok {
 				// Required field in submessage is not set.
 				// We record the error but keep going, to give a complete marshaling.
-				if errreq == nil {
-					errreq = &RequiredNotSetError{f.name + "." + err1.field}
+				if errLater == nil {
+					errLater = &RequiredNotSetError{f.name + "." + err1.field}
 				}
 				continue
 			}
 			if err == errRepeatedHasNil {
 				err = errors.New("proto: repeated field " + f.name + " has nil element")
 			}
+			if err == errInvalidUTF8 {
+				if errLater == nil {
+					fullName := revProtoTypes[reflect.PtrTo(u.typ)] + "." + f.name
+					errLater = &invalidUTF8Error{fullName}
+				}
+				continue
+			}
 			return b, err
 		}
 	}
@@ -284,7 +294,7 @@ func (u *marshalInfo) marshal(b []byte, ptr pointer, deterministic bool) ([]byte
 		s := *ptr.offset(u.unrecognized).toBytes()
 		b = append(b, s...)
 	}
-	return b, errreq
+	return b, errLater
 }
 
 // computeMarshalInfo initializes the marshal info.
@@ -311,8 +321,11 @@ func (u *marshalInfo) computeMarshalInfo() {
 
 	// get oneof implementers
 	var oneofImplementers []interface{}
-	if m, ok := reflect.Zero(reflect.PtrTo(t)).Interface().(oneofMessage); ok {
+	switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
+	case oneofFuncsIface:
 		_, _, _, oneofImplementers = m.XXX_OneofFuncs()
+	case oneofWrappersIface:
+		oneofImplementers = m.XXX_OneofWrappers()
 	}
 
 	n := t.NumField()
@@ -398,13 +411,22 @@ func (u *marshalInfo) getExtElemInfo(desc *ExtensionDesc) *marshalElemInfo {
 		panic("tag is not an integer")
 	}
 	wt := wiretype(tags[0])
+	if t.Kind() == reflect.Ptr && t.Elem().Kind() != reflect.Struct {
+		t = t.Elem()
+	}
 	sizer, marshaler := typeMarshaler(t, tags, false, false)
+	var deref bool
+	if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 {
+		t = reflect.PtrTo(t)
+		deref = true
+	}
 	e = &marshalElemInfo{
 		wiretag:   uint64(tag)<<3 | wt,
 		tagsize:   SizeVarint(uint64(tag) << 3),
 		sizer:     sizer,
 		marshaler: marshaler,
 		isptr:     t.Kind() == reflect.Ptr,
+		deref:     deref,
 	}
 
 	// update cache
@@ -439,7 +461,7 @@ func (fi *marshalFieldInfo) computeMarshalFieldInfo(f *reflect.StructField) {
 
 func (fi *marshalFieldInfo) computeOneofFieldInfo(f *reflect.StructField, oneofImplementers []interface{}) {
 	fi.field = toField(f)
-	fi.wiretag = 1<<31 - 1 // Use a large tag number, make oneofs sorted at the end. This tag will not appear on the wire.
+	fi.wiretag = math.MaxInt32 // Use a large tag number, make oneofs sorted at the end. This tag will not appear on the wire.
 	fi.isPointer = true
 	fi.sizer, fi.marshaler = makeOneOfMarshaler(fi, f)
 	fi.oneofElems = make(map[reflect.Type]*marshalElemInfo)
@@ -467,10 +489,6 @@ func (fi *marshalFieldInfo) computeOneofFieldInfo(f *reflect.StructField, oneofI
 	}
 }
 
-type oneofMessage interface {
-	XXX_OneofFuncs() (func(Message, *Buffer) error, func(Message, int, int, *Buffer) (bool, error), func(Message) int, []interface{})
-}
-
 // wiretype returns the wire encoding of the type.
 func wiretype(encoding string) uint64 {
 	switch encoding {
@@ -530,6 +548,7 @@ func typeMarshaler(t reflect.Type, tags []string, nozero, oneof bool) (sizer, ma
 
 	packed := false
 	proto3 := false
+	validateUTF8 := true
 	for i := 2; i < len(tags); i++ {
 		if tags[i] == "packed" {
 			packed = true
@@ -538,6 +557,7 @@ func typeMarshaler(t reflect.Type, tags []string, nozero, oneof bool) (sizer, ma
 			proto3 = true
 		}
 	}
+	validateUTF8 = validateUTF8 && proto3
 
 	switch t.Kind() {
 	case reflect.Bool:
@@ -735,6 +755,18 @@ func typeMarshaler(t reflect.Type, tags []string, nozero, oneof bool) (sizer, ma
 		}
 		return sizeFloat64Value, appendFloat64Value
 	case reflect.String:
+		if validateUTF8 {
+			if pointer {
+				return sizeStringPtr, appendUTF8StringPtr
+			}
+			if slice {
+				return sizeStringSlice, appendUTF8StringSlice
+			}
+			if nozero {
+				return sizeStringValueNoZero, appendUTF8StringValueNoZero
+			}
+			return sizeStringValue, appendUTF8StringValue
+		}
 		if pointer {
 			return sizeStringPtr, appendStringPtr
 		}
@@ -1983,52 +2015,105 @@ func appendBoolPackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byt
 	return b, nil
 }
 func appendStringValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toString()
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendStringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	v := *ptr.toString()
+	if v == "" {
+		return b, nil
+	}
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendStringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	p := *ptr.toStringPtr()
+	if p == nil {
+		return b, nil
+	}
+	v := *p
+	b = appendVarint(b, wiretag)
+	b = appendVarint(b, uint64(len(v)))
+	b = append(b, v...)
+	return b, nil
+}
+func appendStringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	s := *ptr.toStringSlice()
+	for _, v := range s {
+		b = appendVarint(b, wiretag)
+		b = appendVarint(b, uint64(len(v)))
+		b = append(b, v...)
+	}
+	return b, nil
+}
+func appendUTF8StringValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	var invalidUTF8 bool
 	v := *ptr.toString()
 	if !utf8.ValidString(v) {
-		return nil, errInvalidUTF8
+		invalidUTF8 = true
 	}
 	b = appendVarint(b, wiretag)
 	b = appendVarint(b, uint64(len(v)))
 	b = append(b, v...)
+	if invalidUTF8 {
+		return b, errInvalidUTF8
+	}
 	return b, nil
 }
-func appendStringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+func appendUTF8StringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	var invalidUTF8 bool
 	v := *ptr.toString()
 	if v == "" {
 		return b, nil
 	}
 	if !utf8.ValidString(v) {
-		return nil, errInvalidUTF8
+		invalidUTF8 = true
 	}
 	b = appendVarint(b, wiretag)
 	b = appendVarint(b, uint64(len(v)))
 	b = append(b, v...)
+	if invalidUTF8 {
+		return b, errInvalidUTF8
+	}
 	return b, nil
 }
-func appendStringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+func appendUTF8StringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	var invalidUTF8 bool
 	p := *ptr.toStringPtr()
 	if p == nil {
 		return b, nil
 	}
 	v := *p
 	if !utf8.ValidString(v) {
-		return nil, errInvalidUTF8
+		invalidUTF8 = true
 	}
 	b = appendVarint(b, wiretag)
 	b = appendVarint(b, uint64(len(v)))
 	b = append(b, v...)
+	if invalidUTF8 {
+		return b, errInvalidUTF8
+	}
 	return b, nil
 }
-func appendStringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+func appendUTF8StringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
+	var invalidUTF8 bool
 	s := *ptr.toStringSlice()
 	for _, v := range s {
 		if !utf8.ValidString(v) {
-			return nil, errInvalidUTF8
+			invalidUTF8 = true
 		}
 		b = appendVarint(b, wiretag)
 		b = appendVarint(b, uint64(len(v)))
 		b = append(b, v...)
 	}
+	if invalidUTF8 {
+		return b, errInvalidUTF8
+	}
 	return b, nil
 }
 func appendBytes(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
@@ -2107,7 +2192,8 @@ func makeGroupSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
 		},
 		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
 			s := ptr.getPointerSlice()
-			var err, errreq error
+			var err error
+			var nerr nonFatal
 			for _, v := range s {
 				if v.isNil() {
 					return b, errRepeatedHasNil
@@ -2115,22 +2201,14 @@ func makeGroupSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
 				b = appendVarint(b, wiretag) // start group
 				b, err = u.marshal(b, v, deterministic)
 				b = appendVarint(b, wiretag+(WireEndGroup-WireStartGroup)) // end group
-				if err != nil {
-					if _, ok := err.(*RequiredNotSetError); ok {
-						// Required field in submessage is not set.
-						// We record the error but keep going, to give a complete marshaling.
-						if errreq == nil {
-							errreq = err
-						}
-						continue
-					}
+				if !nerr.Merge(err) {
 					if err == ErrNil {
 						err = errRepeatedHasNil
 					}
 					return b, err
 				}
 			}
-			return b, errreq
+			return b, nerr.E
 		}
 }
 
@@ -2174,7 +2252,8 @@ func makeMessageSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
 		},
 		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
 			s := ptr.getPointerSlice()
-			var err, errreq error
+			var err error
+			var nerr nonFatal
 			for _, v := range s {
 				if v.isNil() {
 					return b, errRepeatedHasNil
@@ -2184,22 +2263,14 @@ func makeMessageSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
 				b = appendVarint(b, uint64(siz))
 				b, err = u.marshal(b, v, deterministic)
 
-				if err != nil {
-					if _, ok := err.(*RequiredNotSetError); ok {
-						// Required field in submessage is not set.
-						// We record the error but keep going, to give a complete marshaling.
-						if errreq == nil {
-							errreq = err
-						}
-						continue
-					}
+				if !nerr.Merge(err) {
 					if err == ErrNil {
 						err = errRepeatedHasNil
 					}
 					return b, err
 				}
 			}
-			return b, errreq
+			return b, nerr.E
 		}
 }
 
@@ -2223,14 +2294,33 @@ func makeMapMarshaler(f *reflect.StructField) (sizer, marshaler) {
 	// value.
 	// Key cannot be pointer-typed.
 	valIsPtr := valType.Kind() == reflect.Ptr
+
+	// If value is a message with nested maps, calling
+	// valSizer in marshal may be quadratic. We should use
+	// cached version in marshal (but not in size).
+	// If value is not message type, we don't have size cache,
+	// but it cannot be nested either. Just use valSizer.
+	valCachedSizer := valSizer
+	if valIsPtr && valType.Elem().Kind() == reflect.Struct {
+		u := getMarshalInfo(valType.Elem())
+		valCachedSizer = func(ptr pointer, tagsize int) int {
+			// Same as message sizer, but use cache.
+			p := ptr.getPointer()
+			if p.isNil() {
+				return 0
+			}
+			siz := u.cachedsize(p)
+			return siz + SizeVarint(uint64(siz)) + tagsize
+		}
+	}
 	return func(ptr pointer, tagsize int) int {
 			m := ptr.asPointerTo(t).Elem() // the map
 			n := 0
 			for _, k := range m.MapKeys() {
 				ki := k.Interface()
 				vi := m.MapIndex(k).Interface()
-				kaddr := toAddrPointer(&ki, false)             // pointer to key
-				vaddr := toAddrPointer(&vi, valIsPtr)          // pointer to value
+				kaddr := toAddrPointer(&ki, false, false)      // pointer to key
+				vaddr := toAddrPointer(&vi, valIsPtr, false)   // pointer to value
 				siz := keySizer(kaddr, 1) + valSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1)
 				n += siz + SizeVarint(uint64(siz)) + tagsize
 			}
@@ -2243,24 +2333,26 @@ func makeMapMarshaler(f *reflect.StructField) (sizer, marshaler) {
 			if len(keys) > 1 && deterministic {
 				sort.Sort(mapKeys(keys))
 			}
+
+			var nerr nonFatal
 			for _, k := range keys {
 				ki := k.Interface()
 				vi := m.MapIndex(k).Interface()
-				kaddr := toAddrPointer(&ki, false)    // pointer to key
-				vaddr := toAddrPointer(&vi, valIsPtr) // pointer to value
+				kaddr := toAddrPointer(&ki, false, false)    // pointer to key
+				vaddr := toAddrPointer(&vi, valIsPtr, false) // pointer to value
 				b = appendVarint(b, tag)
-				siz := keySizer(kaddr, 1) + valSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1)
+				siz := keySizer(kaddr, 1) + valCachedSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1)
 				b = appendVarint(b, uint64(siz))
 				b, err = keyMarshaler(b, kaddr, keyWireTag, deterministic)
-				if err != nil {
+				if !nerr.Merge(err) {
 					return b, err
 				}
 				b, err = valMarshaler(b, vaddr, valWireTag, deterministic)
-				if err != nil && err != ErrNil { // allow nil value in map
+				if err != ErrNil && !nerr.Merge(err) { // allow nil value in map
 					return b, err
 				}
 			}
-			return b, nil
+			return b, nerr.E
 		}
 }
 
@@ -2316,7 +2408,7 @@ func (u *marshalInfo) sizeExtensions(ext *XXX_InternalExtensions) int {
 		// the last time this function was called.
 		ei := u.getExtElemInfo(e.desc)
 		v := e.value
-		p := toAddrPointer(&v, ei.isptr)
+		p := toAddrPointer(&v, ei.isptr, ei.deref)
 		n += ei.sizer(p, ei.tagsize)
 	}
 	mu.Unlock()
@@ -2333,6 +2425,7 @@ func (u *marshalInfo) appendExtensions(b []byte, ext *XXX_InternalExtensions, de
 	defer mu.Unlock()
 
 	var err error
+	var nerr nonFatal
 
 	// Fast-path for common cases: zero or one extensions.
 	// Don't bother sorting the keys.
@@ -2350,13 +2443,13 @@ func (u *marshalInfo) appendExtensions(b []byte, ext *XXX_InternalExtensions, de
 
 			ei := u.getExtElemInfo(e.desc)
 			v := e.value
-			p := toAddrPointer(&v, ei.isptr)
+			p := toAddrPointer(&v, ei.isptr, ei.deref)
 			b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
-			if err != nil {
+			if !nerr.Merge(err) {
 				return b, err
 			}
 		}
-		return b, nil
+		return b, nerr.E
 	}
 
 	// Sort the keys to provide a deterministic encoding.
@@ -2381,13 +2474,13 @@ func (u *marshalInfo) appendExtensions(b []byte, ext *XXX_InternalExtensions, de
 
 		ei := u.getExtElemInfo(e.desc)
 		v := e.value
-		p := toAddrPointer(&v, ei.isptr)
+		p := toAddrPointer(&v, ei.isptr, ei.deref)
 		b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
-		if err != nil {
+		if !nerr.Merge(err) {
 			return b, err
 		}
 	}
-	return b, nil
+	return b, nerr.E
 }
 
 // message set format is:
@@ -2426,7 +2519,7 @@ func (u *marshalInfo) sizeMessageSet(ext *XXX_InternalExtensions) int {
 
 		ei := u.getExtElemInfo(e.desc)
 		v := e.value
-		p := toAddrPointer(&v, ei.isptr)
+		p := toAddrPointer(&v, ei.isptr, ei.deref)
 		n += ei.sizer(p, 1) // message, tag = 3 (size=1)
 	}
 	mu.Unlock()
@@ -2444,6 +2537,7 @@ func (u *marshalInfo) appendMessageSet(b []byte, ext *XXX_InternalExtensions, de
 	defer mu.Unlock()
 
 	var err error
+	var nerr nonFatal
 
 	// Fast-path for common cases: zero or one extensions.
 	// Don't bother sorting the keys.
@@ -2468,14 +2562,14 @@ func (u *marshalInfo) appendMessageSet(b []byte, ext *XXX_InternalExtensions, de
 
 			ei := u.getExtElemInfo(e.desc)
 			v := e.value
-			p := toAddrPointer(&v, ei.isptr)
+			p := toAddrPointer(&v, ei.isptr, ei.deref)
 			b, err = ei.marshaler(b, p, 3<<3|WireBytes, deterministic)
-			if err != nil {
+			if !nerr.Merge(err) {
 				return b, err
 			}
 			b = append(b, 1<<3|WireEndGroup)
 		}
-		return b, nil
+		return b, nerr.E
 	}
 
 	// Sort the keys to provide a deterministic encoding.
@@ -2506,14 +2600,14 @@ func (u *marshalInfo) appendMessageSet(b []byte, ext *XXX_InternalExtensions, de
 
 		ei := u.getExtElemInfo(e.desc)
 		v := e.value
-		p := toAddrPointer(&v, ei.isptr)
+		p := toAddrPointer(&v, ei.isptr, ei.deref)
 		b, err = ei.marshaler(b, p, 3<<3|WireBytes, deterministic)
 		b = append(b, 1<<3|WireEndGroup)
-		if err != nil {
+		if !nerr.Merge(err) {
 			return b, err
 		}
 	}
-	return b, nil
+	return b, nerr.E
 }
 
 // sizeV1Extensions computes the size of encoded data for a V1-API extension field.
@@ -2536,7 +2630,7 @@ func (u *marshalInfo) sizeV1Extensions(m map[int32]Extension) int {
 
 		ei := u.getExtElemInfo(e.desc)
 		v := e.value
-		p := toAddrPointer(&v, ei.isptr)
+		p := toAddrPointer(&v, ei.isptr, ei.deref)
 		n += ei.sizer(p, ei.tagsize)
 	}
 	return n
@@ -2556,6 +2650,7 @@ func (u *marshalInfo) appendV1Extensions(b []byte, m map[int32]Extension, determ
 	sort.Ints(keys)
 
 	var err error
+	var nerr nonFatal
 	for _, k := range keys {
 		e := m[int32(k)]
 		if e.value == nil || e.desc == nil {
@@ -2570,13 +2665,13 @@ func (u *marshalInfo) appendV1Extensions(b []byte, m map[int32]Extension, determ
 
 		ei := u.getExtElemInfo(e.desc)
 		v := e.value
-		p := toAddrPointer(&v, ei.isptr)
+		p := toAddrPointer(&v, ei.isptr, ei.deref)
 		b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
-		if err != nil {
+		if !nerr.Merge(err) {
 			return b, err
 		}
 	}
-	return b, nil
+	return b, nerr.E
 }
 
 // newMarshaler is the interface representing objects that can marshal themselves.
diff --git a/vendor/github.com/golang/protobuf/proto/table_unmarshal.go b/vendor/github.com/golang/protobuf/proto/table_unmarshal.go
index 55f0340a3fde2..acee2fc529640 100644
--- a/vendor/github.com/golang/protobuf/proto/table_unmarshal.go
+++ b/vendor/github.com/golang/protobuf/proto/table_unmarshal.go
@@ -97,6 +97,8 @@ type unmarshalFieldInfo struct {
 
 	// if a required field, contains a single set bit at this field's index in the required field list.
 	reqMask uint64
+
+	name string // name of the field, for error reporting
 }
 
 var (
@@ -134,10 +136,10 @@ func (u *unmarshalInfo) unmarshal(m pointer, b []byte) error {
 		u.computeUnmarshalInfo()
 	}
 	if u.isMessageSet {
-		return UnmarshalMessageSet(b, m.offset(u.extensions).toExtensions())
+		return unmarshalMessageSet(b, m.offset(u.extensions).toExtensions())
 	}
-	var reqMask uint64            // bitmask of required fields we've seen.
-	var rnse *RequiredNotSetError // an instance of a RequiredNotSetError returned by a submessage.
+	var reqMask uint64 // bitmask of required fields we've seen.
+	var errLater error
 	for len(b) > 0 {
 		// Read tag and wire type.
 		// Special case 1 and 2 byte varints.
@@ -176,11 +178,20 @@ func (u *unmarshalInfo) unmarshal(m pointer, b []byte) error {
 			if r, ok := err.(*RequiredNotSetError); ok {
 				// Remember this error, but keep parsing. We need to produce
 				// a full parse even if a required field is missing.
-				rnse = r
+				if errLater == nil {
+					errLater = r
+				}
 				reqMask |= f.reqMask
 				continue
 			}
 			if err != errInternalBadWireType {
+				if err == errInvalidUTF8 {
+					if errLater == nil {
+						fullName := revProtoTypes[reflect.PtrTo(u.typ)] + "." + f.name
+						errLater = &invalidUTF8Error{fullName}
+					}
+					continue
+				}
 				return err
 			}
 			// Fragments with bad wire type are treated as unknown fields.
@@ -239,20 +250,16 @@ func (u *unmarshalInfo) unmarshal(m pointer, b []byte) error {
 			emap[int32(tag)] = e
 		}
 	}
-	if rnse != nil {
-		// A required field of a submessage/group is missing. Return that error.
-		return rnse
-	}
-	if reqMask != u.reqMask {
+	if reqMask != u.reqMask && errLater == nil {
 		// A required field of this message is missing.
 		for _, n := range u.reqFields {
 			if reqMask&1 == 0 {
-				return &RequiredNotSetError{n}
+				errLater = &RequiredNotSetError{n}
 			}
 			reqMask >>= 1
 		}
 	}
-	return nil
+	return errLater
 }
 
 // computeUnmarshalInfo fills in u with information for use
@@ -351,43 +358,52 @@ func (u *unmarshalInfo) computeUnmarshalInfo() {
 		}
 
 		// Store the info in the correct slot in the message.
-		u.setTag(tag, toField(&f), unmarshal, reqMask)
+		u.setTag(tag, toField(&f), unmarshal, reqMask, name)
 	}
 
 	// Find any types associated with oneof fields.
-	// TODO: XXX_OneofFuncs returns more info than we need.  Get rid of some of it?
-	fn := reflect.Zero(reflect.PtrTo(t)).MethodByName("XXX_OneofFuncs")
-	if fn.IsValid() {
-		res := fn.Call(nil)[3] // last return value from XXX_OneofFuncs: []interface{}
-		for i := res.Len() - 1; i >= 0; i-- {
-			v := res.Index(i)                             // interface{}
-			tptr := reflect.ValueOf(v.Interface()).Type() // *Msg_X
-			typ := tptr.Elem()                            // Msg_X
-
-			f := typ.Field(0) // oneof implementers have one field
-			baseUnmarshal := fieldUnmarshaler(&f)
-			tagstr := strings.Split(f.Tag.Get("protobuf"), ",")[1]
-			tag, err := strconv.Atoi(tagstr)
-			if err != nil {
-				panic("protobuf tag field not an integer: " + tagstr)
-			}
-
-			// Find the oneof field that this struct implements.
-			// Might take O(n^2) to process all of the oneofs, but who cares.
-			for _, of := range oneofFields {
-				if tptr.Implements(of.ityp) {
-					// We have found the corresponding interface for this struct.
-					// That lets us know where this struct should be stored
-					// when we encounter it during unmarshaling.
-					unmarshal := makeUnmarshalOneof(typ, of.ityp, baseUnmarshal)
-					u.setTag(tag, of.field, unmarshal, 0)
-				}
+	var oneofImplementers []interface{}
+	switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
+	case oneofFuncsIface:
+		_, _, _, oneofImplementers = m.XXX_OneofFuncs()
+	case oneofWrappersIface:
+		oneofImplementers = m.XXX_OneofWrappers()
+	}
+	for _, v := range oneofImplementers {
+		tptr := reflect.TypeOf(v) // *Msg_X
+		typ := tptr.Elem()        // Msg_X
+
+		f := typ.Field(0) // oneof implementers have one field
+		baseUnmarshal := fieldUnmarshaler(&f)
+		tags := strings.Split(f.Tag.Get("protobuf"), ",")
+		fieldNum, err := strconv.Atoi(tags[1])
+		if err != nil {
+			panic("protobuf tag field not an integer: " + tags[1])
+		}
+		var name string
+		for _, tag := range tags {
+			if strings.HasPrefix(tag, "name=") {
+				name = strings.TrimPrefix(tag, "name=")
+				break
 			}
 		}
+
+		// Find the oneof field that this struct implements.
+		// Might take O(n^2) to process all of the oneofs, but who cares.
+		for _, of := range oneofFields {
+			if tptr.Implements(of.ityp) {
+				// We have found the corresponding interface for this struct.
+				// That lets us know where this struct should be stored
+				// when we encounter it during unmarshaling.
+				unmarshal := makeUnmarshalOneof(typ, of.ityp, baseUnmarshal)
+				u.setTag(fieldNum, of.field, unmarshal, 0, name)
+			}
+		}
+
 	}
 
 	// Get extension ranges, if any.
-	fn = reflect.Zero(reflect.PtrTo(t)).MethodByName("ExtensionRangeArray")
+	fn := reflect.Zero(reflect.PtrTo(t)).MethodByName("ExtensionRangeArray")
 	if fn.IsValid() {
 		if !u.extensions.IsValid() && !u.oldExtensions.IsValid() {
 			panic("a message with extensions, but no extensions field in " + t.Name())
@@ -401,7 +417,7 @@ func (u *unmarshalInfo) computeUnmarshalInfo() {
 	// [0 0] is [tag=0/wiretype=varint varint-encoded-0].
 	u.setTag(0, zeroField, func(b []byte, f pointer, w int) ([]byte, error) {
 		return nil, fmt.Errorf("proto: %s: illegal tag 0 (wire type %d)", t, w)
-	}, 0)
+	}, 0, "")
 
 	// Set mask for required field check.
 	u.reqMask = uint64(1)<<uint(len(u.reqFields)) - 1
@@ -413,8 +429,9 @@ func (u *unmarshalInfo) computeUnmarshalInfo() {
 // tag = tag # for field
 // field/unmarshal = unmarshal info for that field.
 // reqMask = if required, bitmask for field position in required field list. 0 otherwise.
-func (u *unmarshalInfo) setTag(tag int, field field, unmarshal unmarshaler, reqMask uint64) {
-	i := unmarshalFieldInfo{field: field, unmarshal: unmarshal, reqMask: reqMask}
+// name = short name of the field.
+func (u *unmarshalInfo) setTag(tag int, field field, unmarshal unmarshaler, reqMask uint64, name string) {
+	i := unmarshalFieldInfo{field: field, unmarshal: unmarshal, reqMask: reqMask, name: name}
 	n := u.typ.NumField()
 	if tag >= 0 && (tag < 16 || tag < 2*n) { // TODO: what are the right numbers here?
 		for len(u.dense) <= tag {
@@ -442,11 +459,17 @@ func typeUnmarshaler(t reflect.Type, tags string) unmarshaler {
 	tagArray := strings.Split(tags, ",")
 	encoding := tagArray[0]
 	name := "unknown"
+	proto3 := false
+	validateUTF8 := true
 	for _, tag := range tagArray[3:] {
 		if strings.HasPrefix(tag, "name=") {
 			name = tag[5:]
 		}
+		if tag == "proto3" {
+			proto3 = true
+		}
 	}
+	validateUTF8 = validateUTF8 && proto3
 
 	// Figure out packaging (pointer, slice, or both)
 	slice := false
@@ -594,6 +617,15 @@ func typeUnmarshaler(t reflect.Type, tags string) unmarshaler {
 		}
 		return unmarshalBytesValue
 	case reflect.String:
+		if validateUTF8 {
+			if pointer {
+				return unmarshalUTF8StringPtr
+			}
+			if slice {
+				return unmarshalUTF8StringSlice
+			}
+			return unmarshalUTF8StringValue
+		}
 		if pointer {
 			return unmarshalStringPtr
 		}
@@ -1448,9 +1480,6 @@ func unmarshalStringValue(b []byte, f pointer, w int) ([]byte, error) {
 		return nil, io.ErrUnexpectedEOF
 	}
 	v := string(b[:x])
-	if !utf8.ValidString(v) {
-		return nil, errInvalidUTF8
-	}
 	*f.toString() = v
 	return b[x:], nil
 }
@@ -1468,9 +1497,6 @@ func unmarshalStringPtr(b []byte, f pointer, w int) ([]byte, error) {
 		return nil, io.ErrUnexpectedEOF
 	}
 	v := string(b[:x])
-	if !utf8.ValidString(v) {
-		return nil, errInvalidUTF8
-	}
 	*f.toStringPtr() = &v
 	return b[x:], nil
 }
@@ -1488,11 +1514,69 @@ func unmarshalStringSlice(b []byte, f pointer, w int) ([]byte, error) {
 		return nil, io.ErrUnexpectedEOF
 	}
 	v := string(b[:x])
+	s := f.toStringSlice()
+	*s = append(*s, v)
+	return b[x:], nil
+}
+
+func unmarshalUTF8StringValue(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := string(b[:x])
+	*f.toString() = v
+	if !utf8.ValidString(v) {
+		return b[x:], errInvalidUTF8
+	}
+	return b[x:], nil
+}
+
+func unmarshalUTF8StringPtr(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	v := string(b[:x])
+	*f.toStringPtr() = &v
 	if !utf8.ValidString(v) {
-		return nil, errInvalidUTF8
+		return b[x:], errInvalidUTF8
+	}
+	return b[x:], nil
+}
+
+func unmarshalUTF8StringSlice(b []byte, f pointer, w int) ([]byte, error) {
+	if w != WireBytes {
+		return b, errInternalBadWireType
+	}
+	x, n := decodeVarint(b)
+	if n == 0 {
+		return nil, io.ErrUnexpectedEOF
+	}
+	b = b[n:]
+	if x > uint64(len(b)) {
+		return nil, io.ErrUnexpectedEOF
 	}
+	v := string(b[:x])
 	s := f.toStringSlice()
 	*s = append(*s, v)
+	if !utf8.ValidString(v) {
+		return b[x:], errInvalidUTF8
+	}
 	return b[x:], nil
 }
 
@@ -1674,6 +1758,7 @@ func makeUnmarshalMap(f *reflect.StructField) unmarshaler {
 		// Maps will be somewhat slow. Oh well.
 
 		// Read key and value from data.
+		var nerr nonFatal
 		k := reflect.New(kt)
 		v := reflect.New(vt)
 		for len(b) > 0 {
@@ -1694,7 +1779,7 @@ func makeUnmarshalMap(f *reflect.StructField) unmarshaler {
 				err = errInternalBadWireType // skip unknown tag
 			}
 
-			if err == nil {
+			if nerr.Merge(err) {
 				continue
 			}
 			if err != errInternalBadWireType {
@@ -1717,7 +1802,7 @@ func makeUnmarshalMap(f *reflect.StructField) unmarshaler {
 		// Insert into map.
 		m.SetMapIndex(k.Elem(), v.Elem())
 
-		return r, nil
+		return r, nerr.E
 	}
 }
 
@@ -1743,15 +1828,16 @@ func makeUnmarshalOneof(typ, ityp reflect.Type, unmarshal unmarshaler) unmarshal
 		// Unmarshal data into holder.
 		// We unmarshal into the first field of the holder object.
 		var err error
+		var nerr nonFatal
 		b, err = unmarshal(b, valToPointer(v).offset(field0), w)
-		if err != nil {
+		if !nerr.Merge(err) {
 			return nil, err
 		}
 
 		// Write pointer to holder into target field.
 		f.asPointerTo(ityp).Elem().Set(v)
 
-		return b, nil
+		return b, nerr.E
 	}
 }
 
@@ -1864,7 +1950,7 @@ func encodeVarint(b []byte, x uint64) []byte {
 // If there is an error, it returns 0,0.
 func decodeVarint(b []byte) (uint64, int) {
 	var x, y uint64
-	if len(b) <= 0 {
+	if len(b) == 0 {
 		goto bad
 	}
 	x = uint64(b[0])
diff --git a/vendor/github.com/golang/protobuf/proto/text.go b/vendor/github.com/golang/protobuf/proto/text.go
index 2205fdaadf84c..d97f9b3563ea2 100644
--- a/vendor/github.com/golang/protobuf/proto/text.go
+++ b/vendor/github.com/golang/protobuf/proto/text.go
@@ -353,7 +353,7 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 						return err
 					}
 				}
-				if err := tm.writeAny(w, key, props.mkeyprop); err != nil {
+				if err := tm.writeAny(w, key, props.MapKeyProp); err != nil {
 					return err
 				}
 				if err := w.WriteByte('\n'); err != nil {
@@ -370,7 +370,7 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 							return err
 						}
 					}
-					if err := tm.writeAny(w, val, props.mvalprop); err != nil {
+					if err := tm.writeAny(w, val, props.MapValProp); err != nil {
 						return err
 					}
 					if err := w.WriteByte('\n'); err != nil {
@@ -456,6 +456,8 @@ func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
 	return nil
 }
 
+var textMarshalerType = reflect.TypeOf((*encoding.TextMarshaler)(nil)).Elem()
+
 // writeAny writes an arbitrary field.
 func (tm *TextMarshaler) writeAny(w *textWriter, v reflect.Value, props *Properties) error {
 	v = reflect.Indirect(v)
@@ -519,8 +521,8 @@ func (tm *TextMarshaler) writeAny(w *textWriter, v reflect.Value, props *Propert
 			// mutating this value.
 			v = v.Addr()
 		}
-		if etm, ok := v.Interface().(encoding.TextMarshaler); ok {
-			text, err := etm.MarshalText()
+		if v.Type().Implements(textMarshalerType) {
+			text, err := v.Interface().(encoding.TextMarshaler).MarshalText()
 			if err != nil {
 				return err
 			}
diff --git a/vendor/github.com/golang/protobuf/proto/text_parser.go b/vendor/github.com/golang/protobuf/proto/text_parser.go
index 0685bae36d507..bb55a3af27694 100644
--- a/vendor/github.com/golang/protobuf/proto/text_parser.go
+++ b/vendor/github.com/golang/protobuf/proto/text_parser.go
@@ -630,17 +630,17 @@ func (p *textParser) readStruct(sv reflect.Value, terminator string) error {
 					if err := p.consumeToken(":"); err != nil {
 						return err
 					}
-					if err := p.readAny(key, props.mkeyprop); err != nil {
+					if err := p.readAny(key, props.MapKeyProp); err != nil {
 						return err
 					}
 					if err := p.consumeOptionalSeparator(); err != nil {
 						return err
 					}
 				case "value":
-					if err := p.checkForColon(props.mvalprop, dst.Type().Elem()); err != nil {
+					if err := p.checkForColon(props.MapValProp, dst.Type().Elem()); err != nil {
 						return err
 					}
-					if err := p.readAny(val, props.mvalprop); err != nil {
+					if err := p.readAny(val, props.MapValProp); err != nil {
 						return err
 					}
 					if err := p.consumeOptionalSeparator(); err != nil {
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go b/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go
index e855b1f5c4abc..d371d56974b5f 100644
--- a/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go
@@ -1,11 +1,13 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/protobuf/descriptor.proto
 
-package descriptor // import "github.com/golang/protobuf/protoc-gen-go/descriptor"
+package descriptor
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,7 +18,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 type FieldDescriptorProto_Type int32
 
@@ -72,6 +74,7 @@ var FieldDescriptorProto_Type_name = map[int32]string{
 	17: "TYPE_SINT32",
 	18: "TYPE_SINT64",
 }
+
 var FieldDescriptorProto_Type_value = map[string]int32{
 	"TYPE_DOUBLE":   1,
 	"TYPE_FLOAT":    2,
@@ -98,9 +101,11 @@ func (x FieldDescriptorProto_Type) Enum() *FieldDescriptorProto_Type {
 	*p = x
 	return p
 }
+
 func (x FieldDescriptorProto_Type) String() string {
 	return proto.EnumName(FieldDescriptorProto_Type_name, int32(x))
 }
+
 func (x *FieldDescriptorProto_Type) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FieldDescriptorProto_Type_value, data, "FieldDescriptorProto_Type")
 	if err != nil {
@@ -109,8 +114,9 @@ func (x *FieldDescriptorProto_Type) UnmarshalJSON(data []byte) error {
 	*x = FieldDescriptorProto_Type(value)
 	return nil
 }
+
 func (FieldDescriptorProto_Type) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{4, 0}
+	return fileDescriptor_e5baabe45344a177, []int{4, 0}
 }
 
 type FieldDescriptorProto_Label int32
@@ -127,6 +133,7 @@ var FieldDescriptorProto_Label_name = map[int32]string{
 	2: "LABEL_REQUIRED",
 	3: "LABEL_REPEATED",
 }
+
 var FieldDescriptorProto_Label_value = map[string]int32{
 	"LABEL_OPTIONAL": 1,
 	"LABEL_REQUIRED": 2,
@@ -138,9 +145,11 @@ func (x FieldDescriptorProto_Label) Enum() *FieldDescriptorProto_Label {
 	*p = x
 	return p
 }
+
 func (x FieldDescriptorProto_Label) String() string {
 	return proto.EnumName(FieldDescriptorProto_Label_name, int32(x))
 }
+
 func (x *FieldDescriptorProto_Label) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FieldDescriptorProto_Label_value, data, "FieldDescriptorProto_Label")
 	if err != nil {
@@ -149,8 +158,9 @@ func (x *FieldDescriptorProto_Label) UnmarshalJSON(data []byte) error {
 	*x = FieldDescriptorProto_Label(value)
 	return nil
 }
+
 func (FieldDescriptorProto_Label) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{4, 1}
+	return fileDescriptor_e5baabe45344a177, []int{4, 1}
 }
 
 // Generated classes can be optimized for speed or code size.
@@ -168,6 +178,7 @@ var FileOptions_OptimizeMode_name = map[int32]string{
 	2: "CODE_SIZE",
 	3: "LITE_RUNTIME",
 }
+
 var FileOptions_OptimizeMode_value = map[string]int32{
 	"SPEED":        1,
 	"CODE_SIZE":    2,
@@ -179,9 +190,11 @@ func (x FileOptions_OptimizeMode) Enum() *FileOptions_OptimizeMode {
 	*p = x
 	return p
 }
+
 func (x FileOptions_OptimizeMode) String() string {
 	return proto.EnumName(FileOptions_OptimizeMode_name, int32(x))
 }
+
 func (x *FileOptions_OptimizeMode) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FileOptions_OptimizeMode_value, data, "FileOptions_OptimizeMode")
 	if err != nil {
@@ -190,8 +203,9 @@ func (x *FileOptions_OptimizeMode) UnmarshalJSON(data []byte) error {
 	*x = FileOptions_OptimizeMode(value)
 	return nil
 }
+
 func (FileOptions_OptimizeMode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{10, 0}
+	return fileDescriptor_e5baabe45344a177, []int{10, 0}
 }
 
 type FieldOptions_CType int32
@@ -208,6 +222,7 @@ var FieldOptions_CType_name = map[int32]string{
 	1: "CORD",
 	2: "STRING_PIECE",
 }
+
 var FieldOptions_CType_value = map[string]int32{
 	"STRING":       0,
 	"CORD":         1,
@@ -219,9 +234,11 @@ func (x FieldOptions_CType) Enum() *FieldOptions_CType {
 	*p = x
 	return p
 }
+
 func (x FieldOptions_CType) String() string {
 	return proto.EnumName(FieldOptions_CType_name, int32(x))
 }
+
 func (x *FieldOptions_CType) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FieldOptions_CType_value, data, "FieldOptions_CType")
 	if err != nil {
@@ -230,8 +247,9 @@ func (x *FieldOptions_CType) UnmarshalJSON(data []byte) error {
 	*x = FieldOptions_CType(value)
 	return nil
 }
+
 func (FieldOptions_CType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{12, 0}
+	return fileDescriptor_e5baabe45344a177, []int{12, 0}
 }
 
 type FieldOptions_JSType int32
@@ -250,6 +268,7 @@ var FieldOptions_JSType_name = map[int32]string{
 	1: "JS_STRING",
 	2: "JS_NUMBER",
 }
+
 var FieldOptions_JSType_value = map[string]int32{
 	"JS_NORMAL": 0,
 	"JS_STRING": 1,
@@ -261,9 +280,11 @@ func (x FieldOptions_JSType) Enum() *FieldOptions_JSType {
 	*p = x
 	return p
 }
+
 func (x FieldOptions_JSType) String() string {
 	return proto.EnumName(FieldOptions_JSType_name, int32(x))
 }
+
 func (x *FieldOptions_JSType) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(FieldOptions_JSType_value, data, "FieldOptions_JSType")
 	if err != nil {
@@ -272,8 +293,9 @@ func (x *FieldOptions_JSType) UnmarshalJSON(data []byte) error {
 	*x = FieldOptions_JSType(value)
 	return nil
 }
+
 func (FieldOptions_JSType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{12, 1}
+	return fileDescriptor_e5baabe45344a177, []int{12, 1}
 }
 
 // Is this method side-effect-free (or safe in HTTP parlance), or idempotent,
@@ -292,6 +314,7 @@ var MethodOptions_IdempotencyLevel_name = map[int32]string{
 	1: "NO_SIDE_EFFECTS",
 	2: "IDEMPOTENT",
 }
+
 var MethodOptions_IdempotencyLevel_value = map[string]int32{
 	"IDEMPOTENCY_UNKNOWN": 0,
 	"NO_SIDE_EFFECTS":     1,
@@ -303,9 +326,11 @@ func (x MethodOptions_IdempotencyLevel) Enum() *MethodOptions_IdempotencyLevel {
 	*p = x
 	return p
 }
+
 func (x MethodOptions_IdempotencyLevel) String() string {
 	return proto.EnumName(MethodOptions_IdempotencyLevel_name, int32(x))
 }
+
 func (x *MethodOptions_IdempotencyLevel) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(MethodOptions_IdempotencyLevel_value, data, "MethodOptions_IdempotencyLevel")
 	if err != nil {
@@ -314,8 +339,9 @@ func (x *MethodOptions_IdempotencyLevel) UnmarshalJSON(data []byte) error {
 	*x = MethodOptions_IdempotencyLevel(value)
 	return nil
 }
+
 func (MethodOptions_IdempotencyLevel) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{17, 0}
+	return fileDescriptor_e5baabe45344a177, []int{17, 0}
 }
 
 // The protocol compiler can output a FileDescriptorSet containing the .proto
@@ -331,16 +357,17 @@ func (m *FileDescriptorSet) Reset()         { *m = FileDescriptorSet{} }
 func (m *FileDescriptorSet) String() string { return proto.CompactTextString(m) }
 func (*FileDescriptorSet) ProtoMessage()    {}
 func (*FileDescriptorSet) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{0}
+	return fileDescriptor_e5baabe45344a177, []int{0}
 }
+
 func (m *FileDescriptorSet) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_FileDescriptorSet.Unmarshal(m, b)
 }
 func (m *FileDescriptorSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_FileDescriptorSet.Marshal(b, m, deterministic)
 }
-func (dst *FileDescriptorSet) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_FileDescriptorSet.Merge(dst, src)
+func (m *FileDescriptorSet) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileDescriptorSet.Merge(m, src)
 }
 func (m *FileDescriptorSet) XXX_Size() int {
 	return xxx_messageInfo_FileDescriptorSet.Size(m)
@@ -392,16 +419,17 @@ func (m *FileDescriptorProto) Reset()         { *m = FileDescriptorProto{} }
 func (m *FileDescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*FileDescriptorProto) ProtoMessage()    {}
 func (*FileDescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{1}
+	return fileDescriptor_e5baabe45344a177, []int{1}
 }
+
 func (m *FileDescriptorProto) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_FileDescriptorProto.Unmarshal(m, b)
 }
 func (m *FileDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_FileDescriptorProto.Marshal(b, m, deterministic)
 }
-func (dst *FileDescriptorProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_FileDescriptorProto.Merge(dst, src)
+func (m *FileDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileDescriptorProto.Merge(m, src)
 }
 func (m *FileDescriptorProto) XXX_Size() int {
 	return xxx_messageInfo_FileDescriptorProto.Size(m)
@@ -519,16 +547,17 @@ func (m *DescriptorProto) Reset()         { *m = DescriptorProto{} }
 func (m *DescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*DescriptorProto) ProtoMessage()    {}
 func (*DescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{2}
+	return fileDescriptor_e5baabe45344a177, []int{2}
 }
+
 func (m *DescriptorProto) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DescriptorProto.Unmarshal(m, b)
 }
 func (m *DescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DescriptorProto.Marshal(b, m, deterministic)
 }
-func (dst *DescriptorProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DescriptorProto.Merge(dst, src)
+func (m *DescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DescriptorProto.Merge(m, src)
 }
 func (m *DescriptorProto) XXX_Size() int {
 	return xxx_messageInfo_DescriptorProto.Size(m)
@@ -622,16 +651,17 @@ func (m *DescriptorProto_ExtensionRange) Reset()         { *m = DescriptorProto_
 func (m *DescriptorProto_ExtensionRange) String() string { return proto.CompactTextString(m) }
 func (*DescriptorProto_ExtensionRange) ProtoMessage()    {}
 func (*DescriptorProto_ExtensionRange) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{2, 0}
+	return fileDescriptor_e5baabe45344a177, []int{2, 0}
 }
+
 func (m *DescriptorProto_ExtensionRange) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DescriptorProto_ExtensionRange.Unmarshal(m, b)
 }
 func (m *DescriptorProto_ExtensionRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DescriptorProto_ExtensionRange.Marshal(b, m, deterministic)
 }
-func (dst *DescriptorProto_ExtensionRange) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DescriptorProto_ExtensionRange.Merge(dst, src)
+func (m *DescriptorProto_ExtensionRange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DescriptorProto_ExtensionRange.Merge(m, src)
 }
 func (m *DescriptorProto_ExtensionRange) XXX_Size() int {
 	return xxx_messageInfo_DescriptorProto_ExtensionRange.Size(m)
@@ -678,16 +708,17 @@ func (m *DescriptorProto_ReservedRange) Reset()         { *m = DescriptorProto_R
 func (m *DescriptorProto_ReservedRange) String() string { return proto.CompactTextString(m) }
 func (*DescriptorProto_ReservedRange) ProtoMessage()    {}
 func (*DescriptorProto_ReservedRange) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{2, 1}
+	return fileDescriptor_e5baabe45344a177, []int{2, 1}
 }
+
 func (m *DescriptorProto_ReservedRange) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DescriptorProto_ReservedRange.Unmarshal(m, b)
 }
 func (m *DescriptorProto_ReservedRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DescriptorProto_ReservedRange.Marshal(b, m, deterministic)
 }
-func (dst *DescriptorProto_ReservedRange) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DescriptorProto_ReservedRange.Merge(dst, src)
+func (m *DescriptorProto_ReservedRange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DescriptorProto_ReservedRange.Merge(m, src)
 }
 func (m *DescriptorProto_ReservedRange) XXX_Size() int {
 	return xxx_messageInfo_DescriptorProto_ReservedRange.Size(m)
@@ -725,7 +756,7 @@ func (m *ExtensionRangeOptions) Reset()         { *m = ExtensionRangeOptions{} }
 func (m *ExtensionRangeOptions) String() string { return proto.CompactTextString(m) }
 func (*ExtensionRangeOptions) ProtoMessage()    {}
 func (*ExtensionRangeOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{3}
+	return fileDescriptor_e5baabe45344a177, []int{3}
 }
 
 var extRange_ExtensionRangeOptions = []proto.ExtensionRange{
@@ -735,14 +766,15 @@ var extRange_ExtensionRangeOptions = []proto.ExtensionRange{
 func (*ExtensionRangeOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_ExtensionRangeOptions
 }
+
 func (m *ExtensionRangeOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ExtensionRangeOptions.Unmarshal(m, b)
 }
 func (m *ExtensionRangeOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ExtensionRangeOptions.Marshal(b, m, deterministic)
 }
-func (dst *ExtensionRangeOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ExtensionRangeOptions.Merge(dst, src)
+func (m *ExtensionRangeOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExtensionRangeOptions.Merge(m, src)
 }
 func (m *ExtensionRangeOptions) XXX_Size() int {
 	return xxx_messageInfo_ExtensionRangeOptions.Size(m)
@@ -801,16 +833,17 @@ func (m *FieldDescriptorProto) Reset()         { *m = FieldDescriptorProto{} }
 func (m *FieldDescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*FieldDescriptorProto) ProtoMessage()    {}
 func (*FieldDescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{4}
+	return fileDescriptor_e5baabe45344a177, []int{4}
 }
+
 func (m *FieldDescriptorProto) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_FieldDescriptorProto.Unmarshal(m, b)
 }
 func (m *FieldDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_FieldDescriptorProto.Marshal(b, m, deterministic)
 }
-func (dst *FieldDescriptorProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_FieldDescriptorProto.Merge(dst, src)
+func (m *FieldDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FieldDescriptorProto.Merge(m, src)
 }
 func (m *FieldDescriptorProto) XXX_Size() int {
 	return xxx_messageInfo_FieldDescriptorProto.Size(m)
@@ -904,16 +937,17 @@ func (m *OneofDescriptorProto) Reset()         { *m = OneofDescriptorProto{} }
 func (m *OneofDescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*OneofDescriptorProto) ProtoMessage()    {}
 func (*OneofDescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{5}
+	return fileDescriptor_e5baabe45344a177, []int{5}
 }
+
 func (m *OneofDescriptorProto) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_OneofDescriptorProto.Unmarshal(m, b)
 }
 func (m *OneofDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_OneofDescriptorProto.Marshal(b, m, deterministic)
 }
-func (dst *OneofDescriptorProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_OneofDescriptorProto.Merge(dst, src)
+func (m *OneofDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_OneofDescriptorProto.Merge(m, src)
 }
 func (m *OneofDescriptorProto) XXX_Size() int {
 	return xxx_messageInfo_OneofDescriptorProto.Size(m)
@@ -959,16 +993,17 @@ func (m *EnumDescriptorProto) Reset()         { *m = EnumDescriptorProto{} }
 func (m *EnumDescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*EnumDescriptorProto) ProtoMessage()    {}
 func (*EnumDescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{6}
+	return fileDescriptor_e5baabe45344a177, []int{6}
 }
+
 func (m *EnumDescriptorProto) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_EnumDescriptorProto.Unmarshal(m, b)
 }
 func (m *EnumDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_EnumDescriptorProto.Marshal(b, m, deterministic)
 }
-func (dst *EnumDescriptorProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_EnumDescriptorProto.Merge(dst, src)
+func (m *EnumDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumDescriptorProto.Merge(m, src)
 }
 func (m *EnumDescriptorProto) XXX_Size() int {
 	return xxx_messageInfo_EnumDescriptorProto.Size(m)
@@ -1032,16 +1067,17 @@ func (m *EnumDescriptorProto_EnumReservedRange) Reset()         { *m = EnumDescr
 func (m *EnumDescriptorProto_EnumReservedRange) String() string { return proto.CompactTextString(m) }
 func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage()    {}
 func (*EnumDescriptorProto_EnumReservedRange) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{6, 0}
+	return fileDescriptor_e5baabe45344a177, []int{6, 0}
 }
+
 func (m *EnumDescriptorProto_EnumReservedRange) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Unmarshal(m, b)
 }
 func (m *EnumDescriptorProto_EnumReservedRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Marshal(b, m, deterministic)
 }
-func (dst *EnumDescriptorProto_EnumReservedRange) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Merge(dst, src)
+func (m *EnumDescriptorProto_EnumReservedRange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Merge(m, src)
 }
 func (m *EnumDescriptorProto_EnumReservedRange) XXX_Size() int {
 	return xxx_messageInfo_EnumDescriptorProto_EnumReservedRange.Size(m)
@@ -1080,16 +1116,17 @@ func (m *EnumValueDescriptorProto) Reset()         { *m = EnumValueDescriptorPro
 func (m *EnumValueDescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*EnumValueDescriptorProto) ProtoMessage()    {}
 func (*EnumValueDescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{7}
+	return fileDescriptor_e5baabe45344a177, []int{7}
 }
+
 func (m *EnumValueDescriptorProto) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_EnumValueDescriptorProto.Unmarshal(m, b)
 }
 func (m *EnumValueDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_EnumValueDescriptorProto.Marshal(b, m, deterministic)
 }
-func (dst *EnumValueDescriptorProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_EnumValueDescriptorProto.Merge(dst, src)
+func (m *EnumValueDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumValueDescriptorProto.Merge(m, src)
 }
 func (m *EnumValueDescriptorProto) XXX_Size() int {
 	return xxx_messageInfo_EnumValueDescriptorProto.Size(m)
@@ -1135,16 +1172,17 @@ func (m *ServiceDescriptorProto) Reset()         { *m = ServiceDescriptorProto{}
 func (m *ServiceDescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*ServiceDescriptorProto) ProtoMessage()    {}
 func (*ServiceDescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{8}
+	return fileDescriptor_e5baabe45344a177, []int{8}
 }
+
 func (m *ServiceDescriptorProto) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ServiceDescriptorProto.Unmarshal(m, b)
 }
 func (m *ServiceDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ServiceDescriptorProto.Marshal(b, m, deterministic)
 }
-func (dst *ServiceDescriptorProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ServiceDescriptorProto.Merge(dst, src)
+func (m *ServiceDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServiceDescriptorProto.Merge(m, src)
 }
 func (m *ServiceDescriptorProto) XXX_Size() int {
 	return xxx_messageInfo_ServiceDescriptorProto.Size(m)
@@ -1197,16 +1235,17 @@ func (m *MethodDescriptorProto) Reset()         { *m = MethodDescriptorProto{} }
 func (m *MethodDescriptorProto) String() string { return proto.CompactTextString(m) }
 func (*MethodDescriptorProto) ProtoMessage()    {}
 func (*MethodDescriptorProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{9}
+	return fileDescriptor_e5baabe45344a177, []int{9}
 }
+
 func (m *MethodDescriptorProto) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_MethodDescriptorProto.Unmarshal(m, b)
 }
 func (m *MethodDescriptorProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_MethodDescriptorProto.Marshal(b, m, deterministic)
 }
-func (dst *MethodDescriptorProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_MethodDescriptorProto.Merge(dst, src)
+func (m *MethodDescriptorProto) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MethodDescriptorProto.Merge(m, src)
 }
 func (m *MethodDescriptorProto) XXX_Size() int {
 	return xxx_messageInfo_MethodDescriptorProto.Size(m)
@@ -1336,6 +1375,14 @@ type FileOptions struct {
 	// is empty. When this option is empty, the package name will be used for
 	// determining the namespace.
 	PhpNamespace *string `protobuf:"bytes,41,opt,name=php_namespace,json=phpNamespace" json:"php_namespace,omitempty"`
+	// Use this option to change the namespace of php generated metadata classes.
+	// Default is empty. When this option is empty, the proto file name will be
+	// used for determining the namespace.
+	PhpMetadataNamespace *string `protobuf:"bytes,44,opt,name=php_metadata_namespace,json=phpMetadataNamespace" json:"php_metadata_namespace,omitempty"`
+	// Use this option to change the package of ruby generated classes. Default
+	// is empty. When this option is not set, the package name will be used for
+	// determining the ruby package.
+	RubyPackage *string `protobuf:"bytes,45,opt,name=ruby_package,json=rubyPackage" json:"ruby_package,omitempty"`
 	// The parser stores options it doesn't recognize here.
 	// See the documentation for the "Options" section above.
 	UninterpretedOption          []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
@@ -1349,7 +1396,7 @@ func (m *FileOptions) Reset()         { *m = FileOptions{} }
 func (m *FileOptions) String() string { return proto.CompactTextString(m) }
 func (*FileOptions) ProtoMessage()    {}
 func (*FileOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{10}
+	return fileDescriptor_e5baabe45344a177, []int{10}
 }
 
 var extRange_FileOptions = []proto.ExtensionRange{
@@ -1359,14 +1406,15 @@ var extRange_FileOptions = []proto.ExtensionRange{
 func (*FileOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_FileOptions
 }
+
 func (m *FileOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_FileOptions.Unmarshal(m, b)
 }
 func (m *FileOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_FileOptions.Marshal(b, m, deterministic)
 }
-func (dst *FileOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_FileOptions.Merge(dst, src)
+func (m *FileOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileOptions.Merge(m, src)
 }
 func (m *FileOptions) XXX_Size() int {
 	return xxx_messageInfo_FileOptions.Size(m)
@@ -1514,6 +1562,20 @@ func (m *FileOptions) GetPhpNamespace() string {
 	return ""
 }
 
+func (m *FileOptions) GetPhpMetadataNamespace() string {
+	if m != nil && m.PhpMetadataNamespace != nil {
+		return *m.PhpMetadataNamespace
+	}
+	return ""
+}
+
+func (m *FileOptions) GetRubyPackage() string {
+	if m != nil && m.RubyPackage != nil {
+		return *m.RubyPackage
+	}
+	return ""
+}
+
 func (m *FileOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if m != nil {
 		return m.UninterpretedOption
@@ -1565,7 +1627,7 @@ type MessageOptions struct {
 	//
 	// Implementations may choose not to generate the map_entry=true message, but
 	// use a native map in the target language to hold the keys and values.
-	// The reflection APIs in such implementions still need to work as
+	// The reflection APIs in such implementations still need to work as
 	// if the field is a repeated message field.
 	//
 	// NOTE: Do not set the option in .proto files. Always use the maps syntax
@@ -1584,7 +1646,7 @@ func (m *MessageOptions) Reset()         { *m = MessageOptions{} }
 func (m *MessageOptions) String() string { return proto.CompactTextString(m) }
 func (*MessageOptions) ProtoMessage()    {}
 func (*MessageOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{11}
+	return fileDescriptor_e5baabe45344a177, []int{11}
 }
 
 var extRange_MessageOptions = []proto.ExtensionRange{
@@ -1594,14 +1656,15 @@ var extRange_MessageOptions = []proto.ExtensionRange{
 func (*MessageOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_MessageOptions
 }
+
 func (m *MessageOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_MessageOptions.Unmarshal(m, b)
 }
 func (m *MessageOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_MessageOptions.Marshal(b, m, deterministic)
 }
-func (dst *MessageOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_MessageOptions.Merge(dst, src)
+func (m *MessageOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MessageOptions.Merge(m, src)
 }
 func (m *MessageOptions) XXX_Size() int {
 	return xxx_messageInfo_MessageOptions.Size(m)
@@ -1723,7 +1786,7 @@ func (m *FieldOptions) Reset()         { *m = FieldOptions{} }
 func (m *FieldOptions) String() string { return proto.CompactTextString(m) }
 func (*FieldOptions) ProtoMessage()    {}
 func (*FieldOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{12}
+	return fileDescriptor_e5baabe45344a177, []int{12}
 }
 
 var extRange_FieldOptions = []proto.ExtensionRange{
@@ -1733,14 +1796,15 @@ var extRange_FieldOptions = []proto.ExtensionRange{
 func (*FieldOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_FieldOptions
 }
+
 func (m *FieldOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_FieldOptions.Unmarshal(m, b)
 }
 func (m *FieldOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_FieldOptions.Marshal(b, m, deterministic)
 }
-func (dst *FieldOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_FieldOptions.Merge(dst, src)
+func (m *FieldOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FieldOptions.Merge(m, src)
 }
 func (m *FieldOptions) XXX_Size() int {
 	return xxx_messageInfo_FieldOptions.Size(m)
@@ -1819,7 +1883,7 @@ func (m *OneofOptions) Reset()         { *m = OneofOptions{} }
 func (m *OneofOptions) String() string { return proto.CompactTextString(m) }
 func (*OneofOptions) ProtoMessage()    {}
 func (*OneofOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{13}
+	return fileDescriptor_e5baabe45344a177, []int{13}
 }
 
 var extRange_OneofOptions = []proto.ExtensionRange{
@@ -1829,14 +1893,15 @@ var extRange_OneofOptions = []proto.ExtensionRange{
 func (*OneofOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_OneofOptions
 }
+
 func (m *OneofOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_OneofOptions.Unmarshal(m, b)
 }
 func (m *OneofOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_OneofOptions.Marshal(b, m, deterministic)
 }
-func (dst *OneofOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_OneofOptions.Merge(dst, src)
+func (m *OneofOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_OneofOptions.Merge(m, src)
 }
 func (m *OneofOptions) XXX_Size() int {
 	return xxx_messageInfo_OneofOptions.Size(m)
@@ -1875,7 +1940,7 @@ func (m *EnumOptions) Reset()         { *m = EnumOptions{} }
 func (m *EnumOptions) String() string { return proto.CompactTextString(m) }
 func (*EnumOptions) ProtoMessage()    {}
 func (*EnumOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{14}
+	return fileDescriptor_e5baabe45344a177, []int{14}
 }
 
 var extRange_EnumOptions = []proto.ExtensionRange{
@@ -1885,14 +1950,15 @@ var extRange_EnumOptions = []proto.ExtensionRange{
 func (*EnumOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_EnumOptions
 }
+
 func (m *EnumOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_EnumOptions.Unmarshal(m, b)
 }
 func (m *EnumOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_EnumOptions.Marshal(b, m, deterministic)
 }
-func (dst *EnumOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_EnumOptions.Merge(dst, src)
+func (m *EnumOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumOptions.Merge(m, src)
 }
 func (m *EnumOptions) XXX_Size() int {
 	return xxx_messageInfo_EnumOptions.Size(m)
@@ -1944,7 +2010,7 @@ func (m *EnumValueOptions) Reset()         { *m = EnumValueOptions{} }
 func (m *EnumValueOptions) String() string { return proto.CompactTextString(m) }
 func (*EnumValueOptions) ProtoMessage()    {}
 func (*EnumValueOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{15}
+	return fileDescriptor_e5baabe45344a177, []int{15}
 }
 
 var extRange_EnumValueOptions = []proto.ExtensionRange{
@@ -1954,14 +2020,15 @@ var extRange_EnumValueOptions = []proto.ExtensionRange{
 func (*EnumValueOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_EnumValueOptions
 }
+
 func (m *EnumValueOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_EnumValueOptions.Unmarshal(m, b)
 }
 func (m *EnumValueOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_EnumValueOptions.Marshal(b, m, deterministic)
 }
-func (dst *EnumValueOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_EnumValueOptions.Merge(dst, src)
+func (m *EnumValueOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EnumValueOptions.Merge(m, src)
 }
 func (m *EnumValueOptions) XXX_Size() int {
 	return xxx_messageInfo_EnumValueOptions.Size(m)
@@ -2006,7 +2073,7 @@ func (m *ServiceOptions) Reset()         { *m = ServiceOptions{} }
 func (m *ServiceOptions) String() string { return proto.CompactTextString(m) }
 func (*ServiceOptions) ProtoMessage()    {}
 func (*ServiceOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{16}
+	return fileDescriptor_e5baabe45344a177, []int{16}
 }
 
 var extRange_ServiceOptions = []proto.ExtensionRange{
@@ -2016,14 +2083,15 @@ var extRange_ServiceOptions = []proto.ExtensionRange{
 func (*ServiceOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_ServiceOptions
 }
+
 func (m *ServiceOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ServiceOptions.Unmarshal(m, b)
 }
 func (m *ServiceOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ServiceOptions.Marshal(b, m, deterministic)
 }
-func (dst *ServiceOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ServiceOptions.Merge(dst, src)
+func (m *ServiceOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServiceOptions.Merge(m, src)
 }
 func (m *ServiceOptions) XXX_Size() int {
 	return xxx_messageInfo_ServiceOptions.Size(m)
@@ -2069,7 +2137,7 @@ func (m *MethodOptions) Reset()         { *m = MethodOptions{} }
 func (m *MethodOptions) String() string { return proto.CompactTextString(m) }
 func (*MethodOptions) ProtoMessage()    {}
 func (*MethodOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{17}
+	return fileDescriptor_e5baabe45344a177, []int{17}
 }
 
 var extRange_MethodOptions = []proto.ExtensionRange{
@@ -2079,14 +2147,15 @@ var extRange_MethodOptions = []proto.ExtensionRange{
 func (*MethodOptions) ExtensionRangeArray() []proto.ExtensionRange {
 	return extRange_MethodOptions
 }
+
 func (m *MethodOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_MethodOptions.Unmarshal(m, b)
 }
 func (m *MethodOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_MethodOptions.Marshal(b, m, deterministic)
 }
-func (dst *MethodOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_MethodOptions.Merge(dst, src)
+func (m *MethodOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MethodOptions.Merge(m, src)
 }
 func (m *MethodOptions) XXX_Size() int {
 	return xxx_messageInfo_MethodOptions.Size(m)
@@ -2146,16 +2215,17 @@ func (m *UninterpretedOption) Reset()         { *m = UninterpretedOption{} }
 func (m *UninterpretedOption) String() string { return proto.CompactTextString(m) }
 func (*UninterpretedOption) ProtoMessage()    {}
 func (*UninterpretedOption) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{18}
+	return fileDescriptor_e5baabe45344a177, []int{18}
 }
+
 func (m *UninterpretedOption) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_UninterpretedOption.Unmarshal(m, b)
 }
 func (m *UninterpretedOption) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_UninterpretedOption.Marshal(b, m, deterministic)
 }
-func (dst *UninterpretedOption) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_UninterpretedOption.Merge(dst, src)
+func (m *UninterpretedOption) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UninterpretedOption.Merge(m, src)
 }
 func (m *UninterpretedOption) XXX_Size() int {
 	return xxx_messageInfo_UninterpretedOption.Size(m)
@@ -2232,16 +2302,17 @@ func (m *UninterpretedOption_NamePart) Reset()         { *m = UninterpretedOptio
 func (m *UninterpretedOption_NamePart) String() string { return proto.CompactTextString(m) }
 func (*UninterpretedOption_NamePart) ProtoMessage()    {}
 func (*UninterpretedOption_NamePart) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{18, 0}
+	return fileDescriptor_e5baabe45344a177, []int{18, 0}
 }
+
 func (m *UninterpretedOption_NamePart) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_UninterpretedOption_NamePart.Unmarshal(m, b)
 }
 func (m *UninterpretedOption_NamePart) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_UninterpretedOption_NamePart.Marshal(b, m, deterministic)
 }
-func (dst *UninterpretedOption_NamePart) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_UninterpretedOption_NamePart.Merge(dst, src)
+func (m *UninterpretedOption_NamePart) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UninterpretedOption_NamePart.Merge(m, src)
 }
 func (m *UninterpretedOption_NamePart) XXX_Size() int {
 	return xxx_messageInfo_UninterpretedOption_NamePart.Size(m)
@@ -2306,7 +2377,7 @@ type SourceCodeInfo struct {
 	//   beginning of the "extend" block and is shared by all extensions within
 	//   the block.
 	// - Just because a location's span is a subset of some other location's span
-	//   does not mean that it is a descendent.  For example, a "group" defines
+	//   does not mean that it is a descendant.  For example, a "group" defines
 	//   both a type and a field in a single declaration.  Thus, the locations
 	//   corresponding to the type and field and their components will overlap.
 	// - Code which tries to interpret locations should probably be designed to
@@ -2322,16 +2393,17 @@ func (m *SourceCodeInfo) Reset()         { *m = SourceCodeInfo{} }
 func (m *SourceCodeInfo) String() string { return proto.CompactTextString(m) }
 func (*SourceCodeInfo) ProtoMessage()    {}
 func (*SourceCodeInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{19}
+	return fileDescriptor_e5baabe45344a177, []int{19}
 }
+
 func (m *SourceCodeInfo) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_SourceCodeInfo.Unmarshal(m, b)
 }
 func (m *SourceCodeInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_SourceCodeInfo.Marshal(b, m, deterministic)
 }
-func (dst *SourceCodeInfo) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SourceCodeInfo.Merge(dst, src)
+func (m *SourceCodeInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SourceCodeInfo.Merge(m, src)
 }
 func (m *SourceCodeInfo) XXX_Size() int {
 	return xxx_messageInfo_SourceCodeInfo.Size(m)
@@ -2439,16 +2511,17 @@ func (m *SourceCodeInfo_Location) Reset()         { *m = SourceCodeInfo_Location
 func (m *SourceCodeInfo_Location) String() string { return proto.CompactTextString(m) }
 func (*SourceCodeInfo_Location) ProtoMessage()    {}
 func (*SourceCodeInfo_Location) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{19, 0}
+	return fileDescriptor_e5baabe45344a177, []int{19, 0}
 }
+
 func (m *SourceCodeInfo_Location) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_SourceCodeInfo_Location.Unmarshal(m, b)
 }
 func (m *SourceCodeInfo_Location) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_SourceCodeInfo_Location.Marshal(b, m, deterministic)
 }
-func (dst *SourceCodeInfo_Location) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SourceCodeInfo_Location.Merge(dst, src)
+func (m *SourceCodeInfo_Location) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SourceCodeInfo_Location.Merge(m, src)
 }
 func (m *SourceCodeInfo_Location) XXX_Size() int {
 	return xxx_messageInfo_SourceCodeInfo_Location.Size(m)
@@ -2510,16 +2583,17 @@ func (m *GeneratedCodeInfo) Reset()         { *m = GeneratedCodeInfo{} }
 func (m *GeneratedCodeInfo) String() string { return proto.CompactTextString(m) }
 func (*GeneratedCodeInfo) ProtoMessage()    {}
 func (*GeneratedCodeInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{20}
+	return fileDescriptor_e5baabe45344a177, []int{20}
 }
+
 func (m *GeneratedCodeInfo) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_GeneratedCodeInfo.Unmarshal(m, b)
 }
 func (m *GeneratedCodeInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_GeneratedCodeInfo.Marshal(b, m, deterministic)
 }
-func (dst *GeneratedCodeInfo) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GeneratedCodeInfo.Merge(dst, src)
+func (m *GeneratedCodeInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GeneratedCodeInfo.Merge(m, src)
 }
 func (m *GeneratedCodeInfo) XXX_Size() int {
 	return xxx_messageInfo_GeneratedCodeInfo.Size(m)
@@ -2559,16 +2633,17 @@ func (m *GeneratedCodeInfo_Annotation) Reset()         { *m = GeneratedCodeInfo_
 func (m *GeneratedCodeInfo_Annotation) String() string { return proto.CompactTextString(m) }
 func (*GeneratedCodeInfo_Annotation) ProtoMessage()    {}
 func (*GeneratedCodeInfo_Annotation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_descriptor_4df4cb5f42392df6, []int{20, 0}
+	return fileDescriptor_e5baabe45344a177, []int{20, 0}
 }
+
 func (m *GeneratedCodeInfo_Annotation) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_GeneratedCodeInfo_Annotation.Unmarshal(m, b)
 }
 func (m *GeneratedCodeInfo_Annotation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_GeneratedCodeInfo_Annotation.Marshal(b, m, deterministic)
 }
-func (dst *GeneratedCodeInfo_Annotation) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GeneratedCodeInfo_Annotation.Merge(dst, src)
+func (m *GeneratedCodeInfo_Annotation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GeneratedCodeInfo_Annotation.Merge(m, src)
 }
 func (m *GeneratedCodeInfo_Annotation) XXX_Size() int {
 	return xxx_messageInfo_GeneratedCodeInfo_Annotation.Size(m)
@@ -2608,6 +2683,12 @@ func (m *GeneratedCodeInfo_Annotation) GetEnd() int32 {
 }
 
 func init() {
+	proto.RegisterEnum("google.protobuf.FieldDescriptorProto_Type", FieldDescriptorProto_Type_name, FieldDescriptorProto_Type_value)
+	proto.RegisterEnum("google.protobuf.FieldDescriptorProto_Label", FieldDescriptorProto_Label_name, FieldDescriptorProto_Label_value)
+	proto.RegisterEnum("google.protobuf.FileOptions_OptimizeMode", FileOptions_OptimizeMode_name, FileOptions_OptimizeMode_value)
+	proto.RegisterEnum("google.protobuf.FieldOptions_CType", FieldOptions_CType_name, FieldOptions_CType_value)
+	proto.RegisterEnum("google.protobuf.FieldOptions_JSType", FieldOptions_JSType_name, FieldOptions_JSType_value)
+	proto.RegisterEnum("google.protobuf.MethodOptions_IdempotencyLevel", MethodOptions_IdempotencyLevel_name, MethodOptions_IdempotencyLevel_value)
 	proto.RegisterType((*FileDescriptorSet)(nil), "google.protobuf.FileDescriptorSet")
 	proto.RegisterType((*FileDescriptorProto)(nil), "google.protobuf.FileDescriptorProto")
 	proto.RegisterType((*DescriptorProto)(nil), "google.protobuf.DescriptorProto")
@@ -2635,178 +2716,174 @@ func init() {
 	proto.RegisterType((*SourceCodeInfo_Location)(nil), "google.protobuf.SourceCodeInfo.Location")
 	proto.RegisterType((*GeneratedCodeInfo)(nil), "google.protobuf.GeneratedCodeInfo")
 	proto.RegisterType((*GeneratedCodeInfo_Annotation)(nil), "google.protobuf.GeneratedCodeInfo.Annotation")
-	proto.RegisterEnum("google.protobuf.FieldDescriptorProto_Type", FieldDescriptorProto_Type_name, FieldDescriptorProto_Type_value)
-	proto.RegisterEnum("google.protobuf.FieldDescriptorProto_Label", FieldDescriptorProto_Label_name, FieldDescriptorProto_Label_value)
-	proto.RegisterEnum("google.protobuf.FileOptions_OptimizeMode", FileOptions_OptimizeMode_name, FileOptions_OptimizeMode_value)
-	proto.RegisterEnum("google.protobuf.FieldOptions_CType", FieldOptions_CType_name, FieldOptions_CType_value)
-	proto.RegisterEnum("google.protobuf.FieldOptions_JSType", FieldOptions_JSType_name, FieldOptions_JSType_value)
-	proto.RegisterEnum("google.protobuf.MethodOptions_IdempotencyLevel", MethodOptions_IdempotencyLevel_name, MethodOptions_IdempotencyLevel_value)
 }
 
 func init() {
-	proto.RegisterFile("google/protobuf/descriptor.proto", fileDescriptor_descriptor_4df4cb5f42392df6)
-}
-
-var fileDescriptor_descriptor_4df4cb5f42392df6 = []byte{
-	// 2555 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x59, 0xdd, 0x6e, 0x1b, 0xc7,
-	0xf5, 0xcf, 0xf2, 0x4b, 0xe4, 0x21, 0x45, 0x8d, 0x46, 0x8a, 0xbd, 0x56, 0x3e, 0x2c, 0x33, 0x1f,
-	0x96, 0x9d, 0x7f, 0xa8, 0xc0, 0xb1, 0x1d, 0x47, 0xfe, 0x23, 0x2d, 0x45, 0xae, 0x15, 0xaa, 0x12,
-	0xc9, 0x2e, 0xa9, 0xe6, 0x03, 0x28, 0x16, 0xa3, 0xdd, 0x21, 0xb9, 0xf6, 0x72, 0x77, 0xb3, 0xbb,
-	0xb4, 0xad, 0xa0, 0x17, 0x06, 0x7a, 0xd5, 0xab, 0xde, 0x16, 0x45, 0xd1, 0x8b, 0xde, 0x04, 0xe8,
-	0x03, 0x14, 0xc8, 0x5d, 0x9f, 0xa0, 0x40, 0xde, 0xa0, 0x68, 0x0b, 0xb4, 0x8f, 0xd0, 0xcb, 0x62,
-	0x66, 0x76, 0x97, 0xbb, 0x24, 0x15, 0x2b, 0x01, 0xe2, 0x5c, 0x91, 0xf3, 0x9b, 0xdf, 0x39, 0x73,
-	0xe6, 0xcc, 0x99, 0x33, 0x67, 0x66, 0x61, 0x7b, 0xe4, 0x38, 0x23, 0x8b, 0xee, 0xba, 0x9e, 0x13,
-	0x38, 0xa7, 0xd3, 0xe1, 0xae, 0x41, 0x7d, 0xdd, 0x33, 0xdd, 0xc0, 0xf1, 0xea, 0x1c, 0xc3, 0x6b,
-	0x82, 0x51, 0x8f, 0x18, 0xb5, 0x63, 0x58, 0x7f, 0x60, 0x5a, 0xb4, 0x15, 0x13, 0xfb, 0x34, 0xc0,
-	0xf7, 0x20, 0x37, 0x34, 0x2d, 0x2a, 0x4b, 0xdb, 0xd9, 0x9d, 0xf2, 0xad, 0x37, 0xeb, 0x73, 0x42,
-	0xf5, 0xb4, 0x44, 0x8f, 0xc1, 0x2a, 0x97, 0xa8, 0xfd, 0x2b, 0x07, 0x1b, 0x4b, 0x7a, 0x31, 0x86,
-	0x9c, 0x4d, 0x26, 0x4c, 0xa3, 0xb4, 0x53, 0x52, 0xf9, 0x7f, 0x2c, 0xc3, 0x8a, 0x4b, 0xf4, 0x47,
-	0x64, 0x44, 0xe5, 0x0c, 0x87, 0xa3, 0x26, 0x7e, 0x1d, 0xc0, 0xa0, 0x2e, 0xb5, 0x0d, 0x6a, 0xeb,
-	0x67, 0x72, 0x76, 0x3b, 0xbb, 0x53, 0x52, 0x13, 0x08, 0x7e, 0x07, 0xd6, 0xdd, 0xe9, 0xa9, 0x65,
-	0xea, 0x5a, 0x82, 0x06, 0xdb, 0xd9, 0x9d, 0xbc, 0x8a, 0x44, 0x47, 0x6b, 0x46, 0xbe, 0x0e, 0x6b,
-	0x4f, 0x28, 0x79, 0x94, 0xa4, 0x96, 0x39, 0xb5, 0xca, 0xe0, 0x04, 0xb1, 0x09, 0x95, 0x09, 0xf5,
-	0x7d, 0x32, 0xa2, 0x5a, 0x70, 0xe6, 0x52, 0x39, 0xc7, 0x67, 0xbf, 0xbd, 0x30, 0xfb, 0xf9, 0x99,
-	0x97, 0x43, 0xa9, 0xc1, 0x99, 0x4b, 0x71, 0x03, 0x4a, 0xd4, 0x9e, 0x4e, 0x84, 0x86, 0xfc, 0x39,
-	0xfe, 0x53, 0xec, 0xe9, 0x64, 0x5e, 0x4b, 0x91, 0x89, 0x85, 0x2a, 0x56, 0x7c, 0xea, 0x3d, 0x36,
-	0x75, 0x2a, 0x17, 0xb8, 0x82, 0xeb, 0x0b, 0x0a, 0xfa, 0xa2, 0x7f, 0x5e, 0x47, 0x24, 0x87, 0x9b,
-	0x50, 0xa2, 0x4f, 0x03, 0x6a, 0xfb, 0xa6, 0x63, 0xcb, 0x2b, 0x5c, 0xc9, 0x5b, 0x4b, 0x56, 0x91,
-	0x5a, 0xc6, 0xbc, 0x8a, 0x99, 0x1c, 0xbe, 0x0b, 0x2b, 0x8e, 0x1b, 0x98, 0x8e, 0xed, 0xcb, 0xc5,
-	0x6d, 0x69, 0xa7, 0x7c, 0xeb, 0xd5, 0xa5, 0x81, 0xd0, 0x15, 0x1c, 0x35, 0x22, 0xe3, 0x36, 0x20,
-	0xdf, 0x99, 0x7a, 0x3a, 0xd5, 0x74, 0xc7, 0xa0, 0x9a, 0x69, 0x0f, 0x1d, 0xb9, 0xc4, 0x15, 0x5c,
-	0x5d, 0x9c, 0x08, 0x27, 0x36, 0x1d, 0x83, 0xb6, 0xed, 0xa1, 0xa3, 0x56, 0xfd, 0x54, 0x1b, 0x5f,
-	0x82, 0x82, 0x7f, 0x66, 0x07, 0xe4, 0xa9, 0x5c, 0xe1, 0x11, 0x12, 0xb6, 0x6a, 0x5f, 0x17, 0x60,
-	0xed, 0x22, 0x21, 0x76, 0x1f, 0xf2, 0x43, 0x36, 0x4b, 0x39, 0xf3, 0x5d, 0x7c, 0x20, 0x64, 0xd2,
-	0x4e, 0x2c, 0x7c, 0x4f, 0x27, 0x36, 0xa0, 0x6c, 0x53, 0x3f, 0xa0, 0x86, 0x88, 0x88, 0xec, 0x05,
-	0x63, 0x0a, 0x84, 0xd0, 0x62, 0x48, 0xe5, 0xbe, 0x57, 0x48, 0x7d, 0x0a, 0x6b, 0xb1, 0x49, 0x9a,
-	0x47, 0xec, 0x51, 0x14, 0x9b, 0xbb, 0xcf, 0xb3, 0xa4, 0xae, 0x44, 0x72, 0x2a, 0x13, 0x53, 0xab,
-	0x34, 0xd5, 0xc6, 0x2d, 0x00, 0xc7, 0xa6, 0xce, 0x50, 0x33, 0xa8, 0x6e, 0xc9, 0xc5, 0x73, 0xbc,
-	0xd4, 0x65, 0x94, 0x05, 0x2f, 0x39, 0x02, 0xd5, 0x2d, 0xfc, 0xe1, 0x2c, 0xd4, 0x56, 0xce, 0x89,
-	0x94, 0x63, 0xb1, 0xc9, 0x16, 0xa2, 0xed, 0x04, 0xaa, 0x1e, 0x65, 0x71, 0x4f, 0x8d, 0x70, 0x66,
-	0x25, 0x6e, 0x44, 0xfd, 0xb9, 0x33, 0x53, 0x43, 0x31, 0x31, 0xb1, 0x55, 0x2f, 0xd9, 0xc4, 0x6f,
-	0x40, 0x0c, 0x68, 0x3c, 0xac, 0x80, 0x67, 0xa1, 0x4a, 0x04, 0x76, 0xc8, 0x84, 0x6e, 0x7d, 0x09,
-	0xd5, 0xb4, 0x7b, 0xf0, 0x26, 0xe4, 0xfd, 0x80, 0x78, 0x01, 0x8f, 0xc2, 0xbc, 0x2a, 0x1a, 0x18,
-	0x41, 0x96, 0xda, 0x06, 0xcf, 0x72, 0x79, 0x95, 0xfd, 0xc5, 0x3f, 0x9d, 0x4d, 0x38, 0xcb, 0x27,
-	0xfc, 0xf6, 0xe2, 0x8a, 0xa6, 0x34, 0xcf, 0xcf, 0x7b, 0xeb, 0x03, 0x58, 0x4d, 0x4d, 0xe0, 0xa2,
-	0x43, 0xd7, 0x7e, 0x05, 0x2f, 0x2f, 0x55, 0x8d, 0x3f, 0x85, 0xcd, 0xa9, 0x6d, 0xda, 0x01, 0xf5,
-	0x5c, 0x8f, 0xb2, 0x88, 0x15, 0x43, 0xc9, 0xff, 0x5e, 0x39, 0x27, 0xe6, 0x4e, 0x92, 0x6c, 0xa1,
-	0x45, 0xdd, 0x98, 0x2e, 0x82, 0x37, 0x4b, 0xc5, 0xff, 0xac, 0xa0, 0x67, 0xcf, 0x9e, 0x3d, 0xcb,
-	0xd4, 0x7e, 0x57, 0x80, 0xcd, 0x65, 0x7b, 0x66, 0xe9, 0xf6, 0xbd, 0x04, 0x05, 0x7b, 0x3a, 0x39,
-	0xa5, 0x1e, 0x77, 0x52, 0x5e, 0x0d, 0x5b, 0xb8, 0x01, 0x79, 0x8b, 0x9c, 0x52, 0x4b, 0xce, 0x6d,
-	0x4b, 0x3b, 0xd5, 0x5b, 0xef, 0x5c, 0x68, 0x57, 0xd6, 0x8f, 0x98, 0x88, 0x2a, 0x24, 0xf1, 0x47,
-	0x90, 0x0b, 0x53, 0x34, 0xd3, 0x70, 0xf3, 0x62, 0x1a, 0xd8, 0x5e, 0x52, 0xb9, 0x1c, 0x7e, 0x05,
-	0x4a, 0xec, 0x57, 0xc4, 0x46, 0x81, 0xdb, 0x5c, 0x64, 0x00, 0x8b, 0x0b, 0xbc, 0x05, 0x45, 0xbe,
-	0x4d, 0x0c, 0x1a, 0x1d, 0x6d, 0x71, 0x9b, 0x05, 0x96, 0x41, 0x87, 0x64, 0x6a, 0x05, 0xda, 0x63,
-	0x62, 0x4d, 0x29, 0x0f, 0xf8, 0x92, 0x5a, 0x09, 0xc1, 0x5f, 0x30, 0x0c, 0x5f, 0x85, 0xb2, 0xd8,
-	0x55, 0xa6, 0x6d, 0xd0, 0xa7, 0x3c, 0x7b, 0xe6, 0x55, 0xb1, 0xd1, 0xda, 0x0c, 0x61, 0xc3, 0x3f,
-	0xf4, 0x1d, 0x3b, 0x0a, 0x4d, 0x3e, 0x04, 0x03, 0xf8, 0xf0, 0x1f, 0xcc, 0x27, 0xee, 0xd7, 0x96,
-	0x4f, 0x6f, 0x3e, 0xa6, 0x6a, 0x7f, 0xc9, 0x40, 0x8e, 0xe7, 0x8b, 0x35, 0x28, 0x0f, 0x3e, 0xeb,
-	0x29, 0x5a, 0xab, 0x7b, 0xb2, 0x7f, 0xa4, 0x20, 0x09, 0x57, 0x01, 0x38, 0xf0, 0xe0, 0xa8, 0xdb,
-	0x18, 0xa0, 0x4c, 0xdc, 0x6e, 0x77, 0x06, 0x77, 0x6f, 0xa3, 0x6c, 0x2c, 0x70, 0x22, 0x80, 0x5c,
-	0x92, 0xf0, 0xfe, 0x2d, 0x94, 0xc7, 0x08, 0x2a, 0x42, 0x41, 0xfb, 0x53, 0xa5, 0x75, 0xf7, 0x36,
-	0x2a, 0xa4, 0x91, 0xf7, 0x6f, 0xa1, 0x15, 0xbc, 0x0a, 0x25, 0x8e, 0xec, 0x77, 0xbb, 0x47, 0xa8,
-	0x18, 0xeb, 0xec, 0x0f, 0xd4, 0x76, 0xe7, 0x00, 0x95, 0x62, 0x9d, 0x07, 0x6a, 0xf7, 0xa4, 0x87,
-	0x20, 0xd6, 0x70, 0xac, 0xf4, 0xfb, 0x8d, 0x03, 0x05, 0x95, 0x63, 0xc6, 0xfe, 0x67, 0x03, 0xa5,
-	0x8f, 0x2a, 0x29, 0xb3, 0xde, 0xbf, 0x85, 0x56, 0xe3, 0x21, 0x94, 0xce, 0xc9, 0x31, 0xaa, 0xe2,
-	0x75, 0x58, 0x15, 0x43, 0x44, 0x46, 0xac, 0xcd, 0x41, 0x77, 0x6f, 0x23, 0x34, 0x33, 0x44, 0x68,
-	0x59, 0x4f, 0x01, 0x77, 0x6f, 0x23, 0x5c, 0x6b, 0x42, 0x9e, 0x47, 0x17, 0xc6, 0x50, 0x3d, 0x6a,
-	0xec, 0x2b, 0x47, 0x5a, 0xb7, 0x37, 0x68, 0x77, 0x3b, 0x8d, 0x23, 0x24, 0xcd, 0x30, 0x55, 0xf9,
-	0xf9, 0x49, 0x5b, 0x55, 0x5a, 0x28, 0x93, 0xc4, 0x7a, 0x4a, 0x63, 0xa0, 0xb4, 0x50, 0xb6, 0xa6,
-	0xc3, 0xe6, 0xb2, 0x3c, 0xb9, 0x74, 0x67, 0x24, 0x96, 0x38, 0x73, 0xce, 0x12, 0x73, 0x5d, 0x0b,
-	0x4b, 0xfc, 0xcf, 0x0c, 0x6c, 0x2c, 0x39, 0x2b, 0x96, 0x0e, 0xf2, 0x13, 0xc8, 0x8b, 0x10, 0x15,
-	0xa7, 0xe7, 0x8d, 0xa5, 0x87, 0x0e, 0x0f, 0xd8, 0x85, 0x13, 0x94, 0xcb, 0x25, 0x2b, 0x88, 0xec,
-	0x39, 0x15, 0x04, 0x53, 0xb1, 0x90, 0xd3, 0x7f, 0xb9, 0x90, 0xd3, 0xc5, 0xb1, 0x77, 0xf7, 0x22,
-	0xc7, 0x1e, 0xc7, 0xbe, 0x5b, 0x6e, 0xcf, 0x2f, 0xc9, 0xed, 0xf7, 0x61, 0x7d, 0x41, 0xd1, 0x85,
-	0x73, 0xec, 0xaf, 0x25, 0x90, 0xcf, 0x73, 0xce, 0x73, 0x32, 0x5d, 0x26, 0x95, 0xe9, 0xee, 0xcf,
-	0x7b, 0xf0, 0xda, 0xf9, 0x8b, 0xb0, 0xb0, 0xd6, 0x5f, 0x49, 0x70, 0x69, 0x79, 0xa5, 0xb8, 0xd4,
-	0x86, 0x8f, 0xa0, 0x30, 0xa1, 0xc1, 0xd8, 0x89, 0xaa, 0xa5, 0xb7, 0x97, 0x9c, 0xc1, 0xac, 0x7b,
-	0x7e, 0xb1, 0x43, 0xa9, 0xe4, 0x21, 0x9e, 0x3d, 0xaf, 0xdc, 0x13, 0xd6, 0x2c, 0x58, 0xfa, 0x9b,
-	0x0c, 0xbc, 0xbc, 0x54, 0xf9, 0x52, 0x43, 0x5f, 0x03, 0x30, 0x6d, 0x77, 0x1a, 0x88, 0x8a, 0x48,
-	0x24, 0xd8, 0x12, 0x47, 0x78, 0xf2, 0x62, 0xc9, 0x73, 0x1a, 0xc4, 0xfd, 0x59, 0xde, 0x0f, 0x02,
-	0xe2, 0x84, 0x7b, 0x33, 0x43, 0x73, 0xdc, 0xd0, 0xd7, 0xcf, 0x99, 0xe9, 0x42, 0x60, 0xbe, 0x07,
-	0x48, 0xb7, 0x4c, 0x6a, 0x07, 0x9a, 0x1f, 0x78, 0x94, 0x4c, 0x4c, 0x7b, 0xc4, 0x4f, 0x90, 0xe2,
-	0x5e, 0x7e, 0x48, 0x2c, 0x9f, 0xaa, 0x6b, 0xa2, 0xbb, 0x1f, 0xf5, 0x32, 0x09, 0x1e, 0x40, 0x5e,
-	0x42, 0xa2, 0x90, 0x92, 0x10, 0xdd, 0xb1, 0x44, 0xed, 0xeb, 0x22, 0x94, 0x13, 0x75, 0x35, 0xbe,
-	0x06, 0x95, 0x87, 0xe4, 0x31, 0xd1, 0xa2, 0xbb, 0x92, 0xf0, 0x44, 0x99, 0x61, 0xbd, 0xf0, 0xbe,
-	0xf4, 0x1e, 0x6c, 0x72, 0x8a, 0x33, 0x0d, 0xa8, 0xa7, 0xe9, 0x16, 0xf1, 0x7d, 0xee, 0xb4, 0x22,
-	0xa7, 0x62, 0xd6, 0xd7, 0x65, 0x5d, 0xcd, 0xa8, 0x07, 0xdf, 0x81, 0x0d, 0x2e, 0x31, 0x99, 0x5a,
-	0x81, 0xe9, 0x5a, 0x54, 0x63, 0xb7, 0x37, 0x9f, 0x9f, 0x24, 0xb1, 0x65, 0xeb, 0x8c, 0x71, 0x1c,
-	0x12, 0x98, 0x45, 0x3e, 0x6e, 0xc1, 0x6b, 0x5c, 0x6c, 0x44, 0x6d, 0xea, 0x91, 0x80, 0x6a, 0xf4,
-	0x8b, 0x29, 0xb1, 0x7c, 0x8d, 0xd8, 0x86, 0x36, 0x26, 0xfe, 0x58, 0xde, 0x64, 0x0a, 0xf6, 0x33,
-	0xb2, 0xa4, 0x5e, 0x61, 0xc4, 0x83, 0x90, 0xa7, 0x70, 0x5a, 0xc3, 0x36, 0x3e, 0x26, 0xfe, 0x18,
-	0xef, 0xc1, 0x25, 0xae, 0xc5, 0x0f, 0x3c, 0xd3, 0x1e, 0x69, 0xfa, 0x98, 0xea, 0x8f, 0xb4, 0x69,
-	0x30, 0xbc, 0x27, 0xbf, 0x92, 0x1c, 0x9f, 0x5b, 0xd8, 0xe7, 0x9c, 0x26, 0xa3, 0x9c, 0x04, 0xc3,
-	0x7b, 0xb8, 0x0f, 0x15, 0xb6, 0x18, 0x13, 0xf3, 0x4b, 0xaa, 0x0d, 0x1d, 0x8f, 0x1f, 0x8d, 0xd5,
-	0x25, 0xa9, 0x29, 0xe1, 0xc1, 0x7a, 0x37, 0x14, 0x38, 0x76, 0x0c, 0xba, 0x97, 0xef, 0xf7, 0x14,
-	0xa5, 0xa5, 0x96, 0x23, 0x2d, 0x0f, 0x1c, 0x8f, 0x05, 0xd4, 0xc8, 0x89, 0x1d, 0x5c, 0x16, 0x01,
-	0x35, 0x72, 0x22, 0xf7, 0xde, 0x81, 0x0d, 0x5d, 0x17, 0x73, 0x36, 0x75, 0x2d, 0xbc, 0x63, 0xf9,
-	0x32, 0x4a, 0x39, 0x4b, 0xd7, 0x0f, 0x04, 0x21, 0x8c, 0x71, 0x1f, 0x7f, 0x08, 0x2f, 0xcf, 0x9c,
-	0x95, 0x14, 0x5c, 0x5f, 0x98, 0xe5, 0xbc, 0xe8, 0x1d, 0xd8, 0x70, 0xcf, 0x16, 0x05, 0x71, 0x6a,
-	0x44, 0xf7, 0x6c, 0x5e, 0xec, 0x03, 0xd8, 0x74, 0xc7, 0xee, 0xa2, 0xdc, 0xcd, 0xa4, 0x1c, 0x76,
-	0xc7, 0xee, 0xbc, 0xe0, 0x5b, 0xfc, 0xc2, 0xed, 0x51, 0x9d, 0x04, 0xd4, 0x90, 0x2f, 0x27, 0xe9,
-	0x89, 0x0e, 0xbc, 0x0b, 0x48, 0xd7, 0x35, 0x6a, 0x93, 0x53, 0x8b, 0x6a, 0xc4, 0xa3, 0x36, 0xf1,
-	0xe5, 0xab, 0x49, 0x72, 0x55, 0xd7, 0x15, 0xde, 0xdb, 0xe0, 0x9d, 0xf8, 0x26, 0xac, 0x3b, 0xa7,
-	0x0f, 0x75, 0x11, 0x92, 0x9a, 0xeb, 0xd1, 0xa1, 0xf9, 0x54, 0x7e, 0x93, 0xfb, 0x77, 0x8d, 0x75,
-	0xf0, 0x80, 0xec, 0x71, 0x18, 0xdf, 0x00, 0xa4, 0xfb, 0x63, 0xe2, 0xb9, 0x3c, 0x27, 0xfb, 0x2e,
-	0xd1, 0xa9, 0xfc, 0x96, 0xa0, 0x0a, 0xbc, 0x13, 0xc1, 0x6c, 0x4b, 0xf8, 0x4f, 0xcc, 0x61, 0x10,
-	0x69, 0xbc, 0x2e, 0xb6, 0x04, 0xc7, 0x42, 0x6d, 0x3b, 0x80, 0x98, 0x2b, 0x52, 0x03, 0xef, 0x70,
-	0x5a, 0xd5, 0x1d, 0xbb, 0xc9, 0x71, 0xdf, 0x80, 0x55, 0xc6, 0x9c, 0x0d, 0x7a, 0x43, 0x14, 0x64,
-	0xee, 0x38, 0x31, 0xe2, 0x0f, 0x56, 0x1b, 0xd7, 0xf6, 0xa0, 0x92, 0x8c, 0x4f, 0x5c, 0x02, 0x11,
-	0xa1, 0x48, 0x62, 0xc5, 0x4a, 0xb3, 0xdb, 0x62, 0x65, 0xc6, 0xe7, 0x0a, 0xca, 0xb0, 0x72, 0xe7,
-	0xa8, 0x3d, 0x50, 0x34, 0xf5, 0xa4, 0x33, 0x68, 0x1f, 0x2b, 0x28, 0x9b, 0xa8, 0xab, 0x0f, 0x73,
-	0xc5, 0xb7, 0xd1, 0xf5, 0xda, 0x37, 0x19, 0xa8, 0xa6, 0x2f, 0x4a, 0xf8, 0xff, 0xe1, 0x72, 0xf4,
-	0xaa, 0xe1, 0xd3, 0x40, 0x7b, 0x62, 0x7a, 0x7c, 0xe3, 0x4c, 0x88, 0x38, 0xc4, 0xe2, 0xa5, 0xdb,
-	0x0c, 0x59, 0x7d, 0x1a, 0x7c, 0x62, 0x7a, 0x6c, 0x5b, 0x4c, 0x48, 0x80, 0x8f, 0xe0, 0xaa, 0xed,
-	0x68, 0x7e, 0x40, 0x6c, 0x83, 0x78, 0x86, 0x36, 0x7b, 0x4f, 0xd2, 0x88, 0xae, 0x53, 0xdf, 0x77,
-	0xc4, 0x81, 0x15, 0x6b, 0x79, 0xd5, 0x76, 0xfa, 0x21, 0x79, 0x96, 0xc9, 0x1b, 0x21, 0x75, 0x2e,
-	0xcc, 0xb2, 0xe7, 0x85, 0xd9, 0x2b, 0x50, 0x9a, 0x10, 0x57, 0xa3, 0x76, 0xe0, 0x9d, 0xf1, 0xf2,
-	0xb8, 0xa8, 0x16, 0x27, 0xc4, 0x55, 0x58, 0xfb, 0x85, 0xdc, 0x52, 0x0e, 0x73, 0xc5, 0x22, 0x2a,
-	0x1d, 0xe6, 0x8a, 0x25, 0x04, 0xb5, 0x7f, 0x64, 0xa1, 0x92, 0x2c, 0x97, 0xd9, 0xed, 0x43, 0xe7,
-	0x27, 0x8b, 0xc4, 0x73, 0xcf, 0x1b, 0xdf, 0x5a, 0x5c, 0xd7, 0x9b, 0xec, 0xc8, 0xd9, 0x2b, 0x88,
-	0x22, 0x56, 0x15, 0x92, 0xec, 0xb8, 0x67, 0xd9, 0x86, 0x8a, 0xa2, 0xa1, 0xa8, 0x86, 0x2d, 0x7c,
-	0x00, 0x85, 0x87, 0x3e, 0xd7, 0x5d, 0xe0, 0xba, 0xdf, 0xfc, 0x76, 0xdd, 0x87, 0x7d, 0xae, 0xbc,
-	0x74, 0xd8, 0xd7, 0x3a, 0x5d, 0xf5, 0xb8, 0x71, 0xa4, 0x86, 0xe2, 0xf8, 0x0a, 0xe4, 0x2c, 0xf2,
-	0xe5, 0x59, 0xfa, 0x70, 0xe2, 0xd0, 0x45, 0x17, 0xe1, 0x0a, 0xe4, 0x9e, 0x50, 0xf2, 0x28, 0x7d,
-	0x24, 0x70, 0xe8, 0x07, 0xdc, 0x0c, 0xbb, 0x90, 0xe7, 0xfe, 0xc2, 0x00, 0xa1, 0xc7, 0xd0, 0x4b,
-	0xb8, 0x08, 0xb9, 0x66, 0x57, 0x65, 0x1b, 0x02, 0x41, 0x45, 0xa0, 0x5a, 0xaf, 0xad, 0x34, 0x15,
-	0x94, 0xa9, 0xdd, 0x81, 0x82, 0x70, 0x02, 0xdb, 0x2c, 0xb1, 0x1b, 0xd0, 0x4b, 0x61, 0x33, 0xd4,
-	0x21, 0x45, 0xbd, 0x27, 0xc7, 0xfb, 0x8a, 0x8a, 0x32, 0xe9, 0xa5, 0xce, 0xa1, 0x7c, 0xcd, 0x87,
-	0x4a, 0xb2, 0x5e, 0x7e, 0x31, 0x77, 0xe1, 0xbf, 0x4a, 0x50, 0x4e, 0xd4, 0xbf, 0xac, 0x70, 0x21,
-	0x96, 0xe5, 0x3c, 0xd1, 0x88, 0x65, 0x12, 0x3f, 0x0c, 0x0d, 0xe0, 0x50, 0x83, 0x21, 0x17, 0x5d,
-	0xba, 0x17, 0xb4, 0x45, 0xf2, 0xa8, 0x50, 0xfb, 0xa3, 0x04, 0x68, 0xbe, 0x00, 0x9d, 0x33, 0x53,
-	0xfa, 0x31, 0xcd, 0xac, 0xfd, 0x41, 0x82, 0x6a, 0xba, 0xea, 0x9c, 0x33, 0xef, 0xda, 0x8f, 0x6a,
-	0xde, 0xdf, 0x33, 0xb0, 0x9a, 0xaa, 0x35, 0x2f, 0x6a, 0xdd, 0x17, 0xb0, 0x6e, 0x1a, 0x74, 0xe2,
-	0x3a, 0x01, 0xb5, 0xf5, 0x33, 0xcd, 0xa2, 0x8f, 0xa9, 0x25, 0xd7, 0x78, 0xd2, 0xd8, 0xfd, 0xf6,
-	0x6a, 0xb6, 0xde, 0x9e, 0xc9, 0x1d, 0x31, 0xb1, 0xbd, 0x8d, 0x76, 0x4b, 0x39, 0xee, 0x75, 0x07,
-	0x4a, 0xa7, 0xf9, 0x99, 0x76, 0xd2, 0xf9, 0x59, 0xa7, 0xfb, 0x49, 0x47, 0x45, 0xe6, 0x1c, 0xed,
-	0x07, 0xdc, 0xf6, 0x3d, 0x40, 0xf3, 0x46, 0xe1, 0xcb, 0xb0, 0xcc, 0x2c, 0xf4, 0x12, 0xde, 0x80,
-	0xb5, 0x4e, 0x57, 0xeb, 0xb7, 0x5b, 0x8a, 0xa6, 0x3c, 0x78, 0xa0, 0x34, 0x07, 0x7d, 0xf1, 0x3e,
-	0x11, 0xb3, 0x07, 0xa9, 0x0d, 0x5e, 0xfb, 0x7d, 0x16, 0x36, 0x96, 0x58, 0x82, 0x1b, 0xe1, 0xcd,
-	0x42, 0x5c, 0x76, 0xde, 0xbd, 0x88, 0xf5, 0x75, 0x56, 0x10, 0xf4, 0x88, 0x17, 0x84, 0x17, 0x91,
-	0x1b, 0xc0, 0xbc, 0x64, 0x07, 0xe6, 0xd0, 0xa4, 0x5e, 0xf8, 0x9c, 0x23, 0xae, 0x1b, 0x6b, 0x33,
-	0x5c, 0xbc, 0xe8, 0xfc, 0x1f, 0x60, 0xd7, 0xf1, 0xcd, 0xc0, 0x7c, 0x4c, 0x35, 0xd3, 0x8e, 0xde,
-	0x7e, 0xd8, 0xf5, 0x23, 0xa7, 0xa2, 0xa8, 0xa7, 0x6d, 0x07, 0x31, 0xdb, 0xa6, 0x23, 0x32, 0xc7,
-	0x66, 0xc9, 0x3c, 0xab, 0xa2, 0xa8, 0x27, 0x66, 0x5f, 0x83, 0x8a, 0xe1, 0x4c, 0x59, 0x4d, 0x26,
-	0x78, 0xec, 0xec, 0x90, 0xd4, 0xb2, 0xc0, 0x62, 0x4a, 0x58, 0x6d, 0xcf, 0x1e, 0x9d, 0x2a, 0x6a,
-	0x59, 0x60, 0x82, 0x72, 0x1d, 0xd6, 0xc8, 0x68, 0xe4, 0x31, 0xe5, 0x91, 0x22, 0x71, 0x7f, 0xa8,
-	0xc6, 0x30, 0x27, 0x6e, 0x1d, 0x42, 0x31, 0xf2, 0x03, 0x3b, 0xaa, 0x99, 0x27, 0x34, 0x57, 0x5c,
-	0x8a, 0x33, 0x3b, 0x25, 0xb5, 0x68, 0x47, 0x9d, 0xd7, 0xa0, 0x62, 0xfa, 0xda, 0xec, 0x0d, 0x3d,
-	0xb3, 0x9d, 0xd9, 0x29, 0xaa, 0x65, 0xd3, 0x8f, 0xdf, 0x1f, 0x6b, 0x5f, 0x65, 0xa0, 0x9a, 0xfe,
-	0x06, 0x80, 0x5b, 0x50, 0xb4, 0x1c, 0x9d, 0xf0, 0xd0, 0x12, 0x1f, 0xa0, 0x76, 0x9e, 0xf3, 0xd9,
-	0xa0, 0x7e, 0x14, 0xf2, 0xd5, 0x58, 0x72, 0xeb, 0x6f, 0x12, 0x14, 0x23, 0x18, 0x5f, 0x82, 0x9c,
-	0x4b, 0x82, 0x31, 0x57, 0x97, 0xdf, 0xcf, 0x20, 0x49, 0xe5, 0x6d, 0x86, 0xfb, 0x2e, 0xb1, 0x79,
-	0x08, 0x84, 0x38, 0x6b, 0xb3, 0x75, 0xb5, 0x28, 0x31, 0xf8, 0xe5, 0xc4, 0x99, 0x4c, 0xa8, 0x1d,
-	0xf8, 0xd1, 0xba, 0x86, 0x78, 0x33, 0x84, 0xf1, 0x3b, 0xb0, 0x1e, 0x78, 0xc4, 0xb4, 0x52, 0xdc,
-	0x1c, 0xe7, 0xa2, 0xa8, 0x23, 0x26, 0xef, 0xc1, 0x95, 0x48, 0xaf, 0x41, 0x03, 0xa2, 0x8f, 0xa9,
-	0x31, 0x13, 0x2a, 0xf0, 0x47, 0x88, 0xcb, 0x21, 0xa1, 0x15, 0xf6, 0x47, 0xb2, 0xb5, 0x6f, 0x24,
-	0x58, 0x8f, 0xae, 0x53, 0x46, 0xec, 0xac, 0x63, 0x00, 0x62, 0xdb, 0x4e, 0x90, 0x74, 0xd7, 0x62,
-	0x28, 0x2f, 0xc8, 0xd5, 0x1b, 0xb1, 0x90, 0x9a, 0x50, 0xb0, 0x35, 0x01, 0x98, 0xf5, 0x9c, 0xeb,
-	0xb6, 0xab, 0x50, 0x0e, 0x3f, 0xf0, 0xf0, 0xaf, 0x84, 0xe2, 0x02, 0x0e, 0x02, 0x62, 0xf7, 0x2e,
-	0xbc, 0x09, 0xf9, 0x53, 0x3a, 0x32, 0xed, 0xf0, 0xd9, 0x56, 0x34, 0xa2, 0x67, 0x92, 0x5c, 0xfc,
-	0x4c, 0xb2, 0xff, 0x5b, 0x09, 0x36, 0x74, 0x67, 0x32, 0x6f, 0xef, 0x3e, 0x9a, 0x7b, 0x05, 0xf0,
-	0x3f, 0x96, 0x3e, 0xff, 0x68, 0x64, 0x06, 0xe3, 0xe9, 0x69, 0x5d, 0x77, 0x26, 0xbb, 0x23, 0xc7,
-	0x22, 0xf6, 0x68, 0xf6, 0x99, 0x93, 0xff, 0xd1, 0xdf, 0x1d, 0x51, 0xfb, 0xdd, 0x91, 0x93, 0xf8,
-	0xe8, 0x79, 0x7f, 0xf6, 0xf7, 0xbf, 0x92, 0xf4, 0xa7, 0x4c, 0xf6, 0xa0, 0xb7, 0xff, 0xe7, 0xcc,
-	0xd6, 0x81, 0x18, 0xae, 0x17, 0xb9, 0x47, 0xa5, 0x43, 0x8b, 0xea, 0x6c, 0xca, 0xff, 0x0b, 0x00,
-	0x00, 0xff, 0xff, 0x1a, 0x28, 0x25, 0x79, 0x42, 0x1d, 0x00, 0x00,
+	proto.RegisterFile("google/protobuf/descriptor.proto", fileDescriptor_e5baabe45344a177)
+}
+
+var fileDescriptor_e5baabe45344a177 = []byte{
+	// 2589 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x59, 0xdd, 0x8e, 0xdb, 0xc6,
+	0x15, 0x0e, 0xf5, 0xb7, 0xd2, 0x91, 0x56, 0x3b, 0x3b, 0xbb, 0xb1, 0xe9, 0xcd, 0x8f, 0xd7, 0xca,
+	0x8f, 0xd7, 0x4e, 0xac, 0x0d, 0x1c, 0xdb, 0x71, 0xd6, 0x45, 0x5a, 0xad, 0x44, 0x6f, 0xe4, 0xee,
+	0x4a, 0x2a, 0xa5, 0x6d, 0x7e, 0x80, 0x82, 0x98, 0x25, 0x47, 0x12, 0x6d, 0x8a, 0x64, 0x48, 0xca,
+	0xf6, 0x06, 0xbd, 0x30, 0xd0, 0xab, 0x5e, 0x15, 0xe8, 0x55, 0x51, 0x14, 0xbd, 0xe8, 0x4d, 0x80,
+	0x3e, 0x40, 0x81, 0xde, 0xf5, 0x09, 0x0a, 0xe4, 0x0d, 0x8a, 0xb6, 0x40, 0xfb, 0x08, 0xbd, 0x2c,
+	0x66, 0x86, 0xa4, 0x48, 0x49, 0x1b, 0x6f, 0x02, 0xc4, 0xb9, 0x92, 0xe6, 0x3b, 0xdf, 0x39, 0x73,
+	0xe6, 0xcc, 0x99, 0x99, 0x33, 0x43, 0xd8, 0x1e, 0x39, 0xce, 0xc8, 0xa2, 0xbb, 0xae, 0xe7, 0x04,
+	0xce, 0xc9, 0x74, 0xb8, 0x6b, 0x50, 0x5f, 0xf7, 0x4c, 0x37, 0x70, 0xbc, 0x3a, 0xc7, 0xf0, 0x9a,
+	0x60, 0xd4, 0x23, 0x46, 0xed, 0x08, 0xd6, 0xef, 0x9b, 0x16, 0x6d, 0xc5, 0xc4, 0x3e, 0x0d, 0xf0,
+	0x5d, 0xc8, 0x0d, 0x4d, 0x8b, 0xca, 0xd2, 0x76, 0x76, 0xa7, 0x7c, 0xf3, 0xcd, 0xfa, 0x9c, 0x52,
+	0x3d, 0xad, 0xd1, 0x63, 0xb0, 0xca, 0x35, 0x6a, 0xff, 0xce, 0xc1, 0xc6, 0x12, 0x29, 0xc6, 0x90,
+	0xb3, 0xc9, 0x84, 0x59, 0x94, 0x76, 0x4a, 0x2a, 0xff, 0x8f, 0x65, 0x58, 0x71, 0x89, 0xfe, 0x88,
+	0x8c, 0xa8, 0x9c, 0xe1, 0x70, 0xd4, 0xc4, 0xaf, 0x03, 0x18, 0xd4, 0xa5, 0xb6, 0x41, 0x6d, 0xfd,
+	0x54, 0xce, 0x6e, 0x67, 0x77, 0x4a, 0x6a, 0x02, 0xc1, 0xef, 0xc0, 0xba, 0x3b, 0x3d, 0xb1, 0x4c,
+	0x5d, 0x4b, 0xd0, 0x60, 0x3b, 0xbb, 0x93, 0x57, 0x91, 0x10, 0xb4, 0x66, 0xe4, 0xab, 0xb0, 0xf6,
+	0x84, 0x92, 0x47, 0x49, 0x6a, 0x99, 0x53, 0xab, 0x0c, 0x4e, 0x10, 0x9b, 0x50, 0x99, 0x50, 0xdf,
+	0x27, 0x23, 0xaa, 0x05, 0xa7, 0x2e, 0x95, 0x73, 0x7c, 0xf4, 0xdb, 0x0b, 0xa3, 0x9f, 0x1f, 0x79,
+	0x39, 0xd4, 0x1a, 0x9c, 0xba, 0x14, 0x37, 0xa0, 0x44, 0xed, 0xe9, 0x44, 0x58, 0xc8, 0x9f, 0x11,
+	0x3f, 0xc5, 0x9e, 0x4e, 0xe6, 0xad, 0x14, 0x99, 0x5a, 0x68, 0x62, 0xc5, 0xa7, 0xde, 0x63, 0x53,
+	0xa7, 0x72, 0x81, 0x1b, 0xb8, 0xba, 0x60, 0xa0, 0x2f, 0xe4, 0xf3, 0x36, 0x22, 0x3d, 0xdc, 0x84,
+	0x12, 0x7d, 0x1a, 0x50, 0xdb, 0x37, 0x1d, 0x5b, 0x5e, 0xe1, 0x46, 0xde, 0x5a, 0x32, 0x8b, 0xd4,
+	0x32, 0xe6, 0x4d, 0xcc, 0xf4, 0xf0, 0x1d, 0x58, 0x71, 0xdc, 0xc0, 0x74, 0x6c, 0x5f, 0x2e, 0x6e,
+	0x4b, 0x3b, 0xe5, 0x9b, 0xaf, 0x2e, 0x4d, 0x84, 0xae, 0xe0, 0xa8, 0x11, 0x19, 0xb7, 0x01, 0xf9,
+	0xce, 0xd4, 0xd3, 0xa9, 0xa6, 0x3b, 0x06, 0xd5, 0x4c, 0x7b, 0xe8, 0xc8, 0x25, 0x6e, 0xe0, 0xf2,
+	0xe2, 0x40, 0x38, 0xb1, 0xe9, 0x18, 0xb4, 0x6d, 0x0f, 0x1d, 0xb5, 0xea, 0xa7, 0xda, 0xf8, 0x02,
+	0x14, 0xfc, 0x53, 0x3b, 0x20, 0x4f, 0xe5, 0x0a, 0xcf, 0x90, 0xb0, 0x55, 0xfb, 0x6b, 0x01, 0xd6,
+	0xce, 0x93, 0x62, 0xf7, 0x20, 0x3f, 0x64, 0xa3, 0x94, 0x33, 0xdf, 0x26, 0x06, 0x42, 0x27, 0x1d,
+	0xc4, 0xc2, 0x77, 0x0c, 0x62, 0x03, 0xca, 0x36, 0xf5, 0x03, 0x6a, 0x88, 0x8c, 0xc8, 0x9e, 0x33,
+	0xa7, 0x40, 0x28, 0x2d, 0xa6, 0x54, 0xee, 0x3b, 0xa5, 0xd4, 0xa7, 0xb0, 0x16, 0xbb, 0xa4, 0x79,
+	0xc4, 0x1e, 0x45, 0xb9, 0xb9, 0xfb, 0x3c, 0x4f, 0xea, 0x4a, 0xa4, 0xa7, 0x32, 0x35, 0xb5, 0x4a,
+	0x53, 0x6d, 0xdc, 0x02, 0x70, 0x6c, 0xea, 0x0c, 0x35, 0x83, 0xea, 0x96, 0x5c, 0x3c, 0x23, 0x4a,
+	0x5d, 0x46, 0x59, 0x88, 0x92, 0x23, 0x50, 0xdd, 0xc2, 0x1f, 0xce, 0x52, 0x6d, 0xe5, 0x8c, 0x4c,
+	0x39, 0x12, 0x8b, 0x6c, 0x21, 0xdb, 0x8e, 0xa1, 0xea, 0x51, 0x96, 0xf7, 0xd4, 0x08, 0x47, 0x56,
+	0xe2, 0x4e, 0xd4, 0x9f, 0x3b, 0x32, 0x35, 0x54, 0x13, 0x03, 0x5b, 0xf5, 0x92, 0x4d, 0xfc, 0x06,
+	0xc4, 0x80, 0xc6, 0xd3, 0x0a, 0xf8, 0x2e, 0x54, 0x89, 0xc0, 0x0e, 0x99, 0xd0, 0xad, 0x2f, 0xa1,
+	0x9a, 0x0e, 0x0f, 0xde, 0x84, 0xbc, 0x1f, 0x10, 0x2f, 0xe0, 0x59, 0x98, 0x57, 0x45, 0x03, 0x23,
+	0xc8, 0x52, 0xdb, 0xe0, 0xbb, 0x5c, 0x5e, 0x65, 0x7f, 0xf1, 0x4f, 0x66, 0x03, 0xce, 0xf2, 0x01,
+	0xbf, 0xbd, 0x38, 0xa3, 0x29, 0xcb, 0xf3, 0xe3, 0xde, 0xfa, 0x00, 0x56, 0x53, 0x03, 0x38, 0x6f,
+	0xd7, 0xb5, 0x5f, 0xc2, 0xcb, 0x4b, 0x4d, 0xe3, 0x4f, 0x61, 0x73, 0x6a, 0x9b, 0x76, 0x40, 0x3d,
+	0xd7, 0xa3, 0x2c, 0x63, 0x45, 0x57, 0xf2, 0x7f, 0x56, 0xce, 0xc8, 0xb9, 0xe3, 0x24, 0x5b, 0x58,
+	0x51, 0x37, 0xa6, 0x8b, 0xe0, 0xf5, 0x52, 0xf1, 0xbf, 0x2b, 0xe8, 0xd9, 0xb3, 0x67, 0xcf, 0x32,
+	0xb5, 0xdf, 0x15, 0x60, 0x73, 0xd9, 0x9a, 0x59, 0xba, 0x7c, 0x2f, 0x40, 0xc1, 0x9e, 0x4e, 0x4e,
+	0xa8, 0xc7, 0x83, 0x94, 0x57, 0xc3, 0x16, 0x6e, 0x40, 0xde, 0x22, 0x27, 0xd4, 0x92, 0x73, 0xdb,
+	0xd2, 0x4e, 0xf5, 0xe6, 0x3b, 0xe7, 0x5a, 0x95, 0xf5, 0x43, 0xa6, 0xa2, 0x0a, 0x4d, 0xfc, 0x11,
+	0xe4, 0xc2, 0x2d, 0x9a, 0x59, 0xb8, 0x7e, 0x3e, 0x0b, 0x6c, 0x2d, 0xa9, 0x5c, 0x0f, 0xbf, 0x02,
+	0x25, 0xf6, 0x2b, 0x72, 0xa3, 0xc0, 0x7d, 0x2e, 0x32, 0x80, 0xe5, 0x05, 0xde, 0x82, 0x22, 0x5f,
+	0x26, 0x06, 0x8d, 0x8e, 0xb6, 0xb8, 0xcd, 0x12, 0xcb, 0xa0, 0x43, 0x32, 0xb5, 0x02, 0xed, 0x31,
+	0xb1, 0xa6, 0x94, 0x27, 0x7c, 0x49, 0xad, 0x84, 0xe0, 0xcf, 0x19, 0x86, 0x2f, 0x43, 0x59, 0xac,
+	0x2a, 0xd3, 0x36, 0xe8, 0x53, 0xbe, 0x7b, 0xe6, 0x55, 0xb1, 0xd0, 0xda, 0x0c, 0x61, 0xdd, 0x3f,
+	0xf4, 0x1d, 0x3b, 0x4a, 0x4d, 0xde, 0x05, 0x03, 0x78, 0xf7, 0x1f, 0xcc, 0x6f, 0xdc, 0xaf, 0x2d,
+	0x1f, 0xde, 0x7c, 0x4e, 0xd5, 0xfe, 0x92, 0x81, 0x1c, 0xdf, 0x2f, 0xd6, 0xa0, 0x3c, 0xf8, 0xac,
+	0xa7, 0x68, 0xad, 0xee, 0xf1, 0xfe, 0xa1, 0x82, 0x24, 0x5c, 0x05, 0xe0, 0xc0, 0xfd, 0xc3, 0x6e,
+	0x63, 0x80, 0x32, 0x71, 0xbb, 0xdd, 0x19, 0xdc, 0xb9, 0x85, 0xb2, 0xb1, 0xc2, 0xb1, 0x00, 0x72,
+	0x49, 0xc2, 0xfb, 0x37, 0x51, 0x1e, 0x23, 0xa8, 0x08, 0x03, 0xed, 0x4f, 0x95, 0xd6, 0x9d, 0x5b,
+	0xa8, 0x90, 0x46, 0xde, 0xbf, 0x89, 0x56, 0xf0, 0x2a, 0x94, 0x38, 0xb2, 0xdf, 0xed, 0x1e, 0xa2,
+	0x62, 0x6c, 0xb3, 0x3f, 0x50, 0xdb, 0x9d, 0x03, 0x54, 0x8a, 0x6d, 0x1e, 0xa8, 0xdd, 0xe3, 0x1e,
+	0x82, 0xd8, 0xc2, 0x91, 0xd2, 0xef, 0x37, 0x0e, 0x14, 0x54, 0x8e, 0x19, 0xfb, 0x9f, 0x0d, 0x94,
+	0x3e, 0xaa, 0xa4, 0xdc, 0x7a, 0xff, 0x26, 0x5a, 0x8d, 0xbb, 0x50, 0x3a, 0xc7, 0x47, 0xa8, 0x8a,
+	0xd7, 0x61, 0x55, 0x74, 0x11, 0x39, 0xb1, 0x36, 0x07, 0xdd, 0xb9, 0x85, 0xd0, 0xcc, 0x11, 0x61,
+	0x65, 0x3d, 0x05, 0xdc, 0xb9, 0x85, 0x70, 0xad, 0x09, 0x79, 0x9e, 0x5d, 0x18, 0x43, 0xf5, 0xb0,
+	0xb1, 0xaf, 0x1c, 0x6a, 0xdd, 0xde, 0xa0, 0xdd, 0xed, 0x34, 0x0e, 0x91, 0x34, 0xc3, 0x54, 0xe5,
+	0x67, 0xc7, 0x6d, 0x55, 0x69, 0xa1, 0x4c, 0x12, 0xeb, 0x29, 0x8d, 0x81, 0xd2, 0x42, 0xd9, 0x9a,
+	0x0e, 0x9b, 0xcb, 0xf6, 0xc9, 0xa5, 0x2b, 0x23, 0x31, 0xc5, 0x99, 0x33, 0xa6, 0x98, 0xdb, 0x5a,
+	0x98, 0xe2, 0x7f, 0x65, 0x60, 0x63, 0xc9, 0x59, 0xb1, 0xb4, 0x93, 0x1f, 0x43, 0x5e, 0xa4, 0xa8,
+	0x38, 0x3d, 0xaf, 0x2d, 0x3d, 0x74, 0x78, 0xc2, 0x2e, 0x9c, 0xa0, 0x5c, 0x2f, 0x59, 0x41, 0x64,
+	0xcf, 0xa8, 0x20, 0x98, 0x89, 0x85, 0x3d, 0xfd, 0x17, 0x0b, 0x7b, 0xba, 0x38, 0xf6, 0xee, 0x9c,
+	0xe7, 0xd8, 0xe3, 0xd8, 0xb7, 0xdb, 0xdb, 0xf3, 0x4b, 0xf6, 0xf6, 0x7b, 0xb0, 0xbe, 0x60, 0xe8,
+	0xdc, 0x7b, 0xec, 0xaf, 0x24, 0x90, 0xcf, 0x0a, 0xce, 0x73, 0x76, 0xba, 0x4c, 0x6a, 0xa7, 0xbb,
+	0x37, 0x1f, 0xc1, 0x2b, 0x67, 0x4f, 0xc2, 0xc2, 0x5c, 0x7f, 0x25, 0xc1, 0x85, 0xe5, 0x95, 0xe2,
+	0x52, 0x1f, 0x3e, 0x82, 0xc2, 0x84, 0x06, 0x63, 0x27, 0xaa, 0x96, 0xde, 0x5e, 0x72, 0x06, 0x33,
+	0xf1, 0xfc, 0x64, 0x87, 0x5a, 0xc9, 0x43, 0x3c, 0x7b, 0x56, 0xb9, 0x27, 0xbc, 0x59, 0xf0, 0xf4,
+	0xd7, 0x19, 0x78, 0x79, 0xa9, 0xf1, 0xa5, 0x8e, 0xbe, 0x06, 0x60, 0xda, 0xee, 0x34, 0x10, 0x15,
+	0x91, 0xd8, 0x60, 0x4b, 0x1c, 0xe1, 0x9b, 0x17, 0xdb, 0x3c, 0xa7, 0x41, 0x2c, 0xcf, 0x72, 0x39,
+	0x08, 0x88, 0x13, 0xee, 0xce, 0x1c, 0xcd, 0x71, 0x47, 0x5f, 0x3f, 0x63, 0xa4, 0x0b, 0x89, 0xf9,
+	0x1e, 0x20, 0xdd, 0x32, 0xa9, 0x1d, 0x68, 0x7e, 0xe0, 0x51, 0x32, 0x31, 0xed, 0x11, 0x3f, 0x41,
+	0x8a, 0x7b, 0xf9, 0x21, 0xb1, 0x7c, 0xaa, 0xae, 0x09, 0x71, 0x3f, 0x92, 0x32, 0x0d, 0x9e, 0x40,
+	0x5e, 0x42, 0xa3, 0x90, 0xd2, 0x10, 0xe2, 0x58, 0xa3, 0xf6, 0xdb, 0x12, 0x94, 0x13, 0x75, 0x35,
+	0xbe, 0x02, 0x95, 0x87, 0xe4, 0x31, 0xd1, 0xa2, 0xbb, 0x92, 0x88, 0x44, 0x99, 0x61, 0xbd, 0xf0,
+	0xbe, 0xf4, 0x1e, 0x6c, 0x72, 0x8a, 0x33, 0x0d, 0xa8, 0xa7, 0xe9, 0x16, 0xf1, 0x7d, 0x1e, 0xb4,
+	0x22, 0xa7, 0x62, 0x26, 0xeb, 0x32, 0x51, 0x33, 0x92, 0xe0, 0xdb, 0xb0, 0xc1, 0x35, 0x26, 0x53,
+	0x2b, 0x30, 0x5d, 0x8b, 0x6a, 0xec, 0xf6, 0xe6, 0xf3, 0x93, 0x24, 0xf6, 0x6c, 0x9d, 0x31, 0x8e,
+	0x42, 0x02, 0xf3, 0xc8, 0xc7, 0x2d, 0x78, 0x8d, 0xab, 0x8d, 0xa8, 0x4d, 0x3d, 0x12, 0x50, 0x8d,
+	0x7e, 0x31, 0x25, 0x96, 0xaf, 0x11, 0xdb, 0xd0, 0xc6, 0xc4, 0x1f, 0xcb, 0x9b, 0xcc, 0xc0, 0x7e,
+	0x46, 0x96, 0xd4, 0x4b, 0x8c, 0x78, 0x10, 0xf2, 0x14, 0x4e, 0x6b, 0xd8, 0xc6, 0xc7, 0xc4, 0x1f,
+	0xe3, 0x3d, 0xb8, 0xc0, 0xad, 0xf8, 0x81, 0x67, 0xda, 0x23, 0x4d, 0x1f, 0x53, 0xfd, 0x91, 0x36,
+	0x0d, 0x86, 0x77, 0xe5, 0x57, 0x92, 0xfd, 0x73, 0x0f, 0xfb, 0x9c, 0xd3, 0x64, 0x94, 0xe3, 0x60,
+	0x78, 0x17, 0xf7, 0xa1, 0xc2, 0x26, 0x63, 0x62, 0x7e, 0x49, 0xb5, 0xa1, 0xe3, 0xf1, 0xa3, 0xb1,
+	0xba, 0x64, 0x6b, 0x4a, 0x44, 0xb0, 0xde, 0x0d, 0x15, 0x8e, 0x1c, 0x83, 0xee, 0xe5, 0xfb, 0x3d,
+	0x45, 0x69, 0xa9, 0xe5, 0xc8, 0xca, 0x7d, 0xc7, 0x63, 0x09, 0x35, 0x72, 0xe2, 0x00, 0x97, 0x45,
+	0x42, 0x8d, 0x9c, 0x28, 0xbc, 0xb7, 0x61, 0x43, 0xd7, 0xc5, 0x98, 0x4d, 0x5d, 0x0b, 0xef, 0x58,
+	0xbe, 0x8c, 0x52, 0xc1, 0xd2, 0xf5, 0x03, 0x41, 0x08, 0x73, 0xdc, 0xc7, 0x1f, 0xc2, 0xcb, 0xb3,
+	0x60, 0x25, 0x15, 0xd7, 0x17, 0x46, 0x39, 0xaf, 0x7a, 0x1b, 0x36, 0xdc, 0xd3, 0x45, 0x45, 0x9c,
+	0xea, 0xd1, 0x3d, 0x9d, 0x57, 0xfb, 0x00, 0x36, 0xdd, 0xb1, 0xbb, 0xa8, 0x77, 0x3d, 0xa9, 0x87,
+	0xdd, 0xb1, 0x3b, 0xaf, 0xf8, 0x16, 0xbf, 0x70, 0x7b, 0x54, 0x27, 0x01, 0x35, 0xe4, 0x8b, 0x49,
+	0x7a, 0x42, 0x80, 0x77, 0x01, 0xe9, 0xba, 0x46, 0x6d, 0x72, 0x62, 0x51, 0x8d, 0x78, 0xd4, 0x26,
+	0xbe, 0x7c, 0x39, 0x49, 0xae, 0xea, 0xba, 0xc2, 0xa5, 0x0d, 0x2e, 0xc4, 0xd7, 0x61, 0xdd, 0x39,
+	0x79, 0xa8, 0x8b, 0x94, 0xd4, 0x5c, 0x8f, 0x0e, 0xcd, 0xa7, 0xf2, 0x9b, 0x3c, 0xbe, 0x6b, 0x4c,
+	0xc0, 0x13, 0xb2, 0xc7, 0x61, 0x7c, 0x0d, 0x90, 0xee, 0x8f, 0x89, 0xe7, 0xf2, 0x3d, 0xd9, 0x77,
+	0x89, 0x4e, 0xe5, 0xb7, 0x04, 0x55, 0xe0, 0x9d, 0x08, 0x66, 0x4b, 0xc2, 0x7f, 0x62, 0x0e, 0x83,
+	0xc8, 0xe2, 0x55, 0xb1, 0x24, 0x38, 0x16, 0x5a, 0xdb, 0x01, 0xc4, 0x42, 0x91, 0xea, 0x78, 0x87,
+	0xd3, 0xaa, 0xee, 0xd8, 0x4d, 0xf6, 0xfb, 0x06, 0xac, 0x32, 0xe6, 0xac, 0xd3, 0x6b, 0xa2, 0x20,
+	0x73, 0xc7, 0x89, 0x1e, 0x6f, 0xc1, 0x05, 0x46, 0x9a, 0xd0, 0x80, 0x18, 0x24, 0x20, 0x09, 0xf6,
+	0xbb, 0x9c, 0xcd, 0xe2, 0x7e, 0x14, 0x0a, 0x53, 0x7e, 0x7a, 0xd3, 0x93, 0xd3, 0x38, 0xb3, 0x6e,
+	0x08, 0x3f, 0x19, 0x16, 0xe5, 0xd6, 0xf7, 0x56, 0x74, 0xd7, 0xf6, 0xa0, 0x92, 0x4c, 0x7c, 0x5c,
+	0x02, 0x91, 0xfa, 0x48, 0x62, 0x55, 0x50, 0xb3, 0xdb, 0x62, 0xf5, 0xcb, 0xe7, 0x0a, 0xca, 0xb0,
+	0x3a, 0xea, 0xb0, 0x3d, 0x50, 0x34, 0xf5, 0xb8, 0x33, 0x68, 0x1f, 0x29, 0x28, 0x9b, 0x28, 0xd8,
+	0x1f, 0xe4, 0x8a, 0x6f, 0xa3, 0xab, 0xb5, 0xaf, 0x33, 0x50, 0x4d, 0xdf, 0xc0, 0xf0, 0x8f, 0xe0,
+	0x62, 0xf4, 0x5c, 0xe2, 0xd3, 0x40, 0x7b, 0x62, 0x7a, 0x7c, 0x45, 0x4e, 0x88, 0x38, 0x1d, 0xe3,
+	0x9c, 0xd8, 0x0c, 0x59, 0x7d, 0x1a, 0x7c, 0x62, 0x7a, 0x6c, 0xbd, 0x4d, 0x48, 0x80, 0x0f, 0xe1,
+	0xb2, 0xed, 0x68, 0x7e, 0x40, 0x6c, 0x83, 0x78, 0x86, 0x36, 0x7b, 0xa8, 0xd2, 0x88, 0xae, 0x53,
+	0xdf, 0x77, 0xc4, 0x49, 0x18, 0x5b, 0x79, 0xd5, 0x76, 0xfa, 0x21, 0x79, 0x76, 0x44, 0x34, 0x42,
+	0xea, 0x5c, 0xfe, 0x66, 0xcf, 0xca, 0xdf, 0x57, 0xa0, 0x34, 0x21, 0xae, 0x46, 0xed, 0xc0, 0x3b,
+	0xe5, 0x75, 0x77, 0x51, 0x2d, 0x4e, 0x88, 0xab, 0xb0, 0xf6, 0x0b, 0xb9, 0xfe, 0x3c, 0xc8, 0x15,
+	0x8b, 0xa8, 0xf4, 0x20, 0x57, 0x2c, 0x21, 0xa8, 0xfd, 0x33, 0x0b, 0x95, 0x64, 0x1d, 0xce, 0xae,
+	0x35, 0x3a, 0x3f, 0xb2, 0x24, 0xbe, 0xa9, 0xbd, 0xf1, 0x8d, 0x55, 0x7b, 0xbd, 0xc9, 0xce, 0xb2,
+	0xbd, 0x82, 0xa8, 0x8e, 0x55, 0xa1, 0xc9, 0xea, 0x08, 0x96, 0x6c, 0x54, 0x54, 0x23, 0x45, 0x35,
+	0x6c, 0xe1, 0x03, 0x28, 0x3c, 0xf4, 0xb9, 0xed, 0x02, 0xb7, 0xfd, 0xe6, 0x37, 0xdb, 0x7e, 0xd0,
+	0xe7, 0xc6, 0x4b, 0x0f, 0xfa, 0x5a, 0xa7, 0xab, 0x1e, 0x35, 0x0e, 0xd5, 0x50, 0x1d, 0x5f, 0x82,
+	0x9c, 0x45, 0xbe, 0x3c, 0x4d, 0x9f, 0x7a, 0x1c, 0x3a, 0xef, 0x24, 0x5c, 0x82, 0xdc, 0x13, 0x4a,
+	0x1e, 0xa5, 0xcf, 0x1a, 0x0e, 0x7d, 0x8f, 0x8b, 0x61, 0x17, 0xf2, 0x3c, 0x5e, 0x18, 0x20, 0x8c,
+	0x18, 0x7a, 0x09, 0x17, 0x21, 0xd7, 0xec, 0xaa, 0x6c, 0x41, 0x20, 0xa8, 0x08, 0x54, 0xeb, 0xb5,
+	0x95, 0xa6, 0x82, 0x32, 0xb5, 0xdb, 0x50, 0x10, 0x41, 0x60, 0x8b, 0x25, 0x0e, 0x03, 0x7a, 0x29,
+	0x6c, 0x86, 0x36, 0xa4, 0x48, 0x7a, 0x7c, 0xb4, 0xaf, 0xa8, 0x28, 0x93, 0x9e, 0xea, 0x1c, 0xca,
+	0xd7, 0x7c, 0xa8, 0x24, 0x0b, 0xf1, 0x17, 0x73, 0xc9, 0xfe, 0x9b, 0x04, 0xe5, 0x44, 0x61, 0xcd,
+	0x2a, 0x22, 0x62, 0x59, 0xce, 0x13, 0x8d, 0x58, 0x26, 0xf1, 0xc3, 0xd4, 0x00, 0x0e, 0x35, 0x18,
+	0x72, 0xde, 0xa9, 0x7b, 0x41, 0x4b, 0x24, 0x8f, 0x0a, 0xb5, 0x3f, 0x4a, 0x80, 0xe6, 0x2b, 0xdb,
+	0x39, 0x37, 0xa5, 0x1f, 0xd2, 0xcd, 0xda, 0x1f, 0x24, 0xa8, 0xa6, 0xcb, 0xd9, 0x39, 0xf7, 0xae,
+	0xfc, 0xa0, 0xee, 0xfd, 0x23, 0x03, 0xab, 0xa9, 0x22, 0xf6, 0xbc, 0xde, 0x7d, 0x01, 0xeb, 0xa6,
+	0x41, 0x27, 0xae, 0x13, 0x50, 0x5b, 0x3f, 0xd5, 0x2c, 0xfa, 0x98, 0x5a, 0x72, 0x8d, 0x6f, 0x1a,
+	0xbb, 0xdf, 0x5c, 0x26, 0xd7, 0xdb, 0x33, 0xbd, 0x43, 0xa6, 0xb6, 0xb7, 0xd1, 0x6e, 0x29, 0x47,
+	0xbd, 0xee, 0x40, 0xe9, 0x34, 0x3f, 0xd3, 0x8e, 0x3b, 0x3f, 0xed, 0x74, 0x3f, 0xe9, 0xa8, 0xc8,
+	0x9c, 0xa3, 0x7d, 0x8f, 0xcb, 0xbe, 0x07, 0x68, 0xde, 0x29, 0x7c, 0x11, 0x96, 0xb9, 0x85, 0x5e,
+	0xc2, 0x1b, 0xb0, 0xd6, 0xe9, 0x6a, 0xfd, 0x76, 0x4b, 0xd1, 0x94, 0xfb, 0xf7, 0x95, 0xe6, 0xa0,
+	0x2f, 0x1e, 0x3e, 0x62, 0xf6, 0x20, 0xb5, 0xc0, 0x6b, 0xbf, 0xcf, 0xc2, 0xc6, 0x12, 0x4f, 0x70,
+	0x23, 0xbc, 0xb2, 0x88, 0x5b, 0xd4, 0x8d, 0xf3, 0x78, 0x5f, 0x67, 0x35, 0x43, 0x8f, 0x78, 0x41,
+	0x78, 0xc3, 0xb9, 0x06, 0x2c, 0x4a, 0x76, 0x60, 0x0e, 0x4d, 0xea, 0x85, 0xef, 0x44, 0xe2, 0x1e,
+	0xb3, 0x36, 0xc3, 0xc5, 0x53, 0xd1, 0xbb, 0x80, 0x5d, 0xc7, 0x37, 0x03, 0xf3, 0x31, 0xd5, 0x4c,
+	0x3b, 0x7a, 0x54, 0x62, 0xf7, 0x9a, 0x9c, 0x8a, 0x22, 0x49, 0xdb, 0x0e, 0x62, 0xb6, 0x4d, 0x47,
+	0x64, 0x8e, 0xcd, 0x36, 0xf3, 0xac, 0x8a, 0x22, 0x49, 0xcc, 0xbe, 0x02, 0x15, 0xc3, 0x99, 0xb2,
+	0x62, 0x4f, 0xf0, 0xd8, 0xd9, 0x21, 0xa9, 0x65, 0x81, 0xc5, 0x94, 0xb0, 0x8c, 0x9f, 0xbd, 0x66,
+	0x55, 0xd4, 0xb2, 0xc0, 0x04, 0xe5, 0x2a, 0xac, 0x91, 0xd1, 0xc8, 0x63, 0xc6, 0x23, 0x43, 0xe2,
+	0x62, 0x52, 0x8d, 0x61, 0x4e, 0xdc, 0x7a, 0x00, 0xc5, 0x28, 0x0e, 0xec, 0xa8, 0x66, 0x91, 0xd0,
+	0x5c, 0x71, 0xdb, 0xce, 0xec, 0x94, 0xd4, 0xa2, 0x1d, 0x09, 0xaf, 0x40, 0xc5, 0xf4, 0xb5, 0xd9,
+	0xe3, 0x7c, 0x66, 0x3b, 0xb3, 0x53, 0x54, 0xcb, 0xa6, 0x1f, 0x3f, 0x6c, 0xd6, 0xbe, 0xca, 0x40,
+	0x35, 0xfd, 0x71, 0x01, 0xb7, 0xa0, 0x68, 0x39, 0x3a, 0xe1, 0xa9, 0x25, 0xbe, 0x6c, 0xed, 0x3c,
+	0xe7, 0x7b, 0x44, 0xfd, 0x30, 0xe4, 0xab, 0xb1, 0xe6, 0xd6, 0xdf, 0x25, 0x28, 0x46, 0x30, 0xbe,
+	0x00, 0x39, 0x97, 0x04, 0x63, 0x6e, 0x2e, 0xbf, 0x9f, 0x41, 0x92, 0xca, 0xdb, 0x0c, 0xf7, 0x5d,
+	0x62, 0xf3, 0x14, 0x08, 0x71, 0xd6, 0x66, 0xf3, 0x6a, 0x51, 0x62, 0xf0, 0x5b, 0x8f, 0x33, 0x99,
+	0x50, 0x3b, 0xf0, 0xa3, 0x79, 0x0d, 0xf1, 0x66, 0x08, 0xe3, 0x77, 0x60, 0x3d, 0xf0, 0x88, 0x69,
+	0xa5, 0xb8, 0x39, 0xce, 0x45, 0x91, 0x20, 0x26, 0xef, 0xc1, 0xa5, 0xc8, 0xae, 0x41, 0x03, 0xa2,
+	0x8f, 0xa9, 0x31, 0x53, 0x2a, 0xf0, 0xd7, 0x8d, 0x8b, 0x21, 0xa1, 0x15, 0xca, 0x23, 0xdd, 0xda,
+	0xd7, 0x12, 0xac, 0x47, 0xf7, 0x34, 0x23, 0x0e, 0xd6, 0x11, 0x00, 0xb1, 0x6d, 0x27, 0x48, 0x86,
+	0x6b, 0x31, 0x95, 0x17, 0xf4, 0xea, 0x8d, 0x58, 0x49, 0x4d, 0x18, 0xd8, 0x9a, 0x00, 0xcc, 0x24,
+	0x67, 0x86, 0xed, 0x32, 0x94, 0xc3, 0x2f, 0x47, 0xfc, 0xf3, 0xa3, 0xb8, 0xd9, 0x83, 0x80, 0xd8,
+	0x85, 0x0e, 0x6f, 0x42, 0xfe, 0x84, 0x8e, 0x4c, 0x3b, 0x7c, 0x0f, 0x16, 0x8d, 0xe8, 0xfd, 0x25,
+	0x17, 0xbf, 0xbf, 0xec, 0xff, 0x46, 0x82, 0x0d, 0xdd, 0x99, 0xcc, 0xfb, 0xbb, 0x8f, 0xe6, 0x9e,
+	0x17, 0xfc, 0x8f, 0xa5, 0xcf, 0x3f, 0x1a, 0x99, 0xc1, 0x78, 0x7a, 0x52, 0xd7, 0x9d, 0xc9, 0xee,
+	0xc8, 0xb1, 0x88, 0x3d, 0x9a, 0x7d, 0x3f, 0xe5, 0x7f, 0xf4, 0x1b, 0x23, 0x6a, 0xdf, 0x18, 0x39,
+	0x89, 0xaf, 0xa9, 0xf7, 0x66, 0x7f, 0xff, 0x27, 0x49, 0x7f, 0xca, 0x64, 0x0f, 0x7a, 0xfb, 0x7f,
+	0xce, 0x6c, 0x1d, 0x88, 0xee, 0x7a, 0x51, 0x78, 0x54, 0x3a, 0xb4, 0xa8, 0xce, 0x86, 0xfc, 0xff,
+	0x00, 0x00, 0x00, 0xff, 0xff, 0x3e, 0xe8, 0xef, 0xc4, 0x9b, 0x1d, 0x00, 0x00,
 }
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.proto b/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.proto
index 8697a50de4a9c..a2102d7aa9960 100644
--- a/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.proto
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.proto
@@ -40,6 +40,7 @@
 syntax = "proto2";
 
 package google.protobuf;
+
 option go_package = "github.com/golang/protobuf/protoc-gen-go/descriptor;descriptor";
 option java_package = "com.google.protobuf";
 option java_outer_classname = "DescriptorProtos";
@@ -59,8 +60,8 @@ message FileDescriptorSet {
 
 // Describes a complete .proto file.
 message FileDescriptorProto {
-  optional string name = 1;       // file name, relative to root of source tree
-  optional string package = 2;    // e.g. "foo", "foo.bar", etc.
+  optional string name = 1;     // file name, relative to root of source tree
+  optional string package = 2;  // e.g. "foo", "foo.bar", etc.
 
   // Names of files imported by this file.
   repeated string dependency = 3;
@@ -100,8 +101,8 @@ message DescriptorProto {
   repeated EnumDescriptorProto enum_type = 4;
 
   message ExtensionRange {
-    optional int32 start = 1;
-    optional int32 end = 2;
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Exclusive.
 
     optional ExtensionRangeOptions options = 3;
   }
@@ -115,8 +116,8 @@ message DescriptorProto {
   // fields or extension ranges in the same message. Reserved ranges may
   // not overlap.
   message ReservedRange {
-    optional int32 start = 1; // Inclusive.
-    optional int32 end = 2;   // Exclusive.
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Exclusive.
   }
   repeated ReservedRange reserved_range = 9;
   // Reserved field names, which may not be used by fields in the same message.
@@ -137,42 +138,42 @@ message FieldDescriptorProto {
   enum Type {
     // 0 is reserved for errors.
     // Order is weird for historical reasons.
-    TYPE_DOUBLE         = 1;
-    TYPE_FLOAT          = 2;
+    TYPE_DOUBLE = 1;
+    TYPE_FLOAT = 2;
     // Not ZigZag encoded.  Negative numbers take 10 bytes.  Use TYPE_SINT64 if
     // negative values are likely.
-    TYPE_INT64          = 3;
-    TYPE_UINT64         = 4;
+    TYPE_INT64 = 3;
+    TYPE_UINT64 = 4;
     // Not ZigZag encoded.  Negative numbers take 10 bytes.  Use TYPE_SINT32 if
     // negative values are likely.
-    TYPE_INT32          = 5;
-    TYPE_FIXED64        = 6;
-    TYPE_FIXED32        = 7;
-    TYPE_BOOL           = 8;
-    TYPE_STRING         = 9;
+    TYPE_INT32 = 5;
+    TYPE_FIXED64 = 6;
+    TYPE_FIXED32 = 7;
+    TYPE_BOOL = 8;
+    TYPE_STRING = 9;
     // Tag-delimited aggregate.
     // Group type is deprecated and not supported in proto3. However, Proto3
     // implementations should still be able to parse the group wire format and
     // treat group fields as unknown fields.
-    TYPE_GROUP          = 10;
-    TYPE_MESSAGE        = 11;  // Length-delimited aggregate.
+    TYPE_GROUP = 10;
+    TYPE_MESSAGE = 11;  // Length-delimited aggregate.
 
     // New in version 2.
-    TYPE_BYTES          = 12;
-    TYPE_UINT32         = 13;
-    TYPE_ENUM           = 14;
-    TYPE_SFIXED32       = 15;
-    TYPE_SFIXED64       = 16;
-    TYPE_SINT32         = 17;  // Uses ZigZag encoding.
-    TYPE_SINT64         = 18;  // Uses ZigZag encoding.
-  };
+    TYPE_BYTES = 12;
+    TYPE_UINT32 = 13;
+    TYPE_ENUM = 14;
+    TYPE_SFIXED32 = 15;
+    TYPE_SFIXED64 = 16;
+    TYPE_SINT32 = 17;  // Uses ZigZag encoding.
+    TYPE_SINT64 = 18;  // Uses ZigZag encoding.
+  }
 
   enum Label {
     // 0 is reserved for errors
-    LABEL_OPTIONAL      = 1;
-    LABEL_REQUIRED      = 2;
-    LABEL_REPEATED      = 3;
-  };
+    LABEL_OPTIONAL = 1;
+    LABEL_REQUIRED = 2;
+    LABEL_REPEATED = 3;
+  }
 
   optional string name = 1;
   optional int32 number = 3;
@@ -234,8 +235,8 @@ message EnumDescriptorProto {
   // is inclusive such that it can appropriately represent the entire int32
   // domain.
   message EnumReservedRange {
-    optional int32 start = 1; // Inclusive.
-    optional int32 end = 2;   // Inclusive.
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Inclusive.
   }
 
   // Range of reserved numeric values. Reserved numeric values may not be used
@@ -276,9 +277,9 @@ message MethodDescriptorProto {
   optional MethodOptions options = 4;
 
   // Identifies if client streams multiple client messages
-  optional bool client_streaming = 5 [default=false];
+  optional bool client_streaming = 5 [default = false];
   // Identifies if server streams multiple server messages
-  optional bool server_streaming = 6 [default=false];
+  optional bool server_streaming = 6 [default = false];
 }
 
 
@@ -314,7 +315,6 @@ message MethodDescriptorProto {
 //   If this turns out to be popular, a web service will be set up
 //   to automatically assign option numbers.
 
-
 message FileOptions {
 
   // Sets the Java package where classes generated from this .proto will be
@@ -337,7 +337,7 @@ message FileOptions {
   // named by java_outer_classname.  However, the outer class will still be
   // generated to contain the file's getDescriptor() method as well as any
   // top-level extensions defined in the file.
-  optional bool java_multiple_files = 10 [default=false];
+  optional bool java_multiple_files = 10 [default = false];
 
   // This option does nothing.
   optional bool java_generate_equals_and_hash = 20 [deprecated=true];
@@ -348,17 +348,17 @@ message FileOptions {
   // Message reflection will do the same.
   // However, an extension field still accepts non-UTF-8 byte sequences.
   // This option has no effect on when used with the lite runtime.
-  optional bool java_string_check_utf8 = 27 [default=false];
+  optional bool java_string_check_utf8 = 27 [default = false];
 
 
   // Generated classes can be optimized for speed or code size.
   enum OptimizeMode {
-    SPEED = 1;        // Generate complete code for parsing, serialization,
-                      // etc.
-    CODE_SIZE = 2;    // Use ReflectionOps to implement these methods.
-    LITE_RUNTIME = 3; // Generate code using MessageLite and the lite runtime.
+    SPEED = 1;         // Generate complete code for parsing, serialization,
+                       // etc.
+    CODE_SIZE = 2;     // Use ReflectionOps to implement these methods.
+    LITE_RUNTIME = 3;  // Generate code using MessageLite and the lite runtime.
   }
-  optional OptimizeMode optimize_for = 9 [default=SPEED];
+  optional OptimizeMode optimize_for = 9 [default = SPEED];
 
   // Sets the Go package where structs generated from this .proto will be
   // placed. If omitted, the Go package will be derived from the following:
@@ -369,6 +369,7 @@ message FileOptions {
 
 
 
+
   // Should generic services be generated in each language?  "Generic" services
   // are not specific to any particular RPC system.  They are generated by the
   // main code generators in each language (without additional plugins).
@@ -379,20 +380,20 @@ message FileOptions {
   // that generate code specific to your particular RPC system.  Therefore,
   // these default to false.  Old code which depends on generic services should
   // explicitly set them to true.
-  optional bool cc_generic_services = 16 [default=false];
-  optional bool java_generic_services = 17 [default=false];
-  optional bool py_generic_services = 18 [default=false];
-  optional bool php_generic_services = 42 [default=false];
+  optional bool cc_generic_services = 16 [default = false];
+  optional bool java_generic_services = 17 [default = false];
+  optional bool py_generic_services = 18 [default = false];
+  optional bool php_generic_services = 42 [default = false];
 
   // Is this file deprecated?
   // Depending on the target platform, this can emit Deprecated annotations
   // for everything in the file, or it will be completely ignored; in the very
   // least, this is a formalization for deprecating files.
-  optional bool deprecated = 23 [default=false];
+  optional bool deprecated = 23 [default = false];
 
   // Enables the use of arenas for the proto messages in this file. This applies
   // only to generated classes for C++.
-  optional bool cc_enable_arenas = 31 [default=false];
+  optional bool cc_enable_arenas = 31 [default = false];
 
 
   // Sets the objective c class prefix which is prepended to all objective c
@@ -417,6 +418,17 @@ message FileOptions {
   // determining the namespace.
   optional string php_namespace = 41;
 
+  // Use this option to change the namespace of php generated metadata classes.
+  // Default is empty. When this option is empty, the proto file name will be
+  // used for determining the namespace.
+  optional string php_metadata_namespace = 44;
+
+  // Use this option to change the package of ruby generated classes. Default
+  // is empty. When this option is not set, the package name will be used for
+  // determining the ruby package.
+  optional string ruby_package = 45;
+
+
   // The parser stores options it doesn't recognize here.
   // See the documentation for the "Options" section above.
   repeated UninterpretedOption uninterpreted_option = 999;
@@ -447,18 +459,18 @@ message MessageOptions {
   //
   // Because this is an option, the above two restrictions are not enforced by
   // the protocol compiler.
-  optional bool message_set_wire_format = 1 [default=false];
+  optional bool message_set_wire_format = 1 [default = false];
 
   // Disables the generation of the standard "descriptor()" accessor, which can
   // conflict with a field of the same name.  This is meant to make migration
   // from proto1 easier; new code should avoid fields named "descriptor".
-  optional bool no_standard_descriptor_accessor = 2 [default=false];
+  optional bool no_standard_descriptor_accessor = 2 [default = false];
 
   // Is this message deprecated?
   // Depending on the target platform, this can emit Deprecated annotations
   // for the message, or it will be completely ignored; in the very least,
   // this is a formalization for deprecating messages.
-  optional bool deprecated = 3 [default=false];
+  optional bool deprecated = 3 [default = false];
 
   // Whether the message is an automatically generated map entry type for the
   // maps field.
@@ -475,7 +487,7 @@ message MessageOptions {
   //
   // Implementations may choose not to generate the map_entry=true message, but
   // use a native map in the target language to hold the keys and values.
-  // The reflection APIs in such implementions still need to work as
+  // The reflection APIs in such implementations still need to work as
   // if the field is a repeated message field.
   //
   // NOTE: Do not set the option in .proto files. Always use the maps syntax
@@ -486,6 +498,7 @@ message MessageOptions {
   reserved 8;  // javalite_serializable
   reserved 9;  // javanano_as_lite
 
+
   // The parser stores options it doesn't recognize here. See above.
   repeated UninterpretedOption uninterpreted_option = 999;
 
@@ -565,16 +578,16 @@ message FieldOptions {
   // implementation must either *always* check its required fields, or *never*
   // check its required fields, regardless of whether or not the message has
   // been parsed.
-  optional bool lazy = 5 [default=false];
+  optional bool lazy = 5 [default = false];
 
   // Is this field deprecated?
   // Depending on the target platform, this can emit Deprecated annotations
   // for accessors, or it will be completely ignored; in the very least, this
   // is a formalization for deprecating fields.
-  optional bool deprecated = 3 [default=false];
+  optional bool deprecated = 3 [default = false];
 
   // For Google-internal migration only. Do not use.
-  optional bool weak = 10 [default=false];
+  optional bool weak = 10 [default = false];
 
 
   // The parser stores options it doesn't recognize here. See above.
@@ -604,7 +617,7 @@ message EnumOptions {
   // Depending on the target platform, this can emit Deprecated annotations
   // for the enum, or it will be completely ignored; in the very least, this
   // is a formalization for deprecating enums.
-  optional bool deprecated = 3 [default=false];
+  optional bool deprecated = 3 [default = false];
 
   reserved 5;  // javanano_as_lite
 
@@ -620,7 +633,7 @@ message EnumValueOptions {
   // Depending on the target platform, this can emit Deprecated annotations
   // for the enum value, or it will be completely ignored; in the very least,
   // this is a formalization for deprecating enum values.
-  optional bool deprecated = 1 [default=false];
+  optional bool deprecated = 1 [default = false];
 
   // The parser stores options it doesn't recognize here. See above.
   repeated UninterpretedOption uninterpreted_option = 999;
@@ -640,7 +653,7 @@ message ServiceOptions {
   // Depending on the target platform, this can emit Deprecated annotations
   // for the service, or it will be completely ignored; in the very least,
   // this is a formalization for deprecating services.
-  optional bool deprecated = 33 [default=false];
+  optional bool deprecated = 33 [default = false];
 
   // The parser stores options it doesn't recognize here. See above.
   repeated UninterpretedOption uninterpreted_option = 999;
@@ -660,18 +673,18 @@ message MethodOptions {
   // Depending on the target platform, this can emit Deprecated annotations
   // for the method, or it will be completely ignored; in the very least,
   // this is a formalization for deprecating methods.
-  optional bool deprecated = 33 [default=false];
+  optional bool deprecated = 33 [default = false];
 
   // Is this method side-effect-free (or safe in HTTP parlance), or idempotent,
   // or neither? HTTP based RPC implementation may choose GET verb for safe
   // methods, and PUT verb for idempotent methods instead of the default POST.
   enum IdempotencyLevel {
     IDEMPOTENCY_UNKNOWN = 0;
-    NO_SIDE_EFFECTS     = 1; // implies idempotent
-    IDEMPOTENT          = 2; // idempotent, but may have side effects
+    NO_SIDE_EFFECTS = 1;  // implies idempotent
+    IDEMPOTENT = 2;       // idempotent, but may have side effects
   }
-  optional IdempotencyLevel idempotency_level =
-      34 [default=IDEMPOTENCY_UNKNOWN];
+  optional IdempotencyLevel idempotency_level = 34
+      [default = IDEMPOTENCY_UNKNOWN];
 
   // The parser stores options it doesn't recognize here. See above.
   repeated UninterpretedOption uninterpreted_option = 999;
@@ -752,7 +765,7 @@ message SourceCodeInfo {
   //   beginning of the "extend" block and is shared by all extensions within
   //   the block.
   // - Just because a location's span is a subset of some other location's span
-  //   does not mean that it is a descendent.  For example, a "group" defines
+  //   does not mean that it is a descendant.  For example, a "group" defines
   //   both a type and a field in a single declaration.  Thus, the locations
   //   corresponding to the type and field and their components will overlap.
   // - Code which tries to interpret locations should probably be designed to
@@ -783,14 +796,14 @@ message SourceCodeInfo {
     //   [ 4, 3, 2, 7 ]
     // this path refers to the whole field declaration (from the beginning
     // of the label to the terminating semicolon).
-    repeated int32 path = 1 [packed=true];
+    repeated int32 path = 1 [packed = true];
 
     // Always has exactly three or four elements: start line, start column,
     // end line (optional, otherwise assumed same as start line), end column.
     // These are packed into a single field for efficiency.  Note that line
     // and column numbers are zero-based -- typically you will want to add
     // 1 to each before displaying to a user.
-    repeated int32 span = 2 [packed=true];
+    repeated int32 span = 2 [packed = true];
 
     // If this SourceCodeInfo represents a complete declaration, these are any
     // comments appearing before and after the declaration which appear to be
@@ -855,7 +868,7 @@ message GeneratedCodeInfo {
   message Annotation {
     // Identifies the element in the original source .proto file. This field
     // is formatted the same as SourceCodeInfo.Location.path.
-    repeated int32 path = 1 [packed=true];
+    repeated int32 path = 1 [packed = true];
 
     // Identifies the filesystem path to the original source .proto.
     optional string source_file = 2;
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/generator/generator.go b/vendor/github.com/golang/protobuf/protoc-gen-go/generator/generator.go
new file mode 100644
index 0000000000000..63b8ca0eed470
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/generator/generator.go
@@ -0,0 +1,2808 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2010 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+/*
+	The code generator for the plugin for the Google protocol buffer compiler.
+	It generates Go code from the protocol buffer description files read by the
+	main routine.
+*/
+package generator
+
+import (
+	"bufio"
+	"bytes"
+	"compress/gzip"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"go/ast"
+	"go/build"
+	"go/parser"
+	"go/printer"
+	"go/token"
+	"log"
+	"os"
+	"path"
+	"sort"
+	"strconv"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/golang/protobuf/protoc-gen-go/generator/internal/remap"
+
+	"github.com/golang/protobuf/protoc-gen-go/descriptor"
+	plugin "github.com/golang/protobuf/protoc-gen-go/plugin"
+)
+
+// generatedCodeVersion indicates a version of the generated code.
+// It is incremented whenever an incompatibility between the generated code and
+// proto package is introduced; the generated code references
+// a constant, proto.ProtoPackageIsVersionN (where N is generatedCodeVersion).
+const generatedCodeVersion = 3
+
+// A Plugin provides functionality to add to the output during Go code generation,
+// such as to produce RPC stubs.
+type Plugin interface {
+	// Name identifies the plugin.
+	Name() string
+	// Init is called once after data structures are built but before
+	// code generation begins.
+	Init(g *Generator)
+	// Generate produces the code generated by the plugin for this file,
+	// except for the imports, by calling the generator's methods P, In, and Out.
+	Generate(file *FileDescriptor)
+	// GenerateImports produces the import declarations for this file.
+	// It is called after Generate.
+	GenerateImports(file *FileDescriptor)
+}
+
+var plugins []Plugin
+
+// RegisterPlugin installs a (second-order) plugin to be run when the Go output is generated.
+// It is typically called during initialization.
+func RegisterPlugin(p Plugin) {
+	plugins = append(plugins, p)
+}
+
+// A GoImportPath is the import path of a Go package. e.g., "google.golang.org/genproto/protobuf".
+type GoImportPath string
+
+func (p GoImportPath) String() string { return strconv.Quote(string(p)) }
+
+// A GoPackageName is the name of a Go package. e.g., "protobuf".
+type GoPackageName string
+
+// Each type we import as a protocol buffer (other than FileDescriptorProto) needs
+// a pointer to the FileDescriptorProto that represents it.  These types achieve that
+// wrapping by placing each Proto inside a struct with the pointer to its File. The
+// structs have the same names as their contents, with "Proto" removed.
+// FileDescriptor is used to store the things that it points to.
+
+// The file and package name method are common to messages and enums.
+type common struct {
+	file *FileDescriptor // File this object comes from.
+}
+
+// GoImportPath is the import path of the Go package containing the type.
+func (c *common) GoImportPath() GoImportPath {
+	return c.file.importPath
+}
+
+func (c *common) File() *FileDescriptor { return c.file }
+
+func fileIsProto3(file *descriptor.FileDescriptorProto) bool {
+	return file.GetSyntax() == "proto3"
+}
+
+func (c *common) proto3() bool { return fileIsProto3(c.file.FileDescriptorProto) }
+
+// Descriptor represents a protocol buffer message.
+type Descriptor struct {
+	common
+	*descriptor.DescriptorProto
+	parent   *Descriptor            // The containing message, if any.
+	nested   []*Descriptor          // Inner messages, if any.
+	enums    []*EnumDescriptor      // Inner enums, if any.
+	ext      []*ExtensionDescriptor // Extensions, if any.
+	typename []string               // Cached typename vector.
+	index    int                    // The index into the container, whether the file or another message.
+	path     string                 // The SourceCodeInfo path as comma-separated integers.
+	group    bool
+}
+
+// TypeName returns the elements of the dotted type name.
+// The package name is not part of this name.
+func (d *Descriptor) TypeName() []string {
+	if d.typename != nil {
+		return d.typename
+	}
+	n := 0
+	for parent := d; parent != nil; parent = parent.parent {
+		n++
+	}
+	s := make([]string, n)
+	for parent := d; parent != nil; parent = parent.parent {
+		n--
+		s[n] = parent.GetName()
+	}
+	d.typename = s
+	return s
+}
+
+// EnumDescriptor describes an enum. If it's at top level, its parent will be nil.
+// Otherwise it will be the descriptor of the message in which it is defined.
+type EnumDescriptor struct {
+	common
+	*descriptor.EnumDescriptorProto
+	parent   *Descriptor // The containing message, if any.
+	typename []string    // Cached typename vector.
+	index    int         // The index into the container, whether the file or a message.
+	path     string      // The SourceCodeInfo path as comma-separated integers.
+}
+
+// TypeName returns the elements of the dotted type name.
+// The package name is not part of this name.
+func (e *EnumDescriptor) TypeName() (s []string) {
+	if e.typename != nil {
+		return e.typename
+	}
+	name := e.GetName()
+	if e.parent == nil {
+		s = make([]string, 1)
+	} else {
+		pname := e.parent.TypeName()
+		s = make([]string, len(pname)+1)
+		copy(s, pname)
+	}
+	s[len(s)-1] = name
+	e.typename = s
+	return s
+}
+
+// Everything but the last element of the full type name, CamelCased.
+// The values of type Foo.Bar are call Foo_value1... not Foo_Bar_value1... .
+func (e *EnumDescriptor) prefix() string {
+	if e.parent == nil {
+		// If the enum is not part of a message, the prefix is just the type name.
+		return CamelCase(*e.Name) + "_"
+	}
+	typeName := e.TypeName()
+	return CamelCaseSlice(typeName[0:len(typeName)-1]) + "_"
+}
+
+// The integer value of the named constant in this enumerated type.
+func (e *EnumDescriptor) integerValueAsString(name string) string {
+	for _, c := range e.Value {
+		if c.GetName() == name {
+			return fmt.Sprint(c.GetNumber())
+		}
+	}
+	log.Fatal("cannot find value for enum constant")
+	return ""
+}
+
+// ExtensionDescriptor describes an extension. If it's at top level, its parent will be nil.
+// Otherwise it will be the descriptor of the message in which it is defined.
+type ExtensionDescriptor struct {
+	common
+	*descriptor.FieldDescriptorProto
+	parent *Descriptor // The containing message, if any.
+}
+
+// TypeName returns the elements of the dotted type name.
+// The package name is not part of this name.
+func (e *ExtensionDescriptor) TypeName() (s []string) {
+	name := e.GetName()
+	if e.parent == nil {
+		// top-level extension
+		s = make([]string, 1)
+	} else {
+		pname := e.parent.TypeName()
+		s = make([]string, len(pname)+1)
+		copy(s, pname)
+	}
+	s[len(s)-1] = name
+	return s
+}
+
+// DescName returns the variable name used for the generated descriptor.
+func (e *ExtensionDescriptor) DescName() string {
+	// The full type name.
+	typeName := e.TypeName()
+	// Each scope of the extension is individually CamelCased, and all are joined with "_" with an "E_" prefix.
+	for i, s := range typeName {
+		typeName[i] = CamelCase(s)
+	}
+	return "E_" + strings.Join(typeName, "_")
+}
+
+// ImportedDescriptor describes a type that has been publicly imported from another file.
+type ImportedDescriptor struct {
+	common
+	o Object
+}
+
+func (id *ImportedDescriptor) TypeName() []string { return id.o.TypeName() }
+
+// FileDescriptor describes an protocol buffer descriptor file (.proto).
+// It includes slices of all the messages and enums defined within it.
+// Those slices are constructed by WrapTypes.
+type FileDescriptor struct {
+	*descriptor.FileDescriptorProto
+	desc []*Descriptor          // All the messages defined in this file.
+	enum []*EnumDescriptor      // All the enums defined in this file.
+	ext  []*ExtensionDescriptor // All the top-level extensions defined in this file.
+	imp  []*ImportedDescriptor  // All types defined in files publicly imported by this file.
+
+	// Comments, stored as a map of path (comma-separated integers) to the comment.
+	comments map[string]*descriptor.SourceCodeInfo_Location
+
+	// The full list of symbols that are exported,
+	// as a map from the exported object to its symbols.
+	// This is used for supporting public imports.
+	exported map[Object][]symbol
+
+	importPath  GoImportPath  // Import path of this file's package.
+	packageName GoPackageName // Name of this file's Go package.
+
+	proto3 bool // whether to generate proto3 code for this file
+}
+
+// VarName is the variable name we'll use in the generated code to refer
+// to the compressed bytes of this descriptor. It is not exported, so
+// it is only valid inside the generated package.
+func (d *FileDescriptor) VarName() string {
+	h := sha256.Sum256([]byte(d.GetName()))
+	return fmt.Sprintf("fileDescriptor_%s", hex.EncodeToString(h[:8]))
+}
+
+// goPackageOption interprets the file's go_package option.
+// If there is no go_package, it returns ("", "", false).
+// If there's a simple name, it returns ("", pkg, true).
+// If the option implies an import path, it returns (impPath, pkg, true).
+func (d *FileDescriptor) goPackageOption() (impPath GoImportPath, pkg GoPackageName, ok bool) {
+	opt := d.GetOptions().GetGoPackage()
+	if opt == "" {
+		return "", "", false
+	}
+	// A semicolon-delimited suffix delimits the import path and package name.
+	sc := strings.Index(opt, ";")
+	if sc >= 0 {
+		return GoImportPath(opt[:sc]), cleanPackageName(opt[sc+1:]), true
+	}
+	// The presence of a slash implies there's an import path.
+	slash := strings.LastIndex(opt, "/")
+	if slash >= 0 {
+		return GoImportPath(opt), cleanPackageName(opt[slash+1:]), true
+	}
+	return "", cleanPackageName(opt), true
+}
+
+// goFileName returns the output name for the generated Go file.
+func (d *FileDescriptor) goFileName(pathType pathType) string {
+	name := *d.Name
+	if ext := path.Ext(name); ext == ".proto" || ext == ".protodevel" {
+		name = name[:len(name)-len(ext)]
+	}
+	name += ".pb.go"
+
+	if pathType == pathTypeSourceRelative {
+		return name
+	}
+
+	// Does the file have a "go_package" option?
+	// If it does, it may override the filename.
+	if impPath, _, ok := d.goPackageOption(); ok && impPath != "" {
+		// Replace the existing dirname with the declared import path.
+		_, name = path.Split(name)
+		name = path.Join(string(impPath), name)
+		return name
+	}
+
+	return name
+}
+
+func (d *FileDescriptor) addExport(obj Object, sym symbol) {
+	d.exported[obj] = append(d.exported[obj], sym)
+}
+
+// symbol is an interface representing an exported Go symbol.
+type symbol interface {
+	// GenerateAlias should generate an appropriate alias
+	// for the symbol from the named package.
+	GenerateAlias(g *Generator, filename string, pkg GoPackageName)
+}
+
+type messageSymbol struct {
+	sym                         string
+	hasExtensions, isMessageSet bool
+	oneofTypes                  []string
+}
+
+type getterSymbol struct {
+	name     string
+	typ      string
+	typeName string // canonical name in proto world; empty for proto.Message and similar
+	genType  bool   // whether typ contains a generated type (message/group/enum)
+}
+
+func (ms *messageSymbol) GenerateAlias(g *Generator, filename string, pkg GoPackageName) {
+	g.P("// ", ms.sym, " from public import ", filename)
+	g.P("type ", ms.sym, " = ", pkg, ".", ms.sym)
+	for _, name := range ms.oneofTypes {
+		g.P("type ", name, " = ", pkg, ".", name)
+	}
+}
+
+type enumSymbol struct {
+	name   string
+	proto3 bool // Whether this came from a proto3 file.
+}
+
+func (es enumSymbol) GenerateAlias(g *Generator, filename string, pkg GoPackageName) {
+	s := es.name
+	g.P("// ", s, " from public import ", filename)
+	g.P("type ", s, " = ", pkg, ".", s)
+	g.P("var ", s, "_name = ", pkg, ".", s, "_name")
+	g.P("var ", s, "_value = ", pkg, ".", s, "_value")
+}
+
+type constOrVarSymbol struct {
+	sym  string
+	typ  string // either "const" or "var"
+	cast string // if non-empty, a type cast is required (used for enums)
+}
+
+func (cs constOrVarSymbol) GenerateAlias(g *Generator, filename string, pkg GoPackageName) {
+	v := string(pkg) + "." + cs.sym
+	if cs.cast != "" {
+		v = cs.cast + "(" + v + ")"
+	}
+	g.P(cs.typ, " ", cs.sym, " = ", v)
+}
+
+// Object is an interface abstracting the abilities shared by enums, messages, extensions and imported objects.
+type Object interface {
+	GoImportPath() GoImportPath
+	TypeName() []string
+	File() *FileDescriptor
+}
+
+// Generator is the type whose methods generate the output, stored in the associated response structure.
+type Generator struct {
+	*bytes.Buffer
+
+	Request  *plugin.CodeGeneratorRequest  // The input.
+	Response *plugin.CodeGeneratorResponse // The output.
+
+	Param             map[string]string // Command-line parameters.
+	PackageImportPath string            // Go import path of the package we're generating code for
+	ImportPrefix      string            // String to prefix to imported package file names.
+	ImportMap         map[string]string // Mapping from .proto file name to import path
+
+	Pkg map[string]string // The names under which we import support packages
+
+	outputImportPath GoImportPath                   // Package we're generating code for.
+	allFiles         []*FileDescriptor              // All files in the tree
+	allFilesByName   map[string]*FileDescriptor     // All files by filename.
+	genFiles         []*FileDescriptor              // Those files we will generate output for.
+	file             *FileDescriptor                // The file we are compiling now.
+	packageNames     map[GoImportPath]GoPackageName // Imported package names in the current file.
+	usedPackages     map[GoImportPath]bool          // Packages used in current file.
+	usedPackageNames map[GoPackageName]bool         // Package names used in the current file.
+	addedImports     map[GoImportPath]bool          // Additional imports to emit.
+	typeNameToObject map[string]Object              // Key is a fully-qualified name in input syntax.
+	init             []string                       // Lines to emit in the init function.
+	indent           string
+	pathType         pathType // How to generate output filenames.
+	writeOutput      bool
+	annotateCode     bool                                       // whether to store annotations
+	annotations      []*descriptor.GeneratedCodeInfo_Annotation // annotations to store
+}
+
+type pathType int
+
+const (
+	pathTypeImport pathType = iota
+	pathTypeSourceRelative
+)
+
+// New creates a new generator and allocates the request and response protobufs.
+func New() *Generator {
+	g := new(Generator)
+	g.Buffer = new(bytes.Buffer)
+	g.Request = new(plugin.CodeGeneratorRequest)
+	g.Response = new(plugin.CodeGeneratorResponse)
+	return g
+}
+
+// Error reports a problem, including an error, and exits the program.
+func (g *Generator) Error(err error, msgs ...string) {
+	s := strings.Join(msgs, " ") + ":" + err.Error()
+	log.Print("protoc-gen-go: error:", s)
+	os.Exit(1)
+}
+
+// Fail reports a problem and exits the program.
+func (g *Generator) Fail(msgs ...string) {
+	s := strings.Join(msgs, " ")
+	log.Print("protoc-gen-go: error:", s)
+	os.Exit(1)
+}
+
+// CommandLineParameters breaks the comma-separated list of key=value pairs
+// in the parameter (a member of the request protobuf) into a key/value map.
+// It then sets file name mappings defined by those entries.
+func (g *Generator) CommandLineParameters(parameter string) {
+	g.Param = make(map[string]string)
+	for _, p := range strings.Split(parameter, ",") {
+		if i := strings.Index(p, "="); i < 0 {
+			g.Param[p] = ""
+		} else {
+			g.Param[p[0:i]] = p[i+1:]
+		}
+	}
+
+	g.ImportMap = make(map[string]string)
+	pluginList := "none" // Default list of plugin names to enable (empty means all).
+	for k, v := range g.Param {
+		switch k {
+		case "import_prefix":
+			g.ImportPrefix = v
+		case "import_path":
+			g.PackageImportPath = v
+		case "paths":
+			switch v {
+			case "import":
+				g.pathType = pathTypeImport
+			case "source_relative":
+				g.pathType = pathTypeSourceRelative
+			default:
+				g.Fail(fmt.Sprintf(`Unknown path type %q: want "import" or "source_relative".`, v))
+			}
+		case "plugins":
+			pluginList = v
+		case "annotate_code":
+			if v == "true" {
+				g.annotateCode = true
+			}
+		default:
+			if len(k) > 0 && k[0] == 'M' {
+				g.ImportMap[k[1:]] = v
+			}
+		}
+	}
+	if pluginList != "" {
+		// Amend the set of plugins.
+		enabled := make(map[string]bool)
+		for _, name := range strings.Split(pluginList, "+") {
+			enabled[name] = true
+		}
+		var nplugins []Plugin
+		for _, p := range plugins {
+			if enabled[p.Name()] {
+				nplugins = append(nplugins, p)
+			}
+		}
+		plugins = nplugins
+	}
+}
+
+// DefaultPackageName returns the package name printed for the object.
+// If its file is in a different package, it returns the package name we're using for this file, plus ".".
+// Otherwise it returns the empty string.
+func (g *Generator) DefaultPackageName(obj Object) string {
+	importPath := obj.GoImportPath()
+	if importPath == g.outputImportPath {
+		return ""
+	}
+	return string(g.GoPackageName(importPath)) + "."
+}
+
+// GoPackageName returns the name used for a package.
+func (g *Generator) GoPackageName(importPath GoImportPath) GoPackageName {
+	if name, ok := g.packageNames[importPath]; ok {
+		return name
+	}
+	name := cleanPackageName(baseName(string(importPath)))
+	for i, orig := 1, name; g.usedPackageNames[name] || isGoPredeclaredIdentifier[string(name)]; i++ {
+		name = orig + GoPackageName(strconv.Itoa(i))
+	}
+	g.packageNames[importPath] = name
+	g.usedPackageNames[name] = true
+	return name
+}
+
+// AddImport adds a package to the generated file's import section.
+// It returns the name used for the package.
+func (g *Generator) AddImport(importPath GoImportPath) GoPackageName {
+	g.addedImports[importPath] = true
+	return g.GoPackageName(importPath)
+}
+
+var globalPackageNames = map[GoPackageName]bool{
+	"fmt":   true,
+	"math":  true,
+	"proto": true,
+}
+
+// Create and remember a guaranteed unique package name. Pkg is the candidate name.
+// The FileDescriptor parameter is unused.
+func RegisterUniquePackageName(pkg string, f *FileDescriptor) string {
+	name := cleanPackageName(pkg)
+	for i, orig := 1, name; globalPackageNames[name]; i++ {
+		name = orig + GoPackageName(strconv.Itoa(i))
+	}
+	globalPackageNames[name] = true
+	return string(name)
+}
+
+var isGoKeyword = map[string]bool{
+	"break":       true,
+	"case":        true,
+	"chan":        true,
+	"const":       true,
+	"continue":    true,
+	"default":     true,
+	"else":        true,
+	"defer":       true,
+	"fallthrough": true,
+	"for":         true,
+	"func":        true,
+	"go":          true,
+	"goto":        true,
+	"if":          true,
+	"import":      true,
+	"interface":   true,
+	"map":         true,
+	"package":     true,
+	"range":       true,
+	"return":      true,
+	"select":      true,
+	"struct":      true,
+	"switch":      true,
+	"type":        true,
+	"var":         true,
+}
+
+var isGoPredeclaredIdentifier = map[string]bool{
+	"append":     true,
+	"bool":       true,
+	"byte":       true,
+	"cap":        true,
+	"close":      true,
+	"complex":    true,
+	"complex128": true,
+	"complex64":  true,
+	"copy":       true,
+	"delete":     true,
+	"error":      true,
+	"false":      true,
+	"float32":    true,
+	"float64":    true,
+	"imag":       true,
+	"int":        true,
+	"int16":      true,
+	"int32":      true,
+	"int64":      true,
+	"int8":       true,
+	"iota":       true,
+	"len":        true,
+	"make":       true,
+	"new":        true,
+	"nil":        true,
+	"panic":      true,
+	"print":      true,
+	"println":    true,
+	"real":       true,
+	"recover":    true,
+	"rune":       true,
+	"string":     true,
+	"true":       true,
+	"uint":       true,
+	"uint16":     true,
+	"uint32":     true,
+	"uint64":     true,
+	"uint8":      true,
+	"uintptr":    true,
+}
+
+func cleanPackageName(name string) GoPackageName {
+	name = strings.Map(badToUnderscore, name)
+	// Identifier must not be keyword or predeclared identifier: insert _.
+	if isGoKeyword[name] {
+		name = "_" + name
+	}
+	// Identifier must not begin with digit: insert _.
+	if r, _ := utf8.DecodeRuneInString(name); unicode.IsDigit(r) {
+		name = "_" + name
+	}
+	return GoPackageName(name)
+}
+
+// defaultGoPackage returns the package name to use,
+// derived from the import path of the package we're building code for.
+func (g *Generator) defaultGoPackage() GoPackageName {
+	p := g.PackageImportPath
+	if i := strings.LastIndex(p, "/"); i >= 0 {
+		p = p[i+1:]
+	}
+	return cleanPackageName(p)
+}
+
+// SetPackageNames sets the package name for this run.
+// The package name must agree across all files being generated.
+// It also defines unique package names for all imported files.
+func (g *Generator) SetPackageNames() {
+	g.outputImportPath = g.genFiles[0].importPath
+
+	defaultPackageNames := make(map[GoImportPath]GoPackageName)
+	for _, f := range g.genFiles {
+		if _, p, ok := f.goPackageOption(); ok {
+			defaultPackageNames[f.importPath] = p
+		}
+	}
+	for _, f := range g.genFiles {
+		if _, p, ok := f.goPackageOption(); ok {
+			// Source file: option go_package = "quux/bar";
+			f.packageName = p
+		} else if p, ok := defaultPackageNames[f.importPath]; ok {
+			// A go_package option in another file in the same package.
+			//
+			// This is a poor choice in general, since every source file should
+			// contain a go_package option. Supported mainly for historical
+			// compatibility.
+			f.packageName = p
+		} else if p := g.defaultGoPackage(); p != "" {
+			// Command-line: import_path=quux/bar.
+			//
+			// The import_path flag sets a package name for files which don't
+			// contain a go_package option.
+			f.packageName = p
+		} else if p := f.GetPackage(); p != "" {
+			// Source file: package quux.bar;
+			f.packageName = cleanPackageName(p)
+		} else {
+			// Source filename.
+			f.packageName = cleanPackageName(baseName(f.GetName()))
+		}
+	}
+
+	// Check that all files have a consistent package name and import path.
+	for _, f := range g.genFiles[1:] {
+		if a, b := g.genFiles[0].importPath, f.importPath; a != b {
+			g.Fail(fmt.Sprintf("inconsistent package import paths: %v, %v", a, b))
+		}
+		if a, b := g.genFiles[0].packageName, f.packageName; a != b {
+			g.Fail(fmt.Sprintf("inconsistent package names: %v, %v", a, b))
+		}
+	}
+
+	// Names of support packages. These never vary (if there are conflicts,
+	// we rename the conflicting package), so this could be removed someday.
+	g.Pkg = map[string]string{
+		"fmt":   "fmt",
+		"math":  "math",
+		"proto": "proto",
+	}
+}
+
+// WrapTypes walks the incoming data, wrapping DescriptorProtos, EnumDescriptorProtos
+// and FileDescriptorProtos into file-referenced objects within the Generator.
+// It also creates the list of files to generate and so should be called before GenerateAllFiles.
+func (g *Generator) WrapTypes() {
+	g.allFiles = make([]*FileDescriptor, 0, len(g.Request.ProtoFile))
+	g.allFilesByName = make(map[string]*FileDescriptor, len(g.allFiles))
+	genFileNames := make(map[string]bool)
+	for _, n := range g.Request.FileToGenerate {
+		genFileNames[n] = true
+	}
+	for _, f := range g.Request.ProtoFile {
+		fd := &FileDescriptor{
+			FileDescriptorProto: f,
+			exported:            make(map[Object][]symbol),
+			proto3:              fileIsProto3(f),
+		}
+		// The import path may be set in a number of ways.
+		if substitution, ok := g.ImportMap[f.GetName()]; ok {
+			// Command-line: M=foo.proto=quux/bar.
+			//
+			// Explicit mapping of source file to import path.
+			fd.importPath = GoImportPath(substitution)
+		} else if genFileNames[f.GetName()] && g.PackageImportPath != "" {
+			// Command-line: import_path=quux/bar.
+			//
+			// The import_path flag sets the import path for every file that
+			// we generate code for.
+			fd.importPath = GoImportPath(g.PackageImportPath)
+		} else if p, _, _ := fd.goPackageOption(); p != "" {
+			// Source file: option go_package = "quux/bar";
+			//
+			// The go_package option sets the import path. Most users should use this.
+			fd.importPath = p
+		} else {
+			// Source filename.
+			//
+			// Last resort when nothing else is available.
+			fd.importPath = GoImportPath(path.Dir(f.GetName()))
+		}
+		// We must wrap the descriptors before we wrap the enums
+		fd.desc = wrapDescriptors(fd)
+		g.buildNestedDescriptors(fd.desc)
+		fd.enum = wrapEnumDescriptors(fd, fd.desc)
+		g.buildNestedEnums(fd.desc, fd.enum)
+		fd.ext = wrapExtensions(fd)
+		extractComments(fd)
+		g.allFiles = append(g.allFiles, fd)
+		g.allFilesByName[f.GetName()] = fd
+	}
+	for _, fd := range g.allFiles {
+		fd.imp = wrapImported(fd, g)
+	}
+
+	g.genFiles = make([]*FileDescriptor, 0, len(g.Request.FileToGenerate))
+	for _, fileName := range g.Request.FileToGenerate {
+		fd := g.allFilesByName[fileName]
+		if fd == nil {
+			g.Fail("could not find file named", fileName)
+		}
+		g.genFiles = append(g.genFiles, fd)
+	}
+}
+
+// Scan the descriptors in this file.  For each one, build the slice of nested descriptors
+func (g *Generator) buildNestedDescriptors(descs []*Descriptor) {
+	for _, desc := range descs {
+		if len(desc.NestedType) != 0 {
+			for _, nest := range descs {
+				if nest.parent == desc {
+					desc.nested = append(desc.nested, nest)
+				}
+			}
+			if len(desc.nested) != len(desc.NestedType) {
+				g.Fail("internal error: nesting failure for", desc.GetName())
+			}
+		}
+	}
+}
+
+func (g *Generator) buildNestedEnums(descs []*Descriptor, enums []*EnumDescriptor) {
+	for _, desc := range descs {
+		if len(desc.EnumType) != 0 {
+			for _, enum := range enums {
+				if enum.parent == desc {
+					desc.enums = append(desc.enums, enum)
+				}
+			}
+			if len(desc.enums) != len(desc.EnumType) {
+				g.Fail("internal error: enum nesting failure for", desc.GetName())
+			}
+		}
+	}
+}
+
+// Construct the Descriptor
+func newDescriptor(desc *descriptor.DescriptorProto, parent *Descriptor, file *FileDescriptor, index int) *Descriptor {
+	d := &Descriptor{
+		common:          common{file},
+		DescriptorProto: desc,
+		parent:          parent,
+		index:           index,
+	}
+	if parent == nil {
+		d.path = fmt.Sprintf("%d,%d", messagePath, index)
+	} else {
+		d.path = fmt.Sprintf("%s,%d,%d", parent.path, messageMessagePath, index)
+	}
+
+	// The only way to distinguish a group from a message is whether
+	// the containing message has a TYPE_GROUP field that matches.
+	if parent != nil {
+		parts := d.TypeName()
+		if file.Package != nil {
+			parts = append([]string{*file.Package}, parts...)
+		}
+		exp := "." + strings.Join(parts, ".")
+		for _, field := range parent.Field {
+			if field.GetType() == descriptor.FieldDescriptorProto_TYPE_GROUP && field.GetTypeName() == exp {
+				d.group = true
+				break
+			}
+		}
+	}
+
+	for _, field := range desc.Extension {
+		d.ext = append(d.ext, &ExtensionDescriptor{common{file}, field, d})
+	}
+
+	return d
+}
+
+// Return a slice of all the Descriptors defined within this file
+func wrapDescriptors(file *FileDescriptor) []*Descriptor {
+	sl := make([]*Descriptor, 0, len(file.MessageType)+10)
+	for i, desc := range file.MessageType {
+		sl = wrapThisDescriptor(sl, desc, nil, file, i)
+	}
+	return sl
+}
+
+// Wrap this Descriptor, recursively
+func wrapThisDescriptor(sl []*Descriptor, desc *descriptor.DescriptorProto, parent *Descriptor, file *FileDescriptor, index int) []*Descriptor {
+	sl = append(sl, newDescriptor(desc, parent, file, index))
+	me := sl[len(sl)-1]
+	for i, nested := range desc.NestedType {
+		sl = wrapThisDescriptor(sl, nested, me, file, i)
+	}
+	return sl
+}
+
+// Construct the EnumDescriptor
+func newEnumDescriptor(desc *descriptor.EnumDescriptorProto, parent *Descriptor, file *FileDescriptor, index int) *EnumDescriptor {
+	ed := &EnumDescriptor{
+		common:              common{file},
+		EnumDescriptorProto: desc,
+		parent:              parent,
+		index:               index,
+	}
+	if parent == nil {
+		ed.path = fmt.Sprintf("%d,%d", enumPath, index)
+	} else {
+		ed.path = fmt.Sprintf("%s,%d,%d", parent.path, messageEnumPath, index)
+	}
+	return ed
+}
+
+// Return a slice of all the EnumDescriptors defined within this file
+func wrapEnumDescriptors(file *FileDescriptor, descs []*Descriptor) []*EnumDescriptor {
+	sl := make([]*EnumDescriptor, 0, len(file.EnumType)+10)
+	// Top-level enums.
+	for i, enum := range file.EnumType {
+		sl = append(sl, newEnumDescriptor(enum, nil, file, i))
+	}
+	// Enums within messages. Enums within embedded messages appear in the outer-most message.
+	for _, nested := range descs {
+		for i, enum := range nested.EnumType {
+			sl = append(sl, newEnumDescriptor(enum, nested, file, i))
+		}
+	}
+	return sl
+}
+
+// Return a slice of all the top-level ExtensionDescriptors defined within this file.
+func wrapExtensions(file *FileDescriptor) []*ExtensionDescriptor {
+	var sl []*ExtensionDescriptor
+	for _, field := range file.Extension {
+		sl = append(sl, &ExtensionDescriptor{common{file}, field, nil})
+	}
+	return sl
+}
+
+// Return a slice of all the types that are publicly imported into this file.
+func wrapImported(file *FileDescriptor, g *Generator) (sl []*ImportedDescriptor) {
+	for _, index := range file.PublicDependency {
+		df := g.fileByName(file.Dependency[index])
+		for _, d := range df.desc {
+			if d.GetOptions().GetMapEntry() {
+				continue
+			}
+			sl = append(sl, &ImportedDescriptor{common{file}, d})
+		}
+		for _, e := range df.enum {
+			sl = append(sl, &ImportedDescriptor{common{file}, e})
+		}
+		for _, ext := range df.ext {
+			sl = append(sl, &ImportedDescriptor{common{file}, ext})
+		}
+	}
+	return
+}
+
+func extractComments(file *FileDescriptor) {
+	file.comments = make(map[string]*descriptor.SourceCodeInfo_Location)
+	for _, loc := range file.GetSourceCodeInfo().GetLocation() {
+		if loc.LeadingComments == nil {
+			continue
+		}
+		var p []string
+		for _, n := range loc.Path {
+			p = append(p, strconv.Itoa(int(n)))
+		}
+		file.comments[strings.Join(p, ",")] = loc
+	}
+}
+
+// BuildTypeNameMap builds the map from fully qualified type names to objects.
+// The key names for the map come from the input data, which puts a period at the beginning.
+// It should be called after SetPackageNames and before GenerateAllFiles.
+func (g *Generator) BuildTypeNameMap() {
+	g.typeNameToObject = make(map[string]Object)
+	for _, f := range g.allFiles {
+		// The names in this loop are defined by the proto world, not us, so the
+		// package name may be empty.  If so, the dotted package name of X will
+		// be ".X"; otherwise it will be ".pkg.X".
+		dottedPkg := "." + f.GetPackage()
+		if dottedPkg != "." {
+			dottedPkg += "."
+		}
+		for _, enum := range f.enum {
+			name := dottedPkg + dottedSlice(enum.TypeName())
+			g.typeNameToObject[name] = enum
+		}
+		for _, desc := range f.desc {
+			name := dottedPkg + dottedSlice(desc.TypeName())
+			g.typeNameToObject[name] = desc
+		}
+	}
+}
+
+// ObjectNamed, given a fully-qualified input type name as it appears in the input data,
+// returns the descriptor for the message or enum with that name.
+func (g *Generator) ObjectNamed(typeName string) Object {
+	o, ok := g.typeNameToObject[typeName]
+	if !ok {
+		g.Fail("can't find object with type", typeName)
+	}
+	return o
+}
+
+// AnnotatedAtoms is a list of atoms (as consumed by P) that records the file name and proto AST path from which they originated.
+type AnnotatedAtoms struct {
+	source string
+	path   string
+	atoms  []interface{}
+}
+
+// Annotate records the file name and proto AST path of a list of atoms
+// so that a later call to P can emit a link from each atom to its origin.
+func Annotate(file *FileDescriptor, path string, atoms ...interface{}) *AnnotatedAtoms {
+	return &AnnotatedAtoms{source: *file.Name, path: path, atoms: atoms}
+}
+
+// printAtom prints the (atomic, non-annotation) argument to the generated output.
+func (g *Generator) printAtom(v interface{}) {
+	switch v := v.(type) {
+	case string:
+		g.WriteString(v)
+	case *string:
+		g.WriteString(*v)
+	case bool:
+		fmt.Fprint(g, v)
+	case *bool:
+		fmt.Fprint(g, *v)
+	case int:
+		fmt.Fprint(g, v)
+	case *int32:
+		fmt.Fprint(g, *v)
+	case *int64:
+		fmt.Fprint(g, *v)
+	case float64:
+		fmt.Fprint(g, v)
+	case *float64:
+		fmt.Fprint(g, *v)
+	case GoPackageName:
+		g.WriteString(string(v))
+	case GoImportPath:
+		g.WriteString(strconv.Quote(string(v)))
+	default:
+		g.Fail(fmt.Sprintf("unknown type in printer: %T", v))
+	}
+}
+
+// P prints the arguments to the generated output.  It handles strings and int32s, plus
+// handling indirections because they may be *string, etc.  Any inputs of type AnnotatedAtoms may emit
+// annotations in a .meta file in addition to outputting the atoms themselves (if g.annotateCode
+// is true).
+func (g *Generator) P(str ...interface{}) {
+	if !g.writeOutput {
+		return
+	}
+	g.WriteString(g.indent)
+	for _, v := range str {
+		switch v := v.(type) {
+		case *AnnotatedAtoms:
+			begin := int32(g.Len())
+			for _, v := range v.atoms {
+				g.printAtom(v)
+			}
+			if g.annotateCode {
+				end := int32(g.Len())
+				var path []int32
+				for _, token := range strings.Split(v.path, ",") {
+					val, err := strconv.ParseInt(token, 10, 32)
+					if err != nil {
+						g.Fail("could not parse proto AST path: ", err.Error())
+					}
+					path = append(path, int32(val))
+				}
+				g.annotations = append(g.annotations, &descriptor.GeneratedCodeInfo_Annotation{
+					Path:       path,
+					SourceFile: &v.source,
+					Begin:      &begin,
+					End:        &end,
+				})
+			}
+		default:
+			g.printAtom(v)
+		}
+	}
+	g.WriteByte('\n')
+}
+
+// addInitf stores the given statement to be printed inside the file's init function.
+// The statement is given as a format specifier and arguments.
+func (g *Generator) addInitf(stmt string, a ...interface{}) {
+	g.init = append(g.init, fmt.Sprintf(stmt, a...))
+}
+
+// In Indents the output one tab stop.
+func (g *Generator) In() { g.indent += "\t" }
+
+// Out unindents the output one tab stop.
+func (g *Generator) Out() {
+	if len(g.indent) > 0 {
+		g.indent = g.indent[1:]
+	}
+}
+
+// GenerateAllFiles generates the output for all the files we're outputting.
+func (g *Generator) GenerateAllFiles() {
+	// Initialize the plugins
+	for _, p := range plugins {
+		p.Init(g)
+	}
+	// Generate the output. The generator runs for every file, even the files
+	// that we don't generate output for, so that we can collate the full list
+	// of exported symbols to support public imports.
+	genFileMap := make(map[*FileDescriptor]bool, len(g.genFiles))
+	for _, file := range g.genFiles {
+		genFileMap[file] = true
+	}
+	for _, file := range g.allFiles {
+		g.Reset()
+		g.annotations = nil
+		g.writeOutput = genFileMap[file]
+		g.generate(file)
+		if !g.writeOutput {
+			continue
+		}
+		fname := file.goFileName(g.pathType)
+		g.Response.File = append(g.Response.File, &plugin.CodeGeneratorResponse_File{
+			Name:    proto.String(fname),
+			Content: proto.String(g.String()),
+		})
+		if g.annotateCode {
+			// Store the generated code annotations in text, as the protoc plugin protocol requires that
+			// strings contain valid UTF-8.
+			g.Response.File = append(g.Response.File, &plugin.CodeGeneratorResponse_File{
+				Name:    proto.String(file.goFileName(g.pathType) + ".meta"),
+				Content: proto.String(proto.CompactTextString(&descriptor.GeneratedCodeInfo{Annotation: g.annotations})),
+			})
+		}
+	}
+}
+
+// Run all the plugins associated with the file.
+func (g *Generator) runPlugins(file *FileDescriptor) {
+	for _, p := range plugins {
+		p.Generate(file)
+	}
+}
+
+// Fill the response protocol buffer with the generated output for all the files we're
+// supposed to generate.
+func (g *Generator) generate(file *FileDescriptor) {
+	g.file = file
+	g.usedPackages = make(map[GoImportPath]bool)
+	g.packageNames = make(map[GoImportPath]GoPackageName)
+	g.usedPackageNames = make(map[GoPackageName]bool)
+	g.addedImports = make(map[GoImportPath]bool)
+	for name := range globalPackageNames {
+		g.usedPackageNames[name] = true
+	}
+
+	g.P("// This is a compile-time assertion to ensure that this generated file")
+	g.P("// is compatible with the proto package it is being compiled against.")
+	g.P("// A compilation error at this line likely means your copy of the")
+	g.P("// proto package needs to be updated.")
+	g.P("const _ = ", g.Pkg["proto"], ".ProtoPackageIsVersion", generatedCodeVersion, " // please upgrade the proto package")
+	g.P()
+
+	for _, td := range g.file.imp {
+		g.generateImported(td)
+	}
+	for _, enum := range g.file.enum {
+		g.generateEnum(enum)
+	}
+	for _, desc := range g.file.desc {
+		// Don't generate virtual messages for maps.
+		if desc.GetOptions().GetMapEntry() {
+			continue
+		}
+		g.generateMessage(desc)
+	}
+	for _, ext := range g.file.ext {
+		g.generateExtension(ext)
+	}
+	g.generateInitFunction()
+	g.generateFileDescriptor(file)
+
+	// Run the plugins before the imports so we know which imports are necessary.
+	g.runPlugins(file)
+
+	// Generate header and imports last, though they appear first in the output.
+	rem := g.Buffer
+	remAnno := g.annotations
+	g.Buffer = new(bytes.Buffer)
+	g.annotations = nil
+	g.generateHeader()
+	g.generateImports()
+	if !g.writeOutput {
+		return
+	}
+	// Adjust the offsets for annotations displaced by the header and imports.
+	for _, anno := range remAnno {
+		*anno.Begin += int32(g.Len())
+		*anno.End += int32(g.Len())
+		g.annotations = append(g.annotations, anno)
+	}
+	g.Write(rem.Bytes())
+
+	// Reformat generated code and patch annotation locations.
+	fset := token.NewFileSet()
+	original := g.Bytes()
+	if g.annotateCode {
+		// make a copy independent of g; we'll need it after Reset.
+		original = append([]byte(nil), original...)
+	}
+	fileAST, err := parser.ParseFile(fset, "", original, parser.ParseComments)
+	if err != nil {
+		// Print out the bad code with line numbers.
+		// This should never happen in practice, but it can while changing generated code,
+		// so consider this a debugging aid.
+		var src bytes.Buffer
+		s := bufio.NewScanner(bytes.NewReader(original))
+		for line := 1; s.Scan(); line++ {
+			fmt.Fprintf(&src, "%5d\t%s\n", line, s.Bytes())
+		}
+		g.Fail("bad Go source code was generated:", err.Error(), "\n"+src.String())
+	}
+	ast.SortImports(fset, fileAST)
+	g.Reset()
+	err = (&printer.Config{Mode: printer.TabIndent | printer.UseSpaces, Tabwidth: 8}).Fprint(g, fset, fileAST)
+	if err != nil {
+		g.Fail("generated Go source code could not be reformatted:", err.Error())
+	}
+	if g.annotateCode {
+		m, err := remap.Compute(original, g.Bytes())
+		if err != nil {
+			g.Fail("formatted generated Go source code could not be mapped back to the original code:", err.Error())
+		}
+		for _, anno := range g.annotations {
+			new, ok := m.Find(int(*anno.Begin), int(*anno.End))
+			if !ok {
+				g.Fail("span in formatted generated Go source code could not be mapped back to the original code")
+			}
+			*anno.Begin = int32(new.Pos)
+			*anno.End = int32(new.End)
+		}
+	}
+}
+
+// Generate the header, including package definition
+func (g *Generator) generateHeader() {
+	g.P("// Code generated by protoc-gen-go. DO NOT EDIT.")
+	if g.file.GetOptions().GetDeprecated() {
+		g.P("// ", g.file.Name, " is a deprecated file.")
+	} else {
+		g.P("// source: ", g.file.Name)
+	}
+	g.P()
+	g.PrintComments(strconv.Itoa(packagePath))
+	g.P()
+	g.P("package ", g.file.packageName)
+	g.P()
+}
+
+// deprecationComment is the standard comment added to deprecated
+// messages, fields, enums, and enum values.
+var deprecationComment = "// Deprecated: Do not use."
+
+// PrintComments prints any comments from the source .proto file.
+// The path is a comma-separated list of integers.
+// It returns an indication of whether any comments were printed.
+// See descriptor.proto for its format.
+func (g *Generator) PrintComments(path string) bool {
+	if !g.writeOutput {
+		return false
+	}
+	if c, ok := g.makeComments(path); ok {
+		g.P(c)
+		return true
+	}
+	return false
+}
+
+// makeComments generates the comment string for the field, no "\n" at the end
+func (g *Generator) makeComments(path string) (string, bool) {
+	loc, ok := g.file.comments[path]
+	if !ok {
+		return "", false
+	}
+	w := new(bytes.Buffer)
+	nl := ""
+	for _, line := range strings.Split(strings.TrimSuffix(loc.GetLeadingComments(), "\n"), "\n") {
+		fmt.Fprintf(w, "%s//%s", nl, line)
+		nl = "\n"
+	}
+	return w.String(), true
+}
+
+func (g *Generator) fileByName(filename string) *FileDescriptor {
+	return g.allFilesByName[filename]
+}
+
+// weak returns whether the ith import of the current file is a weak import.
+func (g *Generator) weak(i int32) bool {
+	for _, j := range g.file.WeakDependency {
+		if j == i {
+			return true
+		}
+	}
+	return false
+}
+
+// Generate the imports
+func (g *Generator) generateImports() {
+	imports := make(map[GoImportPath]GoPackageName)
+	for i, s := range g.file.Dependency {
+		fd := g.fileByName(s)
+		importPath := fd.importPath
+		// Do not import our own package.
+		if importPath == g.file.importPath {
+			continue
+		}
+		// Do not import weak imports.
+		if g.weak(int32(i)) {
+			continue
+		}
+		// Do not import a package twice.
+		if _, ok := imports[importPath]; ok {
+			continue
+		}
+		// We need to import all the dependencies, even if we don't reference them,
+		// because other code and tools depend on having the full transitive closure
+		// of protocol buffer types in the binary.
+		packageName := g.GoPackageName(importPath)
+		if _, ok := g.usedPackages[importPath]; !ok {
+			packageName = "_"
+		}
+		imports[importPath] = packageName
+	}
+	for importPath := range g.addedImports {
+		imports[importPath] = g.GoPackageName(importPath)
+	}
+	// We almost always need a proto import.  Rather than computing when we
+	// do, which is tricky when there's a plugin, just import it and
+	// reference it later. The same argument applies to the fmt and math packages.
+	g.P("import (")
+	g.P(g.Pkg["fmt"] + ` "fmt"`)
+	g.P(g.Pkg["math"] + ` "math"`)
+	g.P(g.Pkg["proto"]+" ", GoImportPath(g.ImportPrefix)+"github.com/golang/protobuf/proto")
+	for importPath, packageName := range imports {
+		g.P(packageName, " ", GoImportPath(g.ImportPrefix)+importPath)
+	}
+	g.P(")")
+	g.P()
+	// TODO: may need to worry about uniqueness across plugins
+	for _, p := range plugins {
+		p.GenerateImports(g.file)
+		g.P()
+	}
+	g.P("// Reference imports to suppress errors if they are not otherwise used.")
+	g.P("var _ = ", g.Pkg["proto"], ".Marshal")
+	g.P("var _ = ", g.Pkg["fmt"], ".Errorf")
+	g.P("var _ = ", g.Pkg["math"], ".Inf")
+	g.P()
+}
+
+func (g *Generator) generateImported(id *ImportedDescriptor) {
+	df := id.o.File()
+	filename := *df.Name
+	if df.importPath == g.file.importPath {
+		// Don't generate type aliases for files in the same Go package as this one.
+		return
+	}
+	if !supportTypeAliases {
+		g.Fail(fmt.Sprintf("%s: public imports require at least go1.9", filename))
+	}
+	g.usedPackages[df.importPath] = true
+
+	for _, sym := range df.exported[id.o] {
+		sym.GenerateAlias(g, filename, g.GoPackageName(df.importPath))
+	}
+
+	g.P()
+}
+
+// Generate the enum definitions for this EnumDescriptor.
+func (g *Generator) generateEnum(enum *EnumDescriptor) {
+	// The full type name
+	typeName := enum.TypeName()
+	// The full type name, CamelCased.
+	ccTypeName := CamelCaseSlice(typeName)
+	ccPrefix := enum.prefix()
+
+	deprecatedEnum := ""
+	if enum.GetOptions().GetDeprecated() {
+		deprecatedEnum = deprecationComment
+	}
+	g.PrintComments(enum.path)
+	g.P("type ", Annotate(enum.file, enum.path, ccTypeName), " int32", deprecatedEnum)
+	g.file.addExport(enum, enumSymbol{ccTypeName, enum.proto3()})
+	g.P("const (")
+	for i, e := range enum.Value {
+		etorPath := fmt.Sprintf("%s,%d,%d", enum.path, enumValuePath, i)
+		g.PrintComments(etorPath)
+
+		deprecatedValue := ""
+		if e.GetOptions().GetDeprecated() {
+			deprecatedValue = deprecationComment
+		}
+
+		name := ccPrefix + *e.Name
+		g.P(Annotate(enum.file, etorPath, name), " ", ccTypeName, " = ", e.Number, " ", deprecatedValue)
+		g.file.addExport(enum, constOrVarSymbol{name, "const", ccTypeName})
+	}
+	g.P(")")
+	g.P()
+	g.P("var ", ccTypeName, "_name = map[int32]string{")
+	generated := make(map[int32]bool) // avoid duplicate values
+	for _, e := range enum.Value {
+		duplicate := ""
+		if _, present := generated[*e.Number]; present {
+			duplicate = "// Duplicate value: "
+		}
+		g.P(duplicate, e.Number, ": ", strconv.Quote(*e.Name), ",")
+		generated[*e.Number] = true
+	}
+	g.P("}")
+	g.P()
+	g.P("var ", ccTypeName, "_value = map[string]int32{")
+	for _, e := range enum.Value {
+		g.P(strconv.Quote(*e.Name), ": ", e.Number, ",")
+	}
+	g.P("}")
+	g.P()
+
+	if !enum.proto3() {
+		g.P("func (x ", ccTypeName, ") Enum() *", ccTypeName, " {")
+		g.P("p := new(", ccTypeName, ")")
+		g.P("*p = x")
+		g.P("return p")
+		g.P("}")
+		g.P()
+	}
+
+	g.P("func (x ", ccTypeName, ") String() string {")
+	g.P("return ", g.Pkg["proto"], ".EnumName(", ccTypeName, "_name, int32(x))")
+	g.P("}")
+	g.P()
+
+	if !enum.proto3() {
+		g.P("func (x *", ccTypeName, ") UnmarshalJSON(data []byte) error {")
+		g.P("value, err := ", g.Pkg["proto"], ".UnmarshalJSONEnum(", ccTypeName, `_value, data, "`, ccTypeName, `")`)
+		g.P("if err != nil {")
+		g.P("return err")
+		g.P("}")
+		g.P("*x = ", ccTypeName, "(value)")
+		g.P("return nil")
+		g.P("}")
+		g.P()
+	}
+
+	var indexes []string
+	for m := enum.parent; m != nil; m = m.parent {
+		// XXX: skip groups?
+		indexes = append([]string{strconv.Itoa(m.index)}, indexes...)
+	}
+	indexes = append(indexes, strconv.Itoa(enum.index))
+	g.P("func (", ccTypeName, ") EnumDescriptor() ([]byte, []int) {")
+	g.P("return ", g.file.VarName(), ", []int{", strings.Join(indexes, ", "), "}")
+	g.P("}")
+	g.P()
+	if enum.file.GetPackage() == "google.protobuf" && enum.GetName() == "NullValue" {
+		g.P("func (", ccTypeName, `) XXX_WellKnownType() string { return "`, enum.GetName(), `" }`)
+		g.P()
+	}
+
+	g.generateEnumRegistration(enum)
+}
+
+// The tag is a string like "varint,2,opt,name=fieldname,def=7" that
+// identifies details of the field for the protocol buffer marshaling and unmarshaling
+// code.  The fields are:
+//	wire encoding
+//	protocol tag number
+//	opt,req,rep for optional, required, or repeated
+//	packed whether the encoding is "packed" (optional; repeated primitives only)
+//	name= the original declared name
+//	enum= the name of the enum type if it is an enum-typed field.
+//	proto3 if this field is in a proto3 message
+//	def= string representation of the default value, if any.
+// The default value must be in a representation that can be used at run-time
+// to generate the default value. Thus bools become 0 and 1, for instance.
+func (g *Generator) goTag(message *Descriptor, field *descriptor.FieldDescriptorProto, wiretype string) string {
+	optrepreq := ""
+	switch {
+	case isOptional(field):
+		optrepreq = "opt"
+	case isRequired(field):
+		optrepreq = "req"
+	case isRepeated(field):
+		optrepreq = "rep"
+	}
+	var defaultValue string
+	if dv := field.DefaultValue; dv != nil { // set means an explicit default
+		defaultValue = *dv
+		// Some types need tweaking.
+		switch *field.Type {
+		case descriptor.FieldDescriptorProto_TYPE_BOOL:
+			if defaultValue == "true" {
+				defaultValue = "1"
+			} else {
+				defaultValue = "0"
+			}
+		case descriptor.FieldDescriptorProto_TYPE_STRING,
+			descriptor.FieldDescriptorProto_TYPE_BYTES:
+			// Nothing to do. Quoting is done for the whole tag.
+		case descriptor.FieldDescriptorProto_TYPE_ENUM:
+			// For enums we need to provide the integer constant.
+			obj := g.ObjectNamed(field.GetTypeName())
+			if id, ok := obj.(*ImportedDescriptor); ok {
+				// It is an enum that was publicly imported.
+				// We need the underlying type.
+				obj = id.o
+			}
+			enum, ok := obj.(*EnumDescriptor)
+			if !ok {
+				log.Printf("obj is a %T", obj)
+				if id, ok := obj.(*ImportedDescriptor); ok {
+					log.Printf("id.o is a %T", id.o)
+				}
+				g.Fail("unknown enum type", CamelCaseSlice(obj.TypeName()))
+			}
+			defaultValue = enum.integerValueAsString(defaultValue)
+		case descriptor.FieldDescriptorProto_TYPE_FLOAT:
+			if def := defaultValue; def != "inf" && def != "-inf" && def != "nan" {
+				if f, err := strconv.ParseFloat(defaultValue, 32); err == nil {
+					defaultValue = fmt.Sprint(float32(f))
+				}
+			}
+		case descriptor.FieldDescriptorProto_TYPE_DOUBLE:
+			if def := defaultValue; def != "inf" && def != "-inf" && def != "nan" {
+				if f, err := strconv.ParseFloat(defaultValue, 64); err == nil {
+					defaultValue = fmt.Sprint(f)
+				}
+			}
+		}
+		defaultValue = ",def=" + defaultValue
+	}
+	enum := ""
+	if *field.Type == descriptor.FieldDescriptorProto_TYPE_ENUM {
+		// We avoid using obj.GoPackageName(), because we want to use the
+		// original (proto-world) package name.
+		obj := g.ObjectNamed(field.GetTypeName())
+		if id, ok := obj.(*ImportedDescriptor); ok {
+			obj = id.o
+		}
+		enum = ",enum="
+		if pkg := obj.File().GetPackage(); pkg != "" {
+			enum += pkg + "."
+		}
+		enum += CamelCaseSlice(obj.TypeName())
+	}
+	packed := ""
+	if (field.Options != nil && field.Options.GetPacked()) ||
+		// Per https://developers.google.com/protocol-buffers/docs/proto3#simple:
+		// "In proto3, repeated fields of scalar numeric types use packed encoding by default."
+		(message.proto3() && (field.Options == nil || field.Options.Packed == nil) &&
+			isRepeated(field) && isScalar(field)) {
+		packed = ",packed"
+	}
+	fieldName := field.GetName()
+	name := fieldName
+	if *field.Type == descriptor.FieldDescriptorProto_TYPE_GROUP {
+		// We must use the type name for groups instead of
+		// the field name to preserve capitalization.
+		// type_name in FieldDescriptorProto is fully-qualified,
+		// but we only want the local part.
+		name = *field.TypeName
+		if i := strings.LastIndex(name, "."); i >= 0 {
+			name = name[i+1:]
+		}
+	}
+	if json := field.GetJsonName(); field.Extendee == nil && json != "" && json != name {
+		// TODO: escaping might be needed, in which case
+		// perhaps this should be in its own "json" tag.
+		name += ",json=" + json
+	}
+	name = ",name=" + name
+	if message.proto3() {
+		name += ",proto3"
+	}
+	oneof := ""
+	if field.OneofIndex != nil {
+		oneof = ",oneof"
+	}
+	return strconv.Quote(fmt.Sprintf("%s,%d,%s%s%s%s%s%s",
+		wiretype,
+		field.GetNumber(),
+		optrepreq,
+		packed,
+		name,
+		enum,
+		oneof,
+		defaultValue))
+}
+
+func needsStar(typ descriptor.FieldDescriptorProto_Type) bool {
+	switch typ {
+	case descriptor.FieldDescriptorProto_TYPE_GROUP:
+		return false
+	case descriptor.FieldDescriptorProto_TYPE_MESSAGE:
+		return false
+	case descriptor.FieldDescriptorProto_TYPE_BYTES:
+		return false
+	}
+	return true
+}
+
+// TypeName is the printed name appropriate for an item. If the object is in the current file,
+// TypeName drops the package name and underscores the rest.
+// Otherwise the object is from another package; and the result is the underscored
+// package name followed by the item name.
+// The result always has an initial capital.
+func (g *Generator) TypeName(obj Object) string {
+	return g.DefaultPackageName(obj) + CamelCaseSlice(obj.TypeName())
+}
+
+// GoType returns a string representing the type name, and the wire type
+func (g *Generator) GoType(message *Descriptor, field *descriptor.FieldDescriptorProto) (typ string, wire string) {
+	// TODO: Options.
+	switch *field.Type {
+	case descriptor.FieldDescriptorProto_TYPE_DOUBLE:
+		typ, wire = "float64", "fixed64"
+	case descriptor.FieldDescriptorProto_TYPE_FLOAT:
+		typ, wire = "float32", "fixed32"
+	case descriptor.FieldDescriptorProto_TYPE_INT64:
+		typ, wire = "int64", "varint"
+	case descriptor.FieldDescriptorProto_TYPE_UINT64:
+		typ, wire = "uint64", "varint"
+	case descriptor.FieldDescriptorProto_TYPE_INT32:
+		typ, wire = "int32", "varint"
+	case descriptor.FieldDescriptorProto_TYPE_UINT32:
+		typ, wire = "uint32", "varint"
+	case descriptor.FieldDescriptorProto_TYPE_FIXED64:
+		typ, wire = "uint64", "fixed64"
+	case descriptor.FieldDescriptorProto_TYPE_FIXED32:
+		typ, wire = "uint32", "fixed32"
+	case descriptor.FieldDescriptorProto_TYPE_BOOL:
+		typ, wire = "bool", "varint"
+	case descriptor.FieldDescriptorProto_TYPE_STRING:
+		typ, wire = "string", "bytes"
+	case descriptor.FieldDescriptorProto_TYPE_GROUP:
+		desc := g.ObjectNamed(field.GetTypeName())
+		typ, wire = "*"+g.TypeName(desc), "group"
+	case descriptor.FieldDescriptorProto_TYPE_MESSAGE:
+		desc := g.ObjectNamed(field.GetTypeName())
+		typ, wire = "*"+g.TypeName(desc), "bytes"
+	case descriptor.FieldDescriptorProto_TYPE_BYTES:
+		typ, wire = "[]byte", "bytes"
+	case descriptor.FieldDescriptorProto_TYPE_ENUM:
+		desc := g.ObjectNamed(field.GetTypeName())
+		typ, wire = g.TypeName(desc), "varint"
+	case descriptor.FieldDescriptorProto_TYPE_SFIXED32:
+		typ, wire = "int32", "fixed32"
+	case descriptor.FieldDescriptorProto_TYPE_SFIXED64:
+		typ, wire = "int64", "fixed64"
+	case descriptor.FieldDescriptorProto_TYPE_SINT32:
+		typ, wire = "int32", "zigzag32"
+	case descriptor.FieldDescriptorProto_TYPE_SINT64:
+		typ, wire = "int64", "zigzag64"
+	default:
+		g.Fail("unknown type for", field.GetName())
+	}
+	if isRepeated(field) {
+		typ = "[]" + typ
+	} else if message != nil && message.proto3() {
+		return
+	} else if field.OneofIndex != nil && message != nil {
+		return
+	} else if needsStar(*field.Type) {
+		typ = "*" + typ
+	}
+	return
+}
+
+func (g *Generator) RecordTypeUse(t string) {
+	if _, ok := g.typeNameToObject[t]; !ok {
+		return
+	}
+	importPath := g.ObjectNamed(t).GoImportPath()
+	if importPath == g.outputImportPath {
+		// Don't record use of objects in our package.
+		return
+	}
+	g.AddImport(importPath)
+	g.usedPackages[importPath] = true
+}
+
+// Method names that may be generated.  Fields with these names get an
+// underscore appended. Any change to this set is a potential incompatible
+// API change because it changes generated field names.
+var methodNames = [...]string{
+	"Reset",
+	"String",
+	"ProtoMessage",
+	"Marshal",
+	"Unmarshal",
+	"ExtensionRangeArray",
+	"ExtensionMap",
+	"Descriptor",
+}
+
+// Names of messages in the `google.protobuf` package for which
+// we will generate XXX_WellKnownType methods.
+var wellKnownTypes = map[string]bool{
+	"Any":       true,
+	"Duration":  true,
+	"Empty":     true,
+	"Struct":    true,
+	"Timestamp": true,
+
+	"Value":       true,
+	"ListValue":   true,
+	"DoubleValue": true,
+	"FloatValue":  true,
+	"Int64Value":  true,
+	"UInt64Value": true,
+	"Int32Value":  true,
+	"UInt32Value": true,
+	"BoolValue":   true,
+	"StringValue": true,
+	"BytesValue":  true,
+}
+
+// getterDefault finds the default value for the field to return from a getter,
+// regardless of if it's a built in default or explicit from the source. Returns e.g. "nil", `""`, "Default_MessageType_FieldName"
+func (g *Generator) getterDefault(field *descriptor.FieldDescriptorProto, goMessageType string) string {
+	if isRepeated(field) {
+		return "nil"
+	}
+	if def := field.GetDefaultValue(); def != "" {
+		defaultConstant := g.defaultConstantName(goMessageType, field.GetName())
+		if *field.Type != descriptor.FieldDescriptorProto_TYPE_BYTES {
+			return defaultConstant
+		}
+		return "append([]byte(nil), " + defaultConstant + "...)"
+	}
+	switch *field.Type {
+	case descriptor.FieldDescriptorProto_TYPE_BOOL:
+		return "false"
+	case descriptor.FieldDescriptorProto_TYPE_STRING:
+		return `""`
+	case descriptor.FieldDescriptorProto_TYPE_GROUP, descriptor.FieldDescriptorProto_TYPE_MESSAGE, descriptor.FieldDescriptorProto_TYPE_BYTES:
+		return "nil"
+	case descriptor.FieldDescriptorProto_TYPE_ENUM:
+		obj := g.ObjectNamed(field.GetTypeName())
+		var enum *EnumDescriptor
+		if id, ok := obj.(*ImportedDescriptor); ok {
+			// The enum type has been publicly imported.
+			enum, _ = id.o.(*EnumDescriptor)
+		} else {
+			enum, _ = obj.(*EnumDescriptor)
+		}
+		if enum == nil {
+			log.Printf("don't know how to generate getter for %s", field.GetName())
+			return "nil"
+		}
+		if len(enum.Value) == 0 {
+			return "0 // empty enum"
+		}
+		first := enum.Value[0].GetName()
+		return g.DefaultPackageName(obj) + enum.prefix() + first
+	default:
+		return "0"
+	}
+}
+
+// defaultConstantName builds the name of the default constant from the message
+// type name and the untouched field name, e.g. "Default_MessageType_FieldName"
+func (g *Generator) defaultConstantName(goMessageType, protoFieldName string) string {
+	return "Default_" + goMessageType + "_" + CamelCase(protoFieldName)
+}
+
+// The different types of fields in a message and how to actually print them
+// Most of the logic for generateMessage is in the methods of these types.
+//
+// Note that the content of the field is irrelevant, a simpleField can contain
+// anything from a scalar to a group (which is just a message).
+//
+// Extension fields (and message sets) are however handled separately.
+//
+// simpleField - a field that is neiter weak nor oneof, possibly repeated
+// oneofField - field containing list of subfields:
+// - oneofSubField - a field within the oneof
+
+// msgCtx contains the context for the generator functions.
+type msgCtx struct {
+	goName  string      // Go struct name of the message, e.g. MessageName
+	message *Descriptor // The descriptor for the message
+}
+
+// fieldCommon contains data common to all types of fields.
+type fieldCommon struct {
+	goName     string // Go name of field, e.g. "FieldName" or "Descriptor_"
+	protoName  string // Name of field in proto language, e.g. "field_name" or "descriptor"
+	getterName string // Name of the getter, e.g. "GetFieldName" or "GetDescriptor_"
+	goType     string // The Go type as a string, e.g. "*int32" or "*OtherMessage"
+	tags       string // The tag string/annotation for the type, e.g. `protobuf:"varint,8,opt,name=region_id,json=regionId"`
+	fullPath   string // The full path of the field as used by Annotate etc, e.g. "4,0,2,0"
+}
+
+// getProtoName gets the proto name of a field, e.g. "field_name" or "descriptor".
+func (f *fieldCommon) getProtoName() string {
+	return f.protoName
+}
+
+// getGoType returns the go type of the field  as a string, e.g. "*int32".
+func (f *fieldCommon) getGoType() string {
+	return f.goType
+}
+
+// simpleField is not weak, not a oneof, not an extension. Can be required, optional or repeated.
+type simpleField struct {
+	fieldCommon
+	protoTypeName string                               // Proto type name, empty if primitive, e.g. ".google.protobuf.Duration"
+	protoType     descriptor.FieldDescriptorProto_Type // Actual type enum value, e.g. descriptor.FieldDescriptorProto_TYPE_FIXED64
+	deprecated    string                               // Deprecation comment, if any, e.g. "// Deprecated: Do not use."
+	getterDef     string                               // Default for getters, e.g. "nil", `""` or "Default_MessageType_FieldName"
+	protoDef      string                               // Default value as defined in the proto file, e.g "yoshi" or "5"
+	comment       string                               // The full comment for the field, e.g. "// Useful information"
+}
+
+// decl prints the declaration of the field in the struct (if any).
+func (f *simpleField) decl(g *Generator, mc *msgCtx) {
+	g.P(f.comment, Annotate(mc.message.file, f.fullPath, f.goName), "\t", f.goType, "\t`", f.tags, "`", f.deprecated)
+}
+
+// getter prints the getter for the field.
+func (f *simpleField) getter(g *Generator, mc *msgCtx) {
+	star := ""
+	tname := f.goType
+	if needsStar(f.protoType) && tname[0] == '*' {
+		tname = tname[1:]
+		star = "*"
+	}
+	if f.deprecated != "" {
+		g.P(f.deprecated)
+	}
+	g.P("func (m *", mc.goName, ") ", Annotate(mc.message.file, f.fullPath, f.getterName), "() "+tname+" {")
+	if f.getterDef == "nil" { // Simpler getter
+		g.P("if m != nil {")
+		g.P("return m." + f.goName)
+		g.P("}")
+		g.P("return nil")
+		g.P("}")
+		g.P()
+		return
+	}
+	if mc.message.proto3() {
+		g.P("if m != nil {")
+	} else {
+		g.P("if m != nil && m." + f.goName + " != nil {")
+	}
+	g.P("return " + star + "m." + f.goName)
+	g.P("}")
+	g.P("return ", f.getterDef)
+	g.P("}")
+	g.P()
+}
+
+// setter prints the setter method of the field.
+func (f *simpleField) setter(g *Generator, mc *msgCtx) {
+	// No setter for regular fields yet
+}
+
+// getProtoDef returns the default value explicitly stated in the proto file, e.g "yoshi" or "5".
+func (f *simpleField) getProtoDef() string {
+	return f.protoDef
+}
+
+// getProtoTypeName returns the protobuf type name for the field as returned by field.GetTypeName(), e.g. ".google.protobuf.Duration".
+func (f *simpleField) getProtoTypeName() string {
+	return f.protoTypeName
+}
+
+// getProtoType returns the *field.Type value, e.g. descriptor.FieldDescriptorProto_TYPE_FIXED64.
+func (f *simpleField) getProtoType() descriptor.FieldDescriptorProto_Type {
+	return f.protoType
+}
+
+// oneofSubFields are kept slize held by each oneofField. They do not appear in the top level slize of fields for the message.
+type oneofSubField struct {
+	fieldCommon
+	protoTypeName string                               // Proto type name, empty if primitive, e.g. ".google.protobuf.Duration"
+	protoType     descriptor.FieldDescriptorProto_Type // Actual type enum value, e.g. descriptor.FieldDescriptorProto_TYPE_FIXED64
+	oneofTypeName string                               // Type name of the enclosing struct, e.g. "MessageName_FieldName"
+	fieldNumber   int                                  // Actual field number, as defined in proto, e.g. 12
+	getterDef     string                               // Default for getters, e.g. "nil", `""` or "Default_MessageType_FieldName"
+	protoDef      string                               // Default value as defined in the proto file, e.g "yoshi" or "5"
+	deprecated    string                               // Deprecation comment, if any.
+}
+
+// typedNil prints a nil casted to the pointer to this field.
+// - for XXX_OneofWrappers
+func (f *oneofSubField) typedNil(g *Generator) {
+	g.P("(*", f.oneofTypeName, ")(nil),")
+}
+
+// getProtoDef returns the default value explicitly stated in the proto file, e.g "yoshi" or "5".
+func (f *oneofSubField) getProtoDef() string {
+	return f.protoDef
+}
+
+// getProtoTypeName returns the protobuf type name for the field as returned by field.GetTypeName(), e.g. ".google.protobuf.Duration".
+func (f *oneofSubField) getProtoTypeName() string {
+	return f.protoTypeName
+}
+
+// getProtoType returns the *field.Type value, e.g. descriptor.FieldDescriptorProto_TYPE_FIXED64.
+func (f *oneofSubField) getProtoType() descriptor.FieldDescriptorProto_Type {
+	return f.protoType
+}
+
+// oneofField represents the oneof on top level.
+// The alternative fields within the oneof are represented by oneofSubField.
+type oneofField struct {
+	fieldCommon
+	subFields []*oneofSubField // All the possible oneof fields
+	comment   string           // The full comment for the field, e.g. "// Types that are valid to be assigned to MyOneof:\n\\"
+}
+
+// decl prints the declaration of the field in the struct (if any).
+func (f *oneofField) decl(g *Generator, mc *msgCtx) {
+	comment := f.comment
+	for _, sf := range f.subFields {
+		comment += "//\t*" + sf.oneofTypeName + "\n"
+	}
+	g.P(comment, Annotate(mc.message.file, f.fullPath, f.goName), " ", f.goType, " `", f.tags, "`")
+}
+
+// getter for a oneof field will print additional discriminators and interfaces for the oneof,
+// also it prints all the getters for the sub fields.
+func (f *oneofField) getter(g *Generator, mc *msgCtx) {
+	// The discriminator type
+	g.P("type ", f.goType, " interface {")
+	g.P(f.goType, "()")
+	g.P("}")
+	g.P()
+	// The subField types, fulfilling the discriminator type contract
+	for _, sf := range f.subFields {
+		g.P("type ", Annotate(mc.message.file, sf.fullPath, sf.oneofTypeName), " struct {")
+		g.P(Annotate(mc.message.file, sf.fullPath, sf.goName), " ", sf.goType, " `", sf.tags, "`")
+		g.P("}")
+		g.P()
+	}
+	for _, sf := range f.subFields {
+		g.P("func (*", sf.oneofTypeName, ") ", f.goType, "() {}")
+		g.P()
+	}
+	// Getter for the oneof field
+	g.P("func (m *", mc.goName, ") ", Annotate(mc.message.file, f.fullPath, f.getterName), "() ", f.goType, " {")
+	g.P("if m != nil { return m.", f.goName, " }")
+	g.P("return nil")
+	g.P("}")
+	g.P()
+	// Getters for each oneof
+	for _, sf := range f.subFields {
+		if sf.deprecated != "" {
+			g.P(sf.deprecated)
+		}
+		g.P("func (m *", mc.goName, ") ", Annotate(mc.message.file, sf.fullPath, sf.getterName), "() "+sf.goType+" {")
+		g.P("if x, ok := m.", f.getterName, "().(*", sf.oneofTypeName, "); ok {")
+		g.P("return x.", sf.goName)
+		g.P("}")
+		g.P("return ", sf.getterDef)
+		g.P("}")
+		g.P()
+	}
+}
+
+// setter prints the setter method of the field.
+func (f *oneofField) setter(g *Generator, mc *msgCtx) {
+	// No setters for oneof yet
+}
+
+// topLevelField interface implemented by all types of fields on the top level (not oneofSubField).
+type topLevelField interface {
+	decl(g *Generator, mc *msgCtx)   // print declaration within the struct
+	getter(g *Generator, mc *msgCtx) // print getter
+	setter(g *Generator, mc *msgCtx) // print setter if applicable
+}
+
+// defField interface implemented by all types of fields that can have defaults (not oneofField, but instead oneofSubField).
+type defField interface {
+	getProtoDef() string                                // default value explicitly stated in the proto file, e.g "yoshi" or "5"
+	getProtoName() string                               // proto name of a field, e.g. "field_name" or "descriptor"
+	getGoType() string                                  // go type of the field  as a string, e.g. "*int32"
+	getProtoTypeName() string                           // protobuf type name for the field, e.g. ".google.protobuf.Duration"
+	getProtoType() descriptor.FieldDescriptorProto_Type // *field.Type value, e.g. descriptor.FieldDescriptorProto_TYPE_FIXED64
+}
+
+// generateDefaultConstants adds constants for default values if needed, which is only if the default value is.
+// explicit in the proto.
+func (g *Generator) generateDefaultConstants(mc *msgCtx, topLevelFields []topLevelField) {
+	// Collect fields that can have defaults
+	dFields := []defField{}
+	for _, pf := range topLevelFields {
+		if f, ok := pf.(*oneofField); ok {
+			for _, osf := range f.subFields {
+				dFields = append(dFields, osf)
+			}
+			continue
+		}
+		dFields = append(dFields, pf.(defField))
+	}
+	for _, df := range dFields {
+		def := df.getProtoDef()
+		if def == "" {
+			continue
+		}
+		fieldname := g.defaultConstantName(mc.goName, df.getProtoName())
+		typename := df.getGoType()
+		if typename[0] == '*' {
+			typename = typename[1:]
+		}
+		kind := "const "
+		switch {
+		case typename == "bool":
+		case typename == "string":
+			def = strconv.Quote(def)
+		case typename == "[]byte":
+			def = "[]byte(" + strconv.Quote(unescape(def)) + ")"
+			kind = "var "
+		case def == "inf", def == "-inf", def == "nan":
+			// These names are known to, and defined by, the protocol language.
+			switch def {
+			case "inf":
+				def = "math.Inf(1)"
+			case "-inf":
+				def = "math.Inf(-1)"
+			case "nan":
+				def = "math.NaN()"
+			}
+			if df.getProtoType() == descriptor.FieldDescriptorProto_TYPE_FLOAT {
+				def = "float32(" + def + ")"
+			}
+			kind = "var "
+		case df.getProtoType() == descriptor.FieldDescriptorProto_TYPE_FLOAT:
+			if f, err := strconv.ParseFloat(def, 32); err == nil {
+				def = fmt.Sprint(float32(f))
+			}
+		case df.getProtoType() == descriptor.FieldDescriptorProto_TYPE_DOUBLE:
+			if f, err := strconv.ParseFloat(def, 64); err == nil {
+				def = fmt.Sprint(f)
+			}
+		case df.getProtoType() == descriptor.FieldDescriptorProto_TYPE_ENUM:
+			// Must be an enum.  Need to construct the prefixed name.
+			obj := g.ObjectNamed(df.getProtoTypeName())
+			var enum *EnumDescriptor
+			if id, ok := obj.(*ImportedDescriptor); ok {
+				// The enum type has been publicly imported.
+				enum, _ = id.o.(*EnumDescriptor)
+			} else {
+				enum, _ = obj.(*EnumDescriptor)
+			}
+			if enum == nil {
+				log.Printf("don't know how to generate constant for %s", fieldname)
+				continue
+			}
+			def = g.DefaultPackageName(obj) + enum.prefix() + def
+		}
+		g.P(kind, fieldname, " ", typename, " = ", def)
+		g.file.addExport(mc.message, constOrVarSymbol{fieldname, kind, ""})
+	}
+	g.P()
+}
+
+// generateInternalStructFields just adds the XXX_<something> fields to the message struct.
+func (g *Generator) generateInternalStructFields(mc *msgCtx, topLevelFields []topLevelField) {
+	g.P("XXX_NoUnkeyedLiteral\tstruct{} `json:\"-\"`") // prevent unkeyed struct literals
+	if len(mc.message.ExtensionRange) > 0 {
+		messageset := ""
+		if opts := mc.message.Options; opts != nil && opts.GetMessageSetWireFormat() {
+			messageset = "protobuf_messageset:\"1\" "
+		}
+		g.P(g.Pkg["proto"], ".XXX_InternalExtensions `", messageset, "json:\"-\"`")
+	}
+	g.P("XXX_unrecognized\t[]byte `json:\"-\"`")
+	g.P("XXX_sizecache\tint32 `json:\"-\"`")
+
+}
+
+// generateOneofFuncs adds all the utility functions for oneof, including marshaling, unmarshaling and sizer.
+func (g *Generator) generateOneofFuncs(mc *msgCtx, topLevelFields []topLevelField) {
+	ofields := []*oneofField{}
+	for _, f := range topLevelFields {
+		if o, ok := f.(*oneofField); ok {
+			ofields = append(ofields, o)
+		}
+	}
+	if len(ofields) == 0 {
+		return
+	}
+
+	// OneofFuncs
+	g.P("// XXX_OneofWrappers is for the internal use of the proto package.")
+	g.P("func (*", mc.goName, ") XXX_OneofWrappers() []interface{} {")
+	g.P("return []interface{}{")
+	for _, of := range ofields {
+		for _, sf := range of.subFields {
+			sf.typedNil(g)
+		}
+	}
+	g.P("}")
+	g.P("}")
+	g.P()
+}
+
+// generateMessageStruct adds the actual struct with it's members (but not methods) to the output.
+func (g *Generator) generateMessageStruct(mc *msgCtx, topLevelFields []topLevelField) {
+	comments := g.PrintComments(mc.message.path)
+
+	// Guarantee deprecation comments appear after user-provided comments.
+	if mc.message.GetOptions().GetDeprecated() {
+		if comments {
+			// Convention: Separate deprecation comments from original
+			// comments with an empty line.
+			g.P("//")
+		}
+		g.P(deprecationComment)
+	}
+
+	g.P("type ", Annotate(mc.message.file, mc.message.path, mc.goName), " struct {")
+	for _, pf := range topLevelFields {
+		pf.decl(g, mc)
+	}
+	g.generateInternalStructFields(mc, topLevelFields)
+	g.P("}")
+}
+
+// generateGetters adds getters for all fields, including oneofs and weak fields when applicable.
+func (g *Generator) generateGetters(mc *msgCtx, topLevelFields []topLevelField) {
+	for _, pf := range topLevelFields {
+		pf.getter(g, mc)
+	}
+}
+
+// generateSetters add setters for all fields, including oneofs and weak fields when applicable.
+func (g *Generator) generateSetters(mc *msgCtx, topLevelFields []topLevelField) {
+	for _, pf := range topLevelFields {
+		pf.setter(g, mc)
+	}
+}
+
+// generateCommonMethods adds methods to the message that are not on a per field basis.
+func (g *Generator) generateCommonMethods(mc *msgCtx) {
+	// Reset, String and ProtoMessage methods.
+	g.P("func (m *", mc.goName, ") Reset() { *m = ", mc.goName, "{} }")
+	g.P("func (m *", mc.goName, ") String() string { return ", g.Pkg["proto"], ".CompactTextString(m) }")
+	g.P("func (*", mc.goName, ") ProtoMessage() {}")
+	var indexes []string
+	for m := mc.message; m != nil; m = m.parent {
+		indexes = append([]string{strconv.Itoa(m.index)}, indexes...)
+	}
+	g.P("func (*", mc.goName, ") Descriptor() ([]byte, []int) {")
+	g.P("return ", g.file.VarName(), ", []int{", strings.Join(indexes, ", "), "}")
+	g.P("}")
+	g.P()
+	// TODO: Revisit the decision to use a XXX_WellKnownType method
+	// if we change proto.MessageName to work with multiple equivalents.
+	if mc.message.file.GetPackage() == "google.protobuf" && wellKnownTypes[mc.message.GetName()] {
+		g.P("func (*", mc.goName, `) XXX_WellKnownType() string { return "`, mc.message.GetName(), `" }`)
+		g.P()
+	}
+
+	// Extension support methods
+	if len(mc.message.ExtensionRange) > 0 {
+		g.P()
+		g.P("var extRange_", mc.goName, " = []", g.Pkg["proto"], ".ExtensionRange{")
+		for _, r := range mc.message.ExtensionRange {
+			end := fmt.Sprint(*r.End - 1) // make range inclusive on both ends
+			g.P("{Start: ", r.Start, ", End: ", end, "},")
+		}
+		g.P("}")
+		g.P("func (*", mc.goName, ") ExtensionRangeArray() []", g.Pkg["proto"], ".ExtensionRange {")
+		g.P("return extRange_", mc.goName)
+		g.P("}")
+		g.P()
+	}
+
+	// TODO: It does not scale to keep adding another method for every
+	// operation on protos that we want to switch over to using the
+	// table-driven approach. Instead, we should only add a single method
+	// that allows getting access to the *InternalMessageInfo struct and then
+	// calling Unmarshal, Marshal, Merge, Size, and Discard directly on that.
+
+	// Wrapper for table-driven marshaling and unmarshaling.
+	g.P("func (m *", mc.goName, ") XXX_Unmarshal(b []byte) error {")
+	g.P("return xxx_messageInfo_", mc.goName, ".Unmarshal(m, b)")
+	g.P("}")
+
+	g.P("func (m *", mc.goName, ") XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {")
+	g.P("return xxx_messageInfo_", mc.goName, ".Marshal(b, m, deterministic)")
+	g.P("}")
+
+	g.P("func (m *", mc.goName, ") XXX_Merge(src ", g.Pkg["proto"], ".Message) {")
+	g.P("xxx_messageInfo_", mc.goName, ".Merge(m, src)")
+	g.P("}")
+
+	g.P("func (m *", mc.goName, ") XXX_Size() int {") // avoid name clash with "Size" field in some message
+	g.P("return xxx_messageInfo_", mc.goName, ".Size(m)")
+	g.P("}")
+
+	g.P("func (m *", mc.goName, ") XXX_DiscardUnknown() {")
+	g.P("xxx_messageInfo_", mc.goName, ".DiscardUnknown(m)")
+	g.P("}")
+
+	g.P("var xxx_messageInfo_", mc.goName, " ", g.Pkg["proto"], ".InternalMessageInfo")
+	g.P()
+}
+
+// Generate the type, methods and default constant definitions for this Descriptor.
+func (g *Generator) generateMessage(message *Descriptor) {
+	topLevelFields := []topLevelField{}
+	oFields := make(map[int32]*oneofField)
+	// The full type name
+	typeName := message.TypeName()
+	// The full type name, CamelCased.
+	goTypeName := CamelCaseSlice(typeName)
+
+	usedNames := make(map[string]bool)
+	for _, n := range methodNames {
+		usedNames[n] = true
+	}
+
+	// allocNames finds a conflict-free variation of the given strings,
+	// consistently mutating their suffixes.
+	// It returns the same number of strings.
+	allocNames := func(ns ...string) []string {
+	Loop:
+		for {
+			for _, n := range ns {
+				if usedNames[n] {
+					for i := range ns {
+						ns[i] += "_"
+					}
+					continue Loop
+				}
+			}
+			for _, n := range ns {
+				usedNames[n] = true
+			}
+			return ns
+		}
+	}
+
+	mapFieldTypes := make(map[*descriptor.FieldDescriptorProto]string) // keep track of the map fields to be added later
+
+	// Build a structure more suitable for generating the text in one pass
+	for i, field := range message.Field {
+		// Allocate the getter and the field at the same time so name
+		// collisions create field/method consistent names.
+		// TODO: This allocation occurs based on the order of the fields
+		// in the proto file, meaning that a change in the field
+		// ordering can change generated Method/Field names.
+		base := CamelCase(*field.Name)
+		ns := allocNames(base, "Get"+base)
+		fieldName, fieldGetterName := ns[0], ns[1]
+		typename, wiretype := g.GoType(message, field)
+		jsonName := *field.Name
+		tag := fmt.Sprintf("protobuf:%s json:%q", g.goTag(message, field, wiretype), jsonName+",omitempty")
+
+		oneof := field.OneofIndex != nil
+		if oneof && oFields[*field.OneofIndex] == nil {
+			odp := message.OneofDecl[int(*field.OneofIndex)]
+			base := CamelCase(odp.GetName())
+			fname := allocNames(base)[0]
+
+			// This is the first field of a oneof we haven't seen before.
+			// Generate the union field.
+			oneofFullPath := fmt.Sprintf("%s,%d,%d", message.path, messageOneofPath, *field.OneofIndex)
+			c, ok := g.makeComments(oneofFullPath)
+			if ok {
+				c += "\n//\n"
+			}
+			c += "// Types that are valid to be assigned to " + fname + ":\n"
+			// Generate the rest of this comment later,
+			// when we've computed any disambiguation.
+
+			dname := "is" + goTypeName + "_" + fname
+			tag := `protobuf_oneof:"` + odp.GetName() + `"`
+			of := oneofField{
+				fieldCommon: fieldCommon{
+					goName:     fname,
+					getterName: "Get" + fname,
+					goType:     dname,
+					tags:       tag,
+					protoName:  odp.GetName(),
+					fullPath:   oneofFullPath,
+				},
+				comment: c,
+			}
+			topLevelFields = append(topLevelFields, &of)
+			oFields[*field.OneofIndex] = &of
+		}
+
+		if *field.Type == descriptor.FieldDescriptorProto_TYPE_MESSAGE {
+			desc := g.ObjectNamed(field.GetTypeName())
+			if d, ok := desc.(*Descriptor); ok && d.GetOptions().GetMapEntry() {
+				// Figure out the Go types and tags for the key and value types.
+				keyField, valField := d.Field[0], d.Field[1]
+				keyType, keyWire := g.GoType(d, keyField)
+				valType, valWire := g.GoType(d, valField)
+				keyTag, valTag := g.goTag(d, keyField, keyWire), g.goTag(d, valField, valWire)
+
+				// We don't use stars, except for message-typed values.
+				// Message and enum types are the only two possibly foreign types used in maps,
+				// so record their use. They are not permitted as map keys.
+				keyType = strings.TrimPrefix(keyType, "*")
+				switch *valField.Type {
+				case descriptor.FieldDescriptorProto_TYPE_ENUM:
+					valType = strings.TrimPrefix(valType, "*")
+					g.RecordTypeUse(valField.GetTypeName())
+				case descriptor.FieldDescriptorProto_TYPE_MESSAGE:
+					g.RecordTypeUse(valField.GetTypeName())
+				default:
+					valType = strings.TrimPrefix(valType, "*")
+				}
+
+				typename = fmt.Sprintf("map[%s]%s", keyType, valType)
+				mapFieldTypes[field] = typename // record for the getter generation
+
+				tag += fmt.Sprintf(" protobuf_key:%s protobuf_val:%s", keyTag, valTag)
+			}
+		}
+
+		fieldDeprecated := ""
+		if field.GetOptions().GetDeprecated() {
+			fieldDeprecated = deprecationComment
+		}
+
+		dvalue := g.getterDefault(field, goTypeName)
+		if oneof {
+			tname := goTypeName + "_" + fieldName
+			// It is possible for this to collide with a message or enum
+			// nested in this message. Check for collisions.
+			for {
+				ok := true
+				for _, desc := range message.nested {
+					if CamelCaseSlice(desc.TypeName()) == tname {
+						ok = false
+						break
+					}
+				}
+				for _, enum := range message.enums {
+					if CamelCaseSlice(enum.TypeName()) == tname {
+						ok = false
+						break
+					}
+				}
+				if !ok {
+					tname += "_"
+					continue
+				}
+				break
+			}
+
+			oneofField := oFields[*field.OneofIndex]
+			tag := "protobuf:" + g.goTag(message, field, wiretype)
+			sf := oneofSubField{
+				fieldCommon: fieldCommon{
+					goName:     fieldName,
+					getterName: fieldGetterName,
+					goType:     typename,
+					tags:       tag,
+					protoName:  field.GetName(),
+					fullPath:   fmt.Sprintf("%s,%d,%d", message.path, messageFieldPath, i),
+				},
+				protoTypeName: field.GetTypeName(),
+				fieldNumber:   int(*field.Number),
+				protoType:     *field.Type,
+				getterDef:     dvalue,
+				protoDef:      field.GetDefaultValue(),
+				oneofTypeName: tname,
+				deprecated:    fieldDeprecated,
+			}
+			oneofField.subFields = append(oneofField.subFields, &sf)
+			g.RecordTypeUse(field.GetTypeName())
+			continue
+		}
+
+		fieldFullPath := fmt.Sprintf("%s,%d,%d", message.path, messageFieldPath, i)
+		c, ok := g.makeComments(fieldFullPath)
+		if ok {
+			c += "\n"
+		}
+		rf := simpleField{
+			fieldCommon: fieldCommon{
+				goName:     fieldName,
+				getterName: fieldGetterName,
+				goType:     typename,
+				tags:       tag,
+				protoName:  field.GetName(),
+				fullPath:   fieldFullPath,
+			},
+			protoTypeName: field.GetTypeName(),
+			protoType:     *field.Type,
+			deprecated:    fieldDeprecated,
+			getterDef:     dvalue,
+			protoDef:      field.GetDefaultValue(),
+			comment:       c,
+		}
+		var pf topLevelField = &rf
+
+		topLevelFields = append(topLevelFields, pf)
+		g.RecordTypeUse(field.GetTypeName())
+	}
+
+	mc := &msgCtx{
+		goName:  goTypeName,
+		message: message,
+	}
+
+	g.generateMessageStruct(mc, topLevelFields)
+	g.P()
+	g.generateCommonMethods(mc)
+	g.P()
+	g.generateDefaultConstants(mc, topLevelFields)
+	g.P()
+	g.generateGetters(mc, topLevelFields)
+	g.P()
+	g.generateSetters(mc, topLevelFields)
+	g.P()
+	g.generateOneofFuncs(mc, topLevelFields)
+	g.P()
+
+	var oneofTypes []string
+	for _, f := range topLevelFields {
+		if of, ok := f.(*oneofField); ok {
+			for _, osf := range of.subFields {
+				oneofTypes = append(oneofTypes, osf.oneofTypeName)
+			}
+		}
+	}
+
+	opts := message.Options
+	ms := &messageSymbol{
+		sym:           goTypeName,
+		hasExtensions: len(message.ExtensionRange) > 0,
+		isMessageSet:  opts != nil && opts.GetMessageSetWireFormat(),
+		oneofTypes:    oneofTypes,
+	}
+	g.file.addExport(message, ms)
+
+	for _, ext := range message.ext {
+		g.generateExtension(ext)
+	}
+
+	fullName := strings.Join(message.TypeName(), ".")
+	if g.file.Package != nil {
+		fullName = *g.file.Package + "." + fullName
+	}
+
+	g.addInitf("%s.RegisterType((*%s)(nil), %q)", g.Pkg["proto"], goTypeName, fullName)
+	// Register types for native map types.
+	for _, k := range mapFieldKeys(mapFieldTypes) {
+		fullName := strings.TrimPrefix(*k.TypeName, ".")
+		g.addInitf("%s.RegisterMapType((%s)(nil), %q)", g.Pkg["proto"], mapFieldTypes[k], fullName)
+	}
+
+}
+
+type byTypeName []*descriptor.FieldDescriptorProto
+
+func (a byTypeName) Len() int           { return len(a) }
+func (a byTypeName) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a byTypeName) Less(i, j int) bool { return *a[i].TypeName < *a[j].TypeName }
+
+// mapFieldKeys returns the keys of m in a consistent order.
+func mapFieldKeys(m map[*descriptor.FieldDescriptorProto]string) []*descriptor.FieldDescriptorProto {
+	keys := make([]*descriptor.FieldDescriptorProto, 0, len(m))
+	for k := range m {
+		keys = append(keys, k)
+	}
+	sort.Sort(byTypeName(keys))
+	return keys
+}
+
+var escapeChars = [256]byte{
+	'a': '\a', 'b': '\b', 'f': '\f', 'n': '\n', 'r': '\r', 't': '\t', 'v': '\v', '\\': '\\', '"': '"', '\'': '\'', '?': '?',
+}
+
+// unescape reverses the "C" escaping that protoc does for default values of bytes fields.
+// It is best effort in that it effectively ignores malformed input. Seemingly invalid escape
+// sequences are conveyed, unmodified, into the decoded result.
+func unescape(s string) string {
+	// NB: Sadly, we can't use strconv.Unquote because protoc will escape both
+	// single and double quotes, but strconv.Unquote only allows one or the
+	// other (based on actual surrounding quotes of its input argument).
+
+	var out []byte
+	for len(s) > 0 {
+		// regular character, or too short to be valid escape
+		if s[0] != '\\' || len(s) < 2 {
+			out = append(out, s[0])
+			s = s[1:]
+		} else if c := escapeChars[s[1]]; c != 0 {
+			// escape sequence
+			out = append(out, c)
+			s = s[2:]
+		} else if s[1] == 'x' || s[1] == 'X' {
+			// hex escape, e.g. "\x80
+			if len(s) < 4 {
+				// too short to be valid
+				out = append(out, s[:2]...)
+				s = s[2:]
+				continue
+			}
+			v, err := strconv.ParseUint(s[2:4], 16, 8)
+			if err != nil {
+				out = append(out, s[:4]...)
+			} else {
+				out = append(out, byte(v))
+			}
+			s = s[4:]
+		} else if '0' <= s[1] && s[1] <= '7' {
+			// octal escape, can vary from 1 to 3 octal digits; e.g., "\0" "\40" or "\164"
+			// so consume up to 2 more bytes or up to end-of-string
+			n := len(s[1:]) - len(strings.TrimLeft(s[1:], "01234567"))
+			if n > 3 {
+				n = 3
+			}
+			v, err := strconv.ParseUint(s[1:1+n], 8, 8)
+			if err != nil {
+				out = append(out, s[:1+n]...)
+			} else {
+				out = append(out, byte(v))
+			}
+			s = s[1+n:]
+		} else {
+			// bad escape, just propagate the slash as-is
+			out = append(out, s[0])
+			s = s[1:]
+		}
+	}
+
+	return string(out)
+}
+
+func (g *Generator) generateExtension(ext *ExtensionDescriptor) {
+	ccTypeName := ext.DescName()
+
+	extObj := g.ObjectNamed(*ext.Extendee)
+	var extDesc *Descriptor
+	if id, ok := extObj.(*ImportedDescriptor); ok {
+		// This is extending a publicly imported message.
+		// We need the underlying type for goTag.
+		extDesc = id.o.(*Descriptor)
+	} else {
+		extDesc = extObj.(*Descriptor)
+	}
+	extendedType := "*" + g.TypeName(extObj) // always use the original
+	field := ext.FieldDescriptorProto
+	fieldType, wireType := g.GoType(ext.parent, field)
+	tag := g.goTag(extDesc, field, wireType)
+	g.RecordTypeUse(*ext.Extendee)
+	if n := ext.FieldDescriptorProto.TypeName; n != nil {
+		// foreign extension type
+		g.RecordTypeUse(*n)
+	}
+
+	typeName := ext.TypeName()
+
+	// Special case for proto2 message sets: If this extension is extending
+	// proto2.bridge.MessageSet, and its final name component is "message_set_extension",
+	// then drop that last component.
+	//
+	// TODO: This should be implemented in the text formatter rather than the generator.
+	// In addition, the situation for when to apply this special case is implemented
+	// differently in other languages:
+	// https://github.com/google/protobuf/blob/aff10976/src/google/protobuf/text_format.cc#L1560
+	if extDesc.GetOptions().GetMessageSetWireFormat() && typeName[len(typeName)-1] == "message_set_extension" {
+		typeName = typeName[:len(typeName)-1]
+	}
+
+	// For text formatting, the package must be exactly what the .proto file declares,
+	// ignoring overrides such as the go_package option, and with no dot/underscore mapping.
+	extName := strings.Join(typeName, ".")
+	if g.file.Package != nil {
+		extName = *g.file.Package + "." + extName
+	}
+
+	g.P("var ", ccTypeName, " = &", g.Pkg["proto"], ".ExtensionDesc{")
+	g.P("ExtendedType: (", extendedType, ")(nil),")
+	g.P("ExtensionType: (", fieldType, ")(nil),")
+	g.P("Field: ", field.Number, ",")
+	g.P(`Name: "`, extName, `",`)
+	g.P("Tag: ", tag, ",")
+	g.P(`Filename: "`, g.file.GetName(), `",`)
+
+	g.P("}")
+	g.P()
+
+	g.addInitf("%s.RegisterExtension(%s)", g.Pkg["proto"], ext.DescName())
+
+	g.file.addExport(ext, constOrVarSymbol{ccTypeName, "var", ""})
+}
+
+func (g *Generator) generateInitFunction() {
+	if len(g.init) == 0 {
+		return
+	}
+	g.P("func init() {")
+	for _, l := range g.init {
+		g.P(l)
+	}
+	g.P("}")
+	g.init = nil
+}
+
+func (g *Generator) generateFileDescriptor(file *FileDescriptor) {
+	// Make a copy and trim source_code_info data.
+	// TODO: Trim this more when we know exactly what we need.
+	pb := proto.Clone(file.FileDescriptorProto).(*descriptor.FileDescriptorProto)
+	pb.SourceCodeInfo = nil
+
+	b, err := proto.Marshal(pb)
+	if err != nil {
+		g.Fail(err.Error())
+	}
+
+	var buf bytes.Buffer
+	w, _ := gzip.NewWriterLevel(&buf, gzip.BestCompression)
+	w.Write(b)
+	w.Close()
+	b = buf.Bytes()
+
+	v := file.VarName()
+	g.P()
+	g.P("func init() {")
+	g.P(g.Pkg["proto"], ".RegisterFile(", strconv.Quote(*file.Name), ", ", v, ")")
+	g.P("}")
+	g.P("var ", v, " = []byte{")
+	g.P("// ", len(b), " bytes of a gzipped FileDescriptorProto")
+	for len(b) > 0 {
+		n := 16
+		if n > len(b) {
+			n = len(b)
+		}
+
+		s := ""
+		for _, c := range b[:n] {
+			s += fmt.Sprintf("0x%02x,", c)
+		}
+		g.P(s)
+
+		b = b[n:]
+	}
+	g.P("}")
+}
+
+func (g *Generator) generateEnumRegistration(enum *EnumDescriptor) {
+	// // We always print the full (proto-world) package name here.
+	pkg := enum.File().GetPackage()
+	if pkg != "" {
+		pkg += "."
+	}
+	// The full type name
+	typeName := enum.TypeName()
+	// The full type name, CamelCased.
+	ccTypeName := CamelCaseSlice(typeName)
+	g.addInitf("%s.RegisterEnum(%q, %[3]s_name, %[3]s_value)", g.Pkg["proto"], pkg+ccTypeName, ccTypeName)
+}
+
+// And now lots of helper functions.
+
+// Is c an ASCII lower-case letter?
+func isASCIILower(c byte) bool {
+	return 'a' <= c && c <= 'z'
+}
+
+// Is c an ASCII digit?
+func isASCIIDigit(c byte) bool {
+	return '0' <= c && c <= '9'
+}
+
+// CamelCase returns the CamelCased name.
+// If there is an interior underscore followed by a lower case letter,
+// drop the underscore and convert the letter to upper case.
+// There is a remote possibility of this rewrite causing a name collision,
+// but it's so remote we're prepared to pretend it's nonexistent - since the
+// C++ generator lowercases names, it's extremely unlikely to have two fields
+// with different capitalizations.
+// In short, _my_field_name_2 becomes XMyFieldName_2.
+func CamelCase(s string) string {
+	if s == "" {
+		return ""
+	}
+	t := make([]byte, 0, 32)
+	i := 0
+	if s[0] == '_' {
+		// Need a capital letter; drop the '_'.
+		t = append(t, 'X')
+		i++
+	}
+	// Invariant: if the next letter is lower case, it must be converted
+	// to upper case.
+	// That is, we process a word at a time, where words are marked by _ or
+	// upper case letter. Digits are treated as words.
+	for ; i < len(s); i++ {
+		c := s[i]
+		if c == '_' && i+1 < len(s) && isASCIILower(s[i+1]) {
+			continue // Skip the underscore in s.
+		}
+		if isASCIIDigit(c) {
+			t = append(t, c)
+			continue
+		}
+		// Assume we have a letter now - if not, it's a bogus identifier.
+		// The next word is a sequence of characters that must start upper case.
+		if isASCIILower(c) {
+			c ^= ' ' // Make it a capital letter.
+		}
+		t = append(t, c) // Guaranteed not lower case.
+		// Accept lower case sequence that follows.
+		for i+1 < len(s) && isASCIILower(s[i+1]) {
+			i++
+			t = append(t, s[i])
+		}
+	}
+	return string(t)
+}
+
+// CamelCaseSlice is like CamelCase, but the argument is a slice of strings to
+// be joined with "_".
+func CamelCaseSlice(elem []string) string { return CamelCase(strings.Join(elem, "_")) }
+
+// dottedSlice turns a sliced name into a dotted name.
+func dottedSlice(elem []string) string { return strings.Join(elem, ".") }
+
+// Is this field optional?
+func isOptional(field *descriptor.FieldDescriptorProto) bool {
+	return field.Label != nil && *field.Label == descriptor.FieldDescriptorProto_LABEL_OPTIONAL
+}
+
+// Is this field required?
+func isRequired(field *descriptor.FieldDescriptorProto) bool {
+	return field.Label != nil && *field.Label == descriptor.FieldDescriptorProto_LABEL_REQUIRED
+}
+
+// Is this field repeated?
+func isRepeated(field *descriptor.FieldDescriptorProto) bool {
+	return field.Label != nil && *field.Label == descriptor.FieldDescriptorProto_LABEL_REPEATED
+}
+
+// Is this field a scalar numeric type?
+func isScalar(field *descriptor.FieldDescriptorProto) bool {
+	if field.Type == nil {
+		return false
+	}
+	switch *field.Type {
+	case descriptor.FieldDescriptorProto_TYPE_DOUBLE,
+		descriptor.FieldDescriptorProto_TYPE_FLOAT,
+		descriptor.FieldDescriptorProto_TYPE_INT64,
+		descriptor.FieldDescriptorProto_TYPE_UINT64,
+		descriptor.FieldDescriptorProto_TYPE_INT32,
+		descriptor.FieldDescriptorProto_TYPE_FIXED64,
+		descriptor.FieldDescriptorProto_TYPE_FIXED32,
+		descriptor.FieldDescriptorProto_TYPE_BOOL,
+		descriptor.FieldDescriptorProto_TYPE_UINT32,
+		descriptor.FieldDescriptorProto_TYPE_ENUM,
+		descriptor.FieldDescriptorProto_TYPE_SFIXED32,
+		descriptor.FieldDescriptorProto_TYPE_SFIXED64,
+		descriptor.FieldDescriptorProto_TYPE_SINT32,
+		descriptor.FieldDescriptorProto_TYPE_SINT64:
+		return true
+	default:
+		return false
+	}
+}
+
+// badToUnderscore is the mapping function used to generate Go names from package names,
+// which can be dotted in the input .proto file.  It replaces non-identifier characters such as
+// dot or dash with underscore.
+func badToUnderscore(r rune) rune {
+	if unicode.IsLetter(r) || unicode.IsDigit(r) || r == '_' {
+		return r
+	}
+	return '_'
+}
+
+// baseName returns the last path element of the name, with the last dotted suffix removed.
+func baseName(name string) string {
+	// First, find the last element
+	if i := strings.LastIndex(name, "/"); i >= 0 {
+		name = name[i+1:]
+	}
+	// Now drop the suffix
+	if i := strings.LastIndex(name, "."); i >= 0 {
+		name = name[0:i]
+	}
+	return name
+}
+
+// The SourceCodeInfo message describes the location of elements of a parsed
+// .proto file by way of a "path", which is a sequence of integers that
+// describe the route from a FileDescriptorProto to the relevant submessage.
+// The path alternates between a field number of a repeated field, and an index
+// into that repeated field. The constants below define the field numbers that
+// are used.
+//
+// See descriptor.proto for more information about this.
+const (
+	// tag numbers in FileDescriptorProto
+	packagePath = 2 // package
+	messagePath = 4 // message_type
+	enumPath    = 5 // enum_type
+	// tag numbers in DescriptorProto
+	messageFieldPath   = 2 // field
+	messageMessagePath = 3 // nested_type
+	messageEnumPath    = 4 // enum_type
+	messageOneofPath   = 8 // oneof_decl
+	// tag numbers in EnumDescriptorProto
+	enumValuePath = 2 // value
+)
+
+var supportTypeAliases bool
+
+func init() {
+	for _, tag := range build.Default.ReleaseTags {
+		if tag == "go1.9" {
+			supportTypeAliases = true
+			return
+		}
+	}
+}
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/generator/internal/remap/remap.go b/vendor/github.com/golang/protobuf/protoc-gen-go/generator/internal/remap/remap.go
new file mode 100644
index 0000000000000..39968eb9f92fb
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/generator/internal/remap/remap.go
@@ -0,0 +1,117 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2017 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+/*
+Package remap handles tracking the locations of Go tokens in a source text
+across a rewrite by the Go formatter.
+*/
+package remap
+
+import (
+	"fmt"
+	"go/scanner"
+	"go/token"
+)
+
+// A Location represents a span of byte offsets in the source text.
+type Location struct {
+	Pos, End int // End is exclusive
+}
+
+// A Map represents a mapping between token locations in an input source text
+// and locations in the corresponding output text.
+type Map map[Location]Location
+
+// Find reports whether the specified span is recorded by m, and if so returns
+// the new location it was mapped to. If the input span was not found, the
+// returned location is the same as the input.
+func (m Map) Find(pos, end int) (Location, bool) {
+	key := Location{
+		Pos: pos,
+		End: end,
+	}
+	if loc, ok := m[key]; ok {
+		return loc, true
+	}
+	return key, false
+}
+
+func (m Map) add(opos, oend, npos, nend int) {
+	m[Location{Pos: opos, End: oend}] = Location{Pos: npos, End: nend}
+}
+
+// Compute constructs a location mapping from input to output.  An error is
+// reported if any of the tokens of output cannot be mapped.
+func Compute(input, output []byte) (Map, error) {
+	itok := tokenize(input)
+	otok := tokenize(output)
+	if len(itok) != len(otok) {
+		return nil, fmt.Errorf("wrong number of tokens, %d ≠ %d", len(itok), len(otok))
+	}
+	m := make(Map)
+	for i, ti := range itok {
+		to := otok[i]
+		if ti.Token != to.Token {
+			return nil, fmt.Errorf("token %d type mismatch: %s ≠ %s", i+1, ti, to)
+		}
+		m.add(ti.pos, ti.end, to.pos, to.end)
+	}
+	return m, nil
+}
+
+// tokinfo records the span and type of a source token.
+type tokinfo struct {
+	pos, end int
+	token.Token
+}
+
+func tokenize(src []byte) []tokinfo {
+	fs := token.NewFileSet()
+	var s scanner.Scanner
+	s.Init(fs.AddFile("src", fs.Base(), len(src)), src, nil, scanner.ScanComments)
+	var info []tokinfo
+	for {
+		pos, next, lit := s.Scan()
+		switch next {
+		case token.SEMICOLON:
+			continue
+		}
+		info = append(info, tokinfo{
+			pos:   int(pos - 1),
+			end:   int(pos + token.Pos(len(lit)) - 1),
+			Token: next,
+		})
+		if next == token.EOF {
+			break
+		}
+	}
+	return info
+}
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/grpc/grpc.go b/vendor/github.com/golang/protobuf/protoc-gen-go/grpc/grpc.go
new file mode 100644
index 0000000000000..957c3f2a63fb3
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/grpc/grpc.go
@@ -0,0 +1,545 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2015 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Package grpc outputs gRPC service descriptions in Go code.
+// It runs as a plugin for the Go protocol buffer compiler plugin.
+// It is linked in to protoc-gen-go.
+package grpc
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	pb "github.com/golang/protobuf/protoc-gen-go/descriptor"
+	"github.com/golang/protobuf/protoc-gen-go/generator"
+)
+
+// generatedCodeVersion indicates a version of the generated code.
+// It is incremented whenever an incompatibility between the generated code and
+// the grpc package is introduced; the generated code references
+// a constant, grpc.SupportPackageIsVersionN (where N is generatedCodeVersion).
+const generatedCodeVersion = 6
+
+// Paths for packages used by code generated in this file,
+// relative to the import_prefix of the generator.Generator.
+const (
+	contextPkgPath = "context"
+	grpcPkgPath    = "google.golang.org/grpc"
+	codePkgPath    = "google.golang.org/grpc/codes"
+	statusPkgPath  = "google.golang.org/grpc/status"
+)
+
+func init() {
+	generator.RegisterPlugin(new(grpc))
+}
+
+// grpc is an implementation of the Go protocol buffer compiler's
+// plugin architecture.  It generates bindings for gRPC support.
+type grpc struct {
+	gen *generator.Generator
+}
+
+// Name returns the name of this plugin, "grpc".
+func (g *grpc) Name() string {
+	return "grpc"
+}
+
+// The names for packages imported in the generated code.
+// They may vary from the final path component of the import path
+// if the name is used by other packages.
+var (
+	contextPkg string
+	grpcPkg    string
+)
+
+// Init initializes the plugin.
+func (g *grpc) Init(gen *generator.Generator) {
+	g.gen = gen
+}
+
+// Given a type name defined in a .proto, return its object.
+// Also record that we're using it, to guarantee the associated import.
+func (g *grpc) objectNamed(name string) generator.Object {
+	g.gen.RecordTypeUse(name)
+	return g.gen.ObjectNamed(name)
+}
+
+// Given a type name defined in a .proto, return its name as we will print it.
+func (g *grpc) typeName(str string) string {
+	return g.gen.TypeName(g.objectNamed(str))
+}
+
+// P forwards to g.gen.P.
+func (g *grpc) P(args ...interface{}) { g.gen.P(args...) }
+
+// Generate generates code for the services in the given file.
+func (g *grpc) Generate(file *generator.FileDescriptor) {
+	if len(file.FileDescriptorProto.Service) == 0 {
+		return
+	}
+
+	contextPkg = string(g.gen.AddImport(contextPkgPath))
+	grpcPkg = string(g.gen.AddImport(grpcPkgPath))
+
+	g.P("// Reference imports to suppress errors if they are not otherwise used.")
+	g.P("var _ ", contextPkg, ".Context")
+	g.P("var _ ", grpcPkg, ".ClientConnInterface")
+	g.P()
+
+	// Assert version compatibility.
+	g.P("// This is a compile-time assertion to ensure that this generated file")
+	g.P("// is compatible with the grpc package it is being compiled against.")
+	g.P("const _ = ", grpcPkg, ".SupportPackageIsVersion", generatedCodeVersion)
+	g.P()
+
+	for i, service := range file.FileDescriptorProto.Service {
+		g.generateService(file, service, i)
+	}
+}
+
+// GenerateImports generates the import declaration for this file.
+func (g *grpc) GenerateImports(file *generator.FileDescriptor) {
+}
+
+// reservedClientName records whether a client name is reserved on the client side.
+var reservedClientName = map[string]bool{
+	// TODO: do we need any in gRPC?
+}
+
+func unexport(s string) string { return strings.ToLower(s[:1]) + s[1:] }
+
+// deprecationComment is the standard comment added to deprecated
+// messages, fields, enums, and enum values.
+var deprecationComment = "// Deprecated: Do not use."
+
+// generateService generates all the code for the named service.
+func (g *grpc) generateService(file *generator.FileDescriptor, service *pb.ServiceDescriptorProto, index int) {
+	path := fmt.Sprintf("6,%d", index) // 6 means service.
+
+	origServName := service.GetName()
+	fullServName := origServName
+	if pkg := file.GetPackage(); pkg != "" {
+		fullServName = pkg + "." + fullServName
+	}
+	servName := generator.CamelCase(origServName)
+	deprecated := service.GetOptions().GetDeprecated()
+
+	g.P()
+	g.P(fmt.Sprintf(`// %sClient is the client API for %s service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.`, servName, servName))
+
+	// Client interface.
+	if deprecated {
+		g.P("//")
+		g.P(deprecationComment)
+	}
+	g.P("type ", servName, "Client interface {")
+	for i, method := range service.Method {
+		g.gen.PrintComments(fmt.Sprintf("%s,2,%d", path, i)) // 2 means method in a service.
+		if method.GetOptions().GetDeprecated() {
+			g.P("//")
+			g.P(deprecationComment)
+		}
+		g.P(g.generateClientSignature(servName, method))
+	}
+	g.P("}")
+	g.P()
+
+	// Client structure.
+	g.P("type ", unexport(servName), "Client struct {")
+	g.P("cc ", grpcPkg, ".ClientConnInterface")
+	g.P("}")
+	g.P()
+
+	// NewClient factory.
+	if deprecated {
+		g.P(deprecationComment)
+	}
+	g.P("func New", servName, "Client (cc ", grpcPkg, ".ClientConnInterface) ", servName, "Client {")
+	g.P("return &", unexport(servName), "Client{cc}")
+	g.P("}")
+	g.P()
+
+	var methodIndex, streamIndex int
+	serviceDescVar := "_" + servName + "_serviceDesc"
+	// Client method implementations.
+	for _, method := range service.Method {
+		var descExpr string
+		if !method.GetServerStreaming() && !method.GetClientStreaming() {
+			// Unary RPC method
+			descExpr = fmt.Sprintf("&%s.Methods[%d]", serviceDescVar, methodIndex)
+			methodIndex++
+		} else {
+			// Streaming RPC method
+			descExpr = fmt.Sprintf("&%s.Streams[%d]", serviceDescVar, streamIndex)
+			streamIndex++
+		}
+		g.generateClientMethod(servName, fullServName, serviceDescVar, method, descExpr)
+	}
+
+	// Server interface.
+	serverType := servName + "Server"
+	g.P("// ", serverType, " is the server API for ", servName, " service.")
+	if deprecated {
+		g.P("//")
+		g.P(deprecationComment)
+	}
+	g.P("type ", serverType, " interface {")
+	for i, method := range service.Method {
+		g.gen.PrintComments(fmt.Sprintf("%s,2,%d", path, i)) // 2 means method in a service.
+		if method.GetOptions().GetDeprecated() {
+			g.P("//")
+			g.P(deprecationComment)
+		}
+		g.P(g.generateServerSignature(servName, method))
+	}
+	g.P("}")
+	g.P()
+
+	// Server Unimplemented struct for forward compatibility.
+	if deprecated {
+		g.P(deprecationComment)
+	}
+	g.generateUnimplementedServer(servName, service)
+
+	// Server registration.
+	if deprecated {
+		g.P(deprecationComment)
+	}
+	g.P("func Register", servName, "Server(s *", grpcPkg, ".Server, srv ", serverType, ") {")
+	g.P("s.RegisterService(&", serviceDescVar, `, srv)`)
+	g.P("}")
+	g.P()
+
+	// Server handler implementations.
+	var handlerNames []string
+	for _, method := range service.Method {
+		hname := g.generateServerMethod(servName, fullServName, method)
+		handlerNames = append(handlerNames, hname)
+	}
+
+	// Service descriptor.
+	g.P("var ", serviceDescVar, " = ", grpcPkg, ".ServiceDesc {")
+	g.P("ServiceName: ", strconv.Quote(fullServName), ",")
+	g.P("HandlerType: (*", serverType, ")(nil),")
+	g.P("Methods: []", grpcPkg, ".MethodDesc{")
+	for i, method := range service.Method {
+		if method.GetServerStreaming() || method.GetClientStreaming() {
+			continue
+		}
+		g.P("{")
+		g.P("MethodName: ", strconv.Quote(method.GetName()), ",")
+		g.P("Handler: ", handlerNames[i], ",")
+		g.P("},")
+	}
+	g.P("},")
+	g.P("Streams: []", grpcPkg, ".StreamDesc{")
+	for i, method := range service.Method {
+		if !method.GetServerStreaming() && !method.GetClientStreaming() {
+			continue
+		}
+		g.P("{")
+		g.P("StreamName: ", strconv.Quote(method.GetName()), ",")
+		g.P("Handler: ", handlerNames[i], ",")
+		if method.GetServerStreaming() {
+			g.P("ServerStreams: true,")
+		}
+		if method.GetClientStreaming() {
+			g.P("ClientStreams: true,")
+		}
+		g.P("},")
+	}
+	g.P("},")
+	g.P("Metadata: \"", file.GetName(), "\",")
+	g.P("}")
+	g.P()
+}
+
+// generateUnimplementedServer creates the unimplemented server struct
+func (g *grpc) generateUnimplementedServer(servName string, service *pb.ServiceDescriptorProto) {
+	serverType := servName + "Server"
+	g.P("// Unimplemented", serverType, " can be embedded to have forward compatible implementations.")
+	g.P("type Unimplemented", serverType, " struct {")
+	g.P("}")
+	g.P()
+	// Unimplemented<service_name>Server's concrete methods
+	for _, method := range service.Method {
+		g.generateServerMethodConcrete(servName, method)
+	}
+	g.P()
+}
+
+// generateServerMethodConcrete returns unimplemented methods which ensure forward compatibility
+func (g *grpc) generateServerMethodConcrete(servName string, method *pb.MethodDescriptorProto) {
+	header := g.generateServerSignatureWithParamNames(servName, method)
+	g.P("func (*Unimplemented", servName, "Server) ", header, " {")
+	var nilArg string
+	if !method.GetServerStreaming() && !method.GetClientStreaming() {
+		nilArg = "nil, "
+	}
+	methName := generator.CamelCase(method.GetName())
+	statusPkg := string(g.gen.AddImport(statusPkgPath))
+	codePkg := string(g.gen.AddImport(codePkgPath))
+	g.P("return ", nilArg, statusPkg, `.Errorf(`, codePkg, `.Unimplemented, "method `, methName, ` not implemented")`)
+	g.P("}")
+}
+
+// generateClientSignature returns the client-side signature for a method.
+func (g *grpc) generateClientSignature(servName string, method *pb.MethodDescriptorProto) string {
+	origMethName := method.GetName()
+	methName := generator.CamelCase(origMethName)
+	if reservedClientName[methName] {
+		methName += "_"
+	}
+	reqArg := ", in *" + g.typeName(method.GetInputType())
+	if method.GetClientStreaming() {
+		reqArg = ""
+	}
+	respName := "*" + g.typeName(method.GetOutputType())
+	if method.GetServerStreaming() || method.GetClientStreaming() {
+		respName = servName + "_" + generator.CamelCase(origMethName) + "Client"
+	}
+	return fmt.Sprintf("%s(ctx %s.Context%s, opts ...%s.CallOption) (%s, error)", methName, contextPkg, reqArg, grpcPkg, respName)
+}
+
+func (g *grpc) generateClientMethod(servName, fullServName, serviceDescVar string, method *pb.MethodDescriptorProto, descExpr string) {
+	sname := fmt.Sprintf("/%s/%s", fullServName, method.GetName())
+	methName := generator.CamelCase(method.GetName())
+	inType := g.typeName(method.GetInputType())
+	outType := g.typeName(method.GetOutputType())
+
+	if method.GetOptions().GetDeprecated() {
+		g.P(deprecationComment)
+	}
+	g.P("func (c *", unexport(servName), "Client) ", g.generateClientSignature(servName, method), "{")
+	if !method.GetServerStreaming() && !method.GetClientStreaming() {
+		g.P("out := new(", outType, ")")
+		// TODO: Pass descExpr to Invoke.
+		g.P(`err := c.cc.Invoke(ctx, "`, sname, `", in, out, opts...)`)
+		g.P("if err != nil { return nil, err }")
+		g.P("return out, nil")
+		g.P("}")
+		g.P()
+		return
+	}
+	streamType := unexport(servName) + methName + "Client"
+	g.P("stream, err := c.cc.NewStream(ctx, ", descExpr, `, "`, sname, `", opts...)`)
+	g.P("if err != nil { return nil, err }")
+	g.P("x := &", streamType, "{stream}")
+	if !method.GetClientStreaming() {
+		g.P("if err := x.ClientStream.SendMsg(in); err != nil { return nil, err }")
+		g.P("if err := x.ClientStream.CloseSend(); err != nil { return nil, err }")
+	}
+	g.P("return x, nil")
+	g.P("}")
+	g.P()
+
+	genSend := method.GetClientStreaming()
+	genRecv := method.GetServerStreaming()
+	genCloseAndRecv := !method.GetServerStreaming()
+
+	// Stream auxiliary types and methods.
+	g.P("type ", servName, "_", methName, "Client interface {")
+	if genSend {
+		g.P("Send(*", inType, ") error")
+	}
+	if genRecv {
+		g.P("Recv() (*", outType, ", error)")
+	}
+	if genCloseAndRecv {
+		g.P("CloseAndRecv() (*", outType, ", error)")
+	}
+	g.P(grpcPkg, ".ClientStream")
+	g.P("}")
+	g.P()
+
+	g.P("type ", streamType, " struct {")
+	g.P(grpcPkg, ".ClientStream")
+	g.P("}")
+	g.P()
+
+	if genSend {
+		g.P("func (x *", streamType, ") Send(m *", inType, ") error {")
+		g.P("return x.ClientStream.SendMsg(m)")
+		g.P("}")
+		g.P()
+	}
+	if genRecv {
+		g.P("func (x *", streamType, ") Recv() (*", outType, ", error) {")
+		g.P("m := new(", outType, ")")
+		g.P("if err := x.ClientStream.RecvMsg(m); err != nil { return nil, err }")
+		g.P("return m, nil")
+		g.P("}")
+		g.P()
+	}
+	if genCloseAndRecv {
+		g.P("func (x *", streamType, ") CloseAndRecv() (*", outType, ", error) {")
+		g.P("if err := x.ClientStream.CloseSend(); err != nil { return nil, err }")
+		g.P("m := new(", outType, ")")
+		g.P("if err := x.ClientStream.RecvMsg(m); err != nil { return nil, err }")
+		g.P("return m, nil")
+		g.P("}")
+		g.P()
+	}
+}
+
+// generateServerSignatureWithParamNames returns the server-side signature for a method with parameter names.
+func (g *grpc) generateServerSignatureWithParamNames(servName string, method *pb.MethodDescriptorProto) string {
+	origMethName := method.GetName()
+	methName := generator.CamelCase(origMethName)
+	if reservedClientName[methName] {
+		methName += "_"
+	}
+
+	var reqArgs []string
+	ret := "error"
+	if !method.GetServerStreaming() && !method.GetClientStreaming() {
+		reqArgs = append(reqArgs, "ctx "+contextPkg+".Context")
+		ret = "(*" + g.typeName(method.GetOutputType()) + ", error)"
+	}
+	if !method.GetClientStreaming() {
+		reqArgs = append(reqArgs, "req *"+g.typeName(method.GetInputType()))
+	}
+	if method.GetServerStreaming() || method.GetClientStreaming() {
+		reqArgs = append(reqArgs, "srv "+servName+"_"+generator.CamelCase(origMethName)+"Server")
+	}
+
+	return methName + "(" + strings.Join(reqArgs, ", ") + ") " + ret
+}
+
+// generateServerSignature returns the server-side signature for a method.
+func (g *grpc) generateServerSignature(servName string, method *pb.MethodDescriptorProto) string {
+	origMethName := method.GetName()
+	methName := generator.CamelCase(origMethName)
+	if reservedClientName[methName] {
+		methName += "_"
+	}
+
+	var reqArgs []string
+	ret := "error"
+	if !method.GetServerStreaming() && !method.GetClientStreaming() {
+		reqArgs = append(reqArgs, contextPkg+".Context")
+		ret = "(*" + g.typeName(method.GetOutputType()) + ", error)"
+	}
+	if !method.GetClientStreaming() {
+		reqArgs = append(reqArgs, "*"+g.typeName(method.GetInputType()))
+	}
+	if method.GetServerStreaming() || method.GetClientStreaming() {
+		reqArgs = append(reqArgs, servName+"_"+generator.CamelCase(origMethName)+"Server")
+	}
+
+	return methName + "(" + strings.Join(reqArgs, ", ") + ") " + ret
+}
+
+func (g *grpc) generateServerMethod(servName, fullServName string, method *pb.MethodDescriptorProto) string {
+	methName := generator.CamelCase(method.GetName())
+	hname := fmt.Sprintf("_%s_%s_Handler", servName, methName)
+	inType := g.typeName(method.GetInputType())
+	outType := g.typeName(method.GetOutputType())
+
+	if !method.GetServerStreaming() && !method.GetClientStreaming() {
+		g.P("func ", hname, "(srv interface{}, ctx ", contextPkg, ".Context, dec func(interface{}) error, interceptor ", grpcPkg, ".UnaryServerInterceptor) (interface{}, error) {")
+		g.P("in := new(", inType, ")")
+		g.P("if err := dec(in); err != nil { return nil, err }")
+		g.P("if interceptor == nil { return srv.(", servName, "Server).", methName, "(ctx, in) }")
+		g.P("info := &", grpcPkg, ".UnaryServerInfo{")
+		g.P("Server: srv,")
+		g.P("FullMethod: ", strconv.Quote(fmt.Sprintf("/%s/%s", fullServName, methName)), ",")
+		g.P("}")
+		g.P("handler := func(ctx ", contextPkg, ".Context, req interface{}) (interface{}, error) {")
+		g.P("return srv.(", servName, "Server).", methName, "(ctx, req.(*", inType, "))")
+		g.P("}")
+		g.P("return interceptor(ctx, in, info, handler)")
+		g.P("}")
+		g.P()
+		return hname
+	}
+	streamType := unexport(servName) + methName + "Server"
+	g.P("func ", hname, "(srv interface{}, stream ", grpcPkg, ".ServerStream) error {")
+	if !method.GetClientStreaming() {
+		g.P("m := new(", inType, ")")
+		g.P("if err := stream.RecvMsg(m); err != nil { return err }")
+		g.P("return srv.(", servName, "Server).", methName, "(m, &", streamType, "{stream})")
+	} else {
+		g.P("return srv.(", servName, "Server).", methName, "(&", streamType, "{stream})")
+	}
+	g.P("}")
+	g.P()
+
+	genSend := method.GetServerStreaming()
+	genSendAndClose := !method.GetServerStreaming()
+	genRecv := method.GetClientStreaming()
+
+	// Stream auxiliary types and methods.
+	g.P("type ", servName, "_", methName, "Server interface {")
+	if genSend {
+		g.P("Send(*", outType, ") error")
+	}
+	if genSendAndClose {
+		g.P("SendAndClose(*", outType, ") error")
+	}
+	if genRecv {
+		g.P("Recv() (*", inType, ", error)")
+	}
+	g.P(grpcPkg, ".ServerStream")
+	g.P("}")
+	g.P()
+
+	g.P("type ", streamType, " struct {")
+	g.P(grpcPkg, ".ServerStream")
+	g.P("}")
+	g.P()
+
+	if genSend {
+		g.P("func (x *", streamType, ") Send(m *", outType, ") error {")
+		g.P("return x.ServerStream.SendMsg(m)")
+		g.P("}")
+		g.P()
+	}
+	if genSendAndClose {
+		g.P("func (x *", streamType, ") SendAndClose(m *", outType, ") error {")
+		g.P("return x.ServerStream.SendMsg(m)")
+		g.P("}")
+		g.P()
+	}
+	if genRecv {
+		g.P("func (x *", streamType, ") Recv() (*", inType, ", error) {")
+		g.P("m := new(", inType, ")")
+		g.P("if err := x.ServerStream.RecvMsg(m); err != nil { return nil, err }")
+		g.P("return m, nil")
+		g.P("}")
+		g.P()
+	}
+
+	return hname
+}
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/link_grpc.go b/vendor/github.com/golang/protobuf/protoc-gen-go/link_grpc.go
new file mode 100644
index 0000000000000..532a550050ee3
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/link_grpc.go
@@ -0,0 +1,34 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2015 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package main
+
+import _ "github.com/golang/protobuf/protoc-gen-go/grpc"
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/main.go b/vendor/github.com/golang/protobuf/protoc-gen-go/main.go
new file mode 100644
index 0000000000000..8e2486de0b2e2
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/main.go
@@ -0,0 +1,98 @@
+// Go support for Protocol Buffers - Google's data interchange format
+//
+// Copyright 2010 The Go Authors.  All rights reserved.
+// https://github.com/golang/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// protoc-gen-go is a plugin for the Google protocol buffer compiler to generate
+// Go code.  Run it by building this program and putting it in your path with
+// the name
+// 	protoc-gen-go
+// That word 'go' at the end becomes part of the option string set for the
+// protocol compiler, so once the protocol compiler (protoc) is installed
+// you can run
+// 	protoc --go_out=output_directory input_directory/file.proto
+// to generate Go bindings for the protocol defined by file.proto.
+// With that input, the output will be written to
+// 	output_directory/file.pb.go
+//
+// The generated code is documented in the package comment for
+// the library.
+//
+// See the README and documentation for protocol buffers to learn more:
+// 	https://developers.google.com/protocol-buffers/
+package main
+
+import (
+	"io/ioutil"
+	"os"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/golang/protobuf/protoc-gen-go/generator"
+)
+
+func main() {
+	// Begin by allocating a generator. The request and response structures are stored there
+	// so we can do error handling easily - the response structure contains the field to
+	// report failure.
+	g := generator.New()
+
+	data, err := ioutil.ReadAll(os.Stdin)
+	if err != nil {
+		g.Error(err, "reading input")
+	}
+
+	if err := proto.Unmarshal(data, g.Request); err != nil {
+		g.Error(err, "parsing input proto")
+	}
+
+	if len(g.Request.FileToGenerate) == 0 {
+		g.Fail("no files to generate")
+	}
+
+	g.CommandLineParameters(g.Request.GetParameter())
+
+	// Create a wrapped version of the Descriptors and EnumDescriptors that
+	// point to the file that defines them.
+	g.WrapTypes()
+
+	g.SetPackageNames()
+	g.BuildTypeNameMap()
+
+	g.GenerateAllFiles()
+
+	// Send back the results.
+	data, err = proto.Marshal(g.Response)
+	if err != nil {
+		g.Error(err, "failed to marshal output proto")
+	}
+	_, err = os.Stdout.Write(data)
+	if err != nil {
+		g.Error(err, "failed to write output proto")
+	}
+}
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/plugin/plugin.pb.go b/vendor/github.com/golang/protobuf/protoc-gen-go/plugin/plugin.pb.go
new file mode 100644
index 0000000000000..61bfc10e02e7c
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/plugin/plugin.pb.go
@@ -0,0 +1,369 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: google/protobuf/compiler/plugin.proto
+
+/*
+Package plugin_go is a generated protocol buffer package.
+
+It is generated from these files:
+	google/protobuf/compiler/plugin.proto
+
+It has these top-level messages:
+	Version
+	CodeGeneratorRequest
+	CodeGeneratorResponse
+*/
+package plugin_go
+
+import proto "github.com/golang/protobuf/proto"
+import fmt "fmt"
+import math "math"
+import google_protobuf "github.com/golang/protobuf/protoc-gen-go/descriptor"
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+
+// The version number of protocol compiler.
+type Version struct {
+	Major *int32 `protobuf:"varint,1,opt,name=major" json:"major,omitempty"`
+	Minor *int32 `protobuf:"varint,2,opt,name=minor" json:"minor,omitempty"`
+	Patch *int32 `protobuf:"varint,3,opt,name=patch" json:"patch,omitempty"`
+	// A suffix for alpha, beta or rc release, e.g., "alpha-1", "rc2". It should
+	// be empty for mainline stable releases.
+	Suffix               *string  `protobuf:"bytes,4,opt,name=suffix" json:"suffix,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Version) Reset()                    { *m = Version{} }
+func (m *Version) String() string            { return proto.CompactTextString(m) }
+func (*Version) ProtoMessage()               {}
+func (*Version) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
+func (m *Version) Unmarshal(b []byte) error {
+	return xxx_messageInfo_Version.Unmarshal(m, b)
+}
+func (m *Version) Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Version.Marshal(b, m, deterministic)
+}
+func (dst *Version) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Version.Merge(dst, src)
+}
+func (m *Version) XXX_Size() int {
+	return xxx_messageInfo_Version.Size(m)
+}
+func (m *Version) XXX_DiscardUnknown() {
+	xxx_messageInfo_Version.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Version proto.InternalMessageInfo
+
+func (m *Version) GetMajor() int32 {
+	if m != nil && m.Major != nil {
+		return *m.Major
+	}
+	return 0
+}
+
+func (m *Version) GetMinor() int32 {
+	if m != nil && m.Minor != nil {
+		return *m.Minor
+	}
+	return 0
+}
+
+func (m *Version) GetPatch() int32 {
+	if m != nil && m.Patch != nil {
+		return *m.Patch
+	}
+	return 0
+}
+
+func (m *Version) GetSuffix() string {
+	if m != nil && m.Suffix != nil {
+		return *m.Suffix
+	}
+	return ""
+}
+
+// An encoded CodeGeneratorRequest is written to the plugin's stdin.
+type CodeGeneratorRequest struct {
+	// The .proto files that were explicitly listed on the command-line.  The
+	// code generator should generate code only for these files.  Each file's
+	// descriptor will be included in proto_file, below.
+	FileToGenerate []string `protobuf:"bytes,1,rep,name=file_to_generate,json=fileToGenerate" json:"file_to_generate,omitempty"`
+	// The generator parameter passed on the command-line.
+	Parameter *string `protobuf:"bytes,2,opt,name=parameter" json:"parameter,omitempty"`
+	// FileDescriptorProtos for all files in files_to_generate and everything
+	// they import.  The files will appear in topological order, so each file
+	// appears before any file that imports it.
+	//
+	// protoc guarantees that all proto_files will be written after
+	// the fields above, even though this is not technically guaranteed by the
+	// protobuf wire format.  This theoretically could allow a plugin to stream
+	// in the FileDescriptorProtos and handle them one by one rather than read
+	// the entire set into memory at once.  However, as of this writing, this
+	// is not similarly optimized on protoc's end -- it will store all fields in
+	// memory at once before sending them to the plugin.
+	//
+	// Type names of fields and extensions in the FileDescriptorProto are always
+	// fully qualified.
+	ProtoFile []*google_protobuf.FileDescriptorProto `protobuf:"bytes,15,rep,name=proto_file,json=protoFile" json:"proto_file,omitempty"`
+	// The version number of protocol compiler.
+	CompilerVersion      *Version `protobuf:"bytes,3,opt,name=compiler_version,json=compilerVersion" json:"compiler_version,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CodeGeneratorRequest) Reset()                    { *m = CodeGeneratorRequest{} }
+func (m *CodeGeneratorRequest) String() string            { return proto.CompactTextString(m) }
+func (*CodeGeneratorRequest) ProtoMessage()               {}
+func (*CodeGeneratorRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
+func (m *CodeGeneratorRequest) Unmarshal(b []byte) error {
+	return xxx_messageInfo_CodeGeneratorRequest.Unmarshal(m, b)
+}
+func (m *CodeGeneratorRequest) Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CodeGeneratorRequest.Marshal(b, m, deterministic)
+}
+func (dst *CodeGeneratorRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CodeGeneratorRequest.Merge(dst, src)
+}
+func (m *CodeGeneratorRequest) XXX_Size() int {
+	return xxx_messageInfo_CodeGeneratorRequest.Size(m)
+}
+func (m *CodeGeneratorRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CodeGeneratorRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CodeGeneratorRequest proto.InternalMessageInfo
+
+func (m *CodeGeneratorRequest) GetFileToGenerate() []string {
+	if m != nil {
+		return m.FileToGenerate
+	}
+	return nil
+}
+
+func (m *CodeGeneratorRequest) GetParameter() string {
+	if m != nil && m.Parameter != nil {
+		return *m.Parameter
+	}
+	return ""
+}
+
+func (m *CodeGeneratorRequest) GetProtoFile() []*google_protobuf.FileDescriptorProto {
+	if m != nil {
+		return m.ProtoFile
+	}
+	return nil
+}
+
+func (m *CodeGeneratorRequest) GetCompilerVersion() *Version {
+	if m != nil {
+		return m.CompilerVersion
+	}
+	return nil
+}
+
+// The plugin writes an encoded CodeGeneratorResponse to stdout.
+type CodeGeneratorResponse struct {
+	// Error message.  If non-empty, code generation failed.  The plugin process
+	// should exit with status code zero even if it reports an error in this way.
+	//
+	// This should be used to indicate errors in .proto files which prevent the
+	// code generator from generating correct code.  Errors which indicate a
+	// problem in protoc itself -- such as the input CodeGeneratorRequest being
+	// unparseable -- should be reported by writing a message to stderr and
+	// exiting with a non-zero status code.
+	Error                *string                       `protobuf:"bytes,1,opt,name=error" json:"error,omitempty"`
+	File                 []*CodeGeneratorResponse_File `protobuf:"bytes,15,rep,name=file" json:"file,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                      `json:"-"`
+	XXX_unrecognized     []byte                        `json:"-"`
+	XXX_sizecache        int32                         `json:"-"`
+}
+
+func (m *CodeGeneratorResponse) Reset()                    { *m = CodeGeneratorResponse{} }
+func (m *CodeGeneratorResponse) String() string            { return proto.CompactTextString(m) }
+func (*CodeGeneratorResponse) ProtoMessage()               {}
+func (*CodeGeneratorResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
+func (m *CodeGeneratorResponse) Unmarshal(b []byte) error {
+	return xxx_messageInfo_CodeGeneratorResponse.Unmarshal(m, b)
+}
+func (m *CodeGeneratorResponse) Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CodeGeneratorResponse.Marshal(b, m, deterministic)
+}
+func (dst *CodeGeneratorResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CodeGeneratorResponse.Merge(dst, src)
+}
+func (m *CodeGeneratorResponse) XXX_Size() int {
+	return xxx_messageInfo_CodeGeneratorResponse.Size(m)
+}
+func (m *CodeGeneratorResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CodeGeneratorResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CodeGeneratorResponse proto.InternalMessageInfo
+
+func (m *CodeGeneratorResponse) GetError() string {
+	if m != nil && m.Error != nil {
+		return *m.Error
+	}
+	return ""
+}
+
+func (m *CodeGeneratorResponse) GetFile() []*CodeGeneratorResponse_File {
+	if m != nil {
+		return m.File
+	}
+	return nil
+}
+
+// Represents a single generated file.
+type CodeGeneratorResponse_File struct {
+	// The file name, relative to the output directory.  The name must not
+	// contain "." or ".." components and must be relative, not be absolute (so,
+	// the file cannot lie outside the output directory).  "/" must be used as
+	// the path separator, not "\".
+	//
+	// If the name is omitted, the content will be appended to the previous
+	// file.  This allows the generator to break large files into small chunks,
+	// and allows the generated text to be streamed back to protoc so that large
+	// files need not reside completely in memory at one time.  Note that as of
+	// this writing protoc does not optimize for this -- it will read the entire
+	// CodeGeneratorResponse before writing files to disk.
+	Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	// If non-empty, indicates that the named file should already exist, and the
+	// content here is to be inserted into that file at a defined insertion
+	// point.  This feature allows a code generator to extend the output
+	// produced by another code generator.  The original generator may provide
+	// insertion points by placing special annotations in the file that look
+	// like:
+	//   @@protoc_insertion_point(NAME)
+	// The annotation can have arbitrary text before and after it on the line,
+	// which allows it to be placed in a comment.  NAME should be replaced with
+	// an identifier naming the point -- this is what other generators will use
+	// as the insertion_point.  Code inserted at this point will be placed
+	// immediately above the line containing the insertion point (thus multiple
+	// insertions to the same point will come out in the order they were added).
+	// The double-@ is intended to make it unlikely that the generated code
+	// could contain things that look like insertion points by accident.
+	//
+	// For example, the C++ code generator places the following line in the
+	// .pb.h files that it generates:
+	//   // @@protoc_insertion_point(namespace_scope)
+	// This line appears within the scope of the file's package namespace, but
+	// outside of any particular class.  Another plugin can then specify the
+	// insertion_point "namespace_scope" to generate additional classes or
+	// other declarations that should be placed in this scope.
+	//
+	// Note that if the line containing the insertion point begins with
+	// whitespace, the same whitespace will be added to every line of the
+	// inserted text.  This is useful for languages like Python, where
+	// indentation matters.  In these languages, the insertion point comment
+	// should be indented the same amount as any inserted code will need to be
+	// in order to work correctly in that context.
+	//
+	// The code generator that generates the initial file and the one which
+	// inserts into it must both run as part of a single invocation of protoc.
+	// Code generators are executed in the order in which they appear on the
+	// command line.
+	//
+	// If |insertion_point| is present, |name| must also be present.
+	InsertionPoint *string `protobuf:"bytes,2,opt,name=insertion_point,json=insertionPoint" json:"insertion_point,omitempty"`
+	// The file contents.
+	Content              *string  `protobuf:"bytes,15,opt,name=content" json:"content,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CodeGeneratorResponse_File) Reset()                    { *m = CodeGeneratorResponse_File{} }
+func (m *CodeGeneratorResponse_File) String() string            { return proto.CompactTextString(m) }
+func (*CodeGeneratorResponse_File) ProtoMessage()               {}
+func (*CodeGeneratorResponse_File) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2, 0} }
+func (m *CodeGeneratorResponse_File) Unmarshal(b []byte) error {
+	return xxx_messageInfo_CodeGeneratorResponse_File.Unmarshal(m, b)
+}
+func (m *CodeGeneratorResponse_File) Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CodeGeneratorResponse_File.Marshal(b, m, deterministic)
+}
+func (dst *CodeGeneratorResponse_File) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CodeGeneratorResponse_File.Merge(dst, src)
+}
+func (m *CodeGeneratorResponse_File) XXX_Size() int {
+	return xxx_messageInfo_CodeGeneratorResponse_File.Size(m)
+}
+func (m *CodeGeneratorResponse_File) XXX_DiscardUnknown() {
+	xxx_messageInfo_CodeGeneratorResponse_File.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CodeGeneratorResponse_File proto.InternalMessageInfo
+
+func (m *CodeGeneratorResponse_File) GetName() string {
+	if m != nil && m.Name != nil {
+		return *m.Name
+	}
+	return ""
+}
+
+func (m *CodeGeneratorResponse_File) GetInsertionPoint() string {
+	if m != nil && m.InsertionPoint != nil {
+		return *m.InsertionPoint
+	}
+	return ""
+}
+
+func (m *CodeGeneratorResponse_File) GetContent() string {
+	if m != nil && m.Content != nil {
+		return *m.Content
+	}
+	return ""
+}
+
+func init() {
+	proto.RegisterType((*Version)(nil), "google.protobuf.compiler.Version")
+	proto.RegisterType((*CodeGeneratorRequest)(nil), "google.protobuf.compiler.CodeGeneratorRequest")
+	proto.RegisterType((*CodeGeneratorResponse)(nil), "google.protobuf.compiler.CodeGeneratorResponse")
+	proto.RegisterType((*CodeGeneratorResponse_File)(nil), "google.protobuf.compiler.CodeGeneratorResponse.File")
+}
+
+func init() { proto.RegisterFile("google/protobuf/compiler/plugin.proto", fileDescriptor0) }
+
+var fileDescriptor0 = []byte{
+	// 417 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x92, 0xcf, 0x6a, 0x14, 0x41,
+	0x10, 0xc6, 0x19, 0x77, 0x63, 0x98, 0x8a, 0x64, 0x43, 0x13, 0xa5, 0x09, 0x39, 0x8c, 0x8b, 0xe2,
+	0x5c, 0x32, 0x0b, 0xc1, 0x8b, 0x78, 0x4b, 0x44, 0x3d, 0x78, 0x58, 0x1a, 0xf1, 0x20, 0xc8, 0x30,
+	0x99, 0xd4, 0x74, 0x5a, 0x66, 0xba, 0xc6, 0xee, 0x1e, 0xf1, 0x49, 0x7d, 0x0f, 0xdf, 0x40, 0xfa,
+	0xcf, 0x24, 0xb2, 0xb8, 0xa7, 0xee, 0xef, 0x57, 0xd5, 0xd5, 0x55, 0x1f, 0x05, 0x2f, 0x25, 0x91,
+	0xec, 0x71, 0x33, 0x1a, 0x72, 0x74, 0x33, 0x75, 0x9b, 0x96, 0x86, 0x51, 0xf5, 0x68, 0x36, 0x63,
+	0x3f, 0x49, 0xa5, 0xab, 0x10, 0x60, 0x3c, 0xa6, 0x55, 0x73, 0x5a, 0x35, 0xa7, 0x9d, 0x15, 0xbb,
+	0x05, 0x6e, 0xd1, 0xb6, 0x46, 0x8d, 0x8e, 0x4c, 0xcc, 0x5e, 0xb7, 0x70, 0xf8, 0x05, 0x8d, 0x55,
+	0xa4, 0xd9, 0x29, 0x1c, 0x0c, 0xcd, 0x77, 0x32, 0x3c, 0x2b, 0xb2, 0xf2, 0x40, 0x44, 0x11, 0xa8,
+	0xd2, 0x64, 0xf8, 0xa3, 0x44, 0xbd, 0xf0, 0x74, 0x6c, 0x5c, 0x7b, 0xc7, 0x17, 0x91, 0x06, 0xc1,
+	0x9e, 0xc1, 0x63, 0x3b, 0x75, 0x9d, 0xfa, 0xc5, 0x97, 0x45, 0x56, 0xe6, 0x22, 0xa9, 0xf5, 0x9f,
+	0x0c, 0x4e, 0xaf, 0xe9, 0x16, 0x3f, 0xa0, 0x46, 0xd3, 0x38, 0x32, 0x02, 0x7f, 0x4c, 0x68, 0x1d,
+	0x2b, 0xe1, 0xa4, 0x53, 0x3d, 0xd6, 0x8e, 0x6a, 0x19, 0x63, 0xc8, 0xb3, 0x62, 0x51, 0xe6, 0xe2,
+	0xd8, 0xf3, 0xcf, 0x94, 0x5e, 0x20, 0x3b, 0x87, 0x7c, 0x6c, 0x4c, 0x33, 0xa0, 0xc3, 0xd8, 0x4a,
+	0x2e, 0x1e, 0x00, 0xbb, 0x06, 0x08, 0xe3, 0xd4, 0xfe, 0x15, 0x5f, 0x15, 0x8b, 0xf2, 0xe8, 0xf2,
+	0x45, 0xb5, 0x6b, 0xcb, 0x7b, 0xd5, 0xe3, 0xbb, 0x7b, 0x03, 0xb6, 0x1e, 0x8b, 0x3c, 0x44, 0x7d,
+	0x84, 0x7d, 0x82, 0x93, 0xd9, 0xb8, 0xfa, 0x67, 0xf4, 0x24, 0x8c, 0x77, 0x74, 0xf9, 0xbc, 0xda,
+	0xe7, 0x70, 0x95, 0xcc, 0x13, 0xab, 0x99, 0x24, 0xb0, 0xfe, 0x9d, 0xc1, 0xd3, 0x9d, 0x99, 0xed,
+	0x48, 0xda, 0xa2, 0xf7, 0x0e, 0x8d, 0x49, 0x3e, 0xe7, 0x22, 0x0a, 0xf6, 0x11, 0x96, 0xff, 0x34,
+	0xff, 0x7a, 0xff, 0x8f, 0xff, 0x2d, 0x1a, 0x66, 0x13, 0xa1, 0xc2, 0xd9, 0x37, 0x58, 0x86, 0x79,
+	0x18, 0x2c, 0x75, 0x33, 0x60, 0xfa, 0x26, 0xdc, 0xd9, 0x2b, 0x58, 0x29, 0x6d, 0xd1, 0x38, 0x45,
+	0xba, 0x1e, 0x49, 0x69, 0x97, 0xcc, 0x3c, 0xbe, 0xc7, 0x5b, 0x4f, 0x19, 0x87, 0xc3, 0x96, 0xb4,
+	0x43, 0xed, 0xf8, 0x2a, 0x24, 0xcc, 0xf2, 0x4a, 0xc2, 0x79, 0x4b, 0xc3, 0xde, 0xfe, 0xae, 0x9e,
+	0x6c, 0xc3, 0x6e, 0x06, 0x7b, 0xed, 0xd7, 0x37, 0x52, 0xb9, 0xbb, 0xe9, 0xc6, 0x87, 0x37, 0x92,
+	0xfa, 0x46, 0xcb, 0x87, 0x65, 0x0c, 0x97, 0xf6, 0x42, 0xa2, 0xbe, 0x90, 0x94, 0x56, 0xfa, 0x6d,
+	0x3c, 0x6a, 0x49, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0xf7, 0x15, 0x40, 0xc5, 0xfe, 0x02, 0x00,
+	0x00,
+}
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/plugin/plugin.proto b/vendor/github.com/golang/protobuf/protoc-gen-go/plugin/plugin.proto
new file mode 100644
index 0000000000000..5b5574529ed48
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/plugin/plugin.proto
@@ -0,0 +1,167 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Author: kenton@google.com (Kenton Varda)
+//
+// WARNING:  The plugin interface is currently EXPERIMENTAL and is subject to
+//   change.
+//
+// protoc (aka the Protocol Compiler) can be extended via plugins.  A plugin is
+// just a program that reads a CodeGeneratorRequest from stdin and writes a
+// CodeGeneratorResponse to stdout.
+//
+// Plugins written using C++ can use google/protobuf/compiler/plugin.h instead
+// of dealing with the raw protocol defined here.
+//
+// A plugin executable needs only to be placed somewhere in the path.  The
+// plugin should be named "protoc-gen-$NAME", and will then be used when the
+// flag "--${NAME}_out" is passed to protoc.
+
+syntax = "proto2";
+package google.protobuf.compiler;
+option java_package = "com.google.protobuf.compiler";
+option java_outer_classname = "PluginProtos";
+
+option go_package = "github.com/golang/protobuf/protoc-gen-go/plugin;plugin_go";
+
+import "google/protobuf/descriptor.proto";
+
+// The version number of protocol compiler.
+message Version {
+  optional int32 major = 1;
+  optional int32 minor = 2;
+  optional int32 patch = 3;
+  // A suffix for alpha, beta or rc release, e.g., "alpha-1", "rc2". It should
+  // be empty for mainline stable releases.
+  optional string suffix = 4;
+}
+
+// An encoded CodeGeneratorRequest is written to the plugin's stdin.
+message CodeGeneratorRequest {
+  // The .proto files that were explicitly listed on the command-line.  The
+  // code generator should generate code only for these files.  Each file's
+  // descriptor will be included in proto_file, below.
+  repeated string file_to_generate = 1;
+
+  // The generator parameter passed on the command-line.
+  optional string parameter = 2;
+
+  // FileDescriptorProtos for all files in files_to_generate and everything
+  // they import.  The files will appear in topological order, so each file
+  // appears before any file that imports it.
+  //
+  // protoc guarantees that all proto_files will be written after
+  // the fields above, even though this is not technically guaranteed by the
+  // protobuf wire format.  This theoretically could allow a plugin to stream
+  // in the FileDescriptorProtos and handle them one by one rather than read
+  // the entire set into memory at once.  However, as of this writing, this
+  // is not similarly optimized on protoc's end -- it will store all fields in
+  // memory at once before sending them to the plugin.
+  //
+  // Type names of fields and extensions in the FileDescriptorProto are always
+  // fully qualified.
+  repeated FileDescriptorProto proto_file = 15;
+
+  // The version number of protocol compiler.
+  optional Version compiler_version = 3;
+
+}
+
+// The plugin writes an encoded CodeGeneratorResponse to stdout.
+message CodeGeneratorResponse {
+  // Error message.  If non-empty, code generation failed.  The plugin process
+  // should exit with status code zero even if it reports an error in this way.
+  //
+  // This should be used to indicate errors in .proto files which prevent the
+  // code generator from generating correct code.  Errors which indicate a
+  // problem in protoc itself -- such as the input CodeGeneratorRequest being
+  // unparseable -- should be reported by writing a message to stderr and
+  // exiting with a non-zero status code.
+  optional string error = 1;
+
+  // Represents a single generated file.
+  message File {
+    // The file name, relative to the output directory.  The name must not
+    // contain "." or ".." components and must be relative, not be absolute (so,
+    // the file cannot lie outside the output directory).  "/" must be used as
+    // the path separator, not "\".
+    //
+    // If the name is omitted, the content will be appended to the previous
+    // file.  This allows the generator to break large files into small chunks,
+    // and allows the generated text to be streamed back to protoc so that large
+    // files need not reside completely in memory at one time.  Note that as of
+    // this writing protoc does not optimize for this -- it will read the entire
+    // CodeGeneratorResponse before writing files to disk.
+    optional string name = 1;
+
+    // If non-empty, indicates that the named file should already exist, and the
+    // content here is to be inserted into that file at a defined insertion
+    // point.  This feature allows a code generator to extend the output
+    // produced by another code generator.  The original generator may provide
+    // insertion points by placing special annotations in the file that look
+    // like:
+    //   @@protoc_insertion_point(NAME)
+    // The annotation can have arbitrary text before and after it on the line,
+    // which allows it to be placed in a comment.  NAME should be replaced with
+    // an identifier naming the point -- this is what other generators will use
+    // as the insertion_point.  Code inserted at this point will be placed
+    // immediately above the line containing the insertion point (thus multiple
+    // insertions to the same point will come out in the order they were added).
+    // The double-@ is intended to make it unlikely that the generated code
+    // could contain things that look like insertion points by accident.
+    //
+    // For example, the C++ code generator places the following line in the
+    // .pb.h files that it generates:
+    //   // @@protoc_insertion_point(namespace_scope)
+    // This line appears within the scope of the file's package namespace, but
+    // outside of any particular class.  Another plugin can then specify the
+    // insertion_point "namespace_scope" to generate additional classes or
+    // other declarations that should be placed in this scope.
+    //
+    // Note that if the line containing the insertion point begins with
+    // whitespace, the same whitespace will be added to every line of the
+    // inserted text.  This is useful for languages like Python, where
+    // indentation matters.  In these languages, the insertion point comment
+    // should be indented the same amount as any inserted code will need to be
+    // in order to work correctly in that context.
+    //
+    // The code generator that generates the initial file and the one which
+    // inserts into it must both run as part of a single invocation of protoc.
+    // Code generators are executed in the order in which they appear on the
+    // command line.
+    //
+    // If |insertion_point| is present, |name| must also be present.
+    optional string insertion_point = 2;
+
+    // The file contents.
+    optional string content = 15;
+  }
+  repeated File file = 15;
+}
diff --git a/vendor/github.com/golang/protobuf/ptypes/any.go b/vendor/github.com/golang/protobuf/ptypes/any.go
index b2af97f4a9823..70276e8f5c946 100644
--- a/vendor/github.com/golang/protobuf/ptypes/any.go
+++ b/vendor/github.com/golang/protobuf/ptypes/any.go
@@ -130,10 +130,12 @@ func UnmarshalAny(any *any.Any, pb proto.Message) error {
 
 // Is returns true if any value contains a given message type.
 func Is(any *any.Any, pb proto.Message) bool {
-	aname, err := AnyMessageName(any)
-	if err != nil {
+	// The following is equivalent to AnyMessageName(any) == proto.MessageName(pb),
+	// but it avoids scanning TypeUrl for the slash.
+	if any == nil {
 		return false
 	}
-
-	return aname == proto.MessageName(pb)
+	name := proto.MessageName(pb)
+	prefix := len(any.TypeUrl) - len(name)
+	return prefix >= 1 && any.TypeUrl[prefix-1] == '/' && any.TypeUrl[prefix:] == name
 }
diff --git a/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go b/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go
index f67edc7dc2bfc..7b0ad1ad86cd0 100644
--- a/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go
+++ b/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go
@@ -1,11 +1,13 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/protobuf/any.proto
 
-package any // import "github.com/golang/protobuf/ptypes/any"
+package any
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,7 +18,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // `Any` contains an arbitrary serialized protocol buffer message along with a
 // URL that describes the type of the serialized message.
@@ -99,17 +101,19 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
 //     }
 //
 type Any struct {
-	// A URL/resource name whose content describes the type of the
-	// serialized protocol buffer message.
+	// A URL/resource name that uniquely identifies the type of the serialized
+	// protocol buffer message. This string must contain at least
+	// one "/" character. The last segment of the URL's path must represent
+	// the fully qualified name of the type (as in
+	// `path/google.protobuf.Duration`). The name should be in a canonical form
+	// (e.g., leading "." is not accepted).
 	//
-	// For URLs which use the scheme `http`, `https`, or no scheme, the
-	// following restrictions and interpretations apply:
+	// In practice, teams usually precompile into the binary all types that they
+	// expect it to use in the context of Any. However, for URLs which use the
+	// scheme `http`, `https`, or no scheme, one can optionally set up a type
+	// server that maps type URLs to message definitions as follows:
 	//
 	// * If no scheme is provided, `https` is assumed.
-	// * The last segment of the URL's path must represent the fully
-	//   qualified name of the type (as in `path/google.protobuf.Duration`).
-	//   The name should be in a canonical form (e.g., leading "." is
-	//   not accepted).
 	// * An HTTP GET on the URL must yield a [google.protobuf.Type][]
 	//   value in binary format, or produce an error.
 	// * Applications are allowed to cache lookup results based on the
@@ -118,10 +122,14 @@ type Any struct {
 	//   on changes to types. (Use versioned type names to manage
 	//   breaking changes.)
 	//
+	// Note: this functionality is not currently available in the official
+	// protobuf release, and it is not used for type URLs beginning with
+	// type.googleapis.com.
+	//
 	// Schemes other than `http`, `https` (or the empty scheme) might be
 	// used with implementation specific semantics.
 	//
-	TypeUrl string `protobuf:"bytes,1,opt,name=type_url,json=typeUrl" json:"type_url,omitempty"`
+	TypeUrl string `protobuf:"bytes,1,opt,name=type_url,json=typeUrl,proto3" json:"type_url,omitempty"`
 	// Must be a valid serialized protocol buffer of the above specified type.
 	Value                []byte   `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
@@ -133,17 +141,19 @@ func (m *Any) Reset()         { *m = Any{} }
 func (m *Any) String() string { return proto.CompactTextString(m) }
 func (*Any) ProtoMessage()    {}
 func (*Any) Descriptor() ([]byte, []int) {
-	return fileDescriptor_any_744b9ca530f228db, []int{0}
+	return fileDescriptor_b53526c13ae22eb4, []int{0}
 }
+
 func (*Any) XXX_WellKnownType() string { return "Any" }
+
 func (m *Any) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Any.Unmarshal(m, b)
 }
 func (m *Any) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Any.Marshal(b, m, deterministic)
 }
-func (dst *Any) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Any.Merge(dst, src)
+func (m *Any) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Any.Merge(m, src)
 }
 func (m *Any) XXX_Size() int {
 	return xxx_messageInfo_Any.Size(m)
@@ -172,9 +182,11 @@ func init() {
 	proto.RegisterType((*Any)(nil), "google.protobuf.Any")
 }
 
-func init() { proto.RegisterFile("google/protobuf/any.proto", fileDescriptor_any_744b9ca530f228db) }
+func init() {
+	proto.RegisterFile("google/protobuf/any.proto", fileDescriptor_b53526c13ae22eb4)
+}
 
-var fileDescriptor_any_744b9ca530f228db = []byte{
+var fileDescriptor_b53526c13ae22eb4 = []byte{
 	// 185 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4c, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0xcc, 0xab, 0xd4,
diff --git a/vendor/github.com/golang/protobuf/ptypes/any/any.proto b/vendor/github.com/golang/protobuf/ptypes/any/any.proto
index c74866762315f..c9be85416736c 100644
--- a/vendor/github.com/golang/protobuf/ptypes/any/any.proto
+++ b/vendor/github.com/golang/protobuf/ptypes/any/any.proto
@@ -120,17 +120,19 @@ option objc_class_prefix = "GPB";
 //     }
 //
 message Any {
-  // A URL/resource name whose content describes the type of the
-  // serialized protocol buffer message.
+  // A URL/resource name that uniquely identifies the type of the serialized
+  // protocol buffer message. This string must contain at least
+  // one "/" character. The last segment of the URL's path must represent
+  // the fully qualified name of the type (as in
+  // `path/google.protobuf.Duration`). The name should be in a canonical form
+  // (e.g., leading "." is not accepted).
   //
-  // For URLs which use the scheme `http`, `https`, or no scheme, the
-  // following restrictions and interpretations apply:
+  // In practice, teams usually precompile into the binary all types that they
+  // expect it to use in the context of Any. However, for URLs which use the
+  // scheme `http`, `https`, or no scheme, one can optionally set up a type
+  // server that maps type URLs to message definitions as follows:
   //
   // * If no scheme is provided, `https` is assumed.
-  // * The last segment of the URL's path must represent the fully
-  //   qualified name of the type (as in `path/google.protobuf.Duration`).
-  //   The name should be in a canonical form (e.g., leading "." is
-  //   not accepted).
   // * An HTTP GET on the URL must yield a [google.protobuf.Type][]
   //   value in binary format, or produce an error.
   // * Applications are allowed to cache lookup results based on the
@@ -139,6 +141,10 @@ message Any {
   //   on changes to types. (Use versioned type names to manage
   //   breaking changes.)
   //
+  // Note: this functionality is not currently available in the official
+  // protobuf release, and it is not used for type URLs beginning with
+  // type.googleapis.com.
+  //
   // Schemes other than `http`, `https` (or the empty scheme) might be
   // used with implementation specific semantics.
   //
diff --git a/vendor/github.com/golang/protobuf/ptypes/duration.go b/vendor/github.com/golang/protobuf/ptypes/duration.go
index 65cb0f8eb5f33..26d1ca2fb589c 100644
--- a/vendor/github.com/golang/protobuf/ptypes/duration.go
+++ b/vendor/github.com/golang/protobuf/ptypes/duration.go
@@ -82,7 +82,7 @@ func Duration(p *durpb.Duration) (time.Duration, error) {
 		return 0, fmt.Errorf("duration: %v is out of range for time.Duration", p)
 	}
 	if p.Nanos != 0 {
-		d += time.Duration(p.Nanos)
+		d += time.Duration(p.Nanos) * time.Nanosecond
 		if (d < 0) != (p.Nanos < 0) {
 			return 0, fmt.Errorf("duration: %v is out of range for time.Duration", p)
 		}
diff --git a/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go b/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go
index 4d75473b8b2bf..58b0786990d17 100644
--- a/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go
+++ b/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go
@@ -1,11 +1,13 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/protobuf/duration.proto
 
-package duration // import "github.com/golang/protobuf/ptypes/duration"
+package duration
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,7 +18,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // A Duration represents a signed, fixed-length span of time represented
 // as a count of seconds and fractions of seconds at nanosecond
@@ -39,7 +41,7 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
 //     if (duration.seconds < 0 && duration.nanos > 0) {
 //       duration.seconds += 1;
 //       duration.nanos -= 1000000000;
-//     } else if (durations.seconds > 0 && duration.nanos < 0) {
+//     } else if (duration.seconds > 0 && duration.nanos < 0) {
 //       duration.seconds -= 1;
 //       duration.nanos += 1000000000;
 //     }
@@ -82,14 +84,14 @@ type Duration struct {
 	// Signed seconds of the span of time. Must be from -315,576,000,000
 	// to +315,576,000,000 inclusive. Note: these bounds are computed from:
 	// 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
-	Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"`
+	Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"`
 	// Signed fractions of a second at nanosecond resolution of the span
 	// of time. Durations less than one second are represented with a 0
 	// `seconds` field and a positive or negative `nanos` field. For durations
 	// of one second or more, a non-zero value for the `nanos` field must be
 	// of the same sign as the `seconds` field. Must be from -999,999,999
 	// to +999,999,999 inclusive.
-	Nanos                int32    `protobuf:"varint,2,opt,name=nanos" json:"nanos,omitempty"`
+	Nanos                int32    `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -99,17 +101,19 @@ func (m *Duration) Reset()         { *m = Duration{} }
 func (m *Duration) String() string { return proto.CompactTextString(m) }
 func (*Duration) ProtoMessage()    {}
 func (*Duration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_duration_e7d612259e3f0613, []int{0}
+	return fileDescriptor_23597b2ebd7ac6c5, []int{0}
 }
+
 func (*Duration) XXX_WellKnownType() string { return "Duration" }
+
 func (m *Duration) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Duration.Unmarshal(m, b)
 }
 func (m *Duration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Duration.Marshal(b, m, deterministic)
 }
-func (dst *Duration) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Duration.Merge(dst, src)
+func (m *Duration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Duration.Merge(m, src)
 }
 func (m *Duration) XXX_Size() int {
 	return xxx_messageInfo_Duration.Size(m)
@@ -139,10 +143,10 @@ func init() {
 }
 
 func init() {
-	proto.RegisterFile("google/protobuf/duration.proto", fileDescriptor_duration_e7d612259e3f0613)
+	proto.RegisterFile("google/protobuf/duration.proto", fileDescriptor_23597b2ebd7ac6c5)
 }
 
-var fileDescriptor_duration_e7d612259e3f0613 = []byte{
+var fileDescriptor_23597b2ebd7ac6c5 = []byte{
 	// 190 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4b, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0x29, 0x2d, 0x4a,
diff --git a/vendor/github.com/golang/protobuf/ptypes/duration/duration.proto b/vendor/github.com/golang/protobuf/ptypes/duration/duration.proto
index 975fce41aae05..99cb102c353fa 100644
--- a/vendor/github.com/golang/protobuf/ptypes/duration/duration.proto
+++ b/vendor/github.com/golang/protobuf/ptypes/duration/duration.proto
@@ -61,7 +61,7 @@ option objc_class_prefix = "GPB";
 //     if (duration.seconds < 0 && duration.nanos > 0) {
 //       duration.seconds += 1;
 //       duration.nanos -= 1000000000;
-//     } else if (durations.seconds > 0 && duration.nanos < 0) {
+//     } else if (duration.seconds > 0 && duration.nanos < 0) {
 //       duration.seconds -= 1;
 //       duration.nanos += 1000000000;
 //     }
@@ -101,7 +101,6 @@ option objc_class_prefix = "GPB";
 //
 //
 message Duration {
-
   // Signed seconds of the span of time. Must be from -315,576,000,000
   // to +315,576,000,000 inclusive. Note: these bounds are computed from:
   // 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
diff --git a/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go b/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go
index a69b403ce1562..6bd9f67480a4d 100644
--- a/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go
+++ b/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go
@@ -1,11 +1,13 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/protobuf/empty.proto
 
-package empty // import "github.com/golang/protobuf/ptypes/empty"
+package empty
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,7 +18,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // A generic empty message that you can re-use to avoid defining duplicated
 // empty messages in your APIs. A typical example is to use it as the request
@@ -37,17 +39,19 @@ func (m *Empty) Reset()         { *m = Empty{} }
 func (m *Empty) String() string { return proto.CompactTextString(m) }
 func (*Empty) ProtoMessage()    {}
 func (*Empty) Descriptor() ([]byte, []int) {
-	return fileDescriptor_empty_39e6d6db0632e5b2, []int{0}
+	return fileDescriptor_900544acb223d5b8, []int{0}
 }
+
 func (*Empty) XXX_WellKnownType() string { return "Empty" }
+
 func (m *Empty) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Empty.Unmarshal(m, b)
 }
 func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Empty.Marshal(b, m, deterministic)
 }
-func (dst *Empty) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Empty.Merge(dst, src)
+func (m *Empty) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Empty.Merge(m, src)
 }
 func (m *Empty) XXX_Size() int {
 	return xxx_messageInfo_Empty.Size(m)
@@ -62,9 +66,11 @@ func init() {
 	proto.RegisterType((*Empty)(nil), "google.protobuf.Empty")
 }
 
-func init() { proto.RegisterFile("google/protobuf/empty.proto", fileDescriptor_empty_39e6d6db0632e5b2) }
+func init() {
+	proto.RegisterFile("google/protobuf/empty.proto", fileDescriptor_900544acb223d5b8)
+}
 
-var fileDescriptor_empty_39e6d6db0632e5b2 = []byte{
+var fileDescriptor_900544acb223d5b8 = []byte{
 	// 148 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4e, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0xcd, 0x2d, 0x28,
diff --git a/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go b/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go
index 442c0e0999ca7..d82d6176b514b 100644
--- a/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go
+++ b/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go
@@ -1,11 +1,13 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/protobuf/struct.proto
 
-package structpb // import "github.com/golang/protobuf/ptypes/struct"
+package structpb
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,7 +18,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // `NullValue` is a singleton enumeration to represent the null value for the
 // `Value` type union.
@@ -32,6 +34,7 @@ const (
 var NullValue_name = map[int32]string{
 	0: "NULL_VALUE",
 }
+
 var NullValue_value = map[string]int32{
 	"NULL_VALUE": 0,
 }
@@ -39,9 +42,11 @@ var NullValue_value = map[string]int32{
 func (x NullValue) String() string {
 	return proto.EnumName(NullValue_name, int32(x))
 }
+
 func (NullValue) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_struct_3a5a94e0c7801b27, []int{0}
+	return fileDescriptor_df322afd6c9fb402, []int{0}
 }
+
 func (NullValue) XXX_WellKnownType() string { return "NullValue" }
 
 // `Struct` represents a structured data value, consisting of fields
@@ -54,7 +59,7 @@ func (NullValue) XXX_WellKnownType() string { return "NullValue" }
 // The JSON representation for `Struct` is JSON object.
 type Struct struct {
 	// Unordered map of dynamically typed values.
-	Fields               map[string]*Value `protobuf:"bytes,1,rep,name=fields" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
+	Fields               map[string]*Value `protobuf:"bytes,1,rep,name=fields,proto3" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
 	XXX_unrecognized     []byte            `json:"-"`
 	XXX_sizecache        int32             `json:"-"`
@@ -64,17 +69,19 @@ func (m *Struct) Reset()         { *m = Struct{} }
 func (m *Struct) String() string { return proto.CompactTextString(m) }
 func (*Struct) ProtoMessage()    {}
 func (*Struct) Descriptor() ([]byte, []int) {
-	return fileDescriptor_struct_3a5a94e0c7801b27, []int{0}
+	return fileDescriptor_df322afd6c9fb402, []int{0}
 }
+
 func (*Struct) XXX_WellKnownType() string { return "Struct" }
+
 func (m *Struct) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Struct.Unmarshal(m, b)
 }
 func (m *Struct) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Struct.Marshal(b, m, deterministic)
 }
-func (dst *Struct) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Struct.Merge(dst, src)
+func (m *Struct) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Struct.Merge(m, src)
 }
 func (m *Struct) XXX_Size() int {
 	return xxx_messageInfo_Struct.Size(m)
@@ -118,17 +125,19 @@ func (m *Value) Reset()         { *m = Value{} }
 func (m *Value) String() string { return proto.CompactTextString(m) }
 func (*Value) ProtoMessage()    {}
 func (*Value) Descriptor() ([]byte, []int) {
-	return fileDescriptor_struct_3a5a94e0c7801b27, []int{1}
+	return fileDescriptor_df322afd6c9fb402, []int{1}
 }
+
 func (*Value) XXX_WellKnownType() string { return "Value" }
+
 func (m *Value) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Value.Unmarshal(m, b)
 }
 func (m *Value) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Value.Marshal(b, m, deterministic)
 }
-func (dst *Value) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Value.Merge(dst, src)
+func (m *Value) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Value.Merge(m, src)
 }
 func (m *Value) XXX_Size() int {
 	return xxx_messageInfo_Value.Size(m)
@@ -144,30 +153,40 @@ type isValue_Kind interface {
 }
 
 type Value_NullValue struct {
-	NullValue NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,enum=google.protobuf.NullValue,oneof"`
+	NullValue NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=google.protobuf.NullValue,oneof"`
 }
+
 type Value_NumberValue struct {
-	NumberValue float64 `protobuf:"fixed64,2,opt,name=number_value,json=numberValue,oneof"`
+	NumberValue float64 `protobuf:"fixed64,2,opt,name=number_value,json=numberValue,proto3,oneof"`
 }
+
 type Value_StringValue struct {
-	StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,oneof"`
+	StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,proto3,oneof"`
 }
+
 type Value_BoolValue struct {
-	BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,oneof"`
+	BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,proto3,oneof"`
 }
+
 type Value_StructValue struct {
-	StructValue *Struct `protobuf:"bytes,5,opt,name=struct_value,json=structValue,oneof"`
+	StructValue *Struct `protobuf:"bytes,5,opt,name=struct_value,json=structValue,proto3,oneof"`
 }
+
 type Value_ListValue struct {
-	ListValue *ListValue `protobuf:"bytes,6,opt,name=list_value,json=listValue,oneof"`
+	ListValue *ListValue `protobuf:"bytes,6,opt,name=list_value,json=listValue,proto3,oneof"`
 }
 
-func (*Value_NullValue) isValue_Kind()   {}
+func (*Value_NullValue) isValue_Kind() {}
+
 func (*Value_NumberValue) isValue_Kind() {}
+
 func (*Value_StringValue) isValue_Kind() {}
-func (*Value_BoolValue) isValue_Kind()   {}
+
+func (*Value_BoolValue) isValue_Kind() {}
+
 func (*Value_StructValue) isValue_Kind() {}
-func (*Value_ListValue) isValue_Kind()   {}
+
+func (*Value_ListValue) isValue_Kind() {}
 
 func (m *Value) GetKind() isValue_Kind {
 	if m != nil {
@@ -218,9 +237,9 @@ func (m *Value) GetListValue() *ListValue {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Value) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _Value_OneofMarshaler, _Value_OneofUnmarshaler, _Value_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Value) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*Value_NullValue)(nil),
 		(*Value_NumberValue)(nil),
 		(*Value_StringValue)(nil),
@@ -230,135 +249,12 @@ func (*Value) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error,
 	}
 }
 
-func _Value_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*Value)
-	// kind
-	switch x := m.Kind.(type) {
-	case *Value_NullValue:
-		b.EncodeVarint(1<<3 | proto.WireVarint)
-		b.EncodeVarint(uint64(x.NullValue))
-	case *Value_NumberValue:
-		b.EncodeVarint(2<<3 | proto.WireFixed64)
-		b.EncodeFixed64(math.Float64bits(x.NumberValue))
-	case *Value_StringValue:
-		b.EncodeVarint(3<<3 | proto.WireBytes)
-		b.EncodeStringBytes(x.StringValue)
-	case *Value_BoolValue:
-		t := uint64(0)
-		if x.BoolValue {
-			t = 1
-		}
-		b.EncodeVarint(4<<3 | proto.WireVarint)
-		b.EncodeVarint(t)
-	case *Value_StructValue:
-		b.EncodeVarint(5<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.StructValue); err != nil {
-			return err
-		}
-	case *Value_ListValue:
-		b.EncodeVarint(6<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.ListValue); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("Value.Kind has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _Value_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*Value)
-	switch tag {
-	case 1: // kind.null_value
-		if wire != proto.WireVarint {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeVarint()
-		m.Kind = &Value_NullValue{NullValue(x)}
-		return true, err
-	case 2: // kind.number_value
-		if wire != proto.WireFixed64 {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeFixed64()
-		m.Kind = &Value_NumberValue{math.Float64frombits(x)}
-		return true, err
-	case 3: // kind.string_value
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Kind = &Value_StringValue{x}
-		return true, err
-	case 4: // kind.bool_value
-		if wire != proto.WireVarint {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeVarint()
-		m.Kind = &Value_BoolValue{x != 0}
-		return true, err
-	case 5: // kind.struct_value
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Struct)
-		err := b.DecodeMessage(msg)
-		m.Kind = &Value_StructValue{msg}
-		return true, err
-	case 6: // kind.list_value
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(ListValue)
-		err := b.DecodeMessage(msg)
-		m.Kind = &Value_ListValue{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _Value_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*Value)
-	// kind
-	switch x := m.Kind.(type) {
-	case *Value_NullValue:
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(x.NullValue))
-	case *Value_NumberValue:
-		n += 1 // tag and wire
-		n += 8
-	case *Value_StringValue:
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(len(x.StringValue)))
-		n += len(x.StringValue)
-	case *Value_BoolValue:
-		n += 1 // tag and wire
-		n += 1
-	case *Value_StructValue:
-		s := proto.Size(x.StructValue)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Value_ListValue:
-		s := proto.Size(x.ListValue)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // `ListValue` is a wrapper around a repeated field of values.
 //
 // The JSON representation for `ListValue` is JSON array.
 type ListValue struct {
 	// Repeated field of dynamically typed values.
-	Values               []*Value `protobuf:"bytes,1,rep,name=values" json:"values,omitempty"`
+	Values               []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -368,17 +264,19 @@ func (m *ListValue) Reset()         { *m = ListValue{} }
 func (m *ListValue) String() string { return proto.CompactTextString(m) }
 func (*ListValue) ProtoMessage()    {}
 func (*ListValue) Descriptor() ([]byte, []int) {
-	return fileDescriptor_struct_3a5a94e0c7801b27, []int{2}
+	return fileDescriptor_df322afd6c9fb402, []int{2}
 }
+
 func (*ListValue) XXX_WellKnownType() string { return "ListValue" }
+
 func (m *ListValue) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListValue.Unmarshal(m, b)
 }
 func (m *ListValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListValue.Marshal(b, m, deterministic)
 }
-func (dst *ListValue) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListValue.Merge(dst, src)
+func (m *ListValue) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListValue.Merge(m, src)
 }
 func (m *ListValue) XXX_Size() int {
 	return xxx_messageInfo_ListValue.Size(m)
@@ -397,18 +295,18 @@ func (m *ListValue) GetValues() []*Value {
 }
 
 func init() {
+	proto.RegisterEnum("google.protobuf.NullValue", NullValue_name, NullValue_value)
 	proto.RegisterType((*Struct)(nil), "google.protobuf.Struct")
 	proto.RegisterMapType((map[string]*Value)(nil), "google.protobuf.Struct.FieldsEntry")
 	proto.RegisterType((*Value)(nil), "google.protobuf.Value")
 	proto.RegisterType((*ListValue)(nil), "google.protobuf.ListValue")
-	proto.RegisterEnum("google.protobuf.NullValue", NullValue_name, NullValue_value)
 }
 
 func init() {
-	proto.RegisterFile("google/protobuf/struct.proto", fileDescriptor_struct_3a5a94e0c7801b27)
+	proto.RegisterFile("google/protobuf/struct.proto", fileDescriptor_df322afd6c9fb402)
 }
 
-var fileDescriptor_struct_3a5a94e0c7801b27 = []byte{
+var fileDescriptor_df322afd6c9fb402 = []byte{
 	// 417 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x92, 0x41, 0x8b, 0xd3, 0x40,
 	0x14, 0xc7, 0x3b, 0xc9, 0x36, 0x98, 0x17, 0x59, 0x97, 0x11, 0xb4, 0xac, 0xa2, 0xa1, 0x7b, 0x09,
diff --git a/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto b/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto
index 7d7808e7fbb69..ed990e31d9590 100644
--- a/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto
+++ b/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto
@@ -40,7 +40,6 @@ option java_outer_classname = "StructProto";
 option java_multiple_files = true;
 option objc_class_prefix = "GPB";
 
-
 // `Struct` represents a structured data value, consisting of fields
 // which map to dynamically typed values. In some languages, `Struct`
 // might be supported by a native representation. For example, in
diff --git a/vendor/github.com/golang/protobuf/ptypes/timestamp.go b/vendor/github.com/golang/protobuf/ptypes/timestamp.go
index 47f10dbc2ccce..8da0df01acd17 100644
--- a/vendor/github.com/golang/protobuf/ptypes/timestamp.go
+++ b/vendor/github.com/golang/protobuf/ptypes/timestamp.go
@@ -111,11 +111,9 @@ func TimestampNow() *tspb.Timestamp {
 // TimestampProto converts the time.Time to a google.protobuf.Timestamp proto.
 // It returns an error if the resulting Timestamp is invalid.
 func TimestampProto(t time.Time) (*tspb.Timestamp, error) {
-	seconds := t.Unix()
-	nanos := int32(t.Sub(time.Unix(seconds, 0)))
 	ts := &tspb.Timestamp{
-		Seconds: seconds,
-		Nanos:   nanos,
+		Seconds: t.Unix(),
+		Nanos:   int32(t.Nanosecond()),
 	}
 	if err := validateTimestamp(ts); err != nil {
 		return nil, err
diff --git a/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go b/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go
index e9c2222821664..7a3b1e40e291c 100644
--- a/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go
+++ b/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go
@@ -1,11 +1,13 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/protobuf/timestamp.proto
 
-package timestamp // import "github.com/golang/protobuf/ptypes/timestamp"
+package timestamp
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,19 +18,21 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
-// A Timestamp represents a point in time independent of any time zone
-// or calendar, represented as seconds and fractions of seconds at
-// nanosecond resolution in UTC Epoch time. It is encoded using the
-// Proleptic Gregorian Calendar which extends the Gregorian calendar
-// backwards to year one. It is encoded assuming all minutes are 60
-// seconds long, i.e. leap seconds are "smeared" so that no leap second
-// table is needed for interpretation. Range is from
-// 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z.
-// By restricting to that range, we ensure that we can convert to
-// and from  RFC 3339 date strings.
-// See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).
+// A Timestamp represents a point in time independent of any time zone or local
+// calendar, encoded as a count of seconds and fractions of seconds at
+// nanosecond resolution. The count is relative to an epoch at UTC midnight on
+// January 1, 1970, in the proleptic Gregorian calendar which extends the
+// Gregorian calendar backwards to year one.
+//
+// All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
+// second table is needed for interpretation, using a [24-hour linear
+// smear](https://developers.google.com/time/smear).
+//
+// The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
+// restricting to that range, we ensure that we can convert to and from [RFC
+// 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
 //
 // # Examples
 //
@@ -81,31 +85,35 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
 // {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
 // seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
 // are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
-// is required, though only UTC (as indicated by "Z") is presently supported.
+// is required. A proto3 JSON serializer should always use UTC (as indicated by
+// "Z") when printing the Timestamp type and a proto3 JSON parser should be
+// able to accept both UTC and other timezones (as indicated by an offset).
 //
 // For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
 // 01:30 UTC on January 15, 2017.
 //
 // In JavaScript, one can convert a Date object to this format using the
-// standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString]
+// standard
+// [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
 // method. In Python, a standard `datetime.datetime` object can be converted
-// to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)
-// with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one
-// can use the Joda Time's [`ISODateTimeFormat.dateTime()`](
-// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime--)
-// to obtain a formatter capable of generating timestamps in this format.
+// to this format using
+// [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
+// the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
+// the Joda Time's [`ISODateTimeFormat.dateTime()`](
+// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// ) to obtain a formatter capable of generating timestamps in this format.
 //
 //
 type Timestamp struct {
 	// Represents seconds of UTC time since Unix epoch
 	// 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
 	// 9999-12-31T23:59:59Z inclusive.
-	Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"`
+	Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"`
 	// Non-negative fractions of a second at nanosecond resolution. Negative
 	// second values with fractions must still have non-negative nanos values
 	// that count forward in time. Must be from 0 to 999,999,999
 	// inclusive.
-	Nanos                int32    `protobuf:"varint,2,opt,name=nanos" json:"nanos,omitempty"`
+	Nanos                int32    `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -115,17 +123,19 @@ func (m *Timestamp) Reset()         { *m = Timestamp{} }
 func (m *Timestamp) String() string { return proto.CompactTextString(m) }
 func (*Timestamp) ProtoMessage()    {}
 func (*Timestamp) Descriptor() ([]byte, []int) {
-	return fileDescriptor_timestamp_b826e8e5fba671a8, []int{0}
+	return fileDescriptor_292007bbfe81227e, []int{0}
 }
+
 func (*Timestamp) XXX_WellKnownType() string { return "Timestamp" }
+
 func (m *Timestamp) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Timestamp.Unmarshal(m, b)
 }
 func (m *Timestamp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Timestamp.Marshal(b, m, deterministic)
 }
-func (dst *Timestamp) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Timestamp.Merge(dst, src)
+func (m *Timestamp) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Timestamp.Merge(m, src)
 }
 func (m *Timestamp) XXX_Size() int {
 	return xxx_messageInfo_Timestamp.Size(m)
@@ -155,10 +165,10 @@ func init() {
 }
 
 func init() {
-	proto.RegisterFile("google/protobuf/timestamp.proto", fileDescriptor_timestamp_b826e8e5fba671a8)
+	proto.RegisterFile("google/protobuf/timestamp.proto", fileDescriptor_292007bbfe81227e)
 }
 
-var fileDescriptor_timestamp_b826e8e5fba671a8 = []byte{
+var fileDescriptor_292007bbfe81227e = []byte{
 	// 191 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4f, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0xc9, 0xcc, 0x4d,
diff --git a/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto b/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto
index 06750ab1f127d..cd357864a9e47 100644
--- a/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto
+++ b/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto
@@ -40,17 +40,19 @@ option java_outer_classname = "TimestampProto";
 option java_multiple_files = true;
 option objc_class_prefix = "GPB";
 
-// A Timestamp represents a point in time independent of any time zone
-// or calendar, represented as seconds and fractions of seconds at
-// nanosecond resolution in UTC Epoch time. It is encoded using the
-// Proleptic Gregorian Calendar which extends the Gregorian calendar
-// backwards to year one. It is encoded assuming all minutes are 60
-// seconds long, i.e. leap seconds are "smeared" so that no leap second
-// table is needed for interpretation. Range is from
-// 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z.
-// By restricting to that range, we ensure that we can convert to
-// and from  RFC 3339 date strings.
-// See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).
+// A Timestamp represents a point in time independent of any time zone or local
+// calendar, encoded as a count of seconds and fractions of seconds at
+// nanosecond resolution. The count is relative to an epoch at UTC midnight on
+// January 1, 1970, in the proleptic Gregorian calendar which extends the
+// Gregorian calendar backwards to year one.
+//
+// All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
+// second table is needed for interpretation, using a [24-hour linear
+// smear](https://developers.google.com/time/smear).
+//
+// The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
+// restricting to that range, we ensure that we can convert to and from [RFC
+// 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
 //
 // # Examples
 //
@@ -103,23 +105,26 @@ option objc_class_prefix = "GPB";
 // {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
 // seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
 // are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
-// is required, though only UTC (as indicated by "Z") is presently supported.
+// is required. A proto3 JSON serializer should always use UTC (as indicated by
+// "Z") when printing the Timestamp type and a proto3 JSON parser should be
+// able to accept both UTC and other timezones (as indicated by an offset).
 //
 // For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
 // 01:30 UTC on January 15, 2017.
 //
 // In JavaScript, one can convert a Date object to this format using the
-// standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString]
+// standard
+// [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
 // method. In Python, a standard `datetime.datetime` object can be converted
-// to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)
-// with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one
-// can use the Joda Time's [`ISODateTimeFormat.dateTime()`](
-// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime--)
-// to obtain a formatter capable of generating timestamps in this format.
+// to this format using
+// [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
+// the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
+// the Joda Time's [`ISODateTimeFormat.dateTime()`](
+// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// ) to obtain a formatter capable of generating timestamps in this format.
 //
 //
 message Timestamp {
-
   // Represents seconds of UTC time since Unix epoch
   // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
   // 9999-12-31T23:59:59Z inclusive.
diff --git a/vendor/gotest.tools/LICENSE b/vendor/github.com/google/btree/LICENSE
similarity index 100%
rename from vendor/gotest.tools/LICENSE
rename to vendor/github.com/google/btree/LICENSE
diff --git a/vendor/github.com/google/btree/README.md b/vendor/github.com/google/btree/README.md
new file mode 100644
index 0000000000000..6062a4dacd493
--- /dev/null
+++ b/vendor/github.com/google/btree/README.md
@@ -0,0 +1,12 @@
+# BTree implementation for Go
+
+![Travis CI Build Status](https://api.travis-ci.org/google/btree.svg?branch=master)
+
+This package provides an in-memory B-Tree implementation for Go, useful as
+an ordered, mutable data structure.
+
+The API is based off of the wonderful
+http://godoc.org/github.com/petar/GoLLRB/llrb, and is meant to allow btree to
+act as a drop-in replacement for gollrb trees.
+
+See http://godoc.org/github.com/google/btree for documentation.
diff --git a/vendor/github.com/google/btree/btree.go b/vendor/github.com/google/btree/btree.go
new file mode 100644
index 0000000000000..b83acdbc6d3ab
--- /dev/null
+++ b/vendor/github.com/google/btree/btree.go
@@ -0,0 +1,890 @@
+// Copyright 2014 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package btree implements in-memory B-Trees of arbitrary degree.
+//
+// btree implements an in-memory B-Tree for use as an ordered data structure.
+// It is not meant for persistent storage solutions.
+//
+// It has a flatter structure than an equivalent red-black or other binary tree,
+// which in some cases yields better memory usage and/or performance.
+// See some discussion on the matter here:
+//   http://google-opensource.blogspot.com/2013/01/c-containers-that-save-memory-and-time.html
+// Note, though, that this project is in no way related to the C++ B-Tree
+// implementation written about there.
+//
+// Within this tree, each node contains a slice of items and a (possibly nil)
+// slice of children.  For basic numeric values or raw structs, this can cause
+// efficiency differences when compared to equivalent C++ template code that
+// stores values in arrays within the node:
+//   * Due to the overhead of storing values as interfaces (each
+//     value needs to be stored as the value itself, then 2 words for the
+//     interface pointing to that value and its type), resulting in higher
+//     memory use.
+//   * Since interfaces can point to values anywhere in memory, values are
+//     most likely not stored in contiguous blocks, resulting in a higher
+//     number of cache misses.
+// These issues don't tend to matter, though, when working with strings or other
+// heap-allocated structures, since C++-equivalent structures also must store
+// pointers and also distribute their values across the heap.
+//
+// This implementation is designed to be a drop-in replacement to gollrb.LLRB
+// trees, (http://github.com/petar/gollrb), an excellent and probably the most
+// widely used ordered tree implementation in the Go ecosystem currently.
+// Its functions, therefore, exactly mirror those of
+// llrb.LLRB where possible.  Unlike gollrb, though, we currently don't
+// support storing multiple equivalent values.
+package btree
+
+import (
+	"fmt"
+	"io"
+	"sort"
+	"strings"
+	"sync"
+)
+
+// Item represents a single object in the tree.
+type Item interface {
+	// Less tests whether the current item is less than the given argument.
+	//
+	// This must provide a strict weak ordering.
+	// If !a.Less(b) && !b.Less(a), we treat this to mean a == b (i.e. we can only
+	// hold one of either a or b in the tree).
+	Less(than Item) bool
+}
+
+const (
+	DefaultFreeListSize = 32
+)
+
+var (
+	nilItems    = make(items, 16)
+	nilChildren = make(children, 16)
+)
+
+// FreeList represents a free list of btree nodes. By default each
+// BTree has its own FreeList, but multiple BTrees can share the same
+// FreeList.
+// Two Btrees using the same freelist are safe for concurrent write access.
+type FreeList struct {
+	mu       sync.Mutex
+	freelist []*node
+}
+
+// NewFreeList creates a new free list.
+// size is the maximum size of the returned free list.
+func NewFreeList(size int) *FreeList {
+	return &FreeList{freelist: make([]*node, 0, size)}
+}
+
+func (f *FreeList) newNode() (n *node) {
+	f.mu.Lock()
+	index := len(f.freelist) - 1
+	if index < 0 {
+		f.mu.Unlock()
+		return new(node)
+	}
+	n = f.freelist[index]
+	f.freelist[index] = nil
+	f.freelist = f.freelist[:index]
+	f.mu.Unlock()
+	return
+}
+
+// freeNode adds the given node to the list, returning true if it was added
+// and false if it was discarded.
+func (f *FreeList) freeNode(n *node) (out bool) {
+	f.mu.Lock()
+	if len(f.freelist) < cap(f.freelist) {
+		f.freelist = append(f.freelist, n)
+		out = true
+	}
+	f.mu.Unlock()
+	return
+}
+
+// ItemIterator allows callers of Ascend* to iterate in-order over portions of
+// the tree.  When this function returns false, iteration will stop and the
+// associated Ascend* function will immediately return.
+type ItemIterator func(i Item) bool
+
+// New creates a new B-Tree with the given degree.
+//
+// New(2), for example, will create a 2-3-4 tree (each node contains 1-3 items
+// and 2-4 children).
+func New(degree int) *BTree {
+	return NewWithFreeList(degree, NewFreeList(DefaultFreeListSize))
+}
+
+// NewWithFreeList creates a new B-Tree that uses the given node free list.
+func NewWithFreeList(degree int, f *FreeList) *BTree {
+	if degree <= 1 {
+		panic("bad degree")
+	}
+	return &BTree{
+		degree: degree,
+		cow:    &copyOnWriteContext{freelist: f},
+	}
+}
+
+// items stores items in a node.
+type items []Item
+
+// insertAt inserts a value into the given index, pushing all subsequent values
+// forward.
+func (s *items) insertAt(index int, item Item) {
+	*s = append(*s, nil)
+	if index < len(*s) {
+		copy((*s)[index+1:], (*s)[index:])
+	}
+	(*s)[index] = item
+}
+
+// removeAt removes a value at a given index, pulling all subsequent values
+// back.
+func (s *items) removeAt(index int) Item {
+	item := (*s)[index]
+	copy((*s)[index:], (*s)[index+1:])
+	(*s)[len(*s)-1] = nil
+	*s = (*s)[:len(*s)-1]
+	return item
+}
+
+// pop removes and returns the last element in the list.
+func (s *items) pop() (out Item) {
+	index := len(*s) - 1
+	out = (*s)[index]
+	(*s)[index] = nil
+	*s = (*s)[:index]
+	return
+}
+
+// truncate truncates this instance at index so that it contains only the
+// first index items. index must be less than or equal to length.
+func (s *items) truncate(index int) {
+	var toClear items
+	*s, toClear = (*s)[:index], (*s)[index:]
+	for len(toClear) > 0 {
+		toClear = toClear[copy(toClear, nilItems):]
+	}
+}
+
+// find returns the index where the given item should be inserted into this
+// list.  'found' is true if the item already exists in the list at the given
+// index.
+func (s items) find(item Item) (index int, found bool) {
+	i := sort.Search(len(s), func(i int) bool {
+		return item.Less(s[i])
+	})
+	if i > 0 && !s[i-1].Less(item) {
+		return i - 1, true
+	}
+	return i, false
+}
+
+// children stores child nodes in a node.
+type children []*node
+
+// insertAt inserts a value into the given index, pushing all subsequent values
+// forward.
+func (s *children) insertAt(index int, n *node) {
+	*s = append(*s, nil)
+	if index < len(*s) {
+		copy((*s)[index+1:], (*s)[index:])
+	}
+	(*s)[index] = n
+}
+
+// removeAt removes a value at a given index, pulling all subsequent values
+// back.
+func (s *children) removeAt(index int) *node {
+	n := (*s)[index]
+	copy((*s)[index:], (*s)[index+1:])
+	(*s)[len(*s)-1] = nil
+	*s = (*s)[:len(*s)-1]
+	return n
+}
+
+// pop removes and returns the last element in the list.
+func (s *children) pop() (out *node) {
+	index := len(*s) - 1
+	out = (*s)[index]
+	(*s)[index] = nil
+	*s = (*s)[:index]
+	return
+}
+
+// truncate truncates this instance at index so that it contains only the
+// first index children. index must be less than or equal to length.
+func (s *children) truncate(index int) {
+	var toClear children
+	*s, toClear = (*s)[:index], (*s)[index:]
+	for len(toClear) > 0 {
+		toClear = toClear[copy(toClear, nilChildren):]
+	}
+}
+
+// node is an internal node in a tree.
+//
+// It must at all times maintain the invariant that either
+//   * len(children) == 0, len(items) unconstrained
+//   * len(children) == len(items) + 1
+type node struct {
+	items    items
+	children children
+	cow      *copyOnWriteContext
+}
+
+func (n *node) mutableFor(cow *copyOnWriteContext) *node {
+	if n.cow == cow {
+		return n
+	}
+	out := cow.newNode()
+	if cap(out.items) >= len(n.items) {
+		out.items = out.items[:len(n.items)]
+	} else {
+		out.items = make(items, len(n.items), cap(n.items))
+	}
+	copy(out.items, n.items)
+	// Copy children
+	if cap(out.children) >= len(n.children) {
+		out.children = out.children[:len(n.children)]
+	} else {
+		out.children = make(children, len(n.children), cap(n.children))
+	}
+	copy(out.children, n.children)
+	return out
+}
+
+func (n *node) mutableChild(i int) *node {
+	c := n.children[i].mutableFor(n.cow)
+	n.children[i] = c
+	return c
+}
+
+// split splits the given node at the given index.  The current node shrinks,
+// and this function returns the item that existed at that index and a new node
+// containing all items/children after it.
+func (n *node) split(i int) (Item, *node) {
+	item := n.items[i]
+	next := n.cow.newNode()
+	next.items = append(next.items, n.items[i+1:]...)
+	n.items.truncate(i)
+	if len(n.children) > 0 {
+		next.children = append(next.children, n.children[i+1:]...)
+		n.children.truncate(i + 1)
+	}
+	return item, next
+}
+
+// maybeSplitChild checks if a child should be split, and if so splits it.
+// Returns whether or not a split occurred.
+func (n *node) maybeSplitChild(i, maxItems int) bool {
+	if len(n.children[i].items) < maxItems {
+		return false
+	}
+	first := n.mutableChild(i)
+	item, second := first.split(maxItems / 2)
+	n.items.insertAt(i, item)
+	n.children.insertAt(i+1, second)
+	return true
+}
+
+// insert inserts an item into the subtree rooted at this node, making sure
+// no nodes in the subtree exceed maxItems items.  Should an equivalent item be
+// be found/replaced by insert, it will be returned.
+func (n *node) insert(item Item, maxItems int) Item {
+	i, found := n.items.find(item)
+	if found {
+		out := n.items[i]
+		n.items[i] = item
+		return out
+	}
+	if len(n.children) == 0 {
+		n.items.insertAt(i, item)
+		return nil
+	}
+	if n.maybeSplitChild(i, maxItems) {
+		inTree := n.items[i]
+		switch {
+		case item.Less(inTree):
+			// no change, we want first split node
+		case inTree.Less(item):
+			i++ // we want second split node
+		default:
+			out := n.items[i]
+			n.items[i] = item
+			return out
+		}
+	}
+	return n.mutableChild(i).insert(item, maxItems)
+}
+
+// get finds the given key in the subtree and returns it.
+func (n *node) get(key Item) Item {
+	i, found := n.items.find(key)
+	if found {
+		return n.items[i]
+	} else if len(n.children) > 0 {
+		return n.children[i].get(key)
+	}
+	return nil
+}
+
+// min returns the first item in the subtree.
+func min(n *node) Item {
+	if n == nil {
+		return nil
+	}
+	for len(n.children) > 0 {
+		n = n.children[0]
+	}
+	if len(n.items) == 0 {
+		return nil
+	}
+	return n.items[0]
+}
+
+// max returns the last item in the subtree.
+func max(n *node) Item {
+	if n == nil {
+		return nil
+	}
+	for len(n.children) > 0 {
+		n = n.children[len(n.children)-1]
+	}
+	if len(n.items) == 0 {
+		return nil
+	}
+	return n.items[len(n.items)-1]
+}
+
+// toRemove details what item to remove in a node.remove call.
+type toRemove int
+
+const (
+	removeItem toRemove = iota // removes the given item
+	removeMin                  // removes smallest item in the subtree
+	removeMax                  // removes largest item in the subtree
+)
+
+// remove removes an item from the subtree rooted at this node.
+func (n *node) remove(item Item, minItems int, typ toRemove) Item {
+	var i int
+	var found bool
+	switch typ {
+	case removeMax:
+		if len(n.children) == 0 {
+			return n.items.pop()
+		}
+		i = len(n.items)
+	case removeMin:
+		if len(n.children) == 0 {
+			return n.items.removeAt(0)
+		}
+		i = 0
+	case removeItem:
+		i, found = n.items.find(item)
+		if len(n.children) == 0 {
+			if found {
+				return n.items.removeAt(i)
+			}
+			return nil
+		}
+	default:
+		panic("invalid type")
+	}
+	// If we get to here, we have children.
+	if len(n.children[i].items) <= minItems {
+		return n.growChildAndRemove(i, item, minItems, typ)
+	}
+	child := n.mutableChild(i)
+	// Either we had enough items to begin with, or we've done some
+	// merging/stealing, because we've got enough now and we're ready to return
+	// stuff.
+	if found {
+		// The item exists at index 'i', and the child we've selected can give us a
+		// predecessor, since if we've gotten here it's got > minItems items in it.
+		out := n.items[i]
+		// We use our special-case 'remove' call with typ=maxItem to pull the
+		// predecessor of item i (the rightmost leaf of our immediate left child)
+		// and set it into where we pulled the item from.
+		n.items[i] = child.remove(nil, minItems, removeMax)
+		return out
+	}
+	// Final recursive call.  Once we're here, we know that the item isn't in this
+	// node and that the child is big enough to remove from.
+	return child.remove(item, minItems, typ)
+}
+
+// growChildAndRemove grows child 'i' to make sure it's possible to remove an
+// item from it while keeping it at minItems, then calls remove to actually
+// remove it.
+//
+// Most documentation says we have to do two sets of special casing:
+//   1) item is in this node
+//   2) item is in child
+// In both cases, we need to handle the two subcases:
+//   A) node has enough values that it can spare one
+//   B) node doesn't have enough values
+// For the latter, we have to check:
+//   a) left sibling has node to spare
+//   b) right sibling has node to spare
+//   c) we must merge
+// To simplify our code here, we handle cases #1 and #2 the same:
+// If a node doesn't have enough items, we make sure it does (using a,b,c).
+// We then simply redo our remove call, and the second time (regardless of
+// whether we're in case 1 or 2), we'll have enough items and can guarantee
+// that we hit case A.
+func (n *node) growChildAndRemove(i int, item Item, minItems int, typ toRemove) Item {
+	if i > 0 && len(n.children[i-1].items) > minItems {
+		// Steal from left child
+		child := n.mutableChild(i)
+		stealFrom := n.mutableChild(i - 1)
+		stolenItem := stealFrom.items.pop()
+		child.items.insertAt(0, n.items[i-1])
+		n.items[i-1] = stolenItem
+		if len(stealFrom.children) > 0 {
+			child.children.insertAt(0, stealFrom.children.pop())
+		}
+	} else if i < len(n.items) && len(n.children[i+1].items) > minItems {
+		// steal from right child
+		child := n.mutableChild(i)
+		stealFrom := n.mutableChild(i + 1)
+		stolenItem := stealFrom.items.removeAt(0)
+		child.items = append(child.items, n.items[i])
+		n.items[i] = stolenItem
+		if len(stealFrom.children) > 0 {
+			child.children = append(child.children, stealFrom.children.removeAt(0))
+		}
+	} else {
+		if i >= len(n.items) {
+			i--
+		}
+		child := n.mutableChild(i)
+		// merge with right child
+		mergeItem := n.items.removeAt(i)
+		mergeChild := n.children.removeAt(i + 1)
+		child.items = append(child.items, mergeItem)
+		child.items = append(child.items, mergeChild.items...)
+		child.children = append(child.children, mergeChild.children...)
+		n.cow.freeNode(mergeChild)
+	}
+	return n.remove(item, minItems, typ)
+}
+
+type direction int
+
+const (
+	descend = direction(-1)
+	ascend  = direction(+1)
+)
+
+// iterate provides a simple method for iterating over elements in the tree.
+//
+// When ascending, the 'start' should be less than 'stop' and when descending,
+// the 'start' should be greater than 'stop'. Setting 'includeStart' to true
+// will force the iterator to include the first item when it equals 'start',
+// thus creating a "greaterOrEqual" or "lessThanEqual" rather than just a
+// "greaterThan" or "lessThan" queries.
+func (n *node) iterate(dir direction, start, stop Item, includeStart bool, hit bool, iter ItemIterator) (bool, bool) {
+	var ok, found bool
+	var index int
+	switch dir {
+	case ascend:
+		if start != nil {
+			index, _ = n.items.find(start)
+		}
+		for i := index; i < len(n.items); i++ {
+			if len(n.children) > 0 {
+				if hit, ok = n.children[i].iterate(dir, start, stop, includeStart, hit, iter); !ok {
+					return hit, false
+				}
+			}
+			if !includeStart && !hit && start != nil && !start.Less(n.items[i]) {
+				hit = true
+				continue
+			}
+			hit = true
+			if stop != nil && !n.items[i].Less(stop) {
+				return hit, false
+			}
+			if !iter(n.items[i]) {
+				return hit, false
+			}
+		}
+		if len(n.children) > 0 {
+			if hit, ok = n.children[len(n.children)-1].iterate(dir, start, stop, includeStart, hit, iter); !ok {
+				return hit, false
+			}
+		}
+	case descend:
+		if start != nil {
+			index, found = n.items.find(start)
+			if !found {
+				index = index - 1
+			}
+		} else {
+			index = len(n.items) - 1
+		}
+		for i := index; i >= 0; i-- {
+			if start != nil && !n.items[i].Less(start) {
+				if !includeStart || hit || start.Less(n.items[i]) {
+					continue
+				}
+			}
+			if len(n.children) > 0 {
+				if hit, ok = n.children[i+1].iterate(dir, start, stop, includeStart, hit, iter); !ok {
+					return hit, false
+				}
+			}
+			if stop != nil && !stop.Less(n.items[i]) {
+				return hit, false //	continue
+			}
+			hit = true
+			if !iter(n.items[i]) {
+				return hit, false
+			}
+		}
+		if len(n.children) > 0 {
+			if hit, ok = n.children[0].iterate(dir, start, stop, includeStart, hit, iter); !ok {
+				return hit, false
+			}
+		}
+	}
+	return hit, true
+}
+
+// Used for testing/debugging purposes.
+func (n *node) print(w io.Writer, level int) {
+	fmt.Fprintf(w, "%sNODE:%v\n", strings.Repeat("  ", level), n.items)
+	for _, c := range n.children {
+		c.print(w, level+1)
+	}
+}
+
+// BTree is an implementation of a B-Tree.
+//
+// BTree stores Item instances in an ordered structure, allowing easy insertion,
+// removal, and iteration.
+//
+// Write operations are not safe for concurrent mutation by multiple
+// goroutines, but Read operations are.
+type BTree struct {
+	degree int
+	length int
+	root   *node
+	cow    *copyOnWriteContext
+}
+
+// copyOnWriteContext pointers determine node ownership... a tree with a write
+// context equivalent to a node's write context is allowed to modify that node.
+// A tree whose write context does not match a node's is not allowed to modify
+// it, and must create a new, writable copy (IE: it's a Clone).
+//
+// When doing any write operation, we maintain the invariant that the current
+// node's context is equal to the context of the tree that requested the write.
+// We do this by, before we descend into any node, creating a copy with the
+// correct context if the contexts don't match.
+//
+// Since the node we're currently visiting on any write has the requesting
+// tree's context, that node is modifiable in place.  Children of that node may
+// not share context, but before we descend into them, we'll make a mutable
+// copy.
+type copyOnWriteContext struct {
+	freelist *FreeList
+}
+
+// Clone clones the btree, lazily.  Clone should not be called concurrently,
+// but the original tree (t) and the new tree (t2) can be used concurrently
+// once the Clone call completes.
+//
+// The internal tree structure of b is marked read-only and shared between t and
+// t2.  Writes to both t and t2 use copy-on-write logic, creating new nodes
+// whenever one of b's original nodes would have been modified.  Read operations
+// should have no performance degredation.  Write operations for both t and t2
+// will initially experience minor slow-downs caused by additional allocs and
+// copies due to the aforementioned copy-on-write logic, but should converge to
+// the original performance characteristics of the original tree.
+func (t *BTree) Clone() (t2 *BTree) {
+	// Create two entirely new copy-on-write contexts.
+	// This operation effectively creates three trees:
+	//   the original, shared nodes (old b.cow)
+	//   the new b.cow nodes
+	//   the new out.cow nodes
+	cow1, cow2 := *t.cow, *t.cow
+	out := *t
+	t.cow = &cow1
+	out.cow = &cow2
+	return &out
+}
+
+// maxItems returns the max number of items to allow per node.
+func (t *BTree) maxItems() int {
+	return t.degree*2 - 1
+}
+
+// minItems returns the min number of items to allow per node (ignored for the
+// root node).
+func (t *BTree) minItems() int {
+	return t.degree - 1
+}
+
+func (c *copyOnWriteContext) newNode() (n *node) {
+	n = c.freelist.newNode()
+	n.cow = c
+	return
+}
+
+type freeType int
+
+const (
+	ftFreelistFull freeType = iota // node was freed (available for GC, not stored in freelist)
+	ftStored                       // node was stored in the freelist for later use
+	ftNotOwned                     // node was ignored by COW, since it's owned by another one
+)
+
+// freeNode frees a node within a given COW context, if it's owned by that
+// context.  It returns what happened to the node (see freeType const
+// documentation).
+func (c *copyOnWriteContext) freeNode(n *node) freeType {
+	if n.cow == c {
+		// clear to allow GC
+		n.items.truncate(0)
+		n.children.truncate(0)
+		n.cow = nil
+		if c.freelist.freeNode(n) {
+			return ftStored
+		} else {
+			return ftFreelistFull
+		}
+	} else {
+		return ftNotOwned
+	}
+}
+
+// ReplaceOrInsert adds the given item to the tree.  If an item in the tree
+// already equals the given one, it is removed from the tree and returned.
+// Otherwise, nil is returned.
+//
+// nil cannot be added to the tree (will panic).
+func (t *BTree) ReplaceOrInsert(item Item) Item {
+	if item == nil {
+		panic("nil item being added to BTree")
+	}
+	if t.root == nil {
+		t.root = t.cow.newNode()
+		t.root.items = append(t.root.items, item)
+		t.length++
+		return nil
+	} else {
+		t.root = t.root.mutableFor(t.cow)
+		if len(t.root.items) >= t.maxItems() {
+			item2, second := t.root.split(t.maxItems() / 2)
+			oldroot := t.root
+			t.root = t.cow.newNode()
+			t.root.items = append(t.root.items, item2)
+			t.root.children = append(t.root.children, oldroot, second)
+		}
+	}
+	out := t.root.insert(item, t.maxItems())
+	if out == nil {
+		t.length++
+	}
+	return out
+}
+
+// Delete removes an item equal to the passed in item from the tree, returning
+// it.  If no such item exists, returns nil.
+func (t *BTree) Delete(item Item) Item {
+	return t.deleteItem(item, removeItem)
+}
+
+// DeleteMin removes the smallest item in the tree and returns it.
+// If no such item exists, returns nil.
+func (t *BTree) DeleteMin() Item {
+	return t.deleteItem(nil, removeMin)
+}
+
+// DeleteMax removes the largest item in the tree and returns it.
+// If no such item exists, returns nil.
+func (t *BTree) DeleteMax() Item {
+	return t.deleteItem(nil, removeMax)
+}
+
+func (t *BTree) deleteItem(item Item, typ toRemove) Item {
+	if t.root == nil || len(t.root.items) == 0 {
+		return nil
+	}
+	t.root = t.root.mutableFor(t.cow)
+	out := t.root.remove(item, t.minItems(), typ)
+	if len(t.root.items) == 0 && len(t.root.children) > 0 {
+		oldroot := t.root
+		t.root = t.root.children[0]
+		t.cow.freeNode(oldroot)
+	}
+	if out != nil {
+		t.length--
+	}
+	return out
+}
+
+// AscendRange calls the iterator for every value in the tree within the range
+// [greaterOrEqual, lessThan), until iterator returns false.
+func (t *BTree) AscendRange(greaterOrEqual, lessThan Item, iterator ItemIterator) {
+	if t.root == nil {
+		return
+	}
+	t.root.iterate(ascend, greaterOrEqual, lessThan, true, false, iterator)
+}
+
+// AscendLessThan calls the iterator for every value in the tree within the range
+// [first, pivot), until iterator returns false.
+func (t *BTree) AscendLessThan(pivot Item, iterator ItemIterator) {
+	if t.root == nil {
+		return
+	}
+	t.root.iterate(ascend, nil, pivot, false, false, iterator)
+}
+
+// AscendGreaterOrEqual calls the iterator for every value in the tree within
+// the range [pivot, last], until iterator returns false.
+func (t *BTree) AscendGreaterOrEqual(pivot Item, iterator ItemIterator) {
+	if t.root == nil {
+		return
+	}
+	t.root.iterate(ascend, pivot, nil, true, false, iterator)
+}
+
+// Ascend calls the iterator for every value in the tree within the range
+// [first, last], until iterator returns false.
+func (t *BTree) Ascend(iterator ItemIterator) {
+	if t.root == nil {
+		return
+	}
+	t.root.iterate(ascend, nil, nil, false, false, iterator)
+}
+
+// DescendRange calls the iterator for every value in the tree within the range
+// [lessOrEqual, greaterThan), until iterator returns false.
+func (t *BTree) DescendRange(lessOrEqual, greaterThan Item, iterator ItemIterator) {
+	if t.root == nil {
+		return
+	}
+	t.root.iterate(descend, lessOrEqual, greaterThan, true, false, iterator)
+}
+
+// DescendLessOrEqual calls the iterator for every value in the tree within the range
+// [pivot, first], until iterator returns false.
+func (t *BTree) DescendLessOrEqual(pivot Item, iterator ItemIterator) {
+	if t.root == nil {
+		return
+	}
+	t.root.iterate(descend, pivot, nil, true, false, iterator)
+}
+
+// DescendGreaterThan calls the iterator for every value in the tree within
+// the range [last, pivot), until iterator returns false.
+func (t *BTree) DescendGreaterThan(pivot Item, iterator ItemIterator) {
+	if t.root == nil {
+		return
+	}
+	t.root.iterate(descend, nil, pivot, false, false, iterator)
+}
+
+// Descend calls the iterator for every value in the tree within the range
+// [last, first], until iterator returns false.
+func (t *BTree) Descend(iterator ItemIterator) {
+	if t.root == nil {
+		return
+	}
+	t.root.iterate(descend, nil, nil, false, false, iterator)
+}
+
+// Get looks for the key item in the tree, returning it.  It returns nil if
+// unable to find that item.
+func (t *BTree) Get(key Item) Item {
+	if t.root == nil {
+		return nil
+	}
+	return t.root.get(key)
+}
+
+// Min returns the smallest item in the tree, or nil if the tree is empty.
+func (t *BTree) Min() Item {
+	return min(t.root)
+}
+
+// Max returns the largest item in the tree, or nil if the tree is empty.
+func (t *BTree) Max() Item {
+	return max(t.root)
+}
+
+// Has returns true if the given key is in the tree.
+func (t *BTree) Has(key Item) bool {
+	return t.Get(key) != nil
+}
+
+// Len returns the number of items currently in the tree.
+func (t *BTree) Len() int {
+	return t.length
+}
+
+// Clear removes all items from the btree.  If addNodesToFreelist is true,
+// t's nodes are added to its freelist as part of this call, until the freelist
+// is full.  Otherwise, the root node is simply dereferenced and the subtree
+// left to Go's normal GC processes.
+//
+// This can be much faster
+// than calling Delete on all elements, because that requires finding/removing
+// each element in the tree and updating the tree accordingly.  It also is
+// somewhat faster than creating a new tree to replace the old one, because
+// nodes from the old tree are reclaimed into the freelist for use by the new
+// one, instead of being lost to the garbage collector.
+//
+// This call takes:
+//   O(1): when addNodesToFreelist is false, this is a single operation.
+//   O(1): when the freelist is already full, it breaks out immediately
+//   O(freelist size):  when the freelist is empty and the nodes are all owned
+//       by this tree, nodes are added to the freelist until full.
+//   O(tree size):  when all nodes are owned by another tree, all nodes are
+//       iterated over looking for nodes to add to the freelist, and due to
+//       ownership, none are.
+func (t *BTree) Clear(addNodesToFreelist bool) {
+	if t.root != nil && addNodesToFreelist {
+		t.root.reset(t.cow)
+	}
+	t.root, t.length = nil, 0
+}
+
+// reset returns a subtree to the freelist.  It breaks out immediately if the
+// freelist is full, since the only benefit of iterating is to fill that
+// freelist up.  Returns true if parent reset call should continue.
+func (n *node) reset(c *copyOnWriteContext) bool {
+	for _, child := range n.children {
+		if !child.reset(c) {
+			return false
+		}
+	}
+	return c.freeNode(n) != ftFreelistFull
+}
+
+// Int implements the Item interface for integers.
+type Int int
+
+// Less returns true if int(a) < int(b).
+func (a Int) Less(b Item) bool {
+	return a < b.(Int)
+}
diff --git a/vendor/github.com/google/btree/go.mod b/vendor/github.com/google/btree/go.mod
new file mode 100644
index 0000000000000..fe4d5ca17b377
--- /dev/null
+++ b/vendor/github.com/google/btree/go.mod
@@ -0,0 +1,17 @@
+// Copyright 2014 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+module github.com/google/btree
+
+go 1.12
diff --git a/vendor/github.com/google/shlex/go.mod b/vendor/github.com/google/shlex/go.mod
new file mode 100644
index 0000000000000..0ab3bce7f12a2
--- /dev/null
+++ b/vendor/github.com/google/shlex/go.mod
@@ -0,0 +1,3 @@
+module github.com/google/shlex
+
+go 1.13
diff --git a/vendor/github.com/google/shlex/shlex.go b/vendor/github.com/google/shlex/shlex.go
index 3cb37b7e481e9..d98308bce3802 100644
--- a/vendor/github.com/google/shlex/shlex.go
+++ b/vendor/github.com/google/shlex/shlex.go
@@ -253,7 +253,6 @@ func (t *Tokenizer) scanStream() (*Token, error) {
 					}
 				case spaceRuneClass:
 					{
-						t.input.UnreadRune()
 						token := &Token{
 							tokenType: tokenType,
 							value:     string(value)}
diff --git a/vendor/github.com/pborman/uuid/LICENSE b/vendor/github.com/google/uuid/LICENSE
similarity index 100%
rename from vendor/github.com/pborman/uuid/LICENSE
rename to vendor/github.com/google/uuid/LICENSE
diff --git a/vendor/github.com/google/uuid/README.md b/vendor/github.com/google/uuid/README.md
new file mode 100644
index 0000000000000..9d92c11f16f59
--- /dev/null
+++ b/vendor/github.com/google/uuid/README.md
@@ -0,0 +1,19 @@
+# uuid ![build status](https://travis-ci.org/google/uuid.svg?branch=master)
+The uuid package generates and inspects UUIDs based on
+[RFC 4122](http://tools.ietf.org/html/rfc4122)
+and DCE 1.1: Authentication and Security Services. 
+
+This package is based on the github.com/pborman/uuid package (previously named
+code.google.com/p/go-uuid).  It differs from these earlier packages in that
+a UUID is a 16 byte array rather than a byte slice.  One loss due to this
+change is the ability to represent an invalid UUID (vs a NIL UUID).
+
+###### Install
+`go get github.com/google/uuid`
+
+###### Documentation 
+[![GoDoc](https://godoc.org/github.com/google/uuid?status.svg)](http://godoc.org/github.com/google/uuid)
+
+Full `go doc` style documentation for the package can be viewed online without
+installing this package by using the GoDoc site here: 
+http://godoc.org/github.com/google/uuid
diff --git a/vendor/github.com/google/uuid/dce.go b/vendor/github.com/google/uuid/dce.go
new file mode 100644
index 0000000000000..fa820b9d3092b
--- /dev/null
+++ b/vendor/github.com/google/uuid/dce.go
@@ -0,0 +1,80 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+	"fmt"
+	"os"
+)
+
+// A Domain represents a Version 2 domain
+type Domain byte
+
+// Domain constants for DCE Security (Version 2) UUIDs.
+const (
+	Person = Domain(0)
+	Group  = Domain(1)
+	Org    = Domain(2)
+)
+
+// NewDCESecurity returns a DCE Security (Version 2) UUID.
+//
+// The domain should be one of Person, Group or Org.
+// On a POSIX system the id should be the users UID for the Person
+// domain and the users GID for the Group.  The meaning of id for
+// the domain Org or on non-POSIX systems is site defined.
+//
+// For a given domain/id pair the same token may be returned for up to
+// 7 minutes and 10 seconds.
+func NewDCESecurity(domain Domain, id uint32) (UUID, error) {
+	uuid, err := NewUUID()
+	if err == nil {
+		uuid[6] = (uuid[6] & 0x0f) | 0x20 // Version 2
+		uuid[9] = byte(domain)
+		binary.BigEndian.PutUint32(uuid[0:], id)
+	}
+	return uuid, err
+}
+
+// NewDCEPerson returns a DCE Security (Version 2) UUID in the person
+// domain with the id returned by os.Getuid.
+//
+//  NewDCESecurity(Person, uint32(os.Getuid()))
+func NewDCEPerson() (UUID, error) {
+	return NewDCESecurity(Person, uint32(os.Getuid()))
+}
+
+// NewDCEGroup returns a DCE Security (Version 2) UUID in the group
+// domain with the id returned by os.Getgid.
+//
+//  NewDCESecurity(Group, uint32(os.Getgid()))
+func NewDCEGroup() (UUID, error) {
+	return NewDCESecurity(Group, uint32(os.Getgid()))
+}
+
+// Domain returns the domain for a Version 2 UUID.  Domains are only defined
+// for Version 2 UUIDs.
+func (uuid UUID) Domain() Domain {
+	return Domain(uuid[9])
+}
+
+// ID returns the id for a Version 2 UUID. IDs are only defined for Version 2
+// UUIDs.
+func (uuid UUID) ID() uint32 {
+	return binary.BigEndian.Uint32(uuid[0:4])
+}
+
+func (d Domain) String() string {
+	switch d {
+	case Person:
+		return "Person"
+	case Group:
+		return "Group"
+	case Org:
+		return "Org"
+	}
+	return fmt.Sprintf("Domain%d", int(d))
+}
diff --git a/vendor/github.com/google/uuid/doc.go b/vendor/github.com/google/uuid/doc.go
new file mode 100644
index 0000000000000..5b8a4b9af8ce3
--- /dev/null
+++ b/vendor/github.com/google/uuid/doc.go
@@ -0,0 +1,12 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package uuid generates and inspects UUIDs.
+//
+// UUIDs are based on RFC 4122 and DCE 1.1: Authentication and Security
+// Services.
+//
+// A UUID is a 16 byte (128 bit) array.  UUIDs may be used as keys to
+// maps or compared directly.
+package uuid
diff --git a/vendor/github.com/google/uuid/go.mod b/vendor/github.com/google/uuid/go.mod
new file mode 100644
index 0000000000000..fc84cd79d4c79
--- /dev/null
+++ b/vendor/github.com/google/uuid/go.mod
@@ -0,0 +1 @@
+module github.com/google/uuid
diff --git a/vendor/github.com/google/uuid/hash.go b/vendor/github.com/google/uuid/hash.go
new file mode 100644
index 0000000000000..b174616315118
--- /dev/null
+++ b/vendor/github.com/google/uuid/hash.go
@@ -0,0 +1,53 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"crypto/md5"
+	"crypto/sha1"
+	"hash"
+)
+
+// Well known namespace IDs and UUIDs
+var (
+	NameSpaceDNS  = Must(Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceURL  = Must(Parse("6ba7b811-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceOID  = Must(Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceX500 = Must(Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8"))
+	Nil           UUID // empty UUID, all zeros
+)
+
+// NewHash returns a new UUID derived from the hash of space concatenated with
+// data generated by h.  The hash should be at least 16 byte in length.  The
+// first 16 bytes of the hash are used to form the UUID.  The version of the
+// UUID will be the lower 4 bits of version.  NewHash is used to implement
+// NewMD5 and NewSHA1.
+func NewHash(h hash.Hash, space UUID, data []byte, version int) UUID {
+	h.Reset()
+	h.Write(space[:])
+	h.Write(data)
+	s := h.Sum(nil)
+	var uuid UUID
+	copy(uuid[:], s)
+	uuid[6] = (uuid[6] & 0x0f) | uint8((version&0xf)<<4)
+	uuid[8] = (uuid[8] & 0x3f) | 0x80 // RFC 4122 variant
+	return uuid
+}
+
+// NewMD5 returns a new MD5 (Version 3) UUID based on the
+// supplied name space and data.  It is the same as calling:
+//
+//  NewHash(md5.New(), space, data, 3)
+func NewMD5(space UUID, data []byte) UUID {
+	return NewHash(md5.New(), space, data, 3)
+}
+
+// NewSHA1 returns a new SHA1 (Version 5) UUID based on the
+// supplied name space and data.  It is the same as calling:
+//
+//  NewHash(sha1.New(), space, data, 5)
+func NewSHA1(space UUID, data []byte) UUID {
+	return NewHash(sha1.New(), space, data, 5)
+}
diff --git a/vendor/github.com/google/uuid/marshal.go b/vendor/github.com/google/uuid/marshal.go
new file mode 100644
index 0000000000000..7f9e0c6c0e385
--- /dev/null
+++ b/vendor/github.com/google/uuid/marshal.go
@@ -0,0 +1,37 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import "fmt"
+
+// MarshalText implements encoding.TextMarshaler.
+func (uuid UUID) MarshalText() ([]byte, error) {
+	var js [36]byte
+	encodeHex(js[:], uuid)
+	return js[:], nil
+}
+
+// UnmarshalText implements encoding.TextUnmarshaler.
+func (uuid *UUID) UnmarshalText(data []byte) error {
+	id, err := ParseBytes(data)
+	if err == nil {
+		*uuid = id
+	}
+	return err
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler.
+func (uuid UUID) MarshalBinary() ([]byte, error) {
+	return uuid[:], nil
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler.
+func (uuid *UUID) UnmarshalBinary(data []byte) error {
+	if len(data) != 16 {
+		return fmt.Errorf("invalid UUID (got %d bytes)", len(data))
+	}
+	copy(uuid[:], data)
+	return nil
+}
diff --git a/vendor/github.com/google/uuid/node.go b/vendor/github.com/google/uuid/node.go
new file mode 100644
index 0000000000000..d651a2b0619fa
--- /dev/null
+++ b/vendor/github.com/google/uuid/node.go
@@ -0,0 +1,90 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"sync"
+)
+
+var (
+	nodeMu sync.Mutex
+	ifname string  // name of interface being used
+	nodeID [6]byte // hardware for version 1 UUIDs
+	zeroID [6]byte // nodeID with only 0's
+)
+
+// NodeInterface returns the name of the interface from which the NodeID was
+// derived.  The interface "user" is returned if the NodeID was set by
+// SetNodeID.
+func NodeInterface() string {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	return ifname
+}
+
+// SetNodeInterface selects the hardware address to be used for Version 1 UUIDs.
+// If name is "" then the first usable interface found will be used or a random
+// Node ID will be generated.  If a named interface cannot be found then false
+// is returned.
+//
+// SetNodeInterface never fails when name is "".
+func SetNodeInterface(name string) bool {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	return setNodeInterface(name)
+}
+
+func setNodeInterface(name string) bool {
+	iname, addr := getHardwareInterface(name) // null implementation for js
+	if iname != "" && addr != nil {
+		ifname = iname
+		copy(nodeID[:], addr)
+		return true
+	}
+
+	// We found no interfaces with a valid hardware address.  If name
+	// does not specify a specific interface generate a random Node ID
+	// (section 4.1.6)
+	if name == "" {
+		ifname = "random"
+		randomBits(nodeID[:])
+		return true
+	}
+	return false
+}
+
+// NodeID returns a slice of a copy of the current Node ID, setting the Node ID
+// if not already set.
+func NodeID() []byte {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	if nodeID == zeroID {
+		setNodeInterface("")
+	}
+	nid := nodeID
+	return nid[:]
+}
+
+// SetNodeID sets the Node ID to be used for Version 1 UUIDs.  The first 6 bytes
+// of id are used.  If id is less than 6 bytes then false is returned and the
+// Node ID is not set.
+func SetNodeID(id []byte) bool {
+	if len(id) < 6 {
+		return false
+	}
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	copy(nodeID[:], id)
+	ifname = "user"
+	return true
+}
+
+// NodeID returns the 6 byte node id encoded in uuid.  It returns nil if uuid is
+// not valid.  The NodeID is only well defined for version 1 and 2 UUIDs.
+func (uuid UUID) NodeID() []byte {
+	var node [6]byte
+	copy(node[:], uuid[10:])
+	return node[:]
+}
diff --git a/vendor/github.com/google/uuid/node_js.go b/vendor/github.com/google/uuid/node_js.go
new file mode 100644
index 0000000000000..24b78edc90710
--- /dev/null
+++ b/vendor/github.com/google/uuid/node_js.go
@@ -0,0 +1,12 @@
+// Copyright 2017 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build js
+
+package uuid
+
+// getHardwareInterface returns nil values for the JS version of the code.
+// This remvoves the "net" dependency, because it is not used in the browser.
+// Using the "net" library inflates the size of the transpiled JS code by 673k bytes.
+func getHardwareInterface(name string) (string, []byte) { return "", nil }
diff --git a/vendor/github.com/google/uuid/node_net.go b/vendor/github.com/google/uuid/node_net.go
new file mode 100644
index 0000000000000..0cbbcddbd6e81
--- /dev/null
+++ b/vendor/github.com/google/uuid/node_net.go
@@ -0,0 +1,33 @@
+// Copyright 2017 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !js
+
+package uuid
+
+import "net"
+
+var interfaces []net.Interface // cached list of interfaces
+
+// getHardwareInterface returns the name and hardware address of interface name.
+// If name is "" then the name and hardware address of one of the system's
+// interfaces is returned.  If no interfaces are found (name does not exist or
+// there are no interfaces) then "", nil is returned.
+//
+// Only addresses of at least 6 bytes are returned.
+func getHardwareInterface(name string) (string, []byte) {
+	if interfaces == nil {
+		var err error
+		interfaces, err = net.Interfaces()
+		if err != nil {
+			return "", nil
+		}
+	}
+	for _, ifs := range interfaces {
+		if len(ifs.HardwareAddr) >= 6 && (name == "" || name == ifs.Name) {
+			return ifs.Name, ifs.HardwareAddr
+		}
+	}
+	return "", nil
+}
diff --git a/vendor/github.com/google/uuid/sql.go b/vendor/github.com/google/uuid/sql.go
new file mode 100644
index 0000000000000..f326b54db37a6
--- /dev/null
+++ b/vendor/github.com/google/uuid/sql.go
@@ -0,0 +1,59 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"database/sql/driver"
+	"fmt"
+)
+
+// Scan implements sql.Scanner so UUIDs can be read from databases transparently
+// Currently, database types that map to string and []byte are supported. Please
+// consult database-specific driver documentation for matching types.
+func (uuid *UUID) Scan(src interface{}) error {
+	switch src := src.(type) {
+	case nil:
+		return nil
+
+	case string:
+		// if an empty UUID comes from a table, we return a null UUID
+		if src == "" {
+			return nil
+		}
+
+		// see Parse for required string format
+		u, err := Parse(src)
+		if err != nil {
+			return fmt.Errorf("Scan: %v", err)
+		}
+
+		*uuid = u
+
+	case []byte:
+		// if an empty UUID comes from a table, we return a null UUID
+		if len(src) == 0 {
+			return nil
+		}
+
+		// assumes a simple slice of bytes if 16 bytes
+		// otherwise attempts to parse
+		if len(src) != 16 {
+			return uuid.Scan(string(src))
+		}
+		copy((*uuid)[:], src)
+
+	default:
+		return fmt.Errorf("Scan: unable to scan type %T into UUID", src)
+	}
+
+	return nil
+}
+
+// Value implements sql.Valuer so that UUIDs can be written to databases
+// transparently. Currently, UUIDs map to strings. Please consult
+// database-specific driver documentation for matching types.
+func (uuid UUID) Value() (driver.Value, error) {
+	return uuid.String(), nil
+}
diff --git a/vendor/github.com/google/uuid/time.go b/vendor/github.com/google/uuid/time.go
new file mode 100644
index 0000000000000..e6ef06cdc87aa
--- /dev/null
+++ b/vendor/github.com/google/uuid/time.go
@@ -0,0 +1,123 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+	"sync"
+	"time"
+)
+
+// A Time represents a time as the number of 100's of nanoseconds since 15 Oct
+// 1582.
+type Time int64
+
+const (
+	lillian    = 2299160          // Julian day of 15 Oct 1582
+	unix       = 2440587          // Julian day of 1 Jan 1970
+	epoch      = unix - lillian   // Days between epochs
+	g1582      = epoch * 86400    // seconds between epochs
+	g1582ns100 = g1582 * 10000000 // 100s of a nanoseconds between epochs
+)
+
+var (
+	timeMu   sync.Mutex
+	lasttime uint64 // last time we returned
+	clockSeq uint16 // clock sequence for this run
+
+	timeNow = time.Now // for testing
+)
+
+// UnixTime converts t the number of seconds and nanoseconds using the Unix
+// epoch of 1 Jan 1970.
+func (t Time) UnixTime() (sec, nsec int64) {
+	sec = int64(t - g1582ns100)
+	nsec = (sec % 10000000) * 100
+	sec /= 10000000
+	return sec, nsec
+}
+
+// GetTime returns the current Time (100s of nanoseconds since 15 Oct 1582) and
+// clock sequence as well as adjusting the clock sequence as needed.  An error
+// is returned if the current time cannot be determined.
+func GetTime() (Time, uint16, error) {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	return getTime()
+}
+
+func getTime() (Time, uint16, error) {
+	t := timeNow()
+
+	// If we don't have a clock sequence already, set one.
+	if clockSeq == 0 {
+		setClockSequence(-1)
+	}
+	now := uint64(t.UnixNano()/100) + g1582ns100
+
+	// If time has gone backwards with this clock sequence then we
+	// increment the clock sequence
+	if now <= lasttime {
+		clockSeq = ((clockSeq + 1) & 0x3fff) | 0x8000
+	}
+	lasttime = now
+	return Time(now), clockSeq, nil
+}
+
+// ClockSequence returns the current clock sequence, generating one if not
+// already set.  The clock sequence is only used for Version 1 UUIDs.
+//
+// The uuid package does not use global static storage for the clock sequence or
+// the last time a UUID was generated.  Unless SetClockSequence is used, a new
+// random clock sequence is generated the first time a clock sequence is
+// requested by ClockSequence, GetTime, or NewUUID.  (section 4.2.1.1)
+func ClockSequence() int {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	return clockSequence()
+}
+
+func clockSequence() int {
+	if clockSeq == 0 {
+		setClockSequence(-1)
+	}
+	return int(clockSeq & 0x3fff)
+}
+
+// SetClockSequence sets the clock sequence to the lower 14 bits of seq.  Setting to
+// -1 causes a new sequence to be generated.
+func SetClockSequence(seq int) {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	setClockSequence(seq)
+}
+
+func setClockSequence(seq int) {
+	if seq == -1 {
+		var b [2]byte
+		randomBits(b[:]) // clock sequence
+		seq = int(b[0])<<8 | int(b[1])
+	}
+	oldSeq := clockSeq
+	clockSeq = uint16(seq&0x3fff) | 0x8000 // Set our variant
+	if oldSeq != clockSeq {
+		lasttime = 0
+	}
+}
+
+// Time returns the time in 100s of nanoseconds since 15 Oct 1582 encoded in
+// uuid.  The time is only defined for version 1 and 2 UUIDs.
+func (uuid UUID) Time() Time {
+	time := int64(binary.BigEndian.Uint32(uuid[0:4]))
+	time |= int64(binary.BigEndian.Uint16(uuid[4:6])) << 32
+	time |= int64(binary.BigEndian.Uint16(uuid[6:8])&0xfff) << 48
+	return Time(time)
+}
+
+// ClockSequence returns the clock sequence encoded in uuid.
+// The clock sequence is only well defined for version 1 and 2 UUIDs.
+func (uuid UUID) ClockSequence() int {
+	return int(binary.BigEndian.Uint16(uuid[8:10])) & 0x3fff
+}
diff --git a/vendor/github.com/google/uuid/util.go b/vendor/github.com/google/uuid/util.go
new file mode 100644
index 0000000000000..5ea6c737806e6
--- /dev/null
+++ b/vendor/github.com/google/uuid/util.go
@@ -0,0 +1,43 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"io"
+)
+
+// randomBits completely fills slice b with random data.
+func randomBits(b []byte) {
+	if _, err := io.ReadFull(rander, b); err != nil {
+		panic(err.Error()) // rand should never fail
+	}
+}
+
+// xvalues returns the value of a byte as a hexadecimal digit or 255.
+var xvalues = [256]byte{
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255,
+	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+}
+
+// xtob converts hex characters x1 and x2 into a byte.
+func xtob(x1, x2 byte) (byte, bool) {
+	b1 := xvalues[x1]
+	b2 := xvalues[x2]
+	return (b1 << 4) | b2, b1 != 255 && b2 != 255
+}
diff --git a/vendor/github.com/google/uuid/uuid.go b/vendor/github.com/google/uuid/uuid.go
new file mode 100644
index 0000000000000..524404cc5227b
--- /dev/null
+++ b/vendor/github.com/google/uuid/uuid.go
@@ -0,0 +1,245 @@
+// Copyright 2018 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+)
+
+// A UUID is a 128 bit (16 byte) Universal Unique IDentifier as defined in RFC
+// 4122.
+type UUID [16]byte
+
+// A Version represents a UUID's version.
+type Version byte
+
+// A Variant represents a UUID's variant.
+type Variant byte
+
+// Constants returned by Variant.
+const (
+	Invalid   = Variant(iota) // Invalid UUID
+	RFC4122                   // The variant specified in RFC4122
+	Reserved                  // Reserved, NCS backward compatibility.
+	Microsoft                 // Reserved, Microsoft Corporation backward compatibility.
+	Future                    // Reserved for future definition.
+)
+
+var rander = rand.Reader // random function
+
+// Parse decodes s into a UUID or returns an error.  Both the standard UUID
+// forms of xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and
+// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded as well as the
+// Microsoft encoding {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} and the raw hex
+// encoding: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
+func Parse(s string) (UUID, error) {
+	var uuid UUID
+	switch len(s) {
+	// xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	case 36:
+
+	// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	case 36 + 9:
+		if strings.ToLower(s[:9]) != "urn:uuid:" {
+			return uuid, fmt.Errorf("invalid urn prefix: %q", s[:9])
+		}
+		s = s[9:]
+
+	// {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
+	case 36 + 2:
+		s = s[1:]
+
+	// xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+	case 32:
+		var ok bool
+		for i := range uuid {
+			uuid[i], ok = xtob(s[i*2], s[i*2+1])
+			if !ok {
+				return uuid, errors.New("invalid UUID format")
+			}
+		}
+		return uuid, nil
+	default:
+		return uuid, fmt.Errorf("invalid UUID length: %d", len(s))
+	}
+	// s is now at least 36 bytes long
+	// it must be of the form  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
+		return uuid, errors.New("invalid UUID format")
+	}
+	for i, x := range [16]int{
+		0, 2, 4, 6,
+		9, 11,
+		14, 16,
+		19, 21,
+		24, 26, 28, 30, 32, 34} {
+		v, ok := xtob(s[x], s[x+1])
+		if !ok {
+			return uuid, errors.New("invalid UUID format")
+		}
+		uuid[i] = v
+	}
+	return uuid, nil
+}
+
+// ParseBytes is like Parse, except it parses a byte slice instead of a string.
+func ParseBytes(b []byte) (UUID, error) {
+	var uuid UUID
+	switch len(b) {
+	case 36: // xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	case 36 + 9: // urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+		if !bytes.Equal(bytes.ToLower(b[:9]), []byte("urn:uuid:")) {
+			return uuid, fmt.Errorf("invalid urn prefix: %q", b[:9])
+		}
+		b = b[9:]
+	case 36 + 2: // {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
+		b = b[1:]
+	case 32: // xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+		var ok bool
+		for i := 0; i < 32; i += 2 {
+			uuid[i/2], ok = xtob(b[i], b[i+1])
+			if !ok {
+				return uuid, errors.New("invalid UUID format")
+			}
+		}
+		return uuid, nil
+	default:
+		return uuid, fmt.Errorf("invalid UUID length: %d", len(b))
+	}
+	// s is now at least 36 bytes long
+	// it must be of the form  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	if b[8] != '-' || b[13] != '-' || b[18] != '-' || b[23] != '-' {
+		return uuid, errors.New("invalid UUID format")
+	}
+	for i, x := range [16]int{
+		0, 2, 4, 6,
+		9, 11,
+		14, 16,
+		19, 21,
+		24, 26, 28, 30, 32, 34} {
+		v, ok := xtob(b[x], b[x+1])
+		if !ok {
+			return uuid, errors.New("invalid UUID format")
+		}
+		uuid[i] = v
+	}
+	return uuid, nil
+}
+
+// MustParse is like Parse but panics if the string cannot be parsed.
+// It simplifies safe initialization of global variables holding compiled UUIDs.
+func MustParse(s string) UUID {
+	uuid, err := Parse(s)
+	if err != nil {
+		panic(`uuid: Parse(` + s + `): ` + err.Error())
+	}
+	return uuid
+}
+
+// FromBytes creates a new UUID from a byte slice. Returns an error if the slice
+// does not have a length of 16. The bytes are copied from the slice.
+func FromBytes(b []byte) (uuid UUID, err error) {
+	err = uuid.UnmarshalBinary(b)
+	return uuid, err
+}
+
+// Must returns uuid if err is nil and panics otherwise.
+func Must(uuid UUID, err error) UUID {
+	if err != nil {
+		panic(err)
+	}
+	return uuid
+}
+
+// String returns the string form of uuid, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+// , or "" if uuid is invalid.
+func (uuid UUID) String() string {
+	var buf [36]byte
+	encodeHex(buf[:], uuid)
+	return string(buf[:])
+}
+
+// URN returns the RFC 2141 URN form of uuid,
+// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,  or "" if uuid is invalid.
+func (uuid UUID) URN() string {
+	var buf [36 + 9]byte
+	copy(buf[:], "urn:uuid:")
+	encodeHex(buf[9:], uuid)
+	return string(buf[:])
+}
+
+func encodeHex(dst []byte, uuid UUID) {
+	hex.Encode(dst, uuid[:4])
+	dst[8] = '-'
+	hex.Encode(dst[9:13], uuid[4:6])
+	dst[13] = '-'
+	hex.Encode(dst[14:18], uuid[6:8])
+	dst[18] = '-'
+	hex.Encode(dst[19:23], uuid[8:10])
+	dst[23] = '-'
+	hex.Encode(dst[24:], uuid[10:])
+}
+
+// Variant returns the variant encoded in uuid.
+func (uuid UUID) Variant() Variant {
+	switch {
+	case (uuid[8] & 0xc0) == 0x80:
+		return RFC4122
+	case (uuid[8] & 0xe0) == 0xc0:
+		return Microsoft
+	case (uuid[8] & 0xe0) == 0xe0:
+		return Future
+	default:
+		return Reserved
+	}
+}
+
+// Version returns the version of uuid.
+func (uuid UUID) Version() Version {
+	return Version(uuid[6] >> 4)
+}
+
+func (v Version) String() string {
+	if v > 15 {
+		return fmt.Sprintf("BAD_VERSION_%d", v)
+	}
+	return fmt.Sprintf("VERSION_%d", v)
+}
+
+func (v Variant) String() string {
+	switch v {
+	case RFC4122:
+		return "RFC4122"
+	case Reserved:
+		return "Reserved"
+	case Microsoft:
+		return "Microsoft"
+	case Future:
+		return "Future"
+	case Invalid:
+		return "Invalid"
+	}
+	return fmt.Sprintf("BadVariant%d", int(v))
+}
+
+// SetRand sets the random number generator to r, which implements io.Reader.
+// If r.Read returns an error when the package requests random data then
+// a panic will be issued.
+//
+// Calling SetRand with nil sets the random number generator to the default
+// generator.
+func SetRand(r io.Reader) {
+	if r == nil {
+		rander = rand.Reader
+		return
+	}
+	rander = r
+}
diff --git a/vendor/github.com/google/uuid/version1.go b/vendor/github.com/google/uuid/version1.go
new file mode 100644
index 0000000000000..199a1ac65403e
--- /dev/null
+++ b/vendor/github.com/google/uuid/version1.go
@@ -0,0 +1,44 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+)
+
+// NewUUID returns a Version 1 UUID based on the current NodeID and clock
+// sequence, and the current time.  If the NodeID has not been set by SetNodeID
+// or SetNodeInterface then it will be set automatically.  If the NodeID cannot
+// be set NewUUID returns nil.  If clock sequence has not been set by
+// SetClockSequence then it will be set automatically.  If GetTime fails to
+// return the current NewUUID returns nil and an error.
+//
+// In most cases, New should be used.
+func NewUUID() (UUID, error) {
+	nodeMu.Lock()
+	if nodeID == zeroID {
+		setNodeInterface("")
+	}
+	nodeMu.Unlock()
+
+	var uuid UUID
+	now, seq, err := GetTime()
+	if err != nil {
+		return uuid, err
+	}
+
+	timeLow := uint32(now & 0xffffffff)
+	timeMid := uint16((now >> 32) & 0xffff)
+	timeHi := uint16((now >> 48) & 0x0fff)
+	timeHi |= 0x1000 // Version 1
+
+	binary.BigEndian.PutUint32(uuid[0:], timeLow)
+	binary.BigEndian.PutUint16(uuid[4:], timeMid)
+	binary.BigEndian.PutUint16(uuid[6:], timeHi)
+	binary.BigEndian.PutUint16(uuid[8:], seq)
+	copy(uuid[10:], nodeID[:])
+
+	return uuid, nil
+}
diff --git a/vendor/github.com/google/uuid/version4.go b/vendor/github.com/google/uuid/version4.go
new file mode 100644
index 0000000000000..84af91c9f54f0
--- /dev/null
+++ b/vendor/github.com/google/uuid/version4.go
@@ -0,0 +1,38 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import "io"
+
+// New creates a new random UUID or panics.  New is equivalent to
+// the expression
+//
+//    uuid.Must(uuid.NewRandom())
+func New() UUID {
+	return Must(NewRandom())
+}
+
+// NewRandom returns a Random (Version 4) UUID.
+//
+// The strength of the UUIDs is based on the strength of the crypto/rand
+// package.
+//
+// A note about uniqueness derived from the UUID Wikipedia entry:
+//
+//  Randomly generated UUIDs have 122 random bits.  One's annual risk of being
+//  hit by a meteorite is estimated to be one chance in 17 billion, that
+//  means the probability is about 0.00000000006 (6 × 10−11),
+//  equivalent to the odds of creating a few tens of trillions of UUIDs in a
+//  year and having one duplicate.
+func NewRandom() (UUID, error) {
+	var uuid UUID
+	_, err := io.ReadFull(rander, uuid[:])
+	if err != nil {
+		return Nil, err
+	}
+	uuid[6] = (uuid[6] & 0x0f) | 0x40 // Version 4
+	uuid[8] = (uuid[8] & 0x3f) | 0x80 // Variant is 10
+	return uuid, nil
+}
diff --git a/vendor/github.com/googleapis/gax-go/README.md b/vendor/github.com/googleapis/gax-go/README.md
index 3cedd5be96c5d..c3bb2e18779e2 100644
--- a/vendor/github.com/googleapis/gax-go/README.md
+++ b/vendor/github.com/googleapis/gax-go/README.md
@@ -1,19 +1,22 @@
 Google API Extensions for Go
 ============================
 
-[![Build Status](https://travis-ci.org/googleapis/gax-go.svg?branch=master)](https://travis-ci.org/googleapis/gax-go)
-[![Code Coverage](https://img.shields.io/codecov/c/github/googleapis/gax-go.svg)](https://codecov.io/github/googleapis/gax-go)
+[![GoDoc](https://godoc.org/github.com/googleapis/gax-go?status.svg)](https://godoc.org/github.com/googleapis/gax-go)
 
 Google API Extensions for Go (gax-go) is a set of modules which aids the
 development of APIs for clients and servers based on `gRPC` and Google API
 conventions.
 
-Application code will rarely need to use this library directly,
+To install the API extensions, use:
+
+```
+go get -u github.com/googleapis/gax-go
+```
+
+**Note:** Application code will rarely need to use this library directly,
 but the code generated automatically from API definition files can use it
 to simplify code generation and to provide more convenient and idiomatic API surface.
 
-**This project is currently experimental and not supported.**
-
 Go Versions
 ===========
 This library requires Go 1.6 or above.
diff --git a/vendor/github.com/googleapis/gax-go/go.mod b/vendor/github.com/googleapis/gax-go/go.mod
new file mode 100644
index 0000000000000..acfd6c9c61d2c
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/go.mod
@@ -0,0 +1,11 @@
+module github.com/googleapis/gax-go
+
+require (
+	github.com/golang/protobuf v1.3.1
+	github.com/googleapis/gax-go/v2 v2.0.2
+	golang.org/x/exp v0.0.0-20190221220918-438050ddec5e
+	golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3
+	golang.org/x/tools v0.0.0-20190114222345-bf090417da8b
+	google.golang.org/grpc v1.19.0
+	honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099
+)
diff --git a/vendor/github.com/googleapis/gax-go/header.go b/vendor/github.com/googleapis/gax-go/header.go
deleted file mode 100644
index d81455eccd977..0000000000000
--- a/vendor/github.com/googleapis/gax-go/header.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package gax
-
-import "bytes"
-
-// XGoogHeader is for use by the Google Cloud Libraries only.
-//
-// XGoogHeader formats key-value pairs.
-// The resulting string is suitable for x-goog-api-client header.
-func XGoogHeader(keyval ...string) string {
-	if len(keyval) == 0 {
-		return ""
-	}
-	if len(keyval)%2 != 0 {
-		panic("gax.Header: odd argument count")
-	}
-	var buf bytes.Buffer
-	for i := 0; i < len(keyval); i += 2 {
-		buf.WriteByte(' ')
-		buf.WriteString(keyval[i])
-		buf.WriteByte('/')
-		buf.WriteString(keyval[i+1])
-	}
-	return buf.String()[1:]
-}
diff --git a/vendor/github.com/googleapis/gax-go/call_option.go b/vendor/github.com/googleapis/gax-go/v2/call_option.go
similarity index 90%
rename from vendor/github.com/googleapis/gax-go/call_option.go
rename to vendor/github.com/googleapis/gax-go/v2/call_option.go
index 7b621643e9456..b1d53dd19cb25 100644
--- a/vendor/github.com/googleapis/gax-go/call_option.go
+++ b/vendor/github.com/googleapis/gax-go/v2/call_option.go
@@ -113,6 +113,7 @@ type Backoff struct {
 	cur time.Duration
 }
 
+// Pause returns the next time.Duration that the caller should use to backoff.
 func (bo *Backoff) Pause() time.Duration {
 	if bo.Initial == 0 {
 		bo.Initial = time.Second
@@ -126,10 +127,11 @@ func (bo *Backoff) Pause() time.Duration {
 	if bo.Multiplier < 1 {
 		bo.Multiplier = 2
 	}
-	// Select a duration between zero and the current max. It might seem counterintuitive to
-	// have so much jitter, but https://www.awsarchitectureblog.com/2015/03/backoff.html
-	// argues that that is the best strategy.
-	d := time.Duration(rand.Int63n(int64(bo.cur)))
+	// Select a duration between 1ns and the current max. It might seem
+	// counterintuitive to have so much jitter, but
+	// https://www.awsarchitectureblog.com/2015/03/backoff.html argues that
+	// that is the best strategy.
+	d := time.Duration(1 + rand.Int63n(int64(bo.cur)))
 	bo.cur = time.Duration(float64(bo.cur) * bo.Multiplier)
 	if bo.cur > bo.Max {
 		bo.cur = bo.Max
@@ -143,10 +145,12 @@ func (o grpcOpt) Resolve(s *CallSettings) {
 	s.GRPC = o
 }
 
+// WithGRPCOptions allows passing gRPC call options during client creation.
 func WithGRPCOptions(opt ...grpc.CallOption) CallOption {
 	return grpcOpt(append([]grpc.CallOption(nil), opt...))
 }
 
+// CallSettings allow fine-grained control over how calls are made.
 type CallSettings struct {
 	// Retry returns a Retryer to be used to control retry logic of a method call.
 	// If Retry is nil or the returned Retryer is nil, the call will not be retried.
diff --git a/vendor/github.com/googleapis/gax-go/gax.go b/vendor/github.com/googleapis/gax-go/v2/gax.go
similarity index 95%
rename from vendor/github.com/googleapis/gax-go/gax.go
rename to vendor/github.com/googleapis/gax-go/v2/gax.go
index 5ebedff0d02de..3fd1b0b84b0af 100644
--- a/vendor/github.com/googleapis/gax-go/gax.go
+++ b/vendor/github.com/googleapis/gax-go/v2/gax.go
@@ -33,8 +33,7 @@
 // Application code will rarely need to use this library directly.
 // However, code generated automatically from API definition files can use it
 // to simplify code generation and to provide more convenient and idiomatic API surfaces.
-//
-// This project is currently experimental and not supported.
 package gax
 
-const Version = "0.1.0"
+// Version specifies the gax-go version being used.
+const Version = "2.0.4"
diff --git a/vendor/github.com/googleapis/gax-go/v2/go.mod b/vendor/github.com/googleapis/gax-go/v2/go.mod
new file mode 100644
index 0000000000000..9cdfaf4475267
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/go.mod
@@ -0,0 +1,3 @@
+module github.com/googleapis/gax-go/v2
+
+require google.golang.org/grpc v1.19.0
diff --git a/vendor/github.com/googleapis/gax-go/v2/header.go b/vendor/github.com/googleapis/gax-go/v2/header.go
new file mode 100644
index 0000000000000..139371a0bf111
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/header.go
@@ -0,0 +1,53 @@
+// Copyright 2018, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import "bytes"
+
+// XGoogHeader is for use by the Google Cloud Libraries only.
+//
+// XGoogHeader formats key-value pairs.
+// The resulting string is suitable for x-goog-api-client header.
+func XGoogHeader(keyval ...string) string {
+	if len(keyval) == 0 {
+		return ""
+	}
+	if len(keyval)%2 != 0 {
+		panic("gax.Header: odd argument count")
+	}
+	var buf bytes.Buffer
+	for i := 0; i < len(keyval); i += 2 {
+		buf.WriteByte(' ')
+		buf.WriteString(keyval[i])
+		buf.WriteByte('/')
+		buf.WriteString(keyval[i+1])
+	}
+	return buf.String()[1:]
+}
diff --git a/vendor/github.com/googleapis/gax-go/invoke.go b/vendor/github.com/googleapis/gax-go/v2/invoke.go
similarity index 83%
rename from vendor/github.com/googleapis/gax-go/invoke.go
rename to vendor/github.com/googleapis/gax-go/v2/invoke.go
index 86049d826f803..fe31dd004e961 100644
--- a/vendor/github.com/googleapis/gax-go/invoke.go
+++ b/vendor/github.com/googleapis/gax-go/v2/invoke.go
@@ -30,12 +30,12 @@
 package gax
 
 import (
+	"context"
+	"strings"
 	"time"
-
-	"golang.org/x/net/context"
 )
 
-// A user defined call stub.
+// APICall is a user defined call stub.
 type APICall func(context.Context, CallSettings) error
 
 // Invoke calls the given APICall,
@@ -74,6 +74,15 @@ func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper
 		if settings.Retry == nil {
 			return err
 		}
+		// Never retry permanent certificate errors. (e.x. if ca-certificates
+		// are not installed). We should only make very few, targeted
+		// exceptions: many (other) status=Unavailable should be retried, such
+		// as if there's a network hiccup, or the internet goes out for a
+		// minute. This is also why here we are doing string parsing instead of
+		// simply making Unavailable a non-retried code elsewhere.
+		if strings.Contains(err.Error(), "x509: certificate signed by unknown authority") {
+			return err
+		}
 		if retryer == nil {
 			if r := settings.Retry(); r != nil {
 				retryer = r
diff --git a/vendor/github.com/gorilla/context/LICENSE b/vendor/github.com/gorilla/context/LICENSE
deleted file mode 100644
index 0e5fb872800da..0000000000000
--- a/vendor/github.com/gorilla/context/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2012 Rodrigo Moraes. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-	 * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-	 * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-	 * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/gorilla/context/README.md b/vendor/github.com/gorilla/context/README.md
deleted file mode 100644
index c60a31b053bc4..0000000000000
--- a/vendor/github.com/gorilla/context/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-context
-=======
-[![Build Status](https://travis-ci.org/gorilla/context.png?branch=master)](https://travis-ci.org/gorilla/context)
-
-gorilla/context is a general purpose registry for global request variables.
-
-Read the full documentation here: http://www.gorillatoolkit.org/pkg/context
diff --git a/vendor/github.com/gorilla/context/context.go b/vendor/github.com/gorilla/context/context.go
deleted file mode 100644
index 81cb128b19cad..0000000000000
--- a/vendor/github.com/gorilla/context/context.go
+++ /dev/null
@@ -1,143 +0,0 @@
-// Copyright 2012 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package context
-
-import (
-	"net/http"
-	"sync"
-	"time"
-)
-
-var (
-	mutex sync.RWMutex
-	data  = make(map[*http.Request]map[interface{}]interface{})
-	datat = make(map[*http.Request]int64)
-)
-
-// Set stores a value for a given key in a given request.
-func Set(r *http.Request, key, val interface{}) {
-	mutex.Lock()
-	if data[r] == nil {
-		data[r] = make(map[interface{}]interface{})
-		datat[r] = time.Now().Unix()
-	}
-	data[r][key] = val
-	mutex.Unlock()
-}
-
-// Get returns a value stored for a given key in a given request.
-func Get(r *http.Request, key interface{}) interface{} {
-	mutex.RLock()
-	if ctx := data[r]; ctx != nil {
-		value := ctx[key]
-		mutex.RUnlock()
-		return value
-	}
-	mutex.RUnlock()
-	return nil
-}
-
-// GetOk returns stored value and presence state like multi-value return of map access.
-func GetOk(r *http.Request, key interface{}) (interface{}, bool) {
-	mutex.RLock()
-	if _, ok := data[r]; ok {
-		value, ok := data[r][key]
-		mutex.RUnlock()
-		return value, ok
-	}
-	mutex.RUnlock()
-	return nil, false
-}
-
-// GetAll returns all stored values for the request as a map. Nil is returned for invalid requests.
-func GetAll(r *http.Request) map[interface{}]interface{} {
-	mutex.RLock()
-	if context, ok := data[r]; ok {
-		result := make(map[interface{}]interface{}, len(context))
-		for k, v := range context {
-			result[k] = v
-		}
-		mutex.RUnlock()
-		return result
-	}
-	mutex.RUnlock()
-	return nil
-}
-
-// GetAllOk returns all stored values for the request as a map and a boolean value that indicates if
-// the request was registered.
-func GetAllOk(r *http.Request) (map[interface{}]interface{}, bool) {
-	mutex.RLock()
-	context, ok := data[r]
-	result := make(map[interface{}]interface{}, len(context))
-	for k, v := range context {
-		result[k] = v
-	}
-	mutex.RUnlock()
-	return result, ok
-}
-
-// Delete removes a value stored for a given key in a given request.
-func Delete(r *http.Request, key interface{}) {
-	mutex.Lock()
-	if data[r] != nil {
-		delete(data[r], key)
-	}
-	mutex.Unlock()
-}
-
-// Clear removes all values stored for a given request.
-//
-// This is usually called by a handler wrapper to clean up request
-// variables at the end of a request lifetime. See ClearHandler().
-func Clear(r *http.Request) {
-	mutex.Lock()
-	clear(r)
-	mutex.Unlock()
-}
-
-// clear is Clear without the lock.
-func clear(r *http.Request) {
-	delete(data, r)
-	delete(datat, r)
-}
-
-// Purge removes request data stored for longer than maxAge, in seconds.
-// It returns the amount of requests removed.
-//
-// If maxAge <= 0, all request data is removed.
-//
-// This is only used for sanity check: in case context cleaning was not
-// properly set some request data can be kept forever, consuming an increasing
-// amount of memory. In case this is detected, Purge() must be called
-// periodically until the problem is fixed.
-func Purge(maxAge int) int {
-	mutex.Lock()
-	count := 0
-	if maxAge <= 0 {
-		count = len(data)
-		data = make(map[*http.Request]map[interface{}]interface{})
-		datat = make(map[*http.Request]int64)
-	} else {
-		min := time.Now().Unix() - int64(maxAge)
-		for r := range data {
-			if datat[r] < min {
-				clear(r)
-				count++
-			}
-		}
-	}
-	mutex.Unlock()
-	return count
-}
-
-// ClearHandler wraps an http.Handler and clears request values at the end
-// of a request lifetime.
-func ClearHandler(h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		defer Clear(r)
-		h.ServeHTTP(w, r)
-	})
-}
diff --git a/vendor/github.com/gorilla/context/doc.go b/vendor/github.com/gorilla/context/doc.go
deleted file mode 100644
index 73c7400311e12..0000000000000
--- a/vendor/github.com/gorilla/context/doc.go
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright 2012 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-/*
-Package context stores values shared during a request lifetime.
-
-For example, a router can set variables extracted from the URL and later
-application handlers can access those values, or it can be used to store
-sessions values to be saved at the end of a request. There are several
-others common uses.
-
-The idea was posted by Brad Fitzpatrick to the go-nuts mailing list:
-
-	http://groups.google.com/group/golang-nuts/msg/e2d679d303aa5d53
-
-Here's the basic usage: first define the keys that you will need. The key
-type is interface{} so a key can be of any type that supports equality.
-Here we define a key using a custom int type to avoid name collisions:
-
-	package foo
-
-	import (
-		"github.com/gorilla/context"
-	)
-
-	type key int
-
-	const MyKey key = 0
-
-Then set a variable. Variables are bound to an http.Request object, so you
-need a request instance to set a value:
-
-	context.Set(r, MyKey, "bar")
-
-The application can later access the variable using the same key you provided:
-
-	func MyHandler(w http.ResponseWriter, r *http.Request) {
-		// val is "bar".
-		val := context.Get(r, foo.MyKey)
-
-		// returns ("bar", true)
-		val, ok := context.GetOk(r, foo.MyKey)
-		// ...
-	}
-
-And that's all about the basic usage. We discuss some other ideas below.
-
-Any type can be stored in the context. To enforce a given type, make the key
-private and wrap Get() and Set() to accept and return values of a specific
-type:
-
-	type key int
-
-	const mykey key = 0
-
-	// GetMyKey returns a value for this package from the request values.
-	func GetMyKey(r *http.Request) SomeType {
-		if rv := context.Get(r, mykey); rv != nil {
-			return rv.(SomeType)
-		}
-		return nil
-	}
-
-	// SetMyKey sets a value for this package in the request values.
-	func SetMyKey(r *http.Request, val SomeType) {
-		context.Set(r, mykey, val)
-	}
-
-Variables must be cleared at the end of a request, to remove all values
-that were stored. This can be done in an http.Handler, after a request was
-served. Just call Clear() passing the request:
-
-	context.Clear(r)
-
-...or use ClearHandler(), which conveniently wraps an http.Handler to clear
-variables at the end of a request lifetime.
-
-The Routers from the packages gorilla/mux and gorilla/pat call Clear()
-so if you are using either of them you don't need to clear the context manually.
-*/
-package context
diff --git a/vendor/github.com/gorilla/mux/LICENSE b/vendor/github.com/gorilla/mux/LICENSE
index 0e5fb872800da..6903df6386e98 100644
--- a/vendor/github.com/gorilla/mux/LICENSE
+++ b/vendor/github.com/gorilla/mux/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2012 Rodrigo Moraes. All rights reserved.
+Copyright (c) 2012-2018 The Gorilla Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
diff --git a/vendor/github.com/gorilla/mux/README.md b/vendor/github.com/gorilla/mux/README.md
index 9516c51916308..35eea9f106354 100644
--- a/vendor/github.com/gorilla/mux/README.md
+++ b/vendor/github.com/gorilla/mux/README.md
@@ -1,29 +1,60 @@
-mux
-===
+# gorilla/mux
+
 [![GoDoc](https://godoc.org/github.com/gorilla/mux?status.svg)](https://godoc.org/github.com/gorilla/mux)
-[![Build Status](https://travis-ci.org/gorilla/mux.svg?branch=master)](https://travis-ci.org/gorilla/mux)
+[![CircleCI](https://circleci.com/gh/gorilla/mux.svg?style=svg)](https://circleci.com/gh/gorilla/mux)
+[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/mux/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/mux?badge)
+
+![Gorilla Logo](https://cloud-cdn.questionable.services/gorilla-icon-64.png)
 
-http://www.gorillatoolkit.org/pkg/mux
+https://www.gorillatoolkit.org/pkg/mux
 
-Package `gorilla/mux` implements a request router and dispatcher.
+Package `gorilla/mux` implements a request router and dispatcher for matching incoming requests to
+their respective handler.
 
 The name mux stands for "HTTP request multiplexer". Like the standard `http.ServeMux`, `mux.Router` matches incoming requests against a list of registered routes and calls a handler for the route that matches the URL or other conditions. The main features are:
 
+* It implements the `http.Handler` interface so it is compatible with the standard `http.ServeMux`.
 * Requests can be matched based on URL host, path, path prefix, schemes, header and query values, HTTP methods or using custom matchers.
-* URL hosts and paths can have variables with an optional regular expression.
+* URL hosts, paths and query values can have variables with an optional regular expression.
 * Registered URLs can be built, or "reversed", which helps maintaining references to resources.
 * Routes can be used as subrouters: nested routes are only tested if the parent route matches. This is useful to define groups of routes that share common conditions like a host, a path prefix or other repeated attributes. As a bonus, this optimizes request matching.
-* It implements the `http.Handler` interface so it is compatible with the standard `http.ServeMux`.
+
+---
+
+* [Install](#install)
+* [Examples](#examples)
+* [Matching Routes](#matching-routes)
+* [Static Files](#static-files)
+* [Serving Single Page Applications](#serving-single-page-applications) (e.g. React, Vue, Ember.js, etc.)
+* [Registered URLs](#registered-urls)
+* [Walking Routes](#walking-routes)
+* [Graceful Shutdown](#graceful-shutdown)
+* [Middleware](#middleware)
+* [Handling CORS Requests](#handling-cors-requests)
+* [Testing Handlers](#testing-handlers)
+* [Full Example](#full-example)
+
+---
+
+## Install
+
+With a [correctly configured](https://golang.org/doc/install#testing) Go toolchain:
+
+```sh
+go get -u github.com/gorilla/mux
+```
+
+## Examples
 
 Let's start registering a couple of URL paths and handlers:
 
 ```go
 func main() {
-	r := mux.NewRouter()
-	r.HandleFunc("/", HomeHandler)
-	r.HandleFunc("/products", ProductsHandler)
-	r.HandleFunc("/articles", ArticlesHandler)
-	http.Handle("/", r)
+    r := mux.NewRouter()
+    r.HandleFunc("/", HomeHandler)
+    r.HandleFunc("/products", ProductsHandler)
+    r.HandleFunc("/articles", ArticlesHandler)
+    http.Handle("/", r)
 }
 ```
 
@@ -41,12 +72,17 @@ r.HandleFunc("/articles/{category}/{id:[0-9]+}", ArticleHandler)
 The names are used to create a map of route variables which can be retrieved calling `mux.Vars()`:
 
 ```go
-vars := mux.Vars(request)
-category := vars["category"]
+func ArticlesCategoryHandler(w http.ResponseWriter, r *http.Request) {
+    vars := mux.Vars(r)
+    w.WriteHeader(http.StatusOK)
+    fmt.Fprintf(w, "Category: %v\n", vars["category"])
+}
 ```
 
 And this is all you need to know about the basic usage. More advanced options are explained below.
 
+### Matching Routes
+
 Routes can also be restricted to a domain or subdomain. Just define a host pattern to be matched. They can also have variables:
 
 ```go
@@ -54,7 +90,7 @@ r := mux.NewRouter()
 // Only matches if domain is "www.example.com".
 r.Host("www.example.com")
 // Matches a dynamic subdomain.
-r.Host("{subdomain:[a-z]+}.domain.com")
+r.Host("{subdomain:[a-z]+}.example.com")
 ```
 
 There are several other matchers that can be added. To match path prefixes:
@@ -91,7 +127,7 @@ r.Queries("key", "value")
 
 ```go
 r.MatcherFunc(func(r *http.Request, rm *RouteMatch) bool {
-	return r.ProtoMajor == 0
+    return r.ProtoMajor == 0
 })
 ```
 
@@ -104,6 +140,14 @@ r.HandleFunc("/products", ProductsHandler).
   Schemes("http")
 ```
 
+Routes are tested in the order they were added to the router. If two routes match, the first one wins:
+
+```go
+r := mux.NewRouter()
+r.HandleFunc("/specific", specificHandler)
+r.PathPrefix("/").Handler(catchAllHandler)
+```
+
 Setting the same matching conditions again and again can be boring, so we have a way to group several routes that share the same requirements. We call it "subrouting".
 
 For example, let's say we have several URLs that should only match when the host is `www.example.com`. Create a route for that host and get a "subrouter" from it:
@@ -118,7 +162,7 @@ Then register routes in the subrouter:
 ```go
 s.HandleFunc("/products/", ProductsHandler)
 s.HandleFunc("/products/{key}", ProductHandler)
-s.HandleFunc("/articles/{category}/{id:[0-9]+}"), ArticleHandler)
+s.HandleFunc("/articles/{category}/{id:[0-9]+}", ArticleHandler)
 ```
 
 The three URL paths we registered above will only be tested if the domain is `www.example.com`, because the subrouter is tested first. This is not only convenient, but also optimizes request matching. You can create subrouters combining any attribute matchers accepted by a route.
@@ -138,6 +182,125 @@ s.HandleFunc("/{key}/", ProductHandler)
 s.HandleFunc("/{key}/details", ProductDetailsHandler)
 ```
 
+
+### Static Files
+
+Note that the path provided to `PathPrefix()` represents a "wildcard": calling
+`PathPrefix("/static/").Handler(...)` means that the handler will be passed any
+request that matches "/static/\*". This makes it easy to serve static files with mux:
+
+```go
+func main() {
+    var dir string
+
+    flag.StringVar(&dir, "dir", ".", "the directory to serve files from. Defaults to the current dir")
+    flag.Parse()
+    r := mux.NewRouter()
+
+    // This will serve files under http://localhost:8000/static/<filename>
+    r.PathPrefix("/static/").Handler(http.StripPrefix("/static/", http.FileServer(http.Dir(dir))))
+
+    srv := &http.Server{
+        Handler:      r,
+        Addr:         "127.0.0.1:8000",
+        // Good practice: enforce timeouts for servers you create!
+        WriteTimeout: 15 * time.Second,
+        ReadTimeout:  15 * time.Second,
+    }
+
+    log.Fatal(srv.ListenAndServe())
+}
+```
+
+### Serving Single Page Applications
+
+Most of the time it makes sense to serve your SPA on a separate web server from your API,
+but sometimes it's desirable to serve them both from one place. It's possible to write a simple
+handler for serving your SPA (for use with React Router's [BrowserRouter](https://reacttraining.com/react-router/web/api/BrowserRouter) for example), and leverage
+mux's powerful routing for your API endpoints.
+
+```go
+package main
+
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/gorilla/mux"
+)
+
+// spaHandler implements the http.Handler interface, so we can use it
+// to respond to HTTP requests. The path to the static directory and
+// path to the index file within that static directory are used to
+// serve the SPA in the given static directory.
+type spaHandler struct {
+	staticPath string
+	indexPath  string
+}
+
+// ServeHTTP inspects the URL path to locate a file within the static dir
+// on the SPA handler. If a file is found, it will be served. If not, the
+// file located at the index path on the SPA handler will be served. This
+// is suitable behavior for serving an SPA (single page application).
+func (h spaHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+    // get the absolute path to prevent directory traversal
+	path, err := filepath.Abs(r.URL.Path)
+	if err != nil {
+        // if we failed to get the absolute path respond with a 400 bad request
+        // and stop
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+    // prepend the path with the path to the static directory
+	path = filepath.Join(h.staticPath, path)
+
+    // check whether a file exists at the given path
+	_, err = os.Stat(path)
+	if os.IsNotExist(err) {
+		// file does not exist, serve index.html
+		http.ServeFile(w, r, filepath.Join(h.staticPath, h.indexPath))
+		return
+	} else if err != nil {
+        // if we got an error (that wasn't that the file doesn't exist) stating the
+        // file, return a 500 internal server error and stop
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+    // otherwise, use http.FileServer to serve the static dir
+	http.FileServer(http.Dir(h.staticPath)).ServeHTTP(w, r)
+}
+
+func main() {
+	router := mux.NewRouter()
+
+	router.HandleFunc("/api/health", func(w http.ResponseWriter, r *http.Request) {
+		// an example API handler
+		json.NewEncoder(w).Encode(map[string]bool{"ok": true})
+	})
+
+	spa := spaHandler{staticPath: "build", indexPath: "index.html"}
+	router.PathPrefix("/").Handler(spa)
+
+	srv := &http.Server{
+		Handler: router,
+		Addr:    "127.0.0.1:8000",
+		// Good practice: enforce timeouts for servers you create!
+		WriteTimeout: 15 * time.Second,
+		ReadTimeout:  15 * time.Second,
+	}
+
+	log.Fatal(srv.ListenAndServe())
+}
+```
+
+### Registered URLs
+
 Now let's see how to build registered URLs.
 
 Routes can be named. All routes that define a name can have their URLs built, or "reversed". We define a name calling `Name()` on a route. For example:
@@ -160,19 +323,21 @@ url, err := r.Get("article").URL("category", "technology", "id", "42")
 "/articles/technology/42"
 ```
 
-This also works for host variables:
+This also works for host and query value variables:
 
 ```go
 r := mux.NewRouter()
-r.Host("{subdomain}.domain.com").
+r.Host("{subdomain}.example.com").
   Path("/articles/{category}/{id:[0-9]+}").
+  Queries("filter", "{filter}").
   HandlerFunc(ArticleHandler).
   Name("article")
 
-// url.String() will be "http://news.domain.com/articles/technology/42"
+// url.String() will be "http://news.example.com/articles/technology/42?filter=gorilla"
 url, err := r.Get("article").URL("subdomain", "news",
                                  "category", "technology",
-                                 "id", "42")
+                                 "id", "42",
+                                 "filter", "gorilla")
 ```
 
 All variables defined in the route are required, and their values must conform to the corresponding patterns. These requirements guarantee that a generated URL will always match a registered route -- the only exception is for explicitly defined "build-only" routes which never match.
@@ -188,7 +353,7 @@ r.HeadersRegexp("Content-Type", "application/(text|json)")
 There's also a way to build only the URL host or path for a route: use the methods `URLHost()` or `URLPath()` instead. For the previous route, we would do:
 
 ```go
-// "http://news.domain.com/"
+// "http://news.example.com/"
 host, err := r.Get("article").URLHost("subdomain", "news")
 
 // "/articles/technology/42"
@@ -199,41 +364,439 @@ And if you use subrouters, host and path defined separately can be built as well
 
 ```go
 r := mux.NewRouter()
-s := r.Host("{subdomain}.domain.com").Subrouter()
+s := r.Host("{subdomain}.example.com").Subrouter()
 s.Path("/articles/{category}/{id:[0-9]+}").
   HandlerFunc(ArticleHandler).
   Name("article")
 
-// "http://news.domain.com/articles/technology/42"
+// "http://news.example.com/articles/technology/42"
 url, err := r.Get("article").URL("subdomain", "news",
                                  "category", "technology",
                                  "id", "42")
 ```
 
-## Full Example
+### Walking Routes
 
-Here's a complete, runnable example of a small `mux` based server:
+The `Walk` function on `mux.Router` can be used to visit all of the routes that are registered on a router. For example,
+the following prints all of the registered routes:
 
 ```go
 package main
 
 import (
+	"fmt"
 	"net/http"
+	"strings"
 
 	"github.com/gorilla/mux"
 )
 
-func YourHandler(w http.ResponseWriter, r *http.Request) {
-	w.Write([]byte("Gorilla!\n"))
+func handler(w http.ResponseWriter, r *http.Request) {
+	return
 }
 
 func main() {
 	r := mux.NewRouter()
-	// Routes consist of a path and a handler function.
-	r.HandleFunc("/", YourHandler)
+	r.HandleFunc("/", handler)
+	r.HandleFunc("/products", handler).Methods("POST")
+	r.HandleFunc("/articles", handler).Methods("GET")
+	r.HandleFunc("/articles/{id}", handler).Methods("GET", "PUT")
+	r.HandleFunc("/authors", handler).Queries("surname", "{surname}")
+	err := r.Walk(func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
+		pathTemplate, err := route.GetPathTemplate()
+		if err == nil {
+			fmt.Println("ROUTE:", pathTemplate)
+		}
+		pathRegexp, err := route.GetPathRegexp()
+		if err == nil {
+			fmt.Println("Path regexp:", pathRegexp)
+		}
+		queriesTemplates, err := route.GetQueriesTemplates()
+		if err == nil {
+			fmt.Println("Queries templates:", strings.Join(queriesTemplates, ","))
+		}
+		queriesRegexps, err := route.GetQueriesRegexp()
+		if err == nil {
+			fmt.Println("Queries regexps:", strings.Join(queriesRegexps, ","))
+		}
+		methods, err := route.GetMethods()
+		if err == nil {
+			fmt.Println("Methods:", strings.Join(methods, ","))
+		}
+		fmt.Println()
+		return nil
+	})
+
+	if err != nil {
+		fmt.Println(err)
+	}
+
+	http.Handle("/", r)
+}
+```
+
+### Graceful Shutdown
+
+Go 1.8 introduced the ability to [gracefully shutdown](https://golang.org/doc/go1.8#http_shutdown) a `*http.Server`. Here's how to do that alongside `mux`:
+
+```go
+package main
+
+import (
+    "context"
+    "flag"
+    "log"
+    "net/http"
+    "os"
+    "os/signal"
+    "time"
+
+    "github.com/gorilla/mux"
+)
+
+func main() {
+    var wait time.Duration
+    flag.DurationVar(&wait, "graceful-timeout", time.Second * 15, "the duration for which the server gracefully wait for existing connections to finish - e.g. 15s or 1m")
+    flag.Parse()
+
+    r := mux.NewRouter()
+    // Add your routes as needed
+
+    srv := &http.Server{
+        Addr:         "0.0.0.0:8080",
+        // Good practice to set timeouts to avoid Slowloris attacks.
+        WriteTimeout: time.Second * 15,
+        ReadTimeout:  time.Second * 15,
+        IdleTimeout:  time.Second * 60,
+        Handler: r, // Pass our instance of gorilla/mux in.
+    }
+
+    // Run our server in a goroutine so that it doesn't block.
+    go func() {
+        if err := srv.ListenAndServe(); err != nil {
+            log.Println(err)
+        }
+    }()
+
+    c := make(chan os.Signal, 1)
+    // We'll accept graceful shutdowns when quit via SIGINT (Ctrl+C)
+    // SIGKILL, SIGQUIT or SIGTERM (Ctrl+/) will not be caught.
+    signal.Notify(c, os.Interrupt)
+
+    // Block until we receive our signal.
+    <-c
+
+    // Create a deadline to wait for.
+    ctx, cancel := context.WithTimeout(context.Background(), wait)
+    defer cancel()
+    // Doesn't block if no connections, but will otherwise wait
+    // until the timeout deadline.
+    srv.Shutdown(ctx)
+    // Optionally, you could run srv.Shutdown in a goroutine and block on
+    // <-ctx.Done() if your application should wait for other services
+    // to finalize based on context cancellation.
+    log.Println("shutting down")
+    os.Exit(0)
+}
+```
+
+### Middleware
+
+Mux supports the addition of middlewares to a [Router](https://godoc.org/github.com/gorilla/mux#Router), which are executed in the order they are added if a match is found, including its subrouters.
+Middlewares are (typically) small pieces of code which take one request, do something with it, and pass it down to another middleware or the final handler. Some common use cases for middleware are request logging, header manipulation, or `ResponseWriter` hijacking.
+
+Mux middlewares are defined using the de facto standard type:
+
+```go
+type MiddlewareFunc func(http.Handler) http.Handler
+```
+
+Typically, the returned handler is a closure which does something with the http.ResponseWriter and http.Request passed to it, and then calls the handler passed as parameter to the MiddlewareFunc. This takes advantage of closures being able access variables from the context where they are created, while retaining the signature enforced by the receivers.
+
+A very basic middleware which logs the URI of the request being handled could be written as:
+
+```go
+func loggingMiddleware(next http.Handler) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        // Do stuff here
+        log.Println(r.RequestURI)
+        // Call the next handler, which can be another middleware in the chain, or the final handler.
+        next.ServeHTTP(w, r)
+    })
+}
+```
+
+Middlewares can be added to a router using `Router.Use()`:
+
+```go
+r := mux.NewRouter()
+r.HandleFunc("/", handler)
+r.Use(loggingMiddleware)
+```
+
+A more complex authentication middleware, which maps session token to users, could be written as:
+
+```go
+// Define our struct
+type authenticationMiddleware struct {
+	tokenUsers map[string]string
+}
+
+// Initialize it somewhere
+func (amw *authenticationMiddleware) Populate() {
+	amw.tokenUsers["00000000"] = "user0"
+	amw.tokenUsers["aaaaaaaa"] = "userA"
+	amw.tokenUsers["05f717e5"] = "randomUser"
+	amw.tokenUsers["deadbeef"] = "user0"
+}
+
+// Middleware function, which will be called for each request
+func (amw *authenticationMiddleware) Middleware(next http.Handler) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        token := r.Header.Get("X-Session-Token")
+
+        if user, found := amw.tokenUsers[token]; found {
+        	// We found the token in our map
+        	log.Printf("Authenticated user %s\n", user)
+        	// Pass down the request to the next middleware (or final handler)
+        	next.ServeHTTP(w, r)
+        } else {
+        	// Write an error and stop the handler chain
+        	http.Error(w, "Forbidden", http.StatusForbidden)
+        }
+    })
+}
+```
+
+```go
+r := mux.NewRouter()
+r.HandleFunc("/", handler)
+
+amw := authenticationMiddleware{}
+amw.Populate()
+
+r.Use(amw.Middleware)
+```
+
+Note: The handler chain will be stopped if your middleware doesn't call `next.ServeHTTP()` with the corresponding parameters. This can be used to abort a request if the middleware writer wants to. Middlewares _should_ write to `ResponseWriter` if they _are_ going to terminate the request, and they _should not_ write to `ResponseWriter` if they _are not_ going to terminate it.
+
+### Handling CORS Requests
+
+[CORSMethodMiddleware](https://godoc.org/github.com/gorilla/mux#CORSMethodMiddleware) intends to make it easier to strictly set the `Access-Control-Allow-Methods` response header.
+
+* You will still need to use your own CORS handler to set the other CORS headers such as `Access-Control-Allow-Origin`
+* The middleware will set the `Access-Control-Allow-Methods` header to all the method matchers (e.g. `r.Methods(http.MethodGet, http.MethodPut, http.MethodOptions)` -> `Access-Control-Allow-Methods: GET,PUT,OPTIONS`) on a route
+* If you do not specify any methods, then:
+> _Important_: there must be an `OPTIONS` method matcher for the middleware to set the headers.
+
+Here is an example of using `CORSMethodMiddleware` along with a custom `OPTIONS` handler to set all the required CORS headers:
+
+```go
+package main
+
+import (
+	"net/http"
+	"github.com/gorilla/mux"
+)
+
+func main() {
+    r := mux.NewRouter()
+
+    // IMPORTANT: you must specify an OPTIONS method matcher for the middleware to set CORS headers
+    r.HandleFunc("/foo", fooHandler).Methods(http.MethodGet, http.MethodPut, http.MethodPatch, http.MethodOptions)
+    r.Use(mux.CORSMethodMiddleware(r))
+    
+    http.ListenAndServe(":8080", r)
+}
+
+func fooHandler(w http.ResponseWriter, r *http.Request) {
+    w.Header().Set("Access-Control-Allow-Origin", "*")
+    if r.Method == http.MethodOptions {
+        return
+    }
+
+    w.Write([]byte("foo"))
+}
+```
+
+And an request to `/foo` using something like:
+
+```bash
+curl localhost:8080/foo -v
+```
+
+Would look like:
+
+```bash
+*   Trying ::1...
+* TCP_NODELAY set
+* Connected to localhost (::1) port 8080 (#0)
+> GET /foo HTTP/1.1
+> Host: localhost:8080
+> User-Agent: curl/7.59.0
+> Accept: */*
+> 
+< HTTP/1.1 200 OK
+< Access-Control-Allow-Methods: GET,PUT,PATCH,OPTIONS
+< Access-Control-Allow-Origin: *
+< Date: Fri, 28 Jun 2019 20:13:30 GMT
+< Content-Length: 3
+< Content-Type: text/plain; charset=utf-8
+< 
+* Connection #0 to host localhost left intact
+foo
+```
+
+### Testing Handlers
+
+Testing handlers in a Go web application is straightforward, and _mux_ doesn't complicate this any further. Given two files: `endpoints.go` and `endpoints_test.go`, here's how we'd test an application using _mux_.
+
+First, our simple HTTP handler:
+
+```go
+// endpoints.go
+package main
+
+func HealthCheckHandler(w http.ResponseWriter, r *http.Request) {
+    // A very simple health check.
+    w.Header().Set("Content-Type", "application/json")
+    w.WriteHeader(http.StatusOK)
+
+    // In the future we could report back on the status of our DB, or our cache
+    // (e.g. Redis) by performing a simple PING, and include them in the response.
+    io.WriteString(w, `{"alive": true}`)
+}
+
+func main() {
+    r := mux.NewRouter()
+    r.HandleFunc("/health", HealthCheckHandler)
+
+    log.Fatal(http.ListenAndServe("localhost:8080", r))
+}
+```
+
+Our test code:
+
+```go
+// endpoints_test.go
+package main
+
+import (
+    "net/http"
+    "net/http/httptest"
+    "testing"
+)
+
+func TestHealthCheckHandler(t *testing.T) {
+    // Create a request to pass to our handler. We don't have any query parameters for now, so we'll
+    // pass 'nil' as the third parameter.
+    req, err := http.NewRequest("GET", "/health", nil)
+    if err != nil {
+        t.Fatal(err)
+    }
+
+    // We create a ResponseRecorder (which satisfies http.ResponseWriter) to record the response.
+    rr := httptest.NewRecorder()
+    handler := http.HandlerFunc(HealthCheckHandler)
+
+    // Our handlers satisfy http.Handler, so we can call their ServeHTTP method
+    // directly and pass in our Request and ResponseRecorder.
+    handler.ServeHTTP(rr, req)
+
+    // Check the status code is what we expect.
+    if status := rr.Code; status != http.StatusOK {
+        t.Errorf("handler returned wrong status code: got %v want %v",
+            status, http.StatusOK)
+    }
+
+    // Check the response body is what we expect.
+    expected := `{"alive": true}`
+    if rr.Body.String() != expected {
+        t.Errorf("handler returned unexpected body: got %v want %v",
+            rr.Body.String(), expected)
+    }
+}
+```
+
+In the case that our routes have [variables](#examples), we can pass those in the request. We could write
+[table-driven tests](https://dave.cheney.net/2013/06/09/writing-table-driven-tests-in-go) to test multiple
+possible route variables as needed.
+
+```go
+// endpoints.go
+func main() {
+    r := mux.NewRouter()
+    // A route with a route variable:
+    r.HandleFunc("/metrics/{type}", MetricsHandler)
+
+    log.Fatal(http.ListenAndServe("localhost:8080", r))
+}
+```
+
+Our test file, with a table-driven test of `routeVariables`:
+
+```go
+// endpoints_test.go
+func TestMetricsHandler(t *testing.T) {
+    tt := []struct{
+        routeVariable string
+        shouldPass bool
+    }{
+        {"goroutines", true},
+        {"heap", true},
+        {"counters", true},
+        {"queries", true},
+        {"adhadaeqm3k", false},
+    }
+
+    for _, tc := range tt {
+        path := fmt.Sprintf("/metrics/%s", tc.routeVariable)
+        req, err := http.NewRequest("GET", path, nil)
+        if err != nil {
+            t.Fatal(err)
+        }
+
+        rr := httptest.NewRecorder()
+	
+	// Need to create a router that we can pass the request through so that the vars will be added to the context
+	router := mux.NewRouter()
+        router.HandleFunc("/metrics/{type}", MetricsHandler)
+        router.ServeHTTP(rr, req)
+
+        // In this case, our MetricsHandler returns a non-200 response
+        // for a route variable it doesn't know about.
+        if rr.Code == http.StatusOK && !tc.shouldPass {
+            t.Errorf("handler should have failed on routeVariable %s: got %v want %v",
+                tc.routeVariable, rr.Code, http.StatusOK)
+        }
+    }
+}
+```
+
+## Full Example
+
+Here's a complete, runnable example of a small `mux` based server:
+
+```go
+package main
+
+import (
+    "net/http"
+    "log"
+    "github.com/gorilla/mux"
+)
+
+func YourHandler(w http.ResponseWriter, r *http.Request) {
+    w.Write([]byte("Gorilla!\n"))
+}
+
+func main() {
+    r := mux.NewRouter()
+    // Routes consist of a path and a handler function.
+    r.HandleFunc("/", YourHandler)
 
-	// Bind to a port and pass our router in
-	http.ListenAndServe(":8000", r)
+    // Bind to a port and pass our router in
+    log.Fatal(http.ListenAndServe(":8000", r))
 }
 ```
 
diff --git a/vendor/github.com/gorilla/mux/doc.go b/vendor/github.com/gorilla/mux/doc.go
index 835f5342eb97d..bd5a38b55d82f 100644
--- a/vendor/github.com/gorilla/mux/doc.go
+++ b/vendor/github.com/gorilla/mux/doc.go
@@ -12,8 +12,8 @@ or other conditions. The main features are:
 
 	* Requests can be matched based on URL host, path, path prefix, schemes,
 	  header and query values, HTTP methods or using custom matchers.
-	* URL hosts and paths can have variables with an optional regular
-	  expression.
+	* URL hosts, paths and query values can have variables with an optional
+	  regular expression.
 	* Registered URLs can be built, or "reversed", which helps maintaining
 	  references to resources.
 	* Routes can be used as subrouters: nested routes are only tested if the
@@ -47,12 +47,21 @@ variable will be anything until the next slash. For example:
 	r.HandleFunc("/articles/{category}/", ArticlesCategoryHandler)
 	r.HandleFunc("/articles/{category}/{id:[0-9]+}", ArticleHandler)
 
+Groups can be used inside patterns, as long as they are non-capturing (?:re). For example:
+
+	r.HandleFunc("/articles/{category}/{sort:(?:asc|desc|new)}", ArticlesCategoryHandler)
+
 The names are used to create a map of route variables which can be retrieved
 calling mux.Vars():
 
 	vars := mux.Vars(request)
 	category := vars["category"]
 
+Note that if any capturing groups are present, mux will panic() during parsing. To prevent
+this, convert any capturing groups to non-capturing, e.g. change "/{sort:(asc|desc)}" to
+"/{sort:(?:asc|desc)}". This is a change from prior versions which behaved unpredictably
+when capturing groups were present.
+
 And this is all you need to know about the basic usage. More advanced options
 are explained below.
 
@@ -136,6 +145,31 @@ the inner routes use it as base for their paths:
 	// "/products/{key}/details"
 	s.HandleFunc("/{key}/details", ProductDetailsHandler)
 
+Note that the path provided to PathPrefix() represents a "wildcard": calling
+PathPrefix("/static/").Handler(...) means that the handler will be passed any
+request that matches "/static/*". This makes it easy to serve static files with mux:
+
+	func main() {
+		var dir string
+
+		flag.StringVar(&dir, "dir", ".", "the directory to serve files from. Defaults to the current dir")
+		flag.Parse()
+		r := mux.NewRouter()
+
+		// This will serve files under http://localhost:8000/static/<filename>
+		r.PathPrefix("/static/").Handler(http.StripPrefix("/static/", http.FileServer(http.Dir(dir))))
+
+		srv := &http.Server{
+			Handler:      r,
+			Addr:         "127.0.0.1:8000",
+			// Good practice: enforce timeouts for servers you create!
+			WriteTimeout: 15 * time.Second,
+			ReadTimeout:  15 * time.Second,
+		}
+
+		log.Fatal(srv.ListenAndServe())
+	}
+
 Now let's see how to build registered URLs.
 
 Routes can be named. All routes that define a name can have their URLs built,
@@ -154,18 +188,20 @@ key/value pairs for the route variables. For the previous route, we would do:
 
 	"/articles/technology/42"
 
-This also works for host variables:
+This also works for host and query value variables:
 
 	r := mux.NewRouter()
 	r.Host("{subdomain}.domain.com").
 	  Path("/articles/{category}/{id:[0-9]+}").
+	  Queries("filter", "{filter}").
 	  HandlerFunc(ArticleHandler).
 	  Name("article")
 
-	// url.String() will be "http://news.domain.com/articles/technology/42"
+	// url.String() will be "http://news.domain.com/articles/technology/42?filter=gorilla"
 	url, err := r.Get("article").URL("subdomain", "news",
 	                                 "category", "technology",
-	                                 "id", "42")
+	                                 "id", "42",
+	                                 "filter", "gorilla")
 
 All variables defined in the route are required, and their values must
 conform to the corresponding patterns. These requirements guarantee that a
@@ -202,5 +238,69 @@ as well:
 	url, err := r.Get("article").URL("subdomain", "news",
 	                                 "category", "technology",
 	                                 "id", "42")
+
+Mux supports the addition of middlewares to a Router, which are executed in the order they are added if a match is found, including its subrouters. Middlewares are (typically) small pieces of code which take one request, do something with it, and pass it down to another middleware or the final handler. Some common use cases for middleware are request logging, header manipulation, or ResponseWriter hijacking.
+
+	type MiddlewareFunc func(http.Handler) http.Handler
+
+Typically, the returned handler is a closure which does something with the http.ResponseWriter and http.Request passed to it, and then calls the handler passed as parameter to the MiddlewareFunc (closures can access variables from the context where they are created).
+
+A very basic middleware which logs the URI of the request being handled could be written as:
+
+	func simpleMw(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// Do stuff here
+			log.Println(r.RequestURI)
+			// Call the next handler, which can be another middleware in the chain, or the final handler.
+			next.ServeHTTP(w, r)
+		})
+	}
+
+Middlewares can be added to a router using `Router.Use()`:
+
+	r := mux.NewRouter()
+	r.HandleFunc("/", handler)
+	r.Use(simpleMw)
+
+A more complex authentication middleware, which maps session token to users, could be written as:
+
+	// Define our struct
+	type authenticationMiddleware struct {
+		tokenUsers map[string]string
+	}
+
+	// Initialize it somewhere
+	func (amw *authenticationMiddleware) Populate() {
+		amw.tokenUsers["00000000"] = "user0"
+		amw.tokenUsers["aaaaaaaa"] = "userA"
+		amw.tokenUsers["05f717e5"] = "randomUser"
+		amw.tokenUsers["deadbeef"] = "user0"
+	}
+
+	// Middleware function, which will be called for each request
+	func (amw *authenticationMiddleware) Middleware(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			token := r.Header.Get("X-Session-Token")
+
+			if user, found := amw.tokenUsers[token]; found {
+				// We found the token in our map
+				log.Printf("Authenticated user %s\n", user)
+				next.ServeHTTP(w, r)
+			} else {
+				http.Error(w, "Forbidden", http.StatusForbidden)
+			}
+		})
+	}
+
+	r := mux.NewRouter()
+	r.HandleFunc("/", handler)
+
+	amw := authenticationMiddleware{tokenUsers: make(map[string]string)}
+	amw.Populate()
+
+	r.Use(amw.Middleware)
+
+Note: The handler chain will be stopped if your middleware doesn't call `next.ServeHTTP()` with the corresponding parameters. This can be used to abort a request if the middleware writer wants to.
+
 */
 package mux
diff --git a/vendor/github.com/gorilla/mux/go.mod b/vendor/github.com/gorilla/mux/go.mod
new file mode 100644
index 0000000000000..df170a3994039
--- /dev/null
+++ b/vendor/github.com/gorilla/mux/go.mod
@@ -0,0 +1,3 @@
+module github.com/gorilla/mux
+
+go 1.12
diff --git a/vendor/github.com/gorilla/mux/middleware.go b/vendor/github.com/gorilla/mux/middleware.go
new file mode 100644
index 0000000000000..cb51c565ebd3a
--- /dev/null
+++ b/vendor/github.com/gorilla/mux/middleware.go
@@ -0,0 +1,74 @@
+package mux
+
+import (
+	"net/http"
+	"strings"
+)
+
+// MiddlewareFunc is a function which receives an http.Handler and returns another http.Handler.
+// Typically, the returned handler is a closure which does something with the http.ResponseWriter and http.Request passed
+// to it, and then calls the handler passed as parameter to the MiddlewareFunc.
+type MiddlewareFunc func(http.Handler) http.Handler
+
+// middleware interface is anything which implements a MiddlewareFunc named Middleware.
+type middleware interface {
+	Middleware(handler http.Handler) http.Handler
+}
+
+// Middleware allows MiddlewareFunc to implement the middleware interface.
+func (mw MiddlewareFunc) Middleware(handler http.Handler) http.Handler {
+	return mw(handler)
+}
+
+// Use appends a MiddlewareFunc to the chain. Middleware can be used to intercept or otherwise modify requests and/or responses, and are executed in the order that they are applied to the Router.
+func (r *Router) Use(mwf ...MiddlewareFunc) {
+	for _, fn := range mwf {
+		r.middlewares = append(r.middlewares, fn)
+	}
+}
+
+// useInterface appends a middleware to the chain. Middleware can be used to intercept or otherwise modify requests and/or responses, and are executed in the order that they are applied to the Router.
+func (r *Router) useInterface(mw middleware) {
+	r.middlewares = append(r.middlewares, mw)
+}
+
+// CORSMethodMiddleware automatically sets the Access-Control-Allow-Methods response header
+// on requests for routes that have an OPTIONS method matcher to all the method matchers on
+// the route. Routes that do not explicitly handle OPTIONS requests will not be processed
+// by the middleware. See examples for usage.
+func CORSMethodMiddleware(r *Router) MiddlewareFunc {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			allMethods, err := getAllMethodsForRoute(r, req)
+			if err == nil {
+				for _, v := range allMethods {
+					if v == http.MethodOptions {
+						w.Header().Set("Access-Control-Allow-Methods", strings.Join(allMethods, ","))
+					}
+				}
+			}
+
+			next.ServeHTTP(w, req)
+		})
+	}
+}
+
+// getAllMethodsForRoute returns all the methods from method matchers matching a given
+// request.
+func getAllMethodsForRoute(r *Router, req *http.Request) ([]string, error) {
+	var allMethods []string
+
+	for _, route := range r.routes {
+		var match RouteMatch
+		if route.Match(req, &match) || match.MatchErr == ErrMethodMismatch {
+			methods, err := route.GetMethods()
+			if err != nil {
+				return nil, err
+			}
+
+			allMethods = append(allMethods, methods...)
+		}
+	}
+
+	return allMethods, nil
+}
diff --git a/vendor/github.com/gorilla/mux/mux.go b/vendor/github.com/gorilla/mux/mux.go
index fbb7f19adfc1e..782a34b22a608 100644
--- a/vendor/github.com/gorilla/mux/mux.go
+++ b/vendor/github.com/gorilla/mux/mux.go
@@ -5,18 +5,25 @@
 package mux
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/http"
 	"path"
 	"regexp"
+)
 
-	"github.com/gorilla/context"
+var (
+	// ErrMethodMismatch is returned when the method in the request does not match
+	// the method defined against the route.
+	ErrMethodMismatch = errors.New("method is not allowed")
+	// ErrNotFound is returned when no route match is found.
+	ErrNotFound = errors.New("no matching route was found")
 )
 
 // NewRouter returns a new router instance.
 func NewRouter() *Router {
-	return &Router{namedRoutes: make(map[string]*Route), KeepContext: false}
+	return &Router{namedRoutes: make(map[string]*Route)}
 }
 
 // Router registers routes to be matched and dispatches a handler.
@@ -40,31 +47,122 @@ func NewRouter() *Router {
 type Router struct {
 	// Configurable Handler to be used when no route matches.
 	NotFoundHandler http.Handler
-	// Parent route, if this is a subrouter.
-	parent parentRoute
+
+	// Configurable Handler to be used when the request method does not match the route.
+	MethodNotAllowedHandler http.Handler
+
 	// Routes to be matched, in order.
 	routes []*Route
+
 	// Routes by name for URL building.
 	namedRoutes map[string]*Route
-	// See Router.StrictSlash(). This defines the flag for new routes.
-	strictSlash bool
-	// If true, do not clear the request context after handling the request
+
+	// If true, do not clear the request context after handling the request.
+	//
+	// Deprecated: No effect, since the context is stored on the request itself.
 	KeepContext bool
+
+	// Slice of middlewares to be called after a match is found
+	middlewares []middleware
+
+	// configuration shared with `Route`
+	routeConf
+}
+
+// common route configuration shared between `Router` and `Route`
+type routeConf struct {
+	// If true, "/path/foo%2Fbar/to" will match the path "/path/{var}/to"
+	useEncodedPath bool
+
+	// If true, when the path pattern is "/path/", accessing "/path" will
+	// redirect to the former and vice versa.
+	strictSlash bool
+
+	// If true, when the path pattern is "/path//to", accessing "/path//to"
+	// will not redirect
+	skipClean bool
+
+	// Manager for the variables from host and path.
+	regexp routeRegexpGroup
+
+	// List of matchers.
+	matchers []matcher
+
+	// The scheme used when building URLs.
+	buildScheme string
+
+	buildVarsFunc BuildVarsFunc
+}
+
+// returns an effective deep copy of `routeConf`
+func copyRouteConf(r routeConf) routeConf {
+	c := r
+
+	if r.regexp.path != nil {
+		c.regexp.path = copyRouteRegexp(r.regexp.path)
+	}
+
+	if r.regexp.host != nil {
+		c.regexp.host = copyRouteRegexp(r.regexp.host)
+	}
+
+	c.regexp.queries = make([]*routeRegexp, 0, len(r.regexp.queries))
+	for _, q := range r.regexp.queries {
+		c.regexp.queries = append(c.regexp.queries, copyRouteRegexp(q))
+	}
+
+	c.matchers = make([]matcher, len(r.matchers))
+	copy(c.matchers, r.matchers)
+
+	return c
+}
+
+func copyRouteRegexp(r *routeRegexp) *routeRegexp {
+	c := *r
+	return &c
 }
 
-// Match matches registered routes against the request.
+// Match attempts to match the given request against the router's registered routes.
+//
+// If the request matches a route of this router or one of its subrouters the Route,
+// Handler, and Vars fields of the the match argument are filled and this function
+// returns true.
+//
+// If the request does not match any of this router's or its subrouters' routes
+// then this function returns false. If available, a reason for the match failure
+// will be filled in the match argument's MatchErr field. If the match failure type
+// (eg: not found) has a registered handler, the handler is assigned to the Handler
+// field of the match argument.
 func (r *Router) Match(req *http.Request, match *RouteMatch) bool {
 	for _, route := range r.routes {
 		if route.Match(req, match) {
+			// Build middleware chain if no error was found
+			if match.MatchErr == nil {
+				for i := len(r.middlewares) - 1; i >= 0; i-- {
+					match.Handler = r.middlewares[i].Middleware(match.Handler)
+				}
+			}
 			return true
 		}
 	}
 
+	if match.MatchErr == ErrMethodMismatch {
+		if r.MethodNotAllowedHandler != nil {
+			match.Handler = r.MethodNotAllowedHandler
+			return true
+		}
+
+		return false
+	}
+
 	// Closest match for a router (includes sub-routers)
 	if r.NotFoundHandler != nil {
 		match.Handler = r.NotFoundHandler
+		match.MatchErr = ErrNotFound
 		return true
 	}
+
+	match.MatchErr = ErrNotFound
 	return false
 }
 
@@ -73,57 +171,71 @@ func (r *Router) Match(req *http.Request, match *RouteMatch) bool {
 // When there is a match, the route variables can be retrieved calling
 // mux.Vars(request).
 func (r *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	// Clean path to canonical form and redirect.
-	if p := cleanPath(req.URL.Path); p != req.URL.Path {
-
-		// Added 3 lines (Philip Schlump) - It was dropping the query string and #whatever from query.
-		// This matches with fix in go 1.2 r.c. 4 for same problem.  Go Issue:
-		// http://code.google.com/p/go/issues/detail?id=5252
-		url := *req.URL
-		url.Path = p
-		p = url.String()
-
-		w.Header().Set("Location", p)
-		w.WriteHeader(http.StatusMovedPermanently)
-		return
+	if !r.skipClean {
+		path := req.URL.Path
+		if r.useEncodedPath {
+			path = req.URL.EscapedPath()
+		}
+		// Clean path to canonical form and redirect.
+		if p := cleanPath(path); p != path {
+
+			// Added 3 lines (Philip Schlump) - It was dropping the query string and #whatever from query.
+			// This matches with fix in go 1.2 r.c. 4 for same problem.  Go Issue:
+			// http://code.google.com/p/go/issues/detail?id=5252
+			url := *req.URL
+			url.Path = p
+			p = url.String()
+
+			w.Header().Set("Location", p)
+			w.WriteHeader(http.StatusMovedPermanently)
+			return
+		}
 	}
 	var match RouteMatch
 	var handler http.Handler
 	if r.Match(req, &match) {
 		handler = match.Handler
-		setVars(req, match.Vars)
-		setCurrentRoute(req, match.Route)
+		req = requestWithVars(req, match.Vars)
+		req = requestWithRoute(req, match.Route)
+	}
+
+	if handler == nil && match.MatchErr == ErrMethodMismatch {
+		handler = methodNotAllowedHandler()
 	}
+
 	if handler == nil {
 		handler = http.NotFoundHandler()
 	}
-	if !r.KeepContext {
-		defer context.Clear(req)
-	}
+
 	handler.ServeHTTP(w, req)
 }
 
 // Get returns a route registered with the given name.
 func (r *Router) Get(name string) *Route {
-	return r.getNamedRoutes()[name]
+	return r.namedRoutes[name]
 }
 
 // GetRoute returns a route registered with the given name. This method
 // was renamed to Get() and remains here for backwards compatibility.
 func (r *Router) GetRoute(name string) *Route {
-	return r.getNamedRoutes()[name]
+	return r.namedRoutes[name]
 }
 
 // StrictSlash defines the trailing slash behavior for new routes. The initial
 // value is false.
 //
-// When true, if the route path is "/path/", accessing "/path" will redirect
+// When true, if the route path is "/path/", accessing "/path" will perform a redirect
 // to the former and vice versa. In other words, your application will always
 // see the path as specified in the route.
 //
 // When false, if the route path is "/path", accessing "/path/" will not match
 // this route and vice versa.
 //
+// The re-direct is a HTTP 301 (Moved Permanently). Note that when this is set for
+// routes with a non-idempotent method (e.g. POST, PUT), the subsequent re-directed
+// request will be made as a GET by most clients. Use middleware or client settings
+// to modify this behaviour as needed.
+//
 // Special case: when a route sets a path prefix using the PathPrefix() method,
 // strict slash is ignored for that route because the redirect behavior can't
 // be determined from a prefix alone. However, any subrouters created from that
@@ -133,35 +245,28 @@ func (r *Router) StrictSlash(value bool) *Router {
 	return r
 }
 
-// ----------------------------------------------------------------------------
-// parentRoute
-// ----------------------------------------------------------------------------
-
-// getNamedRoutes returns the map where named routes are registered.
-func (r *Router) getNamedRoutes() map[string]*Route {
-	if r.namedRoutes == nil {
-		if r.parent != nil {
-			r.namedRoutes = r.parent.getNamedRoutes()
-		} else {
-			r.namedRoutes = make(map[string]*Route)
-		}
-	}
-	return r.namedRoutes
-}
-
-// getRegexpGroup returns regexp definitions from the parent route, if any.
-func (r *Router) getRegexpGroup() *routeRegexpGroup {
-	if r.parent != nil {
-		return r.parent.getRegexpGroup()
-	}
-	return nil
+// SkipClean defines the path cleaning behaviour for new routes. The initial
+// value is false. Users should be careful about which routes are not cleaned
+//
+// When true, if the route path is "/path//to", it will remain with the double
+// slash. This is helpful if you have a route like: /fetch/http://xkcd.com/534/
+//
+// When false, the path will be cleaned, so /fetch/http://xkcd.com/534/ will
+// become /fetch/http/xkcd.com/534
+func (r *Router) SkipClean(value bool) *Router {
+	r.skipClean = value
+	return r
 }
 
-func (r *Router) buildVars(m map[string]string) map[string]string {
-	if r.parent != nil {
-		m = r.parent.buildVars(m)
-	}
-	return m
+// UseEncodedPath tells the router to match the encoded original path
+// to the routes.
+// For eg. "/path/foo%2Fbar/to" will match the path "/path/{var}/to".
+//
+// If not called, the router will match the unencoded path to the routes.
+// For eg. "/path/foo%2Fbar/to" will match the path "/path/foo/bar/to"
+func (r *Router) UseEncodedPath() *Router {
+	r.useEncodedPath = true
+	return r
 }
 
 // ----------------------------------------------------------------------------
@@ -170,11 +275,18 @@ func (r *Router) buildVars(m map[string]string) map[string]string {
 
 // NewRoute registers an empty route.
 func (r *Router) NewRoute() *Route {
-	route := &Route{parent: r, strictSlash: r.strictSlash}
+	// initialize a route with a copy of the parent router's configuration
+	route := &Route{routeConf: copyRouteConf(r.routeConf), namedRoutes: r.namedRoutes}
 	r.routes = append(r.routes, route)
 	return route
 }
 
+// Name registers a new route with a name.
+// See Route.Name().
+func (r *Router) Name(name string) *Route {
+	return r.NewRoute().Name(name)
+}
+
 // Handle registers a new route with a matcher for the URL path.
 // See Route.Path() and Route.Handler().
 func (r *Router) Handle(path string, handler http.Handler) *Route {
@@ -260,20 +372,21 @@ type WalkFunc func(route *Route, router *Router, ancestors []*Route) error
 
 func (r *Router) walk(walkFn WalkFunc, ancestors []*Route) error {
 	for _, t := range r.routes {
-		if t.regexp == nil || t.regexp.path == nil || t.regexp.path.template == "" {
-			continue
-		}
-
 		err := walkFn(t, r, ancestors)
 		if err == SkipRouter {
 			continue
 		}
+		if err != nil {
+			return err
+		}
 		for _, sr := range t.matchers {
 			if h, ok := sr.(*Router); ok {
+				ancestors = append(ancestors, t)
 				err := h.walk(walkFn, ancestors)
 				if err != nil {
 					return err
 				}
+				ancestors = ancestors[:len(ancestors)-1]
 			}
 		}
 		if h, ok := t.handler.(*Router); ok {
@@ -297,6 +410,11 @@ type RouteMatch struct {
 	Route   *Route
 	Handler http.Handler
 	Vars    map[string]string
+
+	// MatchErr is set to appropriate matching error
+	// It is set to ErrMethodMismatch if there is a mismatch in
+	// the request method and route method
+	MatchErr error
 }
 
 type contextKey int
@@ -308,7 +426,7 @@ const (
 
 // Vars returns the route variables for the current request, if any.
 func Vars(r *http.Request) map[string]string {
-	if rv := context.Get(r, varsKey); rv != nil {
+	if rv := r.Context().Value(varsKey); rv != nil {
 		return rv.(map[string]string)
 	}
 	return nil
@@ -317,25 +435,22 @@ func Vars(r *http.Request) map[string]string {
 // CurrentRoute returns the matched route for the current request, if any.
 // This only works when called inside the handler of the matched route
 // because the matched route is stored in the request context which is cleared
-// after the handler returns, unless the KeepContext option is set on the
-// Router.
+// after the handler returns.
 func CurrentRoute(r *http.Request) *Route {
-	if rv := context.Get(r, routeKey); rv != nil {
+	if rv := r.Context().Value(routeKey); rv != nil {
 		return rv.(*Route)
 	}
 	return nil
 }
 
-func setVars(r *http.Request, val interface{}) {
-	if val != nil {
-		context.Set(r, varsKey, val)
-	}
+func requestWithVars(r *http.Request, vars map[string]string) *http.Request {
+	ctx := context.WithValue(r.Context(), varsKey, vars)
+	return r.WithContext(ctx)
 }
 
-func setCurrentRoute(r *http.Request, val interface{}) {
-	if val != nil {
-		context.Set(r, routeKey, val)
-	}
+func requestWithRoute(r *http.Request, route *Route) *http.Request {
+	ctx := context.WithValue(r.Context(), routeKey, route)
+	return r.WithContext(ctx)
 }
 
 // ----------------------------------------------------------------------------
@@ -357,6 +472,7 @@ func cleanPath(p string) string {
 	if p[len(p)-1] == '/' && np != "/" {
 		np += "/"
 	}
+
 	return np
 }
 
@@ -397,7 +513,7 @@ func mapFromPairsToString(pairs ...string) (map[string]string, error) {
 	return m, nil
 }
 
-// mapFromPairsToRegex converts variadic string paramers to a
+// mapFromPairsToRegex converts variadic string parameters to a
 // string to regex map.
 func mapFromPairsToRegex(pairs ...string) (map[string]*regexp.Regexp, error) {
 	length, err := checkPairs(pairs...)
@@ -479,3 +595,12 @@ func matchMapWithRegex(toCheck map[string]*regexp.Regexp, toMatch map[string][]s
 	}
 	return true
 }
+
+// methodNotAllowed replies to the request with an HTTP status code 405.
+func methodNotAllowed(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(http.StatusMethodNotAllowed)
+}
+
+// methodNotAllowedHandler returns a simple request handler
+// that replies to each request with a status code 405.
+func methodNotAllowedHandler() http.Handler { return http.HandlerFunc(methodNotAllowed) }
diff --git a/vendor/github.com/gorilla/mux/regexp.go b/vendor/github.com/gorilla/mux/regexp.go
index 08710bc984712..0144842bb23ee 100644
--- a/vendor/github.com/gorilla/mux/regexp.go
+++ b/vendor/github.com/gorilla/mux/regexp.go
@@ -14,6 +14,20 @@ import (
 	"strings"
 )
 
+type routeRegexpOptions struct {
+	strictSlash    bool
+	useEncodedPath bool
+}
+
+type regexpType int
+
+const (
+	regexpTypePath   regexpType = 0
+	regexpTypeHost   regexpType = 1
+	regexpTypePrefix regexpType = 2
+	regexpTypeQuery  regexpType = 3
+)
+
 // newRouteRegexp parses a route template and returns a routeRegexp,
 // used to match a host, a path or a query string.
 //
@@ -24,7 +38,7 @@ import (
 // Previously we accepted only Python-like identifiers for variable
 // names ([a-zA-Z_][a-zA-Z0-9_]*), but currently the only restriction is that
 // name and pattern can't be empty, and names can't contain a colon.
-func newRouteRegexp(tpl string, matchHost, matchPrefix, matchQuery, strictSlash bool) (*routeRegexp, error) {
+func newRouteRegexp(tpl string, typ regexpType, options routeRegexpOptions) (*routeRegexp, error) {
 	// Check if it is well-formed.
 	idxs, errBraces := braceIndices(tpl)
 	if errBraces != nil {
@@ -34,19 +48,18 @@ func newRouteRegexp(tpl string, matchHost, matchPrefix, matchQuery, strictSlash
 	template := tpl
 	// Now let's parse it.
 	defaultPattern := "[^/]+"
-	if matchQuery {
-		defaultPattern = "[^?&]*"
-	} else if matchHost {
+	if typ == regexpTypeQuery {
+		defaultPattern = ".*"
+	} else if typ == regexpTypeHost {
 		defaultPattern = "[^.]+"
-		matchPrefix = false
 	}
 	// Only match strict slash if not matching
-	if matchPrefix || matchHost || matchQuery {
-		strictSlash = false
+	if typ != regexpTypePath {
+		options.strictSlash = false
 	}
 	// Set a flag for strictSlash.
 	endSlash := false
-	if strictSlash && strings.HasSuffix(tpl, "/") {
+	if options.strictSlash && strings.HasSuffix(tpl, "/") {
 		tpl = tpl[:len(tpl)-1]
 		endSlash = true
 	}
@@ -88,18 +101,25 @@ func newRouteRegexp(tpl string, matchHost, matchPrefix, matchQuery, strictSlash
 	// Add the remaining.
 	raw := tpl[end:]
 	pattern.WriteString(regexp.QuoteMeta(raw))
-	if strictSlash {
+	if options.strictSlash {
 		pattern.WriteString("[/]?")
 	}
-	if matchQuery {
+	if typ == regexpTypeQuery {
 		// Add the default pattern if the query value is empty
 		if queryVal := strings.SplitN(template, "=", 2)[1]; queryVal == "" {
 			pattern.WriteString(defaultPattern)
 		}
 	}
-	if !matchPrefix {
+	if typ != regexpTypePrefix {
 		pattern.WriteByte('$')
 	}
+
+	var wildcardHostPort bool
+	if typ == regexpTypeHost {
+		if !strings.Contains(pattern.String(), ":") {
+			wildcardHostPort = true
+		}
+	}
 	reverse.WriteString(raw)
 	if endSlash {
 		reverse.WriteByte('/')
@@ -109,16 +129,23 @@ func newRouteRegexp(tpl string, matchHost, matchPrefix, matchQuery, strictSlash
 	if errCompile != nil {
 		return nil, errCompile
 	}
+
+	// Check for capturing groups which used to work in older versions
+	if reg.NumSubexp() != len(idxs)/2 {
+		panic(fmt.Sprintf("route %s contains capture groups in its regexp. ", template) +
+			"Only non-capturing groups are accepted: e.g. (?:pattern) instead of (pattern)")
+	}
+
 	// Done!
 	return &routeRegexp{
-		template:    template,
-		matchHost:   matchHost,
-		matchQuery:  matchQuery,
-		strictSlash: strictSlash,
-		regexp:      reg,
-		reverse:     reverse.String(),
-		varsN:       varsN,
-		varsR:       varsR,
+		template:         template,
+		regexpType:       typ,
+		options:          options,
+		regexp:           reg,
+		reverse:          reverse.String(),
+		varsN:            varsN,
+		varsR:            varsR,
+		wildcardHostPort: wildcardHostPort,
 	}, nil
 }
 
@@ -127,12 +154,10 @@ func newRouteRegexp(tpl string, matchHost, matchPrefix, matchQuery, strictSlash
 type routeRegexp struct {
 	// The unmodified template.
 	template string
-	// True for host match, false for path or query string match.
-	matchHost bool
-	// True for query string match, false for path and host match.
-	matchQuery bool
-	// The strictSlash value defined on the route, but disabled if PathPrefix was used.
-	strictSlash bool
+	// The type of match
+	regexpType regexpType
+	// Options for matching
+	options routeRegexpOptions
 	// Expanded regexp.
 	regexp *regexp.Regexp
 	// Reverse template.
@@ -141,29 +166,44 @@ type routeRegexp struct {
 	varsN []string
 	// Variable regexps (validators).
 	varsR []*regexp.Regexp
+	// Wildcard host-port (no strict port match in hostname)
+	wildcardHostPort bool
 }
 
 // Match matches the regexp against the URL host or path.
 func (r *routeRegexp) Match(req *http.Request, match *RouteMatch) bool {
-	if !r.matchHost {
-		if r.matchQuery {
-			return r.matchQueryString(req)
+	if r.regexpType == regexpTypeHost {
+		host := getHost(req)
+		if r.wildcardHostPort {
+			// Don't be strict on the port match
+			if i := strings.Index(host, ":"); i != -1 {
+				host = host[:i]
+			}
 		}
-
-		return r.regexp.MatchString(req.URL.Path)
+		return r.regexp.MatchString(host)
 	}
 
-	return r.regexp.MatchString(getHost(req))
+	if r.regexpType == regexpTypeQuery {
+		return r.matchQueryString(req)
+	}
+	path := req.URL.Path
+	if r.options.useEncodedPath {
+		path = req.URL.EscapedPath()
+	}
+	return r.regexp.MatchString(path)
 }
 
 // url builds a URL part using the given values.
 func (r *routeRegexp) url(values map[string]string) (string, error) {
-	urlValues := make([]interface{}, len(r.varsN))
+	urlValues := make([]interface{}, len(r.varsN), len(r.varsN))
 	for k, v := range r.varsN {
 		value, ok := values[v]
 		if !ok {
 			return "", fmt.Errorf("mux: missing route variable %q", v)
 		}
+		if r.regexpType == regexpTypeQuery {
+			value = url.QueryEscape(value)
+		}
 		urlValues[k] = value
 	}
 	rv := fmt.Sprintf(r.reverse, urlValues...)
@@ -186,18 +226,55 @@ func (r *routeRegexp) url(values map[string]string) (string, error) {
 // For a URL with foo=bar&baz=ding, we return only the relevant key
 // value pair for the routeRegexp.
 func (r *routeRegexp) getURLQuery(req *http.Request) string {
-	if !r.matchQuery {
+	if r.regexpType != regexpTypeQuery {
 		return ""
 	}
 	templateKey := strings.SplitN(r.template, "=", 2)[0]
-	for key, vals := range req.URL.Query() {
-		if key == templateKey && len(vals) > 0 {
-			return key + "=" + vals[0]
-		}
+	val, ok := findFirstQueryKey(req.URL.RawQuery, templateKey)
+	if ok {
+		return templateKey + "=" + val
 	}
 	return ""
 }
 
+// findFirstQueryKey returns the same result as (*url.URL).Query()[key][0].
+// If key was not found, empty string and false is returned.
+func findFirstQueryKey(rawQuery, key string) (value string, ok bool) {
+	query := []byte(rawQuery)
+	for len(query) > 0 {
+		foundKey := query
+		if i := bytes.IndexAny(foundKey, "&;"); i >= 0 {
+			foundKey, query = foundKey[:i], foundKey[i+1:]
+		} else {
+			query = query[:0]
+		}
+		if len(foundKey) == 0 {
+			continue
+		}
+		var value []byte
+		if i := bytes.IndexByte(foundKey, '='); i >= 0 {
+			foundKey, value = foundKey[:i], foundKey[i+1:]
+		}
+		if len(foundKey) < len(key) {
+			// Cannot possibly be key.
+			continue
+		}
+		keyString, err := url.QueryUnescape(string(foundKey))
+		if err != nil {
+			continue
+		}
+		if keyString != key {
+			continue
+		}
+		valueString, err := url.QueryUnescape(string(value))
+		if err != nil {
+			continue
+		}
+		return valueString, true
+	}
+	return "", false
+}
+
 func (r *routeRegexp) matchQueryString(req *http.Request) bool {
 	return r.regexp.MatchString(r.getURLQuery(req))
 }
@@ -244,23 +321,33 @@ type routeRegexpGroup struct {
 }
 
 // setMatch extracts the variables from the URL once a route matches.
-func (v *routeRegexpGroup) setMatch(req *http.Request, m *RouteMatch, r *Route) {
+func (v routeRegexpGroup) setMatch(req *http.Request, m *RouteMatch, r *Route) {
 	// Store host variables.
 	if v.host != nil {
 		host := getHost(req)
+		if v.host.wildcardHostPort {
+			// Don't be strict on the port match
+			if i := strings.Index(host, ":"); i != -1 {
+				host = host[:i]
+			}
+		}
 		matches := v.host.regexp.FindStringSubmatchIndex(host)
 		if len(matches) > 0 {
 			extractVars(host, matches, v.host.varsN, m.Vars)
 		}
 	}
+	path := req.URL.Path
+	if r.useEncodedPath {
+		path = req.URL.EscapedPath()
+	}
 	// Store path variables.
 	if v.path != nil {
-		matches := v.path.regexp.FindStringSubmatchIndex(req.URL.Path)
+		matches := v.path.regexp.FindStringSubmatchIndex(path)
 		if len(matches) > 0 {
-			extractVars(req.URL.Path, matches, v.path.varsN, m.Vars)
+			extractVars(path, matches, v.path.varsN, m.Vars)
 			// Check if we should redirect.
-			if v.path.strictSlash {
-				p1 := strings.HasSuffix(req.URL.Path, "/")
+			if v.path.options.strictSlash {
+				p1 := strings.HasSuffix(path, "/")
 				p2 := strings.HasSuffix(v.path.template, "/")
 				if p1 != p2 {
 					u, _ := url.Parse(req.URL.String())
@@ -269,7 +356,7 @@ func (v *routeRegexpGroup) setMatch(req *http.Request, m *RouteMatch, r *Route)
 					} else {
 						u.Path += "/"
 					}
-					m.Handler = http.RedirectHandler(u.String(), 301)
+					m.Handler = http.RedirectHandler(u.String(), http.StatusMovedPermanently)
 				}
 			}
 		}
@@ -285,28 +372,17 @@ func (v *routeRegexpGroup) setMatch(req *http.Request, m *RouteMatch, r *Route)
 }
 
 // getHost tries its best to return the request host.
+// According to section 14.23 of RFC 2616 the Host header
+// can include the port number if the default value of 80 is not used.
 func getHost(r *http.Request) string {
 	if r.URL.IsAbs() {
 		return r.URL.Host
 	}
-	host := r.Host
-	// Slice off any port information.
-	if i := strings.Index(host, ":"); i != -1 {
-		host = host[:i]
-	}
-	return host
-
+	return r.Host
 }
 
 func extractVars(input string, matches []int, names []string, output map[string]string) {
-	matchesCount := 0
-	prevEnd := -1
-	for i := 2; i < len(matches) && matchesCount < len(names); i += 2 {
-		if prevEnd < matches[i+1] {
-			value := input[matches[i]:matches[i+1]]
-			output[names[matchesCount]] = value
-			prevEnd = matches[i+1]
-			matchesCount++
-		}
+	for i, name := range names {
+		output[name] = input[matches[2*i+2]:matches[2*i+3]]
 	}
 }
diff --git a/vendor/github.com/gorilla/mux/route.go b/vendor/github.com/gorilla/mux/route.go
index bf92af2610526..750afe570d053 100644
--- a/vendor/github.com/gorilla/mux/route.go
+++ b/vendor/github.com/gorilla/mux/route.go
@@ -15,17 +15,8 @@ import (
 
 // Route stores information to match a request and build URLs.
 type Route struct {
-	// Parent where the route was registered (a Router).
-	parent parentRoute
 	// Request handler for the route.
 	handler http.Handler
-	// List of matchers.
-	matchers []matcher
-	// Manager for the variables from host and path.
-	regexp *routeRegexpGroup
-	// If true, when the path pattern is "/path/", accessing "/path" will
-	// redirect to the former and vice versa.
-	strictSlash bool
 	// If true, this route never matches: it is only used to build URLs.
 	buildOnly bool
 	// The name used to build URLs.
@@ -33,7 +24,17 @@ type Route struct {
 	// Error resulted from building a route.
 	err error
 
-	buildVarsFunc BuildVarsFunc
+	// "global" reference to all named routes
+	namedRoutes map[string]*Route
+
+	// config possibly passed in from `Router`
+	routeConf
+}
+
+// SkipClean reports whether path cleaning is enabled for this route via
+// Router.SkipClean.
+func (r *Route) SkipClean() bool {
+	return r.skipClean
 }
 
 // Match matches the route against the request.
@@ -41,12 +42,45 @@ func (r *Route) Match(req *http.Request, match *RouteMatch) bool {
 	if r.buildOnly || r.err != nil {
 		return false
 	}
+
+	var matchErr error
+
 	// Match everything.
 	for _, m := range r.matchers {
 		if matched := m.Match(req, match); !matched {
+			if _, ok := m.(methodMatcher); ok {
+				matchErr = ErrMethodMismatch
+				continue
+			}
+
+			// Ignore ErrNotFound errors. These errors arise from match call
+			// to Subrouters.
+			//
+			// This prevents subsequent matching subrouters from failing to
+			// run middleware. If not ignored, the middleware would see a
+			// non-nil MatchErr and be skipped, even when there was a
+			// matching route.
+			if match.MatchErr == ErrNotFound {
+				match.MatchErr = nil
+			}
+
+			matchErr = nil
 			return false
 		}
 	}
+
+	if matchErr != nil {
+		match.MatchErr = matchErr
+		return false
+	}
+
+	if match.MatchErr == ErrMethodMismatch && r.handler != nil {
+		// We found a route which matches request method, clear MatchErr
+		match.MatchErr = nil
+		// Then override the mis-matched handler
+		match.Handler = r.handler
+	}
+
 	// Yay, we have a match. Let's collect some info about it.
 	if match.Route == nil {
 		match.Route = r
@@ -57,10 +91,9 @@ func (r *Route) Match(req *http.Request, match *RouteMatch) bool {
 	if match.Vars == nil {
 		match.Vars = make(map[string]string)
 	}
+
 	// Set variables.
-	if r.regexp != nil {
-		r.regexp.setMatch(req, match, r)
-	}
+	r.regexp.setMatch(req, match, r)
 	return true
 }
 
@@ -102,7 +135,7 @@ func (r *Route) GetHandler() http.Handler {
 // Name -----------------------------------------------------------------------
 
 // Name sets the name for the route, used to build URLs.
-// If the name was registered already it will be overwritten.
+// It is an error to call Name more than once on a route.
 func (r *Route) Name(name string) *Route {
 	if r.name != "" {
 		r.err = fmt.Errorf("mux: route already has name %q, can't set %q",
@@ -110,7 +143,7 @@ func (r *Route) Name(name string) *Route {
 	}
 	if r.err == nil {
 		r.name = name
-		r.getNamedRoutes()[name] = r
+		r.namedRoutes[name] = r
 	}
 	return r
 }
@@ -138,20 +171,22 @@ func (r *Route) addMatcher(m matcher) *Route {
 }
 
 // addRegexpMatcher adds a host or path matcher and builder to a route.
-func (r *Route) addRegexpMatcher(tpl string, matchHost, matchPrefix, matchQuery bool) error {
+func (r *Route) addRegexpMatcher(tpl string, typ regexpType) error {
 	if r.err != nil {
 		return r.err
 	}
-	r.regexp = r.getRegexpGroup()
-	if !matchHost && !matchQuery {
-		if len(tpl) == 0 || tpl[0] != '/' {
+	if typ == regexpTypePath || typ == regexpTypePrefix {
+		if len(tpl) > 0 && tpl[0] != '/' {
 			return fmt.Errorf("mux: path must start with a slash, got %q", tpl)
 		}
 		if r.regexp.path != nil {
 			tpl = strings.TrimRight(r.regexp.path.template, "/") + tpl
 		}
 	}
-	rr, err := newRouteRegexp(tpl, matchHost, matchPrefix, matchQuery, r.strictSlash)
+	rr, err := newRouteRegexp(tpl, typ, routeRegexpOptions{
+		strictSlash:    r.strictSlash,
+		useEncodedPath: r.useEncodedPath,
+	})
 	if err != nil {
 		return err
 	}
@@ -160,7 +195,7 @@ func (r *Route) addRegexpMatcher(tpl string, matchHost, matchPrefix, matchQuery
 			return err
 		}
 	}
-	if matchHost {
+	if typ == regexpTypeHost {
 		if r.regexp.path != nil {
 			if err = uniqueVars(rr.varsN, r.regexp.path.varsN); err != nil {
 				return err
@@ -173,7 +208,7 @@ func (r *Route) addRegexpMatcher(tpl string, matchHost, matchPrefix, matchQuery
 				return err
 			}
 		}
-		if matchQuery {
+		if typ == regexpTypeQuery {
 			r.regexp.queries = append(r.regexp.queries, rr)
 		} else {
 			r.regexp.path = rr
@@ -225,7 +260,8 @@ func (m headerRegexMatcher) Match(r *http.Request, match *RouteMatch) bool {
 //               "X-Requested-With", "XMLHttpRequest")
 //
 // The above route will only match if both the request header matches both regular expressions.
-// It the value is an empty string, it will match any value if the key is set.
+// If the value is an empty string, it will match any value if the key is set.
+// Use the start and end of string anchors (^ and $) to match an exact value.
 func (r *Route) HeadersRegexp(pairs ...string) *Route {
 	if r.err == nil {
 		var headers map[string]*regexp.Regexp
@@ -255,7 +291,7 @@ func (r *Route) HeadersRegexp(pairs ...string) *Route {
 // Variable names must be unique in a given route. They can be retrieved
 // calling mux.Vars(request).
 func (r *Route) Host(tpl string) *Route {
-	r.err = r.addRegexpMatcher(tpl, true, false, false)
+	r.err = r.addRegexpMatcher(tpl, regexpTypeHost)
 	return r
 }
 
@@ -315,7 +351,7 @@ func (r *Route) Methods(methods ...string) *Route {
 // Variable names must be unique in a given route. They can be retrieved
 // calling mux.Vars(request).
 func (r *Route) Path(tpl string) *Route {
-	r.err = r.addRegexpMatcher(tpl, false, false, false)
+	r.err = r.addRegexpMatcher(tpl, regexpTypePath)
 	return r
 }
 
@@ -331,7 +367,7 @@ func (r *Route) Path(tpl string) *Route {
 // Also note that the setting of Router.StrictSlash() has no effect on routes
 // with a PathPrefix matcher.
 func (r *Route) PathPrefix(tpl string) *Route {
-	r.err = r.addRegexpMatcher(tpl, false, true, false)
+	r.err = r.addRegexpMatcher(tpl, regexpTypePrefix)
 	return r
 }
 
@@ -347,7 +383,7 @@ func (r *Route) PathPrefix(tpl string) *Route {
 // The above route will only match if the URL contains the defined queries
 // values, e.g.: ?foo=bar&id=42.
 //
-// It the value is an empty string, it will match any value if the key is set.
+// If the value is an empty string, it will match any value if the key is set.
 //
 // Variables can define an optional regexp pattern to be matched:
 //
@@ -362,7 +398,7 @@ func (r *Route) Queries(pairs ...string) *Route {
 		return nil
 	}
 	for i := 0; i < length; i += 2 {
-		if r.err = r.addRegexpMatcher(pairs[i]+"="+pairs[i+1], false, false, true); r.err != nil {
+		if r.err = r.addRegexpMatcher(pairs[i]+"="+pairs[i+1], regexpTypeQuery); r.err != nil {
 			return r
 		}
 	}
@@ -376,15 +412,37 @@ func (r *Route) Queries(pairs ...string) *Route {
 type schemeMatcher []string
 
 func (m schemeMatcher) Match(r *http.Request, match *RouteMatch) bool {
-	return matchInArray(m, r.URL.Scheme)
+	scheme := r.URL.Scheme
+	// https://golang.org/pkg/net/http/#Request
+	// "For [most] server requests, fields other than Path and RawQuery will be
+	// empty."
+	// Since we're an http muxer, the scheme is either going to be http or https
+	// though, so we can just set it based on the tls termination state.
+	if scheme == "" {
+		if r.TLS == nil {
+			scheme = "http"
+		} else {
+			scheme = "https"
+		}
+	}
+	return matchInArray(m, scheme)
 }
 
 // Schemes adds a matcher for URL schemes.
 // It accepts a sequence of schemes to be matched, e.g.: "http", "https".
+// If the request's URL has a scheme set, it will be matched against.
+// Generally, the URL scheme will only be set if a previous handler set it,
+// such as the ProxyHeaders handler from gorilla/handlers.
+// If unset, the scheme will be determined based on the request's TLS
+// termination state.
+// The first argument to Schemes will be used when constructing a route URL.
 func (r *Route) Schemes(schemes ...string) *Route {
 	for k, v := range schemes {
 		schemes[k] = strings.ToLower(v)
 	}
+	if len(schemes) > 0 {
+		r.buildScheme = schemes[0]
+	}
 	return r.addMatcher(schemeMatcher(schemes))
 }
 
@@ -397,7 +455,15 @@ type BuildVarsFunc func(map[string]string) map[string]string
 // BuildVarsFunc adds a custom function to be used to modify build variables
 // before a route's URL is built.
 func (r *Route) BuildVarsFunc(f BuildVarsFunc) *Route {
-	r.buildVarsFunc = f
+	if r.buildVarsFunc != nil {
+		// compose the old and new functions
+		old := r.buildVarsFunc
+		r.buildVarsFunc = func(m map[string]string) map[string]string {
+			return f(old(m))
+		}
+	} else {
+		r.buildVarsFunc = f
+	}
 	return r
 }
 
@@ -416,7 +482,8 @@ func (r *Route) BuildVarsFunc(f BuildVarsFunc) *Route {
 // Here, the routes registered in the subrouter won't be tested if the host
 // doesn't match.
 func (r *Route) Subrouter() *Router {
-	router := &Router{parent: r, strictSlash: r.strictSlash}
+	// initialize a subrouter with a copy of the parent route's configuration
+	router := &Router{routeConf: copyRouteConf(r.routeConf), namedRoutes: r.namedRoutes}
 	r.addMatcher(router)
 	return router
 }
@@ -445,8 +512,8 @@ func (r *Route) Subrouter() *Router {
 // This also works for host variables:
 //
 //     r := mux.NewRouter()
-//     r.Host("{subdomain}.domain.com").
-//       HandleFunc("/articles/{category}/{id:[0-9]+}", ArticleHandler).
+//     r.HandleFunc("/articles/{category}/{id:[0-9]+}", ArticleHandler).
+//       Host("{subdomain}.domain.com").
 //       Name("article")
 //
 //     // url.String() will be "http://news.domain.com/articles/technology/42"
@@ -454,36 +521,51 @@ func (r *Route) Subrouter() *Router {
 //                                      "category", "technology",
 //                                      "id", "42")
 //
+// The scheme of the resulting url will be the first argument that was passed to Schemes:
+//
+//     // url.String() will be "https://example.com"
+//     r := mux.NewRouter()
+//     url, err := r.Host("example.com")
+//                  .Schemes("https", "http").URL()
+//
 // All variables defined in the route are required, and their values must
 // conform to the corresponding patterns.
 func (r *Route) URL(pairs ...string) (*url.URL, error) {
 	if r.err != nil {
 		return nil, r.err
 	}
-	if r.regexp == nil {
-		return nil, errors.New("mux: route doesn't have a host or path")
-	}
 	values, err := r.prepareVars(pairs...)
 	if err != nil {
 		return nil, err
 	}
 	var scheme, host, path string
+	queries := make([]string, 0, len(r.regexp.queries))
 	if r.regexp.host != nil {
-		// Set a default scheme.
-		scheme = "http"
 		if host, err = r.regexp.host.url(values); err != nil {
 			return nil, err
 		}
+		scheme = "http"
+		if r.buildScheme != "" {
+			scheme = r.buildScheme
+		}
 	}
 	if r.regexp.path != nil {
 		if path, err = r.regexp.path.url(values); err != nil {
 			return nil, err
 		}
 	}
+	for _, q := range r.regexp.queries {
+		var query string
+		if query, err = q.url(values); err != nil {
+			return nil, err
+		}
+		queries = append(queries, query)
+	}
 	return &url.URL{
-		Scheme: scheme,
-		Host:   host,
-		Path:   path,
+		Scheme:   scheme,
+		Host:     host,
+		Path:     path,
+		RawQuery: strings.Join(queries, "&"),
 	}, nil
 }
 
@@ -494,7 +576,7 @@ func (r *Route) URLHost(pairs ...string) (*url.URL, error) {
 	if r.err != nil {
 		return nil, r.err
 	}
-	if r.regexp == nil || r.regexp.host == nil {
+	if r.regexp.host == nil {
 		return nil, errors.New("mux: route doesn't have a host")
 	}
 	values, err := r.prepareVars(pairs...)
@@ -505,10 +587,14 @@ func (r *Route) URLHost(pairs ...string) (*url.URL, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &url.URL{
+	u := &url.URL{
 		Scheme: "http",
 		Host:   host,
-	}, nil
+	}
+	if r.buildScheme != "" {
+		u.Scheme = r.buildScheme
+	}
+	return u, nil
 }
 
 // URLPath builds the path part of the URL for a route. See Route.URL().
@@ -518,7 +604,7 @@ func (r *Route) URLPath(pairs ...string) (*url.URL, error) {
 	if r.err != nil {
 		return nil, r.err
 	}
-	if r.regexp == nil || r.regexp.path == nil {
+	if r.regexp.path == nil {
 		return nil, errors.New("mux: route doesn't have a path")
 	}
 	values, err := r.prepareVars(pairs...)
@@ -543,12 +629,80 @@ func (r *Route) GetPathTemplate() (string, error) {
 	if r.err != nil {
 		return "", r.err
 	}
-	if r.regexp == nil || r.regexp.path == nil {
+	if r.regexp.path == nil {
 		return "", errors.New("mux: route doesn't have a path")
 	}
 	return r.regexp.path.template, nil
 }
 
+// GetPathRegexp returns the expanded regular expression used to match route path.
+// This is useful for building simple REST API documentation and for instrumentation
+// against third-party services.
+// An error will be returned if the route does not define a path.
+func (r *Route) GetPathRegexp() (string, error) {
+	if r.err != nil {
+		return "", r.err
+	}
+	if r.regexp.path == nil {
+		return "", errors.New("mux: route does not have a path")
+	}
+	return r.regexp.path.regexp.String(), nil
+}
+
+// GetQueriesRegexp returns the expanded regular expressions used to match the
+// route queries.
+// This is useful for building simple REST API documentation and for instrumentation
+// against third-party services.
+// An error will be returned if the route does not have queries.
+func (r *Route) GetQueriesRegexp() ([]string, error) {
+	if r.err != nil {
+		return nil, r.err
+	}
+	if r.regexp.queries == nil {
+		return nil, errors.New("mux: route doesn't have queries")
+	}
+	queries := make([]string, 0, len(r.regexp.queries))
+	for _, query := range r.regexp.queries {
+		queries = append(queries, query.regexp.String())
+	}
+	return queries, nil
+}
+
+// GetQueriesTemplates returns the templates used to build the
+// query matching.
+// This is useful for building simple REST API documentation and for instrumentation
+// against third-party services.
+// An error will be returned if the route does not define queries.
+func (r *Route) GetQueriesTemplates() ([]string, error) {
+	if r.err != nil {
+		return nil, r.err
+	}
+	if r.regexp.queries == nil {
+		return nil, errors.New("mux: route doesn't have queries")
+	}
+	queries := make([]string, 0, len(r.regexp.queries))
+	for _, query := range r.regexp.queries {
+		queries = append(queries, query.template)
+	}
+	return queries, nil
+}
+
+// GetMethods returns the methods the route matches against
+// This is useful for building simple REST API documentation and for instrumentation
+// against third-party services.
+// An error will be returned if route does not have methods.
+func (r *Route) GetMethods() ([]string, error) {
+	if r.err != nil {
+		return nil, r.err
+	}
+	for _, m := range r.matchers {
+		if methods, ok := m.(methodMatcher); ok {
+			return []string(methods), nil
+		}
+	}
+	return nil, errors.New("mux: route doesn't have methods")
+}
+
 // GetHostTemplate returns the template used to build the
 // route match.
 // This is useful for building simple REST API documentation and for instrumentation
@@ -558,7 +712,7 @@ func (r *Route) GetHostTemplate() (string, error) {
 	if r.err != nil {
 		return "", r.err
 	}
-	if r.regexp == nil || r.regexp.host == nil {
+	if r.regexp.host == nil {
 		return "", errors.New("mux: route doesn't have a host")
 	}
 	return r.regexp.host.template, nil
@@ -575,53 +729,8 @@ func (r *Route) prepareVars(pairs ...string) (map[string]string, error) {
 }
 
 func (r *Route) buildVars(m map[string]string) map[string]string {
-	if r.parent != nil {
-		m = r.parent.buildVars(m)
-	}
 	if r.buildVarsFunc != nil {
 		m = r.buildVarsFunc(m)
 	}
 	return m
 }
-
-// ----------------------------------------------------------------------------
-// parentRoute
-// ----------------------------------------------------------------------------
-
-// parentRoute allows routes to know about parent host and path definitions.
-type parentRoute interface {
-	getNamedRoutes() map[string]*Route
-	getRegexpGroup() *routeRegexpGroup
-	buildVars(map[string]string) map[string]string
-}
-
-// getNamedRoutes returns the map where named routes are registered.
-func (r *Route) getNamedRoutes() map[string]*Route {
-	if r.parent == nil {
-		// During tests router is not always set.
-		r.parent = NewRouter()
-	}
-	return r.parent.getNamedRoutes()
-}
-
-// getRegexpGroup returns regexp definitions from this route.
-func (r *Route) getRegexpGroup() *routeRegexpGroup {
-	if r.regexp == nil {
-		if r.parent == nil {
-			// During tests router is not always set.
-			r.parent = NewRouter()
-		}
-		regexp := r.parent.getRegexpGroup()
-		if regexp == nil {
-			r.regexp = new(routeRegexpGroup)
-		} else {
-			// Copy.
-			r.regexp = &routeRegexpGroup{
-				host:    regexp.host,
-				path:    regexp.path,
-				queries: regexp.queries,
-			}
-		}
-	}
-	return r.regexp
-}
diff --git a/vendor/github.com/gorilla/mux/test_helpers.go b/vendor/github.com/gorilla/mux/test_helpers.go
new file mode 100644
index 0000000000000..5f5c496de0129
--- /dev/null
+++ b/vendor/github.com/gorilla/mux/test_helpers.go
@@ -0,0 +1,19 @@
+// Copyright 2012 The Gorilla Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package mux
+
+import "net/http"
+
+// SetURLVars sets the URL variables for the given request, to be accessed via
+// mux.Vars for testing route behaviour. Arguments are not modified, a shallow
+// copy is returned.
+//
+// This API should only be used for testing purposes; it provides a way to
+// inject variables into the request context. Alternatively, URL variables
+// can be set by making a route that captures the required variables,
+// starting a server and sending the request to that server.
+func SetURLVars(r *http.Request, val map[string]string) *http.Request {
+	return requestWithVars(r, val)
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/LICENSE b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/LICENSE
new file mode 100644
index 0000000000000..b2b065037fc4d
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/LICENSE
@@ -0,0 +1,201 @@
+                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/README.md b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/README.md
new file mode 100644
index 0000000000000..3a4cc2175e52c
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/README.md
@@ -0,0 +1,85 @@
+# Go gRPC Middleware
+
+[![Travis Build](https://travis-ci.org/grpc-ecosystem/go-grpc-middleware.svg?branch=master)](https://travis-ci.org/grpc-ecosystem/go-grpc-middleware)
+[![Go Report Card](https://goreportcard.com/badge/github.com/grpc-ecosystem/go-grpc-middleware)](https://goreportcard.com/report/github.com/grpc-ecosystem/go-grpc-middleware)
+[![GoDoc](http://img.shields.io/badge/GoDoc-Reference-blue.svg)](https://godoc.org/github.com/grpc-ecosystem/go-grpc-middleware)
+[![SourceGraph](https://sourcegraph.com/github.com/grpc-ecosystem/go-grpc-middleware/-/badge.svg)](https://sourcegraph.com/github.com/grpc-ecosystem/go-grpc-middleware/?badge)
+[![codecov](https://codecov.io/gh/grpc-ecosystem/go-grpc-middleware/branch/master/graph/badge.svg)](https://codecov.io/gh/grpc-ecosystem/go-grpc-middleware)
+[![Apache 2.0 License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
+[![quality: production](https://img.shields.io/badge/quality-production-orange.svg)](#status)
+[![Slack](https://img.shields.io/badge/slack-%23grpc--middleware-brightgreen)](https://slack.com/share/IRUQCFC23/9Tm7hxRFVKKNoajQfMOcUiIk/enQtODc4ODI4NTIyMDcxLWM5NDA0ZTE4Njg5YjRjYWZkMTI5MzQwNDY3YzBjMzE1YzdjOGM5ZjI1NDNiM2JmNzI2YjM5ODE5OTRiNTEyOWE)
+
+[gRPC Go](https://github.com/grpc/grpc-go) Middleware: interceptors, helpers, utilities.
+
+## Middleware
+
+[gRPC Go](https://github.com/grpc/grpc-go) recently acquired support for
+Interceptors, i.e. [middleware](https://medium.com/@matryer/writing-middleware-in-golang-and-how-go-makes-it-so-much-fun-4375c1246e81#.gv7tdlghs) 
+that is executed either on the gRPC Server before the request is passed onto the user's application logic, or on the gRPC client either around the user call. It is a perfect way to implement
+common patterns: auth, logging, message, validation, retries or monitoring.
+
+These are generic building blocks that make it easy to build multiple microservices easily.
+The purpose of this repository is to act as a go-to point for such reusable functionality. It contains
+some of them itself, but also will link to useful external repos.
+
+`grpc_middleware` itself provides support for chaining interceptors, here's an example:
+
+```go
+import "github.com/grpc-ecosystem/go-grpc-middleware"
+
+myServer := grpc.NewServer(
+    grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(
+        grpc_ctxtags.StreamServerInterceptor(),
+        grpc_opentracing.StreamServerInterceptor(),
+        grpc_prometheus.StreamServerInterceptor,
+        grpc_zap.StreamServerInterceptor(zapLogger),
+        grpc_auth.StreamServerInterceptor(myAuthFunction),
+        grpc_recovery.StreamServerInterceptor(),
+    )),
+    grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(
+        grpc_ctxtags.UnaryServerInterceptor(),
+        grpc_opentracing.UnaryServerInterceptor(),
+        grpc_prometheus.UnaryServerInterceptor,
+        grpc_zap.UnaryServerInterceptor(zapLogger),
+        grpc_auth.UnaryServerInterceptor(myAuthFunction),
+        grpc_recovery.UnaryServerInterceptor(),
+    )),
+)
+```
+
+## Interceptors
+
+*Please send a PR to add new interceptors or middleware to this list*
+
+#### Auth
+   * [`grpc_auth`](auth) - a customizable (via `AuthFunc`) piece of auth middleware 
+
+#### Logging
+   * [`grpc_ctxtags`](tags/) - a library that adds a `Tag` map to context, with data populated from request body
+   * [`grpc_zap`](logging/zap/) - integration of [zap](https://github.com/uber-go/zap) logging library into gRPC handlers.
+   * [`grpc_logrus`](logging/logrus/) - integration of [logrus](https://github.com/sirupsen/logrus) logging library into gRPC handlers.
+   * [`grpc_kit`](logging/kit/) - integration of [go-kit](https://github.com/go-kit/kit/tree/master/log) logging library into gRPC handlers.
+
+#### Monitoring
+   * [`grpc_prometheus`⚡](https://github.com/grpc-ecosystem/go-grpc-prometheus) - Prometheus client-side and server-side monitoring middleware
+   * [`otgrpc`⚡](https://github.com/grpc-ecosystem/grpc-opentracing/tree/master/go/otgrpc) - [OpenTracing](http://opentracing.io/) client-side and server-side interceptors
+   * [`grpc_opentracing`](tracing/opentracing) - [OpenTracing](http://opentracing.io/) client-side and server-side interceptors with support for streaming and handler-returned tags
+
+#### Client
+   * [`grpc_retry`](retry/) - a generic gRPC response code retry mechanism, client-side middleware
+
+#### Server
+   * [`grpc_validator`](validator/) - codegen inbound message validation from `.proto` options
+   * [`grpc_recovery`](recovery/) - turn panics into gRPC errors
+   * [`ratelimit`](ratelimit/) - grpc rate limiting by your own limiter
+
+
+## Status
+
+This code has been running in *production* since May 2016 as the basis of the gRPC micro services stack at [Improbable](https://improbable.io).
+
+Additional tooling will be added, and contributions are welcome.
+
+## License
+
+`go-grpc-middleware` is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go
new file mode 100644
index 0000000000000..ea3738b896cfd
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go
@@ -0,0 +1,120 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+// gRPC Server Interceptor chaining middleware.
+
+package grpc_middleware
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+)
+
+// ChainUnaryServer creates a single interceptor out of a chain of many interceptors.
+//
+// Execution is done in left-to-right order, including passing of context.
+// For example ChainUnaryServer(one, two, three) will execute one before two before three, and three
+// will see context changes of one and two.
+func ChainUnaryServer(interceptors ...grpc.UnaryServerInterceptor) grpc.UnaryServerInterceptor {
+	n := len(interceptors)
+
+	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		chainer := func(currentInter grpc.UnaryServerInterceptor, currentHandler grpc.UnaryHandler) grpc.UnaryHandler {
+			return func(currentCtx context.Context, currentReq interface{}) (interface{}, error) {
+				return currentInter(currentCtx, currentReq, info, currentHandler)
+			}
+		}
+
+		chainedHandler := handler
+		for i := n - 1; i >= 0; i-- {
+			chainedHandler = chainer(interceptors[i], chainedHandler)
+		}
+
+		return chainedHandler(ctx, req)
+	}
+}
+
+// ChainStreamServer creates a single interceptor out of a chain of many interceptors.
+//
+// Execution is done in left-to-right order, including passing of context.
+// For example ChainUnaryServer(one, two, three) will execute one before two before three.
+// If you want to pass context between interceptors, use WrapServerStream.
+func ChainStreamServer(interceptors ...grpc.StreamServerInterceptor) grpc.StreamServerInterceptor {
+	n := len(interceptors)
+
+	return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+		chainer := func(currentInter grpc.StreamServerInterceptor, currentHandler grpc.StreamHandler) grpc.StreamHandler {
+			return func(currentSrv interface{}, currentStream grpc.ServerStream) error {
+				return currentInter(currentSrv, currentStream, info, currentHandler)
+			}
+		}
+
+		chainedHandler := handler
+		for i := n - 1; i >= 0; i-- {
+			chainedHandler = chainer(interceptors[i], chainedHandler)
+		}
+
+		return chainedHandler(srv, ss)
+	}
+}
+
+// ChainUnaryClient creates a single interceptor out of a chain of many interceptors.
+//
+// Execution is done in left-to-right order, including passing of context.
+// For example ChainUnaryClient(one, two, three) will execute one before two before three.
+func ChainUnaryClient(interceptors ...grpc.UnaryClientInterceptor) grpc.UnaryClientInterceptor {
+	n := len(interceptors)
+
+	return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+		chainer := func(currentInter grpc.UnaryClientInterceptor, currentInvoker grpc.UnaryInvoker) grpc.UnaryInvoker {
+			return func(currentCtx context.Context, currentMethod string, currentReq, currentRepl interface{}, currentConn *grpc.ClientConn, currentOpts ...grpc.CallOption) error {
+				return currentInter(currentCtx, currentMethod, currentReq, currentRepl, currentConn, currentInvoker, currentOpts...)
+			}
+		}
+
+		chainedInvoker := invoker
+		for i := n - 1; i >= 0; i-- {
+			chainedInvoker = chainer(interceptors[i], chainedInvoker)
+		}
+
+		return chainedInvoker(ctx, method, req, reply, cc, opts...)
+	}
+}
+
+// ChainStreamClient creates a single interceptor out of a chain of many interceptors.
+//
+// Execution is done in left-to-right order, including passing of context.
+// For example ChainStreamClient(one, two, three) will execute one before two before three.
+func ChainStreamClient(interceptors ...grpc.StreamClientInterceptor) grpc.StreamClientInterceptor {
+	n := len(interceptors)
+
+	return func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
+		chainer := func(currentInter grpc.StreamClientInterceptor, currentStreamer grpc.Streamer) grpc.Streamer {
+			return func(currentCtx context.Context, currentDesc *grpc.StreamDesc, currentConn *grpc.ClientConn, currentMethod string, currentOpts ...grpc.CallOption) (grpc.ClientStream, error) {
+				return currentInter(currentCtx, currentDesc, currentConn, currentMethod, currentStreamer, currentOpts...)
+			}
+		}
+
+		chainedStreamer := streamer
+		for i := n - 1; i >= 0; i-- {
+			chainedStreamer = chainer(interceptors[i], chainedStreamer)
+		}
+
+		return chainedStreamer(ctx, desc, cc, method, opts...)
+	}
+}
+
+// Chain creates a single interceptor out of a chain of many interceptors.
+//
+// WithUnaryServerChain is a grpc.Server config option that accepts multiple unary interceptors.
+// Basically syntactic sugar.
+func WithUnaryServerChain(interceptors ...grpc.UnaryServerInterceptor) grpc.ServerOption {
+	return grpc.UnaryInterceptor(ChainUnaryServer(interceptors...))
+}
+
+// WithStreamServerChain is a grpc.Server config option that accepts multiple stream interceptors.
+// Basically syntactic sugar.
+func WithStreamServerChain(interceptors ...grpc.StreamServerInterceptor) grpc.ServerOption {
+	return grpc.StreamInterceptor(ChainStreamServer(interceptors...))
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/doc.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/doc.go
new file mode 100644
index 0000000000000..716895036423b
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/doc.go
@@ -0,0 +1,69 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+/*
+`grpc_middleware` is a collection of gRPC middleware packages: interceptors, helpers and tools.
+
+Middleware
+
+gRPC is a fantastic RPC middleware, which sees a lot of adoption in the Golang world. However, the
+upstream gRPC codebase is relatively bare bones.
+
+This package, and most of its child packages provides commonly needed middleware for gRPC:
+client-side interceptors for retires, server-side interceptors for input validation and auth,
+functions for chaining said interceptors, metadata convenience methods and more.
+
+Chaining
+
+By default, gRPC doesn't allow one to have more than one interceptor either on the client nor on
+the server side. `grpc_middleware` provides convenient chaining methods
+
+Simple way of turning a multiple interceptors into a single interceptor. Here's an example for
+server chaining:
+
+	myServer := grpc.NewServer(
+	    grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(loggingStream, monitoringStream, authStream)),
+	    grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(loggingUnary, monitoringUnary, authUnary),
+	)
+
+These interceptors will be executed from left to right: logging, monitoring and auth.
+
+Here's an example for client side chaining:
+
+	clientConn, err = grpc.Dial(
+	    address,
+	        grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(monitoringClientUnary, retryUnary)),
+	        grpc.WithStreamInterceptor(grpc_middleware.ChainStreamClient(monitoringClientStream, retryStream)),
+	)
+	client = pb_testproto.NewTestServiceClient(clientConn)
+	resp, err := client.PingEmpty(s.ctx, &myservice.Request{Msg: "hello"})
+
+These interceptors will be executed from left to right: monitoring and then retry logic.
+
+The retry interceptor will call every interceptor that follows it whenever when a retry happens.
+
+Writing Your Own
+
+Implementing your own interceptor is pretty trivial: there are interfaces for that. But the interesting
+bit exposing common data to handlers (and other middleware), similarly to HTTP Middleware design.
+For example, you may want to pass the identity of the caller from the auth interceptor all the way
+to the handling function.
+
+For example, a client side interceptor example for auth looks like:
+
+	func FakeAuthUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+	   newCtx := context.WithValue(ctx, "user_id", "john@example.com")
+	   return handler(newCtx, req)
+	}
+
+Unfortunately, it's not as easy for streaming RPCs. These have the `context.Context` embedded within
+the `grpc.ServerStream` object. To pass values through context, a wrapper (`WrappedServerStream`) is
+needed. For example:
+
+	func FakeAuthStreamingInterceptor(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+	   newStream := grpc_middleware.WrapServerStream(stream)
+	   newStream.WrappedContext = context.WithValue(ctx, "user_id", "john@example.com")
+	   return handler(srv, stream)
+	}
+*/
+package grpc_middleware
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/go.mod b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/go.mod
new file mode 100644
index 0000000000000..6f8eeac43d2b1
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/go.mod
@@ -0,0 +1,22 @@
+module github.com/grpc-ecosystem/go-grpc-middleware
+
+require (
+	github.com/go-kit/kit v0.9.0
+	github.com/go-logfmt/logfmt v0.4.0 // indirect
+	github.com/go-stack/stack v1.8.0 // indirect
+	github.com/gogo/protobuf v1.2.1
+	github.com/golang/protobuf v1.3.2
+	github.com/opentracing/opentracing-go v1.1.0
+	github.com/pkg/errors v0.8.1 // indirect
+	github.com/sirupsen/logrus v1.4.2
+	github.com/stretchr/testify v1.4.0
+	go.uber.org/atomic v1.4.0 // indirect
+	go.uber.org/multierr v1.1.0 // indirect
+	go.uber.org/zap v1.10.0
+	golang.org/x/net v0.0.0-20190311183353-d8887717615a
+	golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be
+	google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 // indirect
+	google.golang.org/grpc v1.19.0
+)
+
+go 1.13
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/wrappers.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/wrappers.go
new file mode 100644
index 0000000000000..05ccfb3f24a79
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/wrappers.go
@@ -0,0 +1,30 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+package grpc_middleware
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+)
+
+// WrappedServerStream is a thin wrapper around grpc.ServerStream that allows modifying context.
+type WrappedServerStream struct {
+	grpc.ServerStream
+	// WrappedContext is the wrapper's own Context. You can assign it.
+	WrappedContext context.Context
+}
+
+// Context returns the wrapper's WrappedContext, overwriting the nested grpc.ServerStream.Context()
+func (w *WrappedServerStream) Context() context.Context {
+	return w.WrappedContext
+}
+
+// WrapServerStream returns a ServerStream that has the ability to overwrite context.
+func WrapServerStream(stream grpc.ServerStream) *WrappedServerStream {
+	if existing, ok := stream.(*WrappedServerStream); ok {
+		return existing
+	}
+	return &WrappedServerStream{ServerStream: stream, WrappedContext: stream.Context()}
+}
diff --git a/vendor/github.com/hashicorp/errwrap/LICENSE b/vendor/github.com/hashicorp/errwrap/LICENSE
new file mode 100644
index 0000000000000..c33dcc7c928c6
--- /dev/null
+++ b/vendor/github.com/hashicorp/errwrap/LICENSE
@@ -0,0 +1,354 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
+
diff --git a/vendor/github.com/hashicorp/errwrap/README.md b/vendor/github.com/hashicorp/errwrap/README.md
new file mode 100644
index 0000000000000..444df08f8e775
--- /dev/null
+++ b/vendor/github.com/hashicorp/errwrap/README.md
@@ -0,0 +1,89 @@
+# errwrap
+
+`errwrap` is a package for Go that formalizes the pattern of wrapping errors
+and checking if an error contains another error.
+
+There is a common pattern in Go of taking a returned `error` value and
+then wrapping it (such as with `fmt.Errorf`) before returning it. The problem
+with this pattern is that you completely lose the original `error` structure.
+
+Arguably the _correct_ approach is that you should make a custom structure
+implementing the `error` interface, and have the original error as a field
+on that structure, such [as this example](http://golang.org/pkg/os/#PathError).
+This is a good approach, but you have to know the entire chain of possible
+rewrapping that happens, when you might just care about one.
+
+`errwrap` formalizes this pattern (it doesn't matter what approach you use
+above) by giving a single interface for wrapping errors, checking if a specific
+error is wrapped, and extracting that error.
+
+## Installation and Docs
+
+Install using `go get github.com/hashicorp/errwrap`.
+
+Full documentation is available at
+http://godoc.org/github.com/hashicorp/errwrap
+
+## Usage
+
+#### Basic Usage
+
+Below is a very basic example of its usage:
+
+```go
+// A function that always returns an error, but wraps it, like a real
+// function might.
+func tryOpen() error {
+	_, err := os.Open("/i/dont/exist")
+	if err != nil {
+		return errwrap.Wrapf("Doesn't exist: {{err}}", err)
+	}
+
+	return nil
+}
+
+func main() {
+	err := tryOpen()
+
+	// We can use the Contains helpers to check if an error contains
+	// another error. It is safe to do this with a nil error, or with
+	// an error that doesn't even use the errwrap package.
+	if errwrap.Contains(err, "does not exist") {
+		// Do something
+	}
+	if errwrap.ContainsType(err, new(os.PathError)) {
+		// Do something
+	}
+
+	// Or we can use the associated `Get` functions to just extract
+	// a specific error. This would return nil if that specific error doesn't
+	// exist.
+	perr := errwrap.GetType(err, new(os.PathError))
+}
+```
+
+#### Custom Types
+
+If you're already making custom types that properly wrap errors, then
+you can get all the functionality of `errwraps.Contains` and such by
+implementing the `Wrapper` interface with just one function. Example:
+
+```go
+type AppError {
+  Code ErrorCode
+  Err  error
+}
+
+func (e *AppError) WrappedErrors() []error {
+  return []error{e.Err}
+}
+```
+
+Now this works:
+
+```go
+err := &AppError{Err: fmt.Errorf("an error")}
+if errwrap.ContainsType(err, fmt.Errorf("")) {
+	// This will work!
+}
+```
diff --git a/vendor/github.com/hashicorp/errwrap/errwrap.go b/vendor/github.com/hashicorp/errwrap/errwrap.go
new file mode 100644
index 0000000000000..a733bef18c059
--- /dev/null
+++ b/vendor/github.com/hashicorp/errwrap/errwrap.go
@@ -0,0 +1,169 @@
+// Package errwrap implements methods to formalize error wrapping in Go.
+//
+// All of the top-level functions that take an `error` are built to be able
+// to take any error, not just wrapped errors. This allows you to use errwrap
+// without having to type-check and type-cast everywhere.
+package errwrap
+
+import (
+	"errors"
+	"reflect"
+	"strings"
+)
+
+// WalkFunc is the callback called for Walk.
+type WalkFunc func(error)
+
+// Wrapper is an interface that can be implemented by custom types to
+// have all the Contains, Get, etc. functions in errwrap work.
+//
+// When Walk reaches a Wrapper, it will call the callback for every
+// wrapped error in addition to the wrapper itself. Since all the top-level
+// functions in errwrap use Walk, this means that all those functions work
+// with your custom type.
+type Wrapper interface {
+	WrappedErrors() []error
+}
+
+// Wrap defines that outer wraps inner, returning an error type that
+// can be cleanly used with the other methods in this package, such as
+// Contains, GetAll, etc.
+//
+// This function won't modify the error message at all (the outer message
+// will be used).
+func Wrap(outer, inner error) error {
+	return &wrappedError{
+		Outer: outer,
+		Inner: inner,
+	}
+}
+
+// Wrapf wraps an error with a formatting message. This is similar to using
+// `fmt.Errorf` to wrap an error. If you're using `fmt.Errorf` to wrap
+// errors, you should replace it with this.
+//
+// format is the format of the error message. The string '{{err}}' will
+// be replaced with the original error message.
+func Wrapf(format string, err error) error {
+	outerMsg := "<nil>"
+	if err != nil {
+		outerMsg = err.Error()
+	}
+
+	outer := errors.New(strings.Replace(
+		format, "{{err}}", outerMsg, -1))
+
+	return Wrap(outer, err)
+}
+
+// Contains checks if the given error contains an error with the
+// message msg. If err is not a wrapped error, this will always return
+// false unless the error itself happens to match this msg.
+func Contains(err error, msg string) bool {
+	return len(GetAll(err, msg)) > 0
+}
+
+// ContainsType checks if the given error contains an error with
+// the same concrete type as v. If err is not a wrapped error, this will
+// check the err itself.
+func ContainsType(err error, v interface{}) bool {
+	return len(GetAllType(err, v)) > 0
+}
+
+// Get is the same as GetAll but returns the deepest matching error.
+func Get(err error, msg string) error {
+	es := GetAll(err, msg)
+	if len(es) > 0 {
+		return es[len(es)-1]
+	}
+
+	return nil
+}
+
+// GetType is the same as GetAllType but returns the deepest matching error.
+func GetType(err error, v interface{}) error {
+	es := GetAllType(err, v)
+	if len(es) > 0 {
+		return es[len(es)-1]
+	}
+
+	return nil
+}
+
+// GetAll gets all the errors that might be wrapped in err with the
+// given message. The order of the errors is such that the outermost
+// matching error (the most recent wrap) is index zero, and so on.
+func GetAll(err error, msg string) []error {
+	var result []error
+
+	Walk(err, func(err error) {
+		if err.Error() == msg {
+			result = append(result, err)
+		}
+	})
+
+	return result
+}
+
+// GetAllType gets all the errors that are the same type as v.
+//
+// The order of the return value is the same as described in GetAll.
+func GetAllType(err error, v interface{}) []error {
+	var result []error
+
+	var search string
+	if v != nil {
+		search = reflect.TypeOf(v).String()
+	}
+	Walk(err, func(err error) {
+		var needle string
+		if err != nil {
+			needle = reflect.TypeOf(err).String()
+		}
+
+		if needle == search {
+			result = append(result, err)
+		}
+	})
+
+	return result
+}
+
+// Walk walks all the wrapped errors in err and calls the callback. If
+// err isn't a wrapped error, this will be called once for err. If err
+// is a wrapped error, the callback will be called for both the wrapper
+// that implements error as well as the wrapped error itself.
+func Walk(err error, cb WalkFunc) {
+	if err == nil {
+		return
+	}
+
+	switch e := err.(type) {
+	case *wrappedError:
+		cb(e.Outer)
+		Walk(e.Inner, cb)
+	case Wrapper:
+		cb(err)
+
+		for _, err := range e.WrappedErrors() {
+			Walk(err, cb)
+		}
+	default:
+		cb(err)
+	}
+}
+
+// wrappedError is an implementation of error that has both the
+// outer and inner errors.
+type wrappedError struct {
+	Outer error
+	Inner error
+}
+
+func (w *wrappedError) Error() string {
+	return w.Outer.Error()
+}
+
+func (w *wrappedError) WrappedErrors() []error {
+	return []error{w.Outer, w.Inner}
+}
diff --git a/vendor/github.com/hashicorp/errwrap/go.mod b/vendor/github.com/hashicorp/errwrap/go.mod
new file mode 100644
index 0000000000000..c9b84022cf7ae
--- /dev/null
+++ b/vendor/github.com/hashicorp/errwrap/go.mod
@@ -0,0 +1 @@
+module github.com/hashicorp/errwrap
diff --git a/vendor/github.com/hashicorp/go-multierror/README.md b/vendor/github.com/hashicorp/go-multierror/README.md
index e81be50e0d31c..ead5830f7b764 100644
--- a/vendor/github.com/hashicorp/go-multierror/README.md
+++ b/vendor/github.com/hashicorp/go-multierror/README.md
@@ -1,5 +1,11 @@
 # go-multierror
 
+[![Build Status](http://img.shields.io/travis/hashicorp/go-multierror.svg?style=flat-square)][travis]
+[![Go Documentation](http://img.shields.io/badge/go-documentation-blue.svg?style=flat-square)][godocs]
+
+[travis]: https://travis-ci.org/hashicorp/go-multierror
+[godocs]: https://godoc.org/github.com/hashicorp/go-multierror
+
 `go-multierror` is a package for Go that provides a mechanism for
 representing a list of `error` values as a single `error`.
 
diff --git a/vendor/github.com/hashicorp/go-multierror/append.go b/vendor/github.com/hashicorp/go-multierror/append.go
index 8d22ee7a0ea8d..775b6e753e77b 100644
--- a/vendor/github.com/hashicorp/go-multierror/append.go
+++ b/vendor/github.com/hashicorp/go-multierror/append.go
@@ -14,7 +14,20 @@ func Append(err error, errs ...error) *Error {
 			err = new(Error)
 		}
 
-		err.Errors = append(err.Errors, errs...)
+		// Go through each error and flatten
+		for _, e := range errs {
+			switch e := e.(type) {
+			case *Error:
+				if e != nil {
+					err.Errors = append(err.Errors, e.Errors...)
+				}
+			default:
+				if e != nil {
+					err.Errors = append(err.Errors, e)
+				}
+			}
+		}
+
 		return err
 	default:
 		newErrs := make([]error, 0, len(errs)+1)
@@ -23,8 +36,6 @@ func Append(err error, errs ...error) *Error {
 		}
 		newErrs = append(newErrs, errs...)
 
-		return &Error{
-			Errors: newErrs,
-		}
+		return Append(&Error{}, newErrs...)
 	}
 }
diff --git a/vendor/github.com/hashicorp/go-multierror/flatten.go b/vendor/github.com/hashicorp/go-multierror/flatten.go
new file mode 100644
index 0000000000000..aab8e9abec9d8
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-multierror/flatten.go
@@ -0,0 +1,26 @@
+package multierror
+
+// Flatten flattens the given error, merging any *Errors together into
+// a single *Error.
+func Flatten(err error) error {
+	// If it isn't an *Error, just return the error as-is
+	if _, ok := err.(*Error); !ok {
+		return err
+	}
+
+	// Otherwise, make the result and flatten away!
+	flatErr := new(Error)
+	flatten(err, flatErr)
+	return flatErr
+}
+
+func flatten(err error, flatErr *Error) {
+	switch err := err.(type) {
+	case *Error:
+		for _, e := range err.Errors {
+			flatten(e, flatErr)
+		}
+	default:
+		flatErr.Errors = append(flatErr.Errors, err)
+	}
+}
diff --git a/vendor/github.com/hashicorp/go-multierror/format.go b/vendor/github.com/hashicorp/go-multierror/format.go
index bb65a12e743af..47f13c49a673e 100644
--- a/vendor/github.com/hashicorp/go-multierror/format.go
+++ b/vendor/github.com/hashicorp/go-multierror/format.go
@@ -12,12 +12,16 @@ type ErrorFormatFunc func([]error) string
 // ListFormatFunc is a basic formatter that outputs the number of errors
 // that occurred along with a bullet point list of the errors.
 func ListFormatFunc(es []error) string {
+	if len(es) == 1 {
+		return fmt.Sprintf("1 error occurred:\n\t* %s\n\n", es[0])
+	}
+
 	points := make([]string, len(es))
 	for i, err := range es {
 		points[i] = fmt.Sprintf("* %s", err)
 	}
 
 	return fmt.Sprintf(
-		"%d error(s) occurred:\n\n%s",
-		len(es), strings.Join(points, "\n"))
+		"%d errors occurred:\n\t%s\n\n",
+		len(es), strings.Join(points, "\n\t"))
 }
diff --git a/vendor/github.com/hashicorp/go-multierror/go.mod b/vendor/github.com/hashicorp/go-multierror/go.mod
new file mode 100644
index 0000000000000..2534331d5f9cb
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-multierror/go.mod
@@ -0,0 +1,3 @@
+module github.com/hashicorp/go-multierror
+
+require github.com/hashicorp/errwrap v1.0.0
diff --git a/vendor/github.com/hashicorp/go-multierror/multierror.go b/vendor/github.com/hashicorp/go-multierror/multierror.go
index 2ea0827329036..89b1422d1d17a 100644
--- a/vendor/github.com/hashicorp/go-multierror/multierror.go
+++ b/vendor/github.com/hashicorp/go-multierror/multierror.go
@@ -40,11 +40,11 @@ func (e *Error) GoString() string {
 }
 
 // WrappedErrors returns the list of errors that this Error is wrapping.
-// It is an implementatin of the errwrap.Wrapper interface so that
+// It is an implementation of the errwrap.Wrapper interface so that
 // multierror.Error can be used with that library.
 //
 // This method is not safe to be called concurrently and is no different
-// than accessing the Errors field directly. It is implementd only to
+// than accessing the Errors field directly. It is implemented only to
 // satisfy the errwrap.Wrapper interface.
 func (e *Error) WrappedErrors() []error {
 	return e.Errors
diff --git a/vendor/github.com/hashicorp/go-multierror/prefix.go b/vendor/github.com/hashicorp/go-multierror/prefix.go
new file mode 100644
index 0000000000000..5c477abe44f80
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-multierror/prefix.go
@@ -0,0 +1,37 @@
+package multierror
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/errwrap"
+)
+
+// Prefix is a helper function that will prefix some text
+// to the given error. If the error is a multierror.Error, then
+// it will be prefixed to each wrapped error.
+//
+// This is useful to use when appending multiple multierrors
+// together in order to give better scoping.
+func Prefix(err error, prefix string) error {
+	if err == nil {
+		return nil
+	}
+
+	format := fmt.Sprintf("%s {{err}}", prefix)
+	switch err := err.(type) {
+	case *Error:
+		// Typed nils can reach here, so initialize if we are nil
+		if err == nil {
+			err = new(Error)
+		}
+
+		// Wrap each of the errors
+		for i, e := range err.Errors {
+			err.Errors[i] = errwrap.Wrapf(format, e)
+		}
+
+		return err
+	default:
+		return errwrap.Wrapf(format, err)
+	}
+}
diff --git a/vendor/github.com/hashicorp/go-multierror/sort.go b/vendor/github.com/hashicorp/go-multierror/sort.go
new file mode 100644
index 0000000000000..fecb14e81c542
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-multierror/sort.go
@@ -0,0 +1,16 @@
+package multierror
+
+// Len implements sort.Interface function for length
+func (err Error) Len() int {
+	return len(err.Errors)
+}
+
+// Swap implements sort.Interface function for swapping elements
+func (err Error) Swap(i, j int) {
+	err.Errors[i], err.Errors[j] = err.Errors[j], err.Errors[i]
+}
+
+// Less implements sort.Interface function for determining order
+func (err Error) Less(i, j int) bool {
+	return err.Errors[i].Error() < err.Errors[j].Error()
+}
diff --git a/vendor/github.com/hashicorp/go-sockaddr/go.mod b/vendor/github.com/hashicorp/go-sockaddr/go.mod
new file mode 100644
index 0000000000000..21f8d8e8e758e
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-sockaddr/go.mod
@@ -0,0 +1,8 @@
+module github.com/hashicorp/go-sockaddr
+
+require (
+	github.com/hashicorp/errwrap v1.0.0
+	github.com/mitchellh/cli v1.0.0
+	github.com/mitchellh/go-wordwrap v1.0.0
+	github.com/ryanuber/columnize v2.1.0+incompatible
+)
diff --git a/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go b/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go
index 2a706c34e92b8..80f61bef6808b 100644
--- a/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go
+++ b/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go
@@ -1197,23 +1197,46 @@ func parseDefaultIfNameFromRoute(routeOut string) (string, error) {
 // parseDefaultIfNameFromIPCmd parses the default interface from ip(8) for
 // Linux.
 func parseDefaultIfNameFromIPCmd(routeOut string) (string, error) {
+	parsedLines := parseIfNameFromIPCmd(routeOut)
+	for _, parsedLine := range parsedLines {
+		if parsedLine[0] == "default" &&
+			parsedLine[1] == "via" &&
+			parsedLine[3] == "dev" {
+			ifName := strings.TrimSpace(parsedLine[4])
+			return ifName, nil
+		}
+	}
+
+	return "", errors.New("No default interface found")
+}
+
+// parseDefaultIfNameFromIPCmdAndroid parses the default interface from ip(8) for
+// Android.
+func parseDefaultIfNameFromIPCmdAndroid(routeOut string) (string, error) {
+	parsedLines := parseIfNameFromIPCmd(routeOut)
+	if (len(parsedLines) > 0) {
+		ifName := strings.TrimSpace(parsedLines[0][4])
+		return ifName, nil
+	}
+
+	return "", errors.New("No default interface found")
+}
+
+
+// parseIfNameFromIPCmd parses interfaces from ip(8) for
+// Linux.
+func parseIfNameFromIPCmd(routeOut string) [][]string {
 	lines := strings.Split(routeOut, "\n")
 	re := whitespaceRE.Copy()
+	parsedLines := make([][]string, 0, len(lines))
 	for _, line := range lines {
 		kvs := re.Split(line, -1)
 		if len(kvs) < 5 {
 			continue
 		}
-
-		if kvs[0] == "default" &&
-			kvs[1] == "via" &&
-			kvs[3] == "dev" {
-			ifName := strings.TrimSpace(kvs[4])
-			return ifName, nil
-		}
+		parsedLines = append(parsedLines, kvs)
 	}
-
-	return "", errors.New("No default interface found")
+	return parsedLines
 }
 
 // parseDefaultIfNameWindows parses the default interface from `netstat -rn` and
diff --git a/vendor/github.com/hashicorp/go-sockaddr/route_info_android.go b/vendor/github.com/hashicorp/go-sockaddr/route_info_android.go
new file mode 100644
index 0000000000000..9885915a6bada
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-sockaddr/route_info_android.go
@@ -0,0 +1,34 @@
+package sockaddr
+
+import (
+	"errors"
+	"os/exec"
+)
+
+type routeInfo struct {
+	cmds map[string][]string
+}
+
+// NewRouteInfo returns a Android-specific implementation of the RouteInfo
+// interface.
+func NewRouteInfo() (routeInfo, error) {
+	return routeInfo{
+		cmds: map[string][]string{"ip": {"/system/bin/ip", "route", "get", "8.8.8.8"}},
+	}, nil
+}
+
+// GetDefaultInterfaceName returns the interface name attached to the default
+// route on the default interface.
+func (ri routeInfo) GetDefaultInterfaceName() (string, error) {
+	out, err := exec.Command(ri.cmds["ip"][0], ri.cmds["ip"][1:]...).Output()
+	if err != nil {
+		return "", err
+	}
+
+
+	var ifName string
+	if ifName, err = parseDefaultIfNameFromIPCmdAndroid(string(out)); err != nil {
+		return "", errors.New("No default interface found")
+	}
+	return ifName, nil
+}
diff --git a/vendor/github.com/hashicorp/go-sockaddr/route_info_linux.go b/vendor/github.com/hashicorp/go-sockaddr/route_info_linux.go
index c2ec91eaf456e..b62ce6ecb2178 100644
--- a/vendor/github.com/hashicorp/go-sockaddr/route_info_linux.go
+++ b/vendor/github.com/hashicorp/go-sockaddr/route_info_linux.go
@@ -1,3 +1,5 @@
+// +build !android
+
 package sockaddr
 
 import (
diff --git a/vendor/github.com/hashicorp/golang-lru/go.mod b/vendor/github.com/hashicorp/golang-lru/go.mod
new file mode 100644
index 0000000000000..8ad8826b368df
--- /dev/null
+++ b/vendor/github.com/hashicorp/golang-lru/go.mod
@@ -0,0 +1,3 @@
+module github.com/hashicorp/golang-lru
+
+go 1.12
diff --git a/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go b/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go
index 5673773b22beb..a86c8539e0663 100644
--- a/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go
+++ b/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go
@@ -73,6 +73,9 @@ func (c *LRU) Add(key, value interface{}) (evicted bool) {
 func (c *LRU) Get(key interface{}) (value interface{}, ok bool) {
 	if ent, ok := c.items[key]; ok {
 		c.evictList.MoveToFront(ent)
+		if ent.Value.(*entry) == nil {
+			return nil, false
+		}
 		return ent.Value.(*entry).value, true
 	}
 	return
@@ -142,6 +145,19 @@ func (c *LRU) Len() int {
 	return c.evictList.Len()
 }
 
+// Resize changes the cache size.
+func (c *LRU) Resize(size int) (evicted int) {
+	diff := c.Len() - size
+	if diff < 0 {
+		diff = 0
+	}
+	for i := 0; i < diff; i++ {
+		c.removeOldest()
+	}
+	c.size = size
+	return diff
+}
+
 // removeOldest removes the oldest item from the cache.
 func (c *LRU) removeOldest() {
 	ent := c.evictList.Back()
diff --git a/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go b/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go
index 744cac01c63c3..92d70934d632f 100644
--- a/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go
+++ b/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go
@@ -1,37 +1,39 @@
 package simplelru
 
-
 // LRUCache is the interface for simple LRU cache.
 type LRUCache interface {
-  // Adds a value to the cache, returns true if an eviction occurred and
-  // updates the "recently used"-ness of the key.
-  Add(key, value interface{}) bool
+	// Adds a value to the cache, returns true if an eviction occurred and
+	// updates the "recently used"-ness of the key.
+	Add(key, value interface{}) bool
+
+	// Returns key's value from the cache and
+	// updates the "recently used"-ness of the key. #value, isFound
+	Get(key interface{}) (value interface{}, ok bool)
 
-  // Returns key's value from the cache and
-  // updates the "recently used"-ness of the key. #value, isFound
-  Get(key interface{}) (value interface{}, ok bool)
+	// Checks if a key exists in cache without updating the recent-ness.
+	Contains(key interface{}) (ok bool)
 
-  // Check if a key exsists in cache without updating the recent-ness.
-  Contains(key interface{}) (ok bool)
+	// Returns key's value without updating the "recently used"-ness of the key.
+	Peek(key interface{}) (value interface{}, ok bool)
 
-  // Returns key's value without updating the "recently used"-ness of the key.
-  Peek(key interface{}) (value interface{}, ok bool)
+	// Removes a key from the cache.
+	Remove(key interface{}) bool
 
-  // Removes a key from the cache.
-  Remove(key interface{}) bool
+	// Removes the oldest entry from cache.
+	RemoveOldest() (interface{}, interface{}, bool)
 
-  // Removes the oldest entry from cache.
-  RemoveOldest() (interface{}, interface{}, bool)
+	// Returns the oldest entry from the cache. #key, value, isFound
+	GetOldest() (interface{}, interface{}, bool)
 
-  // Returns the oldest entry from the cache. #key, value, isFound
-  GetOldest() (interface{}, interface{}, bool)
+	// Returns a slice of the keys in the cache, from oldest to newest.
+	Keys() []interface{}
 
-  // Returns a slice of the keys in the cache, from oldest to newest.
-  Keys() []interface{}
+	// Returns the number of items in the cache.
+	Len() int
 
-  // Returns the number of items in the cache.
-  Len() int
+	// Clears all cache entries.
+	Purge()
 
-  // Clear all cache entries
-  Purge()
+  // Resizes cache, returning number evicted
+  Resize(int) int
 }
diff --git a/vendor/github.com/hashicorp/memberlist/README.md b/vendor/github.com/hashicorp/memberlist/README.md
index 0adc075e815ea..6a2caa30e06f5 100644
--- a/vendor/github.com/hashicorp/memberlist/README.md
+++ b/vendor/github.com/hashicorp/memberlist/README.md
@@ -1,4 +1,4 @@
-# memberlist [![GoDoc](https://godoc.org/github.com/hashicorp/memberlist?status.png)](https://godoc.org/github.com/hashicorp/memberlist)
+# memberlist [![GoDoc](https://godoc.org/github.com/hashicorp/memberlist?status.png)](https://godoc.org/github.com/hashicorp/memberlist) [![CircleCI](https://circleci.com/gh/hashicorp/memberlist.svg?style=svg)](https://circleci.com/gh/hashicorp/memberlist)
 
 memberlist is a [Go](http://www.golang.org) library that manages cluster
 membership and member failure detection using a gossip based protocol.
@@ -23,8 +23,6 @@ Please check your installation with:
 go version
 ```
 
-Run `make deps` to fetch dependencies before building
-
 ## Usage
 
 Memberlist is surprisingly simple to use. An example is shown below:
@@ -65,7 +63,7 @@ For complete documentation, see the associated [Godoc](http://godoc.org/github.c
 
 ## Protocol
 
-memberlist is based on ["SWIM: Scalable Weakly-consistent Infection-style Process Group Membership Protocol"](http://www.cs.cornell.edu/~asdas/research/dsn02-swim.pdf). However, we extend the protocol in a number of ways:
+memberlist is based on ["SWIM: Scalable Weakly-consistent Infection-style Process Group Membership Protocol"](http://ieeexplore.ieee.org/document/1028914/). However, we extend the protocol in a number of ways:
 
 * Several extensions are made to increase propagation speed and
 convergence rate.
diff --git a/vendor/github.com/hashicorp/memberlist/alive_delegate.go b/vendor/github.com/hashicorp/memberlist/alive_delegate.go
index 51a0ba9054ada..615f4a90a5909 100644
--- a/vendor/github.com/hashicorp/memberlist/alive_delegate.go
+++ b/vendor/github.com/hashicorp/memberlist/alive_delegate.go
@@ -7,8 +7,8 @@ package memberlist
 // a node out and prevent it from being considered a peer
 // using application specific logic.
 type AliveDelegate interface {
-	// NotifyMerge is invoked when a merge could take place.
-	// Provides a list of the nodes known by the peer. If
-	// the return value is non-nil, the merge is canceled.
+	// NotifyAlive is invoked when a message about a live
+	// node is received from the network.  Returning a non-nil
+	// error prevents the node from being considered a peer.
 	NotifyAlive(peer *Node) error
 }
diff --git a/vendor/github.com/hashicorp/memberlist/broadcast.go b/vendor/github.com/hashicorp/memberlist/broadcast.go
index f7e85a119cf09..d07d41bb69d91 100644
--- a/vendor/github.com/hashicorp/memberlist/broadcast.go
+++ b/vendor/github.com/hashicorp/memberlist/broadcast.go
@@ -29,6 +29,11 @@ func (b *memberlistBroadcast) Invalidates(other Broadcast) bool {
 	return b.node == mb.node
 }
 
+// memberlist.NamedBroadcast optional interface
+func (b *memberlistBroadcast) Name() string {
+	return b.node
+}
+
 func (b *memberlistBroadcast) Message() []byte {
 	return b.msg
 }
diff --git a/vendor/github.com/hashicorp/memberlist/config.go b/vendor/github.com/hashicorp/memberlist/config.go
index c85b1657a2cbf..31099e75f4423 100644
--- a/vendor/github.com/hashicorp/memberlist/config.go
+++ b/vendor/github.com/hashicorp/memberlist/config.go
@@ -1,10 +1,15 @@
 package memberlist
 
 import (
+	"fmt"
 	"io"
 	"log"
+	"net"
 	"os"
+	"strings"
 	"time"
+
+	multierror "github.com/hashicorp/go-multierror"
 )
 
 type Config struct {
@@ -116,6 +121,10 @@ type Config struct {
 	// indirect UDP pings.
 	DisableTcpPings bool
 
+	// DisableTcpPingsForNode is like DisableTcpPings, but lets you control
+	// whether to perform TCP pings on a node-by-node basis.
+	DisableTcpPingsForNode func(nodeName string) bool
+
 	// AwarenessMaxMultiplier will increase the probe interval if the node
 	// becomes aware that it might be degraded and not meeting the soft real
 	// time requirements to reliably probe other nodes.
@@ -215,6 +224,44 @@ type Config struct {
 	// This is a legacy name for backward compatibility but should really be
 	// called PacketBufferSize now that we have generalized the transport.
 	UDPBufferSize int
+
+	// DeadNodeReclaimTime controls the time before a dead node's name can be
+	// reclaimed by one with a different address or port. By default, this is 0,
+	// meaning nodes cannot be reclaimed this way.
+	DeadNodeReclaimTime time.Duration
+
+	// RequireNodeNames controls if the name of a node is required when sending
+	// a message to that node.
+	RequireNodeNames bool
+	// CIDRsAllowed If nil, allow any connection (default), otherwise specify all networks
+	// allowed to connect (you must specify IPv6/IPv4 separately)
+	// Using [] will block all connections.
+	CIDRsAllowed []net.IPNet
+}
+
+// ParseCIDRs return a possible empty list of all Network that have been parsed
+// In case of error, it returns succesfully parsed CIDRs and the last error found
+func ParseCIDRs(v []string) ([]net.IPNet, error) {
+	nets := make([]net.IPNet, 0)
+	if v == nil {
+		return nets, nil
+	}
+	var errs error
+	hasErrors := false
+	for _, p := range v {
+		_, net, err := net.ParseCIDR(strings.TrimSpace(p))
+		if err != nil {
+			err = fmt.Errorf("invalid cidr: %s", p)
+			errs = multierror.Append(errs, err)
+			hasErrors = true
+		} else {
+			nets = append(nets, *net)
+		}
+	}
+	if !hasErrors {
+		errs = nil
+	}
+	return nets, errs
 }
 
 // DefaultLANConfig returns a sane set of configurations for Memberlist.
@@ -258,6 +305,7 @@ func DefaultLANConfig() *Config {
 
 		HandoffQueueDepth: 1024,
 		UDPBufferSize:     1400,
+		CIDRsAllowed:      nil, // same as allow all
 	}
 }
 
@@ -277,6 +325,24 @@ func DefaultWANConfig() *Config {
 	return conf
 }
 
+// IPMustBeChecked return true if IPAllowed must be called
+func (c *Config) IPMustBeChecked() bool {
+	return len(c.CIDRsAllowed) > 0
+}
+
+// IPAllowed return an error if access to memberlist is denied
+func (c *Config) IPAllowed(ip net.IP) error {
+	if !c.IPMustBeChecked() {
+		return nil
+	}
+	for _, n := range c.CIDRsAllowed {
+		if n.Contains(ip) {
+			return nil
+		}
+	}
+	return fmt.Errorf("%s is not allowed", ip)
+}
+
 // DefaultLocalConfig works like DefaultConfig, however it returns a configuration
 // that is optimized for a local loopback environments. The default configuration is
 // still very conservative and errs on the side of caution.
diff --git a/vendor/github.com/hashicorp/memberlist/event_delegate.go b/vendor/github.com/hashicorp/memberlist/event_delegate.go
index 35e2a56fdd06a..352f98b43e700 100644
--- a/vendor/github.com/hashicorp/memberlist/event_delegate.go
+++ b/vendor/github.com/hashicorp/memberlist/event_delegate.go
@@ -49,13 +49,16 @@ type NodeEvent struct {
 }
 
 func (c *ChannelEventDelegate) NotifyJoin(n *Node) {
-	c.Ch <- NodeEvent{NodeJoin, n}
+	node := *n
+	c.Ch <- NodeEvent{NodeJoin, &node}
 }
 
 func (c *ChannelEventDelegate) NotifyLeave(n *Node) {
-	c.Ch <- NodeEvent{NodeLeave, n}
+	node := *n
+	c.Ch <- NodeEvent{NodeLeave, &node}
 }
 
 func (c *ChannelEventDelegate) NotifyUpdate(n *Node) {
-	c.Ch <- NodeEvent{NodeUpdate, n}
+	node := *n
+	c.Ch <- NodeEvent{NodeUpdate, &node}
 }
diff --git a/vendor/github.com/hashicorp/memberlist/go.mod b/vendor/github.com/hashicorp/memberlist/go.mod
new file mode 100644
index 0000000000000..1b83a4f285104
--- /dev/null
+++ b/vendor/github.com/hashicorp/memberlist/go.mod
@@ -0,0 +1,18 @@
+module github.com/hashicorp/memberlist
+
+go 1.12
+
+require (
+	github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c
+	github.com/hashicorp/go-immutable-radix v1.0.0 // indirect
+	github.com/hashicorp/go-msgpack v0.5.3
+	github.com/hashicorp/go-multierror v1.0.0
+	github.com/hashicorp/go-sockaddr v1.0.0
+	github.com/miekg/dns v1.1.26
+	github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529
+	github.com/stretchr/testify v1.2.2
+)
diff --git a/vendor/github.com/hashicorp/memberlist/logging.go b/vendor/github.com/hashicorp/memberlist/logging.go
index f31acfb2fa347..2ca2bab4e3402 100644
--- a/vendor/github.com/hashicorp/memberlist/logging.go
+++ b/vendor/github.com/hashicorp/memberlist/logging.go
@@ -13,6 +13,14 @@ func LogAddress(addr net.Addr) string {
 	return fmt.Sprintf("from=%s", addr.String())
 }
 
+func LogStringAddress(addr string) string {
+	if addr == "" {
+		return "from=<unknown address>"
+	}
+
+	return fmt.Sprintf("from=%s", addr)
+}
+
 func LogConn(conn net.Conn) string {
 	if conn == nil {
 		return LogAddress(nil)
diff --git a/vendor/github.com/hashicorp/memberlist/memberlist.go b/vendor/github.com/hashicorp/memberlist/memberlist.go
index e9084f9fd43ee..7ee04009191e8 100644
--- a/vendor/github.com/hashicorp/memberlist/memberlist.go
+++ b/vendor/github.com/hashicorp/memberlist/memberlist.go
@@ -15,6 +15,8 @@ multiple routes.
 package memberlist
 
 import (
+	"container/list"
+	"errors"
 	"fmt"
 	"log"
 	"net"
@@ -30,10 +32,17 @@ import (
 	"github.com/miekg/dns"
 )
 
+var errNodeNamesAreRequired = errors.New("memberlist: node names are required by configuration but one was not provided")
+
 type Memberlist struct {
 	sequenceNum uint32 // Local sequence number
 	incarnation uint32 // Local incarnation number
 	numNodes    uint32 // Number of known nodes (estimate)
+	pushPullReq uint32 // Number of push/pull requests
+
+	advertiseLock sync.RWMutex
+	advertiseAddr net.IP
+	advertisePort uint16
 
 	config         *Config
 	shutdown       int32 // Used as an atomic boolean value
@@ -44,13 +53,17 @@ type Memberlist struct {
 	shutdownLock sync.Mutex // Serializes calls to Shutdown
 	leaveLock    sync.Mutex // Serializes calls to Leave
 
-	transport Transport
-	handoff   chan msgHandoff
+	transport NodeAwareTransport
+
+	handoffCh            chan struct{}
+	highPriorityMsgQueue *list.List
+	lowPriorityMsgQueue  *list.List
+	msgQueueLock         sync.Mutex
 
 	nodeLock   sync.RWMutex
 	nodes      []*nodeState          // Known nodes
-	nodeMap    map[string]*nodeState // Maps Addr.String() -> NodeState
-	nodeTimers map[string]*suspicion // Maps Addr.String() -> suspicion timer
+	nodeMap    map[string]*nodeState // Maps Node.Name -> NodeState
+	nodeTimers map[string]*suspicion // Maps Node.Name -> suspicion timer
 	awareness  *awareness
 
 	tickerLock sync.Mutex
@@ -66,6 +79,15 @@ type Memberlist struct {
 	logger *log.Logger
 }
 
+// BuildVsnArray creates the array of Vsn
+func (conf *Config) BuildVsnArray() []uint8 {
+	return []uint8{
+		ProtocolVersionMin, ProtocolVersionMax, conf.ProtocolVersion,
+		conf.DelegateProtocolMin, conf.DelegateProtocolMax,
+		conf.DelegateProtocolVersion,
+	}
+}
+
 // newMemberlist creates the network listeners.
 // Does not schedule execution of background maintenance.
 func newMemberlist(conf *Config) (*Memberlist, error) {
@@ -159,22 +181,38 @@ func newMemberlist(conf *Config) (*Memberlist, error) {
 		transport = nt
 	}
 
+	nodeAwareTransport, ok := transport.(NodeAwareTransport)
+	if !ok {
+		logger.Printf("[DEBUG] memberlist: configured Transport is not a NodeAwareTransport and some features may not work as desired")
+		nodeAwareTransport = &shimNodeAwareTransport{transport}
+	}
+
 	m := &Memberlist{
-		config:         conf,
-		shutdownCh:     make(chan struct{}),
-		leaveBroadcast: make(chan struct{}, 1),
-		transport:      transport,
-		handoff:        make(chan msgHandoff, conf.HandoffQueueDepth),
-		nodeMap:        make(map[string]*nodeState),
-		nodeTimers:     make(map[string]*suspicion),
-		awareness:      newAwareness(conf.AwarenessMaxMultiplier),
-		ackHandlers:    make(map[uint32]*ackHandler),
-		broadcasts:     &TransmitLimitedQueue{RetransmitMult: conf.RetransmitMult},
-		logger:         logger,
+		config:               conf,
+		shutdownCh:           make(chan struct{}),
+		leaveBroadcast:       make(chan struct{}, 1),
+		transport:            nodeAwareTransport,
+		handoffCh:            make(chan struct{}, 1),
+		highPriorityMsgQueue: list.New(),
+		lowPriorityMsgQueue:  list.New(),
+		nodeMap:              make(map[string]*nodeState),
+		nodeTimers:           make(map[string]*suspicion),
+		awareness:            newAwareness(conf.AwarenessMaxMultiplier),
+		ackHandlers:          make(map[uint32]*ackHandler),
+		broadcasts:           &TransmitLimitedQueue{RetransmitMult: conf.RetransmitMult},
+		logger:               logger,
 	}
 	m.broadcasts.NumNodes = func() int {
 		return m.estNumNodes()
 	}
+
+	// Get the final advertise address from the transport, which may need
+	// to see which address we bound to. We'll refresh this each time we
+	// send out an alive message.
+	if _, _, err := m.refreshAdvertise(); err != nil {
+		return nil, err
+	}
+
 	go m.streamListen()
 	go m.packetListen()
 	go m.packetHandler()
@@ -222,7 +260,8 @@ func (m *Memberlist) Join(existing []string) (int, error) {
 
 		for _, addr := range addrs {
 			hp := joinHostPort(addr.ip.String(), addr.port)
-			if err := m.pushPullNode(hp, true); err != nil {
+			a := Address{Addr: hp, Name: addr.nodeName}
+			if err := m.pushPullNode(a, true); err != nil {
 				err = fmt.Errorf("Failed to join %s: %v", addr.ip, err)
 				errs = multierror.Append(errs, err)
 				m.logger.Printf("[DEBUG] memberlist: %v", err)
@@ -240,8 +279,9 @@ func (m *Memberlist) Join(existing []string) (int, error) {
 
 // ipPort holds information about a node we want to try to join.
 type ipPort struct {
-	ip   net.IP
-	port uint16
+	ip       net.IP
+	port     uint16
+	nodeName string // optional
 }
 
 // tcpLookupIP is a helper to initiate a TCP-based DNS lookup for the given host.
@@ -250,7 +290,7 @@ type ipPort struct {
 // Consul's. By doing the TCP lookup directly, we get the best chance for the
 // largest list of hosts to join. Since joins are relatively rare events, it's ok
 // to do this rather expensive operation.
-func (m *Memberlist) tcpLookupIP(host string, defaultPort uint16) ([]ipPort, error) {
+func (m *Memberlist) tcpLookupIP(host string, defaultPort uint16, nodeName string) ([]ipPort, error) {
 	// Don't attempt any TCP lookups against non-fully qualified domain
 	// names, since those will likely come from the resolv.conf file.
 	if !strings.Contains(host, ".") {
@@ -292,9 +332,9 @@ func (m *Memberlist) tcpLookupIP(host string, defaultPort uint16) ([]ipPort, err
 		for _, r := range in.Answer {
 			switch rr := r.(type) {
 			case (*dns.A):
-				ips = append(ips, ipPort{rr.A, defaultPort})
+				ips = append(ips, ipPort{ip: rr.A, port: defaultPort, nodeName: nodeName})
 			case (*dns.AAAA):
-				ips = append(ips, ipPort{rr.AAAA, defaultPort})
+				ips = append(ips, ipPort{ip: rr.AAAA, port: defaultPort, nodeName: nodeName})
 			case (*dns.CNAME):
 				m.logger.Printf("[DEBUG] memberlist: Ignoring CNAME RR in TCP-first answer for '%s'", host)
 			}
@@ -308,6 +348,16 @@ func (m *Memberlist) tcpLookupIP(host string, defaultPort uint16) ([]ipPort, err
 // resolveAddr is used to resolve the address into an address,
 // port, and error. If no port is given, use the default
 func (m *Memberlist) resolveAddr(hostStr string) ([]ipPort, error) {
+	// First peel off any leading node name. This is optional.
+	nodeName := ""
+	if slashIdx := strings.Index(hostStr, "/"); slashIdx >= 0 {
+		if slashIdx == 0 {
+			return nil, fmt.Errorf("empty node name provided")
+		}
+		nodeName = hostStr[0:slashIdx]
+		hostStr = hostStr[slashIdx+1:]
+	}
+
 	// This captures the supplied port, or the default one.
 	hostStr = ensurePort(hostStr, m.config.BindPort)
 	host, sport, err := net.SplitHostPort(hostStr)
@@ -324,13 +374,15 @@ func (m *Memberlist) resolveAddr(hostStr string) ([]ipPort, error) {
 	// will make sure the host part is in good shape for parsing, even for
 	// IPv6 addresses.
 	if ip := net.ParseIP(host); ip != nil {
-		return []ipPort{ipPort{ip, port}}, nil
+		return []ipPort{
+			ipPort{ip: ip, port: port, nodeName: nodeName},
+		}, nil
 	}
 
 	// First try TCP so we have the best chance for the largest list of
 	// hosts to join. If this fails it's not fatal since this isn't a standard
 	// way to query DNS, and we have a fallback below.
-	ips, err := m.tcpLookupIP(host, port)
+	ips, err := m.tcpLookupIP(host, port, nodeName)
 	if err != nil {
 		m.logger.Printf("[DEBUG] memberlist: TCP-first lookup failed for '%s', falling back to UDP: %s", hostStr, err)
 	}
@@ -347,7 +399,7 @@ func (m *Memberlist) resolveAddr(hostStr string) ([]ipPort, error) {
 	}
 	ips = make([]ipPort, 0, len(ans))
 	for _, ip := range ans {
-		ips = append(ips, ipPort{ip, port})
+		ips = append(ips, ipPort{ip: ip, port: port, nodeName: nodeName})
 	}
 	return ips, nil
 }
@@ -358,10 +410,9 @@ func (m *Memberlist) resolveAddr(hostStr string) ([]ipPort, error) {
 func (m *Memberlist) setAlive() error {
 	// Get the final advertise address from the transport, which may need
 	// to see which address we bound to.
-	addr, port, err := m.transport.FinalAdvertiseAddr(
-		m.config.AdvertiseAddr, m.config.AdvertisePort)
+	addr, port, err := m.refreshAdvertise()
 	if err != nil {
-		return fmt.Errorf("Failed to get final advertise address: %v", err)
+		return err
 	}
 
 	// Check if this is a public address without encryption
@@ -394,16 +445,36 @@ func (m *Memberlist) setAlive() error {
 		Addr:        addr,
 		Port:        uint16(port),
 		Meta:        meta,
-		Vsn: []uint8{
-			ProtocolVersionMin, ProtocolVersionMax, m.config.ProtocolVersion,
-			m.config.DelegateProtocolMin, m.config.DelegateProtocolMax,
-			m.config.DelegateProtocolVersion,
-		},
+		Vsn:         m.config.BuildVsnArray(),
 	}
 	m.aliveNode(&a, nil, true)
+
 	return nil
 }
 
+func (m *Memberlist) getAdvertise() (net.IP, uint16) {
+	m.advertiseLock.RLock()
+	defer m.advertiseLock.RUnlock()
+	return m.advertiseAddr, m.advertisePort
+}
+
+func (m *Memberlist) setAdvertise(addr net.IP, port int) {
+	m.advertiseLock.Lock()
+	defer m.advertiseLock.Unlock()
+	m.advertiseAddr = addr
+	m.advertisePort = uint16(port)
+}
+
+func (m *Memberlist) refreshAdvertise() (net.IP, int, error) {
+	addr, port, err := m.transport.FinalAdvertiseAddr(
+		m.config.AdvertiseAddr, m.config.AdvertisePort)
+	if err != nil {
+		return nil, 0, fmt.Errorf("Failed to get final advertise address: %v", err)
+	}
+	m.setAdvertise(addr, port)
+	return addr, port, nil
+}
+
 // LocalNode is used to return the local Node
 func (m *Memberlist) LocalNode() *Node {
 	m.nodeLock.RLock()
@@ -439,11 +510,7 @@ func (m *Memberlist) UpdateNode(timeout time.Duration) error {
 		Addr:        state.Addr,
 		Port:        state.Port,
 		Meta:        meta,
-		Vsn: []uint8{
-			ProtocolVersionMin, ProtocolVersionMax, m.config.ProtocolVersion,
-			m.config.DelegateProtocolMin, m.config.DelegateProtocolMax,
-			m.config.DelegateProtocolVersion,
-		},
+		Vsn:         m.config.BuildVsnArray(),
 	}
 	notifyCh := make(chan struct{})
 	m.aliveNode(&a, notifyCh, true)
@@ -463,24 +530,29 @@ func (m *Memberlist) UpdateNode(timeout time.Duration) error {
 	return nil
 }
 
-// SendTo is deprecated in favor of SendBestEffort, which requires a node to
-// target.
+// Deprecated: SendTo is deprecated in favor of SendBestEffort, which requires a node to
+// target. If you don't have a node then use SendToAddress.
 func (m *Memberlist) SendTo(to net.Addr, msg []byte) error {
+	a := Address{Addr: to.String(), Name: ""}
+	return m.SendToAddress(a, msg)
+}
+
+func (m *Memberlist) SendToAddress(a Address, msg []byte) error {
 	// Encode as a user message
 	buf := make([]byte, 1, len(msg)+1)
 	buf[0] = byte(userMsg)
 	buf = append(buf, msg...)
 
 	// Send the message
-	return m.rawSendMsgPacket(to.String(), nil, buf)
+	return m.rawSendMsgPacket(a, nil, buf)
 }
 
-// SendToUDP is deprecated in favor of SendBestEffort.
+// Deprecated: SendToUDP is deprecated in favor of SendBestEffort.
 func (m *Memberlist) SendToUDP(to *Node, msg []byte) error {
 	return m.SendBestEffort(to, msg)
 }
 
-// SendToTCP is deprecated in favor of SendReliable.
+// Deprecated: SendToTCP is deprecated in favor of SendReliable.
 func (m *Memberlist) SendToTCP(to *Node, msg []byte) error {
 	return m.SendReliable(to, msg)
 }
@@ -496,7 +568,8 @@ func (m *Memberlist) SendBestEffort(to *Node, msg []byte) error {
 	buf = append(buf, msg...)
 
 	// Send the message
-	return m.rawSendMsgPacket(to.Address(), to, buf)
+	a := Address{Addr: to.Address(), Name: to.Name}
+	return m.rawSendMsgPacket(a, to, buf)
 }
 
 // SendReliable uses the reliable stream-oriented interface of the transport to
@@ -504,7 +577,7 @@ func (m *Memberlist) SendBestEffort(to *Node, msg []byte) error {
 // mechanism). Delivery is guaranteed if no error is returned, and there is no
 // limit on the size of the message.
 func (m *Memberlist) SendReliable(to *Node, msg []byte) error {
-	return m.sendUserMsg(to.Address(), msg)
+	return m.sendUserMsg(to.FullAddress(), msg)
 }
 
 // Members returns a list of all known live nodes. The node structures
@@ -516,7 +589,7 @@ func (m *Memberlist) Members() []*Node {
 
 	nodes := make([]*Node, 0, len(m.nodes))
 	for _, n := range m.nodes {
-		if n.State != stateDead {
+		if !n.DeadOrLeft() {
 			nodes = append(nodes, &n.Node)
 		}
 	}
@@ -533,7 +606,7 @@ func (m *Memberlist) NumMembers() (alive int) {
 	defer m.nodeLock.RUnlock()
 
 	for _, n := range m.nodes {
-		if n.State != stateDead {
+		if !n.DeadOrLeft() {
 			alive++
 		}
 	}
@@ -570,9 +643,14 @@ func (m *Memberlist) Leave(timeout time.Duration) error {
 			return nil
 		}
 
+		// This dead message is special, because Node and From are the
+		// same. This helps other nodes figure out that a node left
+		// intentionally. When Node equals From, other nodes know for
+		// sure this node is gone.
 		d := dead{
 			Incarnation: state.Incarnation,
 			Node:        state.Name,
+			From:        state.Name,
 		}
 		m.deadNode(&d)
 
@@ -598,7 +676,7 @@ func (m *Memberlist) anyAlive() bool {
 	m.nodeLock.RLock()
 	defer m.nodeLock.RUnlock()
 	for _, n := range m.nodes {
-		if n.State != stateDead && n.Name != m.config.Name {
+		if !n.DeadOrLeft() && n.Name != m.config.Name {
 			return true
 		}
 	}
@@ -621,7 +699,7 @@ func (m *Memberlist) ProtocolVersion() uint8 {
 	return m.config.ProtocolVersion
 }
 
-// Shutdown will stop any background maintanence of network activity
+// Shutdown will stop any background maintenance of network activity
 // for this memberlist, causing it to appear "dead". A leave message
 // will not be broadcasted prior, so the cluster being left will have
 // to detect this node's shutdown using probing. If you wish to more
@@ -657,3 +735,27 @@ func (m *Memberlist) hasShutdown() bool {
 func (m *Memberlist) hasLeft() bool {
 	return atomic.LoadInt32(&m.leave) == 1
 }
+
+func (m *Memberlist) getNodeState(addr string) NodeStateType {
+	m.nodeLock.RLock()
+	defer m.nodeLock.RUnlock()
+
+	n := m.nodeMap[addr]
+	return n.State
+}
+
+func (m *Memberlist) getNodeStateChange(addr string) time.Time {
+	m.nodeLock.RLock()
+	defer m.nodeLock.RUnlock()
+
+	n := m.nodeMap[addr]
+	return n.StateChange
+}
+
+func (m *Memberlist) changeNode(addr string, f func(*nodeState)) {
+	m.nodeLock.Lock()
+	defer m.nodeLock.Unlock()
+
+	n := m.nodeMap[addr]
+	f(n)
+}
diff --git a/vendor/github.com/hashicorp/memberlist/mock_transport.go b/vendor/github.com/hashicorp/memberlist/mock_transport.go
index b8bafa80260bc..0a7d30a277d40 100644
--- a/vendor/github.com/hashicorp/memberlist/mock_transport.go
+++ b/vendor/github.com/hashicorp/memberlist/mock_transport.go
@@ -1,7 +1,9 @@
 package memberlist
 
 import (
+	"bytes"
 	"fmt"
+	"io"
 	"net"
 	"strconv"
 	"time"
@@ -10,26 +12,33 @@ import (
 // MockNetwork is used as a factory that produces MockTransport instances which
 // are uniquely addressed and wired up to talk to each other.
 type MockNetwork struct {
-	transports map[string]*MockTransport
-	port       int
+	transportsByAddr map[string]*MockTransport
+	transportsByName map[string]*MockTransport
+	port             int
 }
 
 // NewTransport returns a new MockTransport with a unique address, wired up to
 // talk to the other transports in the MockNetwork.
-func (n *MockNetwork) NewTransport() *MockTransport {
+func (n *MockNetwork) NewTransport(name string) *MockTransport {
 	n.port += 1
 	addr := fmt.Sprintf("127.0.0.1:%d", n.port)
 	transport := &MockTransport{
 		net:      n,
-		addr:     &MockAddress{addr},
+		addr:     &MockAddress{addr, name},
 		packetCh: make(chan *Packet),
 		streamCh: make(chan net.Conn),
 	}
 
-	if n.transports == nil {
-		n.transports = make(map[string]*MockTransport)
+	if n.transportsByAddr == nil {
+		n.transportsByAddr = make(map[string]*MockTransport)
 	}
-	n.transports[addr] = transport
+	n.transportsByAddr[addr] = transport
+
+	if n.transportsByName == nil {
+		n.transportsByName = make(map[string]*MockTransport)
+	}
+	n.transportsByName[name] = transport
+
 	return transport
 }
 
@@ -37,6 +46,7 @@ func (n *MockNetwork) NewTransport() *MockTransport {
 // address scheme.
 type MockAddress struct {
 	addr string
+	name string
 }
 
 // See net.Addr.
@@ -57,6 +67,8 @@ type MockTransport struct {
 	streamCh chan net.Conn
 }
 
+var _ NodeAwareTransport = (*MockTransport)(nil)
+
 // See Transport.
 func (t *MockTransport) FinalAdvertiseAddr(string, int) (net.IP, int, error) {
 	host, portStr, err := net.SplitHostPort(t.addr.String())
@@ -79,9 +91,15 @@ func (t *MockTransport) FinalAdvertiseAddr(string, int) (net.IP, int, error) {
 
 // See Transport.
 func (t *MockTransport) WriteTo(b []byte, addr string) (time.Time, error) {
-	dest, ok := t.net.transports[addr]
-	if !ok {
-		return time.Time{}, fmt.Errorf("No route to %q", addr)
+	a := Address{Addr: addr, Name: ""}
+	return t.WriteToAddress(b, a)
+}
+
+// See NodeAwareTransport.
+func (t *MockTransport) WriteToAddress(b []byte, a Address) (time.Time, error) {
+	dest, err := t.getPeer(a)
+	if err != nil {
+		return time.Time{}, err
 	}
 
 	now := time.Now()
@@ -98,11 +116,45 @@ func (t *MockTransport) PacketCh() <-chan *Packet {
 	return t.packetCh
 }
 
+// See NodeAwareTransport.
+func (t *MockTransport) IngestPacket(conn net.Conn, addr net.Addr, now time.Time, shouldClose bool) error {
+	if shouldClose {
+		defer conn.Close()
+	}
+
+	// Copy everything from the stream into packet buffer.
+	var buf bytes.Buffer
+	if _, err := io.Copy(&buf, conn); err != nil {
+		return fmt.Errorf("failed to read packet: %v", err)
+	}
+
+	// Check the length - it needs to have at least one byte to be a proper
+	// message. This is checked elsewhere for writes coming in directly from
+	// the UDP socket.
+	if n := buf.Len(); n < 1 {
+		return fmt.Errorf("packet too short (%d bytes) %s", n, LogAddress(addr))
+	}
+
+	// Inject the packet.
+	t.packetCh <- &Packet{
+		Buf:       buf.Bytes(),
+		From:      addr,
+		Timestamp: now,
+	}
+	return nil
+}
+
 // See Transport.
 func (t *MockTransport) DialTimeout(addr string, timeout time.Duration) (net.Conn, error) {
-	dest, ok := t.net.transports[addr]
-	if !ok {
-		return nil, fmt.Errorf("No route to %q", addr)
+	a := Address{Addr: addr, Name: ""}
+	return t.DialAddressTimeout(a, timeout)
+}
+
+// See NodeAwareTransport.
+func (t *MockTransport) DialAddressTimeout(a Address, timeout time.Duration) (net.Conn, error) {
+	dest, err := t.getPeer(a)
+	if err != nil {
+		return nil, err
 	}
 
 	p1, p2 := net.Pipe()
@@ -115,7 +167,29 @@ func (t *MockTransport) StreamCh() <-chan net.Conn {
 	return t.streamCh
 }
 
+// See NodeAwareTransport.
+func (t *MockTransport) IngestStream(conn net.Conn) error {
+	t.streamCh <- conn
+	return nil
+}
+
 // See Transport.
 func (t *MockTransport) Shutdown() error {
 	return nil
 }
+
+func (t *MockTransport) getPeer(a Address) (*MockTransport, error) {
+	var (
+		dest *MockTransport
+		ok   bool
+	)
+	if a.Name != "" {
+		dest, ok = t.net.transportsByName[a.Name]
+	} else {
+		dest, ok = t.net.transportsByAddr[a.Addr]
+	}
+	if !ok {
+		return nil, fmt.Errorf("No route to %s", a)
+	}
+	return dest, nil
+}
diff --git a/vendor/github.com/hashicorp/memberlist/net.go b/vendor/github.com/hashicorp/memberlist/net.go
index a4330c4d20474..bac73bd89f870 100644
--- a/vendor/github.com/hashicorp/memberlist/net.go
+++ b/vendor/github.com/hashicorp/memberlist/net.go
@@ -8,9 +8,10 @@ import (
 	"hash/crc32"
 	"io"
 	"net"
+	"sync/atomic"
 	"time"
 
-	"github.com/armon/go-metrics"
+	metrics "github.com/armon/go-metrics"
 	"github.com/hashicorp/go-msgpack/codec"
 )
 
@@ -71,7 +72,8 @@ const (
 	compoundOverhead       = 2   // Assumed overhead per entry in compoundHeader
 	userMsgOverhead        = 1
 	blockingWarning        = 10 * time.Millisecond // Warn if a UDP packet takes this long to process
-	maxPushStateBytes      = 10 * 1024 * 1024
+	maxPushStateBytes      = 20 * 1024 * 1024
+	maxPushPullRequests    = 128 // Maximum number of concurrent push/pull requests
 )
 
 // ping request sent directly to node
@@ -82,15 +84,28 @@ type ping struct {
 	// the intended recipient. This is to protect again an agent
 	// restart with a new name.
 	Node string
+
+	SourceAddr []byte `codec:",omitempty"` // Source address, used for a direct reply
+	SourcePort uint16 `codec:",omitempty"` // Source port, used for a direct reply
+	SourceNode string `codec:",omitempty"` // Source name, used for a direct reply
 }
 
-// indirect ping sent to an indirect ndoe
+// indirect ping sent to an indirect node
 type indirectPingReq struct {
 	SeqNo  uint32
 	Target []byte
 	Port   uint16
-	Node   string
-	Nack   bool // true if we'd like a nack back
+
+	// Node is sent so the target can verify they are
+	// the intended recipient. This is to protect against an agent
+	// restart with a new name.
+	Node string
+
+	Nack bool // true if we'd like a nack back
+
+	SourceAddr []byte `codec:",omitempty"` // Source address, used for a direct reply
+	SourcePort uint16 `codec:",omitempty"` // Source port, used for a direct reply
+	SourceNode string `codec:",omitempty"` // Source name, used for a direct reply
 }
 
 // ack response is sent for a ping
@@ -161,7 +176,7 @@ type pushNodeState struct {
 	Port        uint16
 	Meta        []byte
 	Incarnation uint32
-	State       nodeStateType
+	State       NodeStateType
 	Vsn         []uint8 // Protocol versions
 }
 
@@ -205,9 +220,9 @@ func (m *Memberlist) streamListen() {
 
 // handleConn handles a single incoming stream connection from the transport.
 func (m *Memberlist) handleConn(conn net.Conn) {
+	defer conn.Close()
 	m.logger.Printf("[DEBUG] memberlist: Stream connection %s", LogConn(conn))
 
-	defer conn.Close()
 	metrics.IncrCounter([]string{"memberlist", "tcp", "accept"}, 1)
 
 	conn.SetDeadline(time.Now().Add(m.config.TCPTimeout))
@@ -238,6 +253,16 @@ func (m *Memberlist) handleConn(conn net.Conn) {
 			m.logger.Printf("[ERR] memberlist: Failed to receive user message: %s %s", err, LogConn(conn))
 		}
 	case pushPullMsg:
+		// Increment counter of pending push/pulls
+		numConcurrent := atomic.AddUint32(&m.pushPullReq, 1)
+		defer atomic.AddUint32(&m.pushPullReq, ^uint32(0))
+
+		// Check if we have too many open push/pull requests
+		if numConcurrent >= maxPushPullRequests {
+			m.logger.Printf("[ERR] memberlist: Too many pending push/pull requests")
+			return
+		}
+
 		join, remoteNodes, userState, err := m.readRemoteState(bufConn, dec)
 		if err != nil {
 			m.logger.Printf("[ERR] memberlist: Failed to read remote state: %s %s", err, LogConn(conn))
@@ -330,6 +355,10 @@ func (m *Memberlist) ingestPacket(buf []byte, from net.Addr, timestamp time.Time
 }
 
 func (m *Memberlist) handleCommand(buf []byte, from net.Addr, timestamp time.Time) {
+	if len(buf) < 1 {
+		m.logger.Printf("[ERR] memberlist: missing message type byte %s", LogAddress(from))
+		return
+	}
 	// Decode the message type
 	msgType := messageType(buf[0])
 	buf = buf[1:]
@@ -357,10 +386,25 @@ func (m *Memberlist) handleCommand(buf []byte, from net.Addr, timestamp time.Tim
 	case deadMsg:
 		fallthrough
 	case userMsg:
+		// Determine the message queue, prioritize alive
+		queue := m.lowPriorityMsgQueue
+		if msgType == aliveMsg {
+			queue = m.highPriorityMsgQueue
+		}
+
+		// Check for overflow and append if not full
+		m.msgQueueLock.Lock()
+		if queue.Len() >= m.config.HandoffQueueDepth {
+			m.logger.Printf("[WARN] memberlist: handler queue full, dropping message (%d) %s", msgType, LogAddress(from))
+		} else {
+			queue.PushBack(msgHandoff{msgType, buf, from})
+		}
+		m.msgQueueLock.Unlock()
+
+		// Notify of pending message
 		select {
-		case m.handoff <- msgHandoff{msgType, buf, from}:
+		case m.handoffCh <- struct{}{}:
 		default:
-			m.logger.Printf("[WARN] memberlist: handler queue full, dropping message (%d) %s", msgType, LogAddress(from))
 		}
 
 	default:
@@ -368,28 +412,51 @@ func (m *Memberlist) handleCommand(buf []byte, from net.Addr, timestamp time.Tim
 	}
 }
 
+// getNextMessage returns the next message to process in priority order, using LIFO
+func (m *Memberlist) getNextMessage() (msgHandoff, bool) {
+	m.msgQueueLock.Lock()
+	defer m.msgQueueLock.Unlock()
+
+	if el := m.highPriorityMsgQueue.Back(); el != nil {
+		m.highPriorityMsgQueue.Remove(el)
+		msg := el.Value.(msgHandoff)
+		return msg, true
+	} else if el := m.lowPriorityMsgQueue.Back(); el != nil {
+		m.lowPriorityMsgQueue.Remove(el)
+		msg := el.Value.(msgHandoff)
+		return msg, true
+	}
+	return msgHandoff{}, false
+}
+
 // packetHandler is a long running goroutine that processes messages received
 // over the packet interface, but is decoupled from the listener to avoid
 // blocking the listener which may cause ping/ack messages to be delayed.
 func (m *Memberlist) packetHandler() {
 	for {
 		select {
-		case msg := <-m.handoff:
-			msgType := msg.msgType
-			buf := msg.buf
-			from := msg.from
-
-			switch msgType {
-			case suspectMsg:
-				m.handleSuspect(buf, from)
-			case aliveMsg:
-				m.handleAlive(buf, from)
-			case deadMsg:
-				m.handleDead(buf, from)
-			case userMsg:
-				m.handleUser(buf, from)
-			default:
-				m.logger.Printf("[ERR] memberlist: Message type (%d) not supported %s (packet handler)", msgType, LogAddress(from))
+		case <-m.handoffCh:
+			for {
+				msg, ok := m.getNextMessage()
+				if !ok {
+					break
+				}
+				msgType := msg.msgType
+				buf := msg.buf
+				from := msg.from
+
+				switch msgType {
+				case suspectMsg:
+					m.handleSuspect(buf, from)
+				case aliveMsg:
+					m.handleAlive(buf, from)
+				case deadMsg:
+					m.handleDead(buf, from)
+				case userMsg:
+					m.handleUser(buf, from)
+				default:
+					m.logger.Printf("[ERR] memberlist: Message type (%d) not supported %s (packet handler)", msgType, LogAddress(from))
+				}
 			}
 
 		case <-m.shutdownCh:
@@ -433,7 +500,19 @@ func (m *Memberlist) handlePing(buf []byte, from net.Addr) {
 	if m.config.Ping != nil {
 		ack.Payload = m.config.Ping.AckPayload()
 	}
-	if err := m.encodeAndSendMsg(from.String(), ackRespMsg, &ack); err != nil {
+
+	addr := ""
+	if len(p.SourceAddr) > 0 && p.SourcePort > 0 {
+		addr = joinHostPort(net.IP(p.SourceAddr).String(), p.SourcePort)
+	} else {
+		addr = from.String()
+	}
+
+	a := Address{
+		Addr: addr,
+		Name: p.SourceNode,
+	}
+	if err := m.encodeAndSendMsg(a, ackRespMsg, &ack); err != nil {
 		m.logger.Printf("[ERR] memberlist: Failed to send ack: %s %s", err, LogAddress(from))
 	}
 }
@@ -453,7 +532,25 @@ func (m *Memberlist) handleIndirectPing(buf []byte, from net.Addr) {
 
 	// Send a ping to the correct host.
 	localSeqNo := m.nextSeqNo()
-	ping := ping{SeqNo: localSeqNo, Node: ind.Node}
+	selfAddr, selfPort := m.getAdvertise()
+	ping := ping{
+		SeqNo: localSeqNo,
+		Node:  ind.Node,
+		// The outbound message is addressed FROM us.
+		SourceAddr: selfAddr,
+		SourcePort: selfPort,
+		SourceNode: m.config.Name,
+	}
+
+	// Forward the ack back to the requestor. If the request encodes an origin
+	// use that otherwise assume that the other end of the UDP socket is
+	// usable.
+	indAddr := ""
+	if len(ind.SourceAddr) > 0 && ind.SourcePort > 0 {
+		indAddr = joinHostPort(net.IP(ind.SourceAddr).String(), ind.SourcePort)
+	} else {
+		indAddr = from.String()
+	}
 
 	// Setup a response handler to relay the ack
 	cancelCh := make(chan struct{})
@@ -461,18 +558,25 @@ func (m *Memberlist) handleIndirectPing(buf []byte, from net.Addr) {
 		// Try to prevent the nack if we've caught it in time.
 		close(cancelCh)
 
-		// Forward the ack back to the requestor.
 		ack := ackResp{ind.SeqNo, nil}
-		if err := m.encodeAndSendMsg(from.String(), ackRespMsg, &ack); err != nil {
-			m.logger.Printf("[ERR] memberlist: Failed to forward ack: %s %s", err, LogAddress(from))
+		a := Address{
+			Addr: indAddr,
+			Name: ind.SourceNode,
+		}
+		if err := m.encodeAndSendMsg(a, ackRespMsg, &ack); err != nil {
+			m.logger.Printf("[ERR] memberlist: Failed to forward ack: %s %s", err, LogStringAddress(indAddr))
 		}
 	}
 	m.setAckHandler(localSeqNo, respHandler, m.config.ProbeTimeout)
 
 	// Send the ping.
 	addr := joinHostPort(net.IP(ind.Target).String(), ind.Port)
-	if err := m.encodeAndSendMsg(addr, pingMsg, &ping); err != nil {
-		m.logger.Printf("[ERR] memberlist: Failed to send ping: %s %s", err, LogAddress(from))
+	a := Address{
+		Addr: addr,
+		Name: ind.Node,
+	}
+	if err := m.encodeAndSendMsg(a, pingMsg, &ping); err != nil {
+		m.logger.Printf("[ERR] memberlist: Failed to send indirect ping: %s %s", err, LogStringAddress(indAddr))
 	}
 
 	// Setup a timer to fire off a nack if no ack is seen in time.
@@ -483,8 +587,12 @@ func (m *Memberlist) handleIndirectPing(buf []byte, from net.Addr) {
 				return
 			case <-time.After(m.config.ProbeTimeout):
 				nack := nackResp{ind.SeqNo}
-				if err := m.encodeAndSendMsg(from.String(), nackRespMsg, &nack); err != nil {
-					m.logger.Printf("[ERR] memberlist: Failed to send nack: %s %s", err, LogAddress(from))
+				a := Address{
+					Addr: indAddr,
+					Name: ind.SourceNode,
+				}
+				if err := m.encodeAndSendMsg(a, nackRespMsg, &nack); err != nil {
+					m.logger.Printf("[ERR] memberlist: Failed to send nack: %s %s", err, LogStringAddress(indAddr))
 				}
 			}
 		}()
@@ -518,12 +626,47 @@ func (m *Memberlist) handleSuspect(buf []byte, from net.Addr) {
 	m.suspectNode(&sus)
 }
 
+// ensureCanConnect return the IP from a RemoteAddress
+// return error if this client must not connect
+func (m *Memberlist) ensureCanConnect(from net.Addr) error {
+	if !m.config.IPMustBeChecked() {
+		return nil
+	}
+	source := from.String()
+	if source == "pipe" {
+		return nil
+	}
+	host, _, err := net.SplitHostPort(source)
+	if err != nil {
+		return err
+	}
+
+	ip := net.ParseIP(host)
+	if ip == nil {
+		return fmt.Errorf("Cannot parse IP from %s", host)
+	}
+	return m.config.IPAllowed(ip)
+}
+
 func (m *Memberlist) handleAlive(buf []byte, from net.Addr) {
+	if err := m.ensureCanConnect(from); err != nil {
+		m.logger.Printf("[DEBUG] memberlist: Blocked alive message: %s %s", err, LogAddress(from))
+		return
+	}
 	var live alive
 	if err := decode(buf, &live); err != nil {
 		m.logger.Printf("[ERR] memberlist: Failed to decode alive message: %s %s", err, LogAddress(from))
 		return
 	}
+	if m.config.IPMustBeChecked() {
+		innerIP := net.IP(live.Addr)
+		if innerIP != nil {
+			if err := m.config.IPAllowed(innerIP); err != nil {
+				m.logger.Printf("[DEBUG] memberlist: Blocked alive.Addr=%s message from: %s %s", innerIP.String(), err, LogAddress(from))
+				return
+			}
+		}
+	}
 
 	// For proto versions < 2, there is no port provided. Mask old
 	// behavior by using the configured port
@@ -565,12 +708,12 @@ func (m *Memberlist) handleCompressed(buf []byte, from net.Addr, timestamp time.
 }
 
 // encodeAndSendMsg is used to combine the encoding and sending steps
-func (m *Memberlist) encodeAndSendMsg(addr string, msgType messageType, msg interface{}) error {
+func (m *Memberlist) encodeAndSendMsg(a Address, msgType messageType, msg interface{}) error {
 	out, err := encode(msgType, msg)
 	if err != nil {
 		return err
 	}
-	if err := m.sendMsg(addr, out.Bytes()); err != nil {
+	if err := m.sendMsg(a, out.Bytes()); err != nil {
 		return err
 	}
 	return nil
@@ -578,7 +721,7 @@ func (m *Memberlist) encodeAndSendMsg(addr string, msgType messageType, msg inte
 
 // sendMsg is used to send a message via packet to another host. It will
 // opportunistically create a compoundMsg and piggy back other broadcasts.
-func (m *Memberlist) sendMsg(addr string, msg []byte) error {
+func (m *Memberlist) sendMsg(a Address, msg []byte) error {
 	// Check if we can piggy back any messages
 	bytesAvail := m.config.UDPBufferSize - len(msg) - compoundHeaderOverhead
 	if m.config.EncryptionEnabled() && m.config.GossipVerifyOutgoing {
@@ -588,7 +731,7 @@ func (m *Memberlist) sendMsg(addr string, msg []byte) error {
 
 	// Fast path if nothing to piggypack
 	if len(extra) == 0 {
-		return m.rawSendMsgPacket(addr, nil, msg)
+		return m.rawSendMsgPacket(a, nil, msg)
 	}
 
 	// Join all the messages
@@ -600,12 +743,16 @@ func (m *Memberlist) sendMsg(addr string, msg []byte) error {
 	compound := makeCompoundMessage(msgs)
 
 	// Send the message
-	return m.rawSendMsgPacket(addr, nil, compound.Bytes())
+	return m.rawSendMsgPacket(a, nil, compound.Bytes())
 }
 
 // rawSendMsgPacket is used to send message via packet to another host without
 // modification, other than compression or encryption if enabled.
-func (m *Memberlist) rawSendMsgPacket(addr string, node *Node, msg []byte) error {
+func (m *Memberlist) rawSendMsgPacket(a Address, node *Node, msg []byte) error {
+	if a.Name == "" && m.config.RequireNodeNames {
+		return errNodeNamesAreRequired
+	}
+
 	// Check if we have compression enabled
 	if m.config.EnableCompression {
 		buf, err := compressPayload(msg)
@@ -619,11 +766,12 @@ func (m *Memberlist) rawSendMsgPacket(addr string, node *Node, msg []byte) error
 		}
 	}
 
-	// Try to look up the destination node
+	// Try to look up the destination node. Note this will only work if the
+	// bare ip address is used as the node name, which is not guaranteed.
 	if node == nil {
-		toAddr, _, err := net.SplitHostPort(addr)
+		toAddr, _, err := net.SplitHostPort(a.Addr)
 		if err != nil {
-			m.logger.Printf("[ERR] memberlist: Failed to parse address %q: %v", addr, err)
+			m.logger.Printf("[ERR] memberlist: Failed to parse address %q: %v", a.Addr, err)
 			return err
 		}
 		m.nodeLock.RLock()
@@ -658,14 +806,14 @@ func (m *Memberlist) rawSendMsgPacket(addr string, node *Node, msg []byte) error
 	}
 
 	metrics.IncrCounter([]string{"memberlist", "udp", "sent"}, float32(len(msg)))
-	_, err := m.transport.WriteTo(msg, addr)
+	_, err := m.transport.WriteToAddress(msg, a)
 	return err
 }
 
 // rawSendMsgStream is used to stream a message to another host without
 // modification, other than applying compression and encryption if enabled.
 func (m *Memberlist) rawSendMsgStream(conn net.Conn, sendBuf []byte) error {
-	// Check if compresion is enabled
+	// Check if compression is enabled
 	if m.config.EnableCompression {
 		compBuf, err := compressPayload(sendBuf)
 		if err != nil {
@@ -698,8 +846,12 @@ func (m *Memberlist) rawSendMsgStream(conn net.Conn, sendBuf []byte) error {
 }
 
 // sendUserMsg is used to stream a user message to another host.
-func (m *Memberlist) sendUserMsg(addr string, sendBuf []byte) error {
-	conn, err := m.transport.DialTimeout(addr, m.config.TCPTimeout)
+func (m *Memberlist) sendUserMsg(a Address, sendBuf []byte) error {
+	if a.Name == "" && m.config.RequireNodeNames {
+		return errNodeNamesAreRequired
+	}
+
+	conn, err := m.transport.DialAddressTimeout(a, m.config.TCPTimeout)
 	if err != nil {
 		return err
 	}
@@ -724,14 +876,18 @@ func (m *Memberlist) sendUserMsg(addr string, sendBuf []byte) error {
 
 // sendAndReceiveState is used to initiate a push/pull over a stream with a
 // remote host.
-func (m *Memberlist) sendAndReceiveState(addr string, join bool) ([]pushNodeState, []byte, error) {
+func (m *Memberlist) sendAndReceiveState(a Address, join bool) ([]pushNodeState, []byte, error) {
+	if a.Name == "" && m.config.RequireNodeNames {
+		return nil, nil, errNodeNamesAreRequired
+	}
+
 	// Attempt to connect
-	conn, err := m.transport.DialTimeout(addr, m.config.TCPTimeout)
+	conn, err := m.transport.DialAddressTimeout(a, m.config.TCPTimeout)
 	if err != nil {
 		return nil, nil, err
 	}
 	defer conn.Close()
-	m.logger.Printf("[DEBUG] memberlist: Initiating push/pull sync with: %s", conn.RemoteAddr())
+	m.logger.Printf("[DEBUG] memberlist: Initiating push/pull sync with: %s %s", a.Name, conn.RemoteAddr())
 	metrics.IncrCounter([]string{"memberlist", "tcp", "connect"}, 1)
 
 	// Send our state
@@ -996,16 +1152,17 @@ func (m *Memberlist) mergeRemoteState(join bool, remoteNodes []pushNodeState, us
 		nodes := make([]*Node, len(remoteNodes))
 		for idx, n := range remoteNodes {
 			nodes[idx] = &Node{
-				Name: n.Name,
-				Addr: n.Addr,
-				Port: n.Port,
-				Meta: n.Meta,
-				PMin: n.Vsn[0],
-				PMax: n.Vsn[1],
-				PCur: n.Vsn[2],
-				DMin: n.Vsn[3],
-				DMax: n.Vsn[4],
-				DCur: n.Vsn[5],
+				Name:  n.Name,
+				Addr:  n.Addr,
+				Port:  n.Port,
+				Meta:  n.Meta,
+				State: n.State,
+				PMin:  n.Vsn[0],
+				PMax:  n.Vsn[1],
+				PCur:  n.Vsn[2],
+				DMin:  n.Vsn[3],
+				DMax:  n.Vsn[4],
+				DCur:  n.Vsn[5],
 			}
 		}
 		if err := m.config.Merge.NotifyMerge(nodes); err != nil {
@@ -1058,8 +1215,12 @@ func (m *Memberlist) readUserMsg(bufConn io.Reader, dec *codec.Decoder) error {
 // a ping, and waits for an ack. All of this is done as a series of blocking
 // operations, given the deadline. The bool return parameter is true if we
 // we able to round trip a ping to the other node.
-func (m *Memberlist) sendPingAndWaitForAck(addr string, ping ping, deadline time.Time) (bool, error) {
-	conn, err := m.transport.DialTimeout(addr, deadline.Sub(time.Now()))
+func (m *Memberlist) sendPingAndWaitForAck(a Address, ping ping, deadline time.Time) (bool, error) {
+	if a.Name == "" && m.config.RequireNodeNames {
+		return false, errNodeNamesAreRequired
+	}
+
+	conn, err := m.transport.DialAddressTimeout(a, deadline.Sub(time.Now()))
 	if err != nil {
 		// If the node is actually dead we expect this to fail, so we
 		// shouldn't spam the logs with it. After this point, errors
@@ -1094,7 +1255,7 @@ func (m *Memberlist) sendPingAndWaitForAck(addr string, ping ping, deadline time
 	}
 
 	if ack.SeqNo != ping.SeqNo {
-		return false, fmt.Errorf("Sequence number from ack (%d) doesn't match ping (%d)", ack.SeqNo, ping.SeqNo, LogConn(conn))
+		return false, fmt.Errorf("Sequence number from ack (%d) doesn't match ping (%d)", ack.SeqNo, ping.SeqNo)
 	}
 
 	return true, nil
diff --git a/vendor/github.com/hashicorp/memberlist/net_transport.go b/vendor/github.com/hashicorp/memberlist/net_transport.go
index e7b88b01f6b14..05830117297c2 100644
--- a/vendor/github.com/hashicorp/memberlist/net_transport.go
+++ b/vendor/github.com/hashicorp/memberlist/net_transport.go
@@ -1,7 +1,9 @@
 package memberlist
 
 import (
+	"bytes"
 	"fmt"
+	"io"
 	"log"
 	"net"
 	"sync"
@@ -48,6 +50,8 @@ type NetTransport struct {
 	shutdown     int32
 }
 
+var _ NodeAwareTransport = (*NetTransport)(nil)
+
 // NewNetTransport returns a net transport with the given configuration. On
 // success all the network listeners will be created and listening.
 func NewNetTransport(config *NetTransportConfig) (*NetTransport, error) {
@@ -170,6 +174,14 @@ func (t *NetTransport) FinalAdvertiseAddr(ip string, port int) (net.IP, int, err
 
 // See Transport.
 func (t *NetTransport) WriteTo(b []byte, addr string) (time.Time, error) {
+	a := Address{Addr: addr, Name: ""}
+	return t.WriteToAddress(b, a)
+}
+
+// See NodeAwareTransport.
+func (t *NetTransport) WriteToAddress(b []byte, a Address) (time.Time, error) {
+	addr := a.Addr
+
 	udpAddr, err := net.ResolveUDPAddr("udp", addr)
 	if err != nil {
 		return time.Time{}, err
@@ -188,8 +200,44 @@ func (t *NetTransport) PacketCh() <-chan *Packet {
 	return t.packetCh
 }
 
+// See IngestionAwareTransport.
+func (t *NetTransport) IngestPacket(conn net.Conn, addr net.Addr, now time.Time, shouldClose bool) error {
+	if shouldClose {
+		defer conn.Close()
+	}
+
+	// Copy everything from the stream into packet buffer.
+	var buf bytes.Buffer
+	if _, err := io.Copy(&buf, conn); err != nil {
+		return fmt.Errorf("failed to read packet: %v", err)
+	}
+
+	// Check the length - it needs to have at least one byte to be a proper
+	// message. This is checked elsewhere for writes coming in directly from
+	// the UDP socket.
+	if n := buf.Len(); n < 1 {
+		return fmt.Errorf("packet too short (%d bytes) %s", n, LogAddress(addr))
+	}
+
+	// Inject the packet.
+	t.packetCh <- &Packet{
+		Buf:       buf.Bytes(),
+		From:      addr,
+		Timestamp: now,
+	}
+	return nil
+}
+
 // See Transport.
 func (t *NetTransport) DialTimeout(addr string, timeout time.Duration) (net.Conn, error) {
+	a := Address{Addr: addr, Name: ""}
+	return t.DialAddressTimeout(a, timeout)
+}
+
+// See NodeAwareTransport.
+func (t *NetTransport) DialAddressTimeout(a Address, timeout time.Duration) (net.Conn, error) {
+	addr := a.Addr
+
 	dialer := net.Dialer{Timeout: timeout}
 	return dialer.Dial("tcp", addr)
 }
@@ -199,6 +247,12 @@ func (t *NetTransport) StreamCh() <-chan net.Conn {
 	return t.streamCh
 }
 
+// See IngestionAwareTransport.
+func (t *NetTransport) IngestStream(conn net.Conn) error {
+	t.streamCh <- conn
+	return nil
+}
+
 // See Transport.
 func (t *NetTransport) Shutdown() error {
 	// This will avoid log spam about errors when we shut down.
@@ -221,6 +275,16 @@ func (t *NetTransport) Shutdown() error {
 // and hands them off to the stream channel.
 func (t *NetTransport) tcpListen(tcpLn *net.TCPListener) {
 	defer t.wg.Done()
+
+	// baseDelay is the initial delay after an AcceptTCP() error before attempting again
+	const baseDelay = 5 * time.Millisecond
+
+	// maxDelay is the maximum delay after an AcceptTCP() error before attempting again.
+	// In the case that tcpListen() is error-looping, it will delay the shutdown check.
+	// Therefore, changes to maxDelay may have an effect on the latency of shutdown.
+	const maxDelay = 1 * time.Second
+
+	var loopDelay time.Duration
 	for {
 		conn, err := tcpLn.AcceptTCP()
 		if err != nil {
@@ -228,9 +292,22 @@ func (t *NetTransport) tcpListen(tcpLn *net.TCPListener) {
 				break
 			}
 
+			if loopDelay == 0 {
+				loopDelay = baseDelay
+			} else {
+				loopDelay *= 2
+			}
+
+			if loopDelay > maxDelay {
+				loopDelay = maxDelay
+			}
+
 			t.logger.Printf("[ERR] memberlist: Error accepting TCP connection: %v", err)
+			time.Sleep(loopDelay)
 			continue
 		}
+		// No error, reset loop delay
+		loopDelay = 0
 
 		t.streamCh <- conn
 	}
diff --git a/vendor/github.com/hashicorp/memberlist/queue.go b/vendor/github.com/hashicorp/memberlist/queue.go
index 994b90ff1040a..c970176e18fda 100644
--- a/vendor/github.com/hashicorp/memberlist/queue.go
+++ b/vendor/github.com/hashicorp/memberlist/queue.go
@@ -1,8 +1,10 @@
 package memberlist
 
 import (
-	"sort"
+	"math"
 	"sync"
+
+	"github.com/google/btree"
 )
 
 // TransmitLimitedQueue is used to queue messages to broadcast to
@@ -19,15 +21,93 @@ type TransmitLimitedQueue struct {
 	// number of retransmissions attempted.
 	RetransmitMult int
 
-	sync.Mutex
-	bcQueue limitedBroadcasts
+	mu    sync.Mutex
+	tq    *btree.BTree // stores *limitedBroadcast as btree.Item
+	tm    map[string]*limitedBroadcast
+	idGen int64
 }
 
 type limitedBroadcast struct {
-	transmits int // Number of transmissions attempted.
+	transmits int   // btree-key[0]: Number of transmissions attempted.
+	msgLen    int64 // btree-key[1]: copied from len(b.Message())
+	id        int64 // btree-key[2]: unique incrementing id stamped at submission time
 	b         Broadcast
+
+	name string // set if Broadcast is a NamedBroadcast
+}
+
+// Less tests whether the current item is less than the given argument.
+//
+// This must provide a strict weak ordering.
+// If !a.Less(b) && !b.Less(a), we treat this to mean a == b (i.e. we can only
+// hold one of either a or b in the tree).
+//
+// default ordering is
+// - [transmits=0, ..., transmits=inf]
+// - [transmits=0:len=999, ..., transmits=0:len=2, ...]
+// - [transmits=0:len=999,id=999, ..., transmits=0:len=999:id=1, ...]
+func (b *limitedBroadcast) Less(than btree.Item) bool {
+	o := than.(*limitedBroadcast)
+	if b.transmits < o.transmits {
+		return true
+	} else if b.transmits > o.transmits {
+		return false
+	}
+	if b.msgLen > o.msgLen {
+		return true
+	} else if b.msgLen < o.msgLen {
+		return false
+	}
+	return b.id > o.id
+}
+
+// for testing; emits in transmit order if reverse=false
+func (q *TransmitLimitedQueue) orderedView(reverse bool) []*limitedBroadcast {
+	q.mu.Lock()
+	defer q.mu.Unlock()
+
+	out := make([]*limitedBroadcast, 0, q.lenLocked())
+	q.walkReadOnlyLocked(reverse, func(cur *limitedBroadcast) bool {
+		out = append(out, cur)
+		return true
+	})
+
+	return out
+}
+
+// walkReadOnlyLocked calls f for each item in the queue traversing it in
+// natural order (by Less) when reverse=false and the opposite when true. You
+// must hold the mutex.
+//
+// This method panics if you attempt to mutate the item during traversal.  The
+// underlying btree should also not be mutated during traversal.
+func (q *TransmitLimitedQueue) walkReadOnlyLocked(reverse bool, f func(*limitedBroadcast) bool) {
+	if q.lenLocked() == 0 {
+		return
+	}
+
+	iter := func(item btree.Item) bool {
+		cur := item.(*limitedBroadcast)
+
+		prevTransmits := cur.transmits
+		prevMsgLen := cur.msgLen
+		prevID := cur.id
+
+		keepGoing := f(cur)
+
+		if prevTransmits != cur.transmits || prevMsgLen != cur.msgLen || prevID != cur.id {
+			panic("edited queue while walking read only")
+		}
+
+		return keepGoing
+	}
+
+	if reverse {
+		q.tq.Descend(iter) // end with transmit 0
+	} else {
+		q.tq.Ascend(iter) // start with transmit 0
+	}
 }
-type limitedBroadcasts []*limitedBroadcast
 
 // Broadcast is something that can be broadcasted via gossip to
 // the memberlist cluster.
@@ -45,123 +125,298 @@ type Broadcast interface {
 	Finished()
 }
 
+// NamedBroadcast is an optional extension of the Broadcast interface that
+// gives each message a unique string name, and that is used to optimize
+//
+// You shoud ensure that Invalidates() checks the same uniqueness as the
+// example below:
+//
+// func (b *foo) Invalidates(other Broadcast) bool {
+// 	nb, ok := other.(NamedBroadcast)
+// 	if !ok {
+// 		return false
+// 	}
+// 	return b.Name() == nb.Name()
+// }
+//
+// Invalidates() isn't currently used for NamedBroadcasts, but that may change
+// in the future.
+type NamedBroadcast interface {
+	Broadcast
+	// The unique identity of this broadcast message.
+	Name() string
+}
+
+// UniqueBroadcast is an optional interface that indicates that each message is
+// intrinsically unique and there is no need to scan the broadcast queue for
+// duplicates.
+//
+// You should ensure that Invalidates() always returns false if implementing
+// this interface. Invalidates() isn't currently used for UniqueBroadcasts, but
+// that may change in the future.
+type UniqueBroadcast interface {
+	Broadcast
+	// UniqueBroadcast is just a marker method for this interface.
+	UniqueBroadcast()
+}
+
 // QueueBroadcast is used to enqueue a broadcast
 func (q *TransmitLimitedQueue) QueueBroadcast(b Broadcast) {
-	q.Lock()
-	defer q.Unlock()
-
-	// Check if this message invalidates another
-	n := len(q.bcQueue)
-	for i := 0; i < n; i++ {
-		if b.Invalidates(q.bcQueue[i].b) {
-			q.bcQueue[i].b.Finished()
-			copy(q.bcQueue[i:], q.bcQueue[i+1:])
-			q.bcQueue[n-1] = nil
-			q.bcQueue = q.bcQueue[:n-1]
-			n--
+	q.queueBroadcast(b, 0)
+}
+
+// lazyInit initializes internal data structures the first time they are
+// needed.  You must already hold the mutex.
+func (q *TransmitLimitedQueue) lazyInit() {
+	if q.tq == nil {
+		q.tq = btree.New(32)
+	}
+	if q.tm == nil {
+		q.tm = make(map[string]*limitedBroadcast)
+	}
+}
+
+// queueBroadcast is like QueueBroadcast but you can use a nonzero value for
+// the initial transmit tier assigned to the message. This is meant to be used
+// for unit testing.
+func (q *TransmitLimitedQueue) queueBroadcast(b Broadcast, initialTransmits int) {
+	q.mu.Lock()
+	defer q.mu.Unlock()
+
+	q.lazyInit()
+
+	if q.idGen == math.MaxInt64 {
+		// it's super duper unlikely to wrap around within the retransmit limit
+		q.idGen = 1
+	} else {
+		q.idGen++
+	}
+	id := q.idGen
+
+	lb := &limitedBroadcast{
+		transmits: initialTransmits,
+		msgLen:    int64(len(b.Message())),
+		id:        id,
+		b:         b,
+	}
+	unique := false
+	if nb, ok := b.(NamedBroadcast); ok {
+		lb.name = nb.Name()
+	} else if _, ok := b.(UniqueBroadcast); ok {
+		unique = true
+	}
+
+	// Check if this message invalidates another.
+	if lb.name != "" {
+		if old, ok := q.tm[lb.name]; ok {
+			old.b.Finished()
+			q.deleteItem(old)
+		}
+	} else if !unique {
+		// Slow path, hopefully nothing hot hits this.
+		var remove []*limitedBroadcast
+		q.tq.Ascend(func(item btree.Item) bool {
+			cur := item.(*limitedBroadcast)
+
+			// Special Broadcasts can only invalidate each other.
+			switch cur.b.(type) {
+			case NamedBroadcast:
+				// noop
+			case UniqueBroadcast:
+				// noop
+			default:
+				if b.Invalidates(cur.b) {
+					cur.b.Finished()
+					remove = append(remove, cur)
+				}
+			}
+			return true
+		})
+		for _, cur := range remove {
+			q.deleteItem(cur)
 		}
 	}
 
-	// Append to the queue
-	q.bcQueue = append(q.bcQueue, &limitedBroadcast{0, b})
+	// Append to the relevant queue.
+	q.addItem(lb)
+}
+
+// deleteItem removes the given item from the overall datastructure. You
+// must already hold the mutex.
+func (q *TransmitLimitedQueue) deleteItem(cur *limitedBroadcast) {
+	_ = q.tq.Delete(cur)
+	if cur.name != "" {
+		delete(q.tm, cur.name)
+	}
+
+	if q.tq.Len() == 0 {
+		// At idle there's no reason to let the id generator keep going
+		// indefinitely.
+		q.idGen = 0
+	}
+}
+
+// addItem adds the given item into the overall datastructure. You must already
+// hold the mutex.
+func (q *TransmitLimitedQueue) addItem(cur *limitedBroadcast) {
+	_ = q.tq.ReplaceOrInsert(cur)
+	if cur.name != "" {
+		q.tm[cur.name] = cur
+	}
+}
+
+// getTransmitRange returns a pair of min/max values for transmit values
+// represented by the current queue contents. Both values represent actual
+// transmit values on the interval [0, len). You must already hold the mutex.
+func (q *TransmitLimitedQueue) getTransmitRange() (minTransmit, maxTransmit int) {
+	if q.lenLocked() == 0 {
+		return 0, 0
+	}
+	minItem, maxItem := q.tq.Min(), q.tq.Max()
+	if minItem == nil || maxItem == nil {
+		return 0, 0
+	}
+
+	min := minItem.(*limitedBroadcast).transmits
+	max := maxItem.(*limitedBroadcast).transmits
+
+	return min, max
 }
 
 // GetBroadcasts is used to get a number of broadcasts, up to a byte limit
 // and applying a per-message overhead as provided.
 func (q *TransmitLimitedQueue) GetBroadcasts(overhead, limit int) [][]byte {
-	q.Lock()
-	defer q.Unlock()
+	q.mu.Lock()
+	defer q.mu.Unlock()
 
 	// Fast path the default case
-	if len(q.bcQueue) == 0 {
+	if q.lenLocked() == 0 {
 		return nil
 	}
 
 	transmitLimit := retransmitLimit(q.RetransmitMult, q.NumNodes())
-	bytesUsed := 0
-	var toSend [][]byte
-
-	for i := len(q.bcQueue) - 1; i >= 0; i-- {
-		// Check if this is within our limits
-		b := q.bcQueue[i]
-		msg := b.b.Message()
-		if bytesUsed+overhead+len(msg) > limit {
+
+	var (
+		bytesUsed int
+		toSend    [][]byte
+		reinsert  []*limitedBroadcast
+	)
+
+	// Visit fresher items first, but only look at stuff that will fit.
+	// We'll go tier by tier, grabbing the largest items first.
+	minTr, maxTr := q.getTransmitRange()
+	for transmits := minTr; transmits <= maxTr; /*do not advance automatically*/ {
+		free := int64(limit - bytesUsed - overhead)
+		if free <= 0 {
+			break // bail out early
+		}
+
+		// Search for the least element on a given tier (by transmit count) as
+		// defined in the limitedBroadcast.Less function that will fit into our
+		// remaining space.
+		greaterOrEqual := &limitedBroadcast{
+			transmits: transmits,
+			msgLen:    free,
+			id:        math.MaxInt64,
+		}
+		lessThan := &limitedBroadcast{
+			transmits: transmits + 1,
+			msgLen:    math.MaxInt64,
+			id:        math.MaxInt64,
+		}
+		var keep *limitedBroadcast
+		q.tq.AscendRange(greaterOrEqual, lessThan, func(item btree.Item) bool {
+			cur := item.(*limitedBroadcast)
+			// Check if this is within our limits
+			if int64(len(cur.b.Message())) > free {
+				// If this happens it's a bug in the datastructure or
+				// surrounding use doing something like having len(Message())
+				// change over time. There's enough going on here that it's
+				// probably sane to just skip it and move on for now.
+				return true
+			}
+			keep = cur
+			return false
+		})
+		if keep == nil {
+			// No more items of an appropriate size in the tier.
+			transmits++
 			continue
 		}
 
+		msg := keep.b.Message()
+
 		// Add to slice to send
 		bytesUsed += overhead + len(msg)
 		toSend = append(toSend, msg)
 
 		// Check if we should stop transmission
-		b.transmits++
-		if b.transmits >= transmitLimit {
-			b.b.Finished()
-			n := len(q.bcQueue)
-			q.bcQueue[i], q.bcQueue[n-1] = q.bcQueue[n-1], nil
-			q.bcQueue = q.bcQueue[:n-1]
+		q.deleteItem(keep)
+		if keep.transmits+1 >= transmitLimit {
+			keep.b.Finished()
+		} else {
+			// We need to bump this item down to another transmit tier, but
+			// because it would be in the same direction that we're walking the
+			// tiers, we will have to delay the reinsertion until we are
+			// finished our search. Otherwise we'll possibly re-add the message
+			// when we ascend to the next tier.
+			keep.transmits++
+			reinsert = append(reinsert, keep)
 		}
 	}
 
-	// If we are sending anything, we need to re-sort to deal
-	// with adjusted transmit counts
-	if len(toSend) > 0 {
-		q.bcQueue.Sort()
+	for _, cur := range reinsert {
+		q.addItem(cur)
 	}
+
 	return toSend
 }
 
 // NumQueued returns the number of queued messages
 func (q *TransmitLimitedQueue) NumQueued() int {
-	q.Lock()
-	defer q.Unlock()
-	return len(q.bcQueue)
+	q.mu.Lock()
+	defer q.mu.Unlock()
+	return q.lenLocked()
 }
 
-// Reset clears all the queued messages
-func (q *TransmitLimitedQueue) Reset() {
-	q.Lock()
-	defer q.Unlock()
-	for _, b := range q.bcQueue {
-		b.b.Finished()
+// lenLocked returns the length of the overall queue datastructure. You must
+// hold the mutex.
+func (q *TransmitLimitedQueue) lenLocked() int {
+	if q.tq == nil {
+		return 0
 	}
-	q.bcQueue = nil
+	return q.tq.Len()
+}
+
+// Reset clears all the queued messages. Should only be used for tests.
+func (q *TransmitLimitedQueue) Reset() {
+	q.mu.Lock()
+	defer q.mu.Unlock()
+
+	q.walkReadOnlyLocked(false, func(cur *limitedBroadcast) bool {
+		cur.b.Finished()
+		return true
+	})
+
+	q.tq = nil
+	q.tm = nil
+	q.idGen = 0
 }
 
 // Prune will retain the maxRetain latest messages, and the rest
 // will be discarded. This can be used to prevent unbounded queue sizes
 func (q *TransmitLimitedQueue) Prune(maxRetain int) {
-	q.Lock()
-	defer q.Unlock()
+	q.mu.Lock()
+	defer q.mu.Unlock()
 
 	// Do nothing if queue size is less than the limit
-	n := len(q.bcQueue)
-	if n < maxRetain {
-		return
-	}
-
-	// Invalidate the messages we will be removing
-	for i := 0; i < n-maxRetain; i++ {
-		q.bcQueue[i].b.Finished()
+	for q.tq.Len() > maxRetain {
+		item := q.tq.Max()
+		if item == nil {
+			break
+		}
+		cur := item.(*limitedBroadcast)
+		cur.b.Finished()
+		q.deleteItem(cur)
 	}
-
-	// Move the messages, and retain only the last maxRetain
-	copy(q.bcQueue[0:], q.bcQueue[n-maxRetain:])
-	q.bcQueue = q.bcQueue[:maxRetain]
-}
-
-func (b limitedBroadcasts) Len() int {
-	return len(b)
-}
-
-func (b limitedBroadcasts) Less(i, j int) bool {
-	return b[i].transmits < b[j].transmits
-}
-
-func (b limitedBroadcasts) Swap(i, j int) {
-	b[i], b[j] = b[j], b[i]
-}
-
-func (b limitedBroadcasts) Sort() {
-	sort.Sort(sort.Reverse(b))
 }
diff --git a/vendor/github.com/hashicorp/memberlist/security.go b/vendor/github.com/hashicorp/memberlist/security.go
index d90114eb0c4f3..4cb4da36f05ba 100644
--- a/vendor/github.com/hashicorp/memberlist/security.go
+++ b/vendor/github.com/hashicorp/memberlist/security.go
@@ -106,7 +106,10 @@ func encryptPayload(vsn encryptionVersion, key []byte, msg []byte, data []byte,
 	dst.WriteByte(byte(vsn))
 
 	// Add a random nonce
-	io.CopyN(dst, rand.Reader, nonceSize)
+	_, err = io.CopyN(dst, rand.Reader, nonceSize)
+	if err != nil {
+		return err
+	}
 	afterNonce := dst.Len()
 
 	// Ensure we are correctly padded (only version 0)
diff --git a/vendor/github.com/hashicorp/memberlist/state.go b/vendor/github.com/hashicorp/memberlist/state.go
index f51692de0ac70..5e4f7fdd704cc 100644
--- a/vendor/github.com/hashicorp/memberlist/state.go
+++ b/vendor/github.com/hashicorp/memberlist/state.go
@@ -6,32 +6,35 @@ import (
 	"math"
 	"math/rand"
 	"net"
+	"strings"
 	"sync/atomic"
 	"time"
 
-	"github.com/armon/go-metrics"
+	metrics "github.com/armon/go-metrics"
 )
 
-type nodeStateType int
+type NodeStateType int
 
 const (
-	stateAlive nodeStateType = iota
-	stateSuspect
-	stateDead
+	StateAlive NodeStateType = iota
+	StateSuspect
+	StateDead
+	StateLeft
 )
 
 // Node represents a node in the cluster.
 type Node struct {
-	Name string
-	Addr net.IP
-	Port uint16
-	Meta []byte // Metadata from the delegate for this node.
-	PMin uint8  // Minimum protocol version this understands
-	PMax uint8  // Maximum protocol version this understands
-	PCur uint8  // Current version node is speaking
-	DMin uint8  // Min protocol version for the delegate to understand
-	DMax uint8  // Max protocol version for the delegate to understand
-	DCur uint8  // Current version delegate is speaking
+	Name  string
+	Addr  net.IP
+	Port  uint16
+	Meta  []byte        // Metadata from the delegate for this node.
+	State NodeStateType // State of the node.
+	PMin  uint8         // Minimum protocol version this understands
+	PMax  uint8         // Maximum protocol version this understands
+	PCur  uint8         // Current version node is speaking
+	DMin  uint8         // Min protocol version for the delegate to understand
+	DMax  uint8         // Max protocol version for the delegate to understand
+	DCur  uint8         // Current version delegate is speaking
 }
 
 // Address returns the host:port form of a node's address, suitable for use
@@ -40,6 +43,15 @@ func (n *Node) Address() string {
 	return joinHostPort(n.Addr.String(), n.Port)
 }
 
+// FullAddress returns the node name and host:port form of a node's address,
+// suitable for use with a transport.
+func (n *Node) FullAddress() Address {
+	return Address{
+		Addr: joinHostPort(n.Addr.String(), n.Port),
+		Name: n.Name,
+	}
+}
+
 // String returns the node name
 func (n *Node) String() string {
 	return n.Name
@@ -49,7 +61,7 @@ func (n *Node) String() string {
 type nodeState struct {
 	Node
 	Incarnation uint32        // Last known incarnation number
-	State       nodeStateType // Current state
+	State       NodeStateType // Current state
 	StateChange time.Time     // Time last state change happened
 }
 
@@ -59,6 +71,16 @@ func (n *nodeState) Address() string {
 	return n.Node.Address()
 }
 
+// FullAddress returns the node name and host:port form of a node's address,
+// suitable for use with a transport.
+func (n *nodeState) FullAddress() Address {
+	return n.Node.FullAddress()
+}
+
+func (n *nodeState) DeadOrLeft() bool {
+	return n.State == StateDead || n.State == StateLeft
+}
+
 // ackHandler is used to register handlers for incoming acks and nacks.
 type ackHandler struct {
 	ackFn  func([]byte, time.Time)
@@ -217,7 +239,7 @@ START:
 	node = *m.nodes[m.probeIndex]
 	if node.Name == m.config.Name {
 		skip = true
-	} else if node.State == stateDead {
+	} else if node.DeadOrLeft() {
 		skip = true
 	}
 
@@ -233,6 +255,30 @@ START:
 	m.probeNode(&node)
 }
 
+// probeNodeByAddr just safely calls probeNode given only the address of the node (for tests)
+func (m *Memberlist) probeNodeByAddr(addr string) {
+	m.nodeLock.RLock()
+	n := m.nodeMap[addr]
+	m.nodeLock.RUnlock()
+
+	m.probeNode(n)
+}
+
+// failedRemote checks the error and decides if it indicates a failure on the
+// other end.
+func failedRemote(err error) bool {
+	switch t := err.(type) {
+	case *net.OpError:
+		if strings.HasPrefix(t.Net, "tcp") {
+			switch t.Op {
+			case "dial", "read", "write":
+				return true
+			}
+		}
+	}
+	return false
+}
+
 // probeNode handles a single round of failure checking on a node.
 func (m *Memberlist) probeNode(node *nodeState) {
 	defer metrics.MeasureSince([]string{"memberlist", "probeNode"}, time.Now())
@@ -246,7 +292,14 @@ func (m *Memberlist) probeNode(node *nodeState) {
 	}
 
 	// Prepare a ping message and setup an ack handler.
-	ping := ping{SeqNo: m.nextSeqNo(), Node: node.Name}
+	selfAddr, selfPort := m.getAdvertise()
+	ping := ping{
+		SeqNo:      m.nextSeqNo(),
+		Node:       node.Name,
+		SourceAddr: selfAddr,
+		SourcePort: selfPort,
+		SourceNode: m.config.Name,
+	}
 	ackCh := make(chan ackMessage, m.config.IndirectChecks+1)
 	nackCh := make(chan struct{}, m.config.IndirectChecks+1)
 	m.setProbeChannels(ping.SeqNo, ackCh, nackCh, probeInterval)
@@ -263,10 +316,20 @@ func (m *Memberlist) probeNode(node *nodeState) {
 	// soon as possible.
 	deadline := sent.Add(probeInterval)
 	addr := node.Address()
-	if node.State == stateAlive {
-		if err := m.encodeAndSendMsg(addr, pingMsg, &ping); err != nil {
+
+	// Arrange for our self-awareness to get updated.
+	var awarenessDelta int
+	defer func() {
+		m.awareness.ApplyDelta(awarenessDelta)
+	}()
+	if node.State == StateAlive {
+		if err := m.encodeAndSendMsg(node.FullAddress(), pingMsg, &ping); err != nil {
 			m.logger.Printf("[ERR] memberlist: Failed to send ping: %s", err)
-			return
+			if failedRemote(err) {
+				goto HANDLE_REMOTE_FAILURE
+			} else {
+				return
+			}
 		}
 	} else {
 		var msgs [][]byte
@@ -285,9 +348,13 @@ func (m *Memberlist) probeNode(node *nodeState) {
 		}
 
 		compound := makeCompoundMessage(msgs)
-		if err := m.rawSendMsgPacket(addr, &node.Node, compound.Bytes()); err != nil {
+		if err := m.rawSendMsgPacket(node.FullAddress(), &node.Node, compound.Bytes()); err != nil {
 			m.logger.Printf("[ERR] memberlist: Failed to send compound ping and suspect message to %s: %s", addr, err)
-			return
+			if failedRemote(err) {
+				goto HANDLE_REMOTE_FAILURE
+			} else {
+				return
+			}
 		}
 	}
 
@@ -296,10 +363,7 @@ func (m *Memberlist) probeNode(node *nodeState) {
 	// which will improve our health until we get to the failure scenarios
 	// at the end of this function, which will alter this delta variable
 	// accordingly.
-	awarenessDelta := -1
-	defer func() {
-		m.awareness.ApplyDelta(awarenessDelta)
-	}()
+	awarenessDelta = -1
 
 	// Wait for response or round-trip-time.
 	select {
@@ -324,21 +388,31 @@ func (m *Memberlist) probeNode(node *nodeState) {
 		// probe interval it will give the TCP fallback more time, which
 		// is more active in dealing with lost packets, and it gives more
 		// time to wait for indirect acks/nacks.
-		m.logger.Printf("[DEBUG] memberlist: Failed ping: %v (timeout reached)", node.Name)
+		m.logger.Printf("[DEBUG] memberlist: Failed ping: %s (timeout reached)", node.Name)
 	}
 
+HANDLE_REMOTE_FAILURE:
 	// Get some random live nodes.
 	m.nodeLock.RLock()
 	kNodes := kRandomNodes(m.config.IndirectChecks, m.nodes, func(n *nodeState) bool {
 		return n.Name == m.config.Name ||
 			n.Name == node.Name ||
-			n.State != stateAlive
+			n.State != StateAlive
 	})
 	m.nodeLock.RUnlock()
 
 	// Attempt an indirect ping.
 	expectedNacks := 0
-	ind := indirectPingReq{SeqNo: ping.SeqNo, Target: node.Addr, Port: node.Port, Node: node.Name}
+	selfAddr, selfPort = m.getAdvertise()
+	ind := indirectPingReq{
+		SeqNo:      ping.SeqNo,
+		Target:     node.Addr,
+		Port:       node.Port,
+		Node:       node.Name,
+		SourceAddr: selfAddr,
+		SourcePort: selfPort,
+		SourceNode: m.config.Name,
+	}
 	for _, peer := range kNodes {
 		// We only expect nack to be sent from peers who understand
 		// version 4 of the protocol.
@@ -346,7 +420,7 @@ func (m *Memberlist) probeNode(node *nodeState) {
 			expectedNacks++
 		}
 
-		if err := m.encodeAndSendMsg(peer.Address(), indirectPingMsg, &ind); err != nil {
+		if err := m.encodeAndSendMsg(peer.FullAddress(), indirectPingMsg, &ind); err != nil {
 			m.logger.Printf("[ERR] memberlist: Failed to send indirect ping: %s", err)
 		}
 	}
@@ -362,10 +436,13 @@ func (m *Memberlist) probeNode(node *nodeState) {
 	// which protocol version we are speaking. That's why we've included a
 	// config option to turn this off if desired.
 	fallbackCh := make(chan bool, 1)
-	if (!m.config.DisableTcpPings) && (node.PMax >= 3) {
+
+	disableTcpPings := m.config.DisableTcpPings ||
+		(m.config.DisableTcpPingsForNode != nil && m.config.DisableTcpPingsForNode(node.Name))
+	if (!disableTcpPings) && (node.PMax >= 3) {
 		go func() {
 			defer close(fallbackCh)
-			didContact, err := m.sendPingAndWaitForAck(node.Address(), ping, deadline)
+			didContact, err := m.sendPingAndWaitForAck(node.FullAddress(), ping, deadline)
 			if err != nil {
 				m.logger.Printf("[ERR] memberlist: Failed fallback ping: %s", err)
 			} else {
@@ -422,12 +499,21 @@ func (m *Memberlist) probeNode(node *nodeState) {
 // Ping initiates a ping to the node with the specified name.
 func (m *Memberlist) Ping(node string, addr net.Addr) (time.Duration, error) {
 	// Prepare a ping message and setup an ack handler.
-	ping := ping{SeqNo: m.nextSeqNo(), Node: node}
+	selfAddr, selfPort := m.getAdvertise()
+	ping := ping{
+		SeqNo:      m.nextSeqNo(),
+		Node:       node,
+		SourceAddr: selfAddr,
+		SourcePort: selfPort,
+		SourceNode: m.config.Name,
+	}
 	ackCh := make(chan ackMessage, m.config.IndirectChecks+1)
 	m.setProbeChannels(ping.SeqNo, ackCh, nil, m.config.ProbeInterval)
 
+	a := Address{Addr: addr.String(), Name: node}
+
 	// Send a ping to the node.
-	if err := m.encodeAndSendMsg(addr.String(), pingMsg, &ping); err != nil {
+	if err := m.encodeAndSendMsg(a, pingMsg, &ping); err != nil {
 		return 0, err
 	}
 
@@ -488,10 +574,10 @@ func (m *Memberlist) gossip() {
 		}
 
 		switch n.State {
-		case stateAlive, stateSuspect:
+		case StateAlive, StateSuspect:
 			return false
 
-		case stateDead:
+		case StateDead:
 			return time.Since(n.StateChange) > m.config.GossipToTheDeadTime
 
 		default:
@@ -516,13 +602,13 @@ func (m *Memberlist) gossip() {
 		addr := node.Address()
 		if len(msgs) == 1 {
 			// Send single message as is
-			if err := m.rawSendMsgPacket(addr, &node.Node, msgs[0]); err != nil {
+			if err := m.rawSendMsgPacket(node.FullAddress(), &node, msgs[0]); err != nil {
 				m.logger.Printf("[ERR] memberlist: Failed to send gossip to %s: %s", addr, err)
 			}
 		} else {
 			// Otherwise create and send a compound message
 			compound := makeCompoundMessage(msgs)
-			if err := m.rawSendMsgPacket(addr, &node.Node, compound.Bytes()); err != nil {
+			if err := m.rawSendMsgPacket(node.FullAddress(), &node, compound.Bytes()); err != nil {
 				m.logger.Printf("[ERR] memberlist: Failed to send gossip to %s: %s", addr, err)
 			}
 		}
@@ -538,7 +624,7 @@ func (m *Memberlist) pushPull() {
 	m.nodeLock.RLock()
 	nodes := kRandomNodes(1, m.nodes, func(n *nodeState) bool {
 		return n.Name == m.config.Name ||
-			n.State != stateAlive
+			n.State != StateAlive
 	})
 	m.nodeLock.RUnlock()
 
@@ -549,17 +635,17 @@ func (m *Memberlist) pushPull() {
 	node := nodes[0]
 
 	// Attempt a push pull
-	if err := m.pushPullNode(node.Address(), false); err != nil {
+	if err := m.pushPullNode(node.FullAddress(), false); err != nil {
 		m.logger.Printf("[ERR] memberlist: Push/Pull with %s failed: %s", node.Name, err)
 	}
 }
 
 // pushPullNode does a complete state exchange with a specific node.
-func (m *Memberlist) pushPullNode(addr string, join bool) error {
+func (m *Memberlist) pushPullNode(a Address, join bool) error {
 	defer metrics.MeasureSince([]string{"memberlist", "pushPullNode"}, time.Now())
 
 	// Attempt to send and receive with the node
-	remote, userState, err := m.sendAndReceiveState(addr, join)
+	remote, userState, err := m.sendAndReceiveState(a, join)
 	if err != nil {
 		return err
 	}
@@ -596,7 +682,7 @@ func (m *Memberlist) verifyProtocol(remote []pushNodeState) error {
 
 	for _, rn := range remote {
 		// If the node isn't alive, then skip it
-		if rn.State != stateAlive {
+		if rn.State != StateAlive {
 			continue
 		}
 
@@ -625,7 +711,7 @@ func (m *Memberlist) verifyProtocol(remote []pushNodeState) error {
 
 	for _, n := range m.nodes {
 		// Ignore non-alive nodes
-		if n.State != stateAlive {
+		if n.State != StateAlive {
 			continue
 		}
 
@@ -841,11 +927,26 @@ func (m *Memberlist) aliveNode(a *alive, notify chan struct{}, bootstrap bool) {
 		return
 	}
 
+	if len(a.Vsn) >= 3 {
+		pMin := a.Vsn[0]
+		pMax := a.Vsn[1]
+		pCur := a.Vsn[2]
+		if pMin == 0 || pMax == 0 || pMin > pMax {
+			m.logger.Printf("[WARN] memberlist: Ignoring an alive message for '%s' (%v:%d) because protocol version(s) are wrong: %d <= %d <= %d should be >0", a.Node, net.IP(a.Addr), a.Port, pMin, pCur, pMax)
+			return
+		}
+	}
+
 	// Invoke the Alive delegate if any. This can be used to filter out
 	// alive messages based on custom logic. For example, using a cluster name.
 	// Using a merge delegate is not enough, as it is possible for passive
 	// cluster merging to still occur.
 	if m.config.Alive != nil {
+		if len(a.Vsn) < 6 {
+			m.logger.Printf("[WARN] memberlist: ignoring alive message for '%s' (%v:%d) because Vsn is not present",
+				a.Node, net.IP(a.Addr), a.Port)
+			return
+		}
 		node := &Node{
 			Name: a.Node,
 			Addr: a.Addr,
@@ -867,7 +968,13 @@ func (m *Memberlist) aliveNode(a *alive, notify chan struct{}, bootstrap bool) {
 
 	// Check if we've never seen this node before, and if not, then
 	// store this node in our node map.
+	var updatesNode bool
 	if !ok {
+		errCon := m.config.IPAllowed(a.Addr)
+		if errCon != nil {
+			m.logger.Printf("[WARN] memberlist: Rejected node %s (%v): %s", a.Node, net.IP(a.Addr), errCon)
+			return
+		}
 		state = &nodeState{
 			Node: Node{
 				Name: a.Node,
@@ -875,7 +982,15 @@ func (m *Memberlist) aliveNode(a *alive, notify chan struct{}, bootstrap bool) {
 				Port: a.Port,
 				Meta: a.Meta,
 			},
-			State: stateDead,
+			State: StateDead,
+		}
+		if len(a.Vsn) > 5 {
+			state.PMin = a.Vsn[0]
+			state.PMax = a.Vsn[1]
+			state.PCur = a.Vsn[2]
+			state.DMin = a.Vsn[3]
+			state.DMax = a.Vsn[4]
+			state.DCur = a.Vsn[5]
 		}
 
 		// Add to map
@@ -894,29 +1009,45 @@ func (m *Memberlist) aliveNode(a *alive, notify chan struct{}, bootstrap bool) {
 
 		// Update numNodes after we've added a new node
 		atomic.AddUint32(&m.numNodes, 1)
-	}
-
-	// Check if this address is different than the existing node
-	if !bytes.Equal([]byte(state.Addr), a.Addr) || state.Port != a.Port {
-		m.logger.Printf("[ERR] memberlist: Conflicting address for %s. Mine: %v:%d Theirs: %v:%d",
-			state.Name, state.Addr, state.Port, net.IP(a.Addr), a.Port)
-
-		// Inform the conflict delegate if provided
-		if m.config.Conflict != nil {
-			other := Node{
-				Name: a.Node,
-				Addr: a.Addr,
-				Port: a.Port,
-				Meta: a.Meta,
+	} else {
+		// Check if this address is different than the existing node unless the old node is dead.
+		if !bytes.Equal([]byte(state.Addr), a.Addr) || state.Port != a.Port {
+			errCon := m.config.IPAllowed(a.Addr)
+			if errCon != nil {
+				m.logger.Printf("[WARN] memberlist: Rejected IP update from %v to %v for node %s: %s", a.Node, state.Addr, net.IP(a.Addr), errCon)
+				return
+			}
+			// If DeadNodeReclaimTime is configured, check if enough time has elapsed since the node died.
+			canReclaim := (m.config.DeadNodeReclaimTime > 0 &&
+				time.Since(state.StateChange) > m.config.DeadNodeReclaimTime)
+
+			// Allow the address to be updated if a dead node is being replaced.
+			if state.State == StateLeft || (state.State == StateDead && canReclaim) {
+				m.logger.Printf("[INFO] memberlist: Updating address for left or failed node %s from %v:%d to %v:%d",
+					state.Name, state.Addr, state.Port, net.IP(a.Addr), a.Port)
+				updatesNode = true
+			} else {
+				m.logger.Printf("[ERR] memberlist: Conflicting address for %s. Mine: %v:%d Theirs: %v:%d Old state: %v",
+					state.Name, state.Addr, state.Port, net.IP(a.Addr), a.Port, state.State)
+
+				// Inform the conflict delegate if provided
+				if m.config.Conflict != nil {
+					other := Node{
+						Name: a.Node,
+						Addr: a.Addr,
+						Port: a.Port,
+						Meta: a.Meta,
+					}
+					m.config.Conflict.NotifyConflict(&state.Node, &other)
+				}
+				return
 			}
-			m.config.Conflict.NotifyConflict(&state.Node, &other)
 		}
-		return
 	}
 
 	// Bail if the incarnation number is older, and this is not about us
 	isLocalNode := state.Name == m.config.Name
-	if a.Incarnation <= state.Incarnation && !isLocalNode {
+	if a.Incarnation <= state.Incarnation && !isLocalNode && !updatesNode {
 		return
 	}
 
@@ -956,9 +1087,8 @@ func (m *Memberlist) aliveNode(a *alive, notify chan struct{}, bootstrap bool) {
 			bytes.Equal(a.Vsn, versions) {
 			return
 		}
-
 		m.refute(state, a.Incarnation)
-		m.logger.Printf("[WARN] memberlist: Refuting an alive message")
+		m.logger.Printf("[WARN] memberlist: Refuting an alive message for '%s' (%v:%d) meta:(%v VS %v), vsn:(%v VS %v)", a.Node, net.IP(a.Addr), a.Port, a.Meta, state.Meta, a.Vsn, versions)
 	} else {
 		m.encodeBroadcastNotify(a.Node, aliveMsg, a, notify)
 
@@ -975,8 +1105,10 @@ func (m *Memberlist) aliveNode(a *alive, notify chan struct{}, bootstrap bool) {
 		// Update the state and incarnation number
 		state.Incarnation = a.Incarnation
 		state.Meta = a.Meta
-		if state.State != stateAlive {
-			state.State = stateAlive
+		state.Addr = a.Addr
+		state.Port = a.Port
+		if state.State != StateAlive {
+			state.State = StateAlive
 			state.StateChange = time.Now()
 		}
 	}
@@ -986,8 +1118,8 @@ func (m *Memberlist) aliveNode(a *alive, notify chan struct{}, bootstrap bool) {
 
 	// Notify the delegate of any relevant updates
 	if m.config.Events != nil {
-		if oldState == stateDead {
-			// if Dead -> Alive, notify of join
+		if oldState == StateDead || oldState == StateLeft {
+			// if Dead/Left -> Alive, notify of join
 			m.config.Events.NotifyJoin(&state.Node)
 
 		} else if !bytes.Equal(oldMeta, state.Meta) {
@@ -1026,7 +1158,7 @@ func (m *Memberlist) suspectNode(s *suspect) {
 	}
 
 	// Ignore non-alive nodes
-	if state.State != stateAlive {
+	if state.State != StateAlive {
 		return
 	}
 
@@ -1044,7 +1176,7 @@ func (m *Memberlist) suspectNode(s *suspect) {
 
 	// Update the state
 	state.Incarnation = s.Incarnation
-	state.State = stateSuspect
+	state.State = StateSuspect
 	changeTime := time.Now()
 	state.StateChange = changeTime
 
@@ -1066,9 +1198,14 @@ func (m *Memberlist) suspectNode(s *suspect) {
 	min := suspicionTimeout(m.config.SuspicionMult, n, m.config.ProbeInterval)
 	max := time.Duration(m.config.SuspicionMaxTimeoutMult) * min
 	fn := func(numConfirmations int) {
+		var d *dead
+
 		m.nodeLock.Lock()
 		state, ok := m.nodeMap[s.Node]
-		timeout := ok && state.State == stateSuspect && state.StateChange == changeTime
+		timeout := ok && state.State == StateSuspect && state.StateChange == changeTime
+		if timeout {
+			d = &dead{Incarnation: state.Incarnation, Node: state.Name, From: m.config.Name}
+		}
 		m.nodeLock.Unlock()
 
 		if timeout {
@@ -1078,8 +1215,8 @@ func (m *Memberlist) suspectNode(s *suspect) {
 
 			m.logger.Printf("[INFO] memberlist: Marking %s as failed, suspect timeout reached (%d peer confirmations)",
 				state.Name, numConfirmations)
-			d := dead{Incarnation: state.Incarnation, Node: state.Name, From: m.config.Name}
-			m.deadNode(&d)
+
+			m.deadNode(d)
 		}
 	}
 	m.nodeTimers[s.Node] = newSuspicion(s.From, k, min, max, fn)
@@ -1106,7 +1243,7 @@ func (m *Memberlist) deadNode(d *dead) {
 	delete(m.nodeTimers, d.Node)
 
 	// Ignore if node is already dead
-	if state.State == stateDead {
+	if state.DeadOrLeft() {
 		return
 	}
 
@@ -1130,7 +1267,14 @@ func (m *Memberlist) deadNode(d *dead) {
 
 	// Update the state
 	state.Incarnation = d.Incarnation
-	state.State = stateDead
+
+	// If the dead message was send by the node itself, mark it is left
+	// instead of dead.
+	if d.Node == d.From {
+		state.State = StateLeft
+	} else {
+		state.State = StateDead
+	}
 	state.StateChange = time.Now()
 
 	// Notify of death
@@ -1144,7 +1288,7 @@ func (m *Memberlist) deadNode(d *dead) {
 func (m *Memberlist) mergeState(remote []pushNodeState) {
 	for _, r := range remote {
 		switch r.State {
-		case stateAlive:
+		case StateAlive:
 			a := alive{
 				Incarnation: r.Incarnation,
 				Node:        r.Name,
@@ -1155,11 +1299,14 @@ func (m *Memberlist) mergeState(remote []pushNodeState) {
 			}
 			m.aliveNode(&a, nil, false)
 
-		case stateDead:
+		case StateLeft:
+			d := dead{Incarnation: r.Incarnation, Node: r.Name, From: r.Name}
+			m.deadNode(&d)
+		case StateDead:
 			// If the remote node believes a node is dead, we prefer to
 			// suspect that node instead of declaring it dead instantly
 			fallthrough
-		case stateSuspect:
+		case StateSuspect:
 			s := suspect{Incarnation: r.Incarnation, Node: r.Name, From: m.config.Name}
 			m.suspectNode(&s)
 		}
diff --git a/vendor/github.com/hashicorp/memberlist/transport.go b/vendor/github.com/hashicorp/memberlist/transport.go
index 6ce55ea47f88c..b23b83914b98e 100644
--- a/vendor/github.com/hashicorp/memberlist/transport.go
+++ b/vendor/github.com/hashicorp/memberlist/transport.go
@@ -1,6 +1,7 @@
 package memberlist
 
 import (
+	"fmt"
 	"net"
 	"time"
 )
@@ -63,3 +64,50 @@ type Transport interface {
 	// transport a chance to clean up any listeners.
 	Shutdown() error
 }
+
+type Address struct {
+	// Addr is a network address as a string, similar to Dial. This usually is
+	// in the form of "host:port". This is required.
+	Addr string
+
+	// Name is the name of the node being addressed. This is optional but
+	// transports may require it.
+	Name string
+}
+
+func (a *Address) String() string {
+	if a.Name != "" {
+		return fmt.Sprintf("%s (%s)", a.Name, a.Addr)
+	}
+	return a.Addr
+}
+
+// IngestionAwareTransport is not used.
+//
+// Deprecated: IngestionAwareTransport is not used and may be removed in a future
+// version. Define the interface locally instead of referencing this exported
+// interface.
+type IngestionAwareTransport interface {
+	IngestPacket(conn net.Conn, addr net.Addr, now time.Time, shouldClose bool) error
+	IngestStream(conn net.Conn) error
+}
+
+type NodeAwareTransport interface {
+	Transport
+	WriteToAddress(b []byte, addr Address) (time.Time, error)
+	DialAddressTimeout(addr Address, timeout time.Duration) (net.Conn, error)
+}
+
+type shimNodeAwareTransport struct {
+	Transport
+}
+
+var _ NodeAwareTransport = (*shimNodeAwareTransport)(nil)
+
+func (t *shimNodeAwareTransport) WriteToAddress(b []byte, addr Address) (time.Time, error) {
+	return t.WriteTo(b, addr.Addr)
+}
+
+func (t *shimNodeAwareTransport) DialAddressTimeout(addr Address, timeout time.Duration) (net.Conn, error) {
+	return t.DialTimeout(addr.Addr, timeout)
+}
diff --git a/vendor/github.com/hashicorp/memberlist/util.go b/vendor/github.com/hashicorp/memberlist/util.go
index e2381a69866ef..16a7d36d0b65d 100644
--- a/vendor/github.com/hashicorp/memberlist/util.go
+++ b/vendor/github.com/hashicorp/memberlist/util.go
@@ -78,10 +78,9 @@ func retransmitLimit(retransmitMult, n int) int {
 // shuffleNodes randomly shuffles the input nodes using the Fisher-Yates shuffle
 func shuffleNodes(nodes []*nodeState) {
 	n := len(nodes)
-	for i := n - 1; i > 0; i-- {
-		j := rand.Intn(i + 1)
+	rand.Shuffle(n, func(i, j int) {
 		nodes[i], nodes[j] = nodes[j], nodes[i]
-	}
+	})
 }
 
 // pushPushScale is used to scale the time interval at which push/pull
@@ -103,7 +102,7 @@ func moveDeadNodes(nodes []*nodeState, gossipToTheDeadTime time.Duration) int {
 	numDead := 0
 	n := len(nodes)
 	for i := 0; i < n-numDead; i++ {
-		if nodes[i].State != stateDead {
+		if nodes[i].State != StateDead {
 			continue
 		}
 
@@ -120,35 +119,35 @@ func moveDeadNodes(nodes []*nodeState, gossipToTheDeadTime time.Duration) int {
 	return n - numDead
 }
 
-// kRandomNodes is used to select up to k random nodes, excluding any nodes where
-// the filter function returns true. It is possible that less than k nodes are
+// kRandomNodes is used to select up to k random Nodes, excluding any nodes where
+// the exclude function returns true. It is possible that less than k nodes are
 // returned.
-func kRandomNodes(k int, nodes []*nodeState, filterFn func(*nodeState) bool) []*nodeState {
+func kRandomNodes(k int, nodes []*nodeState, exclude func(*nodeState) bool) []Node {
 	n := len(nodes)
-	kNodes := make([]*nodeState, 0, k)
+	kNodes := make([]Node, 0, k)
 OUTER:
 	// Probe up to 3*n times, with large n this is not necessary
 	// since k << n, but with small n we want search to be
 	// exhaustive
 	for i := 0; i < 3*n && len(kNodes) < k; i++ {
-		// Get random node
+		// Get random nodeState
 		idx := randomOffset(n)
-		node := nodes[idx]
+		state := nodes[idx]
 
 		// Give the filter a shot at it.
-		if filterFn != nil && filterFn(node) {
+		if exclude != nil && exclude(state) {
 			continue OUTER
 		}
 
 		// Check if we have this node already
 		for j := 0; j < len(kNodes); j++ {
-			if node == kNodes[j] {
+			if state.Node.Name == kNodes[j].Name {
 				continue OUTER
 			}
 		}
 
 		// Append the node
-		kNodes = append(kNodes, node)
+		kNodes = append(kNodes, state.Node)
 	}
 	return kNodes
 }
@@ -186,18 +185,18 @@ func decodeCompoundMessage(buf []byte) (trunc int, parts [][]byte, err error) {
 		err = fmt.Errorf("missing compound length byte")
 		return
 	}
-	numParts := uint8(buf[0])
+	numParts := int(buf[0])
 	buf = buf[1:]
 
 	// Check we have enough bytes
-	if len(buf) < int(numParts*2) {
+	if len(buf) < numParts*2 {
 		err = fmt.Errorf("truncated len slice")
 		return
 	}
 
 	// Decode the lengths
 	lengths := make([]uint16, numParts)
-	for i := 0; i < int(numParts); i++ {
+	for i := 0; i < numParts; i++ {
 		lengths[i] = binary.BigEndian.Uint16(buf[i*2 : i*2+2])
 	}
 	buf = buf[numParts*2:]
@@ -205,7 +204,7 @@ func decodeCompoundMessage(buf []byte) (trunc int, parts [][]byte, err error) {
 	// Split each message
 	for idx, msgLen := range lengths {
 		if len(buf) < int(msgLen) {
-			trunc = int(numParts) - idx
+			trunc = numParts - idx
 			return
 		}
 
diff --git a/vendor/github.com/imdario/mergo/README.md b/vendor/github.com/imdario/mergo/README.md
index 8b76f1fbf33a6..aa8cbd7ce6d73 100644
--- a/vendor/github.com/imdario/mergo/README.md
+++ b/vendor/github.com/imdario/mergo/README.md
@@ -1,43 +1,54 @@
 # Mergo
 
-A helper to merge structs and maps in Golang. Useful for configuration default values, avoiding messy if-statements.
-
-Also a lovely [comune](http://en.wikipedia.org/wiki/Mergo) (municipality) in the Province of Ancona in the Italian region of Marche.
-
-## Status
-
-It is ready for production use. [It is used in several projects by Docker, Google, The Linux Foundation, VMWare, Shopify, etc](https://github.com/imdario/mergo#mergo-in-the-wild).
 
 [![GoDoc][3]][4]
-[![GoCard][5]][6]
+[![GitHub release][5]][6]
+[![GoCard][7]][8]
 [![Build Status][1]][2]
-[![Coverage Status][7]][8]
-[![Sourcegraph][9]][10]
+[![Coverage Status][9]][10]
+[![Sourcegraph][11]][12]
+[![FOSSA Status][13]][14]
+
+[![GoCenter Kudos][15]][16]
 
 [1]: https://travis-ci.org/imdario/mergo.png
 [2]: https://travis-ci.org/imdario/mergo
 [3]: https://godoc.org/github.com/imdario/mergo?status.svg
 [4]: https://godoc.org/github.com/imdario/mergo
-[5]: https://goreportcard.com/badge/imdario/mergo
-[6]: https://goreportcard.com/report/github.com/imdario/mergo
-[7]: https://coveralls.io/repos/github/imdario/mergo/badge.svg?branch=master
-[8]: https://coveralls.io/github/imdario/mergo?branch=master
-[9]: https://sourcegraph.com/github.com/imdario/mergo/-/badge.svg
-[10]: https://sourcegraph.com/github.com/imdario/mergo?badge
+[5]: https://img.shields.io/github/release/imdario/mergo.svg
+[6]: https://github.com/imdario/mergo/releases
+[7]: https://goreportcard.com/badge/imdario/mergo
+[8]: https://goreportcard.com/report/github.com/imdario/mergo
+[9]: https://coveralls.io/repos/github/imdario/mergo/badge.svg?branch=master
+[10]: https://coveralls.io/github/imdario/mergo?branch=master
+[11]: https://sourcegraph.com/github.com/imdario/mergo/-/badge.svg
+[12]: https://sourcegraph.com/github.com/imdario/mergo?badge
+[13]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Fimdario%2Fmergo.svg?type=shield
+[14]: https://app.fossa.io/projects/git%2Bgithub.com%2Fimdario%2Fmergo?ref=badge_shield
+[15]: https://search.gocenter.io/api/ui/badge/github.com%2Fimdario%2Fmergo
+[16]: https://search.gocenter.io/github.com/imdario/mergo
+
+A helper to merge structs and maps in Golang. Useful for configuration default values, avoiding messy if-statements.
+
+Mergo merges same-type structs and maps by setting default values in zero-value fields. Mergo won't merge unexported (private) fields. It will do recursively any exported one. It also won't merge structs inside maps (because they are not addressable using Go reflection).
 
-### Latest release
+Also a lovely [comune](http://en.wikipedia.org/wiki/Mergo) (municipality) in the Province of Ancona in the Italian region of Marche.
+
+## Status
 
-[Release v0.3.6](https://github.com/imdario/mergo/releases/tag/v0.3.6).
+It is ready for production use. [It is used in several projects by Docker, Google, The Linux Foundation, VMWare, Shopify, etc](https://github.com/imdario/mergo#mergo-in-the-wild).
 
 ### Important note
 
-Please keep in mind that in [0.3.2](//github.com/imdario/mergo/releases/tag/0.3.2) Mergo changed `Merge()`and `Map()` signatures to support [transformers](#transformers). An optional/variadic argument has been added, so it won't break existing code.
+Please keep in mind that a problematic PR broke [0.3.9](//github.com/imdario/mergo/releases/tag/0.3.9). I reverted it in [0.3.10](//github.com/imdario/mergo/releases/tag/0.3.10), and I consider it stable but not bug-free. Also, this version adds suppot for go modules.
+
+Keep in mind that in [0.3.2](//github.com/imdario/mergo/releases/tag/0.3.2), Mergo changed `Merge()`and `Map()` signatures to support [transformers](#transformers). I added an optional/variadic argument so that it won't break the existing code.
 
-If you were using Mergo **before** April 6th 2015, please check your project works as intended after updating your local copy with ```go get -u github.com/imdario/mergo```. I apologize for any issue caused by its previous behavior and any future bug that Mergo could cause (I hope it won't!) in existing projects after the change (release 0.2.0).
+If you were using Mergo before April 6th, 2015, please check your project works as intended after updating your local copy with ```go get -u github.com/imdario/mergo```. I apologize for any issue caused by its previous behavior and any future bug that Mergo could cause in existing projects after the change (release 0.2.0).
 
 ### Donations
 
-If Mergo is useful to you, consider buying me a coffee, a beer or making a monthly donation so I can keep building great free software. :heart_eyes:
+If Mergo is useful to you, consider buying me a coffee, a beer, or making a monthly donation to allow me to keep building great free software. :heart_eyes:
 
 <a href='https://ko-fi.com/B0B58839' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://az743702.vo.msecnd.net/cdn/kofi1.png?v=0' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>
 [![Beerpay](https://beerpay.io/imdario/mergo/badge.svg)](https://beerpay.io/imdario/mergo)
@@ -86,8 +97,9 @@ If Mergo is useful to you, consider buying me a coffee, a beer or making a month
 - [mantasmatelis/whooplist-server](https://github.com/mantasmatelis/whooplist-server)
 - [jnuthong/item_search](https://github.com/jnuthong/item_search)
 - [bukalapak/snowboard](https://github.com/bukalapak/snowboard)
+- [containerssh/containerssh](https://github.com/containerssh/containerssh)
 
-## Installation
+## Install
 
     go get github.com/imdario/mergo
 
@@ -98,7 +110,7 @@ If Mergo is useful to you, consider buying me a coffee, a beer or making a month
 
 ## Usage
 
-You can only merge same-type structs with exported fields initialized as zero value of their type and same-types maps. Mergo won't merge unexported (private) fields but will do recursively any exported one. It won't merge empty structs value as [they are not considered zero values](https://golang.org/ref/spec#The_zero_value) either. Also maps will be merged recursively except for structs inside maps (because they are not addressable using Go reflection).
+You can only merge same-type structs with exported fields initialized as zero value of their type and same-types maps. Mergo won't merge unexported (private) fields but will do recursively any exported one. It won't merge empty structs value as [they are zero values](https://golang.org/ref/spec#The_zero_value) too. Also, maps will be merged recursively except for structs inside maps (because they are not addressable using Go reflection).
 
 ```go
 if err := mergo.Merge(&dst, src); err != nil {
@@ -124,9 +136,7 @@ if err := mergo.Map(&dst, srcMap); err != nil {
 
 Warning: if you map a struct to map, it won't do it recursively. Don't expect Mergo to map struct members of your struct as `map[string]interface{}`. They will be just assigned as values.
 
-More information and examples in [godoc documentation](http://godoc.org/github.com/imdario/mergo).
-
-### Nice example
+Here is a nice example:
 
 ```go
 package main
@@ -174,10 +184,10 @@ import (
         "time"
 )
 
-type timeTransfomer struct {
+type timeTransformer struct {
 }
 
-func (t timeTransfomer) Transformer(typ reflect.Type) func(dst, src reflect.Value) error {
+func (t timeTransformer) Transformer(typ reflect.Type) func(dst, src reflect.Value) error {
 	if typ == reflect.TypeOf(time.Time{}) {
 		return func(dst, src reflect.Value) error {
 			if dst.CanSet() {
@@ -201,7 +211,7 @@ type Snapshot struct {
 func main() {
 	src := Snapshot{time.Now()}
 	dest := Snapshot{}
-	mergo.Merge(&dest, src, mergo.WithTransformers(timeTransfomer{}))
+	mergo.Merge(&dest, src, mergo.WithTransformers(timeTransformer{}))
 	fmt.Println(dest)
 	// Will print
 	// { 2018-01-12 01:15:00 +0000 UTC m=+0.000000001 }
@@ -217,6 +227,21 @@ If I can help you, you have an idea or you are using Mergo in your projects, don
 
 Written by [Dario Castañé](http://dario.im).
 
+## Top Contributors
+
+[![0](https://sourcerer.io/fame/imdario/imdario/mergo/images/0)](https://sourcerer.io/fame/imdario/imdario/mergo/links/0)
+[![1](https://sourcerer.io/fame/imdario/imdario/mergo/images/1)](https://sourcerer.io/fame/imdario/imdario/mergo/links/1)
+[![2](https://sourcerer.io/fame/imdario/imdario/mergo/images/2)](https://sourcerer.io/fame/imdario/imdario/mergo/links/2)
+[![3](https://sourcerer.io/fame/imdario/imdario/mergo/images/3)](https://sourcerer.io/fame/imdario/imdario/mergo/links/3)
+[![4](https://sourcerer.io/fame/imdario/imdario/mergo/images/4)](https://sourcerer.io/fame/imdario/imdario/mergo/links/4)
+[![5](https://sourcerer.io/fame/imdario/imdario/mergo/images/5)](https://sourcerer.io/fame/imdario/imdario/mergo/links/5)
+[![6](https://sourcerer.io/fame/imdario/imdario/mergo/images/6)](https://sourcerer.io/fame/imdario/imdario/mergo/links/6)
+[![7](https://sourcerer.io/fame/imdario/imdario/mergo/images/7)](https://sourcerer.io/fame/imdario/imdario/mergo/links/7)
+
+
 ## License
 
 [BSD 3-Clause](http://opensource.org/licenses/BSD-3-Clause) license, as [Go language](http://golang.org/LICENSE).
+
+
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fimdario%2Fmergo.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fimdario%2Fmergo?ref=badge_large)
diff --git a/vendor/github.com/imdario/mergo/doc.go b/vendor/github.com/imdario/mergo/doc.go
index 6e9aa7baf3540..fcd985f995dc2 100644
--- a/vendor/github.com/imdario/mergo/doc.go
+++ b/vendor/github.com/imdario/mergo/doc.go
@@ -4,41 +4,140 @@
 // license that can be found in the LICENSE file.
 
 /*
-Package mergo merges same-type structs and maps by setting default values in zero-value fields.
+A helper to merge structs and maps in Golang. Useful for configuration default values, avoiding messy if-statements.
 
-Mergo won't merge unexported (private) fields but will do recursively any exported one. It also won't merge structs inside maps (because they are not addressable using Go reflection).
+Mergo merges same-type structs and maps by setting default values in zero-value fields. Mergo won't merge unexported (private) fields. It will do recursively any exported one. It also won't merge structs inside maps (because they are not addressable using Go reflection).
+
+Status
+
+It is ready for production use. It is used in several projects by Docker, Google, The Linux Foundation, VMWare, Shopify, etc.
+
+Important note
+
+Please keep in mind that a problematic PR broke 0.3.9. We reverted it in 0.3.10. We consider 0.3.10 as stable but not bug-free. . Also, this version adds suppot for go modules.
+
+Keep in mind that in 0.3.2, Mergo changed Merge() and Map() signatures to support transformers. We added an optional/variadic argument so that it won't break the existing code.
+
+If you were using Mergo before April 6th, 2015, please check your project works as intended after updating your local copy with go get -u github.com/imdario/mergo. I apologize for any issue caused by its previous behavior and any future bug that Mergo could cause in existing projects after the change (release 0.2.0).
+
+Install
+
+Do your usual installation procedure:
+
+    go get github.com/imdario/mergo
+
+    // use in your .go code
+    import (
+        "github.com/imdario/mergo"
+    )
 
 Usage
 
-From my own work-in-progress project:
+You can only merge same-type structs with exported fields initialized as zero value of their type and same-types maps. Mergo won't merge unexported (private) fields but will do recursively any exported one. It won't merge empty structs value as they are zero values too. Also, maps will be merged recursively except for structs inside maps (because they are not addressable using Go reflection).
+
+	if err := mergo.Merge(&dst, src); err != nil {
+		// ...
+	}
+
+Also, you can merge overwriting values using the transformer WithOverride.
+
+	if err := mergo.Merge(&dst, src, mergo.WithOverride); err != nil {
+		// ...
+	}
+
+Additionally, you can map a map[string]interface{} to a struct (and otherwise, from struct to map), following the same restrictions as in Merge(). Keys are capitalized to find each corresponding exported field.
+
+	if err := mergo.Map(&dst, srcMap); err != nil {
+		// ...
+	}
+
+Warning: if you map a struct to map, it won't do it recursively. Don't expect Mergo to map struct members of your struct as map[string]interface{}. They will be just assigned as values.
+
+Here is a nice example:
+
+	package main
+
+	import (
+		"fmt"
+		"github.com/imdario/mergo"
+	)
 
-	type networkConfig struct {
-		Protocol string
-		Address string
-		ServerType string `json: "server_type"`
-		Port uint16
+	type Foo struct {
+		A string
+		B int64
 	}
 
-	type FssnConfig struct {
-		Network networkConfig
+	func main() {
+		src := Foo{
+			A: "one",
+			B: 2,
+		}
+		dest := Foo{
+			A: "two",
+		}
+		mergo.Merge(&dest, src)
+		fmt.Println(dest)
+		// Will print
+		// {two 2}
 	}
 
-	var fssnDefault = FssnConfig {
-		networkConfig {
-			"tcp",
-			"127.0.0.1",
-			"http",
-			31560,
-		},
+Transformers
+
+Transformers allow to merge specific types differently than in the default behavior. In other words, now you can customize how some types are merged. For example, time.Time is a struct; it doesn't have zero value but IsZero can return true because it has fields with zero value. How can we merge a non-zero time.Time?
+
+	package main
+
+	import (
+		"fmt"
+		"github.com/imdario/mergo"
+			"reflect"
+			"time"
+	)
+
+	type timeTransformer struct {
 	}
 
-	// Inside a function [...]
+	func (t timeTransformer) Transformer(typ reflect.Type) func(dst, src reflect.Value) error {
+		if typ == reflect.TypeOf(time.Time{}) {
+			return func(dst, src reflect.Value) error {
+				if dst.CanSet() {
+					isZero := dst.MethodByName("IsZero")
+					result := isZero.Call([]reflect.Value{})
+					if result[0].Bool() {
+						dst.Set(src)
+					}
+				}
+				return nil
+			}
+		}
+		return nil
+	}
+
+	type Snapshot struct {
+		Time time.Time
+		// ...
+	}
 
-	if err := mergo.Merge(&config, fssnDefault); err != nil {
-		log.Fatal(err)
+	func main() {
+		src := Snapshot{time.Now()}
+		dest := Snapshot{}
+		mergo.Merge(&dest, src, mergo.WithTransformers(timeTransformer{}))
+		fmt.Println(dest)
+		// Will print
+		// { 2018-01-12 01:15:00 +0000 UTC m=+0.000000001 }
 	}
 
-	// More code [...]
+Contact me
+
+If I can help you, you have an idea or you are using Mergo in your projects, don't hesitate to drop me a line (or a pull request): https://twitter.com/im_dario
+
+About
+
+Written by Dario Castañé: https://da.rio.hn
+
+License
+
+BSD 3-Clause license, as Go language.
 
 */
 package mergo
diff --git a/vendor/github.com/imdario/mergo/go.mod b/vendor/github.com/imdario/mergo/go.mod
new file mode 100644
index 0000000000000..3d689d93eb3b0
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/go.mod
@@ -0,0 +1,5 @@
+module github.com/imdario/mergo
+
+go 1.13
+
+require gopkg.in/yaml.v2 v2.3.0
diff --git a/vendor/github.com/imdario/mergo/map.go b/vendor/github.com/imdario/mergo/map.go
index 6ea38e636b64f..a13a7ee46c777 100644
--- a/vendor/github.com/imdario/mergo/map.go
+++ b/vendor/github.com/imdario/mergo/map.go
@@ -72,6 +72,7 @@ func deepMap(dst, src reflect.Value, visited map[uintptr]*visit, depth int, conf
 	case reflect.Struct:
 		srcMap := src.Interface().(map[string]interface{})
 		for key := range srcMap {
+			config.overwriteWithEmptyValue = true
 			srcValue := srcMap[key]
 			fieldName := changeInitialCase(key, unicode.ToUpper)
 			dstElement := dst.FieldByName(fieldName)
@@ -140,6 +141,9 @@ func MapWithOverwrite(dst, src interface{}, opts ...func(*Config)) error {
 }
 
 func _map(dst, src interface{}, opts ...func(*Config)) error {
+	if dst != nil && reflect.ValueOf(dst).Kind() != reflect.Ptr {
+		return ErrNonPointerAgument
+	}
 	var (
 		vDst, vSrc reflect.Value
 		err        error
diff --git a/vendor/github.com/imdario/mergo/merge.go b/vendor/github.com/imdario/mergo/merge.go
index 44f70a89d919e..8c2a8fcd9019e 100644
--- a/vendor/github.com/imdario/mergo/merge.go
+++ b/vendor/github.com/imdario/mergo/merge.go
@@ -13,22 +13,39 @@ import (
 	"reflect"
 )
 
-func hasExportedField(dst reflect.Value) (exported bool) {
+func hasMergeableFields(dst reflect.Value) (exported bool) {
 	for i, n := 0, dst.NumField(); i < n; i++ {
 		field := dst.Type().Field(i)
 		if field.Anonymous && dst.Field(i).Kind() == reflect.Struct {
-			exported = exported || hasExportedField(dst.Field(i))
-		} else {
+			exported = exported || hasMergeableFields(dst.Field(i))
+		} else if isExportedComponent(&field) {
 			exported = exported || len(field.PkgPath) == 0
 		}
 	}
 	return
 }
 
+func isExportedComponent(field *reflect.StructField) bool {
+	pkgPath := field.PkgPath
+	if len(pkgPath) > 0 {
+		return false
+	}
+	c := field.Name[0]
+	if 'a' <= c && c <= 'z' || c == '_' {
+		return false
+	}
+	return true
+}
+
 type Config struct {
-	Overwrite    bool
-	AppendSlice  bool
-	Transformers Transformers
+	Overwrite                    bool
+	AppendSlice                  bool
+	TypeCheck                    bool
+	Transformers                 Transformers
+	overwriteWithEmptyValue      bool
+	overwriteSliceWithEmptyValue bool
+	sliceDeepCopy                bool
+	debug                        bool
 }
 
 type Transformers interface {
@@ -40,6 +57,10 @@ type Transformers interface {
 // short circuiting on recursive types.
 func deepMerge(dst, src reflect.Value, visited map[uintptr]*visit, depth int, config *Config) (err error) {
 	overwrite := config.Overwrite
+	typeCheck := config.TypeCheck
+	overwriteWithEmptySrc := config.overwriteWithEmptyValue
+	overwriteSliceWithEmptySrc := config.overwriteSliceWithEmptyValue
+	sliceDeepCopy := config.sliceDeepCopy
 
 	if !src.IsValid() {
 		return
@@ -67,21 +88,34 @@ func deepMerge(dst, src reflect.Value, visited map[uintptr]*visit, depth int, co
 
 	switch dst.Kind() {
 	case reflect.Struct:
-		if hasExportedField(dst) {
+		if hasMergeableFields(dst) {
 			for i, n := 0, dst.NumField(); i < n; i++ {
 				if err = deepMerge(dst.Field(i), src.Field(i), visited, depth+1, config); err != nil {
 					return
 				}
 			}
 		} else {
-			if dst.CanSet() && !isEmptyValue(src) && (overwrite || isEmptyValue(dst)) {
+			if dst.CanSet() && (isReflectNil(dst) || overwrite) && (!isEmptyValue(src) || overwriteWithEmptySrc) {
 				dst.Set(src)
 			}
 		}
 	case reflect.Map:
 		if dst.IsNil() && !src.IsNil() {
-			dst.Set(reflect.MakeMap(dst.Type()))
+			if dst.CanSet() {
+				dst.Set(reflect.MakeMap(dst.Type()))
+			} else {
+				dst = src
+				return
+			}
 		}
+
+		if src.Kind() != reflect.Map {
+			if overwrite {
+				dst.Set(src)
+			}
+			return
+		}
+
 		for _, key := range src.MapKeys() {
 			srcElement := src.MapIndex(key)
 			if !srcElement.IsValid() {
@@ -91,6 +125,9 @@ func deepMerge(dst, src reflect.Value, visited map[uintptr]*visit, depth int, co
 			switch srcElement.Kind() {
 			case reflect.Chan, reflect.Func, reflect.Map, reflect.Interface, reflect.Slice:
 				if srcElement.IsNil() {
+					if overwrite {
+						dst.SetMapIndex(key, srcElement)
+					}
 					continue
 				}
 				fallthrough
@@ -125,22 +162,43 @@ func deepMerge(dst, src reflect.Value, visited map[uintptr]*visit, depth int, co
 						dstSlice = reflect.ValueOf(dstElement.Interface())
 					}
 
-					if !isEmptyValue(src) && (overwrite || isEmptyValue(dst)) && !config.AppendSlice {
+					if (!isEmptyValue(src) || overwriteWithEmptySrc || overwriteSliceWithEmptySrc) && (overwrite || isEmptyValue(dst)) && !config.AppendSlice && !sliceDeepCopy {
+						if typeCheck && srcSlice.Type() != dstSlice.Type() {
+							return fmt.Errorf("cannot override two slices with different type (%s, %s)", srcSlice.Type(), dstSlice.Type())
+						}
 						dstSlice = srcSlice
 					} else if config.AppendSlice {
 						if srcSlice.Type() != dstSlice.Type() {
-							return fmt.Errorf("cannot append two slice with different type (%s, %s)", srcSlice.Type(), dstSlice.Type())
+							return fmt.Errorf("cannot append two slices with different type (%s, %s)", srcSlice.Type(), dstSlice.Type())
 						}
 						dstSlice = reflect.AppendSlice(dstSlice, srcSlice)
+					} else if sliceDeepCopy {
+						i := 0
+						for ; i < srcSlice.Len() && i < dstSlice.Len(); i++ {
+							srcElement := srcSlice.Index(i)
+							dstElement := dstSlice.Index(i)
+
+							if srcElement.CanInterface() {
+								srcElement = reflect.ValueOf(srcElement.Interface())
+							}
+							if dstElement.CanInterface() {
+								dstElement = reflect.ValueOf(dstElement.Interface())
+							}
+
+							if err = deepMerge(dstElement, srcElement, visited, depth+1, config); err != nil {
+								return
+							}
+						}
+
 					}
 					dst.SetMapIndex(key, dstSlice)
 				}
 			}
-			if dstElement.IsValid() && reflect.TypeOf(srcElement.Interface()).Kind() == reflect.Map {
+			if dstElement.IsValid() && !isEmptyValue(dstElement) && (reflect.TypeOf(srcElement.Interface()).Kind() == reflect.Map || reflect.TypeOf(srcElement.Interface()).Kind() == reflect.Slice) {
 				continue
 			}
 
-			if srcElement.IsValid() && (overwrite || (!dstElement.IsValid() || isEmptyValue(dstElement))) {
+			if srcElement.IsValid() && ((srcElement.Kind() != reflect.Ptr && overwrite) || !dstElement.IsValid() || isEmptyValue(dstElement)) {
 				if dst.IsNil() {
 					dst.Set(reflect.MakeMap(dst.Type()))
 				}
@@ -151,22 +209,41 @@ func deepMerge(dst, src reflect.Value, visited map[uintptr]*visit, depth int, co
 		if !dst.CanSet() {
 			break
 		}
-		if !isEmptyValue(src) && (overwrite || isEmptyValue(dst)) && !config.AppendSlice {
+		if (!isEmptyValue(src) || overwriteWithEmptySrc || overwriteSliceWithEmptySrc) && (overwrite || isEmptyValue(dst)) && !config.AppendSlice && !sliceDeepCopy {
 			dst.Set(src)
 		} else if config.AppendSlice {
 			if src.Type() != dst.Type() {
 				return fmt.Errorf("cannot append two slice with different type (%s, %s)", src.Type(), dst.Type())
 			}
 			dst.Set(reflect.AppendSlice(dst, src))
+		} else if sliceDeepCopy {
+			for i := 0; i < src.Len() && i < dst.Len(); i++ {
+				srcElement := src.Index(i)
+				dstElement := dst.Index(i)
+				if srcElement.CanInterface() {
+					srcElement = reflect.ValueOf(srcElement.Interface())
+				}
+				if dstElement.CanInterface() {
+					dstElement = reflect.ValueOf(dstElement.Interface())
+				}
+
+				if err = deepMerge(dstElement, srcElement, visited, depth+1, config); err != nil {
+					return
+				}
+			}
 		}
 	case reflect.Ptr:
 		fallthrough
 	case reflect.Interface:
-		if src.IsNil() {
+		if isReflectNil(src) {
+			if overwriteWithEmptySrc && dst.CanSet() && src.Type().AssignableTo(dst.Type()) {
+				dst.Set(src)
+			}
 			break
 		}
+
 		if src.Kind() != reflect.Interface {
-			if dst.IsNil() || overwrite {
+			if dst.IsNil() || (src.Kind() != reflect.Ptr && overwrite) {
 				if dst.CanSet() && (overwrite || isEmptyValue(dst)) {
 					dst.Set(src)
 				}
@@ -183,18 +260,31 @@ func deepMerge(dst, src reflect.Value, visited map[uintptr]*visit, depth int, co
 			}
 			break
 		}
+
 		if dst.IsNil() || overwrite {
 			if dst.CanSet() && (overwrite || isEmptyValue(dst)) {
 				dst.Set(src)
 			}
-		} else if err = deepMerge(dst.Elem(), src.Elem(), visited, depth+1, config); err != nil {
-			return
+			break
+		}
+
+		if dst.Elem().Kind() == src.Elem().Kind() {
+			if err = deepMerge(dst.Elem(), src.Elem(), visited, depth+1, config); err != nil {
+				return
+			}
+			break
 		}
 	default:
-		if dst.CanSet() && !isEmptyValue(src) && (overwrite || isEmptyValue(dst)) {
-			dst.Set(src)
+		mustSet := (isEmptyValue(dst) || overwrite) && (!isEmptyValue(src) || overwriteWithEmptySrc)
+		if mustSet {
+			if dst.CanSet() {
+				dst.Set(src)
+			} else {
+				dst = src
+			}
 		}
 	}
+
 	return
 }
 
@@ -206,7 +296,7 @@ func Merge(dst, src interface{}, opts ...func(*Config)) error {
 	return merge(dst, src, opts...)
 }
 
-// MergeWithOverwrite will do the same as Merge except that non-empty dst attributes will be overriden by
+// MergeWithOverwrite will do the same as Merge except that non-empty dst attributes will be overridden by
 // non-empty src attribute values.
 // Deprecated: use Merge(…) with WithOverride
 func MergeWithOverwrite(dst, src interface{}, opts ...func(*Config)) error {
@@ -225,12 +315,37 @@ func WithOverride(config *Config) {
 	config.Overwrite = true
 }
 
-// WithAppendSlice will make merge append slices instead of overwriting it
+// WithOverwriteWithEmptyValue will make merge override non empty dst attributes with empty src attributes values.
+func WithOverwriteWithEmptyValue(config *Config) {
+	config.Overwrite = true
+	config.overwriteWithEmptyValue = true
+}
+
+// WithOverrideEmptySlice will make merge override empty dst slice with empty src slice.
+func WithOverrideEmptySlice(config *Config) {
+	config.overwriteSliceWithEmptyValue = true
+}
+
+// WithAppendSlice will make merge append slices instead of overwriting it.
 func WithAppendSlice(config *Config) {
 	config.AppendSlice = true
 }
 
+// WithTypeCheck will make merge check types while overwriting it (must be used with WithOverride).
+func WithTypeCheck(config *Config) {
+	config.TypeCheck = true
+}
+
+// WithSliceDeepCopy will merge slice element one by one with Overwrite flag.
+func WithSliceDeepCopy(config *Config) {
+	config.sliceDeepCopy = true
+	config.Overwrite = true
+}
+
 func merge(dst, src interface{}, opts ...func(*Config)) error {
+	if dst != nil && reflect.ValueOf(dst).Kind() != reflect.Ptr {
+		return ErrNonPointerAgument
+	}
 	var (
 		vDst, vSrc reflect.Value
 		err        error
@@ -250,3 +365,16 @@ func merge(dst, src interface{}, opts ...func(*Config)) error {
 	}
 	return deepMerge(vDst, vSrc, make(map[uintptr]*visit), 0, config)
 }
+
+// IsReflectNil is the reflect value provided nil
+func isReflectNil(v reflect.Value) bool {
+	k := v.Kind()
+	switch k {
+	case reflect.Interface, reflect.Slice, reflect.Chan, reflect.Func, reflect.Map, reflect.Ptr:
+		// Both interface and slice are nil if first word is 0.
+		// Both are always bigger than a word; assume flagIndir.
+		return v.IsNil()
+	default:
+		return false
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/mergo.go b/vendor/github.com/imdario/mergo/mergo.go
index a82fea2fdccc3..3cc926c7f6245 100644
--- a/vendor/github.com/imdario/mergo/mergo.go
+++ b/vendor/github.com/imdario/mergo/mergo.go
@@ -20,6 +20,7 @@ var (
 	ErrNotSupported                = errors.New("only structs and maps are supported")
 	ErrExpectedMapAsDestination    = errors.New("dst was expected to be a map")
 	ErrExpectedStructAsDestination = errors.New("dst was expected to be a struct")
+	ErrNonPointerAgument           = errors.New("dst must be a pointer")
 )
 
 // During deepMerge, must keep track of checks that are
@@ -75,23 +76,3 @@ func resolveValues(dst, src interface{}) (vDst, vSrc reflect.Value, err error) {
 	}
 	return
 }
-
-// Traverses recursively both values, assigning src's fields values to dst.
-// The map argument tracks comparisons that have already been seen, which allows
-// short circuiting on recursive types.
-func deeper(dst, src reflect.Value, visited map[uintptr]*visit, depth int) (err error) {
-	if dst.CanAddr() {
-		addr := dst.UnsafeAddr()
-		h := 17 * addr
-		seen := visited[h]
-		typ := dst.Type()
-		for p := seen; p != nil; p = p.next {
-			if p.ptr == addr && p.typ == typ {
-				return nil
-			}
-		}
-		// Remember, remember...
-		visited[h] = &visit{addr, typ, seen}
-	}
-	return // TODO refactor
-}
diff --git a/vendor/github.com/ishidawataru/sctp/GO_LICENSE b/vendor/github.com/ishidawataru/sctp/GO_LICENSE
new file mode 100644
index 0000000000000..6a66aea5eafe0
--- /dev/null
+++ b/vendor/github.com/ishidawataru/sctp/GO_LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/ishidawataru/sctp/NOTICE b/vendor/github.com/ishidawataru/sctp/NOTICE
new file mode 100644
index 0000000000000..cfb675fd4ba42
--- /dev/null
+++ b/vendor/github.com/ishidawataru/sctp/NOTICE
@@ -0,0 +1,3 @@
+This source code includes following third party code
+
+- ipsock_linux.go : licensed by the Go authors, see GO_LICENSE file for the license which applies to the code
diff --git a/vendor/github.com/ishidawataru/sctp/go.mod b/vendor/github.com/ishidawataru/sctp/go.mod
new file mode 100644
index 0000000000000..5adf982b086ca
--- /dev/null
+++ b/vendor/github.com/ishidawataru/sctp/go.mod
@@ -0,0 +1,3 @@
+module github.com/ishidawataru/sctp
+
+go 1.12
diff --git a/vendor/github.com/ishidawataru/sctp/ipsock_linux.go b/vendor/github.com/ishidawataru/sctp/ipsock_linux.go
new file mode 100644
index 0000000000000..3df30fa4601a0
--- /dev/null
+++ b/vendor/github.com/ishidawataru/sctp/ipsock_linux.go
@@ -0,0 +1,222 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the GO_LICENSE file.
+
+package sctp
+
+import (
+	"net"
+	"os"
+	"sync"
+	"syscall"
+)
+
+//from https://github.com/golang/go
+// Boolean to int.
+func boolint(b bool) int {
+	if b {
+		return 1
+	}
+	return 0
+}
+
+//from https://github.com/golang/go
+func ipToSockaddr(family int, ip net.IP, port int, zone string) (syscall.Sockaddr, error) {
+	switch family {
+	case syscall.AF_INET:
+		if len(ip) == 0 {
+			ip = net.IPv4zero
+		}
+		ip4 := ip.To4()
+		if ip4 == nil {
+			return nil, &net.AddrError{Err: "non-IPv4 address", Addr: ip.String()}
+		}
+		sa := &syscall.SockaddrInet4{Port: port}
+		copy(sa.Addr[:], ip4)
+		return sa, nil
+	case syscall.AF_INET6:
+		// In general, an IP wildcard address, which is either
+		// "0.0.0.0" or "::", means the entire IP addressing
+		// space. For some historical reason, it is used to
+		// specify "any available address" on some operations
+		// of IP node.
+		//
+		// When the IP node supports IPv4-mapped IPv6 address,
+		// we allow an listener to listen to the wildcard
+		// address of both IP addressing spaces by specifying
+		// IPv6 wildcard address.
+		if len(ip) == 0 || ip.Equal(net.IPv4zero) {
+			ip = net.IPv6zero
+		}
+		// We accept any IPv6 address including IPv4-mapped
+		// IPv6 address.
+		ip6 := ip.To16()
+		if ip6 == nil {
+			return nil, &net.AddrError{Err: "non-IPv6 address", Addr: ip.String()}
+		}
+		//we set ZoneId to 0, as currently we use this functon only to probe the IP capabilities of the host
+		//if real Zone handling is required, the zone cache implementation in golang/net should be pulled here
+		sa := &syscall.SockaddrInet6{Port: port, ZoneId: 0}
+		copy(sa.Addr[:], ip6)
+		return sa, nil
+	}
+	return nil, &net.AddrError{Err: "invalid address family", Addr: ip.String()}
+}
+
+//from https://github.com/golang/go
+func sockaddr(a *net.TCPAddr, family int) (syscall.Sockaddr, error) {
+	if a == nil {
+		return nil, nil
+	}
+	return ipToSockaddr(family, a.IP, a.Port, a.Zone)
+}
+
+//from https://github.com/golang/go
+type ipStackCapabilities struct {
+	sync.Once             // guards following
+	ipv4Enabled           bool
+	ipv6Enabled           bool
+	ipv4MappedIPv6Enabled bool
+}
+
+//from https://github.com/golang/go
+var ipStackCaps ipStackCapabilities
+
+//from https://github.com/golang/go
+// supportsIPv4 reports whether the platform supports IPv4 networking
+// functionality.
+func supportsIPv4() bool {
+	ipStackCaps.Once.Do(ipStackCaps.probe)
+	return ipStackCaps.ipv4Enabled
+}
+
+//from https://github.com/golang/go
+// supportsIPv6 reports whether the platform supports IPv6 networking
+// functionality.
+func supportsIPv6() bool {
+	ipStackCaps.Once.Do(ipStackCaps.probe)
+	return ipStackCaps.ipv6Enabled
+}
+
+//from https://github.com/golang/go
+// supportsIPv4map reports whether the platform supports mapping an
+// IPv4 address inside an IPv6 address at transport layer
+// protocols. See RFC 4291, RFC 4038 and RFC 3493.
+func supportsIPv4map() bool {
+	ipStackCaps.Once.Do(ipStackCaps.probe)
+	return ipStackCaps.ipv4MappedIPv6Enabled
+}
+
+//from https://github.com/golang/go
+// Probe probes IPv4, IPv6 and IPv4-mapped IPv6 communication
+// capabilities which are controlled by the IPV6_V6ONLY socket option
+// and kernel configuration.
+//
+// Should we try to use the IPv4 socket interface if we're only
+// dealing with IPv4 sockets? As long as the host system understands
+// IPv4-mapped IPv6, it's okay to pass IPv4-mapeed IPv6 addresses to
+// the IPv6 interface. That simplifies our code and is most
+// general. Unfortunately, we need to run on kernels built without
+// IPv6 support too. So probe the kernel to figure it out.
+func (p *ipStackCapabilities) probe() {
+	s, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_TCP)
+	switch err {
+	case syscall.EAFNOSUPPORT, syscall.EPROTONOSUPPORT:
+	case nil:
+		syscall.Close(s)
+		p.ipv4Enabled = true
+	}
+	var probes = []struct {
+		laddr net.TCPAddr
+		value int
+	}{
+		// IPv6 communication capability
+		{laddr: net.TCPAddr{IP: net.IPv6loopback}, value: 1},
+		// IPv4-mapped IPv6 address communication capability
+		{laddr: net.TCPAddr{IP: net.IPv4(127, 0, 0, 1)}, value: 0},
+	}
+
+	for i := range probes {
+		s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_TCP)
+		if err != nil {
+			continue
+		}
+		defer syscall.Close(s)
+		syscall.SetsockoptInt(s, syscall.IPPROTO_IPV6, syscall.IPV6_V6ONLY, probes[i].value)
+		sa, err := sockaddr(&(probes[i].laddr), syscall.AF_INET6)
+		if err != nil {
+			continue
+		}
+		if err := syscall.Bind(s, sa); err != nil {
+			continue
+		}
+		if i == 0 {
+			p.ipv6Enabled = true
+		} else {
+			p.ipv4MappedIPv6Enabled = true
+		}
+	}
+}
+
+//from https://github.com/golang/go
+//Change: we check the first IP address in the list of candidate SCTP IP addresses
+func (a *SCTPAddr) isWildcard() bool {
+	if a == nil {
+		return true
+	}
+	if 0 == len(a.IPAddrs) {
+		return true
+	}
+
+	return a.IPAddrs[0].IP.IsUnspecified()
+}
+
+func (a *SCTPAddr) family() int {
+	if a != nil {
+		for _, ip := range a.IPAddrs {
+			if ip.IP.To4() == nil {
+				return syscall.AF_INET6
+			}
+		}
+	}
+	return syscall.AF_INET
+}
+
+//from https://github.com/golang/go
+func favoriteAddrFamily(network string, laddr *SCTPAddr, raddr *SCTPAddr, mode string) (family int, ipv6only bool) {
+	switch network[len(network)-1] {
+	case '4':
+		return syscall.AF_INET, false
+	case '6':
+		return syscall.AF_INET6, true
+	}
+
+	if mode == "listen" && (laddr == nil || laddr.isWildcard()) {
+		if supportsIPv4map() || !supportsIPv4() {
+			return syscall.AF_INET6, false
+		}
+		if laddr == nil {
+			return syscall.AF_INET, false
+		}
+		return laddr.family(), false
+	}
+
+	if (laddr == nil || laddr.family() == syscall.AF_INET) &&
+		(raddr == nil || raddr.family() == syscall.AF_INET) {
+		return syscall.AF_INET, false
+	}
+	return syscall.AF_INET6, false
+}
+
+//from https://github.com/golang/go
+//Changes: it is for SCTP only
+func setDefaultSockopts(s int, family int, ipv6only bool) error {
+	if family == syscall.AF_INET6 {
+		// Allow both IP versions even if the OS default
+		// is otherwise. Note that some operating systems
+		// never admit this option.
+		syscall.SetsockoptInt(s, syscall.IPPROTO_IPV6, syscall.IPV6_V6ONLY, boolint(ipv6only))
+	}
+	// Allow broadcast.
+	return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(s, syscall.SOL_SOCKET, syscall.SO_BROADCAST, 1))
+}
diff --git a/vendor/github.com/ishidawataru/sctp/sctp.go b/vendor/github.com/ishidawataru/sctp/sctp.go
index cac1a889ca305..94842f42702fa 100644
--- a/vendor/github.com/ishidawataru/sctp/sctp.go
+++ b/vendor/github.com/ishidawataru/sctp/sctp.go
@@ -1,3 +1,18 @@
+// Copyright 2019 Wataru Ishida. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+// implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package sctp
 
 import (
@@ -197,37 +212,58 @@ func htons(h uint16) uint16 {
 
 var ntohs = htons
 
-func setNumOstreams(fd, num int) error {
-	param := InitMsg{
-		NumOstreams: uint16(num),
-	}
-	optlen := unsafe.Sizeof(param)
-	_, _, err := setsockopt(fd, SCTP_INITMSG, uintptr(unsafe.Pointer(&param)), uintptr(optlen))
+// setInitOpts sets options for an SCTP association initialization
+// see https://tools.ietf.org/html/rfc4960#page-25
+func setInitOpts(fd int, options InitMsg) error {
+	optlen := unsafe.Sizeof(options)
+	_, _, err := setsockopt(fd, SCTP_INITMSG, uintptr(unsafe.Pointer(&options)), uintptr(optlen))
 	return err
 }
 
+func setNumOstreams(fd, num int) error {
+	return setInitOpts(fd, InitMsg{NumOstreams: uint16(num)})
+}
+
 type SCTPAddr struct {
-	IP   []net.IP
-	Port int
+	IPAddrs []net.IPAddr
+	Port    int
 }
 
 func (a *SCTPAddr) ToRawSockAddrBuf() []byte {
-	buf := []byte{}
 	p := htons(uint16(a.Port))
-	for _, ip := range a.IP {
-		if ip.To4() != nil {
+	if len(a.IPAddrs) == 0 { // if a.IPAddrs list is empty - fall back to IPv4 zero addr
+		s := syscall.RawSockaddrInet4{
+			Family: syscall.AF_INET,
+			Port:   p,
+		}
+		copy(s.Addr[:], net.IPv4zero)
+		return toBuf(s)
+	}
+	buf := []byte{}
+	for _, ip := range a.IPAddrs {
+		ipBytes := ip.IP
+		if len(ipBytes) == 0 {
+			ipBytes = net.IPv4zero
+		}
+		if ip4 := ipBytes.To4(); ip4 != nil {
 			s := syscall.RawSockaddrInet4{
 				Family: syscall.AF_INET,
 				Port:   p,
 			}
-			copy(s.Addr[:], ip.To4())
+			copy(s.Addr[:], ip4)
 			buf = append(buf, toBuf(s)...)
 		} else {
+			var scopeid uint32
+			ifi, err := net.InterfaceByName(ip.Zone)
+			if err == nil {
+				scopeid = uint32(ifi.Index)
+			}
 			s := syscall.RawSockaddrInet6{
-				Family: syscall.AF_INET6,
-				Port:   p,
+				Family:   syscall.AF_INET6,
+				Port:     p,
+				Scope_id: scopeid,
 			}
-			copy(s.Addr[:], ip)
+			copy(s.Addr[:], ipBytes)
 			buf = append(buf, toBuf(s)...)
 		}
 	}
@@ -237,15 +273,15 @@ func (a *SCTPAddr) ToRawSockAddrBuf() []byte {
 func (a *SCTPAddr) String() string {
 	var b bytes.Buffer
 
-	for n, i := range a.IP {
-		if a.IP[n].To4() != nil {
+	for n, i := range a.IPAddrs {
+		if i.IP.To4() != nil {
 			b.WriteString(i.String())
-		} else if a.IP[n].To16() != nil {
+		} else if i.IP.To16() != nil {
 			b.WriteRune('[')
 			b.WriteString(i.String())
 			b.WriteRune(']')
 		}
-		if n < len(a.IP)-1 {
+		if n < len(a.IPAddrs)-1 {
 			b.WriteRune('/')
 		}
 	}
@@ -260,6 +296,7 @@ func ResolveSCTPAddr(network, addrs string) (*SCTPAddr, error) {
 	tcpnet := ""
 	switch network {
 	case "", "sctp":
+		tcpnet = "tcp"
 	case "sctp4":
 		tcpnet = "tcp4"
 	case "sctp6":
@@ -271,26 +308,26 @@ func ResolveSCTPAddr(network, addrs string) (*SCTPAddr, error) {
 	if len(elems) == 0 {
 		return nil, fmt.Errorf("invalid input: %s", addrs)
 	}
-	ipaddrs := make([]net.IP, 0, len(elems))
+	ipaddrs := make([]net.IPAddr, 0, len(elems))
 	for _, e := range elems[:len(elems)-1] {
 		tcpa, err := net.ResolveTCPAddr(tcpnet, e+":")
 		if err != nil {
 			return nil, err
 		}
-		ipaddrs = append(ipaddrs, tcpa.IP)
+		ipaddrs = append(ipaddrs, net.IPAddr{IP: tcpa.IP, Zone: tcpa.Zone})
 	}
 	tcpa, err := net.ResolveTCPAddr(tcpnet, elems[len(elems)-1])
 	if err != nil {
 		return nil, err
 	}
 	if tcpa.IP != nil {
-		ipaddrs = append(ipaddrs, tcpa.IP)
+		ipaddrs = append(ipaddrs, net.IPAddr{IP: tcpa.IP, Zone: tcpa.Zone})
 	} else {
 		ipaddrs = nil
 	}
 	return &SCTPAddr{
-		IP:   ipaddrs,
-		Port: tcpa.Port,
+		IPAddrs: ipaddrs,
+		Port:    tcpa.Port,
 	}, nil
 }
 
@@ -357,15 +394,12 @@ func (c *SCTPConn) Read(b []byte) (int, error) {
 }
 
 func (c *SCTPConn) SetInitMsg(numOstreams, maxInstreams, maxAttempts, maxInitTimeout int) error {
-	param := InitMsg{
+	return setInitOpts(c.fd(), InitMsg{
 		NumOstreams:    uint16(numOstreams),
 		MaxInstreams:   uint16(maxInstreams),
 		MaxAttempts:    uint16(maxAttempts),
 		MaxInitTimeout: uint16(maxInitTimeout),
-	}
-	optlen := unsafe.Sizeof(param)
-	_, _, err := setsockopt(c.fd(), SCTP_INITMSG, uintptr(unsafe.Pointer(&param)), uintptr(optlen))
-	return err
+	})
 }
 
 func (c *SCTPConn) SubscribeEvents(flags int) error {
@@ -473,7 +507,7 @@ func (c *SCTPConn) GetDefaultSentParam() (*SndRcvInfo, error) {
 
 func resolveFromRawAddr(ptr unsafe.Pointer, n int) (*SCTPAddr, error) {
 	addr := &SCTPAddr{
-		IP: make([]net.IP, n),
+		IPAddrs: make([]net.IPAddr, n),
 	}
 
 	switch family := (*(*syscall.RawSockaddrAny)(ptr)).Addr.Family; family {
@@ -484,7 +518,7 @@ func resolveFromRawAddr(ptr unsafe.Pointer, n int) (*SCTPAddr, error) {
 		for i := 0; i < n; i++ {
 			a := *(*syscall.RawSockaddrInet4)(unsafe.Pointer(
 				uintptr(ptr) + size*uintptr(i)))
-			addr.IP[i] = a.Addr[:]
+			addr.IPAddrs[i] = net.IPAddr{IP: a.Addr[:]}
 		}
 	case syscall.AF_INET6:
 		addr.Port = int(ntohs(uint16((*(*syscall.RawSockaddrInet4)(ptr)).Port)))
@@ -493,7 +527,12 @@ func resolveFromRawAddr(ptr unsafe.Pointer, n int) (*SCTPAddr, error) {
 		for i := 0; i < n; i++ {
 			a := *(*syscall.RawSockaddrInet6)(unsafe.Pointer(
 				uintptr(ptr) + size*uintptr(i)))
-			addr.IP[i] = a.Addr[:]
+			var zone string
+			ifi, err := net.InterfaceByIndex(int(a.Scope_id))
+			if err == nil {
+				zone = ifi.Name
+			}
+			addr.IPAddrs[i] = net.IPAddr{IP: a.Addr[:], Zone: zone}
 		}
 	default:
 		return nil, fmt.Errorf("unknown address family: %d", family)
@@ -654,3 +693,37 @@ func (c *SCTPSndRcvInfoWrappedConn) SetReadDeadline(t time.Time) error {
 func (c *SCTPSndRcvInfoWrappedConn) SetWriteDeadline(t time.Time) error {
 	return c.conn.SetWriteDeadline(t)
 }
+
+func (c *SCTPSndRcvInfoWrappedConn) SetWriteBuffer(bytes int) error {
+	return c.conn.SetWriteBuffer(bytes)
+}
+
+func (c *SCTPSndRcvInfoWrappedConn) GetWriteBuffer() (int, error) {
+	return c.conn.GetWriteBuffer()
+}
+
+func (c *SCTPSndRcvInfoWrappedConn) SetReadBuffer(bytes int) error {
+	return c.conn.SetReadBuffer(bytes)
+}
+
+func (c *SCTPSndRcvInfoWrappedConn) GetReadBuffer() (int, error) {
+	return c.conn.GetReadBuffer()
+}
+
+// SocketConfig contains options for the SCTP socket.
+type SocketConfig struct {
+	// If Control is not nil it is called after the socket is created but before
+	// it is bound or connected.
+	Control func(network, address string, c syscall.RawConn) error
+
+	// InitMsg is the options to send in the initial SCTP message
+	InitMsg InitMsg
+}
+
+func (cfg *SocketConfig) Listen(net string, laddr *SCTPAddr) (*SCTPListener, error) {
+	return listenSCTPExtConfig(net, laddr, cfg.InitMsg, cfg.Control)
+}
+
+func (cfg *SocketConfig) Dial(net string, laddr, raddr *SCTPAddr) (*SCTPConn, error) {
+	return dialSCTPExtConfig(net, laddr, raddr, cfg.InitMsg, cfg.Control)
+}
diff --git a/vendor/github.com/ishidawataru/sctp/sctp_linux.go b/vendor/github.com/ishidawataru/sctp/sctp_linux.go
index f93ab8622ac90..d96d09e5ca925 100644
--- a/vendor/github.com/ishidawataru/sctp/sctp_linux.go
+++ b/vendor/github.com/ishidawataru/sctp/sctp_linux.go
@@ -1,9 +1,22 @@
 // +build linux,!386
+// Copyright 2019 Wataru Ishida. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+// implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package sctp
 
 import (
-	"fmt"
 	"io"
 	"net"
 	"sync/atomic"
@@ -41,6 +54,23 @@ func getsockopt(fd int, optname, optval, optlen uintptr) (uintptr, uintptr, erro
 	return r0, r1, nil
 }
 
+type rawConn struct {
+	sockfd int
+}
+
+func (r rawConn) Control(f func(fd uintptr)) error {
+	f(uintptr(r.sockfd))
+	return nil
+}
+
+func (r rawConn) Read(f func(fd uintptr) (done bool)) error {
+	panic("not implemented")
+}
+
+func (r rawConn) Write(f func(fd uintptr) (done bool)) error {
+	panic("not implemented")
+}
+
 func (c *SCTPConn) SCTPWrite(b []byte, info *SndRcvInfo) (int, error) {
 	var cbuf []byte
 	if info != nil {
@@ -115,31 +145,35 @@ func (c *SCTPConn) Close() error {
 	return syscall.EBADF
 }
 
+func (c *SCTPConn) SetWriteBuffer(bytes int) error {
+	return syscall.SetsockoptInt(c.fd(), syscall.SOL_SOCKET, syscall.SO_SNDBUF, bytes)
+}
+
+func (c *SCTPConn) GetWriteBuffer() (int, error) {
+	return syscall.GetsockoptInt(c.fd(), syscall.SOL_SOCKET, syscall.SO_SNDBUF)
+}
+
+func (c *SCTPConn) SetReadBuffer(bytes int) error {
+	return syscall.SetsockoptInt(c.fd(), syscall.SOL_SOCKET, syscall.SO_RCVBUF, bytes)
+}
+
+func (c *SCTPConn) GetReadBuffer() (int, error) {
+	return syscall.GetsockoptInt(c.fd(), syscall.SOL_SOCKET, syscall.SO_RCVBUF)
+}
+
+// ListenSCTP - start listener on specified address/port
 func ListenSCTP(net string, laddr *SCTPAddr) (*SCTPListener, error) {
-	af := syscall.AF_INET
-	switch net {
-	case "sctp":
-		hasv6 := func(addr *SCTPAddr) bool {
-			if addr == nil {
-				return false
-			}
-			for _, ip := range addr.IP {
-				if ip.To4() == nil {
-					return true
-				}
-			}
-			return false
-		}
-		if hasv6(laddr) {
-			af = syscall.AF_INET6
-		}
-	case "sctp4":
-	case "sctp6":
-		af = syscall.AF_INET6
-	default:
-		return nil, fmt.Errorf("invalid net: %s", net)
-	}
+	return ListenSCTPExt(net, laddr, InitMsg{NumOstreams: SCTP_MAX_STREAM})
+}
 
+// ListenSCTPExt - start listener on specified address/port with given SCTP options
+func ListenSCTPExt(network string, laddr *SCTPAddr, options InitMsg) (*SCTPListener, error) {
+	return listenSCTPExtConfig(network, laddr, options, nil)
+}
+
+// listenSCTPExtConfig - start listener on specified address/port with given SCTP options and socket configuration
+func listenSCTPExtConfig(network string, laddr *SCTPAddr, options InitMsg, control func(network, address string, c syscall.RawConn) error) (*SCTPListener, error) {
+	af, ipv6only := favoriteAddrFamily(network, laddr, nil, "listen")
 	sock, err := syscall.Socket(
 		af,
 		syscall.SOCK_STREAM,
@@ -148,12 +182,37 @@ func ListenSCTP(net string, laddr *SCTPAddr) (*SCTPListener, error) {
 	if err != nil {
 		return nil, err
 	}
-	err = setNumOstreams(sock, SCTP_MAX_STREAM)
+
+	// close socket on error
+	defer func() {
+		if err != nil {
+			syscall.Close(sock)
+		}
+	}()
+	if err = setDefaultSockopts(sock, af, ipv6only); err != nil {
+		return nil, err
+	}
+	if control != nil {
+		rc := rawConn{sockfd: sock}
+		if err = control(network, laddr.String(), rc); err != nil {
+			return nil, err
+		}
+	}
+	err = setInitOpts(sock, options)
 	if err != nil {
 		return nil, err
 	}
-	if laddr != nil && len(laddr.IP) != 0 {
-		err := SCTPBind(sock, laddr, SCTP_BINDX_ADD_ADDR)
+
+	if laddr != nil {
+		// If IP address and/or port was not provided so far, let's use the unspecified IPv4 or IPv6 address
+		if len(laddr.IPAddrs) == 0 {
+			if af == syscall.AF_INET {
+				laddr.IPAddrs = append(laddr.IPAddrs, net.IPAddr{IP: net.IPv4zero})
+			} else if af == syscall.AF_INET6 {
+				laddr.IPAddrs = append(laddr.IPAddrs, net.IPAddr{IP: net.IPv6zero})
+			}
+		}
+		err = SCTPBind(sock, laddr, SCTP_BINDX_ADD_ADDR)
 		if err != nil {
 			return nil, err
 		}
@@ -167,40 +226,35 @@ func ListenSCTP(net string, laddr *SCTPAddr) (*SCTPListener, error) {
 	}, nil
 }
 
-func (ln *SCTPListener) Accept() (net.Conn, error) {
+// AcceptSCTP waits for and returns the next SCTP connection to the listener.
+func (ln *SCTPListener) AcceptSCTP() (*SCTPConn, error) {
 	fd, _, err := syscall.Accept4(ln.fd, 0)
 	return NewSCTPConn(fd, nil), err
 }
 
+// Accept waits for and returns the next connection connection to the listener.
+func (ln *SCTPListener) Accept() (net.Conn, error) {
+	return ln.AcceptSCTP()
+}
+
 func (ln *SCTPListener) Close() error {
 	syscall.Shutdown(ln.fd, syscall.SHUT_RDWR)
 	return syscall.Close(ln.fd)
 }
 
+// DialSCTP - bind socket to laddr (if given) and connect to raddr
 func DialSCTP(net string, laddr, raddr *SCTPAddr) (*SCTPConn, error) {
-	af := syscall.AF_INET
-	switch net {
-	case "sctp":
-		hasv6 := func(addr *SCTPAddr) bool {
-			if addr == nil {
-				return false
-			}
-			for _, ip := range addr.IP {
-				if ip.To4() == nil {
-					return true
-				}
-			}
-			return false
-		}
-		if hasv6(laddr) || hasv6(raddr) {
-			af = syscall.AF_INET6
-		}
-	case "sctp4":
-	case "sctp6":
-		af = syscall.AF_INET6
-	default:
-		return nil, fmt.Errorf("invalid net: %s", net)
-	}
+	return DialSCTPExt(net, laddr, raddr, InitMsg{NumOstreams: SCTP_MAX_STREAM})
+}
+
+// DialSCTPExt - same as DialSCTP but with given SCTP options
+func DialSCTPExt(network string, laddr, raddr *SCTPAddr, options InitMsg) (*SCTPConn, error) {
+	return dialSCTPExtConfig(network, laddr, raddr, options, nil)
+}
+
+// dialSCTPExtConfig - same as DialSCTP but with given SCTP options and socket configuration
+func dialSCTPExtConfig(network string, laddr, raddr *SCTPAddr, options InitMsg, control func(network, address string, c syscall.RawConn) error) (*SCTPConn, error) {
+	af, ipv6only := favoriteAddrFamily(network, laddr, raddr, "dial")
 	sock, err := syscall.Socket(
 		af,
 		syscall.SOCK_STREAM,
@@ -209,11 +263,35 @@ func DialSCTP(net string, laddr, raddr *SCTPAddr) (*SCTPConn, error) {
 	if err != nil {
 		return nil, err
 	}
-	err = setNumOstreams(sock, SCTP_MAX_STREAM)
+
+	// close socket on error
+	defer func() {
+		if err != nil {
+			syscall.Close(sock)
+		}
+	}()
+	if err = setDefaultSockopts(sock, af, ipv6only); err != nil {
+		return nil, err
+	}
+	if control != nil {
+		rc := rawConn{sockfd: sock}
+		if err = control(network, laddr.String(), rc); err != nil {
+			return nil, err
+		}
+	}
+	err = setInitOpts(sock, options)
 	if err != nil {
 		return nil, err
 	}
 	if laddr != nil {
+		// If IP address and/or port was not provided so far, let's use the unspecified IPv4 or IPv6 address
+		if len(laddr.IPAddrs) == 0 {
+			if af == syscall.AF_INET {
+				laddr.IPAddrs = append(laddr.IPAddrs, net.IPAddr{IP: net.IPv4zero})
+			} else if af == syscall.AF_INET6 {
+				laddr.IPAddrs = append(laddr.IPAddrs, net.IPAddr{IP: net.IPv6zero})
+			}
+		}
 		err := SCTPBind(sock, laddr, SCTP_BINDX_ADD_ADDR)
 		if err != nil {
 			return nil, err
diff --git a/vendor/github.com/ishidawataru/sctp/sctp_unsupported.go b/vendor/github.com/ishidawataru/sctp/sctp_unsupported.go
index adcbf78b46fb5..118fe159e92d9 100644
--- a/vendor/github.com/ishidawataru/sctp/sctp_unsupported.go
+++ b/vendor/github.com/ishidawataru/sctp/sctp_unsupported.go
@@ -1,4 +1,18 @@
 // +build !linux linux,386
+// Copyright 2019 Wataru Ishida. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+// implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package sctp
 
@@ -6,6 +20,7 @@ import (
 	"errors"
 	"net"
 	"runtime"
+	"syscall"
 )
 
 var ErrUnsupported = errors.New("SCTP is unsupported on " + runtime.GOOS + "/" + runtime.GOARCH)
@@ -30,14 +45,42 @@ func (c *SCTPConn) Close() error {
 	return ErrUnsupported
 }
 
+func (c *SCTPConn) SetWriteBuffer(bytes int) error {
+	return ErrUnsupported
+}
+
+func (c *SCTPConn) GetWriteBuffer() (int, error) {
+	return 0, ErrUnsupported
+}
+
+func (c *SCTPConn) SetReadBuffer(bytes int) error {
+	return ErrUnsupported
+}
+
+func (c *SCTPConn) GetReadBuffer() (int, error) {
+	return 0, ErrUnsupported
+}
+
 func ListenSCTP(net string, laddr *SCTPAddr) (*SCTPListener, error) {
 	return nil, ErrUnsupported
 }
 
+func ListenSCTPExt(net string, laddr *SCTPAddr, options InitMsg) (*SCTPListener, error) {
+	return nil, ErrUnsupported
+}
+
+func listenSCTPExtConfig(network string, laddr *SCTPAddr, options InitMsg, control func(network, address string, c syscall.RawConn) error) (*SCTPListener, error) {
+	return nil, ErrUnsupported
+}
+
 func (ln *SCTPListener) Accept() (net.Conn, error) {
 	return nil, ErrUnsupported
 }
 
+func (ln *SCTPListener) AcceptSCTP() (*SCTPConn, error) {
+	return nil, ErrUnsupported
+}
+
 func (ln *SCTPListener) Close() error {
 	return ErrUnsupported
 }
@@ -45,3 +88,11 @@ func (ln *SCTPListener) Close() error {
 func DialSCTP(net string, laddr, raddr *SCTPAddr) (*SCTPConn, error) {
 	return nil, ErrUnsupported
 }
+
+func DialSCTPExt(network string, laddr, raddr *SCTPAddr, options InitMsg) (*SCTPConn, error) {
+	return nil, ErrUnsupported
+}
+
+func dialSCTPExtConfig(network string, laddr, raddr *SCTPAddr, options InitMsg, control func(network, address string, c syscall.RawConn) error) (*SCTPConn, error) {
+	return nil, ErrUnsupported
+}
diff --git a/vendor/github.com/jmespath/go-jmespath/README.md b/vendor/github.com/jmespath/go-jmespath/README.md
index 187ef676dc9c7..110ad799976dc 100644
--- a/vendor/github.com/jmespath/go-jmespath/README.md
+++ b/vendor/github.com/jmespath/go-jmespath/README.md
@@ -4,4 +4,84 @@
 
 
 
-See http://jmespath.org for more info.
+go-jmespath is a GO implementation of JMESPath,
+which is a query language for JSON.  It will take a JSON
+document and transform it into another JSON document
+through a JMESPath expression.
+
+Using go-jmespath is really easy.  There's a single function
+you use, `jmespath.search`:
+
+
+```go
+> import "github.com/jmespath/go-jmespath"
+>
+> var jsondata = []byte(`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.Search("foo.bar.baz[2]", data)
+result = 2
+```
+
+In the example we gave the ``search`` function input data of
+`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}` as well as the JMESPath
+expression `foo.bar.baz[2]`, and the `search` function evaluated
+the expression against the input data to produce the result ``2``.
+
+The JMESPath language can do a lot more than select an element
+from a list.  Here are a few more examples:
+
+```go
+> var jsondata = []byte(`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search("foo.bar", data)
+result = { "baz": [ 0, 1, 2, 3, 4 ] }
+
+
+> var jsondata  = []byte(`{"foo": [{"first": "a", "last": "b"},
+                           {"first": "c", "last": "d"}]}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search({"foo[*].first", data)
+result [ 'a', 'c' ]
+
+
+> var jsondata = []byte(`{"foo": [{"age": 20}, {"age": 25},
+                           {"age": 30}, {"age": 35},
+                           {"age": 40}]}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search("foo[?age > `30`]")
+result = [ { age: 35 }, { age: 40 } ]
+```
+
+You can also pre-compile your query. This is usefull if 
+you are going to run multiple searches with it:
+
+```go
+	> var jsondata = []byte(`{"foo": "bar"}`)
+	> var data interface{}
+    > err := json.Unmarshal(jsondata, &data)
+	> precompiled, err := Compile("foo")
+	> if err != nil{
+    >   // ... handle the error
+    > }
+    > result, err := precompiled.Search(data)
+	result = "bar"
+```
+
+## More Resources
+
+The example above only show a small amount of what
+a JMESPath expression can do.  If you want to take a
+tour of the language, the *best* place to go is the
+[JMESPath Tutorial](http://jmespath.org/tutorial.html).
+
+One of the best things about JMESPath is that it is
+implemented in many different programming languages including
+python, ruby, php, lua, etc.  To see a complete list of libraries,
+check out the [JMESPath libraries page](http://jmespath.org/libraries.html).
+
+And finally, the full JMESPath specification can be found
+on the [JMESPath site](http://jmespath.org/specification.html).
diff --git a/vendor/github.com/jmespath/go-jmespath/api.go b/vendor/github.com/jmespath/go-jmespath/api.go
index 9cfa988bc5b8a..010efe9bfba36 100644
--- a/vendor/github.com/jmespath/go-jmespath/api.go
+++ b/vendor/github.com/jmespath/go-jmespath/api.go
@@ -2,7 +2,7 @@ package jmespath
 
 import "strconv"
 
-// JmesPath is the epresentation of a compiled JMES path query. A JmesPath is
+// JMESPath is the representation of a compiled JMES path query. A JMESPath is
 // safe for concurrent use by multiple goroutines.
 type JMESPath struct {
 	ast  ASTNode
diff --git a/vendor/github.com/jmespath/go-jmespath/go.mod b/vendor/github.com/jmespath/go-jmespath/go.mod
new file mode 100644
index 0000000000000..aa1e3f1c9f7ce
--- /dev/null
+++ b/vendor/github.com/jmespath/go-jmespath/go.mod
@@ -0,0 +1,5 @@
+module github.com/jmespath/go-jmespath
+
+go 1.14
+
+require github.com/stretchr/testify v1.5.1
diff --git a/vendor/github.com/jmespath/go-jmespath/parser.go b/vendor/github.com/jmespath/go-jmespath/parser.go
index 1240a17552157..4abc303ab4a99 100644
--- a/vendor/github.com/jmespath/go-jmespath/parser.go
+++ b/vendor/github.com/jmespath/go-jmespath/parser.go
@@ -137,7 +137,7 @@ func (p *Parser) Parse(expression string) (ASTNode, error) {
 	}
 	if p.current() != tEOF {
 		return ASTNode{}, p.syntaxError(fmt.Sprintf(
-			"Unexpected token at the end of the expresssion: %s", p.current()))
+			"Unexpected token at the end of the expression: %s", p.current()))
 	}
 	return parsed, nil
 }
diff --git a/vendor/github.com/json-iterator/go/LICENSE b/vendor/github.com/json-iterator/go/LICENSE
new file mode 100644
index 0000000000000..2cf4f5ab28e9c
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016 json-iterator
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/json-iterator/go/README.md b/vendor/github.com/json-iterator/go/README.md
new file mode 100644
index 0000000000000..52b111d5f36ef
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/README.md
@@ -0,0 +1,87 @@
+[![Sourcegraph](https://sourcegraph.com/github.com/json-iterator/go/-/badge.svg)](https://sourcegraph.com/github.com/json-iterator/go?badge)
+[![GoDoc](http://img.shields.io/badge/go-documentation-blue.svg?style=flat-square)](https://pkg.go.dev/github.com/json-iterator/go)
+[![Build Status](https://travis-ci.org/json-iterator/go.svg?branch=master)](https://travis-ci.org/json-iterator/go)
+[![codecov](https://codecov.io/gh/json-iterator/go/branch/master/graph/badge.svg)](https://codecov.io/gh/json-iterator/go)
+[![rcard](https://goreportcard.com/badge/github.com/json-iterator/go)](https://goreportcard.com/report/github.com/json-iterator/go)
+[![License](http://img.shields.io/badge/license-mit-blue.svg?style=flat-square)](https://raw.githubusercontent.com/json-iterator/go/master/LICENSE)
+[![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/json-iterator/Lobby)
+
+A high-performance 100% compatible drop-in replacement of "encoding/json"
+
+You can also use thrift like JSON using [thrift-iterator](https://github.com/thrift-iterator/go)
+
+# Benchmark
+
+![benchmark](http://jsoniter.com/benchmarks/go-benchmark.png)
+
+Source code: https://github.com/json-iterator/go-benchmark/blob/master/src/github.com/json-iterator/go-benchmark/benchmark_medium_payload_test.go
+
+Raw Result (easyjson requires static code generation)
+
+|                 | ns/op       | allocation bytes | allocation times |
+| --------------- | ----------- | ---------------- | ---------------- |
+| std decode      | 35510 ns/op | 1960 B/op        | 99 allocs/op     |
+| easyjson decode | 8499 ns/op  | 160 B/op         | 4 allocs/op      |
+| jsoniter decode | 5623 ns/op  | 160 B/op         | 3 allocs/op      |
+| std encode      | 2213 ns/op  | 712 B/op         | 5 allocs/op      |
+| easyjson encode | 883 ns/op   | 576 B/op         | 3 allocs/op      |
+| jsoniter encode | 837 ns/op   | 384 B/op         | 4 allocs/op      |
+
+Always benchmark with your own workload.
+The result depends heavily on the data input.
+
+# Usage
+
+100% compatibility with standard lib
+
+Replace
+
+```go
+import "encoding/json"
+json.Marshal(&data)
+```
+
+with
+
+```go
+import jsoniter "github.com/json-iterator/go"
+
+var json = jsoniter.ConfigCompatibleWithStandardLibrary
+json.Marshal(&data)
+```
+
+Replace
+
+```go
+import "encoding/json"
+json.Unmarshal(input, &data)
+```
+
+with
+
+```go
+import jsoniter "github.com/json-iterator/go"
+
+var json = jsoniter.ConfigCompatibleWithStandardLibrary
+json.Unmarshal(input, &data)
+```
+
+[More documentation](http://jsoniter.com/migrate-from-go-std.html)
+
+# How to get
+
+```
+go get github.com/json-iterator/go
+```
+
+# Contribution Welcomed !
+
+Contributors
+
+- [thockin](https://github.com/thockin)
+- [mattn](https://github.com/mattn)
+- [cch123](https://github.com/cch123)
+- [Oleg Shaldybin](https://github.com/olegshaldybin)
+- [Jason Toffaletti](https://github.com/toffaletti)
+
+Report issue or pull request, or email taowen@gmail.com, or [![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/json-iterator/Lobby)
diff --git a/vendor/github.com/json-iterator/go/adapter.go b/vendor/github.com/json-iterator/go/adapter.go
new file mode 100644
index 0000000000000..92d2cc4a3dd5c
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/adapter.go
@@ -0,0 +1,150 @@
+package jsoniter
+
+import (
+	"bytes"
+	"io"
+)
+
+// RawMessage to make replace json with jsoniter
+type RawMessage []byte
+
+// Unmarshal adapts to json/encoding Unmarshal API
+//
+// Unmarshal parses the JSON-encoded data and stores the result in the value pointed to by v.
+// Refer to https://godoc.org/encoding/json#Unmarshal for more information
+func Unmarshal(data []byte, v interface{}) error {
+	return ConfigDefault.Unmarshal(data, v)
+}
+
+// UnmarshalFromString is a convenient method to read from string instead of []byte
+func UnmarshalFromString(str string, v interface{}) error {
+	return ConfigDefault.UnmarshalFromString(str, v)
+}
+
+// Get quick method to get value from deeply nested JSON structure
+func Get(data []byte, path ...interface{}) Any {
+	return ConfigDefault.Get(data, path...)
+}
+
+// Marshal adapts to json/encoding Marshal API
+//
+// Marshal returns the JSON encoding of v, adapts to json/encoding Marshal API
+// Refer to https://godoc.org/encoding/json#Marshal for more information
+func Marshal(v interface{}) ([]byte, error) {
+	return ConfigDefault.Marshal(v)
+}
+
+// MarshalIndent same as json.MarshalIndent. Prefix is not supported.
+func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	return ConfigDefault.MarshalIndent(v, prefix, indent)
+}
+
+// MarshalToString convenient method to write as string instead of []byte
+func MarshalToString(v interface{}) (string, error) {
+	return ConfigDefault.MarshalToString(v)
+}
+
+// NewDecoder adapts to json/stream NewDecoder API.
+//
+// NewDecoder returns a new decoder that reads from r.
+//
+// Instead of a json/encoding Decoder, an Decoder is returned
+// Refer to https://godoc.org/encoding/json#NewDecoder for more information
+func NewDecoder(reader io.Reader) *Decoder {
+	return ConfigDefault.NewDecoder(reader)
+}
+
+// Decoder reads and decodes JSON values from an input stream.
+// Decoder provides identical APIs with json/stream Decoder (Token() and UseNumber() are in progress)
+type Decoder struct {
+	iter *Iterator
+}
+
+// Decode decode JSON into interface{}
+func (adapter *Decoder) Decode(obj interface{}) error {
+	if adapter.iter.head == adapter.iter.tail && adapter.iter.reader != nil {
+		if !adapter.iter.loadMore() {
+			return io.EOF
+		}
+	}
+	adapter.iter.ReadVal(obj)
+	err := adapter.iter.Error
+	if err == io.EOF {
+		return nil
+	}
+	return adapter.iter.Error
+}
+
+// More is there more?
+func (adapter *Decoder) More() bool {
+	iter := adapter.iter
+	if iter.Error != nil {
+		return false
+	}
+	c := iter.nextToken()
+	if c == 0 {
+		return false
+	}
+	iter.unreadByte()
+	return c != ']' && c != '}'
+}
+
+// Buffered remaining buffer
+func (adapter *Decoder) Buffered() io.Reader {
+	remaining := adapter.iter.buf[adapter.iter.head:adapter.iter.tail]
+	return bytes.NewReader(remaining)
+}
+
+// UseNumber causes the Decoder to unmarshal a number into an interface{} as a
+// Number instead of as a float64.
+func (adapter *Decoder) UseNumber() {
+	cfg := adapter.iter.cfg.configBeforeFrozen
+	cfg.UseNumber = true
+	adapter.iter.cfg = cfg.frozeWithCacheReuse(adapter.iter.cfg.extraExtensions)
+}
+
+// DisallowUnknownFields causes the Decoder to return an error when the destination
+// is a struct and the input contains object keys which do not match any
+// non-ignored, exported fields in the destination.
+func (adapter *Decoder) DisallowUnknownFields() {
+	cfg := adapter.iter.cfg.configBeforeFrozen
+	cfg.DisallowUnknownFields = true
+	adapter.iter.cfg = cfg.frozeWithCacheReuse(adapter.iter.cfg.extraExtensions)
+}
+
+// NewEncoder same as json.NewEncoder
+func NewEncoder(writer io.Writer) *Encoder {
+	return ConfigDefault.NewEncoder(writer)
+}
+
+// Encoder same as json.Encoder
+type Encoder struct {
+	stream *Stream
+}
+
+// Encode encode interface{} as JSON to io.Writer
+func (adapter *Encoder) Encode(val interface{}) error {
+	adapter.stream.WriteVal(val)
+	adapter.stream.WriteRaw("\n")
+	adapter.stream.Flush()
+	return adapter.stream.Error
+}
+
+// SetIndent set the indention. Prefix is not supported
+func (adapter *Encoder) SetIndent(prefix, indent string) {
+	config := adapter.stream.cfg.configBeforeFrozen
+	config.IndentionStep = len(indent)
+	adapter.stream.cfg = config.frozeWithCacheReuse(adapter.stream.cfg.extraExtensions)
+}
+
+// SetEscapeHTML escape html by default, set to false to disable
+func (adapter *Encoder) SetEscapeHTML(escapeHTML bool) {
+	config := adapter.stream.cfg.configBeforeFrozen
+	config.EscapeHTML = escapeHTML
+	adapter.stream.cfg = config.frozeWithCacheReuse(adapter.stream.cfg.extraExtensions)
+}
+
+// Valid reports whether data is a valid JSON encoding.
+func Valid(data []byte) bool {
+	return ConfigDefault.Valid(data)
+}
diff --git a/vendor/github.com/json-iterator/go/any.go b/vendor/github.com/json-iterator/go/any.go
new file mode 100644
index 0000000000000..f6b8aeab0a12d
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any.go
@@ -0,0 +1,325 @@
+package jsoniter
+
+import (
+	"errors"
+	"fmt"
+	"github.com/modern-go/reflect2"
+	"io"
+	"reflect"
+	"strconv"
+	"unsafe"
+)
+
+// Any generic object representation.
+// The lazy json implementation holds []byte and parse lazily.
+type Any interface {
+	LastError() error
+	ValueType() ValueType
+	MustBeValid() Any
+	ToBool() bool
+	ToInt() int
+	ToInt32() int32
+	ToInt64() int64
+	ToUint() uint
+	ToUint32() uint32
+	ToUint64() uint64
+	ToFloat32() float32
+	ToFloat64() float64
+	ToString() string
+	ToVal(val interface{})
+	Get(path ...interface{}) Any
+	Size() int
+	Keys() []string
+	GetInterface() interface{}
+	WriteTo(stream *Stream)
+}
+
+type baseAny struct{}
+
+func (any *baseAny) Get(path ...interface{}) Any {
+	return &invalidAny{baseAny{}, fmt.Errorf("GetIndex %v from simple value", path)}
+}
+
+func (any *baseAny) Size() int {
+	return 0
+}
+
+func (any *baseAny) Keys() []string {
+	return []string{}
+}
+
+func (any *baseAny) ToVal(obj interface{}) {
+	panic("not implemented")
+}
+
+// WrapInt32 turn int32 into Any interface
+func WrapInt32(val int32) Any {
+	return &int32Any{baseAny{}, val}
+}
+
+// WrapInt64 turn int64 into Any interface
+func WrapInt64(val int64) Any {
+	return &int64Any{baseAny{}, val}
+}
+
+// WrapUint32 turn uint32 into Any interface
+func WrapUint32(val uint32) Any {
+	return &uint32Any{baseAny{}, val}
+}
+
+// WrapUint64 turn uint64 into Any interface
+func WrapUint64(val uint64) Any {
+	return &uint64Any{baseAny{}, val}
+}
+
+// WrapFloat64 turn float64 into Any interface
+func WrapFloat64(val float64) Any {
+	return &floatAny{baseAny{}, val}
+}
+
+// WrapString turn string into Any interface
+func WrapString(val string) Any {
+	return &stringAny{baseAny{}, val}
+}
+
+// Wrap turn a go object into Any interface
+func Wrap(val interface{}) Any {
+	if val == nil {
+		return &nilAny{}
+	}
+	asAny, isAny := val.(Any)
+	if isAny {
+		return asAny
+	}
+	typ := reflect2.TypeOf(val)
+	switch typ.Kind() {
+	case reflect.Slice:
+		return wrapArray(val)
+	case reflect.Struct:
+		return wrapStruct(val)
+	case reflect.Map:
+		return wrapMap(val)
+	case reflect.String:
+		return WrapString(val.(string))
+	case reflect.Int:
+		if strconv.IntSize == 32 {
+			return WrapInt32(int32(val.(int)))
+		}
+		return WrapInt64(int64(val.(int)))
+	case reflect.Int8:
+		return WrapInt32(int32(val.(int8)))
+	case reflect.Int16:
+		return WrapInt32(int32(val.(int16)))
+	case reflect.Int32:
+		return WrapInt32(val.(int32))
+	case reflect.Int64:
+		return WrapInt64(val.(int64))
+	case reflect.Uint:
+		if strconv.IntSize == 32 {
+			return WrapUint32(uint32(val.(uint)))
+		}
+		return WrapUint64(uint64(val.(uint)))
+	case reflect.Uintptr:
+		if ptrSize == 32 {
+			return WrapUint32(uint32(val.(uintptr)))
+		}
+		return WrapUint64(uint64(val.(uintptr)))
+	case reflect.Uint8:
+		return WrapUint32(uint32(val.(uint8)))
+	case reflect.Uint16:
+		return WrapUint32(uint32(val.(uint16)))
+	case reflect.Uint32:
+		return WrapUint32(uint32(val.(uint32)))
+	case reflect.Uint64:
+		return WrapUint64(val.(uint64))
+	case reflect.Float32:
+		return WrapFloat64(float64(val.(float32)))
+	case reflect.Float64:
+		return WrapFloat64(val.(float64))
+	case reflect.Bool:
+		if val.(bool) == true {
+			return &trueAny{}
+		}
+		return &falseAny{}
+	}
+	return &invalidAny{baseAny{}, fmt.Errorf("unsupported type: %v", typ)}
+}
+
+// ReadAny read next JSON element as an Any object. It is a better json.RawMessage.
+func (iter *Iterator) ReadAny() Any {
+	return iter.readAny()
+}
+
+func (iter *Iterator) readAny() Any {
+	c := iter.nextToken()
+	switch c {
+	case '"':
+		iter.unreadByte()
+		return &stringAny{baseAny{}, iter.ReadString()}
+	case 'n':
+		iter.skipThreeBytes('u', 'l', 'l') // null
+		return &nilAny{}
+	case 't':
+		iter.skipThreeBytes('r', 'u', 'e') // true
+		return &trueAny{}
+	case 'f':
+		iter.skipFourBytes('a', 'l', 's', 'e') // false
+		return &falseAny{}
+	case '{':
+		return iter.readObjectAny()
+	case '[':
+		return iter.readArrayAny()
+	case '-':
+		return iter.readNumberAny(false)
+	case 0:
+		return &invalidAny{baseAny{}, errors.New("input is empty")}
+	default:
+		return iter.readNumberAny(true)
+	}
+}
+
+func (iter *Iterator) readNumberAny(positive bool) Any {
+	iter.startCapture(iter.head - 1)
+	iter.skipNumber()
+	lazyBuf := iter.stopCapture()
+	return &numberLazyAny{baseAny{}, iter.cfg, lazyBuf, nil}
+}
+
+func (iter *Iterator) readObjectAny() Any {
+	iter.startCapture(iter.head - 1)
+	iter.skipObject()
+	lazyBuf := iter.stopCapture()
+	return &objectLazyAny{baseAny{}, iter.cfg, lazyBuf, nil}
+}
+
+func (iter *Iterator) readArrayAny() Any {
+	iter.startCapture(iter.head - 1)
+	iter.skipArray()
+	lazyBuf := iter.stopCapture()
+	return &arrayLazyAny{baseAny{}, iter.cfg, lazyBuf, nil}
+}
+
+func locateObjectField(iter *Iterator, target string) []byte {
+	var found []byte
+	iter.ReadObjectCB(func(iter *Iterator, field string) bool {
+		if field == target {
+			found = iter.SkipAndReturnBytes()
+			return false
+		}
+		iter.Skip()
+		return true
+	})
+	return found
+}
+
+func locateArrayElement(iter *Iterator, target int) []byte {
+	var found []byte
+	n := 0
+	iter.ReadArrayCB(func(iter *Iterator) bool {
+		if n == target {
+			found = iter.SkipAndReturnBytes()
+			return false
+		}
+		iter.Skip()
+		n++
+		return true
+	})
+	return found
+}
+
+func locatePath(iter *Iterator, path []interface{}) Any {
+	for i, pathKeyObj := range path {
+		switch pathKey := pathKeyObj.(type) {
+		case string:
+			valueBytes := locateObjectField(iter, pathKey)
+			if valueBytes == nil {
+				return newInvalidAny(path[i:])
+			}
+			iter.ResetBytes(valueBytes)
+		case int:
+			valueBytes := locateArrayElement(iter, pathKey)
+			if valueBytes == nil {
+				return newInvalidAny(path[i:])
+			}
+			iter.ResetBytes(valueBytes)
+		case int32:
+			if '*' == pathKey {
+				return iter.readAny().Get(path[i:]...)
+			}
+			return newInvalidAny(path[i:])
+		default:
+			return newInvalidAny(path[i:])
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF {
+		return &invalidAny{baseAny{}, iter.Error}
+	}
+	return iter.readAny()
+}
+
+var anyType = reflect2.TypeOfPtr((*Any)(nil)).Elem()
+
+func createDecoderOfAny(ctx *ctx, typ reflect2.Type) ValDecoder {
+	if typ == anyType {
+		return &directAnyCodec{}
+	}
+	if typ.Implements(anyType) {
+		return &anyCodec{
+			valType: typ,
+		}
+	}
+	return nil
+}
+
+func createEncoderOfAny(ctx *ctx, typ reflect2.Type) ValEncoder {
+	if typ == anyType {
+		return &directAnyCodec{}
+	}
+	if typ.Implements(anyType) {
+		return &anyCodec{
+			valType: typ,
+		}
+	}
+	return nil
+}
+
+type anyCodec struct {
+	valType reflect2.Type
+}
+
+func (codec *anyCodec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	panic("not implemented")
+}
+
+func (codec *anyCodec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	obj := codec.valType.UnsafeIndirect(ptr)
+	any := obj.(Any)
+	any.WriteTo(stream)
+}
+
+func (codec *anyCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	obj := codec.valType.UnsafeIndirect(ptr)
+	any := obj.(Any)
+	return any.Size() == 0
+}
+
+type directAnyCodec struct {
+}
+
+func (codec *directAnyCodec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	*(*Any)(ptr) = iter.readAny()
+}
+
+func (codec *directAnyCodec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	any := *(*Any)(ptr)
+	if any == nil {
+		stream.WriteNil()
+		return
+	}
+	any.WriteTo(stream)
+}
+
+func (codec *directAnyCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	any := *(*Any)(ptr)
+	return any.Size() == 0
+}
diff --git a/vendor/github.com/json-iterator/go/any_array.go b/vendor/github.com/json-iterator/go/any_array.go
new file mode 100644
index 0000000000000..0449e9aa428ae
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_array.go
@@ -0,0 +1,278 @@
+package jsoniter
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type arrayLazyAny struct {
+	baseAny
+	cfg *frozenConfig
+	buf []byte
+	err error
+}
+
+func (any *arrayLazyAny) ValueType() ValueType {
+	return ArrayValue
+}
+
+func (any *arrayLazyAny) MustBeValid() Any {
+	return any
+}
+
+func (any *arrayLazyAny) LastError() error {
+	return any.err
+}
+
+func (any *arrayLazyAny) ToBool() bool {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	return iter.ReadArray()
+}
+
+func (any *arrayLazyAny) ToInt() int {
+	if any.ToBool() {
+		return 1
+	}
+	return 0
+}
+
+func (any *arrayLazyAny) ToInt32() int32 {
+	if any.ToBool() {
+		return 1
+	}
+	return 0
+}
+
+func (any *arrayLazyAny) ToInt64() int64 {
+	if any.ToBool() {
+		return 1
+	}
+	return 0
+}
+
+func (any *arrayLazyAny) ToUint() uint {
+	if any.ToBool() {
+		return 1
+	}
+	return 0
+}
+
+func (any *arrayLazyAny) ToUint32() uint32 {
+	if any.ToBool() {
+		return 1
+	}
+	return 0
+}
+
+func (any *arrayLazyAny) ToUint64() uint64 {
+	if any.ToBool() {
+		return 1
+	}
+	return 0
+}
+
+func (any *arrayLazyAny) ToFloat32() float32 {
+	if any.ToBool() {
+		return 1
+	}
+	return 0
+}
+
+func (any *arrayLazyAny) ToFloat64() float64 {
+	if any.ToBool() {
+		return 1
+	}
+	return 0
+}
+
+func (any *arrayLazyAny) ToString() string {
+	return *(*string)(unsafe.Pointer(&any.buf))
+}
+
+func (any *arrayLazyAny) ToVal(val interface{}) {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	iter.ReadVal(val)
+}
+
+func (any *arrayLazyAny) Get(path ...interface{}) Any {
+	if len(path) == 0 {
+		return any
+	}
+	switch firstPath := path[0].(type) {
+	case int:
+		iter := any.cfg.BorrowIterator(any.buf)
+		defer any.cfg.ReturnIterator(iter)
+		valueBytes := locateArrayElement(iter, firstPath)
+		if valueBytes == nil {
+			return newInvalidAny(path)
+		}
+		iter.ResetBytes(valueBytes)
+		return locatePath(iter, path[1:])
+	case int32:
+		if '*' == firstPath {
+			iter := any.cfg.BorrowIterator(any.buf)
+			defer any.cfg.ReturnIterator(iter)
+			arr := make([]Any, 0)
+			iter.ReadArrayCB(func(iter *Iterator) bool {
+				found := iter.readAny().Get(path[1:]...)
+				if found.ValueType() != InvalidValue {
+					arr = append(arr, found)
+				}
+				return true
+			})
+			return wrapArray(arr)
+		}
+		return newInvalidAny(path)
+	default:
+		return newInvalidAny(path)
+	}
+}
+
+func (any *arrayLazyAny) Size() int {
+	size := 0
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	iter.ReadArrayCB(func(iter *Iterator) bool {
+		size++
+		iter.Skip()
+		return true
+	})
+	return size
+}
+
+func (any *arrayLazyAny) WriteTo(stream *Stream) {
+	stream.Write(any.buf)
+}
+
+func (any *arrayLazyAny) GetInterface() interface{} {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	return iter.Read()
+}
+
+type arrayAny struct {
+	baseAny
+	val reflect.Value
+}
+
+func wrapArray(val interface{}) *arrayAny {
+	return &arrayAny{baseAny{}, reflect.ValueOf(val)}
+}
+
+func (any *arrayAny) ValueType() ValueType {
+	return ArrayValue
+}
+
+func (any *arrayAny) MustBeValid() Any {
+	return any
+}
+
+func (any *arrayAny) LastError() error {
+	return nil
+}
+
+func (any *arrayAny) ToBool() bool {
+	return any.val.Len() != 0
+}
+
+func (any *arrayAny) ToInt() int {
+	if any.val.Len() == 0 {
+		return 0
+	}
+	return 1
+}
+
+func (any *arrayAny) ToInt32() int32 {
+	if any.val.Len() == 0 {
+		return 0
+	}
+	return 1
+}
+
+func (any *arrayAny) ToInt64() int64 {
+	if any.val.Len() == 0 {
+		return 0
+	}
+	return 1
+}
+
+func (any *arrayAny) ToUint() uint {
+	if any.val.Len() == 0 {
+		return 0
+	}
+	return 1
+}
+
+func (any *arrayAny) ToUint32() uint32 {
+	if any.val.Len() == 0 {
+		return 0
+	}
+	return 1
+}
+
+func (any *arrayAny) ToUint64() uint64 {
+	if any.val.Len() == 0 {
+		return 0
+	}
+	return 1
+}
+
+func (any *arrayAny) ToFloat32() float32 {
+	if any.val.Len() == 0 {
+		return 0
+	}
+	return 1
+}
+
+func (any *arrayAny) ToFloat64() float64 {
+	if any.val.Len() == 0 {
+		return 0
+	}
+	return 1
+}
+
+func (any *arrayAny) ToString() string {
+	str, _ := MarshalToString(any.val.Interface())
+	return str
+}
+
+func (any *arrayAny) Get(path ...interface{}) Any {
+	if len(path) == 0 {
+		return any
+	}
+	switch firstPath := path[0].(type) {
+	case int:
+		if firstPath < 0 || firstPath >= any.val.Len() {
+			return newInvalidAny(path)
+		}
+		return Wrap(any.val.Index(firstPath).Interface())
+	case int32:
+		if '*' == firstPath {
+			mappedAll := make([]Any, 0)
+			for i := 0; i < any.val.Len(); i++ {
+				mapped := Wrap(any.val.Index(i).Interface()).Get(path[1:]...)
+				if mapped.ValueType() != InvalidValue {
+					mappedAll = append(mappedAll, mapped)
+				}
+			}
+			return wrapArray(mappedAll)
+		}
+		return newInvalidAny(path)
+	default:
+		return newInvalidAny(path)
+	}
+}
+
+func (any *arrayAny) Size() int {
+	return any.val.Len()
+}
+
+func (any *arrayAny) WriteTo(stream *Stream) {
+	stream.WriteVal(any.val)
+}
+
+func (any *arrayAny) GetInterface() interface{} {
+	return any.val.Interface()
+}
diff --git a/vendor/github.com/json-iterator/go/any_bool.go b/vendor/github.com/json-iterator/go/any_bool.go
new file mode 100644
index 0000000000000..9452324af5b17
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_bool.go
@@ -0,0 +1,137 @@
+package jsoniter
+
+type trueAny struct {
+	baseAny
+}
+
+func (any *trueAny) LastError() error {
+	return nil
+}
+
+func (any *trueAny) ToBool() bool {
+	return true
+}
+
+func (any *trueAny) ToInt() int {
+	return 1
+}
+
+func (any *trueAny) ToInt32() int32 {
+	return 1
+}
+
+func (any *trueAny) ToInt64() int64 {
+	return 1
+}
+
+func (any *trueAny) ToUint() uint {
+	return 1
+}
+
+func (any *trueAny) ToUint32() uint32 {
+	return 1
+}
+
+func (any *trueAny) ToUint64() uint64 {
+	return 1
+}
+
+func (any *trueAny) ToFloat32() float32 {
+	return 1
+}
+
+func (any *trueAny) ToFloat64() float64 {
+	return 1
+}
+
+func (any *trueAny) ToString() string {
+	return "true"
+}
+
+func (any *trueAny) WriteTo(stream *Stream) {
+	stream.WriteTrue()
+}
+
+func (any *trueAny) Parse() *Iterator {
+	return nil
+}
+
+func (any *trueAny) GetInterface() interface{} {
+	return true
+}
+
+func (any *trueAny) ValueType() ValueType {
+	return BoolValue
+}
+
+func (any *trueAny) MustBeValid() Any {
+	return any
+}
+
+type falseAny struct {
+	baseAny
+}
+
+func (any *falseAny) LastError() error {
+	return nil
+}
+
+func (any *falseAny) ToBool() bool {
+	return false
+}
+
+func (any *falseAny) ToInt() int {
+	return 0
+}
+
+func (any *falseAny) ToInt32() int32 {
+	return 0
+}
+
+func (any *falseAny) ToInt64() int64 {
+	return 0
+}
+
+func (any *falseAny) ToUint() uint {
+	return 0
+}
+
+func (any *falseAny) ToUint32() uint32 {
+	return 0
+}
+
+func (any *falseAny) ToUint64() uint64 {
+	return 0
+}
+
+func (any *falseAny) ToFloat32() float32 {
+	return 0
+}
+
+func (any *falseAny) ToFloat64() float64 {
+	return 0
+}
+
+func (any *falseAny) ToString() string {
+	return "false"
+}
+
+func (any *falseAny) WriteTo(stream *Stream) {
+	stream.WriteFalse()
+}
+
+func (any *falseAny) Parse() *Iterator {
+	return nil
+}
+
+func (any *falseAny) GetInterface() interface{} {
+	return false
+}
+
+func (any *falseAny) ValueType() ValueType {
+	return BoolValue
+}
+
+func (any *falseAny) MustBeValid() Any {
+	return any
+}
diff --git a/vendor/github.com/json-iterator/go/any_float.go b/vendor/github.com/json-iterator/go/any_float.go
new file mode 100644
index 0000000000000..35fdb09497fa8
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_float.go
@@ -0,0 +1,83 @@
+package jsoniter
+
+import (
+	"strconv"
+)
+
+type floatAny struct {
+	baseAny
+	val float64
+}
+
+func (any *floatAny) Parse() *Iterator {
+	return nil
+}
+
+func (any *floatAny) ValueType() ValueType {
+	return NumberValue
+}
+
+func (any *floatAny) MustBeValid() Any {
+	return any
+}
+
+func (any *floatAny) LastError() error {
+	return nil
+}
+
+func (any *floatAny) ToBool() bool {
+	return any.ToFloat64() != 0
+}
+
+func (any *floatAny) ToInt() int {
+	return int(any.val)
+}
+
+func (any *floatAny) ToInt32() int32 {
+	return int32(any.val)
+}
+
+func (any *floatAny) ToInt64() int64 {
+	return int64(any.val)
+}
+
+func (any *floatAny) ToUint() uint {
+	if any.val > 0 {
+		return uint(any.val)
+	}
+	return 0
+}
+
+func (any *floatAny) ToUint32() uint32 {
+	if any.val > 0 {
+		return uint32(any.val)
+	}
+	return 0
+}
+
+func (any *floatAny) ToUint64() uint64 {
+	if any.val > 0 {
+		return uint64(any.val)
+	}
+	return 0
+}
+
+func (any *floatAny) ToFloat32() float32 {
+	return float32(any.val)
+}
+
+func (any *floatAny) ToFloat64() float64 {
+	return any.val
+}
+
+func (any *floatAny) ToString() string {
+	return strconv.FormatFloat(any.val, 'E', -1, 64)
+}
+
+func (any *floatAny) WriteTo(stream *Stream) {
+	stream.WriteFloat64(any.val)
+}
+
+func (any *floatAny) GetInterface() interface{} {
+	return any.val
+}
diff --git a/vendor/github.com/json-iterator/go/any_int32.go b/vendor/github.com/json-iterator/go/any_int32.go
new file mode 100644
index 0000000000000..1b56f399150d9
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_int32.go
@@ -0,0 +1,74 @@
+package jsoniter
+
+import (
+	"strconv"
+)
+
+type int32Any struct {
+	baseAny
+	val int32
+}
+
+func (any *int32Any) LastError() error {
+	return nil
+}
+
+func (any *int32Any) ValueType() ValueType {
+	return NumberValue
+}
+
+func (any *int32Any) MustBeValid() Any {
+	return any
+}
+
+func (any *int32Any) ToBool() bool {
+	return any.val != 0
+}
+
+func (any *int32Any) ToInt() int {
+	return int(any.val)
+}
+
+func (any *int32Any) ToInt32() int32 {
+	return any.val
+}
+
+func (any *int32Any) ToInt64() int64 {
+	return int64(any.val)
+}
+
+func (any *int32Any) ToUint() uint {
+	return uint(any.val)
+}
+
+func (any *int32Any) ToUint32() uint32 {
+	return uint32(any.val)
+}
+
+func (any *int32Any) ToUint64() uint64 {
+	return uint64(any.val)
+}
+
+func (any *int32Any) ToFloat32() float32 {
+	return float32(any.val)
+}
+
+func (any *int32Any) ToFloat64() float64 {
+	return float64(any.val)
+}
+
+func (any *int32Any) ToString() string {
+	return strconv.FormatInt(int64(any.val), 10)
+}
+
+func (any *int32Any) WriteTo(stream *Stream) {
+	stream.WriteInt32(any.val)
+}
+
+func (any *int32Any) Parse() *Iterator {
+	return nil
+}
+
+func (any *int32Any) GetInterface() interface{} {
+	return any.val
+}
diff --git a/vendor/github.com/json-iterator/go/any_int64.go b/vendor/github.com/json-iterator/go/any_int64.go
new file mode 100644
index 0000000000000..c440d72b6d3ae
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_int64.go
@@ -0,0 +1,74 @@
+package jsoniter
+
+import (
+	"strconv"
+)
+
+type int64Any struct {
+	baseAny
+	val int64
+}
+
+func (any *int64Any) LastError() error {
+	return nil
+}
+
+func (any *int64Any) ValueType() ValueType {
+	return NumberValue
+}
+
+func (any *int64Any) MustBeValid() Any {
+	return any
+}
+
+func (any *int64Any) ToBool() bool {
+	return any.val != 0
+}
+
+func (any *int64Any) ToInt() int {
+	return int(any.val)
+}
+
+func (any *int64Any) ToInt32() int32 {
+	return int32(any.val)
+}
+
+func (any *int64Any) ToInt64() int64 {
+	return any.val
+}
+
+func (any *int64Any) ToUint() uint {
+	return uint(any.val)
+}
+
+func (any *int64Any) ToUint32() uint32 {
+	return uint32(any.val)
+}
+
+func (any *int64Any) ToUint64() uint64 {
+	return uint64(any.val)
+}
+
+func (any *int64Any) ToFloat32() float32 {
+	return float32(any.val)
+}
+
+func (any *int64Any) ToFloat64() float64 {
+	return float64(any.val)
+}
+
+func (any *int64Any) ToString() string {
+	return strconv.FormatInt(any.val, 10)
+}
+
+func (any *int64Any) WriteTo(stream *Stream) {
+	stream.WriteInt64(any.val)
+}
+
+func (any *int64Any) Parse() *Iterator {
+	return nil
+}
+
+func (any *int64Any) GetInterface() interface{} {
+	return any.val
+}
diff --git a/vendor/github.com/json-iterator/go/any_invalid.go b/vendor/github.com/json-iterator/go/any_invalid.go
new file mode 100644
index 0000000000000..1d859eac3274a
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_invalid.go
@@ -0,0 +1,82 @@
+package jsoniter
+
+import "fmt"
+
+type invalidAny struct {
+	baseAny
+	err error
+}
+
+func newInvalidAny(path []interface{}) *invalidAny {
+	return &invalidAny{baseAny{}, fmt.Errorf("%v not found", path)}
+}
+
+func (any *invalidAny) LastError() error {
+	return any.err
+}
+
+func (any *invalidAny) ValueType() ValueType {
+	return InvalidValue
+}
+
+func (any *invalidAny) MustBeValid() Any {
+	panic(any.err)
+}
+
+func (any *invalidAny) ToBool() bool {
+	return false
+}
+
+func (any *invalidAny) ToInt() int {
+	return 0
+}
+
+func (any *invalidAny) ToInt32() int32 {
+	return 0
+}
+
+func (any *invalidAny) ToInt64() int64 {
+	return 0
+}
+
+func (any *invalidAny) ToUint() uint {
+	return 0
+}
+
+func (any *invalidAny) ToUint32() uint32 {
+	return 0
+}
+
+func (any *invalidAny) ToUint64() uint64 {
+	return 0
+}
+
+func (any *invalidAny) ToFloat32() float32 {
+	return 0
+}
+
+func (any *invalidAny) ToFloat64() float64 {
+	return 0
+}
+
+func (any *invalidAny) ToString() string {
+	return ""
+}
+
+func (any *invalidAny) WriteTo(stream *Stream) {
+}
+
+func (any *invalidAny) Get(path ...interface{}) Any {
+	if any.err == nil {
+		return &invalidAny{baseAny{}, fmt.Errorf("get %v from invalid", path)}
+	}
+	return &invalidAny{baseAny{}, fmt.Errorf("%v, get %v from invalid", any.err, path)}
+}
+
+func (any *invalidAny) Parse() *Iterator {
+	return nil
+}
+
+func (any *invalidAny) GetInterface() interface{} {
+	return nil
+}
diff --git a/vendor/github.com/json-iterator/go/any_nil.go b/vendor/github.com/json-iterator/go/any_nil.go
new file mode 100644
index 0000000000000..d04cb54c11c1e
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_nil.go
@@ -0,0 +1,69 @@
+package jsoniter
+
+type nilAny struct {
+	baseAny
+}
+
+func (any *nilAny) LastError() error {
+	return nil
+}
+
+func (any *nilAny) ValueType() ValueType {
+	return NilValue
+}
+
+func (any *nilAny) MustBeValid() Any {
+	return any
+}
+
+func (any *nilAny) ToBool() bool {
+	return false
+}
+
+func (any *nilAny) ToInt() int {
+	return 0
+}
+
+func (any *nilAny) ToInt32() int32 {
+	return 0
+}
+
+func (any *nilAny) ToInt64() int64 {
+	return 0
+}
+
+func (any *nilAny) ToUint() uint {
+	return 0
+}
+
+func (any *nilAny) ToUint32() uint32 {
+	return 0
+}
+
+func (any *nilAny) ToUint64() uint64 {
+	return 0
+}
+
+func (any *nilAny) ToFloat32() float32 {
+	return 0
+}
+
+func (any *nilAny) ToFloat64() float64 {
+	return 0
+}
+
+func (any *nilAny) ToString() string {
+	return ""
+}
+
+func (any *nilAny) WriteTo(stream *Stream) {
+	stream.WriteNil()
+}
+
+func (any *nilAny) Parse() *Iterator {
+	return nil
+}
+
+func (any *nilAny) GetInterface() interface{} {
+	return nil
+}
diff --git a/vendor/github.com/json-iterator/go/any_number.go b/vendor/github.com/json-iterator/go/any_number.go
new file mode 100644
index 0000000000000..9d1e901a66ad3
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_number.go
@@ -0,0 +1,123 @@
+package jsoniter
+
+import (
+	"io"
+	"unsafe"
+)
+
+type numberLazyAny struct {
+	baseAny
+	cfg *frozenConfig
+	buf []byte
+	err error
+}
+
+func (any *numberLazyAny) ValueType() ValueType {
+	return NumberValue
+}
+
+func (any *numberLazyAny) MustBeValid() Any {
+	return any
+}
+
+func (any *numberLazyAny) LastError() error {
+	return any.err
+}
+
+func (any *numberLazyAny) ToBool() bool {
+	return any.ToFloat64() != 0
+}
+
+func (any *numberLazyAny) ToInt() int {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	val := iter.ReadInt()
+	if iter.Error != nil && iter.Error != io.EOF {
+		any.err = iter.Error
+	}
+	return val
+}
+
+func (any *numberLazyAny) ToInt32() int32 {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	val := iter.ReadInt32()
+	if iter.Error != nil && iter.Error != io.EOF {
+		any.err = iter.Error
+	}
+	return val
+}
+
+func (any *numberLazyAny) ToInt64() int64 {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	val := iter.ReadInt64()
+	if iter.Error != nil && iter.Error != io.EOF {
+		any.err = iter.Error
+	}
+	return val
+}
+
+func (any *numberLazyAny) ToUint() uint {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	val := iter.ReadUint()
+	if iter.Error != nil && iter.Error != io.EOF {
+		any.err = iter.Error
+	}
+	return val
+}
+
+func (any *numberLazyAny) ToUint32() uint32 {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	val := iter.ReadUint32()
+	if iter.Error != nil && iter.Error != io.EOF {
+		any.err = iter.Error
+	}
+	return val
+}
+
+func (any *numberLazyAny) ToUint64() uint64 {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	val := iter.ReadUint64()
+	if iter.Error != nil && iter.Error != io.EOF {
+		any.err = iter.Error
+	}
+	return val
+}
+
+func (any *numberLazyAny) ToFloat32() float32 {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	val := iter.ReadFloat32()
+	if iter.Error != nil && iter.Error != io.EOF {
+		any.err = iter.Error
+	}
+	return val
+}
+
+func (any *numberLazyAny) ToFloat64() float64 {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	val := iter.ReadFloat64()
+	if iter.Error != nil && iter.Error != io.EOF {
+		any.err = iter.Error
+	}
+	return val
+}
+
+func (any *numberLazyAny) ToString() string {
+	return *(*string)(unsafe.Pointer(&any.buf))
+}
+
+func (any *numberLazyAny) WriteTo(stream *Stream) {
+	stream.Write(any.buf)
+}
+
+func (any *numberLazyAny) GetInterface() interface{} {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	return iter.Read()
+}
diff --git a/vendor/github.com/json-iterator/go/any_object.go b/vendor/github.com/json-iterator/go/any_object.go
new file mode 100644
index 0000000000000..c44ef5c989a46
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_object.go
@@ -0,0 +1,374 @@
+package jsoniter
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type objectLazyAny struct {
+	baseAny
+	cfg *frozenConfig
+	buf []byte
+	err error
+}
+
+func (any *objectLazyAny) ValueType() ValueType {
+	return ObjectValue
+}
+
+func (any *objectLazyAny) MustBeValid() Any {
+	return any
+}
+
+func (any *objectLazyAny) LastError() error {
+	return any.err
+}
+
+func (any *objectLazyAny) ToBool() bool {
+	return true
+}
+
+func (any *objectLazyAny) ToInt() int {
+	return 0
+}
+
+func (any *objectLazyAny) ToInt32() int32 {
+	return 0
+}
+
+func (any *objectLazyAny) ToInt64() int64 {
+	return 0
+}
+
+func (any *objectLazyAny) ToUint() uint {
+	return 0
+}
+
+func (any *objectLazyAny) ToUint32() uint32 {
+	return 0
+}
+
+func (any *objectLazyAny) ToUint64() uint64 {
+	return 0
+}
+
+func (any *objectLazyAny) ToFloat32() float32 {
+	return 0
+}
+
+func (any *objectLazyAny) ToFloat64() float64 {
+	return 0
+}
+
+func (any *objectLazyAny) ToString() string {
+	return *(*string)(unsafe.Pointer(&any.buf))
+}
+
+func (any *objectLazyAny) ToVal(obj interface{}) {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	iter.ReadVal(obj)
+}
+
+func (any *objectLazyAny) Get(path ...interface{}) Any {
+	if len(path) == 0 {
+		return any
+	}
+	switch firstPath := path[0].(type) {
+	case string:
+		iter := any.cfg.BorrowIterator(any.buf)
+		defer any.cfg.ReturnIterator(iter)
+		valueBytes := locateObjectField(iter, firstPath)
+		if valueBytes == nil {
+			return newInvalidAny(path)
+		}
+		iter.ResetBytes(valueBytes)
+		return locatePath(iter, path[1:])
+	case int32:
+		if '*' == firstPath {
+			mappedAll := map[string]Any{}
+			iter := any.cfg.BorrowIterator(any.buf)
+			defer any.cfg.ReturnIterator(iter)
+			iter.ReadMapCB(func(iter *Iterator, field string) bool {
+				mapped := locatePath(iter, path[1:])
+				if mapped.ValueType() != InvalidValue {
+					mappedAll[field] = mapped
+				}
+				return true
+			})
+			return wrapMap(mappedAll)
+		}
+		return newInvalidAny(path)
+	default:
+		return newInvalidAny(path)
+	}
+}
+
+func (any *objectLazyAny) Keys() []string {
+	keys := []string{}
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	iter.ReadMapCB(func(iter *Iterator, field string) bool {
+		iter.Skip()
+		keys = append(keys, field)
+		return true
+	})
+	return keys
+}
+
+func (any *objectLazyAny) Size() int {
+	size := 0
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	iter.ReadObjectCB(func(iter *Iterator, field string) bool {
+		iter.Skip()
+		size++
+		return true
+	})
+	return size
+}
+
+func (any *objectLazyAny) WriteTo(stream *Stream) {
+	stream.Write(any.buf)
+}
+
+func (any *objectLazyAny) GetInterface() interface{} {
+	iter := any.cfg.BorrowIterator(any.buf)
+	defer any.cfg.ReturnIterator(iter)
+	return iter.Read()
+}
+
+type objectAny struct {
+	baseAny
+	err error
+	val reflect.Value
+}
+
+func wrapStruct(val interface{}) *objectAny {
+	return &objectAny{baseAny{}, nil, reflect.ValueOf(val)}
+}
+
+func (any *objectAny) ValueType() ValueType {
+	return ObjectValue
+}
+
+func (any *objectAny) MustBeValid() Any {
+	return any
+}
+
+func (any *objectAny) Parse() *Iterator {
+	return nil
+}
+
+func (any *objectAny) LastError() error {
+	return any.err
+}
+
+func (any *objectAny) ToBool() bool {
+	return any.val.NumField() != 0
+}
+
+func (any *objectAny) ToInt() int {
+	return 0
+}
+
+func (any *objectAny) ToInt32() int32 {
+	return 0
+}
+
+func (any *objectAny) ToInt64() int64 {
+	return 0
+}
+
+func (any *objectAny) ToUint() uint {
+	return 0
+}
+
+func (any *objectAny) ToUint32() uint32 {
+	return 0
+}
+
+func (any *objectAny) ToUint64() uint64 {
+	return 0
+}
+
+func (any *objectAny) ToFloat32() float32 {
+	return 0
+}
+
+func (any *objectAny) ToFloat64() float64 {
+	return 0
+}
+
+func (any *objectAny) ToString() string {
+	str, err := MarshalToString(any.val.Interface())
+	any.err = err
+	return str
+}
+
+func (any *objectAny) Get(path ...interface{}) Any {
+	if len(path) == 0 {
+		return any
+	}
+	switch firstPath := path[0].(type) {
+	case string:
+		field := any.val.FieldByName(firstPath)
+		if !field.IsValid() {
+			return newInvalidAny(path)
+		}
+		return Wrap(field.Interface())
+	case int32:
+		if '*' == firstPath {
+			mappedAll := map[string]Any{}
+			for i := 0; i < any.val.NumField(); i++ {
+				field := any.val.Field(i)
+				if field.CanInterface() {
+					mapped := Wrap(field.Interface()).Get(path[1:]...)
+					if mapped.ValueType() != InvalidValue {
+						mappedAll[any.val.Type().Field(i).Name] = mapped
+					}
+				}
+			}
+			return wrapMap(mappedAll)
+		}
+		return newInvalidAny(path)
+	default:
+		return newInvalidAny(path)
+	}
+}
+
+func (any *objectAny) Keys() []string {
+	keys := make([]string, 0, any.val.NumField())
+	for i := 0; i < any.val.NumField(); i++ {
+		keys = append(keys, any.val.Type().Field(i).Name)
+	}
+	return keys
+}
+
+func (any *objectAny) Size() int {
+	return any.val.NumField()
+}
+
+func (any *objectAny) WriteTo(stream *Stream) {
+	stream.WriteVal(any.val)
+}
+
+func (any *objectAny) GetInterface() interface{} {
+	return any.val.Interface()
+}
+
+type mapAny struct {
+	baseAny
+	err error
+	val reflect.Value
+}
+
+func wrapMap(val interface{}) *mapAny {
+	return &mapAny{baseAny{}, nil, reflect.ValueOf(val)}
+}
+
+func (any *mapAny) ValueType() ValueType {
+	return ObjectValue
+}
+
+func (any *mapAny) MustBeValid() Any {
+	return any
+}
+
+func (any *mapAny) Parse() *Iterator {
+	return nil
+}
+
+func (any *mapAny) LastError() error {
+	return any.err
+}
+
+func (any *mapAny) ToBool() bool {
+	return true
+}
+
+func (any *mapAny) ToInt() int {
+	return 0
+}
+
+func (any *mapAny) ToInt32() int32 {
+	return 0
+}
+
+func (any *mapAny) ToInt64() int64 {
+	return 0
+}
+
+func (any *mapAny) ToUint() uint {
+	return 0
+}
+
+func (any *mapAny) ToUint32() uint32 {
+	return 0
+}
+
+func (any *mapAny) ToUint64() uint64 {
+	return 0
+}
+
+func (any *mapAny) ToFloat32() float32 {
+	return 0
+}
+
+func (any *mapAny) ToFloat64() float64 {
+	return 0
+}
+
+func (any *mapAny) ToString() string {
+	str, err := MarshalToString(any.val.Interface())
+	any.err = err
+	return str
+}
+
+func (any *mapAny) Get(path ...interface{}) Any {
+	if len(path) == 0 {
+		return any
+	}
+	switch firstPath := path[0].(type) {
+	case int32:
+		if '*' == firstPath {
+			mappedAll := map[string]Any{}
+			for _, key := range any.val.MapKeys() {
+				keyAsStr := key.String()
+				element := Wrap(any.val.MapIndex(key).Interface())
+				mapped := element.Get(path[1:]...)
+				if mapped.ValueType() != InvalidValue {
+					mappedAll[keyAsStr] = mapped
+				}
+			}
+			return wrapMap(mappedAll)
+		}
+		return newInvalidAny(path)
+	default:
+		value := any.val.MapIndex(reflect.ValueOf(firstPath))
+		if !value.IsValid() {
+			return newInvalidAny(path)
+		}
+		return Wrap(value.Interface())
+	}
+}
+
+func (any *mapAny) Keys() []string {
+	keys := make([]string, 0, any.val.Len())
+	for _, key := range any.val.MapKeys() {
+		keys = append(keys, key.String())
+	}
+	return keys
+}
+
+func (any *mapAny) Size() int {
+	return any.val.Len()
+}
+
+func (any *mapAny) WriteTo(stream *Stream) {
+	stream.WriteVal(any.val)
+}
+
+func (any *mapAny) GetInterface() interface{} {
+	return any.val.Interface()
+}
diff --git a/vendor/github.com/json-iterator/go/any_str.go b/vendor/github.com/json-iterator/go/any_str.go
new file mode 100644
index 0000000000000..1f12f6612de98
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_str.go
@@ -0,0 +1,166 @@
+package jsoniter
+
+import (
+	"fmt"
+	"strconv"
+)
+
+type stringAny struct {
+	baseAny
+	val string
+}
+
+func (any *stringAny) Get(path ...interface{}) Any {
+	if len(path) == 0 {
+		return any
+	}
+	return &invalidAny{baseAny{}, fmt.Errorf("GetIndex %v from simple value", path)}
+}
+
+func (any *stringAny) Parse() *Iterator {
+	return nil
+}
+
+func (any *stringAny) ValueType() ValueType {
+	return StringValue
+}
+
+func (any *stringAny) MustBeValid() Any {
+	return any
+}
+
+func (any *stringAny) LastError() error {
+	return nil
+}
+
+func (any *stringAny) ToBool() bool {
+	str := any.ToString()
+	if str == "0" {
+		return false
+	}
+	for _, c := range str {
+		switch c {
+		case ' ', '\n', '\r', '\t':
+		default:
+			return true
+		}
+	}
+	return false
+}
+
+func (any *stringAny) ToInt() int {
+	return int(any.ToInt64())
+
+}
+
+func (any *stringAny) ToInt32() int32 {
+	return int32(any.ToInt64())
+}
+
+func (any *stringAny) ToInt64() int64 {
+	if any.val == "" {
+		return 0
+	}
+
+	flag := 1
+	startPos := 0
+	if any.val[0] == '+' || any.val[0] == '-' {
+		startPos = 1
+	}
+
+	if any.val[0] == '-' {
+		flag = -1
+	}
+
+	endPos := startPos
+	for i := startPos; i < len(any.val); i++ {
+		if any.val[i] >= '0' && any.val[i] <= '9' {
+			endPos = i + 1
+		} else {
+			break
+		}
+	}
+	parsed, _ := strconv.ParseInt(any.val[startPos:endPos], 10, 64)
+	return int64(flag) * parsed
+}
+
+func (any *stringAny) ToUint() uint {
+	return uint(any.ToUint64())
+}
+
+func (any *stringAny) ToUint32() uint32 {
+	return uint32(any.ToUint64())
+}
+
+func (any *stringAny) ToUint64() uint64 {
+	if any.val == "" {
+		return 0
+	}
+
+	startPos := 0
+
+	if any.val[0] == '-' {
+		return 0
+	}
+	if any.val[0] == '+' {
+		startPos = 1
+	}
+
+	endPos := startPos
+	for i := startPos; i < len(any.val); i++ {
+		if any.val[i] >= '0' && any.val[i] <= '9' {
+			endPos = i + 1
+		} else {
+			break
+		}
+	}
+	parsed, _ := strconv.ParseUint(any.val[startPos:endPos], 10, 64)
+	return parsed
+}
+
+func (any *stringAny) ToFloat32() float32 {
+	return float32(any.ToFloat64())
+}
+
+func (any *stringAny) ToFloat64() float64 {
+	if len(any.val) == 0 {
+		return 0
+	}
+
+	// first char invalid
+	if any.val[0] != '+' && any.val[0] != '-' && (any.val[0] > '9' || any.val[0] < '0') {
+		return 0
+	}
+
+	// extract valid num expression from string
+	// eg 123true => 123, -12.12xxa => -12.12
+	endPos := 1
+	for i := 1; i < len(any.val); i++ {
+		if any.val[i] == '.' || any.val[i] == 'e' || any.val[i] == 'E' || any.val[i] == '+' || any.val[i] == '-' {
+			endPos = i + 1
+			continue
+		}
+
+		// end position is the first char which is not digit
+		if any.val[i] >= '0' && any.val[i] <= '9' {
+			endPos = i + 1
+		} else {
+			endPos = i
+			break
+		}
+	}
+	parsed, _ := strconv.ParseFloat(any.val[:endPos], 64)
+	return parsed
+}
+
+func (any *stringAny) ToString() string {
+	return any.val
+}
+
+func (any *stringAny) WriteTo(stream *Stream) {
+	stream.WriteString(any.val)
+}
+
+func (any *stringAny) GetInterface() interface{} {
+	return any.val
+}
diff --git a/vendor/github.com/json-iterator/go/any_uint32.go b/vendor/github.com/json-iterator/go/any_uint32.go
new file mode 100644
index 0000000000000..656bbd33d7ee9
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_uint32.go
@@ -0,0 +1,74 @@
+package jsoniter
+
+import (
+	"strconv"
+)
+
+type uint32Any struct {
+	baseAny
+	val uint32
+}
+
+func (any *uint32Any) LastError() error {
+	return nil
+}
+
+func (any *uint32Any) ValueType() ValueType {
+	return NumberValue
+}
+
+func (any *uint32Any) MustBeValid() Any {
+	return any
+}
+
+func (any *uint32Any) ToBool() bool {
+	return any.val != 0
+}
+
+func (any *uint32Any) ToInt() int {
+	return int(any.val)
+}
+
+func (any *uint32Any) ToInt32() int32 {
+	return int32(any.val)
+}
+
+func (any *uint32Any) ToInt64() int64 {
+	return int64(any.val)
+}
+
+func (any *uint32Any) ToUint() uint {
+	return uint(any.val)
+}
+
+func (any *uint32Any) ToUint32() uint32 {
+	return any.val
+}
+
+func (any *uint32Any) ToUint64() uint64 {
+	return uint64(any.val)
+}
+
+func (any *uint32Any) ToFloat32() float32 {
+	return float32(any.val)
+}
+
+func (any *uint32Any) ToFloat64() float64 {
+	return float64(any.val)
+}
+
+func (any *uint32Any) ToString() string {
+	return strconv.FormatInt(int64(any.val), 10)
+}
+
+func (any *uint32Any) WriteTo(stream *Stream) {
+	stream.WriteUint32(any.val)
+}
+
+func (any *uint32Any) Parse() *Iterator {
+	return nil
+}
+
+func (any *uint32Any) GetInterface() interface{} {
+	return any.val
+}
diff --git a/vendor/github.com/json-iterator/go/any_uint64.go b/vendor/github.com/json-iterator/go/any_uint64.go
new file mode 100644
index 0000000000000..7df2fce33ba97
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/any_uint64.go
@@ -0,0 +1,74 @@
+package jsoniter
+
+import (
+	"strconv"
+)
+
+type uint64Any struct {
+	baseAny
+	val uint64
+}
+
+func (any *uint64Any) LastError() error {
+	return nil
+}
+
+func (any *uint64Any) ValueType() ValueType {
+	return NumberValue
+}
+
+func (any *uint64Any) MustBeValid() Any {
+	return any
+}
+
+func (any *uint64Any) ToBool() bool {
+	return any.val != 0
+}
+
+func (any *uint64Any) ToInt() int {
+	return int(any.val)
+}
+
+func (any *uint64Any) ToInt32() int32 {
+	return int32(any.val)
+}
+
+func (any *uint64Any) ToInt64() int64 {
+	return int64(any.val)
+}
+
+func (any *uint64Any) ToUint() uint {
+	return uint(any.val)
+}
+
+func (any *uint64Any) ToUint32() uint32 {
+	return uint32(any.val)
+}
+
+func (any *uint64Any) ToUint64() uint64 {
+	return any.val
+}
+
+func (any *uint64Any) ToFloat32() float32 {
+	return float32(any.val)
+}
+
+func (any *uint64Any) ToFloat64() float64 {
+	return float64(any.val)
+}
+
+func (any *uint64Any) ToString() string {
+	return strconv.FormatUint(any.val, 10)
+}
+
+func (any *uint64Any) WriteTo(stream *Stream) {
+	stream.WriteUint64(any.val)
+}
+
+func (any *uint64Any) Parse() *Iterator {
+	return nil
+}
+
+func (any *uint64Any) GetInterface() interface{} {
+	return any.val
+}
diff --git a/vendor/github.com/json-iterator/go/config.go b/vendor/github.com/json-iterator/go/config.go
new file mode 100644
index 0000000000000..2adcdc3b790e5
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/config.go
@@ -0,0 +1,375 @@
+package jsoniter
+
+import (
+	"encoding/json"
+	"io"
+	"reflect"
+	"sync"
+	"unsafe"
+
+	"github.com/modern-go/concurrent"
+	"github.com/modern-go/reflect2"
+)
+
+// Config customize how the API should behave.
+// The API is created from Config by Froze.
+type Config struct {
+	IndentionStep                 int
+	MarshalFloatWith6Digits       bool
+	EscapeHTML                    bool
+	SortMapKeys                   bool
+	UseNumber                     bool
+	DisallowUnknownFields         bool
+	TagKey                        string
+	OnlyTaggedField               bool
+	ValidateJsonRawMessage        bool
+	ObjectFieldMustBeSimpleString bool
+	CaseSensitive                 bool
+}
+
+// API the public interface of this package.
+// Primary Marshal and Unmarshal.
+type API interface {
+	IteratorPool
+	StreamPool
+	MarshalToString(v interface{}) (string, error)
+	Marshal(v interface{}) ([]byte, error)
+	MarshalIndent(v interface{}, prefix, indent string) ([]byte, error)
+	UnmarshalFromString(str string, v interface{}) error
+	Unmarshal(data []byte, v interface{}) error
+	Get(data []byte, path ...interface{}) Any
+	NewEncoder(writer io.Writer) *Encoder
+	NewDecoder(reader io.Reader) *Decoder
+	Valid(data []byte) bool
+	RegisterExtension(extension Extension)
+	DecoderOf(typ reflect2.Type) ValDecoder
+	EncoderOf(typ reflect2.Type) ValEncoder
+}
+
+// ConfigDefault the default API
+var ConfigDefault = Config{
+	EscapeHTML: true,
+}.Froze()
+
+// ConfigCompatibleWithStandardLibrary tries to be 100% compatible with standard library behavior
+var ConfigCompatibleWithStandardLibrary = Config{
+	EscapeHTML:             true,
+	SortMapKeys:            true,
+	ValidateJsonRawMessage: true,
+}.Froze()
+
+// ConfigFastest marshals float with only 6 digits precision
+var ConfigFastest = Config{
+	EscapeHTML:                    false,
+	MarshalFloatWith6Digits:       true, // will lose precession
+	ObjectFieldMustBeSimpleString: true, // do not unescape object field
+}.Froze()
+
+type frozenConfig struct {
+	configBeforeFrozen            Config
+	sortMapKeys                   bool
+	indentionStep                 int
+	objectFieldMustBeSimpleString bool
+	onlyTaggedField               bool
+	disallowUnknownFields         bool
+	decoderCache                  *concurrent.Map
+	encoderCache                  *concurrent.Map
+	encoderExtension              Extension
+	decoderExtension              Extension
+	extraExtensions               []Extension
+	streamPool                    *sync.Pool
+	iteratorPool                  *sync.Pool
+	caseSensitive                 bool
+}
+
+func (cfg *frozenConfig) initCache() {
+	cfg.decoderCache = concurrent.NewMap()
+	cfg.encoderCache = concurrent.NewMap()
+}
+
+func (cfg *frozenConfig) addDecoderToCache(cacheKey uintptr, decoder ValDecoder) {
+	cfg.decoderCache.Store(cacheKey, decoder)
+}
+
+func (cfg *frozenConfig) addEncoderToCache(cacheKey uintptr, encoder ValEncoder) {
+	cfg.encoderCache.Store(cacheKey, encoder)
+}
+
+func (cfg *frozenConfig) getDecoderFromCache(cacheKey uintptr) ValDecoder {
+	decoder, found := cfg.decoderCache.Load(cacheKey)
+	if found {
+		return decoder.(ValDecoder)
+	}
+	return nil
+}
+
+func (cfg *frozenConfig) getEncoderFromCache(cacheKey uintptr) ValEncoder {
+	encoder, found := cfg.encoderCache.Load(cacheKey)
+	if found {
+		return encoder.(ValEncoder)
+	}
+	return nil
+}
+
+var cfgCache = concurrent.NewMap()
+
+func getFrozenConfigFromCache(cfg Config) *frozenConfig {
+	obj, found := cfgCache.Load(cfg)
+	if found {
+		return obj.(*frozenConfig)
+	}
+	return nil
+}
+
+func addFrozenConfigToCache(cfg Config, frozenConfig *frozenConfig) {
+	cfgCache.Store(cfg, frozenConfig)
+}
+
+// Froze forge API from config
+func (cfg Config) Froze() API {
+	api := &frozenConfig{
+		sortMapKeys:                   cfg.SortMapKeys,
+		indentionStep:                 cfg.IndentionStep,
+		objectFieldMustBeSimpleString: cfg.ObjectFieldMustBeSimpleString,
+		onlyTaggedField:               cfg.OnlyTaggedField,
+		disallowUnknownFields:         cfg.DisallowUnknownFields,
+		caseSensitive:                 cfg.CaseSensitive,
+	}
+	api.streamPool = &sync.Pool{
+		New: func() interface{} {
+			return NewStream(api, nil, 512)
+		},
+	}
+	api.iteratorPool = &sync.Pool{
+		New: func() interface{} {
+			return NewIterator(api)
+		},
+	}
+	api.initCache()
+	encoderExtension := EncoderExtension{}
+	decoderExtension := DecoderExtension{}
+	if cfg.MarshalFloatWith6Digits {
+		api.marshalFloatWith6Digits(encoderExtension)
+	}
+	if cfg.EscapeHTML {
+		api.escapeHTML(encoderExtension)
+	}
+	if cfg.UseNumber {
+		api.useNumber(decoderExtension)
+	}
+	if cfg.ValidateJsonRawMessage {
+		api.validateJsonRawMessage(encoderExtension)
+	}
+	api.encoderExtension = encoderExtension
+	api.decoderExtension = decoderExtension
+	api.configBeforeFrozen = cfg
+	return api
+}
+
+func (cfg Config) frozeWithCacheReuse(extraExtensions []Extension) *frozenConfig {
+	api := getFrozenConfigFromCache(cfg)
+	if api != nil {
+		return api
+	}
+	api = cfg.Froze().(*frozenConfig)
+	for _, extension := range extraExtensions {
+		api.RegisterExtension(extension)
+	}
+	addFrozenConfigToCache(cfg, api)
+	return api
+}
+
+func (cfg *frozenConfig) validateJsonRawMessage(extension EncoderExtension) {
+	encoder := &funcEncoder{func(ptr unsafe.Pointer, stream *Stream) {
+		rawMessage := *(*json.RawMessage)(ptr)
+		iter := cfg.BorrowIterator([]byte(rawMessage))
+		defer cfg.ReturnIterator(iter)
+		iter.Read()
+		if iter.Error != nil && iter.Error != io.EOF {
+			stream.WriteRaw("null")
+		} else {
+			stream.WriteRaw(string(rawMessage))
+		}
+	}, func(ptr unsafe.Pointer) bool {
+		return len(*((*json.RawMessage)(ptr))) == 0
+	}}
+	extension[reflect2.TypeOfPtr((*json.RawMessage)(nil)).Elem()] = encoder
+	extension[reflect2.TypeOfPtr((*RawMessage)(nil)).Elem()] = encoder
+}
+
+func (cfg *frozenConfig) useNumber(extension DecoderExtension) {
+	extension[reflect2.TypeOfPtr((*interface{})(nil)).Elem()] = &funcDecoder{func(ptr unsafe.Pointer, iter *Iterator) {
+		exitingValue := *((*interface{})(ptr))
+		if exitingValue != nil && reflect.TypeOf(exitingValue).Kind() == reflect.Ptr {
+			iter.ReadVal(exitingValue)
+			return
+		}
+		if iter.WhatIsNext() == NumberValue {
+			*((*interface{})(ptr)) = json.Number(iter.readNumberAsString())
+		} else {
+			*((*interface{})(ptr)) = iter.Read()
+		}
+	}}
+}
+func (cfg *frozenConfig) getTagKey() string {
+	tagKey := cfg.configBeforeFrozen.TagKey
+	if tagKey == "" {
+		return "json"
+	}
+	return tagKey
+}
+
+func (cfg *frozenConfig) RegisterExtension(extension Extension) {
+	cfg.extraExtensions = append(cfg.extraExtensions, extension)
+	copied := cfg.configBeforeFrozen
+	cfg.configBeforeFrozen = copied
+}
+
+type lossyFloat32Encoder struct {
+}
+
+func (encoder *lossyFloat32Encoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteFloat32Lossy(*((*float32)(ptr)))
+}
+
+func (encoder *lossyFloat32Encoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*float32)(ptr)) == 0
+}
+
+type lossyFloat64Encoder struct {
+}
+
+func (encoder *lossyFloat64Encoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteFloat64Lossy(*((*float64)(ptr)))
+}
+
+func (encoder *lossyFloat64Encoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*float64)(ptr)) == 0
+}
+
+// EnableLossyFloatMarshalling keeps 10**(-6) precision
+// for float variables for better performance.
+func (cfg *frozenConfig) marshalFloatWith6Digits(extension EncoderExtension) {
+	// for better performance
+	extension[reflect2.TypeOfPtr((*float32)(nil)).Elem()] = &lossyFloat32Encoder{}
+	extension[reflect2.TypeOfPtr((*float64)(nil)).Elem()] = &lossyFloat64Encoder{}
+}
+
+type htmlEscapedStringEncoder struct {
+}
+
+func (encoder *htmlEscapedStringEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	str := *((*string)(ptr))
+	stream.WriteStringWithHTMLEscaped(str)
+}
+
+func (encoder *htmlEscapedStringEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*string)(ptr)) == ""
+}
+
+func (cfg *frozenConfig) escapeHTML(encoderExtension EncoderExtension) {
+	encoderExtension[reflect2.TypeOfPtr((*string)(nil)).Elem()] = &htmlEscapedStringEncoder{}
+}
+
+func (cfg *frozenConfig) cleanDecoders() {
+	typeDecoders = map[string]ValDecoder{}
+	fieldDecoders = map[string]ValDecoder{}
+	*cfg = *(cfg.configBeforeFrozen.Froze().(*frozenConfig))
+}
+
+func (cfg *frozenConfig) cleanEncoders() {
+	typeEncoders = map[string]ValEncoder{}
+	fieldEncoders = map[string]ValEncoder{}
+	*cfg = *(cfg.configBeforeFrozen.Froze().(*frozenConfig))
+}
+
+func (cfg *frozenConfig) MarshalToString(v interface{}) (string, error) {
+	stream := cfg.BorrowStream(nil)
+	defer cfg.ReturnStream(stream)
+	stream.WriteVal(v)
+	if stream.Error != nil {
+		return "", stream.Error
+	}
+	return string(stream.Buffer()), nil
+}
+
+func (cfg *frozenConfig) Marshal(v interface{}) ([]byte, error) {
+	stream := cfg.BorrowStream(nil)
+	defer cfg.ReturnStream(stream)
+	stream.WriteVal(v)
+	if stream.Error != nil {
+		return nil, stream.Error
+	}
+	result := stream.Buffer()
+	copied := make([]byte, len(result))
+	copy(copied, result)
+	return copied, nil
+}
+
+func (cfg *frozenConfig) MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	if prefix != "" {
+		panic("prefix is not supported")
+	}
+	for _, r := range indent {
+		if r != ' ' {
+			panic("indent can only be space")
+		}
+	}
+	newCfg := cfg.configBeforeFrozen
+	newCfg.IndentionStep = len(indent)
+	return newCfg.frozeWithCacheReuse(cfg.extraExtensions).Marshal(v)
+}
+
+func (cfg *frozenConfig) UnmarshalFromString(str string, v interface{}) error {
+	data := []byte(str)
+	iter := cfg.BorrowIterator(data)
+	defer cfg.ReturnIterator(iter)
+	iter.ReadVal(v)
+	c := iter.nextToken()
+	if c == 0 {
+		if iter.Error == io.EOF {
+			return nil
+		}
+		return iter.Error
+	}
+	iter.ReportError("Unmarshal", "there are bytes left after unmarshal")
+	return iter.Error
+}
+
+func (cfg *frozenConfig) Get(data []byte, path ...interface{}) Any {
+	iter := cfg.BorrowIterator(data)
+	defer cfg.ReturnIterator(iter)
+	return locatePath(iter, path)
+}
+
+func (cfg *frozenConfig) Unmarshal(data []byte, v interface{}) error {
+	iter := cfg.BorrowIterator(data)
+	defer cfg.ReturnIterator(iter)
+	iter.ReadVal(v)
+	c := iter.nextToken()
+	if c == 0 {
+		if iter.Error == io.EOF {
+			return nil
+		}
+		return iter.Error
+	}
+	iter.ReportError("Unmarshal", "there are bytes left after unmarshal")
+	return iter.Error
+}
+
+func (cfg *frozenConfig) NewEncoder(writer io.Writer) *Encoder {
+	stream := NewStream(cfg, writer, 512)
+	return &Encoder{stream}
+}
+
+func (cfg *frozenConfig) NewDecoder(reader io.Reader) *Decoder {
+	iter := Parse(cfg, reader, 512)
+	return &Decoder{iter}
+}
+
+func (cfg *frozenConfig) Valid(data []byte) bool {
+	iter := cfg.BorrowIterator(data)
+	defer cfg.ReturnIterator(iter)
+	iter.Skip()
+	return iter.Error == nil
+}
diff --git a/vendor/github.com/json-iterator/go/go.mod b/vendor/github.com/json-iterator/go/go.mod
new file mode 100644
index 0000000000000..e05c42ff58b81
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/go.mod
@@ -0,0 +1,11 @@
+module github.com/json-iterator/go
+
+go 1.12
+
+require (
+	github.com/davecgh/go-spew v1.1.1
+	github.com/google/gofuzz v1.0.0
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421
+	github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742
+	github.com/stretchr/testify v1.3.0
+)
diff --git a/vendor/github.com/json-iterator/go/iter.go b/vendor/github.com/json-iterator/go/iter.go
new file mode 100644
index 0000000000000..29b31cf789506
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter.go
@@ -0,0 +1,349 @@
+package jsoniter
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+)
+
+// ValueType the type for JSON element
+type ValueType int
+
+const (
+	// InvalidValue invalid JSON element
+	InvalidValue ValueType = iota
+	// StringValue JSON element "string"
+	StringValue
+	// NumberValue JSON element 100 or 0.10
+	NumberValue
+	// NilValue JSON element null
+	NilValue
+	// BoolValue JSON element true or false
+	BoolValue
+	// ArrayValue JSON element []
+	ArrayValue
+	// ObjectValue JSON element {}
+	ObjectValue
+)
+
+var hexDigits []byte
+var valueTypes []ValueType
+
+func init() {
+	hexDigits = make([]byte, 256)
+	for i := 0; i < len(hexDigits); i++ {
+		hexDigits[i] = 255
+	}
+	for i := '0'; i <= '9'; i++ {
+		hexDigits[i] = byte(i - '0')
+	}
+	for i := 'a'; i <= 'f'; i++ {
+		hexDigits[i] = byte((i - 'a') + 10)
+	}
+	for i := 'A'; i <= 'F'; i++ {
+		hexDigits[i] = byte((i - 'A') + 10)
+	}
+	valueTypes = make([]ValueType, 256)
+	for i := 0; i < len(valueTypes); i++ {
+		valueTypes[i] = InvalidValue
+	}
+	valueTypes['"'] = StringValue
+	valueTypes['-'] = NumberValue
+	valueTypes['0'] = NumberValue
+	valueTypes['1'] = NumberValue
+	valueTypes['2'] = NumberValue
+	valueTypes['3'] = NumberValue
+	valueTypes['4'] = NumberValue
+	valueTypes['5'] = NumberValue
+	valueTypes['6'] = NumberValue
+	valueTypes['7'] = NumberValue
+	valueTypes['8'] = NumberValue
+	valueTypes['9'] = NumberValue
+	valueTypes['t'] = BoolValue
+	valueTypes['f'] = BoolValue
+	valueTypes['n'] = NilValue
+	valueTypes['['] = ArrayValue
+	valueTypes['{'] = ObjectValue
+}
+
+// Iterator is a io.Reader like object, with JSON specific read functions.
+// Error is not returned as return value, but stored as Error member on this iterator instance.
+type Iterator struct {
+	cfg              *frozenConfig
+	reader           io.Reader
+	buf              []byte
+	head             int
+	tail             int
+	depth            int
+	captureStartedAt int
+	captured         []byte
+	Error            error
+	Attachment       interface{} // open for customized decoder
+}
+
+// NewIterator creates an empty Iterator instance
+func NewIterator(cfg API) *Iterator {
+	return &Iterator{
+		cfg:    cfg.(*frozenConfig),
+		reader: nil,
+		buf:    nil,
+		head:   0,
+		tail:   0,
+		depth:  0,
+	}
+}
+
+// Parse creates an Iterator instance from io.Reader
+func Parse(cfg API, reader io.Reader, bufSize int) *Iterator {
+	return &Iterator{
+		cfg:    cfg.(*frozenConfig),
+		reader: reader,
+		buf:    make([]byte, bufSize),
+		head:   0,
+		tail:   0,
+		depth:  0,
+	}
+}
+
+// ParseBytes creates an Iterator instance from byte array
+func ParseBytes(cfg API, input []byte) *Iterator {
+	return &Iterator{
+		cfg:    cfg.(*frozenConfig),
+		reader: nil,
+		buf:    input,
+		head:   0,
+		tail:   len(input),
+		depth:  0,
+	}
+}
+
+// ParseString creates an Iterator instance from string
+func ParseString(cfg API, input string) *Iterator {
+	return ParseBytes(cfg, []byte(input))
+}
+
+// Pool returns a pool can provide more iterator with same configuration
+func (iter *Iterator) Pool() IteratorPool {
+	return iter.cfg
+}
+
+// Reset reuse iterator instance by specifying another reader
+func (iter *Iterator) Reset(reader io.Reader) *Iterator {
+	iter.reader = reader
+	iter.head = 0
+	iter.tail = 0
+	iter.depth = 0
+	return iter
+}
+
+// ResetBytes reuse iterator instance by specifying another byte array as input
+func (iter *Iterator) ResetBytes(input []byte) *Iterator {
+	iter.reader = nil
+	iter.buf = input
+	iter.head = 0
+	iter.tail = len(input)
+	iter.depth = 0
+	return iter
+}
+
+// WhatIsNext gets ValueType of relatively next json element
+func (iter *Iterator) WhatIsNext() ValueType {
+	valueType := valueTypes[iter.nextToken()]
+	iter.unreadByte()
+	return valueType
+}
+
+func (iter *Iterator) skipWhitespacesWithoutLoadMore() bool {
+	for i := iter.head; i < iter.tail; i++ {
+		c := iter.buf[i]
+		switch c {
+		case ' ', '\n', '\t', '\r':
+			continue
+		}
+		iter.head = i
+		return false
+	}
+	return true
+}
+
+func (iter *Iterator) isObjectEnd() bool {
+	c := iter.nextToken()
+	if c == ',' {
+		return false
+	}
+	if c == '}' {
+		return true
+	}
+	iter.ReportError("isObjectEnd", "object ended prematurely, unexpected char "+string([]byte{c}))
+	return true
+}
+
+func (iter *Iterator) nextToken() byte {
+	// a variation of skip whitespaces, returning the next non-whitespace token
+	for {
+		for i := iter.head; i < iter.tail; i++ {
+			c := iter.buf[i]
+			switch c {
+			case ' ', '\n', '\t', '\r':
+				continue
+			}
+			iter.head = i + 1
+			return c
+		}
+		if !iter.loadMore() {
+			return 0
+		}
+	}
+}
+
+// ReportError record a error in iterator instance with current position.
+func (iter *Iterator) ReportError(operation string, msg string) {
+	if iter.Error != nil {
+		if iter.Error != io.EOF {
+			return
+		}
+	}
+	peekStart := iter.head - 10
+	if peekStart < 0 {
+		peekStart = 0
+	}
+	peekEnd := iter.head + 10
+	if peekEnd > iter.tail {
+		peekEnd = iter.tail
+	}
+	parsing := string(iter.buf[peekStart:peekEnd])
+	contextStart := iter.head - 50
+	if contextStart < 0 {
+		contextStart = 0
+	}
+	contextEnd := iter.head + 50
+	if contextEnd > iter.tail {
+		contextEnd = iter.tail
+	}
+	context := string(iter.buf[contextStart:contextEnd])
+	iter.Error = fmt.Errorf("%s: %s, error found in #%v byte of ...|%s|..., bigger context ...|%s|...",
+		operation, msg, iter.head-peekStart, parsing, context)
+}
+
+// CurrentBuffer gets current buffer as string for debugging purpose
+func (iter *Iterator) CurrentBuffer() string {
+	peekStart := iter.head - 10
+	if peekStart < 0 {
+		peekStart = 0
+	}
+	return fmt.Sprintf("parsing #%v byte, around ...|%s|..., whole buffer ...|%s|...", iter.head,
+		string(iter.buf[peekStart:iter.head]), string(iter.buf[0:iter.tail]))
+}
+
+func (iter *Iterator) readByte() (ret byte) {
+	if iter.head == iter.tail {
+		if iter.loadMore() {
+			ret = iter.buf[iter.head]
+			iter.head++
+			return ret
+		}
+		return 0
+	}
+	ret = iter.buf[iter.head]
+	iter.head++
+	return ret
+}
+
+func (iter *Iterator) loadMore() bool {
+	if iter.reader == nil {
+		if iter.Error == nil {
+			iter.head = iter.tail
+			iter.Error = io.EOF
+		}
+		return false
+	}
+	if iter.captured != nil {
+		iter.captured = append(iter.captured,
+			iter.buf[iter.captureStartedAt:iter.tail]...)
+		iter.captureStartedAt = 0
+	}
+	for {
+		n, err := iter.reader.Read(iter.buf)
+		if n == 0 {
+			if err != nil {
+				if iter.Error == nil {
+					iter.Error = err
+				}
+				return false
+			}
+		} else {
+			iter.head = 0
+			iter.tail = n
+			return true
+		}
+	}
+}
+
+func (iter *Iterator) unreadByte() {
+	if iter.Error != nil {
+		return
+	}
+	iter.head--
+	return
+}
+
+// Read read the next JSON element as generic interface{}.
+func (iter *Iterator) Read() interface{} {
+	valueType := iter.WhatIsNext()
+	switch valueType {
+	case StringValue:
+		return iter.ReadString()
+	case NumberValue:
+		if iter.cfg.configBeforeFrozen.UseNumber {
+			return json.Number(iter.readNumberAsString())
+		}
+		return iter.ReadFloat64()
+	case NilValue:
+		iter.skipFourBytes('n', 'u', 'l', 'l')
+		return nil
+	case BoolValue:
+		return iter.ReadBool()
+	case ArrayValue:
+		arr := []interface{}{}
+		iter.ReadArrayCB(func(iter *Iterator) bool {
+			var elem interface{}
+			iter.ReadVal(&elem)
+			arr = append(arr, elem)
+			return true
+		})
+		return arr
+	case ObjectValue:
+		obj := map[string]interface{}{}
+		iter.ReadMapCB(func(Iter *Iterator, field string) bool {
+			var elem interface{}
+			iter.ReadVal(&elem)
+			obj[field] = elem
+			return true
+		})
+		return obj
+	default:
+		iter.ReportError("Read", fmt.Sprintf("unexpected value type: %v", valueType))
+		return nil
+	}
+}
+
+// limit maximum depth of nesting, as allowed by https://tools.ietf.org/html/rfc7159#section-9
+const maxDepth = 10000
+
+func (iter *Iterator) incrementDepth() (success bool) {
+	iter.depth++
+	if iter.depth <= maxDepth {
+		return true
+	}
+	iter.ReportError("incrementDepth", "exceeded max depth")
+	return false
+}
+
+func (iter *Iterator) decrementDepth() (success bool) {
+	iter.depth--
+	if iter.depth >= 0 {
+		return true
+	}
+	iter.ReportError("decrementDepth", "unexpected negative nesting")
+	return false
+}
diff --git a/vendor/github.com/json-iterator/go/iter_array.go b/vendor/github.com/json-iterator/go/iter_array.go
new file mode 100644
index 0000000000000..204fe0e0922aa
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter_array.go
@@ -0,0 +1,64 @@
+package jsoniter
+
+// ReadArray read array element, tells if the array has more element to read.
+func (iter *Iterator) ReadArray() (ret bool) {
+	c := iter.nextToken()
+	switch c {
+	case 'n':
+		iter.skipThreeBytes('u', 'l', 'l')
+		return false // null
+	case '[':
+		c = iter.nextToken()
+		if c != ']' {
+			iter.unreadByte()
+			return true
+		}
+		return false
+	case ']':
+		return false
+	case ',':
+		return true
+	default:
+		iter.ReportError("ReadArray", "expect [ or , or ] or n, but found "+string([]byte{c}))
+		return
+	}
+}
+
+// ReadArrayCB read array with callback
+func (iter *Iterator) ReadArrayCB(callback func(*Iterator) bool) (ret bool) {
+	c := iter.nextToken()
+	if c == '[' {
+		if !iter.incrementDepth() {
+			return false
+		}
+		c = iter.nextToken()
+		if c != ']' {
+			iter.unreadByte()
+			if !callback(iter) {
+				iter.decrementDepth()
+				return false
+			}
+			c = iter.nextToken()
+			for c == ',' {
+				if !callback(iter) {
+					iter.decrementDepth()
+					return false
+				}
+				c = iter.nextToken()
+			}
+			if c != ']' {
+				iter.ReportError("ReadArrayCB", "expect ] in the end, but found "+string([]byte{c}))
+				iter.decrementDepth()
+				return false
+			}
+			return iter.decrementDepth()
+		}
+		return iter.decrementDepth()
+	}
+	if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l')
+		return true // null
+	}
+	iter.ReportError("ReadArrayCB", "expect [ or n, but found "+string([]byte{c}))
+	return false
+}
diff --git a/vendor/github.com/json-iterator/go/iter_float.go b/vendor/github.com/json-iterator/go/iter_float.go
new file mode 100644
index 0000000000000..b9754638e8886
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter_float.go
@@ -0,0 +1,339 @@
+package jsoniter
+
+import (
+	"encoding/json"
+	"io"
+	"math/big"
+	"strconv"
+	"strings"
+	"unsafe"
+)
+
+var floatDigits []int8
+
+const invalidCharForNumber = int8(-1)
+const endOfNumber = int8(-2)
+const dotInNumber = int8(-3)
+
+func init() {
+	floatDigits = make([]int8, 256)
+	for i := 0; i < len(floatDigits); i++ {
+		floatDigits[i] = invalidCharForNumber
+	}
+	for i := int8('0'); i <= int8('9'); i++ {
+		floatDigits[i] = i - int8('0')
+	}
+	floatDigits[','] = endOfNumber
+	floatDigits[']'] = endOfNumber
+	floatDigits['}'] = endOfNumber
+	floatDigits[' '] = endOfNumber
+	floatDigits['\t'] = endOfNumber
+	floatDigits['\n'] = endOfNumber
+	floatDigits['.'] = dotInNumber
+}
+
+// ReadBigFloat read big.Float
+func (iter *Iterator) ReadBigFloat() (ret *big.Float) {
+	str := iter.readNumberAsString()
+	if iter.Error != nil && iter.Error != io.EOF {
+		return nil
+	}
+	prec := 64
+	if len(str) > prec {
+		prec = len(str)
+	}
+	val, _, err := big.ParseFloat(str, 10, uint(prec), big.ToZero)
+	if err != nil {
+		iter.Error = err
+		return nil
+	}
+	return val
+}
+
+// ReadBigInt read big.Int
+func (iter *Iterator) ReadBigInt() (ret *big.Int) {
+	str := iter.readNumberAsString()
+	if iter.Error != nil && iter.Error != io.EOF {
+		return nil
+	}
+	ret = big.NewInt(0)
+	var success bool
+	ret, success = ret.SetString(str, 10)
+	if !success {
+		iter.ReportError("ReadBigInt", "invalid big int")
+		return nil
+	}
+	return ret
+}
+
+//ReadFloat32 read float32
+func (iter *Iterator) ReadFloat32() (ret float32) {
+	c := iter.nextToken()
+	if c == '-' {
+		return -iter.readPositiveFloat32()
+	}
+	iter.unreadByte()
+	return iter.readPositiveFloat32()
+}
+
+func (iter *Iterator) readPositiveFloat32() (ret float32) {
+	i := iter.head
+	// first char
+	if i == iter.tail {
+		return iter.readFloat32SlowPath()
+	}
+	c := iter.buf[i]
+	i++
+	ind := floatDigits[c]
+	switch ind {
+	case invalidCharForNumber:
+		return iter.readFloat32SlowPath()
+	case endOfNumber:
+		iter.ReportError("readFloat32", "empty number")
+		return
+	case dotInNumber:
+		iter.ReportError("readFloat32", "leading dot is invalid")
+		return
+	case 0:
+		if i == iter.tail {
+			return iter.readFloat32SlowPath()
+		}
+		c = iter.buf[i]
+		switch c {
+		case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			iter.ReportError("readFloat32", "leading zero is invalid")
+			return
+		}
+	}
+	value := uint64(ind)
+	// chars before dot
+non_decimal_loop:
+	for ; i < iter.tail; i++ {
+		c = iter.buf[i]
+		ind := floatDigits[c]
+		switch ind {
+		case invalidCharForNumber:
+			return iter.readFloat32SlowPath()
+		case endOfNumber:
+			iter.head = i
+			return float32(value)
+		case dotInNumber:
+			break non_decimal_loop
+		}
+		if value > uint64SafeToMultiple10 {
+			return iter.readFloat32SlowPath()
+		}
+		value = (value << 3) + (value << 1) + uint64(ind) // value = value * 10 + ind;
+	}
+	// chars after dot
+	if c == '.' {
+		i++
+		decimalPlaces := 0
+		if i == iter.tail {
+			return iter.readFloat32SlowPath()
+		}
+		for ; i < iter.tail; i++ {
+			c = iter.buf[i]
+			ind := floatDigits[c]
+			switch ind {
+			case endOfNumber:
+				if decimalPlaces > 0 && decimalPlaces < len(pow10) {
+					iter.head = i
+					return float32(float64(value) / float64(pow10[decimalPlaces]))
+				}
+				// too many decimal places
+				return iter.readFloat32SlowPath()
+			case invalidCharForNumber, dotInNumber:
+				return iter.readFloat32SlowPath()
+			}
+			decimalPlaces++
+			if value > uint64SafeToMultiple10 {
+				return iter.readFloat32SlowPath()
+			}
+			value = (value << 3) + (value << 1) + uint64(ind)
+		}
+	}
+	return iter.readFloat32SlowPath()
+}
+
+func (iter *Iterator) readNumberAsString() (ret string) {
+	strBuf := [16]byte{}
+	str := strBuf[0:0]
+load_loop:
+	for {
+		for i := iter.head; i < iter.tail; i++ {
+			c := iter.buf[i]
+			switch c {
+			case '+', '-', '.', 'e', 'E', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+				str = append(str, c)
+				continue
+			default:
+				iter.head = i
+				break load_loop
+			}
+		}
+		if !iter.loadMore() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF {
+		return
+	}
+	if len(str) == 0 {
+		iter.ReportError("readNumberAsString", "invalid number")
+	}
+	return *(*string)(unsafe.Pointer(&str))
+}
+
+func (iter *Iterator) readFloat32SlowPath() (ret float32) {
+	str := iter.readNumberAsString()
+	if iter.Error != nil && iter.Error != io.EOF {
+		return
+	}
+	errMsg := validateFloat(str)
+	if errMsg != "" {
+		iter.ReportError("readFloat32SlowPath", errMsg)
+		return
+	}
+	val, err := strconv.ParseFloat(str, 32)
+	if err != nil {
+		iter.Error = err
+		return
+	}
+	return float32(val)
+}
+
+// ReadFloat64 read float64
+func (iter *Iterator) ReadFloat64() (ret float64) {
+	c := iter.nextToken()
+	if c == '-' {
+		return -iter.readPositiveFloat64()
+	}
+	iter.unreadByte()
+	return iter.readPositiveFloat64()
+}
+
+func (iter *Iterator) readPositiveFloat64() (ret float64) {
+	i := iter.head
+	// first char
+	if i == iter.tail {
+		return iter.readFloat64SlowPath()
+	}
+	c := iter.buf[i]
+	i++
+	ind := floatDigits[c]
+	switch ind {
+	case invalidCharForNumber:
+		return iter.readFloat64SlowPath()
+	case endOfNumber:
+		iter.ReportError("readFloat64", "empty number")
+		return
+	case dotInNumber:
+		iter.ReportError("readFloat64", "leading dot is invalid")
+		return
+	case 0:
+		if i == iter.tail {
+			return iter.readFloat64SlowPath()
+		}
+		c = iter.buf[i]
+		switch c {
+		case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			iter.ReportError("readFloat64", "leading zero is invalid")
+			return
+		}
+	}
+	value := uint64(ind)
+	// chars before dot
+non_decimal_loop:
+	for ; i < iter.tail; i++ {
+		c = iter.buf[i]
+		ind := floatDigits[c]
+		switch ind {
+		case invalidCharForNumber:
+			return iter.readFloat64SlowPath()
+		case endOfNumber:
+			iter.head = i
+			return float64(value)
+		case dotInNumber:
+			break non_decimal_loop
+		}
+		if value > uint64SafeToMultiple10 {
+			return iter.readFloat64SlowPath()
+		}
+		value = (value << 3) + (value << 1) + uint64(ind) // value = value * 10 + ind;
+	}
+	// chars after dot
+	if c == '.' {
+		i++
+		decimalPlaces := 0
+		if i == iter.tail {
+			return iter.readFloat64SlowPath()
+		}
+		for ; i < iter.tail; i++ {
+			c = iter.buf[i]
+			ind := floatDigits[c]
+			switch ind {
+			case endOfNumber:
+				if decimalPlaces > 0 && decimalPlaces < len(pow10) {
+					iter.head = i
+					return float64(value) / float64(pow10[decimalPlaces])
+				}
+				// too many decimal places
+				return iter.readFloat64SlowPath()
+			case invalidCharForNumber, dotInNumber:
+				return iter.readFloat64SlowPath()
+			}
+			decimalPlaces++
+			if value > uint64SafeToMultiple10 {
+				return iter.readFloat64SlowPath()
+			}
+			value = (value << 3) + (value << 1) + uint64(ind)
+		}
+	}
+	return iter.readFloat64SlowPath()
+}
+
+func (iter *Iterator) readFloat64SlowPath() (ret float64) {
+	str := iter.readNumberAsString()
+	if iter.Error != nil && iter.Error != io.EOF {
+		return
+	}
+	errMsg := validateFloat(str)
+	if errMsg != "" {
+		iter.ReportError("readFloat64SlowPath", errMsg)
+		return
+	}
+	val, err := strconv.ParseFloat(str, 64)
+	if err != nil {
+		iter.Error = err
+		return
+	}
+	return val
+}
+
+func validateFloat(str string) string {
+	// strconv.ParseFloat is not validating `1.` or `1.e1`
+	if len(str) == 0 {
+		return "empty number"
+	}
+	if str[0] == '-' {
+		return "-- is not valid"
+	}
+	dotPos := strings.IndexByte(str, '.')
+	if dotPos != -1 {
+		if dotPos == len(str)-1 {
+			return "dot can not be last character"
+		}
+		switch str[dotPos+1] {
+		case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+		default:
+			return "missing digit after dot"
+		}
+	}
+	return ""
+}
+
+// ReadNumber read json.Number
+func (iter *Iterator) ReadNumber() (ret json.Number) {
+	return json.Number(iter.readNumberAsString())
+}
diff --git a/vendor/github.com/json-iterator/go/iter_int.go b/vendor/github.com/json-iterator/go/iter_int.go
new file mode 100644
index 0000000000000..2142320355e87
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter_int.go
@@ -0,0 +1,345 @@
+package jsoniter
+
+import (
+	"math"
+	"strconv"
+)
+
+var intDigits []int8
+
+const uint32SafeToMultiply10 = uint32(0xffffffff)/10 - 1
+const uint64SafeToMultiple10 = uint64(0xffffffffffffffff)/10 - 1
+
+func init() {
+	intDigits = make([]int8, 256)
+	for i := 0; i < len(intDigits); i++ {
+		intDigits[i] = invalidCharForNumber
+	}
+	for i := int8('0'); i <= int8('9'); i++ {
+		intDigits[i] = i - int8('0')
+	}
+}
+
+// ReadUint read uint
+func (iter *Iterator) ReadUint() uint {
+	if strconv.IntSize == 32 {
+		return uint(iter.ReadUint32())
+	}
+	return uint(iter.ReadUint64())
+}
+
+// ReadInt read int
+func (iter *Iterator) ReadInt() int {
+	if strconv.IntSize == 32 {
+		return int(iter.ReadInt32())
+	}
+	return int(iter.ReadInt64())
+}
+
+// ReadInt8 read int8
+func (iter *Iterator) ReadInt8() (ret int8) {
+	c := iter.nextToken()
+	if c == '-' {
+		val := iter.readUint32(iter.readByte())
+		if val > math.MaxInt8+1 {
+			iter.ReportError("ReadInt8", "overflow: "+strconv.FormatInt(int64(val), 10))
+			return
+		}
+		return -int8(val)
+	}
+	val := iter.readUint32(c)
+	if val > math.MaxInt8 {
+		iter.ReportError("ReadInt8", "overflow: "+strconv.FormatInt(int64(val), 10))
+		return
+	}
+	return int8(val)
+}
+
+// ReadUint8 read uint8
+func (iter *Iterator) ReadUint8() (ret uint8) {
+	val := iter.readUint32(iter.nextToken())
+	if val > math.MaxUint8 {
+		iter.ReportError("ReadUint8", "overflow: "+strconv.FormatInt(int64(val), 10))
+		return
+	}
+	return uint8(val)
+}
+
+// ReadInt16 read int16
+func (iter *Iterator) ReadInt16() (ret int16) {
+	c := iter.nextToken()
+	if c == '-' {
+		val := iter.readUint32(iter.readByte())
+		if val > math.MaxInt16+1 {
+			iter.ReportError("ReadInt16", "overflow: "+strconv.FormatInt(int64(val), 10))
+			return
+		}
+		return -int16(val)
+	}
+	val := iter.readUint32(c)
+	if val > math.MaxInt16 {
+		iter.ReportError("ReadInt16", "overflow: "+strconv.FormatInt(int64(val), 10))
+		return
+	}
+	return int16(val)
+}
+
+// ReadUint16 read uint16
+func (iter *Iterator) ReadUint16() (ret uint16) {
+	val := iter.readUint32(iter.nextToken())
+	if val > math.MaxUint16 {
+		iter.ReportError("ReadUint16", "overflow: "+strconv.FormatInt(int64(val), 10))
+		return
+	}
+	return uint16(val)
+}
+
+// ReadInt32 read int32
+func (iter *Iterator) ReadInt32() (ret int32) {
+	c := iter.nextToken()
+	if c == '-' {
+		val := iter.readUint32(iter.readByte())
+		if val > math.MaxInt32+1 {
+			iter.ReportError("ReadInt32", "overflow: "+strconv.FormatInt(int64(val), 10))
+			return
+		}
+		return -int32(val)
+	}
+	val := iter.readUint32(c)
+	if val > math.MaxInt32 {
+		iter.ReportError("ReadInt32", "overflow: "+strconv.FormatInt(int64(val), 10))
+		return
+	}
+	return int32(val)
+}
+
+// ReadUint32 read uint32
+func (iter *Iterator) ReadUint32() (ret uint32) {
+	return iter.readUint32(iter.nextToken())
+}
+
+func (iter *Iterator) readUint32(c byte) (ret uint32) {
+	ind := intDigits[c]
+	if ind == 0 {
+		iter.assertInteger()
+		return 0 // single zero
+	}
+	if ind == invalidCharForNumber {
+		iter.ReportError("readUint32", "unexpected character: "+string([]byte{byte(ind)}))
+		return
+	}
+	value := uint32(ind)
+	if iter.tail-iter.head > 10 {
+		i := iter.head
+		ind2 := intDigits[iter.buf[i]]
+		if ind2 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value
+		}
+		i++
+		ind3 := intDigits[iter.buf[i]]
+		if ind3 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*10 + uint32(ind2)
+		}
+		//iter.head = i + 1
+		//value = value * 100 + uint32(ind2) * 10 + uint32(ind3)
+		i++
+		ind4 := intDigits[iter.buf[i]]
+		if ind4 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*100 + uint32(ind2)*10 + uint32(ind3)
+		}
+		i++
+		ind5 := intDigits[iter.buf[i]]
+		if ind5 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*1000 + uint32(ind2)*100 + uint32(ind3)*10 + uint32(ind4)
+		}
+		i++
+		ind6 := intDigits[iter.buf[i]]
+		if ind6 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*10000 + uint32(ind2)*1000 + uint32(ind3)*100 + uint32(ind4)*10 + uint32(ind5)
+		}
+		i++
+		ind7 := intDigits[iter.buf[i]]
+		if ind7 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*100000 + uint32(ind2)*10000 + uint32(ind3)*1000 + uint32(ind4)*100 + uint32(ind5)*10 + uint32(ind6)
+		}
+		i++
+		ind8 := intDigits[iter.buf[i]]
+		if ind8 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*1000000 + uint32(ind2)*100000 + uint32(ind3)*10000 + uint32(ind4)*1000 + uint32(ind5)*100 + uint32(ind6)*10 + uint32(ind7)
+		}
+		i++
+		ind9 := intDigits[iter.buf[i]]
+		value = value*10000000 + uint32(ind2)*1000000 + uint32(ind3)*100000 + uint32(ind4)*10000 + uint32(ind5)*1000 + uint32(ind6)*100 + uint32(ind7)*10 + uint32(ind8)
+		iter.head = i
+		if ind9 == invalidCharForNumber {
+			iter.assertInteger()
+			return value
+		}
+	}
+	for {
+		for i := iter.head; i < iter.tail; i++ {
+			ind = intDigits[iter.buf[i]]
+			if ind == invalidCharForNumber {
+				iter.head = i
+				iter.assertInteger()
+				return value
+			}
+			if value > uint32SafeToMultiply10 {
+				value2 := (value << 3) + (value << 1) + uint32(ind)
+				if value2 < value {
+					iter.ReportError("readUint32", "overflow")
+					return
+				}
+				value = value2
+				continue
+			}
+			value = (value << 3) + (value << 1) + uint32(ind)
+		}
+		if !iter.loadMore() {
+			iter.assertInteger()
+			return value
+		}
+	}
+}
+
+// ReadInt64 read int64
+func (iter *Iterator) ReadInt64() (ret int64) {
+	c := iter.nextToken()
+	if c == '-' {
+		val := iter.readUint64(iter.readByte())
+		if val > math.MaxInt64+1 {
+			iter.ReportError("ReadInt64", "overflow: "+strconv.FormatUint(uint64(val), 10))
+			return
+		}
+		return -int64(val)
+	}
+	val := iter.readUint64(c)
+	if val > math.MaxInt64 {
+		iter.ReportError("ReadInt64", "overflow: "+strconv.FormatUint(uint64(val), 10))
+		return
+	}
+	return int64(val)
+}
+
+// ReadUint64 read uint64
+func (iter *Iterator) ReadUint64() uint64 {
+	return iter.readUint64(iter.nextToken())
+}
+
+func (iter *Iterator) readUint64(c byte) (ret uint64) {
+	ind := intDigits[c]
+	if ind == 0 {
+		iter.assertInteger()
+		return 0 // single zero
+	}
+	if ind == invalidCharForNumber {
+		iter.ReportError("readUint64", "unexpected character: "+string([]byte{byte(ind)}))
+		return
+	}
+	value := uint64(ind)
+	if iter.tail-iter.head > 10 {
+		i := iter.head
+		ind2 := intDigits[iter.buf[i]]
+		if ind2 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value
+		}
+		i++
+		ind3 := intDigits[iter.buf[i]]
+		if ind3 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*10 + uint64(ind2)
+		}
+		//iter.head = i + 1
+		//value = value * 100 + uint32(ind2) * 10 + uint32(ind3)
+		i++
+		ind4 := intDigits[iter.buf[i]]
+		if ind4 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*100 + uint64(ind2)*10 + uint64(ind3)
+		}
+		i++
+		ind5 := intDigits[iter.buf[i]]
+		if ind5 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*1000 + uint64(ind2)*100 + uint64(ind3)*10 + uint64(ind4)
+		}
+		i++
+		ind6 := intDigits[iter.buf[i]]
+		if ind6 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*10000 + uint64(ind2)*1000 + uint64(ind3)*100 + uint64(ind4)*10 + uint64(ind5)
+		}
+		i++
+		ind7 := intDigits[iter.buf[i]]
+		if ind7 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*100000 + uint64(ind2)*10000 + uint64(ind3)*1000 + uint64(ind4)*100 + uint64(ind5)*10 + uint64(ind6)
+		}
+		i++
+		ind8 := intDigits[iter.buf[i]]
+		if ind8 == invalidCharForNumber {
+			iter.head = i
+			iter.assertInteger()
+			return value*1000000 + uint64(ind2)*100000 + uint64(ind3)*10000 + uint64(ind4)*1000 + uint64(ind5)*100 + uint64(ind6)*10 + uint64(ind7)
+		}
+		i++
+		ind9 := intDigits[iter.buf[i]]
+		value = value*10000000 + uint64(ind2)*1000000 + uint64(ind3)*100000 + uint64(ind4)*10000 + uint64(ind5)*1000 + uint64(ind6)*100 + uint64(ind7)*10 + uint64(ind8)
+		iter.head = i
+		if ind9 == invalidCharForNumber {
+			iter.assertInteger()
+			return value
+		}
+	}
+	for {
+		for i := iter.head; i < iter.tail; i++ {
+			ind = intDigits[iter.buf[i]]
+			if ind == invalidCharForNumber {
+				iter.head = i
+				iter.assertInteger()
+				return value
+			}
+			if value > uint64SafeToMultiple10 {
+				value2 := (value << 3) + (value << 1) + uint64(ind)
+				if value2 < value {
+					iter.ReportError("readUint64", "overflow")
+					return
+				}
+				value = value2
+				continue
+			}
+			value = (value << 3) + (value << 1) + uint64(ind)
+		}
+		if !iter.loadMore() {
+			iter.assertInteger()
+			return value
+		}
+	}
+}
+
+func (iter *Iterator) assertInteger() {
+	if iter.head < len(iter.buf) && iter.buf[iter.head] == '.' {
+		iter.ReportError("assertInteger", "can not decode float as int")
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/iter_object.go b/vendor/github.com/json-iterator/go/iter_object.go
new file mode 100644
index 0000000000000..58ee89c849e7b
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter_object.go
@@ -0,0 +1,267 @@
+package jsoniter
+
+import (
+	"fmt"
+	"strings"
+)
+
+// ReadObject read one field from object.
+// If object ended, returns empty string.
+// Otherwise, returns the field name.
+func (iter *Iterator) ReadObject() (ret string) {
+	c := iter.nextToken()
+	switch c {
+	case 'n':
+		iter.skipThreeBytes('u', 'l', 'l')
+		return "" // null
+	case '{':
+		c = iter.nextToken()
+		if c == '"' {
+			iter.unreadByte()
+			field := iter.ReadString()
+			c = iter.nextToken()
+			if c != ':' {
+				iter.ReportError("ReadObject", "expect : after object field, but found "+string([]byte{c}))
+			}
+			return field
+		}
+		if c == '}' {
+			return "" // end of object
+		}
+		iter.ReportError("ReadObject", `expect " after {, but found `+string([]byte{c}))
+		return
+	case ',':
+		field := iter.ReadString()
+		c = iter.nextToken()
+		if c != ':' {
+			iter.ReportError("ReadObject", "expect : after object field, but found "+string([]byte{c}))
+		}
+		return field
+	case '}':
+		return "" // end of object
+	default:
+		iter.ReportError("ReadObject", fmt.Sprintf(`expect { or , or } or n, but found %s`, string([]byte{c})))
+		return
+	}
+}
+
+// CaseInsensitive
+func (iter *Iterator) readFieldHash() int64 {
+	hash := int64(0x811c9dc5)
+	c := iter.nextToken()
+	if c != '"' {
+		iter.ReportError("readFieldHash", `expect ", but found `+string([]byte{c}))
+		return 0
+	}
+	for {
+		for i := iter.head; i < iter.tail; i++ {
+			// require ascii string and no escape
+			b := iter.buf[i]
+			if b == '\\' {
+				iter.head = i
+				for _, b := range iter.readStringSlowPath() {
+					if 'A' <= b && b <= 'Z' && !iter.cfg.caseSensitive {
+						b += 'a' - 'A'
+					}
+					hash ^= int64(b)
+					hash *= 0x1000193
+				}
+				c = iter.nextToken()
+				if c != ':' {
+					iter.ReportError("readFieldHash", `expect :, but found `+string([]byte{c}))
+					return 0
+				}
+				return hash
+			}
+			if b == '"' {
+				iter.head = i + 1
+				c = iter.nextToken()
+				if c != ':' {
+					iter.ReportError("readFieldHash", `expect :, but found `+string([]byte{c}))
+					return 0
+				}
+				return hash
+			}
+			if 'A' <= b && b <= 'Z' && !iter.cfg.caseSensitive {
+				b += 'a' - 'A'
+			}
+			hash ^= int64(b)
+			hash *= 0x1000193
+		}
+		if !iter.loadMore() {
+			iter.ReportError("readFieldHash", `incomplete field name`)
+			return 0
+		}
+	}
+}
+
+func calcHash(str string, caseSensitive bool) int64 {
+	if !caseSensitive {
+		str = strings.ToLower(str)
+	}
+	hash := int64(0x811c9dc5)
+	for _, b := range []byte(str) {
+		hash ^= int64(b)
+		hash *= 0x1000193
+	}
+	return int64(hash)
+}
+
+// ReadObjectCB read object with callback, the key is ascii only and field name not copied
+func (iter *Iterator) ReadObjectCB(callback func(*Iterator, string) bool) bool {
+	c := iter.nextToken()
+	var field string
+	if c == '{' {
+		if !iter.incrementDepth() {
+			return false
+		}
+		c = iter.nextToken()
+		if c == '"' {
+			iter.unreadByte()
+			field = iter.ReadString()
+			c = iter.nextToken()
+			if c != ':' {
+				iter.ReportError("ReadObject", "expect : after object field, but found "+string([]byte{c}))
+			}
+			if !callback(iter, field) {
+				iter.decrementDepth()
+				return false
+			}
+			c = iter.nextToken()
+			for c == ',' {
+				field = iter.ReadString()
+				c = iter.nextToken()
+				if c != ':' {
+					iter.ReportError("ReadObject", "expect : after object field, but found "+string([]byte{c}))
+				}
+				if !callback(iter, field) {
+					iter.decrementDepth()
+					return false
+				}
+				c = iter.nextToken()
+			}
+			if c != '}' {
+				iter.ReportError("ReadObjectCB", `object not ended with }`)
+				iter.decrementDepth()
+				return false
+			}
+			return iter.decrementDepth()
+		}
+		if c == '}' {
+			return iter.decrementDepth()
+		}
+		iter.ReportError("ReadObjectCB", `expect " after {, but found `+string([]byte{c}))
+		iter.decrementDepth()
+		return false
+	}
+	if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l')
+		return true // null
+	}
+	iter.ReportError("ReadObjectCB", `expect { or n, but found `+string([]byte{c}))
+	return false
+}
+
+// ReadMapCB read map with callback, the key can be any string
+func (iter *Iterator) ReadMapCB(callback func(*Iterator, string) bool) bool {
+	c := iter.nextToken()
+	if c == '{' {
+		if !iter.incrementDepth() {
+			return false
+		}
+		c = iter.nextToken()
+		if c == '"' {
+			iter.unreadByte()
+			field := iter.ReadString()
+			if iter.nextToken() != ':' {
+				iter.ReportError("ReadMapCB", "expect : after object field, but found "+string([]byte{c}))
+				iter.decrementDepth()
+				return false
+			}
+			if !callback(iter, field) {
+				iter.decrementDepth()
+				return false
+			}
+			c = iter.nextToken()
+			for c == ',' {
+				field = iter.ReadString()
+				if iter.nextToken() != ':' {
+					iter.ReportError("ReadMapCB", "expect : after object field, but found "+string([]byte{c}))
+					iter.decrementDepth()
+					return false
+				}
+				if !callback(iter, field) {
+					iter.decrementDepth()
+					return false
+				}
+				c = iter.nextToken()
+			}
+			if c != '}' {
+				iter.ReportError("ReadMapCB", `object not ended with }`)
+				iter.decrementDepth()
+				return false
+			}
+			return iter.decrementDepth()
+		}
+		if c == '}' {
+			return iter.decrementDepth()
+		}
+		iter.ReportError("ReadMapCB", `expect " after {, but found `+string([]byte{c}))
+		iter.decrementDepth()
+		return false
+	}
+	if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l')
+		return true // null
+	}
+	iter.ReportError("ReadMapCB", `expect { or n, but found `+string([]byte{c}))
+	return false
+}
+
+func (iter *Iterator) readObjectStart() bool {
+	c := iter.nextToken()
+	if c == '{' {
+		c = iter.nextToken()
+		if c == '}' {
+			return false
+		}
+		iter.unreadByte()
+		return true
+	} else if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l')
+		return false
+	}
+	iter.ReportError("readObjectStart", "expect { or n, but found "+string([]byte{c}))
+	return false
+}
+
+func (iter *Iterator) readObjectFieldAsBytes() (ret []byte) {
+	str := iter.ReadStringAsSlice()
+	if iter.skipWhitespacesWithoutLoadMore() {
+		if ret == nil {
+			ret = make([]byte, len(str))
+			copy(ret, str)
+		}
+		if !iter.loadMore() {
+			return
+		}
+	}
+	if iter.buf[iter.head] != ':' {
+		iter.ReportError("readObjectFieldAsBytes", "expect : after object field, but found "+string([]byte{iter.buf[iter.head]}))
+		return
+	}
+	iter.head++
+	if iter.skipWhitespacesWithoutLoadMore() {
+		if ret == nil {
+			ret = make([]byte, len(str))
+			copy(ret, str)
+		}
+		if !iter.loadMore() {
+			return
+		}
+	}
+	if ret == nil {
+		return str
+	}
+	return ret
+}
diff --git a/vendor/github.com/json-iterator/go/iter_skip.go b/vendor/github.com/json-iterator/go/iter_skip.go
new file mode 100644
index 0000000000000..e91eefb15becf
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter_skip.go
@@ -0,0 +1,130 @@
+package jsoniter
+
+import "fmt"
+
+// ReadNil reads a json object as nil and
+// returns whether it's a nil or not
+func (iter *Iterator) ReadNil() (ret bool) {
+	c := iter.nextToken()
+	if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l') // null
+		return true
+	}
+	iter.unreadByte()
+	return false
+}
+
+// ReadBool reads a json object as BoolValue
+func (iter *Iterator) ReadBool() (ret bool) {
+	c := iter.nextToken()
+	if c == 't' {
+		iter.skipThreeBytes('r', 'u', 'e')
+		return true
+	}
+	if c == 'f' {
+		iter.skipFourBytes('a', 'l', 's', 'e')
+		return false
+	}
+	iter.ReportError("ReadBool", "expect t or f, but found "+string([]byte{c}))
+	return
+}
+
+// SkipAndReturnBytes skip next JSON element, and return its content as []byte.
+// The []byte can be kept, it is a copy of data.
+func (iter *Iterator) SkipAndReturnBytes() []byte {
+	iter.startCapture(iter.head)
+	iter.Skip()
+	return iter.stopCapture()
+}
+
+// SkipAndAppendBytes skips next JSON element and appends its content to
+// buffer, returning the result.
+func (iter *Iterator) SkipAndAppendBytes(buf []byte) []byte {
+	iter.startCaptureTo(buf, iter.head)
+	iter.Skip()
+	return iter.stopCapture()
+}
+
+func (iter *Iterator) startCaptureTo(buf []byte, captureStartedAt int) {
+	if iter.captured != nil {
+		panic("already in capture mode")
+	}
+	iter.captureStartedAt = captureStartedAt
+	iter.captured = buf
+}
+
+func (iter *Iterator) startCapture(captureStartedAt int) {
+	iter.startCaptureTo(make([]byte, 0, 32), captureStartedAt)
+}
+
+func (iter *Iterator) stopCapture() []byte {
+	if iter.captured == nil {
+		panic("not in capture mode")
+	}
+	captured := iter.captured
+	remaining := iter.buf[iter.captureStartedAt:iter.head]
+	iter.captureStartedAt = -1
+	iter.captured = nil
+	return append(captured, remaining...)
+}
+
+// Skip skips a json object and positions to relatively the next json object
+func (iter *Iterator) Skip() {
+	c := iter.nextToken()
+	switch c {
+	case '"':
+		iter.skipString()
+	case 'n':
+		iter.skipThreeBytes('u', 'l', 'l') // null
+	case 't':
+		iter.skipThreeBytes('r', 'u', 'e') // true
+	case 'f':
+		iter.skipFourBytes('a', 'l', 's', 'e') // false
+	case '0':
+		iter.unreadByte()
+		iter.ReadFloat32()
+	case '-', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+		iter.skipNumber()
+	case '[':
+		iter.skipArray()
+	case '{':
+		iter.skipObject()
+	default:
+		iter.ReportError("Skip", fmt.Sprintf("do not know how to skip: %v", c))
+		return
+	}
+}
+
+func (iter *Iterator) skipFourBytes(b1, b2, b3, b4 byte) {
+	if iter.readByte() != b1 {
+		iter.ReportError("skipFourBytes", fmt.Sprintf("expect %s", string([]byte{b1, b2, b3, b4})))
+		return
+	}
+	if iter.readByte() != b2 {
+		iter.ReportError("skipFourBytes", fmt.Sprintf("expect %s", string([]byte{b1, b2, b3, b4})))
+		return
+	}
+	if iter.readByte() != b3 {
+		iter.ReportError("skipFourBytes", fmt.Sprintf("expect %s", string([]byte{b1, b2, b3, b4})))
+		return
+	}
+	if iter.readByte() != b4 {
+		iter.ReportError("skipFourBytes", fmt.Sprintf("expect %s", string([]byte{b1, b2, b3, b4})))
+		return
+	}
+}
+
+func (iter *Iterator) skipThreeBytes(b1, b2, b3 byte) {
+	if iter.readByte() != b1 {
+		iter.ReportError("skipThreeBytes", fmt.Sprintf("expect %s", string([]byte{b1, b2, b3})))
+		return
+	}
+	if iter.readByte() != b2 {
+		iter.ReportError("skipThreeBytes", fmt.Sprintf("expect %s", string([]byte{b1, b2, b3})))
+		return
+	}
+	if iter.readByte() != b3 {
+		iter.ReportError("skipThreeBytes", fmt.Sprintf("expect %s", string([]byte{b1, b2, b3})))
+		return
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/iter_skip_sloppy.go b/vendor/github.com/json-iterator/go/iter_skip_sloppy.go
new file mode 100644
index 0000000000000..9303de41e4005
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter_skip_sloppy.go
@@ -0,0 +1,163 @@
+//+build jsoniter_sloppy
+
+package jsoniter
+
+// sloppy but faster implementation, do not validate the input json
+
+func (iter *Iterator) skipNumber() {
+	for {
+		for i := iter.head; i < iter.tail; i++ {
+			c := iter.buf[i]
+			switch c {
+			case ' ', '\n', '\r', '\t', ',', '}', ']':
+				iter.head = i
+				return
+			}
+		}
+		if !iter.loadMore() {
+			return
+		}
+	}
+}
+
+func (iter *Iterator) skipArray() {
+	level := 1
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		for i := iter.head; i < iter.tail; i++ {
+			switch iter.buf[i] {
+			case '"': // If inside string, skip it
+				iter.head = i + 1
+				iter.skipString()
+				i = iter.head - 1 // it will be i++ soon
+			case '[': // If open symbol, increase level
+				level++
+				if !iter.incrementDepth() {
+					return
+				}
+			case ']': // If close symbol, increase level
+				level--
+				if !iter.decrementDepth() {
+					return
+				}
+
+				// If we have returned to the original level, we're done
+				if level == 0 {
+					iter.head = i + 1
+					return
+				}
+			}
+		}
+		if !iter.loadMore() {
+			iter.ReportError("skipObject", "incomplete array")
+			return
+		}
+	}
+}
+
+func (iter *Iterator) skipObject() {
+	level := 1
+	if !iter.incrementDepth() {
+		return
+	}
+
+	for {
+		for i := iter.head; i < iter.tail; i++ {
+			switch iter.buf[i] {
+			case '"': // If inside string, skip it
+				iter.head = i + 1
+				iter.skipString()
+				i = iter.head - 1 // it will be i++ soon
+			case '{': // If open symbol, increase level
+				level++
+				if !iter.incrementDepth() {
+					return
+				}
+			case '}': // If close symbol, increase level
+				level--
+				if !iter.decrementDepth() {
+					return
+				}
+
+				// If we have returned to the original level, we're done
+				if level == 0 {
+					iter.head = i + 1
+					return
+				}
+			}
+		}
+		if !iter.loadMore() {
+			iter.ReportError("skipObject", "incomplete object")
+			return
+		}
+	}
+}
+
+func (iter *Iterator) skipString() {
+	for {
+		end, escaped := iter.findStringEnd()
+		if end == -1 {
+			if !iter.loadMore() {
+				iter.ReportError("skipString", "incomplete string")
+				return
+			}
+			if escaped {
+				iter.head = 1 // skip the first char as last char read is \
+			}
+		} else {
+			iter.head = end
+			return
+		}
+	}
+}
+
+// adapted from: https://github.com/buger/jsonparser/blob/master/parser.go
+// Tries to find the end of string
+// Support if string contains escaped quote symbols.
+func (iter *Iterator) findStringEnd() (int, bool) {
+	escaped := false
+	for i := iter.head; i < iter.tail; i++ {
+		c := iter.buf[i]
+		if c == '"' {
+			if !escaped {
+				return i + 1, false
+			}
+			j := i - 1
+			for {
+				if j < iter.head || iter.buf[j] != '\\' {
+					// even number of backslashes
+					// either end of buffer, or " found
+					return i + 1, true
+				}
+				j--
+				if j < iter.head || iter.buf[j] != '\\' {
+					// odd number of backslashes
+					// it is \" or \\\"
+					break
+				}
+				j--
+			}
+		} else if c == '\\' {
+			escaped = true
+		}
+	}
+	j := iter.tail - 1
+	for {
+		if j < iter.head || iter.buf[j] != '\\' {
+			// even number of backslashes
+			// either end of buffer, or " found
+			return -1, false // do not end with \
+		}
+		j--
+		if j < iter.head || iter.buf[j] != '\\' {
+			// odd number of backslashes
+			// it is \" or \\\"
+			break
+		}
+		j--
+
+	}
+	return -1, true // end with \
+}
diff --git a/vendor/github.com/json-iterator/go/iter_skip_strict.go b/vendor/github.com/json-iterator/go/iter_skip_strict.go
new file mode 100644
index 0000000000000..6cf66d0438dbe
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter_skip_strict.go
@@ -0,0 +1,99 @@
+//+build !jsoniter_sloppy
+
+package jsoniter
+
+import (
+	"fmt"
+	"io"
+)
+
+func (iter *Iterator) skipNumber() {
+	if !iter.trySkipNumber() {
+		iter.unreadByte()
+		if iter.Error != nil && iter.Error != io.EOF {
+			return
+		}
+		iter.ReadFloat64()
+		if iter.Error != nil && iter.Error != io.EOF {
+			iter.Error = nil
+			iter.ReadBigFloat()
+		}
+	}
+}
+
+func (iter *Iterator) trySkipNumber() bool {
+	dotFound := false
+	for i := iter.head; i < iter.tail; i++ {
+		c := iter.buf[i]
+		switch c {
+		case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+		case '.':
+			if dotFound {
+				iter.ReportError("validateNumber", `more than one dot found in number`)
+				return true // already failed
+			}
+			if i+1 == iter.tail {
+				return false
+			}
+			c = iter.buf[i+1]
+			switch c {
+			case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			default:
+				iter.ReportError("validateNumber", `missing digit after dot`)
+				return true // already failed
+			}
+			dotFound = true
+		default:
+			switch c {
+			case ',', ']', '}', ' ', '\t', '\n', '\r':
+				if iter.head == i {
+					return false // if - without following digits
+				}
+				iter.head = i
+				return true // must be valid
+			}
+			return false // may be invalid
+		}
+	}
+	return false
+}
+
+func (iter *Iterator) skipString() {
+	if !iter.trySkipString() {
+		iter.unreadByte()
+		iter.ReadString()
+	}
+}
+
+func (iter *Iterator) trySkipString() bool {
+	for i := iter.head; i < iter.tail; i++ {
+		c := iter.buf[i]
+		if c == '"' {
+			iter.head = i + 1
+			return true // valid
+		} else if c == '\\' {
+			return false
+		} else if c < ' ' {
+			iter.ReportError("trySkipString",
+				fmt.Sprintf(`invalid control character found: %d`, c))
+			return true // already failed
+		}
+	}
+	return false
+}
+
+func (iter *Iterator) skipObject() {
+	iter.unreadByte()
+	iter.ReadObjectCB(func(iter *Iterator, field string) bool {
+		iter.Skip()
+		return true
+	})
+}
+
+func (iter *Iterator) skipArray() {
+	iter.unreadByte()
+	iter.ReadArrayCB(func(iter *Iterator) bool {
+		iter.Skip()
+		return true
+	})
+}
diff --git a/vendor/github.com/json-iterator/go/iter_str.go b/vendor/github.com/json-iterator/go/iter_str.go
new file mode 100644
index 0000000000000..adc487ea80483
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/iter_str.go
@@ -0,0 +1,215 @@
+package jsoniter
+
+import (
+	"fmt"
+	"unicode/utf16"
+)
+
+// ReadString read string from iterator
+func (iter *Iterator) ReadString() (ret string) {
+	c := iter.nextToken()
+	if c == '"' {
+		for i := iter.head; i < iter.tail; i++ {
+			c := iter.buf[i]
+			if c == '"' {
+				ret = string(iter.buf[iter.head:i])
+				iter.head = i + 1
+				return ret
+			} else if c == '\\' {
+				break
+			} else if c < ' ' {
+				iter.ReportError("ReadString",
+					fmt.Sprintf(`invalid control character found: %d`, c))
+				return
+			}
+		}
+		return iter.readStringSlowPath()
+	} else if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l')
+		return ""
+	}
+	iter.ReportError("ReadString", `expects " or n, but found `+string([]byte{c}))
+	return
+}
+
+func (iter *Iterator) readStringSlowPath() (ret string) {
+	var str []byte
+	var c byte
+	for iter.Error == nil {
+		c = iter.readByte()
+		if c == '"' {
+			return string(str)
+		}
+		if c == '\\' {
+			c = iter.readByte()
+			str = iter.readEscapedChar(c, str)
+		} else {
+			str = append(str, c)
+		}
+	}
+	iter.ReportError("readStringSlowPath", "unexpected end of input")
+	return
+}
+
+func (iter *Iterator) readEscapedChar(c byte, str []byte) []byte {
+	switch c {
+	case 'u':
+		r := iter.readU4()
+		if utf16.IsSurrogate(r) {
+			c = iter.readByte()
+			if iter.Error != nil {
+				return nil
+			}
+			if c != '\\' {
+				iter.unreadByte()
+				str = appendRune(str, r)
+				return str
+			}
+			c = iter.readByte()
+			if iter.Error != nil {
+				return nil
+			}
+			if c != 'u' {
+				str = appendRune(str, r)
+				return iter.readEscapedChar(c, str)
+			}
+			r2 := iter.readU4()
+			if iter.Error != nil {
+				return nil
+			}
+			combined := utf16.DecodeRune(r, r2)
+			if combined == '\uFFFD' {
+				str = appendRune(str, r)
+				str = appendRune(str, r2)
+			} else {
+				str = appendRune(str, combined)
+			}
+		} else {
+			str = appendRune(str, r)
+		}
+	case '"':
+		str = append(str, '"')
+	case '\\':
+		str = append(str, '\\')
+	case '/':
+		str = append(str, '/')
+	case 'b':
+		str = append(str, '\b')
+	case 'f':
+		str = append(str, '\f')
+	case 'n':
+		str = append(str, '\n')
+	case 'r':
+		str = append(str, '\r')
+	case 't':
+		str = append(str, '\t')
+	default:
+		iter.ReportError("readEscapedChar",
+			`invalid escape char after \`)
+		return nil
+	}
+	return str
+}
+
+// ReadStringAsSlice read string from iterator without copying into string form.
+// The []byte can not be kept, as it will change after next iterator call.
+func (iter *Iterator) ReadStringAsSlice() (ret []byte) {
+	c := iter.nextToken()
+	if c == '"' {
+		for i := iter.head; i < iter.tail; i++ {
+			// require ascii string and no escape
+			// for: field name, base64, number
+			if iter.buf[i] == '"' {
+				// fast path: reuse the underlying buffer
+				ret = iter.buf[iter.head:i]
+				iter.head = i + 1
+				return ret
+			}
+		}
+		readLen := iter.tail - iter.head
+		copied := make([]byte, readLen, readLen*2)
+		copy(copied, iter.buf[iter.head:iter.tail])
+		iter.head = iter.tail
+		for iter.Error == nil {
+			c := iter.readByte()
+			if c == '"' {
+				return copied
+			}
+			copied = append(copied, c)
+		}
+		return copied
+	}
+	iter.ReportError("ReadStringAsSlice", `expects " or n, but found `+string([]byte{c}))
+	return
+}
+
+func (iter *Iterator) readU4() (ret rune) {
+	for i := 0; i < 4; i++ {
+		c := iter.readByte()
+		if iter.Error != nil {
+			return
+		}
+		if c >= '0' && c <= '9' {
+			ret = ret*16 + rune(c-'0')
+		} else if c >= 'a' && c <= 'f' {
+			ret = ret*16 + rune(c-'a'+10)
+		} else if c >= 'A' && c <= 'F' {
+			ret = ret*16 + rune(c-'A'+10)
+		} else {
+			iter.ReportError("readU4", "expects 0~9 or a~f, but found "+string([]byte{c}))
+			return
+		}
+	}
+	return ret
+}
+
+const (
+	t1 = 0x00 // 0000 0000
+	tx = 0x80 // 1000 0000
+	t2 = 0xC0 // 1100 0000
+	t3 = 0xE0 // 1110 0000
+	t4 = 0xF0 // 1111 0000
+	t5 = 0xF8 // 1111 1000
+
+	maskx = 0x3F // 0011 1111
+	mask2 = 0x1F // 0001 1111
+	mask3 = 0x0F // 0000 1111
+	mask4 = 0x07 // 0000 0111
+
+	rune1Max = 1<<7 - 1
+	rune2Max = 1<<11 - 1
+	rune3Max = 1<<16 - 1
+
+	surrogateMin = 0xD800
+	surrogateMax = 0xDFFF
+
+	maxRune   = '\U0010FFFF' // Maximum valid Unicode code point.
+	runeError = '\uFFFD'     // the "error" Rune or "Unicode replacement character"
+)
+
+func appendRune(p []byte, r rune) []byte {
+	// Negative values are erroneous. Making it unsigned addresses the problem.
+	switch i := uint32(r); {
+	case i <= rune1Max:
+		p = append(p, byte(r))
+		return p
+	case i <= rune2Max:
+		p = append(p, t2|byte(r>>6))
+		p = append(p, tx|byte(r)&maskx)
+		return p
+	case i > maxRune, surrogateMin <= i && i <= surrogateMax:
+		r = runeError
+		fallthrough
+	case i <= rune3Max:
+		p = append(p, t3|byte(r>>12))
+		p = append(p, tx|byte(r>>6)&maskx)
+		p = append(p, tx|byte(r)&maskx)
+		return p
+	default:
+		p = append(p, t4|byte(r>>18))
+		p = append(p, tx|byte(r>>12)&maskx)
+		p = append(p, tx|byte(r>>6)&maskx)
+		p = append(p, tx|byte(r)&maskx)
+		return p
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/jsoniter.go b/vendor/github.com/json-iterator/go/jsoniter.go
new file mode 100644
index 0000000000000..c2934f916eb30
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/jsoniter.go
@@ -0,0 +1,18 @@
+// Package jsoniter implements encoding and decoding of JSON as defined in
+// RFC 4627 and provides interfaces with identical syntax of standard lib encoding/json.
+// Converting from encoding/json to jsoniter is no more than replacing the package with jsoniter
+// and variable type declarations (if any).
+// jsoniter interfaces gives 100% compatibility with code using standard lib.
+//
+// "JSON and Go"
+// (https://golang.org/doc/articles/json_and_go.html)
+// gives a description of how Marshal/Unmarshal operate
+// between arbitrary or predefined json objects and bytes,
+// and it applies to jsoniter.Marshal/Unmarshal as well.
+//
+// Besides, jsoniter.Iterator provides a different set of interfaces
+// iterating given bytes/string/reader
+// and yielding parsed elements one by one.
+// This set of interfaces reads input as required and gives
+// better performance.
+package jsoniter
diff --git a/vendor/github.com/json-iterator/go/pool.go b/vendor/github.com/json-iterator/go/pool.go
new file mode 100644
index 0000000000000..e2389b56cfff3
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/pool.go
@@ -0,0 +1,42 @@
+package jsoniter
+
+import (
+	"io"
+)
+
+// IteratorPool a thread safe pool of iterators with same configuration
+type IteratorPool interface {
+	BorrowIterator(data []byte) *Iterator
+	ReturnIterator(iter *Iterator)
+}
+
+// StreamPool a thread safe pool of streams with same configuration
+type StreamPool interface {
+	BorrowStream(writer io.Writer) *Stream
+	ReturnStream(stream *Stream)
+}
+
+func (cfg *frozenConfig) BorrowStream(writer io.Writer) *Stream {
+	stream := cfg.streamPool.Get().(*Stream)
+	stream.Reset(writer)
+	return stream
+}
+
+func (cfg *frozenConfig) ReturnStream(stream *Stream) {
+	stream.out = nil
+	stream.Error = nil
+	stream.Attachment = nil
+	cfg.streamPool.Put(stream)
+}
+
+func (cfg *frozenConfig) BorrowIterator(data []byte) *Iterator {
+	iter := cfg.iteratorPool.Get().(*Iterator)
+	iter.ResetBytes(data)
+	return iter
+}
+
+func (cfg *frozenConfig) ReturnIterator(iter *Iterator) {
+	iter.Error = nil
+	iter.Attachment = nil
+	cfg.iteratorPool.Put(iter)
+}
diff --git a/vendor/github.com/json-iterator/go/reflect.go b/vendor/github.com/json-iterator/go/reflect.go
new file mode 100644
index 0000000000000..74974ba74b067
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect.go
@@ -0,0 +1,337 @@
+package jsoniter
+
+import (
+	"fmt"
+	"reflect"
+	"unsafe"
+
+	"github.com/modern-go/reflect2"
+)
+
+// ValDecoder is an internal type registered to cache as needed.
+// Don't confuse jsoniter.ValDecoder with json.Decoder.
+// For json.Decoder's adapter, refer to jsoniter.AdapterDecoder(todo link).
+//
+// Reflection on type to create decoders, which is then cached
+// Reflection on value is avoided as we can, as the reflect.Value itself will allocate, with following exceptions
+// 1. create instance of new value, for example *int will need a int to be allocated
+// 2. append to slice, if the existing cap is not enough, allocate will be done using Reflect.New
+// 3. assignment to map, both key and value will be reflect.Value
+// For a simple struct binding, it will be reflect.Value free and allocation free
+type ValDecoder interface {
+	Decode(ptr unsafe.Pointer, iter *Iterator)
+}
+
+// ValEncoder is an internal type registered to cache as needed.
+// Don't confuse jsoniter.ValEncoder with json.Encoder.
+// For json.Encoder's adapter, refer to jsoniter.AdapterEncoder(todo godoc link).
+type ValEncoder interface {
+	IsEmpty(ptr unsafe.Pointer) bool
+	Encode(ptr unsafe.Pointer, stream *Stream)
+}
+
+type checkIsEmpty interface {
+	IsEmpty(ptr unsafe.Pointer) bool
+}
+
+type ctx struct {
+	*frozenConfig
+	prefix   string
+	encoders map[reflect2.Type]ValEncoder
+	decoders map[reflect2.Type]ValDecoder
+}
+
+func (b *ctx) caseSensitive() bool {
+	if b.frozenConfig == nil {
+		// default is case-insensitive
+		return false
+	}
+	return b.frozenConfig.caseSensitive
+}
+
+func (b *ctx) append(prefix string) *ctx {
+	return &ctx{
+		frozenConfig: b.frozenConfig,
+		prefix:       b.prefix + " " + prefix,
+		encoders:     b.encoders,
+		decoders:     b.decoders,
+	}
+}
+
+// ReadVal copy the underlying JSON into go interface, same as json.Unmarshal
+func (iter *Iterator) ReadVal(obj interface{}) {
+	depth := iter.depth
+	cacheKey := reflect2.RTypeOf(obj)
+	decoder := iter.cfg.getDecoderFromCache(cacheKey)
+	if decoder == nil {
+		typ := reflect2.TypeOf(obj)
+		if typ.Kind() != reflect.Ptr {
+			iter.ReportError("ReadVal", "can only unmarshal into pointer")
+			return
+		}
+		decoder = iter.cfg.DecoderOf(typ)
+	}
+	ptr := reflect2.PtrOf(obj)
+	if ptr == nil {
+		iter.ReportError("ReadVal", "can not read into nil pointer")
+		return
+	}
+	decoder.Decode(ptr, iter)
+	if iter.depth != depth {
+		iter.ReportError("ReadVal", "unexpected mismatched nesting")
+		return
+	}
+}
+
+// WriteVal copy the go interface into underlying JSON, same as json.Marshal
+func (stream *Stream) WriteVal(val interface{}) {
+	if nil == val {
+		stream.WriteNil()
+		return
+	}
+	cacheKey := reflect2.RTypeOf(val)
+	encoder := stream.cfg.getEncoderFromCache(cacheKey)
+	if encoder == nil {
+		typ := reflect2.TypeOf(val)
+		encoder = stream.cfg.EncoderOf(typ)
+	}
+	encoder.Encode(reflect2.PtrOf(val), stream)
+}
+
+func (cfg *frozenConfig) DecoderOf(typ reflect2.Type) ValDecoder {
+	cacheKey := typ.RType()
+	decoder := cfg.getDecoderFromCache(cacheKey)
+	if decoder != nil {
+		return decoder
+	}
+	ctx := &ctx{
+		frozenConfig: cfg,
+		prefix:       "",
+		decoders:     map[reflect2.Type]ValDecoder{},
+		encoders:     map[reflect2.Type]ValEncoder{},
+	}
+	ptrType := typ.(*reflect2.UnsafePtrType)
+	decoder = decoderOfType(ctx, ptrType.Elem())
+	cfg.addDecoderToCache(cacheKey, decoder)
+	return decoder
+}
+
+func decoderOfType(ctx *ctx, typ reflect2.Type) ValDecoder {
+	decoder := getTypeDecoderFromExtension(ctx, typ)
+	if decoder != nil {
+		return decoder
+	}
+	decoder = createDecoderOfType(ctx, typ)
+	for _, extension := range extensions {
+		decoder = extension.DecorateDecoder(typ, decoder)
+	}
+	decoder = ctx.decoderExtension.DecorateDecoder(typ, decoder)
+	for _, extension := range ctx.extraExtensions {
+		decoder = extension.DecorateDecoder(typ, decoder)
+	}
+	return decoder
+}
+
+func createDecoderOfType(ctx *ctx, typ reflect2.Type) ValDecoder {
+	decoder := ctx.decoders[typ]
+	if decoder != nil {
+		return decoder
+	}
+	placeholder := &placeholderDecoder{}
+	ctx.decoders[typ] = placeholder
+	decoder = _createDecoderOfType(ctx, typ)
+	placeholder.decoder = decoder
+	return decoder
+}
+
+func _createDecoderOfType(ctx *ctx, typ reflect2.Type) ValDecoder {
+	decoder := createDecoderOfJsonRawMessage(ctx, typ)
+	if decoder != nil {
+		return decoder
+	}
+	decoder = createDecoderOfJsonNumber(ctx, typ)
+	if decoder != nil {
+		return decoder
+	}
+	decoder = createDecoderOfMarshaler(ctx, typ)
+	if decoder != nil {
+		return decoder
+	}
+	decoder = createDecoderOfAny(ctx, typ)
+	if decoder != nil {
+		return decoder
+	}
+	decoder = createDecoderOfNative(ctx, typ)
+	if decoder != nil {
+		return decoder
+	}
+	switch typ.Kind() {
+	case reflect.Interface:
+		ifaceType, isIFace := typ.(*reflect2.UnsafeIFaceType)
+		if isIFace {
+			return &ifaceDecoder{valType: ifaceType}
+		}
+		return &efaceDecoder{}
+	case reflect.Struct:
+		return decoderOfStruct(ctx, typ)
+	case reflect.Array:
+		return decoderOfArray(ctx, typ)
+	case reflect.Slice:
+		return decoderOfSlice(ctx, typ)
+	case reflect.Map:
+		return decoderOfMap(ctx, typ)
+	case reflect.Ptr:
+		return decoderOfOptional(ctx, typ)
+	default:
+		return &lazyErrorDecoder{err: fmt.Errorf("%s%s is unsupported type", ctx.prefix, typ.String())}
+	}
+}
+
+func (cfg *frozenConfig) EncoderOf(typ reflect2.Type) ValEncoder {
+	cacheKey := typ.RType()
+	encoder := cfg.getEncoderFromCache(cacheKey)
+	if encoder != nil {
+		return encoder
+	}
+	ctx := &ctx{
+		frozenConfig: cfg,
+		prefix:       "",
+		decoders:     map[reflect2.Type]ValDecoder{},
+		encoders:     map[reflect2.Type]ValEncoder{},
+	}
+	encoder = encoderOfType(ctx, typ)
+	if typ.LikePtr() {
+		encoder = &onePtrEncoder{encoder}
+	}
+	cfg.addEncoderToCache(cacheKey, encoder)
+	return encoder
+}
+
+type onePtrEncoder struct {
+	encoder ValEncoder
+}
+
+func (encoder *onePtrEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.encoder.IsEmpty(unsafe.Pointer(&ptr))
+}
+
+func (encoder *onePtrEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	encoder.encoder.Encode(unsafe.Pointer(&ptr), stream)
+}
+
+func encoderOfType(ctx *ctx, typ reflect2.Type) ValEncoder {
+	encoder := getTypeEncoderFromExtension(ctx, typ)
+	if encoder != nil {
+		return encoder
+	}
+	encoder = createEncoderOfType(ctx, typ)
+	for _, extension := range extensions {
+		encoder = extension.DecorateEncoder(typ, encoder)
+	}
+	encoder = ctx.encoderExtension.DecorateEncoder(typ, encoder)
+	for _, extension := range ctx.extraExtensions {
+		encoder = extension.DecorateEncoder(typ, encoder)
+	}
+	return encoder
+}
+
+func createEncoderOfType(ctx *ctx, typ reflect2.Type) ValEncoder {
+	encoder := ctx.encoders[typ]
+	if encoder != nil {
+		return encoder
+	}
+	placeholder := &placeholderEncoder{}
+	ctx.encoders[typ] = placeholder
+	encoder = _createEncoderOfType(ctx, typ)
+	placeholder.encoder = encoder
+	return encoder
+}
+func _createEncoderOfType(ctx *ctx, typ reflect2.Type) ValEncoder {
+	encoder := createEncoderOfJsonRawMessage(ctx, typ)
+	if encoder != nil {
+		return encoder
+	}
+	encoder = createEncoderOfJsonNumber(ctx, typ)
+	if encoder != nil {
+		return encoder
+	}
+	encoder = createEncoderOfMarshaler(ctx, typ)
+	if encoder != nil {
+		return encoder
+	}
+	encoder = createEncoderOfAny(ctx, typ)
+	if encoder != nil {
+		return encoder
+	}
+	encoder = createEncoderOfNative(ctx, typ)
+	if encoder != nil {
+		return encoder
+	}
+	kind := typ.Kind()
+	switch kind {
+	case reflect.Interface:
+		return &dynamicEncoder{typ}
+	case reflect.Struct:
+		return encoderOfStruct(ctx, typ)
+	case reflect.Array:
+		return encoderOfArray(ctx, typ)
+	case reflect.Slice:
+		return encoderOfSlice(ctx, typ)
+	case reflect.Map:
+		return encoderOfMap(ctx, typ)
+	case reflect.Ptr:
+		return encoderOfOptional(ctx, typ)
+	default:
+		return &lazyErrorEncoder{err: fmt.Errorf("%s%s is unsupported type", ctx.prefix, typ.String())}
+	}
+}
+
+type lazyErrorDecoder struct {
+	err error
+}
+
+func (decoder *lazyErrorDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if iter.WhatIsNext() != NilValue {
+		if iter.Error == nil {
+			iter.Error = decoder.err
+		}
+	} else {
+		iter.Skip()
+	}
+}
+
+type lazyErrorEncoder struct {
+	err error
+}
+
+func (encoder *lazyErrorEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	if ptr == nil {
+		stream.WriteNil()
+	} else if stream.Error == nil {
+		stream.Error = encoder.err
+	}
+}
+
+func (encoder *lazyErrorEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return false
+}
+
+type placeholderDecoder struct {
+	decoder ValDecoder
+}
+
+func (decoder *placeholderDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	decoder.decoder.Decode(ptr, iter)
+}
+
+type placeholderEncoder struct {
+	encoder ValEncoder
+}
+
+func (encoder *placeholderEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	encoder.encoder.Encode(ptr, stream)
+}
+
+func (encoder *placeholderEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.encoder.IsEmpty(ptr)
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_array.go b/vendor/github.com/json-iterator/go/reflect_array.go
new file mode 100644
index 0000000000000..13a0b7b0878cb
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_array.go
@@ -0,0 +1,104 @@
+package jsoniter
+
+import (
+	"fmt"
+	"github.com/modern-go/reflect2"
+	"io"
+	"unsafe"
+)
+
+func decoderOfArray(ctx *ctx, typ reflect2.Type) ValDecoder {
+	arrayType := typ.(*reflect2.UnsafeArrayType)
+	decoder := decoderOfType(ctx.append("[arrayElem]"), arrayType.Elem())
+	return &arrayDecoder{arrayType, decoder}
+}
+
+func encoderOfArray(ctx *ctx, typ reflect2.Type) ValEncoder {
+	arrayType := typ.(*reflect2.UnsafeArrayType)
+	if arrayType.Len() == 0 {
+		return emptyArrayEncoder{}
+	}
+	encoder := encoderOfType(ctx.append("[arrayElem]"), arrayType.Elem())
+	return &arrayEncoder{arrayType, encoder}
+}
+
+type emptyArrayEncoder struct{}
+
+func (encoder emptyArrayEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteEmptyArray()
+}
+
+func (encoder emptyArrayEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return true
+}
+
+type arrayEncoder struct {
+	arrayType   *reflect2.UnsafeArrayType
+	elemEncoder ValEncoder
+}
+
+func (encoder *arrayEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteArrayStart()
+	elemPtr := unsafe.Pointer(ptr)
+	encoder.elemEncoder.Encode(elemPtr, stream)
+	for i := 1; i < encoder.arrayType.Len(); i++ {
+		stream.WriteMore()
+		elemPtr = encoder.arrayType.UnsafeGetIndex(ptr, i)
+		encoder.elemEncoder.Encode(elemPtr, stream)
+	}
+	stream.WriteArrayEnd()
+	if stream.Error != nil && stream.Error != io.EOF {
+		stream.Error = fmt.Errorf("%v: %s", encoder.arrayType, stream.Error.Error())
+	}
+}
+
+func (encoder *arrayEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return false
+}
+
+type arrayDecoder struct {
+	arrayType   *reflect2.UnsafeArrayType
+	elemDecoder ValDecoder
+}
+
+func (decoder *arrayDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	decoder.doDecode(ptr, iter)
+	if iter.Error != nil && iter.Error != io.EOF {
+		iter.Error = fmt.Errorf("%v: %s", decoder.arrayType, iter.Error.Error())
+	}
+}
+
+func (decoder *arrayDecoder) doDecode(ptr unsafe.Pointer, iter *Iterator) {
+	c := iter.nextToken()
+	arrayType := decoder.arrayType
+	if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l')
+		return
+	}
+	if c != '[' {
+		iter.ReportError("decode array", "expect [ or n, but found "+string([]byte{c}))
+		return
+	}
+	c = iter.nextToken()
+	if c == ']' {
+		return
+	}
+	iter.unreadByte()
+	elemPtr := arrayType.UnsafeGetIndex(ptr, 0)
+	decoder.elemDecoder.Decode(elemPtr, iter)
+	length := 1
+	for c = iter.nextToken(); c == ','; c = iter.nextToken() {
+		if length >= arrayType.Len() {
+			iter.Skip()
+			continue
+		}
+		idx := length
+		length += 1
+		elemPtr = arrayType.UnsafeGetIndex(ptr, idx)
+		decoder.elemDecoder.Decode(elemPtr, iter)
+	}
+	if c != ']' {
+		iter.ReportError("decode array", "expect ], but found "+string([]byte{c}))
+		return
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_dynamic.go b/vendor/github.com/json-iterator/go/reflect_dynamic.go
new file mode 100644
index 0000000000000..8b6bc8b433286
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_dynamic.go
@@ -0,0 +1,70 @@
+package jsoniter
+
+import (
+	"github.com/modern-go/reflect2"
+	"reflect"
+	"unsafe"
+)
+
+type dynamicEncoder struct {
+	valType reflect2.Type
+}
+
+func (encoder *dynamicEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	obj := encoder.valType.UnsafeIndirect(ptr)
+	stream.WriteVal(obj)
+}
+
+func (encoder *dynamicEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.valType.UnsafeIndirect(ptr) == nil
+}
+
+type efaceDecoder struct {
+}
+
+func (decoder *efaceDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	pObj := (*interface{})(ptr)
+	obj := *pObj
+	if obj == nil {
+		*pObj = iter.Read()
+		return
+	}
+	typ := reflect2.TypeOf(obj)
+	if typ.Kind() != reflect.Ptr {
+		*pObj = iter.Read()
+		return
+	}
+	ptrType := typ.(*reflect2.UnsafePtrType)
+	ptrElemType := ptrType.Elem()
+	if iter.WhatIsNext() == NilValue {
+		if ptrElemType.Kind() != reflect.Ptr {
+			iter.skipFourBytes('n', 'u', 'l', 'l')
+			*pObj = nil
+			return
+		}
+	}
+	if reflect2.IsNil(obj) {
+		obj := ptrElemType.New()
+		iter.ReadVal(obj)
+		*pObj = obj
+		return
+	}
+	iter.ReadVal(obj)
+}
+
+type ifaceDecoder struct {
+	valType *reflect2.UnsafeIFaceType
+}
+
+func (decoder *ifaceDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if iter.ReadNil() {
+		decoder.valType.UnsafeSet(ptr, decoder.valType.UnsafeNew())
+		return
+	}
+	obj := decoder.valType.UnsafeIndirect(ptr)
+	if reflect2.IsNil(obj) {
+		iter.ReportError("decode non empty interface", "can not unmarshal into nil")
+		return
+	}
+	iter.ReadVal(obj)
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_extension.go b/vendor/github.com/json-iterator/go/reflect_extension.go
new file mode 100644
index 0000000000000..74a97bfe5abfb
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_extension.go
@@ -0,0 +1,483 @@
+package jsoniter
+
+import (
+	"fmt"
+	"github.com/modern-go/reflect2"
+	"reflect"
+	"sort"
+	"strings"
+	"unicode"
+	"unsafe"
+)
+
+var typeDecoders = map[string]ValDecoder{}
+var fieldDecoders = map[string]ValDecoder{}
+var typeEncoders = map[string]ValEncoder{}
+var fieldEncoders = map[string]ValEncoder{}
+var extensions = []Extension{}
+
+// StructDescriptor describe how should we encode/decode the struct
+type StructDescriptor struct {
+	Type   reflect2.Type
+	Fields []*Binding
+}
+
+// GetField get one field from the descriptor by its name.
+// Can not use map here to keep field orders.
+func (structDescriptor *StructDescriptor) GetField(fieldName string) *Binding {
+	for _, binding := range structDescriptor.Fields {
+		if binding.Field.Name() == fieldName {
+			return binding
+		}
+	}
+	return nil
+}
+
+// Binding describe how should we encode/decode the struct field
+type Binding struct {
+	levels    []int
+	Field     reflect2.StructField
+	FromNames []string
+	ToNames   []string
+	Encoder   ValEncoder
+	Decoder   ValDecoder
+}
+
+// Extension the one for all SPI. Customize encoding/decoding by specifying alternate encoder/decoder.
+// Can also rename fields by UpdateStructDescriptor.
+type Extension interface {
+	UpdateStructDescriptor(structDescriptor *StructDescriptor)
+	CreateMapKeyDecoder(typ reflect2.Type) ValDecoder
+	CreateMapKeyEncoder(typ reflect2.Type) ValEncoder
+	CreateDecoder(typ reflect2.Type) ValDecoder
+	CreateEncoder(typ reflect2.Type) ValEncoder
+	DecorateDecoder(typ reflect2.Type, decoder ValDecoder) ValDecoder
+	DecorateEncoder(typ reflect2.Type, encoder ValEncoder) ValEncoder
+}
+
+// DummyExtension embed this type get dummy implementation for all methods of Extension
+type DummyExtension struct {
+}
+
+// UpdateStructDescriptor No-op
+func (extension *DummyExtension) UpdateStructDescriptor(structDescriptor *StructDescriptor) {
+}
+
+// CreateMapKeyDecoder No-op
+func (extension *DummyExtension) CreateMapKeyDecoder(typ reflect2.Type) ValDecoder {
+	return nil
+}
+
+// CreateMapKeyEncoder No-op
+func (extension *DummyExtension) CreateMapKeyEncoder(typ reflect2.Type) ValEncoder {
+	return nil
+}
+
+// CreateDecoder No-op
+func (extension *DummyExtension) CreateDecoder(typ reflect2.Type) ValDecoder {
+	return nil
+}
+
+// CreateEncoder No-op
+func (extension *DummyExtension) CreateEncoder(typ reflect2.Type) ValEncoder {
+	return nil
+}
+
+// DecorateDecoder No-op
+func (extension *DummyExtension) DecorateDecoder(typ reflect2.Type, decoder ValDecoder) ValDecoder {
+	return decoder
+}
+
+// DecorateEncoder No-op
+func (extension *DummyExtension) DecorateEncoder(typ reflect2.Type, encoder ValEncoder) ValEncoder {
+	return encoder
+}
+
+type EncoderExtension map[reflect2.Type]ValEncoder
+
+// UpdateStructDescriptor No-op
+func (extension EncoderExtension) UpdateStructDescriptor(structDescriptor *StructDescriptor) {
+}
+
+// CreateDecoder No-op
+func (extension EncoderExtension) CreateDecoder(typ reflect2.Type) ValDecoder {
+	return nil
+}
+
+// CreateEncoder get encoder from map
+func (extension EncoderExtension) CreateEncoder(typ reflect2.Type) ValEncoder {
+	return extension[typ]
+}
+
+// CreateMapKeyDecoder No-op
+func (extension EncoderExtension) CreateMapKeyDecoder(typ reflect2.Type) ValDecoder {
+	return nil
+}
+
+// CreateMapKeyEncoder No-op
+func (extension EncoderExtension) CreateMapKeyEncoder(typ reflect2.Type) ValEncoder {
+	return nil
+}
+
+// DecorateDecoder No-op
+func (extension EncoderExtension) DecorateDecoder(typ reflect2.Type, decoder ValDecoder) ValDecoder {
+	return decoder
+}
+
+// DecorateEncoder No-op
+func (extension EncoderExtension) DecorateEncoder(typ reflect2.Type, encoder ValEncoder) ValEncoder {
+	return encoder
+}
+
+type DecoderExtension map[reflect2.Type]ValDecoder
+
+// UpdateStructDescriptor No-op
+func (extension DecoderExtension) UpdateStructDescriptor(structDescriptor *StructDescriptor) {
+}
+
+// CreateMapKeyDecoder No-op
+func (extension DecoderExtension) CreateMapKeyDecoder(typ reflect2.Type) ValDecoder {
+	return nil
+}
+
+// CreateMapKeyEncoder No-op
+func (extension DecoderExtension) CreateMapKeyEncoder(typ reflect2.Type) ValEncoder {
+	return nil
+}
+
+// CreateDecoder get decoder from map
+func (extension DecoderExtension) CreateDecoder(typ reflect2.Type) ValDecoder {
+	return extension[typ]
+}
+
+// CreateEncoder No-op
+func (extension DecoderExtension) CreateEncoder(typ reflect2.Type) ValEncoder {
+	return nil
+}
+
+// DecorateDecoder No-op
+func (extension DecoderExtension) DecorateDecoder(typ reflect2.Type, decoder ValDecoder) ValDecoder {
+	return decoder
+}
+
+// DecorateEncoder No-op
+func (extension DecoderExtension) DecorateEncoder(typ reflect2.Type, encoder ValEncoder) ValEncoder {
+	return encoder
+}
+
+type funcDecoder struct {
+	fun DecoderFunc
+}
+
+func (decoder *funcDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	decoder.fun(ptr, iter)
+}
+
+type funcEncoder struct {
+	fun         EncoderFunc
+	isEmptyFunc func(ptr unsafe.Pointer) bool
+}
+
+func (encoder *funcEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	encoder.fun(ptr, stream)
+}
+
+func (encoder *funcEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	if encoder.isEmptyFunc == nil {
+		return false
+	}
+	return encoder.isEmptyFunc(ptr)
+}
+
+// DecoderFunc the function form of TypeDecoder
+type DecoderFunc func(ptr unsafe.Pointer, iter *Iterator)
+
+// EncoderFunc the function form of TypeEncoder
+type EncoderFunc func(ptr unsafe.Pointer, stream *Stream)
+
+// RegisterTypeDecoderFunc register TypeDecoder for a type with function
+func RegisterTypeDecoderFunc(typ string, fun DecoderFunc) {
+	typeDecoders[typ] = &funcDecoder{fun}
+}
+
+// RegisterTypeDecoder register TypeDecoder for a typ
+func RegisterTypeDecoder(typ string, decoder ValDecoder) {
+	typeDecoders[typ] = decoder
+}
+
+// RegisterFieldDecoderFunc register TypeDecoder for a struct field with function
+func RegisterFieldDecoderFunc(typ string, field string, fun DecoderFunc) {
+	RegisterFieldDecoder(typ, field, &funcDecoder{fun})
+}
+
+// RegisterFieldDecoder register TypeDecoder for a struct field
+func RegisterFieldDecoder(typ string, field string, decoder ValDecoder) {
+	fieldDecoders[fmt.Sprintf("%s/%s", typ, field)] = decoder
+}
+
+// RegisterTypeEncoderFunc register TypeEncoder for a type with encode/isEmpty function
+func RegisterTypeEncoderFunc(typ string, fun EncoderFunc, isEmptyFunc func(unsafe.Pointer) bool) {
+	typeEncoders[typ] = &funcEncoder{fun, isEmptyFunc}
+}
+
+// RegisterTypeEncoder register TypeEncoder for a type
+func RegisterTypeEncoder(typ string, encoder ValEncoder) {
+	typeEncoders[typ] = encoder
+}
+
+// RegisterFieldEncoderFunc register TypeEncoder for a struct field with encode/isEmpty function
+func RegisterFieldEncoderFunc(typ string, field string, fun EncoderFunc, isEmptyFunc func(unsafe.Pointer) bool) {
+	RegisterFieldEncoder(typ, field, &funcEncoder{fun, isEmptyFunc})
+}
+
+// RegisterFieldEncoder register TypeEncoder for a struct field
+func RegisterFieldEncoder(typ string, field string, encoder ValEncoder) {
+	fieldEncoders[fmt.Sprintf("%s/%s", typ, field)] = encoder
+}
+
+// RegisterExtension register extension
+func RegisterExtension(extension Extension) {
+	extensions = append(extensions, extension)
+}
+
+func getTypeDecoderFromExtension(ctx *ctx, typ reflect2.Type) ValDecoder {
+	decoder := _getTypeDecoderFromExtension(ctx, typ)
+	if decoder != nil {
+		for _, extension := range extensions {
+			decoder = extension.DecorateDecoder(typ, decoder)
+		}
+		decoder = ctx.decoderExtension.DecorateDecoder(typ, decoder)
+		for _, extension := range ctx.extraExtensions {
+			decoder = extension.DecorateDecoder(typ, decoder)
+		}
+	}
+	return decoder
+}
+func _getTypeDecoderFromExtension(ctx *ctx, typ reflect2.Type) ValDecoder {
+	for _, extension := range extensions {
+		decoder := extension.CreateDecoder(typ)
+		if decoder != nil {
+			return decoder
+		}
+	}
+	decoder := ctx.decoderExtension.CreateDecoder(typ)
+	if decoder != nil {
+		return decoder
+	}
+	for _, extension := range ctx.extraExtensions {
+		decoder := extension.CreateDecoder(typ)
+		if decoder != nil {
+			return decoder
+		}
+	}
+	typeName := typ.String()
+	decoder = typeDecoders[typeName]
+	if decoder != nil {
+		return decoder
+	}
+	if typ.Kind() == reflect.Ptr {
+		ptrType := typ.(*reflect2.UnsafePtrType)
+		decoder := typeDecoders[ptrType.Elem().String()]
+		if decoder != nil {
+			return &OptionalDecoder{ptrType.Elem(), decoder}
+		}
+	}
+	return nil
+}
+
+func getTypeEncoderFromExtension(ctx *ctx, typ reflect2.Type) ValEncoder {
+	encoder := _getTypeEncoderFromExtension(ctx, typ)
+	if encoder != nil {
+		for _, extension := range extensions {
+			encoder = extension.DecorateEncoder(typ, encoder)
+		}
+		encoder = ctx.encoderExtension.DecorateEncoder(typ, encoder)
+		for _, extension := range ctx.extraExtensions {
+			encoder = extension.DecorateEncoder(typ, encoder)
+		}
+	}
+	return encoder
+}
+
+func _getTypeEncoderFromExtension(ctx *ctx, typ reflect2.Type) ValEncoder {
+	for _, extension := range extensions {
+		encoder := extension.CreateEncoder(typ)
+		if encoder != nil {
+			return encoder
+		}
+	}
+	encoder := ctx.encoderExtension.CreateEncoder(typ)
+	if encoder != nil {
+		return encoder
+	}
+	for _, extension := range ctx.extraExtensions {
+		encoder := extension.CreateEncoder(typ)
+		if encoder != nil {
+			return encoder
+		}
+	}
+	typeName := typ.String()
+	encoder = typeEncoders[typeName]
+	if encoder != nil {
+		return encoder
+	}
+	if typ.Kind() == reflect.Ptr {
+		typePtr := typ.(*reflect2.UnsafePtrType)
+		encoder := typeEncoders[typePtr.Elem().String()]
+		if encoder != nil {
+			return &OptionalEncoder{encoder}
+		}
+	}
+	return nil
+}
+
+func describeStruct(ctx *ctx, typ reflect2.Type) *StructDescriptor {
+	structType := typ.(*reflect2.UnsafeStructType)
+	embeddedBindings := []*Binding{}
+	bindings := []*Binding{}
+	for i := 0; i < structType.NumField(); i++ {
+		field := structType.Field(i)
+		tag, hastag := field.Tag().Lookup(ctx.getTagKey())
+		if ctx.onlyTaggedField && !hastag && !field.Anonymous() {
+			continue
+		}
+		if tag == "-" || field.Name() == "_" {
+			continue
+		}
+		tagParts := strings.Split(tag, ",")
+		if field.Anonymous() && (tag == "" || tagParts[0] == "") {
+			if field.Type().Kind() == reflect.Struct {
+				structDescriptor := describeStruct(ctx, field.Type())
+				for _, binding := range structDescriptor.Fields {
+					binding.levels = append([]int{i}, binding.levels...)
+					omitempty := binding.Encoder.(*structFieldEncoder).omitempty
+					binding.Encoder = &structFieldEncoder{field, binding.Encoder, omitempty}
+					binding.Decoder = &structFieldDecoder{field, binding.Decoder}
+					embeddedBindings = append(embeddedBindings, binding)
+				}
+				continue
+			} else if field.Type().Kind() == reflect.Ptr {
+				ptrType := field.Type().(*reflect2.UnsafePtrType)
+				if ptrType.Elem().Kind() == reflect.Struct {
+					structDescriptor := describeStruct(ctx, ptrType.Elem())
+					for _, binding := range structDescriptor.Fields {
+						binding.levels = append([]int{i}, binding.levels...)
+						omitempty := binding.Encoder.(*structFieldEncoder).omitempty
+						binding.Encoder = &dereferenceEncoder{binding.Encoder}
+						binding.Encoder = &structFieldEncoder{field, binding.Encoder, omitempty}
+						binding.Decoder = &dereferenceDecoder{ptrType.Elem(), binding.Decoder}
+						binding.Decoder = &structFieldDecoder{field, binding.Decoder}
+						embeddedBindings = append(embeddedBindings, binding)
+					}
+					continue
+				}
+			}
+		}
+		fieldNames := calcFieldNames(field.Name(), tagParts[0], tag)
+		fieldCacheKey := fmt.Sprintf("%s/%s", typ.String(), field.Name())
+		decoder := fieldDecoders[fieldCacheKey]
+		if decoder == nil {
+			decoder = decoderOfType(ctx.append(field.Name()), field.Type())
+		}
+		encoder := fieldEncoders[fieldCacheKey]
+		if encoder == nil {
+			encoder = encoderOfType(ctx.append(field.Name()), field.Type())
+		}
+		binding := &Binding{
+			Field:     field,
+			FromNames: fieldNames,
+			ToNames:   fieldNames,
+			Decoder:   decoder,
+			Encoder:   encoder,
+		}
+		binding.levels = []int{i}
+		bindings = append(bindings, binding)
+	}
+	return createStructDescriptor(ctx, typ, bindings, embeddedBindings)
+}
+func createStructDescriptor(ctx *ctx, typ reflect2.Type, bindings []*Binding, embeddedBindings []*Binding) *StructDescriptor {
+	structDescriptor := &StructDescriptor{
+		Type:   typ,
+		Fields: bindings,
+	}
+	for _, extension := range extensions {
+		extension.UpdateStructDescriptor(structDescriptor)
+	}
+	ctx.encoderExtension.UpdateStructDescriptor(structDescriptor)
+	ctx.decoderExtension.UpdateStructDescriptor(structDescriptor)
+	for _, extension := range ctx.extraExtensions {
+		extension.UpdateStructDescriptor(structDescriptor)
+	}
+	processTags(structDescriptor, ctx.frozenConfig)
+	// merge normal & embedded bindings & sort with original order
+	allBindings := sortableBindings(append(embeddedBindings, structDescriptor.Fields...))
+	sort.Sort(allBindings)
+	structDescriptor.Fields = allBindings
+	return structDescriptor
+}
+
+type sortableBindings []*Binding
+
+func (bindings sortableBindings) Len() int {
+	return len(bindings)
+}
+
+func (bindings sortableBindings) Less(i, j int) bool {
+	left := bindings[i].levels
+	right := bindings[j].levels
+	k := 0
+	for {
+		if left[k] < right[k] {
+			return true
+		} else if left[k] > right[k] {
+			return false
+		}
+		k++
+	}
+}
+
+func (bindings sortableBindings) Swap(i, j int) {
+	bindings[i], bindings[j] = bindings[j], bindings[i]
+}
+
+func processTags(structDescriptor *StructDescriptor, cfg *frozenConfig) {
+	for _, binding := range structDescriptor.Fields {
+		shouldOmitEmpty := false
+		tagParts := strings.Split(binding.Field.Tag().Get(cfg.getTagKey()), ",")
+		for _, tagPart := range tagParts[1:] {
+			if tagPart == "omitempty" {
+				shouldOmitEmpty = true
+			} else if tagPart == "string" {
+				if binding.Field.Type().Kind() == reflect.String {
+					binding.Decoder = &stringModeStringDecoder{binding.Decoder, cfg}
+					binding.Encoder = &stringModeStringEncoder{binding.Encoder, cfg}
+				} else {
+					binding.Decoder = &stringModeNumberDecoder{binding.Decoder}
+					binding.Encoder = &stringModeNumberEncoder{binding.Encoder}
+				}
+			}
+		}
+		binding.Decoder = &structFieldDecoder{binding.Field, binding.Decoder}
+		binding.Encoder = &structFieldEncoder{binding.Field, binding.Encoder, shouldOmitEmpty}
+	}
+}
+
+func calcFieldNames(originalFieldName string, tagProvidedFieldName string, wholeTag string) []string {
+	// ignore?
+	if wholeTag == "-" {
+		return []string{}
+	}
+	// rename?
+	var fieldNames []string
+	if tagProvidedFieldName == "" {
+		fieldNames = []string{originalFieldName}
+	} else {
+		fieldNames = []string{tagProvidedFieldName}
+	}
+	// private?
+	isNotExported := unicode.IsLower(rune(originalFieldName[0])) || originalFieldName[0] == '_'
+	if isNotExported {
+		fieldNames = []string{}
+	}
+	return fieldNames
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_json_number.go b/vendor/github.com/json-iterator/go/reflect_json_number.go
new file mode 100644
index 0000000000000..98d45c1ec2550
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_json_number.go
@@ -0,0 +1,112 @@
+package jsoniter
+
+import (
+	"encoding/json"
+	"github.com/modern-go/reflect2"
+	"strconv"
+	"unsafe"
+)
+
+type Number string
+
+// String returns the literal text of the number.
+func (n Number) String() string { return string(n) }
+
+// Float64 returns the number as a float64.
+func (n Number) Float64() (float64, error) {
+	return strconv.ParseFloat(string(n), 64)
+}
+
+// Int64 returns the number as an int64.
+func (n Number) Int64() (int64, error) {
+	return strconv.ParseInt(string(n), 10, 64)
+}
+
+func CastJsonNumber(val interface{}) (string, bool) {
+	switch typedVal := val.(type) {
+	case json.Number:
+		return string(typedVal), true
+	case Number:
+		return string(typedVal), true
+	}
+	return "", false
+}
+
+var jsonNumberType = reflect2.TypeOfPtr((*json.Number)(nil)).Elem()
+var jsoniterNumberType = reflect2.TypeOfPtr((*Number)(nil)).Elem()
+
+func createDecoderOfJsonNumber(ctx *ctx, typ reflect2.Type) ValDecoder {
+	if typ.AssignableTo(jsonNumberType) {
+		return &jsonNumberCodec{}
+	}
+	if typ.AssignableTo(jsoniterNumberType) {
+		return &jsoniterNumberCodec{}
+	}
+	return nil
+}
+
+func createEncoderOfJsonNumber(ctx *ctx, typ reflect2.Type) ValEncoder {
+	if typ.AssignableTo(jsonNumberType) {
+		return &jsonNumberCodec{}
+	}
+	if typ.AssignableTo(jsoniterNumberType) {
+		return &jsoniterNumberCodec{}
+	}
+	return nil
+}
+
+type jsonNumberCodec struct {
+}
+
+func (codec *jsonNumberCodec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	switch iter.WhatIsNext() {
+	case StringValue:
+		*((*json.Number)(ptr)) = json.Number(iter.ReadString())
+	case NilValue:
+		iter.skipFourBytes('n', 'u', 'l', 'l')
+		*((*json.Number)(ptr)) = ""
+	default:
+		*((*json.Number)(ptr)) = json.Number([]byte(iter.readNumberAsString()))
+	}
+}
+
+func (codec *jsonNumberCodec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	number := *((*json.Number)(ptr))
+	if len(number) == 0 {
+		stream.writeByte('0')
+	} else {
+		stream.WriteRaw(string(number))
+	}
+}
+
+func (codec *jsonNumberCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	return len(*((*json.Number)(ptr))) == 0
+}
+
+type jsoniterNumberCodec struct {
+}
+
+func (codec *jsoniterNumberCodec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	switch iter.WhatIsNext() {
+	case StringValue:
+		*((*Number)(ptr)) = Number(iter.ReadString())
+	case NilValue:
+		iter.skipFourBytes('n', 'u', 'l', 'l')
+		*((*Number)(ptr)) = ""
+	default:
+		*((*Number)(ptr)) = Number([]byte(iter.readNumberAsString()))
+	}
+}
+
+func (codec *jsoniterNumberCodec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	number := *((*Number)(ptr))
+	if len(number) == 0 {
+		stream.writeByte('0')
+	} else {
+		stream.WriteRaw(string(number))
+	}
+}
+
+func (codec *jsoniterNumberCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	return len(*((*Number)(ptr))) == 0
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_json_raw_message.go b/vendor/github.com/json-iterator/go/reflect_json_raw_message.go
new file mode 100644
index 0000000000000..f2619936c88fd
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_json_raw_message.go
@@ -0,0 +1,60 @@
+package jsoniter
+
+import (
+	"encoding/json"
+	"github.com/modern-go/reflect2"
+	"unsafe"
+)
+
+var jsonRawMessageType = reflect2.TypeOfPtr((*json.RawMessage)(nil)).Elem()
+var jsoniterRawMessageType = reflect2.TypeOfPtr((*RawMessage)(nil)).Elem()
+
+func createEncoderOfJsonRawMessage(ctx *ctx, typ reflect2.Type) ValEncoder {
+	if typ == jsonRawMessageType {
+		return &jsonRawMessageCodec{}
+	}
+	if typ == jsoniterRawMessageType {
+		return &jsoniterRawMessageCodec{}
+	}
+	return nil
+}
+
+func createDecoderOfJsonRawMessage(ctx *ctx, typ reflect2.Type) ValDecoder {
+	if typ == jsonRawMessageType {
+		return &jsonRawMessageCodec{}
+	}
+	if typ == jsoniterRawMessageType {
+		return &jsoniterRawMessageCodec{}
+	}
+	return nil
+}
+
+type jsonRawMessageCodec struct {
+}
+
+func (codec *jsonRawMessageCodec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	*((*json.RawMessage)(ptr)) = json.RawMessage(iter.SkipAndReturnBytes())
+}
+
+func (codec *jsonRawMessageCodec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteRaw(string(*((*json.RawMessage)(ptr))))
+}
+
+func (codec *jsonRawMessageCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	return len(*((*json.RawMessage)(ptr))) == 0
+}
+
+type jsoniterRawMessageCodec struct {
+}
+
+func (codec *jsoniterRawMessageCodec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	*((*RawMessage)(ptr)) = RawMessage(iter.SkipAndReturnBytes())
+}
+
+func (codec *jsoniterRawMessageCodec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteRaw(string(*((*RawMessage)(ptr))))
+}
+
+func (codec *jsoniterRawMessageCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	return len(*((*RawMessage)(ptr))) == 0
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_map.go b/vendor/github.com/json-iterator/go/reflect_map.go
new file mode 100644
index 0000000000000..5829671301353
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_map.go
@@ -0,0 +1,346 @@
+package jsoniter
+
+import (
+	"fmt"
+	"github.com/modern-go/reflect2"
+	"io"
+	"reflect"
+	"sort"
+	"unsafe"
+)
+
+func decoderOfMap(ctx *ctx, typ reflect2.Type) ValDecoder {
+	mapType := typ.(*reflect2.UnsafeMapType)
+	keyDecoder := decoderOfMapKey(ctx.append("[mapKey]"), mapType.Key())
+	elemDecoder := decoderOfType(ctx.append("[mapElem]"), mapType.Elem())
+	return &mapDecoder{
+		mapType:     mapType,
+		keyType:     mapType.Key(),
+		elemType:    mapType.Elem(),
+		keyDecoder:  keyDecoder,
+		elemDecoder: elemDecoder,
+	}
+}
+
+func encoderOfMap(ctx *ctx, typ reflect2.Type) ValEncoder {
+	mapType := typ.(*reflect2.UnsafeMapType)
+	if ctx.sortMapKeys {
+		return &sortKeysMapEncoder{
+			mapType:     mapType,
+			keyEncoder:  encoderOfMapKey(ctx.append("[mapKey]"), mapType.Key()),
+			elemEncoder: encoderOfType(ctx.append("[mapElem]"), mapType.Elem()),
+		}
+	}
+	return &mapEncoder{
+		mapType:     mapType,
+		keyEncoder:  encoderOfMapKey(ctx.append("[mapKey]"), mapType.Key()),
+		elemEncoder: encoderOfType(ctx.append("[mapElem]"), mapType.Elem()),
+	}
+}
+
+func decoderOfMapKey(ctx *ctx, typ reflect2.Type) ValDecoder {
+	decoder := ctx.decoderExtension.CreateMapKeyDecoder(typ)
+	if decoder != nil {
+		return decoder
+	}
+	for _, extension := range ctx.extraExtensions {
+		decoder := extension.CreateMapKeyDecoder(typ)
+		if decoder != nil {
+			return decoder
+		}
+	}
+
+	ptrType := reflect2.PtrTo(typ)
+	if ptrType.Implements(unmarshalerType) {
+		return &referenceDecoder{
+			&unmarshalerDecoder{
+				valType: ptrType,
+			},
+		}
+	}
+	if typ.Implements(unmarshalerType) {
+		return &unmarshalerDecoder{
+			valType: typ,
+		}
+	}
+	if ptrType.Implements(textUnmarshalerType) {
+		return &referenceDecoder{
+			&textUnmarshalerDecoder{
+				valType: ptrType,
+			},
+		}
+	}
+	if typ.Implements(textUnmarshalerType) {
+		return &textUnmarshalerDecoder{
+			valType: typ,
+		}
+	}
+
+	switch typ.Kind() {
+	case reflect.String:
+		return decoderOfType(ctx, reflect2.DefaultTypeOfKind(reflect.String))
+	case reflect.Bool,
+		reflect.Uint8, reflect.Int8,
+		reflect.Uint16, reflect.Int16,
+		reflect.Uint32, reflect.Int32,
+		reflect.Uint64, reflect.Int64,
+		reflect.Uint, reflect.Int,
+		reflect.Float32, reflect.Float64,
+		reflect.Uintptr:
+		typ = reflect2.DefaultTypeOfKind(typ.Kind())
+		return &numericMapKeyDecoder{decoderOfType(ctx, typ)}
+	default:
+		return &lazyErrorDecoder{err: fmt.Errorf("unsupported map key type: %v", typ)}
+	}
+}
+
+func encoderOfMapKey(ctx *ctx, typ reflect2.Type) ValEncoder {
+	encoder := ctx.encoderExtension.CreateMapKeyEncoder(typ)
+	if encoder != nil {
+		return encoder
+	}
+	for _, extension := range ctx.extraExtensions {
+		encoder := extension.CreateMapKeyEncoder(typ)
+		if encoder != nil {
+			return encoder
+		}
+	}
+
+	if typ == textMarshalerType {
+		return &directTextMarshalerEncoder{
+			stringEncoder: ctx.EncoderOf(reflect2.TypeOf("")),
+		}
+	}
+	if typ.Implements(textMarshalerType) {
+		return &textMarshalerEncoder{
+			valType:       typ,
+			stringEncoder: ctx.EncoderOf(reflect2.TypeOf("")),
+		}
+	}
+
+	switch typ.Kind() {
+	case reflect.String:
+		return encoderOfType(ctx, reflect2.DefaultTypeOfKind(reflect.String))
+	case reflect.Bool,
+		reflect.Uint8, reflect.Int8,
+		reflect.Uint16, reflect.Int16,
+		reflect.Uint32, reflect.Int32,
+		reflect.Uint64, reflect.Int64,
+		reflect.Uint, reflect.Int,
+		reflect.Float32, reflect.Float64,
+		reflect.Uintptr:
+		typ = reflect2.DefaultTypeOfKind(typ.Kind())
+		return &numericMapKeyEncoder{encoderOfType(ctx, typ)}
+	default:
+		if typ.Kind() == reflect.Interface {
+			return &dynamicMapKeyEncoder{ctx, typ}
+		}
+		return &lazyErrorEncoder{err: fmt.Errorf("unsupported map key type: %v", typ)}
+	}
+}
+
+type mapDecoder struct {
+	mapType     *reflect2.UnsafeMapType
+	keyType     reflect2.Type
+	elemType    reflect2.Type
+	keyDecoder  ValDecoder
+	elemDecoder ValDecoder
+}
+
+func (decoder *mapDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	mapType := decoder.mapType
+	c := iter.nextToken()
+	if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l')
+		*(*unsafe.Pointer)(ptr) = nil
+		mapType.UnsafeSet(ptr, mapType.UnsafeNew())
+		return
+	}
+	if mapType.UnsafeIsNil(ptr) {
+		mapType.UnsafeSet(ptr, mapType.UnsafeMakeMap(0))
+	}
+	if c != '{' {
+		iter.ReportError("ReadMapCB", `expect { or n, but found `+string([]byte{c}))
+		return
+	}
+	c = iter.nextToken()
+	if c == '}' {
+		return
+	}
+	iter.unreadByte()
+	key := decoder.keyType.UnsafeNew()
+	decoder.keyDecoder.Decode(key, iter)
+	c = iter.nextToken()
+	if c != ':' {
+		iter.ReportError("ReadMapCB", "expect : after object field, but found "+string([]byte{c}))
+		return
+	}
+	elem := decoder.elemType.UnsafeNew()
+	decoder.elemDecoder.Decode(elem, iter)
+	decoder.mapType.UnsafeSetIndex(ptr, key, elem)
+	for c = iter.nextToken(); c == ','; c = iter.nextToken() {
+		key := decoder.keyType.UnsafeNew()
+		decoder.keyDecoder.Decode(key, iter)
+		c = iter.nextToken()
+		if c != ':' {
+			iter.ReportError("ReadMapCB", "expect : after object field, but found "+string([]byte{c}))
+			return
+		}
+		elem := decoder.elemType.UnsafeNew()
+		decoder.elemDecoder.Decode(elem, iter)
+		decoder.mapType.UnsafeSetIndex(ptr, key, elem)
+	}
+	if c != '}' {
+		iter.ReportError("ReadMapCB", `expect }, but found `+string([]byte{c}))
+	}
+}
+
+type numericMapKeyDecoder struct {
+	decoder ValDecoder
+}
+
+func (decoder *numericMapKeyDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	c := iter.nextToken()
+	if c != '"' {
+		iter.ReportError("ReadMapCB", `expect ", but found `+string([]byte{c}))
+		return
+	}
+	decoder.decoder.Decode(ptr, iter)
+	c = iter.nextToken()
+	if c != '"' {
+		iter.ReportError("ReadMapCB", `expect ", but found `+string([]byte{c}))
+		return
+	}
+}
+
+type numericMapKeyEncoder struct {
+	encoder ValEncoder
+}
+
+func (encoder *numericMapKeyEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.writeByte('"')
+	encoder.encoder.Encode(ptr, stream)
+	stream.writeByte('"')
+}
+
+func (encoder *numericMapKeyEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return false
+}
+
+type dynamicMapKeyEncoder struct {
+	ctx     *ctx
+	valType reflect2.Type
+}
+
+func (encoder *dynamicMapKeyEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	obj := encoder.valType.UnsafeIndirect(ptr)
+	encoderOfMapKey(encoder.ctx, reflect2.TypeOf(obj)).Encode(reflect2.PtrOf(obj), stream)
+}
+
+func (encoder *dynamicMapKeyEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	obj := encoder.valType.UnsafeIndirect(ptr)
+	return encoderOfMapKey(encoder.ctx, reflect2.TypeOf(obj)).IsEmpty(reflect2.PtrOf(obj))
+}
+
+type mapEncoder struct {
+	mapType     *reflect2.UnsafeMapType
+	keyEncoder  ValEncoder
+	elemEncoder ValEncoder
+}
+
+func (encoder *mapEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	if *(*unsafe.Pointer)(ptr) == nil {
+		stream.WriteNil()
+		return
+	}
+	stream.WriteObjectStart()
+	iter := encoder.mapType.UnsafeIterate(ptr)
+	for i := 0; iter.HasNext(); i++ {
+		if i != 0 {
+			stream.WriteMore()
+		}
+		key, elem := iter.UnsafeNext()
+		encoder.keyEncoder.Encode(key, stream)
+		if stream.indention > 0 {
+			stream.writeTwoBytes(byte(':'), byte(' '))
+		} else {
+			stream.writeByte(':')
+		}
+		encoder.elemEncoder.Encode(elem, stream)
+	}
+	stream.WriteObjectEnd()
+}
+
+func (encoder *mapEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	iter := encoder.mapType.UnsafeIterate(ptr)
+	return !iter.HasNext()
+}
+
+type sortKeysMapEncoder struct {
+	mapType     *reflect2.UnsafeMapType
+	keyEncoder  ValEncoder
+	elemEncoder ValEncoder
+}
+
+func (encoder *sortKeysMapEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	if *(*unsafe.Pointer)(ptr) == nil {
+		stream.WriteNil()
+		return
+	}
+	stream.WriteObjectStart()
+	mapIter := encoder.mapType.UnsafeIterate(ptr)
+	subStream := stream.cfg.BorrowStream(nil)
+	subStream.Attachment = stream.Attachment
+	subIter := stream.cfg.BorrowIterator(nil)
+	keyValues := encodedKeyValues{}
+	for mapIter.HasNext() {
+		key, elem := mapIter.UnsafeNext()
+		subStreamIndex := subStream.Buffered()
+		encoder.keyEncoder.Encode(key, subStream)
+		if subStream.Error != nil && subStream.Error != io.EOF && stream.Error == nil {
+			stream.Error = subStream.Error
+		}
+		encodedKey := subStream.Buffer()[subStreamIndex:]
+		subIter.ResetBytes(encodedKey)
+		decodedKey := subIter.ReadString()
+		if stream.indention > 0 {
+			subStream.writeTwoBytes(byte(':'), byte(' '))
+		} else {
+			subStream.writeByte(':')
+		}
+		encoder.elemEncoder.Encode(elem, subStream)
+		keyValues = append(keyValues, encodedKV{
+			key:      decodedKey,
+			keyValue: subStream.Buffer()[subStreamIndex:],
+		})
+	}
+	sort.Sort(keyValues)
+	for i, keyValue := range keyValues {
+		if i != 0 {
+			stream.WriteMore()
+		}
+		stream.Write(keyValue.keyValue)
+	}
+	if subStream.Error != nil && stream.Error == nil {
+		stream.Error = subStream.Error
+	}
+	stream.WriteObjectEnd()
+	stream.cfg.ReturnStream(subStream)
+	stream.cfg.ReturnIterator(subIter)
+}
+
+func (encoder *sortKeysMapEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	iter := encoder.mapType.UnsafeIterate(ptr)
+	return !iter.HasNext()
+}
+
+type encodedKeyValues []encodedKV
+
+type encodedKV struct {
+	key      string
+	keyValue []byte
+}
+
+func (sv encodedKeyValues) Len() int           { return len(sv) }
+func (sv encodedKeyValues) Swap(i, j int)      { sv[i], sv[j] = sv[j], sv[i] }
+func (sv encodedKeyValues) Less(i, j int) bool { return sv[i].key < sv[j].key }
diff --git a/vendor/github.com/json-iterator/go/reflect_marshaler.go b/vendor/github.com/json-iterator/go/reflect_marshaler.go
new file mode 100644
index 0000000000000..3e21f3756717a
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_marshaler.go
@@ -0,0 +1,225 @@
+package jsoniter
+
+import (
+	"encoding"
+	"encoding/json"
+	"unsafe"
+
+	"github.com/modern-go/reflect2"
+)
+
+var marshalerType = reflect2.TypeOfPtr((*json.Marshaler)(nil)).Elem()
+var unmarshalerType = reflect2.TypeOfPtr((*json.Unmarshaler)(nil)).Elem()
+var textMarshalerType = reflect2.TypeOfPtr((*encoding.TextMarshaler)(nil)).Elem()
+var textUnmarshalerType = reflect2.TypeOfPtr((*encoding.TextUnmarshaler)(nil)).Elem()
+
+func createDecoderOfMarshaler(ctx *ctx, typ reflect2.Type) ValDecoder {
+	ptrType := reflect2.PtrTo(typ)
+	if ptrType.Implements(unmarshalerType) {
+		return &referenceDecoder{
+			&unmarshalerDecoder{ptrType},
+		}
+	}
+	if ptrType.Implements(textUnmarshalerType) {
+		return &referenceDecoder{
+			&textUnmarshalerDecoder{ptrType},
+		}
+	}
+	return nil
+}
+
+func createEncoderOfMarshaler(ctx *ctx, typ reflect2.Type) ValEncoder {
+	if typ == marshalerType {
+		checkIsEmpty := createCheckIsEmpty(ctx, typ)
+		var encoder ValEncoder = &directMarshalerEncoder{
+			checkIsEmpty: checkIsEmpty,
+		}
+		return encoder
+	}
+	if typ.Implements(marshalerType) {
+		checkIsEmpty := createCheckIsEmpty(ctx, typ)
+		var encoder ValEncoder = &marshalerEncoder{
+			valType:      typ,
+			checkIsEmpty: checkIsEmpty,
+		}
+		return encoder
+	}
+	ptrType := reflect2.PtrTo(typ)
+	if ctx.prefix != "" && ptrType.Implements(marshalerType) {
+		checkIsEmpty := createCheckIsEmpty(ctx, ptrType)
+		var encoder ValEncoder = &marshalerEncoder{
+			valType:      ptrType,
+			checkIsEmpty: checkIsEmpty,
+		}
+		return &referenceEncoder{encoder}
+	}
+	if typ == textMarshalerType {
+		checkIsEmpty := createCheckIsEmpty(ctx, typ)
+		var encoder ValEncoder = &directTextMarshalerEncoder{
+			checkIsEmpty:  checkIsEmpty,
+			stringEncoder: ctx.EncoderOf(reflect2.TypeOf("")),
+		}
+		return encoder
+	}
+	if typ.Implements(textMarshalerType) {
+		checkIsEmpty := createCheckIsEmpty(ctx, typ)
+		var encoder ValEncoder = &textMarshalerEncoder{
+			valType:       typ,
+			stringEncoder: ctx.EncoderOf(reflect2.TypeOf("")),
+			checkIsEmpty:  checkIsEmpty,
+		}
+		return encoder
+	}
+	// if prefix is empty, the type is the root type
+	if ctx.prefix != "" && ptrType.Implements(textMarshalerType) {
+		checkIsEmpty := createCheckIsEmpty(ctx, ptrType)
+		var encoder ValEncoder = &textMarshalerEncoder{
+			valType:       ptrType,
+			stringEncoder: ctx.EncoderOf(reflect2.TypeOf("")),
+			checkIsEmpty:  checkIsEmpty,
+		}
+		return &referenceEncoder{encoder}
+	}
+	return nil
+}
+
+type marshalerEncoder struct {
+	checkIsEmpty checkIsEmpty
+	valType      reflect2.Type
+}
+
+func (encoder *marshalerEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	obj := encoder.valType.UnsafeIndirect(ptr)
+	if encoder.valType.IsNullable() && reflect2.IsNil(obj) {
+		stream.WriteNil()
+		return
+	}
+	marshaler := obj.(json.Marshaler)
+	bytes, err := marshaler.MarshalJSON()
+	if err != nil {
+		stream.Error = err
+	} else {
+		// html escape was already done by jsoniter
+		// but the extra '\n' should be trimed
+		l := len(bytes)
+		if l > 0 && bytes[l-1] == '\n' {
+			bytes = bytes[:l-1]
+		}
+		stream.Write(bytes)
+	}
+}
+
+func (encoder *marshalerEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.checkIsEmpty.IsEmpty(ptr)
+}
+
+type directMarshalerEncoder struct {
+	checkIsEmpty checkIsEmpty
+}
+
+func (encoder *directMarshalerEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	marshaler := *(*json.Marshaler)(ptr)
+	if marshaler == nil {
+		stream.WriteNil()
+		return
+	}
+	bytes, err := marshaler.MarshalJSON()
+	if err != nil {
+		stream.Error = err
+	} else {
+		stream.Write(bytes)
+	}
+}
+
+func (encoder *directMarshalerEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.checkIsEmpty.IsEmpty(ptr)
+}
+
+type textMarshalerEncoder struct {
+	valType       reflect2.Type
+	stringEncoder ValEncoder
+	checkIsEmpty  checkIsEmpty
+}
+
+func (encoder *textMarshalerEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	obj := encoder.valType.UnsafeIndirect(ptr)
+	if encoder.valType.IsNullable() && reflect2.IsNil(obj) {
+		stream.WriteNil()
+		return
+	}
+	marshaler := (obj).(encoding.TextMarshaler)
+	bytes, err := marshaler.MarshalText()
+	if err != nil {
+		stream.Error = err
+	} else {
+		str := string(bytes)
+		encoder.stringEncoder.Encode(unsafe.Pointer(&str), stream)
+	}
+}
+
+func (encoder *textMarshalerEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.checkIsEmpty.IsEmpty(ptr)
+}
+
+type directTextMarshalerEncoder struct {
+	stringEncoder ValEncoder
+	checkIsEmpty  checkIsEmpty
+}
+
+func (encoder *directTextMarshalerEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	marshaler := *(*encoding.TextMarshaler)(ptr)
+	if marshaler == nil {
+		stream.WriteNil()
+		return
+	}
+	bytes, err := marshaler.MarshalText()
+	if err != nil {
+		stream.Error = err
+	} else {
+		str := string(bytes)
+		encoder.stringEncoder.Encode(unsafe.Pointer(&str), stream)
+	}
+}
+
+func (encoder *directTextMarshalerEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.checkIsEmpty.IsEmpty(ptr)
+}
+
+type unmarshalerDecoder struct {
+	valType reflect2.Type
+}
+
+func (decoder *unmarshalerDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	valType := decoder.valType
+	obj := valType.UnsafeIndirect(ptr)
+	unmarshaler := obj.(json.Unmarshaler)
+	iter.nextToken()
+	iter.unreadByte() // skip spaces
+	bytes := iter.SkipAndReturnBytes()
+	err := unmarshaler.UnmarshalJSON(bytes)
+	if err != nil {
+		iter.ReportError("unmarshalerDecoder", err.Error())
+	}
+}
+
+type textUnmarshalerDecoder struct {
+	valType reflect2.Type
+}
+
+func (decoder *textUnmarshalerDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	valType := decoder.valType
+	obj := valType.UnsafeIndirect(ptr)
+	if reflect2.IsNil(obj) {
+		ptrType := valType.(*reflect2.UnsafePtrType)
+		elemType := ptrType.Elem()
+		elem := elemType.UnsafeNew()
+		ptrType.UnsafeSet(ptr, unsafe.Pointer(&elem))
+		obj = valType.UnsafeIndirect(ptr)
+	}
+	unmarshaler := (obj).(encoding.TextUnmarshaler)
+	str := iter.ReadString()
+	err := unmarshaler.UnmarshalText([]byte(str))
+	if err != nil {
+		iter.ReportError("textUnmarshalerDecoder", err.Error())
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_native.go b/vendor/github.com/json-iterator/go/reflect_native.go
new file mode 100644
index 0000000000000..f88722d14d198
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_native.go
@@ -0,0 +1,453 @@
+package jsoniter
+
+import (
+	"encoding/base64"
+	"reflect"
+	"strconv"
+	"unsafe"
+
+	"github.com/modern-go/reflect2"
+)
+
+const ptrSize = 32 << uintptr(^uintptr(0)>>63)
+
+func createEncoderOfNative(ctx *ctx, typ reflect2.Type) ValEncoder {
+	if typ.Kind() == reflect.Slice && typ.(reflect2.SliceType).Elem().Kind() == reflect.Uint8 {
+		sliceDecoder := decoderOfSlice(ctx, typ)
+		return &base64Codec{sliceDecoder: sliceDecoder}
+	}
+	typeName := typ.String()
+	kind := typ.Kind()
+	switch kind {
+	case reflect.String:
+		if typeName != "string" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*string)(nil)).Elem())
+		}
+		return &stringCodec{}
+	case reflect.Int:
+		if typeName != "int" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*int)(nil)).Elem())
+		}
+		if strconv.IntSize == 32 {
+			return &int32Codec{}
+		}
+		return &int64Codec{}
+	case reflect.Int8:
+		if typeName != "int8" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*int8)(nil)).Elem())
+		}
+		return &int8Codec{}
+	case reflect.Int16:
+		if typeName != "int16" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*int16)(nil)).Elem())
+		}
+		return &int16Codec{}
+	case reflect.Int32:
+		if typeName != "int32" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*int32)(nil)).Elem())
+		}
+		return &int32Codec{}
+	case reflect.Int64:
+		if typeName != "int64" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*int64)(nil)).Elem())
+		}
+		return &int64Codec{}
+	case reflect.Uint:
+		if typeName != "uint" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*uint)(nil)).Elem())
+		}
+		if strconv.IntSize == 32 {
+			return &uint32Codec{}
+		}
+		return &uint64Codec{}
+	case reflect.Uint8:
+		if typeName != "uint8" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*uint8)(nil)).Elem())
+		}
+		return &uint8Codec{}
+	case reflect.Uint16:
+		if typeName != "uint16" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*uint16)(nil)).Elem())
+		}
+		return &uint16Codec{}
+	case reflect.Uint32:
+		if typeName != "uint32" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*uint32)(nil)).Elem())
+		}
+		return &uint32Codec{}
+	case reflect.Uintptr:
+		if typeName != "uintptr" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*uintptr)(nil)).Elem())
+		}
+		if ptrSize == 32 {
+			return &uint32Codec{}
+		}
+		return &uint64Codec{}
+	case reflect.Uint64:
+		if typeName != "uint64" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*uint64)(nil)).Elem())
+		}
+		return &uint64Codec{}
+	case reflect.Float32:
+		if typeName != "float32" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*float32)(nil)).Elem())
+		}
+		return &float32Codec{}
+	case reflect.Float64:
+		if typeName != "float64" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*float64)(nil)).Elem())
+		}
+		return &float64Codec{}
+	case reflect.Bool:
+		if typeName != "bool" {
+			return encoderOfType(ctx, reflect2.TypeOfPtr((*bool)(nil)).Elem())
+		}
+		return &boolCodec{}
+	}
+	return nil
+}
+
+func createDecoderOfNative(ctx *ctx, typ reflect2.Type) ValDecoder {
+	if typ.Kind() == reflect.Slice && typ.(reflect2.SliceType).Elem().Kind() == reflect.Uint8 {
+		sliceDecoder := decoderOfSlice(ctx, typ)
+		return &base64Codec{sliceDecoder: sliceDecoder}
+	}
+	typeName := typ.String()
+	switch typ.Kind() {
+	case reflect.String:
+		if typeName != "string" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*string)(nil)).Elem())
+		}
+		return &stringCodec{}
+	case reflect.Int:
+		if typeName != "int" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*int)(nil)).Elem())
+		}
+		if strconv.IntSize == 32 {
+			return &int32Codec{}
+		}
+		return &int64Codec{}
+	case reflect.Int8:
+		if typeName != "int8" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*int8)(nil)).Elem())
+		}
+		return &int8Codec{}
+	case reflect.Int16:
+		if typeName != "int16" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*int16)(nil)).Elem())
+		}
+		return &int16Codec{}
+	case reflect.Int32:
+		if typeName != "int32" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*int32)(nil)).Elem())
+		}
+		return &int32Codec{}
+	case reflect.Int64:
+		if typeName != "int64" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*int64)(nil)).Elem())
+		}
+		return &int64Codec{}
+	case reflect.Uint:
+		if typeName != "uint" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*uint)(nil)).Elem())
+		}
+		if strconv.IntSize == 32 {
+			return &uint32Codec{}
+		}
+		return &uint64Codec{}
+	case reflect.Uint8:
+		if typeName != "uint8" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*uint8)(nil)).Elem())
+		}
+		return &uint8Codec{}
+	case reflect.Uint16:
+		if typeName != "uint16" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*uint16)(nil)).Elem())
+		}
+		return &uint16Codec{}
+	case reflect.Uint32:
+		if typeName != "uint32" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*uint32)(nil)).Elem())
+		}
+		return &uint32Codec{}
+	case reflect.Uintptr:
+		if typeName != "uintptr" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*uintptr)(nil)).Elem())
+		}
+		if ptrSize == 32 {
+			return &uint32Codec{}
+		}
+		return &uint64Codec{}
+	case reflect.Uint64:
+		if typeName != "uint64" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*uint64)(nil)).Elem())
+		}
+		return &uint64Codec{}
+	case reflect.Float32:
+		if typeName != "float32" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*float32)(nil)).Elem())
+		}
+		return &float32Codec{}
+	case reflect.Float64:
+		if typeName != "float64" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*float64)(nil)).Elem())
+		}
+		return &float64Codec{}
+	case reflect.Bool:
+		if typeName != "bool" {
+			return decoderOfType(ctx, reflect2.TypeOfPtr((*bool)(nil)).Elem())
+		}
+		return &boolCodec{}
+	}
+	return nil
+}
+
+type stringCodec struct {
+}
+
+func (codec *stringCodec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	*((*string)(ptr)) = iter.ReadString()
+}
+
+func (codec *stringCodec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	str := *((*string)(ptr))
+	stream.WriteString(str)
+}
+
+func (codec *stringCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*string)(ptr)) == ""
+}
+
+type int8Codec struct {
+}
+
+func (codec *int8Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*int8)(ptr)) = iter.ReadInt8()
+	}
+}
+
+func (codec *int8Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteInt8(*((*int8)(ptr)))
+}
+
+func (codec *int8Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*int8)(ptr)) == 0
+}
+
+type int16Codec struct {
+}
+
+func (codec *int16Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*int16)(ptr)) = iter.ReadInt16()
+	}
+}
+
+func (codec *int16Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteInt16(*((*int16)(ptr)))
+}
+
+func (codec *int16Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*int16)(ptr)) == 0
+}
+
+type int32Codec struct {
+}
+
+func (codec *int32Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*int32)(ptr)) = iter.ReadInt32()
+	}
+}
+
+func (codec *int32Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteInt32(*((*int32)(ptr)))
+}
+
+func (codec *int32Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*int32)(ptr)) == 0
+}
+
+type int64Codec struct {
+}
+
+func (codec *int64Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*int64)(ptr)) = iter.ReadInt64()
+	}
+}
+
+func (codec *int64Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteInt64(*((*int64)(ptr)))
+}
+
+func (codec *int64Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*int64)(ptr)) == 0
+}
+
+type uint8Codec struct {
+}
+
+func (codec *uint8Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*uint8)(ptr)) = iter.ReadUint8()
+	}
+}
+
+func (codec *uint8Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteUint8(*((*uint8)(ptr)))
+}
+
+func (codec *uint8Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*uint8)(ptr)) == 0
+}
+
+type uint16Codec struct {
+}
+
+func (codec *uint16Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*uint16)(ptr)) = iter.ReadUint16()
+	}
+}
+
+func (codec *uint16Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteUint16(*((*uint16)(ptr)))
+}
+
+func (codec *uint16Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*uint16)(ptr)) == 0
+}
+
+type uint32Codec struct {
+}
+
+func (codec *uint32Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*uint32)(ptr)) = iter.ReadUint32()
+	}
+}
+
+func (codec *uint32Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteUint32(*((*uint32)(ptr)))
+}
+
+func (codec *uint32Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*uint32)(ptr)) == 0
+}
+
+type uint64Codec struct {
+}
+
+func (codec *uint64Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*uint64)(ptr)) = iter.ReadUint64()
+	}
+}
+
+func (codec *uint64Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteUint64(*((*uint64)(ptr)))
+}
+
+func (codec *uint64Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*uint64)(ptr)) == 0
+}
+
+type float32Codec struct {
+}
+
+func (codec *float32Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*float32)(ptr)) = iter.ReadFloat32()
+	}
+}
+
+func (codec *float32Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteFloat32(*((*float32)(ptr)))
+}
+
+func (codec *float32Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*float32)(ptr)) == 0
+}
+
+type float64Codec struct {
+}
+
+func (codec *float64Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*float64)(ptr)) = iter.ReadFloat64()
+	}
+}
+
+func (codec *float64Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteFloat64(*((*float64)(ptr)))
+}
+
+func (codec *float64Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*float64)(ptr)) == 0
+}
+
+type boolCodec struct {
+}
+
+func (codec *boolCodec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.ReadNil() {
+		*((*bool)(ptr)) = iter.ReadBool()
+	}
+}
+
+func (codec *boolCodec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteBool(*((*bool)(ptr)))
+}
+
+func (codec *boolCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	return !(*((*bool)(ptr)))
+}
+
+type base64Codec struct {
+	sliceType    *reflect2.UnsafeSliceType
+	sliceDecoder ValDecoder
+}
+
+func (codec *base64Codec) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if iter.ReadNil() {
+		codec.sliceType.UnsafeSetNil(ptr)
+		return
+	}
+	switch iter.WhatIsNext() {
+	case StringValue:
+		src := iter.ReadString()
+		dst, err := base64.StdEncoding.DecodeString(src)
+		if err != nil {
+			iter.ReportError("decode base64", err.Error())
+		} else {
+			codec.sliceType.UnsafeSet(ptr, unsafe.Pointer(&dst))
+		}
+	case ArrayValue:
+		codec.sliceDecoder.Decode(ptr, iter)
+	default:
+		iter.ReportError("base64Codec", "invalid input")
+	}
+}
+
+func (codec *base64Codec) Encode(ptr unsafe.Pointer, stream *Stream) {
+	if codec.sliceType.UnsafeIsNil(ptr) {
+		stream.WriteNil()
+		return
+	}
+	src := *((*[]byte)(ptr))
+	encoding := base64.StdEncoding
+	stream.writeByte('"')
+	if len(src) != 0 {
+		size := encoding.EncodedLen(len(src))
+		buf := make([]byte, size)
+		encoding.Encode(buf, src)
+		stream.buf = append(stream.buf, buf...)
+	}
+	stream.writeByte('"')
+}
+
+func (codec *base64Codec) IsEmpty(ptr unsafe.Pointer) bool {
+	return len(*((*[]byte)(ptr))) == 0
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_optional.go b/vendor/github.com/json-iterator/go/reflect_optional.go
new file mode 100644
index 0000000000000..fa71f47489121
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_optional.go
@@ -0,0 +1,129 @@
+package jsoniter
+
+import (
+	"github.com/modern-go/reflect2"
+	"unsafe"
+)
+
+func decoderOfOptional(ctx *ctx, typ reflect2.Type) ValDecoder {
+	ptrType := typ.(*reflect2.UnsafePtrType)
+	elemType := ptrType.Elem()
+	decoder := decoderOfType(ctx, elemType)
+	return &OptionalDecoder{elemType, decoder}
+}
+
+func encoderOfOptional(ctx *ctx, typ reflect2.Type) ValEncoder {
+	ptrType := typ.(*reflect2.UnsafePtrType)
+	elemType := ptrType.Elem()
+	elemEncoder := encoderOfType(ctx, elemType)
+	encoder := &OptionalEncoder{elemEncoder}
+	return encoder
+}
+
+type OptionalDecoder struct {
+	ValueType    reflect2.Type
+	ValueDecoder ValDecoder
+}
+
+func (decoder *OptionalDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if iter.ReadNil() {
+		*((*unsafe.Pointer)(ptr)) = nil
+	} else {
+		if *((*unsafe.Pointer)(ptr)) == nil {
+			//pointer to null, we have to allocate memory to hold the value
+			newPtr := decoder.ValueType.UnsafeNew()
+			decoder.ValueDecoder.Decode(newPtr, iter)
+			*((*unsafe.Pointer)(ptr)) = newPtr
+		} else {
+			//reuse existing instance
+			decoder.ValueDecoder.Decode(*((*unsafe.Pointer)(ptr)), iter)
+		}
+	}
+}
+
+type dereferenceDecoder struct {
+	// only to deference a pointer
+	valueType    reflect2.Type
+	valueDecoder ValDecoder
+}
+
+func (decoder *dereferenceDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if *((*unsafe.Pointer)(ptr)) == nil {
+		//pointer to null, we have to allocate memory to hold the value
+		newPtr := decoder.valueType.UnsafeNew()
+		decoder.valueDecoder.Decode(newPtr, iter)
+		*((*unsafe.Pointer)(ptr)) = newPtr
+	} else {
+		//reuse existing instance
+		decoder.valueDecoder.Decode(*((*unsafe.Pointer)(ptr)), iter)
+	}
+}
+
+type OptionalEncoder struct {
+	ValueEncoder ValEncoder
+}
+
+func (encoder *OptionalEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	if *((*unsafe.Pointer)(ptr)) == nil {
+		stream.WriteNil()
+	} else {
+		encoder.ValueEncoder.Encode(*((*unsafe.Pointer)(ptr)), stream)
+	}
+}
+
+func (encoder *OptionalEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return *((*unsafe.Pointer)(ptr)) == nil
+}
+
+type dereferenceEncoder struct {
+	ValueEncoder ValEncoder
+}
+
+func (encoder *dereferenceEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	if *((*unsafe.Pointer)(ptr)) == nil {
+		stream.WriteNil()
+	} else {
+		encoder.ValueEncoder.Encode(*((*unsafe.Pointer)(ptr)), stream)
+	}
+}
+
+func (encoder *dereferenceEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	dePtr := *((*unsafe.Pointer)(ptr))
+	if dePtr == nil {
+		return true
+	}
+	return encoder.ValueEncoder.IsEmpty(dePtr)
+}
+
+func (encoder *dereferenceEncoder) IsEmbeddedPtrNil(ptr unsafe.Pointer) bool {
+	deReferenced := *((*unsafe.Pointer)(ptr))
+	if deReferenced == nil {
+		return true
+	}
+	isEmbeddedPtrNil, converted := encoder.ValueEncoder.(IsEmbeddedPtrNil)
+	if !converted {
+		return false
+	}
+	fieldPtr := unsafe.Pointer(deReferenced)
+	return isEmbeddedPtrNil.IsEmbeddedPtrNil(fieldPtr)
+}
+
+type referenceEncoder struct {
+	encoder ValEncoder
+}
+
+func (encoder *referenceEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	encoder.encoder.Encode(unsafe.Pointer(&ptr), stream)
+}
+
+func (encoder *referenceEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.encoder.IsEmpty(unsafe.Pointer(&ptr))
+}
+
+type referenceDecoder struct {
+	decoder ValDecoder
+}
+
+func (decoder *referenceDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	decoder.decoder.Decode(unsafe.Pointer(&ptr), iter)
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_slice.go b/vendor/github.com/json-iterator/go/reflect_slice.go
new file mode 100644
index 0000000000000..9441d79df33b4
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_slice.go
@@ -0,0 +1,99 @@
+package jsoniter
+
+import (
+	"fmt"
+	"github.com/modern-go/reflect2"
+	"io"
+	"unsafe"
+)
+
+func decoderOfSlice(ctx *ctx, typ reflect2.Type) ValDecoder {
+	sliceType := typ.(*reflect2.UnsafeSliceType)
+	decoder := decoderOfType(ctx.append("[sliceElem]"), sliceType.Elem())
+	return &sliceDecoder{sliceType, decoder}
+}
+
+func encoderOfSlice(ctx *ctx, typ reflect2.Type) ValEncoder {
+	sliceType := typ.(*reflect2.UnsafeSliceType)
+	encoder := encoderOfType(ctx.append("[sliceElem]"), sliceType.Elem())
+	return &sliceEncoder{sliceType, encoder}
+}
+
+type sliceEncoder struct {
+	sliceType   *reflect2.UnsafeSliceType
+	elemEncoder ValEncoder
+}
+
+func (encoder *sliceEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	if encoder.sliceType.UnsafeIsNil(ptr) {
+		stream.WriteNil()
+		return
+	}
+	length := encoder.sliceType.UnsafeLengthOf(ptr)
+	if length == 0 {
+		stream.WriteEmptyArray()
+		return
+	}
+	stream.WriteArrayStart()
+	encoder.elemEncoder.Encode(encoder.sliceType.UnsafeGetIndex(ptr, 0), stream)
+	for i := 1; i < length; i++ {
+		stream.WriteMore()
+		elemPtr := encoder.sliceType.UnsafeGetIndex(ptr, i)
+		encoder.elemEncoder.Encode(elemPtr, stream)
+	}
+	stream.WriteArrayEnd()
+	if stream.Error != nil && stream.Error != io.EOF {
+		stream.Error = fmt.Errorf("%v: %s", encoder.sliceType, stream.Error.Error())
+	}
+}
+
+func (encoder *sliceEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.sliceType.UnsafeLengthOf(ptr) == 0
+}
+
+type sliceDecoder struct {
+	sliceType   *reflect2.UnsafeSliceType
+	elemDecoder ValDecoder
+}
+
+func (decoder *sliceDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	decoder.doDecode(ptr, iter)
+	if iter.Error != nil && iter.Error != io.EOF {
+		iter.Error = fmt.Errorf("%v: %s", decoder.sliceType, iter.Error.Error())
+	}
+}
+
+func (decoder *sliceDecoder) doDecode(ptr unsafe.Pointer, iter *Iterator) {
+	c := iter.nextToken()
+	sliceType := decoder.sliceType
+	if c == 'n' {
+		iter.skipThreeBytes('u', 'l', 'l')
+		sliceType.UnsafeSetNil(ptr)
+		return
+	}
+	if c != '[' {
+		iter.ReportError("decode slice", "expect [ or n, but found "+string([]byte{c}))
+		return
+	}
+	c = iter.nextToken()
+	if c == ']' {
+		sliceType.UnsafeSet(ptr, sliceType.UnsafeMakeSlice(0, 0))
+		return
+	}
+	iter.unreadByte()
+	sliceType.UnsafeGrow(ptr, 1)
+	elemPtr := sliceType.UnsafeGetIndex(ptr, 0)
+	decoder.elemDecoder.Decode(elemPtr, iter)
+	length := 1
+	for c = iter.nextToken(); c == ','; c = iter.nextToken() {
+		idx := length
+		length += 1
+		sliceType.UnsafeGrow(ptr, length)
+		elemPtr = sliceType.UnsafeGetIndex(ptr, idx)
+		decoder.elemDecoder.Decode(elemPtr, iter)
+	}
+	if c != ']' {
+		iter.ReportError("decode slice", "expect ], but found "+string([]byte{c}))
+		return
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_struct_decoder.go b/vendor/github.com/json-iterator/go/reflect_struct_decoder.go
new file mode 100644
index 0000000000000..d7eb0eb5caa85
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_struct_decoder.go
@@ -0,0 +1,1092 @@
+package jsoniter
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"unsafe"
+
+	"github.com/modern-go/reflect2"
+)
+
+func decoderOfStruct(ctx *ctx, typ reflect2.Type) ValDecoder {
+	bindings := map[string]*Binding{}
+	structDescriptor := describeStruct(ctx, typ)
+	for _, binding := range structDescriptor.Fields {
+		for _, fromName := range binding.FromNames {
+			old := bindings[fromName]
+			if old == nil {
+				bindings[fromName] = binding
+				continue
+			}
+			ignoreOld, ignoreNew := resolveConflictBinding(ctx.frozenConfig, old, binding)
+			if ignoreOld {
+				delete(bindings, fromName)
+			}
+			if !ignoreNew {
+				bindings[fromName] = binding
+			}
+		}
+	}
+	fields := map[string]*structFieldDecoder{}
+	for k, binding := range bindings {
+		fields[k] = binding.Decoder.(*structFieldDecoder)
+	}
+
+	if !ctx.caseSensitive() {
+		for k, binding := range bindings {
+			if _, found := fields[strings.ToLower(k)]; !found {
+				fields[strings.ToLower(k)] = binding.Decoder.(*structFieldDecoder)
+			}
+		}
+	}
+
+	return createStructDecoder(ctx, typ, fields)
+}
+
+func createStructDecoder(ctx *ctx, typ reflect2.Type, fields map[string]*structFieldDecoder) ValDecoder {
+	if ctx.disallowUnknownFields {
+		return &generalStructDecoder{typ: typ, fields: fields, disallowUnknownFields: true}
+	}
+	knownHash := map[int64]struct{}{
+		0: {},
+	}
+
+	switch len(fields) {
+	case 0:
+		return &skipObjectDecoder{typ}
+	case 1:
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			return &oneFieldStructDecoder{typ, fieldHash, fieldDecoder}
+		}
+	case 2:
+		var fieldHash1 int64
+		var fieldHash2 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldHash1 == 0 {
+				fieldHash1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else {
+				fieldHash2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			}
+		}
+		return &twoFieldsStructDecoder{typ, fieldHash1, fieldDecoder1, fieldHash2, fieldDecoder2}
+	case 3:
+		var fieldName1 int64
+		var fieldName2 int64
+		var fieldName3 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		var fieldDecoder3 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldName1 == 0 {
+				fieldName1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else if fieldName2 == 0 {
+				fieldName2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			} else {
+				fieldName3 = fieldHash
+				fieldDecoder3 = fieldDecoder
+			}
+		}
+		return &threeFieldsStructDecoder{typ,
+			fieldName1, fieldDecoder1,
+			fieldName2, fieldDecoder2,
+			fieldName3, fieldDecoder3}
+	case 4:
+		var fieldName1 int64
+		var fieldName2 int64
+		var fieldName3 int64
+		var fieldName4 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		var fieldDecoder3 *structFieldDecoder
+		var fieldDecoder4 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldName1 == 0 {
+				fieldName1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else if fieldName2 == 0 {
+				fieldName2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			} else if fieldName3 == 0 {
+				fieldName3 = fieldHash
+				fieldDecoder3 = fieldDecoder
+			} else {
+				fieldName4 = fieldHash
+				fieldDecoder4 = fieldDecoder
+			}
+		}
+		return &fourFieldsStructDecoder{typ,
+			fieldName1, fieldDecoder1,
+			fieldName2, fieldDecoder2,
+			fieldName3, fieldDecoder3,
+			fieldName4, fieldDecoder4}
+	case 5:
+		var fieldName1 int64
+		var fieldName2 int64
+		var fieldName3 int64
+		var fieldName4 int64
+		var fieldName5 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		var fieldDecoder3 *structFieldDecoder
+		var fieldDecoder4 *structFieldDecoder
+		var fieldDecoder5 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldName1 == 0 {
+				fieldName1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else if fieldName2 == 0 {
+				fieldName2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			} else if fieldName3 == 0 {
+				fieldName3 = fieldHash
+				fieldDecoder3 = fieldDecoder
+			} else if fieldName4 == 0 {
+				fieldName4 = fieldHash
+				fieldDecoder4 = fieldDecoder
+			} else {
+				fieldName5 = fieldHash
+				fieldDecoder5 = fieldDecoder
+			}
+		}
+		return &fiveFieldsStructDecoder{typ,
+			fieldName1, fieldDecoder1,
+			fieldName2, fieldDecoder2,
+			fieldName3, fieldDecoder3,
+			fieldName4, fieldDecoder4,
+			fieldName5, fieldDecoder5}
+	case 6:
+		var fieldName1 int64
+		var fieldName2 int64
+		var fieldName3 int64
+		var fieldName4 int64
+		var fieldName5 int64
+		var fieldName6 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		var fieldDecoder3 *structFieldDecoder
+		var fieldDecoder4 *structFieldDecoder
+		var fieldDecoder5 *structFieldDecoder
+		var fieldDecoder6 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldName1 == 0 {
+				fieldName1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else if fieldName2 == 0 {
+				fieldName2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			} else if fieldName3 == 0 {
+				fieldName3 = fieldHash
+				fieldDecoder3 = fieldDecoder
+			} else if fieldName4 == 0 {
+				fieldName4 = fieldHash
+				fieldDecoder4 = fieldDecoder
+			} else if fieldName5 == 0 {
+				fieldName5 = fieldHash
+				fieldDecoder5 = fieldDecoder
+			} else {
+				fieldName6 = fieldHash
+				fieldDecoder6 = fieldDecoder
+			}
+		}
+		return &sixFieldsStructDecoder{typ,
+			fieldName1, fieldDecoder1,
+			fieldName2, fieldDecoder2,
+			fieldName3, fieldDecoder3,
+			fieldName4, fieldDecoder4,
+			fieldName5, fieldDecoder5,
+			fieldName6, fieldDecoder6}
+	case 7:
+		var fieldName1 int64
+		var fieldName2 int64
+		var fieldName3 int64
+		var fieldName4 int64
+		var fieldName5 int64
+		var fieldName6 int64
+		var fieldName7 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		var fieldDecoder3 *structFieldDecoder
+		var fieldDecoder4 *structFieldDecoder
+		var fieldDecoder5 *structFieldDecoder
+		var fieldDecoder6 *structFieldDecoder
+		var fieldDecoder7 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldName1 == 0 {
+				fieldName1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else if fieldName2 == 0 {
+				fieldName2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			} else if fieldName3 == 0 {
+				fieldName3 = fieldHash
+				fieldDecoder3 = fieldDecoder
+			} else if fieldName4 == 0 {
+				fieldName4 = fieldHash
+				fieldDecoder4 = fieldDecoder
+			} else if fieldName5 == 0 {
+				fieldName5 = fieldHash
+				fieldDecoder5 = fieldDecoder
+			} else if fieldName6 == 0 {
+				fieldName6 = fieldHash
+				fieldDecoder6 = fieldDecoder
+			} else {
+				fieldName7 = fieldHash
+				fieldDecoder7 = fieldDecoder
+			}
+		}
+		return &sevenFieldsStructDecoder{typ,
+			fieldName1, fieldDecoder1,
+			fieldName2, fieldDecoder2,
+			fieldName3, fieldDecoder3,
+			fieldName4, fieldDecoder4,
+			fieldName5, fieldDecoder5,
+			fieldName6, fieldDecoder6,
+			fieldName7, fieldDecoder7}
+	case 8:
+		var fieldName1 int64
+		var fieldName2 int64
+		var fieldName3 int64
+		var fieldName4 int64
+		var fieldName5 int64
+		var fieldName6 int64
+		var fieldName7 int64
+		var fieldName8 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		var fieldDecoder3 *structFieldDecoder
+		var fieldDecoder4 *structFieldDecoder
+		var fieldDecoder5 *structFieldDecoder
+		var fieldDecoder6 *structFieldDecoder
+		var fieldDecoder7 *structFieldDecoder
+		var fieldDecoder8 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldName1 == 0 {
+				fieldName1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else if fieldName2 == 0 {
+				fieldName2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			} else if fieldName3 == 0 {
+				fieldName3 = fieldHash
+				fieldDecoder3 = fieldDecoder
+			} else if fieldName4 == 0 {
+				fieldName4 = fieldHash
+				fieldDecoder4 = fieldDecoder
+			} else if fieldName5 == 0 {
+				fieldName5 = fieldHash
+				fieldDecoder5 = fieldDecoder
+			} else if fieldName6 == 0 {
+				fieldName6 = fieldHash
+				fieldDecoder6 = fieldDecoder
+			} else if fieldName7 == 0 {
+				fieldName7 = fieldHash
+				fieldDecoder7 = fieldDecoder
+			} else {
+				fieldName8 = fieldHash
+				fieldDecoder8 = fieldDecoder
+			}
+		}
+		return &eightFieldsStructDecoder{typ,
+			fieldName1, fieldDecoder1,
+			fieldName2, fieldDecoder2,
+			fieldName3, fieldDecoder3,
+			fieldName4, fieldDecoder4,
+			fieldName5, fieldDecoder5,
+			fieldName6, fieldDecoder6,
+			fieldName7, fieldDecoder7,
+			fieldName8, fieldDecoder8}
+	case 9:
+		var fieldName1 int64
+		var fieldName2 int64
+		var fieldName3 int64
+		var fieldName4 int64
+		var fieldName5 int64
+		var fieldName6 int64
+		var fieldName7 int64
+		var fieldName8 int64
+		var fieldName9 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		var fieldDecoder3 *structFieldDecoder
+		var fieldDecoder4 *structFieldDecoder
+		var fieldDecoder5 *structFieldDecoder
+		var fieldDecoder6 *structFieldDecoder
+		var fieldDecoder7 *structFieldDecoder
+		var fieldDecoder8 *structFieldDecoder
+		var fieldDecoder9 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldName1 == 0 {
+				fieldName1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else if fieldName2 == 0 {
+				fieldName2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			} else if fieldName3 == 0 {
+				fieldName3 = fieldHash
+				fieldDecoder3 = fieldDecoder
+			} else if fieldName4 == 0 {
+				fieldName4 = fieldHash
+				fieldDecoder4 = fieldDecoder
+			} else if fieldName5 == 0 {
+				fieldName5 = fieldHash
+				fieldDecoder5 = fieldDecoder
+			} else if fieldName6 == 0 {
+				fieldName6 = fieldHash
+				fieldDecoder6 = fieldDecoder
+			} else if fieldName7 == 0 {
+				fieldName7 = fieldHash
+				fieldDecoder7 = fieldDecoder
+			} else if fieldName8 == 0 {
+				fieldName8 = fieldHash
+				fieldDecoder8 = fieldDecoder
+			} else {
+				fieldName9 = fieldHash
+				fieldDecoder9 = fieldDecoder
+			}
+		}
+		return &nineFieldsStructDecoder{typ,
+			fieldName1, fieldDecoder1,
+			fieldName2, fieldDecoder2,
+			fieldName3, fieldDecoder3,
+			fieldName4, fieldDecoder4,
+			fieldName5, fieldDecoder5,
+			fieldName6, fieldDecoder6,
+			fieldName7, fieldDecoder7,
+			fieldName8, fieldDecoder8,
+			fieldName9, fieldDecoder9}
+	case 10:
+		var fieldName1 int64
+		var fieldName2 int64
+		var fieldName3 int64
+		var fieldName4 int64
+		var fieldName5 int64
+		var fieldName6 int64
+		var fieldName7 int64
+		var fieldName8 int64
+		var fieldName9 int64
+		var fieldName10 int64
+		var fieldDecoder1 *structFieldDecoder
+		var fieldDecoder2 *structFieldDecoder
+		var fieldDecoder3 *structFieldDecoder
+		var fieldDecoder4 *structFieldDecoder
+		var fieldDecoder5 *structFieldDecoder
+		var fieldDecoder6 *structFieldDecoder
+		var fieldDecoder7 *structFieldDecoder
+		var fieldDecoder8 *structFieldDecoder
+		var fieldDecoder9 *structFieldDecoder
+		var fieldDecoder10 *structFieldDecoder
+		for fieldName, fieldDecoder := range fields {
+			fieldHash := calcHash(fieldName, ctx.caseSensitive())
+			_, known := knownHash[fieldHash]
+			if known {
+				return &generalStructDecoder{typ, fields, false}
+			}
+			knownHash[fieldHash] = struct{}{}
+			if fieldName1 == 0 {
+				fieldName1 = fieldHash
+				fieldDecoder1 = fieldDecoder
+			} else if fieldName2 == 0 {
+				fieldName2 = fieldHash
+				fieldDecoder2 = fieldDecoder
+			} else if fieldName3 == 0 {
+				fieldName3 = fieldHash
+				fieldDecoder3 = fieldDecoder
+			} else if fieldName4 == 0 {
+				fieldName4 = fieldHash
+				fieldDecoder4 = fieldDecoder
+			} else if fieldName5 == 0 {
+				fieldName5 = fieldHash
+				fieldDecoder5 = fieldDecoder
+			} else if fieldName6 == 0 {
+				fieldName6 = fieldHash
+				fieldDecoder6 = fieldDecoder
+			} else if fieldName7 == 0 {
+				fieldName7 = fieldHash
+				fieldDecoder7 = fieldDecoder
+			} else if fieldName8 == 0 {
+				fieldName8 = fieldHash
+				fieldDecoder8 = fieldDecoder
+			} else if fieldName9 == 0 {
+				fieldName9 = fieldHash
+				fieldDecoder9 = fieldDecoder
+			} else {
+				fieldName10 = fieldHash
+				fieldDecoder10 = fieldDecoder
+			}
+		}
+		return &tenFieldsStructDecoder{typ,
+			fieldName1, fieldDecoder1,
+			fieldName2, fieldDecoder2,
+			fieldName3, fieldDecoder3,
+			fieldName4, fieldDecoder4,
+			fieldName5, fieldDecoder5,
+			fieldName6, fieldDecoder6,
+			fieldName7, fieldDecoder7,
+			fieldName8, fieldDecoder8,
+			fieldName9, fieldDecoder9,
+			fieldName10, fieldDecoder10}
+	}
+	return &generalStructDecoder{typ, fields, false}
+}
+
+type generalStructDecoder struct {
+	typ                   reflect2.Type
+	fields                map[string]*structFieldDecoder
+	disallowUnknownFields bool
+}
+
+func (decoder *generalStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	var c byte
+	for c = ','; c == ','; c = iter.nextToken() {
+		decoder.decodeOneField(ptr, iter)
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	if c != '}' {
+		iter.ReportError("struct Decode", `expect }, but found `+string([]byte{c}))
+	}
+	iter.decrementDepth()
+}
+
+func (decoder *generalStructDecoder) decodeOneField(ptr unsafe.Pointer, iter *Iterator) {
+	var field string
+	var fieldDecoder *structFieldDecoder
+	if iter.cfg.objectFieldMustBeSimpleString {
+		fieldBytes := iter.ReadStringAsSlice()
+		field = *(*string)(unsafe.Pointer(&fieldBytes))
+		fieldDecoder = decoder.fields[field]
+		if fieldDecoder == nil && !iter.cfg.caseSensitive {
+			fieldDecoder = decoder.fields[strings.ToLower(field)]
+		}
+	} else {
+		field = iter.ReadString()
+		fieldDecoder = decoder.fields[field]
+		if fieldDecoder == nil && !iter.cfg.caseSensitive {
+			fieldDecoder = decoder.fields[strings.ToLower(field)]
+		}
+	}
+	if fieldDecoder == nil {
+		if decoder.disallowUnknownFields {
+			msg := "found unknown field: " + field
+			iter.ReportError("ReadObject", msg)
+		}
+		c := iter.nextToken()
+		if c != ':' {
+			iter.ReportError("ReadObject", "expect : after object field, but found "+string([]byte{c}))
+		}
+		iter.Skip()
+		return
+	}
+	c := iter.nextToken()
+	if c != ':' {
+		iter.ReportError("ReadObject", "expect : after object field, but found "+string([]byte{c}))
+	}
+	fieldDecoder.Decode(ptr, iter)
+}
+
+type skipObjectDecoder struct {
+	typ reflect2.Type
+}
+
+func (decoder *skipObjectDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	valueType := iter.WhatIsNext()
+	if valueType != ObjectValue && valueType != NilValue {
+		iter.ReportError("skipObjectDecoder", "expect object or null")
+		return
+	}
+	iter.Skip()
+}
+
+type oneFieldStructDecoder struct {
+	typ          reflect2.Type
+	fieldHash    int64
+	fieldDecoder *structFieldDecoder
+}
+
+func (decoder *oneFieldStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		if iter.readFieldHash() == decoder.fieldHash {
+			decoder.fieldDecoder.Decode(ptr, iter)
+		} else {
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type twoFieldsStructDecoder struct {
+	typ           reflect2.Type
+	fieldHash1    int64
+	fieldDecoder1 *structFieldDecoder
+	fieldHash2    int64
+	fieldDecoder2 *structFieldDecoder
+}
+
+func (decoder *twoFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type threeFieldsStructDecoder struct {
+	typ           reflect2.Type
+	fieldHash1    int64
+	fieldDecoder1 *structFieldDecoder
+	fieldHash2    int64
+	fieldDecoder2 *structFieldDecoder
+	fieldHash3    int64
+	fieldDecoder3 *structFieldDecoder
+}
+
+func (decoder *threeFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		case decoder.fieldHash3:
+			decoder.fieldDecoder3.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type fourFieldsStructDecoder struct {
+	typ           reflect2.Type
+	fieldHash1    int64
+	fieldDecoder1 *structFieldDecoder
+	fieldHash2    int64
+	fieldDecoder2 *structFieldDecoder
+	fieldHash3    int64
+	fieldDecoder3 *structFieldDecoder
+	fieldHash4    int64
+	fieldDecoder4 *structFieldDecoder
+}
+
+func (decoder *fourFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		case decoder.fieldHash3:
+			decoder.fieldDecoder3.Decode(ptr, iter)
+		case decoder.fieldHash4:
+			decoder.fieldDecoder4.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type fiveFieldsStructDecoder struct {
+	typ           reflect2.Type
+	fieldHash1    int64
+	fieldDecoder1 *structFieldDecoder
+	fieldHash2    int64
+	fieldDecoder2 *structFieldDecoder
+	fieldHash3    int64
+	fieldDecoder3 *structFieldDecoder
+	fieldHash4    int64
+	fieldDecoder4 *structFieldDecoder
+	fieldHash5    int64
+	fieldDecoder5 *structFieldDecoder
+}
+
+func (decoder *fiveFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		case decoder.fieldHash3:
+			decoder.fieldDecoder3.Decode(ptr, iter)
+		case decoder.fieldHash4:
+			decoder.fieldDecoder4.Decode(ptr, iter)
+		case decoder.fieldHash5:
+			decoder.fieldDecoder5.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type sixFieldsStructDecoder struct {
+	typ           reflect2.Type
+	fieldHash1    int64
+	fieldDecoder1 *structFieldDecoder
+	fieldHash2    int64
+	fieldDecoder2 *structFieldDecoder
+	fieldHash3    int64
+	fieldDecoder3 *structFieldDecoder
+	fieldHash4    int64
+	fieldDecoder4 *structFieldDecoder
+	fieldHash5    int64
+	fieldDecoder5 *structFieldDecoder
+	fieldHash6    int64
+	fieldDecoder6 *structFieldDecoder
+}
+
+func (decoder *sixFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		case decoder.fieldHash3:
+			decoder.fieldDecoder3.Decode(ptr, iter)
+		case decoder.fieldHash4:
+			decoder.fieldDecoder4.Decode(ptr, iter)
+		case decoder.fieldHash5:
+			decoder.fieldDecoder5.Decode(ptr, iter)
+		case decoder.fieldHash6:
+			decoder.fieldDecoder6.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type sevenFieldsStructDecoder struct {
+	typ           reflect2.Type
+	fieldHash1    int64
+	fieldDecoder1 *structFieldDecoder
+	fieldHash2    int64
+	fieldDecoder2 *structFieldDecoder
+	fieldHash3    int64
+	fieldDecoder3 *structFieldDecoder
+	fieldHash4    int64
+	fieldDecoder4 *structFieldDecoder
+	fieldHash5    int64
+	fieldDecoder5 *structFieldDecoder
+	fieldHash6    int64
+	fieldDecoder6 *structFieldDecoder
+	fieldHash7    int64
+	fieldDecoder7 *structFieldDecoder
+}
+
+func (decoder *sevenFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		case decoder.fieldHash3:
+			decoder.fieldDecoder3.Decode(ptr, iter)
+		case decoder.fieldHash4:
+			decoder.fieldDecoder4.Decode(ptr, iter)
+		case decoder.fieldHash5:
+			decoder.fieldDecoder5.Decode(ptr, iter)
+		case decoder.fieldHash6:
+			decoder.fieldDecoder6.Decode(ptr, iter)
+		case decoder.fieldHash7:
+			decoder.fieldDecoder7.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type eightFieldsStructDecoder struct {
+	typ           reflect2.Type
+	fieldHash1    int64
+	fieldDecoder1 *structFieldDecoder
+	fieldHash2    int64
+	fieldDecoder2 *structFieldDecoder
+	fieldHash3    int64
+	fieldDecoder3 *structFieldDecoder
+	fieldHash4    int64
+	fieldDecoder4 *structFieldDecoder
+	fieldHash5    int64
+	fieldDecoder5 *structFieldDecoder
+	fieldHash6    int64
+	fieldDecoder6 *structFieldDecoder
+	fieldHash7    int64
+	fieldDecoder7 *structFieldDecoder
+	fieldHash8    int64
+	fieldDecoder8 *structFieldDecoder
+}
+
+func (decoder *eightFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		case decoder.fieldHash3:
+			decoder.fieldDecoder3.Decode(ptr, iter)
+		case decoder.fieldHash4:
+			decoder.fieldDecoder4.Decode(ptr, iter)
+		case decoder.fieldHash5:
+			decoder.fieldDecoder5.Decode(ptr, iter)
+		case decoder.fieldHash6:
+			decoder.fieldDecoder6.Decode(ptr, iter)
+		case decoder.fieldHash7:
+			decoder.fieldDecoder7.Decode(ptr, iter)
+		case decoder.fieldHash8:
+			decoder.fieldDecoder8.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type nineFieldsStructDecoder struct {
+	typ           reflect2.Type
+	fieldHash1    int64
+	fieldDecoder1 *structFieldDecoder
+	fieldHash2    int64
+	fieldDecoder2 *structFieldDecoder
+	fieldHash3    int64
+	fieldDecoder3 *structFieldDecoder
+	fieldHash4    int64
+	fieldDecoder4 *structFieldDecoder
+	fieldHash5    int64
+	fieldDecoder5 *structFieldDecoder
+	fieldHash6    int64
+	fieldDecoder6 *structFieldDecoder
+	fieldHash7    int64
+	fieldDecoder7 *structFieldDecoder
+	fieldHash8    int64
+	fieldDecoder8 *structFieldDecoder
+	fieldHash9    int64
+	fieldDecoder9 *structFieldDecoder
+}
+
+func (decoder *nineFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		case decoder.fieldHash3:
+			decoder.fieldDecoder3.Decode(ptr, iter)
+		case decoder.fieldHash4:
+			decoder.fieldDecoder4.Decode(ptr, iter)
+		case decoder.fieldHash5:
+			decoder.fieldDecoder5.Decode(ptr, iter)
+		case decoder.fieldHash6:
+			decoder.fieldDecoder6.Decode(ptr, iter)
+		case decoder.fieldHash7:
+			decoder.fieldDecoder7.Decode(ptr, iter)
+		case decoder.fieldHash8:
+			decoder.fieldDecoder8.Decode(ptr, iter)
+		case decoder.fieldHash9:
+			decoder.fieldDecoder9.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type tenFieldsStructDecoder struct {
+	typ            reflect2.Type
+	fieldHash1     int64
+	fieldDecoder1  *structFieldDecoder
+	fieldHash2     int64
+	fieldDecoder2  *structFieldDecoder
+	fieldHash3     int64
+	fieldDecoder3  *structFieldDecoder
+	fieldHash4     int64
+	fieldDecoder4  *structFieldDecoder
+	fieldHash5     int64
+	fieldDecoder5  *structFieldDecoder
+	fieldHash6     int64
+	fieldDecoder6  *structFieldDecoder
+	fieldHash7     int64
+	fieldDecoder7  *structFieldDecoder
+	fieldHash8     int64
+	fieldDecoder8  *structFieldDecoder
+	fieldHash9     int64
+	fieldDecoder9  *structFieldDecoder
+	fieldHash10    int64
+	fieldDecoder10 *structFieldDecoder
+}
+
+func (decoder *tenFieldsStructDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	if !iter.readObjectStart() {
+		return
+	}
+	if !iter.incrementDepth() {
+		return
+	}
+	for {
+		switch iter.readFieldHash() {
+		case decoder.fieldHash1:
+			decoder.fieldDecoder1.Decode(ptr, iter)
+		case decoder.fieldHash2:
+			decoder.fieldDecoder2.Decode(ptr, iter)
+		case decoder.fieldHash3:
+			decoder.fieldDecoder3.Decode(ptr, iter)
+		case decoder.fieldHash4:
+			decoder.fieldDecoder4.Decode(ptr, iter)
+		case decoder.fieldHash5:
+			decoder.fieldDecoder5.Decode(ptr, iter)
+		case decoder.fieldHash6:
+			decoder.fieldDecoder6.Decode(ptr, iter)
+		case decoder.fieldHash7:
+			decoder.fieldDecoder7.Decode(ptr, iter)
+		case decoder.fieldHash8:
+			decoder.fieldDecoder8.Decode(ptr, iter)
+		case decoder.fieldHash9:
+			decoder.fieldDecoder9.Decode(ptr, iter)
+		case decoder.fieldHash10:
+			decoder.fieldDecoder10.Decode(ptr, iter)
+		default:
+			iter.Skip()
+		}
+		if iter.isObjectEnd() {
+			break
+		}
+	}
+	if iter.Error != nil && iter.Error != io.EOF && len(decoder.typ.Type1().Name()) != 0 {
+		iter.Error = fmt.Errorf("%v.%s", decoder.typ, iter.Error.Error())
+	}
+	iter.decrementDepth()
+}
+
+type structFieldDecoder struct {
+	field        reflect2.StructField
+	fieldDecoder ValDecoder
+}
+
+func (decoder *structFieldDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	fieldPtr := decoder.field.UnsafeGet(ptr)
+	decoder.fieldDecoder.Decode(fieldPtr, iter)
+	if iter.Error != nil && iter.Error != io.EOF {
+		iter.Error = fmt.Errorf("%s: %s", decoder.field.Name(), iter.Error.Error())
+	}
+}
+
+type stringModeStringDecoder struct {
+	elemDecoder ValDecoder
+	cfg         *frozenConfig
+}
+
+func (decoder *stringModeStringDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	decoder.elemDecoder.Decode(ptr, iter)
+	str := *((*string)(ptr))
+	tempIter := decoder.cfg.BorrowIterator([]byte(str))
+	defer decoder.cfg.ReturnIterator(tempIter)
+	*((*string)(ptr)) = tempIter.ReadString()
+}
+
+type stringModeNumberDecoder struct {
+	elemDecoder ValDecoder
+}
+
+func (decoder *stringModeNumberDecoder) Decode(ptr unsafe.Pointer, iter *Iterator) {
+	c := iter.nextToken()
+	if c != '"' {
+		iter.ReportError("stringModeNumberDecoder", `expect ", but found `+string([]byte{c}))
+		return
+	}
+	decoder.elemDecoder.Decode(ptr, iter)
+	if iter.Error != nil {
+		return
+	}
+	c = iter.readByte()
+	if c != '"' {
+		iter.ReportError("stringModeNumberDecoder", `expect ", but found `+string([]byte{c}))
+		return
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/reflect_struct_encoder.go b/vendor/github.com/json-iterator/go/reflect_struct_encoder.go
new file mode 100644
index 0000000000000..152e3ef5a93c6
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/reflect_struct_encoder.go
@@ -0,0 +1,211 @@
+package jsoniter
+
+import (
+	"fmt"
+	"github.com/modern-go/reflect2"
+	"io"
+	"reflect"
+	"unsafe"
+)
+
+func encoderOfStruct(ctx *ctx, typ reflect2.Type) ValEncoder {
+	type bindingTo struct {
+		binding *Binding
+		toName  string
+		ignored bool
+	}
+	orderedBindings := []*bindingTo{}
+	structDescriptor := describeStruct(ctx, typ)
+	for _, binding := range structDescriptor.Fields {
+		for _, toName := range binding.ToNames {
+			new := &bindingTo{
+				binding: binding,
+				toName:  toName,
+			}
+			for _, old := range orderedBindings {
+				if old.toName != toName {
+					continue
+				}
+				old.ignored, new.ignored = resolveConflictBinding(ctx.frozenConfig, old.binding, new.binding)
+			}
+			orderedBindings = append(orderedBindings, new)
+		}
+	}
+	if len(orderedBindings) == 0 {
+		return &emptyStructEncoder{}
+	}
+	finalOrderedFields := []structFieldTo{}
+	for _, bindingTo := range orderedBindings {
+		if !bindingTo.ignored {
+			finalOrderedFields = append(finalOrderedFields, structFieldTo{
+				encoder: bindingTo.binding.Encoder.(*structFieldEncoder),
+				toName:  bindingTo.toName,
+			})
+		}
+	}
+	return &structEncoder{typ, finalOrderedFields}
+}
+
+func createCheckIsEmpty(ctx *ctx, typ reflect2.Type) checkIsEmpty {
+	encoder := createEncoderOfNative(ctx, typ)
+	if encoder != nil {
+		return encoder
+	}
+	kind := typ.Kind()
+	switch kind {
+	case reflect.Interface:
+		return &dynamicEncoder{typ}
+	case reflect.Struct:
+		return &structEncoder{typ: typ}
+	case reflect.Array:
+		return &arrayEncoder{}
+	case reflect.Slice:
+		return &sliceEncoder{}
+	case reflect.Map:
+		return encoderOfMap(ctx, typ)
+	case reflect.Ptr:
+		return &OptionalEncoder{}
+	default:
+		return &lazyErrorEncoder{err: fmt.Errorf("unsupported type: %v", typ)}
+	}
+}
+
+func resolveConflictBinding(cfg *frozenConfig, old, new *Binding) (ignoreOld, ignoreNew bool) {
+	newTagged := new.Field.Tag().Get(cfg.getTagKey()) != ""
+	oldTagged := old.Field.Tag().Get(cfg.getTagKey()) != ""
+	if newTagged {
+		if oldTagged {
+			if len(old.levels) > len(new.levels) {
+				return true, false
+			} else if len(new.levels) > len(old.levels) {
+				return false, true
+			} else {
+				return true, true
+			}
+		} else {
+			return true, false
+		}
+	} else {
+		if oldTagged {
+			return true, false
+		}
+		if len(old.levels) > len(new.levels) {
+			return true, false
+		} else if len(new.levels) > len(old.levels) {
+			return false, true
+		} else {
+			return true, true
+		}
+	}
+}
+
+type structFieldEncoder struct {
+	field        reflect2.StructField
+	fieldEncoder ValEncoder
+	omitempty    bool
+}
+
+func (encoder *structFieldEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	fieldPtr := encoder.field.UnsafeGet(ptr)
+	encoder.fieldEncoder.Encode(fieldPtr, stream)
+	if stream.Error != nil && stream.Error != io.EOF {
+		stream.Error = fmt.Errorf("%s: %s", encoder.field.Name(), stream.Error.Error())
+	}
+}
+
+func (encoder *structFieldEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	fieldPtr := encoder.field.UnsafeGet(ptr)
+	return encoder.fieldEncoder.IsEmpty(fieldPtr)
+}
+
+func (encoder *structFieldEncoder) IsEmbeddedPtrNil(ptr unsafe.Pointer) bool {
+	isEmbeddedPtrNil, converted := encoder.fieldEncoder.(IsEmbeddedPtrNil)
+	if !converted {
+		return false
+	}
+	fieldPtr := encoder.field.UnsafeGet(ptr)
+	return isEmbeddedPtrNil.IsEmbeddedPtrNil(fieldPtr)
+}
+
+type IsEmbeddedPtrNil interface {
+	IsEmbeddedPtrNil(ptr unsafe.Pointer) bool
+}
+
+type structEncoder struct {
+	typ    reflect2.Type
+	fields []structFieldTo
+}
+
+type structFieldTo struct {
+	encoder *structFieldEncoder
+	toName  string
+}
+
+func (encoder *structEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteObjectStart()
+	isNotFirst := false
+	for _, field := range encoder.fields {
+		if field.encoder.omitempty && field.encoder.IsEmpty(ptr) {
+			continue
+		}
+		if field.encoder.IsEmbeddedPtrNil(ptr) {
+			continue
+		}
+		if isNotFirst {
+			stream.WriteMore()
+		}
+		stream.WriteObjectField(field.toName)
+		field.encoder.Encode(ptr, stream)
+		isNotFirst = true
+	}
+	stream.WriteObjectEnd()
+	if stream.Error != nil && stream.Error != io.EOF {
+		stream.Error = fmt.Errorf("%v.%s", encoder.typ, stream.Error.Error())
+	}
+}
+
+func (encoder *structEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return false
+}
+
+type emptyStructEncoder struct {
+}
+
+func (encoder *emptyStructEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.WriteEmptyObject()
+}
+
+func (encoder *emptyStructEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return false
+}
+
+type stringModeNumberEncoder struct {
+	elemEncoder ValEncoder
+}
+
+func (encoder *stringModeNumberEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	stream.writeByte('"')
+	encoder.elemEncoder.Encode(ptr, stream)
+	stream.writeByte('"')
+}
+
+func (encoder *stringModeNumberEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.elemEncoder.IsEmpty(ptr)
+}
+
+type stringModeStringEncoder struct {
+	elemEncoder ValEncoder
+	cfg         *frozenConfig
+}
+
+func (encoder *stringModeStringEncoder) Encode(ptr unsafe.Pointer, stream *Stream) {
+	tempStream := encoder.cfg.BorrowStream(nil)
+	tempStream.Attachment = stream.Attachment
+	defer encoder.cfg.ReturnStream(tempStream)
+	encoder.elemEncoder.Encode(ptr, tempStream)
+	stream.WriteString(string(tempStream.Buffer()))
+}
+
+func (encoder *stringModeStringEncoder) IsEmpty(ptr unsafe.Pointer) bool {
+	return encoder.elemEncoder.IsEmpty(ptr)
+}
diff --git a/vendor/github.com/json-iterator/go/stream.go b/vendor/github.com/json-iterator/go/stream.go
new file mode 100644
index 0000000000000..23d8a3ad6b126
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/stream.go
@@ -0,0 +1,210 @@
+package jsoniter
+
+import (
+	"io"
+)
+
+// stream is a io.Writer like object, with JSON specific write functions.
+// Error is not returned as return value, but stored as Error member on this stream instance.
+type Stream struct {
+	cfg        *frozenConfig
+	out        io.Writer
+	buf        []byte
+	Error      error
+	indention  int
+	Attachment interface{} // open for customized encoder
+}
+
+// NewStream create new stream instance.
+// cfg can be jsoniter.ConfigDefault.
+// out can be nil if write to internal buffer.
+// bufSize is the initial size for the internal buffer in bytes.
+func NewStream(cfg API, out io.Writer, bufSize int) *Stream {
+	return &Stream{
+		cfg:       cfg.(*frozenConfig),
+		out:       out,
+		buf:       make([]byte, 0, bufSize),
+		Error:     nil,
+		indention: 0,
+	}
+}
+
+// Pool returns a pool can provide more stream with same configuration
+func (stream *Stream) Pool() StreamPool {
+	return stream.cfg
+}
+
+// Reset reuse this stream instance by assign a new writer
+func (stream *Stream) Reset(out io.Writer) {
+	stream.out = out
+	stream.buf = stream.buf[:0]
+}
+
+// Available returns how many bytes are unused in the buffer.
+func (stream *Stream) Available() int {
+	return cap(stream.buf) - len(stream.buf)
+}
+
+// Buffered returns the number of bytes that have been written into the current buffer.
+func (stream *Stream) Buffered() int {
+	return len(stream.buf)
+}
+
+// Buffer if writer is nil, use this method to take the result
+func (stream *Stream) Buffer() []byte {
+	return stream.buf
+}
+
+// SetBuffer allows to append to the internal buffer directly
+func (stream *Stream) SetBuffer(buf []byte) {
+	stream.buf = buf
+}
+
+// Write writes the contents of p into the buffer.
+// It returns the number of bytes written.
+// If nn < len(p), it also returns an error explaining
+// why the write is short.
+func (stream *Stream) Write(p []byte) (nn int, err error) {
+	stream.buf = append(stream.buf, p...)
+	if stream.out != nil {
+		nn, err = stream.out.Write(stream.buf)
+		stream.buf = stream.buf[nn:]
+		return
+	}
+	return len(p), nil
+}
+
+// WriteByte writes a single byte.
+func (stream *Stream) writeByte(c byte) {
+	stream.buf = append(stream.buf, c)
+}
+
+func (stream *Stream) writeTwoBytes(c1 byte, c2 byte) {
+	stream.buf = append(stream.buf, c1, c2)
+}
+
+func (stream *Stream) writeThreeBytes(c1 byte, c2 byte, c3 byte) {
+	stream.buf = append(stream.buf, c1, c2, c3)
+}
+
+func (stream *Stream) writeFourBytes(c1 byte, c2 byte, c3 byte, c4 byte) {
+	stream.buf = append(stream.buf, c1, c2, c3, c4)
+}
+
+func (stream *Stream) writeFiveBytes(c1 byte, c2 byte, c3 byte, c4 byte, c5 byte) {
+	stream.buf = append(stream.buf, c1, c2, c3, c4, c5)
+}
+
+// Flush writes any buffered data to the underlying io.Writer.
+func (stream *Stream) Flush() error {
+	if stream.out == nil {
+		return nil
+	}
+	if stream.Error != nil {
+		return stream.Error
+	}
+	_, err := stream.out.Write(stream.buf)
+	if err != nil {
+		if stream.Error == nil {
+			stream.Error = err
+		}
+		return err
+	}
+	stream.buf = stream.buf[:0]
+	return nil
+}
+
+// WriteRaw write string out without quotes, just like []byte
+func (stream *Stream) WriteRaw(s string) {
+	stream.buf = append(stream.buf, s...)
+}
+
+// WriteNil write null to stream
+func (stream *Stream) WriteNil() {
+	stream.writeFourBytes('n', 'u', 'l', 'l')
+}
+
+// WriteTrue write true to stream
+func (stream *Stream) WriteTrue() {
+	stream.writeFourBytes('t', 'r', 'u', 'e')
+}
+
+// WriteFalse write false to stream
+func (stream *Stream) WriteFalse() {
+	stream.writeFiveBytes('f', 'a', 'l', 's', 'e')
+}
+
+// WriteBool write true or false into stream
+func (stream *Stream) WriteBool(val bool) {
+	if val {
+		stream.WriteTrue()
+	} else {
+		stream.WriteFalse()
+	}
+}
+
+// WriteObjectStart write { with possible indention
+func (stream *Stream) WriteObjectStart() {
+	stream.indention += stream.cfg.indentionStep
+	stream.writeByte('{')
+	stream.writeIndention(0)
+}
+
+// WriteObjectField write "field": with possible indention
+func (stream *Stream) WriteObjectField(field string) {
+	stream.WriteString(field)
+	if stream.indention > 0 {
+		stream.writeTwoBytes(':', ' ')
+	} else {
+		stream.writeByte(':')
+	}
+}
+
+// WriteObjectEnd write } with possible indention
+func (stream *Stream) WriteObjectEnd() {
+	stream.writeIndention(stream.cfg.indentionStep)
+	stream.indention -= stream.cfg.indentionStep
+	stream.writeByte('}')
+}
+
+// WriteEmptyObject write {}
+func (stream *Stream) WriteEmptyObject() {
+	stream.writeByte('{')
+	stream.writeByte('}')
+}
+
+// WriteMore write , with possible indention
+func (stream *Stream) WriteMore() {
+	stream.writeByte(',')
+	stream.writeIndention(0)
+}
+
+// WriteArrayStart write [ with possible indention
+func (stream *Stream) WriteArrayStart() {
+	stream.indention += stream.cfg.indentionStep
+	stream.writeByte('[')
+	stream.writeIndention(0)
+}
+
+// WriteEmptyArray write []
+func (stream *Stream) WriteEmptyArray() {
+	stream.writeTwoBytes('[', ']')
+}
+
+// WriteArrayEnd write ] with possible indention
+func (stream *Stream) WriteArrayEnd() {
+	stream.writeIndention(stream.cfg.indentionStep)
+	stream.indention -= stream.cfg.indentionStep
+	stream.writeByte(']')
+}
+
+func (stream *Stream) writeIndention(delta int) {
+	if stream.indention == 0 {
+		return
+	}
+	stream.writeByte('\n')
+	toWrite := stream.indention - delta
+	for i := 0; i < toWrite; i++ {
+		stream.buf = append(stream.buf, ' ')
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/stream_float.go b/vendor/github.com/json-iterator/go/stream_float.go
new file mode 100644
index 0000000000000..826aa594ac6f3
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/stream_float.go
@@ -0,0 +1,111 @@
+package jsoniter
+
+import (
+	"fmt"
+	"math"
+	"strconv"
+)
+
+var pow10 []uint64
+
+func init() {
+	pow10 = []uint64{1, 10, 100, 1000, 10000, 100000, 1000000}
+}
+
+// WriteFloat32 write float32 to stream
+func (stream *Stream) WriteFloat32(val float32) {
+	if math.IsInf(float64(val), 0) || math.IsNaN(float64(val)) {
+		stream.Error = fmt.Errorf("unsupported value: %f", val)
+		return
+	}
+	abs := math.Abs(float64(val))
+	fmt := byte('f')
+	// Note: Must use float32 comparisons for underlying float32 value to get precise cutoffs right.
+	if abs != 0 {
+		if float32(abs) < 1e-6 || float32(abs) >= 1e21 {
+			fmt = 'e'
+		}
+	}
+	stream.buf = strconv.AppendFloat(stream.buf, float64(val), fmt, -1, 32)
+}
+
+// WriteFloat32Lossy write float32 to stream with ONLY 6 digits precision although much much faster
+func (stream *Stream) WriteFloat32Lossy(val float32) {
+	if math.IsInf(float64(val), 0) || math.IsNaN(float64(val)) {
+		stream.Error = fmt.Errorf("unsupported value: %f", val)
+		return
+	}
+	if val < 0 {
+		stream.writeByte('-')
+		val = -val
+	}
+	if val > 0x4ffffff {
+		stream.WriteFloat32(val)
+		return
+	}
+	precision := 6
+	exp := uint64(1000000) // 6
+	lval := uint64(float64(val)*float64(exp) + 0.5)
+	stream.WriteUint64(lval / exp)
+	fval := lval % exp
+	if fval == 0 {
+		return
+	}
+	stream.writeByte('.')
+	for p := precision - 1; p > 0 && fval < pow10[p]; p-- {
+		stream.writeByte('0')
+	}
+	stream.WriteUint64(fval)
+	for stream.buf[len(stream.buf)-1] == '0' {
+		stream.buf = stream.buf[:len(stream.buf)-1]
+	}
+}
+
+// WriteFloat64 write float64 to stream
+func (stream *Stream) WriteFloat64(val float64) {
+	if math.IsInf(val, 0) || math.IsNaN(val) {
+		stream.Error = fmt.Errorf("unsupported value: %f", val)
+		return
+	}
+	abs := math.Abs(val)
+	fmt := byte('f')
+	// Note: Must use float32 comparisons for underlying float32 value to get precise cutoffs right.
+	if abs != 0 {
+		if abs < 1e-6 || abs >= 1e21 {
+			fmt = 'e'
+		}
+	}
+	stream.buf = strconv.AppendFloat(stream.buf, float64(val), fmt, -1, 64)
+}
+
+// WriteFloat64Lossy write float64 to stream with ONLY 6 digits precision although much much faster
+func (stream *Stream) WriteFloat64Lossy(val float64) {
+	if math.IsInf(val, 0) || math.IsNaN(val) {
+		stream.Error = fmt.Errorf("unsupported value: %f", val)
+		return
+	}
+	if val < 0 {
+		stream.writeByte('-')
+		val = -val
+	}
+	if val > 0x4ffffff {
+		stream.WriteFloat64(val)
+		return
+	}
+	precision := 6
+	exp := uint64(1000000) // 6
+	lval := uint64(val*float64(exp) + 0.5)
+	stream.WriteUint64(lval / exp)
+	fval := lval % exp
+	if fval == 0 {
+		return
+	}
+	stream.writeByte('.')
+	for p := precision - 1; p > 0 && fval < pow10[p]; p-- {
+		stream.writeByte('0')
+	}
+	stream.WriteUint64(fval)
+	for stream.buf[len(stream.buf)-1] == '0' {
+		stream.buf = stream.buf[:len(stream.buf)-1]
+	}
+}
diff --git a/vendor/github.com/json-iterator/go/stream_int.go b/vendor/github.com/json-iterator/go/stream_int.go
new file mode 100644
index 0000000000000..d1059ee4c20e3
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/stream_int.go
@@ -0,0 +1,190 @@
+package jsoniter
+
+var digits []uint32
+
+func init() {
+	digits = make([]uint32, 1000)
+	for i := uint32(0); i < 1000; i++ {
+		digits[i] = (((i / 100) + '0') << 16) + ((((i / 10) % 10) + '0') << 8) + i%10 + '0'
+		if i < 10 {
+			digits[i] += 2 << 24
+		} else if i < 100 {
+			digits[i] += 1 << 24
+		}
+	}
+}
+
+func writeFirstBuf(space []byte, v uint32) []byte {
+	start := v >> 24
+	if start == 0 {
+		space = append(space, byte(v>>16), byte(v>>8))
+	} else if start == 1 {
+		space = append(space, byte(v>>8))
+	}
+	space = append(space, byte(v))
+	return space
+}
+
+func writeBuf(buf []byte, v uint32) []byte {
+	return append(buf, byte(v>>16), byte(v>>8), byte(v))
+}
+
+// WriteUint8 write uint8 to stream
+func (stream *Stream) WriteUint8(val uint8) {
+	stream.buf = writeFirstBuf(stream.buf, digits[val])
+}
+
+// WriteInt8 write int8 to stream
+func (stream *Stream) WriteInt8(nval int8) {
+	var val uint8
+	if nval < 0 {
+		val = uint8(-nval)
+		stream.buf = append(stream.buf, '-')
+	} else {
+		val = uint8(nval)
+	}
+	stream.buf = writeFirstBuf(stream.buf, digits[val])
+}
+
+// WriteUint16 write uint16 to stream
+func (stream *Stream) WriteUint16(val uint16) {
+	q1 := val / 1000
+	if q1 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[val])
+		return
+	}
+	r1 := val - q1*1000
+	stream.buf = writeFirstBuf(stream.buf, digits[q1])
+	stream.buf = writeBuf(stream.buf, digits[r1])
+	return
+}
+
+// WriteInt16 write int16 to stream
+func (stream *Stream) WriteInt16(nval int16) {
+	var val uint16
+	if nval < 0 {
+		val = uint16(-nval)
+		stream.buf = append(stream.buf, '-')
+	} else {
+		val = uint16(nval)
+	}
+	stream.WriteUint16(val)
+}
+
+// WriteUint32 write uint32 to stream
+func (stream *Stream) WriteUint32(val uint32) {
+	q1 := val / 1000
+	if q1 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[val])
+		return
+	}
+	r1 := val - q1*1000
+	q2 := q1 / 1000
+	if q2 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[q1])
+		stream.buf = writeBuf(stream.buf, digits[r1])
+		return
+	}
+	r2 := q1 - q2*1000
+	q3 := q2 / 1000
+	if q3 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[q2])
+	} else {
+		r3 := q2 - q3*1000
+		stream.buf = append(stream.buf, byte(q3+'0'))
+		stream.buf = writeBuf(stream.buf, digits[r3])
+	}
+	stream.buf = writeBuf(stream.buf, digits[r2])
+	stream.buf = writeBuf(stream.buf, digits[r1])
+}
+
+// WriteInt32 write int32 to stream
+func (stream *Stream) WriteInt32(nval int32) {
+	var val uint32
+	if nval < 0 {
+		val = uint32(-nval)
+		stream.buf = append(stream.buf, '-')
+	} else {
+		val = uint32(nval)
+	}
+	stream.WriteUint32(val)
+}
+
+// WriteUint64 write uint64 to stream
+func (stream *Stream) WriteUint64(val uint64) {
+	q1 := val / 1000
+	if q1 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[val])
+		return
+	}
+	r1 := val - q1*1000
+	q2 := q1 / 1000
+	if q2 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[q1])
+		stream.buf = writeBuf(stream.buf, digits[r1])
+		return
+	}
+	r2 := q1 - q2*1000
+	q3 := q2 / 1000
+	if q3 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[q2])
+		stream.buf = writeBuf(stream.buf, digits[r2])
+		stream.buf = writeBuf(stream.buf, digits[r1])
+		return
+	}
+	r3 := q2 - q3*1000
+	q4 := q3 / 1000
+	if q4 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[q3])
+		stream.buf = writeBuf(stream.buf, digits[r3])
+		stream.buf = writeBuf(stream.buf, digits[r2])
+		stream.buf = writeBuf(stream.buf, digits[r1])
+		return
+	}
+	r4 := q3 - q4*1000
+	q5 := q4 / 1000
+	if q5 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[q4])
+		stream.buf = writeBuf(stream.buf, digits[r4])
+		stream.buf = writeBuf(stream.buf, digits[r3])
+		stream.buf = writeBuf(stream.buf, digits[r2])
+		stream.buf = writeBuf(stream.buf, digits[r1])
+		return
+	}
+	r5 := q4 - q5*1000
+	q6 := q5 / 1000
+	if q6 == 0 {
+		stream.buf = writeFirstBuf(stream.buf, digits[q5])
+	} else {
+		stream.buf = writeFirstBuf(stream.buf, digits[q6])
+		r6 := q5 - q6*1000
+		stream.buf = writeBuf(stream.buf, digits[r6])
+	}
+	stream.buf = writeBuf(stream.buf, digits[r5])
+	stream.buf = writeBuf(stream.buf, digits[r4])
+	stream.buf = writeBuf(stream.buf, digits[r3])
+	stream.buf = writeBuf(stream.buf, digits[r2])
+	stream.buf = writeBuf(stream.buf, digits[r1])
+}
+
+// WriteInt64 write int64 to stream
+func (stream *Stream) WriteInt64(nval int64) {
+	var val uint64
+	if nval < 0 {
+		val = uint64(-nval)
+		stream.buf = append(stream.buf, '-')
+	} else {
+		val = uint64(nval)
+	}
+	stream.WriteUint64(val)
+}
+
+// WriteInt write int to stream
+func (stream *Stream) WriteInt(val int) {
+	stream.WriteInt64(int64(val))
+}
+
+// WriteUint write uint to stream
+func (stream *Stream) WriteUint(val uint) {
+	stream.WriteUint64(uint64(val))
+}
diff --git a/vendor/github.com/json-iterator/go/stream_str.go b/vendor/github.com/json-iterator/go/stream_str.go
new file mode 100644
index 0000000000000..54c2ba0b3a2d9
--- /dev/null
+++ b/vendor/github.com/json-iterator/go/stream_str.go
@@ -0,0 +1,372 @@
+package jsoniter
+
+import (
+	"unicode/utf8"
+)
+
+// htmlSafeSet holds the value true if the ASCII character with the given
+// array position can be safely represented inside a JSON string, embedded
+// inside of HTML <script> tags, without any additional escaping.
+//
+// All values are true except for the ASCII control characters (0-31), the
+// double quote ("), the backslash character ("\"), HTML opening and closing
+// tags ("<" and ">"), and the ampersand ("&").
+var htmlSafeSet = [utf8.RuneSelf]bool{
+	' ':      true,
+	'!':      true,
+	'"':      false,
+	'#':      true,
+	'$':      true,
+	'%':      true,
+	'&':      false,
+	'\'':     true,
+	'(':      true,
+	')':      true,
+	'*':      true,
+	'+':      true,
+	',':      true,
+	'-':      true,
+	'.':      true,
+	'/':      true,
+	'0':      true,
+	'1':      true,
+	'2':      true,
+	'3':      true,
+	'4':      true,
+	'5':      true,
+	'6':      true,
+	'7':      true,
+	'8':      true,
+	'9':      true,
+	':':      true,
+	';':      true,
+	'<':      false,
+	'=':      true,
+	'>':      false,
+	'?':      true,
+	'@':      true,
+	'A':      true,
+	'B':      true,
+	'C':      true,
+	'D':      true,
+	'E':      true,
+	'F':      true,
+	'G':      true,
+	'H':      true,
+	'I':      true,
+	'J':      true,
+	'K':      true,
+	'L':      true,
+	'M':      true,
+	'N':      true,
+	'O':      true,
+	'P':      true,
+	'Q':      true,
+	'R':      true,
+	'S':      true,
+	'T':      true,
+	'U':      true,
+	'V':      true,
+	'W':      true,
+	'X':      true,
+	'Y':      true,
+	'Z':      true,
+	'[':      true,
+	'\\':     false,
+	']':      true,
+	'^':      true,
+	'_':      true,
+	'`':      true,
+	'a':      true,
+	'b':      true,
+	'c':      true,
+	'd':      true,
+	'e':      true,
+	'f':      true,
+	'g':      true,
+	'h':      true,
+	'i':      true,
+	'j':      true,
+	'k':      true,
+	'l':      true,
+	'm':      true,
+	'n':      true,
+	'o':      true,
+	'p':      true,
+	'q':      true,
+	'r':      true,
+	's':      true,
+	't':      true,
+	'u':      true,
+	'v':      true,
+	'w':      true,
+	'x':      true,
+	'y':      true,
+	'z':      true,
+	'{':      true,
+	'|':      true,
+	'}':      true,
+	'~':      true,
+	'\u007f': true,
+}
+
+// safeSet holds the value true if the ASCII character with the given array
+// position can be represented inside a JSON string without any further
+// escaping.
+//
+// All values are true except for the ASCII control characters (0-31), the
+// double quote ("), and the backslash character ("\").
+var safeSet = [utf8.RuneSelf]bool{
+	' ':      true,
+	'!':      true,
+	'"':      false,
+	'#':      true,
+	'$':      true,
+	'%':      true,
+	'&':      true,
+	'\'':     true,
+	'(':      true,
+	')':      true,
+	'*':      true,
+	'+':      true,
+	',':      true,
+	'-':      true,
+	'.':      true,
+	'/':      true,
+	'0':      true,
+	'1':      true,
+	'2':      true,
+	'3':      true,
+	'4':      true,
+	'5':      true,
+	'6':      true,
+	'7':      true,
+	'8':      true,
+	'9':      true,
+	':':      true,
+	';':      true,
+	'<':      true,
+	'=':      true,
+	'>':      true,
+	'?':      true,
+	'@':      true,
+	'A':      true,
+	'B':      true,
+	'C':      true,
+	'D':      true,
+	'E':      true,
+	'F':      true,
+	'G':      true,
+	'H':      true,
+	'I':      true,
+	'J':      true,
+	'K':      true,
+	'L':      true,
+	'M':      true,
+	'N':      true,
+	'O':      true,
+	'P':      true,
+	'Q':      true,
+	'R':      true,
+	'S':      true,
+	'T':      true,
+	'U':      true,
+	'V':      true,
+	'W':      true,
+	'X':      true,
+	'Y':      true,
+	'Z':      true,
+	'[':      true,
+	'\\':     false,
+	']':      true,
+	'^':      true,
+	'_':      true,
+	'`':      true,
+	'a':      true,
+	'b':      true,
+	'c':      true,
+	'd':      true,
+	'e':      true,
+	'f':      true,
+	'g':      true,
+	'h':      true,
+	'i':      true,
+	'j':      true,
+	'k':      true,
+	'l':      true,
+	'm':      true,
+	'n':      true,
+	'o':      true,
+	'p':      true,
+	'q':      true,
+	'r':      true,
+	's':      true,
+	't':      true,
+	'u':      true,
+	'v':      true,
+	'w':      true,
+	'x':      true,
+	'y':      true,
+	'z':      true,
+	'{':      true,
+	'|':      true,
+	'}':      true,
+	'~':      true,
+	'\u007f': true,
+}
+
+var hex = "0123456789abcdef"
+
+// WriteStringWithHTMLEscaped write string to stream with html special characters escaped
+func (stream *Stream) WriteStringWithHTMLEscaped(s string) {
+	valLen := len(s)
+	stream.buf = append(stream.buf, '"')
+	// write string, the fast path, without utf8 and escape support
+	i := 0
+	for ; i < valLen; i++ {
+		c := s[i]
+		if c < utf8.RuneSelf && htmlSafeSet[c] {
+			stream.buf = append(stream.buf, c)
+		} else {
+			break
+		}
+	}
+	if i == valLen {
+		stream.buf = append(stream.buf, '"')
+		return
+	}
+	writeStringSlowPathWithHTMLEscaped(stream, i, s, valLen)
+}
+
+func writeStringSlowPathWithHTMLEscaped(stream *Stream, i int, s string, valLen int) {
+	start := i
+	// for the remaining parts, we process them char by char
+	for i < valLen {
+		if b := s[i]; b < utf8.RuneSelf {
+			if htmlSafeSet[b] {
+				i++
+				continue
+			}
+			if start < i {
+				stream.WriteRaw(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				stream.writeTwoBytes('\\', b)
+			case '\n':
+				stream.writeTwoBytes('\\', 'n')
+			case '\r':
+				stream.writeTwoBytes('\\', 'r')
+			case '\t':
+				stream.writeTwoBytes('\\', 't')
+			default:
+				// This encodes bytes < 0x20 except for \t, \n and \r.
+				// If escapeHTML is set, it also escapes <, >, and &
+				// because they can lead to security holes when
+				// user-controlled strings are rendered into JSON
+				// and served to some browsers.
+				stream.WriteRaw(`\u00`)
+				stream.writeTwoBytes(hex[b>>4], hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				stream.WriteRaw(s[start:i])
+			}
+			stream.WriteRaw(`\ufffd`)
+			i++
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				stream.WriteRaw(s[start:i])
+			}
+			stream.WriteRaw(`\u202`)
+			stream.writeByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		stream.WriteRaw(s[start:])
+	}
+	stream.writeByte('"')
+}
+
+// WriteString write string to stream without html escape
+func (stream *Stream) WriteString(s string) {
+	valLen := len(s)
+	stream.buf = append(stream.buf, '"')
+	// write string, the fast path, without utf8 and escape support
+	i := 0
+	for ; i < valLen; i++ {
+		c := s[i]
+		if c > 31 && c != '"' && c != '\\' {
+			stream.buf = append(stream.buf, c)
+		} else {
+			break
+		}
+	}
+	if i == valLen {
+		stream.buf = append(stream.buf, '"')
+		return
+	}
+	writeStringSlowPath(stream, i, s, valLen)
+}
+
+func writeStringSlowPath(stream *Stream, i int, s string, valLen int) {
+	start := i
+	// for the remaining parts, we process them char by char
+	for i < valLen {
+		if b := s[i]; b < utf8.RuneSelf {
+			if safeSet[b] {
+				i++
+				continue
+			}
+			if start < i {
+				stream.WriteRaw(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				stream.writeTwoBytes('\\', b)
+			case '\n':
+				stream.writeTwoBytes('\\', 'n')
+			case '\r':
+				stream.writeTwoBytes('\\', 'r')
+			case '\t':
+				stream.writeTwoBytes('\\', 't')
+			default:
+				// This encodes bytes < 0x20 except for \t, \n and \r.
+				// If escapeHTML is set, it also escapes <, >, and &
+				// because they can lead to security holes when
+				// user-controlled strings are rendered into JSON
+				// and served to some browsers.
+				stream.WriteRaw(`\u00`)
+				stream.writeTwoBytes(hex[b>>4], hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		i++
+		continue
+	}
+	if start < len(s) {
+		stream.WriteRaw(s[start:])
+	}
+	stream.writeByte('"')
+}
diff --git a/vendor/github.com/klauspost/compress/LICENSE b/vendor/github.com/klauspost/compress/LICENSE
new file mode 100644
index 0000000000000..1eb75ef68e448
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/LICENSE
@@ -0,0 +1,28 @@
+Copyright (c) 2012 The Go Authors. All rights reserved.
+Copyright (c) 2019 Klaus Post. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md
new file mode 100644
index 0000000000000..b6c512653b630
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/README.md
@@ -0,0 +1,384 @@
+# compress
+
+This package provides various compression algorithms.
+
+* [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and decompression in pure Go.
+* [S2](https://github.com/klauspost/compress/tree/master/s2#s2-compression) is a high performance replacement for Snappy.
+* Optimized [deflate](https://godoc.org/github.com/klauspost/compress/flate) packages which can be used as a dropin replacement for [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip) and [zlib](https://godoc.org/github.com/klauspost/compress/zlib).
+* [huff0](https://github.com/klauspost/compress/tree/master/huff0) and [FSE](https://github.com/klauspost/compress/tree/master/fse) implementations for raw entropy encoding.
+* [pgzip](https://github.com/klauspost/pgzip) is a separate package that provides a very fast parallel gzip implementation.
+* [fuzz package](https://github.com/klauspost/compress-fuzz) for fuzz testing all compressors/decompressors here.
+
+[![Go Reference](https://pkg.go.dev/badge/klauspost/compress.svg)](https://pkg.go.dev/github.com/klauspost/compress?tab=subdirectories)
+[![Build Status](https://travis-ci.org/klauspost/compress.svg?branch=master)](https://travis-ci.org/klauspost/compress)
+[![Sourcegraph Badge](https://sourcegraph.com/github.com/klauspost/compress/-/badge.svg)](https://sourcegraph.com/github.com/klauspost/compress?badge)
+
+# changelog
+
+* Mar 26, 2021 (v1.11.13)
+	* zstd: Big speedup on small dictionary encodes [#344](https://github.com/klauspost/compress/pull/344) [#345](https://github.com/klauspost/compress/pull/345)
+	* zstd: Add [WithLowerEncoderMem](https://pkg.go.dev/github.com/klauspost/compress/zstd#WithLowerEncoderMem) encoder option [#336](https://github.com/klauspost/compress/pull/336)
+	* deflate: Improve entropy compression [#338](https://github.com/klauspost/compress/pull/338)
+	* s2: Clean up and minor performance improvement in best [#341](https://github.com/klauspost/compress/pull/341)
+
+* Mar 5, 2021 (v1.11.12)
+	* s2: Add `s2sx` binary that creates [self extracting archives](https://github.com/klauspost/compress/tree/master/s2#s2sx-self-extracting-archives).
+	* s2: Speed up decompression on non-assembly platforms [#328](https://github.com/klauspost/compress/pull/328)
+
+* Mar 1, 2021 (v1.11.9)
+	* s2: Add ARM64 decompression assembly. Around 2x output speed. [#324](https://github.com/klauspost/compress/pull/324)
+	* s2: Improve "better" speed and efficiency. [#325](https://github.com/klauspost/compress/pull/325)
+	* s2: Fix binaries.
+
+* Feb 25, 2021 (v1.11.8)
+	* s2: Fixed occational out-of-bounds write on amd64. Upgrade recommended.
+	* s2: Add AMD64 assembly for better mode. 25-50% faster. [#315](https://github.com/klauspost/compress/pull/315)
+	* s2: Less upfront decoder allocation. [#322](https://github.com/klauspost/compress/pull/322)
+	* zstd: Faster "compression" of incompressible data. [#314](https://github.com/klauspost/compress/pull/314)
+	* zip: Fix zip64 headers. [#313](https://github.com/klauspost/compress/pull/313)
+  
+* Jan 14, 2021 (v1.11.7)
+	* Use Bytes() interface to get bytes across packages. [#309](https://github.com/klauspost/compress/pull/309)
+	* s2: Add 'best' compression option.  [#310](https://github.com/klauspost/compress/pull/310)
+	* s2: Add ReaderMaxBlockSize, changes `s2.NewReader` signature to include varargs. [#311](https://github.com/klauspost/compress/pull/311)
+	* s2: Fix crash on small better buffers. [#308](https://github.com/klauspost/compress/pull/308)
+	* s2: Clean up decoder. [#312](https://github.com/klauspost/compress/pull/312)
+
+* Jan 7, 2021 (v1.11.6)
+	* zstd: Make decoder allocations smaller [#306](https://github.com/klauspost/compress/pull/306)
+	* zstd: Free Decoder resources when Reset is called with a nil io.Reader  [#305](https://github.com/klauspost/compress/pull/305)
+
+* Dec 20, 2020 (v1.11.4)
+	* zstd: Add Best compression mode [#304](https://github.com/klauspost/compress/pull/304)
+	* Add header decoder [#299](https://github.com/klauspost/compress/pull/299)
+	* s2: Add uncompressed stream option [#297](https://github.com/klauspost/compress/pull/297)
+	* Simplify/speed up small blocks with known max size. [#300](https://github.com/klauspost/compress/pull/300)
+	* zstd: Always reset literal dict encoder [#303](https://github.com/klauspost/compress/pull/303)
+
+* Nov 15, 2020 (v1.11.3)
+	* inflate: 10-15% faster decompression  [#293](https://github.com/klauspost/compress/pull/293)
+	* zstd: Tweak DecodeAll default allocation [#295](https://github.com/klauspost/compress/pull/295)
+
+* Oct 11, 2020 (v1.11.2)
+	* s2: Fix out of bounds read in "better" block compression [#291](https://github.com/klauspost/compress/pull/291)
+
+* Oct 1, 2020 (v1.11.1)
+	* zstd: Set allLitEntropy true in default configuration [#286](https://github.com/klauspost/compress/pull/286)
+
+* Sept 8, 2020 (v1.11.0)
+	* zstd: Add experimental compression [dictionaries](https://github.com/klauspost/compress/tree/master/zstd#dictionaries) [#281](https://github.com/klauspost/compress/pull/281)
+	* zstd: Fix mixed Write and ReadFrom calls [#282](https://github.com/klauspost/compress/pull/282)
+	* inflate/gz: Limit variable shifts, ~5% faster decompression [#274](https://github.com/klauspost/compress/pull/274)
+
+<details>
+	<summary>See changes prior to v1.11.0</summary>
+ 
+* July 8, 2020 (v1.10.11) 
+	* zstd: Fix extra block when compressing with ReadFrom. [#278](https://github.com/klauspost/compress/pull/278)
+	* huff0: Also populate compression table when reading decoding table. [#275](https://github.com/klauspost/compress/pull/275)
+	
+* June 23, 2020 (v1.10.10) 
+	* zstd: Skip entropy compression in fastest mode when no matches. [#270](https://github.com/klauspost/compress/pull/270)
+	
+* June 16, 2020 (v1.10.9): 
+	* zstd: API change for specifying dictionaries. See [#268](https://github.com/klauspost/compress/pull/268)
+	* zip: update CreateHeaderRaw to handle zip64 fields. [#266](https://github.com/klauspost/compress/pull/266)
+	* Fuzzit tests removed. The service has been purchased and is no longer available.
+	
+* June 5, 2020 (v1.10.8): 
+	* 1.15x faster zstd block decompression. [#265](https://github.com/klauspost/compress/pull/265)
+	
+* June 1, 2020 (v1.10.7): 
+	* Added zstd decompression [dictionary support](https://github.com/klauspost/compress/tree/master/zstd#dictionaries)
+	* Increase zstd decompression speed up to 1.19x.  [#259](https://github.com/klauspost/compress/pull/259)
+	* Remove internal reset call in zstd compression and reduce allocations. [#263](https://github.com/klauspost/compress/pull/263)
+	
+* May 21, 2020: (v1.10.6) 
+	* zstd: Reduce allocations while decoding. [#258](https://github.com/klauspost/compress/pull/258), [#252](https://github.com/klauspost/compress/pull/252)
+	* zstd: Stricter decompression checks.
+	
+* April 12, 2020: (v1.10.5)
+	* s2-commands: Flush output when receiving SIGINT. [#239](https://github.com/klauspost/compress/pull/239)
+	
+* Apr 8, 2020: (v1.10.4) 
+	* zstd: Minor/special case optimizations. [#251](https://github.com/klauspost/compress/pull/251),  [#250](https://github.com/klauspost/compress/pull/250),  [#249](https://github.com/klauspost/compress/pull/249),  [#247](https://github.com/klauspost/compress/pull/247)
+* Mar 11, 2020: (v1.10.3) 
+	* s2: Use S2 encoder in pure Go mode for Snappy output as well. [#245](https://github.com/klauspost/compress/pull/245)
+	* s2: Fix pure Go block encoder. [#244](https://github.com/klauspost/compress/pull/244)
+	* zstd: Added "better compression" mode. [#240](https://github.com/klauspost/compress/pull/240)
+	* zstd: Improve speed of fastest compression mode by 5-10% [#241](https://github.com/klauspost/compress/pull/241)
+	* zstd: Skip creating encoders when not needed. [#238](https://github.com/klauspost/compress/pull/238)
+	
+* Feb 27, 2020: (v1.10.2) 
+	* Close to 50% speedup in inflate (gzip/zip decompression). [#236](https://github.com/klauspost/compress/pull/236) [#234](https://github.com/klauspost/compress/pull/234) [#232](https://github.com/klauspost/compress/pull/232)
+	* Reduce deflate level 1-6 memory usage up to 59%. [#227](https://github.com/klauspost/compress/pull/227)
+	
+* Feb 18, 2020: (v1.10.1)
+	* Fix zstd crash when resetting multiple times without sending data. [#226](https://github.com/klauspost/compress/pull/226)
+	* deflate: Fix dictionary use on level 1-6. [#224](https://github.com/klauspost/compress/pull/224)
+	* Remove deflate writer reference when closing. [#224](https://github.com/klauspost/compress/pull/224)
+	
+* Feb 4, 2020: (v1.10.0) 
+	* Add optional dictionary to [stateless deflate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc#StatelessDeflate). Breaking change, send `nil` for previous behaviour. [#216](https://github.com/klauspost/compress/pull/216)
+	* Fix buffer overflow on repeated small block deflate.  [#218](https://github.com/klauspost/compress/pull/218)
+	* Allow copying content from an existing ZIP file without decompressing+compressing. [#214](https://github.com/klauspost/compress/pull/214)
+	* Added [S2](https://github.com/klauspost/compress/tree/master/s2#s2-compression) AMD64 assembler and various optimizations. Stream speed >10GB/s.  [#186](https://github.com/klauspost/compress/pull/186)
+
+</details>
+
+<details>
+	<summary>See changes prior to v1.10.0</summary>
+
+* Jan 20,2020 (v1.9.8) Optimize gzip/deflate with better size estimates and faster table generation. [#207](https://github.com/klauspost/compress/pull/207) by [luyu6056](https://github.com/luyu6056),  [#206](https://github.com/klauspost/compress/pull/206).
+* Jan 11, 2020: S2 Encode/Decode will use provided buffer if capacity is big enough. [#204](https://github.com/klauspost/compress/pull/204) 
+* Jan 5, 2020: (v1.9.7) Fix another zstd regression in v1.9.5 - v1.9.6 removed.
+* Jan 4, 2020: (v1.9.6) Regression in v1.9.5 fixed causing corrupt zstd encodes in rare cases.
+* Jan 4, 2020: Faster IO in [s2c + s2d commandline tools](https://github.com/klauspost/compress/tree/master/s2#commandline-tools) compression/decompression. [#192](https://github.com/klauspost/compress/pull/192)
+* Dec 29, 2019: Removed v1.9.5 since fuzz tests showed a compatibility problem with the reference zstandard decoder.
+* Dec 29, 2019: (v1.9.5) zstd: 10-20% faster block compression. [#199](https://github.com/klauspost/compress/pull/199)
+* Dec 29, 2019: [zip](https://godoc.org/github.com/klauspost/compress/zip) package updated with latest Go features
+* Dec 29, 2019: zstd: Single segment flag condintions tweaked. [#197](https://github.com/klauspost/compress/pull/197)
+* Dec 18, 2019: s2: Faster compression when ReadFrom is used. [#198](https://github.com/klauspost/compress/pull/198)
+* Dec 10, 2019: s2: Fix repeat length output when just above at 16MB limit.
+* Dec 10, 2019: zstd: Add function to get decoder as io.ReadCloser. [#191](https://github.com/klauspost/compress/pull/191)
+* Dec 3, 2019: (v1.9.4) S2: limit max repeat length. [#188](https://github.com/klauspost/compress/pull/188)
+* Dec 3, 2019: Add [WithNoEntropyCompression](https://godoc.org/github.com/klauspost/compress/zstd#WithNoEntropyCompression) to zstd [#187](https://github.com/klauspost/compress/pull/187)
+* Dec 3, 2019: Reduce memory use for tests. Check for leaked goroutines.
+* Nov 28, 2019 (v1.9.3) Less allocations in stateless deflate.
+* Nov 28, 2019: 5-20% Faster huff0 decode. Impacts zstd as well. [#184](https://github.com/klauspost/compress/pull/184)
+* Nov 12, 2019 (v1.9.2) Added [Stateless Compression](#stateless-compression) for gzip/deflate.
+* Nov 12, 2019: Fixed zstd decompression of large single blocks. [#180](https://github.com/klauspost/compress/pull/180)
+* Nov 11, 2019: Set default  [s2c](https://github.com/klauspost/compress/tree/master/s2#commandline-tools) block size to 4MB.
+* Nov 11, 2019: Reduce inflate memory use by 1KB.
+* Nov 10, 2019: Less allocations in deflate bit writer.
+* Nov 10, 2019: Fix inconsistent error returned by zstd decoder.
+* Oct 28, 2019 (v1.9.1) ztsd: Fix crash when compressing blocks. [#174](https://github.com/klauspost/compress/pull/174)
+* Oct 24, 2019 (v1.9.0) zstd: Fix rare data corruption [#173](https://github.com/klauspost/compress/pull/173)
+* Oct 24, 2019 zstd: Fix huff0 out of buffer write [#171](https://github.com/klauspost/compress/pull/171) and always return errors [#172](https://github.com/klauspost/compress/pull/172) 
+* Oct 10, 2019: Big deflate rewrite, 30-40% faster with better compression [#105](https://github.com/klauspost/compress/pull/105)
+
+</details>
+
+<details>
+	<summary>See changes prior to v1.9.0</summary>
+
+* Oct 10, 2019: (v1.8.6) zstd: Allow partial reads to get flushed data. [#169](https://github.com/klauspost/compress/pull/169)
+* Oct 3, 2019: Fix inconsistent results on broken zstd streams.
+* Sep 25, 2019: Added `-rm` (remove source files) and `-q` (no output except errors) to `s2c` and `s2d` [commands](https://github.com/klauspost/compress/tree/master/s2#commandline-tools)
+* Sep 16, 2019: (v1.8.4) Add `s2c` and `s2d` [commandline tools](https://github.com/klauspost/compress/tree/master/s2#commandline-tools).
+* Sep 10, 2019: (v1.8.3) Fix s2 decoder [Skip](https://godoc.org/github.com/klauspost/compress/s2#Reader.Skip).
+* Sep 7, 2019: zstd: Added [WithWindowSize](https://godoc.org/github.com/klauspost/compress/zstd#WithWindowSize), contributed by [ianwilkes](https://github.com/ianwilkes).
+* Sep 5, 2019: (v1.8.2) Add [WithZeroFrames](https://godoc.org/github.com/klauspost/compress/zstd#WithZeroFrames) which adds full zero payload block encoding option.
+* Sep 5, 2019: Lazy initialization of zstandard predefined en/decoder tables.
+* Aug 26, 2019: (v1.8.1) S2: 1-2% compression increase in "better" compression mode.
+* Aug 26, 2019: zstd: Check maximum size of Huffman 1X compressed literals while decoding.
+* Aug 24, 2019: (v1.8.0) Added [S2 compression](https://github.com/klauspost/compress/tree/master/s2#s2-compression), a high performance replacement for Snappy. 
+* Aug 21, 2019: (v1.7.6) Fixed minor issues found by fuzzer. One could lead to zstd not decompressing.
+* Aug 18, 2019: Add [fuzzit](https://fuzzit.dev/) continuous fuzzing.
+* Aug 14, 2019: zstd: Skip incompressible data 2x faster.  [#147](https://github.com/klauspost/compress/pull/147)
+* Aug 4, 2019 (v1.7.5): Better literal compression. [#146](https://github.com/klauspost/compress/pull/146)
+* Aug 4, 2019: Faster zstd compression. [#143](https://github.com/klauspost/compress/pull/143) [#144](https://github.com/klauspost/compress/pull/144)
+* Aug 4, 2019: Faster zstd decompression. [#145](https://github.com/klauspost/compress/pull/145) [#143](https://github.com/klauspost/compress/pull/143) [#142](https://github.com/klauspost/compress/pull/142)
+* July 15, 2019 (v1.7.4): Fix double EOF block in rare cases on zstd encoder.
+* July 15, 2019 (v1.7.3): Minor speedup/compression increase in default zstd encoder.
+* July 14, 2019: zstd decoder: Fix decompression error on multiple uses with mixed content.
+* July 7, 2019 (v1.7.2): Snappy update, zstd decoder potential race fix.
+* June 17, 2019: zstd decompression bugfix.
+* June 17, 2019: fix 32 bit builds.
+* June 17, 2019: Easier use in modules (less dependencies).
+* June 9, 2019: New stronger "default" [zstd](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression mode. Matches zstd default compression ratio.
+* June 5, 2019: 20-40% throughput in [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and better compression.
+* June 5, 2019: deflate/gzip compression: Reduce memory usage of lower compression levels.
+* June 2, 2019: Added [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression!
+* May 25, 2019: deflate/gzip: 10% faster bit writer, mostly visible in lower levels.
+* Apr 22, 2019: [zstd](https://github.com/klauspost/compress/tree/master/zstd#zstd) decompression added.
+* Aug 1, 2018: Added [huff0 README](https://github.com/klauspost/compress/tree/master/huff0#huff0-entropy-compression).
+* Jul 8, 2018: Added [Performance Update 2018](#performance-update-2018) below.
+* Jun 23, 2018: Merged [Go 1.11 inflate optimizations](https://go-review.googlesource.com/c/go/+/102235). Go 1.9 is now required. Backwards compatible version tagged with [v1.3.0](https://github.com/klauspost/compress/releases/tag/v1.3.0).
+* Apr 2, 2018: Added [huff0](https://godoc.org/github.com/klauspost/compress/huff0) en/decoder. Experimental for now, API may change.
+* Mar 4, 2018: Added [FSE Entropy](https://godoc.org/github.com/klauspost/compress/fse) en/decoder. Experimental for now, API may change.
+* Nov 3, 2017: Add compression [Estimate](https://godoc.org/github.com/klauspost/compress#Estimate) function.
+* May 28, 2017: Reduce allocations when resetting decoder.
+* Apr 02, 2017: Change back to official crc32, since changes were merged in Go 1.7.
+* Jan 14, 2017: Reduce stack pressure due to array copies. See [Issue #18625](https://github.com/golang/go/issues/18625).
+* Oct 25, 2016: Level 2-4 have been rewritten and now offers significantly better performance than before.
+* Oct 20, 2016: Port zlib changes from Go 1.7 to fix zlib writer issue. Please update.
+* Oct 16, 2016: Go 1.7 changes merged. Apples to apples this package is a few percent faster, but has a significantly better balance between speed and compression per level. 
+* Mar 24, 2016: Always attempt Huffman encoding on level 4-7. This improves base 64 encoded data compression.
+* Mar 24, 2016: Small speedup for level 1-3.
+* Feb 19, 2016: Faster bit writer, level -2 is 15% faster, level 1 is 4% faster.
+* Feb 19, 2016: Handle small payloads faster in level 1-3.
+* Feb 19, 2016: Added faster level 2 + 3 compression modes.
+* Feb 19, 2016: [Rebalanced compression levels](https://blog.klauspost.com/rebalancing-deflate-compression-levels/), so there is a more even progresssion in terms of compression. New default level is 5.
+* Feb 14, 2016: Snappy: Merge upstream changes. 
+* Feb 14, 2016: Snappy: Fix aggressive skipping.
+* Feb 14, 2016: Snappy: Update benchmark.
+* Feb 13, 2016: Deflate: Fixed assembler problem that could lead to sub-optimal compression.
+* Feb 12, 2016: Snappy: Added AMD64 SSE 4.2 optimizations to matching, which makes easy to compress material run faster. Typical speedup is around 25%.
+* Feb 9, 2016: Added Snappy package fork. This version is 5-7% faster, much more on hard to compress content.
+* Jan 30, 2016: Optimize level 1 to 3 by not considering static dictionary or storing uncompressed. ~4-5% speedup.
+* Jan 16, 2016: Optimization on deflate level 1,2,3 compression.
+* Jan 8 2016: Merge [CL 18317](https://go-review.googlesource.com/#/c/18317): fix reading, writing of zip64 archives.
+* Dec 8 2015: Make level 1 and -2 deterministic even if write size differs.
+* Dec 8 2015: Split encoding functions, so hashing and matching can potentially be inlined. 1-3% faster on AMD64. 5% faster on other platforms.
+* Dec 8 2015: Fixed rare [one byte out-of bounds read](https://github.com/klauspost/compress/issues/20). Please update!
+* Nov 23 2015: Optimization on token writer. ~2-4% faster. Contributed by [@dsnet](https://github.com/dsnet).
+* Nov 20 2015: Small optimization to bit writer on 64 bit systems.
+* Nov 17 2015: Fixed out-of-bound errors if the underlying Writer returned an error. See [#15](https://github.com/klauspost/compress/issues/15).
+* Nov 12 2015: Added [io.WriterTo](https://golang.org/pkg/io/#WriterTo) support to gzip/inflate.
+* Nov 11 2015: Merged [CL 16669](https://go-review.googlesource.com/#/c/16669/4): archive/zip: enable overriding (de)compressors per file
+* Oct 15 2015: Added skipping on uncompressible data. Random data speed up >5x.
+
+</details>
+
+# deflate usage
+
+* [High Throughput Benchmark](http://blog.klauspost.com/go-gzipdeflate-benchmarks/).
+* [Small Payload/Webserver Benchmarks](http://blog.klauspost.com/gzip-performance-for-go-webservers/).
+* [Linear Time Compression](http://blog.klauspost.com/constant-time-gzipzip-compression/).
+* [Re-balancing Deflate Compression Levels](https://blog.klauspost.com/rebalancing-deflate-compression-levels/)
+
+The packages are drop-in replacements for standard libraries. Simply replace the import path to use them:
+
+| old import         | new import                              | Documentation
+|--------------------|-----------------------------------------|--------------------|
+| `compress/gzip`    | `github.com/klauspost/compress/gzip`    | [gzip](https://pkg.go.dev/github.com/klauspost/compress/gzip?tab=doc)
+| `compress/zlib`    | `github.com/klauspost/compress/zlib`    | [zlib](https://pkg.go.dev/github.com/klauspost/compress/zlib?tab=doc)
+| `archive/zip`      | `github.com/klauspost/compress/zip`     | [zip](https://pkg.go.dev/github.com/klauspost/compress/zip?tab=doc)
+| `compress/flate`   | `github.com/klauspost/compress/flate`   | [flate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc)
+
+* Optimized [deflate](https://godoc.org/github.com/klauspost/compress/flate) packages which can be used as a dropin replacement for [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip) and [zlib](https://godoc.org/github.com/klauspost/compress/zlib).
+
+You may also be interested in [pgzip](https://github.com/klauspost/pgzip), which is a drop in replacement for gzip, which support multithreaded compression on big files and the optimized [crc32](https://github.com/klauspost/crc32) package used by these packages.
+
+The packages contains the same as the standard library, so you can use the godoc for that: [gzip](http://golang.org/pkg/compress/gzip/), [zip](http://golang.org/pkg/archive/zip/),  [zlib](http://golang.org/pkg/compress/zlib/), [flate](http://golang.org/pkg/compress/flate/).
+
+Currently there is only minor speedup on decompression (mostly CRC32 calculation).
+
+# Stateless compression
+
+This package offers stateless compression as a special option for gzip/deflate. 
+It will do compression but without maintaining any state between Write calls.
+
+This means there will be no memory kept between Write calls, but compression and speed will be suboptimal.
+
+This is only relevant in cases where you expect to run many thousands of compressors concurrently, 
+but with very little activity. This is *not* intended for regular web servers serving individual requests.  
+
+Because of this, the size of actual Write calls will affect output size.
+
+In gzip, specify level `-3` / `gzip.StatelessCompression` to enable.
+
+For direct deflate use, NewStatelessWriter and StatelessDeflate are available. See [documentation](https://godoc.org/github.com/klauspost/compress/flate#NewStatelessWriter)
+
+A `bufio.Writer` can of course be used to control write sizes. For example, to use a 4KB buffer:
+
+```
+	// replace 'ioutil.Discard' with your output.
+	gzw, err := gzip.NewWriterLevel(ioutil.Discard, gzip.StatelessCompression)
+	if err != nil {
+		return err
+	}
+	defer gzw.Close()
+
+	w := bufio.NewWriterSize(gzw, 4096)
+	defer w.Flush()
+	
+	// Write to 'w' 
+```
+
+This will only use up to 4KB in memory when the writer is idle. 
+
+Compression is almost always worse than the fastest compression level 
+and each write will allocate (a little) memory. 
+
+# Performance Update 2018
+
+It has been a while since we have been looking at the speed of this package compared to the standard library, so I thought I would re-do my tests and give some overall recommendations based on the current state. All benchmarks have been performed with Go 1.10 on my Desktop Intel(R) Core(TM) i7-2600 CPU @3.40GHz. Since I last ran the tests, I have gotten more RAM, which means tests with big files are no longer limited by my SSD.
+
+The raw results are in my [updated spreadsheet](https://docs.google.com/spreadsheets/d/1nuNE2nPfuINCZJRMt6wFWhKpToF95I47XjSsc-1rbPQ/edit?usp=sharing). Due to cgo changes and upstream updates i could not get the cgo version of gzip to compile. Instead I included the [zstd](https://github.com/datadog/zstd) cgo implementation. If I get cgo gzip to work again, I might replace the results in the sheet.
+
+The columns to take note of are: *MB/s* - the throughput. *Reduction* - the data size reduction in percent of the original. *Rel Speed* relative speed compared to the standard library at the same level. *Smaller* - how many percent smaller is the compressed output compared to stdlib. Negative means the output was bigger. *Loss* means the loss (or gain) in compression as a percentage difference of the input.
+
+The `gzstd` (standard library gzip) and `gzkp` (this package gzip) only uses one CPU core. [`pgzip`](https://github.com/klauspost/pgzip), [`bgzf`](https://github.com/biogo/hts/tree/master/bgzf) uses all 4 cores. [`zstd`](https://github.com/DataDog/zstd) uses one core, and is a beast (but not Go, yet).
+
+
+## Overall differences.
+
+There appears to be a roughly 5-10% speed advantage over the standard library when comparing at similar compression levels.
+
+The biggest difference you will see is the result of [re-balancing](https://blog.klauspost.com/rebalancing-deflate-compression-levels/) the compression levels. I wanted by library to give a smoother transition between the compression levels than the standard library.
+
+This package attempts to provide a more smooth transition, where "1" is taking a lot of shortcuts, "5" is the reasonable trade-off and "9" is the "give me the best compression", and the values in between gives something reasonable in between. The standard library has big differences in levels 1-4, but levels 5-9 having no significant gains - often spending a lot more time than can be justified by the achieved compression.
+
+There are links to all the test data in the [spreadsheet](https://docs.google.com/spreadsheets/d/1nuNE2nPfuINCZJRMt6wFWhKpToF95I47XjSsc-1rbPQ/edit?usp=sharing) in the top left field on each tab.
+
+## Web Content
+
+This test set aims to emulate typical use in a web server. The test-set is 4GB data in 53k files, and is a mixture of (mostly) HTML, JS, CSS.
+
+Since level 1 and 9 are close to being the same code, they are quite close. But looking at the levels in-between the differences are quite big.
+
+Looking at level 6, this package is 88% faster, but will output about 6% more data. For a web server, this means you can serve 88% more data, but have to pay for 6% more bandwidth. You can draw your own conclusions on what would be the most expensive for your case.
+
+## Object files
+
+This test is for typical data files stored on a server. In this case it is a collection of Go precompiled objects. They are very compressible.
+
+The picture is similar to the web content, but with small differences since this is very compressible. Levels 2-3 offer good speed, but is sacrificing quite a bit of compression. 
+
+The standard library seems suboptimal on level 3 and 4 - offering both worse compression and speed than level 6 & 7 of this package respectively.
+
+## Highly Compressible File
+
+This is a JSON file with very high redundancy. The reduction starts at 95% on level 1, so in real life terms we are dealing with something like a highly redundant stream of data, etc.
+
+It is definitely visible that we are dealing with specialized content here, so the results are very scattered. This package does not do very well at levels 1-4, but picks up significantly at level 5 and levels 7 and 8 offering great speed for the achieved compression.
+
+So if you know you content is extremely compressible you might want to go slightly higher than the defaults. The standard library has a huge gap between levels 3 and 4 in terms of speed (2.75x slowdown), so it offers little "middle ground".
+
+## Medium-High Compressible
+
+This is a pretty common test corpus: [enwik9](http://mattmahoney.net/dc/textdata.html). It contains the first 10^9 bytes of the English Wikipedia dump on Mar. 3, 2006. This is a very good test of typical text based compression and more data heavy streams.
+
+We see a similar picture here as in "Web Content". On equal levels some compression is sacrificed for more speed. Level 5 seems to be the best trade-off between speed and size, beating stdlib level 3 in both.
+
+## Medium Compressible
+
+I will combine two test sets, one [10GB file set](http://mattmahoney.net/dc/10gb.html) and a VM disk image (~8GB). Both contain different data types and represent a typical backup scenario.
+
+The most notable thing is how quickly the standard library drops to very low compression speeds around level 5-6 without any big gains in compression. Since this type of data is fairly common, this does not seem like good behavior.
+
+
+## Un-compressible Content
+
+This is mainly a test of how good the algorithms are at detecting un-compressible input. The standard library only offers this feature with very conservative settings at level 1. Obviously there is no reason for the algorithms to try to compress input that cannot be compressed.  The only downside is that it might skip some compressible data on false detections.
+
+
+# linear time compression (huffman only)
+
+This compression library adds a special compression level, named `HuffmanOnly`, which allows near linear time compression. This is done by completely disabling matching of previous data, and only reduce the number of bits to represent each character. 
+
+This means that often used characters, like 'e' and ' ' (space) in text use the fewest bits to represent, and rare characters like '¤' takes more bits to represent. For more information see [wikipedia](https://en.wikipedia.org/wiki/Huffman_coding) or this nice [video](https://youtu.be/ZdooBTdW5bM).
+
+Since this type of compression has much less variance, the compression speed is mostly unaffected by the input data, and is usually more than *180MB/s* for a single core.
+
+The downside is that the compression ratio is usually considerably worse than even the fastest conventional compression. The compression ratio can never be better than 8:1 (12.5%). 
+
+The linear time compression can be used as a "better than nothing" mode, where you cannot risk the encoder to slow down on some content. For comparison, the size of the "Twain" text is *233460 bytes* (+29% vs. level 1) and encode speed is 144MB/s (4.5x level 1). So in this case you trade a 30% size increase for a 4 times speedup.
+
+For more information see my blog post on [Fast Linear Time Compression](http://blog.klauspost.com/constant-time-gzipzip-compression/).
+
+This is implemented on Go 1.7 as "Huffman Only" mode, though not exposed for gzip.
+
+
+# snappy package
+
+The standard snappy package has now been improved. This repo contains a copy of the snappy repo.
+
+I would advise to use the standard package: https://github.com/golang/snappy
+
+
+# license
+
+This code is licensed under the same conditions as the original Go code. See LICENSE file.
diff --git a/vendor/github.com/klauspost/compress/fse/README.md b/vendor/github.com/klauspost/compress/fse/README.md
new file mode 100644
index 0000000000000..ea7324da671f6
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/fse/README.md
@@ -0,0 +1,79 @@
+# Finite State Entropy
+
+This package provides Finite State Entropy encoding and decoding.
+            
+Finite State Entropy (also referenced as [tANS](https://en.wikipedia.org/wiki/Asymmetric_numeral_systems#tANS)) 
+encoding provides a fast near-optimal symbol encoding/decoding
+for byte blocks as implemented in [zstandard](https://github.com/facebook/zstd).
+
+This can be used for compressing input with a lot of similar input values to the smallest number of bytes.
+This does not perform any multi-byte [dictionary coding](https://en.wikipedia.org/wiki/Dictionary_coder) as LZ coders,
+but it can be used as a secondary step to compressors (like Snappy) that does not do entropy encoding. 
+
+* [Godoc documentation](https://godoc.org/github.com/klauspost/compress/fse)
+
+## News
+
+ * Feb 2018: First implementation released. Consider this beta software for now.
+
+# Usage
+
+This package provides a low level interface that allows to compress single independent blocks. 
+
+Each block is separate, and there is no built in integrity checks. 
+This means that the caller should keep track of block sizes and also do checksums if needed.  
+
+Compressing a block is done via the [`Compress`](https://godoc.org/github.com/klauspost/compress/fse#Compress) function.
+You must provide input and will receive the output and maybe an error.
+
+These error values can be returned:
+
+| Error               | Description                                                                 |
+|---------------------|-----------------------------------------------------------------------------|
+| `<nil>`             | Everything ok, output is returned                                           |
+| `ErrIncompressible` | Returned when input is judged to be too hard to compress                    |
+| `ErrUseRLE`         | Returned from the compressor when the input is a single byte value repeated |
+| `(error)`           | An internal error occurred.                                                 |
+
+As can be seen above there are errors that will be returned even under normal operation so it is important to handle these.
+
+To reduce allocations you can provide a [`Scratch`](https://godoc.org/github.com/klauspost/compress/fse#Scratch) object 
+that can be re-used for successive calls. Both compression and decompression accepts a `Scratch` object, and the same 
+object can be used for both.   
+
+Be aware, that when re-using a `Scratch` object that the *output* buffer is also re-used, so if you are still using this
+you must set the `Out` field in the scratch to nil. The same buffer is used for compression and decompression output.
+
+Decompressing is done by calling the [`Decompress`](https://godoc.org/github.com/klauspost/compress/fse#Decompress) function.
+You must provide the output from the compression stage, at exactly the size you got back. If you receive an error back
+your input was likely corrupted. 
+
+It is important to note that a successful decoding does *not* mean your output matches your original input. 
+There are no integrity checks, so relying on errors from the decompressor does not assure your data is valid.
+
+For more detailed usage, see examples in the [godoc documentation](https://godoc.org/github.com/klauspost/compress/fse#pkg-examples).
+
+# Performance
+
+A lot of factors are affecting speed. Block sizes and compressibility of the material are primary factors.  
+All compression functions are currently only running on the calling goroutine so only one core will be used per block.  
+
+The compressor is significantly faster if symbols are kept as small as possible. The highest byte value of the input
+is used to reduce some of the processing, so if all your input is above byte value 64 for instance, it may be 
+beneficial to transpose all your input values down by 64.   
+
+With moderate block sizes around 64k speed are typically 200MB/s per core for compression and 
+around 300MB/s decompression speed. 
+
+The same hardware typically does Huffman (deflate) encoding at 125MB/s and decompression at 100MB/s. 
+
+# Plans
+
+At one point, more internals will be exposed to facilitate more "expert" usage of the components. 
+
+A streaming interface is also likely to be implemented. Likely compatible with [FSE stream format](https://github.com/Cyan4973/FiniteStateEntropy/blob/dev/programs/fileio.c#L261).  
+
+# Contributing
+
+Contributions are always welcome. Be aware that adding public functions will require good justification and breaking 
+changes will likely not be accepted. If in doubt open an issue before writing the PR.  
\ No newline at end of file
diff --git a/vendor/github.com/klauspost/compress/fse/bitreader.go b/vendor/github.com/klauspost/compress/fse/bitreader.go
new file mode 100644
index 0000000000000..f65eb3909cf4a
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/fse/bitreader.go
@@ -0,0 +1,122 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+package fse
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+// bitReader reads a bitstream in reverse.
+// The last set bit indicates the start of the stream and is used
+// for aligning the input.
+type bitReader struct {
+	in       []byte
+	off      uint // next byte to read is at in[off - 1]
+	value    uint64
+	bitsRead uint8
+}
+
+// init initializes and resets the bit reader.
+func (b *bitReader) init(in []byte) error {
+	if len(in) < 1 {
+		return errors.New("corrupt stream: too short")
+	}
+	b.in = in
+	b.off = uint(len(in))
+	// The highest bit of the last byte indicates where to start
+	v := in[len(in)-1]
+	if v == 0 {
+		return errors.New("corrupt stream, did not find end of stream")
+	}
+	b.bitsRead = 64
+	b.value = 0
+	if len(in) >= 8 {
+		b.fillFastStart()
+	} else {
+		b.fill()
+		b.fill()
+	}
+	b.bitsRead += 8 - uint8(highBits(uint32(v)))
+	return nil
+}
+
+// getBits will return n bits. n can be 0.
+func (b *bitReader) getBits(n uint8) uint16 {
+	if n == 0 || b.bitsRead >= 64 {
+		return 0
+	}
+	return b.getBitsFast(n)
+}
+
+// getBitsFast requires that at least one bit is requested every time.
+// There are no checks if the buffer is filled.
+func (b *bitReader) getBitsFast(n uint8) uint16 {
+	const regMask = 64 - 1
+	v := uint16((b.value << (b.bitsRead & regMask)) >> ((regMask + 1 - n) & regMask))
+	b.bitsRead += n
+	return v
+}
+
+// fillFast() will make sure at least 32 bits are available.
+// There must be at least 4 bytes available.
+func (b *bitReader) fillFast() {
+	if b.bitsRead < 32 {
+		return
+	}
+	// 2 bounds checks.
+	v := b.in[b.off-4:]
+	v = v[:4]
+	low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+	b.value = (b.value << 32) | uint64(low)
+	b.bitsRead -= 32
+	b.off -= 4
+}
+
+// fill() will make sure at least 32 bits are available.
+func (b *bitReader) fill() {
+	if b.bitsRead < 32 {
+		return
+	}
+	if b.off > 4 {
+		v := b.in[b.off-4:]
+		v = v[:4]
+		low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+		b.value = (b.value << 32) | uint64(low)
+		b.bitsRead -= 32
+		b.off -= 4
+		return
+	}
+	for b.off > 0 {
+		b.value = (b.value << 8) | uint64(b.in[b.off-1])
+		b.bitsRead -= 8
+		b.off--
+	}
+}
+
+// fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read.
+func (b *bitReader) fillFastStart() {
+	// Do single re-slice to avoid bounds checks.
+	b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+	b.bitsRead = 0
+	b.off -= 8
+}
+
+// finished returns true if all bits have been read from the bit stream.
+func (b *bitReader) finished() bool {
+	return b.bitsRead >= 64 && b.off == 0
+}
+
+// close the bitstream and returns an error if out-of-buffer reads occurred.
+func (b *bitReader) close() error {
+	// Release reference.
+	b.in = nil
+	if b.bitsRead > 64 {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
diff --git a/vendor/github.com/klauspost/compress/fse/bitwriter.go b/vendor/github.com/klauspost/compress/fse/bitwriter.go
new file mode 100644
index 0000000000000..43e463611b15c
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/fse/bitwriter.go
@@ -0,0 +1,168 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+package fse
+
+import "fmt"
+
+// bitWriter will write bits.
+// First bit will be LSB of the first byte of output.
+type bitWriter struct {
+	bitContainer uint64
+	nBits        uint8
+	out          []byte
+}
+
+// bitMask16 is bitmasks. Has extra to avoid bounds check.
+var bitMask16 = [32]uint16{
+	0, 1, 3, 7, 0xF, 0x1F,
+	0x3F, 0x7F, 0xFF, 0x1FF, 0x3FF, 0x7FF,
+	0xFFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF, 0xFFFF,
+	0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF,
+	0xFFFF, 0xFFFF} /* up to 16 bits */
+
+// addBits16NC will add up to 16 bits.
+// It will not check if there is space for them,
+// so the caller must ensure that it has flushed recently.
+func (b *bitWriter) addBits16NC(value uint16, bits uint8) {
+	b.bitContainer |= uint64(value&bitMask16[bits&31]) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// addBits16Clean will add up to 16 bits. value may not contain more set bits than indicated.
+// It will not check if there is space for them, so the caller must ensure that it has flushed recently.
+func (b *bitWriter) addBits16Clean(value uint16, bits uint8) {
+	b.bitContainer |= uint64(value) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// addBits16ZeroNC will add up to 16 bits.
+// It will not check if there is space for them,
+// so the caller must ensure that it has flushed recently.
+// This is fastest if bits can be zero.
+func (b *bitWriter) addBits16ZeroNC(value uint16, bits uint8) {
+	if bits == 0 {
+		return
+	}
+	value <<= (16 - bits) & 15
+	value >>= (16 - bits) & 15
+	b.bitContainer |= uint64(value) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// flush will flush all pending full bytes.
+// There will be at least 56 bits available for writing when this has been called.
+// Using flush32 is faster, but leaves less space for writing.
+func (b *bitWriter) flush() {
+	v := b.nBits >> 3
+	switch v {
+	case 0:
+	case 1:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+		)
+	case 2:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+		)
+	case 3:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+		)
+	case 4:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+		)
+	case 5:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+		)
+	case 6:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+		)
+	case 7:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+			byte(b.bitContainer>>48),
+		)
+	case 8:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+			byte(b.bitContainer>>48),
+			byte(b.bitContainer>>56),
+		)
+	default:
+		panic(fmt.Errorf("bits (%d) > 64", b.nBits))
+	}
+	b.bitContainer >>= v << 3
+	b.nBits &= 7
+}
+
+// flush32 will flush out, so there are at least 32 bits available for writing.
+func (b *bitWriter) flush32() {
+	if b.nBits < 32 {
+		return
+	}
+	b.out = append(b.out,
+		byte(b.bitContainer),
+		byte(b.bitContainer>>8),
+		byte(b.bitContainer>>16),
+		byte(b.bitContainer>>24))
+	b.nBits -= 32
+	b.bitContainer >>= 32
+}
+
+// flushAlign will flush remaining full bytes and align to next byte boundary.
+func (b *bitWriter) flushAlign() {
+	nbBytes := (b.nBits + 7) >> 3
+	for i := uint8(0); i < nbBytes; i++ {
+		b.out = append(b.out, byte(b.bitContainer>>(i*8)))
+	}
+	b.nBits = 0
+	b.bitContainer = 0
+}
+
+// close will write the alignment bit and write the final byte(s)
+// to the output.
+func (b *bitWriter) close() error {
+	// End mark
+	b.addBits16Clean(1, 1)
+	// flush until next byte.
+	b.flushAlign()
+	return nil
+}
+
+// reset and continue writing by appending to out.
+func (b *bitWriter) reset(out []byte) {
+	b.bitContainer = 0
+	b.nBits = 0
+	b.out = out
+}
diff --git a/vendor/github.com/klauspost/compress/fse/bytereader.go b/vendor/github.com/klauspost/compress/fse/bytereader.go
new file mode 100644
index 0000000000000..abade2d605279
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/fse/bytereader.go
@@ -0,0 +1,47 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+package fse
+
+// byteReader provides a byte reader that reads
+// little endian values from a byte stream.
+// The input stream is manually advanced.
+// The reader performs no bounds checks.
+type byteReader struct {
+	b   []byte
+	off int
+}
+
+// init will initialize the reader and set the input.
+func (b *byteReader) init(in []byte) {
+	b.b = in
+	b.off = 0
+}
+
+// advance the stream b n bytes.
+func (b *byteReader) advance(n uint) {
+	b.off += int(n)
+}
+
+// Uint32 returns a little endian uint32 starting at current offset.
+func (b byteReader) Uint32() uint32 {
+	b2 := b.b[b.off:]
+	b2 = b2[:4]
+	v3 := uint32(b2[3])
+	v2 := uint32(b2[2])
+	v1 := uint32(b2[1])
+	v0 := uint32(b2[0])
+	return v0 | (v1 << 8) | (v2 << 16) | (v3 << 24)
+}
+
+// unread returns the unread portion of the input.
+func (b byteReader) unread() []byte {
+	return b.b[b.off:]
+}
+
+// remain will return the number of bytes remaining.
+func (b byteReader) remain() int {
+	return len(b.b) - b.off
+}
diff --git a/vendor/github.com/klauspost/compress/fse/compress.go b/vendor/github.com/klauspost/compress/fse/compress.go
new file mode 100644
index 0000000000000..0d31f5ebc9ad0
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/fse/compress.go
@@ -0,0 +1,684 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+package fse
+
+import (
+	"errors"
+	"fmt"
+)
+
+// Compress the input bytes. Input must be < 2GB.
+// Provide a Scratch buffer to avoid memory allocations.
+// Note that the output is also kept in the scratch buffer.
+// If input is too hard to compress, ErrIncompressible is returned.
+// If input is a single byte value repeated ErrUseRLE is returned.
+func Compress(in []byte, s *Scratch) ([]byte, error) {
+	if len(in) <= 1 {
+		return nil, ErrIncompressible
+	}
+	if len(in) > (2<<30)-1 {
+		return nil, errors.New("input too big, must be < 2GB")
+	}
+	s, err := s.prepare(in)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create histogram, if none was provided.
+	maxCount := s.maxCount
+	if maxCount == 0 {
+		maxCount = s.countSimple(in)
+	}
+	// Reset for next run.
+	s.clearCount = true
+	s.maxCount = 0
+	if maxCount == len(in) {
+		// One symbol, use RLE
+		return nil, ErrUseRLE
+	}
+	if maxCount == 1 || maxCount < (len(in)>>7) {
+		// Each symbol present maximum once or too well distributed.
+		return nil, ErrIncompressible
+	}
+	s.optimalTableLog()
+	err = s.normalizeCount()
+	if err != nil {
+		return nil, err
+	}
+	err = s.writeCount()
+	if err != nil {
+		return nil, err
+	}
+
+	if false {
+		err = s.validateNorm()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	err = s.buildCTable()
+	if err != nil {
+		return nil, err
+	}
+	err = s.compress(in)
+	if err != nil {
+		return nil, err
+	}
+	s.Out = s.bw.out
+	// Check if we compressed.
+	if len(s.Out) >= len(in) {
+		return nil, ErrIncompressible
+	}
+	return s.Out, nil
+}
+
+// cState contains the compression state of a stream.
+type cState struct {
+	bw         *bitWriter
+	stateTable []uint16
+	state      uint16
+}
+
+// init will initialize the compression state to the first symbol of the stream.
+func (c *cState) init(bw *bitWriter, ct *cTable, tableLog uint8, first symbolTransform) {
+	c.bw = bw
+	c.stateTable = ct.stateTable
+
+	nbBitsOut := (first.deltaNbBits + (1 << 15)) >> 16
+	im := int32((nbBitsOut << 16) - first.deltaNbBits)
+	lu := (im >> nbBitsOut) + first.deltaFindState
+	c.state = c.stateTable[lu]
+	return
+}
+
+// encode the output symbol provided and write it to the bitstream.
+func (c *cState) encode(symbolTT symbolTransform) {
+	nbBitsOut := (uint32(c.state) + symbolTT.deltaNbBits) >> 16
+	dstState := int32(c.state>>(nbBitsOut&15)) + symbolTT.deltaFindState
+	c.bw.addBits16NC(c.state, uint8(nbBitsOut))
+	c.state = c.stateTable[dstState]
+}
+
+// encode the output symbol provided and write it to the bitstream.
+func (c *cState) encodeZero(symbolTT symbolTransform) {
+	nbBitsOut := (uint32(c.state) + symbolTT.deltaNbBits) >> 16
+	dstState := int32(c.state>>(nbBitsOut&15)) + symbolTT.deltaFindState
+	c.bw.addBits16ZeroNC(c.state, uint8(nbBitsOut))
+	c.state = c.stateTable[dstState]
+}
+
+// flush will write the tablelog to the output and flush the remaining full bytes.
+func (c *cState) flush(tableLog uint8) {
+	c.bw.flush32()
+	c.bw.addBits16NC(c.state, tableLog)
+	c.bw.flush()
+}
+
+// compress is the main compression loop that will encode the input from the last byte to the first.
+func (s *Scratch) compress(src []byte) error {
+	if len(src) <= 2 {
+		return errors.New("compress: src too small")
+	}
+	tt := s.ct.symbolTT[:256]
+	s.bw.reset(s.Out)
+
+	// Our two states each encodes every second byte.
+	// Last byte encoded (first byte decoded) will always be encoded by c1.
+	var c1, c2 cState
+
+	// Encode so remaining size is divisible by 4.
+	ip := len(src)
+	if ip&1 == 1 {
+		c1.init(&s.bw, &s.ct, s.actualTableLog, tt[src[ip-1]])
+		c2.init(&s.bw, &s.ct, s.actualTableLog, tt[src[ip-2]])
+		c1.encodeZero(tt[src[ip-3]])
+		ip -= 3
+	} else {
+		c2.init(&s.bw, &s.ct, s.actualTableLog, tt[src[ip-1]])
+		c1.init(&s.bw, &s.ct, s.actualTableLog, tt[src[ip-2]])
+		ip -= 2
+	}
+	if ip&2 != 0 {
+		c2.encodeZero(tt[src[ip-1]])
+		c1.encodeZero(tt[src[ip-2]])
+		ip -= 2
+	}
+
+	// Main compression loop.
+	switch {
+	case !s.zeroBits && s.actualTableLog <= 8:
+		// We can encode 4 symbols without requiring a flush.
+		// We do not need to check if any output is 0 bits.
+		for ip >= 4 {
+			s.bw.flush32()
+			v3, v2, v1, v0 := src[ip-4], src[ip-3], src[ip-2], src[ip-1]
+			c2.encode(tt[v0])
+			c1.encode(tt[v1])
+			c2.encode(tt[v2])
+			c1.encode(tt[v3])
+			ip -= 4
+		}
+	case !s.zeroBits:
+		// We do not need to check if any output is 0 bits.
+		for ip >= 4 {
+			s.bw.flush32()
+			v3, v2, v1, v0 := src[ip-4], src[ip-3], src[ip-2], src[ip-1]
+			c2.encode(tt[v0])
+			c1.encode(tt[v1])
+			s.bw.flush32()
+			c2.encode(tt[v2])
+			c1.encode(tt[v3])
+			ip -= 4
+		}
+	case s.actualTableLog <= 8:
+		// We can encode 4 symbols without requiring a flush
+		for ip >= 4 {
+			s.bw.flush32()
+			v3, v2, v1, v0 := src[ip-4], src[ip-3], src[ip-2], src[ip-1]
+			c2.encodeZero(tt[v0])
+			c1.encodeZero(tt[v1])
+			c2.encodeZero(tt[v2])
+			c1.encodeZero(tt[v3])
+			ip -= 4
+		}
+	default:
+		for ip >= 4 {
+			s.bw.flush32()
+			v3, v2, v1, v0 := src[ip-4], src[ip-3], src[ip-2], src[ip-1]
+			c2.encodeZero(tt[v0])
+			c1.encodeZero(tt[v1])
+			s.bw.flush32()
+			c2.encodeZero(tt[v2])
+			c1.encodeZero(tt[v3])
+			ip -= 4
+		}
+	}
+
+	// Flush final state.
+	// Used to initialize state when decoding.
+	c2.flush(s.actualTableLog)
+	c1.flush(s.actualTableLog)
+
+	return s.bw.close()
+}
+
+// writeCount will write the normalized histogram count to header.
+// This is read back by readNCount.
+func (s *Scratch) writeCount() error {
+	var (
+		tableLog  = s.actualTableLog
+		tableSize = 1 << tableLog
+		previous0 bool
+		charnum   uint16
+
+		maxHeaderSize = ((int(s.symbolLen) * int(tableLog)) >> 3) + 3
+
+		// Write Table Size
+		bitStream = uint32(tableLog - minTablelog)
+		bitCount  = uint(4)
+		remaining = int16(tableSize + 1) /* +1 for extra accuracy */
+		threshold = int16(tableSize)
+		nbBits    = uint(tableLog + 1)
+	)
+	if cap(s.Out) < maxHeaderSize {
+		s.Out = make([]byte, 0, s.br.remain()+maxHeaderSize)
+	}
+	outP := uint(0)
+	out := s.Out[:maxHeaderSize]
+
+	// stops at 1
+	for remaining > 1 {
+		if previous0 {
+			start := charnum
+			for s.norm[charnum] == 0 {
+				charnum++
+			}
+			for charnum >= start+24 {
+				start += 24
+				bitStream += uint32(0xFFFF) << bitCount
+				out[outP] = byte(bitStream)
+				out[outP+1] = byte(bitStream >> 8)
+				outP += 2
+				bitStream >>= 16
+			}
+			for charnum >= start+3 {
+				start += 3
+				bitStream += 3 << bitCount
+				bitCount += 2
+			}
+			bitStream += uint32(charnum-start) << bitCount
+			bitCount += 2
+			if bitCount > 16 {
+				out[outP] = byte(bitStream)
+				out[outP+1] = byte(bitStream >> 8)
+				outP += 2
+				bitStream >>= 16
+				bitCount -= 16
+			}
+		}
+
+		count := s.norm[charnum]
+		charnum++
+		max := (2*threshold - 1) - remaining
+		if count < 0 {
+			remaining += count
+		} else {
+			remaining -= count
+		}
+		count++ // +1 for extra accuracy
+		if count >= threshold {
+			count += max // [0..max[ [max..threshold[ (...) [threshold+max 2*threshold[
+		}
+		bitStream += uint32(count) << bitCount
+		bitCount += nbBits
+		if count < max {
+			bitCount--
+		}
+
+		previous0 = count == 1
+		if remaining < 1 {
+			return errors.New("internal error: remaining<1")
+		}
+		for remaining < threshold {
+			nbBits--
+			threshold >>= 1
+		}
+
+		if bitCount > 16 {
+			out[outP] = byte(bitStream)
+			out[outP+1] = byte(bitStream >> 8)
+			outP += 2
+			bitStream >>= 16
+			bitCount -= 16
+		}
+	}
+
+	out[outP] = byte(bitStream)
+	out[outP+1] = byte(bitStream >> 8)
+	outP += (bitCount + 7) / 8
+
+	if charnum > s.symbolLen {
+		return errors.New("internal error: charnum > s.symbolLen")
+	}
+	s.Out = out[:outP]
+	return nil
+}
+
+// symbolTransform contains the state transform for a symbol.
+type symbolTransform struct {
+	deltaFindState int32
+	deltaNbBits    uint32
+}
+
+// String prints values as a human readable string.
+func (s symbolTransform) String() string {
+	return fmt.Sprintf("dnbits: %08x, fs:%d", s.deltaNbBits, s.deltaFindState)
+}
+
+// cTable contains tables used for compression.
+type cTable struct {
+	tableSymbol []byte
+	stateTable  []uint16
+	symbolTT    []symbolTransform
+}
+
+// allocCtable will allocate tables needed for compression.
+// If existing tables a re big enough, they are simply re-used.
+func (s *Scratch) allocCtable() {
+	tableSize := 1 << s.actualTableLog
+	// get tableSymbol that is big enough.
+	if cap(s.ct.tableSymbol) < tableSize {
+		s.ct.tableSymbol = make([]byte, tableSize)
+	}
+	s.ct.tableSymbol = s.ct.tableSymbol[:tableSize]
+
+	ctSize := tableSize
+	if cap(s.ct.stateTable) < ctSize {
+		s.ct.stateTable = make([]uint16, ctSize)
+	}
+	s.ct.stateTable = s.ct.stateTable[:ctSize]
+
+	if cap(s.ct.symbolTT) < 256 {
+		s.ct.symbolTT = make([]symbolTransform, 256)
+	}
+	s.ct.symbolTT = s.ct.symbolTT[:256]
+}
+
+// buildCTable will populate the compression table so it is ready to be used.
+func (s *Scratch) buildCTable() error {
+	tableSize := uint32(1 << s.actualTableLog)
+	highThreshold := tableSize - 1
+	var cumul [maxSymbolValue + 2]int16
+
+	s.allocCtable()
+	tableSymbol := s.ct.tableSymbol[:tableSize]
+	// symbol start positions
+	{
+		cumul[0] = 0
+		for ui, v := range s.norm[:s.symbolLen-1] {
+			u := byte(ui) // one less than reference
+			if v == -1 {
+				// Low proba symbol
+				cumul[u+1] = cumul[u] + 1
+				tableSymbol[highThreshold] = u
+				highThreshold--
+			} else {
+				cumul[u+1] = cumul[u] + v
+			}
+		}
+		// Encode last symbol separately to avoid overflowing u
+		u := int(s.symbolLen - 1)
+		v := s.norm[s.symbolLen-1]
+		if v == -1 {
+			// Low proba symbol
+			cumul[u+1] = cumul[u] + 1
+			tableSymbol[highThreshold] = byte(u)
+			highThreshold--
+		} else {
+			cumul[u+1] = cumul[u] + v
+		}
+		if uint32(cumul[s.symbolLen]) != tableSize {
+			return fmt.Errorf("internal error: expected cumul[s.symbolLen] (%d) == tableSize (%d)", cumul[s.symbolLen], tableSize)
+		}
+		cumul[s.symbolLen] = int16(tableSize) + 1
+	}
+	// Spread symbols
+	s.zeroBits = false
+	{
+		step := tableStep(tableSize)
+		tableMask := tableSize - 1
+		var position uint32
+		// if any symbol > largeLimit, we may have 0 bits output.
+		largeLimit := int16(1 << (s.actualTableLog - 1))
+		for ui, v := range s.norm[:s.symbolLen] {
+			symbol := byte(ui)
+			if v > largeLimit {
+				s.zeroBits = true
+			}
+			for nbOccurrences := int16(0); nbOccurrences < v; nbOccurrences++ {
+				tableSymbol[position] = symbol
+				position = (position + step) & tableMask
+				for position > highThreshold {
+					position = (position + step) & tableMask
+				} /* Low proba area */
+			}
+		}
+
+		// Check if we have gone through all positions
+		if position != 0 {
+			return errors.New("position!=0")
+		}
+	}
+
+	// Build table
+	table := s.ct.stateTable
+	{
+		tsi := int(tableSize)
+		for u, v := range tableSymbol {
+			// TableU16 : sorted by symbol order; gives next state value
+			table[cumul[v]] = uint16(tsi + u)
+			cumul[v]++
+		}
+	}
+
+	// Build Symbol Transformation Table
+	{
+		total := int16(0)
+		symbolTT := s.ct.symbolTT[:s.symbolLen]
+		tableLog := s.actualTableLog
+		tl := (uint32(tableLog) << 16) - (1 << tableLog)
+		for i, v := range s.norm[:s.symbolLen] {
+			switch v {
+			case 0:
+			case -1, 1:
+				symbolTT[i].deltaNbBits = tl
+				symbolTT[i].deltaFindState = int32(total - 1)
+				total++
+			default:
+				maxBitsOut := uint32(tableLog) - highBits(uint32(v-1))
+				minStatePlus := uint32(v) << maxBitsOut
+				symbolTT[i].deltaNbBits = (maxBitsOut << 16) - minStatePlus
+				symbolTT[i].deltaFindState = int32(total - v)
+				total += v
+			}
+		}
+		if total != int16(tableSize) {
+			return fmt.Errorf("total mismatch %d (got) != %d (want)", total, tableSize)
+		}
+	}
+	return nil
+}
+
+// countSimple will create a simple histogram in s.count.
+// Returns the biggest count.
+// Does not update s.clearCount.
+func (s *Scratch) countSimple(in []byte) (max int) {
+	for _, v := range in {
+		s.count[v]++
+	}
+	m := uint32(0)
+	for i, v := range s.count[:] {
+		if v > m {
+			m = v
+		}
+		if v > 0 {
+			s.symbolLen = uint16(i) + 1
+		}
+	}
+	return int(m)
+}
+
+// minTableLog provides the minimum logSize to safely represent a distribution.
+func (s *Scratch) minTableLog() uint8 {
+	minBitsSrc := highBits(uint32(s.br.remain()-1)) + 1
+	minBitsSymbols := highBits(uint32(s.symbolLen-1)) + 2
+	if minBitsSrc < minBitsSymbols {
+		return uint8(minBitsSrc)
+	}
+	return uint8(minBitsSymbols)
+}
+
+// optimalTableLog calculates and sets the optimal tableLog in s.actualTableLog
+func (s *Scratch) optimalTableLog() {
+	tableLog := s.TableLog
+	minBits := s.minTableLog()
+	maxBitsSrc := uint8(highBits(uint32(s.br.remain()-1))) - 2
+	if maxBitsSrc < tableLog {
+		// Accuracy can be reduced
+		tableLog = maxBitsSrc
+	}
+	if minBits > tableLog {
+		tableLog = minBits
+	}
+	// Need a minimum to safely represent all symbol values
+	if tableLog < minTablelog {
+		tableLog = minTablelog
+	}
+	if tableLog > maxTableLog {
+		tableLog = maxTableLog
+	}
+	s.actualTableLog = tableLog
+}
+
+var rtbTable = [...]uint32{0, 473195, 504333, 520860, 550000, 700000, 750000, 830000}
+
+// normalizeCount will normalize the count of the symbols so
+// the total is equal to the table size.
+func (s *Scratch) normalizeCount() error {
+	var (
+		tableLog          = s.actualTableLog
+		scale             = 62 - uint64(tableLog)
+		step              = (1 << 62) / uint64(s.br.remain())
+		vStep             = uint64(1) << (scale - 20)
+		stillToDistribute = int16(1 << tableLog)
+		largest           int
+		largestP          int16
+		lowThreshold      = (uint32)(s.br.remain() >> tableLog)
+	)
+
+	for i, cnt := range s.count[:s.symbolLen] {
+		// already handled
+		// if (count[s] == s.length) return 0;   /* rle special case */
+
+		if cnt == 0 {
+			s.norm[i] = 0
+			continue
+		}
+		if cnt <= lowThreshold {
+			s.norm[i] = -1
+			stillToDistribute--
+		} else {
+			proba := (int16)((uint64(cnt) * step) >> scale)
+			if proba < 8 {
+				restToBeat := vStep * uint64(rtbTable[proba])
+				v := uint64(cnt)*step - (uint64(proba) << scale)
+				if v > restToBeat {
+					proba++
+				}
+			}
+			if proba > largestP {
+				largestP = proba
+				largest = i
+			}
+			s.norm[i] = proba
+			stillToDistribute -= proba
+		}
+	}
+
+	if -stillToDistribute >= (s.norm[largest] >> 1) {
+		// corner case, need another normalization method
+		return s.normalizeCount2()
+	}
+	s.norm[largest] += stillToDistribute
+	return nil
+}
+
+// Secondary normalization method.
+// To be used when primary method fails.
+func (s *Scratch) normalizeCount2() error {
+	const notYetAssigned = -2
+	var (
+		distributed  uint32
+		total        = uint32(s.br.remain())
+		tableLog     = s.actualTableLog
+		lowThreshold = total >> tableLog
+		lowOne       = (total * 3) >> (tableLog + 1)
+	)
+	for i, cnt := range s.count[:s.symbolLen] {
+		if cnt == 0 {
+			s.norm[i] = 0
+			continue
+		}
+		if cnt <= lowThreshold {
+			s.norm[i] = -1
+			distributed++
+			total -= cnt
+			continue
+		}
+		if cnt <= lowOne {
+			s.norm[i] = 1
+			distributed++
+			total -= cnt
+			continue
+		}
+		s.norm[i] = notYetAssigned
+	}
+	toDistribute := (1 << tableLog) - distributed
+
+	if (total / toDistribute) > lowOne {
+		// risk of rounding to zero
+		lowOne = (total * 3) / (toDistribute * 2)
+		for i, cnt := range s.count[:s.symbolLen] {
+			if (s.norm[i] == notYetAssigned) && (cnt <= lowOne) {
+				s.norm[i] = 1
+				distributed++
+				total -= cnt
+				continue
+			}
+		}
+		toDistribute = (1 << tableLog) - distributed
+	}
+	if distributed == uint32(s.symbolLen)+1 {
+		// all values are pretty poor;
+		//   probably incompressible data (should have already been detected);
+		//   find max, then give all remaining points to max
+		var maxV int
+		var maxC uint32
+		for i, cnt := range s.count[:s.symbolLen] {
+			if cnt > maxC {
+				maxV = i
+				maxC = cnt
+			}
+		}
+		s.norm[maxV] += int16(toDistribute)
+		return nil
+	}
+
+	if total == 0 {
+		// all of the symbols were low enough for the lowOne or lowThreshold
+		for i := uint32(0); toDistribute > 0; i = (i + 1) % (uint32(s.symbolLen)) {
+			if s.norm[i] > 0 {
+				toDistribute--
+				s.norm[i]++
+			}
+		}
+		return nil
+	}
+
+	var (
+		vStepLog = 62 - uint64(tableLog)
+		mid      = uint64((1 << (vStepLog - 1)) - 1)
+		rStep    = (((1 << vStepLog) * uint64(toDistribute)) + mid) / uint64(total) // scale on remaining
+		tmpTotal = mid
+	)
+	for i, cnt := range s.count[:s.symbolLen] {
+		if s.norm[i] == notYetAssigned {
+			var (
+				end    = tmpTotal + uint64(cnt)*rStep
+				sStart = uint32(tmpTotal >> vStepLog)
+				sEnd   = uint32(end >> vStepLog)
+				weight = sEnd - sStart
+			)
+			if weight < 1 {
+				return errors.New("weight < 1")
+			}
+			s.norm[i] = int16(weight)
+			tmpTotal = end
+		}
+	}
+	return nil
+}
+
+// validateNorm validates the normalized histogram table.
+func (s *Scratch) validateNorm() (err error) {
+	var total int
+	for _, v := range s.norm[:s.symbolLen] {
+		if v >= 0 {
+			total += int(v)
+		} else {
+			total -= int(v)
+		}
+	}
+	defer func() {
+		if err == nil {
+			return
+		}
+		fmt.Printf("selected TableLog: %d, Symbol length: %d\n", s.actualTableLog, s.symbolLen)
+		for i, v := range s.norm[:s.symbolLen] {
+			fmt.Printf("%3d: %5d -> %4d \n", i, s.count[i], v)
+		}
+	}()
+	if total != (1 << s.actualTableLog) {
+		return fmt.Errorf("warning: Total == %d != %d", total, 1<<s.actualTableLog)
+	}
+	for i, v := range s.count[s.symbolLen:] {
+		if v != 0 {
+			return fmt.Errorf("warning: Found symbol out of range, %d after cut", i)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/klauspost/compress/fse/decompress.go b/vendor/github.com/klauspost/compress/fse/decompress.go
new file mode 100644
index 0000000000000..926f5f15356a4
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/fse/decompress.go
@@ -0,0 +1,374 @@
+package fse
+
+import (
+	"errors"
+	"fmt"
+)
+
+const (
+	tablelogAbsoluteMax = 15
+)
+
+// Decompress a block of data.
+// You can provide a scratch buffer to avoid allocations.
+// If nil is provided a temporary one will be allocated.
+// It is possible, but by no way guaranteed that corrupt data will
+// return an error.
+// It is up to the caller to verify integrity of the returned data.
+// Use a predefined Scrach to set maximum acceptable output size.
+func Decompress(b []byte, s *Scratch) ([]byte, error) {
+	s, err := s.prepare(b)
+	if err != nil {
+		return nil, err
+	}
+	s.Out = s.Out[:0]
+	err = s.readNCount()
+	if err != nil {
+		return nil, err
+	}
+	err = s.buildDtable()
+	if err != nil {
+		return nil, err
+	}
+	err = s.decompress()
+	if err != nil {
+		return nil, err
+	}
+
+	return s.Out, nil
+}
+
+// readNCount will read the symbol distribution so decoding tables can be constructed.
+func (s *Scratch) readNCount() error {
+	var (
+		charnum   uint16
+		previous0 bool
+		b         = &s.br
+	)
+	iend := b.remain()
+	if iend < 4 {
+		return errors.New("input too small")
+	}
+	bitStream := b.Uint32()
+	nbBits := uint((bitStream & 0xF) + minTablelog) // extract tableLog
+	if nbBits > tablelogAbsoluteMax {
+		return errors.New("tableLog too large")
+	}
+	bitStream >>= 4
+	bitCount := uint(4)
+
+	s.actualTableLog = uint8(nbBits)
+	remaining := int32((1 << nbBits) + 1)
+	threshold := int32(1 << nbBits)
+	gotTotal := int32(0)
+	nbBits++
+
+	for remaining > 1 {
+		if previous0 {
+			n0 := charnum
+			for (bitStream & 0xFFFF) == 0xFFFF {
+				n0 += 24
+				if b.off < iend-5 {
+					b.advance(2)
+					bitStream = b.Uint32() >> bitCount
+				} else {
+					bitStream >>= 16
+					bitCount += 16
+				}
+			}
+			for (bitStream & 3) == 3 {
+				n0 += 3
+				bitStream >>= 2
+				bitCount += 2
+			}
+			n0 += uint16(bitStream & 3)
+			bitCount += 2
+			if n0 > maxSymbolValue {
+				return errors.New("maxSymbolValue too small")
+			}
+			for charnum < n0 {
+				s.norm[charnum&0xff] = 0
+				charnum++
+			}
+
+			if b.off <= iend-7 || b.off+int(bitCount>>3) <= iend-4 {
+				b.advance(bitCount >> 3)
+				bitCount &= 7
+				bitStream = b.Uint32() >> bitCount
+			} else {
+				bitStream >>= 2
+			}
+		}
+
+		max := (2*(threshold) - 1) - (remaining)
+		var count int32
+
+		if (int32(bitStream) & (threshold - 1)) < max {
+			count = int32(bitStream) & (threshold - 1)
+			bitCount += nbBits - 1
+		} else {
+			count = int32(bitStream) & (2*threshold - 1)
+			if count >= threshold {
+				count -= max
+			}
+			bitCount += nbBits
+		}
+
+		count-- // extra accuracy
+		if count < 0 {
+			// -1 means +1
+			remaining += count
+			gotTotal -= count
+		} else {
+			remaining -= count
+			gotTotal += count
+		}
+		s.norm[charnum&0xff] = int16(count)
+		charnum++
+		previous0 = count == 0
+		for remaining < threshold {
+			nbBits--
+			threshold >>= 1
+		}
+		if b.off <= iend-7 || b.off+int(bitCount>>3) <= iend-4 {
+			b.advance(bitCount >> 3)
+			bitCount &= 7
+		} else {
+			bitCount -= (uint)(8 * (len(b.b) - 4 - b.off))
+			b.off = len(b.b) - 4
+		}
+		bitStream = b.Uint32() >> (bitCount & 31)
+	}
+	s.symbolLen = charnum
+
+	if s.symbolLen <= 1 {
+		return fmt.Errorf("symbolLen (%d) too small", s.symbolLen)
+	}
+	if s.symbolLen > maxSymbolValue+1 {
+		return fmt.Errorf("symbolLen (%d) too big", s.symbolLen)
+	}
+	if remaining != 1 {
+		return fmt.Errorf("corruption detected (remaining %d != 1)", remaining)
+	}
+	if bitCount > 32 {
+		return fmt.Errorf("corruption detected (bitCount %d > 32)", bitCount)
+	}
+	if gotTotal != 1<<s.actualTableLog {
+		return fmt.Errorf("corruption detected (total %d != %d)", gotTotal, 1<<s.actualTableLog)
+	}
+	b.advance((bitCount + 7) >> 3)
+	return nil
+}
+
+// decSymbol contains information about a state entry,
+// Including the state offset base, the output symbol and
+// the number of bits to read for the low part of the destination state.
+type decSymbol struct {
+	newState uint16
+	symbol   uint8
+	nbBits   uint8
+}
+
+// allocDtable will allocate decoding tables if they are not big enough.
+func (s *Scratch) allocDtable() {
+	tableSize := 1 << s.actualTableLog
+	if cap(s.decTable) < tableSize {
+		s.decTable = make([]decSymbol, tableSize)
+	}
+	s.decTable = s.decTable[:tableSize]
+
+	if cap(s.ct.tableSymbol) < 256 {
+		s.ct.tableSymbol = make([]byte, 256)
+	}
+	s.ct.tableSymbol = s.ct.tableSymbol[:256]
+
+	if cap(s.ct.stateTable) < 256 {
+		s.ct.stateTable = make([]uint16, 256)
+	}
+	s.ct.stateTable = s.ct.stateTable[:256]
+}
+
+// buildDtable will build the decoding table.
+func (s *Scratch) buildDtable() error {
+	tableSize := uint32(1 << s.actualTableLog)
+	highThreshold := tableSize - 1
+	s.allocDtable()
+	symbolNext := s.ct.stateTable[:256]
+
+	// Init, lay down lowprob symbols
+	s.zeroBits = false
+	{
+		largeLimit := int16(1 << (s.actualTableLog - 1))
+		for i, v := range s.norm[:s.symbolLen] {
+			if v == -1 {
+				s.decTable[highThreshold].symbol = uint8(i)
+				highThreshold--
+				symbolNext[i] = 1
+			} else {
+				if v >= largeLimit {
+					s.zeroBits = true
+				}
+				symbolNext[i] = uint16(v)
+			}
+		}
+	}
+	// Spread symbols
+	{
+		tableMask := tableSize - 1
+		step := tableStep(tableSize)
+		position := uint32(0)
+		for ss, v := range s.norm[:s.symbolLen] {
+			for i := 0; i < int(v); i++ {
+				s.decTable[position].symbol = uint8(ss)
+				position = (position + step) & tableMask
+				for position > highThreshold {
+					// lowprob area
+					position = (position + step) & tableMask
+				}
+			}
+		}
+		if position != 0 {
+			// position must reach all cells once, otherwise normalizedCounter is incorrect
+			return errors.New("corrupted input (position != 0)")
+		}
+	}
+
+	// Build Decoding table
+	{
+		tableSize := uint16(1 << s.actualTableLog)
+		for u, v := range s.decTable {
+			symbol := v.symbol
+			nextState := symbolNext[symbol]
+			symbolNext[symbol] = nextState + 1
+			nBits := s.actualTableLog - byte(highBits(uint32(nextState)))
+			s.decTable[u].nbBits = nBits
+			newState := (nextState << nBits) - tableSize
+			if newState >= tableSize {
+				return fmt.Errorf("newState (%d) outside table size (%d)", newState, tableSize)
+			}
+			if newState == uint16(u) && nBits == 0 {
+				// Seems weird that this is possible with nbits > 0.
+				return fmt.Errorf("newState (%d) == oldState (%d) and no bits", newState, u)
+			}
+			s.decTable[u].newState = newState
+		}
+	}
+	return nil
+}
+
+// decompress will decompress the bitstream.
+// If the buffer is over-read an error is returned.
+func (s *Scratch) decompress() error {
+	br := &s.bits
+	br.init(s.br.unread())
+
+	var s1, s2 decoder
+	// Initialize and decode first state and symbol.
+	s1.init(br, s.decTable, s.actualTableLog)
+	s2.init(br, s.decTable, s.actualTableLog)
+
+	// Use temp table to avoid bound checks/append penalty.
+	var tmp = s.ct.tableSymbol[:256]
+	var off uint8
+
+	// Main part
+	if !s.zeroBits {
+		for br.off >= 8 {
+			br.fillFast()
+			tmp[off+0] = s1.nextFast()
+			tmp[off+1] = s2.nextFast()
+			br.fillFast()
+			tmp[off+2] = s1.nextFast()
+			tmp[off+3] = s2.nextFast()
+			off += 4
+			// When off is 0, we have overflowed and should write.
+			if off == 0 {
+				s.Out = append(s.Out, tmp...)
+				if len(s.Out) >= s.DecompressLimit {
+					return fmt.Errorf("output size (%d) > DecompressLimit (%d)", len(s.Out), s.DecompressLimit)
+				}
+			}
+		}
+	} else {
+		for br.off >= 8 {
+			br.fillFast()
+			tmp[off+0] = s1.next()
+			tmp[off+1] = s2.next()
+			br.fillFast()
+			tmp[off+2] = s1.next()
+			tmp[off+3] = s2.next()
+			off += 4
+			if off == 0 {
+				s.Out = append(s.Out, tmp...)
+				// When off is 0, we have overflowed and should write.
+				if len(s.Out) >= s.DecompressLimit {
+					return fmt.Errorf("output size (%d) > DecompressLimit (%d)", len(s.Out), s.DecompressLimit)
+				}
+			}
+		}
+	}
+	s.Out = append(s.Out, tmp[:off]...)
+
+	// Final bits, a bit more expensive check
+	for {
+		if s1.finished() {
+			s.Out = append(s.Out, s1.final(), s2.final())
+			break
+		}
+		br.fill()
+		s.Out = append(s.Out, s1.next())
+		if s2.finished() {
+			s.Out = append(s.Out, s2.final(), s1.final())
+			break
+		}
+		s.Out = append(s.Out, s2.next())
+		if len(s.Out) >= s.DecompressLimit {
+			return fmt.Errorf("output size (%d) > DecompressLimit (%d)", len(s.Out), s.DecompressLimit)
+		}
+	}
+	return br.close()
+}
+
+// decoder keeps track of the current state and updates it from the bitstream.
+type decoder struct {
+	state uint16
+	br    *bitReader
+	dt    []decSymbol
+}
+
+// init will initialize the decoder and read the first state from the stream.
+func (d *decoder) init(in *bitReader, dt []decSymbol, tableLog uint8) {
+	d.dt = dt
+	d.br = in
+	d.state = in.getBits(tableLog)
+}
+
+// next returns the next symbol and sets the next state.
+// At least tablelog bits must be available in the bit reader.
+func (d *decoder) next() uint8 {
+	n := &d.dt[d.state]
+	lowBits := d.br.getBits(n.nbBits)
+	d.state = n.newState + lowBits
+	return n.symbol
+}
+
+// finished returns true if all bits have been read from the bitstream
+// and the next state would require reading bits from the input.
+func (d *decoder) finished() bool {
+	return d.br.finished() && d.dt[d.state].nbBits > 0
+}
+
+// final returns the current state symbol without decoding the next.
+func (d *decoder) final() uint8 {
+	return d.dt[d.state].symbol
+}
+
+// nextFast returns the next symbol and sets the next state.
+// This can only be used if no symbols are 0 bits.
+// At least tablelog bits must be available in the bit reader.
+func (d *decoder) nextFast() uint8 {
+	n := d.dt[d.state]
+	lowBits := d.br.getBitsFast(n.nbBits)
+	d.state = n.newState + lowBits
+	return n.symbol
+}
diff --git a/vendor/github.com/klauspost/compress/fse/fse.go b/vendor/github.com/klauspost/compress/fse/fse.go
new file mode 100644
index 0000000000000..535cbadfdea19
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/fse/fse.go
@@ -0,0 +1,144 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+// Package fse provides Finite State Entropy encoding and decoding.
+//
+// Finite State Entropy encoding provides a fast near-optimal symbol encoding/decoding
+// for byte blocks as implemented in zstd.
+//
+// See https://github.com/klauspost/compress/tree/master/fse for more information.
+package fse
+
+import (
+	"errors"
+	"fmt"
+	"math/bits"
+)
+
+const (
+	/*!MEMORY_USAGE :
+	 *  Memory usage formula : N->2^N Bytes (examples : 10 -> 1KB; 12 -> 4KB ; 16 -> 64KB; 20 -> 1MB; etc.)
+	 *  Increasing memory usage improves compression ratio
+	 *  Reduced memory usage can improve speed, due to cache effect
+	 *  Recommended max value is 14, for 16KB, which nicely fits into Intel x86 L1 cache */
+	maxMemoryUsage     = 14
+	defaultMemoryUsage = 13
+
+	maxTableLog     = maxMemoryUsage - 2
+	maxTablesize    = 1 << maxTableLog
+	defaultTablelog = defaultMemoryUsage - 2
+	minTablelog     = 5
+	maxSymbolValue  = 255
+)
+
+var (
+	// ErrIncompressible is returned when input is judged to be too hard to compress.
+	ErrIncompressible = errors.New("input is not compressible")
+
+	// ErrUseRLE is returned from the compressor when the input is a single byte value repeated.
+	ErrUseRLE = errors.New("input is single value repeated")
+)
+
+// Scratch provides temporary storage for compression and decompression.
+type Scratch struct {
+	// Private
+	count    [maxSymbolValue + 1]uint32
+	norm     [maxSymbolValue + 1]int16
+	br       byteReader
+	bits     bitReader
+	bw       bitWriter
+	ct       cTable      // Compression tables.
+	decTable []decSymbol // Decompression table.
+	maxCount int         // count of the most probable symbol
+
+	// Per block parameters.
+	// These can be used to override compression parameters of the block.
+	// Do not touch, unless you know what you are doing.
+
+	// Out is output buffer.
+	// If the scratch is re-used before the caller is done processing the output,
+	// set this field to nil.
+	// Otherwise the output buffer will be re-used for next Compression/Decompression step
+	// and allocation will be avoided.
+	Out []byte
+
+	// DecompressLimit limits the maximum decoded size acceptable.
+	// If > 0 decompression will stop when approximately this many bytes
+	// has been decoded.
+	// If 0, maximum size will be 2GB.
+	DecompressLimit int
+
+	symbolLen      uint16 // Length of active part of the symbol table.
+	actualTableLog uint8  // Selected tablelog.
+	zeroBits       bool   // no bits has prob > 50%.
+	clearCount     bool   // clear count
+
+	// MaxSymbolValue will override the maximum symbol value of the next block.
+	MaxSymbolValue uint8
+
+	// TableLog will attempt to override the tablelog for the next block.
+	TableLog uint8
+}
+
+// Histogram allows to populate the histogram and skip that step in the compression,
+// It otherwise allows to inspect the histogram when compression is done.
+// To indicate that you have populated the histogram call HistogramFinished
+// with the value of the highest populated symbol, as well as the number of entries
+// in the most populated entry. These are accepted at face value.
+// The returned slice will always be length 256.
+func (s *Scratch) Histogram() []uint32 {
+	return s.count[:]
+}
+
+// HistogramFinished can be called to indicate that the histogram has been populated.
+// maxSymbol is the index of the highest set symbol of the next data segment.
+// maxCount is the number of entries in the most populated entry.
+// These are accepted at face value.
+func (s *Scratch) HistogramFinished(maxSymbol uint8, maxCount int) {
+	s.maxCount = maxCount
+	s.symbolLen = uint16(maxSymbol) + 1
+	s.clearCount = maxCount != 0
+}
+
+// prepare will prepare and allocate scratch tables used for both compression and decompression.
+func (s *Scratch) prepare(in []byte) (*Scratch, error) {
+	if s == nil {
+		s = &Scratch{}
+	}
+	if s.MaxSymbolValue == 0 {
+		s.MaxSymbolValue = 255
+	}
+	if s.TableLog == 0 {
+		s.TableLog = defaultTablelog
+	}
+	if s.TableLog > maxTableLog {
+		return nil, fmt.Errorf("tableLog (%d) > maxTableLog (%d)", s.TableLog, maxTableLog)
+	}
+	if cap(s.Out) == 0 {
+		s.Out = make([]byte, 0, len(in))
+	}
+	if s.clearCount && s.maxCount == 0 {
+		for i := range s.count {
+			s.count[i] = 0
+		}
+		s.clearCount = false
+	}
+	s.br.init(in)
+	if s.DecompressLimit == 0 {
+		// Max size 2GB.
+		s.DecompressLimit = (2 << 30) - 1
+	}
+
+	return s, nil
+}
+
+// tableStep returns the next table index.
+func tableStep(tableSize uint32) uint32 {
+	return (tableSize >> 1) + (tableSize >> 3) + 3
+}
+
+func highBits(val uint32) (n uint32) {
+	return uint32(bits.Len32(val) - 1)
+}
diff --git a/vendor/github.com/klauspost/compress/go.mod b/vendor/github.com/klauspost/compress/go.mod
new file mode 100644
index 0000000000000..e25f1c985ec65
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/go.mod
@@ -0,0 +1,3 @@
+module github.com/klauspost/compress
+
+go 1.13
diff --git a/vendor/github.com/klauspost/compress/huff0/README.md b/vendor/github.com/klauspost/compress/huff0/README.md
new file mode 100644
index 0000000000000..8b6e5c66383d7
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/huff0/README.md
@@ -0,0 +1,89 @@
+# Huff0 entropy compression
+
+This package provides Huff0 encoding and decoding as used in zstd.
+            
+[Huff0](https://github.com/Cyan4973/FiniteStateEntropy#new-generation-entropy-coders), 
+a Huffman codec designed for modern CPU, featuring OoO (Out of Order) operations on multiple ALU 
+(Arithmetic Logic Unit), achieving extremely fast compression and decompression speeds.
+
+This can be used for compressing input with a lot of similar input values to the smallest number of bytes.
+This does not perform any multi-byte [dictionary coding](https://en.wikipedia.org/wiki/Dictionary_coder) as LZ coders,
+but it can be used as a secondary step to compressors (like Snappy) that does not do entropy encoding. 
+
+* [Godoc documentation](https://godoc.org/github.com/klauspost/compress/huff0)
+
+## News
+
+This is used as part of the [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and decompression package.
+
+This ensures that most functionality is well tested.
+
+# Usage
+
+This package provides a low level interface that allows to compress single independent blocks. 
+
+Each block is separate, and there is no built in integrity checks. 
+This means that the caller should keep track of block sizes and also do checksums if needed.  
+
+Compressing a block is done via the [`Compress1X`](https://godoc.org/github.com/klauspost/compress/huff0#Compress1X) and 
+[`Compress4X`](https://godoc.org/github.com/klauspost/compress/huff0#Compress4X) functions.
+You must provide input and will receive the output and maybe an error.
+
+These error values can be returned:
+
+| Error               | Description                                                                 |
+|---------------------|-----------------------------------------------------------------------------|
+| `<nil>`             | Everything ok, output is returned                                           |
+| `ErrIncompressible` | Returned when input is judged to be too hard to compress                    |
+| `ErrUseRLE`         | Returned from the compressor when the input is a single byte value repeated |
+| `ErrTooBig`         | Returned if the input block exceeds the maximum allowed size (128 Kib)      |
+| `(error)`           | An internal error occurred.                                                 |
+
+
+As can be seen above some of there are errors that will be returned even under normal operation so it is important to handle these.
+
+To reduce allocations you can provide a [`Scratch`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch) object 
+that can be re-used for successive calls. Both compression and decompression accepts a `Scratch` object, and the same 
+object can be used for both.   
+
+Be aware, that when re-using a `Scratch` object that the *output* buffer is also re-used, so if you are still using this
+you must set the `Out` field in the scratch to nil. The same buffer is used for compression and decompression output.
+
+The `Scratch` object will retain state that allows to re-use previous tables for encoding and decoding.  
+
+## Tables and re-use
+
+Huff0 allows for reusing tables from the previous block to save space if that is expected to give better/faster results. 
+
+The Scratch object allows you to set a [`ReusePolicy`](https://godoc.org/github.com/klauspost/compress/huff0#ReusePolicy) 
+that controls this behaviour. See the documentation for details. This can be altered between each block.
+
+Do however note that this information is *not* stored in the output block and it is up to the users of the package to
+record whether [`ReadTable`](https://godoc.org/github.com/klauspost/compress/huff0#ReadTable) should be called,
+based on the boolean reported back from the CompressXX call. 
+
+If you want to store the table separate from the data, you can access them as `OutData` and `OutTable` on the 
+[`Scratch`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch) object.
+
+## Decompressing
+
+The first part of decoding is to initialize the decoding table through [`ReadTable`](https://godoc.org/github.com/klauspost/compress/huff0#ReadTable).
+This will initialize the decoding tables. 
+You can supply the complete block to `ReadTable` and it will return the data part of the block 
+which can be given to the decompressor. 
+
+Decompressing is done by calling the [`Decompress1X`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch.Decompress1X) 
+or [`Decompress4X`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch.Decompress4X) function.
+
+For concurrently decompressing content with a fixed table a stateless [`Decoder`](https://godoc.org/github.com/klauspost/compress/huff0#Decoder) can be requested which will remain correct as long as the scratch is unchanged. The capacity of the provided slice indicates the expected output size.
+
+You must provide the output from the compression stage, at exactly the size you got back. If you receive an error back
+your input was likely corrupted. 
+
+It is important to note that a successful decoding does *not* mean your output matches your original input. 
+There are no integrity checks, so relying on errors from the decompressor does not assure your data is valid.
+
+# Contributing
+
+Contributions are always welcome. Be aware that adding public functions will require good justification and breaking 
+changes will likely not be accepted. If in doubt open an issue before writing the PR.
diff --git a/vendor/github.com/klauspost/compress/huff0/bitreader.go b/vendor/github.com/klauspost/compress/huff0/bitreader.go
new file mode 100644
index 0000000000000..a4979e8868a52
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/huff0/bitreader.go
@@ -0,0 +1,329 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+package huff0
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+// bitReader reads a bitstream in reverse.
+// The last set bit indicates the start of the stream and is used
+// for aligning the input.
+type bitReader struct {
+	in       []byte
+	off      uint // next byte to read is at in[off - 1]
+	value    uint64
+	bitsRead uint8
+}
+
+// init initializes and resets the bit reader.
+func (b *bitReader) init(in []byte) error {
+	if len(in) < 1 {
+		return errors.New("corrupt stream: too short")
+	}
+	b.in = in
+	b.off = uint(len(in))
+	// The highest bit of the last byte indicates where to start
+	v := in[len(in)-1]
+	if v == 0 {
+		return errors.New("corrupt stream, did not find end of stream")
+	}
+	b.bitsRead = 64
+	b.value = 0
+	if len(in) >= 8 {
+		b.fillFastStart()
+	} else {
+		b.fill()
+		b.fill()
+	}
+	b.bitsRead += 8 - uint8(highBit32(uint32(v)))
+	return nil
+}
+
+// peekBitsFast requires that at least one bit is requested every time.
+// There are no checks if the buffer is filled.
+func (b *bitReader) peekBitsFast(n uint8) uint16 {
+	const regMask = 64 - 1
+	v := uint16((b.value << (b.bitsRead & regMask)) >> ((regMask + 1 - n) & regMask))
+	return v
+}
+
+// fillFast() will make sure at least 32 bits are available.
+// There must be at least 4 bytes available.
+func (b *bitReader) fillFast() {
+	if b.bitsRead < 32 {
+		return
+	}
+
+	// 2 bounds checks.
+	v := b.in[b.off-4 : b.off]
+	v = v[:4]
+	low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+	b.value = (b.value << 32) | uint64(low)
+	b.bitsRead -= 32
+	b.off -= 4
+}
+
+func (b *bitReader) advance(n uint8) {
+	b.bitsRead += n
+}
+
+// fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read.
+func (b *bitReader) fillFastStart() {
+	// Do single re-slice to avoid bounds checks.
+	b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+	b.bitsRead = 0
+	b.off -= 8
+}
+
+// fill() will make sure at least 32 bits are available.
+func (b *bitReader) fill() {
+	if b.bitsRead < 32 {
+		return
+	}
+	if b.off > 4 {
+		v := b.in[b.off-4:]
+		v = v[:4]
+		low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+		b.value = (b.value << 32) | uint64(low)
+		b.bitsRead -= 32
+		b.off -= 4
+		return
+	}
+	for b.off > 0 {
+		b.value = (b.value << 8) | uint64(b.in[b.off-1])
+		b.bitsRead -= 8
+		b.off--
+	}
+}
+
+// finished returns true if all bits have been read from the bit stream.
+func (b *bitReader) finished() bool {
+	return b.off == 0 && b.bitsRead >= 64
+}
+
+// close the bitstream and returns an error if out-of-buffer reads occurred.
+func (b *bitReader) close() error {
+	// Release reference.
+	b.in = nil
+	if b.bitsRead > 64 {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+
+// bitReader reads a bitstream in reverse.
+// The last set bit indicates the start of the stream and is used
+// for aligning the input.
+type bitReaderBytes struct {
+	in       []byte
+	off      uint // next byte to read is at in[off - 1]
+	value    uint64
+	bitsRead uint8
+}
+
+// init initializes and resets the bit reader.
+func (b *bitReaderBytes) init(in []byte) error {
+	if len(in) < 1 {
+		return errors.New("corrupt stream: too short")
+	}
+	b.in = in
+	b.off = uint(len(in))
+	// The highest bit of the last byte indicates where to start
+	v := in[len(in)-1]
+	if v == 0 {
+		return errors.New("corrupt stream, did not find end of stream")
+	}
+	b.bitsRead = 64
+	b.value = 0
+	if len(in) >= 8 {
+		b.fillFastStart()
+	} else {
+		b.fill()
+		b.fill()
+	}
+	b.advance(8 - uint8(highBit32(uint32(v))))
+	return nil
+}
+
+// peekBitsFast requires that at least one bit is requested every time.
+// There are no checks if the buffer is filled.
+func (b *bitReaderBytes) peekByteFast() uint8 {
+	got := uint8(b.value >> 56)
+	return got
+}
+
+func (b *bitReaderBytes) advance(n uint8) {
+	b.bitsRead += n
+	b.value <<= n & 63
+}
+
+// fillFast() will make sure at least 32 bits are available.
+// There must be at least 4 bytes available.
+func (b *bitReaderBytes) fillFast() {
+	if b.bitsRead < 32 {
+		return
+	}
+
+	// 2 bounds checks.
+	v := b.in[b.off-4 : b.off]
+	v = v[:4]
+	low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+	b.value |= uint64(low) << (b.bitsRead - 32)
+	b.bitsRead -= 32
+	b.off -= 4
+}
+
+// fillFastStart() assumes the bitReaderBytes is empty and there is at least 8 bytes to read.
+func (b *bitReaderBytes) fillFastStart() {
+	// Do single re-slice to avoid bounds checks.
+	b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+	b.bitsRead = 0
+	b.off -= 8
+}
+
+// fill() will make sure at least 32 bits are available.
+func (b *bitReaderBytes) fill() {
+	if b.bitsRead < 32 {
+		return
+	}
+	if b.off > 4 {
+		v := b.in[b.off-4:]
+		v = v[:4]
+		low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+		b.value |= uint64(low) << (b.bitsRead - 32)
+		b.bitsRead -= 32
+		b.off -= 4
+		return
+	}
+	for b.off > 0 {
+		b.value |= uint64(b.in[b.off-1]) << (b.bitsRead - 8)
+		b.bitsRead -= 8
+		b.off--
+	}
+}
+
+// finished returns true if all bits have been read from the bit stream.
+func (b *bitReaderBytes) finished() bool {
+	return b.off == 0 && b.bitsRead >= 64
+}
+
+// close the bitstream and returns an error if out-of-buffer reads occurred.
+func (b *bitReaderBytes) close() error {
+	// Release reference.
+	b.in = nil
+	if b.bitsRead > 64 {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+
+// bitReaderShifted reads a bitstream in reverse.
+// The last set bit indicates the start of the stream and is used
+// for aligning the input.
+type bitReaderShifted struct {
+	in       []byte
+	off      uint // next byte to read is at in[off - 1]
+	value    uint64
+	bitsRead uint8
+}
+
+// init initializes and resets the bit reader.
+func (b *bitReaderShifted) init(in []byte) error {
+	if len(in) < 1 {
+		return errors.New("corrupt stream: too short")
+	}
+	b.in = in
+	b.off = uint(len(in))
+	// The highest bit of the last byte indicates where to start
+	v := in[len(in)-1]
+	if v == 0 {
+		return errors.New("corrupt stream, did not find end of stream")
+	}
+	b.bitsRead = 64
+	b.value = 0
+	if len(in) >= 8 {
+		b.fillFastStart()
+	} else {
+		b.fill()
+		b.fill()
+	}
+	b.advance(8 - uint8(highBit32(uint32(v))))
+	return nil
+}
+
+// peekBitsFast requires that at least one bit is requested every time.
+// There are no checks if the buffer is filled.
+func (b *bitReaderShifted) peekBitsFast(n uint8) uint16 {
+	return uint16(b.value >> ((64 - n) & 63))
+}
+
+func (b *bitReaderShifted) advance(n uint8) {
+	b.bitsRead += n
+	b.value <<= n & 63
+}
+
+// fillFast() will make sure at least 32 bits are available.
+// There must be at least 4 bytes available.
+func (b *bitReaderShifted) fillFast() {
+	if b.bitsRead < 32 {
+		return
+	}
+
+	// 2 bounds checks.
+	v := b.in[b.off-4 : b.off]
+	v = v[:4]
+	low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+	b.value |= uint64(low) << ((b.bitsRead - 32) & 63)
+	b.bitsRead -= 32
+	b.off -= 4
+}
+
+// fillFastStart() assumes the bitReaderShifted is empty and there is at least 8 bytes to read.
+func (b *bitReaderShifted) fillFastStart() {
+	// Do single re-slice to avoid bounds checks.
+	b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+	b.bitsRead = 0
+	b.off -= 8
+}
+
+// fill() will make sure at least 32 bits are available.
+func (b *bitReaderShifted) fill() {
+	if b.bitsRead < 32 {
+		return
+	}
+	if b.off > 4 {
+		v := b.in[b.off-4:]
+		v = v[:4]
+		low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+		b.value |= uint64(low) << ((b.bitsRead - 32) & 63)
+		b.bitsRead -= 32
+		b.off -= 4
+		return
+	}
+	for b.off > 0 {
+		b.value |= uint64(b.in[b.off-1]) << ((b.bitsRead - 8) & 63)
+		b.bitsRead -= 8
+		b.off--
+	}
+}
+
+// finished returns true if all bits have been read from the bit stream.
+func (b *bitReaderShifted) finished() bool {
+	return b.off == 0 && b.bitsRead >= 64
+}
+
+// close the bitstream and returns an error if out-of-buffer reads occurred.
+func (b *bitReaderShifted) close() error {
+	// Release reference.
+	b.in = nil
+	if b.bitsRead > 64 {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
diff --git a/vendor/github.com/klauspost/compress/huff0/bitwriter.go b/vendor/github.com/klauspost/compress/huff0/bitwriter.go
new file mode 100644
index 0000000000000..6bce4e87d4ff6
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/huff0/bitwriter.go
@@ -0,0 +1,210 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+package huff0
+
+import "fmt"
+
+// bitWriter will write bits.
+// First bit will be LSB of the first byte of output.
+type bitWriter struct {
+	bitContainer uint64
+	nBits        uint8
+	out          []byte
+}
+
+// bitMask16 is bitmasks. Has extra to avoid bounds check.
+var bitMask16 = [32]uint16{
+	0, 1, 3, 7, 0xF, 0x1F,
+	0x3F, 0x7F, 0xFF, 0x1FF, 0x3FF, 0x7FF,
+	0xFFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF, 0xFFFF,
+	0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF,
+	0xFFFF, 0xFFFF} /* up to 16 bits */
+
+// addBits16NC will add up to 16 bits.
+// It will not check if there is space for them,
+// so the caller must ensure that it has flushed recently.
+func (b *bitWriter) addBits16NC(value uint16, bits uint8) {
+	b.bitContainer |= uint64(value&bitMask16[bits&31]) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// addBits16Clean will add up to 16 bits. value may not contain more set bits than indicated.
+// It will not check if there is space for them, so the caller must ensure that it has flushed recently.
+func (b *bitWriter) addBits16Clean(value uint16, bits uint8) {
+	b.bitContainer |= uint64(value) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// encSymbol will add up to 16 bits. value may not contain more set bits than indicated.
+// It will not check if there is space for them, so the caller must ensure that it has flushed recently.
+func (b *bitWriter) encSymbol(ct cTable, symbol byte) {
+	enc := ct[symbol]
+	b.bitContainer |= uint64(enc.val) << (b.nBits & 63)
+	if false {
+		if enc.nBits == 0 {
+			panic("nbits 0")
+		}
+	}
+	b.nBits += enc.nBits
+}
+
+// encTwoSymbols will add up to 32 bits. value may not contain more set bits than indicated.
+// It will not check if there is space for them, so the caller must ensure that it has flushed recently.
+func (b *bitWriter) encTwoSymbols(ct cTable, av, bv byte) {
+	encA := ct[av]
+	encB := ct[bv]
+	sh := b.nBits & 63
+	combined := uint64(encA.val) | (uint64(encB.val) << (encA.nBits & 63))
+	b.bitContainer |= combined << sh
+	if false {
+		if encA.nBits == 0 {
+			panic("nbitsA 0")
+		}
+		if encB.nBits == 0 {
+			panic("nbitsB 0")
+		}
+	}
+	b.nBits += encA.nBits + encB.nBits
+}
+
+// addBits16ZeroNC will add up to 16 bits.
+// It will not check if there is space for them,
+// so the caller must ensure that it has flushed recently.
+// This is fastest if bits can be zero.
+func (b *bitWriter) addBits16ZeroNC(value uint16, bits uint8) {
+	if bits == 0 {
+		return
+	}
+	value <<= (16 - bits) & 15
+	value >>= (16 - bits) & 15
+	b.bitContainer |= uint64(value) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// flush will flush all pending full bytes.
+// There will be at least 56 bits available for writing when this has been called.
+// Using flush32 is faster, but leaves less space for writing.
+func (b *bitWriter) flush() {
+	v := b.nBits >> 3
+	switch v {
+	case 0:
+		return
+	case 1:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+		)
+		b.bitContainer >>= 1 << 3
+	case 2:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+		)
+		b.bitContainer >>= 2 << 3
+	case 3:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+		)
+		b.bitContainer >>= 3 << 3
+	case 4:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+		)
+		b.bitContainer >>= 4 << 3
+	case 5:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+		)
+		b.bitContainer >>= 5 << 3
+	case 6:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+		)
+		b.bitContainer >>= 6 << 3
+	case 7:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+			byte(b.bitContainer>>48),
+		)
+		b.bitContainer >>= 7 << 3
+	case 8:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+			byte(b.bitContainer>>48),
+			byte(b.bitContainer>>56),
+		)
+		b.bitContainer = 0
+		b.nBits = 0
+		return
+	default:
+		panic(fmt.Errorf("bits (%d) > 64", b.nBits))
+	}
+	b.nBits &= 7
+}
+
+// flush32 will flush out, so there are at least 32 bits available for writing.
+func (b *bitWriter) flush32() {
+	if b.nBits < 32 {
+		return
+	}
+	b.out = append(b.out,
+		byte(b.bitContainer),
+		byte(b.bitContainer>>8),
+		byte(b.bitContainer>>16),
+		byte(b.bitContainer>>24))
+	b.nBits -= 32
+	b.bitContainer >>= 32
+}
+
+// flushAlign will flush remaining full bytes and align to next byte boundary.
+func (b *bitWriter) flushAlign() {
+	nbBytes := (b.nBits + 7) >> 3
+	for i := uint8(0); i < nbBytes; i++ {
+		b.out = append(b.out, byte(b.bitContainer>>(i*8)))
+	}
+	b.nBits = 0
+	b.bitContainer = 0
+}
+
+// close will write the alignment bit and write the final byte(s)
+// to the output.
+func (b *bitWriter) close() error {
+	// End mark
+	b.addBits16Clean(1, 1)
+	// flush until next byte.
+	b.flushAlign()
+	return nil
+}
+
+// reset and continue writing by appending to out.
+func (b *bitWriter) reset(out []byte) {
+	b.bitContainer = 0
+	b.nBits = 0
+	b.out = out
+}
diff --git a/vendor/github.com/klauspost/compress/huff0/bytereader.go b/vendor/github.com/klauspost/compress/huff0/bytereader.go
new file mode 100644
index 0000000000000..50bcdf6ea99ce
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/huff0/bytereader.go
@@ -0,0 +1,54 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+package huff0
+
+// byteReader provides a byte reader that reads
+// little endian values from a byte stream.
+// The input stream is manually advanced.
+// The reader performs no bounds checks.
+type byteReader struct {
+	b   []byte
+	off int
+}
+
+// init will initialize the reader and set the input.
+func (b *byteReader) init(in []byte) {
+	b.b = in
+	b.off = 0
+}
+
+// advance the stream b n bytes.
+func (b *byteReader) advance(n uint) {
+	b.off += int(n)
+}
+
+// Int32 returns a little endian int32 starting at current offset.
+func (b byteReader) Int32() int32 {
+	v3 := int32(b.b[b.off+3])
+	v2 := int32(b.b[b.off+2])
+	v1 := int32(b.b[b.off+1])
+	v0 := int32(b.b[b.off])
+	return (v3 << 24) | (v2 << 16) | (v1 << 8) | v0
+}
+
+// Uint32 returns a little endian uint32 starting at current offset.
+func (b byteReader) Uint32() uint32 {
+	v3 := uint32(b.b[b.off+3])
+	v2 := uint32(b.b[b.off+2])
+	v1 := uint32(b.b[b.off+1])
+	v0 := uint32(b.b[b.off])
+	return (v3 << 24) | (v2 << 16) | (v1 << 8) | v0
+}
+
+// unread returns the unread portion of the input.
+func (b byteReader) unread() []byte {
+	return b.b[b.off:]
+}
+
+// remain will return the number of bytes remaining.
+func (b byteReader) remain() int {
+	return len(b.b) - b.off
+}
diff --git a/vendor/github.com/klauspost/compress/huff0/compress.go b/vendor/github.com/klauspost/compress/huff0/compress.go
new file mode 100644
index 0000000000000..dea115b334135
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/huff0/compress.go
@@ -0,0 +1,657 @@
+package huff0
+
+import (
+	"fmt"
+	"runtime"
+	"sync"
+)
+
+// Compress1X will compress the input.
+// The output can be decoded using Decompress1X.
+// Supply a Scratch object. The scratch object contains state about re-use,
+// So when sharing across independent encodes, be sure to set the re-use policy.
+func Compress1X(in []byte, s *Scratch) (out []byte, reUsed bool, err error) {
+	s, err = s.prepare(in)
+	if err != nil {
+		return nil, false, err
+	}
+	return compress(in, s, s.compress1X)
+}
+
+// Compress4X will compress the input. The input is split into 4 independent blocks
+// and compressed similar to Compress1X.
+// The output can be decoded using Decompress4X.
+// Supply a Scratch object. The scratch object contains state about re-use,
+// So when sharing across independent encodes, be sure to set the re-use policy.
+func Compress4X(in []byte, s *Scratch) (out []byte, reUsed bool, err error) {
+	s, err = s.prepare(in)
+	if err != nil {
+		return nil, false, err
+	}
+	if false {
+		// TODO: compress4Xp only slightly faster.
+		const parallelThreshold = 8 << 10
+		if len(in) < parallelThreshold || runtime.GOMAXPROCS(0) == 1 {
+			return compress(in, s, s.compress4X)
+		}
+		return compress(in, s, s.compress4Xp)
+	}
+	return compress(in, s, s.compress4X)
+}
+
+func compress(in []byte, s *Scratch, compressor func(src []byte) ([]byte, error)) (out []byte, reUsed bool, err error) {
+	// Nuke previous table if we cannot reuse anyway.
+	if s.Reuse == ReusePolicyNone {
+		s.prevTable = s.prevTable[:0]
+	}
+
+	// Create histogram, if none was provided.
+	maxCount := s.maxCount
+	var canReuse = false
+	if maxCount == 0 {
+		maxCount, canReuse = s.countSimple(in)
+	} else {
+		canReuse = s.canUseTable(s.prevTable)
+	}
+
+	// We want the output size to be less than this:
+	wantSize := len(in)
+	if s.WantLogLess > 0 {
+		wantSize -= wantSize >> s.WantLogLess
+	}
+
+	// Reset for next run.
+	s.clearCount = true
+	s.maxCount = 0
+	if maxCount >= len(in) {
+		if maxCount > len(in) {
+			return nil, false, fmt.Errorf("maxCount (%d) > length (%d)", maxCount, len(in))
+		}
+		if len(in) == 1 {
+			return nil, false, ErrIncompressible
+		}
+		// One symbol, use RLE
+		return nil, false, ErrUseRLE
+	}
+	if maxCount == 1 || maxCount < (len(in)>>7) {
+		// Each symbol present maximum once or too well distributed.
+		return nil, false, ErrIncompressible
+	}
+	if s.Reuse == ReusePolicyMust && !canReuse {
+		// We must reuse, but we can't.
+		return nil, false, ErrIncompressible
+	}
+	if (s.Reuse == ReusePolicyPrefer || s.Reuse == ReusePolicyMust) && canReuse {
+		keepTable := s.cTable
+		keepTL := s.actualTableLog
+		s.cTable = s.prevTable
+		s.actualTableLog = s.prevTableLog
+		s.Out, err = compressor(in)
+		s.cTable = keepTable
+		s.actualTableLog = keepTL
+		if err == nil && len(s.Out) < wantSize {
+			s.OutData = s.Out
+			return s.Out, true, nil
+		}
+		if s.Reuse == ReusePolicyMust {
+			return nil, false, ErrIncompressible
+		}
+		// Do not attempt to re-use later.
+		s.prevTable = s.prevTable[:0]
+	}
+
+	// Calculate new table.
+	err = s.buildCTable()
+	if err != nil {
+		return nil, false, err
+	}
+
+	if false && !s.canUseTable(s.cTable) {
+		panic("invalid table generated")
+	}
+
+	if s.Reuse == ReusePolicyAllow && canReuse {
+		hSize := len(s.Out)
+		oldSize := s.prevTable.estimateSize(s.count[:s.symbolLen])
+		newSize := s.cTable.estimateSize(s.count[:s.symbolLen])
+		if oldSize <= hSize+newSize || hSize+12 >= wantSize {
+			// Retain cTable even if we re-use.
+			keepTable := s.cTable
+			keepTL := s.actualTableLog
+
+			s.cTable = s.prevTable
+			s.actualTableLog = s.prevTableLog
+			s.Out, err = compressor(in)
+
+			// Restore ctable.
+			s.cTable = keepTable
+			s.actualTableLog = keepTL
+			if err != nil {
+				return nil, false, err
+			}
+			if len(s.Out) >= wantSize {
+				return nil, false, ErrIncompressible
+			}
+			s.OutData = s.Out
+			return s.Out, true, nil
+		}
+	}
+
+	// Use new table
+	err = s.cTable.write(s)
+	if err != nil {
+		s.OutTable = nil
+		return nil, false, err
+	}
+	s.OutTable = s.Out
+
+	// Compress using new table
+	s.Out, err = compressor(in)
+	if err != nil {
+		s.OutTable = nil
+		return nil, false, err
+	}
+	if len(s.Out) >= wantSize {
+		s.OutTable = nil
+		return nil, false, ErrIncompressible
+	}
+	// Move current table into previous.
+	s.prevTable, s.prevTableLog, s.cTable = s.cTable, s.actualTableLog, s.prevTable[:0]
+	s.OutData = s.Out[len(s.OutTable):]
+	return s.Out, false, nil
+}
+
+func (s *Scratch) compress1X(src []byte) ([]byte, error) {
+	return s.compress1xDo(s.Out, src)
+}
+
+func (s *Scratch) compress1xDo(dst, src []byte) ([]byte, error) {
+	var bw = bitWriter{out: dst}
+
+	// N is length divisible by 4.
+	n := len(src)
+	n -= n & 3
+	cTable := s.cTable[:256]
+
+	// Encode last bytes.
+	for i := len(src) & 3; i > 0; i-- {
+		bw.encSymbol(cTable, src[n+i-1])
+	}
+	n -= 4
+	if s.actualTableLog <= 8 {
+		for ; n >= 0; n -= 4 {
+			tmp := src[n : n+4]
+			// tmp should be len 4
+			bw.flush32()
+			bw.encTwoSymbols(cTable, tmp[3], tmp[2])
+			bw.encTwoSymbols(cTable, tmp[1], tmp[0])
+		}
+	} else {
+		for ; n >= 0; n -= 4 {
+			tmp := src[n : n+4]
+			// tmp should be len 4
+			bw.flush32()
+			bw.encTwoSymbols(cTable, tmp[3], tmp[2])
+			bw.flush32()
+			bw.encTwoSymbols(cTable, tmp[1], tmp[0])
+		}
+	}
+	err := bw.close()
+	return bw.out, err
+}
+
+var sixZeros [6]byte
+
+func (s *Scratch) compress4X(src []byte) ([]byte, error) {
+	if len(src) < 12 {
+		return nil, ErrIncompressible
+	}
+	segmentSize := (len(src) + 3) / 4
+
+	// Add placeholder for output length
+	offsetIdx := len(s.Out)
+	s.Out = append(s.Out, sixZeros[:]...)
+
+	for i := 0; i < 4; i++ {
+		toDo := src
+		if len(toDo) > segmentSize {
+			toDo = toDo[:segmentSize]
+		}
+		src = src[len(toDo):]
+
+		var err error
+		idx := len(s.Out)
+		s.Out, err = s.compress1xDo(s.Out, toDo)
+		if err != nil {
+			return nil, err
+		}
+		// Write compressed length as little endian before block.
+		if i < 3 {
+			// Last length is not written.
+			length := len(s.Out) - idx
+			s.Out[i*2+offsetIdx] = byte(length)
+			s.Out[i*2+offsetIdx+1] = byte(length >> 8)
+		}
+	}
+
+	return s.Out, nil
+}
+
+// compress4Xp will compress 4 streams using separate goroutines.
+func (s *Scratch) compress4Xp(src []byte) ([]byte, error) {
+	if len(src) < 12 {
+		return nil, ErrIncompressible
+	}
+	// Add placeholder for output length
+	s.Out = s.Out[:6]
+
+	segmentSize := (len(src) + 3) / 4
+	var wg sync.WaitGroup
+	var errs [4]error
+	wg.Add(4)
+	for i := 0; i < 4; i++ {
+		toDo := src
+		if len(toDo) > segmentSize {
+			toDo = toDo[:segmentSize]
+		}
+		src = src[len(toDo):]
+
+		// Separate goroutine for each block.
+		go func(i int) {
+			s.tmpOut[i], errs[i] = s.compress1xDo(s.tmpOut[i][:0], toDo)
+			wg.Done()
+		}(i)
+	}
+	wg.Wait()
+	for i := 0; i < 4; i++ {
+		if errs[i] != nil {
+			return nil, errs[i]
+		}
+		o := s.tmpOut[i]
+		// Write compressed length as little endian before block.
+		if i < 3 {
+			// Last length is not written.
+			s.Out[i*2] = byte(len(o))
+			s.Out[i*2+1] = byte(len(o) >> 8)
+		}
+
+		// Write output.
+		s.Out = append(s.Out, o...)
+	}
+	return s.Out, nil
+}
+
+// countSimple will create a simple histogram in s.count.
+// Returns the biggest count.
+// Does not update s.clearCount.
+func (s *Scratch) countSimple(in []byte) (max int, reuse bool) {
+	reuse = true
+	for _, v := range in {
+		s.count[v]++
+	}
+	m := uint32(0)
+	if len(s.prevTable) > 0 {
+		for i, v := range s.count[:] {
+			if v > m {
+				m = v
+			}
+			if v > 0 {
+				s.symbolLen = uint16(i) + 1
+				if i >= len(s.prevTable) {
+					reuse = false
+				} else {
+					if s.prevTable[i].nBits == 0 {
+						reuse = false
+					}
+				}
+			}
+		}
+		return int(m), reuse
+	}
+	for i, v := range s.count[:] {
+		if v > m {
+			m = v
+		}
+		if v > 0 {
+			s.symbolLen = uint16(i) + 1
+		}
+	}
+	return int(m), false
+}
+
+func (s *Scratch) canUseTable(c cTable) bool {
+	if len(c) < int(s.symbolLen) {
+		return false
+	}
+	for i, v := range s.count[:s.symbolLen] {
+		if v != 0 && c[i].nBits == 0 {
+			return false
+		}
+	}
+	return true
+}
+
+func (s *Scratch) validateTable(c cTable) bool {
+	if len(c) < int(s.symbolLen) {
+		return false
+	}
+	for i, v := range s.count[:s.symbolLen] {
+		if v != 0 {
+			if c[i].nBits == 0 {
+				return false
+			}
+			if c[i].nBits > s.actualTableLog {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// minTableLog provides the minimum logSize to safely represent a distribution.
+func (s *Scratch) minTableLog() uint8 {
+	minBitsSrc := highBit32(uint32(s.br.remain())) + 1
+	minBitsSymbols := highBit32(uint32(s.symbolLen-1)) + 2
+	if minBitsSrc < minBitsSymbols {
+		return uint8(minBitsSrc)
+	}
+	return uint8(minBitsSymbols)
+}
+
+// optimalTableLog calculates and sets the optimal tableLog in s.actualTableLog
+func (s *Scratch) optimalTableLog() {
+	tableLog := s.TableLog
+	minBits := s.minTableLog()
+	maxBitsSrc := uint8(highBit32(uint32(s.br.remain()-1))) - 1
+	if maxBitsSrc < tableLog {
+		// Accuracy can be reduced
+		tableLog = maxBitsSrc
+	}
+	if minBits > tableLog {
+		tableLog = minBits
+	}
+	// Need a minimum to safely represent all symbol values
+	if tableLog < minTablelog {
+		tableLog = minTablelog
+	}
+	if tableLog > tableLogMax {
+		tableLog = tableLogMax
+	}
+	s.actualTableLog = tableLog
+}
+
+type cTableEntry struct {
+	val   uint16
+	nBits uint8
+	// We have 8 bits extra
+}
+
+const huffNodesMask = huffNodesLen - 1
+
+func (s *Scratch) buildCTable() error {
+	s.optimalTableLog()
+	s.huffSort()
+	if cap(s.cTable) < maxSymbolValue+1 {
+		s.cTable = make([]cTableEntry, s.symbolLen, maxSymbolValue+1)
+	} else {
+		s.cTable = s.cTable[:s.symbolLen]
+		for i := range s.cTable {
+			s.cTable[i] = cTableEntry{}
+		}
+	}
+
+	var startNode = int16(s.symbolLen)
+	nonNullRank := s.symbolLen - 1
+
+	nodeNb := startNode
+	huffNode := s.nodes[1 : huffNodesLen+1]
+
+	// This overlays the slice above, but allows "-1" index lookups.
+	// Different from reference implementation.
+	huffNode0 := s.nodes[0 : huffNodesLen+1]
+
+	for huffNode[nonNullRank].count == 0 {
+		nonNullRank--
+	}
+
+	lowS := int16(nonNullRank)
+	nodeRoot := nodeNb + lowS - 1
+	lowN := nodeNb
+	huffNode[nodeNb].count = huffNode[lowS].count + huffNode[lowS-1].count
+	huffNode[lowS].parent, huffNode[lowS-1].parent = uint16(nodeNb), uint16(nodeNb)
+	nodeNb++
+	lowS -= 2
+	for n := nodeNb; n <= nodeRoot; n++ {
+		huffNode[n].count = 1 << 30
+	}
+	// fake entry, strong barrier
+	huffNode0[0].count = 1 << 31
+
+	// create parents
+	for nodeNb <= nodeRoot {
+		var n1, n2 int16
+		if huffNode0[lowS+1].count < huffNode0[lowN+1].count {
+			n1 = lowS
+			lowS--
+		} else {
+			n1 = lowN
+			lowN++
+		}
+		if huffNode0[lowS+1].count < huffNode0[lowN+1].count {
+			n2 = lowS
+			lowS--
+		} else {
+			n2 = lowN
+			lowN++
+		}
+
+		huffNode[nodeNb].count = huffNode0[n1+1].count + huffNode0[n2+1].count
+		huffNode0[n1+1].parent, huffNode0[n2+1].parent = uint16(nodeNb), uint16(nodeNb)
+		nodeNb++
+	}
+
+	// distribute weights (unlimited tree height)
+	huffNode[nodeRoot].nbBits = 0
+	for n := nodeRoot - 1; n >= startNode; n-- {
+		huffNode[n].nbBits = huffNode[huffNode[n].parent].nbBits + 1
+	}
+	for n := uint16(0); n <= nonNullRank; n++ {
+		huffNode[n].nbBits = huffNode[huffNode[n].parent].nbBits + 1
+	}
+	s.actualTableLog = s.setMaxHeight(int(nonNullRank))
+	maxNbBits := s.actualTableLog
+
+	// fill result into tree (val, nbBits)
+	if maxNbBits > tableLogMax {
+		return fmt.Errorf("internal error: maxNbBits (%d) > tableLogMax (%d)", maxNbBits, tableLogMax)
+	}
+	var nbPerRank [tableLogMax + 1]uint16
+	var valPerRank [16]uint16
+	for _, v := range huffNode[:nonNullRank+1] {
+		nbPerRank[v.nbBits]++
+	}
+	// determine stating value per rank
+	{
+		min := uint16(0)
+		for n := maxNbBits; n > 0; n-- {
+			// get starting value within each rank
+			valPerRank[n] = min
+			min += nbPerRank[n]
+			min >>= 1
+		}
+	}
+
+	// push nbBits per symbol, symbol order
+	for _, v := range huffNode[:nonNullRank+1] {
+		s.cTable[v.symbol].nBits = v.nbBits
+	}
+
+	// assign value within rank, symbol order
+	t := s.cTable[:s.symbolLen]
+	for n, val := range t {
+		nbits := val.nBits & 15
+		v := valPerRank[nbits]
+		t[n].val = v
+		valPerRank[nbits] = v + 1
+	}
+
+	return nil
+}
+
+// huffSort will sort symbols, decreasing order.
+func (s *Scratch) huffSort() {
+	type rankPos struct {
+		base    uint32
+		current uint32
+	}
+
+	// Clear nodes
+	nodes := s.nodes[:huffNodesLen+1]
+	s.nodes = nodes
+	nodes = nodes[1 : huffNodesLen+1]
+
+	// Sort into buckets based on length of symbol count.
+	var rank [32]rankPos
+	for _, v := range s.count[:s.symbolLen] {
+		r := highBit32(v+1) & 31
+		rank[r].base++
+	}
+	// maxBitLength is log2(BlockSizeMax) + 1
+	const maxBitLength = 18 + 1
+	for n := maxBitLength; n > 0; n-- {
+		rank[n-1].base += rank[n].base
+	}
+	for n := range rank[:maxBitLength] {
+		rank[n].current = rank[n].base
+	}
+	for n, c := range s.count[:s.symbolLen] {
+		r := (highBit32(c+1) + 1) & 31
+		pos := rank[r].current
+		rank[r].current++
+		prev := nodes[(pos-1)&huffNodesMask]
+		for pos > rank[r].base && c > prev.count {
+			nodes[pos&huffNodesMask] = prev
+			pos--
+			prev = nodes[(pos-1)&huffNodesMask]
+		}
+		nodes[pos&huffNodesMask] = nodeElt{count: c, symbol: byte(n)}
+	}
+	return
+}
+
+func (s *Scratch) setMaxHeight(lastNonNull int) uint8 {
+	maxNbBits := s.actualTableLog
+	huffNode := s.nodes[1 : huffNodesLen+1]
+	//huffNode = huffNode[: huffNodesLen]
+
+	largestBits := huffNode[lastNonNull].nbBits
+
+	// early exit : no elt > maxNbBits
+	if largestBits <= maxNbBits {
+		return largestBits
+	}
+	totalCost := int(0)
+	baseCost := int(1) << (largestBits - maxNbBits)
+	n := uint32(lastNonNull)
+
+	for huffNode[n].nbBits > maxNbBits {
+		totalCost += baseCost - (1 << (largestBits - huffNode[n].nbBits))
+		huffNode[n].nbBits = maxNbBits
+		n--
+	}
+	// n stops at huffNode[n].nbBits <= maxNbBits
+
+	for huffNode[n].nbBits == maxNbBits {
+		n--
+	}
+	// n end at index of smallest symbol using < maxNbBits
+
+	// renorm totalCost
+	totalCost >>= largestBits - maxNbBits /* note : totalCost is necessarily a multiple of baseCost */
+
+	// repay normalized cost
+	{
+		const noSymbol = 0xF0F0F0F0
+		var rankLast [tableLogMax + 2]uint32
+
+		for i := range rankLast[:] {
+			rankLast[i] = noSymbol
+		}
+
+		// Get pos of last (smallest) symbol per rank
+		{
+			currentNbBits := maxNbBits
+			for pos := int(n); pos >= 0; pos-- {
+				if huffNode[pos].nbBits >= currentNbBits {
+					continue
+				}
+				currentNbBits = huffNode[pos].nbBits // < maxNbBits
+				rankLast[maxNbBits-currentNbBits] = uint32(pos)
+			}
+		}
+
+		for totalCost > 0 {
+			nBitsToDecrease := uint8(highBit32(uint32(totalCost))) + 1
+
+			for ; nBitsToDecrease > 1; nBitsToDecrease-- {
+				highPos := rankLast[nBitsToDecrease]
+				lowPos := rankLast[nBitsToDecrease-1]
+				if highPos == noSymbol {
+					continue
+				}
+				if lowPos == noSymbol {
+					break
+				}
+				highTotal := huffNode[highPos].count
+				lowTotal := 2 * huffNode[lowPos].count
+				if highTotal <= lowTotal {
+					break
+				}
+			}
+			// only triggered when no more rank 1 symbol left => find closest one (note : there is necessarily at least one !)
+			// HUF_MAX_TABLELOG test just to please gcc 5+; but it should not be necessary
+			// FIXME: try to remove
+			for (nBitsToDecrease <= tableLogMax) && (rankLast[nBitsToDecrease] == noSymbol) {
+				nBitsToDecrease++
+			}
+			totalCost -= 1 << (nBitsToDecrease - 1)
+			if rankLast[nBitsToDecrease-1] == noSymbol {
+				// this rank is no longer empty
+				rankLast[nBitsToDecrease-1] = rankLast[nBitsToDecrease]
+			}
+			huffNode[rankLast[nBitsToDecrease]].nbBits++
+			if rankLast[nBitsToDecrease] == 0 {
+				/* special case, reached largest symbol */
+				rankLast[nBitsToDecrease] = noSymbol
+			} else {
+				rankLast[nBitsToDecrease]--
+				if huffNode[rankLast[nBitsToDecrease]].nbBits != maxNbBits-nBitsToDecrease {
+					rankLast[nBitsToDecrease] = noSymbol /* this rank is now empty */
+				}
+			}
+		}
+
+		for totalCost < 0 { /* Sometimes, cost correction overshoot */
+			if rankLast[1] == noSymbol { /* special case : no rank 1 symbol (using maxNbBits-1); let's create one from largest rank 0 (using maxNbBits) */
+				for huffNode[n].nbBits == maxNbBits {
+					n--
+				}
+				huffNode[n+1].nbBits--
+				rankLast[1] = n + 1
+				totalCost++
+				continue
+			}
+			huffNode[rankLast[1]+1].nbBits--
+			rankLast[1]++
+			totalCost++
+		}
+	}
+	return maxNbBits
+}
+
+type nodeElt struct {
+	count  uint32
+	parent uint16
+	symbol byte
+	nbBits uint8
+}
diff --git a/vendor/github.com/klauspost/compress/huff0/decompress.go b/vendor/github.com/klauspost/compress/huff0/decompress.go
new file mode 100644
index 0000000000000..41703bba4d65b
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/huff0/decompress.go
@@ -0,0 +1,1164 @@
+package huff0
+
+import (
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/klauspost/compress/fse"
+)
+
+type dTable struct {
+	single []dEntrySingle
+	double []dEntryDouble
+}
+
+// single-symbols decoding
+type dEntrySingle struct {
+	entry uint16
+}
+
+// double-symbols decoding
+type dEntryDouble struct {
+	seq   uint16
+	nBits uint8
+	len   uint8
+}
+
+// Uses special code for all tables that are < 8 bits.
+const use8BitTables = true
+
+// ReadTable will read a table from the input.
+// The size of the input may be larger than the table definition.
+// Any content remaining after the table definition will be returned.
+// If no Scratch is provided a new one is allocated.
+// The returned Scratch can be used for encoding or decoding input using this table.
+func ReadTable(in []byte, s *Scratch) (s2 *Scratch, remain []byte, err error) {
+	s, err = s.prepare(in)
+	if err != nil {
+		return s, nil, err
+	}
+	if len(in) <= 1 {
+		return s, nil, errors.New("input too small for table")
+	}
+	iSize := in[0]
+	in = in[1:]
+	if iSize >= 128 {
+		// Uncompressed
+		oSize := iSize - 127
+		iSize = (oSize + 1) / 2
+		if int(iSize) > len(in) {
+			return s, nil, errors.New("input too small for table")
+		}
+		for n := uint8(0); n < oSize; n += 2 {
+			v := in[n/2]
+			s.huffWeight[n] = v >> 4
+			s.huffWeight[n+1] = v & 15
+		}
+		s.symbolLen = uint16(oSize)
+		in = in[iSize:]
+	} else {
+		if len(in) < int(iSize) {
+			return s, nil, fmt.Errorf("input too small for table, want %d bytes, have %d", iSize, len(in))
+		}
+		// FSE compressed weights
+		s.fse.DecompressLimit = 255
+		hw := s.huffWeight[:]
+		s.fse.Out = hw
+		b, err := fse.Decompress(in[:iSize], s.fse)
+		s.fse.Out = nil
+		if err != nil {
+			return s, nil, err
+		}
+		if len(b) > 255 {
+			return s, nil, errors.New("corrupt input: output table too large")
+		}
+		s.symbolLen = uint16(len(b))
+		in = in[iSize:]
+	}
+
+	// collect weight stats
+	var rankStats [16]uint32
+	weightTotal := uint32(0)
+	for _, v := range s.huffWeight[:s.symbolLen] {
+		if v > tableLogMax {
+			return s, nil, errors.New("corrupt input: weight too large")
+		}
+		v2 := v & 15
+		rankStats[v2]++
+		// (1 << (v2-1)) is slower since the compiler cannot prove that v2 isn't 0.
+		weightTotal += (1 << v2) >> 1
+	}
+	if weightTotal == 0 {
+		return s, nil, errors.New("corrupt input: weights zero")
+	}
+
+	// get last non-null symbol weight (implied, total must be 2^n)
+	{
+		tableLog := highBit32(weightTotal) + 1
+		if tableLog > tableLogMax {
+			return s, nil, errors.New("corrupt input: tableLog too big")
+		}
+		s.actualTableLog = uint8(tableLog)
+		// determine last weight
+		{
+			total := uint32(1) << tableLog
+			rest := total - weightTotal
+			verif := uint32(1) << highBit32(rest)
+			lastWeight := highBit32(rest) + 1
+			if verif != rest {
+				// last value must be a clean power of 2
+				return s, nil, errors.New("corrupt input: last value not power of two")
+			}
+			s.huffWeight[s.symbolLen] = uint8(lastWeight)
+			s.symbolLen++
+			rankStats[lastWeight]++
+		}
+	}
+
+	if (rankStats[1] < 2) || (rankStats[1]&1 != 0) {
+		// by construction : at least 2 elts of rank 1, must be even
+		return s, nil, errors.New("corrupt input: min elt size, even check failed ")
+	}
+
+	// TODO: Choose between single/double symbol decoding
+
+	// Calculate starting value for each rank
+	{
+		var nextRankStart uint32
+		for n := uint8(1); n < s.actualTableLog+1; n++ {
+			current := nextRankStart
+			nextRankStart += rankStats[n] << (n - 1)
+			rankStats[n] = current
+		}
+	}
+
+	// fill DTable (always full size)
+	tSize := 1 << tableLogMax
+	if len(s.dt.single) != tSize {
+		s.dt.single = make([]dEntrySingle, tSize)
+	}
+	cTable := s.prevTable
+	if cap(cTable) < maxSymbolValue+1 {
+		cTable = make([]cTableEntry, 0, maxSymbolValue+1)
+	}
+	cTable = cTable[:maxSymbolValue+1]
+	s.prevTable = cTable[:s.symbolLen]
+	s.prevTableLog = s.actualTableLog
+
+	for n, w := range s.huffWeight[:s.symbolLen] {
+		if w == 0 {
+			cTable[n] = cTableEntry{
+				val:   0,
+				nBits: 0,
+			}
+			continue
+		}
+		length := (uint32(1) << w) >> 1
+		d := dEntrySingle{
+			entry: uint16(s.actualTableLog+1-w) | (uint16(n) << 8),
+		}
+
+		rank := &rankStats[w]
+		cTable[n] = cTableEntry{
+			val:   uint16(*rank >> (w - 1)),
+			nBits: uint8(d.entry),
+		}
+
+		single := s.dt.single[*rank : *rank+length]
+		for i := range single {
+			single[i] = d
+		}
+		*rank += length
+	}
+
+	return s, in, nil
+}
+
+// Decompress1X will decompress a 1X encoded stream.
+// The length of the supplied input must match the end of a block exactly.
+// Before this is called, the table must be initialized with ReadTable unless
+// the encoder re-used the table.
+// deprecated: Use the stateless Decoder() to get a concurrent version.
+func (s *Scratch) Decompress1X(in []byte) (out []byte, err error) {
+	if cap(s.Out) < s.MaxDecodedSize {
+		s.Out = make([]byte, s.MaxDecodedSize)
+	}
+	s.Out = s.Out[:0:s.MaxDecodedSize]
+	s.Out, err = s.Decoder().Decompress1X(s.Out, in)
+	return s.Out, err
+}
+
+// Decompress4X will decompress a 4X encoded stream.
+// Before this is called, the table must be initialized with ReadTable unless
+// the encoder re-used the table.
+// The length of the supplied input must match the end of a block exactly.
+// The destination size of the uncompressed data must be known and provided.
+// deprecated: Use the stateless Decoder() to get a concurrent version.
+func (s *Scratch) Decompress4X(in []byte, dstSize int) (out []byte, err error) {
+	if dstSize > s.MaxDecodedSize {
+		return nil, ErrMaxDecodedSizeExceeded
+	}
+	if cap(s.Out) < dstSize {
+		s.Out = make([]byte, s.MaxDecodedSize)
+	}
+	s.Out = s.Out[:0:dstSize]
+	s.Out, err = s.Decoder().Decompress4X(s.Out, in)
+	return s.Out, err
+}
+
+// Decoder will return a stateless decoder that can be used by multiple
+// decompressors concurrently.
+// Before this is called, the table must be initialized with ReadTable.
+// The Decoder is still linked to the scratch buffer so that cannot be reused.
+// However, it is safe to discard the scratch.
+func (s *Scratch) Decoder() *Decoder {
+	return &Decoder{
+		dt:             s.dt,
+		actualTableLog: s.actualTableLog,
+	}
+}
+
+// Decoder provides stateless decoding.
+type Decoder struct {
+	dt             dTable
+	actualTableLog uint8
+}
+
+// Decompress1X will decompress a 1X encoded stream.
+// The cap of the output buffer will be the maximum decompressed size.
+// The length of the supplied input must match the end of a block exactly.
+func (d *Decoder) Decompress1X(dst, src []byte) ([]byte, error) {
+	if len(d.dt.single) == 0 {
+		return nil, errors.New("no table loaded")
+	}
+	if use8BitTables && d.actualTableLog <= 8 {
+		return d.decompress1X8Bit(dst, src)
+	}
+	var br bitReaderShifted
+	err := br.init(src)
+	if err != nil {
+		return dst, err
+	}
+	maxDecodedSize := cap(dst)
+	dst = dst[:0]
+
+	// Avoid bounds check by always having full sized table.
+	const tlSize = 1 << tableLogMax
+	const tlMask = tlSize - 1
+	dt := d.dt.single[:tlSize]
+
+	// Use temp table to avoid bound checks/append penalty.
+	var buf [256]byte
+	var off uint8
+
+	for br.off >= 8 {
+		br.fillFast()
+		v := dt[br.peekBitsFast(d.actualTableLog)&tlMask]
+		br.advance(uint8(v.entry))
+		buf[off+0] = uint8(v.entry >> 8)
+
+		v = dt[br.peekBitsFast(d.actualTableLog)&tlMask]
+		br.advance(uint8(v.entry))
+		buf[off+1] = uint8(v.entry >> 8)
+
+		// Refill
+		br.fillFast()
+
+		v = dt[br.peekBitsFast(d.actualTableLog)&tlMask]
+		br.advance(uint8(v.entry))
+		buf[off+2] = uint8(v.entry >> 8)
+
+		v = dt[br.peekBitsFast(d.actualTableLog)&tlMask]
+		br.advance(uint8(v.entry))
+		buf[off+3] = uint8(v.entry >> 8)
+
+		off += 4
+		if off == 0 {
+			if len(dst)+256 > maxDecodedSize {
+				br.close()
+				return nil, ErrMaxDecodedSizeExceeded
+			}
+			dst = append(dst, buf[:]...)
+		}
+	}
+
+	if len(dst)+int(off) > maxDecodedSize {
+		br.close()
+		return nil, ErrMaxDecodedSizeExceeded
+	}
+	dst = append(dst, buf[:off]...)
+
+	// br < 8, so uint8 is fine
+	bitsLeft := uint8(br.off)*8 + 64 - br.bitsRead
+	for bitsLeft > 0 {
+		br.fill()
+		if false && br.bitsRead >= 32 {
+			if br.off >= 4 {
+				v := br.in[br.off-4:]
+				v = v[:4]
+				low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+				br.value = (br.value << 32) | uint64(low)
+				br.bitsRead -= 32
+				br.off -= 4
+			} else {
+				for br.off > 0 {
+					br.value = (br.value << 8) | uint64(br.in[br.off-1])
+					br.bitsRead -= 8
+					br.off--
+				}
+			}
+		}
+		if len(dst) >= maxDecodedSize {
+			br.close()
+			return nil, ErrMaxDecodedSizeExceeded
+		}
+		v := d.dt.single[br.peekBitsFast(d.actualTableLog)&tlMask]
+		nBits := uint8(v.entry)
+		br.advance(nBits)
+		bitsLeft -= nBits
+		dst = append(dst, uint8(v.entry>>8))
+	}
+	return dst, br.close()
+}
+
+// decompress1X8Bit will decompress a 1X encoded stream with tablelog <= 8.
+// The cap of the output buffer will be the maximum decompressed size.
+// The length of the supplied input must match the end of a block exactly.
+func (d *Decoder) decompress1X8Bit(dst, src []byte) ([]byte, error) {
+	if d.actualTableLog == 8 {
+		return d.decompress1X8BitExactly(dst, src)
+	}
+	var br bitReaderBytes
+	err := br.init(src)
+	if err != nil {
+		return dst, err
+	}
+	maxDecodedSize := cap(dst)
+	dst = dst[:0]
+
+	// Avoid bounds check by always having full sized table.
+	dt := d.dt.single[:256]
+
+	// Use temp table to avoid bound checks/append penalty.
+	var buf [256]byte
+	var off uint8
+
+	shift := (8 - d.actualTableLog) & 7
+
+	//fmt.Printf("mask: %b, tl:%d\n", mask, d.actualTableLog)
+	for br.off >= 4 {
+		br.fillFast()
+		v := dt[br.peekByteFast()>>shift]
+		br.advance(uint8(v.entry))
+		buf[off+0] = uint8(v.entry >> 8)
+
+		v = dt[br.peekByteFast()>>shift]
+		br.advance(uint8(v.entry))
+		buf[off+1] = uint8(v.entry >> 8)
+
+		v = dt[br.peekByteFast()>>shift]
+		br.advance(uint8(v.entry))
+		buf[off+2] = uint8(v.entry >> 8)
+
+		v = dt[br.peekByteFast()>>shift]
+		br.advance(uint8(v.entry))
+		buf[off+3] = uint8(v.entry >> 8)
+
+		off += 4
+		if off == 0 {
+			if len(dst)+256 > maxDecodedSize {
+				br.close()
+				return nil, ErrMaxDecodedSizeExceeded
+			}
+			dst = append(dst, buf[:]...)
+		}
+	}
+
+	if len(dst)+int(off) > maxDecodedSize {
+		br.close()
+		return nil, ErrMaxDecodedSizeExceeded
+	}
+	dst = append(dst, buf[:off]...)
+
+	// br < 4, so uint8 is fine
+	bitsLeft := int8(uint8(br.off)*8 + (64 - br.bitsRead))
+	for bitsLeft > 0 {
+		if br.bitsRead >= 64-8 {
+			for br.off > 0 {
+				br.value |= uint64(br.in[br.off-1]) << (br.bitsRead - 8)
+				br.bitsRead -= 8
+				br.off--
+			}
+		}
+		if len(dst) >= maxDecodedSize {
+			br.close()
+			return nil, ErrMaxDecodedSizeExceeded
+		}
+		v := dt[br.peekByteFast()>>shift]
+		nBits := uint8(v.entry)
+		br.advance(nBits)
+		bitsLeft -= int8(nBits)
+		dst = append(dst, uint8(v.entry>>8))
+	}
+	return dst, br.close()
+}
+
+// decompress1X8Bit will decompress a 1X encoded stream with tablelog <= 8.
+// The cap of the output buffer will be the maximum decompressed size.
+// The length of the supplied input must match the end of a block exactly.
+func (d *Decoder) decompress1X8BitExactly(dst, src []byte) ([]byte, error) {
+	var br bitReaderBytes
+	err := br.init(src)
+	if err != nil {
+		return dst, err
+	}
+	maxDecodedSize := cap(dst)
+	dst = dst[:0]
+
+	// Avoid bounds check by always having full sized table.
+	dt := d.dt.single[:256]
+
+	// Use temp table to avoid bound checks/append penalty.
+	var buf [256]byte
+	var off uint8
+
+	const shift = 0
+
+	//fmt.Printf("mask: %b, tl:%d\n", mask, d.actualTableLog)
+	for br.off >= 4 {
+		br.fillFast()
+		v := dt[br.peekByteFast()>>shift]
+		br.advance(uint8(v.entry))
+		buf[off+0] = uint8(v.entry >> 8)
+
+		v = dt[br.peekByteFast()>>shift]
+		br.advance(uint8(v.entry))
+		buf[off+1] = uint8(v.entry >> 8)
+
+		v = dt[br.peekByteFast()>>shift]
+		br.advance(uint8(v.entry))
+		buf[off+2] = uint8(v.entry >> 8)
+
+		v = dt[br.peekByteFast()>>shift]
+		br.advance(uint8(v.entry))
+		buf[off+3] = uint8(v.entry >> 8)
+
+		off += 4
+		if off == 0 {
+			if len(dst)+256 > maxDecodedSize {
+				br.close()
+				return nil, ErrMaxDecodedSizeExceeded
+			}
+			dst = append(dst, buf[:]...)
+		}
+	}
+
+	if len(dst)+int(off) > maxDecodedSize {
+		br.close()
+		return nil, ErrMaxDecodedSizeExceeded
+	}
+	dst = append(dst, buf[:off]...)
+
+	// br < 4, so uint8 is fine
+	bitsLeft := int8(uint8(br.off)*8 + (64 - br.bitsRead))
+	for bitsLeft > 0 {
+		if br.bitsRead >= 64-8 {
+			for br.off > 0 {
+				br.value |= uint64(br.in[br.off-1]) << (br.bitsRead - 8)
+				br.bitsRead -= 8
+				br.off--
+			}
+		}
+		if len(dst) >= maxDecodedSize {
+			br.close()
+			return nil, ErrMaxDecodedSizeExceeded
+		}
+		v := dt[br.peekByteFast()>>shift]
+		nBits := uint8(v.entry)
+		br.advance(nBits)
+		bitsLeft -= int8(nBits)
+		dst = append(dst, uint8(v.entry>>8))
+	}
+	return dst, br.close()
+}
+
+// Decompress4X will decompress a 4X encoded stream.
+// The length of the supplied input must match the end of a block exactly.
+// The *capacity* of the dst slice must match the destination size of
+// the uncompressed data exactly.
+func (d *Decoder) Decompress4X(dst, src []byte) ([]byte, error) {
+	if len(d.dt.single) == 0 {
+		return nil, errors.New("no table loaded")
+	}
+	if len(src) < 6+(4*1) {
+		return nil, errors.New("input too small")
+	}
+	if use8BitTables && d.actualTableLog <= 8 {
+		return d.decompress4X8bit(dst, src)
+	}
+
+	var br [4]bitReaderShifted
+	start := 6
+	for i := 0; i < 3; i++ {
+		length := int(src[i*2]) | (int(src[i*2+1]) << 8)
+		if start+length >= len(src) {
+			return nil, errors.New("truncated input (or invalid offset)")
+		}
+		err := br[i].init(src[start : start+length])
+		if err != nil {
+			return nil, err
+		}
+		start += length
+	}
+	err := br[3].init(src[start:])
+	if err != nil {
+		return nil, err
+	}
+
+	// destination, offset to match first output
+	dstSize := cap(dst)
+	dst = dst[:dstSize]
+	out := dst
+	dstEvery := (dstSize + 3) / 4
+
+	const tlSize = 1 << tableLogMax
+	const tlMask = tlSize - 1
+	single := d.dt.single[:tlSize]
+
+	// Use temp table to avoid bound checks/append penalty.
+	var buf [256]byte
+	var off uint8
+	var decoded int
+
+	// Decode 2 values from each decoder/loop.
+	const bufoff = 256 / 4
+	for {
+		if br[0].off < 4 || br[1].off < 4 || br[2].off < 4 || br[3].off < 4 {
+			break
+		}
+
+		{
+			const stream = 0
+			const stream2 = 1
+			br[stream].fillFast()
+			br[stream2].fillFast()
+
+			val := br[stream].peekBitsFast(d.actualTableLog)
+			v := single[val&tlMask]
+			br[stream].advance(uint8(v.entry))
+			buf[off+bufoff*stream] = uint8(v.entry >> 8)
+
+			val2 := br[stream2].peekBitsFast(d.actualTableLog)
+			v2 := single[val2&tlMask]
+			br[stream2].advance(uint8(v2.entry))
+			buf[off+bufoff*stream2] = uint8(v2.entry >> 8)
+
+			val = br[stream].peekBitsFast(d.actualTableLog)
+			v = single[val&tlMask]
+			br[stream].advance(uint8(v.entry))
+			buf[off+bufoff*stream+1] = uint8(v.entry >> 8)
+
+			val2 = br[stream2].peekBitsFast(d.actualTableLog)
+			v2 = single[val2&tlMask]
+			br[stream2].advance(uint8(v2.entry))
+			buf[off+bufoff*stream2+1] = uint8(v2.entry >> 8)
+		}
+
+		{
+			const stream = 2
+			const stream2 = 3
+			br[stream].fillFast()
+			br[stream2].fillFast()
+
+			val := br[stream].peekBitsFast(d.actualTableLog)
+			v := single[val&tlMask]
+			br[stream].advance(uint8(v.entry))
+			buf[off+bufoff*stream] = uint8(v.entry >> 8)
+
+			val2 := br[stream2].peekBitsFast(d.actualTableLog)
+			v2 := single[val2&tlMask]
+			br[stream2].advance(uint8(v2.entry))
+			buf[off+bufoff*stream2] = uint8(v2.entry >> 8)
+
+			val = br[stream].peekBitsFast(d.actualTableLog)
+			v = single[val&tlMask]
+			br[stream].advance(uint8(v.entry))
+			buf[off+bufoff*stream+1] = uint8(v.entry >> 8)
+
+			val2 = br[stream2].peekBitsFast(d.actualTableLog)
+			v2 = single[val2&tlMask]
+			br[stream2].advance(uint8(v2.entry))
+			buf[off+bufoff*stream2+1] = uint8(v2.entry >> 8)
+		}
+
+		off += 2
+
+		if off == bufoff {
+			if bufoff > dstEvery {
+				return nil, errors.New("corruption detected: stream overrun 1")
+			}
+			copy(out, buf[:bufoff])
+			copy(out[dstEvery:], buf[bufoff:bufoff*2])
+			copy(out[dstEvery*2:], buf[bufoff*2:bufoff*3])
+			copy(out[dstEvery*3:], buf[bufoff*3:bufoff*4])
+			off = 0
+			out = out[bufoff:]
+			decoded += 256
+			// There must at least be 3 buffers left.
+			if len(out) < dstEvery*3 {
+				return nil, errors.New("corruption detected: stream overrun 2")
+			}
+		}
+	}
+	if off > 0 {
+		ioff := int(off)
+		if len(out) < dstEvery*3+ioff {
+			return nil, errors.New("corruption detected: stream overrun 3")
+		}
+		copy(out, buf[:off])
+		copy(out[dstEvery:dstEvery+ioff], buf[bufoff:bufoff*2])
+		copy(out[dstEvery*2:dstEvery*2+ioff], buf[bufoff*2:bufoff*3])
+		copy(out[dstEvery*3:dstEvery*3+ioff], buf[bufoff*3:bufoff*4])
+		decoded += int(off) * 4
+		out = out[off:]
+	}
+
+	// Decode remaining.
+	for i := range br {
+		offset := dstEvery * i
+		br := &br[i]
+		bitsLeft := br.off*8 + uint(64-br.bitsRead)
+		for bitsLeft > 0 {
+			br.fill()
+			if false && br.bitsRead >= 32 {
+				if br.off >= 4 {
+					v := br.in[br.off-4:]
+					v = v[:4]
+					low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+					br.value = (br.value << 32) | uint64(low)
+					br.bitsRead -= 32
+					br.off -= 4
+				} else {
+					for br.off > 0 {
+						br.value = (br.value << 8) | uint64(br.in[br.off-1])
+						br.bitsRead -= 8
+						br.off--
+					}
+				}
+			}
+			// end inline...
+			if offset >= len(out) {
+				return nil, errors.New("corruption detected: stream overrun 4")
+			}
+
+			// Read value and increment offset.
+			val := br.peekBitsFast(d.actualTableLog)
+			v := single[val&tlMask].entry
+			nBits := uint8(v)
+			br.advance(nBits)
+			bitsLeft -= uint(nBits)
+			out[offset] = uint8(v >> 8)
+			offset++
+		}
+		decoded += offset - dstEvery*i
+		err = br.close()
+		if err != nil {
+			return nil, err
+		}
+	}
+	if dstSize != decoded {
+		return nil, errors.New("corruption detected: short output block")
+	}
+	return dst, nil
+}
+
+// Decompress4X will decompress a 4X encoded stream.
+// The length of the supplied input must match the end of a block exactly.
+// The *capacity* of the dst slice must match the destination size of
+// the uncompressed data exactly.
+func (d *Decoder) decompress4X8bit(dst, src []byte) ([]byte, error) {
+	if d.actualTableLog == 8 {
+		return d.decompress4X8bitExactly(dst, src)
+	}
+
+	var br [4]bitReaderBytes
+	start := 6
+	for i := 0; i < 3; i++ {
+		length := int(src[i*2]) | (int(src[i*2+1]) << 8)
+		if start+length >= len(src) {
+			return nil, errors.New("truncated input (or invalid offset)")
+		}
+		err := br[i].init(src[start : start+length])
+		if err != nil {
+			return nil, err
+		}
+		start += length
+	}
+	err := br[3].init(src[start:])
+	if err != nil {
+		return nil, err
+	}
+
+	// destination, offset to match first output
+	dstSize := cap(dst)
+	dst = dst[:dstSize]
+	out := dst
+	dstEvery := (dstSize + 3) / 4
+
+	shift := (8 - d.actualTableLog) & 7
+
+	const tlSize = 1 << 8
+	const tlMask = tlSize - 1
+	single := d.dt.single[:tlSize]
+
+	// Use temp table to avoid bound checks/append penalty.
+	var buf [256]byte
+	var off uint8
+	var decoded int
+
+	// Decode 4 values from each decoder/loop.
+	const bufoff = 256 / 4
+	for {
+		if br[0].off < 4 || br[1].off < 4 || br[2].off < 4 || br[3].off < 4 {
+			break
+		}
+
+		{
+			// Interleave 2 decodes.
+			const stream = 0
+			const stream2 = 1
+			br[stream].fillFast()
+			br[stream2].fillFast()
+
+			v := single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 := single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+1] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+1] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+2] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+2] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+3] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+3] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+		}
+
+		{
+			const stream = 2
+			const stream2 = 3
+			br[stream].fillFast()
+			br[stream2].fillFast()
+
+			v := single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 := single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+1] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+1] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+2] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+2] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+3] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+3] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+		}
+
+		off += 4
+
+		if off == bufoff {
+			if bufoff > dstEvery {
+				return nil, errors.New("corruption detected: stream overrun 1")
+			}
+			copy(out, buf[:bufoff])
+			copy(out[dstEvery:], buf[bufoff:bufoff*2])
+			copy(out[dstEvery*2:], buf[bufoff*2:bufoff*3])
+			copy(out[dstEvery*3:], buf[bufoff*3:bufoff*4])
+			off = 0
+			out = out[bufoff:]
+			decoded += 256
+			// There must at least be 3 buffers left.
+			if len(out) < dstEvery*3 {
+				return nil, errors.New("corruption detected: stream overrun 2")
+			}
+		}
+	}
+	if off > 0 {
+		ioff := int(off)
+		if len(out) < dstEvery*3+ioff {
+			return nil, errors.New("corruption detected: stream overrun 3")
+		}
+		copy(out, buf[:off])
+		copy(out[dstEvery:dstEvery+ioff], buf[bufoff:bufoff*2])
+		copy(out[dstEvery*2:dstEvery*2+ioff], buf[bufoff*2:bufoff*3])
+		copy(out[dstEvery*3:dstEvery*3+ioff], buf[bufoff*3:bufoff*4])
+		decoded += int(off) * 4
+		out = out[off:]
+	}
+
+	// Decode remaining.
+	for i := range br {
+		offset := dstEvery * i
+		br := &br[i]
+		bitsLeft := int(br.off*8) + int(64-br.bitsRead)
+		for bitsLeft > 0 {
+			if br.finished() {
+				return nil, io.ErrUnexpectedEOF
+			}
+			if br.bitsRead >= 56 {
+				if br.off >= 4 {
+					v := br.in[br.off-4:]
+					v = v[:4]
+					low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+					br.value |= uint64(low) << (br.bitsRead - 32)
+					br.bitsRead -= 32
+					br.off -= 4
+				} else {
+					for br.off > 0 {
+						br.value |= uint64(br.in[br.off-1]) << (br.bitsRead - 8)
+						br.bitsRead -= 8
+						br.off--
+					}
+				}
+			}
+			// end inline...
+			if offset >= len(out) {
+				return nil, errors.New("corruption detected: stream overrun 4")
+			}
+
+			// Read value and increment offset.
+			v := single[br.peekByteFast()>>shift].entry
+			nBits := uint8(v)
+			br.advance(nBits)
+			bitsLeft -= int(nBits)
+			out[offset] = uint8(v >> 8)
+			offset++
+		}
+		decoded += offset - dstEvery*i
+		err = br.close()
+		if err != nil {
+			return nil, err
+		}
+	}
+	if dstSize != decoded {
+		return nil, errors.New("corruption detected: short output block")
+	}
+	return dst, nil
+}
+
+// Decompress4X will decompress a 4X encoded stream.
+// The length of the supplied input must match the end of a block exactly.
+// The *capacity* of the dst slice must match the destination size of
+// the uncompressed data exactly.
+func (d *Decoder) decompress4X8bitExactly(dst, src []byte) ([]byte, error) {
+	var br [4]bitReaderBytes
+	start := 6
+	for i := 0; i < 3; i++ {
+		length := int(src[i*2]) | (int(src[i*2+1]) << 8)
+		if start+length >= len(src) {
+			return nil, errors.New("truncated input (or invalid offset)")
+		}
+		err := br[i].init(src[start : start+length])
+		if err != nil {
+			return nil, err
+		}
+		start += length
+	}
+	err := br[3].init(src[start:])
+	if err != nil {
+		return nil, err
+	}
+
+	// destination, offset to match first output
+	dstSize := cap(dst)
+	dst = dst[:dstSize]
+	out := dst
+	dstEvery := (dstSize + 3) / 4
+
+	const shift = 0
+	const tlSize = 1 << 8
+	const tlMask = tlSize - 1
+	single := d.dt.single[:tlSize]
+
+	// Use temp table to avoid bound checks/append penalty.
+	var buf [256]byte
+	var off uint8
+	var decoded int
+
+	// Decode 4 values from each decoder/loop.
+	const bufoff = 256 / 4
+	for {
+		if br[0].off < 4 || br[1].off < 4 || br[2].off < 4 || br[3].off < 4 {
+			break
+		}
+
+		{
+			// Interleave 2 decodes.
+			const stream = 0
+			const stream2 = 1
+			br[stream].fillFast()
+			br[stream2].fillFast()
+
+			v := single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 := single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+1] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+1] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+2] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+2] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+3] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+3] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+		}
+
+		{
+			const stream = 2
+			const stream2 = 3
+			br[stream].fillFast()
+			br[stream2].fillFast()
+
+			v := single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 := single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+1] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+1] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+2] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+2] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+
+			v = single[br[stream].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream+3] = uint8(v >> 8)
+			br[stream].advance(uint8(v))
+
+			v2 = single[br[stream2].peekByteFast()>>shift].entry
+			buf[off+bufoff*stream2+3] = uint8(v2 >> 8)
+			br[stream2].advance(uint8(v2))
+		}
+
+		off += 4
+
+		if off == bufoff {
+			if bufoff > dstEvery {
+				return nil, errors.New("corruption detected: stream overrun 1")
+			}
+			copy(out, buf[:bufoff])
+			copy(out[dstEvery:], buf[bufoff:bufoff*2])
+			copy(out[dstEvery*2:], buf[bufoff*2:bufoff*3])
+			copy(out[dstEvery*3:], buf[bufoff*3:bufoff*4])
+			off = 0
+			out = out[bufoff:]
+			decoded += 256
+			// There must at least be 3 buffers left.
+			if len(out) < dstEvery*3 {
+				return nil, errors.New("corruption detected: stream overrun 2")
+			}
+		}
+	}
+	if off > 0 {
+		ioff := int(off)
+		if len(out) < dstEvery*3+ioff {
+			return nil, errors.New("corruption detected: stream overrun 3")
+		}
+		copy(out, buf[:off])
+		copy(out[dstEvery:dstEvery+ioff], buf[bufoff:bufoff*2])
+		copy(out[dstEvery*2:dstEvery*2+ioff], buf[bufoff*2:bufoff*3])
+		copy(out[dstEvery*3:dstEvery*3+ioff], buf[bufoff*3:bufoff*4])
+		decoded += int(off) * 4
+		out = out[off:]
+	}
+
+	// Decode remaining.
+	for i := range br {
+		offset := dstEvery * i
+		br := &br[i]
+		bitsLeft := int(br.off*8) + int(64-br.bitsRead)
+		for bitsLeft > 0 {
+			if br.finished() {
+				return nil, io.ErrUnexpectedEOF
+			}
+			if br.bitsRead >= 56 {
+				if br.off >= 4 {
+					v := br.in[br.off-4:]
+					v = v[:4]
+					low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+					br.value |= uint64(low) << (br.bitsRead - 32)
+					br.bitsRead -= 32
+					br.off -= 4
+				} else {
+					for br.off > 0 {
+						br.value |= uint64(br.in[br.off-1]) << (br.bitsRead - 8)
+						br.bitsRead -= 8
+						br.off--
+					}
+				}
+			}
+			// end inline...
+			if offset >= len(out) {
+				return nil, errors.New("corruption detected: stream overrun 4")
+			}
+
+			// Read value and increment offset.
+			v := single[br.peekByteFast()>>shift].entry
+			nBits := uint8(v)
+			br.advance(nBits)
+			bitsLeft -= int(nBits)
+			out[offset] = uint8(v >> 8)
+			offset++
+		}
+		decoded += offset - dstEvery*i
+		err = br.close()
+		if err != nil {
+			return nil, err
+		}
+	}
+	if dstSize != decoded {
+		return nil, errors.New("corruption detected: short output block")
+	}
+	return dst, nil
+}
+
+// matches will compare a decoding table to a coding table.
+// Errors are written to the writer.
+// Nothing will be written if table is ok.
+func (s *Scratch) matches(ct cTable, w io.Writer) {
+	if s == nil || len(s.dt.single) == 0 {
+		return
+	}
+	dt := s.dt.single[:1<<s.actualTableLog]
+	tablelog := s.actualTableLog
+	ok := 0
+	broken := 0
+	for sym, enc := range ct {
+		errs := 0
+		broken++
+		if enc.nBits == 0 {
+			for _, dec := range dt {
+				if uint8(dec.entry>>8) == byte(sym) {
+					fmt.Fprintf(w, "symbol %x has decoder, but no encoder\n", sym)
+					errs++
+					break
+				}
+			}
+			if errs == 0 {
+				broken--
+			}
+			continue
+		}
+		// Unused bits in input
+		ub := tablelog - enc.nBits
+		top := enc.val << ub
+		// decoder looks at top bits.
+		dec := dt[top]
+		if uint8(dec.entry) != enc.nBits {
+			fmt.Fprintf(w, "symbol 0x%x bit size mismatch (enc: %d, dec:%d).\n", sym, enc.nBits, uint8(dec.entry))
+			errs++
+		}
+		if uint8(dec.entry>>8) != uint8(sym) {
+			fmt.Fprintf(w, "symbol 0x%x decoder output mismatch (enc: %d, dec:%d).\n", sym, sym, uint8(dec.entry>>8))
+			errs++
+		}
+		if errs > 0 {
+			fmt.Fprintf(w, "%d errros in base, stopping\n", errs)
+			continue
+		}
+		// Ensure that all combinations are covered.
+		for i := uint16(0); i < (1 << ub); i++ {
+			vval := top | i
+			dec := dt[vval]
+			if uint8(dec.entry) != enc.nBits {
+				fmt.Fprintf(w, "symbol 0x%x bit size mismatch (enc: %d, dec:%d).\n", vval, enc.nBits, uint8(dec.entry))
+				errs++
+			}
+			if uint8(dec.entry>>8) != uint8(sym) {
+				fmt.Fprintf(w, "symbol 0x%x decoder output mismatch (enc: %d, dec:%d).\n", vval, sym, uint8(dec.entry>>8))
+				errs++
+			}
+			if errs > 20 {
+				fmt.Fprintf(w, "%d errros, stopping\n", errs)
+				break
+			}
+		}
+		if errs == 0 {
+			ok++
+			broken--
+		}
+	}
+	if broken > 0 {
+		fmt.Fprintf(w, "%d broken, %d ok\n", broken, ok)
+	}
+}
diff --git a/vendor/github.com/klauspost/compress/huff0/huff0.go b/vendor/github.com/klauspost/compress/huff0/huff0.go
new file mode 100644
index 0000000000000..7ec2022b6506f
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/huff0/huff0.go
@@ -0,0 +1,273 @@
+// Package huff0 provides fast huffman encoding as used in zstd.
+//
+// See README.md at https://github.com/klauspost/compress/tree/master/huff0 for details.
+package huff0
+
+import (
+	"errors"
+	"fmt"
+	"math"
+	"math/bits"
+
+	"github.com/klauspost/compress/fse"
+)
+
+const (
+	maxSymbolValue = 255
+
+	// zstandard limits tablelog to 11, see:
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#huffman-tree-description
+	tableLogMax     = 11
+	tableLogDefault = 11
+	minTablelog     = 5
+	huffNodesLen    = 512
+
+	// BlockSizeMax is maximum input size for a single block uncompressed.
+	BlockSizeMax = 1<<18 - 1
+)
+
+var (
+	// ErrIncompressible is returned when input is judged to be too hard to compress.
+	ErrIncompressible = errors.New("input is not compressible")
+
+	// ErrUseRLE is returned from the compressor when the input is a single byte value repeated.
+	ErrUseRLE = errors.New("input is single value repeated")
+
+	// ErrTooBig is return if input is too large for a single block.
+	ErrTooBig = errors.New("input too big")
+
+	// ErrMaxDecodedSizeExceeded is return if input is too large for a single block.
+	ErrMaxDecodedSizeExceeded = errors.New("maximum output size exceeded")
+)
+
+type ReusePolicy uint8
+
+const (
+	// ReusePolicyAllow will allow reuse if it produces smaller output.
+	ReusePolicyAllow ReusePolicy = iota
+
+	// ReusePolicyPrefer will re-use aggressively if possible.
+	// This will not check if a new table will produce smaller output,
+	// except if the current table is impossible to use or
+	// compressed output is bigger than input.
+	ReusePolicyPrefer
+
+	// ReusePolicyNone will disable re-use of tables.
+	// This is slightly faster than ReusePolicyAllow but may produce larger output.
+	ReusePolicyNone
+
+	// ReusePolicyMust must allow reuse and produce smaller output.
+	ReusePolicyMust
+)
+
+type Scratch struct {
+	count [maxSymbolValue + 1]uint32
+
+	// Per block parameters.
+	// These can be used to override compression parameters of the block.
+	// Do not touch, unless you know what you are doing.
+
+	// Out is output buffer.
+	// If the scratch is re-used before the caller is done processing the output,
+	// set this field to nil.
+	// Otherwise the output buffer will be re-used for next Compression/Decompression step
+	// and allocation will be avoided.
+	Out []byte
+
+	// OutTable will contain the table data only, if a new table has been generated.
+	// Slice of the returned data.
+	OutTable []byte
+
+	// OutData will contain the compressed data.
+	// Slice of the returned data.
+	OutData []byte
+
+	// MaxDecodedSize will set the maximum allowed output size.
+	// This value will automatically be set to BlockSizeMax if not set.
+	// Decoders will return ErrMaxDecodedSizeExceeded is this limit is exceeded.
+	MaxDecodedSize int
+
+	br byteReader
+
+	// MaxSymbolValue will override the maximum symbol value of the next block.
+	MaxSymbolValue uint8
+
+	// TableLog will attempt to override the tablelog for the next block.
+	// Must be <= 11 and >= 5.
+	TableLog uint8
+
+	// Reuse will specify the reuse policy
+	Reuse ReusePolicy
+
+	// WantLogLess allows to specify a log 2 reduction that should at least be achieved,
+	// otherwise the block will be returned as incompressible.
+	// The reduction should then at least be (input size >> WantLogLess)
+	// If WantLogLess == 0 any improvement will do.
+	WantLogLess uint8
+
+	symbolLen      uint16 // Length of active part of the symbol table.
+	maxCount       int    // count of the most probable symbol
+	clearCount     bool   // clear count
+	actualTableLog uint8  // Selected tablelog.
+	prevTableLog   uint8  // Tablelog for previous table
+	prevTable      cTable // Table used for previous compression.
+	cTable         cTable // compression table
+	dt             dTable // decompression table
+	nodes          []nodeElt
+	tmpOut         [4][]byte
+	fse            *fse.Scratch
+	huffWeight     [maxSymbolValue + 1]byte
+}
+
+// TransferCTable will transfer the previously used compression table.
+func (s *Scratch) TransferCTable(src *Scratch) {
+	if cap(s.prevTable) < len(src.prevTable) {
+		s.prevTable = make(cTable, 0, maxSymbolValue+1)
+	}
+	s.prevTable = s.prevTable[:len(src.prevTable)]
+	copy(s.prevTable, src.prevTable)
+	s.prevTableLog = src.prevTableLog
+}
+
+func (s *Scratch) prepare(in []byte) (*Scratch, error) {
+	if len(in) > BlockSizeMax {
+		return nil, ErrTooBig
+	}
+	if s == nil {
+		s = &Scratch{}
+	}
+	if s.MaxSymbolValue == 0 {
+		s.MaxSymbolValue = maxSymbolValue
+	}
+	if s.TableLog == 0 {
+		s.TableLog = tableLogDefault
+	}
+	if s.TableLog > tableLogMax || s.TableLog < minTablelog {
+		return nil, fmt.Errorf(" invalid tableLog %d (%d -> %d)", s.TableLog, minTablelog, tableLogMax)
+	}
+	if s.MaxDecodedSize <= 0 || s.MaxDecodedSize > BlockSizeMax {
+		s.MaxDecodedSize = BlockSizeMax
+	}
+	if s.clearCount && s.maxCount == 0 {
+		for i := range s.count {
+			s.count[i] = 0
+		}
+		s.clearCount = false
+	}
+	if cap(s.Out) == 0 {
+		s.Out = make([]byte, 0, len(in))
+	}
+	s.Out = s.Out[:0]
+
+	s.OutTable = nil
+	s.OutData = nil
+	if cap(s.nodes) < huffNodesLen+1 {
+		s.nodes = make([]nodeElt, 0, huffNodesLen+1)
+	}
+	s.nodes = s.nodes[:0]
+	if s.fse == nil {
+		s.fse = &fse.Scratch{}
+	}
+	s.br.init(in)
+
+	return s, nil
+}
+
+type cTable []cTableEntry
+
+func (c cTable) write(s *Scratch) error {
+	var (
+		// precomputed conversion table
+		bitsToWeight [tableLogMax + 1]byte
+		huffLog      = s.actualTableLog
+		// last weight is not saved.
+		maxSymbolValue = uint8(s.symbolLen - 1)
+		huffWeight     = s.huffWeight[:256]
+	)
+	const (
+		maxFSETableLog = 6
+	)
+	// convert to weight
+	bitsToWeight[0] = 0
+	for n := uint8(1); n < huffLog+1; n++ {
+		bitsToWeight[n] = huffLog + 1 - n
+	}
+
+	// Acquire histogram for FSE.
+	hist := s.fse.Histogram()
+	hist = hist[:256]
+	for i := range hist[:16] {
+		hist[i] = 0
+	}
+	for n := uint8(0); n < maxSymbolValue; n++ {
+		v := bitsToWeight[c[n].nBits] & 15
+		huffWeight[n] = v
+		hist[v]++
+	}
+
+	// FSE compress if feasible.
+	if maxSymbolValue >= 2 {
+		huffMaxCnt := uint32(0)
+		huffMax := uint8(0)
+		for i, v := range hist[:16] {
+			if v == 0 {
+				continue
+			}
+			huffMax = byte(i)
+			if v > huffMaxCnt {
+				huffMaxCnt = v
+			}
+		}
+		s.fse.HistogramFinished(huffMax, int(huffMaxCnt))
+		s.fse.TableLog = maxFSETableLog
+		b, err := fse.Compress(huffWeight[:maxSymbolValue], s.fse)
+		if err == nil && len(b) < int(s.symbolLen>>1) {
+			s.Out = append(s.Out, uint8(len(b)))
+			s.Out = append(s.Out, b...)
+			return nil
+		}
+		// Unable to compress (RLE/uncompressible)
+	}
+	// write raw values as 4-bits (max : 15)
+	if maxSymbolValue > (256 - 128) {
+		// should not happen : likely means source cannot be compressed
+		return ErrIncompressible
+	}
+	op := s.Out
+	// special case, pack weights 4 bits/weight.
+	op = append(op, 128|(maxSymbolValue-1))
+	// be sure it doesn't cause msan issue in final combination
+	huffWeight[maxSymbolValue] = 0
+	for n := uint16(0); n < uint16(maxSymbolValue); n += 2 {
+		op = append(op, (huffWeight[n]<<4)|huffWeight[n+1])
+	}
+	s.Out = op
+	return nil
+}
+
+// estimateSize returns the estimated size in bytes of the input represented in the
+// histogram supplied.
+func (c cTable) estimateSize(hist []uint32) int {
+	nbBits := uint32(7)
+	for i, v := range c[:len(hist)] {
+		nbBits += uint32(v.nBits) * hist[i]
+	}
+	return int(nbBits >> 3)
+}
+
+// minSize returns the minimum possible size considering the shannon limit.
+func (s *Scratch) minSize(total int) int {
+	nbBits := float64(7)
+	fTotal := float64(total)
+	for _, v := range s.count[:s.symbolLen] {
+		n := float64(v)
+		if n > 0 {
+			nbBits += math.Log2(fTotal/n) * n
+		}
+	}
+	return int(nbBits) >> 3
+}
+
+func highBit32(val uint32) (n uint32) {
+	return uint32(bits.Len32(val) - 1)
+}
diff --git a/vendor/github.com/klauspost/compress/snappy/LICENSE b/vendor/github.com/klauspost/compress/snappy/LICENSE
new file mode 100644
index 0000000000000..6050c10f4c8b4
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2011 The Snappy-Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/klauspost/compress/snappy/README b/vendor/github.com/klauspost/compress/snappy/README
new file mode 100644
index 0000000000000..cea12879a0eae
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/README
@@ -0,0 +1,107 @@
+The Snappy compression format in the Go programming language.
+
+To download and install from source:
+$ go get github.com/golang/snappy
+
+Unless otherwise noted, the Snappy-Go source files are distributed
+under the BSD-style license found in the LICENSE file.
+
+
+
+Benchmarks.
+
+The golang/snappy benchmarks include compressing (Z) and decompressing (U) ten
+or so files, the same set used by the C++ Snappy code (github.com/google/snappy
+and note the "google", not "golang"). On an "Intel(R) Core(TM) i7-3770 CPU @
+3.40GHz", Go's GOARCH=amd64 numbers as of 2016-05-29:
+
+"go test -test.bench=."
+
+_UFlat0-8         2.19GB/s ± 0%  html
+_UFlat1-8         1.41GB/s ± 0%  urls
+_UFlat2-8         23.5GB/s ± 2%  jpg
+_UFlat3-8         1.91GB/s ± 0%  jpg_200
+_UFlat4-8         14.0GB/s ± 1%  pdf
+_UFlat5-8         1.97GB/s ± 0%  html4
+_UFlat6-8          814MB/s ± 0%  txt1
+_UFlat7-8          785MB/s ± 0%  txt2
+_UFlat8-8          857MB/s ± 0%  txt3
+_UFlat9-8          719MB/s ± 1%  txt4
+_UFlat10-8        2.84GB/s ± 0%  pb
+_UFlat11-8        1.05GB/s ± 0%  gaviota
+
+_ZFlat0-8         1.04GB/s ± 0%  html
+_ZFlat1-8          534MB/s ± 0%  urls
+_ZFlat2-8         15.7GB/s ± 1%  jpg
+_ZFlat3-8          740MB/s ± 3%  jpg_200
+_ZFlat4-8         9.20GB/s ± 1%  pdf
+_ZFlat5-8          991MB/s ± 0%  html4
+_ZFlat6-8          379MB/s ± 0%  txt1
+_ZFlat7-8          352MB/s ± 0%  txt2
+_ZFlat8-8          396MB/s ± 1%  txt3
+_ZFlat9-8          327MB/s ± 1%  txt4
+_ZFlat10-8        1.33GB/s ± 1%  pb
+_ZFlat11-8         605MB/s ± 1%  gaviota
+
+
+
+"go test -test.bench=. -tags=noasm"
+
+_UFlat0-8          621MB/s ± 2%  html
+_UFlat1-8          494MB/s ± 1%  urls
+_UFlat2-8         23.2GB/s ± 1%  jpg
+_UFlat3-8         1.12GB/s ± 1%  jpg_200
+_UFlat4-8         4.35GB/s ± 1%  pdf
+_UFlat5-8          609MB/s ± 0%  html4
+_UFlat6-8          296MB/s ± 0%  txt1
+_UFlat7-8          288MB/s ± 0%  txt2
+_UFlat8-8          309MB/s ± 1%  txt3
+_UFlat9-8          280MB/s ± 1%  txt4
+_UFlat10-8         753MB/s ± 0%  pb
+_UFlat11-8         400MB/s ± 0%  gaviota
+
+_ZFlat0-8          409MB/s ± 1%  html
+_ZFlat1-8          250MB/s ± 1%  urls
+_ZFlat2-8         12.3GB/s ± 1%  jpg
+_ZFlat3-8          132MB/s ± 0%  jpg_200
+_ZFlat4-8         2.92GB/s ± 0%  pdf
+_ZFlat5-8          405MB/s ± 1%  html4
+_ZFlat6-8          179MB/s ± 1%  txt1
+_ZFlat7-8          170MB/s ± 1%  txt2
+_ZFlat8-8          189MB/s ± 1%  txt3
+_ZFlat9-8          164MB/s ± 1%  txt4
+_ZFlat10-8         479MB/s ± 1%  pb
+_ZFlat11-8         270MB/s ± 1%  gaviota
+
+
+
+For comparison (Go's encoded output is byte-for-byte identical to C++'s), here
+are the numbers from C++ Snappy's
+
+make CXXFLAGS="-O2 -DNDEBUG -g" clean snappy_unittest.log && cat snappy_unittest.log
+
+BM_UFlat/0     2.4GB/s  html
+BM_UFlat/1     1.4GB/s  urls
+BM_UFlat/2    21.8GB/s  jpg
+BM_UFlat/3     1.5GB/s  jpg_200
+BM_UFlat/4    13.3GB/s  pdf
+BM_UFlat/5     2.1GB/s  html4
+BM_UFlat/6     1.0GB/s  txt1
+BM_UFlat/7   959.4MB/s  txt2
+BM_UFlat/8     1.0GB/s  txt3
+BM_UFlat/9   864.5MB/s  txt4
+BM_UFlat/10    2.9GB/s  pb
+BM_UFlat/11    1.2GB/s  gaviota
+
+BM_ZFlat/0   944.3MB/s  html (22.31 %)
+BM_ZFlat/1   501.6MB/s  urls (47.78 %)
+BM_ZFlat/2    14.3GB/s  jpg (99.95 %)
+BM_ZFlat/3   538.3MB/s  jpg_200 (73.00 %)
+BM_ZFlat/4     8.3GB/s  pdf (83.30 %)
+BM_ZFlat/5   903.5MB/s  html4 (22.52 %)
+BM_ZFlat/6   336.0MB/s  txt1 (57.88 %)
+BM_ZFlat/7   312.3MB/s  txt2 (61.91 %)
+BM_ZFlat/8   353.1MB/s  txt3 (54.99 %)
+BM_ZFlat/9   289.9MB/s  txt4 (66.26 %)
+BM_ZFlat/10    1.2GB/s  pb (19.68 %)
+BM_ZFlat/11  527.4MB/s  gaviota (37.72 %)
diff --git a/vendor/github.com/klauspost/compress/snappy/decode.go b/vendor/github.com/klauspost/compress/snappy/decode.go
new file mode 100644
index 0000000000000..72efb0353ddfc
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/decode.go
@@ -0,0 +1,237 @@
+// Copyright 2011 The Snappy-Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package snappy
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+var (
+	// ErrCorrupt reports that the input is invalid.
+	ErrCorrupt = errors.New("snappy: corrupt input")
+	// ErrTooLarge reports that the uncompressed length is too large.
+	ErrTooLarge = errors.New("snappy: decoded block is too large")
+	// ErrUnsupported reports that the input isn't supported.
+	ErrUnsupported = errors.New("snappy: unsupported input")
+
+	errUnsupportedLiteralLength = errors.New("snappy: unsupported literal length")
+)
+
+// DecodedLen returns the length of the decoded block.
+func DecodedLen(src []byte) (int, error) {
+	v, _, err := decodedLen(src)
+	return v, err
+}
+
+// decodedLen returns the length of the decoded block and the number of bytes
+// that the length header occupied.
+func decodedLen(src []byte) (blockLen, headerLen int, err error) {
+	v, n := binary.Uvarint(src)
+	if n <= 0 || v > 0xffffffff {
+		return 0, 0, ErrCorrupt
+	}
+
+	const wordSize = 32 << (^uint(0) >> 32 & 1)
+	if wordSize == 32 && v > 0x7fffffff {
+		return 0, 0, ErrTooLarge
+	}
+	return int(v), n, nil
+}
+
+const (
+	decodeErrCodeCorrupt                  = 1
+	decodeErrCodeUnsupportedLiteralLength = 2
+)
+
+// Decode returns the decoded form of src. The returned slice may be a sub-
+// slice of dst if dst was large enough to hold the entire decoded block.
+// Otherwise, a newly allocated slice will be returned.
+//
+// The dst and src must not overlap. It is valid to pass a nil dst.
+func Decode(dst, src []byte) ([]byte, error) {
+	dLen, s, err := decodedLen(src)
+	if err != nil {
+		return nil, err
+	}
+	if dLen <= len(dst) {
+		dst = dst[:dLen]
+	} else {
+		dst = make([]byte, dLen)
+	}
+	switch decode(dst, src[s:]) {
+	case 0:
+		return dst, nil
+	case decodeErrCodeUnsupportedLiteralLength:
+		return nil, errUnsupportedLiteralLength
+	}
+	return nil, ErrCorrupt
+}
+
+// NewReader returns a new Reader that decompresses from r, using the framing
+// format described at
+// https://github.com/google/snappy/blob/master/framing_format.txt
+func NewReader(r io.Reader) *Reader {
+	return &Reader{
+		r:       r,
+		decoded: make([]byte, maxBlockSize),
+		buf:     make([]byte, maxEncodedLenOfMaxBlockSize+checksumSize),
+	}
+}
+
+// Reader is an io.Reader that can read Snappy-compressed bytes.
+type Reader struct {
+	r       io.Reader
+	err     error
+	decoded []byte
+	buf     []byte
+	// decoded[i:j] contains decoded bytes that have not yet been passed on.
+	i, j       int
+	readHeader bool
+}
+
+// Reset discards any buffered data, resets all state, and switches the Snappy
+// reader to read from r. This permits reusing a Reader rather than allocating
+// a new one.
+func (r *Reader) Reset(reader io.Reader) {
+	r.r = reader
+	r.err = nil
+	r.i = 0
+	r.j = 0
+	r.readHeader = false
+}
+
+func (r *Reader) readFull(p []byte, allowEOF bool) (ok bool) {
+	if _, r.err = io.ReadFull(r.r, p); r.err != nil {
+		if r.err == io.ErrUnexpectedEOF || (r.err == io.EOF && !allowEOF) {
+			r.err = ErrCorrupt
+		}
+		return false
+	}
+	return true
+}
+
+// Read satisfies the io.Reader interface.
+func (r *Reader) Read(p []byte) (int, error) {
+	if r.err != nil {
+		return 0, r.err
+	}
+	for {
+		if r.i < r.j {
+			n := copy(p, r.decoded[r.i:r.j])
+			r.i += n
+			return n, nil
+		}
+		if !r.readFull(r.buf[:4], true) {
+			return 0, r.err
+		}
+		chunkType := r.buf[0]
+		if !r.readHeader {
+			if chunkType != chunkTypeStreamIdentifier {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
+			r.readHeader = true
+		}
+		chunkLen := int(r.buf[1]) | int(r.buf[2])<<8 | int(r.buf[3])<<16
+		if chunkLen > len(r.buf) {
+			r.err = ErrUnsupported
+			return 0, r.err
+		}
+
+		// The chunk types are specified at
+		// https://github.com/google/snappy/blob/master/framing_format.txt
+		switch chunkType {
+		case chunkTypeCompressedData:
+			// Section 4.2. Compressed data (chunk type 0x00).
+			if chunkLen < checksumSize {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
+			buf := r.buf[:chunkLen]
+			if !r.readFull(buf, false) {
+				return 0, r.err
+			}
+			checksum := uint32(buf[0]) | uint32(buf[1])<<8 | uint32(buf[2])<<16 | uint32(buf[3])<<24
+			buf = buf[checksumSize:]
+
+			n, err := DecodedLen(buf)
+			if err != nil {
+				r.err = err
+				return 0, r.err
+			}
+			if n > len(r.decoded) {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
+			if _, err := Decode(r.decoded, buf); err != nil {
+				r.err = err
+				return 0, r.err
+			}
+			if crc(r.decoded[:n]) != checksum {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
+			r.i, r.j = 0, n
+			continue
+
+		case chunkTypeUncompressedData:
+			// Section 4.3. Uncompressed data (chunk type 0x01).
+			if chunkLen < checksumSize {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
+			buf := r.buf[:checksumSize]
+			if !r.readFull(buf, false) {
+				return 0, r.err
+			}
+			checksum := uint32(buf[0]) | uint32(buf[1])<<8 | uint32(buf[2])<<16 | uint32(buf[3])<<24
+			// Read directly into r.decoded instead of via r.buf.
+			n := chunkLen - checksumSize
+			if n > len(r.decoded) {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
+			if !r.readFull(r.decoded[:n], false) {
+				return 0, r.err
+			}
+			if crc(r.decoded[:n]) != checksum {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
+			r.i, r.j = 0, n
+			continue
+
+		case chunkTypeStreamIdentifier:
+			// Section 4.1. Stream identifier (chunk type 0xff).
+			if chunkLen != len(magicBody) {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
+			if !r.readFull(r.buf[:len(magicBody)], false) {
+				return 0, r.err
+			}
+			for i := 0; i < len(magicBody); i++ {
+				if r.buf[i] != magicBody[i] {
+					r.err = ErrCorrupt
+					return 0, r.err
+				}
+			}
+			continue
+		}
+
+		if chunkType <= 0x7f {
+			// Section 4.5. Reserved unskippable chunks (chunk types 0x02-0x7f).
+			r.err = ErrUnsupported
+			return 0, r.err
+		}
+		// Section 4.4 Padding (chunk type 0xfe).
+		// Section 4.6. Reserved skippable chunks (chunk types 0x80-0xfd).
+		if !r.readFull(r.buf[:chunkLen], false) {
+			return 0, r.err
+		}
+	}
+}
diff --git a/vendor/github.com/klauspost/compress/snappy/decode_amd64.go b/vendor/github.com/klauspost/compress/snappy/decode_amd64.go
new file mode 100644
index 0000000000000..fcd192b849eda
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/decode_amd64.go
@@ -0,0 +1,14 @@
+// Copyright 2016 The Snappy-Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine
+// +build gc
+// +build !noasm
+
+package snappy
+
+// decode has the same semantics as in decode_other.go.
+//
+//go:noescape
+func decode(dst, src []byte) int
diff --git a/vendor/github.com/klauspost/compress/snappy/decode_amd64.s b/vendor/github.com/klauspost/compress/snappy/decode_amd64.s
new file mode 100644
index 0000000000000..1c66e37234dc7
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/decode_amd64.s
@@ -0,0 +1,482 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine
+// +build gc
+// +build !noasm
+
+#include "textflag.h"
+
+// The asm code generally follows the pure Go code in decode_other.go, except
+// where marked with a "!!!".
+
+// func decode(dst, src []byte) int
+//
+// All local variables fit into registers. The non-zero stack size is only to
+// spill registers and push args when issuing a CALL. The register allocation:
+//	- AX	scratch
+//	- BX	scratch
+//	- CX	length or x
+//	- DX	offset
+//	- SI	&src[s]
+//	- DI	&dst[d]
+//	+ R8	dst_base
+//	+ R9	dst_len
+//	+ R10	dst_base + dst_len
+//	+ R11	src_base
+//	+ R12	src_len
+//	+ R13	src_base + src_len
+//	- R14	used by doCopy
+//	- R15	used by doCopy
+//
+// The registers R8-R13 (marked with a "+") are set at the start of the
+// function, and after a CALL returns, and are not otherwise modified.
+//
+// The d variable is implicitly DI - R8,  and len(dst)-d is R10 - DI.
+// The s variable is implicitly SI - R11, and len(src)-s is R13 - SI.
+TEXT ·decode(SB), NOSPLIT, $48-56
+	// Initialize SI, DI and R8-R13.
+	MOVQ dst_base+0(FP), R8
+	MOVQ dst_len+8(FP), R9
+	MOVQ R8, DI
+	MOVQ R8, R10
+	ADDQ R9, R10
+	MOVQ src_base+24(FP), R11
+	MOVQ src_len+32(FP), R12
+	MOVQ R11, SI
+	MOVQ R11, R13
+	ADDQ R12, R13
+
+loop:
+	// for s < len(src)
+	CMPQ SI, R13
+	JEQ  end
+
+	// CX = uint32(src[s])
+	//
+	// switch src[s] & 0x03
+	MOVBLZX (SI), CX
+	MOVL    CX, BX
+	ANDL    $3, BX
+	CMPL    BX, $1
+	JAE     tagCopy
+
+	// ----------------------------------------
+	// The code below handles literal tags.
+
+	// case tagLiteral:
+	// x := uint32(src[s] >> 2)
+	// switch
+	SHRL $2, CX
+	CMPL CX, $60
+	JAE  tagLit60Plus
+
+	// case x < 60:
+	// s++
+	INCQ SI
+
+doLit:
+	// This is the end of the inner "switch", when we have a literal tag.
+	//
+	// We assume that CX == x and x fits in a uint32, where x is the variable
+	// used in the pure Go decode_other.go code.
+
+	// length = int(x) + 1
+	//
+	// Unlike the pure Go code, we don't need to check if length <= 0 because
+	// CX can hold 64 bits, so the increment cannot overflow.
+	INCQ CX
+
+	// Prepare to check if copying length bytes will run past the end of dst or
+	// src.
+	//
+	// AX = len(dst) - d
+	// BX = len(src) - s
+	MOVQ R10, AX
+	SUBQ DI, AX
+	MOVQ R13, BX
+	SUBQ SI, BX
+
+	// !!! Try a faster technique for short (16 or fewer bytes) copies.
+	//
+	// if length > 16 || len(dst)-d < 16 || len(src)-s < 16 {
+	//   goto callMemmove // Fall back on calling runtime·memmove.
+	// }
+	//
+	// The C++ snappy code calls this TryFastAppend. It also checks len(src)-s
+	// against 21 instead of 16, because it cannot assume that all of its input
+	// is contiguous in memory and so it needs to leave enough source bytes to
+	// read the next tag without refilling buffers, but Go's Decode assumes
+	// contiguousness (the src argument is a []byte).
+	CMPQ CX, $16
+	JGT  callMemmove
+	CMPQ AX, $16
+	JLT  callMemmove
+	CMPQ BX, $16
+	JLT  callMemmove
+
+	// !!! Implement the copy from src to dst as a 16-byte load and store.
+	// (Decode's documentation says that dst and src must not overlap.)
+	//
+	// This always copies 16 bytes, instead of only length bytes, but that's
+	// OK. If the input is a valid Snappy encoding then subsequent iterations
+	// will fix up the overrun. Otherwise, Decode returns a nil []byte (and a
+	// non-nil error), so the overrun will be ignored.
+	//
+	// Note that on amd64, it is legal and cheap to issue unaligned 8-byte or
+	// 16-byte loads and stores. This technique probably wouldn't be as
+	// effective on architectures that are fussier about alignment.
+	MOVOU 0(SI), X0
+	MOVOU X0, 0(DI)
+
+	// d += length
+	// s += length
+	ADDQ CX, DI
+	ADDQ CX, SI
+	JMP  loop
+
+callMemmove:
+	// if length > len(dst)-d || length > len(src)-s { etc }
+	CMPQ CX, AX
+	JGT  errCorrupt
+	CMPQ CX, BX
+	JGT  errCorrupt
+
+	// copy(dst[d:], src[s:s+length])
+	//
+	// This means calling runtime·memmove(&dst[d], &src[s], length), so we push
+	// DI, SI and CX as arguments. Coincidentally, we also need to spill those
+	// three registers to the stack, to save local variables across the CALL.
+	MOVQ DI, 0(SP)
+	MOVQ SI, 8(SP)
+	MOVQ CX, 16(SP)
+	MOVQ DI, 24(SP)
+	MOVQ SI, 32(SP)
+	MOVQ CX, 40(SP)
+	CALL runtime·memmove(SB)
+
+	// Restore local variables: unspill registers from the stack and
+	// re-calculate R8-R13.
+	MOVQ 24(SP), DI
+	MOVQ 32(SP), SI
+	MOVQ 40(SP), CX
+	MOVQ dst_base+0(FP), R8
+	MOVQ dst_len+8(FP), R9
+	MOVQ R8, R10
+	ADDQ R9, R10
+	MOVQ src_base+24(FP), R11
+	MOVQ src_len+32(FP), R12
+	MOVQ R11, R13
+	ADDQ R12, R13
+
+	// d += length
+	// s += length
+	ADDQ CX, DI
+	ADDQ CX, SI
+	JMP  loop
+
+tagLit60Plus:
+	// !!! This fragment does the
+	//
+	// s += x - 58; if uint(s) > uint(len(src)) { etc }
+	//
+	// checks. In the asm version, we code it once instead of once per switch case.
+	ADDQ CX, SI
+	SUBQ $58, SI
+	CMPQ SI, R13
+	JA   errCorrupt
+
+	// case x == 60:
+	CMPL CX, $61
+	JEQ  tagLit61
+	JA   tagLit62Plus
+
+	// x = uint32(src[s-1])
+	MOVBLZX -1(SI), CX
+	JMP     doLit
+
+tagLit61:
+	// case x == 61:
+	// x = uint32(src[s-2]) | uint32(src[s-1])<<8
+	MOVWLZX -2(SI), CX
+	JMP     doLit
+
+tagLit62Plus:
+	CMPL CX, $62
+	JA   tagLit63
+
+	// case x == 62:
+	// x = uint32(src[s-3]) | uint32(src[s-2])<<8 | uint32(src[s-1])<<16
+	MOVWLZX -3(SI), CX
+	MOVBLZX -1(SI), BX
+	SHLL    $16, BX
+	ORL     BX, CX
+	JMP     doLit
+
+tagLit63:
+	// case x == 63:
+	// x = uint32(src[s-4]) | uint32(src[s-3])<<8 | uint32(src[s-2])<<16 | uint32(src[s-1])<<24
+	MOVL -4(SI), CX
+	JMP  doLit
+
+// The code above handles literal tags.
+// ----------------------------------------
+// The code below handles copy tags.
+
+tagCopy4:
+	// case tagCopy4:
+	// s += 5
+	ADDQ $5, SI
+
+	// if uint(s) > uint(len(src)) { etc }
+	CMPQ SI, R13
+	JA   errCorrupt
+
+	// length = 1 + int(src[s-5])>>2
+	SHRQ $2, CX
+	INCQ CX
+
+	// offset = int(uint32(src[s-4]) | uint32(src[s-3])<<8 | uint32(src[s-2])<<16 | uint32(src[s-1])<<24)
+	MOVLQZX -4(SI), DX
+	JMP     doCopy
+
+tagCopy2:
+	// case tagCopy2:
+	// s += 3
+	ADDQ $3, SI
+
+	// if uint(s) > uint(len(src)) { etc }
+	CMPQ SI, R13
+	JA   errCorrupt
+
+	// length = 1 + int(src[s-3])>>2
+	SHRQ $2, CX
+	INCQ CX
+
+	// offset = int(uint32(src[s-2]) | uint32(src[s-1])<<8)
+	MOVWQZX -2(SI), DX
+	JMP     doCopy
+
+tagCopy:
+	// We have a copy tag. We assume that:
+	//	- BX == src[s] & 0x03
+	//	- CX == src[s]
+	CMPQ BX, $2
+	JEQ  tagCopy2
+	JA   tagCopy4
+
+	// case tagCopy1:
+	// s += 2
+	ADDQ $2, SI
+
+	// if uint(s) > uint(len(src)) { etc }
+	CMPQ SI, R13
+	JA   errCorrupt
+
+	// offset = int(uint32(src[s-2])&0xe0<<3 | uint32(src[s-1]))
+	MOVQ    CX, DX
+	ANDQ    $0xe0, DX
+	SHLQ    $3, DX
+	MOVBQZX -1(SI), BX
+	ORQ     BX, DX
+
+	// length = 4 + int(src[s-2])>>2&0x7
+	SHRQ $2, CX
+	ANDQ $7, CX
+	ADDQ $4, CX
+
+doCopy:
+	// This is the end of the outer "switch", when we have a copy tag.
+	//
+	// We assume that:
+	//	- CX == length && CX > 0
+	//	- DX == offset
+
+	// if offset <= 0 { etc }
+	CMPQ DX, $0
+	JLE  errCorrupt
+
+	// if d < offset { etc }
+	MOVQ DI, BX
+	SUBQ R8, BX
+	CMPQ BX, DX
+	JLT  errCorrupt
+
+	// if length > len(dst)-d { etc }
+	MOVQ R10, BX
+	SUBQ DI, BX
+	CMPQ CX, BX
+	JGT  errCorrupt
+
+	// forwardCopy(dst[d:d+length], dst[d-offset:]); d += length
+	//
+	// Set:
+	//	- R14 = len(dst)-d
+	//	- R15 = &dst[d-offset]
+	MOVQ R10, R14
+	SUBQ DI, R14
+	MOVQ DI, R15
+	SUBQ DX, R15
+
+	// !!! Try a faster technique for short (16 or fewer bytes) forward copies.
+	//
+	// First, try using two 8-byte load/stores, similar to the doLit technique
+	// above. Even if dst[d:d+length] and dst[d-offset:] can overlap, this is
+	// still OK if offset >= 8. Note that this has to be two 8-byte load/stores
+	// and not one 16-byte load/store, and the first store has to be before the
+	// second load, due to the overlap if offset is in the range [8, 16).
+	//
+	// if length > 16 || offset < 8 || len(dst)-d < 16 {
+	//   goto slowForwardCopy
+	// }
+	// copy 16 bytes
+	// d += length
+	CMPQ CX, $16
+	JGT  slowForwardCopy
+	CMPQ DX, $8
+	JLT  slowForwardCopy
+	CMPQ R14, $16
+	JLT  slowForwardCopy
+	MOVQ 0(R15), AX
+	MOVQ AX, 0(DI)
+	MOVQ 8(R15), BX
+	MOVQ BX, 8(DI)
+	ADDQ CX, DI
+	JMP  loop
+
+slowForwardCopy:
+	// !!! If the forward copy is longer than 16 bytes, or if offset < 8, we
+	// can still try 8-byte load stores, provided we can overrun up to 10 extra
+	// bytes. As above, the overrun will be fixed up by subsequent iterations
+	// of the outermost loop.
+	//
+	// The C++ snappy code calls this technique IncrementalCopyFastPath. Its
+	// commentary says:
+	//
+	// ----
+	//
+	// The main part of this loop is a simple copy of eight bytes at a time
+	// until we've copied (at least) the requested amount of bytes.  However,
+	// if d and d-offset are less than eight bytes apart (indicating a
+	// repeating pattern of length < 8), we first need to expand the pattern in
+	// order to get the correct results. For instance, if the buffer looks like
+	// this, with the eight-byte <d-offset> and <d> patterns marked as
+	// intervals:
+	//
+	//    abxxxxxxxxxxxx
+	//    [------]           d-offset
+	//      [------]         d
+	//
+	// a single eight-byte copy from <d-offset> to <d> will repeat the pattern
+	// once, after which we can move <d> two bytes without moving <d-offset>:
+	//
+	//    ababxxxxxxxxxx
+	//    [------]           d-offset
+	//        [------]       d
+	//
+	// and repeat the exercise until the two no longer overlap.
+	//
+	// This allows us to do very well in the special case of one single byte
+	// repeated many times, without taking a big hit for more general cases.
+	//
+	// The worst case of extra writing past the end of the match occurs when
+	// offset == 1 and length == 1; the last copy will read from byte positions
+	// [0..7] and write to [4..11], whereas it was only supposed to write to
+	// position 1. Thus, ten excess bytes.
+	//
+	// ----
+	//
+	// That "10 byte overrun" worst case is confirmed by Go's
+	// TestSlowForwardCopyOverrun, which also tests the fixUpSlowForwardCopy
+	// and finishSlowForwardCopy algorithm.
+	//
+	// if length > len(dst)-d-10 {
+	//   goto verySlowForwardCopy
+	// }
+	SUBQ $10, R14
+	CMPQ CX, R14
+	JGT  verySlowForwardCopy
+
+makeOffsetAtLeast8:
+	// !!! As above, expand the pattern so that offset >= 8 and we can use
+	// 8-byte load/stores.
+	//
+	// for offset < 8 {
+	//   copy 8 bytes from dst[d-offset:] to dst[d:]
+	//   length -= offset
+	//   d      += offset
+	//   offset += offset
+	//   // The two previous lines together means that d-offset, and therefore
+	//   // R15, is unchanged.
+	// }
+	CMPQ DX, $8
+	JGE  fixUpSlowForwardCopy
+	MOVQ (R15), BX
+	MOVQ BX, (DI)
+	SUBQ DX, CX
+	ADDQ DX, DI
+	ADDQ DX, DX
+	JMP  makeOffsetAtLeast8
+
+fixUpSlowForwardCopy:
+	// !!! Add length (which might be negative now) to d (implied by DI being
+	// &dst[d]) so that d ends up at the right place when we jump back to the
+	// top of the loop. Before we do that, though, we save DI to AX so that, if
+	// length is positive, copying the remaining length bytes will write to the
+	// right place.
+	MOVQ DI, AX
+	ADDQ CX, DI
+
+finishSlowForwardCopy:
+	// !!! Repeat 8-byte load/stores until length <= 0. Ending with a negative
+	// length means that we overrun, but as above, that will be fixed up by
+	// subsequent iterations of the outermost loop.
+	CMPQ CX, $0
+	JLE  loop
+	MOVQ (R15), BX
+	MOVQ BX, (AX)
+	ADDQ $8, R15
+	ADDQ $8, AX
+	SUBQ $8, CX
+	JMP  finishSlowForwardCopy
+
+verySlowForwardCopy:
+	// verySlowForwardCopy is a simple implementation of forward copy. In C
+	// parlance, this is a do/while loop instead of a while loop, since we know
+	// that length > 0. In Go syntax:
+	//
+	// for {
+	//   dst[d] = dst[d - offset]
+	//   d++
+	//   length--
+	//   if length == 0 {
+	//     break
+	//   }
+	// }
+	MOVB (R15), BX
+	MOVB BX, (DI)
+	INCQ R15
+	INCQ DI
+	DECQ CX
+	JNZ  verySlowForwardCopy
+	JMP  loop
+
+// The code above handles copy tags.
+// ----------------------------------------
+
+end:
+	// This is the end of the "for s < len(src)".
+	//
+	// if d != len(dst) { etc }
+	CMPQ DI, R10
+	JNE  errCorrupt
+
+	// return 0
+	MOVQ $0, ret+48(FP)
+	RET
+
+errCorrupt:
+	// return decodeErrCodeCorrupt
+	MOVQ $1, ret+48(FP)
+	RET
diff --git a/vendor/github.com/klauspost/compress/snappy/decode_other.go b/vendor/github.com/klauspost/compress/snappy/decode_other.go
new file mode 100644
index 0000000000000..94a96c5d7b858
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/decode_other.go
@@ -0,0 +1,115 @@
+// Copyright 2016 The Snappy-Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 appengine !gc noasm
+
+package snappy
+
+// decode writes the decoding of src to dst. It assumes that the varint-encoded
+// length of the decompressed bytes has already been read, and that len(dst)
+// equals that length.
+//
+// It returns 0 on success or a decodeErrCodeXxx error code on failure.
+func decode(dst, src []byte) int {
+	var d, s, offset, length int
+	for s < len(src) {
+		switch src[s] & 0x03 {
+		case tagLiteral:
+			x := uint32(src[s] >> 2)
+			switch {
+			case x < 60:
+				s++
+			case x == 60:
+				s += 2
+				if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+					return decodeErrCodeCorrupt
+				}
+				x = uint32(src[s-1])
+			case x == 61:
+				s += 3
+				if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+					return decodeErrCodeCorrupt
+				}
+				x = uint32(src[s-2]) | uint32(src[s-1])<<8
+			case x == 62:
+				s += 4
+				if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+					return decodeErrCodeCorrupt
+				}
+				x = uint32(src[s-3]) | uint32(src[s-2])<<8 | uint32(src[s-1])<<16
+			case x == 63:
+				s += 5
+				if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+					return decodeErrCodeCorrupt
+				}
+				x = uint32(src[s-4]) | uint32(src[s-3])<<8 | uint32(src[s-2])<<16 | uint32(src[s-1])<<24
+			}
+			length = int(x) + 1
+			if length <= 0 {
+				return decodeErrCodeUnsupportedLiteralLength
+			}
+			if length > len(dst)-d || length > len(src)-s {
+				return decodeErrCodeCorrupt
+			}
+			copy(dst[d:], src[s:s+length])
+			d += length
+			s += length
+			continue
+
+		case tagCopy1:
+			s += 2
+			if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+				return decodeErrCodeCorrupt
+			}
+			length = 4 + int(src[s-2])>>2&0x7
+			offset = int(uint32(src[s-2])&0xe0<<3 | uint32(src[s-1]))
+
+		case tagCopy2:
+			s += 3
+			if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+				return decodeErrCodeCorrupt
+			}
+			length = 1 + int(src[s-3])>>2
+			offset = int(uint32(src[s-2]) | uint32(src[s-1])<<8)
+
+		case tagCopy4:
+			s += 5
+			if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+				return decodeErrCodeCorrupt
+			}
+			length = 1 + int(src[s-5])>>2
+			offset = int(uint32(src[s-4]) | uint32(src[s-3])<<8 | uint32(src[s-2])<<16 | uint32(src[s-1])<<24)
+		}
+
+		if offset <= 0 || d < offset || length > len(dst)-d {
+			return decodeErrCodeCorrupt
+		}
+		// Copy from an earlier sub-slice of dst to a later sub-slice.
+		// If no overlap, use the built-in copy:
+		if offset > length {
+			copy(dst[d:d+length], dst[d-offset:])
+			d += length
+			continue
+		}
+
+		// Unlike the built-in copy function, this byte-by-byte copy always runs
+		// forwards, even if the slices overlap. Conceptually, this is:
+		//
+		// d += forwardCopy(dst[d:d+length], dst[d-offset:])
+		//
+		// We align the slices into a and b and show the compiler they are the same size.
+		// This allows the loop to run without bounds checks.
+		a := dst[d : d+length]
+		b := dst[d-offset:]
+		b = b[:len(a)]
+		for i := range a {
+			a[i] = b[i]
+		}
+		d += length
+	}
+	if d != len(dst) {
+		return decodeErrCodeCorrupt
+	}
+	return 0
+}
diff --git a/vendor/github.com/klauspost/compress/snappy/encode.go b/vendor/github.com/klauspost/compress/snappy/encode.go
new file mode 100644
index 0000000000000..8d393e904bb31
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/encode.go
@@ -0,0 +1,285 @@
+// Copyright 2011 The Snappy-Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package snappy
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+// Encode returns the encoded form of src. The returned slice may be a sub-
+// slice of dst if dst was large enough to hold the entire encoded block.
+// Otherwise, a newly allocated slice will be returned.
+//
+// The dst and src must not overlap. It is valid to pass a nil dst.
+func Encode(dst, src []byte) []byte {
+	if n := MaxEncodedLen(len(src)); n < 0 {
+		panic(ErrTooLarge)
+	} else if len(dst) < n {
+		dst = make([]byte, n)
+	}
+
+	// The block starts with the varint-encoded length of the decompressed bytes.
+	d := binary.PutUvarint(dst, uint64(len(src)))
+
+	for len(src) > 0 {
+		p := src
+		src = nil
+		if len(p) > maxBlockSize {
+			p, src = p[:maxBlockSize], p[maxBlockSize:]
+		}
+		if len(p) < minNonLiteralBlockSize {
+			d += emitLiteral(dst[d:], p)
+		} else {
+			d += encodeBlock(dst[d:], p)
+		}
+	}
+	return dst[:d]
+}
+
+// inputMargin is the minimum number of extra input bytes to keep, inside
+// encodeBlock's inner loop. On some architectures, this margin lets us
+// implement a fast path for emitLiteral, where the copy of short (<= 16 byte)
+// literals can be implemented as a single load to and store from a 16-byte
+// register. That literal's actual length can be as short as 1 byte, so this
+// can copy up to 15 bytes too much, but that's OK as subsequent iterations of
+// the encoding loop will fix up the copy overrun, and this inputMargin ensures
+// that we don't overrun the dst and src buffers.
+const inputMargin = 16 - 1
+
+// minNonLiteralBlockSize is the minimum size of the input to encodeBlock that
+// could be encoded with a copy tag. This is the minimum with respect to the
+// algorithm used by encodeBlock, not a minimum enforced by the file format.
+//
+// The encoded output must start with at least a 1 byte literal, as there are
+// no previous bytes to copy. A minimal (1 byte) copy after that, generated
+// from an emitCopy call in encodeBlock's main loop, would require at least
+// another inputMargin bytes, for the reason above: we want any emitLiteral
+// calls inside encodeBlock's main loop to use the fast path if possible, which
+// requires being able to overrun by inputMargin bytes. Thus,
+// minNonLiteralBlockSize equals 1 + 1 + inputMargin.
+//
+// The C++ code doesn't use this exact threshold, but it could, as discussed at
+// https://groups.google.com/d/topic/snappy-compression/oGbhsdIJSJ8/discussion
+// The difference between Go (2+inputMargin) and C++ (inputMargin) is purely an
+// optimization. It should not affect the encoded form. This is tested by
+// TestSameEncodingAsCppShortCopies.
+const minNonLiteralBlockSize = 1 + 1 + inputMargin
+
+// MaxEncodedLen returns the maximum length of a snappy block, given its
+// uncompressed length.
+//
+// It will return a negative value if srcLen is too large to encode.
+func MaxEncodedLen(srcLen int) int {
+	n := uint64(srcLen)
+	if n > 0xffffffff {
+		return -1
+	}
+	// Compressed data can be defined as:
+	//    compressed := item* literal*
+	//    item       := literal* copy
+	//
+	// The trailing literal sequence has a space blowup of at most 62/60
+	// since a literal of length 60 needs one tag byte + one extra byte
+	// for length information.
+	//
+	// Item blowup is trickier to measure. Suppose the "copy" op copies
+	// 4 bytes of data. Because of a special check in the encoding code,
+	// we produce a 4-byte copy only if the offset is < 65536. Therefore
+	// the copy op takes 3 bytes to encode, and this type of item leads
+	// to at most the 62/60 blowup for representing literals.
+	//
+	// Suppose the "copy" op copies 5 bytes of data. If the offset is big
+	// enough, it will take 5 bytes to encode the copy op. Therefore the
+	// worst case here is a one-byte literal followed by a five-byte copy.
+	// That is, 6 bytes of input turn into 7 bytes of "compressed" data.
+	//
+	// This last factor dominates the blowup, so the final estimate is:
+	n = 32 + n + n/6
+	if n > 0xffffffff {
+		return -1
+	}
+	return int(n)
+}
+
+var errClosed = errors.New("snappy: Writer is closed")
+
+// NewWriter returns a new Writer that compresses to w.
+//
+// The Writer returned does not buffer writes. There is no need to Flush or
+// Close such a Writer.
+//
+// Deprecated: the Writer returned is not suitable for many small writes, only
+// for few large writes. Use NewBufferedWriter instead, which is efficient
+// regardless of the frequency and shape of the writes, and remember to Close
+// that Writer when done.
+func NewWriter(w io.Writer) *Writer {
+	return &Writer{
+		w:    w,
+		obuf: make([]byte, obufLen),
+	}
+}
+
+// NewBufferedWriter returns a new Writer that compresses to w, using the
+// framing format described at
+// https://github.com/google/snappy/blob/master/framing_format.txt
+//
+// The Writer returned buffers writes. Users must call Close to guarantee all
+// data has been forwarded to the underlying io.Writer. They may also call
+// Flush zero or more times before calling Close.
+func NewBufferedWriter(w io.Writer) *Writer {
+	return &Writer{
+		w:    w,
+		ibuf: make([]byte, 0, maxBlockSize),
+		obuf: make([]byte, obufLen),
+	}
+}
+
+// Writer is an io.Writer that can write Snappy-compressed bytes.
+type Writer struct {
+	w   io.Writer
+	err error
+
+	// ibuf is a buffer for the incoming (uncompressed) bytes.
+	//
+	// Its use is optional. For backwards compatibility, Writers created by the
+	// NewWriter function have ibuf == nil, do not buffer incoming bytes, and
+	// therefore do not need to be Flush'ed or Close'd.
+	ibuf []byte
+
+	// obuf is a buffer for the outgoing (compressed) bytes.
+	obuf []byte
+
+	// wroteStreamHeader is whether we have written the stream header.
+	wroteStreamHeader bool
+}
+
+// Reset discards the writer's state and switches the Snappy writer to write to
+// w. This permits reusing a Writer rather than allocating a new one.
+func (w *Writer) Reset(writer io.Writer) {
+	w.w = writer
+	w.err = nil
+	if w.ibuf != nil {
+		w.ibuf = w.ibuf[:0]
+	}
+	w.wroteStreamHeader = false
+}
+
+// Write satisfies the io.Writer interface.
+func (w *Writer) Write(p []byte) (nRet int, errRet error) {
+	if w.ibuf == nil {
+		// Do not buffer incoming bytes. This does not perform or compress well
+		// if the caller of Writer.Write writes many small slices. This
+		// behavior is therefore deprecated, but still supported for backwards
+		// compatibility with code that doesn't explicitly Flush or Close.
+		return w.write(p)
+	}
+
+	// The remainder of this method is based on bufio.Writer.Write from the
+	// standard library.
+
+	for len(p) > (cap(w.ibuf)-len(w.ibuf)) && w.err == nil {
+		var n int
+		if len(w.ibuf) == 0 {
+			// Large write, empty buffer.
+			// Write directly from p to avoid copy.
+			n, _ = w.write(p)
+		} else {
+			n = copy(w.ibuf[len(w.ibuf):cap(w.ibuf)], p)
+			w.ibuf = w.ibuf[:len(w.ibuf)+n]
+			w.Flush()
+		}
+		nRet += n
+		p = p[n:]
+	}
+	if w.err != nil {
+		return nRet, w.err
+	}
+	n := copy(w.ibuf[len(w.ibuf):cap(w.ibuf)], p)
+	w.ibuf = w.ibuf[:len(w.ibuf)+n]
+	nRet += n
+	return nRet, nil
+}
+
+func (w *Writer) write(p []byte) (nRet int, errRet error) {
+	if w.err != nil {
+		return 0, w.err
+	}
+	for len(p) > 0 {
+		obufStart := len(magicChunk)
+		if !w.wroteStreamHeader {
+			w.wroteStreamHeader = true
+			copy(w.obuf, magicChunk)
+			obufStart = 0
+		}
+
+		var uncompressed []byte
+		if len(p) > maxBlockSize {
+			uncompressed, p = p[:maxBlockSize], p[maxBlockSize:]
+		} else {
+			uncompressed, p = p, nil
+		}
+		checksum := crc(uncompressed)
+
+		// Compress the buffer, discarding the result if the improvement
+		// isn't at least 12.5%.
+		compressed := Encode(w.obuf[obufHeaderLen:], uncompressed)
+		chunkType := uint8(chunkTypeCompressedData)
+		chunkLen := 4 + len(compressed)
+		obufEnd := obufHeaderLen + len(compressed)
+		if len(compressed) >= len(uncompressed)-len(uncompressed)/8 {
+			chunkType = chunkTypeUncompressedData
+			chunkLen = 4 + len(uncompressed)
+			obufEnd = obufHeaderLen
+		}
+
+		// Fill in the per-chunk header that comes before the body.
+		w.obuf[len(magicChunk)+0] = chunkType
+		w.obuf[len(magicChunk)+1] = uint8(chunkLen >> 0)
+		w.obuf[len(magicChunk)+2] = uint8(chunkLen >> 8)
+		w.obuf[len(magicChunk)+3] = uint8(chunkLen >> 16)
+		w.obuf[len(magicChunk)+4] = uint8(checksum >> 0)
+		w.obuf[len(magicChunk)+5] = uint8(checksum >> 8)
+		w.obuf[len(magicChunk)+6] = uint8(checksum >> 16)
+		w.obuf[len(magicChunk)+7] = uint8(checksum >> 24)
+
+		if _, err := w.w.Write(w.obuf[obufStart:obufEnd]); err != nil {
+			w.err = err
+			return nRet, err
+		}
+		if chunkType == chunkTypeUncompressedData {
+			if _, err := w.w.Write(uncompressed); err != nil {
+				w.err = err
+				return nRet, err
+			}
+		}
+		nRet += len(uncompressed)
+	}
+	return nRet, nil
+}
+
+// Flush flushes the Writer to its underlying io.Writer.
+func (w *Writer) Flush() error {
+	if w.err != nil {
+		return w.err
+	}
+	if len(w.ibuf) == 0 {
+		return nil
+	}
+	w.write(w.ibuf)
+	w.ibuf = w.ibuf[:0]
+	return w.err
+}
+
+// Close calls Flush and then closes the Writer.
+func (w *Writer) Close() error {
+	w.Flush()
+	ret := w.err
+	if w.err == nil {
+		w.err = errClosed
+	}
+	return ret
+}
diff --git a/vendor/github.com/klauspost/compress/snappy/encode_amd64.go b/vendor/github.com/klauspost/compress/snappy/encode_amd64.go
new file mode 100644
index 0000000000000..150d91bc8be57
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/encode_amd64.go
@@ -0,0 +1,29 @@
+// Copyright 2016 The Snappy-Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine
+// +build gc
+// +build !noasm
+
+package snappy
+
+// emitLiteral has the same semantics as in encode_other.go.
+//
+//go:noescape
+func emitLiteral(dst, lit []byte) int
+
+// emitCopy has the same semantics as in encode_other.go.
+//
+//go:noescape
+func emitCopy(dst []byte, offset, length int) int
+
+// extendMatch has the same semantics as in encode_other.go.
+//
+//go:noescape
+func extendMatch(src []byte, i, j int) int
+
+// encodeBlock has the same semantics as in encode_other.go.
+//
+//go:noescape
+func encodeBlock(dst, src []byte) (d int)
diff --git a/vendor/github.com/klauspost/compress/snappy/encode_amd64.s b/vendor/github.com/klauspost/compress/snappy/encode_amd64.s
new file mode 100644
index 0000000000000..adfd979fe277a
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/encode_amd64.s
@@ -0,0 +1,730 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine
+// +build gc
+// +build !noasm
+
+#include "textflag.h"
+
+// The XXX lines assemble on Go 1.4, 1.5 and 1.7, but not 1.6, due to a
+// Go toolchain regression. See https://github.com/golang/go/issues/15426 and
+// https://github.com/golang/snappy/issues/29
+//
+// As a workaround, the package was built with a known good assembler, and
+// those instructions were disassembled by "objdump -d" to yield the
+//	4e 0f b7 7c 5c 78       movzwq 0x78(%rsp,%r11,2),%r15
+// style comments, in AT&T asm syntax. Note that rsp here is a physical
+// register, not Go/asm's SP pseudo-register (see https://golang.org/doc/asm).
+// The instructions were then encoded as "BYTE $0x.." sequences, which assemble
+// fine on Go 1.6.
+
+// The asm code generally follows the pure Go code in encode_other.go, except
+// where marked with a "!!!".
+
+// ----------------------------------------------------------------------------
+
+// func emitLiteral(dst, lit []byte) int
+//
+// All local variables fit into registers. The register allocation:
+//	- AX	len(lit)
+//	- BX	n
+//	- DX	return value
+//	- DI	&dst[i]
+//	- R10	&lit[0]
+//
+// The 24 bytes of stack space is to call runtime·memmove.
+//
+// The unusual register allocation of local variables, such as R10 for the
+// source pointer, matches the allocation used at the call site in encodeBlock,
+// which makes it easier to manually inline this function.
+TEXT ·emitLiteral(SB), NOSPLIT, $24-56
+	MOVQ dst_base+0(FP), DI
+	MOVQ lit_base+24(FP), R10
+	MOVQ lit_len+32(FP), AX
+	MOVQ AX, DX
+	MOVL AX, BX
+	SUBL $1, BX
+
+	CMPL BX, $60
+	JLT  oneByte
+	CMPL BX, $256
+	JLT  twoBytes
+
+threeBytes:
+	MOVB $0xf4, 0(DI)
+	MOVW BX, 1(DI)
+	ADDQ $3, DI
+	ADDQ $3, DX
+	JMP  memmove
+
+twoBytes:
+	MOVB $0xf0, 0(DI)
+	MOVB BX, 1(DI)
+	ADDQ $2, DI
+	ADDQ $2, DX
+	JMP  memmove
+
+oneByte:
+	SHLB $2, BX
+	MOVB BX, 0(DI)
+	ADDQ $1, DI
+	ADDQ $1, DX
+
+memmove:
+	MOVQ DX, ret+48(FP)
+
+	// copy(dst[i:], lit)
+	//
+	// This means calling runtime·memmove(&dst[i], &lit[0], len(lit)), so we push
+	// DI, R10 and AX as arguments.
+	MOVQ DI, 0(SP)
+	MOVQ R10, 8(SP)
+	MOVQ AX, 16(SP)
+	CALL runtime·memmove(SB)
+	RET
+
+// ----------------------------------------------------------------------------
+
+// func emitCopy(dst []byte, offset, length int) int
+//
+// All local variables fit into registers. The register allocation:
+//	- AX	length
+//	- SI	&dst[0]
+//	- DI	&dst[i]
+//	- R11	offset
+//
+// The unusual register allocation of local variables, such as R11 for the
+// offset, matches the allocation used at the call site in encodeBlock, which
+// makes it easier to manually inline this function.
+TEXT ·emitCopy(SB), NOSPLIT, $0-48
+	MOVQ dst_base+0(FP), DI
+	MOVQ DI, SI
+	MOVQ offset+24(FP), R11
+	MOVQ length+32(FP), AX
+
+loop0:
+	// for length >= 68 { etc }
+	CMPL AX, $68
+	JLT  step1
+
+	// Emit a length 64 copy, encoded as 3 bytes.
+	MOVB $0xfe, 0(DI)
+	MOVW R11, 1(DI)
+	ADDQ $3, DI
+	SUBL $64, AX
+	JMP  loop0
+
+step1:
+	// if length > 64 { etc }
+	CMPL AX, $64
+	JLE  step2
+
+	// Emit a length 60 copy, encoded as 3 bytes.
+	MOVB $0xee, 0(DI)
+	MOVW R11, 1(DI)
+	ADDQ $3, DI
+	SUBL $60, AX
+
+step2:
+	// if length >= 12 || offset >= 2048 { goto step3 }
+	CMPL AX, $12
+	JGE  step3
+	CMPL R11, $2048
+	JGE  step3
+
+	// Emit the remaining copy, encoded as 2 bytes.
+	MOVB R11, 1(DI)
+	SHRL $8, R11
+	SHLB $5, R11
+	SUBB $4, AX
+	SHLB $2, AX
+	ORB  AX, R11
+	ORB  $1, R11
+	MOVB R11, 0(DI)
+	ADDQ $2, DI
+
+	// Return the number of bytes written.
+	SUBQ SI, DI
+	MOVQ DI, ret+40(FP)
+	RET
+
+step3:
+	// Emit the remaining copy, encoded as 3 bytes.
+	SUBL $1, AX
+	SHLB $2, AX
+	ORB  $2, AX
+	MOVB AX, 0(DI)
+	MOVW R11, 1(DI)
+	ADDQ $3, DI
+
+	// Return the number of bytes written.
+	SUBQ SI, DI
+	MOVQ DI, ret+40(FP)
+	RET
+
+// ----------------------------------------------------------------------------
+
+// func extendMatch(src []byte, i, j int) int
+//
+// All local variables fit into registers. The register allocation:
+//	- DX	&src[0]
+//	- SI	&src[j]
+//	- R13	&src[len(src) - 8]
+//	- R14	&src[len(src)]
+//	- R15	&src[i]
+//
+// The unusual register allocation of local variables, such as R15 for a source
+// pointer, matches the allocation used at the call site in encodeBlock, which
+// makes it easier to manually inline this function.
+TEXT ·extendMatch(SB), NOSPLIT, $0-48
+	MOVQ src_base+0(FP), DX
+	MOVQ src_len+8(FP), R14
+	MOVQ i+24(FP), R15
+	MOVQ j+32(FP), SI
+	ADDQ DX, R14
+	ADDQ DX, R15
+	ADDQ DX, SI
+	MOVQ R14, R13
+	SUBQ $8, R13
+
+cmp8:
+	// As long as we are 8 or more bytes before the end of src, we can load and
+	// compare 8 bytes at a time. If those 8 bytes are equal, repeat.
+	CMPQ SI, R13
+	JA   cmp1
+	MOVQ (R15), AX
+	MOVQ (SI), BX
+	CMPQ AX, BX
+	JNE  bsf
+	ADDQ $8, R15
+	ADDQ $8, SI
+	JMP  cmp8
+
+bsf:
+	// If those 8 bytes were not equal, XOR the two 8 byte values, and return
+	// the index of the first byte that differs. The BSF instruction finds the
+	// least significant 1 bit, the amd64 architecture is little-endian, and
+	// the shift by 3 converts a bit index to a byte index.
+	XORQ AX, BX
+	BSFQ BX, BX
+	SHRQ $3, BX
+	ADDQ BX, SI
+
+	// Convert from &src[ret] to ret.
+	SUBQ DX, SI
+	MOVQ SI, ret+40(FP)
+	RET
+
+cmp1:
+	// In src's tail, compare 1 byte at a time.
+	CMPQ SI, R14
+	JAE  extendMatchEnd
+	MOVB (R15), AX
+	MOVB (SI), BX
+	CMPB AX, BX
+	JNE  extendMatchEnd
+	ADDQ $1, R15
+	ADDQ $1, SI
+	JMP  cmp1
+
+extendMatchEnd:
+	// Convert from &src[ret] to ret.
+	SUBQ DX, SI
+	MOVQ SI, ret+40(FP)
+	RET
+
+// ----------------------------------------------------------------------------
+
+// func encodeBlock(dst, src []byte) (d int)
+//
+// All local variables fit into registers, other than "var table". The register
+// allocation:
+//	- AX	.	.
+//	- BX	.	.
+//	- CX	56	shift (note that amd64 shifts by non-immediates must use CX).
+//	- DX	64	&src[0], tableSize
+//	- SI	72	&src[s]
+//	- DI	80	&dst[d]
+//	- R9	88	sLimit
+//	- R10	.	&src[nextEmit]
+//	- R11	96	prevHash, currHash, nextHash, offset
+//	- R12	104	&src[base], skip
+//	- R13	.	&src[nextS], &src[len(src) - 8]
+//	- R14	.	len(src), bytesBetweenHashLookups, &src[len(src)], x
+//	- R15	112	candidate
+//
+// The second column (56, 64, etc) is the stack offset to spill the registers
+// when calling other functions. We could pack this slightly tighter, but it's
+// simpler to have a dedicated spill map independent of the function called.
+//
+// "var table [maxTableSize]uint16" takes up 32768 bytes of stack space. An
+// extra 56 bytes, to call other functions, and an extra 64 bytes, to spill
+// local variables (registers) during calls gives 32768 + 56 + 64 = 32888.
+TEXT ·encodeBlock(SB), 0, $32888-56
+	MOVQ dst_base+0(FP), DI
+	MOVQ src_base+24(FP), SI
+	MOVQ src_len+32(FP), R14
+
+	// shift, tableSize := uint32(32-8), 1<<8
+	MOVQ $24, CX
+	MOVQ $256, DX
+
+calcShift:
+	// for ; tableSize < maxTableSize && tableSize < len(src); tableSize *= 2 {
+	//	shift--
+	// }
+	CMPQ DX, $16384
+	JGE  varTable
+	CMPQ DX, R14
+	JGE  varTable
+	SUBQ $1, CX
+	SHLQ $1, DX
+	JMP  calcShift
+
+varTable:
+	// var table [maxTableSize]uint16
+	//
+	// In the asm code, unlike the Go code, we can zero-initialize only the
+	// first tableSize elements. Each uint16 element is 2 bytes and each MOVOU
+	// writes 16 bytes, so we can do only tableSize/8 writes instead of the
+	// 2048 writes that would zero-initialize all of table's 32768 bytes.
+	SHRQ $3, DX
+	LEAQ table-32768(SP), BX
+	PXOR X0, X0
+
+memclr:
+	MOVOU X0, 0(BX)
+	ADDQ  $16, BX
+	SUBQ  $1, DX
+	JNZ   memclr
+
+	// !!! DX = &src[0]
+	MOVQ SI, DX
+
+	// sLimit := len(src) - inputMargin
+	MOVQ R14, R9
+	SUBQ $15, R9
+
+	// !!! Pre-emptively spill CX, DX and R9 to the stack. Their values don't
+	// change for the rest of the function.
+	MOVQ CX, 56(SP)
+	MOVQ DX, 64(SP)
+	MOVQ R9, 88(SP)
+
+	// nextEmit := 0
+	MOVQ DX, R10
+
+	// s := 1
+	ADDQ $1, SI
+
+	// nextHash := hash(load32(src, s), shift)
+	MOVL  0(SI), R11
+	IMULL $0x1e35a7bd, R11
+	SHRL  CX, R11
+
+outer:
+	// for { etc }
+
+	// skip := 32
+	MOVQ $32, R12
+
+	// nextS := s
+	MOVQ SI, R13
+
+	// candidate := 0
+	MOVQ $0, R15
+
+inner0:
+	// for { etc }
+
+	// s := nextS
+	MOVQ R13, SI
+
+	// bytesBetweenHashLookups := skip >> 5
+	MOVQ R12, R14
+	SHRQ $5, R14
+
+	// nextS = s + bytesBetweenHashLookups
+	ADDQ R14, R13
+
+	// skip += bytesBetweenHashLookups
+	ADDQ R14, R12
+
+	// if nextS > sLimit { goto emitRemainder }
+	MOVQ R13, AX
+	SUBQ DX, AX
+	CMPQ AX, R9
+	JA   emitRemainder
+
+	// candidate = int(table[nextHash])
+	// XXX: MOVWQZX table-32768(SP)(R11*2), R15
+	// XXX: 4e 0f b7 7c 5c 78       movzwq 0x78(%rsp,%r11,2),%r15
+	BYTE $0x4e
+	BYTE $0x0f
+	BYTE $0xb7
+	BYTE $0x7c
+	BYTE $0x5c
+	BYTE $0x78
+
+	// table[nextHash] = uint16(s)
+	MOVQ SI, AX
+	SUBQ DX, AX
+
+	// XXX: MOVW AX, table-32768(SP)(R11*2)
+	// XXX: 66 42 89 44 5c 78       mov    %ax,0x78(%rsp,%r11,2)
+	BYTE $0x66
+	BYTE $0x42
+	BYTE $0x89
+	BYTE $0x44
+	BYTE $0x5c
+	BYTE $0x78
+
+	// nextHash = hash(load32(src, nextS), shift)
+	MOVL  0(R13), R11
+	IMULL $0x1e35a7bd, R11
+	SHRL  CX, R11
+
+	// if load32(src, s) != load32(src, candidate) { continue } break
+	MOVL 0(SI), AX
+	MOVL (DX)(R15*1), BX
+	CMPL AX, BX
+	JNE  inner0
+
+fourByteMatch:
+	// As per the encode_other.go code:
+	//
+	// A 4-byte match has been found. We'll later see etc.
+
+	// !!! Jump to a fast path for short (<= 16 byte) literals. See the comment
+	// on inputMargin in encode.go.
+	MOVQ SI, AX
+	SUBQ R10, AX
+	CMPQ AX, $16
+	JLE  emitLiteralFastPath
+
+	// ----------------------------------------
+	// Begin inline of the emitLiteral call.
+	//
+	// d += emitLiteral(dst[d:], src[nextEmit:s])
+
+	MOVL AX, BX
+	SUBL $1, BX
+
+	CMPL BX, $60
+	JLT  inlineEmitLiteralOneByte
+	CMPL BX, $256
+	JLT  inlineEmitLiteralTwoBytes
+
+inlineEmitLiteralThreeBytes:
+	MOVB $0xf4, 0(DI)
+	MOVW BX, 1(DI)
+	ADDQ $3, DI
+	JMP  inlineEmitLiteralMemmove
+
+inlineEmitLiteralTwoBytes:
+	MOVB $0xf0, 0(DI)
+	MOVB BX, 1(DI)
+	ADDQ $2, DI
+	JMP  inlineEmitLiteralMemmove
+
+inlineEmitLiteralOneByte:
+	SHLB $2, BX
+	MOVB BX, 0(DI)
+	ADDQ $1, DI
+
+inlineEmitLiteralMemmove:
+	// Spill local variables (registers) onto the stack; call; unspill.
+	//
+	// copy(dst[i:], lit)
+	//
+	// This means calling runtime·memmove(&dst[i], &lit[0], len(lit)), so we push
+	// DI, R10 and AX as arguments.
+	MOVQ DI, 0(SP)
+	MOVQ R10, 8(SP)
+	MOVQ AX, 16(SP)
+	ADDQ AX, DI              // Finish the "d +=" part of "d += emitLiteral(etc)".
+	MOVQ SI, 72(SP)
+	MOVQ DI, 80(SP)
+	MOVQ R15, 112(SP)
+	CALL runtime·memmove(SB)
+	MOVQ 56(SP), CX
+	MOVQ 64(SP), DX
+	MOVQ 72(SP), SI
+	MOVQ 80(SP), DI
+	MOVQ 88(SP), R9
+	MOVQ 112(SP), R15
+	JMP  inner1
+
+inlineEmitLiteralEnd:
+	// End inline of the emitLiteral call.
+	// ----------------------------------------
+
+emitLiteralFastPath:
+	// !!! Emit the 1-byte encoding "uint8(len(lit)-1)<<2".
+	MOVB AX, BX
+	SUBB $1, BX
+	SHLB $2, BX
+	MOVB BX, (DI)
+	ADDQ $1, DI
+
+	// !!! Implement the copy from lit to dst as a 16-byte load and store.
+	// (Encode's documentation says that dst and src must not overlap.)
+	//
+	// This always copies 16 bytes, instead of only len(lit) bytes, but that's
+	// OK. Subsequent iterations will fix up the overrun.
+	//
+	// Note that on amd64, it is legal and cheap to issue unaligned 8-byte or
+	// 16-byte loads and stores. This technique probably wouldn't be as
+	// effective on architectures that are fussier about alignment.
+	MOVOU 0(R10), X0
+	MOVOU X0, 0(DI)
+	ADDQ  AX, DI
+
+inner1:
+	// for { etc }
+
+	// base := s
+	MOVQ SI, R12
+
+	// !!! offset := base - candidate
+	MOVQ R12, R11
+	SUBQ R15, R11
+	SUBQ DX, R11
+
+	// ----------------------------------------
+	// Begin inline of the extendMatch call.
+	//
+	// s = extendMatch(src, candidate+4, s+4)
+
+	// !!! R14 = &src[len(src)]
+	MOVQ src_len+32(FP), R14
+	ADDQ DX, R14
+
+	// !!! R13 = &src[len(src) - 8]
+	MOVQ R14, R13
+	SUBQ $8, R13
+
+	// !!! R15 = &src[candidate + 4]
+	ADDQ $4, R15
+	ADDQ DX, R15
+
+	// !!! s += 4
+	ADDQ $4, SI
+
+inlineExtendMatchCmp8:
+	// As long as we are 8 or more bytes before the end of src, we can load and
+	// compare 8 bytes at a time. If those 8 bytes are equal, repeat.
+	CMPQ SI, R13
+	JA   inlineExtendMatchCmp1
+	MOVQ (R15), AX
+	MOVQ (SI), BX
+	CMPQ AX, BX
+	JNE  inlineExtendMatchBSF
+	ADDQ $8, R15
+	ADDQ $8, SI
+	JMP  inlineExtendMatchCmp8
+
+inlineExtendMatchBSF:
+	// If those 8 bytes were not equal, XOR the two 8 byte values, and return
+	// the index of the first byte that differs. The BSF instruction finds the
+	// least significant 1 bit, the amd64 architecture is little-endian, and
+	// the shift by 3 converts a bit index to a byte index.
+	XORQ AX, BX
+	BSFQ BX, BX
+	SHRQ $3, BX
+	ADDQ BX, SI
+	JMP  inlineExtendMatchEnd
+
+inlineExtendMatchCmp1:
+	// In src's tail, compare 1 byte at a time.
+	CMPQ SI, R14
+	JAE  inlineExtendMatchEnd
+	MOVB (R15), AX
+	MOVB (SI), BX
+	CMPB AX, BX
+	JNE  inlineExtendMatchEnd
+	ADDQ $1, R15
+	ADDQ $1, SI
+	JMP  inlineExtendMatchCmp1
+
+inlineExtendMatchEnd:
+	// End inline of the extendMatch call.
+	// ----------------------------------------
+
+	// ----------------------------------------
+	// Begin inline of the emitCopy call.
+	//
+	// d += emitCopy(dst[d:], base-candidate, s-base)
+
+	// !!! length := s - base
+	MOVQ SI, AX
+	SUBQ R12, AX
+
+inlineEmitCopyLoop0:
+	// for length >= 68 { etc }
+	CMPL AX, $68
+	JLT  inlineEmitCopyStep1
+
+	// Emit a length 64 copy, encoded as 3 bytes.
+	MOVB $0xfe, 0(DI)
+	MOVW R11, 1(DI)
+	ADDQ $3, DI
+	SUBL $64, AX
+	JMP  inlineEmitCopyLoop0
+
+inlineEmitCopyStep1:
+	// if length > 64 { etc }
+	CMPL AX, $64
+	JLE  inlineEmitCopyStep2
+
+	// Emit a length 60 copy, encoded as 3 bytes.
+	MOVB $0xee, 0(DI)
+	MOVW R11, 1(DI)
+	ADDQ $3, DI
+	SUBL $60, AX
+
+inlineEmitCopyStep2:
+	// if length >= 12 || offset >= 2048 { goto inlineEmitCopyStep3 }
+	CMPL AX, $12
+	JGE  inlineEmitCopyStep3
+	CMPL R11, $2048
+	JGE  inlineEmitCopyStep3
+
+	// Emit the remaining copy, encoded as 2 bytes.
+	MOVB R11, 1(DI)
+	SHRL $8, R11
+	SHLB $5, R11
+	SUBB $4, AX
+	SHLB $2, AX
+	ORB  AX, R11
+	ORB  $1, R11
+	MOVB R11, 0(DI)
+	ADDQ $2, DI
+	JMP  inlineEmitCopyEnd
+
+inlineEmitCopyStep3:
+	// Emit the remaining copy, encoded as 3 bytes.
+	SUBL $1, AX
+	SHLB $2, AX
+	ORB  $2, AX
+	MOVB AX, 0(DI)
+	MOVW R11, 1(DI)
+	ADDQ $3, DI
+
+inlineEmitCopyEnd:
+	// End inline of the emitCopy call.
+	// ----------------------------------------
+
+	// nextEmit = s
+	MOVQ SI, R10
+
+	// if s >= sLimit { goto emitRemainder }
+	MOVQ SI, AX
+	SUBQ DX, AX
+	CMPQ AX, R9
+	JAE  emitRemainder
+
+	// As per the encode_other.go code:
+	//
+	// We could immediately etc.
+
+	// x := load64(src, s-1)
+	MOVQ -1(SI), R14
+
+	// prevHash := hash(uint32(x>>0), shift)
+	MOVL  R14, R11
+	IMULL $0x1e35a7bd, R11
+	SHRL  CX, R11
+
+	// table[prevHash] = uint16(s-1)
+	MOVQ SI, AX
+	SUBQ DX, AX
+	SUBQ $1, AX
+
+	// XXX: MOVW AX, table-32768(SP)(R11*2)
+	// XXX: 66 42 89 44 5c 78       mov    %ax,0x78(%rsp,%r11,2)
+	BYTE $0x66
+	BYTE $0x42
+	BYTE $0x89
+	BYTE $0x44
+	BYTE $0x5c
+	BYTE $0x78
+
+	// currHash := hash(uint32(x>>8), shift)
+	SHRQ  $8, R14
+	MOVL  R14, R11
+	IMULL $0x1e35a7bd, R11
+	SHRL  CX, R11
+
+	// candidate = int(table[currHash])
+	// XXX: MOVWQZX table-32768(SP)(R11*2), R15
+	// XXX: 4e 0f b7 7c 5c 78       movzwq 0x78(%rsp,%r11,2),%r15
+	BYTE $0x4e
+	BYTE $0x0f
+	BYTE $0xb7
+	BYTE $0x7c
+	BYTE $0x5c
+	BYTE $0x78
+
+	// table[currHash] = uint16(s)
+	ADDQ $1, AX
+
+	// XXX: MOVW AX, table-32768(SP)(R11*2)
+	// XXX: 66 42 89 44 5c 78       mov    %ax,0x78(%rsp,%r11,2)
+	BYTE $0x66
+	BYTE $0x42
+	BYTE $0x89
+	BYTE $0x44
+	BYTE $0x5c
+	BYTE $0x78
+
+	// if uint32(x>>8) == load32(src, candidate) { continue }
+	MOVL (DX)(R15*1), BX
+	CMPL R14, BX
+	JEQ  inner1
+
+	// nextHash = hash(uint32(x>>16), shift)
+	SHRQ  $8, R14
+	MOVL  R14, R11
+	IMULL $0x1e35a7bd, R11
+	SHRL  CX, R11
+
+	// s++
+	ADDQ $1, SI
+
+	// break out of the inner1 for loop, i.e. continue the outer loop.
+	JMP outer
+
+emitRemainder:
+	// if nextEmit < len(src) { etc }
+	MOVQ src_len+32(FP), AX
+	ADDQ DX, AX
+	CMPQ R10, AX
+	JEQ  encodeBlockEnd
+
+	// d += emitLiteral(dst[d:], src[nextEmit:])
+	//
+	// Push args.
+	MOVQ DI, 0(SP)
+	MOVQ $0, 8(SP)   // Unnecessary, as the callee ignores it, but conservative.
+	MOVQ $0, 16(SP)  // Unnecessary, as the callee ignores it, but conservative.
+	MOVQ R10, 24(SP)
+	SUBQ R10, AX
+	MOVQ AX, 32(SP)
+	MOVQ AX, 40(SP)  // Unnecessary, as the callee ignores it, but conservative.
+
+	// Spill local variables (registers) onto the stack; call; unspill.
+	MOVQ DI, 80(SP)
+	CALL ·emitLiteral(SB)
+	MOVQ 80(SP), DI
+
+	// Finish the "d +=" part of "d += emitLiteral(etc)".
+	ADDQ 48(SP), DI
+
+encodeBlockEnd:
+	MOVQ dst_base+0(FP), AX
+	SUBQ AX, DI
+	MOVQ DI, d+48(FP)
+	RET
diff --git a/vendor/github.com/klauspost/compress/snappy/encode_other.go b/vendor/github.com/klauspost/compress/snappy/encode_other.go
new file mode 100644
index 0000000000000..dbcae905e6e04
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/encode_other.go
@@ -0,0 +1,238 @@
+// Copyright 2016 The Snappy-Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 appengine !gc noasm
+
+package snappy
+
+func load32(b []byte, i int) uint32 {
+	b = b[i : i+4 : len(b)] // Help the compiler eliminate bounds checks on the next line.
+	return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+}
+
+func load64(b []byte, i int) uint64 {
+	b = b[i : i+8 : len(b)] // Help the compiler eliminate bounds checks on the next line.
+	return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+		uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+}
+
+// emitLiteral writes a literal chunk and returns the number of bytes written.
+//
+// It assumes that:
+//	dst is long enough to hold the encoded bytes
+//	1 <= len(lit) && len(lit) <= 65536
+func emitLiteral(dst, lit []byte) int {
+	i, n := 0, uint(len(lit)-1)
+	switch {
+	case n < 60:
+		dst[0] = uint8(n)<<2 | tagLiteral
+		i = 1
+	case n < 1<<8:
+		dst[0] = 60<<2 | tagLiteral
+		dst[1] = uint8(n)
+		i = 2
+	default:
+		dst[0] = 61<<2 | tagLiteral
+		dst[1] = uint8(n)
+		dst[2] = uint8(n >> 8)
+		i = 3
+	}
+	return i + copy(dst[i:], lit)
+}
+
+// emitCopy writes a copy chunk and returns the number of bytes written.
+//
+// It assumes that:
+//	dst is long enough to hold the encoded bytes
+//	1 <= offset && offset <= 65535
+//	4 <= length && length <= 65535
+func emitCopy(dst []byte, offset, length int) int {
+	i := 0
+	// The maximum length for a single tagCopy1 or tagCopy2 op is 64 bytes. The
+	// threshold for this loop is a little higher (at 68 = 64 + 4), and the
+	// length emitted down below is is a little lower (at 60 = 64 - 4), because
+	// it's shorter to encode a length 67 copy as a length 60 tagCopy2 followed
+	// by a length 7 tagCopy1 (which encodes as 3+2 bytes) than to encode it as
+	// a length 64 tagCopy2 followed by a length 3 tagCopy2 (which encodes as
+	// 3+3 bytes). The magic 4 in the 64±4 is because the minimum length for a
+	// tagCopy1 op is 4 bytes, which is why a length 3 copy has to be an
+	// encodes-as-3-bytes tagCopy2 instead of an encodes-as-2-bytes tagCopy1.
+	for length >= 68 {
+		// Emit a length 64 copy, encoded as 3 bytes.
+		dst[i+0] = 63<<2 | tagCopy2
+		dst[i+1] = uint8(offset)
+		dst[i+2] = uint8(offset >> 8)
+		i += 3
+		length -= 64
+	}
+	if length > 64 {
+		// Emit a length 60 copy, encoded as 3 bytes.
+		dst[i+0] = 59<<2 | tagCopy2
+		dst[i+1] = uint8(offset)
+		dst[i+2] = uint8(offset >> 8)
+		i += 3
+		length -= 60
+	}
+	if length >= 12 || offset >= 2048 {
+		// Emit the remaining copy, encoded as 3 bytes.
+		dst[i+0] = uint8(length-1)<<2 | tagCopy2
+		dst[i+1] = uint8(offset)
+		dst[i+2] = uint8(offset >> 8)
+		return i + 3
+	}
+	// Emit the remaining copy, encoded as 2 bytes.
+	dst[i+0] = uint8(offset>>8)<<5 | uint8(length-4)<<2 | tagCopy1
+	dst[i+1] = uint8(offset)
+	return i + 2
+}
+
+// extendMatch returns the largest k such that k <= len(src) and that
+// src[i:i+k-j] and src[j:k] have the same contents.
+//
+// It assumes that:
+//	0 <= i && i < j && j <= len(src)
+func extendMatch(src []byte, i, j int) int {
+	for ; j < len(src) && src[i] == src[j]; i, j = i+1, j+1 {
+	}
+	return j
+}
+
+func hash(u, shift uint32) uint32 {
+	return (u * 0x1e35a7bd) >> shift
+}
+
+// encodeBlock encodes a non-empty src to a guaranteed-large-enough dst. It
+// assumes that the varint-encoded length of the decompressed bytes has already
+// been written.
+//
+// It also assumes that:
+//	len(dst) >= MaxEncodedLen(len(src)) &&
+// 	minNonLiteralBlockSize <= len(src) && len(src) <= maxBlockSize
+func encodeBlock(dst, src []byte) (d int) {
+	// Initialize the hash table. Its size ranges from 1<<8 to 1<<14 inclusive.
+	// The table element type is uint16, as s < sLimit and sLimit < len(src)
+	// and len(src) <= maxBlockSize and maxBlockSize == 65536.
+	const (
+		maxTableSize = 1 << 14
+		// tableMask is redundant, but helps the compiler eliminate bounds
+		// checks.
+		tableMask = maxTableSize - 1
+	)
+	shift := uint32(32 - 8)
+	for tableSize := 1 << 8; tableSize < maxTableSize && tableSize < len(src); tableSize *= 2 {
+		shift--
+	}
+	// In Go, all array elements are zero-initialized, so there is no advantage
+	// to a smaller tableSize per se. However, it matches the C++ algorithm,
+	// and in the asm versions of this code, we can get away with zeroing only
+	// the first tableSize elements.
+	var table [maxTableSize]uint16
+
+	// sLimit is when to stop looking for offset/length copies. The inputMargin
+	// lets us use a fast path for emitLiteral in the main loop, while we are
+	// looking for copies.
+	sLimit := len(src) - inputMargin
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := 0
+
+	// The encoded form must start with a literal, as there are no previous
+	// bytes to copy, so we start looking for hash matches at s == 1.
+	s := 1
+	nextHash := hash(load32(src, s), shift)
+
+	for {
+		// Copied from the C++ snappy implementation:
+		//
+		// Heuristic match skipping: If 32 bytes are scanned with no matches
+		// found, start looking only at every other byte. If 32 more bytes are
+		// scanned (or skipped), look at every third byte, etc.. When a match
+		// is found, immediately go back to looking at every byte. This is a
+		// small loss (~5% performance, ~0.1% density) for compressible data
+		// due to more bookkeeping, but for non-compressible data (such as
+		// JPEG) it's a huge win since the compressor quickly "realizes" the
+		// data is incompressible and doesn't bother looking for matches
+		// everywhere.
+		//
+		// The "skip" variable keeps track of how many bytes there are since
+		// the last match; dividing it by 32 (ie. right-shifting by five) gives
+		// the number of bytes to move ahead for each iteration.
+		skip := 32
+
+		nextS := s
+		candidate := 0
+		for {
+			s = nextS
+			bytesBetweenHashLookups := skip >> 5
+			nextS = s + bytesBetweenHashLookups
+			skip += bytesBetweenHashLookups
+			if nextS > sLimit {
+				goto emitRemainder
+			}
+			candidate = int(table[nextHash&tableMask])
+			table[nextHash&tableMask] = uint16(s)
+			nextHash = hash(load32(src, nextS), shift)
+			if load32(src, s) == load32(src, candidate) {
+				break
+			}
+		}
+
+		// A 4-byte match has been found. We'll later see if more than 4 bytes
+		// match. But, prior to the match, src[nextEmit:s] are unmatched. Emit
+		// them as literal bytes.
+		d += emitLiteral(dst[d:], src[nextEmit:s])
+
+		// Call emitCopy, and then see if another emitCopy could be our next
+		// move. Repeat until we find no match for the input immediately after
+		// what was consumed by the last emitCopy call.
+		//
+		// If we exit this loop normally then we need to call emitLiteral next,
+		// though we don't yet know how big the literal will be. We handle that
+		// by proceeding to the next iteration of the main loop. We also can
+		// exit this loop via goto if we get close to exhausting the input.
+		for {
+			// Invariant: we have a 4-byte match at s, and no need to emit any
+			// literal bytes prior to s.
+			base := s
+
+			// Extend the 4-byte match as long as possible.
+			//
+			// This is an inlined version of:
+			//	s = extendMatch(src, candidate+4, s+4)
+			s += 4
+			for i := candidate + 4; s < len(src) && src[i] == src[s]; i, s = i+1, s+1 {
+			}
+
+			d += emitCopy(dst[d:], base-candidate, s-base)
+			nextEmit = s
+			if s >= sLimit {
+				goto emitRemainder
+			}
+
+			// We could immediately start working at s now, but to improve
+			// compression we first update the hash table at s-1 and at s. If
+			// another emitCopy is not our next move, also calculate nextHash
+			// at s+1. At least on GOARCH=amd64, these three hash calculations
+			// are faster as one load64 call (with some shifts) instead of
+			// three load32 calls.
+			x := load64(src, s-1)
+			prevHash := hash(uint32(x>>0), shift)
+			table[prevHash&tableMask] = uint16(s - 1)
+			currHash := hash(uint32(x>>8), shift)
+			candidate = int(table[currHash&tableMask])
+			table[currHash&tableMask] = uint16(s)
+			if uint32(x>>8) != load32(src, candidate) {
+				nextHash = hash(uint32(x>>16), shift)
+				s++
+				break
+			}
+		}
+	}
+
+emitRemainder:
+	if nextEmit < len(src) {
+		d += emitLiteral(dst[d:], src[nextEmit:])
+	}
+	return d
+}
diff --git a/vendor/github.com/klauspost/compress/snappy/snappy.go b/vendor/github.com/klauspost/compress/snappy/snappy.go
new file mode 100644
index 0000000000000..ea58ced882468
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/snappy/snappy.go
@@ -0,0 +1,98 @@
+// Copyright 2011 The Snappy-Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package snappy implements the Snappy compression format. It aims for very
+// high speeds and reasonable compression.
+//
+// There are actually two Snappy formats: block and stream. They are related,
+// but different: trying to decompress block-compressed data as a Snappy stream
+// will fail, and vice versa. The block format is the Decode and Encode
+// functions and the stream format is the Reader and Writer types.
+//
+// The block format, the more common case, is used when the complete size (the
+// number of bytes) of the original data is known upfront, at the time
+// compression starts. The stream format, also known as the framing format, is
+// for when that isn't always true.
+//
+// The canonical, C++ implementation is at https://github.com/google/snappy and
+// it only implements the block format.
+package snappy
+
+import (
+	"hash/crc32"
+)
+
+/*
+Each encoded block begins with the varint-encoded length of the decoded data,
+followed by a sequence of chunks. Chunks begin and end on byte boundaries. The
+first byte of each chunk is broken into its 2 least and 6 most significant bits
+called l and m: l ranges in [0, 4) and m ranges in [0, 64). l is the chunk tag.
+Zero means a literal tag. All other values mean a copy tag.
+
+For literal tags:
+  - If m < 60, the next 1 + m bytes are literal bytes.
+  - Otherwise, let n be the little-endian unsigned integer denoted by the next
+    m - 59 bytes. The next 1 + n bytes after that are literal bytes.
+
+For copy tags, length bytes are copied from offset bytes ago, in the style of
+Lempel-Ziv compression algorithms. In particular:
+  - For l == 1, the offset ranges in [0, 1<<11) and the length in [4, 12).
+    The length is 4 + the low 3 bits of m. The high 3 bits of m form bits 8-10
+    of the offset. The next byte is bits 0-7 of the offset.
+  - For l == 2, the offset ranges in [0, 1<<16) and the length in [1, 65).
+    The length is 1 + m. The offset is the little-endian unsigned integer
+    denoted by the next 2 bytes.
+  - For l == 3, this tag is a legacy format that is no longer issued by most
+    encoders. Nonetheless, the offset ranges in [0, 1<<32) and the length in
+    [1, 65). The length is 1 + m. The offset is the little-endian unsigned
+    integer denoted by the next 4 bytes.
+*/
+const (
+	tagLiteral = 0x00
+	tagCopy1   = 0x01
+	tagCopy2   = 0x02
+	tagCopy4   = 0x03
+)
+
+const (
+	checksumSize    = 4
+	chunkHeaderSize = 4
+	magicChunk      = "\xff\x06\x00\x00" + magicBody
+	magicBody       = "sNaPpY"
+
+	// maxBlockSize is the maximum size of the input to encodeBlock. It is not
+	// part of the wire format per se, but some parts of the encoder assume
+	// that an offset fits into a uint16.
+	//
+	// Also, for the framing format (Writer type instead of Encode function),
+	// https://github.com/google/snappy/blob/master/framing_format.txt says
+	// that "the uncompressed data in a chunk must be no longer than 65536
+	// bytes".
+	maxBlockSize = 65536
+
+	// maxEncodedLenOfMaxBlockSize equals MaxEncodedLen(maxBlockSize), but is
+	// hard coded to be a const instead of a variable, so that obufLen can also
+	// be a const. Their equivalence is confirmed by
+	// TestMaxEncodedLenOfMaxBlockSize.
+	maxEncodedLenOfMaxBlockSize = 76490
+
+	obufHeaderLen = len(magicChunk) + checksumSize + chunkHeaderSize
+	obufLen       = obufHeaderLen + maxEncodedLenOfMaxBlockSize
+)
+
+const (
+	chunkTypeCompressedData   = 0x00
+	chunkTypeUncompressedData = 0x01
+	chunkTypePadding          = 0xfe
+	chunkTypeStreamIdentifier = 0xff
+)
+
+var crcTable = crc32.MakeTable(crc32.Castagnoli)
+
+// crc implements the checksum specified in section 3 of
+// https://github.com/google/snappy/blob/master/framing_format.txt
+func crc(b []byte) uint32 {
+	c := crc32.Update(0, crcTable, b)
+	return c>>15 | c<<17 + 0xa282ead8
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/README.md b/vendor/github.com/klauspost/compress/zstd/README.md
new file mode 100644
index 0000000000000..7680bfe1dd6c9
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/README.md
@@ -0,0 +1,417 @@
+# zstd 
+
+[Zstandard](https://facebook.github.io/zstd/) is a real-time compression algorithm, providing high compression ratios. 
+It offers a very wide range of compression / speed trade-off, while being backed by a very fast decoder.
+A high performance compression algorithm is implemented. For now focused on speed. 
+
+This package provides [compression](#Compressor) to and [decompression](#Decompressor) of Zstandard content. 
+
+This package is pure Go and without use of "unsafe". 
+
+The `zstd` package is provided as open source software using a Go standard license.
+
+Currently the package is heavily optimized for 64 bit processors and will be significantly slower on 32 bit processors.
+
+## Installation
+
+Install using `go get -u github.com/klauspost/compress`. The package is located in `github.com/klauspost/compress/zstd`.
+
+Godoc Documentation: https://godoc.org/github.com/klauspost/compress/zstd
+
+
+## Compressor
+
+### Status: 
+
+STABLE - there may always be subtle bugs, a wide variety of content has been tested and the library is actively 
+used by several projects. This library is being [fuzz-tested](https://github.com/klauspost/compress-fuzz) for all updates.
+
+There may still be specific combinations of data types/size/settings that could lead to edge cases, 
+so as always, testing is recommended.  
+
+For now, a high speed (fastest) and medium-fast (default) compressor has been implemented. 
+
+* The "Fastest" compression ratio is roughly equivalent to zstd level 1. 
+* The "Default" compression ratio is roughly equivalent to zstd level 3 (default).
+* The "Better" compression ratio is roughly equivalent to zstd level 7.
+* The "Best" compression ratio is roughly equivalent to zstd level 11.
+
+In terms of speed, it is typically 2x as fast as the stdlib deflate/gzip in its fastest mode. 
+The compression ratio compared to stdlib is around level 3, but usually 3x as fast.
+
+ 
+### Usage
+
+An Encoder can be used for either compressing a stream via the
+`io.WriteCloser` interface supported by the Encoder or as multiple independent
+tasks via the `EncodeAll` function.
+Smaller encodes are encouraged to use the EncodeAll function.
+Use `NewWriter` to create a new instance that can be used for both.
+
+To create a writer with default options, do like this:
+
+```Go
+// Compress input to output.
+func Compress(in io.Reader, out io.Writer) error {
+    enc, err := zstd.NewWriter(out)
+    if err != nil {
+        return err
+    }
+    _, err = io.Copy(enc, in)
+    if err != nil {
+        enc.Close()
+        return err
+    }
+    return enc.Close()
+}
+```
+
+Now you can encode by writing data to `enc`. The output will be finished writing when `Close()` is called.
+Even if your encode fails, you should still call `Close()` to release any resources that may be held up.  
+
+The above is fine for big encodes. However, whenever possible try to *reuse* the writer.
+
+To reuse the encoder, you can use the `Reset(io.Writer)` function to change to another output. 
+This will allow the encoder to reuse all resources and avoid wasteful allocations. 
+
+Currently stream encoding has 'light' concurrency, meaning up to 2 goroutines can be working on part 
+of a stream. This is independent of the `WithEncoderConcurrency(n)`, but that is likely to change 
+in the future. So if you want to limit concurrency for future updates, specify the concurrency
+you would like.
+
+You can specify your desired compression level using `WithEncoderLevel()` option. Currently only pre-defined 
+compression settings can be specified.
+
+#### Future Compatibility Guarantees
+
+This will be an evolving project. When using this package it is important to note that both the compression efficiency and speed may change.
+
+The goal will be to keep the default efficiency at the default zstd (level 3). 
+However the encoding should never be assumed to remain the same, 
+and you should not use hashes of compressed output for similarity checks.
+
+The Encoder can be assumed to produce the same output from the exact same code version.
+However, the may be modes in the future that break this, 
+although they will not be enabled without an explicit option.   
+
+This encoder is not designed to (and will probably never) output the exact same bitstream as the reference encoder.
+
+Also note, that the cgo decompressor currently does not [report all errors on invalid input](https://github.com/DataDog/zstd/issues/59),
+[omits error checks](https://github.com/DataDog/zstd/issues/61), [ignores checksums](https://github.com/DataDog/zstd/issues/43) 
+and seems to ignore concatenated streams, even though [it is part of the spec](https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#frames).
+
+#### Blocks
+
+For compressing small blocks, the returned encoder has a function called `EncodeAll(src, dst []byte) []byte`.
+
+`EncodeAll` will encode all input in src and append it to dst.
+This function can be called concurrently, but each call will only run on a single goroutine.
+
+Encoded blocks can be concatenated and the result will be the combined input stream.
+Data compressed with EncodeAll can be decoded with the Decoder, using either a stream or `DecodeAll`.
+
+Especially when encoding blocks you should take special care to reuse the encoder. 
+This will effectively make it run without allocations after a warmup period. 
+To make it run completely without allocations, supply a destination buffer with space for all content.   
+
+```Go
+import "github.com/klauspost/compress/zstd"
+
+// Create a writer that caches compressors.
+// For this operation type we supply a nil Reader.
+var encoder, _ = zstd.NewWriter(nil)
+
+// Compress a buffer. 
+// If you have a destination buffer, the allocation in the call can also be eliminated.
+func Compress(src []byte) []byte {
+    return encoder.EncodeAll(src, make([]byte, 0, len(src)))
+} 
+```
+
+You can control the maximum number of concurrent encodes using the `WithEncoderConcurrency(n)` 
+option when creating the writer.
+
+Using the Encoder for both a stream and individual blocks concurrently is safe. 
+
+### Performance
+
+I have collected some speed examples to compare speed and compression against other compressors.
+
+* `file` is the input file.
+* `out` is the compressor used. `zskp` is this package. `zstd` is the Datadog cgo library. `gzstd/gzkp` is gzip standard and this library.
+* `level` is the compression level used. For `zskp` level 1 is "fastest", level 2 is "default"; 3 is "better", 4 is "best".
+* `insize`/`outsize` is the input/output size.
+* `millis` is the number of milliseconds used for compression.
+* `mb/s` is megabytes (2^20 bytes) per second.
+
+```
+Silesia Corpus:
+http://sun.aei.polsl.pl/~sdeor/corpus/silesia.zip
+
+This package:
+file    out     level   insize      outsize     millis  mb/s
+silesia.tar zskp    1   211947520   73101992    643     313.87
+silesia.tar zskp    2   211947520   67504318    969     208.38
+silesia.tar zskp    3   211947520   65177448    1899    106.44
+silesia.tar zskp    4   211947520   61381950    8115    24.91
+
+cgo zstd:
+silesia.tar zstd    1   211947520   73605392    543     371.56
+silesia.tar zstd    3   211947520   66793289    864     233.68
+silesia.tar zstd    6   211947520   62916450    1913    105.66
+silesia.tar zstd    9   211947520   60212393    5063    39.92
+
+gzip, stdlib/this package:
+silesia.tar gzstd   1   211947520   80007735    1654    122.21
+silesia.tar gzkp    1   211947520   80369488    1168    173.06
+
+GOB stream of binary data. Highly compressible.
+https://files.klauspost.com/compress/gob-stream.7z
+
+file        out     level   insize  outsize     millis  mb/s
+gob-stream  zskp    1   1911399616  235022249   3088    590.30
+gob-stream  zskp    2   1911399616  205669791   3786    481.34
+gob-stream  zskp    3   1911399616  185792019   9324    195.48
+gob-stream  zskp    4   1911399616  171537212   32113   56.76
+gob-stream  zstd    1   1911399616  249810424   2637    691.26
+gob-stream  zstd    3   1911399616  208192146   3490    522.31
+gob-stream  zstd    6   1911399616  193632038   6687    272.56
+gob-stream  zstd    9   1911399616  177620386   16175   112.70
+gob-stream  gzstd   1   1911399616  357382641   10251   177.82
+gob-stream  gzkp    1   1911399616  362156523   5695    320.08
+
+The test data for the Large Text Compression Benchmark is the first
+10^9 bytes of the English Wikipedia dump on Mar. 3, 2006.
+http://mattmahoney.net/dc/textdata.html
+
+file    out level   insize      outsize     millis  mb/s
+enwik9  zskp    1   1000000000  343848582   3609    264.18
+enwik9  zskp    2   1000000000  317276632   5746    165.97
+enwik9  zskp    3   1000000000  294540704   11725   81.34
+enwik9  zskp    4   1000000000  276609671   44029   21.66
+enwik9  zstd    1   1000000000  358072021   3110    306.65
+enwik9  zstd    3   1000000000  313734672   4784    199.35
+enwik9  zstd    6   1000000000  295138875   10290   92.68
+enwik9  zstd    9   1000000000  278348700   28549   33.40
+enwik9  gzstd   1   1000000000  382578136   9604    99.30
+enwik9  gzkp    1   1000000000  383825945   6544    145.73
+
+Highly compressible JSON file.
+https://files.klauspost.com/compress/github-june-2days-2019.json.zst
+
+file                        out level   insize      outsize     millis  mb/s
+github-june-2days-2019.json zskp    1   6273951764  699045015   10620   563.40
+github-june-2days-2019.json zskp    2   6273951764  617881763   11687   511.96
+github-june-2days-2019.json zskp    3   6273951764  537511906   29252   204.54
+github-june-2days-2019.json zskp    4   6273951764  512796117   97791   61.18
+github-june-2days-2019.json zstd    1   6273951764  766284037   8450    708.00
+github-june-2days-2019.json zstd    3   6273951764  661889476   10927   547.57
+github-june-2days-2019.json zstd    6   6273951764  642756859   22996   260.18
+github-june-2days-2019.json zstd    9   6273951764  601974523   52413   114.16
+github-june-2days-2019.json gzstd   1   6273951764  1164400847  29948   199.79
+github-june-2days-2019.json gzkp    1   6273951764  1128755542  19236   311.03
+
+VM Image, Linux mint with a few installed applications:
+https://files.klauspost.com/compress/rawstudio-mint14.7z
+
+file                    out level   insize      outsize     millis  mb/s
+rawstudio-mint14.tar    zskp    1   8558382592  3667489370  20210   403.84
+rawstudio-mint14.tar    zskp    2   8558382592  3364592300  31873   256.07
+rawstudio-mint14.tar    zskp    3   8558382592  3224594213  71751   113.75
+rawstudio-mint14.tar    zskp    4   8558382592  3027332295  486243  16.79
+rawstudio-mint14.tar    zstd    1   8558382592  3609250104  17136   476.27
+rawstudio-mint14.tar    zstd    3   8558382592  3341679997  29262   278.92
+rawstudio-mint14.tar    zstd    6   8558382592  3235846406  77904   104.77
+rawstudio-mint14.tar    zstd    9   8558382592  3160778861  140946  57.91
+rawstudio-mint14.tar    gzstd   1   8558382592  3926257486  57722   141.40
+rawstudio-mint14.tar    gzkp    1   8558382592  3970463184  41749   195.49
+
+CSV data:
+https://files.klauspost.com/compress/nyc-taxi-data-10M.csv.zst
+
+file                    out level   insize      outsize     millis  mb/s
+nyc-taxi-data-10M.csv   zskp    1   3325605752  641339945   8925    355.35
+nyc-taxi-data-10M.csv   zskp    2   3325605752  591748091   11268   281.44
+nyc-taxi-data-10M.csv   zskp    3   3325605752  538490114   19880   159.53
+nyc-taxi-data-10M.csv   zskp    4   3325605752  495986829   89368   35.49
+nyc-taxi-data-10M.csv   zstd    1   3325605752  687399637   8233    385.18
+nyc-taxi-data-10M.csv   zstd    3   3325605752  598514411   10065   315.07
+nyc-taxi-data-10M.csv   zstd    6   3325605752  570522953   20038   158.27
+nyc-taxi-data-10M.csv   zstd    9   3325605752  517554797   64565   49.12
+nyc-taxi-data-10M.csv   gzstd   1   3325605752  928656485   23876   132.83
+nyc-taxi-data-10M.csv   gzkp    1   3325605752  924718719   16388   193.53
+```
+
+## Decompressor
+
+Staus: STABLE - there may still be subtle bugs, but a wide variety of content has been tested.
+
+This library is being continuously [fuzz-tested](https://github.com/klauspost/compress-fuzz),
+kindly supplied by [fuzzit.dev](https://fuzzit.dev/). 
+The main purpose of the fuzz testing is to ensure that it is not possible to crash the decoder, 
+or run it past its limits with ANY input provided.  
+ 
+### Usage
+
+The package has been designed for two main usages, big streams of data and smaller in-memory buffers. 
+There are two main usages of the package for these. Both of them are accessed by creating a `Decoder`.
+
+For streaming use a simple setup could look like this:
+
+```Go
+import "github.com/klauspost/compress/zstd"
+
+func Decompress(in io.Reader, out io.Writer) error {
+    d, err := zstd.NewReader(in)
+    if err != nil {
+        return err
+    }
+    defer d.Close()
+    
+    // Copy content...
+    _, err = io.Copy(out, d)
+    return err
+}
+```
+
+It is important to use the "Close" function when you no longer need the Reader to stop running goroutines. 
+See "Allocation-less operation" below.
+
+For decoding buffers, it could look something like this:
+
+```Go
+import "github.com/klauspost/compress/zstd"
+
+// Create a reader that caches decompressors.
+// For this operation type we supply a nil Reader.
+var decoder, _ = zstd.NewReader(nil)
+
+// Decompress a buffer. We don't supply a destination buffer,
+// so it will be allocated by the decoder.
+func Decompress(src []byte) ([]byte, error) {
+    return decoder.DecodeAll(src, nil)
+} 
+```
+
+Both of these cases should provide the functionality needed. 
+The decoder can be used for *concurrent* decompression of multiple buffers. 
+It will only allow a certain number of concurrent operations to run. 
+To tweak that yourself use the `WithDecoderConcurrency(n)` option when creating the decoder.   
+
+### Dictionaries
+
+Data compressed with [dictionaries](https://github.com/facebook/zstd#the-case-for-small-data-compression) can be decompressed.
+
+Dictionaries are added individually to Decoders.
+Dictionaries are generated by the `zstd --train` command and contains an initial state for the decoder.
+To add a dictionary use the `WithDecoderDicts(dicts ...[]byte)` option with the dictionary data.
+Several dictionaries can be added at once.
+
+The dictionary will be used automatically for the data that specifies them.
+A re-used Decoder will still contain the dictionaries registered.
+
+When registering multiple dictionaries with the same ID, the last one will be used.
+
+It is possible to use dictionaries when compressing data.
+
+To enable a dictionary use `WithEncoderDict(dict []byte)`. Here only one dictionary will be used 
+and it will likely be used even if it doesn't improve compression. 
+
+The used dictionary must be used to decompress the content.
+
+For any real gains, the dictionary should be built with similar data. 
+If an unsuitable dictionary is used the output may be slightly larger than using no dictionary.
+Use the [zstd commandline tool](https://github.com/facebook/zstd/releases) to build a dictionary from sample data.
+For information see [zstd dictionary information](https://github.com/facebook/zstd#the-case-for-small-data-compression). 
+
+For now there is a fixed startup performance penalty for compressing content with dictionaries. 
+This will likely be improved over time. Just be aware to test performance when implementing.  
+
+### Allocation-less operation
+
+The decoder has been designed to operate without allocations after a warmup. 
+
+This means that you should *store* the decoder for best performance. 
+To re-use a stream decoder, use the `Reset(r io.Reader) error` to switch to another stream.
+A decoder can safely be re-used even if the previous stream failed.
+
+To release the resources, you must call the `Close()` function on a decoder.
+After this it can *no longer be reused*, but all running goroutines will be stopped.
+So you *must* use this if you will no longer need the Reader.
+
+For decompressing smaller buffers a single decoder can be used.
+When decoding buffers, you can supply a destination slice with length 0 and your expected capacity.
+In this case no unneeded allocations should be made. 
+
+### Concurrency
+
+The buffer decoder does everything on the same goroutine and does nothing concurrently.
+It can however decode several buffers concurrently. Use `WithDecoderConcurrency(n)` to limit that.
+
+The stream decoder operates on
+
+* One goroutine reads input and splits the input to several block decoders.
+* A number of decoders will decode blocks.
+* A goroutine coordinates these blocks and sends history from one to the next.
+
+So effectively this also means the decoder will "read ahead" and prepare data to always be available for output.
+
+Since "blocks" are quite dependent on the output of the previous block stream decoding will only have limited concurrency.
+
+In practice this means that concurrency is often limited to utilizing about 2 cores effectively.
+ 
+ 
+### Benchmarks
+
+These are some examples of performance compared to [datadog cgo library](https://github.com/DataDog/zstd).
+
+The first two are streaming decodes and the last are smaller inputs. 
+ 
+```
+BenchmarkDecoderSilesia-8                          3     385000067 ns/op     550.51 MB/s        5498 B/op          8 allocs/op
+BenchmarkDecoderSilesiaCgo-8                       6     197666567 ns/op    1072.25 MB/s      270672 B/op          8 allocs/op
+
+BenchmarkDecoderEnwik9-8                           1    2027001600 ns/op     493.34 MB/s       10496 B/op         18 allocs/op
+BenchmarkDecoderEnwik9Cgo-8                        2     979499200 ns/op    1020.93 MB/s      270672 B/op          8 allocs/op
+
+Concurrent performance:
+
+BenchmarkDecoder_DecodeAllParallel/kppkn.gtb.zst-16                28915         42469 ns/op    4340.07 MB/s         114 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/geo.protodata.zst-16           116505          9965 ns/op    11900.16 MB/s         16 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/plrabn12.txt.zst-16              8952        134272 ns/op    3588.70 MB/s         915 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/lcet10.txt.zst-16               11820        102538 ns/op    4161.90 MB/s         594 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/asyoulik.txt.zst-16             34782         34184 ns/op    3661.88 MB/s          60 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/alice29.txt.zst-16              27712         43447 ns/op    3500.58 MB/s          99 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/html_x_4.zst-16                 62826         18750 ns/op    21845.10 MB/s        104 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/paper-100k.pdf.zst-16          631545          1794 ns/op    57078.74 MB/s          2 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/fireworks.jpeg.zst-16         1690140           712 ns/op    172938.13 MB/s         1 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/urls.10K.zst-16                 10432        113593 ns/op    6180.73 MB/s        1143 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/html.zst-16                    113206         10671 ns/op    9596.27 MB/s          15 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallel/comp-data.bin.zst-16          1530615           779 ns/op    5229.49 MB/s           0 B/op          0 allocs/op
+
+BenchmarkDecoder_DecodeAllParallelCgo/kppkn.gtb.zst-16             65217         16192 ns/op    11383.34 MB/s         46 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/geo.protodata.zst-16        292671          4039 ns/op    29363.19 MB/s          6 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/plrabn12.txt.zst-16          26314         46021 ns/op    10470.43 MB/s        293 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/lcet10.txt.zst-16            33897         34900 ns/op    12227.96 MB/s        205 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/asyoulik.txt.zst-16         104348         11433 ns/op    10949.01 MB/s         20 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/alice29.txt.zst-16           75949         15510 ns/op    9805.60 MB/s          32 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/html_x_4.zst-16             173910          6756 ns/op    60624.29 MB/s         37 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/paper-100k.pdf.zst-16       923076          1339 ns/op    76474.87 MB/s          1 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/fireworks.jpeg.zst-16       922920          1351 ns/op    91102.57 MB/s          2 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/urls.10K.zst-16              27649         43618 ns/op    16096.19 MB/s        407 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/html.zst-16                 279073          4160 ns/op    24614.18 MB/s          6 B/op          0 allocs/op
+BenchmarkDecoder_DecodeAllParallelCgo/comp-data.bin.zst-16        749938          1579 ns/op    2581.71 MB/s           0 B/op          0 allocs/op
+```
+
+This reflects the performance around May 2020, but this may be out of date.
+
+# Contributions
+
+Contributions are always welcome. 
+For new features/fixes, remember to add tests and for performance enhancements include benchmarks.
+
+For sending files for reproducing errors use a service like [goobox](https://goobox.io/#/upload) or similar to share your files.
+
+For general feedback and experience reports, feel free to open an issue or write me on [Twitter](https://twitter.com/sh0dan).
+
+This package includes the excellent [`github.com/cespare/xxhash`](https://github.com/cespare/xxhash) package Copyright (c) 2016 Caleb Spare.
diff --git a/vendor/github.com/klauspost/compress/zstd/bitreader.go b/vendor/github.com/klauspost/compress/zstd/bitreader.go
new file mode 100644
index 0000000000000..8544585371541
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/bitreader.go
@@ -0,0 +1,136 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+	"math/bits"
+)
+
+// bitReader reads a bitstream in reverse.
+// The last set bit indicates the start of the stream and is used
+// for aligning the input.
+type bitReader struct {
+	in       []byte
+	off      uint   // next byte to read is at in[off - 1]
+	value    uint64 // Maybe use [16]byte, but shifting is awkward.
+	bitsRead uint8
+}
+
+// init initializes and resets the bit reader.
+func (b *bitReader) init(in []byte) error {
+	if len(in) < 1 {
+		return errors.New("corrupt stream: too short")
+	}
+	b.in = in
+	b.off = uint(len(in))
+	// The highest bit of the last byte indicates where to start
+	v := in[len(in)-1]
+	if v == 0 {
+		return errors.New("corrupt stream, did not find end of stream")
+	}
+	b.bitsRead = 64
+	b.value = 0
+	if len(in) >= 8 {
+		b.fillFastStart()
+	} else {
+		b.fill()
+		b.fill()
+	}
+	b.bitsRead += 8 - uint8(highBits(uint32(v)))
+	return nil
+}
+
+// getBits will return n bits. n can be 0.
+func (b *bitReader) getBits(n uint8) int {
+	if n == 0 /*|| b.bitsRead >= 64 */ {
+		return 0
+	}
+	return b.getBitsFast(n)
+}
+
+// getBitsFast requires that at least one bit is requested every time.
+// There are no checks if the buffer is filled.
+func (b *bitReader) getBitsFast(n uint8) int {
+	const regMask = 64 - 1
+	v := uint32((b.value << (b.bitsRead & regMask)) >> ((regMask + 1 - n) & regMask))
+	b.bitsRead += n
+	return int(v)
+}
+
+// fillFast() will make sure at least 32 bits are available.
+// There must be at least 4 bytes available.
+func (b *bitReader) fillFast() {
+	if b.bitsRead < 32 {
+		return
+	}
+	// 2 bounds checks.
+	v := b.in[b.off-4:]
+	v = v[:4]
+	low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+	b.value = (b.value << 32) | uint64(low)
+	b.bitsRead -= 32
+	b.off -= 4
+}
+
+// fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read.
+func (b *bitReader) fillFastStart() {
+	// Do single re-slice to avoid bounds checks.
+	b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+	b.bitsRead = 0
+	b.off -= 8
+}
+
+// fill() will make sure at least 32 bits are available.
+func (b *bitReader) fill() {
+	if b.bitsRead < 32 {
+		return
+	}
+	if b.off >= 4 {
+		v := b.in[b.off-4:]
+		v = v[:4]
+		low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+		b.value = (b.value << 32) | uint64(low)
+		b.bitsRead -= 32
+		b.off -= 4
+		return
+	}
+	for b.off > 0 {
+		b.value = (b.value << 8) | uint64(b.in[b.off-1])
+		b.bitsRead -= 8
+		b.off--
+	}
+}
+
+// finished returns true if all bits have been read from the bit stream.
+func (b *bitReader) finished() bool {
+	return b.off == 0 && b.bitsRead >= 64
+}
+
+// overread returns true if more bits have been requested than is on the stream.
+func (b *bitReader) overread() bool {
+	return b.bitsRead > 64
+}
+
+// remain returns the number of bits remaining.
+func (b *bitReader) remain() uint {
+	return b.off*8 + 64 - uint(b.bitsRead)
+}
+
+// close the bitstream and returns an error if out-of-buffer reads occurred.
+func (b *bitReader) close() error {
+	// Release reference.
+	b.in = nil
+	if b.bitsRead > 64 {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+
+func highBits(val uint32) (n uint32) {
+	return uint32(bits.Len32(val) - 1)
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/bitwriter.go b/vendor/github.com/klauspost/compress/zstd/bitwriter.go
new file mode 100644
index 0000000000000..303ae90f94473
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/bitwriter.go
@@ -0,0 +1,169 @@
+// Copyright 2018 Klaus Post. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
+
+package zstd
+
+import "fmt"
+
+// bitWriter will write bits.
+// First bit will be LSB of the first byte of output.
+type bitWriter struct {
+	bitContainer uint64
+	nBits        uint8
+	out          []byte
+}
+
+// bitMask16 is bitmasks. Has extra to avoid bounds check.
+var bitMask16 = [32]uint16{
+	0, 1, 3, 7, 0xF, 0x1F,
+	0x3F, 0x7F, 0xFF, 0x1FF, 0x3FF, 0x7FF,
+	0xFFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF, 0xFFFF,
+	0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF,
+	0xFFFF, 0xFFFF} /* up to 16 bits */
+
+var bitMask32 = [32]uint32{
+	0, 1, 3, 7, 0xF, 0x1F, 0x3F, 0x7F, 0xFF,
+	0x1FF, 0x3FF, 0x7FF, 0xFFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF,
+	0x1ffff, 0x3ffff, 0x7FFFF, 0xfFFFF, 0x1fFFFF, 0x3fFFFF, 0x7fFFFF, 0xffFFFF,
+	0x1ffFFFF, 0x3ffFFFF, 0x7ffFFFF, 0xfffFFFF, 0x1fffFFFF, 0x3fffFFFF, 0x7fffFFFF,
+} // up to 32 bits
+
+// addBits16NC will add up to 16 bits.
+// It will not check if there is space for them,
+// so the caller must ensure that it has flushed recently.
+func (b *bitWriter) addBits16NC(value uint16, bits uint8) {
+	b.bitContainer |= uint64(value&bitMask16[bits&31]) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// addBits32NC will add up to 32 bits.
+// It will not check if there is space for them,
+// so the caller must ensure that it has flushed recently.
+func (b *bitWriter) addBits32NC(value uint32, bits uint8) {
+	b.bitContainer |= uint64(value&bitMask32[bits&31]) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// addBits16Clean will add up to 16 bits. value may not contain more set bits than indicated.
+// It will not check if there is space for them, so the caller must ensure that it has flushed recently.
+func (b *bitWriter) addBits16Clean(value uint16, bits uint8) {
+	b.bitContainer |= uint64(value) << (b.nBits & 63)
+	b.nBits += bits
+}
+
+// flush will flush all pending full bytes.
+// There will be at least 56 bits available for writing when this has been called.
+// Using flush32 is faster, but leaves less space for writing.
+func (b *bitWriter) flush() {
+	v := b.nBits >> 3
+	switch v {
+	case 0:
+	case 1:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+		)
+	case 2:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+		)
+	case 3:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+		)
+	case 4:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+		)
+	case 5:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+		)
+	case 6:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+		)
+	case 7:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+			byte(b.bitContainer>>48),
+		)
+	case 8:
+		b.out = append(b.out,
+			byte(b.bitContainer),
+			byte(b.bitContainer>>8),
+			byte(b.bitContainer>>16),
+			byte(b.bitContainer>>24),
+			byte(b.bitContainer>>32),
+			byte(b.bitContainer>>40),
+			byte(b.bitContainer>>48),
+			byte(b.bitContainer>>56),
+		)
+	default:
+		panic(fmt.Errorf("bits (%d) > 64", b.nBits))
+	}
+	b.bitContainer >>= v << 3
+	b.nBits &= 7
+}
+
+// flush32 will flush out, so there are at least 32 bits available for writing.
+func (b *bitWriter) flush32() {
+	if b.nBits < 32 {
+		return
+	}
+	b.out = append(b.out,
+		byte(b.bitContainer),
+		byte(b.bitContainer>>8),
+		byte(b.bitContainer>>16),
+		byte(b.bitContainer>>24))
+	b.nBits -= 32
+	b.bitContainer >>= 32
+}
+
+// flushAlign will flush remaining full bytes and align to next byte boundary.
+func (b *bitWriter) flushAlign() {
+	nbBytes := (b.nBits + 7) >> 3
+	for i := uint8(0); i < nbBytes; i++ {
+		b.out = append(b.out, byte(b.bitContainer>>(i*8)))
+	}
+	b.nBits = 0
+	b.bitContainer = 0
+}
+
+// close will write the alignment bit and write the final byte(s)
+// to the output.
+func (b *bitWriter) close() error {
+	// End mark
+	b.addBits16Clean(1, 1)
+	// flush until next byte.
+	b.flushAlign()
+	return nil
+}
+
+// reset and continue writing by appending to out.
+func (b *bitWriter) reset(out []byte) {
+	b.bitContainer = 0
+	b.nBits = 0
+	b.out = out
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/blockdec.go b/vendor/github.com/klauspost/compress/zstd/blockdec.go
new file mode 100644
index 0000000000000..b51d922bda691
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/blockdec.go
@@ -0,0 +1,739 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"sync"
+
+	"github.com/klauspost/compress/huff0"
+	"github.com/klauspost/compress/zstd/internal/xxhash"
+)
+
+type blockType uint8
+
+//go:generate stringer -type=blockType,literalsBlockType,seqCompMode,tableIndex
+
+const (
+	blockTypeRaw blockType = iota
+	blockTypeRLE
+	blockTypeCompressed
+	blockTypeReserved
+)
+
+type literalsBlockType uint8
+
+const (
+	literalsBlockRaw literalsBlockType = iota
+	literalsBlockRLE
+	literalsBlockCompressed
+	literalsBlockTreeless
+)
+
+const (
+	// maxCompressedBlockSize is the biggest allowed compressed block size (128KB)
+	maxCompressedBlockSize = 128 << 10
+
+	// Maximum possible block size (all Raw+Uncompressed).
+	maxBlockSize = (1 << 21) - 1
+
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#literals_section_header
+	maxCompressedLiteralSize = 1 << 18
+	maxRLELiteralSize        = 1 << 20
+	maxMatchLen              = 131074
+	maxSequences             = 0x7f00 + 0xffff
+
+	// We support slightly less than the reference decoder to be able to
+	// use ints on 32 bit archs.
+	maxOffsetBits = 30
+)
+
+var (
+	huffDecoderPool = sync.Pool{New: func() interface{} {
+		return &huff0.Scratch{}
+	}}
+
+	fseDecoderPool = sync.Pool{New: func() interface{} {
+		return &fseDecoder{}
+	}}
+)
+
+type blockDec struct {
+	// Raw source data of the block.
+	data        []byte
+	dataStorage []byte
+
+	// Destination of the decoded data.
+	dst []byte
+
+	// Buffer for literals data.
+	literalBuf []byte
+
+	// Window size of the block.
+	WindowSize uint64
+
+	history     chan *history
+	input       chan struct{}
+	result      chan decodeOutput
+	sequenceBuf []seq
+	err         error
+	decWG       sync.WaitGroup
+
+	// Frame to use for singlethreaded decoding.
+	// Should not be used by the decoder itself since parent may be another frame.
+	localFrame *frameDec
+
+	// Block is RLE, this is the size.
+	RLESize uint32
+	tmp     [4]byte
+
+	Type blockType
+
+	// Is this the last block of a frame?
+	Last bool
+
+	// Use less memory
+	lowMem bool
+}
+
+func (b *blockDec) String() string {
+	if b == nil {
+		return "<nil>"
+	}
+	return fmt.Sprintf("Steam Size: %d, Type: %v, Last: %t, Window: %d", len(b.data), b.Type, b.Last, b.WindowSize)
+}
+
+func newBlockDec(lowMem bool) *blockDec {
+	b := blockDec{
+		lowMem:  lowMem,
+		result:  make(chan decodeOutput, 1),
+		input:   make(chan struct{}, 1),
+		history: make(chan *history, 1),
+	}
+	b.decWG.Add(1)
+	go b.startDecoder()
+	return &b
+}
+
+// reset will reset the block.
+// Input must be a start of a block and will be at the end of the block when returned.
+func (b *blockDec) reset(br byteBuffer, windowSize uint64) error {
+	b.WindowSize = windowSize
+	tmp := br.readSmall(3)
+	if tmp == nil {
+		if debug {
+			println("Reading block header:", io.ErrUnexpectedEOF)
+		}
+		return io.ErrUnexpectedEOF
+	}
+	bh := uint32(tmp[0]) | (uint32(tmp[1]) << 8) | (uint32(tmp[2]) << 16)
+	b.Last = bh&1 != 0
+	b.Type = blockType((bh >> 1) & 3)
+	// find size.
+	cSize := int(bh >> 3)
+	maxSize := maxBlockSize
+	switch b.Type {
+	case blockTypeReserved:
+		return ErrReservedBlockType
+	case blockTypeRLE:
+		b.RLESize = uint32(cSize)
+		if b.lowMem {
+			maxSize = cSize
+		}
+		cSize = 1
+	case blockTypeCompressed:
+		if debug {
+			println("Data size on stream:", cSize)
+		}
+		b.RLESize = 0
+		maxSize = maxCompressedBlockSize
+		if windowSize < maxCompressedBlockSize && b.lowMem {
+			maxSize = int(windowSize)
+		}
+		if cSize > maxCompressedBlockSize || uint64(cSize) > b.WindowSize {
+			if debug {
+				printf("compressed block too big: csize:%d block: %+v\n", uint64(cSize), b)
+			}
+			return ErrCompressedSizeTooBig
+		}
+	case blockTypeRaw:
+		b.RLESize = 0
+		// We do not need a destination for raw blocks.
+		maxSize = -1
+	default:
+		panic("Invalid block type")
+	}
+
+	// Read block data.
+	if cap(b.dataStorage) < cSize {
+		if b.lowMem {
+			b.dataStorage = make([]byte, 0, cSize)
+		} else {
+			b.dataStorage = make([]byte, 0, maxBlockSize)
+		}
+	}
+	if cap(b.dst) <= maxSize {
+		b.dst = make([]byte, 0, maxSize+1)
+	}
+	var err error
+	b.data, err = br.readBig(cSize, b.dataStorage)
+	if err != nil {
+		if debug {
+			println("Reading block:", err, "(", cSize, ")", len(b.data))
+			printf("%T", br)
+		}
+		return err
+	}
+	return nil
+}
+
+// sendEOF will make the decoder send EOF on this frame.
+func (b *blockDec) sendErr(err error) {
+	b.Last = true
+	b.Type = blockTypeReserved
+	b.err = err
+	b.input <- struct{}{}
+}
+
+// Close will release resources.
+// Closed blockDec cannot be reset.
+func (b *blockDec) Close() {
+	close(b.input)
+	close(b.history)
+	close(b.result)
+	b.decWG.Wait()
+}
+
+// decodeAsync will prepare decoding the block when it receives input.
+// This will separate output and history.
+func (b *blockDec) startDecoder() {
+	defer b.decWG.Done()
+	for range b.input {
+		//println("blockDec: Got block input")
+		switch b.Type {
+		case blockTypeRLE:
+			if cap(b.dst) < int(b.RLESize) {
+				if b.lowMem {
+					b.dst = make([]byte, b.RLESize)
+				} else {
+					b.dst = make([]byte, maxBlockSize)
+				}
+			}
+			o := decodeOutput{
+				d:   b,
+				b:   b.dst[:b.RLESize],
+				err: nil,
+			}
+			v := b.data[0]
+			for i := range o.b {
+				o.b[i] = v
+			}
+			hist := <-b.history
+			hist.append(o.b)
+			b.result <- o
+		case blockTypeRaw:
+			o := decodeOutput{
+				d:   b,
+				b:   b.data,
+				err: nil,
+			}
+			hist := <-b.history
+			hist.append(o.b)
+			b.result <- o
+		case blockTypeCompressed:
+			b.dst = b.dst[:0]
+			err := b.decodeCompressed(nil)
+			o := decodeOutput{
+				d:   b,
+				b:   b.dst,
+				err: err,
+			}
+			if debug {
+				println("Decompressed to", len(b.dst), "bytes, error:", err)
+			}
+			b.result <- o
+		case blockTypeReserved:
+			// Used for returning errors.
+			<-b.history
+			b.result <- decodeOutput{
+				d:   b,
+				b:   nil,
+				err: b.err,
+			}
+		default:
+			panic("Invalid block type")
+		}
+		if debug {
+			println("blockDec: Finished block")
+		}
+	}
+}
+
+// decodeAsync will prepare decoding the block when it receives the history.
+// If history is provided, it will not fetch it from the channel.
+func (b *blockDec) decodeBuf(hist *history) error {
+	switch b.Type {
+	case blockTypeRLE:
+		if cap(b.dst) < int(b.RLESize) {
+			if b.lowMem {
+				b.dst = make([]byte, b.RLESize)
+			} else {
+				b.dst = make([]byte, maxBlockSize)
+			}
+		}
+		b.dst = b.dst[:b.RLESize]
+		v := b.data[0]
+		for i := range b.dst {
+			b.dst[i] = v
+		}
+		hist.appendKeep(b.dst)
+		return nil
+	case blockTypeRaw:
+		hist.appendKeep(b.data)
+		return nil
+	case blockTypeCompressed:
+		saved := b.dst
+		b.dst = hist.b
+		hist.b = nil
+		err := b.decodeCompressed(hist)
+		if debug {
+			println("Decompressed to total", len(b.dst), "bytes, hash:", xxhash.Sum64(b.dst), "error:", err)
+		}
+		hist.b = b.dst
+		b.dst = saved
+		return err
+	case blockTypeReserved:
+		// Used for returning errors.
+		return b.err
+	default:
+		panic("Invalid block type")
+	}
+}
+
+// decodeCompressed will start decompressing a block.
+// If no history is supplied the decoder will decodeAsync as much as possible
+// before fetching from blockDec.history
+func (b *blockDec) decodeCompressed(hist *history) error {
+	in := b.data
+	delayedHistory := hist == nil
+
+	if delayedHistory {
+		// We must always grab history.
+		defer func() {
+			if hist == nil {
+				<-b.history
+			}
+		}()
+	}
+	// There must be at least one byte for Literals_Block_Type and one for Sequences_Section_Header
+	if len(in) < 2 {
+		return ErrBlockTooSmall
+	}
+	litType := literalsBlockType(in[0] & 3)
+	var litRegenSize int
+	var litCompSize int
+	sizeFormat := (in[0] >> 2) & 3
+	var fourStreams bool
+	switch litType {
+	case literalsBlockRaw, literalsBlockRLE:
+		switch sizeFormat {
+		case 0, 2:
+			// Regenerated_Size uses 5 bits (0-31). Literals_Section_Header uses 1 byte.
+			litRegenSize = int(in[0] >> 3)
+			in = in[1:]
+		case 1:
+			// Regenerated_Size uses 12 bits (0-4095). Literals_Section_Header uses 2 bytes.
+			litRegenSize = int(in[0]>>4) + (int(in[1]) << 4)
+			in = in[2:]
+		case 3:
+			//  Regenerated_Size uses 20 bits (0-1048575). Literals_Section_Header uses 3 bytes.
+			if len(in) < 3 {
+				println("too small: litType:", litType, " sizeFormat", sizeFormat, len(in))
+				return ErrBlockTooSmall
+			}
+			litRegenSize = int(in[0]>>4) + (int(in[1]) << 4) + (int(in[2]) << 12)
+			in = in[3:]
+		}
+	case literalsBlockCompressed, literalsBlockTreeless:
+		switch sizeFormat {
+		case 0, 1:
+			// Both Regenerated_Size and Compressed_Size use 10 bits (0-1023).
+			if len(in) < 3 {
+				println("too small: litType:", litType, " sizeFormat", sizeFormat, len(in))
+				return ErrBlockTooSmall
+			}
+			n := uint64(in[0]>>4) + (uint64(in[1]) << 4) + (uint64(in[2]) << 12)
+			litRegenSize = int(n & 1023)
+			litCompSize = int(n >> 10)
+			fourStreams = sizeFormat == 1
+			in = in[3:]
+		case 2:
+			fourStreams = true
+			if len(in) < 4 {
+				println("too small: litType:", litType, " sizeFormat", sizeFormat, len(in))
+				return ErrBlockTooSmall
+			}
+			n := uint64(in[0]>>4) + (uint64(in[1]) << 4) + (uint64(in[2]) << 12) + (uint64(in[3]) << 20)
+			litRegenSize = int(n & 16383)
+			litCompSize = int(n >> 14)
+			in = in[4:]
+		case 3:
+			fourStreams = true
+			if len(in) < 5 {
+				println("too small: litType:", litType, " sizeFormat", sizeFormat, len(in))
+				return ErrBlockTooSmall
+			}
+			n := uint64(in[0]>>4) + (uint64(in[1]) << 4) + (uint64(in[2]) << 12) + (uint64(in[3]) << 20) + (uint64(in[4]) << 28)
+			litRegenSize = int(n & 262143)
+			litCompSize = int(n >> 18)
+			in = in[5:]
+		}
+	}
+	if debug {
+		println("literals type:", litType, "litRegenSize:", litRegenSize, "litCompSize:", litCompSize, "sizeFormat:", sizeFormat, "4X:", fourStreams)
+	}
+	var literals []byte
+	var huff *huff0.Scratch
+	switch litType {
+	case literalsBlockRaw:
+		if len(in) < litRegenSize {
+			println("too small: litType:", litType, " sizeFormat", sizeFormat, "remain:", len(in), "want:", litRegenSize)
+			return ErrBlockTooSmall
+		}
+		literals = in[:litRegenSize]
+		in = in[litRegenSize:]
+		//printf("Found %d uncompressed literals\n", litRegenSize)
+	case literalsBlockRLE:
+		if len(in) < 1 {
+			println("too small: litType:", litType, " sizeFormat", sizeFormat, "remain:", len(in), "want:", 1)
+			return ErrBlockTooSmall
+		}
+		if cap(b.literalBuf) < litRegenSize {
+			if b.lowMem {
+				b.literalBuf = make([]byte, litRegenSize)
+			} else {
+				if litRegenSize > maxCompressedLiteralSize {
+					// Exceptional
+					b.literalBuf = make([]byte, litRegenSize)
+				} else {
+					b.literalBuf = make([]byte, litRegenSize, maxCompressedLiteralSize)
+
+				}
+			}
+		}
+		literals = b.literalBuf[:litRegenSize]
+		v := in[0]
+		for i := range literals {
+			literals[i] = v
+		}
+		in = in[1:]
+		if debug {
+			printf("Found %d RLE compressed literals\n", litRegenSize)
+		}
+	case literalsBlockTreeless:
+		if len(in) < litCompSize {
+			println("too small: litType:", litType, " sizeFormat", sizeFormat, "remain:", len(in), "want:", litCompSize)
+			return ErrBlockTooSmall
+		}
+		// Store compressed literals, so we defer decoding until we get history.
+		literals = in[:litCompSize]
+		in = in[litCompSize:]
+		if debug {
+			printf("Found %d compressed literals\n", litCompSize)
+		}
+	case literalsBlockCompressed:
+		if len(in) < litCompSize {
+			println("too small: litType:", litType, " sizeFormat", sizeFormat, "remain:", len(in), "want:", litCompSize)
+			return ErrBlockTooSmall
+		}
+		literals = in[:litCompSize]
+		in = in[litCompSize:]
+		huff = huffDecoderPool.Get().(*huff0.Scratch)
+		var err error
+		// Ensure we have space to store it.
+		if cap(b.literalBuf) < litRegenSize {
+			if b.lowMem {
+				b.literalBuf = make([]byte, 0, litRegenSize)
+			} else {
+				b.literalBuf = make([]byte, 0, maxCompressedLiteralSize)
+			}
+		}
+		if huff == nil {
+			huff = &huff0.Scratch{}
+		}
+		huff, literals, err = huff0.ReadTable(literals, huff)
+		if err != nil {
+			println("reading huffman table:", err)
+			return err
+		}
+		// Use our out buffer.
+		if fourStreams {
+			literals, err = huff.Decoder().Decompress4X(b.literalBuf[:0:litRegenSize], literals)
+		} else {
+			literals, err = huff.Decoder().Decompress1X(b.literalBuf[:0:litRegenSize], literals)
+		}
+		if err != nil {
+			println("decoding compressed literals:", err)
+			return err
+		}
+		// Make sure we don't leak our literals buffer
+		if len(literals) != litRegenSize {
+			return fmt.Errorf("literal output size mismatch want %d, got %d", litRegenSize, len(literals))
+		}
+		if debug {
+			printf("Decompressed %d literals into %d bytes\n", litCompSize, litRegenSize)
+		}
+	}
+
+	// Decode Sequences
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#sequences-section
+	if len(in) < 1 {
+		return ErrBlockTooSmall
+	}
+	seqHeader := in[0]
+	nSeqs := 0
+	switch {
+	case seqHeader == 0:
+		in = in[1:]
+	case seqHeader < 128:
+		nSeqs = int(seqHeader)
+		in = in[1:]
+	case seqHeader < 255:
+		if len(in) < 2 {
+			return ErrBlockTooSmall
+		}
+		nSeqs = int(seqHeader-128)<<8 | int(in[1])
+		in = in[2:]
+	case seqHeader == 255:
+		if len(in) < 3 {
+			return ErrBlockTooSmall
+		}
+		nSeqs = 0x7f00 + int(in[1]) + (int(in[2]) << 8)
+		in = in[3:]
+	}
+	// Allocate sequences
+	if cap(b.sequenceBuf) < nSeqs {
+		if b.lowMem {
+			b.sequenceBuf = make([]seq, nSeqs)
+		} else {
+			// Allocate max
+			b.sequenceBuf = make([]seq, nSeqs, maxSequences)
+		}
+	} else {
+		// Reuse buffer
+		b.sequenceBuf = b.sequenceBuf[:nSeqs]
+	}
+	var seqs = &sequenceDecs{}
+	if nSeqs > 0 {
+		if len(in) < 1 {
+			return ErrBlockTooSmall
+		}
+		br := byteReader{b: in, off: 0}
+		compMode := br.Uint8()
+		br.advance(1)
+		if debug {
+			printf("Compression modes: 0b%b", compMode)
+		}
+		for i := uint(0); i < 3; i++ {
+			mode := seqCompMode((compMode >> (6 - i*2)) & 3)
+			if debug {
+				println("Table", tableIndex(i), "is", mode)
+			}
+			var seq *sequenceDec
+			switch tableIndex(i) {
+			case tableLiteralLengths:
+				seq = &seqs.litLengths
+			case tableOffsets:
+				seq = &seqs.offsets
+			case tableMatchLengths:
+				seq = &seqs.matchLengths
+			default:
+				panic("unknown table")
+			}
+			switch mode {
+			case compModePredefined:
+				seq.fse = &fsePredef[i]
+			case compModeRLE:
+				if br.remain() < 1 {
+					return ErrBlockTooSmall
+				}
+				v := br.Uint8()
+				br.advance(1)
+				dec := fseDecoderPool.Get().(*fseDecoder)
+				symb, err := decSymbolValue(v, symbolTableX[i])
+				if err != nil {
+					printf("RLE Transform table (%v) error: %v", tableIndex(i), err)
+					return err
+				}
+				dec.setRLE(symb)
+				seq.fse = dec
+				if debug {
+					printf("RLE set to %+v, code: %v", symb, v)
+				}
+			case compModeFSE:
+				println("Reading table for", tableIndex(i))
+				dec := fseDecoderPool.Get().(*fseDecoder)
+				err := dec.readNCount(&br, uint16(maxTableSymbol[i]))
+				if err != nil {
+					println("Read table error:", err)
+					return err
+				}
+				err = dec.transform(symbolTableX[i])
+				if err != nil {
+					println("Transform table error:", err)
+					return err
+				}
+				if debug {
+					println("Read table ok", "symbolLen:", dec.symbolLen)
+				}
+				seq.fse = dec
+			case compModeRepeat:
+				seq.repeat = true
+			}
+			if br.overread() {
+				return io.ErrUnexpectedEOF
+			}
+		}
+		in = br.unread()
+	}
+
+	// Wait for history.
+	// All time spent after this is critical since it is strictly sequential.
+	if hist == nil {
+		hist = <-b.history
+		if hist.error {
+			return ErrDecoderClosed
+		}
+	}
+
+	// Decode treeless literal block.
+	if litType == literalsBlockTreeless {
+		// TODO: We could send the history early WITHOUT the stream history.
+		//   This would allow decoding treeless literals before the byte history is available.
+		//   Silencia stats: Treeless 4393, with: 32775, total: 37168, 11% treeless.
+		//   So not much obvious gain here.
+
+		if hist.huffTree == nil {
+			return errors.New("literal block was treeless, but no history was defined")
+		}
+		// Ensure we have space to store it.
+		if cap(b.literalBuf) < litRegenSize {
+			if b.lowMem {
+				b.literalBuf = make([]byte, 0, litRegenSize)
+			} else {
+				b.literalBuf = make([]byte, 0, maxCompressedLiteralSize)
+			}
+		}
+		var err error
+		// Use our out buffer.
+		huff = hist.huffTree
+		if fourStreams {
+			literals, err = huff.Decoder().Decompress4X(b.literalBuf[:0:litRegenSize], literals)
+		} else {
+			literals, err = huff.Decoder().Decompress1X(b.literalBuf[:0:litRegenSize], literals)
+		}
+		// Make sure we don't leak our literals buffer
+		if err != nil {
+			println("decompressing literals:", err)
+			return err
+		}
+		if len(literals) != litRegenSize {
+			return fmt.Errorf("literal output size mismatch want %d, got %d", litRegenSize, len(literals))
+		}
+	} else {
+		if hist.huffTree != nil && huff != nil {
+			if hist.dict == nil || hist.dict.litEnc != hist.huffTree {
+				huffDecoderPool.Put(hist.huffTree)
+			}
+			hist.huffTree = nil
+		}
+	}
+	if huff != nil {
+		hist.huffTree = huff
+	}
+	if debug {
+		println("Final literals:", len(literals), "hash:", xxhash.Sum64(literals), "and", nSeqs, "sequences.")
+	}
+
+	if nSeqs == 0 {
+		// Decompressed content is defined entirely as Literals Section content.
+		b.dst = append(b.dst, literals...)
+		if delayedHistory {
+			hist.append(literals)
+		}
+		return nil
+	}
+
+	seqs, err := seqs.mergeHistory(&hist.decoders)
+	if err != nil {
+		return err
+	}
+	if debug {
+		println("History merged ok")
+	}
+	br := &bitReader{}
+	if err := br.init(in); err != nil {
+		return err
+	}
+
+	// TODO: Investigate if sending history without decoders are faster.
+	//   This would allow the sequences to be decoded async and only have to construct stream history.
+	//   If only recent offsets were not transferred, this would be an obvious win.
+	// 	 Also, if first 3 sequences don't reference recent offsets, all sequences can be decoded.
+
+	hbytes := hist.b
+	if len(hbytes) > hist.windowSize {
+		hbytes = hbytes[len(hbytes)-hist.windowSize:]
+		// We do not need history any more.
+		if hist.dict != nil {
+			hist.dict.content = nil
+		}
+	}
+
+	if err := seqs.initialize(br, hist, literals, b.dst); err != nil {
+		println("initializing sequences:", err)
+		return err
+	}
+
+	err = seqs.decode(nSeqs, br, hbytes)
+	if err != nil {
+		return err
+	}
+	if !br.finished() {
+		return fmt.Errorf("%d extra bits on block, should be 0", br.remain())
+	}
+
+	err = br.close()
+	if err != nil {
+		printf("Closing sequences: %v, %+v\n", err, *br)
+	}
+	if len(b.data) > maxCompressedBlockSize {
+		return fmt.Errorf("compressed block size too large (%d)", len(b.data))
+	}
+	// Set output and release references.
+	b.dst = seqs.out
+	seqs.out, seqs.literals, seqs.hist = nil, nil, nil
+
+	if !delayedHistory {
+		// If we don't have delayed history, no need to update.
+		hist.recentOffsets = seqs.prevOffset
+		return nil
+	}
+	if b.Last {
+		// if last block we don't care about history.
+		println("Last block, no history returned")
+		hist.b = hist.b[:0]
+		return nil
+	}
+	hist.append(b.dst)
+	hist.recentOffsets = seqs.prevOffset
+	if debug {
+		println("Finished block with literals:", len(literals), "and", nSeqs, "sequences.")
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/blockenc.go b/vendor/github.com/klauspost/compress/zstd/blockenc.go
new file mode 100644
index 0000000000000..9647c64e53a09
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/blockenc.go
@@ -0,0 +1,871 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"errors"
+	"fmt"
+	"math"
+	"math/bits"
+
+	"github.com/klauspost/compress/huff0"
+)
+
+type blockEnc struct {
+	size       int
+	literals   []byte
+	sequences  []seq
+	coders     seqCoders
+	litEnc     *huff0.Scratch
+	dictLitEnc *huff0.Scratch
+	wr         bitWriter
+
+	extraLits         int
+	output            []byte
+	recentOffsets     [3]uint32
+	prevRecentOffsets [3]uint32
+
+	last   bool
+	lowMem bool
+}
+
+// init should be used once the block has been created.
+// If called more than once, the effect is the same as calling reset.
+func (b *blockEnc) init() {
+	if b.lowMem {
+		// 1K literals
+		if cap(b.literals) < 1<<10 {
+			b.literals = make([]byte, 0, 1<<10)
+		}
+		const defSeqs = 20
+		if cap(b.sequences) < defSeqs {
+			b.sequences = make([]seq, 0, defSeqs)
+		}
+		// 1K
+		if cap(b.output) < 1<<10 {
+			b.output = make([]byte, 0, 1<<10)
+		}
+	} else {
+		if cap(b.literals) < maxCompressedBlockSize {
+			b.literals = make([]byte, 0, maxCompressedBlockSize)
+		}
+		const defSeqs = 200
+		if cap(b.sequences) < defSeqs {
+			b.sequences = make([]seq, 0, defSeqs)
+		}
+		if cap(b.output) < maxCompressedBlockSize {
+			b.output = make([]byte, 0, maxCompressedBlockSize)
+		}
+	}
+
+	if b.coders.mlEnc == nil {
+		b.coders.mlEnc = &fseEncoder{}
+		b.coders.mlPrev = &fseEncoder{}
+		b.coders.ofEnc = &fseEncoder{}
+		b.coders.ofPrev = &fseEncoder{}
+		b.coders.llEnc = &fseEncoder{}
+		b.coders.llPrev = &fseEncoder{}
+	}
+	b.litEnc = &huff0.Scratch{WantLogLess: 4}
+	b.reset(nil)
+}
+
+// initNewEncode can be used to reset offsets and encoders to the initial state.
+func (b *blockEnc) initNewEncode() {
+	b.recentOffsets = [3]uint32{1, 4, 8}
+	b.litEnc.Reuse = huff0.ReusePolicyNone
+	b.coders.setPrev(nil, nil, nil)
+}
+
+// reset will reset the block for a new encode, but in the same stream,
+// meaning that state will be carried over, but the block content is reset.
+// If a previous block is provided, the recent offsets are carried over.
+func (b *blockEnc) reset(prev *blockEnc) {
+	b.extraLits = 0
+	b.literals = b.literals[:0]
+	b.size = 0
+	b.sequences = b.sequences[:0]
+	b.output = b.output[:0]
+	b.last = false
+	if prev != nil {
+		b.recentOffsets = prev.prevRecentOffsets
+	}
+	b.dictLitEnc = nil
+}
+
+// reset will reset the block for a new encode, but in the same stream,
+// meaning that state will be carried over, but the block content is reset.
+// If a previous block is provided, the recent offsets are carried over.
+func (b *blockEnc) swapEncoders(prev *blockEnc) {
+	b.coders.swap(&prev.coders)
+	b.litEnc, prev.litEnc = prev.litEnc, b.litEnc
+}
+
+// blockHeader contains the information for a block header.
+type blockHeader uint32
+
+// setLast sets the 'last' indicator on a block.
+func (h *blockHeader) setLast(b bool) {
+	if b {
+		*h = *h | 1
+	} else {
+		const mask = (1 << 24) - 2
+		*h = *h & mask
+	}
+}
+
+// setSize will store the compressed size of a block.
+func (h *blockHeader) setSize(v uint32) {
+	const mask = 7
+	*h = (*h)&mask | blockHeader(v<<3)
+}
+
+// setType sets the block type.
+func (h *blockHeader) setType(t blockType) {
+	const mask = 1 | (((1 << 24) - 1) ^ 7)
+	*h = (*h & mask) | blockHeader(t<<1)
+}
+
+// appendTo will append the block header to a slice.
+func (h blockHeader) appendTo(b []byte) []byte {
+	return append(b, uint8(h), uint8(h>>8), uint8(h>>16))
+}
+
+// String returns a string representation of the block.
+func (h blockHeader) String() string {
+	return fmt.Sprintf("Type: %d, Size: %d, Last:%t", (h>>1)&3, h>>3, h&1 == 1)
+}
+
+// literalsHeader contains literals header information.
+type literalsHeader uint64
+
+// setType can be used to set the type of literal block.
+func (h *literalsHeader) setType(t literalsBlockType) {
+	const mask = math.MaxUint64 - 3
+	*h = (*h & mask) | literalsHeader(t)
+}
+
+// setSize can be used to set a single size, for uncompressed and RLE content.
+func (h *literalsHeader) setSize(regenLen int) {
+	inBits := bits.Len32(uint32(regenLen))
+	// Only retain 2 bits
+	const mask = 3
+	lh := uint64(*h & mask)
+	switch {
+	case inBits < 5:
+		lh |= (uint64(regenLen) << 3) | (1 << 60)
+		if debug {
+			got := int(lh>>3) & 0xff
+			if got != regenLen {
+				panic(fmt.Sprint("litRegenSize = ", regenLen, "(want) != ", got, "(got)"))
+			}
+		}
+	case inBits < 12:
+		lh |= (1 << 2) | (uint64(regenLen) << 4) | (2 << 60)
+	case inBits < 20:
+		lh |= (3 << 2) | (uint64(regenLen) << 4) | (3 << 60)
+	default:
+		panic(fmt.Errorf("internal error: block too big (%d)", regenLen))
+	}
+	*h = literalsHeader(lh)
+}
+
+// setSizes will set the size of a compressed literals section and the input length.
+func (h *literalsHeader) setSizes(compLen, inLen int, single bool) {
+	compBits, inBits := bits.Len32(uint32(compLen)), bits.Len32(uint32(inLen))
+	// Only retain 2 bits
+	const mask = 3
+	lh := uint64(*h & mask)
+	switch {
+	case compBits <= 10 && inBits <= 10:
+		if !single {
+			lh |= 1 << 2
+		}
+		lh |= (uint64(inLen) << 4) | (uint64(compLen) << (10 + 4)) | (3 << 60)
+		if debug {
+			const mmask = (1 << 24) - 1
+			n := (lh >> 4) & mmask
+			if int(n&1023) != inLen {
+				panic(fmt.Sprint("regensize:", int(n&1023), "!=", inLen, inBits))
+			}
+			if int(n>>10) != compLen {
+				panic(fmt.Sprint("compsize:", int(n>>10), "!=", compLen, compBits))
+			}
+		}
+	case compBits <= 14 && inBits <= 14:
+		lh |= (2 << 2) | (uint64(inLen) << 4) | (uint64(compLen) << (14 + 4)) | (4 << 60)
+		if single {
+			panic("single stream used with more than 10 bits length.")
+		}
+	case compBits <= 18 && inBits <= 18:
+		lh |= (3 << 2) | (uint64(inLen) << 4) | (uint64(compLen) << (18 + 4)) | (5 << 60)
+		if single {
+			panic("single stream used with more than 10 bits length.")
+		}
+	default:
+		panic("internal error: block too big")
+	}
+	*h = literalsHeader(lh)
+}
+
+// appendTo will append the literals header to a byte slice.
+func (h literalsHeader) appendTo(b []byte) []byte {
+	size := uint8(h >> 60)
+	switch size {
+	case 1:
+		b = append(b, uint8(h))
+	case 2:
+		b = append(b, uint8(h), uint8(h>>8))
+	case 3:
+		b = append(b, uint8(h), uint8(h>>8), uint8(h>>16))
+	case 4:
+		b = append(b, uint8(h), uint8(h>>8), uint8(h>>16), uint8(h>>24))
+	case 5:
+		b = append(b, uint8(h), uint8(h>>8), uint8(h>>16), uint8(h>>24), uint8(h>>32))
+	default:
+		panic(fmt.Errorf("internal error: literalsHeader has invalid size (%d)", size))
+	}
+	return b
+}
+
+// size returns the output size with currently set values.
+func (h literalsHeader) size() int {
+	return int(h >> 60)
+}
+
+func (h literalsHeader) String() string {
+	return fmt.Sprintf("Type: %d, SizeFormat: %d, Size: 0x%d, Bytes:%d", literalsBlockType(h&3), (h>>2)&3, h&((1<<60)-1)>>4, h>>60)
+}
+
+// pushOffsets will push the recent offsets to the backup store.
+func (b *blockEnc) pushOffsets() {
+	b.prevRecentOffsets = b.recentOffsets
+}
+
+// pushOffsets will push the recent offsets to the backup store.
+func (b *blockEnc) popOffsets() {
+	b.recentOffsets = b.prevRecentOffsets
+}
+
+// matchOffset will adjust recent offsets and return the adjusted one,
+// if it matches a previous offset.
+func (b *blockEnc) matchOffset(offset, lits uint32) uint32 {
+	// Check if offset is one of the recent offsets.
+	// Adjusts the output offset accordingly.
+	// Gives a tiny bit of compression, typically around 1%.
+	if true {
+		if lits > 0 {
+			switch offset {
+			case b.recentOffsets[0]:
+				offset = 1
+			case b.recentOffsets[1]:
+				b.recentOffsets[1] = b.recentOffsets[0]
+				b.recentOffsets[0] = offset
+				offset = 2
+			case b.recentOffsets[2]:
+				b.recentOffsets[2] = b.recentOffsets[1]
+				b.recentOffsets[1] = b.recentOffsets[0]
+				b.recentOffsets[0] = offset
+				offset = 3
+			default:
+				b.recentOffsets[2] = b.recentOffsets[1]
+				b.recentOffsets[1] = b.recentOffsets[0]
+				b.recentOffsets[0] = offset
+				offset += 3
+			}
+		} else {
+			switch offset {
+			case b.recentOffsets[1]:
+				b.recentOffsets[1] = b.recentOffsets[0]
+				b.recentOffsets[0] = offset
+				offset = 1
+			case b.recentOffsets[2]:
+				b.recentOffsets[2] = b.recentOffsets[1]
+				b.recentOffsets[1] = b.recentOffsets[0]
+				b.recentOffsets[0] = offset
+				offset = 2
+			case b.recentOffsets[0] - 1:
+				b.recentOffsets[2] = b.recentOffsets[1]
+				b.recentOffsets[1] = b.recentOffsets[0]
+				b.recentOffsets[0] = offset
+				offset = 3
+			default:
+				b.recentOffsets[2] = b.recentOffsets[1]
+				b.recentOffsets[1] = b.recentOffsets[0]
+				b.recentOffsets[0] = offset
+				offset += 3
+			}
+		}
+	} else {
+		offset += 3
+	}
+	return offset
+}
+
+// encodeRaw can be used to set the output to a raw representation of supplied bytes.
+func (b *blockEnc) encodeRaw(a []byte) {
+	var bh blockHeader
+	bh.setLast(b.last)
+	bh.setSize(uint32(len(a)))
+	bh.setType(blockTypeRaw)
+	b.output = bh.appendTo(b.output[:0])
+	b.output = append(b.output, a...)
+	if debug {
+		println("Adding RAW block, length", len(a), "last:", b.last)
+	}
+}
+
+// encodeRaw can be used to set the output to a raw representation of supplied bytes.
+func (b *blockEnc) encodeRawTo(dst, src []byte) []byte {
+	var bh blockHeader
+	bh.setLast(b.last)
+	bh.setSize(uint32(len(src)))
+	bh.setType(blockTypeRaw)
+	dst = bh.appendTo(dst)
+	dst = append(dst, src...)
+	if debug {
+		println("Adding RAW block, length", len(src), "last:", b.last)
+	}
+	return dst
+}
+
+// encodeLits can be used if the block is only litLen.
+func (b *blockEnc) encodeLits(lits []byte, raw bool) error {
+	var bh blockHeader
+	bh.setLast(b.last)
+	bh.setSize(uint32(len(lits)))
+
+	// Don't compress extremely small blocks
+	if len(lits) < 8 || (len(lits) < 32 && b.dictLitEnc == nil) || raw {
+		if debug {
+			println("Adding RAW block, length", len(lits), "last:", b.last)
+		}
+		bh.setType(blockTypeRaw)
+		b.output = bh.appendTo(b.output)
+		b.output = append(b.output, lits...)
+		return nil
+	}
+
+	var (
+		out            []byte
+		reUsed, single bool
+		err            error
+	)
+	if b.dictLitEnc != nil {
+		b.litEnc.TransferCTable(b.dictLitEnc)
+		b.litEnc.Reuse = huff0.ReusePolicyAllow
+		b.dictLitEnc = nil
+	}
+	if len(lits) >= 1024 {
+		// Use 4 Streams.
+		out, reUsed, err = huff0.Compress4X(lits, b.litEnc)
+	} else if len(lits) > 32 {
+		// Use 1 stream
+		single = true
+		out, reUsed, err = huff0.Compress1X(lits, b.litEnc)
+	} else {
+		err = huff0.ErrIncompressible
+	}
+
+	switch err {
+	case huff0.ErrIncompressible:
+		if debug {
+			println("Adding RAW block, length", len(lits), "last:", b.last)
+		}
+		bh.setType(blockTypeRaw)
+		b.output = bh.appendTo(b.output)
+		b.output = append(b.output, lits...)
+		return nil
+	case huff0.ErrUseRLE:
+		if debug {
+			println("Adding RLE block, length", len(lits))
+		}
+		bh.setType(blockTypeRLE)
+		b.output = bh.appendTo(b.output)
+		b.output = append(b.output, lits[0])
+		return nil
+	default:
+		return err
+	case nil:
+	}
+	// Compressed...
+	// Now, allow reuse
+	b.litEnc.Reuse = huff0.ReusePolicyAllow
+	bh.setType(blockTypeCompressed)
+	var lh literalsHeader
+	if reUsed {
+		if debug {
+			println("Reused tree, compressed to", len(out))
+		}
+		lh.setType(literalsBlockTreeless)
+	} else {
+		if debug {
+			println("New tree, compressed to", len(out), "tree size:", len(b.litEnc.OutTable))
+		}
+		lh.setType(literalsBlockCompressed)
+	}
+	// Set sizes
+	lh.setSizes(len(out), len(lits), single)
+	bh.setSize(uint32(len(out) + lh.size() + 1))
+
+	// Write block headers.
+	b.output = bh.appendTo(b.output)
+	b.output = lh.appendTo(b.output)
+	// Add compressed data.
+	b.output = append(b.output, out...)
+	// No sequences.
+	b.output = append(b.output, 0)
+	return nil
+}
+
+// fuzzFseEncoder can be used to fuzz the FSE encoder.
+func fuzzFseEncoder(data []byte) int {
+	if len(data) > maxSequences || len(data) < 2 {
+		return 0
+	}
+	enc := fseEncoder{}
+	hist := enc.Histogram()[:256]
+	maxSym := uint8(0)
+	for i, v := range data {
+		v = v & 63
+		data[i] = v
+		hist[v]++
+		if v > maxSym {
+			maxSym = v
+		}
+	}
+	if maxSym == 0 {
+		// All 0
+		return 0
+	}
+	maxCount := func(a []uint32) int {
+		var max uint32
+		for _, v := range a {
+			if v > max {
+				max = v
+			}
+		}
+		return int(max)
+	}
+	cnt := maxCount(hist[:maxSym])
+	if cnt == len(data) {
+		// RLE
+		return 0
+	}
+	enc.HistogramFinished(maxSym, cnt)
+	err := enc.normalizeCount(len(data))
+	if err != nil {
+		return 0
+	}
+	_, err = enc.writeCount(nil)
+	if err != nil {
+		panic(err)
+	}
+	return 1
+}
+
+// encode will encode the block and append the output in b.output.
+// Previous offset codes must be pushed if more blocks are expected.
+func (b *blockEnc) encode(org []byte, raw, rawAllLits bool) error {
+	if len(b.sequences) == 0 {
+		return b.encodeLits(b.literals, rawAllLits)
+	}
+	// We want some difference to at least account for the headers.
+	saved := b.size - len(b.literals) - (b.size >> 5)
+	if saved < 16 {
+		if org == nil {
+			return errIncompressible
+		}
+		b.popOffsets()
+		return b.encodeLits(org, rawAllLits)
+	}
+
+	var bh blockHeader
+	var lh literalsHeader
+	bh.setLast(b.last)
+	bh.setType(blockTypeCompressed)
+	// Store offset of the block header. Needed when we know the size.
+	bhOffset := len(b.output)
+	b.output = bh.appendTo(b.output)
+
+	var (
+		out            []byte
+		reUsed, single bool
+		err            error
+	)
+	if b.dictLitEnc != nil {
+		b.litEnc.TransferCTable(b.dictLitEnc)
+		b.litEnc.Reuse = huff0.ReusePolicyAllow
+		b.dictLitEnc = nil
+	}
+	if len(b.literals) >= 1024 && !raw {
+		// Use 4 Streams.
+		out, reUsed, err = huff0.Compress4X(b.literals, b.litEnc)
+	} else if len(b.literals) > 32 && !raw {
+		// Use 1 stream
+		single = true
+		out, reUsed, err = huff0.Compress1X(b.literals, b.litEnc)
+	} else {
+		err = huff0.ErrIncompressible
+	}
+
+	switch err {
+	case huff0.ErrIncompressible:
+		lh.setType(literalsBlockRaw)
+		lh.setSize(len(b.literals))
+		b.output = lh.appendTo(b.output)
+		b.output = append(b.output, b.literals...)
+		if debug {
+			println("Adding literals RAW, length", len(b.literals))
+		}
+	case huff0.ErrUseRLE:
+		lh.setType(literalsBlockRLE)
+		lh.setSize(len(b.literals))
+		b.output = lh.appendTo(b.output)
+		b.output = append(b.output, b.literals[0])
+		if debug {
+			println("Adding literals RLE")
+		}
+	default:
+		if debug {
+			println("Adding literals ERROR:", err)
+		}
+		return err
+	case nil:
+		// Compressed litLen...
+		if reUsed {
+			if debug {
+				println("reused tree")
+			}
+			lh.setType(literalsBlockTreeless)
+		} else {
+			if debug {
+				println("new tree, size:", len(b.litEnc.OutTable))
+			}
+			lh.setType(literalsBlockCompressed)
+			if debug {
+				_, _, err := huff0.ReadTable(out, nil)
+				if err != nil {
+					panic(err)
+				}
+			}
+		}
+		lh.setSizes(len(out), len(b.literals), single)
+		if debug {
+			printf("Compressed %d literals to %d bytes", len(b.literals), len(out))
+			println("Adding literal header:", lh)
+		}
+		b.output = lh.appendTo(b.output)
+		b.output = append(b.output, out...)
+		b.litEnc.Reuse = huff0.ReusePolicyAllow
+		if debug {
+			println("Adding literals compressed")
+		}
+	}
+	// Sequence compression
+
+	// Write the number of sequences
+	switch {
+	case len(b.sequences) < 128:
+		b.output = append(b.output, uint8(len(b.sequences)))
+	case len(b.sequences) < 0x7f00: // TODO: this could be wrong
+		n := len(b.sequences)
+		b.output = append(b.output, 128+uint8(n>>8), uint8(n))
+	default:
+		n := len(b.sequences) - 0x7f00
+		b.output = append(b.output, 255, uint8(n), uint8(n>>8))
+	}
+	if debug {
+		println("Encoding", len(b.sequences), "sequences")
+	}
+	b.genCodes()
+	llEnc := b.coders.llEnc
+	ofEnc := b.coders.ofEnc
+	mlEnc := b.coders.mlEnc
+	err = llEnc.normalizeCount(len(b.sequences))
+	if err != nil {
+		return err
+	}
+	err = ofEnc.normalizeCount(len(b.sequences))
+	if err != nil {
+		return err
+	}
+	err = mlEnc.normalizeCount(len(b.sequences))
+	if err != nil {
+		return err
+	}
+
+	// Choose the best compression mode for each type.
+	// Will evaluate the new vs predefined and previous.
+	chooseComp := func(cur, prev, preDef *fseEncoder) (*fseEncoder, seqCompMode) {
+		// See if predefined/previous is better
+		hist := cur.count[:cur.symbolLen]
+		nSize := cur.approxSize(hist) + cur.maxHeaderSize()
+		predefSize := preDef.approxSize(hist)
+		prevSize := prev.approxSize(hist)
+
+		// Add a small penalty for new encoders.
+		// Don't bother with extremely small (<2 byte gains).
+		nSize = nSize + (nSize+2*8*16)>>4
+		switch {
+		case predefSize <= prevSize && predefSize <= nSize || forcePreDef:
+			if debug {
+				println("Using predefined", predefSize>>3, "<=", nSize>>3)
+			}
+			return preDef, compModePredefined
+		case prevSize <= nSize:
+			if debug {
+				println("Using previous", prevSize>>3, "<=", nSize>>3)
+			}
+			return prev, compModeRepeat
+		default:
+			if debug {
+				println("Using new, predef", predefSize>>3, ". previous:", prevSize>>3, ">", nSize>>3, "header max:", cur.maxHeaderSize()>>3, "bytes")
+				println("tl:", cur.actualTableLog, "symbolLen:", cur.symbolLen, "norm:", cur.norm[:cur.symbolLen], "hist", cur.count[:cur.symbolLen])
+			}
+			return cur, compModeFSE
+		}
+	}
+
+	// Write compression mode
+	var mode uint8
+	if llEnc.useRLE {
+		mode |= uint8(compModeRLE) << 6
+		llEnc.setRLE(b.sequences[0].llCode)
+		if debug {
+			println("llEnc.useRLE")
+		}
+	} else {
+		var m seqCompMode
+		llEnc, m = chooseComp(llEnc, b.coders.llPrev, &fsePredefEnc[tableLiteralLengths])
+		mode |= uint8(m) << 6
+	}
+	if ofEnc.useRLE {
+		mode |= uint8(compModeRLE) << 4
+		ofEnc.setRLE(b.sequences[0].ofCode)
+		if debug {
+			println("ofEnc.useRLE")
+		}
+	} else {
+		var m seqCompMode
+		ofEnc, m = chooseComp(ofEnc, b.coders.ofPrev, &fsePredefEnc[tableOffsets])
+		mode |= uint8(m) << 4
+	}
+
+	if mlEnc.useRLE {
+		mode |= uint8(compModeRLE) << 2
+		mlEnc.setRLE(b.sequences[0].mlCode)
+		if debug {
+			println("mlEnc.useRLE, code: ", b.sequences[0].mlCode, "value", b.sequences[0].matchLen)
+		}
+	} else {
+		var m seqCompMode
+		mlEnc, m = chooseComp(mlEnc, b.coders.mlPrev, &fsePredefEnc[tableMatchLengths])
+		mode |= uint8(m) << 2
+	}
+	b.output = append(b.output, mode)
+	if debug {
+		printf("Compression modes: 0b%b", mode)
+	}
+	b.output, err = llEnc.writeCount(b.output)
+	if err != nil {
+		return err
+	}
+	start := len(b.output)
+	b.output, err = ofEnc.writeCount(b.output)
+	if err != nil {
+		return err
+	}
+	if false {
+		println("block:", b.output[start:], "tablelog", ofEnc.actualTableLog, "maxcount:", ofEnc.maxCount)
+		fmt.Printf("selected TableLog: %d, Symbol length: %d\n", ofEnc.actualTableLog, ofEnc.symbolLen)
+		for i, v := range ofEnc.norm[:ofEnc.symbolLen] {
+			fmt.Printf("%3d: %5d -> %4d \n", i, ofEnc.count[i], v)
+		}
+	}
+	b.output, err = mlEnc.writeCount(b.output)
+	if err != nil {
+		return err
+	}
+
+	// Maybe in block?
+	wr := &b.wr
+	wr.reset(b.output)
+
+	var ll, of, ml cState
+
+	// Current sequence
+	seq := len(b.sequences) - 1
+	s := b.sequences[seq]
+	llEnc.setBits(llBitsTable[:])
+	mlEnc.setBits(mlBitsTable[:])
+	ofEnc.setBits(nil)
+
+	llTT, ofTT, mlTT := llEnc.ct.symbolTT[:256], ofEnc.ct.symbolTT[:256], mlEnc.ct.symbolTT[:256]
+
+	// We have 3 bounds checks here (and in the loop).
+	// Since we are iterating backwards it is kinda hard to avoid.
+	llB, ofB, mlB := llTT[s.llCode], ofTT[s.ofCode], mlTT[s.mlCode]
+	ll.init(wr, &llEnc.ct, llB)
+	of.init(wr, &ofEnc.ct, ofB)
+	wr.flush32()
+	ml.init(wr, &mlEnc.ct, mlB)
+
+	// Each of these lookups also generates a bounds check.
+	wr.addBits32NC(s.litLen, llB.outBits)
+	wr.addBits32NC(s.matchLen, mlB.outBits)
+	wr.flush32()
+	wr.addBits32NC(s.offset, ofB.outBits)
+	if debugSequences {
+		println("Encoded seq", seq, s, "codes:", s.llCode, s.mlCode, s.ofCode, "states:", ll.state, ml.state, of.state, "bits:", llB, mlB, ofB)
+	}
+	seq--
+	if llEnc.maxBits+mlEnc.maxBits+ofEnc.maxBits <= 32 {
+		// No need to flush (common)
+		for seq >= 0 {
+			s = b.sequences[seq]
+			wr.flush32()
+			llB, ofB, mlB := llTT[s.llCode], ofTT[s.ofCode], mlTT[s.mlCode]
+			// tabelog max is 8 for all.
+			of.encode(ofB)
+			ml.encode(mlB)
+			ll.encode(llB)
+			wr.flush32()
+
+			// We checked that all can stay within 32 bits
+			wr.addBits32NC(s.litLen, llB.outBits)
+			wr.addBits32NC(s.matchLen, mlB.outBits)
+			wr.addBits32NC(s.offset, ofB.outBits)
+
+			if debugSequences {
+				println("Encoded seq", seq, s)
+			}
+
+			seq--
+		}
+	} else {
+		for seq >= 0 {
+			s = b.sequences[seq]
+			wr.flush32()
+			llB, ofB, mlB := llTT[s.llCode], ofTT[s.ofCode], mlTT[s.mlCode]
+			// tabelog max is below 8 for each.
+			of.encode(ofB)
+			ml.encode(mlB)
+			ll.encode(llB)
+			wr.flush32()
+
+			// ml+ll = max 32 bits total
+			wr.addBits32NC(s.litLen, llB.outBits)
+			wr.addBits32NC(s.matchLen, mlB.outBits)
+			wr.flush32()
+			wr.addBits32NC(s.offset, ofB.outBits)
+
+			if debugSequences {
+				println("Encoded seq", seq, s)
+			}
+
+			seq--
+		}
+	}
+	ml.flush(mlEnc.actualTableLog)
+	of.flush(ofEnc.actualTableLog)
+	ll.flush(llEnc.actualTableLog)
+	err = wr.close()
+	if err != nil {
+		return err
+	}
+	b.output = wr.out
+
+	if len(b.output)-3-bhOffset >= b.size {
+		// Maybe even add a bigger margin.
+		b.litEnc.Reuse = huff0.ReusePolicyNone
+		return errIncompressible
+	}
+
+	// Size is output minus block header.
+	bh.setSize(uint32(len(b.output)-bhOffset) - 3)
+	if debug {
+		println("Rewriting block header", bh)
+	}
+	_ = bh.appendTo(b.output[bhOffset:bhOffset])
+	b.coders.setPrev(llEnc, mlEnc, ofEnc)
+	return nil
+}
+
+var errIncompressible = errors.New("incompressible")
+
+func (b *blockEnc) genCodes() {
+	if len(b.sequences) == 0 {
+		// nothing to do
+		return
+	}
+
+	if len(b.sequences) > math.MaxUint16 {
+		panic("can only encode up to 64K sequences")
+	}
+	// No bounds checks after here:
+	llH := b.coders.llEnc.Histogram()[:256]
+	ofH := b.coders.ofEnc.Histogram()[:256]
+	mlH := b.coders.mlEnc.Histogram()[:256]
+	for i := range llH {
+		llH[i] = 0
+	}
+	for i := range ofH {
+		ofH[i] = 0
+	}
+	for i := range mlH {
+		mlH[i] = 0
+	}
+
+	var llMax, ofMax, mlMax uint8
+	for i, seq := range b.sequences {
+		v := llCode(seq.litLen)
+		seq.llCode = v
+		llH[v]++
+		if v > llMax {
+			llMax = v
+		}
+
+		v = ofCode(seq.offset)
+		seq.ofCode = v
+		ofH[v]++
+		if v > ofMax {
+			ofMax = v
+		}
+
+		v = mlCode(seq.matchLen)
+		seq.mlCode = v
+		mlH[v]++
+		if v > mlMax {
+			mlMax = v
+			if debugAsserts && mlMax > maxMatchLengthSymbol {
+				panic(fmt.Errorf("mlMax > maxMatchLengthSymbol (%d), matchlen: %d", mlMax, seq.matchLen))
+			}
+		}
+		b.sequences[i] = seq
+	}
+	maxCount := func(a []uint32) int {
+		var max uint32
+		for _, v := range a {
+			if v > max {
+				max = v
+			}
+		}
+		return int(max)
+	}
+	if debugAsserts && mlMax > maxMatchLengthSymbol {
+		panic(fmt.Errorf("mlMax > maxMatchLengthSymbol (%d)", mlMax))
+	}
+	if debugAsserts && ofMax > maxOffsetBits {
+		panic(fmt.Errorf("ofMax > maxOffsetBits (%d)", ofMax))
+	}
+	if debugAsserts && llMax > maxLiteralLengthSymbol {
+		panic(fmt.Errorf("llMax > maxLiteralLengthSymbol (%d)", llMax))
+	}
+
+	b.coders.mlEnc.HistogramFinished(mlMax, maxCount(mlH[:mlMax+1]))
+	b.coders.ofEnc.HistogramFinished(ofMax, maxCount(ofH[:ofMax+1]))
+	b.coders.llEnc.HistogramFinished(llMax, maxCount(llH[:llMax+1]))
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/blocktype_string.go b/vendor/github.com/klauspost/compress/zstd/blocktype_string.go
new file mode 100644
index 0000000000000..01a01e486e188
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/blocktype_string.go
@@ -0,0 +1,85 @@
+// Code generated by "stringer -type=blockType,literalsBlockType,seqCompMode,tableIndex"; DO NOT EDIT.
+
+package zstd
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[blockTypeRaw-0]
+	_ = x[blockTypeRLE-1]
+	_ = x[blockTypeCompressed-2]
+	_ = x[blockTypeReserved-3]
+}
+
+const _blockType_name = "blockTypeRawblockTypeRLEblockTypeCompressedblockTypeReserved"
+
+var _blockType_index = [...]uint8{0, 12, 24, 43, 60}
+
+func (i blockType) String() string {
+	if i >= blockType(len(_blockType_index)-1) {
+		return "blockType(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _blockType_name[_blockType_index[i]:_blockType_index[i+1]]
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[literalsBlockRaw-0]
+	_ = x[literalsBlockRLE-1]
+	_ = x[literalsBlockCompressed-2]
+	_ = x[literalsBlockTreeless-3]
+}
+
+const _literalsBlockType_name = "literalsBlockRawliteralsBlockRLEliteralsBlockCompressedliteralsBlockTreeless"
+
+var _literalsBlockType_index = [...]uint8{0, 16, 32, 55, 76}
+
+func (i literalsBlockType) String() string {
+	if i >= literalsBlockType(len(_literalsBlockType_index)-1) {
+		return "literalsBlockType(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _literalsBlockType_name[_literalsBlockType_index[i]:_literalsBlockType_index[i+1]]
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[compModePredefined-0]
+	_ = x[compModeRLE-1]
+	_ = x[compModeFSE-2]
+	_ = x[compModeRepeat-3]
+}
+
+const _seqCompMode_name = "compModePredefinedcompModeRLEcompModeFSEcompModeRepeat"
+
+var _seqCompMode_index = [...]uint8{0, 18, 29, 40, 54}
+
+func (i seqCompMode) String() string {
+	if i >= seqCompMode(len(_seqCompMode_index)-1) {
+		return "seqCompMode(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _seqCompMode_name[_seqCompMode_index[i]:_seqCompMode_index[i+1]]
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[tableLiteralLengths-0]
+	_ = x[tableOffsets-1]
+	_ = x[tableMatchLengths-2]
+}
+
+const _tableIndex_name = "tableLiteralLengthstableOffsetstableMatchLengths"
+
+var _tableIndex_index = [...]uint8{0, 19, 31, 48}
+
+func (i tableIndex) String() string {
+	if i >= tableIndex(len(_tableIndex_index)-1) {
+		return "tableIndex(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _tableIndex_name[_tableIndex_index[i]:_tableIndex_index[i+1]]
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/bytebuf.go b/vendor/github.com/klauspost/compress/zstd/bytebuf.go
new file mode 100644
index 0000000000000..658ef78380e1d
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/bytebuf.go
@@ -0,0 +1,127 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+)
+
+type byteBuffer interface {
+	// Read up to 8 bytes.
+	// Returns nil if no more input is available.
+	readSmall(n int) []byte
+
+	// Read >8 bytes.
+	// MAY use the destination slice.
+	readBig(n int, dst []byte) ([]byte, error)
+
+	// Read a single byte.
+	readByte() (byte, error)
+
+	// Skip n bytes.
+	skipN(n int) error
+}
+
+// in-memory buffer
+type byteBuf []byte
+
+func (b *byteBuf) readSmall(n int) []byte {
+	if debugAsserts && n > 8 {
+		panic(fmt.Errorf("small read > 8 (%d). use readBig", n))
+	}
+	bb := *b
+	if len(bb) < n {
+		return nil
+	}
+	r := bb[:n]
+	*b = bb[n:]
+	return r
+}
+
+func (b *byteBuf) readBig(n int, dst []byte) ([]byte, error) {
+	bb := *b
+	if len(bb) < n {
+		return nil, io.ErrUnexpectedEOF
+	}
+	r := bb[:n]
+	*b = bb[n:]
+	return r, nil
+}
+
+func (b *byteBuf) remain() []byte {
+	return *b
+}
+
+func (b *byteBuf) readByte() (byte, error) {
+	bb := *b
+	if len(bb) < 1 {
+		return 0, nil
+	}
+	r := bb[0]
+	*b = bb[1:]
+	return r, nil
+}
+
+func (b *byteBuf) skipN(n int) error {
+	bb := *b
+	if len(bb) < n {
+		return io.ErrUnexpectedEOF
+	}
+	*b = bb[n:]
+	return nil
+}
+
+// wrapper around a reader.
+type readerWrapper struct {
+	r   io.Reader
+	tmp [8]byte
+}
+
+func (r *readerWrapper) readSmall(n int) []byte {
+	if debugAsserts && n > 8 {
+		panic(fmt.Errorf("small read > 8 (%d). use readBig", n))
+	}
+	n2, err := io.ReadFull(r.r, r.tmp[:n])
+	// We only really care about the actual bytes read.
+	if n2 != n {
+		if debug {
+			println("readSmall: got", n2, "want", n, "err", err)
+		}
+		return nil
+	}
+	return r.tmp[:n]
+}
+
+func (r *readerWrapper) readBig(n int, dst []byte) ([]byte, error) {
+	if cap(dst) < n {
+		dst = make([]byte, n)
+	}
+	n2, err := io.ReadFull(r.r, dst[:n])
+	if err == io.EOF && n > 0 {
+		err = io.ErrUnexpectedEOF
+	}
+	return dst[:n2], err
+}
+
+func (r *readerWrapper) readByte() (byte, error) {
+	n2, err := r.r.Read(r.tmp[:1])
+	if err != nil {
+		return 0, err
+	}
+	if n2 != 1 {
+		return 0, io.ErrUnexpectedEOF
+	}
+	return r.tmp[0], nil
+}
+
+func (r *readerWrapper) skipN(n int) error {
+	n2, err := io.CopyN(ioutil.Discard, r.r, int64(n))
+	if n2 != int64(n) {
+		err = io.ErrUnexpectedEOF
+	}
+	return err
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/bytereader.go b/vendor/github.com/klauspost/compress/zstd/bytereader.go
new file mode 100644
index 0000000000000..2c4fca17fa1d7
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/bytereader.go
@@ -0,0 +1,88 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+// byteReader provides a byte reader that reads
+// little endian values from a byte stream.
+// The input stream is manually advanced.
+// The reader performs no bounds checks.
+type byteReader struct {
+	b   []byte
+	off int
+}
+
+// init will initialize the reader and set the input.
+func (b *byteReader) init(in []byte) {
+	b.b = in
+	b.off = 0
+}
+
+// advance the stream b n bytes.
+func (b *byteReader) advance(n uint) {
+	b.off += int(n)
+}
+
+// overread returns whether we have advanced too far.
+func (b *byteReader) overread() bool {
+	return b.off > len(b.b)
+}
+
+// Int32 returns a little endian int32 starting at current offset.
+func (b byteReader) Int32() int32 {
+	b2 := b.b[b.off:]
+	b2 = b2[:4]
+	v3 := int32(b2[3])
+	v2 := int32(b2[2])
+	v1 := int32(b2[1])
+	v0 := int32(b2[0])
+	return v0 | (v1 << 8) | (v2 << 16) | (v3 << 24)
+}
+
+// Uint8 returns the next byte
+func (b *byteReader) Uint8() uint8 {
+	v := b.b[b.off]
+	return v
+}
+
+// Uint32 returns a little endian uint32 starting at current offset.
+func (b byteReader) Uint32() uint32 {
+	if r := b.remain(); r < 4 {
+		// Very rare
+		v := uint32(0)
+		for i := 1; i <= r; i++ {
+			v = (v << 8) | uint32(b.b[len(b.b)-i])
+		}
+		return v
+	}
+	b2 := b.b[b.off:]
+	b2 = b2[:4]
+	v3 := uint32(b2[3])
+	v2 := uint32(b2[2])
+	v1 := uint32(b2[1])
+	v0 := uint32(b2[0])
+	return v0 | (v1 << 8) | (v2 << 16) | (v3 << 24)
+}
+
+// Uint32NC returns a little endian uint32 starting at current offset.
+// The caller must be sure if there are at least 4 bytes left.
+func (b byteReader) Uint32NC() uint32 {
+	b2 := b.b[b.off:]
+	b2 = b2[:4]
+	v3 := uint32(b2[3])
+	v2 := uint32(b2[2])
+	v1 := uint32(b2[1])
+	v0 := uint32(b2[0])
+	return v0 | (v1 << 8) | (v2 << 16) | (v3 << 24)
+}
+
+// unread returns the unread portion of the input.
+func (b byteReader) unread() []byte {
+	return b.b[b.off:]
+}
+
+// remain will return the number of bytes remaining.
+func (b byteReader) remain() int {
+	return len(b.b) - b.off
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/decodeheader.go b/vendor/github.com/klauspost/compress/zstd/decodeheader.go
new file mode 100644
index 0000000000000..87896c5eaa789
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/decodeheader.go
@@ -0,0 +1,202 @@
+// Copyright 2020+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+
+package zstd
+
+import (
+	"bytes"
+	"errors"
+	"io"
+)
+
+// HeaderMaxSize is the maximum size of a Frame and Block Header.
+// If less is sent to Header.Decode it *may* still contain enough information.
+const HeaderMaxSize = 14 + 3
+
+// Header contains information about the first frame and block within that.
+type Header struct {
+	// Window Size the window of data to keep while decoding.
+	// Will only be set if HasFCS is false.
+	WindowSize uint64
+
+	// Frame content size.
+	// Expected size of the entire frame.
+	FrameContentSize uint64
+
+	// Dictionary ID.
+	// If 0, no dictionary.
+	DictionaryID uint32
+
+	// First block information.
+	FirstBlock struct {
+		// OK will be set if first block could be decoded.
+		OK bool
+
+		// Is this the last block of a frame?
+		Last bool
+
+		// Is the data compressed?
+		// If true CompressedSize will be populated.
+		// Unfortunately DecompressedSize cannot be determined
+		// without decoding the blocks.
+		Compressed bool
+
+		// DecompressedSize is the expected decompressed size of the block.
+		// Will be 0 if it cannot be determined.
+		DecompressedSize int
+
+		// CompressedSize of the data in the block.
+		// Does not include the block header.
+		// Will be equal to DecompressedSize if not Compressed.
+		CompressedSize int
+	}
+
+	// Skippable will be true if the frame is meant to be skipped.
+	// No other information will be populated.
+	Skippable bool
+
+	// If set there is a checksum present for the block content.
+	HasCheckSum bool
+
+	// If this is true FrameContentSize will have a valid value
+	HasFCS bool
+
+	SingleSegment bool
+}
+
+// Decode the header from the beginning of the stream.
+// This will decode the frame header and the first block header if enough bytes are provided.
+// It is recommended to provide at least HeaderMaxSize bytes.
+// If the frame header cannot be read an error will be returned.
+// If there isn't enough input, io.ErrUnexpectedEOF is returned.
+// The FirstBlock.OK will indicate if enough information was available to decode the first block header.
+func (h *Header) Decode(in []byte) error {
+	if len(in) < 4 {
+		return io.ErrUnexpectedEOF
+	}
+	b, in := in[:4], in[4:]
+	if !bytes.Equal(b, frameMagic) {
+		if !bytes.Equal(b[1:4], skippableFrameMagic) || b[0]&0xf0 != 0x50 {
+			return ErrMagicMismatch
+		}
+		*h = Header{Skippable: true}
+		return nil
+	}
+	if len(in) < 1 {
+		return io.ErrUnexpectedEOF
+	}
+
+	// Clear output
+	*h = Header{}
+	fhd, in := in[0], in[1:]
+	h.SingleSegment = fhd&(1<<5) != 0
+	h.HasCheckSum = fhd&(1<<2) != 0
+
+	if fhd&(1<<3) != 0 {
+		return errors.New("Reserved bit set on frame header")
+	}
+
+	// Read Window_Descriptor
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#window_descriptor
+	if !h.SingleSegment {
+		if len(in) < 1 {
+			return io.ErrUnexpectedEOF
+		}
+		var wd byte
+		wd, in = in[0], in[1:]
+		windowLog := 10 + (wd >> 3)
+		windowBase := uint64(1) << windowLog
+		windowAdd := (windowBase / 8) * uint64(wd&0x7)
+		h.WindowSize = windowBase + windowAdd
+	}
+
+	// Read Dictionary_ID
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#dictionary_id
+	if size := fhd & 3; size != 0 {
+		if size == 3 {
+			size = 4
+		}
+		if len(in) < int(size) {
+			return io.ErrUnexpectedEOF
+		}
+		b, in = in[:size], in[size:]
+		if b == nil {
+			return io.ErrUnexpectedEOF
+		}
+		switch size {
+		case 1:
+			h.DictionaryID = uint32(b[0])
+		case 2:
+			h.DictionaryID = uint32(b[0]) | (uint32(b[1]) << 8)
+		case 4:
+			h.DictionaryID = uint32(b[0]) | (uint32(b[1]) << 8) | (uint32(b[2]) << 16) | (uint32(b[3]) << 24)
+		}
+	}
+
+	// Read Frame_Content_Size
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#frame_content_size
+	var fcsSize int
+	v := fhd >> 6
+	switch v {
+	case 0:
+		if h.SingleSegment {
+			fcsSize = 1
+		}
+	default:
+		fcsSize = 1 << v
+	}
+
+	if fcsSize > 0 {
+		h.HasFCS = true
+		if len(in) < fcsSize {
+			return io.ErrUnexpectedEOF
+		}
+		b, in = in[:fcsSize], in[fcsSize:]
+		if b == nil {
+			return io.ErrUnexpectedEOF
+		}
+		switch fcsSize {
+		case 1:
+			h.FrameContentSize = uint64(b[0])
+		case 2:
+			// When FCS_Field_Size is 2, the offset of 256 is added.
+			h.FrameContentSize = uint64(b[0]) | (uint64(b[1]) << 8) + 256
+		case 4:
+			h.FrameContentSize = uint64(b[0]) | (uint64(b[1]) << 8) | (uint64(b[2]) << 16) | (uint64(b[3]) << 24)
+		case 8:
+			d1 := uint32(b[0]) | (uint32(b[1]) << 8) | (uint32(b[2]) << 16) | (uint32(b[3]) << 24)
+			d2 := uint32(b[4]) | (uint32(b[5]) << 8) | (uint32(b[6]) << 16) | (uint32(b[7]) << 24)
+			h.FrameContentSize = uint64(d1) | (uint64(d2) << 32)
+		}
+	}
+
+	// Frame Header done, we will not fail from now on.
+	if len(in) < 3 {
+		return nil
+	}
+	tmp, in := in[:3], in[3:]
+	bh := uint32(tmp[0]) | (uint32(tmp[1]) << 8) | (uint32(tmp[2]) << 16)
+	h.FirstBlock.Last = bh&1 != 0
+	blockType := blockType((bh >> 1) & 3)
+	// find size.
+	cSize := int(bh >> 3)
+	switch blockType {
+	case blockTypeReserved:
+		return nil
+	case blockTypeRLE:
+		h.FirstBlock.Compressed = true
+		h.FirstBlock.DecompressedSize = cSize
+		h.FirstBlock.CompressedSize = 1
+	case blockTypeCompressed:
+		h.FirstBlock.Compressed = true
+		h.FirstBlock.CompressedSize = cSize
+	case blockTypeRaw:
+		h.FirstBlock.DecompressedSize = cSize
+		h.FirstBlock.CompressedSize = cSize
+	default:
+		panic("Invalid block type")
+	}
+
+	h.FirstBlock.OK = true
+	return nil
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/decoder.go b/vendor/github.com/klauspost/compress/zstd/decoder.go
new file mode 100644
index 0000000000000..1d41c25d2926e
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/decoder.go
@@ -0,0 +1,561 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"errors"
+	"io"
+	"sync"
+)
+
+// Decoder provides decoding of zstandard streams.
+// The decoder has been designed to operate without allocations after a warmup.
+// This means that you should store the decoder for best performance.
+// To re-use a stream decoder, use the Reset(r io.Reader) error to switch to another stream.
+// A decoder can safely be re-used even if the previous stream failed.
+// To release the resources, you must call the Close() function on a decoder.
+type Decoder struct {
+	o decoderOptions
+
+	// Unreferenced decoders, ready for use.
+	decoders chan *blockDec
+
+	// Streams ready to be decoded.
+	stream chan decodeStream
+
+	// Current read position used for Reader functionality.
+	current decoderState
+
+	// Custom dictionaries.
+	// Always uses copies.
+	dicts map[uint32]dict
+
+	// streamWg is the waitgroup for all streams
+	streamWg sync.WaitGroup
+}
+
+// decoderState is used for maintaining state when the decoder
+// is used for streaming.
+type decoderState struct {
+	// current block being written to stream.
+	decodeOutput
+
+	// output in order to be written to stream.
+	output chan decodeOutput
+
+	// cancel remaining output.
+	cancel chan struct{}
+
+	flushed bool
+}
+
+var (
+	// Check the interfaces we want to support.
+	_ = io.WriterTo(&Decoder{})
+	_ = io.Reader(&Decoder{})
+)
+
+// NewReader creates a new decoder.
+// A nil Reader can be provided in which case Reset can be used to start a decode.
+//
+// A Decoder can be used in two modes:
+//
+// 1) As a stream, or
+// 2) For stateless decoding using DecodeAll.
+//
+// Only a single stream can be decoded concurrently, but the same decoder
+// can run multiple concurrent stateless decodes. It is even possible to
+// use stateless decodes while a stream is being decoded.
+//
+// The Reset function can be used to initiate a new stream, which is will considerably
+// reduce the allocations normally caused by NewReader.
+func NewReader(r io.Reader, opts ...DOption) (*Decoder, error) {
+	initPredefined()
+	var d Decoder
+	d.o.setDefault()
+	for _, o := range opts {
+		err := o(&d.o)
+		if err != nil {
+			return nil, err
+		}
+	}
+	d.current.output = make(chan decodeOutput, d.o.concurrent)
+	d.current.flushed = true
+
+	if r == nil {
+		d.current.err = ErrDecoderNilInput
+	}
+
+	// Transfer option dicts.
+	d.dicts = make(map[uint32]dict, len(d.o.dicts))
+	for _, dc := range d.o.dicts {
+		d.dicts[dc.id] = dc
+	}
+	d.o.dicts = nil
+
+	// Create decoders
+	d.decoders = make(chan *blockDec, d.o.concurrent)
+	for i := 0; i < d.o.concurrent; i++ {
+		dec := newBlockDec(d.o.lowMem)
+		dec.localFrame = newFrameDec(d.o)
+		d.decoders <- dec
+	}
+
+	if r == nil {
+		return &d, nil
+	}
+	return &d, d.Reset(r)
+}
+
+// Read bytes from the decompressed stream into p.
+// Returns the number of bytes written and any error that occurred.
+// When the stream is done, io.EOF will be returned.
+func (d *Decoder) Read(p []byte) (int, error) {
+	if d.stream == nil {
+		return 0, ErrDecoderNilInput
+	}
+	var n int
+	for {
+		if len(d.current.b) > 0 {
+			filled := copy(p, d.current.b)
+			p = p[filled:]
+			d.current.b = d.current.b[filled:]
+			n += filled
+		}
+		if len(p) == 0 {
+			break
+		}
+		if len(d.current.b) == 0 {
+			// We have an error and no more data
+			if d.current.err != nil {
+				break
+			}
+			if !d.nextBlock(n == 0) {
+				return n, nil
+			}
+		}
+	}
+	if len(d.current.b) > 0 {
+		if debug {
+			println("returning", n, "still bytes left:", len(d.current.b))
+		}
+		// Only return error at end of block
+		return n, nil
+	}
+	if d.current.err != nil {
+		d.drainOutput()
+	}
+	if debug {
+		println("returning", n, d.current.err, len(d.decoders))
+	}
+	return n, d.current.err
+}
+
+// Reset will reset the decoder the supplied stream after the current has finished processing.
+// Note that this functionality cannot be used after Close has been called.
+// Reset can be called with a nil reader to release references to the previous reader.
+// After being called with a nil reader, no other operations than Reset or DecodeAll or Close
+// should be used.
+func (d *Decoder) Reset(r io.Reader) error {
+	if d.current.err == ErrDecoderClosed {
+		return d.current.err
+	}
+
+	d.drainOutput()
+
+	if r == nil {
+		d.current.err = ErrDecoderNilInput
+		d.current.flushed = true
+		return nil
+	}
+
+	if d.stream == nil {
+		d.stream = make(chan decodeStream, 1)
+		d.streamWg.Add(1)
+		go d.startStreamDecoder(d.stream)
+	}
+
+	// If bytes buffer and < 1MB, do sync decoding anyway.
+	if bb, ok := r.(byter); ok && bb.Len() < 1<<20 {
+		var bb2 byter
+		bb2 = bb
+		if debug {
+			println("*bytes.Buffer detected, doing sync decode, len:", bb.Len())
+		}
+		b := bb2.Bytes()
+		var dst []byte
+		if cap(d.current.b) > 0 {
+			dst = d.current.b
+		}
+
+		dst, err := d.DecodeAll(b, dst[:0])
+		if err == nil {
+			err = io.EOF
+		}
+		d.current.b = dst
+		d.current.err = err
+		d.current.flushed = true
+		if debug {
+			println("sync decode to", len(dst), "bytes, err:", err)
+		}
+		return nil
+	}
+
+	// Remove current block.
+	d.current.decodeOutput = decodeOutput{}
+	d.current.err = nil
+	d.current.cancel = make(chan struct{})
+	d.current.flushed = false
+	d.current.d = nil
+
+	d.stream <- decodeStream{
+		r:      r,
+		output: d.current.output,
+		cancel: d.current.cancel,
+	}
+	return nil
+}
+
+// drainOutput will drain the output until errEndOfStream is sent.
+func (d *Decoder) drainOutput() {
+	if d.current.cancel != nil {
+		println("cancelling current")
+		close(d.current.cancel)
+		d.current.cancel = nil
+	}
+	if d.current.d != nil {
+		if debug {
+			printf("re-adding current decoder %p, decoders: %d", d.current.d, len(d.decoders))
+		}
+		d.decoders <- d.current.d
+		d.current.d = nil
+		d.current.b = nil
+	}
+	if d.current.output == nil || d.current.flushed {
+		println("current already flushed")
+		return
+	}
+	for {
+		select {
+		case v := <-d.current.output:
+			if v.d != nil {
+				if debug {
+					printf("re-adding decoder %p", v.d)
+				}
+				d.decoders <- v.d
+			}
+			if v.err == errEndOfStream {
+				println("current flushed")
+				d.current.flushed = true
+				return
+			}
+		}
+	}
+}
+
+// WriteTo writes data to w until there's no more data to write or when an error occurs.
+// The return value n is the number of bytes written.
+// Any error encountered during the write is also returned.
+func (d *Decoder) WriteTo(w io.Writer) (int64, error) {
+	if d.stream == nil {
+		return 0, ErrDecoderNilInput
+	}
+	var n int64
+	for {
+		if len(d.current.b) > 0 {
+			n2, err2 := w.Write(d.current.b)
+			n += int64(n2)
+			if err2 != nil && d.current.err == nil {
+				d.current.err = err2
+				break
+			}
+		}
+		if d.current.err != nil {
+			break
+		}
+		d.nextBlock(true)
+	}
+	err := d.current.err
+	if err != nil {
+		d.drainOutput()
+	}
+	if err == io.EOF {
+		err = nil
+	}
+	return n, err
+}
+
+// DecodeAll allows stateless decoding of a blob of bytes.
+// Output will be appended to dst, so if the destination size is known
+// you can pre-allocate the destination slice to avoid allocations.
+// DecodeAll can be used concurrently.
+// The Decoder concurrency limits will be respected.
+func (d *Decoder) DecodeAll(input, dst []byte) ([]byte, error) {
+	if d.current.err == ErrDecoderClosed {
+		return dst, ErrDecoderClosed
+	}
+
+	// Grab a block decoder and frame decoder.
+	block := <-d.decoders
+	frame := block.localFrame
+	defer func() {
+		if debug {
+			printf("re-adding decoder: %p", block)
+		}
+		frame.rawInput = nil
+		frame.bBuf = nil
+		d.decoders <- block
+	}()
+	frame.bBuf = input
+
+	for {
+		frame.history.reset()
+		err := frame.reset(&frame.bBuf)
+		if err == io.EOF {
+			if debug {
+				println("frame reset return EOF")
+			}
+			return dst, nil
+		}
+		if frame.DictionaryID != nil {
+			dict, ok := d.dicts[*frame.DictionaryID]
+			if !ok {
+				return nil, ErrUnknownDictionary
+			}
+			frame.history.setDict(&dict)
+		}
+		if err != nil {
+			return dst, err
+		}
+		if frame.FrameContentSize > d.o.maxDecodedSize-uint64(len(dst)) {
+			return dst, ErrDecoderSizeExceeded
+		}
+		if frame.FrameContentSize > 0 && frame.FrameContentSize < 1<<30 {
+			// Never preallocate moe than 1 GB up front.
+			if cap(dst)-len(dst) < int(frame.FrameContentSize) {
+				dst2 := make([]byte, len(dst), len(dst)+int(frame.FrameContentSize))
+				copy(dst2, dst)
+				dst = dst2
+			}
+		}
+		if cap(dst) == 0 {
+			// Allocate len(input) * 2 by default if nothing is provided
+			// and we didn't get frame content size.
+			size := len(input) * 2
+			// Cap to 1 MB.
+			if size > 1<<20 {
+				size = 1 << 20
+			}
+			if uint64(size) > d.o.maxDecodedSize {
+				size = int(d.o.maxDecodedSize)
+			}
+			dst = make([]byte, 0, size)
+		}
+
+		dst, err = frame.runDecoder(dst, block)
+		if err != nil {
+			return dst, err
+		}
+		if len(frame.bBuf) == 0 {
+			if debug {
+				println("frame dbuf empty")
+			}
+			break
+		}
+	}
+	return dst, nil
+}
+
+// nextBlock returns the next block.
+// If an error occurs d.err will be set.
+// Optionally the function can block for new output.
+// If non-blocking mode is used the returned boolean will be false
+// if no data was available without blocking.
+func (d *Decoder) nextBlock(blocking bool) (ok bool) {
+	if d.current.d != nil {
+		if debug {
+			printf("re-adding current decoder %p", d.current.d)
+		}
+		d.decoders <- d.current.d
+		d.current.d = nil
+	}
+	if d.current.err != nil {
+		// Keep error state.
+		return blocking
+	}
+
+	if blocking {
+		d.current.decodeOutput = <-d.current.output
+	} else {
+		select {
+		case d.current.decodeOutput = <-d.current.output:
+		default:
+			return false
+		}
+	}
+	if debug {
+		println("got", len(d.current.b), "bytes, error:", d.current.err)
+	}
+	return true
+}
+
+// Close will release all resources.
+// It is NOT possible to reuse the decoder after this.
+func (d *Decoder) Close() {
+	if d.current.err == ErrDecoderClosed {
+		return
+	}
+	d.drainOutput()
+	if d.stream != nil {
+		close(d.stream)
+		d.streamWg.Wait()
+		d.stream = nil
+	}
+	if d.decoders != nil {
+		close(d.decoders)
+		for dec := range d.decoders {
+			dec.Close()
+		}
+		d.decoders = nil
+	}
+	if d.current.d != nil {
+		d.current.d.Close()
+		d.current.d = nil
+	}
+	d.current.err = ErrDecoderClosed
+}
+
+// IOReadCloser returns the decoder as an io.ReadCloser for convenience.
+// Any changes to the decoder will be reflected, so the returned ReadCloser
+// can be reused along with the decoder.
+// io.WriterTo is also supported by the returned ReadCloser.
+func (d *Decoder) IOReadCloser() io.ReadCloser {
+	return closeWrapper{d: d}
+}
+
+// closeWrapper wraps a function call as a closer.
+type closeWrapper struct {
+	d *Decoder
+}
+
+// WriteTo forwards WriteTo calls to the decoder.
+func (c closeWrapper) WriteTo(w io.Writer) (n int64, err error) {
+	return c.d.WriteTo(w)
+}
+
+// Read forwards read calls to the decoder.
+func (c closeWrapper) Read(p []byte) (n int, err error) {
+	return c.d.Read(p)
+}
+
+// Close closes the decoder.
+func (c closeWrapper) Close() error {
+	c.d.Close()
+	return nil
+}
+
+type decodeOutput struct {
+	d   *blockDec
+	b   []byte
+	err error
+}
+
+type decodeStream struct {
+	r io.Reader
+
+	// Blocks ready to be written to output.
+	output chan decodeOutput
+
+	// cancel reading from the input
+	cancel chan struct{}
+}
+
+// errEndOfStream indicates that everything from the stream was read.
+var errEndOfStream = errors.New("end-of-stream")
+
+// Create Decoder:
+// Spawn n block decoders. These accept tasks to decode a block.
+// Create goroutine that handles stream processing, this will send history to decoders as they are available.
+// Decoders update the history as they decode.
+// When a block is returned:
+// 		a) history is sent to the next decoder,
+// 		b) content written to CRC.
+// 		c) return data to WRITER.
+// 		d) wait for next block to return data.
+// Once WRITTEN, the decoders reused by the writer frame decoder for re-use.
+func (d *Decoder) startStreamDecoder(inStream chan decodeStream) {
+	defer d.streamWg.Done()
+	frame := newFrameDec(d.o)
+	for stream := range inStream {
+		if debug {
+			println("got new stream")
+		}
+		br := readerWrapper{r: stream.r}
+	decodeStream:
+		for {
+			frame.history.reset()
+			err := frame.reset(&br)
+			if debug && err != nil {
+				println("Frame decoder returned", err)
+			}
+			if err == nil && frame.DictionaryID != nil {
+				dict, ok := d.dicts[*frame.DictionaryID]
+				if !ok {
+					err = ErrUnknownDictionary
+				} else {
+					frame.history.setDict(&dict)
+				}
+			}
+			if err != nil {
+				stream.output <- decodeOutput{
+					err: err,
+				}
+				break
+			}
+			if debug {
+				println("starting frame decoder")
+			}
+
+			// This goroutine will forward history between frames.
+			frame.frameDone.Add(1)
+			frame.initAsync()
+
+			go frame.startDecoder(stream.output)
+		decodeFrame:
+			// Go through all blocks of the frame.
+			for {
+				dec := <-d.decoders
+				select {
+				case <-stream.cancel:
+					if !frame.sendErr(dec, io.EOF) {
+						// To not let the decoder dangle, send it back.
+						stream.output <- decodeOutput{d: dec}
+					}
+					break decodeStream
+				default:
+				}
+				err := frame.next(dec)
+				switch err {
+				case io.EOF:
+					// End of current frame, no error
+					println("EOF on next block")
+					break decodeFrame
+				case nil:
+					continue
+				default:
+					println("block decoder returned", err)
+					break decodeStream
+				}
+			}
+			// All blocks have started decoding, check if there are more frames.
+			println("waiting for done")
+			frame.frameDone.Wait()
+			println("done waiting...")
+		}
+		frame.frameDone.Wait()
+		println("Sending EOS")
+		stream.output <- decodeOutput{err: errEndOfStream}
+	}
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/decoder_options.go b/vendor/github.com/klauspost/compress/zstd/decoder_options.go
new file mode 100644
index 0000000000000..284d384492b1c
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/decoder_options.go
@@ -0,0 +1,84 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"errors"
+	"fmt"
+	"runtime"
+)
+
+// DOption is an option for creating a decoder.
+type DOption func(*decoderOptions) error
+
+// options retains accumulated state of multiple options.
+type decoderOptions struct {
+	lowMem         bool
+	concurrent     int
+	maxDecodedSize uint64
+	dicts          []dict
+}
+
+func (o *decoderOptions) setDefault() {
+	*o = decoderOptions{
+		// use less ram: true for now, but may change.
+		lowMem:     true,
+		concurrent: runtime.GOMAXPROCS(0),
+	}
+	o.maxDecodedSize = 1 << 63
+}
+
+// WithDecoderLowmem will set whether to use a lower amount of memory,
+// but possibly have to allocate more while running.
+func WithDecoderLowmem(b bool) DOption {
+	return func(o *decoderOptions) error { o.lowMem = b; return nil }
+}
+
+// WithDecoderConcurrency will set the concurrency,
+// meaning the maximum number of decoders to run concurrently.
+// The value supplied must be at least 1.
+// By default this will be set to GOMAXPROCS.
+func WithDecoderConcurrency(n int) DOption {
+	return func(o *decoderOptions) error {
+		if n <= 0 {
+			return fmt.Errorf("Concurrency must be at least 1")
+		}
+		o.concurrent = n
+		return nil
+	}
+}
+
+// WithDecoderMaxMemory allows to set a maximum decoded size for in-memory
+// non-streaming operations or maximum window size for streaming operations.
+// This can be used to control memory usage of potentially hostile content.
+// For streaming operations, the maximum window size is capped at 1<<30 bytes.
+// Maximum and default is 1 << 63 bytes.
+func WithDecoderMaxMemory(n uint64) DOption {
+	return func(o *decoderOptions) error {
+		if n == 0 {
+			return errors.New("WithDecoderMaxMemory must be at least 1")
+		}
+		if n > 1<<63 {
+			return fmt.Errorf("WithDecoderMaxmemory must be less than 1 << 63")
+		}
+		o.maxDecodedSize = n
+		return nil
+	}
+}
+
+// WithDecoderDicts allows to register one or more dictionaries for the decoder.
+// If several dictionaries with the same ID is provided the last one will be used.
+func WithDecoderDicts(dicts ...[]byte) DOption {
+	return func(o *decoderOptions) error {
+		for _, b := range dicts {
+			d, err := loadDict(b)
+			if err != nil {
+				return err
+			}
+			o.dicts = append(o.dicts, *d)
+		}
+		return nil
+	}
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/dict.go b/vendor/github.com/klauspost/compress/zstd/dict.go
new file mode 100644
index 0000000000000..fa25a18d8644e
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/dict.go
@@ -0,0 +1,122 @@
+package zstd
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/klauspost/compress/huff0"
+)
+
+type dict struct {
+	id uint32
+
+	litEnc              *huff0.Scratch
+	llDec, ofDec, mlDec sequenceDec
+	//llEnc, ofEnc, mlEnc []*fseEncoder
+	offsets [3]int
+	content []byte
+}
+
+var dictMagic = [4]byte{0x37, 0xa4, 0x30, 0xec}
+
+// ID returns the dictionary id or 0 if d is nil.
+func (d *dict) ID() uint32 {
+	if d == nil {
+		return 0
+	}
+	return d.id
+}
+
+// DictContentSize returns the dictionary content size or 0 if d is nil.
+func (d *dict) DictContentSize() int {
+	if d == nil {
+		return 0
+	}
+	return len(d.content)
+}
+
+// Load a dictionary as described in
+// https://github.com/facebook/zstd/blob/master/doc/zstd_compression_format.md#dictionary-format
+func loadDict(b []byte) (*dict, error) {
+	// Check static field size.
+	if len(b) <= 8+(3*4) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	d := dict{
+		llDec: sequenceDec{fse: &fseDecoder{}},
+		ofDec: sequenceDec{fse: &fseDecoder{}},
+		mlDec: sequenceDec{fse: &fseDecoder{}},
+	}
+	if !bytes.Equal(b[:4], dictMagic[:]) {
+		return nil, ErrMagicMismatch
+	}
+	d.id = binary.LittleEndian.Uint32(b[4:8])
+	if d.id == 0 {
+		return nil, errors.New("dictionaries cannot have ID 0")
+	}
+
+	// Read literal table
+	var err error
+	d.litEnc, b, err = huff0.ReadTable(b[8:], nil)
+	if err != nil {
+		return nil, err
+	}
+	d.litEnc.Reuse = huff0.ReusePolicyMust
+
+	br := byteReader{
+		b:   b,
+		off: 0,
+	}
+	readDec := func(i tableIndex, dec *fseDecoder) error {
+		if err := dec.readNCount(&br, uint16(maxTableSymbol[i])); err != nil {
+			return err
+		}
+		if br.overread() {
+			return io.ErrUnexpectedEOF
+		}
+		err = dec.transform(symbolTableX[i])
+		if err != nil {
+			println("Transform table error:", err)
+			return err
+		}
+		if debug {
+			println("Read table ok", "symbolLen:", dec.symbolLen)
+		}
+		// Set decoders as predefined so they aren't reused.
+		dec.preDefined = true
+		return nil
+	}
+
+	if err := readDec(tableOffsets, d.ofDec.fse); err != nil {
+		return nil, err
+	}
+	if err := readDec(tableMatchLengths, d.mlDec.fse); err != nil {
+		return nil, err
+	}
+	if err := readDec(tableLiteralLengths, d.llDec.fse); err != nil {
+		return nil, err
+	}
+	if br.remain() < 12 {
+		return nil, io.ErrUnexpectedEOF
+	}
+
+	d.offsets[0] = int(br.Uint32())
+	br.advance(4)
+	d.offsets[1] = int(br.Uint32())
+	br.advance(4)
+	d.offsets[2] = int(br.Uint32())
+	br.advance(4)
+	if d.offsets[0] <= 0 || d.offsets[1] <= 0 || d.offsets[2] <= 0 {
+		return nil, errors.New("invalid offset in dictionary")
+	}
+	d.content = make([]byte, br.remain())
+	copy(d.content, br.unread())
+	if d.offsets[0] > len(d.content) || d.offsets[1] > len(d.content) || d.offsets[2] > len(d.content) {
+		return nil, fmt.Errorf("initial offset bigger than dictionary content size %d, offsets: %v", len(d.content), d.offsets)
+	}
+
+	return &d, nil
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_base.go b/vendor/github.com/klauspost/compress/zstd/enc_base.go
new file mode 100644
index 0000000000000..2d4d893eb9163
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/enc_base.go
@@ -0,0 +1,177 @@
+package zstd
+
+import (
+	"fmt"
+	"math/bits"
+
+	"github.com/klauspost/compress/zstd/internal/xxhash"
+)
+
+const (
+	dictShardBits = 6
+)
+
+type fastBase struct {
+	// cur is the offset at the start of hist
+	cur int32
+	// maximum offset. Should be at least 2x block size.
+	maxMatchOff int32
+	hist        []byte
+	crc         *xxhash.Digest
+	tmp         [8]byte
+	blk         *blockEnc
+	lastDictID  uint32
+	lowMem      bool
+}
+
+// CRC returns the underlying CRC writer.
+func (e *fastBase) CRC() *xxhash.Digest {
+	return e.crc
+}
+
+// AppendCRC will append the CRC to the destination slice and return it.
+func (e *fastBase) AppendCRC(dst []byte) []byte {
+	crc := e.crc.Sum(e.tmp[:0])
+	dst = append(dst, crc[7], crc[6], crc[5], crc[4])
+	return dst
+}
+
+// WindowSize returns the window size of the encoder,
+// or a window size small enough to contain the input size, if > 0.
+func (e *fastBase) WindowSize(size int) int32 {
+	if size > 0 && size < int(e.maxMatchOff) {
+		b := int32(1) << uint(bits.Len(uint(size)))
+		// Keep minimum window.
+		if b < 1024 {
+			b = 1024
+		}
+		return b
+	}
+	return e.maxMatchOff
+}
+
+// Block returns the current block.
+func (e *fastBase) Block() *blockEnc {
+	return e.blk
+}
+
+func (e *fastBase) addBlock(src []byte) int32 {
+	if debugAsserts && e.cur > bufferReset {
+		panic(fmt.Sprintf("ecur (%d) > buffer reset (%d)", e.cur, bufferReset))
+	}
+	// check if we have space already
+	if len(e.hist)+len(src) > cap(e.hist) {
+		if cap(e.hist) == 0 {
+			e.ensureHist(len(src))
+		} else {
+			if cap(e.hist) < int(e.maxMatchOff+maxCompressedBlockSize) {
+				panic(fmt.Errorf("unexpected buffer cap %d, want at least %d with window %d", cap(e.hist), e.maxMatchOff+maxCompressedBlockSize, e.maxMatchOff))
+			}
+			// Move down
+			offset := int32(len(e.hist)) - e.maxMatchOff
+			copy(e.hist[0:e.maxMatchOff], e.hist[offset:])
+			e.cur += offset
+			e.hist = e.hist[:e.maxMatchOff]
+		}
+	}
+	s := int32(len(e.hist))
+	e.hist = append(e.hist, src...)
+	return s
+}
+
+// ensureHist will ensure that history can keep at least this many bytes.
+func (e *fastBase) ensureHist(n int) {
+	if cap(e.hist) >= n {
+		return
+	}
+	l := e.maxMatchOff
+	if (e.lowMem && e.maxMatchOff > maxCompressedBlockSize) || e.maxMatchOff <= maxCompressedBlockSize {
+		l += maxCompressedBlockSize
+	} else {
+		l += e.maxMatchOff
+	}
+	// Make it at least 1MB.
+	if l < 1<<20 && !e.lowMem {
+		l = 1 << 20
+	}
+	// Make it at least the requested size.
+	if l < int32(n) {
+		l = int32(n)
+	}
+	e.hist = make([]byte, 0, l)
+}
+
+// useBlock will replace the block with the provided one,
+// but transfer recent offsets from the previous.
+func (e *fastBase) UseBlock(enc *blockEnc) {
+	enc.reset(e.blk)
+	e.blk = enc
+}
+
+func (e *fastBase) matchlenNoHist(s, t int32, src []byte) int32 {
+	// Extend the match to be as long as possible.
+	return int32(matchLen(src[s:], src[t:]))
+}
+
+func (e *fastBase) matchlen(s, t int32, src []byte) int32 {
+	if debugAsserts {
+		if s < 0 {
+			err := fmt.Sprintf("s (%d) < 0", s)
+			panic(err)
+		}
+		if t < 0 {
+			err := fmt.Sprintf("s (%d) < 0", s)
+			panic(err)
+		}
+		if s-t > e.maxMatchOff {
+			err := fmt.Sprintf("s (%d) - t (%d) > maxMatchOff (%d)", s, t, e.maxMatchOff)
+			panic(err)
+		}
+		if len(src)-int(s) > maxCompressedBlockSize {
+			panic(fmt.Sprintf("len(src)-s (%d) > maxCompressedBlockSize (%d)", len(src)-int(s), maxCompressedBlockSize))
+		}
+	}
+
+	// Extend the match to be as long as possible.
+	return int32(matchLen(src[s:], src[t:]))
+}
+
+// Reset the encoding table.
+func (e *fastBase) resetBase(d *dict, singleBlock bool) {
+	if e.blk == nil {
+		e.blk = &blockEnc{lowMem: e.lowMem}
+		e.blk.init()
+	} else {
+		e.blk.reset(nil)
+	}
+	e.blk.initNewEncode()
+	if e.crc == nil {
+		e.crc = xxhash.New()
+	} else {
+		e.crc.Reset()
+	}
+	if (!singleBlock || d.DictContentSize() > 0) && cap(e.hist) < int(e.maxMatchOff*2)+d.DictContentSize() {
+		l := e.maxMatchOff*2 + int32(d.DictContentSize())
+		// Make it at least 1MB.
+		if l < 1<<20 {
+			l = 1 << 20
+		}
+		e.hist = make([]byte, 0, l)
+	}
+	// We offset current position so everything will be out of reach.
+	// If above reset line, history will be purged.
+	if e.cur < bufferReset {
+		e.cur += e.maxMatchOff + int32(len(e.hist))
+	}
+	e.hist = e.hist[:0]
+	if d != nil {
+		// Set offsets (currently not used)
+		for i, off := range d.offsets {
+			e.blk.recentOffsets[i] = uint32(off)
+			e.blk.prevRecentOffsets[i] = e.blk.recentOffsets[i]
+		}
+		// Transfer litenc.
+		e.blk.dictLitEnc = d.litEnc
+		e.hist = append(e.hist, d.content...)
+	}
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_best.go b/vendor/github.com/klauspost/compress/zstd/enc_best.go
new file mode 100644
index 0000000000000..fe3625c5f5e6c
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/enc_best.go
@@ -0,0 +1,487 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"fmt"
+	"math/bits"
+)
+
+const (
+	bestLongTableBits = 20                     // Bits used in the long match table
+	bestLongTableSize = 1 << bestLongTableBits // Size of the table
+
+	// Note: Increasing the short table bits or making the hash shorter
+	// can actually lead to compression degradation since it will 'steal' more from the
+	// long match table and match offsets are quite big.
+	// This greatly depends on the type of input.
+	bestShortTableBits = 16                      // Bits used in the short match table
+	bestShortTableSize = 1 << bestShortTableBits // Size of the table
+)
+
+// bestFastEncoder uses 2 tables, one for short matches (5 bytes) and one for long matches.
+// The long match table contains the previous entry with the same hash,
+// effectively making it a "chain" of length 2.
+// When we find a long match we choose between the two values and select the longest.
+// When we find a short match, after checking the long, we check if we can find a long at n+1
+// and that it is longer (lazy matching).
+type bestFastEncoder struct {
+	fastBase
+	table         [bestShortTableSize]prevEntry
+	longTable     [bestLongTableSize]prevEntry
+	dictTable     []prevEntry
+	dictLongTable []prevEntry
+}
+
+// Encode improves compression...
+func (e *bestFastEncoder) Encode(blk *blockEnc, src []byte) {
+	const (
+		// Input margin is the number of bytes we read (8)
+		// and the maximum we will read ahead (2)
+		inputMargin            = 8 + 4
+		minNonLiteralBlockSize = 16
+	)
+
+	// Protect against e.cur wraparound.
+	for e.cur >= bufferReset {
+		if len(e.hist) == 0 {
+			for i := range e.table[:] {
+				e.table[i] = prevEntry{}
+			}
+			for i := range e.longTable[:] {
+				e.longTable[i] = prevEntry{}
+			}
+			e.cur = e.maxMatchOff
+			break
+		}
+		// Shift down everything in the table that isn't already too far away.
+		minOff := e.cur + int32(len(e.hist)) - e.maxMatchOff
+		for i := range e.table[:] {
+			v := e.table[i].offset
+			v2 := e.table[i].prev
+			if v < minOff {
+				v = 0
+				v2 = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+				if v2 < minOff {
+					v2 = 0
+				} else {
+					v2 = v2 - e.cur + e.maxMatchOff
+				}
+			}
+			e.table[i] = prevEntry{
+				offset: v,
+				prev:   v2,
+			}
+		}
+		for i := range e.longTable[:] {
+			v := e.longTable[i].offset
+			v2 := e.longTable[i].prev
+			if v < minOff {
+				v = 0
+				v2 = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+				if v2 < minOff {
+					v2 = 0
+				} else {
+					v2 = v2 - e.cur + e.maxMatchOff
+				}
+			}
+			e.longTable[i] = prevEntry{
+				offset: v,
+				prev:   v2,
+			}
+		}
+		e.cur = e.maxMatchOff
+		break
+	}
+
+	s := e.addBlock(src)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	// Override src
+	src = e.hist
+	sLimit := int32(len(src)) - inputMargin
+	const kSearchStrength = 10
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+	offset3 := int32(blk.recentOffsets[2])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	_ = addLiterals
+
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		// We allow the encoder to optionally turn off repeat offsets across blocks
+		canRepeat := len(blk.sequences) > 2
+
+		if debugAsserts && canRepeat && offset1 == 0 {
+			panic("offset0 was 0")
+		}
+
+		type match struct {
+			offset int32
+			s      int32
+			length int32
+			rep    int32
+		}
+		matchAt := func(offset int32, s int32, first uint32, rep int32) match {
+			if s-offset >= e.maxMatchOff || load3232(src, offset) != first {
+				return match{offset: offset, s: s}
+			}
+			return match{offset: offset, s: s, length: 4 + e.matchlen(s+4, offset+4, src), rep: rep}
+		}
+
+		bestOf := func(a, b match) match {
+			aScore := b.s - a.s + a.length
+			bScore := a.s - b.s + b.length
+			if a.rep < 0 {
+				aScore = aScore - int32(bits.Len32(uint32(a.offset)))/8
+			}
+			if b.rep < 0 {
+				bScore = bScore - int32(bits.Len32(uint32(b.offset)))/8
+			}
+			if aScore >= bScore {
+				return a
+			}
+			return b
+		}
+		const goodEnough = 100
+
+		nextHashL := hash8(cv, bestLongTableBits)
+		nextHashS := hash4x64(cv, bestShortTableBits)
+		candidateL := e.longTable[nextHashL]
+		candidateS := e.table[nextHashS]
+
+		best := bestOf(matchAt(candidateL.offset-e.cur, s, uint32(cv), -1), matchAt(candidateL.prev-e.cur, s, uint32(cv), -1))
+		best = bestOf(best, matchAt(candidateS.offset-e.cur, s, uint32(cv), -1))
+		best = bestOf(best, matchAt(candidateS.prev-e.cur, s, uint32(cv), -1))
+		if canRepeat && best.length < goodEnough {
+			best = bestOf(best, matchAt(s-offset1+1, s+1, uint32(cv>>8), 1))
+			best = bestOf(best, matchAt(s-offset2+1, s+1, uint32(cv>>8), 2))
+			best = bestOf(best, matchAt(s-offset3+1, s+1, uint32(cv>>8), 3))
+			if best.length > 0 {
+				best = bestOf(best, matchAt(s-offset1+3, s+3, uint32(cv>>24), 1))
+				best = bestOf(best, matchAt(s-offset2+3, s+3, uint32(cv>>24), 2))
+				best = bestOf(best, matchAt(s-offset3+3, s+3, uint32(cv>>24), 3))
+			}
+		}
+		// Load next and check...
+		e.longTable[nextHashL] = prevEntry{offset: s + e.cur, prev: candidateL.offset}
+		e.table[nextHashS] = prevEntry{offset: s + e.cur, prev: candidateS.offset}
+
+		// Look far ahead, unless we have a really long match already...
+		if best.length < goodEnough {
+			// No match found, move forward on input, no need to check forward...
+			if best.length < 4 {
+				s += 1 + (s-nextEmit)>>(kSearchStrength-1)
+				if s >= sLimit {
+					break encodeLoop
+				}
+				cv = load6432(src, s)
+				continue
+			}
+
+			s++
+			candidateS = e.table[hash4x64(cv>>8, bestShortTableBits)]
+			cv = load6432(src, s)
+			cv2 := load6432(src, s+1)
+			candidateL = e.longTable[hash8(cv, bestLongTableBits)]
+			candidateL2 := e.longTable[hash8(cv2, bestLongTableBits)]
+
+			best = bestOf(best, matchAt(candidateS.offset-e.cur, s, uint32(cv), -1))
+			best = bestOf(best, matchAt(candidateL.offset-e.cur, s, uint32(cv), -1))
+			best = bestOf(best, matchAt(candidateL.prev-e.cur, s, uint32(cv), -1))
+			best = bestOf(best, matchAt(candidateL2.offset-e.cur, s+1, uint32(cv2), -1))
+			best = bestOf(best, matchAt(candidateL2.prev-e.cur, s+1, uint32(cv2), -1))
+		}
+
+		// We have a match, we can store the forward value
+		if best.rep > 0 {
+			s = best.s
+			var seq seq
+			seq.matchLen = uint32(best.length - zstdMinMatch)
+
+			// We might be able to match backwards.
+			// Extend as long as we can.
+			start := best.s
+			// We end the search early, so we don't risk 0 literals
+			// and have to do special offset treatment.
+			startLimit := nextEmit + 1
+
+			tMin := s - e.maxMatchOff
+			if tMin < 0 {
+				tMin = 0
+			}
+			repIndex := best.offset
+			for repIndex > tMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch-1 {
+				repIndex--
+				start--
+				seq.matchLen++
+			}
+			addLiterals(&seq, start)
+
+			// rep 0
+			seq.offset = uint32(best.rep)
+			if debugSequences {
+				println("repeat sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Index match start+1 (long) -> s - 1
+			index0 := s
+			s = best.s + best.length
+
+			nextEmit = s
+			if s >= sLimit {
+				if debug {
+					println("repeat ended", s, best.length)
+
+				}
+				break encodeLoop
+			}
+			// Index skipped...
+			off := index0 + e.cur
+			for index0 < s-1 {
+				cv0 := load6432(src, index0)
+				h0 := hash8(cv0, bestLongTableBits)
+				h1 := hash4x64(cv0, bestShortTableBits)
+				e.longTable[h0] = prevEntry{offset: off, prev: e.longTable[h0].offset}
+				e.table[h1] = prevEntry{offset: off, prev: e.table[h1].offset}
+				off++
+				index0++
+			}
+			switch best.rep {
+			case 2:
+				offset1, offset2 = offset2, offset1
+			case 3:
+				offset1, offset2, offset3 = offset3, offset1, offset2
+			}
+			cv = load6432(src, s)
+			continue
+		}
+
+		// A 4-byte match has been found. Update recent offsets.
+		// We'll later see if more than 4 bytes.
+		s = best.s
+		t := best.offset
+		offset1, offset2, offset3 = s-t, offset1, offset2
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		if debugAsserts && canRepeat && int(offset1) > len(src) {
+			panic("invalid offset")
+		}
+
+		// Extend the n-byte match as long as possible.
+		l := best.length
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] && l < maxMatchLength {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+
+		// Index match start+1 (long) -> s - 1
+		index0 := s - l + 1
+		// every entry
+		for index0 < s-1 {
+			cv0 := load6432(src, index0)
+			h0 := hash8(cv0, bestLongTableBits)
+			h1 := hash4x64(cv0, bestShortTableBits)
+			off := index0 + e.cur
+			e.longTable[h0] = prevEntry{offset: off, prev: e.longTable[h0].offset}
+			e.table[h1] = prevEntry{offset: off, prev: e.table[h1].offset}
+			index0++
+		}
+
+		cv = load6432(src, s)
+		if !canRepeat {
+			continue
+		}
+
+		// Check offset 2
+		for {
+			o2 := s - offset2
+			if load3232(src, o2) != uint32(cv) {
+				// Do regular search
+				break
+			}
+
+			// Store this, since we have it.
+			nextHashS := hash4x64(cv, bestShortTableBits)
+			nextHashL := hash8(cv, bestLongTableBits)
+
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			l := 4 + e.matchlen(s+4, o2+4, src)
+
+			e.longTable[nextHashL] = prevEntry{offset: s + e.cur, prev: e.longTable[nextHashL].offset}
+			e.table[nextHashS] = prevEntry{offset: s + e.cur, prev: e.table[nextHashS].offset}
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				// Finished
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	blk.recentOffsets[0] = uint32(offset1)
+	blk.recentOffsets[1] = uint32(offset2)
+	blk.recentOffsets[2] = uint32(offset3)
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+}
+
+// EncodeNoHist will encode a block with no history and no following blocks.
+// Most notable difference is that src will not be copied for history and
+// we do not need to check for max match length.
+func (e *bestFastEncoder) EncodeNoHist(blk *blockEnc, src []byte) {
+	e.ensureHist(len(src))
+	e.Encode(blk, src)
+}
+
+// ResetDict will reset and set a dictionary if not nil
+func (e *bestFastEncoder) Reset(d *dict, singleBlock bool) {
+	e.resetBase(d, singleBlock)
+	if d == nil {
+		return
+	}
+	// Init or copy dict table
+	if len(e.dictTable) != len(e.table) || d.id != e.lastDictID {
+		if len(e.dictTable) != len(e.table) {
+			e.dictTable = make([]prevEntry, len(e.table))
+		}
+		end := int32(len(d.content)) - 8 + e.maxMatchOff
+		for i := e.maxMatchOff; i < end; i += 4 {
+			const hashLog = bestShortTableBits
+
+			cv := load6432(d.content, i-e.maxMatchOff)
+			nextHash := hash4x64(cv, hashLog)      // 0 -> 4
+			nextHash1 := hash4x64(cv>>8, hashLog)  // 1 -> 5
+			nextHash2 := hash4x64(cv>>16, hashLog) // 2 -> 6
+			nextHash3 := hash4x64(cv>>24, hashLog) // 3 -> 7
+			e.dictTable[nextHash] = prevEntry{
+				prev:   e.dictTable[nextHash].offset,
+				offset: i,
+			}
+			e.dictTable[nextHash1] = prevEntry{
+				prev:   e.dictTable[nextHash1].offset,
+				offset: i + 1,
+			}
+			e.dictTable[nextHash2] = prevEntry{
+				prev:   e.dictTable[nextHash2].offset,
+				offset: i + 2,
+			}
+			e.dictTable[nextHash3] = prevEntry{
+				prev:   e.dictTable[nextHash3].offset,
+				offset: i + 3,
+			}
+		}
+		e.lastDictID = d.id
+	}
+
+	// Init or copy dict table
+	if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID {
+		if len(e.dictLongTable) != len(e.longTable) {
+			e.dictLongTable = make([]prevEntry, len(e.longTable))
+		}
+		if len(d.content) >= 8 {
+			cv := load6432(d.content, 0)
+			h := hash8(cv, bestLongTableBits)
+			e.dictLongTable[h] = prevEntry{
+				offset: e.maxMatchOff,
+				prev:   e.dictLongTable[h].offset,
+			}
+
+			end := int32(len(d.content)) - 8 + e.maxMatchOff
+			off := 8 // First to read
+			for i := e.maxMatchOff + 1; i < end; i++ {
+				cv = cv>>8 | (uint64(d.content[off]) << 56)
+				h := hash8(cv, bestLongTableBits)
+				e.dictLongTable[h] = prevEntry{
+					offset: i,
+					prev:   e.dictLongTable[h].offset,
+				}
+				off++
+			}
+		}
+		e.lastDictID = d.id
+	}
+	// Reset table to initial state
+	copy(e.longTable[:], e.dictLongTable)
+
+	e.cur = e.maxMatchOff
+	// Reset table to initial state
+	copy(e.table[:], e.dictTable)
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_better.go b/vendor/github.com/klauspost/compress/zstd/enc_better.go
new file mode 100644
index 0000000000000..c2ce4a2bac50f
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/enc_better.go
@@ -0,0 +1,1170 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import "fmt"
+
+const (
+	betterLongTableBits = 19                       // Bits used in the long match table
+	betterLongTableSize = 1 << betterLongTableBits // Size of the table
+
+	// Note: Increasing the short table bits or making the hash shorter
+	// can actually lead to compression degradation since it will 'steal' more from the
+	// long match table and match offsets are quite big.
+	// This greatly depends on the type of input.
+	betterShortTableBits = 13                        // Bits used in the short match table
+	betterShortTableSize = 1 << betterShortTableBits // Size of the table
+
+	betterLongTableShardCnt  = 1 << (betterLongTableBits - dictShardBits)    // Number of shards in the table
+	betterLongTableShardSize = betterLongTableSize / betterLongTableShardCnt // Size of an individual shard
+
+	betterShortTableShardCnt  = 1 << (betterShortTableBits - dictShardBits)     // Number of shards in the table
+	betterShortTableShardSize = betterShortTableSize / betterShortTableShardCnt // Size of an individual shard
+)
+
+type prevEntry struct {
+	offset int32
+	prev   int32
+}
+
+// betterFastEncoder uses 2 tables, one for short matches (5 bytes) and one for long matches.
+// The long match table contains the previous entry with the same hash,
+// effectively making it a "chain" of length 2.
+// When we find a long match we choose between the two values and select the longest.
+// When we find a short match, after checking the long, we check if we can find a long at n+1
+// and that it is longer (lazy matching).
+type betterFastEncoder struct {
+	fastBase
+	table     [betterShortTableSize]tableEntry
+	longTable [betterLongTableSize]prevEntry
+}
+
+type betterFastEncoderDict struct {
+	betterFastEncoder
+	dictTable            []tableEntry
+	dictLongTable        []prevEntry
+	shortTableShardDirty [betterShortTableShardCnt]bool
+	longTableShardDirty  [betterLongTableShardCnt]bool
+	allDirty             bool
+}
+
+// Encode improves compression...
+func (e *betterFastEncoder) Encode(blk *blockEnc, src []byte) {
+	const (
+		// Input margin is the number of bytes we read (8)
+		// and the maximum we will read ahead (2)
+		inputMargin            = 8 + 2
+		minNonLiteralBlockSize = 16
+	)
+
+	// Protect against e.cur wraparound.
+	for e.cur >= bufferReset {
+		if len(e.hist) == 0 {
+			for i := range e.table[:] {
+				e.table[i] = tableEntry{}
+			}
+			for i := range e.longTable[:] {
+				e.longTable[i] = prevEntry{}
+			}
+			e.cur = e.maxMatchOff
+			break
+		}
+		// Shift down everything in the table that isn't already too far away.
+		minOff := e.cur + int32(len(e.hist)) - e.maxMatchOff
+		for i := range e.table[:] {
+			v := e.table[i].offset
+			if v < minOff {
+				v = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+			}
+			e.table[i].offset = v
+		}
+		for i := range e.longTable[:] {
+			v := e.longTable[i].offset
+			v2 := e.longTable[i].prev
+			if v < minOff {
+				v = 0
+				v2 = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+				if v2 < minOff {
+					v2 = 0
+				} else {
+					v2 = v2 - e.cur + e.maxMatchOff
+				}
+			}
+			e.longTable[i] = prevEntry{
+				offset: v,
+				prev:   v2,
+			}
+		}
+		e.cur = e.maxMatchOff
+		break
+	}
+
+	s := e.addBlock(src)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	// Override src
+	src = e.hist
+	sLimit := int32(len(src)) - inputMargin
+	// stepSize is the number of bytes to skip on every main loop iteration.
+	// It should be >= 1.
+	const stepSize = 1
+
+	const kSearchStrength = 9
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		var t int32
+		// We allow the encoder to optionally turn off repeat offsets across blocks
+		canRepeat := len(blk.sequences) > 2
+		var matched int32
+
+		for {
+			if debugAsserts && canRepeat && offset1 == 0 {
+				panic("offset0 was 0")
+			}
+
+			nextHashS := hash5(cv, betterShortTableBits)
+			nextHashL := hash8(cv, betterLongTableBits)
+			candidateL := e.longTable[nextHashL]
+			candidateS := e.table[nextHashS]
+
+			const repOff = 1
+			repIndex := s - offset1 + repOff
+			off := s + e.cur
+			e.longTable[nextHashL] = prevEntry{offset: off, prev: candidateL.offset}
+			e.table[nextHashS] = tableEntry{offset: off, val: uint32(cv)}
+
+			if canRepeat {
+				if repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
+					// Consider history as well.
+					var seq seq
+					lenght := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+
+					seq.matchLen = uint32(lenght - zstdMinMatch)
+
+					// We might be able to match backwards.
+					// Extend as long as we can.
+					start := s + repOff
+					// We end the search early, so we don't risk 0 literals
+					// and have to do special offset treatment.
+					startLimit := nextEmit + 1
+
+					tMin := s - e.maxMatchOff
+					if tMin < 0 {
+						tMin = 0
+					}
+					for repIndex > tMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch-1 {
+						repIndex--
+						start--
+						seq.matchLen++
+					}
+					addLiterals(&seq, start)
+
+					// rep 0
+					seq.offset = 1
+					if debugSequences {
+						println("repeat sequence", seq, "next s:", s)
+					}
+					blk.sequences = append(blk.sequences, seq)
+
+					// Index match start+1 (long) -> s - 1
+					index0 := s + repOff
+					s += lenght + repOff
+
+					nextEmit = s
+					if s >= sLimit {
+						if debug {
+							println("repeat ended", s, lenght)
+
+						}
+						break encodeLoop
+					}
+					// Index skipped...
+					for index0 < s-1 {
+						cv0 := load6432(src, index0)
+						cv1 := cv0 >> 8
+						h0 := hash8(cv0, betterLongTableBits)
+						off := index0 + e.cur
+						e.longTable[h0] = prevEntry{offset: off, prev: e.longTable[h0].offset}
+						e.table[hash5(cv1, betterShortTableBits)] = tableEntry{offset: off + 1, val: uint32(cv1)}
+						index0 += 2
+					}
+					cv = load6432(src, s)
+					continue
+				}
+				const repOff2 = 1
+
+				// We deviate from the reference encoder and also check offset 2.
+				// Still slower and not much better, so disabled.
+				// repIndex = s - offset2 + repOff2
+				if false && repIndex >= 0 && load6432(src, repIndex) == load6432(src, s+repOff) {
+					// Consider history as well.
+					var seq seq
+					lenght := 8 + e.matchlen(s+8+repOff2, repIndex+8, src)
+
+					seq.matchLen = uint32(lenght - zstdMinMatch)
+
+					// We might be able to match backwards.
+					// Extend as long as we can.
+					start := s + repOff2
+					// We end the search early, so we don't risk 0 literals
+					// and have to do special offset treatment.
+					startLimit := nextEmit + 1
+
+					tMin := s - e.maxMatchOff
+					if tMin < 0 {
+						tMin = 0
+					}
+					for repIndex > tMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch-1 {
+						repIndex--
+						start--
+						seq.matchLen++
+					}
+					addLiterals(&seq, start)
+
+					// rep 2
+					seq.offset = 2
+					if debugSequences {
+						println("repeat sequence 2", seq, "next s:", s)
+					}
+					blk.sequences = append(blk.sequences, seq)
+
+					index0 := s + repOff2
+					s += lenght + repOff2
+					nextEmit = s
+					if s >= sLimit {
+						if debug {
+							println("repeat ended", s, lenght)
+
+						}
+						break encodeLoop
+					}
+
+					// Index skipped...
+					for index0 < s-1 {
+						cv0 := load6432(src, index0)
+						cv1 := cv0 >> 8
+						h0 := hash8(cv0, betterLongTableBits)
+						off := index0 + e.cur
+						e.longTable[h0] = prevEntry{offset: off, prev: e.longTable[h0].offset}
+						e.table[hash5(cv1, betterShortTableBits)] = tableEntry{offset: off + 1, val: uint32(cv1)}
+						index0 += 2
+					}
+					cv = load6432(src, s)
+					// Swap offsets
+					offset1, offset2 = offset2, offset1
+					continue
+				}
+			}
+			// Find the offsets of our two matches.
+			coffsetL := candidateL.offset - e.cur
+			coffsetLP := candidateL.prev - e.cur
+
+			// Check if we have a long match.
+			if s-coffsetL < e.maxMatchOff && cv == load6432(src, coffsetL) {
+				// Found a long match, at least 8 bytes.
+				matched = e.matchlen(s+8, coffsetL+8, src) + 8
+				t = coffsetL
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugMatches {
+					println("long match")
+				}
+
+				if s-coffsetLP < e.maxMatchOff && cv == load6432(src, coffsetLP) {
+					// Found a long match, at least 8 bytes.
+					prevMatch := e.matchlen(s+8, coffsetLP+8, src) + 8
+					if prevMatch > matched {
+						matched = prevMatch
+						t = coffsetLP
+					}
+					if debugAsserts && s <= t {
+						panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+					}
+					if debugAsserts && s-t > e.maxMatchOff {
+						panic("s - t >e.maxMatchOff")
+					}
+					if debugMatches {
+						println("long match")
+					}
+				}
+				break
+			}
+
+			// Check if we have a long match on prev.
+			if s-coffsetLP < e.maxMatchOff && cv == load6432(src, coffsetLP) {
+				// Found a long match, at least 8 bytes.
+				matched = e.matchlen(s+8, coffsetLP+8, src) + 8
+				t = coffsetLP
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugMatches {
+					println("long match")
+				}
+				break
+			}
+
+			coffsetS := candidateS.offset - e.cur
+
+			// Check if we have a short match.
+			if s-coffsetS < e.maxMatchOff && uint32(cv) == candidateS.val {
+				// found a regular match
+				matched = e.matchlen(s+4, coffsetS+4, src) + 4
+
+				// See if we can find a long match at s+1
+				const checkAt = 1
+				cv := load6432(src, s+checkAt)
+				nextHashL = hash8(cv, betterLongTableBits)
+				candidateL = e.longTable[nextHashL]
+				coffsetL = candidateL.offset - e.cur
+
+				// We can store it, since we have at least a 4 byte match.
+				e.longTable[nextHashL] = prevEntry{offset: s + checkAt + e.cur, prev: candidateL.offset}
+				if s-coffsetL < e.maxMatchOff && cv == load6432(src, coffsetL) {
+					// Found a long match, at least 8 bytes.
+					matchedNext := e.matchlen(s+8+checkAt, coffsetL+8, src) + 8
+					if matchedNext > matched {
+						t = coffsetL
+						s += checkAt
+						matched = matchedNext
+						if debugMatches {
+							println("long match (after short)")
+						}
+						break
+					}
+				}
+
+				// Check prev long...
+				coffsetL = candidateL.prev - e.cur
+				if s-coffsetL < e.maxMatchOff && cv == load6432(src, coffsetL) {
+					// Found a long match, at least 8 bytes.
+					matchedNext := e.matchlen(s+8+checkAt, coffsetL+8, src) + 8
+					if matchedNext > matched {
+						t = coffsetL
+						s += checkAt
+						matched = matchedNext
+						if debugMatches {
+							println("prev long match (after short)")
+						}
+						break
+					}
+				}
+				t = coffsetS
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic("t<0")
+				}
+				if debugMatches {
+					println("short match")
+				}
+				break
+			}
+
+			// No match found, move forward in input.
+			s += stepSize + ((s - nextEmit) >> (kSearchStrength - 1))
+			if s >= sLimit {
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+
+		// A 4-byte match has been found. Update recent offsets.
+		// We'll later see if more than 4 bytes.
+		offset2 = offset1
+		offset1 = s - t
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		if debugAsserts && canRepeat && int(offset1) > len(src) {
+			panic("invalid offset")
+		}
+
+		// Extend the n-byte match as long as possible.
+		l := matched
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] && l < maxMatchLength {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+
+		// Index match start+1 (long) -> s - 1
+		index0 := s - l + 1
+		for index0 < s-1 {
+			cv0 := load6432(src, index0)
+			cv1 := cv0 >> 8
+			h0 := hash8(cv0, betterLongTableBits)
+			off := index0 + e.cur
+			e.longTable[h0] = prevEntry{offset: off, prev: e.longTable[h0].offset}
+			e.table[hash5(cv1, betterShortTableBits)] = tableEntry{offset: off + 1, val: uint32(cv1)}
+			index0 += 2
+		}
+
+		cv = load6432(src, s)
+		if !canRepeat {
+			continue
+		}
+
+		// Check offset 2
+		for {
+			o2 := s - offset2
+			if load3232(src, o2) != uint32(cv) {
+				// Do regular search
+				break
+			}
+
+			// Store this, since we have it.
+			nextHashS := hash5(cv, betterShortTableBits)
+			nextHashL := hash8(cv, betterLongTableBits)
+
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			l := 4 + e.matchlen(s+4, o2+4, src)
+
+			e.longTable[nextHashL] = prevEntry{offset: s + e.cur, prev: e.longTable[nextHashL].offset}
+			e.table[nextHashS] = tableEntry{offset: s + e.cur, val: uint32(cv)}
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				// Finished
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	blk.recentOffsets[0] = uint32(offset1)
+	blk.recentOffsets[1] = uint32(offset2)
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+}
+
+// EncodeNoHist will encode a block with no history and no following blocks.
+// Most notable difference is that src will not be copied for history and
+// we do not need to check for max match length.
+func (e *betterFastEncoder) EncodeNoHist(blk *blockEnc, src []byte) {
+	e.ensureHist(len(src))
+	e.Encode(blk, src)
+}
+
+// Encode improves compression...
+func (e *betterFastEncoderDict) Encode(blk *blockEnc, src []byte) {
+	const (
+		// Input margin is the number of bytes we read (8)
+		// and the maximum we will read ahead (2)
+		inputMargin            = 8 + 2
+		minNonLiteralBlockSize = 16
+	)
+
+	// Protect against e.cur wraparound.
+	for e.cur >= bufferReset {
+		if len(e.hist) == 0 {
+			for i := range e.table[:] {
+				e.table[i] = tableEntry{}
+			}
+			for i := range e.longTable[:] {
+				e.longTable[i] = prevEntry{}
+			}
+			e.cur = e.maxMatchOff
+			e.allDirty = true
+			break
+		}
+		// Shift down everything in the table that isn't already too far away.
+		minOff := e.cur + int32(len(e.hist)) - e.maxMatchOff
+		for i := range e.table[:] {
+			v := e.table[i].offset
+			if v < minOff {
+				v = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+			}
+			e.table[i].offset = v
+		}
+		for i := range e.longTable[:] {
+			v := e.longTable[i].offset
+			v2 := e.longTable[i].prev
+			if v < minOff {
+				v = 0
+				v2 = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+				if v2 < minOff {
+					v2 = 0
+				} else {
+					v2 = v2 - e.cur + e.maxMatchOff
+				}
+			}
+			e.longTable[i] = prevEntry{
+				offset: v,
+				prev:   v2,
+			}
+		}
+		e.allDirty = true
+		e.cur = e.maxMatchOff
+		break
+	}
+
+	s := e.addBlock(src)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	// Override src
+	src = e.hist
+	sLimit := int32(len(src)) - inputMargin
+	// stepSize is the number of bytes to skip on every main loop iteration.
+	// It should be >= 1.
+	const stepSize = 1
+
+	const kSearchStrength = 9
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		var t int32
+		// We allow the encoder to optionally turn off repeat offsets across blocks
+		canRepeat := len(blk.sequences) > 2
+		var matched int32
+
+		for {
+			if debugAsserts && canRepeat && offset1 == 0 {
+				panic("offset0 was 0")
+			}
+
+			nextHashS := hash5(cv, betterShortTableBits)
+			nextHashL := hash8(cv, betterLongTableBits)
+			candidateL := e.longTable[nextHashL]
+			candidateS := e.table[nextHashS]
+
+			const repOff = 1
+			repIndex := s - offset1 + repOff
+			off := s + e.cur
+			e.longTable[nextHashL] = prevEntry{offset: off, prev: candidateL.offset}
+			e.markLongShardDirty(nextHashL)
+			e.table[nextHashS] = tableEntry{offset: off, val: uint32(cv)}
+			e.markShortShardDirty(nextHashS)
+
+			if canRepeat {
+				if repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
+					// Consider history as well.
+					var seq seq
+					lenght := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+
+					seq.matchLen = uint32(lenght - zstdMinMatch)
+
+					// We might be able to match backwards.
+					// Extend as long as we can.
+					start := s + repOff
+					// We end the search early, so we don't risk 0 literals
+					// and have to do special offset treatment.
+					startLimit := nextEmit + 1
+
+					tMin := s - e.maxMatchOff
+					if tMin < 0 {
+						tMin = 0
+					}
+					for repIndex > tMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch-1 {
+						repIndex--
+						start--
+						seq.matchLen++
+					}
+					addLiterals(&seq, start)
+
+					// rep 0
+					seq.offset = 1
+					if debugSequences {
+						println("repeat sequence", seq, "next s:", s)
+					}
+					blk.sequences = append(blk.sequences, seq)
+
+					// Index match start+1 (long) -> s - 1
+					index0 := s + repOff
+					s += lenght + repOff
+
+					nextEmit = s
+					if s >= sLimit {
+						if debug {
+							println("repeat ended", s, lenght)
+
+						}
+						break encodeLoop
+					}
+					// Index skipped...
+					for index0 < s-1 {
+						cv0 := load6432(src, index0)
+						cv1 := cv0 >> 8
+						h0 := hash8(cv0, betterLongTableBits)
+						off := index0 + e.cur
+						e.longTable[h0] = prevEntry{offset: off, prev: e.longTable[h0].offset}
+						e.markLongShardDirty(h0)
+						h1 := hash5(cv1, betterShortTableBits)
+						e.table[h1] = tableEntry{offset: off + 1, val: uint32(cv1)}
+						e.markShortShardDirty(h1)
+						index0 += 2
+					}
+					cv = load6432(src, s)
+					continue
+				}
+				const repOff2 = 1
+
+				// We deviate from the reference encoder and also check offset 2.
+				// Still slower and not much better, so disabled.
+				// repIndex = s - offset2 + repOff2
+				if false && repIndex >= 0 && load6432(src, repIndex) == load6432(src, s+repOff) {
+					// Consider history as well.
+					var seq seq
+					lenght := 8 + e.matchlen(s+8+repOff2, repIndex+8, src)
+
+					seq.matchLen = uint32(lenght - zstdMinMatch)
+
+					// We might be able to match backwards.
+					// Extend as long as we can.
+					start := s + repOff2
+					// We end the search early, so we don't risk 0 literals
+					// and have to do special offset treatment.
+					startLimit := nextEmit + 1
+
+					tMin := s - e.maxMatchOff
+					if tMin < 0 {
+						tMin = 0
+					}
+					for repIndex > tMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch-1 {
+						repIndex--
+						start--
+						seq.matchLen++
+					}
+					addLiterals(&seq, start)
+
+					// rep 2
+					seq.offset = 2
+					if debugSequences {
+						println("repeat sequence 2", seq, "next s:", s)
+					}
+					blk.sequences = append(blk.sequences, seq)
+
+					index0 := s + repOff2
+					s += lenght + repOff2
+					nextEmit = s
+					if s >= sLimit {
+						if debug {
+							println("repeat ended", s, lenght)
+
+						}
+						break encodeLoop
+					}
+
+					// Index skipped...
+					for index0 < s-1 {
+						cv0 := load6432(src, index0)
+						cv1 := cv0 >> 8
+						h0 := hash8(cv0, betterLongTableBits)
+						off := index0 + e.cur
+						e.longTable[h0] = prevEntry{offset: off, prev: e.longTable[h0].offset}
+						e.markLongShardDirty(h0)
+						h1 := hash5(cv1, betterShortTableBits)
+						e.table[h1] = tableEntry{offset: off + 1, val: uint32(cv1)}
+						e.markShortShardDirty(h1)
+						index0 += 2
+					}
+					cv = load6432(src, s)
+					// Swap offsets
+					offset1, offset2 = offset2, offset1
+					continue
+				}
+			}
+			// Find the offsets of our two matches.
+			coffsetL := candidateL.offset - e.cur
+			coffsetLP := candidateL.prev - e.cur
+
+			// Check if we have a long match.
+			if s-coffsetL < e.maxMatchOff && cv == load6432(src, coffsetL) {
+				// Found a long match, at least 8 bytes.
+				matched = e.matchlen(s+8, coffsetL+8, src) + 8
+				t = coffsetL
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugMatches {
+					println("long match")
+				}
+
+				if s-coffsetLP < e.maxMatchOff && cv == load6432(src, coffsetLP) {
+					// Found a long match, at least 8 bytes.
+					prevMatch := e.matchlen(s+8, coffsetLP+8, src) + 8
+					if prevMatch > matched {
+						matched = prevMatch
+						t = coffsetLP
+					}
+					if debugAsserts && s <= t {
+						panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+					}
+					if debugAsserts && s-t > e.maxMatchOff {
+						panic("s - t >e.maxMatchOff")
+					}
+					if debugMatches {
+						println("long match")
+					}
+				}
+				break
+			}
+
+			// Check if we have a long match on prev.
+			if s-coffsetLP < e.maxMatchOff && cv == load6432(src, coffsetLP) {
+				// Found a long match, at least 8 bytes.
+				matched = e.matchlen(s+8, coffsetLP+8, src) + 8
+				t = coffsetLP
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugMatches {
+					println("long match")
+				}
+				break
+			}
+
+			coffsetS := candidateS.offset - e.cur
+
+			// Check if we have a short match.
+			if s-coffsetS < e.maxMatchOff && uint32(cv) == candidateS.val {
+				// found a regular match
+				matched = e.matchlen(s+4, coffsetS+4, src) + 4
+
+				// See if we can find a long match at s+1
+				const checkAt = 1
+				cv := load6432(src, s+checkAt)
+				nextHashL = hash8(cv, betterLongTableBits)
+				candidateL = e.longTable[nextHashL]
+				coffsetL = candidateL.offset - e.cur
+
+				// We can store it, since we have at least a 4 byte match.
+				e.longTable[nextHashL] = prevEntry{offset: s + checkAt + e.cur, prev: candidateL.offset}
+				e.markLongShardDirty(nextHashL)
+				if s-coffsetL < e.maxMatchOff && cv == load6432(src, coffsetL) {
+					// Found a long match, at least 8 bytes.
+					matchedNext := e.matchlen(s+8+checkAt, coffsetL+8, src) + 8
+					if matchedNext > matched {
+						t = coffsetL
+						s += checkAt
+						matched = matchedNext
+						if debugMatches {
+							println("long match (after short)")
+						}
+						break
+					}
+				}
+
+				// Check prev long...
+				coffsetL = candidateL.prev - e.cur
+				if s-coffsetL < e.maxMatchOff && cv == load6432(src, coffsetL) {
+					// Found a long match, at least 8 bytes.
+					matchedNext := e.matchlen(s+8+checkAt, coffsetL+8, src) + 8
+					if matchedNext > matched {
+						t = coffsetL
+						s += checkAt
+						matched = matchedNext
+						if debugMatches {
+							println("prev long match (after short)")
+						}
+						break
+					}
+				}
+				t = coffsetS
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic("t<0")
+				}
+				if debugMatches {
+					println("short match")
+				}
+				break
+			}
+
+			// No match found, move forward in input.
+			s += stepSize + ((s - nextEmit) >> (kSearchStrength - 1))
+			if s >= sLimit {
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+
+		// A 4-byte match has been found. Update recent offsets.
+		// We'll later see if more than 4 bytes.
+		offset2 = offset1
+		offset1 = s - t
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		if debugAsserts && canRepeat && int(offset1) > len(src) {
+			panic("invalid offset")
+		}
+
+		// Extend the n-byte match as long as possible.
+		l := matched
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] && l < maxMatchLength {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+
+		// Index match start+1 (long) -> s - 1
+		index0 := s - l + 1
+		for index0 < s-1 {
+			cv0 := load6432(src, index0)
+			cv1 := cv0 >> 8
+			h0 := hash8(cv0, betterLongTableBits)
+			off := index0 + e.cur
+			e.longTable[h0] = prevEntry{offset: off, prev: e.longTable[h0].offset}
+			e.markLongShardDirty(h0)
+			h1 := hash5(cv1, betterShortTableBits)
+			e.table[h1] = tableEntry{offset: off + 1, val: uint32(cv1)}
+			e.markShortShardDirty(h1)
+			index0 += 2
+		}
+
+		cv = load6432(src, s)
+		if !canRepeat {
+			continue
+		}
+
+		// Check offset 2
+		for {
+			o2 := s - offset2
+			if load3232(src, o2) != uint32(cv) {
+				// Do regular search
+				break
+			}
+
+			// Store this, since we have it.
+			nextHashS := hash5(cv, betterShortTableBits)
+			nextHashL := hash8(cv, betterLongTableBits)
+
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			l := 4 + e.matchlen(s+4, o2+4, src)
+
+			e.longTable[nextHashL] = prevEntry{offset: s + e.cur, prev: e.longTable[nextHashL].offset}
+			e.markLongShardDirty(nextHashL)
+			e.table[nextHashS] = tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.markShortShardDirty(nextHashS)
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				// Finished
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	blk.recentOffsets[0] = uint32(offset1)
+	blk.recentOffsets[1] = uint32(offset2)
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+}
+
+// ResetDict will reset and set a dictionary if not nil
+func (e *betterFastEncoder) Reset(d *dict, singleBlock bool) {
+	e.resetBase(d, singleBlock)
+	if d != nil {
+		panic("betterFastEncoder: Reset with dict")
+	}
+}
+
+// ResetDict will reset and set a dictionary if not nil
+func (e *betterFastEncoderDict) Reset(d *dict, singleBlock bool) {
+	e.resetBase(d, singleBlock)
+	if d == nil {
+		return
+	}
+	// Init or copy dict table
+	if len(e.dictTable) != len(e.table) || d.id != e.lastDictID {
+		if len(e.dictTable) != len(e.table) {
+			e.dictTable = make([]tableEntry, len(e.table))
+		}
+		end := int32(len(d.content)) - 8 + e.maxMatchOff
+		for i := e.maxMatchOff; i < end; i += 4 {
+			const hashLog = betterShortTableBits
+
+			cv := load6432(d.content, i-e.maxMatchOff)
+			nextHash := hash5(cv, hashLog)      // 0 -> 4
+			nextHash1 := hash5(cv>>8, hashLog)  // 1 -> 5
+			nextHash2 := hash5(cv>>16, hashLog) // 2 -> 6
+			nextHash3 := hash5(cv>>24, hashLog) // 3 -> 7
+			e.dictTable[nextHash] = tableEntry{
+				val:    uint32(cv),
+				offset: i,
+			}
+			e.dictTable[nextHash1] = tableEntry{
+				val:    uint32(cv >> 8),
+				offset: i + 1,
+			}
+			e.dictTable[nextHash2] = tableEntry{
+				val:    uint32(cv >> 16),
+				offset: i + 2,
+			}
+			e.dictTable[nextHash3] = tableEntry{
+				val:    uint32(cv >> 24),
+				offset: i + 3,
+			}
+		}
+		e.lastDictID = d.id
+		e.allDirty = true
+	}
+
+	// Init or copy dict table
+	if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID {
+		if len(e.dictLongTable) != len(e.longTable) {
+			e.dictLongTable = make([]prevEntry, len(e.longTable))
+		}
+		if len(d.content) >= 8 {
+			cv := load6432(d.content, 0)
+			h := hash8(cv, betterLongTableBits)
+			e.dictLongTable[h] = prevEntry{
+				offset: e.maxMatchOff,
+				prev:   e.dictLongTable[h].offset,
+			}
+
+			end := int32(len(d.content)) - 8 + e.maxMatchOff
+			off := 8 // First to read
+			for i := e.maxMatchOff + 1; i < end; i++ {
+				cv = cv>>8 | (uint64(d.content[off]) << 56)
+				h := hash8(cv, betterLongTableBits)
+				e.dictLongTable[h] = prevEntry{
+					offset: i,
+					prev:   e.dictLongTable[h].offset,
+				}
+				off++
+			}
+		}
+		e.lastDictID = d.id
+		e.allDirty = true
+	}
+
+	// Reset table to initial state
+	{
+		dirtyShardCnt := 0
+		if !e.allDirty {
+			for i := range e.shortTableShardDirty {
+				if e.shortTableShardDirty[i] {
+					dirtyShardCnt++
+				}
+			}
+		}
+		const shardCnt = betterShortTableShardCnt
+		const shardSize = betterShortTableShardSize
+		if e.allDirty || dirtyShardCnt > shardCnt*4/6 {
+			copy(e.table[:], e.dictTable)
+			for i := range e.shortTableShardDirty {
+				e.shortTableShardDirty[i] = false
+			}
+		} else {
+			for i := range e.shortTableShardDirty {
+				if !e.shortTableShardDirty[i] {
+					continue
+				}
+
+				copy(e.table[i*shardSize:(i+1)*shardSize], e.dictTable[i*shardSize:(i+1)*shardSize])
+				e.shortTableShardDirty[i] = false
+			}
+		}
+	}
+	{
+		dirtyShardCnt := 0
+		if !e.allDirty {
+			for i := range e.shortTableShardDirty {
+				if e.shortTableShardDirty[i] {
+					dirtyShardCnt++
+				}
+			}
+		}
+		const shardCnt = betterLongTableShardCnt
+		const shardSize = betterLongTableShardSize
+		if e.allDirty || dirtyShardCnt > shardCnt*4/6 {
+			copy(e.longTable[:], e.dictLongTable)
+			for i := range e.longTableShardDirty {
+				e.longTableShardDirty[i] = false
+			}
+		} else {
+			for i := range e.longTableShardDirty {
+				if !e.longTableShardDirty[i] {
+					continue
+				}
+
+				copy(e.longTable[i*shardSize:(i+1)*shardSize], e.dictLongTable[i*shardSize:(i+1)*shardSize])
+				e.longTableShardDirty[i] = false
+			}
+		}
+	}
+	e.cur = e.maxMatchOff
+	e.allDirty = false
+}
+
+func (e *betterFastEncoderDict) markLongShardDirty(entryNum uint32) {
+	e.longTableShardDirty[entryNum/betterLongTableShardSize] = true
+}
+
+func (e *betterFastEncoderDict) markShortShardDirty(entryNum uint32) {
+	e.shortTableShardDirty[entryNum/betterShortTableShardSize] = true
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go
new file mode 100644
index 0000000000000..8629d43d8683b
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go
@@ -0,0 +1,1121 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import "fmt"
+
+const (
+	dFastLongTableBits = 17                      // Bits used in the long match table
+	dFastLongTableSize = 1 << dFastLongTableBits // Size of the table
+	dFastLongTableMask = dFastLongTableSize - 1  // Mask for table indices. Redundant, but can eliminate bounds checks.
+
+	dLongTableShardCnt  = 1 << (dFastLongTableBits - dictShardBits) // Number of shards in the table
+	dLongTableShardSize = dFastLongTableSize / tableShardCnt        // Size of an individual shard
+
+	dFastShortTableBits = tableBits                // Bits used in the short match table
+	dFastShortTableSize = 1 << dFastShortTableBits // Size of the table
+	dFastShortTableMask = dFastShortTableSize - 1  // Mask for table indices. Redundant, but can eliminate bounds checks.
+)
+
+type doubleFastEncoder struct {
+	fastEncoder
+	longTable [dFastLongTableSize]tableEntry
+}
+
+type doubleFastEncoderDict struct {
+	fastEncoderDict
+	longTable           [dFastLongTableSize]tableEntry
+	dictLongTable       []tableEntry
+	longTableShardDirty [dLongTableShardCnt]bool
+}
+
+// Encode mimmics functionality in zstd_dfast.c
+func (e *doubleFastEncoder) Encode(blk *blockEnc, src []byte) {
+	const (
+		// Input margin is the number of bytes we read (8)
+		// and the maximum we will read ahead (2)
+		inputMargin            = 8 + 2
+		minNonLiteralBlockSize = 16
+	)
+
+	// Protect against e.cur wraparound.
+	for e.cur >= bufferReset {
+		if len(e.hist) == 0 {
+			for i := range e.table[:] {
+				e.table[i] = tableEntry{}
+			}
+			for i := range e.longTable[:] {
+				e.longTable[i] = tableEntry{}
+			}
+			e.cur = e.maxMatchOff
+			break
+		}
+		// Shift down everything in the table that isn't already too far away.
+		minOff := e.cur + int32(len(e.hist)) - e.maxMatchOff
+		for i := range e.table[:] {
+			v := e.table[i].offset
+			if v < minOff {
+				v = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+			}
+			e.table[i].offset = v
+		}
+		for i := range e.longTable[:] {
+			v := e.longTable[i].offset
+			if v < minOff {
+				v = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+			}
+			e.longTable[i].offset = v
+		}
+		e.cur = e.maxMatchOff
+		break
+	}
+
+	s := e.addBlock(src)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	// Override src
+	src = e.hist
+	sLimit := int32(len(src)) - inputMargin
+	// stepSize is the number of bytes to skip on every main loop iteration.
+	// It should be >= 1.
+	const stepSize = 1
+
+	const kSearchStrength = 8
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		var t int32
+		// We allow the encoder to optionally turn off repeat offsets across blocks
+		canRepeat := len(blk.sequences) > 2
+
+		for {
+			if debugAsserts && canRepeat && offset1 == 0 {
+				panic("offset0 was 0")
+			}
+
+			nextHashS := hash5(cv, dFastShortTableBits)
+			nextHashL := hash8(cv, dFastLongTableBits)
+			candidateL := e.longTable[nextHashL]
+			candidateS := e.table[nextHashS]
+
+			const repOff = 1
+			repIndex := s - offset1 + repOff
+			entry := tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.longTable[nextHashL] = entry
+			e.table[nextHashS] = entry
+
+			if canRepeat {
+				if repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
+					// Consider history as well.
+					var seq seq
+					lenght := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+
+					seq.matchLen = uint32(lenght - zstdMinMatch)
+
+					// We might be able to match backwards.
+					// Extend as long as we can.
+					start := s + repOff
+					// We end the search early, so we don't risk 0 literals
+					// and have to do special offset treatment.
+					startLimit := nextEmit + 1
+
+					tMin := s - e.maxMatchOff
+					if tMin < 0 {
+						tMin = 0
+					}
+					for repIndex > tMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch-1 {
+						repIndex--
+						start--
+						seq.matchLen++
+					}
+					addLiterals(&seq, start)
+
+					// rep 0
+					seq.offset = 1
+					if debugSequences {
+						println("repeat sequence", seq, "next s:", s)
+					}
+					blk.sequences = append(blk.sequences, seq)
+					s += lenght + repOff
+					nextEmit = s
+					if s >= sLimit {
+						if debug {
+							println("repeat ended", s, lenght)
+
+						}
+						break encodeLoop
+					}
+					cv = load6432(src, s)
+					continue
+				}
+			}
+			// Find the offsets of our two matches.
+			coffsetL := s - (candidateL.offset - e.cur)
+			coffsetS := s - (candidateS.offset - e.cur)
+
+			// Check if we have a long match.
+			if coffsetL < e.maxMatchOff && uint32(cv) == candidateL.val {
+				// Found a long match, likely at least 8 bytes.
+				// Reference encoder checks all 8 bytes, we only check 4,
+				// but the likelihood of both the first 4 bytes and the hash matching should be enough.
+				t = candidateL.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugMatches {
+					println("long match")
+				}
+				break
+			}
+
+			// Check if we have a short match.
+			if coffsetS < e.maxMatchOff && uint32(cv) == candidateS.val {
+				// found a regular match
+				// See if we can find a long match at s+1
+				const checkAt = 1
+				cv := load6432(src, s+checkAt)
+				nextHashL = hash8(cv, dFastLongTableBits)
+				candidateL = e.longTable[nextHashL]
+				coffsetL = s - (candidateL.offset - e.cur) + checkAt
+
+				// We can store it, since we have at least a 4 byte match.
+				e.longTable[nextHashL] = tableEntry{offset: s + checkAt + e.cur, val: uint32(cv)}
+				if coffsetL < e.maxMatchOff && uint32(cv) == candidateL.val {
+					// Found a long match, likely at least 8 bytes.
+					// Reference encoder checks all 8 bytes, we only check 4,
+					// but the likelihood of both the first 4 bytes and the hash matching should be enough.
+					t = candidateL.offset - e.cur
+					s += checkAt
+					if debugMatches {
+						println("long match (after short)")
+					}
+					break
+				}
+
+				t = candidateS.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic("t<0")
+				}
+				if debugMatches {
+					println("short match")
+				}
+				break
+			}
+
+			// No match found, move forward in input.
+			s += stepSize + ((s - nextEmit) >> (kSearchStrength - 1))
+			if s >= sLimit {
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+
+		// A 4-byte match has been found. Update recent offsets.
+		// We'll later see if more than 4 bytes.
+		offset2 = offset1
+		offset1 = s - t
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		if debugAsserts && canRepeat && int(offset1) > len(src) {
+			panic("invalid offset")
+		}
+
+		// Extend the 4-byte match as long as possible.
+		l := e.matchlen(s+4, t+4, src) + 4
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] && l < maxMatchLength {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+
+		// Index match start+1 (long) and start+2 (short)
+		index0 := s - l + 1
+		// Index match end-2 (long) and end-1 (short)
+		index1 := s - 2
+
+		cv0 := load6432(src, index0)
+		cv1 := load6432(src, index1)
+		te0 := tableEntry{offset: index0 + e.cur, val: uint32(cv0)}
+		te1 := tableEntry{offset: index1 + e.cur, val: uint32(cv1)}
+		e.longTable[hash8(cv0, dFastLongTableBits)] = te0
+		e.longTable[hash8(cv1, dFastLongTableBits)] = te1
+		cv0 >>= 8
+		cv1 >>= 8
+		te0.offset++
+		te1.offset++
+		te0.val = uint32(cv0)
+		te1.val = uint32(cv1)
+		e.table[hash5(cv0, dFastShortTableBits)] = te0
+		e.table[hash5(cv1, dFastShortTableBits)] = te1
+
+		cv = load6432(src, s)
+
+		if !canRepeat {
+			continue
+		}
+
+		// Check offset 2
+		for {
+			o2 := s - offset2
+			if load3232(src, o2) != uint32(cv) {
+				// Do regular search
+				break
+			}
+
+			// Store this, since we have it.
+			nextHashS := hash5(cv, dFastShortTableBits)
+			nextHashL := hash8(cv, dFastLongTableBits)
+
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			l := 4 + e.matchlen(s+4, o2+4, src)
+
+			entry := tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.longTable[nextHashL] = entry
+			e.table[nextHashS] = entry
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				// Finished
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	blk.recentOffsets[0] = uint32(offset1)
+	blk.recentOffsets[1] = uint32(offset2)
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+}
+
+// EncodeNoHist will encode a block with no history and no following blocks.
+// Most notable difference is that src will not be copied for history and
+// we do not need to check for max match length.
+func (e *doubleFastEncoder) EncodeNoHist(blk *blockEnc, src []byte) {
+	const (
+		// Input margin is the number of bytes we read (8)
+		// and the maximum we will read ahead (2)
+		inputMargin            = 8 + 2
+		minNonLiteralBlockSize = 16
+	)
+
+	// Protect against e.cur wraparound.
+	if e.cur >= bufferReset {
+		for i := range e.table[:] {
+			e.table[i] = tableEntry{}
+		}
+		for i := range e.longTable[:] {
+			e.longTable[i] = tableEntry{}
+		}
+		e.cur = e.maxMatchOff
+	}
+
+	s := int32(0)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	// Override src
+	sLimit := int32(len(src)) - inputMargin
+	// stepSize is the number of bytes to skip on every main loop iteration.
+	// It should be >= 1.
+	const stepSize = 1
+
+	const kSearchStrength = 8
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		var t int32
+		for {
+
+			nextHashS := hash5(cv, dFastShortTableBits)
+			nextHashL := hash8(cv, dFastLongTableBits)
+			candidateL := e.longTable[nextHashL]
+			candidateS := e.table[nextHashS]
+
+			const repOff = 1
+			repIndex := s - offset1 + repOff
+			entry := tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.longTable[nextHashL] = entry
+			e.table[nextHashS] = entry
+
+			if len(blk.sequences) > 2 {
+				if load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
+					// Consider history as well.
+					var seq seq
+					//length := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+					length := 4 + int32(matchLen(src[s+4+repOff:], src[repIndex+4:]))
+
+					seq.matchLen = uint32(length - zstdMinMatch)
+
+					// We might be able to match backwards.
+					// Extend as long as we can.
+					start := s + repOff
+					// We end the search early, so we don't risk 0 literals
+					// and have to do special offset treatment.
+					startLimit := nextEmit + 1
+
+					tMin := s - e.maxMatchOff
+					if tMin < 0 {
+						tMin = 0
+					}
+					for repIndex > tMin && start > startLimit && src[repIndex-1] == src[start-1] {
+						repIndex--
+						start--
+						seq.matchLen++
+					}
+					addLiterals(&seq, start)
+
+					// rep 0
+					seq.offset = 1
+					if debugSequences {
+						println("repeat sequence", seq, "next s:", s)
+					}
+					blk.sequences = append(blk.sequences, seq)
+					s += length + repOff
+					nextEmit = s
+					if s >= sLimit {
+						if debug {
+							println("repeat ended", s, length)
+
+						}
+						break encodeLoop
+					}
+					cv = load6432(src, s)
+					continue
+				}
+			}
+			// Find the offsets of our two matches.
+			coffsetL := s - (candidateL.offset - e.cur)
+			coffsetS := s - (candidateS.offset - e.cur)
+
+			// Check if we have a long match.
+			if coffsetL < e.maxMatchOff && uint32(cv) == candidateL.val {
+				// Found a long match, likely at least 8 bytes.
+				// Reference encoder checks all 8 bytes, we only check 4,
+				// but the likelihood of both the first 4 bytes and the hash matching should be enough.
+				t = candidateL.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d). cur: %d", s, t, e.cur))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugMatches {
+					println("long match")
+				}
+				break
+			}
+
+			// Check if we have a short match.
+			if coffsetS < e.maxMatchOff && uint32(cv) == candidateS.val {
+				// found a regular match
+				// See if we can find a long match at s+1
+				const checkAt = 1
+				cv := load6432(src, s+checkAt)
+				nextHashL = hash8(cv, dFastLongTableBits)
+				candidateL = e.longTable[nextHashL]
+				coffsetL = s - (candidateL.offset - e.cur) + checkAt
+
+				// We can store it, since we have at least a 4 byte match.
+				e.longTable[nextHashL] = tableEntry{offset: s + checkAt + e.cur, val: uint32(cv)}
+				if coffsetL < e.maxMatchOff && uint32(cv) == candidateL.val {
+					// Found a long match, likely at least 8 bytes.
+					// Reference encoder checks all 8 bytes, we only check 4,
+					// but the likelihood of both the first 4 bytes and the hash matching should be enough.
+					t = candidateL.offset - e.cur
+					s += checkAt
+					if debugMatches {
+						println("long match (after short)")
+					}
+					break
+				}
+
+				t = candidateS.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic("t<0")
+				}
+				if debugMatches {
+					println("short match")
+				}
+				break
+			}
+
+			// No match found, move forward in input.
+			s += stepSize + ((s - nextEmit) >> (kSearchStrength - 1))
+			if s >= sLimit {
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+
+		// A 4-byte match has been found. Update recent offsets.
+		// We'll later see if more than 4 bytes.
+		offset2 = offset1
+		offset1 = s - t
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		// Extend the 4-byte match as long as possible.
+		//l := e.matchlen(s+4, t+4, src) + 4
+		l := int32(matchLen(src[s+4:], src[t+4:])) + 4
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+
+		// Index match start+1 (long) and start+2 (short)
+		index0 := s - l + 1
+		// Index match end-2 (long) and end-1 (short)
+		index1 := s - 2
+
+		cv0 := load6432(src, index0)
+		cv1 := load6432(src, index1)
+		te0 := tableEntry{offset: index0 + e.cur, val: uint32(cv0)}
+		te1 := tableEntry{offset: index1 + e.cur, val: uint32(cv1)}
+		e.longTable[hash8(cv0, dFastLongTableBits)] = te0
+		e.longTable[hash8(cv1, dFastLongTableBits)] = te1
+		cv0 >>= 8
+		cv1 >>= 8
+		te0.offset++
+		te1.offset++
+		te0.val = uint32(cv0)
+		te1.val = uint32(cv1)
+		e.table[hash5(cv0, dFastShortTableBits)] = te0
+		e.table[hash5(cv1, dFastShortTableBits)] = te1
+
+		cv = load6432(src, s)
+
+		if len(blk.sequences) <= 2 {
+			continue
+		}
+
+		// Check offset 2
+		for {
+			o2 := s - offset2
+			if load3232(src, o2) != uint32(cv) {
+				// Do regular search
+				break
+			}
+
+			// Store this, since we have it.
+			nextHashS := hash5(cv1>>8, dFastShortTableBits)
+			nextHashL := hash8(cv, dFastLongTableBits)
+
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			//l := 4 + e.matchlen(s+4, o2+4, src)
+			l := 4 + int32(matchLen(src[s+4:], src[o2+4:]))
+
+			entry := tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.longTable[nextHashL] = entry
+			e.table[nextHashS] = entry
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				// Finished
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+
+	// We do not store history, so we must offset e.cur to avoid false matches for next user.
+	if e.cur < bufferReset {
+		e.cur += int32(len(src))
+	}
+}
+
+// Encode will encode the content, with a dictionary if initialized for it.
+func (e *doubleFastEncoderDict) Encode(blk *blockEnc, src []byte) {
+	const (
+		// Input margin is the number of bytes we read (8)
+		// and the maximum we will read ahead (2)
+		inputMargin            = 8 + 2
+		minNonLiteralBlockSize = 16
+	)
+
+	// Protect against e.cur wraparound.
+	for e.cur >= bufferReset {
+		if len(e.hist) == 0 {
+			for i := range e.table[:] {
+				e.table[i] = tableEntry{}
+			}
+			for i := range e.longTable[:] {
+				e.longTable[i] = tableEntry{}
+			}
+			e.markAllShardsDirty()
+			e.cur = e.maxMatchOff
+			break
+		}
+		// Shift down everything in the table that isn't already too far away.
+		minOff := e.cur + int32(len(e.hist)) - e.maxMatchOff
+		for i := range e.table[:] {
+			v := e.table[i].offset
+			if v < minOff {
+				v = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+			}
+			e.table[i].offset = v
+		}
+		for i := range e.longTable[:] {
+			v := e.longTable[i].offset
+			if v < minOff {
+				v = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+			}
+			e.longTable[i].offset = v
+		}
+		e.markAllShardsDirty()
+		e.cur = e.maxMatchOff
+		break
+	}
+
+	s := e.addBlock(src)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	// Override src
+	src = e.hist
+	sLimit := int32(len(src)) - inputMargin
+	// stepSize is the number of bytes to skip on every main loop iteration.
+	// It should be >= 1.
+	const stepSize = 1
+
+	const kSearchStrength = 8
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		var t int32
+		// We allow the encoder to optionally turn off repeat offsets across blocks
+		canRepeat := len(blk.sequences) > 2
+
+		for {
+			if debugAsserts && canRepeat && offset1 == 0 {
+				panic("offset0 was 0")
+			}
+
+			nextHashS := hash5(cv, dFastShortTableBits)
+			nextHashL := hash8(cv, dFastLongTableBits)
+			candidateL := e.longTable[nextHashL]
+			candidateS := e.table[nextHashS]
+
+			const repOff = 1
+			repIndex := s - offset1 + repOff
+			entry := tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.longTable[nextHashL] = entry
+			e.markLongShardDirty(nextHashL)
+			e.table[nextHashS] = entry
+			e.markShardDirty(nextHashS)
+
+			if canRepeat {
+				if repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
+					// Consider history as well.
+					var seq seq
+					lenght := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+
+					seq.matchLen = uint32(lenght - zstdMinMatch)
+
+					// We might be able to match backwards.
+					// Extend as long as we can.
+					start := s + repOff
+					// We end the search early, so we don't risk 0 literals
+					// and have to do special offset treatment.
+					startLimit := nextEmit + 1
+
+					tMin := s - e.maxMatchOff
+					if tMin < 0 {
+						tMin = 0
+					}
+					for repIndex > tMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch-1 {
+						repIndex--
+						start--
+						seq.matchLen++
+					}
+					addLiterals(&seq, start)
+
+					// rep 0
+					seq.offset = 1
+					if debugSequences {
+						println("repeat sequence", seq, "next s:", s)
+					}
+					blk.sequences = append(blk.sequences, seq)
+					s += lenght + repOff
+					nextEmit = s
+					if s >= sLimit {
+						if debug {
+							println("repeat ended", s, lenght)
+
+						}
+						break encodeLoop
+					}
+					cv = load6432(src, s)
+					continue
+				}
+			}
+			// Find the offsets of our two matches.
+			coffsetL := s - (candidateL.offset - e.cur)
+			coffsetS := s - (candidateS.offset - e.cur)
+
+			// Check if we have a long match.
+			if coffsetL < e.maxMatchOff && uint32(cv) == candidateL.val {
+				// Found a long match, likely at least 8 bytes.
+				// Reference encoder checks all 8 bytes, we only check 4,
+				// but the likelihood of both the first 4 bytes and the hash matching should be enough.
+				t = candidateL.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugMatches {
+					println("long match")
+				}
+				break
+			}
+
+			// Check if we have a short match.
+			if coffsetS < e.maxMatchOff && uint32(cv) == candidateS.val {
+				// found a regular match
+				// See if we can find a long match at s+1
+				const checkAt = 1
+				cv := load6432(src, s+checkAt)
+				nextHashL = hash8(cv, dFastLongTableBits)
+				candidateL = e.longTable[nextHashL]
+				coffsetL = s - (candidateL.offset - e.cur) + checkAt
+
+				// We can store it, since we have at least a 4 byte match.
+				e.longTable[nextHashL] = tableEntry{offset: s + checkAt + e.cur, val: uint32(cv)}
+				e.markLongShardDirty(nextHashL)
+				if coffsetL < e.maxMatchOff && uint32(cv) == candidateL.val {
+					// Found a long match, likely at least 8 bytes.
+					// Reference encoder checks all 8 bytes, we only check 4,
+					// but the likelihood of both the first 4 bytes and the hash matching should be enough.
+					t = candidateL.offset - e.cur
+					s += checkAt
+					if debugMatches {
+						println("long match (after short)")
+					}
+					break
+				}
+
+				t = candidateS.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic("t<0")
+				}
+				if debugMatches {
+					println("short match")
+				}
+				break
+			}
+
+			// No match found, move forward in input.
+			s += stepSize + ((s - nextEmit) >> (kSearchStrength - 1))
+			if s >= sLimit {
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+
+		// A 4-byte match has been found. Update recent offsets.
+		// We'll later see if more than 4 bytes.
+		offset2 = offset1
+		offset1 = s - t
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		if debugAsserts && canRepeat && int(offset1) > len(src) {
+			panic("invalid offset")
+		}
+
+		// Extend the 4-byte match as long as possible.
+		l := e.matchlen(s+4, t+4, src) + 4
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] && l < maxMatchLength {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+
+		// Index match start+1 (long) and start+2 (short)
+		index0 := s - l + 1
+		// Index match end-2 (long) and end-1 (short)
+		index1 := s - 2
+
+		cv0 := load6432(src, index0)
+		cv1 := load6432(src, index1)
+		te0 := tableEntry{offset: index0 + e.cur, val: uint32(cv0)}
+		te1 := tableEntry{offset: index1 + e.cur, val: uint32(cv1)}
+		longHash1 := hash8(cv0, dFastLongTableBits)
+		longHash2 := hash8(cv0, dFastLongTableBits)
+		e.longTable[longHash1] = te0
+		e.longTable[longHash2] = te1
+		e.markLongShardDirty(longHash1)
+		e.markLongShardDirty(longHash2)
+		cv0 >>= 8
+		cv1 >>= 8
+		te0.offset++
+		te1.offset++
+		te0.val = uint32(cv0)
+		te1.val = uint32(cv1)
+		hashVal1 := hash5(cv0, dFastShortTableBits)
+		hashVal2 := hash5(cv1, dFastShortTableBits)
+		e.table[hashVal1] = te0
+		e.markShardDirty(hashVal1)
+		e.table[hashVal2] = te1
+		e.markShardDirty(hashVal2)
+
+		cv = load6432(src, s)
+
+		if !canRepeat {
+			continue
+		}
+
+		// Check offset 2
+		for {
+			o2 := s - offset2
+			if load3232(src, o2) != uint32(cv) {
+				// Do regular search
+				break
+			}
+
+			// Store this, since we have it.
+			nextHashS := hash5(cv, dFastShortTableBits)
+			nextHashL := hash8(cv, dFastLongTableBits)
+
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			l := 4 + e.matchlen(s+4, o2+4, src)
+
+			entry := tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.longTable[nextHashL] = entry
+			e.markLongShardDirty(nextHashL)
+			e.table[nextHashS] = entry
+			e.markShardDirty(nextHashS)
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				// Finished
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	blk.recentOffsets[0] = uint32(offset1)
+	blk.recentOffsets[1] = uint32(offset2)
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+	// If we encoded more than 64K mark all dirty.
+	if len(src) > 64<<10 {
+		e.markAllShardsDirty()
+	}
+}
+
+// ResetDict will reset and set a dictionary if not nil
+func (e *doubleFastEncoder) Reset(d *dict, singleBlock bool) {
+	e.fastEncoder.Reset(d, singleBlock)
+	if d != nil {
+		panic("doubleFastEncoder: Reset with dict not supported")
+	}
+}
+
+// ResetDict will reset and set a dictionary if not nil
+func (e *doubleFastEncoderDict) Reset(d *dict, singleBlock bool) {
+	allDirty := e.allDirty
+	e.fastEncoderDict.Reset(d, singleBlock)
+	if d == nil {
+		return
+	}
+
+	// Init or copy dict table
+	if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID {
+		if len(e.dictLongTable) != len(e.longTable) {
+			e.dictLongTable = make([]tableEntry, len(e.longTable))
+		}
+		if len(d.content) >= 8 {
+			cv := load6432(d.content, 0)
+			e.dictLongTable[hash8(cv, dFastLongTableBits)] = tableEntry{
+				val:    uint32(cv),
+				offset: e.maxMatchOff,
+			}
+			end := int32(len(d.content)) - 8 + e.maxMatchOff
+			for i := e.maxMatchOff + 1; i < end; i++ {
+				cv = cv>>8 | (uint64(d.content[i-e.maxMatchOff+7]) << 56)
+				e.dictLongTable[hash8(cv, dFastLongTableBits)] = tableEntry{
+					val:    uint32(cv),
+					offset: i,
+				}
+			}
+		}
+		e.lastDictID = d.id
+		e.allDirty = true
+	}
+	// Reset table to initial state
+	e.cur = e.maxMatchOff
+
+	dirtyShardCnt := 0
+	if !allDirty {
+		for i := range e.longTableShardDirty {
+			if e.longTableShardDirty[i] {
+				dirtyShardCnt++
+			}
+		}
+	}
+
+	if allDirty || dirtyShardCnt > dLongTableShardCnt/2 {
+		copy(e.longTable[:], e.dictLongTable)
+		for i := range e.longTableShardDirty {
+			e.longTableShardDirty[i] = false
+		}
+		return
+	}
+	for i := range e.longTableShardDirty {
+		if !e.longTableShardDirty[i] {
+			continue
+		}
+
+		copy(e.longTable[i*dLongTableShardSize:(i+1)*dLongTableShardSize], e.dictLongTable[i*dLongTableShardSize:(i+1)*dLongTableShardSize])
+		e.longTableShardDirty[i] = false
+	}
+}
+
+func (e *doubleFastEncoderDict) markLongShardDirty(entryNum uint32) {
+	e.longTableShardDirty[entryNum/dLongTableShardSize] = true
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_fast.go b/vendor/github.com/klauspost/compress/zstd/enc_fast.go
new file mode 100644
index 0000000000000..ba4a17e10646b
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/enc_fast.go
@@ -0,0 +1,1018 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"fmt"
+	"math"
+	"math/bits"
+)
+
+const (
+	tableBits      = 15                               // Bits used in the table
+	tableSize      = 1 << tableBits                   // Size of the table
+	tableShardCnt  = 1 << (tableBits - dictShardBits) // Number of shards in the table
+	tableShardSize = tableSize / tableShardCnt        // Size of an individual shard
+	tableMask      = tableSize - 1                    // Mask for table indices. Redundant, but can eliminate bounds checks.
+	maxMatchLength = 131074
+)
+
+type tableEntry struct {
+	val    uint32
+	offset int32
+}
+
+type fastEncoder struct {
+	fastBase
+	table [tableSize]tableEntry
+}
+
+type fastEncoderDict struct {
+	fastEncoder
+	dictTable       []tableEntry
+	tableShardDirty [tableShardCnt]bool
+	allDirty        bool
+}
+
+// Encode mimmics functionality in zstd_fast.c
+func (e *fastEncoder) Encode(blk *blockEnc, src []byte) {
+	const (
+		inputMargin            = 8
+		minNonLiteralBlockSize = 1 + 1 + inputMargin
+	)
+
+	// Protect against e.cur wraparound.
+	for e.cur >= bufferReset {
+		if len(e.hist) == 0 {
+			for i := range e.table[:] {
+				e.table[i] = tableEntry{}
+			}
+			e.cur = e.maxMatchOff
+			break
+		}
+		// Shift down everything in the table that isn't already too far away.
+		minOff := e.cur + int32(len(e.hist)) - e.maxMatchOff
+		for i := range e.table[:] {
+			v := e.table[i].offset
+			if v < minOff {
+				v = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+			}
+			e.table[i].offset = v
+		}
+		e.cur = e.maxMatchOff
+		break
+	}
+
+	s := e.addBlock(src)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	// Override src
+	src = e.hist
+	sLimit := int32(len(src)) - inputMargin
+	// stepSize is the number of bytes to skip on every main loop iteration.
+	// It should be >= 2.
+	const stepSize = 2
+
+	// TEMPLATE
+	const hashLog = tableBits
+	// seems global, but would be nice to tweak.
+	const kSearchStrength = 7
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		// t will contain the match offset when we find one.
+		// When existing the search loop, we have already checked 4 bytes.
+		var t int32
+
+		// We will not use repeat offsets across blocks.
+		// By not using them for the first 3 matches
+		canRepeat := len(blk.sequences) > 2
+
+		for {
+			if debugAsserts && canRepeat && offset1 == 0 {
+				panic("offset0 was 0")
+			}
+
+			nextHash := hash6(cv, hashLog)
+			nextHash2 := hash6(cv>>8, hashLog)
+			candidate := e.table[nextHash]
+			candidate2 := e.table[nextHash2]
+			repIndex := s - offset1 + 2
+
+			e.table[nextHash] = tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.table[nextHash2] = tableEntry{offset: s + e.cur + 1, val: uint32(cv >> 8)}
+
+			if canRepeat && repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>16) {
+				// Consider history as well.
+				var seq seq
+				var length int32
+				// length = 4 + e.matchlen(s+6, repIndex+4, src)
+				{
+					a := src[s+6:]
+					b := src[repIndex+4:]
+					endI := len(a) & (math.MaxInt32 - 7)
+					length = int32(endI) + 4
+					for i := 0; i < endI; i += 8 {
+						if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+							length = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+							break
+						}
+					}
+				}
+
+				seq.matchLen = uint32(length - zstdMinMatch)
+
+				// We might be able to match backwards.
+				// Extend as long as we can.
+				start := s + 2
+				// We end the search early, so we don't risk 0 literals
+				// and have to do special offset treatment.
+				startLimit := nextEmit + 1
+
+				sMin := s - e.maxMatchOff
+				if sMin < 0 {
+					sMin = 0
+				}
+				for repIndex > sMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch {
+					repIndex--
+					start--
+					seq.matchLen++
+				}
+				addLiterals(&seq, start)
+
+				// rep 0
+				seq.offset = 1
+				if debugSequences {
+					println("repeat sequence", seq, "next s:", s)
+				}
+				blk.sequences = append(blk.sequences, seq)
+				s += length + 2
+				nextEmit = s
+				if s >= sLimit {
+					if debug {
+						println("repeat ended", s, length)
+
+					}
+					break encodeLoop
+				}
+				cv = load6432(src, s)
+				continue
+			}
+			coffset0 := s - (candidate.offset - e.cur)
+			coffset1 := s - (candidate2.offset - e.cur) + 1
+			if coffset0 < e.maxMatchOff && uint32(cv) == candidate.val {
+				// found a regular match
+				t = candidate.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				break
+			}
+
+			if coffset1 < e.maxMatchOff && uint32(cv>>8) == candidate2.val {
+				// found a regular match
+				t = candidate2.offset - e.cur
+				s++
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic("t<0")
+				}
+				break
+			}
+			s += stepSize + ((s - nextEmit) >> (kSearchStrength - 1))
+			if s >= sLimit {
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+		// A 4-byte match has been found. We'll later see if more than 4 bytes.
+		offset2 = offset1
+		offset1 = s - t
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		if debugAsserts && canRepeat && int(offset1) > len(src) {
+			panic("invalid offset")
+		}
+
+		// Extend the 4-byte match as long as possible.
+		//l := e.matchlen(s+4, t+4, src) + 4
+		var l int32
+		{
+			a := src[s+4:]
+			b := src[t+4:]
+			endI := len(a) & (math.MaxInt32 - 7)
+			l = int32(endI) + 4
+			for i := 0; i < endI; i += 8 {
+				if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+					l = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+					break
+				}
+			}
+		}
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] && l < maxMatchLength {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence.
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		// Don't use repeat offsets
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+		cv = load6432(src, s)
+
+		// Check offset 2
+		if o2 := s - offset2; canRepeat && load3232(src, o2) == uint32(cv) {
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			//l := 4 + e.matchlen(s+4, o2+4, src)
+			var l int32
+			{
+				a := src[s+4:]
+				b := src[o2+4:]
+				endI := len(a) & (math.MaxInt32 - 7)
+				l = int32(endI) + 4
+				for i := 0; i < endI; i += 8 {
+					if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+						l = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+						break
+					}
+				}
+			}
+
+			// Store this, since we have it.
+			nextHash := hash6(cv, hashLog)
+			e.table[nextHash] = tableEntry{offset: s + e.cur, val: uint32(cv)}
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				break encodeLoop
+			}
+			// Prepare next loop.
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	blk.recentOffsets[0] = uint32(offset1)
+	blk.recentOffsets[1] = uint32(offset2)
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+}
+
+// EncodeNoHist will encode a block with no history and no following blocks.
+// Most notable difference is that src will not be copied for history and
+// we do not need to check for max match length.
+func (e *fastEncoder) EncodeNoHist(blk *blockEnc, src []byte) {
+	const (
+		inputMargin            = 8
+		minNonLiteralBlockSize = 1 + 1 + inputMargin
+	)
+	if debug {
+		if len(src) > maxBlockSize {
+			panic("src too big")
+		}
+	}
+
+	// Protect against e.cur wraparound.
+	if e.cur >= bufferReset {
+		for i := range e.table[:] {
+			e.table[i] = tableEntry{}
+		}
+		e.cur = e.maxMatchOff
+	}
+
+	s := int32(0)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	sLimit := int32(len(src)) - inputMargin
+	// stepSize is the number of bytes to skip on every main loop iteration.
+	// It should be >= 2.
+	const stepSize = 2
+
+	// TEMPLATE
+	const hashLog = tableBits
+	// seems global, but would be nice to tweak.
+	const kSearchStrength = 8
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		// t will contain the match offset when we find one.
+		// When existing the search loop, we have already checked 4 bytes.
+		var t int32
+
+		// We will not use repeat offsets across blocks.
+		// By not using them for the first 3 matches
+
+		for {
+			nextHash := hash6(cv, hashLog)
+			nextHash2 := hash6(cv>>8, hashLog)
+			candidate := e.table[nextHash]
+			candidate2 := e.table[nextHash2]
+			repIndex := s - offset1 + 2
+
+			e.table[nextHash] = tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.table[nextHash2] = tableEntry{offset: s + e.cur + 1, val: uint32(cv >> 8)}
+
+			if len(blk.sequences) > 2 && load3232(src, repIndex) == uint32(cv>>16) {
+				// Consider history as well.
+				var seq seq
+				// length := 4 + e.matchlen(s+6, repIndex+4, src)
+				// length := 4 + int32(matchLen(src[s+6:], src[repIndex+4:]))
+				var length int32
+				{
+					a := src[s+6:]
+					b := src[repIndex+4:]
+					endI := len(a) & (math.MaxInt32 - 7)
+					length = int32(endI) + 4
+					for i := 0; i < endI; i += 8 {
+						if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+							length = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+							break
+						}
+					}
+				}
+
+				seq.matchLen = uint32(length - zstdMinMatch)
+
+				// We might be able to match backwards.
+				// Extend as long as we can.
+				start := s + 2
+				// We end the search early, so we don't risk 0 literals
+				// and have to do special offset treatment.
+				startLimit := nextEmit + 1
+
+				sMin := s - e.maxMatchOff
+				if sMin < 0 {
+					sMin = 0
+				}
+				for repIndex > sMin && start > startLimit && src[repIndex-1] == src[start-1] {
+					repIndex--
+					start--
+					seq.matchLen++
+				}
+				addLiterals(&seq, start)
+
+				// rep 0
+				seq.offset = 1
+				if debugSequences {
+					println("repeat sequence", seq, "next s:", s)
+				}
+				blk.sequences = append(blk.sequences, seq)
+				s += length + 2
+				nextEmit = s
+				if s >= sLimit {
+					if debug {
+						println("repeat ended", s, length)
+
+					}
+					break encodeLoop
+				}
+				cv = load6432(src, s)
+				continue
+			}
+			coffset0 := s - (candidate.offset - e.cur)
+			coffset1 := s - (candidate2.offset - e.cur) + 1
+			if coffset0 < e.maxMatchOff && uint32(cv) == candidate.val {
+				// found a regular match
+				t = candidate.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic(fmt.Sprintf("t (%d) < 0, candidate.offset: %d, e.cur: %d, coffset0: %d, e.maxMatchOff: %d", t, candidate.offset, e.cur, coffset0, e.maxMatchOff))
+				}
+				break
+			}
+
+			if coffset1 < e.maxMatchOff && uint32(cv>>8) == candidate2.val {
+				// found a regular match
+				t = candidate2.offset - e.cur
+				s++
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic("t<0")
+				}
+				break
+			}
+			s += stepSize + ((s - nextEmit) >> (kSearchStrength - 1))
+			if s >= sLimit {
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+		// A 4-byte match has been found. We'll later see if more than 4 bytes.
+		offset2 = offset1
+		offset1 = s - t
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		if debugAsserts && t < 0 {
+			panic(fmt.Sprintf("t (%d) < 0 ", t))
+		}
+		// Extend the 4-byte match as long as possible.
+		//l := e.matchlenNoHist(s+4, t+4, src) + 4
+		// l := int32(matchLen(src[s+4:], src[t+4:])) + 4
+		var l int32
+		{
+			a := src[s+4:]
+			b := src[t+4:]
+			endI := len(a) & (math.MaxInt32 - 7)
+			l = int32(endI) + 4
+			for i := 0; i < endI; i += 8 {
+				if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+					l = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+					break
+				}
+			}
+		}
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence.
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		// Don't use repeat offsets
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+		cv = load6432(src, s)
+
+		// Check offset 2
+		if o2 := s - offset2; len(blk.sequences) > 2 && load3232(src, o2) == uint32(cv) {
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			//l := 4 + e.matchlenNoHist(s+4, o2+4, src)
+			// l := 4 + int32(matchLen(src[s+4:], src[o2+4:]))
+			var l int32
+			{
+				a := src[s+4:]
+				b := src[o2+4:]
+				endI := len(a) & (math.MaxInt32 - 7)
+				l = int32(endI) + 4
+				for i := 0; i < endI; i += 8 {
+					if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+						l = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+						break
+					}
+				}
+			}
+
+			// Store this, since we have it.
+			nextHash := hash6(cv, hashLog)
+			e.table[nextHash] = tableEntry{offset: s + e.cur, val: uint32(cv)}
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				break encodeLoop
+			}
+			// Prepare next loop.
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+	// We do not store history, so we must offset e.cur to avoid false matches for next user.
+	if e.cur < bufferReset {
+		e.cur += int32(len(src))
+	}
+}
+
+// Encode will encode the content, with a dictionary if initialized for it.
+func (e *fastEncoderDict) Encode(blk *blockEnc, src []byte) {
+	const (
+		inputMargin            = 8
+		minNonLiteralBlockSize = 1 + 1 + inputMargin
+	)
+	if e.allDirty || len(src) > 32<<10 {
+		e.fastEncoder.Encode(blk, src)
+		e.allDirty = true
+		return
+	}
+	// Protect against e.cur wraparound.
+	for e.cur >= bufferReset {
+		if len(e.hist) == 0 {
+			for i := range e.table[:] {
+				e.table[i] = tableEntry{}
+			}
+			e.cur = e.maxMatchOff
+			break
+		}
+		// Shift down everything in the table that isn't already too far away.
+		minOff := e.cur + int32(len(e.hist)) - e.maxMatchOff
+		for i := range e.table[:] {
+			v := e.table[i].offset
+			if v < minOff {
+				v = 0
+			} else {
+				v = v - e.cur + e.maxMatchOff
+			}
+			e.table[i].offset = v
+		}
+		e.cur = e.maxMatchOff
+		break
+	}
+
+	s := e.addBlock(src)
+	blk.size = len(src)
+	if len(src) < minNonLiteralBlockSize {
+		blk.extraLits = len(src)
+		blk.literals = blk.literals[:len(src)]
+		copy(blk.literals, src)
+		return
+	}
+
+	// Override src
+	src = e.hist
+	sLimit := int32(len(src)) - inputMargin
+	// stepSize is the number of bytes to skip on every main loop iteration.
+	// It should be >= 2.
+	const stepSize = 2
+
+	// TEMPLATE
+	const hashLog = tableBits
+	// seems global, but would be nice to tweak.
+	const kSearchStrength = 7
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := s
+	cv := load6432(src, s)
+
+	// Relative offsets
+	offset1 := int32(blk.recentOffsets[0])
+	offset2 := int32(blk.recentOffsets[1])
+
+	addLiterals := func(s *seq, until int32) {
+		if until == nextEmit {
+			return
+		}
+		blk.literals = append(blk.literals, src[nextEmit:until]...)
+		s.litLen = uint32(until - nextEmit)
+	}
+	if debug {
+		println("recent offsets:", blk.recentOffsets)
+	}
+
+encodeLoop:
+	for {
+		// t will contain the match offset when we find one.
+		// When existing the search loop, we have already checked 4 bytes.
+		var t int32
+
+		// We will not use repeat offsets across blocks.
+		// By not using them for the first 3 matches
+		canRepeat := len(blk.sequences) > 2
+
+		for {
+			if debugAsserts && canRepeat && offset1 == 0 {
+				panic("offset0 was 0")
+			}
+
+			nextHash := hash6(cv, hashLog)
+			nextHash2 := hash6(cv>>8, hashLog)
+			candidate := e.table[nextHash]
+			candidate2 := e.table[nextHash2]
+			repIndex := s - offset1 + 2
+
+			e.table[nextHash] = tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.markShardDirty(nextHash)
+			e.table[nextHash2] = tableEntry{offset: s + e.cur + 1, val: uint32(cv >> 8)}
+			e.markShardDirty(nextHash2)
+
+			if canRepeat && repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>16) {
+				// Consider history as well.
+				var seq seq
+				var length int32
+				// length = 4 + e.matchlen(s+6, repIndex+4, src)
+				{
+					a := src[s+6:]
+					b := src[repIndex+4:]
+					endI := len(a) & (math.MaxInt32 - 7)
+					length = int32(endI) + 4
+					for i := 0; i < endI; i += 8 {
+						if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+							length = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+							break
+						}
+					}
+				}
+
+				seq.matchLen = uint32(length - zstdMinMatch)
+
+				// We might be able to match backwards.
+				// Extend as long as we can.
+				start := s + 2
+				// We end the search early, so we don't risk 0 literals
+				// and have to do special offset treatment.
+				startLimit := nextEmit + 1
+
+				sMin := s - e.maxMatchOff
+				if sMin < 0 {
+					sMin = 0
+				}
+				for repIndex > sMin && start > startLimit && src[repIndex-1] == src[start-1] && seq.matchLen < maxMatchLength-zstdMinMatch {
+					repIndex--
+					start--
+					seq.matchLen++
+				}
+				addLiterals(&seq, start)
+
+				// rep 0
+				seq.offset = 1
+				if debugSequences {
+					println("repeat sequence", seq, "next s:", s)
+				}
+				blk.sequences = append(blk.sequences, seq)
+				s += length + 2
+				nextEmit = s
+				if s >= sLimit {
+					if debug {
+						println("repeat ended", s, length)
+
+					}
+					break encodeLoop
+				}
+				cv = load6432(src, s)
+				continue
+			}
+			coffset0 := s - (candidate.offset - e.cur)
+			coffset1 := s - (candidate2.offset - e.cur) + 1
+			if coffset0 < e.maxMatchOff && uint32(cv) == candidate.val {
+				// found a regular match
+				t = candidate.offset - e.cur
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				break
+			}
+
+			if coffset1 < e.maxMatchOff && uint32(cv>>8) == candidate2.val {
+				// found a regular match
+				t = candidate2.offset - e.cur
+				s++
+				if debugAsserts && s <= t {
+					panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+				}
+				if debugAsserts && s-t > e.maxMatchOff {
+					panic("s - t >e.maxMatchOff")
+				}
+				if debugAsserts && t < 0 {
+					panic("t<0")
+				}
+				break
+			}
+			s += stepSize + ((s - nextEmit) >> (kSearchStrength - 1))
+			if s >= sLimit {
+				break encodeLoop
+			}
+			cv = load6432(src, s)
+		}
+		// A 4-byte match has been found. We'll later see if more than 4 bytes.
+		offset2 = offset1
+		offset1 = s - t
+
+		if debugAsserts && s <= t {
+			panic(fmt.Sprintf("s (%d) <= t (%d)", s, t))
+		}
+
+		if debugAsserts && canRepeat && int(offset1) > len(src) {
+			panic("invalid offset")
+		}
+
+		// Extend the 4-byte match as long as possible.
+		//l := e.matchlen(s+4, t+4, src) + 4
+		var l int32
+		{
+			a := src[s+4:]
+			b := src[t+4:]
+			endI := len(a) & (math.MaxInt32 - 7)
+			l = int32(endI) + 4
+			for i := 0; i < endI; i += 8 {
+				if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+					l = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+					break
+				}
+			}
+		}
+
+		// Extend backwards
+		tMin := s - e.maxMatchOff
+		if tMin < 0 {
+			tMin = 0
+		}
+		for t > tMin && s > nextEmit && src[t-1] == src[s-1] && l < maxMatchLength {
+			s--
+			t--
+			l++
+		}
+
+		// Write our sequence.
+		var seq seq
+		seq.litLen = uint32(s - nextEmit)
+		seq.matchLen = uint32(l - zstdMinMatch)
+		if seq.litLen > 0 {
+			blk.literals = append(blk.literals, src[nextEmit:s]...)
+		}
+		// Don't use repeat offsets
+		seq.offset = uint32(s-t) + 3
+		s += l
+		if debugSequences {
+			println("sequence", seq, "next s:", s)
+		}
+		blk.sequences = append(blk.sequences, seq)
+		nextEmit = s
+		if s >= sLimit {
+			break encodeLoop
+		}
+		cv = load6432(src, s)
+
+		// Check offset 2
+		if o2 := s - offset2; canRepeat && load3232(src, o2) == uint32(cv) {
+			// We have at least 4 byte match.
+			// No need to check backwards. We come straight from a match
+			//l := 4 + e.matchlen(s+4, o2+4, src)
+			var l int32
+			{
+				a := src[s+4:]
+				b := src[o2+4:]
+				endI := len(a) & (math.MaxInt32 - 7)
+				l = int32(endI) + 4
+				for i := 0; i < endI; i += 8 {
+					if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+						l = int32(i+bits.TrailingZeros64(diff)>>3) + 4
+						break
+					}
+				}
+			}
+
+			// Store this, since we have it.
+			nextHash := hash6(cv, hashLog)
+			e.table[nextHash] = tableEntry{offset: s + e.cur, val: uint32(cv)}
+			e.markShardDirty(nextHash)
+			seq.matchLen = uint32(l) - zstdMinMatch
+			seq.litLen = 0
+			// Since litlen is always 0, this is offset 1.
+			seq.offset = 1
+			s += l
+			nextEmit = s
+			if debugSequences {
+				println("sequence", seq, "next s:", s)
+			}
+			blk.sequences = append(blk.sequences, seq)
+
+			// Swap offset 1 and 2.
+			offset1, offset2 = offset2, offset1
+			if s >= sLimit {
+				break encodeLoop
+			}
+			// Prepare next loop.
+			cv = load6432(src, s)
+		}
+	}
+
+	if int(nextEmit) < len(src) {
+		blk.literals = append(blk.literals, src[nextEmit:]...)
+		blk.extraLits = len(src) - int(nextEmit)
+	}
+	blk.recentOffsets[0] = uint32(offset1)
+	blk.recentOffsets[1] = uint32(offset2)
+	if debug {
+		println("returning, recent offsets:", blk.recentOffsets, "extra literals:", blk.extraLits)
+	}
+}
+
+// ResetDict will reset and set a dictionary if not nil
+func (e *fastEncoder) Reset(d *dict, singleBlock bool) {
+	e.resetBase(d, singleBlock)
+	if d != nil {
+		panic("fastEncoder: Reset with dict")
+	}
+}
+
+// ResetDict will reset and set a dictionary if not nil
+func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) {
+	e.resetBase(d, singleBlock)
+	if d == nil {
+		return
+	}
+
+	// Init or copy dict table
+	if len(e.dictTable) != len(e.table) || d.id != e.lastDictID {
+		if len(e.dictTable) != len(e.table) {
+			e.dictTable = make([]tableEntry, len(e.table))
+		}
+		if true {
+			end := e.maxMatchOff + int32(len(d.content)) - 8
+			for i := e.maxMatchOff; i < end; i += 3 {
+				const hashLog = tableBits
+
+				cv := load6432(d.content, i-e.maxMatchOff)
+				nextHash := hash6(cv, hashLog)      // 0 -> 5
+				nextHash1 := hash6(cv>>8, hashLog)  // 1 -> 6
+				nextHash2 := hash6(cv>>16, hashLog) // 2 -> 7
+				e.dictTable[nextHash] = tableEntry{
+					val:    uint32(cv),
+					offset: i,
+				}
+				e.dictTable[nextHash1] = tableEntry{
+					val:    uint32(cv >> 8),
+					offset: i + 1,
+				}
+				e.dictTable[nextHash2] = tableEntry{
+					val:    uint32(cv >> 16),
+					offset: i + 2,
+				}
+			}
+		}
+		e.lastDictID = d.id
+		e.allDirty = true
+	}
+
+	e.cur = e.maxMatchOff
+	dirtyShardCnt := 0
+	if !e.allDirty {
+		for i := range e.tableShardDirty {
+			if e.tableShardDirty[i] {
+				dirtyShardCnt++
+			}
+		}
+	}
+
+	const shardCnt = tableShardCnt
+	const shardSize = tableShardSize
+	if e.allDirty || dirtyShardCnt > shardCnt*4/6 {
+		copy(e.table[:], e.dictTable)
+		for i := range e.tableShardDirty {
+			e.tableShardDirty[i] = false
+		}
+		e.allDirty = false
+		return
+	}
+	for i := range e.tableShardDirty {
+		if !e.tableShardDirty[i] {
+			continue
+		}
+
+		copy(e.table[i*shardSize:(i+1)*shardSize], e.dictTable[i*shardSize:(i+1)*shardSize])
+		e.tableShardDirty[i] = false
+	}
+	e.allDirty = false
+}
+
+func (e *fastEncoderDict) markAllShardsDirty() {
+	e.allDirty = true
+}
+
+func (e *fastEncoderDict) markShardDirty(entryNum uint32) {
+	e.tableShardDirty[entryNum/tableShardSize] = true
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go
new file mode 100644
index 0000000000000..6f0265099ecd4
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/encoder.go
@@ -0,0 +1,576 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"crypto/rand"
+	"fmt"
+	"io"
+	rdebug "runtime/debug"
+	"sync"
+
+	"github.com/klauspost/compress/zstd/internal/xxhash"
+)
+
+// Encoder provides encoding to Zstandard.
+// An Encoder can be used for either compressing a stream via the
+// io.WriteCloser interface supported by the Encoder or as multiple independent
+// tasks via the EncodeAll function.
+// Smaller encodes are encouraged to use the EncodeAll function.
+// Use NewWriter to create a new instance.
+type Encoder struct {
+	o        encoderOptions
+	encoders chan encoder
+	state    encoderState
+	init     sync.Once
+}
+
+type encoder interface {
+	Encode(blk *blockEnc, src []byte)
+	EncodeNoHist(blk *blockEnc, src []byte)
+	Block() *blockEnc
+	CRC() *xxhash.Digest
+	AppendCRC([]byte) []byte
+	WindowSize(size int) int32
+	UseBlock(*blockEnc)
+	Reset(d *dict, singleBlock bool)
+}
+
+type encoderState struct {
+	w                io.Writer
+	filling          []byte
+	current          []byte
+	previous         []byte
+	encoder          encoder
+	writing          *blockEnc
+	err              error
+	writeErr         error
+	nWritten         int64
+	headerWritten    bool
+	eofWritten       bool
+	fullFrameWritten bool
+
+	// This waitgroup indicates an encode is running.
+	wg sync.WaitGroup
+	// This waitgroup indicates we have a block encoding/writing.
+	wWg sync.WaitGroup
+}
+
+// NewWriter will create a new Zstandard encoder.
+// If the encoder will be used for encoding blocks a nil writer can be used.
+func NewWriter(w io.Writer, opts ...EOption) (*Encoder, error) {
+	initPredefined()
+	var e Encoder
+	e.o.setDefault()
+	for _, o := range opts {
+		err := o(&e.o)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if w != nil {
+		e.Reset(w)
+	}
+	return &e, nil
+}
+
+func (e *Encoder) initialize() {
+	if e.o.concurrent == 0 {
+		e.o.setDefault()
+	}
+	e.encoders = make(chan encoder, e.o.concurrent)
+	for i := 0; i < e.o.concurrent; i++ {
+		enc := e.o.encoder()
+		e.encoders <- enc
+	}
+}
+
+// Reset will re-initialize the writer and new writes will encode to the supplied writer
+// as a new, independent stream.
+func (e *Encoder) Reset(w io.Writer) {
+	s := &e.state
+	s.wg.Wait()
+	s.wWg.Wait()
+	if cap(s.filling) == 0 {
+		s.filling = make([]byte, 0, e.o.blockSize)
+	}
+	if cap(s.current) == 0 {
+		s.current = make([]byte, 0, e.o.blockSize)
+	}
+	if cap(s.previous) == 0 {
+		s.previous = make([]byte, 0, e.o.blockSize)
+	}
+	if s.encoder == nil {
+		s.encoder = e.o.encoder()
+	}
+	if s.writing == nil {
+		s.writing = &blockEnc{lowMem: e.o.lowMem}
+		s.writing.init()
+	}
+	s.writing.initNewEncode()
+	s.filling = s.filling[:0]
+	s.current = s.current[:0]
+	s.previous = s.previous[:0]
+	s.encoder.Reset(e.o.dict, false)
+	s.headerWritten = false
+	s.eofWritten = false
+	s.fullFrameWritten = false
+	s.w = w
+	s.err = nil
+	s.nWritten = 0
+	s.writeErr = nil
+}
+
+// Write data to the encoder.
+// Input data will be buffered and as the buffer fills up
+// content will be compressed and written to the output.
+// When done writing, use Close to flush the remaining output
+// and write CRC if requested.
+func (e *Encoder) Write(p []byte) (n int, err error) {
+	s := &e.state
+	for len(p) > 0 {
+		if len(p)+len(s.filling) < e.o.blockSize {
+			if e.o.crc {
+				_, _ = s.encoder.CRC().Write(p)
+			}
+			s.filling = append(s.filling, p...)
+			return n + len(p), nil
+		}
+		add := p
+		if len(p)+len(s.filling) > e.o.blockSize {
+			add = add[:e.o.blockSize-len(s.filling)]
+		}
+		if e.o.crc {
+			_, _ = s.encoder.CRC().Write(add)
+		}
+		s.filling = append(s.filling, add...)
+		p = p[len(add):]
+		n += len(add)
+		if len(s.filling) < e.o.blockSize {
+			return n, nil
+		}
+		err := e.nextBlock(false)
+		if err != nil {
+			return n, err
+		}
+		if debugAsserts && len(s.filling) > 0 {
+			panic(len(s.filling))
+		}
+	}
+	return n, nil
+}
+
+// nextBlock will synchronize and start compressing input in e.state.filling.
+// If an error has occurred during encoding it will be returned.
+func (e *Encoder) nextBlock(final bool) error {
+	s := &e.state
+	// Wait for current block.
+	s.wg.Wait()
+	if s.err != nil {
+		return s.err
+	}
+	if len(s.filling) > e.o.blockSize {
+		return fmt.Errorf("block > maxStoreBlockSize")
+	}
+	if !s.headerWritten {
+		// If we have a single block encode, do a sync compression.
+		if final && len(s.filling) == 0 && !e.o.fullZero {
+			s.headerWritten = true
+			s.fullFrameWritten = true
+			s.eofWritten = true
+			return nil
+		}
+		if final && len(s.filling) > 0 {
+			s.current = e.EncodeAll(s.filling, s.current[:0])
+			var n2 int
+			n2, s.err = s.w.Write(s.current)
+			if s.err != nil {
+				return s.err
+			}
+			s.nWritten += int64(n2)
+			s.current = s.current[:0]
+			s.filling = s.filling[:0]
+			s.headerWritten = true
+			s.fullFrameWritten = true
+			s.eofWritten = true
+			return nil
+		}
+
+		var tmp [maxHeaderSize]byte
+		fh := frameHeader{
+			ContentSize:   0,
+			WindowSize:    uint32(s.encoder.WindowSize(0)),
+			SingleSegment: false,
+			Checksum:      e.o.crc,
+			DictID:        e.o.dict.ID(),
+		}
+
+		dst, err := fh.appendTo(tmp[:0])
+		if err != nil {
+			return err
+		}
+		s.headerWritten = true
+		s.wWg.Wait()
+		var n2 int
+		n2, s.err = s.w.Write(dst)
+		if s.err != nil {
+			return s.err
+		}
+		s.nWritten += int64(n2)
+	}
+	if s.eofWritten {
+		// Ensure we only write it once.
+		final = false
+	}
+
+	if len(s.filling) == 0 {
+		// Final block, but no data.
+		if final {
+			enc := s.encoder
+			blk := enc.Block()
+			blk.reset(nil)
+			blk.last = true
+			blk.encodeRaw(nil)
+			s.wWg.Wait()
+			_, s.err = s.w.Write(blk.output)
+			s.nWritten += int64(len(blk.output))
+			s.eofWritten = true
+		}
+		return s.err
+	}
+
+	// Move blocks forward.
+	s.filling, s.current, s.previous = s.previous[:0], s.filling, s.current
+	s.wg.Add(1)
+	go func(src []byte) {
+		if debug {
+			println("Adding block,", len(src), "bytes, final:", final)
+		}
+		defer func() {
+			if r := recover(); r != nil {
+				s.err = fmt.Errorf("panic while encoding: %v", r)
+				rdebug.PrintStack()
+			}
+			s.wg.Done()
+		}()
+		enc := s.encoder
+		blk := enc.Block()
+		enc.Encode(blk, src)
+		blk.last = final
+		if final {
+			s.eofWritten = true
+		}
+		// Wait for pending writes.
+		s.wWg.Wait()
+		if s.writeErr != nil {
+			s.err = s.writeErr
+			return
+		}
+		// Transfer encoders from previous write block.
+		blk.swapEncoders(s.writing)
+		// Transfer recent offsets to next.
+		enc.UseBlock(s.writing)
+		s.writing = blk
+		s.wWg.Add(1)
+		go func() {
+			defer func() {
+				if r := recover(); r != nil {
+					s.writeErr = fmt.Errorf("panic while encoding/writing: %v", r)
+					rdebug.PrintStack()
+				}
+				s.wWg.Done()
+			}()
+			err := errIncompressible
+			// If we got the exact same number of literals as input,
+			// assume the literals cannot be compressed.
+			if len(src) != len(blk.literals) || len(src) != e.o.blockSize {
+				err = blk.encode(src, e.o.noEntropy, !e.o.allLitEntropy)
+			}
+			switch err {
+			case errIncompressible:
+				if debug {
+					println("Storing incompressible block as raw")
+				}
+				blk.encodeRaw(src)
+				// In fast mode, we do not transfer offsets, so we don't have to deal with changing the.
+			case nil:
+			default:
+				s.writeErr = err
+				return
+			}
+			_, s.writeErr = s.w.Write(blk.output)
+			s.nWritten += int64(len(blk.output))
+		}()
+	}(s.current)
+	return nil
+}
+
+// ReadFrom reads data from r until EOF or error.
+// The return value n is the number of bytes read.
+// Any error except io.EOF encountered during the read is also returned.
+//
+// The Copy function uses ReaderFrom if available.
+func (e *Encoder) ReadFrom(r io.Reader) (n int64, err error) {
+	if debug {
+		println("Using ReadFrom")
+	}
+
+	// Flush any current writes.
+	if len(e.state.filling) > 0 {
+		if err := e.nextBlock(false); err != nil {
+			return 0, err
+		}
+	}
+	e.state.filling = e.state.filling[:e.o.blockSize]
+	src := e.state.filling
+	for {
+		n2, err := r.Read(src)
+		if e.o.crc {
+			_, _ = e.state.encoder.CRC().Write(src[:n2])
+		}
+		// src is now the unfilled part...
+		src = src[n2:]
+		n += int64(n2)
+		switch err {
+		case io.EOF:
+			e.state.filling = e.state.filling[:len(e.state.filling)-len(src)]
+			if debug {
+				println("ReadFrom: got EOF final block:", len(e.state.filling))
+			}
+			return n, nil
+		default:
+			if debug {
+				println("ReadFrom: got error:", err)
+			}
+			e.state.err = err
+			return n, err
+		case nil:
+		}
+		if len(src) > 0 {
+			if debug {
+				println("ReadFrom: got space left in source:", len(src))
+			}
+			continue
+		}
+		err = e.nextBlock(false)
+		if err != nil {
+			return n, err
+		}
+		e.state.filling = e.state.filling[:e.o.blockSize]
+		src = e.state.filling
+	}
+}
+
+// Flush will send the currently written data to output
+// and block until everything has been written.
+// This should only be used on rare occasions where pushing the currently queued data is critical.
+func (e *Encoder) Flush() error {
+	s := &e.state
+	if len(s.filling) > 0 {
+		err := e.nextBlock(false)
+		if err != nil {
+			return err
+		}
+	}
+	s.wg.Wait()
+	s.wWg.Wait()
+	if s.err != nil {
+		return s.err
+	}
+	return s.writeErr
+}
+
+// Close will flush the final output and close the stream.
+// The function will block until everything has been written.
+// The Encoder can still be re-used after calling this.
+func (e *Encoder) Close() error {
+	s := &e.state
+	if s.encoder == nil {
+		return nil
+	}
+	err := e.nextBlock(true)
+	if err != nil {
+		return err
+	}
+	if e.state.fullFrameWritten {
+		return s.err
+	}
+	s.wg.Wait()
+	s.wWg.Wait()
+
+	if s.err != nil {
+		return s.err
+	}
+	if s.writeErr != nil {
+		return s.writeErr
+	}
+
+	// Write CRC
+	if e.o.crc && s.err == nil {
+		// heap alloc.
+		var tmp [4]byte
+		_, s.err = s.w.Write(s.encoder.AppendCRC(tmp[:0]))
+		s.nWritten += 4
+	}
+
+	// Add padding with content from crypto/rand.Reader
+	if s.err == nil && e.o.pad > 0 {
+		add := calcSkippableFrame(s.nWritten, int64(e.o.pad))
+		frame, err := skippableFrame(s.filling[:0], add, rand.Reader)
+		if err != nil {
+			return err
+		}
+		_, s.err = s.w.Write(frame)
+	}
+	return s.err
+}
+
+// EncodeAll will encode all input in src and append it to dst.
+// This function can be called concurrently, but each call will only run on a single goroutine.
+// If empty input is given, nothing is returned, unless WithZeroFrames is specified.
+// Encoded blocks can be concatenated and the result will be the combined input stream.
+// Data compressed with EncodeAll can be decoded with the Decoder,
+// using either a stream or DecodeAll.
+func (e *Encoder) EncodeAll(src, dst []byte) []byte {
+	if len(src) == 0 {
+		if e.o.fullZero {
+			// Add frame header.
+			fh := frameHeader{
+				ContentSize:   0,
+				WindowSize:    MinWindowSize,
+				SingleSegment: true,
+				// Adding a checksum would be a waste of space.
+				Checksum: false,
+				DictID:   0,
+			}
+			dst, _ = fh.appendTo(dst)
+
+			// Write raw block as last one only.
+			var blk blockHeader
+			blk.setSize(0)
+			blk.setType(blockTypeRaw)
+			blk.setLast(true)
+			dst = blk.appendTo(dst)
+		}
+		return dst
+	}
+	e.init.Do(e.initialize)
+	enc := <-e.encoders
+	defer func() {
+		// Release encoder reference to last block.
+		// If a non-single block is needed the encoder will reset again.
+		e.encoders <- enc
+	}()
+	// Use single segments when above minimum window and below 1MB.
+	single := len(src) < 1<<20 && len(src) > MinWindowSize
+	if e.o.single != nil {
+		single = *e.o.single
+	}
+	fh := frameHeader{
+		ContentSize:   uint64(len(src)),
+		WindowSize:    uint32(enc.WindowSize(len(src))),
+		SingleSegment: single,
+		Checksum:      e.o.crc,
+		DictID:        e.o.dict.ID(),
+	}
+
+	// If less than 1MB, allocate a buffer up front.
+	if len(dst) == 0 && cap(dst) == 0 && len(src) < 1<<20 && !e.o.lowMem {
+		dst = make([]byte, 0, len(src))
+	}
+	dst, err := fh.appendTo(dst)
+	if err != nil {
+		panic(err)
+	}
+
+	// If we can do everything in one block, prefer that.
+	if len(src) <= maxCompressedBlockSize {
+		enc.Reset(e.o.dict, true)
+		// Slightly faster with no history and everything in one block.
+		if e.o.crc {
+			_, _ = enc.CRC().Write(src)
+		}
+		blk := enc.Block()
+		blk.last = true
+		if e.o.dict == nil {
+			enc.EncodeNoHist(blk, src)
+		} else {
+			enc.Encode(blk, src)
+		}
+
+		// If we got the exact same number of literals as input,
+		// assume the literals cannot be compressed.
+		err := errIncompressible
+		oldout := blk.output
+		if len(blk.literals) != len(src) || len(src) != e.o.blockSize {
+			// Output directly to dst
+			blk.output = dst
+			err = blk.encode(src, e.o.noEntropy, !e.o.allLitEntropy)
+		}
+
+		switch err {
+		case errIncompressible:
+			if debug {
+				println("Storing incompressible block as raw")
+			}
+			dst = blk.encodeRawTo(dst, src)
+		case nil:
+			dst = blk.output
+		default:
+			panic(err)
+		}
+		blk.output = oldout
+	} else {
+		enc.Reset(e.o.dict, false)
+		blk := enc.Block()
+		for len(src) > 0 {
+			todo := src
+			if len(todo) > e.o.blockSize {
+				todo = todo[:e.o.blockSize]
+			}
+			src = src[len(todo):]
+			if e.o.crc {
+				_, _ = enc.CRC().Write(todo)
+			}
+			blk.pushOffsets()
+			enc.Encode(blk, todo)
+			if len(src) == 0 {
+				blk.last = true
+			}
+			err := errIncompressible
+			// If we got the exact same number of literals as input,
+			// assume the literals cannot be compressed.
+			if len(blk.literals) != len(todo) || len(todo) != e.o.blockSize {
+				err = blk.encode(todo, e.o.noEntropy, !e.o.allLitEntropy)
+			}
+
+			switch err {
+			case errIncompressible:
+				if debug {
+					println("Storing incompressible block as raw")
+				}
+				dst = blk.encodeRawTo(dst, todo)
+				blk.popOffsets()
+			case nil:
+				dst = append(dst, blk.output...)
+			default:
+				panic(err)
+			}
+			blk.reset(nil)
+		}
+	}
+	if e.o.crc {
+		dst = enc.AppendCRC(dst)
+	}
+	// Add padding with content from crypto/rand.Reader
+	if e.o.pad > 0 {
+		add := calcSkippableFrame(int64(len(dst)), int64(e.o.pad))
+		dst, err = skippableFrame(dst, add, rand.Reader)
+		if err != nil {
+			panic(err)
+		}
+	}
+	return dst
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/encoder_options.go b/vendor/github.com/klauspost/compress/zstd/encoder_options.go
new file mode 100644
index 0000000000000..18a47eb03e88b
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/encoder_options.go
@@ -0,0 +1,312 @@
+package zstd
+
+import (
+	"errors"
+	"fmt"
+	"runtime"
+	"strings"
+)
+
+// EOption is an option for creating a encoder.
+type EOption func(*encoderOptions) error
+
+// options retains accumulated state of multiple options.
+type encoderOptions struct {
+	concurrent      int
+	level           EncoderLevel
+	single          *bool
+	pad             int
+	blockSize       int
+	windowSize      int
+	crc             bool
+	fullZero        bool
+	noEntropy       bool
+	allLitEntropy   bool
+	customWindow    bool
+	customALEntropy bool
+	lowMem          bool
+	dict            *dict
+}
+
+func (o *encoderOptions) setDefault() {
+	*o = encoderOptions{
+		concurrent:    runtime.GOMAXPROCS(0),
+		crc:           true,
+		single:        nil,
+		blockSize:     1 << 16,
+		windowSize:    8 << 20,
+		level:         SpeedDefault,
+		allLitEntropy: true,
+		lowMem:        false,
+	}
+}
+
+// encoder returns an encoder with the selected options.
+func (o encoderOptions) encoder() encoder {
+	switch o.level {
+	case SpeedFastest:
+		if o.dict != nil {
+			return &fastEncoderDict{fastEncoder: fastEncoder{fastBase: fastBase{maxMatchOff: int32(o.windowSize), lowMem: o.lowMem}}}
+		}
+		return &fastEncoder{fastBase: fastBase{maxMatchOff: int32(o.windowSize), lowMem: o.lowMem}}
+
+	case SpeedDefault:
+		if o.dict != nil {
+			return &doubleFastEncoderDict{fastEncoderDict: fastEncoderDict{fastEncoder: fastEncoder{fastBase: fastBase{maxMatchOff: int32(o.windowSize), lowMem: o.lowMem}}}}
+		}
+		return &doubleFastEncoder{fastEncoder: fastEncoder{fastBase: fastBase{maxMatchOff: int32(o.windowSize), lowMem: o.lowMem}}}
+	case SpeedBetterCompression:
+		if o.dict != nil {
+			return &betterFastEncoderDict{betterFastEncoder: betterFastEncoder{fastBase: fastBase{maxMatchOff: int32(o.windowSize), lowMem: o.lowMem}}}
+		}
+		return &betterFastEncoder{fastBase: fastBase{maxMatchOff: int32(o.windowSize), lowMem: o.lowMem}}
+	case SpeedBestCompression:
+		return &bestFastEncoder{fastBase: fastBase{maxMatchOff: int32(o.windowSize), lowMem: o.lowMem}}
+	}
+	panic("unknown compression level")
+}
+
+// WithEncoderCRC will add CRC value to output.
+// Output will be 4 bytes larger.
+func WithEncoderCRC(b bool) EOption {
+	return func(o *encoderOptions) error { o.crc = b; return nil }
+}
+
+// WithEncoderConcurrency will set the concurrency,
+// meaning the maximum number of decoders to run concurrently.
+// The value supplied must be at least 1.
+// By default this will be set to GOMAXPROCS.
+func WithEncoderConcurrency(n int) EOption {
+	return func(o *encoderOptions) error {
+		if n <= 0 {
+			return fmt.Errorf("concurrency must be at least 1")
+		}
+		o.concurrent = n
+		return nil
+	}
+}
+
+// WithWindowSize will set the maximum allowed back-reference distance.
+// The value must be a power of two between MinWindowSize and MaxWindowSize.
+// A larger value will enable better compression but allocate more memory and,
+// for above-default values, take considerably longer.
+// The default value is determined by the compression level.
+func WithWindowSize(n int) EOption {
+	return func(o *encoderOptions) error {
+		switch {
+		case n < MinWindowSize:
+			return fmt.Errorf("window size must be at least %d", MinWindowSize)
+		case n > MaxWindowSize:
+			return fmt.Errorf("window size must be at most %d", MaxWindowSize)
+		case (n & (n - 1)) != 0:
+			return errors.New("window size must be a power of 2")
+		}
+
+		o.windowSize = n
+		o.customWindow = true
+		if o.blockSize > o.windowSize {
+			o.blockSize = o.windowSize
+		}
+		return nil
+	}
+}
+
+// WithEncoderPadding will add padding to all output so the size will be a multiple of n.
+// This can be used to obfuscate the exact output size or make blocks of a certain size.
+// The contents will be a skippable frame, so it will be invisible by the decoder.
+// n must be > 0 and <= 1GB, 1<<30 bytes.
+// The padded area will be filled with data from crypto/rand.Reader.
+// If `EncodeAll` is used with data already in the destination, the total size will be multiple of this.
+func WithEncoderPadding(n int) EOption {
+	return func(o *encoderOptions) error {
+		if n <= 0 {
+			return fmt.Errorf("padding must be at least 1")
+		}
+		// No need to waste our time.
+		if n == 1 {
+			o.pad = 0
+		}
+		if n > 1<<30 {
+			return fmt.Errorf("padding must less than 1GB (1<<30 bytes) ")
+		}
+		o.pad = n
+		return nil
+	}
+}
+
+// EncoderLevel predefines encoder compression levels.
+// Only use the constants made available, since the actual mapping
+// of these values are very likely to change and your compression could change
+// unpredictably when upgrading the library.
+type EncoderLevel int
+
+const (
+	speedNotSet EncoderLevel = iota
+
+	// SpeedFastest will choose the fastest reasonable compression.
+	// This is roughly equivalent to the fastest Zstandard mode.
+	SpeedFastest
+
+	// SpeedDefault is the default "pretty fast" compression option.
+	// This is roughly equivalent to the default Zstandard mode (level 3).
+	SpeedDefault
+
+	// SpeedBetterCompression will yield better compression than the default.
+	// Currently it is about zstd level 7-8 with ~ 2x-3x the default CPU usage.
+	// By using this, notice that CPU usage may go up in the future.
+	SpeedBetterCompression
+
+	// SpeedBestCompression will choose the best available compression option.
+	// This will offer the best compression no matter the CPU cost.
+	SpeedBestCompression
+
+	// speedLast should be kept as the last actual compression option.
+	// The is not for external usage, but is used to keep track of the valid options.
+	speedLast
+)
+
+// EncoderLevelFromString will convert a string representation of an encoding level back
+// to a compression level. The compare is not case sensitive.
+// If the string wasn't recognized, (false, SpeedDefault) will be returned.
+func EncoderLevelFromString(s string) (bool, EncoderLevel) {
+	for l := speedNotSet + 1; l < speedLast; l++ {
+		if strings.EqualFold(s, l.String()) {
+			return true, l
+		}
+	}
+	return false, SpeedDefault
+}
+
+// EncoderLevelFromZstd will return an encoder level that closest matches the compression
+// ratio of a specific zstd compression level.
+// Many input values will provide the same compression level.
+func EncoderLevelFromZstd(level int) EncoderLevel {
+	switch {
+	case level < 3:
+		return SpeedFastest
+	case level >= 3 && level < 6:
+		return SpeedDefault
+	case level >= 6 && level < 10:
+		return SpeedBetterCompression
+	case level >= 10:
+		return SpeedBetterCompression
+	}
+	return SpeedDefault
+}
+
+// String provides a string representation of the compression level.
+func (e EncoderLevel) String() string {
+	switch e {
+	case SpeedFastest:
+		return "fastest"
+	case SpeedDefault:
+		return "default"
+	case SpeedBetterCompression:
+		return "better"
+	case SpeedBestCompression:
+		return "best"
+	default:
+		return "invalid"
+	}
+}
+
+// WithEncoderLevel specifies a predefined compression level.
+func WithEncoderLevel(l EncoderLevel) EOption {
+	return func(o *encoderOptions) error {
+		switch {
+		case l <= speedNotSet || l >= speedLast:
+			return fmt.Errorf("unknown encoder level")
+		}
+		o.level = l
+		if !o.customWindow {
+			switch o.level {
+			case SpeedFastest:
+				o.windowSize = 4 << 20
+			case SpeedDefault:
+				o.windowSize = 8 << 20
+			case SpeedBetterCompression:
+				o.windowSize = 16 << 20
+			case SpeedBestCompression:
+				o.windowSize = 32 << 20
+			}
+		}
+		if !o.customALEntropy {
+			o.allLitEntropy = l > SpeedFastest
+		}
+
+		return nil
+	}
+}
+
+// WithZeroFrames will encode 0 length input as full frames.
+// This can be needed for compatibility with zstandard usage,
+// but is not needed for this package.
+func WithZeroFrames(b bool) EOption {
+	return func(o *encoderOptions) error {
+		o.fullZero = b
+		return nil
+	}
+}
+
+// WithAllLitEntropyCompression will apply entropy compression if no matches are found.
+// Disabling this will skip incompressible data faster, but in cases with no matches but
+// skewed character distribution compression is lost.
+// Default value depends on the compression level selected.
+func WithAllLitEntropyCompression(b bool) EOption {
+	return func(o *encoderOptions) error {
+		o.customALEntropy = true
+		o.allLitEntropy = b
+		return nil
+	}
+}
+
+// WithNoEntropyCompression will always skip entropy compression of literals.
+// This can be useful if content has matches, but unlikely to benefit from entropy
+// compression. Usually the slight speed improvement is not worth enabling this.
+func WithNoEntropyCompression(b bool) EOption {
+	return func(o *encoderOptions) error {
+		o.noEntropy = b
+		return nil
+	}
+}
+
+// WithSingleSegment will set the "single segment" flag when EncodeAll is used.
+// If this flag is set, data must be regenerated within a single continuous memory segment.
+// In this case, Window_Descriptor byte is skipped, but Frame_Content_Size is necessarily present.
+// As a consequence, the decoder must allocate a memory segment of size equal or larger than size of your content.
+// In order to preserve the decoder from unreasonable memory requirements,
+// a decoder is allowed to reject a compressed frame which requests a memory size beyond decoder's authorized range.
+// For broader compatibility, decoders are recommended to support memory sizes of at least 8 MB.
+// This is only a recommendation, each decoder is free to support higher or lower limits, depending on local limitations.
+// If this is not specified, block encodes will automatically choose this based on the input size.
+// This setting has no effect on streamed encodes.
+func WithSingleSegment(b bool) EOption {
+	return func(o *encoderOptions) error {
+		o.single = &b
+		return nil
+	}
+}
+
+// WithLowerEncoderMem will trade in some memory cases trade less memory usage for
+// slower encoding speed.
+// This will not change the window size which is the primary function for reducing
+// memory usage. See WithWindowSize.
+func WithLowerEncoderMem(b bool) EOption {
+	return func(o *encoderOptions) error {
+		o.lowMem = b
+		return nil
+	}
+}
+
+// WithEncoderDict allows to register a dictionary that will be used for the encode.
+// The encoder *may* choose to use no dictionary instead for certain payloads.
+func WithEncoderDict(dict []byte) EOption {
+	return func(o *encoderOptions) error {
+		d, err := loadDict(dict)
+		if err != nil {
+			return err
+		}
+		o.dict = d
+		return nil
+	}
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/framedec.go b/vendor/github.com/klauspost/compress/zstd/framedec.go
new file mode 100644
index 0000000000000..fc4a566d39aaf
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/framedec.go
@@ -0,0 +1,494 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"bytes"
+	"encoding/hex"
+	"errors"
+	"hash"
+	"io"
+	"sync"
+
+	"github.com/klauspost/compress/zstd/internal/xxhash"
+)
+
+type frameDec struct {
+	o      decoderOptions
+	crc    hash.Hash64
+	offset int64
+
+	WindowSize uint64
+
+	// maxWindowSize is the maximum windows size to support.
+	// should never be bigger than max-int.
+	maxWindowSize uint64
+
+	// In order queue of blocks being decoded.
+	decoding chan *blockDec
+
+	// Frame history passed between blocks
+	history history
+
+	rawInput byteBuffer
+
+	// Byte buffer that can be reused for small input blocks.
+	bBuf byteBuf
+
+	FrameContentSize uint64
+	frameDone        sync.WaitGroup
+
+	DictionaryID  *uint32
+	HasCheckSum   bool
+	SingleSegment bool
+
+	// asyncRunning indicates whether the async routine processes input on 'decoding'.
+	asyncRunningMu sync.Mutex
+	asyncRunning   bool
+}
+
+const (
+	// The minimum Window_Size is 1 KB.
+	MinWindowSize = 1 << 10
+	MaxWindowSize = 1 << 29
+)
+
+var (
+	frameMagic          = []byte{0x28, 0xb5, 0x2f, 0xfd}
+	skippableFrameMagic = []byte{0x2a, 0x4d, 0x18}
+)
+
+func newFrameDec(o decoderOptions) *frameDec {
+	d := frameDec{
+		o:             o,
+		maxWindowSize: MaxWindowSize,
+	}
+	if d.maxWindowSize > o.maxDecodedSize {
+		d.maxWindowSize = o.maxDecodedSize
+	}
+	return &d
+}
+
+// reset will read the frame header and prepare for block decoding.
+// If nothing can be read from the input, io.EOF will be returned.
+// Any other error indicated that the stream contained data, but
+// there was a problem.
+func (d *frameDec) reset(br byteBuffer) error {
+	d.HasCheckSum = false
+	d.WindowSize = 0
+	var b []byte
+	for {
+		b = br.readSmall(4)
+		if b == nil {
+			return io.EOF
+		}
+		if !bytes.Equal(b[1:4], skippableFrameMagic) || b[0]&0xf0 != 0x50 {
+			if debug {
+				println("Not skippable", hex.EncodeToString(b), hex.EncodeToString(skippableFrameMagic))
+			}
+			// Break if not skippable frame.
+			break
+		}
+		// Read size to skip
+		b = br.readSmall(4)
+		if b == nil {
+			println("Reading Frame Size EOF")
+			return io.ErrUnexpectedEOF
+		}
+		n := uint32(b[0]) | (uint32(b[1]) << 8) | (uint32(b[2]) << 16) | (uint32(b[3]) << 24)
+		println("Skipping frame with", n, "bytes.")
+		err := br.skipN(int(n))
+		if err != nil {
+			if debug {
+				println("Reading discarded frame", err)
+			}
+			return err
+		}
+	}
+	if !bytes.Equal(b, frameMagic) {
+		println("Got magic numbers: ", b, "want:", frameMagic)
+		return ErrMagicMismatch
+	}
+
+	// Read Frame_Header_Descriptor
+	fhd, err := br.readByte()
+	if err != nil {
+		println("Reading Frame_Header_Descriptor", err)
+		return err
+	}
+	d.SingleSegment = fhd&(1<<5) != 0
+
+	if fhd&(1<<3) != 0 {
+		return errors.New("Reserved bit set on frame header")
+	}
+
+	// Read Window_Descriptor
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#window_descriptor
+	d.WindowSize = 0
+	if !d.SingleSegment {
+		wd, err := br.readByte()
+		if err != nil {
+			println("Reading Window_Descriptor", err)
+			return err
+		}
+		printf("raw: %x, mantissa: %d, exponent: %d\n", wd, wd&7, wd>>3)
+		windowLog := 10 + (wd >> 3)
+		windowBase := uint64(1) << windowLog
+		windowAdd := (windowBase / 8) * uint64(wd&0x7)
+		d.WindowSize = windowBase + windowAdd
+	}
+
+	// Read Dictionary_ID
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#dictionary_id
+	d.DictionaryID = nil
+	if size := fhd & 3; size != 0 {
+		if size == 3 {
+			size = 4
+		}
+		b = br.readSmall(int(size))
+		if b == nil {
+			if debug {
+				println("Reading Dictionary_ID", io.ErrUnexpectedEOF)
+			}
+			return io.ErrUnexpectedEOF
+		}
+		var id uint32
+		switch size {
+		case 1:
+			id = uint32(b[0])
+		case 2:
+			id = uint32(b[0]) | (uint32(b[1]) << 8)
+		case 4:
+			id = uint32(b[0]) | (uint32(b[1]) << 8) | (uint32(b[2]) << 16) | (uint32(b[3]) << 24)
+		}
+		if debug {
+			println("Dict size", size, "ID:", id)
+		}
+		if id > 0 {
+			// ID 0 means "sorry, no dictionary anyway".
+			// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#dictionary-format
+			d.DictionaryID = &id
+		}
+	}
+
+	// Read Frame_Content_Size
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#frame_content_size
+	var fcsSize int
+	v := fhd >> 6
+	switch v {
+	case 0:
+		if d.SingleSegment {
+			fcsSize = 1
+		}
+	default:
+		fcsSize = 1 << v
+	}
+	d.FrameContentSize = 0
+	if fcsSize > 0 {
+		b := br.readSmall(fcsSize)
+		if b == nil {
+			println("Reading Frame content", io.ErrUnexpectedEOF)
+			return io.ErrUnexpectedEOF
+		}
+		switch fcsSize {
+		case 1:
+			d.FrameContentSize = uint64(b[0])
+		case 2:
+			// When FCS_Field_Size is 2, the offset of 256 is added.
+			d.FrameContentSize = uint64(b[0]) | (uint64(b[1]) << 8) + 256
+		case 4:
+			d.FrameContentSize = uint64(b[0]) | (uint64(b[1]) << 8) | (uint64(b[2]) << 16) | (uint64(b[3]) << 24)
+		case 8:
+			d1 := uint32(b[0]) | (uint32(b[1]) << 8) | (uint32(b[2]) << 16) | (uint32(b[3]) << 24)
+			d2 := uint32(b[4]) | (uint32(b[5]) << 8) | (uint32(b[6]) << 16) | (uint32(b[7]) << 24)
+			d.FrameContentSize = uint64(d1) | (uint64(d2) << 32)
+		}
+		if debug {
+			println("field size bits:", v, "fcsSize:", fcsSize, "FrameContentSize:", d.FrameContentSize, hex.EncodeToString(b[:fcsSize]), "singleseg:", d.SingleSegment, "window:", d.WindowSize)
+		}
+	}
+	// Move this to shared.
+	d.HasCheckSum = fhd&(1<<2) != 0
+	if d.HasCheckSum {
+		if d.crc == nil {
+			d.crc = xxhash.New()
+		}
+		d.crc.Reset()
+	}
+
+	if d.WindowSize == 0 && d.SingleSegment {
+		// We may not need window in this case.
+		d.WindowSize = d.FrameContentSize
+		if d.WindowSize < MinWindowSize {
+			d.WindowSize = MinWindowSize
+		}
+	}
+
+	if d.WindowSize > d.maxWindowSize {
+		printf("window size %d > max %d\n", d.WindowSize, d.maxWindowSize)
+		return ErrWindowSizeExceeded
+	}
+	// The minimum Window_Size is 1 KB.
+	if d.WindowSize < MinWindowSize {
+		println("got window size: ", d.WindowSize)
+		return ErrWindowSizeTooSmall
+	}
+	d.history.windowSize = int(d.WindowSize)
+	if d.o.lowMem && d.history.windowSize < maxBlockSize {
+		d.history.maxSize = d.history.windowSize * 2
+	} else {
+		d.history.maxSize = d.history.windowSize + maxBlockSize
+	}
+	// history contains input - maybe we do something
+	d.rawInput = br
+	return nil
+}
+
+// next will start decoding the next block from stream.
+func (d *frameDec) next(block *blockDec) error {
+	if debug {
+		printf("decoding new block %p:%p", block, block.data)
+	}
+	err := block.reset(d.rawInput, d.WindowSize)
+	if err != nil {
+		println("block error:", err)
+		// Signal the frame decoder we have a problem.
+		d.sendErr(block, err)
+		return err
+	}
+	block.input <- struct{}{}
+	if debug {
+		println("next block:", block)
+	}
+	d.asyncRunningMu.Lock()
+	defer d.asyncRunningMu.Unlock()
+	if !d.asyncRunning {
+		return nil
+	}
+	if block.Last {
+		// We indicate the frame is done by sending io.EOF
+		d.decoding <- block
+		return io.EOF
+	}
+	d.decoding <- block
+	return nil
+}
+
+// sendEOF will queue an error block on the frame.
+// This will cause the frame decoder to return when it encounters the block.
+// Returns true if the decoder was added.
+func (d *frameDec) sendErr(block *blockDec, err error) bool {
+	d.asyncRunningMu.Lock()
+	defer d.asyncRunningMu.Unlock()
+	if !d.asyncRunning {
+		return false
+	}
+
+	println("sending error", err.Error())
+	block.sendErr(err)
+	d.decoding <- block
+	return true
+}
+
+// checkCRC will check the checksum if the frame has one.
+// Will return ErrCRCMismatch if crc check failed, otherwise nil.
+func (d *frameDec) checkCRC() error {
+	if !d.HasCheckSum {
+		return nil
+	}
+	var tmp [4]byte
+	got := d.crc.Sum64()
+	// Flip to match file order.
+	tmp[0] = byte(got >> 0)
+	tmp[1] = byte(got >> 8)
+	tmp[2] = byte(got >> 16)
+	tmp[3] = byte(got >> 24)
+
+	// We can overwrite upper tmp now
+	want := d.rawInput.readSmall(4)
+	if want == nil {
+		println("CRC missing?")
+		return io.ErrUnexpectedEOF
+	}
+
+	if !bytes.Equal(tmp[:], want) {
+		if debug {
+			println("CRC Check Failed:", tmp[:], "!=", want)
+		}
+		return ErrCRCMismatch
+	}
+	if debug {
+		println("CRC ok", tmp[:])
+	}
+	return nil
+}
+
+func (d *frameDec) initAsync() {
+	if !d.o.lowMem && !d.SingleSegment {
+		// set max extra size history to 10MB.
+		d.history.maxSize = d.history.windowSize + maxBlockSize*5
+	}
+	// re-alloc if more than one extra block size.
+	if d.o.lowMem && cap(d.history.b) > d.history.maxSize+maxBlockSize {
+		d.history.b = make([]byte, 0, d.history.maxSize)
+	}
+	if cap(d.history.b) < d.history.maxSize {
+		d.history.b = make([]byte, 0, d.history.maxSize)
+	}
+	if cap(d.decoding) < d.o.concurrent {
+		d.decoding = make(chan *blockDec, d.o.concurrent)
+	}
+	if debug {
+		h := d.history
+		printf("history init. len: %d, cap: %d", len(h.b), cap(h.b))
+	}
+	d.asyncRunningMu.Lock()
+	d.asyncRunning = true
+	d.asyncRunningMu.Unlock()
+}
+
+// startDecoder will start decoding blocks and write them to the writer.
+// The decoder will stop as soon as an error occurs or at end of frame.
+// When the frame has finished decoding the *bufio.Reader
+// containing the remaining input will be sent on frameDec.frameDone.
+func (d *frameDec) startDecoder(output chan decodeOutput) {
+	written := int64(0)
+
+	defer func() {
+		d.asyncRunningMu.Lock()
+		d.asyncRunning = false
+		d.asyncRunningMu.Unlock()
+
+		// Drain the currently decoding.
+		d.history.error = true
+	flushdone:
+		for {
+			select {
+			case b := <-d.decoding:
+				b.history <- &d.history
+				output <- <-b.result
+			default:
+				break flushdone
+			}
+		}
+		println("frame decoder done, signalling done")
+		d.frameDone.Done()
+	}()
+	// Get decoder for first block.
+	block := <-d.decoding
+	block.history <- &d.history
+	for {
+		var next *blockDec
+		// Get result
+		r := <-block.result
+		if r.err != nil {
+			println("Result contained error", r.err)
+			output <- r
+			return
+		}
+		if debug {
+			println("got result, from ", d.offset, "to", d.offset+int64(len(r.b)))
+			d.offset += int64(len(r.b))
+		}
+		if !block.Last {
+			// Send history to next block
+			select {
+			case next = <-d.decoding:
+				if debug {
+					println("Sending ", len(d.history.b), "bytes as history")
+				}
+				next.history <- &d.history
+			default:
+				// Wait until we have sent the block, so
+				// other decoders can potentially get the decoder.
+				next = nil
+			}
+		}
+
+		// Add checksum, async to decoding.
+		if d.HasCheckSum {
+			n, err := d.crc.Write(r.b)
+			if err != nil {
+				r.err = err
+				if n != len(r.b) {
+					r.err = io.ErrShortWrite
+				}
+				output <- r
+				return
+			}
+		}
+		written += int64(len(r.b))
+		if d.SingleSegment && uint64(written) > d.FrameContentSize {
+			println("runDecoder: single segment and", uint64(written), ">", d.FrameContentSize)
+			r.err = ErrFrameSizeExceeded
+			output <- r
+			return
+		}
+		if block.Last {
+			r.err = d.checkCRC()
+			output <- r
+			return
+		}
+		output <- r
+		if next == nil {
+			// There was no decoder available, we wait for one now that we have sent to the writer.
+			if debug {
+				println("Sending ", len(d.history.b), " bytes as history")
+			}
+			next = <-d.decoding
+			next.history <- &d.history
+		}
+		block = next
+	}
+}
+
+// runDecoder will create a sync decoder that will decode a block of data.
+func (d *frameDec) runDecoder(dst []byte, dec *blockDec) ([]byte, error) {
+	saved := d.history.b
+
+	// We use the history for output to avoid copying it.
+	d.history.b = dst
+	// Store input length, so we only check new data.
+	crcStart := len(dst)
+	var err error
+	for {
+		err = dec.reset(d.rawInput, d.WindowSize)
+		if err != nil {
+			break
+		}
+		if debug {
+			println("next block:", dec)
+		}
+		err = dec.decodeBuf(&d.history)
+		if err != nil || dec.Last {
+			break
+		}
+		if uint64(len(d.history.b)) > d.o.maxDecodedSize {
+			err = ErrDecoderSizeExceeded
+			break
+		}
+		if d.SingleSegment && uint64(len(d.history.b)) > d.o.maxDecodedSize {
+			println("runDecoder: single segment and", uint64(len(d.history.b)), ">", d.o.maxDecodedSize)
+			err = ErrFrameSizeExceeded
+			break
+		}
+	}
+	dst = d.history.b
+	if err == nil {
+		if d.HasCheckSum {
+			var n int
+			n, err = d.crc.Write(dst[crcStart:])
+			if err == nil {
+				if n != len(dst)-crcStart {
+					err = io.ErrShortWrite
+				} else {
+					err = d.checkCRC()
+				}
+			}
+		}
+	}
+	d.history.b = saved
+	return dst, err
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/frameenc.go b/vendor/github.com/klauspost/compress/zstd/frameenc.go
new file mode 100644
index 0000000000000..4ef7f5a3e3d53
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/frameenc.go
@@ -0,0 +1,137 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"encoding/binary"
+	"fmt"
+	"io"
+	"math"
+	"math/bits"
+)
+
+type frameHeader struct {
+	ContentSize   uint64
+	WindowSize    uint32
+	SingleSegment bool
+	Checksum      bool
+	DictID        uint32
+}
+
+const maxHeaderSize = 14
+
+func (f frameHeader) appendTo(dst []byte) ([]byte, error) {
+	dst = append(dst, frameMagic...)
+	var fhd uint8
+	if f.Checksum {
+		fhd |= 1 << 2
+	}
+	if f.SingleSegment {
+		fhd |= 1 << 5
+	}
+
+	var dictIDContent []byte
+	if f.DictID > 0 {
+		var tmp [4]byte
+		if f.DictID < 256 {
+			fhd |= 1
+			tmp[0] = uint8(f.DictID)
+			dictIDContent = tmp[:1]
+		} else if f.DictID < 1<<16 {
+			fhd |= 2
+			binary.LittleEndian.PutUint16(tmp[:2], uint16(f.DictID))
+			dictIDContent = tmp[:2]
+		} else {
+			fhd |= 3
+			binary.LittleEndian.PutUint32(tmp[:4], f.DictID)
+			dictIDContent = tmp[:4]
+		}
+	}
+	var fcs uint8
+	if f.ContentSize >= 256 {
+		fcs++
+	}
+	if f.ContentSize >= 65536+256 {
+		fcs++
+	}
+	if f.ContentSize >= 0xffffffff {
+		fcs++
+	}
+
+	fhd |= fcs << 6
+
+	dst = append(dst, fhd)
+	if !f.SingleSegment {
+		const winLogMin = 10
+		windowLog := (bits.Len32(f.WindowSize-1) - winLogMin) << 3
+		dst = append(dst, uint8(windowLog))
+	}
+	if f.DictID > 0 {
+		dst = append(dst, dictIDContent...)
+	}
+	switch fcs {
+	case 0:
+		if f.SingleSegment {
+			dst = append(dst, uint8(f.ContentSize))
+		}
+		// Unless SingleSegment is set, framessizes < 256 are nto stored.
+	case 1:
+		f.ContentSize -= 256
+		dst = append(dst, uint8(f.ContentSize), uint8(f.ContentSize>>8))
+	case 2:
+		dst = append(dst, uint8(f.ContentSize), uint8(f.ContentSize>>8), uint8(f.ContentSize>>16), uint8(f.ContentSize>>24))
+	case 3:
+		dst = append(dst, uint8(f.ContentSize), uint8(f.ContentSize>>8), uint8(f.ContentSize>>16), uint8(f.ContentSize>>24),
+			uint8(f.ContentSize>>32), uint8(f.ContentSize>>40), uint8(f.ContentSize>>48), uint8(f.ContentSize>>56))
+	default:
+		panic("invalid fcs")
+	}
+	return dst, nil
+}
+
+const skippableFrameHeader = 4 + 4
+
+// calcSkippableFrame will return a total size to be added for written
+// to be divisible by multiple.
+// The value will always be > skippableFrameHeader.
+// The function will panic if written < 0 or wantMultiple <= 0.
+func calcSkippableFrame(written, wantMultiple int64) int {
+	if wantMultiple <= 0 {
+		panic("wantMultiple <= 0")
+	}
+	if written < 0 {
+		panic("written < 0")
+	}
+	leftOver := written % wantMultiple
+	if leftOver == 0 {
+		return 0
+	}
+	toAdd := wantMultiple - leftOver
+	for toAdd < skippableFrameHeader {
+		toAdd += wantMultiple
+	}
+	return int(toAdd)
+}
+
+// skippableFrame will add a skippable frame with a total size of bytes.
+// total should be >= skippableFrameHeader and < math.MaxUint32.
+func skippableFrame(dst []byte, total int, r io.Reader) ([]byte, error) {
+	if total == 0 {
+		return dst, nil
+	}
+	if total < skippableFrameHeader {
+		return dst, fmt.Errorf("requested skippable frame (%d) < 8", total)
+	}
+	if int64(total) > math.MaxUint32 {
+		return dst, fmt.Errorf("requested skippable frame (%d) > max uint32", total)
+	}
+	dst = append(dst, 0x50, 0x2a, 0x4d, 0x18)
+	f := uint32(total - skippableFrameHeader)
+	dst = append(dst, uint8(f), uint8(f>>8), uint8(f>>16), uint8(f>>24))
+	start := len(dst)
+	dst = append(dst, make([]byte, f)...)
+	_, err := io.ReadFull(r, dst[start:])
+	return dst, err
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/fse_decoder.go b/vendor/github.com/klauspost/compress/zstd/fse_decoder.go
new file mode 100644
index 0000000000000..e6d3d49b39c0e
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/fse_decoder.go
@@ -0,0 +1,385 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"errors"
+	"fmt"
+)
+
+const (
+	tablelogAbsoluteMax = 9
+)
+
+const (
+	/*!MEMORY_USAGE :
+	 *  Memory usage formula : N->2^N Bytes (examples : 10 -> 1KB; 12 -> 4KB ; 16 -> 64KB; 20 -> 1MB; etc.)
+	 *  Increasing memory usage improves compression ratio
+	 *  Reduced memory usage can improve speed, due to cache effect
+	 *  Recommended max value is 14, for 16KB, which nicely fits into Intel x86 L1 cache */
+	maxMemoryUsage = tablelogAbsoluteMax + 2
+
+	maxTableLog    = maxMemoryUsage - 2
+	maxTablesize   = 1 << maxTableLog
+	maxTableMask   = (1 << maxTableLog) - 1
+	minTablelog    = 5
+	maxSymbolValue = 255
+)
+
+// fseDecoder provides temporary storage for compression and decompression.
+type fseDecoder struct {
+	dt             [maxTablesize]decSymbol // Decompression table.
+	symbolLen      uint16                  // Length of active part of the symbol table.
+	actualTableLog uint8                   // Selected tablelog.
+	maxBits        uint8                   // Maximum number of additional bits
+
+	// used for table creation to avoid allocations.
+	stateTable [256]uint16
+	norm       [maxSymbolValue + 1]int16
+	preDefined bool
+}
+
+// tableStep returns the next table index.
+func tableStep(tableSize uint32) uint32 {
+	return (tableSize >> 1) + (tableSize >> 3) + 3
+}
+
+// readNCount will read the symbol distribution so decoding tables can be constructed.
+func (s *fseDecoder) readNCount(b *byteReader, maxSymbol uint16) error {
+	var (
+		charnum   uint16
+		previous0 bool
+	)
+	if b.remain() < 4 {
+		return errors.New("input too small")
+	}
+	bitStream := b.Uint32NC()
+	nbBits := uint((bitStream & 0xF) + minTablelog) // extract tableLog
+	if nbBits > tablelogAbsoluteMax {
+		println("Invalid tablelog:", nbBits)
+		return errors.New("tableLog too large")
+	}
+	bitStream >>= 4
+	bitCount := uint(4)
+
+	s.actualTableLog = uint8(nbBits)
+	remaining := int32((1 << nbBits) + 1)
+	threshold := int32(1 << nbBits)
+	gotTotal := int32(0)
+	nbBits++
+
+	for remaining > 1 && charnum <= maxSymbol {
+		if previous0 {
+			//println("prev0")
+			n0 := charnum
+			for (bitStream & 0xFFFF) == 0xFFFF {
+				//println("24 x 0")
+				n0 += 24
+				if r := b.remain(); r > 5 {
+					b.advance(2)
+					// The check above should make sure we can read 32 bits
+					bitStream = b.Uint32NC() >> bitCount
+				} else {
+					// end of bit stream
+					bitStream >>= 16
+					bitCount += 16
+				}
+			}
+			//printf("bitstream: %d, 0b%b", bitStream&3, bitStream)
+			for (bitStream & 3) == 3 {
+				n0 += 3
+				bitStream >>= 2
+				bitCount += 2
+			}
+			n0 += uint16(bitStream & 3)
+			bitCount += 2
+
+			if n0 > maxSymbolValue {
+				return errors.New("maxSymbolValue too small")
+			}
+			//println("inserting ", n0-charnum, "zeroes from idx", charnum, "ending before", n0)
+			for charnum < n0 {
+				s.norm[uint8(charnum)] = 0
+				charnum++
+			}
+
+			if r := b.remain(); r >= 7 || r-int(bitCount>>3) >= 4 {
+				b.advance(bitCount >> 3)
+				bitCount &= 7
+				// The check above should make sure we can read 32 bits
+				bitStream = b.Uint32NC() >> bitCount
+			} else {
+				bitStream >>= 2
+			}
+		}
+
+		max := (2*threshold - 1) - remaining
+		var count int32
+
+		if int32(bitStream)&(threshold-1) < max {
+			count = int32(bitStream) & (threshold - 1)
+			if debugAsserts && nbBits < 1 {
+				panic("nbBits underflow")
+			}
+			bitCount += nbBits - 1
+		} else {
+			count = int32(bitStream) & (2*threshold - 1)
+			if count >= threshold {
+				count -= max
+			}
+			bitCount += nbBits
+		}
+
+		// extra accuracy
+		count--
+		if count < 0 {
+			// -1 means +1
+			remaining += count
+			gotTotal -= count
+		} else {
+			remaining -= count
+			gotTotal += count
+		}
+		s.norm[charnum&0xff] = int16(count)
+		charnum++
+		previous0 = count == 0
+		for remaining < threshold {
+			nbBits--
+			threshold >>= 1
+		}
+
+		if r := b.remain(); r >= 7 || r-int(bitCount>>3) >= 4 {
+			b.advance(bitCount >> 3)
+			bitCount &= 7
+			// The check above should make sure we can read 32 bits
+			bitStream = b.Uint32NC() >> (bitCount & 31)
+		} else {
+			bitCount -= (uint)(8 * (len(b.b) - 4 - b.off))
+			b.off = len(b.b) - 4
+			bitStream = b.Uint32() >> (bitCount & 31)
+		}
+	}
+	s.symbolLen = charnum
+	if s.symbolLen <= 1 {
+		return fmt.Errorf("symbolLen (%d) too small", s.symbolLen)
+	}
+	if s.symbolLen > maxSymbolValue+1 {
+		return fmt.Errorf("symbolLen (%d) too big", s.symbolLen)
+	}
+	if remaining != 1 {
+		return fmt.Errorf("corruption detected (remaining %d != 1)", remaining)
+	}
+	if bitCount > 32 {
+		return fmt.Errorf("corruption detected (bitCount %d > 32)", bitCount)
+	}
+	if gotTotal != 1<<s.actualTableLog {
+		return fmt.Errorf("corruption detected (total %d != %d)", gotTotal, 1<<s.actualTableLog)
+	}
+	b.advance((bitCount + 7) >> 3)
+	// println(s.norm[:s.symbolLen], s.symbolLen)
+	return s.buildDtable()
+}
+
+// decSymbol contains information about a state entry,
+// Including the state offset base, the output symbol and
+// the number of bits to read for the low part of the destination state.
+// Using a composite uint64 is faster than a struct with separate members.
+type decSymbol uint64
+
+func newDecSymbol(nbits, addBits uint8, newState uint16, baseline uint32) decSymbol {
+	return decSymbol(nbits) | (decSymbol(addBits) << 8) | (decSymbol(newState) << 16) | (decSymbol(baseline) << 32)
+}
+
+func (d decSymbol) nbBits() uint8 {
+	return uint8(d)
+}
+
+func (d decSymbol) addBits() uint8 {
+	return uint8(d >> 8)
+}
+
+func (d decSymbol) newState() uint16 {
+	return uint16(d >> 16)
+}
+
+func (d decSymbol) baseline() uint32 {
+	return uint32(d >> 32)
+}
+
+func (d decSymbol) baselineInt() int {
+	return int(d >> 32)
+}
+
+func (d *decSymbol) set(nbits, addBits uint8, newState uint16, baseline uint32) {
+	*d = decSymbol(nbits) | (decSymbol(addBits) << 8) | (decSymbol(newState) << 16) | (decSymbol(baseline) << 32)
+}
+
+func (d *decSymbol) setNBits(nBits uint8) {
+	const mask = 0xffffffffffffff00
+	*d = (*d & mask) | decSymbol(nBits)
+}
+
+func (d *decSymbol) setAddBits(addBits uint8) {
+	const mask = 0xffffffffffff00ff
+	*d = (*d & mask) | (decSymbol(addBits) << 8)
+}
+
+func (d *decSymbol) setNewState(state uint16) {
+	const mask = 0xffffffff0000ffff
+	*d = (*d & mask) | decSymbol(state)<<16
+}
+
+func (d *decSymbol) setBaseline(baseline uint32) {
+	const mask = 0xffffffff
+	*d = (*d & mask) | decSymbol(baseline)<<32
+}
+
+func (d *decSymbol) setExt(addBits uint8, baseline uint32) {
+	const mask = 0xffff00ff
+	*d = (*d & mask) | (decSymbol(addBits) << 8) | (decSymbol(baseline) << 32)
+}
+
+// decSymbolValue returns the transformed decSymbol for the given symbol.
+func decSymbolValue(symb uint8, t []baseOffset) (decSymbol, error) {
+	if int(symb) >= len(t) {
+		return 0, fmt.Errorf("rle symbol %d >= max %d", symb, len(t))
+	}
+	lu := t[symb]
+	return newDecSymbol(0, lu.addBits, 0, lu.baseLine), nil
+}
+
+// setRLE will set the decoder til RLE mode.
+func (s *fseDecoder) setRLE(symbol decSymbol) {
+	s.actualTableLog = 0
+	s.maxBits = symbol.addBits()
+	s.dt[0] = symbol
+}
+
+// buildDtable will build the decoding table.
+func (s *fseDecoder) buildDtable() error {
+	tableSize := uint32(1 << s.actualTableLog)
+	highThreshold := tableSize - 1
+	symbolNext := s.stateTable[:256]
+
+	// Init, lay down lowprob symbols
+	{
+		for i, v := range s.norm[:s.symbolLen] {
+			if v == -1 {
+				s.dt[highThreshold].setAddBits(uint8(i))
+				highThreshold--
+				symbolNext[i] = 1
+			} else {
+				symbolNext[i] = uint16(v)
+			}
+		}
+	}
+	// Spread symbols
+	{
+		tableMask := tableSize - 1
+		step := tableStep(tableSize)
+		position := uint32(0)
+		for ss, v := range s.norm[:s.symbolLen] {
+			for i := 0; i < int(v); i++ {
+				s.dt[position].setAddBits(uint8(ss))
+				position = (position + step) & tableMask
+				for position > highThreshold {
+					// lowprob area
+					position = (position + step) & tableMask
+				}
+			}
+		}
+		if position != 0 {
+			// position must reach all cells once, otherwise normalizedCounter is incorrect
+			return errors.New("corrupted input (position != 0)")
+		}
+	}
+
+	// Build Decoding table
+	{
+		tableSize := uint16(1 << s.actualTableLog)
+		for u, v := range s.dt[:tableSize] {
+			symbol := v.addBits()
+			nextState := symbolNext[symbol]
+			symbolNext[symbol] = nextState + 1
+			nBits := s.actualTableLog - byte(highBits(uint32(nextState)))
+			s.dt[u&maxTableMask].setNBits(nBits)
+			newState := (nextState << nBits) - tableSize
+			if newState > tableSize {
+				return fmt.Errorf("newState (%d) outside table size (%d)", newState, tableSize)
+			}
+			if newState == uint16(u) && nBits == 0 {
+				// Seems weird that this is possible with nbits > 0.
+				return fmt.Errorf("newState (%d) == oldState (%d) and no bits", newState, u)
+			}
+			s.dt[u&maxTableMask].setNewState(newState)
+		}
+	}
+	return nil
+}
+
+// transform will transform the decoder table into a table usable for
+// decoding without having to apply the transformation while decoding.
+// The state will contain the base value and the number of bits to read.
+func (s *fseDecoder) transform(t []baseOffset) error {
+	tableSize := uint16(1 << s.actualTableLog)
+	s.maxBits = 0
+	for i, v := range s.dt[:tableSize] {
+		add := v.addBits()
+		if int(add) >= len(t) {
+			return fmt.Errorf("invalid decoding table entry %d, symbol %d >= max (%d)", i, v.addBits(), len(t))
+		}
+		lu := t[add]
+		if lu.addBits > s.maxBits {
+			s.maxBits = lu.addBits
+		}
+		v.setExt(lu.addBits, lu.baseLine)
+		s.dt[i] = v
+	}
+	return nil
+}
+
+type fseState struct {
+	dt    []decSymbol
+	state decSymbol
+}
+
+// Initialize and decodeAsync first state and symbol.
+func (s *fseState) init(br *bitReader, tableLog uint8, dt []decSymbol) {
+	s.dt = dt
+	br.fill()
+	s.state = dt[br.getBits(tableLog)]
+}
+
+// next returns the current symbol and sets the next state.
+// At least tablelog bits must be available in the bit reader.
+func (s *fseState) next(br *bitReader) {
+	lowBits := uint16(br.getBits(s.state.nbBits()))
+	s.state = s.dt[s.state.newState()+lowBits]
+}
+
+// finished returns true if all bits have been read from the bitstream
+// and the next state would require reading bits from the input.
+func (s *fseState) finished(br *bitReader) bool {
+	return br.finished() && s.state.nbBits() > 0
+}
+
+// final returns the current state symbol without decoding the next.
+func (s *fseState) final() (int, uint8) {
+	return s.state.baselineInt(), s.state.addBits()
+}
+
+// final returns the current state symbol without decoding the next.
+func (s decSymbol) final() (int, uint8) {
+	return s.baselineInt(), s.addBits()
+}
+
+// nextFast returns the next symbol and sets the next state.
+// This can only be used if no symbols are 0 bits.
+// At least tablelog bits must be available in the bit reader.
+func (s *fseState) nextFast(br *bitReader) (uint32, uint8) {
+	lowBits := uint16(br.getBitsFast(s.state.nbBits()))
+	s.state = s.dt[s.state.newState()+lowBits]
+	return s.state.baseline(), s.state.addBits()
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/fse_encoder.go b/vendor/github.com/klauspost/compress/zstd/fse_encoder.go
new file mode 100644
index 0000000000000..b80709d5ea8da
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/fse_encoder.go
@@ -0,0 +1,726 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"errors"
+	"fmt"
+	"math"
+)
+
+const (
+	// For encoding we only support up to
+	maxEncTableLog    = 8
+	maxEncTablesize   = 1 << maxTableLog
+	maxEncTableMask   = (1 << maxTableLog) - 1
+	minEncTablelog    = 5
+	maxEncSymbolValue = maxMatchLengthSymbol
+)
+
+// Scratch provides temporary storage for compression and decompression.
+type fseEncoder struct {
+	symbolLen      uint16 // Length of active part of the symbol table.
+	actualTableLog uint8  // Selected tablelog.
+	ct             cTable // Compression tables.
+	maxCount       int    // count of the most probable symbol
+	zeroBits       bool   // no bits has prob > 50%.
+	clearCount     bool   // clear count
+	useRLE         bool   // This encoder is for RLE
+	preDefined     bool   // This encoder is predefined.
+	reUsed         bool   // Set to know when the encoder has been reused.
+	rleVal         uint8  // RLE Symbol
+	maxBits        uint8  // Maximum output bits after transform.
+
+	// TODO: Technically zstd should be fine with 64 bytes.
+	count [256]uint32
+	norm  [256]int16
+}
+
+// cTable contains tables used for compression.
+type cTable struct {
+	tableSymbol []byte
+	stateTable  []uint16
+	symbolTT    []symbolTransform
+}
+
+// symbolTransform contains the state transform for a symbol.
+type symbolTransform struct {
+	deltaNbBits    uint32
+	deltaFindState int16
+	outBits        uint8
+}
+
+// String prints values as a human readable string.
+func (s symbolTransform) String() string {
+	return fmt.Sprintf("{deltabits: %08x, findstate:%d outbits:%d}", s.deltaNbBits, s.deltaFindState, s.outBits)
+}
+
+// Histogram allows to populate the histogram and skip that step in the compression,
+// It otherwise allows to inspect the histogram when compression is done.
+// To indicate that you have populated the histogram call HistogramFinished
+// with the value of the highest populated symbol, as well as the number of entries
+// in the most populated entry. These are accepted at face value.
+// The returned slice will always be length 256.
+func (s *fseEncoder) Histogram() []uint32 {
+	return s.count[:]
+}
+
+// HistogramFinished can be called to indicate that the histogram has been populated.
+// maxSymbol is the index of the highest set symbol of the next data segment.
+// maxCount is the number of entries in the most populated entry.
+// These are accepted at face value.
+func (s *fseEncoder) HistogramFinished(maxSymbol uint8, maxCount int) {
+	s.maxCount = maxCount
+	s.symbolLen = uint16(maxSymbol) + 1
+	s.clearCount = maxCount != 0
+}
+
+// prepare will prepare and allocate scratch tables used for both compression and decompression.
+func (s *fseEncoder) prepare() (*fseEncoder, error) {
+	if s == nil {
+		s = &fseEncoder{}
+	}
+	s.useRLE = false
+	if s.clearCount && s.maxCount == 0 {
+		for i := range s.count {
+			s.count[i] = 0
+		}
+		s.clearCount = false
+	}
+	return s, nil
+}
+
+// allocCtable will allocate tables needed for compression.
+// If existing tables a re big enough, they are simply re-used.
+func (s *fseEncoder) allocCtable() {
+	tableSize := 1 << s.actualTableLog
+	// get tableSymbol that is big enough.
+	if cap(s.ct.tableSymbol) < tableSize {
+		s.ct.tableSymbol = make([]byte, tableSize)
+	}
+	s.ct.tableSymbol = s.ct.tableSymbol[:tableSize]
+
+	ctSize := tableSize
+	if cap(s.ct.stateTable) < ctSize {
+		s.ct.stateTable = make([]uint16, ctSize)
+	}
+	s.ct.stateTable = s.ct.stateTable[:ctSize]
+
+	if cap(s.ct.symbolTT) < 256 {
+		s.ct.symbolTT = make([]symbolTransform, 256)
+	}
+	s.ct.symbolTT = s.ct.symbolTT[:256]
+}
+
+// buildCTable will populate the compression table so it is ready to be used.
+func (s *fseEncoder) buildCTable() error {
+	tableSize := uint32(1 << s.actualTableLog)
+	highThreshold := tableSize - 1
+	var cumul [256]int16
+
+	s.allocCtable()
+	tableSymbol := s.ct.tableSymbol[:tableSize]
+	// symbol start positions
+	{
+		cumul[0] = 0
+		for ui, v := range s.norm[:s.symbolLen-1] {
+			u := byte(ui) // one less than reference
+			if v == -1 {
+				// Low proba symbol
+				cumul[u+1] = cumul[u] + 1
+				tableSymbol[highThreshold] = u
+				highThreshold--
+			} else {
+				cumul[u+1] = cumul[u] + v
+			}
+		}
+		// Encode last symbol separately to avoid overflowing u
+		u := int(s.symbolLen - 1)
+		v := s.norm[s.symbolLen-1]
+		if v == -1 {
+			// Low proba symbol
+			cumul[u+1] = cumul[u] + 1
+			tableSymbol[highThreshold] = byte(u)
+			highThreshold--
+		} else {
+			cumul[u+1] = cumul[u] + v
+		}
+		if uint32(cumul[s.symbolLen]) != tableSize {
+			return fmt.Errorf("internal error: expected cumul[s.symbolLen] (%d) == tableSize (%d)", cumul[s.symbolLen], tableSize)
+		}
+		cumul[s.symbolLen] = int16(tableSize) + 1
+	}
+	// Spread symbols
+	s.zeroBits = false
+	{
+		step := tableStep(tableSize)
+		tableMask := tableSize - 1
+		var position uint32
+		// if any symbol > largeLimit, we may have 0 bits output.
+		largeLimit := int16(1 << (s.actualTableLog - 1))
+		for ui, v := range s.norm[:s.symbolLen] {
+			symbol := byte(ui)
+			if v > largeLimit {
+				s.zeroBits = true
+			}
+			for nbOccurrences := int16(0); nbOccurrences < v; nbOccurrences++ {
+				tableSymbol[position] = symbol
+				position = (position + step) & tableMask
+				for position > highThreshold {
+					position = (position + step) & tableMask
+				} /* Low proba area */
+			}
+		}
+
+		// Check if we have gone through all positions
+		if position != 0 {
+			return errors.New("position!=0")
+		}
+	}
+
+	// Build table
+	table := s.ct.stateTable
+	{
+		tsi := int(tableSize)
+		for u, v := range tableSymbol {
+			// TableU16 : sorted by symbol order; gives next state value
+			table[cumul[v]] = uint16(tsi + u)
+			cumul[v]++
+		}
+	}
+
+	// Build Symbol Transformation Table
+	{
+		total := int16(0)
+		symbolTT := s.ct.symbolTT[:s.symbolLen]
+		tableLog := s.actualTableLog
+		tl := (uint32(tableLog) << 16) - (1 << tableLog)
+		for i, v := range s.norm[:s.symbolLen] {
+			switch v {
+			case 0:
+			case -1, 1:
+				symbolTT[i].deltaNbBits = tl
+				symbolTT[i].deltaFindState = total - 1
+				total++
+			default:
+				maxBitsOut := uint32(tableLog) - highBit(uint32(v-1))
+				minStatePlus := uint32(v) << maxBitsOut
+				symbolTT[i].deltaNbBits = (maxBitsOut << 16) - minStatePlus
+				symbolTT[i].deltaFindState = total - v
+				total += v
+			}
+		}
+		if total != int16(tableSize) {
+			return fmt.Errorf("total mismatch %d (got) != %d (want)", total, tableSize)
+		}
+	}
+	return nil
+}
+
+var rtbTable = [...]uint32{0, 473195, 504333, 520860, 550000, 700000, 750000, 830000}
+
+func (s *fseEncoder) setRLE(val byte) {
+	s.allocCtable()
+	s.actualTableLog = 0
+	s.ct.stateTable = s.ct.stateTable[:1]
+	s.ct.symbolTT[val] = symbolTransform{
+		deltaFindState: 0,
+		deltaNbBits:    0,
+	}
+	if debug {
+		println("setRLE: val", val, "symbolTT", s.ct.symbolTT[val])
+	}
+	s.rleVal = val
+	s.useRLE = true
+}
+
+// setBits will set output bits for the transform.
+// if nil is provided, the number of bits is equal to the index.
+func (s *fseEncoder) setBits(transform []byte) {
+	if s.reUsed || s.preDefined {
+		return
+	}
+	if s.useRLE {
+		if transform == nil {
+			s.ct.symbolTT[s.rleVal].outBits = s.rleVal
+			s.maxBits = s.rleVal
+			return
+		}
+		s.maxBits = transform[s.rleVal]
+		s.ct.symbolTT[s.rleVal].outBits = s.maxBits
+		return
+	}
+	if transform == nil {
+		for i := range s.ct.symbolTT[:s.symbolLen] {
+			s.ct.symbolTT[i].outBits = uint8(i)
+		}
+		s.maxBits = uint8(s.symbolLen - 1)
+		return
+	}
+	s.maxBits = 0
+	for i, v := range transform[:s.symbolLen] {
+		s.ct.symbolTT[i].outBits = v
+		if v > s.maxBits {
+			// We could assume bits always going up, but we play safe.
+			s.maxBits = v
+		}
+	}
+}
+
+// normalizeCount will normalize the count of the symbols so
+// the total is equal to the table size.
+// If successful, compression tables will also be made ready.
+func (s *fseEncoder) normalizeCount(length int) error {
+	if s.reUsed {
+		return nil
+	}
+	s.optimalTableLog(length)
+	var (
+		tableLog          = s.actualTableLog
+		scale             = 62 - uint64(tableLog)
+		step              = (1 << 62) / uint64(length)
+		vStep             = uint64(1) << (scale - 20)
+		stillToDistribute = int16(1 << tableLog)
+		largest           int
+		largestP          int16
+		lowThreshold      = (uint32)(length >> tableLog)
+	)
+	if s.maxCount == length {
+		s.useRLE = true
+		return nil
+	}
+	s.useRLE = false
+	for i, cnt := range s.count[:s.symbolLen] {
+		// already handled
+		// if (count[s] == s.length) return 0;   /* rle special case */
+
+		if cnt == 0 {
+			s.norm[i] = 0
+			continue
+		}
+		if cnt <= lowThreshold {
+			s.norm[i] = -1
+			stillToDistribute--
+		} else {
+			proba := (int16)((uint64(cnt) * step) >> scale)
+			if proba < 8 {
+				restToBeat := vStep * uint64(rtbTable[proba])
+				v := uint64(cnt)*step - (uint64(proba) << scale)
+				if v > restToBeat {
+					proba++
+				}
+			}
+			if proba > largestP {
+				largestP = proba
+				largest = i
+			}
+			s.norm[i] = proba
+			stillToDistribute -= proba
+		}
+	}
+
+	if -stillToDistribute >= (s.norm[largest] >> 1) {
+		// corner case, need another normalization method
+		err := s.normalizeCount2(length)
+		if err != nil {
+			return err
+		}
+		if debugAsserts {
+			err = s.validateNorm()
+			if err != nil {
+				return err
+			}
+		}
+		return s.buildCTable()
+	}
+	s.norm[largest] += stillToDistribute
+	if debugAsserts {
+		err := s.validateNorm()
+		if err != nil {
+			return err
+		}
+	}
+	return s.buildCTable()
+}
+
+// Secondary normalization method.
+// To be used when primary method fails.
+func (s *fseEncoder) normalizeCount2(length int) error {
+	const notYetAssigned = -2
+	var (
+		distributed  uint32
+		total        = uint32(length)
+		tableLog     = s.actualTableLog
+		lowThreshold = total >> tableLog
+		lowOne       = (total * 3) >> (tableLog + 1)
+	)
+	for i, cnt := range s.count[:s.symbolLen] {
+		if cnt == 0 {
+			s.norm[i] = 0
+			continue
+		}
+		if cnt <= lowThreshold {
+			s.norm[i] = -1
+			distributed++
+			total -= cnt
+			continue
+		}
+		if cnt <= lowOne {
+			s.norm[i] = 1
+			distributed++
+			total -= cnt
+			continue
+		}
+		s.norm[i] = notYetAssigned
+	}
+	toDistribute := (1 << tableLog) - distributed
+
+	if (total / toDistribute) > lowOne {
+		// risk of rounding to zero
+		lowOne = (total * 3) / (toDistribute * 2)
+		for i, cnt := range s.count[:s.symbolLen] {
+			if (s.norm[i] == notYetAssigned) && (cnt <= lowOne) {
+				s.norm[i] = 1
+				distributed++
+				total -= cnt
+				continue
+			}
+		}
+		toDistribute = (1 << tableLog) - distributed
+	}
+	if distributed == uint32(s.symbolLen)+1 {
+		// all values are pretty poor;
+		//   probably incompressible data (should have already been detected);
+		//   find max, then give all remaining points to max
+		var maxV int
+		var maxC uint32
+		for i, cnt := range s.count[:s.symbolLen] {
+			if cnt > maxC {
+				maxV = i
+				maxC = cnt
+			}
+		}
+		s.norm[maxV] += int16(toDistribute)
+		return nil
+	}
+
+	if total == 0 {
+		// all of the symbols were low enough for the lowOne or lowThreshold
+		for i := uint32(0); toDistribute > 0; i = (i + 1) % (uint32(s.symbolLen)) {
+			if s.norm[i] > 0 {
+				toDistribute--
+				s.norm[i]++
+			}
+		}
+		return nil
+	}
+
+	var (
+		vStepLog = 62 - uint64(tableLog)
+		mid      = uint64((1 << (vStepLog - 1)) - 1)
+		rStep    = (((1 << vStepLog) * uint64(toDistribute)) + mid) / uint64(total) // scale on remaining
+		tmpTotal = mid
+	)
+	for i, cnt := range s.count[:s.symbolLen] {
+		if s.norm[i] == notYetAssigned {
+			var (
+				end    = tmpTotal + uint64(cnt)*rStep
+				sStart = uint32(tmpTotal >> vStepLog)
+				sEnd   = uint32(end >> vStepLog)
+				weight = sEnd - sStart
+			)
+			if weight < 1 {
+				return errors.New("weight < 1")
+			}
+			s.norm[i] = int16(weight)
+			tmpTotal = end
+		}
+	}
+	return nil
+}
+
+// optimalTableLog calculates and sets the optimal tableLog in s.actualTableLog
+func (s *fseEncoder) optimalTableLog(length int) {
+	tableLog := uint8(maxEncTableLog)
+	minBitsSrc := highBit(uint32(length)) + 1
+	minBitsSymbols := highBit(uint32(s.symbolLen-1)) + 2
+	minBits := uint8(minBitsSymbols)
+	if minBitsSrc < minBitsSymbols {
+		minBits = uint8(minBitsSrc)
+	}
+
+	maxBitsSrc := uint8(highBit(uint32(length-1))) - 2
+	if maxBitsSrc < tableLog {
+		// Accuracy can be reduced
+		tableLog = maxBitsSrc
+	}
+	if minBits > tableLog {
+		tableLog = minBits
+	}
+	// Need a minimum to safely represent all symbol values
+	if tableLog < minEncTablelog {
+		tableLog = minEncTablelog
+	}
+	if tableLog > maxEncTableLog {
+		tableLog = maxEncTableLog
+	}
+	s.actualTableLog = tableLog
+}
+
+// validateNorm validates the normalized histogram table.
+func (s *fseEncoder) validateNorm() (err error) {
+	var total int
+	for _, v := range s.norm[:s.symbolLen] {
+		if v >= 0 {
+			total += int(v)
+		} else {
+			total -= int(v)
+		}
+	}
+	defer func() {
+		if err == nil {
+			return
+		}
+		fmt.Printf("selected TableLog: %d, Symbol length: %d\n", s.actualTableLog, s.symbolLen)
+		for i, v := range s.norm[:s.symbolLen] {
+			fmt.Printf("%3d: %5d -> %4d \n", i, s.count[i], v)
+		}
+	}()
+	if total != (1 << s.actualTableLog) {
+		return fmt.Errorf("warning: Total == %d != %d", total, 1<<s.actualTableLog)
+	}
+	for i, v := range s.count[s.symbolLen:] {
+		if v != 0 {
+			return fmt.Errorf("warning: Found symbol out of range, %d after cut", i)
+		}
+	}
+	return nil
+}
+
+// writeCount will write the normalized histogram count to header.
+// This is read back by readNCount.
+func (s *fseEncoder) writeCount(out []byte) ([]byte, error) {
+	if s.useRLE {
+		return append(out, s.rleVal), nil
+	}
+	if s.preDefined || s.reUsed {
+		// Never write predefined.
+		return out, nil
+	}
+
+	var (
+		tableLog  = s.actualTableLog
+		tableSize = 1 << tableLog
+		previous0 bool
+		charnum   uint16
+
+		// maximum header size plus 2 extra bytes for final output if bitCount == 0.
+		maxHeaderSize = ((int(s.symbolLen) * int(tableLog)) >> 3) + 3 + 2
+
+		// Write Table Size
+		bitStream = uint32(tableLog - minEncTablelog)
+		bitCount  = uint(4)
+		remaining = int16(tableSize + 1) /* +1 for extra accuracy */
+		threshold = int16(tableSize)
+		nbBits    = uint(tableLog + 1)
+		outP      = len(out)
+	)
+	if cap(out) < outP+maxHeaderSize {
+		out = append(out, make([]byte, maxHeaderSize*3)...)
+		out = out[:len(out)-maxHeaderSize*3]
+	}
+	out = out[:outP+maxHeaderSize]
+
+	// stops at 1
+	for remaining > 1 {
+		if previous0 {
+			start := charnum
+			for s.norm[charnum] == 0 {
+				charnum++
+			}
+			for charnum >= start+24 {
+				start += 24
+				bitStream += uint32(0xFFFF) << bitCount
+				out[outP] = byte(bitStream)
+				out[outP+1] = byte(bitStream >> 8)
+				outP += 2
+				bitStream >>= 16
+			}
+			for charnum >= start+3 {
+				start += 3
+				bitStream += 3 << bitCount
+				bitCount += 2
+			}
+			bitStream += uint32(charnum-start) << bitCount
+			bitCount += 2
+			if bitCount > 16 {
+				out[outP] = byte(bitStream)
+				out[outP+1] = byte(bitStream >> 8)
+				outP += 2
+				bitStream >>= 16
+				bitCount -= 16
+			}
+		}
+
+		count := s.norm[charnum]
+		charnum++
+		max := (2*threshold - 1) - remaining
+		if count < 0 {
+			remaining += count
+		} else {
+			remaining -= count
+		}
+		count++ // +1 for extra accuracy
+		if count >= threshold {
+			count += max // [0..max[ [max..threshold[ (...) [threshold+max 2*threshold[
+		}
+		bitStream += uint32(count) << bitCount
+		bitCount += nbBits
+		if count < max {
+			bitCount--
+		}
+
+		previous0 = count == 1
+		if remaining < 1 {
+			return nil, errors.New("internal error: remaining < 1")
+		}
+		for remaining < threshold {
+			nbBits--
+			threshold >>= 1
+		}
+
+		if bitCount > 16 {
+			out[outP] = byte(bitStream)
+			out[outP+1] = byte(bitStream >> 8)
+			outP += 2
+			bitStream >>= 16
+			bitCount -= 16
+		}
+	}
+
+	if outP+2 > len(out) {
+		return nil, fmt.Errorf("internal error: %d > %d, maxheader: %d, sl: %d, tl: %d, normcount: %v", outP+2, len(out), maxHeaderSize, s.symbolLen, int(tableLog), s.norm[:s.symbolLen])
+	}
+	out[outP] = byte(bitStream)
+	out[outP+1] = byte(bitStream >> 8)
+	outP += int((bitCount + 7) / 8)
+
+	if charnum > s.symbolLen {
+		return nil, errors.New("internal error: charnum > s.symbolLen")
+	}
+	return out[:outP], nil
+}
+
+// Approximate symbol cost, as fractional value, using fixed-point format (accuracyLog fractional bits)
+// note 1 : assume symbolValue is valid (<= maxSymbolValue)
+// note 2 : if freq[symbolValue]==0, @return a fake cost of tableLog+1 bits *
+func (s *fseEncoder) bitCost(symbolValue uint8, accuracyLog uint32) uint32 {
+	minNbBits := s.ct.symbolTT[symbolValue].deltaNbBits >> 16
+	threshold := (minNbBits + 1) << 16
+	if debugAsserts {
+		if !(s.actualTableLog < 16) {
+			panic("!s.actualTableLog < 16")
+		}
+		// ensure enough room for renormalization double shift
+		if !(uint8(accuracyLog) < 31-s.actualTableLog) {
+			panic("!uint8(accuracyLog) < 31-s.actualTableLog")
+		}
+	}
+	tableSize := uint32(1) << s.actualTableLog
+	deltaFromThreshold := threshold - (s.ct.symbolTT[symbolValue].deltaNbBits + tableSize)
+	// linear interpolation (very approximate)
+	normalizedDeltaFromThreshold := (deltaFromThreshold << accuracyLog) >> s.actualTableLog
+	bitMultiplier := uint32(1) << accuracyLog
+	if debugAsserts {
+		if s.ct.symbolTT[symbolValue].deltaNbBits+tableSize > threshold {
+			panic("s.ct.symbolTT[symbolValue].deltaNbBits+tableSize > threshold")
+		}
+		if normalizedDeltaFromThreshold > bitMultiplier {
+			panic("normalizedDeltaFromThreshold > bitMultiplier")
+		}
+	}
+	return (minNbBits+1)*bitMultiplier - normalizedDeltaFromThreshold
+}
+
+// Returns the cost in bits of encoding the distribution in count using ctable.
+// Histogram should only be up to the last non-zero symbol.
+// Returns an -1 if ctable cannot represent all the symbols in count.
+func (s *fseEncoder) approxSize(hist []uint32) uint32 {
+	if int(s.symbolLen) < len(hist) {
+		// More symbols than we have.
+		return math.MaxUint32
+	}
+	if s.useRLE {
+		// We will never reuse RLE encoders.
+		return math.MaxUint32
+	}
+	const kAccuracyLog = 8
+	badCost := (uint32(s.actualTableLog) + 1) << kAccuracyLog
+	var cost uint32
+	for i, v := range hist {
+		if v == 0 {
+			continue
+		}
+		if s.norm[i] == 0 {
+			return math.MaxUint32
+		}
+		bitCost := s.bitCost(uint8(i), kAccuracyLog)
+		if bitCost > badCost {
+			return math.MaxUint32
+		}
+		cost += v * bitCost
+	}
+	return cost >> kAccuracyLog
+}
+
+// maxHeaderSize returns the maximum header size in bits.
+// This is not exact size, but we want a penalty for new tables anyway.
+func (s *fseEncoder) maxHeaderSize() uint32 {
+	if s.preDefined {
+		return 0
+	}
+	if s.useRLE {
+		return 8
+	}
+	return (((uint32(s.symbolLen) * uint32(s.actualTableLog)) >> 3) + 3) * 8
+}
+
+// cState contains the compression state of a stream.
+type cState struct {
+	bw         *bitWriter
+	stateTable []uint16
+	state      uint16
+}
+
+// init will initialize the compression state to the first symbol of the stream.
+func (c *cState) init(bw *bitWriter, ct *cTable, first symbolTransform) {
+	c.bw = bw
+	c.stateTable = ct.stateTable
+	if len(c.stateTable) == 1 {
+		// RLE
+		c.stateTable[0] = uint16(0)
+		c.state = 0
+		return
+	}
+	nbBitsOut := (first.deltaNbBits + (1 << 15)) >> 16
+	im := int32((nbBitsOut << 16) - first.deltaNbBits)
+	lu := (im >> nbBitsOut) + int32(first.deltaFindState)
+	c.state = c.stateTable[lu]
+	return
+}
+
+// encode the output symbol provided and write it to the bitstream.
+func (c *cState) encode(symbolTT symbolTransform) {
+	nbBitsOut := (uint32(c.state) + symbolTT.deltaNbBits) >> 16
+	dstState := int32(c.state>>(nbBitsOut&15)) + int32(symbolTT.deltaFindState)
+	c.bw.addBits16NC(c.state, uint8(nbBitsOut))
+	c.state = c.stateTable[dstState]
+}
+
+// flush will write the tablelog to the output and flush the remaining full bytes.
+func (c *cState) flush(tableLog uint8) {
+	c.bw.flush32()
+	c.bw.addBits16NC(c.state, tableLog)
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/fse_predefined.go b/vendor/github.com/klauspost/compress/zstd/fse_predefined.go
new file mode 100644
index 0000000000000..6c17dc17f4fd1
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/fse_predefined.go
@@ -0,0 +1,158 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"fmt"
+	"math"
+	"sync"
+)
+
+var (
+	// fsePredef are the predefined fse tables as defined here:
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#default-distributions
+	// These values are already transformed.
+	fsePredef [3]fseDecoder
+
+	// fsePredefEnc are the predefined encoder based on fse tables as defined here:
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#default-distributions
+	// These values are already transformed.
+	fsePredefEnc [3]fseEncoder
+
+	// symbolTableX contain the transformations needed for each type as defined in
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#the-codes-for-literals-lengths-match-lengths-and-offsets
+	symbolTableX [3][]baseOffset
+
+	// maxTableSymbol is the biggest supported symbol for each table type
+	// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#the-codes-for-literals-lengths-match-lengths-and-offsets
+	maxTableSymbol = [3]uint8{tableLiteralLengths: maxLiteralLengthSymbol, tableOffsets: maxOffsetLengthSymbol, tableMatchLengths: maxMatchLengthSymbol}
+
+	// bitTables is the bits table for each table.
+	bitTables = [3][]byte{tableLiteralLengths: llBitsTable[:], tableOffsets: nil, tableMatchLengths: mlBitsTable[:]}
+)
+
+type tableIndex uint8
+
+const (
+	// indexes for fsePredef and symbolTableX
+	tableLiteralLengths tableIndex = 0
+	tableOffsets        tableIndex = 1
+	tableMatchLengths   tableIndex = 2
+
+	maxLiteralLengthSymbol = 35
+	maxOffsetLengthSymbol  = 30
+	maxMatchLengthSymbol   = 52
+)
+
+// baseOffset is used for calculating transformations.
+type baseOffset struct {
+	baseLine uint32
+	addBits  uint8
+}
+
+// fillBase will precalculate base offsets with the given bit distributions.
+func fillBase(dst []baseOffset, base uint32, bits ...uint8) {
+	if len(bits) != len(dst) {
+		panic(fmt.Sprintf("len(dst) (%d) != len(bits) (%d)", len(dst), len(bits)))
+	}
+	for i, bit := range bits {
+		if base > math.MaxInt32 {
+			panic(fmt.Sprintf("invalid decoding table, base overflows int32"))
+		}
+
+		dst[i] = baseOffset{
+			baseLine: base,
+			addBits:  bit,
+		}
+		base += 1 << bit
+	}
+}
+
+var predef sync.Once
+
+func initPredefined() {
+	predef.Do(func() {
+		// Literals length codes
+		tmp := make([]baseOffset, 36)
+		for i := range tmp[:16] {
+			tmp[i] = baseOffset{
+				baseLine: uint32(i),
+				addBits:  0,
+			}
+		}
+		fillBase(tmp[16:], 16, 1, 1, 1, 1, 2, 2, 3, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
+		symbolTableX[tableLiteralLengths] = tmp
+
+		// Match length codes
+		tmp = make([]baseOffset, 53)
+		for i := range tmp[:32] {
+			tmp[i] = baseOffset{
+				// The transformation adds the 3 length.
+				baseLine: uint32(i) + 3,
+				addBits:  0,
+			}
+		}
+		fillBase(tmp[32:], 35, 1, 1, 1, 1, 2, 2, 3, 3, 4, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
+		symbolTableX[tableMatchLengths] = tmp
+
+		// Offset codes
+		tmp = make([]baseOffset, maxOffsetBits+1)
+		tmp[1] = baseOffset{
+			baseLine: 1,
+			addBits:  1,
+		}
+		fillBase(tmp[2:], 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
+		symbolTableX[tableOffsets] = tmp
+
+		// Fill predefined tables and transform them.
+		// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#default-distributions
+		for i := range fsePredef[:] {
+			f := &fsePredef[i]
+			switch tableIndex(i) {
+			case tableLiteralLengths:
+				// https://github.com/facebook/zstd/blob/ededcfca57366461021c922720878c81a5854a0a/lib/decompress/zstd_decompress_block.c#L243
+				f.actualTableLog = 6
+				copy(f.norm[:], []int16{4, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1,
+					2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 1, 1, 1, 1, 1,
+					-1, -1, -1, -1})
+				f.symbolLen = 36
+			case tableOffsets:
+				// https://github.com/facebook/zstd/blob/ededcfca57366461021c922720878c81a5854a0a/lib/decompress/zstd_decompress_block.c#L281
+				f.actualTableLog = 5
+				copy(f.norm[:], []int16{
+					1, 1, 1, 1, 1, 1, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1,
+					1, 1, 1, 1, 1, 1, 1, 1, -1, -1, -1, -1, -1})
+				f.symbolLen = 29
+			case tableMatchLengths:
+				//https://github.com/facebook/zstd/blob/ededcfca57366461021c922720878c81a5854a0a/lib/decompress/zstd_decompress_block.c#L304
+				f.actualTableLog = 6
+				copy(f.norm[:], []int16{
+					1, 4, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1,
+					1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+					1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, -1, -1,
+					-1, -1, -1, -1, -1})
+				f.symbolLen = 53
+			}
+			if err := f.buildDtable(); err != nil {
+				panic(fmt.Errorf("building table %v: %v", tableIndex(i), err))
+			}
+			if err := f.transform(symbolTableX[i]); err != nil {
+				panic(fmt.Errorf("building table %v: %v", tableIndex(i), err))
+			}
+			f.preDefined = true
+
+			// Create encoder as well
+			enc := &fsePredefEnc[i]
+			copy(enc.norm[:], f.norm[:])
+			enc.symbolLen = f.symbolLen
+			enc.actualTableLog = f.actualTableLog
+			if err := enc.buildCTable(); err != nil {
+				panic(fmt.Errorf("building encoding table %v: %v", tableIndex(i), err))
+			}
+			enc.setBits(bitTables[i])
+			enc.preDefined = true
+		}
+	})
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/hash.go b/vendor/github.com/klauspost/compress/zstd/hash.go
new file mode 100644
index 0000000000000..4a752067fc905
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/hash.go
@@ -0,0 +1,77 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+const (
+	prime3bytes = 506832829
+	prime4bytes = 2654435761
+	prime5bytes = 889523592379
+	prime6bytes = 227718039650203
+	prime7bytes = 58295818150454627
+	prime8bytes = 0xcf1bbcdcb7a56463
+)
+
+// hashLen returns a hash of the lowest l bytes of u for a size size of h bytes.
+// l must be >=4 and <=8. Any other value will return hash for 4 bytes.
+// h should always be <32.
+// Preferably h and l should be a constant.
+// FIXME: This does NOT get resolved, if 'mls' is constant,
+//  so this cannot be used.
+func hashLen(u uint64, hashLog, mls uint8) uint32 {
+	switch mls {
+	case 5:
+		return hash5(u, hashLog)
+	case 6:
+		return hash6(u, hashLog)
+	case 7:
+		return hash7(u, hashLog)
+	case 8:
+		return hash8(u, hashLog)
+	default:
+		return hash4x64(u, hashLog)
+	}
+}
+
+// hash3 returns the hash of the lower 3 bytes of u to fit in a hash table with h bits.
+// Preferably h should be a constant and should always be <32.
+func hash3(u uint32, h uint8) uint32 {
+	return ((u << (32 - 24)) * prime3bytes) >> ((32 - h) & 31)
+}
+
+// hash4 returns the hash of u to fit in a hash table with h bits.
+// Preferably h should be a constant and should always be <32.
+func hash4(u uint32, h uint8) uint32 {
+	return (u * prime4bytes) >> ((32 - h) & 31)
+}
+
+// hash4x64 returns the hash of the lowest 4 bytes of u to fit in a hash table with h bits.
+// Preferably h should be a constant and should always be <32.
+func hash4x64(u uint64, h uint8) uint32 {
+	return (uint32(u) * prime4bytes) >> ((32 - h) & 31)
+}
+
+// hash5 returns the hash of the lowest 5 bytes of u to fit in a hash table with h bits.
+// Preferably h should be a constant and should always be <64.
+func hash5(u uint64, h uint8) uint32 {
+	return uint32(((u << (64 - 40)) * prime5bytes) >> ((64 - h) & 63))
+}
+
+// hash6 returns the hash of the lowest 6 bytes of u to fit in a hash table with h bits.
+// Preferably h should be a constant and should always be <64.
+func hash6(u uint64, h uint8) uint32 {
+	return uint32(((u << (64 - 48)) * prime6bytes) >> ((64 - h) & 63))
+}
+
+// hash7 returns the hash of the lowest 7 bytes of u to fit in a hash table with h bits.
+// Preferably h should be a constant and should always be <64.
+func hash7(u uint64, h uint8) uint32 {
+	return uint32(((u << (64 - 56)) * prime7bytes) >> ((64 - h) & 63))
+}
+
+// hash8 returns the hash of u to fit in a hash table with h bits.
+// Preferably h should be a constant and should always be <64.
+func hash8(u uint64, h uint8) uint32 {
+	return uint32((u * prime8bytes) >> ((64 - h) & 63))
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/history.go b/vendor/github.com/klauspost/compress/zstd/history.go
new file mode 100644
index 0000000000000..f783e32d251b4
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/history.go
@@ -0,0 +1,89 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"github.com/klauspost/compress/huff0"
+)
+
+// history contains the information transferred between blocks.
+type history struct {
+	b             []byte
+	huffTree      *huff0.Scratch
+	recentOffsets [3]int
+	decoders      sequenceDecs
+	windowSize    int
+	maxSize       int
+	error         bool
+	dict          *dict
+}
+
+// reset will reset the history to initial state of a frame.
+// The history must already have been initialized to the desired size.
+func (h *history) reset() {
+	h.b = h.b[:0]
+	h.error = false
+	h.recentOffsets = [3]int{1, 4, 8}
+	if f := h.decoders.litLengths.fse; f != nil && !f.preDefined {
+		fseDecoderPool.Put(f)
+	}
+	if f := h.decoders.offsets.fse; f != nil && !f.preDefined {
+		fseDecoderPool.Put(f)
+	}
+	if f := h.decoders.matchLengths.fse; f != nil && !f.preDefined {
+		fseDecoderPool.Put(f)
+	}
+	h.decoders = sequenceDecs{}
+	if h.huffTree != nil {
+		if h.dict == nil || h.dict.litEnc != h.huffTree {
+			huffDecoderPool.Put(h.huffTree)
+		}
+	}
+	h.huffTree = nil
+	h.dict = nil
+	//printf("history created: %+v (l: %d, c: %d)", *h, len(h.b), cap(h.b))
+}
+
+func (h *history) setDict(dict *dict) {
+	if dict == nil {
+		return
+	}
+	h.dict = dict
+	h.decoders.litLengths = dict.llDec
+	h.decoders.offsets = dict.ofDec
+	h.decoders.matchLengths = dict.mlDec
+	h.recentOffsets = dict.offsets
+	h.huffTree = dict.litEnc
+}
+
+// append bytes to history.
+// This function will make sure there is space for it,
+// if the buffer has been allocated with enough extra space.
+func (h *history) append(b []byte) {
+	if len(b) >= h.windowSize {
+		// Discard all history by simply overwriting
+		h.b = h.b[:h.windowSize]
+		copy(h.b, b[len(b)-h.windowSize:])
+		return
+	}
+
+	// If there is space, append it.
+	if len(b) < cap(h.b)-len(h.b) {
+		h.b = append(h.b, b...)
+		return
+	}
+
+	// Move data down so we only have window size left.
+	// We know we have less than window size in b at this point.
+	discard := len(b) + len(h.b) - h.windowSize
+	copy(h.b, h.b[discard:])
+	h.b = h.b[:h.windowSize]
+	copy(h.b[h.windowSize-len(b):], b)
+}
+
+// append bytes to history without ever discarding anything.
+func (h *history) appendKeep(b []byte) {
+	h.b = append(h.b, b...)
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt
new file mode 100644
index 0000000000000..24b53065f40b5
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt
@@ -0,0 +1,22 @@
+Copyright (c) 2016 Caleb Spare
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/README.md b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/README.md
new file mode 100644
index 0000000000000..69aa3bb587c8d
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/README.md
@@ -0,0 +1,58 @@
+# xxhash
+
+VENDORED: Go to [github.com/cespare/xxhash](https://github.com/cespare/xxhash) for original package.
+
+
+[![GoDoc](https://godoc.org/github.com/cespare/xxhash?status.svg)](https://godoc.org/github.com/cespare/xxhash)
+[![Build Status](https://travis-ci.org/cespare/xxhash.svg?branch=master)](https://travis-ci.org/cespare/xxhash)
+
+xxhash is a Go implementation of the 64-bit
+[xxHash](http://cyan4973.github.io/xxHash/) algorithm, XXH64. This is a
+high-quality hashing algorithm that is much faster than anything in the Go
+standard library.
+
+This package provides a straightforward API:
+
+```
+func Sum64(b []byte) uint64
+func Sum64String(s string) uint64
+type Digest struct{ ... }
+    func New() *Digest
+```
+
+The `Digest` type implements hash.Hash64. Its key methods are:
+
+```
+func (*Digest) Write([]byte) (int, error)
+func (*Digest) WriteString(string) (int, error)
+func (*Digest) Sum64() uint64
+```
+
+This implementation provides a fast pure-Go implementation and an even faster
+assembly implementation for amd64.
+
+## Benchmarks
+
+Here are some quick benchmarks comparing the pure-Go and assembly
+implementations of Sum64.
+
+| input size | purego | asm |
+| --- | --- | --- |
+| 5 B   |  979.66 MB/s |  1291.17 MB/s  |
+| 100 B | 7475.26 MB/s | 7973.40 MB/s  |
+| 4 KB  | 17573.46 MB/s | 17602.65 MB/s |
+| 10 MB | 17131.46 MB/s | 17142.16 MB/s |
+
+These numbers were generated on Ubuntu 18.04 with an Intel i7-8700K CPU using
+the following commands under Go 1.11.2:
+
+```
+$ go test -tags purego -benchtime 10s -bench '/xxhash,direct,bytes'
+$ go test -benchtime 10s -bench '/xxhash,direct,bytes'
+```
+
+## Projects using this package
+
+- [InfluxDB](https://github.com/influxdata/influxdb)
+- [Prometheus](https://github.com/prometheus/prometheus)
+- [FreeCache](https://github.com/coocood/freecache)
diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash.go b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash.go
new file mode 100644
index 0000000000000..426b9cac7869e
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash.go
@@ -0,0 +1,238 @@
+// Package xxhash implements the 64-bit variant of xxHash (XXH64) as described
+// at http://cyan4973.github.io/xxHash/.
+// THIS IS VENDORED: Go to github.com/cespare/xxhash for original package.
+
+package xxhash
+
+import (
+	"encoding/binary"
+	"errors"
+	"math/bits"
+)
+
+const (
+	prime1 uint64 = 11400714785074694791
+	prime2 uint64 = 14029467366897019727
+	prime3 uint64 = 1609587929392839161
+	prime4 uint64 = 9650029242287828579
+	prime5 uint64 = 2870177450012600261
+)
+
+// NOTE(caleb): I'm using both consts and vars of the primes. Using consts where
+// possible in the Go code is worth a small (but measurable) performance boost
+// by avoiding some MOVQs. Vars are needed for the asm and also are useful for
+// convenience in the Go code in a few places where we need to intentionally
+// avoid constant arithmetic (e.g., v1 := prime1 + prime2 fails because the
+// result overflows a uint64).
+var (
+	prime1v = prime1
+	prime2v = prime2
+	prime3v = prime3
+	prime4v = prime4
+	prime5v = prime5
+)
+
+// Digest implements hash.Hash64.
+type Digest struct {
+	v1    uint64
+	v2    uint64
+	v3    uint64
+	v4    uint64
+	total uint64
+	mem   [32]byte
+	n     int // how much of mem is used
+}
+
+// New creates a new Digest that computes the 64-bit xxHash algorithm.
+func New() *Digest {
+	var d Digest
+	d.Reset()
+	return &d
+}
+
+// Reset clears the Digest's state so that it can be reused.
+func (d *Digest) Reset() {
+	d.v1 = prime1v + prime2
+	d.v2 = prime2
+	d.v3 = 0
+	d.v4 = -prime1v
+	d.total = 0
+	d.n = 0
+}
+
+// Size always returns 8 bytes.
+func (d *Digest) Size() int { return 8 }
+
+// BlockSize always returns 32 bytes.
+func (d *Digest) BlockSize() int { return 32 }
+
+// Write adds more data to d. It always returns len(b), nil.
+func (d *Digest) Write(b []byte) (n int, err error) {
+	n = len(b)
+	d.total += uint64(n)
+
+	if d.n+n < 32 {
+		// This new data doesn't even fill the current block.
+		copy(d.mem[d.n:], b)
+		d.n += n
+		return
+	}
+
+	if d.n > 0 {
+		// Finish off the partial block.
+		copy(d.mem[d.n:], b)
+		d.v1 = round(d.v1, u64(d.mem[0:8]))
+		d.v2 = round(d.v2, u64(d.mem[8:16]))
+		d.v3 = round(d.v3, u64(d.mem[16:24]))
+		d.v4 = round(d.v4, u64(d.mem[24:32]))
+		b = b[32-d.n:]
+		d.n = 0
+	}
+
+	if len(b) >= 32 {
+		// One or more full blocks left.
+		nw := writeBlocks(d, b)
+		b = b[nw:]
+	}
+
+	// Store any remaining partial block.
+	copy(d.mem[:], b)
+	d.n = len(b)
+
+	return
+}
+
+// Sum appends the current hash to b and returns the resulting slice.
+func (d *Digest) Sum(b []byte) []byte {
+	s := d.Sum64()
+	return append(
+		b,
+		byte(s>>56),
+		byte(s>>48),
+		byte(s>>40),
+		byte(s>>32),
+		byte(s>>24),
+		byte(s>>16),
+		byte(s>>8),
+		byte(s),
+	)
+}
+
+// Sum64 returns the current hash.
+func (d *Digest) Sum64() uint64 {
+	var h uint64
+
+	if d.total >= 32 {
+		v1, v2, v3, v4 := d.v1, d.v2, d.v3, d.v4
+		h = rol1(v1) + rol7(v2) + rol12(v3) + rol18(v4)
+		h = mergeRound(h, v1)
+		h = mergeRound(h, v2)
+		h = mergeRound(h, v3)
+		h = mergeRound(h, v4)
+	} else {
+		h = d.v3 + prime5
+	}
+
+	h += d.total
+
+	i, end := 0, d.n
+	for ; i+8 <= end; i += 8 {
+		k1 := round(0, u64(d.mem[i:i+8]))
+		h ^= k1
+		h = rol27(h)*prime1 + prime4
+	}
+	if i+4 <= end {
+		h ^= uint64(u32(d.mem[i:i+4])) * prime1
+		h = rol23(h)*prime2 + prime3
+		i += 4
+	}
+	for i < end {
+		h ^= uint64(d.mem[i]) * prime5
+		h = rol11(h) * prime1
+		i++
+	}
+
+	h ^= h >> 33
+	h *= prime2
+	h ^= h >> 29
+	h *= prime3
+	h ^= h >> 32
+
+	return h
+}
+
+const (
+	magic         = "xxh\x06"
+	marshaledSize = len(magic) + 8*5 + 32
+)
+
+// MarshalBinary implements the encoding.BinaryMarshaler interface.
+func (d *Digest) MarshalBinary() ([]byte, error) {
+	b := make([]byte, 0, marshaledSize)
+	b = append(b, magic...)
+	b = appendUint64(b, d.v1)
+	b = appendUint64(b, d.v2)
+	b = appendUint64(b, d.v3)
+	b = appendUint64(b, d.v4)
+	b = appendUint64(b, d.total)
+	b = append(b, d.mem[:d.n]...)
+	b = b[:len(b)+len(d.mem)-d.n]
+	return b, nil
+}
+
+// UnmarshalBinary implements the encoding.BinaryUnmarshaler interface.
+func (d *Digest) UnmarshalBinary(b []byte) error {
+	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+		return errors.New("xxhash: invalid hash state identifier")
+	}
+	if len(b) != marshaledSize {
+		return errors.New("xxhash: invalid hash state size")
+	}
+	b = b[len(magic):]
+	b, d.v1 = consumeUint64(b)
+	b, d.v2 = consumeUint64(b)
+	b, d.v3 = consumeUint64(b)
+	b, d.v4 = consumeUint64(b)
+	b, d.total = consumeUint64(b)
+	copy(d.mem[:], b)
+	b = b[len(d.mem):]
+	d.n = int(d.total % uint64(len(d.mem)))
+	return nil
+}
+
+func appendUint64(b []byte, x uint64) []byte {
+	var a [8]byte
+	binary.LittleEndian.PutUint64(a[:], x)
+	return append(b, a[:]...)
+}
+
+func consumeUint64(b []byte) ([]byte, uint64) {
+	x := u64(b)
+	return b[8:], x
+}
+
+func u64(b []byte) uint64 { return binary.LittleEndian.Uint64(b) }
+func u32(b []byte) uint32 { return binary.LittleEndian.Uint32(b) }
+
+func round(acc, input uint64) uint64 {
+	acc += input * prime2
+	acc = rol31(acc)
+	acc *= prime1
+	return acc
+}
+
+func mergeRound(acc, val uint64) uint64 {
+	val = round(0, val)
+	acc ^= val
+	acc = acc*prime1 + prime4
+	return acc
+}
+
+func rol1(x uint64) uint64  { return bits.RotateLeft64(x, 1) }
+func rol7(x uint64) uint64  { return bits.RotateLeft64(x, 7) }
+func rol11(x uint64) uint64 { return bits.RotateLeft64(x, 11) }
+func rol12(x uint64) uint64 { return bits.RotateLeft64(x, 12) }
+func rol18(x uint64) uint64 { return bits.RotateLeft64(x, 18) }
+func rol23(x uint64) uint64 { return bits.RotateLeft64(x, 23) }
+func rol27(x uint64) uint64 { return bits.RotateLeft64(x, 27) }
+func rol31(x uint64) uint64 { return bits.RotateLeft64(x, 31) }
diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.go b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.go
new file mode 100644
index 0000000000000..35318d7c46cbd
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.go
@@ -0,0 +1,13 @@
+// +build !appengine
+// +build gc
+// +build !purego
+
+package xxhash
+
+// Sum64 computes the 64-bit xxHash digest of b.
+//
+//go:noescape
+func Sum64(b []byte) uint64
+
+//go:noescape
+func writeBlocks(*Digest, []byte) int
diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.s b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.s
new file mode 100644
index 0000000000000..2c9c5357a14b0
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.s
@@ -0,0 +1,215 @@
+// +build !appengine
+// +build gc
+// +build !purego
+
+#include "textflag.h"
+
+// Register allocation:
+// AX	h
+// CX	pointer to advance through b
+// DX	n
+// BX	loop end
+// R8	v1, k1
+// R9	v2
+// R10	v3
+// R11	v4
+// R12	tmp
+// R13	prime1v
+// R14	prime2v
+// R15	prime4v
+
+// round reads from and advances the buffer pointer in CX.
+// It assumes that R13 has prime1v and R14 has prime2v.
+#define round(r) \
+	MOVQ  (CX), R12 \
+	ADDQ  $8, CX    \
+	IMULQ R14, R12  \
+	ADDQ  R12, r    \
+	ROLQ  $31, r    \
+	IMULQ R13, r
+
+// mergeRound applies a merge round on the two registers acc and val.
+// It assumes that R13 has prime1v, R14 has prime2v, and R15 has prime4v.
+#define mergeRound(acc, val) \
+	IMULQ R14, val \
+	ROLQ  $31, val \
+	IMULQ R13, val \
+	XORQ  val, acc \
+	IMULQ R13, acc \
+	ADDQ  R15, acc
+
+// func Sum64(b []byte) uint64
+TEXT ·Sum64(SB), NOSPLIT, $0-32
+	// Load fixed primes.
+	MOVQ ·prime1v(SB), R13
+	MOVQ ·prime2v(SB), R14
+	MOVQ ·prime4v(SB), R15
+
+	// Load slice.
+	MOVQ b_base+0(FP), CX
+	MOVQ b_len+8(FP), DX
+	LEAQ (CX)(DX*1), BX
+
+	// The first loop limit will be len(b)-32.
+	SUBQ $32, BX
+
+	// Check whether we have at least one block.
+	CMPQ DX, $32
+	JLT  noBlocks
+
+	// Set up initial state (v1, v2, v3, v4).
+	MOVQ R13, R8
+	ADDQ R14, R8
+	MOVQ R14, R9
+	XORQ R10, R10
+	XORQ R11, R11
+	SUBQ R13, R11
+
+	// Loop until CX > BX.
+blockLoop:
+	round(R8)
+	round(R9)
+	round(R10)
+	round(R11)
+
+	CMPQ CX, BX
+	JLE  blockLoop
+
+	MOVQ R8, AX
+	ROLQ $1, AX
+	MOVQ R9, R12
+	ROLQ $7, R12
+	ADDQ R12, AX
+	MOVQ R10, R12
+	ROLQ $12, R12
+	ADDQ R12, AX
+	MOVQ R11, R12
+	ROLQ $18, R12
+	ADDQ R12, AX
+
+	mergeRound(AX, R8)
+	mergeRound(AX, R9)
+	mergeRound(AX, R10)
+	mergeRound(AX, R11)
+
+	JMP afterBlocks
+
+noBlocks:
+	MOVQ ·prime5v(SB), AX
+
+afterBlocks:
+	ADDQ DX, AX
+
+	// Right now BX has len(b)-32, and we want to loop until CX > len(b)-8.
+	ADDQ $24, BX
+
+	CMPQ CX, BX
+	JG   fourByte
+
+wordLoop:
+	// Calculate k1.
+	MOVQ  (CX), R8
+	ADDQ  $8, CX
+	IMULQ R14, R8
+	ROLQ  $31, R8
+	IMULQ R13, R8
+
+	XORQ  R8, AX
+	ROLQ  $27, AX
+	IMULQ R13, AX
+	ADDQ  R15, AX
+
+	CMPQ CX, BX
+	JLE  wordLoop
+
+fourByte:
+	ADDQ $4, BX
+	CMPQ CX, BX
+	JG   singles
+
+	MOVL  (CX), R8
+	ADDQ  $4, CX
+	IMULQ R13, R8
+	XORQ  R8, AX
+
+	ROLQ  $23, AX
+	IMULQ R14, AX
+	ADDQ  ·prime3v(SB), AX
+
+singles:
+	ADDQ $4, BX
+	CMPQ CX, BX
+	JGE  finalize
+
+singlesLoop:
+	MOVBQZX (CX), R12
+	ADDQ    $1, CX
+	IMULQ   ·prime5v(SB), R12
+	XORQ    R12, AX
+
+	ROLQ  $11, AX
+	IMULQ R13, AX
+
+	CMPQ CX, BX
+	JL   singlesLoop
+
+finalize:
+	MOVQ  AX, R12
+	SHRQ  $33, R12
+	XORQ  R12, AX
+	IMULQ R14, AX
+	MOVQ  AX, R12
+	SHRQ  $29, R12
+	XORQ  R12, AX
+	IMULQ ·prime3v(SB), AX
+	MOVQ  AX, R12
+	SHRQ  $32, R12
+	XORQ  R12, AX
+
+	MOVQ AX, ret+24(FP)
+	RET
+
+// writeBlocks uses the same registers as above except that it uses AX to store
+// the d pointer.
+
+// func writeBlocks(d *Digest, b []byte) int
+TEXT ·writeBlocks(SB), NOSPLIT, $0-40
+	// Load fixed primes needed for round.
+	MOVQ ·prime1v(SB), R13
+	MOVQ ·prime2v(SB), R14
+
+	// Load slice.
+	MOVQ arg1_base+8(FP), CX
+	MOVQ arg1_len+16(FP), DX
+	LEAQ (CX)(DX*1), BX
+	SUBQ $32, BX
+
+	// Load vN from d.
+	MOVQ arg+0(FP), AX
+	MOVQ 0(AX), R8   // v1
+	MOVQ 8(AX), R9   // v2
+	MOVQ 16(AX), R10 // v3
+	MOVQ 24(AX), R11 // v4
+
+	// We don't need to check the loop condition here; this function is
+	// always called with at least one block of data to process.
+blockLoop:
+	round(R8)
+	round(R9)
+	round(R10)
+	round(R11)
+
+	CMPQ CX, BX
+	JLE  blockLoop
+
+	// Copy vN back to d.
+	MOVQ R8, 0(AX)
+	MOVQ R9, 8(AX)
+	MOVQ R10, 16(AX)
+	MOVQ R11, 24(AX)
+
+	// The number of bytes written is CX minus the old base pointer.
+	SUBQ arg1_base+8(FP), CX
+	MOVQ CX, ret+32(FP)
+
+	RET
diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go
new file mode 100644
index 0000000000000..4a5a821603e5b
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go
@@ -0,0 +1,76 @@
+// +build !amd64 appengine !gc purego
+
+package xxhash
+
+// Sum64 computes the 64-bit xxHash digest of b.
+func Sum64(b []byte) uint64 {
+	// A simpler version would be
+	//   d := New()
+	//   d.Write(b)
+	//   return d.Sum64()
+	// but this is faster, particularly for small inputs.
+
+	n := len(b)
+	var h uint64
+
+	if n >= 32 {
+		v1 := prime1v + prime2
+		v2 := prime2
+		v3 := uint64(0)
+		v4 := -prime1v
+		for len(b) >= 32 {
+			v1 = round(v1, u64(b[0:8:len(b)]))
+			v2 = round(v2, u64(b[8:16:len(b)]))
+			v3 = round(v3, u64(b[16:24:len(b)]))
+			v4 = round(v4, u64(b[24:32:len(b)]))
+			b = b[32:len(b):len(b)]
+		}
+		h = rol1(v1) + rol7(v2) + rol12(v3) + rol18(v4)
+		h = mergeRound(h, v1)
+		h = mergeRound(h, v2)
+		h = mergeRound(h, v3)
+		h = mergeRound(h, v4)
+	} else {
+		h = prime5
+	}
+
+	h += uint64(n)
+
+	i, end := 0, len(b)
+	for ; i+8 <= end; i += 8 {
+		k1 := round(0, u64(b[i:i+8:len(b)]))
+		h ^= k1
+		h = rol27(h)*prime1 + prime4
+	}
+	if i+4 <= end {
+		h ^= uint64(u32(b[i:i+4:len(b)])) * prime1
+		h = rol23(h)*prime2 + prime3
+		i += 4
+	}
+	for ; i < end; i++ {
+		h ^= uint64(b[i]) * prime5
+		h = rol11(h) * prime1
+	}
+
+	h ^= h >> 33
+	h *= prime2
+	h ^= h >> 29
+	h *= prime3
+	h ^= h >> 32
+
+	return h
+}
+
+func writeBlocks(d *Digest, b []byte) int {
+	v1, v2, v3, v4 := d.v1, d.v2, d.v3, d.v4
+	n := len(b)
+	for len(b) >= 32 {
+		v1 = round(v1, u64(b[0:8:len(b)]))
+		v2 = round(v2, u64(b[8:16:len(b)]))
+		v3 = round(v3, u64(b[16:24:len(b)]))
+		v4 = round(v4, u64(b[24:32:len(b)]))
+		b = b[32:len(b):len(b)]
+	}
+	d.v1, d.v2, d.v3, d.v4 = v1, v2, v3, v4
+	return n - len(b)
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_safe.go b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_safe.go
new file mode 100644
index 0000000000000..6f3b0cb10264c
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_safe.go
@@ -0,0 +1,11 @@
+package xxhash
+
+// Sum64String computes the 64-bit xxHash digest of s.
+func Sum64String(s string) uint64 {
+	return Sum64([]byte(s))
+}
+
+// WriteString adds more data to d. It always returns len(s), nil.
+func (d *Digest) WriteString(s string) (n int, err error) {
+	return d.Write([]byte(s))
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec.go b/vendor/github.com/klauspost/compress/zstd/seqdec.go
new file mode 100644
index 0000000000000..1dd39e63b7e83
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec.go
@@ -0,0 +1,492 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"errors"
+	"fmt"
+	"io"
+)
+
+type seq struct {
+	litLen   uint32
+	matchLen uint32
+	offset   uint32
+
+	// Codes are stored here for the encoder
+	// so they only have to be looked up once.
+	llCode, mlCode, ofCode uint8
+}
+
+func (s seq) String() string {
+	if s.offset <= 3 {
+		if s.offset == 0 {
+			return fmt.Sprint("litLen:", s.litLen, ", matchLen:", s.matchLen+zstdMinMatch, ", offset: INVALID (0)")
+		}
+		return fmt.Sprint("litLen:", s.litLen, ", matchLen:", s.matchLen+zstdMinMatch, ", offset:", s.offset, " (repeat)")
+	}
+	return fmt.Sprint("litLen:", s.litLen, ", matchLen:", s.matchLen+zstdMinMatch, ", offset:", s.offset-3, " (new)")
+}
+
+type seqCompMode uint8
+
+const (
+	compModePredefined seqCompMode = iota
+	compModeRLE
+	compModeFSE
+	compModeRepeat
+)
+
+type sequenceDec struct {
+	// decoder keeps track of the current state and updates it from the bitstream.
+	fse    *fseDecoder
+	state  fseState
+	repeat bool
+}
+
+// init the state of the decoder with input from stream.
+func (s *sequenceDec) init(br *bitReader) error {
+	if s.fse == nil {
+		return errors.New("sequence decoder not defined")
+	}
+	s.state.init(br, s.fse.actualTableLog, s.fse.dt[:1<<s.fse.actualTableLog])
+	return nil
+}
+
+// sequenceDecs contains all 3 sequence decoders and their state.
+type sequenceDecs struct {
+	litLengths   sequenceDec
+	offsets      sequenceDec
+	matchLengths sequenceDec
+	prevOffset   [3]int
+	hist         []byte
+	dict         []byte
+	literals     []byte
+	out          []byte
+	windowSize   int
+	maxBits      uint8
+}
+
+// initialize all 3 decoders from the stream input.
+func (s *sequenceDecs) initialize(br *bitReader, hist *history, literals, out []byte) error {
+	if err := s.litLengths.init(br); err != nil {
+		return errors.New("litLengths:" + err.Error())
+	}
+	if err := s.offsets.init(br); err != nil {
+		return errors.New("offsets:" + err.Error())
+	}
+	if err := s.matchLengths.init(br); err != nil {
+		return errors.New("matchLengths:" + err.Error())
+	}
+	s.literals = literals
+	s.hist = hist.b
+	s.prevOffset = hist.recentOffsets
+	s.maxBits = s.litLengths.fse.maxBits + s.offsets.fse.maxBits + s.matchLengths.fse.maxBits
+	s.windowSize = hist.windowSize
+	s.out = out
+	s.dict = nil
+	if hist.dict != nil {
+		s.dict = hist.dict.content
+	}
+	return nil
+}
+
+// decode sequences from the stream with the provided history.
+func (s *sequenceDecs) decode(seqs int, br *bitReader, hist []byte) error {
+	startSize := len(s.out)
+	// Grab full sizes tables, to avoid bounds checks.
+	llTable, mlTable, ofTable := s.litLengths.fse.dt[:maxTablesize], s.matchLengths.fse.dt[:maxTablesize], s.offsets.fse.dt[:maxTablesize]
+	llState, mlState, ofState := s.litLengths.state.state, s.matchLengths.state.state, s.offsets.state.state
+
+	for i := seqs - 1; i >= 0; i-- {
+		if br.overread() {
+			printf("reading sequence %d, exceeded available data\n", seqs-i)
+			return io.ErrUnexpectedEOF
+		}
+		var ll, mo, ml int
+		if br.off > 4+((maxOffsetBits+16+16)>>3) {
+			// inlined function:
+			// ll, mo, ml = s.nextFast(br, llState, mlState, ofState)
+
+			// Final will not read from stream.
+			var llB, mlB, moB uint8
+			ll, llB = llState.final()
+			ml, mlB = mlState.final()
+			mo, moB = ofState.final()
+
+			// extra bits are stored in reverse order.
+			br.fillFast()
+			mo += br.getBits(moB)
+			if s.maxBits > 32 {
+				br.fillFast()
+			}
+			ml += br.getBits(mlB)
+			ll += br.getBits(llB)
+
+			if moB > 1 {
+				s.prevOffset[2] = s.prevOffset[1]
+				s.prevOffset[1] = s.prevOffset[0]
+				s.prevOffset[0] = mo
+			} else {
+				// mo = s.adjustOffset(mo, ll, moB)
+				// Inlined for rather big speedup
+				if ll == 0 {
+					// There is an exception though, when current sequence's literals_length = 0.
+					// In this case, repeated offsets are shifted by one, so an offset_value of 1 means Repeated_Offset2,
+					// an offset_value of 2 means Repeated_Offset3, and an offset_value of 3 means Repeated_Offset1 - 1_byte.
+					mo++
+				}
+
+				if mo == 0 {
+					mo = s.prevOffset[0]
+				} else {
+					var temp int
+					if mo == 3 {
+						temp = s.prevOffset[0] - 1
+					} else {
+						temp = s.prevOffset[mo]
+					}
+
+					if temp == 0 {
+						// 0 is not valid; input is corrupted; force offset to 1
+						println("temp was 0")
+						temp = 1
+					}
+
+					if mo != 1 {
+						s.prevOffset[2] = s.prevOffset[1]
+					}
+					s.prevOffset[1] = s.prevOffset[0]
+					s.prevOffset[0] = temp
+					mo = temp
+				}
+			}
+			br.fillFast()
+		} else {
+			ll, mo, ml = s.next(br, llState, mlState, ofState)
+			br.fill()
+		}
+
+		if debugSequences {
+			println("Seq", seqs-i-1, "Litlen:", ll, "mo:", mo, "(abs) ml:", ml)
+		}
+
+		if ll > len(s.literals) {
+			return fmt.Errorf("unexpected literal count, want %d bytes, but only %d is available", ll, len(s.literals))
+		}
+		size := ll + ml + len(s.out)
+		if size-startSize > maxBlockSize {
+			return fmt.Errorf("output (%d) bigger than max block size", size)
+		}
+		if size > cap(s.out) {
+			// Not enough size, which can happen under high volume block streaming conditions
+			// but could be if destination slice is too small for sync operations.
+			// over-allocating here can create a large amount of GC pressure so we try to keep
+			// it as contained as possible
+			used := len(s.out) - startSize
+			addBytes := 256 + ll + ml + used>>2
+			// Clamp to max block size.
+			if used+addBytes > maxBlockSize {
+				addBytes = maxBlockSize - used
+			}
+			s.out = append(s.out, make([]byte, addBytes)...)
+			s.out = s.out[:len(s.out)-addBytes]
+		}
+		if ml > maxMatchLen {
+			return fmt.Errorf("match len (%d) bigger than max allowed length", ml)
+		}
+
+		// Add literals
+		s.out = append(s.out, s.literals[:ll]...)
+		s.literals = s.literals[ll:]
+		out := s.out
+
+		if mo == 0 && ml > 0 {
+			return fmt.Errorf("zero matchoff and matchlen (%d) > 0", ml)
+		}
+
+		if mo > len(s.out)+len(hist) || mo > s.windowSize {
+			if len(s.dict) == 0 {
+				return fmt.Errorf("match offset (%d) bigger than current history (%d)", mo, len(s.out)+len(hist))
+			}
+
+			// we may be in dictionary.
+			dictO := len(s.dict) - (mo - (len(s.out) + len(hist)))
+			if dictO < 0 || dictO >= len(s.dict) {
+				return fmt.Errorf("match offset (%d) bigger than current history (%d)", mo, len(s.out)+len(hist))
+			}
+			end := dictO + ml
+			if end > len(s.dict) {
+				out = append(out, s.dict[dictO:]...)
+				mo -= len(s.dict) - dictO
+				ml -= len(s.dict) - dictO
+			} else {
+				out = append(out, s.dict[dictO:end]...)
+				mo = 0
+				ml = 0
+			}
+		}
+
+		// Copy from history.
+		// TODO: Blocks without history could be made to ignore this completely.
+		if v := mo - len(s.out); v > 0 {
+			// v is the start position in history from end.
+			start := len(s.hist) - v
+			if ml > v {
+				// Some goes into current block.
+				// Copy remainder of history
+				out = append(out, s.hist[start:]...)
+				mo -= v
+				ml -= v
+			} else {
+				out = append(out, s.hist[start:start+ml]...)
+				ml = 0
+			}
+		}
+		// We must be in current buffer now
+		if ml > 0 {
+			start := len(s.out) - mo
+			if ml <= len(s.out)-start {
+				// No overlap
+				out = append(out, s.out[start:start+ml]...)
+			} else {
+				// Overlapping copy
+				// Extend destination slice and copy one byte at the time.
+				out = out[:len(out)+ml]
+				src := out[start : start+ml]
+				// Destination is the space we just added.
+				dst := out[len(out)-ml:]
+				dst = dst[:len(src)]
+				for i := range src {
+					dst[i] = src[i]
+				}
+			}
+		}
+		s.out = out
+		if i == 0 {
+			// This is the last sequence, so we shouldn't update state.
+			break
+		}
+
+		// Manually inlined, ~ 5-20% faster
+		// Update all 3 states at once. Approx 20% faster.
+		nBits := llState.nbBits() + mlState.nbBits() + ofState.nbBits()
+		if nBits == 0 {
+			llState = llTable[llState.newState()&maxTableMask]
+			mlState = mlTable[mlState.newState()&maxTableMask]
+			ofState = ofTable[ofState.newState()&maxTableMask]
+		} else {
+			bits := br.getBitsFast(nBits)
+			lowBits := uint16(bits >> ((ofState.nbBits() + mlState.nbBits()) & 31))
+			llState = llTable[(llState.newState()+lowBits)&maxTableMask]
+
+			lowBits = uint16(bits >> (ofState.nbBits() & 31))
+			lowBits &= bitMask[mlState.nbBits()&15]
+			mlState = mlTable[(mlState.newState()+lowBits)&maxTableMask]
+
+			lowBits = uint16(bits) & bitMask[ofState.nbBits()&15]
+			ofState = ofTable[(ofState.newState()+lowBits)&maxTableMask]
+		}
+	}
+
+	// Add final literals
+	s.out = append(s.out, s.literals...)
+	return nil
+}
+
+// update states, at least 27 bits must be available.
+func (s *sequenceDecs) update(br *bitReader) {
+	// Max 8 bits
+	s.litLengths.state.next(br)
+	// Max 9 bits
+	s.matchLengths.state.next(br)
+	// Max 8 bits
+	s.offsets.state.next(br)
+}
+
+var bitMask [16]uint16
+
+func init() {
+	for i := range bitMask[:] {
+		bitMask[i] = uint16((1 << uint(i)) - 1)
+	}
+}
+
+// update states, at least 27 bits must be available.
+func (s *sequenceDecs) updateAlt(br *bitReader) {
+	// Update all 3 states at once. Approx 20% faster.
+	a, b, c := s.litLengths.state.state, s.matchLengths.state.state, s.offsets.state.state
+
+	nBits := a.nbBits() + b.nbBits() + c.nbBits()
+	if nBits == 0 {
+		s.litLengths.state.state = s.litLengths.state.dt[a.newState()]
+		s.matchLengths.state.state = s.matchLengths.state.dt[b.newState()]
+		s.offsets.state.state = s.offsets.state.dt[c.newState()]
+		return
+	}
+	bits := br.getBitsFast(nBits)
+	lowBits := uint16(bits >> ((c.nbBits() + b.nbBits()) & 31))
+	s.litLengths.state.state = s.litLengths.state.dt[a.newState()+lowBits]
+
+	lowBits = uint16(bits >> (c.nbBits() & 31))
+	lowBits &= bitMask[b.nbBits()&15]
+	s.matchLengths.state.state = s.matchLengths.state.dt[b.newState()+lowBits]
+
+	lowBits = uint16(bits) & bitMask[c.nbBits()&15]
+	s.offsets.state.state = s.offsets.state.dt[c.newState()+lowBits]
+}
+
+// nextFast will return new states when there are at least 4 unused bytes left on the stream when done.
+func (s *sequenceDecs) nextFast(br *bitReader, llState, mlState, ofState decSymbol) (ll, mo, ml int) {
+	// Final will not read from stream.
+	ll, llB := llState.final()
+	ml, mlB := mlState.final()
+	mo, moB := ofState.final()
+
+	// extra bits are stored in reverse order.
+	br.fillFast()
+	mo += br.getBits(moB)
+	if s.maxBits > 32 {
+		br.fillFast()
+	}
+	ml += br.getBits(mlB)
+	ll += br.getBits(llB)
+
+	if moB > 1 {
+		s.prevOffset[2] = s.prevOffset[1]
+		s.prevOffset[1] = s.prevOffset[0]
+		s.prevOffset[0] = mo
+		return
+	}
+	// mo = s.adjustOffset(mo, ll, moB)
+	// Inlined for rather big speedup
+	if ll == 0 {
+		// There is an exception though, when current sequence's literals_length = 0.
+		// In this case, repeated offsets are shifted by one, so an offset_value of 1 means Repeated_Offset2,
+		// an offset_value of 2 means Repeated_Offset3, and an offset_value of 3 means Repeated_Offset1 - 1_byte.
+		mo++
+	}
+
+	if mo == 0 {
+		mo = s.prevOffset[0]
+		return
+	}
+	var temp int
+	if mo == 3 {
+		temp = s.prevOffset[0] - 1
+	} else {
+		temp = s.prevOffset[mo]
+	}
+
+	if temp == 0 {
+		// 0 is not valid; input is corrupted; force offset to 1
+		println("temp was 0")
+		temp = 1
+	}
+
+	if mo != 1 {
+		s.prevOffset[2] = s.prevOffset[1]
+	}
+	s.prevOffset[1] = s.prevOffset[0]
+	s.prevOffset[0] = temp
+	mo = temp
+	return
+}
+
+func (s *sequenceDecs) next(br *bitReader, llState, mlState, ofState decSymbol) (ll, mo, ml int) {
+	// Final will not read from stream.
+	ll, llB := llState.final()
+	ml, mlB := mlState.final()
+	mo, moB := ofState.final()
+
+	// extra bits are stored in reverse order.
+	br.fill()
+	if s.maxBits <= 32 {
+		mo += br.getBits(moB)
+		ml += br.getBits(mlB)
+		ll += br.getBits(llB)
+	} else {
+		mo += br.getBits(moB)
+		br.fill()
+		// matchlength+literal length, max 32 bits
+		ml += br.getBits(mlB)
+		ll += br.getBits(llB)
+
+	}
+	mo = s.adjustOffset(mo, ll, moB)
+	return
+}
+
+func (s *sequenceDecs) adjustOffset(offset, litLen int, offsetB uint8) int {
+	if offsetB > 1 {
+		s.prevOffset[2] = s.prevOffset[1]
+		s.prevOffset[1] = s.prevOffset[0]
+		s.prevOffset[0] = offset
+		return offset
+	}
+
+	if litLen == 0 {
+		// There is an exception though, when current sequence's literals_length = 0.
+		// In this case, repeated offsets are shifted by one, so an offset_value of 1 means Repeated_Offset2,
+		// an offset_value of 2 means Repeated_Offset3, and an offset_value of 3 means Repeated_Offset1 - 1_byte.
+		offset++
+	}
+
+	if offset == 0 {
+		return s.prevOffset[0]
+	}
+	var temp int
+	if offset == 3 {
+		temp = s.prevOffset[0] - 1
+	} else {
+		temp = s.prevOffset[offset]
+	}
+
+	if temp == 0 {
+		// 0 is not valid; input is corrupted; force offset to 1
+		println("temp was 0")
+		temp = 1
+	}
+
+	if offset != 1 {
+		s.prevOffset[2] = s.prevOffset[1]
+	}
+	s.prevOffset[1] = s.prevOffset[0]
+	s.prevOffset[0] = temp
+	return temp
+}
+
+// mergeHistory will merge history.
+func (s *sequenceDecs) mergeHistory(hist *sequenceDecs) (*sequenceDecs, error) {
+	for i := uint(0); i < 3; i++ {
+		var sNew, sHist *sequenceDec
+		switch i {
+		default:
+			// same as "case 0":
+			sNew = &s.litLengths
+			sHist = &hist.litLengths
+		case 1:
+			sNew = &s.offsets
+			sHist = &hist.offsets
+		case 2:
+			sNew = &s.matchLengths
+			sHist = &hist.matchLengths
+		}
+		if sNew.repeat {
+			if sHist.fse == nil {
+				return nil, fmt.Errorf("sequence stream %d, repeat requested, but no history", i)
+			}
+			continue
+		}
+		if sNew.fse == nil {
+			return nil, fmt.Errorf("sequence stream %d, no fse found", i)
+		}
+		if sHist.fse != nil && !sHist.fse.preDefined {
+			fseDecoderPool.Put(sHist.fse)
+		}
+		sHist.fse = sNew.fse
+	}
+	return hist, nil
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/seqenc.go b/vendor/github.com/klauspost/compress/zstd/seqenc.go
new file mode 100644
index 0000000000000..36bcc3cc02eb9
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/seqenc.go
@@ -0,0 +1,115 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import "math/bits"
+
+type seqCoders struct {
+	llEnc, ofEnc, mlEnc    *fseEncoder
+	llPrev, ofPrev, mlPrev *fseEncoder
+}
+
+// swap coders with another (block).
+func (s *seqCoders) swap(other *seqCoders) {
+	*s, *other = *other, *s
+}
+
+// setPrev will update the previous encoders to the actually used ones
+// and make sure a fresh one is in the main slot.
+func (s *seqCoders) setPrev(ll, ml, of *fseEncoder) {
+	compareSwap := func(used *fseEncoder, current, prev **fseEncoder) {
+		// We used the new one, more current to history and reuse the previous history
+		if *current == used {
+			*prev, *current = *current, *prev
+			c := *current
+			p := *prev
+			c.reUsed = false
+			p.reUsed = true
+			return
+		}
+		if used == *prev {
+			return
+		}
+		// Ensure we cannot reuse by accident
+		prevEnc := *prev
+		prevEnc.symbolLen = 0
+		return
+	}
+	compareSwap(ll, &s.llEnc, &s.llPrev)
+	compareSwap(ml, &s.mlEnc, &s.mlPrev)
+	compareSwap(of, &s.ofEnc, &s.ofPrev)
+}
+
+func highBit(val uint32) (n uint32) {
+	return uint32(bits.Len32(val) - 1)
+}
+
+var llCodeTable = [64]byte{0, 1, 2, 3, 4, 5, 6, 7,
+	8, 9, 10, 11, 12, 13, 14, 15,
+	16, 16, 17, 17, 18, 18, 19, 19,
+	20, 20, 20, 20, 21, 21, 21, 21,
+	22, 22, 22, 22, 22, 22, 22, 22,
+	23, 23, 23, 23, 23, 23, 23, 23,
+	24, 24, 24, 24, 24, 24, 24, 24,
+	24, 24, 24, 24, 24, 24, 24, 24}
+
+// Up to 6 bits
+const maxLLCode = 35
+
+// llBitsTable translates from ll code to number of bits.
+var llBitsTable = [maxLLCode + 1]byte{
+	0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0,
+	1, 1, 1, 1, 2, 2, 3, 3,
+	4, 6, 7, 8, 9, 10, 11, 12,
+	13, 14, 15, 16}
+
+// llCode returns the code that represents the literal length requested.
+func llCode(litLength uint32) uint8 {
+	const llDeltaCode = 19
+	if litLength <= 63 {
+		// Compiler insists on bounds check (Go 1.12)
+		return llCodeTable[litLength&63]
+	}
+	return uint8(highBit(litLength)) + llDeltaCode
+}
+
+var mlCodeTable = [128]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+	16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
+	32, 32, 33, 33, 34, 34, 35, 35, 36, 36, 36, 36, 37, 37, 37, 37,
+	38, 38, 38, 38, 38, 38, 38, 38, 39, 39, 39, 39, 39, 39, 39, 39,
+	40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
+	41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+	42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42,
+	42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42}
+
+// Up to 6 bits
+const maxMLCode = 52
+
+// mlBitsTable translates from ml code to number of bits.
+var mlBitsTable = [maxMLCode + 1]byte{
+	0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0,
+	1, 1, 1, 1, 2, 2, 3, 3,
+	4, 4, 5, 7, 8, 9, 10, 11,
+	12, 13, 14, 15, 16}
+
+// note : mlBase = matchLength - MINMATCH;
+// because it's the format it's stored in seqStore->sequences
+func mlCode(mlBase uint32) uint8 {
+	const mlDeltaCode = 36
+	if mlBase <= 127 {
+		// Compiler insists on bounds check (Go 1.12)
+		return mlCodeTable[mlBase&127]
+	}
+	return uint8(highBit(mlBase)) + mlDeltaCode
+}
+
+func ofCode(offset uint32) uint8 {
+	// A valid offset will always be > 0.
+	return uint8(bits.Len32(offset) - 1)
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/snappy.go b/vendor/github.com/klauspost/compress/zstd/snappy.go
new file mode 100644
index 0000000000000..c95fe5111c1a4
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/snappy.go
@@ -0,0 +1,436 @@
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+// Based on work by Yann Collet, released under BSD License.
+
+package zstd
+
+import (
+	"encoding/binary"
+	"errors"
+	"hash/crc32"
+	"io"
+
+	"github.com/klauspost/compress/huff0"
+	"github.com/klauspost/compress/snappy"
+)
+
+const (
+	snappyTagLiteral = 0x00
+	snappyTagCopy1   = 0x01
+	snappyTagCopy2   = 0x02
+	snappyTagCopy4   = 0x03
+)
+
+const (
+	snappyChecksumSize = 4
+	snappyMagicBody    = "sNaPpY"
+
+	// snappyMaxBlockSize is the maximum size of the input to encodeBlock. It is not
+	// part of the wire format per se, but some parts of the encoder assume
+	// that an offset fits into a uint16.
+	//
+	// Also, for the framing format (Writer type instead of Encode function),
+	// https://github.com/google/snappy/blob/master/framing_format.txt says
+	// that "the uncompressed data in a chunk must be no longer than 65536
+	// bytes".
+	snappyMaxBlockSize = 65536
+
+	// snappyMaxEncodedLenOfMaxBlockSize equals MaxEncodedLen(snappyMaxBlockSize), but is
+	// hard coded to be a const instead of a variable, so that obufLen can also
+	// be a const. Their equivalence is confirmed by
+	// TestMaxEncodedLenOfMaxBlockSize.
+	snappyMaxEncodedLenOfMaxBlockSize = 76490
+)
+
+const (
+	chunkTypeCompressedData   = 0x00
+	chunkTypeUncompressedData = 0x01
+	chunkTypePadding          = 0xfe
+	chunkTypeStreamIdentifier = 0xff
+)
+
+var (
+	// ErrSnappyCorrupt reports that the input is invalid.
+	ErrSnappyCorrupt = errors.New("snappy: corrupt input")
+	// ErrSnappyTooLarge reports that the uncompressed length is too large.
+	ErrSnappyTooLarge = errors.New("snappy: decoded block is too large")
+	// ErrSnappyUnsupported reports that the input isn't supported.
+	ErrSnappyUnsupported = errors.New("snappy: unsupported input")
+
+	errUnsupportedLiteralLength = errors.New("snappy: unsupported literal length")
+)
+
+// SnappyConverter can read SnappyConverter-compressed streams and convert them to zstd.
+// Conversion is done by converting the stream directly from Snappy without intermediate
+// full decoding.
+// Therefore the compression ratio is much less than what can be done by a full decompression
+// and compression, and a faulty Snappy stream may lead to a faulty Zstandard stream without
+// any errors being generated.
+// No CRC value is being generated and not all CRC values of the Snappy stream are checked.
+// However, it provides really fast recompression of Snappy streams.
+// The converter can be reused to avoid allocations, even after errors.
+type SnappyConverter struct {
+	r     io.Reader
+	err   error
+	buf   []byte
+	block *blockEnc
+}
+
+// Convert the Snappy stream supplied in 'in' and write the zStandard stream to 'w'.
+// If any error is detected on the Snappy stream it is returned.
+// The number of bytes written is returned.
+func (r *SnappyConverter) Convert(in io.Reader, w io.Writer) (int64, error) {
+	initPredefined()
+	r.err = nil
+	r.r = in
+	if r.block == nil {
+		r.block = &blockEnc{}
+		r.block.init()
+	}
+	r.block.initNewEncode()
+	if len(r.buf) != snappyMaxEncodedLenOfMaxBlockSize+snappyChecksumSize {
+		r.buf = make([]byte, snappyMaxEncodedLenOfMaxBlockSize+snappyChecksumSize)
+	}
+	r.block.litEnc.Reuse = huff0.ReusePolicyNone
+	var written int64
+	var readHeader bool
+	{
+		var header []byte
+		var n int
+		header, r.err = frameHeader{WindowSize: snappyMaxBlockSize}.appendTo(r.buf[:0])
+
+		n, r.err = w.Write(header)
+		if r.err != nil {
+			return written, r.err
+		}
+		written += int64(n)
+	}
+
+	for {
+		if !r.readFull(r.buf[:4], true) {
+			// Add empty last block
+			r.block.reset(nil)
+			r.block.last = true
+			err := r.block.encodeLits(r.block.literals, false)
+			if err != nil {
+				return written, err
+			}
+			n, err := w.Write(r.block.output)
+			if err != nil {
+				return written, err
+			}
+			written += int64(n)
+
+			return written, r.err
+		}
+		chunkType := r.buf[0]
+		if !readHeader {
+			if chunkType != chunkTypeStreamIdentifier {
+				println("chunkType != chunkTypeStreamIdentifier", chunkType)
+				r.err = ErrSnappyCorrupt
+				return written, r.err
+			}
+			readHeader = true
+		}
+		chunkLen := int(r.buf[1]) | int(r.buf[2])<<8 | int(r.buf[3])<<16
+		if chunkLen > len(r.buf) {
+			println("chunkLen > len(r.buf)", chunkType)
+			r.err = ErrSnappyUnsupported
+			return written, r.err
+		}
+
+		// The chunk types are specified at
+		// https://github.com/google/snappy/blob/master/framing_format.txt
+		switch chunkType {
+		case chunkTypeCompressedData:
+			// Section 4.2. Compressed data (chunk type 0x00).
+			if chunkLen < snappyChecksumSize {
+				println("chunkLen < snappyChecksumSize", chunkLen, snappyChecksumSize)
+				r.err = ErrSnappyCorrupt
+				return written, r.err
+			}
+			buf := r.buf[:chunkLen]
+			if !r.readFull(buf, false) {
+				return written, r.err
+			}
+			//checksum := uint32(buf[0]) | uint32(buf[1])<<8 | uint32(buf[2])<<16 | uint32(buf[3])<<24
+			buf = buf[snappyChecksumSize:]
+
+			n, hdr, err := snappyDecodedLen(buf)
+			if err != nil {
+				r.err = err
+				return written, r.err
+			}
+			buf = buf[hdr:]
+			if n > snappyMaxBlockSize {
+				println("n > snappyMaxBlockSize", n, snappyMaxBlockSize)
+				r.err = ErrSnappyCorrupt
+				return written, r.err
+			}
+			r.block.reset(nil)
+			r.block.pushOffsets()
+			if err := decodeSnappy(r.block, buf); err != nil {
+				r.err = err
+				return written, r.err
+			}
+			if r.block.size+r.block.extraLits != n {
+				printf("invalid size, want %d, got %d\n", n, r.block.size+r.block.extraLits)
+				r.err = ErrSnappyCorrupt
+				return written, r.err
+			}
+			err = r.block.encode(nil, false, false)
+			switch err {
+			case errIncompressible:
+				r.block.popOffsets()
+				r.block.reset(nil)
+				r.block.literals, err = snappy.Decode(r.block.literals[:n], r.buf[snappyChecksumSize:chunkLen])
+				if err != nil {
+					println("snappy.Decode:", err)
+					return written, err
+				}
+				err = r.block.encodeLits(r.block.literals, false)
+				if err != nil {
+					return written, err
+				}
+			case nil:
+			default:
+				return written, err
+			}
+
+			n, r.err = w.Write(r.block.output)
+			if r.err != nil {
+				return written, err
+			}
+			written += int64(n)
+			continue
+		case chunkTypeUncompressedData:
+			if debug {
+				println("Uncompressed, chunklen", chunkLen)
+			}
+			// Section 4.3. Uncompressed data (chunk type 0x01).
+			if chunkLen < snappyChecksumSize {
+				println("chunkLen < snappyChecksumSize", chunkLen, snappyChecksumSize)
+				r.err = ErrSnappyCorrupt
+				return written, r.err
+			}
+			r.block.reset(nil)
+			buf := r.buf[:snappyChecksumSize]
+			if !r.readFull(buf, false) {
+				return written, r.err
+			}
+			checksum := uint32(buf[0]) | uint32(buf[1])<<8 | uint32(buf[2])<<16 | uint32(buf[3])<<24
+			// Read directly into r.decoded instead of via r.buf.
+			n := chunkLen - snappyChecksumSize
+			if n > snappyMaxBlockSize {
+				println("n > snappyMaxBlockSize", n, snappyMaxBlockSize)
+				r.err = ErrSnappyCorrupt
+				return written, r.err
+			}
+			r.block.literals = r.block.literals[:n]
+			if !r.readFull(r.block.literals, false) {
+				return written, r.err
+			}
+			if snappyCRC(r.block.literals) != checksum {
+				println("literals crc mismatch")
+				r.err = ErrSnappyCorrupt
+				return written, r.err
+			}
+			err := r.block.encodeLits(r.block.literals, false)
+			if err != nil {
+				return written, err
+			}
+			n, r.err = w.Write(r.block.output)
+			if r.err != nil {
+				return written, err
+			}
+			written += int64(n)
+			continue
+
+		case chunkTypeStreamIdentifier:
+			if debug {
+				println("stream id", chunkLen, len(snappyMagicBody))
+			}
+			// Section 4.1. Stream identifier (chunk type 0xff).
+			if chunkLen != len(snappyMagicBody) {
+				println("chunkLen != len(snappyMagicBody)", chunkLen, len(snappyMagicBody))
+				r.err = ErrSnappyCorrupt
+				return written, r.err
+			}
+			if !r.readFull(r.buf[:len(snappyMagicBody)], false) {
+				return written, r.err
+			}
+			for i := 0; i < len(snappyMagicBody); i++ {
+				if r.buf[i] != snappyMagicBody[i] {
+					println("r.buf[i] != snappyMagicBody[i]", r.buf[i], snappyMagicBody[i], i)
+					r.err = ErrSnappyCorrupt
+					return written, r.err
+				}
+			}
+			continue
+		}
+
+		if chunkType <= 0x7f {
+			// Section 4.5. Reserved unskippable chunks (chunk types 0x02-0x7f).
+			println("chunkType <= 0x7f")
+			r.err = ErrSnappyUnsupported
+			return written, r.err
+		}
+		// Section 4.4 Padding (chunk type 0xfe).
+		// Section 4.6. Reserved skippable chunks (chunk types 0x80-0xfd).
+		if !r.readFull(r.buf[:chunkLen], false) {
+			return written, r.err
+		}
+	}
+}
+
+// decodeSnappy writes the decoding of src to dst. It assumes that the varint-encoded
+// length of the decompressed bytes has already been read.
+func decodeSnappy(blk *blockEnc, src []byte) error {
+	//decodeRef(make([]byte, snappyMaxBlockSize), src)
+	var s, length int
+	lits := blk.extraLits
+	var offset uint32
+	for s < len(src) {
+		switch src[s] & 0x03 {
+		case snappyTagLiteral:
+			x := uint32(src[s] >> 2)
+			switch {
+			case x < 60:
+				s++
+			case x == 60:
+				s += 2
+				if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+					println("uint(s) > uint(len(src)", s, src)
+					return ErrSnappyCorrupt
+				}
+				x = uint32(src[s-1])
+			case x == 61:
+				s += 3
+				if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+					println("uint(s) > uint(len(src)", s, src)
+					return ErrSnappyCorrupt
+				}
+				x = uint32(src[s-2]) | uint32(src[s-1])<<8
+			case x == 62:
+				s += 4
+				if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+					println("uint(s) > uint(len(src)", s, src)
+					return ErrSnappyCorrupt
+				}
+				x = uint32(src[s-3]) | uint32(src[s-2])<<8 | uint32(src[s-1])<<16
+			case x == 63:
+				s += 5
+				if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+					println("uint(s) > uint(len(src)", s, src)
+					return ErrSnappyCorrupt
+				}
+				x = uint32(src[s-4]) | uint32(src[s-3])<<8 | uint32(src[s-2])<<16 | uint32(src[s-1])<<24
+			}
+			if x > snappyMaxBlockSize {
+				println("x > snappyMaxBlockSize", x, snappyMaxBlockSize)
+				return ErrSnappyCorrupt
+			}
+			length = int(x) + 1
+			if length <= 0 {
+				println("length <= 0 ", length)
+
+				return errUnsupportedLiteralLength
+			}
+			//if length > snappyMaxBlockSize-d || uint32(length) > len(src)-s {
+			//	return ErrSnappyCorrupt
+			//}
+
+			blk.literals = append(blk.literals, src[s:s+length]...)
+			//println(length, "litLen")
+			lits += length
+			s += length
+			continue
+
+		case snappyTagCopy1:
+			s += 2
+			if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+				println("uint(s) > uint(len(src)", s, len(src))
+				return ErrSnappyCorrupt
+			}
+			length = 4 + int(src[s-2])>>2&0x7
+			offset = uint32(src[s-2])&0xe0<<3 | uint32(src[s-1])
+
+		case snappyTagCopy2:
+			s += 3
+			if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+				println("uint(s) > uint(len(src)", s, len(src))
+				return ErrSnappyCorrupt
+			}
+			length = 1 + int(src[s-3])>>2
+			offset = uint32(src[s-2]) | uint32(src[s-1])<<8
+
+		case snappyTagCopy4:
+			s += 5
+			if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
+				println("uint(s) > uint(len(src)", s, len(src))
+				return ErrSnappyCorrupt
+			}
+			length = 1 + int(src[s-5])>>2
+			offset = uint32(src[s-4]) | uint32(src[s-3])<<8 | uint32(src[s-2])<<16 | uint32(src[s-1])<<24
+		}
+
+		if offset <= 0 || blk.size+lits < int(offset) /*|| length > len(blk)-d */ {
+			println("offset <= 0 || blk.size+lits < int(offset)", offset, blk.size+lits, int(offset), blk.size, lits)
+
+			return ErrSnappyCorrupt
+		}
+
+		// Check if offset is one of the recent offsets.
+		// Adjusts the output offset accordingly.
+		// Gives a tiny bit of compression, typically around 1%.
+		if false {
+			offset = blk.matchOffset(offset, uint32(lits))
+		} else {
+			offset += 3
+		}
+
+		blk.sequences = append(blk.sequences, seq{
+			litLen:   uint32(lits),
+			offset:   offset,
+			matchLen: uint32(length) - zstdMinMatch,
+		})
+		blk.size += length + lits
+		lits = 0
+	}
+	blk.extraLits = lits
+	return nil
+}
+
+func (r *SnappyConverter) readFull(p []byte, allowEOF bool) (ok bool) {
+	if _, r.err = io.ReadFull(r.r, p); r.err != nil {
+		if r.err == io.ErrUnexpectedEOF || (r.err == io.EOF && !allowEOF) {
+			r.err = ErrSnappyCorrupt
+		}
+		return false
+	}
+	return true
+}
+
+var crcTable = crc32.MakeTable(crc32.Castagnoli)
+
+// crc implements the checksum specified in section 3 of
+// https://github.com/google/snappy/blob/master/framing_format.txt
+func snappyCRC(b []byte) uint32 {
+	c := crc32.Update(0, crcTable, b)
+	return c>>15 | c<<17 + 0xa282ead8
+}
+
+// snappyDecodedLen returns the length of the decoded block and the number of bytes
+// that the length header occupied.
+func snappyDecodedLen(src []byte) (blockLen, headerLen int, err error) {
+	v, n := binary.Uvarint(src)
+	if n <= 0 || v > 0xffffffff {
+		return 0, 0, ErrSnappyCorrupt
+	}
+
+	const wordSize = 32 << (^uint(0) >> 32 & 1)
+	if wordSize == 32 && v > 0x7fffffff {
+		return 0, 0, ErrSnappyTooLarge
+	}
+	return int(v), n, nil
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/zstd.go b/vendor/github.com/klauspost/compress/zstd/zstd.go
new file mode 100644
index 0000000000000..9056beef271a4
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/zstd.go
@@ -0,0 +1,156 @@
+// Package zstd provides decompression of zstandard files.
+//
+// For advanced usage and examples, go to the README: https://github.com/klauspost/compress/tree/master/zstd#zstd
+package zstd
+
+import (
+	"bytes"
+	"errors"
+	"log"
+	"math"
+	"math/bits"
+)
+
+// enable debug printing
+const debug = false
+
+// Enable extra assertions.
+const debugAsserts = debug || false
+
+// print sequence details
+const debugSequences = false
+
+// print detailed matching information
+const debugMatches = false
+
+// force encoder to use predefined tables.
+const forcePreDef = false
+
+// zstdMinMatch is the minimum zstd match length.
+const zstdMinMatch = 3
+
+// Reset the buffer offset when reaching this.
+const bufferReset = math.MaxInt32 - MaxWindowSize
+
+var (
+	// ErrReservedBlockType is returned when a reserved block type is found.
+	// Typically this indicates wrong or corrupted input.
+	ErrReservedBlockType = errors.New("invalid input: reserved block type encountered")
+
+	// ErrCompressedSizeTooBig is returned when a block is bigger than allowed.
+	// Typically this indicates wrong or corrupted input.
+	ErrCompressedSizeTooBig = errors.New("invalid input: compressed size too big")
+
+	// ErrBlockTooSmall is returned when a block is too small to be decoded.
+	// Typically returned on invalid input.
+	ErrBlockTooSmall = errors.New("block too small")
+
+	// ErrMagicMismatch is returned when a "magic" number isn't what is expected.
+	// Typically this indicates wrong or corrupted input.
+	ErrMagicMismatch = errors.New("invalid input: magic number mismatch")
+
+	// ErrWindowSizeExceeded is returned when a reference exceeds the valid window size.
+	// Typically this indicates wrong or corrupted input.
+	ErrWindowSizeExceeded = errors.New("window size exceeded")
+
+	// ErrWindowSizeTooSmall is returned when no window size is specified.
+	// Typically this indicates wrong or corrupted input.
+	ErrWindowSizeTooSmall = errors.New("invalid input: window size was too small")
+
+	// ErrDecoderSizeExceeded is returned if decompressed size exceeds the configured limit.
+	ErrDecoderSizeExceeded = errors.New("decompressed size exceeds configured limit")
+
+	// ErrUnknownDictionary is returned if the dictionary ID is unknown.
+	// For the time being dictionaries are not supported.
+	ErrUnknownDictionary = errors.New("unknown dictionary")
+
+	// ErrFrameSizeExceeded is returned if the stated frame size is exceeded.
+	// This is only returned if SingleSegment is specified on the frame.
+	ErrFrameSizeExceeded = errors.New("frame size exceeded")
+
+	// ErrCRCMismatch is returned if CRC mismatches.
+	ErrCRCMismatch = errors.New("CRC check failed")
+
+	// ErrDecoderClosed will be returned if the Decoder was used after
+	// Close has been called.
+	ErrDecoderClosed = errors.New("decoder used after Close")
+
+	// ErrDecoderNilInput is returned when a nil Reader was provided
+	// and an operation other than Reset/DecodeAll/Close was attempted.
+	ErrDecoderNilInput = errors.New("nil input provided as reader")
+)
+
+func println(a ...interface{}) {
+	if debug {
+		log.Println(a...)
+	}
+}
+
+func printf(format string, a ...interface{}) {
+	if debug {
+		log.Printf(format, a...)
+	}
+}
+
+// matchLenFast does matching, but will not match the last up to 7 bytes.
+func matchLenFast(a, b []byte) int {
+	endI := len(a) & (math.MaxInt32 - 7)
+	for i := 0; i < endI; i += 8 {
+		if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+			return i + bits.TrailingZeros64(diff)>>3
+		}
+	}
+	return endI
+}
+
+// matchLen returns the maximum length.
+// a must be the shortest of the two.
+// The function also returns whether all bytes matched.
+func matchLen(a, b []byte) int {
+	b = b[:len(a)]
+	for i := 0; i < len(a)-7; i += 8 {
+		if diff := load64(a, i) ^ load64(b, i); diff != 0 {
+			return i + (bits.TrailingZeros64(diff) >> 3)
+		}
+	}
+
+	checked := (len(a) >> 3) << 3
+	a = a[checked:]
+	b = b[checked:]
+	for i := range a {
+		if a[i] != b[i] {
+			return i + checked
+		}
+	}
+	return len(a) + checked
+}
+
+func load3232(b []byte, i int32) uint32 {
+	// Help the compiler eliminate bounds checks on the read so it can be done in a single read.
+	b = b[i:]
+	b = b[:4]
+	return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+}
+
+func load6432(b []byte, i int32) uint64 {
+	// Help the compiler eliminate bounds checks on the read so it can be done in a single read.
+	b = b[i:]
+	b = b[:8]
+	return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+		uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+}
+
+func load64(b []byte, i int) uint64 {
+	// Help the compiler eliminate bounds checks on the read so it can be done in a single read.
+	b = b[i:]
+	b = b[:8]
+	return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+		uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+}
+
+type byter interface {
+	Bytes() []byte
+	Len() int
+}
+
+var _ byter = &bytes.Buffer{}
diff --git a/vendor/github.com/kr/pty/README.md b/vendor/github.com/kr/pty/README.md
deleted file mode 100644
index 7b7900c3aedf1..0000000000000
--- a/vendor/github.com/kr/pty/README.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# pty
-
-Pty is a Go package for using unix pseudo-terminals.
-
-## Install
-
-    go get github.com/kr/pty
-
-## Example
-
-```go
-package main
-
-import (
-	"github.com/kr/pty"
-	"io"
-	"os"
-	"os/exec"
-)
-
-func main() {
-	c := exec.Command("grep", "--color=auto", "bar")
-	f, err := pty.Start(c)
-	if err != nil {
-		panic(err)
-	}
-
-	go func() {
-		f.Write([]byte("foo\n"))
-		f.Write([]byte("bar\n"))
-		f.Write([]byte("baz\n"))
-		f.Write([]byte{4}) // EOT
-	}()
-	io.Copy(os.Stdout, f)
-}
-```
diff --git a/vendor/github.com/kr/pty/ioctl.go b/vendor/github.com/kr/pty/ioctl.go
deleted file mode 100644
index 5b856e8711dea..0000000000000
--- a/vendor/github.com/kr/pty/ioctl.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package pty
-
-import "syscall"
-
-func ioctl(fd, cmd, ptr uintptr) error {
-	_, _, e := syscall.Syscall(syscall.SYS_IOCTL, fd, cmd, ptr)
-	if e != 0 {
-		return e
-	}
-	return nil
-}
diff --git a/vendor/github.com/kr/pty/pty_darwin.go b/vendor/github.com/kr/pty/pty_darwin.go
deleted file mode 100644
index 4f4d5ca26eee7..0000000000000
--- a/vendor/github.com/kr/pty/pty_darwin.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package pty
-
-import (
-	"errors"
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-func open() (pty, tty *os.File, err error) {
-	p, err := os.OpenFile("/dev/ptmx", os.O_RDWR, 0)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	sname, err := ptsname(p)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	err = grantpt(p)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	err = unlockpt(p)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	t, err := os.OpenFile(sname, os.O_RDWR, 0)
-	if err != nil {
-		return nil, nil, err
-	}
-	return p, t, nil
-}
-
-func ptsname(f *os.File) (string, error) {
-	n := make([]byte, _IOC_PARM_LEN(syscall.TIOCPTYGNAME))
-
-	err := ioctl(f.Fd(), syscall.TIOCPTYGNAME, uintptr(unsafe.Pointer(&n[0])))
-	if err != nil {
-		return "", err
-	}
-
-	for i, c := range n {
-		if c == 0 {
-			return string(n[:i]), nil
-		}
-	}
-	return "", errors.New("TIOCPTYGNAME string not NUL-terminated")
-}
-
-func grantpt(f *os.File) error {
-	return ioctl(f.Fd(), syscall.TIOCPTYGRANT, 0)
-}
-
-func unlockpt(f *os.File) error {
-	return ioctl(f.Fd(), syscall.TIOCPTYUNLK, 0)
-}
diff --git a/vendor/github.com/kr/pty/pty_freebsd.go b/vendor/github.com/kr/pty/pty_freebsd.go
deleted file mode 100644
index b341babd054b7..0000000000000
--- a/vendor/github.com/kr/pty/pty_freebsd.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package pty
-
-import (
-	"errors"
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-func posix_openpt(oflag int) (fd int, err error) {
-	r0, _, e1 := syscall.Syscall(syscall.SYS_POSIX_OPENPT, uintptr(oflag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-func open() (pty, tty *os.File, err error) {
-	fd, err := posix_openpt(syscall.O_RDWR | syscall.O_CLOEXEC)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	p := os.NewFile(uintptr(fd), "/dev/pts")
-	sname, err := ptsname(p)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	t, err := os.OpenFile("/dev/"+sname, os.O_RDWR, 0)
-	if err != nil {
-		return nil, nil, err
-	}
-	return p, t, nil
-}
-
-func isptmaster(fd uintptr) (bool, error) {
-	err := ioctl(fd, syscall.TIOCPTMASTER, 0)
-	return err == nil, err
-}
-
-var (
-	emptyFiodgnameArg fiodgnameArg
-	ioctl_FIODGNAME   = _IOW('f', 120, unsafe.Sizeof(emptyFiodgnameArg))
-)
-
-func ptsname(f *os.File) (string, error) {
-	master, err := isptmaster(f.Fd())
-	if err != nil {
-		return "", err
-	}
-	if !master {
-		return "", syscall.EINVAL
-	}
-
-	const n = _C_SPECNAMELEN + 1
-	var (
-		buf = make([]byte, n)
-		arg = fiodgnameArg{Len: n, Buf: (*byte)(unsafe.Pointer(&buf[0]))}
-	)
-	err = ioctl(f.Fd(), ioctl_FIODGNAME, uintptr(unsafe.Pointer(&arg)))
-	if err != nil {
-		return "", err
-	}
-
-	for i, c := range buf {
-		if c == 0 {
-			return string(buf[:i]), nil
-		}
-	}
-	return "", errors.New("FIODGNAME string not NUL-terminated")
-}
diff --git a/vendor/github.com/kr/pty/pty_unsupported.go b/vendor/github.com/kr/pty/pty_unsupported.go
deleted file mode 100644
index 898c7303c4f62..0000000000000
--- a/vendor/github.com/kr/pty/pty_unsupported.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build !linux,!darwin,!freebsd
-
-package pty
-
-import (
-	"os"
-)
-
-func open() (pty, tty *os.File, err error) {
-	return nil, nil, ErrUnsupported
-}
diff --git a/vendor/github.com/kr/pty/run.go b/vendor/github.com/kr/pty/run.go
deleted file mode 100644
index f0678d2a27ecc..0000000000000
--- a/vendor/github.com/kr/pty/run.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package pty
-
-import (
-	"os"
-	"os/exec"
-	"syscall"
-)
-
-// Start assigns a pseudo-terminal tty os.File to c.Stdin, c.Stdout,
-// and c.Stderr, calls c.Start, and returns the File of the tty's
-// corresponding pty.
-func Start(c *exec.Cmd) (pty *os.File, err error) {
-	pty, tty, err := Open()
-	if err != nil {
-		return nil, err
-	}
-	defer tty.Close()
-	c.Stdout = tty
-	c.Stdin = tty
-	c.Stderr = tty
-	c.SysProcAttr = &syscall.SysProcAttr{Setctty: true, Setsid: true}
-	err = c.Start()
-	if err != nil {
-		pty.Close()
-		return nil, err
-	}
-	return pty, err
-}
diff --git a/vendor/github.com/kr/pty/util.go b/vendor/github.com/kr/pty/util.go
deleted file mode 100644
index 67c52d06cdc79..0000000000000
--- a/vendor/github.com/kr/pty/util.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package pty
-
-import (
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-// Getsize returns the number of rows (lines) and cols (positions
-// in each line) in terminal t.
-func Getsize(t *os.File) (rows, cols int, err error) {
-	var ws winsize
-	err = windowrect(&ws, t.Fd())
-	return int(ws.ws_row), int(ws.ws_col), err
-}
-
-type winsize struct {
-	ws_row    uint16
-	ws_col    uint16
-	ws_xpixel uint16
-	ws_ypixel uint16
-}
-
-func windowrect(ws *winsize, fd uintptr) error {
-	_, _, errno := syscall.Syscall(
-		syscall.SYS_IOCTL,
-		fd,
-		syscall.TIOCGWINSZ,
-		uintptr(unsafe.Pointer(ws)),
-	)
-	if errno != 0 {
-		return syscall.Errno(errno)
-	}
-	return nil
-}
diff --git a/vendor/github.com/mattn/go-shellwords/LICENSE b/vendor/github.com/mattn/go-shellwords/LICENSE
deleted file mode 100644
index 740fa931322d4..0000000000000
--- a/vendor/github.com/mattn/go-shellwords/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2017 Yasuhiro Matsumoto
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/vendor/github.com/mattn/go-shellwords/README.md b/vendor/github.com/mattn/go-shellwords/README.md
deleted file mode 100644
index b1d235c78d37d..0000000000000
--- a/vendor/github.com/mattn/go-shellwords/README.md
+++ /dev/null
@@ -1,47 +0,0 @@
-# go-shellwords
-
-[![Coverage Status](https://coveralls.io/repos/mattn/go-shellwords/badge.png?branch=master)](https://coveralls.io/r/mattn/go-shellwords?branch=master)
-[![Build Status](https://travis-ci.org/mattn/go-shellwords.svg?branch=master)](https://travis-ci.org/mattn/go-shellwords)
-
-Parse line as shell words.
-
-## Usage
-
-```go
-args, err := shellwords.Parse("./foo --bar=baz")
-// args should be ["./foo", "--bar=baz"]
-```
-
-```go
-os.Setenv("FOO", "bar")
-p := shellwords.NewParser()
-p.ParseEnv = true
-args, err := p.Parse("./foo $FOO")
-// args should be ["./foo", "bar"]
-```
-
-```go
-p := shellwords.NewParser()
-p.ParseBacktick = true
-args, err := p.Parse("./foo `echo $SHELL`")
-// args should be ["./foo", "/bin/bash"]
-```
-
-```go
-shellwords.ParseBacktick = true
-p := shellwords.NewParser()
-args, err := p.Parse("./foo `echo $SHELL`")
-// args should be ["./foo", "/bin/bash"]
-```
-
-# Thanks
-
-This is based on cpan module [Parse::CommandLine](https://metacpan.org/pod/Parse::CommandLine).
-
-# License
-
-under the MIT License: http://mattn.mit-license.org/2017
-
-# Author
-
-Yasuhiro Matsumoto (a.k.a mattn)
diff --git a/vendor/github.com/mattn/go-shellwords/shellwords.go b/vendor/github.com/mattn/go-shellwords/shellwords.go
deleted file mode 100644
index 107803927ae74..0000000000000
--- a/vendor/github.com/mattn/go-shellwords/shellwords.go
+++ /dev/null
@@ -1,145 +0,0 @@
-package shellwords
-
-import (
-	"errors"
-	"os"
-	"regexp"
-)
-
-var (
-	ParseEnv      bool = false
-	ParseBacktick bool = false
-)
-
-var envRe = regexp.MustCompile(`\$({[a-zA-Z0-9_]+}|[a-zA-Z0-9_]+)`)
-
-func isSpace(r rune) bool {
-	switch r {
-	case ' ', '\t', '\r', '\n':
-		return true
-	}
-	return false
-}
-
-func replaceEnv(s string) string {
-	return envRe.ReplaceAllStringFunc(s, func(s string) string {
-		s = s[1:]
-		if s[0] == '{' {
-			s = s[1 : len(s)-1]
-		}
-		return os.Getenv(s)
-	})
-}
-
-type Parser struct {
-	ParseEnv      bool
-	ParseBacktick bool
-	Position      int
-}
-
-func NewParser() *Parser {
-	return &Parser{ParseEnv, ParseBacktick, 0}
-}
-
-func (p *Parser) Parse(line string) ([]string, error) {
-	args := []string{}
-	buf := ""
-	var escaped, doubleQuoted, singleQuoted, backQuote bool
-	backtick := ""
-
-	pos := -1
-	got := false
-
-loop:
-	for i, r := range line {
-		if escaped {
-			buf += string(r)
-			escaped = false
-			continue
-		}
-
-		if r == '\\' {
-			if singleQuoted {
-				buf += string(r)
-			} else {
-				escaped = true
-			}
-			continue
-		}
-
-		if isSpace(r) {
-			if singleQuoted || doubleQuoted || backQuote {
-				buf += string(r)
-				backtick += string(r)
-			} else if got {
-				if p.ParseEnv {
-					buf = replaceEnv(buf)
-				}
-				args = append(args, buf)
-				buf = ""
-				got = false
-			}
-			continue
-		}
-
-		switch r {
-		case '`':
-			if !singleQuoted && !doubleQuoted {
-				if p.ParseBacktick {
-					if backQuote {
-						out, err := shellRun(backtick)
-						if err != nil {
-							return nil, err
-						}
-						buf = out
-					}
-					backtick = ""
-					backQuote = !backQuote
-					continue
-				}
-				backtick = ""
-				backQuote = !backQuote
-			}
-		case '"':
-			if !singleQuoted {
-				doubleQuoted = !doubleQuoted
-				continue
-			}
-		case '\'':
-			if !doubleQuoted {
-				singleQuoted = !singleQuoted
-				continue
-			}
-		case ';', '&', '|', '<', '>':
-			if !(escaped || singleQuoted || doubleQuoted || backQuote) {
-				pos = i
-				break loop
-			}
-		}
-
-		got = true
-		buf += string(r)
-		if backQuote {
-			backtick += string(r)
-		}
-	}
-
-	if got {
-		if p.ParseEnv {
-			buf = replaceEnv(buf)
-		}
-		args = append(args, buf)
-	}
-
-	if escaped || singleQuoted || doubleQuoted || backQuote {
-		return nil, errors.New("invalid command line string")
-	}
-
-	p.Position = pos
-
-	return args, nil
-}
-
-func Parse(line string) ([]string, error) {
-	return NewParser().Parse(line)
-}
diff --git a/vendor/github.com/mattn/go-shellwords/util_posix.go b/vendor/github.com/mattn/go-shellwords/util_posix.go
deleted file mode 100644
index 4f8ac55e47832..0000000000000
--- a/vendor/github.com/mattn/go-shellwords/util_posix.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// +build !windows
-
-package shellwords
-
-import (
-	"errors"
-	"os"
-	"os/exec"
-	"strings"
-)
-
-func shellRun(line string) (string, error) {
-	shell := os.Getenv("SHELL")
-	b, err := exec.Command(shell, "-c", line).Output()
-	if err != nil {
-		return "", errors.New(err.Error() + ":" + string(b))
-	}
-	return strings.TrimSpace(string(b)), nil
-}
diff --git a/vendor/github.com/mattn/go-shellwords/util_windows.go b/vendor/github.com/mattn/go-shellwords/util_windows.go
deleted file mode 100644
index 7cad4cf06fdd1..0000000000000
--- a/vendor/github.com/mattn/go-shellwords/util_windows.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package shellwords
-
-import (
-	"errors"
-	"os"
-	"os/exec"
-	"strings"
-)
-
-func shellRun(line string) (string, error) {
-	shell := os.Getenv("COMSPEC")
-	b, err := exec.Command(shell, "/c", line).Output()
-	if err != nil {
-		return "", errors.New(err.Error() + ":" + string(b))
-	}
-	return strings.TrimSpace(string(b)), nil
-}
diff --git a/vendor/github.com/miekg/dns/LICENSE b/vendor/github.com/miekg/dns/LICENSE
index 5763fa7fe5d96..55f12ab7772a5 100644
--- a/vendor/github.com/miekg/dns/LICENSE
+++ b/vendor/github.com/miekg/dns/LICENSE
@@ -1,7 +1,3 @@
-Extensions of the original work are copyright (c) 2011 Miek Gieben
-
-As this is fork of the official Go code the same license applies:
-
 Copyright (c) 2009 The Go Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -30,3 +26,5 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+As this is fork of the official Go code the same license applies.
+Extensions of the original work are copyright (c) 2011 Miek Gieben
diff --git a/vendor/github.com/miekg/dns/README.md b/vendor/github.com/miekg/dns/README.md
index 1ad23c75161d7..126fe62cdb5f4 100644
--- a/vendor/github.com/miekg/dns/README.md
+++ b/vendor/github.com/miekg/dns/README.md
@@ -7,10 +7,10 @@
 
 > Less is more.
 
-Complete and usable DNS library. All widely used Resource Records are supported, including the
-DNSSEC types. It follows a lean and mean philosophy. If there is stuff you should know as a DNS
-programmer there isn't a convenience function for it. Server side and client side programming is
-supported, i.e. you can build servers and resolvers with it.
+Complete and usable DNS library. All Resource Records are supported, including the DNSSEC types.
+It follows a lean and mean philosophy. If there is stuff you should know as a DNS programmer there
+isn't a convenience function for it. Server side and client side programming is supported, i.e. you
+can build servers and resolvers with it.
 
 We try to keep the "master" branch as sane as possible and at the bleeding edge of standards,
 avoiding breaking changes wherever reasonable. We support the last two versions of Go.
@@ -42,10 +42,9 @@ A not-so-up-to-date-list-that-may-be-actually-current:
 * https://github.com/tianon/rawdns
 * https://mesosphere.github.io/mesos-dns/
 * https://pulse.turbobytes.com/
-* https://play.google.com/store/apps/details?id=com.turbobytes.dig
 * https://github.com/fcambus/statzone
 * https://github.com/benschw/dns-clb-go
-* https://github.com/corny/dnscheck for http://public-dns.info/
+* https://github.com/corny/dnscheck for <http://public-dns.info/>
 * https://namesmith.io
 * https://github.com/miekg/unbound
 * https://github.com/miekg/exdns
@@ -56,7 +55,7 @@ A not-so-up-to-date-list-that-may-be-actually-current:
 * https://github.com/bamarni/dockness
 * https://github.com/fffaraz/microdns
 * http://kelda.io
-* https://github.com/ipdcode/hades (JD.COM)
+* https://github.com/ipdcode/hades <https://jd.com>
 * https://github.com/StackExchange/dnscontrol/
 * https://www.dnsperf.com/
 * https://dnssectest.net/
@@ -64,42 +63,47 @@ A not-so-up-to-date-list-that-may-be-actually-current:
 * https://github.com/oif/apex
 * https://github.com/jedisct1/dnscrypt-proxy
 * https://github.com/jedisct1/rpdns
+* https://github.com/xor-gate/sshfp
+* https://github.com/rs/dnstrace
+* https://blitiri.com.ar/p/dnss ([github mirror](https://github.com/albertito/dnss))
+* https://github.com/semihalev/sdns
+* https://render.com
+* https://github.com/peterzen/goresolver
+* https://github.com/folbricht/routedns
 
 Send pull request if you want to be listed here.
 
 # Features
 
-* UDP/TCP queries, IPv4 and IPv6;
-* RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported;
-* Fast:
-    * Reply speed around ~ 80K qps (faster hardware results in more qps);
-    * Parsing RRs ~ 100K RR/s, that's 5M records in about 50 seconds;
-* Server side programming (mimicking the net/http package);
-* Client side programming;
-* DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519;
-* EDNS0, NSID, Cookies;
-* AXFR/IXFR;
-* TSIG, SIG(0);
-* DNS over TLS: optional encrypted connection between client and server;
-* DNS name compression;
-* Depends only on the standard library.
+* UDP/TCP queries, IPv4 and IPv6
+* RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported
+* Fast
+* Server side programming (mimicking the net/http package)
+* Client side programming
+* DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519
+* EDNS0, NSID, Cookies
+* AXFR/IXFR
+* TSIG, SIG(0)
+* DNS over TLS (DoT): encrypted connection between client and server over TCP
+* DNS name compression
 
 Have fun!
 
 Miek Gieben  -  2010-2012  -  <miek@miek.nl>
+DNS Authors 2012-
 
 # Building
 
-Building is done with the `go` tool. If you have setup your GOPATH correctly, the following should
-work:
+This library uses Go modules and uses semantic versioning. Building is done with the `go` tool, so
+the following should work:
 
     go get github.com/miekg/dns
     go build github.com/miekg/dns
 
 ## Examples
 
-A short "how to use the API" is at the beginning of doc.go (this also will show
-when you call `godoc github.com/miekg/dns`).
+A short "how to use the API" is at the beginning of doc.go (this also will show when you call `godoc
+github.com/miekg/dns`).
 
 Example programs can be found in the `github.com/miekg/exdns` repository.
 
@@ -123,6 +127,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
 * 2915 - NAPTR record
 * 2929 - DNS IANA Considerations
 * 3110 - RSASHA1 DNS keys
+* 3123 - APL record
 * 3225 - DO bit (DNSSEC OK)
 * 340{1,2,3} - NAPTR record
 * 3445 - Limiting the scope of (DNS)KEY
@@ -149,6 +154,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
 * 6844 - CAA record
 * 6891 - EDNS0 update
 * 6895 - DNS IANA considerations
+* 6944 - DNSSEC DNSKEY Algorithm Status
 * 6975 - Algorithm Understanding in DNSSEC
 * 7043 - EUI48/EUI64 records
 * 7314 - DNS (EDNS) EXPIRE Option
@@ -157,12 +163,13 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
 * 7553 - URI record
 * 7858 - DNS over TLS: Initiation and Performance Considerations
 * 7871 - EDNS0 Client Subnet
-* 7873 - Domain Name System (DNS) Cookies (draft-ietf-dnsop-cookies)
+* 7873 - Domain Name System (DNS) Cookies
 * 8080 - EdDSA for DNSSEC
+* 8499 - DNS Terminology
 
-## Loosely based upon
+## Loosely Based Upon
 
-* `ldns`
-* `NSD`
-* `Net::DNS`
-* `GRONG`
+* ldns - <https://nlnetlabs.nl/projects/ldns/about/>
+* NSD - <https://nlnetlabs.nl/projects/nsd/about/>
+* Net::DNS - <http://www.net-dns.org/>
+* GRONG - <https://github.com/bortzmeyer/grong>
diff --git a/vendor/github.com/miekg/dns/acceptfunc.go b/vendor/github.com/miekg/dns/acceptfunc.go
new file mode 100644
index 0000000000000..825617fe215be
--- /dev/null
+++ b/vendor/github.com/miekg/dns/acceptfunc.go
@@ -0,0 +1,61 @@
+package dns
+
+// MsgAcceptFunc is used early in the server code to accept or reject a message with RcodeFormatError.
+// It returns a MsgAcceptAction to indicate what should happen with the message.
+type MsgAcceptFunc func(dh Header) MsgAcceptAction
+
+// DefaultMsgAcceptFunc checks the request and will reject if:
+//
+// * isn't a request (don't respond in that case)
+//
+// * opcode isn't OpcodeQuery or OpcodeNotify
+//
+// * Zero bit isn't zero
+//
+// * has more than 1 question in the question section
+//
+// * has more than 1 RR in the Answer section
+//
+// * has more than 0 RRs in the Authority section
+//
+// * has more than 2 RRs in the Additional section
+//
+var DefaultMsgAcceptFunc MsgAcceptFunc = defaultMsgAcceptFunc
+
+// MsgAcceptAction represents the action to be taken.
+type MsgAcceptAction int
+
+const (
+	MsgAccept               MsgAcceptAction = iota // Accept the message
+	MsgReject                                      // Reject the message with a RcodeFormatError
+	MsgIgnore                                      // Ignore the error and send nothing back.
+	MsgRejectNotImplemented                        // Reject the message with a RcodeNotImplemented
+)
+
+func defaultMsgAcceptFunc(dh Header) MsgAcceptAction {
+	if isResponse := dh.Bits&_QR != 0; isResponse {
+		return MsgIgnore
+	}
+
+	// Don't allow dynamic updates, because then the sections can contain a whole bunch of RRs.
+	opcode := int(dh.Bits>>11) & 0xF
+	if opcode != OpcodeQuery && opcode != OpcodeNotify {
+		return MsgRejectNotImplemented
+	}
+
+	if dh.Qdcount != 1 {
+		return MsgReject
+	}
+	// NOTIFY requests can have a SOA in the ANSWER section. See RFC 1996 Section 3.7 and 3.11.
+	if dh.Ancount > 1 {
+		return MsgReject
+	}
+	// IXFR request could have one SOA RR in the NS section. See RFC 1995, section 3.
+	if dh.Nscount > 1 {
+		return MsgReject
+	}
+	if dh.Arcount > 2 {
+		return MsgReject
+	}
+	return MsgAccept
+}
diff --git a/vendor/github.com/miekg/dns/client.go b/vendor/github.com/miekg/dns/client.go
index 6aa4235d11355..db2761d45bc13 100644
--- a/vendor/github.com/miekg/dns/client.go
+++ b/vendor/github.com/miekg/dns/client.go
@@ -3,24 +3,20 @@ package dns
 // A client implementation.
 
 import (
-	"bytes"
 	"context"
 	"crypto/tls"
 	"encoding/binary"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
-	"net/http"
-	"net/url"
 	"strings"
 	"time"
 )
 
-const dnsTimeout time.Duration = 2 * time.Second
-const tcpIdleTimeout time.Duration = 8 * time.Second
-
-const dohMimeType = "application/dns-udpwireformat"
+const (
+	dnsTimeout     time.Duration = 2 * time.Second
+	tcpIdleTimeout time.Duration = 8 * time.Second
+)
 
 // A Conn represents a connection to a DNS server.
 type Conn struct {
@@ -43,7 +39,6 @@ type Client struct {
 	DialTimeout    time.Duration     // net.DialTimeout, defaults to 2 seconds, or net.Dialer.Timeout if expiring earlier - overridden by Timeout when that value is non-zero
 	ReadTimeout    time.Duration     // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero
 	WriteTimeout   time.Duration     // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero
-	HTTPClient     *http.Client      // The http.Client to use for DNS-over-HTTPS
 	TsigSecret     map[string]string // secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
 	SingleInflight bool              // if true suppress multiple outstanding queries for the same Qname, Qtype and Qclass
 	group          singleflight
@@ -88,33 +83,22 @@ func (c *Client) Dial(address string) (conn *Conn, err error) {
 	// create a new dialer with the appropriate timeout
 	var d net.Dialer
 	if c.Dialer == nil {
-		d = net.Dialer{}
+		d = net.Dialer{Timeout: c.getTimeoutForRequest(c.dialTimeout())}
 	} else {
-		d = net.Dialer(*c.Dialer)
-	}
-	d.Timeout = c.getTimeoutForRequest(c.writeTimeout())
-
-	network := "udp"
-	useTLS := false
-
-	switch c.Net {
-	case "tcp-tls":
-		network = "tcp"
-		useTLS = true
-	case "tcp4-tls":
-		network = "tcp4"
-		useTLS = true
-	case "tcp6-tls":
-		network = "tcp6"
-		useTLS = true
-	default:
-		if c.Net != "" {
-			network = c.Net
-		}
+		d = *c.Dialer
+	}
+
+	network := c.Net
+	if network == "" {
+		network = "udp"
 	}
 
+	useTLS := strings.HasPrefix(network, "tcp") && strings.HasSuffix(network, "-tls")
+
 	conn = new(Conn)
 	if useTLS {
+		network = strings.TrimSuffix(network, "-tls")
+
 		conn.Conn, err = tls.DialWithDialer(&d, network, address, c.TLSConfig)
 	} else {
 		conn.Conn, err = d.Dial(network, address)
@@ -122,6 +106,7 @@ func (c *Client) Dial(address string) (conn *Conn, err error) {
 	if err != nil {
 		return nil, err
 	}
+
 	return conn, nil
 }
 
@@ -141,33 +126,18 @@ func (c *Client) Dial(address string) (conn *Conn, err error) {
 // attribute appropriately
 func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, err error) {
 	if !c.SingleInflight {
-		if c.Net == "https" {
-			// TODO(tmthrgd): pipe timeouts into exchangeDOH
-			return c.exchangeDOH(context.TODO(), m, address)
-		}
-
 		return c.exchange(m, address)
 	}
 
-	t := "nop"
-	if t1, ok := TypeToString[m.Question[0].Qtype]; ok {
-		t = t1
-	}
-	cl := "nop"
-	if cl1, ok := ClassToString[m.Question[0].Qclass]; ok {
-		cl = cl1
-	}
-	r, rtt, err, shared := c.group.Do(m.Question[0].Name+t+cl, func() (*Msg, time.Duration, error) {
-		if c.Net == "https" {
-			// TODO(tmthrgd): pipe timeouts into exchangeDOH
-			return c.exchangeDOH(context.TODO(), m, address)
-		}
-
+	q := m.Question[0]
+	key := fmt.Sprintf("%s:%d:%d", q.Name, q.Qtype, q.Qclass)
+	r, rtt, err, shared := c.group.Do(key, func() (*Msg, time.Duration, error) {
 		return c.exchange(m, address)
 	})
 	if r != nil && shared {
 		r = r.Copy()
 	}
+
 	return r, rtt, err
 }
 
@@ -208,77 +178,6 @@ func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro
 	return r, rtt, err
 }
 
-func (c *Client) exchangeDOH(ctx context.Context, m *Msg, a string) (r *Msg, rtt time.Duration, err error) {
-	p, err := m.Pack()
-	if err != nil {
-		return nil, 0, err
-	}
-
-	// TODO(tmthrgd): Allow the path to be customised?
-	u := &url.URL{
-		Scheme: "https",
-		Host:   a,
-		Path:   "/.well-known/dns-query",
-	}
-	if u.Port() == "443" {
-		u.Host = u.Hostname()
-	}
-
-	req, err := http.NewRequest(http.MethodPost, u.String(), bytes.NewReader(p))
-	if err != nil {
-		return nil, 0, err
-	}
-
-	req.Header.Set("Content-Type", dohMimeType)
-	req.Header.Set("Accept", dohMimeType)
-
-	t := time.Now()
-
-	hc := http.DefaultClient
-	if c.HTTPClient != nil {
-		hc = c.HTTPClient
-	}
-
-	if ctx != context.Background() && ctx != context.TODO() {
-		req = req.WithContext(ctx)
-	}
-
-	resp, err := hc.Do(req)
-	if err != nil {
-		return nil, 0, err
-	}
-	defer closeHTTPBody(resp.Body)
-
-	if resp.StatusCode != http.StatusOK {
-		return nil, 0, fmt.Errorf("dns: server returned HTTP %d error: %q", resp.StatusCode, resp.Status)
-	}
-
-	if ct := resp.Header.Get("Content-Type"); ct != dohMimeType {
-		return nil, 0, fmt.Errorf("dns: unexpected Content-Type %q; expected %q", ct, dohMimeType)
-	}
-
-	p, err = ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, 0, err
-	}
-
-	rtt = time.Since(t)
-
-	r = new(Msg)
-	if err := r.Unpack(p); err != nil {
-		return r, 0, err
-	}
-
-	// TODO: TSIG? Is it even supported over DoH?
-
-	return r, rtt, nil
-}
-
-func closeHTTPBody(r io.ReadCloser) error {
-	io.Copy(ioutil.Discard, io.LimitReader(r, 8<<20))
-	return r.Close()
-}
-
 // ReadMsg reads a message from the connection co.
 // If the received message contains a TSIG record the transaction signature
 // is verified. This method always tries to return the message, however if an
@@ -317,24 +216,21 @@ func (co *Conn) ReadMsgHeader(hdr *Header) ([]byte, error) {
 		err error
 	)
 
-	switch t := co.Conn.(type) {
-	case *net.TCPConn, *tls.Conn:
-		r := t.(io.Reader)
-
-		// First two bytes specify the length of the entire message.
-		l, err := tcpMsgLen(r)
-		if err != nil {
-			return nil, err
-		}
-		p = make([]byte, l)
-		n, err = tcpRead(r, p)
-	default:
+	if _, ok := co.Conn.(net.PacketConn); ok {
 		if co.UDPSize > MinMsgSize {
 			p = make([]byte, co.UDPSize)
 		} else {
 			p = make([]byte, MinMsgSize)
 		}
 		n, err = co.Read(p)
+	} else {
+		var length uint16
+		if err := binary.Read(co.Conn, binary.BigEndian, &length); err != nil {
+			return nil, err
+		}
+
+		p = make([]byte, length)
+		n, err = io.ReadFull(co.Conn, p)
 	}
 
 	if err != nil {
@@ -354,78 +250,26 @@ func (co *Conn) ReadMsgHeader(hdr *Header) ([]byte, error) {
 	return p, err
 }
 
-// tcpMsgLen is a helper func to read first two bytes of stream as uint16 packet length.
-func tcpMsgLen(t io.Reader) (int, error) {
-	p := []byte{0, 0}
-	n, err := t.Read(p)
-	if err != nil {
-		return 0, err
-	}
-
-	// As seen with my local router/switch, returns 1 byte on the above read,
-	// resulting a a ShortRead. Just write it out (instead of loop) and read the
-	// other byte.
-	if n == 1 {
-		n1, err := t.Read(p[1:])
-		if err != nil {
-			return 0, err
-		}
-		n += n1
-	}
-
-	if n != 2 {
-		return 0, ErrShortRead
-	}
-	l := binary.BigEndian.Uint16(p)
-	if l == 0 {
-		return 0, ErrShortRead
-	}
-	return int(l), nil
-}
-
-// tcpRead calls TCPConn.Read enough times to fill allocated buffer.
-func tcpRead(t io.Reader, p []byte) (int, error) {
-	n, err := t.Read(p)
-	if err != nil {
-		return n, err
-	}
-	for n < len(p) {
-		j, err := t.Read(p[n:])
-		if err != nil {
-			return n, err
-		}
-		n += j
-	}
-	return n, err
-}
-
 // Read implements the net.Conn read method.
 func (co *Conn) Read(p []byte) (n int, err error) {
 	if co.Conn == nil {
 		return 0, ErrConnEmpty
 	}
-	if len(p) < 2 {
-		return 0, io.ErrShortBuffer
+
+	if _, ok := co.Conn.(net.PacketConn); ok {
+		// UDP connection
+		return co.Conn.Read(p)
 	}
-	switch t := co.Conn.(type) {
-	case *net.TCPConn, *tls.Conn:
-		r := t.(io.Reader)
 
-		l, err := tcpMsgLen(r)
-		if err != nil {
-			return 0, err
-		}
-		if l > len(p) {
-			return int(l), io.ErrShortBuffer
-		}
-		return tcpRead(r, p[:l])
+	var length uint16
+	if err := binary.Read(co.Conn, binary.BigEndian, &length); err != nil {
+		return 0, err
 	}
-	// UDP connection
-	n, err = co.Conn.Read(p)
-	if err != nil {
-		return n, err
+	if int(length) > len(p) {
+		return 0, io.ErrShortBuffer
 	}
-	return n, err
+
+	return io.ReadFull(co.Conn, p[:length])
 }
 
 // WriteMsg sends a message through the connection co.
@@ -447,33 +291,25 @@ func (co *Conn) WriteMsg(m *Msg) (err error) {
 	if err != nil {
 		return err
 	}
-	if _, err = co.Write(out); err != nil {
-		return err
-	}
-	return nil
+	_, err = co.Write(out)
+	return err
 }
 
 // Write implements the net.Conn Write method.
-func (co *Conn) Write(p []byte) (n int, err error) {
-	switch t := co.Conn.(type) {
-	case *net.TCPConn, *tls.Conn:
-		w := t.(io.Writer)
-
-		lp := len(p)
-		if lp < 2 {
-			return 0, io.ErrShortBuffer
-		}
-		if lp > MaxMsgSize {
-			return 0, &Error{err: "message too large"}
-		}
-		l := make([]byte, 2, lp+2)
-		binary.BigEndian.PutUint16(l, uint16(lp))
-		p = append(l, p...)
-		n, err := io.Copy(w, bytes.NewReader(p))
-		return int(n), err
-	}
-	n, err = co.Conn.Write(p)
-	return n, err
+func (co *Conn) Write(p []byte) (int, error) {
+	if len(p) > MaxMsgSize {
+		return 0, &Error{err: "message too large"}
+	}
+
+	if _, ok := co.Conn.(net.PacketConn); ok {
+		return co.Conn.Write(p)
+	}
+
+	l := make([]byte, 2)
+	binary.BigEndian.PutUint16(l, uint16(len(p)))
+
+	n, err := (&net.Buffers{l, p}).WriteTo(co.Conn)
+	return int(n), err
 }
 
 // Return the appropriate timeout for a specific request
@@ -516,7 +352,7 @@ func ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, err error)
 
 // ExchangeConn performs a synchronous query. It sends the message m via the connection
 // c and waits for a reply. The connection c is not closed by ExchangeConn.
-// This function is going away, but can easily be mimicked:
+// Deprecated: This function is going away, but can easily be mimicked:
 //
 //	co := &dns.Conn{Conn: c} // c is your net.Conn
 //	co.WriteMsg(m)
@@ -540,11 +376,7 @@ func ExchangeConn(c net.Conn, m *Msg) (r *Msg, err error) {
 // DialTimeout acts like Dial but takes a timeout.
 func DialTimeout(network, address string, timeout time.Duration) (conn *Conn, err error) {
 	client := Client{Net: network, Dialer: &net.Dialer{Timeout: timeout}}
-	conn, err = client.Dial(address)
-	if err != nil {
-		return nil, err
-	}
-	return conn, nil
+	return client.Dial(address)
 }
 
 // DialWithTLS connects to the address on the named network with TLS.
@@ -553,12 +385,7 @@ func DialWithTLS(network, address string, tlsConfig *tls.Config) (conn *Conn, er
 		network += "-tls"
 	}
 	client := Client{Net: network, TLSConfig: tlsConfig}
-	conn, err = client.Dial(address)
-
-	if err != nil {
-		return nil, err
-	}
-	return conn, nil
+	return client.Dial(address)
 }
 
 // DialTimeoutWithTLS acts like DialWithTLS but takes a timeout.
@@ -567,30 +394,22 @@ func DialTimeoutWithTLS(network, address string, tlsConfig *tls.Config, timeout
 		network += "-tls"
 	}
 	client := Client{Net: network, Dialer: &net.Dialer{Timeout: timeout}, TLSConfig: tlsConfig}
-	conn, err = client.Dial(address)
-	if err != nil {
-		return nil, err
-	}
-	return conn, nil
+	return client.Dial(address)
 }
 
 // ExchangeContext acts like Exchange, but honors the deadline on the provided
 // context, if present. If there is both a context deadline and a configured
 // timeout on the client, the earliest of the two takes effect.
 func (c *Client) ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, rtt time.Duration, err error) {
-	if !c.SingleInflight && c.Net == "https" {
-		return c.exchangeDOH(ctx, m, a)
-	}
-
 	var timeout time.Duration
 	if deadline, ok := ctx.Deadline(); !ok {
 		timeout = 0
 	} else {
-		timeout = deadline.Sub(time.Now())
+		timeout = time.Until(deadline)
 	}
 	// not passing the context to the underlying calls, as the API does not support
 	// context. For timeouts you should set up Client.Dialer and call Client.Exchange.
-	// TODO(tmthrgd): this is a race condition
+	// TODO(tmthrgd,miekg): this is a race condition.
 	c.Dialer = &net.Dialer{Timeout: timeout}
 	return c.Exchange(m, a)
 }
diff --git a/vendor/github.com/miekg/dns/clientconfig.go b/vendor/github.com/miekg/dns/clientconfig.go
index f13cfa30cb54b..e11b630df9f0b 100644
--- a/vendor/github.com/miekg/dns/clientconfig.go
+++ b/vendor/github.com/miekg/dns/clientconfig.go
@@ -68,14 +68,10 @@ func ClientConfigFromReader(resolvconf io.Reader) (*ClientConfig, error) {
 			}
 
 		case "search": // set search path to given servers
-			c.Search = make([]string, len(f)-1)
-			for i := 0; i < len(c.Search); i++ {
-				c.Search[i] = f[i+1]
-			}
+			c.Search = append([]string(nil), f[1:]...)
 
 		case "options": // magic options
-			for i := 1; i < len(f); i++ {
-				s := f[i]
+			for _, s := range f[1:] {
 				switch {
 				case len(s) >= 6 && s[:6] == "ndots:":
 					n, _ := strconv.Atoi(s[6:])
diff --git a/vendor/github.com/miekg/dns/defaults.go b/vendor/github.com/miekg/dns/defaults.go
index 14e18b0b38f6c..b059f6fc677ad 100644
--- a/vendor/github.com/miekg/dns/defaults.go
+++ b/vendor/github.com/miekg/dns/defaults.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"net"
 	"strconv"
+	"strings"
 )
 
 const hexDigit = "0123456789abcdef"
@@ -145,10 +146,9 @@ func (dns *Msg) IsTsig() *TSIG {
 // record in the additional section will do. It returns the OPT record
 // found or nil.
 func (dns *Msg) IsEdns0() *OPT {
-	// EDNS0 is at the end of the additional section, start there.
-	// We might want to change this to *only* look at the last two
-	// records. So we see TSIG and/or OPT - this a slightly bigger
-	// change though.
+	// RFC 6891, Section 6.1.1 allows the OPT record to appear
+	// anywhere in the additional record section, but it's usually at
+	// the end so start there.
 	for i := len(dns.Extra) - 1; i >= 0; i-- {
 		if dns.Extra[i].Header().Rrtype == TypeOPT {
 			return dns.Extra[i].(*OPT)
@@ -157,17 +157,93 @@ func (dns *Msg) IsEdns0() *OPT {
 	return nil
 }
 
+// popEdns0 is like IsEdns0, but it removes the record from the message.
+func (dns *Msg) popEdns0() *OPT {
+	// RFC 6891, Section 6.1.1 allows the OPT record to appear
+	// anywhere in the additional record section, but it's usually at
+	// the end so start there.
+	for i := len(dns.Extra) - 1; i >= 0; i-- {
+		if dns.Extra[i].Header().Rrtype == TypeOPT {
+			opt := dns.Extra[i].(*OPT)
+			dns.Extra = append(dns.Extra[:i], dns.Extra[i+1:]...)
+			return opt
+		}
+	}
+	return nil
+}
+
 // IsDomainName checks if s is a valid domain name, it returns the number of
 // labels and true, when a domain name is valid.  Note that non fully qualified
 // domain name is considered valid, in this case the last label is counted in
 // the number of labels.  When false is returned the number of labels is not
 // defined.  Also note that this function is extremely liberal; almost any
 // string is a valid domain name as the DNS is 8 bit protocol. It checks if each
-// label fits in 63 characters, but there is no length check for the entire
-// string s. I.e.  a domain name longer than 255 characters is considered valid.
+// label fits in 63 characters and that the entire name will fit into the 255
+// octet wire format limit.
 func IsDomainName(s string) (labels int, ok bool) {
-	_, labels, err := packDomainName(s, nil, 0, nil, false)
-	return labels, err == nil
+	// XXX: The logic in this function was copied from packDomainName and
+	// should be kept in sync with that function.
+
+	const lenmsg = 256
+
+	if len(s) == 0 { // Ok, for instance when dealing with update RR without any rdata.
+		return 0, false
+	}
+
+	s = Fqdn(s)
+
+	// Each dot ends a segment of the name. Except for escaped dots (\.), which
+	// are normal dots.
+
+	var (
+		off    int
+		begin  int
+		wasDot bool
+	)
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '\\':
+			if off+1 > lenmsg {
+				return labels, false
+			}
+
+			// check for \DDD
+			if i+3 < len(s) && isDigit(s[i+1]) && isDigit(s[i+2]) && isDigit(s[i+3]) {
+				i += 3
+				begin += 3
+			} else {
+				i++
+				begin++
+			}
+
+			wasDot = false
+		case '.':
+			if wasDot {
+				// two dots back to back is not legal
+				return labels, false
+			}
+			wasDot = true
+
+			labelLen := i - begin
+			if labelLen >= 1<<6 { // top two bits of length must be clear
+				return labels, false
+			}
+
+			// off can already (we're in a loop) be bigger than lenmsg
+			// this happens when a name isn't fully qualified
+			off += 1 + labelLen
+			if off > lenmsg {
+				return labels, false
+			}
+
+			labels++
+			begin = i + 1
+		default:
+			wasDot = false
+		}
+	}
+
+	return labels, true
 }
 
 // IsSubDomain checks if child is indeed a child of the parent. If child and parent
@@ -181,7 +257,7 @@ func IsSubDomain(parent, child string) bool {
 // The checking is performed on the binary payload.
 func IsMsg(buf []byte) error {
 	// Header
-	if len(buf) < 12 {
+	if len(buf) < headerSize {
 		return errors.New("dns: bad message header")
 	}
 	// Header: Opcode
@@ -191,11 +267,18 @@ func IsMsg(buf []byte) error {
 
 // IsFqdn checks if a domain name is fully qualified.
 func IsFqdn(s string) bool {
-	l := len(s)
-	if l == 0 {
+	s2 := strings.TrimSuffix(s, ".")
+	if s == s2 {
 		return false
 	}
-	return s[l-1] == '.'
+
+	i := strings.LastIndexFunc(s2, func(r rune) bool {
+		return r != '\\'
+	})
+
+	// Test whether we have an even number of escape sequences before
+	// the dot or none.
+	return (len(s2)-i)%2 != 0
 }
 
 // IsRRset checks if a set of RRs is a valid RRset as defined by RFC 2181.
@@ -244,12 +327,19 @@ func ReverseAddr(addr string) (arpa string, err error) {
 	if ip == nil {
 		return "", &Error{err: "unrecognized address: " + addr}
 	}
-	if ip.To4() != nil {
-		return strconv.Itoa(int(ip[15])) + "." + strconv.Itoa(int(ip[14])) + "." + strconv.Itoa(int(ip[13])) + "." +
-			strconv.Itoa(int(ip[12])) + ".in-addr.arpa.", nil
+	if v4 := ip.To4(); v4 != nil {
+		buf := make([]byte, 0, net.IPv4len*4+len("in-addr.arpa."))
+		// Add it, in reverse, to the buffer
+		for i := len(v4) - 1; i >= 0; i-- {
+			buf = strconv.AppendInt(buf, int64(v4[i]), 10)
+			buf = append(buf, '.')
+		}
+		// Append "in-addr.arpa." and return (buf already has the final .)
+		buf = append(buf, "in-addr.arpa."...)
+		return string(buf), nil
 	}
 	// Must be IPv6
-	buf := make([]byte, 0, len(ip)*4+len("ip6.arpa."))
+	buf := make([]byte, 0, net.IPv6len*4+len("ip6.arpa."))
 	// Add it, in reverse, to the buffer
 	for i := len(ip) - 1; i >= 0; i-- {
 		v := ip[i]
diff --git a/vendor/github.com/miekg/dns/dns.go b/vendor/github.com/miekg/dns/dns.go
index e7557f51a8159..ad83a27ecfab8 100644
--- a/vendor/github.com/miekg/dns/dns.go
+++ b/vendor/github.com/miekg/dns/dns.go
@@ -34,10 +34,30 @@ type RR interface {
 
 	// copy returns a copy of the RR
 	copy() RR
-	// len returns the length (in octets) of the uncompressed RR in wire format.
-	len() int
-	// pack packs an RR into wire format.
-	pack([]byte, int, map[string]int, bool) (int, error)
+
+	// len returns the length (in octets) of the compressed or uncompressed RR in wire format.
+	//
+	// If compression is nil, the uncompressed size will be returned, otherwise the compressed
+	// size will be returned and domain names will be added to the map for future compression.
+	len(off int, compression map[string]struct{}) int
+
+	// pack packs the records RDATA into wire format. The header will
+	// already have been packed into msg.
+	pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error)
+
+	// unpack unpacks an RR from wire format.
+	//
+	// This will only be called on a new and empty RR type with only the header populated. It
+	// will only be called if the record's RDATA is non-empty.
+	unpack(msg []byte, off int) (off1 int, err error)
+
+	// parse parses an RR from zone file format.
+	//
+	// This will only be called on a new and empty RR type with only the header populated.
+	parse(c *zlexer, origin string) *ParseError
+
+	// isDuplicate returns whether the two RRs are duplicates.
+	isDuplicate(r2 RR) bool
 }
 
 // RR_Header is the header all DNS resource records share.
@@ -70,28 +90,45 @@ func (h *RR_Header) String() string {
 	return s
 }
 
-func (h *RR_Header) len() int {
-	l := len(h.Name) + 1
+func (h *RR_Header) len(off int, compression map[string]struct{}) int {
+	l := domainNameLen(h.Name, off, compression, true)
 	l += 10 // rrtype(2) + class(2) + ttl(4) + rdlength(2)
 	return l
 }
 
+func (h *RR_Header) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	// RR_Header has no RDATA to pack.
+	return off, nil
+}
+
+func (h *RR_Header) unpack(msg []byte, off int) (int, error) {
+	panic("dns: internal error: unpack should never be called on RR_Header")
+}
+
+func (h *RR_Header) parse(c *zlexer, origin string) *ParseError {
+	panic("dns: internal error: parse should never be called on RR_Header")
+}
+
 // ToRFC3597 converts a known RR to the unknown RR representation from RFC 3597.
 func (rr *RFC3597) ToRFC3597(r RR) error {
-	buf := make([]byte, r.len()*2)
-	off, err := PackRR(r, buf, 0, nil, false)
+	buf := make([]byte, Len(r)*2)
+	headerEnd, off, err := packRR(r, buf, 0, compressionMap{}, false)
 	if err != nil {
 		return err
 	}
 	buf = buf[:off]
-	if int(r.Header().Rdlength) > off {
-		return ErrBuf
+
+	*rr = RFC3597{Hdr: *r.Header()}
+	rr.Hdr.Rdlength = uint16(off - headerEnd)
+
+	if noRdata(rr.Hdr) {
+		return nil
 	}
 
-	rfc3597, _, err := unpackRFC3597(*r.Header(), buf, off-int(r.Header().Rdlength))
+	_, err = rr.unpack(buf, headerEnd)
 	if err != nil {
 		return err
 	}
-	*rr = *rfc3597.(*RFC3597)
+
 	return nil
 }
diff --git a/vendor/github.com/miekg/dns/dnssec.go b/vendor/github.com/miekg/dns/dnssec.go
index 478cb1e901a4b..12a693f97cf90 100644
--- a/vendor/github.com/miekg/dns/dnssec.go
+++ b/vendor/github.com/miekg/dns/dnssec.go
@@ -67,9 +67,6 @@ var AlgorithmToString = map[uint8]string{
 	PRIVATEOID:       "PRIVATEOID",
 }
 
-// StringToAlgorithm is the reverse of AlgorithmToString.
-var StringToAlgorithm = reverseInt8(AlgorithmToString)
-
 // AlgorithmToHash is a map of algorithm crypto hash IDs to crypto.Hash's.
 var AlgorithmToHash = map[uint8]crypto.Hash{
 	RSAMD5:           crypto.MD5, // Deprecated in RFC 6725
@@ -102,9 +99,6 @@ var HashToString = map[uint8]string{
 	SHA512: "SHA512",
 }
 
-// StringToHash is a map of names to hash IDs.
-var StringToHash = reverseInt8(HashToString)
-
 // DNSKEY flag values.
 const (
 	SEP    = 1
@@ -147,8 +141,8 @@ func (k *DNSKEY) KeyTag() uint16 {
 	switch k.Algorithm {
 	case RSAMD5:
 		// Look at the bottom two bytes of the modules, which the last
-		// item in the pubkey. We could do this faster by looking directly
-		// at the base64 values. But I'm lazy.
+		// item in the pubkey.
+		// This algorithm has been deprecated, but keep this key-tag calculation.
 		modulus, _ := fromBase64([]byte(k.PublicKey))
 		if len(modulus) > 1 {
 			x := binary.BigEndian.Uint16(modulus[len(modulus)-2:])
@@ -173,7 +167,7 @@ func (k *DNSKEY) KeyTag() uint16 {
 				keytag += int(v) << 8
 			}
 		}
-		keytag += (keytag >> 16) & 0xFFFF
+		keytag += keytag >> 16 & 0xFFFF
 		keytag &= 0xFFFF
 	}
 	return uint16(keytag)
@@ -268,16 +262,17 @@ func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
 		return ErrKey
 	}
 
+	h0 := rrset[0].Header()
 	rr.Hdr.Rrtype = TypeRRSIG
-	rr.Hdr.Name = rrset[0].Header().Name
-	rr.Hdr.Class = rrset[0].Header().Class
+	rr.Hdr.Name = h0.Name
+	rr.Hdr.Class = h0.Class
 	if rr.OrigTtl == 0 { // If set don't override
-		rr.OrigTtl = rrset[0].Header().Ttl
+		rr.OrigTtl = h0.Ttl
 	}
-	rr.TypeCovered = rrset[0].Header().Rrtype
-	rr.Labels = uint8(CountLabel(rrset[0].Header().Name))
+	rr.TypeCovered = h0.Rrtype
+	rr.Labels = uint8(CountLabel(h0.Name))
 
-	if strings.HasPrefix(rrset[0].Header().Name, "*") {
+	if strings.HasPrefix(h0.Name, "*") {
 		rr.Labels-- // wildcard, remove from label count
 	}
 
@@ -323,6 +318,9 @@ func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
 		}
 
 		rr.Signature = toBase64(signature)
+	case RSAMD5, DSA, DSANSEC3SHA1:
+		// See RFC 6944.
+		return ErrAlg
 	default:
 		h := hash.New()
 		h.Write(signdata)
@@ -401,7 +399,7 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
 	if rr.Algorithm != k.Algorithm {
 		return ErrKey
 	}
-	if strings.ToLower(rr.SignerName) != strings.ToLower(k.Hdr.Name) {
+	if !strings.EqualFold(rr.SignerName, k.Hdr.Name) {
 		return ErrKey
 	}
 	if k.Protocol != 3 {
@@ -411,10 +409,7 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
 	// IsRRset checked that we have at least one RR and that the RRs in
 	// the set have consistent type, class, and name. Also check that type and
 	// class matches the RRSIG record.
-	if rrset[0].Header().Class != rr.Hdr.Class {
-		return ErrRRset
-	}
-	if rrset[0].Header().Rrtype != rr.TypeCovered {
+	if h0 := rrset[0].Header(); h0.Class != rr.Hdr.Class || h0.Rrtype != rr.TypeCovered {
 		return ErrRRset
 	}
 
@@ -512,8 +507,8 @@ func (rr *RRSIG) ValidityPeriod(t time.Time) bool {
 	}
 	modi := (int64(rr.Inception) - utc) / year68
 	mode := (int64(rr.Expiration) - utc) / year68
-	ti := int64(rr.Inception) + (modi * year68)
-	te := int64(rr.Expiration) + (mode * year68)
+	ti := int64(rr.Inception) + modi*year68
+	te := int64(rr.Expiration) + mode*year68
 	return ti <= utc && utc <= te
 }
 
@@ -533,6 +528,11 @@ func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey {
 		return nil
 	}
 
+	if len(keybuf) < 1+1+64 {
+		// Exponent must be at least 1 byte and modulus at least 64
+		return nil
+	}
+
 	// RFC 2537/3110, section 2. RSA Public KEY Resource Records
 	// Length is in the 0th byte, unless its zero, then it
 	// it in bytes 1 and 2 and its a 16 bit number
@@ -542,25 +542,35 @@ func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey {
 		explen = uint16(keybuf[1])<<8 | uint16(keybuf[2])
 		keyoff = 3
 	}
+
+	if explen > 4 || explen == 0 || keybuf[keyoff] == 0 {
+		// Exponent larger than supported by the crypto package,
+		// empty, or contains prohibited leading zero.
+		return nil
+	}
+
+	modoff := keyoff + int(explen)
+	modlen := len(keybuf) - modoff
+	if modlen < 64 || modlen > 512 || keybuf[modoff] == 0 {
+		// Modulus is too small, large, or contains prohibited leading zero.
+		return nil
+	}
+
 	pubkey := new(rsa.PublicKey)
 
-	pubkey.N = big.NewInt(0)
-	shift := uint64((explen - 1) * 8)
-	expo := uint64(0)
-	for i := int(explen - 1); i > 0; i-- {
-		expo += uint64(keybuf[keyoff+i]) << shift
-		shift -= 8
-	}
-	// Remainder
-	expo += uint64(keybuf[keyoff])
-	if expo > (2<<31)+1 {
-		// Larger expo than supported.
-		// println("dns: F5 primes (or larger) are not supported")
+	var expo uint64
+	// The exponent of length explen is between keyoff and modoff.
+	for _, v := range keybuf[keyoff:modoff] {
+		expo <<= 8
+		expo |= uint64(v)
+	}
+	if expo > 1<<31-1 {
+		// Larger exponent than supported by the crypto package.
 		return nil
 	}
-	pubkey.E = int(expo)
 
-	pubkey.N.SetBytes(keybuf[keyoff+int(explen):])
+	pubkey.E = int(expo)
+	pubkey.N = new(big.Int).SetBytes(keybuf[modoff:])
 	return pubkey
 }
 
@@ -585,10 +595,8 @@ func (k *DNSKEY) publicKeyECDSA() *ecdsa.PublicKey {
 			return nil
 		}
 	}
-	pubkey.X = big.NewInt(0)
-	pubkey.X.SetBytes(keybuf[:len(keybuf)/2])
-	pubkey.Y = big.NewInt(0)
-	pubkey.Y.SetBytes(keybuf[len(keybuf)/2:])
+	pubkey.X = new(big.Int).SetBytes(keybuf[:len(keybuf)/2])
+	pubkey.Y = new(big.Int).SetBytes(keybuf[len(keybuf)/2:])
 	return pubkey
 }
 
@@ -609,10 +617,10 @@ func (k *DNSKEY) publicKeyDSA() *dsa.PublicKey {
 	p, keybuf := keybuf[:size], keybuf[size:]
 	g, y := keybuf[:size], keybuf[size:]
 	pubkey := new(dsa.PublicKey)
-	pubkey.Parameters.Q = big.NewInt(0).SetBytes(q)
-	pubkey.Parameters.P = big.NewInt(0).SetBytes(p)
-	pubkey.Parameters.G = big.NewInt(0).SetBytes(g)
-	pubkey.Y = big.NewInt(0).SetBytes(y)
+	pubkey.Parameters.Q = new(big.Int).SetBytes(q)
+	pubkey.Parameters.P = new(big.Int).SetBytes(p)
+	pubkey.Parameters.G = new(big.Int).SetBytes(g)
+	pubkey.Y = new(big.Int).SetBytes(y)
 	return pubkey
 }
 
@@ -642,15 +650,16 @@ func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) {
 	wires := make(wireSlice, len(rrset))
 	for i, r := range rrset {
 		r1 := r.copy()
-		r1.Header().Ttl = s.OrigTtl
-		labels := SplitDomainName(r1.Header().Name)
+		h := r1.Header()
+		h.Ttl = s.OrigTtl
+		labels := SplitDomainName(h.Name)
 		// 6.2. Canonical RR Form. (4) - wildcards
 		if len(labels) > int(s.Labels) {
 			// Wildcard
-			r1.Header().Name = "*." + strings.Join(labels[len(labels)-int(s.Labels):], ".") + "."
+			h.Name = "*." + strings.Join(labels[len(labels)-int(s.Labels):], ".") + "."
 		}
 		// RFC 4034: 6.2.  Canonical RR Form. (2) - domain name to lowercase
-		r1.Header().Name = strings.ToLower(r1.Header().Name)
+		h.Name = strings.ToLower(h.Name)
 		// 6.2. Canonical RR Form. (3) - domain rdata to lowercase.
 		//   NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR,
 		//   HINFO, MINFO, MX, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX,
@@ -708,7 +717,7 @@ func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) {
 			x.Target = strings.ToLower(x.Target)
 		}
 		// 6.2. Canonical RR Form. (5) - origTTL
-		wire := make([]byte, r1.len()+1) // +1 to be safe(r)
+		wire := make([]byte, Len(r1)+1) // +1 to be safe(r)
 		off, err1 := PackRR(r1, wire, 0, nil, false)
 		if err1 != nil {
 			return nil, err1
diff --git a/vendor/github.com/miekg/dns/dnssec_keygen.go b/vendor/github.com/miekg/dns/dnssec_keygen.go
index 33e913ac527d8..60737e5b2b348 100644
--- a/vendor/github.com/miekg/dns/dnssec_keygen.go
+++ b/vendor/github.com/miekg/dns/dnssec_keygen.go
@@ -2,7 +2,6 @@ package dns
 
 import (
 	"crypto"
-	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
@@ -20,11 +19,9 @@ import (
 // bits should be set to the size of the algorithm.
 func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {
 	switch k.Algorithm {
-	case DSA, DSANSEC3SHA1:
-		if bits != 1024 {
-			return nil, ErrKeySize
-		}
-	case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
+	case RSAMD5, DSA, DSANSEC3SHA1:
+		return nil, ErrAlg
+	case RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
 		if bits < 512 || bits > 4096 {
 			return nil, ErrKeySize
 		}
@@ -47,20 +44,7 @@ func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {
 	}
 
 	switch k.Algorithm {
-	case DSA, DSANSEC3SHA1:
-		params := new(dsa.Parameters)
-		if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
-			return nil, err
-		}
-		priv := new(dsa.PrivateKey)
-		priv.PublicKey.Parameters = *params
-		err := dsa.GenerateKey(priv, rand.Reader)
-		if err != nil {
-			return nil, err
-		}
-		k.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
-		return priv, nil
-	case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
+	case RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
 		priv, err := rsa.GenerateKey(rand.Reader, bits)
 		if err != nil {
 			return nil, err
@@ -120,16 +104,6 @@ func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool {
 	return true
 }
 
-// Set the public key for DSA
-func (k *DNSKEY) setPublicKeyDSA(_Q, _P, _G, _Y *big.Int) bool {
-	if _Q == nil || _P == nil || _G == nil || _Y == nil {
-		return false
-	}
-	buf := dsaToBuf(_Q, _P, _G, _Y)
-	k.PublicKey = toBase64(buf)
-	return true
-}
-
 // Set the public key for Ed25519
 func (k *DNSKEY) setPublicKeyED25519(_K ed25519.PublicKey) bool {
 	if _K == nil {
@@ -164,15 +138,3 @@ func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
 	buf = append(buf, intToBytes(_Y, intlen)...)
 	return buf
 }
-
-// Set the public key for X and Y for Curve. The two
-// values are just concatenated.
-func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
-	t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
-	buf := []byte{byte(t)}
-	buf = append(buf, intToBytes(_Q, 20)...)
-	buf = append(buf, intToBytes(_P, 64+t*8)...)
-	buf = append(buf, intToBytes(_G, 64+t*8)...)
-	buf = append(buf, intToBytes(_Y, 64+t*8)...)
-	return buf
-}
diff --git a/vendor/github.com/miekg/dns/dnssec_keyscan.go b/vendor/github.com/miekg/dns/dnssec_keyscan.go
index e2d9d8f924f34..0e6f3201656b3 100644
--- a/vendor/github.com/miekg/dns/dnssec_keyscan.go
+++ b/vendor/github.com/miekg/dns/dnssec_keyscan.go
@@ -1,9 +1,8 @@
 package dns
 
 import (
-	"bytes"
+	"bufio"
 	"crypto"
-	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/rsa"
 	"io"
@@ -44,19 +43,8 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (crypto.PrivateKey, er
 		return nil, ErrPrivKey
 	}
 	switch uint8(algo) {
-	case DSA:
-		priv, err := readPrivateKeyDSA(m)
-		if err != nil {
-			return nil, err
-		}
-		pub := k.publicKeyDSA()
-		if pub == nil {
-			return nil, ErrKey
-		}
-		priv.PublicKey = *pub
-		return priv, nil
-	case RSAMD5:
-		fallthrough
+	case RSAMD5, DSA, DSANSEC3SHA1:
+		return nil, ErrAlg
 	case RSASHA1:
 		fallthrough
 	case RSASHA1NSEC3SHA1:
@@ -109,21 +97,16 @@ func readPrivateKeyRSA(m map[string]string) (*rsa.PrivateKey, error) {
 			}
 			switch k {
 			case "modulus":
-				p.PublicKey.N = big.NewInt(0)
-				p.PublicKey.N.SetBytes(v1)
+				p.PublicKey.N = new(big.Int).SetBytes(v1)
 			case "publicexponent":
-				i := big.NewInt(0)
-				i.SetBytes(v1)
+				i := new(big.Int).SetBytes(v1)
 				p.PublicKey.E = int(i.Int64()) // int64 should be large enough
 			case "privateexponent":
-				p.D = big.NewInt(0)
-				p.D.SetBytes(v1)
+				p.D = new(big.Int).SetBytes(v1)
 			case "prime1":
-				p.Primes[0] = big.NewInt(0)
-				p.Primes[0].SetBytes(v1)
+				p.Primes[0] = new(big.Int).SetBytes(v1)
 			case "prime2":
-				p.Primes[1] = big.NewInt(0)
-				p.Primes[1].SetBytes(v1)
+				p.Primes[1] = new(big.Int).SetBytes(v1)
 			}
 		case "exponent1", "exponent2", "coefficient":
 			// not used in Go (yet)
@@ -134,27 +117,9 @@ func readPrivateKeyRSA(m map[string]string) (*rsa.PrivateKey, error) {
 	return p, nil
 }
 
-func readPrivateKeyDSA(m map[string]string) (*dsa.PrivateKey, error) {
-	p := new(dsa.PrivateKey)
-	p.X = big.NewInt(0)
-	for k, v := range m {
-		switch k {
-		case "private_value(x)":
-			v1, err := fromBase64([]byte(v))
-			if err != nil {
-				return nil, err
-			}
-			p.X.SetBytes(v1)
-		case "created", "publish", "activate":
-			/* not used in Go (yet) */
-		}
-	}
-	return p, nil
-}
-
 func readPrivateKeyECDSA(m map[string]string) (*ecdsa.PrivateKey, error) {
 	p := new(ecdsa.PrivateKey)
-	p.D = big.NewInt(0)
+	p.D = new(big.Int)
 	// TODO: validate that the required flags are present
 	for k, v := range m {
 		switch k {
@@ -181,22 +146,10 @@ func readPrivateKeyED25519(m map[string]string) (ed25519.PrivateKey, error) {
 			if err != nil {
 				return nil, err
 			}
-			if len(p1) != 32 {
+			if len(p1) != ed25519.SeedSize {
 				return nil, ErrPrivKey
 			}
-			// RFC 8080 and Golang's x/crypto/ed25519 differ as to how the
-			// private keys are represented. RFC 8080 specifies that private
-			// keys be stored solely as the seed value (p1 above) while the
-			// ed25519 package represents them as the seed value concatenated
-			// to the public key, which is derived from the seed value.
-			//
-			// ed25519.GenerateKey reads exactly 32 bytes from the passed in
-			// io.Reader and uses them as the seed. It also derives the
-			// public key and produces a compatible private key.
-			_, p, err = ed25519.GenerateKey(bytes.NewReader(p1))
-			if err != nil {
-				return nil, err
-			}
+			p = ed25519.NewKeyFromSeed(p1)
 		case "created", "publish", "activate":
 			/* not used in Go (yet) */
 		}
@@ -207,23 +160,12 @@ func readPrivateKeyED25519(m map[string]string) (ed25519.PrivateKey, error) {
 // parseKey reads a private key from r. It returns a map[string]string,
 // with the key-value pairs, or an error when the file is not correct.
 func parseKey(r io.Reader, file string) (map[string]string, error) {
-	s, cancel := scanInit(r)
 	m := make(map[string]string)
-	c := make(chan lex)
-	k := ""
-	defer func() {
-		cancel()
-		// zlexer can send up to two tokens, the next one and possibly 1 remainders.
-		// Do a non-blocking read.
-		_, ok := <-c
-		_, ok = <-c
-		if !ok {
-			// too bad
-		}
-	}()
-	// Start the lexer
-	go klexer(s, c)
-	for l := range c {
+	var k string
+
+	c := newKLexer(r)
+
+	for l, ok := c.Next(); ok; l, ok = c.Next() {
 		// It should alternate
 		switch l.value {
 		case zKey:
@@ -232,41 +174,111 @@ func parseKey(r io.Reader, file string) (map[string]string, error) {
 			if k == "" {
 				return nil, &ParseError{file, "no private key seen", l}
 			}
-			//println("Setting", strings.ToLower(k), "to", l.token, "b")
+
 			m[strings.ToLower(k)] = l.token
 			k = ""
 		}
 	}
+
+	// Surface any read errors from r.
+	if err := c.Err(); err != nil {
+		return nil, &ParseError{file: file, err: err.Error()}
+	}
+
 	return m, nil
 }
 
-// klexer scans the sourcefile and returns tokens on the channel c.
-func klexer(s *scan, c chan lex) {
-	var l lex
-	str := "" // Hold the current read text
-	commt := false
-	key := true
-	x, err := s.tokenText()
-	defer close(c)
-	for err == nil {
-		l.column = s.position.Column
-		l.line = s.position.Line
+type klexer struct {
+	br io.ByteReader
+
+	readErr error
+
+	line   int
+	column int
+
+	key bool
+
+	eol bool // end-of-line
+}
+
+func newKLexer(r io.Reader) *klexer {
+	br, ok := r.(io.ByteReader)
+	if !ok {
+		br = bufio.NewReaderSize(r, 1024)
+	}
+
+	return &klexer{
+		br: br,
+
+		line: 1,
+
+		key: true,
+	}
+}
+
+func (kl *klexer) Err() error {
+	if kl.readErr == io.EOF {
+		return nil
+	}
+
+	return kl.readErr
+}
+
+// readByte returns the next byte from the input
+func (kl *klexer) readByte() (byte, bool) {
+	if kl.readErr != nil {
+		return 0, false
+	}
+
+	c, err := kl.br.ReadByte()
+	if err != nil {
+		kl.readErr = err
+		return 0, false
+	}
+
+	// delay the newline handling until the next token is delivered,
+	// fixes off-by-one errors when reporting a parse error.
+	if kl.eol {
+		kl.line++
+		kl.column = 0
+		kl.eol = false
+	}
+
+	if c == '\n' {
+		kl.eol = true
+	} else {
+		kl.column++
+	}
+
+	return c, true
+}
+
+func (kl *klexer) Next() (lex, bool) {
+	var (
+		l lex
+
+		str strings.Builder
+
+		commt bool
+	)
+
+	for x, ok := kl.readByte(); ok; x, ok = kl.readByte() {
+		l.line, l.column = kl.line, kl.column
+
 		switch x {
 		case ':':
-			if commt {
+			if commt || !kl.key {
 				break
 			}
-			l.token = str
-			if key {
-				l.value = zKey
-				c <- l
-				// Next token is a space, eat it
-				s.tokenText()
-				key = false
-				str = ""
-			} else {
-				l.value = zValue
-			}
+
+			kl.key = false
+
+			// Next token is a space, eat it
+			kl.readByte()
+
+			l.value = zKey
+			l.token = str.String()
+			return l, true
 		case ';':
 			commt = true
 		case '\n':
@@ -274,24 +286,37 @@ func klexer(s *scan, c chan lex) {
 				// Reset a comment
 				commt = false
 			}
+
+			if kl.key && str.Len() == 0 {
+				// ignore empty lines
+				break
+			}
+
+			kl.key = true
+
 			l.value = zValue
-			l.token = str
-			c <- l
-			str = ""
-			commt = false
-			key = true
+			l.token = str.String()
+			return l, true
 		default:
 			if commt {
 				break
 			}
-			str += string(x)
+
+			str.WriteByte(x)
 		}
-		x, err = s.tokenText()
 	}
-	if len(str) > 0 {
+
+	if kl.readErr != nil && kl.readErr != io.EOF {
+		// Don't return any tokens after a read error occurs.
+		return lex{value: zEOF}, false
+	}
+
+	if str.Len() > 0 {
 		// Send remainder
-		l.token = str
 		l.value = zValue
-		c <- l
+		l.token = str.String()
+		return l, true
 	}
+
+	return lex{value: zEOF}, false
 }
diff --git a/vendor/github.com/miekg/dns/dnssec_privkey.go b/vendor/github.com/miekg/dns/dnssec_privkey.go
index 46f3215c8fb4b..4493c9d574550 100644
--- a/vendor/github.com/miekg/dns/dnssec_privkey.go
+++ b/vendor/github.com/miekg/dns/dnssec_privkey.go
@@ -13,6 +13,8 @@ import (
 
 const format = "Private-key-format: v1.3\n"
 
+var bigIntOne = big.NewInt(1)
+
 // PrivateKeyString converts a PrivateKey to a string. This string has the same
 // format as the private-key-file of BIND9 (Private-key-format: v1.3).
 // It needs some info from the key (the algorithm), so its a method of the DNSKEY
@@ -31,12 +33,11 @@ func (r *DNSKEY) PrivateKeyString(p crypto.PrivateKey) string {
 		prime2 := toBase64(p.Primes[1].Bytes())
 		// Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
 		// and from: http://code.google.com/p/go/issues/detail?id=987
-		one := big.NewInt(1)
-		p1 := big.NewInt(0).Sub(p.Primes[0], one)
-		q1 := big.NewInt(0).Sub(p.Primes[1], one)
-		exp1 := big.NewInt(0).Mod(p.D, p1)
-		exp2 := big.NewInt(0).Mod(p.D, q1)
-		coeff := big.NewInt(0).ModInverse(p.Primes[1], p.Primes[0])
+		p1 := new(big.Int).Sub(p.Primes[0], bigIntOne)
+		q1 := new(big.Int).Sub(p.Primes[1], bigIntOne)
+		exp1 := new(big.Int).Mod(p.D, p1)
+		exp2 := new(big.Int).Mod(p.D, q1)
+		coeff := new(big.Int).ModInverse(p.Primes[1], p.Primes[0])
 
 		exponent1 := toBase64(exp1.Bytes())
 		exponent2 := toBase64(exp2.Bytes())
@@ -82,7 +83,7 @@ func (r *DNSKEY) PrivateKeyString(p crypto.PrivateKey) string {
 			"Public_value(y): " + pub + "\n"
 
 	case ed25519.PrivateKey:
-		private := toBase64(p[:32])
+		private := toBase64(p.Seed())
 		return format +
 			"Algorithm: " + algorithm + "\n" +
 			"PrivateKey: " + private + "\n"
diff --git a/vendor/github.com/miekg/dns/doc.go b/vendor/github.com/miekg/dns/doc.go
index 0389d7248ef17..3318b77e08136 100644
--- a/vendor/github.com/miekg/dns/doc.go
+++ b/vendor/github.com/miekg/dns/doc.go
@@ -1,20 +1,20 @@
 /*
 Package dns implements a full featured interface to the Domain Name System.
-Server- and client-side programming is supported.
-The package allows complete control over what is sent out to the DNS. The package
-API follows the less-is-more principle, by presenting a small, clean interface.
+Both server- and client-side programming is supported. The package allows
+complete control over what is sent out to the DNS. The API follows the
+less-is-more principle, by presenting a small, clean interface.
 
-The package dns supports (asynchronous) querying/replying, incoming/outgoing zone transfers,
+It supports (asynchronous) querying/replying, incoming/outgoing zone transfers,
 TSIG, EDNS0, dynamic updates, notifies and DNSSEC validation/signing.
-Note that domain names MUST be fully qualified, before sending them, unqualified
+
+Note that domain names MUST be fully qualified before sending them, unqualified
 names in a message will result in a packing failure.
 
-Resource records are native types. They are not stored in wire format.
-Basic usage pattern for creating a new resource record:
+Resource records are native types. They are not stored in wire format. Basic
+usage pattern for creating a new resource record:
 
      r := new(dns.MX)
-     r.Hdr = dns.RR_Header{Name: "miek.nl.", Rrtype: dns.TypeMX,
-     Class: dns.ClassINET, Ttl: 3600}
+     r.Hdr = dns.RR_Header{Name: "miek.nl.", Rrtype: dns.TypeMX, Class: dns.ClassINET, Ttl: 3600}
      r.Preference = 10
      r.Mx = "mx.miek.nl."
 
@@ -30,8 +30,8 @@ Or even:
 
      mx, err := dns.NewRR("$ORIGIN nl.\nmiek 1H IN MX 10 mx.miek")
 
-In the DNS messages are exchanged, these messages contain resource
-records (sets). Use pattern for creating a message:
+In the DNS messages are exchanged, these messages contain resource records
+(sets). Use pattern for creating a message:
 
      m := new(dns.Msg)
      m.SetQuestion("miek.nl.", dns.TypeMX)
@@ -40,8 +40,8 @@ Or when not certain if the domain name is fully qualified:
 
 	m.SetQuestion(dns.Fqdn("miek.nl"), dns.TypeMX)
 
-The message m is now a message with the question section set to ask
-the MX records for the miek.nl. zone.
+The message m is now a message with the question section set to ask the MX
+records for the miek.nl. zone.
 
 The following is slightly more verbose, but more flexible:
 
@@ -51,9 +51,8 @@ The following is slightly more verbose, but more flexible:
      m1.Question = make([]dns.Question, 1)
      m1.Question[0] = dns.Question{"miek.nl.", dns.TypeMX, dns.ClassINET}
 
-After creating a message it can be sent.
-Basic use pattern for synchronous querying the DNS at a
-server configured on 127.0.0.1 and port 53:
+After creating a message it can be sent. Basic use pattern for synchronous
+querying the DNS at a server configured on 127.0.0.1 and port 53:
 
      c := new(dns.Client)
      in, rtt, err := c.Exchange(m1, "127.0.0.1:53")
@@ -84,7 +83,7 @@ with:
 
 	in, err := dns.Exchange(m1, "127.0.0.1:53")
 
-When this functions returns you will get dns message. A dns message consists
+When this functions returns you will get DNS message. A DNS message consists
 out of four sections.
 The question section: in.Question, the answer section: in.Answer,
 the authority section: in.Ns and the additional section: in.Extra.
@@ -99,25 +98,24 @@ the Answer section:
 
 Domain Name and TXT Character String Representations
 
-Both domain names and TXT character strings are converted to presentation
-form both when unpacked and when converted to strings.
+Both domain names and TXT character strings are converted to presentation form
+both when unpacked and when converted to strings.
 
 For TXT character strings, tabs, carriage returns and line feeds will be
-converted to \t, \r and \n respectively. Back slashes and quotations marks
-will be escaped. Bytes below 32 and above 127 will be converted to \DDD
-form.
+converted to \t, \r and \n respectively. Back slashes and quotations marks will
+be escaped. Bytes below 32 and above 127 will be converted to \DDD form.
 
-For domain names, in addition to the above rules brackets, periods,
-spaces, semicolons and the at symbol are escaped.
+For domain names, in addition to the above rules brackets, periods, spaces,
+semicolons and the at symbol are escaped.
 
 DNSSEC
 
-DNSSEC (DNS Security Extension) adds a layer of security to the DNS. It
-uses public key cryptography to sign resource records. The
-public keys are stored in DNSKEY records and the signatures in RRSIG records.
+DNSSEC (DNS Security Extension) adds a layer of security to the DNS. It uses
+public key cryptography to sign resource records. The public keys are stored in
+DNSKEY records and the signatures in RRSIG records.
 
-Requesting DNSSEC information for a zone is done by adding the DO (DNSSEC OK) bit
-to a request.
+Requesting DNSSEC information for a zone is done by adding the DO (DNSSEC OK)
+bit to a request.
 
      m := new(dns.Msg)
      m.SetEdns0(4096, true)
@@ -126,9 +124,9 @@ Signature generation, signature verification and key generation are all supporte
 
 DYNAMIC UPDATES
 
-Dynamic updates reuses the DNS message format, but renames three of
-the sections. Question is Zone, Answer is Prerequisite, Authority is
-Update, only the Additional is not renamed. See RFC 2136 for the gory details.
+Dynamic updates reuses the DNS message format, but renames three of the
+sections. Question is Zone, Answer is Prerequisite, Authority is Update, only
+the Additional is not renamed. See RFC 2136 for the gory details.
 
 You can set a rather complex set of rules for the existence of absence of
 certain resource records or names in a zone to specify if resource records
@@ -145,10 +143,9 @@ DNS function shows which functions exist to specify the prerequisites.
   NONE     rrset    empty    RRset does not exist       dns.RRsetNotUsed
   zone     rrset    rr       RRset exists (value dep)   dns.Used
 
-The prerequisite section can also be left empty.
-If you have decided on the prerequisites you can tell what RRs should
-be added or deleted. The next table shows the options you have and
-what functions to call.
+The prerequisite section can also be left empty. If you have decided on the
+prerequisites you can tell what RRs should be added or deleted. The next table
+shows the options you have and what functions to call.
 
  3.4.2.6 - Table Of Metavalues Used In Update Section
 
@@ -181,10 +178,10 @@ changes to the RRset after calling SetTsig() the signature will be incorrect.
 	...
 	// When sending the TSIG RR is calculated and filled in before sending
 
-When requesting an zone transfer (almost all TSIG usage is when requesting zone transfers), with
-TSIG, this is the basic use pattern. In this example we request an AXFR for
-miek.nl. with TSIG key named "axfr." and secret "so6ZGir4GPAqINNh9U5c3A=="
-and using the server 176.58.119.54:
+When requesting an zone transfer (almost all TSIG usage is when requesting zone
+transfers), with TSIG, this is the basic use pattern. In this example we
+request an AXFR for miek.nl. with TSIG key named "axfr." and secret
+"so6ZGir4GPAqINNh9U5c3A==" and using the server 176.58.119.54:
 
 	t := new(dns.Transfer)
 	m := new(dns.Msg)
@@ -194,8 +191,8 @@ and using the server 176.58.119.54:
 	c, err := t.In(m, "176.58.119.54:53")
 	for r := range c { ... }
 
-You can now read the records from the transfer as they come in. Each envelope is checked with TSIG.
-If something is not correct an error is returned.
+You can now read the records from the transfer as they come in. Each envelope
+is checked with TSIG. If something is not correct an error is returned.
 
 Basic use pattern validating and replying to a message that has TSIG set.
 
@@ -220,28 +217,28 @@ Basic use pattern validating and replying to a message that has TSIG set.
 
 PRIVATE RRS
 
-RFC 6895 sets aside a range of type codes for private use. This range
-is 65,280 - 65,534 (0xFF00 - 0xFFFE). When experimenting with new Resource Records these
+RFC 6895 sets aside a range of type codes for private use. This range is 65,280
+- 65,534 (0xFF00 - 0xFFFE). When experimenting with new Resource Records these
 can be used, before requesting an official type code from IANA.
 
-see http://miek.nl/2014/September/21/idn-and-private-rr-in-go-dns/ for more
+See https://miek.nl/2014/september/21/idn-and-private-rr-in-go-dns/ for more
 information.
 
 EDNS0
 
-EDNS0 is an extension mechanism for the DNS defined in RFC 2671 and updated
-by RFC 6891. It defines an new RR type, the OPT RR, which is then completely
+EDNS0 is an extension mechanism for the DNS defined in RFC 2671 and updated by
+RFC 6891. It defines an new RR type, the OPT RR, which is then completely
 abused.
+
 Basic use pattern for creating an (empty) OPT RR:
 
 	o := new(dns.OPT)
 	o.Hdr.Name = "." // MUST be the root zone, per definition.
 	o.Hdr.Rrtype = dns.TypeOPT
 
-The rdata of an OPT RR consists out of a slice of EDNS0 (RFC 6891)
-interfaces. Currently only a few have been standardized: EDNS0_NSID
-(RFC 5001) and EDNS0_SUBNET (draft-vandergaast-edns-client-subnet-02). Note
-that these options may be combined in an OPT RR.
+The rdata of an OPT RR consists out of a slice of EDNS0 (RFC 6891) interfaces.
+Currently only a few have been standardized: EDNS0_NSID (RFC 5001) and
+EDNS0_SUBNET (RFC 7871). Note that these options may be combined in an OPT RR.
 Basic use pattern for a server to check if (and which) options are set:
 
 	// o is a dns.OPT
@@ -262,10 +259,9 @@ From RFC 2931:
     ... protection for glue records, DNS requests, protection for message headers
     on requests and responses, and protection of the overall integrity of a response.
 
-It works like TSIG, except that SIG(0) uses public key cryptography, instead of the shared
-secret approach in TSIG.
-Supported algorithms: DSA, ECDSAP256SHA256, ECDSAP384SHA384, RSASHA1, RSASHA256 and
-RSASHA512.
+It works like TSIG, except that SIG(0) uses public key cryptography, instead of
+the shared secret approach in TSIG. Supported algorithms: DSA, ECDSAP256SHA256,
+ECDSAP384SHA384, RSASHA1, RSASHA256 and RSASHA512.
 
 Signing subsequent messages in multi-message sessions is not implemented.
 */
diff --git a/vendor/github.com/miekg/dns/duplicate.go b/vendor/github.com/miekg/dns/duplicate.go
new file mode 100644
index 0000000000000..49e6940b661d5
--- /dev/null
+++ b/vendor/github.com/miekg/dns/duplicate.go
@@ -0,0 +1,38 @@
+package dns
+
+//go:generate go run duplicate_generate.go
+
+// IsDuplicate checks of r1 and r2 are duplicates of each other, excluding the TTL.
+// So this means the header data is equal *and* the RDATA is the same. Return true
+// is so, otherwise false.
+// It's a protocol violation to have identical RRs in a message.
+func IsDuplicate(r1, r2 RR) bool {
+	// Check whether the record header is identical.
+	if !r1.Header().isDuplicate(r2.Header()) {
+		return false
+	}
+
+	// Check whether the RDATA is identical.
+	return r1.isDuplicate(r2)
+}
+
+func (r1 *RR_Header) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*RR_Header)
+	if !ok {
+		return false
+	}
+	if r1.Class != r2.Class {
+		return false
+	}
+	if r1.Rrtype != r2.Rrtype {
+		return false
+	}
+	if !isDuplicateName(r1.Name, r2.Name) {
+		return false
+	}
+	// ignore TTL
+	return true
+}
+
+// isDuplicateName checks if the domain names s1 and s2 are equal.
+func isDuplicateName(s1, s2 string) bool { return equal(s1, s2) }
diff --git a/vendor/github.com/miekg/dns/edns.go b/vendor/github.com/miekg/dns/edns.go
index 6f9d2ea3936b3..04808d57897d7 100644
--- a/vendor/github.com/miekg/dns/edns.go
+++ b/vendor/github.com/miekg/dns/edns.go
@@ -78,36 +78,44 @@ func (rr *OPT) String() string {
 	return s
 }
 
-func (rr *OPT) len() int {
-	l := rr.Hdr.len()
-	for i := 0; i < len(rr.Option); i++ {
+func (rr *OPT) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	for _, o := range rr.Option {
 		l += 4 // Account for 2-byte option code and 2-byte option length.
-		lo, _ := rr.Option[i].pack()
+		lo, _ := o.pack()
 		l += len(lo)
 	}
 	return l
 }
 
+func (rr *OPT) parse(c *zlexer, origin string) *ParseError {
+	panic("dns: internal error: parse should never be called on OPT")
+}
+
+func (r1 *OPT) isDuplicate(r2 RR) bool { return false }
+
 // return the old value -> delete SetVersion?
 
 // Version returns the EDNS version used. Only zero is defined.
 func (rr *OPT) Version() uint8 {
-	return uint8((rr.Hdr.Ttl & 0x00FF0000) >> 16)
+	return uint8(rr.Hdr.Ttl & 0x00FF0000 >> 16)
 }
 
 // SetVersion sets the version of EDNS. This is usually zero.
 func (rr *OPT) SetVersion(v uint8) {
-	rr.Hdr.Ttl = rr.Hdr.Ttl&0xFF00FFFF | (uint32(v) << 16)
+	rr.Hdr.Ttl = rr.Hdr.Ttl&0xFF00FFFF | uint32(v)<<16
 }
 
 // ExtendedRcode returns the EDNS extended RCODE field (the upper 8 bits of the TTL).
 func (rr *OPT) ExtendedRcode() int {
-	return int((rr.Hdr.Ttl & 0xFF000000) >> 24)
+	return int(rr.Hdr.Ttl&0xFF000000>>24) << 4
 }
 
 // SetExtendedRcode sets the EDNS extended RCODE field.
-func (rr *OPT) SetExtendedRcode(v uint8) {
-	rr.Hdr.Ttl = rr.Hdr.Ttl&0x00FFFFFF | (uint32(v) << 24)
+//
+// If the RCODE is not an extended RCODE, will reset the extended RCODE field to 0.
+func (rr *OPT) SetExtendedRcode(v uint16) {
+	rr.Hdr.Ttl = rr.Hdr.Ttl&0x00FFFFFF | uint32(v>>4)<<24
 }
 
 // UDPSize returns the UDP buffer size.
@@ -151,6 +159,8 @@ type EDNS0 interface {
 	unpack([]byte) error
 	// String returns the string representation of the option.
 	String() string
+	// copy returns a deep-copy of the option.
+	copy() EDNS0
 }
 
 // EDNS0_NSID option is used to retrieve a nameserver
@@ -181,7 +191,8 @@ func (e *EDNS0_NSID) pack() ([]byte, error) {
 // Option implements the EDNS0 interface.
 func (e *EDNS0_NSID) Option() uint16        { return EDNS0NSID } // Option returns the option code.
 func (e *EDNS0_NSID) unpack(b []byte) error { e.Nsid = hex.EncodeToString(b); return nil }
-func (e *EDNS0_NSID) String() string        { return string(e.Nsid) }
+func (e *EDNS0_NSID) String() string        { return e.Nsid }
+func (e *EDNS0_NSID) copy() EDNS0           { return &EDNS0_NSID{e.Code, e.Nsid} }
 
 // EDNS0_SUBNET is the subnet option that is used to give the remote nameserver
 // an idea of where the client lives. See RFC 7871. It can then give back a different
@@ -271,22 +282,16 @@ func (e *EDNS0_SUBNET) unpack(b []byte) error {
 		if e.SourceNetmask > net.IPv4len*8 || e.SourceScope > net.IPv4len*8 {
 			return errors.New("dns: bad netmask")
 		}
-		addr := make([]byte, net.IPv4len)
-		for i := 0; i < net.IPv4len && 4+i < len(b); i++ {
-			addr[i] = b[4+i]
-		}
-		e.Address = net.IPv4(addr[0], addr[1], addr[2], addr[3])
+		addr := make(net.IP, net.IPv4len)
+		copy(addr, b[4:])
+		e.Address = addr.To16()
 	case 2:
 		if e.SourceNetmask > net.IPv6len*8 || e.SourceScope > net.IPv6len*8 {
 			return errors.New("dns: bad netmask")
 		}
-		addr := make([]byte, net.IPv6len)
-		for i := 0; i < net.IPv6len && 4+i < len(b); i++ {
-			addr[i] = b[4+i]
-		}
-		e.Address = net.IP{addr[0], addr[1], addr[2], addr[3], addr[4],
-			addr[5], addr[6], addr[7], addr[8], addr[9], addr[10],
-			addr[11], addr[12], addr[13], addr[14], addr[15]}
+		addr := make(net.IP, net.IPv6len)
+		copy(addr, b[4:])
+		e.Address = addr
 	default:
 		return errors.New("dns: bad address family")
 	}
@@ -305,6 +310,16 @@ func (e *EDNS0_SUBNET) String() (s string) {
 	return
 }
 
+func (e *EDNS0_SUBNET) copy() EDNS0 {
+	return &EDNS0_SUBNET{
+		e.Code,
+		e.Family,
+		e.SourceNetmask,
+		e.SourceScope,
+		e.Address,
+	}
+}
+
 // The EDNS0_COOKIE option is used to add a DNS Cookie to a message.
 //
 //	o := new(dns.OPT)
@@ -340,11 +355,12 @@ func (e *EDNS0_COOKIE) pack() ([]byte, error) {
 func (e *EDNS0_COOKIE) Option() uint16        { return EDNS0COOKIE }
 func (e *EDNS0_COOKIE) unpack(b []byte) error { e.Cookie = hex.EncodeToString(b); return nil }
 func (e *EDNS0_COOKIE) String() string        { return e.Cookie }
+func (e *EDNS0_COOKIE) copy() EDNS0           { return &EDNS0_COOKIE{e.Code, e.Cookie} }
 
 // The EDNS0_UL (Update Lease) (draft RFC) option is used to tell the server to set
 // an expiration on an update RR. This is helpful for clients that cannot clean
 // up after themselves. This is a draft RFC and more information can be found at
-// http://files.dns-sd.org/draft-sekar-dns-ul.txt
+// https://tools.ietf.org/html/draft-sekar-dns-ul-02
 //
 //	o := new(dns.OPT)
 //	o.Hdr.Name = "."
@@ -354,23 +370,36 @@ func (e *EDNS0_COOKIE) String() string        { return e.Cookie }
 //	e.Lease = 120 // in seconds
 //	o.Option = append(o.Option, e)
 type EDNS0_UL struct {
-	Code  uint16 // Always EDNS0UL
-	Lease uint32
+	Code     uint16 // Always EDNS0UL
+	Lease    uint32
+	KeyLease uint32
 }
 
 // Option implements the EDNS0 interface.
 func (e *EDNS0_UL) Option() uint16 { return EDNS0UL }
-func (e *EDNS0_UL) String() string { return strconv.FormatUint(uint64(e.Lease), 10) }
+func (e *EDNS0_UL) String() string { return fmt.Sprintf("%d %d", e.Lease, e.KeyLease) }
+func (e *EDNS0_UL) copy() EDNS0    { return &EDNS0_UL{e.Code, e.Lease, e.KeyLease} }
 
 // Copied: http://golang.org/src/pkg/net/dnsmsg.go
 func (e *EDNS0_UL) pack() ([]byte, error) {
-	b := make([]byte, 4)
+	var b []byte
+	if e.KeyLease == 0 {
+		b = make([]byte, 4)
+	} else {
+		b = make([]byte, 8)
+		binary.BigEndian.PutUint32(b[4:], e.KeyLease)
+	}
 	binary.BigEndian.PutUint32(b, e.Lease)
 	return b, nil
 }
 
 func (e *EDNS0_UL) unpack(b []byte) error {
-	if len(b) < 4 {
+	switch len(b) {
+	case 4:
+		e.KeyLease = 0
+	case 8:
+		e.KeyLease = binary.BigEndian.Uint32(b[4:])
+	default:
 		return ErrBuf
 	}
 	e.Lease = binary.BigEndian.Uint32(b)
@@ -415,10 +444,13 @@ func (e *EDNS0_LLQ) unpack(b []byte) error {
 
 func (e *EDNS0_LLQ) String() string {
 	s := strconv.FormatUint(uint64(e.Version), 10) + " " + strconv.FormatUint(uint64(e.Opcode), 10) +
-		" " + strconv.FormatUint(uint64(e.Error), 10) + " " + strconv.FormatUint(uint64(e.Id), 10) +
+		" " + strconv.FormatUint(uint64(e.Error), 10) + " " + strconv.FormatUint(e.Id, 10) +
 		" " + strconv.FormatUint(uint64(e.LeaseLife), 10)
 	return s
 }
+func (e *EDNS0_LLQ) copy() EDNS0 {
+	return &EDNS0_LLQ{e.Code, e.Version, e.Opcode, e.Error, e.Id, e.LeaseLife}
+}
 
 // EDNS0_DUA implements the EDNS0 "DNSSEC Algorithm Understood" option. See RFC 6975.
 type EDNS0_DAU struct {
@@ -433,15 +465,16 @@ func (e *EDNS0_DAU) unpack(b []byte) error { e.AlgCode = b; return nil }
 
 func (e *EDNS0_DAU) String() string {
 	s := ""
-	for i := 0; i < len(e.AlgCode); i++ {
-		if a, ok := AlgorithmToString[e.AlgCode[i]]; ok {
+	for _, alg := range e.AlgCode {
+		if a, ok := AlgorithmToString[alg]; ok {
 			s += " " + a
 		} else {
-			s += " " + strconv.Itoa(int(e.AlgCode[i]))
+			s += " " + strconv.Itoa(int(alg))
 		}
 	}
 	return s
 }
+func (e *EDNS0_DAU) copy() EDNS0 { return &EDNS0_DAU{e.Code, e.AlgCode} }
 
 // EDNS0_DHU implements the EDNS0 "DS Hash Understood" option. See RFC 6975.
 type EDNS0_DHU struct {
@@ -456,15 +489,16 @@ func (e *EDNS0_DHU) unpack(b []byte) error { e.AlgCode = b; return nil }
 
 func (e *EDNS0_DHU) String() string {
 	s := ""
-	for i := 0; i < len(e.AlgCode); i++ {
-		if a, ok := HashToString[e.AlgCode[i]]; ok {
+	for _, alg := range e.AlgCode {
+		if a, ok := HashToString[alg]; ok {
 			s += " " + a
 		} else {
-			s += " " + strconv.Itoa(int(e.AlgCode[i]))
+			s += " " + strconv.Itoa(int(alg))
 		}
 	}
 	return s
 }
+func (e *EDNS0_DHU) copy() EDNS0 { return &EDNS0_DHU{e.Code, e.AlgCode} }
 
 // EDNS0_N3U implements the EDNS0 "NSEC3 Hash Understood" option. See RFC 6975.
 type EDNS0_N3U struct {
@@ -480,15 +514,16 @@ func (e *EDNS0_N3U) unpack(b []byte) error { e.AlgCode = b; return nil }
 func (e *EDNS0_N3U) String() string {
 	// Re-use the hash map
 	s := ""
-	for i := 0; i < len(e.AlgCode); i++ {
-		if a, ok := HashToString[e.AlgCode[i]]; ok {
+	for _, alg := range e.AlgCode {
+		if a, ok := HashToString[alg]; ok {
 			s += " " + a
 		} else {
-			s += " " + strconv.Itoa(int(e.AlgCode[i]))
+			s += " " + strconv.Itoa(int(alg))
 		}
 	}
 	return s
 }
+func (e *EDNS0_N3U) copy() EDNS0 { return &EDNS0_N3U{e.Code, e.AlgCode} }
 
 // EDNS0_EXPIRE implementes the EDNS0 option as described in RFC 7314.
 type EDNS0_EXPIRE struct {
@@ -499,17 +534,19 @@ type EDNS0_EXPIRE struct {
 // Option implements the EDNS0 interface.
 func (e *EDNS0_EXPIRE) Option() uint16 { return EDNS0EXPIRE }
 func (e *EDNS0_EXPIRE) String() string { return strconv.FormatUint(uint64(e.Expire), 10) }
+func (e *EDNS0_EXPIRE) copy() EDNS0    { return &EDNS0_EXPIRE{e.Code, e.Expire} }
 
 func (e *EDNS0_EXPIRE) pack() ([]byte, error) {
 	b := make([]byte, 4)
-	b[0] = byte(e.Expire >> 24)
-	b[1] = byte(e.Expire >> 16)
-	b[2] = byte(e.Expire >> 8)
-	b[3] = byte(e.Expire)
+	binary.BigEndian.PutUint32(b, e.Expire)
 	return b, nil
 }
 
 func (e *EDNS0_EXPIRE) unpack(b []byte) error {
+	if len(b) == 0 {
+		// zero-length EXPIRE query, see RFC 7314 Section 2
+		return nil
+	}
 	if len(b) < 4 {
 		return ErrBuf
 	}
@@ -540,6 +577,11 @@ func (e *EDNS0_LOCAL) Option() uint16 { return e.Code }
 func (e *EDNS0_LOCAL) String() string {
 	return strconv.FormatInt(int64(e.Code), 10) + ":0x" + hex.EncodeToString(e.Data)
 }
+func (e *EDNS0_LOCAL) copy() EDNS0 {
+	b := make([]byte, len(e.Data))
+	copy(b, e.Data)
+	return &EDNS0_LOCAL{e.Code, b}
+}
 
 func (e *EDNS0_LOCAL) pack() ([]byte, error) {
 	b := make([]byte, len(e.Data))
@@ -612,6 +654,7 @@ func (e *EDNS0_TCP_KEEPALIVE) String() (s string) {
 	}
 	return
 }
+func (e *EDNS0_TCP_KEEPALIVE) copy() EDNS0 { return &EDNS0_TCP_KEEPALIVE{e.Code, e.Length, e.Timeout} }
 
 // EDNS0_PADDING option is used to add padding to a request/response. The default
 // value of padding SHOULD be 0x0 but other values MAY be used, for instance if
@@ -625,3 +668,8 @@ func (e *EDNS0_PADDING) Option() uint16        { return EDNS0PADDING }
 func (e *EDNS0_PADDING) pack() ([]byte, error) { return e.Padding, nil }
 func (e *EDNS0_PADDING) unpack(b []byte) error { e.Padding = b; return nil }
 func (e *EDNS0_PADDING) String() string        { return fmt.Sprintf("%0X", e.Padding) }
+func (e *EDNS0_PADDING) copy() EDNS0 {
+	b := make([]byte, len(e.Padding))
+	copy(b, e.Padding)
+	return &EDNS0_PADDING{b}
+}
diff --git a/vendor/github.com/miekg/dns/format.go b/vendor/github.com/miekg/dns/format.go
index 3f5303c201382..0ec79f2fc1260 100644
--- a/vendor/github.com/miekg/dns/format.go
+++ b/vendor/github.com/miekg/dns/format.go
@@ -20,7 +20,7 @@ func Field(r RR, i int) string {
 		return ""
 	}
 	d := reflect.ValueOf(r).Elem().Field(i)
-	switch k := d.Kind(); k {
+	switch d.Kind() {
 	case reflect.String:
 		return d.String()
 	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
@@ -31,6 +31,9 @@ func Field(r RR, i int) string {
 		switch reflect.ValueOf(r).Elem().Type().Field(i).Tag {
 		case `dns:"a"`:
 			// TODO(miek): Hmm store this as 16 bytes
+			if d.Len() < net.IPv4len {
+				return ""
+			}
 			if d.Len() < net.IPv6len {
 				return net.IPv4(byte(d.Index(0).Uint()),
 					byte(d.Index(1).Uint()),
@@ -42,6 +45,9 @@ func Field(r RR, i int) string {
 				byte(d.Index(14).Uint()),
 				byte(d.Index(15).Uint())).String()
 		case `dns:"aaaa"`:
+			if d.Len() < net.IPv6len {
+				return ""
+			}
 			return net.IP{
 				byte(d.Index(0).Uint()),
 				byte(d.Index(1).Uint()),
diff --git a/vendor/github.com/miekg/dns/fuzz.go b/vendor/github.com/miekg/dns/fuzz.go
index a8a09184d4049..57410acda75ee 100644
--- a/vendor/github.com/miekg/dns/fuzz.go
+++ b/vendor/github.com/miekg/dns/fuzz.go
@@ -2,6 +2,8 @@
 
 package dns
 
+import "strings"
+
 func Fuzz(data []byte) int {
 	msg := new(Msg)
 
@@ -16,7 +18,14 @@ func Fuzz(data []byte) int {
 }
 
 func FuzzNewRR(data []byte) int {
-	if _, err := NewRR(string(data)); err != nil {
+	str := string(data)
+	// Do not fuzz lines that include the $INCLUDE keyword and hint the fuzzer
+	// at avoiding them.
+	// See GH#1025 for context.
+	if strings.Contains(strings.ToUpper(str), "$INCLUDE") {
+		return -1
+	}
+	if _, err := NewRR(str); err != nil {
 		return 0
 	}
 	return 1
diff --git a/vendor/github.com/miekg/dns/generate.go b/vendor/github.com/miekg/dns/generate.go
index e4481a4b0d8d8..f7e91a23f7b49 100644
--- a/vendor/github.com/miekg/dns/generate.go
+++ b/vendor/github.com/miekg/dns/generate.go
@@ -2,8 +2,8 @@ package dns
 
 import (
 	"bytes"
-	"errors"
 	"fmt"
+	"io"
 	"strconv"
 	"strings"
 )
@@ -18,142 +18,230 @@ import (
 // * rhs (rdata)
 // But we are lazy here, only the range is parsed *all* occurrences
 // of $ after that are interpreted.
-// Any error are returned as a string value, the empty string signals
-// "no error".
-func generate(l lex, c chan lex, t chan *Token, o string) string {
+func (zp *ZoneParser) generate(l lex) (RR, bool) {
+	token := l.token
 	step := 1
-	if i := strings.IndexAny(l.token, "/"); i != -1 {
-		if i+1 == len(l.token) {
-			return "bad step in $GENERATE range"
+	if i := strings.IndexByte(token, '/'); i >= 0 {
+		if i+1 == len(token) {
+			return zp.setParseError("bad step in $GENERATE range", l)
 		}
-		if s, err := strconv.Atoi(l.token[i+1:]); err == nil {
-			if s < 0 {
-				return "bad step in $GENERATE range"
-			}
-			step = s
-		} else {
-			return "bad step in $GENERATE range"
+
+		s, err := strconv.Atoi(token[i+1:])
+		if err != nil || s <= 0 {
+			return zp.setParseError("bad step in $GENERATE range", l)
 		}
-		l.token = l.token[:i]
+
+		step = s
+		token = token[:i]
 	}
-	sx := strings.SplitN(l.token, "-", 2)
+
+	sx := strings.SplitN(token, "-", 2)
 	if len(sx) != 2 {
-		return "bad start-stop in $GENERATE range"
+		return zp.setParseError("bad start-stop in $GENERATE range", l)
 	}
+
 	start, err := strconv.Atoi(sx[0])
 	if err != nil {
-		return "bad start in $GENERATE range"
+		return zp.setParseError("bad start in $GENERATE range", l)
 	}
+
 	end, err := strconv.Atoi(sx[1])
 	if err != nil {
-		return "bad stop in $GENERATE range"
+		return zp.setParseError("bad stop in $GENERATE range", l)
+	}
+	if end < 0 || start < 0 || end < start || (end-start)/step > 65535 {
+		return zp.setParseError("bad range in $GENERATE range", l)
 	}
-	if end < 0 || start < 0 || end < start {
-		return "bad range in $GENERATE range"
+
+	// _BLANK
+	l, ok := zp.c.Next()
+	if !ok || l.value != zBlank {
+		return zp.setParseError("garbage after $GENERATE range", l)
 	}
 
-	<-c // _BLANK
 	// Create a complete new string, which we then parse again.
-	s := ""
-BuildRR:
-	l = <-c
-	if l.value != zNewline && l.value != zEOF {
+	var s string
+	for l, ok := zp.c.Next(); ok; l, ok = zp.c.Next() {
+		if l.err {
+			return zp.setParseError("bad data in $GENERATE directive", l)
+		}
+		if l.value == zNewline {
+			break
+		}
+
 		s += l.token
-		goto BuildRR
-	}
-	for i := start; i <= end; i += step {
-		var (
-			escape bool
-			dom    bytes.Buffer
-			mod    string
-			err    error
-			offset int
-		)
-
-		for j := 0; j < len(s); j++ { // No 'range' because we need to jump around
-			switch s[j] {
-			case '\\':
-				if escape {
-					dom.WriteByte('\\')
-					escape = false
-					continue
-				}
-				escape = true
-			case '$':
-				mod = "%d"
-				offset = 0
-				if escape {
-					dom.WriteByte('$')
-					escape = false
-					continue
-				}
-				escape = false
-				if j+1 >= len(s) { // End of the string
-					dom.WriteString(fmt.Sprintf(mod, i+offset))
-					continue
-				} else {
-					if s[j+1] == '$' {
-						dom.WriteByte('$')
-						j++
-						continue
-					}
-				}
-				// Search for { and }
-				if s[j+1] == '{' { // Modifier block
-					sep := strings.Index(s[j+2:], "}")
-					if sep == -1 {
-						return "bad modifier in $GENERATE"
-					}
-					mod, offset, err = modToPrintf(s[j+2 : j+2+sep])
-					if err != nil {
-						return err.Error()
-					}
-					j += 2 + sep // Jump to it
-				}
-				dom.WriteString(fmt.Sprintf(mod, i+offset))
-			default:
-				if escape { // Pretty useless here
-					escape = false
-					continue
-				}
-				dom.WriteByte(s[j])
+	}
+
+	r := &generateReader{
+		s: s,
+
+		cur:   start,
+		start: start,
+		end:   end,
+		step:  step,
+
+		file: zp.file,
+		lex:  &l,
+	}
+	zp.sub = NewZoneParser(r, zp.origin, zp.file)
+	zp.sub.includeDepth, zp.sub.includeAllowed = zp.includeDepth, zp.includeAllowed
+	zp.sub.generateDisallowed = true
+	zp.sub.SetDefaultTTL(defaultTtl)
+	return zp.subNext()
+}
+
+type generateReader struct {
+	s  string
+	si int
+
+	cur   int
+	start int
+	end   int
+	step  int
+
+	mod bytes.Buffer
+
+	escape bool
+
+	eof bool
+
+	file string
+	lex  *lex
+}
+
+func (r *generateReader) parseError(msg string, end int) *ParseError {
+	r.eof = true // Make errors sticky.
+
+	l := *r.lex
+	l.token = r.s[r.si-1 : end]
+	l.column += r.si // l.column starts one zBLANK before r.s
+
+	return &ParseError{r.file, msg, l}
+}
+
+func (r *generateReader) Read(p []byte) (int, error) {
+	// NewZLexer, through NewZoneParser, should use ReadByte and
+	// not end up here.
+
+	panic("not implemented")
+}
+
+func (r *generateReader) ReadByte() (byte, error) {
+	if r.eof {
+		return 0, io.EOF
+	}
+	if r.mod.Len() > 0 {
+		return r.mod.ReadByte()
+	}
+
+	if r.si >= len(r.s) {
+		r.si = 0
+		r.cur += r.step
+
+		r.eof = r.cur > r.end || r.cur < 0
+		return '\n', nil
+	}
+
+	si := r.si
+	r.si++
+
+	switch r.s[si] {
+	case '\\':
+		if r.escape {
+			r.escape = false
+			return '\\', nil
+		}
+
+		r.escape = true
+		return r.ReadByte()
+	case '$':
+		if r.escape {
+			r.escape = false
+			return '$', nil
+		}
+
+		mod := "%d"
+
+		if si >= len(r.s)-1 {
+			// End of the string
+			fmt.Fprintf(&r.mod, mod, r.cur)
+			return r.mod.ReadByte()
+		}
+
+		if r.s[si+1] == '$' {
+			r.si++
+			return '$', nil
+		}
+
+		var offset int
+
+		// Search for { and }
+		if r.s[si+1] == '{' {
+			// Modifier block
+			sep := strings.Index(r.s[si+2:], "}")
+			if sep < 0 {
+				return 0, r.parseError("bad modifier in $GENERATE", len(r.s))
 			}
+
+			var errMsg string
+			mod, offset, errMsg = modToPrintf(r.s[si+2 : si+2+sep])
+			if errMsg != "" {
+				return 0, r.parseError(errMsg, si+3+sep)
+			}
+			if r.start+offset < 0 || r.end+offset > 1<<31-1 {
+				return 0, r.parseError("bad offset in $GENERATE", si+3+sep)
+			}
+
+			r.si += 2 + sep // Jump to it
 		}
-		// Re-parse the RR and send it on the current channel t
-		rx, err := NewRR("$ORIGIN " + o + "\n" + dom.String())
-		if err != nil {
-			return err.Error()
+
+		fmt.Fprintf(&r.mod, mod, r.cur+offset)
+		return r.mod.ReadByte()
+	default:
+		if r.escape { // Pretty useless here
+			r.escape = false
+			return r.ReadByte()
 		}
-		t <- &Token{RR: rx}
-		// Its more efficient to first built the rrlist and then parse it in
-		// one go! But is this a problem?
+
+		return r.s[si], nil
 	}
-	return ""
 }
 
 // Convert a $GENERATE modifier 0,0,d to something Printf can deal with.
-func modToPrintf(s string) (string, int, error) {
-	xs := strings.SplitN(s, ",", 3)
-	if len(xs) != 3 {
-		return "", 0, errors.New("bad modifier in $GENERATE")
-	}
-	// xs[0] is offset, xs[1] is width, xs[2] is base
-	if xs[2] != "o" && xs[2] != "d" && xs[2] != "x" && xs[2] != "X" {
-		return "", 0, errors.New("bad base in $GENERATE")
-	}
-	offset, err := strconv.Atoi(xs[0])
-	if err != nil || offset > 255 {
-		return "", 0, errors.New("bad offset in $GENERATE")
-	}
-	width, err := strconv.Atoi(xs[1])
-	if err != nil || width > 255 {
-		return "", offset, errors.New("bad width in $GENERATE")
-	}
-	switch {
-	case width < 0:
-		return "", offset, errors.New("bad width in $GENERATE")
-	case width == 0:
-		return "%" + xs[1] + xs[2], offset, nil
-	}
-	return "%0" + xs[1] + xs[2], offset, nil
+func modToPrintf(s string) (string, int, string) {
+	// Modifier is { offset [ ,width [ ,base ] ] } - provide default
+	// values for optional width and type, if necessary.
+	var offStr, widthStr, base string
+	switch xs := strings.Split(s, ","); len(xs) {
+	case 1:
+		offStr, widthStr, base = xs[0], "0", "d"
+	case 2:
+		offStr, widthStr, base = xs[0], xs[1], "d"
+	case 3:
+		offStr, widthStr, base = xs[0], xs[1], xs[2]
+	default:
+		return "", 0, "bad modifier in $GENERATE"
+	}
+
+	switch base {
+	case "o", "d", "x", "X":
+	default:
+		return "", 0, "bad base in $GENERATE"
+	}
+
+	offset, err := strconv.Atoi(offStr)
+	if err != nil {
+		return "", 0, "bad offset in $GENERATE"
+	}
+
+	width, err := strconv.Atoi(widthStr)
+	if err != nil || width < 0 || width > 255 {
+		return "", 0, "bad width in $GENERATE"
+	}
+
+	if width == 0 {
+		return "%" + base, offset, ""
+	}
+
+	return "%0" + widthStr + base, offset, ""
 }
diff --git a/vendor/github.com/miekg/dns/go.mod b/vendor/github.com/miekg/dns/go.mod
new file mode 100644
index 0000000000000..6003d0573c6eb
--- /dev/null
+++ b/vendor/github.com/miekg/dns/go.mod
@@ -0,0 +1,11 @@
+module github.com/miekg/dns
+
+go 1.12
+
+require (
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
+	golang.org/x/net v0.0.0-20190923162816-aa69164e4478
+	golang.org/x/sync v0.0.0-20190423024810-112230192c58
+	golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe
+	golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 // indirect
+)
diff --git a/vendor/github.com/miekg/dns/labels.go b/vendor/github.com/miekg/dns/labels.go
index 760b89e7114f3..10d824718a01a 100644
--- a/vendor/github.com/miekg/dns/labels.go
+++ b/vendor/github.com/miekg/dns/labels.go
@@ -16,7 +16,7 @@ func SplitDomainName(s string) (labels []string) {
 	fqdnEnd := 0 // offset of the final '.' or the length of the name
 	idx := Split(s)
 	begin := 0
-	if s[len(s)-1] == '.' {
+	if IsFqdn(s) {
 		fqdnEnd = len(s) - 1
 	} else {
 		fqdnEnd = len(s)
@@ -28,16 +28,13 @@ func SplitDomainName(s string) (labels []string) {
 	case 1:
 		// no-op
 	default:
-		end := 0
-		for i := 1; i < len(idx); i++ {
-			end = idx[i]
+		for _, end := range idx[1:] {
 			labels = append(labels, s[begin:end-1])
 			begin = end
 		}
 	}
 
-	labels = append(labels, s[begin:fqdnEnd])
-	return labels
+	return append(labels, s[begin:fqdnEnd])
 }
 
 // CompareDomainName compares the names s1 and s2 and
@@ -129,20 +126,23 @@ func Split(s string) []int {
 // The bool end is true when the end of the string has been reached.
 // Also see PrevLabel.
 func NextLabel(s string, offset int) (i int, end bool) {
-	quote := false
+	if s == "" {
+		return 0, true
+	}
 	for i = offset; i < len(s)-1; i++ {
-		switch s[i] {
-		case '\\':
-			quote = !quote
-		default:
-			quote = false
-		case '.':
-			if quote {
-				quote = !quote
-				continue
-			}
-			return i + 1, false
+		if s[i] != '.' {
+			continue
+		}
+		j := i - 1
+		for j >= 0 && s[j] == '\\' {
+			j--
+		}
+
+		if (j-i)%2 == 0 {
+			continue
 		}
+
+		return i + 1, false
 	}
 	return i + 1, true
 }
@@ -152,17 +152,38 @@ func NextLabel(s string, offset int) (i int, end bool) {
 // The bool start is true when the start of the string has been overshot.
 // Also see NextLabel.
 func PrevLabel(s string, n int) (i int, start bool) {
+	if s == "" {
+		return 0, true
+	}
 	if n == 0 {
 		return len(s), false
 	}
-	lab := Split(s)
-	if lab == nil {
-		return 0, true
+
+	l := len(s) - 1
+	if s[l] == '.' {
+		l--
 	}
-	if n > len(lab) {
-		return 0, true
+
+	for ; l >= 0 && n > 0; l-- {
+		if s[l] != '.' {
+			continue
+		}
+		j := l - 1
+		for j >= 0 && s[j] == '\\' {
+			j--
+		}
+
+		if (j-l)%2 == 0 {
+			continue
+		}
+
+		n--
+		if n == 0 {
+			return l + 1, false
+		}
 	}
-	return lab[len(lab)-n], false
+
+	return 0, n > 1
 }
 
 // equal compares a and b while ignoring case. It returns true when equal otherwise false.
@@ -178,10 +199,10 @@ func equal(a, b string) bool {
 		ai := a[i]
 		bi := b[i]
 		if ai >= 'A' && ai <= 'Z' {
-			ai |= ('a' - 'A')
+			ai |= 'a' - 'A'
 		}
 		if bi >= 'A' && bi <= 'Z' {
-			bi |= ('a' - 'A')
+			bi |= 'a' - 'A'
 		}
 		if ai != bi {
 			return false
diff --git a/vendor/github.com/miekg/dns/listen_go111.go b/vendor/github.com/miekg/dns/listen_go111.go
new file mode 100644
index 0000000000000..fad195cfeb4d8
--- /dev/null
+++ b/vendor/github.com/miekg/dns/listen_go111.go
@@ -0,0 +1,44 @@
+// +build go1.11
+// +build aix darwin dragonfly freebsd linux netbsd openbsd
+
+package dns
+
+import (
+	"context"
+	"net"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+const supportsReusePort = true
+
+func reuseportControl(network, address string, c syscall.RawConn) error {
+	var opErr error
+	err := c.Control(func(fd uintptr) {
+		opErr = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1)
+	})
+	if err != nil {
+		return err
+	}
+
+	return opErr
+}
+
+func listenTCP(network, addr string, reuseport bool) (net.Listener, error) {
+	var lc net.ListenConfig
+	if reuseport {
+		lc.Control = reuseportControl
+	}
+
+	return lc.Listen(context.Background(), network, addr)
+}
+
+func listenUDP(network, addr string, reuseport bool) (net.PacketConn, error) {
+	var lc net.ListenConfig
+	if reuseport {
+		lc.Control = reuseportControl
+	}
+
+	return lc.ListenPacket(context.Background(), network, addr)
+}
diff --git a/vendor/github.com/miekg/dns/listen_go_not111.go b/vendor/github.com/miekg/dns/listen_go_not111.go
new file mode 100644
index 0000000000000..b9201417abebd
--- /dev/null
+++ b/vendor/github.com/miekg/dns/listen_go_not111.go
@@ -0,0 +1,23 @@
+// +build !go1.11 !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd
+
+package dns
+
+import "net"
+
+const supportsReusePort = false
+
+func listenTCP(network, addr string, reuseport bool) (net.Listener, error) {
+	if reuseport {
+		// TODO(tmthrgd): return an error?
+	}
+
+	return net.Listen(network, addr)
+}
+
+func listenUDP(network, addr string, reuseport bool) (net.PacketConn, error) {
+	if reuseport {
+		// TODO(tmthrgd): return an error?
+	}
+
+	return net.ListenPacket(network, addr)
+}
diff --git a/vendor/github.com/miekg/dns/msg.go b/vendor/github.com/miekg/dns/msg.go
index dcd3b6a5e1675..293813005ab25 100644
--- a/vendor/github.com/miekg/dns/msg.go
+++ b/vendor/github.com/miekg/dns/msg.go
@@ -9,21 +9,41 @@
 package dns
 
 //go:generate go run msg_generate.go
-//go:generate go run compress_generate.go
 
 import (
-	crand "crypto/rand"
+	"crypto/rand"
 	"encoding/binary"
 	"fmt"
 	"math/big"
-	"math/rand"
 	"strconv"
-	"sync"
+	"strings"
 )
 
 const (
 	maxCompressionOffset    = 2 << 13 // We have 14 bits for the compression pointer
 	maxDomainNameWireOctets = 255     // See RFC 1035 section 2.3.4
+
+	// This is the maximum number of compression pointers that should occur in a
+	// semantically valid message. Each label in a domain name must be at least one
+	// octet and is separated by a period. The root label won't be represented by a
+	// compression pointer to a compression pointer, hence the -2 to exclude the
+	// smallest valid root label.
+	//
+	// It is possible to construct a valid message that has more compression pointers
+	// than this, and still doesn't loop, by pointing to a previous pointer. This is
+	// not something a well written implementation should ever do, so we leave them
+	// to trip the maximum compression pointer check.
+	maxCompressionPointers = (maxDomainNameWireOctets+1)/2 - 2
+
+	// This is the maximum length of a domain name in presentation format. The
+	// maximum wire length of a domain name is 255 octets (see above), with the
+	// maximum label length being 63. The wire format requires one extra byte over
+	// the presentation format, reducing the number of octets by 1. Each label in
+	// the name will be separated by a single period, with each octet in the label
+	// expanding to at most 4 bytes (\DDD). If all other labels are of the maximum
+	// length, then the final label can only be 61 octets long to not exceed the
+	// maximum allowed wire length.
+	maxDomainNamePresentationLength = 61*4 + 1 + 63*4 + 1 + 63*4 + 1 + 63*4 + 1
 )
 
 // Errors defined in this package.
@@ -46,59 +66,28 @@ var (
 	ErrRRset         error = &Error{err: "bad rrset"}
 	ErrSecret        error = &Error{err: "no secrets defined"}
 	ErrShortRead     error = &Error{err: "short read"}
-	ErrSig           error = &Error{err: "bad signature"}                      // ErrSig indicates that a signature can not be cryptographically validated.
-	ErrSoa           error = &Error{err: "no SOA"}                             // ErrSOA indicates that no SOA RR was seen when doing zone transfers.
-	ErrTime          error = &Error{err: "bad time"}                           // ErrTime indicates a timing error in TSIG authentication.
-	ErrTruncated     error = &Error{err: "failed to unpack truncated message"} // ErrTruncated indicates that we failed to unpack a truncated message. We unpacked as much as we had so Msg can still be used, if desired.
+	ErrSig           error = &Error{err: "bad signature"} // ErrSig indicates that a signature can not be cryptographically validated.
+	ErrSoa           error = &Error{err: "no SOA"}        // ErrSOA indicates that no SOA RR was seen when doing zone transfers.
+	ErrTime          error = &Error{err: "bad time"}      // ErrTime indicates a timing error in TSIG authentication.
 )
 
-// Id by default, returns a 16 bits random number to be used as a
-// message id. The random provided should be good enough. This being a
-// variable the function can be reassigned to a custom function.
-// For instance, to make it return a static value:
+// Id by default returns a 16-bit random number to be used as a message id. The
+// number is drawn from a cryptographically secure random number generator.
+// This being a variable the function can be reassigned to a custom function.
+// For instance, to make it return a static value for testing:
 //
 //	dns.Id = func() uint16 { return 3 }
 var Id = id
 
-var (
-	idLock sync.Mutex
-	idRand *rand.Rand
-)
-
 // id returns a 16 bits random number to be used as a
 // message id. The random provided should be good enough.
 func id() uint16 {
-	idLock.Lock()
-
-	if idRand == nil {
-		// This (partially) works around
-		// https://github.com/golang/go/issues/11833 by only
-		// seeding idRand upon the first call to id.
-
-		var seed int64
-		var buf [8]byte
-
-		if _, err := crand.Read(buf[:]); err == nil {
-			seed = int64(binary.LittleEndian.Uint64(buf[:]))
-		} else {
-			seed = rand.Int63()
-		}
-
-		idRand = rand.New(rand.NewSource(seed))
+	var output uint16
+	err := binary.Read(rand.Reader, binary.BigEndian, &output)
+	if err != nil {
+		panic("dns: reading random id failed: " + err.Error())
 	}
-
-	// The call to idRand.Uint32 must be within the
-	// mutex lock because *rand.Rand is not safe for
-	// concurrent use.
-	//
-	// There is no added performance overhead to calling
-	// idRand.Uint32 inside a mutex lock over just
-	// calling rand.Uint32 as the global math/rand rng
-	// is internally protected by a sync.Mutex.
-	id := uint16(idRand.Uint32())
-
-	idLock.Unlock()
-	return id
+	return output
 }
 
 // MsgHdr is a a manually-unpacked version of (id, bits).
@@ -151,7 +140,7 @@ var RcodeToString = map[int]string{
 	RcodeFormatError:    "FORMERR",
 	RcodeServerFailure:  "SERVFAIL",
 	RcodeNameError:      "NXDOMAIN",
-	RcodeNotImplemented: "NOTIMPL",
+	RcodeNotImplemented: "NOTIMP",
 	RcodeRefused:        "REFUSED",
 	RcodeYXDomain:       "YXDOMAIN", // See RFC 2136
 	RcodeYXRrset:        "YXRRSET",
@@ -169,6 +158,39 @@ var RcodeToString = map[int]string{
 	RcodeBadCookie: "BADCOOKIE",
 }
 
+// compressionMap is used to allow a more efficient compression map
+// to be used for internal packDomainName calls without changing the
+// signature or functionality of public API.
+//
+// In particular, map[string]uint16 uses 25% less per-entry memory
+// than does map[string]int.
+type compressionMap struct {
+	ext map[string]int    // external callers
+	int map[string]uint16 // internal callers
+}
+
+func (m compressionMap) valid() bool {
+	return m.int != nil || m.ext != nil
+}
+
+func (m compressionMap) insert(s string, pos int) {
+	if m.ext != nil {
+		m.ext[s] = pos
+	} else {
+		m.int[s] = uint16(pos)
+	}
+}
+
+func (m compressionMap) find(s string) (int, bool) {
+	if m.ext != nil {
+		pos, ok := m.ext[s]
+		return pos, ok
+	}
+
+	pos, ok := m.int[s]
+	return int(pos), ok
+}
+
 // Domain names are a sequence of counted strings
 // split at the dots. They end with a zero-length string.
 
@@ -177,143 +199,156 @@ var RcodeToString = map[int]string{
 // map needs to hold a mapping between domain names and offsets
 // pointing into msg.
 func PackDomainName(s string, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error) {
-	off1, _, err = packDomainName(s, msg, off, compression, compress)
-	return
+	return packDomainName(s, msg, off, compressionMap{ext: compression}, compress)
 }
 
-func packDomainName(s string, msg []byte, off int, compression map[string]int, compress bool) (off1 int, labels int, err error) {
-	// special case if msg == nil
-	lenmsg := 256
-	if msg != nil {
-		lenmsg = len(msg)
-	}
+func packDomainName(s string, msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	// XXX: A logical copy of this function exists in IsDomainName and
+	// should be kept in sync with this function.
+
 	ls := len(s)
 	if ls == 0 { // Ok, for instance when dealing with update RR without any rdata.
-		return off, 0, nil
-	}
-	// If not fully qualified, error out, but only if msg == nil #ugly
-	switch {
-	case msg == nil:
-		if s[ls-1] != '.' {
-			s += "."
-			ls++
-		}
-	case msg != nil:
-		if s[ls-1] != '.' {
-			return lenmsg, 0, ErrFqdn
-		}
+		return off, nil
+	}
+
+	// If not fully qualified, error out.
+	if !IsFqdn(s) {
+		return len(msg), ErrFqdn
 	}
+
 	// Each dot ends a segment of the name.
 	// We trade each dot byte for a length byte.
 	// Except for escaped dots (\.), which are normal dots.
 	// There is also a trailing zero.
 
 	// Compression
-	nameoffset := -1
 	pointer := -1
+
 	// Emit sequence of counted strings, chopping at dots.
-	begin := 0
-	bs := []byte(s)
-	roBs, bsFresh, escapedDot := s, true, false
+	var (
+		begin     int
+		compBegin int
+		compOff   int
+		bs        []byte
+		wasDot    bool
+	)
+loop:
 	for i := 0; i < ls; i++ {
-		if bs[i] == '\\' {
-			for j := i; j < ls-1; j++ {
-				bs[j] = bs[j+1]
+		var c byte
+		if bs == nil {
+			c = s[i]
+		} else {
+			c = bs[i]
+		}
+
+		switch c {
+		case '\\':
+			if off+1 > len(msg) {
+				return len(msg), ErrBuf
 			}
-			ls--
-			if off+1 > lenmsg {
-				return lenmsg, labels, ErrBuf
+
+			if bs == nil {
+				bs = []byte(s)
 			}
+
 			// check for \DDD
-			if i+2 < ls && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) {
-				bs[i] = dddToByte(bs[i:])
-				for j := i + 1; j < ls-2; j++ {
-					bs[j] = bs[j+2]
-				}
-				ls -= 2
+			if i+3 < ls && isDigit(bs[i+1]) && isDigit(bs[i+2]) && isDigit(bs[i+3]) {
+				bs[i] = dddToByte(bs[i+1:])
+				copy(bs[i+1:ls-3], bs[i+4:])
+				ls -= 3
+				compOff += 3
+			} else {
+				copy(bs[i:ls-1], bs[i+1:])
+				ls--
+				compOff++
 			}
-			escapedDot = bs[i] == '.'
-			bsFresh = false
-			continue
-		}
 
-		if bs[i] == '.' {
-			if i > 0 && bs[i-1] == '.' && !escapedDot {
+			wasDot = false
+		case '.':
+			if wasDot {
 				// two dots back to back is not legal
-				return lenmsg, labels, ErrRdata
+				return len(msg), ErrRdata
 			}
-			if i-begin >= 1<<6 { // top two bits of length must be clear
-				return lenmsg, labels, ErrRdata
+			wasDot = true
+
+			labelLen := i - begin
+			if labelLen >= 1<<6 { // top two bits of length must be clear
+				return len(msg), ErrRdata
 			}
+
 			// off can already (we're in a loop) be bigger than len(msg)
 			// this happens when a name isn't fully qualified
-			if off+1 > lenmsg {
-				return lenmsg, labels, ErrBuf
-			}
-			if msg != nil {
-				msg[off] = byte(i - begin)
-			}
-			offset := off
-			off++
-			for j := begin; j < i; j++ {
-				if off+1 > lenmsg {
-					return lenmsg, labels, ErrBuf
-				}
-				if msg != nil {
-					msg[off] = bs[j]
-				}
-				off++
-			}
-			if compress && !bsFresh {
-				roBs = string(bs)
-				bsFresh = true
+			if off+1+labelLen > len(msg) {
+				return len(msg), ErrBuf
 			}
+
 			// Don't try to compress '.'
-			// We should only compress when compress it true, but we should also still pick
+			// We should only compress when compress is true, but we should also still pick
 			// up names that can be used for *future* compression(s).
-			if compression != nil && roBs[begin:] != "." {
-				if p, ok := compression[roBs[begin:]]; !ok {
-					// Only offsets smaller than this can be used.
-					if offset < maxCompressionOffset {
-						compression[roBs[begin:]] = offset
-					}
-				} else {
+			if compression.valid() && !isRootLabel(s, bs, begin, ls) {
+				if p, ok := compression.find(s[compBegin:]); ok {
 					// The first hit is the longest matching dname
 					// keep the pointer offset we get back and store
 					// the offset of the current name, because that's
 					// where we need to insert the pointer later
 
 					// If compress is true, we're allowed to compress this dname
-					if pointer == -1 && compress {
-						pointer = p         // Where to point to
-						nameoffset = offset // Where to point from
-						break
+					if compress {
+						pointer = p // Where to point to
+						break loop
 					}
+				} else if off < maxCompressionOffset {
+					// Only offsets smaller than maxCompressionOffset can be used.
+					compression.insert(s[compBegin:], off)
 				}
 			}
-			labels++
+
+			// The following is covered by the length check above.
+			msg[off] = byte(labelLen)
+
+			if bs == nil {
+				copy(msg[off+1:], s[begin:i])
+			} else {
+				copy(msg[off+1:], bs[begin:i])
+			}
+			off += 1 + labelLen
+
 			begin = i + 1
+			compBegin = begin + compOff
+		default:
+			wasDot = false
 		}
-		escapedDot = false
 	}
+
 	// Root label is special
-	if len(bs) == 1 && bs[0] == '.' {
-		return off, labels, nil
+	if isRootLabel(s, bs, 0, ls) {
+		return off, nil
 	}
+
 	// If we did compression and we find something add the pointer here
 	if pointer != -1 {
 		// We have two bytes (14 bits) to put the pointer in
-		// if msg == nil, we will never do compression
-		binary.BigEndian.PutUint16(msg[nameoffset:], uint16(pointer^0xC000))
-		off = nameoffset + 1
-		goto End
+		binary.BigEndian.PutUint16(msg[off:], uint16(pointer^0xC000))
+		return off + 2, nil
 	}
-	if msg != nil && off < len(msg) {
+
+	if off < len(msg) {
 		msg[off] = 0
 	}
-End:
-	off++
-	return off, labels, nil
+
+	return off + 1, nil
+}
+
+// isRootLabel returns whether s or bs, from off to end, is the root
+// label ".".
+//
+// If bs is nil, s will be checked, otherwise bs will be checked.
+func isRootLabel(s string, bs []byte, off, end int) bool {
+	if bs == nil {
+		return s[off:end] == "."
+	}
+
+	return end-off == 1 && bs[off] == '.'
 }
 
 // Unpack a domain name.
@@ -330,12 +365,16 @@ End:
 // In theory, the pointers are only allowed to jump backward.
 // We let them jump anywhere and stop jumping after a while.
 
-// UnpackDomainName unpacks a domain name into a string.
+// UnpackDomainName unpacks a domain name into a string. It returns
+// the name, the new offset into msg and any error that occurred.
+//
+// When an error is encountered, the unpacked name will be discarded
+// and len(msg) will be returned as the offset.
 func UnpackDomainName(msg []byte, off int) (string, int, error) {
-	s := make([]byte, 0, 64)
+	s := make([]byte, 0, maxDomainNamePresentationLength)
 	off1 := 0
 	lenmsg := len(msg)
-	maxLen := maxDomainNameWireOctets
+	budget := maxDomainNameWireOctets
 	ptr := 0 // number of pointers followed
 Loop:
 	for {
@@ -354,27 +393,19 @@ Loop:
 			if off+c > lenmsg {
 				return "", lenmsg, ErrBuf
 			}
-			for j := off; j < off+c; j++ {
-				switch b := msg[j]; b {
+			budget -= c + 1 // +1 for the label separator
+			if budget <= 0 {
+				return "", lenmsg, ErrLongDomain
+			}
+			for _, b := range msg[off : off+c] {
+				switch b {
 				case '.', '(', ')', ';', ' ', '@':
 					fallthrough
 				case '"', '\\':
 					s = append(s, '\\', b)
-					// presentation-format \X escapes add an extra byte
-					maxLen++
 				default:
-					if b < 32 || b >= 127 { // unprintable, use \DDD
-						var buf [3]byte
-						bufs := strconv.AppendInt(buf[:0], int64(b), 10)
-						s = append(s, '\\')
-						for i := 0; i < 3-len(bufs); i++ {
-							s = append(s, '0')
-						}
-						for _, r := range bufs {
-							s = append(s, r)
-						}
-						// presentation-format \DDD escapes add 3 extra bytes
-						maxLen += 3
+					if b < ' ' || b > '~' { // unprintable, use \DDD
+						s = append(s, escapeByte(b)...)
 					} else {
 						s = append(s, b)
 					}
@@ -396,7 +427,7 @@ Loop:
 			if ptr == 0 {
 				off1 = off
 			}
-			if ptr++; ptr > 10 {
+			if ptr++; ptr > maxCompressionPointers {
 				return "", lenmsg, &Error{err: "too many compression pointers"}
 			}
 			// pointer should guarantee that it advances and points forwards at least
@@ -412,10 +443,7 @@ Loop:
 		off1 = off
 	}
 	if len(s) == 0 {
-		s = []byte(".")
-	} else if len(s) >= maxLen {
-		// error if the name is too long, but don't throw it away
-		return string(s), lenmsg, ErrLongDomain
+		return ".", off1, nil
 	}
 	return string(s), off1, nil
 }
@@ -429,11 +457,11 @@ func packTxt(txt []string, msg []byte, offset int, tmp []byte) (int, error) {
 		return offset, nil
 	}
 	var err error
-	for i := range txt {
-		if len(txt[i]) > len(tmp) {
+	for _, s := range txt {
+		if len(s) > len(tmp) {
 			return offset, ErrBuf
 		}
-		offset, err = packTxtString(txt[i], msg, offset, tmp)
+		offset, err = packTxtString(s, msg, offset, tmp)
 		if err != nil {
 			return offset, err
 		}
@@ -512,7 +540,7 @@ func unpackTxt(msg []byte, off0 int) (ss []string, off int, err error) {
 	off = off0
 	var s string
 	for off < len(msg) && err == nil {
-		s, off, err = unpackTxtString(msg, off)
+		s, off, err = unpackString(msg, off)
 		if err == nil {
 			ss = append(ss, s)
 		}
@@ -520,43 +548,16 @@ func unpackTxt(msg []byte, off0 int) (ss []string, off int, err error) {
 	return
 }
 
-func unpackTxtString(msg []byte, offset int) (string, int, error) {
-	if offset+1 > len(msg) {
-		return "", offset, &Error{err: "overflow unpacking txt"}
-	}
-	l := int(msg[offset])
-	if offset+l+1 > len(msg) {
-		return "", offset, &Error{err: "overflow unpacking txt"}
-	}
-	s := make([]byte, 0, l)
-	for _, b := range msg[offset+1 : offset+1+l] {
-		switch b {
-		case '"', '\\':
-			s = append(s, '\\', b)
-		default:
-			if b < 32 || b > 127 { // unprintable
-				var buf [3]byte
-				bufs := strconv.AppendInt(buf[:0], int64(b), 10)
-				s = append(s, '\\')
-				for i := 0; i < 3-len(bufs); i++ {
-					s = append(s, '0')
-				}
-				for _, r := range bufs {
-					s = append(s, r)
-				}
-			} else {
-				s = append(s, b)
-			}
-		}
-	}
-	offset += 1 + l
-	return string(s), offset, nil
-}
-
 // Helpers for dealing with escaped bytes
 func isDigit(b byte) bool { return b >= '0' && b <= '9' }
 
 func dddToByte(s []byte) byte {
+	_ = s[2] // bounds check hint to compiler; see golang.org/issue/14808
+	return byte((s[0]-'0')*100 + (s[1]-'0')*10 + (s[2] - '0'))
+}
+
+func dddStringToByte(s string) byte {
+	_ = s[2] // bounds check hint to compiler; see golang.org/issue/14808
 	return byte((s[0]-'0')*100 + (s[1]-'0')*10 + (s[2] - '0'))
 }
 
@@ -574,19 +575,38 @@ func intToBytes(i *big.Int, length int) []byte {
 // PackRR packs a resource record rr into msg[off:].
 // See PackDomainName for documentation about the compression.
 func PackRR(rr RR, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error) {
+	headerEnd, off1, err := packRR(rr, msg, off, compressionMap{ext: compression}, compress)
+	if err == nil {
+		// packRR no longer sets the Rdlength field on the rr, but
+		// callers might be expecting it so we set it here.
+		rr.Header().Rdlength = uint16(off1 - headerEnd)
+	}
+	return off1, err
+}
+
+func packRR(rr RR, msg []byte, off int, compression compressionMap, compress bool) (headerEnd int, off1 int, err error) {
 	if rr == nil {
-		return len(msg), &Error{err: "nil rr"}
+		return len(msg), len(msg), &Error{err: "nil rr"}
+	}
+
+	headerEnd, err = rr.Header().packHeader(msg, off, compression, compress)
+	if err != nil {
+		return headerEnd, len(msg), err
 	}
 
-	off1, err = rr.pack(msg, off, compression, compress)
+	off1, err = rr.pack(msg, headerEnd, compression, compress)
 	if err != nil {
-		return len(msg), err
+		return headerEnd, len(msg), err
 	}
-	// TODO(miek): Not sure if this is needed? If removed we can remove rawmsg.go as well.
-	if rawSetRdlength(msg, off, off1) {
-		return off1, nil
+
+	rdlength := off1 - headerEnd
+	if int(uint16(rdlength)) != rdlength { // overflow
+		return headerEnd, len(msg), ErrRdata
 	}
-	return off, ErrRdata
+
+	// The RDLENGTH field is the last field in the header and we set it here.
+	binary.BigEndian.PutUint16(msg[headerEnd-2:], uint16(rdlength))
+	return headerEnd, off1, nil
 }
 
 // UnpackRR unpacks msg[off:] into an RR.
@@ -602,17 +622,28 @@ func UnpackRR(msg []byte, off int) (rr RR, off1 int, err error) {
 // UnpackRRWithHeader unpacks the record type specific payload given an existing
 // RR_Header.
 func UnpackRRWithHeader(h RR_Header, msg []byte, off int) (rr RR, off1 int, err error) {
+	if newFn, ok := TypeToRR[h.Rrtype]; ok {
+		rr = newFn()
+		*rr.Header() = h
+	} else {
+		rr = &RFC3597{Hdr: h}
+	}
+
+	if noRdata(h) {
+		return rr, off, nil
+	}
+
 	end := off + int(h.Rdlength)
 
-	if fn, known := typeToUnpack[h.Rrtype]; !known {
-		rr, off, err = unpackRFC3597(h, msg, off)
-	} else {
-		rr, off, err = fn(h, msg, off)
+	off, err = rr.unpack(msg, off)
+	if err != nil {
+		return nil, end, err
 	}
 	if off != end {
 		return &h, end, &Error{err: "bad rdlength"}
 	}
-	return rr, off, err
+
+	return rr, off, nil
 }
 
 // unpackRRslice unpacks msg[off:] into an []RR.
@@ -693,32 +724,33 @@ func (dns *Msg) Pack() (msg []byte, err error) {
 
 // PackBuffer packs a Msg, using the given buffer buf. If buf is too small a new buffer is allocated.
 func (dns *Msg) PackBuffer(buf []byte) (msg []byte, err error) {
-	var compression map[string]int
-	if dns.Compress {
-		compression = make(map[string]int) // Compression pointer mappings.
+	// If this message can't be compressed, avoid filling the
+	// compression map and creating garbage.
+	if dns.Compress && dns.isCompressible() {
+		compression := make(map[string]uint16) // Compression pointer mappings.
+		return dns.packBufferWithCompressionMap(buf, compressionMap{int: compression}, true)
 	}
-	return dns.packBufferWithCompressionMap(buf, compression)
+
+	return dns.packBufferWithCompressionMap(buf, compressionMap{}, false)
 }
 
 // packBufferWithCompressionMap packs a Msg, using the given buffer buf.
-func (dns *Msg) packBufferWithCompressionMap(buf []byte, compression map[string]int) (msg []byte, err error) {
-	// We use a similar function in tsig.go's stripTsig.
-
-	var dh Header
-
+func (dns *Msg) packBufferWithCompressionMap(buf []byte, compression compressionMap, compress bool) (msg []byte, err error) {
 	if dns.Rcode < 0 || dns.Rcode > 0xFFF {
 		return nil, ErrRcode
 	}
-	if dns.Rcode > 0xF {
-		// Regular RCODE field is 4 bits
-		opt := dns.IsEdns0()
-		if opt == nil {
-			return nil, ErrExtendedRcode
-		}
-		opt.SetExtendedRcode(uint8(dns.Rcode >> 4))
+
+	// Set extended rcode unconditionally if we have an opt, this will allow
+	// reseting the extended rcode bits if they need to.
+	if opt := dns.IsEdns0(); opt != nil {
+		opt.SetExtendedRcode(uint16(dns.Rcode))
+	} else if dns.Rcode > 0xF {
+		// If Rcode is an extended one and opt is nil, error out.
+		return nil, ErrExtendedRcode
 	}
 
 	// Convert convenient Msg into wire-like Header.
+	var dh Header
 	dh.Id = dns.Id
 	dh.Bits = uint16(dns.Opcode)<<11 | uint16(dns.Rcode&0xF)
 	if dns.Response {
@@ -746,50 +778,44 @@ func (dns *Msg) packBufferWithCompressionMap(buf []byte, compression map[string]
 		dh.Bits |= _CD
 	}
 
-	// Prepare variable sized arrays.
-	question := dns.Question
-	answer := dns.Answer
-	ns := dns.Ns
-	extra := dns.Extra
-
-	dh.Qdcount = uint16(len(question))
-	dh.Ancount = uint16(len(answer))
-	dh.Nscount = uint16(len(ns))
-	dh.Arcount = uint16(len(extra))
+	dh.Qdcount = uint16(len(dns.Question))
+	dh.Ancount = uint16(len(dns.Answer))
+	dh.Nscount = uint16(len(dns.Ns))
+	dh.Arcount = uint16(len(dns.Extra))
 
 	// We need the uncompressed length here, because we first pack it and then compress it.
 	msg = buf
-	uncompressedLen := compressedLen(dns, false)
+	uncompressedLen := msgLenWithCompressionMap(dns, nil)
 	if packLen := uncompressedLen + 1; len(msg) < packLen {
 		msg = make([]byte, packLen)
 	}
 
 	// Pack it in: header and then the pieces.
 	off := 0
-	off, err = dh.pack(msg, off, compression, dns.Compress)
+	off, err = dh.pack(msg, off, compression, compress)
 	if err != nil {
 		return nil, err
 	}
-	for i := 0; i < len(question); i++ {
-		off, err = question[i].pack(msg, off, compression, dns.Compress)
+	for _, r := range dns.Question {
+		off, err = r.pack(msg, off, compression, compress)
 		if err != nil {
 			return nil, err
 		}
 	}
-	for i := 0; i < len(answer); i++ {
-		off, err = PackRR(answer[i], msg, off, compression, dns.Compress)
+	for _, r := range dns.Answer {
+		_, off, err = packRR(r, msg, off, compression, compress)
 		if err != nil {
 			return nil, err
 		}
 	}
-	for i := 0; i < len(ns); i++ {
-		off, err = PackRR(ns[i], msg, off, compression, dns.Compress)
+	for _, r := range dns.Ns {
+		_, off, err = packRR(r, msg, off, compression, compress)
 		if err != nil {
 			return nil, err
 		}
 	}
-	for i := 0; i < len(extra); i++ {
-		off, err = PackRR(extra[i], msg, off, compression, dns.Compress)
+	for _, r := range dns.Extra {
+		_, off, err = packRR(r, msg, off, compression, compress)
 		if err != nil {
 			return nil, err
 		}
@@ -797,28 +823,7 @@ func (dns *Msg) packBufferWithCompressionMap(buf []byte, compression map[string]
 	return msg[:off], nil
 }
 
-// Unpack unpacks a binary message to a Msg structure.
-func (dns *Msg) Unpack(msg []byte) (err error) {
-	var (
-		dh  Header
-		off int
-	)
-	if dh, off, err = unpackMsgHdr(msg, off); err != nil {
-		return err
-	}
-
-	dns.Id = dh.Id
-	dns.Response = (dh.Bits & _QR) != 0
-	dns.Opcode = int(dh.Bits>>11) & 0xF
-	dns.Authoritative = (dh.Bits & _AA) != 0
-	dns.Truncated = (dh.Bits & _TC) != 0
-	dns.RecursionDesired = (dh.Bits & _RD) != 0
-	dns.RecursionAvailable = (dh.Bits & _RA) != 0
-	dns.Zero = (dh.Bits & _Z) != 0
-	dns.AuthenticatedData = (dh.Bits & _AD) != 0
-	dns.CheckingDisabled = (dh.Bits & _CD) != 0
-	dns.Rcode = int(dh.Bits & 0xF)
-
+func (dns *Msg) unpack(dh Header, msg []byte, off int) (err error) {
 	// If we are at the end of the message we should return *just* the
 	// header. This can still be useful to the caller. 9.9.9.9 sends these
 	// when responding with REFUSED for instance.
@@ -837,8 +842,6 @@ func (dns *Msg) Unpack(msg []byte) (err error) {
 		var q Question
 		q, off, err = unpackQuestion(msg, off)
 		if err != nil {
-			// Even if Truncated is set, we only will set ErrTruncated if we
-			// actually got the questions
 			return err
 		}
 		if off1 == off { // Offset does not increase anymore, dh.Qdcount is a lie!
@@ -862,16 +865,29 @@ func (dns *Msg) Unpack(msg []byte) (err error) {
 	// The header counts might have been wrong so we need to update it
 	dh.Arcount = uint16(len(dns.Extra))
 
+	// Set extended Rcode
+	if opt := dns.IsEdns0(); opt != nil {
+		dns.Rcode |= opt.ExtendedRcode()
+	}
+
 	if off != len(msg) {
 		// TODO(miek) make this an error?
 		// use PackOpt to let people tell how detailed the error reporting should be?
 		// println("dns: extra bytes in dns packet", off, "<", len(msg))
-	} else if dns.Truncated {
-		// Whether we ran into a an error or not, we want to return that it
-		// was truncated
-		err = ErrTruncated
 	}
 	return err
+
+}
+
+// Unpack unpacks a binary message to a Msg structure.
+func (dns *Msg) Unpack(msg []byte) (err error) {
+	dh, off, err := unpackMsgHdr(msg, 0)
+	if err != nil {
+		return err
+	}
+
+	dns.setHdr(dh)
+	return dns.unpack(dh, msg, off)
 }
 
 // Convert a complete message to a string with dig-like output.
@@ -886,182 +902,148 @@ func (dns *Msg) String() string {
 	s += "ADDITIONAL: " + strconv.Itoa(len(dns.Extra)) + "\n"
 	if len(dns.Question) > 0 {
 		s += "\n;; QUESTION SECTION:\n"
-		for i := 0; i < len(dns.Question); i++ {
-			s += dns.Question[i].String() + "\n"
+		for _, r := range dns.Question {
+			s += r.String() + "\n"
 		}
 	}
 	if len(dns.Answer) > 0 {
 		s += "\n;; ANSWER SECTION:\n"
-		for i := 0; i < len(dns.Answer); i++ {
-			if dns.Answer[i] != nil {
-				s += dns.Answer[i].String() + "\n"
+		for _, r := range dns.Answer {
+			if r != nil {
+				s += r.String() + "\n"
 			}
 		}
 	}
 	if len(dns.Ns) > 0 {
 		s += "\n;; AUTHORITY SECTION:\n"
-		for i := 0; i < len(dns.Ns); i++ {
-			if dns.Ns[i] != nil {
-				s += dns.Ns[i].String() + "\n"
+		for _, r := range dns.Ns {
+			if r != nil {
+				s += r.String() + "\n"
 			}
 		}
 	}
 	if len(dns.Extra) > 0 {
 		s += "\n;; ADDITIONAL SECTION:\n"
-		for i := 0; i < len(dns.Extra); i++ {
-			if dns.Extra[i] != nil {
-				s += dns.Extra[i].String() + "\n"
+		for _, r := range dns.Extra {
+			if r != nil {
+				s += r.String() + "\n"
 			}
 		}
 	}
 	return s
 }
 
+// isCompressible returns whether the msg may be compressible.
+func (dns *Msg) isCompressible() bool {
+	// If we only have one question, there is nothing we can ever compress.
+	return len(dns.Question) > 1 || len(dns.Answer) > 0 ||
+		len(dns.Ns) > 0 || len(dns.Extra) > 0
+}
+
 // Len returns the message length when in (un)compressed wire format.
 // If dns.Compress is true compression it is taken into account. Len()
 // is provided to be a faster way to get the size of the resulting packet,
 // than packing it, measuring the size and discarding the buffer.
-func (dns *Msg) Len() int { return compressedLen(dns, dns.Compress) }
-
-func compressedLenWithCompressionMap(dns *Msg, compression map[string]int) int {
-	l := 12 // Message header is always 12 bytes
-	for _, r := range dns.Question {
-		compressionLenHelper(compression, r.Name, l)
-		l += r.len()
+func (dns *Msg) Len() int {
+	// If this message can't be compressed, avoid filling the
+	// compression map and creating garbage.
+	if dns.Compress && dns.isCompressible() {
+		compression := make(map[string]struct{})
+		return msgLenWithCompressionMap(dns, compression)
 	}
-	l += compressionLenSlice(l, compression, dns.Answer)
-	l += compressionLenSlice(l, compression, dns.Ns)
-	l += compressionLenSlice(l, compression, dns.Extra)
-	return l
+
+	return msgLenWithCompressionMap(dns, nil)
 }
 
-// compressedLen returns the message length when in compressed wire format
-// when compress is true, otherwise the uncompressed length is returned.
-func compressedLen(dns *Msg, compress bool) int {
-	// We always return one more than needed.
-	if compress {
-		compression := map[string]int{}
-		return compressedLenWithCompressionMap(dns, compression)
-	}
-	l := 12 // Message header is always 12 bytes
+func msgLenWithCompressionMap(dns *Msg, compression map[string]struct{}) int {
+	l := headerSize
 
 	for _, r := range dns.Question {
-		l += r.len()
+		l += r.len(l, compression)
 	}
 	for _, r := range dns.Answer {
 		if r != nil {
-			l += r.len()
+			l += r.len(l, compression)
 		}
 	}
 	for _, r := range dns.Ns {
 		if r != nil {
-			l += r.len()
+			l += r.len(l, compression)
 		}
 	}
 	for _, r := range dns.Extra {
 		if r != nil {
-			l += r.len()
+			l += r.len(l, compression)
 		}
 	}
 
 	return l
 }
 
-func compressionLenSlice(lenp int, c map[string]int, rs []RR) int {
-	initLen := lenp
-	for _, r := range rs {
-		if r == nil {
-			continue
-		}
-		// TmpLen is to track len of record at 14bits boudaries
-		tmpLen := lenp
-
-		x := r.len()
-		// track this length, and the global length in len, while taking compression into account for both.
-		k, ok, _ := compressionLenSearch(c, r.Header().Name)
-		if ok {
-			// Size of x is reduced by k, but we add 1 since k includes the '.' and label descriptor take 2 bytes
-			// so, basically x:= x - k - 1 + 2
-			x += 1 - k
-		}
+func domainNameLen(s string, off int, compression map[string]struct{}, compress bool) int {
+	if s == "" || s == "." {
+		return 1
+	}
+
+	escaped := strings.Contains(s, "\\")
+
+	if compression != nil && (compress || off < maxCompressionOffset) {
+		// compressionLenSearch will insert the entry into the compression
+		// map if it doesn't contain it.
+		if l, ok := compressionLenSearch(compression, s, off); ok && compress {
+			if escaped {
+				return escapedNameLen(s[:l]) + 2
+			}
 
-		tmpLen += compressionLenHelper(c, r.Header().Name, tmpLen)
-		k, ok, _ = compressionLenSearchType(c, r)
-		if ok {
-			x += 1 - k
+			return l + 2
 		}
-		lenp += x
-		tmpLen = lenp
-		tmpLen += compressionLenHelperType(c, r, tmpLen)
+	}
 
+	if escaped {
+		return escapedNameLen(s) + 1
 	}
-	return lenp - initLen
+
+	return len(s) + 1
 }
 
-// Put the parts of the name in the compression map, return the size in bytes added in payload
-func compressionLenHelper(c map[string]int, s string, currentLen int) int {
-	if currentLen > maxCompressionOffset {
-		// We won't be able to add any label that could be re-used later anyway
-		return 0
-	}
-	if _, ok := c[s]; ok {
-		return 0
-	}
-	initLen := currentLen
-	pref := ""
-	prev := s
-	lbs := Split(s)
-	for j := 0; j < len(lbs); j++ {
-		pref = s[lbs[j]:]
-		currentLen += len(prev) - len(pref)
-		prev = pref
-		if _, ok := c[pref]; !ok {
-			// If first byte label is within the first 14bits, it might be re-used later
-			if currentLen < maxCompressionOffset {
-				c[pref] = currentLen
-			}
+func escapedNameLen(s string) int {
+	nameLen := len(s)
+	for i := 0; i < len(s); i++ {
+		if s[i] != '\\' {
+			continue
+		}
+
+		if i+3 < len(s) && isDigit(s[i+1]) && isDigit(s[i+2]) && isDigit(s[i+3]) {
+			nameLen -= 3
+			i += 3
 		} else {
-			added := currentLen - initLen
-			if j > 0 {
-				// We added a new PTR
-				added += 2
-			}
-			return added
+			nameLen--
+			i++
 		}
 	}
-	return currentLen - initLen
+
+	return nameLen
 }
 
-// Look for each part in the compression map and returns its length,
-// keep on searching so we get the longest match.
-// Will return the size of compression found, whether a match has been
-// found and the size of record if added in payload
-func compressionLenSearch(c map[string]int, s string) (int, bool, int) {
-	off := 0
-	end := false
-	if s == "" { // don't bork on bogus data
-		return 0, false, 0
-	}
-	fullSize := 0
-	for {
+func compressionLenSearch(c map[string]struct{}, s string, msgOff int) (int, bool) {
+	for off, end := 0, false; !end; off, end = NextLabel(s, off) {
 		if _, ok := c[s[off:]]; ok {
-			return len(s[off:]), true, fullSize + off
+			return off, true
 		}
-		if end {
-			break
+
+		if msgOff+off < maxCompressionOffset {
+			c[s[off:]] = struct{}{}
 		}
-		// Each label descriptor takes 2 bytes, add it
-		fullSize += 2
-		off, end = NextLabel(s, off)
 	}
-	return 0, false, fullSize + len(s)
+
+	return 0, false
 }
 
 // Copy returns a new RR which is a deep-copy of r.
-func Copy(r RR) RR { r1 := r.copy(); return r1 }
+func Copy(r RR) RR { return r.copy() }
 
 // Len returns the length (in octets) of the uncompressed RR in wire format.
-func Len(r RR) int { return r.len() }
+func Len(r RR) int { return r.len(0, nil) }
 
 // Copy returns a new *Msg which is a deep-copy of dns.
 func (dns *Msg) Copy() *Msg { return dns.CopyTo(new(Msg)) }
@@ -1077,40 +1059,27 @@ func (dns *Msg) CopyTo(r1 *Msg) *Msg {
 	}
 
 	rrArr := make([]RR, len(dns.Answer)+len(dns.Ns)+len(dns.Extra))
-	var rri int
+	r1.Answer, rrArr = rrArr[:0:len(dns.Answer)], rrArr[len(dns.Answer):]
+	r1.Ns, rrArr = rrArr[:0:len(dns.Ns)], rrArr[len(dns.Ns):]
+	r1.Extra = rrArr[:0:len(dns.Extra)]
 
-	if len(dns.Answer) > 0 {
-		rrbegin := rri
-		for i := 0; i < len(dns.Answer); i++ {
-			rrArr[rri] = dns.Answer[i].copy()
-			rri++
-		}
-		r1.Answer = rrArr[rrbegin:rri:rri]
+	for _, r := range dns.Answer {
+		r1.Answer = append(r1.Answer, r.copy())
 	}
 
-	if len(dns.Ns) > 0 {
-		rrbegin := rri
-		for i := 0; i < len(dns.Ns); i++ {
-			rrArr[rri] = dns.Ns[i].copy()
-			rri++
-		}
-		r1.Ns = rrArr[rrbegin:rri:rri]
+	for _, r := range dns.Ns {
+		r1.Ns = append(r1.Ns, r.copy())
 	}
 
-	if len(dns.Extra) > 0 {
-		rrbegin := rri
-		for i := 0; i < len(dns.Extra); i++ {
-			rrArr[rri] = dns.Extra[i].copy()
-			rri++
-		}
-		r1.Extra = rrArr[rrbegin:rri:rri]
+	for _, r := range dns.Extra {
+		r1.Extra = append(r1.Extra, r.copy())
 	}
 
 	return r1
 }
 
-func (q *Question) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := PackDomainName(q.Name, msg, off, compression, compress)
+func (q *Question) pack(msg []byte, off int, compression compressionMap, compress bool) (int, error) {
+	off, err := packDomainName(q.Name, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
@@ -1151,7 +1120,7 @@ func unpackQuestion(msg []byte, off int) (Question, int, error) {
 	return q, off, err
 }
 
-func (dh *Header) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
+func (dh *Header) pack(msg []byte, off int, compression compressionMap, compress bool) (int, error) {
 	off, err := packUint16(dh.Id, msg, off)
 	if err != nil {
 		return off, err
@@ -1173,7 +1142,10 @@ func (dh *Header) pack(msg []byte, off int, compression map[string]int, compress
 		return off, err
 	}
 	off, err = packUint16(dh.Arcount, msg, off)
-	return off, err
+	if err != nil {
+		return off, err
+	}
+	return off, nil
 }
 
 func unpackMsgHdr(msg []byte, off int) (Header, int, error) {
@@ -1202,5 +1174,23 @@ func unpackMsgHdr(msg []byte, off int) (Header, int, error) {
 		return dh, off, err
 	}
 	dh.Arcount, off, err = unpackUint16(msg, off)
-	return dh, off, err
+	if err != nil {
+		return dh, off, err
+	}
+	return dh, off, nil
+}
+
+// setHdr set the header in the dns using the binary data in dh.
+func (dns *Msg) setHdr(dh Header) {
+	dns.Id = dh.Id
+	dns.Response = dh.Bits&_QR != 0
+	dns.Opcode = int(dh.Bits>>11) & 0xF
+	dns.Authoritative = dh.Bits&_AA != 0
+	dns.Truncated = dh.Bits&_TC != 0
+	dns.RecursionDesired = dh.Bits&_RD != 0
+	dns.RecursionAvailable = dh.Bits&_RA != 0
+	dns.Zero = dh.Bits&_Z != 0 // _Z covers the zero bit, which should be zero; not sure why we set it to the opposite.
+	dns.AuthenticatedData = dh.Bits&_AD != 0
+	dns.CheckingDisabled = dh.Bits&_CD != 0
+	dns.Rcode = int(dh.Bits & 0xF)
 }
diff --git a/vendor/github.com/miekg/dns/msg_helpers.go b/vendor/github.com/miekg/dns/msg_helpers.go
index 946d5acbf0264..98fadc3192306 100644
--- a/vendor/github.com/miekg/dns/msg_helpers.go
+++ b/vendor/github.com/miekg/dns/msg_helpers.go
@@ -6,7 +6,7 @@ import (
 	"encoding/binary"
 	"encoding/hex"
 	"net"
-	"strconv"
+	"strings"
 )
 
 // helper functions called from the generated zmsg.go
@@ -25,12 +25,13 @@ func unpackDataA(msg []byte, off int) (net.IP, int, error) {
 }
 
 func packDataA(a net.IP, msg []byte, off int) (int, error) {
-	// It must be a slice of 4, even if it is 16, we encode only the first 4
-	if off+net.IPv4len > len(msg) {
-		return len(msg), &Error{err: "overflow packing a"}
-	}
 	switch len(a) {
 	case net.IPv4len, net.IPv6len:
+		// It must be a slice of 4, even if it is 16, we encode only the first 4
+		if off+net.IPv4len > len(msg) {
+			return len(msg), &Error{err: "overflow packing a"}
+		}
+
 		copy(msg[off:], a.To4())
 		off += net.IPv4len
 	case 0:
@@ -51,12 +52,12 @@ func unpackDataAAAA(msg []byte, off int) (net.IP, int, error) {
 }
 
 func packDataAAAA(aaaa net.IP, msg []byte, off int) (int, error) {
-	if off+net.IPv6len > len(msg) {
-		return len(msg), &Error{err: "overflow packing aaaa"}
-	}
-
 	switch len(aaaa) {
 	case net.IPv6len:
+		if off+net.IPv6len > len(msg) {
+			return len(msg), &Error{err: "overflow packing aaaa"}
+		}
+
 		copy(msg[off:], aaaa)
 		off += net.IPv6len
 	case 0:
@@ -99,14 +100,14 @@ func unpackHeader(msg []byte, off int) (rr RR_Header, off1 int, truncmsg []byte,
 	return hdr, off, msg, err
 }
 
-// pack packs an RR header, returning the offset to the end of the header.
+// packHeader packs an RR header, returning the offset to the end of the header.
 // See PackDomainName for documentation about the compression.
-func (hdr RR_Header) pack(msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error) {
+func (hdr RR_Header) packHeader(msg []byte, off int, compression compressionMap, compress bool) (int, error) {
 	if off == len(msg) {
 		return off, nil
 	}
 
-	off, err = PackDomainName(hdr.Name, msg, off, compression, compress)
+	off, err := packDomainName(hdr.Name, msg, off, compression, compress)
 	if err != nil {
 		return len(msg), err
 	}
@@ -122,7 +123,7 @@ func (hdr RR_Header) pack(msg []byte, off int, compression map[string]int, compr
 	if err != nil {
 		return len(msg), err
 	}
-	off, err = packUint16(hdr.Rdlength, msg, off)
+	off, err = packUint16(0, msg, off) // The RDLENGTH field will be set later in packRR.
 	if err != nil {
 		return len(msg), err
 	}
@@ -141,20 +142,24 @@ func truncateMsgFromRdlength(msg []byte, off int, rdlength uint16) (truncmsg []b
 	return msg[:lenrd], nil
 }
 
+var base32HexNoPadEncoding = base32.HexEncoding.WithPadding(base32.NoPadding)
+
 func fromBase32(s []byte) (buf []byte, err error) {
 	for i, b := range s {
 		if b >= 'a' && b <= 'z' {
 			s[i] = b - 32
 		}
 	}
-	buflen := base32.HexEncoding.DecodedLen(len(s))
+	buflen := base32HexNoPadEncoding.DecodedLen(len(s))
 	buf = make([]byte, buflen)
-	n, err := base32.HexEncoding.Decode(buf, s)
+	n, err := base32HexNoPadEncoding.Decode(buf, s)
 	buf = buf[:n]
 	return
 }
 
-func toBase32(b []byte) string { return base32.HexEncoding.EncodeToString(b) }
+func toBase32(b []byte) string {
+	return base32HexNoPadEncoding.EncodeToString(b)
+}
 
 func fromBase64(s []byte) (buf []byte, err error) {
 	buflen := base64.StdEncoding.DecodedLen(len(s))
@@ -173,14 +178,14 @@ func unpackUint8(msg []byte, off int) (i uint8, off1 int, err error) {
 	if off+1 > len(msg) {
 		return 0, len(msg), &Error{err: "overflow unpacking uint8"}
 	}
-	return uint8(msg[off]), off + 1, nil
+	return msg[off], off + 1, nil
 }
 
 func packUint8(i uint8, msg []byte, off int) (off1 int, err error) {
 	if off+1 > len(msg) {
 		return len(msg), &Error{err: "overflow packing uint8"}
 	}
-	msg[off] = byte(i)
+	msg[off] = i
 	return off + 1, nil
 }
 
@@ -219,8 +224,8 @@ func unpackUint48(msg []byte, off int) (i uint64, off1 int, err error) {
 		return 0, len(msg), &Error{err: "overflow unpacking uint64 as uint48"}
 	}
 	// Used in TSIG where the last 48 bits are occupied, so for now, assume a uint48 (6 bytes)
-	i = (uint64(uint64(msg[off])<<40 | uint64(msg[off+1])<<32 | uint64(msg[off+2])<<24 | uint64(msg[off+3])<<16 |
-		uint64(msg[off+4])<<8 | uint64(msg[off+5])))
+	i = uint64(msg[off])<<40 | uint64(msg[off+1])<<32 | uint64(msg[off+2])<<24 | uint64(msg[off+3])<<16 |
+		uint64(msg[off+4])<<8 | uint64(msg[off+5])
 	off += 6
 	return i, off, nil
 }
@@ -260,32 +265,36 @@ func unpackString(msg []byte, off int) (string, int, error) {
 		return "", off, &Error{err: "overflow unpacking txt"}
 	}
 	l := int(msg[off])
-	if off+l+1 > len(msg) {
+	off++
+	if off+l > len(msg) {
 		return "", off, &Error{err: "overflow unpacking txt"}
 	}
-	s := make([]byte, 0, l)
-	for _, b := range msg[off+1 : off+1+l] {
-		switch b {
-		case '"', '\\':
-			s = append(s, '\\', b)
-		default:
-			if b < 32 || b > 127 { // unprintable
-				var buf [3]byte
-				bufs := strconv.AppendInt(buf[:0], int64(b), 10)
-				s = append(s, '\\')
-				for i := 0; i < 3-len(bufs); i++ {
-					s = append(s, '0')
-				}
-				for _, r := range bufs {
-					s = append(s, r)
-				}
-			} else {
-				s = append(s, b)
+	var s strings.Builder
+	consumed := 0
+	for i, b := range msg[off : off+l] {
+		switch {
+		case b == '"' || b == '\\':
+			if consumed == 0 {
+				s.Grow(l * 2)
 			}
+			s.Write(msg[off+consumed : off+i])
+			s.WriteByte('\\')
+			s.WriteByte(b)
+			consumed = i + 1
+		case b < ' ' || b > '~': // unprintable
+			if consumed == 0 {
+				s.Grow(l * 2)
+			}
+			s.Write(msg[off+consumed : off+i])
+			s.WriteString(escapeByte(b))
+			consumed = i + 1
 		}
 	}
-	off += 1 + l
-	return string(s), off, nil
+	if consumed == 0 { // no escaping needed
+		return string(msg[off : off+l]), off + l, nil
+	}
+	s.Write(msg[off+consumed : off+l])
+	return s.String(), off + l, nil
 }
 
 func packString(s string, msg []byte, off int) (int, error) {
@@ -359,7 +368,7 @@ func packStringHex(s string, msg []byte, off int) (int, error) {
 	if err != nil {
 		return len(msg), err
 	}
-	if off+(len(h)) > len(msg) {
+	if off+len(h) > len(msg) {
 		return len(msg), &Error{err: "overflow packing hex"}
 	}
 	copy(msg[off:off+len(h)], h)
@@ -367,6 +376,22 @@ func packStringHex(s string, msg []byte, off int) (int, error) {
 	return off, nil
 }
 
+func unpackStringAny(msg []byte, off, end int) (string, int, error) {
+	if end > len(msg) {
+		return "", len(msg), &Error{err: "overflow unpacking anything"}
+	}
+	return string(msg[off:end]), end, nil
+}
+
+func packStringAny(s string, msg []byte, off int) (int, error) {
+	if off+len(s) > len(msg) {
+		return len(msg), &Error{err: "overflow packing anything"}
+	}
+	copy(msg[off:off+len(s)], s)
+	off += len(s)
+	return off, nil
+}
+
 func unpackStringTxt(msg []byte, off int) ([]string, int, error) {
 	txt, off, err := unpackTxt(msg, off)
 	if err != nil {
@@ -387,7 +412,7 @@ func packStringTxt(s []string, msg []byte, off int) (int, error) {
 func unpackDataOpt(msg []byte, off int) ([]EDNS0, int, error) {
 	var edns []EDNS0
 Option:
-	code := uint16(0)
+	var code uint16
 	if off+4 > len(msg) {
 		return nil, len(msg), &Error{err: "overflow unpacking opt"}
 	}
@@ -420,6 +445,13 @@ Option:
 		}
 		edns = append(edns, e)
 		off += int(optlen)
+	case EDNS0EXPIRE:
+		e := new(EDNS0_EXPIRE)
+		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
+			return nil, len(msg), err
+		}
+		edns = append(edns, e)
+		off += int(optlen)
 	case EDNS0UL:
 		e := new(EDNS0_UL)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
@@ -482,7 +514,7 @@ Option:
 func packDataOpt(options []EDNS0, msg []byte, off int) (int, error) {
 	for _, el := range options {
 		b, err := el.pack()
-		if err != nil || off+3 > len(msg) {
+		if err != nil || off+4 > len(msg) {
 			return len(msg), &Error{err: "overflow packing opt"}
 		}
 		binary.BigEndian.PutUint16(msg[off:], el.Option())      // Option code
@@ -541,8 +573,7 @@ func unpackDataNsec(msg []byte, off int) ([]uint16, int, error) {
 		}
 
 		// Walk the bytes in the window and extract the type bits
-		for j := 0; j < length; j++ {
-			b := msg[off+j]
+		for j, b := range msg[off : off+length] {
 			// Check the bits one by one, and set the type
 			if b&0x80 == 0x80 {
 				nsec = append(nsec, uint16(window*256+j*8+0))
@@ -575,13 +606,35 @@ func unpackDataNsec(msg []byte, off int) ([]uint16, int, error) {
 	return nsec, off, nil
 }
 
+// typeBitMapLen is a helper function which computes the "maximum" length of
+// a the NSEC Type BitMap field.
+func typeBitMapLen(bitmap []uint16) int {
+	var l int
+	var lastwindow, lastlength uint16
+	for _, t := range bitmap {
+		window := t / 256
+		length := (t-window*256)/8 + 1
+		if window > lastwindow && lastlength != 0 { // New window, jump to the new offset
+			l += int(lastlength) + 2
+			lastlength = 0
+		}
+		if window < lastwindow || length < lastlength {
+			// packDataNsec would return Error{err: "nsec bits out of order"} here, but
+			// when computing the length, we want do be liberal.
+			continue
+		}
+		lastwindow, lastlength = window, length
+	}
+	l += int(lastlength) + 2
+	return l
+}
+
 func packDataNsec(bitmap []uint16, msg []byte, off int) (int, error) {
 	if len(bitmap) == 0 {
 		return off, nil
 	}
 	var lastwindow, lastlength uint16
-	for j := 0; j < len(bitmap); j++ {
-		t := bitmap[j]
+	for _, t := range bitmap {
 		window := t / 256
 		length := (t-window*256)/8 + 1
 		if window > lastwindow && lastlength != 0 { // New window, jump to the new offset
@@ -599,7 +652,7 @@ func packDataNsec(bitmap []uint16, msg []byte, off int) (int, error) {
 		// Setting the octets length
 		msg[off+1] = byte(length)
 		// Setting the bit value for the type in the right octet
-		msg[off+1+int(length)] |= byte(1 << (7 - (t % 8)))
+		msg[off+1+int(length)] |= byte(1 << (7 - t%8))
 		lastwindow, lastlength = window, length
 	}
 	off += int(lastlength) + 2
@@ -625,13 +678,133 @@ func unpackDataDomainNames(msg []byte, off, end int) ([]string, int, error) {
 	return servers, off, nil
 }
 
-func packDataDomainNames(names []string, msg []byte, off int, compression map[string]int, compress bool) (int, error) {
+func packDataDomainNames(names []string, msg []byte, off int, compression compressionMap, compress bool) (int, error) {
+	var err error
+	for _, name := range names {
+		off, err = packDomainName(name, msg, off, compression, compress)
+		if err != nil {
+			return len(msg), err
+		}
+	}
+	return off, nil
+}
+
+func packDataApl(data []APLPrefix, msg []byte, off int) (int, error) {
 	var err error
-	for j := 0; j < len(names); j++ {
-		off, err = PackDomainName(names[j], msg, off, compression, false && compress)
+	for i := range data {
+		off, err = packDataAplPrefix(&data[i], msg, off)
 		if err != nil {
 			return len(msg), err
 		}
 	}
 	return off, nil
 }
+
+func packDataAplPrefix(p *APLPrefix, msg []byte, off int) (int, error) {
+	if len(p.Network.IP) != len(p.Network.Mask) {
+		return len(msg), &Error{err: "address and mask lengths don't match"}
+	}
+
+	var err error
+	prefix, _ := p.Network.Mask.Size()
+	addr := p.Network.IP.Mask(p.Network.Mask)[:(prefix+7)/8]
+
+	switch len(p.Network.IP) {
+	case net.IPv4len:
+		off, err = packUint16(1, msg, off)
+	case net.IPv6len:
+		off, err = packUint16(2, msg, off)
+	default:
+		err = &Error{err: "unrecognized address family"}
+	}
+	if err != nil {
+		return len(msg), err
+	}
+
+	off, err = packUint8(uint8(prefix), msg, off)
+	if err != nil {
+		return len(msg), err
+	}
+
+	var n uint8
+	if p.Negation {
+		n = 0x80
+	}
+	adflen := uint8(len(addr)) & 0x7f
+	off, err = packUint8(n|adflen, msg, off)
+	if err != nil {
+		return len(msg), err
+	}
+
+	if off+len(addr) > len(msg) {
+		return len(msg), &Error{err: "overflow packing APL prefix"}
+	}
+	off += copy(msg[off:], addr)
+
+	return off, nil
+}
+
+func unpackDataApl(msg []byte, off int) ([]APLPrefix, int, error) {
+	var result []APLPrefix
+	for off < len(msg) {
+		prefix, end, err := unpackDataAplPrefix(msg, off)
+		if err != nil {
+			return nil, len(msg), err
+		}
+		off = end
+		result = append(result, prefix)
+	}
+	return result, off, nil
+}
+
+func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) {
+	family, off, err := unpackUint16(msg, off)
+	if err != nil {
+		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
+	}
+	prefix, off, err := unpackUint8(msg, off)
+	if err != nil {
+		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
+	}
+	nlen, off, err := unpackUint8(msg, off)
+	if err != nil {
+		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
+	}
+
+	var ip []byte
+	switch family {
+	case 1:
+		ip = make([]byte, net.IPv4len)
+	case 2:
+		ip = make([]byte, net.IPv6len)
+	default:
+		return APLPrefix{}, len(msg), &Error{err: "unrecognized APL address family"}
+	}
+	if int(prefix) > 8*len(ip) {
+		return APLPrefix{}, len(msg), &Error{err: "APL prefix too long"}
+	}
+
+	afdlen := int(nlen & 0x7f)
+	if (int(prefix)+7)/8 != afdlen {
+		return APLPrefix{}, len(msg), &Error{err: "invalid APL address length"}
+	}
+	if off+afdlen > len(msg) {
+		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL address"}
+	}
+	off += copy(ip, msg[off:off+afdlen])
+	if prefix%8 > 0 {
+		last := ip[afdlen-1]
+		zero := uint8(0xff) >> (prefix % 8)
+		if last&zero > 0 {
+			return APLPrefix{}, len(msg), &Error{err: "extra APL address bits"}
+		}
+	}
+
+	return APLPrefix{
+		Negation: (nlen & 0x80) != 0,
+		Network: net.IPNet{
+			IP:   ip,
+			Mask: net.CIDRMask(int(prefix), 8*len(ip)),
+		},
+	}, off, nil
+}
diff --git a/vendor/github.com/miekg/dns/msg_truncate.go b/vendor/github.com/miekg/dns/msg_truncate.go
new file mode 100644
index 0000000000000..89d40757dbddf
--- /dev/null
+++ b/vendor/github.com/miekg/dns/msg_truncate.go
@@ -0,0 +1,111 @@
+package dns
+
+// Truncate ensures the reply message will fit into the requested buffer
+// size by removing records that exceed the requested size.
+//
+// It will first check if the reply fits without compression and then with
+// compression. If it won't fit with compression, Truncate then walks the
+// record adding as many records as possible without exceeding the
+// requested buffer size.
+//
+// The TC bit will be set if any records were excluded from the message.
+// This indicates to that the client should retry over TCP.
+//
+// According to RFC 2181, the TC bit should only be set if not all of the
+// "required" RRs can be included in the response. Unfortunately, we have
+// no way of knowing which RRs are required so we set the TC bit if any RR
+// had to be omitted from the response.
+//
+// The appropriate buffer size can be retrieved from the requests OPT
+// record, if present, and is transport specific otherwise. dns.MinMsgSize
+// should be used for UDP requests without an OPT record, and
+// dns.MaxMsgSize for TCP requests without an OPT record.
+func (dns *Msg) Truncate(size int) {
+	if dns.IsTsig() != nil {
+		// To simplify this implementation, we don't perform
+		// truncation on responses with a TSIG record.
+		return
+	}
+
+	// RFC 6891 mandates that the payload size in an OPT record
+	// less than 512 bytes must be treated as equal to 512 bytes.
+	//
+	// For ease of use, we impose that restriction here.
+	if size < 512 {
+		size = 512
+	}
+
+	l := msgLenWithCompressionMap(dns, nil) // uncompressed length
+	if l <= size {
+		// Don't waste effort compressing this message.
+		dns.Compress = false
+		return
+	}
+
+	dns.Compress = true
+
+	edns0 := dns.popEdns0()
+	if edns0 != nil {
+		// Account for the OPT record that gets added at the end,
+		// by subtracting that length from our budget.
+		//
+		// The EDNS(0) OPT record must have the root domain and
+		// it's length is thus unaffected by compression.
+		size -= Len(edns0)
+	}
+
+	compression := make(map[string]struct{})
+
+	l = headerSize
+	for _, r := range dns.Question {
+		l += r.len(l, compression)
+	}
+
+	var numAnswer int
+	if l < size {
+		l, numAnswer = truncateLoop(dns.Answer, size, l, compression)
+	}
+
+	var numNS int
+	if l < size {
+		l, numNS = truncateLoop(dns.Ns, size, l, compression)
+	}
+
+	var numExtra int
+	if l < size {
+		l, numExtra = truncateLoop(dns.Extra, size, l, compression)
+	}
+
+	// See the function documentation for when we set this.
+	dns.Truncated = len(dns.Answer) > numAnswer ||
+		len(dns.Ns) > numNS || len(dns.Extra) > numExtra
+
+	dns.Answer = dns.Answer[:numAnswer]
+	dns.Ns = dns.Ns[:numNS]
+	dns.Extra = dns.Extra[:numExtra]
+
+	if edns0 != nil {
+		// Add the OPT record back onto the additional section.
+		dns.Extra = append(dns.Extra, edns0)
+	}
+}
+
+func truncateLoop(rrs []RR, size, l int, compression map[string]struct{}) (int, int) {
+	for i, r := range rrs {
+		if r == nil {
+			continue
+		}
+
+		l += r.len(l, compression)
+		if l > size {
+			// Return size, rather than l prior to this record,
+			// to prevent any further records being added.
+			return size, i
+		}
+		if l == size {
+			return l, i + 1
+		}
+	}
+
+	return l, len(rrs)
+}
diff --git a/vendor/github.com/miekg/dns/nsecx.go b/vendor/github.com/miekg/dns/nsecx.go
index 9b908c4478636..8f071a47399df 100644
--- a/vendor/github.com/miekg/dns/nsecx.go
+++ b/vendor/github.com/miekg/dns/nsecx.go
@@ -2,49 +2,44 @@ package dns
 
 import (
 	"crypto/sha1"
-	"hash"
+	"encoding/hex"
 	"strings"
 )
 
-type saltWireFmt struct {
-	Salt string `dns:"size-hex"`
-}
-
 // HashName hashes a string (label) according to RFC 5155. It returns the hashed string in uppercase.
 func HashName(label string, ha uint8, iter uint16, salt string) string {
-	saltwire := new(saltWireFmt)
-	saltwire.Salt = salt
-	wire := make([]byte, DefaultMsgSize)
-	n, err := packSaltWire(saltwire, wire)
+	if ha != SHA1 {
+		return ""
+	}
+
+	wireSalt := make([]byte, hex.DecodedLen(len(salt)))
+	n, err := packStringHex(salt, wireSalt, 0)
 	if err != nil {
 		return ""
 	}
-	wire = wire[:n]
+	wireSalt = wireSalt[:n]
+
 	name := make([]byte, 255)
 	off, err := PackDomainName(strings.ToLower(label), name, 0, nil, false)
 	if err != nil {
 		return ""
 	}
 	name = name[:off]
-	var s hash.Hash
-	switch ha {
-	case SHA1:
-		s = sha1.New()
-	default:
-		return ""
-	}
 
+	s := sha1.New()
 	// k = 0
 	s.Write(name)
-	s.Write(wire)
+	s.Write(wireSalt)
 	nsec3 := s.Sum(nil)
+
 	// k > 0
 	for k := uint16(0); k < iter; k++ {
 		s.Reset()
 		s.Write(nsec3)
-		s.Write(wire)
+		s.Write(wireSalt)
 		nsec3 = s.Sum(nsec3[:0])
 	}
+
 	return toBase32(nsec3)
 }
 
@@ -63,8 +58,10 @@ func (rr *NSEC3) Cover(name string) bool {
 	}
 
 	nextHash := rr.NextDomain
-	if ownerHash == nextHash { // empty interval
-		return false
+
+	// if empty interval found, try cover wildcard hashes so nameHash shouldn't match with ownerHash
+	if ownerHash == nextHash && nameHash != ownerHash { // empty interval
+		return true
 	}
 	if ownerHash > nextHash { // end of zone
 		if nameHash > ownerHash { // covered since there is nothing after ownerHash
@@ -96,11 +93,3 @@ func (rr *NSEC3) Match(name string) bool {
 	}
 	return false
 }
-
-func packSaltWire(sw *saltWireFmt, msg []byte) (int, error) {
-	off, err := packStringHex(sw.Salt, msg, 0)
-	if err != nil {
-		return off, err
-	}
-	return off, nil
-}
diff --git a/vendor/github.com/miekg/dns/privaterr.go b/vendor/github.com/miekg/dns/privaterr.go
index 41989e7aee7f1..e28f06637408f 100644
--- a/vendor/github.com/miekg/dns/privaterr.go
+++ b/vendor/github.com/miekg/dns/privaterr.go
@@ -1,9 +1,6 @@
 package dns
 
-import (
-	"fmt"
-	"strings"
-)
+import "strings"
 
 // PrivateRdata is an interface used for implementing "Private Use" RR types, see
 // RFC 6895. This allows one to experiment with new RR types, without requesting an
@@ -18,7 +15,7 @@ type PrivateRdata interface {
 	// Unpack is used when unpacking a private RR from a buffer.
 	// TODO(miek): diff. signature than Pack, see edns0.go for instance.
 	Unpack([]byte) (int, error)
-	// Copy copies the Rdata.
+	// Copy copies the Rdata into the PrivateRdata argument.
 	Copy(PrivateRdata) error
 	// Len returns the length in octets of the Rdata.
 	Len() int
@@ -29,21 +26,8 @@ type PrivateRdata interface {
 type PrivateRR struct {
 	Hdr  RR_Header
 	Data PrivateRdata
-}
-
-func mkPrivateRR(rrtype uint16) *PrivateRR {
-	// Panics if RR is not an instance of PrivateRR.
-	rrfunc, ok := TypeToRR[rrtype]
-	if !ok {
-		panic(fmt.Sprintf("dns: invalid operation with Private RR type %d", rrtype))
-	}
 
-	anyrr := rrfunc()
-	switch rr := anyrr.(type) {
-	case *PrivateRR:
-		return rr
-	}
-	panic(fmt.Sprintf("dns: RR is not a PrivateRR, TypeToRR[%d] generator returned %T", rrtype, anyrr))
+	generator func() PrivateRdata // for copy
 }
 
 // Header return the RR header of r.
@@ -52,97 +36,79 @@ func (r *PrivateRR) Header() *RR_Header { return &r.Hdr }
 func (r *PrivateRR) String() string { return r.Hdr.String() + r.Data.String() }
 
 // Private len and copy parts to satisfy RR interface.
-func (r *PrivateRR) len() int { return r.Hdr.len() + r.Data.Len() }
+func (r *PrivateRR) len(off int, compression map[string]struct{}) int {
+	l := r.Hdr.len(off, compression)
+	l += r.Data.Len()
+	return l
+}
+
 func (r *PrivateRR) copy() RR {
 	// make new RR like this:
-	rr := mkPrivateRR(r.Hdr.Rrtype)
-	rr.Hdr = r.Hdr
+	rr := &PrivateRR{r.Hdr, r.generator(), r.generator}
 
-	err := r.Data.Copy(rr.Data)
-	if err != nil {
-		panic("dns: got value that could not be used to copy Private rdata")
+	if err := r.Data.Copy(rr.Data); err != nil {
+		panic("dns: got value that could not be used to copy Private rdata: " + err.Error())
 	}
+
 	return rr
 }
-func (r *PrivateRR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := r.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+
+func (r *PrivateRR) pack(msg []byte, off int, compression compressionMap, compress bool) (int, error) {
 	n, err := r.Data.Pack(msg[off:])
 	if err != nil {
 		return len(msg), err
 	}
 	off += n
-	r.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-// PrivateHandle registers a private resource record type. It requires
-// string and numeric representation of private RR type and generator function as argument.
-func PrivateHandle(rtypestr string, rtype uint16, generator func() PrivateRdata) {
-	rtypestr = strings.ToUpper(rtypestr)
-
-	TypeToRR[rtype] = func() RR { return &PrivateRR{RR_Header{}, generator()} }
-	TypeToString[rtype] = rtypestr
-	StringToType[rtypestr] = rtype
+func (r *PrivateRR) unpack(msg []byte, off int) (int, error) {
+	off1, err := r.Data.Unpack(msg[off:])
+	off += off1
+	return off, err
+}
 
-	typeToUnpack[rtype] = func(h RR_Header, msg []byte, off int) (RR, int, error) {
-		if noRdata(h) {
-			return &h, off, nil
+func (r *PrivateRR) parse(c *zlexer, origin string) *ParseError {
+	var l lex
+	text := make([]string, 0, 2) // could be 0..N elements, median is probably 1
+Fetch:
+	for {
+		// TODO(miek): we could also be returning _QUOTE, this might or might not
+		// be an issue (basically parsing TXT becomes hard)
+		switch l, _ = c.Next(); l.value {
+		case zNewline, zEOF:
+			break Fetch
+		case zString:
+			text = append(text, l.token)
 		}
-		var err error
-
-		rr := mkPrivateRR(h.Rrtype)
-		rr.Hdr = h
+	}
 
-		off1, err := rr.Data.Unpack(msg[off:])
-		off += off1
-		if err != nil {
-			return rr, off, err
-		}
-		return rr, off, err
+	err := r.Data.Parse(text)
+	if err != nil {
+		return &ParseError{"", err.Error(), l}
 	}
 
-	setPrivateRR := func(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-		rr := mkPrivateRR(h.Rrtype)
-		rr.Hdr = h
-
-		var l lex
-		text := make([]string, 0, 2) // could be 0..N elements, median is probably 1
-	Fetch:
-		for {
-			// TODO(miek): we could also be returning _QUOTE, this might or might not
-			// be an issue (basically parsing TXT becomes hard)
-			switch l = <-c; l.value {
-			case zNewline, zEOF:
-				break Fetch
-			case zString:
-				text = append(text, l.token)
-			}
-		}
+	return nil
+}
 
-		err := rr.Data.Parse(text)
-		if err != nil {
-			return nil, &ParseError{f, err.Error(), l}, ""
-		}
+func (r1 *PrivateRR) isDuplicate(r2 RR) bool { return false }
 
-		return rr, nil, ""
-	}
+// PrivateHandle registers a private resource record type. It requires
+// string and numeric representation of private RR type and generator function as argument.
+func PrivateHandle(rtypestr string, rtype uint16, generator func() PrivateRdata) {
+	rtypestr = strings.ToUpper(rtypestr)
 
-	typeToparserFunc[rtype] = parserFunc{setPrivateRR, true}
+	TypeToRR[rtype] = func() RR { return &PrivateRR{RR_Header{}, generator(), generator} }
+	TypeToString[rtype] = rtypestr
+	StringToType[rtypestr] = rtype
 }
 
-// PrivateHandleRemove removes defenitions required to support private RR type.
+// PrivateHandleRemove removes definitions required to support private RR type.
 func PrivateHandleRemove(rtype uint16) {
 	rtypestr, ok := TypeToString[rtype]
 	if ok {
 		delete(TypeToRR, rtype)
 		delete(TypeToString, rtype)
-		delete(typeToparserFunc, rtype)
 		delete(StringToType, rtypestr)
-		delete(typeToUnpack, rtype)
 	}
-	return
 }
diff --git a/vendor/github.com/miekg/dns/rawmsg.go b/vendor/github.com/miekg/dns/rawmsg.go
deleted file mode 100644
index 6e21fba7e1fb7..0000000000000
--- a/vendor/github.com/miekg/dns/rawmsg.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package dns
-
-import "encoding/binary"
-
-// rawSetRdlength sets the rdlength in the header of
-// the RR. The offset 'off' must be positioned at the
-// start of the header of the RR, 'end' must be the
-// end of the RR.
-func rawSetRdlength(msg []byte, off, end int) bool {
-	l := len(msg)
-Loop:
-	for {
-		if off+1 > l {
-			return false
-		}
-		c := int(msg[off])
-		off++
-		switch c & 0xC0 {
-		case 0x00:
-			if c == 0x00 {
-				// End of the domainname
-				break Loop
-			}
-			if off+c > l {
-				return false
-			}
-			off += c
-
-		case 0xC0:
-			// pointer, next byte included, ends domainname
-			off++
-			break Loop
-		}
-	}
-	// The domainname has been seen, we at the start of the fixed part in the header.
-	// Type is 2 bytes, class is 2 bytes, ttl 4 and then 2 bytes for the length.
-	off += 2 + 2 + 4
-	if off+2 > l {
-		return false
-	}
-	//off+1 is the end of the header, 'end' is the end of the rr
-	//so 'end' - 'off+2' is the length of the rdata
-	rdatalen := end - (off + 2)
-	if rdatalen > 0xFFFF {
-		return false
-	}
-	binary.BigEndian.PutUint16(msg[off:], uint16(rdatalen))
-	return true
-}
diff --git a/vendor/github.com/miekg/dns/reverse.go b/vendor/github.com/miekg/dns/reverse.go
index f6e7a47a6e8ab..28151af835983 100644
--- a/vendor/github.com/miekg/dns/reverse.go
+++ b/vendor/github.com/miekg/dns/reverse.go
@@ -12,6 +12,20 @@ var StringToOpcode = reverseInt(OpcodeToString)
 // StringToRcode is a map of rcodes to strings.
 var StringToRcode = reverseInt(RcodeToString)
 
+func init() {
+	// Preserve previous NOTIMP typo, see github.com/miekg/dns/issues/733.
+	StringToRcode["NOTIMPL"] = RcodeNotImplemented
+}
+
+// StringToAlgorithm is the reverse of AlgorithmToString.
+var StringToAlgorithm = reverseInt8(AlgorithmToString)
+
+// StringToHash is a map of names to hash IDs.
+var StringToHash = reverseInt8(HashToString)
+
+// StringToCertType is the reverseof CertTypeToString.
+var StringToCertType = reverseInt16(CertTypeToString)
+
 // Reverse a map
 func reverseInt8(m map[uint8]string) map[string]uint8 {
 	n := make(map[string]uint8, len(m))
diff --git a/vendor/github.com/miekg/dns/sanitize.go b/vendor/github.com/miekg/dns/sanitize.go
index c415bdd6c36a6..a638e862e3ab2 100644
--- a/vendor/github.com/miekg/dns/sanitize.go
+++ b/vendor/github.com/miekg/dns/sanitize.go
@@ -5,6 +5,7 @@ package dns
 // rrs.
 // m is used to store the RRs temporary. If it is nil a new map will be allocated.
 func Dedup(rrs []RR, m map[string]RR) []RR {
+
 	if m == nil {
 		m = make(map[string]RR)
 	}
@@ -14,10 +15,11 @@ func Dedup(rrs []RR, m map[string]RR) []RR {
 	for _, r := range rrs {
 		key := normalizedString(r)
 		keys = append(keys, &key)
-		if _, ok := m[key]; ok {
+		if mr, ok := m[key]; ok {
 			// Shortest TTL wins.
-			if m[key].Header().Ttl > r.Header().Ttl {
-				m[key].Header().Ttl = r.Header().Ttl
+			rh, mrh := r.Header(), mr.Header()
+			if mrh.Ttl > rh.Ttl {
+				mrh.Ttl = rh.Ttl
 			}
 			continue
 		}
diff --git a/vendor/github.com/miekg/dns/scan.go b/vendor/github.com/miekg/dns/scan.go
index f9cd47401d1d5..671018b1f3b75 100644
--- a/vendor/github.com/miekg/dns/scan.go
+++ b/vendor/github.com/miekg/dns/scan.go
@@ -1,6 +1,7 @@
 package dns
 
 import (
+	"bufio"
 	"fmt"
 	"io"
 	"os"
@@ -10,7 +11,10 @@ import (
 )
 
 const maxTok = 2048 // Largest token we can return.
-const maxUint16 = 1<<16 - 1
+
+// The maximum depth of $INCLUDE directives supported by the
+// ZoneParser API.
+const maxIncludeDepth = 7
 
 // Tokinize a RFC 1035 zone file. The tokenizer will normalize it:
 // * Add ownernames if they are left blank;
@@ -75,15 +79,12 @@ func (e *ParseError) Error() (s string) {
 }
 
 type lex struct {
-	token      string // text of the token
-	tokenUpper string // uppercase text of the token
-	length     int    // length of the token
-	err        bool   // when true, token text has lexer error
-	value      uint8  // value: zString, _BLANK, etc.
-	line       int    // line in the file
-	column     int    // column in the file
-	torc       uint16 // type or class as parsed in the lexer, we only need to look this up in the grammar
-	comment    string // any comment text seen
+	token  string // text of the token
+	err    bool   // when true, token text has lexer error
+	value  uint8  // value: zString, _BLANK, etc.
+	torc   uint16 // type or class as parsed in the lexer, we only need to look this up in the grammar
+	line   int    // line in the file
+	column int    // column in the file
 }
 
 // Token holds the token that are returned when a zone file is parsed.
@@ -103,10 +104,14 @@ type ttlState struct {
 }
 
 // NewRR reads the RR contained in the string s. Only the first RR is
-// returned. If s contains no RR, return nil with no error. The class
-// defaults to IN and TTL defaults to 3600. The full zone file syntax
-// like $TTL, $ORIGIN, etc. is supported. All fields of the returned
-// RR are set, except RR.Header().Rdlength which is set to 0.
+// returned. If s contains no records, NewRR will return nil with no
+// error.
+//
+// The class defaults to IN and TTL defaults to 3600. The full zone
+// file syntax like $TTL, $ORIGIN, etc. is supported.
+//
+// All fields of the returned RR are set, except RR.Header().Rdlength
+// which is set to 0.
 func NewRR(s string) (RR, error) {
 	if len(s) > 0 && s[len(s)-1] != '\n' { // We need a closing newline
 		return ReadRR(strings.NewReader(s+"\n"), "")
@@ -114,28 +119,32 @@ func NewRR(s string) (RR, error) {
 	return ReadRR(strings.NewReader(s), "")
 }
 
-// ReadRR reads the RR contained in q.
+// ReadRR reads the RR contained in r.
+//
+// The string file is used in error reporting and to resolve relative
+// $INCLUDE directives.
+//
 // See NewRR for more documentation.
-func ReadRR(q io.Reader, filename string) (RR, error) {
-	defttl := &ttlState{defaultTtl, false}
-	r := <-parseZoneHelper(q, ".", filename, defttl, 1)
-	if r == nil {
-		return nil, nil
-	}
-
-	if r.Error != nil {
-		return nil, r.Error
-	}
-	return r.RR, nil
+func ReadRR(r io.Reader, file string) (RR, error) {
+	zp := NewZoneParser(r, ".", file)
+	zp.SetDefaultTTL(defaultTtl)
+	zp.SetIncludeAllowed(true)
+	rr, _ := zp.Next()
+	return rr, zp.Err()
 }
 
-// ParseZone reads a RFC 1035 style zonefile from r. It returns *Tokens on the
-// returned channel, each consisting of either a parsed RR and optional comment
-// or a nil RR and an error. The string file is only used
-// in error reporting. The string origin is used as the initial origin, as
-// if the file would start with an $ORIGIN directive.
-// The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are supported.
-// The channel t is closed by ParseZone when the end of r is reached.
+// ParseZone reads a RFC 1035 style zonefile from r. It returns
+// Tokens on the returned channel, each consisting of either a
+// parsed RR and optional comment or a nil RR and an error. The
+// channel is closed by ParseZone when the end of r is reached.
+//
+// The string file is used in error reporting and to resolve relative
+// $INCLUDE directives. The string origin is used as the initial
+// origin, as if the file would start with an $ORIGIN directive.
+//
+// The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are all
+// supported. Note that $GENERATE's range support up to a maximum of
+// of 65535 steps.
 //
 // Basic usage pattern when reading from a string (z) containing the
 // zone data:
@@ -148,91 +157,251 @@ func ReadRR(q io.Reader, filename string) (RR, error) {
 //              }
 //	}
 //
-// Comments specified after an RR (and on the same line!) are returned too:
+// Comments specified after an RR (and on the same line!) are
+// returned too:
 //
 //	foo. IN A 10.0.0.1 ; this is a comment
 //
-// The text "; this is comment" is returned in Token.Comment. Comments inside the
-// RR are discarded. Comments on a line by themselves are discarded too.
+// The text "; this is comment" is returned in Token.Comment.
+// Comments inside the RR are returned concatenated along with the
+// RR. Comments on a line by themselves are discarded.
+//
+// To prevent memory leaks it is important to always fully drain the
+// returned channel. If an error occurs, it will always be the last
+// Token sent on the channel.
+//
+// Deprecated: New users should prefer the ZoneParser API.
 func ParseZone(r io.Reader, origin, file string) chan *Token {
-	return parseZoneHelper(r, origin, file, nil, 10000)
-}
-
-func parseZoneHelper(r io.Reader, origin, file string, defttl *ttlState, chansize int) chan *Token {
-	t := make(chan *Token, chansize)
-	go parseZone(r, origin, file, defttl, t, 0)
+	t := make(chan *Token, 10000)
+	go parseZone(r, origin, file, t)
 	return t
 }
 
-func parseZone(r io.Reader, origin, f string, defttl *ttlState, t chan *Token, include int) {
-	defer func() {
-		if include == 0 {
-			close(t)
-		}
-	}()
-	s, cancel := scanInit(r)
-	c := make(chan lex)
-	// Start the lexer
-	go zlexer(s, c)
-
-	defer func() {
-		cancel()
-		// zlexer can send up to three tokens, the next one and possibly 2 remainders.
-		// Do a non-blocking read.
-		_, ok := <-c
-		_, ok = <-c
-		_, ok = <-c
+func parseZone(r io.Reader, origin, file string, t chan *Token) {
+	defer close(t)
+
+	zp := NewZoneParser(r, origin, file)
+	zp.SetIncludeAllowed(true)
+
+	for rr, ok := zp.Next(); ok; rr, ok = zp.Next() {
+		t <- &Token{RR: rr, Comment: zp.Comment()}
+	}
+
+	if err := zp.Err(); err != nil {
+		pe, ok := err.(*ParseError)
 		if !ok {
-			// too bad
+			pe = &ParseError{file: file, err: err.Error()}
 		}
-	}()
-	// 6 possible beginnings of a line, _ is a space
-	// 0. zRRTYPE                              -> all omitted until the rrtype
-	// 1. zOwner _ zRrtype                     -> class/ttl omitted
-	// 2. zOwner _ zString _ zRrtype           -> class omitted
-	// 3. zOwner _ zString _ zClass  _ zRrtype -> ttl/class
-	// 4. zOwner _ zClass  _ zRrtype           -> ttl omitted
-	// 5. zOwner _ zClass  _ zString _ zRrtype -> class/ttl (reversed)
-	// After detecting these, we know the zRrtype so we can jump to functions
-	// handling the rdata for each of these types.
 
+		t <- &Token{Error: pe}
+	}
+}
+
+// ZoneParser is a parser for an RFC 1035 style zonefile.
+//
+// Each parsed RR in the zone is returned sequentially from Next. An
+// optional comment can be retrieved with Comment.
+//
+// The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are all
+// supported. Although $INCLUDE is disabled by default.
+// Note that $GENERATE's range support up to a maximum of 65535 steps.
+//
+// Basic usage pattern when reading from a string (z) containing the
+// zone data:
+//
+//	zp := NewZoneParser(strings.NewReader(z), "", "")
+//
+//	for rr, ok := zp.Next(); ok; rr, ok = zp.Next() {
+//		// Do something with rr
+//	}
+//
+//	if err := zp.Err(); err != nil {
+//		// log.Println(err)
+//	}
+//
+// Comments specified after an RR (and on the same line!) are
+// returned too:
+//
+//	foo. IN A 10.0.0.1 ; this is a comment
+//
+// The text "; this is comment" is returned from Comment. Comments inside
+// the RR are returned concatenated along with the RR. Comments on a line
+// by themselves are discarded.
+type ZoneParser struct {
+	c *zlexer
+
+	parseErr *ParseError
+
+	origin string
+	file   string
+
+	defttl *ttlState
+
+	h RR_Header
+
+	// sub is used to parse $INCLUDE files and $GENERATE directives.
+	// Next, by calling subNext, forwards the resulting RRs from this
+	// sub parser to the calling code.
+	sub    *ZoneParser
+	osFile *os.File
+
+	includeDepth uint8
+
+	includeAllowed bool
+	generateDisallowed bool
+}
+
+// NewZoneParser returns an RFC 1035 style zonefile parser that reads
+// from r.
+//
+// The string file is used in error reporting and to resolve relative
+// $INCLUDE directives. The string origin is used as the initial
+// origin, as if the file would start with an $ORIGIN directive.
+func NewZoneParser(r io.Reader, origin, file string) *ZoneParser {
+	var pe *ParseError
 	if origin != "" {
 		origin = Fqdn(origin)
 		if _, ok := IsDomainName(origin); !ok {
-			t <- &Token{Error: &ParseError{f, "bad initial origin name", lex{}}}
-			return
+			pe = &ParseError{file, "bad initial origin name", lex{}}
 		}
 	}
 
+	return &ZoneParser{
+		c: newZLexer(r),
+
+		parseErr: pe,
+
+		origin: origin,
+		file:   file,
+	}
+}
+
+// SetDefaultTTL sets the parsers default TTL to ttl.
+func (zp *ZoneParser) SetDefaultTTL(ttl uint32) {
+	zp.defttl = &ttlState{ttl, false}
+}
+
+// SetIncludeAllowed controls whether $INCLUDE directives are
+// allowed. $INCLUDE directives are not supported by default.
+//
+// The $INCLUDE directive will open and read from a user controlled
+// file on the system. Even if the file is not a valid zonefile, the
+// contents of the file may be revealed in error messages, such as:
+//
+//	/etc/passwd: dns: not a TTL: "root:x:0:0:root:/root:/bin/bash" at line: 1:31
+//	/etc/shadow: dns: not a TTL: "root:$6$<redacted>::0:99999:7:::" at line: 1:125
+func (zp *ZoneParser) SetIncludeAllowed(v bool) {
+	zp.includeAllowed = v
+}
+
+// Err returns the first non-EOF error that was encountered by the
+// ZoneParser.
+func (zp *ZoneParser) Err() error {
+	if zp.parseErr != nil {
+		return zp.parseErr
+	}
+
+	if zp.sub != nil {
+		if err := zp.sub.Err(); err != nil {
+			return err
+		}
+	}
+
+	return zp.c.Err()
+}
+
+func (zp *ZoneParser) setParseError(err string, l lex) (RR, bool) {
+	zp.parseErr = &ParseError{zp.file, err, l}
+	return nil, false
+}
+
+// Comment returns an optional text comment that occurred alongside
+// the RR.
+func (zp *ZoneParser) Comment() string {
+	if zp.parseErr != nil {
+		return ""
+	}
+
+	if zp.sub != nil {
+		return zp.sub.Comment()
+	}
+
+	return zp.c.Comment()
+}
+
+func (zp *ZoneParser) subNext() (RR, bool) {
+	if rr, ok := zp.sub.Next(); ok {
+		return rr, true
+	}
+
+	if zp.sub.osFile != nil {
+		zp.sub.osFile.Close()
+		zp.sub.osFile = nil
+	}
+
+	if zp.sub.Err() != nil {
+		// We have errors to surface.
+		return nil, false
+	}
+
+	zp.sub = nil
+	return zp.Next()
+}
+
+// Next advances the parser to the next RR in the zonefile and
+// returns the (RR, true). It will return (nil, false) when the
+// parsing stops, either by reaching the end of the input or an
+// error. After Next returns (nil, false), the Err method will return
+// any error that occurred during parsing.
+func (zp *ZoneParser) Next() (RR, bool) {
+	if zp.parseErr != nil {
+		return nil, false
+	}
+	if zp.sub != nil {
+		return zp.subNext()
+	}
+
+	// 6 possible beginnings of a line (_ is a space):
+	//
+	//   0. zRRTYPE                              -> all omitted until the rrtype
+	//   1. zOwner _ zRrtype                     -> class/ttl omitted
+	//   2. zOwner _ zString _ zRrtype           -> class omitted
+	//   3. zOwner _ zString _ zClass  _ zRrtype -> ttl/class
+	//   4. zOwner _ zClass  _ zRrtype           -> ttl omitted
+	//   5. zOwner _ zClass  _ zString _ zRrtype -> class/ttl (reversed)
+	//
+	// After detecting these, we know the zRrtype so we can jump to functions
+	// handling the rdata for each of these types.
+
 	st := zExpectOwnerDir // initial state
-	var h RR_Header
-	var prevName string
-	for l := range c {
-		// Lexer spotted an error already
-		if l.err == true {
-			t <- &Token{Error: &ParseError{f, l.token, l}}
-			return
+	h := &zp.h
 
+	for l, ok := zp.c.Next(); ok; l, ok = zp.c.Next() {
+		// zlexer spotted an error already
+		if l.err {
+			return zp.setParseError(l.token, l)
 		}
+
 		switch st {
 		case zExpectOwnerDir:
 			// We can also expect a directive, like $TTL or $ORIGIN
-			if defttl != nil {
-				h.Ttl = defttl.ttl
+			if zp.defttl != nil {
+				h.Ttl = zp.defttl.ttl
 			}
+
 			h.Class = ClassINET
+
 			switch l.value {
 			case zNewline:
 				st = zExpectOwnerDir
 			case zOwner:
-				h.Name = l.token
-				name, ok := toAbsoluteName(l.token, origin)
+				name, ok := toAbsoluteName(l.token, zp.origin)
 				if !ok {
-					t <- &Token{Error: &ParseError{f, "bad owner name", l}}
-					return
+					return zp.setParseError("bad owner name", l)
 				}
+
 				h.Name = name
-				prevName = h.Name
+
 				st = zExpectOwnerBl
 			case zDirTTL:
 				st = zExpectDirTTLBl
@@ -243,12 +412,12 @@ func parseZone(r io.Reader, origin, f string, defttl *ttlState, t chan *Token, i
 			case zDirGenerate:
 				st = zExpectDirGenerateBl
 			case zRrtpe:
-				h.Name = prevName
 				h.Rrtype = l.torc
+
 				st = zExpectRdata
 			case zClass:
-				h.Name = prevName
 				h.Class = l.torc
+
 				st = zExpectAnyNoClassBl
 			case zBlank:
 				// Discard, can happen when there is nothing on the
@@ -256,297 +425,464 @@ func parseZone(r io.Reader, origin, f string, defttl *ttlState, t chan *Token, i
 			case zString:
 				ttl, ok := stringToTTL(l.token)
 				if !ok {
-					t <- &Token{Error: &ParseError{f, "not a TTL", l}}
-					return
+					return zp.setParseError("not a TTL", l)
 				}
+
 				h.Ttl = ttl
-				if defttl == nil || !defttl.isByDirective {
-					defttl = &ttlState{ttl, false}
+
+				if zp.defttl == nil || !zp.defttl.isByDirective {
+					zp.defttl = &ttlState{ttl, false}
 				}
-				st = zExpectAnyNoTTLBl
 
+				st = zExpectAnyNoTTLBl
 			default:
-				t <- &Token{Error: &ParseError{f, "syntax error at beginning", l}}
-				return
+				return zp.setParseError("syntax error at beginning", l)
 			}
 		case zExpectDirIncludeBl:
 			if l.value != zBlank {
-				t <- &Token{Error: &ParseError{f, "no blank after $INCLUDE-directive", l}}
-				return
+				return zp.setParseError("no blank after $INCLUDE-directive", l)
 			}
+
 			st = zExpectDirInclude
 		case zExpectDirInclude:
 			if l.value != zString {
-				t <- &Token{Error: &ParseError{f, "expecting $INCLUDE value, not this...", l}}
-				return
+				return zp.setParseError("expecting $INCLUDE value, not this...", l)
 			}
-			neworigin := origin // There may be optionally a new origin set after the filename, if not use current one
-			switch l := <-c; l.value {
+
+			neworigin := zp.origin // There may be optionally a new origin set after the filename, if not use current one
+			switch l, _ := zp.c.Next(); l.value {
 			case zBlank:
-				l := <-c
+				l, _ := zp.c.Next()
 				if l.value == zString {
-					name, ok := toAbsoluteName(l.token, origin)
+					name, ok := toAbsoluteName(l.token, zp.origin)
 					if !ok {
-						t <- &Token{Error: &ParseError{f, "bad origin name", l}}
-						return
+						return zp.setParseError("bad origin name", l)
 					}
+
 					neworigin = name
 				}
 			case zNewline, zEOF:
 				// Ok
 			default:
-				t <- &Token{Error: &ParseError{f, "garbage after $INCLUDE", l}}
-				return
+				return zp.setParseError("garbage after $INCLUDE", l)
 			}
+
+			if !zp.includeAllowed {
+				return zp.setParseError("$INCLUDE directive not allowed", l)
+			}
+			if zp.includeDepth >= maxIncludeDepth {
+				return zp.setParseError("too deeply nested $INCLUDE", l)
+			}
+
 			// Start with the new file
 			includePath := l.token
 			if !filepath.IsAbs(includePath) {
-				includePath = filepath.Join(filepath.Dir(f), includePath)
+				includePath = filepath.Join(filepath.Dir(zp.file), includePath)
 			}
+
 			r1, e1 := os.Open(includePath)
 			if e1 != nil {
-				msg := fmt.Sprintf("failed to open `%s'", l.token)
+				var as string
 				if !filepath.IsAbs(l.token) {
-					msg += fmt.Sprintf(" as `%s'", includePath)
+					as = fmt.Sprintf(" as `%s'", includePath)
 				}
-				t <- &Token{Error: &ParseError{f, msg, l}}
-				return
-			}
-			if include+1 > 7 {
-				t <- &Token{Error: &ParseError{f, "too deeply nested $INCLUDE", l}}
-				return
+
+				msg := fmt.Sprintf("failed to open `%s'%s: %v", l.token, as, e1)
+				return zp.setParseError(msg, l)
 			}
-			parseZone(r1, neworigin, includePath, defttl, t, include+1)
-			st = zExpectOwnerDir
+
+			zp.sub = NewZoneParser(r1, neworigin, includePath)
+			zp.sub.defttl, zp.sub.includeDepth, zp.sub.osFile = zp.defttl, zp.includeDepth+1, r1
+			zp.sub.SetIncludeAllowed(true)
+			return zp.subNext()
 		case zExpectDirTTLBl:
 			if l.value != zBlank {
-				t <- &Token{Error: &ParseError{f, "no blank after $TTL-directive", l}}
-				return
+				return zp.setParseError("no blank after $TTL-directive", l)
 			}
+
 			st = zExpectDirTTL
 		case zExpectDirTTL:
 			if l.value != zString {
-				t <- &Token{Error: &ParseError{f, "expecting $TTL value, not this...", l}}
-				return
+				return zp.setParseError("expecting $TTL value, not this...", l)
 			}
-			if e, _ := slurpRemainder(c, f); e != nil {
-				t <- &Token{Error: e}
-				return
+
+			if err := slurpRemainder(zp.c); err != nil {
+				return zp.setParseError(err.err, err.lex)
 			}
+
 			ttl, ok := stringToTTL(l.token)
 			if !ok {
-				t <- &Token{Error: &ParseError{f, "expecting $TTL value, not this...", l}}
-				return
+				return zp.setParseError("expecting $TTL value, not this...", l)
 			}
-			defttl = &ttlState{ttl, true}
+
+			zp.defttl = &ttlState{ttl, true}
+
 			st = zExpectOwnerDir
 		case zExpectDirOriginBl:
 			if l.value != zBlank {
-				t <- &Token{Error: &ParseError{f, "no blank after $ORIGIN-directive", l}}
-				return
+				return zp.setParseError("no blank after $ORIGIN-directive", l)
 			}
+
 			st = zExpectDirOrigin
 		case zExpectDirOrigin:
 			if l.value != zString {
-				t <- &Token{Error: &ParseError{f, "expecting $ORIGIN value, not this...", l}}
-				return
+				return zp.setParseError("expecting $ORIGIN value, not this...", l)
 			}
-			if e, _ := slurpRemainder(c, f); e != nil {
-				t <- &Token{Error: e}
+
+			if err := slurpRemainder(zp.c); err != nil {
+				return zp.setParseError(err.err, err.lex)
 			}
-			name, ok := toAbsoluteName(l.token, origin)
+
+			name, ok := toAbsoluteName(l.token, zp.origin)
 			if !ok {
-				t <- &Token{Error: &ParseError{f, "bad origin name", l}}
-				return
+				return zp.setParseError("bad origin name", l)
 			}
-			origin = name
+
+			zp.origin = name
+
 			st = zExpectOwnerDir
 		case zExpectDirGenerateBl:
 			if l.value != zBlank {
-				t <- &Token{Error: &ParseError{f, "no blank after $GENERATE-directive", l}}
-				return
+				return zp.setParseError("no blank after $GENERATE-directive", l)
 			}
+
 			st = zExpectDirGenerate
 		case zExpectDirGenerate:
-			if l.value != zString {
-				t <- &Token{Error: &ParseError{f, "expecting $GENERATE value, not this...", l}}
-				return
+			if zp.generateDisallowed {
+				return zp.setParseError("nested $GENERATE directive not allowed", l)
 			}
-			if errMsg := generate(l, c, t, origin); errMsg != "" {
-				t <- &Token{Error: &ParseError{f, errMsg, l}}
-				return
+			if l.value != zString {
+				return zp.setParseError("expecting $GENERATE value, not this...", l)
 			}
-			st = zExpectOwnerDir
+
+			return zp.generate(l)
 		case zExpectOwnerBl:
 			if l.value != zBlank {
-				t <- &Token{Error: &ParseError{f, "no blank after owner", l}}
-				return
+				return zp.setParseError("no blank after owner", l)
 			}
+
 			st = zExpectAny
 		case zExpectAny:
 			switch l.value {
 			case zRrtpe:
-				if defttl == nil {
-					t <- &Token{Error: &ParseError{f, "missing TTL with no previous value", l}}
-					return
+				if zp.defttl == nil {
+					return zp.setParseError("missing TTL with no previous value", l)
 				}
+
 				h.Rrtype = l.torc
+
 				st = zExpectRdata
 			case zClass:
 				h.Class = l.torc
+
 				st = zExpectAnyNoClassBl
 			case zString:
 				ttl, ok := stringToTTL(l.token)
 				if !ok {
-					t <- &Token{Error: &ParseError{f, "not a TTL", l}}
-					return
+					return zp.setParseError("not a TTL", l)
 				}
+
 				h.Ttl = ttl
-				if defttl == nil || !defttl.isByDirective {
-					defttl = &ttlState{ttl, false}
+
+				if zp.defttl == nil || !zp.defttl.isByDirective {
+					zp.defttl = &ttlState{ttl, false}
 				}
+
 				st = zExpectAnyNoTTLBl
 			default:
-				t <- &Token{Error: &ParseError{f, "expecting RR type, TTL or class, not this...", l}}
-				return
+				return zp.setParseError("expecting RR type, TTL or class, not this...", l)
 			}
 		case zExpectAnyNoClassBl:
 			if l.value != zBlank {
-				t <- &Token{Error: &ParseError{f, "no blank before class", l}}
-				return
+				return zp.setParseError("no blank before class", l)
 			}
+
 			st = zExpectAnyNoClass
 		case zExpectAnyNoTTLBl:
 			if l.value != zBlank {
-				t <- &Token{Error: &ParseError{f, "no blank before TTL", l}}
-				return
+				return zp.setParseError("no blank before TTL", l)
 			}
+
 			st = zExpectAnyNoTTL
 		case zExpectAnyNoTTL:
 			switch l.value {
 			case zClass:
 				h.Class = l.torc
+
 				st = zExpectRrtypeBl
 			case zRrtpe:
 				h.Rrtype = l.torc
+
 				st = zExpectRdata
 			default:
-				t <- &Token{Error: &ParseError{f, "expecting RR type or class, not this...", l}}
-				return
+				return zp.setParseError("expecting RR type or class, not this...", l)
 			}
 		case zExpectAnyNoClass:
 			switch l.value {
 			case zString:
 				ttl, ok := stringToTTL(l.token)
 				if !ok {
-					t <- &Token{Error: &ParseError{f, "not a TTL", l}}
-					return
+					return zp.setParseError("not a TTL", l)
 				}
+
 				h.Ttl = ttl
-				if defttl == nil || !defttl.isByDirective {
-					defttl = &ttlState{ttl, false}
+
+				if zp.defttl == nil || !zp.defttl.isByDirective {
+					zp.defttl = &ttlState{ttl, false}
 				}
+
 				st = zExpectRrtypeBl
 			case zRrtpe:
 				h.Rrtype = l.torc
+
 				st = zExpectRdata
 			default:
-				t <- &Token{Error: &ParseError{f, "expecting RR type or TTL, not this...", l}}
-				return
+				return zp.setParseError("expecting RR type or TTL, not this...", l)
 			}
 		case zExpectRrtypeBl:
 			if l.value != zBlank {
-				t <- &Token{Error: &ParseError{f, "no blank before RR type", l}}
-				return
+				return zp.setParseError("no blank before RR type", l)
 			}
+
 			st = zExpectRrtype
 		case zExpectRrtype:
 			if l.value != zRrtpe {
-				t <- &Token{Error: &ParseError{f, "unknown RR type", l}}
-				return
+				return zp.setParseError("unknown RR type", l)
 			}
+
 			h.Rrtype = l.torc
+
 			st = zExpectRdata
 		case zExpectRdata:
-			r, e, c1 := setRR(h, c, origin, f)
-			if e != nil {
-				// If e.lex is nil than we have encounter a unknown RR type
-				// in that case we substitute our current lex token
-				if e.lex.token == "" && e.lex.value == 0 {
-					e.lex = l // Uh, dirty
+			var rr RR
+			if newFn, ok := TypeToRR[h.Rrtype]; ok && canParseAsRR(h.Rrtype) {
+				rr = newFn()
+				*rr.Header() = *h
+			} else {
+				rr = &RFC3597{Hdr: *h}
+			}
+
+			_, isPrivate := rr.(*PrivateRR)
+			if !isPrivate && zp.c.Peek().token == "" {
+				// This is a dynamic update rr.
+
+				// TODO(tmthrgd): Previously slurpRemainder was only called
+				// for certain RR types, which may have been important.
+				if err := slurpRemainder(zp.c); err != nil {
+					return zp.setParseError(err.err, err.lex)
 				}
-				t <- &Token{Error: e}
-				return
+
+				return rr, true
+			} else if l.value == zNewline {
+				return zp.setParseError("unexpected newline", l)
 			}
-			t <- &Token{RR: r, Comment: c1}
-			st = zExpectOwnerDir
+
+			if err := rr.parse(zp.c, zp.origin); err != nil {
+				// err is a concrete *ParseError without the file field set.
+				// The setParseError call below will construct a new
+				// *ParseError with file set to zp.file.
+
+				// If err.lex is nil than we have encounter an unknown RR type
+				// in that case we substitute our current lex token.
+				if err.lex == (lex{}) {
+					return zp.setParseError(err.err, l)
+				}
+
+				return zp.setParseError(err.err, err.lex)
+			}
+
+			return rr, true
 		}
 	}
+
 	// If we get here, we and the h.Rrtype is still zero, we haven't parsed anything, this
 	// is not an error, because an empty zone file is still a zone file.
+	return nil, false
+}
+
+// canParseAsRR returns true if the record type can be parsed as a
+// concrete RR. It blacklists certain record types that must be parsed
+// according to RFC 3597 because they lack a presentation format.
+func canParseAsRR(rrtype uint16) bool {
+	switch rrtype {
+	case TypeANY, TypeNULL, TypeOPT, TypeTSIG:
+		return false
+	default:
+		return true
+	}
 }
 
-// zlexer scans the sourcefile and returns tokens on the channel c.
-func zlexer(s *scan, c chan lex) {
-	var l lex
-	str := make([]byte, maxTok) // Should be enough for any token
-	stri := 0                   // Offset in str (0 means empty)
-	com := make([]byte, maxTok) // Hold comment text
-	comi := 0
-	quote := false
-	escape := false
-	space := false
-	commt := false
-	rrtype := false
-	owner := true
-	brace := 0
-	x, err := s.tokenText()
-	defer close(c)
-	for err == nil {
-		l.column = s.position.Column
-		l.line = s.position.Line
-		if stri >= maxTok {
+type zlexer struct {
+	br io.ByteReader
+
+	readErr error
+
+	line   int
+	column int
+
+	comBuf  string
+	comment string
+
+	l       lex
+	cachedL *lex
+
+	brace  int
+	quote  bool
+	space  bool
+	commt  bool
+	rrtype bool
+	owner  bool
+
+	nextL bool
+
+	eol bool // end-of-line
+}
+
+func newZLexer(r io.Reader) *zlexer {
+	br, ok := r.(io.ByteReader)
+	if !ok {
+		br = bufio.NewReaderSize(r, 1024)
+	}
+
+	return &zlexer{
+		br: br,
+
+		line: 1,
+
+		owner: true,
+	}
+}
+
+func (zl *zlexer) Err() error {
+	if zl.readErr == io.EOF {
+		return nil
+	}
+
+	return zl.readErr
+}
+
+// readByte returns the next byte from the input
+func (zl *zlexer) readByte() (byte, bool) {
+	if zl.readErr != nil {
+		return 0, false
+	}
+
+	c, err := zl.br.ReadByte()
+	if err != nil {
+		zl.readErr = err
+		return 0, false
+	}
+
+	// delay the newline handling until the next token is delivered,
+	// fixes off-by-one errors when reporting a parse error.
+	if zl.eol {
+		zl.line++
+		zl.column = 0
+		zl.eol = false
+	}
+
+	if c == '\n' {
+		zl.eol = true
+	} else {
+		zl.column++
+	}
+
+	return c, true
+}
+
+func (zl *zlexer) Peek() lex {
+	if zl.nextL {
+		return zl.l
+	}
+
+	l, ok := zl.Next()
+	if !ok {
+		return l
+	}
+
+	if zl.nextL {
+		// Cache l. Next returns zl.cachedL then zl.l.
+		zl.cachedL = &l
+	} else {
+		// In this case l == zl.l, so we just tell Next to return zl.l.
+		zl.nextL = true
+	}
+
+	return l
+}
+
+func (zl *zlexer) Next() (lex, bool) {
+	l := &zl.l
+	switch {
+	case zl.cachedL != nil:
+		l, zl.cachedL = zl.cachedL, nil
+		return *l, true
+	case zl.nextL:
+		zl.nextL = false
+		return *l, true
+	case l.err:
+		// Parsing errors should be sticky.
+		return lex{value: zEOF}, false
+	}
+
+	var (
+		str [maxTok]byte // Hold string text
+		com [maxTok]byte // Hold comment text
+
+		stri int // Offset in str (0 means empty)
+		comi int // Offset in com (0 means empty)
+
+		escape bool
+	)
+
+	if zl.comBuf != "" {
+		comi = copy(com[:], zl.comBuf)
+		zl.comBuf = ""
+	}
+
+	zl.comment = ""
+
+	for x, ok := zl.readByte(); ok; x, ok = zl.readByte() {
+		l.line, l.column = zl.line, zl.column
+
+		if stri >= len(str) {
 			l.token = "token length insufficient for parsing"
 			l.err = true
-			c <- l
-			return
+			return *l, true
 		}
-		if comi >= maxTok {
+		if comi >= len(com) {
 			l.token = "comment length insufficient for parsing"
 			l.err = true
-			c <- l
-			return
+			return *l, true
 		}
 
 		switch x {
 		case ' ', '\t':
-			if escape {
-				escape = false
-				str[stri] = x
-				stri++
-				break
-			}
-			if quote {
-				// Inside quotes this is legal
+			if escape || zl.quote {
+				// Inside quotes or escaped this is legal.
 				str[stri] = x
 				stri++
+
+				escape = false
 				break
 			}
-			if commt {
+
+			if zl.commt {
 				com[comi] = x
 				comi++
 				break
 			}
+
+			var retL lex
 			if stri == 0 {
 				// Space directly in the beginning, handled in the grammar
-			} else if owner {
+			} else if zl.owner {
 				// If we have a string and its the first, make it an owner
 				l.value = zOwner
 				l.token = string(str[:stri])
-				l.tokenUpper = strings.ToUpper(l.token)
-				l.length = stri
+
 				// escape $... start with a \ not a $, so this will work
-				switch l.tokenUpper {
+				switch strings.ToUpper(l.token) {
 				case "$TTL":
 					l.value = zDirTTL
 				case "$ORIGIN":
@@ -556,259 +892,328 @@ func zlexer(s *scan, c chan lex) {
 				case "$GENERATE":
 					l.value = zDirGenerate
 				}
-				c <- l
+
+				retL = *l
 			} else {
 				l.value = zString
 				l.token = string(str[:stri])
-				l.tokenUpper = strings.ToUpper(l.token)
-				l.length = stri
-				if !rrtype {
-					if t, ok := StringToType[l.tokenUpper]; ok {
+
+				if !zl.rrtype {
+					tokenUpper := strings.ToUpper(l.token)
+					if t, ok := StringToType[tokenUpper]; ok {
 						l.value = zRrtpe
 						l.torc = t
-						rrtype = true
-					} else {
-						if strings.HasPrefix(l.tokenUpper, "TYPE") {
-							t, ok := typeToInt(l.token)
-							if !ok {
-								l.token = "unknown RR type"
-								l.err = true
-								c <- l
-								return
-							}
-							l.value = zRrtpe
-							rrtype = true
-							l.torc = t
+
+						zl.rrtype = true
+					} else if strings.HasPrefix(tokenUpper, "TYPE") {
+						t, ok := typeToInt(l.token)
+						if !ok {
+							l.token = "unknown RR type"
+							l.err = true
+							return *l, true
 						}
+
+						l.value = zRrtpe
+						l.torc = t
+
+						zl.rrtype = true
 					}
-					if t, ok := StringToClass[l.tokenUpper]; ok {
+
+					if t, ok := StringToClass[tokenUpper]; ok {
 						l.value = zClass
 						l.torc = t
-					} else {
-						if strings.HasPrefix(l.tokenUpper, "CLASS") {
-							t, ok := classToInt(l.token)
-							if !ok {
-								l.token = "unknown class"
-								l.err = true
-								c <- l
-								return
-							}
-							l.value = zClass
-							l.torc = t
+					} else if strings.HasPrefix(tokenUpper, "CLASS") {
+						t, ok := classToInt(l.token)
+						if !ok {
+							l.token = "unknown class"
+							l.err = true
+							return *l, true
 						}
+
+						l.value = zClass
+						l.torc = t
 					}
 				}
-				c <- l
+
+				retL = *l
 			}
-			stri = 0
 
-			if !space && !commt {
+			zl.owner = false
+
+			if !zl.space {
+				zl.space = true
+
 				l.value = zBlank
 				l.token = " "
-				l.length = 1
-				c <- l
+
+				if retL == (lex{}) {
+					return *l, true
+				}
+
+				zl.nextL = true
+			}
+
+			if retL != (lex{}) {
+				return retL, true
 			}
-			owner = false
-			space = true
 		case ';':
-			if escape {
-				escape = false
+			if escape || zl.quote {
+				// Inside quotes or escaped this is legal.
 				str[stri] = x
 				stri++
+
+				escape = false
 				break
 			}
-			if quote {
-				// Inside quotes this is legal
-				str[stri] = x
-				stri++
-				break
+
+			zl.commt = true
+			zl.comBuf = ""
+
+			if comi > 1 {
+				// A newline was previously seen inside a comment that
+				// was inside braces and we delayed adding it until now.
+				com[comi] = ' ' // convert newline to space
+				comi++
+				if comi >= len(com) {
+					l.token = "comment length insufficient for parsing"
+					l.err = true
+					return *l, true
+				}
 			}
+
+			com[comi] = ';'
+			comi++
+
 			if stri > 0 {
+				zl.comBuf = string(com[:comi])
+
 				l.value = zString
 				l.token = string(str[:stri])
-				l.tokenUpper = strings.ToUpper(l.token)
-				l.length = stri
-				c <- l
-				stri = 0
+				return *l, true
 			}
-			commt = true
-			com[comi] = ';'
-			comi++
 		case '\r':
 			escape = false
-			if quote {
+
+			if zl.quote {
 				str[stri] = x
 				stri++
-				break
 			}
+
 			// discard if outside of quotes
 		case '\n':
 			escape = false
+
 			// Escaped newline
-			if quote {
+			if zl.quote {
 				str[stri] = x
 				stri++
 				break
 			}
-			// inside quotes this is legal
-			if commt {
+
+			if zl.commt {
 				// Reset a comment
-				commt = false
-				rrtype = false
-				stri = 0
+				zl.commt = false
+				zl.rrtype = false
+
 				// If not in a brace this ends the comment AND the RR
-				if brace == 0 {
-					owner = true
-					owner = true
+				if zl.brace == 0 {
+					zl.owner = true
+
 					l.value = zNewline
 					l.token = "\n"
-					l.tokenUpper = l.token
-					l.length = 1
-					l.comment = string(com[:comi])
-					c <- l
-					l.comment = ""
-					comi = 0
-					break
+					zl.comment = string(com[:comi])
+					return *l, true
 				}
-				com[comi] = ' ' // convert newline to space
-				comi++
+
+				zl.comBuf = string(com[:comi])
 				break
 			}
 
-			if brace == 0 {
+			if zl.brace == 0 {
 				// If there is previous text, we should output it here
+				var retL lex
 				if stri != 0 {
 					l.value = zString
 					l.token = string(str[:stri])
-					l.tokenUpper = strings.ToUpper(l.token)
 
-					l.length = stri
-					if !rrtype {
-						if t, ok := StringToType[l.tokenUpper]; ok {
+					if !zl.rrtype {
+						tokenUpper := strings.ToUpper(l.token)
+						if t, ok := StringToType[tokenUpper]; ok {
+							zl.rrtype = true
+
 							l.value = zRrtpe
 							l.torc = t
-							rrtype = true
 						}
 					}
-					c <- l
+
+					retL = *l
 				}
+
 				l.value = zNewline
 				l.token = "\n"
-				l.tokenUpper = l.token
-				l.length = 1
-				c <- l
-				stri = 0
-				commt = false
-				rrtype = false
-				owner = true
-				comi = 0
+
+				zl.comment = zl.comBuf
+				zl.comBuf = ""
+				zl.rrtype = false
+				zl.owner = true
+
+				if retL != (lex{}) {
+					zl.nextL = true
+					return retL, true
+				}
+
+				return *l, true
 			}
 		case '\\':
 			// comments do not get escaped chars, everything is copied
-			if commt {
+			if zl.commt {
 				com[comi] = x
 				comi++
 				break
 			}
+
 			// something already escaped must be in string
 			if escape {
 				str[stri] = x
 				stri++
+
 				escape = false
 				break
 			}
+
 			// something escaped outside of string gets added to string
 			str[stri] = x
 			stri++
+
 			escape = true
 		case '"':
-			if commt {
+			if zl.commt {
 				com[comi] = x
 				comi++
 				break
 			}
+
 			if escape {
 				str[stri] = x
 				stri++
+
 				escape = false
 				break
 			}
-			space = false
+
+			zl.space = false
+
 			// send previous gathered text and the quote
+			var retL lex
 			if stri != 0 {
 				l.value = zString
 				l.token = string(str[:stri])
-				l.tokenUpper = strings.ToUpper(l.token)
-				l.length = stri
 
-				c <- l
-				stri = 0
+				retL = *l
 			}
 
 			// send quote itself as separate token
 			l.value = zQuote
 			l.token = "\""
-			l.tokenUpper = l.token
-			l.length = 1
-			c <- l
-			quote = !quote
+
+			zl.quote = !zl.quote
+
+			if retL != (lex{}) {
+				zl.nextL = true
+				return retL, true
+			}
+
+			return *l, true
 		case '(', ')':
-			if commt {
+			if zl.commt {
 				com[comi] = x
 				comi++
 				break
 			}
-			if escape {
+
+			if escape || zl.quote {
+				// Inside quotes or escaped this is legal.
 				str[stri] = x
 				stri++
+
 				escape = false
 				break
 			}
-			if quote {
-				str[stri] = x
-				stri++
-				break
-			}
+
 			switch x {
 			case ')':
-				brace--
-				if brace < 0 {
+				zl.brace--
+
+				if zl.brace < 0 {
 					l.token = "extra closing brace"
-					l.tokenUpper = l.token
 					l.err = true
-					c <- l
-					return
+					return *l, true
 				}
 			case '(':
-				brace++
+				zl.brace++
 			}
 		default:
 			escape = false
-			if commt {
+
+			if zl.commt {
 				com[comi] = x
 				comi++
 				break
 			}
+
 			str[stri] = x
 			stri++
-			space = false
+
+			zl.space = false
 		}
-		x, err = s.tokenText()
 	}
+
+	if zl.readErr != nil && zl.readErr != io.EOF {
+		// Don't return any tokens after a read error occurs.
+		return lex{value: zEOF}, false
+	}
+
+	var retL lex
 	if stri > 0 {
-		// Send remainder
-		l.token = string(str[:stri])
-		l.tokenUpper = strings.ToUpper(l.token)
-		l.length = stri
+		// Send remainder of str
 		l.value = zString
-		c <- l
+		l.token = string(str[:stri])
+		retL = *l
+
+		if comi <= 0 {
+			return retL, true
+		}
+	}
+
+	if comi > 0 {
+		// Send remainder of com
+		l.value = zNewline
+		l.token = "\n"
+		zl.comment = string(com[:comi])
+
+		if retL != (lex{}) {
+			zl.nextL = true
+			return retL, true
+		}
+
+		return *l, true
 	}
-	if brace != 0 {
+
+	if zl.brace != 0 {
 		l.token = "unbalanced brace"
-		l.tokenUpper = l.token
 		l.err = true
-		c <- l
+		return *l, true
 	}
+
+	return lex{value: zEOF}, false
+}
+
+func (zl *zlexer) Comment() string {
+	if zl.l.err {
+		return ""
+	}
+
+	return zl.comment
 }
 
 // Extract the class number from CLASSxx
@@ -839,8 +1244,7 @@ func typeToInt(token string) (uint16, bool) {
 
 // stringToTTL parses things like 2w, 2m, etc, and returns the time in seconds.
 func stringToTTL(token string) (uint32, bool) {
-	s := uint32(0)
-	i := uint32(0)
+	var s, i uint32
 	for _, c := range token {
 		switch c {
 		case 's', 'S':
@@ -928,7 +1332,7 @@ func toAbsoluteName(name, origin string) (absolute string, ok bool) {
 	}
 
 	// check if name is already absolute
-	if name[len(name)-1] == '.' {
+	if IsFqdn(name) {
 		return name, true
 	}
 
@@ -968,24 +1372,21 @@ func locCheckEast(token string, longitude uint32) (uint32, bool) {
 	return longitude, false
 }
 
-// "Eat" the rest of the "line". Return potential comments
-func slurpRemainder(c chan lex, f string) (*ParseError, string) {
-	l := <-c
-	com := ""
+// "Eat" the rest of the "line"
+func slurpRemainder(c *zlexer) *ParseError {
+	l, _ := c.Next()
 	switch l.value {
 	case zBlank:
-		l = <-c
-		com = l.comment
+		l, _ = c.Next()
 		if l.value != zNewline && l.value != zEOF {
-			return &ParseError{f, "garbage after rdata", l}, ""
+			return &ParseError{"", "garbage after rdata", l}
 		}
 	case zNewline:
-		com = l.comment
 	case zEOF:
 	default:
-		return &ParseError{f, "garbage after rdata", l}, ""
+		return &ParseError{"", "garbage after rdata", l}
 	}
-	return nil, com
+	return nil
 }
 
 // Parse a 64 bit-like ipv6 address: "0014:4fff:ff20:ee64"
diff --git a/vendor/github.com/miekg/dns/scan_rr.go b/vendor/github.com/miekg/dns/scan_rr.go
index fb6f95d1da99f..6c37b2e2b4beb 100644
--- a/vendor/github.com/miekg/dns/scan_rr.go
+++ b/vendor/github.com/miekg/dns/scan_rr.go
@@ -7,70 +7,35 @@ import (
 	"strings"
 )
 
-type parserFunc struct {
-	// Func defines the function that parses the tokens and returns the RR
-	// or an error. The last string contains any comments in the line as
-	// they returned by the lexer as well.
-	Func func(h RR_Header, c chan lex, origin string, file string) (RR, *ParseError, string)
-	// Signals if the RR ending is of variable length, like TXT or records
-	// that have Hexadecimal or Base64 as their last element in the Rdata. Records
-	// that have a fixed ending or for instance A, AAAA, SOA and etc.
-	Variable bool
-}
-
-// Parse the rdata of each rrtype.
-// All data from the channel c is either zString or zBlank.
-// After the rdata there may come a zBlank and then a zNewline
-// or immediately a zNewline. If this is not the case we flag
-// an *ParseError: garbage after rdata.
-func setRR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	parserfunc, ok := typeToparserFunc[h.Rrtype]
-	if ok {
-		r, e, cm := parserfunc.Func(h, c, o, f)
-		if parserfunc.Variable {
-			return r, e, cm
-		}
-		if e != nil {
-			return nil, e, ""
-		}
-		e, cm = slurpRemainder(c, f)
-		if e != nil {
-			return nil, e, ""
-		}
-		return r, nil, cm
-	}
-	// RFC3957 RR (Unknown RR handling)
-	return setRFC3597(h, c, o, f)
-}
-
 // A remainder of the rdata with embedded spaces, return the parsed string (sans the spaces)
 // or an error
-func endingToString(c chan lex, errstr, f string) (string, *ParseError, string) {
-	s := ""
-	l := <-c // zString
+func endingToString(c *zlexer, errstr string) (string, *ParseError) {
+	var s string
+	l, _ := c.Next() // zString
 	for l.value != zNewline && l.value != zEOF {
 		if l.err {
-			return s, &ParseError{f, errstr, l}, ""
+			return s, &ParseError{"", errstr, l}
 		}
 		switch l.value {
 		case zString:
 			s += l.token
 		case zBlank: // Ok
 		default:
-			return "", &ParseError{f, errstr, l}, ""
+			return "", &ParseError{"", errstr, l}
 		}
-		l = <-c
+		l, _ = c.Next()
 	}
-	return s, nil, l.comment
+
+	return s, nil
 }
 
 // A remainder of the rdata with embedded spaces, split on unquoted whitespace
 // and return the parsed string slice or an error
-func endingToTxtSlice(c chan lex, errstr, f string) ([]string, *ParseError, string) {
+func endingToTxtSlice(c *zlexer, errstr string) ([]string, *ParseError) {
 	// Get the remaining data until we see a zNewline
-	l := <-c
+	l, _ := c.Next()
 	if l.err {
-		return nil, &ParseError{f, errstr, l}, ""
+		return nil, &ParseError{"", errstr, l}
 	}
 
 	// Build the slice
@@ -79,7 +44,7 @@ func endingToTxtSlice(c chan lex, errstr, f string) ([]string, *ParseError, stri
 	empty := false
 	for l.value != zNewline && l.value != zEOF {
 		if l.err {
-			return nil, &ParseError{f, errstr, l}, ""
+			return nil, &ParseError{"", errstr, l}
 		}
 		switch l.value {
 		case zString:
@@ -106,7 +71,7 @@ func endingToTxtSlice(c chan lex, errstr, f string) ([]string, *ParseError, stri
 		case zBlank:
 			if quote {
 				// zBlank can only be seen in between txt parts.
-				return nil, &ParseError{f, errstr, l}, ""
+				return nil, &ParseError{"", errstr, l}
 			}
 		case zQuote:
 			if empty && quote {
@@ -115,196 +80,133 @@ func endingToTxtSlice(c chan lex, errstr, f string) ([]string, *ParseError, stri
 			quote = !quote
 			empty = true
 		default:
-			return nil, &ParseError{f, errstr, l}, ""
+			return nil, &ParseError{"", errstr, l}
 		}
-		l = <-c
+		l, _ = c.Next()
 	}
+
 	if quote {
-		return nil, &ParseError{f, errstr, l}, ""
+		return nil, &ParseError{"", errstr, l}
 	}
-	return s, nil, l.comment
-}
-
-func setA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(A)
-	rr.Hdr = h
 
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
+	return s, nil
+}
 
+func (rr *A) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	rr.A = net.ParseIP(l.token)
-	if rr.A == nil || l.err {
-		return nil, &ParseError{f, "bad A A", l}, ""
+	// IPv4 addresses cannot include ":".
+	// We do this rather than use net.IP's To4() because
+	// To4() treats IPv4-mapped IPv6 addresses as being
+	// IPv4.
+	isIPv4 := !strings.Contains(l.token, ":")
+	if rr.A == nil || !isIPv4 || l.err {
+		return &ParseError{"", "bad A A", l}
 	}
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setAAAA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(AAAA)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *AAAA) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	rr.AAAA = net.ParseIP(l.token)
-	if rr.AAAA == nil || l.err {
-		return nil, &ParseError{f, "bad AAAA AAAA", l}, ""
+	// IPv6 addresses must include ":", and IPv4
+	// addresses cannot include ":".
+	isIPv6 := strings.Contains(l.token, ":")
+	if rr.AAAA == nil || !isIPv6 || l.err {
+		return &ParseError{"", "bad AAAA AAAA", l}
 	}
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setNS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NS)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Ns = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *NS) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad NS Ns", l}, ""
+		return &ParseError{"", "bad NS Ns", l}
 	}
 	rr.Ns = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setPTR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(PTR)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Ptr = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *PTR) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad PTR Ptr", l}, ""
+		return &ParseError{"", "bad PTR Ptr", l}
 	}
 	rr.Ptr = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setNSAPPTR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NSAPPTR)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Ptr = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *NSAPPTR) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad NSAP-PTR Ptr", l}, ""
+		return &ParseError{"", "bad NSAP-PTR Ptr", l}
 	}
 	rr.Ptr = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setRP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(RP)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Mbox = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *RP) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	mbox, mboxOk := toAbsoluteName(l.token, o)
 	if l.err || !mboxOk {
-		return nil, &ParseError{f, "bad RP Mbox", l}, ""
+		return &ParseError{"", "bad RP Mbox", l}
 	}
 	rr.Mbox = mbox
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	rr.Txt = l.token
 
 	txt, txtOk := toAbsoluteName(l.token, o)
 	if l.err || !txtOk {
-		return nil, &ParseError{f, "bad RP Txt", l}, ""
+		return &ParseError{"", "bad RP Txt", l}
 	}
 	rr.Txt = txt
 
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setMR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(MR)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Mr = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *MR) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad MR Mr", l}, ""
+		return &ParseError{"", "bad MR Mr", l}
 	}
 	rr.Mr = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setMB(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(MB)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Mb = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *MB) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad MB Mb", l}, ""
+		return &ParseError{"", "bad MB Mb", l}
 	}
 	rr.Mb = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setMG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(MG)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Mg = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *MG) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad MG Mg", l}, ""
+		return &ParseError{"", "bad MG Mg", l}
 	}
 	rr.Mg = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setHINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(HINFO)
-	rr.Hdr = h
-
-	chunks, e, c1 := endingToTxtSlice(c, "bad HINFO Fields", f)
+func (rr *HINFO) parse(c *zlexer, o string) *ParseError {
+	chunks, e := endingToTxtSlice(c, "bad HINFO Fields")
 	if e != nil {
-		return nil, e, c1
+		return e
 	}
 
 	if ln := len(chunks); ln == 0 {
-		return rr, nil, ""
+		return nil
 	} else if ln == 1 {
 		// Can we split it?
 		if out := strings.Fields(chunks[0]); len(out) > 1 {
@@ -317,281 +219,198 @@ func setHINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 	rr.Cpu = chunks[0]
 	rr.Os = strings.Join(chunks[1:], " ")
 
-	return rr, nil, ""
+	return nil
 }
 
-func setMINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(MINFO)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Rmail = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *MINFO) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	rmail, rmailOk := toAbsoluteName(l.token, o)
 	if l.err || !rmailOk {
-		return nil, &ParseError{f, "bad MINFO Rmail", l}, ""
+		return &ParseError{"", "bad MINFO Rmail", l}
 	}
 	rr.Rmail = rmail
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	rr.Email = l.token
 
 	email, emailOk := toAbsoluteName(l.token, o)
 	if l.err || !emailOk {
-		return nil, &ParseError{f, "bad MINFO Email", l}, ""
+		return &ParseError{"", "bad MINFO Email", l}
 	}
 	rr.Email = email
 
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setMF(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(MF)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Mf = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *MF) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad MF Mf", l}, ""
+		return &ParseError{"", "bad MF Mf", l}
 	}
 	rr.Mf = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setMD(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(MD)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Md = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *MD) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad MD Md", l}, ""
+		return &ParseError{"", "bad MD Md", l}
 	}
 	rr.Md = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setMX(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(MX)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *MX) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad MX Pref", l}, ""
+		return &ParseError{"", "bad MX Pref", l}
 	}
 	rr.Preference = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Mx = l.token
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad MX Mx", l}, ""
+		return &ParseError{"", "bad MX Mx", l}
 	}
 	rr.Mx = name
 
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setRT(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(RT)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *RT) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil {
-		return nil, &ParseError{f, "bad RT Preference", l}, ""
+		return &ParseError{"", "bad RT Preference", l}
 	}
 	rr.Preference = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Host = l.token
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad RT Host", l}, ""
+		return &ParseError{"", "bad RT Host", l}
 	}
 	rr.Host = name
 
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setAFSDB(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(AFSDB)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *AFSDB) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad AFSDB Subtype", l}, ""
+		return &ParseError{"", "bad AFSDB Subtype", l}
 	}
 	rr.Subtype = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Hostname = l.token
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad AFSDB Hostname", l}, ""
+		return &ParseError{"", "bad AFSDB Hostname", l}
 	}
 	rr.Hostname = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setX25(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(X25)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *X25) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	if l.err {
-		return nil, &ParseError{f, "bad X25 PSDNAddress", l}, ""
+		return &ParseError{"", "bad X25 PSDNAddress", l}
 	}
 	rr.PSDNAddress = l.token
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setKX(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(KX)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *KX) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad KX Pref", l}, ""
+		return &ParseError{"", "bad KX Pref", l}
 	}
 	rr.Preference = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Exchanger = l.token
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad KX Exchanger", l}, ""
+		return &ParseError{"", "bad KX Exchanger", l}
 	}
 	rr.Exchanger = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setCNAME(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(CNAME)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Target = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *CNAME) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad CNAME Target", l}, ""
+		return &ParseError{"", "bad CNAME Target", l}
 	}
 	rr.Target = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setDNAME(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(DNAME)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Target = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *DNAME) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad DNAME Target", l}, ""
+		return &ParseError{"", "bad DNAME Target", l}
 	}
 	rr.Target = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setSOA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(SOA)
-	rr.Hdr = h
-
-	l := <-c
-	rr.Ns = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *SOA) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	ns, nsOk := toAbsoluteName(l.token, o)
 	if l.err || !nsOk {
-		return nil, &ParseError{f, "bad SOA Ns", l}, ""
+		return &ParseError{"", "bad SOA Ns", l}
 	}
 	rr.Ns = ns
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	rr.Mbox = l.token
 
 	mbox, mboxOk := toAbsoluteName(l.token, o)
 	if l.err || !mboxOk {
-		return nil, &ParseError{f, "bad SOA Mbox", l}, ""
+		return &ParseError{"", "bad SOA Mbox", l}
 	}
 	rr.Mbox = mbox
 
-	<-c // zBlank
+	c.Next() // zBlank
 
 	var (
 		v  uint32
 		ok bool
 	)
 	for i := 0; i < 5; i++ {
-		l = <-c
+		l, _ = c.Next()
 		if l.err {
-			return nil, &ParseError{f, "bad SOA zone parameter", l}, ""
+			return &ParseError{"", "bad SOA zone parameter", l}
 		}
 		if j, e := strconv.ParseUint(l.token, 10, 32); e != nil {
 			if i == 0 {
 				// Serial must be a number
-				return nil, &ParseError{f, "bad SOA zone parameter", l}, ""
+				return &ParseError{"", "bad SOA zone parameter", l}
 			}
 			// We allow other fields to be unitful duration strings
 			if v, ok = stringToTTL(l.token); !ok {
-				return nil, &ParseError{f, "bad SOA zone parameter", l}, ""
+				return &ParseError{"", "bad SOA zone parameter", l}
 
 			}
 		} else {
@@ -600,191 +419,167 @@ func setSOA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 		switch i {
 		case 0:
 			rr.Serial = v
-			<-c // zBlank
+			c.Next() // zBlank
 		case 1:
 			rr.Refresh = v
-			<-c // zBlank
+			c.Next() // zBlank
 		case 2:
 			rr.Retry = v
-			<-c // zBlank
+			c.Next() // zBlank
 		case 3:
 			rr.Expire = v
-			<-c // zBlank
+			c.Next() // zBlank
 		case 4:
 			rr.Minttl = v
 		}
 	}
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setSRV(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(SRV)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *SRV) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad SRV Priority", l}, ""
+		return &ParseError{"", "bad SRV Priority", l}
 	}
 	rr.Priority = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad SRV Weight", l}, ""
+		return &ParseError{"", "bad SRV Weight", l}
 	}
 	rr.Weight = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad SRV Port", l}, ""
+		return &ParseError{"", "bad SRV Port", l}
 	}
 	rr.Port = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Target = l.token
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad SRV Target", l}, ""
+		return &ParseError{"", "bad SRV Target", l}
 	}
 	rr.Target = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setNAPTR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NAPTR)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *NAPTR) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NAPTR Order", l}, ""
+		return &ParseError{"", "bad NAPTR Order", l}
 	}
 	rr.Order = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NAPTR Preference", l}, ""
+		return &ParseError{"", "bad NAPTR Preference", l}
 	}
 	rr.Preference = uint16(i)
 
 	// Flags
-	<-c     // zBlank
-	l = <-c // _QUOTE
+	c.Next()        // zBlank
+	l, _ = c.Next() // _QUOTE
 	if l.value != zQuote {
-		return nil, &ParseError{f, "bad NAPTR Flags", l}, ""
+		return &ParseError{"", "bad NAPTR Flags", l}
 	}
-	l = <-c // Either String or Quote
+	l, _ = c.Next() // Either String or Quote
 	if l.value == zString {
 		rr.Flags = l.token
-		l = <-c // _QUOTE
+		l, _ = c.Next() // _QUOTE
 		if l.value != zQuote {
-			return nil, &ParseError{f, "bad NAPTR Flags", l}, ""
+			return &ParseError{"", "bad NAPTR Flags", l}
 		}
 	} else if l.value == zQuote {
 		rr.Flags = ""
 	} else {
-		return nil, &ParseError{f, "bad NAPTR Flags", l}, ""
+		return &ParseError{"", "bad NAPTR Flags", l}
 	}
 
 	// Service
-	<-c     // zBlank
-	l = <-c // _QUOTE
+	c.Next()        // zBlank
+	l, _ = c.Next() // _QUOTE
 	if l.value != zQuote {
-		return nil, &ParseError{f, "bad NAPTR Service", l}, ""
+		return &ParseError{"", "bad NAPTR Service", l}
 	}
-	l = <-c // Either String or Quote
+	l, _ = c.Next() // Either String or Quote
 	if l.value == zString {
 		rr.Service = l.token
-		l = <-c // _QUOTE
+		l, _ = c.Next() // _QUOTE
 		if l.value != zQuote {
-			return nil, &ParseError{f, "bad NAPTR Service", l}, ""
+			return &ParseError{"", "bad NAPTR Service", l}
 		}
 	} else if l.value == zQuote {
 		rr.Service = ""
 	} else {
-		return nil, &ParseError{f, "bad NAPTR Service", l}, ""
+		return &ParseError{"", "bad NAPTR Service", l}
 	}
 
 	// Regexp
-	<-c     // zBlank
-	l = <-c // _QUOTE
+	c.Next()        // zBlank
+	l, _ = c.Next() // _QUOTE
 	if l.value != zQuote {
-		return nil, &ParseError{f, "bad NAPTR Regexp", l}, ""
+		return &ParseError{"", "bad NAPTR Regexp", l}
 	}
-	l = <-c // Either String or Quote
+	l, _ = c.Next() // Either String or Quote
 	if l.value == zString {
 		rr.Regexp = l.token
-		l = <-c // _QUOTE
+		l, _ = c.Next() // _QUOTE
 		if l.value != zQuote {
-			return nil, &ParseError{f, "bad NAPTR Regexp", l}, ""
+			return &ParseError{"", "bad NAPTR Regexp", l}
 		}
 	} else if l.value == zQuote {
 		rr.Regexp = ""
 	} else {
-		return nil, &ParseError{f, "bad NAPTR Regexp", l}, ""
+		return &ParseError{"", "bad NAPTR Regexp", l}
 	}
 
 	// After quote no space??
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Replacement = l.token
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad NAPTR Replacement", l}, ""
+		return &ParseError{"", "bad NAPTR Replacement", l}
 	}
 	rr.Replacement = name
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setTALINK(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(TALINK)
-	rr.Hdr = h
-
-	l := <-c
-	rr.PreviousName = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *TALINK) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	previousName, previousNameOk := toAbsoluteName(l.token, o)
 	if l.err || !previousNameOk {
-		return nil, &ParseError{f, "bad TALINK PreviousName", l}, ""
+		return &ParseError{"", "bad TALINK PreviousName", l}
 	}
 	rr.PreviousName = previousName
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	rr.NextName = l.token
 
 	nextName, nextNameOk := toAbsoluteName(l.token, o)
 	if l.err || !nextNameOk {
-		return nil, &ParseError{f, "bad TALINK NextName", l}, ""
+		return &ParseError{"", "bad TALINK NextName", l}
 	}
 	rr.NextName = nextName
 
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setLOC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(LOC)
-	rr.Hdr = h
+func (rr *LOC) parse(c *zlexer, o string) *ParseError {
 	// Non zero defaults for LOC record, see RFC 1876, Section 3.
 	rr.HorizPre = 165 // 10000
 	rr.VertPre = 162  // 10
@@ -792,97 +587,94 @@ func setLOC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 	ok := false
 
 	// North
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 32)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad LOC Latitude", l}, ""
+		return &ParseError{"", "bad LOC Latitude", l}
 	}
 	rr.Latitude = 1000 * 60 * 60 * uint32(i)
 
-	<-c // zBlank
+	c.Next() // zBlank
 	// Either number, 'N' or 'S'
-	l = <-c
+	l, _ = c.Next()
 	if rr.Latitude, ok = locCheckNorth(l.token, rr.Latitude); ok {
 		goto East
 	}
 	i, e = strconv.ParseUint(l.token, 10, 32)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad LOC Latitude minutes", l}, ""
+		return &ParseError{"", "bad LOC Latitude minutes", l}
 	}
 	rr.Latitude += 1000 * 60 * uint32(i)
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if i, e := strconv.ParseFloat(l.token, 32); e != nil || l.err {
-		return nil, &ParseError{f, "bad LOC Latitude seconds", l}, ""
+		return &ParseError{"", "bad LOC Latitude seconds", l}
 	} else {
 		rr.Latitude += uint32(1000 * i)
 	}
-	<-c // zBlank
+	c.Next() // zBlank
 	// Either number, 'N' or 'S'
-	l = <-c
+	l, _ = c.Next()
 	if rr.Latitude, ok = locCheckNorth(l.token, rr.Latitude); ok {
 		goto East
 	}
 	// If still alive, flag an error
-	return nil, &ParseError{f, "bad LOC Latitude North/South", l}, ""
+	return &ParseError{"", "bad LOC Latitude North/South", l}
 
 East:
 	// East
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if i, e := strconv.ParseUint(l.token, 10, 32); e != nil || l.err {
-		return nil, &ParseError{f, "bad LOC Longitude", l}, ""
+		return &ParseError{"", "bad LOC Longitude", l}
 	} else {
 		rr.Longitude = 1000 * 60 * 60 * uint32(i)
 	}
-	<-c // zBlank
+	c.Next() // zBlank
 	// Either number, 'E' or 'W'
-	l = <-c
+	l, _ = c.Next()
 	if rr.Longitude, ok = locCheckEast(l.token, rr.Longitude); ok {
 		goto Altitude
 	}
 	if i, e := strconv.ParseUint(l.token, 10, 32); e != nil || l.err {
-		return nil, &ParseError{f, "bad LOC Longitude minutes", l}, ""
+		return &ParseError{"", "bad LOC Longitude minutes", l}
 	} else {
 		rr.Longitude += 1000 * 60 * uint32(i)
 	}
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if i, e := strconv.ParseFloat(l.token, 32); e != nil || l.err {
-		return nil, &ParseError{f, "bad LOC Longitude seconds", l}, ""
+		return &ParseError{"", "bad LOC Longitude seconds", l}
 	} else {
 		rr.Longitude += uint32(1000 * i)
 	}
-	<-c // zBlank
+	c.Next() // zBlank
 	// Either number, 'E' or 'W'
-	l = <-c
+	l, _ = c.Next()
 	if rr.Longitude, ok = locCheckEast(l.token, rr.Longitude); ok {
 		goto Altitude
 	}
 	// If still alive, flag an error
-	return nil, &ParseError{f, "bad LOC Longitude East/West", l}, ""
+	return &ParseError{"", "bad LOC Longitude East/West", l}
 
 Altitude:
-	<-c // zBlank
-	l = <-c
-	if l.length == 0 || l.err {
-		return nil, &ParseError{f, "bad LOC Altitude", l}, ""
+	c.Next() // zBlank
+	l, _ = c.Next()
+	if len(l.token) == 0 || l.err {
+		return &ParseError{"", "bad LOC Altitude", l}
 	}
 	if l.token[len(l.token)-1] == 'M' || l.token[len(l.token)-1] == 'm' {
 		l.token = l.token[0 : len(l.token)-1]
 	}
 	if i, e := strconv.ParseFloat(l.token, 32); e != nil {
-		return nil, &ParseError{f, "bad LOC Altitude", l}, ""
+		return &ParseError{"", "bad LOC Altitude", l}
 	} else {
 		rr.Altitude = uint32(i*100.0 + 10000000.0 + 0.5)
 	}
 
 	// And now optionally the other values
-	l = <-c
+	l, _ = c.Next()
 	count := 0
 	for l.value != zNewline && l.value != zEOF {
 		switch l.value {
@@ -891,161 +683,139 @@ Altitude:
 			case 0: // Size
 				e, m, ok := stringToCm(l.token)
 				if !ok {
-					return nil, &ParseError{f, "bad LOC Size", l}, ""
+					return &ParseError{"", "bad LOC Size", l}
 				}
-				rr.Size = (e & 0x0f) | (m << 4 & 0xf0)
+				rr.Size = e&0x0f | m<<4&0xf0
 			case 1: // HorizPre
 				e, m, ok := stringToCm(l.token)
 				if !ok {
-					return nil, &ParseError{f, "bad LOC HorizPre", l}, ""
+					return &ParseError{"", "bad LOC HorizPre", l}
 				}
-				rr.HorizPre = (e & 0x0f) | (m << 4 & 0xf0)
+				rr.HorizPre = e&0x0f | m<<4&0xf0
 			case 2: // VertPre
 				e, m, ok := stringToCm(l.token)
 				if !ok {
-					return nil, &ParseError{f, "bad LOC VertPre", l}, ""
+					return &ParseError{"", "bad LOC VertPre", l}
 				}
-				rr.VertPre = (e & 0x0f) | (m << 4 & 0xf0)
+				rr.VertPre = e&0x0f | m<<4&0xf0
 			}
 			count++
 		case zBlank:
 			// Ok
 		default:
-			return nil, &ParseError{f, "bad LOC Size, HorizPre or VertPre", l}, ""
+			return &ParseError{"", "bad LOC Size, HorizPre or VertPre", l}
 		}
-		l = <-c
+		l, _ = c.Next()
 	}
-	return rr, nil, ""
+	return nil
 }
 
-func setHIP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(HIP)
-	rr.Hdr = h
-
+func (rr *HIP) parse(c *zlexer, o string) *ParseError {
 	// HitLength is not represented
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad HIP PublicKeyAlgorithm", l}, ""
+		return &ParseError{"", "bad HIP PublicKeyAlgorithm", l}
 	}
 	rr.PublicKeyAlgorithm = uint8(i)
 
-	<-c     // zBlank
-	l = <-c // zString
-	if l.length == 0 || l.err {
-		return nil, &ParseError{f, "bad HIP Hit", l}, ""
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
+	if len(l.token) == 0 || l.err {
+		return &ParseError{"", "bad HIP Hit", l}
 	}
 	rr.Hit = l.token // This can not contain spaces, see RFC 5205 Section 6.
 	rr.HitLength = uint8(len(rr.Hit)) / 2
 
-	<-c     // zBlank
-	l = <-c // zString
-	if l.length == 0 || l.err {
-		return nil, &ParseError{f, "bad HIP PublicKey", l}, ""
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
+	if len(l.token) == 0 || l.err {
+		return &ParseError{"", "bad HIP PublicKey", l}
 	}
 	rr.PublicKey = l.token // This cannot contain spaces
 	rr.PublicKeyLength = uint16(base64.StdEncoding.DecodedLen(len(rr.PublicKey)))
 
 	// RendezvousServers (if any)
-	l = <-c
+	l, _ = c.Next()
 	var xs []string
 	for l.value != zNewline && l.value != zEOF {
 		switch l.value {
 		case zString:
 			name, nameOk := toAbsoluteName(l.token, o)
 			if l.err || !nameOk {
-				return nil, &ParseError{f, "bad HIP RendezvousServers", l}, ""
+				return &ParseError{"", "bad HIP RendezvousServers", l}
 			}
 			xs = append(xs, name)
 		case zBlank:
 			// Ok
 		default:
-			return nil, &ParseError{f, "bad HIP RendezvousServers", l}, ""
+			return &ParseError{"", "bad HIP RendezvousServers", l}
 		}
-		l = <-c
+		l, _ = c.Next()
 	}
+
 	rr.RendezvousServers = xs
-	return rr, nil, l.comment
+	return nil
 }
 
-func setCERT(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(CERT)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *CERT) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	if v, ok := StringToCertType[l.token]; ok {
 		rr.Type = v
 	} else if i, e := strconv.ParseUint(l.token, 10, 16); e != nil {
-		return nil, &ParseError{f, "bad CERT Type", l}, ""
+		return &ParseError{"", "bad CERT Type", l}
 	} else {
 		rr.Type = uint16(i)
 	}
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad CERT KeyTag", l}, ""
+		return &ParseError{"", "bad CERT KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	if v, ok := StringToAlgorithm[l.token]; ok {
 		rr.Algorithm = v
 	} else if i, e := strconv.ParseUint(l.token, 10, 8); e != nil {
-		return nil, &ParseError{f, "bad CERT Algorithm", l}, ""
+		return &ParseError{"", "bad CERT Algorithm", l}
 	} else {
 		rr.Algorithm = uint8(i)
 	}
-	s, e1, c1 := endingToString(c, "bad CERT Certificate", f)
+	s, e1 := endingToString(c, "bad CERT Certificate")
 	if e1 != nil {
-		return nil, e1, c1
+		return e1
 	}
 	rr.Certificate = s
-	return rr, nil, c1
+	return nil
 }
 
-func setOPENPGPKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(OPENPGPKEY)
-	rr.Hdr = h
-
-	s, e, c1 := endingToString(c, "bad OPENPGPKEY PublicKey", f)
+func (rr *OPENPGPKEY) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToString(c, "bad OPENPGPKEY PublicKey")
 	if e != nil {
-		return nil, e, c1
+		return e
 	}
 	rr.PublicKey = s
-	return rr, nil, c1
+	return nil
 }
 
-func setCSYNC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(CSYNC)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
+func (rr *CSYNC) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	j, e := strconv.ParseUint(l.token, 10, 32)
 	if e != nil {
 		// Serial must be a number
-		return nil, &ParseError{f, "bad CSYNC serial", l}, ""
+		return &ParseError{"", "bad CSYNC serial", l}
 	}
 	rr.Serial = uint32(j)
 
-	<-c // zBlank
+	c.Next() // zBlank
 
-	l = <-c
+	l, _ = c.Next()
 	j, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil {
 		// Serial must be a number
-		return nil, &ParseError{f, "bad CSYNC flags", l}, ""
+		return &ParseError{"", "bad CSYNC flags", l}
 	}
 	rr.Flags = uint16(j)
 
@@ -1054,146 +824,129 @@ func setCSYNC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 		k  uint16
 		ok bool
 	)
-	l = <-c
+	l, _ = c.Next()
 	for l.value != zNewline && l.value != zEOF {
 		switch l.value {
 		case zBlank:
 			// Ok
 		case zString:
-			if k, ok = StringToType[l.tokenUpper]; !ok {
-				if k, ok = typeToInt(l.tokenUpper); !ok {
-					return nil, &ParseError{f, "bad CSYNC TypeBitMap", l}, ""
+			tokenUpper := strings.ToUpper(l.token)
+			if k, ok = StringToType[tokenUpper]; !ok {
+				if k, ok = typeToInt(l.token); !ok {
+					return &ParseError{"", "bad CSYNC TypeBitMap", l}
 				}
 			}
 			rr.TypeBitMap = append(rr.TypeBitMap, k)
 		default:
-			return nil, &ParseError{f, "bad CSYNC TypeBitMap", l}, ""
+			return &ParseError{"", "bad CSYNC TypeBitMap", l}
 		}
-		l = <-c
+		l, _ = c.Next()
 	}
-	return rr, nil, l.comment
+	return nil
 }
 
-func setSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	r, e, s := setRRSIG(h, c, o, f)
-	if r != nil {
-		return &SIG{*r.(*RRSIG)}, e, s
-	}
-	return nil, e, s
+func (rr *SIG) parse(c *zlexer, o string) *ParseError {
+	return rr.RRSIG.parse(c, o)
 }
 
-func setRRSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(RRSIG)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
-	if t, ok := StringToType[l.tokenUpper]; !ok {
-		if strings.HasPrefix(l.tokenUpper, "TYPE") {
-			t, ok = typeToInt(l.tokenUpper)
+func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
+	tokenUpper := strings.ToUpper(l.token)
+	if t, ok := StringToType[tokenUpper]; !ok {
+		if strings.HasPrefix(tokenUpper, "TYPE") {
+			t, ok = typeToInt(l.token)
 			if !ok {
-				return nil, &ParseError{f, "bad RRSIG Typecovered", l}, ""
+				return &ParseError{"", "bad RRSIG Typecovered", l}
 			}
 			rr.TypeCovered = t
 		} else {
-			return nil, &ParseError{f, "bad RRSIG Typecovered", l}, ""
+			return &ParseError{"", "bad RRSIG Typecovered", l}
 		}
 	} else {
 		rr.TypeCovered = t
 	}
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, err := strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return nil, &ParseError{f, "bad RRSIG Algorithm", l}, ""
+		return &ParseError{"", "bad RRSIG Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, err = strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return nil, &ParseError{f, "bad RRSIG Labels", l}, ""
+		return &ParseError{"", "bad RRSIG Labels", l}
 	}
 	rr.Labels = uint8(i)
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, err = strconv.ParseUint(l.token, 10, 32)
 	if err != nil || l.err {
-		return nil, &ParseError{f, "bad RRSIG OrigTtl", l}, ""
+		return &ParseError{"", "bad RRSIG OrigTtl", l}
 	}
 	rr.OrigTtl = uint32(i)
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if i, err := StringToTime(l.token); err != nil {
 		// Try to see if all numeric and use it as epoch
 		if i, err := strconv.ParseInt(l.token, 10, 64); err == nil {
 			// TODO(miek): error out on > MAX_UINT32, same below
 			rr.Expiration = uint32(i)
 		} else {
-			return nil, &ParseError{f, "bad RRSIG Expiration", l}, ""
+			return &ParseError{"", "bad RRSIG Expiration", l}
 		}
 	} else {
 		rr.Expiration = i
 	}
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if i, err := StringToTime(l.token); err != nil {
 		if i, err := strconv.ParseInt(l.token, 10, 64); err == nil {
 			rr.Inception = uint32(i)
 		} else {
-			return nil, &ParseError{f, "bad RRSIG Inception", l}, ""
+			return &ParseError{"", "bad RRSIG Inception", l}
 		}
 	} else {
 		rr.Inception = i
 	}
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, err = strconv.ParseUint(l.token, 10, 16)
 	if err != nil || l.err {
-		return nil, &ParseError{f, "bad RRSIG KeyTag", l}, ""
+		return &ParseError{"", "bad RRSIG KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	rr.SignerName = l.token
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad RRSIG SignerName", l}, ""
+		return &ParseError{"", "bad RRSIG SignerName", l}
 	}
 	rr.SignerName = name
 
-	s, e, c1 := endingToString(c, "bad RRSIG Signature", f)
+	s, e := endingToString(c, "bad RRSIG Signature")
 	if e != nil {
-		return nil, e, c1
+		return e
 	}
 	rr.Signature = s
 
-	return rr, nil, c1
+	return nil
 }
 
-func setNSEC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NSEC)
-	rr.Hdr = h
-
-	l := <-c
-	rr.NextDomain = l.token
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *NSEC) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad NSEC NextDomain", l}, ""
+		return &ParseError{"", "bad NSEC NextDomain", l}
 	}
 	rr.NextDomain = name
 
@@ -1202,68 +955,62 @@ func setNSEC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 		k  uint16
 		ok bool
 	)
-	l = <-c
+	l, _ = c.Next()
 	for l.value != zNewline && l.value != zEOF {
 		switch l.value {
 		case zBlank:
 			// Ok
 		case zString:
-			if k, ok = StringToType[l.tokenUpper]; !ok {
-				if k, ok = typeToInt(l.tokenUpper); !ok {
-					return nil, &ParseError{f, "bad NSEC TypeBitMap", l}, ""
+			tokenUpper := strings.ToUpper(l.token)
+			if k, ok = StringToType[tokenUpper]; !ok {
+				if k, ok = typeToInt(l.token); !ok {
+					return &ParseError{"", "bad NSEC TypeBitMap", l}
 				}
 			}
 			rr.TypeBitMap = append(rr.TypeBitMap, k)
 		default:
-			return nil, &ParseError{f, "bad NSEC TypeBitMap", l}, ""
+			return &ParseError{"", "bad NSEC TypeBitMap", l}
 		}
-		l = <-c
+		l, _ = c.Next()
 	}
-	return rr, nil, l.comment
+	return nil
 }
 
-func setNSEC3(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NSEC3)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *NSEC3) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NSEC3 Hash", l}, ""
+		return &ParseError{"", "bad NSEC3 Hash", l}
 	}
 	rr.Hash = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NSEC3 Flags", l}, ""
+		return &ParseError{"", "bad NSEC3 Flags", l}
 	}
 	rr.Flags = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NSEC3 Iterations", l}, ""
+		return &ParseError{"", "bad NSEC3 Iterations", l}
 	}
 	rr.Iterations = uint16(i)
-	<-c
-	l = <-c
+	c.Next()
+	l, _ = c.Next()
 	if len(l.token) == 0 || l.err {
-		return nil, &ParseError{f, "bad NSEC3 Salt", l}, ""
+		return &ParseError{"", "bad NSEC3 Salt", l}
 	}
 	if l.token != "-" {
 		rr.SaltLength = uint8(len(l.token)) / 2
 		rr.Salt = l.token
 	}
 
-	<-c
-	l = <-c
+	c.Next()
+	l, _ = c.Next()
 	if len(l.token) == 0 || l.err {
-		return nil, &ParseError{f, "bad NSEC3 NextDomain", l}, ""
+		return &ParseError{"", "bad NSEC3 NextDomain", l}
 	}
 	rr.HashLength = 20 // Fix for NSEC3 (sha1 160 bits)
 	rr.NextDomain = l.token
@@ -1273,74 +1020,61 @@ func setNSEC3(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 		k  uint16
 		ok bool
 	)
-	l = <-c
+	l, _ = c.Next()
 	for l.value != zNewline && l.value != zEOF {
 		switch l.value {
 		case zBlank:
 			// Ok
 		case zString:
-			if k, ok = StringToType[l.tokenUpper]; !ok {
-				if k, ok = typeToInt(l.tokenUpper); !ok {
-					return nil, &ParseError{f, "bad NSEC3 TypeBitMap", l}, ""
+			tokenUpper := strings.ToUpper(l.token)
+			if k, ok = StringToType[tokenUpper]; !ok {
+				if k, ok = typeToInt(l.token); !ok {
+					return &ParseError{"", "bad NSEC3 TypeBitMap", l}
 				}
 			}
 			rr.TypeBitMap = append(rr.TypeBitMap, k)
 		default:
-			return nil, &ParseError{f, "bad NSEC3 TypeBitMap", l}, ""
+			return &ParseError{"", "bad NSEC3 TypeBitMap", l}
 		}
-		l = <-c
+		l, _ = c.Next()
 	}
-	return rr, nil, l.comment
+	return nil
 }
 
-func setNSEC3PARAM(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NSEC3PARAM)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *NSEC3PARAM) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NSEC3PARAM Hash", l}, ""
+		return &ParseError{"", "bad NSEC3PARAM Hash", l}
 	}
 	rr.Hash = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NSEC3PARAM Flags", l}, ""
+		return &ParseError{"", "bad NSEC3PARAM Flags", l}
 	}
 	rr.Flags = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NSEC3PARAM Iterations", l}, ""
+		return &ParseError{"", "bad NSEC3PARAM Iterations", l}
 	}
 	rr.Iterations = uint16(i)
-	<-c
-	l = <-c
+	c.Next()
+	l, _ = c.Next()
 	if l.token != "-" {
 		rr.SaltLength = uint8(len(l.token))
 		rr.Salt = l.token
 	}
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setEUI48(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(EUI48)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
-	if l.length != 17 || l.err {
-		return nil, &ParseError{f, "bad EUI48 Address", l}, ""
+func (rr *EUI48) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
+	if len(l.token) != 17 || l.err {
+		return &ParseError{"", "bad EUI48 Address", l}
 	}
 	addr := make([]byte, 12)
 	dash := 0
@@ -1349,7 +1083,7 @@ func setEUI48(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 		addr[i+1] = l.token[i+1+dash]
 		dash++
 		if l.token[i+1+dash] != '-' {
-			return nil, &ParseError{f, "bad EUI48 Address", l}, ""
+			return &ParseError{"", "bad EUI48 Address", l}
 		}
 	}
 	addr[10] = l.token[15]
@@ -1357,23 +1091,16 @@ func setEUI48(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 
 	i, e := strconv.ParseUint(string(addr), 16, 48)
 	if e != nil {
-		return nil, &ParseError{f, "bad EUI48 Address", l}, ""
+		return &ParseError{"", "bad EUI48 Address", l}
 	}
 	rr.Address = i
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setEUI64(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(EUI64)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
-	if l.length != 23 || l.err {
-		return nil, &ParseError{f, "bad EUI64 Address", l}, ""
+func (rr *EUI64) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
+	if len(l.token) != 23 || l.err {
+		return &ParseError{"", "bad EUI64 Address", l}
 	}
 	addr := make([]byte, 16)
 	dash := 0
@@ -1382,7 +1109,7 @@ func setEUI64(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 		addr[i+1] = l.token[i+1+dash]
 		dash++
 		if l.token[i+1+dash] != '-' {
-			return nil, &ParseError{f, "bad EUI64 Address", l}, ""
+			return &ParseError{"", "bad EUI64 Address", l}
 		}
 	}
 	addr[14] = l.token[21]
@@ -1390,814 +1117,648 @@ func setEUI64(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
 
 	i, e := strconv.ParseUint(string(addr), 16, 64)
 	if e != nil {
-		return nil, &ParseError{f, "bad EUI68 Address", l}, ""
+		return &ParseError{"", "bad EUI68 Address", l}
 	}
-	rr.Address = uint64(i)
-	return rr, nil, ""
+	rr.Address = i
+	return slurpRemainder(c)
 }
 
-func setSSHFP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(SSHFP)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *SSHFP) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad SSHFP Algorithm", l}, ""
+		return &ParseError{"", "bad SSHFP Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad SSHFP Type", l}, ""
+		return &ParseError{"", "bad SSHFP Type", l}
 	}
 	rr.Type = uint8(i)
-	<-c // zBlank
-	s, e1, c1 := endingToString(c, "bad SSHFP Fingerprint", f)
+	c.Next() // zBlank
+	s, e1 := endingToString(c, "bad SSHFP Fingerprint")
 	if e1 != nil {
-		return nil, e1, c1
+		return e1
 	}
 	rr.FingerPrint = s
-	return rr, nil, ""
+	return nil
 }
 
-func setDNSKEYs(h RR_Header, c chan lex, o, f, typ string) (RR, *ParseError, string) {
-	rr := new(DNSKEY)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *DNSKEY) parseDNSKEY(c *zlexer, o, typ string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad " + typ + " Flags", l}, ""
+		return &ParseError{"", "bad " + typ + " Flags", l}
 	}
 	rr.Flags = uint16(i)
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad " + typ + " Protocol", l}, ""
+		return &ParseError{"", "bad " + typ + " Protocol", l}
 	}
 	rr.Protocol = uint8(i)
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad " + typ + " Algorithm", l}, ""
+		return &ParseError{"", "bad " + typ + " Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
-	s, e1, c1 := endingToString(c, "bad "+typ+" PublicKey", f)
+	s, e1 := endingToString(c, "bad "+typ+" PublicKey")
 	if e1 != nil {
-		return nil, e1, c1
+		return e1
 	}
 	rr.PublicKey = s
-	return rr, nil, c1
+	return nil
 }
 
-func setKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	r, e, s := setDNSKEYs(h, c, o, f, "KEY")
-	if r != nil {
-		return &KEY{*r.(*DNSKEY)}, e, s
-	}
-	return nil, e, s
+func (rr *DNSKEY) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDNSKEY(c, o, "DNSKEY")
 }
 
-func setDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	r, e, s := setDNSKEYs(h, c, o, f, "DNSKEY")
-	return r, e, s
+func (rr *KEY) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDNSKEY(c, o, "KEY")
 }
 
-func setCDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	r, e, s := setDNSKEYs(h, c, o, f, "CDNSKEY")
-	if r != nil {
-		return &CDNSKEY{*r.(*DNSKEY)}, e, s
-	}
-	return nil, e, s
+func (rr *CDNSKEY) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDNSKEY(c, o, "CDNSKEY")
 }
 
-func setRKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(RKEY)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *RKEY) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad RKEY Flags", l}, ""
+		return &ParseError{"", "bad RKEY Flags", l}
 	}
 	rr.Flags = uint16(i)
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad RKEY Protocol", l}, ""
+		return &ParseError{"", "bad RKEY Protocol", l}
 	}
 	rr.Protocol = uint8(i)
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad RKEY Algorithm", l}, ""
+		return &ParseError{"", "bad RKEY Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
-	s, e1, c1 := endingToString(c, "bad RKEY PublicKey", f)
+	s, e1 := endingToString(c, "bad RKEY PublicKey")
 	if e1 != nil {
-		return nil, e1, c1
+		return e1
 	}
 	rr.PublicKey = s
-	return rr, nil, c1
+	return nil
 }
 
-func setEID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(EID)
-	rr.Hdr = h
-	s, e, c1 := endingToString(c, "bad EID Endpoint", f)
+func (rr *EID) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToString(c, "bad EID Endpoint")
 	if e != nil {
-		return nil, e, c1
+		return e
 	}
 	rr.Endpoint = s
-	return rr, nil, c1
+	return nil
 }
 
-func setNIMLOC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NIMLOC)
-	rr.Hdr = h
-	s, e, c1 := endingToString(c, "bad NIMLOC Locator", f)
+func (rr *NIMLOC) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToString(c, "bad NIMLOC Locator")
 	if e != nil {
-		return nil, e, c1
+		return e
 	}
 	rr.Locator = s
-	return rr, nil, c1
+	return nil
 }
 
-func setGPOS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(GPOS)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *GPOS) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	_, e := strconv.ParseFloat(l.token, 64)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad GPOS Longitude", l}, ""
+		return &ParseError{"", "bad GPOS Longitude", l}
 	}
 	rr.Longitude = l.token
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	_, e = strconv.ParseFloat(l.token, 64)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad GPOS Latitude", l}, ""
+		return &ParseError{"", "bad GPOS Latitude", l}
 	}
 	rr.Latitude = l.token
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	_, e = strconv.ParseFloat(l.token, 64)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad GPOS Altitude", l}, ""
+		return &ParseError{"", "bad GPOS Altitude", l}
 	}
 	rr.Altitude = l.token
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setDSs(h RR_Header, c chan lex, o, f, typ string) (RR, *ParseError, string) {
-	rr := new(DS)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *DS) parseDS(c *zlexer, o, typ string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad " + typ + " KeyTag", l}, ""
+		return &ParseError{"", "bad " + typ + " KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if i, e = strconv.ParseUint(l.token, 10, 8); e != nil {
-		i, ok := StringToAlgorithm[l.tokenUpper]
+		tokenUpper := strings.ToUpper(l.token)
+		i, ok := StringToAlgorithm[tokenUpper]
 		if !ok || l.err {
-			return nil, &ParseError{f, "bad " + typ + " Algorithm", l}, ""
+			return &ParseError{"", "bad " + typ + " Algorithm", l}
 		}
 		rr.Algorithm = i
 	} else {
 		rr.Algorithm = uint8(i)
 	}
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad " + typ + " DigestType", l}, ""
+		return &ParseError{"", "bad " + typ + " DigestType", l}
 	}
 	rr.DigestType = uint8(i)
-	s, e1, c1 := endingToString(c, "bad "+typ+" Digest", f)
+	s, e1 := endingToString(c, "bad "+typ+" Digest")
 	if e1 != nil {
-		return nil, e1, c1
+		return e1
 	}
 	rr.Digest = s
-	return rr, nil, c1
+	return nil
 }
 
-func setDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	r, e, s := setDSs(h, c, o, f, "DS")
-	return r, e, s
+func (rr *DS) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDS(c, o, "DS")
 }
 
-func setDLV(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	r, e, s := setDSs(h, c, o, f, "DLV")
-	if r != nil {
-		return &DLV{*r.(*DS)}, e, s
-	}
-	return nil, e, s
+func (rr *DLV) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDS(c, o, "DLV")
 }
 
-func setCDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	r, e, s := setDSs(h, c, o, f, "CDS")
-	if r != nil {
-		return &CDS{*r.(*DS)}, e, s
-	}
-	return nil, e, s
+func (rr *CDS) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDS(c, o, "CDS")
 }
 
-func setTA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(TA)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *TA) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad TA KeyTag", l}, ""
+		return &ParseError{"", "bad TA KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if i, e := strconv.ParseUint(l.token, 10, 8); e != nil {
-		i, ok := StringToAlgorithm[l.tokenUpper]
+		tokenUpper := strings.ToUpper(l.token)
+		i, ok := StringToAlgorithm[tokenUpper]
 		if !ok || l.err {
-			return nil, &ParseError{f, "bad TA Algorithm", l}, ""
+			return &ParseError{"", "bad TA Algorithm", l}
 		}
 		rr.Algorithm = i
 	} else {
 		rr.Algorithm = uint8(i)
 	}
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad TA DigestType", l}, ""
+		return &ParseError{"", "bad TA DigestType", l}
 	}
 	rr.DigestType = uint8(i)
-	s, e, c1 := endingToString(c, "bad TA Digest", f)
-	if e != nil {
-		return nil, e.(*ParseError), c1
+	s, err := endingToString(c, "bad TA Digest")
+	if err != nil {
+		return err
 	}
 	rr.Digest = s
-	return rr, nil, c1
+	return nil
 }
 
-func setTLSA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(TLSA)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *TLSA) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad TLSA Usage", l}, ""
+		return &ParseError{"", "bad TLSA Usage", l}
 	}
 	rr.Usage = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad TLSA Selector", l}, ""
+		return &ParseError{"", "bad TLSA Selector", l}
 	}
 	rr.Selector = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad TLSA MatchingType", l}, ""
+		return &ParseError{"", "bad TLSA MatchingType", l}
 	}
 	rr.MatchingType = uint8(i)
 	// So this needs be e2 (i.e. different than e), because...??t
-	s, e2, c1 := endingToString(c, "bad TLSA Certificate", f)
+	s, e2 := endingToString(c, "bad TLSA Certificate")
 	if e2 != nil {
-		return nil, e2, c1
+		return e2
 	}
 	rr.Certificate = s
-	return rr, nil, c1
+	return nil
 }
 
-func setSMIMEA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(SMIMEA)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *SMIMEA) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad SMIMEA Usage", l}, ""
+		return &ParseError{"", "bad SMIMEA Usage", l}
 	}
 	rr.Usage = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad SMIMEA Selector", l}, ""
+		return &ParseError{"", "bad SMIMEA Selector", l}
 	}
 	rr.Selector = uint8(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad SMIMEA MatchingType", l}, ""
+		return &ParseError{"", "bad SMIMEA MatchingType", l}
 	}
 	rr.MatchingType = uint8(i)
 	// So this needs be e2 (i.e. different than e), because...??t
-	s, e2, c1 := endingToString(c, "bad SMIMEA Certificate", f)
+	s, e2 := endingToString(c, "bad SMIMEA Certificate")
 	if e2 != nil {
-		return nil, e2, c1
+		return e2
 	}
 	rr.Certificate = s
-	return rr, nil, c1
+	return nil
 }
 
-func setRFC3597(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(RFC3597)
-	rr.Hdr = h
-
-	l := <-c
+func (rr *RFC3597) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	if l.token != "\\#" {
-		return nil, &ParseError{f, "bad RFC3597 Rdata", l}, ""
+		return &ParseError{"", "bad RFC3597 Rdata", l}
 	}
 
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	rdlength, e := strconv.Atoi(l.token)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad RFC3597 Rdata ", l}, ""
+		return &ParseError{"", "bad RFC3597 Rdata ", l}
 	}
 
-	s, e1, c1 := endingToString(c, "bad RFC3597 Rdata", f)
+	s, e1 := endingToString(c, "bad RFC3597 Rdata")
 	if e1 != nil {
-		return nil, e1, c1
+		return e1
 	}
 	if rdlength*2 != len(s) {
-		return nil, &ParseError{f, "bad RFC3597 Rdata", l}, ""
+		return &ParseError{"", "bad RFC3597 Rdata", l}
 	}
 	rr.Rdata = s
-	return rr, nil, c1
+	return nil
 }
 
-func setSPF(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(SPF)
-	rr.Hdr = h
-
-	s, e, c1 := endingToTxtSlice(c, "bad SPF Txt", f)
+func (rr *SPF) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToTxtSlice(c, "bad SPF Txt")
 	if e != nil {
-		return nil, e, ""
+		return e
 	}
 	rr.Txt = s
-	return rr, nil, c1
+	return nil
 }
 
-func setAVC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(AVC)
-	rr.Hdr = h
-
-	s, e, c1 := endingToTxtSlice(c, "bad AVC Txt", f)
+func (rr *AVC) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToTxtSlice(c, "bad AVC Txt")
 	if e != nil {
-		return nil, e, ""
+		return e
 	}
 	rr.Txt = s
-	return rr, nil, c1
+	return nil
 }
 
-func setTXT(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(TXT)
-	rr.Hdr = h
-
+func (rr *TXT) parse(c *zlexer, o string) *ParseError {
 	// no zBlank reading here, because all this rdata is TXT
-	s, e, c1 := endingToTxtSlice(c, "bad TXT Txt", f)
+	s, e := endingToTxtSlice(c, "bad TXT Txt")
 	if e != nil {
-		return nil, e, ""
+		return e
 	}
 	rr.Txt = s
-	return rr, nil, c1
+	return nil
 }
 
 // identical to setTXT
-func setNINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NINFO)
-	rr.Hdr = h
-
-	s, e, c1 := endingToTxtSlice(c, "bad NINFO ZSData", f)
+func (rr *NINFO) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToTxtSlice(c, "bad NINFO ZSData")
 	if e != nil {
-		return nil, e, ""
+		return e
 	}
 	rr.ZSData = s
-	return rr, nil, c1
+	return nil
 }
 
-func setURI(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(URI)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *URI) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad URI Priority", l}, ""
+		return &ParseError{"", "bad URI Priority", l}
 	}
 	rr.Priority = uint16(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad URI Weight", l}, ""
+		return &ParseError{"", "bad URI Weight", l}
 	}
 	rr.Weight = uint16(i)
 
-	<-c // zBlank
-	s, err, c1 := endingToTxtSlice(c, "bad URI Target", f)
+	c.Next() // zBlank
+	s, err := endingToTxtSlice(c, "bad URI Target")
 	if err != nil {
-		return nil, err, ""
+		return err
 	}
 	if len(s) != 1 {
-		return nil, &ParseError{f, "bad URI Target", l}, ""
+		return &ParseError{"", "bad URI Target", l}
 	}
 	rr.Target = s[0]
-	return rr, nil, c1
+	return nil
 }
 
-func setDHCID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
+func (rr *DHCID) parse(c *zlexer, o string) *ParseError {
 	// awesome record to parse!
-	rr := new(DHCID)
-	rr.Hdr = h
-
-	s, e, c1 := endingToString(c, "bad DHCID Digest", f)
+	s, e := endingToString(c, "bad DHCID Digest")
 	if e != nil {
-		return nil, e, c1
+		return e
 	}
 	rr.Digest = s
-	return rr, nil, c1
+	return nil
 }
 
-func setNID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(NID)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *NID) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad NID Preference", l}, ""
+		return &ParseError{"", "bad NID Preference", l}
 	}
 	rr.Preference = uint16(i)
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	u, err := stringToNodeID(l)
 	if err != nil || l.err {
-		return nil, err, ""
+		return err
 	}
 	rr.NodeID = u
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setL32(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(L32)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *L32) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad L32 Preference", l}, ""
+		return &ParseError{"", "bad L32 Preference", l}
 	}
 	rr.Preference = uint16(i)
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Locator32 = net.ParseIP(l.token)
 	if rr.Locator32 == nil || l.err {
-		return nil, &ParseError{f, "bad L32 Locator", l}, ""
+		return &ParseError{"", "bad L32 Locator", l}
 	}
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setLP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(LP)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *LP) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad LP Preference", l}, ""
+		return &ParseError{"", "bad LP Preference", l}
 	}
 	rr.Preference = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Fqdn = l.token
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return nil, &ParseError{f, "bad LP Fqdn", l}, ""
+		return &ParseError{"", "bad LP Fqdn", l}
 	}
 	rr.Fqdn = name
 
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setL64(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(L64)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *L64) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad L64 Preference", l}, ""
+		return &ParseError{"", "bad L64 Preference", l}
 	}
 	rr.Preference = uint16(i)
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	u, err := stringToNodeID(l)
 	if err != nil || l.err {
-		return nil, err, ""
+		return err
 	}
 	rr.Locator64 = u
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setUID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(UID)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *UID) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 32)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad UID Uid", l}, ""
+		return &ParseError{"", "bad UID Uid", l}
 	}
 	rr.Uid = uint32(i)
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setGID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(GID)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *GID) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 32)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad GID Gid", l}, ""
+		return &ParseError{"", "bad GID Gid", l}
 	}
 	rr.Gid = uint32(i)
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setUINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(UINFO)
-	rr.Hdr = h
-
-	s, e, c1 := endingToTxtSlice(c, "bad UINFO Uinfo", f)
+func (rr *UINFO) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToTxtSlice(c, "bad UINFO Uinfo")
 	if e != nil {
-		return nil, e, c1
+		return e
 	}
 	if ln := len(s); ln == 0 {
-		return rr, nil, c1
+		return nil
 	}
 	rr.Uinfo = s[0] // silently discard anything after the first character-string
-	return rr, nil, c1
+	return nil
 }
 
-func setPX(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(PX)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, ""
-	}
-
+func (rr *PX) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return nil, &ParseError{f, "bad PX Preference", l}, ""
+		return &ParseError{"", "bad PX Preference", l}
 	}
 	rr.Preference = uint16(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Map822 = l.token
 	map822, map822Ok := toAbsoluteName(l.token, o)
 	if l.err || !map822Ok {
-		return nil, &ParseError{f, "bad PX Map822", l}, ""
+		return &ParseError{"", "bad PX Map822", l}
 	}
 	rr.Map822 = map822
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	rr.Mapx400 = l.token
 	mapx400, mapx400Ok := toAbsoluteName(l.token, o)
 	if l.err || !mapx400Ok {
-		return nil, &ParseError{f, "bad PX Mapx400", l}, ""
+		return &ParseError{"", "bad PX Mapx400", l}
 	}
 	rr.Mapx400 = mapx400
 
-	return rr, nil, ""
+	return slurpRemainder(c)
 }
 
-func setCAA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(CAA)
-	rr.Hdr = h
-
-	l := <-c
-	if l.length == 0 { // dynamic update rr.
-		return rr, nil, l.comment
-	}
-
+func (rr *CAA) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 	i, err := strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return nil, &ParseError{f, "bad CAA Flag", l}, ""
+		return &ParseError{"", "bad CAA Flag", l}
 	}
 	rr.Flag = uint8(i)
 
-	<-c     // zBlank
-	l = <-c // zString
+	c.Next()        // zBlank
+	l, _ = c.Next() // zString
 	if l.value != zString {
-		return nil, &ParseError{f, "bad CAA Tag", l}, ""
+		return &ParseError{"", "bad CAA Tag", l}
 	}
 	rr.Tag = l.token
 
-	<-c // zBlank
-	s, e, c1 := endingToTxtSlice(c, "bad CAA Value", f)
+	c.Next() // zBlank
+	s, e := endingToTxtSlice(c, "bad CAA Value")
 	if e != nil {
-		return nil, e, ""
+		return e
 	}
 	if len(s) != 1 {
-		return nil, &ParseError{f, "bad CAA Value", l}, ""
+		return &ParseError{"", "bad CAA Value", l}
 	}
 	rr.Value = s[0]
-	return rr, nil, c1
+	return nil
 }
 
-func setTKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
-	rr := new(TKEY)
-	rr.Hdr = h
-
-	l := <-c
+func (rr *TKEY) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
 
 	// Algorithm
 	if l.value != zString {
-		return nil, &ParseError{f, "bad TKEY algorithm", l}, ""
+		return &ParseError{"", "bad TKEY algorithm", l}
 	}
 	rr.Algorithm = l.token
-	<-c // zBlank
+	c.Next() // zBlank
 
 	// Get the key length and key values
-	l = <-c
+	l, _ = c.Next()
 	i, err := strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return nil, &ParseError{f, "bad TKEY key length", l}, ""
+		return &ParseError{"", "bad TKEY key length", l}
 	}
 	rr.KeySize = uint16(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if l.value != zString {
-		return nil, &ParseError{f, "bad TKEY key", l}, ""
+		return &ParseError{"", "bad TKEY key", l}
 	}
 	rr.Key = l.token
-	<-c // zBlank
+	c.Next() // zBlank
 
 	// Get the otherdata length and string data
-	l = <-c
+	l, _ = c.Next()
 	i, err = strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return nil, &ParseError{f, "bad TKEY otherdata length", l}, ""
+		return &ParseError{"", "bad TKEY otherdata length", l}
 	}
 	rr.OtherLen = uint16(i)
-	<-c // zBlank
-	l = <-c
+	c.Next() // zBlank
+	l, _ = c.Next()
 	if l.value != zString {
-		return nil, &ParseError{f, "bad TKEY otherday", l}, ""
+		return &ParseError{"", "bad TKEY otherday", l}
 	}
 	rr.OtherData = l.token
 
-	return rr, nil, ""
-}
-
-var typeToparserFunc = map[uint16]parserFunc{
-	TypeAAAA:       {setAAAA, false},
-	TypeAFSDB:      {setAFSDB, false},
-	TypeA:          {setA, false},
-	TypeCAA:        {setCAA, true},
-	TypeCDS:        {setCDS, true},
-	TypeCDNSKEY:    {setCDNSKEY, true},
-	TypeCERT:       {setCERT, true},
-	TypeCNAME:      {setCNAME, false},
-	TypeCSYNC:      {setCSYNC, true},
-	TypeDHCID:      {setDHCID, true},
-	TypeDLV:        {setDLV, true},
-	TypeDNAME:      {setDNAME, false},
-	TypeKEY:        {setKEY, true},
-	TypeDNSKEY:     {setDNSKEY, true},
-	TypeDS:         {setDS, true},
-	TypeEID:        {setEID, true},
-	TypeEUI48:      {setEUI48, false},
-	TypeEUI64:      {setEUI64, false},
-	TypeGID:        {setGID, false},
-	TypeGPOS:       {setGPOS, false},
-	TypeHINFO:      {setHINFO, true},
-	TypeHIP:        {setHIP, true},
-	TypeKX:         {setKX, false},
-	TypeL32:        {setL32, false},
-	TypeL64:        {setL64, false},
-	TypeLOC:        {setLOC, true},
-	TypeLP:         {setLP, false},
-	TypeMB:         {setMB, false},
-	TypeMD:         {setMD, false},
-	TypeMF:         {setMF, false},
-	TypeMG:         {setMG, false},
-	TypeMINFO:      {setMINFO, false},
-	TypeMR:         {setMR, false},
-	TypeMX:         {setMX, false},
-	TypeNAPTR:      {setNAPTR, false},
-	TypeNID:        {setNID, false},
-	TypeNIMLOC:     {setNIMLOC, true},
-	TypeNINFO:      {setNINFO, true},
-	TypeNSAPPTR:    {setNSAPPTR, false},
-	TypeNSEC3PARAM: {setNSEC3PARAM, false},
-	TypeNSEC3:      {setNSEC3, true},
-	TypeNSEC:       {setNSEC, true},
-	TypeNS:         {setNS, false},
-	TypeOPENPGPKEY: {setOPENPGPKEY, true},
-	TypePTR:        {setPTR, false},
-	TypePX:         {setPX, false},
-	TypeSIG:        {setSIG, true},
-	TypeRKEY:       {setRKEY, true},
-	TypeRP:         {setRP, false},
-	TypeRRSIG:      {setRRSIG, true},
-	TypeRT:         {setRT, false},
-	TypeSMIMEA:     {setSMIMEA, true},
-	TypeSOA:        {setSOA, false},
-	TypeSPF:        {setSPF, true},
-	TypeAVC:        {setAVC, true},
-	TypeSRV:        {setSRV, false},
-	TypeSSHFP:      {setSSHFP, true},
-	TypeTALINK:     {setTALINK, false},
-	TypeTA:         {setTA, true},
-	TypeTLSA:       {setTLSA, true},
-	TypeTXT:        {setTXT, true},
-	TypeUID:        {setUID, false},
-	TypeUINFO:      {setUINFO, true},
-	TypeURI:        {setURI, true},
-	TypeX25:        {setX25, false},
-	TypeTKEY:       {setTKEY, true},
+	return nil
+}
+
+func (rr *APL) parse(c *zlexer, o string) *ParseError {
+	var prefixes []APLPrefix
+
+	for {
+		l, _ := c.Next()
+		if l.value == zNewline || l.value == zEOF {
+			break
+		}
+		if l.value == zBlank && prefixes != nil {
+			continue
+		}
+		if l.value != zString {
+			return &ParseError{"", "unexpected APL field", l}
+		}
+
+		// Expected format: [!]afi:address/prefix
+
+		colon := strings.IndexByte(l.token, ':')
+		if colon == -1 {
+			return &ParseError{"", "missing colon in APL field", l}
+		}
+
+		family, cidr := l.token[:colon], l.token[colon+1:]
+
+		var negation bool
+		if family != "" && family[0] == '!' {
+			negation = true
+			family = family[1:]
+		}
+
+		afi, err := strconv.ParseUint(family, 10, 16)
+		if err != nil {
+			return &ParseError{"", "failed to parse APL family: " + err.Error(), l}
+		}
+		var addrLen int
+		switch afi {
+		case 1:
+			addrLen = net.IPv4len
+		case 2:
+			addrLen = net.IPv6len
+		default:
+			return &ParseError{"", "unrecognized APL family", l}
+		}
+
+		ip, subnet, err := net.ParseCIDR(cidr)
+		if err != nil {
+			return &ParseError{"", "failed to parse APL address: " + err.Error(), l}
+		}
+		if !ip.Equal(subnet.IP) {
+			return &ParseError{"", "extra bits in APL address", l}
+		}
+
+		if len(subnet.IP) != addrLen {
+			return &ParseError{"", "address mismatch with the APL family", l}
+		}
+
+		prefixes = append(prefixes, APLPrefix{
+			Negation: negation,
+			Network:  *subnet,
+		})
+	}
+
+	rr.Prefixes = prefixes
+	return nil
 }
diff --git a/vendor/github.com/miekg/dns/scanner.go b/vendor/github.com/miekg/dns/scanner.go
deleted file mode 100644
index 424e5af9f5931..0000000000000
--- a/vendor/github.com/miekg/dns/scanner.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package dns
-
-// Implement a simple scanner, return a byte stream from an io reader.
-
-import (
-	"bufio"
-	"context"
-	"io"
-	"text/scanner"
-)
-
-type scan struct {
-	src      *bufio.Reader
-	position scanner.Position
-	eof      bool // Have we just seen a eof
-	ctx      context.Context
-}
-
-func scanInit(r io.Reader) (*scan, context.CancelFunc) {
-	s := new(scan)
-	s.src = bufio.NewReader(r)
-	s.position.Line = 1
-
-	ctx, cancel := context.WithCancel(context.Background())
-	s.ctx = ctx
-
-	return s, cancel
-}
-
-// tokenText returns the next byte from the input
-func (s *scan) tokenText() (byte, error) {
-	c, err := s.src.ReadByte()
-	if err != nil {
-		return c, err
-	}
-	select {
-	case <-s.ctx.Done():
-		return c, context.Canceled
-	default:
-		break
-	}
-
-	// delay the newline handling until the next token is delivered,
-	// fixes off-by-one errors when reporting a parse error.
-	if s.eof == true {
-		s.position.Line++
-		s.position.Column = 0
-		s.eof = false
-	}
-	if c == '\n' {
-		s.eof = true
-		return c, nil
-	}
-	s.position.Column++
-	return c, nil
-}
diff --git a/vendor/github.com/miekg/dns/serve_mux.go b/vendor/github.com/miekg/dns/serve_mux.go
new file mode 100644
index 0000000000000..69deb33e80022
--- /dev/null
+++ b/vendor/github.com/miekg/dns/serve_mux.go
@@ -0,0 +1,123 @@
+package dns
+
+import (
+	"strings"
+	"sync"
+)
+
+// ServeMux is an DNS request multiplexer. It matches the zone name of
+// each incoming request against a list of registered patterns add calls
+// the handler for the pattern that most closely matches the zone name.
+//
+// ServeMux is DNSSEC aware, meaning that queries for the DS record are
+// redirected to the parent zone (if that is also registered), otherwise
+// the child gets the query.
+//
+// ServeMux is also safe for concurrent access from multiple goroutines.
+//
+// The zero ServeMux is empty and ready for use.
+type ServeMux struct {
+	z map[string]Handler
+	m sync.RWMutex
+}
+
+// NewServeMux allocates and returns a new ServeMux.
+func NewServeMux() *ServeMux {
+	return new(ServeMux)
+}
+
+// DefaultServeMux is the default ServeMux used by Serve.
+var DefaultServeMux = NewServeMux()
+
+func (mux *ServeMux) match(q string, t uint16) Handler {
+	mux.m.RLock()
+	defer mux.m.RUnlock()
+	if mux.z == nil {
+		return nil
+	}
+
+	q = strings.ToLower(q)
+
+	var handler Handler
+	for off, end := 0, false; !end; off, end = NextLabel(q, off) {
+		if h, ok := mux.z[q[off:]]; ok {
+			if t != TypeDS {
+				return h
+			}
+			// Continue for DS to see if we have a parent too, if so delegate to the parent
+			handler = h
+		}
+	}
+
+	// Wildcard match, if we have found nothing try the root zone as a last resort.
+	if h, ok := mux.z["."]; ok {
+		return h
+	}
+
+	return handler
+}
+
+// Handle adds a handler to the ServeMux for pattern.
+func (mux *ServeMux) Handle(pattern string, handler Handler) {
+	if pattern == "" {
+		panic("dns: invalid pattern " + pattern)
+	}
+	mux.m.Lock()
+	if mux.z == nil {
+		mux.z = make(map[string]Handler)
+	}
+	mux.z[Fqdn(pattern)] = handler
+	mux.m.Unlock()
+}
+
+// HandleFunc adds a handler function to the ServeMux for pattern.
+func (mux *ServeMux) HandleFunc(pattern string, handler func(ResponseWriter, *Msg)) {
+	mux.Handle(pattern, HandlerFunc(handler))
+}
+
+// HandleRemove deregisters the handler specific for pattern from the ServeMux.
+func (mux *ServeMux) HandleRemove(pattern string) {
+	if pattern == "" {
+		panic("dns: invalid pattern " + pattern)
+	}
+	mux.m.Lock()
+	delete(mux.z, Fqdn(pattern))
+	mux.m.Unlock()
+}
+
+// ServeDNS dispatches the request to the handler whose pattern most
+// closely matches the request message.
+//
+// ServeDNS is DNSSEC aware, meaning that queries for the DS record
+// are redirected to the parent zone (if that is also registered),
+// otherwise the child gets the query.
+//
+// If no handler is found, or there is no question, a standard SERVFAIL
+// message is returned
+func (mux *ServeMux) ServeDNS(w ResponseWriter, req *Msg) {
+	var h Handler
+	if len(req.Question) >= 1 { // allow more than one question
+		h = mux.match(req.Question[0].Name, req.Question[0].Qtype)
+	}
+
+	if h != nil {
+		h.ServeDNS(w, req)
+	} else {
+		HandleFailed(w, req)
+	}
+}
+
+// Handle registers the handler with the given pattern
+// in the DefaultServeMux. The documentation for
+// ServeMux explains how patterns are matched.
+func Handle(pattern string, handler Handler) { DefaultServeMux.Handle(pattern, handler) }
+
+// HandleRemove deregisters the handle with the given pattern
+// in the DefaultServeMux.
+func HandleRemove(pattern string) { DefaultServeMux.HandleRemove(pattern) }
+
+// HandleFunc registers the handler function with the given pattern
+// in the DefaultServeMux.
+func HandleFunc(pattern string, handler func(ResponseWriter, *Msg)) {
+	DefaultServeMux.HandleFunc(pattern, handler)
+}
diff --git a/vendor/github.com/miekg/dns/server.go b/vendor/github.com/miekg/dns/server.go
index 2d98f148883a0..3cf1a0240112b 100644
--- a/vendor/github.com/miekg/dns/server.go
+++ b/vendor/github.com/miekg/dns/server.go
@@ -3,30 +3,40 @@
 package dns
 
 import (
-	"bytes"
+	"context"
 	"crypto/tls"
 	"encoding/binary"
+	"errors"
 	"io"
 	"net"
+	"strings"
 	"sync"
-	"sync/atomic"
 	"time"
 )
 
 // Default maximum number of TCP queries before we close the socket.
 const maxTCPQueries = 128
 
-// Interval for stop worker if no load
-const idleWorkerTimeout = 10 * time.Second
-
-// Maximum number of workers
-const maxWorkersCount = 10000
+// aLongTimeAgo is a non-zero time, far in the past, used for
+// immediate cancelation of network operations.
+var aLongTimeAgo = time.Unix(1, 0)
 
 // Handler is implemented by any value that implements ServeDNS.
 type Handler interface {
 	ServeDNS(w ResponseWriter, r *Msg)
 }
 
+// The HandlerFunc type is an adapter to allow the use of
+// ordinary functions as DNS handlers.  If f is a function
+// with the appropriate signature, HandlerFunc(f) is a
+// Handler object that calls f.
+type HandlerFunc func(ResponseWriter, *Msg)
+
+// ServeDNS calls f(w, r).
+func (f HandlerFunc) ServeDNS(w ResponseWriter, r *Msg) {
+	f(w, r)
+}
+
 // A ResponseWriter interface is used by an DNS handler to
 // construct an DNS response.
 type ResponseWriter interface {
@@ -49,11 +59,17 @@ type ResponseWriter interface {
 	Hijack()
 }
 
+// A ConnectionStater interface is used by a DNS Handler to access TLS connection state
+// when available.
+type ConnectionStater interface {
+	ConnectionState() *tls.ConnectionState
+}
+
 type response struct {
-	msg            []byte
+	closed         bool // connection has been closed
 	hijacked       bool // connection has been hijacked by handler
-	tsigStatus     error
 	tsigTimersOnly bool
+	tsigStatus     error
 	tsigRequestMAC string
 	tsigSecret     map[string]string // the tsig secrets
 	udp            *net.UDPConn      // i/o connection if UDP was used
@@ -62,35 +78,6 @@ type response struct {
 	writer         Writer            // writer to output the raw DNS bits
 }
 
-// ServeMux is an DNS request multiplexer. It matches the
-// zone name of each incoming request against a list of
-// registered patterns add calls the handler for the pattern
-// that most closely matches the zone name. ServeMux is DNSSEC aware, meaning
-// that queries for the DS record are redirected to the parent zone (if that
-// is also registered), otherwise the child gets the query.
-// ServeMux is also safe for concurrent access from multiple goroutines.
-type ServeMux struct {
-	z map[string]Handler
-	m *sync.RWMutex
-}
-
-// NewServeMux allocates and returns a new ServeMux.
-func NewServeMux() *ServeMux { return &ServeMux{z: make(map[string]Handler), m: new(sync.RWMutex)} }
-
-// DefaultServeMux is the default ServeMux used by Serve.
-var DefaultServeMux = NewServeMux()
-
-// The HandlerFunc type is an adapter to allow the use of
-// ordinary functions as DNS handlers.  If f is a function
-// with the appropriate signature, HandlerFunc(f) is a
-// Handler object that calls f.
-type HandlerFunc func(ResponseWriter, *Msg)
-
-// ServeDNS calls f(w, r).
-func (f HandlerFunc) ServeDNS(w ResponseWriter, r *Msg) {
-	f(w, r)
-}
-
 // HandleFailed returns a HandlerFunc that returns SERVFAIL for every request it gets.
 func HandleFailed(w ResponseWriter, r *Msg) {
 	m := new(Msg)
@@ -99,8 +86,6 @@ func HandleFailed(w ResponseWriter, r *Msg) {
 	w.WriteMsg(m)
 }
 
-func failedHandler() Handler { return HandlerFunc(HandleFailed) }
-
 // ListenAndServe Starts a server on address and network specified Invoke handler
 // for incoming queries.
 func ListenAndServe(addr string, network string, handler Handler) error {
@@ -139,99 +124,6 @@ func ActivateAndServe(l net.Listener, p net.PacketConn, handler Handler) error {
 	return server.ActivateAndServe()
 }
 
-func (mux *ServeMux) match(q string, t uint16) Handler {
-	mux.m.RLock()
-	defer mux.m.RUnlock()
-	var handler Handler
-	b := make([]byte, len(q)) // worst case, one label of length q
-	off := 0
-	end := false
-	for {
-		l := len(q[off:])
-		for i := 0; i < l; i++ {
-			b[i] = q[off+i]
-			if b[i] >= 'A' && b[i] <= 'Z' {
-				b[i] |= ('a' - 'A')
-			}
-		}
-		if h, ok := mux.z[string(b[:l])]; ok { // causes garbage, might want to change the map key
-			if t != TypeDS {
-				return h
-			}
-			// Continue for DS to see if we have a parent too, if so delegeate to the parent
-			handler = h
-		}
-		off, end = NextLabel(q, off)
-		if end {
-			break
-		}
-	}
-	// Wildcard match, if we have found nothing try the root zone as a last resort.
-	if h, ok := mux.z["."]; ok {
-		return h
-	}
-	return handler
-}
-
-// Handle adds a handler to the ServeMux for pattern.
-func (mux *ServeMux) Handle(pattern string, handler Handler) {
-	if pattern == "" {
-		panic("dns: invalid pattern " + pattern)
-	}
-	mux.m.Lock()
-	mux.z[Fqdn(pattern)] = handler
-	mux.m.Unlock()
-}
-
-// HandleFunc adds a handler function to the ServeMux for pattern.
-func (mux *ServeMux) HandleFunc(pattern string, handler func(ResponseWriter, *Msg)) {
-	mux.Handle(pattern, HandlerFunc(handler))
-}
-
-// HandleRemove deregistrars the handler specific for pattern from the ServeMux.
-func (mux *ServeMux) HandleRemove(pattern string) {
-	if pattern == "" {
-		panic("dns: invalid pattern " + pattern)
-	}
-	mux.m.Lock()
-	delete(mux.z, Fqdn(pattern))
-	mux.m.Unlock()
-}
-
-// ServeDNS dispatches the request to the handler whose
-// pattern most closely matches the request message. If DefaultServeMux
-// is used the correct thing for DS queries is done: a possible parent
-// is sought.
-// If no handler is found a standard SERVFAIL message is returned
-// If the request message does not have exactly one question in the
-// question section a SERVFAIL is returned, unlesss Unsafe is true.
-func (mux *ServeMux) ServeDNS(w ResponseWriter, request *Msg) {
-	var h Handler
-	if len(request.Question) < 1 { // allow more than one question
-		h = failedHandler()
-	} else {
-		if h = mux.match(request.Question[0].Name, request.Question[0].Qtype); h == nil {
-			h = failedHandler()
-		}
-	}
-	h.ServeDNS(w, request)
-}
-
-// Handle registers the handler with the given pattern
-// in the DefaultServeMux. The documentation for
-// ServeMux explains how patterns are matched.
-func Handle(pattern string, handler Handler) { DefaultServeMux.Handle(pattern, handler) }
-
-// HandleRemove deregisters the handle with the given pattern
-// in the DefaultServeMux.
-func HandleRemove(pattern string) { DefaultServeMux.HandleRemove(pattern) }
-
-// HandleFunc registers the handler function with the given pattern
-// in the DefaultServeMux.
-func HandleFunc(pattern string, handler func(ResponseWriter, *Msg)) {
-	DefaultServeMux.HandleFunc(pattern, handler)
-}
-
 // Writer writes raw DNS messages; each call to Write should send an entire message.
 type Writer interface {
 	io.Writer
@@ -253,11 +145,11 @@ type defaultReader struct {
 	*Server
 }
 
-func (dr *defaultReader) ReadTCP(conn net.Conn, timeout time.Duration) ([]byte, error) {
+func (dr defaultReader) ReadTCP(conn net.Conn, timeout time.Duration) ([]byte, error) {
 	return dr.readTCP(conn, timeout)
 }
 
-func (dr *defaultReader) ReadUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error) {
+func (dr defaultReader) ReadUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error) {
 	return dr.readUDP(conn, timeout)
 }
 
@@ -294,9 +186,6 @@ type Server struct {
 	IdleTimeout func() time.Duration
 	// Secret(s) for Tsig map[<zonename>]<base64 secret>. The zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2).
 	TsigSecret map[string]string
-	// Unsafe instructs the server to disregard any sanity checks and directly hand the message to
-	// the handler. It will specifically not check if the query has the QR bit not set.
-	Unsafe bool
 	// If NotifyStartedFunc is set it is called once the server has started listening.
 	NotifyStartedFunc func()
 	// DecorateReader is optional, allows customization of the process that reads raw DNS messages.
@@ -305,65 +194,64 @@ type Server struct {
 	DecorateWriter DecorateWriter
 	// Maximum number of TCP queries before we close the socket. Default is maxTCPQueries (unlimited if -1).
 	MaxTCPQueries int
+	// Whether to set the SO_REUSEPORT socket option, allowing multiple listeners to be bound to a single address.
+	// It is only supported on go1.11+ and when using ListenAndServe.
+	ReusePort bool
+	// AcceptMsgFunc will check the incoming message and will reject it early in the process.
+	// By default DefaultMsgAcceptFunc will be used.
+	MsgAcceptFunc MsgAcceptFunc
 
-	// UDP packet or TCP connection queue
-	queue chan *response
-	// Workers count
-	workersCount int32
 	// Shutdown handling
-	lock    sync.RWMutex
-	started bool
+	lock     sync.RWMutex
+	started  bool
+	shutdown chan struct{}
+	conns    map[net.Conn]struct{}
+
+	// A pool for UDP message buffers.
+	udpPool sync.Pool
 }
 
-func (srv *Server) worker(w *response) {
-	srv.serve(w)
+func (srv *Server) isStarted() bool {
+	srv.lock.RLock()
+	started := srv.started
+	srv.lock.RUnlock()
+	return started
+}
 
-	for {
-		count := atomic.LoadInt32(&srv.workersCount)
-		if count > maxWorkersCount {
-			return
-		}
-		if atomic.CompareAndSwapInt32(&srv.workersCount, count, count+1) {
-			break
-		}
+func makeUDPBuffer(size int) func() interface{} {
+	return func() interface{} {
+		return make([]byte, size)
 	}
+}
 
-	defer atomic.AddInt32(&srv.workersCount, -1)
+func (srv *Server) init() {
+	srv.shutdown = make(chan struct{})
+	srv.conns = make(map[net.Conn]struct{})
 
-	inUse := false
-	timeout := time.NewTimer(idleWorkerTimeout)
-	defer timeout.Stop()
-LOOP:
-	for {
-		select {
-		case w, ok := <-srv.queue:
-			if !ok {
-				break LOOP
-			}
-			inUse = true
-			srv.serve(w)
-		case <-timeout.C:
-			if !inUse {
-				break LOOP
-			}
-			inUse = false
-			timeout.Reset(idleWorkerTimeout)
-		}
+	if srv.UDPSize == 0 {
+		srv.UDPSize = MinMsgSize
+	}
+	if srv.MsgAcceptFunc == nil {
+		srv.MsgAcceptFunc = DefaultMsgAcceptFunc
 	}
+	if srv.Handler == nil {
+		srv.Handler = DefaultServeMux
+	}
+
+	srv.udpPool.New = makeUDPBuffer(srv.UDPSize)
 }
 
-func (srv *Server) spawnWorker(w *response) {
-	select {
-	case srv.queue <- w:
-	default:
-		go srv.worker(w)
-	}
+func unlockOnce(l sync.Locker) func() {
+	var once sync.Once
+	return func() { once.Do(l.Unlock) }
 }
 
 // ListenAndServe starts a nameserver on the configured address in *Server.
 func (srv *Server) ListenAndServe() error {
+	unlock := unlockOnce(&srv.lock)
 	srv.lock.Lock()
-	defer srv.lock.Unlock()
+	defer unlock()
+
 	if srv.started {
 		return &Error{err: "server already started"}
 	}
@@ -372,63 +260,46 @@ func (srv *Server) ListenAndServe() error {
 	if addr == "" {
 		addr = ":domain"
 	}
-	if srv.UDPSize == 0 {
-		srv.UDPSize = MinMsgSize
-	}
-	srv.queue = make(chan *response)
-	defer close(srv.queue)
+
+	srv.init()
+
 	switch srv.Net {
 	case "tcp", "tcp4", "tcp6":
-		a, err := net.ResolveTCPAddr(srv.Net, addr)
-		if err != nil {
-			return err
-		}
-		l, err := net.ListenTCP(srv.Net, a)
+		l, err := listenTCP(srv.Net, addr, srv.ReusePort)
 		if err != nil {
 			return err
 		}
 		srv.Listener = l
 		srv.started = true
-		srv.lock.Unlock()
-		err = srv.serveTCP(l)
-		srv.lock.Lock() // to satisfy the defer at the top
-		return err
+		unlock()
+		return srv.serveTCP(l)
 	case "tcp-tls", "tcp4-tls", "tcp6-tls":
-		network := "tcp"
-		if srv.Net == "tcp4-tls" {
-			network = "tcp4"
-		} else if srv.Net == "tcp6-tls" {
-			network = "tcp6"
+		if srv.TLSConfig == nil || (len(srv.TLSConfig.Certificates) == 0 && srv.TLSConfig.GetCertificate == nil) {
+			return errors.New("dns: neither Certificates nor GetCertificate set in Config")
 		}
-
-		l, err := tls.Listen(network, addr, srv.TLSConfig)
+		network := strings.TrimSuffix(srv.Net, "-tls")
+		l, err := listenTCP(network, addr, srv.ReusePort)
 		if err != nil {
 			return err
 		}
+		l = tls.NewListener(l, srv.TLSConfig)
 		srv.Listener = l
 		srv.started = true
-		srv.lock.Unlock()
-		err = srv.serveTCP(l)
-		srv.lock.Lock() // to satisfy the defer at the top
-		return err
+		unlock()
+		return srv.serveTCP(l)
 	case "udp", "udp4", "udp6":
-		a, err := net.ResolveUDPAddr(srv.Net, addr)
-		if err != nil {
-			return err
-		}
-		l, err := net.ListenUDP(srv.Net, a)
+		l, err := listenUDP(srv.Net, addr, srv.ReusePort)
 		if err != nil {
 			return err
 		}
-		if e := setUDPSocketOptions(l); e != nil {
+		u := l.(*net.UDPConn)
+		if e := setUDPSocketOptions(u); e != nil {
 			return e
 		}
 		srv.PacketConn = l
 		srv.started = true
-		srv.lock.Unlock()
-		err = srv.serveUDP(l)
-		srv.lock.Lock() // to satisfy the defer at the top
-		return err
+		unlock()
+		return srv.serveUDP(u)
 	}
 	return &Error{err: "bad network"}
 }
@@ -436,20 +307,19 @@ func (srv *Server) ListenAndServe() error {
 // ActivateAndServe starts a nameserver with the PacketConn or Listener
 // configured in *Server. Its main use is to start a server from systemd.
 func (srv *Server) ActivateAndServe() error {
+	unlock := unlockOnce(&srv.lock)
 	srv.lock.Lock()
-	defer srv.lock.Unlock()
+	defer unlock()
+
 	if srv.started {
 		return &Error{err: "server already started"}
 	}
 
+	srv.init()
+
 	pConn := srv.PacketConn
 	l := srv.Listener
-	srv.queue = make(chan *response)
-	defer close(srv.queue)
 	if pConn != nil {
-		if srv.UDPSize == 0 {
-			srv.UDPSize = MinMsgSize
-		}
 		// Check PacketConn interface's type is valid and value
 		// is not nil
 		if t, ok := pConn.(*net.UDPConn); ok && t != nil {
@@ -457,18 +327,14 @@ func (srv *Server) ActivateAndServe() error {
 				return e
 			}
 			srv.started = true
-			srv.lock.Unlock()
-			e := srv.serveUDP(t)
-			srv.lock.Lock() // to satisfy the defer at the top
-			return e
+			unlock()
+			return srv.serveUDP(t)
 		}
 	}
 	if l != nil {
 		srv.started = true
-		srv.lock.Unlock()
-		e := srv.serveTCP(l)
-		srv.lock.Lock() // to satisfy the defer at the top
-		return e
+		unlock()
+		return srv.serveTCP(l)
 	}
 	return &Error{err: "bad listeners"}
 }
@@ -476,30 +342,63 @@ func (srv *Server) ActivateAndServe() error {
 // Shutdown shuts down a server. After a call to Shutdown, ListenAndServe and
 // ActivateAndServe will return.
 func (srv *Server) Shutdown() error {
+	return srv.ShutdownContext(context.Background())
+}
+
+// ShutdownContext shuts down a server. After a call to ShutdownContext,
+// ListenAndServe and ActivateAndServe will return.
+//
+// A context.Context may be passed to limit how long to wait for connections
+// to terminate.
+func (srv *Server) ShutdownContext(ctx context.Context) error {
 	srv.lock.Lock()
 	if !srv.started {
 		srv.lock.Unlock()
 		return &Error{err: "server not started"}
 	}
+
 	srv.started = false
-	srv.lock.Unlock()
 
 	if srv.PacketConn != nil {
-		srv.PacketConn.Close()
+		srv.PacketConn.SetReadDeadline(aLongTimeAgo) // Unblock reads
 	}
+
 	if srv.Listener != nil {
 		srv.Listener.Close()
 	}
-	return nil
+
+	for rw := range srv.conns {
+		rw.SetReadDeadline(aLongTimeAgo) // Unblock reads
+	}
+
+	srv.lock.Unlock()
+
+	if testShutdownNotify != nil {
+		testShutdownNotify.Broadcast()
+	}
+
+	var ctxErr error
+	select {
+	case <-srv.shutdown:
+	case <-ctx.Done():
+		ctxErr = ctx.Err()
+	}
+
+	if srv.PacketConn != nil {
+		srv.PacketConn.Close()
+	}
+
+	return ctxErr
 }
 
+var testShutdownNotify *sync.Cond
+
 // getReadTimeout is a helper func to use system timeout if server did not intend to change it.
 func (srv *Server) getReadTimeout() time.Duration {
-	rtimeout := dnsTimeout
 	if srv.ReadTimeout != 0 {
-		rtimeout = srv.ReadTimeout
+		return srv.ReadTimeout
 	}
-	return rtimeout
+	return dnsTimeout
 }
 
 // serveTCP starts a TCP listener for the server.
@@ -510,22 +409,32 @@ func (srv *Server) serveTCP(l net.Listener) error {
 		srv.NotifyStartedFunc()
 	}
 
-	for {
+	var wg sync.WaitGroup
+	defer func() {
+		wg.Wait()
+		close(srv.shutdown)
+	}()
+
+	for srv.isStarted() {
 		rw, err := l.Accept()
-		srv.lock.RLock()
-		if !srv.started {
-			srv.lock.RUnlock()
-			return nil
-		}
-		srv.lock.RUnlock()
 		if err != nil {
+			if !srv.isStarted() {
+				return nil
+			}
 			if neterr, ok := err.(net.Error); ok && neterr.Temporary() {
 				continue
 			}
 			return err
 		}
-		srv.spawnWorker(&response{tsigSecret: srv.TsigSecret, tcp: rw})
+		srv.lock.Lock()
+		// Track the connection to allow unblocking reads on shutdown.
+		srv.conns[rw] = struct{}{}
+		srv.lock.Unlock()
+		wg.Add(1)
+		go srv.serveTCPConn(&wg, rw)
 	}
+
+	return nil
 }
 
 // serveUDP starts a UDP listener for the server.
@@ -536,58 +445,57 @@ func (srv *Server) serveUDP(l *net.UDPConn) error {
 		srv.NotifyStartedFunc()
 	}
 
-	reader := Reader(&defaultReader{srv})
+	reader := Reader(defaultReader{srv})
 	if srv.DecorateReader != nil {
 		reader = srv.DecorateReader(reader)
 	}
 
+	var wg sync.WaitGroup
+	defer func() {
+		wg.Wait()
+		close(srv.shutdown)
+	}()
+
 	rtimeout := srv.getReadTimeout()
 	// deadline is not used here
-	for {
+	for srv.isStarted() {
 		m, s, err := reader.ReadUDP(l, rtimeout)
-		srv.lock.RLock()
-		if !srv.started {
-			srv.lock.RUnlock()
-			return nil
-		}
-		srv.lock.RUnlock()
 		if err != nil {
+			if !srv.isStarted() {
+				return nil
+			}
 			if netErr, ok := err.(net.Error); ok && netErr.Temporary() {
 				continue
 			}
 			return err
 		}
 		if len(m) < headerSize {
+			if cap(m) == srv.UDPSize {
+				srv.udpPool.Put(m[:srv.UDPSize])
+			}
 			continue
 		}
-		srv.spawnWorker(&response{msg: m, tsigSecret: srv.TsigSecret, udp: l, udpSession: s})
+		wg.Add(1)
+		go srv.serveUDPPacket(&wg, m, l, s)
 	}
+
+	return nil
 }
 
-func (srv *Server) serve(w *response) {
+// Serve a new TCP connection.
+func (srv *Server) serveTCPConn(wg *sync.WaitGroup, rw net.Conn) {
+	w := &response{tsigSecret: srv.TsigSecret, tcp: rw}
 	if srv.DecorateWriter != nil {
 		w.writer = srv.DecorateWriter(w)
 	} else {
 		w.writer = w
 	}
 
-	if w.udp != nil {
-		// serve UDP
-		srv.serveDNS(w)
-		return
-	}
-
-	reader := Reader(&defaultReader{srv})
+	reader := Reader(defaultReader{srv})
 	if srv.DecorateReader != nil {
 		reader = srv.DecorateReader(reader)
 	}
 
-	defer func() {
-		if !w.hijacked {
-			w.Close()
-		}
-	}()
-
 	idleTimeout := tcpIdleTimeout
 	if srv.IdleTimeout != nil {
 		idleTimeout = srv.IdleTimeout()
@@ -600,15 +508,14 @@ func (srv *Server) serve(w *response) {
 		limit = maxTCPQueries
 	}
 
-	for q := 0; q < limit || limit == -1; q++ {
-		var err error
-		w.msg, err = reader.ReadTCP(w.tcp, timeout)
+	for q := 0; (q < limit || limit == -1) && srv.isStarted(); q++ {
+		m, err := reader.ReadTCP(w.tcp, timeout)
 		if err != nil {
 			// TODO(tmthrgd): handle error
 			break
 		}
-		srv.serveDNS(w)
-		if w.tcp == nil {
+		srv.serveDNS(m, w)
+		if w.closed {
 			break // Close() was called
 		}
 		if w.hijacked {
@@ -618,18 +525,67 @@ func (srv *Server) serve(w *response) {
 		// idle timeout.
 		timeout = idleTimeout
 	}
+
+	if !w.hijacked {
+		w.Close()
+	}
+
+	srv.lock.Lock()
+	delete(srv.conns, w.tcp)
+	srv.lock.Unlock()
+
+	wg.Done()
 }
 
-func (srv *Server) serveDNS(w *response) {
-	req := new(Msg)
-	err := req.Unpack(w.msg)
-	if err != nil { // Send a FormatError back
-		x := new(Msg)
-		x.SetRcodeFormatError(req)
-		w.WriteMsg(x)
+// Serve a new UDP request.
+func (srv *Server) serveUDPPacket(wg *sync.WaitGroup, m []byte, u *net.UDPConn, s *SessionUDP) {
+	w := &response{tsigSecret: srv.TsigSecret, udp: u, udpSession: s}
+	if srv.DecorateWriter != nil {
+		w.writer = srv.DecorateWriter(w)
+	} else {
+		w.writer = w
+	}
+
+	srv.serveDNS(m, w)
+	wg.Done()
+}
+
+func (srv *Server) serveDNS(m []byte, w *response) {
+	dh, off, err := unpackMsgHdr(m, 0)
+	if err != nil {
+		// Let client hang, they are sending crap; any reply can be used to amplify.
 		return
 	}
-	if !srv.Unsafe && req.Response {
+
+	req := new(Msg)
+	req.setHdr(dh)
+
+	switch action := srv.MsgAcceptFunc(dh); action {
+	case MsgAccept:
+		if req.unpack(dh, m, off) == nil {
+			break
+		}
+
+		fallthrough
+	case MsgReject, MsgRejectNotImplemented:
+		opcode := req.Opcode
+		req.SetRcodeFormatError(req)
+		req.Zero = false
+		if action == MsgRejectNotImplemented {
+			req.Opcode = opcode
+			req.Rcode = RcodeNotImplemented
+		}
+
+		// Are we allowed to delete any OPT records here?
+		req.Ns, req.Answer, req.Extra = nil, nil, nil
+
+		w.WriteMsg(req)
+		fallthrough
+	case MsgIgnore:
+		if w.udp != nil && cap(m) == srv.UDPSize {
+			srv.udpPool.Put(m[:srv.UDPSize])
+		}
+
 		return
 	}
 
@@ -637,7 +593,7 @@ func (srv *Server) serveDNS(w *response) {
 	if w.tsigSecret != nil {
 		if t := req.IsTsig(); t != nil {
 			if secret, ok := w.tsigSecret[t.Hdr.Name]; ok {
-				w.tsigStatus = TsigVerify(w.msg, secret, "", false)
+				w.tsigStatus = TsigVerify(m, secret, "", false)
 			} else {
 				w.tsigStatus = ErrSecret
 			}
@@ -646,54 +602,49 @@ func (srv *Server) serveDNS(w *response) {
 		}
 	}
 
-	handler := srv.Handler
-	if handler == nil {
-		handler = DefaultServeMux
+	if w.udp != nil && cap(m) == srv.UDPSize {
+		srv.udpPool.Put(m[:srv.UDPSize])
 	}
 
-	handler.ServeDNS(w, req) // Writes back to the client
+	srv.Handler.ServeDNS(w, req) // Writes back to the client
 }
 
 func (srv *Server) readTCP(conn net.Conn, timeout time.Duration) ([]byte, error) {
-	conn.SetReadDeadline(time.Now().Add(timeout))
-	l := make([]byte, 2)
-	n, err := conn.Read(l)
-	if err != nil || n != 2 {
-		if err != nil {
-			return nil, err
-		}
-		return nil, ErrShortRead
-	}
-	length := binary.BigEndian.Uint16(l)
-	if length == 0 {
-		return nil, ErrShortRead
+	// If we race with ShutdownContext, the read deadline may
+	// have been set in the distant past to unblock the read
+	// below. We must not override it, otherwise we may block
+	// ShutdownContext.
+	srv.lock.RLock()
+	if srv.started {
+		conn.SetReadDeadline(time.Now().Add(timeout))
 	}
-	m := make([]byte, int(length))
-	n, err = conn.Read(m[:int(length)])
-	if err != nil || n == 0 {
-		if err != nil {
-			return nil, err
-		}
-		return nil, ErrShortRead
+	srv.lock.RUnlock()
+
+	var length uint16
+	if err := binary.Read(conn, binary.BigEndian, &length); err != nil {
+		return nil, err
 	}
-	i := n
-	for i < int(length) {
-		j, err := conn.Read(m[i:int(length)])
-		if err != nil {
-			return nil, err
-		}
-		i += j
+
+	m := make([]byte, length)
+	if _, err := io.ReadFull(conn, m); err != nil {
+		return nil, err
 	}
-	n = i
-	m = m[:n]
+
 	return m, nil
 }
 
 func (srv *Server) readUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error) {
-	conn.SetReadDeadline(time.Now().Add(timeout))
-	m := make([]byte, srv.UDPSize)
+	srv.lock.RLock()
+	if srv.started {
+		// See the comment in readTCP above.
+		conn.SetReadDeadline(time.Now().Add(timeout))
+	}
+	srv.lock.RUnlock()
+
+	m := srv.udpPool.Get().([]byte)
 	n, s, err := ReadFromSessionUDP(conn, m)
 	if err != nil {
+		srv.udpPool.Put(m)
 		return nil, nil, err
 	}
 	m = m[:n]
@@ -702,6 +653,10 @@ func (srv *Server) readUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *S
 
 // WriteMsg implements the ResponseWriter.WriteMsg method.
 func (w *response) WriteMsg(m *Msg) (err error) {
+	if w.closed {
+		return &Error{err: "WriteMsg called after Close"}
+	}
+
 	var data []byte
 	if w.tsigSecret != nil { // if no secrets, dont check for the tsig (which is a longer check)
 		if t := m.IsTsig(); t != nil {
@@ -723,42 +678,50 @@ func (w *response) WriteMsg(m *Msg) (err error) {
 
 // Write implements the ResponseWriter.Write method.
 func (w *response) Write(m []byte) (int, error) {
+	if w.closed {
+		return 0, &Error{err: "Write called after Close"}
+	}
+
 	switch {
 	case w.udp != nil:
-		n, err := WriteToSessionUDP(w.udp, m, w.udpSession)
-		return n, err
+		return WriteToSessionUDP(w.udp, m, w.udpSession)
 	case w.tcp != nil:
-		lm := len(m)
-		if lm < 2 {
-			return 0, io.ErrShortBuffer
-		}
-		if lm > MaxMsgSize {
+		if len(m) > MaxMsgSize {
 			return 0, &Error{err: "message too large"}
 		}
-		l := make([]byte, 2, 2+lm)
-		binary.BigEndian.PutUint16(l, uint16(lm))
-		m = append(l, m...)
 
-		n, err := io.Copy(w.tcp, bytes.NewReader(m))
+		l := make([]byte, 2)
+		binary.BigEndian.PutUint16(l, uint16(len(m)))
+
+		n, err := (&net.Buffers{l, m}).WriteTo(w.tcp)
 		return int(n), err
+	default:
+		panic("dns: internal error: udp and tcp both nil")
 	}
-	panic("not reached")
 }
 
 // LocalAddr implements the ResponseWriter.LocalAddr method.
 func (w *response) LocalAddr() net.Addr {
-	if w.tcp != nil {
+	switch {
+	case w.udp != nil:
+		return w.udp.LocalAddr()
+	case w.tcp != nil:
 		return w.tcp.LocalAddr()
+	default:
+		panic("dns: internal error: udp and tcp both nil")
 	}
-	return w.udp.LocalAddr()
 }
 
 // RemoteAddr implements the ResponseWriter.RemoteAddr method.
 func (w *response) RemoteAddr() net.Addr {
-	if w.tcp != nil {
+	switch {
+	case w.udpSession != nil:
+		return w.udpSession.RemoteAddr()
+	case w.tcp != nil:
 		return w.tcp.RemoteAddr()
+	default:
+		panic("dns: internal error: udpSession and tcp both nil")
 	}
-	return w.udpSession.RemoteAddr()
 }
 
 // TsigStatus implements the ResponseWriter.TsigStatus method.
@@ -772,11 +735,30 @@ func (w *response) Hijack() { w.hijacked = true }
 
 // Close implements the ResponseWriter.Close method
 func (w *response) Close() error {
-	// Can't close the udp conn, as that is actually the listener.
-	if w.tcp != nil {
-		e := w.tcp.Close()
-		w.tcp = nil
-		return e
+	if w.closed {
+		return &Error{err: "connection already closed"}
+	}
+	w.closed = true
+
+	switch {
+	case w.udp != nil:
+		// Can't close the udp conn, as that is actually the listener.
+		return nil
+	case w.tcp != nil:
+		return w.tcp.Close()
+	default:
+		panic("dns: internal error: udp and tcp both nil")
+	}
+}
+
+// ConnectionState() implements the ConnectionStater.ConnectionState() interface.
+func (w *response) ConnectionState() *tls.ConnectionState {
+	type tlsConnectionStater interface {
+		ConnectionState() tls.ConnectionState
+	}
+	if v, ok := w.tcp.(tlsConnectionStater); ok {
+		t := v.ConnectionState()
+		return &t
 	}
 	return nil
 }
diff --git a/vendor/github.com/miekg/dns/sig0.go b/vendor/github.com/miekg/dns/sig0.go
index f31e9e6843dd2..55cf1c3863ac2 100644
--- a/vendor/github.com/miekg/dns/sig0.go
+++ b/vendor/github.com/miekg/dns/sig0.go
@@ -21,15 +21,11 @@ func (rr *SIG) Sign(k crypto.Signer, m *Msg) ([]byte, error) {
 	if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
 		return nil, ErrKey
 	}
-	rr.Header().Rrtype = TypeSIG
-	rr.Header().Class = ClassANY
-	rr.Header().Ttl = 0
-	rr.Header().Name = "."
-	rr.OrigTtl = 0
-	rr.TypeCovered = 0
-	rr.Labels = 0
 
-	buf := make([]byte, m.Len()+rr.len())
+	rr.Hdr = RR_Header{Name: ".", Rrtype: TypeSIG, Class: ClassANY, Ttl: 0}
+	rr.OrigTtl, rr.TypeCovered, rr.Labels = 0, 0, 0
+
+	buf := make([]byte, m.Len()+Len(rr))
 	mbuf, err := m.PackBuffer(buf)
 	if err != nil {
 		return nil, err
@@ -107,7 +103,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
 	anc := binary.BigEndian.Uint16(buf[6:])
 	auc := binary.BigEndian.Uint16(buf[8:])
 	adc := binary.BigEndian.Uint16(buf[10:])
-	offset := 12
+	offset := headerSize
 	var err error
 	for i := uint16(0); i < qdc && offset < buflen; i++ {
 		_, offset, err = UnpackDomainName(buf, offset)
@@ -127,8 +123,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
 		if offset+1 >= buflen {
 			continue
 		}
-		var rdlen uint16
-		rdlen = binary.BigEndian.Uint16(buf[offset:])
+		rdlen := binary.BigEndian.Uint16(buf[offset:])
 		offset += 2
 		offset += int(rdlen)
 	}
@@ -168,7 +163,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
 	}
 	// If key has come from the DNS name compression might
 	// have mangled the case of the name
-	if strings.ToLower(signername) != strings.ToLower(k.Header().Name) {
+	if !strings.EqualFold(signername, k.Header().Name) {
 		return &Error{err: "signer name doesn't match key name"}
 	}
 	sigend := offset
@@ -186,10 +181,8 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
 	case DSA:
 		pk := k.publicKeyDSA()
 		sig = sig[1:]
-		r := big.NewInt(0)
-		r.SetBytes(sig[:len(sig)/2])
-		s := big.NewInt(0)
-		s.SetBytes(sig[len(sig)/2:])
+		r := new(big.Int).SetBytes(sig[:len(sig)/2])
+		s := new(big.Int).SetBytes(sig[len(sig)/2:])
 		if pk != nil {
 			if dsa.Verify(pk, hashed, r, s) {
 				return nil
@@ -203,10 +196,8 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
 		}
 	case ECDSAP256SHA256, ECDSAP384SHA384:
 		pk := k.publicKeyECDSA()
-		r := big.NewInt(0)
-		r.SetBytes(sig[:len(sig)/2])
-		s := big.NewInt(0)
-		s.SetBytes(sig[len(sig)/2:])
+		r := new(big.Int).SetBytes(sig[:len(sig)/2])
+		s := new(big.Int).SetBytes(sig[len(sig)/2:])
 		if pk != nil {
 			if ecdsa.Verify(pk, hashed, r, s) {
 				return nil
diff --git a/vendor/github.com/miekg/dns/singleinflight.go b/vendor/github.com/miekg/dns/singleinflight.go
index 9573c7d0b8c25..febcc300fe179 100644
--- a/vendor/github.com/miekg/dns/singleinflight.go
+++ b/vendor/github.com/miekg/dns/singleinflight.go
@@ -23,6 +23,8 @@ type call struct {
 type singleflight struct {
 	sync.Mutex                  // protects m
 	m          map[string]*call // lazily initialized
+
+	dontDeleteForTesting bool // this is only to be used by TestConcurrentExchanges
 }
 
 // Do executes and returns the results of the given function, making
@@ -49,9 +51,11 @@ func (g *singleflight) Do(key string, fn func() (*Msg, time.Duration, error)) (v
 	c.val, c.rtt, c.err = fn()
 	c.wg.Done()
 
-	g.Lock()
-	delete(g.m, key)
-	g.Unlock()
+	if !g.dontDeleteForTesting {
+		g.Lock()
+		delete(g.m, key)
+		g.Unlock()
+	}
 
 	return c.val, c.rtt, c.err, c.dups > 0
 }
diff --git a/vendor/github.com/miekg/dns/smimea.go b/vendor/github.com/miekg/dns/smimea.go
index 4e7ded4b386e0..89f09f0d10c16 100644
--- a/vendor/github.com/miekg/dns/smimea.go
+++ b/vendor/github.com/miekg/dns/smimea.go
@@ -14,10 +14,7 @@ func (r *SMIMEA) Sign(usage, selector, matchingType int, cert *x509.Certificate)
 	r.MatchingType = uint8(matchingType)
 
 	r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert)
-	if err != nil {
-		return err
-	}
-	return nil
+	return err
 }
 
 // Verify verifies a SMIMEA record against an SSL certificate. If it is OK
diff --git a/vendor/github.com/miekg/dns/tlsa.go b/vendor/github.com/miekg/dns/tlsa.go
index 431e2fb5afca8..4e07983b9787c 100644
--- a/vendor/github.com/miekg/dns/tlsa.go
+++ b/vendor/github.com/miekg/dns/tlsa.go
@@ -14,10 +14,7 @@ func (r *TLSA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (
 	r.MatchingType = uint8(matchingType)
 
 	r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert)
-	if err != nil {
-		return err
-	}
-	return nil
+	return err
 }
 
 // Verify verifies a TLSA record against an SSL certificate. If it is OK
diff --git a/vendor/github.com/miekg/dns/tsig.go b/vendor/github.com/miekg/dns/tsig.go
index 4837b4ab1fd81..61efa248e67b1 100644
--- a/vendor/github.com/miekg/dns/tsig.go
+++ b/vendor/github.com/miekg/dns/tsig.go
@@ -40,7 +40,7 @@ type TSIG struct {
 // TSIG has no official presentation format, but this will suffice.
 
 func (rr *TSIG) String() string {
-	s := "\n;; TSIG PSEUDOSECTION:\n"
+	s := "\n;; TSIG PSEUDOSECTION:\n; " // add another semi-colon to signify TSIG does not have a presentation format
 	s += rr.Hdr.String() +
 		" " + rr.Algorithm +
 		" " + tsigTimeToString(rr.TimeSigned) +
@@ -54,6 +54,10 @@ func (rr *TSIG) String() string {
 	return s
 }
 
+func (rr *TSIG) parse(c *zlexer, origin string) *ParseError {
+	panic("dns: internal error: parse should never be called on TSIG")
+}
+
 // The following values must be put in wireformat, so that the MAC can be calculated.
 // RFC 2845, section 3.4.2. TSIG Variables.
 type tsigWireFmt struct {
@@ -113,13 +117,13 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, s
 	var h hash.Hash
 	switch strings.ToLower(rr.Algorithm) {
 	case HmacMD5:
-		h = hmac.New(md5.New, []byte(rawsecret))
+		h = hmac.New(md5.New, rawsecret)
 	case HmacSHA1:
-		h = hmac.New(sha1.New, []byte(rawsecret))
+		h = hmac.New(sha1.New, rawsecret)
 	case HmacSHA256:
-		h = hmac.New(sha256.New, []byte(rawsecret))
+		h = hmac.New(sha256.New, rawsecret)
 	case HmacSHA512:
-		h = hmac.New(sha512.New, []byte(rawsecret))
+		h = hmac.New(sha512.New, rawsecret)
 	default:
 		return nil, "", ErrKeyAlg
 	}
@@ -133,13 +137,12 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, s
 	t.Algorithm = rr.Algorithm
 	t.OrigId = m.Id
 
-	tbuf := make([]byte, t.len())
-	if off, err := PackRR(t, tbuf, 0, nil, false); err == nil {
-		tbuf = tbuf[:off] // reset to actual size used
-	} else {
+	tbuf := make([]byte, Len(t))
+	off, err := PackRR(t, tbuf, 0, nil, false)
+	if err != nil {
 		return nil, "", err
 	}
-	mbuf = append(mbuf, tbuf...)
+	mbuf = append(mbuf, tbuf[:off]...)
 	// Update the ArCount directly in the buffer.
 	binary.BigEndian.PutUint16(mbuf[10:], uint16(len(m.Extra)+1))
 
diff --git a/vendor/github.com/miekg/dns/types.go b/vendor/github.com/miekg/dns/types.go
index a779ca8abc0e3..a6048cb1dd683 100644
--- a/vendor/github.com/miekg/dns/types.go
+++ b/vendor/github.com/miekg/dns/types.go
@@ -1,6 +1,7 @@
 package dns
 
 import (
+	"bytes"
 	"fmt"
 	"net"
 	"strconv"
@@ -61,6 +62,7 @@ const (
 	TypeCERT       uint16 = 37
 	TypeDNAME      uint16 = 39
 	TypeOPT        uint16 = 41 // EDNS
+	TypeAPL        uint16 = 42
 	TypeDS         uint16 = 43
 	TypeSSHFP      uint16 = 44
 	TypeRRSIG      uint16 = 46
@@ -205,9 +207,6 @@ var CertTypeToString = map[uint16]string{
 	CertOID:     "OID",
 }
 
-// StringToCertType is the reverseof CertTypeToString.
-var StringToCertType = reverseInt16(CertTypeToString)
-
 //go:generate go run types_generate.go
 
 // Question holds a DNS question. There can be multiple questions in the
@@ -218,8 +217,10 @@ type Question struct {
 	Qclass uint16
 }
 
-func (q *Question) len() int {
-	return len(q.Name) + 1 + 2 + 2
+func (q *Question) len(off int, compression map[string]struct{}) int {
+	l := domainNameLen(q.Name, off, compression, true)
+	l += 2 + 2
+	return l
 }
 
 func (q *Question) String() (s string) {
@@ -239,6 +240,25 @@ type ANY struct {
 
 func (rr *ANY) String() string { return rr.Hdr.String() }
 
+func (rr *ANY) parse(c *zlexer, origin string) *ParseError {
+	panic("dns: internal error: parse should never be called on ANY")
+}
+
+// NULL RR. See RFC 1035.
+type NULL struct {
+	Hdr  RR_Header
+	Data string `dns:"any"`
+}
+
+func (rr *NULL) String() string {
+	// There is no presentation format; prefix string with a comment.
+	return ";" + rr.Hdr.String() + rr.Data
+}
+
+func (rr *NULL) parse(c *zlexer, origin string) *ParseError {
+	panic("dns: internal error: parse should never be called on NULL")
+}
+
 // CNAME RR. See RFC 1034.
 type CNAME struct {
 	Hdr    RR_Header
@@ -330,7 +350,7 @@ func (rr *MX) String() string {
 type AFSDB struct {
 	Hdr      RR_Header
 	Subtype  uint16
-	Hostname string `dns:"cdomain-name"`
+	Hostname string `dns:"domain-name"`
 }
 
 func (rr *AFSDB) String() string {
@@ -351,7 +371,7 @@ func (rr *X25) String() string {
 type RT struct {
 	Hdr        RR_Header
 	Preference uint16
-	Host       string `dns:"cdomain-name"`
+	Host       string `dns:"domain-name"` // RFC 3597 prohibits compressing records not defined in RFC 1035.
 }
 
 func (rr *RT) String() string {
@@ -386,7 +406,7 @@ type RP struct {
 }
 
 func (rr *RP) String() string {
-	return rr.Hdr.String() + rr.Mbox + " " + sprintTxt([]string{rr.Txt})
+	return rr.Hdr.String() + sprintName(rr.Mbox) + " " + sprintName(rr.Txt)
 }
 
 // SOA RR. See RFC 1035.
@@ -419,128 +439,173 @@ type TXT struct {
 func (rr *TXT) String() string { return rr.Hdr.String() + sprintTxt(rr.Txt) }
 
 func sprintName(s string) string {
-	src := []byte(s)
-	dst := make([]byte, 0, len(src))
-	for i := 0; i < len(src); {
-		if i+1 < len(src) && src[i] == '\\' && src[i+1] == '.' {
-			dst = append(dst, src[i:i+2]...)
+	var dst strings.Builder
+
+	for i := 0; i < len(s); {
+		if i+1 < len(s) && s[i] == '\\' && s[i+1] == '.' {
+			if dst.Len() != 0 {
+				dst.WriteString(s[i : i+2])
+			}
 			i += 2
-		} else {
-			b, n := nextByte(src, i)
-			if n == 0 {
-				i++ // dangling back slash
-			} else if b == '.' {
-				dst = append(dst, b)
-			} else {
-				dst = appendDomainNameByte(dst, b)
+			continue
+		}
+
+		b, n := nextByte(s, i)
+		if n == 0 {
+			i++
+			continue
+		}
+		if b == '.' {
+			if dst.Len() != 0 {
+				dst.WriteByte('.')
 			}
 			i += n
+			continue
 		}
+		switch b {
+		case ' ', '\'', '@', ';', '(', ')', '"', '\\': // additional chars to escape
+			if dst.Len() == 0 {
+				dst.Grow(len(s) * 2)
+				dst.WriteString(s[:i])
+			}
+			dst.WriteByte('\\')
+			dst.WriteByte(b)
+		default:
+			if ' ' <= b && b <= '~' {
+				if dst.Len() != 0 {
+					dst.WriteByte(b)
+				}
+			} else {
+				if dst.Len() == 0 {
+					dst.Grow(len(s) * 2)
+					dst.WriteString(s[:i])
+				}
+				dst.WriteString(escapeByte(b))
+			}
+		}
+		i += n
+	}
+	if dst.Len() == 0 {
+		return s
 	}
-	return string(dst)
+	return dst.String()
 }
 
 func sprintTxtOctet(s string) string {
-	src := []byte(s)
-	dst := make([]byte, 0, len(src))
-	dst = append(dst, '"')
-	for i := 0; i < len(src); {
-		if i+1 < len(src) && src[i] == '\\' && src[i+1] == '.' {
-			dst = append(dst, src[i:i+2]...)
+	var dst strings.Builder
+	dst.Grow(2 + len(s))
+	dst.WriteByte('"')
+	for i := 0; i < len(s); {
+		if i+1 < len(s) && s[i] == '\\' && s[i+1] == '.' {
+			dst.WriteString(s[i : i+2])
 			i += 2
-		} else {
-			b, n := nextByte(src, i)
-			if n == 0 {
-				i++ // dangling back slash
-			} else if b == '.' {
-				dst = append(dst, b)
-			} else {
-				if b < ' ' || b > '~' {
-					dst = appendByte(dst, b)
-				} else {
-					dst = append(dst, b)
-				}
-			}
-			i += n
+			continue
+		}
+
+		b, n := nextByte(s, i)
+		switch {
+		case n == 0:
+			i++ // dangling back slash
+		case b == '.':
+			dst.WriteByte('.')
+		case b < ' ' || b > '~':
+			dst.WriteString(escapeByte(b))
+		default:
+			dst.WriteByte(b)
 		}
+		i += n
 	}
-	dst = append(dst, '"')
-	return string(dst)
+	dst.WriteByte('"')
+	return dst.String()
 }
 
 func sprintTxt(txt []string) string {
-	var out []byte
+	var out strings.Builder
 	for i, s := range txt {
+		out.Grow(3 + len(s))
 		if i > 0 {
-			out = append(out, ` "`...)
+			out.WriteString(` "`)
 		} else {
-			out = append(out, '"')
+			out.WriteByte('"')
 		}
-		bs := []byte(s)
-		for j := 0; j < len(bs); {
-			b, n := nextByte(bs, j)
+		for j := 0; j < len(s); {
+			b, n := nextByte(s, j)
 			if n == 0 {
 				break
 			}
-			out = appendTXTStringByte(out, b)
+			writeTXTStringByte(&out, b)
 			j += n
 		}
-		out = append(out, '"')
+		out.WriteByte('"')
 	}
-	return string(out)
-}
-
-func appendDomainNameByte(s []byte, b byte) []byte {
-	switch b {
-	case '.', ' ', '\'', '@', ';', '(', ')': // additional chars to escape
-		return append(s, '\\', b)
+	return out.String()
+}
+
+func writeTXTStringByte(s *strings.Builder, b byte) {
+	switch {
+	case b == '"' || b == '\\':
+		s.WriteByte('\\')
+		s.WriteByte(b)
+	case b < ' ' || b > '~':
+		s.WriteString(escapeByte(b))
+	default:
+		s.WriteByte(b)
 	}
-	return appendTXTStringByte(s, b)
 }
 
-func appendTXTStringByte(s []byte, b byte) []byte {
-	switch b {
-	case '"', '\\':
-		return append(s, '\\', b)
-	}
-	if b < ' ' || b > '~' {
-		return appendByte(s, b)
-	}
-	return append(s, b)
-}
+const (
+	escapedByteSmall = "" +
+		`\000\001\002\003\004\005\006\007\008\009` +
+		`\010\011\012\013\014\015\016\017\018\019` +
+		`\020\021\022\023\024\025\026\027\028\029` +
+		`\030\031`
+	escapedByteLarge = `\127\128\129` +
+		`\130\131\132\133\134\135\136\137\138\139` +
+		`\140\141\142\143\144\145\146\147\148\149` +
+		`\150\151\152\153\154\155\156\157\158\159` +
+		`\160\161\162\163\164\165\166\167\168\169` +
+		`\170\171\172\173\174\175\176\177\178\179` +
+		`\180\181\182\183\184\185\186\187\188\189` +
+		`\190\191\192\193\194\195\196\197\198\199` +
+		`\200\201\202\203\204\205\206\207\208\209` +
+		`\210\211\212\213\214\215\216\217\218\219` +
+		`\220\221\222\223\224\225\226\227\228\229` +
+		`\230\231\232\233\234\235\236\237\238\239` +
+		`\240\241\242\243\244\245\246\247\248\249` +
+		`\250\251\252\253\254\255`
+)
 
-func appendByte(s []byte, b byte) []byte {
-	var buf [3]byte
-	bufs := strconv.AppendInt(buf[:0], int64(b), 10)
-	s = append(s, '\\')
-	for i := 0; i < 3-len(bufs); i++ {
-		s = append(s, '0')
-	}
-	for _, r := range bufs {
-		s = append(s, r)
+// escapeByte returns the \DDD escaping of b which must
+// satisfy b < ' ' || b > '~'.
+func escapeByte(b byte) string {
+	if b < ' ' {
+		return escapedByteSmall[b*4 : b*4+4]
 	}
-	return s
+
+	b -= '~' + 1
+	// The cast here is needed as b*4 may overflow byte.
+	return escapedByteLarge[int(b)*4 : int(b)*4+4]
 }
 
-func nextByte(b []byte, offset int) (byte, int) {
-	if offset >= len(b) {
+func nextByte(s string, offset int) (byte, int) {
+	if offset >= len(s) {
 		return 0, 0
 	}
-	if b[offset] != '\\' {
+	if s[offset] != '\\' {
 		// not an escape sequence
-		return b[offset], 1
+		return s[offset], 1
 	}
-	switch len(b) - offset {
+	switch len(s) - offset {
 	case 1: // dangling escape
 		return 0, 0
 	case 2, 3: // too short to be \ddd
 	default: // maybe \ddd
-		if isDigit(b[offset+1]) && isDigit(b[offset+2]) && isDigit(b[offset+3]) {
-			return dddToByte(b[offset+1:]), 4
+		if isDigit(s[offset+1]) && isDigit(s[offset+2]) && isDigit(s[offset+3]) {
+			return dddStringToByte(s[offset+1:]), 4
 		}
 	}
 	// not \ddd, just an RFC 1035 "quoted" character
-	return b[offset+1], 2
+	return s[offset+1], 2
 }
 
 // SPF RR. See RFC 4408, Section 3.1.1.
@@ -728,7 +793,7 @@ func (rr *LOC) String() string {
 	lat = lat % LOC_DEGREES
 	m := lat / LOC_HOURS
 	lat = lat % LOC_HOURS
-	s += fmt.Sprintf("%02d %02d %0.3f %s ", h, m, (float64(lat) / 1000), ns)
+	s += fmt.Sprintf("%02d %02d %0.3f %s ", h, m, float64(lat)/1000, ns)
 
 	lon := rr.Longitude
 	ew := "E"
@@ -742,7 +807,7 @@ func (rr *LOC) String() string {
 	lon = lon % LOC_DEGREES
 	m = lon / LOC_HOURS
 	lon = lon % LOC_HOURS
-	s += fmt.Sprintf("%02d %02d %0.3f %s ", h, m, (float64(lon) / 1000), ew)
+	s += fmt.Sprintf("%02d %02d %0.3f %s ", h, m, float64(lon)/1000, ew)
 
 	var alt = float64(rr.Altitude) / 100
 	alt -= LOC_ALTITUDEBASE
@@ -752,9 +817,9 @@ func (rr *LOC) String() string {
 		s += fmt.Sprintf("%.0fm ", alt)
 	}
 
-	s += cmToM((rr.Size&0xf0)>>4, rr.Size&0x0f) + "m "
-	s += cmToM((rr.HorizPre&0xf0)>>4, rr.HorizPre&0x0f) + "m "
-	s += cmToM((rr.VertPre&0xf0)>>4, rr.VertPre&0x0f) + "m"
+	s += cmToM(rr.Size&0xf0>>4, rr.Size&0x0f) + "m "
+	s += cmToM(rr.HorizPre&0xf0>>4, rr.HorizPre&0x0f) + "m "
+	s += cmToM(rr.VertPre&0xf0>>4, rr.VertPre&0x0f) + "m"
 
 	return s
 }
@@ -801,22 +866,16 @@ type NSEC struct {
 
 func (rr *NSEC) String() string {
 	s := rr.Hdr.String() + sprintName(rr.NextDomain)
-	for i := 0; i < len(rr.TypeBitMap); i++ {
-		s += " " + Type(rr.TypeBitMap[i]).String()
+	for _, t := range rr.TypeBitMap {
+		s += " " + Type(t).String()
 	}
 	return s
 }
 
-func (rr *NSEC) len() int {
-	l := rr.Hdr.len() + len(rr.NextDomain) + 1
-	lastwindow := uint32(2 ^ 32 + 1)
-	for _, t := range rr.TypeBitMap {
-		window := t / 256
-		if uint32(window) != lastwindow {
-			l += 1 + 32
-		}
-		lastwindow = uint32(window)
-	}
+func (rr *NSEC) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.NextDomain, off+l, compression, false)
+	l += typeBitMapLen(rr.TypeBitMap)
 	return l
 }
 
@@ -966,22 +1025,16 @@ func (rr *NSEC3) String() string {
 		" " + strconv.Itoa(int(rr.Iterations)) +
 		" " + saltToString(rr.Salt) +
 		" " + rr.NextDomain
-	for i := 0; i < len(rr.TypeBitMap); i++ {
-		s += " " + Type(rr.TypeBitMap[i]).String()
+	for _, t := range rr.TypeBitMap {
+		s += " " + Type(t).String()
 	}
 	return s
 }
 
-func (rr *NSEC3) len() int {
-	l := rr.Hdr.len() + 6 + len(rr.Salt)/2 + 1 + len(rr.NextDomain) + 1
-	lastwindow := uint32(2 ^ 32 + 1)
-	for _, t := range rr.TypeBitMap {
-		window := t / 256
-		if uint32(window) != lastwindow {
-			l += 1 + 32
-		}
-		lastwindow = uint32(window)
-	}
+func (rr *NSEC3) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += 6 + len(rr.Salt)/2 + 1 + len(rr.NextDomain) + 1
+	l += typeBitMapLen(rr.TypeBitMap)
 	return l
 }
 
@@ -1020,10 +1073,16 @@ type TKEY struct {
 
 // TKEY has no official presentation format, but this will suffice.
 func (rr *TKEY) String() string {
-	s := "\n;; TKEY PSEUDOSECTION:\n"
-	s += rr.Hdr.String() + " " + rr.Algorithm + " " +
-		strconv.Itoa(int(rr.KeySize)) + " " + rr.Key + " " +
-		strconv.Itoa(int(rr.OtherLen)) + " " + rr.OtherData
+	s := ";" + rr.Hdr.String() +
+		" " + rr.Algorithm +
+		" " + TimeToString(rr.Inception) +
+		" " + TimeToString(rr.Expiration) +
+		" " + strconv.Itoa(int(rr.Mode)) +
+		" " + strconv.Itoa(int(rr.Error)) +
+		" " + strconv.Itoa(int(rr.KeySize)) +
+		" " + rr.Key +
+		" " + strconv.Itoa(int(rr.OtherLen)) +
+		" " + rr.OtherData
 	return s
 }
 
@@ -1283,34 +1342,110 @@ type CSYNC struct {
 func (rr *CSYNC) String() string {
 	s := rr.Hdr.String() + strconv.FormatInt(int64(rr.Serial), 10) + " " + strconv.Itoa(int(rr.Flags))
 
-	for i := 0; i < len(rr.TypeBitMap); i++ {
-		s += " " + Type(rr.TypeBitMap[i]).String()
+	for _, t := range rr.TypeBitMap {
+		s += " " + Type(t).String()
 	}
 	return s
 }
 
-func (rr *CSYNC) len() int {
-	l := rr.Hdr.len() + 4 + 2
-	lastwindow := uint32(2 ^ 32 + 1)
-	for _, t := range rr.TypeBitMap {
-		window := t / 256
-		if uint32(window) != lastwindow {
-			l += 1 + 32
+func (rr *CSYNC) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += 4 + 2
+	l += typeBitMapLen(rr.TypeBitMap)
+	return l
+}
+
+// APL RR. See RFC 3123.
+type APL struct {
+	Hdr      RR_Header
+	Prefixes []APLPrefix `dns:"apl"`
+}
+
+// APLPrefix is an address prefix hold by an APL record.
+type APLPrefix struct {
+	Negation bool
+	Network  net.IPNet
+}
+
+// String returns presentation form of the APL record.
+func (rr *APL) String() string {
+	var sb strings.Builder
+	sb.WriteString(rr.Hdr.String())
+	for i, p := range rr.Prefixes {
+		if i > 0 {
+			sb.WriteByte(' ')
 		}
-		lastwindow = uint32(window)
+		sb.WriteString(p.str())
 	}
-	return l
+	return sb.String()
+}
+
+// str returns presentation form of the APL prefix.
+func (p *APLPrefix) str() string {
+	var sb strings.Builder
+	if p.Negation {
+		sb.WriteByte('!')
+	}
+
+	switch len(p.Network.IP) {
+	case net.IPv4len:
+		sb.WriteByte('1')
+	case net.IPv6len:
+		sb.WriteByte('2')
+	}
+
+	sb.WriteByte(':')
+
+	switch len(p.Network.IP) {
+	case net.IPv4len:
+		sb.WriteString(p.Network.IP.String())
+	case net.IPv6len:
+		// add prefix for IPv4-mapped IPv6
+		if v4 := p.Network.IP.To4(); v4 != nil {
+			sb.WriteString("::ffff:")
+		}
+		sb.WriteString(p.Network.IP.String())
+	}
+
+	sb.WriteByte('/')
+
+	prefix, _ := p.Network.Mask.Size()
+	sb.WriteString(strconv.Itoa(prefix))
+
+	return sb.String()
+}
+
+// equals reports whether two APL prefixes are identical.
+func (a *APLPrefix) equals(b *APLPrefix) bool {
+	return a.Negation == b.Negation &&
+		bytes.Equal(a.Network.IP, b.Network.IP) &&
+		bytes.Equal(a.Network.Mask, b.Network.Mask)
+}
+
+// copy returns a copy of the APL prefix.
+func (p *APLPrefix) copy() APLPrefix {
+	return APLPrefix{
+		Negation: p.Negation,
+		Network:  copyNet(p.Network),
+	}
+}
+
+// len returns size of the prefix in wire format.
+func (p *APLPrefix) len() int {
+	// 4-byte header and the network address prefix (see Section 4 of RFC 3123)
+	prefix, _ := p.Network.Mask.Size()
+	return 4 + (prefix+7)/8
 }
 
 // TimeToString translates the RRSIG's incep. and expir. times to the
 // string representation used when printing the record.
 // It takes serial arithmetic (RFC 1982) into account.
 func TimeToString(t uint32) string {
-	mod := ((int64(t) - time.Now().Unix()) / year68) - 1
+	mod := (int64(t)-time.Now().Unix())/year68 - 1
 	if mod < 0 {
 		mod = 0
 	}
-	ti := time.Unix(int64(t)-(mod*year68), 0).UTC()
+	ti := time.Unix(int64(t)-mod*year68, 0).UTC()
 	return ti.Format("20060102150405")
 }
 
@@ -1322,11 +1457,11 @@ func StringToTime(s string) (uint32, error) {
 	if err != nil {
 		return 0, err
 	}
-	mod := (t.Unix() / year68) - 1
+	mod := t.Unix()/year68 - 1
 	if mod < 0 {
 		mod = 0
 	}
-	return uint32(t.Unix() - (mod * year68)), nil
+	return uint32(t.Unix() - mod*year68), nil
 }
 
 // saltToString converts a NSECX salt to uppercase and returns "-" when it is empty.
@@ -1358,6 +1493,17 @@ func copyIP(ip net.IP) net.IP {
 	return p
 }
 
+// copyNet returns a copy of a subnet.
+func copyNet(n net.IPNet) net.IPNet {
+	m := make(net.IPMask, len(n.Mask))
+	copy(m, n.Mask)
+
+	return net.IPNet{
+		IP:   copyIP(n.IP),
+		Mask: m,
+	}
+}
+
 // SplitN splits a string into N sized string chunks.
 // This might become an exported function once.
 func splitN(s string, n int) []string {
diff --git a/vendor/github.com/miekg/dns/udp_windows.go b/vendor/github.com/miekg/dns/udp_windows.go
index 6778c3c6cfe98..e7dd8ca313c09 100644
--- a/vendor/github.com/miekg/dns/udp_windows.go
+++ b/vendor/github.com/miekg/dns/udp_windows.go
@@ -20,15 +20,13 @@ func ReadFromSessionUDP(conn *net.UDPConn, b []byte) (int, *SessionUDP, error) {
 	if err != nil {
 		return n, nil, err
 	}
-	session := &SessionUDP{raddr.(*net.UDPAddr)}
-	return n, session, err
+	return n, &SessionUDP{raddr.(*net.UDPAddr)}, err
 }
 
 // WriteToSessionUDP acts just like net.UDPConn.WriteTo(), but uses a *SessionUDP instead of a net.Addr.
 // TODO(fastest963): Once go1.10 is released, use WriteMsgUDP.
 func WriteToSessionUDP(conn *net.UDPConn, b []byte, session *SessionUDP) (int, error) {
-	n, err := conn.WriteTo(b, session.raddr)
-	return n, err
+	return conn.WriteTo(b, session.raddr)
 }
 
 // TODO(fastest963): Once go1.10 is released and we can use *MsgUDP methods
diff --git a/vendor/github.com/miekg/dns/update.go b/vendor/github.com/miekg/dns/update.go
index e90c5c968ec0a..69dd38652224e 100644
--- a/vendor/github.com/miekg/dns/update.go
+++ b/vendor/github.com/miekg/dns/update.go
@@ -44,7 +44,8 @@ func (u *Msg) RRsetUsed(rr []RR) {
 		u.Answer = make([]RR, 0, len(rr))
 	}
 	for _, r := range rr {
-		u.Answer = append(u.Answer, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: r.Header().Rrtype, Class: ClassANY}})
+		h := r.Header()
+		u.Answer = append(u.Answer, &ANY{Hdr: RR_Header{Name: h.Name, Ttl: 0, Rrtype: h.Rrtype, Class: ClassANY}})
 	}
 }
 
@@ -55,7 +56,8 @@ func (u *Msg) RRsetNotUsed(rr []RR) {
 		u.Answer = make([]RR, 0, len(rr))
 	}
 	for _, r := range rr {
-		u.Answer = append(u.Answer, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: r.Header().Rrtype, Class: ClassNONE}})
+		h := r.Header()
+		u.Answer = append(u.Answer, &ANY{Hdr: RR_Header{Name: h.Name, Ttl: 0, Rrtype: h.Rrtype, Class: ClassNONE}})
 	}
 }
 
@@ -79,7 +81,8 @@ func (u *Msg) RemoveRRset(rr []RR) {
 		u.Ns = make([]RR, 0, len(rr))
 	}
 	for _, r := range rr {
-		u.Ns = append(u.Ns, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: r.Header().Rrtype, Class: ClassANY}})
+		h := r.Header()
+		u.Ns = append(u.Ns, &ANY{Hdr: RR_Header{Name: h.Name, Ttl: 0, Rrtype: h.Rrtype, Class: ClassANY}})
 	}
 }
 
@@ -99,8 +102,9 @@ func (u *Msg) Remove(rr []RR) {
 		u.Ns = make([]RR, 0, len(rr))
 	}
 	for _, r := range rr {
-		r.Header().Class = ClassNONE
-		r.Header().Ttl = 0
+		h := r.Header()
+		h.Class = ClassNONE
+		h.Ttl = 0
 		u.Ns = append(u.Ns, r)
 	}
 }
diff --git a/vendor/github.com/miekg/dns/version.go b/vendor/github.com/miekg/dns/version.go
index 4f173d9d24c6e..cab46b4f7361c 100644
--- a/vendor/github.com/miekg/dns/version.go
+++ b/vendor/github.com/miekg/dns/version.go
@@ -3,7 +3,7 @@ package dns
 import "fmt"
 
 // Version is current version of this library.
-var Version = V{1, 0, 7}
+var Version = V{1, 1, 27}
 
 // V holds the version of this library.
 type V struct {
diff --git a/vendor/github.com/miekg/dns/xfr.go b/vendor/github.com/miekg/dns/xfr.go
index 5d0ff5c8a2758..43970e64f39b2 100644
--- a/vendor/github.com/miekg/dns/xfr.go
+++ b/vendor/github.com/miekg/dns/xfr.go
@@ -35,30 +35,36 @@ type Transfer struct {
 //	channel, err := transfer.In(message, master)
 //
 func (t *Transfer) In(q *Msg, a string) (env chan *Envelope, err error) {
+	switch q.Question[0].Qtype {
+	case TypeAXFR, TypeIXFR:
+	default:
+		return nil, &Error{"unsupported question type"}
+	}
+
 	timeout := dnsTimeout
 	if t.DialTimeout != 0 {
 		timeout = t.DialTimeout
 	}
+
 	if t.Conn == nil {
 		t.Conn, err = DialTimeout("tcp", a, timeout)
 		if err != nil {
 			return nil, err
 		}
 	}
+
 	if err := t.WriteMsg(q); err != nil {
 		return nil, err
 	}
+
 	env = make(chan *Envelope)
-	go func() {
-		if q.Question[0].Qtype == TypeAXFR {
-			go t.inAxfr(q, env)
-			return
-		}
-		if q.Question[0].Qtype == TypeIXFR {
-			go t.inIxfr(q, env)
-			return
-		}
-	}()
+	switch q.Question[0].Qtype {
+	case TypeAXFR:
+		go t.inAxfr(q, env)
+	case TypeIXFR:
+		go t.inIxfr(q, env)
+	}
+
 	return env, nil
 }
 
@@ -111,7 +117,7 @@ func (t *Transfer) inAxfr(q *Msg, c chan *Envelope) {
 }
 
 func (t *Transfer) inIxfr(q *Msg, c chan *Envelope) {
-	serial := uint32(0) // The first serial seen is the current server serial
+	var serial uint32 // The first serial seen is the current server serial
 	axfr := true
 	n := 0
 	qser := q.Ns[0].(*SOA).Serial
@@ -176,14 +182,17 @@ func (t *Transfer) inIxfr(q *Msg, c chan *Envelope) {
 //
 //	ch := make(chan *dns.Envelope)
 //	tr := new(dns.Transfer)
-//	go tr.Out(w, r, ch)
+//	var wg sync.WaitGroup
+//	go func() {
+//		tr.Out(w, r, ch)
+//		wg.Done()
+//	}()
 //	ch <- &dns.Envelope{RR: []dns.RR{soa, rr1, rr2, rr3, soa}}
 //	close(ch)
-//	w.Hijack()
-//	// w.Close() // Client closes connection
+//	wg.Wait() // wait until everything is written out
+//	w.Close() // close connection
 //
-// The server is responsible for sending the correct sequence of RRs through the
-// channel ch.
+// The server is responsible for sending the correct sequence of RRs through the channel ch.
 func (t *Transfer) Out(w ResponseWriter, q *Msg, ch chan *Envelope) error {
 	for x := range ch {
 		r := new(Msg)
@@ -192,11 +201,14 @@ func (t *Transfer) Out(w ResponseWriter, q *Msg, ch chan *Envelope) error {
 		r.Authoritative = true
 		// assume it fits TODO(miek): fix
 		r.Answer = append(r.Answer, x.RR...)
+		if tsig := q.IsTsig(); tsig != nil && w.TsigStatus() == nil {
+			r.SetTsig(tsig.Hdr.Name, tsig.Algorithm, tsig.Fudge, time.Now().Unix())
+		}
 		if err := w.WriteMsg(r); err != nil {
 			return err
 		}
+		w.TsigTimersOnly(true)
 	}
-	w.TsigTimersOnly(true)
 	return nil
 }
 
@@ -237,24 +249,18 @@ func (t *Transfer) WriteMsg(m *Msg) (err error) {
 	if err != nil {
 		return err
 	}
-	if _, err = t.Write(out); err != nil {
-		return err
-	}
-	return nil
+	_, err = t.Write(out)
+	return err
 }
 
 func isSOAFirst(in *Msg) bool {
-	if len(in.Answer) > 0 {
-		return in.Answer[0].Header().Rrtype == TypeSOA
-	}
-	return false
+	return len(in.Answer) > 0 &&
+		in.Answer[0].Header().Rrtype == TypeSOA
 }
 
 func isSOALast(in *Msg) bool {
-	if len(in.Answer) > 0 {
-		return in.Answer[len(in.Answer)-1].Header().Rrtype == TypeSOA
-	}
-	return false
+	return len(in.Answer) > 0 &&
+		in.Answer[len(in.Answer)-1].Header().Rrtype == TypeSOA
 }
 
 const errXFR = "bad xfr rcode: %d"
diff --git a/vendor/github.com/miekg/dns/zcompress.go b/vendor/github.com/miekg/dns/zcompress.go
deleted file mode 100644
index a2c09dd483b4c..0000000000000
--- a/vendor/github.com/miekg/dns/zcompress.go
+++ /dev/null
@@ -1,155 +0,0 @@
-// Code generated by "go run compress_generate.go"; DO NOT EDIT.
-
-package dns
-
-func compressionLenHelperType(c map[string]int, r RR, initLen int) int {
-	currentLen := initLen
-	switch x := r.(type) {
-	case *AFSDB:
-		currentLen -= len(x.Hostname) + 1
-		currentLen += compressionLenHelper(c, x.Hostname, currentLen)
-	case *CNAME:
-		currentLen -= len(x.Target) + 1
-		currentLen += compressionLenHelper(c, x.Target, currentLen)
-	case *DNAME:
-		currentLen -= len(x.Target) + 1
-		currentLen += compressionLenHelper(c, x.Target, currentLen)
-	case *HIP:
-		for i := range x.RendezvousServers {
-			currentLen -= len(x.RendezvousServers[i]) + 1
-		}
-		for i := range x.RendezvousServers {
-			currentLen += compressionLenHelper(c, x.RendezvousServers[i], currentLen)
-		}
-	case *KX:
-		currentLen -= len(x.Exchanger) + 1
-		currentLen += compressionLenHelper(c, x.Exchanger, currentLen)
-	case *LP:
-		currentLen -= len(x.Fqdn) + 1
-		currentLen += compressionLenHelper(c, x.Fqdn, currentLen)
-	case *MB:
-		currentLen -= len(x.Mb) + 1
-		currentLen += compressionLenHelper(c, x.Mb, currentLen)
-	case *MD:
-		currentLen -= len(x.Md) + 1
-		currentLen += compressionLenHelper(c, x.Md, currentLen)
-	case *MF:
-		currentLen -= len(x.Mf) + 1
-		currentLen += compressionLenHelper(c, x.Mf, currentLen)
-	case *MG:
-		currentLen -= len(x.Mg) + 1
-		currentLen += compressionLenHelper(c, x.Mg, currentLen)
-	case *MINFO:
-		currentLen -= len(x.Rmail) + 1
-		currentLen += compressionLenHelper(c, x.Rmail, currentLen)
-		currentLen -= len(x.Email) + 1
-		currentLen += compressionLenHelper(c, x.Email, currentLen)
-	case *MR:
-		currentLen -= len(x.Mr) + 1
-		currentLen += compressionLenHelper(c, x.Mr, currentLen)
-	case *MX:
-		currentLen -= len(x.Mx) + 1
-		currentLen += compressionLenHelper(c, x.Mx, currentLen)
-	case *NAPTR:
-		currentLen -= len(x.Replacement) + 1
-		currentLen += compressionLenHelper(c, x.Replacement, currentLen)
-	case *NS:
-		currentLen -= len(x.Ns) + 1
-		currentLen += compressionLenHelper(c, x.Ns, currentLen)
-	case *NSAPPTR:
-		currentLen -= len(x.Ptr) + 1
-		currentLen += compressionLenHelper(c, x.Ptr, currentLen)
-	case *NSEC:
-		currentLen -= len(x.NextDomain) + 1
-		currentLen += compressionLenHelper(c, x.NextDomain, currentLen)
-	case *PTR:
-		currentLen -= len(x.Ptr) + 1
-		currentLen += compressionLenHelper(c, x.Ptr, currentLen)
-	case *PX:
-		currentLen -= len(x.Map822) + 1
-		currentLen += compressionLenHelper(c, x.Map822, currentLen)
-		currentLen -= len(x.Mapx400) + 1
-		currentLen += compressionLenHelper(c, x.Mapx400, currentLen)
-	case *RP:
-		currentLen -= len(x.Mbox) + 1
-		currentLen += compressionLenHelper(c, x.Mbox, currentLen)
-		currentLen -= len(x.Txt) + 1
-		currentLen += compressionLenHelper(c, x.Txt, currentLen)
-	case *RRSIG:
-		currentLen -= len(x.SignerName) + 1
-		currentLen += compressionLenHelper(c, x.SignerName, currentLen)
-	case *RT:
-		currentLen -= len(x.Host) + 1
-		currentLen += compressionLenHelper(c, x.Host, currentLen)
-	case *SIG:
-		currentLen -= len(x.SignerName) + 1
-		currentLen += compressionLenHelper(c, x.SignerName, currentLen)
-	case *SOA:
-		currentLen -= len(x.Ns) + 1
-		currentLen += compressionLenHelper(c, x.Ns, currentLen)
-		currentLen -= len(x.Mbox) + 1
-		currentLen += compressionLenHelper(c, x.Mbox, currentLen)
-	case *SRV:
-		currentLen -= len(x.Target) + 1
-		currentLen += compressionLenHelper(c, x.Target, currentLen)
-	case *TALINK:
-		currentLen -= len(x.PreviousName) + 1
-		currentLen += compressionLenHelper(c, x.PreviousName, currentLen)
-		currentLen -= len(x.NextName) + 1
-		currentLen += compressionLenHelper(c, x.NextName, currentLen)
-	case *TKEY:
-		currentLen -= len(x.Algorithm) + 1
-		currentLen += compressionLenHelper(c, x.Algorithm, currentLen)
-	case *TSIG:
-		currentLen -= len(x.Algorithm) + 1
-		currentLen += compressionLenHelper(c, x.Algorithm, currentLen)
-	}
-	return currentLen - initLen
-}
-
-func compressionLenSearchType(c map[string]int, r RR) (int, bool, int) {
-	switch x := r.(type) {
-	case *AFSDB:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Hostname)
-		return k1, ok1, sz1
-	case *CNAME:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Target)
-		return k1, ok1, sz1
-	case *MB:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Mb)
-		return k1, ok1, sz1
-	case *MD:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Md)
-		return k1, ok1, sz1
-	case *MF:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Mf)
-		return k1, ok1, sz1
-	case *MG:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Mg)
-		return k1, ok1, sz1
-	case *MINFO:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Rmail)
-		k2, ok2, sz2 := compressionLenSearch(c, x.Email)
-		return k1 + k2, ok1 && ok2, sz1 + sz2
-	case *MR:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Mr)
-		return k1, ok1, sz1
-	case *MX:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Mx)
-		return k1, ok1, sz1
-	case *NS:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Ns)
-		return k1, ok1, sz1
-	case *PTR:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Ptr)
-		return k1, ok1, sz1
-	case *RT:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Host)
-		return k1, ok1, sz1
-	case *SOA:
-		k1, ok1, sz1 := compressionLenSearch(c, x.Ns)
-		k2, ok2, sz2 := compressionLenSearch(c, x.Mbox)
-		return k1 + k2, ok1 && ok2, sz1 + sz2
-	}
-	return 0, false, 0
-}
diff --git a/vendor/github.com/miekg/dns/zduplicate.go b/vendor/github.com/miekg/dns/zduplicate.go
new file mode 100644
index 0000000000000..a58a8c0c06229
--- /dev/null
+++ b/vendor/github.com/miekg/dns/zduplicate.go
@@ -0,0 +1,1157 @@
+// Code generated by "go run duplicate_generate.go"; DO NOT EDIT.
+
+package dns
+
+// isDuplicate() functions
+
+func (r1 *A) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*A)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !r1.A.Equal(r2.A) {
+		return false
+	}
+	return true
+}
+
+func (r1 *AAAA) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*AAAA)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !r1.AAAA.Equal(r2.AAAA) {
+		return false
+	}
+	return true
+}
+
+func (r1 *AFSDB) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*AFSDB)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Subtype != r2.Subtype {
+		return false
+	}
+	if !isDuplicateName(r1.Hostname, r2.Hostname) {
+		return false
+	}
+	return true
+}
+
+func (r1 *ANY) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*ANY)
+	if !ok {
+		return false
+	}
+	_ = r2
+	return true
+}
+
+func (r1 *APL) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*APL)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if len(r1.Prefixes) != len(r2.Prefixes) {
+		return false
+	}
+	for i := 0; i < len(r1.Prefixes); i++ {
+		if !r1.Prefixes[i].equals(&r2.Prefixes[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *AVC) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*AVC)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if len(r1.Txt) != len(r2.Txt) {
+		return false
+	}
+	for i := 0; i < len(r1.Txt); i++ {
+		if r1.Txt[i] != r2.Txt[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *CAA) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*CAA)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Flag != r2.Flag {
+		return false
+	}
+	if r1.Tag != r2.Tag {
+		return false
+	}
+	if r1.Value != r2.Value {
+		return false
+	}
+	return true
+}
+
+func (r1 *CERT) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*CERT)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Type != r2.Type {
+		return false
+	}
+	if r1.KeyTag != r2.KeyTag {
+		return false
+	}
+	if r1.Algorithm != r2.Algorithm {
+		return false
+	}
+	if r1.Certificate != r2.Certificate {
+		return false
+	}
+	return true
+}
+
+func (r1 *CNAME) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*CNAME)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Target, r2.Target) {
+		return false
+	}
+	return true
+}
+
+func (r1 *CSYNC) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*CSYNC)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Serial != r2.Serial {
+		return false
+	}
+	if r1.Flags != r2.Flags {
+		return false
+	}
+	if len(r1.TypeBitMap) != len(r2.TypeBitMap) {
+		return false
+	}
+	for i := 0; i < len(r1.TypeBitMap); i++ {
+		if r1.TypeBitMap[i] != r2.TypeBitMap[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *DHCID) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*DHCID)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Digest != r2.Digest {
+		return false
+	}
+	return true
+}
+
+func (r1 *DNAME) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*DNAME)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Target, r2.Target) {
+		return false
+	}
+	return true
+}
+
+func (r1 *DNSKEY) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*DNSKEY)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Flags != r2.Flags {
+		return false
+	}
+	if r1.Protocol != r2.Protocol {
+		return false
+	}
+	if r1.Algorithm != r2.Algorithm {
+		return false
+	}
+	if r1.PublicKey != r2.PublicKey {
+		return false
+	}
+	return true
+}
+
+func (r1 *DS) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*DS)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.KeyTag != r2.KeyTag {
+		return false
+	}
+	if r1.Algorithm != r2.Algorithm {
+		return false
+	}
+	if r1.DigestType != r2.DigestType {
+		return false
+	}
+	if r1.Digest != r2.Digest {
+		return false
+	}
+	return true
+}
+
+func (r1 *EID) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*EID)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Endpoint != r2.Endpoint {
+		return false
+	}
+	return true
+}
+
+func (r1 *EUI48) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*EUI48)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Address != r2.Address {
+		return false
+	}
+	return true
+}
+
+func (r1 *EUI64) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*EUI64)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Address != r2.Address {
+		return false
+	}
+	return true
+}
+
+func (r1 *GID) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*GID)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Gid != r2.Gid {
+		return false
+	}
+	return true
+}
+
+func (r1 *GPOS) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*GPOS)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Longitude != r2.Longitude {
+		return false
+	}
+	if r1.Latitude != r2.Latitude {
+		return false
+	}
+	if r1.Altitude != r2.Altitude {
+		return false
+	}
+	return true
+}
+
+func (r1 *HINFO) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*HINFO)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Cpu != r2.Cpu {
+		return false
+	}
+	if r1.Os != r2.Os {
+		return false
+	}
+	return true
+}
+
+func (r1 *HIP) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*HIP)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.HitLength != r2.HitLength {
+		return false
+	}
+	if r1.PublicKeyAlgorithm != r2.PublicKeyAlgorithm {
+		return false
+	}
+	if r1.PublicKeyLength != r2.PublicKeyLength {
+		return false
+	}
+	if r1.Hit != r2.Hit {
+		return false
+	}
+	if r1.PublicKey != r2.PublicKey {
+		return false
+	}
+	if len(r1.RendezvousServers) != len(r2.RendezvousServers) {
+		return false
+	}
+	for i := 0; i < len(r1.RendezvousServers); i++ {
+		if !isDuplicateName(r1.RendezvousServers[i], r2.RendezvousServers[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *KX) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*KX)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if !isDuplicateName(r1.Exchanger, r2.Exchanger) {
+		return false
+	}
+	return true
+}
+
+func (r1 *L32) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*L32)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if !r1.Locator32.Equal(r2.Locator32) {
+		return false
+	}
+	return true
+}
+
+func (r1 *L64) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*L64)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if r1.Locator64 != r2.Locator64 {
+		return false
+	}
+	return true
+}
+
+func (r1 *LOC) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*LOC)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Version != r2.Version {
+		return false
+	}
+	if r1.Size != r2.Size {
+		return false
+	}
+	if r1.HorizPre != r2.HorizPre {
+		return false
+	}
+	if r1.VertPre != r2.VertPre {
+		return false
+	}
+	if r1.Latitude != r2.Latitude {
+		return false
+	}
+	if r1.Longitude != r2.Longitude {
+		return false
+	}
+	if r1.Altitude != r2.Altitude {
+		return false
+	}
+	return true
+}
+
+func (r1 *LP) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*LP)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if !isDuplicateName(r1.Fqdn, r2.Fqdn) {
+		return false
+	}
+	return true
+}
+
+func (r1 *MB) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*MB)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Mb, r2.Mb) {
+		return false
+	}
+	return true
+}
+
+func (r1 *MD) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*MD)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Md, r2.Md) {
+		return false
+	}
+	return true
+}
+
+func (r1 *MF) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*MF)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Mf, r2.Mf) {
+		return false
+	}
+	return true
+}
+
+func (r1 *MG) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*MG)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Mg, r2.Mg) {
+		return false
+	}
+	return true
+}
+
+func (r1 *MINFO) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*MINFO)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Rmail, r2.Rmail) {
+		return false
+	}
+	if !isDuplicateName(r1.Email, r2.Email) {
+		return false
+	}
+	return true
+}
+
+func (r1 *MR) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*MR)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Mr, r2.Mr) {
+		return false
+	}
+	return true
+}
+
+func (r1 *MX) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*MX)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if !isDuplicateName(r1.Mx, r2.Mx) {
+		return false
+	}
+	return true
+}
+
+func (r1 *NAPTR) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NAPTR)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Order != r2.Order {
+		return false
+	}
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if r1.Flags != r2.Flags {
+		return false
+	}
+	if r1.Service != r2.Service {
+		return false
+	}
+	if r1.Regexp != r2.Regexp {
+		return false
+	}
+	if !isDuplicateName(r1.Replacement, r2.Replacement) {
+		return false
+	}
+	return true
+}
+
+func (r1 *NID) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NID)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if r1.NodeID != r2.NodeID {
+		return false
+	}
+	return true
+}
+
+func (r1 *NIMLOC) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NIMLOC)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Locator != r2.Locator {
+		return false
+	}
+	return true
+}
+
+func (r1 *NINFO) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NINFO)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if len(r1.ZSData) != len(r2.ZSData) {
+		return false
+	}
+	for i := 0; i < len(r1.ZSData); i++ {
+		if r1.ZSData[i] != r2.ZSData[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *NS) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NS)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Ns, r2.Ns) {
+		return false
+	}
+	return true
+}
+
+func (r1 *NSAPPTR) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NSAPPTR)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Ptr, r2.Ptr) {
+		return false
+	}
+	return true
+}
+
+func (r1 *NSEC) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NSEC)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.NextDomain, r2.NextDomain) {
+		return false
+	}
+	if len(r1.TypeBitMap) != len(r2.TypeBitMap) {
+		return false
+	}
+	for i := 0; i < len(r1.TypeBitMap); i++ {
+		if r1.TypeBitMap[i] != r2.TypeBitMap[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *NSEC3) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NSEC3)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Hash != r2.Hash {
+		return false
+	}
+	if r1.Flags != r2.Flags {
+		return false
+	}
+	if r1.Iterations != r2.Iterations {
+		return false
+	}
+	if r1.SaltLength != r2.SaltLength {
+		return false
+	}
+	if r1.Salt != r2.Salt {
+		return false
+	}
+	if r1.HashLength != r2.HashLength {
+		return false
+	}
+	if r1.NextDomain != r2.NextDomain {
+		return false
+	}
+	if len(r1.TypeBitMap) != len(r2.TypeBitMap) {
+		return false
+	}
+	for i := 0; i < len(r1.TypeBitMap); i++ {
+		if r1.TypeBitMap[i] != r2.TypeBitMap[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *NSEC3PARAM) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NSEC3PARAM)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Hash != r2.Hash {
+		return false
+	}
+	if r1.Flags != r2.Flags {
+		return false
+	}
+	if r1.Iterations != r2.Iterations {
+		return false
+	}
+	if r1.SaltLength != r2.SaltLength {
+		return false
+	}
+	if r1.Salt != r2.Salt {
+		return false
+	}
+	return true
+}
+
+func (r1 *NULL) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*NULL)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Data != r2.Data {
+		return false
+	}
+	return true
+}
+
+func (r1 *OPENPGPKEY) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*OPENPGPKEY)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.PublicKey != r2.PublicKey {
+		return false
+	}
+	return true
+}
+
+func (r1 *PTR) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*PTR)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Ptr, r2.Ptr) {
+		return false
+	}
+	return true
+}
+
+func (r1 *PX) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*PX)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if !isDuplicateName(r1.Map822, r2.Map822) {
+		return false
+	}
+	if !isDuplicateName(r1.Mapx400, r2.Mapx400) {
+		return false
+	}
+	return true
+}
+
+func (r1 *RFC3597) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*RFC3597)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Rdata != r2.Rdata {
+		return false
+	}
+	return true
+}
+
+func (r1 *RKEY) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*RKEY)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Flags != r2.Flags {
+		return false
+	}
+	if r1.Protocol != r2.Protocol {
+		return false
+	}
+	if r1.Algorithm != r2.Algorithm {
+		return false
+	}
+	if r1.PublicKey != r2.PublicKey {
+		return false
+	}
+	return true
+}
+
+func (r1 *RP) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*RP)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Mbox, r2.Mbox) {
+		return false
+	}
+	if !isDuplicateName(r1.Txt, r2.Txt) {
+		return false
+	}
+	return true
+}
+
+func (r1 *RRSIG) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*RRSIG)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.TypeCovered != r2.TypeCovered {
+		return false
+	}
+	if r1.Algorithm != r2.Algorithm {
+		return false
+	}
+	if r1.Labels != r2.Labels {
+		return false
+	}
+	if r1.OrigTtl != r2.OrigTtl {
+		return false
+	}
+	if r1.Expiration != r2.Expiration {
+		return false
+	}
+	if r1.Inception != r2.Inception {
+		return false
+	}
+	if r1.KeyTag != r2.KeyTag {
+		return false
+	}
+	if !isDuplicateName(r1.SignerName, r2.SignerName) {
+		return false
+	}
+	if r1.Signature != r2.Signature {
+		return false
+	}
+	return true
+}
+
+func (r1 *RT) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*RT)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Preference != r2.Preference {
+		return false
+	}
+	if !isDuplicateName(r1.Host, r2.Host) {
+		return false
+	}
+	return true
+}
+
+func (r1 *SMIMEA) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*SMIMEA)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Usage != r2.Usage {
+		return false
+	}
+	if r1.Selector != r2.Selector {
+		return false
+	}
+	if r1.MatchingType != r2.MatchingType {
+		return false
+	}
+	if r1.Certificate != r2.Certificate {
+		return false
+	}
+	return true
+}
+
+func (r1 *SOA) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*SOA)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Ns, r2.Ns) {
+		return false
+	}
+	if !isDuplicateName(r1.Mbox, r2.Mbox) {
+		return false
+	}
+	if r1.Serial != r2.Serial {
+		return false
+	}
+	if r1.Refresh != r2.Refresh {
+		return false
+	}
+	if r1.Retry != r2.Retry {
+		return false
+	}
+	if r1.Expire != r2.Expire {
+		return false
+	}
+	if r1.Minttl != r2.Minttl {
+		return false
+	}
+	return true
+}
+
+func (r1 *SPF) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*SPF)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if len(r1.Txt) != len(r2.Txt) {
+		return false
+	}
+	for i := 0; i < len(r1.Txt); i++ {
+		if r1.Txt[i] != r2.Txt[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *SRV) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*SRV)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Priority != r2.Priority {
+		return false
+	}
+	if r1.Weight != r2.Weight {
+		return false
+	}
+	if r1.Port != r2.Port {
+		return false
+	}
+	if !isDuplicateName(r1.Target, r2.Target) {
+		return false
+	}
+	return true
+}
+
+func (r1 *SSHFP) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*SSHFP)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Algorithm != r2.Algorithm {
+		return false
+	}
+	if r1.Type != r2.Type {
+		return false
+	}
+	if r1.FingerPrint != r2.FingerPrint {
+		return false
+	}
+	return true
+}
+
+func (r1 *TA) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*TA)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.KeyTag != r2.KeyTag {
+		return false
+	}
+	if r1.Algorithm != r2.Algorithm {
+		return false
+	}
+	if r1.DigestType != r2.DigestType {
+		return false
+	}
+	if r1.Digest != r2.Digest {
+		return false
+	}
+	return true
+}
+
+func (r1 *TALINK) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*TALINK)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.PreviousName, r2.PreviousName) {
+		return false
+	}
+	if !isDuplicateName(r1.NextName, r2.NextName) {
+		return false
+	}
+	return true
+}
+
+func (r1 *TKEY) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*TKEY)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Algorithm, r2.Algorithm) {
+		return false
+	}
+	if r1.Inception != r2.Inception {
+		return false
+	}
+	if r1.Expiration != r2.Expiration {
+		return false
+	}
+	if r1.Mode != r2.Mode {
+		return false
+	}
+	if r1.Error != r2.Error {
+		return false
+	}
+	if r1.KeySize != r2.KeySize {
+		return false
+	}
+	if r1.Key != r2.Key {
+		return false
+	}
+	if r1.OtherLen != r2.OtherLen {
+		return false
+	}
+	if r1.OtherData != r2.OtherData {
+		return false
+	}
+	return true
+}
+
+func (r1 *TLSA) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*TLSA)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Usage != r2.Usage {
+		return false
+	}
+	if r1.Selector != r2.Selector {
+		return false
+	}
+	if r1.MatchingType != r2.MatchingType {
+		return false
+	}
+	if r1.Certificate != r2.Certificate {
+		return false
+	}
+	return true
+}
+
+func (r1 *TSIG) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*TSIG)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if !isDuplicateName(r1.Algorithm, r2.Algorithm) {
+		return false
+	}
+	if r1.TimeSigned != r2.TimeSigned {
+		return false
+	}
+	if r1.Fudge != r2.Fudge {
+		return false
+	}
+	if r1.MACSize != r2.MACSize {
+		return false
+	}
+	if r1.MAC != r2.MAC {
+		return false
+	}
+	if r1.OrigId != r2.OrigId {
+		return false
+	}
+	if r1.Error != r2.Error {
+		return false
+	}
+	if r1.OtherLen != r2.OtherLen {
+		return false
+	}
+	if r1.OtherData != r2.OtherData {
+		return false
+	}
+	return true
+}
+
+func (r1 *TXT) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*TXT)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if len(r1.Txt) != len(r2.Txt) {
+		return false
+	}
+	for i := 0; i < len(r1.Txt); i++ {
+		if r1.Txt[i] != r2.Txt[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func (r1 *UID) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*UID)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Uid != r2.Uid {
+		return false
+	}
+	return true
+}
+
+func (r1 *UINFO) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*UINFO)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Uinfo != r2.Uinfo {
+		return false
+	}
+	return true
+}
+
+func (r1 *URI) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*URI)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Priority != r2.Priority {
+		return false
+	}
+	if r1.Weight != r2.Weight {
+		return false
+	}
+	if r1.Target != r2.Target {
+		return false
+	}
+	return true
+}
+
+func (r1 *X25) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*X25)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.PSDNAddress != r2.PSDNAddress {
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/miekg/dns/zmsg.go b/vendor/github.com/miekg/dns/zmsg.go
index 0d1f6f4daaddb..02a5dfa4a2349 100644
--- a/vendor/github.com/miekg/dns/zmsg.go
+++ b/vendor/github.com/miekg/dns/zmsg.go
@@ -4,82 +4,55 @@ package dns
 
 // pack*() functions
 
-func (rr *A) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *A) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packDataA(rr.A, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *AAAA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *AAAA) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packDataAAAA(rr.AAAA, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *AFSDB) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *AFSDB) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Subtype, msg, off)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Hostname, msg, off, compression, compress)
+	off, err = packDomainName(rr.Hostname, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *ANY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	rr.Header().Rdlength = uint16(off - headerEnd)
+func (rr *ANY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	return off, nil
 }
 
-func (rr *AVC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
+func (rr *APL) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDataApl(rr.Prefixes, msg, off)
 	if err != nil {
 		return off, err
 	}
-	headerEnd := off
+	return off, nil
+}
+
+func (rr *AVC) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringTxt(rr.Txt, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *CAA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *CAA) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint8(rr.Flag, msg, off)
 	if err != nil {
 		return off, err
@@ -92,16 +65,10 @@ func (rr *CAA) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *CDNSKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *CDNSKEY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Flags, msg, off)
 	if err != nil {
 		return off, err
@@ -118,16 +85,10 @@ func (rr *CDNSKEY) pack(msg []byte, off int, compression map[string]int, compres
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *CDS) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *CDS) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.KeyTag, msg, off)
 	if err != nil {
 		return off, err
@@ -144,16 +105,10 @@ func (rr *CDS) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *CERT) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *CERT) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Type, msg, off)
 	if err != nil {
 		return off, err
@@ -170,30 +125,18 @@ func (rr *CERT) pack(msg []byte, off int, compression map[string]int, compress b
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *CNAME) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Target, msg, off, compression, compress)
+func (rr *CNAME) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Target, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *CSYNC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *CSYNC) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint32(rr.Serial, msg, off)
 	if err != nil {
 		return off, err
@@ -206,30 +149,18 @@ func (rr *CSYNC) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *DHCID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *DHCID) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringBase64(rr.Digest, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *DLV) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *DLV) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.KeyTag, msg, off)
 	if err != nil {
 		return off, err
@@ -246,30 +177,18 @@ func (rr *DLV) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *DNAME) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Target, msg, off, compression, false)
+func (rr *DNAME) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Target, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *DNSKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *DNSKEY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Flags, msg, off)
 	if err != nil {
 		return off, err
@@ -286,16 +205,10 @@ func (rr *DNSKEY) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *DS) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *DS) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.KeyTag, msg, off)
 	if err != nil {
 		return off, err
@@ -312,72 +225,42 @@ func (rr *DS) pack(msg []byte, off int, compression map[string]int, compress boo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *EID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *EID) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringHex(rr.Endpoint, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *EUI48) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *EUI48) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint48(rr.Address, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *EUI64) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *EUI64) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint64(rr.Address, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *GID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *GID) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint32(rr.Gid, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *GPOS) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *GPOS) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packString(rr.Longitude, msg, off)
 	if err != nil {
 		return off, err
@@ -390,16 +273,10 @@ func (rr *GPOS) pack(msg []byte, off int, compression map[string]int, compress b
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *HINFO) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *HINFO) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packString(rr.Cpu, msg, off)
 	if err != nil {
 		return off, err
@@ -408,16 +285,10 @@ func (rr *HINFO) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *HIP) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *HIP) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint8(rr.HitLength, msg, off)
 	if err != nil {
 		return off, err
@@ -438,20 +309,14 @@ func (rr *HIP) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	off, err = packDataDomainNames(rr.RendezvousServers, msg, off, compression, compress)
+	off, err = packDataDomainNames(rr.RendezvousServers, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *KEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *KEY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Flags, msg, off)
 	if err != nil {
 		return off, err
@@ -468,34 +333,22 @@ func (rr *KEY) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *KX) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *KX) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Preference, msg, off)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Exchanger, msg, off, compression, false)
+	off, err = packDomainName(rr.Exchanger, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *L32) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *L32) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Preference, msg, off)
 	if err != nil {
 		return off, err
@@ -504,16 +357,10 @@ func (rr *L32) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *L64) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *L64) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Preference, msg, off)
 	if err != nil {
 		return off, err
@@ -522,16 +369,10 @@ func (rr *L64) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *LOC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *LOC) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint8(rr.Version, msg, off)
 	if err != nil {
 		return off, err
@@ -560,140 +401,86 @@ func (rr *LOC) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *LP) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *LP) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Preference, msg, off)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Fqdn, msg, off, compression, false)
+	off, err = packDomainName(rr.Fqdn, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *MB) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Mb, msg, off, compression, compress)
+func (rr *MB) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Mb, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *MD) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Md, msg, off, compression, compress)
+func (rr *MD) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Md, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *MF) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Mf, msg, off, compression, compress)
+func (rr *MF) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Mf, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *MG) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
+func (rr *MG) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Mg, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Mg, msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *MINFO) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Rmail, msg, off, compression, compress)
+func (rr *MINFO) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Rmail, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Email, msg, off, compression, compress)
+	off, err = packDomainName(rr.Email, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *MR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Mr, msg, off, compression, compress)
+func (rr *MR) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Mr, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *MX) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *MX) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Preference, msg, off)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Mx, msg, off, compression, compress)
+	off, err = packDomainName(rr.Mx, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NAPTR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *NAPTR) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Order, msg, off)
 	if err != nil {
 		return off, err
@@ -714,20 +501,14 @@ func (rr *NAPTR) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Replacement, msg, off, compression, false)
+	off, err = packDomainName(rr.Replacement, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *NID) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Preference, msg, off)
 	if err != nil {
 		return off, err
@@ -736,73 +517,43 @@ func (rr *NID) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NIMLOC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *NIMLOC) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringHex(rr.Locator, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NINFO) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *NINFO) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringTxt(rr.ZSData, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NS) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
+func (rr *NS) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Ns, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Ns, msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NSAPPTR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Ptr, msg, off, compression, false)
+func (rr *NSAPPTR) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Ptr, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NSEC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.NextDomain, msg, off, compression, false)
+func (rr *NSEC) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.NextDomain, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
@@ -810,16 +561,10 @@ func (rr *NSEC) pack(msg []byte, off int, compression map[string]int, compress b
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NSEC3) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *NSEC3) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint8(rr.Hash, msg, off)
 	if err != nil {
 		return off, err
@@ -855,16 +600,10 @@ func (rr *NSEC3) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *NSEC3PARAM) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *NSEC3PARAM) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint8(rr.Hash, msg, off)
 	if err != nil {
 		return off, err
@@ -888,94 +627,66 @@ func (rr *NSEC3PARAM) pack(msg []byte, off int, compression map[string]int, comp
 			return off, err
 		}
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *OPENPGPKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
+func (rr *NULL) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packStringAny(rr.Data, msg, off)
 	if err != nil {
 		return off, err
 	}
-	headerEnd := off
+	return off, nil
+}
+
+func (rr *OPENPGPKEY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringBase64(rr.PublicKey, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *OPT) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *OPT) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packDataOpt(rr.Option, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *PTR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Ptr, msg, off, compression, compress)
+func (rr *PTR) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Ptr, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *PX) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *PX) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Preference, msg, off)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Map822, msg, off, compression, false)
+	off, err = packDomainName(rr.Map822, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Mapx400, msg, off, compression, false)
+	off, err = packDomainName(rr.Mapx400, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *RFC3597) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *RFC3597) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringHex(rr.Rdata, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *RKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *RKEY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Flags, msg, off)
 	if err != nil {
 		return off, err
@@ -992,34 +703,22 @@ func (rr *RKEY) pack(msg []byte, off int, compression map[string]int, compress b
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *RP) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Mbox, msg, off, compression, false)
+func (rr *RP) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Mbox, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Txt, msg, off, compression, false)
+	off, err = packDomainName(rr.Txt, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *RRSIG) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *RRSIG) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.TypeCovered, msg, off)
 	if err != nil {
 		return off, err
@@ -1048,7 +747,7 @@ func (rr *RRSIG) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.SignerName, msg, off, compression, false)
+	off, err = packDomainName(rr.SignerName, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
@@ -1056,34 +755,22 @@ func (rr *RRSIG) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *RT) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *RT) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Preference, msg, off)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Host, msg, off, compression, compress)
+	off, err = packDomainName(rr.Host, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *SIG) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *SIG) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.TypeCovered, msg, off)
 	if err != nil {
 		return off, err
@@ -1112,7 +799,7 @@ func (rr *SIG) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.SignerName, msg, off, compression, false)
+	off, err = packDomainName(rr.SignerName, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
@@ -1120,16 +807,10 @@ func (rr *SIG) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *SMIMEA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *SMIMEA) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint8(rr.Usage, msg, off)
 	if err != nil {
 		return off, err
@@ -1146,21 +827,15 @@ func (rr *SMIMEA) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *SOA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
+func (rr *SOA) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Ns, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Ns, msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	off, err = PackDomainName(rr.Mbox, msg, off, compression, compress)
+	off, err = packDomainName(rr.Mbox, msg, off, compression, compress)
 	if err != nil {
 		return off, err
 	}
@@ -1184,30 +859,18 @@ func (rr *SOA) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *SPF) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *SPF) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringTxt(rr.Txt, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *SRV) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *SRV) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Priority, msg, off)
 	if err != nil {
 		return off, err
@@ -1220,20 +883,14 @@ func (rr *SRV) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.Target, msg, off, compression, false)
+	off, err = packDomainName(rr.Target, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *SSHFP) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *SSHFP) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint8(rr.Algorithm, msg, off)
 	if err != nil {
 		return off, err
@@ -1246,16 +903,10 @@ func (rr *SSHFP) pack(msg []byte, off int, compression map[string]int, compress
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *TA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *TA) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.KeyTag, msg, off)
 	if err != nil {
 		return off, err
@@ -1272,35 +923,23 @@ func (rr *TA) pack(msg []byte, off int, compression map[string]int, compress boo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *TALINK) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.PreviousName, msg, off, compression, false)
+func (rr *TALINK) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.PreviousName, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	off, err = PackDomainName(rr.NextName, msg, off, compression, false)
+	off, err = packDomainName(rr.NextName, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *TKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Algorithm, msg, off, compression, false)
+func (rr *TKEY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Algorithm, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
@@ -1336,16 +975,10 @@ func (rr *TKEY) pack(msg []byte, off int, compression map[string]int, compress b
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *TLSA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *TLSA) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint8(rr.Usage, msg, off)
 	if err != nil {
 		return off, err
@@ -1362,17 +995,11 @@ func (rr *TLSA) pack(msg []byte, off int, compression map[string]int, compress b
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *TSIG) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
-	off, err = PackDomainName(rr.Algorithm, msg, off, compression, false)
+func (rr *TSIG) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDomainName(rr.Algorithm, msg, off, compression, false)
 	if err != nil {
 		return off, err
 	}
@@ -1408,58 +1035,34 @@ func (rr *TSIG) pack(msg []byte, off int, compression map[string]int, compress b
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *TXT) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *TXT) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringTxt(rr.Txt, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *UID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *UID) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint32(rr.Uid, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *UINFO) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *UINFO) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packString(rr.Uinfo, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *URI) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *URI) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packUint16(rr.Priority, msg, off)
 	if err != nil {
 		return off, err
@@ -1472,2144 +1075,1667 @@ func (rr *URI) pack(msg []byte, off int, compression map[string]int, compress bo
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
-func (rr *X25) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {
-	off, err := rr.Hdr.pack(msg, off, compression, compress)
-	if err != nil {
-		return off, err
-	}
-	headerEnd := off
+func (rr *X25) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packString(rr.PSDNAddress, msg, off)
 	if err != nil {
 		return off, err
 	}
-	rr.Header().Rdlength = uint16(off - headerEnd)
 	return off, nil
 }
 
 // unpack*() functions
 
-func unpackA(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(A)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *A) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.A, off, err = unpackDataA(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackAAAA(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(AAAA)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *AAAA) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.AAAA, off, err = unpackDataAAAA(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackAFSDB(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(AFSDB)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *AFSDB) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Subtype, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Hostname, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackANY(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(ANY)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *ANY) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
-	return rr, off, err
+	return off, nil
 }
 
-func unpackAVC(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(AVC)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
+func (rr *APL) unpack(msg []byte, off int) (off1 int, err error) {
+	rdStart := off
+	_ = rdStart
+
+	rr.Prefixes, off, err = unpackDataApl(msg, off)
+	if err != nil {
+		return off, err
 	}
-	var err error
+	return off, nil
+}
+
+func (rr *AVC) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Txt, off, err = unpackStringTxt(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackCAA(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(CAA)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *CAA) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Flag, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Tag, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Value, off, err = unpackStringOctet(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackCDNSKEY(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(CDNSKEY)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *CDNSKEY) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Flags, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Protocol, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackCDS(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(CDS)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *CDS) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.KeyTag, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.DigestType, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackCERT(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(CERT)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *CERT) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Type, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.KeyTag, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Certificate, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackCNAME(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(CNAME)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *CNAME) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Target, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackCSYNC(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(CSYNC)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *CSYNC) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Serial, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Flags, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.TypeBitMap, off, err = unpackDataNsec(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackDHCID(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(DHCID)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *DHCID) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Digest, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackDLV(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(DLV)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *DLV) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.KeyTag, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.DigestType, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackDNAME(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(DNAME)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *DNAME) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Target, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackDNSKEY(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(DNSKEY)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *DNSKEY) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Flags, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Protocol, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackDS(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(DS)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *DS) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.KeyTag, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.DigestType, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackEID(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(EID)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *EID) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Endpoint, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackEUI48(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(EUI48)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *EUI48) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Address, off, err = unpackUint48(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackEUI64(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(EUI64)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *EUI64) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Address, off, err = unpackUint64(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackGID(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(GID)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *GID) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Gid, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackGPOS(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(GPOS)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *GPOS) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Longitude, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Latitude, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Altitude, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackHINFO(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(HINFO)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *HINFO) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Cpu, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Os, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackHIP(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(HIP)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *HIP) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.HitLength, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.PublicKeyAlgorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.PublicKeyLength, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Hit, off, err = unpackStringHex(msg, off, off+int(rr.HitLength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	rr.PublicKey, off, err = unpackStringBase64(msg, off, off+int(rr.PublicKeyLength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	rr.RendezvousServers, off, err = unpackDataDomainNames(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackKEY(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(KEY)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *KEY) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Flags, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Protocol, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackKX(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(KX)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *KX) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Exchanger, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackL32(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(L32)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *L32) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Locator32, off, err = unpackDataA(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackL64(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(L64)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *L64) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Locator64, off, err = unpackUint64(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackLOC(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(LOC)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *LOC) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Version, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Size, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.HorizPre, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.VertPre, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Latitude, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Longitude, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Altitude, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackLP(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(LP)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *LP) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Fqdn, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackMB(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(MB)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *MB) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Mb, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackMD(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(MD)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *MD) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Md, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackMF(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(MF)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *MF) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Mf, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackMG(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(MG)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *MG) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Mg, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackMINFO(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(MINFO)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *MINFO) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Rmail, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Email, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackMR(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(MR)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *MR) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Mr, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackMX(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(MX)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *MX) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Mx, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNAPTR(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NAPTR)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NAPTR) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Order, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Flags, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Service, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Regexp, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Replacement, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNID(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NID)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NID) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.NodeID, off, err = unpackUint64(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNIMLOC(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NIMLOC)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NIMLOC) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Locator, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNINFO(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NINFO)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NINFO) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.ZSData, off, err = unpackStringTxt(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNS(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NS)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NS) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Ns, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNSAPPTR(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NSAPPTR)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NSAPPTR) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Ptr, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNSEC(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NSEC)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NSEC) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.NextDomain, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.TypeBitMap, off, err = unpackDataNsec(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNSEC3(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NSEC3)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NSEC3) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Hash, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Flags, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Iterations, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.SaltLength, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Salt, off, err = unpackStringHex(msg, off, off+int(rr.SaltLength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	rr.HashLength, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.NextDomain, off, err = unpackStringBase32(msg, off, off+int(rr.HashLength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	rr.TypeBitMap, off, err = unpackDataNsec(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackNSEC3PARAM(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(NSEC3PARAM)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *NSEC3PARAM) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Hash, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Flags, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Iterations, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.SaltLength, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Salt, off, err = unpackStringHex(msg, off, off+int(rr.SaltLength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackOPENPGPKEY(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(OPENPGPKEY)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
+func (rr *NULL) unpack(msg []byte, off int) (off1 int, err error) {
+	rdStart := off
+	_ = rdStart
+
+	rr.Data, off, err = unpackStringAny(msg, off, rdStart+int(rr.Hdr.Rdlength))
+	if err != nil {
+		return off, err
 	}
-	var err error
+	return off, nil
+}
+
+func (rr *OPENPGPKEY) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackOPT(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(OPT)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *OPT) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Option, off, err = unpackDataOpt(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackPTR(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(PTR)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *PTR) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Ptr, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackPX(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(PX)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *PX) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Map822, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Mapx400, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackRFC3597(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(RFC3597)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *RFC3597) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Rdata, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackRKEY(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(RKEY)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *RKEY) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Flags, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Protocol, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackRP(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(RP)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *RP) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Mbox, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Txt, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackRRSIG(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(RRSIG)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *RRSIG) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.TypeCovered, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Labels, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.OrigTtl, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Expiration, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Inception, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.KeyTag, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.SignerName, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Signature, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackRT(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(RT)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *RT) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Preference, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Host, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackSIG(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(SIG)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *SIG) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.TypeCovered, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Labels, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.OrigTtl, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Expiration, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Inception, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.KeyTag, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.SignerName, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Signature, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackSMIMEA(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(SMIMEA)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *SMIMEA) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Usage, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Selector, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.MatchingType, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Certificate, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackSOA(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(SOA)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *SOA) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Ns, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Mbox, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Serial, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Refresh, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Retry, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Expire, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Minttl, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackSPF(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(SPF)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *SPF) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Txt, off, err = unpackStringTxt(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackSRV(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(SRV)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *SRV) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Priority, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Weight, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Port, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Target, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackSSHFP(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(SSHFP)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *SSHFP) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Type, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.FingerPrint, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackTA(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(TA)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *TA) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.KeyTag, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Algorithm, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.DigestType, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackTALINK(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(TALINK)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *TALINK) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.PreviousName, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.NextName, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackTKEY(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(TKEY)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *TKEY) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Algorithm, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Inception, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Expiration, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Mode, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Error, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.KeySize, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Key, off, err = unpackStringHex(msg, off, off+int(rr.KeySize))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	rr.OtherLen, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.OtherData, off, err = unpackStringHex(msg, off, off+int(rr.OtherLen))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackTLSA(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(TLSA)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *TLSA) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Usage, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Selector, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.MatchingType, off, err = unpackUint8(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Certificate, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackTSIG(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(TSIG)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *TSIG) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Algorithm, off, err = UnpackDomainName(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.TimeSigned, off, err = unpackUint48(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Fudge, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.MACSize, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.MAC, off, err = unpackStringHex(msg, off, off+int(rr.MACSize))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	rr.OrigId, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Error, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.OtherLen, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.OtherData, off, err = unpackStringHex(msg, off, off+int(rr.OtherLen))
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackTXT(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(TXT)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *TXT) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Txt, off, err = unpackStringTxt(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackUID(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(UID)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *UID) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Uid, off, err = unpackUint32(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackUINFO(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(UINFO)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *UINFO) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Uinfo, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackURI(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(URI)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *URI) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.Priority, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Weight, off, err = unpackUint16(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
 	if off == len(msg) {
-		return rr, off, nil
+		return off, nil
 	}
 	rr.Target, off, err = unpackStringOctet(msg, off)
 	if err != nil {
-		return rr, off, err
+		return off, err
 	}
-	return rr, off, err
+	return off, nil
 }
 
-func unpackX25(h RR_Header, msg []byte, off int) (RR, int, error) {
-	rr := new(X25)
-	rr.Hdr = h
-	if noRdata(h) {
-		return rr, off, nil
-	}
-	var err error
+func (rr *X25) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 
 	rr.PSDNAddress, off, err = unpackString(msg, off)
 	if err != nil {
-		return rr, off, err
-	}
-	return rr, off, err
-}
-
-var typeToUnpack = map[uint16]func(RR_Header, []byte, int) (RR, int, error){
-	TypeA:          unpackA,
-	TypeAAAA:       unpackAAAA,
-	TypeAFSDB:      unpackAFSDB,
-	TypeANY:        unpackANY,
-	TypeAVC:        unpackAVC,
-	TypeCAA:        unpackCAA,
-	TypeCDNSKEY:    unpackCDNSKEY,
-	TypeCDS:        unpackCDS,
-	TypeCERT:       unpackCERT,
-	TypeCNAME:      unpackCNAME,
-	TypeCSYNC:      unpackCSYNC,
-	TypeDHCID:      unpackDHCID,
-	TypeDLV:        unpackDLV,
-	TypeDNAME:      unpackDNAME,
-	TypeDNSKEY:     unpackDNSKEY,
-	TypeDS:         unpackDS,
-	TypeEID:        unpackEID,
-	TypeEUI48:      unpackEUI48,
-	TypeEUI64:      unpackEUI64,
-	TypeGID:        unpackGID,
-	TypeGPOS:       unpackGPOS,
-	TypeHINFO:      unpackHINFO,
-	TypeHIP:        unpackHIP,
-	TypeKEY:        unpackKEY,
-	TypeKX:         unpackKX,
-	TypeL32:        unpackL32,
-	TypeL64:        unpackL64,
-	TypeLOC:        unpackLOC,
-	TypeLP:         unpackLP,
-	TypeMB:         unpackMB,
-	TypeMD:         unpackMD,
-	TypeMF:         unpackMF,
-	TypeMG:         unpackMG,
-	TypeMINFO:      unpackMINFO,
-	TypeMR:         unpackMR,
-	TypeMX:         unpackMX,
-	TypeNAPTR:      unpackNAPTR,
-	TypeNID:        unpackNID,
-	TypeNIMLOC:     unpackNIMLOC,
-	TypeNINFO:      unpackNINFO,
-	TypeNS:         unpackNS,
-	TypeNSAPPTR:    unpackNSAPPTR,
-	TypeNSEC:       unpackNSEC,
-	TypeNSEC3:      unpackNSEC3,
-	TypeNSEC3PARAM: unpackNSEC3PARAM,
-	TypeOPENPGPKEY: unpackOPENPGPKEY,
-	TypeOPT:        unpackOPT,
-	TypePTR:        unpackPTR,
-	TypePX:         unpackPX,
-	TypeRKEY:       unpackRKEY,
-	TypeRP:         unpackRP,
-	TypeRRSIG:      unpackRRSIG,
-	TypeRT:         unpackRT,
-	TypeSIG:        unpackSIG,
-	TypeSMIMEA:     unpackSMIMEA,
-	TypeSOA:        unpackSOA,
-	TypeSPF:        unpackSPF,
-	TypeSRV:        unpackSRV,
-	TypeSSHFP:      unpackSSHFP,
-	TypeTA:         unpackTA,
-	TypeTALINK:     unpackTALINK,
-	TypeTKEY:       unpackTKEY,
-	TypeTLSA:       unpackTLSA,
-	TypeTSIG:       unpackTSIG,
-	TypeTXT:        unpackTXT,
-	TypeUID:        unpackUID,
-	TypeUINFO:      unpackUINFO,
-	TypeURI:        unpackURI,
-	TypeX25:        unpackX25,
+		return off, err
+	}
+	return off, nil
 }
diff --git a/vendor/github.com/miekg/dns/ztypes.go b/vendor/github.com/miekg/dns/ztypes.go
index 965753b11b27e..1cbd6d3fe53f0 100644
--- a/vendor/github.com/miekg/dns/ztypes.go
+++ b/vendor/github.com/miekg/dns/ztypes.go
@@ -13,6 +13,7 @@ var TypeToRR = map[uint16]func() RR{
 	TypeAAAA:       func() RR { return new(AAAA) },
 	TypeAFSDB:      func() RR { return new(AFSDB) },
 	TypeANY:        func() RR { return new(ANY) },
+	TypeAPL:        func() RR { return new(APL) },
 	TypeAVC:        func() RR { return new(AVC) },
 	TypeCAA:        func() RR { return new(CAA) },
 	TypeCDNSKEY:    func() RR { return new(CDNSKEY) },
@@ -54,6 +55,7 @@ var TypeToRR = map[uint16]func() RR{
 	TypeNSEC:       func() RR { return new(NSEC) },
 	TypeNSEC3:      func() RR { return new(NSEC3) },
 	TypeNSEC3PARAM: func() RR { return new(NSEC3PARAM) },
+	TypeNULL:       func() RR { return new(NULL) },
 	TypeOPENPGPKEY: func() RR { return new(OPENPGPKEY) },
 	TypeOPT:        func() RR { return new(OPT) },
 	TypePTR:        func() RR { return new(PTR) },
@@ -86,6 +88,7 @@ var TypeToString = map[uint16]string{
 	TypeAAAA:       "AAAA",
 	TypeAFSDB:      "AFSDB",
 	TypeANY:        "ANY",
+	TypeAPL:        "APL",
 	TypeATMA:       "ATMA",
 	TypeAVC:        "AVC",
 	TypeAXFR:       "AXFR",
@@ -168,6 +171,7 @@ func (rr *A) Header() *RR_Header          { return &rr.Hdr }
 func (rr *AAAA) Header() *RR_Header       { return &rr.Hdr }
 func (rr *AFSDB) Header() *RR_Header      { return &rr.Hdr }
 func (rr *ANY) Header() *RR_Header        { return &rr.Hdr }
+func (rr *APL) Header() *RR_Header        { return &rr.Hdr }
 func (rr *AVC) Header() *RR_Header        { return &rr.Hdr }
 func (rr *CAA) Header() *RR_Header        { return &rr.Hdr }
 func (rr *CDNSKEY) Header() *RR_Header    { return &rr.Hdr }
@@ -209,6 +213,7 @@ func (rr *NSAPPTR) Header() *RR_Header    { return &rr.Hdr }
 func (rr *NSEC) Header() *RR_Header       { return &rr.Hdr }
 func (rr *NSEC3) Header() *RR_Header      { return &rr.Hdr }
 func (rr *NSEC3PARAM) Header() *RR_Header { return &rr.Hdr }
+func (rr *NULL) Header() *RR_Header       { return &rr.Hdr }
 func (rr *OPENPGPKEY) Header() *RR_Header { return &rr.Hdr }
 func (rr *OPT) Header() *RR_Header        { return &rr.Hdr }
 func (rr *PTR) Header() *RR_Header        { return &rr.Hdr }
@@ -236,144 +241,157 @@ func (rr *URI) Header() *RR_Header        { return &rr.Hdr }
 func (rr *X25) Header() *RR_Header        { return &rr.Hdr }
 
 // len() functions
-func (rr *A) len() int {
-	l := rr.Hdr.len()
-	l += net.IPv4len // A
+func (rr *A) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	if len(rr.A) != 0 {
+		l += net.IPv4len
+	}
 	return l
 }
-func (rr *AAAA) len() int {
-	l := rr.Hdr.len()
-	l += net.IPv6len // AAAA
+func (rr *AAAA) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	if len(rr.AAAA) != 0 {
+		l += net.IPv6len
+	}
 	return l
 }
-func (rr *AFSDB) len() int {
-	l := rr.Hdr.len()
+func (rr *AFSDB) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Subtype
-	l += len(rr.Hostname) + 1
+	l += domainNameLen(rr.Hostname, off+l, compression, false)
 	return l
 }
-func (rr *ANY) len() int {
-	l := rr.Hdr.len()
+func (rr *ANY) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	return l
 }
-func (rr *AVC) len() int {
-	l := rr.Hdr.len()
+func (rr *APL) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	for _, x := range rr.Prefixes {
+		l += x.len()
+	}
+	return l
+}
+func (rr *AVC) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	for _, x := range rr.Txt {
 		l += len(x) + 1
 	}
 	return l
 }
-func (rr *CAA) len() int {
-	l := rr.Hdr.len()
+func (rr *CAA) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l++ // Flag
 	l += len(rr.Tag) + 1
 	l += len(rr.Value)
 	return l
 }
-func (rr *CERT) len() int {
-	l := rr.Hdr.len()
+func (rr *CERT) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Type
 	l += 2 // KeyTag
 	l++    // Algorithm
 	l += base64.StdEncoding.DecodedLen(len(rr.Certificate))
 	return l
 }
-func (rr *CNAME) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Target) + 1
+func (rr *CNAME) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Target, off+l, compression, true)
 	return l
 }
-func (rr *DHCID) len() int {
-	l := rr.Hdr.len()
+func (rr *DHCID) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += base64.StdEncoding.DecodedLen(len(rr.Digest))
 	return l
 }
-func (rr *DNAME) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Target) + 1
+func (rr *DNAME) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Target, off+l, compression, false)
 	return l
 }
-func (rr *DNSKEY) len() int {
-	l := rr.Hdr.len()
+func (rr *DNSKEY) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Flags
 	l++    // Protocol
 	l++    // Algorithm
 	l += base64.StdEncoding.DecodedLen(len(rr.PublicKey))
 	return l
 }
-func (rr *DS) len() int {
-	l := rr.Hdr.len()
+func (rr *DS) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // KeyTag
 	l++    // Algorithm
 	l++    // DigestType
-	l += len(rr.Digest)/2 + 1
+	l += len(rr.Digest) / 2
 	return l
 }
-func (rr *EID) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Endpoint)/2 + 1
+func (rr *EID) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += len(rr.Endpoint) / 2
 	return l
 }
-func (rr *EUI48) len() int {
-	l := rr.Hdr.len()
+func (rr *EUI48) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 6 // Address
 	return l
 }
-func (rr *EUI64) len() int {
-	l := rr.Hdr.len()
+func (rr *EUI64) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 8 // Address
 	return l
 }
-func (rr *GID) len() int {
-	l := rr.Hdr.len()
+func (rr *GID) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 4 // Gid
 	return l
 }
-func (rr *GPOS) len() int {
-	l := rr.Hdr.len()
+func (rr *GPOS) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += len(rr.Longitude) + 1
 	l += len(rr.Latitude) + 1
 	l += len(rr.Altitude) + 1
 	return l
 }
-func (rr *HINFO) len() int {
-	l := rr.Hdr.len()
+func (rr *HINFO) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += len(rr.Cpu) + 1
 	l += len(rr.Os) + 1
 	return l
 }
-func (rr *HIP) len() int {
-	l := rr.Hdr.len()
+func (rr *HIP) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l++    // HitLength
 	l++    // PublicKeyAlgorithm
 	l += 2 // PublicKeyLength
 	l += len(rr.Hit) / 2
 	l += base64.StdEncoding.DecodedLen(len(rr.PublicKey))
 	for _, x := range rr.RendezvousServers {
-		l += len(x) + 1
+		l += domainNameLen(x, off+l, compression, false)
 	}
 	return l
 }
-func (rr *KX) len() int {
-	l := rr.Hdr.len()
+func (rr *KX) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Preference
-	l += len(rr.Exchanger) + 1
+	l += domainNameLen(rr.Exchanger, off+l, compression, false)
 	return l
 }
-func (rr *L32) len() int {
-	l := rr.Hdr.len()
-	l += 2           // Preference
-	l += net.IPv4len // Locator32
+func (rr *L32) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += 2 // Preference
+	if len(rr.Locator32) != 0 {
+		l += net.IPv4len
+	}
 	return l
 }
-func (rr *L64) len() int {
-	l := rr.Hdr.len()
+func (rr *L64) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Preference
 	l += 8 // Locator64
 	return l
 }
-func (rr *LOC) len() int {
-	l := rr.Hdr.len()
+func (rr *LOC) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l++    // Version
 	l++    // Size
 	l++    // HorizPre
@@ -383,89 +401,89 @@ func (rr *LOC) len() int {
 	l += 4 // Altitude
 	return l
 }
-func (rr *LP) len() int {
-	l := rr.Hdr.len()
+func (rr *LP) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Preference
-	l += len(rr.Fqdn) + 1
+	l += domainNameLen(rr.Fqdn, off+l, compression, false)
 	return l
 }
-func (rr *MB) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Mb) + 1
+func (rr *MB) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Mb, off+l, compression, true)
 	return l
 }
-func (rr *MD) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Md) + 1
+func (rr *MD) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Md, off+l, compression, true)
 	return l
 }
-func (rr *MF) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Mf) + 1
+func (rr *MF) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Mf, off+l, compression, true)
 	return l
 }
-func (rr *MG) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Mg) + 1
+func (rr *MG) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Mg, off+l, compression, true)
 	return l
 }
-func (rr *MINFO) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Rmail) + 1
-	l += len(rr.Email) + 1
+func (rr *MINFO) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Rmail, off+l, compression, true)
+	l += domainNameLen(rr.Email, off+l, compression, true)
 	return l
 }
-func (rr *MR) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Mr) + 1
+func (rr *MR) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Mr, off+l, compression, true)
 	return l
 }
-func (rr *MX) len() int {
-	l := rr.Hdr.len()
+func (rr *MX) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Preference
-	l += len(rr.Mx) + 1
+	l += domainNameLen(rr.Mx, off+l, compression, true)
 	return l
 }
-func (rr *NAPTR) len() int {
-	l := rr.Hdr.len()
+func (rr *NAPTR) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Order
 	l += 2 // Preference
 	l += len(rr.Flags) + 1
 	l += len(rr.Service) + 1
 	l += len(rr.Regexp) + 1
-	l += len(rr.Replacement) + 1
+	l += domainNameLen(rr.Replacement, off+l, compression, false)
 	return l
 }
-func (rr *NID) len() int {
-	l := rr.Hdr.len()
+func (rr *NID) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Preference
 	l += 8 // NodeID
 	return l
 }
-func (rr *NIMLOC) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Locator)/2 + 1
+func (rr *NIMLOC) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += len(rr.Locator) / 2
 	return l
 }
-func (rr *NINFO) len() int {
-	l := rr.Hdr.len()
+func (rr *NINFO) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	for _, x := range rr.ZSData {
 		l += len(x) + 1
 	}
 	return l
 }
-func (rr *NS) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Ns) + 1
+func (rr *NS) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Ns, off+l, compression, true)
 	return l
 }
-func (rr *NSAPPTR) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Ptr) + 1
+func (rr *NSAPPTR) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Ptr, off+l, compression, false)
 	return l
 }
-func (rr *NSEC3PARAM) len() int {
-	l := rr.Hdr.len()
+func (rr *NSEC3PARAM) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l++    // Hash
 	l++    // Flags
 	l += 2 // Iterations
@@ -473,44 +491,49 @@ func (rr *NSEC3PARAM) len() int {
 	l += len(rr.Salt) / 2
 	return l
 }
-func (rr *OPENPGPKEY) len() int {
-	l := rr.Hdr.len()
+func (rr *NULL) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += len(rr.Data)
+	return l
+}
+func (rr *OPENPGPKEY) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += base64.StdEncoding.DecodedLen(len(rr.PublicKey))
 	return l
 }
-func (rr *PTR) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Ptr) + 1
+func (rr *PTR) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Ptr, off+l, compression, true)
 	return l
 }
-func (rr *PX) len() int {
-	l := rr.Hdr.len()
+func (rr *PX) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Preference
-	l += len(rr.Map822) + 1
-	l += len(rr.Mapx400) + 1
+	l += domainNameLen(rr.Map822, off+l, compression, false)
+	l += domainNameLen(rr.Mapx400, off+l, compression, false)
 	return l
 }
-func (rr *RFC3597) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Rdata)/2 + 1
+func (rr *RFC3597) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += len(rr.Rdata) / 2
 	return l
 }
-func (rr *RKEY) len() int {
-	l := rr.Hdr.len()
+func (rr *RKEY) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Flags
 	l++    // Protocol
 	l++    // Algorithm
 	l += base64.StdEncoding.DecodedLen(len(rr.PublicKey))
 	return l
 }
-func (rr *RP) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Mbox) + 1
-	l += len(rr.Txt) + 1
+func (rr *RP) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Mbox, off+l, compression, false)
+	l += domainNameLen(rr.Txt, off+l, compression, false)
 	return l
 }
-func (rr *RRSIG) len() int {
-	l := rr.Hdr.len()
+func (rr *RRSIG) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // TypeCovered
 	l++    // Algorithm
 	l++    // Labels
@@ -518,28 +541,28 @@ func (rr *RRSIG) len() int {
 	l += 4 // Expiration
 	l += 4 // Inception
 	l += 2 // KeyTag
-	l += len(rr.SignerName) + 1
+	l += domainNameLen(rr.SignerName, off+l, compression, false)
 	l += base64.StdEncoding.DecodedLen(len(rr.Signature))
 	return l
 }
-func (rr *RT) len() int {
-	l := rr.Hdr.len()
+func (rr *RT) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Preference
-	l += len(rr.Host) + 1
+	l += domainNameLen(rr.Host, off+l, compression, false)
 	return l
 }
-func (rr *SMIMEA) len() int {
-	l := rr.Hdr.len()
+func (rr *SMIMEA) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l++ // Usage
 	l++ // Selector
 	l++ // MatchingType
-	l += len(rr.Certificate)/2 + 1
+	l += len(rr.Certificate) / 2
 	return l
 }
-func (rr *SOA) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Ns) + 1
-	l += len(rr.Mbox) + 1
+func (rr *SOA) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Ns, off+l, compression, true)
+	l += domainNameLen(rr.Mbox, off+l, compression, true)
 	l += 4 // Serial
 	l += 4 // Refresh
 	l += 4 // Retry
@@ -547,45 +570,45 @@ func (rr *SOA) len() int {
 	l += 4 // Minttl
 	return l
 }
-func (rr *SPF) len() int {
-	l := rr.Hdr.len()
+func (rr *SPF) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	for _, x := range rr.Txt {
 		l += len(x) + 1
 	}
 	return l
 }
-func (rr *SRV) len() int {
-	l := rr.Hdr.len()
+func (rr *SRV) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Priority
 	l += 2 // Weight
 	l += 2 // Port
-	l += len(rr.Target) + 1
+	l += domainNameLen(rr.Target, off+l, compression, false)
 	return l
 }
-func (rr *SSHFP) len() int {
-	l := rr.Hdr.len()
+func (rr *SSHFP) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l++ // Algorithm
 	l++ // Type
-	l += len(rr.FingerPrint)/2 + 1
+	l += len(rr.FingerPrint) / 2
 	return l
 }
-func (rr *TA) len() int {
-	l := rr.Hdr.len()
+func (rr *TA) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // KeyTag
 	l++    // Algorithm
 	l++    // DigestType
-	l += len(rr.Digest)/2 + 1
+	l += len(rr.Digest) / 2
 	return l
 }
-func (rr *TALINK) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.PreviousName) + 1
-	l += len(rr.NextName) + 1
+func (rr *TALINK) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.PreviousName, off+l, compression, false)
+	l += domainNameLen(rr.NextName, off+l, compression, false)
 	return l
 }
-func (rr *TKEY) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Algorithm) + 1
+func (rr *TKEY) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Algorithm, off+l, compression, false)
 	l += 4 // Inception
 	l += 4 // Expiration
 	l += 2 // Mode
@@ -596,17 +619,17 @@ func (rr *TKEY) len() int {
 	l += len(rr.OtherData) / 2
 	return l
 }
-func (rr *TLSA) len() int {
-	l := rr.Hdr.len()
+func (rr *TLSA) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l++ // Usage
 	l++ // Selector
 	l++ // MatchingType
-	l += len(rr.Certificate)/2 + 1
+	l += len(rr.Certificate) / 2
 	return l
 }
-func (rr *TSIG) len() int {
-	l := rr.Hdr.len()
-	l += len(rr.Algorithm) + 1
+func (rr *TSIG) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += domainNameLen(rr.Algorithm, off+l, compression, false)
 	l += 6 // TimeSigned
 	l += 2 // Fudge
 	l += 2 // MACSize
@@ -617,32 +640,32 @@ func (rr *TSIG) len() int {
 	l += len(rr.OtherData) / 2
 	return l
 }
-func (rr *TXT) len() int {
-	l := rr.Hdr.len()
+func (rr *TXT) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	for _, x := range rr.Txt {
 		l += len(x) + 1
 	}
 	return l
 }
-func (rr *UID) len() int {
-	l := rr.Hdr.len()
+func (rr *UID) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 4 // Uid
 	return l
 }
-func (rr *UINFO) len() int {
-	l := rr.Hdr.len()
+func (rr *UINFO) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += len(rr.Uinfo) + 1
 	return l
 }
-func (rr *URI) len() int {
-	l := rr.Hdr.len()
+func (rr *URI) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += 2 // Priority
 	l += 2 // Weight
 	l += len(rr.Target)
 	return l
 }
-func (rr *X25) len() int {
-	l := rr.Hdr.len()
+func (rr *X25) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
 	l += len(rr.PSDNAddress) + 1
 	return l
 }
@@ -660,6 +683,13 @@ func (rr *AFSDB) copy() RR {
 func (rr *ANY) copy() RR {
 	return &ANY{rr.Hdr}
 }
+func (rr *APL) copy() RR {
+	Prefixes := make([]APLPrefix, len(rr.Prefixes))
+	for i := range rr.Prefixes {
+		Prefixes[i] = rr.Prefixes[i].copy()
+	}
+	return &APL{rr.Hdr, Prefixes}
+}
 func (rr *AVC) copy() RR {
 	Txt := make([]string, len(rr.Txt))
 	copy(Txt, rr.Txt)
@@ -783,12 +813,17 @@ func (rr *NSEC3) copy() RR {
 func (rr *NSEC3PARAM) copy() RR {
 	return &NSEC3PARAM{rr.Hdr, rr.Hash, rr.Flags, rr.Iterations, rr.SaltLength, rr.Salt}
 }
+func (rr *NULL) copy() RR {
+	return &NULL{rr.Hdr, rr.Data}
+}
 func (rr *OPENPGPKEY) copy() RR {
 	return &OPENPGPKEY{rr.Hdr, rr.PublicKey}
 }
 func (rr *OPT) copy() RR {
 	Option := make([]EDNS0, len(rr.Option))
-	copy(Option, rr.Option)
+	for i, e := range rr.Option {
+		Option[i] = e.copy()
+	}
 	return &OPT{rr.Hdr, Option}
 }
 func (rr *PTR) copy() RR {
diff --git a/vendor/github.com/mistifyio/go-zfs/README.md b/vendor/github.com/mistifyio/go-zfs/README.md
index 2515e588e0db3..fef80d727b18f 100644
--- a/vendor/github.com/mistifyio/go-zfs/README.md
+++ b/vendor/github.com/mistifyio/go-zfs/README.md
@@ -29,7 +29,7 @@ The tests have decent examples for most functions.
 
 ```go
 //assuming a zpool named test
-//error handling ommitted
+//error handling omitted
 
 
 f, err := zfs.CreateFilesystem("test/snapshot-test", nil)
diff --git a/vendor/github.com/mistifyio/go-zfs/utils.go b/vendor/github.com/mistifyio/go-zfs/utils.go
index c7178d6f6772f..c18c2c3dae6b1 100644
--- a/vendor/github.com/mistifyio/go-zfs/utils.go
+++ b/vendor/github.com/mistifyio/go-zfs/utils.go
@@ -11,7 +11,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 )
 
 type command struct {
@@ -38,7 +38,7 @@ func (c *command) Run(arg ...string) ([][]string, error) {
 	}
 	cmd.Stderr = &stderr
 
-	id := uuid.New()
+	id := uuid.New().String()
 	joinedArgs := strings.Join(cmd.Args, " ")
 
 	logger.Log([]string{"ID:" + id, "START", joinedArgs})
@@ -48,7 +48,7 @@ func (c *command) Run(arg ...string) ([][]string, error) {
 	if err != nil {
 		return nil, &Error{
 			Err:    err,
-			Debug:  strings.Join([]string{cmd.Path, joinedArgs}, " "),
+			Debug:  strings.Join([]string{cmd.Path, joinedArgs[1:]}, " "),
 			Stderr: stderr.String(),
 		}
 	}
@@ -118,20 +118,24 @@ func (ds *Dataset) parseLine(line []string) error {
 	if err = setUint(&ds.Quota, line[8]); err != nil {
 		return err
 	}
+	if err = setUint(&ds.Referenced, line[9]); err != nil {
+		return err
+	}
 
 	if runtime.GOOS == "solaris" {
 		return nil
 	}
 
-	if err = setUint(&ds.Written, line[9]); err != nil {
+	if err = setUint(&ds.Written, line[10]); err != nil {
 		return err
 	}
-	if err = setUint(&ds.Logicalused, line[10]); err != nil {
+	if err = setUint(&ds.Logicalused, line[11]); err != nil {
 		return err
 	}
-	if err = setUint(&ds.Usedbydataset, line[11]); err != nil {
+	if err = setUint(&ds.Usedbydataset, line[12]); err != nil {
 		return err
 	}
+
 	return nil
 }
 
@@ -337,7 +341,11 @@ func (z *Zpool) parseLine(line []string) error {
 		err = setUint(&z.Free, val)
 	case "fragmentation":
 		// Trim trailing "%" before parsing uint
-		err = setUint(&z.Fragmentation, val[:len(val)-1])
+		i := strings.Index(val, "%")
+		if i < 0 {
+			i = len(val)
+		}
+		err = setUint(&z.Fragmentation, val[:i])
 	case "readonly":
 		z.ReadOnly = val == "on"
 	case "freeing":
diff --git a/vendor/github.com/mistifyio/go-zfs/utils_notsolaris.go b/vendor/github.com/mistifyio/go-zfs/utils_notsolaris.go
index b2b0cd966f665..a46f73060d177 100644
--- a/vendor/github.com/mistifyio/go-zfs/utils_notsolaris.go
+++ b/vendor/github.com/mistifyio/go-zfs/utils_notsolaris.go
@@ -7,7 +7,7 @@ import (
 )
 
 // List of ZFS properties to retrieve from zfs list command on a non-Solaris platform
-var dsPropList = []string{"name", "origin", "used", "available", "mountpoint", "compression", "type", "volsize", "quota", "written", "logicalused", "usedbydataset"}
+var dsPropList = []string{"name", "origin", "used", "available", "mountpoint", "compression", "type", "volsize", "quota", "referenced", "written", "logicalused", "usedbydataset"}
 
 var dsPropListOptions = strings.Join(dsPropList, ",")
 
diff --git a/vendor/github.com/mistifyio/go-zfs/utils_solaris.go b/vendor/github.com/mistifyio/go-zfs/utils_solaris.go
index 4b0a9e92cbc34..0a7e90f22276f 100644
--- a/vendor/github.com/mistifyio/go-zfs/utils_solaris.go
+++ b/vendor/github.com/mistifyio/go-zfs/utils_solaris.go
@@ -7,7 +7,7 @@ import (
 )
 
 // List of ZFS properties to retrieve from zfs list command on a Solaris platform
-var dsPropList = []string{"name", "origin", "used", "available", "mountpoint", "compression", "type", "volsize", "quota"}
+var dsPropList = []string{"name", "origin", "used", "available", "mountpoint", "compression", "type", "volsize", "quota", "referenced"}
 
 var dsPropListOptions = strings.Join(dsPropList, ",")
 
diff --git a/vendor/github.com/mistifyio/go-zfs/zfs.go b/vendor/github.com/mistifyio/go-zfs/zfs.go
index 615337d03be75..4e5087ffe2885 100644
--- a/vendor/github.com/mistifyio/go-zfs/zfs.go
+++ b/vendor/github.com/mistifyio/go-zfs/zfs.go
@@ -35,6 +35,7 @@ type Dataset struct {
 	Logicalused   uint64
 	Usedbydataset uint64
 	Quota         uint64
+	Referenced    uint64
 }
 
 // InodeType is the type of inode as reported by Diff
@@ -307,7 +308,7 @@ func (d *Dataset) SetProperty(key, val string) error {
 // A full list of available ZFS properties may be found here:
 // https://www.freebsd.org/cgi/man.cgi?zfs(8).
 func (d *Dataset) GetProperty(key string) (string, error) {
-	out, err := zfs("get", key, d.Name)
+	out, err := zfs("get", "-H", key, d.Name)
 	if err != nil {
 		return "", err
 	}
diff --git a/vendor/github.com/mitchellh/hashstructure/go.mod b/vendor/github.com/mitchellh/hashstructure/go.mod
new file mode 100644
index 0000000000000..966582aa95b41
--- /dev/null
+++ b/vendor/github.com/mitchellh/hashstructure/go.mod
@@ -0,0 +1 @@
+module github.com/mitchellh/hashstructure
diff --git a/vendor/github.com/moby/buildkit/README.md b/vendor/github.com/moby/buildkit/README.md
index ae8c566f21188..635366f2fe057 100644
--- a/vendor/github.com/moby/buildkit/README.md
+++ b/vendor/github.com/moby/buildkit/README.md
@@ -1,274 +1,518 @@
 [![asciicinema example](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU.png)](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU)
 
-
-## BuildKit
+# BuildKit
 
 [![GoDoc](https://godoc.org/github.com/moby/buildkit?status.svg)](https://godoc.org/github.com/moby/buildkit/client/llb)
-[![Build Status](https://travis-ci.org/moby/buildkit.svg?branch=master)](https://travis-ci.org/moby/buildkit)
+[![Build Status](https://github.com/moby/buildkit/workflows/build/badge.svg)](https://github.com/moby/buildkit/actions?query=workflow%3Abuild)
 [![Go Report Card](https://goreportcard.com/badge/github.com/moby/buildkit)](https://goreportcard.com/report/github.com/moby/buildkit)
-
+[![codecov](https://codecov.io/gh/moby/buildkit/branch/master/graph/badge.svg)](https://codecov.io/gh/moby/buildkit)
 
 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.
 
 Key features:
-- Automatic garbage collection
-- Extendable frontend formats
-- Concurrent dependency resolution
-- Efficient instruction caching
-- Build cache import/export
-- Nested build job invocations
-- Distributable workers
-- Multiple output formats
-- Pluggable architecture
-- Execution without root privileges
 
+-   Automatic garbage collection
+-   Extendable frontend formats
+-   Concurrent dependency resolution
+-   Efficient instruction caching
+-   Build cache import/export
+-   Nested build job invocations
+-   Distributable workers
+-   Multiple output formats
+-   Pluggable architecture
+-   Execution without root privileges
 
 Read the proposal from https://github.com/moby/moby/issues/32925
 
 Introductory blog post https://blog.mobyproject.org/introducing-buildkit-17e056cc5317
 
-### Used by
+Join `#buildkit` channel on [Docker Community Slack](http://dockr.ly/slack)
+
+:information_source: If you are visiting this repo for the usage of BuildKit-only Dockerfile features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)`, please refer to [`frontend/dockerfile/docs/syntax.md`](frontend/dockerfile/docs/syntax.md).
+
+:information_source: [BuildKit has been integrated to `docker build` since Docker 18.06 .](https://docs.docker.com/develop/develop-images/build_enhancements/)
+You don't need to read this document unless you want to use the full-featured standalone version of BuildKit.
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+
+- [Used by](#used-by)
+- [Quick start](#quick-start)
+  - [Starting the `buildkitd` daemon:](#starting-the-buildkitd-daemon)
+  - [Exploring LLB](#exploring-llb)
+  - [Exploring Dockerfiles](#exploring-dockerfiles)
+    - [Building a Dockerfile with `buildctl`](#building-a-dockerfile-with-buildctl)
+    - [Building a Dockerfile using external frontend:](#building-a-dockerfile-using-external-frontend)
+    - [Building a Dockerfile with experimental features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)`](#building-a-dockerfile-with-experimental-features-like-run---mounttypebindcachetmpfssecretssh)
+  - [Output](#output)
+    - [Image/Registry](#imageregistry)
+    - [Local directory](#local-directory)
+    - [Docker tarball](#docker-tarball)
+    - [OCI tarball](#oci-tarball)
+    - [containerd image store](#containerd-image-store)
+- [Cache](#cache)
+  - [Garbage collection](#garbage-collection)
+  - [Export cache](#export-cache)
+    - [Inline (push image and cache together)](#inline-push-image-and-cache-together)
+    - [Registry (push image and cache separately)](#registry-push-image-and-cache-separately)
+    - [Local directory](#local-directory-1)
+    - [`--export-cache` options](#--export-cache-options)
+    - [`--import-cache` options](#--import-cache-options)
+  - [Consistent hashing](#consistent-hashing)
+- [Systemd socket activation](#systemd-socket-activation)
+- [Expose BuildKit as a TCP service](#expose-buildkit-as-a-tcp-service)
+  - [Load balancing](#load-balancing)
+- [Containerizing BuildKit](#containerizing-buildkit)
+  - [Podman](#podman)
+  - [Kubernetes](#kubernetes)
+  - [Daemonless](#daemonless)
+- [Opentracing support](#opentracing-support)
+- [Running BuildKit without root privileges](#running-buildkit-without-root-privileges)
+- [Building multi-platform images](#building-multi-platform-images)
+- [Contributing](#contributing)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Used by
+
+BuildKit is used by the following projects:
+
+-   [Moby & Docker](https://github.com/moby/moby/pull/37151) (`DOCKER_BUILDKIT=1 docker build`)
+-   [img](https://github.com/genuinetools/img)
+-   [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud)
+-   [container build interface](https://github.com/containerbuilding/cbi)
+-   [Tekton Pipelines](https://github.com/tektoncd/catalog) (formerly [Knative Build Templates](https://github.com/knative/build-templates))
+-   [the Sanic build tool](https://github.com/distributed-containers-inc/sanic)
+-   [vab](https://github.com/stellarproject/vab)
+-   [Rio](https://github.com/rancher/rio)
+-   [kim](https://github.com/rancher/kim)
+-   [PouchContainer](https://github.com/alibaba/pouch)
+-   [Docker buildx](https://github.com/docker/buildx)
+-   [Okteto Cloud](https://okteto.com/)
+-   [Earthly earthfiles](https://github.com/vladaionescu/earthly)
+
+## Quick start
+
+:information_source: For Kubernetes deployments, see [`examples/kubernetes`](./examples/kubernetes).
+
+BuildKit is composed of the `buildkitd` daemon and the `buildctl` client.
+While the `buildctl` client is available for Linux, macOS, and Windows, the `buildkitd` daemon is only available for Linux currently.
+
+The `buildkitd` daemon requires the following components to be installed:
+-   [runc](https://github.com/opencontainers/runc) or [crun](https://github.com/containers/crun)
+-   [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker)
+
+The latest binaries of BuildKit are available [here](https://github.com/moby/buildkit/releases) for Linux, macOS, and Windows.
+
+[Homebrew package](https://formulae.brew.sh/formula/buildkit) (unofficial) is available for macOS.
+```console
+$ brew install buildkit
+```
+
+To build BuildKit from source, see [`.github/CONTRIBUTING.md`](./.github/CONTRIBUTING.md).
+
+### Starting the `buildkitd` daemon:
+
+You need to run `buildkitd` as the root user on the host.
 
-[Moby](https://github.com/moby/moby/pull/37151)
+```bash
+$ sudo buildkitd
+```
 
-[img](https://github.com/genuinetools/img)
+To run `buildkitd` as a non-root user, see [`docs/rootless.md`](docs/rootless.md).
 
-[OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud)
+The buildkitd daemon supports two worker backends: OCI (runc) and containerd.
 
-[container build interface](https://github.com/containerbuilding/cbi)
+By default, the OCI (runc) worker is used. You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker.
 
-### Quick start
+We are open to adding more backends.
 
-Dependencies:
-- [runc](https://github.com/opencontainers/runc)
-- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker)
+To start the buildkitd daemon using systemd socket activiation, you can install the buildkit systemd unit files.
+See [Systemd socket activation](#systemd-socket-activation)
 
+The buildkitd daemon listens gRPC API on `/run/buildkit/buildkitd.sock` by default, but you can also use TCP sockets.
+See [Expose BuildKit as a TCP service](#expose-buildkit-as-a-tcp-service).
 
-The following command installs `buildkitd` and `buildctl` to `/usr/local/bin`:
+### Exploring LLB
 
-```bash
-$ make && sudo make install
-```
+BuildKit builds are based on a binary intermediate format called LLB that is used for defining the dependency graph for processes running part of your build. tl;dr: LLB is to Dockerfile what LLVM IR is to C.
 
-You can also use `make binaries-all` to prepare `buildkitd.containerd_only` and `buildkitd.oci_only`.
+-   Marshaled as Protobuf messages
+-   Concurrently executable
+-   Efficiently cacheable
+-   Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented)
 
-#### Starting the buildkitd daemon:
+See [`solver/pb/ops.proto`](./solver/pb/ops.proto) for the format definition, and see [`./examples/README.md`](./examples/README.md) for example LLB applications.
 
-```
-buildkitd --debug --root /var/lib/buildkit
-```
+Currently, the following high-level languages has been implemented for LLB:
 
-The buildkitd daemon supports two worker backends: OCI (runc) and containerd.
+-   Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles))
+-   [Buildpacks](https://github.com/tonistiigi/buildkit-pack)
+-   [Mockerfile](https://matt-rickard.com/building-a-new-dockerfile-frontend/)
+-   [Gockerfile](https://github.com/po3rin/gockerfile)
+-   [bldr (Pkgfile)](https://github.com/talos-systems/bldr/)
+-   [HLB](https://github.com/openllb/hlb)
+-   [Earthfile (Earthly)](https://github.com/earthly/earthly)
+-   [Cargo Wharf (Rust)](https://github.com/denzp/cargo-wharf)
+-   (open a PR to add your own language)
 
-By default, the OCI (runc) worker is used.
-You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker.
+### Exploring Dockerfiles
 
-We are open to adding more backends.
+Frontends are components that run inside BuildKit and convert any build definition to LLB. There is a special frontend called gateway (`gateway.v0`) that allows using any image as a frontend.
 
-#### Exploring LLB
+During development, Dockerfile frontend (`dockerfile.v0`) is also part of the BuildKit repo. In the future, this will be moved out, and Dockerfiles can be built using an external image.
 
-BuildKit builds are based on a binary intermediate format called LLB that is used for defining the dependency graph for processes running part of your build. tl;dr: LLB is to Dockerfile what LLVM IR is to C.
+#### Building a Dockerfile with `buildctl`
+
+```bash
+buildctl build \
+    --frontend=dockerfile.v0 \
+    --local context=. \
+    --local dockerfile=.
+# or
+buildctl build \
+    --frontend=dockerfile.v0 \
+    --local context=. \
+    --local dockerfile=. \
+    --opt target=foo \
+    --opt build-arg:foo=bar
+```
+
+`--local` exposes local source files from client to the builder. `context` and `dockerfile` are the names Dockerfile frontend looks for build context and Dockerfile location.
 
-- Marshaled as Protobuf messages
-- Concurrently executable
-- Efficiently cacheable
-- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented)
+#### Building a Dockerfile using external frontend:
 
-See [`solver/pb/ops.proto`](./solver/pb/ops.proto) for the format definition.
+External versions of the Dockerfile frontend are pushed to https://hub.docker.com/r/docker/dockerfile-upstream and https://hub.docker.com/r/docker/dockerfile and can be used with the gateway frontend. The source for the external frontend is currently located in `./frontend/dockerfile/cmd/dockerfile-frontend` but will move out of this repository in the future ([#163](https://github.com/moby/buildkit/issues/163)). For automatic build from master branch of this repository `docker/dockerfile-upstream:master` or `docker/dockerfile-upstream:master-labs` image can be used.
 
-Currently, following high-level languages has been implemented for LLB:
+```bash
+buildctl build \
+    --frontend gateway.v0 \
+    --opt source=docker/dockerfile \
+    --local context=. \
+    --local dockerfile=.
+buildctl build \
+    --frontend gateway.v0 \
+    --opt source=docker/dockerfile \
+    --opt context=git://github.com/moby/moby \
+    --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org
+```
+
+#### Building a Dockerfile with experimental features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)`
 
-- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles))
-- (open a PR to add your own language)
+See [`frontend/dockerfile/docs/experimental.md`](frontend/dockerfile/docs/experimental.md).
 
-For understanding the basics of LLB, `examples/buildkit*` directory contains scripts that define how to build different configurations of BuildKit itself and its dependencies using the `client` package. Running one of these scripts generates a protobuf definition of a build graph. Note that the script itself does not execute any steps of the build.
+### Output
 
-You can use `buildctl debug dump-llb` to see what data is in this definition. Add `--dot` to generate dot layout.
+By default, the build result and intermediate cache will only remain internally in BuildKit. An output needs to be specified to retrieve the result.
+
+#### Image/Registry
 
 ```bash
-go run examples/buildkit0/buildkit.go | buildctl debug dump-llb | jq .
+buildctl build ... --output type=image,name=docker.io/username/image,push=true
 ```
 
-To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. 
+To export the cache embed with the image and pushing them to registry together, type `registry` is required to import the cache, you should specify `--export-cache type=inline` and `--import-cache type=registry,ref=...`. To export the cache to a local directy, you should specify `--export-cache type=local`.
+Details in [Export cache](#export-cache).
 
 ```bash
-go run examples/buildkit0/buildkit.go | buildctl build
+buildctl build ...\
+  --output type=image,name=docker.io/username/image,push=true \
+  --export-cache type=inline \
+  --import-cache type=registry,ref=docker.io/username/image
 ```
 
-`buildctl build` will show interactive progress bar by default while the build job is running. It will also show you the path to the trace file that contains all information about the timing of the individual steps and logs.
+Keys supported by image output:
+* `name=[value]`: image name
+* `push=true`: push after creating the image
+* `push-by-digest=true`: push unnamed image
+* `registry.insecure=true`: push to insecure HTTP registry
+* `oci-mediatypes=true`: use OCI mediatypes in configuration JSON instead of Docker's
+* `unpack=true`: unpack image after creation (for use with containerd)
+* `dangling-name-prefix=[value]`: name image with `prefix@<digest>` , used for anonymous images
+* `name-canonical=true`: add additional canonical name `name@<digest>`
+* `compression=[uncompressed,gzip]`: choose compression type for layer, gzip is default value
 
-Different versions of the example scripts show different ways of describing the build definition for this project to show the capabilities of the library. New versions have been added when new features have become available.
 
-- `./examples/buildkit0` - uses only exec operations, defines a full stage per component.
-- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency.
-- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching.
-- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path`  
-- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes
-- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies
+If credentials are required, `buildctl` will attempt to read Docker configuration file `$DOCKER_CONFIG/config.json`.
+`$DOCKER_CONFIG` defaults to `~/.docker`.
 
+#### Local directory
 
-#### Exploring Dockerfiles
+The local client will copy the files directly to the client. This is useful if BuildKit is being used for building something else than container images.
 
-Frontends are components that run inside BuildKit and convert any build definition to LLB. There is a special frontend called gateway (gateway.v0) that allows using any image as a frontend.
+```bash
+buildctl build ... --output type=local,dest=path/to/output-dir
+```
 
-During development, Dockerfile frontend (dockerfile.v0) is also part of the BuildKit repo. In the future, this will be moved out, and Dockerfiles can be built using an external image.
+To export specific files use multi-stage builds with a scratch stage and copy the needed files into that stage with `COPY --from`.
 
-##### Building a Dockerfile with `buildctl`
+```dockerfile
+...
+FROM scratch as testresult
 
+COPY --from=builder /usr/src/app/testresult.xml .
+...
 ```
-buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=.
-buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --frontend-opt target=foo --frontend-opt build-arg:foo=bar
+
+```bash
+buildctl build ... --opt target=testresult --output type=local,dest=path/to/output-dir
 ```
 
-`--local` exposes local source files from client to the builder. `context` and `dockerfile` are the names Dockerfile frontend looks for build context and Dockerfile location.
+Tar exporter is similar to local exporter but transfers the files through a tarball.
 
-##### build-using-dockerfile utility
+```bash
+buildctl build ... --output type=tar,dest=out.tar
+buildctl build ... --output type=tar > out.tar
+```
 
-For people familiar with `docker build` command, there is an example wrapper utility in `./examples/build-using-dockerfile` that allows building Dockerfiles with BuildKit using a syntax similar to `docker build`.
+#### Docker tarball
 
+```bash
+# exported tarball is also compatible with OCI spec
+buildctl build ... --output type=docker,name=myimage | docker load
 ```
-go build ./examples/build-using-dockerfile && sudo install build-using-dockerfile /usr/local/bin
 
-build-using-dockerfile -t myimage .
-build-using-dockerfile -t mybuildkit -f ./hack/dockerfiles/test.Dockerfile .
+#### OCI tarball
 
-# build-using-dockerfile will automatically load the resulting image to Docker
-docker inspect myimage
+```bash
+buildctl build ... --output type=oci,dest=path/to/output.tar
+buildctl build ... --output type=oci > output.tar
 ```
+#### containerd image store
 
-##### Building a Dockerfile using [external frontend](https://hub.docker.com/r/tonistiigi/dockerfile/tags/):
-
-During development, an external version of the Dockerfile frontend is pushed to https://hub.docker.com/r/tonistiigi/dockerfile that can be used with the gateway frontend. The source for the external frontend is currently located in `./frontend/dockerfile/cmd/dockerfile-frontend` but will move out of this repository in the future ([#163](https://github.com/moby/buildkit/issues/163)). For automatic build from master branch of this repository `tonistiigi/dockerfile:master` image can be used.
+The containerd worker needs to be used
 
+```bash
+buildctl build ... --output type=image,name=docker.io/username/image
+ctr --namespace=buildkit images ls
 ```
-buildctl build --frontend=gateway.v0 --frontend-opt=source=tonistiigi/dockerfile --local context=. --local dockerfile=.
-buildctl build --frontend gateway.v0 --frontend-opt=source=tonistiigi/dockerfile --frontend-opt=context=git://github.com/moby/moby --frontend-opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org
-````
 
-### Exporters
+To change the containerd namespace, you need to change `worker.containerd.namespace` in [`/etc/buildkit/buildkitd.toml`](./docs/buildkitd.toml.md).
 
-By default, the build result and intermediate cache will only remain internally in BuildKit. Exporter needs to be specified to retrieve the result.
 
-##### Exporting resulting image to containerd
+## Cache
 
-The containerd worker needs to be used
+To show local build cache (`/var/lib/buildkit`):
 
+```bash
+buildctl du -v
 ```
-buildctl build ... --exporter=image --exporter-opt name=docker.io/username/image
-ctr --namespace=buildkit images ls
+
+To prune local build cache:
+```bash
+buildctl prune
 ```
 
-##### Push resulting image to registry
+### Garbage collection
 
-```
-buildctl build ... --exporter=image --exporter-opt name=docker.io/username/image --exporter-opt push=true
-```
+See [`./docs/buildkitd.toml.md`](./docs/buildkitd.toml.md).
 
-If credentials are required, `buildctl` will attempt to read Docker configuration file.
+### Export cache
 
+BuildKit supports the following cache exporters:
+* `inline`: embed the cache into the image, and push them to the registry together
+* `registry`: push the image and the cache separately
+* `local`: export to a local directory
 
-##### Exporting build result back to client
+In most case you want to use the `inline` cache exporter.
+However, note that the `inline` cache exporter only supports `min` cache mode. 
+To enable `max` cache mode, push the image and the cache separately by using `registry` cache exporter.
 
-The local client will copy the files directly to the client. This is useful if BuildKit is being used for building something else than container images.
+#### Inline (push image and cache together)
 
-```
-buildctl build ... --exporter=local --exporter-opt output=path/to/output-dir
+```bash
+buildctl build ... \
+  --output type=image,name=docker.io/username/image,push=true \
+  --export-cache type=inline \
+  --import-cache type=registry,ref=docker.io/username/image
 ```
 
-##### Exporting built image to Docker
+Note that the inline cache is not imported unless `--import-cache type=registry,ref=...` is provided.
 
-```
-# exported tarball is also compatible with OCI spec
-buildctl build ... --exporter=docker --exporter-opt name=myimage | docker load
-```
+:information_source: Docker-integrated BuildKit (`DOCKER_BUILDKIT=1 docker build`) and `docker buildx`requires 
+`--build-arg BUILDKIT_INLINE_CACHE=1` to be specified to enable the `inline` cache exporter.
+However, the standalone `buildctl` does NOT require `--opt build-arg:BUILDKIT_INLINE_CACHE=1` and the build-arg is simply ignored.
 
-##### Exporting [OCI Image Format](https://github.com/opencontainers/image-spec) tarball to client
+#### Registry (push image and cache separately)
 
+```bash
+buildctl build ... \
+  --output type=image,name=localhost:5000/myrepo:image,push=true \
+  --export-cache type=registry,ref=localhost:5000/myrepo:buildcache \
+  --import-cache type=registry,ref=localhost:5000/myrepo:buildcache \
 ```
-buildctl build ... --exporter=oci --exporter-opt output=path/to/output.tar
-buildctl build ... --exporter=oci > output.tar
+
+#### Local directory
+
+```bash
+buildctl build ... --export-cache type=local,dest=path/to/output-dir
+buildctl build ... --import-cache type=local,src=path/to/input-dir
 ```
 
-### Other
+The directory layout conforms to OCI Image Spec v1.0.
 
-#### View build cache
+#### `--export-cache` options
+-   `type`: `inline`, `registry`, or `local`
+-   `mode=min` (default): only export layers for the resulting image
+-   `mode=max`: export all the layers of all intermediate steps. Not supported for `inline` cache exporter.
+-   `ref=docker.io/user/image:tag`: reference for `registry` cache exporter
+-   `dest=path/to/output-dir`: directory for `local` cache exporter
+-   `oci-mediatypes=true|false`: whether to use OCI mediatypes in exported manifests for `local` and `registry` exporter. Since BuildKit `v0.8` defaults to true.
 
-```
-buildctl du -v
-```
+#### `--import-cache` options
+-   `type`: `registry` or `local`. Use `registry` to import `inline` cache.
+-   `ref=docker.io/user/image:tag`: reference for `registry` cache importer
+-   `src=path/to/input-dir`: directory for `local` cache importer
+-   `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer.
+-   `tag=customtag`: custom tag of image for `local` cache importer.
+    Defaults to the digest of "latest" tag in `index.json` is for digest, not for tag
 
-#### Show enabled workers
+### Consistent hashing
 
-```
-buildctl debug workers -v
-```
+If you have multiple BuildKit daemon instances but you don't want to use registry for sharing cache across the cluster,
+consider client-side load balancing using consistent hashing.
 
-### Running containerized buildkit
+See [`./examples/kubernetes/consistenthash`](./examples/kubernetes/consistenthash).
 
-BuildKit can also be used by running the `buildkitd` daemon inside a Docker container and accessing it remotely. The client tool `buildctl` is also available for Mac and Windows.
+## Metadata
 
-To run daemon in a container:
+To output build metadata such as the image digest, pass the `--metadata-file` flag.
+The metadata will be written as a JSON object to the specified file.
+The directory of the specified file must already exist and be writable.
 
 ```
-docker run -d --privileged -p 1234:1234 tonistiigi/buildkit --addr tcp://0.0.0.0:1234
-export BUILDKIT_HOST=tcp://0.0.0.0:1234
-buildctl build --help
+buildctl build ... --metadata-file metadata.json
+```
+
+```
+{"containerimage.digest": "sha256:ea0cfb27fd41ea0405d3095880c1efa45710f5bcdddb7d7d5a7317ad4825ae14",...}
 ```
 
-The `tonistiigi/buildkit` image can be built locally using the Dockerfile in `./hack/dockerfiles/test.Dockerfile`.
+## Systemd socket activation
 
-### Opentracing support
+On Systemd based systems, you can communicate with the daemon via [Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use `buildkitd --addr fd://`.
+You can find examples of using Systemd socket activation with BuildKit and Systemd in [`./examples/systemd`](./examples/systemd).
+## Expose BuildKit as a TCP service
 
-BuildKit supports opentracing for buildkitd gRPC API and buildctl commands. To capture the trace to [Jaeger](https://github.com/jaegertracing/jaeger), set `JAEGER_TRACE` environment variable to the collection address.
+The `buildkitd` daemon can listen the gRPC API on a TCP socket.
 
+It is highly recommended to create TLS certificates for both the daemon and the client (mTLS).
+Enabling TCP without mTLS is dangerous because the executor containers (aka Dockerfile `RUN` containers) can call BuildKit API as well.
 
+```bash
+buildkitd \
+  --addr tcp://0.0.0.0:1234 \
+  --tlscacert /path/to/ca.pem \
+  --tlscert /path/to/cert.pem \
+  --tlskey /path/to/key.pem
 ```
-docker run -d -p6831:6831/udp -p16686:16686 jaegertracing/all-in-one:latest
-export JAEGER_TRACE=0.0.0.0:6831
-# restart buildkitd and buildctl so they know JAEGER_TRACE
-# any buildctl command should be traced to http://127.0.0.1:16686/
+
+```bash
+buildctl \
+  --addr tcp://example.com:1234 \
+  --tlscacert /path/to/ca.pem \
+  --tlscert /path/to/clientcert.pem \
+  --tlskey /path/to/clientkey.pem \
+  build ...
 ```
 
+### Load balancing
 
-### Supported runc version
+`buildctl build` can be called against randomly load balanced the `buildkitd` daemon.
 
-During development, BuildKit is tested with the version of runc that is being used by the containerd repository. Please refer to [runc.md](https://github.com/containerd/containerd/blob/v1.1.3/RUNC.md) for more information.
+See also [Consistent hashing](#consistenthashing) for client-side load balancing.
 
-### Running BuildKit without root privileges
+## Containerizing BuildKit
 
-Please refer to [`docs/rootless.md`](docs/rootless.md).
+BuildKit can also be used by running the `buildkitd` daemon inside a Docker container and accessing it remotely.
+
+We provide the container images as [`moby/buildkit`](https://hub.docker.com/r/moby/buildkit/tags/):
 
-### Contributing
+-   `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases)
+-   `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md)
+-   `moby/buildkit:master`: built from the master branch
+-   `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md)
 
-Running tests:
+To run daemon in a container:
 
 ```bash
-make test
+docker run -d --name buildkitd --privileged moby/buildkit:latest
+export BUILDKIT_HOST=docker-container://buildkitd
+buildctl build --help
 ```
 
-This runs all unit and integration tests in a containerized environment. Locally, every package can be tested separately with standard Go tools, but integration tests are skipped if local user doesn't have enough permissions or worker binaries are not installed.
+### Podman
+To connect to a BuildKit daemon running in a Podman container, use `podman-container://` instead of `docker-container://` .
 
+```bash
+podman run -d --name buildkitd --privileged moby/buildkit:latest
+buildctl --addr=podman-container://buildkitd build --frontend dockerfile.v0 --local context=. --local dockerfile=. --output type=oci | podman load foo
 ```
-# test a specific package only
-make test TESTPKGS=./client
 
-# run a specific test with all worker combinations
-make test TESTPKGS=./client TESTFLAGS="--run /TestCallDiskUsage -v" 
+`sudo` is not required.
 
-# run all integration tests with a specific worker
-# supported workers: oci, oci-rootless, containerd, containerd-1.0
-make test TESTPKGS=./client TESTFLAGS="--run //worker=containerd -v" 
-```
+### Kubernetes
 
-Updating vendored dependencies:
+For Kubernetes deployments, see [`examples/kubernetes`](./examples/kubernetes).
+
+### Daemonless
+
+To run the client and an ephemeral daemon in a single container ("daemonless mode"):
 
 ```bash
-# update vendor.conf
-make vendor
+docker run \
+    -it \
+    --rm \
+    --privileged \
+    -v /path/to/dir:/tmp/work \
+    --entrypoint buildctl-daemonless.sh \
+    moby/buildkit:master \
+        build \
+        --frontend dockerfile.v0 \
+        --local context=/tmp/work \
+        --local dockerfile=/tmp/work
 ```
 
-Validating your updates before submission:
+or
+
+```bash
+docker run \
+    -it \
+    --rm \
+    --security-opt seccomp=unconfined \
+    --security-opt apparmor=unconfined \
+    -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \
+    -v /path/to/dir:/tmp/work \
+    --entrypoint buildctl-daemonless.sh \
+    moby/buildkit:master-rootless \
+        build \
+        --frontend \
+        dockerfile.v0 \
+        --local context=/tmp/work \
+        --local dockerfile=/tmp/work
+```
+
+## Opentracing support
+
+BuildKit supports opentracing for buildkitd gRPC API and buildctl commands. To capture the trace to [Jaeger](https://github.com/jaegertracing/jaeger), set `JAEGER_TRACE` environment variable to the collection address.
 
 ```bash
-make validate-all
+docker run -d -p6831:6831/udp -p16686:16686 jaegertracing/all-in-one:latest
+export JAEGER_TRACE=0.0.0.0:6831
+# restart buildkitd and buildctl so they know JAEGER_TRACE
+# any buildctl command should be traced to http://127.0.0.1:16686/
 ```
+
+## Running BuildKit without root privileges
+
+Please refer to [`docs/rootless.md`](docs/rootless.md).
+
+## Building multi-platform images
+
+See [`docker buildx` documentation](https://github.com/docker/buildx#building-multi-platform-images)
+
+## Contributing
+
+Want to contribute to BuildKit? Awesome! You can find information about contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
+
diff --git a/vendor/github.com/moby/buildkit/api/services/control/control.pb.go b/vendor/github.com/moby/buildkit/api/services/control/control.pb.go
index a5bfa63dce3c0..d020e8df77abd 100644
--- a/vendor/github.com/moby/buildkit/api/services/control/control.pb.go
+++ b/vendor/github.com/moby/buildkit/api/services/control/control.pb.go
@@ -1,49 +1,27 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: control.proto
 
-/*
-	Package moby_buildkit_v1 is a generated protocol buffer package.
-
-	It is generated from these files:
-		control.proto
-
-	It has these top-level messages:
-		PruneRequest
-		DiskUsageRequest
-		DiskUsageResponse
-		UsageRecord
-		SolveRequest
-		CacheOptions
-		SolveResponse
-		StatusRequest
-		StatusResponse
-		Vertex
-		VertexStatus
-		VertexLog
-		BytesMessage
-		ListWorkersRequest
-		ListWorkersResponse
-*/
 package moby_buildkit_v1
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import _ "github.com/golang/protobuf/ptypes/timestamp"
-import pb "github.com/moby/buildkit/solver/pb"
-import moby_buildkit_v1_types "github.com/moby/buildkit/api/types"
-
-import time "time"
-import github_com_moby_buildkit_util_entitlements "github.com/moby/buildkit/util/entitlements"
-import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import types "github.com/gogo/protobuf/types"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
+	_ "github.com/golang/protobuf/ptypes/timestamp"
+	types "github.com/moby/buildkit/api/types"
+	pb "github.com/moby/buildkit/solver/pb"
+	github_com_moby_buildkit_util_entitlements "github.com/moby/buildkit/util/entitlements"
+	github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	time "time"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -55,19 +33,50 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type PruneRequest struct {
-	Filter       []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`
-	All          bool     `protobuf:"varint,2,opt,name=all,proto3" json:"all,omitempty"`
-	KeepDuration int64    `protobuf:"varint,3,opt,name=keepDuration,proto3" json:"keepDuration,omitempty"`
-	KeepBytes    int64    `protobuf:"varint,4,opt,name=keepBytes,proto3" json:"keepBytes,omitempty"`
+	Filter               []string `protobuf:"bytes,1,rep,name=filter,proto3" json:"filter,omitempty"`
+	All                  bool     `protobuf:"varint,2,opt,name=all,proto3" json:"all,omitempty"`
+	KeepDuration         int64    `protobuf:"varint,3,opt,name=keepDuration,proto3" json:"keepDuration,omitempty"`
+	KeepBytes            int64    `protobuf:"varint,4,opt,name=keepBytes,proto3" json:"keepBytes,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PruneRequest) Reset()         { *m = PruneRequest{} }
+func (m *PruneRequest) String() string { return proto.CompactTextString(m) }
+func (*PruneRequest) ProtoMessage()    {}
+func (*PruneRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{0}
+}
+func (m *PruneRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PruneRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PruneRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PruneRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PruneRequest.Merge(m, src)
+}
+func (m *PruneRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *PruneRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PruneRequest.DiscardUnknown(m)
 }
 
-func (m *PruneRequest) Reset()                    { *m = PruneRequest{} }
-func (m *PruneRequest) String() string            { return proto.CompactTextString(m) }
-func (*PruneRequest) ProtoMessage()               {}
-func (*PruneRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{0} }
+var xxx_messageInfo_PruneRequest proto.InternalMessageInfo
 
 func (m *PruneRequest) GetFilter() []string {
 	if m != nil {
@@ -98,13 +107,44 @@ func (m *PruneRequest) GetKeepBytes() int64 {
 }
 
 type DiskUsageRequest struct {
-	Filter []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`
+	Filter               []string `protobuf:"bytes,1,rep,name=filter,proto3" json:"filter,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DiskUsageRequest) Reset()         { *m = DiskUsageRequest{} }
+func (m *DiskUsageRequest) String() string { return proto.CompactTextString(m) }
+func (*DiskUsageRequest) ProtoMessage()    {}
+func (*DiskUsageRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{1}
+}
+func (m *DiskUsageRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DiskUsageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DiskUsageRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DiskUsageRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DiskUsageRequest.Merge(m, src)
+}
+func (m *DiskUsageRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *DiskUsageRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DiskUsageRequest.DiscardUnknown(m)
 }
 
-func (m *DiskUsageRequest) Reset()                    { *m = DiskUsageRequest{} }
-func (m *DiskUsageRequest) String() string            { return proto.CompactTextString(m) }
-func (*DiskUsageRequest) ProtoMessage()               {}
-func (*DiskUsageRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{1} }
+var xxx_messageInfo_DiskUsageRequest proto.InternalMessageInfo
 
 func (m *DiskUsageRequest) GetFilter() []string {
 	if m != nil {
@@ -114,13 +154,44 @@ func (m *DiskUsageRequest) GetFilter() []string {
 }
 
 type DiskUsageResponse struct {
-	Record []*UsageRecord `protobuf:"bytes,1,rep,name=record" json:"record,omitempty"`
+	Record               []*UsageRecord `protobuf:"bytes,1,rep,name=record,proto3" json:"record,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *DiskUsageResponse) Reset()         { *m = DiskUsageResponse{} }
+func (m *DiskUsageResponse) String() string { return proto.CompactTextString(m) }
+func (*DiskUsageResponse) ProtoMessage()    {}
+func (*DiskUsageResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{2}
+}
+func (m *DiskUsageResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DiskUsageResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DiskUsageResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *DiskUsageResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DiskUsageResponse.Merge(m, src)
+}
+func (m *DiskUsageResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *DiskUsageResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_DiskUsageResponse.DiscardUnknown(m)
 }
 
-func (m *DiskUsageResponse) Reset()                    { *m = DiskUsageResponse{} }
-func (m *DiskUsageResponse) String() string            { return proto.CompactTextString(m) }
-func (*DiskUsageResponse) ProtoMessage()               {}
-func (*DiskUsageResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{2} }
+var xxx_messageInfo_DiskUsageResponse proto.InternalMessageInfo
 
 func (m *DiskUsageResponse) GetRecord() []*UsageRecord {
 	if m != nil {
@@ -130,23 +201,54 @@ func (m *DiskUsageResponse) GetRecord() []*UsageRecord {
 }
 
 type UsageRecord struct {
-	ID          string     `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
-	Mutable     bool       `protobuf:"varint,2,opt,name=Mutable,proto3" json:"Mutable,omitempty"`
-	InUse       bool       `protobuf:"varint,3,opt,name=InUse,proto3" json:"InUse,omitempty"`
-	Size_       int64      `protobuf:"varint,4,opt,name=Size,proto3" json:"Size,omitempty"`
-	Parent      string     `protobuf:"bytes,5,opt,name=Parent,proto3" json:"Parent,omitempty"`
-	CreatedAt   time.Time  `protobuf:"bytes,6,opt,name=CreatedAt,stdtime" json:"CreatedAt"`
-	LastUsedAt  *time.Time `protobuf:"bytes,7,opt,name=LastUsedAt,stdtime" json:"LastUsedAt,omitempty"`
-	UsageCount  int64      `protobuf:"varint,8,opt,name=UsageCount,proto3" json:"UsageCount,omitempty"`
-	Description string     `protobuf:"bytes,9,opt,name=Description,proto3" json:"Description,omitempty"`
-	RecordType  string     `protobuf:"bytes,10,opt,name=RecordType,proto3" json:"RecordType,omitempty"`
-	Shared      bool       `protobuf:"varint,11,opt,name=Shared,proto3" json:"Shared,omitempty"`
-}
-
-func (m *UsageRecord) Reset()                    { *m = UsageRecord{} }
-func (m *UsageRecord) String() string            { return proto.CompactTextString(m) }
-func (*UsageRecord) ProtoMessage()               {}
-func (*UsageRecord) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{3} }
+	ID                   string     `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
+	Mutable              bool       `protobuf:"varint,2,opt,name=Mutable,proto3" json:"Mutable,omitempty"`
+	InUse                bool       `protobuf:"varint,3,opt,name=InUse,proto3" json:"InUse,omitempty"`
+	Size_                int64      `protobuf:"varint,4,opt,name=Size,proto3" json:"Size,omitempty"`
+	Parent               string     `protobuf:"bytes,5,opt,name=Parent,proto3" json:"Parent,omitempty"`
+	CreatedAt            time.Time  `protobuf:"bytes,6,opt,name=CreatedAt,proto3,stdtime" json:"CreatedAt"`
+	LastUsedAt           *time.Time `protobuf:"bytes,7,opt,name=LastUsedAt,proto3,stdtime" json:"LastUsedAt,omitempty"`
+	UsageCount           int64      `protobuf:"varint,8,opt,name=UsageCount,proto3" json:"UsageCount,omitempty"`
+	Description          string     `protobuf:"bytes,9,opt,name=Description,proto3" json:"Description,omitempty"`
+	RecordType           string     `protobuf:"bytes,10,opt,name=RecordType,proto3" json:"RecordType,omitempty"`
+	Shared               bool       `protobuf:"varint,11,opt,name=Shared,proto3" json:"Shared,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *UsageRecord) Reset()         { *m = UsageRecord{} }
+func (m *UsageRecord) String() string { return proto.CompactTextString(m) }
+func (*UsageRecord) ProtoMessage()    {}
+func (*UsageRecord) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{3}
+}
+func (m *UsageRecord) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *UsageRecord) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_UsageRecord.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *UsageRecord) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UsageRecord.Merge(m, src)
+}
+func (m *UsageRecord) XXX_Size() int {
+	return m.Size()
+}
+func (m *UsageRecord) XXX_DiscardUnknown() {
+	xxx_messageInfo_UsageRecord.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UsageRecord proto.InternalMessageInfo
 
 func (m *UsageRecord) GetID() string {
 	if m != nil {
@@ -226,21 +328,53 @@ func (m *UsageRecord) GetShared() bool {
 }
 
 type SolveRequest struct {
-	Ref           string                                                   `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
-	Definition    *pb.Definition                                           `protobuf:"bytes,2,opt,name=Definition" json:"Definition,omitempty"`
-	Exporter      string                                                   `protobuf:"bytes,3,opt,name=Exporter,proto3" json:"Exporter,omitempty"`
-	ExporterAttrs map[string]string                                        `protobuf:"bytes,4,rep,name=ExporterAttrs" json:"ExporterAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	Session       string                                                   `protobuf:"bytes,5,opt,name=Session,proto3" json:"Session,omitempty"`
-	Frontend      string                                                   `protobuf:"bytes,6,opt,name=Frontend,proto3" json:"Frontend,omitempty"`
-	FrontendAttrs map[string]string                                        `protobuf:"bytes,7,rep,name=FrontendAttrs" json:"FrontendAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	Cache         CacheOptions                                             `protobuf:"bytes,8,opt,name=Cache" json:"Cache"`
-	Entitlements  []github_com_moby_buildkit_util_entitlements.Entitlement `protobuf:"bytes,9,rep,name=Entitlements,customtype=github.com/moby/buildkit/util/entitlements.Entitlement" json:"Entitlements,omitempty"`
-}
-
-func (m *SolveRequest) Reset()                    { *m = SolveRequest{} }
-func (m *SolveRequest) String() string            { return proto.CompactTextString(m) }
-func (*SolveRequest) ProtoMessage()               {}
-func (*SolveRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{4} }
+	Ref                  string                                                   `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
+	Definition           *pb.Definition                                           `protobuf:"bytes,2,opt,name=Definition,proto3" json:"Definition,omitempty"`
+	Exporter             string                                                   `protobuf:"bytes,3,opt,name=Exporter,proto3" json:"Exporter,omitempty"`
+	ExporterAttrs        map[string]string                                        `protobuf:"bytes,4,rep,name=ExporterAttrs,proto3" json:"ExporterAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Session              string                                                   `protobuf:"bytes,5,opt,name=Session,proto3" json:"Session,omitempty"`
+	Frontend             string                                                   `protobuf:"bytes,6,opt,name=Frontend,proto3" json:"Frontend,omitempty"`
+	FrontendAttrs        map[string]string                                        `protobuf:"bytes,7,rep,name=FrontendAttrs,proto3" json:"FrontendAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Cache                CacheOptions                                             `protobuf:"bytes,8,opt,name=Cache,proto3" json:"Cache"`
+	Entitlements         []github_com_moby_buildkit_util_entitlements.Entitlement `protobuf:"bytes,9,rep,name=Entitlements,proto3,customtype=github.com/moby/buildkit/util/entitlements.Entitlement" json:"Entitlements,omitempty"`
+	FrontendInputs       map[string]*pb.Definition                                `protobuf:"bytes,10,rep,name=FrontendInputs,proto3" json:"FrontendInputs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}                                                 `json:"-"`
+	XXX_unrecognized     []byte                                                   `json:"-"`
+	XXX_sizecache        int32                                                    `json:"-"`
+}
+
+func (m *SolveRequest) Reset()         { *m = SolveRequest{} }
+func (m *SolveRequest) String() string { return proto.CompactTextString(m) }
+func (*SolveRequest) ProtoMessage()    {}
+func (*SolveRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{4}
+}
+func (m *SolveRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SolveRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SolveRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SolveRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SolveRequest.Merge(m, src)
+}
+func (m *SolveRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *SolveRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_SolveRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SolveRequest proto.InternalMessageInfo
 
 func (m *SolveRequest) GetRef() string {
 	if m != nil {
@@ -298,46 +432,201 @@ func (m *SolveRequest) GetCache() CacheOptions {
 	return CacheOptions{}
 }
 
+func (m *SolveRequest) GetFrontendInputs() map[string]*pb.Definition {
+	if m != nil {
+		return m.FrontendInputs
+	}
+	return nil
+}
+
 type CacheOptions struct {
-	ExportRef   string            `protobuf:"bytes,1,opt,name=ExportRef,proto3" json:"ExportRef,omitempty"`
-	ImportRefs  []string          `protobuf:"bytes,2,rep,name=ImportRefs" json:"ImportRefs,omitempty"`
-	ExportAttrs map[string]string `protobuf:"bytes,3,rep,name=ExportAttrs" json:"ExportAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// ExportRefDeprecated is deprecated in favor or the new Exports since BuildKit v0.4.0.
+	// When ExportRefDeprecated is set, the solver appends
+	// {.Type = "registry", .Attrs = ExportAttrs.add("ref", ExportRef)}
+	// to Exports for compatibility. (planned to be removed)
+	ExportRefDeprecated string `protobuf:"bytes,1,opt,name=ExportRefDeprecated,proto3" json:"ExportRefDeprecated,omitempty"`
+	// ImportRefsDeprecated is deprecated in favor or the new Imports since BuildKit v0.4.0.
+	// When ImportRefsDeprecated is set, the solver appends
+	// {.Type = "registry", .Attrs = {"ref": importRef}}
+	// for each of the ImportRefs entry to Imports for compatibility. (planned to be removed)
+	ImportRefsDeprecated []string `protobuf:"bytes,2,rep,name=ImportRefsDeprecated,proto3" json:"ImportRefsDeprecated,omitempty"`
+	// ExportAttrsDeprecated is deprecated since BuildKit v0.4.0.
+	// See the description of ExportRefDeprecated.
+	ExportAttrsDeprecated map[string]string `protobuf:"bytes,3,rep,name=ExportAttrsDeprecated,proto3" json:"ExportAttrsDeprecated,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// Exports was introduced in BuildKit v0.4.0.
+	Exports []*CacheOptionsEntry `protobuf:"bytes,4,rep,name=Exports,proto3" json:"Exports,omitempty"`
+	// Imports was introduced in BuildKit v0.4.0.
+	Imports              []*CacheOptionsEntry `protobuf:"bytes,5,rep,name=Imports,proto3" json:"Imports,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
+	XXX_unrecognized     []byte               `json:"-"`
+	XXX_sizecache        int32                `json:"-"`
+}
+
+func (m *CacheOptions) Reset()         { *m = CacheOptions{} }
+func (m *CacheOptions) String() string { return proto.CompactTextString(m) }
+func (*CacheOptions) ProtoMessage()    {}
+func (*CacheOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{5}
+}
+func (m *CacheOptions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CacheOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CacheOptions.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CacheOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CacheOptions.Merge(m, src)
+}
+func (m *CacheOptions) XXX_Size() int {
+	return m.Size()
+}
+func (m *CacheOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_CacheOptions.DiscardUnknown(m)
 }
 
-func (m *CacheOptions) Reset()                    { *m = CacheOptions{} }
-func (m *CacheOptions) String() string            { return proto.CompactTextString(m) }
-func (*CacheOptions) ProtoMessage()               {}
-func (*CacheOptions) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{5} }
+var xxx_messageInfo_CacheOptions proto.InternalMessageInfo
 
-func (m *CacheOptions) GetExportRef() string {
+func (m *CacheOptions) GetExportRefDeprecated() string {
 	if m != nil {
-		return m.ExportRef
+		return m.ExportRefDeprecated
 	}
 	return ""
 }
 
-func (m *CacheOptions) GetImportRefs() []string {
+func (m *CacheOptions) GetImportRefsDeprecated() []string {
+	if m != nil {
+		return m.ImportRefsDeprecated
+	}
+	return nil
+}
+
+func (m *CacheOptions) GetExportAttrsDeprecated() map[string]string {
+	if m != nil {
+		return m.ExportAttrsDeprecated
+	}
+	return nil
+}
+
+func (m *CacheOptions) GetExports() []*CacheOptionsEntry {
+	if m != nil {
+		return m.Exports
+	}
+	return nil
+}
+
+func (m *CacheOptions) GetImports() []*CacheOptionsEntry {
 	if m != nil {
-		return m.ImportRefs
+		return m.Imports
 	}
 	return nil
 }
 
-func (m *CacheOptions) GetExportAttrs() map[string]string {
+type CacheOptionsEntry struct {
+	// Type is like "registry" or "local"
+	Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"Type,omitempty"`
+	// Attrs are like mode=(min,max), ref=example.com:5000/foo/bar .
+	// See cache importer/exporter implementations' documentation.
+	Attrs                map[string]string `protobuf:"bytes,2,rep,name=Attrs,proto3" json:"Attrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *CacheOptionsEntry) Reset()         { *m = CacheOptionsEntry{} }
+func (m *CacheOptionsEntry) String() string { return proto.CompactTextString(m) }
+func (*CacheOptionsEntry) ProtoMessage()    {}
+func (*CacheOptionsEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{6}
+}
+func (m *CacheOptionsEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CacheOptionsEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CacheOptionsEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CacheOptionsEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CacheOptionsEntry.Merge(m, src)
+}
+func (m *CacheOptionsEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *CacheOptionsEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_CacheOptionsEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CacheOptionsEntry proto.InternalMessageInfo
+
+func (m *CacheOptionsEntry) GetType() string {
+	if m != nil {
+		return m.Type
+	}
+	return ""
+}
+
+func (m *CacheOptionsEntry) GetAttrs() map[string]string {
 	if m != nil {
-		return m.ExportAttrs
+		return m.Attrs
 	}
 	return nil
 }
 
 type SolveResponse struct {
-	ExporterResponse map[string]string `protobuf:"bytes,1,rep,name=ExporterResponse" json:"ExporterResponse,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	ExporterResponse     map[string]string `protobuf:"bytes,1,rep,name=ExporterResponse,proto3" json:"ExporterResponse,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *SolveResponse) Reset()         { *m = SolveResponse{} }
+func (m *SolveResponse) String() string { return proto.CompactTextString(m) }
+func (*SolveResponse) ProtoMessage()    {}
+func (*SolveResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{7}
+}
+func (m *SolveResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SolveResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SolveResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SolveResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SolveResponse.Merge(m, src)
+}
+func (m *SolveResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *SolveResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_SolveResponse.DiscardUnknown(m)
 }
 
-func (m *SolveResponse) Reset()                    { *m = SolveResponse{} }
-func (m *SolveResponse) String() string            { return proto.CompactTextString(m) }
-func (*SolveResponse) ProtoMessage()               {}
-func (*SolveResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{6} }
+var xxx_messageInfo_SolveResponse proto.InternalMessageInfo
 
 func (m *SolveResponse) GetExporterResponse() map[string]string {
 	if m != nil {
@@ -347,13 +636,44 @@ func (m *SolveResponse) GetExporterResponse() map[string]string {
 }
 
 type StatusRequest struct {
-	Ref string `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
+	Ref                  string   `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StatusRequest) Reset()         { *m = StatusRequest{} }
+func (m *StatusRequest) String() string { return proto.CompactTextString(m) }
+func (*StatusRequest) ProtoMessage()    {}
+func (*StatusRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{8}
+}
+func (m *StatusRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StatusRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StatusRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StatusRequest.Merge(m, src)
+}
+func (m *StatusRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *StatusRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_StatusRequest.DiscardUnknown(m)
 }
 
-func (m *StatusRequest) Reset()                    { *m = StatusRequest{} }
-func (m *StatusRequest) String() string            { return proto.CompactTextString(m) }
-func (*StatusRequest) ProtoMessage()               {}
-func (*StatusRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{7} }
+var xxx_messageInfo_StatusRequest proto.InternalMessageInfo
 
 func (m *StatusRequest) GetRef() string {
 	if m != nil {
@@ -363,15 +683,46 @@ func (m *StatusRequest) GetRef() string {
 }
 
 type StatusResponse struct {
-	Vertexes []*Vertex       `protobuf:"bytes,1,rep,name=vertexes" json:"vertexes,omitempty"`
-	Statuses []*VertexStatus `protobuf:"bytes,2,rep,name=statuses" json:"statuses,omitempty"`
-	Logs     []*VertexLog    `protobuf:"bytes,3,rep,name=logs" json:"logs,omitempty"`
+	Vertexes             []*Vertex       `protobuf:"bytes,1,rep,name=vertexes,proto3" json:"vertexes,omitempty"`
+	Statuses             []*VertexStatus `protobuf:"bytes,2,rep,name=statuses,proto3" json:"statuses,omitempty"`
+	Logs                 []*VertexLog    `protobuf:"bytes,3,rep,name=logs,proto3" json:"logs,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *StatusResponse) Reset()         { *m = StatusResponse{} }
+func (m *StatusResponse) String() string { return proto.CompactTextString(m) }
+func (*StatusResponse) ProtoMessage()    {}
+func (*StatusResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{9}
+}
+func (m *StatusResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StatusResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StatusResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StatusResponse.Merge(m, src)
+}
+func (m *StatusResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *StatusResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_StatusResponse.DiscardUnknown(m)
 }
 
-func (m *StatusResponse) Reset()                    { *m = StatusResponse{} }
-func (m *StatusResponse) String() string            { return proto.CompactTextString(m) }
-func (*StatusResponse) ProtoMessage()               {}
-func (*StatusResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{8} }
+var xxx_messageInfo_StatusResponse proto.InternalMessageInfo
 
 func (m *StatusResponse) GetVertexes() []*Vertex {
 	if m != nil {
@@ -395,19 +746,50 @@ func (m *StatusResponse) GetLogs() []*VertexLog {
 }
 
 type Vertex struct {
-	Digest    github_com_opencontainers_go_digest.Digest   `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
-	Inputs    []github_com_opencontainers_go_digest.Digest `protobuf:"bytes,2,rep,name=inputs,customtype=github.com/opencontainers/go-digest.Digest" json:"inputs"`
-	Name      string                                       `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
-	Cached    bool                                         `protobuf:"varint,4,opt,name=cached,proto3" json:"cached,omitempty"`
-	Started   *time.Time                                   `protobuf:"bytes,5,opt,name=started,stdtime" json:"started,omitempty"`
-	Completed *time.Time                                   `protobuf:"bytes,6,opt,name=completed,stdtime" json:"completed,omitempty"`
-	Error     string                                       `protobuf:"bytes,7,opt,name=error,proto3" json:"error,omitempty"`
+	Digest               github_com_opencontainers_go_digest.Digest   `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	Inputs               []github_com_opencontainers_go_digest.Digest `protobuf:"bytes,2,rep,name=inputs,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"inputs"`
+	Name                 string                                       `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+	Cached               bool                                         `protobuf:"varint,4,opt,name=cached,proto3" json:"cached,omitempty"`
+	Started              *time.Time                                   `protobuf:"bytes,5,opt,name=started,proto3,stdtime" json:"started,omitempty"`
+	Completed            *time.Time                                   `protobuf:"bytes,6,opt,name=completed,proto3,stdtime" json:"completed,omitempty"`
+	Error                string                                       `protobuf:"bytes,7,opt,name=error,proto3" json:"error,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                                     `json:"-"`
+	XXX_unrecognized     []byte                                       `json:"-"`
+	XXX_sizecache        int32                                        `json:"-"`
+}
+
+func (m *Vertex) Reset()         { *m = Vertex{} }
+func (m *Vertex) String() string { return proto.CompactTextString(m) }
+func (*Vertex) ProtoMessage()    {}
+func (*Vertex) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{10}
+}
+func (m *Vertex) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Vertex) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Vertex.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Vertex) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Vertex.Merge(m, src)
+}
+func (m *Vertex) XXX_Size() int {
+	return m.Size()
+}
+func (m *Vertex) XXX_DiscardUnknown() {
+	xxx_messageInfo_Vertex.DiscardUnknown(m)
 }
 
-func (m *Vertex) Reset()                    { *m = Vertex{} }
-func (m *Vertex) String() string            { return proto.CompactTextString(m) }
-func (*Vertex) ProtoMessage()               {}
-func (*Vertex) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{9} }
+var xxx_messageInfo_Vertex proto.InternalMessageInfo
 
 func (m *Vertex) GetName() string {
 	if m != nil {
@@ -451,15 +833,46 @@ type VertexStatus struct {
 	Current int64                                      `protobuf:"varint,4,opt,name=current,proto3" json:"current,omitempty"`
 	Total   int64                                      `protobuf:"varint,5,opt,name=total,proto3" json:"total,omitempty"`
 	// TODO: add started, completed
-	Timestamp time.Time  `protobuf:"bytes,6,opt,name=timestamp,stdtime" json:"timestamp"`
-	Started   *time.Time `protobuf:"bytes,7,opt,name=started,stdtime" json:"started,omitempty"`
-	Completed *time.Time `protobuf:"bytes,8,opt,name=completed,stdtime" json:"completed,omitempty"`
+	Timestamp            time.Time  `protobuf:"bytes,6,opt,name=timestamp,proto3,stdtime" json:"timestamp"`
+	Started              *time.Time `protobuf:"bytes,7,opt,name=started,proto3,stdtime" json:"started,omitempty"`
+	Completed            *time.Time `protobuf:"bytes,8,opt,name=completed,proto3,stdtime" json:"completed,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *VertexStatus) Reset()         { *m = VertexStatus{} }
+func (m *VertexStatus) String() string { return proto.CompactTextString(m) }
+func (*VertexStatus) ProtoMessage()    {}
+func (*VertexStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{11}
+}
+func (m *VertexStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *VertexStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_VertexStatus.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *VertexStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_VertexStatus.Merge(m, src)
+}
+func (m *VertexStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *VertexStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_VertexStatus.DiscardUnknown(m)
 }
 
-func (m *VertexStatus) Reset()                    { *m = VertexStatus{} }
-func (m *VertexStatus) String() string            { return proto.CompactTextString(m) }
-func (*VertexStatus) ProtoMessage()               {}
-func (*VertexStatus) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{10} }
+var xxx_messageInfo_VertexStatus proto.InternalMessageInfo
 
 func (m *VertexStatus) GetID() string {
 	if m != nil {
@@ -511,16 +924,47 @@ func (m *VertexStatus) GetCompleted() *time.Time {
 }
 
 type VertexLog struct {
-	Vertex    github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=vertex,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"vertex"`
-	Timestamp time.Time                                  `protobuf:"bytes,2,opt,name=timestamp,stdtime" json:"timestamp"`
-	Stream    int64                                      `protobuf:"varint,3,opt,name=stream,proto3" json:"stream,omitempty"`
-	Msg       []byte                                     `protobuf:"bytes,4,opt,name=msg,proto3" json:"msg,omitempty"`
+	Vertex               github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=vertex,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"vertex"`
+	Timestamp            time.Time                                  `protobuf:"bytes,2,opt,name=timestamp,proto3,stdtime" json:"timestamp"`
+	Stream               int64                                      `protobuf:"varint,3,opt,name=stream,proto3" json:"stream,omitempty"`
+	Msg                  []byte                                     `protobuf:"bytes,4,opt,name=msg,proto3" json:"msg,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
+}
+
+func (m *VertexLog) Reset()         { *m = VertexLog{} }
+func (m *VertexLog) String() string { return proto.CompactTextString(m) }
+func (*VertexLog) ProtoMessage()    {}
+func (*VertexLog) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{12}
+}
+func (m *VertexLog) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *VertexLog) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_VertexLog.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *VertexLog) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_VertexLog.Merge(m, src)
+}
+func (m *VertexLog) XXX_Size() int {
+	return m.Size()
+}
+func (m *VertexLog) XXX_DiscardUnknown() {
+	xxx_messageInfo_VertexLog.DiscardUnknown(m)
 }
 
-func (m *VertexLog) Reset()                    { *m = VertexLog{} }
-func (m *VertexLog) String() string            { return proto.CompactTextString(m) }
-func (*VertexLog) ProtoMessage()               {}
-func (*VertexLog) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{11} }
+var xxx_messageInfo_VertexLog proto.InternalMessageInfo
 
 func (m *VertexLog) GetTimestamp() time.Time {
 	if m != nil {
@@ -544,13 +988,44 @@ func (m *VertexLog) GetMsg() []byte {
 }
 
 type BytesMessage struct {
-	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
+	Data                 []byte   `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *BytesMessage) Reset()         { *m = BytesMessage{} }
+func (m *BytesMessage) String() string { return proto.CompactTextString(m) }
+func (*BytesMessage) ProtoMessage()    {}
+func (*BytesMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{13}
+}
+func (m *BytesMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BytesMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BytesMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BytesMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BytesMessage.Merge(m, src)
+}
+func (m *BytesMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *BytesMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_BytesMessage.DiscardUnknown(m)
 }
 
-func (m *BytesMessage) Reset()                    { *m = BytesMessage{} }
-func (m *BytesMessage) String() string            { return proto.CompactTextString(m) }
-func (*BytesMessage) ProtoMessage()               {}
-func (*BytesMessage) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{12} }
+var xxx_messageInfo_BytesMessage proto.InternalMessageInfo
 
 func (m *BytesMessage) GetData() []byte {
 	if m != nil {
@@ -560,13 +1035,44 @@ func (m *BytesMessage) GetData() []byte {
 }
 
 type ListWorkersRequest struct {
-	Filter []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`
+	Filter               []string `protobuf:"bytes,1,rep,name=filter,proto3" json:"filter,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListWorkersRequest) Reset()         { *m = ListWorkersRequest{} }
+func (m *ListWorkersRequest) String() string { return proto.CompactTextString(m) }
+func (*ListWorkersRequest) ProtoMessage()    {}
+func (*ListWorkersRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{14}
+}
+func (m *ListWorkersRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListWorkersRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListWorkersRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListWorkersRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListWorkersRequest.Merge(m, src)
+}
+func (m *ListWorkersRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListWorkersRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListWorkersRequest.DiscardUnknown(m)
 }
 
-func (m *ListWorkersRequest) Reset()                    { *m = ListWorkersRequest{} }
-func (m *ListWorkersRequest) String() string            { return proto.CompactTextString(m) }
-func (*ListWorkersRequest) ProtoMessage()               {}
-func (*ListWorkersRequest) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{13} }
+var xxx_messageInfo_ListWorkersRequest proto.InternalMessageInfo
 
 func (m *ListWorkersRequest) GetFilter() []string {
 	if m != nil {
@@ -576,15 +1082,46 @@ func (m *ListWorkersRequest) GetFilter() []string {
 }
 
 type ListWorkersResponse struct {
-	Record []*moby_buildkit_v1_types.WorkerRecord `protobuf:"bytes,1,rep,name=record" json:"record,omitempty"`
+	Record               []*types.WorkerRecord `protobuf:"bytes,1,rep,name=record,proto3" json:"record,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
+	XXX_unrecognized     []byte                `json:"-"`
+	XXX_sizecache        int32                 `json:"-"`
+}
+
+func (m *ListWorkersResponse) Reset()         { *m = ListWorkersResponse{} }
+func (m *ListWorkersResponse) String() string { return proto.CompactTextString(m) }
+func (*ListWorkersResponse) ProtoMessage()    {}
+func (*ListWorkersResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0c5120591600887d, []int{15}
+}
+func (m *ListWorkersResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ListWorkersResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ListWorkersResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ListWorkersResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListWorkersResponse.Merge(m, src)
+}
+func (m *ListWorkersResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ListWorkersResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListWorkersResponse.DiscardUnknown(m)
 }
 
-func (m *ListWorkersResponse) Reset()                    { *m = ListWorkersResponse{} }
-func (m *ListWorkersResponse) String() string            { return proto.CompactTextString(m) }
-func (*ListWorkersResponse) ProtoMessage()               {}
-func (*ListWorkersResponse) Descriptor() ([]byte, []int) { return fileDescriptorControl, []int{14} }
+var xxx_messageInfo_ListWorkersResponse proto.InternalMessageInfo
 
-func (m *ListWorkersResponse) GetRecord() []*moby_buildkit_v1_types.WorkerRecord {
+func (m *ListWorkersResponse) GetRecord() []*types.WorkerRecord {
 	if m != nil {
 		return m.Record
 	}
@@ -597,8 +1134,15 @@ func init() {
 	proto.RegisterType((*DiskUsageResponse)(nil), "moby.buildkit.v1.DiskUsageResponse")
 	proto.RegisterType((*UsageRecord)(nil), "moby.buildkit.v1.UsageRecord")
 	proto.RegisterType((*SolveRequest)(nil), "moby.buildkit.v1.SolveRequest")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.SolveRequest.ExporterAttrsEntry")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.SolveRequest.FrontendAttrsEntry")
+	proto.RegisterMapType((map[string]*pb.Definition)(nil), "moby.buildkit.v1.SolveRequest.FrontendInputsEntry")
 	proto.RegisterType((*CacheOptions)(nil), "moby.buildkit.v1.CacheOptions")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.CacheOptions.ExportAttrsDeprecatedEntry")
+	proto.RegisterType((*CacheOptionsEntry)(nil), "moby.buildkit.v1.CacheOptionsEntry")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.CacheOptionsEntry.AttrsEntry")
 	proto.RegisterType((*SolveResponse)(nil), "moby.buildkit.v1.SolveResponse")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.SolveResponse.ExporterResponseEntry")
 	proto.RegisterType((*StatusRequest)(nil), "moby.buildkit.v1.StatusRequest")
 	proto.RegisterType((*StatusResponse)(nil), "moby.buildkit.v1.StatusResponse")
 	proto.RegisterType((*Vertex)(nil), "moby.buildkit.v1.Vertex")
@@ -609,6 +1153,100 @@ func init() {
 	proto.RegisterType((*ListWorkersResponse)(nil), "moby.buildkit.v1.ListWorkersResponse")
 }
 
+func init() { proto.RegisterFile("control.proto", fileDescriptor_0c5120591600887d) }
+
+var fileDescriptor_0c5120591600887d = []byte{
+	// 1397 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0x4d, 0x6f, 0x1b, 0xc5,
+	0x1b, 0xef, 0xda, 0xf1, 0xdb, 0x63, 0x27, 0x4a, 0xa7, 0xfd, 0x57, 0xab, 0xfd, 0x8b, 0xc4, 0x6c,
+	0x8b, 0x64, 0x55, 0xed, 0x3a, 0x35, 0x14, 0x95, 0x08, 0x50, 0xeb, 0xb8, 0xa8, 0xa9, 0x1a, 0x51,
+	0x36, 0x2d, 0x95, 0x7a, 0x40, 0x5a, 0xdb, 0x13, 0x77, 0x95, 0xf5, 0xce, 0x32, 0x33, 0x1b, 0x6a,
+	0x3e, 0x00, 0x67, 0xbe, 0x03, 0x07, 0x4e, 0x9c, 0x38, 0xf0, 0x09, 0x90, 0x7a, 0xe4, 0xdc, 0x43,
+	0x40, 0xb9, 0xc3, 0x9d, 0x1b, 0x9a, 0x97, 0x75, 0xc6, 0xb1, 0x9d, 0xc4, 0xe9, 0xc9, 0xf3, 0x8c,
+	0x9f, 0xdf, 0x6f, 0x9f, 0xd7, 0x99, 0x79, 0x60, 0xb9, 0x47, 0x62, 0x4e, 0x49, 0xe4, 0x25, 0x94,
+	0x70, 0x82, 0x56, 0x87, 0xa4, 0x3b, 0xf2, 0xba, 0x69, 0x18, 0xf5, 0xf7, 0x43, 0xee, 0x1d, 0xdc,
+	0x71, 0x6e, 0x0f, 0x42, 0xfe, 0x2a, 0xed, 0x7a, 0x3d, 0x32, 0x6c, 0x0e, 0xc8, 0x80, 0x34, 0xa5,
+	0x62, 0x37, 0xdd, 0x93, 0x92, 0x14, 0xe4, 0x4a, 0x11, 0x38, 0xeb, 0x03, 0x42, 0x06, 0x11, 0x3e,
+	0xd6, 0xe2, 0xe1, 0x10, 0x33, 0x1e, 0x0c, 0x13, 0xad, 0x70, 0xcb, 0xe0, 0x13, 0x1f, 0x6b, 0x66,
+	0x1f, 0x6b, 0x32, 0x12, 0x1d, 0x60, 0xda, 0x4c, 0xba, 0x4d, 0x92, 0x30, 0xad, 0xdd, 0x9c, 0xab,
+	0x1d, 0x24, 0x61, 0x93, 0x8f, 0x12, 0xcc, 0x9a, 0xdf, 0x11, 0xba, 0x8f, 0xa9, 0x02, 0xb8, 0x3f,
+	0x58, 0x50, 0x7b, 0x4a, 0xd3, 0x18, 0xfb, 0xf8, 0xdb, 0x14, 0x33, 0x8e, 0xae, 0x41, 0x71, 0x2f,
+	0x8c, 0x38, 0xa6, 0xb6, 0x55, 0xcf, 0x37, 0x2a, 0xbe, 0x96, 0xd0, 0x2a, 0xe4, 0x83, 0x28, 0xb2,
+	0x73, 0x75, 0xab, 0x51, 0xf6, 0xc5, 0x12, 0x35, 0xa0, 0xb6, 0x8f, 0x71, 0xd2, 0x49, 0x69, 0xc0,
+	0x43, 0x12, 0xdb, 0xf9, 0xba, 0xd5, 0xc8, 0xb7, 0x97, 0xde, 0x1c, 0xae, 0x5b, 0xfe, 0xc4, 0x3f,
+	0xc8, 0x85, 0x8a, 0x90, 0xdb, 0x23, 0x8e, 0x99, 0xbd, 0x64, 0xa8, 0x1d, 0x6f, 0xbb, 0x37, 0x61,
+	0xb5, 0x13, 0xb2, 0xfd, 0xe7, 0x2c, 0x18, 0x9c, 0x65, 0x8b, 0xfb, 0x18, 0x2e, 0x1b, 0xba, 0x2c,
+	0x21, 0x31, 0xc3, 0xe8, 0x2e, 0x14, 0x29, 0xee, 0x11, 0xda, 0x97, 0xca, 0xd5, 0xd6, 0x7b, 0xde,
+	0xc9, 0xdc, 0x78, 0x1a, 0x20, 0x94, 0x7c, 0xad, 0xec, 0xfe, 0x9b, 0x83, 0xaa, 0xb1, 0x8f, 0x56,
+	0x20, 0xb7, 0xdd, 0xb1, 0xad, 0xba, 0xd5, 0xa8, 0xf8, 0xb9, 0xed, 0x0e, 0xb2, 0xa1, 0xb4, 0x93,
+	0xf2, 0xa0, 0x1b, 0x61, 0xed, 0x7b, 0x26, 0xa2, 0xab, 0x50, 0xd8, 0x8e, 0x9f, 0x33, 0x2c, 0x1d,
+	0x2f, 0xfb, 0x4a, 0x40, 0x08, 0x96, 0x76, 0xc3, 0xef, 0xb1, 0x72, 0xd3, 0x97, 0x6b, 0xe1, 0xc7,
+	0xd3, 0x80, 0xe2, 0x98, 0xdb, 0x05, 0xc9, 0xab, 0x25, 0xd4, 0x86, 0xca, 0x16, 0xc5, 0x01, 0xc7,
+	0xfd, 0x07, 0xdc, 0x2e, 0xd6, 0xad, 0x46, 0xb5, 0xe5, 0x78, 0xaa, 0x20, 0xbc, 0xac, 0x20, 0xbc,
+	0x67, 0x59, 0x41, 0xb4, 0xcb, 0x6f, 0x0e, 0xd7, 0x2f, 0xfd, 0xf8, 0xa7, 0x88, 0xdb, 0x18, 0x86,
+	0xee, 0x03, 0x3c, 0x09, 0x18, 0x7f, 0xce, 0x24, 0x49, 0xe9, 0x4c, 0x92, 0x25, 0x49, 0x60, 0x60,
+	0xd0, 0x1a, 0x80, 0x0c, 0xc0, 0x16, 0x49, 0x63, 0x6e, 0x97, 0xa5, 0xdd, 0xc6, 0x0e, 0xaa, 0x43,
+	0xb5, 0x83, 0x59, 0x8f, 0x86, 0x89, 0x4c, 0x73, 0x45, 0xba, 0x60, 0x6e, 0x09, 0x06, 0x15, 0xbd,
+	0x67, 0xa3, 0x04, 0xdb, 0x20, 0x15, 0x8c, 0x1d, 0xe1, 0xff, 0xee, 0xab, 0x80, 0xe2, 0xbe, 0x5d,
+	0x95, 0xa1, 0xd2, 0x92, 0xfb, 0x53, 0x11, 0x6a, 0xbb, 0xa2, 0x8a, 0xb3, 0x84, 0xaf, 0x42, 0xde,
+	0xc7, 0x7b, 0x3a, 0xfa, 0x62, 0x89, 0x3c, 0x80, 0x0e, 0xde, 0x0b, 0xe3, 0x50, 0x7e, 0x3b, 0x27,
+	0xdd, 0x5b, 0xf1, 0x92, 0xae, 0x77, 0xbc, 0xeb, 0x1b, 0x1a, 0xc8, 0x81, 0xf2, 0xc3, 0xd7, 0x09,
+	0xa1, 0xa2, 0x68, 0xf2, 0x92, 0x66, 0x2c, 0xa3, 0x17, 0xb0, 0x9c, 0xad, 0x1f, 0x70, 0x4e, 0x45,
+	0x29, 0x8a, 0x42, 0xb9, 0x33, 0x5d, 0x28, 0xa6, 0x51, 0xde, 0x04, 0xe6, 0x61, 0xcc, 0xe9, 0xc8,
+	0x9f, 0xe4, 0x11, 0x35, 0xb2, 0x8b, 0x19, 0x13, 0x16, 0xaa, 0x04, 0x67, 0xa2, 0x30, 0xe7, 0x0b,
+	0x4a, 0x62, 0x8e, 0xe3, 0xbe, 0x4c, 0x70, 0xc5, 0x1f, 0xcb, 0xc2, 0x9c, 0x6c, 0xad, 0xcc, 0x29,
+	0x9d, 0xcb, 0x9c, 0x09, 0x8c, 0x36, 0x67, 0x62, 0x0f, 0x6d, 0x42, 0x61, 0x2b, 0xe8, 0xbd, 0xc2,
+	0x32, 0x97, 0xd5, 0xd6, 0xda, 0x34, 0xa1, 0xfc, 0xfb, 0x4b, 0x99, 0x3c, 0x26, 0x5b, 0xf1, 0x92,
+	0xaf, 0x20, 0xe8, 0x1b, 0xa8, 0x3d, 0x8c, 0x79, 0xc8, 0x23, 0x3c, 0xc4, 0x31, 0x67, 0x76, 0x45,
+	0x34, 0x5e, 0x7b, 0xf3, 0xed, 0xe1, 0xfa, 0xc7, 0x73, 0x8f, 0x96, 0x94, 0x87, 0x51, 0x13, 0x1b,
+	0x28, 0xcf, 0xa0, 0xf0, 0x27, 0xf8, 0xd0, 0x4b, 0x58, 0xc9, 0x8c, 0xdd, 0x8e, 0x93, 0x94, 0x33,
+	0x1b, 0xa4, 0xd7, 0xad, 0x73, 0x7a, 0xad, 0x40, 0xca, 0xed, 0x13, 0x4c, 0xce, 0x7d, 0x40, 0xd3,
+	0xb9, 0x12, 0x35, 0xb5, 0x8f, 0x47, 0x59, 0x4d, 0xed, 0xe3, 0x91, 0x68, 0xdc, 0x83, 0x20, 0x4a,
+	0x55, 0x43, 0x57, 0x7c, 0x25, 0x6c, 0xe6, 0xee, 0x59, 0x82, 0x61, 0x3a, 0xbc, 0x0b, 0x31, 0x7c,
+	0x05, 0x57, 0x66, 0x98, 0x3a, 0x83, 0xe2, 0x86, 0x49, 0x31, 0x5d, 0xd3, 0xc7, 0x94, 0xee, 0x2f,
+	0x79, 0xa8, 0x99, 0x09, 0x43, 0x1b, 0x70, 0x45, 0xf9, 0xe9, 0xe3, 0xbd, 0x0e, 0x4e, 0x28, 0xee,
+	0x89, 0xb3, 0x40, 0x93, 0xcf, 0xfa, 0x0b, 0xb5, 0xe0, 0xea, 0xf6, 0x50, 0x6f, 0x33, 0x03, 0x92,
+	0x93, 0xc7, 0xea, 0xcc, 0xff, 0x10, 0x81, 0xff, 0x29, 0x2a, 0x19, 0x09, 0x03, 0x94, 0x97, 0x09,
+	0xfb, 0xe4, 0xf4, 0xaa, 0xf2, 0x66, 0x62, 0x55, 0xde, 0x66, 0xf3, 0xa2, 0xcf, 0xa0, 0xa4, 0xfe,
+	0xc8, 0x1a, 0xf3, 0xfa, 0xe9, 0x9f, 0x50, 0x64, 0x19, 0x46, 0xc0, 0x95, 0x1f, 0xcc, 0x2e, 0x2c,
+	0x00, 0xd7, 0x18, 0xe7, 0x11, 0x38, 0xf3, 0x4d, 0x5e, 0xa4, 0x04, 0xdc, 0x9f, 0x2d, 0xb8, 0x3c,
+	0xf5, 0x21, 0x71, 0x2f, 0xc8, 0xd3, 0x51, 0x51, 0xc8, 0x35, 0xea, 0x40, 0x41, 0x75, 0x7e, 0x4e,
+	0x1a, 0xec, 0x9d, 0xc3, 0x60, 0xcf, 0x68, 0x7b, 0x05, 0x76, 0xee, 0x01, 0x5c, 0xac, 0x58, 0xdd,
+	0xdf, 0x2c, 0x58, 0xd6, 0x5d, 0xa6, 0x2f, 0xd1, 0x00, 0x56, 0xb3, 0x16, 0xca, 0xf6, 0xf4, 0x75,
+	0x7a, 0x77, 0x6e, 0x83, 0x2a, 0x35, 0xef, 0x24, 0x4e, 0xd9, 0x38, 0x45, 0xe7, 0x6c, 0x65, 0x75,
+	0x75, 0x42, 0x75, 0x21, 0xcb, 0xdf, 0x87, 0xe5, 0x5d, 0x1e, 0xf0, 0x94, 0xcd, 0xbd, 0x39, 0xdc,
+	0x5f, 0x2d, 0x58, 0xc9, 0x74, 0xb4, 0x77, 0x1f, 0x41, 0xf9, 0x00, 0x53, 0x8e, 0x5f, 0x63, 0xa6,
+	0xbd, 0xb2, 0xa7, 0xbd, 0xfa, 0x5a, 0x6a, 0xf8, 0x63, 0x4d, 0xb4, 0x09, 0x65, 0x26, 0x79, 0x70,
+	0x96, 0xa8, 0xb5, 0x79, 0x28, 0xfd, 0xbd, 0xb1, 0x3e, 0x6a, 0xc2, 0x52, 0x44, 0x06, 0x4c, 0xf7,
+	0xcc, 0xff, 0xe7, 0xe1, 0x9e, 0x90, 0x81, 0x2f, 0x15, 0xdd, 0xc3, 0x1c, 0x14, 0xd5, 0x1e, 0x7a,
+	0x0c, 0xc5, 0x7e, 0x38, 0xc0, 0x8c, 0x2b, 0xaf, 0xda, 0x2d, 0x71, 0x4e, 0xbf, 0x3d, 0x5c, 0xbf,
+	0x69, 0x1c, 0xc4, 0x24, 0xc1, 0xb1, 0x78, 0x91, 0x06, 0x61, 0x8c, 0x29, 0x6b, 0x0e, 0xc8, 0x6d,
+	0x05, 0xf1, 0x3a, 0xf2, 0xc7, 0xd7, 0x0c, 0x82, 0x2b, 0x54, 0xc7, 0xad, 0x6c, 0xf9, 0x8b, 0x71,
+	0x29, 0x06, 0x51, 0xc9, 0x71, 0x30, 0xc4, 0xfa, 0x7a, 0x95, 0x6b, 0x71, 0xc3, 0xf7, 0x44, 0xa9,
+	0xf6, 0xe5, 0xbb, 0xa7, 0xec, 0x6b, 0x09, 0x6d, 0x42, 0x89, 0xf1, 0x80, 0x8a, 0x63, 0xa3, 0x70,
+	0xce, 0xa7, 0x49, 0x06, 0x40, 0x9f, 0x43, 0xa5, 0x47, 0x86, 0x49, 0x84, 0x05, 0xba, 0x78, 0x4e,
+	0xf4, 0x31, 0x44, 0x54, 0x0f, 0xa6, 0x94, 0x50, 0xf9, 0x28, 0xaa, 0xf8, 0x4a, 0x70, 0xff, 0xc9,
+	0x41, 0xcd, 0x4c, 0xd6, 0xd4, 0x83, 0xef, 0x31, 0x14, 0x55, 0xea, 0x55, 0xd5, 0x5d, 0x2c, 0x54,
+	0x8a, 0x61, 0x66, 0xa8, 0x6c, 0x28, 0xf5, 0x52, 0x2a, 0x5f, 0x83, 0xea, 0x8d, 0x98, 0x89, 0xc2,
+	0x60, 0x4e, 0x78, 0x10, 0xc9, 0x50, 0xe5, 0x7d, 0x25, 0x88, 0x47, 0xe2, 0x78, 0x26, 0x58, 0xec,
+	0x91, 0x38, 0x86, 0x99, 0x69, 0x28, 0xbd, 0x53, 0x1a, 0xca, 0x0b, 0xa7, 0xc1, 0xfd, 0xdd, 0x82,
+	0xca, 0xb8, 0xca, 0x8d, 0xe8, 0x5a, 0xef, 0x1c, 0xdd, 0x89, 0xc8, 0xe4, 0x2e, 0x16, 0x99, 0x6b,
+	0x50, 0x64, 0x9c, 0xe2, 0x60, 0xa8, 0xc6, 0x17, 0x5f, 0x4b, 0xe2, 0x3c, 0x19, 0xb2, 0x81, 0xcc,
+	0x50, 0xcd, 0x17, 0x4b, 0xd7, 0x85, 0x9a, 0x9c, 0x54, 0x76, 0x30, 0x13, 0x6f, 0x63, 0x91, 0xdb,
+	0x7e, 0xc0, 0x03, 0xe9, 0x47, 0xcd, 0x97, 0x6b, 0xf7, 0x16, 0xa0, 0x27, 0x21, 0xe3, 0x2f, 0xe4,
+	0x84, 0xc5, 0xce, 0x1a, 0x63, 0x76, 0xe1, 0xca, 0x84, 0xb6, 0x3e, 0xa5, 0x3e, 0x3d, 0x31, 0xc8,
+	0xdc, 0x98, 0x3e, 0x35, 0xe4, 0x20, 0xe7, 0x29, 0xe0, 0xe4, 0x3c, 0xd3, 0xfa, 0x3b, 0x0f, 0xa5,
+	0x2d, 0x35, 0xa3, 0xa2, 0x67, 0x50, 0x19, 0xcf, 0x49, 0xc8, 0x9d, 0xa6, 0x39, 0x39, 0x70, 0x39,
+	0xd7, 0x4f, 0xd5, 0xd1, 0xf6, 0x3d, 0x82, 0x82, 0x9c, 0x18, 0xd1, 0x8c, 0x63, 0xd0, 0x1c, 0x25,
+	0x9d, 0xd3, 0x27, 0xb0, 0x0d, 0x4b, 0x30, 0xc9, 0x3b, 0x64, 0x16, 0x93, 0xf9, 0xfa, 0x73, 0xd6,
+	0xcf, 0xb8, 0x7c, 0xd0, 0x0e, 0x14, 0x75, 0x3b, 0xcf, 0x52, 0x35, 0x6f, 0x0a, 0xa7, 0x3e, 0x5f,
+	0x41, 0x91, 0x6d, 0x58, 0x68, 0x67, 0xfc, 0xa0, 0x9f, 0x65, 0x9a, 0x59, 0x06, 0xce, 0x19, 0xff,
+	0x37, 0xac, 0x0d, 0x0b, 0xbd, 0x84, 0xaa, 0x91, 0x68, 0x34, 0x23, 0xa1, 0xd3, 0x55, 0xe3, 0x7c,
+	0x70, 0x86, 0x96, 0x32, 0xb6, 0x5d, 0x7b, 0x73, 0xb4, 0x66, 0xfd, 0x71, 0xb4, 0x66, 0xfd, 0x75,
+	0xb4, 0x66, 0x75, 0x8b, 0xb2, 0xee, 0x3f, 0xfc, 0x2f, 0x00, 0x00, 0xff, 0xff, 0xfb, 0x65, 0x7c,
+	0xd6, 0xa7, 0x10, 0x00, 0x00,
+}
+
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ grpc.ClientConn
@@ -617,8 +1255,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Control service
-
+// ControlClient is the client API for Control service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type ControlClient interface {
 	DiskUsage(ctx context.Context, in *DiskUsageRequest, opts ...grpc.CallOption) (*DiskUsageResponse, error)
 	Prune(ctx context.Context, in *PruneRequest, opts ...grpc.CallOption) (Control_PruneClient, error)
@@ -638,7 +1277,7 @@ func NewControlClient(cc *grpc.ClientConn) ControlClient {
 
 func (c *controlClient) DiskUsage(ctx context.Context, in *DiskUsageRequest, opts ...grpc.CallOption) (*DiskUsageResponse, error) {
 	out := new(DiskUsageResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.Control/DiskUsage", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.Control/DiskUsage", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -646,7 +1285,7 @@ func (c *controlClient) DiskUsage(ctx context.Context, in *DiskUsageRequest, opt
 }
 
 func (c *controlClient) Prune(ctx context.Context, in *PruneRequest, opts ...grpc.CallOption) (Control_PruneClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Control_serviceDesc.Streams[0], c.cc, "/moby.buildkit.v1.Control/Prune", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Control_serviceDesc.Streams[0], "/moby.buildkit.v1.Control/Prune", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -679,7 +1318,7 @@ func (x *controlPruneClient) Recv() (*UsageRecord, error) {
 
 func (c *controlClient) Solve(ctx context.Context, in *SolveRequest, opts ...grpc.CallOption) (*SolveResponse, error) {
 	out := new(SolveResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.Control/Solve", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.Control/Solve", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -687,7 +1326,7 @@ func (c *controlClient) Solve(ctx context.Context, in *SolveRequest, opts ...grp
 }
 
 func (c *controlClient) Status(ctx context.Context, in *StatusRequest, opts ...grpc.CallOption) (Control_StatusClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Control_serviceDesc.Streams[1], c.cc, "/moby.buildkit.v1.Control/Status", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Control_serviceDesc.Streams[1], "/moby.buildkit.v1.Control/Status", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -719,7 +1358,7 @@ func (x *controlStatusClient) Recv() (*StatusResponse, error) {
 }
 
 func (c *controlClient) Session(ctx context.Context, opts ...grpc.CallOption) (Control_SessionClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_Control_serviceDesc.Streams[2], c.cc, "/moby.buildkit.v1.Control/Session", opts...)
+	stream, err := c.cc.NewStream(ctx, &_Control_serviceDesc.Streams[2], "/moby.buildkit.v1.Control/Session", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -751,15 +1390,14 @@ func (x *controlSessionClient) Recv() (*BytesMessage, error) {
 
 func (c *controlClient) ListWorkers(ctx context.Context, in *ListWorkersRequest, opts ...grpc.CallOption) (*ListWorkersResponse, error) {
 	out := new(ListWorkersResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.Control/ListWorkers", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.Control/ListWorkers", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Control service
-
+// ControlServer is the server API for Control service.
 type ControlServer interface {
 	DiskUsage(context.Context, *DiskUsageRequest) (*DiskUsageResponse, error)
 	Prune(*PruneRequest, Control_PruneServer) error
@@ -769,6 +1407,29 @@ type ControlServer interface {
 	ListWorkers(context.Context, *ListWorkersRequest) (*ListWorkersResponse, error)
 }
 
+// UnimplementedControlServer can be embedded to have forward compatible implementations.
+type UnimplementedControlServer struct {
+}
+
+func (*UnimplementedControlServer) DiskUsage(ctx context.Context, req *DiskUsageRequest) (*DiskUsageResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DiskUsage not implemented")
+}
+func (*UnimplementedControlServer) Prune(req *PruneRequest, srv Control_PruneServer) error {
+	return status.Errorf(codes.Unimplemented, "method Prune not implemented")
+}
+func (*UnimplementedControlServer) Solve(ctx context.Context, req *SolveRequest) (*SolveResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Solve not implemented")
+}
+func (*UnimplementedControlServer) Status(req *StatusRequest, srv Control_StatusServer) error {
+	return status.Errorf(codes.Unimplemented, "method Status not implemented")
+}
+func (*UnimplementedControlServer) Session(srv Control_SessionServer) error {
+	return status.Errorf(codes.Unimplemented, "method Session not implemented")
+}
+func (*UnimplementedControlServer) ListWorkers(ctx context.Context, req *ListWorkersRequest) (*ListWorkersResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListWorkers not implemented")
+}
+
 func RegisterControlServer(s *grpc.Server, srv ControlServer) {
 	s.RegisterService(&_Control_serviceDesc, srv)
 }
@@ -936,7 +1597,7 @@ var _Control_serviceDesc = grpc.ServiceDesc{
 func (m *PruneRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -944,52 +1605,55 @@ func (m *PruneRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *PruneRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PruneRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Filter) > 0 {
-		for _, s := range m.Filter {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.KeepBytes != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.KeepBytes))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.KeepDuration != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.KeepDuration))
+		i--
+		dAtA[i] = 0x18
 	}
 	if m.All {
-		dAtA[i] = 0x10
-		i++
+		i--
 		if m.All {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if m.KeepDuration != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.KeepDuration))
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.KeepBytes != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.KeepBytes))
+	if len(m.Filter) > 0 {
+		for iNdEx := len(m.Filter) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filter[iNdEx])
+			copy(dAtA[i:], m.Filter[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Filter[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DiskUsageRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -997,32 +1661,35 @@ func (m *DiskUsageRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DiskUsageRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DiskUsageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filter) > 0 {
-		for _, s := range m.Filter {
+		for iNdEx := len(m.Filter) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filter[iNdEx])
+			copy(dAtA[i:], m.Filter[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Filter[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *DiskUsageResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1030,29 +1697,40 @@ func (m *DiskUsageResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *DiskUsageResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DiskUsageResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Record) > 0 {
-		for _, msg := range m.Record {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Record) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Record[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *UsageRecord) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1060,99 +1738,112 @@ func (m *UsageRecord) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *UsageRecord) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UsageRecord) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	if m.Mutable {
-		dAtA[i] = 0x10
-		i++
-		if m.Mutable {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.InUse {
-		dAtA[i] = 0x18
-		i++
-		if m.InUse {
+	if m.Shared {
+		i--
+		if m.Shared {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x58
 	}
-	if m.Size_ != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Size_))
+	if len(m.RecordType) > 0 {
+		i -= len(m.RecordType)
+		copy(dAtA[i:], m.RecordType)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.RecordType)))
+		i--
+		dAtA[i] = 0x52
 	}
-	if len(m.Parent) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Parent)))
-		i += copy(dAtA[i:], m.Parent)
+	if len(m.Description) > 0 {
+		i -= len(m.Description)
+		copy(dAtA[i:], m.Description)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Description)))
+		i--
+		dAtA[i] = 0x4a
 	}
-	dAtA[i] = 0x32
-	i++
-	i = encodeVarintControl(dAtA, i, uint64(types.SizeOfStdTime(m.CreatedAt)))
-	n1, err := types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.UsageCount != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.UsageCount))
+		i--
+		dAtA[i] = 0x40
 	}
-	i += n1
 	if m.LastUsedAt != nil {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(types.SizeOfStdTime(*m.LastUsedAt)))
-		n2, err := types.StdTimeMarshalTo(*m.LastUsedAt, dAtA[i:])
-		if err != nil {
-			return 0, err
+		n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastUsedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastUsedAt):])
+		if err1 != nil {
+			return 0, err1
 		}
-		i += n2
+		i -= n1
+		i = encodeVarintControl(dAtA, i, uint64(n1))
+		i--
+		dAtA[i] = 0x3a
 	}
-	if m.UsageCount != 0 {
-		dAtA[i] = 0x40
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.UsageCount))
+	n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):])
+	if err2 != nil {
+		return 0, err2
 	}
-	if len(m.Description) > 0 {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Description)))
-		i += copy(dAtA[i:], m.Description)
+	i -= n2
+	i = encodeVarintControl(dAtA, i, uint64(n2))
+	i--
+	dAtA[i] = 0x32
+	if len(m.Parent) > 0 {
+		i -= len(m.Parent)
+		copy(dAtA[i:], m.Parent)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Parent)))
+		i--
+		dAtA[i] = 0x2a
 	}
-	if len(m.RecordType) > 0 {
-		dAtA[i] = 0x52
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.RecordType)))
-		i += copy(dAtA[i:], m.RecordType)
+	if m.Size_ != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.Size_))
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.Shared {
-		dAtA[i] = 0x58
-		i++
-		if m.Shared {
+	if m.InUse {
+		i--
+		if m.InUse {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x18
 	}
-	return i, nil
+	if m.Mutable {
+		i--
+		if m.Mutable {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *SolveRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1160,108 +1851,149 @@ func (m *SolveRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SolveRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SolveRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.FrontendInputs) > 0 {
+		for k := range m.FrontendInputs {
+			v := m.FrontendInputs[k]
+			baseI := i
+			if v != nil {
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintControl(dAtA, i, uint64(size))
+				}
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x52
+		}
 	}
-	if m.Definition != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Definition.Size()))
-		n3, err := m.Definition.MarshalTo(dAtA[i:])
+	if len(m.Entitlements) > 0 {
+		for iNdEx := len(m.Entitlements) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Entitlements[iNdEx])
+			copy(dAtA[i:], m.Entitlements[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Entitlements[iNdEx])))
+			i--
+			dAtA[i] = 0x4a
+		}
+	}
+	{
+		size, err := m.Cache.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
-		i += n3
-	}
-	if len(m.Exporter) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Exporter)))
-		i += copy(dAtA[i:], m.Exporter)
+		i -= size
+		i = encodeVarintControl(dAtA, i, uint64(size))
 	}
-	if len(m.ExporterAttrs) > 0 {
-		for k, _ := range m.ExporterAttrs {
-			dAtA[i] = 0x22
-			i++
-			v := m.ExporterAttrs[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+	i--
+	dAtA[i] = 0x42
+	if len(m.FrontendAttrs) > 0 {
+		for k := range m.FrontendAttrs {
+			v := m.FrontendAttrs[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x3a
 		}
 	}
-	if len(m.Session) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Session)))
-		i += copy(dAtA[i:], m.Session)
-	}
 	if len(m.Frontend) > 0 {
-		dAtA[i] = 0x32
-		i++
+		i -= len(m.Frontend)
+		copy(dAtA[i:], m.Frontend)
 		i = encodeVarintControl(dAtA, i, uint64(len(m.Frontend)))
-		i += copy(dAtA[i:], m.Frontend)
+		i--
+		dAtA[i] = 0x32
 	}
-	if len(m.FrontendAttrs) > 0 {
-		for k, _ := range m.FrontendAttrs {
-			dAtA[i] = 0x3a
-			i++
-			v := m.FrontendAttrs[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+	if len(m.Session) > 0 {
+		i -= len(m.Session)
+		copy(dAtA[i:], m.Session)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Session)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if len(m.ExporterAttrs) > 0 {
+		for k := range m.ExporterAttrs {
+			v := m.ExporterAttrs[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x22
 		}
 	}
-	dAtA[i] = 0x42
-	i++
-	i = encodeVarintControl(dAtA, i, uint64(m.Cache.Size()))
-	n4, err := m.Cache.MarshalTo(dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Exporter) > 0 {
+		i -= len(m.Exporter)
+		copy(dAtA[i:], m.Exporter)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Exporter)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	i += n4
-	if len(m.Entitlements) > 0 {
-		for _, s := range m.Entitlements {
-			dAtA[i] = 0x4a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if m.Definition != nil {
+		{
+			size, err := m.Definition.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i -= size
+			i = encodeVarintControl(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CacheOptions) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1269,55 +2001,142 @@ func (m *CacheOptions) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CacheOptions) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CacheOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ExportRef) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ExportRef)))
-		i += copy(dAtA[i:], m.ExportRef)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Imports) > 0 {
+		for iNdEx := len(m.Imports) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Imports[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x2a
+		}
 	}
-	if len(m.ImportRefs) > 0 {
-		for _, s := range m.ImportRefs {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
+	if len(m.Exports) > 0 {
+		for iNdEx := len(m.Exports) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Exports[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+			i--
+			dAtA[i] = 0x22
 		}
 	}
-	if len(m.ExportAttrs) > 0 {
-		for k, _ := range m.ExportAttrs {
-			dAtA[i] = 0x1a
-			i++
-			v := m.ExportAttrs[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+	if len(m.ExportAttrsDeprecated) > 0 {
+		for k := range m.ExportAttrsDeprecated {
+			v := m.ExportAttrsDeprecated[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintControl(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.ImportRefsDeprecated) > 0 {
+		for iNdEx := len(m.ImportRefsDeprecated) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ImportRefsDeprecated[iNdEx])
+			copy(dAtA[i:], m.ImportRefsDeprecated[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.ImportRefsDeprecated[iNdEx])))
+			i--
 			dAtA[i] = 0x12
-			i++
+		}
+	}
+	if len(m.ExportRefDeprecated) > 0 {
+		i -= len(m.ExportRefDeprecated)
+		copy(dAtA[i:], m.ExportRefDeprecated)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ExportRefDeprecated)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *CacheOptionsEntry) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CacheOptionsEntry) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CacheOptionsEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Attrs) > 0 {
+		for k := range m.Attrs {
+			v := m.Attrs[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	return i, nil
+	if len(m.Type) > 0 {
+		i -= len(m.Type)
+		copy(dAtA[i:], m.Type)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Type)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *SolveResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1325,34 +2144,45 @@ func (m *SolveResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *SolveResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SolveResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.ExporterResponse) > 0 {
-		for k, _ := range m.ExporterResponse {
-			dAtA[i] = 0xa
-			i++
+		for k := range m.ExporterResponse {
 			v := m.ExporterResponse[k]
-			mapSize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
-			i = encodeVarintControl(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
 			i = encodeVarintControl(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintControl(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintControl(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StatusRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1360,23 +2190,33 @@ func (m *StatusRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StatusRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StatusRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
 		i = encodeVarintControl(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *StatusResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1384,53 +2224,68 @@ func (m *StatusResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *StatusResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StatusResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Vertexes) > 0 {
-		for _, msg := range m.Vertexes {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Logs) > 0 {
+		for iNdEx := len(m.Logs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Logs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
 	if len(m.Statuses) > 0 {
-		for _, msg := range m.Statuses {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Statuses) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Statuses[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	if len(m.Logs) > 0 {
-		for _, msg := range m.Logs {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+	if len(m.Vertexes) > 0 {
+		for iNdEx := len(m.Vertexes) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Vertexes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *Vertex) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1438,80 +2293,86 @@ func (m *Vertex) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Vertex) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Vertex) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Inputs) > 0 {
-		for _, s := range m.Inputs {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if len(m.Error) > 0 {
+		i -= len(m.Error)
+		copy(dAtA[i:], m.Error)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Error)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if m.Completed != nil {
+		n6, err6 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Completed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Completed):])
+		if err6 != nil {
+			return 0, err6
 		}
+		i -= n6
+		i = encodeVarintControl(dAtA, i, uint64(n6))
+		i--
+		dAtA[i] = 0x32
 	}
-	if len(m.Name) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.Started != nil {
+		n7, err7 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Started, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Started):])
+		if err7 != nil {
+			return 0, err7
+		}
+		i -= n7
+		i = encodeVarintControl(dAtA, i, uint64(n7))
+		i--
+		dAtA[i] = 0x2a
 	}
 	if m.Cached {
-		dAtA[i] = 0x20
-		i++
+		i--
 		if m.Cached {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.Started != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(types.SizeOfStdTime(*m.Started)))
-		n5, err := types.StdTimeMarshalTo(*m.Started, dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n5
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.Completed != nil {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(types.SizeOfStdTime(*m.Completed)))
-		n6, err := types.StdTimeMarshalTo(*m.Completed, dAtA[i:])
-		if err != nil {
-			return 0, err
+	if len(m.Inputs) > 0 {
+		for iNdEx := len(m.Inputs) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Inputs[iNdEx])
+			copy(dAtA[i:], m.Inputs[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Inputs[iNdEx])))
+			i--
+			dAtA[i] = 0x12
 		}
-		i += n6
 	}
-	if len(m.Error) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Error)))
-		i += copy(dAtA[i:], m.Error)
+	if len(m.Digest) > 0 {
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Digest)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *VertexStatus) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1519,73 +2380,85 @@ func (m *VertexStatus) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *VertexStatus) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *VertexStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Vertex) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Vertex)))
-		i += copy(dAtA[i:], m.Vertex)
+	if m.Completed != nil {
+		n8, err8 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Completed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Completed):])
+		if err8 != nil {
+			return 0, err8
+		}
+		i -= n8
+		i = encodeVarintControl(dAtA, i, uint64(n8))
+		i--
+		dAtA[i] = 0x42
 	}
-	if len(m.Name) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Name)))
-		i += copy(dAtA[i:], m.Name)
+	if m.Started != nil {
+		n9, err9 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Started, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Started):])
+		if err9 != nil {
+			return 0, err9
+		}
+		i -= n9
+		i = encodeVarintControl(dAtA, i, uint64(n9))
+		i--
+		dAtA[i] = 0x3a
 	}
-	if m.Current != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(m.Current))
+	n10, err10 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):])
+	if err10 != nil {
+		return 0, err10
 	}
+	i -= n10
+	i = encodeVarintControl(dAtA, i, uint64(n10))
+	i--
+	dAtA[i] = 0x32
 	if m.Total != 0 {
-		dAtA[i] = 0x28
-		i++
 		i = encodeVarintControl(dAtA, i, uint64(m.Total))
+		i--
+		dAtA[i] = 0x28
 	}
-	dAtA[i] = 0x32
-	i++
-	i = encodeVarintControl(dAtA, i, uint64(types.SizeOfStdTime(m.Timestamp)))
-	n7, err := types.StdTimeMarshalTo(m.Timestamp, dAtA[i:])
-	if err != nil {
-		return 0, err
-	}
-	i += n7
-	if m.Started != nil {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(types.SizeOfStdTime(*m.Started)))
-		n8, err := types.StdTimeMarshalTo(*m.Started, dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n8
+	if m.Current != 0 {
+		i = encodeVarintControl(dAtA, i, uint64(m.Current))
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.Completed != nil {
-		dAtA[i] = 0x42
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(types.SizeOfStdTime(*m.Completed)))
-		n9, err := types.StdTimeMarshalTo(*m.Completed, dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n9
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	return i, nil
+	if len(m.Vertex) > 0 {
+		i -= len(m.Vertex)
+		copy(dAtA[i:], m.Vertex)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Vertex)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *VertexLog) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1593,42 +2466,53 @@ func (m *VertexLog) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *VertexLog) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *VertexLog) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Vertex) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Vertex)))
-		i += copy(dAtA[i:], m.Vertex)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintControl(dAtA, i, uint64(types.SizeOfStdTime(m.Timestamp)))
-	n10, err := types.StdTimeMarshalTo(m.Timestamp, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if len(m.Msg) > 0 {
+		i -= len(m.Msg)
+		copy(dAtA[i:], m.Msg)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Msg)))
+		i--
+		dAtA[i] = 0x22
 	}
-	i += n10
 	if m.Stream != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintControl(dAtA, i, uint64(m.Stream))
+		i--
+		dAtA[i] = 0x18
 	}
-	if len(m.Msg) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintControl(dAtA, i, uint64(len(m.Msg)))
-		i += copy(dAtA[i:], m.Msg)
+	n11, err11 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):])
+	if err11 != nil {
+		return 0, err11
 	}
-	return i, nil
+	i -= n11
+	i = encodeVarintControl(dAtA, i, uint64(n11))
+	i--
+	dAtA[i] = 0x12
+	if len(m.Vertex) > 0 {
+		i -= len(m.Vertex)
+		copy(dAtA[i:], m.Vertex)
+		i = encodeVarintControl(dAtA, i, uint64(len(m.Vertex)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *BytesMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1636,23 +2520,33 @@ func (m *BytesMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *BytesMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BytesMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Data) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintControl(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListWorkersRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1660,32 +2554,35 @@ func (m *ListWorkersRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListWorkersRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListWorkersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Filter) > 0 {
-		for _, s := range m.Filter {
+		for iNdEx := len(m.Filter) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filter[iNdEx])
+			copy(dAtA[i:], m.Filter[iNdEx])
+			i = encodeVarintControl(dAtA, i, uint64(len(m.Filter[iNdEx])))
+			i--
 			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ListWorkersResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -1693,35 +2590,51 @@ func (m *ListWorkersResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ListWorkersResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ListWorkersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
 	if len(m.Record) > 0 {
-		for _, msg := range m.Record {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintControl(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Record) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Record[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintControl(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintControl(dAtA []byte, offset int, v uint64) int {
+	offset -= sovControl(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *PruneRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filter) > 0 {
@@ -1739,10 +2652,16 @@ func (m *PruneRequest) Size() (n int) {
 	if m.KeepBytes != 0 {
 		n += 1 + sovControl(uint64(m.KeepBytes))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DiskUsageRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filter) > 0 {
@@ -1751,10 +2670,16 @@ func (m *DiskUsageRequest) Size() (n int) {
 			n += 1 + l + sovControl(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *DiskUsageResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Record) > 0 {
@@ -1763,10 +2688,16 @@ func (m *DiskUsageResponse) Size() (n int) {
 			n += 1 + l + sovControl(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *UsageRecord) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1786,10 +2717,10 @@ func (m *UsageRecord) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovControl(uint64(l))
 	}
-	l = types.SizeOfStdTime(m.CreatedAt)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)
 	n += 1 + l + sovControl(uint64(l))
 	if m.LastUsedAt != nil {
-		l = types.SizeOfStdTime(*m.LastUsedAt)
+		l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastUsedAt)
 		n += 1 + l + sovControl(uint64(l))
 	}
 	if m.UsageCount != 0 {
@@ -1806,10 +2737,16 @@ func (m *UsageRecord) Size() (n int) {
 	if m.Shared {
 		n += 2
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *SolveRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Ref)
@@ -1856,34 +2793,95 @@ func (m *SolveRequest) Size() (n int) {
 			n += 1 + l + sovControl(uint64(l))
 		}
 	}
+	if len(m.FrontendInputs) > 0 {
+		for k, v := range m.FrontendInputs {
+			_ = k
+			_ = v
+			l = 0
+			if v != nil {
+				l = v.Size()
+				l += 1 + sovControl(uint64(l))
+			}
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + l
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *CacheOptions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
-	l = len(m.ExportRef)
+	l = len(m.ExportRefDeprecated)
 	if l > 0 {
 		n += 1 + l + sovControl(uint64(l))
 	}
-	if len(m.ImportRefs) > 0 {
-		for _, s := range m.ImportRefs {
+	if len(m.ImportRefsDeprecated) > 0 {
+		for _, s := range m.ImportRefsDeprecated {
 			l = len(s)
 			n += 1 + l + sovControl(uint64(l))
 		}
 	}
-	if len(m.ExportAttrs) > 0 {
-		for k, v := range m.ExportAttrs {
+	if len(m.ExportAttrsDeprecated) > 0 {
+		for k, v := range m.ExportAttrsDeprecated {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
+			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
+		}
+	}
+	if len(m.Exports) > 0 {
+		for _, e := range m.Exports {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if len(m.Imports) > 0 {
+		for _, e := range m.Imports {
+			l = e.Size()
+			n += 1 + l + sovControl(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *CacheOptionsEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Type)
+	if l > 0 {
+		n += 1 + l + sovControl(uint64(l))
+	}
+	if len(m.Attrs) > 0 {
+		for k, v := range m.Attrs {
 			_ = k
 			_ = v
 			mapEntrySize := 1 + len(k) + sovControl(uint64(len(k))) + 1 + len(v) + sovControl(uint64(len(v)))
 			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *SolveResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.ExporterResponse) > 0 {
@@ -1894,20 +2892,32 @@ func (m *SolveResponse) Size() (n int) {
 			n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StatusRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Ref)
 	if l > 0 {
 		n += 1 + l + sovControl(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *StatusResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Vertexes) > 0 {
@@ -1928,10 +2938,16 @@ func (m *StatusResponse) Size() (n int) {
 			n += 1 + l + sovControl(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *Vertex) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Digest)
@@ -1952,21 +2968,27 @@ func (m *Vertex) Size() (n int) {
 		n += 2
 	}
 	if m.Started != nil {
-		l = types.SizeOfStdTime(*m.Started)
+		l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.Started)
 		n += 1 + l + sovControl(uint64(l))
 	}
 	if m.Completed != nil {
-		l = types.SizeOfStdTime(*m.Completed)
+		l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.Completed)
 		n += 1 + l + sovControl(uint64(l))
 	}
 	l = len(m.Error)
 	if l > 0 {
 		n += 1 + l + sovControl(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *VertexStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -1987,27 +3009,33 @@ func (m *VertexStatus) Size() (n int) {
 	if m.Total != 0 {
 		n += 1 + sovControl(uint64(m.Total))
 	}
-	l = types.SizeOfStdTime(m.Timestamp)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp)
 	n += 1 + l + sovControl(uint64(l))
 	if m.Started != nil {
-		l = types.SizeOfStdTime(*m.Started)
+		l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.Started)
 		n += 1 + l + sovControl(uint64(l))
 	}
 	if m.Completed != nil {
-		l = types.SizeOfStdTime(*m.Completed)
+		l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.Completed)
 		n += 1 + l + sovControl(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *VertexLog) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Vertex)
 	if l > 0 {
 		n += 1 + l + sovControl(uint64(l))
 	}
-	l = types.SizeOfStdTime(m.Timestamp)
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp)
 	n += 1 + l + sovControl(uint64(l))
 	if m.Stream != 0 {
 		n += 1 + sovControl(uint64(m.Stream))
@@ -2016,20 +3044,32 @@ func (m *VertexLog) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovControl(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *BytesMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Data)
 	if l > 0 {
 		n += 1 + l + sovControl(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListWorkersRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Filter) > 0 {
@@ -2038,10 +3078,16 @@ func (m *ListWorkersRequest) Size() (n int) {
 			n += 1 + l + sovControl(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *ListWorkersResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Record) > 0 {
@@ -2050,18 +3096,14 @@ func (m *ListWorkersResponse) Size() (n int) {
 			n += 1 + l + sovControl(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovControl(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozControl(x uint64) (n int) {
 	return sovControl(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -2081,7 +3123,7 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2109,7 +3151,7 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2119,6 +3161,9 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2138,7 +3183,7 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2158,7 +3203,7 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.KeepDuration |= (int64(b) & 0x7F) << shift
+				m.KeepDuration |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2177,7 +3222,7 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.KeepBytes |= (int64(b) & 0x7F) << shift
+				m.KeepBytes |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2188,12 +3233,13 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2218,7 +3264,7 @@ func (m *DiskUsageRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2246,7 +3292,7 @@ func (m *DiskUsageRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2256,6 +3302,9 @@ func (m *DiskUsageRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2267,12 +3316,13 @@ func (m *DiskUsageRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2297,7 +3347,7 @@ func (m *DiskUsageResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2325,7 +3375,7 @@ func (m *DiskUsageResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2334,6 +3384,9 @@ func (m *DiskUsageResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2348,12 +3401,13 @@ func (m *DiskUsageResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2378,7 +3432,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2406,7 +3460,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2416,6 +3470,9 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2435,7 +3492,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2455,7 +3512,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2475,7 +3532,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Size_ |= (int64(b) & 0x7F) << shift
+				m.Size_ |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2494,7 +3551,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2504,6 +3561,9 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2523,7 +3583,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2532,10 +3592,13 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.CreatedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2553,7 +3616,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2562,13 +3625,16 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.LastUsedAt == nil {
 				m.LastUsedAt = new(time.Time)
 			}
-			if err := types.StdTimeUnmarshal(m.LastUsedAt, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.LastUsedAt, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2586,7 +3652,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.UsageCount |= (int64(b) & 0x7F) << shift
+				m.UsageCount |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2605,7 +3671,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2615,6 +3681,9 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2634,7 +3703,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2644,6 +3713,9 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2663,7 +3735,7 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2675,12 +3747,13 @@ func (m *UsageRecord) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2705,7 +3778,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2733,7 +3806,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2743,6 +3816,9 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2762,7 +3838,393 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Definition == nil {
+				m.Definition = &pb.Definition{}
+			}
+			if err := m.Definition.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exporter", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Exporter = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExporterAttrs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ExporterAttrs == nil {
+				m.ExporterAttrs = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipControl(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthControl
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.ExporterAttrs[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Session = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Frontend", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Frontend = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FrontendAttrs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.FrontendAttrs == nil {
+				m.FrontendAttrs = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowControl
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowControl
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipControl(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthControl
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.FrontendAttrs[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Cache", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowControl
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2771,19 +4233,19 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Definition == nil {
-				m.Definition = &pb.Definition{}
-			}
-			if err := m.Definition.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Cache.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 3:
+		case 9:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Exporter", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Entitlements", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -2795,7 +4257,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2805,14 +4267,17 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Exporter = string(dAtA[iNdEx:postIndex])
+			m.Entitlements = append(m.Entitlements, github_com_moby_buildkit_util_entitlements.Entitlement(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
-		case 4:
+		case 10:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExporterAttrs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field FrontendInputs", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2824,7 +4289,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2833,14 +4298,17 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ExporterAttrs == nil {
-				m.ExporterAttrs = make(map[string]string)
+			if m.FrontendInputs == nil {
+				m.FrontendInputs = make(map[string]*pb.Definition)
 			}
 			var mapkey string
-			var mapvalue string
+			var mapvalue *pb.Definition
 			for iNdEx < postIndex {
 				entryPreIndex := iNdEx
 				var wire uint64
@@ -2853,7 +4321,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -2870,7 +4338,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -2880,13 +4348,16 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
 					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
 					iNdEx = postStringIndexmapkey
 				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
+					var mapmsglen int
 					for shift := uint(0); ; shift += 7 {
 						if shift >= 64 {
 							return ErrIntOverflowControl
@@ -2896,28 +4367,33 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						mapmsglen |= int(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
 					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
+					if mapmsglen < 0 {
 						return ErrInvalidLengthControl
 					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthControl
+					}
+					if postmsgIndex > l {
 						return io.ErrUnexpectedEOF
 					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
+					mapvalue = &pb.Definition{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
 				} else {
 					iNdEx = entryPreIndex
 					skippy, err := skipControl(dAtA[iNdEx:])
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthControl
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -2926,11 +4402,62 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 					iNdEx += skippy
 				}
 			}
-			m.ExporterAttrs[mapkey] = mapvalue
+			m.FrontendInputs[mapkey] = mapvalue
 			iNdEx = postIndex
-		case 5:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipControl(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthControl
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CacheOptions) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowControl
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CacheOptions: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CacheOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ExportRefDeprecated", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -2942,7 +4469,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2952,14 +4479,17 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Session = string(dAtA[iNdEx:postIndex])
+			m.ExportRefDeprecated = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 6:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Frontend", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ImportRefsDeprecated", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -2971,7 +4501,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2981,14 +4511,17 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Frontend = string(dAtA[iNdEx:postIndex])
+			m.ImportRefsDeprecated = append(m.ImportRefsDeprecated, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
-		case 7:
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field FrontendAttrs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ExportAttrsDeprecated", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3000,7 +4533,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3009,11 +4542,14 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.FrontendAttrs == nil {
-				m.FrontendAttrs = make(map[string]string)
+			if m.ExportAttrsDeprecated == nil {
+				m.ExportAttrsDeprecated = make(map[string]string)
 			}
 			var mapkey string
 			var mapvalue string
@@ -3029,7 +4565,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -3046,7 +4582,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3056,6 +4592,9 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3072,7 +4611,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3082,6 +4621,9 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3093,7 +4635,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthControl
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -3102,11 +4644,11 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 					iNdEx += skippy
 				}
 			}
-			m.FrontendAttrs[mapkey] = mapvalue
+			m.ExportAttrsDeprecated[mapkey] = mapvalue
 			iNdEx = postIndex
-		case 8:
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Cache", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Exports", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3118,7 +4660,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3127,18 +4669,22 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.Cache.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Exports = append(m.Exports, &CacheOptionsEntry{})
+			if err := m.Exports[len(m.Exports)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 9:
+		case 5:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Entitlements", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Imports", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowControl
@@ -3148,20 +4694,25 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthControl
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Entitlements = append(m.Entitlements, github_com_moby_buildkit_util_entitlements.Entitlement(dAtA[iNdEx:postIndex]))
+			m.Imports = append(m.Imports, &CacheOptionsEntry{})
+			if err := m.Imports[len(m.Imports)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -3169,12 +4720,13 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3184,7 +4736,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CacheOptions) Unmarshal(dAtA []byte) error {
+func (m *CacheOptionsEntry) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3199,7 +4751,7 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3207,15 +4759,15 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CacheOptions: wiretype end group for non-group")
+			return fmt.Errorf("proto: CacheOptionsEntry: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CacheOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: CacheOptionsEntry: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExportRef", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -3227,7 +4779,7 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3237,43 +4789,17 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.ExportRef = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ImportRefs", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowControl
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if postIndex < 0 {
 				return ErrInvalidLengthControl
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ImportRefs = append(m.ImportRefs, string(dAtA[iNdEx:postIndex]))
+			m.Type = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 3:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExportAttrs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Attrs", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3285,7 +4811,7 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3294,11 +4820,14 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ExportAttrs == nil {
-				m.ExportAttrs = make(map[string]string)
+			if m.Attrs == nil {
+				m.Attrs = make(map[string]string)
 			}
 			var mapkey string
 			var mapvalue string
@@ -3314,7 +4843,7 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -3331,7 +4860,7 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3341,6 +4870,9 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3357,7 +4889,7 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3367,6 +4899,9 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3378,7 +4913,7 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthControl
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -3387,7 +4922,7 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 					iNdEx += skippy
 				}
 			}
-			m.ExportAttrs[mapkey] = mapvalue
+			m.Attrs[mapkey] = mapvalue
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -3395,12 +4930,13 @@ func (m *CacheOptions) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3425,7 +4961,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3453,7 +4989,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3462,6 +4998,9 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3482,7 +5021,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -3499,7 +5038,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3509,6 +5048,9 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3525,7 +5067,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -3535,6 +5077,9 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthControl
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthControl
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -3546,7 +5091,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthControl
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -3563,12 +5108,13 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3593,7 +5139,7 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3621,7 +5167,7 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3631,6 +5177,9 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3642,12 +5191,13 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3672,7 +5222,7 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3700,7 +5250,7 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3709,6 +5259,9 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3731,7 +5284,7 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3740,6 +5293,9 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3762,7 +5318,7 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3771,6 +5327,9 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3785,12 +5344,13 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3815,7 +5375,7 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3843,7 +5403,7 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3853,6 +5413,9 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3872,7 +5435,7 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3882,6 +5445,9 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3901,7 +5467,7 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3911,6 +5477,9 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -3930,7 +5499,7 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3950,7 +5519,7 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3959,13 +5528,16 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Started == nil {
 				m.Started = new(time.Time)
 			}
-			if err := types.StdTimeUnmarshal(m.Started, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.Started, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -3983,7 +5555,7 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3992,13 +5564,16 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Completed == nil {
 				m.Completed = new(time.Time)
 			}
-			if err := types.StdTimeUnmarshal(m.Completed, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.Completed, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -4016,7 +5591,7 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4026,6 +5601,9 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4037,12 +5615,13 @@ func (m *Vertex) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4067,7 +5646,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4095,7 +5674,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4105,6 +5684,9 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4124,7 +5706,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4134,6 +5716,9 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4153,7 +5738,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4163,6 +5748,9 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4182,7 +5770,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Current |= (int64(b) & 0x7F) << shift
+				m.Current |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4201,7 +5789,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Total |= (int64(b) & 0x7F) << shift
+				m.Total |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4220,7 +5808,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4229,10 +5817,13 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -4250,7 +5841,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4259,13 +5850,16 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Started == nil {
 				m.Started = new(time.Time)
 			}
-			if err := types.StdTimeUnmarshal(m.Started, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.Started, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -4283,7 +5877,7 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4292,13 +5886,16 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Completed == nil {
 				m.Completed = new(time.Time)
 			}
-			if err := types.StdTimeUnmarshal(m.Completed, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.Completed, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -4308,12 +5905,13 @@ func (m *VertexStatus) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4338,7 +5936,7 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4366,7 +5964,7 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4376,6 +5974,9 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4395,7 +5996,7 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4404,10 +6005,13 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := types.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil {
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Timestamp, dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -4425,7 +6029,7 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Stream |= (int64(b) & 0x7F) << shift
+				m.Stream |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4444,7 +6048,7 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4453,6 +6057,9 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4467,12 +6074,13 @@ func (m *VertexLog) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4497,7 +6105,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4525,7 +6133,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4534,6 +6142,9 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4548,12 +6159,13 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4578,7 +6190,7 @@ func (m *ListWorkersRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4606,7 +6218,7 @@ func (m *ListWorkersRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4616,6 +6228,9 @@ func (m *ListWorkersRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -4627,12 +6242,13 @@ func (m *ListWorkersRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4657,7 +6273,7 @@ func (m *ListWorkersResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4685,7 +6301,7 @@ func (m *ListWorkersResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4694,10 +6310,13 @@ func (m *ListWorkersResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthControl
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthControl
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Record = append(m.Record, &moby_buildkit_v1_types.WorkerRecord{})
+			m.Record = append(m.Record, &types.WorkerRecord{})
 			if err := m.Record[len(m.Record)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -4708,12 +6327,13 @@ func (m *ListWorkersResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthControl
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4726,6 +6346,7 @@ func (m *ListWorkersResponse) Unmarshal(dAtA []byte) error {
 func skipControl(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -4757,10 +6378,8 @@ func skipControl(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -4777,139 +6396,34 @@ func skipControl(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthControl
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowControl
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipControl(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupControl
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthControl
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthControl = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowControl   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthControl        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowControl          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupControl = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("control.proto", fileDescriptorControl) }
-
-var fileDescriptorControl = []byte{
-	// 1279 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0x4f, 0x6f, 0x1b, 0x45,
-	0x14, 0xef, 0xda, 0x89, 0xed, 0x7d, 0x76, 0xaa, 0x30, 0x40, 0xb5, 0x5a, 0x20, 0x31, 0x0b, 0x48,
-	0x56, 0xd5, 0xee, 0xb6, 0x81, 0x22, 0x14, 0xa1, 0xaa, 0x75, 0x5c, 0x44, 0xaa, 0x46, 0x94, 0x49,
-	0x4b, 0x25, 0x0e, 0x48, 0x6b, 0x7b, 0xe2, 0xae, 0xb2, 0xde, 0x59, 0x66, 0x66, 0x43, 0xcd, 0x07,
-	0xe0, 0xcc, 0x77, 0xe1, 0xc0, 0x27, 0x40, 0xea, 0x91, 0x73, 0x0f, 0x29, 0xea, 0x1d, 0x4e, 0x5c,
-	0xb8, 0xa1, 0xf9, 0xb3, 0xce, 0x38, 0x76, 0xea, 0xa6, 0x3d, 0x65, 0xde, 0xe4, 0xf7, 0x7e, 0xfb,
-	0xfe, 0xcd, 0x7b, 0xcf, 0xb0, 0x36, 0xa0, 0x99, 0x60, 0x34, 0x0d, 0x73, 0x46, 0x05, 0x45, 0xeb,
-	0x63, 0xda, 0x9f, 0x84, 0xfd, 0x22, 0x49, 0x87, 0x87, 0x89, 0x08, 0x8f, 0xae, 0xfb, 0x57, 0x47,
-	0x89, 0x78, 0x5c, 0xf4, 0xc3, 0x01, 0x1d, 0x47, 0x23, 0x3a, 0xa2, 0x91, 0x02, 0xf6, 0x8b, 0x03,
-	0x25, 0x29, 0x41, 0x9d, 0x34, 0x81, 0xbf, 0x39, 0xa2, 0x74, 0x94, 0x92, 0x13, 0x94, 0x48, 0xc6,
-	0x84, 0x8b, 0x78, 0x9c, 0x1b, 0xc0, 0x15, 0x8b, 0x4f, 0x7e, 0x2c, 0x2a, 0x3f, 0x16, 0x71, 0x9a,
-	0x1e, 0x11, 0x16, 0xe5, 0xfd, 0x88, 0xe6, 0xdc, 0xa0, 0xa3, 0x33, 0xd1, 0x71, 0x9e, 0x44, 0x62,
-	0x92, 0x13, 0x1e, 0xfd, 0x44, 0xd9, 0x21, 0x61, 0x5a, 0x21, 0xf8, 0xc5, 0x81, 0xd6, 0x7d, 0x56,
-	0x64, 0x04, 0x93, 0x1f, 0x0b, 0xc2, 0x05, 0xba, 0x04, 0xb5, 0x83, 0x24, 0x15, 0x84, 0x79, 0x4e,
-	0xbb, 0xda, 0x71, 0xb1, 0x91, 0xd0, 0x3a, 0x54, 0xe3, 0x34, 0xf5, 0x2a, 0x6d, 0xa7, 0xd3, 0xc0,
-	0xf2, 0x88, 0x3a, 0xd0, 0x3a, 0x24, 0x24, 0xef, 0x15, 0x2c, 0x16, 0x09, 0xcd, 0xbc, 0x6a, 0xdb,
-	0xe9, 0x54, 0xbb, 0x2b, 0x4f, 0x8f, 0x37, 0x1d, 0x3c, 0xf3, 0x1f, 0x14, 0x80, 0x2b, 0xe5, 0xee,
-	0x44, 0x10, 0xee, 0xad, 0x58, 0xb0, 0x93, 0xeb, 0xe0, 0x32, 0xac, 0xf7, 0x12, 0x7e, 0xf8, 0x90,
-	0xc7, 0xa3, 0x65, 0xb6, 0x04, 0x77, 0xe1, 0x2d, 0x0b, 0xcb, 0x73, 0x9a, 0x71, 0x82, 0x6e, 0x40,
-	0x8d, 0x91, 0x01, 0x65, 0x43, 0x05, 0x6e, 0x6e, 0x7d, 0x10, 0x9e, 0xce, 0x4d, 0x68, 0x14, 0x24,
-	0x08, 0x1b, 0x70, 0xf0, 0x5f, 0x05, 0x9a, 0xd6, 0x3d, 0xba, 0x08, 0x95, 0xdd, 0x9e, 0xe7, 0xb4,
-	0x9d, 0x8e, 0x8b, 0x2b, 0xbb, 0x3d, 0xe4, 0x41, 0x7d, 0xaf, 0x10, 0x71, 0x3f, 0x25, 0xc6, 0xf7,
-	0x52, 0x44, 0xef, 0xc0, 0xea, 0x6e, 0xf6, 0x90, 0x13, 0xe5, 0x78, 0x03, 0x6b, 0x01, 0x21, 0x58,
-	0xd9, 0x4f, 0x7e, 0x26, 0xda, 0x4d, 0xac, 0xce, 0xd2, 0x8f, 0xfb, 0x31, 0x23, 0x99, 0xf0, 0x56,
-	0x15, 0xaf, 0x91, 0x50, 0x17, 0xdc, 0x1d, 0x46, 0x62, 0x41, 0x86, 0xb7, 0x85, 0x57, 0x6b, 0x3b,
-	0x9d, 0xe6, 0x96, 0x1f, 0xea, 0x82, 0x08, 0xcb, 0x82, 0x08, 0x1f, 0x94, 0x05, 0xd1, 0x6d, 0x3c,
-	0x3d, 0xde, 0xbc, 0xf0, 0xeb, 0x73, 0x19, 0xb7, 0xa9, 0x1a, 0xba, 0x05, 0x70, 0x2f, 0xe6, 0xe2,
-	0x21, 0x57, 0x24, 0xf5, 0xa5, 0x24, 0x2b, 0x8a, 0xc0, 0xd2, 0x41, 0x1b, 0x00, 0x2a, 0x00, 0x3b,
-	0xb4, 0xc8, 0x84, 0xd7, 0x50, 0x76, 0x5b, 0x37, 0xa8, 0x0d, 0xcd, 0x1e, 0xe1, 0x03, 0x96, 0xe4,
-	0x2a, 0xcd, 0xae, 0x72, 0xc1, 0xbe, 0x92, 0x0c, 0x3a, 0x7a, 0x0f, 0x26, 0x39, 0xf1, 0x40, 0x01,
-	0xac, 0x1b, 0xe9, 0xff, 0xfe, 0xe3, 0x98, 0x91, 0xa1, 0xd7, 0x54, 0xa1, 0x32, 0x52, 0xf0, 0xef,
-	0x0a, 0xb4, 0xf6, 0x65, 0x15, 0x97, 0x09, 0x5f, 0x87, 0x2a, 0x26, 0x07, 0x26, 0xfa, 0xf2, 0x88,
-	0x42, 0x80, 0x1e, 0x39, 0x48, 0xb2, 0x44, 0x7d, 0xbb, 0xa2, 0xdc, 0xbb, 0x18, 0xe6, 0xfd, 0xf0,
-	0xe4, 0x16, 0x5b, 0x08, 0xe4, 0x43, 0xe3, 0xce, 0x93, 0x9c, 0x32, 0x59, 0x34, 0x55, 0x45, 0x33,
-	0x95, 0xd1, 0x23, 0x58, 0x2b, 0xcf, 0xb7, 0x85, 0x60, 0xb2, 0x14, 0x65, 0xa1, 0x5c, 0x9f, 0x2f,
-	0x14, 0xdb, 0xa8, 0x70, 0x46, 0xe7, 0x4e, 0x26, 0xd8, 0x04, 0xcf, 0xf2, 0xc8, 0x1a, 0xd9, 0x27,
-	0x9c, 0x4b, 0x0b, 0x75, 0x82, 0x4b, 0x51, 0x9a, 0xf3, 0x15, 0xa3, 0x99, 0x20, 0xd9, 0x50, 0x25,
-	0xd8, 0xc5, 0x53, 0x59, 0x9a, 0x53, 0x9e, 0xb5, 0x39, 0xf5, 0x57, 0x32, 0x67, 0x46, 0xc7, 0x98,
-	0x33, 0x73, 0x87, 0xb6, 0x61, 0x75, 0x27, 0x1e, 0x3c, 0x26, 0x2a, 0x97, 0xcd, 0xad, 0x8d, 0x79,
-	0x42, 0xf5, 0xef, 0x6f, 0x54, 0xf2, 0xb8, 0x7a, 0x8a, 0x17, 0xb0, 0x56, 0x41, 0x3f, 0x40, 0xeb,
-	0x4e, 0x26, 0x12, 0x91, 0x92, 0x31, 0xc9, 0x04, 0xf7, 0x5c, 0xf9, 0xf0, 0xba, 0xdb, 0xcf, 0x8e,
-	0x37, 0x3f, 0x3f, 0xb3, 0xb5, 0x14, 0x22, 0x49, 0x23, 0x62, 0x69, 0x85, 0x16, 0x05, 0x9e, 0xe1,
-	0xf3, 0x6f, 0x01, 0x9a, 0x8f, 0xa7, 0xcc, 0xfb, 0x21, 0x99, 0x94, 0x79, 0x3f, 0x24, 0x13, 0xf9,
-	0xb8, 0x8e, 0xe2, 0xb4, 0xd0, 0x8f, 0xce, 0xc5, 0x5a, 0xd8, 0xae, 0x7c, 0xe1, 0x48, 0x86, 0xf9,
-	0x10, 0x9c, 0x87, 0x21, 0x78, 0xee, 0x40, 0xcb, 0x8e, 0x00, 0x7a, 0x1f, 0x5c, 0x6d, 0xd4, 0x49,
-	0xf1, 0x9d, 0x5c, 0xc8, 0xea, 0xde, 0x1d, 0x1b, 0x81, 0x7b, 0x15, 0xd5, 0x89, 0xac, 0x1b, 0xf4,
-	0x2d, 0x34, 0x35, 0x58, 0x67, 0xb1, 0xaa, 0xb2, 0x18, 0xbd, 0x3c, 0xe8, 0xa1, 0xa5, 0xa1, 0x73,
-	0x68, 0x73, 0xf8, 0x37, 0x61, 0xfd, 0x34, 0xe0, 0x5c, 0x1e, 0xfe, 0xee, 0xc0, 0x9a, 0x29, 0x1a,
-	0xd3, 0x1d, 0xe3, 0x92, 0x91, 0xb0, 0xf2, 0xce, 0xf4, 0xc9, 0x1b, 0x67, 0xd6, 0x9b, 0x86, 0x85,
-	0xa7, 0xf5, 0xb4, 0xbd, 0x73, 0x74, 0xfe, 0x0e, 0xbc, 0xbb, 0x10, 0x7a, 0x2e, 0xcb, 0x3f, 0x84,
-	0xb5, 0x7d, 0x11, 0x8b, 0x82, 0x9f, 0xd9, 0x12, 0x82, 0xdf, 0x1c, 0xb8, 0x58, 0x62, 0x8c, 0x77,
-	0x9f, 0x41, 0xe3, 0x88, 0x30, 0x41, 0x9e, 0x10, 0x6e, 0xbc, 0xf2, 0xe6, 0xbd, 0xfa, 0x4e, 0x21,
-	0xf0, 0x14, 0x89, 0xb6, 0xa1, 0xc1, 0x15, 0x0f, 0xd1, 0x69, 0x5d, 0xf8, 0x54, 0xb4, 0x96, 0xf9,
-	0xde, 0x14, 0x8f, 0x22, 0x58, 0x49, 0xe9, 0xa8, 0xcc, 0xf6, 0x7b, 0x67, 0xe9, 0xdd, 0xa3, 0x23,
-	0xac, 0x80, 0xc1, 0x71, 0x05, 0x6a, 0xfa, 0x0e, 0xdd, 0x85, 0xda, 0x30, 0x19, 0x11, 0x2e, 0xb4,
-	0x57, 0xdd, 0x2d, 0xf9, 0x00, 0x9f, 0x1d, 0x6f, 0x5e, 0xb6, 0x5e, 0x18, 0xcd, 0x49, 0x26, 0x57,
-	0x8d, 0x38, 0xc9, 0x08, 0xe3, 0xd1, 0x88, 0x5e, 0xd5, 0x2a, 0x61, 0x4f, 0xfd, 0xc1, 0x86, 0x41,
-	0x72, 0x25, 0x59, 0x5e, 0x08, 0x53, 0x98, 0xaf, 0xc7, 0xa5, 0x19, 0xe4, 0xe8, 0xca, 0xe2, 0x31,
-	0x31, 0x7d, 0x53, 0x9d, 0x65, 0xeb, 0x1e, 0xc8, 0xba, 0x1d, 0xaa, 0x81, 0xd6, 0xc0, 0x46, 0x42,
-	0xdb, 0x50, 0xe7, 0x22, 0x66, 0x82, 0x0c, 0x55, 0xcb, 0x7b, 0x95, 0x99, 0x53, 0x2a, 0xa0, 0x9b,
-	0xe0, 0x0e, 0xe8, 0x38, 0x4f, 0x89, 0xd4, 0xae, 0xbd, 0xa2, 0xf6, 0x89, 0x8a, 0xac, 0x1e, 0xc2,
-	0x18, 0x65, 0x6a, 0xda, 0xb9, 0x58, 0x0b, 0xc1, 0x3f, 0x15, 0x68, 0xd9, 0xc9, 0x9a, 0x9b, 0xe4,
-	0x77, 0xa1, 0xa6, 0x53, 0xaf, 0xab, 0xee, 0xf5, 0x42, 0xa5, 0x19, 0x16, 0x86, 0xca, 0x83, 0xfa,
-	0xa0, 0x60, 0x6a, 0xcc, 0xeb, 0xe1, 0x5f, 0x8a, 0xd2, 0x60, 0x41, 0x45, 0x9c, 0xaa, 0x50, 0x55,
-	0xb1, 0x16, 0xe4, 0xf4, 0x9f, 0x2e, 0x7b, 0xe7, 0x9b, 0xfe, 0x53, 0x35, 0x3b, 0x0d, 0xf5, 0x37,
-	0x4a, 0x43, 0xe3, 0xdc, 0x69, 0x08, 0xfe, 0x70, 0xc0, 0x9d, 0x56, 0xb9, 0x15, 0x5d, 0xe7, 0x8d,
-	0xa3, 0x3b, 0x13, 0x99, 0xca, 0xeb, 0x45, 0xe6, 0x12, 0xd4, 0xb8, 0x60, 0x24, 0x1e, 0xeb, 0xbd,
-	0x14, 0x1b, 0x49, 0xf6, 0x93, 0x31, 0x1f, 0xa9, 0x0c, 0xb5, 0xb0, 0x3c, 0x06, 0x01, 0xb4, 0xd4,
-	0x0a, 0xba, 0x47, 0xb8, 0x5c, 0x7a, 0x64, 0x6e, 0x87, 0xb1, 0x88, 0x95, 0x1f, 0x2d, 0xac, 0xce,
-	0xc1, 0x15, 0x40, 0xf7, 0x12, 0x2e, 0x1e, 0xa9, 0xd5, 0x99, 0x2f, 0xdb, 0x4f, 0xf7, 0xe1, 0xed,
-	0x19, 0xb4, 0xe9, 0x52, 0x5f, 0x9e, 0xda, 0x50, 0x3f, 0x9e, 0xef, 0x1a, 0x6a, 0x43, 0x0f, 0xb5,
-	0xe2, 0xec, 0xa2, 0xba, 0xf5, 0x77, 0x15, 0xea, 0x3b, 0xfa, 0xc7, 0x07, 0x7a, 0x00, 0xee, 0x74,
-	0x01, 0x46, 0xc1, 0x3c, 0xcd, 0xe9, 0x4d, 0xda, 0xff, 0xe8, 0xa5, 0x18, 0x63, 0xdf, 0xd7, 0xb0,
-	0xaa, 0x7e, 0x0a, 0xa0, 0x05, 0x6d, 0xd0, 0xfe, 0x8d, 0xe0, 0xbf, 0x7c, 0xb5, 0xbe, 0xe6, 0x48,
-	0x26, 0x35, 0x43, 0x16, 0x31, 0xd9, 0xcb, 0x8c, 0xbf, 0xb9, 0x64, 0xf8, 0xa0, 0x3d, 0xa8, 0x99,
-	0xe7, 0xbc, 0x08, 0x6a, 0x4f, 0x0a, 0xbf, 0x7d, 0x36, 0x40, 0x93, 0x5d, 0x73, 0xd0, 0xde, 0x74,
-	0x53, 0x5b, 0x64, 0x9a, 0x5d, 0x06, 0xfe, 0x92, 0xff, 0x77, 0x9c, 0x6b, 0x0e, 0xfa, 0x1e, 0x9a,
-	0x56, 0xa2, 0xd1, 0x82, 0x84, 0xce, 0x57, 0x8d, 0xff, 0xc9, 0x12, 0x94, 0x36, 0xb6, 0xdb, 0x7a,
-	0xfa, 0x62, 0xc3, 0xf9, 0xf3, 0xc5, 0x86, 0xf3, 0xd7, 0x8b, 0x0d, 0xa7, 0x5f, 0x53, 0x75, 0xff,
-	0xe9, 0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0xfe, 0x98, 0x98, 0x82, 0x80, 0x0e, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/api/services/control/control.proto b/vendor/github.com/moby/buildkit/api/services/control/control.proto
index 7ac4095b7a587..84a4680c4ba6d 100644
--- a/vendor/github.com/moby/buildkit/api/services/control/control.proto
+++ b/vendor/github.com/moby/buildkit/api/services/control/control.proto
@@ -2,9 +2,6 @@ syntax = "proto3";
 
 package moby.buildkit.v1;
 
-// The control API is currently considered experimental and may break in a backwards
-// incompatible way.
-
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
 import "google/protobuf/timestamp.proto";
 import "github.com/moby/buildkit/solver/pb/ops.proto";
@@ -63,12 +60,35 @@ message SolveRequest {
 	map<string, string> FrontendAttrs = 7;
 	CacheOptions Cache = 8 [(gogoproto.nullable) = false];
 	repeated string Entitlements = 9 [(gogoproto.customtype) = "github.com/moby/buildkit/util/entitlements.Entitlement" ];
+	map<string, pb.Definition> FrontendInputs = 10;
 }
 
 message CacheOptions {
-	string ExportRef = 1;
-	repeated string ImportRefs = 2;
-	map<string, string> ExportAttrs = 3;
+	// ExportRefDeprecated is deprecated in favor or the new Exports since BuildKit v0.4.0.
+	// When ExportRefDeprecated is set, the solver appends
+	// {.Type = "registry", .Attrs = ExportAttrs.add("ref", ExportRef)}
+	// to Exports for compatibility. (planned to be removed)
+	string ExportRefDeprecated = 1;
+	// ImportRefsDeprecated is deprecated in favor or the new Imports since BuildKit v0.4.0.
+	// When ImportRefsDeprecated is set, the solver appends
+	// {.Type = "registry", .Attrs = {"ref": importRef}}
+	// for each of the ImportRefs entry to Imports for compatibility. (planned to be removed)
+	repeated string ImportRefsDeprecated = 2;
+	// ExportAttrsDeprecated is deprecated since BuildKit v0.4.0.
+	// See the description of ExportRefDeprecated.
+	map<string, string> ExportAttrsDeprecated = 3;
+	// Exports was introduced in BuildKit v0.4.0.
+	repeated CacheOptionsEntry Exports = 4;
+	// Imports was introduced in BuildKit v0.4.0.
+	repeated CacheOptionsEntry Imports = 5;
+}
+
+message CacheOptionsEntry {
+	// Type is like "registry" or "local"
+	string Type = 1;
+	// Attrs are like mode=(min,max), ref=example.com:5000/foo/bar .
+	// See cache importer/exporter implementations' documentation.
+	map<string, string> Attrs = 2;
 }
 
 message SolveResponse {
@@ -124,4 +144,4 @@ message ListWorkersRequest {
 
 message ListWorkersResponse {
 	repeated moby.buildkit.v1.types.WorkerRecord record = 1;
-}
\ No newline at end of file
+}
diff --git a/vendor/github.com/moby/buildkit/api/services/control/generate.go b/vendor/github.com/moby/buildkit/api/services/control/generate.go
index 1c161155f502d..9a3b24613e179 100644
--- a/vendor/github.com/moby/buildkit/api/services/control/generate.go
+++ b/vendor/github.com/moby/buildkit/api/services/control/generate.go
@@ -1,3 +1,3 @@
-package moby_buildkit_v1
+package moby_buildkit_v1 //nolint:golint
 
 //go:generate protoc -I=. -I=../../../vendor/ -I=../../../../../../ --gogo_out=plugins=grpc:. control.proto
diff --git a/vendor/github.com/moby/buildkit/api/types/generate.go b/vendor/github.com/moby/buildkit/api/types/generate.go
index 84007df1d9b8b..984bb74ce1ec4 100644
--- a/vendor/github.com/moby/buildkit/api/types/generate.go
+++ b/vendor/github.com/moby/buildkit/api/types/generate.go
@@ -1,3 +1,3 @@
-package moby_buildkit_v1_types
+package moby_buildkit_v1_types //nolint:golint
 
 //go:generate protoc -I=. -I=../../vendor/ -I=../../../../../ --gogo_out=plugins=grpc:. worker.proto
diff --git a/vendor/github.com/moby/buildkit/api/types/worker.pb.go b/vendor/github.com/moby/buildkit/api/types/worker.pb.go
index 0344d523e7f12..54cbd605e14cb 100644
--- a/vendor/github.com/moby/buildkit/api/types/worker.pb.go
+++ b/vendor/github.com/moby/buildkit/api/types/worker.pb.go
@@ -1,25 +1,17 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: worker.proto
 
-/*
-	Package moby_buildkit_v1_types is a generated protocol buffer package.
-
-	It is generated from these files:
-		worker.proto
-
-	It has these top-level messages:
-		WorkerRecord
-		GCPolicy
-*/
 package moby_buildkit_v1_types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import pb "github.com/moby/buildkit/solver/pb"
-
-import io "io"
+import (
+	fmt "fmt"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	pb "github.com/moby/buildkit/solver/pb"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -30,19 +22,50 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type WorkerRecord struct {
-	ID        string            `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
-	Labels    map[string]string `protobuf:"bytes,2,rep,name=Labels" json:"Labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	Platforms []pb.Platform     `protobuf:"bytes,3,rep,name=platforms" json:"platforms"`
-	GCPolicy  []*GCPolicy       `protobuf:"bytes,4,rep,name=GCPolicy" json:"GCPolicy,omitempty"`
+	ID                   string            `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
+	Labels               map[string]string `protobuf:"bytes,2,rep,name=Labels,proto3" json:"Labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Platforms            []pb.Platform     `protobuf:"bytes,3,rep,name=platforms,proto3" json:"platforms"`
+	GCPolicy             []*GCPolicy       `protobuf:"bytes,4,rep,name=GCPolicy,proto3" json:"GCPolicy,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *WorkerRecord) Reset()         { *m = WorkerRecord{} }
+func (m *WorkerRecord) String() string { return proto.CompactTextString(m) }
+func (*WorkerRecord) ProtoMessage()    {}
+func (*WorkerRecord) Descriptor() ([]byte, []int) {
+	return fileDescriptor_e4ff6184b07e587a, []int{0}
+}
+func (m *WorkerRecord) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WorkerRecord) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_WorkerRecord.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *WorkerRecord) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkerRecord.Merge(m, src)
+}
+func (m *WorkerRecord) XXX_Size() int {
+	return m.Size()
+}
+func (m *WorkerRecord) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkerRecord.DiscardUnknown(m)
 }
 
-func (m *WorkerRecord) Reset()                    { *m = WorkerRecord{} }
-func (m *WorkerRecord) String() string            { return proto.CompactTextString(m) }
-func (*WorkerRecord) ProtoMessage()               {}
-func (*WorkerRecord) Descriptor() ([]byte, []int) { return fileDescriptorWorker, []int{0} }
+var xxx_messageInfo_WorkerRecord proto.InternalMessageInfo
 
 func (m *WorkerRecord) GetID() string {
 	if m != nil {
@@ -73,16 +96,47 @@ func (m *WorkerRecord) GetGCPolicy() []*GCPolicy {
 }
 
 type GCPolicy struct {
-	All          bool     `protobuf:"varint,1,opt,name=all,proto3" json:"all,omitempty"`
-	KeepDuration int64    `protobuf:"varint,2,opt,name=keepDuration,proto3" json:"keepDuration,omitempty"`
-	KeepBytes    int64    `protobuf:"varint,3,opt,name=keepBytes,proto3" json:"keepBytes,omitempty"`
-	Filters      []string `protobuf:"bytes,4,rep,name=filters" json:"filters,omitempty"`
+	All                  bool     `protobuf:"varint,1,opt,name=all,proto3" json:"all,omitempty"`
+	KeepDuration         int64    `protobuf:"varint,2,opt,name=keepDuration,proto3" json:"keepDuration,omitempty"`
+	KeepBytes            int64    `protobuf:"varint,3,opt,name=keepBytes,proto3" json:"keepBytes,omitempty"`
+	Filters              []string `protobuf:"bytes,4,rep,name=filters,proto3" json:"filters,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *GCPolicy) Reset()                    { *m = GCPolicy{} }
-func (m *GCPolicy) String() string            { return proto.CompactTextString(m) }
-func (*GCPolicy) ProtoMessage()               {}
-func (*GCPolicy) Descriptor() ([]byte, []int) { return fileDescriptorWorker, []int{1} }
+func (m *GCPolicy) Reset()         { *m = GCPolicy{} }
+func (m *GCPolicy) String() string { return proto.CompactTextString(m) }
+func (*GCPolicy) ProtoMessage()    {}
+func (*GCPolicy) Descriptor() ([]byte, []int) {
+	return fileDescriptor_e4ff6184b07e587a, []int{1}
+}
+func (m *GCPolicy) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GCPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GCPolicy.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GCPolicy) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GCPolicy.Merge(m, src)
+}
+func (m *GCPolicy) XXX_Size() int {
+	return m.Size()
+}
+func (m *GCPolicy) XXX_DiscardUnknown() {
+	xxx_messageInfo_GCPolicy.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GCPolicy proto.InternalMessageInfo
 
 func (m *GCPolicy) GetAll() bool {
 	if m != nil {
@@ -114,12 +168,43 @@ func (m *GCPolicy) GetFilters() []string {
 
 func init() {
 	proto.RegisterType((*WorkerRecord)(nil), "moby.buildkit.v1.types.WorkerRecord")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.types.WorkerRecord.LabelsEntry")
 	proto.RegisterType((*GCPolicy)(nil), "moby.buildkit.v1.types.GCPolicy")
 }
+
+func init() { proto.RegisterFile("worker.proto", fileDescriptor_e4ff6184b07e587a) }
+
+var fileDescriptor_e4ff6184b07e587a = []byte{
+	// 355 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0xc1, 0x4e, 0xea, 0x40,
+	0x14, 0x86, 0x6f, 0x5b, 0x2e, 0x97, 0x0e, 0xcd, 0x8d, 0x99, 0x18, 0xd3, 0x10, 0x83, 0x84, 0x15,
+	0x0b, 0x9d, 0xa2, 0x6e, 0xd4, 0xb8, 0x42, 0x8c, 0x92, 0xb8, 0x20, 0xb3, 0x71, 0xdd, 0x81, 0x01,
+	0x9b, 0x0e, 0x9c, 0xc9, 0x74, 0x8a, 0xf6, 0x39, 0x7c, 0x29, 0x96, 0x3e, 0x81, 0x31, 0x3c, 0x89,
+	0x99, 0x29, 0x08, 0x26, 0xba, 0x3b, 0xff, 0x9f, 0xff, 0xfb, 0xe7, 0x9c, 0x0c, 0x0a, 0x9e, 0x41,
+	0xa5, 0x5c, 0x11, 0xa9, 0x40, 0x03, 0x3e, 0x98, 0x01, 0x2b, 0x08, 0xcb, 0x13, 0x31, 0x4e, 0x13,
+	0x4d, 0x16, 0xa7, 0x44, 0x17, 0x92, 0x67, 0x8d, 0x93, 0x69, 0xa2, 0x9f, 0x72, 0x46, 0x46, 0x30,
+	0x8b, 0xa6, 0x30, 0x85, 0xc8, 0xc6, 0x59, 0x3e, 0xb1, 0xca, 0x0a, 0x3b, 0x95, 0x35, 0x8d, 0xe3,
+	0x9d, 0xb8, 0x69, 0x8c, 0x36, 0x8d, 0x51, 0x06, 0x62, 0xc1, 0x55, 0x24, 0x59, 0x04, 0x32, 0x2b,
+	0xd3, 0xed, 0x57, 0x17, 0x05, 0x8f, 0x76, 0x0b, 0xca, 0x47, 0xa0, 0xc6, 0xf8, 0x3f, 0x72, 0x07,
+	0xfd, 0xd0, 0x69, 0x39, 0x1d, 0x9f, 0xba, 0x83, 0x3e, 0xbe, 0x47, 0xd5, 0x87, 0x98, 0x71, 0x91,
+	0x85, 0x6e, 0xcb, 0xeb, 0xd4, 0xcf, 0xba, 0xe4, 0xe7, 0x35, 0xc9, 0x6e, 0x0b, 0x29, 0x91, 0xdb,
+	0xb9, 0x56, 0x05, 0x5d, 0xf3, 0xb8, 0x8b, 0x7c, 0x29, 0x62, 0x3d, 0x01, 0x35, 0xcb, 0x42, 0xcf,
+	0x96, 0x05, 0x44, 0x32, 0x32, 0x5c, 0x9b, 0xbd, 0xca, 0xf2, 0xfd, 0xe8, 0x0f, 0xdd, 0x86, 0xf0,
+	0x35, 0xaa, 0xdd, 0xdd, 0x0c, 0x41, 0x24, 0xa3, 0x22, 0xac, 0x58, 0xa0, 0xf5, 0xdb, 0xeb, 0x9b,
+	0x1c, 0xfd, 0x22, 0x1a, 0x97, 0xa8, 0xbe, 0xb3, 0x06, 0xde, 0x43, 0x5e, 0xca, 0x8b, 0xf5, 0x65,
+	0x66, 0xc4, 0xfb, 0xe8, 0xef, 0x22, 0x16, 0x39, 0x0f, 0x5d, 0xeb, 0x95, 0xe2, 0xca, 0xbd, 0x70,
+	0xda, 0x2f, 0xdb, 0x87, 0x0d, 0x17, 0x0b, 0x61, 0xb9, 0x1a, 0x35, 0x23, 0x6e, 0xa3, 0x20, 0xe5,
+	0x5c, 0xf6, 0x73, 0x15, 0xeb, 0x04, 0xe6, 0x16, 0xf7, 0xe8, 0x37, 0x0f, 0x1f, 0x22, 0xdf, 0xe8,
+	0x5e, 0xa1, 0xb9, 0x39, 0xd6, 0x04, 0xb6, 0x06, 0x0e, 0xd1, 0xbf, 0x49, 0x22, 0x34, 0x57, 0x99,
+	0xbd, 0xcb, 0xa7, 0x1b, 0xd9, 0x0b, 0x96, 0xab, 0xa6, 0xf3, 0xb6, 0x6a, 0x3a, 0x1f, 0xab, 0xa6,
+	0xc3, 0xaa, 0xf6, 0x93, 0xce, 0x3f, 0x03, 0x00, 0x00, 0xff, 0xff, 0xfc, 0x79, 0x52, 0x6a, 0x29,
+	0x02, 0x00, 0x00,
+}
+
 func (m *WorkerRecord) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -127,64 +212,80 @@ func (m *WorkerRecord) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *WorkerRecord) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WorkerRecord) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintWorker(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Labels) > 0 {
-		for k, _ := range m.Labels {
-			dAtA[i] = 0x12
-			i++
-			v := m.Labels[k]
-			mapSize := 1 + len(k) + sovWorker(uint64(len(k))) + 1 + len(v) + sovWorker(uint64(len(v)))
-			i = encodeVarintWorker(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintWorker(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintWorker(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
+	if len(m.GCPolicy) > 0 {
+		for iNdEx := len(m.GCPolicy) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.GCPolicy[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintWorker(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
 		}
 	}
 	if len(m.Platforms) > 0 {
-		for _, msg := range m.Platforms {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintWorker(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Platforms) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Platforms[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintWorker(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if len(m.GCPolicy) > 0 {
-		for _, msg := range m.GCPolicy {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintWorker(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
+	if len(m.Labels) > 0 {
+		for k := range m.Labels {
+			v := m.Labels[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintWorker(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintWorker(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintWorker(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	return i, nil
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintWorker(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *GCPolicy) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -192,58 +293,66 @@ func (m *GCPolicy) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GCPolicy) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GCPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.All {
-		dAtA[i] = 0x8
-		i++
-		if m.All {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.KeepDuration != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintWorker(dAtA, i, uint64(m.KeepDuration))
+	if len(m.Filters) > 0 {
+		for iNdEx := len(m.Filters) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filters[iNdEx])
+			copy(dAtA[i:], m.Filters[iNdEx])
+			i = encodeVarintWorker(dAtA, i, uint64(len(m.Filters[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
 	}
 	if m.KeepBytes != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintWorker(dAtA, i, uint64(m.KeepBytes))
+		i--
+		dAtA[i] = 0x18
 	}
-	if len(m.Filters) > 0 {
-		for _, s := range m.Filters {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
+	if m.KeepDuration != 0 {
+		i = encodeVarintWorker(dAtA, i, uint64(m.KeepDuration))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.All {
+		i--
+		if m.All {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
 		}
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintWorker(dAtA []byte, offset int, v uint64) int {
+	offset -= sovWorker(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *WorkerRecord) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -270,10 +379,16 @@ func (m *WorkerRecord) Size() (n int) {
 			n += 1 + l + sovWorker(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func (m *GCPolicy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.All {
@@ -291,18 +406,14 @@ func (m *GCPolicy) Size() (n int) {
 			n += 1 + l + sovWorker(uint64(l))
 		}
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovWorker(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozWorker(x uint64) (n int) {
 	return sovWorker(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -322,7 +433,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -350,7 +461,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -360,6 +471,9 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWorker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWorker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -379,7 +493,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -388,6 +502,9 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWorker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWorker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -408,7 +525,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -425,7 +542,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -435,6 +552,9 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthWorker
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthWorker
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -451,7 +571,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -461,6 +581,9 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthWorker
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthWorker
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -472,7 +595,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthWorker
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -497,7 +620,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -506,6 +629,9 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWorker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWorker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -528,7 +654,7 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -537,6 +663,9 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWorker
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWorker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -551,12 +680,13 @@ func (m *WorkerRecord) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWorker
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -581,7 +711,7 @@ func (m *GCPolicy) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -609,7 +739,7 @@ func (m *GCPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -629,7 +759,7 @@ func (m *GCPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.KeepDuration |= (int64(b) & 0x7F) << shift
+				m.KeepDuration |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -648,7 +778,7 @@ func (m *GCPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.KeepBytes |= (int64(b) & 0x7F) << shift
+				m.KeepBytes |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -667,7 +797,7 @@ func (m *GCPolicy) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -677,6 +807,9 @@ func (m *GCPolicy) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWorker
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWorker
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -688,12 +821,13 @@ func (m *GCPolicy) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthWorker
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -706,6 +840,7 @@ func (m *GCPolicy) Unmarshal(dAtA []byte) error {
 func skipWorker(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -737,10 +872,8 @@ func skipWorker(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -757,82 +890,34 @@ func skipWorker(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthWorker
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowWorker
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipWorker(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupWorker
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthWorker
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthWorker = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowWorker   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthWorker        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowWorker          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupWorker = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("worker.proto", fileDescriptorWorker) }
-
-var fileDescriptorWorker = []byte{
-	// 355 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0xc1, 0x4e, 0xea, 0x40,
-	0x14, 0x86, 0x6f, 0x5b, 0x2e, 0x97, 0x0e, 0xcd, 0x8d, 0x99, 0x18, 0xd3, 0x10, 0x83, 0x84, 0x15,
-	0x0b, 0x9d, 0xa2, 0x6e, 0xd4, 0xb8, 0x42, 0x8c, 0x92, 0xb8, 0x20, 0xb3, 0x71, 0xdd, 0x81, 0x01,
-	0x9b, 0x0e, 0x9c, 0xc9, 0x74, 0x8a, 0xf6, 0x39, 0x7c, 0x29, 0x96, 0x3e, 0x81, 0x31, 0x3c, 0x89,
-	0x99, 0x29, 0x08, 0x26, 0xba, 0x3b, 0xff, 0x9f, 0xff, 0xfb, 0xe7, 0x9c, 0x0c, 0x0a, 0x9e, 0x41,
-	0xa5, 0x5c, 0x11, 0xa9, 0x40, 0x03, 0x3e, 0x98, 0x01, 0x2b, 0x08, 0xcb, 0x13, 0x31, 0x4e, 0x13,
-	0x4d, 0x16, 0xa7, 0x44, 0x17, 0x92, 0x67, 0x8d, 0x93, 0x69, 0xa2, 0x9f, 0x72, 0x46, 0x46, 0x30,
-	0x8b, 0xa6, 0x30, 0x85, 0xc8, 0xc6, 0x59, 0x3e, 0xb1, 0xca, 0x0a, 0x3b, 0x95, 0x35, 0x8d, 0xe3,
-	0x9d, 0xb8, 0x69, 0x8c, 0x36, 0x8d, 0x51, 0x06, 0x62, 0xc1, 0x55, 0x24, 0x59, 0x04, 0x32, 0x2b,
-	0xd3, 0xed, 0x57, 0x17, 0x05, 0x8f, 0x76, 0x0b, 0xca, 0x47, 0xa0, 0xc6, 0xf8, 0x3f, 0x72, 0x07,
-	0xfd, 0xd0, 0x69, 0x39, 0x1d, 0x9f, 0xba, 0x83, 0x3e, 0xbe, 0x47, 0xd5, 0x87, 0x98, 0x71, 0x91,
-	0x85, 0x6e, 0xcb, 0xeb, 0xd4, 0xcf, 0xba, 0xe4, 0xe7, 0x35, 0xc9, 0x6e, 0x0b, 0x29, 0x91, 0xdb,
-	0xb9, 0x56, 0x05, 0x5d, 0xf3, 0xb8, 0x8b, 0x7c, 0x29, 0x62, 0x3d, 0x01, 0x35, 0xcb, 0x42, 0xcf,
-	0x96, 0x05, 0x44, 0x32, 0x32, 0x5c, 0x9b, 0xbd, 0xca, 0xf2, 0xfd, 0xe8, 0x0f, 0xdd, 0x86, 0xf0,
-	0x35, 0xaa, 0xdd, 0xdd, 0x0c, 0x41, 0x24, 0xa3, 0x22, 0xac, 0x58, 0xa0, 0xf5, 0xdb, 0xeb, 0x9b,
-	0x1c, 0xfd, 0x22, 0x1a, 0x97, 0xa8, 0xbe, 0xb3, 0x06, 0xde, 0x43, 0x5e, 0xca, 0x8b, 0xf5, 0x65,
-	0x66, 0xc4, 0xfb, 0xe8, 0xef, 0x22, 0x16, 0x39, 0x0f, 0x5d, 0xeb, 0x95, 0xe2, 0xca, 0xbd, 0x70,
-	0xda, 0x2f, 0xdb, 0x87, 0x0d, 0x17, 0x0b, 0x61, 0xb9, 0x1a, 0x35, 0x23, 0x6e, 0xa3, 0x20, 0xe5,
-	0x5c, 0xf6, 0x73, 0x15, 0xeb, 0x04, 0xe6, 0x16, 0xf7, 0xe8, 0x37, 0x0f, 0x1f, 0x22, 0xdf, 0xe8,
-	0x5e, 0xa1, 0xb9, 0x39, 0xd6, 0x04, 0xb6, 0x06, 0x0e, 0xd1, 0xbf, 0x49, 0x22, 0x34, 0x57, 0x99,
-	0xbd, 0xcb, 0xa7, 0x1b, 0xd9, 0x0b, 0x96, 0xab, 0xa6, 0xf3, 0xb6, 0x6a, 0x3a, 0x1f, 0xab, 0xa6,
-	0xc3, 0xaa, 0xf6, 0x93, 0xce, 0x3f, 0x03, 0x00, 0x00, 0xff, 0xff, 0xfc, 0x79, 0x52, 0x6a, 0x29,
-	0x02, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/cache/blobs.go b/vendor/github.com/moby/buildkit/cache/blobs.go
new file mode 100644
index 0000000000000..767462aeef59a
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/cache/blobs.go
@@ -0,0 +1,226 @@
+package cache
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/diff"
+	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/mount"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/util/compression"
+	"github.com/moby/buildkit/util/flightcontrol"
+	"github.com/moby/buildkit/util/winlayers"
+	digest "github.com/opencontainers/go-digest"
+	imagespecidentity "github.com/opencontainers/image-spec/identity"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
+)
+
+var g flightcontrol.Group
+
+const containerdUncompressed = "containerd.io/uncompressed"
+
+var ErrNoBlobs = errors.Errorf("no blobs for snapshot")
+
+// computeBlobChain ensures every ref in a parent chain has an associated blob in the content store. If
+// a blob is missing and createIfNeeded is true, then the blob will be created, otherwise ErrNoBlobs will
+// be returned. Caller must hold a lease when calling this function.
+func (sr *immutableRef) computeBlobChain(ctx context.Context, createIfNeeded bool, compressionType compression.Type, s session.Group) error {
+	if _, ok := leases.FromContext(ctx); !ok {
+		return errors.Errorf("missing lease requirement for computeBlobChain")
+	}
+
+	if err := sr.Finalize(ctx, true); err != nil {
+		return err
+	}
+
+	if isTypeWindows(sr) {
+		ctx = winlayers.UseWindowsLayerMode(ctx)
+	}
+
+	return computeBlobChain(ctx, sr, createIfNeeded, compressionType, s)
+}
+
+func computeBlobChain(ctx context.Context, sr *immutableRef, createIfNeeded bool, compressionType compression.Type, s session.Group) error {
+	baseCtx := ctx
+	eg, ctx := errgroup.WithContext(ctx)
+	var currentDescr ocispec.Descriptor
+	if sr.parent != nil {
+		eg.Go(func() error {
+			return computeBlobChain(ctx, sr.parent, createIfNeeded, compressionType, s)
+		})
+	}
+	eg.Go(func() error {
+		dp, err := g.Do(ctx, sr.ID(), func(ctx context.Context) (interface{}, error) {
+			refInfo := sr.Info()
+			if refInfo.Blob != "" {
+				return nil, nil
+			} else if !createIfNeeded {
+				return nil, errors.WithStack(ErrNoBlobs)
+			}
+
+			var mediaType string
+			switch compressionType {
+			case compression.Uncompressed:
+				mediaType = ocispec.MediaTypeImageLayer
+			case compression.Gzip:
+				mediaType = ocispec.MediaTypeImageLayerGzip
+			default:
+				return nil, errors.Errorf("unknown layer compression type: %q", compressionType)
+			}
+
+			var descr ocispec.Descriptor
+			var err error
+
+			if descr.Digest == "" {
+				// reference needs to be committed
+				var lower []mount.Mount
+				if sr.parent != nil {
+					m, err := sr.parent.Mount(ctx, true, s)
+					if err != nil {
+						return nil, err
+					}
+					var release func() error
+					lower, release, err = m.Mount()
+					if err != nil {
+						return nil, err
+					}
+					if release != nil {
+						defer release()
+					}
+				}
+				m, err := sr.Mount(ctx, true, s)
+				if err != nil {
+					return nil, err
+				}
+				upper, release, err := m.Mount()
+				if err != nil {
+					return nil, err
+				}
+				if release != nil {
+					defer release()
+				}
+				descr, err = sr.cm.Differ.Compare(ctx, lower, upper,
+					diff.WithMediaType(mediaType),
+					diff.WithReference(sr.ID()),
+				)
+				if err != nil {
+					return nil, err
+				}
+			}
+
+			if descr.Annotations == nil {
+				descr.Annotations = map[string]string{}
+			}
+
+			info, err := sr.cm.ContentStore.Info(ctx, descr.Digest)
+			if err != nil {
+				return nil, err
+			}
+
+			if diffID, ok := info.Labels[containerdUncompressed]; ok {
+				descr.Annotations[containerdUncompressed] = diffID
+			} else if compressionType == compression.Uncompressed {
+				descr.Annotations[containerdUncompressed] = descr.Digest.String()
+			} else {
+				return nil, errors.Errorf("unknown layer compression type")
+			}
+
+			return descr, nil
+
+		})
+		if err != nil {
+			return err
+		}
+
+		if dp != nil {
+			currentDescr = dp.(ocispec.Descriptor)
+		}
+		return nil
+	})
+	err := eg.Wait()
+	if err != nil {
+		return err
+	}
+	if currentDescr.Digest != "" {
+		if err := sr.setBlob(baseCtx, currentDescr); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// setBlob associates a blob with the cache record.
+// A lease must be held for the blob when calling this function
+// Caller should call Info() for knowing what current values are actually set
+func (sr *immutableRef) setBlob(ctx context.Context, desc ocispec.Descriptor) error {
+	if _, ok := leases.FromContext(ctx); !ok {
+		return errors.Errorf("missing lease requirement for setBlob")
+	}
+
+	diffID, err := diffIDFromDescriptor(desc)
+	if err != nil {
+		return err
+	}
+	if _, err := sr.cm.ContentStore.Info(ctx, desc.Digest); err != nil {
+		return err
+	}
+
+	sr.mu.Lock()
+	defer sr.mu.Unlock()
+
+	if getChainID(sr.md) != "" {
+		return nil
+	}
+
+	if err := sr.finalize(ctx, true); err != nil {
+		return err
+	}
+
+	p := sr.parent
+	var parentChainID digest.Digest
+	var parentBlobChainID digest.Digest
+	if p != nil {
+		pInfo := p.Info()
+		if pInfo.ChainID == "" || pInfo.BlobChainID == "" {
+			return errors.Errorf("failed to set blob for reference with non-addressable parent")
+		}
+		parentChainID = pInfo.ChainID
+		parentBlobChainID = pInfo.BlobChainID
+	}
+
+	if err := sr.cm.LeaseManager.AddResource(ctx, leases.Lease{ID: sr.ID()}, leases.Resource{
+		ID:   desc.Digest.String(),
+		Type: "content",
+	}); err != nil {
+		return err
+	}
+
+	queueDiffID(sr.md, diffID.String())
+	queueBlob(sr.md, desc.Digest.String())
+	chainID := diffID
+	blobChainID := imagespecidentity.ChainID([]digest.Digest{desc.Digest, diffID})
+	if parentChainID != "" {
+		chainID = imagespecidentity.ChainID([]digest.Digest{parentChainID, chainID})
+		blobChainID = imagespecidentity.ChainID([]digest.Digest{parentBlobChainID, blobChainID})
+	}
+	queueChainID(sr.md, chainID.String())
+	queueBlobChainID(sr.md, blobChainID.String())
+	queueMediaType(sr.md, desc.MediaType)
+	queueBlobSize(sr.md, desc.Size)
+	if err := sr.md.Commit(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func isTypeWindows(sr *immutableRef) bool {
+	if GetLayerType(sr) == "windows" {
+		return true
+	}
+	if parent := sr.parent; parent != nil {
+		return isTypeWindows(parent)
+	}
+	return false
+}
diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go b/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go
index 35199e02f98d6..1c416abdbaa74 100644
--- a/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go
+++ b/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go
@@ -8,14 +8,18 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"strings"
 	"sync"
 
-	"github.com/docker/docker/pkg/locker"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/idtools"
 	iradix "github.com/hashicorp/go-immutable-radix"
 	"github.com/hashicorp/golang-lru/simplelru"
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/metadata"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/locker"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/tonistiigi/fsutil"
@@ -43,20 +47,31 @@ func getDefaultManager() *cacheManager {
 // header, "/dir" is for contents. For the root node "" (empty string) is the
 // key for root, "/" for the root header
 
-func Checksum(ctx context.Context, ref cache.ImmutableRef, path string) (digest.Digest, error) {
-	return getDefaultManager().Checksum(ctx, ref, path)
+type ChecksumOpts struct {
+	FollowLinks     bool
+	Wildcard        bool
+	IncludePatterns []string
+	ExcludePatterns []string
 }
 
-func GetCacheContext(ctx context.Context, md *metadata.StorageItem) (CacheContext, error) {
-	return getDefaultManager().GetCacheContext(ctx, md)
+func Checksum(ctx context.Context, ref cache.ImmutableRef, path string, opts ChecksumOpts, s session.Group) (digest.Digest, error) {
+	return getDefaultManager().Checksum(ctx, ref, path, opts, s)
+}
+
+func GetCacheContext(ctx context.Context, md *metadata.StorageItem, idmap *idtools.IdentityMapping) (CacheContext, error) {
+	return getDefaultManager().GetCacheContext(ctx, md, idmap)
 }
 
 func SetCacheContext(ctx context.Context, md *metadata.StorageItem, cc CacheContext) error {
 	return getDefaultManager().SetCacheContext(ctx, md, cc)
 }
 
+func ClearCacheContext(md *metadata.StorageItem) {
+	getDefaultManager().clearCacheContext(md.ID())
+}
+
 type CacheContext interface {
-	Checksum(ctx context.Context, ref cache.Mountable, p string) (digest.Digest, error)
+	Checksum(ctx context.Context, ref cache.Mountable, p string, opts ChecksumOpts, s session.Group) (digest.Digest, error)
 	HandleChange(kind fsutil.ChangeKind, p string, fi os.FileInfo, err error) error
 }
 
@@ -64,30 +79,36 @@ type Hashed interface {
 	Digest() digest.Digest
 }
 
+type IncludedPath struct {
+	Path   string
+	Record *CacheRecord
+}
+
 type cacheManager struct {
 	locker *locker.Locker
 	lru    *simplelru.LRU
 	lruMu  sync.Mutex
 }
 
-func (cm *cacheManager) Checksum(ctx context.Context, ref cache.ImmutableRef, p string) (digest.Digest, error) {
-	cc, err := cm.GetCacheContext(ctx, ensureOriginMetadata(ref.Metadata()))
+func (cm *cacheManager) Checksum(ctx context.Context, ref cache.ImmutableRef, p string, opts ChecksumOpts, s session.Group) (digest.Digest, error) {
+	cc, err := cm.GetCacheContext(ctx, ensureOriginMetadata(ref.Metadata()), ref.IdentityMapping())
 	if err != nil {
 		return "", nil
 	}
-	return cc.Checksum(ctx, ref, p)
+	return cc.Checksum(ctx, ref, p, opts, s)
 }
 
-func (cm *cacheManager) GetCacheContext(ctx context.Context, md *metadata.StorageItem) (CacheContext, error) {
+func (cm *cacheManager) GetCacheContext(ctx context.Context, md *metadata.StorageItem, idmap *idtools.IdentityMapping) (CacheContext, error) {
 	cm.locker.Lock(md.ID())
 	cm.lruMu.Lock()
 	v, ok := cm.lru.Get(md.ID())
 	cm.lruMu.Unlock()
 	if ok {
 		cm.locker.Unlock(md.ID())
+		v.(*cacheContext).linkMap = map[string][][]byte{}
 		return v.(*cacheContext), nil
 	}
-	cc, err := newCacheContext(md)
+	cc, err := newCacheContext(md, idmap)
 	if err != nil {
 		cm.locker.Unlock(md.ID())
 		return nil, err
@@ -109,6 +130,7 @@ func (cm *cacheManager) SetCacheContext(ctx context.Context, md *metadata.Storag
 			md:       md,
 			tree:     cci.(*cacheContext).tree,
 			dirtyMap: map[string]struct{}{},
+			linkMap:  map[string][][]byte{},
 		}
 	} else {
 		if err := cc.save(); err != nil {
@@ -121,6 +143,12 @@ func (cm *cacheManager) SetCacheContext(ctx context.Context, md *metadata.Storag
 	return nil
 }
 
+func (cm *cacheManager) clearCacheContext(id string) {
+	cm.lruMu.Lock()
+	cm.lru.Remove(id)
+	cm.lruMu.Unlock()
+}
+
 type cacheContext struct {
 	mu    sync.RWMutex
 	md    *metadata.StorageItem
@@ -131,19 +159,22 @@ type cacheContext struct {
 	txn      *iradix.Txn
 	node     *iradix.Node
 	dirtyMap map[string]struct{}
+	linkMap  map[string][][]byte
+	idmap    *idtools.IdentityMapping
 }
 
 type mount struct {
 	mountable cache.Mountable
 	mountPath string
 	unmount   func() error
+	session   session.Group
 }
 
 func (m *mount) mount(ctx context.Context) (string, error) {
 	if m.mountPath != "" {
 		return m.mountPath, nil
 	}
-	mounts, err := m.mountable.Mount(ctx, true)
+	mounts, err := m.mountable.Mount(ctx, true, m.session)
 	if err != nil {
 		return "", err
 	}
@@ -170,11 +201,13 @@ func (m *mount) clean() error {
 	return nil
 }
 
-func newCacheContext(md *metadata.StorageItem) (*cacheContext, error) {
+func newCacheContext(md *metadata.StorageItem, idmap *idtools.IdentityMapping) (*cacheContext, error) {
 	cc := &cacheContext{
 		md:       md,
 		tree:     iradix.New(),
 		dirtyMap: map[string]struct{}{},
+		linkMap:  map[string][][]byte{},
+		idmap:    idmap,
 	}
 	if err := cc.load(); err != nil {
 		return nil, err
@@ -227,12 +260,17 @@ func (cc *cacheContext) save() error {
 	return cc.md.SetExternal(keyContentHash, dt)
 }
 
-// HandleChange notifies the source about a modification operation
-func (cc *cacheContext) HandleChange(kind fsutil.ChangeKind, p string, fi os.FileInfo, err error) (retErr error) {
+func keyPath(p string) string {
 	p = path.Join("/", filepath.ToSlash(p))
 	if p == "/" {
 		p = ""
 	}
+	return p
+}
+
+// HandleChange notifies the source about a modification operation
+func (cc *cacheContext) HandleChange(kind fsutil.ChangeKind, p string, fi os.FileInfo, err error) (retErr error) {
+	p = keyPath(p)
 	k := convertPathToKey([]byte(p))
 
 	deleteDir := func(cr *CacheRecord) {
@@ -307,7 +345,35 @@ func (cc *cacheContext) HandleChange(kind fsutil.ChangeKind, p string, fi os.Fil
 		p += "/"
 	}
 	cr.Digest = h.Digest()
+
+	// if we receive a hardlink just use the digest of the source
+	// note that the source may be called later because data writing is async
+	if fi.Mode()&os.ModeSymlink == 0 && stat.Linkname != "" {
+		ln := path.Join("/", filepath.ToSlash(stat.Linkname))
+		v, ok := cc.txn.Get(convertPathToKey([]byte(ln)))
+		if ok {
+			cp := *v.(*CacheRecord)
+			cr = &cp
+		}
+		cc.linkMap[ln] = append(cc.linkMap[ln], k)
+	}
+
 	cc.txn.Insert(k, cr)
+	if !fi.IsDir() {
+		if links, ok := cc.linkMap[p]; ok {
+			for _, l := range links {
+				pp := convertKeyToPath(l)
+				cc.txn.Insert(l, cr)
+				d := path.Dir(string(pp))
+				if d == "/" {
+					d = ""
+				}
+				cc.dirtyMap[d] = struct{}{}
+			}
+			delete(cc.linkMap, p)
+		}
+	}
+
 	d := path.Dir(p)
 	if d == "/" {
 		d = ""
@@ -317,10 +383,50 @@ func (cc *cacheContext) HandleChange(kind fsutil.ChangeKind, p string, fi os.Fil
 	return nil
 }
 
-func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable, p string) (digest.Digest, error) {
-	m := &mount{mountable: mountable}
+func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable, p string, opts ChecksumOpts, s session.Group) (digest.Digest, error) {
+	m := &mount{mountable: mountable, session: s}
 	defer m.clean()
 
+	if !opts.Wildcard && len(opts.IncludePatterns) == 0 && len(opts.ExcludePatterns) == 0 {
+		return cc.checksumFollow(ctx, m, p, opts.FollowLinks)
+	}
+
+	includedPaths, err := cc.includedPaths(ctx, m, p, opts)
+	if err != nil {
+		return "", err
+	}
+
+	if opts.FollowLinks {
+		for i, w := range includedPaths {
+			if w.Record.Type == CacheRecordTypeSymlink {
+				dgst, err := cc.checksumFollow(ctx, m, w.Path, opts.FollowLinks)
+				if err != nil {
+					return "", err
+				}
+				includedPaths[i].Record = &CacheRecord{Digest: dgst}
+			}
+		}
+	}
+	if len(includedPaths) == 0 {
+		return digest.FromBytes([]byte{}), nil
+	}
+
+	if len(includedPaths) == 1 && path.Base(p) == path.Base(includedPaths[0].Path) {
+		return includedPaths[0].Record.Digest, nil
+	}
+
+	digester := digest.Canonical.Digester()
+	for i, w := range includedPaths {
+		if i != 0 {
+			digester.Hash().Write([]byte{0})
+		}
+		digester.Hash().Write([]byte(path.Base(w.Path)))
+		digester.Hash().Write([]byte(w.Record.Digest))
+	}
+	return digester.Digest(), nil
+}
+
+func (cc *cacheContext) checksumFollow(ctx context.Context, m *mount, p string, follow bool) (digest.Digest, error) {
 	const maxSymlinkLimit = 255
 	i := 0
 	for {
@@ -331,7 +437,7 @@ func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable,
 		if err != nil {
 			return "", err
 		}
-		if cr.Type == CacheRecordTypeSymlink {
+		if cr.Type == CacheRecordTypeSymlink && follow {
 			link := cr.Linkname
 			if !path.IsAbs(cr.Linkname) {
 				link = path.Join(path.Dir(p), link)
@@ -344,11 +450,198 @@ func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable,
 	}
 }
 
-func (cc *cacheContext) checksumNoFollow(ctx context.Context, m *mount, p string) (*CacheRecord, error) {
-	p = path.Join("/", filepath.ToSlash(p))
-	if p == "/" {
-		p = ""
+func (cc *cacheContext) includedPaths(ctx context.Context, m *mount, p string, opts ChecksumOpts) ([]*IncludedPath, error) {
+	cc.mu.Lock()
+	defer cc.mu.Unlock()
+
+	if cc.txn != nil {
+		cc.commitActiveTransaction()
+	}
+
+	root := cc.tree.Root()
+	scan, err := cc.needsScan(root, "")
+	if err != nil {
+		return nil, err
 	}
+	if scan {
+		if err := cc.scanPath(ctx, m, ""); err != nil {
+			return nil, err
+		}
+	}
+
+	defer func() {
+		if cc.dirty {
+			go cc.save()
+			cc.dirty = false
+		}
+	}()
+
+	endsInSep := len(p) != 0 && p[len(p)-1] == filepath.Separator
+	p = keyPath(p)
+
+	var includePatternMatcher *fileutils.PatternMatcher
+	if len(opts.IncludePatterns) != 0 {
+		rootedIncludePatterns := make([]string, len(opts.IncludePatterns))
+		for i, includePattern := range opts.IncludePatterns {
+			rootedIncludePatterns[i] = keyPath(includePattern)
+		}
+		includePatternMatcher, err = fileutils.NewPatternMatcher(rootedIncludePatterns)
+		if err != nil {
+			return nil, errors.Wrapf(err, "invalid includepatterns: %s", opts.IncludePatterns)
+		}
+	}
+
+	var excludePatternMatcher *fileutils.PatternMatcher
+	if len(opts.ExcludePatterns) != 0 {
+		rootedExcludePatterns := make([]string, len(opts.ExcludePatterns))
+		for i, excludePattern := range opts.ExcludePatterns {
+			rootedExcludePatterns[i] = keyPath(excludePattern)
+		}
+		excludePatternMatcher, err = fileutils.NewPatternMatcher(rootedExcludePatterns)
+		if err != nil {
+			return nil, errors.Wrapf(err, "invalid excludepatterns: %s", opts.ExcludePatterns)
+		}
+	}
+
+	includedPaths := make([]*IncludedPath, 0, 2)
+
+	txn := cc.tree.Txn()
+	root = txn.Root()
+	var (
+		updated bool
+		iter    *iradix.Seeker
+		k       []byte
+		kOk     bool
+	)
+
+	if opts.Wildcard {
+		iter = root.Seek([]byte{})
+		k, _, kOk = iter.Next()
+	} else {
+		k = convertPathToKey([]byte(p))
+		if _, kOk = root.Get(k); kOk {
+			iter = root.Seek(k)
+		}
+	}
+
+	var (
+		parentDirHeaders []*IncludedPath
+		lastMatchedDir   string
+	)
+
+	for kOk {
+		fn := string(convertKeyToPath(k))
+
+		for len(parentDirHeaders) != 0 {
+			lastParentDir := parentDirHeaders[len(parentDirHeaders)-1]
+			if strings.HasPrefix(fn, lastParentDir.Path+"/") {
+				break
+			}
+			parentDirHeaders = parentDirHeaders[:len(parentDirHeaders)-1]
+		}
+
+		dirHeader := false
+		if len(k) > 0 && k[len(k)-1] == byte(0) {
+			dirHeader = true
+			fn = fn[:len(fn)-1]
+			if fn == p && endsInSep {
+				// We don't include the metadata header for a source dir which ends with a separator
+				k, _, kOk = iter.Next()
+				continue
+			}
+		}
+		if opts.Wildcard {
+			if lastMatchedDir == "" || !strings.HasPrefix(fn, lastMatchedDir+"/") {
+				include, err := path.Match(p, fn)
+				if err != nil {
+					return nil, err
+				}
+				if !include {
+					k, _, kOk = iter.Next()
+					continue
+				}
+				lastMatchedDir = fn
+			}
+		} else if !strings.HasPrefix(fn+"/", p+"/") {
+			k, _, kOk = iter.Next()
+			continue
+		}
+
+		shouldInclude, err := shouldIncludePath(p, fn, includePatternMatcher, excludePatternMatcher)
+		if err != nil {
+			return nil, err
+		}
+		if !shouldInclude && !dirHeader {
+			k, _, kOk = iter.Next()
+			continue
+		}
+
+		cr, upt, err := cc.checksum(ctx, root, txn, m, k, false)
+		if err != nil {
+			return nil, err
+		}
+		if upt {
+			updated = true
+		}
+
+		if cr.Type == CacheRecordTypeDir {
+			// We only hash dir headers and files, not dir contents. Hashing
+			// dir contents could be wrong if there are exclusions within the
+			// dir.
+			shouldInclude = false
+		}
+
+		if !shouldInclude {
+			if cr.Type == CacheRecordTypeDirHeader {
+				// We keep track of non-included parent dir headers in case an
+				// include pattern matches a file inside one of these dirs.
+				parentDirHeaders = append(parentDirHeaders, &IncludedPath{Path: fn, Record: cr})
+			}
+		} else {
+			includedPaths = append(includedPaths, parentDirHeaders...)
+			parentDirHeaders = nil
+			includedPaths = append(includedPaths, &IncludedPath{Path: fn, Record: cr})
+		}
+		k, _, kOk = iter.Next()
+	}
+
+	cc.tree = txn.Commit()
+	cc.dirty = updated
+
+	return includedPaths, nil
+}
+
+func shouldIncludePath(
+	p string,
+	candidate string,
+	includePatternMatcher *fileutils.PatternMatcher,
+	excludePatternMatcher *fileutils.PatternMatcher,
+) (bool, error) {
+	if includePatternMatcher != nil {
+		m, err := includePatternMatcher.Matches(filepath.FromSlash(candidate))
+		if err != nil {
+			return false, errors.Wrap(err, "failed to match includepatterns")
+		}
+		if !m {
+			return false, nil
+		}
+	}
+
+	if excludePatternMatcher != nil {
+		m, err := excludePatternMatcher.Matches(filepath.FromSlash(candidate))
+		if err != nil {
+			return false, errors.Wrap(err, "failed to match excludepatterns")
+		}
+		if m {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
+
+func (cc *cacheContext) checksumNoFollow(ctx context.Context, m *mount, p string) (*CacheRecord, error) {
+	p = keyPath(p)
 
 	cc.mu.RLock()
 	if cc.txn == nil {
@@ -412,7 +705,7 @@ func (cc *cacheContext) lazyChecksum(ctx context.Context, m *mount, p string) (*
 	k := convertPathToKey([]byte(p))
 	txn := cc.tree.Txn()
 	root = txn.Root()
-	cr, updated, err := cc.checksum(ctx, root, txn, m, k)
+	cr, updated, err := cc.checksum(ctx, root, txn, m, k, true)
 	if err != nil {
 		return nil, err
 	}
@@ -421,13 +714,14 @@ func (cc *cacheContext) lazyChecksum(ctx context.Context, m *mount, p string) (*
 	return cr, err
 }
 
-func (cc *cacheContext) checksum(ctx context.Context, root *iradix.Node, txn *iradix.Txn, m *mount, k []byte) (*CacheRecord, bool, error) {
-	k, cr, err := getFollowLinks(root, k)
+func (cc *cacheContext) checksum(ctx context.Context, root *iradix.Node, txn *iradix.Txn, m *mount, k []byte, follow bool) (*CacheRecord, bool, error) {
+	origk := k
+	k, cr, err := getFollowLinks(root, k, follow)
 	if err != nil {
 		return nil, false, err
 	}
 	if cr == nil {
-		return nil, false, errors.Wrapf(errNotFound, "%s not found", convertKeyToPath(k))
+		return nil, false, errors.Wrapf(errNotFound, "%q not found", convertKeyToPath(origk))
 	}
 	if cr.Digest != "" {
 		return cr, false, nil
@@ -447,7 +741,7 @@ func (cc *cacheContext) checksum(ctx context.Context, root *iradix.Node, txn *ir
 			}
 			h.Write(bytes.TrimPrefix(subk, k))
 
-			subcr, _, err := cc.checksum(ctx, root, txn, m, subk)
+			subcr, _, err := cc.checksum(ctx, root, txn, m, subk, true)
 			if err != nil {
 				return nil, false, err
 			}
@@ -506,24 +800,24 @@ func (cc *cacheContext) needsScanFollow(root *iradix.Node, p string, linksWalked
 	if p == "/" {
 		p = ""
 	}
-	if v, ok := root.Get(convertPathToKey([]byte(p))); !ok {
+	v, ok := root.Get(convertPathToKey([]byte(p)))
+	if !ok {
 		if p == "" {
 			return true, nil
 		}
 		return cc.needsScanFollow(root, path.Clean(path.Dir(p)), linksWalked)
-	} else {
-		cr := v.(*CacheRecord)
-		if cr.Type == CacheRecordTypeSymlink {
-			if *linksWalked > 255 {
-				return false, errTooManyLinks
-			}
-			*linksWalked++
-			link := path.Clean(cr.Linkname)
-			if !path.IsAbs(cr.Linkname) {
-				link = path.Join("/", path.Dir(p), link)
-			}
-			return cc.needsScanFollow(root, link, linksWalked)
+	}
+	cr := v.(*CacheRecord)
+	if cr.Type == CacheRecordTypeSymlink {
+		if *linksWalked > 255 {
+			return false, errTooManyLinks
 		}
+		*linksWalked++
+		link := path.Clean(cr.Linkname)
+		if !path.IsAbs(cr.Linkname) {
+			link = path.Join("/", path.Dir(p), link)
+		}
+		return cc.needsScanFollow(root, link, linksWalked)
 	}
 	return false, nil
 }
@@ -599,43 +893,49 @@ func (cc *cacheContext) scanPath(ctx context.Context, m *mount, p string) (retEr
 	return nil
 }
 
-func getFollowLinks(root *iradix.Node, k []byte) ([]byte, *CacheRecord, error) {
+func getFollowLinks(root *iradix.Node, k []byte, follow bool) ([]byte, *CacheRecord, error) {
 	var linksWalked int
-	return getFollowLinksWalk(root, k, &linksWalked)
+	return getFollowLinksWalk(root, k, follow, &linksWalked)
 }
 
-func getFollowLinksWalk(root *iradix.Node, k []byte, linksWalked *int) ([]byte, *CacheRecord, error) {
+func getFollowLinksWalk(root *iradix.Node, k []byte, follow bool, linksWalked *int) ([]byte, *CacheRecord, error) {
 	v, ok := root.Get(k)
 	if ok {
 		return k, v.(*CacheRecord), nil
 	}
-	if len(k) == 0 {
-		return nil, nil, nil
+	if !follow || len(k) == 0 {
+		return k, nil, nil
 	}
 
 	dir, file := splitKey(k)
 
-	_, parent, err := getFollowLinksWalk(root, dir, linksWalked)
+	k, parent, err := getFollowLinksWalk(root, dir, follow, linksWalked)
 	if err != nil {
 		return nil, nil, err
 	}
-	if parent != nil && parent.Type == CacheRecordTypeSymlink {
-		*linksWalked++
-		if *linksWalked > 255 {
-			return nil, nil, errors.Errorf("too many links")
-		}
-		dirPath := path.Clean(string(convertKeyToPath(dir)))
-		if dirPath == "." || dirPath == "/" {
-			dirPath = ""
-		}
-		link := parent.Linkname
-		if !path.IsAbs(link) {
-			link = path.Join("/", path.Join(path.Dir(dirPath), link))
+	if parent != nil {
+		if parent.Type == CacheRecordTypeSymlink {
+			*linksWalked++
+			if *linksWalked > 255 {
+				return nil, nil, errors.Errorf("too many links")
+			}
+			dirPath := path.Clean(string(convertKeyToPath(dir)))
+			if dirPath == "." || dirPath == "/" {
+				dirPath = ""
+			}
+			link := path.Clean(parent.Linkname)
+			if !path.IsAbs(link) {
+				link = path.Join("/", path.Join(path.Dir(dirPath), link))
+			}
+			return getFollowLinksWalk(root, append(convertPathToKey([]byte(link)), file...), follow, linksWalked)
 		}
-		return getFollowLinksWalk(root, append(convertPathToKey([]byte(link)), file...), linksWalked)
 	}
-
-	return nil, nil, nil
+	k = append(k, file...)
+	v, ok = root.Get(k)
+	if ok {
+		return k, v.(*CacheRecord), nil
+	}
+	return k, nil, nil
 }
 
 func prepareDigest(fp, p string, fi os.FileInfo) (digest.Digest, error) {
@@ -687,12 +987,15 @@ func ensureOriginMetadata(md *metadata.StorageItem) *metadata.StorageItem {
 }
 
 var pool32K = sync.Pool{
-	New: func() interface{} { return make([]byte, 32*1024) }, // 32K
+	New: func() interface{} {
+		buf := make([]byte, 32*1024) // 32K
+		return &buf
+	},
 }
 
 func poolsCopy(dst io.Writer, src io.Reader) (written int64, err error) {
-	buf := pool32K.Get().([]byte)
-	written, err = io.CopyBuffer(dst, src, buf)
+	buf := pool32K.Get().(*[]byte)
+	written, err = io.CopyBuffer(dst, src, *buf)
 	pool32K.Put(buf)
 	return
 }
diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/checksum.pb.go b/vendor/github.com/moby/buildkit/cache/contenthash/checksum.pb.go
index 31dcce95ff87e..938b5d37202a9 100644
--- a/vendor/github.com/moby/buildkit/cache/contenthash/checksum.pb.go
+++ b/vendor/github.com/moby/buildkit/cache/contenthash/checksum.pb.go
@@ -1,27 +1,17 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: checksum.proto
 
-/*
-	Package contenthash is a generated protocol buffer package.
-
-	It is generated from these files:
-		checksum.proto
-
-	It has these top-level messages:
-		CacheRecord
-		CacheRecordWithPath
-		CacheRecords
-*/
 package contenthash
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-
-import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
-
-import io "io"
+import (
+	fmt "fmt"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -32,7 +22,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type CacheRecordType int32
 
@@ -49,6 +39,7 @@ var CacheRecordType_name = map[int32]string{
 	2: "DIR_HEADER",
 	3: "SYMLINK",
 }
+
 var CacheRecordType_value = map[string]int32{
 	"FILE":       0,
 	"DIR":        1,
@@ -59,7 +50,10 @@ var CacheRecordType_value = map[string]int32{
 func (x CacheRecordType) String() string {
 	return proto.EnumName(CacheRecordType_name, int32(x))
 }
-func (CacheRecordType) EnumDescriptor() ([]byte, []int) { return fileDescriptorChecksum, []int{0} }
+
+func (CacheRecordType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_843938c28b799986, []int{0}
+}
 
 type CacheRecord struct {
 	Digest   github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
@@ -67,10 +61,38 @@ type CacheRecord struct {
 	Linkname string                                     `protobuf:"bytes,3,opt,name=linkname,proto3" json:"linkname,omitempty"`
 }
 
-func (m *CacheRecord) Reset()                    { *m = CacheRecord{} }
-func (m *CacheRecord) String() string            { return proto.CompactTextString(m) }
-func (*CacheRecord) ProtoMessage()               {}
-func (*CacheRecord) Descriptor() ([]byte, []int) { return fileDescriptorChecksum, []int{0} }
+func (m *CacheRecord) Reset()         { *m = CacheRecord{} }
+func (m *CacheRecord) String() string { return proto.CompactTextString(m) }
+func (*CacheRecord) ProtoMessage()    {}
+func (*CacheRecord) Descriptor() ([]byte, []int) {
+	return fileDescriptor_843938c28b799986, []int{0}
+}
+func (m *CacheRecord) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CacheRecord) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CacheRecord.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CacheRecord) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CacheRecord.Merge(m, src)
+}
+func (m *CacheRecord) XXX_Size() int {
+	return m.Size()
+}
+func (m *CacheRecord) XXX_DiscardUnknown() {
+	xxx_messageInfo_CacheRecord.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CacheRecord proto.InternalMessageInfo
 
 func (m *CacheRecord) GetType() CacheRecordType {
 	if m != nil {
@@ -88,13 +110,41 @@ func (m *CacheRecord) GetLinkname() string {
 
 type CacheRecordWithPath struct {
 	Path   string       `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-	Record *CacheRecord `protobuf:"bytes,2,opt,name=record" json:"record,omitempty"`
+	Record *CacheRecord `protobuf:"bytes,2,opt,name=record,proto3" json:"record,omitempty"`
+}
+
+func (m *CacheRecordWithPath) Reset()         { *m = CacheRecordWithPath{} }
+func (m *CacheRecordWithPath) String() string { return proto.CompactTextString(m) }
+func (*CacheRecordWithPath) ProtoMessage()    {}
+func (*CacheRecordWithPath) Descriptor() ([]byte, []int) {
+	return fileDescriptor_843938c28b799986, []int{1}
+}
+func (m *CacheRecordWithPath) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CacheRecordWithPath) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CacheRecordWithPath.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CacheRecordWithPath) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CacheRecordWithPath.Merge(m, src)
+}
+func (m *CacheRecordWithPath) XXX_Size() int {
+	return m.Size()
+}
+func (m *CacheRecordWithPath) XXX_DiscardUnknown() {
+	xxx_messageInfo_CacheRecordWithPath.DiscardUnknown(m)
 }
 
-func (m *CacheRecordWithPath) Reset()                    { *m = CacheRecordWithPath{} }
-func (m *CacheRecordWithPath) String() string            { return proto.CompactTextString(m) }
-func (*CacheRecordWithPath) ProtoMessage()               {}
-func (*CacheRecordWithPath) Descriptor() ([]byte, []int) { return fileDescriptorChecksum, []int{1} }
+var xxx_messageInfo_CacheRecordWithPath proto.InternalMessageInfo
 
 func (m *CacheRecordWithPath) GetPath() string {
 	if m != nil {
@@ -111,13 +161,41 @@ func (m *CacheRecordWithPath) GetRecord() *CacheRecord {
 }
 
 type CacheRecords struct {
-	Paths []*CacheRecordWithPath `protobuf:"bytes,1,rep,name=paths" json:"paths,omitempty"`
+	Paths []*CacheRecordWithPath `protobuf:"bytes,1,rep,name=paths,proto3" json:"paths,omitempty"`
+}
+
+func (m *CacheRecords) Reset()         { *m = CacheRecords{} }
+func (m *CacheRecords) String() string { return proto.CompactTextString(m) }
+func (*CacheRecords) ProtoMessage()    {}
+func (*CacheRecords) Descriptor() ([]byte, []int) {
+	return fileDescriptor_843938c28b799986, []int{2}
+}
+func (m *CacheRecords) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CacheRecords) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CacheRecords.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CacheRecords) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CacheRecords.Merge(m, src)
+}
+func (m *CacheRecords) XXX_Size() int {
+	return m.Size()
+}
+func (m *CacheRecords) XXX_DiscardUnknown() {
+	xxx_messageInfo_CacheRecords.DiscardUnknown(m)
 }
 
-func (m *CacheRecords) Reset()                    { *m = CacheRecords{} }
-func (m *CacheRecords) String() string            { return proto.CompactTextString(m) }
-func (*CacheRecords) ProtoMessage()               {}
-func (*CacheRecords) Descriptor() ([]byte, []int) { return fileDescriptorChecksum, []int{2} }
+var xxx_messageInfo_CacheRecords proto.InternalMessageInfo
 
 func (m *CacheRecords) GetPaths() []*CacheRecordWithPath {
 	if m != nil {
@@ -127,15 +205,49 @@ func (m *CacheRecords) GetPaths() []*CacheRecordWithPath {
 }
 
 func init() {
+	proto.RegisterEnum("contenthash.CacheRecordType", CacheRecordType_name, CacheRecordType_value)
 	proto.RegisterType((*CacheRecord)(nil), "contenthash.CacheRecord")
 	proto.RegisterType((*CacheRecordWithPath)(nil), "contenthash.CacheRecordWithPath")
 	proto.RegisterType((*CacheRecords)(nil), "contenthash.CacheRecords")
-	proto.RegisterEnum("contenthash.CacheRecordType", CacheRecordType_name, CacheRecordType_value)
 }
+
+func init() { proto.RegisterFile("checksum.proto", fileDescriptor_843938c28b799986) }
+
+var fileDescriptor_843938c28b799986 = []byte{
+	// 426 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x92, 0xc1, 0x6a, 0x13, 0x41,
+	0x18, 0xc7, 0x77, 0x9a, 0x18, 0xf5, 0x8b, 0xd4, 0x30, 0x85, 0x76, 0x19, 0xca, 0x64, 0xcc, 0xc5,
+	0x50, 0xec, 0xa6, 0x44, 0xf0, 0x6e, 0xdd, 0x84, 0x46, 0xab, 0xc8, 0x54, 0x10, 0xf1, 0x20, 0x9b,
+	0xcd, 0xb8, 0xb3, 0xb4, 0xd9, 0x59, 0x76, 0x27, 0x87, 0xbc, 0x81, 0xec, 0xc9, 0x17, 0xd8, 0x93,
+	0x82, 0xef, 0xe0, 0x5d, 0xe8, 0xb1, 0x47, 0xf1, 0x50, 0x24, 0x79, 0x11, 0xd9, 0xd9, 0x2a, 0xcb,
+	0x4a, 0x4e, 0xf3, 0x7d, 0x33, 0xbf, 0xef, 0xff, 0xff, 0xcf, 0x30, 0xb0, 0xed, 0x4b, 0xe1, 0x9f,
+	0xa7, 0x8b, 0xb9, 0x13, 0x27, 0x4a, 0x2b, 0xdc, 0xf6, 0x55, 0xa4, 0x45, 0xa4, 0xa5, 0x97, 0x4a,
+	0x72, 0x18, 0x84, 0x5a, 0x2e, 0xa6, 0x8e, 0xaf, 0xe6, 0x83, 0x40, 0x05, 0x6a, 0x60, 0x98, 0xe9,
+	0xe2, 0xa3, 0xe9, 0x4c, 0x63, 0xaa, 0x72, 0xb6, 0xf7, 0x0d, 0x41, 0xfb, 0x99, 0xe7, 0x4b, 0xc1,
+	0x85, 0xaf, 0x92, 0x19, 0x7e, 0x0e, 0xad, 0x59, 0x18, 0x88, 0x54, 0xdb, 0x88, 0xa1, 0xfe, 0xdd,
+	0xe3, 0xe1, 0xe5, 0x75, 0xd7, 0xfa, 0x75, 0xdd, 0x3d, 0xa8, 0xc8, 0xaa, 0x58, 0x44, 0x85, 0xa5,
+	0x17, 0x46, 0x22, 0x49, 0x07, 0x81, 0x3a, 0x2c, 0x47, 0x1c, 0xd7, 0x2c, 0xfc, 0x46, 0x01, 0x1f,
+	0x41, 0x53, 0x2f, 0x63, 0x61, 0x6f, 0x31, 0xd4, 0xdf, 0x1e, 0xee, 0x3b, 0x95, 0x98, 0x4e, 0xc5,
+	0xf3, 0xcd, 0x32, 0x16, 0xdc, 0x90, 0x98, 0xc0, 0x9d, 0x8b, 0x30, 0x3a, 0x8f, 0xbc, 0xb9, 0xb0,
+	0x1b, 0x85, 0x3f, 0xff, 0xd7, 0xf7, 0xde, 0xc3, 0x4e, 0x65, 0xe8, 0x6d, 0xa8, 0xe5, 0x6b, 0x4f,
+	0x4b, 0x8c, 0xa1, 0x19, 0x7b, 0x5a, 0x96, 0x71, 0xb9, 0xa9, 0xf1, 0x11, 0xb4, 0x12, 0x43, 0x19,
+	0xeb, 0xf6, 0xd0, 0xde, 0x64, 0xcd, 0x6f, 0xb8, 0xde, 0x18, 0xee, 0x55, 0xb6, 0x53, 0xfc, 0x04,
+	0x6e, 0x15, 0x4a, 0xa9, 0x8d, 0x58, 0xa3, 0xdf, 0x1e, 0xb2, 0x4d, 0x02, 0x7f, 0x63, 0xf0, 0x12,
+	0x3f, 0xf8, 0x81, 0xe0, 0x7e, 0xed, 0x6a, 0xf8, 0x01, 0x34, 0xc7, 0x93, 0xd3, 0x51, 0xc7, 0x22,
+	0x7b, 0x59, 0xce, 0x76, 0x6a, 0xc7, 0xe3, 0xf0, 0x42, 0xe0, 0x2e, 0x34, 0xdc, 0x09, 0xef, 0x20,
+	0xb2, 0x9b, 0xe5, 0x0c, 0xd7, 0x08, 0x37, 0x4c, 0xf0, 0x23, 0x00, 0x77, 0xc2, 0x3f, 0x9c, 0x8c,
+	0x9e, 0xba, 0x23, 0xde, 0xd9, 0x22, 0xfb, 0x59, 0xce, 0xec, 0xff, 0xb9, 0x13, 0xe1, 0xcd, 0x44,
+	0x82, 0x1f, 0xc2, 0xed, 0xb3, 0x77, 0x2f, 0x4f, 0x27, 0xaf, 0x5e, 0x74, 0x1a, 0x84, 0x64, 0x39,
+	0xdb, 0xad, 0xa1, 0x67, 0xcb, 0x79, 0xf1, 0xae, 0x64, 0xef, 0xd3, 0x17, 0x6a, 0x7d, 0xff, 0x4a,
+	0xeb, 0x99, 0x8f, 0xed, 0xcb, 0x15, 0x45, 0x57, 0x2b, 0x8a, 0x7e, 0xaf, 0x28, 0xfa, 0xbc, 0xa6,
+	0xd6, 0xd5, 0x9a, 0x5a, 0x3f, 0xd7, 0xd4, 0x9a, 0xb6, 0xcc, 0xbf, 0x79, 0xfc, 0x27, 0x00, 0x00,
+	0xff, 0xff, 0xfd, 0xd7, 0xd8, 0x37, 0x85, 0x02, 0x00, 0x00,
+}
+
 func (m *CacheRecord) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -143,34 +255,41 @@ func (m *CacheRecord) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CacheRecord) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CacheRecord) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintChecksum(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
+	if len(m.Linkname) > 0 {
+		i -= len(m.Linkname)
+		copy(dAtA[i:], m.Linkname)
+		i = encodeVarintChecksum(dAtA, i, uint64(len(m.Linkname)))
+		i--
+		dAtA[i] = 0x1a
 	}
 	if m.Type != 0 {
-		dAtA[i] = 0x10
-		i++
 		i = encodeVarintChecksum(dAtA, i, uint64(m.Type))
+		i--
+		dAtA[i] = 0x10
 	}
-	if len(m.Linkname) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintChecksum(dAtA, i, uint64(len(m.Linkname)))
-		i += copy(dAtA[i:], m.Linkname)
+	if len(m.Digest) > 0 {
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
+		i = encodeVarintChecksum(dAtA, i, uint64(len(m.Digest)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CacheRecordWithPath) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -178,33 +297,41 @@ func (m *CacheRecordWithPath) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CacheRecordWithPath) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CacheRecordWithPath) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Path) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintChecksum(dAtA, i, uint64(len(m.Path)))
-		i += copy(dAtA[i:], m.Path)
-	}
 	if m.Record != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintChecksum(dAtA, i, uint64(m.Record.Size()))
-		n1, err := m.Record.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
+		{
+			size, err := m.Record.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintChecksum(dAtA, i, uint64(size))
 		}
-		i += n1
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Path) > 0 {
+		i -= len(m.Path)
+		copy(dAtA[i:], m.Path)
+		i = encodeVarintChecksum(dAtA, i, uint64(len(m.Path)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CacheRecords) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -212,35 +339,47 @@ func (m *CacheRecords) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CacheRecords) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CacheRecords) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Paths) > 0 {
-		for _, msg := range m.Paths {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintChecksum(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
+		for iNdEx := len(m.Paths) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Paths[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintChecksum(dAtA, i, uint64(size))
 			}
-			i += n
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintChecksum(dAtA []byte, offset int, v uint64) int {
+	offset -= sovChecksum(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *CacheRecord) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Digest)
@@ -258,6 +397,9 @@ func (m *CacheRecord) Size() (n int) {
 }
 
 func (m *CacheRecordWithPath) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Path)
@@ -272,6 +414,9 @@ func (m *CacheRecordWithPath) Size() (n int) {
 }
 
 func (m *CacheRecords) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if len(m.Paths) > 0 {
@@ -284,14 +429,7 @@ func (m *CacheRecords) Size() (n int) {
 }
 
 func sovChecksum(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozChecksum(x uint64) (n int) {
 	return sovChecksum(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -311,7 +449,7 @@ func (m *CacheRecord) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -339,7 +477,7 @@ func (m *CacheRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -349,6 +487,9 @@ func (m *CacheRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthChecksum
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthChecksum
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -368,7 +509,7 @@ func (m *CacheRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Type |= (CacheRecordType(b) & 0x7F) << shift
+				m.Type |= CacheRecordType(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -387,7 +528,7 @@ func (m *CacheRecord) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -397,6 +538,9 @@ func (m *CacheRecord) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthChecksum
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthChecksum
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -408,7 +552,7 @@ func (m *CacheRecord) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthChecksum
 			}
 			if (iNdEx + skippy) > l {
@@ -438,7 +582,7 @@ func (m *CacheRecordWithPath) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -466,7 +610,7 @@ func (m *CacheRecordWithPath) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -476,6 +620,9 @@ func (m *CacheRecordWithPath) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthChecksum
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthChecksum
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -495,7 +642,7 @@ func (m *CacheRecordWithPath) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -504,6 +651,9 @@ func (m *CacheRecordWithPath) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthChecksum
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthChecksum
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -520,7 +670,7 @@ func (m *CacheRecordWithPath) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthChecksum
 			}
 			if (iNdEx + skippy) > l {
@@ -550,7 +700,7 @@ func (m *CacheRecords) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -578,7 +728,7 @@ func (m *CacheRecords) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -587,6 +737,9 @@ func (m *CacheRecords) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthChecksum
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthChecksum
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -601,7 +754,7 @@ func (m *CacheRecords) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthChecksum
 			}
 			if (iNdEx + skippy) > l {
@@ -619,6 +772,7 @@ func (m *CacheRecords) Unmarshal(dAtA []byte) error {
 func skipChecksum(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -650,10 +804,8 @@ func skipChecksum(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -670,86 +822,34 @@ func skipChecksum(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthChecksum
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowChecksum
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipChecksum(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupChecksum
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthChecksum
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthChecksum = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowChecksum   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthChecksum        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowChecksum          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupChecksum = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("checksum.proto", fileDescriptorChecksum) }
-
-var fileDescriptorChecksum = []byte{
-	// 418 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x92, 0xc1, 0x6a, 0xd4, 0x40,
-	0x18, 0xc7, 0x77, 0xba, 0xeb, 0xaa, 0xdf, 0x4a, 0x0d, 0x53, 0x68, 0xc3, 0x50, 0xb2, 0xe3, 0x5e,
-	0x5c, 0x8a, 0xcd, 0x96, 0x08, 0xde, 0xad, 0xd9, 0xa5, 0xd1, 0x2a, 0x32, 0x15, 0x44, 0x3c, 0x48,
-	0x36, 0x3b, 0x66, 0x42, 0x9b, 0x4c, 0x48, 0x66, 0x0f, 0xfb, 0x06, 0x92, 0x93, 0x2f, 0x90, 0x93,
-	0x82, 0xef, 0xe0, 0x5d, 0xe8, 0xd1, 0xb3, 0x87, 0x22, 0xeb, 0x8b, 0x48, 0x26, 0x55, 0x42, 0xca,
-	0x9e, 0xe6, 0xfb, 0x66, 0x7e, 0xdf, 0xff, 0xff, 0x9f, 0x61, 0x60, 0x3b, 0x10, 0x3c, 0x38, 0xcf,
-	0x97, 0xb1, 0x9d, 0x66, 0x52, 0x49, 0x3c, 0x08, 0x64, 0xa2, 0x78, 0xa2, 0x84, 0x9f, 0x0b, 0x72,
-	0x18, 0x46, 0x4a, 0x2c, 0xe7, 0x76, 0x20, 0xe3, 0x49, 0x28, 0x43, 0x39, 0xd1, 0xcc, 0x7c, 0xf9,
-	0x51, 0x77, 0xba, 0xd1, 0x55, 0x3d, 0x3b, 0xfa, 0x86, 0x60, 0xf0, 0xcc, 0x0f, 0x04, 0x67, 0x3c,
-	0x90, 0xd9, 0x02, 0x3f, 0x87, 0xfe, 0x22, 0x0a, 0x79, 0xae, 0x4c, 0x44, 0xd1, 0xf8, 0xee, 0xb1,
-	0x73, 0x79, 0x35, 0xec, 0xfc, 0xba, 0x1a, 0x1e, 0x34, 0x64, 0x65, 0xca, 0x93, 0xca, 0xd2, 0x8f,
-	0x12, 0x9e, 0xe5, 0x93, 0x50, 0x1e, 0xd6, 0x23, 0xb6, 0xab, 0x17, 0x76, 0xad, 0x80, 0x8f, 0xa0,
-	0xa7, 0x56, 0x29, 0x37, 0xb7, 0x28, 0x1a, 0x6f, 0x3b, 0xfb, 0x76, 0x23, 0xa6, 0xdd, 0xf0, 0x7c,
-	0xb3, 0x4a, 0x39, 0xd3, 0x24, 0x26, 0x70, 0xe7, 0x22, 0x4a, 0xce, 0x13, 0x3f, 0xe6, 0x66, 0xb7,
-	0xf2, 0x67, 0xff, 0xfb, 0xd1, 0x7b, 0xd8, 0x69, 0x0c, 0xbd, 0x8d, 0x94, 0x78, 0xed, 0x2b, 0x81,
-	0x31, 0xf4, 0x52, 0x5f, 0x89, 0x3a, 0x2e, 0xd3, 0x35, 0x3e, 0x82, 0x7e, 0xa6, 0x29, 0x6d, 0x3d,
-	0x70, 0xcc, 0x4d, 0xd6, 0xec, 0x9a, 0x1b, 0xcd, 0xe0, 0x5e, 0x63, 0x3b, 0xc7, 0x4f, 0xe0, 0x56,
-	0xa5, 0x94, 0x9b, 0x88, 0x76, 0xc7, 0x03, 0x87, 0x6e, 0x12, 0xf8, 0x17, 0x83, 0xd5, 0xf8, 0xc1,
-	0x0f, 0x04, 0xf7, 0x5b, 0x57, 0xc3, 0x0f, 0xa0, 0x37, 0xf3, 0x4e, 0xa7, 0x46, 0x87, 0xec, 0x15,
-	0x25, 0xdd, 0x69, 0x1d, 0xcf, 0xa2, 0x0b, 0x8e, 0x87, 0xd0, 0x75, 0x3d, 0x66, 0x20, 0xb2, 0x5b,
-	0x94, 0x14, 0xb7, 0x08, 0x37, 0xca, 0xf0, 0x23, 0x00, 0xd7, 0x63, 0x1f, 0x4e, 0xa6, 0x4f, 0xdd,
-	0x29, 0x33, 0xb6, 0xc8, 0x7e, 0x51, 0x52, 0xf3, 0x26, 0x77, 0xc2, 0xfd, 0x05, 0xcf, 0xf0, 0x43,
-	0xb8, 0x7d, 0xf6, 0xee, 0xe5, 0xa9, 0xf7, 0xea, 0x85, 0xd1, 0x25, 0xa4, 0x28, 0xe9, 0x6e, 0x0b,
-	0x3d, 0x5b, 0xc5, 0xd5, 0xbb, 0x92, 0xbd, 0x4f, 0x5f, 0xac, 0xce, 0xf7, 0xaf, 0x56, 0x3b, 0xf3,
-	0xb1, 0x71, 0xb9, 0xb6, 0xd0, 0xcf, 0xb5, 0x85, 0x7e, 0xaf, 0x2d, 0xf4, 0xf9, 0x8f, 0xd5, 0x99,
-	0xf7, 0xf5, 0x7f, 0x79, 0xfc, 0x37, 0x00, 0x00, 0xff, 0xff, 0x55, 0xf2, 0x2e, 0x06, 0x7d, 0x02,
-	0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/filehash.go b/vendor/github.com/moby/buildkit/cache/contenthash/filehash.go
index 84018e7852262..0b5267101b03c 100644
--- a/vendor/github.com/moby/buildkit/cache/contenthash/filehash.go
+++ b/vendor/github.com/moby/buildkit/cache/contenthash/filehash.go
@@ -40,20 +40,22 @@ func NewFileHash(path string, fi os.FileInfo) (hash.Hash, error) {
 }
 
 func NewFromStat(stat *fstypes.Stat) (hash.Hash, error) {
+	// Clear the socket bit since archive/tar.FileInfoHeader does not handle it
+	stat.Mode &^= uint32(os.ModeSocket)
+
 	fi := &statInfo{stat}
 	hdr, err := tar.FileInfoHeader(fi, stat.Linkname)
 	if err != nil {
 		return nil, err
 	}
 	hdr.Name = "" // note: empty name is different from current has in docker build. Name is added on recursive directory scan instead
-	hdr.Mode = int64(chmodWindowsTarEntry(os.FileMode(hdr.Mode)))
 	hdr.Devmajor = stat.Devmajor
 	hdr.Devminor = stat.Devminor
 
 	if len(stat.Xattrs) > 0 {
-		hdr.Xattrs = make(map[string]string, len(stat.Xattrs))
+		hdr.PAXRecords = make(map[string]string, len(stat.Xattrs))
 		for k, v := range stat.Xattrs {
-			hdr.Xattrs[k] = string(v)
+			hdr.PAXRecords["SCHILY.xattr."+k] = string(v)
 		}
 	}
 	// fmt.Printf("hdr: %#v\n", hdr)
diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/filehash_unix.go b/vendor/github.com/moby/buildkit/cache/contenthash/filehash_unix.go
index 4f610d772db6a..ccd2ebd2bbf54 100644
--- a/vendor/github.com/moby/buildkit/cache/contenthash/filehash_unix.go
+++ b/vendor/github.com/moby/buildkit/cache/contenthash/filehash_unix.go
@@ -12,10 +12,6 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-func chmodWindowsTarEntry(perm os.FileMode) os.FileMode {
-	return perm
-}
-
 func setUnixOpt(path string, fi os.FileInfo, stat *fstypes.Stat) error {
 	s := fi.Sys().(*syscall.Stat_t)
 
diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/filehash_windows.go b/vendor/github.com/moby/buildkit/cache/contenthash/filehash_windows.go
index e15bf1e5abd8a..c6bfce9e61bee 100644
--- a/vendor/github.com/moby/buildkit/cache/contenthash/filehash_windows.go
+++ b/vendor/github.com/moby/buildkit/cache/contenthash/filehash_windows.go
@@ -8,16 +8,6 @@ import (
 	fstypes "github.com/tonistiigi/fsutil/types"
 )
 
-// chmodWindowsTarEntry is used to adjust the file permissions used in tar
-// header based on the platform the archival is done.
-func chmodWindowsTarEntry(perm os.FileMode) os.FileMode {
-	perm &= 0755
-	// Add the x bit: make everything +x from windows
-	perm |= 0111
-
-	return perm
-}
-
 func setUnixOpt(path string, fi os.FileInfo, stat *fstypes.Stat) error {
 	return nil
 }
diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/path.go b/vendor/github.com/moby/buildkit/cache/contenthash/path.go
index 1084da084a770..42b7fd8349c72 100644
--- a/vendor/github.com/moby/buildkit/cache/contenthash/path.go
+++ b/vendor/github.com/moby/buildkit/cache/contenthash/path.go
@@ -1,9 +1,10 @@
 package contenthash
 
 import (
-	"errors"
 	"os"
 	"path/filepath"
+
+	"github.com/pkg/errors"
 )
 
 var (
@@ -52,7 +53,7 @@ func walkLink(root, path string, linksWalked *int, cb onSymlinkFunc) (newpath st
 	fi, err := os.Lstat(realPath)
 	if err != nil {
 		// If path does not yet exist, treat as non-symlink
-		if os.IsNotExist(err) {
+		if errors.Is(err, os.ErrNotExist) {
 			return path, false, nil
 		}
 		return "", false, err
diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/tarsum.go b/vendor/github.com/moby/buildkit/cache/contenthash/tarsum.go
index 601c41ecb9249..a7f192d121ee0 100644
--- a/vendor/github.com/moby/buildkit/cache/contenthash/tarsum.go
+++ b/vendor/github.com/moby/buildkit/cache/contenthash/tarsum.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"sort"
 	"strconv"
+	"strings"
 )
 
 // WriteV1TarsumHeaders writes a tar header to a writer in V1 tarsum format.
@@ -35,10 +36,25 @@ func v0TarHeaderSelect(h *tar.Header) (orderedHeaders [][2]string) {
 }
 
 func v1TarHeaderSelect(h *tar.Header) (orderedHeaders [][2]string) {
+	pax := h.PAXRecords
+	if len(h.Xattrs) > 0 { //nolint deprecated
+		if pax == nil {
+			pax = map[string]string{}
+			for k, v := range h.Xattrs { //nolint deprecated
+				pax["SCHILY.xattr."+k] = v
+			}
+		}
+	}
+
 	// Get extended attributes.
-	xAttrKeys := make([]string, len(h.Xattrs))
-	for k := range h.Xattrs {
-		xAttrKeys = append(xAttrKeys, k)
+	xAttrKeys := make([]string, len(h.PAXRecords))
+	for k := range pax {
+		if strings.HasPrefix(k, "SCHILY.xattr.") {
+			k = strings.TrimPrefix(k, "SCHILY.xattr.")
+			if k == "security.capability" || !strings.HasPrefix(k, "security.") && !strings.HasPrefix(k, "system.") {
+				xAttrKeys = append(xAttrKeys, k)
+			}
+		}
 	}
 	sort.Strings(xAttrKeys)
 
@@ -53,7 +69,7 @@ func v1TarHeaderSelect(h *tar.Header) (orderedHeaders [][2]string) {
 
 	// Finally, append the sorted xattrs.
 	for _, k := range xAttrKeys {
-		orderedHeaders = append(orderedHeaders, [2]string{k, h.Xattrs[k]})
+		orderedHeaders = append(orderedHeaders, [2]string{k, h.PAXRecords["SCHILY.xattr."+k]})
 	}
 
 	return
diff --git a/vendor/github.com/moby/buildkit/cache/manager.go b/vendor/github.com/moby/buildkit/cache/manager.go
index 948eb8df8b3a2..854a8783abc89 100644
--- a/vendor/github.com/moby/buildkit/cache/manager.go
+++ b/vendor/github.com/moby/buildkit/cache/manager.go
@@ -6,12 +6,22 @@ import (
 	"sync"
 	"time"
 
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/diff"
+	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/filters"
-	"github.com/containerd/containerd/snapshots"
+	"github.com/containerd/containerd/gc"
+	"github.com/containerd/containerd/leases"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/cache/metadata"
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/util/flightcontrol"
+	digest "github.com/opencontainers/go-digest"
+	imagespecidentity "github.com/opencontainers/image-spec/identity"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
@@ -24,16 +34,24 @@ var (
 )
 
 type ManagerOpt struct {
-	Snapshotter     snapshot.SnapshotterBase
+	Snapshotter     snapshot.Snapshotter
 	MetadataStore   *metadata.Store
+	ContentStore    content.Store
+	LeaseManager    leases.Manager
 	PruneRefChecker ExternalRefCheckerFunc
+	GarbageCollect  func(ctx context.Context) (gc.Stats, error)
+	Applier         diff.Applier
+	Differ          diff.Comparer
 }
 
 type Accessor interface {
+	GetByBlob(ctx context.Context, desc ocispec.Descriptor, parent ImmutableRef, opts ...RefOption) (ImmutableRef, error)
 	Get(ctx context.Context, id string, opts ...RefOption) (ImmutableRef, error)
-	GetFromSnapshotter(ctx context.Context, id string, opts ...RefOption) (ImmutableRef, error)
-	New(ctx context.Context, s ImmutableRef, opts ...RefOption) (MutableRef, error)
-	GetMutable(ctx context.Context, id string) (MutableRef, error) // Rebase?
+
+	New(ctx context.Context, parent ImmutableRef, s session.Group, opts ...RefOption) (MutableRef, error)
+	GetMutable(ctx context.Context, id string, opts ...RefOption) (MutableRef, error) // Rebase?
+	IdentityMapping() *idtools.IdentityMapping
+	Metadata(string) *metadata.StorageItem
 }
 
 type Controller interface {
@@ -50,7 +68,7 @@ type Manager interface {
 type ExternalRefCheckerFunc func() (ExternalRefChecker, error)
 
 type ExternalRefChecker interface {
-	Exists(key string) bool
+	Exists(string, []digest.Digest) bool
 }
 
 type cacheManager struct {
@@ -60,6 +78,7 @@ type cacheManager struct {
 	md *metadata.Store
 
 	muPrune sync.Mutex // make sure parallel prune is not allowed so there will not be inconsistent results
+	unlazyG flightcontrol.Group
 }
 
 func NewManager(opt ManagerOpt) (Manager, error) {
@@ -78,6 +97,176 @@ func NewManager(opt ManagerOpt) (Manager, error) {
 	return cm, nil
 }
 
+func (cm *cacheManager) GetByBlob(ctx context.Context, desc ocispec.Descriptor, parent ImmutableRef, opts ...RefOption) (ir ImmutableRef, rerr error) {
+	diffID, err := diffIDFromDescriptor(desc)
+	if err != nil {
+		return nil, err
+	}
+	chainID := diffID
+	blobChainID := imagespecidentity.ChainID([]digest.Digest{desc.Digest, diffID})
+
+	descHandlers := descHandlersOf(opts...)
+	if desc.Digest != "" && (descHandlers == nil || descHandlers[desc.Digest] == nil) {
+		if _, err := cm.ContentStore.Info(ctx, desc.Digest); errors.Is(err, errdefs.ErrNotFound) {
+			return nil, NeedsRemoteProvidersError([]digest.Digest{desc.Digest})
+		} else if err != nil {
+			return nil, err
+		}
+	}
+
+	var p *immutableRef
+	var parentID string
+	if parent != nil {
+		pInfo := parent.Info()
+		if pInfo.ChainID == "" || pInfo.BlobChainID == "" {
+			return nil, errors.Errorf("failed to get ref by blob on non-addressable parent")
+		}
+		chainID = imagespecidentity.ChainID([]digest.Digest{pInfo.ChainID, chainID})
+		blobChainID = imagespecidentity.ChainID([]digest.Digest{pInfo.BlobChainID, blobChainID})
+
+		p2, err := cm.Get(ctx, parent.ID(), NoUpdateLastUsed, descHandlers)
+		if err != nil {
+			return nil, err
+		}
+		if err := p2.Finalize(ctx, true); err != nil {
+			return nil, err
+		}
+		parentID = p2.ID()
+		p = p2.(*immutableRef)
+	}
+
+	releaseParent := false
+	defer func() {
+		if releaseParent || rerr != nil && p != nil {
+			p.Release(context.TODO())
+		}
+	}()
+
+	cm.mu.Lock()
+	defer cm.mu.Unlock()
+
+	sis, err := cm.MetadataStore.Search("blobchainid:" + blobChainID.String())
+	if err != nil {
+		return nil, err
+	}
+
+	for _, si := range sis {
+		ref, err := cm.get(ctx, si.ID(), opts...)
+		if err != nil && !IsNotFound(err) {
+			return nil, errors.Wrapf(err, "failed to get record %s by blobchainid", sis[0].ID())
+		}
+		if ref == nil {
+			continue
+		}
+		if p != nil {
+			releaseParent = true
+		}
+		if err := setImageRefMetadata(ref, opts...); err != nil {
+			return nil, errors.Wrapf(err, "failed to append image ref metadata to ref %s", ref.ID())
+		}
+		return ref, nil
+	}
+
+	sis, err = cm.MetadataStore.Search("chainid:" + chainID.String())
+	if err != nil {
+		return nil, err
+	}
+
+	var link ImmutableRef
+	for _, si := range sis {
+		ref, err := cm.get(ctx, si.ID(), opts...)
+		if err != nil && !IsNotFound(err) {
+			return nil, errors.Wrapf(err, "failed to get record %s by chainid", sis[0].ID())
+		}
+		if ref != nil {
+			link = ref
+			break
+		}
+	}
+
+	id := identity.NewID()
+	snapshotID := chainID.String()
+	blobOnly := true
+	if link != nil {
+		snapshotID = getSnapshotID(link.Metadata())
+		blobOnly = getBlobOnly(link.Metadata())
+		go link.Release(context.TODO())
+	}
+
+	l, err := cm.ManagerOpt.LeaseManager.Create(ctx, func(l *leases.Lease) error {
+		l.ID = id
+		l.Labels = map[string]string{
+			"containerd.io/gc.flat": time.Now().UTC().Format(time.RFC3339Nano),
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create lease")
+	}
+
+	defer func() {
+		if rerr != nil {
+			if err := cm.ManagerOpt.LeaseManager.Delete(context.TODO(), leases.Lease{
+				ID: l.ID,
+			}); err != nil {
+				logrus.Errorf("failed to remove lease: %+v", err)
+			}
+		}
+	}()
+
+	if err := cm.ManagerOpt.LeaseManager.AddResource(ctx, l, leases.Resource{
+		ID:   snapshotID,
+		Type: "snapshots/" + cm.ManagerOpt.Snapshotter.Name(),
+	}); err != nil {
+		return nil, errors.Wrapf(err, "failed to add snapshot %s to lease", id)
+	}
+
+	if desc.Digest != "" {
+		if err := cm.ManagerOpt.LeaseManager.AddResource(ctx, leases.Lease{ID: id}, leases.Resource{
+			ID:   desc.Digest.String(),
+			Type: "content",
+		}); err != nil {
+			return nil, errors.Wrapf(err, "failed to add blob %s to lease", id)
+		}
+	}
+
+	md, _ := cm.md.Get(id)
+
+	rec := &cacheRecord{
+		mu:     &sync.Mutex{},
+		cm:     cm,
+		refs:   make(map[ref]struct{}),
+		parent: p,
+		md:     md,
+	}
+
+	if err := initializeMetadata(rec, parentID, opts...); err != nil {
+		return nil, err
+	}
+
+	if err := setImageRefMetadata(rec, opts...); err != nil {
+		return nil, errors.Wrapf(err, "failed to append image ref metadata to ref %s", rec.ID())
+	}
+
+	queueDiffID(rec.md, diffID.String())
+	queueBlob(rec.md, desc.Digest.String())
+	queueChainID(rec.md, chainID.String())
+	queueBlobChainID(rec.md, blobChainID.String())
+	queueSnapshotID(rec.md, snapshotID)
+	queueBlobOnly(rec.md, blobOnly)
+	queueMediaType(rec.md, desc.MediaType)
+	queueBlobSize(rec.md, desc.Size)
+	queueCommitted(rec.md)
+
+	if err := rec.md.Commit(); err != nil {
+		return nil, err
+	}
+
+	cm.records[id] = rec
+
+	return rec.ref(true, descHandlers), nil
+}
+
 // init loads all snapshots from metadata state and tries to load the records
 // from the snapshotter. If snaphot can't be found, metadata is deleted as well.
 func (cm *cacheManager) init(ctx context.Context) error {
@@ -87,15 +276,20 @@ func (cm *cacheManager) init(ctx context.Context) error {
 	}
 
 	for _, si := range items {
-		if _, err := cm.getRecord(ctx, si.ID(), false); err != nil {
-			logrus.Debugf("could not load snapshot %s: %v", si.ID(), err)
+		if _, err := cm.getRecord(ctx, si.ID()); err != nil {
+			logrus.Debugf("could not load snapshot %s: %+v", si.ID(), err)
 			cm.md.Clear(si.ID())
-			// TODO: make sure content is deleted as well
+			cm.LeaseManager.Delete(ctx, leases.Lease{ID: si.ID()})
 		}
 	}
 	return nil
 }
 
+// IdentityMapping returns the userns remapping used for refs
+func (cm *cacheManager) IdentityMapping() *idtools.IdentityMapping {
+	return cm.Snapshotter.IdentityMapping()
+}
+
 // Close closes the manager and releases the metadata database lock. No other
 // method should be called after Close.
 func (cm *cacheManager) Close() error {
@@ -107,19 +301,22 @@ func (cm *cacheManager) Close() error {
 func (cm *cacheManager) Get(ctx context.Context, id string, opts ...RefOption) (ImmutableRef, error) {
 	cm.mu.Lock()
 	defer cm.mu.Unlock()
-	return cm.get(ctx, id, false, opts...)
+	return cm.get(ctx, id, opts...)
 }
 
-// Get returns an immutable snapshot reference for ID
-func (cm *cacheManager) GetFromSnapshotter(ctx context.Context, id string, opts ...RefOption) (ImmutableRef, error) {
+func (cm *cacheManager) Metadata(id string) *metadata.StorageItem {
 	cm.mu.Lock()
 	defer cm.mu.Unlock()
-	return cm.get(ctx, id, true, opts...)
+	r, ok := cm.records[id]
+	if !ok {
+		return nil
+	}
+	return r.Metadata()
 }
 
 // get requires manager lock to be taken
-func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (ImmutableRef, error) {
-	rec, err := cm.getRecord(ctx, id, fromSnapshotter, opts...)
+func (cm *cacheManager) get(ctx context.Context, id string, opts ...RefOption) (*immutableRef, error) {
+	rec, err := cm.getRecord(ctx, id, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -133,46 +330,79 @@ func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool
 		}
 	}
 
+	descHandlers := descHandlersOf(opts...)
+
 	if rec.mutable {
 		if len(rec.refs) != 0 {
 			return nil, errors.Wrapf(ErrLocked, "%s is locked", id)
 		}
 		if rec.equalImmutable != nil {
-			return rec.equalImmutable.ref(triggerUpdate), nil
+			return rec.equalImmutable.ref(triggerUpdate, descHandlers), nil
 		}
-		return rec.mref(triggerUpdate).commit(ctx)
+		return rec.mref(triggerUpdate, descHandlers).commit(ctx)
 	}
 
-	return rec.ref(triggerUpdate), nil
+	return rec.ref(triggerUpdate, descHandlers), nil
 }
 
 // getRecord returns record for id. Requires manager lock.
-func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (cr *cacheRecord, retErr error) {
+func (cm *cacheManager) getRecord(ctx context.Context, id string, opts ...RefOption) (cr *cacheRecord, retErr error) {
+	checkLazyProviders := func(rec *cacheRecord) error {
+		missing := NeedsRemoteProvidersError(nil)
+		dhs := descHandlersOf(opts...)
+		for {
+			blob := digest.Digest(getBlob(rec.md))
+			if isLazy, err := rec.isLazy(ctx); err != nil {
+				return err
+			} else if isLazy && dhs[blob] == nil {
+				missing = append(missing, blob)
+			}
+
+			if rec.parent == nil {
+				break
+			}
+			rec = rec.parent.cacheRecord
+		}
+		if len(missing) > 0 {
+			return missing
+		}
+		return nil
+	}
+
 	if rec, ok := cm.records[id]; ok {
 		if rec.isDead() {
-			return nil, errNotFound
+			return nil, errors.Wrapf(errNotFound, "failed to get dead record %s", id)
+		}
+		if err := checkLazyProviders(rec); err != nil {
+			return nil, err
 		}
 		return rec, nil
 	}
 
 	md, ok := cm.md.Get(id)
-	if !ok && !fromSnapshotter {
-		return nil, errNotFound
+	if !ok {
+		return nil, errors.Wrapf(errNotFound, "%s not found", id)
 	}
 	if mutableID := getEqualMutable(md); mutableID != "" {
-		mutable, err := cm.getRecord(ctx, mutableID, fromSnapshotter)
+		mutable, err := cm.getRecord(ctx, mutableID)
 		if err != nil {
 			// check loading mutable deleted record from disk
-			if errors.Cause(err) == errNotFound {
+			if IsNotFound(err) {
 				cm.md.Clear(id)
 			}
 			return nil, err
 		}
+
+		// parent refs are possibly lazy so keep it hold the description handlers.
+		var dhs DescHandlers
+		if mutable.parent != nil {
+			dhs = mutable.parent.descHandlers
+		}
 		rec := &cacheRecord{
 			mu:           &sync.Mutex{},
 			cm:           cm,
 			refs:         make(map[ref]struct{}),
-			parent:       mutable.parentRef(false),
+			parent:       mutable.parentRef(false, dhs),
 			md:           md,
 			equalMutable: &mutableRef{cacheRecord: mutable},
 		}
@@ -181,27 +411,25 @@ func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotte
 		return rec, nil
 	}
 
-	info, err := cm.Snapshotter.Stat(ctx, id)
-	if err != nil {
-		return nil, errors.Wrap(errNotFound, err.Error())
-	}
-
-	var parent ImmutableRef
-	if info.Parent != "" {
-		parent, err = cm.get(ctx, info.Parent, fromSnapshotter, append(opts, NoUpdateLastUsed)...)
+	var parent *immutableRef
+	if parentID := getParent(md); parentID != "" {
+		var err error
+		parent, err = cm.get(ctx, parentID, append(opts, NoUpdateLastUsed)...)
 		if err != nil {
 			return nil, err
 		}
 		defer func() {
 			if retErr != nil {
-				parent.Release(context.TODO())
+				parent.mu.Lock()
+				parent.release(context.TODO())
+				parent.mu.Unlock()
 			}
 		}()
 	}
 
 	rec := &cacheRecord{
 		mu:      &sync.Mutex{},
-		mutable: info.Kind != snapshots.KindCommitted,
+		mutable: !getCommitted(md),
 		cm:      cm,
 		refs:    make(map[ref]struct{}),
 		parent:  parent,
@@ -213,41 +441,94 @@ func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotte
 		if err := rec.remove(ctx, true); err != nil {
 			return nil, err
 		}
-		return nil, errNotFound
+		return nil, errors.Wrapf(errNotFound, "failed to get deleted record %s", id)
 	}
 
-	if err := initializeMetadata(rec, opts...); err != nil {
-		if parent != nil {
-			parent.Release(context.TODO())
-		}
+	if err := initializeMetadata(rec, getParent(md), opts...); err != nil {
 		return nil, err
 	}
 
+	if err := setImageRefMetadata(rec, opts...); err != nil {
+		return nil, errors.Wrapf(err, "failed to append image ref metadata to ref %s", rec.ID())
+	}
+
 	cm.records[id] = rec
+	if err := checkLazyProviders(rec); err != nil {
+		return nil, err
+	}
 	return rec, nil
 }
 
-func (cm *cacheManager) New(ctx context.Context, s ImmutableRef, opts ...RefOption) (MutableRef, error) {
+func (cm *cacheManager) New(ctx context.Context, s ImmutableRef, sess session.Group, opts ...RefOption) (mr MutableRef, err error) {
 	id := identity.NewID()
 
-	var parent ImmutableRef
+	var parent *immutableRef
 	var parentID string
+	var parentSnapshotID string
 	if s != nil {
-		var err error
-		parent, err = cm.Get(ctx, s.ID(), NoUpdateLastUsed)
-		if err != nil {
-			return nil, err
+		if _, ok := s.(*immutableRef); ok {
+			parent = s.Clone().(*immutableRef)
+		} else {
+			p, err := cm.Get(ctx, s.ID(), append(opts, NoUpdateLastUsed)...)
+			if err != nil {
+				return nil, err
+			}
+			parent = p.(*immutableRef)
 		}
 		if err := parent.Finalize(ctx, true); err != nil {
 			return nil, err
 		}
+		if err := parent.Extract(ctx, sess); err != nil {
+			return nil, err
+		}
+		parentSnapshotID = getSnapshotID(parent.md)
 		parentID = parent.ID()
 	}
 
-	if err := cm.Snapshotter.Prepare(ctx, id, parentID); err != nil {
-		if parent != nil {
+	defer func() {
+		if err != nil && parent != nil {
 			parent.Release(context.TODO())
 		}
+	}()
+
+	l, err := cm.ManagerOpt.LeaseManager.Create(ctx, func(l *leases.Lease) error {
+		l.ID = id
+		l.Labels = map[string]string{
+			"containerd.io/gc.flat": time.Now().UTC().Format(time.RFC3339Nano),
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create lease")
+	}
+
+	defer func() {
+		if err != nil {
+			if err := cm.ManagerOpt.LeaseManager.Delete(context.TODO(), leases.Lease{
+				ID: l.ID,
+			}); err != nil {
+				logrus.Errorf("failed to remove lease: %+v", err)
+			}
+		}
+	}()
+
+	if err := cm.ManagerOpt.LeaseManager.AddResource(ctx, l, leases.Resource{
+		ID:   id,
+		Type: "snapshots/" + cm.ManagerOpt.Snapshotter.Name(),
+	}); err != nil {
+		return nil, errors.Wrapf(err, "failed to add snapshot %s to lease", id)
+	}
+
+	if cm.Snapshotter.Name() == "stargz" && parent != nil {
+		if rerr := parent.withRemoteSnapshotLabelsStargzMode(ctx, sess, func() {
+			err = cm.Snapshotter.Prepare(ctx, id, parentSnapshotID)
+		}); rerr != nil {
+			return nil, rerr
+		}
+	} else {
+		err = cm.Snapshotter.Prepare(ctx, id, parentSnapshotID)
+	}
+	if err != nil {
 		return nil, errors.Wrapf(err, "failed to prepare %s", id)
 	}
 
@@ -262,25 +543,32 @@ func (cm *cacheManager) New(ctx context.Context, s ImmutableRef, opts ...RefOpti
 		md:      md,
 	}
 
-	if err := initializeMetadata(rec, opts...); err != nil {
-		if parent != nil {
-			parent.Release(context.TODO())
-		}
+	if err := initializeMetadata(rec, parentID, opts...); err != nil {
 		return nil, err
 	}
 
+	if err := setImageRefMetadata(rec, opts...); err != nil {
+		return nil, errors.Wrapf(err, "failed to append image ref metadata to ref %s", rec.ID())
+	}
+
 	cm.mu.Lock()
 	defer cm.mu.Unlock()
 
 	cm.records[id] = rec // TODO: save to db
 
-	return rec.mref(true), nil
+	// parent refs are possibly lazy so keep it hold the description handlers.
+	var dhs DescHandlers
+	if parent != nil {
+		dhs = parent.descHandlers
+	}
+	return rec.mref(true, dhs), nil
 }
-func (cm *cacheManager) GetMutable(ctx context.Context, id string) (MutableRef, error) {
+
+func (cm *cacheManager) GetMutable(ctx context.Context, id string, opts ...RefOption) (MutableRef, error) {
 	cm.mu.Lock()
 	defer cm.mu.Unlock()
 
-	rec, err := cm.getRecord(ctx, id, false)
+	rec, err := cm.getRecord(ctx, id, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -306,32 +594,41 @@ func (cm *cacheManager) GetMutable(ctx context.Context, id string) (MutableRef,
 		rec.equalImmutable = nil
 	}
 
-	return rec.mref(true), nil
+	return rec.mref(true, descHandlersOf(opts...)), nil
 }
 
 func (cm *cacheManager) Prune(ctx context.Context, ch chan client.UsageInfo, opts ...client.PruneInfo) error {
 	cm.muPrune.Lock()
-	defer cm.muPrune.Unlock()
 
 	for _, opt := range opts {
 		if err := cm.pruneOnce(ctx, ch, opt); err != nil {
+			cm.muPrune.Unlock()
 			return err
 		}
 	}
+
+	cm.muPrune.Unlock()
+
+	if cm.GarbageCollect != nil {
+		if _, err := cm.GarbageCollect(ctx); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
 func (cm *cacheManager) pruneOnce(ctx context.Context, ch chan client.UsageInfo, opt client.PruneInfo) error {
 	filter, err := filters.ParseAll(opt.Filter...)
 	if err != nil {
-		return err
+		return errors.Wrapf(err, "failed to parse prune filters %v", opt.Filter)
 	}
 
 	var check ExternalRefChecker
 	if f := cm.PruneRefChecker; f != nil && (!opt.All || len(opt.Filter) > 0) {
 		c, err := f()
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		check = c
 	}
@@ -343,10 +640,8 @@ func (cm *cacheManager) pruneOnce(ctx context.Context, ch chan client.UsageInfo,
 			return err
 		}
 		for _, ui := range du {
-			if check != nil {
-				if check.Exists(ui.ID) {
-					continue
-				}
+			if ui.Shared {
+				continue
 			}
 			totalSize += ui.Size
 		}
@@ -401,7 +696,7 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, opt
 
 			shared := false
 			if opt.checkShared != nil {
-				shared = opt.checkShared.Exists(cr.ID())
+				shared = opt.checkShared.Exists(cr.ID(), cr.parentChain())
 			}
 
 			if !opt.all {
@@ -476,6 +771,22 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, opt
 		return nil
 	}
 
+	// calculate sizes here so that lock does not need to be held for slow process
+	for _, cr := range toDelete {
+		size := getSize(cr.md)
+
+		if size == sizeUnknown && cr.equalImmutable != nil {
+			size = getSize(cr.equalImmutable.md) // benefit from DiskUsage calc
+		}
+		if size == sizeUnknown {
+			// calling size will warm cache for next call
+			if _, err := cr.Size(ctx); err != nil {
+				return err
+			}
+		}
+	}
+
+	cm.mu.Lock()
 	var err error
 	for _, cr := range toDelete {
 		cr.mu.Lock()
@@ -499,15 +810,6 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, opt
 		if c.Size == sizeUnknown && cr.equalImmutable != nil {
 			c.Size = getSize(cr.equalImmutable.md) // benefit from DiskUsage calc
 		}
-		if c.Size == sizeUnknown {
-			cr.mu.Unlock() // all the non-prune modifications already protected by cr.dead
-			s, err := cr.Size(ctx)
-			if err != nil {
-				return err
-			}
-			c.Size = s
-			cr.mu.Lock()
-		}
 
 		opt.totalSize -= c.Size
 
@@ -525,6 +827,7 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, opt
 		}
 		cr.mu.Unlock()
 	}
+	cm.mu.Unlock()
 	if err != nil {
 		return err
 	}
@@ -543,7 +846,7 @@ func (cm *cacheManager) markShared(m map[string]*cacheUsageInfo) error {
 	}
 	c, err := cm.PruneRefChecker()
 	if err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 
 	var markAllParentsShared func(string)
@@ -560,7 +863,7 @@ func (cm *cacheManager) markShared(m map[string]*cacheUsageInfo) error {
 		if m[id].shared {
 			continue
 		}
-		if b := c.Exists(id); b {
+		if b := c.Exists(id, m[id].parentChain); b {
 			markAllParentsShared(id)
 		}
 	}
@@ -579,12 +882,13 @@ type cacheUsageInfo struct {
 	doubleRef   bool
 	recordType  client.UsageRecordType
 	shared      bool
+	parentChain []digest.Digest
 }
 
 func (cm *cacheManager) DiskUsage(ctx context.Context, opt client.DiskUsageInfo) ([]*client.UsageInfo, error) {
 	filter, err := filters.ParseAll(opt.Filter...)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrapf(err, "failed to parse diskusage filters %v", opt.Filter)
 	}
 
 	cm.mu.Lock()
@@ -611,6 +915,7 @@ func (cm *cacheManager) DiskUsage(ctx context.Context, opt client.DiskUsageInfo)
 			description: GetDescription(cr.md),
 			doubleRef:   cr.equalImmutable != nil,
 			recordType:  GetRecordType(cr),
+			parentChain: cr.parentChain(),
 		}
 		if c.recordType == "" {
 			c.recordType = client.UsageRecordTypeRegular
@@ -697,12 +1002,8 @@ func (cm *cacheManager) DiskUsage(ctx context.Context, opt client.DiskUsageInfo)
 	return du, nil
 }
 
-func IsLocked(err error) bool {
-	return errors.Cause(err) == ErrLocked
-}
-
 func IsNotFound(err error) bool {
-	return errors.Cause(err) == errNotFound
+	return errors.Is(err, errNotFound)
 }
 
 type RefOption interface{}
@@ -730,6 +1031,10 @@ func CachePolicyRetain(m withMetadata) error {
 	return queueCachePolicy(m.Metadata(), cachePolicyRetain)
 }
 
+func CachePolicyDefault(m withMetadata) error {
+	return queueCachePolicy(m.Metadata(), cachePolicyDefault)
+}
+
 func WithDescription(descr string) RefOption {
 	return func(m withMetadata) error {
 		return queueDescription(m.Metadata(), descr)
@@ -748,12 +1053,41 @@ func WithCreationTime(tm time.Time) RefOption {
 	}
 }
 
-func initializeMetadata(m withMetadata, opts ...RefOption) error {
+// Need a separate type for imageRef because it needs to be called outside
+// initializeMetadata while still being a RefOption, so wrapping it in a
+// different type ensures initializeMetadata won't catch it too and duplicate
+// setting the metadata.
+type imageRefOption func(m withMetadata) error
+
+// WithImageRef appends the given imageRef to the cache ref's metadata
+func WithImageRef(imageRef string) RefOption {
+	return imageRefOption(func(m withMetadata) error {
+		return appendImageRef(m.Metadata(), imageRef)
+	})
+}
+
+func setImageRefMetadata(m withMetadata, opts ...RefOption) error {
+	md := m.Metadata()
+	for _, opt := range opts {
+		if fn, ok := opt.(imageRefOption); ok {
+			if err := fn(m); err != nil {
+				return err
+			}
+		}
+	}
+	return md.Commit()
+}
+
+func initializeMetadata(m withMetadata, parent string, opts ...RefOption) error {
 	md := m.Metadata()
 	if tm := GetCreatedAt(md); !tm.IsZero() {
 		return nil
 	}
 
+	if err := queueParent(md, parent); err != nil {
+		return err
+	}
+
 	if err := queueCreatedAt(md, time.Now()); err != nil {
 		return err
 	}
@@ -861,3 +1195,15 @@ func sortDeleteRecords(toDelete []*deleteRecord) {
 				float64(toDelete[j].usageCountIndex)/float64(maxUsageCountIndex)
 	})
 }
+
+func diffIDFromDescriptor(desc ocispec.Descriptor) (digest.Digest, error) {
+	diffIDStr, ok := desc.Annotations["containerd.io/uncompressed"]
+	if !ok {
+		return "", errors.Errorf("missing uncompressed annotation for %s", desc.Digest)
+	}
+	diffID, err := digest.Parse(diffIDStr)
+	if err != nil {
+		return "", errors.Wrapf(err, "failed to parse diffID %q for %s", diffIDStr, desc.Digest)
+	}
+	return diffID, nil
+}
diff --git a/vendor/github.com/moby/buildkit/cache/metadata.go b/vendor/github.com/moby/buildkit/cache/metadata.go
index 9929868844c9f..a5c7df7f4cf03 100644
--- a/vendor/github.com/moby/buildkit/cache/metadata.go
+++ b/vendor/github.com/moby/buildkit/cache/metadata.go
@@ -19,13 +19,207 @@ const keyLastUsedAt = "cache.lastUsedAt"
 const keyUsageCount = "cache.usageCount"
 const keyLayerType = "cache.layerType"
 const keyRecordType = "cache.recordType"
+const keyCommitted = "snapshot.committed"
+const keyParent = "cache.parent"
+const keyDiffID = "cache.diffID"
+const keyChainID = "cache.chainID"
+const keyBlobChainID = "cache.blobChainID"
+const keyBlob = "cache.blob"
+const keySnapshot = "cache.snapshot"
+const keyBlobOnly = "cache.blobonly"
+const keyMediaType = "cache.mediatype"
+const keyImageRefs = "cache.imageRefs"
+
+// BlobSize is the packed blob size as specified in the oci descriptor
+const keyBlobSize = "cache.blobsize"
 
 const keyDeleted = "cache.deleted"
 
+func queueDiffID(si *metadata.StorageItem, str string) error {
+	if str == "" {
+		return nil
+	}
+	v, err := metadata.NewValue(str)
+	if err != nil {
+		return errors.Wrap(err, "failed to create diffID value")
+	}
+	si.Update(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyDiffID, v)
+	})
+	return nil
+}
+
+func getMediaType(si *metadata.StorageItem) string {
+	v := si.Get(keyMediaType)
+	if v == nil {
+		return si.ID()
+	}
+	var str string
+	if err := v.Unmarshal(&str); err != nil {
+		return ""
+	}
+	return str
+}
+
+func queueMediaType(si *metadata.StorageItem, str string) error {
+	if str == "" {
+		return nil
+	}
+	v, err := metadata.NewValue(str)
+	if err != nil {
+		return errors.Wrap(err, "failed to create mediaType value")
+	}
+	si.Queue(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyMediaType, v)
+	})
+	return nil
+}
+
+func getSnapshotID(si *metadata.StorageItem) string {
+	v := si.Get(keySnapshot)
+	if v == nil {
+		return si.ID()
+	}
+	var str string
+	if err := v.Unmarshal(&str); err != nil {
+		return ""
+	}
+	return str
+}
+
+func queueSnapshotID(si *metadata.StorageItem, str string) error {
+	if str == "" {
+		return nil
+	}
+	v, err := metadata.NewValue(str)
+	if err != nil {
+		return errors.Wrap(err, "failed to create chainID value")
+	}
+	si.Queue(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keySnapshot, v)
+	})
+	return nil
+}
+
+func getDiffID(si *metadata.StorageItem) string {
+	v := si.Get(keyDiffID)
+	if v == nil {
+		return ""
+	}
+	var str string
+	if err := v.Unmarshal(&str); err != nil {
+		return ""
+	}
+	return str
+}
+
+func queueChainID(si *metadata.StorageItem, str string) error {
+	if str == "" {
+		return nil
+	}
+	v, err := metadata.NewValue(str)
+	if err != nil {
+		return errors.Wrap(err, "failed to create chainID value")
+	}
+	v.Index = "chainid:" + str
+	si.Update(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyChainID, v)
+	})
+	return nil
+}
+
+func getBlobChainID(si *metadata.StorageItem) string {
+	v := si.Get(keyBlobChainID)
+	if v == nil {
+		return ""
+	}
+	var str string
+	if err := v.Unmarshal(&str); err != nil {
+		return ""
+	}
+	return str
+}
+
+func queueBlobChainID(si *metadata.StorageItem, str string) error {
+	if str == "" {
+		return nil
+	}
+	v, err := metadata.NewValue(str)
+	if err != nil {
+		return errors.Wrap(err, "failed to create chainID value")
+	}
+	v.Index = "blobchainid:" + str
+	si.Update(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyBlobChainID, v)
+	})
+	return nil
+}
+
+func getChainID(si *metadata.StorageItem) string {
+	v := si.Get(keyChainID)
+	if v == nil {
+		return ""
+	}
+	var str string
+	if err := v.Unmarshal(&str); err != nil {
+		return ""
+	}
+	return str
+}
+
+func queueBlob(si *metadata.StorageItem, str string) error {
+	if str == "" {
+		return nil
+	}
+	v, err := metadata.NewValue(str)
+	if err != nil {
+		return errors.Wrap(err, "failed to create blob value")
+	}
+	si.Update(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyBlob, v)
+	})
+	return nil
+}
+
+func getBlob(si *metadata.StorageItem) string {
+	v := si.Get(keyBlob)
+	if v == nil {
+		return ""
+	}
+	var str string
+	if err := v.Unmarshal(&str); err != nil {
+		return ""
+	}
+	return str
+}
+
+func queueBlobOnly(si *metadata.StorageItem, b bool) error {
+	v, err := metadata.NewValue(b)
+	if err != nil {
+		return errors.Wrap(err, "failed to create blobonly value")
+	}
+	si.Queue(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyBlobOnly, v)
+	})
+	return nil
+}
+
+func getBlobOnly(si *metadata.StorageItem) bool {
+	v := si.Get(keyBlobOnly)
+	if v == nil {
+		return false
+	}
+	var blobOnly bool
+	if err := v.Unmarshal(&blobOnly); err != nil {
+		return false
+	}
+	return blobOnly
+}
+
 func setDeleted(si *metadata.StorageItem) error {
 	v, err := metadata.NewValue(true)
 	if err != nil {
-		return errors.Wrap(err, "failed to create size value")
+		return errors.Wrap(err, "failed to create deleted value")
 	}
 	si.Update(func(b *bolt.Bucket) error {
 		return si.SetValue(b, keyDeleted, v)
@@ -45,6 +239,55 @@ func getDeleted(si *metadata.StorageItem) bool {
 	return deleted
 }
 
+func queueCommitted(si *metadata.StorageItem) error {
+	v, err := metadata.NewValue(true)
+	if err != nil {
+		return errors.Wrap(err, "failed to create committed value")
+	}
+	si.Queue(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyCommitted, v)
+	})
+	return nil
+}
+
+func getCommitted(si *metadata.StorageItem) bool {
+	v := si.Get(keyCommitted)
+	if v == nil {
+		return false
+	}
+	var committed bool
+	if err := v.Unmarshal(&committed); err != nil {
+		return false
+	}
+	return committed
+}
+
+func queueParent(si *metadata.StorageItem, parent string) error {
+	if parent == "" {
+		return nil
+	}
+	v, err := metadata.NewValue(parent)
+	if err != nil {
+		return errors.Wrap(err, "failed to create parent value")
+	}
+	si.Update(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyParent, v)
+	})
+	return nil
+}
+
+func getParent(si *metadata.StorageItem) string {
+	v := si.Get(keyParent)
+	if v == nil {
+		return ""
+	}
+	var parent string
+	if err := v.Unmarshal(&parent); err != nil {
+		return ""
+	}
+	return parent
+}
+
 func setSize(si *metadata.StorageItem, s int64) error {
 	v, err := metadata.NewValue(s)
 	if err != nil {
@@ -68,6 +311,63 @@ func getSize(si *metadata.StorageItem) int64 {
 	return size
 }
 
+func appendImageRef(si *metadata.StorageItem, s string) error {
+	return si.GetAndSetValue(keyImageRefs, func(v *metadata.Value) (*metadata.Value, error) {
+		var imageRefs []string
+		if v != nil {
+			if err := v.Unmarshal(&imageRefs); err != nil {
+				return nil, err
+			}
+		}
+		for _, existing := range imageRefs {
+			if existing == s {
+				return nil, metadata.ErrSkipSetValue
+			}
+		}
+		imageRefs = append(imageRefs, s)
+		v, err := metadata.NewValue(imageRefs)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to create imageRefs value")
+		}
+		return v, nil
+	})
+}
+
+func getImageRefs(si *metadata.StorageItem) []string {
+	v := si.Get(keyImageRefs)
+	if v == nil {
+		return nil
+	}
+	var refs []string
+	if err := v.Unmarshal(&refs); err != nil {
+		return nil
+	}
+	return refs
+}
+
+func queueBlobSize(si *metadata.StorageItem, s int64) error {
+	v, err := metadata.NewValue(s)
+	if err != nil {
+		return errors.Wrap(err, "failed to create blobsize value")
+	}
+	si.Queue(func(b *bolt.Bucket) error {
+		return si.SetValue(b, keyBlobSize, v)
+	})
+	return nil
+}
+
+func getBlobSize(si *metadata.StorageItem) int64 {
+	v := si.Get(keyBlobSize)
+	if v == nil {
+		return sizeUnknown
+	}
+	var size int64
+	if err := v.Unmarshal(&size); err != nil {
+		return sizeUnknown
+	}
+	return size
+}
+
 func getEqualMutable(si *metadata.StorageItem) string {
 	v := si.Get(keyEqualMutable)
 	if v == nil {
diff --git a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go
index 9da270b4e6190..ff76a0be5d618 100644
--- a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go
+++ b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go
@@ -55,7 +55,7 @@ func (s *Store) All() ([]*StorageItem, error) {
 			return nil
 		})
 	})
-	return out, err
+	return out, errors.WithStack(err)
 }
 
 func (s *Store) Probe(index string) (bool, error) {
@@ -77,7 +77,7 @@ func (s *Store) Probe(index string) (bool, error) {
 		}
 		return nil
 	})
-	return exists, err
+	return exists, errors.WithStack(err)
 }
 
 func (s *Store) Search(index string) ([]*StorageItem, error) {
@@ -114,7 +114,7 @@ func (s *Store) Search(index string) ([]*StorageItem, error) {
 		}
 		return nil
 	})
-	return out, err
+	return out, errors.WithStack(err)
 }
 
 func (s *Store) View(id string, fn func(b *bolt.Bucket) error) error {
@@ -132,7 +132,7 @@ func (s *Store) View(id string, fn func(b *bolt.Bucket) error) error {
 }
 
 func (s *Store) Clear(id string) error {
-	return s.db.Update(func(tx *bolt.Tx) error {
+	return errors.WithStack(s.db.Update(func(tx *bolt.Tx) error {
 		external := tx.Bucket([]byte(externalBucket))
 		if external != nil {
 			external.DeleteBucket([]byte(id))
@@ -160,21 +160,21 @@ func (s *Store) Clear(id string) error {
 			}
 		}
 		return main.DeleteBucket([]byte(id))
-	})
+	}))
 }
 
 func (s *Store) Update(id string, fn func(b *bolt.Bucket) error) error {
-	return s.db.Update(func(tx *bolt.Tx) error {
+	return errors.WithStack(s.db.Update(func(tx *bolt.Tx) error {
 		b, err := tx.CreateBucketIfNotExists([]byte(mainBucket))
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		b, err = b.CreateBucketIfNotExists([]byte(id))
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		return fn(b)
-	})
+	}))
 }
 
 func (s *Store) Get(id string) (*StorageItem, bool) {
@@ -200,15 +200,16 @@ func (s *Store) Get(id string) (*StorageItem, bool) {
 }
 
 func (s *Store) Close() error {
-	return s.db.Close()
+	return errors.WithStack(s.db.Close())
 }
 
 type StorageItem struct {
 	id      string
+	vmu     sync.RWMutex
 	values  map[string]*Value
+	qmu     sync.Mutex
 	queue   []func(*bolt.Bucket) error
 	storage *Store
-	mu      sync.RWMutex
 }
 
 func newStorageItem(id string, b *bolt.Bucket, s *Store) (*StorageItem, error) {
@@ -222,13 +223,13 @@ func newStorageItem(id string, b *bolt.Bucket, s *Store) (*StorageItem, error) {
 			var sv Value
 			if len(v) > 0 {
 				if err := json.Unmarshal(v, &sv); err != nil {
-					return err
+					return errors.WithStack(err)
 				}
 				si.values[string(k)] = &sv
 			}
 			return nil
 		}); err != nil {
-			return si, err
+			return si, errors.WithStack(err)
 		}
 	}
 	return si, nil
@@ -242,26 +243,28 @@ func (s *StorageItem) ID() string {
 	return s.id
 }
 
-func (s *StorageItem) View(fn func(b *bolt.Bucket) error) error {
-	return s.storage.View(s.id, fn)
-}
-
 func (s *StorageItem) Update(fn func(b *bolt.Bucket) error) error {
 	return s.storage.Update(s.id, fn)
 }
 
+func (s *StorageItem) Metadata() *StorageItem {
+	return s
+}
+
 func (s *StorageItem) Keys() []string {
+	s.vmu.RLock()
 	keys := make([]string, 0, len(s.values))
 	for k := range s.values {
 		keys = append(keys, k)
 	}
+	s.vmu.RUnlock()
 	return keys
 }
 
 func (s *StorageItem) Get(k string) *Value {
-	s.mu.RLock()
+	s.vmu.RLock()
 	v := s.values[k]
-	s.mu.RUnlock()
+	s.vmu.RUnlock()
 	return v
 }
 
@@ -276,63 +279,83 @@ func (s *StorageItem) GetExternal(k string) ([]byte, error) {
 		if b == nil {
 			return errors.WithStack(errNotFound)
 		}
-		dt = b.Get([]byte(k))
-		if dt == nil {
+		dt2 := b.Get([]byte(k))
+		if dt2 == nil {
 			return errors.WithStack(errNotFound)
 		}
+		// data needs to be copied as boltdb can reuse the buffer after View returns
+		dt = make([]byte, len(dt2))
+		copy(dt, dt2)
 		return nil
 	})
 	if err != nil {
-		return nil, err
+		return nil, errors.WithStack(err)
 	}
 	return dt, nil
 }
 
 func (s *StorageItem) SetExternal(k string, dt []byte) error {
-	return s.storage.db.Update(func(tx *bolt.Tx) error {
+	return errors.WithStack(s.storage.db.Update(func(tx *bolt.Tx) error {
 		b, err := tx.CreateBucketIfNotExists([]byte(externalBucket))
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		b, err = b.CreateBucketIfNotExists([]byte(s.id))
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		return b.Put([]byte(k), dt)
-	})
+	}))
 }
 
 func (s *StorageItem) Queue(fn func(b *bolt.Bucket) error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
+	s.qmu.Lock()
+	defer s.qmu.Unlock()
 	s.queue = append(s.queue, fn)
 }
 
 func (s *StorageItem) Commit() error {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	return s.Update(func(b *bolt.Bucket) error {
+	s.qmu.Lock()
+	defer s.qmu.Unlock()
+	return errors.WithStack(s.Update(func(b *bolt.Bucket) error {
 		for _, fn := range s.queue {
 			if err := fn(b); err != nil {
-				return err
+				return errors.WithStack(err)
 			}
 		}
 		s.queue = s.queue[:0]
 		return nil
-	})
+	}))
 }
 
 func (s *StorageItem) Indexes() (out []string) {
+	s.vmu.RLock()
 	for _, v := range s.values {
 		if v.Index != "" {
 			out = append(out, v.Index)
 		}
 	}
+	s.vmu.RUnlock()
 	return
 }
 
 func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error {
+	s.vmu.Lock()
+	defer s.vmu.Unlock()
+	return s.setValue(b, key, v)
+}
+
+func (s *StorageItem) setValue(b *bolt.Bucket, key string, v *Value) error {
 	if v == nil {
+		if old, ok := s.values[key]; ok {
+			if old.Index != "" {
+				b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket))
+				if err != nil {
+					return errors.WithStack(err)
+				}
+				b.Delete([]byte(indexKey(old.Index, s.ID()))) // ignore error
+			}
+		}
 		if err := b.Put([]byte(key), nil); err != nil {
 			return err
 		}
@@ -341,24 +364,40 @@ func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error {
 	}
 	dt, err := json.Marshal(v)
 	if err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 	if err := b.Put([]byte(key), dt); err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 	if v.Index != "" {
 		b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket))
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		if err := b.Put([]byte(indexKey(v.Index, s.ID())), []byte{}); err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 	}
 	s.values[key] = v
 	return nil
 }
 
+var ErrSkipSetValue = errors.New("skip setting metadata value")
+
+func (s *StorageItem) GetAndSetValue(key string, fn func(*Value) (*Value, error)) error {
+	return s.Update(func(b *bolt.Bucket) error {
+		s.vmu.Lock()
+		defer s.vmu.Unlock()
+		v, err := fn(s.values[key])
+		if errors.Is(err, ErrSkipSetValue) {
+			return nil
+		} else if err != nil {
+			return err
+		}
+		return s.setValue(b, key, v)
+	})
+}
+
 type Value struct {
 	Value json.RawMessage `json:"value,omitempty"`
 	Index string          `json:"index,omitempty"`
@@ -367,14 +406,13 @@ type Value struct {
 func NewValue(v interface{}) (*Value, error) {
 	dt, err := json.Marshal(v)
 	if err != nil {
-		return nil, err
+		return nil, errors.WithStack(err)
 	}
 	return &Value{Value: json.RawMessage(dt)}, nil
 }
 
 func (v *Value) Unmarshal(target interface{}) error {
-	err := json.Unmarshal(v.Value, target)
-	return err
+	return errors.WithStack(json.Unmarshal(v.Value, target))
 }
 
 func indexKey(index, target string) string {
diff --git a/vendor/github.com/moby/buildkit/cache/migrate_v2.go b/vendor/github.com/moby/buildkit/cache/migrate_v2.go
new file mode 100644
index 0000000000000..d94ef1eef0dbd
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/cache/migrate_v2.go
@@ -0,0 +1,260 @@
+package cache
+
+import (
+	"context"
+	"io"
+	"os"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/snapshots"
+	"github.com/moby/buildkit/cache/metadata"
+	"github.com/moby/buildkit/snapshot"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+func migrateChainID(si *metadata.StorageItem, all map[string]*metadata.StorageItem) (digest.Digest, digest.Digest, error) {
+	diffID := digest.Digest(getDiffID(si))
+	if diffID == "" {
+		return "", "", nil
+	}
+	blobID := digest.Digest(getBlob(si))
+	if blobID == "" {
+		return "", "", nil
+	}
+	chainID := digest.Digest(getChainID(si))
+	blobChainID := digest.Digest(getBlobChainID(si))
+
+	if chainID != "" && blobChainID != "" {
+		return chainID, blobChainID, nil
+	}
+
+	chainID = diffID
+	blobChainID = digest.FromBytes([]byte(blobID + " " + diffID))
+
+	parent := getParent(si)
+	if parent != "" {
+		pChainID, pBlobChainID, err := migrateChainID(all[parent], all)
+		if err != nil {
+			return "", "", err
+		}
+		chainID = digest.FromBytes([]byte(pChainID + " " + chainID))
+		blobChainID = digest.FromBytes([]byte(pBlobChainID + " " + blobChainID))
+	}
+
+	queueChainID(si, chainID.String())
+	queueBlobChainID(si, blobChainID.String())
+
+	return chainID, blobChainID, si.Commit()
+}
+
+func MigrateV2(ctx context.Context, from, to string, cs content.Store, s snapshot.Snapshotter, lm leases.Manager) error {
+	_, err := os.Stat(to)
+	if err != nil {
+		if !errors.Is(err, os.ErrNotExist) {
+			return errors.WithStack(err)
+		}
+	} else {
+		return nil
+	}
+
+	_, err = os.Stat(from)
+	if err != nil {
+		if !errors.Is(err, os.ErrNotExist) {
+			return errors.WithStack(err)
+		}
+		return nil
+	}
+	tmpPath := to + ".tmp"
+	tmpFile, err := os.Create(tmpPath)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	src, err := os.Open(from)
+	if err != nil {
+		tmpFile.Close()
+		return errors.WithStack(err)
+	}
+	if _, err = io.Copy(tmpFile, src); err != nil {
+		tmpFile.Close()
+		src.Close()
+		return errors.Wrapf(err, "failed to copy db for migration")
+	}
+	src.Close()
+	tmpFile.Close()
+
+	md, err := metadata.NewStore(tmpPath)
+	if err != nil {
+		return err
+	}
+
+	items, err := md.All()
+	if err != nil {
+		return err
+	}
+
+	byID := map[string]*metadata.StorageItem{}
+	for _, item := range items {
+		byID[item.ID()] = item
+	}
+
+	// add committed, parent, snapshot
+	for id, item := range byID {
+		em := getEqualMutable(item)
+		if em == "" {
+			info, err := s.Stat(ctx, id)
+			if err != nil {
+				return err
+			}
+			if info.Kind == snapshots.KindCommitted {
+				queueCommitted(item)
+			}
+			if info.Parent != "" {
+				queueParent(item, info.Parent)
+			}
+		} else {
+			queueCommitted(item)
+		}
+		queueSnapshotID(item, id)
+		item.Commit()
+	}
+
+	for _, item := range byID {
+		em := getEqualMutable(item)
+		if em != "" {
+			if getParent(item) == "" {
+				queueParent(item, getParent(byID[em]))
+				item.Commit()
+			}
+		}
+	}
+
+	type diffPair struct {
+		Blobsum string
+		DiffID  string
+	}
+	// move diffID, blobsum to new location
+	for _, item := range byID {
+		v := item.Get("blobmapping.blob")
+		if v == nil {
+			continue
+		}
+		var blob diffPair
+		if err := v.Unmarshal(&blob); err != nil {
+			return errors.WithStack(err)
+		}
+		if _, err := cs.Info(ctx, digest.Digest(blob.Blobsum)); err != nil {
+			continue
+		}
+		queueDiffID(item, blob.DiffID)
+		queueBlob(item, blob.Blobsum)
+		queueMediaType(item, images.MediaTypeDockerSchema2LayerGzip)
+		if err := item.Commit(); err != nil {
+			return err
+		}
+
+	}
+
+	// calculate new chainid/blobsumid
+	for _, item := range byID {
+		if _, _, err := migrateChainID(item, byID); err != nil {
+			return err
+		}
+	}
+
+	ctx = context.TODO() // no cancellation allowed pass this point
+
+	// add new leases
+	for _, item := range byID {
+		l, err := lm.Create(ctx, func(l *leases.Lease) error {
+			l.ID = item.ID()
+			l.Labels = map[string]string{
+				"containerd.io/gc.flat": time.Now().UTC().Format(time.RFC3339Nano),
+			}
+			return nil
+		})
+		if err != nil {
+			// if we are running the migration twice
+			if errors.Is(err, errdefs.ErrAlreadyExists) {
+				continue
+			}
+			return errors.Wrap(err, "failed to create lease")
+		}
+
+		if err := lm.AddResource(ctx, l, leases.Resource{
+			ID:   getSnapshotID(item),
+			Type: "snapshots/" + s.Name(),
+		}); err != nil {
+			return errors.Wrapf(err, "failed to add snapshot %s to lease", item.ID())
+		}
+
+		if blobID := getBlob(item); blobID != "" {
+			if err := lm.AddResource(ctx, l, leases.Resource{
+				ID:   blobID,
+				Type: "content",
+			}); err != nil {
+				return errors.Wrapf(err, "failed to add blob %s to lease", item.ID())
+			}
+		}
+	}
+
+	// remove old root labels
+	for _, item := range byID {
+		em := getEqualMutable(item)
+		if em == "" {
+			if _, err := s.Update(ctx, snapshots.Info{
+				Name: getSnapshotID(item),
+			}, "labels.containerd.io/gc.root"); err != nil {
+				if !errors.Is(err, errdefs.ErrNotFound) {
+					return err
+				}
+			}
+
+			if blob := getBlob(item); blob != "" {
+				if _, err := cs.Update(ctx, content.Info{
+					Digest: digest.Digest(blob),
+				}, "labels.containerd.io/gc.root"); err != nil {
+					return err
+				}
+			}
+		}
+	}
+
+	// previous implementation can leak views, just clean up all views
+	err = s.Walk(ctx, func(ctx context.Context, info snapshots.Info) error {
+		if info.Kind == snapshots.KindView {
+			if _, err := s.Update(ctx, snapshots.Info{
+				Name: info.Name,
+			}, "labels.containerd.io/gc.root"); err != nil {
+				if !errors.Is(err, errdefs.ErrNotFound) {
+					return err
+				}
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	// switch to new DB
+	if err := md.Close(); err != nil {
+		return err
+	}
+
+	if err := os.Rename(tmpPath, to); err != nil {
+		return err
+	}
+
+	for _, item := range byID {
+		logrus.Infof("migrated %s parent:%q snapshot:%v committed:%v blob:%v diffid:%v chainID:%v blobChainID:%v",
+			item.ID(), getParent(item), getSnapshotID(item), getCommitted(item), getBlob(item), getDiffID(item), getChainID(item), getBlobChainID(item))
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/cache/opts.go b/vendor/github.com/moby/buildkit/cache/opts.go
new file mode 100644
index 0000000000000..911def3e1f385
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/cache/opts.go
@@ -0,0 +1,35 @@
+package cache
+
+import (
+	"fmt"
+
+	"github.com/containerd/containerd/content"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/util/progress"
+	digest "github.com/opencontainers/go-digest"
+)
+
+type DescHandler struct {
+	Provider       func(session.Group) content.Provider
+	Progress       progress.Controller
+	SnapshotLabels map[string]string
+}
+
+type DescHandlers map[digest.Digest]*DescHandler
+
+func descHandlersOf(opts ...RefOption) DescHandlers {
+	for _, opt := range opts {
+		if opt, ok := opt.(DescHandlers); ok {
+			return opt
+		}
+	}
+	return nil
+}
+
+type DescHandlerKey digest.Digest
+
+type NeedsRemoteProvidersError []digest.Digest
+
+func (m NeedsRemoteProvidersError) Error() string {
+	return fmt.Sprintf("missing descriptor handlers for lazy blobs %+v", []digest.Digest(m))
+}
diff --git a/vendor/github.com/moby/buildkit/cache/refs.go b/vendor/github.com/moby/buildkit/cache/refs.go
index 7521e0aa9af40..d7905d7ed1c3d 100644
--- a/vendor/github.com/moby/buildkit/cache/refs.go
+++ b/vendor/github.com/moby/buildkit/cache/refs.go
@@ -2,15 +2,30 @@ package cache
 
 import (
 	"context"
+	"fmt"
+	"strings"
 	"sync"
+	"time"
 
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/leases"
 	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/snapshots"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/cache/metadata"
 	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/util/compression"
 	"github.com/moby/buildkit/util/flightcontrol"
+	"github.com/moby/buildkit/util/leaseutil"
+	"github.com/moby/buildkit/util/winlayers"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
 )
 
 // Ref is a reference to cacheable objects.
@@ -20,6 +35,7 @@ type Ref interface {
 	Release(context.Context) error
 	Size(ctx context.Context) (int64, error)
 	Metadata() *metadata.StorageItem
+	IdentityMapping() *idtools.IdentityMapping
 }
 
 type ImmutableRef interface {
@@ -27,6 +43,20 @@ type ImmutableRef interface {
 	Parent() ImmutableRef
 	Finalize(ctx context.Context, commit bool) error // Make sure reference is flushed to driver
 	Clone() ImmutableRef
+
+	Info() RefInfo
+	Extract(ctx context.Context, s session.Group) error // +progress
+	GetRemote(ctx context.Context, createIfNeeded bool, compressionType compression.Type, s session.Group) (*solver.Remote, error)
+}
+
+type RefInfo struct {
+	SnapshotID  string
+	ChainID     digest.Digest
+	BlobChainID digest.Digest
+	DiffID      digest.Digest
+	Blob        digest.Digest
+	MediaType   string
+	Extracted   bool
 }
 
 type MutableRef interface {
@@ -35,7 +65,7 @@ type MutableRef interface {
 }
 
 type Mountable interface {
-	Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error)
+	Mount(ctx context.Context, readonly bool, s session.Group) (snapshot.Mountable, error)
 }
 
 type ref interface {
@@ -48,7 +78,7 @@ type cacheRecord struct {
 
 	mutable bool
 	refs    map[ref]struct{}
-	parent  ImmutableRef
+	parent  *immutableRef
 	md      *metadata.StorageItem
 
 	// dead means record is marked as deleted
@@ -62,27 +92,87 @@ type cacheRecord struct {
 	// these are filled if multiple refs point to same data
 	equalMutable   *mutableRef
 	equalImmutable *immutableRef
+
+	parentChainCache []digest.Digest
 }
 
 // hold ref lock before calling
-func (cr *cacheRecord) ref(triggerLastUsed bool) *immutableRef {
-	ref := &immutableRef{cacheRecord: cr, triggerLastUsed: triggerLastUsed}
+func (cr *cacheRecord) ref(triggerLastUsed bool, descHandlers DescHandlers) *immutableRef {
+	ref := &immutableRef{
+		cacheRecord:     cr,
+		triggerLastUsed: triggerLastUsed,
+		descHandlers:    descHandlers,
+	}
 	cr.refs[ref] = struct{}{}
 	return ref
 }
 
 // hold ref lock before calling
-func (cr *cacheRecord) mref(triggerLastUsed bool) *mutableRef {
-	ref := &mutableRef{cacheRecord: cr, triggerLastUsed: triggerLastUsed}
+func (cr *cacheRecord) mref(triggerLastUsed bool, descHandlers DescHandlers) *mutableRef {
+	ref := &mutableRef{
+		cacheRecord:     cr,
+		triggerLastUsed: triggerLastUsed,
+		descHandlers:    descHandlers,
+	}
 	cr.refs[ref] = struct{}{}
 	return ref
 }
 
+func (cr *cacheRecord) parentChain() []digest.Digest {
+	if cr.parentChainCache != nil {
+		return cr.parentChainCache
+	}
+	blob := getBlob(cr.md)
+	if blob == "" {
+		return nil
+	}
+
+	var parent []digest.Digest
+	if cr.parent != nil {
+		parent = cr.parent.parentChain()
+	}
+	pcc := make([]digest.Digest, len(parent)+1)
+	copy(pcc, parent)
+	pcc[len(parent)] = digest.Digest(blob)
+	cr.parentChainCache = pcc
+	return pcc
+}
+
 // hold ref lock before calling
 func (cr *cacheRecord) isDead() bool {
 	return cr.dead || (cr.equalImmutable != nil && cr.equalImmutable.dead) || (cr.equalMutable != nil && cr.equalMutable.dead)
 }
 
+func (cr *cacheRecord) isLazy(ctx context.Context) (bool, error) {
+	if !getBlobOnly(cr.md) {
+		return false, nil
+	}
+	dgst := getBlob(cr.md)
+	// special case for moby where there is no compressed blob (empty digest)
+	if dgst == "" {
+		return false, nil
+	}
+	_, err := cr.cm.ContentStore.Info(ctx, digest.Digest(dgst))
+	if errors.Is(err, errdefs.ErrNotFound) {
+		return true, nil
+	} else if err != nil {
+		return false, err
+	}
+
+	// If the snapshot is a remote snapshot, this layer is lazy.
+	if info, err := cr.cm.Snapshotter.Stat(ctx, getSnapshotID(cr.md)); err == nil {
+		if _, ok := info.Labels["containerd.io/snapshot/remote"]; ok {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+func (cr *cacheRecord) IdentityMapping() *idtools.IdentityMapping {
+	return cr.cm.IdentityMapping()
+}
+
 func (cr *cacheRecord) Size(ctx context.Context) (int64, error) {
 	// this expects that usage() is implemented lazily
 	s, err := cr.sizeG.Do(ctx, cr.ID(), func(ctx context.Context) (interface{}, error) {
@@ -92,20 +182,32 @@ func (cr *cacheRecord) Size(ctx context.Context) (int64, error) {
 			cr.mu.Unlock()
 			return s, nil
 		}
-		driverID := cr.ID()
+		driverID := getSnapshotID(cr.md)
 		if cr.equalMutable != nil {
-			driverID = cr.equalMutable.ID()
+			driverID = getSnapshotID(cr.equalMutable.md)
 		}
 		cr.mu.Unlock()
-		usage, err := cr.cm.ManagerOpt.Snapshotter.Usage(ctx, driverID)
-		if err != nil {
-			cr.mu.Lock()
-			isDead := cr.isDead()
-			cr.mu.Unlock()
-			if isDead {
-				return int64(0), nil
+		var usage snapshots.Usage
+		if !getBlobOnly(cr.md) {
+			var err error
+			usage, err = cr.cm.ManagerOpt.Snapshotter.Usage(ctx, driverID)
+			if err != nil {
+				cr.mu.Lock()
+				isDead := cr.isDead()
+				cr.mu.Unlock()
+				if isDead {
+					return int64(0), nil
+				}
+				if !errors.Is(err, errdefs.ErrNotFound) {
+					return s, errors.Wrapf(err, "failed to get usage for %s", cr.ID())
+				}
+			}
+		}
+		if dgst := getBlob(cr.md); dgst != "" {
+			info, err := cr.cm.ContentStore.Info(ctx, digest.Digest(dgst))
+			if err == nil {
+				usage.Size += info.Size
 			}
-			return s, errors.Wrapf(err, "failed to get usage for %s", cr.ID())
 		}
 		cr.mu.Lock()
 		setSize(cr.md, usage.Size)
@@ -116,29 +218,26 @@ func (cr *cacheRecord) Size(ctx context.Context) (int64, error) {
 		cr.mu.Unlock()
 		return usage.Size, nil
 	})
-	return s.(int64), err
-}
-
-func (cr *cacheRecord) Parent() ImmutableRef {
-	return cr.parentRef(true)
+	if err != nil {
+		return 0, err
+	}
+	return s.(int64), nil
 }
 
-func (cr *cacheRecord) parentRef(hidden bool) ImmutableRef {
-	if cr.parent == nil {
+func (cr *cacheRecord) parentRef(hidden bool, descHandlers DescHandlers) *immutableRef {
+	p := cr.parent
+	if p == nil {
 		return nil
 	}
-	p := cr.parent.(*immutableRef)
 	p.mu.Lock()
 	defer p.mu.Unlock()
-	return p.ref(hidden)
+	return p.ref(hidden, descHandlers)
 }
 
-func (cr *cacheRecord) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
-	cr.mu.Lock()
-	defer cr.mu.Unlock()
-
+// must be called holding cacheRecord mu
+func (cr *cacheRecord) mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
 	if cr.mutable {
-		m, err := cr.cm.Snapshotter.Mounts(ctx, cr.ID())
+		m, err := cr.cm.Snapshotter.Mounts(ctx, getSnapshotID(cr.md))
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to mount %s", cr.ID())
 		}
@@ -149,7 +248,7 @@ func (cr *cacheRecord) Mount(ctx context.Context, readonly bool) (snapshot.Mount
 	}
 
 	if cr.equalMutable != nil && readonly {
-		m, err := cr.cm.Snapshotter.Mounts(ctx, cr.equalMutable.ID())
+		m, err := cr.cm.Snapshotter.Mounts(ctx, getSnapshotID(cr.equalMutable.md))
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to mount %s", cr.equalMutable.ID())
 		}
@@ -160,12 +259,24 @@ func (cr *cacheRecord) Mount(ctx context.Context, readonly bool) (snapshot.Mount
 		return nil, err
 	}
 	if cr.viewMount == nil { // TODO: handle this better
-		cr.view = identity.NewID()
-		m, err := cr.cm.Snapshotter.View(ctx, cr.view, cr.ID())
+		view := identity.NewID()
+		l, err := cr.cm.LeaseManager.Create(ctx, func(l *leases.Lease) error {
+			l.ID = view
+			l.Labels = map[string]string{
+				"containerd.io/gc.flat": time.Now().UTC().Format(time.RFC3339Nano),
+			}
+			return nil
+		}, leaseutil.MakeTemporary)
+		if err != nil {
+			return nil, err
+		}
+		ctx = leases.WithLease(ctx, l.ID)
+		m, err := cr.cm.Snapshotter.View(ctx, view, getSnapshotID(cr.md))
 		if err != nil {
-			cr.view = ""
+			cr.cm.LeaseManager.Delete(context.TODO(), leases.Lease{ID: l.ID})
 			return nil, errors.Wrapf(err, "failed to mount %s", cr.ID())
 		}
+		cr.view = view
 		cr.viewMount = m
 	}
 	return cr.viewMount, nil
@@ -175,13 +286,16 @@ func (cr *cacheRecord) Mount(ctx context.Context, readonly bool) (snapshot.Mount
 func (cr *cacheRecord) remove(ctx context.Context, removeSnapshot bool) error {
 	delete(cr.cm.records, cr.ID())
 	if cr.parent != nil {
-		if err := cr.parent.(*immutableRef).release(ctx); err != nil {
+		cr.parent.mu.Lock()
+		err := cr.parent.release(ctx)
+		cr.parent.mu.Unlock()
+		if err != nil {
 			return err
 		}
 	}
 	if removeSnapshot {
-		if err := cr.cm.Snapshotter.Remove(ctx, cr.ID()); err != nil {
-			return err
+		if err := cr.cm.LeaseManager.Delete(context.TODO(), leases.Lease{ID: cr.ID()}); err != nil {
+			return errors.Wrapf(err, "failed to remove %s", cr.ID())
 		}
 	}
 	if err := cr.cm.md.Clear(cr.ID()); err != nil {
@@ -197,20 +311,359 @@ func (cr *cacheRecord) ID() string {
 type immutableRef struct {
 	*cacheRecord
 	triggerLastUsed bool
+	descHandlers    DescHandlers
 }
 
 type mutableRef struct {
 	*cacheRecord
 	triggerLastUsed bool
+	descHandlers    DescHandlers
 }
 
 func (sr *immutableRef) Clone() ImmutableRef {
 	sr.mu.Lock()
-	ref := sr.ref(false)
+	ref := sr.ref(false, sr.descHandlers)
 	sr.mu.Unlock()
 	return ref
 }
 
+func (sr *immutableRef) Parent() ImmutableRef {
+	if p := sr.parentRef(true, sr.descHandlers); p != nil { // avoid returning typed nil pointer
+		return p
+	}
+	return nil
+}
+
+func (sr *immutableRef) Info() RefInfo {
+	return RefInfo{
+		ChainID:     digest.Digest(getChainID(sr.md)),
+		DiffID:      digest.Digest(getDiffID(sr.md)),
+		Blob:        digest.Digest(getBlob(sr.md)),
+		MediaType:   getMediaType(sr.md),
+		BlobChainID: digest.Digest(getBlobChainID(sr.md)),
+		SnapshotID:  getSnapshotID(sr.md),
+		Extracted:   !getBlobOnly(sr.md),
+	}
+}
+
+func (sr *immutableRef) ociDesc() (ocispec.Descriptor, error) {
+	desc := ocispec.Descriptor{
+		Digest:      digest.Digest(getBlob(sr.md)),
+		Size:        getBlobSize(sr.md),
+		MediaType:   getMediaType(sr.md),
+		Annotations: make(map[string]string),
+	}
+
+	diffID := getDiffID(sr.md)
+	if diffID != "" {
+		desc.Annotations["containerd.io/uncompressed"] = diffID
+	}
+
+	createdAt := GetCreatedAt(sr.md)
+	if !createdAt.IsZero() {
+		createdAt, err := createdAt.MarshalText()
+		if err != nil {
+			return ocispec.Descriptor{}, err
+		}
+		desc.Annotations["buildkit/createdat"] = string(createdAt)
+	}
+
+	return desc, nil
+}
+
+// order is from parent->child, sr will be at end of slice
+func (sr *immutableRef) parentRefChain() []*immutableRef {
+	var count int
+	for ref := sr; ref != nil; ref = ref.parent {
+		count++
+	}
+	refs := make([]*immutableRef, count)
+	for i, ref := count-1, sr; ref != nil; i, ref = i-1, ref.parent {
+		refs[i] = ref
+	}
+	return refs
+}
+
+func (sr *immutableRef) Mount(ctx context.Context, readonly bool, s session.Group) (snapshot.Mountable, error) {
+	if err := sr.Extract(ctx, s); err != nil {
+		return nil, err
+	}
+
+	sr.mu.Lock()
+	defer sr.mu.Unlock()
+
+	if sr.cm.Snapshotter.Name() == "stargz" {
+		var (
+			m    snapshot.Mountable
+			rerr error
+		)
+		if err := sr.withRemoteSnapshotLabelsStargzMode(ctx, s, func() {
+			m, rerr = sr.mount(ctx, readonly)
+		}); err != nil {
+			return nil, err
+		}
+		return m, rerr
+	}
+
+	return sr.mount(ctx, readonly)
+}
+
+func (sr *immutableRef) Extract(ctx context.Context, s session.Group) (rerr error) {
+	if !getBlobOnly(sr.md) {
+		return
+	}
+
+	ctx, done, err := leaseutil.WithLease(ctx, sr.cm.LeaseManager, leaseutil.MakeTemporary)
+	if err != nil {
+		return err
+	}
+	defer done(ctx)
+
+	if GetLayerType(sr) == "windows" {
+		ctx = winlayers.UseWindowsLayerMode(ctx)
+	}
+
+	if sr.cm.Snapshotter.Name() == "stargz" {
+		if err := sr.withRemoteSnapshotLabelsStargzMode(ctx, s, func() {
+			if rerr = sr.prepareRemoteSnapshotsStargzMode(ctx, s); rerr != nil {
+				return
+			}
+			rerr = sr.extract(ctx, sr.descHandlers, s)
+		}); err != nil {
+			return err
+		}
+		return rerr
+	}
+
+	return sr.extract(ctx, sr.descHandlers, s)
+}
+
+func (sr *immutableRef) withRemoteSnapshotLabelsStargzMode(ctx context.Context, s session.Group, f func()) error {
+	dhs := sr.descHandlers
+	for _, r := range sr.parentRefChain() {
+		r := r
+		info, err := r.cm.Snapshotter.Stat(ctx, getSnapshotID(r.md))
+		if err != nil && !errdefs.IsNotFound(err) {
+			return err
+		} else if errdefs.IsNotFound(err) {
+			continue // This snpashot doesn't exist; skip
+		} else if _, ok := info.Labels["containerd.io/snapshot/remote"]; !ok {
+			continue // This isn't a remote snapshot; skip
+		}
+		desc, err := r.ociDesc()
+		if err != nil {
+			return err
+		}
+		dh := dhs[desc.Digest]
+		if dh == nil {
+			continue // no info passed; skip
+		}
+
+		// Append temporary labels (based on dh.SnapshotLabels) as hints for remote snapshots.
+		// For avoiding collosion among calls, keys of these tmp labels contain an unique ID.
+		flds, labels := makeTmpLabelsStargzMode(snapshots.FilterInheritedLabels(dh.SnapshotLabels), s)
+		info.Labels = labels
+		if _, err := r.cm.Snapshotter.Update(ctx, info, flds...); err != nil {
+			return errors.Wrapf(err, "failed to add tmp remote labels for remote snapshot")
+		}
+		defer func() {
+			for k := range info.Labels {
+				info.Labels[k] = "" // Remove labels appended in this call
+			}
+			if _, err := r.cm.Snapshotter.Update(ctx, info, flds...); err != nil {
+				logrus.Warn(errors.Wrapf(err, "failed to remove tmp remote labels"))
+			}
+		}()
+
+		continue
+	}
+
+	f()
+
+	return nil
+}
+
+func (sr *immutableRef) prepareRemoteSnapshotsStargzMode(ctx context.Context, s session.Group) error {
+	_, err := sr.sizeG.Do(ctx, sr.ID()+"-prepare-remote-snapshot", func(ctx context.Context) (_ interface{}, rerr error) {
+		dhs := sr.descHandlers
+		for _, r := range sr.parentRefChain() {
+			r := r
+			snapshotID := getSnapshotID(r.md)
+			if _, err := r.cm.Snapshotter.Stat(ctx, snapshotID); err == nil {
+				continue
+			}
+
+			desc, err := r.ociDesc()
+			if err != nil {
+				return nil, err
+			}
+			dh := dhs[desc.Digest]
+			if dh == nil {
+				// We cannot prepare remote snapshots without descHandler.
+				return nil, nil
+			}
+
+			// tmpLabels contains dh.SnapshotLabels + session IDs. All keys contain
+			// an unique ID for avoiding the collision among snapshotter API calls to
+			// this snapshot. tmpLabels will be removed at the end of this function.
+			defaultLabels := snapshots.FilterInheritedLabels(dh.SnapshotLabels)
+			if defaultLabels == nil {
+				defaultLabels = make(map[string]string)
+			}
+			tmpFields, tmpLabels := makeTmpLabelsStargzMode(defaultLabels, s)
+			defaultLabels["containerd.io/snapshot.ref"] = snapshotID
+
+			// Prepare remote snapshots
+			var (
+				key  = fmt.Sprintf("tmp-%s %s", identity.NewID(), r.Info().ChainID)
+				opts = []snapshots.Opt{
+					snapshots.WithLabels(defaultLabels),
+					snapshots.WithLabels(tmpLabels),
+				}
+			)
+			parentID := ""
+			if r.parent != nil {
+				parentID = getSnapshotID(r.parent.md)
+			}
+			if err = r.cm.Snapshotter.Prepare(ctx, key, parentID, opts...); err != nil {
+				if errdefs.IsAlreadyExists(err) {
+					// Check if the targeting snapshot ID has been prepared as
+					// a remote snapshot in the snapshotter.
+					info, err := r.cm.Snapshotter.Stat(ctx, snapshotID)
+					if err == nil { // usable as remote snapshot without unlazying.
+						defer func() {
+							// Remove tmp labels appended in this func
+							for k := range tmpLabels {
+								info.Labels[k] = ""
+							}
+							if _, err := r.cm.Snapshotter.Update(ctx, info, tmpFields...); err != nil {
+								logrus.Warn(errors.Wrapf(err,
+									"failed to remove tmp remote labels after prepare"))
+							}
+						}()
+
+						// Try the next layer as well.
+						continue
+					}
+				}
+			}
+
+			// This layer and all upper layers cannot be prepared without unlazying.
+			break
+		}
+
+		return nil, nil
+	})
+	return err
+}
+
+func makeTmpLabelsStargzMode(labels map[string]string, s session.Group) (fields []string, res map[string]string) {
+	res = make(map[string]string)
+	// Append unique ID to labels for avoiding collision of labels among calls
+	id := identity.NewID()
+	for k, v := range labels {
+		tmpKey := k + "." + id
+		fields = append(fields, "labels."+tmpKey)
+		res[tmpKey] = v
+	}
+	for i, sid := range session.AllSessionIDs(s) {
+		sidKey := "containerd.io/snapshot/remote/stargz.session." + fmt.Sprintf("%d", i) + "." + id
+		fields = append(fields, "labels."+sidKey)
+		res[sidKey] = sid
+	}
+	return
+}
+
+func (sr *immutableRef) extract(ctx context.Context, dhs DescHandlers, s session.Group) error {
+	_, err := sr.sizeG.Do(ctx, sr.ID()+"-extract", func(ctx context.Context) (_ interface{}, rerr error) {
+		snapshotID := getSnapshotID(sr.md)
+		if _, err := sr.cm.Snapshotter.Stat(ctx, snapshotID); err == nil {
+			return nil, nil
+		}
+
+		if sr.cm.Applier == nil {
+			return nil, errors.New("extract requires an applier")
+		}
+
+		eg, egctx := errgroup.WithContext(ctx)
+
+		parentID := ""
+		if sr.parent != nil {
+			eg.Go(func() error {
+				if err := sr.parent.extract(egctx, dhs, s); err != nil {
+					return err
+				}
+				parentID = getSnapshotID(sr.parent.md)
+				return nil
+			})
+		}
+
+		desc, err := sr.ociDesc()
+		if err != nil {
+			return nil, err
+		}
+		dh := dhs[desc.Digest]
+
+		eg.Go(func() error {
+			// unlazies if needed, otherwise a no-op
+			return lazyRefProvider{
+				ref:     sr,
+				desc:    desc,
+				dh:      dh,
+				session: s,
+			}.Unlazy(egctx)
+		})
+
+		if err := eg.Wait(); err != nil {
+			return nil, err
+		}
+
+		if dh != nil && dh.Progress != nil {
+			_, stopProgress := dh.Progress.Start(ctx)
+			defer stopProgress(rerr)
+			statusDone := dh.Progress.Status("extracting "+desc.Digest.String(), "extracting")
+			defer statusDone()
+		}
+
+		key := fmt.Sprintf("extract-%s %s", identity.NewID(), sr.Info().ChainID)
+
+		err = sr.cm.Snapshotter.Prepare(ctx, key, parentID)
+		if err != nil {
+			return nil, err
+		}
+
+		mountable, err := sr.cm.Snapshotter.Mounts(ctx, key)
+		if err != nil {
+			return nil, err
+		}
+		mounts, unmount, err := mountable.Mount()
+		if err != nil {
+			return nil, err
+		}
+		_, err = sr.cm.Applier.Apply(ctx, desc, mounts)
+		if err != nil {
+			unmount()
+			return nil, err
+		}
+
+		if err := unmount(); err != nil {
+			return nil, err
+		}
+		if err := sr.cm.Snapshotter.Commit(ctx, getSnapshotID(sr.md), key); err != nil {
+			if !errors.Is(err, errdefs.ErrAlreadyExists) {
+				return nil, err
+			}
+		}
+		queueBlobOnly(sr.md, false)
+		setSize(sr.md, sizeUnknown)
+		if err := sr.md.Commit(); err != nil {
+			return nil, err
+		}
+		return nil, nil
+	})
+	return err
+}
+
 func (sr *immutableRef) Release(ctx context.Context) error {
 	sr.cm.mu.Lock()
 	defer sr.cm.mu.Unlock()
@@ -249,8 +702,8 @@ func (sr *immutableRef) release(ctx context.Context) error {
 
 	if len(sr.refs) == 0 {
 		if sr.viewMount != nil { // TODO: release viewMount earlier if possible
-			if err := sr.cm.Snapshotter.Remove(ctx, sr.view); err != nil {
-				return err
+			if err := sr.cm.LeaseManager.Delete(ctx, leases.Lease{ID: sr.view}); err != nil {
+				return errors.Wrapf(err, "failed to remove view lease %s", sr.view)
 			}
 			sr.view = ""
 			sr.viewMount = nil
@@ -259,7 +712,6 @@ func (sr *immutableRef) release(ctx context.Context) error {
 		if sr.equalMutable != nil {
 			sr.equalMutable.release(ctx)
 		}
-		// go sr.cm.GC()
 	}
 
 	return nil
@@ -288,18 +740,42 @@ func (cr *cacheRecord) finalize(ctx context.Context, commit bool) error {
 		}
 		return nil
 	}
-	err := cr.cm.Snapshotter.Commit(ctx, cr.ID(), mutable.ID())
+
+	_, err := cr.cm.ManagerOpt.LeaseManager.Create(ctx, func(l *leases.Lease) error {
+		l.ID = cr.ID()
+		l.Labels = map[string]string{
+			"containerd.io/gc.flat": time.Now().UTC().Format(time.RFC3339Nano),
+		}
+		return nil
+	})
 	if err != nil {
+		if !errors.Is(err, errdefs.ErrAlreadyExists) { // migrator adds leases for everything
+			return errors.Wrap(err, "failed to create lease")
+		}
+	}
+
+	if err := cr.cm.ManagerOpt.LeaseManager.AddResource(ctx, leases.Lease{ID: cr.ID()}, leases.Resource{
+		ID:   cr.ID(),
+		Type: "snapshots/" + cr.cm.ManagerOpt.Snapshotter.Name(),
+	}); err != nil {
+		cr.cm.LeaseManager.Delete(context.TODO(), leases.Lease{ID: cr.ID()})
+		return errors.Wrapf(err, "failed to add snapshot %s to lease", cr.ID())
+	}
+
+	err = cr.cm.Snapshotter.Commit(ctx, cr.ID(), mutable.ID())
+	if err != nil {
+		cr.cm.LeaseManager.Delete(context.TODO(), leases.Lease{ID: cr.ID()})
 		return errors.Wrapf(err, "failed to commit %s", mutable.ID())
 	}
 	mutable.dead = true
 	go func() {
 		cr.cm.mu.Lock()
 		defer cr.cm.mu.Unlock()
-		if err := mutable.remove(context.TODO(), false); err != nil {
+		if err := mutable.remove(context.TODO(), true); err != nil {
 			logrus.Error(err)
 		}
 	}()
+
 	cr.equalMutable = nil
 	clearEqualMutable(cr.md)
 	return cr.md.Commit()
@@ -309,9 +785,9 @@ func (sr *mutableRef) updateLastUsed() bool {
 	return sr.triggerLastUsed
 }
 
-func (sr *mutableRef) commit(ctx context.Context) (ImmutableRef, error) {
+func (sr *mutableRef) commit(ctx context.Context) (*immutableRef, error) {
 	if !sr.mutable || len(sr.refs) == 0 {
-		return nil, errors.Wrapf(errInvalid, "invalid mutable ref")
+		return nil, errors.Wrapf(errInvalid, "invalid mutable ref %p", sr)
 	}
 
 	id := identity.NewID()
@@ -319,7 +795,7 @@ func (sr *mutableRef) commit(ctx context.Context) (ImmutableRef, error) {
 	rec := &cacheRecord{
 		mu:           sr.mu,
 		cm:           sr.cm,
-		parent:       sr.parentRef(false),
+		parent:       sr.parentRef(false, sr.descHandlers),
 		equalMutable: sr,
 		refs:         make(map[ref]struct{}),
 		md:           md,
@@ -331,7 +807,11 @@ func (sr *mutableRef) commit(ctx context.Context) (ImmutableRef, error) {
 		}
 	}
 
-	if err := initializeMetadata(rec); err != nil {
+	parentID := ""
+	if rec.parent != nil {
+		parentID = rec.parent.ID()
+	}
+	if err := initializeMetadata(rec, parentID); err != nil {
 		return nil, err
 	}
 
@@ -341,19 +821,36 @@ func (sr *mutableRef) commit(ctx context.Context) (ImmutableRef, error) {
 		return nil, err
 	}
 
+	queueCommitted(md)
 	setSize(md, sizeUnknown)
 	setEqualMutable(md, sr.ID())
 	if err := md.Commit(); err != nil {
 		return nil, err
 	}
 
-	ref := rec.ref(true)
+	ref := rec.ref(true, sr.descHandlers)
 	sr.equalImmutable = ref
 	return ref, nil
 }
 
-func (sr *mutableRef) updatesLastUsed() bool {
-	return sr.triggerLastUsed
+func (sr *mutableRef) Mount(ctx context.Context, readonly bool, s session.Group) (snapshot.Mountable, error) {
+	sr.mu.Lock()
+	defer sr.mu.Unlock()
+
+	if sr.cm.Snapshotter.Name() == "stargz" && sr.parent != nil {
+		var (
+			m    snapshot.Mountable
+			rerr error
+		)
+		if err := sr.parent.withRemoteSnapshotLabelsStargzMode(ctx, s, func() {
+			m, rerr = sr.mount(ctx, readonly)
+		}); err != nil {
+			return nil, err
+		}
+		return m, rerr
+	}
+
+	return sr.mount(ctx, readonly)
 }
 
 func (sr *mutableRef) Commit(ctx context.Context) (ImmutableRef, error) {
@@ -391,17 +888,11 @@ func (sr *mutableRef) release(ctx context.Context) error {
 				return err
 			}
 		}
-		if sr.parent != nil {
-			if err := sr.parent.(*immutableRef).release(ctx); err != nil {
-				return err
-			}
-		}
 		return sr.remove(ctx, true)
-	} else {
-		if sr.updateLastUsed() {
-			updateLastUsed(sr.md)
-			sr.triggerLastUsed = false
-		}
+	}
+	if sr.updateLastUsed() {
+		updateLastUsed(sr.md)
+		sr.triggerLastUsed = false
 	}
 	return nil
 }
@@ -414,12 +905,16 @@ type readOnlyMounter struct {
 	snapshot.Mountable
 }
 
-func (m *readOnlyMounter) Mount() ([]mount.Mount, error) {
-	mounts, err := m.Mountable.Mount()
+func (m *readOnlyMounter) Mount() ([]mount.Mount, func() error, error) {
+	mounts, release, err := m.Mountable.Mount()
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	for i, m := range mounts {
+		if m.Type == "overlay" {
+			mounts[i].Options = readonlyOverlay(m.Options)
+			continue
+		}
 		opts := make([]string, 0, len(m.Options))
 		for _, opt := range m.Options {
 			if opt != "rw" {
@@ -429,5 +924,25 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) {
 		opts = append(opts, "ro")
 		mounts[i].Options = opts
 	}
-	return mounts, nil
+	return mounts, release, nil
+}
+
+func readonlyOverlay(opt []string) []string {
+	out := make([]string, 0, len(opt))
+	upper := ""
+	for _, o := range opt {
+		if strings.HasPrefix(o, "upperdir=") {
+			upper = strings.TrimPrefix(o, "upperdir=")
+		} else if !strings.HasPrefix(o, "workdir=") {
+			out = append(out, o)
+		}
+	}
+	if upper != "" {
+		for i, o := range out {
+			if strings.HasPrefix(o, "lowerdir=") {
+				out[i] = "lowerdir=" + upper + ":" + strings.TrimPrefix(o, "lowerdir=")
+			}
+		}
+	}
+	return out
 }
diff --git a/vendor/github.com/moby/buildkit/cache/remote.go b/vendor/github.com/moby/buildkit/cache/remote.go
new file mode 100644
index 0000000000000..299a571fd8984
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/cache/remote.go
@@ -0,0 +1,205 @@
+package cache
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/reference"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/util/compression"
+	"github.com/moby/buildkit/util/contentutil"
+	"github.com/moby/buildkit/util/leaseutil"
+	"github.com/moby/buildkit/util/progress/logs"
+	"github.com/moby/buildkit/util/pull/pullprogress"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
+)
+
+type Unlazier interface {
+	Unlazy(ctx context.Context) error
+}
+
+// GetRemote gets a *solver.Remote from content store for this ref (potentially pulling lazily).
+// Note: Use WorkerRef.GetRemote instead as moby integration requires custom GetRemote implementation.
+func (sr *immutableRef) GetRemote(ctx context.Context, createIfNeeded bool, compressionType compression.Type, s session.Group) (*solver.Remote, error) {
+	ctx, done, err := leaseutil.WithLease(ctx, sr.cm.LeaseManager, leaseutil.MakeTemporary)
+	if err != nil {
+		return nil, err
+	}
+	defer done(ctx)
+
+	err = sr.computeBlobChain(ctx, createIfNeeded, compressionType, s)
+	if err != nil {
+		return nil, err
+	}
+
+	mprovider := &lazyMultiProvider{mprovider: contentutil.NewMultiProvider(nil)}
+	remote := &solver.Remote{
+		Provider: mprovider,
+	}
+
+	for _, ref := range sr.parentRefChain() {
+		desc, err := ref.ociDesc()
+		if err != nil {
+			return nil, err
+		}
+
+		// NOTE: The media type might be missing for some migrated ones
+		// from before lease based storage. If so, we should detect
+		// the media type from blob data.
+		//
+		// Discussion: https://github.com/moby/buildkit/pull/1277#discussion_r352795429
+		if desc.MediaType == "" {
+			desc.MediaType, err = compression.DetectLayerMediaType(ctx, sr.cm.ContentStore, desc.Digest, false)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// update distribution source annotation for lazy-refs (non-lazy refs
+		// will already have their dsl stored in the content store, which is
+		// used by the push handlers)
+		if isLazy, err := ref.isLazy(ctx); err != nil {
+			return nil, err
+		} else if isLazy {
+			imageRefs := getImageRefs(ref.md)
+			for _, imageRef := range imageRefs {
+				refspec, err := reference.Parse(imageRef)
+				if err != nil {
+					return nil, err
+				}
+
+				u, err := url.Parse("dummy://" + refspec.Locator)
+				if err != nil {
+					return nil, err
+				}
+
+				source, repo := u.Hostname(), strings.TrimPrefix(u.Path, "/")
+				if desc.Annotations == nil {
+					desc.Annotations = make(map[string]string)
+				}
+				dslKey := fmt.Sprintf("%s.%s", "containerd.io/distribution.source", source)
+
+				var existingRepos []string
+				if existings, ok := desc.Annotations[dslKey]; ok {
+					existingRepos = strings.Split(existings, ",")
+				}
+				addNewRepo := true
+				for _, existing := range existingRepos {
+					if existing == repo {
+						addNewRepo = false
+						break
+					}
+				}
+				if addNewRepo {
+					existingRepos = append(existingRepos, repo)
+				}
+				desc.Annotations[dslKey] = strings.Join(existingRepos, ",")
+			}
+		}
+
+		remote.Descriptors = append(remote.Descriptors, desc)
+		mprovider.Add(lazyRefProvider{
+			ref:     ref,
+			desc:    desc,
+			dh:      sr.descHandlers[desc.Digest],
+			session: s,
+		})
+	}
+	return remote, nil
+}
+
+type lazyMultiProvider struct {
+	mprovider *contentutil.MultiProvider
+	plist     []lazyRefProvider
+}
+
+func (mp *lazyMultiProvider) Add(p lazyRefProvider) {
+	mp.mprovider.Add(p.desc.Digest, p)
+	mp.plist = append(mp.plist, p)
+}
+
+func (mp *lazyMultiProvider) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
+	return mp.mprovider.ReaderAt(ctx, desc)
+}
+
+func (mp *lazyMultiProvider) Unlazy(ctx context.Context) error {
+	eg, egctx := errgroup.WithContext(ctx)
+	for _, p := range mp.plist {
+		p := p
+		eg.Go(func() error {
+			return p.Unlazy(egctx)
+		})
+	}
+	return eg.Wait()
+}
+
+type lazyRefProvider struct {
+	ref     *immutableRef
+	desc    ocispec.Descriptor
+	dh      *DescHandler
+	session session.Group
+}
+
+func (p lazyRefProvider) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
+	if desc.Digest != p.desc.Digest {
+		return nil, errdefs.ErrNotFound
+	}
+	if err := p.Unlazy(ctx); err != nil {
+		return nil, err
+	}
+	return p.ref.cm.ContentStore.ReaderAt(ctx, desc)
+}
+
+func (p lazyRefProvider) Unlazy(ctx context.Context) error {
+	_, err := p.ref.cm.unlazyG.Do(ctx, string(p.desc.Digest), func(ctx context.Context) (_ interface{}, rerr error) {
+		if isLazy, err := p.ref.isLazy(ctx); err != nil {
+			return nil, err
+		} else if !isLazy {
+			return nil, nil
+		}
+
+		if p.dh == nil {
+			// shouldn't happen, if you have a lazy immutable ref it already should be validated
+			// that descriptor handlers exist for it
+			return nil, errors.New("unexpected nil descriptor handler")
+		}
+
+		if p.dh.Progress != nil {
+			var stopProgress func(error)
+			ctx, stopProgress = p.dh.Progress.Start(ctx)
+			defer stopProgress(rerr)
+		}
+
+		// For now, just pull down the whole content and then return a ReaderAt from the local content
+		// store. If efficient partial reads are desired in the future, something more like a "tee"
+		// that caches remote partial reads to a local store may need to replace this.
+		err := contentutil.Copy(ctx, p.ref.cm.ContentStore, &pullprogress.ProviderWithProgress{
+			Provider: p.dh.Provider(p.session),
+			Manager:  p.ref.cm.ContentStore,
+		}, p.desc, logs.LoggerFromContext(ctx))
+		if err != nil {
+			return nil, err
+		}
+
+		if imageRefs := getImageRefs(p.ref.md); len(imageRefs) > 0 {
+			// just use the first image ref, it's arbitrary
+			imageRef := imageRefs[0]
+			if GetDescription(p.ref.md) == "" {
+				queueDescription(p.ref.md, "pulled from "+imageRef)
+				err := p.ref.md.Commit()
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+		return nil, err
+	})
+	return err
+}
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/export.go b/vendor/github.com/moby/buildkit/cache/remotecache/export.go
index e40b8de206173..b39045c82584b 100644
--- a/vendor/github.com/moby/buildkit/cache/remotecache/export.go
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/export.go
@@ -10,16 +10,19 @@ import (
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/images"
 	v1 "github.com/moby/buildkit/cache/remotecache/v1"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/util/compression"
 	"github.com/moby/buildkit/util/contentutil"
 	"github.com/moby/buildkit/util/progress"
+	"github.com/moby/buildkit/util/progress/logs"
 	digest "github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
-type ResolveCacheExporterFunc func(ctx context.Context, typ, target string) (Exporter, error)
+type ResolveCacheExporterFunc func(ctx context.Context, g session.Group, attrs map[string]string) (Exporter, error)
 
 func oneOffProgress(ctx context.Context, id string) func(err error) error {
 	pw, _, _ := progress.FromContext(ctx)
@@ -39,28 +42,34 @@ func oneOffProgress(ctx context.Context, id string) func(err error) error {
 
 type Exporter interface {
 	solver.CacheExporterTarget
-	Finalize(ctx context.Context) error
+	// Finalize finalizes and return metadata that are returned to the client
+	// e.g. ExporterResponseManifestDesc
+	Finalize(ctx context.Context) (map[string]string, error)
 }
 
+const (
+	// ExportResponseManifestDesc is a key for the map returned from Exporter.Finalize.
+	// The map value is a JSON string of an OCI desciptor of a manifest.
+	ExporterResponseManifestDesc = "cache.manifest"
+)
+
 type contentCacheExporter struct {
 	solver.CacheExporterTarget
 	chains   *v1.CacheChains
 	ingester content.Ingester
+	oci      bool
 }
 
-func NewExporter(ingester content.Ingester) Exporter {
+func NewExporter(ingester content.Ingester, oci bool) Exporter {
 	cc := v1.NewCacheChains()
-	return &contentCacheExporter{CacheExporterTarget: cc, chains: cc, ingester: ingester}
+	return &contentCacheExporter{CacheExporterTarget: cc, chains: cc, ingester: ingester, oci: oci}
 }
 
-func (ce *contentCacheExporter) Finalize(ctx context.Context) error {
-	return export(ctx, ce.ingester, ce.chains)
-}
-
-func export(ctx context.Context, ingester content.Ingester, cc *v1.CacheChains) error {
-	config, descs, err := cc.Marshal()
+func (ce *contentCacheExporter) Finalize(ctx context.Context) (map[string]string, error) {
+	res := make(map[string]string)
+	config, descs, err := ce.chains.Marshal()
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// own type because oci type can't be pushed and docker type doesn't have annotations
@@ -76,23 +85,28 @@ func export(ctx context.Context, ingester content.Ingester, cc *v1.CacheChains)
 	var mfst manifestList
 	mfst.SchemaVersion = 2
 	mfst.MediaType = images.MediaTypeDockerSchema2ManifestList
+	if ce.oci {
+		mfst.MediaType = ocispec.MediaTypeImageIndex
+	}
 
 	for _, l := range config.Layers {
 		dgstPair, ok := descs[l.Blob]
 		if !ok {
-			return errors.Errorf("missing blob %s", l.Blob)
+			return nil, errors.Errorf("missing blob %s", l.Blob)
 		}
 		layerDone := oneOffProgress(ctx, fmt.Sprintf("writing layer %s", l.Blob))
-		if err := contentutil.Copy(ctx, ingester, dgstPair.Provider, dgstPair.Descriptor); err != nil {
-			return layerDone(errors.Wrap(err, "error writing layer blob"))
+		if err := contentutil.Copy(ctx, ce.ingester, dgstPair.Provider, dgstPair.Descriptor, logs.LoggerFromContext(ctx)); err != nil {
+			return nil, layerDone(errors.Wrap(err, "error writing layer blob"))
 		}
 		layerDone(nil)
 		mfst.Manifests = append(mfst.Manifests, dgstPair.Descriptor)
 	}
 
+	mfst.Manifests = compression.ConvertAllLayerMediaTypes(ce.oci, mfst.Manifests...)
+
 	dt, err := json.Marshal(config)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	dgst := digest.FromBytes(dt)
 	desc := ocispec.Descriptor{
@@ -101,8 +115,8 @@ func export(ctx context.Context, ingester content.Ingester, cc *v1.CacheChains)
 		MediaType: v1.CacheConfigMediaTypeV0,
 	}
 	configDone := oneOffProgress(ctx, fmt.Sprintf("writing config %s", dgst))
-	if err := content.WriteBlob(ctx, ingester, dgst.String(), bytes.NewReader(dt), desc); err != nil {
-		return configDone(errors.Wrap(err, "error writing config blob"))
+	if err := content.WriteBlob(ctx, ce.ingester, dgst.String(), bytes.NewReader(dt), desc); err != nil {
+		return nil, configDone(errors.Wrap(err, "error writing config blob"))
 	}
 	configDone(nil)
 
@@ -110,7 +124,7 @@ func export(ctx context.Context, ingester content.Ingester, cc *v1.CacheChains)
 
 	dt, err = json.Marshal(mfst)
 	if err != nil {
-		return errors.Wrap(err, "failed to marshal manifest")
+		return nil, errors.Wrap(err, "failed to marshal manifest")
 	}
 	dgst = digest.FromBytes(dt)
 
@@ -120,9 +134,14 @@ func export(ctx context.Context, ingester content.Ingester, cc *v1.CacheChains)
 		MediaType: mfst.MediaType,
 	}
 	mfstDone := oneOffProgress(ctx, fmt.Sprintf("writing manifest %s", dgst))
-	if err := content.WriteBlob(ctx, ingester, dgst.String(), bytes.NewReader(dt), desc); err != nil {
-		return mfstDone(errors.Wrap(err, "error writing manifest blob"))
+	if err := content.WriteBlob(ctx, ce.ingester, dgst.String(), bytes.NewReader(dt), desc); err != nil {
+		return nil, mfstDone(errors.Wrap(err, "error writing manifest blob"))
+	}
+	descJSON, err := json.Marshal(desc)
+	if err != nil {
+		return nil, err
 	}
+	res[ExporterResponseManifestDesc] = string(descJSON)
 	mfstDone(nil)
-	return nil
+	return res, nil
 }
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/import.go b/vendor/github.com/moby/buildkit/cache/remotecache/import.go
index a76762e6fff5a..1543297299577 100644
--- a/vendor/github.com/moby/buildkit/cache/remotecache/import.go
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/import.go
@@ -4,23 +4,35 @@ import (
 	"context"
 	"encoding/json"
 	"io"
+	"sync"
+	"time"
 
 	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
 	v1 "github.com/moby/buildkit/cache/remotecache/v1"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/util/imageutil"
 	"github.com/moby/buildkit/worker"
+	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
 )
 
 // ResolveCacheImporterFunc returns importer and descriptor.
-// Currently typ needs to be an empty string.
-type ResolveCacheImporterFunc func(ctx context.Context, typ, ref string) (Importer, ocispec.Descriptor, error)
+type ResolveCacheImporterFunc func(ctx context.Context, g session.Group, attrs map[string]string) (Importer, ocispec.Descriptor, error)
 
 type Importer interface {
 	Resolve(ctx context.Context, desc ocispec.Descriptor, id string, w worker.Worker) (solver.CacheManager, error)
 }
 
+type DistributionSourceLabelSetter interface {
+	SetDistributionSourceLabel(context.Context, digest.Digest) error
+	SetDistributionSourceAnnotation(desc ocispec.Descriptor) ocispec.Descriptor
+}
+
 func NewImporter(provider content.Provider) Importer {
 	return &contentCacheImporter{provider: provider}
 }
@@ -55,8 +67,17 @@ func (ci *contentCacheImporter) Resolve(ctx context.Context, desc ocispec.Descri
 		}
 	}
 
+	if dsls, ok := ci.provider.(DistributionSourceLabelSetter); ok {
+		for dgst, l := range allLayers {
+			err := dsls.SetDistributionSourceLabel(ctx, dgst)
+			_ = err // error ignored because layer may not exist
+			l.Descriptor = dsls.SetDistributionSourceAnnotation(l.Descriptor)
+			allLayers[dgst] = l
+		}
+	}
+
 	if configDesc.Digest == "" {
-		return nil, errors.Errorf("invalid build cache from %+v", desc)
+		return ci.importInlineCache(ctx, dt, id, w)
 	}
 
 	dt, err = readBlob(ctx, ci.provider, configDesc)
@@ -94,5 +115,186 @@ func readBlob(ctx context.Context, provider content.Provider, desc ocispec.Descr
 			}
 		}
 	}
-	return dt, err
+	return dt, errors.WithStack(err)
+}
+
+func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte, id string, w worker.Worker) (solver.CacheManager, error) {
+	m := map[digest.Digest][]byte{}
+
+	if err := ci.allDistributionManifests(ctx, dt, m); err != nil {
+		return nil, err
+	}
+
+	var mu sync.Mutex
+	var cMap = map[digest.Digest]*v1.CacheChains{}
+
+	eg, ctx := errgroup.WithContext(ctx)
+	for dgst, dt := range m {
+		func(dgst digest.Digest, dt []byte) {
+			eg.Go(func() error {
+				var m ocispec.Manifest
+
+				if err := json.Unmarshal(dt, &m); err != nil {
+					return errors.WithStack(err)
+				}
+
+				if m.Config.Digest == "" || len(m.Layers) == 0 {
+					return nil
+				}
+
+				if dsls, ok := ci.provider.(DistributionSourceLabelSetter); ok {
+					for i, l := range m.Layers {
+						err := dsls.SetDistributionSourceLabel(ctx, l.Digest)
+						_ = err // error ignored because layer may not exist
+						m.Layers[i] = dsls.SetDistributionSourceAnnotation(l)
+					}
+				}
+
+				p, err := content.ReadBlob(ctx, ci.provider, m.Config)
+				if err != nil {
+					return errors.WithStack(err)
+				}
+
+				var img image
+
+				if err := json.Unmarshal(p, &img); err != nil {
+					return errors.WithStack(err)
+				}
+
+				if len(img.Rootfs.DiffIDs) != len(m.Layers) {
+					logrus.Warnf("invalid image with mismatching manifest and config")
+					return nil
+				}
+
+				if img.Cache == nil {
+					return nil
+				}
+
+				var config v1.CacheConfig
+				if err := json.Unmarshal(img.Cache, &config.Records); err != nil {
+					return errors.WithStack(err)
+				}
+
+				createdDates, createdMsg, err := parseCreatedLayerInfo(img)
+				if err != nil {
+					return err
+				}
+
+				layers := v1.DescriptorProvider{}
+				for i, m := range m.Layers {
+					if m.Annotations == nil {
+						m.Annotations = map[string]string{}
+					}
+					if createdAt := createdDates[i]; createdAt != "" {
+						m.Annotations["buildkit/createdat"] = createdAt
+					}
+					if createdBy := createdMsg[i]; createdBy != "" {
+						m.Annotations["buildkit/description"] = createdBy
+					}
+					m.Annotations["containerd.io/uncompressed"] = img.Rootfs.DiffIDs[i].String()
+					layers[m.Digest] = v1.DescriptorProviderPair{
+						Descriptor: m,
+						Provider:   ci.provider,
+					}
+					config.Layers = append(config.Layers, v1.CacheLayer{
+						Blob:        m.Digest,
+						ParentIndex: i - 1,
+					})
+				}
+
+				dt, err = json.Marshal(config)
+				if err != nil {
+					return errors.WithStack(err)
+				}
+				cc := v1.NewCacheChains()
+				if err := v1.ParseConfig(config, layers, cc); err != nil {
+					return err
+				}
+				mu.Lock()
+				cMap[dgst] = cc
+				mu.Unlock()
+				return nil
+			})
+		}(dgst, dt)
+	}
+
+	if err := eg.Wait(); err != nil {
+		return nil, err
+	}
+
+	cms := make([]solver.CacheManager, 0, len(cMap))
+
+	for _, cc := range cMap {
+		keysStorage, resultStorage, err := v1.NewCacheKeyStorage(cc, w)
+		if err != nil {
+			return nil, err
+		}
+		cms = append(cms, solver.NewCacheManager(id, keysStorage, resultStorage))
+	}
+
+	return solver.NewCombinedCacheManager(cms, nil), nil
+}
+
+func (ci *contentCacheImporter) allDistributionManifests(ctx context.Context, dt []byte, m map[digest.Digest][]byte) error {
+	mt, err := imageutil.DetectManifestBlobMediaType(dt)
+	if err != nil {
+		return err
+	}
+
+	switch mt {
+	case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
+		m[digest.FromBytes(dt)] = dt
+	case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
+		var index ocispec.Index
+		if err := json.Unmarshal(dt, &index); err != nil {
+			return errors.WithStack(err)
+		}
+
+		for _, d := range index.Manifests {
+			if _, ok := m[d.Digest]; ok {
+				continue
+			}
+			p, err := content.ReadBlob(ctx, ci.provider, d)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+			if err := ci.allDistributionManifests(ctx, p, m); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+type image struct {
+	Rootfs struct {
+		DiffIDs []digest.Digest `json:"diff_ids"`
+	} `json:"rootfs"`
+	Cache   []byte `json:"moby.buildkit.cache.v0"`
+	History []struct {
+		Created    *time.Time `json:"created,omitempty"`
+		CreatedBy  string     `json:"created_by,omitempty"`
+		EmptyLayer bool       `json:"empty_layer,omitempty"`
+	} `json:"history,omitempty"`
+}
+
+func parseCreatedLayerInfo(img image) ([]string, []string, error) {
+	dates := make([]string, 0, len(img.Rootfs.DiffIDs))
+	createdBy := make([]string, 0, len(img.Rootfs.DiffIDs))
+	for _, h := range img.History {
+		if !h.EmptyLayer {
+			str := ""
+			if h.Created != nil {
+				dt, err := h.Created.MarshalText()
+				if err != nil {
+					return nil, nil, err
+				}
+				str = string(dt)
+			}
+			dates = append(dates, str)
+			createdBy = append(createdBy, h.CreatedBy)
+		}
+	}
+	return dates, createdBy, nil
 }
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/inline/inline.go b/vendor/github.com/moby/buildkit/cache/remotecache/inline/inline.go
new file mode 100644
index 0000000000000..449c7c0fb51f9
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/inline/inline.go
@@ -0,0 +1,107 @@
+package registry
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/buildkit/cache/remotecache"
+	v1 "github.com/moby/buildkit/cache/remotecache/v1"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
+)
+
+func ResolveCacheExporterFunc() remotecache.ResolveCacheExporterFunc {
+	return func(ctx context.Context, _ session.Group, _ map[string]string) (remotecache.Exporter, error) {
+		return NewExporter(), nil
+	}
+}
+
+func NewExporter() remotecache.Exporter {
+	cc := v1.NewCacheChains()
+	return &exporter{CacheExporterTarget: cc, chains: cc}
+}
+
+type exporter struct {
+	solver.CacheExporterTarget
+	chains *v1.CacheChains
+}
+
+func (ce *exporter) Finalize(ctx context.Context) (map[string]string, error) {
+	return nil, nil
+}
+
+func (ce *exporter) reset() {
+	cc := v1.NewCacheChains()
+	ce.CacheExporterTarget = cc
+	ce.chains = cc
+}
+
+func (ce *exporter) ExportForLayers(layers []digest.Digest) ([]byte, error) {
+	config, descs, err := ce.chains.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	descs2 := map[digest.Digest]v1.DescriptorProviderPair{}
+	for _, k := range layers {
+		if v, ok := descs[k]; ok {
+			descs2[k] = v
+			continue
+		}
+		// fallback for uncompressed digests
+		for _, v := range descs {
+			if uc := v.Descriptor.Annotations["containerd.io/uncompressed"]; uc == string(k) {
+				descs2[v.Descriptor.Digest] = v
+			}
+		}
+	}
+
+	cc := v1.NewCacheChains()
+	if err := v1.ParseConfig(*config, descs2, cc); err != nil {
+		return nil, err
+	}
+
+	cfg, _, err := cc.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	if len(cfg.Layers) == 0 {
+		logrus.Warn("failed to match any cache with layers")
+		return nil, nil
+	}
+
+	cache := map[int]int{}
+
+	// reorder layers based on the order in the image
+	for i, r := range cfg.Records {
+		for j, rr := range r.Results {
+			n := getSortedLayerIndex(rr.LayerIndex, cfg.Layers, cache)
+			rr.LayerIndex = n
+			r.Results[j] = rr
+			cfg.Records[i] = r
+		}
+	}
+
+	dt, err := json.Marshal(cfg.Records)
+	if err != nil {
+		return nil, err
+	}
+	ce.reset()
+
+	return dt, nil
+}
+
+func getSortedLayerIndex(idx int, layers []v1.CacheLayer, cache map[int]int) int {
+	if idx == -1 {
+		return -1
+	}
+	l := layers[idx]
+	if i, ok := cache[idx]; ok {
+		return i
+	}
+	cache[idx] = getSortedLayerIndex(l.ParentIndex, layers, cache) + 1
+	return cache[idx]
+}
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/local/local.go b/vendor/github.com/moby/buildkit/cache/remotecache/local/local.go
new file mode 100644
index 0000000000000..2ee194afdfd0a
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/local/local.go
@@ -0,0 +1,94 @@
+package local
+
+import (
+	"context"
+	"strconv"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	"github.com/moby/buildkit/cache/remotecache"
+	"github.com/moby/buildkit/session"
+	sessioncontent "github.com/moby/buildkit/session/content"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+const (
+	attrDigest           = "digest"
+	attrSrc              = "src"
+	attrDest             = "dest"
+	attrOCIMediatypes    = "oci-mediatypes"
+	contentStoreIDPrefix = "local:"
+)
+
+// ResolveCacheExporterFunc for "local" cache exporter.
+func ResolveCacheExporterFunc(sm *session.Manager) remotecache.ResolveCacheExporterFunc {
+	return func(ctx context.Context, g session.Group, attrs map[string]string) (remotecache.Exporter, error) {
+		store := attrs[attrDest]
+		if store == "" {
+			return nil, errors.New("local cache exporter requires dest")
+		}
+		ociMediatypes := true
+		if v, ok := attrs[attrOCIMediatypes]; ok {
+			b, err := strconv.ParseBool(v)
+			if err != nil {
+				return nil, errors.Wrapf(err, "failed to parse %s", attrOCIMediatypes)
+			}
+			ociMediatypes = b
+		}
+		csID := contentStoreIDPrefix + store
+		cs, err := getContentStore(ctx, sm, g, csID)
+		if err != nil {
+			return nil, err
+		}
+		return remotecache.NewExporter(cs, ociMediatypes), nil
+	}
+}
+
+// ResolveCacheImporterFunc for "local" cache importer.
+func ResolveCacheImporterFunc(sm *session.Manager) remotecache.ResolveCacheImporterFunc {
+	return func(ctx context.Context, g session.Group, attrs map[string]string) (remotecache.Importer, specs.Descriptor, error) {
+		dgstStr := attrs[attrDigest]
+		if dgstStr == "" {
+			return nil, specs.Descriptor{}, errors.New("local cache importer requires explicit digest")
+		}
+		dgst := digest.Digest(dgstStr)
+		store := attrs[attrSrc]
+		if store == "" {
+			return nil, specs.Descriptor{}, errors.New("local cache importer requires src")
+		}
+		csID := contentStoreIDPrefix + store
+		cs, err := getContentStore(ctx, sm, g, csID)
+		if err != nil {
+			return nil, specs.Descriptor{}, err
+		}
+		info, err := cs.Info(ctx, dgst)
+		if err != nil {
+			return nil, specs.Descriptor{}, err
+		}
+		desc := specs.Descriptor{
+			// MediaType is typically MediaTypeDockerSchema2ManifestList,
+			// but we leave it empty until we get correct support for local index.json
+			Digest: dgst,
+			Size:   info.Size,
+		}
+		return remotecache.NewImporter(cs), desc, nil
+	}
+}
+
+func getContentStore(ctx context.Context, sm *session.Manager, g session.Group, storeID string) (content.Store, error) {
+	// TODO: to ensure correct session is detected, new api for finding if storeID is supported is needed
+	sessionID := g.SessionIterator().NextSession()
+	if sessionID == "" {
+		return nil, errors.New("local cache exporter/importer requires session")
+	}
+	timeoutCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	caller, err := sm.Get(timeoutCtx, sessionID, false)
+	if err != nil {
+		return nil, err
+	}
+	return sessioncontent.NewCallerStore(caller, storeID), nil
+}
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/registry/registry.go b/vendor/github.com/moby/buildkit/cache/remotecache/registry/registry.go
index fa23aa5522038..281d9fa4a3f30 100644
--- a/vendor/github.com/moby/buildkit/cache/remotecache/registry/registry.go
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/registry/registry.go
@@ -2,39 +2,67 @@ package registry
 
 import (
 	"context"
-	"time"
+	"strconv"
 
-	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/remotes/docker"
+	"github.com/docker/distribution/reference"
 	"github.com/moby/buildkit/cache/remotecache"
 	"github.com/moby/buildkit/session"
-	"github.com/moby/buildkit/session/auth"
 	"github.com/moby/buildkit/util/contentutil"
 	"github.com/moby/buildkit/util/resolver"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
-func ResolveCacheExporterFunc(sm *session.Manager, resolverOpt resolver.ResolveOptionsFunc) remotecache.ResolveCacheExporterFunc {
-	return func(ctx context.Context, typ, ref string) (remotecache.Exporter, error) {
-		if typ != "" {
-			return nil, errors.Errorf("unsupported cache exporter type: %s", typ)
+func canonicalizeRef(rawRef string) (string, error) {
+	if rawRef == "" {
+		return "", errors.New("missing ref")
+	}
+	parsed, err := reference.ParseNormalizedNamed(rawRef)
+	if err != nil {
+		return "", err
+	}
+	return reference.TagNameOnly(parsed).String(), nil
+}
+
+const (
+	attrRef           = "ref"
+	attrOCIMediatypes = "oci-mediatypes"
+)
+
+func ResolveCacheExporterFunc(sm *session.Manager, hosts docker.RegistryHosts) remotecache.ResolveCacheExporterFunc {
+	return func(ctx context.Context, g session.Group, attrs map[string]string) (remotecache.Exporter, error) {
+		ref, err := canonicalizeRef(attrs[attrRef])
+		if err != nil {
+			return nil, err
+		}
+		ociMediatypes := true
+		if v, ok := attrs[attrOCIMediatypes]; ok {
+			b, err := strconv.ParseBool(v)
+			if err != nil {
+				return nil, errors.Wrapf(err, "failed to parse %s", attrOCIMediatypes)
+			}
+			ociMediatypes = b
 		}
-		remote := newRemoteResolver(ctx, resolverOpt, sm, ref)
+		remote := resolver.DefaultPool.GetResolver(hosts, ref, "push", sm, g)
 		pusher, err := remote.Pusher(ctx, ref)
 		if err != nil {
 			return nil, err
 		}
-		return remotecache.NewExporter(contentutil.FromPusher(pusher)), nil
+		return remotecache.NewExporter(contentutil.FromPusher(pusher), ociMediatypes), nil
 	}
 }
 
-func ResolveCacheImporterFunc(sm *session.Manager, resolverOpt resolver.ResolveOptionsFunc) remotecache.ResolveCacheImporterFunc {
-	return func(ctx context.Context, typ, ref string) (remotecache.Importer, specs.Descriptor, error) {
-		if typ != "" {
-			return nil, specs.Descriptor{}, errors.Errorf("unsupported cache importer type: %s", typ)
+func ResolveCacheImporterFunc(sm *session.Manager, cs content.Store, hosts docker.RegistryHosts) remotecache.ResolveCacheImporterFunc {
+	return func(ctx context.Context, g session.Group, attrs map[string]string) (remotecache.Importer, specs.Descriptor, error) {
+		ref, err := canonicalizeRef(attrs[attrRef])
+		if err != nil {
+			return nil, specs.Descriptor{}, err
 		}
-		remote := newRemoteResolver(ctx, resolverOpt, sm, ref)
+		remote := resolver.DefaultPool.GetResolver(hosts, ref, "pull", sm, g)
 		xref, desc, err := remote.Resolve(ctx, ref)
 		if err != nil {
 			return nil, specs.Descriptor{}, err
@@ -43,30 +71,36 @@ func ResolveCacheImporterFunc(sm *session.Manager, resolverOpt resolver.ResolveO
 		if err != nil {
 			return nil, specs.Descriptor{}, err
 		}
-		return remotecache.NewImporter(contentutil.FromFetcher(fetcher)), desc, nil
+		src := &withDistributionSourceLabel{
+			Provider: contentutil.FromFetcher(fetcher),
+			ref:      ref,
+			source:   cs,
+		}
+		return remotecache.NewImporter(src), desc, nil
 	}
 }
 
-func newRemoteResolver(ctx context.Context, resolverOpt resolver.ResolveOptionsFunc, sm *session.Manager, ref string) remotes.Resolver {
-	opt := resolverOpt(ref)
-	opt.Credentials = getCredentialsFunc(ctx, sm)
-	return docker.NewResolver(opt)
+type withDistributionSourceLabel struct {
+	content.Provider
+	ref    string
+	source content.Manager
 }
 
-func getCredentialsFunc(ctx context.Context, sm *session.Manager) func(string) (string, string, error) {
-	id := session.FromContext(ctx)
-	if id == "" {
-		return nil
-	}
-	return func(host string) (string, string, error) {
-		timeoutCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-		defer cancel()
+var _ remotecache.DistributionSourceLabelSetter = &withDistributionSourceLabel{}
 
-		caller, err := sm.Get(timeoutCtx, id)
-		if err != nil {
-			return "", "", err
-		}
+func (dsl *withDistributionSourceLabel) SetDistributionSourceLabel(ctx context.Context, dgst digest.Digest) error {
+	hf, err := docker.AppendDistributionSourceLabel(dsl.source, dsl.ref)
+	if err != nil {
+		return err
+	}
+	_, err = hf(ctx, ocispec.Descriptor{Digest: dgst})
+	return err
+}
 
-		return auth.CredentialsFunc(context.TODO(), caller)(host)
+func (dsl *withDistributionSourceLabel) SetDistributionSourceAnnotation(desc ocispec.Descriptor) ocispec.Descriptor {
+	if desc.Annotations == nil {
+		desc.Annotations = map[string]string{}
 	}
+	desc.Annotations["containerd.io/distribution.source.ref"] = dsl.ref
+	return desc
 }
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go
index 27b19587c8200..dee02f4b36999 100644
--- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go
@@ -2,8 +2,10 @@ package cacheimport
 
 import (
 	"context"
+	"time"
 
 	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/worker"
 	digest "github.com/opencontainers/go-digest"
@@ -26,6 +28,7 @@ func NewCacheKeyStorage(cc *CacheChains, w worker.Worker) (solver.CacheKeyStorag
 	results := &cacheResultStorage{
 		w:        w,
 		byID:     storage.byID,
+		byItem:   storage.byItem,
 		byResult: storage.byResult,
 	}
 
@@ -154,8 +157,22 @@ func (cs *cacheKeyStorage) WalkLinks(id string, link solver.CacheInfoLink, fn fu
 	return nil
 }
 
-// TODO:
 func (cs *cacheKeyStorage) WalkBacklinks(id string, fn func(id string, link solver.CacheInfoLink) error) error {
+	for k, it := range cs.byID {
+		for nl, ids := range it.links {
+			for _, id2 := range ids {
+				if id == id2 {
+					if err := fn(k, solver.CacheInfoLink{
+						Input:    solver.Index(nl.input),
+						Selector: digest.Digest(nl.selector),
+						Digest:   nl.dgst,
+					}); err != nil {
+						return err
+					}
+				}
+			}
+		}
+	}
 	return nil
 }
 
@@ -189,28 +206,64 @@ type cacheResultStorage struct {
 	w        worker.Worker
 	byID     map[string]*itemWithOutgoingLinks
 	byResult map[string]map[string]struct{}
+	byItem   map[*item]string
 }
 
-func (cs *cacheResultStorage) Save(res solver.Result) (solver.CacheResult, error) {
+func (cs *cacheResultStorage) Save(res solver.Result, createdAt time.Time) (solver.CacheResult, error) {
 	return solver.CacheResult{}, errors.Errorf("importer is immutable")
 }
 
-func (cs *cacheResultStorage) Load(ctx context.Context, res solver.CacheResult) (solver.Result, error) {
-	remote, err := cs.LoadRemote(ctx, res)
-	if err != nil {
+func (cs *cacheResultStorage) LoadWithParents(ctx context.Context, res solver.CacheResult) (map[string]solver.Result, error) {
+	v := cs.byResultID(res.ID)
+	if v == nil || v.result == nil {
+		return nil, errors.WithStack(solver.ErrNotFound)
+	}
+
+	m := map[string]solver.Result{}
+
+	visited := make(map[*item]struct{})
+	if err := v.walkAllResults(func(i *item) error {
+		if i.result == nil {
+			return nil
+		}
+		id, ok := cs.byItem[i]
+		if !ok {
+			return nil
+		}
+		if isSubRemote(*i.result, *v.result) {
+			ref, err := cs.w.FromRemote(ctx, i.result)
+			if err != nil {
+				return err
+			}
+			m[id] = worker.NewWorkerRefResult(ref, cs.w)
+		}
+		return nil
+	}, visited); err != nil {
+		for _, v := range m {
+			v.Release(context.TODO())
+		}
 		return nil, err
 	}
 
-	ref, err := cs.w.FromRemote(ctx, remote)
+	return m, nil
+}
+
+func (cs *cacheResultStorage) Load(ctx context.Context, res solver.CacheResult) (solver.Result, error) {
+	item := cs.byResultID(res.ID)
+	if item == nil || item.result == nil {
+		return nil, errors.WithStack(solver.ErrNotFound)
+	}
+
+	ref, err := cs.w.FromRemote(ctx, item.result)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "failed to load result from remote")
 	}
 	return worker.NewWorkerRefResult(ref, cs.w), nil
 }
 
-func (cs *cacheResultStorage) LoadRemote(ctx context.Context, res solver.CacheResult) (*solver.Remote, error) {
-	if r := cs.byResultID(res.ID); r != nil {
-		return r, nil
+func (cs *cacheResultStorage) LoadRemote(ctx context.Context, res solver.CacheResult, _ session.Group) (*solver.Remote, error) {
+	if r := cs.byResultID(res.ID); r != nil && r.result != nil {
+		return r.result, nil
 	}
 	return nil, errors.WithStack(solver.ErrNotFound)
 }
@@ -219,7 +272,7 @@ func (cs *cacheResultStorage) Exists(id string) bool {
 	return cs.byResultID(id) != nil
 }
 
-func (cs *cacheResultStorage) byResultID(resultID string) *solver.Remote {
+func (cs *cacheResultStorage) byResultID(resultID string) *itemWithOutgoingLinks {
 	m, ok := cs.byResult[resultID]
 	if !ok || len(m) == 0 {
 		return nil
@@ -228,9 +281,7 @@ func (cs *cacheResultStorage) byResultID(resultID string) *solver.Remote {
 	for id := range m {
 		it, ok := cs.byID[id]
 		if ok {
-			if r := it.result; r != nil {
-				return r
-			}
+			return it
 		}
 	}
 
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/chains.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/chains.go
index 52806b9c4498d..166971de17d11 100644
--- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/chains.go
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/chains.go
@@ -1,6 +1,8 @@
 package cacheimport
 
 import (
+	"strings"
+	"sync"
 	"time"
 
 	"github.com/containerd/containerd/content"
@@ -19,7 +21,10 @@ type CacheChains struct {
 }
 
 func (c *CacheChains) Add(dgst digest.Digest) solver.CacheExporterRecord {
-	it := &item{c: c, dgst: dgst}
+	if strings.HasPrefix(dgst.String(), "random:") {
+		return &nopRecord{}
+	}
+	it := &item{c: c, dgst: dgst, backlinks: map[*item]struct{}{}}
 	c.items = append(c.items, it)
 	return it
 }
@@ -40,6 +45,19 @@ func (c *CacheChains) normalize() error {
 		byKey: map[digest.Digest]*item{},
 	}
 
+	validated := make([]*item, 0, len(c.items))
+	for _, it := range c.items {
+		it.backlinksMu.Lock()
+		it.validate()
+		it.backlinksMu.Unlock()
+	}
+	for _, it := range c.items {
+		if !it.invalid {
+			validated = append(validated, it)
+		}
+	}
+	c.items = validated
+
 	for _, it := range c.items {
 		_, err := normalizeItem(it, st)
 		if err != nil {
@@ -47,6 +65,8 @@ func (c *CacheChains) normalize() error {
 		}
 	}
 
+	st.removeLoops()
+
 	items := make([]*item, 0, len(st.byKey))
 	for _, it := range st.byKey {
 		items = append(items, it)
@@ -95,7 +115,10 @@ type item struct {
 	result     *solver.Remote
 	resultTime time.Time
 
-	links []map[link]struct{}
+	links       []map[link]struct{}
+	backlinksMu sync.Mutex
+	backlinks   map[*item]struct{}
+	invalid     bool
 }
 
 type link struct {
@@ -103,6 +126,25 @@ type link struct {
 	selector string
 }
 
+func (c *item) removeLink(src *item) bool {
+	found := false
+	for idx := range c.links {
+		for l := range c.links[idx] {
+			if l.src == src {
+				delete(c.links[idx], l)
+				found = true
+			}
+		}
+	}
+	for idx := range c.links {
+		if len(c.links[idx]) == 0 {
+			c.links = nil
+			break
+		}
+	}
+	return found
+}
+
 func (c *item) AddResult(createdAt time.Time, result *solver.Remote) {
 	c.resultTime = createdAt
 	c.result = result
@@ -122,6 +164,59 @@ func (c *item) LinkFrom(rec solver.CacheExporterRecord, index int, selector stri
 	}
 
 	c.links[index][link{src: src, selector: selector}] = struct{}{}
+	src.backlinksMu.Lock()
+	src.backlinks[c] = struct{}{}
+	src.backlinksMu.Unlock()
+}
+
+func (c *item) validate() {
+	for _, m := range c.links {
+		if len(m) == 0 {
+			c.invalid = true
+			for bl := range c.backlinks {
+				changed := false
+				for _, m := range bl.links {
+					for l := range m {
+						if l.src == c {
+							delete(m, l)
+							changed = true
+						}
+					}
+				}
+				if changed {
+					bl.validate()
+				}
+			}
+			return
+		}
+	}
+}
+
+func (c *item) walkAllResults(fn func(i *item) error, visited map[*item]struct{}) error {
+	if _, ok := visited[c]; ok {
+		return nil
+	}
+	visited[c] = struct{}{}
+	if err := fn(c); err != nil {
+		return err
+	}
+	for _, links := range c.links {
+		for l := range links {
+			if err := l.src.walkAllResults(fn, visited); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+type nopRecord struct {
+}
+
+func (c *nopRecord) AddResult(createdAt time.Time, result *solver.Remote) {
+}
+
+func (c *nopRecord) LinkFrom(rec solver.CacheExporterRecord, index int, selector string) {
 }
 
 var _ solver.CacheExporterTarget = &CacheChains{}
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/doc.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/doc.go
index 4cff811490bfb..97d21a4520681 100644
--- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/doc.go
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/doc.go
@@ -6,7 +6,7 @@ package cacheimport
 // https://github.com/opencontainers/image-spec/blob/master/image-index.md .
 // Manifests array contains descriptors to the cache layers and one instance of
 // build cache config with media type application/vnd.buildkit.cacheconfig.v0 .
-// The cache layer descripts need to have an annotation with uncompressed digest
+// The cache layer descriptors need to have an annotation with uncompressed digest
 // to allow deduplication on extraction and optionally "buildkit/createdat"
 // annotation to support maintaining original timestamps.
 //
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go
index 8aa6929ea05b7..79adf014afd86 100644
--- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go
@@ -12,9 +12,13 @@ import (
 func Parse(configJSON []byte, provider DescriptorProvider, t solver.CacheExporterTarget) error {
 	var config CacheConfig
 	if err := json.Unmarshal(configJSON, &config); err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 
+	return ParseConfig(config, provider, t)
+}
+
+func ParseConfig(config CacheConfig, provider DescriptorProvider, t solver.CacheExporterTarget) error {
 	cache := map[int]solver.CacheExporterRecord{}
 
 	for i := range config.Records {
@@ -22,7 +26,6 @@ func Parse(configJSON []byte, provider DescriptorProvider, t solver.CacheExporte
 			return err
 		}
 	}
-
 	return nil
 }
 
@@ -57,7 +60,9 @@ func parseRecord(cc CacheConfig, idx int, provider DescriptorProvider, t solver.
 		if err != nil {
 			return nil, err
 		}
-		r.AddResult(res.CreatedAt, remote)
+		if remote != nil {
+			r.AddResult(res.CreatedAt, remote)
+		}
 	}
 
 	cache[idx] = r
@@ -78,7 +83,7 @@ func getRemoteChain(layers []CacheLayer, idx int, provider DescriptorProvider, v
 
 	descPair, ok := provider[l.Blob]
 	if !ok {
-		return nil, errors.Errorf("missing blob for %s", l.Blob)
+		return nil, nil
 	}
 
 	var r *solver.Remote
@@ -88,6 +93,9 @@ func getRemoteChain(layers []CacheLayer, idx int, provider DescriptorProvider, v
 		if err != nil {
 			return nil, err
 		}
+		if r == nil {
+			return nil, nil
+		}
 		r.Descriptors = append(r.Descriptors, descPair.Descriptor)
 		mp := contentutil.NewMultiProvider(r.Provider)
 		mp.Add(descPair.Descriptor.Digest, descPair.Provider)
diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go
index 665eb330ca9d2..889064a6c1751 100644
--- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go
+++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go
@@ -4,13 +4,17 @@ import (
 	"fmt"
 	"sort"
 
-	"github.com/containerd/containerd/content"
+	"github.com/moby/buildkit/exporter/containerimage/exptypes"
 	"github.com/moby/buildkit/solver"
 	digest "github.com/opencontainers/go-digest"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
+// EmptyLayerRemovalSupported defines if implementation supports removal of empty layers. Buildkit image exporter
+// removes empty layers, but moby layerstore based implementation does not.
+var EmptyLayerRemovalSupported = true
+
 // sortConfig sorts the config structure to make sure it is deterministic
 func sortConfig(cc *CacheConfig) {
 	type indexedLayer struct {
@@ -67,8 +71,8 @@ func sortConfig(cc *CacheConfig) {
 		if ri.Digest != rj.Digest {
 			return ri.Digest < rj.Digest
 		}
-		if len(ri.Inputs) != len(ri.Inputs) {
-			return len(ri.Inputs) < len(ri.Inputs)
+		if len(ri.Inputs) != len(rj.Inputs) {
+			return len(ri.Inputs) < len(rj.Inputs)
 		}
 		for i, inputs := range ri.Inputs {
 			if len(ri.Inputs[i]) != len(rj.Inputs[i]) {
@@ -76,12 +80,16 @@ func sortConfig(cc *CacheConfig) {
 			}
 			for j := range inputs {
 				if ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector {
-					return ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector
+					return ri.Inputs[i][j].Selector < rj.Inputs[i][j].Selector
+				}
+				inputDigesti := cc.Records[ri.Inputs[i][j].LinkIndex].Digest
+				inputDigestj := cc.Records[rj.Inputs[i][j].LinkIndex].Digest
+				if inputDigesti != inputDigestj {
+					return inputDigesti < inputDigestj
 				}
-				return cc.Records[ri.Inputs[i][j].LinkIndex].Digest < cc.Records[rj.Inputs[i][j].LinkIndex].Digest
 			}
 		}
-		return ri.Digest < rj.Digest
+		return false
 	})
 	for i, l := range sortedRecords {
 		l.newIndex = i
@@ -123,6 +131,53 @@ type normalizeState struct {
 	next  int
 }
 
+func (s *normalizeState) removeLoops() {
+	roots := []digest.Digest{}
+	for dgst, it := range s.byKey {
+		if len(it.links) == 0 {
+			roots = append(roots, dgst)
+		}
+	}
+
+	visited := map[digest.Digest]struct{}{}
+
+	for _, d := range roots {
+		s.checkLoops(d, visited)
+	}
+}
+
+func (s *normalizeState) checkLoops(d digest.Digest, visited map[digest.Digest]struct{}) {
+	it, ok := s.byKey[d]
+	if !ok {
+		return
+	}
+	links, ok := s.links[it]
+	if !ok {
+		return
+	}
+	visited[d] = struct{}{}
+	defer func() {
+		delete(visited, d)
+	}()
+
+	for l, ids := range links {
+		for id := range ids {
+			if _, ok := visited[id]; ok {
+				it2, ok := s.byKey[id]
+				if !ok {
+					continue
+				}
+				if !it2.removeLink(it) {
+					logrus.Warnf("failed to remove looping cache key %s %s", d, id)
+				}
+				delete(links[l], id)
+			} else {
+				s.checkLoops(id, visited)
+			}
+		}
+	}
+}
+
 func normalizeItem(it *item, state *normalizeState) (*item, error) {
 	if it2, ok := state.added[it]; ok {
 		return it2, nil
@@ -226,10 +281,6 @@ func marshalRemote(r *solver.Remote, state *marshalState) string {
 	if len(r.Descriptors) == 0 {
 		return ""
 	}
-	type Remote struct {
-		Descriptors []ocispec.Descriptor
-		Provider    content.Provider
-	}
 	var parentID string
 	if len(r.Descriptors) > 1 {
 		r2 := &solver.Remote{
@@ -240,6 +291,10 @@ func marshalRemote(r *solver.Remote, state *marshalState) string {
 	}
 	desc := r.Descriptors[len(r.Descriptors)-1]
 
+	if desc.Digest == exptypes.EmptyGZLayer && EmptyLayerRemovalSupported {
+		return parentID
+	}
+
 	state.descriptors[desc.Digest] = DescriptorProviderPair{
 		Descriptor: desc,
 		Provider:   r.Provider,
@@ -304,3 +359,15 @@ func marshalItem(it *item, state *marshalState) error {
 	state.records = append(state.records, rec)
 	return nil
 }
+
+func isSubRemote(sub, main solver.Remote) bool {
+	if len(sub.Descriptors) > len(main.Descriptors) {
+		return false
+	}
+	for i := range sub.Descriptors {
+		if sub.Descriptors[i].Digest != main.Descriptors[i].Digest {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/moby/buildkit/cache/util/fsutil.go b/vendor/github.com/moby/buildkit/cache/util/fsutil.go
index b7aa6730d607e..b425a002a5422 100644
--- a/vendor/github.com/moby/buildkit/cache/util/fsutil.go
+++ b/vendor/github.com/moby/buildkit/cache/util/fsutil.go
@@ -8,7 +8,6 @@ import (
 	"path/filepath"
 
 	"github.com/containerd/continuity/fs"
-	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/snapshot"
 	"github.com/pkg/errors"
 	"github.com/tonistiigi/fsutil"
@@ -25,12 +24,7 @@ type FileRange struct {
 	Length int
 }
 
-func withMount(ctx context.Context, ref cache.ImmutableRef, cb func(string) error) error {
-	mount, err := ref.Mount(ctx, true)
-	if err != nil {
-		return err
-	}
-
+func withMount(ctx context.Context, mount snapshot.Mountable, cb func(string) error) error {
 	lm := snapshot.LocalMounter(mount)
 
 	root, err := lm.Mount()
@@ -55,29 +49,29 @@ func withMount(ctx context.Context, ref cache.ImmutableRef, cb func(string) erro
 	return nil
 }
 
-func ReadFile(ctx context.Context, ref cache.ImmutableRef, req ReadRequest) ([]byte, error) {
+func ReadFile(ctx context.Context, mount snapshot.Mountable, req ReadRequest) ([]byte, error) {
 	var dt []byte
 
-	err := withMount(ctx, ref, func(root string) error {
+	err := withMount(ctx, mount, func(root string) error {
 		fp, err := fs.RootPath(root, req.Filename)
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 
 		if req.Range == nil {
 			dt, err = ioutil.ReadFile(fp)
 			if err != nil {
-				return err
+				return errors.WithStack(err)
 			}
 		} else {
 			f, err := os.Open(fp)
 			if err != nil {
-				return err
+				return errors.WithStack(err)
 			}
 			dt, err = ioutil.ReadAll(io.NewSectionReader(f, int64(req.Range.Offset), int64(req.Range.Length)))
 			f.Close()
 			if err != nil {
-				return err
+				return errors.WithStack(err)
 			}
 		}
 		return nil
@@ -90,7 +84,7 @@ type ReadDirRequest struct {
 	IncludePattern string
 }
 
-func ReadDir(ctx context.Context, ref cache.ImmutableRef, req ReadDirRequest) ([]*fstypes.Stat, error) {
+func ReadDir(ctx context.Context, mount snapshot.Mountable, req ReadDirRequest) ([]*fstypes.Stat, error) {
 	var (
 		rd []*fstypes.Stat
 		wo fsutil.WalkOpt
@@ -98,10 +92,10 @@ func ReadDir(ctx context.Context, ref cache.ImmutableRef, req ReadDirRequest) ([
 	if req.IncludePattern != "" {
 		wo.IncludePatterns = append(wo.IncludePatterns, req.IncludePattern)
 	}
-	err := withMount(ctx, ref, func(root string) error {
+	err := withMount(ctx, mount, func(root string) error {
 		fp, err := fs.RootPath(root, req.Path)
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		return fsutil.Walk(ctx, fp, &wo, func(path string, info os.FileInfo, err error) error {
 			if err != nil {
@@ -123,15 +117,15 @@ func ReadDir(ctx context.Context, ref cache.ImmutableRef, req ReadDirRequest) ([
 	return rd, err
 }
 
-func StatFile(ctx context.Context, ref cache.ImmutableRef, path string) (*fstypes.Stat, error) {
+func StatFile(ctx context.Context, mount snapshot.Mountable, path string) (*fstypes.Stat, error) {
 	var st *fstypes.Stat
-	err := withMount(ctx, ref, func(root string) error {
+	err := withMount(ctx, mount, func(root string) error {
 		fp, err := fs.RootPath(root, path)
 		if err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		if st, err = fsutil.Stat(fp); err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 		return nil
 	})
diff --git a/vendor/github.com/moby/buildkit/client/build.go b/vendor/github.com/moby/buildkit/client/build.go
index f23df4450eaf2..4cb91d7aa98ab 100644
--- a/vendor/github.com/moby/buildkit/client/build.go
+++ b/vendor/github.com/moby/buildkit/client/build.go
@@ -45,11 +45,14 @@ func (c *Client) Build(ctx context.Context, opt SolveOpt, product string, buildF
 	}
 
 	cb := func(ref string, s *session.Session) error {
-		g, err := grpcclient.New(ctx, feOpts, s.ID(), product, c.gatewayClientForBuild(ref), gworkers)
+		gwClient := c.gatewayClientForBuild(ref)
+		g, err := grpcclient.New(ctx, feOpts, s.ID(), product, gwClient, gworkers)
 		if err != nil {
 			return err
 		}
 
+		gwClient.caps = g.BuildOpts().Caps
+
 		if err := g.Run(ctx, buildFunc); err != nil {
 			return errors.Wrap(err, "failed to run Build function")
 		}
@@ -59,14 +62,18 @@ func (c *Client) Build(ctx context.Context, opt SolveOpt, product string, buildF
 	return c.solve(ctx, nil, cb, opt, statusChan)
 }
 
-func (c *Client) gatewayClientForBuild(buildid string) gatewayapi.LLBBridgeClient {
+func (c *Client) gatewayClientForBuild(buildid string) *gatewayClientForBuild {
 	g := gatewayapi.NewLLBBridgeClient(c.conn)
-	return &gatewayClientForBuild{g, buildid}
+	return &gatewayClientForBuild{
+		gateway: g,
+		buildID: buildid,
+	}
 }
 
 type gatewayClientForBuild struct {
 	gateway gatewayapi.LLBBridgeClient
 	buildID string
+	caps    apicaps.CapSet
 }
 
 func (g *gatewayClientForBuild) ResolveImageConfig(ctx context.Context, in *gatewayapi.ResolveImageConfigRequest, opts ...grpc.CallOption) (*gatewayapi.ResolveImageConfigResponse, error) {
@@ -85,11 +92,17 @@ func (g *gatewayClientForBuild) ReadFile(ctx context.Context, in *gatewayapi.Rea
 }
 
 func (g *gatewayClientForBuild) ReadDir(ctx context.Context, in *gatewayapi.ReadDirRequest, opts ...grpc.CallOption) (*gatewayapi.ReadDirResponse, error) {
+	if err := g.caps.Supports(gatewayapi.CapReadDir); err != nil {
+		return nil, err
+	}
 	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
 	return g.gateway.ReadDir(ctx, in, opts...)
 }
 
 func (g *gatewayClientForBuild) StatFile(ctx context.Context, in *gatewayapi.StatFileRequest, opts ...grpc.CallOption) (*gatewayapi.StatFileResponse, error) {
+	if err := g.caps.Supports(gatewayapi.CapStatFile); err != nil {
+		return nil, err
+	}
 	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
 	return g.gateway.StatFile(ctx, in, opts...)
 }
@@ -103,3 +116,35 @@ func (g *gatewayClientForBuild) Return(ctx context.Context, in *gatewayapi.Retur
 	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
 	return g.gateway.Return(ctx, in, opts...)
 }
+
+func (g *gatewayClientForBuild) Inputs(ctx context.Context, in *gatewayapi.InputsRequest, opts ...grpc.CallOption) (*gatewayapi.InputsResponse, error) {
+	if err := g.caps.Supports(gatewayapi.CapFrontendInputs); err != nil {
+		return nil, err
+	}
+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
+	return g.gateway.Inputs(ctx, in, opts...)
+}
+
+func (g *gatewayClientForBuild) NewContainer(ctx context.Context, in *gatewayapi.NewContainerRequest, opts ...grpc.CallOption) (*gatewayapi.NewContainerResponse, error) {
+	if err := g.caps.Supports(gatewayapi.CapGatewayExec); err != nil {
+		return nil, err
+	}
+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
+	return g.gateway.NewContainer(ctx, in, opts...)
+}
+
+func (g *gatewayClientForBuild) ReleaseContainer(ctx context.Context, in *gatewayapi.ReleaseContainerRequest, opts ...grpc.CallOption) (*gatewayapi.ReleaseContainerResponse, error) {
+	if err := g.caps.Supports(gatewayapi.CapGatewayExec); err != nil {
+		return nil, err
+	}
+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
+	return g.gateway.ReleaseContainer(ctx, in, opts...)
+}
+
+func (g *gatewayClientForBuild) ExecProcess(ctx context.Context, opts ...grpc.CallOption) (gatewayapi.LLBBridge_ExecProcessClient, error) {
+	if err := g.caps.Supports(gatewayapi.CapGatewayExec); err != nil {
+		return nil, err
+	}
+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
+	return g.gateway.ExecProcess(ctx, opts...)
+}
diff --git a/vendor/github.com/moby/buildkit/client/client.go b/vendor/github.com/moby/buildkit/client/client.go
index 6126acdc1b36e..38429ff5bbb1b 100644
--- a/vendor/github.com/moby/buildkit/client/client.go
+++ b/vendor/github.com/moby/buildkit/client/client.go
@@ -5,10 +5,18 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"io/ioutil"
+	"net"
+	"net/url"
 
+	"github.com/containerd/containerd/defaults"
+	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc"
 	controlapi "github.com/moby/buildkit/api/services/control"
+	"github.com/moby/buildkit/client/connhelper"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/grpchijack"
 	"github.com/moby/buildkit/util/appdefaults"
+	"github.com/moby/buildkit/util/grpcerrors"
 	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/pkg/errors"
 	"google.golang.org/grpc"
@@ -24,9 +32,15 @@ type ClientOpt interface{}
 // New returns a new buildkit client. Address can be empty for the system-default address.
 func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error) {
 	gopts := []grpc.DialOption{
-		grpc.WithDialer(dialer),
+		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(defaults.DefaultMaxRecvMsgSize)),
+		grpc.WithDefaultCallOptions(grpc.MaxCallSendMsgSize(defaults.DefaultMaxSendMsgSize)),
 	}
+	needDialer := true
 	needWithInsecure := true
+
+	var unary []grpc.UnaryClientInterceptor
+	var stream []grpc.StreamClientInterceptor
+
 	for _, o := range opts {
 		if _, ok := o.(*withFailFast); ok {
 			gopts = append(gopts, grpc.FailOnNonTempDialError(true))
@@ -40,17 +54,52 @@ func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error
 			needWithInsecure = false
 		}
 		if wt, ok := o.(*withTracer); ok {
-			gopts = append(gopts,
-				grpc.WithUnaryInterceptor(otgrpc.OpenTracingClientInterceptor(wt.tracer, otgrpc.LogPayloads())),
-				grpc.WithStreamInterceptor(otgrpc.OpenTracingStreamClientInterceptor(wt.tracer)))
+			unary = append(unary, otgrpc.OpenTracingClientInterceptor(wt.tracer, otgrpc.LogPayloads()))
+			stream = append(stream, otgrpc.OpenTracingStreamClientInterceptor(wt.tracer))
+		}
+		if wd, ok := o.(*withDialer); ok {
+			gopts = append(gopts, grpc.WithContextDialer(wd.dialer))
+			needDialer = false
 		}
 	}
+	if needDialer {
+		dialFn, err := resolveDialer(address)
+		if err != nil {
+			return nil, err
+		}
+		gopts = append(gopts, grpc.WithContextDialer(dialFn))
+	}
 	if needWithInsecure {
 		gopts = append(gopts, grpc.WithInsecure())
 	}
 	if address == "" {
 		address = appdefaults.Address
 	}
+
+	// grpc-go uses a slightly different naming scheme: https://github.com/grpc/grpc/blob/master/doc/naming.md
+	// This will end up setting rfc non-complient :authority header to address string (e.g. tcp://127.0.0.1:1234).
+	// So, here sets right authority header via WithAuthority DialOption.
+	addressURL, err := url.Parse(address)
+	if err != nil {
+		return nil, err
+	}
+	gopts = append(gopts, grpc.WithAuthority(addressURL.Host))
+
+	unary = append(unary, grpcerrors.UnaryClientInterceptor)
+	stream = append(stream, grpcerrors.StreamClientInterceptor)
+
+	if len(unary) == 1 {
+		gopts = append(gopts, grpc.WithUnaryInterceptor(unary[0]))
+	} else if len(unary) > 1 {
+		gopts = append(gopts, grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(unary...)))
+	}
+
+	if len(stream) == 1 {
+		gopts = append(gopts, grpc.WithStreamInterceptor(stream[0]))
+	} else if len(stream) > 1 {
+		gopts = append(gopts, grpc.WithStreamInterceptor(grpc_middleware.ChainStreamClient(stream...)))
+	}
+
 	conn, err := grpc.DialContext(ctx, address, gopts...)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to dial %q . make sure buildkitd is running", address)
@@ -65,6 +114,10 @@ func (c *Client) controlClient() controlapi.ControlClient {
 	return controlapi.NewControlClient(c.conn)
 }
 
+func (c *Client) Dialer() session.Dialer {
+	return grpchijack.Dialer(c.controlClient())
+}
+
 func (c *Client) Close() error {
 	return c.conn.Close()
 }
@@ -75,6 +128,14 @@ func WithFailFast() ClientOpt {
 	return &withFailFast{}
 }
 
+type withDialer struct {
+	dialer func(context.Context, string) (net.Conn, error)
+}
+
+func WithContextDialer(df func(context.Context, string) (net.Conn, error)) ClientOpt {
+	return &withDialer{dialer: df}
+}
+
 type withCredentials struct {
 	ServerName string
 	CACert     string
@@ -128,3 +189,15 @@ func WithTracer(t opentracing.Tracer) ClientOpt {
 type withTracer struct {
 	tracer opentracing.Tracer
 }
+
+func resolveDialer(address string) (func(context.Context, string) (net.Conn, error), error) {
+	ch, err := connhelper.GetConnectionHelper(address)
+	if err != nil {
+		return nil, err
+	}
+	if ch != nil {
+		return ch.ContextDialer, nil
+	}
+	// basic dialer
+	return dialer, nil
+}
diff --git a/vendor/github.com/moby/buildkit/client/client_unix.go b/vendor/github.com/moby/buildkit/client/client_unix.go
index 93afb956f1b0c..888a8173ad06a 100644
--- a/vendor/github.com/moby/buildkit/client/client_unix.go
+++ b/vendor/github.com/moby/buildkit/client/client_unix.go
@@ -3,17 +3,18 @@
 package client
 
 import (
+	"context"
 	"net"
 	"strings"
-	"time"
 
 	"github.com/pkg/errors"
 )
 
-func dialer(address string, timeout time.Duration) (net.Conn, error) {
+func dialer(ctx context.Context, address string) (net.Conn, error) {
 	addrParts := strings.SplitN(address, "://", 2)
 	if len(addrParts) != 2 {
 		return nil, errors.Errorf("invalid address %s", address)
 	}
-	return net.DialTimeout(addrParts[0], addrParts[1], timeout)
+	var d net.Dialer
+	return d.DialContext(ctx, addrParts[0], addrParts[1])
 }
diff --git a/vendor/github.com/moby/buildkit/client/client_windows.go b/vendor/github.com/moby/buildkit/client/client_windows.go
index 75905f520b188..a9eb87f2483fa 100644
--- a/vendor/github.com/moby/buildkit/client/client_windows.go
+++ b/vendor/github.com/moby/buildkit/client/client_windows.go
@@ -1,24 +1,25 @@
 package client
 
 import (
+	"context"
 	"net"
 	"strings"
-	"time"
 
-	"github.com/Microsoft/go-winio"
+	winio "github.com/Microsoft/go-winio"
 	"github.com/pkg/errors"
 )
 
-func dialer(address string, timeout time.Duration) (net.Conn, error) {
+func dialer(ctx context.Context, address string) (net.Conn, error) {
 	addrParts := strings.SplitN(address, "://", 2)
 	if len(addrParts) != 2 {
 		return nil, errors.Errorf("invalid address %s", address)
 	}
 	switch addrParts[0] {
 	case "npipe":
-		address = strings.Replace(addrParts[1], "/", "\\", 0)
-		return winio.DialPipe(address, &timeout)
+		address = strings.Replace(addrParts[1], "/", "\\", -1)
+		return winio.DialPipeContext(ctx, address)
 	default:
-		return net.DialTimeout(addrParts[0], addrParts[1], timeout)
+		var d net.Dialer
+		return d.DialContext(ctx, addrParts[0], addrParts[1])
 	}
 }
diff --git a/vendor/github.com/moby/buildkit/client/connhelper/connhelper.go b/vendor/github.com/moby/buildkit/client/connhelper/connhelper.go
new file mode 100644
index 0000000000000..211df28e978a3
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/client/connhelper/connhelper.go
@@ -0,0 +1,38 @@
+// Package connhelper provides helpers for connecting to a remote daemon host
+// with custom logic.
+package connhelper
+
+import (
+	"context"
+	"net"
+	"net/url"
+)
+
+var helpers = map[string]func(*url.URL) (*ConnectionHelper, error){}
+
+// ConnectionHelper allows to connect to a remote host with custom stream provider binary.
+type ConnectionHelper struct {
+	// ContextDialer can be passed to grpc.WithContextDialer
+	ContextDialer func(ctx context.Context, addr string) (net.Conn, error)
+}
+
+// GetConnectionHelper returns BuildKit-specific connection helper for the given URL.
+// GetConnectionHelper returns nil without error when no helper is registered for the scheme.
+func GetConnectionHelper(daemonURL string) (*ConnectionHelper, error) {
+	u, err := url.Parse(daemonURL)
+	if err != nil {
+		return nil, err
+	}
+
+	fn, ok := helpers[u.Scheme]
+	if !ok {
+		return nil, nil
+	}
+
+	return fn(u)
+}
+
+// Register registers new connectionhelper for scheme
+func Register(scheme string, fn func(*url.URL) (*ConnectionHelper, error)) {
+	helpers[scheme] = fn
+}
diff --git a/vendor/github.com/moby/buildkit/client/exporters.go b/vendor/github.com/moby/buildkit/client/exporters.go
index 4160d92a73f39..0f70d59c8726e 100644
--- a/vendor/github.com/moby/buildkit/client/exporters.go
+++ b/vendor/github.com/moby/buildkit/client/exporters.go
@@ -3,6 +3,7 @@ package client
 const (
 	ExporterImage  = "image"
 	ExporterLocal  = "local"
+	ExporterTar    = "tar"
 	ExporterOCI    = "oci"
 	ExporterDocker = "docker"
 )
diff --git a/vendor/github.com/moby/buildkit/client/graph.go b/vendor/github.com/moby/buildkit/client/graph.go
index 141a393cf9f75..bcfa8b839fba7 100644
--- a/vendor/github.com/moby/buildkit/client/graph.go
+++ b/vendor/github.com/moby/buildkit/client/graph.go
@@ -41,5 +41,6 @@ type SolveStatus struct {
 }
 
 type SolveResponse struct {
+	// ExporterResponse is also used for CacheExporter
 	ExporterResponse map[string]string
 }
diff --git a/vendor/github.com/moby/buildkit/client/llb/async.go b/vendor/github.com/moby/buildkit/client/llb/async.go
new file mode 100644
index 0000000000000..48216e98957fa
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/client/llb/async.go
@@ -0,0 +1,98 @@
+package llb
+
+import (
+	"context"
+
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/flightcontrol"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+)
+
+type asyncState struct {
+	f      func(context.Context, State) (State, error)
+	prev   State
+	target State
+	set    bool
+	err    error
+	g      flightcontrol.Group
+}
+
+func (as *asyncState) Output() Output {
+	return as
+}
+
+func (as *asyncState) Vertex(ctx context.Context) Vertex {
+	err := as.Do(ctx)
+	if err != nil {
+		return &errVertex{err}
+	}
+	if as.set {
+		out := as.target.Output()
+		if out == nil {
+			return nil
+		}
+		return out.Vertex(ctx)
+	}
+	return nil
+}
+
+func (as *asyncState) ToInput(ctx context.Context, c *Constraints) (*pb.Input, error) {
+	err := as.Do(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if as.set {
+		out := as.target.Output()
+		if out == nil {
+			return nil, nil
+		}
+		return out.ToInput(ctx, c)
+	}
+	return nil, nil
+}
+
+func (as *asyncState) Do(ctx context.Context) error {
+	_, err := as.g.Do(ctx, "", func(ctx context.Context) (interface{}, error) {
+		if as.set {
+			return as.target, as.err
+		}
+		res, err := as.f(ctx, as.prev)
+		if err != nil {
+			select {
+			case <-ctx.Done():
+				if errors.Is(err, ctx.Err()) {
+					return res, err
+				}
+			default:
+			}
+		}
+		as.target = res
+		as.err = err
+		as.set = true
+		return res, err
+	})
+	if err != nil {
+		return err
+	}
+	return as.err
+}
+
+type errVertex struct {
+	err error
+}
+
+func (v *errVertex) Validate(context.Context) error {
+	return v.err
+}
+func (v *errVertex) Marshal(context.Context, *Constraints) (digest.Digest, []byte, *pb.OpMetadata, []*SourceLocation, error) {
+	return "", nil, nil, nil, v.err
+}
+func (v *errVertex) Output() Output {
+	return nil
+}
+func (v *errVertex) Inputs() []Output {
+	return nil
+}
+
+var _ Vertex = &errVertex{}
diff --git a/vendor/github.com/moby/buildkit/client/llb/definition.go b/vendor/github.com/moby/buildkit/client/llb/definition.go
new file mode 100644
index 0000000000000..99af7c6879656
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/client/llb/definition.go
@@ -0,0 +1,227 @@
+package llb
+
+import (
+	"context"
+	"sync"
+
+	"github.com/moby/buildkit/solver/pb"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+// DefinitionOp implements llb.Vertex using a marshalled definition.
+//
+// For example, after marshalling a LLB state and sending over the wire, the
+// LLB state can be reconstructed from the definition.
+type DefinitionOp struct {
+	MarshalCache
+	mu         sync.Mutex
+	ops        map[digest.Digest]*pb.Op
+	defs       map[digest.Digest][]byte
+	metas      map[digest.Digest]pb.OpMetadata
+	sources    map[digest.Digest][]*SourceLocation
+	platforms  map[digest.Digest]*specs.Platform
+	dgst       digest.Digest
+	index      pb.OutputIndex
+	inputCache map[digest.Digest][]*DefinitionOp
+}
+
+// NewDefinitionOp returns a new operation from a marshalled definition.
+func NewDefinitionOp(def *pb.Definition) (*DefinitionOp, error) {
+	ops := make(map[digest.Digest]*pb.Op)
+	defs := make(map[digest.Digest][]byte)
+	platforms := make(map[digest.Digest]*specs.Platform)
+
+	var dgst digest.Digest
+	for _, dt := range def.Def {
+		var op pb.Op
+		if err := (&op).Unmarshal(dt); err != nil {
+			return nil, errors.Wrap(err, "failed to parse llb proto op")
+		}
+		dgst = digest.FromBytes(dt)
+		ops[dgst] = &op
+		defs[dgst] = dt
+
+		var platform *specs.Platform
+		if op.Platform != nil {
+			spec := op.Platform.Spec()
+			platform = &spec
+		}
+		platforms[dgst] = platform
+	}
+
+	srcs := map[digest.Digest][]*SourceLocation{}
+
+	if def.Source != nil {
+		sourceMaps := make([]*SourceMap, len(def.Source.Infos))
+		for i, info := range def.Source.Infos {
+			var st *State
+			sdef := info.Definition
+			if sdef != nil {
+				op, err := NewDefinitionOp(sdef)
+				if err != nil {
+					return nil, err
+				}
+				state := NewState(op)
+				st = &state
+			}
+			sourceMaps[i] = NewSourceMap(st, info.Filename, info.Data)
+		}
+
+		for dgst, locs := range def.Source.Locations {
+			for _, loc := range locs.Locations {
+				if loc.SourceIndex < 0 || int(loc.SourceIndex) >= len(sourceMaps) {
+					return nil, errors.Errorf("failed to find source map with index %d", loc.SourceIndex)
+				}
+
+				srcs[digest.Digest(dgst)] = append(srcs[digest.Digest(dgst)], &SourceLocation{
+					SourceMap: sourceMaps[int(loc.SourceIndex)],
+					Ranges:    loc.Ranges,
+				})
+			}
+		}
+	}
+
+	var index pb.OutputIndex
+	if dgst != "" {
+		index = ops[dgst].Inputs[0].Index
+		dgst = ops[dgst].Inputs[0].Digest
+	}
+
+	return &DefinitionOp{
+		ops:        ops,
+		defs:       defs,
+		metas:      def.Metadata,
+		sources:    srcs,
+		platforms:  platforms,
+		dgst:       dgst,
+		index:      index,
+		inputCache: make(map[digest.Digest][]*DefinitionOp),
+	}, nil
+}
+
+func (d *DefinitionOp) ToInput(ctx context.Context, c *Constraints) (*pb.Input, error) {
+	return d.Output().ToInput(ctx, c)
+}
+
+func (d *DefinitionOp) Vertex(context.Context) Vertex {
+	return d
+}
+
+func (d *DefinitionOp) Validate(context.Context) error {
+	// Scratch state has no digest, ops or metas.
+	if d.dgst == "" {
+		return nil
+	}
+
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	if len(d.ops) == 0 || len(d.defs) == 0 || len(d.metas) == 0 {
+		return errors.Errorf("invalid definition op with no ops %d %d", len(d.ops), len(d.metas))
+	}
+
+	_, ok := d.ops[d.dgst]
+	if !ok {
+		return errors.Errorf("invalid definition op with unknown op %q", d.dgst)
+	}
+
+	_, ok = d.defs[d.dgst]
+	if !ok {
+		return errors.Errorf("invalid definition op with unknown def %q", d.dgst)
+	}
+
+	_, ok = d.metas[d.dgst]
+	if !ok {
+		return errors.Errorf("invalid definition op with unknown metas %q", d.dgst)
+	}
+
+	// It is possible for d.index >= len(d.ops[d.dgst]) when depending on scratch
+	// images.
+	if d.index < 0 {
+		return errors.Errorf("invalid definition op with invalid index")
+	}
+
+	return nil
+}
+
+func (d *DefinitionOp) Marshal(ctx context.Context, c *Constraints) (digest.Digest, []byte, *pb.OpMetadata, []*SourceLocation, error) {
+	if d.dgst == "" {
+		return "", nil, nil, nil, errors.Errorf("cannot marshal empty definition op")
+	}
+
+	if err := d.Validate(ctx); err != nil {
+		return "", nil, nil, nil, err
+	}
+
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	meta := d.metas[d.dgst]
+	return d.dgst, d.defs[d.dgst], &meta, d.sources[d.dgst], nil
+
+}
+
+func (d *DefinitionOp) Output() Output {
+	if d.dgst == "" {
+		return nil
+	}
+
+	d.mu.Lock()
+	platform := d.platforms[d.dgst]
+	d.mu.Unlock()
+
+	return &output{vertex: d, platform: platform, getIndex: func() (pb.OutputIndex, error) {
+		return d.index, nil
+	}}
+}
+
+func (d *DefinitionOp) Inputs() []Output {
+	if d.dgst == "" {
+		return nil
+	}
+
+	var inputs []Output
+
+	d.mu.Lock()
+	op := d.ops[d.dgst]
+	platform := d.platforms[d.dgst]
+	d.mu.Unlock()
+
+	for _, input := range op.Inputs {
+		var vtx *DefinitionOp
+		d.mu.Lock()
+		if existingIndexes, ok := d.inputCache[input.Digest]; ok {
+			if int(input.Index) < len(existingIndexes) && existingIndexes[input.Index] != nil {
+				vtx = existingIndexes[input.Index]
+			}
+		}
+		if vtx == nil {
+			vtx = &DefinitionOp{
+				ops:        d.ops,
+				defs:       d.defs,
+				metas:      d.metas,
+				platforms:  d.platforms,
+				dgst:       input.Digest,
+				index:      input.Index,
+				inputCache: d.inputCache,
+			}
+			existingIndexes := d.inputCache[input.Digest]
+			indexDiff := int(input.Index) - len(existingIndexes)
+			if indexDiff >= 0 {
+				// make room in the slice for the new index being set
+				existingIndexes = append(existingIndexes, make([]*DefinitionOp, indexDiff+1)...)
+			}
+			existingIndexes[input.Index] = vtx
+			d.inputCache[input.Digest] = existingIndexes
+		}
+		d.mu.Unlock()
+
+		inputs = append(inputs, &output{vertex: vtx, platform: platform, getIndex: func() (pb.OutputIndex, error) {
+			return pb.OutputIndex(vtx.index), nil
+		}})
+	}
+
+	return inputs
+}
diff --git a/vendor/github.com/moby/buildkit/client/llb/exec.go b/vendor/github.com/moby/buildkit/client/llb/exec.go
index 8233b076e78fc..54182e3ff83e7 100644
--- a/vendor/github.com/moby/buildkit/client/llb/exec.go
+++ b/vendor/github.com/moby/buildkit/client/llb/exec.go
@@ -1,7 +1,8 @@
 package llb
 
 import (
-	_ "crypto/sha256"
+	"context"
+	_ "crypto/sha256" // for opencontainers/go-digest
 	"fmt"
 	"net"
 	"sort"
@@ -12,18 +13,9 @@ import (
 	"github.com/pkg/errors"
 )
 
-type Meta struct {
-	Args       []string
-	Env        EnvList
-	Cwd        string
-	User       string
-	ProxyEnv   *ProxyEnv
-	ExtraHosts []HostIP
-	Network    pb.NetMode
-}
-
-func NewExecOp(root Output, meta Meta, readOnly bool, c Constraints) *ExecOp {
-	e := &ExecOp{meta: meta, constraints: c}
+func NewExecOp(base State, proxyEnv *ProxyEnv, readOnly bool, c Constraints) *ExecOp {
+	e := &ExecOp{base: base, constraints: c, proxyEnv: proxyEnv}
+	root := base.Output()
 	rootMount := &mount{
 		target:   pb.RootMount,
 		source:   root,
@@ -52,14 +44,15 @@ type mount struct {
 	cacheID      string
 	tmpfs        bool
 	cacheSharing CacheMountSharingMode
-	// hasOutput bool
+	noOutput     bool
 }
 
 type ExecOp struct {
 	MarshalCache
+	proxyEnv    *ProxyEnv
 	root        Output
 	mounts      []*mount
-	meta        Meta
+	base        State
 	constraints Constraints
 	isValidated bool
 	secrets     []SecretInfo
@@ -79,6 +72,8 @@ func (e *ExecOp) AddMount(target string, source Output, opt ...MountOption) Outp
 		m.output = source
 	} else if m.tmpfs {
 		m.output = &output{vertex: e, err: errors.Errorf("tmpfs mount for %s can't be used as a parent", target)}
+	} else if m.noOutput {
+		m.output = &output{vertex: e, err: errors.Errorf("mount marked no-output and %s can't be used as a parent", target)}
 	} else {
 		o := &output{vertex: e, getIndex: e.getMountIndexFn(m)}
 		if p := e.constraints.Platform; p != nil {
@@ -86,7 +81,7 @@ func (e *ExecOp) AddMount(target string, source Output, opt ...MountOption) Outp
 		}
 		m.output = o
 	}
-	e.Store(nil, nil, nil)
+	e.Store(nil, nil, nil, nil)
 	e.isValidated = false
 	return m.output
 }
@@ -100,19 +95,27 @@ func (e *ExecOp) GetMount(target string) Output {
 	return nil
 }
 
-func (e *ExecOp) Validate() error {
+func (e *ExecOp) Validate(ctx context.Context) error {
 	if e.isValidated {
 		return nil
 	}
-	if len(e.meta.Args) == 0 {
+	args, err := getArgs(e.base)(ctx)
+	if err != nil {
+		return err
+	}
+	if len(args) == 0 {
 		return errors.Errorf("arguments are required")
 	}
-	if e.meta.Cwd == "" {
+	cwd, err := getDir(e.base)(ctx)
+	if err != nil {
+		return err
+	}
+	if cwd == "" {
 		return errors.Errorf("working directory is required")
 	}
 	for _, m := range e.mounts {
 		if m.source != nil {
-			if err := m.source.Vertex().Validate(); err != nil {
+			if err := m.source.Vertex(ctx).Validate(ctx); err != nil {
 				return err
 			}
 		}
@@ -121,64 +124,116 @@ func (e *ExecOp) Validate() error {
 	return nil
 }
 
-func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata, error) {
+func (e *ExecOp) Marshal(ctx context.Context, c *Constraints) (digest.Digest, []byte, *pb.OpMetadata, []*SourceLocation, error) {
 	if e.Cached(c) {
 		return e.Load()
 	}
-	if err := e.Validate(); err != nil {
-		return "", nil, nil, err
+	if err := e.Validate(ctx); err != nil {
+		return "", nil, nil, nil, err
 	}
 	// make sure mounts are sorted
 	sort.Slice(e.mounts, func(i, j int) bool {
 		return e.mounts[i].target < e.mounts[j].target
 	})
 
+	env, err := getEnv(e.base)(ctx)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+
 	if len(e.ssh) > 0 {
 		for i, s := range e.ssh {
 			if s.Target == "" {
 				e.ssh[i].Target = fmt.Sprintf("/run/buildkit/ssh_agent.%d", i)
 			}
 		}
-		if _, ok := e.meta.Env.Get("SSH_AUTH_SOCK"); !ok {
-			e.meta.Env = e.meta.Env.AddOrReplace("SSH_AUTH_SOCK", e.ssh[0].Target)
+		if _, ok := env.Get("SSH_AUTH_SOCK"); !ok {
+			env = env.AddOrReplace("SSH_AUTH_SOCK", e.ssh[0].Target)
 		}
 	}
 	if c.Caps != nil {
 		if err := c.Caps.Supports(pb.CapExecMetaSetsDefaultPath); err != nil {
-			e.meta.Env = e.meta.Env.SetDefault("PATH", system.DefaultPathEnv)
+			os := "linux"
+			if c.Platform != nil {
+				os = c.Platform.OS
+			} else if e.constraints.Platform != nil {
+				os = e.constraints.Platform.OS
+			}
+			env = env.SetDefault("PATH", system.DefaultPathEnv(os))
 		} else {
 			addCap(&e.constraints, pb.CapExecMetaSetsDefaultPath)
 		}
 	}
 
+	args, err := getArgs(e.base)(ctx)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+
+	cwd, err := getDir(e.base)(ctx)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+
+	user, err := getUser(e.base)(ctx)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+
+	hostname, err := getHostname(e.base)(ctx)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+
 	meta := &pb.Meta{
-		Args: e.meta.Args,
-		Env:  e.meta.Env.ToArray(),
-		Cwd:  e.meta.Cwd,
-		User: e.meta.User,
-	}
-	if len(e.meta.ExtraHosts) > 0 {
-		hosts := make([]*pb.HostIP, len(e.meta.ExtraHosts))
-		for i, h := range e.meta.ExtraHosts {
+		Args:     args,
+		Env:      env.ToArray(),
+		Cwd:      cwd,
+		User:     user,
+		Hostname: hostname,
+	}
+	extraHosts, err := getExtraHosts(e.base)(ctx)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+	if len(extraHosts) > 0 {
+		hosts := make([]*pb.HostIP, len(extraHosts))
+		for i, h := range extraHosts {
 			hosts[i] = &pb.HostIP{Host: h.Host, IP: h.IP.String()}
 		}
 		meta.ExtraHosts = hosts
 	}
 
+	network, err := getNetwork(e.base)(ctx)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+
+	security, err := getSecurity(e.base)(ctx)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+
 	peo := &pb.ExecOp{
-		Meta:    meta,
-		Network: e.meta.Network,
+		Meta:     meta,
+		Network:  network,
+		Security: security,
 	}
-	if e.meta.Network != NetModeSandbox {
+	if network != NetModeSandbox {
 		addCap(&e.constraints, pb.CapExecMetaNetwork)
 	}
 
-	if p := e.meta.ProxyEnv; p != nil {
+	if security != SecurityModeSandbox {
+		addCap(&e.constraints, pb.CapExecMetaSecurity)
+	}
+
+	if p := e.proxyEnv; p != nil {
 		peo.Meta.ProxyEnv = &pb.ProxyEnv{
-			HttpProxy:  p.HttpProxy,
-			HttpsProxy: p.HttpsProxy,
-			FtpProxy:   p.FtpProxy,
+			HttpProxy:  p.HTTPProxy,
+			HttpsProxy: p.HTTPSProxy,
+			FtpProxy:   p.FTPProxy,
 			NoProxy:    p.NoProxy,
+			AllProxy:   p.AllProxy,
 		}
 		addCap(&e.constraints, pb.CapExecMetaProxy)
 	}
@@ -207,6 +262,14 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,
 		addCap(&e.constraints, pb.CapExecMountSSH)
 	}
 
+	if e.constraints.Platform == nil {
+		p, err := getPlatform(e.base)(ctx)
+		if err != nil {
+			return "", nil, nil, nil, err
+		}
+		e.constraints.Platform = p
+	}
+
 	pop, md := MarshalConstraints(c, &e.constraints)
 	pop.Op = &pb.Op_Exec{
 		Exec: peo,
@@ -217,11 +280,11 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,
 		inputIndex := pb.InputIndex(len(pop.Inputs))
 		if m.source != nil {
 			if m.tmpfs {
-				return "", nil, nil, errors.Errorf("tmpfs mounts must use scratch")
+				return "", nil, nil, nil, errors.Errorf("tmpfs mounts must use scratch")
 			}
-			inp, err := m.source.ToInput(c)
+			inp, err := m.source.ToInput(ctx, c)
 			if err != nil {
-				return "", nil, nil, err
+				return "", nil, nil, nil, err
 			}
 
 			newInput := true
@@ -242,7 +305,7 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,
 		}
 
 		outputIndex := pb.OutputIndex(-1)
-		if !m.readonly && m.cacheID == "" && !m.tmpfs {
+		if !m.noOutput && !m.readonly && m.cacheID == "" && !m.tmpfs {
 			outputIndex = pb.OutputIndex(outIndex)
 			outIndex++
 		}
@@ -306,9 +369,9 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,
 
 	dt, err := pop.Marshal()
 	if err != nil {
-		return "", nil, nil, err
+		return "", nil, nil, nil, err
 	}
-	e.Store(dt, md, c)
+	e.Store(dt, md, e.constraints.SourceLocations, c)
 	return e.Load()
 }
 
@@ -338,7 +401,7 @@ func (e *ExecOp) getMountIndexFn(m *mount) func() (pb.OutputIndex, error) {
 
 		i := 0
 		for _, m2 := range e.mounts {
-			if m2.readonly || m2.cacheID != "" {
+			if m2.noOutput || m2.readonly || m2.tmpfs || m2.cacheID != "" {
 				continue
 			}
 			if m == m2 {
@@ -379,6 +442,10 @@ func SourcePath(src string) MountOption {
 	}
 }
 
+func ForceNoOutput(m *mount) {
+	m.noOutput = true
+}
+
 func AsPersistentCacheDir(id string, sharing CacheMountSharingMode) MountOption {
 	return func(m *mount) {
 		m.cacheID = id
@@ -402,18 +469,20 @@ func (fn runOptionFunc) SetRunOption(ei *ExecInfo) {
 	fn(ei)
 }
 
-func Network(n pb.NetMode) RunOption {
-	return runOptionFunc(func(ei *ExecInfo) {
-		ei.State = network(n)(ei.State)
-	})
+func (fn StateOption) SetRunOption(ei *ExecInfo) {
+	ei.State = ei.State.With(fn)
 }
 
+var _ RunOption = StateOption(func(_ State) State { return State{} })
+
 func Shlex(str string) RunOption {
-	return Shlexf(str)
+	return runOptionFunc(func(ei *ExecInfo) {
+		ei.State = shlexf(str, false)(ei.State)
+	})
 }
 func Shlexf(str string, v ...interface{}) RunOption {
 	return runOptionFunc(func(ei *ExecInfo) {
-		ei.State = shlexf(str, v...)(ei.State)
+		ei.State = shlexf(str, true, v...)(ei.State)
 	})
 }
 
@@ -423,43 +492,12 @@ func Args(a []string) RunOption {
 	})
 }
 
-func AddEnv(key, value string) RunOption {
-	return AddEnvf(key, value)
-}
-
-func AddEnvf(key, value string, v ...interface{}) RunOption {
-	return runOptionFunc(func(ei *ExecInfo) {
-		ei.State = ei.State.AddEnvf(key, value, v...)
-	})
-}
-
-func User(str string) RunOption {
-	return runOptionFunc(func(ei *ExecInfo) {
-		ei.State = ei.State.User(str)
-	})
-}
-
-func Dir(str string) RunOption {
-	return Dirf(str)
-}
-func Dirf(str string, v ...interface{}) RunOption {
-	return runOptionFunc(func(ei *ExecInfo) {
-		ei.State = ei.State.Dirf(str, v...)
-	})
-}
-
 func AddExtraHost(host string, ip net.IP) RunOption {
 	return runOptionFunc(func(ei *ExecInfo) {
 		ei.State = ei.State.AddExtraHost(host, ip)
 	})
 }
 
-func Reset(s State) RunOption {
-	return runOptionFunc(func(ei *ExecInfo) {
-		ei.State = ei.State.Reset(s)
-	})
-}
-
 func With(so ...StateOption) RunOption {
 	return runOptionFunc(func(ei *ExecInfo) {
 		ei.State = ei.State.With(so...)
@@ -604,10 +642,11 @@ type MountInfo struct {
 }
 
 type ProxyEnv struct {
-	HttpProxy  string
-	HttpsProxy string
-	FtpProxy   string
+	HTTPProxy  string
+	HTTPSProxy string
+	FTPProxy   string
 	NoProxy    string
+	AllProxy   string
 }
 
 type CacheMountSharingMode int
@@ -623,3 +662,8 @@ const (
 	NetModeHost    = pb.NetMode_HOST
 	NetModeNone    = pb.NetMode_NONE
 )
+
+const (
+	SecurityModeInsecure = pb.SecurityMode_INSECURE
+	SecurityModeSandbox  = pb.SecurityMode_SANDBOX
+)
diff --git a/vendor/github.com/moby/buildkit/client/llb/fileop.go b/vendor/github.com/moby/buildkit/client/llb/fileop.go
new file mode 100644
index 0000000000000..1f43974cb0804
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/client/llb/fileop.go
@@ -0,0 +1,776 @@
+package llb
+
+import (
+	"context"
+	_ "crypto/sha256" // for opencontainers/go-digest
+	"os"
+	"path"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/moby/buildkit/solver/pb"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+)
+
+// Examples:
+// local := llb.Local(...)
+// llb.Image().Dir("/abc").File(Mkdir("./foo").Mkfile("/abc/foo/bar", []byte("data")))
+// llb.Image().File(Mkdir("/foo").Mkfile("/foo/bar", []byte("data")))
+// llb.Image().File(Copy(local, "/foo", "/bar")).File(Copy(local, "/foo2", "/bar2"))
+//
+// a := Mkdir("./foo")  // *FileAction /ced/foo
+// b := Mkdir("./bar") // /abc/bar
+// c := b.Copy(a.WithState(llb.Scratch().Dir("/ced")), "./foo", "./baz") // /abc/baz
+// llb.Image().Dir("/abc").File(c)
+//
+// In future this can be extended to multiple outputs with:
+// a := Mkdir("./foo")
+// b, id := a.GetSelector()
+// c := b.Mkdir("./bar")
+// filestate = state.File(c)
+// filestate.GetOutput(id).Exec()
+
+func NewFileOp(s State, action *FileAction, c Constraints) *FileOp {
+	action = action.bind(s)
+
+	f := &FileOp{
+		action:      action,
+		constraints: c,
+	}
+
+	f.output = &output{vertex: f, getIndex: func() (pb.OutputIndex, error) {
+		return pb.OutputIndex(0), nil
+	}}
+
+	return f
+}
+
+// CopyInput is either llb.State or *FileActionWithState
+type CopyInput interface {
+	isFileOpCopyInput()
+}
+
+type subAction interface {
+	toProtoAction(context.Context, string, pb.InputIndex) (pb.IsFileAction, error)
+}
+
+type capAdder interface {
+	addCaps(*FileOp)
+}
+
+type FileAction struct {
+	state  *State
+	prev   *FileAction
+	action subAction
+	err    error
+}
+
+func (fa *FileAction) Mkdir(p string, m os.FileMode, opt ...MkdirOption) *FileAction {
+	a := Mkdir(p, m, opt...)
+	a.prev = fa
+	return a
+}
+
+func (fa *FileAction) Mkfile(p string, m os.FileMode, dt []byte, opt ...MkfileOption) *FileAction {
+	a := Mkfile(p, m, dt, opt...)
+	a.prev = fa
+	return a
+}
+
+func (fa *FileAction) Rm(p string, opt ...RmOption) *FileAction {
+	a := Rm(p, opt...)
+	a.prev = fa
+	return a
+}
+
+func (fa *FileAction) Copy(input CopyInput, src, dest string, opt ...CopyOption) *FileAction {
+	a := Copy(input, src, dest, opt...)
+	a.prev = fa
+	return a
+}
+
+func (fa *FileAction) allOutputs(m map[Output]struct{}) {
+	if fa == nil {
+		return
+	}
+	if fa.state != nil && fa.state.Output() != nil {
+		m[fa.state.Output()] = struct{}{}
+	}
+
+	if a, ok := fa.action.(*fileActionCopy); ok {
+		if a.state != nil {
+			if out := a.state.Output(); out != nil {
+				m[out] = struct{}{}
+			}
+		} else if a.fas != nil {
+			a.fas.allOutputs(m)
+		}
+	}
+	fa.prev.allOutputs(m)
+}
+
+func (fa *FileAction) bind(s State) *FileAction {
+	if fa == nil {
+		return nil
+	}
+	fa2 := *fa
+	fa2.prev = fa.prev.bind(s)
+	fa2.state = &s
+	return &fa2
+}
+
+func (fa *FileAction) WithState(s State) CopyInput {
+	return &fileActionWithState{FileAction: fa.bind(s)}
+}
+
+type fileActionWithState struct {
+	*FileAction
+}
+
+func (fas *fileActionWithState) isFileOpCopyInput() {}
+
+func Mkdir(p string, m os.FileMode, opt ...MkdirOption) *FileAction {
+	var mi MkdirInfo
+	for _, o := range opt {
+		o.SetMkdirOption(&mi)
+	}
+	return &FileAction{
+		action: &fileActionMkdir{
+			file: p,
+			mode: m,
+			info: mi,
+		},
+	}
+}
+
+type fileActionMkdir struct {
+	file string
+	mode os.FileMode
+	info MkdirInfo
+}
+
+func (a *fileActionMkdir) toProtoAction(ctx context.Context, parent string, base pb.InputIndex) (pb.IsFileAction, error) {
+	return &pb.FileAction_Mkdir{
+		Mkdir: &pb.FileActionMkDir{
+			Path:        normalizePath(parent, a.file, false),
+			Mode:        int32(a.mode & 0777),
+			MakeParents: a.info.MakeParents,
+			Owner:       a.info.ChownOpt.marshal(base),
+			Timestamp:   marshalTime(a.info.CreatedTime),
+		},
+	}, nil
+}
+
+type MkdirOption interface {
+	SetMkdirOption(*MkdirInfo)
+}
+
+type ChownOption interface {
+	MkdirOption
+	MkfileOption
+	CopyOption
+}
+
+type mkdirOptionFunc func(*MkdirInfo)
+
+func (fn mkdirOptionFunc) SetMkdirOption(mi *MkdirInfo) {
+	fn(mi)
+}
+
+var _ MkdirOption = &MkdirInfo{}
+
+func WithParents(b bool) MkdirOption {
+	return mkdirOptionFunc(func(mi *MkdirInfo) {
+		mi.MakeParents = b
+	})
+}
+
+type MkdirInfo struct {
+	MakeParents bool
+	ChownOpt    *ChownOpt
+	CreatedTime *time.Time
+}
+
+func (mi *MkdirInfo) SetMkdirOption(mi2 *MkdirInfo) {
+	*mi2 = *mi
+}
+
+func WithUser(name string) ChownOption {
+	opt := ChownOpt{}
+
+	parts := strings.SplitN(name, ":", 2)
+	for i, v := range parts {
+		switch i {
+		case 0:
+			uid, err := parseUID(v)
+			if err != nil {
+				opt.User = &UserOpt{Name: v}
+			} else {
+				opt.User = &UserOpt{UID: uid}
+			}
+		case 1:
+			gid, err := parseUID(v)
+			if err != nil {
+				opt.Group = &UserOpt{Name: v}
+			} else {
+				opt.Group = &UserOpt{UID: gid}
+			}
+		}
+	}
+
+	return opt
+}
+
+func parseUID(str string) (int, error) {
+	if str == "root" {
+		return 0, nil
+	}
+	uid, err := strconv.ParseInt(str, 10, 32)
+	if err != nil {
+		return 0, err
+	}
+	return int(uid), nil
+}
+
+func WithUIDGID(uid, gid int) ChownOption {
+	return ChownOpt{
+		User:  &UserOpt{UID: uid},
+		Group: &UserOpt{UID: gid},
+	}
+}
+
+type ChownOpt struct {
+	User  *UserOpt
+	Group *UserOpt
+}
+
+func (co ChownOpt) SetMkdirOption(mi *MkdirInfo) {
+	mi.ChownOpt = &co
+}
+func (co ChownOpt) SetMkfileOption(mi *MkfileInfo) {
+	mi.ChownOpt = &co
+}
+func (co ChownOpt) SetCopyOption(mi *CopyInfo) {
+	mi.ChownOpt = &co
+}
+
+func (co *ChownOpt) marshal(base pb.InputIndex) *pb.ChownOpt {
+	if co == nil {
+		return nil
+	}
+	return &pb.ChownOpt{
+		User:  co.User.marshal(base),
+		Group: co.Group.marshal(base),
+	}
+}
+
+type UserOpt struct {
+	UID  int
+	Name string
+}
+
+func (up *UserOpt) marshal(base pb.InputIndex) *pb.UserOpt {
+	if up == nil {
+		return nil
+	}
+	if up.Name != "" {
+		return &pb.UserOpt{User: &pb.UserOpt_ByName{ByName: &pb.NamedUserOpt{
+			Name: up.Name, Input: base}}}
+	}
+	return &pb.UserOpt{User: &pb.UserOpt_ByID{ByID: uint32(up.UID)}}
+}
+
+func Mkfile(p string, m os.FileMode, dt []byte, opts ...MkfileOption) *FileAction {
+	var mi MkfileInfo
+	for _, o := range opts {
+		o.SetMkfileOption(&mi)
+	}
+
+	return &FileAction{
+		action: &fileActionMkfile{
+			file: p,
+			mode: m,
+			dt:   dt,
+			info: mi,
+		},
+	}
+}
+
+type MkfileOption interface {
+	SetMkfileOption(*MkfileInfo)
+}
+
+type MkfileInfo struct {
+	ChownOpt    *ChownOpt
+	CreatedTime *time.Time
+}
+
+func (mi *MkfileInfo) SetMkfileOption(mi2 *MkfileInfo) {
+	*mi2 = *mi
+}
+
+var _ MkfileOption = &MkfileInfo{}
+
+type fileActionMkfile struct {
+	file string
+	mode os.FileMode
+	dt   []byte
+	info MkfileInfo
+}
+
+func (a *fileActionMkfile) toProtoAction(ctx context.Context, parent string, base pb.InputIndex) (pb.IsFileAction, error) {
+	return &pb.FileAction_Mkfile{
+		Mkfile: &pb.FileActionMkFile{
+			Path:      normalizePath(parent, a.file, false),
+			Mode:      int32(a.mode & 0777),
+			Data:      a.dt,
+			Owner:     a.info.ChownOpt.marshal(base),
+			Timestamp: marshalTime(a.info.CreatedTime),
+		},
+	}, nil
+}
+
+func Rm(p string, opts ...RmOption) *FileAction {
+	var mi RmInfo
+	for _, o := range opts {
+		o.SetRmOption(&mi)
+	}
+
+	return &FileAction{
+		action: &fileActionRm{
+			file: p,
+			info: mi,
+		},
+	}
+}
+
+type RmOption interface {
+	SetRmOption(*RmInfo)
+}
+
+type rmOptionFunc func(*RmInfo)
+
+func (fn rmOptionFunc) SetRmOption(mi *RmInfo) {
+	fn(mi)
+}
+
+type RmInfo struct {
+	AllowNotFound bool
+	AllowWildcard bool
+}
+
+func (mi *RmInfo) SetRmOption(mi2 *RmInfo) {
+	*mi2 = *mi
+}
+
+var _ RmOption = &RmInfo{}
+
+func WithAllowNotFound(b bool) RmOption {
+	return rmOptionFunc(func(mi *RmInfo) {
+		mi.AllowNotFound = b
+	})
+}
+
+func WithAllowWildcard(b bool) RmOption {
+	return rmOptionFunc(func(mi *RmInfo) {
+		mi.AllowWildcard = b
+	})
+}
+
+type fileActionRm struct {
+	file string
+	info RmInfo
+}
+
+func (a *fileActionRm) toProtoAction(ctx context.Context, parent string, base pb.InputIndex) (pb.IsFileAction, error) {
+	return &pb.FileAction_Rm{
+		Rm: &pb.FileActionRm{
+			Path:          normalizePath(parent, a.file, false),
+			AllowNotFound: a.info.AllowNotFound,
+			AllowWildcard: a.info.AllowWildcard,
+		},
+	}, nil
+}
+
+func Copy(input CopyInput, src, dest string, opts ...CopyOption) *FileAction {
+	var state *State
+	var fas *fileActionWithState
+	var err error
+	if st, ok := input.(State); ok {
+		state = &st
+	} else if v, ok := input.(*fileActionWithState); ok {
+		fas = v
+	} else {
+		err = errors.Errorf("invalid input type %T for copy", input)
+	}
+
+	var mi CopyInfo
+	for _, o := range opts {
+		o.SetCopyOption(&mi)
+	}
+
+	return &FileAction{
+		action: &fileActionCopy{
+			state: state,
+			fas:   fas,
+			src:   src,
+			dest:  dest,
+			info:  mi,
+		},
+		err: err,
+	}
+}
+
+type CopyOption interface {
+	SetCopyOption(*CopyInfo)
+}
+
+type CopyInfo struct {
+	Mode                *os.FileMode
+	FollowSymlinks      bool
+	CopyDirContentsOnly bool
+	IncludePatterns     []string
+	ExcludePatterns     []string
+	AttemptUnpack       bool
+	CreateDestPath      bool
+	AllowWildcard       bool
+	AllowEmptyWildcard  bool
+	ChownOpt            *ChownOpt
+	CreatedTime         *time.Time
+}
+
+func (mi *CopyInfo) SetCopyOption(mi2 *CopyInfo) {
+	*mi2 = *mi
+}
+
+var _ CopyOption = &CopyInfo{}
+
+type fileActionCopy struct {
+	state *State
+	fas   *fileActionWithState
+	src   string
+	dest  string
+	info  CopyInfo
+}
+
+func (a *fileActionCopy) toProtoAction(ctx context.Context, parent string, base pb.InputIndex) (pb.IsFileAction, error) {
+	src, err := a.sourcePath(ctx)
+	if err != nil {
+		return nil, err
+	}
+	c := &pb.FileActionCopy{
+		Src:                              src,
+		Dest:                             normalizePath(parent, a.dest, true),
+		Owner:                            a.info.ChownOpt.marshal(base),
+		IncludePatterns:                  a.info.IncludePatterns,
+		ExcludePatterns:                  a.info.ExcludePatterns,
+		AllowWildcard:                    a.info.AllowWildcard,
+		AllowEmptyWildcard:               a.info.AllowEmptyWildcard,
+		FollowSymlink:                    a.info.FollowSymlinks,
+		DirCopyContents:                  a.info.CopyDirContentsOnly,
+		AttemptUnpackDockerCompatibility: a.info.AttemptUnpack,
+		CreateDestPath:                   a.info.CreateDestPath,
+		Timestamp:                        marshalTime(a.info.CreatedTime),
+	}
+	if a.info.Mode != nil {
+		c.Mode = int32(*a.info.Mode)
+	} else {
+		c.Mode = -1
+	}
+	return &pb.FileAction_Copy{
+		Copy: c,
+	}, nil
+}
+
+func (a *fileActionCopy) sourcePath(ctx context.Context) (string, error) {
+	p := path.Clean(a.src)
+	if !path.IsAbs(p) {
+		if a.state != nil {
+			dir, err := a.state.GetDir(ctx)
+			if err != nil {
+				return "", err
+			}
+			p = path.Join("/", dir, p)
+		} else if a.fas != nil {
+			dir, err := a.fas.state.GetDir(ctx)
+			if err != nil {
+				return "", err
+			}
+			p = path.Join("/", dir, p)
+		}
+	}
+	return p, nil
+}
+
+func (a *fileActionCopy) addCaps(f *FileOp) {
+	if len(a.info.IncludePatterns) != 0 || len(a.info.ExcludePatterns) != 0 {
+		addCap(&f.constraints, pb.CapFileCopyIncludeExcludePatterns)
+	}
+}
+
+type CreatedTime time.Time
+
+func WithCreatedTime(t time.Time) CreatedTime {
+	return CreatedTime(t)
+}
+
+func (c CreatedTime) SetMkdirOption(mi *MkdirInfo) {
+	mi.CreatedTime = (*time.Time)(&c)
+}
+
+func (c CreatedTime) SetMkfileOption(mi *MkfileInfo) {
+	mi.CreatedTime = (*time.Time)(&c)
+}
+
+func (c CreatedTime) SetCopyOption(mi *CopyInfo) {
+	mi.CreatedTime = (*time.Time)(&c)
+}
+
+func marshalTime(t *time.Time) int64 {
+	if t == nil {
+		return -1
+	}
+	return t.UnixNano()
+}
+
+type FileOp struct {
+	MarshalCache
+	action *FileAction
+	output Output
+
+	constraints Constraints
+	isValidated bool
+}
+
+func (f *FileOp) Validate(context.Context) error {
+	if f.isValidated {
+		return nil
+	}
+	if f.action == nil {
+		return errors.Errorf("action is required")
+	}
+	f.isValidated = true
+	return nil
+}
+
+type marshalState struct {
+	ctx     context.Context
+	visited map[*FileAction]*fileActionState
+	inputs  []*pb.Input
+	actions []*fileActionState
+}
+
+func newMarshalState(ctx context.Context) *marshalState {
+	return &marshalState{
+		visited: map[*FileAction]*fileActionState{},
+		ctx:     ctx,
+	}
+}
+
+type fileActionState struct {
+	base           pb.InputIndex
+	input          pb.InputIndex
+	inputRelative  *int
+	input2         pb.InputIndex
+	input2Relative *int
+	target         int
+	action         subAction
+	fa             *FileAction
+}
+
+func (ms *marshalState) addInput(st *fileActionState, c *Constraints, o Output) (pb.InputIndex, error) {
+	inp, err := o.ToInput(ms.ctx, c)
+	if err != nil {
+		return 0, err
+	}
+	for i, inp2 := range ms.inputs {
+		if *inp == *inp2 {
+			return pb.InputIndex(i), nil
+		}
+	}
+	i := pb.InputIndex(len(ms.inputs))
+	ms.inputs = append(ms.inputs, inp)
+	return i, nil
+}
+
+func (ms *marshalState) add(fa *FileAction, c *Constraints) (*fileActionState, error) {
+	if st, ok := ms.visited[fa]; ok {
+		return st, nil
+	}
+
+	if fa.err != nil {
+		return nil, fa.err
+	}
+
+	var prevState *fileActionState
+	if parent := fa.prev; parent != nil {
+		var err error
+		prevState, err = ms.add(parent, c)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	st := &fileActionState{
+		action: fa.action,
+		input:  -1,
+		input2: -1,
+		base:   -1,
+		fa:     fa,
+	}
+
+	if source := fa.state.Output(); source != nil {
+		inp, err := ms.addInput(st, c, source)
+		if err != nil {
+			return nil, err
+		}
+		st.base = inp
+	}
+
+	if fa.prev == nil {
+		st.input = st.base
+	} else {
+		st.inputRelative = &prevState.target
+	}
+
+	if a, ok := fa.action.(*fileActionCopy); ok {
+		if a.state != nil {
+			if out := a.state.Output(); out != nil {
+				inp, err := ms.addInput(st, c, out)
+				if err != nil {
+					return nil, err
+				}
+				st.input2 = inp
+			}
+		} else if a.fas != nil {
+			src, err := ms.add(a.fas.FileAction, c)
+			if err != nil {
+				return nil, err
+			}
+			st.input2Relative = &src.target
+		} else {
+			return nil, errors.Errorf("invalid empty source for copy")
+		}
+	}
+
+	st.target = len(ms.actions)
+
+	ms.visited[fa] = st
+	ms.actions = append(ms.actions, st)
+
+	return st, nil
+}
+
+func (f *FileOp) Marshal(ctx context.Context, c *Constraints) (digest.Digest, []byte, *pb.OpMetadata, []*SourceLocation, error) {
+	if f.Cached(c) {
+		return f.Load()
+	}
+	if err := f.Validate(ctx); err != nil {
+		return "", nil, nil, nil, err
+	}
+
+	addCap(&f.constraints, pb.CapFileBase)
+
+	pfo := &pb.FileOp{}
+
+	if f.constraints.Platform == nil {
+		p, err := getPlatform(*f.action.state)(ctx)
+		if err != nil {
+			return "", nil, nil, nil, err
+		}
+		f.constraints.Platform = p
+	}
+
+	pop, md := MarshalConstraints(c, &f.constraints)
+	pop.Op = &pb.Op_File{
+		File: pfo,
+	}
+
+	state := newMarshalState(ctx)
+	_, err := state.add(f.action, c)
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+	pop.Inputs = state.inputs
+
+	for i, st := range state.actions {
+		if adder, isCapAdder := st.action.(capAdder); isCapAdder {
+			adder.addCaps(f)
+		}
+
+		output := pb.OutputIndex(-1)
+		if i+1 == len(state.actions) {
+			output = 0
+		}
+
+		var parent string
+		if st.fa.state != nil {
+			parent, err = st.fa.state.GetDir(ctx)
+			if err != nil {
+				return "", nil, nil, nil, err
+			}
+		}
+
+		action, err := st.action.toProtoAction(ctx, parent, st.base)
+		if err != nil {
+			return "", nil, nil, nil, err
+		}
+
+		pfo.Actions = append(pfo.Actions, &pb.FileAction{
+			Input:          getIndex(st.input, len(state.inputs), st.inputRelative),
+			SecondaryInput: getIndex(st.input2, len(state.inputs), st.input2Relative),
+			Output:         output,
+			Action:         action,
+		})
+	}
+
+	dt, err := pop.Marshal()
+	if err != nil {
+		return "", nil, nil, nil, err
+	}
+	f.Store(dt, md, f.constraints.SourceLocations, c)
+	return f.Load()
+}
+
+func normalizePath(parent, p string, keepSlash bool) string {
+	origPath := p
+	p = path.Clean(p)
+	if !path.IsAbs(p) {
+		p = path.Join("/", parent, p)
+	}
+	if keepSlash {
+		if strings.HasSuffix(origPath, "/") && !strings.HasSuffix(p, "/") {
+			p += "/"
+		} else if strings.HasSuffix(origPath, "/.") {
+			if p != "/" {
+				p += "/"
+			}
+			p += "."
+		}
+	}
+	return p
+}
+
+func (f *FileOp) Output() Output {
+	return f.output
+}
+
+func (f *FileOp) Inputs() (inputs []Output) {
+	mm := map[Output]struct{}{}
+
+	f.action.allOutputs(mm)
+
+	for o := range mm {
+		inputs = append(inputs, o)
+	}
+	return inputs
+}
+
+func getIndex(input pb.InputIndex, len int, relative *int) pb.InputIndex {
+	if relative != nil {
+		return pb.InputIndex(len + *relative)
+	}
+	return input
+}
diff --git a/vendor/github.com/moby/buildkit/client/llb/imagemetaresolver/resolver.go b/vendor/github.com/moby/buildkit/client/llb/imagemetaresolver/resolver.go
index e13a5780fb4ec..97a0cba731cd7 100644
--- a/vendor/github.com/moby/buildkit/client/llb/imagemetaresolver/resolver.go
+++ b/vendor/github.com/moby/buildkit/client/llb/imagemetaresolver/resolver.go
@@ -8,11 +8,10 @@ import (
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/remotes"
 	"github.com/containerd/containerd/remotes/docker"
-	"github.com/docker/docker/pkg/locker"
 	"github.com/moby/buildkit/client/llb"
-	gw "github.com/moby/buildkit/frontend/gateway/client"
 	"github.com/moby/buildkit/util/contentutil"
 	"github.com/moby/buildkit/util/imageutil"
+	"github.com/moby/locker"
 	digest "github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
@@ -72,7 +71,7 @@ type resolveResult struct {
 	dgst   digest.Digest
 }
 
-func (imr *imageMetaResolver) ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (digest.Digest, []byte, error) {
+func (imr *imageMetaResolver) ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt) (digest.Digest, []byte, error) {
 	imr.locker.Lock(ref)
 	defer imr.locker.Unlock(ref)
 
@@ -87,7 +86,7 @@ func (imr *imageMetaResolver) ResolveImageConfig(ctx context.Context, ref string
 		return res.dgst, res.config, nil
 	}
 
-	dgst, config, err := imageutil.Config(ctx, ref, imr.resolver, imr.buffer, platform)
+	dgst, config, err := imageutil.Config(ctx, ref, imr.resolver, imr.buffer, nil, platform)
 	if err != nil {
 		return "", nil, err
 	}
diff --git a/vendor/github.com/moby/buildkit/client/llb/marshal.go b/vendor/github.com/moby/buildkit/client/llb/marshal.go
index 65a352fae89c0..282b592b7b1eb 100644
--- a/vendor/github.com/moby/buildkit/client/llb/marshal.go
+++ b/vendor/github.com/moby/buildkit/client/llb/marshal.go
@@ -14,21 +14,24 @@ import (
 type Definition struct {
 	Def      [][]byte
 	Metadata map[digest.Digest]pb.OpMetadata
+	Source   *pb.Source
 }
 
 func (def *Definition) ToPB() *pb.Definition {
-	md := make(map[digest.Digest]pb.OpMetadata)
+	md := make(map[digest.Digest]pb.OpMetadata, len(def.Metadata))
 	for k, v := range def.Metadata {
 		md[k] = v
 	}
 	return &pb.Definition{
 		Def:      def.Def,
+		Source:   def.Source,
 		Metadata: md,
 	}
 }
 
 func (def *Definition) FromPB(x *pb.Definition) {
 	def.Def = x.Def
+	def.Source = x.Source
 	def.Metadata = make(map[digest.Digest]pb.OpMetadata)
 	for k, v := range x.Metadata {
 		def.Metadata[k] = v
@@ -95,18 +98,20 @@ type MarshalCache struct {
 	digest      digest.Digest
 	dt          []byte
 	md          *pb.OpMetadata
+	srcs        []*SourceLocation
 	constraints *Constraints
 }
 
 func (mc *MarshalCache) Cached(c *Constraints) bool {
 	return mc.dt != nil && mc.constraints == c
 }
-func (mc *MarshalCache) Load() (digest.Digest, []byte, *pb.OpMetadata, error) {
-	return mc.digest, mc.dt, mc.md, nil
+func (mc *MarshalCache) Load() (digest.Digest, []byte, *pb.OpMetadata, []*SourceLocation, error) {
+	return mc.digest, mc.dt, mc.md, mc.srcs, nil
 }
-func (mc *MarshalCache) Store(dt []byte, md *pb.OpMetadata, c *Constraints) {
+func (mc *MarshalCache) Store(dt []byte, md *pb.OpMetadata, srcs []*SourceLocation, c *Constraints) {
 	mc.digest = digest.FromBytes(dt)
 	mc.dt = dt
 	mc.md = md
 	mc.constraints = c
+	mc.srcs = srcs
 }
diff --git a/vendor/github.com/moby/buildkit/client/llb/meta.go b/vendor/github.com/moby/buildkit/client/llb/meta.go
index 702ea145651fe..80cc18dab1c72 100644
--- a/vendor/github.com/moby/buildkit/client/llb/meta.go
+++ b/vendor/github.com/moby/buildkit/client/llb/meta.go
@@ -1,6 +1,7 @@
 package llb
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"path"
@@ -18,79 +19,148 @@ var (
 	keyDir       = contextKeyT("llb.exec.dir")
 	keyEnv       = contextKeyT("llb.exec.env")
 	keyUser      = contextKeyT("llb.exec.user")
+	keyHostname  = contextKeyT("llb.exec.hostname")
 	keyExtraHost = contextKeyT("llb.exec.extrahost")
 	keyPlatform  = contextKeyT("llb.platform")
 	keyNetwork   = contextKeyT("llb.network")
+	keySecurity  = contextKeyT("llb.security")
 )
 
-func addEnvf(key, value string, v ...interface{}) StateOption {
+func AddEnvf(key, value string, v ...interface{}) StateOption {
+	return addEnvf(key, value, true, v...)
+}
+
+func AddEnv(key, value string) StateOption {
+	return addEnvf(key, value, false)
+}
+
+func addEnvf(key, value string, replace bool, v ...interface{}) StateOption {
+	if replace {
+		value = fmt.Sprintf(value, v...)
+	}
 	return func(s State) State {
-		return s.WithValue(keyEnv, getEnv(s).AddOrReplace(key, fmt.Sprintf(value, v...)))
+		return s.withValue(keyEnv, func(ctx context.Context) (interface{}, error) {
+			env, err := getEnv(s)(ctx)
+			if err != nil {
+				return nil, err
+			}
+			return env.AddOrReplace(key, value), nil
+		})
 	}
 }
 
-func dir(str string) StateOption {
-	return dirf(str)
+func Dir(str string) StateOption {
+	return dirf(str, false)
 }
 
-func dirf(str string, v ...interface{}) StateOption {
+func Dirf(str string, v ...interface{}) StateOption {
+	return dirf(str, true, v...)
+}
+
+func dirf(value string, replace bool, v ...interface{}) StateOption {
+	if replace {
+		value = fmt.Sprintf(value, v...)
+	}
 	return func(s State) State {
-		value := fmt.Sprintf(str, v...)
-		if !path.IsAbs(value) {
-			prev := getDir(s)
-			if prev == "" {
-				prev = "/"
+		return s.withValue(keyDir, func(ctx context.Context) (interface{}, error) {
+			if !path.IsAbs(value) {
+				prev, err := getDir(s)(ctx)
+				if err != nil {
+					return nil, err
+				}
+				if prev == "" {
+					prev = "/"
+				}
+				value = path.Join(prev, value)
 			}
-			value = path.Join(prev, value)
-		}
-		return s.WithValue(keyDir, value)
+			return value, nil
+		})
 	}
 }
 
-func user(str string) StateOption {
+func User(str string) StateOption {
 	return func(s State) State {
 		return s.WithValue(keyUser, str)
 	}
 }
 
-func reset(s_ State) StateOption {
+func Reset(other State) StateOption {
 	return func(s State) State {
 		s = NewState(s.Output())
-		s.ctx = s_.ctx
+		s.prev = &other
 		return s
 	}
 }
 
-func getEnv(s State) EnvList {
-	v := s.Value(keyEnv)
-	if v != nil {
-		return v.(EnvList)
+func getEnv(s State) func(context.Context) (EnvList, error) {
+	return func(ctx context.Context) (EnvList, error) {
+		v, err := s.getValue(keyEnv)(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if v != nil {
+			return v.(EnvList), nil
+		}
+		return EnvList{}, nil
+	}
+}
+
+func getDir(s State) func(context.Context) (string, error) {
+	return func(ctx context.Context) (string, error) {
+		v, err := s.getValue(keyDir)(ctx)
+		if err != nil {
+			return "", err
+		}
+		if v != nil {
+			return v.(string), nil
+		}
+		return "", nil
 	}
-	return EnvList{}
 }
 
-func getDir(s State) string {
-	v := s.Value(keyDir)
-	if v != nil {
-		return v.(string)
+func getArgs(s State) func(context.Context) ([]string, error) {
+	return func(ctx context.Context) ([]string, error) {
+		v, err := s.getValue(keyArgs)(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if v != nil {
+			return v.([]string), nil
+		}
+		return nil, nil
+	}
+}
+
+func getUser(s State) func(context.Context) (string, error) {
+	return func(ctx context.Context) (string, error) {
+		v, err := s.getValue(keyUser)(ctx)
+		if err != nil {
+			return "", err
+		}
+		if v != nil {
+			return v.(string), nil
+		}
+		return "", nil
 	}
-	return ""
 }
 
-func getArgs(s State) []string {
-	v := s.Value(keyArgs)
-	if v != nil {
-		return v.([]string)
+func Hostname(str string) StateOption {
+	return func(s State) State {
+		return s.WithValue(keyHostname, str)
 	}
-	return nil
 }
 
-func getUser(s State) string {
-	v := s.Value(keyUser)
-	if v != nil {
-		return v.(string)
+func getHostname(s State) func(context.Context) (string, error) {
+	return func(ctx context.Context) (string, error) {
+		v, err := s.getValue(keyHostname)(ctx)
+		if err != nil {
+			return "", err
+		}
+		if v != nil {
+			return v.(string), nil
+		}
+		return "", nil
 	}
-	return ""
 }
 
 func args(args ...string) StateOption {
@@ -99,10 +169,13 @@ func args(args ...string) StateOption {
 	}
 }
 
-func shlexf(str string, v ...interface{}) StateOption {
+func shlexf(str string, replace bool, v ...interface{}) StateOption {
+	if replace {
+		str = fmt.Sprintf(str, v...)
+	}
 	return func(s State) State {
-		arg, err := shlex.Split(fmt.Sprintf(str, v...))
-		if err != nil {
+		arg, err := shlex.Split(str)
+		if err != nil { //nolint
 			// TODO: handle error
 		}
 		return args(arg...)(s)
@@ -115,27 +188,43 @@ func platform(p specs.Platform) StateOption {
 	}
 }
 
-func getPlatform(s State) *specs.Platform {
-	v := s.Value(keyPlatform)
-	if v != nil {
-		p := v.(specs.Platform)
-		return &p
+func getPlatform(s State) func(context.Context) (*specs.Platform, error) {
+	return func(ctx context.Context) (*specs.Platform, error) {
+		v, err := s.getValue(keyPlatform)(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if v != nil {
+			p := v.(specs.Platform)
+			return &p, nil
+		}
+		return nil, nil
 	}
-	return nil
 }
 
 func extraHost(host string, ip net.IP) StateOption {
 	return func(s State) State {
-		return s.WithValue(keyExtraHost, append(getExtraHosts(s), HostIP{Host: host, IP: ip}))
+		return s.withValue(keyExtraHost, func(ctx context.Context) (interface{}, error) {
+			v, err := getExtraHosts(s)(ctx)
+			if err != nil {
+				return nil, err
+			}
+			return append(v, HostIP{Host: host, IP: ip}), nil
+		})
 	}
 }
 
-func getExtraHosts(s State) []HostIP {
-	v := s.Value(keyExtraHost)
-	if v != nil {
-		return v.([]HostIP)
+func getExtraHosts(s State) func(context.Context) ([]HostIP, error) {
+	return func(ctx context.Context) ([]HostIP, error) {
+		v, err := s.getValue(keyExtraHost)(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if v != nil {
+			return v.([]HostIP), nil
+		}
+		return nil, nil
 	}
-	return nil
 }
 
 type HostIP struct {
@@ -143,19 +232,42 @@ type HostIP struct {
 	IP   net.IP
 }
 
-func network(v pb.NetMode) StateOption {
+func Network(v pb.NetMode) StateOption {
 	return func(s State) State {
 		return s.WithValue(keyNetwork, v)
 	}
 }
+func getNetwork(s State) func(context.Context) (pb.NetMode, error) {
+	return func(ctx context.Context) (pb.NetMode, error) {
+		v, err := s.getValue(keyNetwork)(ctx)
+		if err != nil {
+			return 0, err
+		}
+		if v != nil {
+			n := v.(pb.NetMode)
+			return n, nil
+		}
+		return NetModeSandbox, nil
+	}
+}
 
-func getNetwork(s State) pb.NetMode {
-	v := s.Value(keyNetwork)
-	if v != nil {
-		n := v.(pb.NetMode)
-		return n
+func Security(v pb.SecurityMode) StateOption {
+	return func(s State) State {
+		return s.WithValue(keySecurity, v)
+	}
+}
+func getSecurity(s State) func(context.Context) (pb.SecurityMode, error) {
+	return func(ctx context.Context) (pb.SecurityMode, error) {
+		v, err := s.getValue(keySecurity)(ctx)
+		if err != nil {
+			return 0, err
+		}
+		if v != nil {
+			n := v.(pb.SecurityMode)
+			return n, nil
+		}
+		return SecurityModeSandbox, nil
 	}
-	return NetModeSandbox
 }
 
 type EnvList []KeyValue
diff --git a/vendor/github.com/moby/buildkit/client/llb/resolver.go b/vendor/github.com/moby/buildkit/client/llb/resolver.go
index d670a991888f3..31fc395993f8a 100644
--- a/vendor/github.com/moby/buildkit/client/llb/resolver.go
+++ b/vendor/github.com/moby/buildkit/client/llb/resolver.go
@@ -3,8 +3,8 @@ package llb
 import (
 	"context"
 
-	gw "github.com/moby/buildkit/frontend/gateway/client"
 	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // WithMetaResolver adds a metadata resolver to an image
@@ -14,7 +14,22 @@ func WithMetaResolver(mr ImageMetaResolver) ImageOption {
 	})
 }
 
+// ResolveDigest uses the meta resolver to update the ref of image with full digest before marshaling.
+// This makes image ref immutable and is recommended if you want to make sure meta resolver data
+// matches the image used during the build.
+func ResolveDigest(v bool) ImageOption {
+	return imageOptionFunc(func(ii *ImageInfo) {
+		ii.resolveDigest = v
+	})
+}
+
 // ImageMetaResolver can resolve image config metadata from a reference
 type ImageMetaResolver interface {
-	ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (digest.Digest, []byte, error)
+	ResolveImageConfig(ctx context.Context, ref string, opt ResolveImageConfigOpt) (digest.Digest, []byte, error)
+}
+
+type ResolveImageConfigOpt struct {
+	Platform    *specs.Platform
+	ResolveMode string
+	LogName     string
 }
diff --git a/vendor/github.com/moby/buildkit/client/llb/source.go b/vendor/github.com/moby/buildkit/client/llb/source.go
index ef03b19f1b27d..7d389e8bda1fe 100644
--- a/vendor/github.com/moby/buildkit/client/llb/source.go
+++ b/vendor/github.com/moby/buildkit/client/llb/source.go
@@ -2,16 +2,17 @@ package llb
 
 import (
 	"context"
-	_ "crypto/sha256"
+	_ "crypto/sha256" // for opencontainers/go-digest
 	"encoding/json"
 	"os"
 	"strconv"
 	"strings"
 
 	"github.com/docker/distribution/reference"
-	gw "github.com/moby/buildkit/frontend/gateway/client"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/apicaps"
+	"github.com/moby/buildkit/util/gitutil"
+	"github.com/moby/buildkit/util/sshutil"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
@@ -35,7 +36,7 @@ func NewSource(id string, attrs map[string]string, c Constraints) *SourceOp {
 	return s
 }
 
-func (s *SourceOp) Validate() error {
+func (s *SourceOp) Validate(ctx context.Context) error {
 	if s.err != nil {
 		return s.err
 	}
@@ -45,12 +46,12 @@ func (s *SourceOp) Validate() error {
 	return nil
 }
 
-func (s *SourceOp) Marshal(constraints *Constraints) (digest.Digest, []byte, *pb.OpMetadata, error) {
+func (s *SourceOp) Marshal(ctx context.Context, constraints *Constraints) (digest.Digest, []byte, *pb.OpMetadata, []*SourceLocation, error) {
 	if s.Cached(constraints) {
 		return s.Load()
 	}
-	if err := s.Validate(); err != nil {
-		return "", nil, nil, err
+	if err := s.Validate(ctx); err != nil {
+		return "", nil, nil, nil, err
 	}
 
 	if strings.HasPrefix(s.id, "local://") {
@@ -75,10 +76,10 @@ func (s *SourceOp) Marshal(constraints *Constraints) (digest.Digest, []byte, *pb
 
 	dt, err := proto.Marshal()
 	if err != nil {
-		return "", nil, nil, err
+		return "", nil, nil, nil, err
 	}
 
-	s.Store(dt, md, constraints)
+	s.Store(dt, md, s.constraints.SourceLocations, constraints)
 	return s.Load()
 }
 
@@ -93,7 +94,8 @@ func (s *SourceOp) Inputs() []Output {
 func Image(ref string, opts ...ImageOption) State {
 	r, err := reference.ParseNormalizedNamed(ref)
 	if err == nil {
-		ref = reference.TagNameOnly(r).String()
+		r = reference.TagNameOnly(r)
+		ref = r.String()
 	}
 	var info ImageInfo
 	for _, opt := range opts {
@@ -117,40 +119,35 @@ func Image(ref string, opts ...ImageOption) State {
 	src := NewSource("docker-image://"+ref, attrs, info.Constraints) // controversial
 	if err != nil {
 		src.err = err
-	}
-	if info.metaResolver != nil {
-		_, dt, err := info.metaResolver.ResolveImageConfig(context.TODO(), ref, gw.ResolveImageConfigOpt{
-			Platform:    info.Constraints.Platform,
-			ResolveMode: info.resolveMode.String(),
-		})
-		if err != nil {
-			src.err = err
-		} else {
-			var img struct {
-				Config struct {
-					Env        []string `json:"Env,omitempty"`
-					WorkingDir string   `json:"WorkingDir,omitempty"`
-					User       string   `json:"User,omitempty"`
-				} `json:"config,omitempty"`
+	} else if info.metaResolver != nil {
+		if _, ok := r.(reference.Digested); ok || !info.resolveDigest {
+			return NewState(src.Output()).Async(func(ctx context.Context, st State) (State, error) {
+				_, dt, err := info.metaResolver.ResolveImageConfig(ctx, ref, ResolveImageConfigOpt{
+					Platform:    info.Constraints.Platform,
+					ResolveMode: info.resolveMode.String(),
+				})
+				if err != nil {
+					return State{}, err
+				}
+				return st.WithImageConfig(dt)
+			})
+		}
+		return Scratch().Async(func(ctx context.Context, _ State) (State, error) {
+			dgst, dt, err := info.metaResolver.ResolveImageConfig(context.TODO(), ref, ResolveImageConfigOpt{
+				Platform:    info.Constraints.Platform,
+				ResolveMode: info.resolveMode.String(),
+			})
+			if err != nil {
+				return State{}, err
 			}
-			if err := json.Unmarshal(dt, &img); err != nil {
-				src.err = err
-			} else {
-				st := NewState(src.Output())
-				for _, env := range img.Config.Env {
-					parts := strings.SplitN(env, "=", 2)
-					if len(parts[0]) > 0 {
-						var v string
-						if len(parts) > 1 {
-							v = parts[1]
-						}
-						st = st.AddEnv(parts[0], v)
-					}
+			if dgst != "" {
+				r, err = reference.WithDigest(r, dgst)
+				if err != nil {
+					return State{}, err
 				}
-				st = st.Dir(img.Config.WorkingDir)
-				return st
 			}
-		}
+			return NewState(NewSource("docker-image://"+r.String(), attrs, info.Constraints).Output()).WithImageConfig(dt)
+		})
 	}
 	return NewState(src.Output())
 }
@@ -196,22 +193,30 @@ func (r ResolveMode) String() string {
 
 type ImageInfo struct {
 	constraintsWrapper
-	metaResolver ImageMetaResolver
-	resolveMode  ResolveMode
-	RecordType   string
+	metaResolver  ImageMetaResolver
+	resolveDigest bool
+	resolveMode   ResolveMode
+	RecordType    string
 }
 
 func Git(remote, ref string, opts ...GitOption) State {
-	url := ""
-
-	for _, prefix := range []string{
-		"http://", "https://", "git://", "git@",
-	} {
-		if strings.HasPrefix(remote, prefix) {
-			url = strings.Split(remote, "#")[0]
-			remote = strings.TrimPrefix(remote, prefix)
+	url := strings.Split(remote, "#")[0]
+
+	var protocolType int
+	remote, protocolType = gitutil.ParseProtocol(remote)
+
+	var sshHost string
+	if protocolType == gitutil.SSHProtocol {
+		parts := strings.SplitN(remote, ":", 2)
+		if len(parts) == 2 {
+			sshHost = parts[0]
+			// keep remote consistent with http(s) version
+			remote = parts[0] + "/" + parts[1]
 		}
 	}
+	if protocolType == gitutil.UnknownProtocol {
+		url = "https://" + url
+	}
 
 	id := remote
 
@@ -219,7 +224,10 @@ func Git(remote, ref string, opts ...GitOption) State {
 		id += "#" + ref
 	}
 
-	gi := &GitInfo{}
+	gi := &GitInfo{
+		AuthHeaderSecret: "GIT_AUTH_HEADER",
+		AuthTokenSecret:  "GIT_AUTH_TOKEN",
+	}
 	for _, o := range opts {
 		o.SetGitOption(gi)
 	}
@@ -232,6 +240,37 @@ func Git(remote, ref string, opts ...GitOption) State {
 		attrs[pb.AttrFullRemoteURL] = url
 		addCap(&gi.Constraints, pb.CapSourceGitFullURL)
 	}
+	if gi.AuthTokenSecret != "" {
+		attrs[pb.AttrAuthTokenSecret] = gi.AuthTokenSecret
+		if gi.addAuthCap {
+			addCap(&gi.Constraints, pb.CapSourceGitHTTPAuth)
+		}
+	}
+	if gi.AuthHeaderSecret != "" {
+		attrs[pb.AttrAuthHeaderSecret] = gi.AuthHeaderSecret
+		if gi.addAuthCap {
+			addCap(&gi.Constraints, pb.CapSourceGitHTTPAuth)
+		}
+	}
+	if protocolType == gitutil.SSHProtocol {
+		if gi.KnownSSHHosts != "" {
+			attrs[pb.AttrKnownSSHHosts] = gi.KnownSSHHosts
+		} else if sshHost != "" {
+			keyscan, err := sshutil.SSHKeyScan(sshHost)
+			if err == nil {
+				// best effort
+				attrs[pb.AttrKnownSSHHosts] = keyscan
+			}
+		}
+		addCap(&gi.Constraints, pb.CapSourceGitKnownSSHHosts)
+
+		if gi.MountSSHSock == "" {
+			attrs[pb.AttrMountSSHSock] = "default"
+		} else {
+			attrs[pb.AttrMountSSHSock] = gi.MountSSHSock
+		}
+		addCap(&gi.Constraints, pb.CapSourceGitMountSSHSock)
+	}
 
 	addCap(&gi.Constraints, pb.CapSourceGit)
 
@@ -250,7 +289,12 @@ func (fn gitOptionFunc) SetGitOption(gi *GitInfo) {
 
 type GitInfo struct {
 	constraintsWrapper
-	KeepGitDir bool
+	KeepGitDir       bool
+	AuthTokenSecret  string
+	AuthHeaderSecret string
+	addAuthCap       bool
+	KnownSSHHosts    string
+	MountSSHSock     string
 }
 
 func KeepGitDir() GitOption {
@@ -259,6 +303,33 @@ func KeepGitDir() GitOption {
 	})
 }
 
+func AuthTokenSecret(v string) GitOption {
+	return gitOptionFunc(func(gi *GitInfo) {
+		gi.AuthTokenSecret = v
+		gi.addAuthCap = true
+	})
+}
+
+func AuthHeaderSecret(v string) GitOption {
+	return gitOptionFunc(func(gi *GitInfo) {
+		gi.AuthHeaderSecret = v
+		gi.addAuthCap = true
+	})
+}
+
+func KnownSSHHosts(key string) GitOption {
+	key = strings.TrimSuffix(key, "\n")
+	return gitOptionFunc(func(gi *GitInfo) {
+		gi.KnownSSHHosts = gi.KnownSSHHosts + key + "\n"
+	})
+}
+
+func MountSSHSock(sshID string) GitOption {
+	return gitOptionFunc(func(gi *GitInfo) {
+		gi.MountSSHSock = sshID
+	})
+}
+
 func Scratch() State {
 	return NewState(nil)
 }
diff --git a/vendor/github.com/moby/buildkit/client/llb/sourcemap.go b/vendor/github.com/moby/buildkit/client/llb/sourcemap.go
new file mode 100644
index 0000000000000..87afde9954c86
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/client/llb/sourcemap.go
@@ -0,0 +1,111 @@
+package llb
+
+import (
+	"context"
+
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/opencontainers/go-digest"
+)
+
+type SourceMap struct {
+	State      *State
+	Definition *Definition
+	Filename   string
+	Data       []byte
+}
+
+func NewSourceMap(st *State, filename string, dt []byte) *SourceMap {
+	return &SourceMap{
+		State:    st,
+		Filename: filename,
+		Data:     dt,
+	}
+}
+
+func (s *SourceMap) Location(r []*pb.Range) ConstraintsOpt {
+	return constraintsOptFunc(func(c *Constraints) {
+		if s == nil {
+			return
+		}
+		c.SourceLocations = append(c.SourceLocations, &SourceLocation{
+			SourceMap: s,
+			Ranges:    r,
+		})
+	})
+}
+
+type SourceLocation struct {
+	SourceMap *SourceMap
+	Ranges    []*pb.Range
+}
+
+type sourceMapCollector struct {
+	maps      []*SourceMap
+	index     map[*SourceMap]int
+	locations map[digest.Digest][]*SourceLocation
+}
+
+func newSourceMapCollector() *sourceMapCollector {
+	return &sourceMapCollector{
+		index:     map[*SourceMap]int{},
+		locations: map[digest.Digest][]*SourceLocation{},
+	}
+}
+
+func (smc *sourceMapCollector) Add(dgst digest.Digest, ls []*SourceLocation) {
+	for _, l := range ls {
+		idx, ok := smc.index[l.SourceMap]
+		if !ok {
+			idx = len(smc.maps)
+			smc.maps = append(smc.maps, l.SourceMap)
+		}
+		smc.index[l.SourceMap] = idx
+	}
+	smc.locations[dgst] = ls
+}
+
+func (smc *sourceMapCollector) Marshal(ctx context.Context, co ...ConstraintsOpt) (*pb.Source, error) {
+	s := &pb.Source{
+		Locations: make(map[string]*pb.Locations),
+	}
+	for _, m := range smc.maps {
+		def := m.Definition
+		if def == nil && m.State != nil {
+			var err error
+			def, err = m.State.Marshal(ctx, co...)
+			if err != nil {
+				return nil, err
+			}
+			m.Definition = def
+		}
+
+		info := &pb.SourceInfo{
+			Data:     m.Data,
+			Filename: m.Filename,
+		}
+
+		if def != nil {
+			info.Definition = def.ToPB()
+		}
+
+		s.Infos = append(s.Infos, info)
+	}
+
+	for dgst, locs := range smc.locations {
+		pbLocs, ok := s.Locations[dgst.String()]
+		if !ok {
+			pbLocs = &pb.Locations{}
+		}
+
+		for _, loc := range locs {
+			pbLocs.Locations = append(pbLocs.Locations, &pb.Location{
+				SourceIndex: int32(smc.index[loc.SourceMap]),
+				Ranges:      loc.Ranges,
+			})
+		}
+
+		s.Locations[dgst.String()] = pbLocs
+	}
+
+	return s, nil
+}
diff --git a/vendor/github.com/moby/buildkit/client/llb/state.go b/vendor/github.com/moby/buildkit/client/llb/state.go
index 15639fd3eeca1..eca7164daadf8 100644
--- a/vendor/github.com/moby/buildkit/client/llb/state.go
+++ b/vendor/github.com/moby/buildkit/client/llb/state.go
@@ -2,8 +2,10 @@ package llb
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"net"
+	"strings"
 
 	"github.com/containerd/containerd/platforms"
 	"github.com/moby/buildkit/identity"
@@ -16,13 +18,13 @@ import (
 type StateOption func(State) State
 
 type Output interface {
-	ToInput(*Constraints) (*pb.Input, error)
-	Vertex() Vertex
+	ToInput(context.Context, *Constraints) (*pb.Input, error)
+	Vertex(context.Context) Vertex
 }
 
 type Vertex interface {
-	Validate() error
-	Marshal(*Constraints) (digest.Digest, []byte, *pb.OpMetadata, error)
+	Validate(context.Context) error
+	Marshal(context.Context, *Constraints) (digest.Digest, []byte, *pb.OpMetadata, []*SourceLocation, error)
 	Output() Output
 	Inputs() []Output
 }
@@ -30,17 +32,18 @@ type Vertex interface {
 func NewState(o Output) State {
 	s := State{
 		out: o,
-		ctx: context.Background(),
-	}
-	s = dir("/")(s)
+	}.Dir("/")
 	s = s.ensurePlatform()
 	return s
 }
 
 type State struct {
-	out  Output
-	ctx  context.Context
-	opts []ConstraintsOpt
+	out   Output
+	prev  *State
+	key   interface{}
+	value func(context.Context) (interface{}, error)
+	opts  []ConstraintsOpt
+	async *asyncState
 }
 
 func (s State) ensurePlatform() State {
@@ -55,14 +58,48 @@ func (s State) ensurePlatform() State {
 }
 
 func (s State) WithValue(k, v interface{}) State {
+	return s.withValue(k, func(context.Context) (interface{}, error) {
+		return v, nil
+	})
+}
+
+func (s State) withValue(k interface{}, v func(context.Context) (interface{}, error)) State {
 	return State{
-		out: s.out,
-		ctx: context.WithValue(s.ctx, k, v),
+		out:   s.Output(),
+		prev:  &s, // doesn't need to be original pointer
+		key:   k,
+		value: v,
 	}
 }
 
-func (s State) Value(k interface{}) interface{} {
-	return s.ctx.Value(k)
+func (s State) Value(ctx context.Context, k interface{}) (interface{}, error) {
+	return s.getValue(k)(ctx)
+}
+
+func (s State) getValue(k interface{}) func(context.Context) (interface{}, error) {
+	if s.key == k {
+		return s.value
+	}
+	if s.async != nil {
+		return func(ctx context.Context) (interface{}, error) {
+			err := s.async.Do(ctx)
+			if err != nil {
+				return nil, err
+			}
+			return s.async.target.getValue(k)(ctx)
+		}
+	}
+	if s.prev == nil {
+		return nilValue
+	}
+	return s.prev.getValue(k)
+}
+
+func (s State) Async(f func(context.Context, State) (State, error)) State {
+	s2 := State{
+		async: &asyncState{f: f, prev: s},
+	}
+	return s2
 }
 
 func (s State) SetMarshalDefaults(co ...ConstraintsOpt) State {
@@ -70,11 +107,11 @@ func (s State) SetMarshalDefaults(co ...ConstraintsOpt) State {
 	return s
 }
 
-func (s State) Marshal(co ...ConstraintsOpt) (*Definition, error) {
+func (s State) Marshal(ctx context.Context, co ...ConstraintsOpt) (*Definition, error) {
 	def := &Definition{
 		Metadata: make(map[digest.Digest]pb.OpMetadata, 0),
 	}
-	if s.Output() == nil {
+	if s.Output() == nil || s.Output().Vertex(ctx) == nil {
 		return def, nil
 	}
 
@@ -87,11 +124,13 @@ func (s State) Marshal(co ...ConstraintsOpt) (*Definition, error) {
 		o.SetConstraintsOption(c)
 	}
 
-	def, err := marshal(s.Output().Vertex(), def, map[digest.Digest]struct{}{}, map[Vertex]struct{}{}, c)
+	smc := newSourceMapCollector()
+
+	def, err := marshal(ctx, s.Output().Vertex(ctx), def, smc, map[digest.Digest]struct{}{}, map[Vertex]struct{}{}, c)
 	if err != nil {
 		return def, err
 	}
-	inp, err := s.Output().ToInput(c)
+	inp, err := s.Output().ToInput(ctx, c)
 	if err != nil {
 		return def, err
 	}
@@ -122,23 +161,28 @@ func (s State) Marshal(co ...ConstraintsOpt) (*Definition, error) {
 	}
 
 	def.Metadata[dgst] = md
+	sm, err := smc.Marshal(ctx, co...)
+	if err != nil {
+		return nil, err
+	}
+	def.Source = sm
 
 	return def, nil
 }
 
-func marshal(v Vertex, def *Definition, cache map[digest.Digest]struct{}, vertexCache map[Vertex]struct{}, c *Constraints) (*Definition, error) {
+func marshal(ctx context.Context, v Vertex, def *Definition, s *sourceMapCollector, cache map[digest.Digest]struct{}, vertexCache map[Vertex]struct{}, c *Constraints) (*Definition, error) {
 	if _, ok := vertexCache[v]; ok {
 		return def, nil
 	}
 	for _, inp := range v.Inputs() {
 		var err error
-		def, err = marshal(inp.Vertex(), def, cache, vertexCache, c)
+		def, err = marshal(ctx, inp.Vertex(ctx), def, s, cache, vertexCache, c)
 		if err != nil {
 			return def, err
 		}
 	}
 
-	dgst, dt, opMeta, err := v.Marshal(c)
+	dgst, dt, opMeta, sls, err := v.Marshal(ctx, c)
 	if err != nil {
 		return def, err
 	}
@@ -149,47 +193,64 @@ func marshal(v Vertex, def *Definition, cache map[digest.Digest]struct{}, vertex
 	if _, ok := cache[dgst]; ok {
 		return def, nil
 	}
+	s.Add(dgst, sls)
 	def.Def = append(def.Def, dt)
 	cache[dgst] = struct{}{}
 	return def, nil
 }
 
-func (s State) Validate() error {
-	return s.Output().Vertex().Validate()
+func (s State) Validate(ctx context.Context) error {
+	return s.Output().Vertex(ctx).Validate(ctx)
 }
 
 func (s State) Output() Output {
+	if s.async != nil {
+		return s.async.Output()
+	}
 	return s.out
 }
 
 func (s State) WithOutput(o Output) State {
+	prev := s
 	s = State{
-		out: o,
-		ctx: s.ctx,
+		out:  o,
+		prev: &prev,
 	}
 	s = s.ensurePlatform()
 	return s
 }
 
+func (s State) WithImageConfig(c []byte) (State, error) {
+	var img struct {
+		Config struct {
+			Env        []string `json:"Env,omitempty"`
+			WorkingDir string   `json:"WorkingDir,omitempty"`
+			User       string   `json:"User,omitempty"`
+		} `json:"config,omitempty"`
+	}
+	if err := json.Unmarshal(c, &img); err != nil {
+		return State{}, err
+	}
+	for _, env := range img.Config.Env {
+		parts := strings.SplitN(env, "=", 2)
+		if len(parts[0]) > 0 {
+			var v string
+			if len(parts) > 1 {
+				v = parts[1]
+			}
+			s = s.AddEnv(parts[0], v)
+		}
+	}
+	s = s.Dir(img.Config.WorkingDir)
+	return s, nil
+}
+
 func (s State) Run(ro ...RunOption) ExecState {
 	ei := &ExecInfo{State: s}
-	if p := s.GetPlatform(); p != nil {
-		ei.Constraints.Platform = p
-	}
 	for _, o := range ro {
 		o.SetRunOption(ei)
 	}
-	meta := Meta{
-		Args:       getArgs(ei.State),
-		Cwd:        getDir(ei.State),
-		Env:        getEnv(ei.State),
-		User:       getUser(ei.State),
-		ProxyEnv:   ei.ProxyEnv,
-		ExtraHosts: getExtraHosts(ei.State),
-		Network:    getNetwork(ei.State),
-	}
-
-	exec := NewExecOp(s.Output(), meta, ei.ReadonlyRootFS, ei.Constraints)
+	exec := NewExecOp(ei.State, ei.ProxyEnv, ei.ReadonlyRootFS, ei.Constraints)
 	for _, m := range ei.Mounts {
 		exec.AddMount(m.Target, m.Source, m.Opts...)
 	}
@@ -202,59 +263,92 @@ func (s State) Run(ro ...RunOption) ExecState {
 	}
 }
 
+func (s State) File(a *FileAction, opts ...ConstraintsOpt) State {
+	var c Constraints
+	for _, o := range opts {
+		o.SetConstraintsOption(&c)
+	}
+
+	return s.WithOutput(NewFileOp(s, a, c).Output())
+}
+
 func (s State) AddEnv(key, value string) State {
-	return s.AddEnvf(key, value)
+	return AddEnv(key, value)(s)
 }
 
 func (s State) AddEnvf(key, value string, v ...interface{}) State {
-	return addEnvf(key, value, v...)(s)
+	return AddEnvf(key, value, v...)(s)
 }
 
 func (s State) Dir(str string) State {
-	return s.Dirf(str)
+	return Dir(str)(s)
 }
 func (s State) Dirf(str string, v ...interface{}) State {
-	return dirf(str, v...)(s)
+	return Dirf(str, v...)(s)
 }
 
-func (s State) GetEnv(key string) (string, bool) {
-	return getEnv(s).Get(key)
+func (s State) GetEnv(ctx context.Context, key string) (string, bool, error) {
+	env, err := getEnv(s)(ctx)
+	if err != nil {
+		return "", false, err
+	}
+	v, ok := env.Get(key)
+	return v, ok, nil
 }
 
-func (s State) Env() []string {
-	return getEnv(s).ToArray()
+func (s State) Env(ctx context.Context) ([]string, error) {
+	env, err := getEnv(s)(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return env.ToArray(), nil
 }
 
-func (s State) GetDir() string {
-	return getDir(s)
+func (s State) GetDir(ctx context.Context) (string, error) {
+	return getDir(s)(ctx)
 }
 
-func (s State) GetArgs() []string {
-	return getArgs(s)
+func (s State) GetArgs(ctx context.Context) ([]string, error) {
+	return getArgs(s)(ctx)
 }
 
 func (s State) Reset(s2 State) State {
-	return reset(s2)(s)
+	return Reset(s2)(s)
 }
 
 func (s State) User(v string) State {
-	return user(v)(s)
+	return User(v)(s)
+}
+
+func (s State) Hostname(v string) State {
+	return Hostname(v)(s)
+}
+
+func (s State) GetHostname(ctx context.Context) (string, error) {
+	return getHostname(s)(ctx)
 }
 
 func (s State) Platform(p specs.Platform) State {
 	return platform(p)(s)
 }
 
-func (s State) GetPlatform() *specs.Platform {
-	return getPlatform(s)
+func (s State) GetPlatform(ctx context.Context) (*specs.Platform, error) {
+	return getPlatform(s)(ctx)
 }
 
 func (s State) Network(n pb.NetMode) State {
-	return network(n)(s)
+	return Network(n)(s)
+}
+
+func (s State) GetNetwork(ctx context.Context) (pb.NetMode, error) {
+	return getNetwork(s)(ctx)
+}
+func (s State) Security(n pb.SecurityMode) State {
+	return Security(n)(s)
 }
 
-func (s State) GetNetwork() pb.NetMode {
-	return getNetwork(s)
+func (s State) GetSecurity(ctx context.Context) (pb.SecurityMode, error) {
+	return getSecurity(s)(ctx)
 }
 
 func (s State) With(so ...StateOption) State {
@@ -268,6 +362,8 @@ func (s State) AddExtraHost(host string, ip net.IP) State {
 	return extraHost(host, ip)(s)
 }
 
+func (s State) isFileOpCopyInput() {}
+
 type output struct {
 	vertex   Vertex
 	getIndex func() (pb.OutputIndex, error)
@@ -275,7 +371,7 @@ type output struct {
 	platform *specs.Platform
 }
 
-func (o *output) ToInput(c *Constraints) (*pb.Input, error) {
+func (o *output) ToInput(ctx context.Context, c *Constraints) (*pb.Input, error) {
 	if o.err != nil {
 		return nil, o.err
 	}
@@ -287,14 +383,14 @@ func (o *output) ToInput(c *Constraints) (*pb.Input, error) {
 			return nil, err
 		}
 	}
-	dgst, _, _, err := o.vertex.Marshal(c)
+	dgst, _, _, _, err := o.vertex.Marshal(ctx, c)
 	if err != nil {
 		return nil, err
 	}
 	return &pb.Input{Digest: dgst, Index: index}, nil
 }
 
-func (o *output) Vertex() Vertex {
+func (o *output) Vertex(context.Context) Vertex {
 	return o.vertex
 }
 
@@ -378,12 +474,16 @@ func WithDescription(m map[string]string) ConstraintsOpt {
 	})
 }
 
-func WithCustomName(name string, a ...interface{}) ConstraintsOpt {
+func WithCustomName(name string) ConstraintsOpt {
 	return WithDescription(map[string]string{
-		"llb.customname": fmt.Sprintf(name, a...),
+		"llb.customname": name,
 	})
 }
 
+func WithCustomNamef(name string, a ...interface{}) ConstraintsOpt {
+	return WithCustomName(fmt.Sprintf(name, a...))
+}
+
 // WithExportCache forces results for this vertex to be exported with the cache
 func WithExportCache() ConstraintsOpt {
 	return constraintsOptFunc(func(c *Constraints) {
@@ -430,6 +530,7 @@ type Constraints struct {
 	Metadata          pb.OpMetadata
 	LocalUniqueID     string
 	Caps              *apicaps.CapSet
+	SourceLocations   []*SourceLocation
 }
 
 func Platform(p specs.Platform) ConstraintsOpt {
@@ -463,3 +564,7 @@ func Require(filters ...string) ConstraintsOpt {
 		}
 	})
 }
+
+func nilValue(context.Context) (interface{}, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/moby/buildkit/client/ociindex/ociindex.go b/vendor/github.com/moby/buildkit/client/ociindex/ociindex.go
new file mode 100644
index 0000000000000..7bc583443aaef
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/client/ociindex/ociindex.go
@@ -0,0 +1,113 @@
+package ociindex
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+
+	"github.com/gofrs/flock"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+const (
+	// IndexJSONLockFileSuffix is the suffix of the lock file
+	IndexJSONLockFileSuffix = ".lock"
+)
+
+// PutDescToIndex puts desc to index with tag.
+// Existing manifests with the same tag will be removed from the index.
+func PutDescToIndex(index *v1.Index, desc v1.Descriptor, tag string) error {
+	if index == nil {
+		index = &v1.Index{}
+	}
+	if index.SchemaVersion == 0 {
+		index.SchemaVersion = 2
+	}
+	if tag != "" {
+		if desc.Annotations == nil {
+			desc.Annotations = make(map[string]string)
+		}
+		desc.Annotations[v1.AnnotationRefName] = tag
+		// remove existing manifests with the same tag
+		var manifests []v1.Descriptor
+		for _, m := range index.Manifests {
+			if m.Annotations[v1.AnnotationRefName] != tag {
+				manifests = append(manifests, m)
+			}
+		}
+		index.Manifests = manifests
+	}
+	index.Manifests = append(index.Manifests, desc)
+	return nil
+}
+
+func PutDescToIndexJSONFileLocked(indexJSONPath string, desc v1.Descriptor, tag string) error {
+	lockPath := indexJSONPath + IndexJSONLockFileSuffix
+	lock := flock.New(lockPath)
+	locked, err := lock.TryLock()
+	if err != nil {
+		return errors.Wrapf(err, "could not lock %s", lockPath)
+	}
+	if !locked {
+		return errors.Errorf("could not lock %s", lockPath)
+	}
+	defer func() {
+		lock.Unlock()
+		os.RemoveAll(lockPath)
+	}()
+	f, err := os.OpenFile(indexJSONPath, os.O_RDWR|os.O_CREATE, 0644)
+	if err != nil {
+		return errors.Wrapf(err, "could not open %s", indexJSONPath)
+	}
+	defer f.Close()
+	var idx v1.Index
+	b, err := ioutil.ReadAll(f)
+	if err != nil {
+		return errors.Wrapf(err, "could not read %s", indexJSONPath)
+	}
+	if len(b) > 0 {
+		if err := json.Unmarshal(b, &idx); err != nil {
+			return errors.Wrapf(err, "could not unmarshal %s (%q)", indexJSONPath, string(b))
+		}
+	}
+	if err = PutDescToIndex(&idx, desc, tag); err != nil {
+		return err
+	}
+	b, err = json.Marshal(idx)
+	if err != nil {
+		return err
+	}
+	if _, err = f.WriteAt(b, 0); err != nil {
+		return err
+	}
+	if err = f.Truncate(int64(len(b))); err != nil {
+		return err
+	}
+	return nil
+}
+
+func ReadIndexJSONFileLocked(indexJSONPath string) (*v1.Index, error) {
+	lockPath := indexJSONPath + IndexJSONLockFileSuffix
+	lock := flock.New(lockPath)
+	locked, err := lock.TryRLock()
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not lock %s", lockPath)
+	}
+	if !locked {
+		return nil, errors.Errorf("could not lock %s", lockPath)
+	}
+	defer func() {
+		lock.Unlock()
+		os.RemoveAll(lockPath)
+	}()
+	b, err := ioutil.ReadFile(indexJSONPath)
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not read %s", indexJSONPath)
+	}
+	var idx v1.Index
+	if err := json.Unmarshal(b, &idx); err != nil {
+		return nil, errors.Wrapf(err, "could not unmarshal %s (%q)", indexJSONPath, string(b))
+	}
+	return &idx, nil
+}
diff --git a/vendor/github.com/moby/buildkit/client/solve.go b/vendor/github.com/moby/buildkit/client/solve.go
index b8da06972116c..1d77bc4588c5e 100644
--- a/vendor/github.com/moby/buildkit/client/solve.go
+++ b/vendor/github.com/moby/buildkit/client/solve.go
@@ -2,20 +2,26 @@ package client
 
 import (
 	"context"
+	"encoding/json"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 
+	"github.com/containerd/containerd/content"
+	contentlocal "github.com/containerd/containerd/content/local"
 	controlapi "github.com/moby/buildkit/api/services/control"
 	"github.com/moby/buildkit/client/llb"
+	"github.com/moby/buildkit/client/ociindex"
 	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/session"
+	sessioncontent "github.com/moby/buildkit/session/content"
 	"github.com/moby/buildkit/session/filesync"
 	"github.com/moby/buildkit/session/grpchijack"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/entitlements"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -24,19 +30,30 @@ import (
 )
 
 type SolveOpt struct {
-	Exporter            string
-	ExporterAttrs       map[string]string
-	ExporterOutput      io.WriteCloser // for ExporterOCI and ExporterDocker
-	ExporterOutputDir   string         // for ExporterLocal
-	LocalDirs           map[string]string
-	SharedKey           string
-	Frontend            string
-	FrontendAttrs       map[string]string
-	ExportCache         string
-	ExportCacheAttrs    map[string]string
-	ImportCache         []string
-	Session             []session.Attachable
-	AllowedEntitlements []entitlements.Entitlement
+	Exports               []ExportEntry
+	LocalDirs             map[string]string
+	SharedKey             string
+	Frontend              string
+	FrontendAttrs         map[string]string
+	FrontendInputs        map[string]llb.State
+	CacheExports          []CacheOptionsEntry
+	CacheImports          []CacheOptionsEntry
+	Session               []session.Attachable
+	AllowedEntitlements   []entitlements.Entitlement
+	SharedSession         *session.Session // TODO: refactor to better session syncing
+	SessionPreInitialized bool             // TODO: refactor to better session syncing
+}
+
+type ExportEntry struct {
+	Type      string
+	Attrs     map[string]string
+	Output    func(map[string]string) (io.WriteCloser, error) // for ExporterOCI and ExporterDocker
+	OutputDir string                                          // for ExporterLocal
+}
+
+type CacheOptionsEntry struct {
+	Type  string
+	Attrs map[string]string
 }
 
 // Solve calls Solve on the controller.
@@ -80,48 +97,78 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG
 		statusContext = opentracing.ContextWithSpan(statusContext, span)
 	}
 
-	s, err := session.NewSession(statusContext, defaultSessionName(), opt.SharedKey)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to create session")
+	s := opt.SharedSession
+
+	if s == nil {
+		if opt.SessionPreInitialized {
+			return nil, errors.Errorf("no session provided for preinitialized option")
+		}
+		s, err = session.NewSession(statusContext, defaultSessionName(), opt.SharedKey)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to create session")
+		}
 	}
 
-	if len(syncedDirs) > 0 {
-		s.Allow(filesync.NewFSSyncProvider(syncedDirs))
+	cacheOpt, err := parseCacheOptions(opt)
+	if err != nil {
+		return nil, err
 	}
 
-	for _, a := range opt.Session {
-		s.Allow(a)
+	var ex ExportEntry
+	if len(opt.Exports) > 1 {
+		return nil, errors.New("currently only single Exports can be specified")
+	}
+	if len(opt.Exports) == 1 {
+		ex = opt.Exports[0]
 	}
 
-	switch opt.Exporter {
-	case ExporterLocal:
-		if opt.ExporterOutput != nil {
-			return nil, errors.New("output file writer is not supported by local exporter")
-		}
-		if opt.ExporterOutputDir == "" {
-			return nil, errors.New("output directory is required for local exporter")
-		}
-		s.Allow(filesync.NewFSSyncTargetDir(opt.ExporterOutputDir))
-	case ExporterOCI, ExporterDocker:
-		if opt.ExporterOutputDir != "" {
-			return nil, errors.Errorf("output directory %s is not supported by %s exporter", opt.ExporterOutputDir, opt.Exporter)
+	if !opt.SessionPreInitialized {
+		if len(syncedDirs) > 0 {
+			s.Allow(filesync.NewFSSyncProvider(syncedDirs))
 		}
-		if opt.ExporterOutput == nil {
-			return nil, errors.Errorf("output file writer is required for %s exporter", opt.Exporter)
+
+		for _, a := range opt.Session {
+			s.Allow(a)
 		}
-		s.Allow(filesync.NewFSSyncTarget(opt.ExporterOutput))
-	default:
-		if opt.ExporterOutput != nil {
-			return nil, errors.Errorf("output file writer is not supported by %s exporter", opt.Exporter)
+
+		switch ex.Type {
+		case ExporterLocal:
+			if ex.Output != nil {
+				return nil, errors.New("output file writer is not supported by local exporter")
+			}
+			if ex.OutputDir == "" {
+				return nil, errors.New("output directory is required for local exporter")
+			}
+			s.Allow(filesync.NewFSSyncTargetDir(ex.OutputDir))
+		case ExporterOCI, ExporterDocker, ExporterTar:
+			if ex.OutputDir != "" {
+				return nil, errors.Errorf("output directory %s is not supported by %s exporter", ex.OutputDir, ex.Type)
+			}
+			if ex.Output == nil {
+				return nil, errors.Errorf("output file writer is required for %s exporter", ex.Type)
+			}
+			s.Allow(filesync.NewFSSyncTarget(ex.Output))
+		default:
+			if ex.Output != nil {
+				return nil, errors.Errorf("output file writer is not supported by %s exporter", ex.Type)
+			}
+			if ex.OutputDir != "" {
+				return nil, errors.Errorf("output directory %s is not supported by %s exporter", ex.OutputDir, ex.Type)
+			}
 		}
-		if opt.ExporterOutputDir != "" {
-			return nil, errors.Errorf("output directory %s is not supported by %s exporter", opt.ExporterOutputDir, opt.Exporter)
+
+		if len(cacheOpt.contentStores) > 0 {
+			s.Allow(sessioncontent.NewAttachable(cacheOpt.contentStores))
 		}
+
+		eg.Go(func() error {
+			return s.Run(statusContext, grpchijack.Dialer(c.controlClient()))
+		})
 	}
 
-	eg.Go(func() error {
-		return s.Run(statusContext, grpchijack.Dialer(c.controlClient()))
-	})
+	for k, v := range cacheOpt.frontendAttrs {
+		opt.FrontendAttrs[k] = v
+	}
 
 	solveCtx, cancelSolve := context.WithCancel(ctx)
 	var res *SolveResponse
@@ -141,20 +188,27 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG
 		if def != nil {
 			pbd = def.ToPB()
 		}
+
+		frontendInputs := make(map[string]*pb.Definition)
+		for key, st := range opt.FrontendInputs {
+			def, err := st.Marshal(ctx)
+			if err != nil {
+				return err
+			}
+			frontendInputs[key] = def.ToPB()
+		}
+
 		resp, err := c.controlClient().Solve(ctx, &controlapi.SolveRequest{
-			Ref:           ref,
-			Definition:    pbd,
-			Exporter:      opt.Exporter,
-			ExporterAttrs: opt.ExporterAttrs,
-			Session:       s.ID(),
-			Frontend:      opt.Frontend,
-			FrontendAttrs: opt.FrontendAttrs,
-			Cache: controlapi.CacheOptions{
-				ExportRef:   opt.ExportCache,
-				ImportRefs:  opt.ImportCache,
-				ExportAttrs: opt.ExportCacheAttrs,
-			},
-			Entitlements: opt.AllowedEntitlements,
+			Ref:            ref,
+			Definition:     pbd,
+			Exporter:       ex.Type,
+			ExporterAttrs:  ex.Attrs,
+			Session:        s.ID(),
+			Frontend:       opt.Frontend,
+			FrontendAttrs:  opt.FrontendAttrs,
+			FrontendInputs: frontendInputs,
+			Cache:          cacheOpt.options,
+			Entitlements:   opt.AllowedEntitlements,
 		})
 		if err != nil {
 			return errors.Wrap(err, "failed to solve")
@@ -243,6 +297,19 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG
 	if err := eg.Wait(); err != nil {
 		return nil, err
 	}
+	// Update index.json of exported cache content store
+	// FIXME(AkihiroSuda): dedupe const definition of cache/remotecache.ExporterResponseManifestDesc = "cache.manifest"
+	if manifestDescJSON := res.ExporterResponse["cache.manifest"]; manifestDescJSON != "" {
+		var manifestDesc ocispec.Descriptor
+		if err = json.Unmarshal([]byte(manifestDescJSON), &manifestDesc); err != nil {
+			return nil, err
+		}
+		for indexJSONPath, tag := range cacheOpt.indicesToUpdate {
+			if err = ociindex.PutDescToIndexJSONFileLocked(indexJSONPath, manifestDesc, tag); err != nil {
+				return nil, err
+			}
+		}
+	}
 	return res, nil
 }
 
@@ -256,7 +323,7 @@ func prepareSyncedDirs(def *llb.Definition, localDirs map[string]string) ([]file
 			return nil, errors.Errorf("%s not a directory", d)
 		}
 	}
-	resetUIDAndGID := func(st *fstypes.Stat) bool {
+	resetUIDAndGID := func(p string, st *fstypes.Stat) bool {
 		st.Uid = 0
 		st.Gid = 0
 		return true
@@ -295,3 +362,127 @@ func defaultSessionName() string {
 	}
 	return filepath.Base(wd)
 }
+
+type cacheOptions struct {
+	options         controlapi.CacheOptions
+	contentStores   map[string]content.Store // key: ID of content store ("local:" + csDir)
+	indicesToUpdate map[string]string        // key: index.JSON file name, value: tag
+	frontendAttrs   map[string]string
+}
+
+func parseCacheOptions(opt SolveOpt) (*cacheOptions, error) {
+	var (
+		cacheExports []*controlapi.CacheOptionsEntry
+		cacheImports []*controlapi.CacheOptionsEntry
+		// legacy API is used for registry caches, because the daemon might not support the new API
+		legacyExportRef  string
+		legacyImportRefs []string
+	)
+	contentStores := make(map[string]content.Store)
+	indicesToUpdate := make(map[string]string) // key: index.JSON file name, value: tag
+	frontendAttrs := make(map[string]string)
+	legacyExportAttrs := make(map[string]string)
+	for _, ex := range opt.CacheExports {
+		if ex.Type == "local" {
+			csDir := ex.Attrs["dest"]
+			if csDir == "" {
+				return nil, errors.New("local cache exporter requires dest")
+			}
+			if err := os.MkdirAll(csDir, 0755); err != nil {
+				return nil, err
+			}
+			cs, err := contentlocal.NewStore(csDir)
+			if err != nil {
+				return nil, err
+			}
+			contentStores["local:"+csDir] = cs
+			// TODO(AkihiroSuda): support custom index JSON path and tag
+			indexJSONPath := filepath.Join(csDir, "index.json")
+			indicesToUpdate[indexJSONPath] = "latest"
+		}
+		if ex.Type == "registry" && legacyExportRef == "" {
+			legacyExportRef = ex.Attrs["ref"]
+			for k, v := range ex.Attrs {
+				if k != "ref" {
+					legacyExportAttrs[k] = v
+				}
+			}
+		} else {
+			cacheExports = append(cacheExports, &controlapi.CacheOptionsEntry{
+				Type:  ex.Type,
+				Attrs: ex.Attrs,
+			})
+		}
+	}
+	for _, im := range opt.CacheImports {
+		attrs := im.Attrs
+		if im.Type == "local" {
+			csDir := im.Attrs["src"]
+			if csDir == "" {
+				return nil, errors.New("local cache importer requires src")
+			}
+			cs, err := contentlocal.NewStore(csDir)
+			if err != nil {
+				logrus.Warning("local cache import at " + csDir + " not found due to err: " + err.Error())
+				continue
+			}
+			// if digest is not specified, load from "latest" tag
+			if attrs["digest"] == "" {
+				idx, err := ociindex.ReadIndexJSONFileLocked(filepath.Join(csDir, "index.json"))
+				if err != nil {
+					logrus.Warning("local cache import at " + csDir + " not found due to err: " + err.Error())
+					continue
+				}
+				for _, m := range idx.Manifests {
+					if (m.Annotations[ocispec.AnnotationRefName] == "latest" && attrs["tag"] == "") || (attrs["tag"] != "" && m.Annotations[ocispec.AnnotationRefName] == attrs["tag"]) {
+						attrs["digest"] = string(m.Digest)
+						break
+					}
+				}
+				if attrs["digest"] == "" {
+					return nil, errors.New("local cache importer requires either explicit digest, \"latest\" tag or custom tag on index.json")
+				}
+			}
+			contentStores["local:"+csDir] = cs
+
+		}
+		if im.Type == "registry" {
+			legacyImportRef := attrs["ref"]
+			legacyImportRefs = append(legacyImportRefs, legacyImportRef)
+		} else {
+			cacheImports = append(cacheImports, &controlapi.CacheOptionsEntry{
+				Type:  im.Type,
+				Attrs: attrs,
+			})
+		}
+	}
+	if opt.Frontend != "" {
+		// use legacy API for registry importers, because the frontend might not support the new API
+		if len(legacyImportRefs) > 0 {
+			frontendAttrs["cache-from"] = strings.Join(legacyImportRefs, ",")
+		}
+		// use new API for other importers
+		if len(cacheImports) > 0 {
+			s, err := json.Marshal(cacheImports)
+			if err != nil {
+				return nil, err
+			}
+			frontendAttrs["cache-imports"] = string(s)
+		}
+	}
+	res := cacheOptions{
+		options: controlapi.CacheOptions{
+			// old API (for registry caches, planned to be removed in early 2019)
+			ExportRefDeprecated:   legacyExportRef,
+			ExportAttrsDeprecated: legacyExportAttrs,
+			ImportRefsDeprecated:  legacyImportRefs,
+			// new API
+			Exports: cacheExports,
+			Imports: cacheImports,
+		},
+		contentStores:   contentStores,
+		indicesToUpdate: indicesToUpdate,
+		frontendAttrs:   frontendAttrs,
+	}
+	return &res, nil
+}
diff --git a/vendor/github.com/moby/buildkit/control/control.go b/vendor/github.com/moby/buildkit/control/control.go
index 96862ed680c12..048e6966834db 100644
--- a/vendor/github.com/moby/buildkit/control/control.go
+++ b/vendor/github.com/moby/buildkit/control/control.go
@@ -3,9 +3,9 @@ package control
 import (
 	"context"
 	"sync"
+	"sync/atomic"
 	"time"
 
-	"github.com/docker/distribution/reference"
 	controlapi "github.com/moby/buildkit/api/services/control"
 	apitypes "github.com/moby/buildkit/api/types"
 	"github.com/moby/buildkit/cache/remotecache"
@@ -18,6 +18,7 @@ import (
 	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/solver/llbsolver"
 	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/imageutil"
 	"github.com/moby/buildkit/util/throttle"
 	"github.com/moby/buildkit/worker"
 	"github.com/pkg/errors"
@@ -26,18 +27,18 @@ import (
 	"google.golang.org/grpc"
 )
 
-type ResolveCacheExporterFunc func(ctx context.Context, typ, target string) (remotecache.Exporter, error)
-
 type Opt struct {
-	SessionManager           *session.Manager
-	WorkerController         *worker.Controller
-	Frontends                map[string]frontend.Frontend
-	CacheKeyStorage          solver.CacheKeyStorage
-	ResolveCacheExporterFunc remotecache.ResolveCacheExporterFunc
-	ResolveCacheImporterFunc remotecache.ResolveCacheImporterFunc
+	SessionManager            *session.Manager
+	WorkerController          *worker.Controller
+	Frontends                 map[string]frontend.Frontend
+	CacheKeyStorage           solver.CacheKeyStorage
+	ResolveCacheExporterFuncs map[string]remotecache.ResolveCacheExporterFunc
+	ResolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc
+	Entitlements              []string
 }
 
 type Controller struct { // TODO: ControlService
+	buildCount       int64
 	opt              Opt
 	solver           *llbsolver.Solver
 	cache            solver.CacheManager
@@ -51,7 +52,7 @@ func NewController(opt Opt) (*Controller, error) {
 
 	gatewayForwarder := controlgateway.NewGatewayForwarder()
 
-	solver, err := llbsolver.New(opt.WorkerController, opt.Frontends, cache, opt.ResolveCacheImporterFunc, gatewayForwarder)
+	solver, err := llbsolver.New(opt.WorkerController, opt.Frontends, cache, opt.ResolveCacheImporterFuncs, gatewayForwarder, opt.SessionManager, opt.Entitlements)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to create solver")
 	}
@@ -62,7 +63,7 @@ func NewController(opt Opt) (*Controller, error) {
 		cache:            cache,
 		gatewayForwarder: gatewayForwarder,
 	}
-	c.throttledGC = throttle.ThrottleAfter(time.Minute, c.gc)
+	c.throttledGC = throttle.After(time.Minute, c.gc)
 
 	defer func() {
 		time.AfterFunc(time.Second, c.throttledGC)
@@ -112,6 +113,10 @@ func (c *Controller) DiskUsage(ctx context.Context, r *controlapi.DiskUsageReque
 }
 
 func (c *Controller) Prune(req *controlapi.PruneRequest, stream controlapi.Control_PruneServer) error {
+	if atomic.LoadInt64(&c.buildCount) == 0 {
+		imageutil.CancelCacheLeases()
+	}
+
 	ch := make(chan client.UsageInfo)
 
 	eg, ctx := errgroup.WithContext(stream.Context())
@@ -179,8 +184,42 @@ func (c *Controller) Prune(req *controlapi.PruneRequest, stream controlapi.Contr
 	return eg2.Wait()
 }
 
+func translateLegacySolveRequest(req *controlapi.SolveRequest) error {
+	// translates ExportRef and ExportAttrs to new Exports (v0.4.0)
+	if legacyExportRef := req.Cache.ExportRefDeprecated; legacyExportRef != "" {
+		ex := &controlapi.CacheOptionsEntry{
+			Type:  "registry",
+			Attrs: req.Cache.ExportAttrsDeprecated,
+		}
+		if ex.Attrs == nil {
+			ex.Attrs = make(map[string]string)
+		}
+		ex.Attrs["ref"] = legacyExportRef
+		// FIXME(AkihiroSuda): skip append if already exists
+		req.Cache.Exports = append(req.Cache.Exports, ex)
+		req.Cache.ExportRefDeprecated = ""
+		req.Cache.ExportAttrsDeprecated = nil
+	}
+	// translates ImportRefs to new Imports (v0.4.0)
+	for _, legacyImportRef := range req.Cache.ImportRefsDeprecated {
+		im := &controlapi.CacheOptionsEntry{
+			Type:  "registry",
+			Attrs: map[string]string{"ref": legacyImportRef},
+		}
+		// FIXME(AkihiroSuda): skip append if already exists
+		req.Cache.Imports = append(req.Cache.Imports, im)
+	}
+	req.Cache.ImportRefsDeprecated = nil
+	return nil
+}
+
 func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*controlapi.SolveResponse, error) {
-	ctx = session.NewContext(ctx, req.Session)
+	atomic.AddInt64(&c.buildCount, 1)
+	defer atomic.AddInt64(&c.buildCount, -1)
+
+	if err := translateLegacySolveRequest(req); err != nil {
+		return nil, err
+	}
 
 	defer func() {
 		time.AfterFunc(time.Second, c.throttledGC)
@@ -194,7 +233,7 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
 		return nil, err
 	}
 	if req.Exporter != "" {
-		exp, err := w.Exporter(req.Exporter)
+		exp, err := w.Exporter(req.Exporter, c.opt.SessionManager)
 		if err != nil {
 			return nil, err
 		}
@@ -204,38 +243,45 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
 		}
 	}
 
-	var cacheExporter remotecache.Exporter
-	if ref := req.Cache.ExportRef; ref != "" && c.opt.ResolveCacheExporterFunc != nil {
-		parsed, err := reference.ParseNormalizedNamed(ref)
-		if err != nil {
-			return nil, err
-		}
-		exportCacheRef := reference.TagNameOnly(parsed).String()
-		typ := "" // unimplemented yet (typically registry)
-		cacheExporter, err = c.opt.ResolveCacheExporterFunc(ctx, typ, exportCacheRef)
-		if err != nil {
-			return nil, err
-		}
+	var (
+		cacheExporter   remotecache.Exporter
+		cacheExportMode solver.CacheExportMode
+		cacheImports    []frontend.CacheOptionsEntry
+	)
+	if len(req.Cache.Exports) > 1 {
+		// TODO(AkihiroSuda): this should be fairly easy
+		return nil, errors.New("specifying multiple cache exports is not supported currently")
 	}
 
-	var importCacheRefs []string
-	for _, ref := range req.Cache.ImportRefs {
-		parsed, err := reference.ParseNormalizedNamed(ref)
+	if len(req.Cache.Exports) == 1 {
+		e := req.Cache.Exports[0]
+		cacheExporterFunc, ok := c.opt.ResolveCacheExporterFuncs[e.Type]
+		if !ok {
+			return nil, errors.Errorf("unknown cache exporter: %q", e.Type)
+		}
+		cacheExporter, err = cacheExporterFunc(ctx, session.NewGroup(req.Session), e.Attrs)
 		if err != nil {
 			return nil, err
 		}
-		importCacheRefs = append(importCacheRefs, reference.TagNameOnly(parsed).String())
+		cacheExportMode = parseCacheExportMode(e.Attrs["mode"])
+	}
+	for _, im := range req.Cache.Imports {
+		cacheImports = append(cacheImports, frontend.CacheOptionsEntry{
+			Type:  im.Type,
+			Attrs: im.Attrs,
+		})
 	}
 
-	resp, err := c.solver.Solve(ctx, req.Ref, frontend.SolveRequest{
-		Frontend:        req.Frontend,
-		Definition:      req.Definition,
-		FrontendOpt:     req.FrontendAttrs,
-		ImportCacheRefs: importCacheRefs,
+	resp, err := c.solver.Solve(ctx, req.Ref, req.Session, frontend.SolveRequest{
+		Frontend:       req.Frontend,
+		Definition:     req.Definition,
+		FrontendOpt:    req.FrontendAttrs,
+		FrontendInputs: req.FrontendInputs,
+		CacheImports:   cacheImports,
 	}, llbsolver.ExporterRequest{
 		Exporter:        expi,
 		CacheExporter:   cacheExporter,
-		CacheExportMode: parseCacheExporterOpt(req.Cache.ExportAttrs),
+		CacheExportMode: cacheExportMode,
 	}, req.Entitlements)
 	if err != nil {
 		return nil, err
@@ -259,40 +305,56 @@ func (c *Controller) Status(req *controlapi.StatusRequest, stream controlapi.Con
 			if !ok {
 				return nil
 			}
-			sr := controlapi.StatusResponse{}
-			for _, v := range ss.Vertexes {
-				sr.Vertexes = append(sr.Vertexes, &controlapi.Vertex{
-					Digest:    v.Digest,
-					Inputs:    v.Inputs,
-					Name:      v.Name,
-					Started:   v.Started,
-					Completed: v.Completed,
-					Error:     v.Error,
-					Cached:    v.Cached,
-				})
-			}
-			for _, v := range ss.Statuses {
-				sr.Statuses = append(sr.Statuses, &controlapi.VertexStatus{
-					ID:        v.ID,
-					Vertex:    v.Vertex,
-					Name:      v.Name,
-					Current:   v.Current,
-					Total:     v.Total,
-					Timestamp: v.Timestamp,
-					Started:   v.Started,
-					Completed: v.Completed,
-				})
-			}
-			for _, v := range ss.Logs {
-				sr.Logs = append(sr.Logs, &controlapi.VertexLog{
-					Vertex:    v.Vertex,
-					Stream:    int64(v.Stream),
-					Msg:       v.Data,
-					Timestamp: v.Timestamp,
-				})
-			}
-			if err := stream.SendMsg(&sr); err != nil {
-				return err
+			logSize := 0
+			retry := false
+			for {
+				sr := controlapi.StatusResponse{}
+				for _, v := range ss.Vertexes {
+					sr.Vertexes = append(sr.Vertexes, &controlapi.Vertex{
+						Digest:    v.Digest,
+						Inputs:    v.Inputs,
+						Name:      v.Name,
+						Started:   v.Started,
+						Completed: v.Completed,
+						Error:     v.Error,
+						Cached:    v.Cached,
+					})
+				}
+				for _, v := range ss.Statuses {
+					sr.Statuses = append(sr.Statuses, &controlapi.VertexStatus{
+						ID:        v.ID,
+						Vertex:    v.Vertex,
+						Name:      v.Name,
+						Current:   v.Current,
+						Total:     v.Total,
+						Timestamp: v.Timestamp,
+						Started:   v.Started,
+						Completed: v.Completed,
+					})
+				}
+				for i, v := range ss.Logs {
+					sr.Logs = append(sr.Logs, &controlapi.VertexLog{
+						Vertex:    v.Vertex,
+						Stream:    int64(v.Stream),
+						Msg:       v.Data,
+						Timestamp: v.Timestamp,
+					})
+					logSize += len(v.Data)
+					// avoid logs growing big and split apart if they do
+					if logSize > 1024*1024 {
+						ss.Vertexes = nil
+						ss.Statuses = nil
+						ss.Logs = ss.Logs[i+1:]
+						retry = true
+						break
+					}
+				}
+				if err := stream.SendMsg(&sr); err != nil {
+					return err
+				}
+				if !retry {
+					break
+				}
 			}
 		}
 	})
@@ -326,7 +388,7 @@ func (c *Controller) ListWorkers(ctx context.Context, r *controlapi.ListWorkersR
 		resp.Record = append(resp.Record, &apitypes.WorkerRecord{
 			ID:        w.ID(),
 			Labels:    w.Labels(),
-			Platforms: pb.PlatformsFromSpec(w.Platforms()),
+			Platforms: pb.PlatformsFromSpec(w.Platforms(true)),
 			GCPolicy:  toPBGCPolicy(w.GCPolicy()),
 		})
 	}
@@ -376,21 +438,15 @@ func (c *Controller) gc() {
 	}
 }
 
-func parseCacheExporterOpt(opt map[string]string) solver.CacheExportMode {
-	for k, v := range opt {
-		switch k {
-		case "mode":
-			switch v {
-			case "min":
-				return solver.CacheExportModeMin
-			case "max":
-				return solver.CacheExportModeMax
-			default:
-				logrus.Debugf("skipping incalid cache export mode: %s", v)
-			}
-		default:
-			logrus.Warnf("skipping invalid cache export opt: %s", v)
-		}
+func parseCacheExportMode(mode string) solver.CacheExportMode {
+	switch mode {
+	case "min":
+		return solver.CacheExportModeMin
+	case "max":
+		return solver.CacheExportModeMax
+	case "":
+	default:
+		logrus.Debugf("skipping invalid cache export mode: %s", mode)
 	}
 	return solver.CacheExportModeMin
 }
diff --git a/vendor/github.com/moby/buildkit/control/gateway/gateway.go b/vendor/github.com/moby/buildkit/control/gateway/gateway.go
index 074e739445ad6..9b91a08e0f8f1 100644
--- a/vendor/github.com/moby/buildkit/control/gateway/gateway.go
+++ b/vendor/github.com/moby/buildkit/control/gateway/gateway.go
@@ -63,7 +63,9 @@ func (gwf *GatewayForwarder) lookupForwarder(ctx context.Context) (gateway.LLBBr
 
 	go func() {
 		<-ctx.Done()
+		gwf.mu.Lock()
 		gwf.updateCond.Broadcast()
+		gwf.mu.Unlock()
 	}()
 
 	gwf.mu.RLock()
@@ -126,6 +128,15 @@ func (gwf *GatewayForwarder) Return(ctx context.Context, req *gwapi.ReturnReques
 	return res, err
 }
 
+func (gwf *GatewayForwarder) Inputs(ctx context.Context, req *gwapi.InputsRequest) (*gwapi.InputsResponse, error) {
+	fwd, err := gwf.lookupForwarder(ctx)
+	if err != nil {
+		return nil, errors.Wrap(err, "forwarding Inputs")
+	}
+	res, err := fwd.Inputs(ctx, req)
+	return res, err
+}
+
 func (gwf *GatewayForwarder) ReadDir(ctx context.Context, req *gwapi.ReadDirRequest) (*gwapi.ReadDirResponse, error) {
 	fwd, err := gwf.lookupForwarder(ctx)
 	if err != nil {
@@ -141,3 +152,27 @@ func (gwf *GatewayForwarder) StatFile(ctx context.Context, req *gwapi.StatFileRe
 	}
 	return fwd.StatFile(ctx, req)
 }
+
+func (gwf *GatewayForwarder) NewContainer(ctx context.Context, req *gwapi.NewContainerRequest) (*gwapi.NewContainerResponse, error) {
+	fwd, err := gwf.lookupForwarder(ctx)
+	if err != nil {
+		return nil, errors.Wrap(err, "forwarding NewContainer")
+	}
+	return fwd.NewContainer(ctx, req)
+}
+
+func (gwf *GatewayForwarder) ReleaseContainer(ctx context.Context, req *gwapi.ReleaseContainerRequest) (*gwapi.ReleaseContainerResponse, error) {
+	fwd, err := gwf.lookupForwarder(ctx)
+	if err != nil {
+		return nil, errors.Wrap(err, "forwarding ReleaseContainer")
+	}
+	return fwd.ReleaseContainer(ctx, req)
+}
+
+func (gwf *GatewayForwarder) ExecProcess(srv gwapi.LLBBridge_ExecProcessServer) error {
+	fwd, err := gwf.lookupForwarder(srv.Context())
+	if err != nil {
+		return errors.Wrap(err, "forwarding ExecProcess")
+	}
+	return fwd.ExecProcess(srv)
+}
diff --git a/vendor/github.com/moby/buildkit/executor/executor.go b/vendor/github.com/moby/buildkit/executor/executor.go
index 91ae976faa9ae..8fbe4a9234862 100644
--- a/vendor/github.com/moby/buildkit/executor/executor.go
+++ b/vendor/github.com/moby/buildkit/executor/executor.go
@@ -5,7 +5,7 @@ import (
 	"io"
 	"net"
 
-	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/snapshot"
 	"github.com/moby/buildkit/solver/pb"
 )
 
@@ -14,22 +14,45 @@ type Meta struct {
 	Env            []string
 	User           string
 	Cwd            string
+	Hostname       string
 	Tty            bool
 	ReadonlyRootFS bool
 	ExtraHosts     []HostIP
 	NetMode        pb.NetMode
+	SecurityMode   pb.SecurityMode
+}
+
+type Mountable interface {
+	Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error)
 }
 
 type Mount struct {
-	Src      cache.Mountable
+	Src      Mountable
 	Selector string
 	Dest     string
 	Readonly bool
 }
 
+type WinSize struct {
+	Rows uint32
+	Cols uint32
+}
+
+type ProcessInfo struct {
+	Meta           Meta
+	Stdin          io.ReadCloser
+	Stdout, Stderr io.WriteCloser
+	Resize         <-chan WinSize
+}
+
 type Executor interface {
-	// TODO: add stdout/err
-	Exec(ctx context.Context, meta Meta, rootfs cache.Mountable, mounts []Mount, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error
+	// Run will start a container for the given process with rootfs, mounts.
+	// `id` is an optional name for the container so it can be referenced later via Exec.
+	// `started` is an optional channel that will be closed when the container setup completes and has started running.
+	Run(ctx context.Context, id string, rootfs Mount, mounts []Mount, process ProcessInfo, started chan<- struct{}) error
+	// Exec will start a process in container matching `id`. An error will be returned
+	// if the container failed to start (via Run) or has exited before Exec is called.
+	Exec(ctx context.Context, id string, process ProcessInfo) error
 }
 
 type HostIP struct {
diff --git a/vendor/github.com/moby/buildkit/executor/oci/hosts.go b/vendor/github.com/moby/buildkit/executor/oci/hosts.go
index c350a6de27c20..d0505c28ccd92 100644
--- a/vendor/github.com/moby/buildkit/executor/oci/hosts.go
+++ b/vendor/github.com/moby/buildkit/executor/oci/hosts.go
@@ -8,45 +8,44 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/executor"
 	"github.com/moby/buildkit/identity"
+	"github.com/pkg/errors"
 )
 
-const hostsContent = `
-127.0.0.1	localhost buildkitsandbox
-::1	localhost ip6-localhost ip6-loopback
-`
+const defaultHostname = "buildkitsandbox"
 
-func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP) (string, func(), error) {
-	if len(extraHosts) == 0 {
-		_, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) {
-			_, _, err := makeHostsFile(stateDir, nil)
-			return nil, err
-		})
-		if err != nil {
-			return "", nil, err
-		}
-		return filepath.Join(stateDir, "hosts"), func() {}, nil
+func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP, idmap *idtools.IdentityMapping, hostname string) (string, func(), error) {
+	if len(extraHosts) != 0 || hostname != defaultHostname {
+		return makeHostsFile(stateDir, extraHosts, idmap, hostname)
 	}
-	return makeHostsFile(stateDir, extraHosts)
+
+	_, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) {
+		_, _, err := makeHostsFile(stateDir, nil, idmap, hostname)
+		return nil, err
+	})
+	if err != nil {
+		return "", nil, err
+	}
+	return filepath.Join(stateDir, "hosts"), func() {}, nil
 }
 
-func makeHostsFile(stateDir string, extraHosts []executor.HostIP) (string, func(), error) {
+func makeHostsFile(stateDir string, extraHosts []executor.HostIP, idmap *idtools.IdentityMapping, hostname string) (string, func(), error) {
 	p := filepath.Join(stateDir, "hosts")
-	if len(extraHosts) != 0 {
+	if len(extraHosts) != 0 || hostname != defaultHostname {
 		p += "." + identity.NewID()
 	}
 	_, err := os.Stat(p)
 	if err == nil {
 		return "", func() {}, nil
 	}
-	if !os.IsNotExist(err) {
+	if !errors.Is(err, os.ErrNotExist) {
 		return "", nil, err
 	}
 
 	b := &bytes.Buffer{}
-
-	if _, err := b.Write([]byte(hostsContent)); err != nil {
+	if _, err := b.Write([]byte(initHostsFile(hostname))); err != nil {
 		return "", nil, err
 	}
 
@@ -56,14 +55,33 @@ func makeHostsFile(stateDir string, extraHosts []executor.HostIP) (string, func(
 		}
 	}
 
-	if err := ioutil.WriteFile(p+".tmp", b.Bytes(), 0644); err != nil {
+	tmpPath := p + ".tmp"
+	if err := ioutil.WriteFile(tmpPath, b.Bytes(), 0644); err != nil {
 		return "", nil, err
 	}
 
-	if err := os.Rename(p+".tmp", p); err != nil {
+	if idmap != nil {
+		root := idmap.RootPair()
+		if err := os.Chown(tmpPath, root.UID, root.GID); err != nil {
+			return "", nil, err
+		}
+	}
+
+	if err := os.Rename(tmpPath, p); err != nil {
 		return "", nil, err
 	}
 	return p, func() {
 		os.RemoveAll(p)
 	}, nil
 }
+
+func initHostsFile(hostname string) string {
+	var hosts string
+	if hostname != "" {
+		hosts = fmt.Sprintf("127.0.0.1	localhost %s", hostname)
+	} else {
+		hosts = fmt.Sprintf("127.0.0.1	localhost %s", defaultHostname)
+	}
+	hosts = fmt.Sprintf("%s\n::1	localhost ip6-localhost ip6-loopback\n", hosts)
+	return hosts
+}
diff --git a/vendor/github.com/moby/buildkit/executor/oci/mounts.go b/vendor/github.com/moby/buildkit/executor/oci/mounts.go
index a0fe8a9f925e0..62360f4663347 100644
--- a/vendor/github.com/moby/buildkit/executor/oci/mounts.go
+++ b/vendor/github.com/moby/buildkit/executor/oci/mounts.go
@@ -2,67 +2,101 @@ package oci
 
 import (
 	"context"
+	"path/filepath"
+	"strings"
 
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/oci"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-// MountOpts sets oci spec specific info for mount points
-type MountOpts func([]specs.Mount) []specs.Mount
+func withRemovedMount(destination string) oci.SpecOpts {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		newMounts := []specs.Mount{}
+		for _, o := range s.Mounts {
+			if o.Destination != destination {
+				newMounts = append(newMounts, o)
+			}
+		}
+		s.Mounts = newMounts
 
-//GetMounts returns default required for buildkit
-// https://github.com/moby/buildkit/issues/429
-func GetMounts(ctx context.Context, mountOpts ...MountOpts) []specs.Mount {
-	mounts := []specs.Mount{
-		{
-			Destination: "/proc",
-			Type:        "proc",
-			Source:      "proc",
-		},
-		{
-			Destination: "/dev",
-			Type:        "tmpfs",
-			Source:      "tmpfs",
-			Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
-		},
-		{
-			Destination: "/dev/pts",
-			Type:        "devpts",
-			Source:      "devpts",
-			Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
-		},
-		{
-			Destination: "/dev/shm",
-			Type:        "tmpfs",
-			Source:      "shm",
-			Options:     []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
-		},
-		{
-			Destination: "/dev/mqueue",
-			Type:        "mqueue",
-			Source:      "mqueue",
-			Options:     []string{"nosuid", "noexec", "nodev"},
-		},
-		{
-			Destination: "/sys",
-			Type:        "sysfs",
-			Source:      "sysfs",
-			Options:     []string{"nosuid", "noexec", "nodev", "ro"},
-		},
-	}
-	for _, o := range mountOpts {
-		mounts = o(mounts)
+		return nil
 	}
-	return mounts
 }
 
-func withROBind(src, dest string) func(m []specs.Mount) []specs.Mount {
-	return func(m []specs.Mount) []specs.Mount {
-		m = append(m, specs.Mount{
+func withROBind(src, dest string) oci.SpecOpts {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		s.Mounts = append(s.Mounts, specs.Mount{
 			Destination: dest,
 			Type:        "bind",
 			Source:      src,
-			Options:     []string{"rbind", "ro"},
+			Options:     []string{"nosuid", "noexec", "nodev", "rbind", "ro"},
+		})
+		return nil
+	}
+}
+
+func withCGroup() oci.SpecOpts {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		s.Mounts = append(s.Mounts, specs.Mount{
+			Destination: "/sys/fs/cgroup",
+			Type:        "cgroup",
+			Source:      "cgroup",
+			Options:     []string{"ro", "nosuid", "noexec", "nodev"},
 		})
-		return m
+		return nil
+	}
+
+}
+
+func hasPrefix(p, prefixDir string) bool {
+	prefixDir = filepath.Clean(prefixDir)
+	if filepath.Base(prefixDir) == string(filepath.Separator) {
+		return true
+	}
+	p = filepath.Clean(p)
+	return p == prefixDir || strings.HasPrefix(p, prefixDir+string(filepath.Separator))
+}
+
+func removeMountsWithPrefix(mounts []specs.Mount, prefixDir string) []specs.Mount {
+	var ret []specs.Mount
+	for _, m := range mounts {
+		if !hasPrefix(m.Destination, prefixDir) {
+			ret = append(ret, m)
+		}
+	}
+	return ret
+}
+
+func withBoundProc() oci.SpecOpts {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		s.Mounts = removeMountsWithPrefix(s.Mounts, "/proc")
+		procMount := specs.Mount{
+			Destination: "/proc",
+			Type:        "bind",
+			Source:      "/proc",
+			// NOTE: "rbind"+"ro" does not make /proc read-only recursively.
+			// So we keep maskedPath and readonlyPaths (although not mandatory for rootless mode)
+			Options: []string{"rbind"},
+		}
+		s.Mounts = append([]specs.Mount{procMount}, s.Mounts...)
+
+		var maskedPaths []string
+		for _, s := range s.Linux.MaskedPaths {
+			if !hasPrefix(s, "/proc") {
+				maskedPaths = append(maskedPaths, s)
+			}
+		}
+		s.Linux.MaskedPaths = maskedPaths
+
+		var readonlyPaths []string
+		for _, s := range s.Linux.ReadonlyPaths {
+			if !hasPrefix(s, "/proc") {
+				readonlyPaths = append(readonlyPaths, s)
+			}
+		}
+		s.Linux.ReadonlyPaths = readonlyPaths
+
+		return nil
 	}
 }
diff --git a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go
index f22eceed22303..c510a1a1bc180 100644
--- a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go
+++ b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go
@@ -6,15 +6,27 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/docker/libnetwork/resolvconf"
+	"github.com/docker/docker/libnetwork/resolvconf"
+	"github.com/docker/docker/libnetwork/types"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/util/flightcontrol"
+	"github.com/pkg/errors"
 )
 
 var g flightcontrol.Group
 var notFirstRun bool
 var lastNotEmpty bool
 
-func GetResolvConf(ctx context.Context, stateDir string) (string, error) {
+// overridden by tests
+var resolvconfGet = resolvconf.Get
+
+type DNSConfig struct {
+	Nameservers   []string
+	Options       []string
+	SearchDomains []string
+}
+
+func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping, dns *DNSConfig) (string, error) {
 	p := filepath.Join(stateDir, "resolv.conf")
 	_, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) {
 		generate := !notFirstRun
@@ -23,15 +35,15 @@ func GetResolvConf(ctx context.Context, stateDir string) (string, error) {
 		if !generate {
 			fi, err := os.Stat(p)
 			if err != nil {
-				if !os.IsNotExist(err) {
+				if !errors.Is(err, os.ErrNotExist) {
 					return "", err
 				}
 				generate = true
 			}
 			if !generate {
-				fiMain, err := os.Stat("/etc/resolv.conf")
+				fiMain, err := os.Stat(resolvconf.Path())
 				if err != nil {
-					if !os.IsNotExist(err) {
+					if !errors.Is(err, os.ErrNotExist) {
 						return nil, err
 					}
 					if lastNotEmpty {
@@ -51,25 +63,56 @@ func GetResolvConf(ctx context.Context, stateDir string) (string, error) {
 		}
 
 		var dt []byte
-		f, err := resolvconf.Get()
+		f, err := resolvconfGet()
 		if err != nil {
-			if !os.IsNotExist(err) {
+			if !errors.Is(err, os.ErrNotExist) {
 				return "", err
 			}
 		} else {
 			dt = f.Content
 		}
 
+		if dns != nil {
+			var (
+				dnsNameservers   = resolvconf.GetNameservers(dt, types.IP)
+				dnsSearchDomains = resolvconf.GetSearchDomains(dt)
+				dnsOptions       = resolvconf.GetOptions(dt)
+			)
+			if len(dns.Nameservers) > 0 {
+				dnsNameservers = dns.Nameservers
+			}
+			if len(dns.SearchDomains) > 0 {
+				dnsSearchDomains = dns.SearchDomains
+			}
+			if len(dns.Options) > 0 {
+				dnsOptions = dns.Options
+			}
+
+			f, err = resolvconf.Build(p+".tmp", dnsNameservers, dnsSearchDomains, dnsOptions)
+			if err != nil {
+				return "", err
+			}
+			dt = f.Content
+		}
+
 		f, err = resolvconf.FilterResolvDNS(dt, true)
 		if err != nil {
 			return "", err
 		}
 
-		if err := ioutil.WriteFile(p+".tmp", f.Content, 0644); err != nil {
+		tmpPath := p + ".tmp"
+		if err := ioutil.WriteFile(tmpPath, f.Content, 0644); err != nil {
 			return "", err
 		}
 
-		if err := os.Rename(p+".tmp", p); err != nil {
+		if idmap != nil {
+			root := idmap.RootPair()
+			if err := os.Chown(tmpPath, root.UID, root.GID); err != nil {
+				return "", err
+			}
+		}
+
+		if err := os.Rename(tmpPath, p); err != nil {
 			return "", err
 		}
 		return "", nil
diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec.go b/vendor/github.com/moby/buildkit/executor/oci/spec.go
new file mode 100644
index 0000000000000..8000310813833
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/executor/oci/spec.go
@@ -0,0 +1,236 @@
+package oci
+
+import (
+	"context"
+	"path"
+	"sync"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/oci"
+	"github.com/containerd/continuity/fs"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/mitchellh/hashstructure"
+	"github.com/moby/buildkit/executor"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/util/network"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/selinux/go-selinux"
+	"github.com/pkg/errors"
+)
+
+// ProcessMode configures PID namespaces
+type ProcessMode int
+
+const (
+	// ProcessSandbox unshares pidns and mount procfs.
+	ProcessSandbox ProcessMode = iota
+	// NoProcessSandbox uses host pidns and bind-mount procfs.
+	// Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
+	// NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user.
+	NoProcessSandbox
+)
+
+// Ideally we don't have to import whole containerd just for the default spec
+
+// GenerateSpec generates spec using containerd functionality.
+// opts are ignored for s.Process, s.Hostname, and s.Mounts .
+func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, processMode ProcessMode, idmap *idtools.IdentityMapping, apparmorProfile string, opts ...oci.SpecOpts) (*specs.Spec, func(), error) {
+	c := &containers.Container{
+		ID: id,
+	}
+
+	// containerd/oci.GenerateSpec requires a namespace, which
+	// will be used to namespace specs.Linux.CgroupsPath if generated
+	if _, ok := namespaces.Namespace(ctx); !ok {
+		ctx = namespaces.WithNamespace(ctx, "buildkit")
+	}
+
+	if mountOpts, err := generateMountOpts(resolvConf, hostsFile); err == nil {
+		opts = append(opts, mountOpts...)
+	} else {
+		return nil, nil, err
+	}
+
+	if securityOpts, err := generateSecurityOpts(meta.SecurityMode, apparmorProfile); err == nil {
+		opts = append(opts, securityOpts...)
+	} else {
+		return nil, nil, err
+	}
+
+	if processModeOpts, err := generateProcessModeOpts(processMode); err == nil {
+		opts = append(opts, processModeOpts...)
+	} else {
+		return nil, nil, err
+	}
+
+	if idmapOpts, err := generateIDmapOpts(idmap); err == nil {
+		opts = append(opts, idmapOpts...)
+	} else {
+		return nil, nil, err
+	}
+
+	hostname := defaultHostname
+	if meta.Hostname != "" {
+		hostname = meta.Hostname
+	}
+
+	opts = append(opts,
+		oci.WithProcessArgs(meta.Args...),
+		oci.WithEnv(meta.Env),
+		oci.WithProcessCwd(meta.Cwd),
+		oci.WithNewPrivileges,
+		oci.WithHostname(hostname),
+	)
+
+	s, err := oci.GenerateSpec(ctx, nil, c, opts...)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// set the networking information on the spec
+	if err := namespace.Set(s); err != nil {
+		return nil, nil, err
+	}
+
+	s.Process.Rlimits = nil // reset open files limit
+
+	sm := &submounts{}
+
+	var releasers []func() error
+	releaseAll := func() {
+		sm.cleanup()
+		for _, f := range releasers {
+			f()
+		}
+		if s.Process.SelinuxLabel != "" {
+			selinux.ReleaseLabel(s.Process.SelinuxLabel)
+		}
+	}
+
+	for _, m := range mounts {
+		if m.Src == nil {
+			return nil, nil, errors.Errorf("mount %s has no source", m.Dest)
+		}
+		mountable, err := m.Src.Mount(ctx, m.Readonly)
+		if err != nil {
+			releaseAll()
+			return nil, nil, errors.Wrapf(err, "failed to mount %s", m.Dest)
+		}
+		mounts, release, err := mountable.Mount()
+		if err != nil {
+			releaseAll()
+			return nil, nil, errors.WithStack(err)
+		}
+		releasers = append(releasers, release)
+		for _, mount := range mounts {
+			mount, err = sm.subMount(mount, m.Selector)
+			if err != nil {
+				releaseAll()
+				return nil, nil, err
+			}
+			s.Mounts = append(s.Mounts, specs.Mount{
+				Destination: m.Dest,
+				Type:        mount.Type,
+				Source:      mount.Source,
+				Options:     mount.Options,
+			})
+		}
+	}
+
+	return s, releaseAll, nil
+}
+
+type mountRef struct {
+	mount   mount.Mount
+	unmount func() error
+}
+
+type submounts struct {
+	m map[uint64]mountRef
+}
+
+func (s *submounts) subMount(m mount.Mount, subPath string) (mount.Mount, error) {
+	if path.Join("/", subPath) == "/" {
+		return m, nil
+	}
+	if s.m == nil {
+		s.m = map[uint64]mountRef{}
+	}
+	h, err := hashstructure.Hash(m, nil)
+	if err != nil {
+		return mount.Mount{}, nil
+	}
+	if mr, ok := s.m[h]; ok {
+		sm, err := sub(mr.mount, subPath)
+		if err != nil {
+			return mount.Mount{}, nil
+		}
+		return sm, nil
+	}
+
+	lm := snapshot.LocalMounterWithMounts([]mount.Mount{m})
+
+	mp, err := lm.Mount()
+	if err != nil {
+		return mount.Mount{}, err
+	}
+
+	opts := []string{"rbind"}
+	for _, opt := range m.Options {
+		if opt == "ro" {
+			opts = append(opts, opt)
+		}
+	}
+
+	s.m[h] = mountRef{
+		mount: mount.Mount{
+			Source:  mp,
+			Type:    "bind",
+			Options: opts,
+		},
+		unmount: lm.Unmount,
+	}
+
+	sm, err := sub(s.m[h].mount, subPath)
+	if err != nil {
+		return mount.Mount{}, err
+	}
+	return sm, nil
+}
+
+func (s *submounts) cleanup() {
+	var wg sync.WaitGroup
+	wg.Add(len(s.m))
+	for _, m := range s.m {
+		func(m mountRef) {
+			go func() {
+				m.unmount()
+				wg.Done()
+			}()
+		}(m)
+	}
+	wg.Wait()
+}
+
+func sub(m mount.Mount, subPath string) (mount.Mount, error) {
+	src, err := fs.RootPath(m.Source, subPath)
+	if err != nil {
+		return mount.Mount{}, err
+	}
+	m.Source = src
+	return m, nil
+}
+
+func specMapping(s []idtools.IDMap) []specs.LinuxIDMapping {
+	var ids []specs.LinuxIDMapping
+	for _, item := range s {
+		ids = append(ids, specs.LinuxIDMapping{
+			HostID:      uint32(item.HostID),
+			ContainerID: uint32(item.ContainerID),
+			Size:        uint32(item.Size),
+		})
+	}
+	return ids
+}
diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go
index 3e1976a690ad9..65f2ca6bf9430 100644
--- a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go
+++ b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go
@@ -4,183 +4,86 @@ package oci
 
 import (
 	"context"
-	"path"
-	"sync"
 
 	"github.com/containerd/containerd/containers"
-	"github.com/containerd/containerd/mount"
-	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/oci"
-	"github.com/containerd/continuity/fs"
-	"github.com/mitchellh/hashstructure"
-	"github.com/moby/buildkit/executor"
-	"github.com/moby/buildkit/snapshot"
-	"github.com/moby/buildkit/util/network"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/profiles/seccomp"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/entitlements/security"
+	"github.com/moby/buildkit/util/system"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
+	"github.com/opencontainers/selinux/go-selinux/label"
 )
 
-// Ideally we don't have to import whole containerd just for the default spec
-
-// GenerateSpec generates spec using containerd functionality.
-func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, opts ...oci.SpecOpts) (*specs.Spec, func(), error) {
-	c := &containers.Container{
-		ID: id,
-	}
-	_, ok := namespaces.Namespace(ctx)
-	if !ok {
-		ctx = namespaces.WithNamespace(ctx, "buildkit")
-	}
-
-	// Note that containerd.GenerateSpec is namespaced so as to make
-	// specs.Linux.CgroupsPath namespaced
-	s, err := oci.GenerateSpec(ctx, nil, c, opts...)
-	if err != nil {
-		return nil, nil, err
-	}
-	// set the networking information on the spec
-	namespace.Set(s)
-
-	s.Process.Args = meta.Args
-	s.Process.Env = meta.Env
-	s.Process.Cwd = meta.Cwd
-	s.Process.Rlimits = nil // reset open files limit
-	s.Hostname = "buildkitsandbox"
-
-	s.Mounts = GetMounts(ctx,
+func generateMountOpts(resolvConf, hostsFile string) ([]oci.SpecOpts, error) {
+	return []oci.SpecOpts{
+		// https://github.com/moby/buildkit/issues/429
+		withRemovedMount("/run"),
 		withROBind(resolvConf, "/etc/resolv.conf"),
 		withROBind(hostsFile, "/etc/hosts"),
-	)
-
-	s.Mounts = append(s.Mounts, specs.Mount{
-		Destination: "/sys/fs/cgroup",
-		Type:        "cgroup",
-		Source:      "cgroup",
-		Options:     []string{"ro", "nosuid", "noexec", "nodev"},
-	})
-
-	// TODO: User
-
-	sm := &submounts{}
-
-	var releasers []func() error
-	releaseAll := func() {
-		sm.cleanup()
-		for _, f := range releasers {
-			f()
-		}
-	}
-
-	for _, m := range mounts {
-		if m.Src == nil {
-			return nil, nil, errors.Errorf("mount %s has no source", m.Dest)
-		}
-		mountable, err := m.Src.Mount(ctx, m.Readonly)
-		if err != nil {
-			releaseAll()
-			return nil, nil, errors.Wrapf(err, "failed to mount %s", m.Dest)
-		}
-		mounts, err := mountable.Mount()
-		if err != nil {
-			releaseAll()
-			return nil, nil, errors.WithStack(err)
-		}
-		releasers = append(releasers, mountable.Release)
-		for _, mount := range mounts {
-			mount, err = sm.subMount(mount, m.Selector)
-			if err != nil {
-				releaseAll()
-				return nil, nil, err
-			}
-			s.Mounts = append(s.Mounts, specs.Mount{
-				Destination: m.Dest,
-				Type:        mount.Type,
-				Source:      mount.Source,
-				Options:     mount.Options,
-			})
-		}
-	}
-
-	return s, releaseAll, nil
+		withCGroup(),
+	}, nil
 }
 
-type mountRef struct {
-	mount   mount.Mount
-	unmount func() error
-}
-
-type submounts struct {
-	m map[uint64]mountRef
-}
-
-func (s *submounts) subMount(m mount.Mount, subPath string) (mount.Mount, error) {
-	if path.Join("/", subPath) == "/" {
-		return m, nil
-	}
-	if s.m == nil {
-		s.m = map[uint64]mountRef{}
-	}
-	h, err := hashstructure.Hash(m, nil)
-	if err != nil {
-		return mount.Mount{}, nil
-	}
-	if mr, ok := s.m[h]; ok {
-		sm, err := sub(mr.mount, subPath)
-		if err != nil {
-			return mount.Mount{}, nil
+// generateSecurityOpts may affect mounts, so must be called after generateMountOpts
+func generateSecurityOpts(mode pb.SecurityMode, apparmorProfile string) (opts []oci.SpecOpts, _ error) {
+	switch mode {
+	case pb.SecurityMode_INSECURE:
+		return []oci.SpecOpts{
+			security.WithInsecureSpec(),
+			oci.WithWriteableCgroupfs,
+			oci.WithWriteableSysfs,
+			func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
+				var err error
+				s.Process.SelinuxLabel, s.Linux.MountLabel, err = label.InitLabels([]string{"disable"})
+				return err
+			},
+		}, nil
+	case pb.SecurityMode_SANDBOX:
+		if system.SeccompSupported() {
+			opts = append(opts, withDefaultProfile())
 		}
-		return sm, nil
-	}
-
-	lm := snapshot.LocalMounterWithMounts([]mount.Mount{m})
-
-	mp, err := lm.Mount()
-	if err != nil {
-		return mount.Mount{}, err
-	}
-
-	opts := []string{"rbind"}
-	for _, opt := range m.Options {
-		if opt == "ro" {
-			opts = append(opts, opt)
+		if apparmorProfile != "" {
+			opts = append(opts, oci.WithApparmorProfile(apparmorProfile))
 		}
+		opts = append(opts, func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
+			var err error
+			s.Process.SelinuxLabel, s.Linux.MountLabel, err = label.InitLabels(nil)
+			return err
+		})
+		return opts, nil
 	}
+	return nil, nil
+}
 
-	s.m[h] = mountRef{
-		mount: mount.Mount{
-			Source:  mp,
-			Type:    "bind",
-			Options: opts,
-		},
-		unmount: lm.Unmount,
-	}
-
-	sm, err := sub(s.m[h].mount, subPath)
-	if err != nil {
-		return mount.Mount{}, err
+// generateProcessModeOpts may affect mounts, so must be called after generateMountOpts
+func generateProcessModeOpts(mode ProcessMode) ([]oci.SpecOpts, error) {
+	if mode == NoProcessSandbox {
+		return []oci.SpecOpts{
+			oci.WithHostNamespace(specs.PIDNamespace),
+			withBoundProc(),
+		}, nil
+		// TODO(AkihiroSuda): Configure seccomp to disable ptrace (and prctl?) explicitly
 	}
-	return sm, nil
+	return nil, nil
 }
 
-func (s *submounts) cleanup() {
-	var wg sync.WaitGroup
-	wg.Add(len(s.m))
-	for _, m := range s.m {
-		func(m mountRef) {
-			go func() {
-				m.unmount()
-				wg.Done()
-			}()
-		}(m)
+func generateIDmapOpts(idmap *idtools.IdentityMapping) ([]oci.SpecOpts, error) {
+	if idmap == nil {
+		return nil, nil
 	}
-	wg.Wait()
+	return []oci.SpecOpts{
+		oci.WithUserNamespace(specMapping(idmap.UIDs()), specMapping(idmap.GIDs())),
+	}, nil
 }
 
-func sub(m mount.Mount, subPath string) (mount.Mount, error) {
-	src, err := fs.RootPath(m.Source, subPath)
-	if err != nil {
-		return mount.Mount{}, err
+// withDefaultProfile sets the default seccomp profile to the spec.
+// Note: must follow the setting of process capabilities
+func withDefaultProfile() oci.SpecOpts {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		var err error
+		s.Linux.Seccomp, err = seccomp.GetDefaultProfile(s)
+		return err
 	}
-	m.Source = src
-	return m, nil
 }
diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_windows.go b/vendor/github.com/moby/buildkit/executor/oci/spec_windows.go
new file mode 100644
index 0000000000000..ea3afe86a4fb9
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/executor/oci/spec_windows.go
@@ -0,0 +1,37 @@
+// +build windows
+
+package oci
+
+import (
+	"github.com/containerd/containerd/oci"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/pkg/errors"
+)
+
+func generateMountOpts(resolvConf, hostsFile string) ([]oci.SpecOpts, error) {
+	return nil, nil
+}
+
+// generateSecurityOpts may affect mounts, so must be called after generateMountOpts
+func generateSecurityOpts(mode pb.SecurityMode, apparmorProfile string) ([]oci.SpecOpts, error) {
+	if mode == pb.SecurityMode_INSECURE {
+		return nil, errors.New("no support for running in insecure mode on Windows")
+	}
+	return nil, nil
+}
+
+// generateProcessModeOpts may affect mounts, so must be called after generateMountOpts
+func generateProcessModeOpts(mode ProcessMode) ([]oci.SpecOpts, error) {
+	if mode == NoProcessSandbox {
+		return nil, errors.New("no support for NoProcessSandbox on Windows")
+	}
+	return nil, nil
+}
+
+func generateIDmapOpts(idmap *idtools.IdentityMapping) ([]oci.SpecOpts, error) {
+	if idmap == nil {
+		return nil, nil
+	}
+	return nil, errors.New("no support for IdentityMapping on Windows")
+}
diff --git a/vendor/github.com/moby/buildkit/executor/oci/user.go b/vendor/github.com/moby/buildkit/executor/oci/user.go
index ac5dbebdf294a..e49eb8e4d33e8 100644
--- a/vendor/github.com/moby/buildkit/executor/oci/user.go
+++ b/vendor/github.com/moby/buildkit/executor/oci/user.go
@@ -2,7 +2,6 @@ package oci
 
 import (
 	"context"
-	"errors"
 	"os"
 	"strconv"
 	"strings"
@@ -11,28 +10,21 @@ import (
 	containerdoci "github.com/containerd/containerd/oci"
 	"github.com/containerd/continuity/fs"
 	"github.com/opencontainers/runc/libcontainer/user"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
 )
 
-func GetUser(ctx context.Context, root, username string) (uint32, uint32, []uint32, error) {
+func GetUser(root, username string) (uint32, uint32, []uint32, error) {
 	// fast path from uid/gid
 	if uid, gid, err := ParseUIDGID(username); err == nil {
 		return uid, gid, nil, nil
 	}
 
-	passwdPath, err := user.GetPasswdPath()
-	if err != nil {
-		return 0, 0, nil, err
-	}
-	groupPath, err := user.GetGroupPath()
-	if err != nil {
-		return 0, 0, nil, err
-	}
-	passwdFile, err := openUserFile(root, passwdPath)
+	passwdFile, err := openUserFile(root, "/etc/passwd")
 	if err == nil {
 		defer passwdFile.Close()
 	}
-	groupFile, err := openUserFile(root, groupPath)
+	groupFile, err := openUserFile(root, "/etc/group")
 	if err == nil {
 		defer groupFile.Close()
 	}
diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go
index 8080f5714cdc0..799063250cf6d 100644
--- a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go
+++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go
@@ -4,29 +4,28 @@ import (
 	"context"
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
-	"strconv"
 	"strings"
+	"sync"
 	"syscall"
 	"time"
 
-	"github.com/containerd/containerd/contrib/seccomp"
 	"github.com/containerd/containerd/mount"
 	containerdoci "github.com/containerd/containerd/oci"
 	"github.com/containerd/continuity/fs"
 	runc "github.com/containerd/go-runc"
-	"github.com/moby/buildkit/cache"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/executor"
 	"github.com/moby/buildkit/executor/oci"
+	"github.com/moby/buildkit/frontend/gateway/errdefs"
 	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/network"
 	rootlessspecconv "github.com/moby/buildkit/util/rootless/specconv"
-	"github.com/moby/buildkit/util/system"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/moby/buildkit/util/stack"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -39,6 +38,14 @@ type Opt struct {
 	Rootless bool
 	// DefaultCgroupParent is the cgroup-parent name for executor
 	DefaultCgroupParent string
+	// ProcessMode
+	ProcessMode     oci.ProcessMode
+	IdentityMapping *idtools.IdentityMapping
+	// runc run --no-pivot (unrecommended)
+	NoPivot         bool
+	DNS             *oci.DNSConfig
+	OOMScoreAdj     *int
+	ApparmorProfile string
 }
 
 var defaultCommandCandidates = []string{"buildkit-runc", "runc"}
@@ -46,10 +53,17 @@ var defaultCommandCandidates = []string{"buildkit-runc", "runc"}
 type runcExecutor struct {
 	runc             *runc.Runc
 	root             string
-	cmd              string
 	cgroupParent     string
 	rootless         bool
 	networkProviders map[pb.NetMode]network.Provider
+	processMode      oci.ProcessMode
+	idmap            *idtools.IdentityMapping
+	noPivot          bool
+	dns              *oci.DNSConfig
+	oomScoreAdj      *int
+	running          map[string]chan error
+	mu               sync.Mutex
+	apparmorProfile  string
 }
 
 func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Executor, error) {
@@ -72,7 +86,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex
 
 	root := opt.Root
 
-	if err := os.MkdirAll(root, 0700); err != nil {
+	if err := os.MkdirAll(root, 0711); err != nil {
 		return nil, errors.Wrapf(err, "failed to create %s", root)
 	}
 
@@ -90,26 +104,54 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex
 	os.RemoveAll(filepath.Join(root, "resolv.conf"))
 
 	runtime := &runc.Runc{
-		Command:      cmd,
-		Log:          filepath.Join(root, "runc-log.json"),
-		LogFormat:    runc.JSON,
-		PdeathSignal: syscall.SIGKILL, // this can still leak the process
-		Setpgid:      true,
+		Command:   cmd,
+		Log:       filepath.Join(root, "runc-log.json"),
+		LogFormat: runc.JSON,
+		Setpgid:   true,
 		// we don't execute runc with --rootless=(true|false) explicitly,
 		// so as to support non-runc runtimes
 	}
 
+	updateRuncFieldsForHostOS(runtime)
+
 	w := &runcExecutor{
 		runc:             runtime,
 		root:             root,
 		cgroupParent:     opt.DefaultCgroupParent,
 		rootless:         opt.Rootless,
 		networkProviders: networkProviders,
+		processMode:      opt.ProcessMode,
+		idmap:            opt.IdentityMapping,
+		noPivot:          opt.NoPivot,
+		dns:              opt.DNS,
+		oomScoreAdj:      opt.OOMScoreAdj,
+		running:          make(map[string]chan error),
+		apparmorProfile:  opt.ApparmorProfile,
 	}
 	return w, nil
 }
 
-func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.Mountable, mounts []executor.Mount, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error {
+func (w *runcExecutor) Run(ctx context.Context, id string, root executor.Mount, mounts []executor.Mount, process executor.ProcessInfo, started chan<- struct{}) (err error) {
+	meta := process.Meta
+
+	startedOnce := sync.Once{}
+	done := make(chan error, 1)
+	w.mu.Lock()
+	w.running[id] = done
+	w.mu.Unlock()
+	defer func() {
+		w.mu.Lock()
+		delete(w.running, id)
+		w.mu.Unlock()
+		done <- err
+		close(done)
+		if started != nil {
+			startedOnce.Do(func() {
+				close(started)
+			})
+		}
+	}()
+
 	provider, ok := w.networkProviders[meta.NetMode]
 	if !ok {
 		return errors.Errorf("unknown network mode %s", meta.NetMode)
@@ -124,12 +166,12 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 		logrus.Info("enabling HostNetworking")
 	}
 
-	resolvConf, err := oci.GetResolvConf(ctx, w.root)
+	resolvConf, err := oci.GetResolvConf(ctx, w.root, w.idmap, w.dns)
 	if err != nil {
 		return err
 	}
 
-	hostsFile, clean, err := oci.GetHostsFile(ctx, w.root, meta.ExtraHosts)
+	hostsFile, clean, err := oci.GetHostsFile(ctx, w.root, meta.ExtraHosts, w.idmap, meta.Hostname)
 	if err != nil {
 		return err
 	}
@@ -137,26 +179,36 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 		defer clean()
 	}
 
-	mountable, err := root.Mount(ctx, false)
+	mountable, err := root.Src.Mount(ctx, false)
 	if err != nil {
 		return err
 	}
 
-	rootMount, err := mountable.Mount()
+	rootMount, release, err := mountable.Mount()
 	if err != nil {
 		return err
 	}
-	defer mountable.Release()
+	if release != nil {
+		defer release()
+	}
 
-	id := identity.NewID()
+	if id == "" {
+		id = identity.NewID()
+	}
 	bundle := filepath.Join(w.root, id)
 
-	if err := os.Mkdir(bundle, 0700); err != nil {
+	if err := os.Mkdir(bundle, 0711); err != nil {
 		return err
 	}
 	defer os.RemoveAll(bundle)
+
+	identity := idtools.Identity{}
+	if w.idmap != nil {
+		identity = w.idmap.RootPair()
+	}
+
 	rootFSPath := filepath.Join(bundle, "rootfs")
-	if err := os.Mkdir(rootFSPath, 0700); err != nil {
+	if err := idtools.MkdirAllAndChown(rootFSPath, 0700, identity); err != nil {
 		return err
 	}
 	if err := mount.All(rootMount, rootFSPath); err != nil {
@@ -164,7 +216,9 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 	}
 	defer mount.Unmount(rootFSPath, 0)
 
-	uid, gid, sgids, err := oci.GetUser(ctx, rootFSPath, meta.User)
+	defer executor.MountStubsCleaner(rootFSPath, mounts)()
+
+	uid, gid, sgids, err := oci.GetUser(rootFSPath, meta.User)
 	if err != nil {
 		return err
 	}
@@ -176,13 +230,22 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 	defer f.Close()
 
 	opts := []containerdoci.SpecOpts{oci.WithUIDGID(uid, gid, sgids)}
-	if system.SeccompSupported() {
-		opts = append(opts, seccomp.WithDefaultProfile())
-	}
+
 	if meta.ReadonlyRootFS {
 		opts = append(opts, containerdoci.WithRootFSReadonly())
 	}
 
+	identity = idtools.Identity{
+		UID: int(uid),
+		GID: int(gid),
+	}
+	if w.idmap != nil {
+		identity, err = w.idmap.ToHost(identity)
+		if err != nil {
+			return err
+		}
+	}
+
 	if w.cgroupParent != "" {
 		var cgroupsPath string
 		lastSeparator := w.cgroupParent[len(w.cgroupParent)-1:]
@@ -193,14 +256,14 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 		}
 		opts = append(opts, containerdoci.WithCgroup(cgroupsPath))
 	}
-	spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, namespace, opts...)
+	spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, namespace, w.processMode, w.idmap, w.apparmorProfile, opts...)
 	if err != nil {
 		return err
 	}
 	defer cleanup()
 
 	spec.Root.Path = rootFSPath
-	if _, ok := root.(cache.ImmutableRef); ok { // TODO: pass in with mount, not ref type
+	if root.Readonly {
 		spec.Root.Readonly = true
 	}
 
@@ -208,13 +271,14 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 	if err != nil {
 		return errors.Wrapf(err, "working dir %s points to invalid target", newp)
 	}
-	if err := os.MkdirAll(newp, 0755); err != nil {
-		return errors.Wrapf(err, "failed to create working directory %s", newp)
+	if _, err := os.Stat(newp); err != nil {
+		if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil {
+			return errors.Wrapf(err, "failed to create working directory %s", newp)
+		}
 	}
 
-	if err := setOOMScoreAdj(spec); err != nil {
-		return err
-	}
+	spec.Process.Terminal = meta.Tty
+	spec.Process.OOMScoreAdj = w.oomScoreAdj
 	if w.rootless {
 		if err := rootlessspecconv.ToRootless(spec); err != nil {
 			return err
@@ -229,7 +293,7 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 	runCtx, cancelRun := context.WithCancel(context.Background())
 	defer cancelRun()
 
-	done := make(chan struct{})
+	ended := make(chan struct{})
 	go func() {
 		for {
 			select {
@@ -248,37 +312,119 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 				timeout()
 				select {
 				case <-time.After(50 * time.Millisecond):
-				case <-done:
+				case <-ended:
 					return
 				}
-			case <-done:
+			case <-ended:
 				return
 			}
 		}
 	}()
 
 	logrus.Debugf("> creating %s %v", id, meta.Args)
-	status, err := w.runc.Run(runCtx, id, bundle, &runc.CreateOpts{
-		IO: &forwardIO{stdin: stdin, stdout: stdout, stderr: stderr},
-	})
-	close(done)
-	if err != nil {
-		return err
+	// this is a cheat, we have not actually started, but as close as we can get with runc for now
+	if started != nil {
+		startedOnce.Do(func() {
+			close(started)
+		})
 	}
 
-	if status != 0 {
-		err := errors.Errorf("exit code: %d", status)
+	err = w.run(runCtx, id, bundle, process)
+	close(ended)
+	return exitError(ctx, err)
+}
+
+func exitError(ctx context.Context, err error) error {
+	if err != nil {
+		exitErr := &errdefs.ExitError{
+			ExitCode: errdefs.UnknownExitStatus,
+			Err:      err,
+		}
+		var runcExitError *runc.ExitError
+		if errors.As(err, &runcExitError) {
+			exitErr = &errdefs.ExitError{
+				ExitCode: uint32(runcExitError.Status),
+			}
+		}
 		select {
 		case <-ctx.Done():
-			return errors.Wrapf(ctx.Err(), err.Error())
+			exitErr.Err = errors.Wrapf(ctx.Err(), exitErr.Error())
+			return exitErr
 		default:
-			return err
+			return stack.Enable(exitErr)
 		}
 	}
 
 	return nil
 }
 
+func (w *runcExecutor) Exec(ctx context.Context, id string, process executor.ProcessInfo) (err error) {
+	// first verify the container is running, if we get an error assume the container
+	// is in the process of being created and check again every 100ms or until
+	// context is canceled.
+	var state *runc.Container
+	for {
+		w.mu.Lock()
+		done, ok := w.running[id]
+		w.mu.Unlock()
+		if !ok {
+			return errors.Errorf("container %s not found", id)
+		}
+
+		state, _ = w.runc.State(ctx, id)
+		if state != nil && state.Status == "running" {
+			break
+		}
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case err, ok := <-done:
+			if !ok || err == nil {
+				return errors.Errorf("container %s has stopped", id)
+			}
+			return errors.Wrapf(err, "container %s has exited with error", id)
+		case <-time.After(100 * time.Millisecond):
+		}
+	}
+
+	// load default process spec (for Env, Cwd etc) from bundle
+	f, err := os.Open(filepath.Join(state.Bundle, "config.json"))
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	defer f.Close()
+
+	spec := &specs.Spec{}
+	if err := json.NewDecoder(f).Decode(spec); err != nil {
+		return err
+	}
+
+	if process.Meta.User != "" {
+		uid, gid, sgids, err := oci.GetUser(state.Rootfs, process.Meta.User)
+		if err != nil {
+			return err
+		}
+		spec.Process.User = specs.User{
+			UID:            uid,
+			GID:            gid,
+			AdditionalGids: sgids,
+		}
+	}
+
+	spec.Process.Terminal = process.Meta.Tty
+	spec.Process.Args = process.Meta.Args
+	if process.Meta.Cwd != "" {
+		spec.Process.Cwd = process.Meta.Cwd
+	}
+
+	if len(process.Meta.Env) > 0 {
+		spec.Process.Env = process.Meta.Env
+	}
+
+	err = w.exec(ctx, id, state.Bundle, spec.Process, process)
+	return exitError(ctx, err)
+}
+
 type forwardIO struct {
 	stdin          io.ReadCloser
 	stdout, stderr io.WriteCloser
@@ -305,19 +451,3 @@ func (s *forwardIO) Stdout() io.ReadCloser {
 func (s *forwardIO) Stderr() io.ReadCloser {
 	return nil
 }
-
-// setOOMScoreAdj comes from https://github.com/genuinetools/img/blob/2fabe60b7dc4623aa392b515e013bbc69ad510ab/executor/runc/executor.go#L182-L192
-func setOOMScoreAdj(spec *specs.Spec) error {
-	// Set the oom_score_adj of our children containers to that of the current process.
-	b, err := ioutil.ReadFile("/proc/self/oom_score_adj")
-	if err != nil {
-		return errors.Wrap(err, "failed to read /proc/self/oom_score_adj")
-	}
-	s := strings.TrimSpace(string(b))
-	oom, err := strconv.Atoi(s)
-	if err != nil {
-		return errors.Wrapf(err, "failed to parse %s as int", s)
-	}
-	spec.Process.OOMScoreAdj = &oom
-	return nil
-}
diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor_common.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor_common.go
new file mode 100644
index 0000000000000..3751b9009caa5
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor_common.go
@@ -0,0 +1,36 @@
+// +build !linux
+
+package runcexecutor
+
+import (
+	"context"
+
+	runc "github.com/containerd/go-runc"
+	"github.com/moby/buildkit/executor"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+var unsupportedConsoleError = errors.New("tty for runc is only supported on linux")
+
+func updateRuncFieldsForHostOS(runtime *runc.Runc) {}
+
+func (w *runcExecutor) run(ctx context.Context, id, bundle string, process executor.ProcessInfo) error {
+	if process.Meta.Tty {
+		return unsupportedConsoleError
+	}
+	_, err := w.runc.Run(ctx, id, bundle, &runc.CreateOpts{
+		IO:      &forwardIO{stdin: process.Stdin, stdout: process.Stdout, stderr: process.Stderr},
+		NoPivot: w.noPivot,
+	})
+	return err
+}
+
+func (w *runcExecutor) exec(ctx context.Context, id, bundle string, specsProcess *specs.Process, process executor.ProcessInfo) error {
+	if process.Meta.Tty {
+		return unsupportedConsoleError
+	}
+	return w.runc.Exec(ctx, id, *specsProcess, &runc.ExecOpts{
+		IO: &forwardIO{stdin: process.Stdin, stdout: process.Stdout, stderr: process.Stderr},
+	})
+}
diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor_linux.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor_linux.go
new file mode 100644
index 0000000000000..b01040ce9f0d8
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor_linux.go
@@ -0,0 +1,160 @@
+package runcexecutor
+
+import (
+	"context"
+	"io"
+	"os"
+	"syscall"
+	"time"
+
+	"github.com/containerd/console"
+	runc "github.com/containerd/go-runc"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/moby/buildkit/executor"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
+)
+
+func updateRuncFieldsForHostOS(runtime *runc.Runc) {
+	// PdeathSignal only supported on unix platforms
+	runtime.PdeathSignal = syscall.SIGKILL // this can still leak the process
+}
+
+func (w *runcExecutor) run(ctx context.Context, id, bundle string, process executor.ProcessInfo) error {
+	return w.callWithIO(ctx, id, bundle, process, func(ctx context.Context, started chan<- int, io runc.IO) error {
+		_, err := w.runc.Run(ctx, id, bundle, &runc.CreateOpts{
+			NoPivot: w.noPivot,
+			Started: started,
+			IO:      io,
+		})
+		return err
+	})
+}
+
+func (w *runcExecutor) exec(ctx context.Context, id, bundle string, specsProcess *specs.Process, process executor.ProcessInfo) error {
+	return w.callWithIO(ctx, id, bundle, process, func(ctx context.Context, started chan<- int, io runc.IO) error {
+		return w.runc.Exec(ctx, id, *specsProcess, &runc.ExecOpts{
+			Started: started,
+			IO:      io,
+		})
+	})
+}
+
+type runcCall func(ctx context.Context, started chan<- int, io runc.IO) error
+
+func (w *runcExecutor) callWithIO(ctx context.Context, id, bundle string, process executor.ProcessInfo, call runcCall) error {
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	if !process.Meta.Tty {
+		return call(ctx, nil, &forwardIO{stdin: process.Stdin, stdout: process.Stdout, stderr: process.Stderr})
+	}
+
+	ptm, ptsName, err := console.NewPty()
+	if err != nil {
+		return err
+	}
+
+	pts, err := os.OpenFile(ptsName, os.O_RDWR|syscall.O_NOCTTY, 0)
+	if err != nil {
+		ptm.Close()
+		return err
+	}
+
+	eg, ctx := errgroup.WithContext(ctx)
+
+	defer func() {
+		if process.Stdin != nil {
+			process.Stdin.Close()
+		}
+		pts.Close()
+		ptm.Close()
+		cancel() // this will shutdown resize loop
+		err := eg.Wait()
+		if err != nil {
+			logrus.Warningf("error while shutting down tty io: %s", err)
+		}
+	}()
+
+	if process.Stdin != nil {
+		eg.Go(func() error {
+			_, err := io.Copy(ptm, process.Stdin)
+			// stdin might be a pipe, so this is like EOF
+			if errors.Is(err, io.ErrClosedPipe) {
+				return nil
+			}
+			return err
+		})
+	}
+
+	if process.Stdout != nil {
+		eg.Go(func() error {
+			_, err := io.Copy(process.Stdout, ptm)
+			// ignore `read /dev/ptmx: input/output error` when ptm is closed
+			var ptmClosedError *os.PathError
+			if errors.As(err, &ptmClosedError) {
+				if ptmClosedError.Op == "read" &&
+					ptmClosedError.Path == "/dev/ptmx" &&
+					ptmClosedError.Err == syscall.EIO {
+					return nil
+				}
+			}
+			return err
+		})
+	}
+
+	started := make(chan int, 1)
+
+	eg.Go(func() error {
+		startedCtx, timeout := context.WithTimeout(ctx, 10*time.Second)
+		defer timeout()
+		var runcProcess *os.Process
+		select {
+		case <-startedCtx.Done():
+			return errors.New("runc started message never received")
+		case pid, ok := <-started:
+			if !ok {
+				return errors.New("runc process failed to send pid")
+			}
+			runcProcess, err = os.FindProcess(pid)
+			if err != nil {
+				return errors.Wrapf(err, "unable to find runc process for pid %d", pid)
+			}
+			defer runcProcess.Release()
+		}
+
+		for {
+			select {
+			case <-ctx.Done():
+				return nil
+			case resize := <-process.Resize:
+				err = ptm.Resize(console.WinSize{
+					Height: uint16(resize.Rows),
+					Width:  uint16(resize.Cols),
+				})
+				if err != nil {
+					logrus.Errorf("failed to resize ptm: %s", err)
+				}
+				err = runcProcess.Signal(signal.SIGWINCH)
+				if err != nil {
+					logrus.Errorf("failed to send SIGWINCH to process: %s", err)
+				}
+			}
+		}
+	})
+
+	runcIO := &forwardIO{}
+	if process.Stdin != nil {
+		runcIO.stdin = pts
+	}
+	if process.Stdout != nil {
+		runcIO.stdout = pts
+	}
+	if process.Stderr != nil {
+		runcIO.stderr = pts
+	}
+
+	return call(ctx, started, runcIO)
+}
diff --git a/vendor/github.com/moby/buildkit/executor/stubs.go b/vendor/github.com/moby/buildkit/executor/stubs.go
new file mode 100644
index 0000000000000..2c13b13053a4f
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/executor/stubs.go
@@ -0,0 +1,49 @@
+package executor
+
+import (
+	"errors"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/containerd/continuity/fs"
+)
+
+func MountStubsCleaner(dir string, mounts []Mount) func() {
+	names := []string{"/etc/resolv.conf", "/etc/hosts"}
+
+	for _, m := range mounts {
+		names = append(names, m.Dest)
+	}
+
+	paths := make([]string, 0, len(names))
+
+	for _, p := range names {
+		p = filepath.Join("/", p)
+		if p == "/" {
+			continue
+		}
+		realPath, err := fs.RootPath(dir, p)
+		if err != nil {
+			continue
+		}
+
+		_, err = os.Lstat(realPath)
+		if errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR) {
+			paths = append(paths, realPath)
+		}
+	}
+
+	return func() {
+		for _, p := range paths {
+			st, err := os.Lstat(p)
+			if err != nil {
+				continue
+			}
+			if st.Size() != 0 {
+				continue
+			}
+			os.Remove(p)
+		}
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/types.go b/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/types.go
index 9821f377d9443..b428afd0e6b6e 100644
--- a/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/types.go
+++ b/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/types.go
@@ -1,10 +1,16 @@
 package exptypes
 
-import specs "github.com/opencontainers/image-spec/specs-go/v1"
+import (
+	"github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+)
 
 const ExporterImageConfigKey = "containerimage.config"
+const ExporterInlineCache = "containerimage.inlinecache"
 const ExporterPlatformsKey = "refs.platforms"
 
+const EmptyGZLayer = digest.Digest("sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1")
+
 type Platforms struct {
 	Platforms []Platform
 }
diff --git a/vendor/github.com/moby/buildkit/exporter/exporter.go b/vendor/github.com/moby/buildkit/exporter/exporter.go
index cd6d1930a5c57..02c6a99913f8b 100644
--- a/vendor/github.com/moby/buildkit/exporter/exporter.go
+++ b/vendor/github.com/moby/buildkit/exporter/exporter.go
@@ -12,7 +12,7 @@ type Exporter interface {
 
 type ExporterInstance interface {
 	Name() string
-	Export(context.Context, Source) (map[string]string, error)
+	Export(ctx context.Context, src Source, sessionID string) (map[string]string, error)
 }
 
 type Source struct {
diff --git a/vendor/github.com/moby/buildkit/exporter/local/export.go b/vendor/github.com/moby/buildkit/exporter/local/export.go
new file mode 100644
index 0000000000000..d772776a9abdc
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/exporter/local/export.go
@@ -0,0 +1,166 @@
+package local
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/exporter"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/filesync"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/util/progress"
+	"github.com/tonistiigi/fsutil"
+	fstypes "github.com/tonistiigi/fsutil/types"
+	"golang.org/x/sync/errgroup"
+	"golang.org/x/time/rate"
+)
+
+type Opt struct {
+	SessionManager *session.Manager
+}
+
+type localExporter struct {
+	opt Opt
+	// session manager
+}
+
+func New(opt Opt) (exporter.Exporter, error) {
+	le := &localExporter{opt: opt}
+	return le, nil
+}
+
+func (e *localExporter) Resolve(ctx context.Context, opt map[string]string) (exporter.ExporterInstance, error) {
+	return &localExporterInstance{localExporter: e}, nil
+}
+
+type localExporterInstance struct {
+	*localExporter
+}
+
+func (e *localExporterInstance) Name() string {
+	return "exporting to client"
+}
+
+func (e *localExporterInstance) Export(ctx context.Context, inp exporter.Source, sessionID string) (map[string]string, error) {
+
+	timeoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	defer cancel()
+
+	caller, err := e.opt.SessionManager.Get(timeoutCtx, sessionID, false)
+	if err != nil {
+		return nil, err
+	}
+
+	isMap := len(inp.Refs) > 0
+
+	export := func(ctx context.Context, k string, ref cache.ImmutableRef) func() error {
+		return func() error {
+			var src string
+			var err error
+			var idmap *idtools.IdentityMapping
+			if ref == nil {
+				src, err = ioutil.TempDir("", "buildkit")
+				if err != nil {
+					return err
+				}
+				defer os.RemoveAll(src)
+			} else {
+				mount, err := ref.Mount(ctx, true, session.NewGroup(sessionID))
+				if err != nil {
+					return err
+				}
+
+				lm := snapshot.LocalMounter(mount)
+
+				src, err = lm.Mount()
+				if err != nil {
+					return err
+				}
+
+				idmap = mount.IdentityMapping()
+
+				defer lm.Unmount()
+			}
+
+			walkOpt := &fsutil.WalkOpt{}
+
+			if idmap != nil {
+				walkOpt.Map = func(p string, st *fstypes.Stat) bool {
+					uid, gid, err := idmap.ToContainer(idtools.Identity{
+						UID: int(st.Uid),
+						GID: int(st.Gid),
+					})
+					if err != nil {
+						return false
+					}
+					st.Uid = uint32(uid)
+					st.Gid = uint32(gid)
+					return true
+				}
+			}
+
+			fs := fsutil.NewFS(src, walkOpt)
+			lbl := "copying files"
+			if isMap {
+				lbl += " " + k
+				fs, err = fsutil.SubDirFS([]fsutil.Dir{{FS: fs, Stat: fstypes.Stat{
+					Mode: uint32(os.ModeDir | 0755),
+					Path: strings.Replace(k, "/", "_", -1),
+				}}})
+				if err != nil {
+					return err
+				}
+			}
+
+			progress := newProgressHandler(ctx, lbl)
+			if err := filesync.CopyToCaller(ctx, fs, caller, progress); err != nil {
+				return err
+			}
+			return nil
+		}
+	}
+
+	eg, ctx := errgroup.WithContext(ctx)
+
+	if isMap {
+		for k, ref := range inp.Refs {
+			eg.Go(export(ctx, k, ref))
+		}
+	} else {
+		eg.Go(export(ctx, "", inp.Ref))
+	}
+
+	if err := eg.Wait(); err != nil {
+		return nil, err
+	}
+	return nil, nil
+}
+
+func newProgressHandler(ctx context.Context, id string) func(int, bool) {
+	limiter := rate.NewLimiter(rate.Every(100*time.Millisecond), 1)
+	pw, _, _ := progress.FromContext(ctx)
+	now := time.Now()
+	st := progress.Status{
+		Started: &now,
+		Action:  "transferring",
+	}
+	pw.Write(id, st)
+	return func(s int, last bool) {
+		if last || limiter.Allow() {
+			st.Current = s
+			if last {
+				now := time.Now()
+				st.Completed = &now
+			}
+			pw.Write(id, st)
+			if last {
+				pw.Close()
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/exporter/tar/export.go b/vendor/github.com/moby/buildkit/exporter/tar/export.go
new file mode 100644
index 0000000000000..79e98cd6a1396
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/exporter/tar/export.go
@@ -0,0 +1,170 @@
+package local
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/exporter"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/filesync"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/util/progress"
+	"github.com/tonistiigi/fsutil"
+	fstypes "github.com/tonistiigi/fsutil/types"
+)
+
+type Opt struct {
+	SessionManager *session.Manager
+}
+
+type localExporter struct {
+	opt Opt
+	// session manager
+}
+
+func New(opt Opt) (exporter.Exporter, error) {
+	le := &localExporter{opt: opt}
+	return le, nil
+}
+
+func (e *localExporter) Resolve(ctx context.Context, opt map[string]string) (exporter.ExporterInstance, error) {
+	li := &localExporterInstance{localExporter: e}
+	return li, nil
+}
+
+type localExporterInstance struct {
+	*localExporter
+}
+
+func (e *localExporterInstance) Name() string {
+	return "exporting to client"
+}
+
+func (e *localExporterInstance) Export(ctx context.Context, inp exporter.Source, sessionID string) (map[string]string, error) {
+	var defers []func()
+
+	defer func() {
+		for i := len(defers) - 1; i >= 0; i-- {
+			defers[i]()
+		}
+	}()
+
+	getDir := func(ctx context.Context, k string, ref cache.ImmutableRef) (*fsutil.Dir, error) {
+		var src string
+		var err error
+		var idmap *idtools.IdentityMapping
+		if ref == nil {
+			src, err = ioutil.TempDir("", "buildkit")
+			if err != nil {
+				return nil, err
+			}
+			defers = append(defers, func() { os.RemoveAll(src) })
+		} else {
+			mount, err := ref.Mount(ctx, true, session.NewGroup(sessionID))
+			if err != nil {
+				return nil, err
+			}
+
+			lm := snapshot.LocalMounter(mount)
+
+			src, err = lm.Mount()
+			if err != nil {
+				return nil, err
+			}
+
+			idmap = mount.IdentityMapping()
+
+			defers = append(defers, func() { lm.Unmount() })
+		}
+
+		walkOpt := &fsutil.WalkOpt{}
+
+		if idmap != nil {
+			walkOpt.Map = func(p string, st *fstypes.Stat) bool {
+				uid, gid, err := idmap.ToContainer(idtools.Identity{
+					UID: int(st.Uid),
+					GID: int(st.Gid),
+				})
+				if err != nil {
+					return false
+				}
+				st.Uid = uint32(uid)
+				st.Gid = uint32(gid)
+				return true
+			}
+		}
+
+		return &fsutil.Dir{
+			FS: fsutil.NewFS(src, walkOpt),
+			Stat: fstypes.Stat{
+				Mode: uint32(os.ModeDir | 0755),
+				Path: strings.Replace(k, "/", "_", -1),
+			},
+		}, nil
+	}
+
+	var fs fsutil.FS
+
+	if len(inp.Refs) > 0 {
+		dirs := make([]fsutil.Dir, 0, len(inp.Refs))
+		for k, ref := range inp.Refs {
+			d, err := getDir(ctx, k, ref)
+			if err != nil {
+				return nil, err
+			}
+			dirs = append(dirs, *d)
+		}
+		var err error
+		fs, err = fsutil.SubDirFS(dirs)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		d, err := getDir(ctx, "", inp.Ref)
+		if err != nil {
+			return nil, err
+		}
+		fs = d.FS
+	}
+
+	timeoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	defer cancel()
+
+	caller, err := e.opt.SessionManager.Get(timeoutCtx, sessionID, false)
+	if err != nil {
+		return nil, err
+	}
+
+	w, err := filesync.CopyFileWriter(ctx, nil, caller)
+	if err != nil {
+		return nil, err
+	}
+	report := oneOffProgress(ctx, "sending tarball")
+	if err := fsutil.WriteTar(ctx, fs, w); err != nil {
+		w.Close()
+		return nil, report(err)
+	}
+	return nil, report(w.Close())
+}
+
+func oneOffProgress(ctx context.Context, id string) func(err error) error {
+	pw, _, _ := progress.FromContext(ctx)
+	now := time.Now()
+	st := progress.Status{
+		Started: &now,
+	}
+	pw.Write(id, st)
+	return func(err error) error {
+		// TODO: set error on status
+		now := time.Now()
+		st.Completed = &now
+		pw.Write(id, st)
+		pw.Close()
+		return err
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go
index 7e082df0824cc..5e67a83370e83 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go
@@ -8,50 +8,83 @@ import (
 	"encoding/json"
 	"fmt"
 	"net"
+	"path"
 	"regexp"
 	"strconv"
 	"strings"
 
 	"github.com/containerd/containerd/platforms"
-	"github.com/docker/docker/builder/dockerignore"
+	controlapi "github.com/moby/buildkit/api/services/control"
 	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/exporter/containerimage/exptypes"
 	"github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb"
+	"github.com/moby/buildkit/frontend/dockerfile/dockerignore"
+	"github.com/moby/buildkit/frontend/dockerfile/parser"
 	"github.com/moby/buildkit/frontend/gateway/client"
+	gwpb "github.com/moby/buildkit/frontend/gateway/pb"
+	"github.com/moby/buildkit/solver/errdefs"
 	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/apicaps"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"golang.org/x/sync/errgroup"
 )
 
 const (
-	LocalNameContext      = "context"
-	LocalNameDockerfile   = "dockerfile"
-	keyTarget             = "target"
-	keyFilename           = "filename"
-	keyCacheFrom          = "cache-from"
-	defaultDockerfileName = "Dockerfile"
-	dockerignoreFilename  = ".dockerignore"
-	buildArgPrefix        = "build-arg:"
-	labelPrefix           = "label:"
-	keyNoCache            = "no-cache"
-	keyTargetPlatform     = "platform"
-	keyMultiPlatform      = "multi-platform"
-	keyImageResolveMode   = "image-resolve-mode"
-	keyGlobalAddHosts     = "add-hosts"
-	keyForceNetwork       = "force-network-mode"
-	keyOverrideCopyImage  = "override-copy-image" // remove after CopyOp implemented
+	DefaultLocalNameContext    = "context"
+	DefaultLocalNameDockerfile = "dockerfile"
+	keyTarget                  = "target"
+	keyFilename                = "filename"
+	keyCacheFrom               = "cache-from"    // for registry only. deprecated in favor of keyCacheImports
+	keyCacheImports            = "cache-imports" // JSON representation of []CacheOptionsEntry
+	keyCacheNS                 = "build-arg:BUILDKIT_CACHE_MOUNT_NS"
+	defaultDockerfileName      = "Dockerfile"
+	dockerignoreFilename       = ".dockerignore"
+	buildArgPrefix             = "build-arg:"
+	labelPrefix                = "label:"
+	keyNoCache                 = "no-cache"
+	keyTargetPlatform          = "platform"
+	keyMultiPlatform           = "multi-platform"
+	keyImageResolveMode        = "image-resolve-mode"
+	keyGlobalAddHosts          = "add-hosts"
+	keyForceNetwork            = "force-network-mode"
+	keyOverrideCopyImage       = "override-copy-image" // remove after CopyOp implemented
+	keyNameContext             = "contextkey"
+	keyNameDockerfile          = "dockerfilekey"
+	keyContextSubDir           = "contextsubdir"
+	keyContextKeepGitDir       = "build-arg:BUILDKIT_CONTEXT_KEEP_GIT_DIR"
+	keySyntax                  = "build-arg:BUILDKIT_SYNTAX"
+	keyMultiPlatformArg        = "build-arg:BUILDKIT_MULTI_PLATFORM"
+	keyHostname                = "hostname"
 )
 
-var httpPrefix = regexp.MustCompile("^https?://")
-var gitUrlPathWithFragmentSuffix = regexp.MustCompile("\\.git(?:#.+)?$")
+var httpPrefix = regexp.MustCompile(`^https?://`)
+var gitURLPathWithFragmentSuffix = regexp.MustCompile(`\.git(?:#.+)?$`)
 
 func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 	opts := c.BuildOpts().Opts
 	caps := c.BuildOpts().LLBCaps
+	gwcaps := c.BuildOpts().Caps
+
+	allowForward, capsError := validateCaps(opts["frontend.caps"])
+	if !allowForward && capsError != nil {
+		return nil, capsError
+	}
 
 	marshalOpts := []llb.ConstraintsOpt{llb.WithCaps(caps)}
 
+	localNameContext := DefaultLocalNameContext
+	if v, ok := opts[keyNameContext]; ok {
+		localNameContext = v
+	}
+
+	forceLocalDockerfile := false
+	localNameDockerfile := DefaultLocalNameDockerfile
+	if v, ok := opts[keyNameDockerfile]; ok {
+		forceLocalDockerfile = true
+		localNameDockerfile = v
+	}
+
 	defaultBuildPlatform := platforms.DefaultSpec()
 	if workers := c.BuildOpts().Workers; len(workers) > 0 && len(workers[0].Platforms) > 0 {
 		defaultBuildPlatform = workers[0].Platforms[0]
@@ -98,20 +131,32 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 
 	name := "load build definition from " + filename
 
-	src := llb.Local(LocalNameDockerfile,
-		llb.IncludePatterns([]string{filename}),
+	filenames := []string{filename, filename + ".dockerignore"}
+
+	// dockerfile is also supported casing moby/moby#10858
+	if path.Base(filename) == defaultDockerfileName {
+		filenames = append(filenames, path.Join(path.Dir(filename), strings.ToLower(defaultDockerfileName)))
+	}
+
+	src := llb.Local(localNameDockerfile,
+		llb.FollowPaths(filenames),
 		llb.SessionID(c.BuildOpts().SessionID),
-		llb.SharedKeyHint(defaultDockerfileName),
+		llb.SharedKeyHint(localNameDockerfile),
 		dockerfile2llb.WithInternalName(name),
 	)
+
+	fileop := useFileOp(opts, &caps)
+
 	var buildContext *llb.State
-	isScratchContext := false
-	if st, ok := detectGitContext(opts[LocalNameContext]); ok {
-		src = *st
-		buildContext = &src
-	} else if httpPrefix.MatchString(opts[LocalNameContext]) {
-		httpContext := llb.HTTP(opts[LocalNameContext], llb.Filename("context"), dockerfile2llb.WithInternalName("load remote build context"))
-		def, err := httpContext.Marshal(marshalOpts...)
+	isNotLocalContext := false
+	if st, ok := detectGitContext(opts[localNameContext], opts[keyContextKeepGitDir]); ok {
+		if !forceLocalDockerfile {
+			src = *st
+		}
+		buildContext = st
+	} else if httpPrefix.MatchString(opts[localNameContext]) {
+		httpContext := llb.HTTP(opts[localNameContext], llb.Filename("context"), dockerfile2llb.WithInternalName("load remote build context"))
+		def, err := httpContext.Marshal(ctx, marshalOpts...)
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to marshal httpcontext")
 		}
@@ -134,33 +179,76 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 			},
 		})
 		if err != nil {
-			return nil, errors.Errorf("failed to read downloaded context")
+			return nil, errors.Wrapf(err, "failed to read downloaded context")
 		}
 		if isArchive(dt) {
-			copyImage := opts[keyOverrideCopyImage]
-			if copyImage == "" {
-				copyImage = dockerfile2llb.DefaultCopyImage
+			if fileop {
+				bc := llb.Scratch().File(llb.Copy(httpContext, "/context", "/", &llb.CopyInfo{
+					AttemptUnpack: true,
+				}))
+				if !forceLocalDockerfile {
+					src = bc
+				}
+				buildContext = &bc
+			} else {
+				copyImage := opts[keyOverrideCopyImage]
+				if copyImage == "" {
+					copyImage = dockerfile2llb.DefaultCopyImage
+				}
+				unpack := llb.Image(copyImage, dockerfile2llb.WithInternalName("helper image for file operations")).
+					Run(llb.Shlex("copy --unpack /src/context /out/"), llb.ReadonlyRootFS(), dockerfile2llb.WithInternalName("extracting build context"))
+				unpack.AddMount("/src", httpContext, llb.Readonly)
+				bc := unpack.AddMount("/out", llb.Scratch())
+				if !forceLocalDockerfile {
+					src = bc
+				}
+				buildContext = &bc
 			}
-			unpack := llb.Image(copyImage, dockerfile2llb.WithInternalName("helper image for file operations")).
-				Run(llb.Shlex("copy --unpack /src/context /out/"), llb.ReadonlyRootFS(), dockerfile2llb.WithInternalName("extracting build context"))
-			unpack.AddMount("/src", httpContext, llb.Readonly)
-			src = unpack.AddMount("/out", llb.Scratch())
-			buildContext = &src
 		} else {
 			filename = "context"
-			src = httpContext
-			buildContext = &src
-			isScratchContext = true
+			if !forceLocalDockerfile {
+				src = httpContext
+			}
+			buildContext = &httpContext
+			isNotLocalContext = true
+		}
+	} else if (&gwcaps).Supports(gwpb.CapFrontendInputs) == nil {
+		inputs, err := c.Inputs(ctx)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to get frontend inputs")
+		}
+
+		if !forceLocalDockerfile {
+			inputDockerfile, ok := inputs[DefaultLocalNameDockerfile]
+			if ok {
+				src = inputDockerfile
+			}
+		}
+
+		inputCtx, ok := inputs[DefaultLocalNameContext]
+		if ok {
+			buildContext = &inputCtx
+			isNotLocalContext = true
+		}
+	}
+
+	if buildContext != nil {
+		if sub, ok := opts[keyContextSubDir]; ok {
+			buildContext = scopeToSubDir(buildContext, fileop, sub)
 		}
 	}
 
-	def, err := src.Marshal(marshalOpts...)
+	def, err := src.Marshal(ctx, marshalOpts...)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to marshal local source")
 	}
 
+	var sourceMap *llb.SourceMap
+
 	eg, ctx2 := errgroup.WithContext(ctx)
 	var dtDockerfile []byte
+	var dtDockerignore []byte
+	var dtDockerignoreDefault []byte
 	eg.Go(func() error {
 		res, err := c.Solve(ctx2, client.SolveRequest{
 			Definition: def.ToPB(),
@@ -178,24 +266,46 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 			Filename: filename,
 		})
 		if err != nil {
-			return errors.Wrapf(err, "failed to read dockerfile")
+			fallback := false
+			if path.Base(filename) == defaultDockerfileName {
+				var err1 error
+				dtDockerfile, err1 = ref.ReadFile(ctx2, client.ReadRequest{
+					Filename: path.Join(path.Dir(filename), strings.ToLower(defaultDockerfileName)),
+				})
+				if err1 == nil {
+					fallback = true
+				}
+			}
+			if !fallback {
+				return errors.Wrapf(err, "failed to read dockerfile")
+			}
+		}
+
+		sourceMap = llb.NewSourceMap(&src, filename, dtDockerfile)
+		sourceMap.Definition = def
+
+		dt, err := ref.ReadFile(ctx2, client.ReadRequest{
+			Filename: filename + ".dockerignore",
+		})
+		if err == nil {
+			dtDockerignore = dt
 		}
 		return nil
 	})
 	var excludes []string
-	if !isScratchContext {
+	if !isNotLocalContext {
 		eg.Go(func() error {
 			dockerignoreState := buildContext
 			if dockerignoreState == nil {
-				st := llb.Local(LocalNameContext,
+				st := llb.Local(localNameContext,
 					llb.SessionID(c.BuildOpts().SessionID),
-					llb.IncludePatterns([]string{dockerignoreFilename}),
-					llb.SharedKeyHint(dockerignoreFilename),
+					llb.FollowPaths([]string{dockerignoreFilename}),
+					llb.SharedKeyHint(localNameContext+"-"+dockerignoreFilename),
 					dockerfile2llb.WithInternalName("load "+dockerignoreFilename),
 				)
 				dockerignoreState = &st
 			}
-			def, err := dockerignoreState.Marshal(marshalOpts...)
+			def, err := dockerignoreState.Marshal(ctx, marshalOpts...)
 			if err != nil {
 				return err
 			}
@@ -209,14 +319,11 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 			if err != nil {
 				return err
 			}
-			dtDockerignore, err := ref.ReadFile(ctx2, client.ReadRequest{
+			dtDockerignoreDefault, err = ref.ReadFile(ctx2, client.ReadRequest{
 				Filename: dockerignoreFilename,
 			})
-			if err == nil {
-				excludes, err = dockerignore.ReadAll(bytes.NewBuffer(dtDockerignore))
-				if err != nil {
-					return errors.Wrap(err, "failed to parse dockerignore")
-				}
+			if err != nil {
+				return nil
 			}
 			return nil
 		})
@@ -226,15 +333,46 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 		return nil, err
 	}
 
+	if dtDockerignore == nil {
+		dtDockerignore = dtDockerignoreDefault
+	}
+	if dtDockerignore != nil {
+		excludes, err = dockerignore.ReadAll(bytes.NewBuffer(dtDockerignore))
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to parse dockerignore")
+		}
+	}
+
 	if _, ok := opts["cmdline"]; !ok {
-		ref, cmdline, ok := dockerfile2llb.DetectSyntax(bytes.NewBuffer(dtDockerfile))
-		if ok {
-			return forwardGateway(ctx, c, ref, cmdline)
+		if cmdline, ok := opts[keySyntax]; ok {
+			p := strings.SplitN(strings.TrimSpace(cmdline), " ", 2)
+			res, err := forwardGateway(ctx, c, p[0], cmdline)
+			if err != nil && len(errdefs.Sources(err)) == 0 {
+				return nil, errors.Wrapf(err, "failed with %s = %s", keySyntax, cmdline)
+			}
+			return res, err
+		} else if ref, cmdline, loc, ok := dockerfile2llb.DetectSyntax(bytes.NewBuffer(dtDockerfile)); ok {
+			res, err := forwardGateway(ctx, c, ref, cmdline)
+			if err != nil && len(errdefs.Sources(err)) == 0 {
+				return nil, wrapSource(err, sourceMap, loc)
+			}
+			return res, err
 		}
 	}
 
+	if capsError != nil {
+		return nil, capsError
+	}
+
+	if res, ok, err := checkSubRequest(ctx, opts); ok {
+		return res, err
+	}
+
 	exportMap := len(targetPlatforms) > 1
 
+	if v := opts[keyMultiPlatformArg]; v != "" {
+		opts[keyMultiPlatform] = v
+	}
 	if v := opts[keyMultiPlatform]; v != "" {
 		b, err := strconv.ParseBool(v)
 		if err != nil {
@@ -255,12 +393,19 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 
 	for i, tp := range targetPlatforms {
 		func(i int, tp *specs.Platform) {
-			eg.Go(func() error {
+			eg.Go(func() (err error) {
+				defer func() {
+					var el *parser.ErrorLocation
+					if errors.As(err, &el) {
+						err = wrapSource(err, sourceMap, el.Location)
+					}
+				}()
 				st, img, err := dockerfile2llb.Dockerfile2LLB(ctx, dtDockerfile, dockerfile2llb.ConvertOpt{
 					Target:            opts[keyTarget],
 					MetaResolver:      c,
 					BuildArgs:         filter(opts, buildArgPrefix),
 					Labels:            filter(opts, labelPrefix),
+					CacheIDNamespace:  opts[keyCacheNS],
 					SessionID:         c.BuildOpts().SessionID,
 					BuildContext:      buildContext,
 					Excludes:          excludes,
@@ -273,13 +418,15 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 					ForceNetMode:      defaultNetMode,
 					OverrideCopyImage: opts[keyOverrideCopyImage],
 					LLBCaps:           &caps,
+					SourceMap:         sourceMap,
+					Hostname:          opts[keyHostname],
 				})
 
 				if err != nil {
 					return errors.Wrapf(err, "failed to create LLB definition")
 				}
 
-				def, err := st.Marshal()
+				def, err := st.Marshal(ctx)
 				if err != nil {
 					return errors.Wrapf(err, "failed to marshal LLB definition")
 				}
@@ -289,14 +436,35 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
 					return errors.Wrapf(err, "failed to marshal image config")
 				}
 
-				var cacheFrom []string
+				var cacheImports []client.CacheOptionsEntry
+				// new API
+				if cacheImportsStr := opts[keyCacheImports]; cacheImportsStr != "" {
+					var cacheImportsUM []controlapi.CacheOptionsEntry
+					if err := json.Unmarshal([]byte(cacheImportsStr), &cacheImportsUM); err != nil {
+						return errors.Wrapf(err, "failed to unmarshal %s (%q)", keyCacheImports, cacheImportsStr)
+					}
+					for _, um := range cacheImportsUM {
+						cacheImports = append(cacheImports, client.CacheOptionsEntry{Type: um.Type, Attrs: um.Attrs})
+					}
+				}
+				// old API
 				if cacheFromStr := opts[keyCacheFrom]; cacheFromStr != "" {
-					cacheFrom = strings.Split(cacheFromStr, ",")
+					cacheFrom := strings.Split(cacheFromStr, ",")
+					for _, s := range cacheFrom {
+						im := client.CacheOptionsEntry{
+							Type: "registry",
+							Attrs: map[string]string{
+								"ref": s,
+							},
+						}
+						// FIXME(AkihiroSuda): skip append if already exists
+						cacheImports = append(cacheImports, im)
+					}
 				}
 
 				r, err := c.Solve(ctx, client.SolveRequest{
-					Definition:      def.ToPB(),
-					ImportCacheRefs: cacheFrom,
+					Definition:   def.ToPB(),
+					CacheImports: cacheImports,
 				})
 				if err != nil {
 					return err
@@ -351,9 +519,29 @@ func forwardGateway(ctx context.Context, c client.Client, ref string, cmdline st
 	}
 	opts["cmdline"] = cmdline
 	opts["source"] = ref
+
+	gwcaps := c.BuildOpts().Caps
+	var frontendInputs map[string]*pb.Definition
+	if (&gwcaps).Supports(gwpb.CapFrontendInputs) == nil {
+		inputs, err := c.Inputs(ctx)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to get frontend inputs")
+		}
+
+		frontendInputs = make(map[string]*pb.Definition)
+		for name, state := range inputs {
+			def, err := state.Marshal(ctx)
+			if err != nil {
+				return nil, err
+			}
+			frontendInputs[name] = def.ToPB()
+		}
+	}
+
 	return c.Solve(ctx, client.SolveRequest{
-		Frontend:    "gateway.v0",
-		FrontendOpt: opts,
+		Frontend:       "gateway.v0",
+		FrontendOpt:    opts,
+		FrontendInputs: frontendInputs,
 	})
 }
 
@@ -367,12 +555,19 @@ func filter(opt map[string]string, key string) map[string]string {
 	return m
 }
 
-func detectGitContext(ref string) (*llb.State, bool) {
+func detectGitContext(ref, gitContext string) (*llb.State, bool) {
 	found := false
-	if httpPrefix.MatchString(ref) && gitUrlPathWithFragmentSuffix.MatchString(ref) {
+	if httpPrefix.MatchString(ref) && gitURLPathWithFragmentSuffix.MatchString(ref) {
 		found = true
 	}
 
+	keepGit := false
+	if gitContext != "" {
+		if v, err := strconv.ParseBool(gitContext); err == nil {
+			keepGit = v
+		}
+	}
+
 	for _, prefix := range []string{"git://", "github.com/", "git@"} {
 		if strings.HasPrefix(ref, prefix) {
 			found = true
@@ -388,7 +583,12 @@ func detectGitContext(ref string) (*llb.State, bool) {
 	if len(parts) > 1 {
 		branch = parts[1]
 	}
-	st := llb.Git(parts[0], branch, dockerfile2llb.WithInternalName("load git source "+ref))
+	gitOpts := []llb.GitOption{dockerfile2llb.WithInternalName("load git source " + ref)}
+	if keepGit {
+		gitOpts = append(gitOpts, llb.KeepGitDir())
+	}
+
+	st := llb.Git(parts[0], branch, gitOpts...)
 	return &st, true
 }
 
@@ -478,3 +678,54 @@ func parseNetMode(v string) (pb.NetMode, error) {
 		return 0, errors.Errorf("invalid netmode %s", v)
 	}
 }
+
+func useFileOp(args map[string]string, caps *apicaps.CapSet) bool {
+	enabled := true
+	if v, ok := args["build-arg:BUILDKIT_DISABLE_FILEOP"]; ok {
+		if b, err := strconv.ParseBool(v); err == nil {
+			enabled = !b
+		}
+	}
+	return enabled && caps != nil && caps.Supports(pb.CapFileBase) == nil
+}
+
+func scopeToSubDir(c *llb.State, fileop bool, dir string) *llb.State {
+	if fileop {
+		bc := llb.Scratch().File(llb.Copy(*c, dir, "/", &llb.CopyInfo{
+			CopyDirContentsOnly: true,
+		}))
+		return &bc
+	}
+	unpack := llb.Image(dockerfile2llb.DefaultCopyImage, dockerfile2llb.WithInternalName("helper image for file operations")).
+		Run(llb.Shlexf("copy %s/. /out/", path.Join("/src", dir)), llb.ReadonlyRootFS(), dockerfile2llb.WithInternalName("filtering build context"))
+	unpack.AddMount("/src", *c, llb.Readonly)
+	bc := unpack.AddMount("/out", llb.Scratch())
+	return &bc
+}
+
+func wrapSource(err error, sm *llb.SourceMap, ranges []parser.Range) error {
+	if sm == nil {
+		return err
+	}
+	s := errdefs.Source{
+		Info: &pb.SourceInfo{
+			Data:       sm.Data,
+			Filename:   sm.Filename,
+			Definition: sm.Definition.ToPB(),
+		},
+		Ranges: make([]*pb.Range, 0, len(ranges)),
+	}
+	for _, r := range ranges {
+		s.Ranges = append(s.Ranges, &pb.Range{
+			Start: pb.Position{
+				Line:      int32(r.Start.Line),
+				Character: int32(r.Start.Character),
+			},
+			End: pb.Position{
+				Line:      int32(r.End.Line),
+				Character: int32(r.End.Character),
+			},
+		})
+	}
+	return errdefs.WithSource(err, s)
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/caps.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/caps.go
new file mode 100644
index 0000000000000..279701154eac2
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/caps.go
@@ -0,0 +1,34 @@
+package builder
+
+import (
+	"strings"
+
+	"github.com/moby/buildkit/solver/errdefs"
+	"github.com/moby/buildkit/util/grpcerrors"
+	"github.com/moby/buildkit/util/stack"
+	"google.golang.org/grpc/codes"
+)
+
+var enabledCaps = map[string]struct{}{
+	"moby.buildkit.frontend.inputs":      {},
+	"moby.buildkit.frontend.subrequests": {},
+}
+
+func validateCaps(req string) (forward bool, err error) {
+	if req == "" {
+		return
+	}
+	caps := strings.Split(req, ",")
+	for _, c := range caps {
+		parts := strings.SplitN(c, "+", 2)
+		if _, ok := enabledCaps[parts[0]]; !ok {
+			err = stack.Enable(grpcerrors.WrapCode(errdefs.NewUnsupportedFrontendCapError(parts[0]), codes.Unimplemented))
+			if strings.Contains(c, "+forward") {
+				forward = true
+			} else {
+				return false, err
+			}
+		}
+	}
+	return
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/subrequests.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/subrequests.go
new file mode 100644
index 0000000000000..6d30b7b8cc1cf
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/subrequests.go
@@ -0,0 +1,39 @@
+package builder
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/frontend/subrequests"
+	"github.com/moby/buildkit/solver/errdefs"
+)
+
+func checkSubRequest(ctx context.Context, opts map[string]string) (*client.Result, bool, error) {
+	req, ok := opts["requestid"]
+	if !ok {
+		return nil, false, nil
+	}
+	switch req {
+	case subrequests.RequestSubrequestsDescribe:
+		res, err := describe()
+		return res, true, err
+	default:
+		return nil, true, errdefs.NewUnsupportedSubrequestError(req)
+	}
+}
+
+func describe() (*client.Result, error) {
+	all := []subrequests.Request{
+		subrequests.SubrequestsDescribeDefinition,
+	}
+	dt, err := json.MarshalIndent(all, "  ", "")
+	if err != nil {
+		return nil, err
+	}
+	res := client.NewResult()
+	res.Metadata = map[string][]byte{
+		"result.json": dt,
+	}
+	return res, nil
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go
index 5342046d71764..d31e35e25cced 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go
@@ -5,7 +5,9 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"math"
 	"net/url"
+	"os"
 	"path"
 	"path/filepath"
 	"sort"
@@ -21,7 +23,6 @@ import (
 	"github.com/moby/buildkit/frontend/dockerfile/instructions"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
 	"github.com/moby/buildkit/frontend/dockerfile/shell"
-	gw "github.com/moby/buildkit/frontend/gateway/client"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/apicaps"
 	"github.com/moby/buildkit/util/system"
@@ -31,11 +32,11 @@ import (
 )
 
 const (
-	emptyImageName   = "scratch"
-	localNameContext = "context"
-	historyComment   = "buildkit.dockerfile.v0"
+	emptyImageName          = "scratch"
+	defaultContextLocalName = "context"
+	historyComment          = "buildkit.dockerfile.v0"
 
-	DefaultCopyImage = "tonistiigi/copy:v0.1.7@sha256:9aab7d9ab369c6daf4831bf0653f7592110ab4b7e8a33fee2b9dca546e9d3089"
+	DefaultCopyImage = "docker/dockerfile-copy:v0.1.9@sha256:e8f159d3f00786604b93c675ee2783f8dc194bb565e61ca5788f6a6e9d304061"
 )
 
 type ConvertOpt struct {
@@ -59,6 +60,9 @@ type ConvertOpt struct {
 	ForceNetMode      pb.NetMode
 	OverrideCopyImage string
 	LLBCaps           *apicaps.CapSet
+	ContextLocalName  string
+	SourceMap         *llb.SourceMap
+	Hostname          string
 }
 
 func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State, *Image, error) {
@@ -66,6 +70,10 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 		return nil, nil, errors.Errorf("the Dockerfile cannot be empty")
 	}
 
+	if opt.ContextLocalName == "" {
+		opt.ContextLocalName = defaultContextLocalName
+	}
+
 	platformOpt := buildPlatformOpt(&opt)
 
 	optMetaArgs := getPlatformArgs(platformOpt)
@@ -87,11 +95,13 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 
 	shlex := shell.NewLex(dockerfile.EscapeToken)
 
-	for _, metaArg := range metaArgs {
-		if metaArg.Value != nil {
-			*metaArg.Value, _ = shlex.ProcessWordWithMap(*metaArg.Value, metaArgsToMap(optMetaArgs))
+	for _, cmd := range metaArgs {
+		for _, metaArg := range cmd.Args {
+			if metaArg.Value != nil {
+				*metaArg.Value, _ = shlex.ProcessWordWithMap(*metaArg.Value, metaArgsToMap(optMetaArgs))
+			}
+			optMetaArgs = append(optMetaArgs, setKVValue(metaArg, opt.BuildArgs))
 		}
-		optMetaArgs = append(optMetaArgs, setKVValue(metaArg.KeyValuePairOptional, opt.BuildArgs))
 	}
 
 	metaResolver := opt.MetaResolver
@@ -105,10 +115,10 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 	for i, st := range stages {
 		name, err := shlex.ProcessWordWithMap(st.BaseName, metaArgsToMap(optMetaArgs))
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, parser.WithLocation(err, st.Location)
 		}
 		if name == "" {
-			return nil, nil, errors.Errorf("base name (%s) should not be blank", st.BaseName)
+			return nil, nil, parser.WithLocation(errors.Errorf("base name (%s) should not be blank", st.BaseName), st.Location)
 		}
 		st.BaseName = name
 
@@ -127,12 +137,12 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 		if v := st.Platform; v != "" {
 			v, err := shlex.ProcessWordWithMap(v, metaArgsToMap(optMetaArgs))
 			if err != nil {
-				return nil, nil, errors.Wrapf(err, "failed to process arguments for platform %s", v)
+				return nil, nil, parser.WithLocation(errors.Wrapf(err, "failed to process arguments for platform %s", v), st.Location)
 			}
 
 			p, err := platforms.Parse(v)
 			if err != nil {
-				return nil, nil, errors.Wrapf(err, "failed to parse platform %s", v)
+				return nil, nil, parser.WithLocation(errors.Wrapf(err, "failed to parse platform %s", v), st.Location)
 			}
 			ds.platform = &p
 		}
@@ -146,6 +156,10 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 			switch cmd.(type) {
 			case *instructions.AddCommand, *instructions.CopyCommand, *instructions.RunCommand:
 				total++
+			case *instructions.WorkdirCommand:
+				if useFileOp(opt.BuildArgs, opt.LLBCaps) {
+					total++
+				}
 			}
 		}
 		ds.cmdTotal = total
@@ -163,10 +177,6 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 		}
 	}
 
-	if len(allDispatchStates.states) == 1 {
-		allDispatchStates.states[0].stageName = ""
-	}
-
 	var target *dispatchState
 	if opt.Target == "" {
 		target = allDispatchStates.lastTarget()
@@ -198,6 +208,14 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 		}
 	}
 
+	if has, state := hasCircularDependency(allDispatchStates.states); has {
+		return nil, nil, errors.Errorf("circular dependency detected on stage: %s", state.stageName)
+	}
+
+	if len(allDispatchStates.states) == 1 {
+		allDispatchStates.states[0].stageName = ""
+	}
+
 	eg, ctx := errgroup.WithContext(ctx)
 	for i, d := range allDispatchStates.states {
 		reachable := isReachable(target, d)
@@ -212,7 +230,7 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 				eg.Go(func() error {
 					ref, err := reference.ParseNormalizedNamed(d.stage.BaseName)
 					if err != nil {
-						return errors.Wrapf(err, "failed to parse stage name %q", d.stage.BaseName)
+						return parser.WithLocation(errors.Wrapf(err, "failed to parse stage name %q", d.stage.BaseName), d.stage.Location)
 					}
 					platform := d.platform
 					if platform == nil {
@@ -226,39 +244,39 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 							prefix += platforms.Format(*platform) + " "
 						}
 						prefix += "internal]"
-						dgst, dt, err := metaResolver.ResolveImageConfig(ctx, d.stage.BaseName, gw.ResolveImageConfigOpt{
+						dgst, dt, err := metaResolver.ResolveImageConfig(ctx, d.stage.BaseName, llb.ResolveImageConfigOpt{
 							Platform:    platform,
 							ResolveMode: opt.ImageResolveMode.String(),
 							LogName:     fmt.Sprintf("%s load metadata for %s", prefix, d.stage.BaseName),
 						})
-						if err == nil { // handle the error while builder is actually running
-							var img Image
-							if err := json.Unmarshal(dt, &img); err != nil {
+						if err != nil {
+							return err
+						}
+						var img Image
+						if err := json.Unmarshal(dt, &img); err != nil {
+							return err
+						}
+						img.Created = nil
+						// if there is no explicit target platform, try to match based on image config
+						if d.platform == nil && platformOpt.implicitTarget {
+							p := autoDetectPlatform(img, *platform, platformOpt.buildPlatforms)
+							platform = &p
+						}
+						d.image = img
+						if dgst != "" {
+							ref, err = reference.WithDigest(ref, dgst)
+							if err != nil {
 								return err
 							}
-							img.Created = nil
-							// if there is no explicit target platform, try to match based on image config
-							if d.platform == nil && platformOpt.implicitTarget {
-								p := autoDetectPlatform(img, *platform, platformOpt.buildPlatforms)
-								platform = &p
-							}
-							d.image = img
-							if dgst != "" {
-								ref, err = reference.WithDigest(ref, dgst)
-								if err != nil {
-									return err
-								}
-							}
-							d.stage.BaseName = ref.String()
-							_ = ref
-							if len(img.RootFS.DiffIDs) == 0 {
-								isScratch = true
-								// schema1 images can't return diffIDs so double check :(
-								for _, h := range img.History {
-									if !h.EmptyLayer {
-										isScratch = false
-										break
-									}
+						}
+						d.stage.BaseName = ref.String()
+						if len(img.RootFS.DiffIDs) == 0 {
+							isScratch = true
+							// schema1 images can't return diffIDs so double check :(
+							for _, h := range img.History {
+								if !h.EmptyLayer {
+									isScratch = false
+									break
 								}
 							}
 						}
@@ -266,7 +284,13 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 					if isScratch {
 						d.state = llb.Scratch()
 					} else {
-						d.state = llb.Image(d.stage.BaseName, dfCmd(d.stage.SourceCode), llb.Platform(*platform), opt.ImageResolveMode, llb.WithCustomName(prefixCommand(d, "FROM "+d.stage.BaseName, opt.PrefixPlatform, platform)))
+						d.state = llb.Image(d.stage.BaseName,
+							dfCmd(d.stage.SourceCode),
+							llb.Platform(*platform),
+							opt.ImageResolveMode,
+							llb.WithCustomName(prefixCommand(d, "FROM "+d.stage.BaseName, opt.PrefixPlatform, platform)),
+							location(opt.SourceMap, d.stage.Location),
+						)
 					}
 					d.platform = platform
 					return nil
@@ -294,7 +318,11 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 
 		// make sure that PATH is always set
 		if _, ok := shell.BuildEnvs(d.image.Config.Env)["PATH"]; !ok {
-			d.image.Config.Env = append(d.image.Config.Env, "PATH="+system.DefaultPathEnv)
+			var os string
+			if d.platform != nil {
+				os = d.platform.OS
+			}
+			d.image.Config.Env = append(d.image.Config.Env, "PATH="+system.DefaultPathEnv(os))
 		}
 
 		// initialize base metadata from image conf
@@ -302,14 +330,17 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 			k, v := parseKeyValue(env)
 			d.state = d.state.AddEnv(k, v)
 		}
+		if opt.Hostname != "" {
+			d.state = d.state.Hostname(opt.Hostname)
+		}
 		if d.image.Config.WorkingDir != "" {
-			if err = dispatchWorkdir(d, &instructions.WorkdirCommand{Path: d.image.Config.WorkingDir}, false); err != nil {
-				return nil, nil, err
+			if err = dispatchWorkdir(d, &instructions.WorkdirCommand{Path: d.image.Config.WorkingDir}, false, nil); err != nil {
+				return nil, nil, parser.WithLocation(err, d.stage.Location)
 			}
 		}
 		if d.image.Config.User != "" {
 			if err = dispatchUser(d, &instructions.UserCommand{User: d.image.Config.User}, false); err != nil {
-				return nil, nil, err
+				return nil, nil, parser.WithLocation(err, d.stage.Location)
 			}
 		}
 		d.state = d.state.Network(opt.ForceNetMode)
@@ -327,18 +358,21 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 			targetPlatform:    platformOpt.targetPlatform,
 			extraHosts:        opt.ExtraHosts,
 			copyImage:         opt.OverrideCopyImage,
+			llbCaps:           opt.LLBCaps,
+			sourceMap:         opt.SourceMap,
 		}
 		if opt.copyImage == "" {
 			opt.copyImage = DefaultCopyImage
 		}
 
-		if err = dispatchOnBuild(d, d.image.Config.OnBuild, opt); err != nil {
-			return nil, nil, err
+		if err = dispatchOnBuildTriggers(d, d.image.Config.OnBuild, opt); err != nil {
+			return nil, nil, parser.WithLocation(err, d.stage.Location)
 		}
+		d.image.Config.OnBuild = nil
 
 		for _, cmd := range d.commands {
 			if err := dispatch(d, cmd, opt); err != nil {
-				return nil, nil, err
+				return nil, nil, parser.WithLocation(err, cmd.Location())
 			}
 		}
 
@@ -357,14 +391,14 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 	opts := []llb.LocalOption{
 		llb.SessionID(opt.SessionID),
 		llb.ExcludePatterns(opt.Excludes),
-		llb.SharedKeyHint(localNameContext),
+		llb.SharedKeyHint(opt.ContextLocalName),
 		WithInternalName("load build context"),
 	}
 	if includePatterns := normalizeContextPaths(ctxPaths); includePatterns != nil {
 		opts = append(opts, llb.FollowPaths(includePatterns))
 	}
 
-	bc := llb.Local(localNameContext, opts...)
+	bc := llb.Local(opt.ContextLocalName, opts...)
 	if opt.BuildContext != nil {
 		bc = *opt.BuildContext
 	}
@@ -381,6 +415,7 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
 	if !platformOpt.implicitTarget {
 		target.image.OS = platformOpt.targetPlatform.OS
 		target.image.Architecture = platformOpt.targetPlatform.Architecture
+		target.image.Variant = platformOpt.targetPlatform.Variant
 	}
 
 	return &st, &target.image, nil
@@ -406,7 +441,7 @@ func toCommand(ic instructions.Command, allDispatchStates *dispatchStates) (comm
 				stn, ok = allDispatchStates.findStateByName(c.From)
 				if !ok {
 					stn = &dispatchState{
-						stage:        instructions.Stage{BaseName: c.From},
+						stage:        instructions.Stage{BaseName: c.From, Location: ic.Location()},
 						deps:         make(map[*dispatchState]struct{}),
 						unregistered: true,
 					}
@@ -441,12 +476,18 @@ type dispatchOpt struct {
 	buildPlatforms    []specs.Platform
 	extraHosts        []llb.HostIP
 	copyImage         string
+	llbCaps           *apicaps.CapSet
+	sourceMap         *llb.SourceMap
 }
 
 func dispatch(d *dispatchState, cmd command, opt dispatchOpt) error {
 	if ex, ok := cmd.Command.(instructions.SupportsSingleWordExpansion); ok {
 		err := ex.Expand(func(word string) (string, error) {
-			return opt.shlex.ProcessWordWithMap(word, toEnvMap(d.buildArgs, d.image.Config.Env))
+			env, err := d.state.Env(context.TODO())
+			if err != nil {
+				return "", err
+			}
+			return opt.shlex.ProcessWord(word, env)
 		})
 		if err != nil {
 			return err
@@ -462,12 +503,14 @@ func dispatch(d *dispatchState, cmd command, opt dispatchOpt) error {
 	case *instructions.RunCommand:
 		err = dispatchRun(d, c, opt.proxyEnv, cmd.sources, opt)
 	case *instructions.WorkdirCommand:
-		err = dispatchWorkdir(d, c, true)
+		err = dispatchWorkdir(d, c, true, &opt)
 	case *instructions.AddCommand:
-		err = dispatchCopy(d, c.SourcesAndDest, opt.buildContext, true, c, "", opt)
+		err = dispatchCopy(d, c.SourcesAndDest, opt.buildContext, true, c, c.Chown, c.Chmod, c.Location(), opt)
 		if err == nil {
-			for _, src := range c.Sources() {
-				d.ctxPaths[path.Join("/", filepath.ToSlash(src))] = struct{}{}
+			for _, src := range c.SourcePaths {
+				if !strings.HasPrefix(src, "http://") && !strings.HasPrefix(src, "https://") {
+					d.ctxPaths[path.Join("/", filepath.ToSlash(src))] = struct{}{}
+				}
 			}
 		}
 	case *instructions.LabelCommand:
@@ -497,9 +540,9 @@ func dispatch(d *dispatchState, cmd command, opt dispatchOpt) error {
 		if len(cmd.sources) != 0 {
 			l = cmd.sources[0].state
 		}
-		err = dispatchCopy(d, c.SourcesAndDest, l, false, c, c.Chown, opt)
+		err = dispatchCopy(d, c.SourcesAndDest, l, false, c, c.Chown, c.Chmod, c.Location(), opt)
 		if err == nil && len(cmd.sources) == 0 {
-			for _, src := range c.Sources() {
+			for _, src := range c.SourcePaths {
 				d.ctxPaths[path.Join("/", filepath.ToSlash(src))] = struct{}{}
 			}
 		}
@@ -569,7 +612,7 @@ type command struct {
 	sources []*dispatchState
 }
 
-func dispatchOnBuild(d *dispatchState, triggers []string, opt dispatchOpt) error {
+func dispatchOnBuildTriggers(d *dispatchState, triggers []string, opt dispatchOpt) error {
 	for _, trigger := range triggers {
 		ast, err := parser.Parse(strings.NewReader(trigger))
 		if err != nil {
@@ -604,17 +647,63 @@ func dispatchEnv(d *dispatchState, c *instructions.EnvCommand) error {
 }
 
 func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyEnv, sources []*dispatchState, dopt dispatchOpt) error {
+	var opt []llb.RunOption
+
 	var args []string = c.CmdLine
+	if len(c.Files) > 0 {
+		if len(args) != 1 {
+			return fmt.Errorf("parsing produced an invalid run command: %v", args)
+		}
+
+		if heredoc := parser.MustParseHeredoc(args[0]); heredoc != nil {
+			if d.image.OS != "windows" && strings.HasPrefix(c.Files[0].Data, "#!") {
+				// This is a single heredoc with a shebang, so create a file
+				// and run it.
+				// NOTE: choosing to expand doesn't really make sense here, so
+				// we silently ignore that option if it was provided.
+				sourcePath := "/"
+				destPath := "/dev/pipes/"
+
+				f := c.Files[0].Name
+				data := c.Files[0].Data
+				if c.Files[0].Chomp {
+					data = parser.ChompHeredocContent(data)
+				}
+				st := llb.Scratch().Dir(sourcePath).File(llb.Mkfile(f, 0755, []byte(data)))
+
+				mount := llb.AddMount(destPath, st, llb.SourcePath(sourcePath), llb.Readonly)
+				opt = append(opt, mount)
+
+				args[0] = path.Join(destPath, f)
+			} else {
+				// Just a simple heredoc, so just run the contents in the
+				// shell: this creates the effect of a "fake"-heredoc, so that
+				// the syntax can still be used for shells that don't support
+				// heredocs directly.
+				// NOTE: like above, we ignore the expand option.
+				data := c.Files[0].Data
+				if c.Files[0].Chomp {
+					data = parser.ChompHeredocContent(data)
+				}
+				args[0] = data
+			}
+		} else {
+			// More complex heredoc, so reconstitute it, and pass it to the
+			// shell to handle.
+			for _, file := range c.Files {
+				args[0] += "\n" + file.Data + file.Name
+			}
+		}
+	}
 	if c.PrependShell {
 		args = withShell(d.image, args)
 	}
-	env := d.state.Env()
-	opt := []llb.RunOption{llb.Args(args)}
-	for _, arg := range d.buildArgs {
-		env = append(env, fmt.Sprintf("%s=%s", arg.Key, arg.ValueString()))
-		opt = append(opt, llb.AddEnv(arg.Key, arg.ValueString()))
+
+	env, err := d.state.Env(context.TODO())
+	if err != nil {
+		return err
 	}
-	opt = append(opt, dfCmd(c))
+	opt = append(opt, llb.Args(args), dfCmd(c), location(dopt.sourceMap, c.Location()))
 	if d.ignoreCache {
 		opt = append(opt, llb.IgnoreCache)
 	}
@@ -627,15 +716,40 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE
 		return err
 	}
 	opt = append(opt, runMounts...)
-	opt = append(opt, llb.WithCustomName(prefixCommand(d, uppercaseCmd(processCmdEnv(dopt.shlex, c.String(), env)), d.prefixPlatform, d.state.GetPlatform())))
+
+	securityOpt, err := dispatchRunSecurity(c)
+	if err != nil {
+		return err
+	}
+	if securityOpt != nil {
+		opt = append(opt, securityOpt)
+	}
+
+	networkOpt, err := dispatchRunNetwork(c)
+	if err != nil {
+		return err
+	}
+	if networkOpt != nil {
+		opt = append(opt, networkOpt)
+	}
+
+	shlex := *dopt.shlex
+	shlex.RawQuotes = true
+	shlex.SkipUnsetEnv = true
+
+	pl, err := d.state.GetPlatform(context.TODO())
+	if err != nil {
+		return err
+	}
+	opt = append(opt, llb.WithCustomName(prefixCommand(d, uppercaseCmd(processCmdEnv(&shlex, c.String(), env)), d.prefixPlatform, pl)))
 	for _, h := range dopt.extraHosts {
 		opt = append(opt, llb.AddExtraHost(h.Host, h.IP))
 	}
 	d.state = d.state.Run(opt...).Root()
-	return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs), true, &d.state)
+	return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs, shell.BuildEnvs(env)), true, &d.state)
 }
 
-func dispatchWorkdir(d *dispatchState, c *instructions.WorkdirCommand, commit bool) error {
+func dispatchWorkdir(d *dispatchState, c *instructions.WorkdirCommand, commit bool, opt *dispatchOpt) error {
 	d.state = d.state.Dir(c.Path)
 	wd := c.Path
 	if !path.IsAbs(c.Path) {
@@ -643,23 +757,186 @@ func dispatchWorkdir(d *dispatchState, c *instructions.WorkdirCommand, commit bo
 	}
 	d.image.Config.WorkingDir = wd
 	if commit {
-		return commitToHistory(&d.image, "WORKDIR "+wd, false, nil)
+		withLayer := false
+		if wd != "/" && opt != nil && useFileOp(opt.buildArgValues, opt.llbCaps) {
+			mkdirOpt := []llb.MkdirOption{llb.WithParents(true)}
+			if user := d.image.Config.User; user != "" {
+				mkdirOpt = append(mkdirOpt, llb.WithUser(user))
+			}
+			platform := opt.targetPlatform
+			if d.platform != nil {
+				platform = *d.platform
+			}
+			env, err := d.state.Env(context.TODO())
+			if err != nil {
+				return err
+			}
+			d.state = d.state.File(llb.Mkdir(wd, 0755, mkdirOpt...),
+				llb.WithCustomName(prefixCommand(d, uppercaseCmd(processCmdEnv(opt.shlex, c.String(), env)), d.prefixPlatform, &platform)),
+				location(opt.sourceMap, c.Location()),
+			)
+			withLayer = true
+		}
+		return commitToHistory(&d.image, "WORKDIR "+wd, withLayer, nil)
 	}
 	return nil
 }
 
-func dispatchCopy(d *dispatchState, c instructions.SourcesAndDest, sourceState llb.State, isAddCommand bool, cmdToPrint fmt.Stringer, chown string, opt dispatchOpt) error {
-	// TODO: this should use CopyOp instead. Current implementation is inefficient
-	img := llb.Image(opt.copyImage, llb.MarkImageInternal, llb.Platform(opt.buildPlatforms[0]), WithInternalName("helper image for file operations"))
+func dispatchCopyFileOp(d *dispatchState, c instructions.SourcesAndDest, sourceState llb.State, isAddCommand bool, cmdToPrint fmt.Stringer, chown string, chmod string, loc []parser.Range, opt dispatchOpt) error {
+	pp, err := pathRelativeToWorkingDir(d.state, c.DestPath)
+	if err != nil {
+		return err
+	}
+	dest := path.Join("/", pp)
+	if c.DestPath == "." || c.DestPath == "" || c.DestPath[len(c.DestPath)-1] == filepath.Separator {
+		dest += string(filepath.Separator)
+	}
+
+	var copyOpt []llb.CopyOption
+
+	if chown != "" {
+		copyOpt = append(copyOpt, llb.WithUser(chown))
+	}
+
+	var mode *os.FileMode
+	if chmod != "" {
+		p, err := strconv.ParseUint(chmod, 8, 32)
+		if err == nil {
+			perm := os.FileMode(p)
+			mode = &perm
+		}
+	}
+
+	commitMessage := bytes.NewBufferString("")
+	if isAddCommand {
+		commitMessage.WriteString("ADD")
+	} else {
+		commitMessage.WriteString("COPY")
+	}
+
+	var a *llb.FileAction
+
+	for _, src := range c.SourcePaths {
+		commitMessage.WriteString(" " + src)
+		if strings.HasPrefix(src, "http://") || strings.HasPrefix(src, "https://") {
+			if !isAddCommand {
+				return errors.New("source can't be a URL for COPY")
+			}
+
+			// Resources from remote URLs are not decompressed.
+			// https://docs.docker.com/engine/reference/builder/#add
+			//
+			// Note: mixing up remote archives and local archives in a single ADD instruction
+			// would result in undefined behavior: https://github.com/moby/buildkit/pull/387#discussion_r189494717
+			u, err := url.Parse(src)
+			f := "__unnamed__"
+			if err == nil {
+				if base := path.Base(u.Path); base != "." && base != "/" {
+					f = base
+				}
+			}
 
-	dest := path.Join(".", pathRelativeToWorkingDir(d.state, c.Dest()))
-	if c.Dest() == "." || c.Dest() == "" || c.Dest()[len(c.Dest())-1] == filepath.Separator {
+			st := llb.HTTP(src, llb.Filename(f), dfCmd(c))
+
+			opts := append([]llb.CopyOption{&llb.CopyInfo{
+				Mode:           mode,
+				CreateDestPath: true,
+			}}, copyOpt...)
+
+			if a == nil {
+				a = llb.Copy(st, f, dest, opts...)
+			} else {
+				a = a.Copy(st, f, dest, opts...)
+			}
+		} else {
+			opts := append([]llb.CopyOption{&llb.CopyInfo{
+				Mode:                mode,
+				FollowSymlinks:      true,
+				CopyDirContentsOnly: true,
+				AttemptUnpack:       isAddCommand,
+				CreateDestPath:      true,
+				AllowWildcard:       true,
+				AllowEmptyWildcard:  true,
+			}}, copyOpt...)
+
+			if a == nil {
+				a = llb.Copy(sourceState, filepath.Join("/", src), dest, opts...)
+			} else {
+				a = a.Copy(sourceState, filepath.Join("/", src), dest, opts...)
+			}
+		}
+	}
+
+	for _, src := range c.SourceContents {
+		data := src.Data
+		f := src.Path
+		st := llb.Scratch().Dir("/").File(llb.Mkfile(f, 0664, []byte(data)))
+
+		opts := append([]llb.CopyOption{&llb.CopyInfo{
+			Mode:           mode,
+			CreateDestPath: true,
+		}}, copyOpt...)
+
+		if a == nil {
+			a = llb.Copy(st, f, dest, opts...)
+		} else {
+			a = a.Copy(st, f, dest, opts...)
+		}
+	}
+
+	commitMessage.WriteString(" " + c.DestPath)
+
+	platform := opt.targetPlatform
+	if d.platform != nil {
+		platform = *d.platform
+	}
+
+	env, err := d.state.Env(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	fileOpt := []llb.ConstraintsOpt{
+		llb.WithCustomName(prefixCommand(d, uppercaseCmd(processCmdEnv(opt.shlex, cmdToPrint.String(), env)), d.prefixPlatform, &platform)),
+		location(opt.sourceMap, loc),
+	}
+	if d.ignoreCache {
+		fileOpt = append(fileOpt, llb.IgnoreCache)
+	}
+
+	d.state = d.state.File(a, fileOpt...)
+	return commitToHistory(&d.image, commitMessage.String(), true, &d.state)
+}
+
+func dispatchCopy(d *dispatchState, c instructions.SourcesAndDest, sourceState llb.State, isAddCommand bool, cmdToPrint fmt.Stringer, chown string, chmod string, loc []parser.Range, opt dispatchOpt) error {
+	if useFileOp(opt.buildArgValues, opt.llbCaps) {
+		return dispatchCopyFileOp(d, c, sourceState, isAddCommand, cmdToPrint, chown, chmod, loc, opt)
+	}
+
+	if len(c.SourceContents) > 0 {
+		return errors.New("inline content copy is not supported")
+	}
+
+	if chmod != "" {
+		if opt.llbCaps != nil && opt.llbCaps.Supports(pb.CapFileBase) != nil {
+			return errors.Wrap(opt.llbCaps.Supports(pb.CapFileBase), "chmod is not supported")
+		}
+		return errors.New("chmod is not supported")
+	}
+
+	img := llb.Image(opt.copyImage, llb.MarkImageInternal, llb.Platform(opt.buildPlatforms[0]), WithInternalName("helper image for file operations"))
+	pp, err := pathRelativeToWorkingDir(d.state, c.DestPath)
+	if err != nil {
+		return err
+	}
+	dest := path.Join(".", pp)
+	if c.DestPath == "." || c.DestPath == "" || c.DestPath[len(c.DestPath)-1] == filepath.Separator {
 		dest += string(filepath.Separator)
 	}
 	args := []string{"copy"}
 	unpack := isAddCommand
 
-	mounts := make([]llb.RunOption, 0, len(c.Sources()))
+	mounts := make([]llb.RunOption, 0, len(c.SourcePaths))
 	if chown != "" {
 		args = append(args, fmt.Sprintf("--chown=%s", chown))
 		_, _, err := parseUser(chown)
@@ -676,7 +953,7 @@ func dispatchCopy(d *dispatchState, c instructions.SourcesAndDest, sourceState l
 		commitMessage.WriteString("COPY")
 	}
 
-	for i, src := range c.Sources() {
+	for i, src := range c.SourcePaths {
 		commitMessage.WriteString(" " + src)
 		if strings.HasPrefix(src, "http://") || strings.HasPrefix(src, "https://") {
 			if !isAddCommand {
@@ -713,7 +990,7 @@ func dispatchCopy(d *dispatchState, c instructions.SourcesAndDest, sourceState l
 		}
 	}
 
-	commitMessage.WriteString(" " + c.Dest())
+	commitMessage.WriteString(" " + c.DestPath)
 
 	args = append(args, dest)
 	if unpack {
@@ -725,10 +1002,29 @@ func dispatchCopy(d *dispatchState, c instructions.SourcesAndDest, sourceState l
 		platform = *d.platform
 	}
 
-	runOpt := []llb.RunOption{llb.Args(args), llb.Dir("/dest"), llb.ReadonlyRootFS(), dfCmd(cmdToPrint), llb.WithCustomName(prefixCommand(d, uppercaseCmd(processCmdEnv(opt.shlex, cmdToPrint.String(), d.state.Env())), d.prefixPlatform, &platform))}
+	env, err := d.state.Env(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	runOpt := []llb.RunOption{
+		llb.Args(args),
+		llb.Dir("/dest"),
+		llb.ReadonlyRootFS(),
+		dfCmd(cmdToPrint),
+		llb.WithCustomName(prefixCommand(d, uppercaseCmd(processCmdEnv(opt.shlex, cmdToPrint.String(), env)), d.prefixPlatform, &platform)),
+		location(opt.sourceMap, loc),
+	}
 	if d.ignoreCache {
 		runOpt = append(runOpt, llb.IgnoreCache)
 	}
+
+	if opt.llbCaps != nil {
+		if err := opt.llbCaps.Supports(pb.CapExecMetaNetwork); err == nil {
+			runOpt = append(runOpt, llb.Network(llb.NetModeNone))
+		}
+	}
+
 	run := img.Run(append(runOpt, mounts...)...)
 	d.state = run.AddMount("/dest", d.state).Platform(platform)
 
@@ -793,8 +1089,12 @@ func dispatchHealthcheck(d *dispatchState, c *instructions.HealthCheckCommand) e
 
 func dispatchExpose(d *dispatchState, c *instructions.ExposeCommand, shlex *shell.Lex) error {
 	ports := []string{}
+	env, err := d.state.Env(context.TODO())
+	if err != nil {
+		return err
+	}
 	for _, p := range c.Ports {
-		ps, err := shlex.ProcessWordsWithMap(p, toEnvMap(d.buildArgs, d.image.Config.Env))
+		ps, err := shlex.ProcessWords(p, env)
 		if err != nil {
 			return err
 		}
@@ -853,29 +1153,41 @@ func dispatchShell(d *dispatchState, c *instructions.ShellCommand) error {
 }
 
 func dispatchArg(d *dispatchState, c *instructions.ArgCommand, metaArgs []instructions.KeyValuePairOptional, buildArgValues map[string]string) error {
-	commitStr := "ARG " + c.Key
-	buildArg := setKVValue(c.KeyValuePairOptional, buildArgValues)
+	commitStrs := make([]string, 0, len(c.Args))
+	for _, arg := range c.Args {
+		buildArg := setKVValue(arg, buildArgValues)
 
-	if c.Value != nil {
-		commitStr += "=" + *c.Value
-	}
-	if buildArg.Value == nil {
-		for _, ma := range metaArgs {
-			if ma.Key == buildArg.Key {
-				buildArg.Value = ma.Value
+		commitStr := arg.Key
+		if arg.Value != nil {
+			commitStr += "=" + *arg.Value
+		}
+		commitStrs = append(commitStrs, commitStr)
+		if buildArg.Value == nil {
+			for _, ma := range metaArgs {
+				if ma.Key == buildArg.Key {
+					buildArg.Value = ma.Value
+				}
 			}
 		}
-	}
 
-	d.buildArgs = append(d.buildArgs, buildArg)
-	return commitToHistory(&d.image, commitStr, false, nil)
+		if buildArg.Value != nil {
+			d.state = d.state.AddEnv(buildArg.Key, *buildArg.Value)
+		}
+
+		d.buildArgs = append(d.buildArgs, buildArg)
+	}
+	return commitToHistory(&d.image, "ARG "+strings.Join(commitStrs, " "), false, nil)
 }
 
-func pathRelativeToWorkingDir(s llb.State, p string) string {
+func pathRelativeToWorkingDir(s llb.State, p string) (string, error) {
 	if path.IsAbs(p) {
-		return p
+		return p, nil
 	}
-	return path.Join(s.GetDir(), p)
+	dir, err := s.GetDir(context.TODO())
+	if err != nil {
+		return "", err
+	}
+	return path.Join(dir, p), nil
 }
 
 func splitWildcards(name string) (string, string) {
@@ -932,19 +1244,6 @@ func setKVValue(kvpo instructions.KeyValuePairOptional, values map[string]string
 	return kvpo
 }
 
-func toEnvMap(args []instructions.KeyValuePairOptional, env []string) map[string]string {
-	m := shell.BuildEnvs(env)
-
-	for _, arg := range args {
-		// If key already exists, keep previous value.
-		if _, ok := m[arg.Key]; ok {
-			continue
-		}
-		m[arg.Key] = arg.ValueString()
-	}
-	return m
-}
-
 func dfCmd(cmd interface{}) llb.ConstraintsOpt {
 	// TODO: add fmt.Stringer to instructions.Command to remove interface{}
 	var cmdStr string
@@ -959,10 +1258,14 @@ func dfCmd(cmd interface{}) llb.ConstraintsOpt {
 	})
 }
 
-func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional) string {
+func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional, envMap map[string]string) string {
 	var tmpBuildEnv []string
 	for _, arg := range buildArgs {
-		tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+arg.ValueString())
+		v, ok := envMap[arg.Key]
+		if !ok {
+			v = arg.ValueString()
+		}
+		tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+v)
 	}
 	if len(tmpBuildEnv) > 0 {
 		tmpBuildEnv = append([]string{fmt.Sprintf("|%d", len(tmpBuildEnv))}, tmpBuildEnv...)
@@ -999,6 +1302,41 @@ func isReachable(from, to *dispatchState) (ret bool) {
 	return false
 }
 
+func hasCircularDependency(states []*dispatchState) (bool, *dispatchState) {
+	var visit func(state *dispatchState) bool
+	if states == nil {
+		return false, nil
+	}
+	visited := make(map[*dispatchState]struct{})
+	path := make(map[*dispatchState]struct{})
+
+	visit = func(state *dispatchState) bool {
+		_, ok := visited[state]
+		if ok {
+			return false
+		}
+		visited[state] = struct{}{}
+		path[state] = struct{}{}
+		for dep := range state.deps {
+			_, ok = path[dep]
+			if ok {
+				return true
+			}
+			if visit(dep) {
+				return true
+			}
+		}
+		delete(path, state)
+		return false
+	}
+	for _, state := range states {
+		if visit(state) {
+			return true, state
+		}
+	}
+	return false, nil
+}
+
 func parseUser(str string) (uid uint32, gid uint32, err error) {
 	if str == "" {
 		return 0, 0, nil
@@ -1041,31 +1379,13 @@ func normalizeContextPaths(paths map[string]struct{}) []string {
 		if p == "/" {
 			return nil
 		}
-		pathSlice = append(pathSlice, p)
-	}
-
-	toDelete := map[string]struct{}{}
-	for i := range pathSlice {
-		for j := range pathSlice {
-			if i == j {
-				continue
-			}
-			if strings.HasPrefix(pathSlice[j], pathSlice[i]+"/") {
-				delete(paths, pathSlice[j])
-			}
-		}
+		pathSlice = append(pathSlice, path.Join(".", p))
 	}
 
-	toSort := make([]string, 0, len(paths))
-	for p := range paths {
-		if _, ok := toDelete[p]; !ok {
-			toSort = append(toSort, path.Join(".", p))
-		}
-	}
-	sort.Slice(toSort, func(i, j int) bool {
-		return toSort[i] < toSort[j]
+	sort.Slice(pathSlice, func(i, j int) bool {
+		return pathSlice[i] < pathSlice[j]
 	})
-	return toSort
+	return pathSlice
 }
 
 func proxyEnvFromBuildArgs(args map[string]string) *llb.ProxyEnv {
@@ -1073,21 +1393,25 @@ func proxyEnvFromBuildArgs(args map[string]string) *llb.ProxyEnv {
 	isNil := true
 	for k, v := range args {
 		if strings.EqualFold(k, "http_proxy") {
-			pe.HttpProxy = v
+			pe.HTTPProxy = v
 			isNil = false
 		}
 		if strings.EqualFold(k, "https_proxy") {
-			pe.HttpsProxy = v
+			pe.HTTPSProxy = v
 			isNil = false
 		}
 		if strings.EqualFold(k, "ftp_proxy") {
-			pe.FtpProxy = v
+			pe.FTPProxy = v
 			isNil = false
 		}
 		if strings.EqualFold(k, "no_proxy") {
 			pe.NoProxy = v
 			isNil = false
 		}
+		if strings.EqualFold(k, "all_proxy") {
+			pe.AllProxy = v
+			isNil = false
+		}
 	}
 	if isNil {
 		return nil
@@ -1104,7 +1428,7 @@ func withShell(img Image, args []string) []string {
 	if len(img.Config.Shell) > 0 {
 		shell = append([]string{}, img.Config.Shell...)
 	} else {
-		shell = defaultShell()
+		shell = defaultShell(img.OS)
 	}
 	return append(shell, strings.Join(args, " "))
 }
@@ -1123,8 +1447,8 @@ func autoDetectPlatform(img Image, target specs.Platform, supported []specs.Plat
 	return target
 }
 
-func WithInternalName(name string, a ...interface{}) llb.ConstraintsOpt {
-	return llb.WithCustomName("[internal] "+name, a...)
+func WithInternalName(name string) llb.ConstraintsOpt {
+	return llb.WithCustomName("[internal] " + name)
 }
 
 func uppercaseCmd(str string) string {
@@ -1153,6 +1477,33 @@ func prefixCommand(ds *dispatchState, str string, prefixPlatform bool, platform
 		out += ds.stageName + " "
 	}
 	ds.cmdIndex++
-	out += fmt.Sprintf("%d/%d] ", ds.cmdIndex, ds.cmdTotal)
+	out += fmt.Sprintf("%*d/%d] ", int(1+math.Log10(float64(ds.cmdTotal))), ds.cmdIndex, ds.cmdTotal)
 	return out + str
 }
+
+func useFileOp(args map[string]string, caps *apicaps.CapSet) bool {
+	enabled := true
+	if v, ok := args["BUILDKIT_DISABLE_FILEOP"]; ok {
+		if b, err := strconv.ParseBool(v); err == nil {
+			enabled = !b
+		}
+	}
+	return enabled && caps != nil && caps.Supports(pb.CapFileBase) == nil
+}
+
+func location(sm *llb.SourceMap, locations []parser.Range) llb.ConstraintsOpt {
+	loc := make([]*pb.Range, 0, len(locations))
+	for _, l := range locations {
+		loc = append(loc, &pb.Range{
+			Start: pb.Position{
+				Line:      int32(l.Start.Line),
+				Character: int32(l.Start.Character),
+			},
+			End: pb.Position{
+				Line:      int32(l.End.Line),
+				Character: int32(l.End.Character),
+			},
+		})
+	}
+	return sm.Location(loc)
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunmount.go
deleted file mode 100644
index d7643405aa616..0000000000000
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunmount.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// +build !dfrunmount,!dfextall
-
-package dockerfile2llb
-
-import (
-	"github.com/moby/buildkit/client/llb"
-	"github.com/moby/buildkit/frontend/dockerfile/instructions"
-)
-
-func detectRunMount(cmd *command, allDispatchStates *dispatchStates) bool {
-	return false
-}
-
-func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []*dispatchState, opt dispatchOpt) ([]llb.RunOption, error) {
-	return nil, nil
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunnetwork.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunnetwork.go
new file mode 100644
index 0000000000000..300b9d85f1d77
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunnetwork.go
@@ -0,0 +1,12 @@
+// +build !dfrunnetwork
+
+package dockerfile2llb
+
+import (
+	"github.com/moby/buildkit/client/llb"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+)
+
+func dispatchRunNetwork(c *instructions.RunCommand) (llb.RunOption, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go
new file mode 100644
index 0000000000000..10184b42e0753
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go
@@ -0,0 +1,12 @@
+// +build !dfrunsecurity
+
+package dockerfile2llb
+
+import (
+	"github.com/moby/buildkit/client/llb"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+)
+
+func dispatchRunSecurity(c *instructions.RunCommand) (llb.RunOption, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_nosecrets.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_nosecrets.go
deleted file mode 100644
index d75470215fd36..0000000000000
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_nosecrets.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build dfrunmount,!dfsecrets
-
-package dockerfile2llb
-
-import (
-	"github.com/moby/buildkit/client/llb"
-	"github.com/moby/buildkit/frontend/dockerfile/instructions"
-	"github.com/pkg/errors"
-)
-
-func dispatchSecret(m *instructions.Mount) (llb.RunOption, error) {
-	return nil, errors.Errorf("secret mounts not allowed")
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_nossh.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_nossh.go
deleted file mode 100644
index 8b8afdc38c10d..0000000000000
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_nossh.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build dfrunmount,!dfssh
-
-package dockerfile2llb
-
-import (
-	"github.com/moby/buildkit/client/llb"
-	"github.com/moby/buildkit/frontend/dockerfile/instructions"
-	"github.com/pkg/errors"
-)
-
-func dispatchSSH(m *instructions.Mount) (llb.RunOption, error) {
-	return nil, errors.Errorf("ssh mounts not allowed")
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go
index a06ab9a7cb9b8..87589860fe09a 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go
@@ -1,13 +1,17 @@
-// +build dfrunmount dfextall
-
 package dockerfile2llb
 
 import (
+	"context"
+	"fmt"
+	"os"
 	"path"
 	"path/filepath"
+	"strconv"
+	"strings"
 
 	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/buildkit/solver/pb"
 	"github.com/pkg/errors"
 )
 
@@ -16,12 +20,14 @@ func detectRunMount(cmd *command, allDispatchStates *dispatchStates) bool {
 		mounts := instructions.GetMounts(c)
 		sources := make([]*dispatchState, len(mounts))
 		for i, mount := range mounts {
-			if mount.From == "" && mount.Type == instructions.MountTypeCache {
-				mount.From = emptyImageName
-			}
-			from := mount.From
-			if from == "" || mount.Type == instructions.MountTypeTmpfs {
-				continue
+			var from string
+			if mount.From == "" {
+				// this might not be accurate because the type might not have a real source (tmpfs for instance),
+				// but since this is just for creating the sources map it should be ok (we don't want to check the value of
+				// mount.Type because it might be a variable)
+				from = emptyImageName
+			} else {
+				from = mount.From
 			}
 			stn, ok := allDispatchStates.findStateByName(from)
 			if !ok {
@@ -40,6 +46,40 @@ func detectRunMount(cmd *command, allDispatchStates *dispatchStates) bool {
 	return false
 }
 
+func setCacheUIDGIDFileOp(m *instructions.Mount, st llb.State) llb.State {
+	uid := 0
+	gid := 0
+	mode := os.FileMode(0755)
+	if m.UID != nil {
+		uid = int(*m.UID)
+	}
+	if m.GID != nil {
+		gid = int(*m.GID)
+	}
+	if m.Mode != nil {
+		mode = os.FileMode(*m.Mode)
+	}
+	return st.File(llb.Mkdir("/cache", mode, llb.WithUIDGID(uid, gid)), llb.WithCustomName("[internal] settings cache mount permissions"))
+}
+
+func setCacheUIDGID(m *instructions.Mount, st llb.State, fileop bool) llb.State {
+	if fileop {
+		return setCacheUIDGIDFileOp(m, st)
+	}
+
+	var b strings.Builder
+	if m.UID != nil {
+		b.WriteString(fmt.Sprintf("chown %d /mnt/cache;", *m.UID))
+	}
+	if m.GID != nil {
+		b.WriteString(fmt.Sprintf("chown :%d /mnt/cache;", *m.GID))
+	}
+	if m.Mode != nil {
+		b.WriteString(fmt.Sprintf("chmod %s /mnt/cache;", strconv.FormatUint(*m.Mode, 8)))
+	}
+	return llb.Image("busybox").Run(llb.Shlex(fmt.Sprintf("sh -c 'mkdir -p /mnt/cache;%s'", b.String())), llb.WithCustomName("[internal] settings cache mount permissions")).AddMount("/mnt", st)
+}
+
 func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []*dispatchState, opt dispatchOpt) ([]llb.RunOption, error) {
 	var out []llb.RunOption
 	mounts := instructions.GetMounts(c)
@@ -75,6 +115,8 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []*
 		}
 		if mount.ReadOnly {
 			mountOpts = append(mountOpts, llb.Readonly)
+		} else if mount.Type == instructions.MountTypeBind && opt.llbCaps.Supports(pb.CapExecMountBindReadWriteNoOuput) == nil {
+			mountOpts = append(mountOpts, llb.ForceNoOutput)
 		}
 		if mount.Type == instructions.MountTypeCache {
 			sharing := llb.CacheMountShared
@@ -84,21 +126,36 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []*
 			if mount.CacheSharing == instructions.MountSharingLocked {
 				sharing = llb.CacheMountLocked
 			}
+			if mount.CacheID == "" {
+				mount.CacheID = path.Clean(mount.Target)
+			}
 			mountOpts = append(mountOpts, llb.AsPersistentCacheDir(opt.cacheIDNamespace+"/"+mount.CacheID, sharing))
 		}
 		target := mount.Target
 		if !filepath.IsAbs(filepath.Clean(mount.Target)) {
-			target = filepath.Join("/", d.state.GetDir(), mount.Target)
+			dir, err := d.state.GetDir(context.TODO())
+			if err != nil {
+				return nil, err
+			}
+			target = filepath.Join("/", dir, mount.Target)
 		}
 		if target == "/" {
 			return nil, errors.Errorf("invalid mount target %q", target)
 		}
 		if src := path.Join("/", mount.Source); src != "/" {
 			mountOpts = append(mountOpts, llb.SourcePath(src))
+		} else {
+			if mount.UID != nil || mount.GID != nil || mount.Mode != nil {
+				st = setCacheUIDGID(mount, st, useFileOp(opt.buildArgValues, opt.llbCaps))
+				mountOpts = append(mountOpts, llb.SourcePath("/cache"))
+			}
 		}
+
 		out = append(out, llb.AddMount(target, st, mountOpts...))
 
-		d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{}
+		if mount.From == "" {
+			d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{}
+		}
 	}
 	return out, nil
 }
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runnetwork.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runnetwork.go
new file mode 100644
index 0000000000000..01313e23be191
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runnetwork.go
@@ -0,0 +1,26 @@
+// +build dfrunnetwork
+
+package dockerfile2llb
+
+import (
+	"github.com/pkg/errors"
+
+	"github.com/moby/buildkit/client/llb"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/buildkit/solver/pb"
+)
+
+func dispatchRunNetwork(c *instructions.RunCommand) (llb.RunOption, error) {
+	network := instructions.GetNetwork(c)
+
+	switch network {
+	case instructions.NetworkDefault:
+		return nil, nil
+	case instructions.NetworkNone:
+		return llb.Network(pb.NetMode_NONE), nil
+	case instructions.NetworkHost:
+		return llb.Network(pb.NetMode_HOST), nil
+	default:
+		return nil, errors.Errorf("unsupported network mode %q", network)
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go
new file mode 100644
index 0000000000000..764424a2c1bc7
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go
@@ -0,0 +1,24 @@
+// +build dfrunsecurity
+
+package dockerfile2llb
+
+import (
+	"github.com/pkg/errors"
+
+	"github.com/moby/buildkit/client/llb"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/buildkit/solver/pb"
+)
+
+func dispatchRunSecurity(c *instructions.RunCommand) (llb.RunOption, error) {
+	security := instructions.GetSecurity(c)
+
+	switch security {
+	case instructions.SecurityInsecure:
+		return llb.Security(pb.SecurityMode_INSECURE), nil
+	case instructions.SecuritySandbox:
+		return llb.Security(pb.SecurityMode_SANDBOX), nil
+	default:
+		return nil, errors.Errorf("unsupported security mode %q", security)
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_secrets.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_secrets.go
index 2f6ba584f97ee..2c88a5e4f7e7f 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_secrets.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_secrets.go
@@ -1,5 +1,3 @@
-// +build dfsecrets dfextall
-
 package dockerfile2llb
 
 import (
@@ -34,5 +32,21 @@ func dispatchSecret(m *instructions.Mount) (llb.RunOption, error) {
 		opts = append(opts, llb.SecretOptional)
 	}
 
+	if m.UID != nil || m.GID != nil || m.Mode != nil {
+		var uid, gid, mode int
+		if m.UID != nil {
+			uid = int(*m.UID)
+		}
+		if m.GID != nil {
+			gid = int(*m.GID)
+		}
+		if m.Mode != nil {
+			mode = int(*m.Mode)
+		} else {
+			mode = 0400
+		}
+		opts = append(opts, llb.SecretFileOpt(uid, gid, mode))
+	}
+
 	return llb.AddSecret(target, opts...), nil
 }
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_ssh.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_ssh.go
index b651ad6605512..b55659d978835 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_ssh.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_ssh.go
@@ -1,5 +1,3 @@
-// +build dfssh dfextall
-
 package dockerfile2llb
 
 import (
@@ -15,7 +13,6 @@ func dispatchSSH(m *instructions.Mount) (llb.RunOption, error) {
 	opts := []llb.SSHOption{llb.SSHID(m.CacheID)}
 
 	if m.Target != "" {
-		// TODO(AkihiroSuda): support specifying permission bits
 		opts = append(opts, llb.SSHSocketTarget(m.Target))
 	}
 
@@ -23,5 +20,21 @@ func dispatchSSH(m *instructions.Mount) (llb.RunOption, error) {
 		opts = append(opts, llb.SSHOptional)
 	}
 
+	if m.UID != nil || m.GID != nil || m.Mode != nil {
+		var uid, gid, mode int
+		if m.UID != nil {
+			uid = int(*m.UID)
+		}
+		if m.GID != nil {
+			gid = int(*m.GID)
+		}
+		if m.Mode != nil {
+			mode = int(*m.Mode)
+		} else {
+			mode = 0600
+		}
+		opts = append(opts, llb.SSHSocketOpt(m.Target, uid, gid, mode))
+	}
+
 	return llb.AddSSHSocket(opts...), nil
 }
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell.go
new file mode 100644
index 0000000000000..58b17372bd44d
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell.go
@@ -0,0 +1,8 @@
+package dockerfile2llb
+
+func defaultShell(os string) []string {
+	if os == "windows" {
+		return []string{"cmd", "/S", "/C"}
+	}
+	return []string{"/bin/sh", "-c"}
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell_unix.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell_unix.go
deleted file mode 100644
index b5d541d1f5db8..0000000000000
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell_unix.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build !windows
-
-package dockerfile2llb
-
-func defaultShell() []string {
-	return []string{"/bin/sh", "-c"}
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell_windows.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell_windows.go
deleted file mode 100644
index 7693e050863a4..0000000000000
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/defaultshell_windows.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build windows
-
-package dockerfile2llb
-
-func defaultShell() []string {
-	return []string{"cmd", "/S", "/C"}
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/directives.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/directives.go
index cf06b5ad85bb3..3cf982b9a9b31 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/directives.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/directives.go
@@ -5,34 +5,51 @@ import (
 	"io"
 	"regexp"
 	"strings"
+
+	"github.com/moby/buildkit/frontend/dockerfile/parser"
 )
 
 const keySyntax = "syntax"
 
 var reDirective = regexp.MustCompile(`^#\s*([a-zA-Z][a-zA-Z0-9]*)\s*=\s*(.+?)\s*$`)
 
-func DetectSyntax(r io.Reader) (string, string, bool) {
+type Directive struct {
+	Name     string
+	Value    string
+	Location []parser.Range
+}
+
+func DetectSyntax(r io.Reader) (string, string, []parser.Range, bool) {
 	directives := ParseDirectives(r)
 	if len(directives) == 0 {
-		return "", "", false
+		return "", "", nil, false
 	}
 	v, ok := directives[keySyntax]
 	if !ok {
-		return "", "", false
+		return "", "", nil, false
 	}
-	p := strings.SplitN(v, " ", 2)
-	return p[0], v, true
+	p := strings.SplitN(v.Value, " ", 2)
+	return p[0], v.Value, v.Location, true
 }
 
-func ParseDirectives(r io.Reader) map[string]string {
-	m := map[string]string{}
+func ParseDirectives(r io.Reader) map[string]Directive {
+	m := map[string]Directive{}
 	s := bufio.NewScanner(r)
+	var l int
 	for s.Scan() {
+		l++
 		match := reDirective.FindStringSubmatch(s.Text())
 		if len(match) == 0 {
 			return m
 		}
-		m[strings.ToLower(match[1])] = match[2]
+		m[strings.ToLower(match[1])] = Directive{
+			Name:  match[1],
+			Value: match[2],
+			Location: []parser.Range{{
+				Start: parser.Position{Line: l},
+				End:   parser.Position{Line: l},
+			}},
+		}
 	}
 	return m
 }
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/image.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/image.go
index e83e58b657a51..6eb4cf6e7ae05 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/image.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/image.go
@@ -50,6 +50,9 @@ type Image struct {
 
 	// Config defines the execution parameters which should be used as a base when running a container using the image.
 	Config ImageConfig `json:"config,omitempty"`
+
+	// Variant defines platform variant. To be added to OCI.
+	Variant string `json:"variant,omitempty"`
 }
 
 func clone(src Image) Image {
@@ -67,9 +70,10 @@ func emptyImage(platform specs.Platform) Image {
 			Architecture: platform.Architecture,
 			OS:           platform.OS,
 		},
+		Variant: platform.Variant,
 	}
 	img.RootFS.Type = "layers"
 	img.Config.WorkingDir = "/"
-	img.Config.Env = []string{"PATH=" + system.DefaultPathEnv}
+	img.Config.Env = []string{"PATH=" + system.DefaultPathEnv(platform.OS)}
 	return img
 }
diff --git a/builder/dockerignore/dockerignore.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerignore/dockerignore.go
similarity index 94%
rename from builder/dockerignore/dockerignore.go
rename to vendor/github.com/moby/buildkit/frontend/dockerfile/dockerignore/dockerignore.go
index 57f224afc8a32..cc22381339f65 100644
--- a/builder/dockerignore/dockerignore.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerignore/dockerignore.go
@@ -1,4 +1,4 @@
-package dockerignore // import "github.com/docker/docker/builder/dockerignore"
+package dockerignore
 
 import (
 	"bufio"
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/bflag.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/bflag.go
index d8bf74739499e..66c53add055a4 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/bflag.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/bflag.go
@@ -108,6 +108,15 @@ func (fl *Flag) IsUsed() bool {
 	return false
 }
 
+// Used returns a slice of flag names that are set
+func (bf *BFlags) Used() []string {
+	used := make([]string, 0, len(bf.used))
+	for f := range bf.used {
+		used = append(used, f)
+	}
+	return used
+}
+
 // IsTrue checks if a bool flag is true
 func (fl *Flag) IsTrue() bool {
 	if fl.flagType != boolType {
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands.go
index 28b34f681b014..c7d5c495990b5 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands.go
@@ -1,11 +1,12 @@
 package instructions
 
 import (
-	"errors"
 	"strings"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/strslice"
+	"github.com/moby/buildkit/frontend/dockerfile/parser"
+	"github.com/pkg/errors"
 )
 
 // KeyValuePair represent an arbitrary named value (useful in slice instead of map[string] string to preserve ordering)
@@ -20,8 +21,9 @@ func (kvp *KeyValuePair) String() string {
 
 // KeyValuePairOptional is the same as KeyValuePair but Value is optional
 type KeyValuePairOptional struct {
-	Key   string
-	Value *string
+	Key     string
+	Value   *string
+	Comment string
 }
 
 func (kvpo *KeyValuePairOptional) ValueString() string {
@@ -35,6 +37,7 @@ func (kvpo *KeyValuePairOptional) ValueString() string {
 // Command is implemented by every command present in a dockerfile
 type Command interface {
 	Name() string
+	Location() []parser.Range
 }
 
 // KeyValuePairs is a slice of KeyValuePair
@@ -42,8 +45,9 @@ type KeyValuePairs []KeyValuePair
 
 // withNameAndCode is the base of every command in a Dockerfile (String() returns its source code)
 type withNameAndCode struct {
-	code string
-	name string
+	code     string
+	name     string
+	location []parser.Range
 }
 
 func (c *withNameAndCode) String() string {
@@ -55,8 +59,13 @@ func (c *withNameAndCode) Name() string {
 	return c.name
 }
 
+// Location of the command in source
+func (c *withNameAndCode) Location() []parser.Range {
+	return c.location
+}
+
 func newWithNameAndCode(req parseRequest) withNameAndCode {
-	return withNameAndCode{code: strings.TrimSpace(req.original), name: req.command}
+	return withNameAndCode{code: strings.TrimSpace(req.original), name: req.command, location: req.location}
 }
 
 // SingleWordExpander is a provider for variable expansion where 1 word => 1 output
@@ -156,19 +165,45 @@ func (c *LabelCommand) Expand(expander SingleWordExpander) error {
 	return expandKvpsInPlace(c.Labels, expander)
 }
 
-// SourcesAndDest represent a list of source files and a destination
-type SourcesAndDest []string
+// SourceContent represents an anonymous file object
+type SourceContent struct {
+	Path   string
+	Data   string
+	Expand bool
+}
 
-// Sources list the source paths
-func (s SourcesAndDest) Sources() []string {
-	res := make([]string, len(s)-1)
-	copy(res, s[:len(s)-1])
-	return res
+// SourcesAndDest represent a collection of sources and a destination
+type SourcesAndDest struct {
+	DestPath       string
+	SourcePaths    []string
+	SourceContents []SourceContent
 }
 
-// Dest path of the operation
-func (s SourcesAndDest) Dest() string {
-	return s[len(s)-1]
+func (s *SourcesAndDest) Expand(expander SingleWordExpander) error {
+	for i, content := range s.SourceContents {
+		if !content.Expand {
+			continue
+		}
+
+		expandedData, err := expander(content.Data)
+		if err != nil {
+			return err
+		}
+		s.SourceContents[i].Data = expandedData
+	}
+
+	err := expandSliceInPlace(s.SourcePaths, expander)
+	if err != nil {
+		return err
+	}
+
+	expandedDestPath, err := expander(s.DestPath)
+	if err != nil {
+		return err
+	}
+	s.DestPath = expandedDestPath
+
+	return nil
 }
 
 // AddCommand : ADD foo /path
@@ -180,11 +215,18 @@ type AddCommand struct {
 	withNameAndCode
 	SourcesAndDest
 	Chown string
+	Chmod string
 }
 
 // Expand variables
 func (c *AddCommand) Expand(expander SingleWordExpander) error {
-	return expandSliceInPlace(c.SourcesAndDest, expander)
+	expandedChown, err := expander(c.Chown)
+	if err != nil {
+		return err
+	}
+	c.Chown = expandedChown
+
+	return c.SourcesAndDest.Expand(expander)
 }
 
 // CopyCommand : COPY foo /path
@@ -196,11 +238,18 @@ type CopyCommand struct {
 	SourcesAndDest
 	From  string
 	Chown string
+	Chmod string
 }
 
 // Expand variables
 func (c *CopyCommand) Expand(expander SingleWordExpander) error {
-	return expandSliceInPlace(c.SourcesAndDest, expander)
+	expandedChown, err := expander(c.Chown)
+	if err != nil {
+		return err
+	}
+	c.Chown = expandedChown
+
+	return c.SourcesAndDest.Expand(expander)
 }
 
 // OnbuildCommand : ONBUILD <some other command>
@@ -228,9 +277,17 @@ func (c *WorkdirCommand) Expand(expander SingleWordExpander) error {
 	return nil
 }
 
+// ShellInlineFile represents an inline file created for a shell command
+type ShellInlineFile struct {
+	Name  string
+	Data  string
+	Chomp bool
+}
+
 // ShellDependantCmdLine represents a cmdline optionally prepended with the shell
 type ShellDependantCmdLine struct {
 	CmdLine      strslice.StrSlice
+	Files        []ShellInlineFile
 	PrependShell bool
 }
 
@@ -248,6 +305,14 @@ type RunCommand struct {
 	withNameAndCode
 	withExternalData
 	ShellDependantCmdLine
+	FlagsUsed []string
+}
+
+func (c *RunCommand) Expand(expander SingleWordExpander) error {
+	if err := setMountState(c, expander); err != nil {
+		return err
+	}
+	return nil
 }
 
 // CmdCommand : CMD foo
@@ -360,22 +425,25 @@ func (c *StopSignalCommand) CheckPlatform(platform string) error {
 // Dockerfile author may optionally set a default value of this variable.
 type ArgCommand struct {
 	withNameAndCode
-	KeyValuePairOptional
+	Args []KeyValuePairOptional
 }
 
 // Expand variables
 func (c *ArgCommand) Expand(expander SingleWordExpander) error {
-	p, err := expander(c.Key)
-	if err != nil {
-		return err
-	}
-	c.Key = p
-	if c.Value != nil {
-		p, err = expander(*c.Value)
+	for i, v := range c.Args {
+		p, err := expander(v.Key)
 		if err != nil {
 			return err
 		}
-		c.Value = &p
+		v.Key = p
+		if v.Value != nil {
+			p, err = expander(*v.Value)
+			if err != nil {
+				return err
+			}
+			v.Value = &p
+		}
+		c.Args[i] = v
 	}
 	return nil
 }
@@ -395,6 +463,8 @@ type Stage struct {
 	BaseName   string
 	SourceCode string
 	Platform   string
+	Location   []parser.Range
+	Comment    string
 }
 
 // AddCommand to the stage
@@ -414,7 +484,7 @@ func IsCurrentStage(s []Stage, name string) bool {
 // CurrentStage return the last stage in a slice
 func CurrentStage(s []Stage) (*Stage, error) {
 	if len(s) == 0 {
-		return nil, errors.New("No build stage in current context")
+		return nil, errors.New("no build stage in current context")
 	}
 	return &s[len(s)-1], nil
 }
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_nosecrets.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_nosecrets.go
deleted file mode 100644
index b0989b2880645..0000000000000
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_nosecrets.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build !dfsecrets,!dfextall
-
-package instructions
-
-func isSecretMountsSupported() bool {
-	return false
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_nossh.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_nossh.go
deleted file mode 100644
index de809584523b5..0000000000000
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_nossh.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build !dfssh,!dfextall
-
-package instructions
-
-func isSSHMountsSupported() bool {
-	return false
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go
index 2540a7ea7fbf7..2499677f4b639 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go
@@ -1,9 +1,8 @@
-// +build dfrunmount dfextall
-
 package instructions
 
 import (
 	"encoding/csv"
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -66,13 +65,17 @@ func runMountPreHook(cmd *RunCommand, req parseRequest) error {
 }
 
 func runMountPostHook(cmd *RunCommand, req parseRequest) error {
+	return setMountState(cmd, nil)
+}
+
+func setMountState(cmd *RunCommand, expander SingleWordExpander) error {
 	st := getMountState(cmd)
 	if st == nil {
 		return errors.Errorf("no mount state")
 	}
 	var mounts []*Mount
 	for _, str := range st.flag.StringValues {
-		m, err := parseMount(str)
+		m, err := parseMount(str, expander)
 		if err != nil {
 			return err
 		}
@@ -108,9 +111,12 @@ type Mount struct {
 	CacheID      string
 	CacheSharing string
 	Required     bool
+	Mode         *uint64
+	UID          *uint64
+	GID          *uint64
 }
 
-func parseMount(value string) (*Mount, error) {
+func parseMount(value string, expander SingleWordExpander) (*Mount, error) {
 	csvReader := csv.NewReader(strings.NewReader(value))
 	fields, err := csvReader.Read()
 	if err != nil {
@@ -139,6 +145,8 @@ func parseMount(value string) (*Mount, error) {
 				if m.Type == "secret" || m.Type == "ssh" {
 					m.Required = true
 					continue
+				} else {
+					return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type)
 				}
 			}
 		}
@@ -148,6 +156,23 @@ func parseMount(value string) (*Mount, error) {
 		}
 
 		value := parts[1]
+		// check for potential variable
+		if expander != nil {
+			processed, err := expander(value)
+			if err != nil {
+				return nil, err
+			}
+			value = processed
+		} else if key == "from" {
+			if matched, err := regexp.MatchString(`\$.`, value); err != nil { //nolint
+				return nil, err
+			} else if matched {
+				return nil, errors.Errorf("'%s' doesn't support variable expansion, define alias stage instead", key)
+			}
+		} else {
+			// if we don't have an expander, defer evaluation to later
+			continue
+		}
 		switch key {
 		case "type":
 			if !isValidMountType(strings.ToLower(value)) {
@@ -173,6 +198,16 @@ func parseMount(value string) (*Mount, error) {
 			}
 			m.ReadOnly = !rw
 			roAuto = false
+		case "required":
+			if m.Type == "secret" || m.Type == "ssh" {
+				v, err := strconv.ParseBool(value)
+				if err != nil {
+					return nil, errors.Errorf("invalid value for %s: %s", key, value)
+				}
+				m.Required = v
+			} else {
+				return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type)
+			}
 		case "id":
 			m.CacheID = value
 		case "sharing":
@@ -180,13 +215,45 @@ func parseMount(value string) (*Mount, error) {
 				return nil, errors.Errorf("unsupported sharing value %q", value)
 			}
 			m.CacheSharing = strings.ToLower(value)
+		case "mode":
+			mode, err := strconv.ParseUint(value, 8, 32)
+			if err != nil {
+				return nil, errors.Errorf("invalid value %s for mode", value)
+			}
+			m.Mode = &mode
+		case "uid":
+			uid, err := strconv.ParseUint(value, 10, 32)
+			if err != nil {
+				return nil, errors.Errorf("invalid value %s for uid", value)
+			}
+			m.UID = &uid
+		case "gid":
+			gid, err := strconv.ParseUint(value, 10, 32)
+			if err != nil {
+				return nil, errors.Errorf("invalid value %s for gid", value)
+			}
+			m.GID = &gid
 		default:
 			return nil, errors.Errorf("unexpected key '%s' in '%s'", key, field)
 		}
 	}
 
+	fileInfoAllowed := m.Type == MountTypeSecret || m.Type == MountTypeSSH || m.Type == MountTypeCache
+
+	if m.Mode != nil && !fileInfoAllowed {
+		return nil, errors.Errorf("mode not allowed for %q type mounts", m.Type)
+	}
+
+	if m.UID != nil && !fileInfoAllowed {
+		return nil, errors.Errorf("uid not allowed for %q type mounts", m.Type)
+	}
+
+	if m.GID != nil && !fileInfoAllowed {
+		return nil, errors.Errorf("gid not allowed for %q type mounts", m.Type)
+	}
+
 	if roAuto {
-		if m.Type == MountTypeCache {
+		if m.Type == MountTypeCache || m.Type == MountTypeTmpfs {
 			m.ReadOnly = false
 		} else {
 			m.ReadOnly = true
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runnetwork.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runnetwork.go
new file mode 100644
index 0000000000000..adef3fd7aa977
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runnetwork.go
@@ -0,0 +1,63 @@
+// +build dfrunnetwork
+
+package instructions
+
+import (
+	"github.com/pkg/errors"
+)
+
+const (
+	NetworkDefault = "default"
+	NetworkNone    = "none"
+	NetworkHost    = "host"
+)
+
+var allowedNetwork = map[string]struct{}{
+	NetworkDefault: {},
+	NetworkNone:    {},
+	NetworkHost:    {},
+}
+
+func isValidNetwork(value string) bool {
+	_, ok := allowedNetwork[value]
+	return ok
+}
+
+var networkKey = "dockerfile/run/network"
+
+func init() {
+	parseRunPreHooks = append(parseRunPreHooks, runNetworkPreHook)
+	parseRunPostHooks = append(parseRunPostHooks, runNetworkPostHook)
+}
+
+func runNetworkPreHook(cmd *RunCommand, req parseRequest) error {
+	st := &networkState{}
+	st.flag = req.flags.AddString("network", NetworkDefault)
+	cmd.setExternalValue(networkKey, st)
+	return nil
+}
+
+func runNetworkPostHook(cmd *RunCommand, req parseRequest) error {
+	st := cmd.getExternalValue(networkKey).(*networkState)
+	if st == nil {
+		return errors.Errorf("no network state")
+	}
+
+	value := st.flag.Value
+	if !isValidNetwork(value) {
+		return errors.Errorf("invalid network mode %q", value)
+	}
+
+	st.networkMode = value
+
+	return nil
+}
+
+func GetNetwork(cmd *RunCommand) string {
+	return cmd.getExternalValue(networkKey).(*networkState).networkMode
+}
+
+type networkState struct {
+	flag        *Flag
+	networkMode string
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go
new file mode 100644
index 0000000000000..0c0be80664f49
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go
@@ -0,0 +1,61 @@
+// +build dfrunsecurity
+
+package instructions
+
+import (
+	"github.com/pkg/errors"
+)
+
+const (
+	SecurityInsecure = "insecure"
+	SecuritySandbox  = "sandbox"
+)
+
+var allowedSecurity = map[string]struct{}{
+	SecurityInsecure: {},
+	SecuritySandbox:  {},
+}
+
+func isValidSecurity(value string) bool {
+	_, ok := allowedSecurity[value]
+	return ok
+}
+
+var securityKey = "dockerfile/run/security"
+
+func init() {
+	parseRunPreHooks = append(parseRunPreHooks, runSecurityPreHook)
+	parseRunPostHooks = append(parseRunPostHooks, runSecurityPostHook)
+}
+
+func runSecurityPreHook(cmd *RunCommand, req parseRequest) error {
+	st := &securityState{}
+	st.flag = req.flags.AddString("security", SecuritySandbox)
+	cmd.setExternalValue(securityKey, st)
+	return nil
+}
+
+func runSecurityPostHook(cmd *RunCommand, req parseRequest) error {
+	st := cmd.getExternalValue(securityKey).(*securityState)
+	if st == nil {
+		return errors.Errorf("no security state")
+	}
+
+	value := st.flag.Value
+	if !isValidSecurity(value) {
+		return errors.Errorf("security %q is not valid", value)
+	}
+
+	st.security = value
+
+	return nil
+}
+
+func GetSecurity(cmd *RunCommand) string {
+	return cmd.getExternalValue(securityKey).(*securityState).security
+}
+
+type securityState struct {
+	flag     *Flag
+	security string
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_secrets.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_secrets.go
index 63b3e215a02c4..2b4140b72ae79 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_secrets.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_secrets.go
@@ -1,5 +1,3 @@
-// +build dfsecrets dfextall
-
 package instructions
 
 func isSecretMountsSupported() bool {
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_ssh.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_ssh.go
index 8e591d3e31f33..0e4e5f38c7287 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_ssh.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_ssh.go
@@ -1,5 +1,3 @@
-// +build dfssh dfextall
-
 package instructions
 
 func isSSHMountsSupported() bool {
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/parse.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/parse.go
index 0ce076a58be00..7a6c69e383bf3 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/parse.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/parse.go
@@ -18,9 +18,12 @@ import (
 type parseRequest struct {
 	command    string
 	args       []string
+	heredocs   []parser.Heredoc
 	attributes map[string]bool
 	flags      *BFlags
 	original   string
+	location   []parser.Range
+	comments   []string
 }
 
 var parseRunPreHooks []func(*RunCommand, parseRequest) error
@@ -45,14 +48,20 @@ func newParseRequestFromNode(node *parser.Node) parseRequest {
 	return parseRequest{
 		command:    node.Value,
 		args:       nodeArgs(node),
+		heredocs:   node.Heredocs,
 		attributes: node.Attributes,
 		original:   node.Original,
 		flags:      NewBFlagsWithArgs(node.Flags),
+		location:   node.Location(),
+		comments:   node.PrevComment,
 	}
 }
 
 // ParseInstruction converts an AST to a typed instruction (either a command or a build stage beginning when encountering a `FROM` statement)
-func ParseInstruction(node *parser.Node) (interface{}, error) {
+func ParseInstruction(node *parser.Node) (v interface{}, err error) {
+	defer func() {
+		err = parser.WithLocation(err, node.Location())
+	}()
 	req := newParseRequestFromNode(node)
 	switch node.Value {
 	case command.Env:
@@ -105,7 +114,7 @@ func ParseCommand(node *parser.Node) (Command, error) {
 	if c, ok := s.(Command); ok {
 		return c, nil
 	}
-	return nil, errors.Errorf("%T is not a command type", s)
+	return nil, parser.WithLocation(errors.Errorf("%T is not a command type", s), node.Location())
 }
 
 // UnknownInstruction represents an error occurring when a command is unresolvable
@@ -118,25 +127,17 @@ func (e *UnknownInstruction) Error() string {
 	return fmt.Sprintf("unknown instruction: %s", strings.ToUpper(e.Instruction))
 }
 
-// IsUnknownInstruction checks if the error is an UnknownInstruction or a parseError containing an UnknownInstruction
-func IsUnknownInstruction(err error) bool {
-	_, ok := err.(*UnknownInstruction)
-	if !ok {
-		var pe *parseError
-		if pe, ok = err.(*parseError); ok {
-			_, ok = pe.inner.(*UnknownInstruction)
-		}
-	}
-	return ok
-}
-
 type parseError struct {
 	inner error
 	node  *parser.Node
 }
 
 func (e *parseError) Error() string {
-	return fmt.Sprintf("Dockerfile parse error line %d: %v", e.node.StartLine, e.inner.Error())
+	return fmt.Sprintf("dockerfile parse error line %d: %v", e.node.StartLine, e.inner.Error())
+}
+
+func (e *parseError) Unwrap() error {
+	return e.inner
 }
 
 // Parse a Dockerfile into a collection of buildable stages.
@@ -160,11 +161,11 @@ func Parse(ast *parser.Node) (stages []Stage, metaArgs []ArgCommand, err error)
 		case Command:
 			stage, err := CurrentStage(stages)
 			if err != nil {
-				return nil, nil, err
+				return nil, nil, parser.WithLocation(err, n.Location())
 			}
 			stage.AddCommand(c)
 		default:
-			return nil, nil, errors.Errorf("%T is not a command type", cmd)
+			return nil, nil, parser.WithLocation(errors.Errorf("%T is not a command type", cmd), n.Location())
 		}
 
 	}
@@ -237,18 +238,65 @@ func parseLabel(req parseRequest) (*LabelCommand, error) {
 	}, nil
 }
 
+func parseSourcesAndDest(req parseRequest, command string) (*SourcesAndDest, error) {
+	srcs := req.args[:len(req.args)-1]
+	dest := req.args[len(req.args)-1]
+	if heredoc := parser.MustParseHeredoc(dest); heredoc != nil {
+		return nil, errBadHeredoc(command, "a destination")
+	}
+
+	heredocLookup := make(map[string]parser.Heredoc)
+	for _, heredoc := range req.heredocs {
+		heredocLookup[heredoc.Name] = heredoc
+	}
+
+	var sourcePaths []string
+	var sourceContents []SourceContent
+	for _, src := range srcs {
+		if heredoc := parser.MustParseHeredoc(src); heredoc != nil {
+			content := heredocLookup[heredoc.Name].Content
+			if heredoc.Chomp {
+				content = parser.ChompHeredocContent(content)
+			}
+			sourceContents = append(sourceContents,
+				SourceContent{
+					Data:   content,
+					Path:   heredoc.Name,
+					Expand: heredoc.Expand,
+				},
+			)
+		} else {
+			sourcePaths = append(sourcePaths, src)
+		}
+	}
+
+	return &SourcesAndDest{
+		DestPath:       dest,
+		SourcePaths:    sourcePaths,
+		SourceContents: sourceContents,
+	}, nil
+}
+
 func parseAdd(req parseRequest) (*AddCommand, error) {
 	if len(req.args) < 2 {
 		return nil, errNoDestinationArgument("ADD")
 	}
 	flChown := req.flags.AddString("chown", "")
+	flChmod := req.flags.AddString("chmod", "")
 	if err := req.flags.Parse(); err != nil {
 		return nil, err
 	}
+
+	sourcesAndDest, err := parseSourcesAndDest(req, "ADD")
+	if err != nil {
+		return nil, err
+	}
+
 	return &AddCommand{
-		SourcesAndDest:  SourcesAndDest(req.args),
 		withNameAndCode: newWithNameAndCode(req),
+		SourcesAndDest:  *sourcesAndDest,
 		Chown:           flChown.Value,
+		Chmod:           flChmod.Value,
 	}, nil
 }
 
@@ -258,14 +306,22 @@ func parseCopy(req parseRequest) (*CopyCommand, error) {
 	}
 	flChown := req.flags.AddString("chown", "")
 	flFrom := req.flags.AddString("from", "")
+	flChmod := req.flags.AddString("chmod", "")
 	if err := req.flags.Parse(); err != nil {
 		return nil, err
 	}
+
+	sourcesAndDest, err := parseSourcesAndDest(req, "COPY")
+	if err != nil {
+		return nil, err
+	}
+
 	return &CopyCommand{
-		SourcesAndDest:  SourcesAndDest(req.args),
-		From:            flFrom.Value,
 		withNameAndCode: newWithNameAndCode(req),
+		SourcesAndDest:  *sourcesAndDest,
+		From:            flFrom.Value,
 		Chown:           flChown.Value,
+		Chmod:           flChmod.Value,
 	}, nil
 }
 
@@ -287,6 +343,8 @@ func parseFrom(req parseRequest) (*Stage, error) {
 		SourceCode: code,
 		Commands:   []Command{},
 		Platform:   flPlatform.Value,
+		Location:   req.location,
+		Comment:    getComment(req.comments, stageName),
 	}, nil
 
 }
@@ -297,7 +355,7 @@ func parseBuildStageName(args []string) (string, error) {
 	case len(args) == 3 && strings.EqualFold(args[1], "as"):
 		stageName = strings.ToLower(args[2])
 		if ok, _ := regexp.MatchString("^[a-z][a-z0-9-_\\.]*$", stageName); !ok {
-			return "", errors.Errorf("invalid name for build stage: %q, name can't start with a number or contain symbols", stageName)
+			return "", errors.Errorf("invalid name for build stage: %q, name can't start with a number or contain symbols", args[2])
 		}
 	case len(args) != 1:
 		return "", errors.New("FROM requires either one or three arguments")
@@ -346,7 +404,17 @@ func parseWorkdir(req parseRequest) (*WorkdirCommand, error) {
 
 }
 
-func parseShellDependentCommand(req parseRequest, emptyAsNil bool) ShellDependantCmdLine {
+func parseShellDependentCommand(req parseRequest, command string, emptyAsNil bool) (ShellDependantCmdLine, error) {
+	var files []ShellInlineFile
+	for _, heredoc := range req.heredocs {
+		file := ShellInlineFile{
+			Name:  heredoc.Name,
+			Data:  heredoc.Content,
+			Chomp: heredoc.Chomp,
+		}
+		files = append(files, file)
+	}
+
 	args := handleJSONArgs(req.args, req.attributes)
 	cmd := strslice.StrSlice(args)
 	if emptyAsNil && len(cmd) == 0 {
@@ -354,8 +422,9 @@ func parseShellDependentCommand(req parseRequest, emptyAsNil bool) ShellDependan
 	}
 	return ShellDependantCmdLine{
 		CmdLine:      cmd,
+		Files:        files,
 		PrependShell: !req.attributes["json"],
-	}
+	}, nil
 }
 
 func parseRun(req parseRequest) (*RunCommand, error) {
@@ -370,8 +439,14 @@ func parseRun(req parseRequest) (*RunCommand, error) {
 	if err := req.flags.Parse(); err != nil {
 		return nil, err
 	}
+	cmd.FlagsUsed = req.flags.Used()
+
+	cmdline, err := parseShellDependentCommand(req, "RUN", false)
+	if err != nil {
+		return nil, err
+	}
+	cmd.ShellDependantCmdLine = cmdline
 
-	cmd.ShellDependantCmdLine = parseShellDependentCommand(req, false)
 	cmd.withNameAndCode = newWithNameAndCode(req)
 
 	for _, fn := range parseRunPostHooks {
@@ -387,11 +462,16 @@ func parseCmd(req parseRequest) (*CmdCommand, error) {
 	if err := req.flags.Parse(); err != nil {
 		return nil, err
 	}
+
+	cmdline, err := parseShellDependentCommand(req, "CMD", false)
+	if err != nil {
+		return nil, err
+	}
+
 	return &CmdCommand{
-		ShellDependantCmdLine: parseShellDependentCommand(req, false),
+		ShellDependantCmdLine: cmdline,
 		withNameAndCode:       newWithNameAndCode(req),
 	}, nil
-
 }
 
 func parseEntrypoint(req parseRequest) (*EntrypointCommand, error) {
@@ -399,12 +479,15 @@ func parseEntrypoint(req parseRequest) (*EntrypointCommand, error) {
 		return nil, err
 	}
 
-	cmd := &EntrypointCommand{
-		ShellDependantCmdLine: parseShellDependentCommand(req, true),
-		withNameAndCode:       newWithNameAndCode(req),
+	cmdline, err := parseShellDependentCommand(req, "ENTRYPOINT", true)
+	if err != nil {
+		return nil, err
 	}
 
-	return cmd, nil
+	return &EntrypointCommand{
+		ShellDependantCmdLine: cmdline,
+		withNameAndCode:       newWithNameAndCode(req),
+	}, nil
 }
 
 // parseOptInterval(flag) is the duration of flag.Value, or 0 if
@@ -577,33 +660,38 @@ func parseStopSignal(req parseRequest) (*StopSignalCommand, error) {
 }
 
 func parseArg(req parseRequest) (*ArgCommand, error) {
-	if len(req.args) != 1 {
-		return nil, errExactlyOneArgument("ARG")
+	if len(req.args) < 1 {
+		return nil, errAtLeastOneArgument("ARG")
 	}
 
-	kvpo := KeyValuePairOptional{}
+	pairs := make([]KeyValuePairOptional, len(req.args))
 
-	arg := req.args[0]
-	// 'arg' can just be a name or name-value pair. Note that this is different
-	// from 'env' that handles the split of name and value at the parser level.
-	// The reason for doing it differently for 'arg' is that we support just
-	// defining an arg and not assign it a value (while 'env' always expects a
-	// name-value pair). If possible, it will be good to harmonize the two.
-	if strings.Contains(arg, "=") {
-		parts := strings.SplitN(arg, "=", 2)
-		if len(parts[0]) == 0 {
-			return nil, errBlankCommandNames("ARG")
-		}
+	for i, arg := range req.args {
+		kvpo := KeyValuePairOptional{}
 
-		kvpo.Key = parts[0]
-		kvpo.Value = &parts[1]
-	} else {
-		kvpo.Key = arg
+		// 'arg' can just be a name or name-value pair. Note that this is different
+		// from 'env' that handles the split of name and value at the parser level.
+		// The reason for doing it differently for 'arg' is that we support just
+		// defining an arg and not assign it a value (while 'env' always expects a
+		// name-value pair). If possible, it will be good to harmonize the two.
+		if strings.Contains(arg, "=") {
+			parts := strings.SplitN(arg, "=", 2)
+			if len(parts[0]) == 0 {
+				return nil, errBlankCommandNames("ARG")
+			}
+
+			kvpo.Key = parts[0]
+			kvpo.Value = &parts[1]
+		} else {
+			kvpo.Key = arg
+		}
+		kvpo.Comment = getComment(req.comments, kvpo.Key)
+		pairs[i] = kvpo
 	}
 
 	return &ArgCommand{
-		KeyValuePairOptional: kvpo,
-		withNameAndCode:      newWithNameAndCode(req),
+		Args:            pairs,
+		withNameAndCode: newWithNameAndCode(req),
 	}, nil
 }
 
@@ -641,6 +729,10 @@ func errNoDestinationArgument(command string) error {
 	return errors.Errorf("%s requires at least two arguments, but only one was provided. Destination could not be determined.", command)
 }
 
+func errBadHeredoc(command string, option string) error {
+	return errors.Errorf("%s cannot accept a heredoc as %s", command, option)
+}
+
 func errBlankCommandNames(command string) error {
 	return errors.Errorf("%s names can not be blank", command)
 }
@@ -648,3 +740,15 @@ func errBlankCommandNames(command string) error {
 func errTooManyArguments(command string) error {
 	return errors.Errorf("Bad input to %s, too many arguments", command)
 }
+
+func getComment(comments []string, name string) string {
+	if name == "" {
+		return ""
+	}
+	for _, line := range comments {
+		if strings.HasPrefix(line, name+" ") {
+			return strings.TrimPrefix(line, name+" ")
+		}
+	}
+	return ""
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/errors.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/errors.go
new file mode 100644
index 0000000000000..9f28a5a2e15fe
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/errors.go
@@ -0,0 +1,58 @@
+package parser
+
+import (
+	"github.com/moby/buildkit/util/stack"
+	"github.com/pkg/errors"
+)
+
+// ErrorLocation gives a location in source code that caused the error
+type ErrorLocation struct {
+	Location []Range
+	error
+}
+
+// Unwrap unwraps to the next error
+func (e *ErrorLocation) Unwrap() error {
+	return e.error
+}
+
+// Range is a code section between two positions
+type Range struct {
+	Start Position
+	End   Position
+}
+
+// Position is a point in source code
+type Position struct {
+	Line      int
+	Character int
+}
+
+func withLocation(err error, start, end int) error {
+	return WithLocation(err, toRanges(start, end))
+}
+
+// WithLocation extends an error with a source code location
+func WithLocation(err error, location []Range) error {
+	if err == nil {
+		return nil
+	}
+	var el *ErrorLocation
+	if errors.As(err, &el) {
+		return err
+	}
+	return stack.Enable(&ErrorLocation{
+		error:    err,
+		Location: location,
+	})
+}
+
+func toRanges(start, end int) (r []Range) {
+	if end <= start {
+		end = start
+	}
+	for i := start; i <= end; i++ {
+		r = append(r, Range{Start: Position{Line: i}, End: Position{Line: i}})
+	}
+	return
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/line_parsers.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/line_parsers.go
index 15f00ce79241f..c0d0a55d12240 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/line_parsers.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/line_parsers.go
@@ -8,11 +8,12 @@ package parser
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"strings"
 	"unicode"
 	"unicode/utf8"
+
+	"github.com/pkg/errors"
 )
 
 var (
@@ -25,7 +26,7 @@ const (
 
 // ignore the current argument. This will still leave a command parsed, but
 // will not incorporate the arguments into the ast.
-func parseIgnore(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseIgnore(rest string, d *directives) (*Node, map[string]bool, error) {
 	return &Node{}, nil, nil
 }
 
@@ -34,12 +35,12 @@ func parseIgnore(rest string, d *Directive) (*Node, map[string]bool, error) {
 //
 // ONBUILD RUN foo bar -> (onbuild (run foo bar))
 //
-func parseSubCommand(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseSubCommand(rest string, d *directives) (*Node, map[string]bool, error) {
 	if rest == "" {
 		return nil, nil, nil
 	}
 
-	child, err := newNodeFromLine(rest, d)
+	child, err := newNodeFromLine(rest, d, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -50,7 +51,7 @@ func parseSubCommand(rest string, d *Directive) (*Node, map[string]bool, error)
 // helper to parse words (i.e space delimited or quoted strings) in a statement.
 // The quotes are preserved as part of this function and they are stripped later
 // as part of processWords().
-func parseWords(rest string, d *Directive) []string {
+func parseWords(rest string, d *directives) []string {
 	const (
 		inSpaces = iota // looking for start of a word
 		inWord
@@ -137,7 +138,7 @@ func parseWords(rest string, d *Directive) []string {
 
 // parse environment like statements. Note that this does *not* handle
 // variable interpolation, which will be handled in the evaluator.
-func parseNameVal(rest string, key string, d *Directive) (*Node, error) {
+func parseNameVal(rest string, key string, d *directives) (*Node, error) {
 	// This is kind of tricky because we need to support the old
 	// variant:   KEY name value
 	// as well as the new one:    KEY name=value ...
@@ -151,7 +152,7 @@ func parseNameVal(rest string, key string, d *Directive) (*Node, error) {
 
 	// Old format (KEY name value)
 	if !strings.Contains(words[0], "=") {
-		parts := tokenWhitespace.Split(rest, 2)
+		parts := reWhitespace.Split(rest, 2)
 		if len(parts) < 2 {
 			return nil, fmt.Errorf(key + " must have two arguments")
 		}
@@ -192,12 +193,12 @@ func appendKeyValueNode(node, rootNode, prevNode *Node) (*Node, *Node) {
 	return rootNode, prevNode
 }
 
-func parseEnv(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseEnv(rest string, d *directives) (*Node, map[string]bool, error) {
 	node, err := parseNameVal(rest, "ENV", d)
 	return node, nil, err
 }
 
-func parseLabel(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseLabel(rest string, d *directives) (*Node, map[string]bool, error) {
 	node, err := parseNameVal(rest, commandLabel, d)
 	return node, nil, err
 }
@@ -210,7 +211,7 @@ func parseLabel(rest string, d *Directive) (*Node, map[string]bool, error) {
 // In addition, a keyword definition alone is of the form `keyword` like `name1`
 // above. And the assignments `name2=` and `name3=""` are equivalent and
 // assign an empty value to the respective keywords.
-func parseNameOrNameVal(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseNameOrNameVal(rest string, d *directives) (*Node, map[string]bool, error) {
 	words := parseWords(rest, d)
 	if len(words) == 0 {
 		return nil, nil, nil
@@ -236,7 +237,7 @@ func parseNameOrNameVal(rest string, d *Directive) (*Node, map[string]bool, erro
 
 // parses a whitespace-delimited set of arguments. The result is effectively a
 // linked list of string arguments.
-func parseStringsWhitespaceDelimited(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseStringsWhitespaceDelimited(rest string, d *directives) (*Node, map[string]bool, error) {
 	if rest == "" {
 		return nil, nil, nil
 	}
@@ -244,7 +245,7 @@ func parseStringsWhitespaceDelimited(rest string, d *Directive) (*Node, map[stri
 	node := &Node{}
 	rootnode := node
 	prevnode := node
-	for _, str := range tokenWhitespace.Split(rest, -1) { // use regexp
+	for _, str := range reWhitespace.Split(rest, -1) { // use regexp
 		prevnode = node
 		node.Value = str
 		node.Next = &Node{}
@@ -260,7 +261,7 @@ func parseStringsWhitespaceDelimited(rest string, d *Directive) (*Node, map[stri
 }
 
 // parseString just wraps the string in quotes and returns a working node.
-func parseString(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseString(rest string, d *directives) (*Node, map[string]bool, error) {
 	if rest == "" {
 		return nil, nil, nil
 	}
@@ -270,7 +271,7 @@ func parseString(rest string, d *Directive) (*Node, map[string]bool, error) {
 }
 
 // parseJSON converts JSON arrays to an AST.
-func parseJSON(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseJSON(rest string, d *directives) (*Node, map[string]bool, error) {
 	rest = strings.TrimLeftFunc(rest, unicode.IsSpace)
 	if !strings.HasPrefix(rest, "[") {
 		return nil, nil, fmt.Errorf(`Error parsing "%s" as a JSON array`, rest)
@@ -303,7 +304,7 @@ func parseJSON(rest string, d *Directive) (*Node, map[string]bool, error) {
 // parseMaybeJSON determines if the argument appears to be a JSON array. If
 // so, passes to parseJSON; if not, quotes the result and returns a single
 // node.
-func parseMaybeJSON(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseMaybeJSON(rest string, d *directives) (*Node, map[string]bool, error) {
 	if rest == "" {
 		return nil, nil, nil
 	}
@@ -325,7 +326,7 @@ func parseMaybeJSON(rest string, d *Directive) (*Node, map[string]bool, error) {
 // parseMaybeJSONToList determines if the argument appears to be a JSON array. If
 // so, passes to parseJSON; if not, attempts to parse it as a whitespace
 // delimited string.
-func parseMaybeJSONToList(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseMaybeJSONToList(rest string, d *directives) (*Node, map[string]bool, error) {
 	node, attrs, err := parseJSON(rest, d)
 
 	if err == nil {
@@ -339,7 +340,7 @@ func parseMaybeJSONToList(rest string, d *Directive) (*Node, map[string]bool, er
 }
 
 // The HEALTHCHECK command is like parseMaybeJSON, but has an extra type argument.
-func parseHealthConfig(rest string, d *Directive) (*Node, map[string]bool, error) {
+func parseHealthConfig(rest string, d *directives) (*Node, map[string]bool, error) {
 	// Find end of first argument
 	var sep int
 	for ; sep < len(rest); sep++ {
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/parser.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/parser.go
index 0453f3a9a2ae5..083c75f89ff8b 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/parser.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/parser.go
@@ -12,6 +12,7 @@ import (
 	"unicode"
 
 	"github.com/moby/buildkit/frontend/dockerfile/command"
+	"github.com/moby/buildkit/frontend/dockerfile/shell"
 	"github.com/pkg/errors"
 )
 
@@ -28,14 +29,21 @@ import (
 // works a little more effectively than a "proper" parse tree for our needs.
 //
 type Node struct {
-	Value      string          // actual content
-	Next       *Node           // the next item in the current sexp
-	Children   []*Node         // the children of this sexp
-	Attributes map[string]bool // special attributes for this node
-	Original   string          // original line used before parsing
-	Flags      []string        // only top Node should have this set
-	StartLine  int             // the line in the original dockerfile where the node begins
-	endLine    int             // the line in the original dockerfile where the node ends
+	Value       string          // actual content
+	Next        *Node           // the next item in the current sexp
+	Children    []*Node         // the children of this sexp
+	Heredocs    []Heredoc       // extra heredoc content attachments
+	Attributes  map[string]bool // special attributes for this node
+	Original    string          // original line used before parsing
+	Flags       []string        // only top Node should have this set
+	StartLine   int             // the line in the original dockerfile where the node begins
+	EndLine     int             // the line in the original dockerfile where the node ends
+	PrevComment []string
+}
+
+// Location return the location of node in source code
+func (node *Node) Location() []Range {
+	return toRanges(node.StartLine, node.EndLine)
 }
 
 // Dump dumps the AST defined by `node` as a list of sexps.
@@ -65,7 +73,18 @@ func (node *Node) Dump() string {
 
 func (node *Node) lines(start, end int) {
 	node.StartLine = start
-	node.endLine = end
+	node.EndLine = end
+}
+
+func (node *Node) canContainHeredoc() bool {
+	if _, allowedDirective := heredocDirectives[node.Value]; !allowedDirective {
+		return false
+	}
+	if _, isJSON := node.Attributes["json"]; isJSON {
+		return false
+	}
+
+	return true
 }
 
 // AddChild adds a new child node, and updates line information
@@ -74,69 +93,107 @@ func (node *Node) AddChild(child *Node, startLine, endLine int) {
 	if node.StartLine < 0 {
 		node.StartLine = startLine
 	}
-	node.endLine = endLine
+	node.EndLine = endLine
 	node.Children = append(node.Children, child)
 }
 
+type Heredoc struct {
+	Name           string
+	FileDescriptor uint
+	Expand         bool
+	Chomp          bool
+	Content        string
+}
+
 var (
-	dispatch           map[string]func(string, *Directive) (*Node, map[string]bool, error)
-	tokenWhitespace    = regexp.MustCompile(`[\t\v\f\r ]+`)
-	tokenEscapeCommand = regexp.MustCompile(`^#[ \t]*escape[ \t]*=[ \t]*(?P<escapechar>.).*$`)
-	tokenComment       = regexp.MustCompile(`^#.*$`)
+	dispatch          map[string]func(string, *directives) (*Node, map[string]bool, error)
+	heredocDirectives map[string]bool
+	reWhitespace      = regexp.MustCompile(`[\t\v\f\r ]+`)
+	reDirectives      = regexp.MustCompile(`^#\s*([a-zA-Z][a-zA-Z0-9]*)\s*=\s*(.+?)\s*$`)
+	reComment         = regexp.MustCompile(`^#.*$`)
+	reHeredoc         = regexp.MustCompile(`^(\d*)<<(-?)(['"]?)([a-zA-Z][a-zA-Z0-9]*)(['"]?)$`)
+	reLeadingTabs     = regexp.MustCompile(`(?m)^\t+`)
 )
 
 // DefaultEscapeToken is the default escape token
 const DefaultEscapeToken = '\\'
 
-// Directive is the structure used during a build run to hold the state of
+var validDirectives = map[string]struct{}{
+	"escape": {},
+	"syntax": {},
+}
+
+// directive is the structure used during a build run to hold the state of
 // parsing directives.
-type Directive struct {
-	escapeToken           rune           // Current escape token
-	lineContinuationRegex *regexp.Regexp // Current line continuation regex
-	processingComplete    bool           // Whether we are done looking for directives
-	escapeSeen            bool           // Whether the escape directive has been seen
+type directives struct {
+	escapeToken           rune                // Current escape token
+	lineContinuationRegex *regexp.Regexp      // Current line continuation regex
+	done                  bool                // Whether we are done looking for directives
+	seen                  map[string]struct{} // Whether the escape directive has been seen
 }
 
-// setEscapeToken sets the default token for escaping characters in a Dockerfile.
-func (d *Directive) setEscapeToken(s string) error {
-	if s != "`" && s != "\\" {
-		return fmt.Errorf("invalid ESCAPE '%s'. Must be ` or \\", s)
+// setEscapeToken sets the default token for escaping characters and as line-
+// continuation token in a Dockerfile. Only ` (backtick) and \ (backslash) are
+// allowed as token.
+func (d *directives) setEscapeToken(s string) error {
+	if s != "`" && s != `\` {
+		return errors.Errorf("invalid escape token '%s' does not match ` or \\", s)
 	}
 	d.escapeToken = rune(s[0])
-	d.lineContinuationRegex = regexp.MustCompile(`\` + s + `[ \t]*$`)
+	// The escape token is used both to escape characters in a line and as line
+	// continuation token. If it's the last non-whitespace token, it is used as
+	// line-continuation token, *unless* preceded by an escape-token.
+	//
+	// The second branch in the regular expression handles line-continuation
+	// tokens on their own line, which don't have any character preceding them.
+	//
+	// Due to Go lacking negative look-ahead matching, this regular expression
+	// does not currently handle a line-continuation token preceded by an *escaped*
+	// escape-token ("foo \\\").
+	d.lineContinuationRegex = regexp.MustCompile(`([^\` + s + `])\` + s + `[ \t]*$|^\` + s + `[ \t]*$`)
 	return nil
 }
 
 // possibleParserDirective looks for parser directives, eg '# escapeToken=<char>'.
 // Parser directives must precede any builder instruction or other comments,
 // and cannot be repeated.
-func (d *Directive) possibleParserDirective(line string) error {
-	if d.processingComplete {
+func (d *directives) possibleParserDirective(line string) error {
+	if d.done {
 		return nil
 	}
 
-	tecMatch := tokenEscapeCommand.FindStringSubmatch(strings.ToLower(line))
-	if len(tecMatch) != 0 {
-		for i, n := range tokenEscapeCommand.SubexpNames() {
-			if n == "escapechar" {
-				if d.escapeSeen {
-					return errors.New("only one escape parser directive can be used")
-				}
-				d.escapeSeen = true
-				return d.setEscapeToken(tecMatch[i])
-			}
-		}
+	match := reDirectives.FindStringSubmatch(line)
+	if len(match) == 0 {
+		d.done = true
+		return nil
+	}
+
+	k := strings.ToLower(match[1])
+	_, ok := validDirectives[k]
+	if !ok {
+		d.done = true
+		return nil
+	}
+
+	if _, ok := d.seen[k]; ok {
+		return errors.Errorf("only one %s parser directive can be used", k)
+	}
+	d.seen[k] = struct{}{}
+
+	if k == "escape" {
+		return d.setEscapeToken(match[2])
 	}
 
-	d.processingComplete = true
 	return nil
 }
 
-// NewDefaultDirective returns a new Directive with the default escapeToken token
-func NewDefaultDirective() *Directive {
-	directive := Directive{}
-	directive.setEscapeToken(string(DefaultEscapeToken))
-	return &directive
+// newDefaultDirectives returns a new directives structure with the default escapeToken token
+func newDefaultDirectives() *directives {
+	d := &directives{
+		seen: map[string]struct{}{},
+	}
+	d.setEscapeToken(string(DefaultEscapeToken))
+	return d
 }
 
 func init() {
@@ -146,7 +203,7 @@ func init() {
 	// reformulating the arguments according to the rules in the parser
 	// functions. Errors are propagated up by Parse() and the resulting AST can
 	// be incorporated directly into the existing AST as a next.
-	dispatch = map[string]func(string, *Directive) (*Node, map[string]bool, error){
+	dispatch = map[string]func(string, *directives) (*Node, map[string]bool, error){
 		command.Add:         parseMaybeJSONToList,
 		command.Arg:         parseNameOrNameVal,
 		command.Cmd:         parseMaybeJSON,
@@ -171,7 +228,7 @@ func init() {
 // newNodeFromLine splits the line into parts, and dispatches to a function
 // based on the command and command arguments. A Node is created from the
 // result of the dispatch.
-func newNodeFromLine(line string, directive *Directive) (*Node, error) {
+func newNodeFromLine(line string, d *directives, comments []string) (*Node, error) {
 	cmd, flags, args, err := splitCommand(line)
 	if err != nil {
 		return nil, err
@@ -182,17 +239,18 @@ func newNodeFromLine(line string, directive *Directive) (*Node, error) {
 	if fn == nil {
 		fn = parseIgnore
 	}
-	next, attrs, err := fn(args, directive)
+	next, attrs, err := fn(args, d)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Node{
-		Value:      cmd,
-		Original:   line,
-		Flags:      flags,
-		Next:       next,
-		Attributes: attrs,
+		Value:       cmd,
+		Original:    line,
+		Flags:       flags,
+		Next:        next,
+		Attributes:  attrs,
+		PrevComment: comments,
 	}, nil
 }
 
@@ -214,11 +272,13 @@ func (r *Result) PrintWarnings(out io.Writer) {
 // Parse reads lines from a Reader, parses the lines into an AST and returns
 // the AST and escape token
 func Parse(rwc io.Reader) (*Result, error) {
-	d := NewDefaultDirective()
+	d := newDefaultDirectives()
 	currentLine := 0
 	root := &Node{StartLine: -1}
 	scanner := bufio.NewScanner(rwc)
+	scanner.Split(scanLines)
 	warnings := []string{}
+	var comments []string
 
 	var err error
 	for scanner.Scan() {
@@ -227,9 +287,17 @@ func Parse(rwc io.Reader) (*Result, error) {
 			// First line, strip the byte-order-marker if present
 			bytesRead = bytes.TrimPrefix(bytesRead, utf8bom)
 		}
+		if isComment(bytesRead) {
+			comment := strings.TrimSpace(string(bytesRead[1:]))
+			if comment == "" {
+				comments = nil
+			} else {
+				comments = append(comments, comment)
+			}
+		}
 		bytesRead, err = processLine(d, bytesRead, true)
 		if err != nil {
-			return nil, err
+			return nil, withLocation(err, currentLine, 0)
 		}
 		currentLine++
 
@@ -243,7 +311,7 @@ func Parse(rwc io.Reader) (*Result, error) {
 		for !isEndOfLine && scanner.Scan() {
 			bytesRead, err := processLine(d, scanner.Bytes(), false)
 			if err != nil {
-				return nil, err
+				return nil, withLocation(err, currentLine, 0)
 			}
 			currentLine++
 
@@ -265,44 +333,145 @@ func Parse(rwc io.Reader) (*Result, error) {
 			warnings = append(warnings, "[WARNING]: Empty continuation line found in:\n    "+line)
 		}
 
-		child, err := newNodeFromLine(line, d)
+		child, err := newNodeFromLine(line, d, comments)
 		if err != nil {
-			return nil, err
+			return nil, withLocation(err, startLine, currentLine)
 		}
+
+		if child.canContainHeredoc() {
+			heredocs, err := heredocsFromLine(line)
+			if err != nil {
+				return nil, withLocation(err, startLine, currentLine)
+			}
+
+			for _, heredoc := range heredocs {
+				terminator := []byte(heredoc.Name)
+				terminated := false
+				for scanner.Scan() {
+					bytesRead := scanner.Bytes()
+					currentLine++
+
+					possibleTerminator := trimNewline(bytesRead)
+					if heredoc.Chomp {
+						possibleTerminator = trimLeadingTabs(possibleTerminator)
+					}
+					if bytes.Equal(possibleTerminator, terminator) {
+						terminated = true
+						break
+					}
+					heredoc.Content += string(bytesRead)
+				}
+				if !terminated {
+					return nil, withLocation(errors.New("unterminated heredoc"), startLine, currentLine)
+				}
+
+				child.Heredocs = append(child.Heredocs, heredoc)
+			}
+		}
+
 		root.AddChild(child, startLine, currentLine)
+		comments = nil
 	}
 
 	if len(warnings) > 0 {
 		warnings = append(warnings, "[WARNING]: Empty continuation lines will become errors in a future release.")
 	}
+
+	if root.StartLine < 0 {
+		return nil, withLocation(errors.New("file with no instructions"), currentLine, 0)
+	}
+
 	return &Result{
 		AST:         root,
 		Warnings:    warnings,
 		EscapeToken: d.escapeToken,
-	}, handleScannerError(scanner.Err())
+	}, withLocation(handleScannerError(scanner.Err()), currentLine, 0)
+}
+
+func heredocFromMatch(match []string) (*Heredoc, error) {
+	if len(match) == 0 {
+		return nil, nil
+	}
+
+	fileDescriptor, _ := strconv.ParseUint(match[1], 10, 0)
+	chomp := match[2] == "-"
+	quoteOpen := match[3]
+	name := match[4]
+	quoteClose := match[5]
+
+	expand := true
+	if quoteOpen != "" || quoteClose != "" {
+		if quoteOpen != quoteClose {
+			return nil, errors.New("quoted heredoc quotes do not match")
+		}
+		expand = false
+	}
+
+	return &Heredoc{
+		Name:           name,
+		Expand:         expand,
+		Chomp:          chomp,
+		FileDescriptor: uint(fileDescriptor),
+	}, nil
+}
+
+func ParseHeredoc(src string) (*Heredoc, error) {
+	return heredocFromMatch(reHeredoc.FindStringSubmatch(src))
+}
+func MustParseHeredoc(src string) *Heredoc {
+	heredoc, _ := ParseHeredoc(src)
+	return heredoc
+}
+
+func heredocsFromLine(line string) ([]Heredoc, error) {
+	shlex := shell.NewLex('\\')
+	shlex.RawQuotes = true
+	words, _ := shlex.ProcessWords(line, []string{})
+
+	var docs []Heredoc
+	for _, word := range words {
+		heredoc, err := ParseHeredoc(word)
+		if err != nil {
+			return nil, err
+		}
+		if heredoc != nil {
+			docs = append(docs, *heredoc)
+		}
+	}
+	return docs, nil
+}
+
+func ChompHeredocContent(src string) string {
+	return reLeadingTabs.ReplaceAllString(src, "")
 }
 
 func trimComments(src []byte) []byte {
-	return tokenComment.ReplaceAll(src, []byte{})
+	return reComment.ReplaceAll(src, []byte{})
 }
 
-func trimWhitespace(src []byte) []byte {
+func trimLeadingWhitespace(src []byte) []byte {
 	return bytes.TrimLeftFunc(src, unicode.IsSpace)
 }
+func trimLeadingTabs(src []byte) []byte {
+	return bytes.TrimLeft(src, "\t")
+}
+func trimNewline(src []byte) []byte {
+	return bytes.TrimRight(src, "\r\n")
+}
 
 func isComment(line []byte) bool {
-	return tokenComment.Match(trimWhitespace(line))
+	return reComment.Match(trimLeadingWhitespace(trimNewline(line)))
 }
 
 func isEmptyContinuationLine(line []byte) bool {
-	return len(trimWhitespace(line)) == 0
+	return len(trimLeadingWhitespace(trimNewline(line))) == 0
 }
 
 var utf8bom = []byte{0xEF, 0xBB, 0xBF}
 
-func trimContinuationCharacter(line string, d *Directive) (string, bool) {
+func trimContinuationCharacter(line string, d *directives) (string, bool) {
 	if d.lineContinuationRegex.MatchString(line) {
-		line = d.lineContinuationRegex.ReplaceAllString(line, "")
+		line = d.lineContinuationRegex.ReplaceAllString(line, "$1")
 		return line, false
 	}
 	return line, true
@@ -310,13 +479,28 @@ func trimContinuationCharacter(line string, d *Directive) (string, bool) {
 
 // TODO: remove stripLeftWhitespace after deprecation period. It seems silly
 // to preserve whitespace on continuation lines. Why is that done?
-func processLine(d *Directive, token []byte, stripLeftWhitespace bool) ([]byte, error) {
+func processLine(d *directives, token []byte, stripLeftWhitespace bool) ([]byte, error) {
+	token = trimNewline(token)
 	if stripLeftWhitespace {
-		token = trimWhitespace(token)
+		token = trimLeadingWhitespace(token)
 	}
 	return trimComments(token), d.possibleParserDirective(string(token))
 }
 
+// Variation of bufio.ScanLines that preserves the line endings
+func scanLines(data []byte, atEOF bool) (advance int, token []byte, err error) {
+	if atEOF && len(data) == 0 {
+		return 0, nil, nil
+	}
+	if i := bytes.IndexByte(data, '\n'); i >= 0 {
+		return i + 1, data[0 : i+1], nil
+	}
+	if atEOF {
+		return len(data), data, nil
+	}
+	return 0, nil, nil
+}
+
 func handleScannerError(err error) error {
 	switch err {
 	case bufio.ErrTooLong:
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/parser_heredoc.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/parser_heredoc.go
new file mode 100644
index 0000000000000..a053b9a2ac17b
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/parser_heredoc.go
@@ -0,0 +1,13 @@
+// +build dfheredoc
+
+package parser
+
+import "github.com/moby/buildkit/frontend/dockerfile/command"
+
+func init() {
+	heredocDirectives = map[string]bool{
+		command.Add:  true,
+		command.Copy: true,
+		command.Run:  true,
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/split_command.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/split_command.go
index 171f454f6da2c..337816718118b 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/split_command.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/parser/split_command.go
@@ -12,7 +12,7 @@ func splitCommand(line string) (string, []string, string, error) {
 	var flags []string
 
 	// Make sure we get the same results irrespective of leading/trailing spaces
-	cmdline := tokenWhitespace.Split(strings.TrimSpace(line), 2)
+	cmdline := reWhitespace.Split(strings.TrimSpace(line), 2)
 	cmd := strings.ToLower(cmdline[0])
 
 	if len(cmdline) == 2 {
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go
index c242546e559fa..d65913fffb3ad 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go
@@ -2,6 +2,7 @@ package shell
 
 import (
 	"bytes"
+	"fmt"
 	"strings"
 	"text/scanner"
 	"unicode"
@@ -17,7 +18,9 @@ import (
 // It doesn't support all flavors of ${xx:...} formats but new ones can
 // be added by adding code to the "special ${} format processing" section
 type Lex struct {
-	escapeToken rune
+	escapeToken  rune
+	RawQuotes    bool
+	SkipUnsetEnv bool
 }
 
 // NewLex creates a new Lex which uses escapeToken to escape quotes.
@@ -58,17 +61,21 @@ func (s *Lex) ProcessWordsWithMap(word string, env map[string]string) ([]string,
 
 func (s *Lex) process(word string, env map[string]string) (string, []string, error) {
 	sw := &shellWord{
-		envs:        env,
-		escapeToken: s.escapeToken,
+		envs:         env,
+		escapeToken:  s.escapeToken,
+		skipUnsetEnv: s.SkipUnsetEnv,
+		rawQuotes:    s.RawQuotes,
 	}
 	sw.scanner.Init(strings.NewReader(word))
 	return sw.process(word)
 }
 
 type shellWord struct {
-	scanner     scanner.Scanner
-	envs        map[string]string
-	escapeToken rune
+	scanner      scanner.Scanner
+	envs         map[string]string
+	escapeToken  rune
+	rawQuotes    bool
+	skipUnsetEnv bool
 }
 
 func (sw *shellWord) process(source string) (string, []string, error) {
@@ -103,10 +110,8 @@ func (w *wordsStruct) addRawChar(ch rune) {
 }
 
 func (w *wordsStruct) addString(str string) {
-	var scan scanner.Scanner
-	scan.Init(strings.NewReader(str))
-	for scan.Peek() != scanner.EOF {
-		w.addChar(scan.Next())
+	for _, ch := range str {
+		w.addChar(ch)
 	}
 }
 
@@ -196,14 +201,20 @@ func (sw *shellWord) processSingleQuote() (string, error) {
 
 	var result bytes.Buffer
 
-	sw.scanner.Next()
+	ch := sw.scanner.Next()
+	if sw.rawQuotes {
+		result.WriteRune(ch)
+	}
 
 	for {
-		ch := sw.scanner.Next()
+		ch = sw.scanner.Next()
 		switch ch {
 		case scanner.EOF:
 			return "", errors.New("unexpected end of statement while looking for matching single-quote")
 		case '\'':
+			if sw.rawQuotes {
+				result.WriteRune(ch)
+			}
 			return result.String(), nil
 		}
 		result.WriteRune(ch)
@@ -225,14 +236,20 @@ func (sw *shellWord) processDoubleQuote() (string, error) {
 
 	var result bytes.Buffer
 
-	sw.scanner.Next()
+	ch := sw.scanner.Next()
+	if sw.rawQuotes {
+		result.WriteRune(ch)
+	}
 
 	for {
 		switch sw.scanner.Peek() {
 		case scanner.EOF:
 			return "", errors.New("unexpected end of statement while looking for matching double-quote")
 		case '"':
-			sw.scanner.Next()
+			ch := sw.scanner.Next()
+			if sw.rawQuotes {
+				result.WriteRune(ch)
+			}
 			return result.String(), nil
 		case '$':
 			value, err := sw.processDollar()
@@ -269,7 +286,11 @@ func (sw *shellWord) processDollar() (string, error) {
 		if name == "" {
 			return "$", nil
 		}
-		return sw.getEnv(name), nil
+		value, found := sw.getEnv(name)
+		if !found && sw.skipUnsetEnv {
+			return "$" + name, nil
+		}
+		return value, nil
 	}
 
 	sw.scanner.Next()
@@ -285,7 +306,31 @@ func (sw *shellWord) processDollar() (string, error) {
 	switch ch {
 	case '}':
 		// Normal ${xx} case
-		return sw.getEnv(name), nil
+		value, found := sw.getEnv(name)
+		if !found && sw.skipUnsetEnv {
+			return fmt.Sprintf("${%s}", name), nil
+		}
+		return value, nil
+	case '?':
+		word, _, err := sw.processStopOn('}')
+		if err != nil {
+			if sw.scanner.Peek() == scanner.EOF {
+				return "", errors.New("syntax error: missing '}'")
+			}
+			return "", err
+		}
+		newValue, found := sw.getEnv(name)
+		if !found {
+			if sw.skipUnsetEnv {
+				return fmt.Sprintf("${%s?%s}", name, word), nil
+			}
+			message := "is not allowed to be unset"
+			if word != "" {
+				message = word
+			}
+			return "", errors.Errorf("%s: %s", name, message)
+		}
+		return newValue, nil
 	case ':':
 		// Special ${xx:...} format processing
 		// Yes it allows for recursive $'s in the ... spot
@@ -301,19 +346,46 @@ func (sw *shellWord) processDollar() (string, error) {
 
 		// Grab the current value of the variable in question so we
 		// can use to to determine what to do based on the modifier
-		newValue := sw.getEnv(name)
+		newValue, found := sw.getEnv(name)
 
 		switch modifier {
 		case '+':
 			if newValue != "" {
 				newValue = word
 			}
+			if !found && sw.skipUnsetEnv {
+				return fmt.Sprintf("${%s:%s%s}", name, string(modifier), word), nil
+			}
 			return newValue, nil
 
 		case '-':
 			if newValue == "" {
 				newValue = word
 			}
+			if !found && sw.skipUnsetEnv {
+				return fmt.Sprintf("${%s:%s%s}", name, string(modifier), word), nil
+			}
+
+			return newValue, nil
+
+		case '?':
+			if !found {
+				if sw.skipUnsetEnv {
+					return fmt.Sprintf("${%s:%s%s}", name, string(modifier), word), nil
+				}
+				message := "is not allowed to be unset"
+				if word != "" {
+					message = word
+				}
+				return "", errors.Errorf("%s: %s", name, message)
+			}
+			if newValue == "" {
+				message := "is not allowed to be empty"
+				if word != "" {
+					message = word
+				}
+				return "", errors.Errorf("%s: %s", name, message)
+			}
 			return newValue, nil
 
 		default:
@@ -364,13 +436,13 @@ func isSpecialParam(char rune) bool {
 	return false
 }
 
-func (sw *shellWord) getEnv(name string) string {
+func (sw *shellWord) getEnv(name string) (string, bool) {
 	for key, value := range sw.envs {
 		if EqualEnvKeys(name, key) {
-			return value
+			return value, true
 		}
 	}
-	return ""
+	return "", false
 }
 
 func BuildEnvs(env []string) map[string]string {
@@ -385,10 +457,7 @@ func BuildEnvs(env []string) map[string]string {
 			k := e[:i]
 			v := e[i+1:]
 
-			// If key already exists, keep previous value.
-			if _, ok := envs[k]; ok {
-				continue
-			}
+			// overwrite value if key already exists
 			envs[k] = v
 		}
 	}
diff --git a/vendor/github.com/moby/buildkit/frontend/frontend.go b/vendor/github.com/moby/buildkit/frontend/frontend.go
index 26b861f85e58c..091813a097fc1 100644
--- a/vendor/github.com/moby/buildkit/frontend/frontend.go
+++ b/vendor/github.com/moby/buildkit/frontend/frontend.go
@@ -2,27 +2,23 @@ package frontend
 
 import (
 	"context"
-	"io"
 
-	"github.com/moby/buildkit/cache"
-	"github.com/moby/buildkit/client"
-	"github.com/moby/buildkit/executor"
+	"github.com/moby/buildkit/client/llb"
 	gw "github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver/pb"
 	digest "github.com/opencontainers/go-digest"
 )
 
 type Frontend interface {
-	Solve(ctx context.Context, llb FrontendLLBBridge, opt map[string]string) (*Result, error)
+	Solve(ctx context.Context, llb FrontendLLBBridge, opt map[string]string, inputs map[string]*pb.Definition, sid string, sm *session.Manager) (*Result, error)
 }
 
 type FrontendLLBBridge interface {
-	Solve(ctx context.Context, req SolveRequest) (*Result, error)
-	ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (digest.Digest, []byte, error)
-	Exec(ctx context.Context, meta executor.Meta, rootfs cache.ImmutableRef, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error
+	Solve(ctx context.Context, req SolveRequest, sid string) (*Result, error)
+	ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt) (digest.Digest, []byte, error)
 }
 
 type SolveRequest = gw.SolveRequest
 
-type WorkerInfos interface {
-	WorkerInfos() []client.WorkerInfo
-}
+type CacheOptionsEntry = gw.CacheOptionsEntry
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/client/client.go b/vendor/github.com/moby/buildkit/frontend/gateway/client/client.go
index 3723538794585..09d86cad820c1 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/client/client.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/client/client.go
@@ -2,7 +2,9 @@ package client
 
 import (
 	"context"
+	"io"
 
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/apicaps"
 	digest "github.com/opencontainers/go-digest"
@@ -12,11 +14,71 @@ import (
 
 type Client interface {
 	Solve(ctx context.Context, req SolveRequest) (*Result, error)
-	ResolveImageConfig(ctx context.Context, ref string, opt ResolveImageConfigOpt) (digest.Digest, []byte, error)
+	ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt) (digest.Digest, []byte, error)
 	BuildOpts() BuildOpts
+	Inputs(ctx context.Context) (map[string]llb.State, error)
+	NewContainer(ctx context.Context, req NewContainerRequest) (Container, error)
+}
+
+// NewContainerRequest encapsulates the requirements for a client to define a
+// new container, without defining the initial process.
+type NewContainerRequest struct {
+	Mounts      []Mount
+	NetMode     pb.NetMode
+	Platform    *pb.Platform
+	Constraints *pb.WorkerConstraints
+}
+
+// Mount allows clients to specify a filesystem mount. A Reference to a
+// previously solved Result is required.
+type Mount struct {
+	Selector  string
+	Dest      string
+	ResultID  string
+	Ref       Reference
+	Readonly  bool
+	MountType pb.MountType
+	CacheOpt  *pb.CacheOpt
+	SecretOpt *pb.SecretOpt
+	SSHOpt    *pb.SSHOpt
+}
+
+// Container is used to start new processes inside a container and release the
+// container resources when done.
+type Container interface {
+	Start(context.Context, StartRequest) (ContainerProcess, error)
+	Release(context.Context) error
+}
+
+// StartRequest encapsulates the arguments to define a process within a
+// container.
+type StartRequest struct {
+	Args           []string
+	Env            []string
+	User           string
+	Cwd            string
+	Tty            bool
+	Stdin          io.ReadCloser
+	Stdout, Stderr io.WriteCloser
+	SecurityMode   pb.SecurityMode
+}
+
+// WinSize is same as executor.WinSize, copied here to prevent circular package
+// dependencies.
+type WinSize struct {
+	Rows uint32
+	Cols uint32
+}
+
+// ContainerProcess represents a process within a container.
+type ContainerProcess interface {
+	Wait() error
+	Resize(ctx context.Context, size WinSize) error
+	// TODO Signal(ctx context.Context, sig os.Signal)
 }
 
 type Reference interface {
+	ToState() (llb.State, error)
 	ReadFile(ctx context.Context, req ReadRequest) ([]byte, error)
 	StatFile(ctx context.Context, req StatRequest) (*fstypes.Stat, error)
 	ReadDir(ctx context.Context, req ReadDirRequest) ([]*fstypes.Stat, error)
@@ -43,10 +105,17 @@ type StatRequest struct {
 
 // SolveRequest is same as frontend.SolveRequest but avoiding dependency
 type SolveRequest struct {
-	Definition      *pb.Definition
-	Frontend        string
-	FrontendOpt     map[string]string
-	ImportCacheRefs []string
+	Evaluate       bool
+	Definition     *pb.Definition
+	Frontend       string
+	FrontendOpt    map[string]string
+	FrontendInputs map[string]*pb.Definition
+	CacheImports   []CacheOptionsEntry
+}
+
+type CacheOptionsEntry struct {
+	Type  string
+	Attrs map[string]string
 }
 
 type WorkerInfo struct {
@@ -63,9 +132,3 @@ type BuildOpts struct {
 	LLBCaps   apicaps.CapSet
 	Caps      apicaps.CapSet
 }
-
-type ResolveImageConfigOpt struct {
-	Platform    *specs.Platform
-	ResolveMode string
-	LogName     string
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/container.go b/vendor/github.com/moby/buildkit/frontend/gateway/container.go
new file mode 100644
index 0000000000000..f234401f2061f
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/container.go
@@ -0,0 +1,437 @@
+package gateway
+
+import (
+	"context"
+	"fmt"
+	"path/filepath"
+	"runtime"
+	"sort"
+	"strings"
+	"sync"
+
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/executor"
+	"github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver/llbsolver/mounts"
+	opspb "github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/stack"
+	utilsystem "github.com/moby/buildkit/util/system"
+	"github.com/moby/buildkit/worker"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
+)
+
+type NewContainerRequest struct {
+	ContainerID string
+	NetMode     opspb.NetMode
+	Mounts      []Mount
+	Platform    *opspb.Platform
+	Constraints *opspb.WorkerConstraints
+}
+
+// Mount used for the gateway.Container is nearly identical to the client.Mount
+// except is has a RefProxy instead of Ref to allow for a common abstraction
+// between gateway clients.
+type Mount struct {
+	*opspb.Mount
+	WorkerRef *worker.WorkerRef
+}
+
+func NewContainer(ctx context.Context, w worker.Worker, sm *session.Manager, g session.Group, req NewContainerRequest) (client.Container, error) {
+	ctx, cancel := context.WithCancel(ctx)
+	eg, ctx := errgroup.WithContext(ctx)
+	platform := opspb.Platform{
+		OS:           runtime.GOOS,
+		Architecture: runtime.GOARCH,
+	}
+	if req.Platform != nil {
+		platform = *req.Platform
+	}
+	ctr := &gatewayContainer{
+		id:       req.ContainerID,
+		netMode:  req.NetMode,
+		platform: platform,
+		executor: w.Executor(),
+		errGroup: eg,
+		ctx:      ctx,
+		cancel:   cancel,
+	}
+
+	var (
+		mnts []*opspb.Mount
+		refs []*worker.WorkerRef
+	)
+	for _, m := range req.Mounts {
+		mnts = append(mnts, m.Mount)
+		if m.WorkerRef != nil {
+			refs = append(refs, m.WorkerRef)
+			m.Mount.Input = opspb.InputIndex(len(refs) - 1)
+		} else {
+			m.Mount.Input = opspb.Empty
+		}
+	}
+
+	name := fmt.Sprintf("container %s", req.ContainerID)
+	mm := mounts.NewMountManager(name, w.CacheManager(), sm, w.MetadataStore())
+	p, err := PrepareMounts(ctx, mm, w.CacheManager(), g, "", mnts, refs, func(m *opspb.Mount, ref cache.ImmutableRef) (cache.MutableRef, error) {
+		cm := w.CacheManager()
+		if m.Input != opspb.Empty {
+			cm = refs[m.Input].Worker.CacheManager()
+		}
+		return cm.New(ctx, ref, g)
+
+	})
+	if err != nil {
+		for i := len(p.Actives) - 1; i >= 0; i-- { // call in LIFO order
+			p.Actives[i].Ref.Release(context.TODO())
+		}
+		for _, o := range p.OutputRefs {
+			o.Ref.Release(context.TODO())
+		}
+		return nil, err
+	}
+	ctr.rootFS = p.Root
+	ctr.mounts = p.Mounts
+
+	for _, o := range p.OutputRefs {
+		o := o
+		ctr.cleanup = append(ctr.cleanup, func() error {
+			return o.Ref.Release(context.TODO())
+		})
+	}
+	for _, active := range p.Actives {
+		active := active
+		ctr.cleanup = append(ctr.cleanup, func() error {
+			return active.Ref.Release(context.TODO())
+		})
+	}
+
+	return ctr, nil
+}
+
+type PreparedMounts struct {
+	Root           executor.Mount
+	ReadonlyRootFS bool
+	Mounts         []executor.Mount
+	OutputRefs     []MountRef
+	Actives        []MountMutableRef
+}
+
+type MountRef struct {
+	Ref        cache.Ref
+	MountIndex int
+}
+
+type MountMutableRef struct {
+	Ref        cache.MutableRef
+	MountIndex int
+	NoCommit   bool
+}
+
+type MakeMutable func(m *opspb.Mount, ref cache.ImmutableRef) (cache.MutableRef, error)
+
+func PrepareMounts(ctx context.Context, mm *mounts.MountManager, cm cache.Manager, g session.Group, cwd string, mnts []*opspb.Mount, refs []*worker.WorkerRef, makeMutable MakeMutable) (p PreparedMounts, err error) {
+	// loop over all mounts, fill in mounts, root and outputs
+	for i, m := range mnts {
+		var (
+			mountable cache.Mountable
+			ref       cache.ImmutableRef
+		)
+
+		if m.Dest == opspb.RootMount && m.MountType != opspb.MountType_BIND {
+			return p, errors.Errorf("invalid mount type %s for %s", m.MountType.String(), m.Dest)
+		}
+
+		// if mount is based on input validate and load it
+		if m.Input != opspb.Empty {
+			if int(m.Input) >= len(refs) {
+				return p, errors.Errorf("missing input %d", m.Input)
+			}
+			ref = refs[int(m.Input)].ImmutableRef
+			mountable = ref
+		}
+
+		switch m.MountType {
+		case opspb.MountType_BIND:
+			// if mount creates an output
+			if m.Output != opspb.SkipOutput {
+				// if it is readonly and not root then output is the input
+				if m.Readonly && ref != nil && m.Dest != opspb.RootMount {
+					p.OutputRefs = append(p.OutputRefs, MountRef{
+						MountIndex: i,
+						Ref:        ref.Clone(),
+					})
+				} else {
+					// otherwise output and mount is the mutable child
+					active, err := makeMutable(m, ref)
+					if err != nil {
+						return p, err
+					}
+					mountable = active
+					p.OutputRefs = append(p.OutputRefs, MountRef{
+						MountIndex: i,
+						Ref:        active,
+					})
+				}
+			} else if (!m.Readonly || ref == nil) && m.Dest != opspb.RootMount {
+				// this case is empty readonly scratch without output that is not really useful for anything but don't error
+				active, err := makeMutable(m, ref)
+				if err != nil {
+					return p, err
+				}
+				p.Actives = append(p.Actives, MountMutableRef{
+					MountIndex: i,
+					Ref:        active,
+				})
+				mountable = active
+			}
+
+		case opspb.MountType_CACHE:
+			active, err := mm.MountableCache(ctx, m, ref, g)
+			if err != nil {
+				return p, err
+			}
+			mountable = active
+			p.Actives = append(p.Actives, MountMutableRef{
+				MountIndex: i,
+				Ref:        active,
+				NoCommit:   true,
+			})
+			if m.Output != opspb.SkipOutput && ref != nil {
+				p.OutputRefs = append(p.OutputRefs, MountRef{
+					MountIndex: i,
+					Ref:        ref.Clone(),
+				})
+			}
+
+		case opspb.MountType_TMPFS:
+			mountable = mm.MountableTmpFS()
+		case opspb.MountType_SECRET:
+			var err error
+			mountable, err = mm.MountableSecret(ctx, m, g)
+			if err != nil {
+				return p, err
+			}
+			if mountable == nil {
+				continue
+			}
+		case opspb.MountType_SSH:
+			var err error
+			mountable, err = mm.MountableSSH(ctx, m, g)
+			if err != nil {
+				return p, err
+			}
+			if mountable == nil {
+				continue
+			}
+
+		default:
+			return p, errors.Errorf("mount type %s not implemented", m.MountType)
+		}
+
+		// validate that there is a mount
+		if mountable == nil {
+			return p, errors.Errorf("mount %s has no input", m.Dest)
+		}
+
+		// if dest is root we need mutable ref even if there is no output
+		if m.Dest == opspb.RootMount {
+			root := mountable
+			p.ReadonlyRootFS = m.Readonly
+			if m.Output == opspb.SkipOutput && p.ReadonlyRootFS {
+				active, err := makeMutable(m, ref)
+				if err != nil {
+					return p, err
+				}
+				p.Actives = append(p.Actives, MountMutableRef{
+					MountIndex: i,
+					Ref:        active,
+				})
+				root = active
+			}
+			p.Root = mountWithSession(root, g)
+		} else {
+			mws := mountWithSession(mountable, g)
+			dest := m.Dest
+			if !filepath.IsAbs(filepath.Clean(dest)) {
+				dest = filepath.Join("/", cwd, dest)
+			}
+			mws.Dest = dest
+			mws.Readonly = m.Readonly
+			mws.Selector = m.Selector
+			p.Mounts = append(p.Mounts, mws)
+		}
+	}
+
+	// sort mounts so parents are mounted first
+	sort.Slice(p.Mounts, func(i, j int) bool {
+		return p.Mounts[i].Dest < p.Mounts[j].Dest
+	})
+
+	return p, nil
+}
+
+type gatewayContainer struct {
+	id       string
+	netMode  opspb.NetMode
+	platform opspb.Platform
+	rootFS   executor.Mount
+	mounts   []executor.Mount
+	executor executor.Executor
+	started  bool
+	errGroup *errgroup.Group
+	mu       sync.Mutex
+	cleanup  []func() error
+	ctx      context.Context
+	cancel   func()
+}
+
+func (gwCtr *gatewayContainer) Start(ctx context.Context, req client.StartRequest) (client.ContainerProcess, error) {
+	resize := make(chan executor.WinSize)
+	procInfo := executor.ProcessInfo{
+		Meta: executor.Meta{
+			Args:         req.Args,
+			Env:          req.Env,
+			User:         req.User,
+			Cwd:          req.Cwd,
+			Tty:          req.Tty,
+			NetMode:      gwCtr.netMode,
+			SecurityMode: req.SecurityMode,
+		},
+		Stdin:  req.Stdin,
+		Stdout: req.Stdout,
+		Stderr: req.Stderr,
+		Resize: resize,
+	}
+	if procInfo.Meta.Cwd == "" {
+		procInfo.Meta.Cwd = "/"
+	}
+	procInfo.Meta.Env = addDefaultEnvvar(procInfo.Meta.Env, "PATH", utilsystem.DefaultPathEnv(gwCtr.platform.OS))
+	if req.Tty {
+		procInfo.Meta.Env = addDefaultEnvvar(procInfo.Meta.Env, "TERM", "xterm")
+	}
+
+	// mark that we have started on the first call to execProcess for this
+	// container, so that future calls will call Exec rather than Run
+	gwCtr.mu.Lock()
+	started := gwCtr.started
+	gwCtr.started = true
+	gwCtr.mu.Unlock()
+
+	eg, ctx := errgroup.WithContext(gwCtr.ctx)
+	gwProc := &gatewayContainerProcess{
+		resize:   resize,
+		errGroup: eg,
+		groupCtx: ctx,
+	}
+
+	if !started {
+		startedCh := make(chan struct{})
+		gwProc.errGroup.Go(func() error {
+			logrus.Debugf("Starting new container for %s with args: %q", gwCtr.id, procInfo.Meta.Args)
+			err := gwCtr.executor.Run(ctx, gwCtr.id, gwCtr.rootFS, gwCtr.mounts, procInfo, startedCh)
+			return stack.Enable(err)
+		})
+		select {
+		case <-ctx.Done():
+		case <-startedCh:
+		}
+	} else {
+		gwProc.errGroup.Go(func() error {
+			logrus.Debugf("Execing into container %s with args: %q", gwCtr.id, procInfo.Meta.Args)
+			err := gwCtr.executor.Exec(ctx, gwCtr.id, procInfo)
+			return stack.Enable(err)
+		})
+	}
+
+	gwCtr.errGroup.Go(gwProc.errGroup.Wait)
+
+	return gwProc, nil
+}
+
+func (gwCtr *gatewayContainer) Release(ctx context.Context) error {
+	gwCtr.cancel()
+	err1 := gwCtr.errGroup.Wait()
+
+	var err2 error
+	for i := len(gwCtr.cleanup) - 1; i >= 0; i-- { // call in LIFO order
+		err := gwCtr.cleanup[i]()
+		if err2 == nil {
+			err2 = err
+		}
+	}
+
+	if err1 != nil {
+		return stack.Enable(err1)
+	}
+	return stack.Enable(err2)
+}
+
+type gatewayContainerProcess struct {
+	errGroup *errgroup.Group
+	groupCtx context.Context
+	resize   chan<- executor.WinSize
+	mu       sync.Mutex
+}
+
+func (gwProc *gatewayContainerProcess) Wait() error {
+	err := stack.Enable(gwProc.errGroup.Wait())
+	gwProc.mu.Lock()
+	defer gwProc.mu.Unlock()
+	close(gwProc.resize)
+	return err
+}
+
+func (gwProc *gatewayContainerProcess) Resize(ctx context.Context, size client.WinSize) error {
+	gwProc.mu.Lock()
+	defer gwProc.mu.Unlock()
+
+	//  is the container done or should we proceed with sending event?
+	select {
+	case <-gwProc.groupCtx.Done():
+		return nil
+	case <-ctx.Done():
+		return nil
+	default:
+	}
+
+	// now we select on contexts again in case p.resize blocks b/c
+	// container no longer reading from it.  In that case when
+	// the errgroup finishes we want to unblock on the write
+	// and exit
+	select {
+	case <-gwProc.groupCtx.Done():
+	case <-ctx.Done():
+	case gwProc.resize <- executor.WinSize{Cols: size.Cols, Rows: size.Rows}:
+	}
+	return nil
+}
+
+func addDefaultEnvvar(env []string, k, v string) []string {
+	for _, e := range env {
+		if strings.HasPrefix(e, k+"=") {
+			return env
+		}
+	}
+	return append(env, k+"="+v)
+}
+
+func mountWithSession(m cache.Mountable, g session.Group) executor.Mount {
+	_, readonly := m.(cache.ImmutableRef)
+	return executor.Mount{
+		Src:      &mountable{m: m, g: g},
+		Readonly: readonly,
+	}
+}
+
+type mountable struct {
+	m cache.Mountable
+	g session.Group
+}
+
+func (m *mountable) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
+	return m.m.Mount(ctx, readonly, m.g)
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/errdefs/exit.go b/vendor/github.com/moby/buildkit/frontend/gateway/errdefs/exit.go
new file mode 100644
index 0000000000000..f98a148de4a2c
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/errdefs/exit.go
@@ -0,0 +1,34 @@
+package errdefs
+
+import "fmt"
+
+const (
+	// UnknownExitStatus might be returned in (*ExitError).ExitCode via
+	// ContainerProcess.Wait.  This can happen if the process never starts
+	// or if an error was encountered when obtaining the exit status, it is set to 255.
+	//
+	// This const is defined here to prevent importing github.com/containerd/containerd
+	// and corresponds with https://github.com/containerd/containerd/blob/40b22ef0741028917761d8c5d5d29e0d19038836/task.go#L52-L55
+	UnknownExitStatus = 255
+)
+
+// ExitError will be returned when the container process exits with a non-zero
+// exit code.
+type ExitError struct {
+	ExitCode uint32
+	Err      error
+}
+
+func (err *ExitError) Error() string {
+	if err.Err != nil {
+		return err.Err.Error()
+	}
+	return fmt.Sprintf("exit code: %d", err.ExitCode)
+}
+
+func (err *ExitError) Unwrap() error {
+	if err.Err == nil {
+		return fmt.Errorf("exit code: %d", err.ExitCode)
+	}
+	return err.Err
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/forwarder/forward.go b/vendor/github.com/moby/buildkit/frontend/gateway/forwarder/forward.go
index 23eb227fb1aa2..1476ae69a880d 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/forwarder/forward.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/forwarder/forward.go
@@ -4,62 +4,80 @@ import (
 	"context"
 	"sync"
 
-	"github.com/moby/buildkit/cache"
 	cacheutil "github.com/moby/buildkit/cache/util"
-	clienttypes "github.com/moby/buildkit/client"
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/frontend"
+	"github.com/moby/buildkit/frontend/gateway"
 	"github.com/moby/buildkit/frontend/gateway/client"
 	gwpb "github.com/moby/buildkit/frontend/gateway/pb"
+	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/snapshot"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/errdefs"
+	llberrdefs "github.com/moby/buildkit/solver/llbsolver/errdefs"
 	opspb "github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/apicaps"
 	"github.com/moby/buildkit/worker"
 	"github.com/pkg/errors"
 	fstypes "github.com/tonistiigi/fsutil/types"
+	"golang.org/x/sync/errgroup"
 )
 
-func llbBridgeToGatewayClient(ctx context.Context, llbBridge frontend.FrontendLLBBridge, opts map[string]string, workerInfos []clienttypes.WorkerInfo) (*bridgeClient, error) {
+func llbBridgeToGatewayClient(ctx context.Context, llbBridge frontend.FrontendLLBBridge, opts map[string]string, inputs map[string]*opspb.Definition, w worker.Infos, sid string, sm *session.Manager) (*bridgeClient, error) {
 	return &bridgeClient{
 		opts:              opts,
+		inputs:            inputs,
 		FrontendLLBBridge: llbBridge,
-		sid:               session.FromContext(ctx),
-		workerInfos:       workerInfos,
+		sid:               sid,
+		sm:                sm,
+		workers:           w,
 		final:             map[*ref]struct{}{},
+		workerRefByID:     make(map[string]*worker.WorkerRef),
 	}, nil
 }
 
 type bridgeClient struct {
 	frontend.FrontendLLBBridge
-	mu           sync.Mutex
-	opts         map[string]string
-	final        map[*ref]struct{}
-	sid          string
-	exporterAttr map[string][]byte
-	refs         []*ref
-	workerInfos  []clienttypes.WorkerInfo
+	mu            sync.Mutex
+	opts          map[string]string
+	inputs        map[string]*opspb.Definition
+	final         map[*ref]struct{}
+	sid           string
+	sm            *session.Manager
+	refs          []*ref
+	workers       worker.Infos
+	workerRefByID map[string]*worker.WorkerRef
 }
 
 func (c *bridgeClient) Solve(ctx context.Context, req client.SolveRequest) (*client.Result, error) {
 	res, err := c.FrontendLLBBridge.Solve(ctx, frontend.SolveRequest{
-		Definition:      req.Definition,
-		Frontend:        req.Frontend,
-		FrontendOpt:     req.FrontendOpt,
-		ImportCacheRefs: req.ImportCacheRefs,
-	})
+		Evaluate:       req.Evaluate,
+		Definition:     req.Definition,
+		Frontend:       req.Frontend,
+		FrontendOpt:    req.FrontendOpt,
+		FrontendInputs: req.FrontendInputs,
+		CacheImports:   req.CacheImports,
+	}, c.sid)
 	if err != nil {
-		return nil, err
+		return nil, c.wrapSolveError(err)
 	}
 
 	cRes := &client.Result{}
 	c.mu.Lock()
 	for k, r := range res.Refs {
-		rr := &ref{r}
+		rr, err := c.newRef(r, session.NewGroup(c.sid))
+		if err != nil {
+			return nil, err
+		}
 		c.refs = append(c.refs, rr)
 		cRes.AddRef(k, rr)
 	}
 	if r := res.Ref; r != nil {
-		rr := &ref{r}
+		rr, err := c.newRef(r, session.NewGroup(c.sid))
+		if err != nil {
+			return nil, err
+		}
 		c.refs = append(c.refs, rr)
 		cRes.SetRef(rr)
 	}
@@ -69,8 +87,8 @@ func (c *bridgeClient) Solve(ctx context.Context, req client.SolveRequest) (*cli
 	return cRes, nil
 }
 func (c *bridgeClient) BuildOpts() client.BuildOpts {
-	workers := make([]client.WorkerInfo, 0, len(c.workerInfos))
-	for _, w := range c.workerInfos {
+	workers := make([]client.WorkerInfo, 0, len(c.workers.WorkerInfos()))
+	for _, w := range c.workers.WorkerInfos() {
 		workers = append(workers, client.WorkerInfo{
 			ID:        w.ID,
 			Labels:    w.Labels,
@@ -88,6 +106,71 @@ func (c *bridgeClient) BuildOpts() client.BuildOpts {
 	}
 }
 
+func (c *bridgeClient) Inputs(ctx context.Context) (map[string]llb.State, error) {
+	inputs := make(map[string]llb.State)
+	for key, def := range c.inputs {
+		defop, err := llb.NewDefinitionOp(def)
+		if err != nil {
+			return nil, err
+		}
+		inputs[key] = llb.NewState(defop)
+	}
+	return inputs, nil
+}
+
+func (c *bridgeClient) wrapSolveError(solveErr error) error {
+	var (
+		ee       *llberrdefs.ExecError
+		fae      *llberrdefs.FileActionError
+		sce      *solver.SlowCacheError
+		inputIDs []string
+		mountIDs []string
+		subject  errdefs.IsSolve_Subject
+	)
+	if errors.As(solveErr, &ee) {
+		var err error
+		inputIDs, err = c.registerResultIDs(ee.Inputs...)
+		if err != nil {
+			return err
+		}
+		mountIDs, err = c.registerResultIDs(ee.Mounts...)
+		if err != nil {
+			return err
+		}
+	}
+	if errors.As(solveErr, &fae) {
+		subject = fae.ToSubject()
+	}
+	if errors.As(solveErr, &sce) {
+		var err error
+		inputIDs, err = c.registerResultIDs(sce.Result)
+		if err != nil {
+			return err
+		}
+		subject = sce.ToSubject()
+	}
+	return errdefs.WithSolveError(solveErr, subject, inputIDs, mountIDs)
+}
+
+func (c *bridgeClient) registerResultIDs(results ...solver.Result) (ids []string, err error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	ids = make([]string, len(results))
+	for i, res := range results {
+		if res == nil {
+			continue
+		}
+		workerRef, ok := res.Sys().(*worker.WorkerRef)
+		if !ok {
+			return ids, errors.Errorf("unexpected type for result, got %T", res.Sys())
+		}
+		ids[i] = workerRef.ID()
+		c.workerRefByID[workerRef.ID()] = workerRef
+	}
+	return ids, nil
+}
+
 func (c *bridgeClient) toFrontendResult(r *client.Result) (*frontend.Result, error) {
 	if r == nil {
 		return nil, nil
@@ -96,14 +179,14 @@ func (c *bridgeClient) toFrontendResult(r *client.Result) (*frontend.Result, err
 	res := &frontend.Result{}
 
 	if r.Refs != nil {
-		res.Refs = make(map[string]solver.CachedResult, len(r.Refs))
+		res.Refs = make(map[string]solver.ResultProxy, len(r.Refs))
 		for k, r := range r.Refs {
 			rr, ok := r.(*ref)
 			if !ok {
 				return nil, errors.Errorf("invalid reference type for forward %T", r)
 			}
 			c.final[rr] = struct{}{}
-			res.Refs[k] = rr.CachedResult
+			res.Refs[k] = rr.ResultProxy
 		}
 	}
 	if r := r.Ref; r != nil {
@@ -112,7 +195,7 @@ func (c *bridgeClient) toFrontendResult(r *client.Result) (*frontend.Result, err
 			return nil, errors.Errorf("invalid reference type for forward %T", r)
 		}
 		c.final[rr] = struct{}{}
-		res.Ref = rr.CachedResult
+		res.Ref = rr.ResultProxy
 	}
 	res.Metadata = r.Metadata
 
@@ -120,6 +203,10 @@ func (c *bridgeClient) toFrontendResult(r *client.Result) (*frontend.Result, err
 }
 
 func (c *bridgeClient) discard(err error) {
+	for id, workerRef := range c.workerRefByID {
+		workerRef.ImmutableRef.Release(context.TODO())
+		delete(c.workerRefByID, id)
+	}
 	for _, r := range c.refs {
 		if r != nil {
 			if _, ok := c.final[r]; !ok || err != nil {
@@ -129,12 +216,95 @@ func (c *bridgeClient) discard(err error) {
 	}
 }
 
+func (c *bridgeClient) NewContainer(ctx context.Context, req client.NewContainerRequest) (client.Container, error) {
+	ctrReq := gateway.NewContainerRequest{
+		ContainerID: identity.NewID(),
+		NetMode:     req.NetMode,
+		Mounts:      make([]gateway.Mount, len(req.Mounts)),
+	}
+
+	eg, ctx := errgroup.WithContext(ctx)
+
+	for i, m := range req.Mounts {
+		i, m := i, m
+		eg.Go(func() error {
+			var workerRef *worker.WorkerRef
+			if m.Ref != nil {
+				refProxy, ok := m.Ref.(*ref)
+				if !ok {
+					return errors.Errorf("unexpected Ref type: %T", m.Ref)
+				}
+
+				res, err := refProxy.Result(ctx)
+				if err != nil {
+					return err
+				}
+
+				workerRef, ok = res.Sys().(*worker.WorkerRef)
+				if !ok {
+					return errors.Errorf("invalid ref: %T", res.Sys())
+				}
+			} else if m.ResultID != "" {
+				var ok bool
+				workerRef, ok = c.workerRefByID[m.ResultID]
+				if !ok {
+					return errors.Errorf("failed to find ref %s for %q mount", m.ResultID, m.Dest)
+				}
+			}
+			ctrReq.Mounts[i] = gateway.Mount{
+				WorkerRef: workerRef,
+				Mount: &opspb.Mount{
+					Dest:      m.Dest,
+					Selector:  m.Selector,
+					Readonly:  m.Readonly,
+					MountType: m.MountType,
+					CacheOpt:  m.CacheOpt,
+					SecretOpt: m.SecretOpt,
+					SSHOpt:    m.SSHOpt,
+				},
+			}
+			return nil
+		})
+	}
+
+	err := eg.Wait()
+	if err != nil {
+		return nil, err
+	}
+
+	w, err := c.workers.GetDefault()
+	if err != nil {
+		return nil, err
+	}
+
+	group := session.NewGroup(c.sid)
+	ctr, err := gateway.NewContainer(ctx, w, c.sm, group, ctrReq)
+	if err != nil {
+		return nil, err
+	}
+	return ctr, nil
+}
+
 type ref struct {
-	solver.CachedResult
+	solver.ResultProxy
+	session session.Group
+	c       *bridgeClient
+}
+
+func (c *bridgeClient) newRef(r solver.ResultProxy, s session.Group) (*ref, error) {
+	return &ref{ResultProxy: r, session: s, c: c}, nil
+}
+
+func (r *ref) ToState() (st llb.State, err error) {
+	defop, err := llb.NewDefinitionOp(r.Definition())
+	if err != nil {
+		return st, err
+	}
+	return llb.NewState(defop), nil
 }
 
 func (r *ref) ReadFile(ctx context.Context, req client.ReadRequest) ([]byte, error) {
-	ref, err := r.getImmutableRef()
+	m, err := r.getMountable(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -147,11 +317,11 @@ func (r *ref) ReadFile(ctx context.Context, req client.ReadRequest) ([]byte, err
 			Length: r.Length,
 		}
 	}
-	return cacheutil.ReadFile(ctx, ref, newReq)
+	return cacheutil.ReadFile(ctx, m, newReq)
 }
 
 func (r *ref) ReadDir(ctx context.Context, req client.ReadDirRequest) ([]*fstypes.Stat, error) {
-	ref, err := r.getImmutableRef()
+	m, err := r.getMountable(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -159,21 +329,25 @@ func (r *ref) ReadDir(ctx context.Context, req client.ReadDirRequest) ([]*fstype
 		Path:           req.Path,
 		IncludePattern: req.IncludePattern,
 	}
-	return cacheutil.ReadDir(ctx, ref, newReq)
+	return cacheutil.ReadDir(ctx, m, newReq)
 }
 
 func (r *ref) StatFile(ctx context.Context, req client.StatRequest) (*fstypes.Stat, error) {
-	ref, err := r.getImmutableRef()
+	m, err := r.getMountable(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return cacheutil.StatFile(ctx, ref, req.Path)
+	return cacheutil.StatFile(ctx, m, req.Path)
 }
 
-func (r *ref) getImmutableRef() (cache.ImmutableRef, error) {
-	ref, ok := r.CachedResult.Sys().(*worker.WorkerRef)
+func (r *ref) getMountable(ctx context.Context) (snapshot.Mountable, error) {
+	rr, err := r.ResultProxy.Result(ctx)
+	if err != nil {
+		return nil, r.c.wrapSolveError(err)
+	}
+	ref, ok := rr.Sys().(*worker.WorkerRef)
 	if !ok {
-		return nil, errors.Errorf("invalid ref: %T", r.CachedResult.Sys())
+		return nil, errors.Errorf("invalid ref: %T", rr.Sys())
 	}
-	return ref.ImmutableRef, nil
+	return ref.ImmutableRef.Mount(ctx, true, r.session)
 }
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/forwarder/frontend.go b/vendor/github.com/moby/buildkit/frontend/gateway/forwarder/frontend.go
index 61a187dc37796..7cd25a0e8ea09 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/forwarder/frontend.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/forwarder/frontend.go
@@ -5,9 +5,12 @@ import (
 
 	"github.com/moby/buildkit/frontend"
 	"github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/worker"
 )
 
-func NewGatewayForwarder(w frontend.WorkerInfos, f client.BuildFunc) frontend.Frontend {
+func NewGatewayForwarder(w worker.Infos, f client.BuildFunc) frontend.Frontend {
 	return &GatewayForwarder{
 		workers: w,
 		f:       f,
@@ -15,12 +18,12 @@ func NewGatewayForwarder(w frontend.WorkerInfos, f client.BuildFunc) frontend.Fr
 }
 
 type GatewayForwarder struct {
-	workers frontend.WorkerInfos
+	workers worker.Infos
 	f       client.BuildFunc
 }
 
-func (gf *GatewayForwarder) Solve(ctx context.Context, llbBridge frontend.FrontendLLBBridge, opts map[string]string) (retRes *frontend.Result, retErr error) {
-	c, err := llbBridgeToGatewayClient(ctx, llbBridge, opts, gf.workers.WorkerInfos())
+func (gf *GatewayForwarder) Solve(ctx context.Context, llbBridge frontend.FrontendLLBBridge, opts map[string]string, inputs map[string]*pb.Definition, sid string, sm *session.Manager) (retRes *frontend.Result, retErr error) {
+	c, err := llbBridgeToGatewayClient(ctx, llbBridge, opts, inputs, gf.workers, sid, sm)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/gateway.go b/vendor/github.com/moby/buildkit/frontend/gateway/gateway.go
index 18a28b0183cdb..1e6e4869068ef 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/gateway.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/gateway.go
@@ -7,11 +7,15 @@ import (
 	"io"
 	"net"
 	"os"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
 
 	"github.com/docker/distribution/reference"
+	"github.com/gogo/googleapis/google/rpc"
+	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/golang/protobuf/ptypes/any"
 	apitypes "github.com/moby/buildkit/api/types"
 	"github.com/moby/buildkit/cache"
 	cacheutil "github.com/moby/buildkit/cache/util"
@@ -20,21 +24,29 @@ import (
 	"github.com/moby/buildkit/executor"
 	"github.com/moby/buildkit/exporter/containerimage/exptypes"
 	"github.com/moby/buildkit/frontend"
-	gw "github.com/moby/buildkit/frontend/gateway/client"
+	gwclient "github.com/moby/buildkit/frontend/gateway/client"
+	gwerrdefs "github.com/moby/buildkit/frontend/gateway/errdefs"
 	pb "github.com/moby/buildkit/frontend/gateway/pb"
 	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/errdefs"
+	llberrdefs "github.com/moby/buildkit/solver/llbsolver/errdefs"
 	opspb "github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/apicaps"
+	"github.com/moby/buildkit/util/grpcerrors"
+	"github.com/moby/buildkit/util/stack"
 	"github.com/moby/buildkit/util/tracing"
 	"github.com/moby/buildkit/worker"
+	"github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/net/http2"
+	"golang.org/x/sync/errgroup"
 	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/health"
 	"google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/grpc/status"
@@ -45,14 +57,14 @@ const (
 	keyDevel  = "gateway-devel"
 )
 
-func NewGatewayFrontend(w frontend.WorkerInfos) frontend.Frontend {
+func NewGatewayFrontend(w worker.Infos) frontend.Frontend {
 	return &gatewayFrontend{
 		workers: w,
 	}
 }
 
 type gatewayFrontend struct {
-	workers frontend.WorkerInfos
+	workers worker.Infos
 }
 
 func filterPrefix(opts map[string]string, pfx string) map[string]string {
@@ -65,41 +77,50 @@ func filterPrefix(opts map[string]string, pfx string) map[string]string {
 	return m
 }
 
-func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.FrontendLLBBridge, opts map[string]string) (*frontend.Result, error) {
+func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.FrontendLLBBridge, opts map[string]string, inputs map[string]*opspb.Definition, sid string, sm *session.Manager) (*frontend.Result, error) {
 	source, ok := opts[keySource]
 	if !ok {
 		return nil, errors.Errorf("no source specified for gateway")
 	}
 
-	sid := session.FromContext(ctx)
-
 	_, isDevel := opts[keyDevel]
 	var img specs.Image
-	var rootFS cache.ImmutableRef
+	var mfstDigest digest.Digest
+	var rootFS cache.MutableRef
 	var readonly bool // TODO: try to switch to read-only by default.
 
 	if isDevel {
-		devRes, err := llbBridge.Solve(session.NewContext(ctx, "gateway:"+sid),
+		devRes, err := llbBridge.Solve(ctx,
 			frontend.SolveRequest{
-				Frontend:    source,
-				FrontendOpt: filterPrefix(opts, "gateway-"),
-			})
+				Frontend:       source,
+				FrontendOpt:    filterPrefix(opts, "gateway-"),
+				FrontendInputs: inputs,
+			}, "gateway:"+sid)
 		if err != nil {
 			return nil, err
 		}
 		defer func() {
-			devRes.EachRef(func(ref solver.CachedResult) error {
+			devRes.EachRef(func(ref solver.ResultProxy) error {
 				return ref.Release(context.TODO())
 			})
 		}()
 		if devRes.Ref == nil {
 			return nil, errors.Errorf("development gateway didn't return default result")
 		}
-		workerRef, ok := devRes.Ref.Sys().(*worker.WorkerRef)
+		res, err := devRes.Ref.Result(ctx)
+		if err != nil {
+			return nil, err
+		}
+		workerRef, ok := res.Sys().(*worker.WorkerRef)
 		if !ok {
-			return nil, errors.Errorf("invalid ref: %T", devRes.Ref.Sys())
+			return nil, errors.Errorf("invalid ref: %T", res.Sys())
+		}
+
+		rootFS, err = workerRef.Worker.CacheManager().New(ctx, workerRef.ImmutableRef, session.NewGroup(sid))
+		if err != nil {
+			return nil, err
 		}
-		rootFS = workerRef.ImmutableRef
+		defer rootFS.Release(context.TODO())
 		config, ok := devRes.Metadata[exptypes.ExporterImageConfigKey]
 		if ok {
 			if err := json.Unmarshal(config, &img); err != nil {
@@ -112,10 +133,11 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
 			return nil, err
 		}
 
-		dgst, config, err := llbBridge.ResolveImageConfig(ctx, reference.TagNameOnly(sourceRef).String(), gw.ResolveImageConfigOpt{})
+		dgst, config, err := llbBridge.ResolveImageConfig(ctx, reference.TagNameOnly(sourceRef).String(), llb.ResolveImageConfigOpt{})
 		if err != nil {
 			return nil, err
 		}
+		mfstDigest = dgst
 
 		if err := json.Unmarshal(config, &img); err != nil {
 			return nil, err
@@ -130,19 +152,19 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
 
 		src := llb.Image(sourceRef.String(), &markTypeFrontend{})
 
-		def, err := src.Marshal()
+		def, err := src.Marshal(ctx)
 		if err != nil {
 			return nil, err
 		}
 
 		res, err := llbBridge.Solve(ctx, frontend.SolveRequest{
 			Definition: def.ToPB(),
-		})
+		}, sid)
 		if err != nil {
 			return nil, err
 		}
 		defer func() {
-			res.EachRef(func(ref solver.CachedResult) error {
+			res.EachRef(func(ref solver.ResultProxy) error {
 				return ref.Release(context.TODO())
 			})
 		}()
@@ -150,17 +172,19 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
 			return nil, errors.Errorf("gateway source didn't return default result")
 
 		}
-		workerRef, ok := res.Ref.Sys().(*worker.WorkerRef)
+		r, err := res.Ref.Result(ctx)
+		if err != nil {
+			return nil, err
+		}
+		workerRef, ok := r.Sys().(*worker.WorkerRef)
 		if !ok {
-			return nil, errors.Errorf("invalid ref: %T", res.Ref.Sys())
+			return nil, errors.Errorf("invalid ref: %T", r.Sys())
 		}
-		rootFS = workerRef.ImmutableRef
-	}
-
-	lbf, err := newLLBBridgeForwarder(ctx, llbBridge, gf.workers)
-	defer lbf.conn.Close()
-	if err != nil {
-		return nil, err
+		rootFS, err = workerRef.Worker.CacheManager().New(ctx, workerRef.ImmutableRef, session.NewGroup(sid))
+		if err != nil {
+			return nil, err
+		}
+		defer rootFS.Release(context.TODO())
 	}
 
 	args := []string{"/run"}
@@ -189,18 +213,52 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
 	}
 	env = append(env, "BUILDKIT_WORKERS="+string(dt))
 
-	defer lbf.Discard()
-
 	env = append(env, "BUILDKIT_EXPORTEDPRODUCT="+apicaps.ExportedProduct)
 
-	err = llbBridge.Exec(ctx, executor.Meta{
+	meta := executor.Meta{
 		Env:            env,
 		Args:           args,
 		Cwd:            cwd,
 		ReadonlyRootFS: readonly,
-	}, rootFS, lbf.Stdin, lbf.Stdout, os.Stderr)
+	}
+
+	if v, ok := img.Config.Labels["moby.buildkit.frontend.network.none"]; ok {
+		if ok, _ := strconv.ParseBool(v); ok {
+			meta.NetMode = opspb.NetMode_NONE
+		}
+	}
+
+	curCaps := getCaps(img.Config.Labels["moby.buildkit.frontend.caps"])
+	addCapsForKnownFrontends(curCaps, mfstDigest)
+	reqCaps := getCaps(opts["frontend.caps"])
+	if len(inputs) > 0 {
+		reqCaps["moby.buildkit.frontend.inputs"] = struct{}{}
+	}
+
+	for c := range reqCaps {
+		if _, ok := curCaps[c]; !ok {
+			return nil, stack.Enable(grpcerrors.WrapCode(errdefs.NewUnsupportedFrontendCapError(c), codes.Unimplemented))
+		}
+	}
+
+	lbf, ctx, err := serveLLBBridgeForwarder(ctx, llbBridge, gf.workers, inputs, sid, sm)
+	defer lbf.conn.Close() //nolint
+	if err != nil {
+		return nil, err
+	}
+	defer lbf.Discard()
 
+	w, err := gf.workers.GetDefault()
 	if err != nil {
+		return nil, err
+	}
+
+	err = w.Executor().Run(ctx, "", mountWithSession(rootFS, session.NewGroup(sid)), nil, executor.ProcessInfo{Meta: meta, Stdin: lbf.Stdin, Stdout: lbf.Stdout, Stderr: os.Stderr}, nil)
+
+	if err != nil {
+		if errdefs.IsCanceled(err) && lbf.isErrServerClosed {
+			err = errors.Errorf("frontend grpc server closed unexpectedly")
+		}
 		// An existing error (set via Return rpc) takes
 		// precedence over this error, which in turn takes
 		// precedence over a success reported via Return.
@@ -218,10 +276,14 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
 func (lbf *llbBridgeForwarder) Discard() {
 	lbf.mu.Lock()
 	defer lbf.mu.Unlock()
+	for id, workerRef := range lbf.workerRefByID {
+		workerRef.ImmutableRef.Release(context.TODO())
+		delete(lbf.workerRefByID, id)
+	}
 	for id, r := range lbf.refs {
 		if lbf.err == nil && lbf.result != nil {
 			keep := false
-			lbf.result.EachRef(func(r2 solver.CachedResult) error {
+			lbf.result.EachRef(func(r2 solver.ResultProxy) error {
 				if r == r2 {
 					keep = true
 				}
@@ -273,27 +335,45 @@ func (lbf *llbBridgeForwarder) Result() (*frontend.Result, error) {
 	return lbf.result, nil
 }
 
-func NewBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) *llbBridgeForwarder {
+func NewBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers worker.Infos, inputs map[string]*opspb.Definition, sid string, sm *session.Manager) LLBBridgeForwarder {
+	return newBridgeForwarder(ctx, llbBridge, workers, inputs, sid, sm)
+}
+
+func newBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers worker.Infos, inputs map[string]*opspb.Definition, sid string, sm *session.Manager) *llbBridgeForwarder {
 	lbf := &llbBridgeForwarder{
-		callCtx:   ctx,
-		llbBridge: llbBridge,
-		refs:      map[string]solver.CachedResult{},
-		doneCh:    make(chan struct{}),
-		pipe:      newPipe(),
-		workers:   workers,
+		callCtx:       ctx,
+		llbBridge:     llbBridge,
+		refs:          map[string]solver.ResultProxy{},
+		workerRefByID: map[string]*worker.WorkerRef{},
+		doneCh:        make(chan struct{}),
+		pipe:          newPipe(),
+		workers:       workers,
+		inputs:        inputs,
+		sid:           sid,
+		sm:            sm,
+		ctrs:          map[string]gwclient.Container{},
 	}
 	return lbf
 }
 
-func newLLBBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) (*llbBridgeForwarder, error) {
-	lbf := NewBridgeForwarder(ctx, llbBridge, workers)
-	server := grpc.NewServer()
+func serveLLBBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers worker.Infos, inputs map[string]*opspb.Definition, sid string, sm *session.Manager) (*llbBridgeForwarder, context.Context, error) {
+	ctx, cancel := context.WithCancel(ctx)
+	lbf := newBridgeForwarder(ctx, llbBridge, workers, inputs, sid, sm)
+	server := grpc.NewServer(grpc.UnaryInterceptor(grpcerrors.UnaryServerInterceptor), grpc.StreamInterceptor(grpcerrors.StreamServerInterceptor))
 	grpc_health_v1.RegisterHealthServer(server, health.NewServer())
 	pb.RegisterLLBBridgeServer(server, lbf)
 
-	go serve(ctx, server, lbf.conn)
+	go func() {
+		serve(ctx, server, lbf.conn)
+		select {
+		case <-ctx.Done():
+		default:
+			lbf.isErrServerClosed = true
+		}
+		cancel()
+	}()
 
-	return lbf, nil
+	return lbf, ctx, nil
 }
 
 type pipe struct {
@@ -353,22 +433,29 @@ type LLBBridgeForwarder interface {
 	pb.LLBBridgeServer
 	Done() <-chan struct{}
 	Result() (*frontend.Result, error)
+	Discard()
 }
 
 type llbBridgeForwarder struct {
-	mu        sync.Mutex
-	callCtx   context.Context
-	llbBridge frontend.FrontendLLBBridge
-	refs      map[string]solver.CachedResult
+	mu            sync.Mutex
+	callCtx       context.Context
+	llbBridge     frontend.FrontendLLBBridge
+	refs          map[string]solver.ResultProxy
+	workerRefByID map[string]*worker.WorkerRef
 	// lastRef      solver.CachedResult
 	// lastRefs     map[string]solver.CachedResult
 	// err          error
-	doneCh       chan struct{} // closed when result or err become valid through a call to a Return
-	result       *frontend.Result
-	err          error
-	exporterAttr map[string][]byte
-	workers      frontend.WorkerInfos
+	doneCh            chan struct{} // closed when result or err become valid through a call to a Return
+	result            *frontend.Result
+	err               error
+	workers           worker.Infos
+	inputs            map[string]*opspb.Definition
+	isErrServerClosed bool
+	sid               string
+	sm                *session.Manager
 	*pipe
+	ctrs   map[string]gwclient.Container
+	ctrsMu sync.Mutex
 }
 
 func (lbf *llbBridgeForwarder) ResolveImageConfig(ctx context.Context, req *pb.ResolveImageConfigRequest) (*pb.ResolveImageConfigResponse, error) {
@@ -383,7 +470,7 @@ func (lbf *llbBridgeForwarder) ResolveImageConfig(ctx context.Context, req *pb.R
 			OSFeatures:   p.OSFeatures,
 		}
 	}
-	dgst, dt, err := lbf.llbBridge.ResolveImageConfig(ctx, req.Ref, gw.ResolveImageConfigOpt{
+	dgst, dt, err := lbf.llbBridge.ResolveImageConfig(ctx, req.Ref, llb.ResolveImageConfigOpt{
 		Platform:    platform,
 		ResolveMode: req.ResolveMode,
 		LogName:     req.LogName,
@@ -397,16 +484,96 @@ func (lbf *llbBridgeForwarder) ResolveImageConfig(ctx context.Context, req *pb.R
 	}, nil
 }
 
+func translateLegacySolveRequest(req *pb.SolveRequest) error {
+	// translates ImportCacheRefs to new CacheImports (v0.4.0)
+	for _, legacyImportRef := range req.ImportCacheRefsDeprecated {
+		im := &pb.CacheOptionsEntry{
+			Type:  "registry",
+			Attrs: map[string]string{"ref": legacyImportRef},
+		}
+		// FIXME(AkihiroSuda): skip append if already exists
+		req.CacheImports = append(req.CacheImports, im)
+	}
+	req.ImportCacheRefsDeprecated = nil
+	return nil
+}
+
+func (lbf *llbBridgeForwarder) wrapSolveError(solveErr error) error {
+	var (
+		ee       *llberrdefs.ExecError
+		fae      *llberrdefs.FileActionError
+		sce      *solver.SlowCacheError
+		inputIDs []string
+		mountIDs []string
+		subject  errdefs.IsSolve_Subject
+	)
+	if errors.As(solveErr, &ee) {
+		var err error
+		inputIDs, err = lbf.registerResultIDs(ee.Inputs...)
+		if err != nil {
+			return err
+		}
+		mountIDs, err = lbf.registerResultIDs(ee.Mounts...)
+		if err != nil {
+			return err
+		}
+	}
+	if errors.As(solveErr, &fae) {
+		subject = fae.ToSubject()
+	}
+	if errors.As(solveErr, &sce) {
+		var err error
+		inputIDs, err = lbf.registerResultIDs(sce.Result)
+		if err != nil {
+			return err
+		}
+		subject = sce.ToSubject()
+	}
+	return errdefs.WithSolveError(solveErr, subject, inputIDs, mountIDs)
+}
+
+func (lbf *llbBridgeForwarder) registerResultIDs(results ...solver.Result) (ids []string, err error) {
+	lbf.mu.Lock()
+	defer lbf.mu.Unlock()
+
+	ids = make([]string, len(results))
+	for i, res := range results {
+		if res == nil {
+			continue
+		}
+		workerRef, ok := res.Sys().(*worker.WorkerRef)
+		if !ok {
+			return ids, errors.Errorf("unexpected type for result, got %T", res.Sys())
+		}
+		ids[i] = workerRef.ID()
+		lbf.workerRefByID[workerRef.ID()] = workerRef
+	}
+	return ids, nil
+}
+
 func (lbf *llbBridgeForwarder) Solve(ctx context.Context, req *pb.SolveRequest) (*pb.SolveResponse, error) {
+	if err := translateLegacySolveRequest(req); err != nil {
+		return nil, err
+	}
+	var cacheImports []frontend.CacheOptionsEntry
+	for _, e := range req.CacheImports {
+		cacheImports = append(cacheImports, frontend.CacheOptionsEntry{
+			Type:  e.Type,
+			Attrs: e.Attrs,
+		})
+	}
+
 	ctx = tracing.ContextWithSpanFromContext(ctx, lbf.callCtx)
 	res, err := lbf.llbBridge.Solve(ctx, frontend.SolveRequest{
-		Definition:      req.Definition,
-		Frontend:        req.Frontend,
-		FrontendOpt:     req.FrontendOpt,
-		ImportCacheRefs: req.ImportCacheRefs,
-	})
+		Evaluate:       req.Evaluate,
+		Definition:     req.Definition,
+		Frontend:       req.Frontend,
+		FrontendOpt:    req.FrontendOpt,
+		FrontendInputs: req.FrontendInputs,
+		CacheImports:   cacheImports,
+	}, lbf.sid)
 	if err != nil {
-		return nil, err
+		return nil, lbf.wrapSolveError(err)
 	}
 
 	if len(res.Refs) > 0 && !req.AllowResultReturn {
@@ -414,12 +581,15 @@ func (lbf *llbBridgeForwarder) Solve(ctx context.Context, req *pb.SolveRequest)
 		return nil, errors.Errorf("solve did not return default result")
 	}
 
-	pbRes := &pb.Result{}
+	pbRes := &pb.Result{
+		Metadata: res.Metadata,
+	}
 	var defaultID string
 
 	lbf.mu.Lock()
 	if res.Refs != nil {
 		ids := make(map[string]string, len(res.Refs))
+		defs := make(map[string]*opspb.Definition, len(res.Refs))
 		for k, ref := range res.Refs {
 			id := identity.NewID()
 			if ref == nil {
@@ -428,17 +598,36 @@ func (lbf *llbBridgeForwarder) Solve(ctx context.Context, req *pb.SolveRequest)
 				lbf.refs[id] = ref
 			}
 			ids[k] = id
+			defs[k] = ref.Definition()
+		}
+
+		if req.AllowResultArrayRef {
+			refMap := make(map[string]*pb.Ref, len(res.Refs))
+			for k, id := range ids {
+				refMap[k] = &pb.Ref{Id: id, Def: defs[k]}
+			}
+			pbRes.Result = &pb.Result_Refs{Refs: &pb.RefMap{Refs: refMap}}
+		} else {
+			pbRes.Result = &pb.Result_RefsDeprecated{RefsDeprecated: &pb.RefMapDeprecated{Refs: ids}}
 		}
-		pbRes.Result = &pb.Result_Refs{Refs: &pb.RefMap{Refs: ids}}
 	} else {
+		ref := res.Ref
 		id := identity.NewID()
-		if res.Ref == nil {
+
+		var def *opspb.Definition
+		if ref == nil {
 			id = ""
 		} else {
-			lbf.refs[id] = res.Ref
+			def = ref.Definition()
+			lbf.refs[id] = ref
 		}
 		defaultID = id
-		pbRes.Result = &pb.Result_Ref{Ref: id}
+
+		if req.AllowResultArrayRef {
+			pbRes.Result = &pb.Result_Ref{Ref: &pb.Ref{Id: id, Def: def}}
+		} else {
+			pbRes.Result = &pb.Result_RefDeprecated{RefDeprecated: id}
+		}
 	}
 	lbf.mu.Unlock()
 
@@ -471,20 +660,37 @@ func (lbf *llbBridgeForwarder) Solve(ctx context.Context, req *pb.SolveRequest)
 
 	return resp, nil
 }
-func (lbf *llbBridgeForwarder) ReadFile(ctx context.Context, req *pb.ReadFileRequest) (*pb.ReadFileResponse, error) {
-	ctx = tracing.ContextWithSpanFromContext(ctx, lbf.callCtx)
+
+func (lbf *llbBridgeForwarder) getImmutableRef(ctx context.Context, id, path string) (cache.ImmutableRef, error) {
 	lbf.mu.Lock()
-	ref, ok := lbf.refs[req.Ref]
+	ref, ok := lbf.refs[id]
 	lbf.mu.Unlock()
 	if !ok {
-		return nil, errors.Errorf("no such ref: %v", req.Ref)
+		return nil, errors.Errorf("no such ref: %v", id)
 	}
 	if ref == nil {
-		return nil, errors.Wrapf(os.ErrNotExist, "%s not found", req.FilePath)
+		return nil, errors.Wrapf(os.ErrNotExist, "%s not found", path)
 	}
-	workerRef, ok := ref.Sys().(*worker.WorkerRef)
+
+	r, err := ref.Result(ctx)
+	if err != nil {
+		return nil, lbf.wrapSolveError(err)
+	}
+
+	workerRef, ok := r.Sys().(*worker.WorkerRef)
 	if !ok {
-		return nil, errors.Errorf("invalid ref: %T", ref.Sys())
+		return nil, errors.Errorf("invalid ref: %T", r.Sys())
+	}
+
+	return workerRef.ImmutableRef, nil
+}
+
+func (lbf *llbBridgeForwarder) ReadFile(ctx context.Context, req *pb.ReadFileRequest) (*pb.ReadFileResponse, error) {
+	ctx = tracing.ContextWithSpanFromContext(ctx, lbf.callCtx)
+
+	ref, err := lbf.getImmutableRef(ctx, req.Ref, req.FilePath)
+	if err != nil {
+		return nil, err
 	}
 
 	newReq := cacheutil.ReadRequest{
@@ -497,59 +703,55 @@ func (lbf *llbBridgeForwarder) ReadFile(ctx context.Context, req *pb.ReadFileReq
 		}
 	}
 
-	dt, err := cacheutil.ReadFile(ctx, workerRef.ImmutableRef, newReq)
+	m, err := ref.Mount(ctx, true, session.NewGroup(lbf.sid))
 	if err != nil {
 		return nil, err
 	}
 
+	dt, err := cacheutil.ReadFile(ctx, m, newReq)
+	if err != nil {
+		return nil, lbf.wrapSolveError(err)
+	}
+
 	return &pb.ReadFileResponse{Data: dt}, nil
 }
 
 func (lbf *llbBridgeForwarder) ReadDir(ctx context.Context, req *pb.ReadDirRequest) (*pb.ReadDirResponse, error) {
 	ctx = tracing.ContextWithSpanFromContext(ctx, lbf.callCtx)
-	lbf.mu.Lock()
-	ref, ok := lbf.refs[req.Ref]
-	lbf.mu.Unlock()
-	if !ok {
-		return nil, errors.Errorf("no such ref: %v", req.Ref)
-	}
-	if ref == nil {
-		return nil, errors.Wrapf(os.ErrNotExist, "%s not found", req.DirPath)
-	}
-	workerRef, ok := ref.Sys().(*worker.WorkerRef)
-	if !ok {
-		return nil, errors.Errorf("invalid ref: %T", ref.Sys())
+
+	ref, err := lbf.getImmutableRef(ctx, req.Ref, req.DirPath)
+	if err != nil {
+		return nil, err
 	}
 
 	newReq := cacheutil.ReadDirRequest{
 		Path:           req.DirPath,
 		IncludePattern: req.IncludePattern,
 	}
-	entries, err := cacheutil.ReadDir(ctx, workerRef.ImmutableRef, newReq)
+	m, err := ref.Mount(ctx, true, session.NewGroup(lbf.sid))
 	if err != nil {
 		return nil, err
 	}
+	entries, err := cacheutil.ReadDir(ctx, m, newReq)
+	if err != nil {
+		return nil, lbf.wrapSolveError(err)
+	}
 
 	return &pb.ReadDirResponse{Entries: entries}, nil
 }
 
 func (lbf *llbBridgeForwarder) StatFile(ctx context.Context, req *pb.StatFileRequest) (*pb.StatFileResponse, error) {
 	ctx = tracing.ContextWithSpanFromContext(ctx, lbf.callCtx)
-	lbf.mu.Lock()
-	ref, ok := lbf.refs[req.Ref]
-	lbf.mu.Unlock()
-	if !ok {
-		return nil, errors.Errorf("no such ref: %v", req.Ref)
-	}
-	if ref == nil {
-		return nil, errors.Wrapf(os.ErrNotExist, "%s not found", req.Path)
+
+	ref, err := lbf.getImmutableRef(ctx, req.Ref, req.Path)
+	if err != nil {
+		return nil, err
 	}
-	workerRef, ok := ref.Sys().(*worker.WorkerRef)
-	if !ok {
-		return nil, errors.Errorf("invalid ref: %T", ref.Sys())
+	m, err := ref.Mount(ctx, true, session.NewGroup(lbf.sid))
+	if err != nil {
+		return nil, err
 	}
-
-	st, err := cacheutil.StatFile(ctx, workerRef.ImmutableRef, req.Path)
+	st, err := cacheutil.StatFile(ctx, m, req.Path)
 	if err != nil {
 		return nil, err
 	}
@@ -578,48 +780,506 @@ func (lbf *llbBridgeForwarder) Ping(context.Context, *pb.PingRequest) (*pb.PongR
 
 func (lbf *llbBridgeForwarder) Return(ctx context.Context, in *pb.ReturnRequest) (*pb.ReturnResponse, error) {
 	if in.Error != nil {
-		return lbf.setResult(nil, status.ErrorProto(&spb.Status{
+		return lbf.setResult(nil, grpcerrors.FromGRPC(status.ErrorProto(&spb.Status{
 			Code:    in.Error.Code,
 			Message: in.Error.Message,
-			// Details: in.Error.Details,
-		}))
-	} else {
-		r := &frontend.Result{
-			Metadata: in.Result.Metadata,
-		}
+			Details: convertGogoAny(in.Error.Details),
+		})))
+	}
+	r := &frontend.Result{
+		Metadata: in.Result.Metadata,
+	}
 
-		switch res := in.Result.Result.(type) {
-		case *pb.Result_Ref:
-			ref, err := lbf.convertRef(res.Ref)
+	switch res := in.Result.Result.(type) {
+	case *pb.Result_RefDeprecated:
+		ref, err := lbf.convertRef(res.RefDeprecated)
+		if err != nil {
+			return nil, err
+		}
+		r.Ref = ref
+	case *pb.Result_RefsDeprecated:
+		m := map[string]solver.ResultProxy{}
+		for k, id := range res.RefsDeprecated.Refs {
+			ref, err := lbf.convertRef(id)
 			if err != nil {
 				return nil, err
 			}
-			r.Ref = ref
-		case *pb.Result_Refs:
-			m := map[string]solver.CachedResult{}
-			for k, v := range res.Refs.Refs {
-				ref, err := lbf.convertRef(v)
+			m[k] = ref
+		}
+		r.Refs = m
+	case *pb.Result_Ref:
+		ref, err := lbf.convertRef(res.Ref.Id)
+		if err != nil {
+			return nil, err
+		}
+		r.Ref = ref
+	case *pb.Result_Refs:
+		m := map[string]solver.ResultProxy{}
+		for k, ref := range res.Refs.Refs {
+			ref, err := lbf.convertRef(ref.Id)
+			if err != nil {
+				return nil, err
+			}
+			m[k] = ref
+		}
+		r.Refs = m
+	}
+	return lbf.setResult(r, nil)
+}
+
+func (lbf *llbBridgeForwarder) Inputs(ctx context.Context, in *pb.InputsRequest) (*pb.InputsResponse, error) {
+	return &pb.InputsResponse{
+		Definitions: lbf.inputs,
+	}, nil
+}
+
+func (lbf *llbBridgeForwarder) NewContainer(ctx context.Context, in *pb.NewContainerRequest) (_ *pb.NewContainerResponse, err error) {
+	logrus.Debugf("|<--- NewContainer %s", in.ContainerID)
+	ctrReq := NewContainerRequest{
+		ContainerID: in.ContainerID,
+		NetMode:     in.Network,
+		Platform:    in.Platform,
+		Constraints: in.Constraints,
+	}
+
+	for _, m := range in.Mounts {
+		var workerRef *worker.WorkerRef
+		if m.ResultID != "" {
+			var ok bool
+			workerRef, ok = lbf.workerRefByID[m.ResultID]
+			if !ok {
+				refProxy, err := lbf.convertRef(m.ResultID)
 				if err != nil {
-					return nil, err
+					return nil, errors.Wrapf(err, "failed to find ref %s for %q mount", m.ResultID, m.Dest)
+				}
+
+				res, err := refProxy.Result(ctx)
+				if err != nil {
+					return nil, stack.Enable(err)
+				}
+
+				workerRef, ok = res.Sys().(*worker.WorkerRef)
+				if !ok {
+					return nil, errors.Errorf("invalid reference %T", res.Sys())
 				}
-				m[k] = ref
 			}
-			r.Refs = m
+
+		}
+		ctrReq.Mounts = append(ctrReq.Mounts, Mount{
+			WorkerRef: workerRef,
+			Mount: &opspb.Mount{
+				Dest:      m.Dest,
+				Selector:  m.Selector,
+				Readonly:  m.Readonly,
+				MountType: m.MountType,
+				CacheOpt:  m.CacheOpt,
+				SecretOpt: m.SecretOpt,
+				SSHOpt:    m.SSHOpt,
+			},
+		})
+	}
+
+	// Not using `ctx` here because it will get cancelled as soon as NewContainer returns
+	// and we want the context to live for the duration of the container.
+	group := session.NewGroup(lbf.sid)
+
+	w, err := lbf.workers.GetDefault()
+	if err != nil {
+		return nil, stack.Enable(err)
+	}
+
+	ctr, err := NewContainer(context.Background(), w, lbf.sm, group, ctrReq)
+	if err != nil {
+		return nil, stack.Enable(err)
+	}
+	defer func() {
+		if err != nil {
+			ctr.Release(ctx) // ensure release on error
+		}
+	}()
+
+	lbf.ctrsMu.Lock()
+	defer lbf.ctrsMu.Unlock()
+	// ensure we are not clobbering a dup container id request
+	if _, ok := lbf.ctrs[in.ContainerID]; ok {
+		return nil, stack.Enable(status.Errorf(codes.AlreadyExists, "Container %s already exists", in.ContainerID))
+	}
+	lbf.ctrs[in.ContainerID] = ctr
+	return &pb.NewContainerResponse{}, nil
+}
+
+func (lbf *llbBridgeForwarder) ReleaseContainer(ctx context.Context, in *pb.ReleaseContainerRequest) (*pb.ReleaseContainerResponse, error) {
+	logrus.Debugf("|<--- ReleaseContainer %s", in.ContainerID)
+	lbf.ctrsMu.Lock()
+	ctr, ok := lbf.ctrs[in.ContainerID]
+	delete(lbf.ctrs, in.ContainerID)
+	lbf.ctrsMu.Unlock()
+	if !ok {
+		return nil, errors.Errorf("container details for %s not found", in.ContainerID)
+	}
+	err := ctr.Release(ctx)
+	return &pb.ReleaseContainerResponse{}, stack.Enable(err)
+}
+
+type processIO struct {
+	id       string
+	mu       sync.Mutex
+	resize   func(context.Context, gwclient.WinSize) error
+	done     chan struct{}
+	doneOnce sync.Once
+	// these track the process side of the io pipe for
+	// read (fd=0) and write (fd=1, fd=2)
+	processReaders map[uint32]io.ReadCloser
+	processWriters map[uint32]io.WriteCloser
+	// these track the server side of the io pipe, so
+	// when we receive an EOF over grpc, we will close
+	// this end
+	serverWriters map[uint32]io.WriteCloser
+	serverReaders map[uint32]io.ReadCloser
+}
+
+func newProcessIO(id string, openFds []uint32) *processIO {
+	pio := &processIO{
+		id:             id,
+		processReaders: map[uint32]io.ReadCloser{},
+		processWriters: map[uint32]io.WriteCloser{},
+		serverReaders:  map[uint32]io.ReadCloser{},
+		serverWriters:  map[uint32]io.WriteCloser{},
+		done:           make(chan struct{}),
+	}
+
+	for _, fd := range openFds {
+		// TODO do we know which way to pipe each fd?  For now assume fd0 is for
+		// reading, and the rest are for writing
+		r, w := io.Pipe()
+		if fd == 0 {
+			pio.processReaders[fd] = r
+			pio.serverWriters[fd] = w
+		} else {
+			pio.processWriters[fd] = w
+			pio.serverReaders[fd] = r
+		}
+	}
+
+	return pio
+}
+
+func (pio *processIO) Close() (err error) {
+	pio.mu.Lock()
+	defer pio.mu.Unlock()
+	for fd, r := range pio.processReaders {
+		delete(pio.processReaders, fd)
+		err1 := r.Close()
+		if err1 != nil && err == nil {
+			err = stack.Enable(err1)
+		}
+	}
+	for fd, w := range pio.serverReaders {
+		delete(pio.serverReaders, fd)
+		err1 := w.Close()
+		if err1 != nil && err == nil {
+			err = stack.Enable(err1)
+		}
+	}
+	pio.Done()
+	return err
+}
+
+func (pio *processIO) Done() {
+	stillOpen := len(pio.processReaders) + len(pio.processWriters) + len(pio.serverReaders) + len(pio.serverWriters)
+	if stillOpen == 0 {
+		pio.doneOnce.Do(func() {
+			close(pio.done)
+		})
+	}
+}
+
+func (pio *processIO) Write(f *pb.FdMessage) (err error) {
+	pio.mu.Lock()
+	writer := pio.serverWriters[f.Fd]
+	pio.mu.Unlock()
+	if writer == nil {
+		return status.Errorf(codes.OutOfRange, "fd %d unavailable to write", f.Fd)
+	}
+	defer func() {
+		if err != nil || f.EOF {
+			writer.Close()
+			pio.mu.Lock()
+			defer pio.mu.Unlock()
+			delete(pio.serverWriters, f.Fd)
+			pio.Done()
 		}
-		return lbf.setResult(r, nil)
+	}()
+	if len(f.Data) > 0 {
+		_, err = writer.Write(f.Data)
+		return stack.Enable(err)
 	}
+	return nil
+}
+
+type outputWriter struct {
+	stream    pb.LLBBridge_ExecProcessServer
+	fd        uint32
+	processID string
+}
+
+func (w *outputWriter) Write(msg []byte) (int, error) {
+	logrus.Debugf("|---> File Message %s, fd=%d, %d bytes", w.processID, w.fd, len(msg))
+	err := w.stream.Send(&pb.ExecMessage{
+		ProcessID: w.processID,
+		Input: &pb.ExecMessage_File{
+			File: &pb.FdMessage{
+				Fd:   w.fd,
+				Data: msg,
+			},
+		},
+	})
+	return len(msg), stack.Enable(err)
+}
+
+func (lbf *llbBridgeForwarder) ExecProcess(srv pb.LLBBridge_ExecProcessServer) error {
+	eg, ctx := errgroup.WithContext(srv.Context())
+
+	msgs := make(chan *pb.ExecMessage)
+
+	eg.Go(func() error {
+		defer close(msgs)
+		for {
+			execMsg, err := srv.Recv()
+			if err != nil {
+				if errors.Is(err, io.EOF) {
+					return nil
+				}
+				return stack.Enable(err)
+			}
+			switch m := execMsg.GetInput().(type) {
+			case *pb.ExecMessage_Init:
+				logrus.Debugf("|<--- Init Message %s", execMsg.ProcessID)
+			case *pb.ExecMessage_File:
+				if m.File.EOF {
+					logrus.Debugf("|<--- File Message %s, fd=%d, EOF", execMsg.ProcessID, m.File.Fd)
+				} else {
+					logrus.Debugf("|<--- File Message %s, fd=%d, %d bytes", execMsg.ProcessID, m.File.Fd, len(m.File.Data))
+				}
+			case *pb.ExecMessage_Resize:
+				logrus.Debugf("|<--- Resize Message %s", execMsg.ProcessID)
+			}
+			select {
+			case <-ctx.Done():
+			case msgs <- execMsg:
+			}
+		}
+	})
+
+	eg.Go(func() error {
+		pios := make(map[string]*processIO)
+		// close any stray pios on exit to make sure
+		// all the associated resources get cleaned up
+		defer func() {
+			for _, pio := range pios {
+				pio.Close()
+			}
+		}()
+
+		for {
+			var execMsg *pb.ExecMessage
+			select {
+			case <-ctx.Done():
+				return nil
+			case execMsg = <-msgs:
+			}
+			if execMsg == nil {
+				return nil
+			}
+
+			pid := execMsg.ProcessID
+			if pid == "" {
+				return stack.Enable(status.Errorf(codes.InvalidArgument, "ProcessID required"))
+			}
+
+			pio, pioFound := pios[pid]
+
+			if data := execMsg.GetFile(); data != nil {
+				if !pioFound {
+					return stack.Enable(status.Errorf(codes.NotFound, "IO for process %q not found", pid))
+				}
+				err := pio.Write(data)
+				if err != nil {
+					return stack.Enable(err)
+				}
+			} else if resize := execMsg.GetResize(); resize != nil {
+				if !pioFound {
+					return stack.Enable(status.Errorf(codes.NotFound, "IO for process %q not found", pid))
+				}
+				pio.resize(ctx, gwclient.WinSize{
+					Cols: resize.Cols,
+					Rows: resize.Rows,
+				})
+			} else if init := execMsg.GetInit(); init != nil {
+				if pioFound {
+					return stack.Enable(status.Errorf(codes.AlreadyExists, "Process %s already exists", pid))
+				}
+				id := init.ContainerID
+				lbf.ctrsMu.Lock()
+				ctr, ok := lbf.ctrs[id]
+				lbf.ctrsMu.Unlock()
+				if !ok {
+					return stack.Enable(status.Errorf(codes.NotFound, "container %q previously released or not created", id))
+				}
+
+				initCtx, initCancel := context.WithCancel(context.Background())
+				defer initCancel()
+
+				pio := newProcessIO(pid, init.Fds)
+				pios[pid] = pio
+
+				proc, err := ctr.Start(initCtx, gwclient.StartRequest{
+					Args:   init.Meta.Args,
+					Env:    init.Meta.Env,
+					User:   init.Meta.User,
+					Cwd:    init.Meta.Cwd,
+					Tty:    init.Tty,
+					Stdin:  pio.processReaders[0],
+					Stdout: pio.processWriters[1],
+					Stderr: pio.processWriters[2],
+				})
+				if err != nil {
+					return stack.Enable(err)
+				}
+				pio.resize = proc.Resize
+
+				eg.Go(func() error {
+					<-pio.done
+					logrus.Debugf("|---> Done Message %s", pid)
+					err := srv.Send(&pb.ExecMessage{
+						ProcessID: pid,
+						Input: &pb.ExecMessage_Done{
+							Done: &pb.DoneMessage{},
+						},
+					})
+					return stack.Enable(err)
+				})
+
+				eg.Go(func() error {
+					defer func() {
+						pio.Close()
+					}()
+					err := proc.Wait()
+
+					var statusCode uint32
+					var exitError *gwerrdefs.ExitError
+					var statusError *rpc.Status
+					if err != nil {
+						statusCode = gwerrdefs.UnknownExitStatus
+						st, _ := status.FromError(grpcerrors.ToGRPC(err))
+						stp := st.Proto()
+						statusError = &rpc.Status{
+							Code:    stp.Code,
+							Message: stp.Message,
+							Details: convertToGogoAny(stp.Details),
+						}
+					}
+					if errors.As(err, &exitError) {
+						statusCode = exitError.ExitCode
+					}
+					logrus.Debugf("|---> Exit Message %s, code=%d, error=%s", pid, statusCode, err)
+					sendErr := srv.Send(&pb.ExecMessage{
+						ProcessID: pid,
+						Input: &pb.ExecMessage_Exit{
+							Exit: &pb.ExitMessage{
+								Code:  statusCode,
+								Error: statusError,
+							},
+						},
+					})
+
+					if sendErr != nil && err != nil {
+						return errors.Wrap(sendErr, err.Error())
+					} else if sendErr != nil {
+						return stack.Enable(sendErr)
+					}
+
+					if err != nil && statusCode != 0 {
+						// this was a container exit error which is "normal" so
+						// don't return this error from the errgroup
+						return nil
+					}
+					return stack.Enable(err)
+				})
+
+				logrus.Debugf("|---> Started Message %s", pid)
+				err = srv.Send(&pb.ExecMessage{
+					ProcessID: pid,
+					Input: &pb.ExecMessage_Started{
+						Started: &pb.StartedMessage{},
+					},
+				})
+				if err != nil {
+					return stack.Enable(err)
+				}
+
+				// start sending Fd output back to client, this is done after
+				// StartedMessage so that Fd output will not potentially arrive
+				// to the client before "Started" as the container starts up.
+				for fd, file := range pio.serverReaders {
+					fd, file := fd, file
+					eg.Go(func() error {
+						defer func() {
+							file.Close()
+							pio.mu.Lock()
+							defer pio.mu.Unlock()
+							w := pio.processWriters[fd]
+							if w != nil {
+								w.Close()
+							}
+							delete(pio.processWriters, fd)
+							pio.Done()
+						}()
+						dest := &outputWriter{
+							stream:    srv,
+							fd:        uint32(fd),
+							processID: pid,
+						}
+						_, err := io.Copy(dest, file)
+						// ignore ErrClosedPipe, it is EOF for our usage.
+						if err != nil && !errors.Is(err, io.ErrClosedPipe) {
+							return stack.Enable(err)
+						}
+						// no error so must be EOF
+						logrus.Debugf("|---> File Message %s, fd=%d, EOF", pid, fd)
+						err = srv.Send(&pb.ExecMessage{
+							ProcessID: pid,
+							Input: &pb.ExecMessage_File{
+								File: &pb.FdMessage{
+									Fd:  uint32(fd),
+									EOF: true,
+								},
+							},
+						})
+						return stack.Enable(err)
+					})
+				}
+			}
+		}
+	})
+
+	err := eg.Wait()
+	return stack.Enable(err)
 }
 
-func (lbf *llbBridgeForwarder) convertRef(id string) (solver.CachedResult, error) {
+func (lbf *llbBridgeForwarder) convertRef(id string) (solver.ResultProxy, error) {
 	if id == "" {
 		return nil, nil
 	}
+
 	lbf.mu.Lock()
 	defer lbf.mu.Unlock()
+
 	r, ok := lbf.refs[id]
 	if !ok {
 		return nil, errors.Errorf("return reference %s not found", id)
 	}
+
 	return r, nil
 }
 
@@ -637,3 +1297,47 @@ type markTypeFrontend struct{}
 func (*markTypeFrontend) SetImageOption(ii *llb.ImageInfo) {
 	ii.RecordType = string(client.UsageRecordTypeFrontend)
 }
+
+func convertGogoAny(in []*gogotypes.Any) []*any.Any {
+	out := make([]*any.Any, len(in))
+	for i := range in {
+		out[i] = &any.Any{TypeUrl: in[i].TypeUrl, Value: in[i].Value}
+	}
+	return out
+}
+
+func convertToGogoAny(in []*any.Any) []*gogotypes.Any {
+	out := make([]*gogotypes.Any, len(in))
+	for i := range in {
+		out[i] = &gogotypes.Any{TypeUrl: in[i].TypeUrl, Value: in[i].Value}
+	}
+	return out
+}
+
+func getCaps(label string) map[string]struct{} {
+	if label == "" {
+		return make(map[string]struct{})
+	}
+	caps := strings.Split(label, ",")
+	out := make(map[string]struct{}, len(caps))
+	for _, c := range caps {
+		name := strings.SplitN(c, "+", 2)
+		if name[0] != "" {
+			out[name[0]] = struct{}{}
+		}
+	}
+	return out
+}
+
+func addCapsForKnownFrontends(caps map[string]struct{}, dgst digest.Digest) {
+	// these frontends were built without caps detection but do support inputs
+	defaults := map[digest.Digest]struct{}{
+		"sha256:9ac1c43a60e31dca741a6fe8314130a9cd4c4db0311fbbc636ff992ef60ae76d": {}, // docker/dockerfile:1.1.6
+		"sha256:080bd74d8778f83e7b670de193362d8c593c8b14f5c8fb919d28ee8feda0d069": {}, // docker/dockerfile:1.1.7
+		"sha256:60543a9d92b92af5088fb2938fb09b2072684af8384399e153e137fe081f8ab4": {}, // docker/dockerfile:1.1.6-experimental
+		"sha256:de85b2f3a3e8a2f7fe48e8e84a65f6fdd5cd5183afa6412fff9caa6871649c44": {}, // docker/dockerfile:1.1.7-experimental
+	}
+	if _, ok := defaults[dgst]; ok {
+		caps["moby.buildkit.frontend.inputs"] = struct{}{}
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go
index d4e0525d897d9..e8a370b7a46e2 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go
@@ -3,32 +3,47 @@ package grpcclient
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net"
 	"os"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/gogo/googleapis/google/rpc"
+	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/golang/protobuf/ptypes/any"
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/frontend/gateway/errdefs"
 	pb "github.com/moby/buildkit/frontend/gateway/pb"
+	"github.com/moby/buildkit/identity"
 	opspb "github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/apicaps"
+	"github.com/moby/buildkit/util/grpcerrors"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	fstypes "github.com/tonistiigi/fsutil/types"
+	"golang.org/x/sync/errgroup"
+	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
 const frontendPrefix = "BUILDKIT_FRONTEND_OPT_"
 
 type GrpcClient interface {
+	client.Client
 	Run(context.Context, client.BuildFunc) error
 }
 
 func New(ctx context.Context, opts map[string]string, session, product string, c pb.LLBBridgeClient, w []client.WorkerInfo) (GrpcClient, error) {
-	resp, err := c.Ping(ctx, &pb.PingRequest{})
+	pingCtx, pingCancel := context.WithTimeout(ctx, 15*time.Second)
+	defer pingCancel()
+	resp, err := c.Ping(pingCtx, &pb.PingRequest{})
 	if err != nil {
 		return nil, err
 	}
@@ -50,6 +65,7 @@ func New(ctx context.Context, opts map[string]string, session, product string, c
 		caps:      pb.Caps.CapSet(resp.FrontendAPICaps),
 		llbCaps:   opspb.Caps.CapSet(resp.LLBCaps),
 		requests:  map[string]*pb.SolveRequest{},
+		execMsgs:  newMessageForwarder(ctx, c),
 	}, nil
 }
 
@@ -66,15 +82,15 @@ func current() (GrpcClient, error) {
 	return New(ctx, opts(), sessionID(), product(), pb.NewLLBBridgeClient(conn), workers())
 }
 
-func convertRef(ref client.Reference) (string, error) {
+func convertRef(ref client.Reference) (*pb.Ref, error) {
 	if ref == nil {
-		return "", nil
+		return &pb.Ref{}, nil
 	}
 	r, ok := ref.(*reference)
 	if !ok {
-		return "", errors.Errorf("invalid return reference type %T", ref)
+		return nil, errors.Errorf("invalid return reference type %T", ref)
 	}
-	return r.id, nil
+	return &pb.Ref{Id: r.id, Def: r.def}, nil
 }
 
 func RunFromEnvironment(ctx context.Context, f client.BuildFunc) error {
@@ -103,22 +119,43 @@ func (c *grpcClient) Run(ctx context.Context, f client.BuildFunc) (retError erro
 					Metadata: res.Metadata,
 				}
 				if res.Refs != nil {
-					m := map[string]string{}
-					for k, r := range res.Refs {
-						id, err := convertRef(r)
-						if err != nil {
-							retError = err
-							continue
+					if c.caps.Supports(pb.CapProtoRefArray) == nil {
+						m := map[string]*pb.Ref{}
+						for k, r := range res.Refs {
+							pbRef, err := convertRef(r)
+							if err != nil {
+								retError = err
+								continue
+							}
+							m[k] = pbRef
 						}
-						m[k] = id
+						pbRes.Result = &pb.Result_Refs{Refs: &pb.RefMap{Refs: m}}
+					} else {
+						// Server doesn't support the new wire format for refs, so we construct
+						// a deprecated result ref map.
+						m := map[string]string{}
+						for k, r := range res.Refs {
+							pbRef, err := convertRef(r)
+							if err != nil {
+								retError = err
+								continue
+							}
+							m[k] = pbRef.Id
+						}
+						pbRes.Result = &pb.Result_RefsDeprecated{RefsDeprecated: &pb.RefMapDeprecated{Refs: m}}
 					}
-					pbRes.Result = &pb.Result_Refs{Refs: &pb.RefMap{Refs: m}}
 				} else {
-					id, err := convertRef(res.Ref)
+					pbRef, err := convertRef(res.Ref)
 					if err != nil {
 						retError = err
 					} else {
-						pbRes.Result = &pb.Result_Ref{Ref: id}
+						if c.caps.Supports(pb.CapProtoRefArray) == nil {
+							pbRes.Result = &pb.Result_Ref{Ref: pbRef}
+						} else {
+							// Server doesn't support the new wire format for refs, so we construct
+							// a deprecated result ref.
+							pbRes.Result = &pb.Result_RefDeprecated{RefDeprecated: pbRef.Id}
+						}
 					}
 				}
 				if retError == nil {
@@ -126,12 +163,12 @@ func (c *grpcClient) Run(ctx context.Context, f client.BuildFunc) (retError erro
 				}
 			}
 			if retError != nil {
-				st, _ := status.FromError(retError)
+				st, _ := status.FromError(grpcerrors.ToGRPC(retError))
 				stp := st.Proto()
 				req.Error = &rpc.Status{
 					Code:    stp.Code,
 					Message: stp.Message,
-					// Details: stp.Details,
+					Details: convertToGogoAny(stp.Details),
 				}
 			}
 			if _, err := c.client.Return(ctx, req); err != nil && retError == nil {
@@ -140,10 +177,21 @@ func (c *grpcClient) Run(ctx context.Context, f client.BuildFunc) (retError erro
 		}()
 	}
 
+	defer func() {
+		err = c.execMsgs.Release()
+		if err != nil && retError != nil {
+			retError = err
+		}
+	}()
+
 	if res, err = f(ctx, c); err != nil {
 		return err
 	}
 
+	if res == nil {
+		return nil
+	}
+
 	if err := c.caps.Supports(pb.CapReturnMap); len(res.Refs) > 1 && err != nil {
 		return err
 	}
@@ -226,6 +274,7 @@ type grpcClient struct {
 	caps      apicaps.CapSet
 	llbCaps   apicaps.CapSet
 	requests  map[string]*pb.SolveRequest
+	execMsgs  *messageForwarder
 }
 
 func (c *grpcClient) requestForRef(ref client.Reference) (*pb.SolveRequest, error) {
@@ -249,7 +298,7 @@ func (c *grpcClient) requestForRef(ref client.Reference) (*pb.SolveRequest, erro
 	return req, nil
 }
 
-func (c *grpcClient) Solve(ctx context.Context, creq client.SolveRequest) (*client.Result, error) {
+func (c *grpcClient) Solve(ctx context.Context, creq client.SolveRequest) (res *client.Result, err error) {
 	if creq.Definition != nil {
 		for _, md := range creq.Definition.Metadata {
 			for cap := range md.Caps {
@@ -259,13 +308,35 @@ func (c *grpcClient) Solve(ctx context.Context, creq client.SolveRequest) (*clie
 			}
 		}
 	}
+	var (
+		// old API
+		legacyRegistryCacheImports []string
+		// new API (CapImportCaches)
+		cacheImports []*pb.CacheOptionsEntry
+	)
+	supportCapImportCaches := c.caps.Supports(pb.CapImportCaches) == nil
+	for _, im := range creq.CacheImports {
+		if !supportCapImportCaches && im.Type == "registry" {
+			legacyRegistryCacheImports = append(legacyRegistryCacheImports, im.Attrs["ref"])
+		} else {
+			cacheImports = append(cacheImports, &pb.CacheOptionsEntry{
+				Type:  im.Type,
+				Attrs: im.Attrs,
+			})
+		}
+	}
 
 	req := &pb.SolveRequest{
-		Definition:        creq.Definition,
-		Frontend:          creq.Frontend,
-		FrontendOpt:       creq.FrontendOpt,
-		ImportCacheRefs:   creq.ImportCacheRefs,
-		AllowResultReturn: true,
+		Definition:          creq.Definition,
+		Frontend:            creq.Frontend,
+		FrontendOpt:         creq.FrontendOpt,
+		FrontendInputs:      creq.FrontendInputs,
+		AllowResultReturn:   true,
+		AllowResultArrayRef: true,
+		// old API
+		ImportCacheRefsDeprecated: legacyRegistryCacheImports,
+		// new API
+		CacheImports: cacheImports,
 	}
 
 	// backwards compatibility with inline return
@@ -273,13 +344,45 @@ func (c *grpcClient) Solve(ctx context.Context, creq client.SolveRequest) (*clie
 		req.ExporterAttr = []byte("{}")
 	}
 
+	if creq.Evaluate {
+		if c.caps.Supports(pb.CapGatewayEvaluateSolve) == nil {
+			req.Evaluate = creq.Evaluate
+		} else {
+			// If evaluate is not supported, fallback to running Stat(".") in order to
+			// trigger an evaluation of the result.
+			defer func() {
+				if res == nil {
+					return
+				}
+
+				var (
+					id  string
+					ref client.Reference
+				)
+				ref, err = res.SingleRef()
+				if err != nil {
+					for refID := range res.Refs {
+						id = refID
+						break
+					}
+				} else {
+					id = ref.(*reference).id
+				}
+
+				_, err = c.client.StatFile(ctx, &pb.StatFileRequest{
+					Ref:  id,
+					Path: ".",
+				})
+			}()
+		}
+	}
+
 	resp, err := c.client.Solve(ctx, req)
 	if err != nil {
 		return nil, err
 	}
 
-	res := &client.Result{}
-
+	res = &client.Result{}
 	if resp.Result == nil {
 		if id := resp.Ref; id != "" {
 			c.requests[id] = req
@@ -288,25 +391,44 @@ func (c *grpcClient) Solve(ctx context.Context, creq client.SolveRequest) (*clie
 	} else {
 		res.Metadata = resp.Result.Metadata
 		switch pbRes := resp.Result.Result.(type) {
-		case *pb.Result_Ref:
-			if id := pbRes.Ref; id != "" {
+		case *pb.Result_RefDeprecated:
+			if id := pbRes.RefDeprecated; id != "" {
 				res.SetRef(&reference{id: id, c: c})
 			}
-		case *pb.Result_Refs:
-			for k, v := range pbRes.Refs.Refs {
+		case *pb.Result_RefsDeprecated:
+			for k, v := range pbRes.RefsDeprecated.Refs {
 				ref := &reference{id: v, c: c}
 				if v == "" {
 					ref = nil
 				}
 				res.AddRef(k, ref)
 			}
+		case *pb.Result_Ref:
+			if pbRes.Ref.Id != "" {
+				ref, err := newReference(c, pbRes.Ref)
+				if err != nil {
+					return nil, err
+				}
+				res.SetRef(ref)
+			}
+		case *pb.Result_Refs:
+			for k, v := range pbRes.Refs.Refs {
+				var ref *reference
+				if v.Id != "" {
+					ref, err = newReference(c, v)
+					if err != nil {
+						return nil, err
+					}
+				}
+				res.AddRef(k, ref)
+			}
 		}
 	}
 
 	return res, nil
 }
 
-func (c *grpcClient) ResolveImageConfig(ctx context.Context, ref string, opt client.ResolveImageConfigOpt) (digest.Digest, []byte, error) {
+func (c *grpcClient) ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt) (digest.Digest, []byte, error) {
 	var p *opspb.Platform
 	if platform := opt.Platform; platform != nil {
 		p = &opspb.Platform{
@@ -335,9 +457,502 @@ func (c *grpcClient) BuildOpts() client.BuildOpts {
 	}
 }
 
+func (c *grpcClient) Inputs(ctx context.Context) (map[string]llb.State, error) {
+	err := c.caps.Supports(pb.CapFrontendInputs)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := c.client.Inputs(ctx, &pb.InputsRequest{})
+	if err != nil {
+		return nil, err
+	}
+
+	inputs := make(map[string]llb.State)
+	for key, def := range resp.Definitions {
+		op, err := llb.NewDefinitionOp(def)
+		if err != nil {
+			return nil, err
+		}
+		inputs[key] = llb.NewState(op)
+	}
+	return inputs, nil
+}
+
+// procMessageForwarder is created per container process to act as the
+// communication channel between the process and the ExecProcess message
+// stream.
+type procMessageForwarder struct {
+	done      chan struct{}
+	closeOnce sync.Once
+	msgs      chan *pb.ExecMessage
+}
+
+func newProcMessageForwarder() *procMessageForwarder {
+	return &procMessageForwarder{
+		done: make(chan struct{}),
+		msgs: make(chan *pb.ExecMessage),
+	}
+}
+
+func (b *procMessageForwarder) Send(ctx context.Context, m *pb.ExecMessage) {
+	select {
+	case <-ctx.Done():
+	case <-b.done:
+		b.closeOnce.Do(func() {
+			close(b.msgs)
+		})
+	case b.msgs <- m:
+	}
+}
+
+func (b *procMessageForwarder) Recv(ctx context.Context) (m *pb.ExecMessage, ok bool) {
+	select {
+	case <-ctx.Done():
+		return nil, true
+	case <-b.done:
+		return nil, false
+	case m = <-b.msgs:
+		return m, true
+	}
+}
+
+func (b *procMessageForwarder) Close() {
+	close(b.done)
+	b.Recv(context.Background())      // flush any messages in queue
+	b.Send(context.Background(), nil) // ensure channel is closed
+}
+
+// messageForwarder manages a single grpc stream for ExecProcess to facilitate
+// a pub/sub message channel for each new process started from the client
+// connection.
+type messageForwarder struct {
+	client pb.LLBBridgeClient
+	ctx    context.Context
+	cancel func()
+	eg     *errgroup.Group
+	mu     sync.Mutex
+	pids   map[string]*procMessageForwarder
+	stream pb.LLBBridge_ExecProcessClient
+	// startOnce used to only start the exec message forwarder once,
+	// so we only have one exec stream per client
+	startOnce sync.Once
+	// startErr tracks the error when initializing the stream, it will
+	// be returned on subsequent calls to Start
+	startErr error
+}
+
+func newMessageForwarder(ctx context.Context, client pb.LLBBridgeClient) *messageForwarder {
+	ctx, cancel := context.WithCancel(ctx)
+	eg, ctx := errgroup.WithContext(ctx)
+	return &messageForwarder{
+		client: client,
+		pids:   map[string]*procMessageForwarder{},
+		ctx:    ctx,
+		cancel: cancel,
+		eg:     eg,
+	}
+}
+
+func (m *messageForwarder) Start() (err error) {
+	defer func() {
+		if err != nil {
+			m.startErr = err
+		}
+	}()
+
+	if m.startErr != nil {
+		return m.startErr
+	}
+
+	m.startOnce.Do(func() {
+		m.stream, err = m.client.ExecProcess(m.ctx)
+		if err != nil {
+			return
+		}
+		m.eg.Go(func() error {
+			for {
+				msg, err := m.stream.Recv()
+				if errors.Is(err, io.EOF) || grpcerrors.Code(err) == codes.Canceled {
+					return nil
+				}
+				logrus.Debugf("|<--- %s", debugMessage(msg))
+
+				if err != nil {
+					return err
+				}
+
+				m.mu.Lock()
+				msgs, ok := m.pids[msg.ProcessID]
+				m.mu.Unlock()
+
+				if !ok {
+					logrus.Debugf("Received exec message for unregistered process: %s", msg.String())
+					continue
+				}
+				msgs.Send(m.ctx, msg)
+			}
+		})
+	})
+	return err
+}
+
+func debugMessage(msg *pb.ExecMessage) string {
+	switch m := msg.GetInput().(type) {
+	case *pb.ExecMessage_Init:
+		return fmt.Sprintf("Init Message %s", msg.ProcessID)
+	case *pb.ExecMessage_File:
+		if m.File.EOF {
+			return fmt.Sprintf("File Message %s, fd=%d, EOF", msg.ProcessID, m.File.Fd)
+		}
+		return fmt.Sprintf("File Message %s, fd=%d, %d bytes", msg.ProcessID, m.File.Fd, len(m.File.Data))
+	case *pb.ExecMessage_Resize:
+		return fmt.Sprintf("Resize Message %s", msg.ProcessID)
+	case *pb.ExecMessage_Started:
+		return fmt.Sprintf("Started Message %s", msg.ProcessID)
+	case *pb.ExecMessage_Exit:
+		return fmt.Sprintf("Exit Message %s, code=%d, err=%s", msg.ProcessID, m.Exit.Code, m.Exit.Error)
+	case *pb.ExecMessage_Done:
+		return fmt.Sprintf("Done Message %s", msg.ProcessID)
+	}
+	return fmt.Sprintf("Unknown Message %s", msg.String())
+}
+
+func (m *messageForwarder) Send(msg *pb.ExecMessage) error {
+	m.mu.Lock()
+	_, ok := m.pids[msg.ProcessID]
+	defer m.mu.Unlock()
+	if !ok {
+		return errors.Errorf("process %s has ended, not sending message %#v", msg.ProcessID, msg.Input)
+	}
+	logrus.Debugf("|---> %s", debugMessage(msg))
+	return m.stream.Send(msg)
+}
+
+func (m *messageForwarder) Release() error {
+	m.cancel()
+	return m.eg.Wait()
+}
+
+func (m *messageForwarder) Register(pid string) *procMessageForwarder {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	sender := newProcMessageForwarder()
+	m.pids[pid] = sender
+	return sender
+}
+
+func (m *messageForwarder) Deregister(pid string) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	sender, ok := m.pids[pid]
+	if !ok {
+		return
+	}
+	delete(m.pids, pid)
+	sender.Close()
+}
+
+type msgWriter struct {
+	mux       *messageForwarder
+	fd        uint32
+	processID string
+}
+
+func (w *msgWriter) Write(msg []byte) (int, error) {
+	err := w.mux.Send(&pb.ExecMessage{
+		ProcessID: w.processID,
+		Input: &pb.ExecMessage_File{
+			File: &pb.FdMessage{
+				Fd:   w.fd,
+				Data: msg,
+			},
+		},
+	})
+	if err != nil {
+		return 0, err
+	}
+	return len(msg), nil
+}
+
+func (c *grpcClient) NewContainer(ctx context.Context, req client.NewContainerRequest) (client.Container, error) {
+	err := c.caps.Supports(pb.CapGatewayExec)
+	if err != nil {
+		return nil, err
+	}
+	id := identity.NewID()
+	var mounts []*opspb.Mount
+	for _, m := range req.Mounts {
+		resultID := m.ResultID
+		if m.Ref != nil {
+			ref, ok := m.Ref.(*reference)
+			if !ok {
+				return nil, errors.Errorf("unexpected type for reference, got %T", m.Ref)
+			}
+			resultID = ref.id
+		}
+		mounts = append(mounts, &opspb.Mount{
+			Dest:      m.Dest,
+			Selector:  m.Selector,
+			Readonly:  m.Readonly,
+			MountType: m.MountType,
+			ResultID:  resultID,
+			CacheOpt:  m.CacheOpt,
+			SecretOpt: m.SecretOpt,
+			SSHOpt:    m.SSHOpt,
+		})
+	}
+
+	logrus.Debugf("|---> NewContainer %s", id)
+	_, err = c.client.NewContainer(ctx, &pb.NewContainerRequest{
+		ContainerID: id,
+		Mounts:      mounts,
+		Platform:    req.Platform,
+		Constraints: req.Constraints,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// ensure message forwarder is started, only sets up stream first time called
+	err = c.execMsgs.Start()
+	if err != nil {
+		return nil, err
+	}
+
+	return &container{
+		client:   c.client,
+		id:       id,
+		execMsgs: c.execMsgs,
+	}, nil
+}
+
+type container struct {
+	client   pb.LLBBridgeClient
+	id       string
+	execMsgs *messageForwarder
+}
+
+func (ctr *container) Start(ctx context.Context, req client.StartRequest) (client.ContainerProcess, error) {
+	pid := fmt.Sprintf("%s:%s", ctr.id, identity.NewID())
+	msgs := ctr.execMsgs.Register(pid)
+
+	init := &pb.InitMessage{
+		ContainerID: ctr.id,
+		Meta: &opspb.Meta{
+			Args: req.Args,
+			Env:  req.Env,
+			Cwd:  req.Cwd,
+			User: req.User,
+		},
+		Tty:      req.Tty,
+		Security: req.SecurityMode,
+	}
+	if req.Stdin != nil {
+		init.Fds = append(init.Fds, 0)
+	}
+	if req.Stdout != nil {
+		init.Fds = append(init.Fds, 1)
+	}
+	if req.Stderr != nil {
+		init.Fds = append(init.Fds, 2)
+	}
+
+	err := ctr.execMsgs.Send(&pb.ExecMessage{
+		ProcessID: pid,
+		Input: &pb.ExecMessage_Init{
+			Init: init,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	msg, _ := msgs.Recv(ctx)
+	if msg == nil {
+		return nil, errors.Errorf("failed to receive started message")
+	}
+	started := msg.GetStarted()
+	if started == nil {
+		return nil, errors.Errorf("expecting started message, got %T", msg.GetInput())
+	}
+
+	eg, ctx := errgroup.WithContext(ctx)
+	done := make(chan struct{})
+
+	ctrProc := &containerProcess{
+		execMsgs: ctr.execMsgs,
+		id:       pid,
+		eg:       eg,
+	}
+
+	var stdinReader *io.PipeReader
+	ctrProc.eg.Go(func() error {
+		<-done
+		if stdinReader != nil {
+			return stdinReader.Close()
+		}
+		return nil
+	})
+
+	if req.Stdin != nil {
+		var stdinWriter io.WriteCloser
+		stdinReader, stdinWriter = io.Pipe()
+		// This go routine is intentionally not part of the errgroup because
+		// if os.Stdin is used for req.Stdin then this will block until
+		// the user closes the input, which will likely be after we are done
+		// with the container, so we can't Wait on it.
+		go func() {
+			io.Copy(stdinWriter, req.Stdin)
+			stdinWriter.Close()
+		}()
+
+		ctrProc.eg.Go(func() error {
+			m := &msgWriter{
+				mux:       ctr.execMsgs,
+				processID: pid,
+				fd:        0,
+			}
+			_, err := io.Copy(m, stdinReader)
+			// ignore ErrClosedPipe, it is EOF for our usage.
+			if err != nil && !errors.Is(err, io.ErrClosedPipe) {
+				return err
+			}
+			// not an error so must be eof
+			return ctr.execMsgs.Send(&pb.ExecMessage{
+				ProcessID: pid,
+				Input: &pb.ExecMessage_File{
+					File: &pb.FdMessage{
+						Fd:  0,
+						EOF: true,
+					},
+				},
+			})
+		})
+	}
+
+	ctrProc.eg.Go(func() error {
+		var closeDoneOnce sync.Once
+		var exitError error
+		for {
+			msg, ok := msgs.Recv(ctx)
+			if !ok {
+				// no more messages, return
+				return exitError
+			}
+
+			if msg == nil {
+				// empty message from ctx cancel, so just start shutting down
+				// input, but continue processing more exit/done messages
+				closeDoneOnce.Do(func() {
+					close(done)
+				})
+				continue
+			}
+
+			if file := msg.GetFile(); file != nil {
+				var out io.WriteCloser
+				switch file.Fd {
+				case 1:
+					out = req.Stdout
+				case 2:
+					out = req.Stderr
+				}
+				if out == nil {
+					// if things are plumbed correctly this should never happen
+					return errors.Errorf("missing writer for output fd %d", file.Fd)
+				}
+				if len(file.Data) > 0 {
+					_, err := out.Write(file.Data)
+					if err != nil {
+						return err
+					}
+				}
+			} else if exit := msg.GetExit(); exit != nil {
+				// capture exit message to exitError so we can return it after
+				// the server sends the Done message
+				closeDoneOnce.Do(func() {
+					close(done)
+				})
+				if exit.Code == 0 {
+					continue
+				}
+				exitError = grpcerrors.FromGRPC(status.ErrorProto(&spb.Status{
+					Code:    exit.Error.Code,
+					Message: exit.Error.Message,
+					Details: convertGogoAny(exit.Error.Details),
+				}))
+				if exit.Code != errdefs.UnknownExitStatus {
+					exitError = &errdefs.ExitError{ExitCode: exit.Code, Err: exitError}
+				}
+			} else if serverDone := msg.GetDone(); serverDone != nil {
+				return exitError
+			} else {
+				return errors.Errorf("unexpected Exec Message for pid %s: %T", pid, msg.GetInput())
+			}
+		}
+	})
+
+	return ctrProc, nil
+}
+
+func (ctr *container) Release(ctx context.Context) error {
+	logrus.Debugf("|---> ReleaseContainer %s", ctr.id)
+	_, err := ctr.client.ReleaseContainer(ctx, &pb.ReleaseContainerRequest{
+		ContainerID: ctr.id,
+	})
+	return err
+}
+
+type containerProcess struct {
+	execMsgs *messageForwarder
+	id       string
+	eg       *errgroup.Group
+}
+
+func (ctrProc *containerProcess) Wait() error {
+	defer ctrProc.execMsgs.Deregister(ctrProc.id)
+	return ctrProc.eg.Wait()
+}
+
+func (ctrProc *containerProcess) Resize(_ context.Context, size client.WinSize) error {
+	return ctrProc.execMsgs.Send(&pb.ExecMessage{
+		ProcessID: ctrProc.id,
+		Input: &pb.ExecMessage_Resize{
+			Resize: &pb.ResizeMessage{
+				Cols: size.Cols,
+				Rows: size.Rows,
+			},
+		},
+	})
+}
+
 type reference struct {
-	id string
-	c  *grpcClient
+	c   *grpcClient
+	id  string
+	def *opspb.Definition
+}
+
+func newReference(c *grpcClient, ref *pb.Ref) (*reference, error) {
+	return &reference{c: c, id: ref.Id, def: ref.Def}, nil
+}
+
+func (r *reference) ToState() (st llb.State, err error) {
+	err = r.c.caps.Supports(pb.CapReferenceOutput)
+	if err != nil {
+		return st, err
+	}
+
+	if r.def == nil {
+		return st, errors.Errorf("gateway did not return reference with definition")
+	}
+
+	defop, err := llb.NewDefinitionOp(r.def)
+	if err != nil {
+		return st, err
+	}
+
+	return llb.NewState(defop), nil
 }
 
 func (r *reference) ReadFile(ctx context.Context, req client.ReadRequest) ([]byte, error) {
@@ -387,11 +1002,11 @@ func (r *reference) StatFile(ctx context.Context, req client.StatRequest) (*fsty
 }
 
 func grpcClientConn(ctx context.Context) (context.Context, *grpc.ClientConn, error) {
-	dialOpt := grpc.WithDialer(func(addr string, d time.Duration) (net.Conn, error) {
+	dialOpt := grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) {
 		return stdioConn(), nil
 	})
 
-	cc, err := grpc.DialContext(ctx, "", dialOpt, grpc.WithInsecure())
+	cc, err := grpc.DialContext(ctx, "localhost", dialOpt, grpc.WithInsecure(), grpc.WithUnaryInterceptor(grpcerrors.UnaryClientInterceptor), grpc.WithStreamInterceptor(grpcerrors.StreamClientInterceptor))
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "failed to create grpc client")
 	}
@@ -477,3 +1092,19 @@ func workers() []client.WorkerInfo {
 func product() string {
 	return os.Getenv("BUILDKIT_EXPORTEDPRODUCT")
 }
+
+func convertGogoAny(in []*gogotypes.Any) []*any.Any {
+	out := make([]*any.Any, len(in))
+	for i := range in {
+		out[i] = &any.Any{TypeUrl: in[i].TypeUrl, Value: in[i].Value}
+	}
+	return out
+}
+
+func convertToGogoAny(in []*any.Any) []*gogotypes.Any {
+	out := make([]*gogotypes.Any, len(in))
+	for i := range in {
+		out[i] = &gogotypes.Any{TypeUrl: in[i].TypeUrl, Value: in[i].Value}
+	}
+	return out
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/pb/caps.go b/vendor/github.com/moby/buildkit/frontend/gateway/pb/caps.go
index fd05e4c8195e2..efddd746d3625 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/pb/caps.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/pb/caps.go
@@ -1,4 +1,4 @@
-package moby_buildkit_v1_frontend
+package moby_buildkit_v1_frontend //nolint:golint
 
 import "github.com/moby/buildkit/util/apicaps"
 
@@ -18,6 +18,35 @@ const (
 	CapReturnMap               apicaps.CapID = "returnmap"
 	CapReadDir                 apicaps.CapID = "readdir"
 	CapStatFile                apicaps.CapID = "statfile"
+	CapImportCaches            apicaps.CapID = "importcaches"
+
+	// CapProtoRefArray is a capability to return arrays of refs instead of single
+	// refs. This capability is only for the wire format change and shouldn't be
+	// used in frontends for feature detection.
+	CapProtoRefArray apicaps.CapID = "proto.refarray"
+
+	// CapReferenceOutput is a capability to use a reference of a solved result as
+	// an llb.Output.
+	CapReferenceOutput apicaps.CapID = "reference.output"
+
+	// CapFrontendInputs is a capability to request frontend inputs from the
+	// LLBBridge GRPC server.
+	CapFrontendInputs apicaps.CapID = "frontend.inputs"
+
+	// CapGatewaySolveMetadata can be used to check if solve calls from gateway reliably return metadata
+	CapGatewaySolveMetadata apicaps.CapID = "gateway.solve.metadata"
+
+	// CapGatewayExec is the capability to create and interact with new
+	// containers directly through the gateway
+	CapGatewayExec apicaps.CapID = "gateway.exec"
+
+	// CapFrontendCaps can be used to check that frontends define support for certain capabilities
+	CapFrontendCaps apicaps.CapID = "frontend.caps"
+
+	// CapGatewayEvaluateSolve is a capability to immediately unlazy solve
+	// results. This is generally used by the client to return and handle solve
+	// errors.
+	CapGatewayEvaluateSolve apicaps.CapID = "gateway.solve.evaluate"
 )
 
 func init() {
@@ -84,4 +113,60 @@ func init() {
 		Enabled: true,
 		Status:  apicaps.CapStatusExperimental,
 	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapImportCaches,
+		Name:    "import caches",
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapProtoRefArray,
+		Name:    "wire format ref arrays",
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapReferenceOutput,
+		Name:    "reference output",
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapFrontendInputs,
+		Name:    "frontend inputs",
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapGatewaySolveMetadata,
+		Name:    "gateway metadata",
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapGatewayExec,
+		Name:    "gateway exec",
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapFrontendCaps,
+		Name:    "frontend capabilities",
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapGatewayEvaluateSolve,
+		Name:    "gateway evaluate solve",
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
 }
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/pb/gateway.pb.go b/vendor/github.com/moby/buildkit/frontend/gateway/pb/gateway.pb.go
index cf90c8a26e1b6..06fcb98ea4d88 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/pb/gateway.pb.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/pb/gateway.pb.go
@@ -1,49 +1,26 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: gateway.proto
 
-/*
-	Package moby_buildkit_v1_frontend is a generated protocol buffer package.
-
-	It is generated from these files:
-		gateway.proto
-
-	It has these top-level messages:
-		Result
-		RefMap
-		ReturnRequest
-		ReturnResponse
-		ResolveImageConfigRequest
-		ResolveImageConfigResponse
-		SolveRequest
-		SolveResponse
-		ReadFileRequest
-		FileRange
-		ReadFileResponse
-		ReadDirRequest
-		ReadDirResponse
-		StatFileRequest
-		StatFileResponse
-		PingRequest
-		PongResponse
-*/
 package moby_buildkit_v1_frontend
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-import google_rpc "github.com/gogo/googleapis/google/rpc"
-import pb "github.com/moby/buildkit/solver/pb"
-import moby_buildkit_v1_types "github.com/moby/buildkit/api/types"
-import moby_buildkit_v1_apicaps "github.com/moby/buildkit/util/apicaps/pb"
-import fsutil_types "github.com/tonistiigi/fsutil/types"
-
-import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import io "io"
+import (
+	context "context"
+	fmt "fmt"
+	rpc "github.com/gogo/googleapis/google/rpc"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	types1 "github.com/moby/buildkit/api/types"
+	pb "github.com/moby/buildkit/solver/pb"
+	pb1 "github.com/moby/buildkit/util/apicaps/pb"
+	github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
+	types "github.com/tonistiigi/fsutil/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -54,20 +31,53 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Result struct {
 	// Types that are valid to be assigned to Result:
+	//	*Result_RefDeprecated
+	//	*Result_RefsDeprecated
 	//	*Result_Ref
 	//	*Result_Refs
-	Result   isResult_Result   `protobuf_oneof:"result"`
-	Metadata map[string][]byte `protobuf:"bytes,10,rep,name=metadata" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Result               isResult_Result   `protobuf_oneof:"result"`
+	Metadata             map[string][]byte `protobuf:"bytes,10,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Result) Reset()         { *m = Result{} }
+func (m *Result) String() string { return proto.CompactTextString(m) }
+func (*Result) ProtoMessage()    {}
+func (*Result) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{0}
+}
+func (m *Result) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Result) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Result.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Result) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Result.Merge(m, src)
+}
+func (m *Result) XXX_Size() int {
+	return m.Size()
+}
+func (m *Result) XXX_DiscardUnknown() {
+	xxx_messageInfo_Result.DiscardUnknown(m)
 }
 
-func (m *Result) Reset()                    { *m = Result{} }
-func (m *Result) String() string            { return proto.CompactTextString(m) }
-func (*Result) ProtoMessage()               {}
-func (*Result) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{0} }
+var xxx_messageInfo_Result proto.InternalMessageInfo
 
 type isResult_Result interface {
 	isResult_Result()
@@ -75,15 +85,23 @@ type isResult_Result interface {
 	Size() int
 }
 
+type Result_RefDeprecated struct {
+	RefDeprecated string `protobuf:"bytes,1,opt,name=refDeprecated,proto3,oneof" json:"refDeprecated,omitempty"`
+}
+type Result_RefsDeprecated struct {
+	RefsDeprecated *RefMapDeprecated `protobuf:"bytes,2,opt,name=refsDeprecated,proto3,oneof" json:"refsDeprecated,omitempty"`
+}
 type Result_Ref struct {
-	Ref string `protobuf:"bytes,1,opt,name=ref,proto3,oneof"`
+	Ref *Ref `protobuf:"bytes,3,opt,name=ref,proto3,oneof" json:"ref,omitempty"`
 }
 type Result_Refs struct {
-	Refs *RefMap `protobuf:"bytes,2,opt,name=refs,oneof"`
+	Refs *RefMap `protobuf:"bytes,4,opt,name=refs,proto3,oneof" json:"refs,omitempty"`
 }
 
-func (*Result_Ref) isResult_Result()  {}
-func (*Result_Refs) isResult_Result() {}
+func (*Result_RefDeprecated) isResult_Result()  {}
+func (*Result_RefsDeprecated) isResult_Result() {}
+func (*Result_Ref) isResult_Result()            {}
+func (*Result_Refs) isResult_Result()           {}
 
 func (m *Result) GetResult() isResult_Result {
 	if m != nil {
@@ -92,11 +110,25 @@ func (m *Result) GetResult() isResult_Result {
 	return nil
 }
 
-func (m *Result) GetRef() string {
+func (m *Result) GetRefDeprecated() string {
+	if x, ok := m.GetResult().(*Result_RefDeprecated); ok {
+		return x.RefDeprecated
+	}
+	return ""
+}
+
+func (m *Result) GetRefsDeprecated() *RefMapDeprecated {
+	if x, ok := m.GetResult().(*Result_RefsDeprecated); ok {
+		return x.RefsDeprecated
+	}
+	return nil
+}
+
+func (m *Result) GetRef() *Ref {
 	if x, ok := m.GetResult().(*Result_Ref); ok {
 		return x.Ref
 	}
-	return ""
+	return nil
 }
 
 func (m *Result) GetRefs() *RefMap {
@@ -113,86 +145,159 @@ func (m *Result) GetMetadata() map[string][]byte {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Result) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _Result_OneofMarshaler, _Result_OneofUnmarshaler, _Result_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Result) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*Result_RefDeprecated)(nil),
+		(*Result_RefsDeprecated)(nil),
 		(*Result_Ref)(nil),
 		(*Result_Refs)(nil),
 	}
 }
 
-func _Result_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*Result)
-	// result
-	switch x := m.Result.(type) {
-	case *Result_Ref:
-		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
-		_ = b.EncodeStringBytes(x.Ref)
-	case *Result_Refs:
-		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Refs); err != nil {
-			return err
+type RefMapDeprecated struct {
+	Refs                 map[string]string `protobuf:"bytes,1,rep,name=refs,proto3" json:"refs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *RefMapDeprecated) Reset()         { *m = RefMapDeprecated{} }
+func (m *RefMapDeprecated) String() string { return proto.CompactTextString(m) }
+func (*RefMapDeprecated) ProtoMessage()    {}
+func (*RefMapDeprecated) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{1}
+}
+func (m *RefMapDeprecated) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RefMapDeprecated) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RefMapDeprecated.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
 		}
-	case nil:
-	default:
-		return fmt.Errorf("Result.Result has unexpected type %T", x)
+		return b[:n], nil
+	}
+}
+func (m *RefMapDeprecated) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RefMapDeprecated.Merge(m, src)
+}
+func (m *RefMapDeprecated) XXX_Size() int {
+	return m.Size()
+}
+func (m *RefMapDeprecated) XXX_DiscardUnknown() {
+	xxx_messageInfo_RefMapDeprecated.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RefMapDeprecated proto.InternalMessageInfo
+
+func (m *RefMapDeprecated) GetRefs() map[string]string {
+	if m != nil {
+		return m.Refs
 	}
 	return nil
 }
 
-func _Result_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*Result)
-	switch tag {
-	case 1: // result.ref
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Result = &Result_Ref{x}
-		return true, err
-	case 2: // result.refs
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(RefMap)
-		err := b.DecodeMessage(msg)
-		m.Result = &Result_Refs{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _Result_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*Result)
-	// result
-	switch x := m.Result.(type) {
-	case *Result_Ref:
-		n += proto.SizeVarint(1<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(len(x.Ref)))
-		n += len(x.Ref)
-	case *Result_Refs:
-		s := proto.Size(x.Refs)
-		n += proto.SizeVarint(2<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
+type Ref struct {
+	Id                   string         `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Def                  *pb.Definition `protobuf:"bytes,2,opt,name=def,proto3" json:"def,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *Ref) Reset()         { *m = Ref{} }
+func (m *Ref) String() string { return proto.CompactTextString(m) }
+func (*Ref) ProtoMessage()    {}
+func (*Ref) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{2}
+}
+func (m *Ref) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Ref) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Ref.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return n
+}
+func (m *Ref) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Ref.Merge(m, src)
+}
+func (m *Ref) XXX_Size() int {
+	return m.Size()
+}
+func (m *Ref) XXX_DiscardUnknown() {
+	xxx_messageInfo_Ref.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Ref proto.InternalMessageInfo
+
+func (m *Ref) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func (m *Ref) GetDef() *pb.Definition {
+	if m != nil {
+		return m.Def
+	}
+	return nil
 }
 
 type RefMap struct {
-	Refs map[string]string `protobuf:"bytes,1,rep,name=refs" json:"refs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Refs                 map[string]*Ref `protobuf:"bytes,1,rep,name=refs,proto3" json:"refs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *RefMap) Reset()         { *m = RefMap{} }
+func (m *RefMap) String() string { return proto.CompactTextString(m) }
+func (*RefMap) ProtoMessage()    {}
+func (*RefMap) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{3}
+}
+func (m *RefMap) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RefMap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_RefMap.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *RefMap) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RefMap.Merge(m, src)
+}
+func (m *RefMap) XXX_Size() int {
+	return m.Size()
+}
+func (m *RefMap) XXX_DiscardUnknown() {
+	xxx_messageInfo_RefMap.DiscardUnknown(m)
 }
 
-func (m *RefMap) Reset()                    { *m = RefMap{} }
-func (m *RefMap) String() string            { return proto.CompactTextString(m) }
-func (*RefMap) ProtoMessage()               {}
-func (*RefMap) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{1} }
+var xxx_messageInfo_RefMap proto.InternalMessageInfo
 
-func (m *RefMap) GetRefs() map[string]string {
+func (m *RefMap) GetRefs() map[string]*Ref {
 	if m != nil {
 		return m.Refs
 	}
@@ -200,14 +305,45 @@ func (m *RefMap) GetRefs() map[string]string {
 }
 
 type ReturnRequest struct {
-	Result *Result            `protobuf:"bytes,1,opt,name=result" json:"result,omitempty"`
-	Error  *google_rpc.Status `protobuf:"bytes,2,opt,name=error" json:"error,omitempty"`
+	Result               *Result     `protobuf:"bytes,1,opt,name=result,proto3" json:"result,omitempty"`
+	Error                *rpc.Status `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *ReturnRequest) Reset()         { *m = ReturnRequest{} }
+func (m *ReturnRequest) String() string { return proto.CompactTextString(m) }
+func (*ReturnRequest) ProtoMessage()    {}
+func (*ReturnRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{4}
+}
+func (m *ReturnRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReturnRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReturnRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReturnRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReturnRequest.Merge(m, src)
+}
+func (m *ReturnRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReturnRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReturnRequest.DiscardUnknown(m)
 }
 
-func (m *ReturnRequest) Reset()                    { *m = ReturnRequest{} }
-func (m *ReturnRequest) String() string            { return proto.CompactTextString(m) }
-func (*ReturnRequest) ProtoMessage()               {}
-func (*ReturnRequest) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{2} }
+var xxx_messageInfo_ReturnRequest proto.InternalMessageInfo
 
 func (m *ReturnRequest) GetResult() *Result {
 	if m != nil {
@@ -216,7 +352,7 @@ func (m *ReturnRequest) GetResult() *Result {
 	return nil
 }
 
-func (m *ReturnRequest) GetError() *google_rpc.Status {
+func (m *ReturnRequest) GetError() *rpc.Status {
 	if m != nil {
 		return m.Error
 	}
@@ -224,24 +360,172 @@ func (m *ReturnRequest) GetError() *google_rpc.Status {
 }
 
 type ReturnResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReturnResponse) Reset()         { *m = ReturnResponse{} }
+func (m *ReturnResponse) String() string { return proto.CompactTextString(m) }
+func (*ReturnResponse) ProtoMessage()    {}
+func (*ReturnResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{5}
+}
+func (m *ReturnResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReturnResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReturnResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReturnResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReturnResponse.Merge(m, src)
+}
+func (m *ReturnResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReturnResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReturnResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ReturnResponse proto.InternalMessageInfo
+
+type InputsRequest struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *InputsRequest) Reset()         { *m = InputsRequest{} }
+func (m *InputsRequest) String() string { return proto.CompactTextString(m) }
+func (*InputsRequest) ProtoMessage()    {}
+func (*InputsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{6}
+}
+func (m *InputsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *InputsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_InputsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *InputsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_InputsRequest.Merge(m, src)
+}
+func (m *InputsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *InputsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_InputsRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_InputsRequest proto.InternalMessageInfo
+
+type InputsResponse struct {
+	Definitions          map[string]*pb.Definition `protobuf:"bytes,1,rep,name=Definitions,proto3" json:"Definitions,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}                  `json:"-"`
+	XXX_unrecognized     []byte                    `json:"-"`
+	XXX_sizecache        int32                     `json:"-"`
+}
+
+func (m *InputsResponse) Reset()         { *m = InputsResponse{} }
+func (m *InputsResponse) String() string { return proto.CompactTextString(m) }
+func (*InputsResponse) ProtoMessage()    {}
+func (*InputsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{7}
+}
+func (m *InputsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *InputsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_InputsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *InputsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_InputsResponse.Merge(m, src)
+}
+func (m *InputsResponse) XXX_Size() int {
+	return m.Size()
 }
+func (m *InputsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_InputsResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_InputsResponse proto.InternalMessageInfo
 
-func (m *ReturnResponse) Reset()                    { *m = ReturnResponse{} }
-func (m *ReturnResponse) String() string            { return proto.CompactTextString(m) }
-func (*ReturnResponse) ProtoMessage()               {}
-func (*ReturnResponse) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{3} }
+func (m *InputsResponse) GetDefinitions() map[string]*pb.Definition {
+	if m != nil {
+		return m.Definitions
+	}
+	return nil
+}
 
 type ResolveImageConfigRequest struct {
-	Ref         string       `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
-	Platform    *pb.Platform `protobuf:"bytes,2,opt,name=Platform" json:"Platform,omitempty"`
-	ResolveMode string       `protobuf:"bytes,3,opt,name=ResolveMode,proto3" json:"ResolveMode,omitempty"`
-	LogName     string       `protobuf:"bytes,4,opt,name=LogName,proto3" json:"LogName,omitempty"`
+	Ref                  string       `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
+	Platform             *pb.Platform `protobuf:"bytes,2,opt,name=Platform,proto3" json:"Platform,omitempty"`
+	ResolveMode          string       `protobuf:"bytes,3,opt,name=ResolveMode,proto3" json:"ResolveMode,omitempty"`
+	LogName              string       `protobuf:"bytes,4,opt,name=LogName,proto3" json:"LogName,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
+	XXX_unrecognized     []byte       `json:"-"`
+	XXX_sizecache        int32        `json:"-"`
+}
+
+func (m *ResolveImageConfigRequest) Reset()         { *m = ResolveImageConfigRequest{} }
+func (m *ResolveImageConfigRequest) String() string { return proto.CompactTextString(m) }
+func (*ResolveImageConfigRequest) ProtoMessage()    {}
+func (*ResolveImageConfigRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{8}
+}
+func (m *ResolveImageConfigRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResolveImageConfigRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResolveImageConfigRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResolveImageConfigRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResolveImageConfigRequest.Merge(m, src)
+}
+func (m *ResolveImageConfigRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResolveImageConfigRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResolveImageConfigRequest.DiscardUnknown(m)
 }
 
-func (m *ResolveImageConfigRequest) Reset()                    { *m = ResolveImageConfigRequest{} }
-func (m *ResolveImageConfigRequest) String() string            { return proto.CompactTextString(m) }
-func (*ResolveImageConfigRequest) ProtoMessage()               {}
-func (*ResolveImageConfigRequest) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{4} }
+var xxx_messageInfo_ResolveImageConfigRequest proto.InternalMessageInfo
 
 func (m *ResolveImageConfigRequest) GetRef() string {
 	if m != nil {
@@ -272,17 +556,46 @@ func (m *ResolveImageConfigRequest) GetLogName() string {
 }
 
 type ResolveImageConfigResponse struct {
-	Digest github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=Digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"Digest"`
-	Config []byte                                     `protobuf:"bytes,2,opt,name=Config,proto3" json:"Config,omitempty"`
+	Digest               github_com_opencontainers_go_digest.Digest `protobuf:"bytes,1,opt,name=Digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"Digest"`
+	Config               []byte                                     `protobuf:"bytes,2,opt,name=Config,proto3" json:"Config,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
+	XXX_unrecognized     []byte                                     `json:"-"`
+	XXX_sizecache        int32                                      `json:"-"`
 }
 
 func (m *ResolveImageConfigResponse) Reset()         { *m = ResolveImageConfigResponse{} }
 func (m *ResolveImageConfigResponse) String() string { return proto.CompactTextString(m) }
 func (*ResolveImageConfigResponse) ProtoMessage()    {}
 func (*ResolveImageConfigResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptorGateway, []int{5}
+	return fileDescriptor_f1a937782ebbded5, []int{9}
+}
+func (m *ResolveImageConfigResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResolveImageConfigResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResolveImageConfigResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResolveImageConfigResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResolveImageConfigResponse.Merge(m, src)
+}
+func (m *ResolveImageConfigResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResolveImageConfigResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResolveImageConfigResponse.DiscardUnknown(m)
 }
 
+var xxx_messageInfo_ResolveImageConfigResponse proto.InternalMessageInfo
+
 func (m *ResolveImageConfigResponse) GetConfig() []byte {
 	if m != nil {
 		return m.Config
@@ -291,20 +604,62 @@ func (m *ResolveImageConfigResponse) GetConfig() []byte {
 }
 
 type SolveRequest struct {
-	Definition        *pb.Definition    `protobuf:"bytes,1,opt,name=Definition" json:"Definition,omitempty"`
-	Frontend          string            `protobuf:"bytes,2,opt,name=Frontend,proto3" json:"Frontend,omitempty"`
-	FrontendOpt       map[string]string `protobuf:"bytes,3,rep,name=FrontendOpt" json:"FrontendOpt,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	ImportCacheRefs   []string          `protobuf:"bytes,4,rep,name=ImportCacheRefs" json:"ImportCacheRefs,omitempty"`
-	AllowResultReturn bool              `protobuf:"varint,5,opt,name=allowResultReturn,proto3" json:"allowResultReturn,omitempty"`
+	Definition  *pb.Definition    `protobuf:"bytes,1,opt,name=Definition,proto3" json:"Definition,omitempty"`
+	Frontend    string            `protobuf:"bytes,2,opt,name=Frontend,proto3" json:"Frontend,omitempty"`
+	FrontendOpt map[string]string `protobuf:"bytes,3,rep,name=FrontendOpt,proto3" json:"FrontendOpt,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// ImportCacheRefsDeprecated is deprecated in favor or the new Imports since BuildKit v0.4.0.
+	// When ImportCacheRefsDeprecated is set, the solver appends
+	// {.Type = "registry", .Attrs = {"ref": importCacheRef}}
+	// for each of the ImportCacheRefs entry to CacheImports for compatibility. (planned to be removed)
+	ImportCacheRefsDeprecated []string `protobuf:"bytes,4,rep,name=ImportCacheRefsDeprecated,proto3" json:"ImportCacheRefsDeprecated,omitempty"`
+	AllowResultReturn         bool     `protobuf:"varint,5,opt,name=allowResultReturn,proto3" json:"allowResultReturn,omitempty"`
+	AllowResultArrayRef       bool     `protobuf:"varint,6,opt,name=allowResultArrayRef,proto3" json:"allowResultArrayRef,omitempty"`
 	// apicaps.CapSolveInlineReturn deprecated
 	Final        bool   `protobuf:"varint,10,opt,name=Final,proto3" json:"Final,omitempty"`
 	ExporterAttr []byte `protobuf:"bytes,11,opt,name=ExporterAttr,proto3" json:"ExporterAttr,omitempty"`
+	// CacheImports was added in BuildKit v0.4.0.
+	// apicaps:CapImportCaches
+	CacheImports []*CacheOptionsEntry `protobuf:"bytes,12,rep,name=CacheImports,proto3" json:"CacheImports,omitempty"`
+	// apicaps:CapFrontendInputs
+	FrontendInputs       map[string]*pb.Definition `protobuf:"bytes,13,rep,name=FrontendInputs,proto3" json:"FrontendInputs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Evaluate             bool                      `protobuf:"varint,14,opt,name=Evaluate,proto3" json:"Evaluate,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                  `json:"-"`
+	XXX_unrecognized     []byte                    `json:"-"`
+	XXX_sizecache        int32                     `json:"-"`
+}
+
+func (m *SolveRequest) Reset()         { *m = SolveRequest{} }
+func (m *SolveRequest) String() string { return proto.CompactTextString(m) }
+func (*SolveRequest) ProtoMessage()    {}
+func (*SolveRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{10}
+}
+func (m *SolveRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SolveRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SolveRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SolveRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SolveRequest.Merge(m, src)
+}
+func (m *SolveRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *SolveRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_SolveRequest.DiscardUnknown(m)
 }
 
-func (m *SolveRequest) Reset()                    { *m = SolveRequest{} }
-func (m *SolveRequest) String() string            { return proto.CompactTextString(m) }
-func (*SolveRequest) ProtoMessage()               {}
-func (*SolveRequest) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{6} }
+var xxx_messageInfo_SolveRequest proto.InternalMessageInfo
 
 func (m *SolveRequest) GetDefinition() *pb.Definition {
 	if m != nil {
@@ -327,9 +682,9 @@ func (m *SolveRequest) GetFrontendOpt() map[string]string {
 	return nil
 }
 
-func (m *SolveRequest) GetImportCacheRefs() []string {
+func (m *SolveRequest) GetImportCacheRefsDeprecated() []string {
 	if m != nil {
-		return m.ImportCacheRefs
+		return m.ImportCacheRefsDeprecated
 	}
 	return nil
 }
@@ -341,6 +696,13 @@ func (m *SolveRequest) GetAllowResultReturn() bool {
 	return false
 }
 
+func (m *SolveRequest) GetAllowResultArrayRef() bool {
+	if m != nil {
+		return m.AllowResultArrayRef
+	}
+	return false
+}
+
 func (m *SolveRequest) GetFinal() bool {
 	if m != nil {
 		return m.Final
@@ -355,17 +717,125 @@ func (m *SolveRequest) GetExporterAttr() []byte {
 	return nil
 }
 
+func (m *SolveRequest) GetCacheImports() []*CacheOptionsEntry {
+	if m != nil {
+		return m.CacheImports
+	}
+	return nil
+}
+
+func (m *SolveRequest) GetFrontendInputs() map[string]*pb.Definition {
+	if m != nil {
+		return m.FrontendInputs
+	}
+	return nil
+}
+
+func (m *SolveRequest) GetEvaluate() bool {
+	if m != nil {
+		return m.Evaluate
+	}
+	return false
+}
+
+// CacheOptionsEntry corresponds to the control.CacheOptionsEntry
+type CacheOptionsEntry struct {
+	Type                 string            `protobuf:"bytes,1,opt,name=Type,proto3" json:"Type,omitempty"`
+	Attrs                map[string]string `protobuf:"bytes,2,rep,name=Attrs,proto3" json:"Attrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *CacheOptionsEntry) Reset()         { *m = CacheOptionsEntry{} }
+func (m *CacheOptionsEntry) String() string { return proto.CompactTextString(m) }
+func (*CacheOptionsEntry) ProtoMessage()    {}
+func (*CacheOptionsEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{11}
+}
+func (m *CacheOptionsEntry) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CacheOptionsEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CacheOptionsEntry.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CacheOptionsEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CacheOptionsEntry.Merge(m, src)
+}
+func (m *CacheOptionsEntry) XXX_Size() int {
+	return m.Size()
+}
+func (m *CacheOptionsEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_CacheOptionsEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CacheOptionsEntry proto.InternalMessageInfo
+
+func (m *CacheOptionsEntry) GetType() string {
+	if m != nil {
+		return m.Type
+	}
+	return ""
+}
+
+func (m *CacheOptionsEntry) GetAttrs() map[string]string {
+	if m != nil {
+		return m.Attrs
+	}
+	return nil
+}
+
 type SolveResponse struct {
 	// deprecated
 	Ref string `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
 	// these fields are returned when allowMapReturn was set
-	Result *Result `protobuf:"bytes,3,opt,name=result" json:"result,omitempty"`
+	Result               *Result  `protobuf:"bytes,3,opt,name=result,proto3" json:"result,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *SolveResponse) Reset()         { *m = SolveResponse{} }
+func (m *SolveResponse) String() string { return proto.CompactTextString(m) }
+func (*SolveResponse) ProtoMessage()    {}
+func (*SolveResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{12}
+}
+func (m *SolveResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SolveResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SolveResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SolveResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SolveResponse.Merge(m, src)
+}
+func (m *SolveResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *SolveResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_SolveResponse.DiscardUnknown(m)
 }
 
-func (m *SolveResponse) Reset()                    { *m = SolveResponse{} }
-func (m *SolveResponse) String() string            { return proto.CompactTextString(m) }
-func (*SolveResponse) ProtoMessage()               {}
-func (*SolveResponse) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{7} }
+var xxx_messageInfo_SolveResponse proto.InternalMessageInfo
 
 func (m *SolveResponse) GetRef() string {
 	if m != nil {
@@ -382,15 +852,46 @@ func (m *SolveResponse) GetResult() *Result {
 }
 
 type ReadFileRequest struct {
-	Ref      string     `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
-	FilePath string     `protobuf:"bytes,2,opt,name=FilePath,proto3" json:"FilePath,omitempty"`
-	Range    *FileRange `protobuf:"bytes,3,opt,name=Range" json:"Range,omitempty"`
+	Ref                  string     `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
+	FilePath             string     `protobuf:"bytes,2,opt,name=FilePath,proto3" json:"FilePath,omitempty"`
+	Range                *FileRange `protobuf:"bytes,3,opt,name=Range,proto3" json:"Range,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *ReadFileRequest) Reset()         { *m = ReadFileRequest{} }
+func (m *ReadFileRequest) String() string { return proto.CompactTextString(m) }
+func (*ReadFileRequest) ProtoMessage()    {}
+func (*ReadFileRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{13}
+}
+func (m *ReadFileRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReadFileRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReadFileRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReadFileRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReadFileRequest.Merge(m, src)
+}
+func (m *ReadFileRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReadFileRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReadFileRequest.DiscardUnknown(m)
 }
 
-func (m *ReadFileRequest) Reset()                    { *m = ReadFileRequest{} }
-func (m *ReadFileRequest) String() string            { return proto.CompactTextString(m) }
-func (*ReadFileRequest) ProtoMessage()               {}
-func (*ReadFileRequest) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{8} }
+var xxx_messageInfo_ReadFileRequest proto.InternalMessageInfo
 
 func (m *ReadFileRequest) GetRef() string {
 	if m != nil {
@@ -414,14 +915,45 @@ func (m *ReadFileRequest) GetRange() *FileRange {
 }
 
 type FileRange struct {
-	Offset int64 `protobuf:"varint,1,opt,name=Offset,proto3" json:"Offset,omitempty"`
-	Length int64 `protobuf:"varint,2,opt,name=Length,proto3" json:"Length,omitempty"`
+	Offset               int64    `protobuf:"varint,1,opt,name=Offset,proto3" json:"Offset,omitempty"`
+	Length               int64    `protobuf:"varint,2,opt,name=Length,proto3" json:"Length,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *FileRange) Reset()         { *m = FileRange{} }
+func (m *FileRange) String() string { return proto.CompactTextString(m) }
+func (*FileRange) ProtoMessage()    {}
+func (*FileRange) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{14}
+}
+func (m *FileRange) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FileRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_FileRange.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *FileRange) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileRange.Merge(m, src)
+}
+func (m *FileRange) XXX_Size() int {
+	return m.Size()
+}
+func (m *FileRange) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileRange.DiscardUnknown(m)
 }
 
-func (m *FileRange) Reset()                    { *m = FileRange{} }
-func (m *FileRange) String() string            { return proto.CompactTextString(m) }
-func (*FileRange) ProtoMessage()               {}
-func (*FileRange) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{9} }
+var xxx_messageInfo_FileRange proto.InternalMessageInfo
 
 func (m *FileRange) GetOffset() int64 {
 	if m != nil {
@@ -438,13 +970,44 @@ func (m *FileRange) GetLength() int64 {
 }
 
 type ReadFileResponse struct {
-	Data []byte `protobuf:"bytes,1,opt,name=Data,proto3" json:"Data,omitempty"`
+	Data                 []byte   `protobuf:"bytes,1,opt,name=Data,proto3" json:"Data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReadFileResponse) Reset()         { *m = ReadFileResponse{} }
+func (m *ReadFileResponse) String() string { return proto.CompactTextString(m) }
+func (*ReadFileResponse) ProtoMessage()    {}
+func (*ReadFileResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{15}
+}
+func (m *ReadFileResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReadFileResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReadFileResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReadFileResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReadFileResponse.Merge(m, src)
+}
+func (m *ReadFileResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReadFileResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReadFileResponse.DiscardUnknown(m)
 }
 
-func (m *ReadFileResponse) Reset()                    { *m = ReadFileResponse{} }
-func (m *ReadFileResponse) String() string            { return proto.CompactTextString(m) }
-func (*ReadFileResponse) ProtoMessage()               {}
-func (*ReadFileResponse) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{10} }
+var xxx_messageInfo_ReadFileResponse proto.InternalMessageInfo
 
 func (m *ReadFileResponse) GetData() []byte {
 	if m != nil {
@@ -454,15 +1017,46 @@ func (m *ReadFileResponse) GetData() []byte {
 }
 
 type ReadDirRequest struct {
-	Ref            string `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
-	DirPath        string `protobuf:"bytes,2,opt,name=DirPath,proto3" json:"DirPath,omitempty"`
-	IncludePattern string `protobuf:"bytes,3,opt,name=IncludePattern,proto3" json:"IncludePattern,omitempty"`
+	Ref                  string   `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
+	DirPath              string   `protobuf:"bytes,2,opt,name=DirPath,proto3" json:"DirPath,omitempty"`
+	IncludePattern       string   `protobuf:"bytes,3,opt,name=IncludePattern,proto3" json:"IncludePattern,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReadDirRequest) Reset()         { *m = ReadDirRequest{} }
+func (m *ReadDirRequest) String() string { return proto.CompactTextString(m) }
+func (*ReadDirRequest) ProtoMessage()    {}
+func (*ReadDirRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{16}
+}
+func (m *ReadDirRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReadDirRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReadDirRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReadDirRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReadDirRequest.Merge(m, src)
+}
+func (m *ReadDirRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReadDirRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReadDirRequest.DiscardUnknown(m)
 }
 
-func (m *ReadDirRequest) Reset()                    { *m = ReadDirRequest{} }
-func (m *ReadDirRequest) String() string            { return proto.CompactTextString(m) }
-func (*ReadDirRequest) ProtoMessage()               {}
-func (*ReadDirRequest) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{11} }
+var xxx_messageInfo_ReadDirRequest proto.InternalMessageInfo
 
 func (m *ReadDirRequest) GetRef() string {
 	if m != nil {
@@ -486,15 +1080,46 @@ func (m *ReadDirRequest) GetIncludePattern() string {
 }
 
 type ReadDirResponse struct {
-	Entries []*fsutil_types.Stat `protobuf:"bytes,1,rep,name=entries" json:"entries,omitempty"`
+	Entries              []*types.Stat `protobuf:"bytes,1,rep,name=entries,proto3" json:"entries,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
+	XXX_unrecognized     []byte        `json:"-"`
+	XXX_sizecache        int32         `json:"-"`
+}
+
+func (m *ReadDirResponse) Reset()         { *m = ReadDirResponse{} }
+func (m *ReadDirResponse) String() string { return proto.CompactTextString(m) }
+func (*ReadDirResponse) ProtoMessage()    {}
+func (*ReadDirResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{17}
+}
+func (m *ReadDirResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReadDirResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReadDirResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ReadDirResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReadDirResponse.Merge(m, src)
+}
+func (m *ReadDirResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReadDirResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReadDirResponse.DiscardUnknown(m)
 }
 
-func (m *ReadDirResponse) Reset()                    { *m = ReadDirResponse{} }
-func (m *ReadDirResponse) String() string            { return proto.CompactTextString(m) }
-func (*ReadDirResponse) ProtoMessage()               {}
-func (*ReadDirResponse) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{12} }
+var xxx_messageInfo_ReadDirResponse proto.InternalMessageInfo
 
-func (m *ReadDirResponse) GetEntries() []*fsutil_types.Stat {
+func (m *ReadDirResponse) GetEntries() []*types.Stat {
 	if m != nil {
 		return m.Entries
 	}
@@ -502,14 +1127,45 @@ func (m *ReadDirResponse) GetEntries() []*fsutil_types.Stat {
 }
 
 type StatFileRequest struct {
-	Ref  string `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
-	Path string `protobuf:"bytes,2,opt,name=Path,proto3" json:"Path,omitempty"`
+	Ref                  string   `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
+	Path                 string   `protobuf:"bytes,2,opt,name=Path,proto3" json:"Path,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StatFileRequest) Reset()         { *m = StatFileRequest{} }
+func (m *StatFileRequest) String() string { return proto.CompactTextString(m) }
+func (*StatFileRequest) ProtoMessage()    {}
+func (*StatFileRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{18}
+}
+func (m *StatFileRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StatFileRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StatFileRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StatFileRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StatFileRequest.Merge(m, src)
+}
+func (m *StatFileRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *StatFileRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_StatFileRequest.DiscardUnknown(m)
 }
 
-func (m *StatFileRequest) Reset()                    { *m = StatFileRequest{} }
-func (m *StatFileRequest) String() string            { return proto.CompactTextString(m) }
-func (*StatFileRequest) ProtoMessage()               {}
-func (*StatFileRequest) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{13} }
+var xxx_messageInfo_StatFileRequest proto.InternalMessageInfo
 
 func (m *StatFileRequest) GetRef() string {
 	if m != nil {
@@ -526,15 +1182,46 @@ func (m *StatFileRequest) GetPath() string {
 }
 
 type StatFileResponse struct {
-	Stat *fsutil_types.Stat `protobuf:"bytes,1,opt,name=stat" json:"stat,omitempty"`
+	Stat                 *types.Stat `protobuf:"bytes,1,opt,name=stat,proto3" json:"stat,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *StatFileResponse) Reset()         { *m = StatFileResponse{} }
+func (m *StatFileResponse) String() string { return proto.CompactTextString(m) }
+func (*StatFileResponse) ProtoMessage()    {}
+func (*StatFileResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{19}
+}
+func (m *StatFileResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StatFileResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StatFileResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *StatFileResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StatFileResponse.Merge(m, src)
+}
+func (m *StatFileResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *StatFileResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_StatFileResponse.DiscardUnknown(m)
 }
 
-func (m *StatFileResponse) Reset()                    { *m = StatFileResponse{} }
-func (m *StatFileResponse) String() string            { return proto.CompactTextString(m) }
-func (*StatFileResponse) ProtoMessage()               {}
-func (*StatFileResponse) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{14} }
+var xxx_messageInfo_StatFileResponse proto.InternalMessageInfo
 
-func (m *StatFileResponse) GetStat() *fsutil_types.Stat {
+func (m *StatFileResponse) GetStat() *types.Stat {
 	if m != nil {
 		return m.Stat
 	}
@@ -542,1302 +1229,6454 @@ func (m *StatFileResponse) GetStat() *fsutil_types.Stat {
 }
 
 type PingRequest struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PingRequest) Reset()         { *m = PingRequest{} }
+func (m *PingRequest) String() string { return proto.CompactTextString(m) }
+func (*PingRequest) ProtoMessage()    {}
+func (*PingRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{20}
+}
+func (m *PingRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PingRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PingRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PingRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PingRequest.Merge(m, src)
+}
+func (m *PingRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *PingRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PingRequest.DiscardUnknown(m)
 }
 
-func (m *PingRequest) Reset()                    { *m = PingRequest{} }
-func (m *PingRequest) String() string            { return proto.CompactTextString(m) }
-func (*PingRequest) ProtoMessage()               {}
-func (*PingRequest) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{15} }
+var xxx_messageInfo_PingRequest proto.InternalMessageInfo
 
 type PongResponse struct {
-	FrontendAPICaps []moby_buildkit_v1_apicaps.APICap      `protobuf:"bytes,1,rep,name=FrontendAPICaps" json:"FrontendAPICaps"`
-	LLBCaps         []moby_buildkit_v1_apicaps.APICap      `protobuf:"bytes,2,rep,name=LLBCaps" json:"LLBCaps"`
-	Workers         []*moby_buildkit_v1_types.WorkerRecord `protobuf:"bytes,3,rep,name=Workers" json:"Workers,omitempty"`
+	FrontendAPICaps      []pb1.APICap           `protobuf:"bytes,1,rep,name=FrontendAPICaps,proto3" json:"FrontendAPICaps"`
+	LLBCaps              []pb1.APICap           `protobuf:"bytes,2,rep,name=LLBCaps,proto3" json:"LLBCaps"`
+	Workers              []*types1.WorkerRecord `protobuf:"bytes,3,rep,name=Workers,proto3" json:"Workers,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
+	XXX_unrecognized     []byte                 `json:"-"`
+	XXX_sizecache        int32                  `json:"-"`
+}
+
+func (m *PongResponse) Reset()         { *m = PongResponse{} }
+func (m *PongResponse) String() string { return proto.CompactTextString(m) }
+func (*PongResponse) ProtoMessage()    {}
+func (*PongResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{21}
+}
+func (m *PongResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PongResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_PongResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *PongResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PongResponse.Merge(m, src)
+}
+func (m *PongResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *PongResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_PongResponse.DiscardUnknown(m)
 }
 
-func (m *PongResponse) Reset()                    { *m = PongResponse{} }
-func (m *PongResponse) String() string            { return proto.CompactTextString(m) }
-func (*PongResponse) ProtoMessage()               {}
-func (*PongResponse) Descriptor() ([]byte, []int) { return fileDescriptorGateway, []int{16} }
+var xxx_messageInfo_PongResponse proto.InternalMessageInfo
 
-func (m *PongResponse) GetFrontendAPICaps() []moby_buildkit_v1_apicaps.APICap {
+func (m *PongResponse) GetFrontendAPICaps() []pb1.APICap {
 	if m != nil {
 		return m.FrontendAPICaps
 	}
 	return nil
 }
 
-func (m *PongResponse) GetLLBCaps() []moby_buildkit_v1_apicaps.APICap {
+func (m *PongResponse) GetLLBCaps() []pb1.APICap {
 	if m != nil {
 		return m.LLBCaps
 	}
 	return nil
 }
 
-func (m *PongResponse) GetWorkers() []*moby_buildkit_v1_types.WorkerRecord {
+func (m *PongResponse) GetWorkers() []*types1.WorkerRecord {
 	if m != nil {
 		return m.Workers
 	}
 	return nil
 }
 
-func init() {
-	proto.RegisterType((*Result)(nil), "moby.buildkit.v1.frontend.Result")
-	proto.RegisterType((*RefMap)(nil), "moby.buildkit.v1.frontend.RefMap")
-	proto.RegisterType((*ReturnRequest)(nil), "moby.buildkit.v1.frontend.ReturnRequest")
-	proto.RegisterType((*ReturnResponse)(nil), "moby.buildkit.v1.frontend.ReturnResponse")
-	proto.RegisterType((*ResolveImageConfigRequest)(nil), "moby.buildkit.v1.frontend.ResolveImageConfigRequest")
-	proto.RegisterType((*ResolveImageConfigResponse)(nil), "moby.buildkit.v1.frontend.ResolveImageConfigResponse")
-	proto.RegisterType((*SolveRequest)(nil), "moby.buildkit.v1.frontend.SolveRequest")
-	proto.RegisterType((*SolveResponse)(nil), "moby.buildkit.v1.frontend.SolveResponse")
-	proto.RegisterType((*ReadFileRequest)(nil), "moby.buildkit.v1.frontend.ReadFileRequest")
-	proto.RegisterType((*FileRange)(nil), "moby.buildkit.v1.frontend.FileRange")
-	proto.RegisterType((*ReadFileResponse)(nil), "moby.buildkit.v1.frontend.ReadFileResponse")
-	proto.RegisterType((*ReadDirRequest)(nil), "moby.buildkit.v1.frontend.ReadDirRequest")
-	proto.RegisterType((*ReadDirResponse)(nil), "moby.buildkit.v1.frontend.ReadDirResponse")
-	proto.RegisterType((*StatFileRequest)(nil), "moby.buildkit.v1.frontend.StatFileRequest")
-	proto.RegisterType((*StatFileResponse)(nil), "moby.buildkit.v1.frontend.StatFileResponse")
-	proto.RegisterType((*PingRequest)(nil), "moby.buildkit.v1.frontend.PingRequest")
-	proto.RegisterType((*PongResponse)(nil), "moby.buildkit.v1.frontend.PongResponse")
+type NewContainerRequest struct {
+	ContainerID string `protobuf:"bytes,1,opt,name=ContainerID,proto3" json:"ContainerID,omitempty"`
+	// For mount input values we can use random identifiers passed with ref
+	Mounts               []*pb.Mount           `protobuf:"bytes,2,rep,name=Mounts,proto3" json:"Mounts,omitempty"`
+	Network              pb.NetMode            `protobuf:"varint,3,opt,name=Network,proto3,enum=pb.NetMode" json:"Network,omitempty"`
+	Platform             *pb.Platform          `protobuf:"bytes,4,opt,name=platform,proto3" json:"platform,omitempty"`
+	Constraints          *pb.WorkerConstraints `protobuf:"bytes,5,opt,name=constraints,proto3" json:"constraints,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
+	XXX_unrecognized     []byte                `json:"-"`
+	XXX_sizecache        int32                 `json:"-"`
+}
+
+func (m *NewContainerRequest) Reset()         { *m = NewContainerRequest{} }
+func (m *NewContainerRequest) String() string { return proto.CompactTextString(m) }
+func (*NewContainerRequest) ProtoMessage()    {}
+func (*NewContainerRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{22}
+}
+func (m *NewContainerRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NewContainerRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NewContainerRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *NewContainerRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NewContainerRequest.Merge(m, src)
+}
+func (m *NewContainerRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *NewContainerRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_NewContainerRequest.DiscardUnknown(m)
 }
 
-// Reference imports to suppress errors if they are not otherwise used.
-var _ context.Context
-var _ grpc.ClientConn
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the grpc package it is being compiled against.
-const _ = grpc.SupportPackageIsVersion4
-
-// Client API for LLBBridge service
+var xxx_messageInfo_NewContainerRequest proto.InternalMessageInfo
 
-type LLBBridgeClient interface {
-	// apicaps:CapResolveImage
-	ResolveImageConfig(ctx context.Context, in *ResolveImageConfigRequest, opts ...grpc.CallOption) (*ResolveImageConfigResponse, error)
-	// apicaps:CapSolveBase
-	Solve(ctx context.Context, in *SolveRequest, opts ...grpc.CallOption) (*SolveResponse, error)
-	// apicaps:CapReadFile
-	ReadFile(ctx context.Context, in *ReadFileRequest, opts ...grpc.CallOption) (*ReadFileResponse, error)
-	// apicaps:CapReadDir
-	ReadDir(ctx context.Context, in *ReadDirRequest, opts ...grpc.CallOption) (*ReadDirResponse, error)
-	// apicaps:CapStatFile
-	StatFile(ctx context.Context, in *StatFileRequest, opts ...grpc.CallOption) (*StatFileResponse, error)
-	Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PongResponse, error)
-	Return(ctx context.Context, in *ReturnRequest, opts ...grpc.CallOption) (*ReturnResponse, error)
+func (m *NewContainerRequest) GetContainerID() string {
+	if m != nil {
+		return m.ContainerID
+	}
+	return ""
 }
 
-type lLBBridgeClient struct {
-	cc *grpc.ClientConn
+func (m *NewContainerRequest) GetMounts() []*pb.Mount {
+	if m != nil {
+		return m.Mounts
+	}
+	return nil
 }
 
-func NewLLBBridgeClient(cc *grpc.ClientConn) LLBBridgeClient {
-	return &lLBBridgeClient{cc}
+func (m *NewContainerRequest) GetNetwork() pb.NetMode {
+	if m != nil {
+		return m.Network
+	}
+	return pb.NetMode_UNSET
 }
 
-func (c *lLBBridgeClient) ResolveImageConfig(ctx context.Context, in *ResolveImageConfigRequest, opts ...grpc.CallOption) (*ResolveImageConfigResponse, error) {
-	out := new(ResolveImageConfigResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/ResolveImageConfig", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *NewContainerRequest) GetPlatform() *pb.Platform {
+	if m != nil {
+		return m.Platform
 	}
-	return out, nil
+	return nil
 }
 
-func (c *lLBBridgeClient) Solve(ctx context.Context, in *SolveRequest, opts ...grpc.CallOption) (*SolveResponse, error) {
-	out := new(SolveResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/Solve", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+func (m *NewContainerRequest) GetConstraints() *pb.WorkerConstraints {
+	if m != nil {
+		return m.Constraints
 	}
-	return out, nil
+	return nil
 }
 
-func (c *lLBBridgeClient) ReadFile(ctx context.Context, in *ReadFileRequest, opts ...grpc.CallOption) (*ReadFileResponse, error) {
-	out := new(ReadFileResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/ReadFile", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+type NewContainerResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *NewContainerResponse) Reset()         { *m = NewContainerResponse{} }
+func (m *NewContainerResponse) String() string { return proto.CompactTextString(m) }
+func (*NewContainerResponse) ProtoMessage()    {}
+func (*NewContainerResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{23}
+}
+func (m *NewContainerResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NewContainerResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_NewContainerResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return out, nil
+}
+func (m *NewContainerResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NewContainerResponse.Merge(m, src)
+}
+func (m *NewContainerResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *NewContainerResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_NewContainerResponse.DiscardUnknown(m)
 }
 
-func (c *lLBBridgeClient) ReadDir(ctx context.Context, in *ReadDirRequest, opts ...grpc.CallOption) (*ReadDirResponse, error) {
-	out := new(ReadDirResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/ReadDir", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+var xxx_messageInfo_NewContainerResponse proto.InternalMessageInfo
+
+type ReleaseContainerRequest struct {
+	ContainerID          string   `protobuf:"bytes,1,opt,name=ContainerID,proto3" json:"ContainerID,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReleaseContainerRequest) Reset()         { *m = ReleaseContainerRequest{} }
+func (m *ReleaseContainerRequest) String() string { return proto.CompactTextString(m) }
+func (*ReleaseContainerRequest) ProtoMessage()    {}
+func (*ReleaseContainerRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{24}
+}
+func (m *ReleaseContainerRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReleaseContainerRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReleaseContainerRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return out, nil
+}
+func (m *ReleaseContainerRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReleaseContainerRequest.Merge(m, src)
+}
+func (m *ReleaseContainerRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReleaseContainerRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReleaseContainerRequest.DiscardUnknown(m)
 }
 
-func (c *lLBBridgeClient) StatFile(ctx context.Context, in *StatFileRequest, opts ...grpc.CallOption) (*StatFileResponse, error) {
-	out := new(StatFileResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/StatFile", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+var xxx_messageInfo_ReleaseContainerRequest proto.InternalMessageInfo
+
+func (m *ReleaseContainerRequest) GetContainerID() string {
+	if m != nil {
+		return m.ContainerID
 	}
-	return out, nil
+	return ""
 }
 
-func (c *lLBBridgeClient) Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PongResponse, error) {
-	out := new(PongResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/Ping", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+type ReleaseContainerResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReleaseContainerResponse) Reset()         { *m = ReleaseContainerResponse{} }
+func (m *ReleaseContainerResponse) String() string { return proto.CompactTextString(m) }
+func (*ReleaseContainerResponse) ProtoMessage()    {}
+func (*ReleaseContainerResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{25}
+}
+func (m *ReleaseContainerResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ReleaseContainerResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ReleaseContainerResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return out, nil
+}
+func (m *ReleaseContainerResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReleaseContainerResponse.Merge(m, src)
+}
+func (m *ReleaseContainerResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ReleaseContainerResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReleaseContainerResponse.DiscardUnknown(m)
 }
 
-func (c *lLBBridgeClient) Return(ctx context.Context, in *ReturnRequest, opts ...grpc.CallOption) (*ReturnResponse, error) {
-	out := new(ReturnResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/Return", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
+var xxx_messageInfo_ReleaseContainerResponse proto.InternalMessageInfo
+
+type ExecMessage struct {
+	ProcessID string `protobuf:"bytes,1,opt,name=ProcessID,proto3" json:"ProcessID,omitempty"`
+	// Types that are valid to be assigned to Input:
+	//	*ExecMessage_Init
+	//	*ExecMessage_File
+	//	*ExecMessage_Resize
+	//	*ExecMessage_Started
+	//	*ExecMessage_Exit
+	//	*ExecMessage_Done
+	Input                isExecMessage_Input `protobuf_oneof:"Input"`
+	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
+	XXX_unrecognized     []byte              `json:"-"`
+	XXX_sizecache        int32               `json:"-"`
+}
+
+func (m *ExecMessage) Reset()         { *m = ExecMessage{} }
+func (m *ExecMessage) String() string { return proto.CompactTextString(m) }
+func (*ExecMessage) ProtoMessage()    {}
+func (*ExecMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{26}
+}
+func (m *ExecMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExecMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ExecMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return out, nil
+}
+func (m *ExecMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExecMessage.Merge(m, src)
+}
+func (m *ExecMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExecMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExecMessage.DiscardUnknown(m)
 }
 
-// Server API for LLBBridge service
+var xxx_messageInfo_ExecMessage proto.InternalMessageInfo
 
-type LLBBridgeServer interface {
-	// apicaps:CapResolveImage
-	ResolveImageConfig(context.Context, *ResolveImageConfigRequest) (*ResolveImageConfigResponse, error)
-	// apicaps:CapSolveBase
-	Solve(context.Context, *SolveRequest) (*SolveResponse, error)
-	// apicaps:CapReadFile
-	ReadFile(context.Context, *ReadFileRequest) (*ReadFileResponse, error)
-	// apicaps:CapReadDir
-	ReadDir(context.Context, *ReadDirRequest) (*ReadDirResponse, error)
-	// apicaps:CapStatFile
-	StatFile(context.Context, *StatFileRequest) (*StatFileResponse, error)
-	Ping(context.Context, *PingRequest) (*PongResponse, error)
-	Return(context.Context, *ReturnRequest) (*ReturnResponse, error)
+type isExecMessage_Input interface {
+	isExecMessage_Input()
+	MarshalTo([]byte) (int, error)
+	Size() int
 }
 
-func RegisterLLBBridgeServer(s *grpc.Server, srv LLBBridgeServer) {
-	s.RegisterService(&_LLBBridge_serviceDesc, srv)
+type ExecMessage_Init struct {
+	Init *InitMessage `protobuf:"bytes,2,opt,name=Init,proto3,oneof" json:"Init,omitempty"`
+}
+type ExecMessage_File struct {
+	File *FdMessage `protobuf:"bytes,3,opt,name=File,proto3,oneof" json:"File,omitempty"`
+}
+type ExecMessage_Resize struct {
+	Resize *ResizeMessage `protobuf:"bytes,4,opt,name=Resize,proto3,oneof" json:"Resize,omitempty"`
+}
+type ExecMessage_Started struct {
+	Started *StartedMessage `protobuf:"bytes,5,opt,name=Started,proto3,oneof" json:"Started,omitempty"`
+}
+type ExecMessage_Exit struct {
+	Exit *ExitMessage `protobuf:"bytes,6,opt,name=Exit,proto3,oneof" json:"Exit,omitempty"`
+}
+type ExecMessage_Done struct {
+	Done *DoneMessage `protobuf:"bytes,7,opt,name=Done,proto3,oneof" json:"Done,omitempty"`
 }
 
-func _LLBBridge_ResolveImageConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ResolveImageConfigRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(LLBBridgeServer).ResolveImageConfig(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/ResolveImageConfig",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(LLBBridgeServer).ResolveImageConfig(ctx, req.(*ResolveImageConfigRequest))
+func (*ExecMessage_Init) isExecMessage_Input()    {}
+func (*ExecMessage_File) isExecMessage_Input()    {}
+func (*ExecMessage_Resize) isExecMessage_Input()  {}
+func (*ExecMessage_Started) isExecMessage_Input() {}
+func (*ExecMessage_Exit) isExecMessage_Input()    {}
+func (*ExecMessage_Done) isExecMessage_Input()    {}
+
+func (m *ExecMessage) GetInput() isExecMessage_Input {
+	if m != nil {
+		return m.Input
 	}
-	return interceptor(ctx, in, info, handler)
+	return nil
 }
 
-func _LLBBridge_Solve_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(SolveRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(LLBBridgeServer).Solve(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/Solve",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(LLBBridgeServer).Solve(ctx, req.(*SolveRequest))
+func (m *ExecMessage) GetProcessID() string {
+	if m != nil {
+		return m.ProcessID
 	}
-	return interceptor(ctx, in, info, handler)
+	return ""
 }
 
-func _LLBBridge_ReadFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ReadFileRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(LLBBridgeServer).ReadFile(ctx, in)
+func (m *ExecMessage) GetInit() *InitMessage {
+	if x, ok := m.GetInput().(*ExecMessage_Init); ok {
+		return x.Init
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/ReadFile",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(LLBBridgeServer).ReadFile(ctx, req.(*ReadFileRequest))
-	}
-	return interceptor(ctx, in, info, handler)
+	return nil
 }
 
-func _LLBBridge_ReadDir_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ReadDirRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(LLBBridgeServer).ReadDir(ctx, in)
+func (m *ExecMessage) GetFile() *FdMessage {
+	if x, ok := m.GetInput().(*ExecMessage_File); ok {
+		return x.File
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/ReadDir",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(LLBBridgeServer).ReadDir(ctx, req.(*ReadDirRequest))
+	return nil
+}
+
+func (m *ExecMessage) GetResize() *ResizeMessage {
+	if x, ok := m.GetInput().(*ExecMessage_Resize); ok {
+		return x.Resize
 	}
-	return interceptor(ctx, in, info, handler)
+	return nil
 }
 
-func _LLBBridge_StatFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(StatFileRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+func (m *ExecMessage) GetStarted() *StartedMessage {
+	if x, ok := m.GetInput().(*ExecMessage_Started); ok {
+		return x.Started
 	}
-	if interceptor == nil {
-		return srv.(LLBBridgeServer).StatFile(ctx, in)
+	return nil
+}
+
+func (m *ExecMessage) GetExit() *ExitMessage {
+	if x, ok := m.GetInput().(*ExecMessage_Exit); ok {
+		return x.Exit
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/StatFile",
+	return nil
+}
+
+func (m *ExecMessage) GetDone() *DoneMessage {
+	if x, ok := m.GetInput().(*ExecMessage_Done); ok {
+		return x.Done
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(LLBBridgeServer).StatFile(ctx, req.(*StatFileRequest))
+	return nil
+}
+
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*ExecMessage) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*ExecMessage_Init)(nil),
+		(*ExecMessage_File)(nil),
+		(*ExecMessage_Resize)(nil),
+		(*ExecMessage_Started)(nil),
+		(*ExecMessage_Exit)(nil),
+		(*ExecMessage_Done)(nil),
+	}
+}
+
+type InitMessage struct {
+	ContainerID          string          `protobuf:"bytes,1,opt,name=ContainerID,proto3" json:"ContainerID,omitempty"`
+	Meta                 *pb.Meta        `protobuf:"bytes,2,opt,name=Meta,proto3" json:"Meta,omitempty"`
+	Fds                  []uint32        `protobuf:"varint,3,rep,packed,name=Fds,proto3" json:"Fds,omitempty"`
+	Tty                  bool            `protobuf:"varint,4,opt,name=Tty,proto3" json:"Tty,omitempty"`
+	Security             pb.SecurityMode `protobuf:"varint,5,opt,name=Security,proto3,enum=pb.SecurityMode" json:"Security,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *InitMessage) Reset()         { *m = InitMessage{} }
+func (m *InitMessage) String() string { return proto.CompactTextString(m) }
+func (*InitMessage) ProtoMessage()    {}
+func (*InitMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{27}
+}
+func (m *InitMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *InitMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_InitMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
 	}
-	return interceptor(ctx, in, info, handler)
+}
+func (m *InitMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_InitMessage.Merge(m, src)
+}
+func (m *InitMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *InitMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_InitMessage.DiscardUnknown(m)
 }
 
-func _LLBBridge_Ping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(PingRequest)
-	if err := dec(in); err != nil {
-		return nil, err
+var xxx_messageInfo_InitMessage proto.InternalMessageInfo
+
+func (m *InitMessage) GetContainerID() string {
+	if m != nil {
+		return m.ContainerID
 	}
-	if interceptor == nil {
-		return srv.(LLBBridgeServer).Ping(ctx, in)
+	return ""
+}
+
+func (m *InitMessage) GetMeta() *pb.Meta {
+	if m != nil {
+		return m.Meta
 	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/Ping",
+	return nil
+}
+
+func (m *InitMessage) GetFds() []uint32 {
+	if m != nil {
+		return m.Fds
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(LLBBridgeServer).Ping(ctx, req.(*PingRequest))
+	return nil
+}
+
+func (m *InitMessage) GetTty() bool {
+	if m != nil {
+		return m.Tty
 	}
-	return interceptor(ctx, in, info, handler)
+	return false
 }
 
-func _LLBBridge_Return_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ReturnRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(LLBBridgeServer).Return(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/Return",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(LLBBridgeServer).Return(ctx, req.(*ReturnRequest))
+func (m *InitMessage) GetSecurity() pb.SecurityMode {
+	if m != nil {
+		return m.Security
 	}
-	return interceptor(ctx, in, info, handler)
+	return pb.SecurityMode_SANDBOX
 }
 
-var _LLBBridge_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "moby.buildkit.v1.frontend.LLBBridge",
-	HandlerType: (*LLBBridgeServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "ResolveImageConfig",
-			Handler:    _LLBBridge_ResolveImageConfig_Handler,
-		},
-		{
-			MethodName: "Solve",
-			Handler:    _LLBBridge_Solve_Handler,
-		},
-		{
-			MethodName: "ReadFile",
-			Handler:    _LLBBridge_ReadFile_Handler,
-		},
-		{
-			MethodName: "ReadDir",
-			Handler:    _LLBBridge_ReadDir_Handler,
-		},
-		{
-			MethodName: "StatFile",
-			Handler:    _LLBBridge_StatFile_Handler,
-		},
-		{
-			MethodName: "Ping",
-			Handler:    _LLBBridge_Ping_Handler,
-		},
-		{
-			MethodName: "Return",
-			Handler:    _LLBBridge_Return_Handler,
-		},
-	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "gateway.proto",
+type ExitMessage struct {
+	Code                 uint32      `protobuf:"varint,1,opt,name=Code,proto3" json:"Code,omitempty"`
+	Error                *rpc.Status `protobuf:"bytes,2,opt,name=Error,proto3" json:"Error,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
 }
 
-func (m *Result) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+func (m *ExitMessage) Reset()         { *m = ExitMessage{} }
+func (m *ExitMessage) String() string { return proto.CompactTextString(m) }
+func (*ExitMessage) ProtoMessage()    {}
+func (*ExitMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{28}
 }
-
-func (m *Result) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Result != nil {
-		nn1, err := m.Result.MarshalTo(dAtA[i:])
+func (m *ExitMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExitMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ExitMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
 		if err != nil {
-			return 0, err
+			return nil, err
 		}
-		i += nn1
+		return b[:n], nil
 	}
-	if len(m.Metadata) > 0 {
-		for k, _ := range m.Metadata {
-			dAtA[i] = 0x52
-			i++
-			v := m.Metadata[k]
-			byteSize := 0
-			if len(v) > 0 {
-				byteSize = 1 + len(v) + sovGateway(uint64(len(v)))
-			}
-			mapSize := 1 + len(k) + sovGateway(uint64(len(k))) + byteSize
-			i = encodeVarintGateway(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			if len(v) > 0 {
-				dAtA[i] = 0x12
-				i++
-				i = encodeVarintGateway(dAtA, i, uint64(len(v)))
-				i += copy(dAtA[i:], v)
-			}
-		}
-	}
-	return i, nil
 }
-
-func (m *Result_Ref) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
-	i += copy(dAtA[i:], m.Ref)
-	return i, nil
+func (m *ExitMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExitMessage.Merge(m, src)
 }
-func (m *Result_Refs) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	if m.Refs != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Refs.Size()))
-		n2, err := m.Refs.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n2
-	}
-	return i, nil
+func (m *ExitMessage) XXX_Size() int {
+	return m.Size()
 }
-func (m *RefMap) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+func (m *ExitMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExitMessage.DiscardUnknown(m)
 }
 
-func (m *RefMap) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Refs) > 0 {
-		for k, _ := range m.Refs {
-			dAtA[i] = 0xa
-			i++
-			v := m.Refs[k]
-			mapSize := 1 + len(k) + sovGateway(uint64(len(k))) + 1 + len(v) + sovGateway(uint64(len(v)))
-			i = encodeVarintGateway(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+var xxx_messageInfo_ExitMessage proto.InternalMessageInfo
+
+func (m *ExitMessage) GetCode() uint32 {
+	if m != nil {
+		return m.Code
 	}
-	return i, nil
+	return 0
 }
 
-func (m *ReturnRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *ExitMessage) GetError() *rpc.Status {
+	if m != nil {
+		return m.Error
 	}
-	return dAtA[:n], nil
+	return nil
 }
 
-func (m *ReturnRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Result != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Result.Size()))
-		n3, err := m.Result.MarshalTo(dAtA[i:])
+type StartedMessage struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StartedMessage) Reset()         { *m = StartedMessage{} }
+func (m *StartedMessage) String() string { return proto.CompactTextString(m) }
+func (*StartedMessage) ProtoMessage()    {}
+func (*StartedMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{29}
+}
+func (m *StartedMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *StartedMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_StartedMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
 		if err != nil {
-			return 0, err
+			return nil, err
 		}
-		i += n3
+		return b[:n], nil
 	}
-	if m.Error != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Error.Size()))
-		n4, err := m.Error.MarshalTo(dAtA[i:])
+}
+func (m *StartedMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StartedMessage.Merge(m, src)
+}
+func (m *StartedMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *StartedMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_StartedMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_StartedMessage proto.InternalMessageInfo
+
+type DoneMessage struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DoneMessage) Reset()         { *m = DoneMessage{} }
+func (m *DoneMessage) String() string { return proto.CompactTextString(m) }
+func (*DoneMessage) ProtoMessage()    {}
+func (*DoneMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{30}
+}
+func (m *DoneMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *DoneMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_DoneMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
 		if err != nil {
-			return 0, err
+			return nil, err
 		}
-		i += n4
+		return b[:n], nil
 	}
-	return i, nil
 }
-
-func (m *ReturnResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+func (m *DoneMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DoneMessage.Merge(m, src)
 }
-
-func (m *ReturnResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	return i, nil
+func (m *DoneMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *DoneMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_DoneMessage.DiscardUnknown(m)
 }
 
-func (m *ResolveImageConfigRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+var xxx_messageInfo_DoneMessage proto.InternalMessageInfo
+
+type FdMessage struct {
+	Fd                   uint32   `protobuf:"varint,1,opt,name=Fd,proto3" json:"Fd,omitempty"`
+	EOF                  bool     `protobuf:"varint,2,opt,name=EOF,proto3" json:"EOF,omitempty"`
+	Data                 []byte   `protobuf:"bytes,3,opt,name=Data,proto3" json:"Data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *ResolveImageConfigRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
-	}
-	if m.Platform != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Platform.Size()))
-		n5, err := m.Platform.MarshalTo(dAtA[i:])
+func (m *FdMessage) Reset()         { *m = FdMessage{} }
+func (m *FdMessage) String() string { return proto.CompactTextString(m) }
+func (*FdMessage) ProtoMessage()    {}
+func (*FdMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{31}
+}
+func (m *FdMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FdMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_FdMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
 		if err != nil {
-			return 0, err
+			return nil, err
 		}
-		i += n5
-	}
-	if len(m.ResolveMode) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.ResolveMode)))
-		i += copy(dAtA[i:], m.ResolveMode)
-	}
-	if len(m.LogName) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.LogName)))
-		i += copy(dAtA[i:], m.LogName)
+		return b[:n], nil
 	}
-	return i, nil
+}
+func (m *FdMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FdMessage.Merge(m, src)
+}
+func (m *FdMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *FdMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_FdMessage.DiscardUnknown(m)
 }
 
-func (m *ResolveImageConfigResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+var xxx_messageInfo_FdMessage proto.InternalMessageInfo
+
+func (m *FdMessage) GetFd() uint32 {
+	if m != nil {
+		return m.Fd
 	}
-	return dAtA[:n], nil
+	return 0
 }
 
-func (m *ResolveImageConfigResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
-	}
-	if len(m.Config) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Config)))
-		i += copy(dAtA[i:], m.Config)
+func (m *FdMessage) GetEOF() bool {
+	if m != nil {
+		return m.EOF
 	}
-	return i, nil
+	return false
 }
 
-func (m *SolveRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *FdMessage) GetData() []byte {
+	if m != nil {
+		return m.Data
 	}
-	return dAtA[:n], nil
+	return nil
 }
 
-func (m *SolveRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Definition != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Definition.Size()))
-		n6, err := m.Definition.MarshalTo(dAtA[i:])
+type ResizeMessage struct {
+	Rows                 uint32   `protobuf:"varint,1,opt,name=Rows,proto3" json:"Rows,omitempty"`
+	Cols                 uint32   `protobuf:"varint,2,opt,name=Cols,proto3" json:"Cols,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ResizeMessage) Reset()         { *m = ResizeMessage{} }
+func (m *ResizeMessage) String() string { return proto.CompactTextString(m) }
+func (*ResizeMessage) ProtoMessage()    {}
+func (*ResizeMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f1a937782ebbded5, []int{32}
+}
+func (m *ResizeMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResizeMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResizeMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
 		if err != nil {
-			return 0, err
+			return nil, err
 		}
-		i += n6
-	}
-	if len(m.Frontend) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Frontend)))
-		i += copy(dAtA[i:], m.Frontend)
+		return b[:n], nil
 	}
-	if len(m.FrontendOpt) > 0 {
-		for k, _ := range m.FrontendOpt {
-			dAtA[i] = 0x1a
-			i++
-			v := m.FrontendOpt[k]
-			mapSize := 1 + len(k) + sovGateway(uint64(len(k))) + 1 + len(v) + sovGateway(uint64(len(v)))
-			i = encodeVarintGateway(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+}
+func (m *ResizeMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResizeMessage.Merge(m, src)
+}
+func (m *ResizeMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResizeMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResizeMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ResizeMessage proto.InternalMessageInfo
+
+func (m *ResizeMessage) GetRows() uint32 {
+	if m != nil {
+		return m.Rows
 	}
-	if len(m.ImportCacheRefs) > 0 {
-		for _, s := range m.ImportCacheRefs {
-			dAtA[i] = 0x22
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	return 0
+}
+
+func (m *ResizeMessage) GetCols() uint32 {
+	if m != nil {
+		return m.Cols
 	}
-	if m.AllowResultReturn {
-		dAtA[i] = 0x28
-		i++
-		if m.AllowResultReturn {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
-	}
-	if m.Final {
-		dAtA[i] = 0x50
-		i++
-		if m.Final {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
-	}
-	if len(m.ExporterAttr) > 0 {
-		dAtA[i] = 0x5a
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.ExporterAttr)))
-		i += copy(dAtA[i:], m.ExporterAttr)
-	}
-	return i, nil
+	return 0
 }
 
-func (m *SolveResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+func init() {
+	proto.RegisterType((*Result)(nil), "moby.buildkit.v1.frontend.Result")
+	proto.RegisterMapType((map[string][]byte)(nil), "moby.buildkit.v1.frontend.Result.MetadataEntry")
+	proto.RegisterType((*RefMapDeprecated)(nil), "moby.buildkit.v1.frontend.RefMapDeprecated")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.frontend.RefMapDeprecated.RefsEntry")
+	proto.RegisterType((*Ref)(nil), "moby.buildkit.v1.frontend.Ref")
+	proto.RegisterType((*RefMap)(nil), "moby.buildkit.v1.frontend.RefMap")
+	proto.RegisterMapType((map[string]*Ref)(nil), "moby.buildkit.v1.frontend.RefMap.RefsEntry")
+	proto.RegisterType((*ReturnRequest)(nil), "moby.buildkit.v1.frontend.ReturnRequest")
+	proto.RegisterType((*ReturnResponse)(nil), "moby.buildkit.v1.frontend.ReturnResponse")
+	proto.RegisterType((*InputsRequest)(nil), "moby.buildkit.v1.frontend.InputsRequest")
+	proto.RegisterType((*InputsResponse)(nil), "moby.buildkit.v1.frontend.InputsResponse")
+	proto.RegisterMapType((map[string]*pb.Definition)(nil), "moby.buildkit.v1.frontend.InputsResponse.DefinitionsEntry")
+	proto.RegisterType((*ResolveImageConfigRequest)(nil), "moby.buildkit.v1.frontend.ResolveImageConfigRequest")
+	proto.RegisterType((*ResolveImageConfigResponse)(nil), "moby.buildkit.v1.frontend.ResolveImageConfigResponse")
+	proto.RegisterType((*SolveRequest)(nil), "moby.buildkit.v1.frontend.SolveRequest")
+	proto.RegisterMapType((map[string]*pb.Definition)(nil), "moby.buildkit.v1.frontend.SolveRequest.FrontendInputsEntry")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.frontend.SolveRequest.FrontendOptEntry")
+	proto.RegisterType((*CacheOptionsEntry)(nil), "moby.buildkit.v1.frontend.CacheOptionsEntry")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.v1.frontend.CacheOptionsEntry.AttrsEntry")
+	proto.RegisterType((*SolveResponse)(nil), "moby.buildkit.v1.frontend.SolveResponse")
+	proto.RegisterType((*ReadFileRequest)(nil), "moby.buildkit.v1.frontend.ReadFileRequest")
+	proto.RegisterType((*FileRange)(nil), "moby.buildkit.v1.frontend.FileRange")
+	proto.RegisterType((*ReadFileResponse)(nil), "moby.buildkit.v1.frontend.ReadFileResponse")
+	proto.RegisterType((*ReadDirRequest)(nil), "moby.buildkit.v1.frontend.ReadDirRequest")
+	proto.RegisterType((*ReadDirResponse)(nil), "moby.buildkit.v1.frontend.ReadDirResponse")
+	proto.RegisterType((*StatFileRequest)(nil), "moby.buildkit.v1.frontend.StatFileRequest")
+	proto.RegisterType((*StatFileResponse)(nil), "moby.buildkit.v1.frontend.StatFileResponse")
+	proto.RegisterType((*PingRequest)(nil), "moby.buildkit.v1.frontend.PingRequest")
+	proto.RegisterType((*PongResponse)(nil), "moby.buildkit.v1.frontend.PongResponse")
+	proto.RegisterType((*NewContainerRequest)(nil), "moby.buildkit.v1.frontend.NewContainerRequest")
+	proto.RegisterType((*NewContainerResponse)(nil), "moby.buildkit.v1.frontend.NewContainerResponse")
+	proto.RegisterType((*ReleaseContainerRequest)(nil), "moby.buildkit.v1.frontend.ReleaseContainerRequest")
+	proto.RegisterType((*ReleaseContainerResponse)(nil), "moby.buildkit.v1.frontend.ReleaseContainerResponse")
+	proto.RegisterType((*ExecMessage)(nil), "moby.buildkit.v1.frontend.ExecMessage")
+	proto.RegisterType((*InitMessage)(nil), "moby.buildkit.v1.frontend.InitMessage")
+	proto.RegisterType((*ExitMessage)(nil), "moby.buildkit.v1.frontend.ExitMessage")
+	proto.RegisterType((*StartedMessage)(nil), "moby.buildkit.v1.frontend.StartedMessage")
+	proto.RegisterType((*DoneMessage)(nil), "moby.buildkit.v1.frontend.DoneMessage")
+	proto.RegisterType((*FdMessage)(nil), "moby.buildkit.v1.frontend.FdMessage")
+	proto.RegisterType((*ResizeMessage)(nil), "moby.buildkit.v1.frontend.ResizeMessage")
+}
+
+func init() { proto.RegisterFile("gateway.proto", fileDescriptor_f1a937782ebbded5) }
+
+var fileDescriptor_f1a937782ebbded5 = []byte{
+	// 1909 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x58, 0x4f, 0x6f, 0x1b, 0xc7,
+	0x15, 0xd7, 0x8a, 0xa4, 0x48, 0x3e, 0xfe, 0x31, 0x33, 0x4e, 0x53, 0x7a, 0x11, 0x38, 0xcc, 0x22,
+	0x55, 0x69, 0x47, 0x59, 0xa6, 0x74, 0x02, 0xb9, 0x72, 0x90, 0xd4, 0x94, 0x28, 0x58, 0x8d, 0x24,
+	0xab, 0xe3, 0x14, 0x06, 0x82, 0x14, 0xe8, 0x8a, 0x3b, 0xa4, 0x17, 0xa6, 0x76, 0xb7, 0xb3, 0x43,
+	0xcb, 0x4c, 0x2e, 0xed, 0xad, 0xf7, 0x02, 0xbd, 0x16, 0xe8, 0x27, 0xe8, 0xa5, 0xd7, 0x9e, 0x73,
+	0xec, 0xb9, 0x07, 0xa3, 0x10, 0xfa, 0x11, 0x7a, 0x6f, 0xf1, 0x66, 0x67, 0xc8, 0x25, 0x45, 0x2d,
+	0x49, 0xe4, 0xc4, 0x99, 0xb7, 0xef, 0xf7, 0xe6, 0xfd, 0x9b, 0xf7, 0xde, 0x10, 0x2a, 0x03, 0x47,
+	0xb0, 0x4b, 0x67, 0x6c, 0x87, 0x3c, 0x10, 0x01, 0xb9, 0x73, 0x11, 0x9c, 0x8f, 0xed, 0xf3, 0x91,
+	0x37, 0x74, 0x5f, 0x7a, 0xc2, 0x7e, 0xf5, 0x33, 0xbb, 0xcf, 0x03, 0x5f, 0x30, 0xdf, 0x35, 0x3f,
+	0x1a, 0x78, 0xe2, 0xc5, 0xe8, 0xdc, 0xee, 0x05, 0x17, 0xad, 0x41, 0x30, 0x08, 0x5a, 0x12, 0x71,
+	0x3e, 0xea, 0xcb, 0x9d, 0xdc, 0xc8, 0x55, 0x2c, 0xc9, 0x6c, 0xcf, 0xb3, 0x0f, 0x82, 0x60, 0x30,
+	0x64, 0x4e, 0xe8, 0x45, 0x6a, 0xd9, 0xe2, 0x61, 0xaf, 0x15, 0x09, 0x47, 0x8c, 0x22, 0x85, 0xd9,
+	0x49, 0x60, 0x50, 0x91, 0x96, 0x56, 0xa4, 0x15, 0x05, 0xc3, 0x57, 0x8c, 0xb7, 0xc2, 0xf3, 0x56,
+	0x10, 0x6a, 0xee, 0xd6, 0x8d, 0xdc, 0x4e, 0xe8, 0xb5, 0xc4, 0x38, 0x64, 0x51, 0xeb, 0x32, 0xe0,
+	0x2f, 0x19, 0x57, 0x80, 0x07, 0x37, 0x02, 0x46, 0xc2, 0x1b, 0x22, 0xaa, 0xe7, 0x84, 0x11, 0x1e,
+	0x82, 0xbf, 0x0a, 0x94, 0x34, 0x5b, 0x04, 0xbe, 0x17, 0x09, 0xcf, 0x1b, 0x78, 0xad, 0x7e, 0x24,
+	0x31, 0xf1, 0x29, 0x68, 0x44, 0xcc, 0x6e, 0xfd, 0x31, 0x03, 0x5b, 0x94, 0x45, 0xa3, 0xa1, 0x20,
+	0xdb, 0x50, 0xe1, 0xac, 0x7f, 0xc0, 0x42, 0xce, 0x7a, 0x8e, 0x60, 0x6e, 0xdd, 0x68, 0x18, 0xcd,
+	0xe2, 0x93, 0x0d, 0x3a, 0x4b, 0x26, 0xbf, 0x86, 0x2a, 0x67, 0xfd, 0x28, 0xc1, 0xb8, 0xd9, 0x30,
+	0x9a, 0xa5, 0xf6, 0x87, 0xf6, 0x8d, 0xc1, 0xb0, 0x29, 0xeb, 0x9f, 0x38, 0xe1, 0x14, 0xf2, 0x64,
+	0x83, 0xce, 0x09, 0x21, 0x6d, 0xc8, 0x70, 0xd6, 0xaf, 0x67, 0xa4, 0xac, 0xbb, 0xe9, 0xb2, 0x9e,
+	0x6c, 0x50, 0x64, 0x26, 0xbb, 0x90, 0x45, 0x29, 0xf5, 0xac, 0x04, 0xbd, 0xbf, 0x54, 0x81, 0x27,
+	0x1b, 0x54, 0x02, 0xc8, 0x97, 0x50, 0xb8, 0x60, 0xc2, 0x71, 0x1d, 0xe1, 0xd4, 0xa1, 0x91, 0x69,
+	0x96, 0xda, 0xad, 0x54, 0x30, 0x3a, 0xc8, 0x3e, 0x51, 0x88, 0xae, 0x2f, 0xf8, 0x98, 0x4e, 0x04,
+	0x98, 0x8f, 0xa0, 0x32, 0xf3, 0x89, 0xd4, 0x20, 0xf3, 0x92, 0x8d, 0x63, 0xff, 0x51, 0x5c, 0x92,
+	0xb7, 0x21, 0xf7, 0xca, 0x19, 0x8e, 0x98, 0x74, 0x55, 0x99, 0xc6, 0x9b, 0xbd, 0xcd, 0x87, 0x46,
+	0xa7, 0x00, 0x5b, 0x5c, 0x8a, 0xb7, 0xfe, 0x6c, 0x40, 0x6d, 0xde, 0x4f, 0xe4, 0x48, 0x59, 0x68,
+	0x48, 0x25, 0x3f, 0x5d, 0xc3, 0xc5, 0x48, 0x88, 0x62, 0x55, 0xa5, 0x08, 0x73, 0x17, 0x8a, 0x13,
+	0xd2, 0x32, 0x15, 0x8b, 0x09, 0x15, 0xad, 0x5d, 0xc8, 0x50, 0xd6, 0x27, 0x55, 0xd8, 0xf4, 0x54,
+	0x52, 0xd0, 0x4d, 0xcf, 0x25, 0x0d, 0xc8, 0xb8, 0xac, 0xaf, 0x82, 0x5f, 0xb5, 0xc3, 0x73, 0xfb,
+	0x80, 0xf5, 0x3d, 0xdf, 0x13, 0x5e, 0xe0, 0x53, 0xfc, 0x64, 0xfd, 0xd5, 0xc0, 0xe4, 0x42, 0xb5,
+	0xc8, 0x17, 0x33, 0x76, 0x2c, 0x4f, 0x95, 0x6b, 0xda, 0x3f, 0x4f, 0xd7, 0xfe, 0x93, 0xa4, 0xf6,
+	0x4b, 0xf3, 0x27, 0x69, 0x9d, 0x80, 0x0a, 0x65, 0x62, 0xc4, 0x7d, 0xca, 0x7e, 0x37, 0x62, 0x91,
+	0x20, 0x3f, 0xd7, 0x11, 0x91, 0xf2, 0x97, 0xa5, 0x15, 0x32, 0x52, 0x05, 0x20, 0x4d, 0xc8, 0x31,
+	0xce, 0x03, 0xae, 0xb4, 0x20, 0x76, 0x5c, 0x39, 0x6c, 0x1e, 0xf6, 0xec, 0x67, 0xb2, 0x72, 0xd0,
+	0x98, 0xc1, 0xaa, 0x41, 0x55, 0x9f, 0x1a, 0x85, 0x81, 0x1f, 0x31, 0xeb, 0x16, 0x54, 0x8e, 0xfc,
+	0x70, 0x24, 0x22, 0xa5, 0x87, 0xf5, 0x0f, 0x03, 0xaa, 0x9a, 0x12, 0xf3, 0x90, 0x6f, 0xa0, 0x34,
+	0xf5, 0xb1, 0x76, 0xe6, 0x5e, 0x8a, 0x7e, 0xb3, 0xf8, 0x44, 0x80, 0x94, 0x6f, 0x93, 0xe2, 0xcc,
+	0x53, 0xa8, 0xcd, 0x33, 0x2c, 0xf0, 0xf4, 0x07, 0xb3, 0x9e, 0x9e, 0x0f, 0x7c, 0xc2, 0xb3, 0x7f,
+	0x32, 0xe0, 0x0e, 0x65, 0xb2, 0x14, 0x1e, 0x5d, 0x38, 0x03, 0xb6, 0x1f, 0xf8, 0x7d, 0x6f, 0xa0,
+	0xdd, 0x5c, 0x93, 0x59, 0xa5, 0x25, 0x63, 0x82, 0x35, 0xa1, 0x70, 0x36, 0x74, 0x44, 0x3f, 0xe0,
+	0x17, 0x4a, 0x78, 0x19, 0x85, 0x6b, 0x1a, 0x9d, 0x7c, 0x25, 0x0d, 0x28, 0x29, 0xc1, 0x27, 0x81,
+	0xcb, 0x64, 0xcd, 0x28, 0xd2, 0x24, 0x89, 0xd4, 0x21, 0x7f, 0x1c, 0x0c, 0x4e, 0x9d, 0x0b, 0x26,
+	0x8b, 0x43, 0x91, 0xea, 0xad, 0xf5, 0x7b, 0x03, 0xcc, 0x45, 0x5a, 0x29, 0x17, 0xff, 0x12, 0xb6,
+	0x0e, 0xbc, 0x01, 0x8b, 0xe2, 0xe8, 0x17, 0x3b, 0xed, 0xef, 0xdf, 0xbc, 0xb7, 0xf1, 0xaf, 0x37,
+	0xef, 0xdd, 0x4f, 0xd4, 0xd5, 0x20, 0x64, 0x7e, 0x2f, 0xf0, 0x85, 0xe3, 0xf9, 0x8c, 0x63, 0x7b,
+	0xf8, 0xc8, 0x95, 0x10, 0x3b, 0x46, 0x52, 0x25, 0x81, 0xbc, 0x03, 0x5b, 0xb1, 0x74, 0x75, 0xed,
+	0xd5, 0xce, 0xfa, 0x6f, 0x0e, 0xca, 0xcf, 0x50, 0x01, 0xed, 0x0b, 0x1b, 0x60, 0xea, 0x42, 0x95,
+	0x76, 0xf3, 0x8e, 0x4d, 0x70, 0x10, 0x13, 0x0a, 0x87, 0x2a, 0xc4, 0xea, 0xba, 0x4e, 0xf6, 0xe4,
+	0x6b, 0x28, 0xe9, 0xf5, 0xd3, 0x50, 0xd4, 0x33, 0x32, 0x47, 0x1e, 0xa6, 0xe4, 0x48, 0x52, 0x13,
+	0x3b, 0x01, 0x55, 0x19, 0x92, 0xa0, 0x90, 0xcf, 0xe0, 0xce, 0xd1, 0x45, 0x18, 0x70, 0xb1, 0xef,
+	0xf4, 0x5e, 0x30, 0x3a, 0xdb, 0x05, 0xb2, 0x8d, 0x4c, 0xb3, 0x48, 0x6f, 0x66, 0x20, 0x3b, 0xf0,
+	0x96, 0x33, 0x1c, 0x06, 0x97, 0xea, 0xd2, 0xc8, 0xf4, 0xaf, 0xe7, 0x1a, 0x46, 0xb3, 0x40, 0xaf,
+	0x7f, 0x20, 0x1f, 0xc3, 0xed, 0x04, 0xf1, 0x31, 0xe7, 0xce, 0x18, 0xf3, 0x65, 0x4b, 0xf2, 0x2f,
+	0xfa, 0x84, 0x15, 0xec, 0xd0, 0xf3, 0x9d, 0x61, 0x1d, 0x24, 0x4f, 0xbc, 0x21, 0x16, 0x94, 0xbb,
+	0xaf, 0x51, 0x25, 0xc6, 0x1f, 0x0b, 0xc1, 0xeb, 0x25, 0x19, 0x8a, 0x19, 0x1a, 0x39, 0x83, 0xb2,
+	0x54, 0x38, 0xd6, 0x3d, 0xaa, 0x97, 0xa5, 0xd3, 0x76, 0x52, 0x9c, 0x26, 0xd9, 0x9f, 0x86, 0x89,
+	0xab, 0x34, 0x23, 0x81, 0xf4, 0xa0, 0xaa, 0x1d, 0x17, 0xdf, 0xc1, 0x7a, 0x45, 0xca, 0x7c, 0xb4,
+	0x6e, 0x20, 0x62, 0x74, 0x7c, 0xc4, 0x9c, 0x48, 0x4c, 0x83, 0x2e, 0x5e, 0x37, 0x47, 0xb0, 0x7a,
+	0x55, 0xda, 0x3c, 0xd9, 0x9b, 0x9f, 0x43, 0x6d, 0x3e, 0x96, 0xeb, 0x14, 0x7d, 0xf3, 0x57, 0x70,
+	0x7b, 0x81, 0x0a, 0x3f, 0xa8, 0x1e, 0xfc, 0xcd, 0x80, 0xb7, 0xae, 0xf9, 0x8d, 0x10, 0xc8, 0x7e,
+	0x35, 0x0e, 0x99, 0x12, 0x29, 0xd7, 0xe4, 0x04, 0x72, 0x18, 0x97, 0xa8, 0xbe, 0x29, 0x9d, 0xb6,
+	0xbb, 0x4e, 0x20, 0x6c, 0x89, 0x8c, 0x1d, 0x16, 0x4b, 0x31, 0x1f, 0x02, 0x4c, 0x89, 0x6b, 0xb5,
+	0xbe, 0x6f, 0xa0, 0xa2, 0xa2, 0xa2, 0xca, 0x43, 0x2d, 0x9e, 0x52, 0x14, 0x18, 0x67, 0x90, 0x69,
+	0xbb, 0xc8, 0xac, 0xd9, 0x2e, 0xac, 0xef, 0xe0, 0x16, 0x65, 0x8e, 0x7b, 0xe8, 0x0d, 0xd9, 0xcd,
+	0x55, 0x11, 0xef, 0xba, 0x37, 0x64, 0x67, 0x8e, 0x78, 0x31, 0xb9, 0xeb, 0x6a, 0x4f, 0xf6, 0x20,
+	0x47, 0x1d, 0x7f, 0xc0, 0xd4, 0xd1, 0x1f, 0xa4, 0x1c, 0x2d, 0x0f, 0x41, 0x5e, 0x1a, 0x43, 0xac,
+	0x47, 0x50, 0x9c, 0xd0, 0xb0, 0x52, 0x3d, 0xed, 0xf7, 0x23, 0x16, 0x57, 0xbd, 0x0c, 0x55, 0x3b,
+	0xa4, 0x1f, 0x33, 0x7f, 0xa0, 0x8e, 0xce, 0x50, 0xb5, 0xb3, 0xb6, 0x71, 0x54, 0xd1, 0x9a, 0x2b,
+	0xd7, 0x10, 0xc8, 0x1e, 0xe0, 0x3c, 0x65, 0xc8, 0x0b, 0x26, 0xd7, 0x96, 0x8b, 0x6d, 0xce, 0x71,
+	0x0f, 0x3c, 0x7e, 0xb3, 0x81, 0x75, 0xc8, 0x1f, 0x78, 0x3c, 0x61, 0x9f, 0xde, 0x92, 0x6d, 0x6c,
+	0x80, 0xbd, 0xe1, 0xc8, 0x45, 0x6b, 0x05, 0xe3, 0xbe, 0xaa, 0xf4, 0x73, 0x54, 0xeb, 0x8b, 0xd8,
+	0x8f, 0xf2, 0x14, 0xa5, 0xcc, 0x0e, 0xe4, 0x99, 0x2f, 0xb8, 0xc7, 0x74, 0x97, 0x24, 0x76, 0x3c,
+	0x02, 0xdb, 0x72, 0x04, 0x96, 0xdd, 0x98, 0x6a, 0x16, 0x6b, 0x17, 0x6e, 0x21, 0x21, 0x3d, 0x10,
+	0x04, 0xb2, 0x09, 0x25, 0xe5, 0xda, 0xda, 0x83, 0xda, 0x14, 0xa8, 0x8e, 0xde, 0x86, 0x2c, 0x0e,
+	0xd8, 0xaa, 0x8c, 0x2f, 0x3a, 0x57, 0x7e, 0xb7, 0x2a, 0x50, 0x3a, 0xf3, 0x7c, 0xdd, 0x0f, 0xad,
+	0x2b, 0x03, 0xca, 0x67, 0x81, 0x3f, 0xed, 0x44, 0x67, 0x70, 0x4b, 0xdf, 0xc0, 0xc7, 0x67, 0x47,
+	0xfb, 0x4e, 0xa8, 0x4d, 0x69, 0x5c, 0x0f, 0xb3, 0x7a, 0x0b, 0xd8, 0x31, 0x63, 0x27, 0x8b, 0x4d,
+	0x8b, 0xce, 0xc3, 0xc9, 0x2f, 0x20, 0x7f, 0x7c, 0xdc, 0x91, 0x92, 0x36, 0xd7, 0x92, 0xa4, 0x61,
+	0xe4, 0x73, 0xc8, 0x3f, 0x97, 0x4f, 0x94, 0x48, 0x35, 0x96, 0x05, 0x29, 0x17, 0x1b, 0x1a, 0xb3,
+	0x51, 0xd6, 0x0b, 0xb8, 0x4b, 0x35, 0xc8, 0xfa, 0x8f, 0x01, 0xb7, 0x4f, 0xd9, 0xe5, 0xbe, 0x6e,
+	0x9e, 0xda, 0xdb, 0x0d, 0x28, 0x4d, 0x68, 0x47, 0x07, 0xca, 0xeb, 0x49, 0x12, 0x79, 0x1f, 0xb6,
+	0x4e, 0x82, 0x91, 0x2f, 0xb4, 0xea, 0x45, 0xac, 0x33, 0x92, 0x42, 0xd5, 0x07, 0xf2, 0x13, 0xc8,
+	0x9f, 0x32, 0x81, 0x4f, 0x28, 0x99, 0x27, 0xd5, 0x76, 0x09, 0x79, 0x4e, 0x99, 0xc0, 0x89, 0x80,
+	0xea, 0x6f, 0x38, 0x66, 0x84, 0x7a, 0xcc, 0xc8, 0x2e, 0x1a, 0x33, 0xf4, 0x57, 0xb2, 0x0b, 0xa5,
+	0x5e, 0xe0, 0x47, 0x82, 0x3b, 0x1e, 0x1e, 0x9c, 0x93, 0xcc, 0x3f, 0x42, 0xe6, 0xd8, 0x9e, 0xfd,
+	0xe9, 0x47, 0x9a, 0xe4, 0xb4, 0xde, 0x81, 0xb7, 0x67, 0xad, 0x54, 0x33, 0xde, 0x23, 0xf8, 0x31,
+	0x65, 0x43, 0xe6, 0x44, 0x6c, 0x7d, 0x0f, 0x58, 0x26, 0xd4, 0xaf, 0x83, 0x95, 0xe0, 0xbf, 0x67,
+	0xa0, 0xd4, 0x7d, 0xcd, 0x7a, 0x27, 0x2c, 0x8a, 0x9c, 0x01, 0x23, 0xef, 0x42, 0xf1, 0x8c, 0x07,
+	0x3d, 0x16, 0x45, 0x13, 0x59, 0x53, 0x02, 0xf9, 0x0c, 0xb2, 0x47, 0xbe, 0x27, 0x54, 0xc5, 0xde,
+	0x4e, 0x9d, 0x1f, 0x3d, 0xa1, 0x64, 0xe2, 0xdb, 0x09, 0xb7, 0x64, 0x0f, 0xb2, 0x98, 0xef, 0xab,
+	0xd4, 0x1c, 0x37, 0x81, 0x45, 0x0c, 0xe9, 0xc8, 0xd7, 0xa6, 0xf7, 0x2d, 0x53, 0x9e, 0x6f, 0xa6,
+	0x17, 0x4b, 0xef, 0x5b, 0x36, 0x95, 0xa0, 0x90, 0xa4, 0x0b, 0xf9, 0x67, 0xc2, 0xe1, 0x38, 0x72,
+	0xc4, 0x11, 0xb9, 0x97, 0xd6, 0x53, 0x63, 0xce, 0xa9, 0x14, 0x8d, 0x45, 0x27, 0x74, 0x5f, 0x7b,
+	0x42, 0x0e, 0x14, 0xe9, 0x4e, 0x40, 0xb6, 0x84, 0x21, 0xb8, 0x45, 0xf4, 0x41, 0xe0, 0xb3, 0x7a,
+	0x7e, 0x29, 0x1a, 0xd9, 0x12, 0x68, 0xdc, 0x76, 0xf2, 0x90, 0x93, 0x4d, 0xd5, 0xfa, 0x8b, 0x01,
+	0xa5, 0x84, 0x8f, 0x57, 0xb8, 0x07, 0xef, 0x42, 0x16, 0x1f, 0x9b, 0x2a, 0x76, 0x05, 0x79, 0x0b,
+	0x98, 0x70, 0xa8, 0xa4, 0x62, 0xd5, 0x3a, 0x74, 0xe3, 0xbb, 0x59, 0xa1, 0xb8, 0x44, 0xca, 0x57,
+	0x62, 0x2c, 0xdd, 0x5d, 0xa0, 0xb8, 0x24, 0x3b, 0x50, 0x78, 0xc6, 0x7a, 0x23, 0xee, 0x89, 0xb1,
+	0x74, 0x60, 0xb5, 0x5d, 0x43, 0x29, 0x9a, 0x26, 0x2f, 0xcb, 0x84, 0xc3, 0xfa, 0x12, 0x13, 0x6b,
+	0xaa, 0x20, 0x81, 0xec, 0x3e, 0x8e, 0xdc, 0xa8, 0x59, 0x85, 0xca, 0x35, 0xbe, 0x7a, 0xba, 0xcb,
+	0x5e, 0x3d, 0x5d, 0xfd, 0xea, 0x99, 0x0d, 0x08, 0x16, 0xc1, 0x84, 0x83, 0xac, 0xc7, 0x50, 0x9c,
+	0x24, 0x0d, 0x3e, 0x38, 0x0f, 0x5d, 0x75, 0xd2, 0xe6, 0xa1, 0x8b, 0xa6, 0x74, 0x9f, 0x1e, 0xca,
+	0x53, 0x0a, 0x14, 0x97, 0x93, 0x96, 0x93, 0x49, 0xb4, 0x9c, 0x5d, 0x7c, 0xcf, 0x25, 0x32, 0x07,
+	0x99, 0x68, 0x70, 0x19, 0x69, 0x95, 0x71, 0x1d, 0x9b, 0x31, 0x8c, 0xa4, 0x2c, 0x69, 0xc6, 0x30,
+	0x6a, 0xff, 0xaf, 0x00, 0xc5, 0xe3, 0xe3, 0x4e, 0x87, 0x7b, 0xee, 0x80, 0x91, 0x3f, 0x18, 0x40,
+	0xae, 0x3f, 0x13, 0xc8, 0x27, 0xe9, 0x09, 0xbb, 0xf8, 0xad, 0x63, 0x7e, 0xba, 0x26, 0x4a, 0x75,
+	0x80, 0xaf, 0x21, 0x27, 0xa7, 0x0f, 0xf2, 0xd3, 0x15, 0xa7, 0x46, 0xb3, 0xb9, 0x9c, 0x51, 0xc9,
+	0xee, 0x41, 0x41, 0x77, 0x70, 0x72, 0x3f, 0x55, 0xbd, 0x99, 0x01, 0xc5, 0xfc, 0x70, 0x25, 0x5e,
+	0x75, 0xc8, 0x6f, 0x21, 0xaf, 0x1a, 0x33, 0xb9, 0xb7, 0x04, 0x37, 0x1d, 0x11, 0xcc, 0xfb, 0xab,
+	0xb0, 0x4e, 0xcd, 0xd0, 0x0d, 0x38, 0xd5, 0x8c, 0xb9, 0xf6, 0x9e, 0x6a, 0xc6, 0xb5, 0x8e, 0xfe,
+	0x1c, 0xb2, 0xd8, 0xa9, 0x49, 0xda, 0x35, 0x4f, 0xb4, 0x72, 0x33, 0x2d, 0x5c, 0x33, 0x2d, 0xfe,
+	0x37, 0x58, 0x0e, 0xe5, 0x6b, 0x27, 0xbd, 0x10, 0x26, 0xfe, 0x9e, 0x30, 0xef, 0xad, 0xc0, 0x39,
+	0x15, 0xaf, 0x5e, 0x0a, 0xcd, 0x15, 0xfe, 0x23, 0x58, 0x2e, 0x7e, 0xee, 0xdf, 0x88, 0x00, 0xca,
+	0xc9, 0x2e, 0x47, 0xec, 0x14, 0xe8, 0x82, 0xa6, 0x6f, 0xb6, 0x56, 0xe6, 0x57, 0x07, 0x7e, 0x87,
+	0x53, 0xe7, 0x6c, 0x07, 0x24, 0xed, 0x54, 0x77, 0x2c, 0xec, 0xb5, 0xe6, 0x83, 0xb5, 0x30, 0xea,
+	0x70, 0x27, 0xee, 0xb0, 0xaa, 0x8b, 0x92, 0xf4, 0x86, 0x31, 0xe9, 0xc4, 0xe6, 0x8a, 0x7c, 0x4d,
+	0xe3, 0x63, 0xa3, 0x53, 0xfe, 0xfe, 0xea, 0xae, 0xf1, 0xcf, 0xab, 0xbb, 0xc6, 0xbf, 0xaf, 0xee,
+	0x1a, 0xe7, 0x5b, 0xf2, 0x1f, 0xda, 0x07, 0xff, 0x0f, 0x00, 0x00, 0xff, 0xff, 0xe7, 0x9d, 0x1a,
+	0x7c, 0xf3, 0x16, 0x00, 0x00,
 }
 
-func (m *SolveResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
-	}
-	if m.Result != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Result.Size()))
-		n7, err := m.Result.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n7
-	}
-	return i, nil
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// LLBBridgeClient is the client API for LLBBridge service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type LLBBridgeClient interface {
+	// apicaps:CapResolveImage
+	ResolveImageConfig(ctx context.Context, in *ResolveImageConfigRequest, opts ...grpc.CallOption) (*ResolveImageConfigResponse, error)
+	// apicaps:CapSolveBase
+	Solve(ctx context.Context, in *SolveRequest, opts ...grpc.CallOption) (*SolveResponse, error)
+	// apicaps:CapReadFile
+	ReadFile(ctx context.Context, in *ReadFileRequest, opts ...grpc.CallOption) (*ReadFileResponse, error)
+	// apicaps:CapReadDir
+	ReadDir(ctx context.Context, in *ReadDirRequest, opts ...grpc.CallOption) (*ReadDirResponse, error)
+	// apicaps:CapStatFile
+	StatFile(ctx context.Context, in *StatFileRequest, opts ...grpc.CallOption) (*StatFileResponse, error)
+	Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PongResponse, error)
+	Return(ctx context.Context, in *ReturnRequest, opts ...grpc.CallOption) (*ReturnResponse, error)
+	// apicaps:CapFrontendInputs
+	Inputs(ctx context.Context, in *InputsRequest, opts ...grpc.CallOption) (*InputsResponse, error)
+	NewContainer(ctx context.Context, in *NewContainerRequest, opts ...grpc.CallOption) (*NewContainerResponse, error)
+	ReleaseContainer(ctx context.Context, in *ReleaseContainerRequest, opts ...grpc.CallOption) (*ReleaseContainerResponse, error)
+	ExecProcess(ctx context.Context, opts ...grpc.CallOption) (LLBBridge_ExecProcessClient, error)
 }
 
-func (m *ReadFileRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+type lLBBridgeClient struct {
+	cc *grpc.ClientConn
 }
 
-func (m *ReadFileRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
-	}
-	if len(m.FilePath) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.FilePath)))
-		i += copy(dAtA[i:], m.FilePath)
-	}
-	if m.Range != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Range.Size()))
-		n8, err := m.Range.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n8
-	}
-	return i, nil
+func NewLLBBridgeClient(cc *grpc.ClientConn) LLBBridgeClient {
+	return &lLBBridgeClient{cc}
 }
 
-func (m *FileRange) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *lLBBridgeClient) ResolveImageConfig(ctx context.Context, in *ResolveImageConfigRequest, opts ...grpc.CallOption) (*ResolveImageConfigResponse, error) {
+	out := new(ResolveImageConfigResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/ResolveImageConfig", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *FileRange) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Offset != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Offset))
-	}
-	if m.Length != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Length))
+func (c *lLBBridgeClient) Solve(ctx context.Context, in *SolveRequest, opts ...grpc.CallOption) (*SolveResponse, error) {
+	out := new(SolveResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/Solve", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *ReadFileResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *lLBBridgeClient) ReadFile(ctx context.Context, in *ReadFileRequest, opts ...grpc.CallOption) (*ReadFileResponse, error) {
+	out := new(ReadFileResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/ReadFile", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *ReadFileResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Data) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+func (c *lLBBridgeClient) ReadDir(ctx context.Context, in *ReadDirRequest, opts ...grpc.CallOption) (*ReadDirResponse, error) {
+	out := new(ReadDirResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/ReadDir", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *ReadDirRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *lLBBridgeClient) StatFile(ctx context.Context, in *StatFileRequest, opts ...grpc.CallOption) (*StatFileResponse, error) {
+	out := new(StatFileResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/StatFile", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *ReadDirRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
-	}
-	if len(m.DirPath) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.DirPath)))
-		i += copy(dAtA[i:], m.DirPath)
-	}
-	if len(m.IncludePattern) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.IncludePattern)))
-		i += copy(dAtA[i:], m.IncludePattern)
+func (c *lLBBridgeClient) Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PongResponse, error) {
+	out := new(PongResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/Ping", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *ReadDirResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *lLBBridgeClient) Return(ctx context.Context, in *ReturnRequest, opts ...grpc.CallOption) (*ReturnResponse, error) {
+	out := new(ReturnResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/Return", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *ReadDirResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Entries) > 0 {
-		for _, msg := range m.Entries {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+func (c *lLBBridgeClient) Inputs(ctx context.Context, in *InputsRequest, opts ...grpc.CallOption) (*InputsResponse, error) {
+	out := new(InputsResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/Inputs", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *StatFileRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *lLBBridgeClient) NewContainer(ctx context.Context, in *NewContainerRequest, opts ...grpc.CallOption) (*NewContainerResponse, error) {
+	out := new(NewContainerResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/NewContainer", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return out, nil
 }
 
-func (m *StatFileRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Ref) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
-		i += copy(dAtA[i:], m.Ref)
-	}
-	if len(m.Path) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(len(m.Path)))
-		i += copy(dAtA[i:], m.Path)
+func (c *lLBBridgeClient) ReleaseContainer(ctx context.Context, in *ReleaseContainerRequest, opts ...grpc.CallOption) (*ReleaseContainerResponse, error) {
+	out := new(ReleaseContainerResponse)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.v1.frontend.LLBBridge/ReleaseContainer", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	return i, nil
+	return out, nil
 }
 
-func (m *StatFileResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (c *lLBBridgeClient) ExecProcess(ctx context.Context, opts ...grpc.CallOption) (LLBBridge_ExecProcessClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_LLBBridge_serviceDesc.Streams[0], "/moby.buildkit.v1.frontend.LLBBridge/ExecProcess", opts...)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	x := &lLBBridgeExecProcessClient{stream}
+	return x, nil
 }
 
-func (m *StatFileResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Stat != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintGateway(dAtA, i, uint64(m.Stat.Size()))
-		n9, err := m.Stat.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n9
-	}
-	return i, nil
+type LLBBridge_ExecProcessClient interface {
+	Send(*ExecMessage) error
+	Recv() (*ExecMessage, error)
+	grpc.ClientStream
 }
 
-func (m *PingRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
+type lLBBridgeExecProcessClient struct {
+	grpc.ClientStream
 }
 
-func (m *PingRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	return i, nil
+func (x *lLBBridgeExecProcessClient) Send(m *ExecMessage) error {
+	return x.ClientStream.SendMsg(m)
 }
 
-func (m *PongResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
+func (x *lLBBridgeExecProcessClient) Recv() (*ExecMessage, error) {
+	m := new(ExecMessage)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return m, nil
 }
 
-func (m *PongResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.FrontendAPICaps) > 0 {
-		for _, msg := range m.FrontendAPICaps {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.LLBCaps) > 0 {
-		for _, msg := range m.LLBCaps {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.Workers) > 0 {
-		for _, msg := range m.Workers {
-			dAtA[i] = 0x1a
-			i++
-			i = encodeVarintGateway(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	return i, nil
+// LLBBridgeServer is the server API for LLBBridge service.
+type LLBBridgeServer interface {
+	// apicaps:CapResolveImage
+	ResolveImageConfig(context.Context, *ResolveImageConfigRequest) (*ResolveImageConfigResponse, error)
+	// apicaps:CapSolveBase
+	Solve(context.Context, *SolveRequest) (*SolveResponse, error)
+	// apicaps:CapReadFile
+	ReadFile(context.Context, *ReadFileRequest) (*ReadFileResponse, error)
+	// apicaps:CapReadDir
+	ReadDir(context.Context, *ReadDirRequest) (*ReadDirResponse, error)
+	// apicaps:CapStatFile
+	StatFile(context.Context, *StatFileRequest) (*StatFileResponse, error)
+	Ping(context.Context, *PingRequest) (*PongResponse, error)
+	Return(context.Context, *ReturnRequest) (*ReturnResponse, error)
+	// apicaps:CapFrontendInputs
+	Inputs(context.Context, *InputsRequest) (*InputsResponse, error)
+	NewContainer(context.Context, *NewContainerRequest) (*NewContainerResponse, error)
+	ReleaseContainer(context.Context, *ReleaseContainerRequest) (*ReleaseContainerResponse, error)
+	ExecProcess(LLBBridge_ExecProcessServer) error
 }
 
-func encodeVarintGateway(dAtA []byte, offset int, v uint64) int {
-	for v >= 1<<7 {
-		dAtA[offset] = uint8(v&0x7f | 0x80)
-		v >>= 7
-		offset++
-	}
-	dAtA[offset] = uint8(v)
-	return offset + 1
-}
-func (m *Result) Size() (n int) {
-	var l int
-	_ = l
-	if m.Result != nil {
-		n += m.Result.Size()
-	}
-	if len(m.Metadata) > 0 {
-		for k, v := range m.Metadata {
-			_ = k
-			_ = v
-			l = 0
-			if len(v) > 0 {
-				l = 1 + len(v) + sovGateway(uint64(len(v)))
-			}
-			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + l
-			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
-		}
-	}
-	return n
+// UnimplementedLLBBridgeServer can be embedded to have forward compatible implementations.
+type UnimplementedLLBBridgeServer struct {
 }
 
-func (m *Result_Ref) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Ref)
-	n += 1 + l + sovGateway(uint64(l))
-	return n
+func (*UnimplementedLLBBridgeServer) ResolveImageConfig(ctx context.Context, req *ResolveImageConfigRequest) (*ResolveImageConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ResolveImageConfig not implemented")
 }
-func (m *Result_Refs) Size() (n int) {
-	var l int
-	_ = l
-	if m.Refs != nil {
-		l = m.Refs.Size()
-		n += 1 + l + sovGateway(uint64(l))
-	}
-	return n
+func (*UnimplementedLLBBridgeServer) Solve(ctx context.Context, req *SolveRequest) (*SolveResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Solve not implemented")
 }
-func (m *RefMap) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Refs) > 0 {
-		for k, v := range m.Refs {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + 1 + len(v) + sovGateway(uint64(len(v)))
-			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
-		}
-	}
-	return n
+func (*UnimplementedLLBBridgeServer) ReadFile(ctx context.Context, req *ReadFileRequest) (*ReadFileResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ReadFile not implemented")
 }
-
-func (m *ReturnRequest) Size() (n int) {
-	var l int
-	_ = l
-	if m.Result != nil {
-		l = m.Result.Size()
-		n += 1 + l + sovGateway(uint64(l))
-	}
-	if m.Error != nil {
-		l = m.Error.Size()
-		n += 1 + l + sovGateway(uint64(l))
-	}
-	return n
+func (*UnimplementedLLBBridgeServer) ReadDir(ctx context.Context, req *ReadDirRequest) (*ReadDirResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ReadDir not implemented")
+}
+func (*UnimplementedLLBBridgeServer) StatFile(ctx context.Context, req *StatFileRequest) (*StatFileResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method StatFile not implemented")
+}
+func (*UnimplementedLLBBridgeServer) Ping(ctx context.Context, req *PingRequest) (*PongResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Ping not implemented")
+}
+func (*UnimplementedLLBBridgeServer) Return(ctx context.Context, req *ReturnRequest) (*ReturnResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Return not implemented")
+}
+func (*UnimplementedLLBBridgeServer) Inputs(ctx context.Context, req *InputsRequest) (*InputsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Inputs not implemented")
+}
+func (*UnimplementedLLBBridgeServer) NewContainer(ctx context.Context, req *NewContainerRequest) (*NewContainerResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method NewContainer not implemented")
+}
+func (*UnimplementedLLBBridgeServer) ReleaseContainer(ctx context.Context, req *ReleaseContainerRequest) (*ReleaseContainerResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ReleaseContainer not implemented")
+}
+func (*UnimplementedLLBBridgeServer) ExecProcess(srv LLBBridge_ExecProcessServer) error {
+	return status.Errorf(codes.Unimplemented, "method ExecProcess not implemented")
 }
 
-func (m *ReturnResponse) Size() (n int) {
-	var l int
-	_ = l
-	return n
+func RegisterLLBBridgeServer(s *grpc.Server, srv LLBBridgeServer) {
+	s.RegisterService(&_LLBBridge_serviceDesc, srv)
 }
 
-func (m *ResolveImageConfigRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Ref)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+func _LLBBridge_ResolveImageConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ResolveImageConfigRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if m.Platform != nil {
-		l = m.Platform.Size()
-		n += 1 + l + sovGateway(uint64(l))
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).ResolveImageConfig(ctx, in)
 	}
-	l = len(m.ResolveMode)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/ResolveImageConfig",
 	}
-	l = len(m.LogName)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).ResolveImageConfig(ctx, req.(*ResolveImageConfigRequest))
 	}
-	return n
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ResolveImageConfigResponse) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Digest)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
-	}
-	l = len(m.Config)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+func _LLBBridge_Solve_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SolveRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	return n
-}
-
-func (m *SolveRequest) Size() (n int) {
-	var l int
-	_ = l
-	if m.Definition != nil {
-		l = m.Definition.Size()
-		n += 1 + l + sovGateway(uint64(l))
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).Solve(ctx, in)
 	}
-	l = len(m.Frontend)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/Solve",
 	}
-	if len(m.FrontendOpt) > 0 {
-		for k, v := range m.FrontendOpt {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + 1 + len(v) + sovGateway(uint64(len(v)))
-			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
-		}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).Solve(ctx, req.(*SolveRequest))
 	}
-	if len(m.ImportCacheRefs) > 0 {
-		for _, s := range m.ImportCacheRefs {
-			l = len(s)
-			n += 1 + l + sovGateway(uint64(l))
-		}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LLBBridge_ReadFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ReadFileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if m.AllowResultReturn {
-		n += 2
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).ReadFile(ctx, in)
 	}
-	if m.Final {
-		n += 2
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/ReadFile",
 	}
-	l = len(m.ExporterAttr)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).ReadFile(ctx, req.(*ReadFileRequest))
 	}
-	return n
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *SolveResponse) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Ref)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
-	}
-	if m.Result != nil {
-		l = m.Result.Size()
-		n += 1 + l + sovGateway(uint64(l))
+func _LLBBridge_ReadDir_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ReadDirRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	return n
-}
-
-func (m *ReadFileRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Ref)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).ReadDir(ctx, in)
 	}
-	l = len(m.FilePath)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/ReadDir",
 	}
-	if m.Range != nil {
-		l = m.Range.Size()
-		n += 1 + l + sovGateway(uint64(l))
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).ReadDir(ctx, req.(*ReadDirRequest))
 	}
-	return n
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *FileRange) Size() (n int) {
-	var l int
-	_ = l
-	if m.Offset != 0 {
-		n += 1 + sovGateway(uint64(m.Offset))
+func _LLBBridge_StatFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(StatFileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
 	}
-	if m.Length != 0 {
-		n += 1 + sovGateway(uint64(m.Length))
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).StatFile(ctx, in)
 	}
-	return n
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/StatFile",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).StatFile(ctx, req.(*StatFileRequest))
+	}
+	return interceptor(ctx, in, info, handler)
 }
 
-func (m *ReadFileResponse) Size() (n int) {
+func _LLBBridge_Ping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(PingRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).Ping(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/Ping",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).Ping(ctx, req.(*PingRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LLBBridge_Return_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ReturnRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).Return(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/Return",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).Return(ctx, req.(*ReturnRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LLBBridge_Inputs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(InputsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).Inputs(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/Inputs",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).Inputs(ctx, req.(*InputsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LLBBridge_NewContainer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(NewContainerRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).NewContainer(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/NewContainer",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).NewContainer(ctx, req.(*NewContainerRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LLBBridge_ReleaseContainer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ReleaseContainerRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LLBBridgeServer).ReleaseContainer(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.buildkit.v1.frontend.LLBBridge/ReleaseContainer",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LLBBridgeServer).ReleaseContainer(ctx, req.(*ReleaseContainerRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LLBBridge_ExecProcess_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(LLBBridgeServer).ExecProcess(&lLBBridgeExecProcessServer{stream})
+}
+
+type LLBBridge_ExecProcessServer interface {
+	Send(*ExecMessage) error
+	Recv() (*ExecMessage, error)
+	grpc.ServerStream
+}
+
+type lLBBridgeExecProcessServer struct {
+	grpc.ServerStream
+}
+
+func (x *lLBBridgeExecProcessServer) Send(m *ExecMessage) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *lLBBridgeExecProcessServer) Recv() (*ExecMessage, error) {
+	m := new(ExecMessage)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+var _LLBBridge_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "moby.buildkit.v1.frontend.LLBBridge",
+	HandlerType: (*LLBBridgeServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "ResolveImageConfig",
+			Handler:    _LLBBridge_ResolveImageConfig_Handler,
+		},
+		{
+			MethodName: "Solve",
+			Handler:    _LLBBridge_Solve_Handler,
+		},
+		{
+			MethodName: "ReadFile",
+			Handler:    _LLBBridge_ReadFile_Handler,
+		},
+		{
+			MethodName: "ReadDir",
+			Handler:    _LLBBridge_ReadDir_Handler,
+		},
+		{
+			MethodName: "StatFile",
+			Handler:    _LLBBridge_StatFile_Handler,
+		},
+		{
+			MethodName: "Ping",
+			Handler:    _LLBBridge_Ping_Handler,
+		},
+		{
+			MethodName: "Return",
+			Handler:    _LLBBridge_Return_Handler,
+		},
+		{
+			MethodName: "Inputs",
+			Handler:    _LLBBridge_Inputs_Handler,
+		},
+		{
+			MethodName: "NewContainer",
+			Handler:    _LLBBridge_NewContainer_Handler,
+		},
+		{
+			MethodName: "ReleaseContainer",
+			Handler:    _LLBBridge_ReleaseContainer_Handler,
+		},
+	},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "ExecProcess",
+			Handler:       _LLBBridge_ExecProcess_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "gateway.proto",
+}
+
+func (m *Result) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Result) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Result) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Data)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	return n
+	if len(m.Metadata) > 0 {
+		for k := range m.Metadata {
+			v := m.Metadata[k]
+			baseI := i
+			if len(v) > 0 {
+				i -= len(v)
+				copy(dAtA[i:], v)
+				i = encodeVarintGateway(dAtA, i, uint64(len(v)))
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGateway(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x52
+		}
+	}
+	if m.Result != nil {
+		{
+			size := m.Result.Size()
+			i -= size
+			if _, err := m.Result.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
+		}
+	}
+	return len(dAtA) - i, nil
 }
 
-func (m *ReadDirRequest) Size() (n int) {
+func (m *Result_RefDeprecated) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Result_RefDeprecated) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i -= len(m.RefDeprecated)
+	copy(dAtA[i:], m.RefDeprecated)
+	i = encodeVarintGateway(dAtA, i, uint64(len(m.RefDeprecated)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+func (m *Result_RefsDeprecated) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Result_RefsDeprecated) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.RefsDeprecated != nil {
+		{
+			size, err := m.RefsDeprecated.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	return len(dAtA) - i, nil
+}
+func (m *Result_Ref) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Result_Ref) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Ref != nil {
+		{
+			size, err := m.Ref.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	return len(dAtA) - i, nil
+}
+func (m *Result_Refs) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Result_Refs) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Refs != nil {
+		{
+			size, err := m.Refs.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	return len(dAtA) - i, nil
+}
+func (m *RefMapDeprecated) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RefMapDeprecated) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RefMapDeprecated) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Ref)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	l = len(m.DirPath)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	if len(m.Refs) > 0 {
+		for k := range m.Refs {
+			v := m.Refs[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintGateway(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGateway(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0xa
+		}
 	}
-	l = len(m.IncludePattern)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
+	return len(dAtA) - i, nil
+}
+
+func (m *Ref) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ReadDirResponse) Size() (n int) {
+func (m *Ref) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Ref) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Entries) > 0 {
-		for _, e := range m.Entries {
-			l = e.Size()
-			n += 1 + l + sovGateway(uint64(l))
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Def != nil {
+		{
+			size, err := m.Def.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Id) > 0 {
+		i -= len(m.Id)
+		copy(dAtA[i:], m.Id)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Id)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *RefMap) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RefMap) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RefMap) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Refs) > 0 {
+		for k := range m.Refs {
+			v := m.Refs[k]
+			baseI := i
+			if v != nil {
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintGateway(dAtA, i, uint64(size))
+				}
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGateway(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ReturnRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReturnRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReturnRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Error != nil {
+		{
+			size, err := m.Error.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Result != nil {
+		{
+			size, err := m.Result.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ReturnResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReturnResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReturnResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *InputsRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *InputsRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *InputsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *InputsResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *InputsResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *InputsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Definitions) > 0 {
+		for k := range m.Definitions {
+			v := m.Definitions[k]
+			baseI := i
+			if v != nil {
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintGateway(dAtA, i, uint64(size))
+				}
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGateway(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ResolveImageConfigRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ResolveImageConfigRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResolveImageConfigRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.LogName) > 0 {
+		i -= len(m.LogName)
+		copy(dAtA[i:], m.LogName)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.LogName)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.ResolveMode) > 0 {
+		i -= len(m.ResolveMode)
+		copy(dAtA[i:], m.ResolveMode)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.ResolveMode)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.Platform != nil {
+		{
+			size, err := m.Platform.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ResolveImageConfigResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ResolveImageConfigResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResolveImageConfigResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Config) > 0 {
+		i -= len(m.Config)
+		copy(dAtA[i:], m.Config)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Config)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Digest) > 0 {
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Digest)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *SolveRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SolveRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SolveRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Evaluate {
+		i--
+		if m.Evaluate {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x70
+	}
+	if len(m.FrontendInputs) > 0 {
+		for k := range m.FrontendInputs {
+			v := m.FrontendInputs[k]
+			baseI := i
+			if v != nil {
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintGateway(dAtA, i, uint64(size))
+				}
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGateway(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x6a
+		}
+	}
+	if len(m.CacheImports) > 0 {
+		for iNdEx := len(m.CacheImports) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.CacheImports[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGateway(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x62
+		}
+	}
+	if len(m.ExporterAttr) > 0 {
+		i -= len(m.ExporterAttr)
+		copy(dAtA[i:], m.ExporterAttr)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.ExporterAttr)))
+		i--
+		dAtA[i] = 0x5a
+	}
+	if m.Final {
+		i--
+		if m.Final {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x50
+	}
+	if m.AllowResultArrayRef {
+		i--
+		if m.AllowResultArrayRef {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x30
+	}
+	if m.AllowResultReturn {
+		i--
+		if m.AllowResultReturn {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x28
+	}
+	if len(m.ImportCacheRefsDeprecated) > 0 {
+		for iNdEx := len(m.ImportCacheRefsDeprecated) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ImportCacheRefsDeprecated[iNdEx])
+			copy(dAtA[i:], m.ImportCacheRefsDeprecated[iNdEx])
+			i = encodeVarintGateway(dAtA, i, uint64(len(m.ImportCacheRefsDeprecated[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
+	}
+	if len(m.FrontendOpt) > 0 {
+		for k := range m.FrontendOpt {
+			v := m.FrontendOpt[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintGateway(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGateway(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.Frontend) > 0 {
+		i -= len(m.Frontend)
+		copy(dAtA[i:], m.Frontend)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Frontend)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Definition != nil {
+		{
+			size, err := m.Definition.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *CacheOptionsEntry) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *CacheOptionsEntry) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CacheOptionsEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Attrs) > 0 {
+		for k := range m.Attrs {
+			v := m.Attrs[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintGateway(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintGateway(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGateway(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Type) > 0 {
+		i -= len(m.Type)
+		copy(dAtA[i:], m.Type)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Type)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *SolveResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SolveResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SolveResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Result != nil {
+		{
+			size, err := m.Result.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ReadFileRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReadFileRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReadFileRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Range != nil {
+		{
+			size, err := m.Range.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.FilePath) > 0 {
+		i -= len(m.FilePath)
+		copy(dAtA[i:], m.FilePath)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.FilePath)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FileRange) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FileRange) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileRange) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Length != 0 {
+		i = encodeVarintGateway(dAtA, i, uint64(m.Length))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Offset != 0 {
+		i = encodeVarintGateway(dAtA, i, uint64(m.Offset))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ReadFileResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReadFileResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReadFileResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ReadDirRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReadDirRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReadDirRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.IncludePattern) > 0 {
+		i -= len(m.IncludePattern)
+		copy(dAtA[i:], m.IncludePattern)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.IncludePattern)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.DirPath) > 0 {
+		i -= len(m.DirPath)
+		copy(dAtA[i:], m.DirPath)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.DirPath)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ReadDirResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReadDirResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReadDirResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Entries) > 0 {
+		for iNdEx := len(m.Entries) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Entries[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGateway(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *StatFileRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *StatFileRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StatFileRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Path) > 0 {
+		i -= len(m.Path)
+		copy(dAtA[i:], m.Path)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Path)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Ref) > 0 {
+		i -= len(m.Ref)
+		copy(dAtA[i:], m.Ref)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Ref)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *StatFileResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *StatFileResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StatFileResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Stat != nil {
+		{
+			size, err := m.Stat.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *PingRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PingRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PingRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *PongResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PongResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PongResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Workers) > 0 {
+		for iNdEx := len(m.Workers) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Workers[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGateway(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if len(m.LLBCaps) > 0 {
+		for iNdEx := len(m.LLBCaps) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.LLBCaps[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGateway(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.FrontendAPICaps) > 0 {
+		for iNdEx := len(m.FrontendAPICaps) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.FrontendAPICaps[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGateway(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *NewContainerRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *NewContainerRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NewContainerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Constraints != nil {
+		{
+			size, err := m.Constraints.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
+	}
+	if m.Platform != nil {
+		{
+			size, err := m.Platform.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.Network != 0 {
+		i = encodeVarintGateway(dAtA, i, uint64(m.Network))
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.Mounts) > 0 {
+		for iNdEx := len(m.Mounts) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Mounts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGateway(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *NewContainerResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *NewContainerResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NewContainerResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ReleaseContainerRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReleaseContainerRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReleaseContainerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ReleaseContainerResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ReleaseContainerResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ReleaseContainerResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ExecMessage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExecMessage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Input != nil {
+		{
+			size := m.Input.Size()
+			i -= size
+			if _, err := m.Input.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
+		}
+	}
+	if len(m.ProcessID) > 0 {
+		i -= len(m.ProcessID)
+		copy(dAtA[i:], m.ProcessID)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.ProcessID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ExecMessage_Init) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecMessage_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Init != nil {
+		{
+			size, err := m.Init.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	return len(dAtA) - i, nil
+}
+func (m *ExecMessage_File) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecMessage_File) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.File != nil {
+		{
+			size, err := m.File.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	return len(dAtA) - i, nil
+}
+func (m *ExecMessage_Resize) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecMessage_Resize) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Resize != nil {
+		{
+			size, err := m.Resize.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	return len(dAtA) - i, nil
+}
+func (m *ExecMessage_Started) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecMessage_Started) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Started != nil {
+		{
+			size, err := m.Started.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
+	}
+	return len(dAtA) - i, nil
+}
+func (m *ExecMessage_Exit) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecMessage_Exit) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Exit != nil {
+		{
+			size, err := m.Exit.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x32
+	}
+	return len(dAtA) - i, nil
+}
+func (m *ExecMessage_Done) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExecMessage_Done) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Done != nil {
+		{
+			size, err := m.Done.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x3a
+	}
+	return len(dAtA) - i, nil
+}
+func (m *InitMessage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *InitMessage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *InitMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Security != 0 {
+		i = encodeVarintGateway(dAtA, i, uint64(m.Security))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Tty {
+		i--
+		if m.Tty {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x20
+	}
+	if len(m.Fds) > 0 {
+		dAtA24 := make([]byte, len(m.Fds)*10)
+		var j23 int
+		for _, num := range m.Fds {
+			for num >= 1<<7 {
+				dAtA24[j23] = uint8(uint64(num)&0x7f | 0x80)
+				num >>= 7
+				j23++
+			}
+			dAtA24[j23] = uint8(num)
+			j23++
+		}
+		i -= j23
+		copy(dAtA[i:], dAtA24[:j23])
+		i = encodeVarintGateway(dAtA, i, uint64(j23))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.Meta != nil {
+		{
+			size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ContainerID) > 0 {
+		i -= len(m.ContainerID)
+		copy(dAtA[i:], m.ContainerID)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.ContainerID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ExitMessage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExitMessage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExitMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Error != nil {
+		{
+			size, err := m.Error.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGateway(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Code != 0 {
+		i = encodeVarintGateway(dAtA, i, uint64(m.Code))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *StartedMessage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *StartedMessage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *StartedMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *DoneMessage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *DoneMessage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *DoneMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FdMessage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FdMessage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FdMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintGateway(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.EOF {
+		i--
+		if m.EOF {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Fd != 0 {
+		i = encodeVarintGateway(dAtA, i, uint64(m.Fd))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ResizeMessage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ResizeMessage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResizeMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Cols != 0 {
+		i = encodeVarintGateway(dAtA, i, uint64(m.Cols))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Rows != 0 {
+		i = encodeVarintGateway(dAtA, i, uint64(m.Rows))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintGateway(dAtA []byte, offset int, v uint64) int {
+	offset -= sovGateway(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func (m *Result) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Result != nil {
+		n += m.Result.Size()
+	}
+	if len(m.Metadata) > 0 {
+		for k, v := range m.Metadata {
+			_ = k
+			_ = v
+			l = 0
+			if len(v) > 0 {
+				l = 1 + len(v) + sovGateway(uint64(len(v)))
+			}
+			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + l
+			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *Result_RefDeprecated) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.RefDeprecated)
+	n += 1 + l + sovGateway(uint64(l))
+	return n
+}
+func (m *Result_RefsDeprecated) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.RefsDeprecated != nil {
+		l = m.RefsDeprecated.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *Result_Ref) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Ref != nil {
+		l = m.Ref.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *Result_Refs) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Refs != nil {
+		l = m.Refs.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *RefMapDeprecated) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Refs) > 0 {
+		for k, v := range m.Refs {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + 1 + len(v) + sovGateway(uint64(len(v)))
+			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *Ref) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Id)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.Def != nil {
+		l = m.Def.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *RefMap) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Refs) > 0 {
+		for k, v := range m.Refs {
+			_ = k
+			_ = v
+			l = 0
+			if v != nil {
+				l = v.Size()
+				l += 1 + sovGateway(uint64(l))
+			}
+			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + l
+			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ReturnRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Result != nil {
+		l = m.Result.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.Error != nil {
+		l = m.Error.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ReturnResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *InputsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *InputsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Definitions) > 0 {
+		for k, v := range m.Definitions {
+			_ = k
+			_ = v
+			l = 0
+			if v != nil {
+				l = v.Size()
+				l += 1 + sovGateway(uint64(l))
+			}
+			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + l
+			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ResolveImageConfigRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Ref)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.Platform != nil {
+		l = m.Platform.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	l = len(m.ResolveMode)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	l = len(m.LogName)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ResolveImageConfigResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Digest)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	l = len(m.Config)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *SolveRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Definition != nil {
+		l = m.Definition.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	l = len(m.Frontend)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if len(m.FrontendOpt) > 0 {
+		for k, v := range m.FrontendOpt {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + 1 + len(v) + sovGateway(uint64(len(v)))
+			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
+		}
+	}
+	if len(m.ImportCacheRefsDeprecated) > 0 {
+		for _, s := range m.ImportCacheRefsDeprecated {
+			l = len(s)
+			n += 1 + l + sovGateway(uint64(l))
+		}
+	}
+	if m.AllowResultReturn {
+		n += 2
+	}
+	if m.AllowResultArrayRef {
+		n += 2
+	}
+	if m.Final {
+		n += 2
+	}
+	l = len(m.ExporterAttr)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if len(m.CacheImports) > 0 {
+		for _, e := range m.CacheImports {
+			l = e.Size()
+			n += 1 + l + sovGateway(uint64(l))
+		}
+	}
+	if len(m.FrontendInputs) > 0 {
+		for k, v := range m.FrontendInputs {
+			_ = k
+			_ = v
+			l = 0
+			if v != nil {
+				l = v.Size()
+				l += 1 + sovGateway(uint64(l))
+			}
+			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + l
+			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
+		}
+	}
+	if m.Evaluate {
+		n += 2
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *CacheOptionsEntry) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Type)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if len(m.Attrs) > 0 {
+		for k, v := range m.Attrs {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovGateway(uint64(len(k))) + 1 + len(v) + sovGateway(uint64(len(v)))
+			n += mapEntrySize + 1 + sovGateway(uint64(mapEntrySize))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *SolveResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Ref)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.Result != nil {
+		l = m.Result.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ReadFileRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Ref)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	l = len(m.FilePath)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.Range != nil {
+		l = m.Range.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *FileRange) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Offset != 0 {
+		n += 1 + sovGateway(uint64(m.Offset))
+	}
+	if m.Length != 0 {
+		n += 1 + sovGateway(uint64(m.Length))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ReadFileResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Data)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ReadDirRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Ref)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	l = len(m.DirPath)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	l = len(m.IncludePattern)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ReadDirResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Entries) > 0 {
+		for _, e := range m.Entries {
+			l = e.Size()
+			n += 1 + l + sovGateway(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *StatFileRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Ref)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	l = len(m.Path)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *StatFileResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Stat != nil {
+		l = m.Stat.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *PingRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *PongResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.FrontendAPICaps) > 0 {
+		for _, e := range m.FrontendAPICaps {
+			l = e.Size()
+			n += 1 + l + sovGateway(uint64(l))
+		}
+	}
+	if len(m.LLBCaps) > 0 {
+		for _, e := range m.LLBCaps {
+			l = e.Size()
+			n += 1 + l + sovGateway(uint64(l))
+		}
+	}
+	if len(m.Workers) > 0 {
+		for _, e := range m.Workers {
+			l = e.Size()
+			n += 1 + l + sovGateway(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *NewContainerRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ContainerID)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if len(m.Mounts) > 0 {
+		for _, e := range m.Mounts {
+			l = e.Size()
+			n += 1 + l + sovGateway(uint64(l))
+		}
+	}
+	if m.Network != 0 {
+		n += 1 + sovGateway(uint64(m.Network))
+	}
+	if m.Platform != nil {
+		l = m.Platform.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.Constraints != nil {
+		l = m.Constraints.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *NewContainerResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ReleaseContainerRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ContainerID)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ReleaseContainerResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ExecMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ProcessID)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.Input != nil {
+		n += m.Input.Size()
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ExecMessage_Init) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Init != nil {
+		l = m.Init.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *ExecMessage_File) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.File != nil {
+		l = m.File.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *ExecMessage_Resize) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Resize != nil {
+		l = m.Resize.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *ExecMessage_Started) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Started != nil {
+		l = m.Started.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *ExecMessage_Exit) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Exit != nil {
+		l = m.Exit.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *ExecMessage_Done) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Done != nil {
+		l = m.Done.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	return n
+}
+func (m *InitMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ContainerID)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.Meta != nil {
+		l = m.Meta.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if len(m.Fds) > 0 {
+		l = 0
+		for _, e := range m.Fds {
+			l += sovGateway(uint64(e))
+		}
+		n += 1 + sovGateway(uint64(l)) + l
+	}
+	if m.Tty {
+		n += 2
+	}
+	if m.Security != 0 {
+		n += 1 + sovGateway(uint64(m.Security))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ExitMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Code != 0 {
+		n += 1 + sovGateway(uint64(m.Code))
+	}
+	if m.Error != nil {
+		l = m.Error.Size()
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *StartedMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *DoneMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *FdMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Fd != 0 {
+		n += 1 + sovGateway(uint64(m.Fd))
+	}
+	if m.EOF {
+		n += 2
+	}
+	l = len(m.Data)
+	if l > 0 {
+		n += 1 + l + sovGateway(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ResizeMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Rows != 0 {
+		n += 1 + sovGateway(uint64(m.Rows))
+	}
+	if m.Cols != 0 {
+		n += 1 + sovGateway(uint64(m.Cols))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func sovGateway(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozGateway(x uint64) (n int) {
+	return sovGateway(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (m *Result) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Result: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Result: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RefDeprecated", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Result = &Result_RefDeprecated{string(dAtA[iNdEx:postIndex])}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RefsDeprecated", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &RefMapDeprecated{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Result = &Result_RefsDeprecated{v}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &Ref{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Result = &Result_Ref{v}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Refs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &RefMap{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Result = &Result_Refs{v}
+			iNdEx = postIndex
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Metadata == nil {
+				m.Metadata = make(map[string][]byte)
+			}
+			var mapkey string
+			mapvalue := []byte{}
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapbyteLen uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapbyteLen |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intMapbyteLen := int(mapbyteLen)
+					if intMapbyteLen < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postbytesIndex := iNdEx + intMapbyteLen
+					if postbytesIndex < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postbytesIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = make([]byte, mapbyteLen)
+					copy(mapvalue, dAtA[iNdEx:postbytesIndex])
+					iNdEx = postbytesIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGateway(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Metadata[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RefMapDeprecated) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RefMapDeprecated: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RefMapDeprecated: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Refs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Refs == nil {
+				m.Refs = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGateway(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Refs[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Ref) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Ref: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Ref: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Id", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Id = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Def", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Def == nil {
+				m.Def = &pb.Definition{}
+			}
+			if err := m.Def.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RefMap) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RefMap: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RefMap: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Refs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Refs == nil {
+				m.Refs = make(map[string]*Ref)
+			}
+			var mapkey string
+			var mapvalue *Ref
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &Ref{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGateway(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Refs[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ReturnRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ReturnRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ReturnRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Result", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Result == nil {
+				m.Result = &Result{}
+			}
+			if err := m.Result.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Error == nil {
+				m.Error = &rpc.Status{}
+			}
+			if err := m.Error.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ReturnResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ReturnResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ReturnResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *InputsRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: InputsRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: InputsRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *InputsResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: InputsResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: InputsResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Definitions", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Definitions == nil {
+				m.Definitions = make(map[string]*pb.Definition)
+			}
+			var mapkey string
+			var mapvalue *pb.Definition
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &pb.Definition{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGateway(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Definitions[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ResolveImageConfigRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ResolveImageConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Ref = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Platform", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Platform == nil {
+				m.Platform = &pb.Platform{}
+			}
+			if err := m.Platform.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResolveMode", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResolveMode = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LogName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.LogName = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ResolveImageConfigResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ResolveImageConfigResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ResolveImageConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Digest", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Digest = github_com_opencontainers_go_digest.Digest(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Config = append(m.Config[:0], dAtA[iNdEx:postIndex]...)
+			if m.Config == nil {
+				m.Config = []byte{}
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *SolveRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SolveRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SolveRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Definition", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Definition == nil {
+				m.Definition = &pb.Definition{}
+			}
+			if err := m.Definition.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Frontend", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Frontend = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FrontendOpt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.FrontendOpt == nil {
+				m.FrontendOpt = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGateway(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.FrontendOpt[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ImportCacheRefsDeprecated", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ImportCacheRefsDeprecated = append(m.ImportCacheRefsDeprecated, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AllowResultReturn", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.AllowResultReturn = bool(v != 0)
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AllowResultArrayRef", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.AllowResultArrayRef = bool(v != 0)
+		case 10:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Final", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Final = bool(v != 0)
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExporterAttr", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ExporterAttr = append(m.ExporterAttr[:0], dAtA[iNdEx:postIndex]...)
+			if m.ExporterAttr == nil {
+				m.ExporterAttr = []byte{}
+			}
+			iNdEx = postIndex
+		case 12:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CacheImports", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CacheImports = append(m.CacheImports, &CacheOptionsEntry{})
+			if err := m.CacheImports[len(m.CacheImports)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 13:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FrontendInputs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.FrontendInputs == nil {
+				m.FrontendInputs = make(map[string]*pb.Definition)
+			}
+			var mapkey string
+			var mapvalue *pb.Definition
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &pb.Definition{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGateway(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.FrontendInputs[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 14:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Evaluate", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Evaluate = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CacheOptionsEntry) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CacheOptionsEntry: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CacheOptionsEntry: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Type = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Attrs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Attrs == nil {
+				m.Attrs = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthGateway
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGateway(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGateway
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Attrs[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
 		}
 	}
-	return n
-}
-
-func (m *StatFileRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Ref)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
-	}
-	l = len(m.Path)
-	if l > 0 {
-		n += 1 + l + sovGateway(uint64(l))
-	}
-	return n
-}
 
-func (m *StatFileResponse) Size() (n int) {
-	var l int
-	_ = l
-	if m.Stat != nil {
-		l = m.Stat.Size()
-		n += 1 + l + sovGateway(uint64(l))
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	return n
-}
-
-func (m *PingRequest) Size() (n int) {
-	var l int
-	_ = l
-	return n
+	return nil
 }
-
-func (m *PongResponse) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.FrontendAPICaps) > 0 {
-		for _, e := range m.FrontendAPICaps {
-			l = e.Size()
-			n += 1 + l + sovGateway(uint64(l))
+func (m *SolveResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
 		}
-	}
-	if len(m.LLBCaps) > 0 {
-		for _, e := range m.LLBCaps {
-			l = e.Size()
-			n += 1 + l + sovGateway(uint64(l))
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SolveResponse: wiretype end group for non-group")
 		}
-	}
-	if len(m.Workers) > 0 {
-		for _, e := range m.Workers {
-			l = e.Size()
-			n += 1 + l + sovGateway(uint64(l))
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SolveResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Ref = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Result", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Result == nil {
+				m.Result = &Result{}
+			}
+			if err := m.Result.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
 		}
 	}
-	return n
-}
 
-func sovGateway(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	return n
-}
-func sozGateway(x uint64) (n int) {
-	return sovGateway(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+	return nil
 }
-func (m *Result) Unmarshal(dAtA []byte) error {
+func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1852,7 +7691,7 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -1860,10 +7699,10 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Result: wiretype end group for non-group")
+			return fmt.Errorf("proto: ReadFileRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Result: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ReadFileRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -1880,7 +7719,7 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1890,16 +7729,19 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Result = &Result_Ref{string(dAtA[iNdEx:postIndex])}
+			m.Ref = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Refs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field FilePath", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -1909,27 +7751,27 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &RefMap{}
-			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			m.Result = &Result_Refs{v}
+			m.FilePath = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 10:
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Range", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1941,7 +7783,7 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -1950,101 +7792,18 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Metadata == nil {
-				m.Metadata = make(map[string][]byte)
+			if m.Range == nil {
+				m.Range = &FileRange{}
 			}
-			var mapkey string
-			mapvalue := []byte{}
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowGateway
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowGateway
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthGateway
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var mapbyteLen uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowGateway
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						mapbyteLen |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intMapbyteLen := int(mapbyteLen)
-					if intMapbyteLen < 0 {
-						return ErrInvalidLengthGateway
-					}
-					postbytesIndex := iNdEx + intMapbyteLen
-					if postbytesIndex > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = make([]byte, mapbyteLen)
-					copy(mapvalue, dAtA[iNdEx:postbytesIndex])
-					iNdEx = postbytesIndex
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipGateway(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthGateway
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
+			if err := m.Range.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Metadata[mapkey] = mapvalue
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -2052,12 +7811,13 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2067,7 +7827,7 @@ func (m *Result) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *RefMap) Unmarshal(dAtA []byte) error {
+func (m *FileRange) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2082,7 +7842,7 @@ func (m *RefMap) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2090,17 +7850,17 @@ func (m *RefMap) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: RefMap: wiretype end group for non-group")
+			return fmt.Errorf("proto: FileRange: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: RefMap: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: FileRange: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Refs", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Offset", wireType)
 			}
-			var msglen int
+			m.Offset = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2110,109 +7870,114 @@ func (m *RefMap) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.Offset |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Length", wireType)
+			}
+			m.Length = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Length |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
+			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Refs == nil {
-				m.Refs = make(map[string]string)
-			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowGateway
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowGateway
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthGateway
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowGateway
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthGateway
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipGateway(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthGateway
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ReadFileResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ReadFileResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ReadFileResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
 				}
 			}
-			m.Refs[mapkey] = mapvalue
+			if byteLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...)
+			if m.Data == nil {
+				m.Data = []byte{}
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -2220,12 +7985,13 @@ func (m *RefMap) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2235,7 +8001,7 @@ func (m *RefMap) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ReturnRequest) Unmarshal(dAtA []byte) error {
+func (m *ReadDirRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2250,7 +8016,7 @@ func (m *ReturnRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2258,17 +8024,17 @@ func (m *ReturnRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ReturnRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ReadDirRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ReturnRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ReadDirRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Result", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2278,30 +8044,29 @@ func (m *ReturnRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Result == nil {
-				m.Result = &Result{}
-			}
-			if err := m.Result.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Ref = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field DirPath", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2311,24 +8076,55 @@ func (m *ReturnRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Error == nil {
-				m.Error = &google_rpc.Status{}
+			m.DirPath = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IncludePattern", wireType)
 			}
-			if err := m.Error.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
 			}
+			m.IncludePattern = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -2336,12 +8132,13 @@ func (m *ReturnRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2351,7 +8148,7 @@ func (m *ReturnRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ReturnResponse) Unmarshal(dAtA []byte) error {
+func (m *ReadDirResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2366,7 +8163,7 @@ func (m *ReturnResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2374,24 +8171,59 @@ func (m *ReturnResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ReturnResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: ReadDirResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ReturnResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ReadDirResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Entries", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Entries = append(m.Entries, &types.Stat{})
+			if err := m.Entries[len(m.Entries)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGateway(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2401,7 +8233,7 @@ func (m *ReturnResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
+func (m *StatFileRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2416,7 +8248,7 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2424,10 +8256,10 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ResolveImageConfigRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: StatFileRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ResolveImageConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: StatFileRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -2444,7 +8276,7 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2454,6 +8286,9 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -2461,9 +8296,9 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Platform", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2473,59 +8308,80 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Platform == nil {
-				m.Platform = &pb.Platform{}
-			}
-			if err := m.Platform.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Path = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
 				return err
 			}
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ResolveMode", wireType)
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
 			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGateway
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGateway
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *StatFileResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
 			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
+			if iNdEx >= l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ResolveMode = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 4:
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: StatFileResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: StatFileResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field LogName", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Stat", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2535,20 +8391,27 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.LogName = string(dAtA[iNdEx:postIndex])
+			if m.Stat == nil {
+				m.Stat = &types.Stat{}
+			}
+			if err := m.Stat.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -2556,12 +8419,13 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2571,7 +8435,7 @@ func (m *ResolveImageConfigRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ResolveImageConfigResponse) Unmarshal(dAtA []byte) error {
+func (m *PingRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2586,7 +8450,7 @@ func (m *ResolveImageConfigResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2594,84 +8458,25 @@ func (m *ResolveImageConfigResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ResolveImageConfigResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: PingRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ResolveImageConfigResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: PingRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Digest", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGateway
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGateway
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Digest = github_com_opencontainers_go_digest.Digest(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
-			}
-			var byteLen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGateway
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if byteLen < 0 {
-				return ErrInvalidLengthGateway
-			}
-			postIndex := iNdEx + byteLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Config = append(m.Config[:0], dAtA[iNdEx:postIndex]...)
-			if m.Config == nil {
-				m.Config = []byte{}
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGateway(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -2681,7 +8486,7 @@ func (m *ResolveImageConfigResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *SolveRequest) Unmarshal(dAtA []byte) error {
+func (m *PongResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2696,7 +8501,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2704,15 +8509,15 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: SolveRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: PongResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: SolveRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: PongResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Definition", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field FrontendAPICaps", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2724,7 +8529,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2733,21 +8538,22 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Definition == nil {
-				m.Definition = &pb.Definition{}
-			}
-			if err := m.Definition.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.FrontendAPICaps = append(m.FrontendAPICaps, pb1.APICap{})
+			if err := m.FrontendAPICaps[len(m.FrontendAPICaps)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Frontend", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field LLBCaps", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2757,24 +8563,29 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Frontend = string(dAtA[iNdEx:postIndex])
+			m.LLBCaps = append(m.LLBCaps, pb1.APICap{})
+			if err := m.LLBCaps[len(m.LLBCaps)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field FrontendOpt", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Workers", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2786,7 +8597,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2795,106 +8606,105 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.FrontendOpt == nil {
-				m.FrontendOpt = make(map[string]string)
+			m.Workers = append(m.Workers, &types1.WorkerRecord{})
+			if err := m.Workers[len(m.Workers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowGateway
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *NewContainerRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: NewContainerRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: NewContainerRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ContainerID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
 				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowGateway
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthGateway
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowGateway
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthGateway
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipGateway(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthGateway
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
 				}
 			}
-			m.FrontendOpt[mapkey] = mapvalue
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ContainerID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 4:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ImportCacheRefs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Mounts", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2904,26 +8714,31 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ImportCacheRefs = append(m.ImportCacheRefs, string(dAtA[iNdEx:postIndex]))
+			m.Mounts = append(m.Mounts, &pb.Mount{})
+			if err := m.Mounts[len(m.Mounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 5:
+		case 3:
 			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field AllowResultReturn", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
 			}
-			var v int
+			m.Network = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2933,17 +8748,16 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				m.Network |= pb.NetMode(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			m.AllowResultReturn = bool(v != 0)
-		case 10:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Final", wireType)
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Platform", wireType)
 			}
-			var v int
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2953,17 +8767,33 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			m.Final = bool(v != 0)
-		case 11:
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Platform == nil {
+				m.Platform = &pb.Platform{}
+			}
+			if err := m.Platform.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExporterAttr", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Constraints", wireType)
 			}
-			var byteLen int
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -2973,21 +8803,26 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if byteLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + byteLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ExporterAttr = append(m.ExporterAttr[:0], dAtA[iNdEx:postIndex]...)
-			if m.ExporterAttr == nil {
-				m.ExporterAttr = []byte{}
+			if m.Constraints == nil {
+				m.Constraints = &pb.WorkerConstraints{}
+			}
+			if err := m.Constraints.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
 			iNdEx = postIndex
 		default:
@@ -2996,12 +8831,13 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3011,7 +8847,7 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *SolveResponse) Unmarshal(dAtA []byte) error {
+func (m *NewContainerResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3026,7 +8862,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3034,15 +8870,66 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: SolveResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: NewContainerResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: SolveResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: NewContainerResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ReleaseContainerRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ReleaseContainerRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ReleaseContainerRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ContainerID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -3054,7 +8941,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3064,56 +8951,78 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Ref = string(dAtA[iNdEx:postIndex])
+			m.ContainerID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Result", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGateway
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
 			}
-			if msglen < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
+			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Result == nil {
-				m.Result = &Result{}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ReleaseContainerResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
 			}
-			if err := m.Result.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
 			}
-			iNdEx = postIndex
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ReleaseContainerResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ReleaseContainerResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGateway(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3123,7 +9032,7 @@ func (m *SolveResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
+func (m *ExecMessage) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3138,7 +9047,7 @@ func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3146,15 +9055,15 @@ func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ReadFileRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ExecMessage: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ReadFileRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ExecMessage: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ProcessID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -3166,7 +9075,7 @@ func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3176,16 +9085,19 @@ func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Ref = string(dAtA[iNdEx:postIndex])
+			m.ProcessID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field FilePath", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3195,24 +9107,30 @@ func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.FilePath = string(dAtA[iNdEx:postIndex])
+			v := &InitMessage{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Input = &ExecMessage_Init{v}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Range", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field File", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3224,7 +9142,7 @@ func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3233,71 +9151,58 @@ func (m *ReadFileRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Range == nil {
-				m.Range = &FileRange{}
-			}
-			if err := m.Range.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			v := &FdMessage{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
+			m.Input = &ExecMessage_File{v}
 			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGateway(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthGateway
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Resize", wireType)
 			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *FileRange) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGateway
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
 			}
-			if iNdEx >= l {
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
+			v := &ResizeMessage{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: FileRange: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: FileRange: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Offset", wireType)
+			m.Input = &ExecMessage_Resize{v}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Started", wireType)
 			}
-			m.Offset = 0
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3307,16 +9212,32 @@ func (m *FileRange) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Offset |= (int64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Length", wireType)
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
 			}
-			m.Length = 0
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &StartedMessage{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Input = &ExecMessage_Started{v}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exit", wireType)
+			}
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3326,66 +9247,32 @@ func (m *FileRange) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Length |= (int64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGateway(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGateway
 			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *ReadFileResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGateway
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
 			}
-			if iNdEx >= l {
+			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
+			v := &ExitMessage{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ReadFileResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ReadFileResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+			m.Input = &ExecMessage_Exit{v}
+			iNdEx = postIndex
+		case 7:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Done", wireType)
 			}
-			var byteLen int
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3395,22 +9282,26 @@ func (m *ReadFileResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if byteLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + byteLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...)
-			if m.Data == nil {
-				m.Data = []byte{}
+			v := &DoneMessage{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
+			m.Input = &ExecMessage_Done{v}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -3418,12 +9309,13 @@ func (m *ReadFileResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3433,7 +9325,7 @@ func (m *ReadFileResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ReadDirRequest) Unmarshal(dAtA []byte) error {
+func (m *InitMessage) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3448,7 +9340,7 @@ func (m *ReadDirRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3456,15 +9348,15 @@ func (m *ReadDirRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ReadDirRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: InitMessage: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ReadDirRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: InitMessage: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ContainerID", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -3476,7 +9368,7 @@ func (m *ReadDirRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3486,16 +9378,19 @@ func (m *ReadDirRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthGateway
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGateway
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Ref = string(dAtA[iNdEx:postIndex])
+			m.ContainerID = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field DirPath", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Meta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3505,105 +9400,109 @@ func (m *ReadDirRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.DirPath = string(dAtA[iNdEx:postIndex])
+			if m.Meta == nil {
+				m.Meta = &pb.Meta{}
+			}
+			if err := m.Meta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IncludePattern", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGateway
+			if wireType == 0 {
+				var v uint32
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					v |= uint32(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
 				}
-				if iNdEx >= l {
+				m.Fds = append(m.Fds, v)
+			} else if wireType == 2 {
+				var packedLen int
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGateway
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					packedLen |= int(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				if packedLen < 0 {
+					return ErrInvalidLengthGateway
+				}
+				postIndex := iNdEx + packedLen
+				if postIndex < 0 {
+					return ErrInvalidLengthGateway
+				}
+				if postIndex > l {
 					return io.ErrUnexpectedEOF
 				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
+				var elementCount int
+				var count int
+				for _, integer := range dAtA[iNdEx:postIndex] {
+					if integer < 128 {
+						count++
+					}
 				}
+				elementCount = count
+				if elementCount != 0 && len(m.Fds) == 0 {
+					m.Fds = make([]uint32, 0, elementCount)
+				}
+				for iNdEx < postIndex {
+					var v uint32
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGateway
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						v |= uint32(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					m.Fds = append(m.Fds, v)
+				}
+			} else {
+				return fmt.Errorf("proto: wrong wireType = %d for field Fds", wireType)
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGateway
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IncludePattern = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGateway(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthGateway
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *ReadDirResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGateway
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ReadDirResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ReadDirResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Entries", wireType)
-			}
-			var msglen int
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Tty", wireType)
+			}
+			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3613,35 +9512,44 @@ func (m *ReadDirResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthGateway
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
+			m.Tty = bool(v != 0)
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Security", wireType)
 			}
-			m.Entries = append(m.Entries, &fsutil_types.Stat{})
-			if err := m.Entries[len(m.Entries)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			m.Security = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Security |= pb.SecurityMode(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGateway(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3651,7 +9559,7 @@ func (m *ReadDirResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *StatFileRequest) Unmarshal(dAtA []byte) error {
+func (m *ExitMessage) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3666,7 +9574,7 @@ func (m *StatFileRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3674,17 +9582,17 @@ func (m *StatFileRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: StatFileRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ExitMessage: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: StatFileRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ExitMessage: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Code", wireType)
 			}
-			var stringLen uint64
+			m.Code = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3694,26 +9602,16 @@ func (m *StatFileRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				m.Code |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGateway
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Ref = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3723,20 +9621,27 @@ func (m *StatFileRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Path = string(dAtA[iNdEx:postIndex])
+			if m.Error == nil {
+				m.Error = &rpc.Status{}
+			}
+			if err := m.Error.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -3744,12 +9649,13 @@ func (m *StatFileRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3759,7 +9665,7 @@ func (m *StatFileRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *StatFileResponse) Unmarshal(dAtA []byte) error {
+func (m *StartedMessage) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3774,7 +9680,7 @@ func (m *StatFileResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3782,57 +9688,25 @@ func (m *StatFileResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: StatFileResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: StartedMessage: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: StatFileResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: StartedMessage: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Stat", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGateway
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGateway
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Stat == nil {
-				m.Stat = &fsutil_types.Stat{}
-			}
-			if err := m.Stat.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGateway(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3842,7 +9716,7 @@ func (m *StatFileResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *PingRequest) Unmarshal(dAtA []byte) error {
+func (m *DoneMessage) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3857,7 +9731,7 @@ func (m *PingRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3865,10 +9739,10 @@ func (m *PingRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: PingRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: DoneMessage: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: PingRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: DoneMessage: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		default:
@@ -3877,12 +9751,13 @@ func (m *PingRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -3892,7 +9767,7 @@ func (m *PingRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *PongResponse) Unmarshal(dAtA []byte) error {
+func (m *FdMessage) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3907,7 +9782,7 @@ func (m *PongResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3915,17 +9790,17 @@ func (m *PongResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: PongResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: FdMessage: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: PongResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: FdMessage: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field FrontendAPICaps", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Fd", wireType)
 			}
-			var msglen int
+			m.Fd = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3935,28 +9810,36 @@ func (m *PongResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.Fd |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthGateway
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field EOF", wireType)
 			}
-			m.FrontendAPICaps = append(m.FrontendAPICaps, moby_buildkit_v1_apicaps.APICap{})
-			if err := m.FrontendAPICaps[len(m.FrontendAPICaps)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			iNdEx = postIndex
-		case 2:
+			m.EOF = bool(v != 0)
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field LLBCaps", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType)
 			}
-			var msglen int
+			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3966,28 +9849,82 @@ func (m *PongResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			if byteLen < 0 {
+				return ErrInvalidLengthGateway
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
 				return ErrInvalidLengthGateway
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.LLBCaps = append(m.LLBCaps, moby_buildkit_v1_apicaps.APICap{})
-			if err := m.LLBCaps[len(m.LLBCaps)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...)
+			if m.Data == nil {
+				m.Data = []byte{}
 			}
 			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Workers", wireType)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGateway(dAtA[iNdEx:])
+			if err != nil {
+				return err
 			}
-			var msglen int
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGateway
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ResizeMessage) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGateway
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ResizeMessage: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ResizeMessage: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rows", wireType)
+			}
+			m.Rows = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGateway
@@ -3997,35 +9934,43 @@ func (m *PongResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.Rows |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthGateway
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Cols", wireType)
 			}
-			m.Workers = append(m.Workers, &moby_buildkit_v1_types.WorkerRecord{})
-			if err := m.Workers[len(m.Workers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			m.Cols = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGateway
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Cols |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGateway(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthGateway
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -4038,6 +9983,7 @@ func (m *PongResponse) Unmarshal(dAtA []byte) error {
 func skipGateway(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -4069,10 +10015,8 @@ func skipGateway(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -4089,131 +10033,34 @@ func skipGateway(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthGateway
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowGateway
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipGateway(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupGateway
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthGateway
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthGateway = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowGateway   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthGateway        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowGateway          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupGateway = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("gateway.proto", fileDescriptorGateway) }
-
-var fileDescriptorGateway = []byte{
-	// 1144 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xcf, 0x4f, 0x1b, 0xc7,
-	0x17, 0x67, 0xb1, 0x8d, 0xed, 0x67, 0x03, 0xfe, 0x8e, 0xbe, 0xaa, 0x36, 0x7b, 0x20, 0xee, 0xaa,
-	0xa2, 0x0e, 0x21, 0xbb, 0x2a, 0x69, 0x45, 0x4a, 0xa4, 0xa4, 0x31, 0x04, 0x85, 0xd6, 0x34, 0xd6,
-	0xe4, 0x10, 0x29, 0x6a, 0xa5, 0xae, 0xed, 0xf1, 0x32, 0x62, 0xbd, 0xb3, 0x9d, 0x1d, 0x43, 0x51,
-	0x2f, 0x6d, 0x4f, 0xbd, 0xf7, 0x9f, 0xca, 0xad, 0x3d, 0xf7, 0x10, 0x55, 0xdc, 0xfa, 0x5f, 0x54,
-	0xf3, 0x63, 0xed, 0xc5, 0x80, 0x81, 0xd3, 0xce, 0x9b, 0x79, 0x9f, 0xf7, 0x3e, 0x6f, 0xde, 0x8f,
-	0x59, 0x58, 0x0e, 0x03, 0x41, 0x4e, 0x83, 0x33, 0x2f, 0xe1, 0x4c, 0x30, 0x74, 0x6f, 0xc4, 0x7a,
-	0x67, 0x5e, 0x6f, 0x4c, 0xa3, 0xc1, 0x31, 0x15, 0xde, 0xc9, 0x67, 0xde, 0x90, 0xb3, 0x58, 0x90,
-	0x78, 0xe0, 0x3c, 0x0a, 0xa9, 0x38, 0x1a, 0xf7, 0xbc, 0x3e, 0x1b, 0xf9, 0x21, 0x0b, 0x99, 0xaf,
-	0x10, 0xbd, 0xf1, 0x50, 0x49, 0x4a, 0x50, 0x2b, 0x6d, 0xc9, 0xd9, 0x9a, 0x55, 0x0f, 0x19, 0x0b,
-	0x23, 0x12, 0x24, 0x34, 0x35, 0x4b, 0x9f, 0x27, 0x7d, 0x3f, 0x15, 0x81, 0x18, 0xa7, 0x06, 0xb3,
-	0x99, 0xc3, 0x48, 0x22, 0x7e, 0x46, 0xc4, 0x4f, 0x59, 0x74, 0x42, 0xb8, 0x9f, 0xf4, 0x7c, 0x96,
-	0x64, 0xda, 0xfe, 0xb5, 0xda, 0x41, 0x42, 0x7d, 0x71, 0x96, 0x90, 0xd4, 0x3f, 0x65, 0xfc, 0x98,
-	0x70, 0x03, 0x78, 0x7c, 0x2d, 0x60, 0x2c, 0x68, 0x24, 0x51, 0xfd, 0x20, 0x49, 0xa5, 0x13, 0xf9,
-	0x35, 0xa0, 0x7c, 0xd8, 0x82, 0xc5, 0x34, 0x15, 0x94, 0x86, 0xd4, 0x1f, 0xa6, 0x0a, 0xa3, 0xbd,
-	0xc8, 0x20, 0xb4, 0xba, 0xfb, 0xaf, 0x05, 0x4b, 0x98, 0xa4, 0xe3, 0x48, 0x20, 0x04, 0x05, 0x4e,
-	0x86, 0xb6, 0xd5, 0xb4, 0x5a, 0xd5, 0x57, 0x0b, 0x58, 0x0a, 0x68, 0x1b, 0x8a, 0x9c, 0x0c, 0x53,
-	0x7b, 0xb1, 0x69, 0xb5, 0x6a, 0x5b, 0x1f, 0x7b, 0xd7, 0x5e, 0xb7, 0x87, 0xc9, 0xf0, 0x30, 0x48,
-	0x5e, 0x2d, 0x60, 0x05, 0x40, 0xdf, 0x40, 0x65, 0x44, 0x44, 0x30, 0x08, 0x44, 0x60, 0x43, 0xb3,
-	0xd0, 0xaa, 0x6d, 0xf9, 0x73, 0xc1, 0x92, 0x81, 0x77, 0x68, 0x10, 0x2f, 0x63, 0xc1, 0xcf, 0xf0,
-	0xc4, 0x80, 0xf3, 0x14, 0x96, 0x2f, 0x1c, 0xa1, 0x06, 0x14, 0x8e, 0xc9, 0x99, 0xa6, 0x8a, 0xe5,
-	0x12, 0xfd, 0x1f, 0x4a, 0x27, 0x41, 0x34, 0x26, 0x8a, 0x69, 0x1d, 0x6b, 0x61, 0x67, 0xf1, 0x89,
-	0xd5, 0xae, 0xc0, 0x12, 0x57, 0xe6, 0xdd, 0xdf, 0x54, 0xac, 0x92, 0x26, 0x7a, 0x6e, 0xe2, 0xb2,
-	0x14, 0xb5, 0x87, 0x37, 0xc6, 0x25, 0x3f, 0xa9, 0xa6, 0xa5, 0x80, 0xce, 0x36, 0x54, 0x27, 0x5b,
-	0x37, 0xd1, 0xa9, 0xe6, 0xe8, 0xb8, 0x02, 0x96, 0x31, 0x11, 0x63, 0x1e, 0x63, 0xf2, 0xe3, 0x98,
-	0xa4, 0x02, 0x7d, 0x99, 0xf1, 0x53, 0xf8, 0x9b, 0x2e, 0x59, 0x2a, 0x62, 0x03, 0x40, 0x2d, 0x28,
-	0x11, 0xce, 0x19, 0x37, 0xe9, 0x41, 0x9e, 0x2e, 0x54, 0x8f, 0x27, 0x7d, 0xef, 0x8d, 0x2a, 0x54,
-	0xac, 0x15, 0xdc, 0x06, 0xac, 0x64, 0x5e, 0xd3, 0x84, 0xc5, 0x29, 0x71, 0xff, 0xb0, 0xe0, 0x1e,
-	0x26, 0xaa, 0x4e, 0x0f, 0x46, 0x41, 0x48, 0x76, 0x59, 0x3c, 0xa4, 0x61, 0x46, 0xaa, 0x01, 0x05,
-	0x9c, 0xd5, 0x02, 0x96, 0x4b, 0xd4, 0x82, 0x4a, 0x37, 0x0a, 0xc4, 0x90, 0xf1, 0x91, 0x71, 0x57,
-	0xf7, 0x92, 0x9e, 0x97, 0xed, 0xe1, 0xc9, 0x29, 0x6a, 0x42, 0xcd, 0x18, 0x3e, 0x64, 0x03, 0x62,
-	0x17, 0x94, 0x8d, 0xfc, 0x16, 0xb2, 0xa1, 0xdc, 0x61, 0xe1, 0xb7, 0xc1, 0x88, 0xd8, 0x45, 0x75,
-	0x9a, 0x89, 0xee, 0x2f, 0x16, 0x38, 0x57, 0xb1, 0xd2, 0xa4, 0xd1, 0xd7, 0xb0, 0xb4, 0x47, 0x43,
-	0x92, 0xea, 0xbb, 0xaa, 0xb6, 0xb7, 0xde, 0x7f, 0xb8, 0xbf, 0xf0, 0xf7, 0x87, 0xfb, 0x1b, 0xb9,
-	0xa2, 0x67, 0x09, 0x89, 0xfb, 0x2c, 0x16, 0x01, 0x8d, 0x09, 0x97, 0xbd, 0xfb, 0x68, 0xa0, 0x20,
-	0x9e, 0x46, 0x62, 0x63, 0x01, 0x7d, 0x04, 0x4b, 0xda, 0xba, 0x29, 0x19, 0x23, 0xb9, 0xbf, 0x17,
-	0xa0, 0xfe, 0x46, 0x12, 0xc8, 0xee, 0xc2, 0x03, 0xd8, 0x23, 0x43, 0x1a, 0x53, 0x41, 0x59, 0x6c,
-	0x92, 0xb4, 0x22, 0x63, 0x9f, 0xee, 0xe2, 0x9c, 0x06, 0x72, 0xa0, 0xb2, 0x6f, 0x12, 0x66, 0xd2,
-	0x3f, 0x91, 0xd1, 0x3b, 0xa8, 0x65, 0xeb, 0xd7, 0x89, 0xb0, 0x0b, 0xaa, 0xfc, 0x9e, 0xcc, 0xc9,
-	0x78, 0x9e, 0x89, 0x97, 0x83, 0xea, 0x5a, 0xcc, 0x1b, 0x43, 0x2d, 0x58, 0x3d, 0x18, 0x25, 0x8c,
-	0x8b, 0xdd, 0xa0, 0x7f, 0x44, 0x64, 0x75, 0xda, 0xc5, 0x66, 0xa1, 0x55, 0xc5, 0xb3, 0xdb, 0x68,
-	0x13, 0xfe, 0x17, 0x44, 0x11, 0x3b, 0x35, 0xe5, 0xa4, 0x0a, 0xc3, 0x2e, 0x35, 0xad, 0x56, 0x05,
-	0x5f, 0x3e, 0x90, 0xb5, 0xbc, 0x4f, 0xe3, 0x20, 0xb2, 0x41, 0x69, 0x68, 0x01, 0xb9, 0x50, 0x7f,
-	0xf9, 0x93, 0x34, 0x4b, 0xf8, 0x0b, 0x21, 0xb8, 0x5d, 0x53, 0x97, 0x78, 0x61, 0xcf, 0x79, 0x06,
-	0x8d, 0x59, 0xca, 0x77, 0xea, 0x95, 0xef, 0x60, 0xd9, 0xc4, 0x6f, 0xf2, 0xdf, 0xc8, 0x8d, 0x28,
-	0x3d, 0xa0, 0xa6, 0xdd, 0x53, 0xb8, 0x63, 0xf7, 0xb8, 0x3f, 0xc3, 0x2a, 0x26, 0xc1, 0x60, 0x9f,
-	0x46, 0xe4, 0xfa, 0xb2, 0x97, 0xc9, 0xa4, 0x11, 0xe9, 0x06, 0xe2, 0x68, 0x92, 0x4c, 0x23, 0xa3,
-	0x1d, 0x28, 0xe1, 0x20, 0x0e, 0x89, 0x71, 0xfd, 0xc9, 0x1c, 0xd7, 0xca, 0x89, 0xd4, 0xc5, 0x1a,
-	0xe2, 0x3e, 0x85, 0xea, 0x64, 0x4f, 0x96, 0xe2, 0xeb, 0xe1, 0x30, 0x25, 0xba, 0xac, 0x0b, 0xd8,
-	0x48, 0x72, 0xbf, 0x43, 0xe2, 0xd0, 0xb8, 0x2e, 0x60, 0x23, 0xb9, 0xeb, 0xd0, 0x98, 0x32, 0x37,
-	0x57, 0x83, 0xa0, 0xb8, 0x27, 0x87, 0xad, 0xa5, 0xf2, 0xa0, 0xd6, 0xee, 0x40, 0x76, 0x7d, 0x30,
-	0xd8, 0xa3, 0xfc, 0xfa, 0x00, 0x6d, 0x28, 0xef, 0x51, 0x9e, 0x8b, 0x2f, 0x13, 0xd1, 0x3a, 0xac,
-	0x1c, 0xc4, 0xfd, 0x68, 0x3c, 0x90, 0xd1, 0x0a, 0xc2, 0x63, 0xd3, 0xca, 0x33, 0xbb, 0xee, 0x73,
-	0x7d, 0x8f, 0xca, 0x8b, 0x21, 0xb3, 0x09, 0x65, 0x12, 0x0b, 0x4e, 0x49, 0x36, 0x61, 0x91, 0xa7,
-	0x1f, 0x20, 0x4f, 0x3d, 0x40, 0x6a, 0x38, 0xe1, 0x4c, 0xc5, 0xdd, 0x86, 0x55, 0xb9, 0x31, 0x3f,
-	0x11, 0x08, 0x8a, 0x39, 0x92, 0x6a, 0xed, 0xee, 0x40, 0x63, 0x0a, 0x34, 0xae, 0xd7, 0xa1, 0x28,
-	0x9f, 0x37, 0xd3, 0xa7, 0x57, 0xf9, 0x55, 0xe7, 0xee, 0x32, 0xd4, 0xba, 0x34, 0xce, 0x06, 0x9e,
-	0x7b, 0x6e, 0x41, 0xbd, 0xcb, 0xe2, 0xe9, 0xa8, 0xe9, 0xc2, 0x6a, 0x56, 0xbb, 0x2f, 0xba, 0x07,
-	0xbb, 0x41, 0x92, 0x85, 0xd2, 0xbc, 0x9c, 0x66, 0xf3, 0x12, 0x7b, 0x5a, 0xb1, 0x5d, 0x94, 0x53,
-	0x09, 0xcf, 0xc2, 0xd1, 0x57, 0x50, 0xee, 0x74, 0xda, 0xca, 0xd2, 0xe2, 0x9d, 0x2c, 0x65, 0x30,
-	0xf4, 0x0c, 0xca, 0x6f, 0xd5, 0x0f, 0x42, 0x6a, 0x26, 0xc7, 0x15, 0x25, 0xa7, 0x03, 0xd5, 0x6a,
-	0x98, 0xf4, 0x19, 0x1f, 0xe0, 0x0c, 0xb4, 0xf5, 0x67, 0x09, 0xaa, 0x9d, 0x4e, 0xbb, 0xcd, 0xe9,
-	0x20, 0x24, 0xe8, 0x57, 0x0b, 0xd0, 0xe5, 0x59, 0x8b, 0x3e, 0x9f, 0xdf, 0x41, 0x57, 0x3f, 0x18,
-	0xce, 0x17, 0x77, 0x44, 0x99, 0x5b, 0x7e, 0x07, 0x25, 0xd5, 0xe1, 0xe8, 0xd3, 0x5b, 0xce, 0x40,
-	0xa7, 0x75, 0xb3, 0xa2, 0xb1, 0xdd, 0x87, 0x4a, 0xd6, 0x25, 0x68, 0x63, 0x2e, 0xbd, 0x0b, 0x43,
-	0xc0, 0x79, 0x78, 0x2b, 0x5d, 0xe3, 0xe4, 0x07, 0x28, 0x9b, 0xe2, 0x47, 0x0f, 0x6e, 0xc0, 0x4d,
-	0xdb, 0xd0, 0xd9, 0xb8, 0x8d, 0xea, 0x34, 0x8c, 0xac, 0xc8, 0xe7, 0x86, 0x31, 0xd3, 0x42, 0x73,
-	0xc3, 0xb8, 0xd4, 0x35, 0x6f, 0xa1, 0x28, 0xbb, 0x01, 0xad, 0xcf, 0x01, 0xe5, 0xda, 0xc5, 0x99,
-	0x97, 0xae, 0x0b, 0x6d, 0xf4, 0xbd, 0xfc, 0xe5, 0x52, 0xcf, 0x48, 0x6b, 0x6e, 0xcc, 0xb9, 0x3f,
-	0x22, 0xe7, 0xc1, 0x2d, 0x34, 0xb5, 0xf9, 0x76, 0xfd, 0xfd, 0xf9, 0x9a, 0xf5, 0xd7, 0xf9, 0x9a,
-	0xf5, 0xcf, 0xf9, 0x9a, 0xd5, 0x5b, 0x52, 0xff, 0xb4, 0x8f, 0xff, 0x0b, 0x00, 0x00, 0xff, 0xff,
-	0x80, 0x7e, 0xd2, 0xb5, 0x25, 0x0c, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/pb/gateway.proto b/vendor/github.com/moby/buildkit/frontend/gateway/pb/gateway.proto
index 7699959e53748..5fc8a021f7e7b 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/pb/gateway.proto
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/pb/gateway.proto
@@ -26,20 +26,39 @@ service LLBBridge {
 	rpc StatFile(StatFileRequest) returns (StatFileResponse);
 	rpc Ping(PingRequest) returns (PongResponse);
 	rpc Return(ReturnRequest) returns (ReturnResponse);
+	// apicaps:CapFrontendInputs
+	rpc Inputs(InputsRequest) returns (InputsResponse);
+
+	rpc NewContainer(NewContainerRequest) returns (NewContainerResponse);
+	rpc ReleaseContainer(ReleaseContainerRequest) returns (ReleaseContainerResponse);
+	rpc ExecProcess(stream ExecMessage) returns (stream ExecMessage);  
 }
 
 message Result {
 	oneof result {
-		string ref = 1;
-		RefMap refs = 2;
+		// Deprecated non-array refs.
+		string refDeprecated = 1;
+		RefMapDeprecated refsDeprecated = 2;
+
+		Ref ref = 3;
+		RefMap refs = 4;
 	}
 	map<string, bytes> metadata = 10;
 }
 
-message RefMap {
+message RefMapDeprecated {
 	map<string, string> refs = 1;
 }
 
+message Ref {
+	string id = 1;
+	pb.Definition def = 2;
+}
+
+message RefMap {
+	map<string, Ref> refs = 1;
+}
+
 message ReturnRequest {
 	Result result = 1;
 	google.rpc.Status error = 2;
@@ -48,6 +67,13 @@ message ReturnRequest {
 message ReturnResponse {
 }
 
+message InputsRequest {
+}
+
+message InputsResponse {
+	map<string, pb.Definition> Definitions = 1;
+}
+
 message ResolveImageConfigRequest {
 	string Ref = 1;
 	pb.Platform Platform = 2;
@@ -64,12 +90,31 @@ message SolveRequest {
 	pb.Definition Definition = 1;
 	string Frontend = 2;
 	map<string, string> FrontendOpt = 3;
-	repeated string ImportCacheRefs = 4;
+	// ImportCacheRefsDeprecated is deprecated in favor or the new Imports since BuildKit v0.4.0.
+	// When ImportCacheRefsDeprecated is set, the solver appends
+	// {.Type = "registry", .Attrs = {"ref": importCacheRef}}
+	// for each of the ImportCacheRefs entry to CacheImports for compatibility. (planned to be removed)
+	repeated string ImportCacheRefsDeprecated = 4;
 	bool allowResultReturn = 5;
+	bool allowResultArrayRef = 6;
 	
 	// apicaps.CapSolveInlineReturn deprecated
 	bool Final = 10;
 	bytes ExporterAttr = 11;
+	// CacheImports was added in BuildKit v0.4.0.
+	// apicaps:CapImportCaches
+	repeated CacheOptionsEntry CacheImports = 12;
+
+	// apicaps:CapFrontendInputs
+	map<string, pb.Definition> FrontendInputs = 13;
+
+	bool Evaluate = 14;
+}
+
+// CacheOptionsEntry corresponds to the control.CacheOptionsEntry
+message CacheOptionsEntry {
+	string Type = 1;
+	map<string, string> Attrs = 2;
 }
 
 message SolveResponse {
@@ -122,4 +167,72 @@ message PongResponse{
 	repeated moby.buildkit.v1.apicaps.APICap FrontendAPICaps = 1 [(gogoproto.nullable) = false];
 	repeated moby.buildkit.v1.apicaps.APICap LLBCaps = 2 [(gogoproto.nullable) = false];
 	repeated moby.buildkit.v1.types.WorkerRecord Workers = 3;
-}
\ No newline at end of file
+}
+
+message NewContainerRequest {
+	string ContainerID = 1;
+	// For mount input values we can use random identifiers passed with ref
+	repeated pb.Mount Mounts = 2;
+	pb.NetMode Network = 3;
+	pb.Platform platform = 4;
+	pb.WorkerConstraints constraints = 5;
+}
+
+message NewContainerResponse{}
+
+message ReleaseContainerRequest {
+	string ContainerID = 1;
+}
+
+message ReleaseContainerResponse{}
+
+message ExecMessage {
+	string ProcessID = 1;
+	oneof Input {
+		// InitMessage sent from client to server will start a new process in a
+		// container
+		InitMessage Init = 2;
+		// FdMessage used from client to server for input (stdin) and 
+		// from server to client for output (stdout, stderr)
+		FdMessage File = 3;
+		// ResizeMessage used from client to server for terminal resize events
+		ResizeMessage Resize = 4;
+		// StartedMessage sent from server to client after InitMessage to
+		// indicate the process has started.
+		StartedMessage Started = 5;
+		// ExitMessage sent from server to client will contain the exit code
+		// when the process ends.
+		ExitMessage Exit = 6;
+		// DoneMessage from server to client will be the last message for any
+		// process.  Note that FdMessage might be sent after ExitMessage.
+		DoneMessage Done = 7;
+	}
+}
+
+message InitMessage{
+	string ContainerID = 1;
+	pb.Meta Meta = 2;
+	repeated uint32 Fds = 3;
+	bool Tty = 4;
+	pb.SecurityMode Security = 5;
+}
+
+message ExitMessage {
+	uint32 Code = 1;
+	google.rpc.Status Error = 2;
+}
+
+message StartedMessage{}
+
+message DoneMessage{}
+
+message FdMessage{
+	uint32 Fd = 1; // what fd the data was from
+	bool EOF = 2;  // true if eof was reached
+	bytes Data = 3;
+}
+
+message ResizeMessage{
+	uint32 Rows = 1;
+	uint32 Cols = 2;
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/pb/generate.go b/vendor/github.com/moby/buildkit/frontend/gateway/pb/generate.go
index 4ab07c6d4a75c..e17b9daf6b1a2 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/pb/generate.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/pb/generate.go
@@ -1,3 +1,3 @@
-package moby_buildkit_v1_frontend
+package moby_buildkit_v1_frontend //nolint:golint
 
 //go:generate protoc -I=. -I=../../../vendor/ -I=../../../../../../ --gogo_out=plugins=grpc:. gateway.proto
diff --git a/vendor/github.com/moby/buildkit/frontend/result.go b/vendor/github.com/moby/buildkit/frontend/result.go
index 37715de8a3f9f..5afc10c9f89fc 100644
--- a/vendor/github.com/moby/buildkit/frontend/result.go
+++ b/vendor/github.com/moby/buildkit/frontend/result.go
@@ -1,14 +1,16 @@
 package frontend
 
-import "github.com/moby/buildkit/solver"
+import (
+	"github.com/moby/buildkit/solver"
+)
 
 type Result struct {
-	Ref      solver.CachedResult
-	Refs     map[string]solver.CachedResult
+	Ref      solver.ResultProxy
+	Refs     map[string]solver.ResultProxy
 	Metadata map[string][]byte
 }
 
-func (r *Result) EachRef(fn func(solver.CachedResult) error) (err error) {
+func (r *Result) EachRef(fn func(solver.ResultProxy) error) (err error) {
 	if r.Ref != nil {
 		err = fn(r.Ref)
 	}
diff --git a/vendor/github.com/moby/buildkit/frontend/subrequests/describe.go b/vendor/github.com/moby/buildkit/frontend/subrequests/describe.go
new file mode 100644
index 0000000000000..cc8053ed24d65
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/subrequests/describe.go
@@ -0,0 +1,63 @@
+package subrequests
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/buildkit/frontend/gateway/client"
+	gwpb "github.com/moby/buildkit/frontend/gateway/pb"
+	"github.com/moby/buildkit/solver/errdefs"
+	"github.com/pkg/errors"
+)
+
+const RequestSubrequestsDescribe = "frontend.subrequests.describe"
+
+var SubrequestsDescribeDefinition = Request{
+	Name:        RequestSubrequestsDescribe,
+	Version:     "1.0.0",
+	Type:        TypeRPC,
+	Description: "List available subrequest types",
+	Metadata: []Named{
+		{
+			Name: "result.json",
+		},
+	},
+}
+
+func Describe(ctx context.Context, c client.Client) ([]Request, error) {
+	gwcaps := c.BuildOpts().Caps
+
+	if err := (&gwcaps).Supports(gwpb.CapFrontendCaps); err != nil {
+		return nil, errdefs.NewUnsupportedSubrequestError(RequestSubrequestsDescribe)
+	}
+
+	res, err := c.Solve(ctx, client.SolveRequest{
+		FrontendOpt: map[string]string{
+			"requestid":     RequestSubrequestsDescribe,
+			"frontend.caps": "moby.buildkit.frontend.subrequests",
+		},
+		Frontend: "dockerfile.v0",
+	})
+	if err != nil {
+		var reqErr *errdefs.UnsupportedSubrequestError
+		if errors.As(err, &reqErr) {
+			return nil, err
+		}
+		var capErr *errdefs.UnsupportedFrontendCapError
+		if errors.As(err, &capErr) {
+			return nil, errdefs.NewUnsupportedSubrequestError(RequestSubrequestsDescribe)
+		}
+		return nil, err
+	}
+
+	dt, ok := res.Metadata["result.json"]
+	if !ok {
+		return nil, errors.Errorf("no result.json metadata in response")
+	}
+
+	var reqs []Request
+	if err := json.Unmarshal(dt, &reqs); err != nil {
+		return nil, errors.Wrap(err, "failed to parse describe result")
+	}
+	return reqs, nil
+}
diff --git a/vendor/github.com/moby/buildkit/frontend/subrequests/types.go b/vendor/github.com/moby/buildkit/frontend/subrequests/types.go
new file mode 100644
index 0000000000000..db62afe1cdcae
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/frontend/subrequests/types.go
@@ -0,0 +1,21 @@
+package subrequests
+
+type Request struct {
+	Name        string      `json:"name"`
+	Version     string      `json:"version"`
+	Type        RequestType `json:"type"`
+	Description string      `json:"description"`
+	Opts        []Named     `json:"opts"`
+	Inputs      []Named     `json:"inputs"`
+	Metadata    []Named     `json:"metadata"`
+	Refs        []Named     `json:"refs"`
+}
+
+type Named struct {
+	Name        string `json:"name"`
+	Description string `json:"description"`
+}
+
+type RequestType string
+
+const TypeRPC RequestType = "rpc"
diff --git a/vendor/github.com/moby/buildkit/go.mod b/vendor/github.com/moby/buildkit/go.mod
new file mode 100644
index 0000000000000..c00473bf13d77
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/go.mod
@@ -0,0 +1,83 @@
+module github.com/moby/buildkit
+
+go 1.13
+
+require (
+	github.com/BurntSushi/toml v0.3.1
+	github.com/Microsoft/go-winio v0.4.17
+	github.com/Microsoft/hcsshim v0.8.16
+	github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect
+	github.com/containerd/console v1.0.2
+	github.com/containerd/containerd v1.5.2
+	github.com/containerd/continuity v0.1.0
+	github.com/containerd/fuse-overlayfs-snapshotter v1.0.2
+	github.com/containerd/go-cni v1.0.2
+	github.com/containerd/go-runc v1.0.0
+	github.com/containerd/stargz-snapshotter v0.6.4
+	github.com/containerd/typeurl v1.0.2
+	github.com/coreos/go-systemd/v22 v22.3.2
+	github.com/docker/cli v20.10.7+incompatible
+	github.com/docker/distribution v2.7.1+incompatible
+	// docker: the actual version is replaced in replace()
+	github.com/docker/docker v20.10.7+incompatible // master (v21.xx-dev)
+	github.com/docker/go-connections v0.4.0
+	github.com/gofrs/flock v0.7.3
+	github.com/gogo/googleapis v1.4.0
+	github.com/gogo/protobuf v1.3.2
+	// protobuf: the actual version is replaced in replace()
+	github.com/golang/protobuf v1.4.3
+	github.com/google/go-cmp v0.5.4
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.2.0
+	github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645
+	github.com/hashicorp/go-immutable-radix v1.0.0
+	github.com/hashicorp/golang-lru v0.5.3
+	github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c // indirect
+	github.com/ishidawataru/sctp v0.0.0-20210226210310-f2269e66cdee // indirect
+	github.com/jaguilar/vt100 v0.0.0-20150826170717-2703a27b14ea
+	github.com/mitchellh/hashstructure v1.0.0
+	github.com/moby/locker v1.0.1
+	github.com/moby/sys/mount v0.2.0 // indirect
+	github.com/moby/term v0.0.0-20201110203204-bea5bbe245bf // indirect
+	github.com/morikuni/aec v1.0.0
+	github.com/opencontainers/go-digest v1.0.0
+	github.com/opencontainers/image-spec v1.0.1
+	github.com/opencontainers/runc v1.0.0-rc93
+	github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d
+	github.com/opencontainers/selinux v1.8.0
+	github.com/opentracing-contrib/go-stdlib v1.0.0
+	github.com/opentracing/opentracing-go v1.2.0
+	github.com/pkg/errors v0.9.1
+	github.com/pkg/profile v1.5.0
+	github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002
+	github.com/sirupsen/logrus v1.8.1
+	github.com/stretchr/testify v1.7.0
+	github.com/tonistiigi/fsutil v0.0.0-20210609172227-d72af97c0eaf
+	github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea
+	github.com/uber/jaeger-client-go v2.25.0+incompatible
+	github.com/uber/jaeger-lib v2.2.0+incompatible // indirect
+	github.com/urfave/cli v1.22.2
+	go.etcd.io/bbolt v1.3.5
+	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57
+	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
+	// genproto: the actual version is replaced in replace()
+	google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a
+	// grpc: the actual version is replaced in replace()
+	google.golang.org/grpc v1.35.0
+)
+
+replace (
+	github.com/docker/docker => github.com/docker/docker v20.10.3-0.20210609100121-ef4d47340142+incompatible
+	// protobuf: corresponds to containerd
+	github.com/golang/protobuf => github.com/golang/protobuf v1.3.5
+	github.com/hashicorp/go-immutable-radix => github.com/tonistiigi/go-immutable-radix v0.0.0-20170803185627-826af9ccf0fe
+	github.com/jaguilar/vt100 => github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305
+	// genproto: corresponds to containerd
+	google.golang.org/genproto => google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
+	// grpc: corresponds to protobuf
+	google.golang.org/grpc => google.golang.org/grpc v1.30.0
+)
diff --git a/vendor/github.com/moby/buildkit/session/auth/auth.go b/vendor/github.com/moby/buildkit/session/auth/auth.go
index 2b96a7cef1a33..85e6f68053ada 100644
--- a/vendor/github.com/moby/buildkit/session/auth/auth.go
+++ b/vendor/github.com/moby/buildkit/session/auth/auth.go
@@ -2,25 +2,129 @@ package auth
 
 import (
 	"context"
+	"crypto/subtle"
+	"math/rand"
+	"sync"
 
 	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/util/grpcerrors"
+	"github.com/pkg/errors"
+	"golang.org/x/crypto/nacl/sign"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )
 
-func CredentialsFunc(ctx context.Context, c session.Caller) func(string) (string, string, error) {
-	return func(host string) (string, string, error) {
+var salt []byte
+var saltOnce sync.Once
+
+// getSalt returns unique component per daemon restart to avoid persistent keys
+func getSalt() []byte {
+	saltOnce.Do(func() {
+		salt = make([]byte, 32)
+		rand.Read(salt)
+	})
+	return salt
+}
+
+func CredentialsFunc(sm *session.Manager, g session.Group) func(string) (session, username, secret string, err error) {
+	return func(host string) (string, string, string, error) {
+		var sessionID, user, secret string
+		err := sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
+			client := NewAuthClient(c.Conn())
+
+			resp, err := client.Credentials(ctx, &CredentialsRequest{
+				Host: host,
+			})
+			if err != nil {
+				if grpcerrors.Code(err) == codes.Unimplemented {
+					return nil
+				}
+				return err
+			}
+			sessionID = id
+			user = resp.Username
+			secret = resp.Secret
+			return nil
+		})
+		if err != nil {
+			return "", "", "", err
+		}
+		return sessionID, user, secret, nil
+	}
+}
+
+func FetchToken(ctx context.Context, req *FetchTokenRequest, sm *session.Manager, g session.Group) (resp *FetchTokenResponse, err error) {
+	err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
+		client := NewAuthClient(c.Conn())
+
+		resp, err = client.FetchToken(ctx, req)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func VerifyTokenAuthority(ctx context.Context, host string, pubKey *[32]byte, sm *session.Manager, g session.Group) (sessionID string, ok bool, err error) {
+	var verified bool
+	err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
 		client := NewAuthClient(c.Conn())
 
-		resp, err := client.Credentials(ctx, &CredentialsRequest{
+		payload := make([]byte, 32)
+		rand.Read(payload)
+		resp, err := client.VerifyTokenAuthority(ctx, &VerifyTokenAuthorityRequest{
+			Host:    host,
+			Salt:    getSalt(),
+			Payload: payload,
+		})
+		if err != nil {
+			if grpcerrors.Code(err) == codes.Unimplemented {
+				return nil
+			}
+			return err
+		}
+		var dt []byte
+		dt, ok = sign.Open(nil, resp.Signed, pubKey)
+		if ok && subtle.ConstantTimeCompare(dt, payload) == 1 {
+			verified = true
+		}
+		sessionID = id
+		return nil
+	})
+	if err != nil {
+		return "", false, err
+	}
+	return sessionID, verified, nil
+}
+
+func GetTokenAuthority(ctx context.Context, host string, sm *session.Manager, g session.Group) (sessionID string, pubKey *[32]byte, err error) {
+	err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
+		client := NewAuthClient(c.Conn())
+
+		resp, err := client.GetTokenAuthority(ctx, &GetTokenAuthorityRequest{
 			Host: host,
+			Salt: getSalt(),
 		})
 		if err != nil {
-			if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented {
-				return "", "", nil
+			if grpcerrors.Code(err) == codes.Unimplemented || grpcerrors.Code(err) == codes.Unavailable {
+				return nil
 			}
-			return "", "", err
+			return err
+		}
+		if len(resp.PublicKey) != 32 {
+			return errors.Errorf("invalid pubkey length %d", len(pubKey))
 		}
-		return resp.Username, resp.Secret, nil
+
+		sessionID = id
+		pubKey = new([32]byte)
+		copy((*pubKey)[:], resp.PublicKey)
+		return nil
+	})
+	if err != nil {
+		return "", nil, err
 	}
+	return sessionID, pubKey, nil
 }
diff --git a/vendor/github.com/moby/buildkit/session/auth/auth.pb.go b/vendor/github.com/moby/buildkit/session/auth/auth.pb.go
index 8993b85b96eda..e23a07fc8a2a9 100644
--- a/vendor/github.com/moby/buildkit/session/auth/auth.pb.go
+++ b/vendor/github.com/moby/buildkit/session/auth/auth.pb.go
@@ -1,29 +1,22 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: auth.proto
 
-/*
-	Package auth is a generated protocol buffer package.
-
-	It is generated from these files:
-		auth.proto
-
-	It has these top-level messages:
-		CredentialsRequest
-		CredentialsResponse
-*/
 package auth
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import strings "strings"
-import reflect "reflect"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import io "io"
+import (
+	bytes "bytes"
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -34,15 +27,43 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type CredentialsRequest struct {
 	Host string `protobuf:"bytes,1,opt,name=Host,proto3" json:"Host,omitempty"`
 }
 
-func (m *CredentialsRequest) Reset()                    { *m = CredentialsRequest{} }
-func (*CredentialsRequest) ProtoMessage()               {}
-func (*CredentialsRequest) Descriptor() ([]byte, []int) { return fileDescriptorAuth, []int{0} }
+func (m *CredentialsRequest) Reset()      { *m = CredentialsRequest{} }
+func (*CredentialsRequest) ProtoMessage() {}
+func (*CredentialsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8bbd6f3875b0e874, []int{0}
+}
+func (m *CredentialsRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CredentialsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CredentialsRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CredentialsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CredentialsRequest.Merge(m, src)
+}
+func (m *CredentialsRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CredentialsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CredentialsRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CredentialsRequest proto.InternalMessageInfo
 
 func (m *CredentialsRequest) GetHost() string {
 	if m != nil {
@@ -56,9 +77,37 @@ type CredentialsResponse struct {
 	Secret   string `protobuf:"bytes,2,opt,name=Secret,proto3" json:"Secret,omitempty"`
 }
 
-func (m *CredentialsResponse) Reset()                    { *m = CredentialsResponse{} }
-func (*CredentialsResponse) ProtoMessage()               {}
-func (*CredentialsResponse) Descriptor() ([]byte, []int) { return fileDescriptorAuth, []int{1} }
+func (m *CredentialsResponse) Reset()      { *m = CredentialsResponse{} }
+func (*CredentialsResponse) ProtoMessage() {}
+func (*CredentialsResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8bbd6f3875b0e874, []int{1}
+}
+func (m *CredentialsResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CredentialsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CredentialsResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CredentialsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CredentialsResponse.Merge(m, src)
+}
+func (m *CredentialsResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CredentialsResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CredentialsResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CredentialsResponse proto.InternalMessageInfo
 
 func (m *CredentialsResponse) GetUsername() string {
 	if m != nil {
@@ -74,10 +123,386 @@ func (m *CredentialsResponse) GetSecret() string {
 	return ""
 }
 
+type FetchTokenRequest struct {
+	ClientID string   `protobuf:"bytes,1,opt,name=ClientID,proto3" json:"ClientID,omitempty"`
+	Host     string   `protobuf:"bytes,2,opt,name=Host,proto3" json:"Host,omitempty"`
+	Realm    string   `protobuf:"bytes,3,opt,name=Realm,proto3" json:"Realm,omitempty"`
+	Service  string   `protobuf:"bytes,4,opt,name=Service,proto3" json:"Service,omitempty"`
+	Scopes   []string `protobuf:"bytes,5,rep,name=Scopes,proto3" json:"Scopes,omitempty"`
+}
+
+func (m *FetchTokenRequest) Reset()      { *m = FetchTokenRequest{} }
+func (*FetchTokenRequest) ProtoMessage() {}
+func (*FetchTokenRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8bbd6f3875b0e874, []int{2}
+}
+func (m *FetchTokenRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FetchTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_FetchTokenRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *FetchTokenRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FetchTokenRequest.Merge(m, src)
+}
+func (m *FetchTokenRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *FetchTokenRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_FetchTokenRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FetchTokenRequest proto.InternalMessageInfo
+
+func (m *FetchTokenRequest) GetClientID() string {
+	if m != nil {
+		return m.ClientID
+	}
+	return ""
+}
+
+func (m *FetchTokenRequest) GetHost() string {
+	if m != nil {
+		return m.Host
+	}
+	return ""
+}
+
+func (m *FetchTokenRequest) GetRealm() string {
+	if m != nil {
+		return m.Realm
+	}
+	return ""
+}
+
+func (m *FetchTokenRequest) GetService() string {
+	if m != nil {
+		return m.Service
+	}
+	return ""
+}
+
+func (m *FetchTokenRequest) GetScopes() []string {
+	if m != nil {
+		return m.Scopes
+	}
+	return nil
+}
+
+type FetchTokenResponse struct {
+	Token     string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"`
+	ExpiresIn int64  `protobuf:"varint,2,opt,name=ExpiresIn,proto3" json:"ExpiresIn,omitempty"`
+	IssuedAt  int64  `protobuf:"varint,3,opt,name=IssuedAt,proto3" json:"IssuedAt,omitempty"`
+}
+
+func (m *FetchTokenResponse) Reset()      { *m = FetchTokenResponse{} }
+func (*FetchTokenResponse) ProtoMessage() {}
+func (*FetchTokenResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8bbd6f3875b0e874, []int{3}
+}
+func (m *FetchTokenResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FetchTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_FetchTokenResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *FetchTokenResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FetchTokenResponse.Merge(m, src)
+}
+func (m *FetchTokenResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *FetchTokenResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_FetchTokenResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FetchTokenResponse proto.InternalMessageInfo
+
+func (m *FetchTokenResponse) GetToken() string {
+	if m != nil {
+		return m.Token
+	}
+	return ""
+}
+
+func (m *FetchTokenResponse) GetExpiresIn() int64 {
+	if m != nil {
+		return m.ExpiresIn
+	}
+	return 0
+}
+
+func (m *FetchTokenResponse) GetIssuedAt() int64 {
+	if m != nil {
+		return m.IssuedAt
+	}
+	return 0
+}
+
+type GetTokenAuthorityRequest struct {
+	Host string `protobuf:"bytes,1,opt,name=Host,proto3" json:"Host,omitempty"`
+	Salt []byte `protobuf:"bytes,2,opt,name=Salt,proto3" json:"Salt,omitempty"`
+}
+
+func (m *GetTokenAuthorityRequest) Reset()      { *m = GetTokenAuthorityRequest{} }
+func (*GetTokenAuthorityRequest) ProtoMessage() {}
+func (*GetTokenAuthorityRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8bbd6f3875b0e874, []int{4}
+}
+func (m *GetTokenAuthorityRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetTokenAuthorityRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetTokenAuthorityRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetTokenAuthorityRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetTokenAuthorityRequest.Merge(m, src)
+}
+func (m *GetTokenAuthorityRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetTokenAuthorityRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetTokenAuthorityRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetTokenAuthorityRequest proto.InternalMessageInfo
+
+func (m *GetTokenAuthorityRequest) GetHost() string {
+	if m != nil {
+		return m.Host
+	}
+	return ""
+}
+
+func (m *GetTokenAuthorityRequest) GetSalt() []byte {
+	if m != nil {
+		return m.Salt
+	}
+	return nil
+}
+
+type GetTokenAuthorityResponse struct {
+	PublicKey []byte `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"PublicKey,omitempty"`
+}
+
+func (m *GetTokenAuthorityResponse) Reset()      { *m = GetTokenAuthorityResponse{} }
+func (*GetTokenAuthorityResponse) ProtoMessage() {}
+func (*GetTokenAuthorityResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8bbd6f3875b0e874, []int{5}
+}
+func (m *GetTokenAuthorityResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetTokenAuthorityResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetTokenAuthorityResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetTokenAuthorityResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetTokenAuthorityResponse.Merge(m, src)
+}
+func (m *GetTokenAuthorityResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetTokenAuthorityResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetTokenAuthorityResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetTokenAuthorityResponse proto.InternalMessageInfo
+
+func (m *GetTokenAuthorityResponse) GetPublicKey() []byte {
+	if m != nil {
+		return m.PublicKey
+	}
+	return nil
+}
+
+type VerifyTokenAuthorityRequest struct {
+	Host    string `protobuf:"bytes,1,opt,name=Host,proto3" json:"Host,omitempty"`
+	Payload []byte `protobuf:"bytes,2,opt,name=Payload,proto3" json:"Payload,omitempty"`
+	Salt    []byte `protobuf:"bytes,3,opt,name=Salt,proto3" json:"Salt,omitempty"`
+}
+
+func (m *VerifyTokenAuthorityRequest) Reset()      { *m = VerifyTokenAuthorityRequest{} }
+func (*VerifyTokenAuthorityRequest) ProtoMessage() {}
+func (*VerifyTokenAuthorityRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8bbd6f3875b0e874, []int{6}
+}
+func (m *VerifyTokenAuthorityRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *VerifyTokenAuthorityRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_VerifyTokenAuthorityRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *VerifyTokenAuthorityRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_VerifyTokenAuthorityRequest.Merge(m, src)
+}
+func (m *VerifyTokenAuthorityRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *VerifyTokenAuthorityRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_VerifyTokenAuthorityRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_VerifyTokenAuthorityRequest proto.InternalMessageInfo
+
+func (m *VerifyTokenAuthorityRequest) GetHost() string {
+	if m != nil {
+		return m.Host
+	}
+	return ""
+}
+
+func (m *VerifyTokenAuthorityRequest) GetPayload() []byte {
+	if m != nil {
+		return m.Payload
+	}
+	return nil
+}
+
+func (m *VerifyTokenAuthorityRequest) GetSalt() []byte {
+	if m != nil {
+		return m.Salt
+	}
+	return nil
+}
+
+type VerifyTokenAuthorityResponse struct {
+	Signed []byte `protobuf:"bytes,1,opt,name=Signed,proto3" json:"Signed,omitempty"`
+}
+
+func (m *VerifyTokenAuthorityResponse) Reset()      { *m = VerifyTokenAuthorityResponse{} }
+func (*VerifyTokenAuthorityResponse) ProtoMessage() {}
+func (*VerifyTokenAuthorityResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8bbd6f3875b0e874, []int{7}
+}
+func (m *VerifyTokenAuthorityResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *VerifyTokenAuthorityResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_VerifyTokenAuthorityResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *VerifyTokenAuthorityResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_VerifyTokenAuthorityResponse.Merge(m, src)
+}
+func (m *VerifyTokenAuthorityResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *VerifyTokenAuthorityResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_VerifyTokenAuthorityResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_VerifyTokenAuthorityResponse proto.InternalMessageInfo
+
+func (m *VerifyTokenAuthorityResponse) GetSigned() []byte {
+	if m != nil {
+		return m.Signed
+	}
+	return nil
+}
+
 func init() {
 	proto.RegisterType((*CredentialsRequest)(nil), "moby.filesync.v1.CredentialsRequest")
 	proto.RegisterType((*CredentialsResponse)(nil), "moby.filesync.v1.CredentialsResponse")
+	proto.RegisterType((*FetchTokenRequest)(nil), "moby.filesync.v1.FetchTokenRequest")
+	proto.RegisterType((*FetchTokenResponse)(nil), "moby.filesync.v1.FetchTokenResponse")
+	proto.RegisterType((*GetTokenAuthorityRequest)(nil), "moby.filesync.v1.GetTokenAuthorityRequest")
+	proto.RegisterType((*GetTokenAuthorityResponse)(nil), "moby.filesync.v1.GetTokenAuthorityResponse")
+	proto.RegisterType((*VerifyTokenAuthorityRequest)(nil), "moby.filesync.v1.VerifyTokenAuthorityRequest")
+	proto.RegisterType((*VerifyTokenAuthorityResponse)(nil), "moby.filesync.v1.VerifyTokenAuthorityResponse")
+}
+
+func init() { proto.RegisterFile("auth.proto", fileDescriptor_8bbd6f3875b0e874) }
+
+var fileDescriptor_8bbd6f3875b0e874 = []byte{
+	// 513 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x94, 0xcd, 0x6e, 0xd3, 0x40,
+	0x10, 0xc7, 0xbd, 0x75, 0xd2, 0x36, 0x43, 0x0f, 0x74, 0x89, 0x90, 0x31, 0xd1, 0xaa, 0x32, 0x45,
+	0xaa, 0x40, 0x58, 0x02, 0x24, 0x24, 0xb8, 0xb5, 0xe5, 0x2b, 0xe2, 0x52, 0x39, 0x7c, 0x48, 0xbd,
+	0x20, 0xc7, 0x9e, 0x12, 0x0b, 0xc7, 0x0e, 0xde, 0x75, 0x85, 0x6f, 0xdc, 0xb9, 0xf0, 0x08, 0x1c,
+	0x79, 0x14, 0x8e, 0x39, 0xf6, 0x48, 0x9c, 0x0b, 0xc7, 0x3c, 0x02, 0xf2, 0x66, 0x9d, 0x04, 0x1c,
+	0xd2, 0xdc, 0xfc, 0x1f, 0xff, 0x77, 0xe6, 0xb7, 0x33, 0xa3, 0x05, 0x70, 0x53, 0xd1, 0xb3, 0x07,
+	0x49, 0x2c, 0x62, 0x7a, 0xb5, 0x1f, 0x77, 0x33, 0xfb, 0x2c, 0x08, 0x91, 0x67, 0x91, 0x67, 0x9f,
+	0xdf, 0xb7, 0x0e, 0x80, 0x1e, 0x27, 0xe8, 0x63, 0x24, 0x02, 0x37, 0xe4, 0x0e, 0x7e, 0x4a, 0x91,
+	0x0b, 0x4a, 0xa1, 0xf6, 0x32, 0xe6, 0xc2, 0x20, 0x7b, 0xe4, 0xa0, 0xe1, 0xc8, 0x6f, 0xab, 0x0d,
+	0xd7, 0xfe, 0x72, 0xf2, 0x41, 0x1c, 0x71, 0xa4, 0x26, 0x6c, 0xbf, 0xe1, 0x98, 0x44, 0x6e, 0x1f,
+	0x95, 0x7d, 0xa6, 0xe9, 0x75, 0xd8, 0xec, 0xa0, 0x97, 0xa0, 0x30, 0x36, 0xe4, 0x1f, 0xa5, 0xac,
+	0xaf, 0x04, 0x76, 0x9f, 0xa3, 0xf0, 0x7a, 0xaf, 0xe3, 0x8f, 0x18, 0x95, 0x45, 0x4d, 0xd8, 0x3e,
+	0x0e, 0x03, 0x8c, 0x44, 0xfb, 0x69, 0x99, 0xa9, 0xd4, 0x33, 0xa0, 0x8d, 0x39, 0x10, 0x6d, 0x42,
+	0xdd, 0x41, 0x37, 0xec, 0x1b, 0xba, 0x0c, 0x4e, 0x05, 0x35, 0x60, 0xab, 0x83, 0xc9, 0x79, 0xe0,
+	0xa1, 0x51, 0x93, 0xf1, 0x52, 0x4a, 0x1a, 0x2f, 0x1e, 0x20, 0x37, 0xea, 0x7b, 0xba, 0xa4, 0x91,
+	0xca, 0xf2, 0x81, 0x2e, 0xc2, 0xa8, 0x7b, 0x35, 0xa1, 0x2e, 0x03, 0x0a, 0x65, 0x2a, 0x68, 0x0b,
+	0x1a, 0xcf, 0x3e, 0x0f, 0x82, 0x04, 0x79, 0x3b, 0x92, 0x30, 0xba, 0x33, 0x0f, 0x14, 0x37, 0x68,
+	0x73, 0x9e, 0xa2, 0x7f, 0x28, 0x24, 0x94, 0xee, 0xcc, 0xb4, 0x75, 0x04, 0xc6, 0x0b, 0x14, 0x32,
+	0xcb, 0x61, 0x2a, 0x7a, 0x71, 0x12, 0x88, 0x6c, 0x45, 0xbb, 0x8b, 0x58, 0xc7, 0x0d, 0xa7, 0x37,
+	0xde, 0x71, 0xe4, 0xb7, 0xf5, 0x18, 0x6e, 0x2c, 0xc9, 0xa1, 0x80, 0x5b, 0xd0, 0x38, 0x49, 0xbb,
+	0x61, 0xe0, 0xbd, 0xc2, 0x4c, 0x66, 0xda, 0x71, 0xe6, 0x01, 0xeb, 0x3d, 0xdc, 0x7c, 0x8b, 0x49,
+	0x70, 0x96, 0xad, 0x4f, 0x60, 0xc0, 0xd6, 0x89, 0x9b, 0x85, 0xb1, 0xeb, 0x2b, 0x88, 0x52, 0xce,
+	0xd8, 0xf4, 0x05, 0xb6, 0x47, 0xd0, 0x5a, 0x5e, 0x40, 0xe1, 0x15, 0xdd, 0x0f, 0x3e, 0x44, 0xe8,
+	0x2b, 0x36, 0xa5, 0x1e, 0x7c, 0xd7, 0xa1, 0x56, 0xb8, 0xe9, 0x29, 0x5c, 0x59, 0xd8, 0x2f, 0xba,
+	0x6f, 0xff, 0xbb, 0xab, 0x76, 0x75, 0x51, 0xcd, 0xdb, 0x97, 0xb8, 0x54, 0xf1, 0x77, 0x00, 0xf3,
+	0x11, 0xd3, 0x5b, 0xd5, 0x43, 0x95, 0x6d, 0x34, 0xf7, 0x57, 0x9b, 0x54, 0xe2, 0x10, 0x76, 0x2b,
+	0x13, 0xa1, 0x77, 0xaa, 0x47, 0xff, 0x37, 0x7a, 0xf3, 0xee, 0x5a, 0x5e, 0x55, 0x2d, 0x85, 0xe6,
+	0xb2, 0x1e, 0xd3, 0x7b, 0xd5, 0x24, 0x2b, 0x86, 0x6d, 0xda, 0xeb, 0xda, 0xa7, 0x65, 0x8f, 0x9e,
+	0x0c, 0x47, 0x4c, 0xbb, 0x18, 0x31, 0x6d, 0x32, 0x62, 0xe4, 0x4b, 0xce, 0xc8, 0x8f, 0x9c, 0x91,
+	0x9f, 0x39, 0x23, 0xc3, 0x9c, 0x91, 0x5f, 0x39, 0x23, 0xbf, 0x73, 0xa6, 0x4d, 0x72, 0x46, 0xbe,
+	0x8d, 0x99, 0x36, 0x1c, 0x33, 0xed, 0x62, 0xcc, 0xb4, 0xd3, 0x5a, 0xf1, 0xee, 0x74, 0x37, 0xe5,
+	0xc3, 0xf3, 0xf0, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xba, 0xb3, 0x18, 0x70, 0x86, 0x04, 0x00,
+	0x00,
 }
+
 func (this *CredentialsRequest) Equal(that interface{}) bool {
 	if that == nil {
 		return this == nil
@@ -129,37 +554,282 @@ func (this *CredentialsResponse) Equal(that interface{}) bool {
 	}
 	return true
 }
-func (this *CredentialsRequest) GoString() string {
-	if this == nil {
-		return "nil"
+func (this *FetchTokenRequest) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
 	}
-	s := make([]string, 0, 5)
-	s = append(s, "&auth.CredentialsRequest{")
-	s = append(s, "Host: "+fmt.Sprintf("%#v", this.Host)+",\n")
-	s = append(s, "}")
-	return strings.Join(s, "")
-}
-func (this *CredentialsResponse) GoString() string {
-	if this == nil {
-		return "nil"
+
+	that1, ok := that.(*FetchTokenRequest)
+	if !ok {
+		that2, ok := that.(FetchTokenRequest)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
 	}
-	s := make([]string, 0, 6)
-	s = append(s, "&auth.CredentialsResponse{")
-	s = append(s, "Username: "+fmt.Sprintf("%#v", this.Username)+",\n")
-	s = append(s, "Secret: "+fmt.Sprintf("%#v", this.Secret)+",\n")
-	s = append(s, "}")
-	return strings.Join(s, "")
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.ClientID != that1.ClientID {
+		return false
+	}
+	if this.Host != that1.Host {
+		return false
+	}
+	if this.Realm != that1.Realm {
+		return false
+	}
+	if this.Service != that1.Service {
+		return false
+	}
+	if len(this.Scopes) != len(that1.Scopes) {
+		return false
+	}
+	for i := range this.Scopes {
+		if this.Scopes[i] != that1.Scopes[i] {
+			return false
+		}
+	}
+	return true
 }
-func valueToGoStringAuth(v interface{}, typ string) string {
-	rv := reflect.ValueOf(v)
-	if rv.IsNil() {
-		return "nil"
+func (this *FetchTokenResponse) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
 	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
+
+	that1, ok := that.(*FetchTokenResponse)
+	if !ok {
+		that2, ok := that.(FetchTokenResponse)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Token != that1.Token {
+		return false
+	}
+	if this.ExpiresIn != that1.ExpiresIn {
+		return false
+	}
+	if this.IssuedAt != that1.IssuedAt {
+		return false
+	}
+	return true
 }
+func (this *GetTokenAuthorityRequest) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
 
-// Reference imports to suppress errors if they are not otherwise used.
+	that1, ok := that.(*GetTokenAuthorityRequest)
+	if !ok {
+		that2, ok := that.(GetTokenAuthorityRequest)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Host != that1.Host {
+		return false
+	}
+	if !bytes.Equal(this.Salt, that1.Salt) {
+		return false
+	}
+	return true
+}
+func (this *GetTokenAuthorityResponse) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*GetTokenAuthorityResponse)
+	if !ok {
+		that2, ok := that.(GetTokenAuthorityResponse)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if !bytes.Equal(this.PublicKey, that1.PublicKey) {
+		return false
+	}
+	return true
+}
+func (this *VerifyTokenAuthorityRequest) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*VerifyTokenAuthorityRequest)
+	if !ok {
+		that2, ok := that.(VerifyTokenAuthorityRequest)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if this.Host != that1.Host {
+		return false
+	}
+	if !bytes.Equal(this.Payload, that1.Payload) {
+		return false
+	}
+	if !bytes.Equal(this.Salt, that1.Salt) {
+		return false
+	}
+	return true
+}
+func (this *VerifyTokenAuthorityResponse) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*VerifyTokenAuthorityResponse)
+	if !ok {
+		that2, ok := that.(VerifyTokenAuthorityResponse)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if !bytes.Equal(this.Signed, that1.Signed) {
+		return false
+	}
+	return true
+}
+func (this *CredentialsRequest) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 5)
+	s = append(s, "&auth.CredentialsRequest{")
+	s = append(s, "Host: "+fmt.Sprintf("%#v", this.Host)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *CredentialsResponse) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 6)
+	s = append(s, "&auth.CredentialsResponse{")
+	s = append(s, "Username: "+fmt.Sprintf("%#v", this.Username)+",\n")
+	s = append(s, "Secret: "+fmt.Sprintf("%#v", this.Secret)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *FetchTokenRequest) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 9)
+	s = append(s, "&auth.FetchTokenRequest{")
+	s = append(s, "ClientID: "+fmt.Sprintf("%#v", this.ClientID)+",\n")
+	s = append(s, "Host: "+fmt.Sprintf("%#v", this.Host)+",\n")
+	s = append(s, "Realm: "+fmt.Sprintf("%#v", this.Realm)+",\n")
+	s = append(s, "Service: "+fmt.Sprintf("%#v", this.Service)+",\n")
+	s = append(s, "Scopes: "+fmt.Sprintf("%#v", this.Scopes)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *FetchTokenResponse) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 7)
+	s = append(s, "&auth.FetchTokenResponse{")
+	s = append(s, "Token: "+fmt.Sprintf("%#v", this.Token)+",\n")
+	s = append(s, "ExpiresIn: "+fmt.Sprintf("%#v", this.ExpiresIn)+",\n")
+	s = append(s, "IssuedAt: "+fmt.Sprintf("%#v", this.IssuedAt)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *GetTokenAuthorityRequest) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 6)
+	s = append(s, "&auth.GetTokenAuthorityRequest{")
+	s = append(s, "Host: "+fmt.Sprintf("%#v", this.Host)+",\n")
+	s = append(s, "Salt: "+fmt.Sprintf("%#v", this.Salt)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *GetTokenAuthorityResponse) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 5)
+	s = append(s, "&auth.GetTokenAuthorityResponse{")
+	s = append(s, "PublicKey: "+fmt.Sprintf("%#v", this.PublicKey)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *VerifyTokenAuthorityRequest) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 7)
+	s = append(s, "&auth.VerifyTokenAuthorityRequest{")
+	s = append(s, "Host: "+fmt.Sprintf("%#v", this.Host)+",\n")
+	s = append(s, "Payload: "+fmt.Sprintf("%#v", this.Payload)+",\n")
+	s = append(s, "Salt: "+fmt.Sprintf("%#v", this.Salt)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func (this *VerifyTokenAuthorityResponse) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 5)
+	s = append(s, "&auth.VerifyTokenAuthorityResponse{")
+	s = append(s, "Signed: "+fmt.Sprintf("%#v", this.Signed)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func valueToGoStringAuth(v interface{}, typ string) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ grpc.ClientConn
 
@@ -167,10 +837,14 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Auth service
-
+// AuthClient is the client API for Auth service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type AuthClient interface {
 	Credentials(ctx context.Context, in *CredentialsRequest, opts ...grpc.CallOption) (*CredentialsResponse, error)
+	FetchToken(ctx context.Context, in *FetchTokenRequest, opts ...grpc.CallOption) (*FetchTokenResponse, error)
+	GetTokenAuthority(ctx context.Context, in *GetTokenAuthorityRequest, opts ...grpc.CallOption) (*GetTokenAuthorityResponse, error)
+	VerifyTokenAuthority(ctx context.Context, in *VerifyTokenAuthorityRequest, opts ...grpc.CallOption) (*VerifyTokenAuthorityResponse, error)
 }
 
 type authClient struct {
@@ -183,17 +857,63 @@ func NewAuthClient(cc *grpc.ClientConn) AuthClient {
 
 func (c *authClient) Credentials(ctx context.Context, in *CredentialsRequest, opts ...grpc.CallOption) (*CredentialsResponse, error) {
 	out := new(CredentialsResponse)
-	err := grpc.Invoke(ctx, "/moby.filesync.v1.Auth/Credentials", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/moby.filesync.v1.Auth/Credentials", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authClient) FetchToken(ctx context.Context, in *FetchTokenRequest, opts ...grpc.CallOption) (*FetchTokenResponse, error) {
+	out := new(FetchTokenResponse)
+	err := c.cc.Invoke(ctx, "/moby.filesync.v1.Auth/FetchToken", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authClient) GetTokenAuthority(ctx context.Context, in *GetTokenAuthorityRequest, opts ...grpc.CallOption) (*GetTokenAuthorityResponse, error) {
+	out := new(GetTokenAuthorityResponse)
+	err := c.cc.Invoke(ctx, "/moby.filesync.v1.Auth/GetTokenAuthority", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Auth service
+func (c *authClient) VerifyTokenAuthority(ctx context.Context, in *VerifyTokenAuthorityRequest, opts ...grpc.CallOption) (*VerifyTokenAuthorityResponse, error) {
+	out := new(VerifyTokenAuthorityResponse)
+	err := c.cc.Invoke(ctx, "/moby.filesync.v1.Auth/VerifyTokenAuthority", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
 
+// AuthServer is the server API for Auth service.
 type AuthServer interface {
 	Credentials(context.Context, *CredentialsRequest) (*CredentialsResponse, error)
+	FetchToken(context.Context, *FetchTokenRequest) (*FetchTokenResponse, error)
+	GetTokenAuthority(context.Context, *GetTokenAuthorityRequest) (*GetTokenAuthorityResponse, error)
+	VerifyTokenAuthority(context.Context, *VerifyTokenAuthorityRequest) (*VerifyTokenAuthorityResponse, error)
+}
+
+// UnimplementedAuthServer can be embedded to have forward compatible implementations.
+type UnimplementedAuthServer struct {
+}
+
+func (*UnimplementedAuthServer) Credentials(ctx context.Context, req *CredentialsRequest) (*CredentialsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Credentials not implemented")
+}
+func (*UnimplementedAuthServer) FetchToken(ctx context.Context, req *FetchTokenRequest) (*FetchTokenResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method FetchToken not implemented")
+}
+func (*UnimplementedAuthServer) GetTokenAuthority(ctx context.Context, req *GetTokenAuthorityRequest) (*GetTokenAuthorityResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetTokenAuthority not implemented")
+}
+func (*UnimplementedAuthServer) VerifyTokenAuthority(ctx context.Context, req *VerifyTokenAuthorityRequest) (*VerifyTokenAuthorityResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method VerifyTokenAuthority not implemented")
 }
 
 func RegisterAuthServer(s *grpc.Server, srv AuthServer) {
@@ -218,6 +938,60 @@ func _Auth_Credentials_Handler(srv interface{}, ctx context.Context, dec func(in
 	return interceptor(ctx, in, info, handler)
 }
 
+func _Auth_FetchToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(FetchTokenRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServer).FetchToken(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.filesync.v1.Auth/FetchToken",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServer).FetchToken(ctx, req.(*FetchTokenRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Auth_GetTokenAuthority_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetTokenAuthorityRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServer).GetTokenAuthority(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.filesync.v1.Auth/GetTokenAuthority",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServer).GetTokenAuthority(ctx, req.(*GetTokenAuthorityRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Auth_VerifyTokenAuthority_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyTokenAuthorityRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServer).VerifyTokenAuthority(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/moby.filesync.v1.Auth/VerifyTokenAuthority",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServer).VerifyTokenAuthority(ctx, req.(*VerifyTokenAuthorityRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _Auth_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "moby.filesync.v1.Auth",
 	HandlerType: (*AuthServer)(nil),
@@ -226,6 +1000,18 @@ var _Auth_serviceDesc = grpc.ServiceDesc{
 			MethodName: "Credentials",
 			Handler:    _Auth_Credentials_Handler,
 		},
+		{
+			MethodName: "FetchToken",
+			Handler:    _Auth_FetchToken_Handler,
+		},
+		{
+			MethodName: "GetTokenAuthority",
+			Handler:    _Auth_GetTokenAuthority_Handler,
+		},
+		{
+			MethodName: "VerifyTokenAuthority",
+			Handler:    _Auth_VerifyTokenAuthority_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "auth.proto",
@@ -234,7 +1020,7 @@ var _Auth_serviceDesc = grpc.ServiceDesc{
 func (m *CredentialsRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -242,23 +1028,29 @@ func (m *CredentialsRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CredentialsRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CredentialsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Host) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Host)
+		copy(dAtA[i:], m.Host)
 		i = encodeVarintAuth(dAtA, i, uint64(len(m.Host)))
-		i += copy(dAtA[i:], m.Host)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CredentialsResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -266,35 +1058,288 @@ func (m *CredentialsResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CredentialsResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CredentialsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Username) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintAuth(dAtA, i, uint64(len(m.Username)))
-		i += copy(dAtA[i:], m.Username)
-	}
 	if len(m.Secret) > 0 {
-		dAtA[i] = 0x12
-		i++
+		i -= len(m.Secret)
+		copy(dAtA[i:], m.Secret)
 		i = encodeVarintAuth(dAtA, i, uint64(len(m.Secret)))
-		i += copy(dAtA[i:], m.Secret)
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Username) > 0 {
+		i -= len(m.Username)
+		copy(dAtA[i:], m.Username)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Username)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
-func encodeVarintAuth(dAtA []byte, offset int, v uint64) int {
-	for v >= 1<<7 {
-		dAtA[offset] = uint8(v&0x7f | 0x80)
-		v >>= 7
-		offset++
+func (m *FetchTokenRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	dAtA[offset] = uint8(v)
-	return offset + 1
+	return dAtA[:n], nil
+}
+
+func (m *FetchTokenRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FetchTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Scopes) > 0 {
+		for iNdEx := len(m.Scopes) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Scopes[iNdEx])
+			copy(dAtA[i:], m.Scopes[iNdEx])
+			i = encodeVarintAuth(dAtA, i, uint64(len(m.Scopes[iNdEx])))
+			i--
+			dAtA[i] = 0x2a
+		}
+	}
+	if len(m.Service) > 0 {
+		i -= len(m.Service)
+		copy(dAtA[i:], m.Service)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Service)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.Realm) > 0 {
+		i -= len(m.Realm)
+		copy(dAtA[i:], m.Realm)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Realm)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Host) > 0 {
+		i -= len(m.Host)
+		copy(dAtA[i:], m.Host)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Host)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ClientID) > 0 {
+		i -= len(m.ClientID)
+		copy(dAtA[i:], m.ClientID)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.ClientID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FetchTokenResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FetchTokenResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FetchTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.IssuedAt != 0 {
+		i = encodeVarintAuth(dAtA, i, uint64(m.IssuedAt))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.ExpiresIn != 0 {
+		i = encodeVarintAuth(dAtA, i, uint64(m.ExpiresIn))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Token) > 0 {
+		i -= len(m.Token)
+		copy(dAtA[i:], m.Token)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Token)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *GetTokenAuthorityRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *GetTokenAuthorityRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetTokenAuthorityRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Salt) > 0 {
+		i -= len(m.Salt)
+		copy(dAtA[i:], m.Salt)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Salt)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Host) > 0 {
+		i -= len(m.Host)
+		copy(dAtA[i:], m.Host)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Host)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *GetTokenAuthorityResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *GetTokenAuthorityResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetTokenAuthorityResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.PublicKey) > 0 {
+		i -= len(m.PublicKey)
+		copy(dAtA[i:], m.PublicKey)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.PublicKey)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *VerifyTokenAuthorityRequest) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *VerifyTokenAuthorityRequest) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *VerifyTokenAuthorityRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Salt) > 0 {
+		i -= len(m.Salt)
+		copy(dAtA[i:], m.Salt)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Salt)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Payload) > 0 {
+		i -= len(m.Payload)
+		copy(dAtA[i:], m.Payload)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Payload)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Host) > 0 {
+		i -= len(m.Host)
+		copy(dAtA[i:], m.Host)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Host)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *VerifyTokenAuthorityResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *VerifyTokenAuthorityResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *VerifyTokenAuthorityResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Signed) > 0 {
+		i -= len(m.Signed)
+		copy(dAtA[i:], m.Signed)
+		i = encodeVarintAuth(dAtA, i, uint64(len(m.Signed)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintAuth(dAtA []byte, offset int, v uint64) int {
+	offset -= sovAuth(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
 }
 func (m *CredentialsRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Host)
@@ -305,6 +1350,9 @@ func (m *CredentialsRequest) Size() (n int) {
 }
 
 func (m *CredentialsResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Username)
@@ -318,16 +1366,123 @@ func (m *CredentialsResponse) Size() (n int) {
 	return n
 }
 
-func sovAuth(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
+func (m *FetchTokenRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ClientID)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	l = len(m.Host)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	l = len(m.Realm)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	l = len(m.Service)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	if len(m.Scopes) > 0 {
+		for _, s := range m.Scopes {
+			l = len(s)
+			n += 1 + l + sovAuth(uint64(l))
 		}
 	}
 	return n
 }
+
+func (m *FetchTokenResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Token)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	if m.ExpiresIn != 0 {
+		n += 1 + sovAuth(uint64(m.ExpiresIn))
+	}
+	if m.IssuedAt != 0 {
+		n += 1 + sovAuth(uint64(m.IssuedAt))
+	}
+	return n
+}
+
+func (m *GetTokenAuthorityRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Host)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	l = len(m.Salt)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	return n
+}
+
+func (m *GetTokenAuthorityResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.PublicKey)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	return n
+}
+
+func (m *VerifyTokenAuthorityRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Host)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	l = len(m.Payload)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	l = len(m.Salt)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	return n
+}
+
+func (m *VerifyTokenAuthorityResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Signed)
+	if l > 0 {
+		n += 1 + l + sovAuth(uint64(l))
+	}
+	return n
+}
+
+func sovAuth(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
 func sozAuth(x uint64) (n int) {
 	return sovAuth(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
@@ -345,22 +1500,617 @@ func (this *CredentialsResponse) String() string {
 	if this == nil {
 		return "nil"
 	}
-	s := strings.Join([]string{`&CredentialsResponse{`,
-		`Username:` + fmt.Sprintf("%v", this.Username) + `,`,
-		`Secret:` + fmt.Sprintf("%v", this.Secret) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func valueToStringAuth(v interface{}) string {
-	rv := reflect.ValueOf(v)
-	if rv.IsNil() {
-		return "nil"
+	s := strings.Join([]string{`&CredentialsResponse{`,
+		`Username:` + fmt.Sprintf("%v", this.Username) + `,`,
+		`Secret:` + fmt.Sprintf("%v", this.Secret) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *FetchTokenRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&FetchTokenRequest{`,
+		`ClientID:` + fmt.Sprintf("%v", this.ClientID) + `,`,
+		`Host:` + fmt.Sprintf("%v", this.Host) + `,`,
+		`Realm:` + fmt.Sprintf("%v", this.Realm) + `,`,
+		`Service:` + fmt.Sprintf("%v", this.Service) + `,`,
+		`Scopes:` + fmt.Sprintf("%v", this.Scopes) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *FetchTokenResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&FetchTokenResponse{`,
+		`Token:` + fmt.Sprintf("%v", this.Token) + `,`,
+		`ExpiresIn:` + fmt.Sprintf("%v", this.ExpiresIn) + `,`,
+		`IssuedAt:` + fmt.Sprintf("%v", this.IssuedAt) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetTokenAuthorityRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetTokenAuthorityRequest{`,
+		`Host:` + fmt.Sprintf("%v", this.Host) + `,`,
+		`Salt:` + fmt.Sprintf("%v", this.Salt) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *GetTokenAuthorityResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&GetTokenAuthorityResponse{`,
+		`PublicKey:` + fmt.Sprintf("%v", this.PublicKey) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *VerifyTokenAuthorityRequest) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&VerifyTokenAuthorityRequest{`,
+		`Host:` + fmt.Sprintf("%v", this.Host) + `,`,
+		`Payload:` + fmt.Sprintf("%v", this.Payload) + `,`,
+		`Salt:` + fmt.Sprintf("%v", this.Salt) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *VerifyTokenAuthorityResponse) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&VerifyTokenAuthorityResponse{`,
+		`Signed:` + fmt.Sprintf("%v", this.Signed) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringAuth(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *CredentialsRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowAuth
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CredentialsRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CredentialsRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Host", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Host = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipAuth(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowAuth
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CredentialsResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CredentialsResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Username = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Secret = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipAuth(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *FetchTokenRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowAuth
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: FetchTokenRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: FetchTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ClientID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ClientID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Host", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Host = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Realm", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Realm = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Service = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Scopes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Scopes = append(m.Scopes, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipAuth(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *FetchTokenResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowAuth
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: FetchTokenResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: FetchTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Token = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExpiresIn", wireType)
+			}
+			m.ExpiresIn = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.ExpiresIn |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IssuedAt", wireType)
+			}
+			m.IssuedAt = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.IssuedAt |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipAuth(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("*%v", pv)
+	return nil
 }
-func (m *CredentialsRequest) Unmarshal(dAtA []byte) error {
+func (m *GetTokenAuthorityRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -375,7 +2125,7 @@ func (m *CredentialsRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -383,10 +2133,10 @@ func (m *CredentialsRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CredentialsRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetTokenAuthorityRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CredentialsRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetTokenAuthorityRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -403,7 +2153,7 @@ func (m *CredentialsRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -413,18 +2163,55 @@ func (m *CredentialsRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthAuth
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.Host = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Salt", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Salt = append(m.Salt[:0], dAtA[iNdEx:postIndex]...)
+			if m.Salt == nil {
+				m.Salt = []byte{}
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipAuth(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthAuth
 			}
 			if (iNdEx + skippy) > l {
@@ -439,7 +2226,7 @@ func (m *CredentialsRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
+func (m *GetTokenAuthorityResponse) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -454,7 +2241,7 @@ func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -462,15 +2249,99 @@ func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CredentialsResponse: wiretype end group for non-group")
+			return fmt.Errorf("proto: GetTokenAuthorityResponse: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CredentialsResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: GetTokenAuthorityResponse: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...)
+			if m.PublicKey == nil {
+				m.PublicKey = []byte{}
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipAuth(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *VerifyTokenAuthorityRequest) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowAuth
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: VerifyTokenAuthorityRequest: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: VerifyTokenAuthorityRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Host", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -482,7 +2353,7 @@ func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -492,16 +2363,19 @@ func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthAuth
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Username = string(dAtA[iNdEx:postIndex])
+			m.Host = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Payload", wireType)
 			}
-			var stringLen uint64
+			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowAuth
@@ -511,20 +2385,143 @@ func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if byteLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
 				return ErrInvalidLengthAuth
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Secret = string(dAtA[iNdEx:postIndex])
+			m.Payload = append(m.Payload[:0], dAtA[iNdEx:postIndex]...)
+			if m.Payload == nil {
+				m.Payload = []byte{}
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Salt", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Salt = append(m.Salt[:0], dAtA[iNdEx:postIndex]...)
+			if m.Salt == nil {
+				m.Salt = []byte{}
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipAuth(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *VerifyTokenAuthorityResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowAuth
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: VerifyTokenAuthorityResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: VerifyTokenAuthorityResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Signed", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuth
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthAuth
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuth
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Signed = append(m.Signed[:0], dAtA[iNdEx:postIndex]...)
+			if m.Signed == nil {
+				m.Signed = []byte{}
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -532,7 +2529,7 @@ func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthAuth
 			}
 			if (iNdEx + skippy) > l {
@@ -550,6 +2547,7 @@ func (m *CredentialsResponse) Unmarshal(dAtA []byte) error {
 func skipAuth(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -581,10 +2579,8 @@ func skipAuth(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -601,73 +2597,34 @@ func skipAuth(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthAuth
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowAuth
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipAuth(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupAuth
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthAuth
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthAuth = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowAuth   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthAuth        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowAuth          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupAuth = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("auth.proto", fileDescriptorAuth) }
-
-var fileDescriptorAuth = []byte{
-	// 224 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4a, 0x2c, 0x2d, 0xc9,
-	0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0xc8, 0xcd, 0x4f, 0xaa, 0xd4, 0x4b, 0xcb, 0xcc,
-	0x49, 0x2d, 0xae, 0xcc, 0x4b, 0xd6, 0x2b, 0x33, 0x54, 0xd2, 0xe0, 0x12, 0x72, 0x2e, 0x4a, 0x4d,
-	0x49, 0xcd, 0x2b, 0xc9, 0x4c, 0xcc, 0x29, 0x0e, 0x4a, 0x2d, 0x2c, 0x4d, 0x2d, 0x2e, 0x11, 0x12,
-	0xe2, 0x62, 0xf1, 0xc8, 0x2f, 0x2e, 0x91, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x0c, 0x02, 0xb3, 0x95,
-	0x3c, 0xb9, 0x84, 0x51, 0x54, 0x16, 0x17, 0xe4, 0xe7, 0x15, 0xa7, 0x0a, 0x49, 0x71, 0x71, 0x84,
-	0x16, 0xa7, 0x16, 0xe5, 0x25, 0xe6, 0xa6, 0x42, 0x95, 0xc3, 0xf9, 0x42, 0x62, 0x5c, 0x6c, 0xc1,
-	0xa9, 0xc9, 0x45, 0xa9, 0x25, 0x12, 0x4c, 0x60, 0x19, 0x28, 0xcf, 0x28, 0x89, 0x8b, 0xc5, 0xb1,
-	0xb4, 0x24, 0x43, 0x28, 0x8a, 0x8b, 0x1b, 0xc9, 0x48, 0x21, 0x15, 0x3d, 0x74, 0xe7, 0xe9, 0x61,
-	0xba, 0x4d, 0x4a, 0x95, 0x80, 0x2a, 0x88, 0xbb, 0x9c, 0x8c, 0x2e, 0x3c, 0x94, 0x63, 0xb8, 0xf1,
-	0x50, 0x8e, 0xe1, 0xc3, 0x43, 0x39, 0xc6, 0x86, 0x47, 0x72, 0x8c, 0x2b, 0x1e, 0xc9, 0x31, 0x9e,
-	0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c, 0xe3, 0x83, 0x47, 0x72, 0x8c, 0x2f, 0x1e, 0xc9, 0x31,
-	0x7c, 0x78, 0x24, 0xc7, 0x38, 0xe1, 0xb1, 0x1c, 0x43, 0x14, 0x0b, 0x28, 0x90, 0x92, 0xd8, 0xc0,
-	0xa1, 0x64, 0x0c, 0x08, 0x00, 0x00, 0xff, 0xff, 0xaa, 0x73, 0xf3, 0xd5, 0x33, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/session/auth/auth.proto b/vendor/github.com/moby/buildkit/session/auth/auth.proto
index 593312747950b..139b0d0e3903d 100644
--- a/vendor/github.com/moby/buildkit/session/auth/auth.proto
+++ b/vendor/github.com/moby/buildkit/session/auth/auth.proto
@@ -6,9 +6,11 @@ option go_package = "auth";
 
 service Auth{
   rpc Credentials(CredentialsRequest) returns (CredentialsResponse);
+  rpc FetchToken(FetchTokenRequest) returns (FetchTokenResponse);
+  rpc GetTokenAuthority(GetTokenAuthorityRequest) returns (GetTokenAuthorityResponse);
+  rpc VerifyTokenAuthority(VerifyTokenAuthorityRequest) returns (VerifyTokenAuthorityResponse);
 }
 
-
 message CredentialsRequest {
 	string Host = 1;
 }
@@ -17,3 +19,36 @@ message CredentialsResponse {
 	string Username = 1;
 	string Secret = 2;
 }
+
+message FetchTokenRequest {
+	string ClientID = 1;
+	string Host = 2;
+	string Realm = 3;
+	string Service = 4;
+	repeated string Scopes = 5;
+}
+
+message FetchTokenResponse {
+	string Token = 1;
+	int64 ExpiresIn = 2; // seconds
+	int64 IssuedAt = 3; // timestamp
+}
+
+message GetTokenAuthorityRequest {
+	string Host = 1;
+	bytes Salt = 2;
+}
+
+message GetTokenAuthorityResponse {
+	bytes PublicKey = 1;
+}
+
+message VerifyTokenAuthorityRequest {
+	string Host = 1;
+	bytes Payload = 2;
+	bytes Salt = 3;
+}
+
+message VerifyTokenAuthorityResponse {
+	bytes Signed = 1;
+}
diff --git a/vendor/github.com/moby/buildkit/session/content/attachable.go b/vendor/github.com/moby/buildkit/session/content/attachable.go
new file mode 100644
index 0000000000000..253b37a23e2f7
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/session/content/attachable.go
@@ -0,0 +1,132 @@
+package content
+
+import (
+	"context"
+
+	api "github.com/containerd/containerd/api/services/content/v1"
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/services/content/contentserver"
+	"github.com/moby/buildkit/session"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/metadata"
+)
+
+// GRPCHeaderID is a gRPC header for store ID
+const GRPCHeaderID = "buildkit-attachable-store-id"
+
+type attachableContentStore struct {
+	stores map[string]content.Store
+}
+
+func (cs *attachableContentStore) choose(ctx context.Context) (content.Store, error) {
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return nil, errors.Wrap(errdefs.ErrInvalidArgument, "request lacks metadata")
+	}
+
+	values := md[GRPCHeaderID]
+	if len(values) == 0 {
+		return nil, errors.Wrapf(errdefs.ErrInvalidArgument, "request lacks metadata %q", GRPCHeaderID)
+	}
+	id := values[0]
+	store, ok := cs.stores[id]
+	if !ok {
+		return nil, errors.Wrapf(errdefs.ErrNotFound, "unknown store %s", id)
+	}
+	return store, nil
+}
+
+func (cs *attachableContentStore) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return content.Info{}, err
+	}
+	return store.Info(ctx, dgst)
+}
+
+func (cs *attachableContentStore) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return content.Info{}, err
+	}
+	return store.Update(ctx, info, fieldpaths...)
+}
+
+func (cs *attachableContentStore) Walk(ctx context.Context, fn content.WalkFunc, fs ...string) error {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return err
+	}
+	return store.Walk(ctx, fn, fs...)
+}
+
+func (cs *attachableContentStore) Delete(ctx context.Context, dgst digest.Digest) error {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return err
+	}
+	return store.Delete(ctx, dgst)
+}
+
+func (cs *attachableContentStore) ListStatuses(ctx context.Context, fs ...string) ([]content.Status, error) {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return store.ListStatuses(ctx, fs...)
+}
+
+func (cs *attachableContentStore) Status(ctx context.Context, ref string) (content.Status, error) {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return content.Status{}, err
+	}
+	return store.Status(ctx, ref)
+}
+
+func (cs *attachableContentStore) Abort(ctx context.Context, ref string) error {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return err
+	}
+	return store.Abort(ctx, ref)
+}
+
+func (cs *attachableContentStore) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return store.Writer(ctx, opts...)
+}
+
+func (cs *attachableContentStore) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
+	store, err := cs.choose(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return store.ReaderAt(ctx, desc)
+}
+
+type attachable struct {
+	service api.ContentServer
+}
+
+// NewAttachable creates session.Attachable from aggregated stores.
+// A key of the store map is an ID string that is used for choosing underlying store.
+func NewAttachable(stores map[string]content.Store) session.Attachable {
+	store := &attachableContentStore{stores: stores}
+	service := contentserver.New(store)
+	a := attachable{
+		service: service,
+	}
+	return &a
+}
+
+func (a *attachable) Register(server *grpc.Server) {
+	api.RegisterContentServer(server, a.service)
+}
diff --git a/vendor/github.com/moby/buildkit/session/content/caller.go b/vendor/github.com/moby/buildkit/session/content/caller.go
new file mode 100644
index 0000000000000..70e82130d717b
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/session/content/caller.go
@@ -0,0 +1,91 @@
+package content
+
+import (
+	"context"
+
+	api "github.com/containerd/containerd/api/services/content/v1"
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/content/proxy"
+	"github.com/moby/buildkit/session"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc/metadata"
+)
+
+type callerContentStore struct {
+	store   content.Store
+	storeID string
+}
+
+func (cs *callerContentStore) choose(ctx context.Context) context.Context {
+	nsheader := metadata.Pairs(GRPCHeaderID, cs.storeID)
+	md, ok := metadata.FromOutgoingContext(ctx) // merge with outgoing context.
+	if !ok {
+		md = nsheader
+	} else {
+		// order ensures the latest is first in this list.
+		md = metadata.Join(nsheader, md)
+	}
+	return metadata.NewOutgoingContext(ctx, md)
+}
+
+func (cs *callerContentStore) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
+	ctx = cs.choose(ctx)
+	info, err := cs.store.Info(ctx, dgst)
+	return info, errors.WithStack(err)
+}
+
+func (cs *callerContentStore) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) {
+	ctx = cs.choose(ctx)
+	info, err := cs.store.Update(ctx, info, fieldpaths...)
+	return info, errors.WithStack(err)
+}
+
+func (cs *callerContentStore) Walk(ctx context.Context, fn content.WalkFunc, fs ...string) error {
+	ctx = cs.choose(ctx)
+	return errors.WithStack(cs.store.Walk(ctx, fn, fs...))
+}
+
+func (cs *callerContentStore) Delete(ctx context.Context, dgst digest.Digest) error {
+	ctx = cs.choose(ctx)
+	return errors.WithStack(cs.store.Delete(ctx, dgst))
+}
+
+func (cs *callerContentStore) ListStatuses(ctx context.Context, fs ...string) ([]content.Status, error) {
+	ctx = cs.choose(ctx)
+	resp, err := cs.store.ListStatuses(ctx, fs...)
+	return resp, errors.WithStack(err)
+}
+
+func (cs *callerContentStore) Status(ctx context.Context, ref string) (content.Status, error) {
+	ctx = cs.choose(ctx)
+	st, err := cs.store.Status(ctx, ref)
+	return st, errors.WithStack(err)
+}
+
+func (cs *callerContentStore) Abort(ctx context.Context, ref string) error {
+	ctx = cs.choose(ctx)
+	return errors.WithStack(cs.store.Abort(ctx, ref))
+}
+
+func (cs *callerContentStore) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) {
+	ctx = cs.choose(ctx)
+	w, err := cs.store.Writer(ctx, opts...)
+	return w, errors.WithStack(err)
+}
+
+func (cs *callerContentStore) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
+	ctx = cs.choose(ctx)
+	ra, err := cs.store.ReaderAt(ctx, desc)
+	return ra, errors.WithStack(err)
+}
+
+// NewCallerStore creates content.Store from session.Caller with specified storeID
+func NewCallerStore(c session.Caller, storeID string) content.Store {
+	client := api.NewContentClient(c.Conn())
+	return &callerContentStore{
+		store:   proxy.NewContentStore(client),
+		storeID: storeID,
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/session/context.go b/vendor/github.com/moby/buildkit/session/context.go
deleted file mode 100644
index 31a29f0868a3a..0000000000000
--- a/vendor/github.com/moby/buildkit/session/context.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package session
-
-import "context"
-
-type contextKeyT string
-
-var contextKey = contextKeyT("buildkit/session-id")
-
-func NewContext(ctx context.Context, id string) context.Context {
-	if id != "" {
-		return context.WithValue(ctx, contextKey, id)
-	}
-	return ctx
-}
-
-func FromContext(ctx context.Context) string {
-	v := ctx.Value(contextKey)
-	if v == nil {
-		return ""
-	}
-	return v.(string)
-}
diff --git a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go
index 8334ab60db28d..a03326f6d5756 100644
--- a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go
+++ b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go
@@ -2,6 +2,7 @@ package filesync
 
 import (
 	"bufio"
+	"context"
 	io "io"
 	"os"
 	"time"
@@ -13,8 +14,14 @@ import (
 	"google.golang.org/grpc"
 )
 
-func sendDiffCopy(stream grpc.Stream, fs fsutil.FS, progress progressCb) error {
-	return fsutil.Send(stream.Context(), stream, fs, progress)
+type Stream interface {
+	Context() context.Context
+	SendMsg(m interface{}) error
+	RecvMsg(m interface{}) error
+}
+
+func sendDiffCopy(stream Stream, fs fsutil.FS, progress progressCb) error {
+	return errors.WithStack(fsutil.Send(stream.Context(), stream, fs, progress))
 }
 
 func newStreamWriter(stream grpc.ClientStream) io.WriteCloser {
@@ -29,7 +36,7 @@ type bufferedWriteCloser struct {
 
 func (bwc *bufferedWriteCloser) Close() error {
 	if err := bwc.Writer.Flush(); err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 	return bwc.Closer.Close()
 }
@@ -40,24 +47,30 @@ type streamWriterCloser struct {
 
 func (wc *streamWriterCloser) Write(dt []byte) (int, error) {
 	if err := wc.ClientStream.SendMsg(&BytesMessage{Data: dt}); err != nil {
-		return 0, err
+		// SendMsg return EOF on remote errors
+		if errors.Is(err, io.EOF) {
+			if err := errors.WithStack(wc.ClientStream.RecvMsg(struct{}{})); err != nil {
+				return 0, err
+			}
+		}
+		return 0, errors.WithStack(err)
 	}
 	return len(dt), nil
 }
 
 func (wc *streamWriterCloser) Close() error {
 	if err := wc.ClientStream.CloseSend(); err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 	// block until receiver is done
 	var bm BytesMessage
 	if err := wc.ClientStream.RecvMsg(&bm); err != io.EOF {
-		return err
+		return errors.WithStack(err)
 	}
 	return nil
 }
 
-func recvDiffCopy(ds grpc.Stream, dest string, cu CacheUpdater, progress progressCb) error {
+func recvDiffCopy(ds grpc.ClientStream, dest string, cu CacheUpdater, progress progressCb, filter func(string, *fstypes.Stat) bool) (err error) {
 	st := time.Now()
 	defer func() {
 		logrus.Debugf("diffcopy took: %v", time.Since(st))
@@ -69,42 +82,49 @@ func recvDiffCopy(ds grpc.Stream, dest string, cu CacheUpdater, progress progres
 		cf = cu.HandleChange
 		ch = cu.ContentHasher()
 	}
-	return fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{
+	defer func() {
+		// tracing wrapper requires close trigger even on clean eof
+		if err == nil {
+			ds.CloseSend()
+		}
+	}()
+	return errors.WithStack(fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{
 		NotifyHashed:  cf,
 		ContentHasher: ch,
 		ProgressCb:    progress,
-	})
+		Filter:        fsutil.FilterFunc(filter),
+	}))
 }
 
-func syncTargetDiffCopy(ds grpc.Stream, dest string) error {
+func syncTargetDiffCopy(ds grpc.ServerStream, dest string) error {
 	if err := os.MkdirAll(dest, 0700); err != nil {
-		return err
+		return errors.Wrapf(err, "failed to create synctarget dest dir %s", dest)
 	}
-	return fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{
+	return errors.WithStack(fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{
 		Merge: true,
-		Filter: func() func(*fstypes.Stat) bool {
+		Filter: func() func(string, *fstypes.Stat) bool {
 			uid := os.Getuid()
 			gid := os.Getgid()
-			return func(st *fstypes.Stat) bool {
+			return func(p string, st *fstypes.Stat) bool {
 				st.Uid = uint32(uid)
 				st.Gid = uint32(gid)
 				return true
 			}
 		}(),
-	})
+	}))
 }
 
-func writeTargetFile(ds grpc.Stream, wc io.WriteCloser) error {
+func writeTargetFile(ds grpc.ServerStream, wc io.WriteCloser) error {
 	for {
 		bm := BytesMessage{}
 		if err := ds.RecvMsg(&bm); err != nil {
-			if errors.Cause(err) == io.EOF {
+			if errors.Is(err, io.EOF) {
 				return nil
 			}
-			return err
+			return errors.WithStack(err)
 		}
 		if _, err := wc.Write(bm.Data); err != nil {
-			return err
+			return errors.WithStack(err)
 		}
 	}
 }
diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.go b/vendor/github.com/moby/buildkit/session/filesync/filesync.go
index ae6775f70b92e..af62d1c2c6f08 100644
--- a/vendor/github.com/moby/buildkit/session/filesync/filesync.go
+++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.go
@@ -18,11 +18,12 @@ import (
 )
 
 const (
-	keyOverrideExcludes = "override-excludes"
-	keyIncludePatterns  = "include-patterns"
-	keyExcludePatterns  = "exclude-patterns"
-	keyFollowPaths      = "followpaths"
-	keyDirName          = "dir-name"
+	keyOverrideExcludes   = "override-excludes"
+	keyIncludePatterns    = "include-patterns"
+	keyExcludePatterns    = "exclude-patterns"
+	keyFollowPaths        = "followpaths"
+	keyDirName            = "dir-name"
+	keyExporterMetaPrefix = "exporter-md-"
 )
 
 type fsSyncProvider struct {
@@ -35,7 +36,7 @@ type SyncedDir struct {
 	Name     string
 	Dir      string
 	Excludes []string
-	Map      func(*fstypes.Stat) bool
+	Map      func(string, *fstypes.Stat) bool
 }
 
 // NewFSSyncProvider creates a new provider for sending files from client
@@ -128,8 +129,8 @@ type progressCb func(int, bool)
 
 type protocol struct {
 	name   string
-	sendFn func(stream grpc.Stream, fs fsutil.FS, progress progressCb) error
-	recvFn func(stream grpc.Stream, destDir string, cu CacheUpdater, progress progressCb) error
+	sendFn func(stream Stream, fs fsutil.FS, progress progressCb) error
+	recvFn func(stream grpc.ClientStream, destDir string, cu CacheUpdater, progress progressCb, mapFunc func(string, *fstypes.Stat) bool) error
 }
 
 func isProtoSupported(p string) bool {
@@ -158,6 +159,7 @@ type FSSendRequestOpt struct {
 	DestDir          string
 	CacheUpdater     CacheUpdater
 	ProgressCb       func(int, bool)
+	Filter           func(string, *fstypes.Stat) bool
 }
 
 // CacheUpdater is an object capable of sending notifications for the cache hash changes
@@ -225,7 +227,7 @@ func FSSync(ctx context.Context, c session.Caller, opt FSSendRequestOpt) error {
 		panic(fmt.Sprintf("invalid protocol: %q", pr.name))
 	}
 
-	return pr.recvFn(stream, opt.DestDir, opt.CacheUpdater, opt.ProgressCb)
+	return pr.recvFn(stream, opt.DestDir, opt.CacheUpdater, opt.ProgressCb, opt.Filter)
 }
 
 // NewFSSyncTargetDir allows writing into a directory
@@ -237,31 +239,51 @@ func NewFSSyncTargetDir(outdir string) session.Attachable {
 }
 
 // NewFSSyncTarget allows writing into an io.WriteCloser
-func NewFSSyncTarget(w io.WriteCloser) session.Attachable {
+func NewFSSyncTarget(f func(map[string]string) (io.WriteCloser, error)) session.Attachable {
 	p := &fsSyncTarget{
-		outfile: w,
+		f: f,
 	}
 	return p
 }
 
 type fsSyncTarget struct {
-	outdir  string
-	outfile io.WriteCloser
+	outdir string
+	f      func(map[string]string) (io.WriteCloser, error)
 }
 
 func (sp *fsSyncTarget) Register(server *grpc.Server) {
 	RegisterFileSendServer(server, sp)
 }
 
-func (sp *fsSyncTarget) DiffCopy(stream FileSend_DiffCopyServer) error {
+func (sp *fsSyncTarget) DiffCopy(stream FileSend_DiffCopyServer) (err error) {
 	if sp.outdir != "" {
 		return syncTargetDiffCopy(stream, sp.outdir)
 	}
-	if sp.outfile == nil {
+
+	if sp.f == nil {
 		return errors.New("empty outfile and outdir")
 	}
-	defer sp.outfile.Close()
-	return writeTargetFile(stream, sp.outfile)
+	opts, _ := metadata.FromIncomingContext(stream.Context()) // if no metadata continue with empty object
+	md := map[string]string{}
+	for k, v := range opts {
+		if strings.HasPrefix(k, keyExporterMetaPrefix) {
+			md[strings.TrimPrefix(k, keyExporterMetaPrefix)] = strings.Join(v, ",")
+		}
+	}
+	wc, err := sp.f(md)
+	if err != nil {
+		return err
+	}
+	if wc == nil {
+		return status.Errorf(codes.AlreadyExists, "target already exists")
+	}
+	defer func() {
+		err1 := wc.Close()
+		if err != nil {
+			err = err1
+		}
+	}()
+	return writeTargetFile(stream, wc)
 }
 
 func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress func(int, bool)) error {
@@ -274,13 +296,13 @@ func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress
 
 	cc, err := client.DiffCopy(ctx)
 	if err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 
 	return sendDiffCopy(cc, fs, progress)
 }
 
-func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, error) {
+func CopyFileWriter(ctx context.Context, md map[string]string, c session.Caller) (io.WriteCloser, error) {
 	method := session.MethodURL(_FileSend_serviceDesc.ServiceName, "diffcopy")
 	if !c.Supports(method) {
 		return nil, errors.Errorf("method %s not supported by the client", method)
@@ -288,9 +310,16 @@ func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, erro
 
 	client := NewFileSendClient(c.Conn())
 
+	opts := make(map[string][]string, len(md))
+	for k, v := range md {
+		opts[keyExporterMetaPrefix+k] = []string{v}
+	}
+
+	ctx = metadata.NewOutgoingContext(ctx, opts)
+
 	cc, err := client.DiffCopy(ctx)
 	if err != nil {
-		return nil, err
+		return nil, errors.WithStack(err)
 	}
 
 	return newStreamWriter(cc), nil
diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.pb.go b/vendor/github.com/moby/buildkit/session/filesync/filesync.pb.go
index 4a9697e342327..6110307abb0e0 100644
--- a/vendor/github.com/moby/buildkit/session/filesync/filesync.pb.go
+++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.pb.go
@@ -1,30 +1,23 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: filesync.proto
 
-/*
-Package filesync is a generated protocol buffer package.
-
-It is generated from these files:
-	filesync.proto
-
-It has these top-level messages:
-	BytesMessage
-*/
 package filesync
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import bytes "bytes"
-
-import strings "strings"
-import reflect "reflect"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import io "io"
+import (
+	bytes "bytes"
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	types "github.com/tonistiigi/fsutil/types"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -35,16 +28,44 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // BytesMessage contains a chunk of byte data
 type BytesMessage struct {
 	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
 }
 
-func (m *BytesMessage) Reset()                    { *m = BytesMessage{} }
-func (*BytesMessage) ProtoMessage()               {}
-func (*BytesMessage) Descriptor() ([]byte, []int) { return fileDescriptorFilesync, []int{0} }
+func (m *BytesMessage) Reset()      { *m = BytesMessage{} }
+func (*BytesMessage) ProtoMessage() {}
+func (*BytesMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d1042549f1f24495, []int{0}
+}
+func (m *BytesMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BytesMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BytesMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BytesMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BytesMessage.Merge(m, src)
+}
+func (m *BytesMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *BytesMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_BytesMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_BytesMessage proto.InternalMessageInfo
 
 func (m *BytesMessage) GetData() []byte {
 	if m != nil {
@@ -56,6 +77,31 @@ func (m *BytesMessage) GetData() []byte {
 func init() {
 	proto.RegisterType((*BytesMessage)(nil), "moby.filesync.v1.BytesMessage")
 }
+
+func init() { proto.RegisterFile("filesync.proto", fileDescriptor_d1042549f1f24495) }
+
+var fileDescriptor_d1042549f1f24495 = []byte{
+	// 281 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4b, 0xcb, 0xcc, 0x49,
+	0x2d, 0xae, 0xcc, 0x4b, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0xc8, 0xcd, 0x4f, 0xaa,
+	0xd4, 0x83, 0x0b, 0x96, 0x19, 0x4a, 0xe9, 0xa6, 0x67, 0x96, 0x64, 0x94, 0x26, 0xe9, 0x25, 0xe7,
+	0xe7, 0xea, 0x97, 0xe4, 0xe7, 0x65, 0x16, 0x97, 0x64, 0x66, 0xa6, 0x67, 0xea, 0xa7, 0x15, 0x97,
+	0x96, 0x64, 0xe6, 0xe8, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0x97, 0x67, 0x16, 0xa5, 0x42, 0x0c,
+	0x50, 0x52, 0xe2, 0xe2, 0x71, 0xaa, 0x2c, 0x49, 0x2d, 0xf6, 0x4d, 0x2d, 0x2e, 0x4e, 0x4c, 0x4f,
+	0x15, 0x12, 0xe2, 0x62, 0x49, 0x49, 0x2c, 0x49, 0x94, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x09, 0x02,
+	0xb3, 0x8d, 0x9a, 0x19, 0xb9, 0x38, 0xdc, 0x32, 0x73, 0x52, 0x83, 0x2b, 0xf3, 0x92, 0x85, 0xac,
+	0xb8, 0x38, 0x5c, 0x32, 0xd3, 0xd2, 0x9c, 0xf3, 0x0b, 0x2a, 0x85, 0x44, 0xf4, 0x20, 0xc6, 0xea,
+	0x81, 0x8d, 0xd5, 0x0b, 0x48, 0x4c, 0xce, 0x4e, 0x2d, 0x91, 0xc2, 0x2a, 0xaa, 0xc1, 0x68, 0xc0,
+	0x28, 0x64, 0xcd, 0xc5, 0x19, 0x92, 0x58, 0x14, 0x5c, 0x52, 0x94, 0x9a, 0x98, 0x4b, 0xaa, 0x66,
+	0xa3, 0x28, 0xa8, 0x23, 0x52, 0xf3, 0x52, 0x84, 0xfc, 0x90, 0x1c, 0x21, 0xa7, 0x87, 0x1e, 0x06,
+	0x7a, 0xc8, 0x3e, 0x92, 0x22, 0x20, 0x0f, 0x32, 0xdb, 0xc9, 0xee, 0xc2, 0x43, 0x39, 0x86, 0x1b,
+	0x0f, 0xe5, 0x18, 0x3e, 0x3c, 0x94, 0x63, 0x6c, 0x78, 0x24, 0xc7, 0xb8, 0xe2, 0x91, 0x1c, 0xe3,
+	0x89, 0x47, 0x72, 0x8c, 0x17, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0xf8, 0xe2, 0x91, 0x1c,
+	0xc3, 0x87, 0x47, 0x72, 0x8c, 0x13, 0x1e, 0xcb, 0x31, 0x5c, 0x78, 0x2c, 0xc7, 0x70, 0xe3, 0xb1,
+	0x1c, 0x43, 0x14, 0x07, 0xcc, 0xcc, 0x24, 0x36, 0x70, 0x60, 0x1a, 0x03, 0x02, 0x00, 0x00, 0xff,
+	0xff, 0xe6, 0x17, 0x63, 0x59, 0x9f, 0x01, 0x00, 0x00,
+}
+
 func (this *BytesMessage) Equal(that interface{}) bool {
 	if that == nil {
 		return this == nil
@@ -107,8 +153,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for FileSync service
-
+// FileSyncClient is the client API for FileSync service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type FileSyncClient interface {
 	DiffCopy(ctx context.Context, opts ...grpc.CallOption) (FileSync_DiffCopyClient, error)
 	TarStream(ctx context.Context, opts ...grpc.CallOption) (FileSync_TarStreamClient, error)
@@ -123,7 +170,7 @@ func NewFileSyncClient(cc *grpc.ClientConn) FileSyncClient {
 }
 
 func (c *fileSyncClient) DiffCopy(ctx context.Context, opts ...grpc.CallOption) (FileSync_DiffCopyClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_FileSync_serviceDesc.Streams[0], c.cc, "/moby.filesync.v1.FileSync/DiffCopy", opts...)
+	stream, err := c.cc.NewStream(ctx, &_FileSync_serviceDesc.Streams[0], "/moby.filesync.v1.FileSync/DiffCopy", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -132,8 +179,8 @@ func (c *fileSyncClient) DiffCopy(ctx context.Context, opts ...grpc.CallOption)
 }
 
 type FileSync_DiffCopyClient interface {
-	Send(*BytesMessage) error
-	Recv() (*BytesMessage, error)
+	Send(*types.Packet) error
+	Recv() (*types.Packet, error)
 	grpc.ClientStream
 }
 
@@ -141,12 +188,12 @@ type fileSyncDiffCopyClient struct {
 	grpc.ClientStream
 }
 
-func (x *fileSyncDiffCopyClient) Send(m *BytesMessage) error {
+func (x *fileSyncDiffCopyClient) Send(m *types.Packet) error {
 	return x.ClientStream.SendMsg(m)
 }
 
-func (x *fileSyncDiffCopyClient) Recv() (*BytesMessage, error) {
-	m := new(BytesMessage)
+func (x *fileSyncDiffCopyClient) Recv() (*types.Packet, error) {
+	m := new(types.Packet)
 	if err := x.ClientStream.RecvMsg(m); err != nil {
 		return nil, err
 	}
@@ -154,7 +201,7 @@ func (x *fileSyncDiffCopyClient) Recv() (*BytesMessage, error) {
 }
 
 func (c *fileSyncClient) TarStream(ctx context.Context, opts ...grpc.CallOption) (FileSync_TarStreamClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_FileSync_serviceDesc.Streams[1], c.cc, "/moby.filesync.v1.FileSync/TarStream", opts...)
+	stream, err := c.cc.NewStream(ctx, &_FileSync_serviceDesc.Streams[1], "/moby.filesync.v1.FileSync/TarStream", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -163,8 +210,8 @@ func (c *fileSyncClient) TarStream(ctx context.Context, opts ...grpc.CallOption)
 }
 
 type FileSync_TarStreamClient interface {
-	Send(*BytesMessage) error
-	Recv() (*BytesMessage, error)
+	Send(*types.Packet) error
+	Recv() (*types.Packet, error)
 	grpc.ClientStream
 }
 
@@ -172,25 +219,35 @@ type fileSyncTarStreamClient struct {
 	grpc.ClientStream
 }
 
-func (x *fileSyncTarStreamClient) Send(m *BytesMessage) error {
+func (x *fileSyncTarStreamClient) Send(m *types.Packet) error {
 	return x.ClientStream.SendMsg(m)
 }
 
-func (x *fileSyncTarStreamClient) Recv() (*BytesMessage, error) {
-	m := new(BytesMessage)
+func (x *fileSyncTarStreamClient) Recv() (*types.Packet, error) {
+	m := new(types.Packet)
 	if err := x.ClientStream.RecvMsg(m); err != nil {
 		return nil, err
 	}
 	return m, nil
 }
 
-// Server API for FileSync service
-
+// FileSyncServer is the server API for FileSync service.
 type FileSyncServer interface {
 	DiffCopy(FileSync_DiffCopyServer) error
 	TarStream(FileSync_TarStreamServer) error
 }
 
+// UnimplementedFileSyncServer can be embedded to have forward compatible implementations.
+type UnimplementedFileSyncServer struct {
+}
+
+func (*UnimplementedFileSyncServer) DiffCopy(srv FileSync_DiffCopyServer) error {
+	return status.Errorf(codes.Unimplemented, "method DiffCopy not implemented")
+}
+func (*UnimplementedFileSyncServer) TarStream(srv FileSync_TarStreamServer) error {
+	return status.Errorf(codes.Unimplemented, "method TarStream not implemented")
+}
+
 func RegisterFileSyncServer(s *grpc.Server, srv FileSyncServer) {
 	s.RegisterService(&_FileSync_serviceDesc, srv)
 }
@@ -200,8 +257,8 @@ func _FileSync_DiffCopy_Handler(srv interface{}, stream grpc.ServerStream) error
 }
 
 type FileSync_DiffCopyServer interface {
-	Send(*BytesMessage) error
-	Recv() (*BytesMessage, error)
+	Send(*types.Packet) error
+	Recv() (*types.Packet, error)
 	grpc.ServerStream
 }
 
@@ -209,12 +266,12 @@ type fileSyncDiffCopyServer struct {
 	grpc.ServerStream
 }
 
-func (x *fileSyncDiffCopyServer) Send(m *BytesMessage) error {
+func (x *fileSyncDiffCopyServer) Send(m *types.Packet) error {
 	return x.ServerStream.SendMsg(m)
 }
 
-func (x *fileSyncDiffCopyServer) Recv() (*BytesMessage, error) {
-	m := new(BytesMessage)
+func (x *fileSyncDiffCopyServer) Recv() (*types.Packet, error) {
+	m := new(types.Packet)
 	if err := x.ServerStream.RecvMsg(m); err != nil {
 		return nil, err
 	}
@@ -226,8 +283,8 @@ func _FileSync_TarStream_Handler(srv interface{}, stream grpc.ServerStream) erro
 }
 
 type FileSync_TarStreamServer interface {
-	Send(*BytesMessage) error
-	Recv() (*BytesMessage, error)
+	Send(*types.Packet) error
+	Recv() (*types.Packet, error)
 	grpc.ServerStream
 }
 
@@ -235,12 +292,12 @@ type fileSyncTarStreamServer struct {
 	grpc.ServerStream
 }
 
-func (x *fileSyncTarStreamServer) Send(m *BytesMessage) error {
+func (x *fileSyncTarStreamServer) Send(m *types.Packet) error {
 	return x.ServerStream.SendMsg(m)
 }
 
-func (x *fileSyncTarStreamServer) Recv() (*BytesMessage, error) {
-	m := new(BytesMessage)
+func (x *fileSyncTarStreamServer) Recv() (*types.Packet, error) {
+	m := new(types.Packet)
 	if err := x.ServerStream.RecvMsg(m); err != nil {
 		return nil, err
 	}
@@ -268,8 +325,9 @@ var _FileSync_serviceDesc = grpc.ServiceDesc{
 	Metadata: "filesync.proto",
 }
 
-// Client API for FileSend service
-
+// FileSendClient is the client API for FileSend service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type FileSendClient interface {
 	DiffCopy(ctx context.Context, opts ...grpc.CallOption) (FileSend_DiffCopyClient, error)
 }
@@ -283,7 +341,7 @@ func NewFileSendClient(cc *grpc.ClientConn) FileSendClient {
 }
 
 func (c *fileSendClient) DiffCopy(ctx context.Context, opts ...grpc.CallOption) (FileSend_DiffCopyClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_FileSend_serviceDesc.Streams[0], c.cc, "/moby.filesync.v1.FileSend/DiffCopy", opts...)
+	stream, err := c.cc.NewStream(ctx, &_FileSend_serviceDesc.Streams[0], "/moby.filesync.v1.FileSend/DiffCopy", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -313,12 +371,19 @@ func (x *fileSendDiffCopyClient) Recv() (*BytesMessage, error) {
 	return m, nil
 }
 
-// Server API for FileSend service
-
+// FileSendServer is the server API for FileSend service.
 type FileSendServer interface {
 	DiffCopy(FileSend_DiffCopyServer) error
 }
 
+// UnimplementedFileSendServer can be embedded to have forward compatible implementations.
+type UnimplementedFileSendServer struct {
+}
+
+func (*UnimplementedFileSendServer) DiffCopy(srv FileSend_DiffCopyServer) error {
+	return status.Errorf(codes.Unimplemented, "method DiffCopy not implemented")
+}
+
 func RegisterFileSendServer(s *grpc.Server, srv FileSendServer) {
 	s.RegisterService(&_FileSend_serviceDesc, srv)
 }
@@ -367,7 +432,7 @@ var _FileSend_serviceDesc = grpc.ServiceDesc{
 func (m *BytesMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -375,29 +440,40 @@ func (m *BytesMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *BytesMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BytesMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Data) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintFilesync(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintFilesync(dAtA []byte, offset int, v uint64) int {
+	offset -= sovFilesync(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *BytesMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Data)
@@ -408,14 +484,7 @@ func (m *BytesMessage) Size() (n int) {
 }
 
 func sovFilesync(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozFilesync(x uint64) (n int) {
 	return sovFilesync(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -453,7 +522,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -481,7 +550,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -490,6 +559,9 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthFilesync
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthFilesync
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -504,7 +576,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthFilesync
 			}
 			if (iNdEx + skippy) > l {
@@ -522,6 +594,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 func skipFilesync(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -553,10 +626,8 @@ func skipFilesync(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -573,72 +644,34 @@ func skipFilesync(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthFilesync
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowFilesync
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipFilesync(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupFilesync
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthFilesync
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthFilesync = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowFilesync   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthFilesync        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowFilesync          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupFilesync = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("filesync.proto", fileDescriptorFilesync) }
-
-var fileDescriptorFilesync = []byte{
-	// 208 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4b, 0xcb, 0xcc, 0x49,
-	0x2d, 0xae, 0xcc, 0x4b, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0xc8, 0xcd, 0x4f, 0xaa,
-	0xd4, 0x83, 0x0b, 0x96, 0x19, 0x2a, 0x29, 0x71, 0xf1, 0x38, 0x55, 0x96, 0xa4, 0x16, 0xfb, 0xa6,
-	0x16, 0x17, 0x27, 0xa6, 0xa7, 0x0a, 0x09, 0x71, 0xb1, 0xa4, 0x24, 0x96, 0x24, 0x4a, 0x30, 0x2a,
-	0x30, 0x6a, 0xf0, 0x04, 0x81, 0xd9, 0x46, 0xab, 0x19, 0xb9, 0x38, 0xdc, 0x32, 0x73, 0x52, 0x83,
-	0x2b, 0xf3, 0x92, 0x85, 0xfc, 0xb8, 0x38, 0x5c, 0x32, 0xd3, 0xd2, 0x9c, 0xf3, 0x0b, 0x2a, 0x85,
-	0xe4, 0xf4, 0xd0, 0xcd, 0xd3, 0x43, 0x36, 0x4c, 0x8a, 0x80, 0xbc, 0x06, 0xa3, 0x01, 0xa3, 0x90,
-	0x3f, 0x17, 0x67, 0x48, 0x62, 0x51, 0x70, 0x49, 0x51, 0x6a, 0x62, 0x2e, 0x35, 0x0c, 0x34, 0x8a,
-	0x82, 0x3a, 0x36, 0x35, 0x2f, 0x85, 0xda, 0x8e, 0x75, 0x32, 0xbb, 0xf0, 0x50, 0x8e, 0xe1, 0xc6,
-	0x43, 0x39, 0x86, 0x0f, 0x0f, 0xe5, 0x18, 0x1b, 0x1e, 0xc9, 0x31, 0xae, 0x78, 0x24, 0xc7, 0x78,
-	0xe2, 0x91, 0x1c, 0xe3, 0x85, 0x47, 0x72, 0x8c, 0x0f, 0x1e, 0xc9, 0x31, 0xbe, 0x78, 0x24, 0xc7,
-	0xf0, 0xe1, 0x91, 0x1c, 0xe3, 0x84, 0xc7, 0x72, 0x0c, 0x51, 0x1c, 0x30, 0xb3, 0x92, 0xd8, 0xc0,
-	0xc1, 0x6f, 0x0c, 0x08, 0x00, 0x00, 0xff, 0xff, 0x72, 0x81, 0x1a, 0x91, 0x90, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.proto b/vendor/github.com/moby/buildkit/session/filesync/filesync.proto
index 0ae2937368096..9e39179285ee9 100644
--- a/vendor/github.com/moby/buildkit/session/filesync/filesync.proto
+++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.proto
@@ -4,9 +4,11 @@ package moby.filesync.v1;
 
 option go_package = "filesync";
 
+import "github.com/tonistiigi/fsutil/types/wire.proto";
+
 service FileSync{
-  rpc DiffCopy(stream BytesMessage) returns (stream BytesMessage);
-  rpc TarStream(stream BytesMessage) returns (stream BytesMessage);
+  rpc DiffCopy(stream fsutil.types.Packet) returns (stream fsutil.types.Packet);
+  rpc TarStream(stream fsutil.types.Packet) returns (stream fsutil.types.Packet);
 }
 
 service FileSend{
@@ -17,4 +19,4 @@ service FileSend{
 // BytesMessage contains a chunk of byte data
 message BytesMessage{
 	bytes data = 1;
-}
\ No newline at end of file
+}
diff --git a/vendor/github.com/moby/buildkit/session/filesync/generate.go b/vendor/github.com/moby/buildkit/session/filesync/generate.go
index 261e876272387..fbd72742b8568 100644
--- a/vendor/github.com/moby/buildkit/session/filesync/generate.go
+++ b/vendor/github.com/moby/buildkit/session/filesync/generate.go
@@ -1,3 +1,3 @@
 package filesync
 
-//go:generate protoc --gogoslick_out=plugins=grpc:. filesync.proto
+//go:generate protoc -I=. -I=../../vendor/ -I=../../vendor/github.com/tonistiigi/fsutil/types/ --gogoslick_out=plugins=grpc:. filesync.proto
diff --git a/vendor/github.com/moby/buildkit/session/group.go b/vendor/github.com/moby/buildkit/session/group.go
new file mode 100644
index 0000000000000..4b9ba221f5fea
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/session/group.go
@@ -0,0 +1,88 @@
+package session
+
+import (
+	"context"
+	"time"
+
+	"github.com/pkg/errors"
+)
+
+type Group interface {
+	SessionIterator() Iterator
+}
+type Iterator interface {
+	NextSession() string
+}
+
+func NewGroup(ids ...string) Group {
+	return &group{ids: ids}
+}
+
+type group struct {
+	ids []string
+}
+
+func (g *group) SessionIterator() Iterator {
+	return &group{ids: g.ids}
+}
+
+func (g *group) NextSession() string {
+	if len(g.ids) == 0 {
+		return ""
+	}
+	v := g.ids[0]
+	g.ids = g.ids[1:]
+	return v
+}
+
+func AllSessionIDs(g Group) (out []string) {
+	if g == nil {
+		return nil
+	}
+	it := g.SessionIterator()
+	if it == nil {
+		return nil
+	}
+	for {
+		v := it.NextSession()
+		if v == "" {
+			return
+		}
+		out = append(out, v)
+	}
+}
+
+func (sm *Manager) Any(ctx context.Context, g Group, f func(context.Context, string, Caller) error) error {
+	if g == nil {
+		return nil
+	}
+
+	iter := g.SessionIterator()
+	if iter == nil {
+		return nil
+	}
+
+	var lastErr error
+	for {
+		id := iter.NextSession()
+		if id == "" {
+			if lastErr != nil {
+				return lastErr
+			}
+			return errors.Errorf("no active sessions")
+		}
+
+		timeoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+		defer cancel()
+		c, err := sm.Get(timeoutCtx, id, false)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+		if err := f(ctx, id, c); err != nil {
+			lastErr = err
+			continue
+		}
+		return nil
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/session/grpc.go b/vendor/github.com/moby/buildkit/session/grpc.go
index 2798b6abba869..728ea2e17c30d 100644
--- a/vendor/github.com/moby/buildkit/session/grpc.go
+++ b/vendor/github.com/moby/buildkit/session/grpc.go
@@ -6,7 +6,9 @@ import (
 	"sync/atomic"
 	"time"
 
+	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc"
+	"github.com/moby/buildkit/util/grpcerrors"
 	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -25,8 +27,11 @@ func serve(ctx context.Context, grpcServer *grpc.Server, conn net.Conn) {
 }
 
 func grpcClientConn(ctx context.Context, conn net.Conn) (context.Context, *grpc.ClientConn, error) {
+	var unary []grpc.UnaryClientInterceptor
+	var stream []grpc.StreamClientInterceptor
+
 	var dialCount int64
-	dialer := grpc.WithDialer(func(addr string, d time.Duration) (net.Conn, error) {
+	dialer := grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) {
 		if c := atomic.AddInt64(&dialCount, 1); c > 1 {
 			return nil, errors.Errorf("only one connection allowed")
 		}
@@ -40,13 +45,26 @@ func grpcClientConn(ctx context.Context, conn net.Conn) (context.Context, *grpc.
 
 	if span := opentracing.SpanFromContext(ctx); span != nil {
 		tracer := span.Tracer()
-		dialOpts = append(dialOpts,
-			grpc.WithUnaryInterceptor(otgrpc.OpenTracingClientInterceptor(tracer, traceFilter())),
-			grpc.WithStreamInterceptor(otgrpc.OpenTracingStreamClientInterceptor(tracer, traceFilter())),
-		)
+		unary = append(unary, otgrpc.OpenTracingClientInterceptor(tracer, traceFilter()))
+		stream = append(stream, otgrpc.OpenTracingStreamClientInterceptor(tracer, traceFilter()))
+	}
+
+	unary = append(unary, grpcerrors.UnaryClientInterceptor)
+	stream = append(stream, grpcerrors.StreamClientInterceptor)
+
+	if len(unary) == 1 {
+		dialOpts = append(dialOpts, grpc.WithUnaryInterceptor(unary[0]))
+	} else if len(unary) > 1 {
+		dialOpts = append(dialOpts, grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(unary...)))
+	}
+
+	if len(stream) == 1 {
+		dialOpts = append(dialOpts, grpc.WithStreamInterceptor(stream[0]))
+	} else if len(stream) > 1 {
+		dialOpts = append(dialOpts, grpc.WithStreamInterceptor(grpc_middleware.ChainStreamClient(stream...)))
 	}
 
-	cc, err := grpc.DialContext(ctx, "", dialOpts...)
+	cc, err := grpc.DialContext(ctx, "localhost", dialOpts...)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "failed to create grpc client")
 	}
diff --git a/vendor/github.com/moby/buildkit/session/grpchijack/dial.go b/vendor/github.com/moby/buildkit/session/grpchijack/dial.go
index 151ab5498f3ab..5f0cf3d77a398 100644
--- a/vendor/github.com/moby/buildkit/session/grpchijack/dial.go
+++ b/vendor/github.com/moby/buildkit/session/grpchijack/dial.go
@@ -33,20 +33,26 @@ func Dialer(api controlapi.ControlClient) session.Dialer {
 	}
 }
 
-func streamToConn(stream grpc.Stream) (net.Conn, <-chan struct{}) {
+type stream interface {
+	Context() context.Context
+	SendMsg(m interface{}) error
+	RecvMsg(m interface{}) error
+}
+
+func streamToConn(stream stream) (net.Conn, <-chan struct{}) {
 	closeCh := make(chan struct{})
 	c := &conn{stream: stream, buf: make([]byte, 32*1<<10), closeCh: closeCh}
 	return c, closeCh
 }
 
 type conn struct {
-	stream  grpc.Stream
+	stream  stream
 	buf     []byte
 	lastBuf []byte
 
 	closedOnce sync.Once
 	readMu     sync.Mutex
-	err        error
+	writeMu    sync.Mutex
 	closeCh    chan struct{}
 }
 
@@ -79,6 +85,8 @@ func (c *conn) Read(b []byte) (n int, err error) {
 }
 
 func (c *conn) Write(b []byte) (int, error) {
+	c.writeMu.Lock()
+	defer c.writeMu.Unlock()
 	m := &controlapi.BytesMessage{Data: b}
 	if err := c.stream.SendMsg(m); err != nil {
 		return 0, err
@@ -93,7 +101,9 @@ func (c *conn) Close() (err error) {
 		}()
 
 		if cs, ok := c.stream.(grpc.ClientStream); ok {
+			c.writeMu.Lock()
 			err = cs.CloseSend()
+			c.writeMu.Unlock()
 			if err != nil {
 				return
 			}
@@ -106,6 +116,7 @@ func (c *conn) Close() (err error) {
 			err = c.stream.RecvMsg(m)
 			if err != nil {
 				if err != io.EOF {
+					c.readMu.Unlock()
 					return
 				}
 				err = nil
diff --git a/vendor/github.com/moby/buildkit/session/manager.go b/vendor/github.com/moby/buildkit/session/manager.go
index f401c7fb33dd9..edac93063c38f 100644
--- a/vendor/github.com/moby/buildkit/session/manager.go
+++ b/vendor/github.com/moby/buildkit/session/manager.go
@@ -149,7 +149,7 @@ func (sm *Manager) handleConn(ctx context.Context, conn net.Conn, opts map[strin
 }
 
 // Get returns a session by ID
-func (sm *Manager) Get(ctx context.Context, id string) (Caller, error) {
+func (sm *Manager) Get(ctx context.Context, id string, noWait bool) (Caller, error) {
 	// session prefix is used to identify vertexes with different contexts so
 	// they would not collide, but for lookup we don't need the prefix
 	if p := strings.SplitN(id, ":", 2); len(p) == 2 && len(p[1]) > 0 {
@@ -162,7 +162,9 @@ func (sm *Manager) Get(ctx context.Context, id string) (Caller, error) {
 	go func() {
 		select {
 		case <-ctx.Done():
+			sm.mu.Lock()
 			sm.updateCondition.Broadcast()
+			sm.mu.Unlock()
 		}
 	}()
 
@@ -178,7 +180,7 @@ func (sm *Manager) Get(ctx context.Context, id string) (Caller, error) {
 		}
 		var ok bool
 		c, ok = sm.sessions[id]
-		if !ok || c.closed() {
+		if (!ok || c.closed()) && !noWait {
 			sm.updateCondition.Wait()
 			continue
 		}
@@ -186,6 +188,10 @@ func (sm *Manager) Get(ctx context.Context, id string) (Caller, error) {
 		break
 	}
 
+	if c == nil {
+		return nil, nil
+	}
+
 	return c, nil
 }
 
diff --git a/vendor/github.com/moby/buildkit/session/secrets/secrets.go b/vendor/github.com/moby/buildkit/session/secrets/secrets.go
index 6cfda18bb98c9..604199df8e76c 100644
--- a/vendor/github.com/moby/buildkit/session/secrets/secrets.go
+++ b/vendor/github.com/moby/buildkit/session/secrets/secrets.go
@@ -4,9 +4,9 @@ import (
 	"context"
 
 	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/util/grpcerrors"
 	"github.com/pkg/errors"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )
 
 type SecretStore interface {
@@ -21,7 +21,7 @@ func GetSecret(ctx context.Context, c session.Caller, id string) ([]byte, error)
 		ID: id,
 	})
 	if err != nil {
-		if st, ok := status.FromError(err); ok && (st.Code() == codes.Unimplemented || st.Code() == codes.NotFound) {
+		if code := grpcerrors.Code(err); code == codes.Unimplemented || code == codes.NotFound {
 			return nil, errors.Wrapf(ErrNotFound, "secret %s not found", id)
 		}
 		return nil, err
diff --git a/vendor/github.com/moby/buildkit/session/secrets/secrets.pb.go b/vendor/github.com/moby/buildkit/session/secrets/secrets.pb.go
index 6f524b76d9a0d..3fadef0f89c74 100644
--- a/vendor/github.com/moby/buildkit/session/secrets/secrets.pb.go
+++ b/vendor/github.com/moby/buildkit/session/secrets/secrets.pb.go
@@ -1,32 +1,23 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: secrets.proto
 
-/*
-	Package secrets is a generated protocol buffer package.
-
-	It is generated from these files:
-		secrets.proto
-
-	It has these top-level messages:
-		GetSecretRequest
-		GetSecretResponse
-*/
 package secrets
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import bytes "bytes"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import io "io"
+import (
+	bytes "bytes"
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -37,16 +28,44 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type GetSecretRequest struct {
 	ID          string            `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
-	Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 }
 
-func (m *GetSecretRequest) Reset()                    { *m = GetSecretRequest{} }
-func (*GetSecretRequest) ProtoMessage()               {}
-func (*GetSecretRequest) Descriptor() ([]byte, []int) { return fileDescriptorSecrets, []int{0} }
+func (m *GetSecretRequest) Reset()      { *m = GetSecretRequest{} }
+func (*GetSecretRequest) ProtoMessage() {}
+func (*GetSecretRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d4bc6c625e214507, []int{0}
+}
+func (m *GetSecretRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetSecretRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetSecretRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetSecretRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetSecretRequest.Merge(m, src)
+}
+func (m *GetSecretRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetSecretRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetSecretRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetSecretRequest proto.InternalMessageInfo
 
 func (m *GetSecretRequest) GetID() string {
 	if m != nil {
@@ -66,9 +85,37 @@ type GetSecretResponse struct {
 	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
 }
 
-func (m *GetSecretResponse) Reset()                    { *m = GetSecretResponse{} }
-func (*GetSecretResponse) ProtoMessage()               {}
-func (*GetSecretResponse) Descriptor() ([]byte, []int) { return fileDescriptorSecrets, []int{1} }
+func (m *GetSecretResponse) Reset()      { *m = GetSecretResponse{} }
+func (*GetSecretResponse) ProtoMessage() {}
+func (*GetSecretResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d4bc6c625e214507, []int{1}
+}
+func (m *GetSecretResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GetSecretResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GetSecretResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GetSecretResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetSecretResponse.Merge(m, src)
+}
+func (m *GetSecretResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *GetSecretResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetSecretResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetSecretResponse proto.InternalMessageInfo
 
 func (m *GetSecretResponse) GetData() []byte {
 	if m != nil {
@@ -79,8 +126,34 @@ func (m *GetSecretResponse) GetData() []byte {
 
 func init() {
 	proto.RegisterType((*GetSecretRequest)(nil), "moby.buildkit.secrets.v1.GetSecretRequest")
+	proto.RegisterMapType((map[string]string)(nil), "moby.buildkit.secrets.v1.GetSecretRequest.AnnotationsEntry")
 	proto.RegisterType((*GetSecretResponse)(nil), "moby.buildkit.secrets.v1.GetSecretResponse")
 }
+
+func init() { proto.RegisterFile("secrets.proto", fileDescriptor_d4bc6c625e214507) }
+
+var fileDescriptor_d4bc6c625e214507 = []byte{
+	// 288 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2d, 0x4e, 0x4d, 0x2e,
+	0x4a, 0x2d, 0x29, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x92, 0xc8, 0xcd, 0x4f, 0xaa, 0xd4,
+	0x4b, 0x2a, 0xcd, 0xcc, 0x49, 0xc9, 0xce, 0x2c, 0xd1, 0x83, 0x49, 0x96, 0x19, 0x2a, 0x1d, 0x64,
+	0xe4, 0x12, 0x70, 0x4f, 0x2d, 0x09, 0x06, 0x8b, 0x04, 0xa5, 0x16, 0x96, 0xa6, 0x16, 0x97, 0x08,
+	0xf1, 0x71, 0x31, 0x79, 0xba, 0x48, 0x30, 0x2a, 0x30, 0x6a, 0x70, 0x06, 0x31, 0x79, 0xba, 0x08,
+	0xc5, 0x72, 0x71, 0x27, 0xe6, 0xe5, 0xe5, 0x97, 0x24, 0x96, 0x64, 0xe6, 0xe7, 0x15, 0x4b, 0x30,
+	0x29, 0x30, 0x6b, 0x70, 0x1b, 0x59, 0xeb, 0xe1, 0x32, 0x54, 0x0f, 0xdd, 0x40, 0x3d, 0x47, 0x84,
+	0x6e, 0xd7, 0xbc, 0x92, 0xa2, 0xca, 0x20, 0x64, 0xf3, 0xa4, 0xec, 0xb8, 0x04, 0xd0, 0x15, 0x08,
+	0x09, 0x70, 0x31, 0x67, 0xa7, 0x56, 0x42, 0xdd, 0x00, 0x62, 0x0a, 0x89, 0x70, 0xb1, 0x96, 0x25,
+	0xe6, 0x94, 0xa6, 0x4a, 0x30, 0x81, 0xc5, 0x20, 0x1c, 0x2b, 0x26, 0x0b, 0x46, 0x25, 0x75, 0x2e,
+	0x41, 0x24, 0x1b, 0x8b, 0x0b, 0xf2, 0xf3, 0x8a, 0x53, 0x85, 0x84, 0xb8, 0x58, 0x52, 0x12, 0x4b,
+	0x12, 0xc1, 0x26, 0xf0, 0x04, 0x81, 0xd9, 0x46, 0xf9, 0x5c, 0xec, 0x10, 0x55, 0xc5, 0x42, 0x29,
+	0x5c, 0x9c, 0x70, 0x3d, 0x42, 0x5a, 0xc4, 0x7b, 0x45, 0x4a, 0x9b, 0x28, 0xb5, 0x10, 0x47, 0x38,
+	0xd9, 0x5e, 0x78, 0x28, 0xc7, 0x70, 0xe3, 0xa1, 0x1c, 0xc3, 0x87, 0x87, 0x72, 0x8c, 0x0d, 0x8f,
+	0xe4, 0x18, 0x57, 0x3c, 0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07,
+	0x8f, 0xe4, 0x18, 0x5f, 0x3c, 0x92, 0x63, 0xf8, 0xf0, 0x48, 0x8e, 0x71, 0xc2, 0x63, 0x39, 0x86,
+	0x0b, 0x8f, 0xe5, 0x18, 0x6e, 0x3c, 0x96, 0x63, 0x88, 0x62, 0x87, 0x9a, 0x99, 0xc4, 0x06, 0x8e,
+	0x3d, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0x2c, 0x38, 0xec, 0x1f, 0xce, 0x01, 0x00, 0x00,
+}
+
 func (this *GetSecretRequest) Equal(that interface{}) bool {
 	if that == nil {
 		return this == nil
@@ -148,7 +221,7 @@ func (this *GetSecretRequest) GoString() string {
 	for k, _ := range this.Annotations {
 		keysForAnnotations = append(keysForAnnotations, k)
 	}
-	sortkeys.Strings(keysForAnnotations)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations)
 	mapStringForAnnotations := "map[string]string{"
 	for _, k := range keysForAnnotations {
 		mapStringForAnnotations += fmt.Sprintf("%#v: %#v,", k, this.Annotations[k])
@@ -187,8 +260,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Secrets service
-
+// SecretsClient is the client API for Secrets service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type SecretsClient interface {
 	GetSecret(ctx context.Context, in *GetSecretRequest, opts ...grpc.CallOption) (*GetSecretResponse, error)
 }
@@ -203,19 +277,26 @@ func NewSecretsClient(cc *grpc.ClientConn) SecretsClient {
 
 func (c *secretsClient) GetSecret(ctx context.Context, in *GetSecretRequest, opts ...grpc.CallOption) (*GetSecretResponse, error) {
 	out := new(GetSecretResponse)
-	err := grpc.Invoke(ctx, "/moby.buildkit.secrets.v1.Secrets/GetSecret", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/moby.buildkit.secrets.v1.Secrets/GetSecret", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Secrets service
-
+// SecretsServer is the server API for Secrets service.
 type SecretsServer interface {
 	GetSecret(context.Context, *GetSecretRequest) (*GetSecretResponse, error)
 }
 
+// UnimplementedSecretsServer can be embedded to have forward compatible implementations.
+type UnimplementedSecretsServer struct {
+}
+
+func (*UnimplementedSecretsServer) GetSecret(ctx context.Context, req *GetSecretRequest) (*GetSecretResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetSecret not implemented")
+}
+
 func RegisterSecretsServer(s *grpc.Server, srv SecretsServer) {
 	s.RegisterService(&_Secrets_serviceDesc, srv)
 }
@@ -254,7 +335,7 @@ var _Secrets_serviceDesc = grpc.ServiceDesc{
 func (m *GetSecretRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -262,40 +343,48 @@ func (m *GetSecretRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetSecretRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetSecretRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintSecrets(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
 	if len(m.Annotations) > 0 {
-		for k, _ := range m.Annotations {
-			dAtA[i] = 0x12
-			i++
+		for k := range m.Annotations {
 			v := m.Annotations[k]
-			mapSize := 1 + len(k) + sovSecrets(uint64(len(k))) + 1 + len(v) + sovSecrets(uint64(len(v)))
-			i = encodeVarintSecrets(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintSecrets(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
 			i = encodeVarintSecrets(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintSecrets(dAtA, i, uint64(baseI-i))
+			i--
 			dAtA[i] = 0x12
-			i++
-			i = encodeVarintSecrets(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
 		}
 	}
-	return i, nil
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintSecrets(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *GetSecretResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -303,29 +392,40 @@ func (m *GetSecretResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *GetSecretResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GetSecretResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Data) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintSecrets(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintSecrets(dAtA []byte, offset int, v uint64) int {
+	offset -= sovSecrets(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *GetSecretRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -344,6 +444,9 @@ func (m *GetSecretRequest) Size() (n int) {
 }
 
 func (m *GetSecretResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Data)
@@ -354,14 +457,7 @@ func (m *GetSecretResponse) Size() (n int) {
 }
 
 func sovSecrets(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozSecrets(x uint64) (n int) {
 	return sovSecrets(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -374,7 +470,7 @@ func (this *GetSecretRequest) String() string {
 	for k, _ := range this.Annotations {
 		keysForAnnotations = append(keysForAnnotations, k)
 	}
-	sortkeys.Strings(keysForAnnotations)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations)
 	mapStringForAnnotations := "map[string]string{"
 	for _, k := range keysForAnnotations {
 		mapStringForAnnotations += fmt.Sprintf("%v: %v,", k, this.Annotations[k])
@@ -420,7 +516,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -448,7 +544,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -458,6 +554,9 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSecrets
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSecrets
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -477,7 +576,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -486,6 +585,9 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSecrets
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthSecrets
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -506,7 +608,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -523,7 +625,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -533,6 +635,9 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSecrets
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthSecrets
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -549,7 +654,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -559,6 +664,9 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthSecrets
 					}
 					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthSecrets
+					}
 					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -570,7 +678,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 					if err != nil {
 						return err
 					}
-					if skippy < 0 {
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
 						return ErrInvalidLengthSecrets
 					}
 					if (iNdEx + skippy) > postIndex {
@@ -587,7 +695,7 @@ func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSecrets
 			}
 			if (iNdEx + skippy) > l {
@@ -617,7 +725,7 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -645,7 +753,7 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -654,6 +762,9 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSecrets
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSecrets
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -668,7 +779,7 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSecrets
 			}
 			if (iNdEx + skippy) > l {
@@ -686,6 +797,7 @@ func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
 func skipSecrets(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -717,10 +829,8 @@ func skipSecrets(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -737,77 +847,34 @@ func skipSecrets(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthSecrets
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowSecrets
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipSecrets(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupSecrets
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthSecrets
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthSecrets = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowSecrets   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthSecrets        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowSecrets          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupSecrets = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("secrets.proto", fileDescriptorSecrets) }
-
-var fileDescriptorSecrets = []byte{
-	// 279 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2d, 0x4e, 0x4d, 0x2e,
-	0x4a, 0x2d, 0x29, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x92, 0xc8, 0xcd, 0x4f, 0xaa, 0xd4,
-	0x4b, 0x2a, 0xcd, 0xcc, 0x49, 0xc9, 0xce, 0x2c, 0xd1, 0x83, 0x49, 0x96, 0x19, 0x2a, 0x1d, 0x64,
-	0xe4, 0x12, 0x70, 0x4f, 0x2d, 0x09, 0x06, 0x8b, 0x04, 0xa5, 0x16, 0x96, 0xa6, 0x16, 0x97, 0x08,
-	0xf1, 0x71, 0x31, 0x79, 0xba, 0x48, 0x30, 0x2a, 0x30, 0x6a, 0x70, 0x06, 0x31, 0x79, 0xba, 0x08,
-	0xc5, 0x72, 0x71, 0x27, 0xe6, 0xe5, 0xe5, 0x97, 0x24, 0x96, 0x64, 0xe6, 0xe7, 0x15, 0x4b, 0x30,
-	0x29, 0x30, 0x6b, 0x70, 0x1b, 0x59, 0xeb, 0xe1, 0x32, 0x54, 0x0f, 0xdd, 0x40, 0x3d, 0x47, 0x84,
-	0x6e, 0xd7, 0xbc, 0x92, 0xa2, 0xca, 0x20, 0x64, 0xf3, 0xa4, 0xec, 0xb8, 0x04, 0xd0, 0x15, 0x08,
-	0x09, 0x70, 0x31, 0x67, 0xa7, 0x56, 0x42, 0xdd, 0x00, 0x62, 0x0a, 0x89, 0x70, 0xb1, 0x96, 0x25,
-	0xe6, 0x94, 0xa6, 0x4a, 0x30, 0x81, 0xc5, 0x20, 0x1c, 0x2b, 0x26, 0x0b, 0x46, 0x25, 0x75, 0x2e,
-	0x41, 0x24, 0x1b, 0x8b, 0x0b, 0xf2, 0xf3, 0x8a, 0x53, 0x85, 0x84, 0xb8, 0x58, 0x52, 0x12, 0x4b,
-	0x12, 0xc1, 0x26, 0xf0, 0x04, 0x81, 0xd9, 0x46, 0xf9, 0x5c, 0xec, 0x10, 0x55, 0xc5, 0x42, 0x29,
-	0x5c, 0x9c, 0x70, 0x3d, 0x42, 0x5a, 0xc4, 0x7b, 0x45, 0x4a, 0x9b, 0x28, 0xb5, 0x10, 0x47, 0x38,
-	0x99, 0x5e, 0x78, 0x28, 0xc7, 0x70, 0xe3, 0xa1, 0x1c, 0xc3, 0x87, 0x87, 0x72, 0x8c, 0x0d, 0x8f,
-	0xe4, 0x18, 0x57, 0x3c, 0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07,
-	0x8f, 0xe4, 0x18, 0x5f, 0x3c, 0x92, 0x63, 0xf8, 0xf0, 0x48, 0x8e, 0x71, 0xc2, 0x63, 0x39, 0x86,
-	0x28, 0x76, 0xa8, 0x59, 0x49, 0x6c, 0xe0, 0x58, 0x33, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x05,
-	0x4e, 0x56, 0xde, 0xc6, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/session/session.go b/vendor/github.com/moby/buildkit/session/session.go
index 47c9579633a70..02c7420a8e8ee 100644
--- a/vendor/github.com/moby/buildkit/session/session.go
+++ b/vendor/github.com/moby/buildkit/session/session.go
@@ -5,8 +5,10 @@ import (
 	"net"
 	"strings"
 
+	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc"
 	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/util/grpcerrors"
 	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/pkg/errors"
 	"google.golang.org/grpc"
@@ -24,7 +26,7 @@ const (
 // Dialer returns a connection that can be used by the session
 type Dialer func(ctx context.Context, proto string, meta map[string][]string) (net.Conn, error)
 
-// Attachable defines a feature that can be expsed on a session
+// Attachable defines a feature that can be exposed on a session
 type Attachable interface {
 	Register(*grpc.Server)
 }
@@ -45,13 +47,29 @@ type Session struct {
 func NewSession(ctx context.Context, name, sharedKey string) (*Session, error) {
 	id := identity.NewID()
 
+	var unary []grpc.UnaryServerInterceptor
+	var stream []grpc.StreamServerInterceptor
+
 	serverOpts := []grpc.ServerOption{}
 	if span := opentracing.SpanFromContext(ctx); span != nil {
 		tracer := span.Tracer()
-		serverOpts = []grpc.ServerOption{
-			grpc.StreamInterceptor(otgrpc.OpenTracingStreamServerInterceptor(span.Tracer(), traceFilter())),
-			grpc.UnaryInterceptor(otgrpc.OpenTracingServerInterceptor(tracer, traceFilter())),
-		}
+		unary = append(unary, otgrpc.OpenTracingServerInterceptor(tracer, traceFilter()))
+		stream = append(stream, otgrpc.OpenTracingStreamServerInterceptor(span.Tracer(), traceFilter()))
+	}
+
+	unary = append(unary, grpcerrors.UnaryServerInterceptor)
+	stream = append(stream, grpcerrors.StreamServerInterceptor)
+
+	if len(unary) == 1 {
+		serverOpts = append(serverOpts, grpc.UnaryInterceptor(unary[0]))
+	} else if len(unary) > 1 {
+		serverOpts = append(serverOpts, grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(unary...)))
+	}
+
+	if len(stream) == 1 {
+		serverOpts = append(serverOpts, grpc.StreamInterceptor(stream[0]))
+	} else if len(stream) > 1 {
+		serverOpts = append(serverOpts, grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(stream...)))
 	}
 
 	s := &Session{
@@ -66,7 +84,7 @@ func NewSession(ctx context.Context, name, sharedKey string) (*Session, error) {
 	return s, nil
 }
 
-// Allow enable a given service to be reachable through the grpc session
+// Allow enables a given service to be reachable through the grpc session
 func (s *Session) Allow(a Attachable) {
 	a.Register(s.grpcServer)
 }
diff --git a/vendor/github.com/moby/buildkit/session/sshforward/copy.go b/vendor/github.com/moby/buildkit/session/sshforward/copy.go
index c101f3b4558fb..6db414894923f 100644
--- a/vendor/github.com/moby/buildkit/session/sshforward/copy.go
+++ b/vendor/github.com/moby/buildkit/session/sshforward/copy.go
@@ -3,23 +3,28 @@ package sshforward
 import (
 	io "io"
 
+	"github.com/pkg/errors"
 	context "golang.org/x/net/context"
 	"golang.org/x/sync/errgroup"
-	"google.golang.org/grpc"
 )
 
-func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) error {
+type Stream interface {
+	SendMsg(m interface{}) error
+	RecvMsg(m interface{}) error
+}
+
+func Copy(ctx context.Context, conn io.ReadWriteCloser, stream Stream, closeStream func() error) error {
 	g, ctx := errgroup.WithContext(ctx)
 
 	g.Go(func() (retErr error) {
 		p := &BytesMessage{}
 		for {
 			if err := stream.RecvMsg(p); err != nil {
+				conn.Close()
 				if err == io.EOF {
 					return nil
 				}
-				conn.Close()
-				return err
+				return errors.WithStack(err)
 			}
 			select {
 			case <-ctx.Done():
@@ -29,7 +34,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro
 			}
 			if _, err := conn.Write(p.Data); err != nil {
 				conn.Close()
-				return err
+				return errors.WithStack(err)
 			}
 			p.Data = p.Data[:0]
 		}
@@ -41,9 +46,12 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro
 			n, err := conn.Read(buf)
 			switch {
 			case err == io.EOF:
+				if closeStream != nil {
+					closeStream()
+				}
 				return nil
 			case err != nil:
-				return err
+				return errors.WithStack(err)
 			}
 			select {
 			case <-ctx.Done():
@@ -52,7 +60,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro
 			}
 			p := &BytesMessage{Data: buf[:n]}
 			if err := stream.SendMsg(p); err != nil {
-				return err
+				return errors.WithStack(err)
 			}
 		}
 	})
diff --git a/vendor/github.com/moby/buildkit/session/sshforward/ssh.go b/vendor/github.com/moby/buildkit/session/sshforward/ssh.go
index a4effef604a2e..a7a4c2e228a30 100644
--- a/vendor/github.com/moby/buildkit/session/sshforward/ssh.go
+++ b/vendor/github.com/moby/buildkit/session/sshforward/ssh.go
@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 
 	"github.com/moby/buildkit/session"
+	"github.com/pkg/errors"
 	context "golang.org/x/net/context"
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/grpc/metadata"
@@ -48,7 +49,7 @@ func (s *server) run(ctx context.Context, l net.Listener, id string) error {
 				return err
 			}
 
-			go Copy(ctx, conn, stream)
+			go Copy(ctx, conn, stream, stream.CloseSend)
 		}
 	})
 
@@ -65,7 +66,7 @@ type SocketOpt struct {
 func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockPath string, closer func() error, err error) {
 	dir, err := ioutil.TempDir("", ".buildkit-ssh-sock")
 	if err != nil {
-		return "", nil, err
+		return "", nil, errors.WithStack(err)
 	}
 
 	defer func() {
@@ -74,20 +75,24 @@ func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockP
 		}
 	}()
 
+	if err := os.Chmod(dir, 0711); err != nil {
+		return "", nil, errors.WithStack(err)
+	}
+
 	sockPath = filepath.Join(dir, "ssh_auth_sock")
 
 	l, err := net.Listen("unix", sockPath)
 	if err != nil {
-		return "", nil, err
+		return "", nil, errors.WithStack(err)
 	}
 
 	if err := os.Chown(sockPath, opt.UID, opt.GID); err != nil {
 		l.Close()
-		return "", nil, err
+		return "", nil, errors.WithStack(err)
 	}
 	if err := os.Chmod(sockPath, os.FileMode(opt.Mode)); err != nil {
 		l.Close()
-		return "", nil, err
+		return "", nil, errors.WithStack(err)
 	}
 
 	s := &server{caller: c}
@@ -102,12 +107,12 @@ func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockP
 	return sockPath, func() error {
 		err := l.Close()
 		os.RemoveAll(sockPath)
-		return err
+		return errors.WithStack(err)
 	}, nil
 }
 
 func CheckSSHID(ctx context.Context, c session.Caller, id string) error {
 	client := NewSSHClient(c.Conn())
 	_, err := client.CheckAgent(ctx, &CheckAgentRequest{ID: id})
-	return err
+	return errors.WithStack(err)
 }
diff --git a/vendor/github.com/moby/buildkit/session/sshforward/ssh.pb.go b/vendor/github.com/moby/buildkit/session/sshforward/ssh.pb.go
index 3fb36c9d34ac6..d2bda697c87a3 100644
--- a/vendor/github.com/moby/buildkit/session/sshforward/ssh.pb.go
+++ b/vendor/github.com/moby/buildkit/session/sshforward/ssh.pb.go
@@ -1,32 +1,22 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: ssh.proto
 
-/*
-Package sshforward is a generated protocol buffer package.
-
-It is generated from these files:
-	ssh.proto
-
-It has these top-level messages:
-	BytesMessage
-	CheckAgentRequest
-	CheckAgentResponse
-*/
 package sshforward
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import bytes "bytes"
-
-import strings "strings"
-import reflect "reflect"
-
-import context "golang.org/x/net/context"
-import grpc "google.golang.org/grpc"
-
-import io "io"
+import (
+	bytes "bytes"
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -37,16 +27,44 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // BytesMessage contains a chunk of byte data
 type BytesMessage struct {
 	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
 }
 
-func (m *BytesMessage) Reset()                    { *m = BytesMessage{} }
-func (*BytesMessage) ProtoMessage()               {}
-func (*BytesMessage) Descriptor() ([]byte, []int) { return fileDescriptorSsh, []int{0} }
+func (m *BytesMessage) Reset()      { *m = BytesMessage{} }
+func (*BytesMessage) ProtoMessage() {}
+func (*BytesMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ef0eae71e2e883eb, []int{0}
+}
+func (m *BytesMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BytesMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BytesMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BytesMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BytesMessage.Merge(m, src)
+}
+func (m *BytesMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *BytesMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_BytesMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_BytesMessage proto.InternalMessageInfo
 
 func (m *BytesMessage) GetData() []byte {
 	if m != nil {
@@ -59,9 +77,37 @@ type CheckAgentRequest struct {
 	ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
 }
 
-func (m *CheckAgentRequest) Reset()                    { *m = CheckAgentRequest{} }
-func (*CheckAgentRequest) ProtoMessage()               {}
-func (*CheckAgentRequest) Descriptor() ([]byte, []int) { return fileDescriptorSsh, []int{1} }
+func (m *CheckAgentRequest) Reset()      { *m = CheckAgentRequest{} }
+func (*CheckAgentRequest) ProtoMessage() {}
+func (*CheckAgentRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ef0eae71e2e883eb, []int{1}
+}
+func (m *CheckAgentRequest) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CheckAgentRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CheckAgentRequest.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CheckAgentRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CheckAgentRequest.Merge(m, src)
+}
+func (m *CheckAgentRequest) XXX_Size() int {
+	return m.Size()
+}
+func (m *CheckAgentRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CheckAgentRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CheckAgentRequest proto.InternalMessageInfo
 
 func (m *CheckAgentRequest) GetID() string {
 	if m != nil {
@@ -73,15 +119,66 @@ func (m *CheckAgentRequest) GetID() string {
 type CheckAgentResponse struct {
 }
 
-func (m *CheckAgentResponse) Reset()                    { *m = CheckAgentResponse{} }
-func (*CheckAgentResponse) ProtoMessage()               {}
-func (*CheckAgentResponse) Descriptor() ([]byte, []int) { return fileDescriptorSsh, []int{2} }
+func (m *CheckAgentResponse) Reset()      { *m = CheckAgentResponse{} }
+func (*CheckAgentResponse) ProtoMessage() {}
+func (*CheckAgentResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ef0eae71e2e883eb, []int{2}
+}
+func (m *CheckAgentResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CheckAgentResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_CheckAgentResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *CheckAgentResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CheckAgentResponse.Merge(m, src)
+}
+func (m *CheckAgentResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *CheckAgentResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CheckAgentResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CheckAgentResponse proto.InternalMessageInfo
 
 func init() {
 	proto.RegisterType((*BytesMessage)(nil), "moby.sshforward.v1.BytesMessage")
 	proto.RegisterType((*CheckAgentRequest)(nil), "moby.sshforward.v1.CheckAgentRequest")
 	proto.RegisterType((*CheckAgentResponse)(nil), "moby.sshforward.v1.CheckAgentResponse")
 }
+
+func init() { proto.RegisterFile("ssh.proto", fileDescriptor_ef0eae71e2e883eb) }
+
+var fileDescriptor_ef0eae71e2e883eb = []byte{
+	// 252 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2c, 0x2e, 0xce, 0xd0,
+	0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0xca, 0xcd, 0x4f, 0xaa, 0xd4, 0x2b, 0x2e, 0xce, 0x48,
+	0xcb, 0x2f, 0x2a, 0x4f, 0x2c, 0x4a, 0xd1, 0x2b, 0x33, 0x54, 0x52, 0xe2, 0xe2, 0x71, 0xaa, 0x2c,
+	0x49, 0x2d, 0xf6, 0x4d, 0x2d, 0x2e, 0x4e, 0x4c, 0x4f, 0x15, 0x12, 0xe2, 0x62, 0x49, 0x49, 0x2c,
+	0x49, 0x94, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x09, 0x02, 0xb3, 0x95, 0x94, 0xb9, 0x04, 0x9d, 0x33,
+	0x52, 0x93, 0xb3, 0x1d, 0xd3, 0x53, 0xf3, 0x4a, 0x82, 0x52, 0x0b, 0x4b, 0x53, 0x8b, 0x4b, 0x84,
+	0xf8, 0xb8, 0x98, 0x3c, 0x5d, 0xc0, 0xca, 0x38, 0x83, 0x98, 0x3c, 0x5d, 0x94, 0x44, 0xb8, 0x84,
+	0x90, 0x15, 0x15, 0x17, 0xe4, 0xe7, 0x15, 0xa7, 0x1a, 0xed, 0x62, 0xe4, 0x62, 0x0e, 0x0e, 0xf6,
+	0x10, 0x8a, 0xe6, 0xe2, 0x42, 0xc8, 0x0a, 0xa9, 0xea, 0x61, 0xba, 0x44, 0x0f, 0xc3, 0x0a, 0x29,
+	0x35, 0x42, 0xca, 0x20, 0x96, 0x08, 0x85, 0x71, 0xf1, 0xb8, 0x41, 0x14, 0x40, 0x8c, 0x57, 0xc0,
+	0xa6, 0x0f, 0xd9, 0x97, 0x52, 0x04, 0x55, 0x68, 0x30, 0x1a, 0x30, 0x3a, 0x39, 0x5c, 0x78, 0x28,
+	0xc7, 0x70, 0xe3, 0xa1, 0x1c, 0xc3, 0x87, 0x87, 0x72, 0x8c, 0x0d, 0x8f, 0xe4, 0x18, 0x57, 0x3c,
+	0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4, 0x18, 0x5f,
+	0x3c, 0x92, 0x63, 0xf8, 0xf0, 0x48, 0x8e, 0x71, 0xc2, 0x63, 0x39, 0x86, 0x0b, 0x8f, 0xe5, 0x18,
+	0x6e, 0x3c, 0x96, 0x63, 0x88, 0xe2, 0x42, 0x98, 0x9a, 0xc4, 0x06, 0x0e, 0x78, 0x63, 0x40, 0x00,
+	0x00, 0x00, 0xff, 0xff, 0x6c, 0xe6, 0x6d, 0xb7, 0x85, 0x01, 0x00, 0x00,
+}
+
 func (this *BytesMessage) Equal(that interface{}) bool {
 	if that == nil {
 		return this == nil
@@ -197,8 +294,9 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for SSH service
-
+// SSHClient is the client API for SSH service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type SSHClient interface {
 	CheckAgent(ctx context.Context, in *CheckAgentRequest, opts ...grpc.CallOption) (*CheckAgentResponse, error)
 	ForwardAgent(ctx context.Context, opts ...grpc.CallOption) (SSH_ForwardAgentClient, error)
@@ -214,7 +312,7 @@ func NewSSHClient(cc *grpc.ClientConn) SSHClient {
 
 func (c *sSHClient) CheckAgent(ctx context.Context, in *CheckAgentRequest, opts ...grpc.CallOption) (*CheckAgentResponse, error) {
 	out := new(CheckAgentResponse)
-	err := grpc.Invoke(ctx, "/moby.sshforward.v1.SSH/CheckAgent", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/moby.sshforward.v1.SSH/CheckAgent", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -222,7 +320,7 @@ func (c *sSHClient) CheckAgent(ctx context.Context, in *CheckAgentRequest, opts
 }
 
 func (c *sSHClient) ForwardAgent(ctx context.Context, opts ...grpc.CallOption) (SSH_ForwardAgentClient, error) {
-	stream, err := grpc.NewClientStream(ctx, &_SSH_serviceDesc.Streams[0], c.cc, "/moby.sshforward.v1.SSH/ForwardAgent", opts...)
+	stream, err := c.cc.NewStream(ctx, &_SSH_serviceDesc.Streams[0], "/moby.sshforward.v1.SSH/ForwardAgent", opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -252,13 +350,23 @@ func (x *sSHForwardAgentClient) Recv() (*BytesMessage, error) {
 	return m, nil
 }
 
-// Server API for SSH service
-
+// SSHServer is the server API for SSH service.
 type SSHServer interface {
 	CheckAgent(context.Context, *CheckAgentRequest) (*CheckAgentResponse, error)
 	ForwardAgent(SSH_ForwardAgentServer) error
 }
 
+// UnimplementedSSHServer can be embedded to have forward compatible implementations.
+type UnimplementedSSHServer struct {
+}
+
+func (*UnimplementedSSHServer) CheckAgent(ctx context.Context, req *CheckAgentRequest) (*CheckAgentResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CheckAgent not implemented")
+}
+func (*UnimplementedSSHServer) ForwardAgent(srv SSH_ForwardAgentServer) error {
+	return status.Errorf(codes.Unimplemented, "method ForwardAgent not implemented")
+}
+
 func RegisterSSHServer(s *grpc.Server, srv SSHServer) {
 	s.RegisterService(&_SSH_serviceDesc, srv)
 }
@@ -330,7 +438,7 @@ var _SSH_serviceDesc = grpc.ServiceDesc{
 func (m *BytesMessage) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -338,23 +446,29 @@ func (m *BytesMessage) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *BytesMessage) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BytesMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.Data) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
 		i = encodeVarintSsh(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CheckAgentRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -362,23 +476,29 @@ func (m *CheckAgentRequest) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CheckAgentRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CheckAgentRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
 		i = encodeVarintSsh(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *CheckAgentResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -386,23 +506,33 @@ func (m *CheckAgentResponse) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *CheckAgentResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CheckAgentResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintSsh(dAtA []byte, offset int, v uint64) int {
+	offset -= sovSsh(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *BytesMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Data)
@@ -413,6 +543,9 @@ func (m *BytesMessage) Size() (n int) {
 }
 
 func (m *CheckAgentRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -423,20 +556,16 @@ func (m *CheckAgentRequest) Size() (n int) {
 }
 
 func (m *CheckAgentResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	return n
 }
 
 func sovSsh(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozSsh(x uint64) (n int) {
 	return sovSsh(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -493,7 +622,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -521,7 +650,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -530,6 +659,9 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSsh
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSsh
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -544,7 +676,7 @@ func (m *BytesMessage) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSsh
 			}
 			if (iNdEx + skippy) > l {
@@ -574,7 +706,7 @@ func (m *CheckAgentRequest) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -602,7 +734,7 @@ func (m *CheckAgentRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -612,6 +744,9 @@ func (m *CheckAgentRequest) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthSsh
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSsh
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -623,7 +758,7 @@ func (m *CheckAgentRequest) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSsh
 			}
 			if (iNdEx + skippy) > l {
@@ -653,7 +788,7 @@ func (m *CheckAgentResponse) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -673,7 +808,7 @@ func (m *CheckAgentResponse) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthSsh
 			}
 			if (iNdEx + skippy) > l {
@@ -691,6 +826,7 @@ func (m *CheckAgentResponse) Unmarshal(dAtA []byte) error {
 func skipSsh(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -722,10 +858,8 @@ func skipSsh(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -742,75 +876,34 @@ func skipSsh(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthSsh
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowSsh
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipSsh(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupSsh
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthSsh
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthSsh = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowSsh   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthSsh        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowSsh          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupSsh = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("ssh.proto", fileDescriptorSsh) }
-
-var fileDescriptorSsh = []byte{
-	// 243 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2c, 0x2e, 0xce, 0xd0,
-	0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0xca, 0xcd, 0x4f, 0xaa, 0xd4, 0x2b, 0x2e, 0xce, 0x48,
-	0xcb, 0x2f, 0x2a, 0x4f, 0x2c, 0x4a, 0xd1, 0x2b, 0x33, 0x54, 0x52, 0xe2, 0xe2, 0x71, 0xaa, 0x2c,
-	0x49, 0x2d, 0xf6, 0x4d, 0x2d, 0x2e, 0x4e, 0x4c, 0x4f, 0x15, 0x12, 0xe2, 0x62, 0x49, 0x49, 0x2c,
-	0x49, 0x94, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x09, 0x02, 0xb3, 0x95, 0x94, 0xb9, 0x04, 0x9d, 0x33,
-	0x52, 0x93, 0xb3, 0x1d, 0xd3, 0x53, 0xf3, 0x4a, 0x82, 0x52, 0x0b, 0x4b, 0x53, 0x8b, 0x4b, 0x84,
-	0xf8, 0xb8, 0x98, 0x3c, 0x5d, 0xc0, 0xca, 0x38, 0x83, 0x98, 0x3c, 0x5d, 0x94, 0x44, 0xb8, 0x84,
-	0x90, 0x15, 0x15, 0x17, 0xe4, 0xe7, 0x15, 0xa7, 0x1a, 0xed, 0x62, 0xe4, 0x62, 0x0e, 0x0e, 0xf6,
-	0x10, 0x8a, 0xe6, 0xe2, 0x42, 0xc8, 0x0a, 0xa9, 0xea, 0x61, 0xba, 0x44, 0x0f, 0xc3, 0x0a, 0x29,
-	0x35, 0x42, 0xca, 0x20, 0x96, 0x08, 0x85, 0x71, 0xf1, 0xb8, 0x41, 0x14, 0x40, 0x8c, 0x57, 0xc0,
-	0xa6, 0x0f, 0xd9, 0x97, 0x52, 0x04, 0x55, 0x68, 0x30, 0x1a, 0x30, 0x3a, 0x59, 0x5c, 0x78, 0x28,
-	0xc7, 0x70, 0xe3, 0xa1, 0x1c, 0xc3, 0x87, 0x87, 0x72, 0x8c, 0x0d, 0x8f, 0xe4, 0x18, 0x57, 0x3c,
-	0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4, 0x18, 0x5f,
-	0x3c, 0x92, 0x63, 0xf8, 0xf0, 0x48, 0x8e, 0x71, 0xc2, 0x63, 0x39, 0x86, 0x28, 0x2e, 0x84, 0x69,
-	0x49, 0x6c, 0xe0, 0x00, 0x37, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x31, 0x3e, 0x40, 0xab, 0x7d,
-	0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/session/upload/generate.go b/vendor/github.com/moby/buildkit/session/upload/generate.go
new file mode 100644
index 0000000000000..c498a9201c623
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/session/upload/generate.go
@@ -0,0 +1,3 @@
+package upload
+
+//go:generate protoc --gogoslick_out=plugins=grpc:. upload.proto
diff --git a/vendor/github.com/moby/buildkit/session/upload/upload.go b/vendor/github.com/moby/buildkit/session/upload/upload.go
new file mode 100644
index 0000000000000..c739b92d814f5
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/session/upload/upload.go
@@ -0,0 +1,56 @@
+package upload
+
+import (
+	"context"
+	io "io"
+	"net/url"
+
+	"github.com/moby/buildkit/session"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc/metadata"
+)
+
+const (
+	keyPath = "urlpath"
+	keyHost = "urlhost"
+)
+
+func New(ctx context.Context, c session.Caller, url *url.URL) (*Upload, error) {
+	opts := map[string][]string{
+		keyPath: {url.Path},
+		keyHost: {url.Host},
+	}
+
+	client := NewUploadClient(c.Conn())
+
+	ctx = metadata.NewOutgoingContext(ctx, opts)
+
+	cc, err := client.Pull(ctx)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return &Upload{cc: cc}, nil
+}
+
+type Upload struct {
+	cc Upload_PullClient
+}
+
+func (u *Upload) WriteTo(w io.Writer) (int, error) {
+	n := 0
+	for {
+		var bm BytesMessage
+		if err := u.cc.RecvMsg(&bm); err != nil {
+			if err == io.EOF {
+				return n, nil
+			}
+			return n, errors.WithStack(err)
+		}
+		nn, err := w.Write(bm.Data)
+		n += nn
+		if err != nil {
+			return n, errors.WithStack(err)
+		}
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/session/upload/upload.pb.go b/vendor/github.com/moby/buildkit/session/upload/upload.pb.go
new file mode 100644
index 0000000000000..8ab5d04dd28fe
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/session/upload/upload.pb.go
@@ -0,0 +1,498 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: upload.proto
+
+package upload
+
+import (
+	bytes "bytes"
+	context "context"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
+// BytesMessage contains a chunk of byte data
+type BytesMessage struct {
+	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
+}
+
+func (m *BytesMessage) Reset()      { *m = BytesMessage{} }
+func (*BytesMessage) ProtoMessage() {}
+func (*BytesMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_91b94b655bd2a7e5, []int{0}
+}
+func (m *BytesMessage) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BytesMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_BytesMessage.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *BytesMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BytesMessage.Merge(m, src)
+}
+func (m *BytesMessage) XXX_Size() int {
+	return m.Size()
+}
+func (m *BytesMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_BytesMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_BytesMessage proto.InternalMessageInfo
+
+func (m *BytesMessage) GetData() []byte {
+	if m != nil {
+		return m.Data
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterType((*BytesMessage)(nil), "moby.upload.v1.BytesMessage")
+}
+
+func init() { proto.RegisterFile("upload.proto", fileDescriptor_91b94b655bd2a7e5) }
+
+var fileDescriptor_91b94b655bd2a7e5 = []byte{
+	// 179 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x29, 0x2d, 0xc8, 0xc9,
+	0x4f, 0x4c, 0xd1, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0xcb, 0xcd, 0x4f, 0xaa, 0xd4, 0x83,
+	0x0a, 0x95, 0x19, 0x2a, 0x29, 0x71, 0xf1, 0x38, 0x55, 0x96, 0xa4, 0x16, 0xfb, 0xa6, 0x16, 0x17,
+	0x27, 0xa6, 0xa7, 0x0a, 0x09, 0x71, 0xb1, 0xa4, 0x24, 0x96, 0x24, 0x4a, 0x30, 0x2a, 0x30, 0x6a,
+	0xf0, 0x04, 0x81, 0xd9, 0x46, 0x01, 0x5c, 0x6c, 0xa1, 0x60, 0x0d, 0x42, 0x6e, 0x5c, 0x2c, 0x01,
+	0xa5, 0x39, 0x39, 0x42, 0x32, 0x7a, 0xa8, 0xc6, 0xe8, 0x21, 0x9b, 0x21, 0x85, 0x57, 0x56, 0x83,
+	0xd1, 0x80, 0xd1, 0xc9, 0xe6, 0xc2, 0x43, 0x39, 0x86, 0x1b, 0x0f, 0xe5, 0x18, 0x3e, 0x3c, 0x94,
+	0x63, 0x6c, 0x78, 0x24, 0xc7, 0xb8, 0xe2, 0x91, 0x1c, 0xe3, 0x89, 0x47, 0x72, 0x8c, 0x17, 0x1e,
+	0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0xf8, 0xe2, 0x91, 0x1c, 0xc3, 0x87, 0x47, 0x72, 0x8c, 0x13,
+	0x1e, 0xcb, 0x31, 0x5c, 0x78, 0x2c, 0xc7, 0x70, 0xe3, 0xb1, 0x1c, 0x43, 0x14, 0x1b, 0xc4, 0xc4,
+	0x24, 0x36, 0xb0, 0x57, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff, 0xff, 0x12, 0xf2, 0xfc, 0xb4, 0xda,
+	0x00, 0x00, 0x00,
+}
+
+func (this *BytesMessage) Equal(that interface{}) bool {
+	if that == nil {
+		return this == nil
+	}
+
+	that1, ok := that.(*BytesMessage)
+	if !ok {
+		that2, ok := that.(BytesMessage)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		return this == nil
+	} else if this == nil {
+		return false
+	}
+	if !bytes.Equal(this.Data, that1.Data) {
+		return false
+	}
+	return true
+}
+func (this *BytesMessage) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 5)
+	s = append(s, "&upload.BytesMessage{")
+	s = append(s, "Data: "+fmt.Sprintf("%#v", this.Data)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func valueToGoStringUpload(v interface{}, typ string) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// UploadClient is the client API for Upload service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type UploadClient interface {
+	Pull(ctx context.Context, opts ...grpc.CallOption) (Upload_PullClient, error)
+}
+
+type uploadClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewUploadClient(cc *grpc.ClientConn) UploadClient {
+	return &uploadClient{cc}
+}
+
+func (c *uploadClient) Pull(ctx context.Context, opts ...grpc.CallOption) (Upload_PullClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_Upload_serviceDesc.Streams[0], "/moby.upload.v1.Upload/Pull", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &uploadPullClient{stream}
+	return x, nil
+}
+
+type Upload_PullClient interface {
+	Send(*BytesMessage) error
+	Recv() (*BytesMessage, error)
+	grpc.ClientStream
+}
+
+type uploadPullClient struct {
+	grpc.ClientStream
+}
+
+func (x *uploadPullClient) Send(m *BytesMessage) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *uploadPullClient) Recv() (*BytesMessage, error) {
+	m := new(BytesMessage)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// UploadServer is the server API for Upload service.
+type UploadServer interface {
+	Pull(Upload_PullServer) error
+}
+
+// UnimplementedUploadServer can be embedded to have forward compatible implementations.
+type UnimplementedUploadServer struct {
+}
+
+func (*UnimplementedUploadServer) Pull(srv Upload_PullServer) error {
+	return status.Errorf(codes.Unimplemented, "method Pull not implemented")
+}
+
+func RegisterUploadServer(s *grpc.Server, srv UploadServer) {
+	s.RegisterService(&_Upload_serviceDesc, srv)
+}
+
+func _Upload_Pull_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(UploadServer).Pull(&uploadPullServer{stream})
+}
+
+type Upload_PullServer interface {
+	Send(*BytesMessage) error
+	Recv() (*BytesMessage, error)
+	grpc.ServerStream
+}
+
+type uploadPullServer struct {
+	grpc.ServerStream
+}
+
+func (x *uploadPullServer) Send(m *BytesMessage) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *uploadPullServer) Recv() (*BytesMessage, error) {
+	m := new(BytesMessage)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+var _Upload_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "moby.upload.v1.Upload",
+	HandlerType: (*UploadServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "Pull",
+			Handler:       _Upload_Pull_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "upload.proto",
+}
+
+func (m *BytesMessage) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *BytesMessage) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BytesMessage) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintUpload(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintUpload(dAtA []byte, offset int, v uint64) int {
+	offset -= sovUpload(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func (m *BytesMessage) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Data)
+	if l > 0 {
+		n += 1 + l + sovUpload(uint64(l))
+	}
+	return n
+}
+
+func sovUpload(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozUpload(x uint64) (n int) {
+	return sovUpload(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *BytesMessage) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&BytesMessage{`,
+		`Data:` + fmt.Sprintf("%v", this.Data) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringUpload(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *BytesMessage) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowUpload
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: BytesMessage: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: BytesMessage: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowUpload
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthUpload
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthUpload
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...)
+			if m.Data == nil {
+				m.Data = []byte{}
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipUpload(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthUpload
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipUpload(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	depth := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowUpload
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowUpload
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+		case 1:
+			iNdEx += 8
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowUpload
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if length < 0 {
+				return 0, ErrInvalidLengthUpload
+			}
+			iNdEx += length
+		case 3:
+			depth++
+		case 4:
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupUpload
+			}
+			depth--
+		case 5:
+			iNdEx += 4
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthUpload
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
+	}
+	return 0, io.ErrUnexpectedEOF
+}
+
+var (
+	ErrInvalidLengthUpload        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowUpload          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupUpload = fmt.Errorf("proto: unexpected end of group")
+)
diff --git a/vendor/github.com/moby/buildkit/session/upload/upload.proto b/vendor/github.com/moby/buildkit/session/upload/upload.proto
new file mode 100644
index 0000000000000..ce254ba90977e
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/session/upload/upload.proto
@@ -0,0 +1,14 @@
+syntax = "proto3";
+
+package moby.upload.v1;
+
+option go_package = "upload";
+
+service Upload {
+	rpc Pull(stream BytesMessage) returns (stream BytesMessage);
+}
+
+// BytesMessage contains a chunk of byte data
+message BytesMessage{
+	bytes data = 1;
+}
diff --git a/vendor/github.com/moby/buildkit/snapshot/blobmapping/snapshotter.go b/vendor/github.com/moby/buildkit/snapshot/blobmapping/snapshotter.go
deleted file mode 100644
index e145235a290be..0000000000000
--- a/vendor/github.com/moby/buildkit/snapshot/blobmapping/snapshotter.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package blobmapping
-
-import (
-	"context"
-
-	"github.com/containerd/containerd/content"
-	"github.com/containerd/containerd/snapshots"
-	"github.com/moby/buildkit/cache/metadata"
-	"github.com/moby/buildkit/snapshot"
-	digest "github.com/opencontainers/go-digest"
-	"github.com/sirupsen/logrus"
-	bolt "go.etcd.io/bbolt"
-)
-
-const blobKey = "blobmapping.blob"
-
-type Opt struct {
-	Content       content.Store
-	Snapshotter   snapshot.SnapshotterBase
-	MetadataStore *metadata.Store
-}
-
-type Info struct {
-	snapshots.Info
-	Blob string
-}
-
-type DiffPair struct {
-	Blobsum digest.Digest
-	DiffID  digest.Digest
-}
-
-// this snapshotter keeps an internal mapping between a snapshot and a blob
-
-type Snapshotter struct {
-	snapshot.SnapshotterBase
-	opt Opt
-}
-
-func NewSnapshotter(opt Opt) snapshot.Snapshotter {
-	s := &Snapshotter{
-		SnapshotterBase: opt.Snapshotter,
-		opt:             opt,
-	}
-
-	return s
-}
-
-// Remove also removes a reference to a blob. If it is a last reference then it deletes it the blob as well
-// Remove is not safe to be called concurrently
-func (s *Snapshotter) Remove(ctx context.Context, key string) error {
-	_, blob, err := s.GetBlob(ctx, key)
-	if err != nil {
-		return err
-	}
-
-	blobs, err := s.opt.MetadataStore.Search(index(blob))
-	if err != nil {
-		return err
-	}
-
-	if err := s.SnapshotterBase.Remove(ctx, key); err != nil {
-		return err
-	}
-
-	if len(blobs) == 1 && blobs[0].ID() == key { // last snapshot
-		if err := s.opt.Content.Delete(ctx, blob); err != nil {
-			logrus.Errorf("failed to delete blob %v: %+v", blob, err)
-		}
-	}
-	return nil
-}
-
-func (s *Snapshotter) Usage(ctx context.Context, key string) (snapshots.Usage, error) {
-	u, err := s.SnapshotterBase.Usage(ctx, key)
-	if err != nil {
-		return snapshots.Usage{}, err
-	}
-	_, blob, err := s.GetBlob(ctx, key)
-	if err != nil {
-		return u, err
-	}
-	if blob != "" {
-		info, err := s.opt.Content.Info(ctx, blob)
-		if err != nil {
-			return u, err
-		}
-		(&u).Add(snapshots.Usage{Size: info.Size, Inodes: 1})
-	}
-	return u, nil
-}
-
-func (s *Snapshotter) GetBlob(ctx context.Context, key string) (digest.Digest, digest.Digest, error) {
-	md, _ := s.opt.MetadataStore.Get(key)
-	v := md.Get(blobKey)
-	if v == nil {
-		return "", "", nil
-	}
-	var blob DiffPair
-	if err := v.Unmarshal(&blob); err != nil {
-		return "", "", err
-	}
-	return blob.DiffID, blob.Blobsum, nil
-}
-
-// Validates that there is no blob associated with the snapshot.
-// Checks that there is a blob in the content store.
-// If same blob has already been set then this is a noop.
-func (s *Snapshotter) SetBlob(ctx context.Context, key string, diffID, blobsum digest.Digest) error {
-	info, err := s.opt.Content.Info(ctx, blobsum)
-	if err != nil {
-		return err
-	}
-	if _, ok := info.Labels["containerd.io/uncompressed"]; !ok {
-		labels := map[string]string{
-			"containerd.io/uncompressed": diffID.String(),
-		}
-		if _, err := s.opt.Content.Update(ctx, content.Info{
-			Digest: blobsum,
-			Labels: labels,
-		}, "labels.containerd.io/uncompressed"); err != nil {
-			return err
-		}
-	}
-	md, _ := s.opt.MetadataStore.Get(key)
-
-	v, err := metadata.NewValue(DiffPair{DiffID: diffID, Blobsum: blobsum})
-	if err != nil {
-		return err
-	}
-	v.Index = index(blobsum)
-
-	return md.Update(func(b *bolt.Bucket) error {
-		return md.SetValue(b, blobKey, v)
-	})
-}
-
-func index(blob digest.Digest) string {
-	return "blobmap::" + blob.String()
-}
diff --git a/vendor/github.com/moby/buildkit/snapshot/containerd/content.go b/vendor/github.com/moby/buildkit/snapshot/containerd/content.go
new file mode 100644
index 0000000000000..1be21e90041b7
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/snapshot/containerd/content.go
@@ -0,0 +1,82 @@
+package containerd
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/namespaces"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+func NewContentStore(store content.Store, ns string) content.Store {
+	return &nsContent{ns, store}
+}
+
+type nsContent struct {
+	ns string
+	content.Store
+}
+
+func (c *nsContent) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Info(ctx, dgst)
+}
+
+func (c *nsContent) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Update(ctx, info, fieldpaths...)
+}
+
+func (c *nsContent) Walk(ctx context.Context, fn content.WalkFunc, filters ...string) error {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Walk(ctx, fn, filters...)
+}
+
+func (c *nsContent) Delete(ctx context.Context, dgst digest.Digest) error {
+	return errors.Errorf("contentstore.Delete usage is forbidden")
+}
+
+func (c *nsContent) Status(ctx context.Context, ref string) (content.Status, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Status(ctx, ref)
+}
+
+func (c *nsContent) ListStatuses(ctx context.Context, filters ...string) ([]content.Status, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.ListStatuses(ctx, filters...)
+}
+
+func (c *nsContent) Abort(ctx context.Context, ref string) error {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Abort(ctx, ref)
+}
+
+func (c *nsContent) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.ReaderAt(ctx, desc)
+}
+
+func (c *nsContent) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) {
+	return c.writer(ctx, 3, opts...)
+}
+
+func (c *nsContent) writer(ctx context.Context, retries int, opts ...content.WriterOpt) (content.Writer, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	w, err := c.Store.Writer(ctx, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &nsWriter{Writer: w, ns: c.ns}, nil
+}
+
+type nsWriter struct {
+	content.Writer
+	ns string
+}
+
+func (w *nsWriter) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error {
+	ctx = namespaces.WithNamespace(ctx, w.ns)
+	return w.Writer.Commit(ctx, size, expected, opts...)
+}
diff --git a/vendor/github.com/moby/buildkit/snapshot/containerd/snapshotter.go b/vendor/github.com/moby/buildkit/snapshot/containerd/snapshotter.go
new file mode 100644
index 0000000000000..93e8b395b64c8
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/snapshot/containerd/snapshotter.go
@@ -0,0 +1,63 @@
+package containerd
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/snapshots"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/pkg/errors"
+)
+
+func NewSnapshotter(name string, snapshotter snapshots.Snapshotter, ns string, idmap *idtools.IdentityMapping) snapshot.Snapshotter {
+	return snapshot.FromContainerdSnapshotter(name, &nsSnapshotter{ns, snapshotter}, idmap)
+}
+
+func NSSnapshotter(ns string, snapshotter snapshots.Snapshotter) snapshots.Snapshotter {
+	return &nsSnapshotter{ns: ns, Snapshotter: snapshotter}
+}
+
+type nsSnapshotter struct {
+	ns string
+	snapshots.Snapshotter
+}
+
+func (s *nsSnapshotter) Stat(ctx context.Context, key string) (snapshots.Info, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Stat(ctx, key)
+}
+
+func (s *nsSnapshotter) Update(ctx context.Context, info snapshots.Info, fieldpaths ...string) (snapshots.Info, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Update(ctx, info, fieldpaths...)
+}
+
+func (s *nsSnapshotter) Usage(ctx context.Context, key string) (snapshots.Usage, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Usage(ctx, key)
+}
+func (s *nsSnapshotter) Mounts(ctx context.Context, key string) ([]mount.Mount, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Mounts(ctx, key)
+}
+func (s *nsSnapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Prepare(ctx, key, parent, opts...)
+}
+func (s *nsSnapshotter) View(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.View(ctx, key, parent, opts...)
+}
+func (s *nsSnapshotter) Commit(ctx context.Context, name, key string, opts ...snapshots.Opt) error {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Commit(ctx, name, key, opts...)
+}
+func (s *nsSnapshotter) Remove(ctx context.Context, key string) error {
+	return errors.Errorf("calling snapshotter.Remove is forbidden")
+}
+func (s *nsSnapshotter) Walk(ctx context.Context, fn snapshots.WalkFunc, filters ...string) error {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Walk(ctx, fn, filters...)
+}
diff --git a/vendor/github.com/moby/buildkit/snapshot/localmounter.go b/vendor/github.com/moby/buildkit/snapshot/localmounter.go
index 18e2411cfc908..9ddb7c1af6420 100644
--- a/vendor/github.com/moby/buildkit/snapshot/localmounter.go
+++ b/vendor/github.com/moby/buildkit/snapshot/localmounter.go
@@ -1,12 +1,9 @@
 package snapshot
 
 import (
-	"io/ioutil"
-	"os"
 	"sync"
 
 	"github.com/containerd/containerd/mount"
-	"github.com/pkg/errors"
 )
 
 type Mounter interface {
@@ -31,42 +28,5 @@ type localMounter struct {
 	mounts    []mount.Mount
 	mountable Mountable
 	target    string
-}
-
-func (lm *localMounter) Mount() (string, error) {
-	lm.mu.Lock()
-	defer lm.mu.Unlock()
-
-	if lm.mounts == nil {
-		mounts, err := lm.mountable.Mount()
-		if err != nil {
-			return "", err
-		}
-		lm.mounts = mounts
-	}
-
-	if len(lm.mounts) == 1 && (lm.mounts[0].Type == "bind" || lm.mounts[0].Type == "rbind") {
-		ro := false
-		for _, opt := range lm.mounts[0].Options {
-			if opt == "ro" {
-				ro = true
-				break
-			}
-		}
-		if !ro {
-			return lm.mounts[0].Source, nil
-		}
-	}
-
-	dir, err := ioutil.TempDir("", "buildkit-mount")
-	if err != nil {
-		return "", errors.Wrap(err, "failed to create temp dir")
-	}
-
-	if err := mount.All(lm.mounts, dir); err != nil {
-		os.RemoveAll(dir)
-		return "", errors.Wrapf(err, "failed to mount %s: %+v", dir, lm.mounts)
-	}
-	lm.target = dir
-	return dir, nil
+	release   func() error
 }
diff --git a/vendor/github.com/moby/buildkit/snapshot/localmounter_unix.go b/vendor/github.com/moby/buildkit/snapshot/localmounter_unix.go
index c44e435e993dd..78d395b12597f 100644
--- a/vendor/github.com/moby/buildkit/snapshot/localmounter_unix.go
+++ b/vendor/github.com/moby/buildkit/snapshot/localmounter_unix.go
@@ -3,12 +3,53 @@
 package snapshot
 
 import (
+	"io/ioutil"
 	"os"
 	"syscall"
 
 	"github.com/containerd/containerd/mount"
+	"github.com/pkg/errors"
 )
 
+func (lm *localMounter) Mount() (string, error) {
+	lm.mu.Lock()
+	defer lm.mu.Unlock()
+
+	if lm.mounts == nil {
+		mounts, release, err := lm.mountable.Mount()
+		if err != nil {
+			return "", err
+		}
+		lm.mounts = mounts
+		lm.release = release
+	}
+
+	if len(lm.mounts) == 1 && (lm.mounts[0].Type == "bind" || lm.mounts[0].Type == "rbind") {
+		ro := false
+		for _, opt := range lm.mounts[0].Options {
+			if opt == "ro" {
+				ro = true
+				break
+			}
+		}
+		if !ro {
+			return lm.mounts[0].Source, nil
+		}
+	}
+
+	dir, err := ioutil.TempDir("", "buildkit-mount")
+	if err != nil {
+		return "", errors.Wrap(err, "failed to create temp dir")
+	}
+
+	if err := mount.All(lm.mounts, dir); err != nil {
+		os.RemoveAll(dir)
+		return "", errors.Wrapf(err, "failed to mount %s: %+v", dir, lm.mounts)
+	}
+	lm.target = dir
+	return dir, nil
+}
+
 func (lm *localMounter) Unmount() error {
 	lm.mu.Lock()
 	defer lm.mu.Unlock()
@@ -21,8 +62,8 @@ func (lm *localMounter) Unmount() error {
 		lm.target = ""
 	}
 
-	if lm.mountable != nil {
-		return lm.mountable.Release()
+	if lm.release != nil {
+		return lm.release()
 	}
 
 	return nil
diff --git a/vendor/github.com/moby/buildkit/snapshot/localmounter_windows.go b/vendor/github.com/moby/buildkit/snapshot/localmounter_windows.go
index 4e1287b0d801a..df2e99b6c1807 100644
--- a/vendor/github.com/moby/buildkit/snapshot/localmounter_windows.go
+++ b/vendor/github.com/moby/buildkit/snapshot/localmounter_windows.go
@@ -1,11 +1,56 @@
 package snapshot
 
 import (
-	"os"
-
+	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/mount"
+	"github.com/pkg/errors"
 )
 
+func (lm *localMounter) Mount() (string, error) {
+	lm.mu.Lock()
+	defer lm.mu.Unlock()
+
+	if lm.mounts == nil {
+		mounts, release, err := lm.mountable.Mount()
+		if err != nil {
+			return "", err
+		}
+		lm.mounts = mounts
+		lm.release = release
+	}
+
+	// Windows can only mount a single mount at a given location.
+	// Parent layers are carried in Options, opaquely to localMounter.
+	if len(lm.mounts) != 1 {
+		return "", errors.Wrapf(errdefs.ErrNotImplemented, "request to mount %d layers, only 1 is supported", len(lm.mounts))
+	}
+
+	m := lm.mounts[0]
+
+	if m.Type == "bind" || m.Type == "rbind" {
+		ro := false
+		for _, opt := range m.Options {
+			if opt == "ro" {
+				ro = true
+				break
+			}
+		}
+		if !ro {
+			return m.Source, nil
+		}
+	}
+
+	// Windows mounts always activate in-place, so the target of the mount must be the source directory.
+	// See https://github.com/containerd/containerd/pull/2366
+	dir := m.Source
+
+	if err := m.Mount(dir); err != nil {
+		return "", errors.Wrapf(err, "failed to mount in-place: %v", m)
+	}
+	lm.target = dir
+	return lm.target, nil
+}
+
 func (lm *localMounter) Unmount() error {
 	lm.mu.Lock()
 	defer lm.mu.Unlock()
@@ -14,12 +59,11 @@ func (lm *localMounter) Unmount() error {
 		if err := mount.Unmount(lm.target, 0); err != nil {
 			return err
 		}
-		os.RemoveAll(lm.target)
 		lm.target = ""
 	}
 
-	if lm.mountable != nil {
-		return lm.mountable.Release()
+	if lm.release != nil {
+		return lm.release()
 	}
 
 	return nil
diff --git a/vendor/github.com/moby/buildkit/snapshot/snapshotter.go b/vendor/github.com/moby/buildkit/snapshot/snapshotter.go
index ad7fcaf2dcf4e..a4bf1c4f77514 100644
--- a/vendor/github.com/moby/buildkit/snapshot/snapshotter.go
+++ b/vendor/github.com/moby/buildkit/snapshot/snapshotter.go
@@ -2,20 +2,24 @@ package snapshot
 
 import (
 	"context"
+	"os"
 	"sync"
+	"sync/atomic"
 
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/snapshots"
-	digest "github.com/opencontainers/go-digest"
+	"github.com/docker/docker/pkg/idtools"
 )
 
 type Mountable interface {
 	// ID() string
-	Mount() ([]mount.Mount, error)
-	Release() error
+	Mount() ([]mount.Mount, func() error, error)
+	IdentityMapping() *idtools.IdentityMapping
 }
 
-type SnapshotterBase interface {
+// Snapshotter defines interface that any snapshot implementation should satisfy
+type Snapshotter interface {
+	Name() string
 	Mounts(ctx context.Context, key string) (Mountable, error)
 	Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error
 	View(ctx context.Context, key, parent string, opts ...snapshots.Opt) (Mountable, error)
@@ -25,27 +29,23 @@ type SnapshotterBase interface {
 	Usage(ctx context.Context, key string) (snapshots.Usage, error)
 	Commit(ctx context.Context, name, key string, opts ...snapshots.Opt) error
 	Remove(ctx context.Context, key string) error
-	Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error
+	Walk(ctx context.Context, fn snapshots.WalkFunc, filters ...string) error
 	Close() error
+	IdentityMapping() *idtools.IdentityMapping
 }
 
-// Snapshotter defines interface that any snapshot implementation should satisfy
-type Snapshotter interface {
-	Blobmapper
-	SnapshotterBase
-}
-
-type Blobmapper interface {
-	GetBlob(ctx context.Context, key string) (digest.Digest, digest.Digest, error)
-	SetBlob(ctx context.Context, key string, diffID, blob digest.Digest) error
-}
-
-func FromContainerdSnapshotter(s snapshots.Snapshotter) SnapshotterBase {
-	return &fromContainerd{Snapshotter: s}
+func FromContainerdSnapshotter(name string, s snapshots.Snapshotter, idmap *idtools.IdentityMapping) Snapshotter {
+	return &fromContainerd{name: name, Snapshotter: s, idmap: idmap}
 }
 
 type fromContainerd struct {
+	name string
 	snapshots.Snapshotter
+	idmap *idtools.IdentityMapping
+}
+
+func (s *fromContainerd) Name() string {
+	return s.name
 }
 
 func (s *fromContainerd) Mounts(ctx context.Context, key string) (Mountable, error) {
@@ -53,7 +53,7 @@ func (s *fromContainerd) Mounts(ctx context.Context, key string) (Mountable, err
 	if err != nil {
 		return nil, err
 	}
-	return &staticMountable{mounts}, nil
+	return &staticMountable{mounts: mounts, idmap: s.idmap, id: key}, nil
 }
 func (s *fromContainerd) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error {
 	_, err := s.Snapshotter.Prepare(ctx, key, parent, opts...)
@@ -64,19 +64,33 @@ func (s *fromContainerd) View(ctx context.Context, key, parent string, opts ...s
 	if err != nil {
 		return nil, err
 	}
-	return &staticMountable{mounts}, nil
+	return &staticMountable{mounts: mounts, idmap: s.idmap, id: key}, nil
+}
+func (s *fromContainerd) IdentityMapping() *idtools.IdentityMapping {
+	return s.idmap
 }
 
 type staticMountable struct {
+	count  int32
+	id     string
 	mounts []mount.Mount
+	idmap  *idtools.IdentityMapping
 }
 
-func (m *staticMountable) Mount() ([]mount.Mount, error) {
-	return m.mounts, nil
+func (cm *staticMountable) Mount() ([]mount.Mount, func() error, error) {
+	atomic.AddInt32(&cm.count, 1)
+	return cm.mounts, func() error {
+		if atomic.AddInt32(&cm.count, -1) < 0 {
+			if v := os.Getenv("BUILDKIT_DEBUG_PANIC_ON_ERROR"); v == "1" {
+				panic("release of released mount " + cm.id)
+			}
+		}
+		return nil
+	}, nil
 }
 
-func (cm *staticMountable) Release() error {
-	return nil
+func (cm *staticMountable) IdentityMapping() *idtools.IdentityMapping {
+	return cm.idmap
 }
 
 // NewContainerdSnapshotter converts snapshotter to containerd snapshotter
@@ -96,7 +110,7 @@ func (cs *containerdSnapshotter) release() error {
 	defer cs.mu.Unlock()
 	var err error
 	for _, f := range cs.releasers {
-		if err1 := f(); err != nil && err == nil {
+		if err1 := f(); err1 != nil && err == nil {
 			err = err1
 		}
 	}
@@ -104,12 +118,12 @@ func (cs *containerdSnapshotter) release() error {
 }
 
 func (cs *containerdSnapshotter) returnMounts(mf Mountable) ([]mount.Mount, error) {
-	mounts, err := mf.Mount()
+	mounts, release, err := mf.Mount()
 	if err != nil {
 		return nil, err
 	}
 	cs.mu.Lock()
-	cs.releasers = append(cs.releasers, mf.Release)
+	cs.releasers = append(cs.releasers, release)
 	cs.mu.Unlock()
 	return mounts, nil
 }
diff --git a/vendor/github.com/moby/buildkit/solver/bboltcachestorage/storage.go b/vendor/github.com/moby/buildkit/solver/bboltcachestorage/storage.go
index 19755816cd5ae..515feffbf0d26 100644
--- a/vendor/github.com/moby/buildkit/solver/bboltcachestorage/storage.go
+++ b/vendor/github.com/moby/buildkit/solver/bboltcachestorage/storage.go
@@ -233,12 +233,6 @@ func (s *Store) releaseHelper(tx *bolt.Tx, id, resultID string) error {
 		}
 	}
 
-	links := tx.Bucket([]byte(resultBucket))
-	if results == nil {
-		return nil
-	}
-	links = links.Bucket([]byte(id))
-
 	return s.emptyBranchWithParents(tx, []byte(id))
 }
 
diff --git a/vendor/github.com/moby/buildkit/solver/cachemanager.go b/vendor/github.com/moby/buildkit/solver/cachemanager.go
index ce41aa791b303..b628b55a19199 100644
--- a/vendor/github.com/moby/buildkit/solver/cachemanager.go
+++ b/vendor/github.com/moby/buildkit/solver/cachemanager.go
@@ -3,7 +3,9 @@ package solver
 import (
 	"context"
 	"fmt"
+	"strings"
 	"sync"
+	"time"
 
 	"github.com/moby/buildkit/identity"
 	digest "github.com/opencontainers/go-digest"
@@ -142,15 +144,91 @@ func (c *cacheManager) Load(ctx context.Context, rec *CacheRecord) (Result, erro
 	return c.results.Load(ctx, res)
 }
 
-func (c *cacheManager) Save(k *CacheKey, r Result) (*ExportableCacheKey, error) {
+type LoadedResult struct {
+	Result      Result
+	CacheResult CacheResult
+	CacheKey    *CacheKey
+}
+
+func (c *cacheManager) filterResults(m map[string]Result, ck *CacheKey, visited map[string]struct{}) (results []LoadedResult, err error) {
+	id := c.getID(ck)
+	if _, ok := visited[id]; ok {
+		return nil, nil
+	}
+	visited[id] = struct{}{}
+	if err := c.backend.WalkResults(id, func(cr CacheResult) error {
+		res, ok := m[id]
+		if ok {
+			results = append(results, LoadedResult{
+				Result:      res,
+				CacheKey:    ck,
+				CacheResult: cr,
+			})
+			delete(m, id)
+		}
+		return nil
+	}); err != nil {
+		for _, r := range results {
+			r.Result.Release(context.TODO())
+		}
+	}
+	for _, keys := range ck.Deps() {
+		for _, key := range keys {
+			res, err := c.filterResults(m, key.CacheKey.CacheKey, visited)
+			if err != nil {
+				for _, r := range results {
+					r.Result.Release(context.TODO())
+				}
+				return nil, err
+			}
+			results = append(results, res...)
+		}
+	}
+	return
+}
+
+func (c *cacheManager) LoadWithParents(ctx context.Context, rec *CacheRecord) ([]LoadedResult, error) {
+	lwp, ok := c.results.(interface {
+		LoadWithParents(context.Context, CacheResult) (map[string]Result, error)
+	})
+	if !ok {
+		res, err := c.Load(ctx, rec)
+		if err != nil {
+			return nil, err
+		}
+		return []LoadedResult{{Result: res, CacheKey: rec.key, CacheResult: CacheResult{ID: c.getID(rec.key), CreatedAt: rec.CreatedAt}}}, nil
+	}
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	cr, err := c.backend.Load(c.getID(rec.key), rec.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := lwp.LoadWithParents(ctx, cr)
+	if err != nil {
+		return nil, err
+	}
+
+	results, err := c.filterResults(m, rec.key, map[string]struct{}{})
+	if err != nil {
+		for _, r := range m {
+			r.Release(context.TODO())
+		}
+	}
+
+	return results, nil
+}
+
+func (c *cacheManager) Save(k *CacheKey, r Result, createdAt time.Time) (*ExportableCacheKey, error) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
-	res, err := c.results.Save(r)
+	res, err := c.results.Save(r, createdAt)
 	if err != nil {
 		return nil, err
 	}
-
 	if err := c.backend.AddResult(c.getID(k), res); err != nil {
 		return nil, err
 	}
@@ -273,5 +351,8 @@ func (c *cacheManager) getIDFromDeps(k *CacheKey) string {
 }
 
 func rootKey(dgst digest.Digest, output Index) digest.Digest {
+	if strings.HasPrefix(dgst.String(), "random:") {
+		return digest.Digest("random:" + strings.TrimPrefix(digest.FromBytes([]byte(fmt.Sprintf("%s@%d", dgst, output))).String(), digest.Canonical.String()+":"))
+	}
 	return digest.FromBytes([]byte(fmt.Sprintf("%s@%d", dgst, output)))
 }
diff --git a/vendor/github.com/moby/buildkit/solver/cacheopts.go b/vendor/github.com/moby/buildkit/solver/cacheopts.go
new file mode 100644
index 0000000000000..7c58d82112cb0
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/cacheopts.go
@@ -0,0 +1,88 @@
+package solver
+
+import (
+	"context"
+
+	digest "github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
+)
+
+type CacheOpts map[interface{}]interface{}
+
+type cacheOptGetterKey struct{}
+
+func CacheOptGetterOf(ctx context.Context) func(keys ...interface{}) map[interface{}]interface{} {
+	if v := ctx.Value(cacheOptGetterKey{}); v != nil {
+		if getter, ok := v.(func(keys ...interface{}) map[interface{}]interface{}); ok {
+			return getter
+		}
+	}
+	return nil
+}
+
+func withAncestorCacheOpts(ctx context.Context, start *state) context.Context {
+	return context.WithValue(ctx, cacheOptGetterKey{}, func(keys ...interface{}) map[interface{}]interface{} {
+		keySet := make(map[interface{}]struct{})
+		for _, k := range keys {
+			keySet[k] = struct{}{}
+		}
+		values := make(map[interface{}]interface{})
+		walkAncestors(start, func(st *state) bool {
+			if st.clientVertex.Error != "" {
+				// don't use values from cancelled or otherwise error'd vertexes
+				return false
+			}
+			for _, res := range st.op.cacheRes {
+				if res.Opts == nil {
+					continue
+				}
+				for k := range keySet {
+					if v, ok := res.Opts[k]; ok {
+						values[k] = v
+						delete(keySet, k)
+						if len(keySet) == 0 {
+							return true
+						}
+					}
+				}
+			}
+			return false
+		})
+		return values
+	})
+}
+
+func walkAncestors(start *state, f func(*state) bool) {
+	stack := [][]*state{{start}}
+	cache := make(map[digest.Digest]struct{})
+	for len(stack) > 0 {
+		sts := stack[len(stack)-1]
+		if len(sts) == 0 {
+			stack = stack[:len(stack)-1]
+			continue
+		}
+		st := sts[len(sts)-1]
+		stack[len(stack)-1] = sts[:len(sts)-1]
+		if st == nil {
+			continue
+		}
+		if _, ok := cache[st.origDigest]; ok {
+			continue
+		}
+		cache[st.origDigest] = struct{}{}
+		if shouldStop := f(st); shouldStop {
+			return
+		}
+		stack = append(stack, []*state{})
+		for _, parentDgst := range st.clientVertex.Inputs {
+			st.solver.mu.RLock()
+			parent := st.solver.actives[parentDgst]
+			st.solver.mu.RUnlock()
+			if parent == nil {
+				logrus.Warnf("parent %q not found in active job list during cache opt search", parentDgst)
+				continue
+			}
+			stack[len(stack)-1] = append(stack[len(stack)-1], parent)
+		}
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/solver/cachestorage.go b/vendor/github.com/moby/buildkit/solver/cachestorage.go
index 65225f757b349..12797223c6801 100644
--- a/vendor/github.com/moby/buildkit/solver/cachestorage.go
+++ b/vendor/github.com/moby/buildkit/solver/cachestorage.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"time"
 
+	"github.com/moby/buildkit/session"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
@@ -44,8 +45,8 @@ type CacheInfoLink struct {
 // CacheResultStorage is interface for converting cache metadata result to
 // actual solve result
 type CacheResultStorage interface {
-	Save(Result) (CacheResult, error)
+	Save(Result, time.Time) (CacheResult, error)
 	Load(ctx context.Context, res CacheResult) (Result, error)
-	LoadRemote(ctx context.Context, res CacheResult) (*Remote, error)
+	LoadRemote(ctx context.Context, res CacheResult, s session.Group) (*Remote, error)
 	Exists(id string) bool
 }
diff --git a/vendor/github.com/moby/buildkit/solver/combinedcache.go b/vendor/github.com/moby/buildkit/solver/combinedcache.go
index b4205d3ed063e..89361bcc04d97 100644
--- a/vendor/github.com/moby/buildkit/solver/combinedcache.go
+++ b/vendor/github.com/moby/buildkit/solver/combinedcache.go
@@ -4,13 +4,14 @@ import (
 	"context"
 	"strings"
 	"sync"
+	"time"
 
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"golang.org/x/sync/errgroup"
 )
 
-func newCombinedCacheManager(cms []CacheManager, main CacheManager) CacheManager {
+func NewCombinedCacheManager(cms []CacheManager, main CacheManager) CacheManager {
 	return &combinedCacheManager{cms: cms, main: main}
 }
 
@@ -66,19 +67,37 @@ func (cm *combinedCacheManager) Query(inp []CacheKeyWithSelector, inputIndex Ind
 	return out, nil
 }
 
-func (cm *combinedCacheManager) Load(ctx context.Context, rec *CacheRecord) (Result, error) {
-	res, err := rec.cacheManager.Load(ctx, rec)
+func (cm *combinedCacheManager) Load(ctx context.Context, rec *CacheRecord) (res Result, err error) {
+	results, err := rec.cacheManager.LoadWithParents(ctx, rec)
 	if err != nil {
 		return nil, err
 	}
-	if _, err := cm.main.Save(rec.key, res); err != nil {
-		return nil, err
+	defer func() {
+		for i, res := range results {
+			if err == nil && i == 0 {
+				continue
+			}
+			res.Result.Release(context.TODO())
+		}
+	}()
+	if rec.cacheManager != cm.main && cm.main != nil {
+		for _, res := range results {
+			if _, err := cm.main.Save(res.CacheKey, res.Result, res.CacheResult.CreatedAt); err != nil {
+				return nil, err
+			}
+		}
 	}
-	return res, nil
+	if len(results) == 0 { // TODO: handle gracefully
+		return nil, errors.Errorf("failed to load deleted cache")
+	}
+	return results[0].Result, nil
 }
 
-func (cm *combinedCacheManager) Save(key *CacheKey, s Result) (*ExportableCacheKey, error) {
-	return cm.main.Save(key, s)
+func (cm *combinedCacheManager) Save(key *CacheKey, s Result, createdAt time.Time) (*ExportableCacheKey, error) {
+	if cm.main == nil {
+		return nil, nil
+	}
+	return cm.main.Save(key, s, createdAt)
 }
 
 func (cm *combinedCacheManager) Records(ck *CacheKey) ([]*CacheRecord, error) {
diff --git a/vendor/github.com/moby/buildkit/solver/edge.go b/vendor/github.com/moby/buildkit/solver/edge.go
index 07e67a3e194c1..56a091c36c668 100644
--- a/vendor/github.com/moby/buildkit/solver/edge.go
+++ b/vendor/github.com/moby/buildkit/solver/edge.go
@@ -3,6 +3,7 @@ package solver
 import (
 	"context"
 	"sync"
+	"time"
 
 	"github.com/moby/buildkit/solver/internal/pipe"
 	digest "github.com/opencontainers/go-digest"
@@ -25,12 +26,13 @@ func (t edgeStatusType) String() string {
 
 func newEdge(ed Edge, op activeOp, index *edgeIndex) *edge {
 	e := &edge{
-		edge:         ed,
-		op:           op,
-		depRequests:  map[pipe.Receiver]*dep{},
-		keyMap:       map[string]*CacheKey{},
-		cacheRecords: map[string]*CacheRecord{},
-		index:        index,
+		edge:               ed,
+		op:                 op,
+		depRequests:        map[pipe.Receiver]*dep{},
+		keyMap:             map[string]struct{}{},
+		cacheRecords:       map[string]*CacheRecord{},
+		cacheRecordsLoaded: map[string]struct{}{},
+		index:              index,
 	}
 	return e
 }
@@ -43,14 +45,16 @@ type edge struct {
 	depRequests map[pipe.Receiver]*dep
 	deps        []*dep
 
-	cacheMapReq     pipe.Receiver
-	cacheMapDone    bool
-	cacheMapIndex   int
-	cacheMapDigests []digest.Digest
-	execReq         pipe.Receiver
-	err             error
-	cacheRecords    map[string]*CacheRecord
-	keyMap          map[string]*CacheKey
+	cacheMapReq        pipe.Receiver
+	cacheMapDone       bool
+	cacheMapIndex      int
+	cacheMapDigests    []digest.Digest
+	execReq            pipe.Receiver
+	execCacheLoad      bool
+	err                error
+	cacheRecords       map[string]*CacheRecord
+	cacheRecordsLoaded map[string]struct{}
+	keyMap             map[string]struct{}
 
 	noCacheMatchPossible      bool
 	allDepsCompletedCacheFast bool
@@ -72,8 +76,6 @@ type dep struct {
 	edgeState
 	index             Index
 	keyMap            map[string]*CacheKey
-	desiredState      edgeStatusType
-	e                 *edge
 	slowCacheReq      pipe.Receiver
 	slowCacheComplete bool
 	slowCacheFoundKey bool
@@ -115,7 +117,7 @@ type edgeRequest struct {
 // incrementReferenceCount increases the number of times release needs to be
 // called to release the edge. Called on merging edges.
 func (e *edge) incrementReferenceCount() {
-	e.releaserCount += 1
+	e.releaserCount++
 }
 
 // release releases the edge resources
@@ -176,6 +178,9 @@ func (e *edge) finishIncoming(req pipe.Sender) {
 
 // updateIncoming updates the current value of incoming pipe request
 func (e *edge) updateIncoming(req pipe.Sender) {
+	if debugScheduler {
+		logrus.Debugf("updateIncoming %s %#v desired=%s", e.edge.Vertex.Name(), e.edgeState, req.Request().Payload.(*edgeRequest).desiredState)
+	}
 	req.Update(&e.edgeState)
 }
 
@@ -218,6 +223,14 @@ func (e *edge) slowCacheFunc(dep *dep) ResultBasedCacheFunc {
 	return e.cacheMap.Deps[int(dep.index)].ComputeDigestFunc
 }
 
+// preprocessFunc returns result based cache func
+func (e *edge) preprocessFunc(dep *dep) PreprocessFunc {
+	if e.cacheMap == nil {
+		return nil
+	}
+	return e.cacheMap.Deps[int(dep.index)].PreprocessFunc
+}
+
 // allDepsHaveKeys checks if all dependencies have at least one key. used for
 // determining if there is enough data for combining cache key for edge
 func (e *edge) allDepsHaveKeys(matching bool) bool {
@@ -330,7 +343,8 @@ func (e *edge) unpark(incoming []pipe.Sender, updates, allPipes []pipe.Receiver,
 	if e.cacheMapReq == nil && (e.cacheMap == nil || len(e.cacheRecords) == 0) {
 		index := e.cacheMapIndex
 		e.cacheMapReq = f.NewFuncRequest(func(ctx context.Context) (interface{}, error) {
-			return e.op.CacheMap(ctx, index)
+			cm, err := e.op.CacheMap(ctx, index)
+			return cm, errors.Wrap(err, "failed to load cache key")
 		})
 		cacheMapReq = true
 	}
@@ -345,6 +359,7 @@ func (e *edge) unpark(incoming []pipe.Sender, updates, allPipes []pipe.Receiver,
 	if e.execReq == nil {
 		if added := e.createInputRequests(desiredState, f, false); !added && !e.hasActiveOutgoing && !cacheMapReq {
 			logrus.Errorf("buildkit scheluding error: leaving incoming open. forcing solve. Please report this with BUILDKIT_SCHEDULER_DEBUG=1")
+			debugSchedulerPreUnpark(e, incoming, updates, allPipes)
 			e.createInputRequests(desiredState, f, true)
 		}
 	}
@@ -420,7 +435,11 @@ func (e *edge) processUpdate(upt pipe.Receiver) (depChanged bool) {
 	if upt == e.execReq && upt.Status().Completed {
 		if err := upt.Status().Err; err != nil {
 			e.execReq = nil
-			if !upt.Status().Canceled && e.err == nil {
+			if e.execCacheLoad {
+				for k := range e.cacheRecordsLoaded {
+					delete(e.cacheRecords, k)
+				}
+			} else if !upt.Status().Canceled && e.err == nil {
 				e.err = err
 			}
 		} else {
@@ -477,17 +496,20 @@ func (e *edge) processUpdate(upt pipe.Receiver) (depChanged bool) {
 					e.err = upt.Status().Err
 				}
 			} else if !dep.slowCacheComplete {
-				k := NewCacheKey(upt.Status().Value.(digest.Digest), -1)
-				dep.slowCacheKey = &ExportableCacheKey{CacheKey: k, Exporter: &exporter{k: k}}
-				slowKeyExp := CacheKeyWithSelector{CacheKey: *dep.slowCacheKey}
-				defKeys := make([]CacheKeyWithSelector, 0, len(dep.result.CacheKeys()))
-				for _, dk := range dep.result.CacheKeys() {
-					defKeys = append(defKeys, CacheKeyWithSelector{CacheKey: dk, Selector: e.cacheMap.Deps[i].Selector})
-				}
-				dep.slowCacheFoundKey = e.probeCache(dep, []CacheKeyWithSelector{slowKeyExp})
+				dgst := upt.Status().Value.(digest.Digest)
+				if e.cacheMap.Deps[int(dep.index)].ComputeDigestFunc != nil && dgst != "" {
+					k := NewCacheKey(dgst, -1)
+					dep.slowCacheKey = &ExportableCacheKey{CacheKey: k, Exporter: &exporter{k: k}}
+					slowKeyExp := CacheKeyWithSelector{CacheKey: *dep.slowCacheKey}
+					defKeys := make([]CacheKeyWithSelector, 0, len(dep.result.CacheKeys()))
+					for _, dk := range dep.result.CacheKeys() {
+						defKeys = append(defKeys, CacheKeyWithSelector{CacheKey: dk, Selector: e.cacheMap.Deps[i].Selector})
+					}
+					dep.slowCacheFoundKey = e.probeCache(dep, []CacheKeyWithSelector{slowKeyExp})
 
-				// connect def key to slow key
-				e.op.Cache().Query(append(defKeys, slowKeyExp), dep.index, e.cacheMap.Digest, e.edge.Index)
+					// connect def key to slow key
+					e.op.Cache().Query(append(defKeys, slowKeyExp), dep.index, e.cacheMap.Digest, e.edge.Index)
+				}
 
 				dep.slowCacheComplete = true
 				e.keysDidChange = true
@@ -526,6 +548,10 @@ func (e *edge) recalcCurrentState() {
 		}
 	}
 
+	for key := range newKeys {
+		e.keyMap[key] = struct{}{}
+	}
+
 	for _, r := range newKeys {
 		// TODO: add all deps automatically
 		mergedKey := r.clone()
@@ -552,7 +578,9 @@ func (e *edge) recalcCurrentState() {
 		}
 
 		for _, r := range records {
-			e.cacheRecords[r.ID] = r
+			if _, ok := e.cacheRecordsLoaded[r.ID]; !ok {
+				e.cacheRecords[r.ID] = r
+			}
 		}
 
 		e.keys = append(e.keys, e.makeExportable(mergedKey, records))
@@ -567,7 +595,8 @@ func (e *edge) recalcCurrentState() {
 	stHigh := edgeStatusCacheSlow // maximum possible state
 	if e.cacheMap != nil {
 		for _, dep := range e.deps {
-			isSlowIncomplete := e.slowCacheFunc(dep) != nil && (dep.state == edgeStatusCacheSlow || (dep.state == edgeStatusComplete && !dep.slowCacheComplete))
+			isSlowCacheIncomplete := e.slowCacheFunc(dep) != nil && (dep.state == edgeStatusCacheSlow || (dep.state == edgeStatusComplete && !dep.slowCacheComplete))
+			isSlowIncomplete := (e.slowCacheFunc(dep) != nil || e.preprocessFunc(dep) != nil) && (dep.state == edgeStatusCacheSlow || (dep.state == edgeStatusComplete && !dep.slowCacheComplete))
 
 			if dep.state > stLow && len(dep.keyMap) == 0 && !isSlowIncomplete {
 				stLow = dep.state
@@ -576,10 +605,10 @@ func (e *edge) recalcCurrentState() {
 				}
 			}
 			effectiveState := dep.state
-			if dep.state == edgeStatusCacheSlow && isSlowIncomplete {
+			if dep.state == edgeStatusCacheSlow && isSlowCacheIncomplete {
 				effectiveState = edgeStatusCacheFast
 			}
-			if dep.state == edgeStatusComplete && isSlowIncomplete {
+			if dep.state == edgeStatusComplete && isSlowCacheIncomplete {
 				effectiveState = edgeStatusCacheFast
 			}
 			if effectiveState < stHigh {
@@ -591,7 +620,7 @@ func (e *edge) recalcCurrentState() {
 			if dep.state < edgeStatusCacheFast {
 				allDepsCompletedCacheFast = false
 			}
-			if isSlowIncomplete || dep.state < edgeStatusCacheSlow {
+			if isSlowCacheIncomplete || dep.state < edgeStatusCacheSlow {
 				allDepsCompletedCacheSlow = false
 			}
 			if dep.state < edgeStatusCacheSlow && len(dep.keyMap) == 0 {
@@ -612,6 +641,36 @@ func (e *edge) recalcCurrentState() {
 		e.allDepsCompletedCacheSlow = e.cacheMapDone && allDepsCompletedCacheSlow
 		e.allDepsStateCacheSlow = e.cacheMapDone && allDepsStateCacheSlow
 		e.allDepsCompleted = e.cacheMapDone && allDepsCompleted
+
+		if e.allDepsStateCacheSlow && len(e.cacheRecords) > 0 && e.state == edgeStatusCacheFast {
+			openKeys := map[string]struct{}{}
+			for _, dep := range e.deps {
+				isSlowIncomplete := e.slowCacheFunc(dep) != nil && (dep.state == edgeStatusCacheSlow || (dep.state == edgeStatusComplete && !dep.slowCacheComplete))
+				if !isSlowIncomplete {
+					openDepKeys := map[string]struct{}{}
+					for key := range dep.keyMap {
+						if _, ok := e.keyMap[key]; !ok {
+							openDepKeys[key] = struct{}{}
+						}
+					}
+					if len(openKeys) != 0 {
+						for k := range openKeys {
+							if _, ok := openDepKeys[k]; !ok {
+								delete(openKeys, k)
+							}
+						}
+					} else {
+						openKeys = openDepKeys
+					}
+					if len(openKeys) == 0 {
+						e.state = edgeStatusCacheSlow
+						if debugScheduler {
+							logrus.Debugf("upgrade to cache-slow because no open keys")
+						}
+					}
+				}
+			}
+		}
 	}
 }
 
@@ -758,14 +817,16 @@ func (e *edge) createInputRequests(desiredState edgeStatusType, f *pipeFactory,
 			}
 		}
 		// initialize function to compute cache key based on dependency result
-		if dep.state == edgeStatusComplete && dep.slowCacheReq == nil && e.slowCacheFunc(dep) != nil && e.cacheMap != nil {
+		if dep.state == edgeStatusComplete && dep.slowCacheReq == nil && (e.slowCacheFunc(dep) != nil || e.preprocessFunc(dep) != nil) && e.cacheMap != nil {
+			pfn := e.preprocessFunc(dep)
 			fn := e.slowCacheFunc(dep)
 			res := dep.result
-			func(fn ResultBasedCacheFunc, res Result, index Index) {
+			func(pfn PreprocessFunc, fn ResultBasedCacheFunc, res Result, index Index) {
 				dep.slowCacheReq = f.NewFuncRequest(func(ctx context.Context) (interface{}, error) {
-					return e.op.CalcSlowCache(ctx, index, fn, res)
+					v, err := e.op.CalcSlowCache(ctx, index, pfn, fn, res)
+					return v, errors.Wrap(err, "failed to compute cache key")
 				})
-			}(fn, res, dep.index)
+			}(pfn, fn, res, dep.index)
 			addedNew = true
 		}
 	}
@@ -781,6 +842,7 @@ func (e *edge) execIfPossible(f *pipeFactory) bool {
 			return true
 		}
 		e.execReq = f.NewFuncRequest(e.loadCache)
+		e.execCacheLoad = true
 		for req := range e.depRequests {
 			req.Cancel()
 		}
@@ -791,6 +853,7 @@ func (e *edge) execIfPossible(f *pipeFactory) bool {
 			return true
 		}
 		e.execReq = f.NewFuncRequest(e.execOp)
+		e.execCacheLoad = false
 		return true
 	}
 	return false
@@ -811,11 +874,13 @@ func (e *edge) loadCache(ctx context.Context) (interface{}, error) {
 	}
 
 	rec := getBestResult(recs)
+	e.cacheRecordsLoaded[rec.ID] = struct{}{}
 
 	logrus.Debugf("load cache for %s with %s", e.edge.Vertex.Name(), rec.ID)
 	res, err := e.op.LoadCache(ctx, rec)
 	if err != nil {
-		return nil, err
+		logrus.Debugf("load cache for %s err: %v", e.edge.Vertex.Name(), err)
+		return nil, errors.Wrap(err, "failed to load cache")
 	}
 
 	return NewCachedResult(res, []ExportableCacheKey{{CacheKey: rec.key, Exporter: &exporter{k: rec.key, record: rec, edge: e}}}), nil
@@ -826,7 +891,7 @@ func (e *edge) execOp(ctx context.Context) (interface{}, error) {
 	cacheKeys, inputs := e.commitOptions()
 	results, subExporters, err := e.op.Exec(ctx, toResultSlice(inputs))
 	if err != nil {
-		return nil, err
+		return nil, errors.WithStack(err)
 	}
 
 	index := e.edge.Index
@@ -845,7 +910,7 @@ func (e *edge) execOp(ctx context.Context) (interface{}, error) {
 	var exporters []CacheExporter
 
 	for _, cacheKey := range cacheKeys {
-		ck, err := e.op.Cache().Save(cacheKey, res)
+		ck, err := e.op.Cache().Save(cacheKey, res, time.Now())
 		if err != nil {
 			return nil, err
 		}
@@ -874,6 +939,22 @@ func (e *edge) execOp(ctx context.Context) (interface{}, error) {
 	return NewCachedResult(res, ek), nil
 }
 
+func (e *edge) isDep(e2 *edge) bool {
+	return isDep(e.edge.Vertex, e2.edge.Vertex)
+}
+
+func isDep(vtx, vtx2 Vertex) bool {
+	if vtx.Digest() == vtx2.Digest() {
+		return true
+	}
+	for _, e := range vtx.Inputs() {
+		if isDep(e.Vertex, vtx2) {
+			return true
+		}
+	}
+	return false
+}
+
 func toResultSlice(cres []CachedResult) (out []Result) {
 	out = make([]Result, len(cres))
 	for i := range cres {
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/context.go b/vendor/github.com/moby/buildkit/solver/errdefs/context.go
new file mode 100644
index 0000000000000..ea6bdfbf0985e
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/context.go
@@ -0,0 +1,13 @@
+package errdefs
+
+import (
+	"context"
+	"errors"
+
+	"github.com/moby/buildkit/util/grpcerrors"
+	"google.golang.org/grpc/codes"
+)
+
+func IsCanceled(err error) bool {
+	return errors.Is(err, context.Canceled) || grpcerrors.Code(err) == codes.Canceled
+}
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/errdefs.pb.go b/vendor/github.com/moby/buildkit/solver/errdefs/errdefs.pb.go
new file mode 100644
index 0000000000000..5da34b6e591b8
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/errdefs.pb.go
@@ -0,0 +1,399 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: errdefs.proto
+
+package errdefs
+
+import (
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	pb "github.com/moby/buildkit/solver/pb"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
+type Vertex struct {
+	Digest               string   `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Vertex) Reset()         { *m = Vertex{} }
+func (m *Vertex) String() string { return proto.CompactTextString(m) }
+func (*Vertex) ProtoMessage()    {}
+func (*Vertex) Descriptor() ([]byte, []int) {
+	return fileDescriptor_689dc58a5060aff5, []int{0}
+}
+func (m *Vertex) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Vertex.Unmarshal(m, b)
+}
+func (m *Vertex) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Vertex.Marshal(b, m, deterministic)
+}
+func (m *Vertex) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Vertex.Merge(m, src)
+}
+func (m *Vertex) XXX_Size() int {
+	return xxx_messageInfo_Vertex.Size(m)
+}
+func (m *Vertex) XXX_DiscardUnknown() {
+	xxx_messageInfo_Vertex.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Vertex proto.InternalMessageInfo
+
+func (m *Vertex) GetDigest() string {
+	if m != nil {
+		return m.Digest
+	}
+	return ""
+}
+
+type Source struct {
+	Info                 *pb.SourceInfo `protobuf:"bytes,1,opt,name=info,proto3" json:"info,omitempty"`
+	Ranges               []*pb.Range    `protobuf:"bytes,2,rep,name=ranges,proto3" json:"ranges,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *Source) Reset()         { *m = Source{} }
+func (m *Source) String() string { return proto.CompactTextString(m) }
+func (*Source) ProtoMessage()    {}
+func (*Source) Descriptor() ([]byte, []int) {
+	return fileDescriptor_689dc58a5060aff5, []int{1}
+}
+func (m *Source) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Source.Unmarshal(m, b)
+}
+func (m *Source) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Source.Marshal(b, m, deterministic)
+}
+func (m *Source) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Source.Merge(m, src)
+}
+func (m *Source) XXX_Size() int {
+	return xxx_messageInfo_Source.Size(m)
+}
+func (m *Source) XXX_DiscardUnknown() {
+	xxx_messageInfo_Source.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Source proto.InternalMessageInfo
+
+func (m *Source) GetInfo() *pb.SourceInfo {
+	if m != nil {
+		return m.Info
+	}
+	return nil
+}
+
+func (m *Source) GetRanges() []*pb.Range {
+	if m != nil {
+		return m.Ranges
+	}
+	return nil
+}
+
+type FrontendCap struct {
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *FrontendCap) Reset()         { *m = FrontendCap{} }
+func (m *FrontendCap) String() string { return proto.CompactTextString(m) }
+func (*FrontendCap) ProtoMessage()    {}
+func (*FrontendCap) Descriptor() ([]byte, []int) {
+	return fileDescriptor_689dc58a5060aff5, []int{2}
+}
+func (m *FrontendCap) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_FrontendCap.Unmarshal(m, b)
+}
+func (m *FrontendCap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_FrontendCap.Marshal(b, m, deterministic)
+}
+func (m *FrontendCap) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FrontendCap.Merge(m, src)
+}
+func (m *FrontendCap) XXX_Size() int {
+	return xxx_messageInfo_FrontendCap.Size(m)
+}
+func (m *FrontendCap) XXX_DiscardUnknown() {
+	xxx_messageInfo_FrontendCap.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FrontendCap proto.InternalMessageInfo
+
+func (m *FrontendCap) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+type Subrequest struct {
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Subrequest) Reset()         { *m = Subrequest{} }
+func (m *Subrequest) String() string { return proto.CompactTextString(m) }
+func (*Subrequest) ProtoMessage()    {}
+func (*Subrequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_689dc58a5060aff5, []int{3}
+}
+func (m *Subrequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Subrequest.Unmarshal(m, b)
+}
+func (m *Subrequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Subrequest.Marshal(b, m, deterministic)
+}
+func (m *Subrequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Subrequest.Merge(m, src)
+}
+func (m *Subrequest) XXX_Size() int {
+	return xxx_messageInfo_Subrequest.Size(m)
+}
+func (m *Subrequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_Subrequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Subrequest proto.InternalMessageInfo
+
+func (m *Subrequest) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+type Solve struct {
+	InputIDs []string `protobuf:"bytes,1,rep,name=inputIDs,proto3" json:"inputIDs,omitempty"`
+	MountIDs []string `protobuf:"bytes,2,rep,name=mountIDs,proto3" json:"mountIDs,omitempty"`
+	Op       *pb.Op   `protobuf:"bytes,3,opt,name=op,proto3" json:"op,omitempty"`
+	// Types that are valid to be assigned to Subject:
+	//	*Solve_File
+	//	*Solve_Cache
+	Subject              isSolve_Subject `protobuf_oneof:"subject"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *Solve) Reset()         { *m = Solve{} }
+func (m *Solve) String() string { return proto.CompactTextString(m) }
+func (*Solve) ProtoMessage()    {}
+func (*Solve) Descriptor() ([]byte, []int) {
+	return fileDescriptor_689dc58a5060aff5, []int{4}
+}
+func (m *Solve) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Solve.Unmarshal(m, b)
+}
+func (m *Solve) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Solve.Marshal(b, m, deterministic)
+}
+func (m *Solve) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Solve.Merge(m, src)
+}
+func (m *Solve) XXX_Size() int {
+	return xxx_messageInfo_Solve.Size(m)
+}
+func (m *Solve) XXX_DiscardUnknown() {
+	xxx_messageInfo_Solve.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Solve proto.InternalMessageInfo
+
+type isSolve_Subject interface {
+	isSolve_Subject()
+}
+
+type Solve_File struct {
+	File *FileAction `protobuf:"bytes,4,opt,name=file,proto3,oneof" json:"file,omitempty"`
+}
+type Solve_Cache struct {
+	Cache *ContentCache `protobuf:"bytes,5,opt,name=cache,proto3,oneof" json:"cache,omitempty"`
+}
+
+func (*Solve_File) isSolve_Subject()  {}
+func (*Solve_Cache) isSolve_Subject() {}
+
+func (m *Solve) GetSubject() isSolve_Subject {
+	if m != nil {
+		return m.Subject
+	}
+	return nil
+}
+
+func (m *Solve) GetInputIDs() []string {
+	if m != nil {
+		return m.InputIDs
+	}
+	return nil
+}
+
+func (m *Solve) GetMountIDs() []string {
+	if m != nil {
+		return m.MountIDs
+	}
+	return nil
+}
+
+func (m *Solve) GetOp() *pb.Op {
+	if m != nil {
+		return m.Op
+	}
+	return nil
+}
+
+func (m *Solve) GetFile() *FileAction {
+	if x, ok := m.GetSubject().(*Solve_File); ok {
+		return x.File
+	}
+	return nil
+}
+
+func (m *Solve) GetCache() *ContentCache {
+	if x, ok := m.GetSubject().(*Solve_Cache); ok {
+		return x.Cache
+	}
+	return nil
+}
+
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Solve) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*Solve_File)(nil),
+		(*Solve_Cache)(nil),
+	}
+}
+
+type FileAction struct {
+	// Index of the file action that failed the exec.
+	Index                int64    `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *FileAction) Reset()         { *m = FileAction{} }
+func (m *FileAction) String() string { return proto.CompactTextString(m) }
+func (*FileAction) ProtoMessage()    {}
+func (*FileAction) Descriptor() ([]byte, []int) {
+	return fileDescriptor_689dc58a5060aff5, []int{5}
+}
+func (m *FileAction) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_FileAction.Unmarshal(m, b)
+}
+func (m *FileAction) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_FileAction.Marshal(b, m, deterministic)
+}
+func (m *FileAction) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileAction.Merge(m, src)
+}
+func (m *FileAction) XXX_Size() int {
+	return xxx_messageInfo_FileAction.Size(m)
+}
+func (m *FileAction) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileAction.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FileAction proto.InternalMessageInfo
+
+func (m *FileAction) GetIndex() int64 {
+	if m != nil {
+		return m.Index
+	}
+	return 0
+}
+
+type ContentCache struct {
+	// Original index of result that failed the slow cache calculation.
+	Index                int64    `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ContentCache) Reset()         { *m = ContentCache{} }
+func (m *ContentCache) String() string { return proto.CompactTextString(m) }
+func (*ContentCache) ProtoMessage()    {}
+func (*ContentCache) Descriptor() ([]byte, []int) {
+	return fileDescriptor_689dc58a5060aff5, []int{6}
+}
+func (m *ContentCache) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ContentCache.Unmarshal(m, b)
+}
+func (m *ContentCache) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ContentCache.Marshal(b, m, deterministic)
+}
+func (m *ContentCache) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ContentCache.Merge(m, src)
+}
+func (m *ContentCache) XXX_Size() int {
+	return xxx_messageInfo_ContentCache.Size(m)
+}
+func (m *ContentCache) XXX_DiscardUnknown() {
+	xxx_messageInfo_ContentCache.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ContentCache proto.InternalMessageInfo
+
+func (m *ContentCache) GetIndex() int64 {
+	if m != nil {
+		return m.Index
+	}
+	return 0
+}
+
+func init() {
+	proto.RegisterType((*Vertex)(nil), "errdefs.Vertex")
+	proto.RegisterType((*Source)(nil), "errdefs.Source")
+	proto.RegisterType((*FrontendCap)(nil), "errdefs.FrontendCap")
+	proto.RegisterType((*Subrequest)(nil), "errdefs.Subrequest")
+	proto.RegisterType((*Solve)(nil), "errdefs.Solve")
+	proto.RegisterType((*FileAction)(nil), "errdefs.FileAction")
+	proto.RegisterType((*ContentCache)(nil), "errdefs.ContentCache")
+}
+
+func init() { proto.RegisterFile("errdefs.proto", fileDescriptor_689dc58a5060aff5) }
+
+var fileDescriptor_689dc58a5060aff5 = []byte{
+	// 348 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x91, 0xcd, 0x8e, 0xd3, 0x30,
+	0x14, 0x85, 0x27, 0xbf, 0x43, 0x6e, 0x81, 0x85, 0x81, 0x51, 0x34, 0xab, 0x8c, 0xc5, 0xa2, 0x48,
+	0x90, 0x48, 0xc3, 0x13, 0x40, 0xd1, 0x68, 0x66, 0x55, 0xc9, 0x95, 0xd8, 0xc7, 0xc9, 0x4d, 0x6b,
+	0x48, 0x6c, 0xe3, 0xd8, 0xa8, 0xbc, 0x1b, 0x0f, 0x87, 0xe2, 0xa4, 0x65, 0x16, 0xdd, 0xe5, 0xe4,
+	0xfb, 0x7c, 0xed, 0x63, 0xc3, 0x2b, 0x34, 0xa6, 0xc5, 0x6e, 0x2c, 0xb5, 0x51, 0x56, 0x91, 0xeb,
+	0x25, 0xde, 0x7e, 0xdc, 0x0b, 0x7b, 0x70, 0xbc, 0x6c, 0xd4, 0x50, 0x0d, 0x8a, 0xff, 0xa9, 0xb8,
+	0x13, 0x7d, 0xfb, 0x53, 0xd8, 0x6a, 0x54, 0xfd, 0x6f, 0x34, 0x95, 0xe6, 0x95, 0xd2, 0xcb, 0x32,
+	0x5a, 0x40, 0xfa, 0x1d, 0x8d, 0xc5, 0x23, 0xb9, 0x81, 0xb4, 0x15, 0x7b, 0x1c, 0x6d, 0x1e, 0x14,
+	0xc1, 0x3a, 0x63, 0x4b, 0xa2, 0x5b, 0x48, 0x77, 0xca, 0x99, 0x06, 0x09, 0x85, 0x58, 0xc8, 0x4e,
+	0x79, 0xbe, 0xba, 0x7f, 0x5d, 0x6a, 0x5e, 0xce, 0xe4, 0x49, 0x76, 0x8a, 0x79, 0x46, 0xee, 0x20,
+	0x35, 0xb5, 0xdc, 0xe3, 0x98, 0x87, 0x45, 0xb4, 0x5e, 0xdd, 0x67, 0x93, 0xc5, 0xa6, 0x3f, 0x6c,
+	0x01, 0xf4, 0x0e, 0x56, 0x0f, 0x46, 0x49, 0x8b, 0xb2, 0xdd, 0xd4, 0x9a, 0x10, 0x88, 0x65, 0x3d,
+	0xe0, 0xb2, 0xab, 0xff, 0xa6, 0x05, 0xc0, 0xce, 0x71, 0x83, 0xbf, 0x1c, 0x8e, 0xf6, 0xa2, 0xf1,
+	0x37, 0x80, 0x64, 0x37, 0xf5, 0x21, 0xb7, 0xf0, 0x42, 0x48, 0xed, 0xec, 0xd3, 0xb7, 0x31, 0x0f,
+	0x8a, 0x68, 0x9d, 0xb1, 0x73, 0x9e, 0xd8, 0xa0, 0x9c, 0xf4, 0x2c, 0x9c, 0xd9, 0x29, 0x93, 0x1b,
+	0x08, 0x95, 0xce, 0x23, 0xdf, 0x25, 0x9d, 0x4e, 0xb9, 0xd5, 0x2c, 0x54, 0x9a, 0x7c, 0x80, 0xb8,
+	0x13, 0x3d, 0xe6, 0xb1, 0x27, 0x6f, 0xca, 0xd3, 0x35, 0x3f, 0x88, 0x1e, 0xbf, 0x34, 0x56, 0x28,
+	0xf9, 0x78, 0xc5, 0xbc, 0x42, 0x3e, 0x41, 0xd2, 0xd4, 0xcd, 0x01, 0xf3, 0xc4, 0xbb, 0xef, 0xce,
+	0xee, 0xc6, 0xd7, 0xb3, 0x9b, 0x09, 0x3e, 0x5e, 0xb1, 0xd9, 0xfa, 0x9a, 0xc1, 0xf5, 0xe8, 0xf8,
+	0x0f, 0x6c, 0x2c, 0xa5, 0x00, 0xff, 0xe7, 0x91, 0xb7, 0x90, 0x08, 0xd9, 0xe2, 0xd1, 0x37, 0x8c,
+	0xd8, 0x1c, 0xe8, 0x7b, 0x78, 0xf9, 0x7c, 0xce, 0x65, 0x8b, 0xa7, 0xfe, 0x1d, 0x3f, 0xff, 0x0b,
+	0x00, 0x00, 0xff, 0xff, 0x1e, 0xfa, 0x9c, 0x6f, 0x0f, 0x02, 0x00, 0x00,
+}
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/errdefs.proto b/vendor/github.com/moby/buildkit/solver/errdefs/errdefs.proto
new file mode 100644
index 0000000000000..d4b9177540b75
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/errdefs.proto
@@ -0,0 +1,43 @@
+syntax = "proto3";
+
+package errdefs;
+
+import "github.com/moby/buildkit/solver/pb/ops.proto";
+
+message Vertex {
+	string digest = 1;
+}
+
+message Source {
+	pb.SourceInfo info = 1;
+	repeated pb.Range ranges = 2;
+}
+
+message FrontendCap {
+	string name = 1;
+}
+
+message Subrequest {
+	string name = 1;
+}
+
+message Solve {
+	repeated string inputIDs = 1;
+	repeated string mountIDs = 2;
+	pb.Op op = 3;
+
+	oneof subject {
+		FileAction file = 4;
+		ContentCache cache = 5;
+	}
+}
+
+message FileAction {
+	// Index of the file action that failed the exec.
+	int64 index = 1;
+}
+
+message ContentCache {
+	// Original index of result that failed the slow cache calculation.
+	int64 index = 1;
+}
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/fronetendcap.go b/vendor/github.com/moby/buildkit/solver/errdefs/fronetendcap.go
new file mode 100644
index 0000000000000..e8af9ff233282
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/fronetendcap.go
@@ -0,0 +1,41 @@
+package errdefs
+
+import (
+	fmt "fmt"
+
+	"github.com/containerd/typeurl"
+	"github.com/moby/buildkit/util/grpcerrors"
+)
+
+func init() {
+	typeurl.Register((*FrontendCap)(nil), "github.com/moby/buildkit", "errdefs.FrontendCap+json")
+}
+
+type UnsupportedFrontendCapError struct {
+	FrontendCap
+	error
+}
+
+func (e *UnsupportedFrontendCapError) Error() string {
+	msg := fmt.Sprintf("unsupported frontend capability %s", e.FrontendCap.Name)
+	if e.error != nil {
+		msg += ": " + e.error.Error()
+	}
+	return msg
+}
+
+func (e *UnsupportedFrontendCapError) Unwrap() error {
+	return e.error
+}
+
+func (e *UnsupportedFrontendCapError) ToProto() grpcerrors.TypedErrorProto {
+	return &e.FrontendCap
+}
+
+func NewUnsupportedFrontendCapError(name string) error {
+	return &UnsupportedFrontendCapError{FrontendCap: FrontendCap{Name: name}}
+}
+
+func (v *FrontendCap) WrapError(err error) error {
+	return &UnsupportedFrontendCapError{error: err, FrontendCap: *v}
+}
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/generate.go b/vendor/github.com/moby/buildkit/solver/errdefs/generate.go
new file mode 100644
index 0000000000000..e0dc24cd3b4f3
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/generate.go
@@ -0,0 +1,3 @@
+package errdefs
+
+//go:generate protoc -I=. -I=../../vendor/ -I=../../../../../ --gogo_out=. errdefs.proto
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/op.go b/vendor/github.com/moby/buildkit/solver/errdefs/op.go
new file mode 100644
index 0000000000000..61068b6e46f68
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/op.go
@@ -0,0 +1,20 @@
+package errdefs
+
+import "github.com/moby/buildkit/solver/pb"
+
+type OpError struct {
+	error
+	Op *pb.Op
+}
+
+func (e *OpError) Unwrap() error {
+	return e.error
+}
+
+func WithOp(err error, iface interface{}) error {
+	op, ok := iface.(*pb.Op)
+	if err == nil || !ok {
+		return err
+	}
+	return &OpError{error: err, Op: op}
+}
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/solve.go b/vendor/github.com/moby/buildkit/solver/errdefs/solve.go
new file mode 100644
index 0000000000000..97ce5a3f92a11
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/solve.go
@@ -0,0 +1,74 @@
+package errdefs
+
+import (
+	"bytes"
+	"errors"
+
+	"github.com/containerd/typeurl"
+	"github.com/golang/protobuf/jsonpb"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/grpcerrors"
+)
+
+func init() {
+	typeurl.Register((*Solve)(nil), "github.com/moby/buildkit", "errdefs.Solve+json")
+}
+
+//nolint:golint
+type IsSolve_Subject isSolve_Subject
+
+// SolveError will be returned when an error is encountered during a solve that
+// has an exec op.
+type SolveError struct {
+	Solve
+	Err error
+}
+
+func (e *SolveError) Error() string {
+	return e.Err.Error()
+}
+
+func (e *SolveError) Unwrap() error {
+	return e.Err
+}
+
+func (e *SolveError) ToProto() grpcerrors.TypedErrorProto {
+	return &e.Solve
+}
+
+func WithSolveError(err error, subject IsSolve_Subject, inputIDs, mountIDs []string) error {
+	if err == nil {
+		return nil
+	}
+	var (
+		oe *OpError
+		op *pb.Op
+	)
+	if errors.As(err, &oe) {
+		op = oe.Op
+	}
+	return &SolveError{
+		Err: err,
+		Solve: Solve{
+			InputIDs: inputIDs,
+			MountIDs: mountIDs,
+			Op:       op,
+			Subject:  subject,
+		},
+	}
+}
+
+func (v *Solve) WrapError(err error) error {
+	return &SolveError{Err: err, Solve: *v}
+}
+
+func (v *Solve) MarshalJSON() ([]byte, error) {
+	m := jsonpb.Marshaler{}
+	buf := new(bytes.Buffer)
+	err := m.Marshal(buf, v)
+	return buf.Bytes(), err
+}
+
+func (v *Solve) UnmarshalJSON(b []byte) error {
+	return jsonpb.Unmarshal(bytes.NewReader(b), v)
+}
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/source.go b/vendor/github.com/moby/buildkit/solver/errdefs/source.go
new file mode 100644
index 0000000000000..6c1f364957321
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/source.go
@@ -0,0 +1,128 @@
+package errdefs
+
+import (
+	"fmt"
+	"io"
+	"strings"
+
+	pb "github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/grpcerrors"
+	"github.com/pkg/errors"
+)
+
+func WithSource(err error, src Source) error {
+	if err == nil {
+		return nil
+	}
+	return &ErrorSource{Source: src, error: err}
+}
+
+type ErrorSource struct {
+	Source
+	error
+}
+
+func (e *ErrorSource) Unwrap() error {
+	return e.error
+}
+
+func (e *ErrorSource) ToProto() grpcerrors.TypedErrorProto {
+	return &e.Source
+}
+
+func Sources(err error) []*Source {
+	var out []*Source
+	var es *ErrorSource
+	if errors.As(err, &es) {
+		out = Sources(es.Unwrap())
+		out = append(out, &es.Source)
+	}
+	return out
+}
+
+func (s *Source) WrapError(err error) error {
+	return &ErrorSource{error: err, Source: *s}
+}
+
+func (s *Source) Print(w io.Writer) error {
+	si := s.Info
+	if si == nil {
+		return nil
+	}
+	lines := strings.Split(string(si.Data), "\n")
+
+	start, end, ok := getStartEndLine(s.Ranges)
+	if !ok {
+		return nil
+	}
+	if start > len(lines) || start < 1 {
+		return nil
+	}
+	if end > len(lines) {
+		end = len(lines)
+	}
+
+	pad := 2
+	if end == start {
+		pad = 4
+	}
+	var p int
+
+	prepadStart := start
+	for {
+		if p >= pad {
+			break
+		}
+		if start > 1 {
+			start--
+			p++
+		}
+		if end != len(lines) {
+			end++
+			p++
+		}
+		p++
+	}
+
+	fmt.Fprintf(w, "%s:%d\n--------------------\n", si.Filename, prepadStart)
+	for i := start; i <= end; i++ {
+		pfx := "   "
+		if containsLine(s.Ranges, i) {
+			pfx = ">>>"
+		}
+		fmt.Fprintf(w, " %3d | %s %s\n", i, pfx, lines[i-1])
+	}
+	fmt.Fprintf(w, "--------------------\n")
+	return nil
+}
+
+func containsLine(rr []*pb.Range, l int) bool {
+	for _, r := range rr {
+		e := r.End.Line
+		if e < r.Start.Line {
+			e = r.Start.Line
+		}
+		if r.Start.Line <= int32(l) && e >= int32(l) {
+			return true
+		}
+	}
+	return false
+}
+
+func getStartEndLine(rr []*pb.Range) (start int, end int, ok bool) {
+	first := true
+	for _, r := range rr {
+		e := r.End.Line
+		if e < r.Start.Line {
+			e = r.Start.Line
+		}
+		if first || int(r.Start.Line) < start {
+			start = int(r.Start.Line)
+		}
+		if int(e) > end {
+			end = int(e)
+		}
+		first = false
+	}
+	return start, end, !first
+}
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/subrequest.go b/vendor/github.com/moby/buildkit/solver/errdefs/subrequest.go
new file mode 100644
index 0000000000000..b30eab3f66981
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/subrequest.go
@@ -0,0 +1,41 @@
+package errdefs
+
+import (
+	fmt "fmt"
+
+	"github.com/containerd/typeurl"
+	"github.com/moby/buildkit/util/grpcerrors"
+)
+
+func init() {
+	typeurl.Register((*Subrequest)(nil), "github.com/moby/buildkit", "errdefs.Subrequest+json")
+}
+
+type UnsupportedSubrequestError struct {
+	Subrequest
+	error
+}
+
+func (e *UnsupportedSubrequestError) Error() string {
+	msg := fmt.Sprintf("unsupported request %s", e.Subrequest.Name)
+	if e.error != nil {
+		msg += ": " + e.error.Error()
+	}
+	return msg
+}
+
+func (e *UnsupportedSubrequestError) Unwrap() error {
+	return e.error
+}
+
+func (e *UnsupportedSubrequestError) ToProto() grpcerrors.TypedErrorProto {
+	return &e.Subrequest
+}
+
+func NewUnsupportedSubrequestError(name string) error {
+	return &UnsupportedSubrequestError{Subrequest: Subrequest{Name: name}}
+}
+
+func (v *Subrequest) WrapError(err error) error {
+	return &UnsupportedSubrequestError{error: err, Subrequest: *v}
+}
diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/vertex.go b/vendor/github.com/moby/buildkit/solver/errdefs/vertex.go
new file mode 100644
index 0000000000000..4ec375165d242
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/errdefs/vertex.go
@@ -0,0 +1,36 @@
+package errdefs
+
+import (
+	"github.com/containerd/typeurl"
+	"github.com/moby/buildkit/util/grpcerrors"
+	digest "github.com/opencontainers/go-digest"
+)
+
+func init() {
+	typeurl.Register((*Vertex)(nil), "github.com/moby/buildkit", "errdefs.Vertex+json")
+	typeurl.Register((*Source)(nil), "github.com/moby/buildkit", "errdefs.Source+json")
+}
+
+type VertexError struct {
+	Vertex
+	error
+}
+
+func (e *VertexError) Unwrap() error {
+	return e.error
+}
+
+func (e *VertexError) ToProto() grpcerrors.TypedErrorProto {
+	return &e.Vertex
+}
+
+func WrapVertex(err error, dgst digest.Digest) error {
+	if err == nil {
+		return nil
+	}
+	return &VertexError{Vertex: Vertex{Digest: dgst.String()}, error: err}
+}
+
+func (v *Vertex) WrapError(err error) error {
+	return &VertexError{error: err, Vertex: *v}
+}
diff --git a/vendor/github.com/moby/buildkit/solver/exporter.go b/vendor/github.com/moby/buildkit/solver/exporter.go
index fa963f414a3e3..26ca2fb9291ae 100644
--- a/vendor/github.com/moby/buildkit/solver/exporter.go
+++ b/vendor/github.com/moby/buildkit/solver/exporter.go
@@ -20,11 +20,12 @@ func addBacklinks(t CacheExporterTarget, rec CacheExporterRecord, cm *cacheManag
 	if rec == nil {
 		var ok bool
 		rec, ok = bkm[id]
-		if ok {
+		if ok && rec != nil {
 			return rec, nil
 		}
 		_ = ok
 	}
+	bkm[id] = nil
 	if err := cm.backend.WalkBacklinks(id, func(id string, link CacheInfoLink) error {
 		if rec == nil {
 			rec = t.Add(link.Digest)
@@ -37,7 +38,9 @@ func addBacklinks(t CacheExporterTarget, rec CacheExporterRecord, cm *cacheManag
 				return err
 			}
 		}
-		rec.LinkFrom(r, int(link.Input), link.Selector.String())
+		if r != nil {
+			rec.LinkFrom(r, int(link.Input), link.Selector.String())
+		}
 		return nil
 	}); err != nil {
 		return nil, err
@@ -66,6 +69,7 @@ func (e *exporter) ExportTo(ctx context.Context, t CacheExporterTarget, opt Cach
 	if t.Visited(e) {
 		return e.res, nil
 	}
+	t.Visit(e)
 
 	deps := e.k.Deps()
 
@@ -96,7 +100,7 @@ func (e *exporter) ExportTo(ctx context.Context, t CacheExporterTarget, opt Cach
 			return nil, err
 		}
 
-		remote, err = cm.results.LoadRemote(ctx, res)
+		remote, err = cm.results.LoadRemote(ctx, res, opt.Session)
 		if err != nil {
 			return nil, err
 		}
@@ -177,7 +181,6 @@ func (e *exporter) ExportTo(ctx context.Context, t CacheExporterTarget, opt Cach
 	}
 
 	e.res = allRec
-	t.Visit(e)
 
 	return e.res, nil
 }
diff --git a/vendor/github.com/moby/buildkit/solver/index.go b/vendor/github.com/moby/buildkit/solver/index.go
index 78a2cca256e03..4a330669d1902 100644
--- a/vendor/github.com/moby/buildkit/solver/index.go
+++ b/vendor/github.com/moby/buildkit/solver/index.go
@@ -121,14 +121,14 @@ func (ei *edgeIndex) LoadOrStore(k *CacheKey, e *edge) *edge {
 }
 
 // enforceLinked adds links from current ID to all dep keys
-func (er *edgeIndex) enforceLinked(id string, k *CacheKey) {
-	main, ok := er.items[id]
+func (ei *edgeIndex) enforceLinked(id string, k *CacheKey) {
+	main, ok := ei.items[id]
 	if !ok {
 		main = &indexItem{
 			links: map[CacheInfoLink]map[string]struct{}{},
 			deps:  map[string]struct{}{},
 		}
-		er.items[id] = main
+		ei.items[id] = main
 	}
 
 	deps := k.Deps()
@@ -136,10 +136,10 @@ func (er *edgeIndex) enforceLinked(id string, k *CacheKey) {
 	for i, dd := range deps {
 		for _, d := range dd {
 			ck := d.CacheKey.CacheKey
-			er.enforceIndexID(ck)
+			ei.enforceIndexID(ck)
 			ll := CacheInfoLink{Input: Index(i), Digest: k.Digest(), Output: k.Output(), Selector: d.Selector}
 			for _, ckID := range ck.indexIDs {
-				if item, ok := er.items[ckID]; ok {
+				if item, ok := ei.items[ckID]; ok {
 					links, ok := item.links[ll]
 					if !ok {
 						links = map[string]struct{}{}
diff --git a/vendor/github.com/moby/buildkit/solver/internal/pipe/pipe.go b/vendor/github.com/moby/buildkit/solver/internal/pipe/pipe.go
index e61a6b3465bbe..a1a857f39827c 100644
--- a/vendor/github.com/moby/buildkit/solver/internal/pipe/pipe.go
+++ b/vendor/github.com/moby/buildkit/solver/internal/pipe/pipe.go
@@ -11,11 +11,15 @@ import (
 type channel struct {
 	OnSendCompletion func()
 	value            atomic.Value
-	lastValue        interface{}
+	lastValue        *wrappedValue
+}
+
+type wrappedValue struct {
+	value interface{}
 }
 
 func (c *channel) Send(v interface{}) {
-	c.value.Store(v)
+	c.value.Store(&wrappedValue{value: v})
 	if c.OnSendCompletion != nil {
 		c.OnSendCompletion()
 	}
@@ -23,11 +27,11 @@ func (c *channel) Send(v interface{}) {
 
 func (c *channel) Receive() (interface{}, bool) {
 	v := c.value.Load()
-	if c.lastValue == v {
+	if v == nil || v.(*wrappedValue) == c.lastValue {
 		return nil, false
 	}
-	c.lastValue = v
-	return v, true
+	c.lastValue = v.(*wrappedValue)
+	return v.(*wrappedValue).value, true
 }
 
 type Pipe struct {
@@ -89,7 +93,6 @@ func New(req Request) *Pipe {
 	roundTripCh := &channel{}
 	pw := &sender{
 		req:         req,
-		recvChannel: cancelCh,
 		sendChannel: roundTripCh,
 	}
 	pr := &receiver{
@@ -125,7 +128,6 @@ func New(req Request) *Pipe {
 type sender struct {
 	status      Status
 	req         Request
-	recvChannel *channel
 	sendChannel *channel
 	mu          sync.Mutex
 }
@@ -157,7 +159,7 @@ func (pw *sender) Finalize(v interface{}, err error) {
 	}
 	pw.status.Err = err
 	pw.status.Completed = true
-	if errors.Cause(err) == context.Canceled && pw.req.Canceled {
+	if errors.Is(err, context.Canceled) && pw.req.Canceled {
 		pw.status.Canceled = true
 	}
 	pw.sendChannel.Send(pw.status)
diff --git a/vendor/github.com/moby/buildkit/solver/jobs.go b/vendor/github.com/moby/buildkit/solver/jobs.go
index 371f43199bf08..20479818ed0f2 100644
--- a/vendor/github.com/moby/buildkit/solver/jobs.go
+++ b/vendor/github.com/moby/buildkit/solver/jobs.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver/errdefs"
 	"github.com/moby/buildkit/util/flightcontrol"
 	"github.com/moby/buildkit/util/progress"
 	"github.com/moby/buildkit/util/tracing"
@@ -22,7 +23,7 @@ type ResolveOpFunc func(Vertex, Builder) (Op, error)
 
 type Builder interface {
 	Build(ctx context.Context, e Edge) (CachedResult, error)
-	Context(ctx context.Context) context.Context
+	InContext(ctx context.Context, f func(ctx context.Context, g session.Group) error) error
 	EachValue(ctx context.Context, key string, fn func(interface{}) error) error
 }
 
@@ -53,6 +54,7 @@ type state struct {
 
 	vtx          Vertex
 	clientVertex client.Vertex
+	origDigest   digest.Digest // original LLB digest. TODO: probably better to use string ID so this isn't needed
 
 	mu    sync.Mutex
 	op    *sharedOp
@@ -65,32 +67,69 @@ type state struct {
 	solver    *Solver
 }
 
-func (s *state) getSessionID() string {
-	// TODO: connect with sessionmanager to avoid getting dropped sessions
-	s.mu.Lock()
-	for j := range s.jobs {
-		if j.SessionID != "" {
-			s.mu.Unlock()
-			return j.SessionID
+func (s *state) SessionIterator() session.Iterator {
+	return s.sessionIterator()
+}
+
+func (s *state) sessionIterator() *sessionGroup {
+	return &sessionGroup{state: s, visited: map[string]struct{}{}}
+}
+
+type sessionGroup struct {
+	*state
+	visited map[string]struct{}
+	parents []session.Iterator
+	mode    int
+}
+
+func (g *sessionGroup) NextSession() string {
+	if g.mode == 0 {
+		g.mu.Lock()
+		for j := range g.jobs {
+			if j.SessionID != "" {
+				if _, ok := g.visited[j.SessionID]; ok {
+					continue
+				}
+				g.visited[j.SessionID] = struct{}{}
+				g.mu.Unlock()
+				return j.SessionID
+			}
 		}
+		g.mu.Unlock()
+		g.mode = 1
+	}
+	if g.mode == 1 {
+		parents := map[digest.Digest]struct{}{}
+		g.mu.Lock()
+		for p := range g.state.parents {
+			parents[p] = struct{}{}
+		}
+		g.mu.Unlock()
+
+		for p := range parents {
+			g.solver.mu.Lock()
+			pst, ok := g.solver.actives[p]
+			g.solver.mu.Unlock()
+			if ok {
+				gg := pst.sessionIterator()
+				gg.visited = g.visited
+				g.parents = append(g.parents, gg)
+			}
+		}
+		g.mode = 2
 	}
-	parents := map[digest.Digest]struct{}{}
-	for p := range s.parents {
-		parents[p] = struct{}{}
-	}
-	s.mu.Unlock()
 
-	for p := range parents {
-		s.solver.mu.Lock()
-		pst, ok := s.solver.actives[p]
-		s.solver.mu.Unlock()
-		if ok {
-			if sessionID := pst.getSessionID(); sessionID != "" {
-				return sessionID
-			}
+	for {
+		if len(g.parents) == 0 {
+			return ""
 		}
+		p := g.parents[0]
+		id := p.NextSession()
+		if id != "" {
+			return id
+		}
+		g.parents = g.parents[1:]
 	}
-	return ""
 }
 
 func (s *state) builder() *subBuilder {
@@ -141,7 +180,7 @@ func (s *state) combinedCacheManager() CacheManager {
 		return s.mainCache
 	}
 
-	return newCombinedCacheManager(cms, s.mainCache)
+	return NewCombinedCacheManager(cms, s.mainCache)
 }
 
 func (s *state) Release() {
@@ -170,13 +209,13 @@ func (sb *subBuilder) Build(ctx context.Context, e Edge) (CachedResult, error) {
 	return res, nil
 }
 
-func (sb *subBuilder) Context(ctx context.Context) context.Context {
-	return opentracing.ContextWithSpan(progress.WithProgress(ctx, sb.mpw), sb.mspan)
+func (sb *subBuilder) InContext(ctx context.Context, f func(context.Context, session.Group) error) error {
+	return f(opentracing.ContextWithSpan(progress.WithProgress(ctx, sb.mpw), sb.mspan), sb.state)
 }
 
 func (sb *subBuilder) EachValue(ctx context.Context, key string, fn func(interface{}) error) error {
 	sb.mu.Lock()
-	defer sb.mu.Lock()
+	defer sb.mu.Unlock()
 	for j := range sb.jobs {
 		if err := j.EachValue(ctx, key, fn); err != nil {
 			return err
@@ -191,6 +230,7 @@ type Job struct {
 	pw     progress.Writer
 	span   opentracing.Span
 	values sync.Map
+	id     string
 
 	progressCloser func()
 	SessionID      string
@@ -228,6 +268,17 @@ func (jl *Solver) setEdge(e Edge, newEdge *edge) {
 	st.setEdge(e.Index, newEdge)
 }
 
+func (jl *Solver) getState(e Edge) *state {
+	jl.mu.RLock()
+	defer jl.mu.RUnlock()
+
+	st, ok := jl.actives[e.Vertex.Digest()]
+	if !ok {
+		return nil
+	}
+	return st
+}
+
 func (jl *Solver) getEdge(e Edge) *edge {
 	jl.mu.RLock()
 	defer jl.mu.RUnlock()
@@ -317,6 +368,7 @@ func (jl *Solver) loadUnlocked(v, parent Vertex, j *Job, cache map[Vertex]Vertex
 			mainCache:    jl.opts.DefaultCache,
 			cache:        map[string]CacheManager{},
 			solver:       jl,
+			origDigest:   origVtx.Digest(),
 		}
 		jl.actives[dgst] = st
 	}
@@ -389,6 +441,7 @@ func (jl *Solver) NewJob(id string) (*Job, error) {
 		pw:             pw,
 		progressCloser: progressCloser,
 		span:           (&opentracing.NoopTracer{}).StartSpan(""),
+		id:             id,
 	}
 	jl.jobs[id] = j
 
@@ -403,7 +456,9 @@ func (jl *Solver) Get(id string) (*Job, error) {
 
 	go func() {
 		<-ctx.Done()
+		jl.mu.Lock()
 		jl.updateCond.Broadcast()
+		jl.mu.Unlock()
 	}()
 
 	jl.mu.RLock()
@@ -471,11 +526,19 @@ func (j *Job) Discard() error {
 		}
 		st.mu.Unlock()
 	}
+
+	go func() {
+		// don't clear job right away. there might still be a status request coming to read progress
+		time.Sleep(10 * time.Second)
+		j.list.mu.Lock()
+		defer j.list.mu.Unlock()
+		delete(j.list.jobs, j.id)
+	}()
 	return nil
 }
 
-func (j *Job) Context(ctx context.Context) context.Context {
-	return progress.WithProgress(ctx, j.pw)
+func (j *Job) InContext(ctx context.Context, f func(context.Context, session.Group) error) error {
+	return f(progress.WithProgress(ctx, j.pw), session.NewGroup(j.SessionID))
 }
 
 func (j *Job) SetValue(key string, v interface{}) {
@@ -501,7 +564,7 @@ type activeOp interface {
 	Exec(ctx context.Context, inputs []Result) (outputs []Result, exporters []ExportableCacheKey, err error)
 	IgnoreCache() bool
 	Cache() CacheManager
-	CalcSlowCache(context.Context, Index, ResultBasedCacheFunc, Result) (digest.Digest, error)
+	CalcSlowCache(context.Context, Index, PreprocessFunc, ResultBasedCacheFunc, Result) (digest.Digest, error)
 }
 
 func newSharedOp(resolver ResolveOpFunc, cacheManager CacheManager, st *state) *sharedOp {
@@ -554,33 +617,58 @@ func (s *sharedOp) LoadCache(ctx context.Context, rec *CacheRecord) (Result, err
 	// no cache hit. start evaluating the node
 	span, ctx := tracing.StartSpan(ctx, "load cache: "+s.st.vtx.Name())
 	notifyStarted(ctx, &s.st.clientVertex, true)
-	res, err := s.Cache().Load(ctx, rec)
+	res, err := s.Cache().Load(withAncestorCacheOpts(ctx, s.st), rec)
 	tracing.FinishWithError(span, err)
 	notifyCompleted(ctx, &s.st.clientVertex, err, true)
 	return res, err
 }
 
-func (s *sharedOp) CalcSlowCache(ctx context.Context, index Index, f ResultBasedCacheFunc, res Result) (digest.Digest, error) {
+// CalcSlowCache computes the digest of an input that is ready and has been
+// evaluated, hence "slow" cache.
+func (s *sharedOp) CalcSlowCache(ctx context.Context, index Index, p PreprocessFunc, f ResultBasedCacheFunc, res Result) (dgst digest.Digest, err error) {
+	defer func() {
+		err = WrapSlowCache(err, index, NewSharedResult(res).Clone())
+		err = errdefs.WithOp(err, s.st.vtx.Sys())
+		err = errdefs.WrapVertex(err, s.st.origDigest)
+	}()
 	key, err := s.g.Do(ctx, fmt.Sprintf("slow-compute-%d", index), func(ctx context.Context) (interface{}, error) {
 		s.slowMu.Lock()
 		// TODO: add helpers for these stored values
-		if res := s.slowCacheRes[index]; res != "" {
+		if res, ok := s.slowCacheRes[index]; ok {
 			s.slowMu.Unlock()
 			return res, nil
 		}
 		if err := s.slowCacheErr[index]; err != nil {
 			s.slowMu.Unlock()
-			return err, nil
+			return nil, err
 		}
 		s.slowMu.Unlock()
-		ctx = opentracing.ContextWithSpan(progress.WithProgress(ctx, s.st.mpw), s.st.mspan)
-		key, err := f(ctx, res)
+
 		complete := true
+		if p != nil {
+			st := s.st.solver.getState(s.st.vtx.Inputs()[index])
+			if st == nil {
+				return nil, errors.Errorf("failed to get state for index %d on %v", index, s.st.vtx.Name())
+			}
+			ctx2 := opentracing.ContextWithSpan(progress.WithProgress(ctx, st.mpw), st.mspan)
+			err = p(ctx2, res, st)
+			if err != nil {
+				f = nil
+				ctx = ctx2
+			}
+		}
+
+		var key digest.Digest
+		if f != nil {
+			ctx = opentracing.ContextWithSpan(progress.WithProgress(ctx, s.st.mpw), s.st.mspan)
+			key, err = f(withAncestorCacheOpts(ctx, s.st), res, s.st)
+		}
 		if err != nil {
 			select {
 			case <-ctx.Done():
 				if strings.Contains(err.Error(), context.Canceled.Error()) {
 					complete = false
+					releaseError(err)
 					err = errors.Wrap(ctx.Err(), err.Error())
 				}
 			default:
@@ -605,7 +693,11 @@ func (s *sharedOp) CalcSlowCache(ctx context.Context, index Index, f ResultBased
 	return key.(digest.Digest), nil
 }
 
-func (s *sharedOp) CacheMap(ctx context.Context, index int) (*cacheMapResp, error) {
+func (s *sharedOp) CacheMap(ctx context.Context, index int) (resp *cacheMapResp, err error) {
+	defer func() {
+		err = errdefs.WithOp(err, s.st.vtx.Sys())
+		err = errdefs.WrapVertex(err, s.st.origDigest)
+	}()
 	op, err := s.getOp()
 	if err != nil {
 		return nil, err
@@ -618,7 +710,7 @@ func (s *sharedOp) CacheMap(ctx context.Context, index int) (*cacheMapResp, erro
 			return nil, s.cacheErr
 		}
 		ctx = opentracing.ContextWithSpan(progress.WithProgress(ctx, s.st.mpw), s.st.mspan)
-		ctx = session.NewContext(ctx, s.st.getSessionID())
+		ctx = withAncestorCacheOpts(ctx, s.st)
 		if len(s.st.vtx.Inputs()) == 0 {
 			// no cache hit. start evaluating the node
 			span, ctx := tracing.StartSpan(ctx, "cache request: "+s.st.vtx.Name())
@@ -628,13 +720,14 @@ func (s *sharedOp) CacheMap(ctx context.Context, index int) (*cacheMapResp, erro
 				notifyCompleted(ctx, &s.st.clientVertex, retErr, false)
 			}()
 		}
-		res, done, err := op.CacheMap(ctx, len(s.cacheRes))
+		res, done, err := op.CacheMap(ctx, s.st, len(s.cacheRes))
 		complete := true
 		if err != nil {
 			select {
 			case <-ctx.Done():
 				if strings.Contains(err.Error(), context.Canceled.Error()) {
 					complete = false
+					releaseError(err)
 					err = errors.Wrap(ctx.Err(), err.Error())
 				}
 			default:
@@ -661,6 +754,10 @@ func (s *sharedOp) CacheMap(ctx context.Context, index int) (*cacheMapResp, erro
 }
 
 func (s *sharedOp) Exec(ctx context.Context, inputs []Result) (outputs []Result, exporters []ExportableCacheKey, err error) {
+	defer func() {
+		err = errdefs.WithOp(err, s.st.vtx.Sys())
+		err = errdefs.WrapVertex(err, s.st.origDigest)
+	}()
 	op, err := s.getOp()
 	if err != nil {
 		return nil, nil, err
@@ -669,9 +766,14 @@ func (s *sharedOp) Exec(ctx context.Context, inputs []Result) (outputs []Result,
 		if s.execRes != nil || s.execErr != nil {
 			return s.execRes, s.execErr
 		}
+		release, err := op.Acquire(ctx)
+		if err != nil {
+			return nil, errors.Wrap(err, "acquire op resources")
+		}
+		defer release()
 
 		ctx = opentracing.ContextWithSpan(progress.WithProgress(ctx, s.st.mpw), s.st.mspan)
-		ctx = session.NewContext(ctx, s.st.getSessionID())
+		ctx = withAncestorCacheOpts(ctx, s.st)
 
 		// no cache hit. start evaluating the node
 		span, ctx := tracing.StartSpan(ctx, s.st.vtx.Name())
@@ -681,13 +783,14 @@ func (s *sharedOp) Exec(ctx context.Context, inputs []Result) (outputs []Result,
 			notifyCompleted(ctx, &s.st.clientVertex, retErr, false)
 		}()
 
-		res, err := op.Exec(ctx, inputs)
+		res, err := op.Exec(ctx, s.st, inputs)
 		complete := true
 		if err != nil {
 			select {
 			case <-ctx.Done():
 				if strings.Contains(err.Error(), context.Canceled.Error()) {
 					complete = false
+					releaseError(err)
 					err = errors.Wrap(ctx.Err(), err.Error())
 				}
 			default:
@@ -800,3 +903,40 @@ func notifyCompleted(ctx context.Context, v *client.Vertex, err error, cached bo
 	}
 	pw.Write(v.Digest.String(), *v)
 }
+
+type SlowCacheError struct {
+	error
+	Index  Index
+	Result Result
+}
+
+func (e *SlowCacheError) Unwrap() error {
+	return e.error
+}
+
+func (e *SlowCacheError) ToSubject() errdefs.IsSolve_Subject {
+	return &errdefs.Solve_Cache{
+		Cache: &errdefs.ContentCache{
+			Index: int64(e.Index),
+		},
+	}
+}
+
+func WrapSlowCache(err error, index Index, res Result) error {
+	if err == nil {
+		return nil
+	}
+	return &SlowCacheError{Index: index, Result: res, error: err}
+}
+
+func releaseError(err error) {
+	if err == nil {
+		return
+	}
+	if re, ok := err.(interface {
+		Release() error
+	}); ok {
+		re.Release()
+	}
+	releaseError(errors.Unwrap(err))
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go
index 5894417deb004..e6a5850fef01e 100644
--- a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go
@@ -3,141 +3,271 @@ package llbsolver
 import (
 	"context"
 	"fmt"
-	"io"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/containerd/containerd/platforms"
-	"github.com/docker/distribution/reference"
-	"github.com/moby/buildkit/cache"
+	"github.com/mitchellh/hashstructure"
 	"github.com/moby/buildkit/cache/remotecache"
-	"github.com/moby/buildkit/executor"
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/frontend"
 	gw "github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
-	"github.com/moby/buildkit/util/tracing"
+	"github.com/moby/buildkit/solver/errdefs"
+	llberrdefs "github.com/moby/buildkit/solver/llbsolver/errdefs"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/flightcontrol"
 	"github.com/moby/buildkit/worker"
 	digest "github.com/opencontainers/go-digest"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 type llbBridge struct {
-	builder              solver.Builder
-	frontends            map[string]frontend.Frontend
-	resolveWorker        func() (worker.Worker, error)
-	resolveCacheImporter remotecache.ResolveCacheImporterFunc
-	cms                  map[string]solver.CacheManager
-	cmsMu                sync.Mutex
-	platforms            []specs.Platform
+	builder                   solver.Builder
+	frontends                 map[string]frontend.Frontend
+	resolveWorker             func() (worker.Worker, error)
+	eachWorker                func(func(worker.Worker) error) error
+	resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc
+	cms                       map[string]solver.CacheManager
+	cmsMu                     sync.Mutex
+	sm                        *session.Manager
 }
 
-func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res *frontend.Result, err error) {
+func (b *llbBridge) loadResult(ctx context.Context, def *pb.Definition, cacheImports []gw.CacheOptionsEntry) (solver.CachedResult, error) {
 	w, err := b.resolveWorker()
 	if err != nil {
 		return nil, err
 	}
+	ent, err := loadEntitlements(b.builder)
+	if err != nil {
+		return nil, err
+	}
 	var cms []solver.CacheManager
-	for _, ref := range req.ImportCacheRefs {
+	for _, im := range cacheImports {
+		cmID, err := cmKey(im)
+		if err != nil {
+			return nil, err
+		}
 		b.cmsMu.Lock()
 		var cm solver.CacheManager
-		if prevCm, ok := b.cms[ref]; !ok {
-			r, err := reference.ParseNormalizedNamed(ref)
-			if err != nil {
-				return nil, err
-			}
-			ref = reference.TagNameOnly(r).String()
-			func(ref string) {
-				cm = newLazyCacheManager(ref, func() (solver.CacheManager, error) {
+		if prevCm, ok := b.cms[cmID]; !ok {
+			func(cmID string, im gw.CacheOptionsEntry) {
+				cm = newLazyCacheManager(cmID, func() (solver.CacheManager, error) {
 					var cmNew solver.CacheManager
-					if err := inVertexContext(b.builder.Context(ctx), "importing cache manifest from "+ref, "", func(ctx context.Context) error {
-						if b.resolveCacheImporter == nil {
-							return errors.New("no cache importer is available")
+					if err := inBuilderContext(context.TODO(), b.builder, "importing cache manifest from "+cmID, "", func(ctx context.Context, g session.Group) error {
+						resolveCI, ok := b.resolveCacheImporterFuncs[im.Type]
+						if !ok {
+							return errors.Errorf("unknown cache importer: %s", im.Type)
 						}
-						typ := "" // TODO: support non-registry type
-						ci, desc, err := b.resolveCacheImporter(ctx, typ, ref)
+						ci, desc, err := resolveCI(ctx, g, im.Attrs)
 						if err != nil {
 							return err
 						}
-						cmNew, err = ci.Resolve(ctx, desc, ref, w)
+						cmNew, err = ci.Resolve(ctx, desc, cmID, w)
 						return err
 					}); err != nil {
+						logrus.Debugf("error while importing cache manifest from cmId=%s: %v", cmID, err)
 						return nil, err
 					}
 					return cmNew, nil
 				})
-			}(ref)
-			b.cms[ref] = cm
+			}(cmID, im)
+			b.cms[cmID] = cm
 		} else {
 			cm = prevCm
 		}
 		cms = append(cms, cm)
 		b.cmsMu.Unlock()
 	}
+	dpc := &detectPrunedCacheID{}
 
-	if req.Definition != nil && req.Definition.Def != nil && req.Frontend != "" {
-		return nil, errors.New("cannot solve with both Definition and Frontend specified")
+	edge, err := Load(def, dpc.Load, ValidateEntitlements(ent), WithCacheSources(cms), NormalizeRuntimePlatforms(), WithValidateCaps())
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to load LLB")
 	}
 
-	if req.Definition != nil && req.Definition.Def != nil {
-		ent, err := loadEntitlements(b.builder)
-		if err != nil {
-			return nil, err
+	if len(dpc.ids) > 0 {
+		ids := make([]string, 0, len(dpc.ids))
+		for id := range dpc.ids {
+			ids = append(ids, id)
 		}
-
-		edge, err := Load(req.Definition, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps())
-		if err != nil {
+		if err := b.eachWorker(func(w worker.Worker) error {
+			return w.PruneCacheMounts(ctx, ids)
+		}); err != nil {
 			return nil, err
 		}
-		ref, err := b.builder.Build(ctx, edge)
-		if err != nil {
+	}
+
+	res, err := b.builder.Build(ctx, edge)
+	if err != nil {
+		return nil, err
+	}
+	wr, ok := res.Sys().(*worker.WorkerRef)
+	if !ok {
+		return nil, errors.Errorf("invalid reference for exporting: %T", res.Sys())
+	}
+	if wr.ImmutableRef != nil {
+		if err := wr.ImmutableRef.Finalize(ctx, false); err != nil {
 			return nil, err
 		}
+	}
+	return res, err
+}
+
+func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest, sid string) (res *frontend.Result, err error) {
+	if req.Definition != nil && req.Definition.Def != nil && req.Frontend != "" {
+		return nil, errors.New("cannot solve with both Definition and Frontend specified")
+	}
 
-		res = &frontend.Result{Ref: ref}
+	if req.Definition != nil && req.Definition.Def != nil {
+		res = &frontend.Result{Ref: newResultProxy(b, req)}
+		if req.Evaluate {
+			_, err := res.Ref.Result(ctx)
+			return res, err
+		}
 	} else if req.Frontend != "" {
 		f, ok := b.frontends[req.Frontend]
 		if !ok {
 			return nil, errors.Errorf("invalid frontend: %s", req.Frontend)
 		}
-		res, err = f.Solve(ctx, b, req.FrontendOpt)
+		res, err = f.Solve(ctx, b, req.FrontendOpt, req.FrontendInputs, sid, b.sm)
 		if err != nil {
-			return nil, err
+			return nil, errors.Wrapf(err, "failed to solve with frontend %s", req.Frontend)
 		}
 	} else {
 		return &frontend.Result{}, nil
 	}
 
-	if err := res.EachRef(func(r solver.CachedResult) error {
-		wr, ok := r.Sys().(*worker.WorkerRef)
-		if !ok {
-			return errors.Errorf("invalid reference for exporting: %T", r.Sys())
+	return
+}
+
+type resultProxy struct {
+	cb         func(context.Context) (solver.CachedResult, error)
+	def        *pb.Definition
+	g          flightcontrol.Group
+	mu         sync.Mutex
+	released   bool
+	v          solver.CachedResult
+	err        error
+	errResults []solver.Result
+}
+
+func newResultProxy(b *llbBridge, req frontend.SolveRequest) *resultProxy {
+	rp := &resultProxy{
+		def: req.Definition,
+	}
+	rp.cb = func(ctx context.Context) (solver.CachedResult, error) {
+		res, err := b.loadResult(ctx, req.Definition, req.CacheImports)
+		var ee *llberrdefs.ExecError
+		if errors.As(err, &ee) {
+			ee.EachRef(func(res solver.Result) error {
+				rp.errResults = append(rp.errResults, res)
+				return nil
+			})
+			// acquire ownership so ExecError finalizer doesn't attempt to release as well
+			ee.OwnerBorrowed = true
 		}
-		if wr.ImmutableRef != nil {
-			if err := wr.ImmutableRef.Finalize(ctx, false); err != nil {
-				return err
-			}
+		return res, err
+	}
+	return rp
+}
+
+func (rp *resultProxy) Definition() *pb.Definition {
+	return rp.def
+}
+
+func (rp *resultProxy) Release(ctx context.Context) (err error) {
+	rp.mu.Lock()
+	defer rp.mu.Unlock()
+	for _, res := range rp.errResults {
+		rerr := res.Release(ctx)
+		if rerr != nil {
+			err = rerr
+		}
+	}
+	if rp.v != nil {
+		if rp.released {
+			logrus.Warnf("release of already released result")
+		}
+		rerr := rp.v.Release(ctx)
+		if err != nil {
+			return rerr
 		}
-		return nil
-	}); err != nil {
-		return nil, err
 	}
+	rp.released = true
 	return
 }
 
-func (s *llbBridge) Exec(ctx context.Context, meta executor.Meta, root cache.ImmutableRef, stdin io.ReadCloser, stdout, stderr io.WriteCloser) (err error) {
-	w, err := s.resolveWorker()
-	if err != nil {
-		return err
+func (rp *resultProxy) wrapError(err error) error {
+	if err == nil {
+		return nil
+	}
+	var ve *errdefs.VertexError
+	if errors.As(err, &ve) {
+		if rp.def.Source != nil {
+			locs, ok := rp.def.Source.Locations[string(ve.Digest)]
+			if ok {
+				for _, loc := range locs.Locations {
+					err = errdefs.WithSource(err, errdefs.Source{
+						Info:   rp.def.Source.Infos[loc.SourceIndex],
+						Ranges: loc.Ranges,
+					})
+				}
+			}
+		}
 	}
-	span, ctx := tracing.StartSpan(ctx, strings.Join(meta.Args, " "))
-	err = w.Exec(ctx, meta, root, stdin, stdout, stderr)
-	tracing.FinishWithError(span, err)
 	return err
 }
 
-func (s *llbBridge) ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (dgst digest.Digest, config []byte, err error) {
-	w, err := s.resolveWorker()
+func (rp *resultProxy) Result(ctx context.Context) (res solver.CachedResult, err error) {
+	defer func() {
+		err = rp.wrapError(err)
+	}()
+	r, err := rp.g.Do(ctx, "result", func(ctx context.Context) (interface{}, error) {
+		rp.mu.Lock()
+		if rp.released {
+			rp.mu.Unlock()
+			return nil, errors.Errorf("accessing released result")
+		}
+		if rp.v != nil || rp.err != nil {
+			rp.mu.Unlock()
+			return rp.v, rp.err
+		}
+		rp.mu.Unlock()
+		v, err := rp.cb(ctx)
+		if err != nil {
+			select {
+			case <-ctx.Done():
+				if strings.Contains(err.Error(), context.Canceled.Error()) {
+					return v, err
+				}
+			default:
+			}
+		}
+		rp.mu.Lock()
+		if rp.released {
+			if v != nil {
+				v.Release(context.TODO())
+			}
+			rp.mu.Unlock()
+			return nil, errors.Errorf("evaluating released result")
+		}
+		rp.v = v
+		rp.err = err
+		rp.mu.Unlock()
+		return v, err
+	})
+	if r != nil {
+		return r.(solver.CachedResult), nil
+	}
+	return nil, err
+}
+
+func (b *llbBridge) ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt) (dgst digest.Digest, config []byte, err error) {
+	w, err := b.resolveWorker()
 	if err != nil {
 		return "", nil, err
 	}
@@ -150,8 +280,8 @@ func (s *llbBridge) ResolveImageConfig(ctx context.Context, ref string, opt gw.R
 	} else {
 		id += platforms.Format(*platform)
 	}
-	err = inVertexContext(s.builder.Context(ctx), opt.LogName, id, func(ctx context.Context) error {
-		dgst, config, err = w.ResolveImageConfig(ctx, ref, opt)
+	err = inBuilderContext(ctx, b.builder, opt.LogName, id, func(ctx context.Context, g session.Group) error {
+		dgst, config, err = w.ResolveImageConfig(ctx, ref, opt, b.sm, g)
 		return err
 	})
 	return dgst, config, err
@@ -169,14 +299,16 @@ func (lcm *lazyCacheManager) ID() string {
 	return lcm.id
 }
 func (lcm *lazyCacheManager) Query(inp []solver.CacheKeyWithSelector, inputIndex solver.Index, dgst digest.Digest, outputIndex solver.Index) ([]*solver.CacheKey, error) {
-	if err := lcm.wait(); err != nil {
-		return nil, err
+	lcm.wait()
+	if lcm.main == nil {
+		return nil, nil
 	}
 	return lcm.main.Query(inp, inputIndex, dgst, outputIndex)
 }
 func (lcm *lazyCacheManager) Records(ck *solver.CacheKey) ([]*solver.CacheRecord, error) {
-	if err := lcm.wait(); err != nil {
-		return nil, err
+	lcm.wait()
+	if lcm.main == nil {
+		return nil, nil
 	}
 	return lcm.main.Records(ck)
 }
@@ -186,11 +318,11 @@ func (lcm *lazyCacheManager) Load(ctx context.Context, rec *solver.CacheRecord)
 	}
 	return lcm.main.Load(ctx, rec)
 }
-func (lcm *lazyCacheManager) Save(key *solver.CacheKey, s solver.Result) (*solver.ExportableCacheKey, error) {
+func (lcm *lazyCacheManager) Save(key *solver.CacheKey, s solver.Result, createdAt time.Time) (*solver.ExportableCacheKey, error) {
 	if err := lcm.wait(); err != nil {
 		return nil, err
 	}
-	return lcm.main.Save(key, s)
+	return lcm.main.Save(key, s, createdAt)
 }
 
 func (lcm *lazyCacheManager) wait() error {
@@ -211,3 +343,14 @@ func newLazyCacheManager(id string, fn func() (solver.CacheManager, error)) solv
 	}()
 	return lcm
 }
+
+func cmKey(im gw.CacheOptionsEntry) (string, error) {
+	if im.Type == "registry" && im.Attrs["ref"] != "" {
+		return im.Attrs["ref"], nil
+	}
+	i, err := hashstructure.Hash(im, nil)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%s:%d", im.Type, i), nil
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/errdefs/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/errdefs/exec.go
new file mode 100644
index 0000000000000..ed3c0d4b0faea
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/errdefs/exec.go
@@ -0,0 +1,83 @@
+package errdefs
+
+import (
+	"context"
+	"runtime"
+
+	"github.com/moby/buildkit/solver"
+	"github.com/sirupsen/logrus"
+)
+
+// ExecError will be returned when an error is encountered when evaluating an op.
+type ExecError struct {
+	error
+	Inputs        []solver.Result
+	Mounts        []solver.Result
+	OwnerBorrowed bool
+}
+
+func (e *ExecError) Unwrap() error {
+	return e.error
+}
+
+func (e *ExecError) EachRef(fn func(solver.Result) error) (err error) {
+	m := map[solver.Result]struct{}{}
+	for _, res := range e.Inputs {
+		if res == nil {
+			continue
+		}
+		if _, ok := m[res]; ok {
+			continue
+		}
+		m[res] = struct{}{}
+		if err1 := fn(res); err1 != nil && err == nil {
+			err = err1
+		}
+	}
+	for _, res := range e.Mounts {
+		if res == nil {
+			continue
+		}
+		if _, ok := m[res]; ok {
+			continue
+		}
+		m[res] = struct{}{}
+		if err1 := fn(res); err1 != nil && err == nil {
+			err = err1
+		}
+	}
+	return err
+}
+
+func (e *ExecError) Release() error {
+	if e.OwnerBorrowed {
+		return nil
+	}
+	err := e.EachRef(func(r solver.Result) error {
+		r.Release(context.TODO())
+		return nil
+	})
+	e.OwnerBorrowed = true
+	return err
+}
+
+func WithExecError(err error, inputs, mounts []solver.Result) error {
+	if err == nil {
+		return nil
+	}
+	ee := &ExecError{
+		error:  err,
+		Inputs: inputs,
+		Mounts: mounts,
+	}
+	runtime.SetFinalizer(ee, func(e *ExecError) {
+		if !e.OwnerBorrowed {
+			e.EachRef(func(r solver.Result) error {
+				logrus.Warn("leaked execError detected and released")
+				r.Release(context.TODO())
+				return nil
+			})
+		}
+	})
+	return ee
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/errdefs/file.go b/vendor/github.com/moby/buildkit/solver/llbsolver/errdefs/file.go
new file mode 100644
index 0000000000000..cef5397c1cf24
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/errdefs/file.go
@@ -0,0 +1,34 @@
+package errdefs
+
+import (
+	serrdefs "github.com/moby/buildkit/solver/errdefs"
+)
+
+// FileActionError will be returned when an error is encountered when solving
+// a fileop.
+type FileActionError struct {
+	error
+	Index int
+}
+
+func (e *FileActionError) Unwrap() error {
+	return e.error
+}
+
+func (e *FileActionError) ToSubject() serrdefs.IsSolve_Subject {
+	return &serrdefs.Solve_File{
+		File: &serrdefs.FileAction{
+			Index: int64(e.Index),
+		},
+	}
+}
+
+func WithFileActionError(err error, idx int) error {
+	if err == nil {
+		return nil
+	}
+	return &FileActionError{
+		error: err,
+		Index: idx,
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go b/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go
new file mode 100644
index 0000000000000..0060ad3fc98a2
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go
@@ -0,0 +1,346 @@
+package file
+
+import (
+	"context"
+	"io/ioutil"
+	"log"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/containerd/continuity/fs"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver/llbsolver/ops/fileoptypes"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/pkg/errors"
+	copy "github.com/tonistiigi/fsutil/copy"
+)
+
+func timestampToTime(ts int64) *time.Time {
+	if ts == -1 {
+		return nil
+	}
+	tm := time.Unix(ts/1e9, ts%1e9)
+	return &tm
+}
+
+func mapUserToChowner(user *copy.User, idmap *idtools.IdentityMapping) (copy.Chowner, error) {
+	if user == nil {
+		return func(old *copy.User) (*copy.User, error) {
+			if old == nil {
+				if idmap == nil {
+					return nil, nil
+				}
+				old = &copy.User{} // root
+				// non-nil old is already mapped
+				if idmap != nil {
+					identity, err := idmap.ToHost(idtools.Identity{
+						UID: old.UID,
+						GID: old.GID,
+					})
+					if err != nil {
+						return nil, err
+					}
+					return &copy.User{UID: identity.UID, GID: identity.GID}, nil
+				}
+			}
+			return old, nil
+		}, nil
+	}
+	u := *user
+	if idmap != nil {
+		identity, err := idmap.ToHost(idtools.Identity{
+			UID: user.UID,
+			GID: user.GID,
+		})
+		if err != nil {
+			return nil, err
+		}
+		u.UID = identity.UID
+		u.GID = identity.GID
+	}
+	return func(*copy.User) (*copy.User, error) {
+		return &u, nil
+	}, nil
+}
+
+func mkdir(ctx context.Context, d string, action pb.FileActionMkDir, user *copy.User, idmap *idtools.IdentityMapping) error {
+	p, err := fs.RootPath(d, filepath.Join("/", action.Path))
+	if err != nil {
+		return err
+	}
+
+	ch, err := mapUserToChowner(user, idmap)
+	if err != nil {
+		return err
+	}
+
+	if action.MakeParents {
+		if err := copy.MkdirAll(p, os.FileMode(action.Mode)&0777, ch, timestampToTime(action.Timestamp)); err != nil {
+			return err
+		}
+	} else {
+		if err := os.Mkdir(p, os.FileMode(action.Mode)&0777); err != nil {
+			if errors.Is(err, os.ErrExist) {
+				return nil
+			}
+			return err
+		}
+		if err := copy.Chown(p, nil, ch); err != nil {
+			return err
+		}
+		if err := copy.Utimes(p, timestampToTime(action.Timestamp)); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func mkfile(ctx context.Context, d string, action pb.FileActionMkFile, user *copy.User, idmap *idtools.IdentityMapping) error {
+	p, err := fs.RootPath(d, filepath.Join("/", action.Path))
+	if err != nil {
+		return err
+	}
+
+	ch, err := mapUserToChowner(user, idmap)
+	if err != nil {
+		return err
+	}
+
+	if err := ioutil.WriteFile(p, action.Data, os.FileMode(action.Mode)&0777); err != nil {
+		return err
+	}
+
+	if err := copy.Chown(p, nil, ch); err != nil {
+		return err
+	}
+
+	if err := copy.Utimes(p, timestampToTime(action.Timestamp)); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func rm(ctx context.Context, d string, action pb.FileActionRm) error {
+	if action.AllowWildcard {
+		src := cleanPath(action.Path)
+		m, err := copy.ResolveWildcards(d, src, false)
+		if err != nil {
+			return err
+		}
+
+		for _, s := range m {
+			if err := rmPath(d, s, action.AllowNotFound); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	}
+
+	return rmPath(d, action.Path, action.AllowNotFound)
+}
+
+func rmPath(root, src string, allowNotFound bool) error {
+	p, err := fs.RootPath(root, filepath.Join("/", src))
+	if err != nil {
+		return err
+	}
+
+	if err := os.RemoveAll(p); err != nil {
+		if errors.Is(err, os.ErrNotExist) && allowNotFound {
+			return nil
+		}
+		return err
+	}
+
+	return nil
+}
+
+func docopy(ctx context.Context, src, dest string, action pb.FileActionCopy, u *copy.User, idmap *idtools.IdentityMapping) error {
+	srcPath := cleanPath(action.Src)
+	destPath := cleanPath(action.Dest)
+
+	if !action.CreateDestPath {
+		p, err := fs.RootPath(dest, filepath.Join("/", action.Dest))
+		if err != nil {
+			return err
+		}
+		if _, err := os.Lstat(filepath.Dir(p)); err != nil {
+			return errors.Wrapf(err, "failed to stat %s", action.Dest)
+		}
+	}
+
+	xattrErrorHandler := func(dst, src, key string, err error) error {
+		log.Println(err)
+		return nil
+	}
+
+	ch, err := mapUserToChowner(u, idmap)
+	if err != nil {
+		return err
+	}
+
+	opt := []copy.Opt{
+		func(ci *copy.CopyInfo) {
+			ci.IncludePatterns = action.IncludePatterns
+			ci.ExcludePatterns = action.ExcludePatterns
+			ci.Chown = ch
+			ci.Utime = timestampToTime(action.Timestamp)
+			if m := int(action.Mode); m != -1 {
+				ci.Mode = &m
+			}
+			ci.CopyDirContents = action.DirCopyContents
+			ci.FollowLinks = action.FollowSymlink
+		},
+		copy.WithXAttrErrorHandler(xattrErrorHandler),
+	}
+
+	if !action.AllowWildcard {
+		if action.AttemptUnpackDockerCompatibility {
+			if ok, err := unpack(ctx, src, srcPath, dest, destPath, ch, timestampToTime(action.Timestamp)); err != nil {
+				return err
+			} else if ok {
+				return nil
+			}
+		}
+		return copy.Copy(ctx, src, srcPath, dest, destPath, opt...)
+	}
+
+	m, err := copy.ResolveWildcards(src, srcPath, action.FollowSymlink)
+	if err != nil {
+		return err
+	}
+
+	if len(m) == 0 {
+		if action.AllowEmptyWildcard {
+			return nil
+		}
+		return errors.Errorf("%s not found", srcPath)
+	}
+
+	for _, s := range m {
+		if action.AttemptUnpackDockerCompatibility {
+			if ok, err := unpack(ctx, src, s, dest, destPath, ch, timestampToTime(action.Timestamp)); err != nil {
+				return err
+			} else if ok {
+				continue
+			}
+		}
+		if err := copy.Copy(ctx, src, s, dest, destPath, opt...); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func cleanPath(s string) string {
+	s2 := filepath.Join("/", s)
+	if strings.HasSuffix(s, "/.") {
+		if s2 != "/" {
+			s2 += "/"
+		}
+		s2 += "."
+	} else if strings.HasSuffix(s, "/") && s2 != "/" {
+		s2 += "/"
+	}
+	return s2
+}
+
+type Backend struct {
+}
+
+func (fb *Backend) Mkdir(ctx context.Context, m, user, group fileoptypes.Mount, action pb.FileActionMkDir) error {
+	mnt, ok := m.(*Mount)
+	if !ok {
+		return errors.Errorf("invalid mount type %T", m)
+	}
+
+	lm := snapshot.LocalMounter(mnt.m)
+	dir, err := lm.Mount()
+	if err != nil {
+		return err
+	}
+	defer lm.Unmount()
+
+	u, err := readUser(action.Owner, user, group)
+	if err != nil {
+		return err
+	}
+
+	return mkdir(ctx, dir, action, u, mnt.m.IdentityMapping())
+}
+
+func (fb *Backend) Mkfile(ctx context.Context, m, user, group fileoptypes.Mount, action pb.FileActionMkFile) error {
+	mnt, ok := m.(*Mount)
+	if !ok {
+		return errors.Errorf("invalid mount type %T", m)
+	}
+
+	lm := snapshot.LocalMounter(mnt.m)
+	dir, err := lm.Mount()
+	if err != nil {
+		return err
+	}
+	defer lm.Unmount()
+
+	u, err := readUser(action.Owner, user, group)
+	if err != nil {
+		return err
+	}
+
+	return mkfile(ctx, dir, action, u, mnt.m.IdentityMapping())
+}
+
+func (fb *Backend) Rm(ctx context.Context, m fileoptypes.Mount, action pb.FileActionRm) error {
+	mnt, ok := m.(*Mount)
+	if !ok {
+		return errors.Errorf("invalid mount type %T", m)
+	}
+
+	lm := snapshot.LocalMounter(mnt.m)
+	dir, err := lm.Mount()
+	if err != nil {
+		return err
+	}
+	defer lm.Unmount()
+
+	return rm(ctx, dir, action)
+}
+
+func (fb *Backend) Copy(ctx context.Context, m1, m2, user, group fileoptypes.Mount, action pb.FileActionCopy) error {
+	mnt1, ok := m1.(*Mount)
+	if !ok {
+		return errors.Errorf("invalid mount type %T", m1)
+	}
+	mnt2, ok := m2.(*Mount)
+	if !ok {
+		return errors.Errorf("invalid mount type %T", m2)
+	}
+
+	lm := snapshot.LocalMounter(mnt1.m)
+	src, err := lm.Mount()
+	if err != nil {
+		return err
+	}
+	defer lm.Unmount()
+
+	lm2 := snapshot.LocalMounter(mnt2.m)
+	dest, err := lm2.Mount()
+	if err != nil {
+		return err
+	}
+	defer lm2.Unmount()
+
+	u, err := readUser(action.Owner, user, group)
+	if err != nil {
+		return err
+	}
+
+	return docopy(ctx, src, dest, action, u, mnt2.m.IdentityMapping())
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/file/refmanager.go b/vendor/github.com/moby/buildkit/solver/llbsolver/file/refmanager.go
new file mode 100644
index 0000000000000..926c46158ee2f
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/file/refmanager.go
@@ -0,0 +1,76 @@
+package file
+
+import (
+	"context"
+
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver/llbsolver/ops/fileoptypes"
+	"github.com/pkg/errors"
+)
+
+func NewRefManager(cm cache.Manager) *RefManager {
+	return &RefManager{cm: cm}
+}
+
+type RefManager struct {
+	cm cache.Manager
+}
+
+func (rm *RefManager) Prepare(ctx context.Context, ref fileoptypes.Ref, readonly bool, g session.Group) (fileoptypes.Mount, error) {
+	ir, ok := ref.(cache.ImmutableRef)
+	if !ok && ref != nil {
+		return nil, errors.Errorf("invalid ref type: %T", ref)
+	}
+
+	if ir != nil && readonly {
+		m, err := ir.Mount(ctx, readonly, g)
+		if err != nil {
+			return nil, err
+		}
+		return &Mount{m: m, readonly: readonly}, nil
+	}
+
+	mr, err := rm.cm.New(ctx, ir, g, cache.WithDescription("fileop target"), cache.CachePolicyRetain)
+	if err != nil {
+		return nil, err
+	}
+	m, err := mr.Mount(ctx, readonly, g)
+	if err != nil {
+		return nil, err
+	}
+	return &Mount{m: m, mr: mr, readonly: readonly}, nil
+}
+
+func (rm *RefManager) Commit(ctx context.Context, mount fileoptypes.Mount) (fileoptypes.Ref, error) {
+	m, ok := mount.(*Mount)
+	if !ok {
+		return nil, errors.Errorf("invalid mount type %T", mount)
+	}
+	if m.mr == nil {
+		return nil, errors.Errorf("invalid mount without active ref for commit")
+	}
+	defer func() {
+		m.mr = nil
+	}()
+	return m.mr.Commit(ctx)
+}
+
+type Mount struct {
+	m        snapshot.Mountable
+	mr       cache.MutableRef
+	readonly bool
+}
+
+func (m *Mount) Release(ctx context.Context) error {
+	if m.mr != nil {
+		return m.mr.Release(ctx)
+	}
+	return nil
+}
+func (m *Mount) IsFileOpMount() {}
+
+func (m *Mount) Readonly() bool {
+	return m.readonly
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/file/unpack.go b/vendor/github.com/moby/buildkit/solver/llbsolver/file/unpack.go
new file mode 100644
index 0000000000000..8e530526046dc
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/file/unpack.go
@@ -0,0 +1,61 @@
+package file
+
+import (
+	"archive/tar"
+	"context"
+	"os"
+	"time"
+
+	"github.com/containerd/continuity/fs"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	copy "github.com/tonistiigi/fsutil/copy"
+)
+
+func unpack(ctx context.Context, srcRoot string, src string, destRoot string, dest string, ch copy.Chowner, tm *time.Time) (bool, error) {
+	src, err := fs.RootPath(srcRoot, src)
+	if err != nil {
+		return false, err
+	}
+	if !isArchivePath(src) {
+		return false, nil
+	}
+
+	dest, err = fs.RootPath(destRoot, dest)
+	if err != nil {
+		return false, err
+	}
+	if err := copy.MkdirAll(dest, 0755, ch, tm); err != nil {
+		return false, err
+	}
+
+	file, err := os.Open(src)
+	if err != nil {
+		return false, err
+	}
+	defer file.Close()
+
+	return true, chrootarchive.Untar(file, dest, nil)
+}
+
+func isArchivePath(path string) bool {
+	fi, err := os.Lstat(path)
+	if err != nil {
+		return false
+	}
+	if fi.Mode()&os.ModeType != 0 {
+		return false
+	}
+	file, err := os.Open(path)
+	if err != nil {
+		return false
+	}
+	defer file.Close()
+	rdr, err := archive.DecompressStream(file)
+	if err != nil {
+		return false
+	}
+	r := tar.NewReader(rdr)
+	_, err = r.Next()
+	return err == nil
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/file/user_linux.go b/vendor/github.com/moby/buildkit/solver/llbsolver/file/user_linux.go
new file mode 100644
index 0000000000000..8e4848cc506b1
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/file/user_linux.go
@@ -0,0 +1,119 @@
+package file
+
+import (
+	"os"
+
+	"github.com/containerd/continuity/fs"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver/llbsolver/ops/fileoptypes"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/opencontainers/runc/libcontainer/user"
+	"github.com/pkg/errors"
+	copy "github.com/tonistiigi/fsutil/copy"
+)
+
+func readUser(chopt *pb.ChownOpt, mu, mg fileoptypes.Mount) (*copy.User, error) {
+	if chopt == nil {
+		return nil, nil
+	}
+	var us copy.User
+	if chopt.User != nil {
+		switch u := chopt.User.User.(type) {
+		case *pb.UserOpt_ByName:
+			if mu == nil {
+				return nil, errors.Errorf("invalid missing user mount")
+			}
+			mmu, ok := mu.(*Mount)
+			if !ok {
+				return nil, errors.Errorf("invalid mount type %T", mu)
+			}
+			lm := snapshot.LocalMounter(mmu.m)
+			dir, err := lm.Mount()
+			if err != nil {
+				return nil, err
+			}
+			defer lm.Unmount()
+
+			passwdPath, err := user.GetPasswdPath()
+			if err != nil {
+				return nil, err
+			}
+
+			passwdPath, err = fs.RootPath(dir, passwdPath)
+			if err != nil {
+				return nil, err
+			}
+
+			ufile, err := os.Open(passwdPath)
+			if err != nil {
+				return nil, err
+			}
+			defer ufile.Close()
+
+			users, err := user.ParsePasswdFilter(ufile, func(uu user.User) bool {
+				return uu.Name == u.ByName.Name
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			if len(users) > 0 {
+				us.UID = users[0].Uid
+				us.GID = users[0].Gid
+			}
+		case *pb.UserOpt_ByID:
+			us.UID = int(u.ByID)
+			us.GID = int(u.ByID)
+		}
+	}
+
+	if chopt.Group != nil {
+		switch u := chopt.Group.User.(type) {
+		case *pb.UserOpt_ByName:
+			if mg == nil {
+				return nil, errors.Errorf("invalid missing group mount")
+			}
+			mmg, ok := mg.(*Mount)
+			if !ok {
+				return nil, errors.Errorf("invalid mount type %T", mg)
+			}
+			lm := snapshot.LocalMounter(mmg.m)
+			dir, err := lm.Mount()
+			if err != nil {
+				return nil, err
+			}
+			defer lm.Unmount()
+
+			groupPath, err := user.GetGroupPath()
+			if err != nil {
+				return nil, err
+			}
+
+			groupPath, err = fs.RootPath(dir, groupPath)
+			if err != nil {
+				return nil, err
+			}
+
+			gfile, err := os.Open(groupPath)
+			if err != nil {
+				return nil, err
+			}
+			defer gfile.Close()
+
+			groups, err := user.ParseGroupFilter(gfile, func(g user.Group) bool {
+				return g.Name == u.ByName.Name
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			if len(groups) > 0 {
+				us.GID = groups[0].Gid
+			}
+		case *pb.UserOpt_ByID:
+			us.GID = int(u.ByID)
+		}
+	}
+
+	return &us, nil
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/file/user_nolinux.go b/vendor/github.com/moby/buildkit/solver/llbsolver/file/user_nolinux.go
new file mode 100644
index 0000000000000..246f18706e898
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/file/user_nolinux.go
@@ -0,0 +1,17 @@
+// +build !linux
+
+package file
+
+import (
+	"github.com/moby/buildkit/solver/llbsolver/ops/fileoptypes"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/pkg/errors"
+	copy "github.com/tonistiigi/fsutil/copy"
+)
+
+func readUser(chopt *pb.ChownOpt, mu, mg fileoptypes.Mount) (*copy.User, error) {
+	if chopt == nil {
+		return nil, nil
+	}
+	return nil, errors.New("only implemented in linux")
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/mounts/mount.go b/vendor/github.com/moby/buildkit/solver/llbsolver/mounts/mount.go
new file mode 100644
index 0000000000000..05703acab53c6
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/mounts/mount.go
@@ -0,0 +1,519 @@
+package mounts
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/sys"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/cache/metadata"
+	"github.com/moby/buildkit/client"
+	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/secrets"
+	"github.com/moby/buildkit/session/sshforward"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/grpcerrors"
+	"github.com/moby/locker"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	bolt "go.etcd.io/bbolt"
+	"google.golang.org/grpc/codes"
+)
+
+func NewMountManager(name string, cm cache.Manager, sm *session.Manager, md *metadata.Store) *MountManager {
+	return &MountManager{
+		cm:          cm,
+		sm:          sm,
+		cacheMounts: map[string]*cacheRefShare{},
+		md:          md,
+		managerName: name,
+	}
+}
+
+type MountManager struct {
+	cm            cache.Manager
+	sm            *session.Manager
+	cacheMountsMu sync.Mutex
+	cacheMounts   map[string]*cacheRefShare
+	md            *metadata.Store
+	managerName   string
+}
+
+func (mm *MountManager) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, m *pb.Mount, sharing pb.CacheSharingOpt, s session.Group) (mref cache.MutableRef, err error) {
+	g := &cacheRefGetter{
+		locker:          &mm.cacheMountsMu,
+		cacheMounts:     mm.cacheMounts,
+		cm:              mm.cm,
+		md:              mm.md,
+		globalCacheRefs: sharedCacheRefs,
+		name:            fmt.Sprintf("cached mount %s from %s", m.Dest, mm.managerName),
+		session:         s,
+	}
+	return g.getRefCacheDir(ctx, ref, id, sharing)
+}
+
+type cacheRefGetter struct {
+	locker          sync.Locker
+	cacheMounts     map[string]*cacheRefShare
+	cm              cache.Manager
+	md              *metadata.Store
+	globalCacheRefs *cacheRefs
+	name            string
+	session         session.Group
+}
+
+func (g *cacheRefGetter) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, sharing pb.CacheSharingOpt) (mref cache.MutableRef, err error) {
+	key := "cache-dir:" + id
+	if ref != nil {
+		key += ":" + ref.ID()
+	}
+	mu := g.locker
+	mu.Lock()
+	defer mu.Unlock()
+
+	if ref, ok := g.cacheMounts[key]; ok {
+		return ref.clone(), nil
+	}
+	defer func() {
+		if err == nil {
+			share := &cacheRefShare{MutableRef: mref, refs: map[*cacheRef]struct{}{}}
+			g.cacheMounts[key] = share
+			mref = share.clone()
+		}
+	}()
+
+	switch sharing {
+	case pb.CacheSharingOpt_SHARED:
+		return g.globalCacheRefs.get(key, func() (cache.MutableRef, error) {
+			return g.getRefCacheDirNoCache(ctx, key, ref, id, false)
+		})
+	case pb.CacheSharingOpt_PRIVATE:
+		return g.getRefCacheDirNoCache(ctx, key, ref, id, false)
+	case pb.CacheSharingOpt_LOCKED:
+		return g.getRefCacheDirNoCache(ctx, key, ref, id, true)
+	default:
+		return nil, errors.Errorf("invalid cache sharing option: %s", sharing.String())
+	}
+}
+
+func (g *cacheRefGetter) getRefCacheDirNoCache(ctx context.Context, key string, ref cache.ImmutableRef, id string, block bool) (cache.MutableRef, error) {
+	makeMutable := func(ref cache.ImmutableRef) (cache.MutableRef, error) {
+		return g.cm.New(ctx, ref, g.session, cache.WithRecordType(client.UsageRecordTypeCacheMount), cache.WithDescription(g.name), cache.CachePolicyRetain)
+	}
+
+	cacheRefsLocker.Lock(key)
+	defer cacheRefsLocker.Unlock(key)
+	for {
+		sis, err := g.md.Search(key)
+		if err != nil {
+			return nil, err
+		}
+		locked := false
+		for _, si := range sis {
+			if mRef, err := g.cm.GetMutable(ctx, si.ID()); err == nil {
+				logrus.Debugf("reusing ref for cache dir: %s", mRef.ID())
+				return mRef, nil
+			} else if errors.Is(err, cache.ErrLocked) {
+				locked = true
+			}
+		}
+		if block && locked {
+			cacheRefsLocker.Unlock(key)
+			select {
+			case <-ctx.Done():
+				cacheRefsLocker.Lock(key)
+				return nil, ctx.Err()
+			case <-time.After(100 * time.Millisecond):
+				cacheRefsLocker.Lock(key)
+			}
+		} else {
+			break
+		}
+	}
+	mRef, err := makeMutable(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	si, _ := g.md.Get(mRef.ID())
+	v, err := metadata.NewValue(key)
+	if err != nil {
+		mRef.Release(context.TODO())
+		return nil, err
+	}
+	v.Index = key
+	if err := si.Update(func(b *bolt.Bucket) error {
+		return si.SetValue(b, key, v)
+	}); err != nil {
+		mRef.Release(context.TODO())
+		return nil, err
+	}
+	return mRef, nil
+}
+
+func (mm *MountManager) getSSHMountable(ctx context.Context, m *pb.Mount, g session.Group) (cache.Mountable, error) {
+	var caller session.Caller
+	err := mm.sm.Any(ctx, g, func(ctx context.Context, _ string, c session.Caller) error {
+		if err := sshforward.CheckSSHID(ctx, c, m.SSHOpt.ID); err != nil {
+			if m.SSHOpt.Optional {
+				return nil
+			}
+			if grpcerrors.Code(err) == codes.Unimplemented {
+				return errors.Errorf("no SSH key %q forwarded from the client", m.SSHOpt.ID)
+			}
+			return err
+		}
+		caller = c
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	if caller == nil {
+		return nil, nil
+	}
+	// because ssh socket remains active, to actually handle session disconnecting ssh error
+	// should restart the whole exec with new session
+	return &sshMount{mount: m, caller: caller, idmap: mm.cm.IdentityMapping()}, nil
+}
+
+type sshMount struct {
+	mount  *pb.Mount
+	caller session.Caller
+	idmap  *idtools.IdentityMapping
+}
+
+func (sm *sshMount) Mount(ctx context.Context, readonly bool, g session.Group) (snapshot.Mountable, error) {
+	return &sshMountInstance{sm: sm, idmap: sm.idmap}, nil
+}
+
+type sshMountInstance struct {
+	sm    *sshMount
+	idmap *idtools.IdentityMapping
+}
+
+func (sm *sshMountInstance) Mount() ([]mount.Mount, func() error, error) {
+	ctx, cancel := context.WithCancel(context.TODO())
+
+	uid := int(sm.sm.mount.SSHOpt.Uid)
+	gid := int(sm.sm.mount.SSHOpt.Gid)
+
+	if sm.idmap != nil {
+		identity, err := sm.idmap.ToHost(idtools.Identity{
+			UID: uid,
+			GID: gid,
+		})
+		if err != nil {
+			cancel()
+			return nil, nil, err
+		}
+		uid = identity.UID
+		gid = identity.GID
+	}
+
+	sock, cleanup, err := sshforward.MountSSHSocket(ctx, sm.sm.caller, sshforward.SocketOpt{
+		ID:   sm.sm.mount.SSHOpt.ID,
+		UID:  uid,
+		GID:  gid,
+		Mode: int(sm.sm.mount.SSHOpt.Mode & 0777),
+	})
+	if err != nil {
+		cancel()
+		return nil, nil, err
+	}
+	release := func() error {
+		var err error
+		if cleanup != nil {
+			err = cleanup()
+		}
+		cancel()
+		return err
+	}
+
+	return []mount.Mount{{
+		Type:    "bind",
+		Source:  sock,
+		Options: []string{"rbind"},
+	}}, release, nil
+}
+
+func (sm *sshMountInstance) IdentityMapping() *idtools.IdentityMapping {
+	return sm.idmap
+}
+
+func (mm *MountManager) getSecretMountable(ctx context.Context, m *pb.Mount, g session.Group) (cache.Mountable, error) {
+	if m.SecretOpt == nil {
+		return nil, errors.Errorf("invalid secret mount options")
+	}
+	sopt := *m.SecretOpt
+
+	id := sopt.ID
+	if id == "" {
+		return nil, errors.Errorf("secret ID missing from mount options")
+	}
+	var dt []byte
+	var err error
+	err = mm.sm.Any(ctx, g, func(ctx context.Context, _ string, caller session.Caller) error {
+		dt, err = secrets.GetSecret(ctx, caller, id)
+		if err != nil {
+			if errors.Is(err, secrets.ErrNotFound) && m.SecretOpt.Optional {
+				return nil
+			}
+			return err
+		}
+		return nil
+	})
+	if err != nil || dt == nil {
+		return nil, err
+	}
+	return &secretMount{mount: m, data: dt, idmap: mm.cm.IdentityMapping()}, nil
+}
+
+type secretMount struct {
+	mount *pb.Mount
+	data  []byte
+	idmap *idtools.IdentityMapping
+}
+
+func (sm *secretMount) Mount(ctx context.Context, readonly bool, g session.Group) (snapshot.Mountable, error) {
+	return &secretMountInstance{sm: sm, idmap: sm.idmap}, nil
+}
+
+type secretMountInstance struct {
+	sm    *secretMount
+	root  string
+	idmap *idtools.IdentityMapping
+}
+
+func (sm *secretMountInstance) Mount() ([]mount.Mount, func() error, error) {
+	dir, err := ioutil.TempDir("", "buildkit-secrets")
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "failed to create temp dir")
+	}
+	cleanupDir := func() error {
+		return os.RemoveAll(dir)
+	}
+
+	if err := os.Chmod(dir, 0711); err != nil {
+		cleanupDir()
+		return nil, nil, err
+	}
+
+	tmpMount := mount.Mount{
+		Type:    "tmpfs",
+		Source:  "tmpfs",
+		Options: []string{"nodev", "nosuid", "noexec", fmt.Sprintf("uid=%d,gid=%d", os.Geteuid(), os.Getegid())},
+	}
+
+	if sys.RunningInUserNS() {
+		tmpMount.Options = nil
+	}
+
+	if err := mount.All([]mount.Mount{tmpMount}, dir); err != nil {
+		cleanupDir()
+		return nil, nil, errors.Wrap(err, "unable to setup secret mount")
+	}
+	sm.root = dir
+
+	cleanup := func() error {
+		if err := mount.Unmount(dir, 0); err != nil {
+			return err
+		}
+		return cleanupDir()
+	}
+
+	randID := identity.NewID()
+	fp := filepath.Join(dir, randID)
+	if err := ioutil.WriteFile(fp, sm.sm.data, 0600); err != nil {
+		cleanup()
+		return nil, nil, err
+	}
+
+	uid := int(sm.sm.mount.SecretOpt.Uid)
+	gid := int(sm.sm.mount.SecretOpt.Gid)
+
+	if sm.idmap != nil {
+		identity, err := sm.idmap.ToHost(idtools.Identity{
+			UID: uid,
+			GID: gid,
+		})
+		if err != nil {
+			cleanup()
+			return nil, nil, err
+		}
+		uid = identity.UID
+		gid = identity.GID
+	}
+
+	if err := os.Chown(fp, uid, gid); err != nil {
+		cleanup()
+		return nil, nil, err
+	}
+
+	if err := os.Chmod(fp, os.FileMode(sm.sm.mount.SecretOpt.Mode&0777)); err != nil {
+		cleanup()
+		return nil, nil, err
+	}
+
+	return []mount.Mount{{
+		Type:    "bind",
+		Source:  fp,
+		Options: []string{"ro", "rbind", "nodev", "nosuid", "noexec"},
+	}}, cleanup, nil
+}
+
+func (sm *secretMountInstance) IdentityMapping() *idtools.IdentityMapping {
+	return sm.idmap
+}
+
+func (mm *MountManager) MountableCache(ctx context.Context, m *pb.Mount, ref cache.ImmutableRef, g session.Group) (cache.MutableRef, error) {
+	if m.CacheOpt == nil {
+		return nil, errors.Errorf("missing cache mount options")
+	}
+	return mm.getRefCacheDir(ctx, ref, m.CacheOpt.ID, m, m.CacheOpt.Sharing, g)
+}
+
+func (mm *MountManager) MountableTmpFS() cache.Mountable {
+	return newTmpfs(mm.cm.IdentityMapping())
+}
+
+func (mm *MountManager) MountableSecret(ctx context.Context, m *pb.Mount, g session.Group) (cache.Mountable, error) {
+	return mm.getSecretMountable(ctx, m, g)
+}
+
+func (mm *MountManager) MountableSSH(ctx context.Context, m *pb.Mount, g session.Group) (cache.Mountable, error) {
+	return mm.getSSHMountable(ctx, m, g)
+}
+
+func newTmpfs(idmap *idtools.IdentityMapping) cache.Mountable {
+	return &tmpfs{idmap: idmap}
+}
+
+type tmpfs struct {
+	idmap *idtools.IdentityMapping
+}
+
+func (f *tmpfs) Mount(ctx context.Context, readonly bool, g session.Group) (snapshot.Mountable, error) {
+	return &tmpfsMount{readonly: readonly, idmap: f.idmap}, nil
+}
+
+type tmpfsMount struct {
+	readonly bool
+	idmap    *idtools.IdentityMapping
+}
+
+func (m *tmpfsMount) Mount() ([]mount.Mount, func() error, error) {
+	opt := []string{"nosuid"}
+	if m.readonly {
+		opt = append(opt, "ro")
+	}
+	return []mount.Mount{{
+		Type:    "tmpfs",
+		Source:  "tmpfs",
+		Options: opt,
+	}}, func() error { return nil }, nil
+}
+
+func (m *tmpfsMount) IdentityMapping() *idtools.IdentityMapping {
+	return m.idmap
+}
+
+var cacheRefsLocker = locker.New()
+var sharedCacheRefs = &cacheRefs{}
+
+type cacheRefs struct {
+	mu     sync.Mutex
+	shares map[string]*cacheRefShare
+}
+
+// ClearActiveCacheMounts clears shared cache mounts currently in use.
+// Caller needs to hold CacheMountsLocker before calling
+func ClearActiveCacheMounts() {
+	sharedCacheRefs.shares = nil
+}
+
+func CacheMountsLocker() sync.Locker {
+	return &sharedCacheRefs.mu
+}
+
+func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if r.shares == nil {
+		r.shares = map[string]*cacheRefShare{}
+	}
+
+	share, ok := r.shares[key]
+	if ok {
+		return share.clone(), nil
+	}
+
+	mref, err := fn()
+	if err != nil {
+		return nil, err
+	}
+
+	share = &cacheRefShare{MutableRef: mref, main: r, key: key, refs: map[*cacheRef]struct{}{}}
+	r.shares[key] = share
+	return share.clone(), nil
+}
+
+type cacheRefShare struct {
+	cache.MutableRef
+	mu   sync.Mutex
+	refs map[*cacheRef]struct{}
+	main *cacheRefs
+	key  string
+}
+
+func (r *cacheRefShare) clone() cache.MutableRef {
+	cacheRef := &cacheRef{cacheRefShare: r}
+	if cacheRefCloneHijack != nil {
+		cacheRefCloneHijack()
+	}
+	r.mu.Lock()
+	r.refs[cacheRef] = struct{}{}
+	r.mu.Unlock()
+	return cacheRef
+}
+
+func (r *cacheRefShare) release(ctx context.Context) error {
+	if r.main != nil {
+		delete(r.main.shares, r.key)
+	}
+	return r.MutableRef.Release(ctx)
+}
+
+var cacheRefReleaseHijack func()
+var cacheRefCloneHijack func()
+
+type cacheRef struct {
+	*cacheRefShare
+}
+
+func (r *cacheRef) Release(ctx context.Context) error {
+	if r.main != nil {
+		r.main.mu.Lock()
+		defer r.main.mu.Unlock()
+	}
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	delete(r.refs, r)
+	if len(r.refs) == 0 {
+		if cacheRefReleaseHijack != nil {
+			cacheRefReleaseHijack()
+		}
+		return r.release(ctx)
+	}
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go
index 4b0300497b4fd..39d2a7707571b 100644
--- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go
@@ -8,8 +8,10 @@ import (
 	"github.com/containerd/continuity/fs"
 	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/frontend"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/snapshot"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/llbsolver"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/worker"
 	digest "github.com/opencontainers/go-digest"
@@ -25,6 +27,9 @@ type buildOp struct {
 }
 
 func NewBuildOp(v solver.Vertex, op *pb.Op_Build, b frontend.FrontendLLBBridge, _ worker.Worker) (solver.Op, error) {
+	if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil {
+		return nil, err
+	}
 	return &buildOp{
 		op: op.Build,
 		b:  b,
@@ -32,7 +37,7 @@ func NewBuildOp(v solver.Vertex, op *pb.Op_Build, b frontend.FrontendLLBBridge,
 	}, nil
 }
 
-func (b *buildOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, bool, error) {
+func (b *buildOp) CacheMap(ctx context.Context, g session.Group, index int) (*solver.CacheMap, bool, error) {
 	dt, err := json.Marshal(struct {
 		Type string
 		Exec *pb.BuildOp
@@ -49,11 +54,12 @@ func (b *buildOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, bo
 		Deps: make([]struct {
 			Selector          digest.Digest
 			ComputeDigestFunc solver.ResultBasedCacheFunc
+			PreprocessFunc    solver.PreprocessFunc
 		}, len(b.v.Inputs())),
 	}, true, nil
 }
 
-func (b *buildOp) Exec(ctx context.Context, inputs []solver.Result) (outputs []solver.Result, retErr error) {
+func (b *buildOp) Exec(ctx context.Context, g session.Group, inputs []solver.Result) (outputs []solver.Result, retErr error) {
 	if b.op.Builder != pb.LLBBuilder {
 		return nil, errors.Errorf("only LLB builder is currently allowed")
 	}
@@ -75,7 +81,7 @@ func (b *buildOp) Exec(ctx context.Context, inputs []solver.Result) (outputs []s
 		return nil, errors.Errorf("invalid reference for build %T", inp.Sys())
 	}
 
-	mount, err := ref.ImmutableRef.Mount(ctx, true)
+	mount, err := ref.ImmutableRef.Mount(ctx, true, g)
 	if err != nil {
 		return nil, err
 	}
@@ -119,7 +125,7 @@ func (b *buildOp) Exec(ctx context.Context, inputs []solver.Result) (outputs []s
 
 	newRes, err := b.b.Solve(ctx, frontend.SolveRequest{
 		Definition: def.ToPB(),
-	})
+	}, g.SessionIterator().NextSession())
 	if err != nil {
 		return nil, err
 	}
@@ -128,5 +134,15 @@ func (b *buildOp) Exec(ctx context.Context, inputs []solver.Result) (outputs []s
 		r.Release(context.TODO())
 	}
 
-	return []solver.Result{newRes.Ref}, err
+	r, err := newRes.Ref.Result(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return []solver.Result{r}, err
+}
+
+func (b *buildOp) Acquire(ctx context.Context) (solver.ReleaseFunc, error) {
+	// buildOp itself does not count towards parallelism budget.
+	return func() {}, nil
 }
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go
index 9eb9968a14ce8..1e0b7ad9046c4 100644
--- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go
@@ -5,67 +5,60 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"path"
-	"path/filepath"
-	"runtime"
 	"sort"
 	"strings"
-	"sync"
-	"time"
 
-	"github.com/containerd/containerd/mount"
-	"github.com/docker/docker/pkg/locker"
+	"github.com/containerd/containerd/platforms"
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/metadata"
-	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/executor"
-	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/frontend/gateway"
 	"github.com/moby/buildkit/session"
-	"github.com/moby/buildkit/session/secrets"
-	"github.com/moby/buildkit/session/sshforward"
-	"github.com/moby/buildkit/snapshot"
 	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/solver/llbsolver"
+	"github.com/moby/buildkit/solver/llbsolver/errdefs"
+	"github.com/moby/buildkit/solver/llbsolver/mounts"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/progress/logs"
 	utilsystem "github.com/moby/buildkit/util/system"
 	"github.com/moby/buildkit/worker"
 	digest "github.com/opencontainers/go-digest"
-	"github.com/opencontainers/runc/libcontainer/system"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	bolt "go.etcd.io/bbolt"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
+	"golang.org/x/sync/semaphore"
 )
 
 const execCacheType = "buildkit.exec.v0"
 
 type execOp struct {
-	op        *pb.ExecOp
-	cm        cache.Manager
-	sm        *session.Manager
-	md        *metadata.Store
-	exec      executor.Executor
-	w         worker.Worker
-	numInputs int
-
-	cacheMounts map[string]*cacheRefShare
-}
-
-func NewExecOp(v solver.Vertex, op *pb.Op_Exec, cm cache.Manager, sm *session.Manager, md *metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) {
+	op          *pb.ExecOp
+	cm          cache.Manager
+	mm          *mounts.MountManager
+	exec        executor.Executor
+	w           worker.Worker
+	platform    *pb.Platform
+	numInputs   int
+	parallelism *semaphore.Weighted
+}
+
+func NewExecOp(v solver.Vertex, op *pb.Op_Exec, platform *pb.Platform, cm cache.Manager, parallelism *semaphore.Weighted, sm *session.Manager, md *metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) {
+	if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil {
+		return nil, err
+	}
+	name := fmt.Sprintf("exec %s", strings.Join(op.Exec.Meta.Args, " "))
 	return &execOp{
 		op:          op.Exec,
+		mm:          mounts.NewMountManager(name, cm, sm, md),
 		cm:          cm,
-		sm:          sm,
-		md:          md,
 		exec:        exec,
 		numInputs:   len(v.Inputs()),
 		w:           w,
-		cacheMounts: map[string]*cacheRefShare{},
+		platform:    platform,
+		parallelism: parallelism,
 	}, nil
 }
 
@@ -79,14 +72,14 @@ func cloneExecOp(old *pb.ExecOp) pb.ExecOp {
 	}
 	n.Meta = &meta
 	n.Mounts = nil
-	for i := range n.Mounts {
-		m := *n.Mounts[i]
+	for i := range old.Mounts {
+		m := *old.Mounts[i]
 		n.Mounts = append(n.Mounts, &m)
 	}
 	return n
 }
 
-func (e *execOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, bool, error) {
+func (e *execOp) CacheMap(ctx context.Context, g session.Group, index int) (*solver.CacheMap, bool, error) {
 	op := cloneExecOp(e.op)
 	for i := range op.Meta.ExtraHosts {
 		h := op.Meta.ExtraHosts[i]
@@ -98,16 +91,43 @@ func (e *execOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, boo
 	}
 	op.Meta.ProxyEnv = nil
 
+	p := platforms.DefaultSpec()
+	if e.platform != nil {
+		p = specs.Platform{
+			OS:           e.platform.OS,
+			Architecture: e.platform.Architecture,
+			Variant:      e.platform.Variant,
+		}
+	}
+
+	// Special case for cache compatibility with buggy versions that wrongly
+	// excluded Exec.Mounts: for the default case of one root mount (i.e. RUN
+	// inside a Dockerfile), do not include the mount when generating the cache
+	// map.
+	if len(op.Mounts) == 1 &&
+		op.Mounts[0].Dest == "/" &&
+		op.Mounts[0].Selector == "" &&
+		!op.Mounts[0].Readonly &&
+		op.Mounts[0].MountType == pb.MountType_BIND &&
+		op.Mounts[0].CacheOpt == nil &&
+		op.Mounts[0].SSHOpt == nil &&
+		op.Mounts[0].SecretOpt == nil &&
+		op.Mounts[0].ResultID == "" {
+		op.Mounts = nil
+	}
+
 	dt, err := json.Marshal(struct {
-		Type string
-		Exec *pb.ExecOp
-		OS   string
-		Arch string
+		Type    string
+		Exec    *pb.ExecOp
+		OS      string
+		Arch    string
+		Variant string `json:",omitempty"`
 	}{
-		Type: execCacheType,
-		Exec: &op,
-		OS:   runtime.GOOS,
-		Arch: runtime.GOARCH,
+		Type:    execCacheType,
+		Exec:    &op,
+		OS:      p.OS,
+		Arch:    p.Architecture,
+		Variant: p.Variant,
 	})
 	if err != nil {
 		return nil, false, err
@@ -118,6 +138,7 @@ func (e *execOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, boo
 		Deps: make([]struct {
 			Selector          digest.Digest
 			ComputeDigestFunc solver.ResultBasedCacheFunc
+			PreprocessFunc    solver.PreprocessFunc
 		}, e.numInputs),
 	}
 
@@ -135,8 +156,9 @@ func (e *execOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, boo
 			cm.Deps[i].Selector = digest.FromBytes(bytes.Join(dgsts, []byte{0}))
 		}
 		if !dep.NoContentBasedHash {
-			cm.Deps[i].ComputeDigestFunc = llbsolver.NewContentHashFunc(dedupePaths(dep.Selectors))
+			cm.Deps[i].ComputeDigestFunc = llbsolver.NewContentHashFunc(toSelectors(dedupePaths(dep.Selectors)))
 		}
+		cm.Deps[i].PreprocessFunc = llbsolver.UnlazyResultFunc
 	}
 
 	return cm, true, nil
@@ -151,7 +173,7 @@ func dedupePaths(inp []string) []string {
 	for p1 := range old {
 		var skip bool
 		for p2 := range old {
-			if p1 != p2 && strings.HasPrefix(p1, p2) {
+			if p1 != p2 && strings.HasPrefix(p1, p2+"/") {
 				skip = true
 				break
 			}
@@ -166,6 +188,14 @@ func dedupePaths(inp []string) []string {
 	return paths
 }
 
+func toSelectors(p []string) []llbsolver.Selector {
+	sel := make([]llbsolver.Selector, 0, len(p))
+	for _, p := range p {
+		sel = append(sel, llbsolver.Selector{Path: p, FollowLinks: true})
+	}
+	return sel
+}
+
 type dep struct {
 	Selectors          []string
 	NoContentBasedHash bool
@@ -187,287 +217,13 @@ func (e *execOp) getMountDeps() ([]dep, error) {
 			deps[m.Input].Selectors = append(deps[m.Input].Selectors, sel)
 		}
 
-		if !m.Readonly || m.Dest == pb.RootMount { // exclude read-only rootfs
+		if (!m.Readonly || m.Dest == pb.RootMount) && m.Output != -1 { // exclude read-only rootfs && read-write mounts
 			deps[m.Input].NoContentBasedHash = true
 		}
 	}
 	return deps, nil
 }
 
-func (e *execOp) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, m *pb.Mount, sharing pb.CacheSharingOpt) (mref cache.MutableRef, err error) {
-
-	key := "cache-dir:" + id
-	if ref != nil {
-		key += ":" + ref.ID()
-	}
-
-	if ref, ok := e.cacheMounts[key]; ok {
-		return ref.clone(), nil
-	}
-	defer func() {
-		if err == nil {
-			share := &cacheRefShare{MutableRef: mref, refs: map[*cacheRef]struct{}{}}
-			e.cacheMounts[key] = share
-			mref = share.clone()
-		}
-	}()
-
-	switch sharing {
-	case pb.CacheSharingOpt_SHARED:
-		return sharedCacheRefs.get(key, func() (cache.MutableRef, error) {
-			return e.getRefCacheDirNoCache(ctx, key, ref, id, m, false)
-		})
-	case pb.CacheSharingOpt_PRIVATE:
-		return e.getRefCacheDirNoCache(ctx, key, ref, id, m, false)
-	case pb.CacheSharingOpt_LOCKED:
-		return e.getRefCacheDirNoCache(ctx, key, ref, id, m, true)
-	default:
-		return nil, errors.Errorf("invalid cache sharing option: %s", sharing.String())
-	}
-
-}
-
-func (e *execOp) getRefCacheDirNoCache(ctx context.Context, key string, ref cache.ImmutableRef, id string, m *pb.Mount, block bool) (cache.MutableRef, error) {
-	makeMutable := func(cache.ImmutableRef) (cache.MutableRef, error) {
-		desc := fmt.Sprintf("cached mount %s from exec %s", m.Dest, strings.Join(e.op.Meta.Args, " "))
-		return e.cm.New(ctx, ref, cache.WithRecordType(client.UsageRecordTypeCacheMount), cache.WithDescription(desc), cache.CachePolicyRetain)
-	}
-
-	cacheRefsLocker.Lock(key)
-	defer cacheRefsLocker.Unlock(key)
-	for {
-		sis, err := e.md.Search(key)
-		if err != nil {
-			return nil, err
-		}
-		locked := false
-		for _, si := range sis {
-			if mRef, err := e.cm.GetMutable(ctx, si.ID()); err == nil {
-				logrus.Debugf("reusing ref for cache dir: %s", mRef.ID())
-				return mRef, nil
-			} else if errors.Cause(err) == cache.ErrLocked {
-				locked = true
-			}
-		}
-		if block && locked {
-			cacheRefsLocker.Unlock(key)
-			select {
-			case <-ctx.Done():
-				cacheRefsLocker.Lock(key)
-				return nil, ctx.Err()
-			case <-time.After(100 * time.Millisecond):
-				cacheRefsLocker.Lock(key)
-			}
-		} else {
-			break
-		}
-	}
-	mRef, err := makeMutable(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	si, _ := e.md.Get(mRef.ID())
-	v, err := metadata.NewValue(key)
-	if err != nil {
-		mRef.Release(context.TODO())
-		return nil, err
-	}
-	v.Index = key
-	if err := si.Update(func(b *bolt.Bucket) error {
-		return si.SetValue(b, key, v)
-	}); err != nil {
-		mRef.Release(context.TODO())
-		return nil, err
-	}
-	return mRef, nil
-}
-
-func (e *execOp) getSSHMountable(ctx context.Context, m *pb.Mount) (cache.Mountable, error) {
-	sessionID := session.FromContext(ctx)
-	if sessionID == "" {
-		return nil, errors.New("could not access local files without session")
-	}
-
-	timeoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
-	defer cancel()
-
-	caller, err := e.sm.Get(timeoutCtx, sessionID)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := sshforward.CheckSSHID(ctx, caller, m.SSHOpt.ID); err != nil {
-		if m.SSHOpt.Optional {
-			return nil, nil
-		}
-		if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented {
-			return nil, errors.Errorf("no SSH key %q forwarded from the client", m.SSHOpt.ID)
-		}
-		return nil, err
-	}
-
-	return &sshMount{mount: m, caller: caller}, nil
-}
-
-type sshMount struct {
-	mount  *pb.Mount
-	caller session.Caller
-}
-
-func (sm *sshMount) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
-	return &sshMountInstance{sm: sm}, nil
-}
-
-type sshMountInstance struct {
-	sm      *sshMount
-	cleanup func() error
-}
-
-func (sm *sshMountInstance) Mount() ([]mount.Mount, error) {
-	ctx, cancel := context.WithCancel(context.TODO())
-
-	sock, cleanup, err := sshforward.MountSSHSocket(ctx, sm.sm.caller, sshforward.SocketOpt{
-		ID:   sm.sm.mount.SSHOpt.ID,
-		UID:  int(sm.sm.mount.SSHOpt.Uid),
-		GID:  int(sm.sm.mount.SSHOpt.Gid),
-		Mode: int(sm.sm.mount.SSHOpt.Mode),
-	})
-	if err != nil {
-		cancel()
-		return nil, err
-	}
-	sm.cleanup = func() error {
-		var err error
-		if cleanup != nil {
-			err = cleanup()
-		}
-		cancel()
-		return err
-	}
-
-	return []mount.Mount{{
-		Type:    "bind",
-		Source:  sock,
-		Options: []string{"rbind"},
-	}}, nil
-}
-
-func (sm *sshMountInstance) Release() error {
-	if sm.cleanup != nil {
-		if err := sm.cleanup(); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (e *execOp) getSecretMountable(ctx context.Context, m *pb.Mount) (cache.Mountable, error) {
-	if m.SecretOpt == nil {
-		return nil, errors.Errorf("invalid sercet mount options")
-	}
-	sopt := *m.SecretOpt
-
-	id := sopt.ID
-	if id == "" {
-		return nil, errors.Errorf("secret ID missing from mount options")
-	}
-
-	sessionID := session.FromContext(ctx)
-	if sessionID == "" {
-		return nil, errors.New("could not access local files without session")
-	}
-
-	timeoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
-	defer cancel()
-
-	caller, err := e.sm.Get(timeoutCtx, sessionID)
-	if err != nil {
-		return nil, err
-	}
-
-	dt, err := secrets.GetSecret(ctx, caller, id)
-	if err != nil {
-		if errors.Cause(err) == secrets.ErrNotFound && m.SecretOpt.Optional {
-			return nil, nil
-		}
-		return nil, err
-	}
-
-	return &secretMount{mount: m, data: dt}, nil
-}
-
-type secretMount struct {
-	mount *pb.Mount
-	data  []byte
-}
-
-func (sm *secretMount) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
-	return &secretMountInstance{sm: sm}, nil
-}
-
-type secretMountInstance struct {
-	sm   *secretMount
-	root string
-}
-
-func (sm *secretMountInstance) Mount() ([]mount.Mount, error) {
-	dir, err := ioutil.TempDir("", "buildkit-secrets")
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to create temp dir")
-	}
-
-	if err := os.Chmod(dir, 0711); err != nil {
-		return nil, err
-	}
-
-	tmpMount := mount.Mount{
-		Type:    "tmpfs",
-		Source:  "tmpfs",
-		Options: []string{"nodev", "nosuid", "noexec", fmt.Sprintf("uid=%d,gid=%d", os.Geteuid(), os.Getegid())},
-	}
-
-	if system.RunningInUserNS() {
-		tmpMount.Options = nil
-	}
-
-	if err := mount.All([]mount.Mount{tmpMount}, dir); err != nil {
-		return nil, errors.Wrap(err, "unable to setup secret mount")
-	}
-	sm.root = dir
-
-	randID := identity.NewID()
-	fp := filepath.Join(dir, randID)
-	if err := ioutil.WriteFile(fp, sm.sm.data, 0600); err != nil {
-		sm.Release()
-		return nil, err
-	}
-
-	if err := os.Chown(fp, int(sm.sm.mount.SecretOpt.Uid), int(sm.sm.mount.SecretOpt.Gid)); err != nil {
-		return nil, err
-	}
-
-	if err := os.Chmod(fp, os.FileMode(sm.sm.mount.SecretOpt.Mode)); err != nil {
-		return nil, err
-	}
-
-	return []mount.Mount{{
-		Type:    "bind",
-		Source:  fp,
-		Options: []string{"ro", "rbind"},
-	}}, nil
-}
-
-func (sm *secretMountInstance) Release() error {
-	if sm.root != "" {
-		if err := mount.Unmount(sm.root, 0); err != nil {
-			return err
-		}
-		return os.RemoveAll(sm.root)
-	}
-	return nil
-}
-
 func addDefaultEnvvar(env []string, k, v string) []string {
 	for _, e := range env {
 		if strings.HasPrefix(e, k+"=") {
@@ -477,189 +233,128 @@ func addDefaultEnvvar(env []string, k, v string) []string {
 	return append(env, k+"="+v)
 }
 
-func (e *execOp) Exec(ctx context.Context, inputs []solver.Result) ([]solver.Result, error) {
-	var mounts []executor.Mount
-	var root cache.Mountable
-	var readonlyRootFS bool
-
-	var outputs []cache.Ref
-
-	defer func() {
-		for _, o := range outputs {
-			if o != nil {
-				go o.Release(context.TODO())
-			}
-		}
-	}()
-
-	// loop over all mounts, fill in mounts, root and outputs
-	for _, m := range e.op.Mounts {
-		var mountable cache.Mountable
-		var ref cache.ImmutableRef
-
-		if m.Dest == pb.RootMount && m.MountType != pb.MountType_BIND {
-			return nil, errors.Errorf("invalid mount type %s for %s", m.MountType.String(), m.Dest)
+func (e *execOp) Exec(ctx context.Context, g session.Group, inputs []solver.Result) (results []solver.Result, err error) {
+	refs := make([]*worker.WorkerRef, len(inputs))
+	for i, inp := range inputs {
+		var ok bool
+		refs[i], ok = inp.Sys().(*worker.WorkerRef)
+		if !ok {
+			return nil, errors.Errorf("invalid reference for exec %T", inp.Sys())
 		}
+	}
 
-		// if mount is based on input validate and load it
-		if m.Input != pb.Empty {
-			if int(m.Input) > len(inputs) {
-				return nil, errors.Errorf("missing input %d", m.Input)
+	p, err := gateway.PrepareMounts(ctx, e.mm, e.cm, g, e.op.Meta.Cwd, e.op.Mounts, refs, func(m *pb.Mount, ref cache.ImmutableRef) (cache.MutableRef, error) {
+		desc := fmt.Sprintf("mount %s from exec %s", m.Dest, strings.Join(e.op.Meta.Args, " "))
+		return e.cm.New(ctx, ref, g, cache.WithDescription(desc))
+	})
+	defer func() {
+		if err != nil {
+			execInputs := make([]solver.Result, len(e.op.Mounts))
+			for i, m := range e.op.Mounts {
+				if m.Input == -1 {
+					continue
+				}
+				execInputs[i] = inputs[m.Input].Clone()
 			}
-			inp := inputs[int(m.Input)]
-			workerRef, ok := inp.Sys().(*worker.WorkerRef)
-			if !ok {
-				return nil, errors.Errorf("invalid reference for exec %T", inp.Sys())
+			execMounts := make([]solver.Result, len(e.op.Mounts))
+			copy(execMounts, execInputs)
+			for i, res := range results {
+				execMounts[p.OutputRefs[i].MountIndex] = res
 			}
-			ref = workerRef.ImmutableRef
-			mountable = ref
-		}
-
-		makeMutable := func(cache.ImmutableRef) (cache.MutableRef, error) {
-			desc := fmt.Sprintf("mount %s from exec %s", m.Dest, strings.Join(e.op.Meta.Args, " "))
-			return e.cm.New(ctx, ref, cache.WithDescription(desc))
-		}
-
-		switch m.MountType {
-		case pb.MountType_BIND:
-			// if mount creates an output
-			if m.Output != pb.SkipOutput {
-				// it it is readonly and not root then output is the input
-				if m.Readonly && ref != nil && m.Dest != pb.RootMount {
-					outputs = append(outputs, ref.Clone())
+			for _, active := range p.Actives {
+				if active.NoCommit {
+					active.Ref.Release(context.TODO())
 				} else {
-					// otherwise output and mount is the mutable child
-					active, err := makeMutable(ref)
-					if err != nil {
-						return nil, err
+					ref, cerr := active.Ref.Commit(ctx)
+					if cerr != nil {
+						err = errors.Wrapf(err, "error committing %s: %s", active.Ref.ID(), cerr)
+						continue
 					}
-					outputs = append(outputs, active)
-					mountable = active
-				}
-			} else if ref == nil {
-				// this case is empty readonly scratch without output that is not really useful for anything but don't error
-				active, err := makeMutable(ref)
-				if err != nil {
-					return nil, err
+					execMounts[active.MountIndex] = worker.NewWorkerRefResult(ref, e.w)
 				}
-				defer active.Release(context.TODO())
-				mountable = active
-			}
-
-		case pb.MountType_CACHE:
-			if m.CacheOpt == nil {
-				return nil, errors.Errorf("missing cache mount options")
-			}
-			mRef, err := e.getRefCacheDir(ctx, ref, m.CacheOpt.ID, m, m.CacheOpt.Sharing)
-			if err != nil {
-				return nil, err
-			}
-			mountable = mRef
-			defer func() {
-				go mRef.Release(context.TODO())
-			}()
-			if m.Output != pb.SkipOutput && ref != nil {
-				outputs = append(outputs, ref.Clone())
-			}
-
-		case pb.MountType_TMPFS:
-			mountable = newTmpfs()
-
-		case pb.MountType_SECRET:
-			secretMount, err := e.getSecretMountable(ctx, m)
-			if err != nil {
-				return nil, err
 			}
-			if secretMount == nil {
-				continue
-			}
-			mountable = secretMount
-
-		case pb.MountType_SSH:
-			sshMount, err := e.getSSHMountable(ctx, m)
-			if err != nil {
-				return nil, err
-			}
-			if sshMount == nil {
-				continue
+			err = errdefs.WithExecError(err, execInputs, execMounts)
+		} else {
+			// Only release actives if err is nil.
+			for i := len(p.Actives) - 1; i >= 0; i-- { // call in LIFO order
+				p.Actives[i].Ref.Release(context.TODO())
 			}
-			mountable = sshMount
-
-		default:
-			return nil, errors.Errorf("mount type %s not implemented", m.MountType)
-		}
-
-		// validate that there is a mount
-		if mountable == nil {
-			return nil, errors.Errorf("mount %s has no input", m.Dest)
 		}
-
-		// if dest is root we need mutable ref even if there is no output
-		if m.Dest == pb.RootMount {
-			root = mountable
-			readonlyRootFS = m.Readonly
-			if m.Output == pb.SkipOutput && readonlyRootFS {
-				active, err := makeMutable(ref)
-				if err != nil {
-					return nil, err
-				}
-				defer func() {
-					go active.Release(context.TODO())
-				}()
-				root = active
+		for _, o := range p.OutputRefs {
+			if o.Ref != nil {
+				o.Ref.Release(context.TODO())
 			}
-		} else {
-			mounts = append(mounts, executor.Mount{Src: mountable, Dest: m.Dest, Readonly: m.Readonly, Selector: m.Selector})
 		}
+	}()
+	if err != nil {
+		return nil, err
 	}
 
-	// sort mounts so parents are mounted first
-	sort.Slice(mounts, func(i, j int) bool {
-		return mounts[i].Dest < mounts[j].Dest
-	})
-
 	extraHosts, err := parseExtraHosts(e.op.Meta.ExtraHosts)
 	if err != nil {
 		return nil, err
 	}
 
+	emu, err := getEmulator(e.platform, e.cm.IdentityMapping())
+	if err == nil && emu != nil {
+		e.op.Meta.Args = append([]string{qemuMountName}, e.op.Meta.Args...)
+
+		p.Mounts = append(p.Mounts, executor.Mount{
+			Readonly: true,
+			Src:      emu,
+			Dest:     qemuMountName,
+		})
+	}
+	if err != nil {
+		logrus.Warn(err.Error()) // TODO: remove this with pull support
+	}
+
 	meta := executor.Meta{
 		Args:           e.op.Meta.Args,
 		Env:            e.op.Meta.Env,
 		Cwd:            e.op.Meta.Cwd,
 		User:           e.op.Meta.User,
-		ReadonlyRootFS: readonlyRootFS,
+		Hostname:       e.op.Meta.Hostname,
+		ReadonlyRootFS: p.ReadonlyRootFS,
 		ExtraHosts:     extraHosts,
 		NetMode:        e.op.Network,
+		SecurityMode:   e.op.Security,
 	}
 
 	if e.op.Meta.ProxyEnv != nil {
 		meta.Env = append(meta.Env, proxyEnvList(e.op.Meta.ProxyEnv)...)
 	}
-	meta.Env = addDefaultEnvvar(meta.Env, "PATH", utilsystem.DefaultPathEnv)
+	var currentOS string
+	if e.platform != nil {
+		currentOS = e.platform.OS
+	}
+	meta.Env = addDefaultEnvvar(meta.Env, "PATH", utilsystem.DefaultPathEnv(currentOS))
 
 	stdout, stderr := logs.NewLogStreams(ctx, os.Getenv("BUILDKIT_DEBUG_EXEC_OUTPUT") == "1")
 	defer stdout.Close()
 	defer stderr.Close()
 
-	if err := e.exec.Exec(ctx, meta, root, mounts, nil, stdout, stderr); err != nil {
-		return nil, errors.Wrapf(err, "executor failed running %v", meta.Args)
-	}
+	execErr := e.exec.Run(ctx, "", p.Root, p.Mounts, executor.ProcessInfo{
+		Meta:   meta,
+		Stdin:  nil,
+		Stdout: stdout,
+		Stderr: stderr,
+	}, nil)
 
-	refs := []solver.Result{}
-	for i, out := range outputs {
-		if mutable, ok := out.(cache.MutableRef); ok {
+	for i, out := range p.OutputRefs {
+		if mutable, ok := out.Ref.(cache.MutableRef); ok {
 			ref, err := mutable.Commit(ctx)
 			if err != nil {
 				return nil, errors.Wrapf(err, "error committing %s", mutable.ID())
 			}
-			refs = append(refs, worker.NewWorkerRefResult(ref, e.w))
+			results = append(results, worker.NewWorkerRefResult(ref, e.w))
 		} else {
-			refs = append(refs, worker.NewWorkerRefResult(out.(cache.ImmutableRef), e.w))
+			results = append(results, worker.NewWorkerRefResult(out.Ref.(cache.ImmutableRef), e.w))
 		}
-		outputs[i] = nil
+		// Prevent the result from being released.
+		p.OutputRefs[i].Ref = nil
 	}
-	return refs, nil
+	return results, errors.Wrapf(execErr, "executor failed running %v", e.op.Meta.Args)
 }
 
 func proxyEnvList(p *pb.ProxyEnv) []string {
@@ -676,108 +371,10 @@ func proxyEnvList(p *pb.ProxyEnv) []string {
 	if v := p.NoProxy; v != "" {
 		out = append(out, "NO_PROXY="+v, "no_proxy="+v)
 	}
-	return out
-}
-
-func newTmpfs() cache.Mountable {
-	return &tmpfs{}
-}
-
-type tmpfs struct {
-}
-
-func (f *tmpfs) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
-	return &tmpfsMount{readonly: readonly}, nil
-}
-
-type tmpfsMount struct {
-	readonly bool
-}
-
-func (m *tmpfsMount) Mount() ([]mount.Mount, error) {
-	opt := []string{"nosuid"}
-	if m.readonly {
-		opt = append(opt, "ro")
-	}
-	return []mount.Mount{{
-		Type:    "tmpfs",
-		Source:  "tmpfs",
-		Options: opt,
-	}}, nil
-}
-func (m *tmpfsMount) Release() error {
-	return nil
-}
-
-var cacheRefsLocker = locker.New()
-var sharedCacheRefs = &cacheRefs{}
-
-type cacheRefs struct {
-	mu     sync.Mutex
-	shares map[string]*cacheRefShare
-}
-
-func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-
-	if r.shares == nil {
-		r.shares = map[string]*cacheRefShare{}
+	if v := p.AllProxy; v != "" {
+		out = append(out, "ALL_PROXY="+v, "all_proxy="+v)
 	}
-
-	share, ok := r.shares[key]
-	if ok {
-		return share.clone(), nil
-	}
-
-	mref, err := fn()
-	if err != nil {
-		return nil, err
-	}
-
-	share = &cacheRefShare{MutableRef: mref, main: r, key: key, refs: map[*cacheRef]struct{}{}}
-	r.shares[key] = share
-
-	return share.clone(), nil
-}
-
-type cacheRefShare struct {
-	cache.MutableRef
-	mu   sync.Mutex
-	refs map[*cacheRef]struct{}
-	main *cacheRefs
-	key  string
-}
-
-func (r *cacheRefShare) clone() cache.MutableRef {
-	cacheRef := &cacheRef{cacheRefShare: r}
-	r.mu.Lock()
-	r.refs[cacheRef] = struct{}{}
-	r.mu.Unlock()
-	return cacheRef
-}
-
-func (r *cacheRefShare) release(ctx context.Context) error {
-	if r.main != nil {
-		r.main.mu.Lock()
-		defer r.main.mu.Unlock()
-		delete(r.main.shares, r.key)
-	}
-	return r.MutableRef.Release(ctx)
-}
-
-type cacheRef struct {
-	*cacheRefShare
-}
-
-func (r *cacheRef) Release(ctx context.Context) error {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	delete(r.refs, r)
-	if len(r.refs) == 0 {
-		return r.release(ctx)
-	}
-	return nil
+	return out
 }
 
 func parseExtraHosts(ips []*pb.HostIP) ([]executor.HostIP, error) {
@@ -794,3 +391,16 @@ func parseExtraHosts(ips []*pb.HostIP) ([]executor.HostIP, error) {
 	}
 	return out, nil
 }
+
+func (e *execOp) Acquire(ctx context.Context) (solver.ReleaseFunc, error) {
+	if e.parallelism == nil {
+		return func() {}, nil
+	}
+	err := e.parallelism.Acquire(ctx, 1)
+	if err != nil {
+		return nil, err
+	}
+	return func() {
+		e.parallelism.Release(1)
+	}, nil
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec_binfmt.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec_binfmt.go
new file mode 100644
index 0000000000000..707c5f6722cdd
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec_binfmt.go
@@ -0,0 +1,115 @@
+package ops
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/platforms"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/archutil"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	copy "github.com/tonistiigi/fsutil/copy"
+)
+
+const qemuMountName = "/dev/.buildkit_qemu_emulator"
+
+var qemuArchMap = map[string]string{
+	"arm64":   "aarch64",
+	"amd64":   "x86_64",
+	"riscv64": "riscv64",
+	"arm":     "arm",
+	"s390x":   "s390x",
+	"ppc64le": "ppc64le",
+	"386":     "i386",
+}
+
+type emulator struct {
+	path  string
+	idmap *idtools.IdentityMapping
+}
+
+func (e *emulator) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
+	return &staticEmulatorMount{path: e.path, idmap: e.idmap}, nil
+}
+
+type staticEmulatorMount struct {
+	path  string
+	idmap *idtools.IdentityMapping
+}
+
+func (m *staticEmulatorMount) Mount() ([]mount.Mount, func() error, error) {
+	tmpdir, err := ioutil.TempDir("", "buildkit-qemu-emulator")
+	if err != nil {
+		return nil, nil, err
+	}
+	var ret bool
+	defer func() {
+		if !ret {
+			os.RemoveAll(tmpdir)
+		}
+	}()
+
+	var uid, gid int
+	if m.idmap != nil {
+		root := m.idmap.RootPair()
+		uid = root.UID
+		gid = root.GID
+	}
+	if err := copy.Copy(context.TODO(), filepath.Dir(m.path), filepath.Base(m.path), tmpdir, qemuMountName, func(ci *copy.CopyInfo) {
+		m := 0555
+		ci.Mode = &m
+	}, copy.WithChown(uid, gid)); err != nil {
+		return nil, nil, err
+	}
+
+	ret = true
+	return []mount.Mount{{
+			Type:    "bind",
+			Source:  filepath.Join(tmpdir, qemuMountName),
+			Options: []string{"ro", "bind"},
+		}}, func() error {
+			return os.RemoveAll(tmpdir)
+		}, nil
+
+}
+func (m *staticEmulatorMount) IdentityMapping() *idtools.IdentityMapping {
+	return m.idmap
+}
+
+func getEmulator(p *pb.Platform, idmap *idtools.IdentityMapping) (*emulator, error) {
+	all := archutil.SupportedPlatforms(false)
+	m := make(map[string]struct{}, len(all))
+
+	for _, p := range all {
+		m[p] = struct{}{}
+	}
+
+	pp := platforms.Normalize(specs.Platform{
+		Architecture: p.Architecture,
+		OS:           p.OS,
+		Variant:      p.Variant,
+	})
+
+	if _, ok := m[platforms.Format(pp)]; ok {
+		return nil, nil
+	}
+
+	a, ok := qemuArchMap[pp.Architecture]
+	if !ok {
+		a = pp.Architecture
+	}
+
+	fn, err := exec.LookPath("buildkit-qemu-" + a)
+	if err != nil {
+		return nil, errors.Errorf("no emulator available for %v", pp.OS)
+	}
+
+	return &emulator{path: fn}, nil
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go
new file mode 100644
index 0000000000000..b0bb56397f623
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go
@@ -0,0 +1,668 @@
+package ops
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"path"
+	"runtime"
+	"sort"
+	"sync"
+
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/cache/metadata"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/llbsolver"
+	"github.com/moby/buildkit/solver/llbsolver/errdefs"
+	"github.com/moby/buildkit/solver/llbsolver/file"
+	"github.com/moby/buildkit/solver/llbsolver/ops/fileoptypes"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/util/flightcontrol"
+	"github.com/moby/buildkit/worker"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
+	"golang.org/x/sync/semaphore"
+)
+
+const fileCacheType = "buildkit.file.v0"
+
+type fileOp struct {
+	op          *pb.FileOp
+	md          *metadata.Store
+	w           worker.Worker
+	solver      *FileOpSolver
+	numInputs   int
+	parallelism *semaphore.Weighted
+}
+
+func NewFileOp(v solver.Vertex, op *pb.Op_File, cm cache.Manager, parallelism *semaphore.Weighted, md *metadata.Store, w worker.Worker) (solver.Op, error) {
+	if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil {
+		return nil, err
+	}
+	return &fileOp{
+		op:          op.File,
+		md:          md,
+		numInputs:   len(v.Inputs()),
+		w:           w,
+		solver:      NewFileOpSolver(w, &file.Backend{}, file.NewRefManager(cm)),
+		parallelism: parallelism,
+	}, nil
+}
+
+func (f *fileOp) CacheMap(ctx context.Context, g session.Group, index int) (*solver.CacheMap, bool, error) {
+	selectors := map[int][]llbsolver.Selector{}
+	invalidSelectors := map[int]struct{}{}
+
+	actions := make([][]byte, 0, len(f.op.Actions))
+
+	markInvalid := func(idx pb.InputIndex) {
+		if idx != -1 {
+			invalidSelectors[int(idx)] = struct{}{}
+		}
+	}
+
+	indexes := make([][]int, 0, len(f.op.Actions))
+
+	for _, action := range f.op.Actions {
+		var dt []byte
+		var err error
+		switch a := action.Action.(type) {
+		case *pb.FileAction_Mkdir:
+			p := *a.Mkdir
+			markInvalid(action.Input)
+			processOwner(p.Owner, selectors)
+			dt, err = json.Marshal(p)
+			if err != nil {
+				return nil, false, err
+			}
+		case *pb.FileAction_Mkfile:
+			p := *a.Mkfile
+			markInvalid(action.Input)
+			processOwner(p.Owner, selectors)
+			dt, err = json.Marshal(p)
+			if err != nil {
+				return nil, false, err
+			}
+		case *pb.FileAction_Rm:
+			p := *a.Rm
+			markInvalid(action.Input)
+			dt, err = json.Marshal(p)
+			if err != nil {
+				return nil, false, err
+			}
+		case *pb.FileAction_Copy:
+			p := *a.Copy
+			markInvalid(action.Input)
+			processOwner(p.Owner, selectors)
+			if action.SecondaryInput != -1 && int(action.SecondaryInput) < f.numInputs {
+				addSelector(selectors, int(action.SecondaryInput), p.Src, p.AllowWildcard, p.FollowSymlink, p.IncludePatterns, p.ExcludePatterns)
+				p.Src = path.Base(p.Src)
+			}
+			dt, err = json.Marshal(p)
+			if err != nil {
+				return nil, false, err
+			}
+		}
+
+		actions = append(actions, dt)
+		indexes = append(indexes, []int{int(action.Input), int(action.SecondaryInput), int(action.Output)})
+	}
+
+	if isDefaultIndexes(indexes) {
+		indexes = nil
+	}
+
+	dt, err := json.Marshal(struct {
+		Type    string
+		Actions [][]byte
+		Indexes [][]int `json:"indexes,omitempty"`
+	}{
+		Type:    fileCacheType,
+		Actions: actions,
+		Indexes: indexes,
+	})
+	if err != nil {
+		return nil, false, err
+	}
+
+	cm := &solver.CacheMap{
+		Digest: digest.FromBytes(dt),
+		Deps: make([]struct {
+			Selector          digest.Digest
+			ComputeDigestFunc solver.ResultBasedCacheFunc
+			PreprocessFunc    solver.PreprocessFunc
+		}, f.numInputs),
+	}
+
+	for idx, m := range selectors {
+		if _, ok := invalidSelectors[idx]; ok {
+			continue
+		}
+		dgsts := make([][]byte, 0, len(m))
+		for _, k := range m {
+			dgsts = append(dgsts, []byte(k.Path))
+		}
+		sort.Slice(dgsts, func(i, j int) bool {
+			return bytes.Compare(dgsts[i], dgsts[j]) > 0
+		})
+		cm.Deps[idx].Selector = digest.FromBytes(bytes.Join(dgsts, []byte{0}))
+
+		cm.Deps[idx].ComputeDigestFunc = llbsolver.NewContentHashFunc(dedupeSelectors(m))
+	}
+	for idx := range cm.Deps {
+		cm.Deps[idx].PreprocessFunc = llbsolver.UnlazyResultFunc
+	}
+
+	return cm, true, nil
+}
+
+func (f *fileOp) Exec(ctx context.Context, g session.Group, inputs []solver.Result) ([]solver.Result, error) {
+	inpRefs := make([]fileoptypes.Ref, 0, len(inputs))
+	for _, inp := range inputs {
+		workerRef, ok := inp.Sys().(*worker.WorkerRef)
+		if !ok {
+			return nil, errors.Errorf("invalid reference for exec %T", inp.Sys())
+		}
+		inpRefs = append(inpRefs, workerRef.ImmutableRef)
+	}
+
+	outs, err := f.solver.Solve(ctx, inpRefs, f.op.Actions, g)
+	if err != nil {
+		return nil, err
+	}
+
+	outResults := make([]solver.Result, 0, len(outs))
+	for _, out := range outs {
+		outResults = append(outResults, worker.NewWorkerRefResult(out.(cache.ImmutableRef), f.w))
+	}
+
+	return outResults, nil
+}
+
+func (f *fileOp) Acquire(ctx context.Context) (solver.ReleaseFunc, error) {
+	if f.parallelism == nil {
+		return func() {}, nil
+	}
+	err := f.parallelism.Acquire(ctx, 1)
+	if err != nil {
+		return nil, err
+	}
+	return func() {
+		f.parallelism.Release(1)
+	}, nil
+}
+
+func addSelector(m map[int][]llbsolver.Selector, idx int, sel string, wildcard, followLinks bool, includePatterns, excludePatterns []string) {
+	s := llbsolver.Selector{
+		Path:            sel,
+		FollowLinks:     followLinks,
+		Wildcard:        wildcard && containsWildcards(sel),
+		IncludePatterns: includePatterns,
+		ExcludePatterns: excludePatterns,
+	}
+
+	m[idx] = append(m[idx], s)
+}
+
+func containsWildcards(name string) bool {
+	isWindows := runtime.GOOS == "windows"
+	for i := 0; i < len(name); i++ {
+		ch := name[i]
+		if ch == '\\' && !isWindows {
+			i++
+		} else if ch == '*' || ch == '?' || ch == '[' {
+			return true
+		}
+	}
+	return false
+}
+
+func dedupeSelectors(m []llbsolver.Selector) []llbsolver.Selector {
+	paths := make([]string, 0, len(m))
+	pathsFollow := make([]string, 0, len(m))
+	for _, sel := range m {
+		if !sel.HasWildcardOrFilters() {
+			if sel.FollowLinks {
+				pathsFollow = append(pathsFollow, sel.Path)
+			} else {
+				paths = append(paths, sel.Path)
+			}
+		}
+	}
+	paths = dedupePaths(paths)
+	pathsFollow = dedupePaths(pathsFollow)
+	selectors := make([]llbsolver.Selector, 0, len(m))
+
+	for _, p := range paths {
+		selectors = append(selectors, llbsolver.Selector{Path: p})
+	}
+	for _, p := range pathsFollow {
+		selectors = append(selectors, llbsolver.Selector{Path: p, FollowLinks: true})
+	}
+
+	for _, sel := range m {
+		if sel.HasWildcardOrFilters() {
+			selectors = append(selectors, sel)
+		}
+	}
+
+	sort.Slice(selectors, func(i, j int) bool {
+		return selectors[i].Path < selectors[j].Path
+	})
+
+	return selectors
+}
+
+func processOwner(chopt *pb.ChownOpt, selectors map[int][]llbsolver.Selector) error {
+	if chopt == nil {
+		return nil
+	}
+	if chopt.User != nil {
+		if u, ok := chopt.User.User.(*pb.UserOpt_ByName); ok {
+			if u.ByName.Input < 0 {
+				return errors.Errorf("invalid user index %d", u.ByName.Input)
+			}
+			addSelector(selectors, int(u.ByName.Input), "/etc/passwd", false, true, nil, nil)
+		}
+	}
+	if chopt.Group != nil {
+		if u, ok := chopt.Group.User.(*pb.UserOpt_ByName); ok {
+			if u.ByName.Input < 0 {
+				return errors.Errorf("invalid user index %d", u.ByName.Input)
+			}
+			addSelector(selectors, int(u.ByName.Input), "/etc/group", false, true, nil, nil)
+		}
+	}
+	return nil
+}
+
+func NewFileOpSolver(w worker.Worker, b fileoptypes.Backend, r fileoptypes.RefManager) *FileOpSolver {
+	return &FileOpSolver{
+		w:    w,
+		b:    b,
+		r:    r,
+		outs: map[int]int{},
+		ins:  map[int]input{},
+	}
+}
+
+type FileOpSolver struct {
+	w worker.Worker
+	b fileoptypes.Backend
+	r fileoptypes.RefManager
+
+	mu   sync.Mutex
+	outs map[int]int
+	ins  map[int]input
+	g    flightcontrol.Group
+}
+
+type input struct {
+	requiresCommit bool
+	mount          fileoptypes.Mount
+	ref            fileoptypes.Ref
+}
+
+func (s *FileOpSolver) Solve(ctx context.Context, inputs []fileoptypes.Ref, actions []*pb.FileAction, g session.Group) ([]fileoptypes.Ref, error) {
+	for i, a := range actions {
+		if int(a.Input) < -1 || int(a.Input) >= len(inputs)+len(actions) {
+			return nil, errors.Errorf("invalid input index %d, %d provided", a.Input, len(inputs)+len(actions))
+		}
+		if int(a.SecondaryInput) < -1 || int(a.SecondaryInput) >= len(inputs)+len(actions) {
+			return nil, errors.Errorf("invalid secondary input index %d, %d provided", a.Input, len(inputs))
+		}
+
+		inp, ok := s.ins[int(a.Input)]
+		if ok {
+			inp.requiresCommit = true
+		}
+		s.ins[int(a.Input)] = inp
+
+		inp, ok = s.ins[int(a.SecondaryInput)]
+		if ok {
+			inp.requiresCommit = true
+		}
+		s.ins[int(a.SecondaryInput)] = inp
+
+		if a.Output != -1 {
+			if _, ok := s.outs[int(a.Output)]; ok {
+				return nil, errors.Errorf("duplicate output %d", a.Output)
+			}
+			idx := len(inputs) + i
+			s.outs[int(a.Output)] = idx
+			s.ins[idx] = input{requiresCommit: true}
+		}
+	}
+
+	if len(s.outs) == 0 {
+		return nil, errors.Errorf("no outputs specified")
+	}
+
+	for i := 0; i < len(s.outs); i++ {
+		if _, ok := s.outs[i]; !ok {
+			return nil, errors.Errorf("missing output index %d", i)
+		}
+	}
+
+	defer func() {
+		for _, in := range s.ins {
+			if in.ref == nil && in.mount != nil {
+				in.mount.Release(context.TODO())
+			}
+		}
+	}()
+
+	outs := make([]fileoptypes.Ref, len(s.outs))
+
+	eg, ctx := errgroup.WithContext(ctx)
+	for i, idx := range s.outs {
+		func(i, idx int) {
+			eg.Go(func() error {
+				if err := s.validate(idx, inputs, actions, nil); err != nil {
+					return err
+				}
+				inp, err := s.getInput(ctx, idx, inputs, actions, g)
+				if err != nil {
+					return errdefs.WithFileActionError(err, idx-len(inputs))
+				}
+				outs[i] = inp.ref
+				return nil
+			})
+		}(i, idx)
+	}
+
+	if err := eg.Wait(); err != nil {
+		for _, r := range outs {
+			if r != nil {
+				r.Release(context.TODO())
+			}
+		}
+		return nil, err
+	}
+
+	return outs, nil
+}
+
+func (s *FileOpSolver) validate(idx int, inputs []fileoptypes.Ref, actions []*pb.FileAction, loaded []int) error {
+	for _, check := range loaded {
+		if idx == check {
+			return errors.Errorf("loop from index %d", idx)
+		}
+	}
+	if idx < len(inputs) {
+		return nil
+	}
+	loaded = append(loaded, idx)
+	action := actions[idx-len(inputs)]
+	for _, inp := range []int{int(action.Input), int(action.SecondaryInput)} {
+		if err := s.validate(inp, inputs, actions, loaded); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (s *FileOpSolver) getInput(ctx context.Context, idx int, inputs []fileoptypes.Ref, actions []*pb.FileAction, g session.Group) (input, error) {
+	inp, err := s.g.Do(ctx, fmt.Sprintf("inp-%d", idx), func(ctx context.Context) (_ interface{}, err error) {
+		s.mu.Lock()
+		inp := s.ins[idx]
+		s.mu.Unlock()
+		if inp.mount != nil || inp.ref != nil {
+			return inp, nil
+		}
+
+		if idx < len(inputs) {
+			inp.ref = inputs[idx]
+			s.mu.Lock()
+			s.ins[idx] = inp
+			s.mu.Unlock()
+			return inp, nil
+		}
+
+		var inpMount, inpMountSecondary fileoptypes.Mount
+		var toRelease []fileoptypes.Mount
+		action := actions[idx-len(inputs)]
+
+		defer func() {
+			if err != nil && inpMount != nil {
+				inputRes := make([]solver.Result, len(inputs))
+				for i, input := range inputs {
+					inputRes[i] = worker.NewWorkerRefResult(input.(cache.ImmutableRef), s.w)
+				}
+
+				outputRes := make([]solver.Result, len(actions))
+
+				// Commit the mutable for the primary input of the failed action.
+				if !inpMount.Readonly() {
+					ref, cerr := s.r.Commit(ctx, inpMount)
+					if cerr == nil {
+						outputRes[idx-len(inputs)] = worker.NewWorkerRefResult(ref.(cache.ImmutableRef), s.w)
+					}
+				}
+
+				// If the action has a secondary input, commit it and set the ref on
+				// the output results.
+				if inpMountSecondary != nil && !inpMountSecondary.Readonly() {
+					ref2, cerr := s.r.Commit(ctx, inpMountSecondary)
+					if cerr == nil {
+						outputRes[int(action.SecondaryInput)-len(inputs)] = worker.NewWorkerRefResult(ref2.(cache.ImmutableRef), s.w)
+					}
+				}
+
+				err = errdefs.WithExecError(err, inputRes, outputRes)
+			}
+			for _, m := range toRelease {
+				m.Release(context.TODO())
+			}
+		}()
+
+		loadInput := func(ctx context.Context) func() error {
+			return func() error {
+				inp, err := s.getInput(ctx, int(action.Input), inputs, actions, g)
+				if err != nil {
+					return err
+				}
+				if inp.ref != nil {
+					m, err := s.r.Prepare(ctx, inp.ref, false, g)
+					if err != nil {
+						return err
+					}
+					inpMount = m
+					return nil
+				}
+				inpMount = inp.mount
+				return nil
+			}
+		}
+
+		loadSecondaryInput := func(ctx context.Context) func() error {
+			return func() error {
+				inp, err := s.getInput(ctx, int(action.SecondaryInput), inputs, actions, g)
+				if err != nil {
+					return err
+				}
+				if inp.ref != nil {
+					m, err := s.r.Prepare(ctx, inp.ref, true, g)
+					if err != nil {
+						return err
+					}
+					inpMountSecondary = m
+					toRelease = append(toRelease, m)
+					return nil
+				}
+				inpMountSecondary = inp.mount
+				return nil
+			}
+		}
+
+		loadUser := func(ctx context.Context, uopt *pb.UserOpt) (fileoptypes.Mount, error) {
+			if uopt == nil {
+				return nil, nil
+			}
+			switch u := uopt.User.(type) {
+			case *pb.UserOpt_ByName:
+				var m fileoptypes.Mount
+				if u.ByName.Input < 0 {
+					return nil, errors.Errorf("invalid user index: %d", u.ByName.Input)
+				}
+				inp, err := s.getInput(ctx, int(u.ByName.Input), inputs, actions, g)
+				if err != nil {
+					return nil, err
+				}
+				if inp.ref != nil {
+					mm, err := s.r.Prepare(ctx, inp.ref, true, g)
+					if err != nil {
+						return nil, err
+					}
+					toRelease = append(toRelease, mm)
+					m = mm
+				} else {
+					m = inp.mount
+				}
+				return m, nil
+			default:
+				return nil, nil
+			}
+		}
+
+		loadOwner := func(ctx context.Context, chopt *pb.ChownOpt) (fileoptypes.Mount, fileoptypes.Mount, error) {
+			if chopt == nil {
+				return nil, nil, nil
+			}
+			um, err := loadUser(ctx, chopt.User)
+			if err != nil {
+				return nil, nil, err
+			}
+			gm, err := loadUser(ctx, chopt.Group)
+			if err != nil {
+				return nil, nil, err
+			}
+			return um, gm, nil
+		}
+
+		if action.Input != -1 && action.SecondaryInput != -1 {
+			eg, ctx := errgroup.WithContext(ctx)
+			eg.Go(loadInput(ctx))
+			eg.Go(loadSecondaryInput(ctx))
+			if err := eg.Wait(); err != nil {
+				return nil, err
+			}
+		} else {
+			if action.Input != -1 {
+				if err := loadInput(ctx)(); err != nil {
+					return nil, err
+				}
+			}
+			if action.SecondaryInput != -1 {
+				if err := loadSecondaryInput(ctx)(); err != nil {
+					return nil, err
+				}
+			}
+		}
+
+		if inpMount == nil {
+			m, err := s.r.Prepare(ctx, nil, false, g)
+			if err != nil {
+				return nil, err
+			}
+			inpMount = m
+		}
+
+		switch a := action.Action.(type) {
+		case *pb.FileAction_Mkdir:
+			user, group, err := loadOwner(ctx, a.Mkdir.Owner)
+			if err != nil {
+				return nil, err
+			}
+			if err := s.b.Mkdir(ctx, inpMount, user, group, *a.Mkdir); err != nil {
+				return nil, err
+			}
+		case *pb.FileAction_Mkfile:
+			user, group, err := loadOwner(ctx, a.Mkfile.Owner)
+			if err != nil {
+				return nil, err
+			}
+			if err := s.b.Mkfile(ctx, inpMount, user, group, *a.Mkfile); err != nil {
+				return nil, err
+			}
+		case *pb.FileAction_Rm:
+			if err := s.b.Rm(ctx, inpMount, *a.Rm); err != nil {
+				return nil, err
+			}
+		case *pb.FileAction_Copy:
+			if inpMountSecondary == nil {
+				m, err := s.r.Prepare(ctx, nil, true, g)
+				if err != nil {
+					return nil, err
+				}
+				inpMountSecondary = m
+			}
+			user, group, err := loadOwner(ctx, a.Copy.Owner)
+			if err != nil {
+				return nil, err
+			}
+			if err := s.b.Copy(ctx, inpMountSecondary, inpMount, user, group, *a.Copy); err != nil {
+				return nil, err
+			}
+		default:
+			return nil, errors.Errorf("invalid action type %T", action.Action)
+		}
+
+		if inp.requiresCommit {
+			ref, err := s.r.Commit(ctx, inpMount)
+			if err != nil {
+				return nil, err
+			}
+			inp.ref = ref
+		} else {
+			inp.mount = inpMount
+		}
+		s.mu.Lock()
+		s.ins[idx] = inp
+		s.mu.Unlock()
+		return inp, nil
+	})
+	if err != nil {
+		return input{}, err
+	}
+	return inp.(input), err
+}
+
+func isDefaultIndexes(idxs [][]int) bool {
+	// Older version of checksum did not contain indexes for actions resulting in possibility for a wrong cache match.
+	// We detect the most common pattern for indexes and maintain old checksum for that case to minimize cache misses on upgrade.
+	// If a future change causes braking changes in instruction cache consider removing this exception.
+	if len(idxs) == 0 {
+		return false
+	}
+
+	for i, idx := range idxs {
+		if len(idx) != 3 {
+			return false
+		}
+		// input for first action is first input
+		if i == 0 && idx[0] != 0 {
+			return false
+		}
+		// input for other actions is previous action
+		if i != 0 && idx[0] != len(idxs)+(i-1) {
+			return false
+		}
+		// secondary input is second input or -1
+		if idx[1] != -1 && idx[1] != 1 {
+			return false
+		}
+		// last action creates output
+		if i == len(idxs)-1 && idx[2] != 0 {
+			return false
+		}
+		// other actions do not create an output
+		if i != len(idxs)-1 && idx[2] != -1 {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/fileoptypes/types.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/fileoptypes/types.go
new file mode 100644
index 0000000000000..3ceaaf35a9382
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/fileoptypes/types.go
@@ -0,0 +1,30 @@
+package fileoptypes
+
+import (
+	"context"
+
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver/pb"
+)
+
+type Ref interface {
+	Release(context.Context) error
+}
+
+type Mount interface {
+	IsFileOpMount()
+	Release(context.Context) error
+	Readonly() bool
+}
+
+type Backend interface {
+	Mkdir(context.Context, Mount, Mount, Mount, pb.FileActionMkDir) error
+	Mkfile(context.Context, Mount, Mount, Mount, pb.FileActionMkFile) error
+	Rm(context.Context, Mount, pb.FileActionRm) error
+	Copy(context.Context, Mount, Mount, Mount, Mount, pb.FileActionCopy) error
+}
+
+type RefManager interface {
+	Prepare(ctx context.Context, ref Ref, readonly bool, g session.Group) (Mount, error)
+	Commit(ctx context.Context, mount Mount) (Ref, error)
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go
index 722861eeb4f07..6cec6320b58a3 100644
--- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go
@@ -2,32 +2,45 @@ package ops
 
 import (
 	"context"
+	"strings"
 	"sync"
 
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/llbsolver"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/source"
 	"github.com/moby/buildkit/worker"
 	digest "github.com/opencontainers/go-digest"
+	"golang.org/x/sync/semaphore"
 )
 
 const sourceCacheType = "buildkit.source.v0"
 
 type sourceOp struct {
-	mu       sync.Mutex
-	op       *pb.Op_Source
-	platform *pb.Platform
-	sm       *source.Manager
-	src      source.SourceInstance
-	w        worker.Worker
+	mu          sync.Mutex
+	op          *pb.Op_Source
+	platform    *pb.Platform
+	sm          *source.Manager
+	src         source.SourceInstance
+	sessM       *session.Manager
+	w           worker.Worker
+	vtx         solver.Vertex
+	parallelism *semaphore.Weighted
 }
 
-func NewSourceOp(_ solver.Vertex, op *pb.Op_Source, platform *pb.Platform, sm *source.Manager, w worker.Worker) (solver.Op, error) {
+func NewSourceOp(vtx solver.Vertex, op *pb.Op_Source, platform *pb.Platform, sm *source.Manager, parallelism *semaphore.Weighted, sessM *session.Manager, w worker.Worker) (solver.Op, error) {
+	if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil {
+		return nil, err
+	}
 	return &sourceOp{
-		op:       op,
-		sm:       sm,
-		w:        w,
-		platform: platform,
+		op:          op,
+		sm:          sm,
+		w:           w,
+		sessM:       sessM,
+		platform:    platform,
+		vtx:         vtx,
+		parallelism: parallelism,
 	}, nil
 }
 
@@ -41,7 +54,7 @@ func (s *sourceOp) instance(ctx context.Context) (source.SourceInstance, error)
 	if err != nil {
 		return nil, err
 	}
-	src, err := s.sm.Resolve(ctx, id)
+	src, err := s.sm.Resolve(ctx, id, s.sessM, s.vtx)
 	if err != nil {
 		return nil, err
 	}
@@ -49,30 +62,50 @@ func (s *sourceOp) instance(ctx context.Context) (source.SourceInstance, error)
 	return s.src, nil
 }
 
-func (s *sourceOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, bool, error) {
+func (s *sourceOp) CacheMap(ctx context.Context, g session.Group, index int) (*solver.CacheMap, bool, error) {
 	src, err := s.instance(ctx)
 	if err != nil {
 		return nil, false, err
 	}
-	k, done, err := src.CacheKey(ctx, index)
+	k, cacheOpts, done, err := src.CacheKey(ctx, g, index)
 	if err != nil {
 		return nil, false, err
 	}
 
+	dgst := digest.FromBytes([]byte(sourceCacheType + ":" + k))
+
+	if strings.HasPrefix(k, "session:") {
+		dgst = digest.Digest("random:" + strings.TrimPrefix(dgst.String(), dgst.Algorithm().String()+":"))
+	}
+
 	return &solver.CacheMap{
 		// TODO: add os/arch
-		Digest: digest.FromBytes([]byte(sourceCacheType + ":" + k)),
+		Digest: dgst,
+		Opts:   cacheOpts,
 	}, done, nil
 }
 
-func (s *sourceOp) Exec(ctx context.Context, _ []solver.Result) (outputs []solver.Result, err error) {
+func (s *sourceOp) Exec(ctx context.Context, g session.Group, _ []solver.Result) (outputs []solver.Result, err error) {
 	src, err := s.instance(ctx)
 	if err != nil {
 		return nil, err
 	}
-	ref, err := src.Snapshot(ctx)
+	ref, err := src.Snapshot(ctx, g)
 	if err != nil {
 		return nil, err
 	}
 	return []solver.Result{worker.NewWorkerRefResult(ref, s.w)}, nil
 }
+
+func (s *sourceOp) Acquire(ctx context.Context) (solver.ReleaseFunc, error) {
+	if s.parallelism == nil {
+		return func() {}, nil
+	}
+	err := s.parallelism.Acquire(ctx, 1)
+	if err != nil {
+		return nil, err
+	}
+	return func() {
+		s.parallelism.Release(1)
+	}, nil
+}
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/result.go b/vendor/github.com/moby/buildkit/solver/llbsolver/result.go
index cd1959c0ba278..6dcca69f6f9af 100644
--- a/vendor/github.com/moby/buildkit/solver/llbsolver/result.go
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/result.go
@@ -6,22 +6,47 @@ import (
 	"path"
 
 	"github.com/moby/buildkit/cache/contenthash"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/util/compression"
 	"github.com/moby/buildkit/worker"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"golang.org/x/sync/errgroup"
 )
 
-func NewContentHashFunc(selectors []string) solver.ResultBasedCacheFunc {
-	return func(ctx context.Context, res solver.Result) (digest.Digest, error) {
+type Selector struct {
+	Path            string
+	Wildcard        bool
+	FollowLinks     bool
+	IncludePatterns []string
+	ExcludePatterns []string
+}
+
+func (sel Selector) HasWildcardOrFilters() bool {
+	return sel.Wildcard || len(sel.IncludePatterns) != 0 || len(sel.ExcludePatterns) != 0
+}
+
+func UnlazyResultFunc(ctx context.Context, res solver.Result, g session.Group) error {
+	ref, ok := res.Sys().(*worker.WorkerRef)
+	if !ok {
+		return errors.Errorf("invalid reference: %T", res)
+	}
+	if ref.ImmutableRef == nil {
+		return nil
+	}
+	return ref.ImmutableRef.Extract(ctx, g)
+}
+
+func NewContentHashFunc(selectors []Selector) solver.ResultBasedCacheFunc {
+	return func(ctx context.Context, res solver.Result, s session.Group) (digest.Digest, error) {
 		ref, ok := res.Sys().(*worker.WorkerRef)
 		if !ok {
 			return "", errors.Errorf("invalid reference: %T", res)
 		}
 
 		if len(selectors) == 0 {
-			selectors = []string{""}
+			selectors = []Selector{{}}
 		}
 
 		dgsts := make([][]byte, len(selectors))
@@ -29,17 +54,24 @@ func NewContentHashFunc(selectors []string) solver.ResultBasedCacheFunc {
 		eg, ctx := errgroup.WithContext(ctx)
 
 		for i, sel := range selectors {
-			// FIXME(tonistiigi): enabling this parallelization seems to create wrong results for some big inputs(like gobuild)
-			// func(i int) {
-			// 	eg.Go(func() error {
-			dgst, err := contenthash.Checksum(ctx, ref.ImmutableRef, path.Join("/", sel))
-			if err != nil {
-				return "", err
-			}
-			dgsts[i] = []byte(dgst)
-			// return nil
-			// })
-			// }(i)
+			i, sel := i, sel
+			eg.Go(func() error {
+				dgst, err := contenthash.Checksum(
+					ctx, ref.ImmutableRef, path.Join("/", sel.Path),
+					contenthash.ChecksumOpts{
+						Wildcard:        sel.Wildcard,
+						FollowLinks:     sel.FollowLinks,
+						IncludePatterns: sel.IncludePatterns,
+						ExcludePatterns: sel.ExcludePatterns,
+					},
+					s,
+				)
+				if err != nil {
+					return err
+				}
+				dgsts[i] = []byte(dgst)
+				return nil
+			})
 		}
 
 		if err := eg.Wait(); err != nil {
@@ -50,11 +82,13 @@ func NewContentHashFunc(selectors []string) solver.ResultBasedCacheFunc {
 	}
 }
 
-func workerRefConverter(ctx context.Context, res solver.Result) (*solver.Remote, error) {
-	ref, ok := res.Sys().(*worker.WorkerRef)
-	if !ok {
-		return nil, errors.Errorf("invalid result: %T", res.Sys())
-	}
+func workerRefConverter(g session.Group) func(ctx context.Context, res solver.Result) (*solver.Remote, error) {
+	return func(ctx context.Context, res solver.Result) (*solver.Remote, error) {
+		ref, ok := res.Sys().(*worker.WorkerRef)
+		if !ok {
+			return nil, errors.Errorf("invalid result: %T", res.Sys())
+		}
 
-	return ref.Worker.GetRemote(ctx, ref.ImmutableRef, true)
+		return ref.GetRemote(ctx, true, compression.Default, g)
+	}
 }
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go
index 6b258d92d48d3..31e8afca7a5e1 100644
--- a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go
@@ -2,6 +2,7 @@ package llbsolver
 
 import (
 	"context"
+	"fmt"
 	"strings"
 	"time"
 
@@ -10,17 +11,18 @@ import (
 	"github.com/moby/buildkit/client"
 	controlgateway "github.com/moby/buildkit/control/gateway"
 	"github.com/moby/buildkit/exporter"
+	"github.com/moby/buildkit/exporter/containerimage/exptypes"
 	"github.com/moby/buildkit/frontend"
 	"github.com/moby/buildkit/frontend/gateway"
-	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/util/compression"
 	"github.com/moby/buildkit/util/entitlements"
 	"github.com/moby/buildkit/util/progress"
 	"github.com/moby/buildkit/worker"
 	digest "github.com/opencontainers/go-digest"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
 )
 
 const keyEntitlements = "llb.entitlements"
@@ -35,31 +37,29 @@ type ExporterRequest struct {
 type ResolveWorkerFunc func() (worker.Worker, error)
 
 type Solver struct {
-	workerController     *worker.Controller
-	solver               *solver.Solver
-	resolveWorker        ResolveWorkerFunc
-	frontends            map[string]frontend.Frontend
-	resolveCacheImporter remotecache.ResolveCacheImporterFunc
-	platforms            []specs.Platform
-	gatewayForwarder     *controlgateway.GatewayForwarder
+	workerController          *worker.Controller
+	solver                    *solver.Solver
+	resolveWorker             ResolveWorkerFunc
+	eachWorker                func(func(worker.Worker) error) error
+	frontends                 map[string]frontend.Frontend
+	resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc
+	gatewayForwarder          *controlgateway.GatewayForwarder
+	sm                        *session.Manager
+	entitlements              []string
 }
 
-func New(wc *worker.Controller, f map[string]frontend.Frontend, cache solver.CacheManager, resolveCI remotecache.ResolveCacheImporterFunc, gatewayForwarder *controlgateway.GatewayForwarder) (*Solver, error) {
+func New(wc *worker.Controller, f map[string]frontend.Frontend, cache solver.CacheManager, resolveCI map[string]remotecache.ResolveCacheImporterFunc, gatewayForwarder *controlgateway.GatewayForwarder, sm *session.Manager, ents []string) (*Solver, error) {
 	s := &Solver{
-		workerController:     wc,
-		resolveWorker:        defaultResolver(wc),
-		frontends:            f,
-		resolveCacheImporter: resolveCI,
-		gatewayForwarder:     gatewayForwarder,
+		workerController:          wc,
+		resolveWorker:             defaultResolver(wc),
+		eachWorker:                allWorkers(wc),
+		frontends:                 f,
+		resolveCacheImporterFuncs: resolveCI,
+		gatewayForwarder:          gatewayForwarder,
+		sm:                        sm,
+		entitlements:              ents,
 	}
 
-	// executing is currently only allowed on default worker
-	w, err := wc.GetDefault()
-	if err != nil {
-		return nil, err
-	}
-	s.platforms = w.Platforms()
-
 	s.solver = solver.NewSolver(solver.SolverOpt{
 		ResolveOpFunc: s.resolver(),
 		DefaultCache:  cache,
@@ -73,22 +73,23 @@ func (s *Solver) resolver() solver.ResolveOpFunc {
 		if err != nil {
 			return nil, err
 		}
-		return w.ResolveOp(v, s.Bridge(b))
+		return w.ResolveOp(v, s.Bridge(b), s.sm)
 	}
 }
 
 func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge {
 	return &llbBridge{
-		builder:              b,
-		frontends:            s.frontends,
-		resolveWorker:        s.resolveWorker,
-		resolveCacheImporter: s.resolveCacheImporter,
-		cms:                  map[string]solver.CacheManager{},
-		platforms:            s.platforms,
+		builder:                   b,
+		frontends:                 s.frontends,
+		resolveWorker:             s.resolveWorker,
+		eachWorker:                s.eachWorker,
+		resolveCacheImporterFuncs: s.resolveCacheImporterFuncs,
+		cms:                       map[string]solver.CacheManager{},
+		sm:                        s.sm,
 	}
 }
 
-func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement) (*client.SolveResponse, error) {
+func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement) (*client.SolveResponse, error) {
 	j, err := s.solver.NewJob(id)
 	if err != nil {
 		return nil, err
@@ -96,17 +97,17 @@ func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest
 
 	defer j.Discard()
 
-	set, err := entitlements.WhiteList(ent, supportedEntitlements())
+	set, err := entitlements.WhiteList(ent, supportedEntitlements(s.entitlements))
 	if err != nil {
 		return nil, err
 	}
 	j.SetValue(keyEntitlements, set)
 
-	j.SessionID = session.FromContext(ctx)
+	j.SessionID = sessionID
 
 	var res *frontend.Result
 	if s.gatewayForwarder != nil && req.Definition == nil && req.Frontend == "" {
-		fwd := gateway.NewBridgeForwarder(ctx, s.Bridge(j), s.workerController)
+		fwd := gateway.NewBridgeForwarder(ctx, s.Bridge(j), s.workerController, req.FrontendInputs, sessionID, s.sm)
 		defer fwd.Discard()
 		if err := s.gatewayForwarder.RegisterBuild(ctx, id, fwd); err != nil {
 			return nil, err
@@ -124,21 +125,37 @@ func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest
 			return nil, err
 		}
 	} else {
-		res, err = s.Bridge(j).Solve(ctx, req)
+		res, err = s.Bridge(j).Solve(ctx, req, sessionID)
 		if err != nil {
 			return nil, err
 		}
 	}
 
+	if res == nil {
+		res = &frontend.Result{}
+	}
+
 	defer func() {
-		res.EachRef(func(ref solver.CachedResult) error {
+		res.EachRef(func(ref solver.ResultProxy) error {
 			go ref.Release(context.TODO())
 			return nil
 		})
 	}()
 
+	eg, ctx2 := errgroup.WithContext(ctx)
+	res.EachRef(func(ref solver.ResultProxy) error {
+		eg.Go(func() error {
+			_, err := ref.Result(ctx2)
+			return err
+		})
+		return nil
+	})
+	if err := eg.Wait(); err != nil {
+		return nil, err
+	}
+
 	var exporterResponse map[string]string
-	if exp := exp.Exporter; exp != nil {
+	if e := exp.Exporter; e != nil {
 		inp := exporter.Source{
 			Metadata: res.Metadata,
 		}
@@ -146,11 +163,23 @@ func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest
 			inp.Metadata = make(map[string][]byte)
 		}
 		if res := res.Ref; res != nil {
-			workerRef, ok := res.Sys().(*worker.WorkerRef)
+			r, err := res.Result(ctx)
+			if err != nil {
+				return nil, err
+			}
+			workerRef, ok := r.Sys().(*worker.WorkerRef)
 			if !ok {
-				return nil, errors.Errorf("invalid reference: %T", res.Sys())
+				return nil, errors.Errorf("invalid reference: %T", r.Sys())
 			}
 			inp.Ref = workerRef.ImmutableRef
+
+			dt, err := inlineCache(ctx, exp.CacheExporter, r, session.NewGroup(sessionID))
+			if err != nil {
+				return nil, err
+			}
+			if dt != nil {
+				inp.Metadata[exptypes.ExporterInlineCache] = dt
+			}
 		}
 		if res.Refs != nil {
 			m := make(map[string]cache.ImmutableRef, len(res.Refs))
@@ -158,39 +187,59 @@ func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest
 				if res == nil {
 					m[k] = nil
 				} else {
-					workerRef, ok := res.Sys().(*worker.WorkerRef)
+					r, err := res.Result(ctx)
+					if err != nil {
+						return nil, err
+					}
+					workerRef, ok := r.Sys().(*worker.WorkerRef)
 					if !ok {
-						return nil, errors.Errorf("invalid reference: %T", res.Sys())
+						return nil, errors.Errorf("invalid reference: %T", r.Sys())
 					}
 					m[k] = workerRef.ImmutableRef
+
+					dt, err := inlineCache(ctx, exp.CacheExporter, r, session.NewGroup(sessionID))
+					if err != nil {
+						return nil, err
+					}
+					if dt != nil {
+						inp.Metadata[fmt.Sprintf("%s/%s", exptypes.ExporterInlineCache, k)] = dt
+					}
 				}
 			}
 			inp.Refs = m
 		}
 
-		if err := inVertexContext(j.Context(ctx), exp.Name(), "", func(ctx context.Context) error {
-			exporterResponse, err = exp.Export(ctx, inp)
+		if err := inBuilderContext(ctx, j, e.Name(), "", func(ctx context.Context, _ session.Group) error {
+			exporterResponse, err = e.Export(ctx, inp, j.SessionID)
 			return err
 		}); err != nil {
 			return nil, err
 		}
 	}
 
+	g := session.NewGroup(j.SessionID)
+	var cacheExporterResponse map[string]string
 	if e := exp.CacheExporter; e != nil {
-		if err := inVertexContext(j.Context(ctx), "exporting cache", "", func(ctx context.Context) error {
+		if err := inBuilderContext(ctx, j, "exporting cache", "", func(ctx context.Context, _ session.Group) error {
 			prepareDone := oneOffProgress(ctx, "preparing build cache for export")
-			if err := res.EachRef(func(res solver.CachedResult) error {
+			if err := res.EachRef(func(res solver.ResultProxy) error {
+				r, err := res.Result(ctx)
+				if err != nil {
+					return err
+				}
 				// all keys have same export chain so exporting others is not needed
-				_, err := res.CacheKeys()[0].Exporter.ExportTo(ctx, e, solver.CacheExportOpt{
-					Convert: workerRefConverter,
+				_, err = r.CacheKeys()[0].Exporter.ExportTo(ctx, e, solver.CacheExportOpt{
+					Convert: workerRefConverter(g),
 					Mode:    exp.CacheExportMode,
+					Session: g,
 				})
 				return err
 			}); err != nil {
 				return prepareDone(err)
 			}
 			prepareDone(nil)
-			return e.Finalize(ctx)
+			cacheExporterResponse, err = e.Finalize(ctx)
+			return err
 		}); err != nil {
 			return nil, err
 		}
@@ -205,12 +254,49 @@ func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest
 			exporterResponse[k] = string(v)
 		}
 	}
+	for k, v := range cacheExporterResponse {
+		if strings.HasPrefix(k, "cache.") {
+			exporterResponse[k] = v
+		}
+	}
 
 	return &client.SolveResponse{
 		ExporterResponse: exporterResponse,
 	}, nil
 }
 
+func inlineCache(ctx context.Context, e remotecache.Exporter, res solver.CachedResult, g session.Group) ([]byte, error) {
+	if efl, ok := e.(interface {
+		ExportForLayers([]digest.Digest) ([]byte, error)
+	}); ok {
+		workerRef, ok := res.Sys().(*worker.WorkerRef)
+		if !ok {
+			return nil, errors.Errorf("invalid reference: %T", res.Sys())
+		}
+
+		remote, err := workerRef.GetRemote(ctx, true, compression.Default, g)
+		if err != nil || remote == nil {
+			return nil, nil
+		}
+
+		digests := make([]digest.Digest, 0, len(remote.Descriptors))
+		for _, desc := range remote.Descriptors {
+			digests = append(digests, desc.Digest)
+		}
+
+		if _, err := res.CacheKeys()[0].Exporter.ExportTo(ctx, e, solver.CacheExportOpt{
+			Convert: workerRefConverter(g),
+			Mode:    solver.CacheExportModeMin,
+			Session: g,
+		}); err != nil {
+			return nil, err
+		}
+
+		return efl.ExportForLayers(digests)
+	}
+	return nil, nil
+}
+
 func (s *Solver) Status(ctx context.Context, id string, statusChan chan *client.SolveStatus) error {
 	j, err := s.solver.Get(id)
 	if err != nil {
@@ -225,6 +311,20 @@ func defaultResolver(wc *worker.Controller) ResolveWorkerFunc {
 		return wc.GetDefault()
 	}
 }
+func allWorkers(wc *worker.Controller) func(func(w worker.Worker) error) error {
+	return func(f func(worker.Worker) error) error {
+		all, err := wc.List()
+		if err != nil {
+			return err
+		}
+		for _, w := range all {
+			if err := f(w); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
 
 func oneOffProgress(ctx context.Context, id string) func(err error) error {
 	pw, _, _ := progress.FromContext(ctx)
@@ -243,20 +343,22 @@ func oneOffProgress(ctx context.Context, id string) func(err error) error {
 	}
 }
 
-func inVertexContext(ctx context.Context, name, id string, f func(ctx context.Context) error) error {
+func inBuilderContext(ctx context.Context, b solver.Builder, name, id string, f func(ctx context.Context, g session.Group) error) error {
 	if id == "" {
-		id = identity.NewID()
+		id = name
 	}
 	v := client.Vertex{
 		Digest: digest.FromBytes([]byte(id)),
 		Name:   name,
 	}
-	pw, _, ctx := progress.FromContext(ctx, progress.WithMetadata("vertex", v.Digest))
-	notifyStarted(ctx, &v, false)
-	defer pw.Close()
-	err := f(ctx)
-	notifyCompleted(ctx, &v, err, false)
-	return err
+	return b.InContext(ctx, func(ctx context.Context, g session.Group) error {
+		pw, _, ctx := progress.FromContext(ctx, progress.WithMetadata("vertex", v.Digest))
+		notifyStarted(ctx, &v, false)
+		defer pw.Close()
+		err := f(ctx, g)
+		notifyCompleted(ctx, &v, err, false)
+		return err
+	})
 }
 
 func notifyStarted(ctx context.Context, v *client.Vertex, cached bool) {
@@ -284,12 +386,15 @@ func notifyCompleted(ctx context.Context, v *client.Vertex, err error, cached bo
 	pw.Write(v.Digest.String(), *v)
 }
 
-var AllowNetworkHostUnstable = false // TODO: enable in constructor
-
-func supportedEntitlements() []entitlements.Entitlement {
+func supportedEntitlements(ents []string) []entitlements.Entitlement {
 	out := []entitlements.Entitlement{} // nil means no filter
-	if AllowNetworkHostUnstable {
-		out = append(out, entitlements.EntitlementNetworkHost)
+	for _, e := range ents {
+		if e == string(entitlements.EntitlementNetworkHost) {
+			out = append(out, entitlements.EntitlementNetworkHost)
+		}
+		if e == string(entitlements.EntitlementSecurityInsecure) {
+			out = append(out, entitlements.EntitlementSecurityInsecure)
+		}
 	}
 	return out
 }
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go
index f4cd925286670..f5aa0b9926376 100644
--- a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go
@@ -1,6 +1,7 @@
 package llbsolver
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/containerd/containerd/platforms"
@@ -67,12 +68,8 @@ func WithCacheSources(cms []solver.CacheManager) LoadOpt {
 	}
 }
 
-func RuntimePlatforms(p []specs.Platform) LoadOpt {
+func NormalizeRuntimePlatforms() LoadOpt {
 	var defaultPlatform *pb.Platform
-	pp := make([]specs.Platform, len(p))
-	for i := range p {
-		pp[i] = platforms.Normalize(p[i])
-	}
 	return func(op *pb.Op, _ *pb.OpMetadata, opt *solver.VertexOptions) error {
 		if op.Platform == nil {
 			if defaultPlatform == nil {
@@ -80,22 +77,20 @@ func RuntimePlatforms(p []specs.Platform) LoadOpt {
 				defaultPlatform = &pb.Platform{
 					OS:           p.OS,
 					Architecture: p.Architecture,
+					Variant:      p.Variant,
 				}
 			}
 			op.Platform = defaultPlatform
 		}
-		if _, ok := op.Op.(*pb.Op_Exec); ok {
-			var found bool
-			for _, pp := range pp {
-				if pp.OS == op.Platform.OS && pp.Architecture == op.Platform.Architecture && pp.Variant == op.Platform.Variant {
-					found = true
-					break
-				}
-			}
-			if !found {
-				return errors.Errorf("runtime execution on platform %s not supported", platforms.Format(specs.Platform{OS: op.Platform.OS, Architecture: op.Platform.Architecture, Variant: op.Platform.Variant}))
-			}
+		platform := specs.Platform{OS: op.Platform.OS, Architecture: op.Platform.Architecture, Variant: op.Platform.Variant}
+		normalizedPlatform := platforms.Normalize(platform)
+
+		op.Platform = &pb.Platform{
+			OS:           normalizedPlatform.OS,
+			Architecture: normalizedPlatform.Architecture,
+			Variant:      normalizedPlatform.Variant,
 		}
+
 		return nil
 	}
 }
@@ -109,9 +104,10 @@ func ValidateEntitlements(ent entitlements.Set) LoadOpt {
 					return errors.Errorf("%s is not allowed", entitlements.EntitlementNetworkHost)
 				}
 			}
-			if op.Exec.Network == pb.NetMode_NONE {
-				if !ent.Allowed(entitlements.EntitlementNetworkNone) {
-					return errors.Errorf("%s is not allowed", entitlements.EntitlementNetworkNone)
+
+			if op.Exec.Security == pb.SecurityMode_INSECURE {
+				if !ent.Allowed(entitlements.EntitlementSecurityInsecure) {
+					return errors.Errorf("%s is not allowed", entitlements.EntitlementSecurityInsecure)
 				}
 			}
 		}
@@ -119,6 +115,34 @@ func ValidateEntitlements(ent entitlements.Set) LoadOpt {
 	}
 }
 
+type detectPrunedCacheID struct {
+	ids map[string]struct{}
+}
+
+func (dpc *detectPrunedCacheID) Load(op *pb.Op, md *pb.OpMetadata, opt *solver.VertexOptions) error {
+	if md == nil || !md.IgnoreCache {
+		return nil
+	}
+	switch op := op.Op.(type) {
+	case *pb.Op_Exec:
+		for _, m := range op.Exec.GetMounts() {
+			if m.MountType == pb.MountType_CACHE {
+				if m.CacheOpt != nil {
+					id := m.CacheOpt.ID
+					if id == "" {
+						id = m.Dest
+					}
+					if dpc.ids == nil {
+						dpc.ids = map[string]struct{}{}
+					}
+					dpc.ids[id] = struct{}{}
+				}
+			}
+		}
+	}
+	return nil
+}
+
 func Load(def *pb.Definition, opts ...LoadOpt) (solver.Edge, error) {
 	return loadLLB(def, func(dgst digest.Digest, pbOp *pb.Op, load func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error) {
 		opMetadata := def.Metadata[dgst]
@@ -144,6 +168,7 @@ func newVertex(dgst digest.Digest, op *pb.Op, opMeta *pb.OpMetadata, load func(d
 			return nil, err
 		}
 	}
+
 	vtx := &vertex{sys: op, options: opt, digest: dgst, name: llbOpName(op)}
 	for _, in := range op.Inputs {
 		sub, err := load(in.Digest)
@@ -175,8 +200,15 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige
 		allOps[dgst] = &op
 	}
 
+	if len(allOps) < 2 {
+		return solver.Edge{}, errors.Errorf("invalid LLB with %d vertexes", len(allOps))
+	}
+
 	lastOp := allOps[dgst]
 	delete(allOps, dgst)
+	if len(lastOp.Inputs) == 0 {
+		return solver.Edge{}, errors.Errorf("invalid LLB with no inputs on last vertex")
+	}
 	dgst = lastOp.Inputs[0].Digest
 
 	cache := make(map[digest.Digest]solver.Vertex)
@@ -186,7 +218,16 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige
 		if v, ok := cache[dgst]; ok {
 			return v, nil
 		}
-		v, err := fn(dgst, allOps[dgst], rec)
+		op, ok := allOps[dgst]
+		if !ok {
+			return nil, errors.Errorf("invalid missing input digest %s", dgst)
+		}
+
+		if err := ValidateOp(op); err != nil {
+			return nil, err
+		}
+
+		v, err := fn(dgst, op, rec)
 		if err != nil {
 			return nil, err
 		}
@@ -214,9 +255,78 @@ func llbOpName(op *pb.Op) string {
 		return op.Source.Identifier
 	case *pb.Op_Exec:
 		return strings.Join(op.Exec.Meta.Args, " ")
+	case *pb.Op_File:
+		return fileOpName(op.File.Actions)
 	case *pb.Op_Build:
 		return "build"
 	default:
 		return "unknown"
 	}
 }
+
+func ValidateOp(op *pb.Op) error {
+	if op == nil {
+		return errors.Errorf("invalid nil op")
+	}
+
+	switch op := op.Op.(type) {
+	case *pb.Op_Source:
+		if op.Source == nil {
+			return errors.Errorf("invalid nil source op")
+		}
+	case *pb.Op_Exec:
+		if op.Exec == nil {
+			return errors.Errorf("invalid nil exec op")
+		}
+		if op.Exec.Meta == nil {
+			return errors.Errorf("invalid exec op with no meta")
+		}
+		if len(op.Exec.Meta.Args) == 0 {
+			return errors.Errorf("invalid exec op with no args")
+		}
+		if len(op.Exec.Mounts) == 0 {
+			return errors.Errorf("invalid exec op with no mounts")
+		}
+
+		isRoot := false
+		for _, m := range op.Exec.Mounts {
+			if m.Dest == pb.RootMount {
+				isRoot = true
+				break
+			}
+		}
+		if !isRoot {
+			return errors.Errorf("invalid exec op with no rootfs")
+		}
+	case *pb.Op_File:
+		if op.File == nil {
+			return errors.Errorf("invalid nil file op")
+		}
+		if len(op.File.Actions) == 0 {
+			return errors.Errorf("invalid file op with no actions")
+		}
+	case *pb.Op_Build:
+		if op.Build == nil {
+			return errors.Errorf("invalid nil build op")
+		}
+	}
+	return nil
+}
+
+func fileOpName(actions []*pb.FileAction) string {
+	names := make([]string, 0, len(actions))
+	for _, action := range actions {
+		switch a := action.Action.(type) {
+		case *pb.FileAction_Mkdir:
+			names = append(names, fmt.Sprintf("mkdir %s", a.Mkdir.Path))
+		case *pb.FileAction_Mkfile:
+			names = append(names, fmt.Sprintf("mkfile %s", a.Mkfile.Path))
+		case *pb.FileAction_Rm:
+			names = append(names, fmt.Sprintf("rm %s", a.Rm.Path))
+		case *pb.FileAction_Copy:
+			names = append(names, fmt.Sprintf("copy %s %s", a.Copy.Src, a.Copy.Dest))
+		}
+	}
+
+	return strings.Join(names, ", ")
+}
diff --git a/vendor/github.com/moby/buildkit/solver/memorycachestorage.go b/vendor/github.com/moby/buildkit/solver/memorycachestorage.go
index 75c8abdeadce2..6754d48908b35 100644
--- a/vendor/github.com/moby/buildkit/solver/memorycachestorage.go
+++ b/vendor/github.com/moby/buildkit/solver/memorycachestorage.go
@@ -5,6 +5,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/moby/buildkit/session"
 	"github.com/pkg/errors"
 )
 
@@ -284,9 +285,9 @@ type inMemoryResultStore struct {
 	m *sync.Map
 }
 
-func (s *inMemoryResultStore) Save(r Result) (CacheResult, error) {
+func (s *inMemoryResultStore) Save(r Result, createdAt time.Time) (CacheResult, error) {
 	s.m.Store(r.ID(), r)
-	return CacheResult{ID: r.ID(), CreatedAt: time.Now()}, nil
+	return CacheResult{ID: r.ID(), CreatedAt: createdAt}, nil
 }
 
 func (s *inMemoryResultStore) Load(ctx context.Context, res CacheResult) (Result, error) {
@@ -297,7 +298,7 @@ func (s *inMemoryResultStore) Load(ctx context.Context, res CacheResult) (Result
 	return v.(Result), nil
 }
 
-func (s *inMemoryResultStore) LoadRemote(ctx context.Context, res CacheResult) (*Remote, error) {
+func (s *inMemoryResultStore) LoadRemote(_ context.Context, _ CacheResult, _ session.Group) (*Remote, error) {
 	return nil, nil
 }
 
diff --git a/vendor/github.com/moby/buildkit/solver/pb/attr.go b/vendor/github.com/moby/buildkit/solver/pb/attr.go
index f44c4b4771011..0bf9603eb4f5c 100644
--- a/vendor/github.com/moby/buildkit/solver/pb/attr.go
+++ b/vendor/github.com/moby/buildkit/solver/pb/attr.go
@@ -2,6 +2,10 @@ package pb
 
 const AttrKeepGitDir = "git.keepgitdir"
 const AttrFullRemoteURL = "git.fullurl"
+const AttrAuthHeaderSecret = "git.authheadersecret"
+const AttrAuthTokenSecret = "git.authtokensecret"
+const AttrKnownSSHHosts = "git.knownsshhosts"
+const AttrMountSSHSock = "git.mountsshsock"
 const AttrLocalSessionID = "local.session"
 const AttrLocalUniqueID = "local.unique"
 const AttrIncludePatterns = "local.includepattern"
@@ -21,3 +25,5 @@ const AttrImageResolveModeDefault = "default"
 const AttrImageResolveModeForcePull = "pull"
 const AttrImageResolveModePreferLocal = "local"
 const AttrImageRecordType = "image.recordtype"
+
+type IsFileAction = isFileAction_Action
diff --git a/vendor/github.com/moby/buildkit/solver/pb/caps.go b/vendor/github.com/moby/buildkit/solver/pb/caps.go
index b81ec62c419af..aa9e39f9b7773 100644
--- a/vendor/github.com/moby/buildkit/solver/pb/caps.go
+++ b/vendor/github.com/moby/buildkit/solver/pb/caps.go
@@ -19,9 +19,13 @@ const (
 	CapSourceLocalExcludePatterns apicaps.CapID = "source.local.excludepatterns"
 	CapSourceLocalSharedKeyHint   apicaps.CapID = "source.local.sharedkeyhint"
 
-	CapSourceGit        apicaps.CapID = "source.git"
-	CapSourceGitKeepDir apicaps.CapID = "source.git.keepgitdir"
-	CapSourceGitFullURL apicaps.CapID = "source.git.fullurl"
+	CapSourceGit              apicaps.CapID = "source.git"
+	CapSourceGitKeepDir       apicaps.CapID = "source.git.keepgitdir"
+	CapSourceGitFullURL       apicaps.CapID = "source.git.fullurl"
+	CapSourceGitHTTPAuth      apicaps.CapID = "source.git.httpauth"
+	CapSourceGitKnownSSHHosts apicaps.CapID = "source.git.knownsshhosts"
+	CapSourceGitMountSSHSock  apicaps.CapID = "source.git.mountsshsock"
+	CapSourceGitSubdir        apicaps.CapID = "source.git.subdir"
 
 	CapSourceHTTP         apicaps.CapID = "source.http"
 	CapSourceHTTPChecksum apicaps.CapID = "source.http.checksum"
@@ -30,18 +34,26 @@ const (
 
 	CapBuildOpLLBFileName apicaps.CapID = "source.buildop.llbfilename"
 
-	CapExecMetaBase            apicaps.CapID = "exec.meta.base"
-	CapExecMetaProxy           apicaps.CapID = "exec.meta.proxyenv"
-	CapExecMetaNetwork         apicaps.CapID = "exec.meta.network"
-	CapExecMetaSetsDefaultPath apicaps.CapID = "exec.meta.setsdefaultpath"
-	CapExecMountBind           apicaps.CapID = "exec.mount.bind"
-	CapExecMountCache          apicaps.CapID = "exec.mount.cache"
-	CapExecMountCacheSharing   apicaps.CapID = "exec.mount.cache.sharing"
-	CapExecMountSelector       apicaps.CapID = "exec.mount.selector"
-	CapExecMountTmpfs          apicaps.CapID = "exec.mount.tmpfs"
-	CapExecMountSecret         apicaps.CapID = "exec.mount.secret"
-	CapExecMountSSH            apicaps.CapID = "exec.mount.ssh"
-	CapExecCgroupsMounted      apicaps.CapID = "exec.cgroup"
+	CapExecMetaBase                  apicaps.CapID = "exec.meta.base"
+	CapExecMetaProxy                 apicaps.CapID = "exec.meta.proxyenv"
+	CapExecMetaNetwork               apicaps.CapID = "exec.meta.network"
+	CapExecMetaSecurity              apicaps.CapID = "exec.meta.security"
+	CapExecMetaSetsDefaultPath       apicaps.CapID = "exec.meta.setsdefaultpath"
+	CapExecMountBind                 apicaps.CapID = "exec.mount.bind"
+	CapExecMountBindReadWriteNoOuput apicaps.CapID = "exec.mount.bind.readwrite-nooutput"
+	CapExecMountCache                apicaps.CapID = "exec.mount.cache"
+	CapExecMountCacheSharing         apicaps.CapID = "exec.mount.cache.sharing"
+	CapExecMountSelector             apicaps.CapID = "exec.mount.selector"
+	CapExecMountTmpfs                apicaps.CapID = "exec.mount.tmpfs"
+	CapExecMountSecret               apicaps.CapID = "exec.mount.secret"
+	CapExecMountSSH                  apicaps.CapID = "exec.mount.ssh"
+	CapExecCgroupsMounted            apicaps.CapID = "exec.cgroup"
+
+	CapExecMetaSecurityDeviceWhitelistV1 apicaps.CapID = "exec.meta.security.devices.v1"
+
+	CapFileBase                       apicaps.CapID = "file.base"
+	CapFileRmWildcard                 apicaps.CapID = "file.rm.wildcard"
+	CapFileCopyIncludeExcludePatterns apicaps.CapID = "file.copy.includeexcludepatterns"
 
 	CapConstraints apicaps.CapID = "constraints"
 	CapPlatform    apicaps.CapID = "platform"
@@ -124,6 +136,30 @@ func init() {
 		Status:  apicaps.CapStatusExperimental,
 	})
 
+	Caps.Init(apicaps.Cap{
+		ID:      CapSourceGitHTTPAuth,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapSourceGitKnownSSHHosts,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapSourceGitMountSSHSock,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapSourceGitSubdir,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
 	Caps.Init(apicaps.Cap{
 		ID:      CapSourceHTTP,
 		Enabled: true,
@@ -178,12 +214,30 @@ func init() {
 		Status:  apicaps.CapStatusExperimental,
 	})
 
+	Caps.Init(apicaps.Cap{
+		ID:      CapExecMetaSecurity,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapExecMetaSecurityDeviceWhitelistV1,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
 	Caps.Init(apicaps.Cap{
 		ID:      CapExecMountBind,
 		Enabled: true,
 		Status:  apicaps.CapStatusExperimental,
 	})
 
+	Caps.Init(apicaps.Cap{
+		ID:      CapExecMountBindReadWriteNoOuput,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
 	Caps.Init(apicaps.Cap{
 		ID:      CapExecMountCache,
 		Enabled: true,
@@ -226,6 +280,28 @@ func init() {
 		Status:  apicaps.CapStatusExperimental,
 	})
 
+	Caps.Init(apicaps.Cap{
+		ID:      CapFileBase,
+		Enabled: true,
+		Status:  apicaps.CapStatusPrerelease,
+		SupportedHint: map[string]string{
+			"docker":   "Docker v19.03",
+			"buildkit": "BuildKit v0.5.0",
+		},
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapFileRmWildcard,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
+	Caps.Init(apicaps.Cap{
+		ID:      CapFileCopyIncludeExcludePatterns,
+		Enabled: true,
+		Status:  apicaps.CapStatusExperimental,
+	})
+
 	Caps.Init(apicaps.Cap{
 		ID:      CapConstraints,
 		Enabled: true,
@@ -255,5 +331,4 @@ func init() {
 		Enabled: true,
 		Status:  apicaps.CapStatusExperimental,
 	})
-
 }
diff --git a/vendor/github.com/moby/buildkit/solver/pb/ops.pb.go b/vendor/github.com/moby/buildkit/solver/pb/ops.pb.go
index fd97675db7178..77feeac781083 100644
--- a/vendor/github.com/moby/buildkit/solver/pb/ops.pb.go
+++ b/vendor/github.com/moby/buildkit/solver/pb/ops.pb.go
@@ -1,50 +1,22 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: ops.proto
 
-/*
-	Package pb is a generated protocol buffer package.
-
-	Package pb provides the protobuf definition of LLB: low-level builder instruction.
-	LLB is DAG-structured; Op represents a vertex, and Definition represents a graph.
-
-	It is generated from these files:
-		ops.proto
-
-	It has these top-level messages:
-		Op
-		Platform
-		Input
-		ExecOp
-		Meta
-		Mount
-		CacheOpt
-		SecretOpt
-		SSHOpt
-		CopyOp
-		CopySource
-		SourceOp
-		BuildOp
-		BuildInput
-		OpMetadata
-		ExportCache
-		ProxyEnv
-		WorkerConstraints
-		Definition
-		HostIP
-*/
-package pb
-
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
+// Package pb provides the protobuf definition of LLB: low-level builder instruction.
+// LLB is DAG-structured; Op represents a vertex, and Definition represents a graph.
 
-import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
-import github_com_moby_buildkit_util_apicaps "github.com/moby/buildkit/util/apicaps"
-
-import sortkeys "github.com/gogo/protobuf/sortkeys"
+package pb
 
-import io "io"
+import (
+	fmt "fmt"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	github_com_moby_buildkit_util_apicaps "github.com/moby/buildkit/util/apicaps"
+	github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -55,7 +27,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type NetMode int32
 
@@ -70,6 +42,7 @@ var NetMode_name = map[int32]string{
 	1: "HOST",
 	2: "NONE",
 }
+
 var NetMode_value = map[string]int32{
 	"UNSET": 0,
 	"HOST":  1,
@@ -79,7 +52,35 @@ var NetMode_value = map[string]int32{
 func (x NetMode) String() string {
 	return proto.EnumName(NetMode_name, int32(x))
 }
-func (NetMode) EnumDescriptor() ([]byte, []int) { return fileDescriptorOps, []int{0} }
+
+func (NetMode) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{0}
+}
+
+type SecurityMode int32
+
+const (
+	SecurityMode_SANDBOX  SecurityMode = 0
+	SecurityMode_INSECURE SecurityMode = 1
+)
+
+var SecurityMode_name = map[int32]string{
+	0: "SANDBOX",
+	1: "INSECURE",
+}
+
+var SecurityMode_value = map[string]int32{
+	"SANDBOX":  0,
+	"INSECURE": 1,
+}
+
+func (x SecurityMode) String() string {
+	return proto.EnumName(SecurityMode_name, int32(x))
+}
+
+func (SecurityMode) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{1}
+}
 
 // MountType defines a type of a mount from a supported set
 type MountType int32
@@ -99,6 +100,7 @@ var MountType_name = map[int32]string{
 	3: "CACHE",
 	4: "TMPFS",
 }
+
 var MountType_value = map[string]int32{
 	"BIND":   0,
 	"SECRET": 1,
@@ -110,7 +112,10 @@ var MountType_value = map[string]int32{
 func (x MountType) String() string {
 	return proto.EnumName(MountType_name, int32(x))
 }
-func (MountType) EnumDescriptor() ([]byte, []int) { return fileDescriptorOps, []int{1} }
+
+func (MountType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{2}
+}
 
 // CacheSharingOpt defines different sharing modes for cache mount
 type CacheSharingOpt int32
@@ -129,6 +134,7 @@ var CacheSharingOpt_name = map[int32]string{
 	1: "PRIVATE",
 	2: "LOCKED",
 }
+
 var CacheSharingOpt_value = map[string]int32{
 	"SHARED":  0,
 	"PRIVATE": 1,
@@ -138,26 +144,53 @@ var CacheSharingOpt_value = map[string]int32{
 func (x CacheSharingOpt) String() string {
 	return proto.EnumName(CacheSharingOpt_name, int32(x))
 }
-func (CacheSharingOpt) EnumDescriptor() ([]byte, []int) { return fileDescriptorOps, []int{2} }
+
+func (CacheSharingOpt) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{3}
+}
 
 // Op represents a vertex of the LLB DAG.
 type Op struct {
 	// inputs is a set of input edges.
-	Inputs []*Input `protobuf:"bytes,1,rep,name=inputs" json:"inputs,omitempty"`
+	Inputs []*Input `protobuf:"bytes,1,rep,name=inputs,proto3" json:"inputs,omitempty"`
 	// Types that are valid to be assigned to Op:
 	//	*Op_Exec
 	//	*Op_Source
-	//	*Op_Copy
+	//	*Op_File
 	//	*Op_Build
 	Op          isOp_Op            `protobuf_oneof:"op"`
-	Platform    *Platform          `protobuf:"bytes,10,opt,name=platform" json:"platform,omitempty"`
-	Constraints *WorkerConstraints `protobuf:"bytes,11,opt,name=constraints" json:"constraints,omitempty"`
+	Platform    *Platform          `protobuf:"bytes,10,opt,name=platform,proto3" json:"platform,omitempty"`
+	Constraints *WorkerConstraints `protobuf:"bytes,11,opt,name=constraints,proto3" json:"constraints,omitempty"`
+}
+
+func (m *Op) Reset()         { *m = Op{} }
+func (m *Op) String() string { return proto.CompactTextString(m) }
+func (*Op) ProtoMessage()    {}
+func (*Op) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{0}
+}
+func (m *Op) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Op) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Op) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Op.Merge(m, src)
+}
+func (m *Op) XXX_Size() int {
+	return m.Size()
+}
+func (m *Op) XXX_DiscardUnknown() {
+	xxx_messageInfo_Op.DiscardUnknown(m)
 }
 
-func (m *Op) Reset()                    { *m = Op{} }
-func (m *Op) String() string            { return proto.CompactTextString(m) }
-func (*Op) ProtoMessage()               {}
-func (*Op) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{0} }
+var xxx_messageInfo_Op proto.InternalMessageInfo
 
 type isOp_Op interface {
 	isOp_Op()
@@ -166,21 +199,21 @@ type isOp_Op interface {
 }
 
 type Op_Exec struct {
-	Exec *ExecOp `protobuf:"bytes,2,opt,name=exec,oneof"`
+	Exec *ExecOp `protobuf:"bytes,2,opt,name=exec,proto3,oneof" json:"exec,omitempty"`
 }
 type Op_Source struct {
-	Source *SourceOp `protobuf:"bytes,3,opt,name=source,oneof"`
+	Source *SourceOp `protobuf:"bytes,3,opt,name=source,proto3,oneof" json:"source,omitempty"`
 }
-type Op_Copy struct {
-	Copy *CopyOp `protobuf:"bytes,4,opt,name=copy,oneof"`
+type Op_File struct {
+	File *FileOp `protobuf:"bytes,4,opt,name=file,proto3,oneof" json:"file,omitempty"`
 }
 type Op_Build struct {
-	Build *BuildOp `protobuf:"bytes,5,opt,name=build,oneof"`
+	Build *BuildOp `protobuf:"bytes,5,opt,name=build,proto3,oneof" json:"build,omitempty"`
 }
 
 func (*Op_Exec) isOp_Op()   {}
 func (*Op_Source) isOp_Op() {}
-func (*Op_Copy) isOp_Op()   {}
+func (*Op_File) isOp_Op()   {}
 func (*Op_Build) isOp_Op()  {}
 
 func (m *Op) GetOp() isOp_Op {
@@ -211,9 +244,9 @@ func (m *Op) GetSource() *SourceOp {
 	return nil
 }
 
-func (m *Op) GetCopy() *CopyOp {
-	if x, ok := m.GetOp().(*Op_Copy); ok {
-		return x.Copy
+func (m *Op) GetFile() *FileOp {
+	if x, ok := m.GetOp().(*Op_File); ok {
+		return x.File
 	}
 	return nil
 }
@@ -239,131 +272,53 @@ func (m *Op) GetConstraints() *WorkerConstraints {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Op) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _Op_OneofMarshaler, _Op_OneofUnmarshaler, _Op_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Op) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*Op_Exec)(nil),
 		(*Op_Source)(nil),
-		(*Op_Copy)(nil),
+		(*Op_File)(nil),
 		(*Op_Build)(nil),
 	}
 }
 
-func _Op_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*Op)
-	// op
-	switch x := m.Op.(type) {
-	case *Op_Exec:
-		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Exec); err != nil {
-			return err
-		}
-	case *Op_Source:
-		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Source); err != nil {
-			return err
-		}
-	case *Op_Copy:
-		_ = b.EncodeVarint(4<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Copy); err != nil {
-			return err
-		}
-	case *Op_Build:
-		_ = b.EncodeVarint(5<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Build); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("Op.Op has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _Op_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*Op)
-	switch tag {
-	case 2: // op.exec
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(ExecOp)
-		err := b.DecodeMessage(msg)
-		m.Op = &Op_Exec{msg}
-		return true, err
-	case 3: // op.source
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(SourceOp)
-		err := b.DecodeMessage(msg)
-		m.Op = &Op_Source{msg}
-		return true, err
-	case 4: // op.copy
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(CopyOp)
-		err := b.DecodeMessage(msg)
-		m.Op = &Op_Copy{msg}
-		return true, err
-	case 5: // op.build
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(BuildOp)
-		err := b.DecodeMessage(msg)
-		m.Op = &Op_Build{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _Op_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*Op)
-	// op
-	switch x := m.Op.(type) {
-	case *Op_Exec:
-		s := proto.Size(x.Exec)
-		n += proto.SizeVarint(2<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Op_Source:
-		s := proto.Size(x.Source)
-		n += proto.SizeVarint(3<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Op_Copy:
-		s := proto.Size(x.Copy)
-		n += proto.SizeVarint(4<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Op_Build:
-		s := proto.Size(x.Build)
-		n += proto.SizeVarint(5<<3 | proto.WireBytes)
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // Platform is github.com/opencontainers/image-spec/specs-go/v1.Platform
 type Platform struct {
 	Architecture string   `protobuf:"bytes,1,opt,name=Architecture,proto3" json:"Architecture,omitempty"`
 	OS           string   `protobuf:"bytes,2,opt,name=OS,proto3" json:"OS,omitempty"`
 	Variant      string   `protobuf:"bytes,3,opt,name=Variant,proto3" json:"Variant,omitempty"`
 	OSVersion    string   `protobuf:"bytes,4,opt,name=OSVersion,proto3" json:"OSVersion,omitempty"`
-	OSFeatures   []string `protobuf:"bytes,5,rep,name=OSFeatures" json:"OSFeatures,omitempty"`
+	OSFeatures   []string `protobuf:"bytes,5,rep,name=OSFeatures,proto3" json:"OSFeatures,omitempty"`
+}
+
+func (m *Platform) Reset()         { *m = Platform{} }
+func (m *Platform) String() string { return proto.CompactTextString(m) }
+func (*Platform) ProtoMessage()    {}
+func (*Platform) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{1}
+}
+func (m *Platform) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Platform) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Platform) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Platform.Merge(m, src)
+}
+func (m *Platform) XXX_Size() int {
+	return m.Size()
+}
+func (m *Platform) XXX_DiscardUnknown() {
+	xxx_messageInfo_Platform.DiscardUnknown(m)
 }
 
-func (m *Platform) Reset()                    { *m = Platform{} }
-func (m *Platform) String() string            { return proto.CompactTextString(m) }
-func (*Platform) ProtoMessage()               {}
-func (*Platform) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{1} }
+var xxx_messageInfo_Platform proto.InternalMessageInfo
 
 func (m *Platform) GetArchitecture() string {
 	if m != nil {
@@ -408,22 +363,71 @@ type Input struct {
 	Index OutputIndex `protobuf:"varint,2,opt,name=index,proto3,customtype=OutputIndex" json:"index"`
 }
 
-func (m *Input) Reset()                    { *m = Input{} }
-func (m *Input) String() string            { return proto.CompactTextString(m) }
-func (*Input) ProtoMessage()               {}
-func (*Input) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{2} }
+func (m *Input) Reset()         { *m = Input{} }
+func (m *Input) String() string { return proto.CompactTextString(m) }
+func (*Input) ProtoMessage()    {}
+func (*Input) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{2}
+}
+func (m *Input) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Input) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Input) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Input.Merge(m, src)
+}
+func (m *Input) XXX_Size() int {
+	return m.Size()
+}
+func (m *Input) XXX_DiscardUnknown() {
+	xxx_messageInfo_Input.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Input proto.InternalMessageInfo
 
 // ExecOp executes a command in a container.
 type ExecOp struct {
-	Meta    *Meta    `protobuf:"bytes,1,opt,name=meta" json:"meta,omitempty"`
-	Mounts  []*Mount `protobuf:"bytes,2,rep,name=mounts" json:"mounts,omitempty"`
-	Network NetMode  `protobuf:"varint,3,opt,name=network,proto3,enum=pb.NetMode" json:"network,omitempty"`
+	Meta     *Meta        `protobuf:"bytes,1,opt,name=meta,proto3" json:"meta,omitempty"`
+	Mounts   []*Mount     `protobuf:"bytes,2,rep,name=mounts,proto3" json:"mounts,omitempty"`
+	Network  NetMode      `protobuf:"varint,3,opt,name=network,proto3,enum=pb.NetMode" json:"network,omitempty"`
+	Security SecurityMode `protobuf:"varint,4,opt,name=security,proto3,enum=pb.SecurityMode" json:"security,omitempty"`
+}
+
+func (m *ExecOp) Reset()         { *m = ExecOp{} }
+func (m *ExecOp) String() string { return proto.CompactTextString(m) }
+func (*ExecOp) ProtoMessage()    {}
+func (*ExecOp) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{3}
+}
+func (m *ExecOp) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExecOp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExecOp) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExecOp.Merge(m, src)
+}
+func (m *ExecOp) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExecOp) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExecOp.DiscardUnknown(m)
 }
 
-func (m *ExecOp) Reset()                    { *m = ExecOp{} }
-func (m *ExecOp) String() string            { return proto.CompactTextString(m) }
-func (*ExecOp) ProtoMessage()               {}
-func (*ExecOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{3} }
+var xxx_messageInfo_ExecOp proto.InternalMessageInfo
 
 func (m *ExecOp) GetMeta() *Meta {
 	if m != nil {
@@ -446,22 +450,54 @@ func (m *ExecOp) GetNetwork() NetMode {
 	return NetMode_UNSET
 }
 
+func (m *ExecOp) GetSecurity() SecurityMode {
+	if m != nil {
+		return m.Security
+	}
+	return SecurityMode_SANDBOX
+}
+
 // Meta is a set of arguments for ExecOp.
 // Meta is unrelated to LLB metadata.
 // FIXME: rename (ExecContext? ExecArgs?)
 type Meta struct {
-	Args       []string  `protobuf:"bytes,1,rep,name=args" json:"args,omitempty"`
-	Env        []string  `protobuf:"bytes,2,rep,name=env" json:"env,omitempty"`
+	Args       []string  `protobuf:"bytes,1,rep,name=args,proto3" json:"args,omitempty"`
+	Env        []string  `protobuf:"bytes,2,rep,name=env,proto3" json:"env,omitempty"`
 	Cwd        string    `protobuf:"bytes,3,opt,name=cwd,proto3" json:"cwd,omitempty"`
 	User       string    `protobuf:"bytes,4,opt,name=user,proto3" json:"user,omitempty"`
-	ProxyEnv   *ProxyEnv `protobuf:"bytes,5,opt,name=proxy_env,json=proxyEnv" json:"proxy_env,omitempty"`
-	ExtraHosts []*HostIP `protobuf:"bytes,6,rep,name=extraHosts" json:"extraHosts,omitempty"`
+	ProxyEnv   *ProxyEnv `protobuf:"bytes,5,opt,name=proxy_env,json=proxyEnv,proto3" json:"proxy_env,omitempty"`
+	ExtraHosts []*HostIP `protobuf:"bytes,6,rep,name=extraHosts,proto3" json:"extraHosts,omitempty"`
+	Hostname   string    `protobuf:"bytes,7,opt,name=hostname,proto3" json:"hostname,omitempty"`
+}
+
+func (m *Meta) Reset()         { *m = Meta{} }
+func (m *Meta) String() string { return proto.CompactTextString(m) }
+func (*Meta) ProtoMessage()    {}
+func (*Meta) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{4}
+}
+func (m *Meta) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Meta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Meta) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Meta.Merge(m, src)
+}
+func (m *Meta) XXX_Size() int {
+	return m.Size()
+}
+func (m *Meta) XXX_DiscardUnknown() {
+	xxx_messageInfo_Meta.DiscardUnknown(m)
 }
 
-func (m *Meta) Reset()                    { *m = Meta{} }
-func (m *Meta) String() string            { return proto.CompactTextString(m) }
-func (*Meta) ProtoMessage()               {}
-func (*Meta) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{4} }
+var xxx_messageInfo_Meta proto.InternalMessageInfo
 
 func (m *Meta) GetArgs() []string {
 	if m != nil {
@@ -505,6 +541,13 @@ func (m *Meta) GetExtraHosts() []*HostIP {
 	return nil
 }
 
+func (m *Meta) GetHostname() string {
+	if m != nil {
+		return m.Hostname
+	}
+	return ""
+}
+
 // Mount specifies how to mount an input Op as a filesystem.
 type Mount struct {
 	Input     InputIndex  `protobuf:"varint,1,opt,name=input,proto3,customtype=InputIndex" json:"input"`
@@ -513,15 +556,40 @@ type Mount struct {
 	Output    OutputIndex `protobuf:"varint,4,opt,name=output,proto3,customtype=OutputIndex" json:"output"`
 	Readonly  bool        `protobuf:"varint,5,opt,name=readonly,proto3" json:"readonly,omitempty"`
 	MountType MountType   `protobuf:"varint,6,opt,name=mountType,proto3,enum=pb.MountType" json:"mountType,omitempty"`
-	CacheOpt  *CacheOpt   `protobuf:"bytes,20,opt,name=cacheOpt" json:"cacheOpt,omitempty"`
-	SecretOpt *SecretOpt  `protobuf:"bytes,21,opt,name=secretOpt" json:"secretOpt,omitempty"`
-	SSHOpt    *SSHOpt     `protobuf:"bytes,22,opt,name=SSHOpt" json:"SSHOpt,omitempty"`
+	CacheOpt  *CacheOpt   `protobuf:"bytes,20,opt,name=cacheOpt,proto3" json:"cacheOpt,omitempty"`
+	SecretOpt *SecretOpt  `protobuf:"bytes,21,opt,name=secretOpt,proto3" json:"secretOpt,omitempty"`
+	SSHOpt    *SSHOpt     `protobuf:"bytes,22,opt,name=SSHOpt,proto3" json:"SSHOpt,omitempty"`
+	ResultID  string      `protobuf:"bytes,23,opt,name=resultID,proto3" json:"resultID,omitempty"`
+}
+
+func (m *Mount) Reset()         { *m = Mount{} }
+func (m *Mount) String() string { return proto.CompactTextString(m) }
+func (*Mount) ProtoMessage()    {}
+func (*Mount) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{5}
+}
+func (m *Mount) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Mount) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Mount) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Mount.Merge(m, src)
+}
+func (m *Mount) XXX_Size() int {
+	return m.Size()
+}
+func (m *Mount) XXX_DiscardUnknown() {
+	xxx_messageInfo_Mount.DiscardUnknown(m)
 }
 
-func (m *Mount) Reset()                    { *m = Mount{} }
-func (m *Mount) String() string            { return proto.CompactTextString(m) }
-func (*Mount) ProtoMessage()               {}
-func (*Mount) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{5} }
+var xxx_messageInfo_Mount proto.InternalMessageInfo
 
 func (m *Mount) GetSelector() string {
 	if m != nil {
@@ -572,6 +640,13 @@ func (m *Mount) GetSSHOpt() *SSHOpt {
 	return nil
 }
 
+func (m *Mount) GetResultID() string {
+	if m != nil {
+		return m.ResultID
+	}
+	return ""
+}
+
 // CacheOpt defines options specific to cache mounts
 type CacheOpt struct {
 	// ID is an optional namespace for the mount
@@ -580,10 +655,34 @@ type CacheOpt struct {
 	Sharing CacheSharingOpt `protobuf:"varint,2,opt,name=sharing,proto3,enum=pb.CacheSharingOpt" json:"sharing,omitempty"`
 }
 
-func (m *CacheOpt) Reset()                    { *m = CacheOpt{} }
-func (m *CacheOpt) String() string            { return proto.CompactTextString(m) }
-func (*CacheOpt) ProtoMessage()               {}
-func (*CacheOpt) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{6} }
+func (m *CacheOpt) Reset()         { *m = CacheOpt{} }
+func (m *CacheOpt) String() string { return proto.CompactTextString(m) }
+func (*CacheOpt) ProtoMessage()    {}
+func (*CacheOpt) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{6}
+}
+func (m *CacheOpt) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *CacheOpt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *CacheOpt) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CacheOpt.Merge(m, src)
+}
+func (m *CacheOpt) XXX_Size() int {
+	return m.Size()
+}
+func (m *CacheOpt) XXX_DiscardUnknown() {
+	xxx_messageInfo_CacheOpt.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CacheOpt proto.InternalMessageInfo
 
 func (m *CacheOpt) GetID() string {
 	if m != nil {
@@ -614,10 +713,34 @@ type SecretOpt struct {
 	Optional bool `protobuf:"varint,5,opt,name=optional,proto3" json:"optional,omitempty"`
 }
 
-func (m *SecretOpt) Reset()                    { *m = SecretOpt{} }
-func (m *SecretOpt) String() string            { return proto.CompactTextString(m) }
-func (*SecretOpt) ProtoMessage()               {}
-func (*SecretOpt) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{7} }
+func (m *SecretOpt) Reset()         { *m = SecretOpt{} }
+func (m *SecretOpt) String() string { return proto.CompactTextString(m) }
+func (*SecretOpt) ProtoMessage()    {}
+func (*SecretOpt) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{7}
+}
+func (m *SecretOpt) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SecretOpt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *SecretOpt) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SecretOpt.Merge(m, src)
+}
+func (m *SecretOpt) XXX_Size() int {
+	return m.Size()
+}
+func (m *SecretOpt) XXX_DiscardUnknown() {
+	xxx_messageInfo_SecretOpt.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SecretOpt proto.InternalMessageInfo
 
 func (m *SecretOpt) GetID() string {
 	if m != nil {
@@ -669,10 +792,34 @@ type SSHOpt struct {
 	Optional bool `protobuf:"varint,5,opt,name=optional,proto3" json:"optional,omitempty"`
 }
 
-func (m *SSHOpt) Reset()                    { *m = SSHOpt{} }
-func (m *SSHOpt) String() string            { return proto.CompactTextString(m) }
-func (*SSHOpt) ProtoMessage()               {}
-func (*SSHOpt) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{8} }
+func (m *SSHOpt) Reset()         { *m = SSHOpt{} }
+func (m *SSHOpt) String() string { return proto.CompactTextString(m) }
+func (*SSHOpt) ProtoMessage()    {}
+func (*SSHOpt) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{8}
+}
+func (m *SSHOpt) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SSHOpt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *SSHOpt) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SSHOpt.Merge(m, src)
+}
+func (m *SSHOpt) XXX_Size() int {
+	return m.Size()
+}
+func (m *SSHOpt) XXX_DiscardUnknown() {
+	xxx_messageInfo_SSHOpt.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SSHOpt proto.InternalMessageInfo
 
 func (m *SSHOpt) GetID() string {
 	if m != nil {
@@ -709,62 +856,43 @@ func (m *SSHOpt) GetOptional() bool {
 	return false
 }
 
-// CopyOp copies files across Ops.
-type CopyOp struct {
-	Src  []*CopySource `protobuf:"bytes,1,rep,name=src" json:"src,omitempty"`
-	Dest string        `protobuf:"bytes,2,opt,name=dest,proto3" json:"dest,omitempty"`
+// SourceOp specifies a source such as build contexts and images.
+type SourceOp struct {
+	// TODO: use source type or any type instead of URL protocol.
+	// identifier e.g. local://, docker-image://, git://, https://...
+	Identifier string `protobuf:"bytes,1,opt,name=identifier,proto3" json:"identifier,omitempty"`
+	// attrs are defined in attr.go
+	Attrs map[string]string `protobuf:"bytes,2,rep,name=attrs,proto3" json:"attrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 }
 
-func (m *CopyOp) Reset()                    { *m = CopyOp{} }
-func (m *CopyOp) String() string            { return proto.CompactTextString(m) }
-func (*CopyOp) ProtoMessage()               {}
-func (*CopyOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{9} }
-
-func (m *CopyOp) GetSrc() []*CopySource {
-	if m != nil {
-		return m.Src
-	}
-	return nil
+func (m *SourceOp) Reset()         { *m = SourceOp{} }
+func (m *SourceOp) String() string { return proto.CompactTextString(m) }
+func (*SourceOp) ProtoMessage()    {}
+func (*SourceOp) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{9}
 }
-
-func (m *CopyOp) GetDest() string {
-	if m != nil {
-		return m.Dest
+func (m *SourceOp) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SourceOp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
 	}
-	return ""
+	return b[:n], nil
 }
-
-// CopySource specifies a source for CopyOp.
-type CopySource struct {
-	Input    InputIndex `protobuf:"varint,1,opt,name=input,proto3,customtype=InputIndex" json:"input"`
-	Selector string     `protobuf:"bytes,2,opt,name=selector,proto3" json:"selector,omitempty"`
+func (m *SourceOp) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SourceOp.Merge(m, src)
 }
-
-func (m *CopySource) Reset()                    { *m = CopySource{} }
-func (m *CopySource) String() string            { return proto.CompactTextString(m) }
-func (*CopySource) ProtoMessage()               {}
-func (*CopySource) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{10} }
-
-func (m *CopySource) GetSelector() string {
-	if m != nil {
-		return m.Selector
-	}
-	return ""
+func (m *SourceOp) XXX_Size() int {
+	return m.Size()
 }
-
-// SourceOp specifies a source such as build contexts and images.
-type SourceOp struct {
-	// TODO: use source type or any type instead of URL protocol.
-	// identifier e.g. local://, docker-image://, git://, https://...
-	Identifier string `protobuf:"bytes,1,opt,name=identifier,proto3" json:"identifier,omitempty"`
-	// attrs are defined in attr.go
-	Attrs map[string]string `protobuf:"bytes,2,rep,name=attrs" json:"attrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+func (m *SourceOp) XXX_DiscardUnknown() {
+	xxx_messageInfo_SourceOp.DiscardUnknown(m)
 }
 
-func (m *SourceOp) Reset()                    { *m = SourceOp{} }
-func (m *SourceOp) String() string            { return proto.CompactTextString(m) }
-func (*SourceOp) ProtoMessage()               {}
-func (*SourceOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{11} }
+var xxx_messageInfo_SourceOp proto.InternalMessageInfo
 
 func (m *SourceOp) GetIdentifier() string {
 	if m != nil {
@@ -784,15 +912,39 @@ func (m *SourceOp) GetAttrs() map[string]string {
 // BuildOp is experimental and can break without backwards compatibility
 type BuildOp struct {
 	Builder InputIndex             `protobuf:"varint,1,opt,name=builder,proto3,customtype=InputIndex" json:"builder"`
-	Inputs  map[string]*BuildInput `protobuf:"bytes,2,rep,name=inputs" json:"inputs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value"`
-	Def     *Definition            `protobuf:"bytes,3,opt,name=def" json:"def,omitempty"`
-	Attrs   map[string]string      `protobuf:"bytes,4,rep,name=attrs" json:"attrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Inputs  map[string]*BuildInput `protobuf:"bytes,2,rep,name=inputs,proto3" json:"inputs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Def     *Definition            `protobuf:"bytes,3,opt,name=def,proto3" json:"def,omitempty"`
+	Attrs   map[string]string      `protobuf:"bytes,4,rep,name=attrs,proto3" json:"attrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (m *BuildOp) Reset()         { *m = BuildOp{} }
+func (m *BuildOp) String() string { return proto.CompactTextString(m) }
+func (*BuildOp) ProtoMessage()    {}
+func (*BuildOp) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{10}
+}
+func (m *BuildOp) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BuildOp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *BuildOp) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BuildOp.Merge(m, src)
+}
+func (m *BuildOp) XXX_Size() int {
+	return m.Size()
+}
+func (m *BuildOp) XXX_DiscardUnknown() {
+	xxx_messageInfo_BuildOp.DiscardUnknown(m)
 }
 
-func (m *BuildOp) Reset()                    { *m = BuildOp{} }
-func (m *BuildOp) String() string            { return proto.CompactTextString(m) }
-func (*BuildOp) ProtoMessage()               {}
-func (*BuildOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{12} }
+var xxx_messageInfo_BuildOp proto.InternalMessageInfo
 
 func (m *BuildOp) GetInputs() map[string]*BuildInput {
 	if m != nil {
@@ -820,27 +972,75 @@ type BuildInput struct {
 	Input InputIndex `protobuf:"varint,1,opt,name=input,proto3,customtype=InputIndex" json:"input"`
 }
 
-func (m *BuildInput) Reset()                    { *m = BuildInput{} }
-func (m *BuildInput) String() string            { return proto.CompactTextString(m) }
-func (*BuildInput) ProtoMessage()               {}
-func (*BuildInput) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{13} }
+func (m *BuildInput) Reset()         { *m = BuildInput{} }
+func (m *BuildInput) String() string { return proto.CompactTextString(m) }
+func (*BuildInput) ProtoMessage()    {}
+func (*BuildInput) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{11}
+}
+func (m *BuildInput) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *BuildInput) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *BuildInput) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BuildInput.Merge(m, src)
+}
+func (m *BuildInput) XXX_Size() int {
+	return m.Size()
+}
+func (m *BuildInput) XXX_DiscardUnknown() {
+	xxx_messageInfo_BuildInput.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_BuildInput proto.InternalMessageInfo
 
 // OpMetadata is a per-vertex metadata entry, which can be defined for arbitrary Op vertex and overridable on the run time.
 type OpMetadata struct {
 	// ignore_cache specifies to ignore the cache for this Op.
 	IgnoreCache bool `protobuf:"varint,1,opt,name=ignore_cache,json=ignoreCache,proto3" json:"ignore_cache,omitempty"`
 	// Description can be used for keeping any text fields that builder doesn't parse
-	Description map[string]string `protobuf:"bytes,2,rep,name=description" json:"description,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Description map[string]string `protobuf:"bytes,2,rep,name=description,proto3" json:"description,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// index 3 reserved for WorkerConstraint in previous versions
 	// WorkerConstraint worker_constraint = 3;
-	ExportCache *ExportCache                                         `protobuf:"bytes,4,opt,name=export_cache,json=exportCache" json:"export_cache,omitempty"`
-	Caps        map[github_com_moby_buildkit_util_apicaps.CapID]bool `protobuf:"bytes,5,rep,name=caps,castkey=github.com/moby/buildkit/util/apicaps.CapID" json:"caps" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"`
+	ExportCache *ExportCache                                         `protobuf:"bytes,4,opt,name=export_cache,json=exportCache,proto3" json:"export_cache,omitempty"`
+	Caps        map[github_com_moby_buildkit_util_apicaps.CapID]bool `protobuf:"bytes,5,rep,name=caps,proto3,castkey=github.com/moby/buildkit/util/apicaps.CapID" json:"caps" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"`
+}
+
+func (m *OpMetadata) Reset()         { *m = OpMetadata{} }
+func (m *OpMetadata) String() string { return proto.CompactTextString(m) }
+func (*OpMetadata) ProtoMessage()    {}
+func (*OpMetadata) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{12}
+}
+func (m *OpMetadata) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *OpMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *OpMetadata) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_OpMetadata.Merge(m, src)
+}
+func (m *OpMetadata) XXX_Size() int {
+	return m.Size()
+}
+func (m *OpMetadata) XXX_DiscardUnknown() {
+	xxx_messageInfo_OpMetadata.DiscardUnknown(m)
 }
 
-func (m *OpMetadata) Reset()                    { *m = OpMetadata{} }
-func (m *OpMetadata) String() string            { return proto.CompactTextString(m) }
-func (*OpMetadata) ProtoMessage()               {}
-func (*OpMetadata) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{14} }
+var xxx_messageInfo_OpMetadata proto.InternalMessageInfo
 
 func (m *OpMetadata) GetIgnoreCache() bool {
 	if m != nil {
@@ -870,1629 +1070,4086 @@ func (m *OpMetadata) GetCaps() map[github_com_moby_buildkit_util_apicaps.CapID]b
 	return nil
 }
 
-type ExportCache struct {
-	Value bool `protobuf:"varint,1,opt,name=Value,proto3" json:"Value,omitempty"`
+// Source is a source mapping description for a file
+type Source struct {
+	Locations map[string]*Locations `protobuf:"bytes,1,rep,name=locations,proto3" json:"locations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Infos     []*SourceInfo         `protobuf:"bytes,2,rep,name=infos,proto3" json:"infos,omitempty"`
 }
 
-func (m *ExportCache) Reset()                    { *m = ExportCache{} }
-func (m *ExportCache) String() string            { return proto.CompactTextString(m) }
-func (*ExportCache) ProtoMessage()               {}
-func (*ExportCache) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{15} }
-
-func (m *ExportCache) GetValue() bool {
-	if m != nil {
-		return m.Value
+func (m *Source) Reset()         { *m = Source{} }
+func (m *Source) String() string { return proto.CompactTextString(m) }
+func (*Source) ProtoMessage()    {}
+func (*Source) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{13}
+}
+func (m *Source) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Source) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
 	}
-	return false
+	return b[:n], nil
 }
-
-type ProxyEnv struct {
-	HttpProxy  string `protobuf:"bytes,1,opt,name=http_proxy,json=httpProxy,proto3" json:"http_proxy,omitempty"`
-	HttpsProxy string `protobuf:"bytes,2,opt,name=https_proxy,json=httpsProxy,proto3" json:"https_proxy,omitempty"`
-	FtpProxy   string `protobuf:"bytes,3,opt,name=ftp_proxy,json=ftpProxy,proto3" json:"ftp_proxy,omitempty"`
-	NoProxy    string `protobuf:"bytes,4,opt,name=no_proxy,json=noProxy,proto3" json:"no_proxy,omitempty"`
+func (m *Source) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Source.Merge(m, src)
+}
+func (m *Source) XXX_Size() int {
+	return m.Size()
+}
+func (m *Source) XXX_DiscardUnknown() {
+	xxx_messageInfo_Source.DiscardUnknown(m)
 }
 
-func (m *ProxyEnv) Reset()                    { *m = ProxyEnv{} }
-func (m *ProxyEnv) String() string            { return proto.CompactTextString(m) }
-func (*ProxyEnv) ProtoMessage()               {}
-func (*ProxyEnv) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{16} }
+var xxx_messageInfo_Source proto.InternalMessageInfo
 
-func (m *ProxyEnv) GetHttpProxy() string {
+func (m *Source) GetLocations() map[string]*Locations {
 	if m != nil {
-		return m.HttpProxy
+		return m.Locations
 	}
-	return ""
+	return nil
 }
 
-func (m *ProxyEnv) GetHttpsProxy() string {
+func (m *Source) GetInfos() []*SourceInfo {
 	if m != nil {
-		return m.HttpsProxy
+		return m.Infos
 	}
-	return ""
+	return nil
 }
 
-func (m *ProxyEnv) GetFtpProxy() string {
-	if m != nil {
-		return m.FtpProxy
-	}
-	return ""
+// Locations is a list of ranges with a index to its source map.
+type Locations struct {
+	Locations []*Location `protobuf:"bytes,1,rep,name=locations,proto3" json:"locations,omitempty"`
 }
 
-func (m *ProxyEnv) GetNoProxy() string {
-	if m != nil {
-		return m.NoProxy
+func (m *Locations) Reset()         { *m = Locations{} }
+func (m *Locations) String() string { return proto.CompactTextString(m) }
+func (*Locations) ProtoMessage()    {}
+func (*Locations) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{14}
+}
+func (m *Locations) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Locations) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
 	}
-	return ""
+	return b[:n], nil
 }
-
-// WorkerConstraints defines conditions for the worker
-type WorkerConstraints struct {
-	Filter []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`
+func (m *Locations) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Locations.Merge(m, src)
+}
+func (m *Locations) XXX_Size() int {
+	return m.Size()
+}
+func (m *Locations) XXX_DiscardUnknown() {
+	xxx_messageInfo_Locations.DiscardUnknown(m)
 }
 
-func (m *WorkerConstraints) Reset()                    { *m = WorkerConstraints{} }
-func (m *WorkerConstraints) String() string            { return proto.CompactTextString(m) }
-func (*WorkerConstraints) ProtoMessage()               {}
-func (*WorkerConstraints) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{17} }
+var xxx_messageInfo_Locations proto.InternalMessageInfo
 
-func (m *WorkerConstraints) GetFilter() []string {
+func (m *Locations) GetLocations() []*Location {
 	if m != nil {
-		return m.Filter
+		return m.Locations
 	}
 	return nil
 }
 
-// Definition is the LLB definition structure with per-vertex metadata entries
-type Definition struct {
-	// def is a list of marshaled Op messages
-	Def [][]byte `protobuf:"bytes,1,rep,name=def" json:"def,omitempty"`
-	// metadata contains metadata for the each of the Op messages.
-	// A key must be an LLB op digest string. Currently, empty string is not expected as a key, but it may change in the future.
-	Metadata map[github_com_opencontainers_go_digest.Digest]OpMetadata `protobuf:"bytes,2,rep,name=metadata,castkey=github.com/opencontainers/go-digest.Digest" json:"metadata" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value"`
+// Source info contains the shared metadata of a source mapping
+type SourceInfo struct {
+	Filename   string      `protobuf:"bytes,1,opt,name=filename,proto3" json:"filename,omitempty"`
+	Data       []byte      `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+	Definition *Definition `protobuf:"bytes,3,opt,name=definition,proto3" json:"definition,omitempty"`
+}
+
+func (m *SourceInfo) Reset()         { *m = SourceInfo{} }
+func (m *SourceInfo) String() string { return proto.CompactTextString(m) }
+func (*SourceInfo) ProtoMessage()    {}
+func (*SourceInfo) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{15}
+}
+func (m *SourceInfo) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SourceInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *SourceInfo) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SourceInfo.Merge(m, src)
+}
+func (m *SourceInfo) XXX_Size() int {
+	return m.Size()
+}
+func (m *SourceInfo) XXX_DiscardUnknown() {
+	xxx_messageInfo_SourceInfo.DiscardUnknown(m)
 }
 
-func (m *Definition) Reset()                    { *m = Definition{} }
-func (m *Definition) String() string            { return proto.CompactTextString(m) }
-func (*Definition) ProtoMessage()               {}
-func (*Definition) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{18} }
+var xxx_messageInfo_SourceInfo proto.InternalMessageInfo
 
-func (m *Definition) GetDef() [][]byte {
+func (m *SourceInfo) GetFilename() string {
 	if m != nil {
-		return m.Def
+		return m.Filename
+	}
+	return ""
+}
+
+func (m *SourceInfo) GetData() []byte {
+	if m != nil {
+		return m.Data
 	}
 	return nil
 }
 
-func (m *Definition) GetMetadata() map[github_com_opencontainers_go_digest.Digest]OpMetadata {
+func (m *SourceInfo) GetDefinition() *Definition {
 	if m != nil {
-		return m.Metadata
+		return m.Definition
 	}
 	return nil
 }
 
-type HostIP struct {
-	Host string `protobuf:"bytes,1,opt,name=Host,proto3" json:"Host,omitempty"`
-	IP   string `protobuf:"bytes,2,opt,name=IP,proto3" json:"IP,omitempty"`
+// Location defines list of areas in to source file
+type Location struct {
+	SourceIndex int32    `protobuf:"varint,1,opt,name=sourceIndex,proto3" json:"sourceIndex,omitempty"`
+	Ranges      []*Range `protobuf:"bytes,2,rep,name=ranges,proto3" json:"ranges,omitempty"`
+}
+
+func (m *Location) Reset()         { *m = Location{} }
+func (m *Location) String() string { return proto.CompactTextString(m) }
+func (*Location) ProtoMessage()    {}
+func (*Location) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{16}
+}
+func (m *Location) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Location) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Location) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Location.Merge(m, src)
+}
+func (m *Location) XXX_Size() int {
+	return m.Size()
+}
+func (m *Location) XXX_DiscardUnknown() {
+	xxx_messageInfo_Location.DiscardUnknown(m)
 }
 
-func (m *HostIP) Reset()                    { *m = HostIP{} }
-func (m *HostIP) String() string            { return proto.CompactTextString(m) }
-func (*HostIP) ProtoMessage()               {}
-func (*HostIP) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{19} }
+var xxx_messageInfo_Location proto.InternalMessageInfo
 
-func (m *HostIP) GetHost() string {
+func (m *Location) GetSourceIndex() int32 {
 	if m != nil {
-		return m.Host
+		return m.SourceIndex
 	}
-	return ""
+	return 0
 }
 
-func (m *HostIP) GetIP() string {
+func (m *Location) GetRanges() []*Range {
 	if m != nil {
-		return m.IP
+		return m.Ranges
 	}
-	return ""
+	return nil
 }
 
-func init() {
-	proto.RegisterType((*Op)(nil), "pb.Op")
-	proto.RegisterType((*Platform)(nil), "pb.Platform")
-	proto.RegisterType((*Input)(nil), "pb.Input")
-	proto.RegisterType((*ExecOp)(nil), "pb.ExecOp")
-	proto.RegisterType((*Meta)(nil), "pb.Meta")
-	proto.RegisterType((*Mount)(nil), "pb.Mount")
-	proto.RegisterType((*CacheOpt)(nil), "pb.CacheOpt")
-	proto.RegisterType((*SecretOpt)(nil), "pb.SecretOpt")
-	proto.RegisterType((*SSHOpt)(nil), "pb.SSHOpt")
-	proto.RegisterType((*CopyOp)(nil), "pb.CopyOp")
-	proto.RegisterType((*CopySource)(nil), "pb.CopySource")
-	proto.RegisterType((*SourceOp)(nil), "pb.SourceOp")
-	proto.RegisterType((*BuildOp)(nil), "pb.BuildOp")
-	proto.RegisterType((*BuildInput)(nil), "pb.BuildInput")
-	proto.RegisterType((*OpMetadata)(nil), "pb.OpMetadata")
-	proto.RegisterType((*ExportCache)(nil), "pb.ExportCache")
-	proto.RegisterType((*ProxyEnv)(nil), "pb.ProxyEnv")
-	proto.RegisterType((*WorkerConstraints)(nil), "pb.WorkerConstraints")
-	proto.RegisterType((*Definition)(nil), "pb.Definition")
-	proto.RegisterType((*HostIP)(nil), "pb.HostIP")
-	proto.RegisterEnum("pb.NetMode", NetMode_name, NetMode_value)
-	proto.RegisterEnum("pb.MountType", MountType_name, MountType_value)
-	proto.RegisterEnum("pb.CacheSharingOpt", CacheSharingOpt_name, CacheSharingOpt_value)
+// Range is an area in the source file
+type Range struct {
+	Start Position `protobuf:"bytes,1,opt,name=start,proto3" json:"start"`
+	End   Position `protobuf:"bytes,2,opt,name=end,proto3" json:"end"`
 }
-func (m *Op) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+
+func (m *Range) Reset()         { *m = Range{} }
+func (m *Range) String() string { return proto.CompactTextString(m) }
+func (*Range) ProtoMessage()    {}
+func (*Range) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{17}
+}
+func (m *Range) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Range) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *Range) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Range.Merge(m, src)
+}
+func (m *Range) XXX_Size() int {
+	return m.Size()
+}
+func (m *Range) XXX_DiscardUnknown() {
+	xxx_messageInfo_Range.DiscardUnknown(m)
 }
 
-func (m *Op) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Inputs) > 0 {
-		for _, msg := range m.Inputs {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if m.Op != nil {
-		nn1, err := m.Op.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += nn1
-	}
-	if m.Platform != nil {
-		dAtA[i] = 0x52
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Platform.Size()))
-		n2, err := m.Platform.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n2
-	}
-	if m.Constraints != nil {
-		dAtA[i] = 0x5a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Constraints.Size()))
-		n3, err := m.Constraints.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n3
+var xxx_messageInfo_Range proto.InternalMessageInfo
+
+func (m *Range) GetStart() Position {
+	if m != nil {
+		return m.Start
 	}
-	return i, nil
+	return Position{}
 }
 
-func (m *Op_Exec) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	if m.Exec != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Exec.Size()))
-		n4, err := m.Exec.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n4
+func (m *Range) GetEnd() Position {
+	if m != nil {
+		return m.End
 	}
-	return i, nil
+	return Position{}
 }
-func (m *Op_Source) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	if m.Source != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Source.Size()))
-		n5, err := m.Source.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n5
-	}
-	return i, nil
+
+// Position is single location in a source file
+type Position struct {
+	Line      int32 `protobuf:"varint,1,opt,name=Line,proto3" json:"Line,omitempty"`
+	Character int32 `protobuf:"varint,2,opt,name=Character,proto3" json:"Character,omitempty"`
 }
-func (m *Op_Copy) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	if m.Copy != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Copy.Size()))
-		n6, err := m.Copy.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n6
-	}
-	return i, nil
+
+func (m *Position) Reset()         { *m = Position{} }
+func (m *Position) String() string { return proto.CompactTextString(m) }
+func (*Position) ProtoMessage()    {}
+func (*Position) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{18}
 }
-func (m *Op_Build) MarshalTo(dAtA []byte) (int, error) {
-	i := 0
-	if m.Build != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Build.Size()))
-		n7, err := m.Build.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n7
-	}
-	return i, nil
+func (m *Position) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
 }
-func (m *Platform) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+func (m *Position) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *Position) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Position.Merge(m, src)
+}
+func (m *Position) XXX_Size() int {
+	return m.Size()
+}
+func (m *Position) XXX_DiscardUnknown() {
+	xxx_messageInfo_Position.DiscardUnknown(m)
 }
 
-func (m *Platform) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Architecture) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Architecture)))
-		i += copy(dAtA[i:], m.Architecture)
-	}
-	if len(m.OS) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.OS)))
-		i += copy(dAtA[i:], m.OS)
-	}
-	if len(m.Variant) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Variant)))
-		i += copy(dAtA[i:], m.Variant)
-	}
-	if len(m.OSVersion) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.OSVersion)))
-		i += copy(dAtA[i:], m.OSVersion)
+var xxx_messageInfo_Position proto.InternalMessageInfo
+
+func (m *Position) GetLine() int32 {
+	if m != nil {
+		return m.Line
 	}
-	if len(m.OSFeatures) > 0 {
-		for _, s := range m.OSFeatures {
-			dAtA[i] = 0x2a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+	return 0
+}
+
+func (m *Position) GetCharacter() int32 {
+	if m != nil {
+		return m.Character
 	}
-	return i, nil
+	return 0
 }
 
-func (m *Input) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+type ExportCache struct {
+	Value bool `protobuf:"varint,1,opt,name=Value,proto3" json:"Value,omitempty"`
+}
+
+func (m *ExportCache) Reset()         { *m = ExportCache{} }
+func (m *ExportCache) String() string { return proto.CompactTextString(m) }
+func (*ExportCache) ProtoMessage()    {}
+func (*ExportCache) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{19}
+}
+func (m *ExportCache) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExportCache) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *ExportCache) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExportCache.Merge(m, src)
+}
+func (m *ExportCache) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExportCache) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExportCache.DiscardUnknown(m)
 }
 
-func (m *Input) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Digest) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Digest)))
-		i += copy(dAtA[i:], m.Digest)
-	}
-	if m.Index != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Index))
+var xxx_messageInfo_ExportCache proto.InternalMessageInfo
+
+func (m *ExportCache) GetValue() bool {
+	if m != nil {
+		return m.Value
 	}
-	return i, nil
+	return false
 }
 
-func (m *ExecOp) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+type ProxyEnv struct {
+	HttpProxy  string `protobuf:"bytes,1,opt,name=http_proxy,json=httpProxy,proto3" json:"http_proxy,omitempty"`
+	HttpsProxy string `protobuf:"bytes,2,opt,name=https_proxy,json=httpsProxy,proto3" json:"https_proxy,omitempty"`
+	FtpProxy   string `protobuf:"bytes,3,opt,name=ftp_proxy,json=ftpProxy,proto3" json:"ftp_proxy,omitempty"`
+	NoProxy    string `protobuf:"bytes,4,opt,name=no_proxy,json=noProxy,proto3" json:"no_proxy,omitempty"`
+	AllProxy   string `protobuf:"bytes,5,opt,name=all_proxy,json=allProxy,proto3" json:"all_proxy,omitempty"`
+}
+
+func (m *ProxyEnv) Reset()         { *m = ProxyEnv{} }
+func (m *ProxyEnv) String() string { return proto.CompactTextString(m) }
+func (*ProxyEnv) ProtoMessage()    {}
+func (*ProxyEnv) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{20}
+}
+func (m *ProxyEnv) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ProxyEnv) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *ProxyEnv) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ProxyEnv.Merge(m, src)
+}
+func (m *ProxyEnv) XXX_Size() int {
+	return m.Size()
+}
+func (m *ProxyEnv) XXX_DiscardUnknown() {
+	xxx_messageInfo_ProxyEnv.DiscardUnknown(m)
 }
 
-func (m *ExecOp) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Meta != nil {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Meta.Size()))
-		n8, err := m.Meta.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n8
-	}
-	if len(m.Mounts) > 0 {
-		for _, msg := range m.Mounts {
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+var xxx_messageInfo_ProxyEnv proto.InternalMessageInfo
+
+func (m *ProxyEnv) GetHttpProxy() string {
+	if m != nil {
+		return m.HttpProxy
 	}
-	if m.Network != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Network))
+	return ""
+}
+
+func (m *ProxyEnv) GetHttpsProxy() string {
+	if m != nil {
+		return m.HttpsProxy
 	}
-	return i, nil
+	return ""
 }
 
-func (m *Meta) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *ProxyEnv) GetFtpProxy() string {
+	if m != nil {
+		return m.FtpProxy
 	}
-	return dAtA[:n], nil
+	return ""
 }
 
-func (m *Meta) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Args) > 0 {
-		for _, s := range m.Args {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.Env) > 0 {
-		for _, s := range m.Env {
-			dAtA[i] = 0x12
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.Cwd) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Cwd)))
-		i += copy(dAtA[i:], m.Cwd)
-	}
-	if len(m.User) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.User)))
-		i += copy(dAtA[i:], m.User)
-	}
-	if m.ProxyEnv != nil {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.ProxyEnv.Size()))
-		n9, err := m.ProxyEnv.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n9
+func (m *ProxyEnv) GetNoProxy() string {
+	if m != nil {
+		return m.NoProxy
 	}
-	if len(m.ExtraHosts) > 0 {
-		for _, msg := range m.ExtraHosts {
-			dAtA[i] = 0x32
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
+	return ""
+}
+
+func (m *ProxyEnv) GetAllProxy() string {
+	if m != nil {
+		return m.AllProxy
 	}
-	return i, nil
+	return ""
 }
 
-func (m *Mount) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+// WorkerConstraints defines conditions for the worker
+type WorkerConstraints struct {
+	Filter []string `protobuf:"bytes,1,rep,name=filter,proto3" json:"filter,omitempty"`
+}
+
+func (m *WorkerConstraints) Reset()         { *m = WorkerConstraints{} }
+func (m *WorkerConstraints) String() string { return proto.CompactTextString(m) }
+func (*WorkerConstraints) ProtoMessage()    {}
+func (*WorkerConstraints) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{21}
+}
+func (m *WorkerConstraints) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WorkerConstraints) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *WorkerConstraints) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkerConstraints.Merge(m, src)
+}
+func (m *WorkerConstraints) XXX_Size() int {
+	return m.Size()
+}
+func (m *WorkerConstraints) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkerConstraints.DiscardUnknown(m)
 }
 
-func (m *Mount) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Input != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Input))
-	}
-	if len(m.Selector) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Selector)))
-		i += copy(dAtA[i:], m.Selector)
+var xxx_messageInfo_WorkerConstraints proto.InternalMessageInfo
+
+func (m *WorkerConstraints) GetFilter() []string {
+	if m != nil {
+		return m.Filter
 	}
-	if len(m.Dest) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Dest)))
-		i += copy(dAtA[i:], m.Dest)
+	return nil
+}
+
+// Definition is the LLB definition structure with per-vertex metadata entries
+type Definition struct {
+	// def is a list of marshaled Op messages
+	Def [][]byte `protobuf:"bytes,1,rep,name=def,proto3" json:"def,omitempty"`
+	// metadata contains metadata for the each of the Op messages.
+	// A key must be an LLB op digest string. Currently, empty string is not expected as a key, but it may change in the future.
+	Metadata map[github_com_opencontainers_go_digest.Digest]OpMetadata `protobuf:"bytes,2,rep,name=metadata,proto3,castkey=github.com/opencontainers/go-digest.Digest" json:"metadata" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// Source contains the source mapping information for the vertexes in the definition
+	Source *Source `protobuf:"bytes,3,opt,name=Source,proto3" json:"Source,omitempty"`
+}
+
+func (m *Definition) Reset()         { *m = Definition{} }
+func (m *Definition) String() string { return proto.CompactTextString(m) }
+func (*Definition) ProtoMessage()    {}
+func (*Definition) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{22}
+}
+func (m *Definition) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Definition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
 	}
-	if m.Output != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Output))
+	return b[:n], nil
+}
+func (m *Definition) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Definition.Merge(m, src)
+}
+func (m *Definition) XXX_Size() int {
+	return m.Size()
+}
+func (m *Definition) XXX_DiscardUnknown() {
+	xxx_messageInfo_Definition.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Definition proto.InternalMessageInfo
+
+func (m *Definition) GetDef() [][]byte {
+	if m != nil {
+		return m.Def
 	}
-	if m.Readonly {
-		dAtA[i] = 0x28
-		i++
-		if m.Readonly {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+	return nil
+}
+
+func (m *Definition) GetMetadata() map[github_com_opencontainers_go_digest.Digest]OpMetadata {
+	if m != nil {
+		return m.Metadata
 	}
-	if m.MountType != 0 {
-		dAtA[i] = 0x30
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.MountType))
+	return nil
+}
+
+func (m *Definition) GetSource() *Source {
+	if m != nil {
+		return m.Source
 	}
-	if m.CacheOpt != nil {
-		dAtA[i] = 0xa2
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.CacheOpt.Size()))
-		n10, err := m.CacheOpt.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n10
+	return nil
+}
+
+type HostIP struct {
+	Host string `protobuf:"bytes,1,opt,name=Host,proto3" json:"Host,omitempty"`
+	IP   string `protobuf:"bytes,2,opt,name=IP,proto3" json:"IP,omitempty"`
+}
+
+func (m *HostIP) Reset()         { *m = HostIP{} }
+func (m *HostIP) String() string { return proto.CompactTextString(m) }
+func (*HostIP) ProtoMessage()    {}
+func (*HostIP) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{23}
+}
+func (m *HostIP) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HostIP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
 	}
-	if m.SecretOpt != nil {
-		dAtA[i] = 0xaa
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.SecretOpt.Size()))
-		n11, err := m.SecretOpt.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n11
+	return b[:n], nil
+}
+func (m *HostIP) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HostIP.Merge(m, src)
+}
+func (m *HostIP) XXX_Size() int {
+	return m.Size()
+}
+func (m *HostIP) XXX_DiscardUnknown() {
+	xxx_messageInfo_HostIP.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HostIP proto.InternalMessageInfo
+
+func (m *HostIP) GetHost() string {
+	if m != nil {
+		return m.Host
 	}
-	if m.SSHOpt != nil {
-		dAtA[i] = 0xb2
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.SSHOpt.Size()))
-		n12, err := m.SSHOpt.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n12
+	return ""
+}
+
+func (m *HostIP) GetIP() string {
+	if m != nil {
+		return m.IP
 	}
-	return i, nil
+	return ""
 }
 
-func (m *CacheOpt) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+type FileOp struct {
+	Actions []*FileAction `protobuf:"bytes,2,rep,name=actions,proto3" json:"actions,omitempty"`
+}
+
+func (m *FileOp) Reset()         { *m = FileOp{} }
+func (m *FileOp) String() string { return proto.CompactTextString(m) }
+func (*FileOp) ProtoMessage()    {}
+func (*FileOp) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{24}
+}
+func (m *FileOp) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FileOp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *FileOp) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileOp.Merge(m, src)
+}
+func (m *FileOp) XXX_Size() int {
+	return m.Size()
+}
+func (m *FileOp) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileOp.DiscardUnknown(m)
 }
 
-func (m *CacheOpt) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	if m.Sharing != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Sharing))
+var xxx_messageInfo_FileOp proto.InternalMessageInfo
+
+func (m *FileOp) GetActions() []*FileAction {
+	if m != nil {
+		return m.Actions
 	}
-	return i, nil
+	return nil
 }
 
-func (m *SecretOpt) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+type FileAction struct {
+	Input          InputIndex  `protobuf:"varint,1,opt,name=input,proto3,customtype=InputIndex" json:"input"`
+	SecondaryInput InputIndex  `protobuf:"varint,2,opt,name=secondaryInput,proto3,customtype=InputIndex" json:"secondaryInput"`
+	Output         OutputIndex `protobuf:"varint,3,opt,name=output,proto3,customtype=OutputIndex" json:"output"`
+	// Types that are valid to be assigned to Action:
+	//	*FileAction_Copy
+	//	*FileAction_Mkfile
+	//	*FileAction_Mkdir
+	//	*FileAction_Rm
+	Action isFileAction_Action `protobuf_oneof:"action"`
+}
+
+func (m *FileAction) Reset()         { *m = FileAction{} }
+func (m *FileAction) String() string { return proto.CompactTextString(m) }
+func (*FileAction) ProtoMessage()    {}
+func (*FileAction) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{25}
+}
+func (m *FileAction) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FileAction) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *FileAction) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileAction.Merge(m, src)
+}
+func (m *FileAction) XXX_Size() int {
+	return m.Size()
+}
+func (m *FileAction) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileAction.DiscardUnknown(m)
 }
 
-func (m *SecretOpt) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+var xxx_messageInfo_FileAction proto.InternalMessageInfo
+
+type isFileAction_Action interface {
+	isFileAction_Action()
+	MarshalTo([]byte) (int, error)
+	Size() int
+}
+
+type FileAction_Copy struct {
+	Copy *FileActionCopy `protobuf:"bytes,4,opt,name=copy,proto3,oneof" json:"copy,omitempty"`
+}
+type FileAction_Mkfile struct {
+	Mkfile *FileActionMkFile `protobuf:"bytes,5,opt,name=mkfile,proto3,oneof" json:"mkfile,omitempty"`
+}
+type FileAction_Mkdir struct {
+	Mkdir *FileActionMkDir `protobuf:"bytes,6,opt,name=mkdir,proto3,oneof" json:"mkdir,omitempty"`
+}
+type FileAction_Rm struct {
+	Rm *FileActionRm `protobuf:"bytes,7,opt,name=rm,proto3,oneof" json:"rm,omitempty"`
+}
+
+func (*FileAction_Copy) isFileAction_Action()   {}
+func (*FileAction_Mkfile) isFileAction_Action() {}
+func (*FileAction_Mkdir) isFileAction_Action()  {}
+func (*FileAction_Rm) isFileAction_Action()     {}
+
+func (m *FileAction) GetAction() isFileAction_Action {
+	if m != nil {
+		return m.Action
 	}
-	if m.Uid != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Uid))
+	return nil
+}
+
+func (m *FileAction) GetCopy() *FileActionCopy {
+	if x, ok := m.GetAction().(*FileAction_Copy); ok {
+		return x.Copy
 	}
-	if m.Gid != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Gid))
+	return nil
+}
+
+func (m *FileAction) GetMkfile() *FileActionMkFile {
+	if x, ok := m.GetAction().(*FileAction_Mkfile); ok {
+		return x.Mkfile
 	}
-	if m.Mode != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Mode))
+	return nil
+}
+
+func (m *FileAction) GetMkdir() *FileActionMkDir {
+	if x, ok := m.GetAction().(*FileAction_Mkdir); ok {
+		return x.Mkdir
 	}
-	if m.Optional {
-		dAtA[i] = 0x28
-		i++
-		if m.Optional {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+	return nil
+}
+
+func (m *FileAction) GetRm() *FileActionRm {
+	if x, ok := m.GetAction().(*FileAction_Rm); ok {
+		return x.Rm
 	}
-	return i, nil
+	return nil
 }
 
-func (m *SSHOpt) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*FileAction) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*FileAction_Copy)(nil),
+		(*FileAction_Mkfile)(nil),
+		(*FileAction_Mkdir)(nil),
+		(*FileAction_Rm)(nil),
+	}
+}
+
+type FileActionCopy struct {
+	// src is the source path
+	Src string `protobuf:"bytes,1,opt,name=src,proto3" json:"src,omitempty"`
+	// dest path
+	Dest string `protobuf:"bytes,2,opt,name=dest,proto3" json:"dest,omitempty"`
+	// optional owner override
+	Owner *ChownOpt `protobuf:"bytes,3,opt,name=owner,proto3" json:"owner,omitempty"`
+	// optional permission bits override
+	Mode int32 `protobuf:"varint,4,opt,name=mode,proto3" json:"mode,omitempty"`
+	// followSymlink resolves symlinks in src
+	FollowSymlink bool `protobuf:"varint,5,opt,name=followSymlink,proto3" json:"followSymlink,omitempty"`
+	// dirCopyContents only copies contents if src is a directory
+	DirCopyContents bool `protobuf:"varint,6,opt,name=dirCopyContents,proto3" json:"dirCopyContents,omitempty"`
+	// attemptUnpackDockerCompatibility detects if src is an archive to unpack it instead
+	AttemptUnpackDockerCompatibility bool `protobuf:"varint,7,opt,name=attemptUnpackDockerCompatibility,proto3" json:"attemptUnpackDockerCompatibility,omitempty"`
+	// createDestPath creates dest path directories if needed
+	CreateDestPath bool `protobuf:"varint,8,opt,name=createDestPath,proto3" json:"createDestPath,omitempty"`
+	// allowWildcard allows filepath.Match wildcards in src path
+	AllowWildcard bool `protobuf:"varint,9,opt,name=allowWildcard,proto3" json:"allowWildcard,omitempty"`
+	// allowEmptyWildcard doesn't fail the whole copy if wildcard doesn't resolve to files
+	AllowEmptyWildcard bool `protobuf:"varint,10,opt,name=allowEmptyWildcard,proto3" json:"allowEmptyWildcard,omitempty"`
+	// optional created time override
+	Timestamp int64 `protobuf:"varint,11,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	// include only files/dirs matching at least one of these patterns
+	IncludePatterns []string `protobuf:"bytes,12,rep,name=include_patterns,json=includePatterns,proto3" json:"include_patterns,omitempty"`
+	// exclude files/dir matching any of these patterns (even if they match an include pattern)
+	ExcludePatterns []string `protobuf:"bytes,13,rep,name=exclude_patterns,json=excludePatterns,proto3" json:"exclude_patterns,omitempty"`
+}
+
+func (m *FileActionCopy) Reset()         { *m = FileActionCopy{} }
+func (m *FileActionCopy) String() string { return proto.CompactTextString(m) }
+func (*FileActionCopy) ProtoMessage()    {}
+func (*FileActionCopy) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{26}
+}
+func (m *FileActionCopy) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FileActionCopy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *FileActionCopy) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileActionCopy.Merge(m, src)
+}
+func (m *FileActionCopy) XXX_Size() int {
+	return m.Size()
+}
+func (m *FileActionCopy) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileActionCopy.DiscardUnknown(m)
 }
 
-func (m *SSHOpt) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
-	}
-	if m.Uid != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Uid))
-	}
-	if m.Gid != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Gid))
-	}
-	if m.Mode != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Mode))
-	}
-	if m.Optional {
-		dAtA[i] = 0x28
-		i++
-		if m.Optional {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+var xxx_messageInfo_FileActionCopy proto.InternalMessageInfo
+
+func (m *FileActionCopy) GetSrc() string {
+	if m != nil {
+		return m.Src
 	}
-	return i, nil
+	return ""
 }
 
-func (m *CopyOp) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *FileActionCopy) GetDest() string {
+	if m != nil {
+		return m.Dest
 	}
-	return dAtA[:n], nil
+	return ""
 }
 
-func (m *CopyOp) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Src) > 0 {
-		for _, msg := range m.Src {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	if len(m.Dest) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Dest)))
-		i += copy(dAtA[i:], m.Dest)
+func (m *FileActionCopy) GetOwner() *ChownOpt {
+	if m != nil {
+		return m.Owner
 	}
-	return i, nil
+	return nil
 }
 
-func (m *CopySource) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *FileActionCopy) GetMode() int32 {
+	if m != nil {
+		return m.Mode
 	}
-	return dAtA[:n], nil
+	return 0
 }
 
-func (m *CopySource) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Input != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Input))
-	}
-	if len(m.Selector) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Selector)))
-		i += copy(dAtA[i:], m.Selector)
+func (m *FileActionCopy) GetFollowSymlink() bool {
+	if m != nil {
+		return m.FollowSymlink
 	}
-	return i, nil
+	return false
 }
 
-func (m *SourceOp) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *FileActionCopy) GetDirCopyContents() bool {
+	if m != nil {
+		return m.DirCopyContents
 	}
-	return dAtA[:n], nil
+	return false
 }
 
-func (m *SourceOp) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Identifier) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Identifier)))
-		i += copy(dAtA[i:], m.Identifier)
+func (m *FileActionCopy) GetAttemptUnpackDockerCompatibility() bool {
+	if m != nil {
+		return m.AttemptUnpackDockerCompatibility
 	}
-	if len(m.Attrs) > 0 {
-		keysForAttrs := make([]string, 0, len(m.Attrs))
-		for k, _ := range m.Attrs {
-			keysForAttrs = append(keysForAttrs, string(k))
-		}
-		sortkeys.Strings(keysForAttrs)
-		for _, k := range keysForAttrs {
-			dAtA[i] = 0x12
-			i++
-			v := m.Attrs[string(k)]
-			mapSize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
-			i = encodeVarintOps(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+	return false
+}
+
+func (m *FileActionCopy) GetCreateDestPath() bool {
+	if m != nil {
+		return m.CreateDestPath
 	}
-	return i, nil
+	return false
 }
 
-func (m *BuildOp) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *FileActionCopy) GetAllowWildcard() bool {
+	if m != nil {
+		return m.AllowWildcard
 	}
-	return dAtA[:n], nil
+	return false
 }
 
-func (m *BuildOp) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Builder != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Builder))
+func (m *FileActionCopy) GetAllowEmptyWildcard() bool {
+	if m != nil {
+		return m.AllowEmptyWildcard
 	}
-	if len(m.Inputs) > 0 {
-		keysForInputs := make([]string, 0, len(m.Inputs))
-		for k, _ := range m.Inputs {
-			keysForInputs = append(keysForInputs, string(k))
-		}
-		sortkeys.Strings(keysForInputs)
-		for _, k := range keysForInputs {
-			dAtA[i] = 0x12
-			i++
-			v := m.Inputs[string(k)]
-			msgSize := 0
-			if v != nil {
-				msgSize = v.Size()
-				msgSize += 1 + sovOps(uint64(msgSize))
-			}
-			mapSize := 1 + len(k) + sovOps(uint64(len(k))) + msgSize
-			i = encodeVarintOps(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			if v != nil {
-				dAtA[i] = 0x12
-				i++
-				i = encodeVarintOps(dAtA, i, uint64(v.Size()))
-				n13, err := v.MarshalTo(dAtA[i:])
-				if err != nil {
-					return 0, err
-				}
-				i += n13
-			}
-		}
+	return false
+}
+
+func (m *FileActionCopy) GetTimestamp() int64 {
+	if m != nil {
+		return m.Timestamp
 	}
-	if m.Def != nil {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Def.Size()))
-		n14, err := m.Def.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n14
+	return 0
+}
+
+func (m *FileActionCopy) GetIncludePatterns() []string {
+	if m != nil {
+		return m.IncludePatterns
 	}
-	if len(m.Attrs) > 0 {
-		keysForAttrs := make([]string, 0, len(m.Attrs))
-		for k, _ := range m.Attrs {
-			keysForAttrs = append(keysForAttrs, string(k))
-		}
-		sortkeys.Strings(keysForAttrs)
-		for _, k := range keysForAttrs {
-			dAtA[i] = 0x22
-			i++
-			v := m.Attrs[string(k)]
-			mapSize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
-			i = encodeVarintOps(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+	return nil
+}
+
+func (m *FileActionCopy) GetExcludePatterns() []string {
+	if m != nil {
+		return m.ExcludePatterns
 	}
-	return i, nil
+	return nil
 }
 
-func (m *BuildInput) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+type FileActionMkFile struct {
+	// path for the new file
+	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
+	// permission bits
+	Mode int32 `protobuf:"varint,2,opt,name=mode,proto3" json:"mode,omitempty"`
+	// data is the new file contents
+	Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
+	// optional owner for the new file
+	Owner *ChownOpt `protobuf:"bytes,4,opt,name=owner,proto3" json:"owner,omitempty"`
+	// optional created time override
+	Timestamp int64 `protobuf:"varint,5,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+}
+
+func (m *FileActionMkFile) Reset()         { *m = FileActionMkFile{} }
+func (m *FileActionMkFile) String() string { return proto.CompactTextString(m) }
+func (*FileActionMkFile) ProtoMessage()    {}
+func (*FileActionMkFile) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{27}
+}
+func (m *FileActionMkFile) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FileActionMkFile) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *FileActionMkFile) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileActionMkFile.Merge(m, src)
+}
+func (m *FileActionMkFile) XXX_Size() int {
+	return m.Size()
+}
+func (m *FileActionMkFile) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileActionMkFile.DiscardUnknown(m)
 }
 
-func (m *BuildInput) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Input != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.Input))
+var xxx_messageInfo_FileActionMkFile proto.InternalMessageInfo
+
+func (m *FileActionMkFile) GetPath() string {
+	if m != nil {
+		return m.Path
 	}
-	return i, nil
+	return ""
 }
 
-func (m *OpMetadata) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *FileActionMkFile) GetMode() int32 {
+	if m != nil {
+		return m.Mode
 	}
-	return dAtA[:n], nil
+	return 0
 }
 
-func (m *OpMetadata) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.IgnoreCache {
-		dAtA[i] = 0x8
-		i++
-		if m.IgnoreCache {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
-	}
-	if len(m.Description) > 0 {
-		keysForDescription := make([]string, 0, len(m.Description))
-		for k, _ := range m.Description {
-			keysForDescription = append(keysForDescription, string(k))
-		}
-		sortkeys.Strings(keysForDescription)
-		for _, k := range keysForDescription {
-			dAtA[i] = 0x12
-			i++
-			v := m.Description[string(k)]
-			mapSize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
-			i = encodeVarintOps(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(v)))
-			i += copy(dAtA[i:], v)
-		}
+func (m *FileActionMkFile) GetData() []byte {
+	if m != nil {
+		return m.Data
 	}
-	if m.ExportCache != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(m.ExportCache.Size()))
-		n15, err := m.ExportCache.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n15
+	return nil
+}
+
+func (m *FileActionMkFile) GetOwner() *ChownOpt {
+	if m != nil {
+		return m.Owner
 	}
-	if len(m.Caps) > 0 {
-		keysForCaps := make([]string, 0, len(m.Caps))
-		for k, _ := range m.Caps {
-			keysForCaps = append(keysForCaps, string(k))
-		}
-		sortkeys.Strings(keysForCaps)
-		for _, k := range keysForCaps {
-			dAtA[i] = 0x2a
-			i++
-			v := m.Caps[github_com_moby_buildkit_util_apicaps.CapID(k)]
-			mapSize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + 1
-			i = encodeVarintOps(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x10
-			i++
-			if v {
-				dAtA[i] = 1
-			} else {
-				dAtA[i] = 0
-			}
-			i++
-		}
+	return nil
+}
+
+func (m *FileActionMkFile) GetTimestamp() int64 {
+	if m != nil {
+		return m.Timestamp
 	}
-	return i, nil
+	return 0
 }
 
-func (m *ExportCache) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+type FileActionMkDir struct {
+	// path for the new directory
+	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
+	// permission bits
+	Mode int32 `protobuf:"varint,2,opt,name=mode,proto3" json:"mode,omitempty"`
+	// makeParents creates parent directories as well if needed
+	MakeParents bool `protobuf:"varint,3,opt,name=makeParents,proto3" json:"makeParents,omitempty"`
+	// optional owner for the new directory
+	Owner *ChownOpt `protobuf:"bytes,4,opt,name=owner,proto3" json:"owner,omitempty"`
+	// optional created time override
+	Timestamp int64 `protobuf:"varint,5,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+}
+
+func (m *FileActionMkDir) Reset()         { *m = FileActionMkDir{} }
+func (m *FileActionMkDir) String() string { return proto.CompactTextString(m) }
+func (*FileActionMkDir) ProtoMessage()    {}
+func (*FileActionMkDir) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{28}
+}
+func (m *FileActionMkDir) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FileActionMkDir) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *FileActionMkDir) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileActionMkDir.Merge(m, src)
+}
+func (m *FileActionMkDir) XXX_Size() int {
+	return m.Size()
+}
+func (m *FileActionMkDir) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileActionMkDir.DiscardUnknown(m)
 }
 
-func (m *ExportCache) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if m.Value {
-		dAtA[i] = 0x8
-		i++
-		if m.Value {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
+var xxx_messageInfo_FileActionMkDir proto.InternalMessageInfo
+
+func (m *FileActionMkDir) GetPath() string {
+	if m != nil {
+		return m.Path
 	}
-	return i, nil
+	return ""
 }
 
-func (m *ProxyEnv) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *FileActionMkDir) GetMode() int32 {
+	if m != nil {
+		return m.Mode
 	}
-	return dAtA[:n], nil
+	return 0
 }
 
-func (m *ProxyEnv) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.HttpProxy) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.HttpProxy)))
-		i += copy(dAtA[i:], m.HttpProxy)
-	}
-	if len(m.HttpsProxy) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.HttpsProxy)))
-		i += copy(dAtA[i:], m.HttpsProxy)
+func (m *FileActionMkDir) GetMakeParents() bool {
+	if m != nil {
+		return m.MakeParents
 	}
-	if len(m.FtpProxy) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.FtpProxy)))
-		i += copy(dAtA[i:], m.FtpProxy)
+	return false
+}
+
+func (m *FileActionMkDir) GetOwner() *ChownOpt {
+	if m != nil {
+		return m.Owner
 	}
-	if len(m.NoProxy) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.NoProxy)))
-		i += copy(dAtA[i:], m.NoProxy)
+	return nil
+}
+
+func (m *FileActionMkDir) GetTimestamp() int64 {
+	if m != nil {
+		return m.Timestamp
 	}
-	return i, nil
+	return 0
 }
 
-func (m *WorkerConstraints) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+type FileActionRm struct {
+	// path to remove
+	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
+	// allowNotFound doesn't fail the rm if file is not found
+	AllowNotFound bool `protobuf:"varint,2,opt,name=allowNotFound,proto3" json:"allowNotFound,omitempty"`
+	// allowWildcard allows filepath.Match wildcards in path
+	AllowWildcard bool `protobuf:"varint,3,opt,name=allowWildcard,proto3" json:"allowWildcard,omitempty"`
+}
+
+func (m *FileActionRm) Reset()         { *m = FileActionRm{} }
+func (m *FileActionRm) String() string { return proto.CompactTextString(m) }
+func (*FileActionRm) ProtoMessage()    {}
+func (*FileActionRm) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{29}
+}
+func (m *FileActionRm) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *FileActionRm) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *FileActionRm) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FileActionRm.Merge(m, src)
+}
+func (m *FileActionRm) XXX_Size() int {
+	return m.Size()
+}
+func (m *FileActionRm) XXX_DiscardUnknown() {
+	xxx_messageInfo_FileActionRm.DiscardUnknown(m)
 }
 
-func (m *WorkerConstraints) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Filter) > 0 {
-		for _, s := range m.Filter {
-			dAtA[i] = 0xa
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
+var xxx_messageInfo_FileActionRm proto.InternalMessageInfo
+
+func (m *FileActionRm) GetPath() string {
+	if m != nil {
+		return m.Path
 	}
-	return i, nil
+	return ""
 }
 
-func (m *Definition) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
+func (m *FileActionRm) GetAllowNotFound() bool {
+	if m != nil {
+		return m.AllowNotFound
 	}
-	return dAtA[:n], nil
+	return false
 }
 
-func (m *Definition) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Def) > 0 {
-		for _, b := range m.Def {
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(b)))
-			i += copy(dAtA[i:], b)
-		}
-	}
-	if len(m.Metadata) > 0 {
-		keysForMetadata := make([]string, 0, len(m.Metadata))
-		for k, _ := range m.Metadata {
-			keysForMetadata = append(keysForMetadata, string(k))
-		}
-		sortkeys.Strings(keysForMetadata)
-		for _, k := range keysForMetadata {
-			dAtA[i] = 0x12
-			i++
-			v := m.Metadata[github_com_opencontainers_go_digest.Digest(k)]
-			msgSize := 0
-			if (&v) != nil {
-				msgSize = (&v).Size()
-				msgSize += 1 + sovOps(uint64(msgSize))
-			}
-			mapSize := 1 + len(k) + sovOps(uint64(len(k))) + msgSize
-			i = encodeVarintOps(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintOps(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			dAtA[i] = 0x12
-			i++
-			i = encodeVarintOps(dAtA, i, uint64((&v).Size()))
-			n16, err := (&v).MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n16
-		}
+func (m *FileActionRm) GetAllowWildcard() bool {
+	if m != nil {
+		return m.AllowWildcard
 	}
-	return i, nil
+	return false
 }
 
-func (m *HostIP) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+type ChownOpt struct {
+	User  *UserOpt `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"`
+	Group *UserOpt `protobuf:"bytes,2,opt,name=group,proto3" json:"group,omitempty"`
+}
+
+func (m *ChownOpt) Reset()         { *m = ChownOpt{} }
+func (m *ChownOpt) String() string { return proto.CompactTextString(m) }
+func (*ChownOpt) ProtoMessage()    {}
+func (*ChownOpt) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{30}
+}
+func (m *ChownOpt) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ChownOpt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
-	return dAtA[:n], nil
+	return b[:n], nil
+}
+func (m *ChownOpt) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ChownOpt.Merge(m, src)
+}
+func (m *ChownOpt) XXX_Size() int {
+	return m.Size()
+}
+func (m *ChownOpt) XXX_DiscardUnknown() {
+	xxx_messageInfo_ChownOpt.DiscardUnknown(m)
 }
 
-func (m *HostIP) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Host) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.Host)))
-		i += copy(dAtA[i:], m.Host)
-	}
-	if len(m.IP) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintOps(dAtA, i, uint64(len(m.IP)))
-		i += copy(dAtA[i:], m.IP)
+var xxx_messageInfo_ChownOpt proto.InternalMessageInfo
+
+func (m *ChownOpt) GetUser() *UserOpt {
+	if m != nil {
+		return m.User
 	}
-	return i, nil
+	return nil
 }
 
-func encodeVarintOps(dAtA []byte, offset int, v uint64) int {
-	for v >= 1<<7 {
-		dAtA[offset] = uint8(v&0x7f | 0x80)
-		v >>= 7
-		offset++
+func (m *ChownOpt) GetGroup() *UserOpt {
+	if m != nil {
+		return m.Group
 	}
-	dAtA[offset] = uint8(v)
-	return offset + 1
+	return nil
 }
-func (m *Op) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Inputs) > 0 {
-		for _, e := range m.Inputs {
-			l = e.Size()
-			n += 1 + l + sovOps(uint64(l))
-		}
-	}
-	if m.Op != nil {
-		n += m.Op.Size()
-	}
-	if m.Platform != nil {
-		l = m.Platform.Size()
-		n += 1 + l + sovOps(uint64(l))
-	}
-	if m.Constraints != nil {
-		l = m.Constraints.Size()
-		n += 1 + l + sovOps(uint64(l))
-	}
-	return n
+
+type UserOpt struct {
+	// Types that are valid to be assigned to User:
+	//	*UserOpt_ByName
+	//	*UserOpt_ByID
+	User isUserOpt_User `protobuf_oneof:"user"`
 }
 
-func (m *Op_Exec) Size() (n int) {
-	var l int
-	_ = l
-	if m.Exec != nil {
-		l = m.Exec.Size()
-		n += 1 + l + sovOps(uint64(l))
-	}
-	return n
+func (m *UserOpt) Reset()         { *m = UserOpt{} }
+func (m *UserOpt) String() string { return proto.CompactTextString(m) }
+func (*UserOpt) ProtoMessage()    {}
+func (*UserOpt) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{31}
 }
-func (m *Op_Source) Size() (n int) {
-	var l int
-	_ = l
-	if m.Source != nil {
-		l = m.Source.Size()
-		n += 1 + l + sovOps(uint64(l))
-	}
-	return n
+func (m *UserOpt) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
 }
-func (m *Op_Copy) Size() (n int) {
-	var l int
-	_ = l
-	if m.Copy != nil {
-		l = m.Copy.Size()
-		n += 1 + l + sovOps(uint64(l))
+func (m *UserOpt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return b[:n], nil
 }
-func (m *Op_Build) Size() (n int) {
-	var l int
-	_ = l
-	if m.Build != nil {
-		l = m.Build.Size()
-		n += 1 + l + sovOps(uint64(l))
-	}
-	return n
+func (m *UserOpt) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UserOpt.Merge(m, src)
 }
-func (m *Platform) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Architecture)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	l = len(m.OS)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	l = len(m.Variant)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+func (m *UserOpt) XXX_Size() int {
+	return m.Size()
+}
+func (m *UserOpt) XXX_DiscardUnknown() {
+	xxx_messageInfo_UserOpt.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UserOpt proto.InternalMessageInfo
+
+type isUserOpt_User interface {
+	isUserOpt_User()
+	MarshalTo([]byte) (int, error)
+	Size() int
+}
+
+type UserOpt_ByName struct {
+	ByName *NamedUserOpt `protobuf:"bytes,1,opt,name=byName,proto3,oneof" json:"byName,omitempty"`
+}
+type UserOpt_ByID struct {
+	ByID uint32 `protobuf:"varint,2,opt,name=byID,proto3,oneof" json:"byID,omitempty"`
+}
+
+func (*UserOpt_ByName) isUserOpt_User() {}
+func (*UserOpt_ByID) isUserOpt_User()   {}
+
+func (m *UserOpt) GetUser() isUserOpt_User {
+	if m != nil {
+		return m.User
 	}
-	l = len(m.OSVersion)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+	return nil
+}
+
+func (m *UserOpt) GetByName() *NamedUserOpt {
+	if x, ok := m.GetUser().(*UserOpt_ByName); ok {
+		return x.ByName
 	}
-	if len(m.OSFeatures) > 0 {
-		for _, s := range m.OSFeatures {
-			l = len(s)
-			n += 1 + l + sovOps(uint64(l))
-		}
+	return nil
+}
+
+func (m *UserOpt) GetByID() uint32 {
+	if x, ok := m.GetUser().(*UserOpt_ByID); ok {
+		return x.ByID
 	}
-	return n
+	return 0
 }
 
-func (m *Input) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Digest)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*UserOpt) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*UserOpt_ByName)(nil),
+		(*UserOpt_ByID)(nil),
 	}
-	if m.Index != 0 {
-		n += 1 + sovOps(uint64(m.Index))
+}
+
+type NamedUserOpt struct {
+	Name  string     `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Input InputIndex `protobuf:"varint,2,opt,name=input,proto3,customtype=InputIndex" json:"input"`
+}
+
+func (m *NamedUserOpt) Reset()         { *m = NamedUserOpt{} }
+func (m *NamedUserOpt) String() string { return proto.CompactTextString(m) }
+func (*NamedUserOpt) ProtoMessage()    {}
+func (*NamedUserOpt) Descriptor() ([]byte, []int) {
+	return fileDescriptor_8de16154b2733812, []int{32}
+}
+func (m *NamedUserOpt) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NamedUserOpt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return b[:n], nil
+}
+func (m *NamedUserOpt) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NamedUserOpt.Merge(m, src)
+}
+func (m *NamedUserOpt) XXX_Size() int {
+	return m.Size()
+}
+func (m *NamedUserOpt) XXX_DiscardUnknown() {
+	xxx_messageInfo_NamedUserOpt.DiscardUnknown(m)
 }
 
-func (m *ExecOp) Size() (n int) {
-	var l int
-	_ = l
-	if m.Meta != nil {
-		l = m.Meta.Size()
-		n += 1 + l + sovOps(uint64(l))
-	}
-	if len(m.Mounts) > 0 {
-		for _, e := range m.Mounts {
-			l = e.Size()
-			n += 1 + l + sovOps(uint64(l))
-		}
+var xxx_messageInfo_NamedUserOpt proto.InternalMessageInfo
+
+func (m *NamedUserOpt) GetName() string {
+	if m != nil {
+		return m.Name
 	}
-	if m.Network != 0 {
-		n += 1 + sovOps(uint64(m.Network))
+	return ""
+}
+
+func init() {
+	proto.RegisterEnum("pb.NetMode", NetMode_name, NetMode_value)
+	proto.RegisterEnum("pb.SecurityMode", SecurityMode_name, SecurityMode_value)
+	proto.RegisterEnum("pb.MountType", MountType_name, MountType_value)
+	proto.RegisterEnum("pb.CacheSharingOpt", CacheSharingOpt_name, CacheSharingOpt_value)
+	proto.RegisterType((*Op)(nil), "pb.Op")
+	proto.RegisterType((*Platform)(nil), "pb.Platform")
+	proto.RegisterType((*Input)(nil), "pb.Input")
+	proto.RegisterType((*ExecOp)(nil), "pb.ExecOp")
+	proto.RegisterType((*Meta)(nil), "pb.Meta")
+	proto.RegisterType((*Mount)(nil), "pb.Mount")
+	proto.RegisterType((*CacheOpt)(nil), "pb.CacheOpt")
+	proto.RegisterType((*SecretOpt)(nil), "pb.SecretOpt")
+	proto.RegisterType((*SSHOpt)(nil), "pb.SSHOpt")
+	proto.RegisterType((*SourceOp)(nil), "pb.SourceOp")
+	proto.RegisterMapType((map[string]string)(nil), "pb.SourceOp.AttrsEntry")
+	proto.RegisterType((*BuildOp)(nil), "pb.BuildOp")
+	proto.RegisterMapType((map[string]string)(nil), "pb.BuildOp.AttrsEntry")
+	proto.RegisterMapType((map[string]*BuildInput)(nil), "pb.BuildOp.InputsEntry")
+	proto.RegisterType((*BuildInput)(nil), "pb.BuildInput")
+	proto.RegisterType((*OpMetadata)(nil), "pb.OpMetadata")
+	proto.RegisterMapType((map[github_com_moby_buildkit_util_apicaps.CapID]bool)(nil), "pb.OpMetadata.CapsEntry")
+	proto.RegisterMapType((map[string]string)(nil), "pb.OpMetadata.DescriptionEntry")
+	proto.RegisterType((*Source)(nil), "pb.Source")
+	proto.RegisterMapType((map[string]*Locations)(nil), "pb.Source.LocationsEntry")
+	proto.RegisterType((*Locations)(nil), "pb.Locations")
+	proto.RegisterType((*SourceInfo)(nil), "pb.SourceInfo")
+	proto.RegisterType((*Location)(nil), "pb.Location")
+	proto.RegisterType((*Range)(nil), "pb.Range")
+	proto.RegisterType((*Position)(nil), "pb.Position")
+	proto.RegisterType((*ExportCache)(nil), "pb.ExportCache")
+	proto.RegisterType((*ProxyEnv)(nil), "pb.ProxyEnv")
+	proto.RegisterType((*WorkerConstraints)(nil), "pb.WorkerConstraints")
+	proto.RegisterType((*Definition)(nil), "pb.Definition")
+	proto.RegisterMapType((map[github_com_opencontainers_go_digest.Digest]OpMetadata)(nil), "pb.Definition.MetadataEntry")
+	proto.RegisterType((*HostIP)(nil), "pb.HostIP")
+	proto.RegisterType((*FileOp)(nil), "pb.FileOp")
+	proto.RegisterType((*FileAction)(nil), "pb.FileAction")
+	proto.RegisterType((*FileActionCopy)(nil), "pb.FileActionCopy")
+	proto.RegisterType((*FileActionMkFile)(nil), "pb.FileActionMkFile")
+	proto.RegisterType((*FileActionMkDir)(nil), "pb.FileActionMkDir")
+	proto.RegisterType((*FileActionRm)(nil), "pb.FileActionRm")
+	proto.RegisterType((*ChownOpt)(nil), "pb.ChownOpt")
+	proto.RegisterType((*UserOpt)(nil), "pb.UserOpt")
+	proto.RegisterType((*NamedUserOpt)(nil), "pb.NamedUserOpt")
+}
+
+func init() { proto.RegisterFile("ops.proto", fileDescriptor_8de16154b2733812) }
+
+var fileDescriptor_8de16154b2733812 = []byte{
+	// 2267 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0xcd, 0x6e, 0x1c, 0xc7,
+	0xf1, 0xe7, 0x7e, 0xef, 0xd6, 0x2e, 0xa9, 0xfd, 0xb7, 0x65, 0x7b, 0xcd, 0xbf, 0x42, 0xd2, 0x63,
+	0xc7, 0xa0, 0x28, 0x69, 0x09, 0xd0, 0x80, 0x65, 0x18, 0x41, 0x10, 0xee, 0x87, 0xc0, 0xb5, 0x25,
+	0x2e, 0xd1, 0x2b, 0xc9, 0xb9, 0x09, 0xc3, 0xd9, 0x26, 0x39, 0xe0, 0xec, 0xf4, 0xa0, 0xa7, 0x57,
+	0xe2, 0x5e, 0x72, 0xf0, 0x13, 0x18, 0x08, 0x90, 0x5b, 0x12, 0xe4, 0x1d, 0x72, 0xcd, 0x31, 0x80,
+	0x8f, 0x3e, 0xe4, 0x60, 0xe4, 0xe0, 0x04, 0xd2, 0x3d, 0x4f, 0x90, 0x00, 0x41, 0x55, 0xf7, 0x7c,
+	0x2c, 0x45, 0x41, 0x12, 0x12, 0xe4, 0x34, 0xdd, 0x55, 0xbf, 0xaa, 0xae, 0xae, 0xaa, 0xae, 0xae,
+	0x1e, 0x68, 0xc8, 0x28, 0xee, 0x46, 0x4a, 0x6a, 0xc9, 0x8a, 0xd1, 0xf1, 0xfa, 0x9d, 0x53, 0x5f,
+	0x9f, 0xcd, 0x8f, 0xbb, 0x9e, 0x9c, 0xed, 0x9e, 0xca, 0x53, 0xb9, 0x4b, 0xac, 0xe3, 0xf9, 0x09,
+	0xcd, 0x68, 0x42, 0x23, 0x23, 0xe2, 0xfc, 0xa1, 0x08, 0xc5, 0x71, 0xc4, 0x3e, 0x84, 0xaa, 0x1f,
+	0x46, 0x73, 0x1d, 0x77, 0x0a, 0x5b, 0xa5, 0xed, 0xe6, 0x5e, 0xa3, 0x1b, 0x1d, 0x77, 0x47, 0x48,
+	0xe1, 0x96, 0xc1, 0xb6, 0xa0, 0x2c, 0x2e, 0x84, 0xd7, 0x29, 0x6e, 0x15, 0xb6, 0x9b, 0x7b, 0x80,
+	0x80, 0xe1, 0x85, 0xf0, 0xc6, 0xd1, 0xc1, 0x0a, 0x27, 0x0e, 0xfb, 0x04, 0xaa, 0xb1, 0x9c, 0x2b,
+	0x4f, 0x74, 0x4a, 0x84, 0x69, 0x21, 0x66, 0x42, 0x14, 0x42, 0x59, 0x2e, 0x6a, 0x3a, 0xf1, 0x03,
+	0xd1, 0x29, 0x67, 0x9a, 0xee, 0xf9, 0x81, 0xc1, 0x10, 0x87, 0x7d, 0x04, 0x95, 0xe3, 0xb9, 0x1f,
+	0x4c, 0x3b, 0x15, 0x82, 0x34, 0x11, 0xd2, 0x43, 0x02, 0x61, 0x0c, 0x8f, 0x6d, 0x43, 0x3d, 0x0a,
+	0x5c, 0x7d, 0x22, 0xd5, 0xac, 0x03, 0xd9, 0x82, 0x47, 0x96, 0xc6, 0x53, 0x2e, 0xbb, 0x0b, 0x4d,
+	0x4f, 0x86, 0xb1, 0x56, 0xae, 0x1f, 0xea, 0xb8, 0xd3, 0x24, 0xf0, 0xbb, 0x08, 0xfe, 0x5a, 0xaa,
+	0x73, 0xa1, 0xfa, 0x19, 0x93, 0xe7, 0x91, 0xbd, 0x32, 0x14, 0x65, 0xe4, 0xfc, 0xa6, 0x00, 0xf5,
+	0x44, 0x2b, 0x73, 0xa0, 0xb5, 0xaf, 0xbc, 0x33, 0x5f, 0x0b, 0x4f, 0xcf, 0x95, 0xe8, 0x14, 0xb6,
+	0x0a, 0xdb, 0x0d, 0xbe, 0x44, 0x63, 0x6b, 0x50, 0x1c, 0x4f, 0xc8, 0x51, 0x0d, 0x5e, 0x1c, 0x4f,
+	0x58, 0x07, 0x6a, 0x8f, 0x5d, 0xe5, 0xbb, 0xa1, 0x26, 0xcf, 0x34, 0x78, 0x32, 0x65, 0x37, 0xa0,
+	0x31, 0x9e, 0x3c, 0x16, 0x2a, 0xf6, 0x65, 0x48, 0xfe, 0x68, 0xf0, 0x8c, 0xc0, 0x36, 0x00, 0xc6,
+	0x93, 0x7b, 0xc2, 0x45, 0xa5, 0x71, 0xa7, 0xb2, 0x55, 0xda, 0x6e, 0xf0, 0x1c, 0xc5, 0xf9, 0x15,
+	0x54, 0x28, 0x46, 0xec, 0x4b, 0xa8, 0x4e, 0xfd, 0x53, 0x11, 0x6b, 0x63, 0x4e, 0x6f, 0xef, 0xbb,
+	0x1f, 0x37, 0x57, 0xfe, 0xfa, 0xe3, 0xe6, 0x4e, 0x2e, 0x19, 0x64, 0x24, 0x42, 0x4f, 0x86, 0xda,
+	0xf5, 0x43, 0xa1, 0xe2, 0xdd, 0x53, 0x79, 0xc7, 0x88, 0x74, 0x07, 0xf4, 0xe1, 0x56, 0x03, 0xbb,
+	0x09, 0x15, 0x3f, 0x9c, 0x8a, 0x0b, 0xb2, 0xbf, 0xd4, 0x7b, 0xc7, 0xaa, 0x6a, 0x8e, 0xe7, 0x3a,
+	0x9a, 0xeb, 0x11, 0xb2, 0xb8, 0x41, 0x38, 0xbf, 0x2b, 0x40, 0xd5, 0xe4, 0x00, 0xbb, 0x01, 0xe5,
+	0x99, 0xd0, 0x2e, 0xad, 0xdf, 0xdc, 0xab, 0xa3, 0x6f, 0x1f, 0x08, 0xed, 0x72, 0xa2, 0x62, 0x7a,
+	0xcd, 0xe4, 0x1c, 0x7d, 0x5f, 0xcc, 0xd2, 0xeb, 0x01, 0x52, 0xb8, 0x65, 0xb0, 0x9f, 0x42, 0x2d,
+	0x14, 0xfa, 0x99, 0x54, 0xe7, 0xe4, 0xa3, 0x35, 0x13, 0xf4, 0x43, 0xa1, 0x1f, 0xc8, 0xa9, 0xe0,
+	0x09, 0x8f, 0xdd, 0x86, 0x7a, 0x2c, 0xbc, 0xb9, 0xf2, 0xf5, 0x82, 0xfc, 0xb5, 0xb6, 0xd7, 0xa6,
+	0x2c, 0xb3, 0x34, 0x02, 0xa7, 0x08, 0xe7, 0xcf, 0x05, 0x28, 0xa3, 0x19, 0x8c, 0x41, 0xd9, 0x55,
+	0xa7, 0x26, 0xbb, 0x1b, 0x9c, 0xc6, 0xac, 0x0d, 0x25, 0x11, 0x3e, 0x25, 0x8b, 0x1a, 0x1c, 0x87,
+	0x48, 0xf1, 0x9e, 0x4d, 0x6d, 0x8c, 0x70, 0x88, 0x72, 0xf3, 0x58, 0x28, 0x1b, 0x1a, 0x1a, 0xb3,
+	0x9b, 0xd0, 0x88, 0x94, 0xbc, 0x58, 0x3c, 0x41, 0xe9, 0x4a, 0x2e, 0xf1, 0x90, 0x38, 0x0c, 0x9f,
+	0xf2, 0x7a, 0x64, 0x47, 0x6c, 0x07, 0x40, 0x5c, 0x68, 0xe5, 0x1e, 0xc8, 0x58, 0xc7, 0x9d, 0x2a,
+	0xed, 0x9d, 0xf2, 0x1d, 0x09, 0xa3, 0x23, 0x9e, 0xe3, 0xb2, 0x75, 0xa8, 0x9f, 0xc9, 0x58, 0x87,
+	0xee, 0x4c, 0x74, 0x6a, 0xb4, 0x5c, 0x3a, 0x77, 0xfe, 0x51, 0x84, 0x0a, 0xb9, 0x8b, 0x6d, 0x63,
+	0x74, 0xa2, 0xb9, 0x09, 0x74, 0xa9, 0xc7, 0x6c, 0x74, 0x80, 0xf2, 0x20, 0x0d, 0x0e, 0xe6, 0xc4,
+	0x3a, 0x7a, 0x2a, 0x10, 0x9e, 0x96, 0xca, 0xa6, 0x62, 0x3a, 0xc7, 0x6d, 0x4d, 0x31, 0x5b, 0xcc,
+	0x4e, 0x69, 0xcc, 0x6e, 0x41, 0x55, 0x52, 0x88, 0x69, 0xb3, 0xaf, 0x08, 0xbc, 0x85, 0xa0, 0x72,
+	0x25, 0xdc, 0xa9, 0x0c, 0x83, 0x05, 0xb9, 0xa0, 0xce, 0xd3, 0x39, 0xbb, 0x05, 0x0d, 0x8a, 0xe9,
+	0xc3, 0x45, 0x24, 0x3a, 0x55, 0x8a, 0xd1, 0x6a, 0x1a, 0x6f, 0x24, 0xf2, 0x8c, 0x8f, 0x87, 0xd8,
+	0x73, 0xbd, 0x33, 0x31, 0x8e, 0x74, 0xe7, 0x7a, 0xe6, 0xcb, 0xbe, 0xa5, 0xf1, 0x94, 0x8b, 0x6a,
+	0x63, 0xe1, 0x29, 0xa1, 0x11, 0xfa, 0x2e, 0x41, 0x57, 0x6d, 0xe8, 0x0d, 0x91, 0x67, 0x7c, 0xe6,
+	0x40, 0x75, 0x32, 0x39, 0x40, 0xe4, 0x7b, 0x59, 0x91, 0x31, 0x14, 0x6e, 0x39, 0x66, 0x0f, 0xf1,
+	0x3c, 0xd0, 0xa3, 0x41, 0xe7, 0x7d, 0xe3, 0xa0, 0x64, 0xee, 0x8c, 0xa0, 0x9e, 0x98, 0x80, 0xa7,
+	0x79, 0x34, 0xb0, 0xe7, 0xbc, 0x38, 0x1a, 0xb0, 0x3b, 0x50, 0x8b, 0xcf, 0x5c, 0xe5, 0x87, 0xa7,
+	0xe4, 0xd7, 0xb5, 0xbd, 0x77, 0x52, 0x8b, 0x27, 0x86, 0x8e, 0xab, 0x24, 0x18, 0x47, 0x42, 0x23,
+	0x35, 0xf1, 0x25, 0x5d, 0x6d, 0x28, 0xcd, 0xfd, 0x29, 0xe9, 0x59, 0xe5, 0x38, 0x44, 0xca, 0xa9,
+	0x6f, 0x72, 0x70, 0x95, 0xe3, 0x10, 0x83, 0x35, 0x93, 0x53, 0x53, 0x2e, 0x57, 0x39, 0x8d, 0xd1,
+	0x76, 0x19, 0x69, 0x5f, 0x86, 0x6e, 0x90, 0xf8, 0x3f, 0x99, 0x3b, 0x41, 0xb2, 0xf7, 0xff, 0xc9,
+	0x6a, 0xbf, 0x2e, 0x40, 0x3d, 0xa9, 0xf1, 0x58, 0xb0, 0xfc, 0xa9, 0x08, 0xb5, 0x7f, 0xe2, 0x0b,
+	0x65, 0x17, 0xce, 0x51, 0xd8, 0x1d, 0xa8, 0xb8, 0x5a, 0xab, 0xa4, 0x0c, 0xbc, 0x9f, 0xbf, 0x20,
+	0xba, 0xfb, 0xc8, 0x19, 0x86, 0x5a, 0x2d, 0xb8, 0x41, 0xad, 0x7f, 0x0e, 0x90, 0x11, 0xd1, 0xd6,
+	0x73, 0xb1, 0xb0, 0x5a, 0x71, 0xc8, 0xae, 0x43, 0xe5, 0xa9, 0x1b, 0xcc, 0x85, 0xcd, 0x6f, 0x33,
+	0xf9, 0xa2, 0xf8, 0x79, 0xc1, 0xf9, 0x53, 0x11, 0x6a, 0xf6, 0xc2, 0x60, 0xb7, 0xa1, 0x46, 0x17,
+	0x86, 0xb5, 0xe8, 0xea, 0x43, 0x93, 0x40, 0xd8, 0x6e, 0x7a, 0x13, 0xe6, 0x6c, 0xb4, 0xaa, 0xcc,
+	0x8d, 0x68, 0x6d, 0xcc, 0xee, 0xc5, 0xd2, 0x54, 0x9c, 0xd8, 0x2b, 0x6f, 0x0d, 0xd1, 0x03, 0x71,
+	0xe2, 0x87, 0x3e, 0xfa, 0x87, 0x23, 0x8b, 0xdd, 0x4e, 0x76, 0x5d, 0x26, 0x8d, 0xef, 0xe5, 0x35,
+	0xbe, 0xbc, 0xe9, 0x11, 0x34, 0x73, 0xcb, 0x5c, 0xb1, 0xeb, 0x8f, 0xf3, 0xbb, 0xb6, 0x4b, 0x92,
+	0x3a, 0x73, 0x5f, 0x67, 0x5e, 0xf8, 0x0f, 0xfc, 0xf7, 0x19, 0x40, 0xa6, 0xf2, 0xcd, 0x8b, 0x8e,
+	0xf3, 0x4d, 0x09, 0x60, 0x1c, 0x61, 0xc9, 0x9d, 0xba, 0x54, 0xf7, 0x5b, 0xfe, 0x69, 0x28, 0x95,
+	0x78, 0x42, 0xc7, 0x98, 0xe4, 0xeb, 0xbc, 0x69, 0x68, 0x74, 0x62, 0xd8, 0x3e, 0x34, 0xa7, 0x22,
+	0xf6, 0x94, 0x4f, 0x09, 0x65, 0x9d, 0xbe, 0x89, 0x7b, 0xca, 0xf4, 0x74, 0x07, 0x19, 0xc2, 0xf8,
+	0x2a, 0x2f, 0xc3, 0xf6, 0xa0, 0x25, 0x2e, 0x22, 0xa9, 0xb4, 0x5d, 0xc5, 0xf4, 0x15, 0xd7, 0x4c,
+	0x87, 0x82, 0x74, 0x5a, 0x89, 0x37, 0x45, 0x36, 0x61, 0x2e, 0x94, 0x3d, 0x37, 0x32, 0x97, 0x6a,
+	0x73, 0xaf, 0x73, 0x69, 0xbd, 0xbe, 0x1b, 0x19, 0xa7, 0xf5, 0x3e, 0xc5, 0xbd, 0x7e, 0xf3, 0xb7,
+	0xcd, 0x5b, 0xb9, 0x9b, 0x74, 0x26, 0x8f, 0x17, 0xbb, 0x94, 0x2f, 0xe7, 0xbe, 0xde, 0x9d, 0x6b,
+	0x3f, 0xd8, 0x75, 0x23, 0x1f, 0xd5, 0xa1, 0xe0, 0x68, 0xc0, 0x49, 0xf5, 0xfa, 0xcf, 0xa1, 0x7d,
+	0xd9, 0xee, 0xb7, 0x89, 0xc1, 0xfa, 0x5d, 0x68, 0xa4, 0x76, 0xbc, 0x4e, 0xb0, 0x9e, 0x0f, 0xde,
+	0x1f, 0x0b, 0x50, 0x35, 0xa7, 0x8a, 0xdd, 0x85, 0x46, 0x20, 0x3d, 0x17, 0x0d, 0x48, 0x5a, 0xbb,
+	0x0f, 0xb2, 0x43, 0xd7, 0xbd, 0x9f, 0xf0, 0x8c, 0x57, 0x33, 0x2c, 0x26, 0x99, 0x1f, 0x9e, 0xc8,
+	0xe4, 0x14, 0xac, 0x65, 0x42, 0xa3, 0xf0, 0x44, 0x72, 0xc3, 0x5c, 0xff, 0x0a, 0xd6, 0x96, 0x55,
+	0x5c, 0x61, 0xe7, 0x47, 0xcb, 0xe9, 0x4a, 0x35, 0x3b, 0x15, 0xca, 0x9b, 0x7d, 0x17, 0x1a, 0x29,
+	0x9d, 0xed, 0xbc, 0x6c, 0x78, 0x2b, 0x2f, 0x99, 0xb3, 0xd5, 0x09, 0x00, 0x32, 0xd3, 0xb0, 0x58,
+	0x61, 0x0f, 0x49, 0xf7, 0xa8, 0x31, 0x23, 0x9d, 0xd3, 0xbd, 0xe7, 0x6a, 0x97, 0x4c, 0x69, 0x71,
+	0x1a, 0xb3, 0x2e, 0xc0, 0x34, 0x3d, 0xb0, 0xaf, 0x38, 0xc6, 0x39, 0x84, 0x33, 0x86, 0x7a, 0x62,
+	0x04, 0xdb, 0x82, 0x66, 0x6c, 0x57, 0xc6, 0x8e, 0x09, 0x97, 0xab, 0xf0, 0x3c, 0x09, 0x3b, 0x1f,
+	0xe5, 0x86, 0xa7, 0x62, 0xa9, 0xf3, 0xe1, 0x48, 0xe1, 0x96, 0xe1, 0x7c, 0x0d, 0x15, 0x22, 0xe0,
+	0x31, 0x8b, 0xb5, 0xab, 0xb4, 0x6d, 0xa2, 0x4c, 0x53, 0x21, 0x63, 0x5a, 0xb6, 0x57, 0xc6, 0x44,
+	0xe4, 0x06, 0xc0, 0x3e, 0xc6, 0xd6, 0x65, 0x6a, 0x3d, 0x7a, 0x15, 0x0e, 0xd9, 0xce, 0xcf, 0xa0,
+	0x9e, 0x90, 0x71, 0xe7, 0xf7, 0xfd, 0x50, 0x58, 0x13, 0x69, 0x8c, 0xcd, 0x67, 0xff, 0xcc, 0x55,
+	0xae, 0xa7, 0x85, 0x69, 0x11, 0x2a, 0x3c, 0x23, 0x38, 0x1f, 0x41, 0x33, 0x77, 0x7a, 0x30, 0xdd,
+	0x1e, 0x53, 0x18, 0xcd, 0x19, 0x36, 0x13, 0xe7, 0xf7, 0xd8, 0x1a, 0x27, 0xdd, 0xce, 0x4f, 0x00,
+	0xce, 0xb4, 0x8e, 0x9e, 0x50, 0xfb, 0x63, 0x7d, 0xdf, 0x40, 0x0a, 0x21, 0xd8, 0x26, 0x34, 0x71,
+	0x12, 0x5b, 0xbe, 0xc9, 0x77, 0x92, 0x88, 0x0d, 0xe0, 0xff, 0xa1, 0x71, 0x92, 0x8a, 0x97, 0x6c,
+	0xe8, 0x12, 0xe9, 0x0f, 0xa0, 0x1e, 0x4a, 0xcb, 0x33, 0xdd, 0x58, 0x2d, 0x94, 0xa9, 0x9c, 0x1b,
+	0x04, 0x96, 0x57, 0x31, 0x72, 0x6e, 0x10, 0x10, 0xd3, 0xb9, 0x05, 0xff, 0xf7, 0x52, 0x93, 0xcf,
+	0xde, 0x83, 0xea, 0x89, 0x1f, 0x68, 0xba, 0x11, 0xb0, 0xfb, 0xb3, 0x33, 0xe7, 0x5f, 0x05, 0x80,
+	0x2c, 0xec, 0x98, 0xcc, 0x58, 0xda, 0x11, 0xd3, 0x32, 0xa5, 0x3c, 0x80, 0xfa, 0xcc, 0x16, 0x09,
+	0x1b, 0xd0, 0x1b, 0xcb, 0xa9, 0xd2, 0x4d, 0x6a, 0x88, 0x29, 0x1f, 0x7b, 0xb6, 0x7c, 0xbc, 0x4d,
+	0x23, 0x9e, 0xae, 0x40, 0x5d, 0x4c, 0xfe, 0x41, 0x05, 0xd9, 0x29, 0xe4, 0x96, 0xb3, 0xfe, 0x15,
+	0xac, 0x2e, 0x2d, 0xf9, 0x86, 0x17, 0x46, 0x56, 0xec, 0xf2, 0x47, 0xf0, 0x36, 0x54, 0x4d, 0x67,
+	0x8a, 0xf9, 0x82, 0x23, 0xab, 0x86, 0xc6, 0xd4, 0x4e, 0x1c, 0x25, 0xcf, 0x9a, 0xd1, 0x91, 0xb3,
+	0x07, 0x55, 0xf3, 0x6e, 0x63, 0xdb, 0x50, 0x73, 0x3d, 0x73, 0x56, 0x73, 0xf5, 0x02, 0x99, 0xfb,
+	0x44, 0xe6, 0x09, 0xdb, 0xf9, 0x4b, 0x11, 0x20, 0xa3, 0xbf, 0x45, 0x3b, 0xfb, 0x05, 0xac, 0xc5,
+	0xc2, 0x93, 0xe1, 0xd4, 0x55, 0x0b, 0xe2, 0xda, 0xf7, 0xc9, 0x55, 0x22, 0x97, 0x90, 0xb9, 0xd6,
+	0xb6, 0xf4, 0xfa, 0xd6, 0x76, 0x1b, 0xca, 0x9e, 0x8c, 0x16, 0xf6, 0x16, 0x61, 0xcb, 0x1b, 0xe9,
+	0xcb, 0x68, 0x81, 0xaf, 0x54, 0x44, 0xb0, 0x2e, 0x54, 0x67, 0xe7, 0xf4, 0x92, 0x35, 0xaf, 0x80,
+	0xeb, 0xcb, 0xd8, 0x07, 0xe7, 0x38, 0xc6, 0x77, 0xaf, 0x41, 0xb1, 0x5b, 0x50, 0x99, 0x9d, 0x4f,
+	0x7d, 0x45, 0x4d, 0x71, 0xd3, 0xb4, 0x8d, 0x79, 0xf8, 0xc0, 0x57, 0xf8, 0xba, 0x25, 0x0c, 0x73,
+	0xa0, 0xa8, 0x66, 0xf4, 0x10, 0x68, 0x9a, 0x27, 0x4e, 0xce, 0x9b, 0xb3, 0x83, 0x15, 0x5e, 0x54,
+	0xb3, 0x5e, 0x1d, 0xaa, 0xc6, 0xaf, 0xce, 0x3f, 0x4b, 0xb0, 0xb6, 0x6c, 0x25, 0xe6, 0x41, 0xac,
+	0xbc, 0x24, 0x0f, 0x62, 0xe5, 0xa5, 0x5d, 0x7f, 0x31, 0xd7, 0xf5, 0x3b, 0x50, 0x91, 0xcf, 0x42,
+	0xa1, 0xf2, 0x4f, 0xf6, 0xfe, 0x99, 0x7c, 0x16, 0x62, 0x0f, 0x6b, 0x58, 0x4b, 0x2d, 0x61, 0xc5,
+	0xb6, 0x84, 0x1f, 0xc3, 0xea, 0x89, 0x0c, 0x02, 0xf9, 0x6c, 0xb2, 0x98, 0x05, 0x7e, 0x78, 0x6e,
+	0xfb, 0xc2, 0x65, 0x22, 0xdb, 0x86, 0x6b, 0x53, 0x5f, 0xa1, 0x39, 0x7d, 0x19, 0x6a, 0x11, 0xd2,
+	0x23, 0x08, 0x71, 0x97, 0xc9, 0xec, 0x4b, 0xd8, 0x72, 0xb5, 0x16, 0xb3, 0x48, 0x3f, 0x0a, 0x23,
+	0xd7, 0x3b, 0x1f, 0x48, 0x8f, 0xce, 0xec, 0x2c, 0x72, 0xb5, 0x7f, 0xec, 0x07, 0xf8, 0xde, 0xab,
+	0x91, 0xe8, 0x6b, 0x71, 0xec, 0x13, 0x58, 0xf3, 0x94, 0x70, 0xb5, 0x18, 0x88, 0x58, 0x1f, 0xb9,
+	0xfa, 0xac, 0x53, 0x27, 0xc9, 0x4b, 0x54, 0xdc, 0x83, 0x8b, 0xd6, 0x7e, 0xed, 0x07, 0x53, 0xcf,
+	0x55, 0xd3, 0x4e, 0xc3, 0xec, 0x61, 0x89, 0xc8, 0xba, 0xc0, 0x88, 0x30, 0x9c, 0x45, 0x7a, 0x91,
+	0x42, 0x81, 0xa0, 0x57, 0x70, 0xb0, 0xaa, 0x6a, 0x7f, 0x26, 0x62, 0xed, 0xce, 0x22, 0xfa, 0xd5,
+	0x50, 0xe2, 0x19, 0x81, 0xdd, 0x84, 0xb6, 0x1f, 0x7a, 0xc1, 0x7c, 0x2a, 0x9e, 0x44, 0xb8, 0x11,
+	0x15, 0xc6, 0x9d, 0x16, 0xd5, 0xa0, 0x6b, 0x96, 0x7e, 0x64, 0xc9, 0x08, 0x15, 0x17, 0x97, 0xa0,
+	0xab, 0x06, 0x6a, 0xe9, 0x09, 0xd4, 0xf9, 0xb6, 0x00, 0xed, 0xcb, 0x89, 0x87, 0x61, 0x8b, 0x70,
+	0xf3, 0xf6, 0x08, 0xe3, 0x38, 0x0d, 0x65, 0x31, 0x17, 0xca, 0xe4, 0x52, 0x2c, 0xe5, 0x2e, 0xc5,
+	0x34, 0x2d, 0xca, 0xaf, 0x4e, 0x8b, 0xa5, 0x8d, 0x56, 0x2e, 0x6d, 0xd4, 0xf9, 0x6d, 0x01, 0xae,
+	0x5d, 0x4a, 0xee, 0x37, 0xb6, 0x68, 0x0b, 0x9a, 0x33, 0xf7, 0x5c, 0x1c, 0xb9, 0x8a, 0x52, 0xa6,
+	0x64, 0xba, 0xc6, 0x1c, 0xe9, 0xbf, 0x60, 0x5f, 0x08, 0xad, 0xfc, 0x89, 0xba, 0xd2, 0xb6, 0x24,
+	0x41, 0x0e, 0xa5, 0xbe, 0x27, 0xe7, 0xf6, 0xc2, 0x4d, 0x12, 0x24, 0x21, 0xbe, 0x9c, 0x46, 0xa5,
+	0x2b, 0xd2, 0xc8, 0x39, 0x84, 0x7a, 0x62, 0x20, 0xdb, 0xb4, 0x7f, 0x15, 0x0a, 0xd9, 0xdf, 0xad,
+	0x47, 0xb1, 0x50, 0x68, 0xbb, 0xf9, 0xc5, 0xf0, 0x21, 0x54, 0x4e, 0x95, 0x9c, 0x47, 0xb6, 0x62,
+	0x2f, 0x21, 0x0c, 0xc7, 0x99, 0x40, 0xcd, 0x52, 0xd8, 0x0e, 0x54, 0x8f, 0x17, 0x87, 0x49, 0xbf,
+	0x63, 0xcb, 0x05, 0xce, 0xa7, 0x16, 0x81, 0x35, 0xc8, 0x20, 0xd8, 0x75, 0x28, 0x1f, 0x2f, 0x46,
+	0x03, 0xf3, 0x06, 0xc4, 0x4a, 0x86, 0xb3, 0x5e, 0xd5, 0x18, 0xe4, 0xdc, 0x87, 0x56, 0x5e, 0x0e,
+	0x9d, 0x92, 0xeb, 0xa3, 0x68, 0x9c, 0x95, 0xec, 0xe2, 0x6b, 0x4a, 0xf6, 0xce, 0x36, 0xd4, 0xec,
+	0xff, 0x1b, 0xd6, 0x80, 0xca, 0xa3, 0xc3, 0xc9, 0xf0, 0x61, 0x7b, 0x85, 0xd5, 0xa1, 0x7c, 0x30,
+	0x9e, 0x3c, 0x6c, 0x17, 0x70, 0x74, 0x38, 0x3e, 0x1c, 0xb6, 0x8b, 0x3b, 0x37, 0xa1, 0x95, 0xff,
+	0x83, 0xc3, 0x9a, 0x50, 0x9b, 0xec, 0x1f, 0x0e, 0x7a, 0xe3, 0x5f, 0xb6, 0x57, 0x58, 0x0b, 0xea,
+	0xa3, 0xc3, 0xc9, 0xb0, 0xff, 0x88, 0x0f, 0xdb, 0x85, 0x9d, 0x5f, 0x40, 0x23, 0xfd, 0x91, 0x80,
+	0x1a, 0x7a, 0xa3, 0xc3, 0x41, 0x7b, 0x85, 0x01, 0x54, 0x27, 0xc3, 0x3e, 0x1f, 0xa2, 0xde, 0x1a,
+	0x94, 0x26, 0x93, 0x83, 0x76, 0x11, 0x57, 0xed, 0xef, 0xf7, 0x0f, 0x86, 0xed, 0x12, 0x0e, 0x1f,
+	0x3e, 0x38, 0xba, 0x37, 0x69, 0x97, 0x77, 0x3e, 0x83, 0x6b, 0x97, 0x1e, 0xeb, 0x24, 0x7d, 0xb0,
+	0xcf, 0x87, 0xa8, 0xa9, 0x09, 0xb5, 0x23, 0x3e, 0x7a, 0xbc, 0xff, 0x70, 0xd8, 0x2e, 0x20, 0xe3,
+	0xfe, 0xb8, 0xff, 0xd5, 0x70, 0xd0, 0x2e, 0xf6, 0x6e, 0x7c, 0xf7, 0x7c, 0xa3, 0xf0, 0xfd, 0xf3,
+	0x8d, 0xc2, 0x0f, 0xcf, 0x37, 0x0a, 0x7f, 0x7f, 0xbe, 0x51, 0xf8, 0xf6, 0xc5, 0xc6, 0xca, 0xf7,
+	0x2f, 0x36, 0x56, 0x7e, 0x78, 0xb1, 0xb1, 0x72, 0x5c, 0xa5, 0xff, 0xa9, 0x9f, 0xfe, 0x3b, 0x00,
+	0x00, 0xff, 0xff, 0x3a, 0xd6, 0xef, 0x88, 0x8f, 0x15, 0x00, 0x00,
+}
+
+func (m *Op) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *Meta) Size() (n int) {
+func (m *Op) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Op) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Args) > 0 {
-		for _, s := range m.Args {
-			l = len(s)
-			n += 1 + l + sovOps(uint64(l))
+	if m.Constraints != nil {
+		{
+			size, err := m.Constraints.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x5a
 	}
-	if len(m.Env) > 0 {
-		for _, s := range m.Env {
-			l = len(s)
-			n += 1 + l + sovOps(uint64(l))
+	if m.Platform != nil {
+		{
+			size, err := m.Platform.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x52
 	}
-	l = len(m.Cwd)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	l = len(m.User)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	if m.ProxyEnv != nil {
-		l = m.ProxyEnv.Size()
-		n += 1 + l + sovOps(uint64(l))
+	if m.Op != nil {
+		{
+			size := m.Op.Size()
+			i -= size
+			if _, err := m.Op.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
+		}
 	}
-	if len(m.ExtraHosts) > 0 {
-		for _, e := range m.ExtraHosts {
-			l = e.Size()
-			n += 1 + l + sovOps(uint64(l))
+	if len(m.Inputs) > 0 {
+		for iNdEx := len(m.Inputs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Inputs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintOps(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
 		}
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *Mount) Size() (n int) {
-	var l int
-	_ = l
-	if m.Input != 0 {
-		n += 1 + sovOps(uint64(m.Input))
-	}
-	l = len(m.Selector)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	l = len(m.Dest)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	if m.Output != 0 {
-		n += 1 + sovOps(uint64(m.Output))
-	}
-	if m.Readonly {
-		n += 2
-	}
-	if m.MountType != 0 {
-		n += 1 + sovOps(uint64(m.MountType))
-	}
-	if m.CacheOpt != nil {
-		l = m.CacheOpt.Size()
-		n += 2 + l + sovOps(uint64(l))
+func (m *Op_Exec) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Op_Exec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Exec != nil {
+		{
+			size, err := m.Exec.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.SecretOpt != nil {
-		l = m.SecretOpt.Size()
-		n += 2 + l + sovOps(uint64(l))
+	return len(dAtA) - i, nil
+}
+func (m *Op_Source) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Op_Source) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Source != nil {
+		{
+			size, err := m.Source.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.SSHOpt != nil {
-		l = m.SSHOpt.Size()
-		n += 2 + l + sovOps(uint64(l))
+	return len(dAtA) - i, nil
+}
+func (m *Op_File) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Op_File) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.File != nil {
+		{
+			size, err := m.File.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
 	}
-	return n
+	return len(dAtA) - i, nil
+}
+func (m *Op_Build) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *CacheOpt) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.ID)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+func (m *Op_Build) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Build != nil {
+		{
+			size, err := m.Build.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	if m.Sharing != 0 {
-		n += 1 + sovOps(uint64(m.Sharing))
+	return len(dAtA) - i, nil
+}
+func (m *Platform) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *SecretOpt) Size() (n int) {
+func (m *Platform) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Platform) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.ID)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+	if len(m.OSFeatures) > 0 {
+		for iNdEx := len(m.OSFeatures) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.OSFeatures[iNdEx])
+			copy(dAtA[i:], m.OSFeatures[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(m.OSFeatures[iNdEx])))
+			i--
+			dAtA[i] = 0x2a
+		}
 	}
-	if m.Uid != 0 {
-		n += 1 + sovOps(uint64(m.Uid))
+	if len(m.OSVersion) > 0 {
+		i -= len(m.OSVersion)
+		copy(dAtA[i:], m.OSVersion)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.OSVersion)))
+		i--
+		dAtA[i] = 0x22
 	}
-	if m.Gid != 0 {
-		n += 1 + sovOps(uint64(m.Gid))
+	if len(m.Variant) > 0 {
+		i -= len(m.Variant)
+		copy(dAtA[i:], m.Variant)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Variant)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	if m.Mode != 0 {
-		n += 1 + sovOps(uint64(m.Mode))
+	if len(m.OS) > 0 {
+		i -= len(m.OS)
+		copy(dAtA[i:], m.OS)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.OS)))
+		i--
+		dAtA[i] = 0x12
 	}
-	if m.Optional {
-		n += 2
+	if len(m.Architecture) > 0 {
+		i -= len(m.Architecture)
+		copy(dAtA[i:], m.Architecture)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Architecture)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *SSHOpt) Size() (n int) {
+func (m *Input) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Input) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Input) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.ID)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	if m.Uid != 0 {
-		n += 1 + sovOps(uint64(m.Uid))
-	}
-	if m.Gid != 0 {
-		n += 1 + sovOps(uint64(m.Gid))
-	}
-	if m.Mode != 0 {
-		n += 1 + sovOps(uint64(m.Mode))
+	if m.Index != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Index))
+		i--
+		dAtA[i] = 0x10
 	}
-	if m.Optional {
-		n += 2
+	if len(m.Digest) > 0 {
+		i -= len(m.Digest)
+		copy(dAtA[i:], m.Digest)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Digest)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *CopyOp) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Src) > 0 {
-		for _, e := range m.Src {
-			l = e.Size()
-			n += 1 + l + sovOps(uint64(l))
-		}
-	}
-	l = len(m.Dest)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+func (m *ExecOp) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *CopySource) Size() (n int) {
-	var l int
-	_ = l
-	if m.Input != 0 {
-		n += 1 + sovOps(uint64(m.Input))
-	}
-	l = len(m.Selector)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	return n
+func (m *ExecOp) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *SourceOp) Size() (n int) {
+func (m *ExecOp) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Identifier)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+	if m.Security != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Security))
+		i--
+		dAtA[i] = 0x20
 	}
-	if len(m.Attrs) > 0 {
-		for k, v := range m.Attrs {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
-			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+	if m.Network != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Network))
+		i--
+		dAtA[i] = 0x18
+	}
+	if len(m.Mounts) > 0 {
+		for iNdEx := len(m.Mounts) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Mounts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintOps(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	return n
+	if m.Meta != nil {
+		{
+			size, err := m.Meta.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
 }
 
-func (m *BuildOp) Size() (n int) {
+func (m *Meta) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Meta) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Meta) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Builder != 0 {
-		n += 1 + sovOps(uint64(m.Builder))
+	if len(m.Hostname) > 0 {
+		i -= len(m.Hostname)
+		copy(dAtA[i:], m.Hostname)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Hostname)))
+		i--
+		dAtA[i] = 0x3a
 	}
-	if len(m.Inputs) > 0 {
-		for k, v := range m.Inputs {
-			_ = k
-			_ = v
-			l = 0
-			if v != nil {
-				l = v.Size()
-				l += 1 + sovOps(uint64(l))
+	if len(m.ExtraHosts) > 0 {
+		for iNdEx := len(m.ExtraHosts) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ExtraHosts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintOps(dAtA, i, uint64(size))
 			}
-			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + l
-			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+			i--
+			dAtA[i] = 0x32
 		}
 	}
-	if m.Def != nil {
-		l = m.Def.Size()
-		n += 1 + l + sovOps(uint64(l))
+	if m.ProxyEnv != nil {
+		{
+			size, err := m.ProxyEnv.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	if len(m.Attrs) > 0 {
-		for k, v := range m.Attrs {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
-			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+	if len(m.User) > 0 {
+		i -= len(m.User)
+		copy(dAtA[i:], m.User)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.User)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.Cwd) > 0 {
+		i -= len(m.Cwd)
+		copy(dAtA[i:], m.Cwd)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Cwd)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Env) > 0 {
+		for iNdEx := len(m.Env) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Env[iNdEx])
+			copy(dAtA[i:], m.Env[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(m.Env[iNdEx])))
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	return n
+	if len(m.Args) > 0 {
+		for iNdEx := len(m.Args) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Args[iNdEx])
+			copy(dAtA[i:], m.Args[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(m.Args[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
 }
 
-func (m *BuildInput) Size() (n int) {
-	var l int
-	_ = l
-	if m.Input != 0 {
-		n += 1 + sovOps(uint64(m.Input))
+func (m *Mount) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *OpMetadata) Size() (n int) {
+func (m *Mount) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Mount) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.IgnoreCache {
-		n += 2
+	if len(m.ResultID) > 0 {
+		i -= len(m.ResultID)
+		copy(dAtA[i:], m.ResultID)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.ResultID)))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xba
 	}
-	if len(m.Description) > 0 {
-		for k, v := range m.Description {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
-			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+	if m.SSHOpt != nil {
+		{
+			size, err := m.SSHOpt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xb2
 	}
-	if m.ExportCache != nil {
-		l = m.ExportCache.Size()
-		n += 1 + l + sovOps(uint64(l))
+	if m.SecretOpt != nil {
+		{
+			size, err := m.SecretOpt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xaa
 	}
-	if len(m.Caps) > 0 {
-		for k, v := range m.Caps {
-			_ = k
-			_ = v
-			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + 1
-			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+	if m.CacheOpt != nil {
+		{
+			size, err := m.CacheOpt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xa2
 	}
-	return n
-}
-
-func (m *ExportCache) Size() (n int) {
-	var l int
-	_ = l
-	if m.Value {
-		n += 2
+	if m.MountType != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.MountType))
+		i--
+		dAtA[i] = 0x30
 	}
-	return n
-}
-
-func (m *ProxyEnv) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.HttpProxy)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+	if m.Readonly {
+		i--
+		if m.Readonly {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x28
 	}
-	l = len(m.HttpsProxy)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+	if m.Output != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Output))
+		i--
+		dAtA[i] = 0x20
 	}
-	l = len(m.FtpProxy)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+	if len(m.Dest) > 0 {
+		i -= len(m.Dest)
+		copy(dAtA[i:], m.Dest)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Dest)))
+		i--
+		dAtA[i] = 0x1a
 	}
-	l = len(m.NoProxy)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
+	if len(m.Selector) > 0 {
+		i -= len(m.Selector)
+		copy(dAtA[i:], m.Selector)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Selector)))
+		i--
+		dAtA[i] = 0x12
 	}
-	return n
+	if m.Input != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Input))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
-func (m *WorkerConstraints) Size() (n int) {
-	var l int
-	_ = l
-	if len(m.Filter) > 0 {
-		for _, s := range m.Filter {
-			l = len(s)
-			n += 1 + l + sovOps(uint64(l))
-		}
+func (m *CacheOpt) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *Definition) Size() (n int) {
+func (m *CacheOpt) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *CacheOpt) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if len(m.Def) > 0 {
-		for _, b := range m.Def {
-			l = len(b)
-			n += 1 + l + sovOps(uint64(l))
-		}
+	if m.Sharing != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Sharing))
+		i--
+		dAtA[i] = 0x10
 	}
-	if len(m.Metadata) > 0 {
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *SecretOpt) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SecretOpt) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SecretOpt) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Optional {
+		i--
+		if m.Optional {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Mode != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Gid != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Gid))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Uid != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Uid))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *SSHOpt) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SSHOpt) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SSHOpt) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Optional {
+		i--
+		if m.Optional {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Mode != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Gid != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Gid))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Uid != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Uid))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *SourceOp) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SourceOp) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SourceOp) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Attrs) > 0 {
+		keysForAttrs := make([]string, 0, len(m.Attrs))
+		for k := range m.Attrs {
+			keysForAttrs = append(keysForAttrs, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForAttrs)
+		for iNdEx := len(keysForAttrs) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.Attrs[string(keysForAttrs[iNdEx])]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintOps(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(keysForAttrs[iNdEx])
+			copy(dAtA[i:], keysForAttrs[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(keysForAttrs[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintOps(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Identifier) > 0 {
+		i -= len(m.Identifier)
+		copy(dAtA[i:], m.Identifier)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Identifier)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *BuildOp) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *BuildOp) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BuildOp) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Attrs) > 0 {
+		keysForAttrs := make([]string, 0, len(m.Attrs))
+		for k := range m.Attrs {
+			keysForAttrs = append(keysForAttrs, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForAttrs)
+		for iNdEx := len(keysForAttrs) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.Attrs[string(keysForAttrs[iNdEx])]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintOps(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(keysForAttrs[iNdEx])
+			copy(dAtA[i:], keysForAttrs[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(keysForAttrs[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintOps(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x22
+		}
+	}
+	if m.Def != nil {
+		{
+			size, err := m.Def.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Inputs) > 0 {
+		keysForInputs := make([]string, 0, len(m.Inputs))
+		for k := range m.Inputs {
+			keysForInputs = append(keysForInputs, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForInputs)
+		for iNdEx := len(keysForInputs) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.Inputs[string(keysForInputs[iNdEx])]
+			baseI := i
+			if v != nil {
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintOps(dAtA, i, uint64(size))
+				}
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(keysForInputs[iNdEx])
+			copy(dAtA[i:], keysForInputs[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(keysForInputs[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintOps(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if m.Builder != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Builder))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *BuildInput) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *BuildInput) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *BuildInput) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Input != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Input))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *OpMetadata) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *OpMetadata) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *OpMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Caps) > 0 {
+		keysForCaps := make([]string, 0, len(m.Caps))
+		for k := range m.Caps {
+			keysForCaps = append(keysForCaps, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForCaps)
+		for iNdEx := len(keysForCaps) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.Caps[github_com_moby_buildkit_util_apicaps.CapID(keysForCaps[iNdEx])]
+			baseI := i
+			i--
+			if v {
+				dAtA[i] = 1
+			} else {
+				dAtA[i] = 0
+			}
+			i--
+			dAtA[i] = 0x10
+			i -= len(keysForCaps[iNdEx])
+			copy(dAtA[i:], keysForCaps[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(keysForCaps[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintOps(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x2a
+		}
+	}
+	if m.ExportCache != nil {
+		{
+			size, err := m.ExportCache.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.Description) > 0 {
+		keysForDescription := make([]string, 0, len(m.Description))
+		for k := range m.Description {
+			keysForDescription = append(keysForDescription, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForDescription)
+		for iNdEx := len(keysForDescription) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.Description[string(keysForDescription[iNdEx])]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintOps(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(keysForDescription[iNdEx])
+			copy(dAtA[i:], keysForDescription[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(keysForDescription[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintOps(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if m.IgnoreCache {
+		i--
+		if m.IgnoreCache {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Source) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Source) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Source) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Infos) > 0 {
+		for iNdEx := len(m.Infos) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Infos[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintOps(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Locations) > 0 {
+		keysForLocations := make([]string, 0, len(m.Locations))
+		for k := range m.Locations {
+			keysForLocations = append(keysForLocations, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForLocations)
+		for iNdEx := len(keysForLocations) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.Locations[string(keysForLocations[iNdEx])]
+			baseI := i
+			if v != nil {
+				{
+					size, err := v.MarshalToSizedBuffer(dAtA[:i])
+					if err != nil {
+						return 0, err
+					}
+					i -= size
+					i = encodeVarintOps(dAtA, i, uint64(size))
+				}
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(keysForLocations[iNdEx])
+			copy(dAtA[i:], keysForLocations[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(keysForLocations[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintOps(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Locations) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Locations) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Locations) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Locations) > 0 {
+		for iNdEx := len(m.Locations) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Locations[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintOps(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *SourceInfo) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SourceInfo) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SourceInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Definition != nil {
+		{
+			size, err := m.Definition.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Filename) > 0 {
+		i -= len(m.Filename)
+		copy(dAtA[i:], m.Filename)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Filename)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Location) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Location) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Location) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Ranges) > 0 {
+		for iNdEx := len(m.Ranges) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Ranges[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintOps(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if m.SourceIndex != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.SourceIndex))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Range) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Range) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Range) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.End.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintOps(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	{
+		size, err := m.Start.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintOps(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *Position) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Position) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Position) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Character != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Character))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Line != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Line))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ExportCache) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExportCache) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExportCache) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Value {
+		i--
+		if m.Value {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ProxyEnv) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ProxyEnv) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ProxyEnv) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.AllProxy) > 0 {
+		i -= len(m.AllProxy)
+		copy(dAtA[i:], m.AllProxy)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.AllProxy)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if len(m.NoProxy) > 0 {
+		i -= len(m.NoProxy)
+		copy(dAtA[i:], m.NoProxy)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.NoProxy)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.FtpProxy) > 0 {
+		i -= len(m.FtpProxy)
+		copy(dAtA[i:], m.FtpProxy)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.FtpProxy)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.HttpsProxy) > 0 {
+		i -= len(m.HttpsProxy)
+		copy(dAtA[i:], m.HttpsProxy)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.HttpsProxy)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.HttpProxy) > 0 {
+		i -= len(m.HttpProxy)
+		copy(dAtA[i:], m.HttpProxy)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.HttpProxy)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *WorkerConstraints) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *WorkerConstraints) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WorkerConstraints) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Filter) > 0 {
+		for iNdEx := len(m.Filter) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Filter[iNdEx])
+			copy(dAtA[i:], m.Filter[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(m.Filter[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *Definition) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Definition) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Definition) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Source != nil {
+		{
+			size, err := m.Source.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Metadata) > 0 {
+		keysForMetadata := make([]string, 0, len(m.Metadata))
+		for k := range m.Metadata {
+			keysForMetadata = append(keysForMetadata, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForMetadata)
+		for iNdEx := len(keysForMetadata) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.Metadata[github_com_opencontainers_go_digest.Digest(keysForMetadata[iNdEx])]
+			baseI := i
+			{
+				size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintOps(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+			i -= len(keysForMetadata[iNdEx])
+			copy(dAtA[i:], keysForMetadata[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(keysForMetadata[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintOps(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Def) > 0 {
+		for iNdEx := len(m.Def) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Def[iNdEx])
+			copy(dAtA[i:], m.Def[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(m.Def[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *HostIP) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *HostIP) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HostIP) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.IP) > 0 {
+		i -= len(m.IP)
+		copy(dAtA[i:], m.IP)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.IP)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Host) > 0 {
+		i -= len(m.Host)
+		copy(dAtA[i:], m.Host)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Host)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FileOp) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FileOp) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileOp) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Actions) > 0 {
+		for iNdEx := len(m.Actions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Actions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintOps(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FileAction) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FileAction) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileAction) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Action != nil {
+		{
+			size := m.Action.Size()
+			i -= size
+			if _, err := m.Action.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
+		}
+	}
+	if m.Output != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Output))
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.SecondaryInput != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.SecondaryInput))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Input != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Input))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FileAction_Copy) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileAction_Copy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Copy != nil {
+		{
+			size, err := m.Copy.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	return len(dAtA) - i, nil
+}
+func (m *FileAction_Mkfile) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileAction_Mkfile) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Mkfile != nil {
+		{
+			size, err := m.Mkfile.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
+	}
+	return len(dAtA) - i, nil
+}
+func (m *FileAction_Mkdir) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileAction_Mkdir) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Mkdir != nil {
+		{
+			size, err := m.Mkdir.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x32
+	}
+	return len(dAtA) - i, nil
+}
+func (m *FileAction_Rm) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileAction_Rm) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.Rm != nil {
+		{
+			size, err := m.Rm.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x3a
+	}
+	return len(dAtA) - i, nil
+}
+func (m *FileActionCopy) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FileActionCopy) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileActionCopy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.ExcludePatterns) > 0 {
+		for iNdEx := len(m.ExcludePatterns) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ExcludePatterns[iNdEx])
+			copy(dAtA[i:], m.ExcludePatterns[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(m.ExcludePatterns[iNdEx])))
+			i--
+			dAtA[i] = 0x6a
+		}
+	}
+	if len(m.IncludePatterns) > 0 {
+		for iNdEx := len(m.IncludePatterns) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.IncludePatterns[iNdEx])
+			copy(dAtA[i:], m.IncludePatterns[iNdEx])
+			i = encodeVarintOps(dAtA, i, uint64(len(m.IncludePatterns[iNdEx])))
+			i--
+			dAtA[i] = 0x62
+		}
+	}
+	if m.Timestamp != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Timestamp))
+		i--
+		dAtA[i] = 0x58
+	}
+	if m.AllowEmptyWildcard {
+		i--
+		if m.AllowEmptyWildcard {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x50
+	}
+	if m.AllowWildcard {
+		i--
+		if m.AllowWildcard {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x48
+	}
+	if m.CreateDestPath {
+		i--
+		if m.CreateDestPath {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x40
+	}
+	if m.AttemptUnpackDockerCompatibility {
+		i--
+		if m.AttemptUnpackDockerCompatibility {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x38
+	}
+	if m.DirCopyContents {
+		i--
+		if m.DirCopyContents {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x30
+	}
+	if m.FollowSymlink {
+		i--
+		if m.FollowSymlink {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Mode != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x20
+	}
+	if m.Owner != nil {
+		{
+			size, err := m.Owner.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Dest) > 0 {
+		i -= len(m.Dest)
+		copy(dAtA[i:], m.Dest)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Dest)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Src) > 0 {
+		i -= len(m.Src)
+		copy(dAtA[i:], m.Src)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Src)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FileActionMkFile) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FileActionMkFile) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileActionMkFile) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Timestamp != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Timestamp))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Owner != nil {
+		{
+			size, err := m.Owner.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.Mode != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Path) > 0 {
+		i -= len(m.Path)
+		copy(dAtA[i:], m.Path)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Path)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FileActionMkDir) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FileActionMkDir) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileActionMkDir) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Timestamp != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Timestamp))
+		i--
+		dAtA[i] = 0x28
+	}
+	if m.Owner != nil {
+		{
+			size, err := m.Owner.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.MakeParents {
+		i--
+		if m.MakeParents {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.Mode != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Path) > 0 {
+		i -= len(m.Path)
+		copy(dAtA[i:], m.Path)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Path)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *FileActionRm) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *FileActionRm) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *FileActionRm) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.AllowWildcard {
+		i--
+		if m.AllowWildcard {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x18
+	}
+	if m.AllowNotFound {
+		i--
+		if m.AllowNotFound {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Path) > 0 {
+		i -= len(m.Path)
+		copy(dAtA[i:], m.Path)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Path)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ChownOpt) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ChownOpt) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ChownOpt) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Group != nil {
+		{
+			size, err := m.Group.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.User != nil {
+		{
+			size, err := m.User.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *UserOpt) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *UserOpt) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UserOpt) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.User != nil {
+		{
+			size := m.User.Size()
+			i -= size
+			if _, err := m.User.MarshalTo(dAtA[i:]); err != nil {
+				return 0, err
+			}
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *UserOpt_ByName) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UserOpt_ByName) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	if m.ByName != nil {
+		{
+			size, err := m.ByName.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintOps(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+func (m *UserOpt_ByID) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *UserOpt_ByID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	i = encodeVarintOps(dAtA, i, uint64(m.ByID))
+	i--
+	dAtA[i] = 0x10
+	return len(dAtA) - i, nil
+}
+func (m *NamedUserOpt) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *NamedUserOpt) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *NamedUserOpt) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Input != 0 {
+		i = encodeVarintOps(dAtA, i, uint64(m.Input))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Name) > 0 {
+		i -= len(m.Name)
+		copy(dAtA[i:], m.Name)
+		i = encodeVarintOps(dAtA, i, uint64(len(m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintOps(dAtA []byte, offset int, v uint64) int {
+	offset -= sovOps(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func (m *Op) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Inputs) > 0 {
+		for _, e := range m.Inputs {
+			l = e.Size()
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	if m.Op != nil {
+		n += m.Op.Size()
+	}
+	if m.Platform != nil {
+		l = m.Platform.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Constraints != nil {
+		l = m.Constraints.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+
+func (m *Op_Exec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Exec != nil {
+		l = m.Exec.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *Op_Source) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Source != nil {
+		l = m.Source.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *Op_File) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.File != nil {
+		l = m.File.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *Op_Build) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Build != nil {
+		l = m.Build.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *Platform) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Architecture)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.OS)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.Variant)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.OSVersion)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if len(m.OSFeatures) > 0 {
+		for _, s := range m.OSFeatures {
+			l = len(s)
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *Input) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Digest)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Index != 0 {
+		n += 1 + sovOps(uint64(m.Index))
+	}
+	return n
+}
+
+func (m *ExecOp) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Meta != nil {
+		l = m.Meta.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if len(m.Mounts) > 0 {
+		for _, e := range m.Mounts {
+			l = e.Size()
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	if m.Network != 0 {
+		n += 1 + sovOps(uint64(m.Network))
+	}
+	if m.Security != 0 {
+		n += 1 + sovOps(uint64(m.Security))
+	}
+	return n
+}
+
+func (m *Meta) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Args) > 0 {
+		for _, s := range m.Args {
+			l = len(s)
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	if len(m.Env) > 0 {
+		for _, s := range m.Env {
+			l = len(s)
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	l = len(m.Cwd)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.User)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.ProxyEnv != nil {
+		l = m.ProxyEnv.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if len(m.ExtraHosts) > 0 {
+		for _, e := range m.ExtraHosts {
+			l = e.Size()
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	l = len(m.Hostname)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+
+func (m *Mount) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Input != 0 {
+		n += 1 + sovOps(uint64(m.Input))
+	}
+	l = len(m.Selector)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.Dest)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Output != 0 {
+		n += 1 + sovOps(uint64(m.Output))
+	}
+	if m.Readonly {
+		n += 2
+	}
+	if m.MountType != 0 {
+		n += 1 + sovOps(uint64(m.MountType))
+	}
+	if m.CacheOpt != nil {
+		l = m.CacheOpt.Size()
+		n += 2 + l + sovOps(uint64(l))
+	}
+	if m.SecretOpt != nil {
+		l = m.SecretOpt.Size()
+		n += 2 + l + sovOps(uint64(l))
+	}
+	if m.SSHOpt != nil {
+		l = m.SSHOpt.Size()
+		n += 2 + l + sovOps(uint64(l))
+	}
+	l = len(m.ResultID)
+	if l > 0 {
+		n += 2 + l + sovOps(uint64(l))
+	}
+	return n
+}
+
+func (m *CacheOpt) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Sharing != 0 {
+		n += 1 + sovOps(uint64(m.Sharing))
+	}
+	return n
+}
+
+func (m *SecretOpt) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Uid != 0 {
+		n += 1 + sovOps(uint64(m.Uid))
+	}
+	if m.Gid != 0 {
+		n += 1 + sovOps(uint64(m.Gid))
+	}
+	if m.Mode != 0 {
+		n += 1 + sovOps(uint64(m.Mode))
+	}
+	if m.Optional {
+		n += 2
+	}
+	return n
+}
+
+func (m *SSHOpt) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Uid != 0 {
+		n += 1 + sovOps(uint64(m.Uid))
+	}
+	if m.Gid != 0 {
+		n += 1 + sovOps(uint64(m.Gid))
+	}
+	if m.Mode != 0 {
+		n += 1 + sovOps(uint64(m.Mode))
+	}
+	if m.Optional {
+		n += 2
+	}
+	return n
+}
+
+func (m *SourceOp) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Identifier)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if len(m.Attrs) > 0 {
+		for k, v := range m.Attrs {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
+			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+		}
+	}
+	return n
+}
+
+func (m *BuildOp) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Builder != 0 {
+		n += 1 + sovOps(uint64(m.Builder))
+	}
+	if len(m.Inputs) > 0 {
+		for k, v := range m.Inputs {
+			_ = k
+			_ = v
+			l = 0
+			if v != nil {
+				l = v.Size()
+				l += 1 + sovOps(uint64(l))
+			}
+			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + l
+			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+		}
+	}
+	if m.Def != nil {
+		l = m.Def.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if len(m.Attrs) > 0 {
+		for k, v := range m.Attrs {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
+			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+		}
+	}
+	return n
+}
+
+func (m *BuildInput) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Input != 0 {
+		n += 1 + sovOps(uint64(m.Input))
+	}
+	return n
+}
+
+func (m *OpMetadata) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.IgnoreCache {
+		n += 2
+	}
+	if len(m.Description) > 0 {
+		for k, v := range m.Description {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + len(v) + sovOps(uint64(len(v)))
+			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+		}
+	}
+	if m.ExportCache != nil {
+		l = m.ExportCache.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if len(m.Caps) > 0 {
+		for k, v := range m.Caps {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + 1 + 1
+			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+		}
+	}
+	return n
+}
+
+func (m *Source) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Locations) > 0 {
+		for k, v := range m.Locations {
+			_ = k
+			_ = v
+			l = 0
+			if v != nil {
+				l = v.Size()
+				l += 1 + sovOps(uint64(l))
+			}
+			mapEntrySize := 1 + len(k) + sovOps(uint64(len(k))) + l
+			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
+		}
+	}
+	if len(m.Infos) > 0 {
+		for _, e := range m.Infos {
+			l = e.Size()
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *Locations) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Locations) > 0 {
+		for _, e := range m.Locations {
+			l = e.Size()
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *SourceInfo) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Filename)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.Data)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Definition != nil {
+		l = m.Definition.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+
+func (m *Location) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.SourceIndex != 0 {
+		n += 1 + sovOps(uint64(m.SourceIndex))
+	}
+	if len(m.Ranges) > 0 {
+		for _, e := range m.Ranges {
+			l = e.Size()
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *Range) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.Start.Size()
+	n += 1 + l + sovOps(uint64(l))
+	l = m.End.Size()
+	n += 1 + l + sovOps(uint64(l))
+	return n
+}
+
+func (m *Position) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Line != 0 {
+		n += 1 + sovOps(uint64(m.Line))
+	}
+	if m.Character != 0 {
+		n += 1 + sovOps(uint64(m.Character))
+	}
+	return n
+}
+
+func (m *ExportCache) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Value {
+		n += 2
+	}
+	return n
+}
+
+func (m *ProxyEnv) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.HttpProxy)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.HttpsProxy)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.FtpProxy)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.NoProxy)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.AllProxy)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+
+func (m *WorkerConstraints) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Filter) > 0 {
+		for _, s := range m.Filter {
+			l = len(s)
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *Definition) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Def) > 0 {
+		for _, b := range m.Def {
+			l = len(b)
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	if len(m.Metadata) > 0 {
 		for k, v := range m.Metadata {
 			_ = k
 			_ = v
@@ -2501,37 +5158,2681 @@ func (m *Definition) Size() (n int) {
 			n += mapEntrySize + 1 + sovOps(uint64(mapEntrySize))
 		}
 	}
-	return n
-}
-
-func (m *HostIP) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Host)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	l = len(m.IP)
-	if l > 0 {
-		n += 1 + l + sovOps(uint64(l))
-	}
-	return n
-}
+	if m.Source != nil {
+		l = m.Source.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+
+func (m *HostIP) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Host)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.IP)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+
+func (m *FileOp) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Actions) > 0 {
+		for _, e := range m.Actions {
+			l = e.Size()
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *FileAction) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Input != 0 {
+		n += 1 + sovOps(uint64(m.Input))
+	}
+	if m.SecondaryInput != 0 {
+		n += 1 + sovOps(uint64(m.SecondaryInput))
+	}
+	if m.Output != 0 {
+		n += 1 + sovOps(uint64(m.Output))
+	}
+	if m.Action != nil {
+		n += m.Action.Size()
+	}
+	return n
+}
+
+func (m *FileAction_Copy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Copy != nil {
+		l = m.Copy.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *FileAction_Mkfile) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Mkfile != nil {
+		l = m.Mkfile.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *FileAction_Mkdir) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Mkdir != nil {
+		l = m.Mkdir.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *FileAction_Rm) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Rm != nil {
+		l = m.Rm.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *FileActionCopy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Src)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	l = len(m.Dest)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Owner != nil {
+		l = m.Owner.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Mode != 0 {
+		n += 1 + sovOps(uint64(m.Mode))
+	}
+	if m.FollowSymlink {
+		n += 2
+	}
+	if m.DirCopyContents {
+		n += 2
+	}
+	if m.AttemptUnpackDockerCompatibility {
+		n += 2
+	}
+	if m.CreateDestPath {
+		n += 2
+	}
+	if m.AllowWildcard {
+		n += 2
+	}
+	if m.AllowEmptyWildcard {
+		n += 2
+	}
+	if m.Timestamp != 0 {
+		n += 1 + sovOps(uint64(m.Timestamp))
+	}
+	if len(m.IncludePatterns) > 0 {
+		for _, s := range m.IncludePatterns {
+			l = len(s)
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	if len(m.ExcludePatterns) > 0 {
+		for _, s := range m.ExcludePatterns {
+			l = len(s)
+			n += 1 + l + sovOps(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *FileActionMkFile) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Path)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Mode != 0 {
+		n += 1 + sovOps(uint64(m.Mode))
+	}
+	l = len(m.Data)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Owner != nil {
+		l = m.Owner.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Timestamp != 0 {
+		n += 1 + sovOps(uint64(m.Timestamp))
+	}
+	return n
+}
+
+func (m *FileActionMkDir) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Path)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Mode != 0 {
+		n += 1 + sovOps(uint64(m.Mode))
+	}
+	if m.MakeParents {
+		n += 2
+	}
+	if m.Owner != nil {
+		l = m.Owner.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Timestamp != 0 {
+		n += 1 + sovOps(uint64(m.Timestamp))
+	}
+	return n
+}
+
+func (m *FileActionRm) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Path)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.AllowNotFound {
+		n += 2
+	}
+	if m.AllowWildcard {
+		n += 2
+	}
+	return n
+}
+
+func (m *ChownOpt) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.User != nil {
+		l = m.User.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Group != nil {
+		l = m.Group.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+
+func (m *UserOpt) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.User != nil {
+		n += m.User.Size()
+	}
+	return n
+}
+
+func (m *UserOpt_ByName) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.ByName != nil {
+		l = m.ByName.Size()
+		n += 1 + l + sovOps(uint64(l))
+	}
+	return n
+}
+func (m *UserOpt_ByID) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	n += 1 + sovOps(uint64(m.ByID))
+	return n
+}
+func (m *NamedUserOpt) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovOps(uint64(l))
+	}
+	if m.Input != 0 {
+		n += 1 + sovOps(uint64(m.Input))
+	}
+	return n
+}
+
+func sovOps(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozOps(x uint64) (n int) {
+	return sovOps(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (m *Op) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Op: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Op: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Inputs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Inputs = append(m.Inputs, &Input{})
+			if err := m.Inputs[len(m.Inputs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exec", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &ExecOp{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Op = &Op_Exec{v}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &SourceOp{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Op = &Op_Source{v}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field File", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &FileOp{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Op = &Op_File{v}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Build", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &BuildOp{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Op = &Op_Build{v}
+			iNdEx = postIndex
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Platform", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Platform == nil {
+				m.Platform = &Platform{}
+			}
+			if err := m.Platform.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Constraints", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Constraints == nil {
+				m.Constraints = &WorkerConstraints{}
+			}
+			if err := m.Constraints.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Platform) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Platform: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Platform: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Architecture", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Architecture = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OS", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.OS = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Variant", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Variant = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OSVersion", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.OSVersion = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OSFeatures", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.OSFeatures = append(m.OSFeatures, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Input) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Input: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Input: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Digest", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Digest = github_com_opencontainers_go_digest.Digest(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType)
+			}
+			m.Index = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Index |= OutputIndex(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ExecOp) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExecOp: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExecOp: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Meta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Meta == nil {
+				m.Meta = &Meta{}
+			}
+			if err := m.Meta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mounts", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Mounts = append(m.Mounts, &Mount{})
+			if err := m.Mounts[len(m.Mounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
+			}
+			m.Network = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Network |= NetMode(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Security", wireType)
+			}
+			m.Security = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Security |= SecurityMode(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Meta) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Meta: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Meta: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Args", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Args = append(m.Args, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Env", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Env = append(m.Env, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Cwd", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Cwd = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field User", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.User = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ProxyEnv", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ProxyEnv == nil {
+				m.ProxyEnv = &ProxyEnv{}
+			}
+			if err := m.ProxyEnv.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExtraHosts", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ExtraHosts = append(m.ExtraHosts, &HostIP{})
+			if err := m.ExtraHosts[len(m.ExtraHosts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Hostname", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Hostname = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Mount) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Mount: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Mount: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType)
+			}
+			m.Input = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Input |= InputIndex(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Selector = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Dest", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Dest = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Output", wireType)
+			}
+			m.Output = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Output |= OutputIndex(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Readonly", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Readonly = bool(v != 0)
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MountType", wireType)
+			}
+			m.MountType = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.MountType |= MountType(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 20:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CacheOpt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.CacheOpt == nil {
+				m.CacheOpt = &CacheOpt{}
+			}
+			if err := m.CacheOpt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 21:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SecretOpt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.SecretOpt == nil {
+				m.SecretOpt = &SecretOpt{}
+			}
+			if err := m.SecretOpt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 22:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SSHOpt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.SSHOpt == nil {
+				m.SSHOpt = &SSHOpt{}
+			}
+			if err := m.SSHOpt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 23:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResultID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResultID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *CacheOpt) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: CacheOpt: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: CacheOpt: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Sharing", wireType)
+			}
+			m.Sharing = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Sharing |= CacheSharingOpt(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *SecretOpt) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SecretOpt: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SecretOpt: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType)
+			}
+			m.Uid = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Uid |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Gid", wireType)
+			}
+			m.Gid = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Gid |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
+			}
+			m.Mode = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Mode |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Optional", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Optional = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *SSHOpt) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SSHOpt: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SSHOpt: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ID = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType)
+			}
+			m.Uid = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Uid |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Gid", wireType)
+			}
+			m.Gid = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Gid |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
+			}
+			m.Mode = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Mode |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Optional", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Optional = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *SourceOp) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SourceOp: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SourceOp: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Identifier", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Identifier = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Attrs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Attrs == nil {
+				m.Attrs = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowOps
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipOps(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthOps
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Attrs[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *BuildOp) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: BuildOp: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: BuildOp: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Builder", wireType)
+			}
+			m.Builder = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Builder |= InputIndex(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Inputs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Inputs == nil {
+				m.Inputs = make(map[string]*BuildInput)
+			}
+			var mapkey string
+			var mapvalue *BuildInput
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowOps
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthOps
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &BuildInput{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipOps(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthOps
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Inputs[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Def", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Def == nil {
+				m.Def = &Definition{}
+			}
+			if err := m.Def.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Attrs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Attrs == nil {
+				m.Attrs = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowOps
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipOps(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthOps
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Attrs[mapkey] = mapvalue
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
 
-func sovOps(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	return n
-}
-func sozOps(x uint64) (n int) {
-	return sovOps(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+	return nil
 }
-func (m *Op) Unmarshal(dAtA []byte) error {
+func (m *BuildInput) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2546,7 +7847,7 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2554,17 +7855,17 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Op: wiretype end group for non-group")
+			return fmt.Errorf("proto: BuildInput: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Op: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: BuildInput: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Inputs", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType)
 			}
-			var msglen int
+			m.Input = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -2574,28 +7875,66 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.Input |= InputIndex(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
+			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Inputs = append(m.Inputs, &Input{})
-			if err := m.Inputs[len(m.Inputs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *OpMetadata) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
 			}
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Exec", wireType)
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
 			}
-			var msglen int
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: OpMetadata: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: OpMetadata: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IgnoreCache", wireType)
+			}
+			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -2605,27 +7944,15 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			v := &ExecOp{}
-			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			m.Op = &Op_Exec{v}
-			iNdEx = postIndex
-		case 3:
+			m.IgnoreCache = bool(v != 0)
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2637,27 +7964,122 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			v := &SourceOp{}
-			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			m.Op = &Op_Source{v}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Description == nil {
+				m.Description = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowOps
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipOps(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthOps
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Description[mapkey] = mapvalue
 			iNdEx = postIndex
 		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Copy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ExportCache", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2669,7 +8091,7 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2678,18 +8100,22 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &CopyOp{}
-			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.ExportCache == nil {
+				m.ExportCache = &ExportCache{}
+			}
+			if err := m.ExportCache.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
-			m.Op = &Op_Copy{v}
 			iNdEx = postIndex
 		case 5:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Build", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Caps", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2701,7 +8127,7 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -2710,80 +8136,97 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			v := &BuildOp{}
-			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			m.Op = &Op_Build{v}
-			iNdEx = postIndex
-		case 10:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Platform", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Platform == nil {
-				m.Platform = &Platform{}
-			}
-			if err := m.Platform.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 11:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Constraints", wireType)
+			if m.Caps == nil {
+				m.Caps = make(map[github_com_moby_buildkit_util_apicaps.CapID]bool)
 			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
+			var mapkey github_com_moby_buildkit_util_apicaps.CapID
+			var mapvalue bool
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowOps
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
 				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = github_com_moby_buildkit_util_apicaps.CapID(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapvaluetemp int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapvaluetemp |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					mapvalue = bool(mapvaluetemp != 0)
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipOps(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthOps
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Constraints == nil {
-				m.Constraints = &WorkerConstraints{}
-			}
-			if err := m.Constraints.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Caps[github_com_moby_buildkit_util_apicaps.CapID(mapkey)] = mapvalue
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -2791,7 +8234,7 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -2806,7 +8249,7 @@ func (m *Op) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *Platform) Unmarshal(dAtA []byte) error {
+func (m *Source) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2821,7 +8264,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -2829,17 +8272,17 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Platform: wiretype end group for non-group")
+			return fmt.Errorf("proto: Source: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Platform: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Source: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Architecture", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Locations", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -2849,55 +8292,126 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Architecture = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field OS", wireType)
+			if m.Locations == nil {
+				m.Locations = make(map[string]*Locations)
 			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
+			var mapkey string
+			var mapvalue *Locations
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowOps
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
 				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthOps
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &Locations{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipOps(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthOps
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.OS = string(dAtA[iNdEx:postIndex])
+			m.Locations[mapkey] = mapvalue
 			iNdEx = postIndex
-		case 3:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Variant", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Infos", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -2907,78 +8421,25 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Variant = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field OSVersion", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.OSVersion = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 5:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field OSFeatures", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
+			m.Infos = append(m.Infos, &SourceInfo{})
+			if err := m.Infos[len(m.Infos)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.OSFeatures = append(m.OSFeatures, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -2986,7 +8447,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -3001,7 +8462,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *Input) Unmarshal(dAtA []byte) error {
+func (m *Locations) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3016,7 +8477,7 @@ func (m *Input) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3024,17 +8485,17 @@ func (m *Input) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Input: wiretype end group for non-group")
+			return fmt.Errorf("proto: Locations: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Input: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Locations: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Digest", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Locations", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3044,47 +8505,33 @@ func (m *Input) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Digest = github_com_opencontainers_go_digest.Digest(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType)
-			}
-			m.Index = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Index |= (OutputIndex(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			m.Locations = append(m.Locations, &Location{})
+			if err := m.Locations[len(m.Locations)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -3099,7 +8546,7 @@ func (m *Input) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ExecOp) Unmarshal(dAtA []byte) error {
+func (m *SourceInfo) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3114,7 +8561,7 @@ func (m *ExecOp) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3122,17 +8569,17 @@ func (m *ExecOp) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ExecOp: wiretype end group for non-group")
+			return fmt.Errorf("proto: SourceInfo: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ExecOp: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: SourceInfo: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Meta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Filename", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3142,30 +8589,29 @@ func (m *ExecOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Meta == nil {
-				m.Meta = &Meta{}
-			}
-			if err := m.Meta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Filename = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Mounts", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType)
 			}
-			var msglen int
+			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3175,28 +8621,31 @@ func (m *ExecOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			if byteLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Mounts = append(m.Mounts, &Mount{})
-			if err := m.Mounts[len(m.Mounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...)
+			if m.Data == nil {
+				m.Data = []byte{}
 			}
 			iNdEx = postIndex
 		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Definition", wireType)
 			}
-			m.Network = 0
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3206,18 +8655,35 @@ func (m *ExecOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Network |= (NetMode(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Definition == nil {
+				m.Definition = &Definition{}
+			}
+			if err := m.Definition.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -3232,7 +8698,7 @@ func (m *ExecOp) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *Meta) Unmarshal(dAtA []byte) error {
+func (m *Location) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3247,7 +8713,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3255,75 +8721,17 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Meta: wiretype end group for non-group")
+			return fmt.Errorf("proto: Location: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Meta: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Location: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Args", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Args = append(m.Args, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Env", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Env = append(m.Env, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Cwd", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SourceIndex", wireType)
 			}
-			var stringLen uint64
+			m.SourceIndex = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3333,26 +8741,16 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				m.SourceIndex |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Cwd = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 4:
+			}
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field User", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Ranges", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3362,24 +8760,79 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.User = string(dAtA[iNdEx:postIndex])
+			m.Ranges = append(m.Ranges, &Range{})
+			if err := m.Ranges[len(m.Ranges)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 5:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Range) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Range: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Range: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ProxyEnv", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Start", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3391,7 +8844,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3400,19 +8853,19 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ProxyEnv == nil {
-				m.ProxyEnv = &ProxyEnv{}
-			}
-			if err := m.ProxyEnv.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Start.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 6:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExtraHosts", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field End", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -3424,7 +8877,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3433,11 +8886,13 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ExtraHosts = append(m.ExtraHosts, &HostIP{})
-			if err := m.ExtraHosts[len(m.ExtraHosts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.End.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -3447,7 +8902,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -3462,7 +8917,7 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *Mount) Unmarshal(dAtA []byte) error {
+func (m *Position) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3477,7 +8932,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3485,17 +8940,17 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Mount: wiretype end group for non-group")
+			return fmt.Errorf("proto: Position: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Mount: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Position: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Line", wireType)
 			}
-			m.Input = 0
+			m.Line = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3505,16 +8960,16 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Input |= (InputIndex(b) & 0x7F) << shift
+				m.Line |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Character", wireType)
 			}
-			var stringLen uint64
+			m.Character = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3524,26 +8979,66 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				m.Character |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
+			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Selector = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Dest", wireType)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ExportCache) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
 			}
-			var stringLen uint64
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExportCache: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExportCache: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType)
+			}
+			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3553,26 +9048,67 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			m.Value = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
+			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Dest = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Output", wireType)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
 			}
-			m.Output = 0
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ProxyEnv: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ProxyEnv: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HttpProxy", wireType)
+			}
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3582,16 +9118,29 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Output |= (OutputIndex(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-		case 5:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Readonly", wireType)
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
 			}
-			var v int
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.HttpProxy = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HttpsProxy", wireType)
+			}
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3601,17 +9150,29 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			m.Readonly = bool(v != 0)
-		case 6:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MountType", wireType)
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
 			}
-			m.MountType = 0
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.HttpsProxy = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FtpProxy", wireType)
+			}
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3621,16 +9182,29 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.MountType |= (MountType(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-		case 20:
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.FtpProxy = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field CacheOpt", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field NoProxy", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3640,30 +9214,29 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.CacheOpt == nil {
-				m.CacheOpt = &CacheOpt{}
-			}
-			if err := m.CacheOpt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.NoProxy = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 21:
+		case 5:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SecretOpt", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field AllProxy", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3673,30 +9246,79 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.SecretOpt == nil {
-				m.SecretOpt = &SecretOpt{}
-			}
-			if err := m.SecretOpt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.AllProxy = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipOps(dAtA[iNdEx:])
+			if err != nil {
 				return err
 			}
-			iNdEx = postIndex
-		case 22:
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthOps
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *WorkerConstraints) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowOps
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: WorkerConstraints: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: WorkerConstraints: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SSHOpt", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Filter", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3706,24 +9328,23 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.SSHOpt == nil {
-				m.SSHOpt = &SSHOpt{}
-			}
-			if err := m.SSHOpt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Filter = append(m.Filter, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -3731,7 +9352,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -3746,7 +9367,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CacheOpt) Unmarshal(dAtA []byte) error {
+func (m *Definition) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3761,7 +9382,7 @@ func (m *CacheOpt) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3769,17 +9390,17 @@ func (m *CacheOpt) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CacheOpt: wiretype end group for non-group")
+			return fmt.Errorf("proto: Definition: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CacheOpt: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Definition: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Def", wireType)
 			}
-			var stringLen uint64
+			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3789,26 +9410,158 @@ func (m *CacheOpt) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if byteLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ID = string(dAtA[iNdEx:postIndex])
+			m.Def = append(m.Def, make([]byte, postIndex-iNdEx))
+			copy(m.Def[len(m.Def)-1], dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Sharing", wireType)
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType)
 			}
-			m.Sharing = 0
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Metadata == nil {
+				m.Metadata = make(map[github_com_opencontainers_go_digest.Digest]OpMetadata)
+			}
+			var mapkey github_com_opencontainers_go_digest.Digest
+			mapvalue := &OpMetadata{}
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowOps
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = github_com_opencontainers_go_digest.Digest(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowOps
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthOps
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthOps
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &OpMetadata{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipOps(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthOps
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Metadata[github_com_opencontainers_go_digest.Digest(mapkey)] = *mapvalue
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType)
+			}
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3818,18 +9571,35 @@ func (m *CacheOpt) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Sharing |= (CacheSharingOpt(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Source == nil {
+				m.Source = &Source{}
+			}
+			if err := m.Source.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -3844,7 +9614,7 @@ func (m *CacheOpt) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *SecretOpt) Unmarshal(dAtA []byte) error {
+func (m *HostIP) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -3859,7 +9629,7 @@ func (m *SecretOpt) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -3867,15 +9637,15 @@ func (m *SecretOpt) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: SecretOpt: wiretype end group for non-group")
+			return fmt.Errorf("proto: HostIP: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: SecretOpt: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: HostIP: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Host", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -3887,7 +9657,7 @@ func (m *SecretOpt) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -3897,35 +9667,19 @@ func (m *SecretOpt) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ID = string(dAtA[iNdEx:postIndex])
+			m.Host = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType)
-			}
-			m.Uid = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Uid |= (uint32(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Gid", wireType)
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IP", wireType)
 			}
-			m.Gid = 0
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -3935,57 +9689,31 @@ func (m *SecretOpt) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Gid |= (uint32(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
-			}
-			m.Mode = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Mode |= (uint32(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
 			}
-		case 5:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Optional", wireType)
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
 			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
 			}
-			m.Optional = bool(v != 0)
+			m.IP = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -4000,7 +9728,7 @@ func (m *SecretOpt) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *SSHOpt) Unmarshal(dAtA []byte) error {
+func (m *FileOp) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -4015,7 +9743,7 @@ func (m *SSHOpt) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4023,17 +9751,17 @@ func (m *SSHOpt) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: SSHOpt: wiretype end group for non-group")
+			return fmt.Errorf("proto: FileOp: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: SSHOpt: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: FileOp: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
-		case 1:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Actions", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4043,105 +9771,33 @@ func (m *SSHOpt) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ID = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType)
-			}
-			m.Uid = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Uid |= (uint32(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Gid", wireType)
-			}
-			m.Gid = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Gid |= (uint32(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
-			}
-			m.Mode = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Mode |= (uint32(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 5:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Optional", wireType)
-			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			m.Actions = append(m.Actions, &FileAction{})
+			if err := m.Actions[len(m.Actions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Optional = bool(v != 0)
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -4156,7 +9812,7 @@ func (m *SSHOpt) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *CopyOp) Unmarshal(dAtA []byte) error {
+func (m *FileAction) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -4171,7 +9827,7 @@ func (m *CopyOp) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4179,17 +9835,17 @@ func (m *CopyOp) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: CopyOp: wiretype end group for non-group")
+			return fmt.Errorf("proto: FileAction: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CopyOp: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: FileAction: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Src", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType)
 			}
-			var msglen int
+			m.Input = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4199,107 +9855,35 @@ func (m *CopyOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.Input |= InputIndex(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Src = append(m.Src, &CopySource{})
-			if err := m.Src[len(m.Src)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Dest", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SecondaryInput", wireType)
 			}
-			var stringLen uint64
+			m.SecondaryInput = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Dest = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipOps(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthOps
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *CopySource) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowOps
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.SecondaryInput |= InputIndex(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: CopySource: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: CopySource: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+		case 3:
 			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Output", wireType)
 			}
-			m.Input = 0
+			m.Output = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4309,16 +9893,16 @@ func (m *CopySource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Input |= (InputIndex(b) & 0x7F) << shift
+				m.Output |= OutputIndex(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-		case 2:
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Copy", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4328,76 +9912,67 @@ func (m *CopySource) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Selector = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipOps(dAtA[iNdEx:])
-			if err != nil {
+			v := &FileActionCopy{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
-			if skippy < 0 {
-				return ErrInvalidLengthOps
+			m.Action = &FileAction_Copy{v}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mkfile", wireType)
 			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *SourceOp) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowOps
+			if msglen < 0 {
+				return ErrInvalidLengthOps
 			}
-			if iNdEx >= l {
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
+			v := &FileActionMkFile{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: SourceOp: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: SourceOp: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
+			m.Action = &FileAction_Mkfile{v}
+			iNdEx = postIndex
+		case 6:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Identifier", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Mkdir", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4407,24 +9982,30 @@ func (m *SourceOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Identifier = string(dAtA[iNdEx:postIndex])
+			v := &FileActionMkDir{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Action = &FileAction_Mkdir{v}
 			iNdEx = postIndex
-		case 2:
+		case 7:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Attrs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Rm", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -4436,7 +10017,7 @@ func (m *SourceOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4445,100 +10026,17 @@ func (m *SourceOp) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Attrs == nil {
-				m.Attrs = make(map[string]string)
-			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowOps
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipOps(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthOps
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
+			v := &FileActionRm{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Attrs[mapkey] = mapvalue
+			m.Action = &FileAction_Rm{v}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -4546,7 +10044,7 @@ func (m *SourceOp) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -4561,7 +10059,7 @@ func (m *SourceOp) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *BuildOp) Unmarshal(dAtA []byte) error {
+func (m *FileActionCopy) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -4576,7 +10074,7 @@ func (m *BuildOp) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4584,17 +10082,49 @@ func (m *BuildOp) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: BuildOp: wiretype end group for non-group")
+			return fmt.Errorf("proto: FileActionCopy: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: BuildOp: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: FileActionCopy: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Builder", wireType)
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Src", wireType)
 			}
-			m.Builder = 0
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Src = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Dest", wireType)
+			}
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4604,14 +10134,27 @@ func (m *BuildOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Builder |= (InputIndex(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-		case 2:
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Dest = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Inputs", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -4623,7 +10166,7 @@ func (m *BuildOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -4632,111 +10175,24 @@ func (m *BuildOp) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Inputs == nil {
-				m.Inputs = make(map[string]*BuildInput)
+			if m.Owner == nil {
+				m.Owner = &ChownOpt{}
 			}
-			var mapkey string
-			var mapvalue *BuildInput
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowOps
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var mapmsglen int
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						mapmsglen |= (int(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					if mapmsglen < 0 {
-						return ErrInvalidLengthOps
-					}
-					postmsgIndex := iNdEx + mapmsglen
-					if mapmsglen < 0 {
-						return ErrInvalidLengthOps
-					}
-					if postmsgIndex > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = &BuildInput{}
-					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
-						return err
-					}
-					iNdEx = postmsgIndex
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipOps(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthOps
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
+			if err := m.Owner.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Inputs[mapkey] = mapvalue
 			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Def", wireType)
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
 			}
-			var msglen int
+			m.Mode = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4746,30 +10202,36 @@ func (m *BuildOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				m.Mode |= int32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Def == nil {
-				m.Def = &Definition{}
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FollowSymlink", wireType)
 			}
-			if err := m.Def.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Attrs", wireType)
+			m.FollowSymlink = bool(v != 0)
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field DirCopyContents", wireType)
 			}
-			var msglen int
+			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4779,165 +10241,148 @@ func (m *BuildOp) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthOps
+			m.DirCopyContents = bool(v != 0)
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AttemptUnpackDockerCompatibility", wireType)
 			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			if m.Attrs == nil {
-				m.Attrs = make(map[string]string)
+			m.AttemptUnpackDockerCompatibility = bool(v != 0)
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CreateDestPath", wireType)
 			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowOps
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
 				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipOps(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthOps
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
 				}
 			}
-			m.Attrs[mapkey] = mapvalue
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipOps(dAtA[iNdEx:])
-			if err != nil {
-				return err
+			m.CreateDestPath = bool(v != 0)
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AllowWildcard", wireType)
 			}
-			if skippy < 0 {
-				return ErrInvalidLengthOps
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
+			m.AllowWildcard = bool(v != 0)
+		case 10:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AllowEmptyWildcard", wireType)
 			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *BuildInput) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowOps
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
+			m.AllowEmptyWildcard = bool(v != 0)
+		case 11:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Timestamp", wireType)
 			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
+			m.Timestamp = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Timestamp |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
 			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: BuildInput: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: BuildInput: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType)
+		case 12:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IncludePatterns", wireType)
 			}
-			m.Input = 0
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IncludePatterns = append(m.IncludePatterns, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 13:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExcludePatterns", wireType)
+			}
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -4947,18 +10392,31 @@ func (m *BuildInput) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Input |= (InputIndex(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ExcludePatterns = append(m.ExcludePatterns, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -4973,7 +10431,7 @@ func (m *BuildInput) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *OpMetadata) Unmarshal(dAtA []byte) error {
+func (m *FileActionMkFile) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -4988,7 +10446,7 @@ func (m *OpMetadata) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -4996,37 +10454,17 @@ func (m *OpMetadata) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: OpMetadata: wiretype end group for non-group")
+			return fmt.Errorf("proto: FileActionMkFile: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: OpMetadata: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: FileActionMkFile: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IgnoreCache", wireType)
-			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			m.IgnoreCache = bool(v != 0)
-		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -5036,115 +10474,48 @@ func (m *OpMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Description == nil {
-				m.Description = make(map[string]string)
+			m.Path = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
 			}
-			var mapkey string
-			var mapvalue string
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowOps
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var stringLenmapvalue uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapvalue := int(stringLenmapvalue)
-					if intStringLenmapvalue < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
-					if postStringIndexmapvalue > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
-					iNdEx = postStringIndexmapvalue
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipOps(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthOps
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
+			m.Mode = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Mode |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
 				}
 			}
-			m.Description[mapkey] = mapvalue
-			iNdEx = postIndex
-		case 4:
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExportCache", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType)
 			}
-			var msglen int
+			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -5154,28 +10525,29 @@ func (m *OpMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			if byteLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + msglen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ExportCache == nil {
-				m.ExportCache = &ExportCache{}
-			}
-			if err := m.ExportCache.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...)
+			if m.Data == nil {
+				m.Data = []byte{}
 			}
 			iNdEx = postIndex
-		case 5:
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Caps", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -5187,7 +10559,7 @@ func (m *OpMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5196,99 +10568,45 @@ func (m *OpMetadata) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.Caps == nil {
-				m.Caps = make(map[github_com_moby_buildkit_util_apicaps.CapID]bool)
+			if m.Owner == nil {
+				m.Owner = &ChownOpt{}
 			}
-			var mapkey github_com_moby_buildkit_util_apicaps.CapID
-			var mapvalue bool
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowOps
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
+			if err := m.Owner.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Timestamp", wireType)
+			}
+			m.Timestamp = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
 				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = github_com_moby_buildkit_util_apicaps.CapID(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var mapvaluetemp int
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						mapvaluetemp |= (int(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					mapvalue = bool(mapvaluetemp != 0)
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipOps(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthOps
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Timestamp |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
 				}
 			}
-			m.Caps[github_com_moby_buildkit_util_apicaps.CapID(mapkey)] = mapvalue
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -5303,7 +10621,7 @@ func (m *OpMetadata) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ExportCache) Unmarshal(dAtA []byte) error {
+func (m *FileActionMkDir) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -5318,7 +10636,7 @@ func (m *ExportCache) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5326,15 +10644,66 @@ func (m *ExportCache) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ExportCache: wiretype end group for non-group")
+			return fmt.Errorf("proto: FileActionMkDir: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ExportCache: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: FileActionMkDir: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Path = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
 			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
+			}
+			m.Mode = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Mode |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MakeParents", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
@@ -5346,19 +10715,74 @@ func (m *ExportCache) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.MakeParents = bool(v != 0)
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Owner == nil {
+				m.Owner = &ChownOpt{}
+			}
+			if err := m.Owner.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Timestamp", wireType)
+			}
+			m.Timestamp = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Timestamp |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			m.Value = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -5373,7 +10797,7 @@ func (m *ExportCache) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
+func (m *FileActionRm) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -5388,7 +10812,7 @@ func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5396,15 +10820,15 @@ func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ProxyEnv: wiretype end group for non-group")
+			return fmt.Errorf("proto: FileActionRm: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ProxyEnv: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: FileActionRm: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field HttpProxy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -5416,7 +10840,7 @@ func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5426,45 +10850,19 @@ func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.HttpProxy = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field HttpsProxy", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowOps
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.HttpsProxy = string(dAtA[iNdEx:postIndex])
+			m.Path = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field FtpProxy", wireType)
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AllowNotFound", wireType)
 			}
-			var stringLen uint64
+			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -5474,26 +10872,17 @@ func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.FtpProxy = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NoProxy", wireType)
+			m.AllowNotFound = bool(v != 0)
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AllowWildcard", wireType)
 			}
-			var stringLen uint64
+			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -5503,28 +10892,19 @@ func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.NoProxy = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
+			m.AllowWildcard = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -5539,7 +10919,7 @@ func (m *ProxyEnv) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *WorkerConstraints) Unmarshal(dAtA []byte) error {
+func (m *ChownOpt) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -5554,7 +10934,7 @@ func (m *WorkerConstraints) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5562,17 +10942,17 @@ func (m *WorkerConstraints) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: WorkerConstraints: wiretype end group for non-group")
+			return fmt.Errorf("proto: ChownOpt: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: WorkerConstraints: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ChownOpt: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Filter", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field User", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -5582,20 +10962,63 @@ func (m *WorkerConstraints) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Filter = append(m.Filter, string(dAtA[iNdEx:postIndex]))
+			if m.User == nil {
+				m.User = &UserOpt{}
+			}
+			if err := m.User.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Group", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowOps
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Group == nil {
+				m.Group = &UserOpt{}
+			}
+			if err := m.Group.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -5603,7 +11026,7 @@ func (m *WorkerConstraints) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -5618,7 +11041,7 @@ func (m *WorkerConstraints) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *Definition) Unmarshal(dAtA []byte) error {
+func (m *UserOpt) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -5633,7 +11056,7 @@ func (m *Definition) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5641,17 +11064,17 @@ func (m *Definition) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Definition: wiretype end group for non-group")
+			return fmt.Errorf("proto: UserOpt: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Definition: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: UserOpt: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Def", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ByName", wireType)
 			}
-			var byteLen int
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -5661,26 +11084,32 @@ func (m *Definition) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if byteLen < 0 {
+			if msglen < 0 {
+				return ErrInvalidLengthOps
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
 				return ErrInvalidLengthOps
 			}
-			postIndex := iNdEx + byteLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Def = append(m.Def, make([]byte, postIndex-iNdEx))
-			copy(m.Def[len(m.Def)-1], dAtA[iNdEx:postIndex])
+			v := &NamedUserOpt{}
+			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.User = &UserOpt_ByName{v}
 			iNdEx = postIndex
 		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ByID", wireType)
 			}
-			var msglen int
+			var v uint32
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -5690,122 +11119,19 @@ func (m *Definition) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				v |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Metadata == nil {
-				m.Metadata = make(map[github_com_opencontainers_go_digest.Digest]OpMetadata)
-			}
-			var mapkey github_com_opencontainers_go_digest.Digest
-			mapvalue := &OpMetadata{}
-			for iNdEx < postIndex {
-				entryPreIndex := iNdEx
-				var wire uint64
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return ErrIntOverflowOps
-					}
-					if iNdEx >= l {
-						return io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				fieldNum := int32(wire >> 3)
-				if fieldNum == 1 {
-					var stringLenmapkey uint64
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					intStringLenmapkey := int(stringLenmapkey)
-					if intStringLenmapkey < 0 {
-						return ErrInvalidLengthOps
-					}
-					postStringIndexmapkey := iNdEx + intStringLenmapkey
-					if postStringIndexmapkey > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapkey = github_com_opencontainers_go_digest.Digest(dAtA[iNdEx:postStringIndexmapkey])
-					iNdEx = postStringIndexmapkey
-				} else if fieldNum == 2 {
-					var mapmsglen int
-					for shift := uint(0); ; shift += 7 {
-						if shift >= 64 {
-							return ErrIntOverflowOps
-						}
-						if iNdEx >= l {
-							return io.ErrUnexpectedEOF
-						}
-						b := dAtA[iNdEx]
-						iNdEx++
-						mapmsglen |= (int(b) & 0x7F) << shift
-						if b < 0x80 {
-							break
-						}
-					}
-					if mapmsglen < 0 {
-						return ErrInvalidLengthOps
-					}
-					postmsgIndex := iNdEx + mapmsglen
-					if mapmsglen < 0 {
-						return ErrInvalidLengthOps
-					}
-					if postmsgIndex > l {
-						return io.ErrUnexpectedEOF
-					}
-					mapvalue = &OpMetadata{}
-					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
-						return err
-					}
-					iNdEx = postmsgIndex
-				} else {
-					iNdEx = entryPreIndex
-					skippy, err := skipOps(dAtA[iNdEx:])
-					if err != nil {
-						return err
-					}
-					if skippy < 0 {
-						return ErrInvalidLengthOps
-					}
-					if (iNdEx + skippy) > postIndex {
-						return io.ErrUnexpectedEOF
-					}
-					iNdEx += skippy
-				}
-			}
-			m.Metadata[github_com_opencontainers_go_digest.Digest(mapkey)] = *mapvalue
-			iNdEx = postIndex
+			m.User = &UserOpt_ByID{v}
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -5820,7 +11146,7 @@ func (m *Definition) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *HostIP) Unmarshal(dAtA []byte) error {
+func (m *NamedUserOpt) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -5835,7 +11161,7 @@ func (m *HostIP) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -5843,15 +11169,15 @@ func (m *HostIP) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: HostIP: wiretype end group for non-group")
+			return fmt.Errorf("proto: NamedUserOpt: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: HostIP: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: NamedUserOpt: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Host", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -5863,7 +11189,7 @@ func (m *HostIP) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -5873,16 +11199,19 @@ func (m *HostIP) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthOps
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthOps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Host = string(dAtA[iNdEx:postIndex])
+			m.Name = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IP", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType)
 			}
-			var stringLen uint64
+			m.Input = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOps
@@ -5892,28 +11221,18 @@ func (m *HostIP) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				m.Input |= InputIndex(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthOps
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.IP = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipOps(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthOps
 			}
 			if (iNdEx + skippy) > l {
@@ -5931,6 +11250,7 @@ func (m *HostIP) Unmarshal(dAtA []byte) error {
 func skipOps(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -5962,10 +11282,8 @@ func skipOps(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -5982,150 +11300,34 @@ func skipOps(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthOps
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowOps
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipOps(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupOps
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthOps
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthOps = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowOps   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthOps        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowOps          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupOps = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("ops.proto", fileDescriptorOps) }
-
-var fileDescriptorOps = []byte{
-	// 1444 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x4b, 0x6f, 0x1b, 0x47,
-	0x12, 0x16, 0x87, 0xcf, 0x29, 0x4a, 0x32, 0xb7, 0xfd, 0x58, 0xae, 0xd6, 0x2b, 0x69, 0xc7, 0xbb,
-	0x81, 0x2c, 0x59, 0x14, 0x40, 0x03, 0xb6, 0x91, 0x83, 0x11, 0xf1, 0x61, 0x88, 0x71, 0x24, 0x0a,
-	0x4d, 0x45, 0x39, 0x1a, 0xa3, 0x61, 0x93, 0x1a, 0x88, 0x9a, 0x1e, 0xcc, 0x34, 0x6d, 0xf1, 0x92,
-	0x83, 0x7f, 0x41, 0x80, 0x00, 0xb9, 0xe7, 0x98, 0x1f, 0x91, 0xbb, 0x8f, 0x41, 0x4e, 0x49, 0x0e,
-	0x4e, 0xa0, 0xfc, 0x91, 0xa0, 0xaa, 0x7b, 0x38, 0xe3, 0x47, 0x10, 0x1b, 0x09, 0x72, 0x62, 0x75,
-	0xd5, 0xd7, 0x5f, 0xd7, 0xab, 0xbb, 0x86, 0x60, 0xcb, 0x30, 0x6e, 0x84, 0x91, 0x54, 0x92, 0x59,
-	0xe1, 0xc9, 0xca, 0xf6, 0xd8, 0x57, 0xa7, 0xd3, 0x93, 0x86, 0x27, 0xcf, 0x77, 0xc6, 0x72, 0x2c,
-	0x77, 0xc8, 0x74, 0x32, 0x1d, 0xd1, 0x8a, 0x16, 0x24, 0xe9, 0x2d, 0xce, 0xd7, 0x16, 0x58, 0xfd,
-	0x90, 0xfd, 0x17, 0x4a, 0x7e, 0x10, 0x4e, 0x55, 0x5c, 0xcf, 0xad, 0xe7, 0x37, 0xaa, 0x4d, 0xbb,
-	0x11, 0x9e, 0x34, 0x7a, 0xa8, 0xe1, 0xc6, 0xc0, 0xd6, 0xa1, 0x20, 0x2e, 0x84, 0x57, 0xb7, 0xd6,
-	0x73, 0x1b, 0xd5, 0x26, 0x20, 0xa0, 0x7b, 0x21, 0xbc, 0x7e, 0xb8, 0xb7, 0xc0, 0xc9, 0xc2, 0x3e,
-	0x80, 0x52, 0x2c, 0xa7, 0x91, 0x27, 0xea, 0x79, 0xc2, 0x2c, 0x22, 0x66, 0x40, 0x1a, 0x42, 0x19,
-	0x2b, 0x32, 0x79, 0x32, 0x9c, 0xd5, 0x0b, 0x29, 0x53, 0x5b, 0x86, 0x33, 0xcd, 0x84, 0x16, 0x76,
-	0x0b, 0x8a, 0x27, 0x53, 0x7f, 0x32, 0xac, 0x17, 0x09, 0x52, 0x45, 0x48, 0x0b, 0x15, 0x84, 0xd1,
-	0x36, 0xb6, 0x01, 0x95, 0x70, 0xe2, 0xaa, 0x91, 0x8c, 0xce, 0xeb, 0x90, 0x1e, 0x78, 0x68, 0x74,
-	0x7c, 0x6e, 0x65, 0xf7, 0xa1, 0xea, 0xc9, 0x20, 0x56, 0x91, 0xeb, 0x07, 0x2a, 0xae, 0x57, 0x09,
-	0x7c, 0x1d, 0xc1, 0x9f, 0xc9, 0xe8, 0x4c, 0x44, 0xed, 0xd4, 0xc8, 0xb3, 0xc8, 0x56, 0x01, 0x2c,
-	0x19, 0x3a, 0x5f, 0xe5, 0xa0, 0x92, 0xb0, 0x32, 0x07, 0x16, 0x77, 0x23, 0xef, 0xd4, 0x57, 0xc2,
-	0x53, 0xd3, 0x48, 0xd4, 0x73, 0xeb, 0xb9, 0x0d, 0x9b, 0xbf, 0xa2, 0x63, 0xcb, 0x60, 0xf5, 0x07,
-	0x94, 0x28, 0x9b, 0x5b, 0xfd, 0x01, 0xab, 0x43, 0xf9, 0xd8, 0x8d, 0x7c, 0x37, 0x50, 0x94, 0x19,
-	0x9b, 0x27, 0x4b, 0x76, 0x13, 0xec, 0xfe, 0xe0, 0x58, 0x44, 0xb1, 0x2f, 0x03, 0xca, 0x87, 0xcd,
-	0x53, 0x05, 0x5b, 0x05, 0xe8, 0x0f, 0x1e, 0x09, 0x17, 0x49, 0xe3, 0x7a, 0x71, 0x3d, 0xbf, 0x61,
-	0xf3, 0x8c, 0xc6, 0xf9, 0x1c, 0x8a, 0x54, 0x23, 0xf6, 0x31, 0x94, 0x86, 0xfe, 0x58, 0xc4, 0x4a,
-	0xbb, 0xd3, 0x6a, 0xbe, 0x78, 0xb9, 0xb6, 0xf0, 0xd3, 0xcb, 0xb5, 0xcd, 0x4c, 0x33, 0xc8, 0x50,
-	0x04, 0x9e, 0x0c, 0x94, 0xeb, 0x07, 0x22, 0x8a, 0x77, 0xc6, 0x72, 0x5b, 0x6f, 0x69, 0x74, 0xe8,
-	0x87, 0x1b, 0x06, 0x76, 0x1b, 0x8a, 0x7e, 0x30, 0x14, 0x17, 0xe4, 0x7f, 0xbe, 0x75, 0xd5, 0x50,
-	0x55, 0xfb, 0x53, 0x15, 0x4e, 0x55, 0x0f, 0x4d, 0x5c, 0x23, 0x9c, 0x10, 0x4a, 0xba, 0x05, 0xd8,
-	0x4d, 0x28, 0x9c, 0x0b, 0xe5, 0xd2, 0xf1, 0xd5, 0x66, 0x05, 0x53, 0xbb, 0x2f, 0x94, 0xcb, 0x49,
-	0x8b, 0xdd, 0x75, 0x2e, 0xa7, 0x98, 0x7a, 0x2b, 0xed, 0xae, 0x7d, 0xd4, 0x70, 0x63, 0x60, 0xff,
-	0x87, 0x72, 0x20, 0xd4, 0x33, 0x19, 0x9d, 0x51, 0x8a, 0x96, 0x75, 0xcd, 0x0f, 0x84, 0xda, 0x97,
-	0x43, 0xc1, 0x13, 0x9b, 0xf3, 0x4d, 0x0e, 0x0a, 0x48, 0xcc, 0x18, 0x14, 0xdc, 0x68, 0xac, 0xdb,
-	0xd5, 0xe6, 0x24, 0xb3, 0x1a, 0xe4, 0x45, 0xf0, 0x94, 0xce, 0xb0, 0x39, 0x8a, 0xa8, 0xf1, 0x9e,
-	0x0d, 0x4d, 0xd2, 0x51, 0xc4, 0x7d, 0xd3, 0x58, 0x44, 0x26, 0xd7, 0x24, 0xb3, 0xdb, 0x60, 0x87,
-	0x91, 0xbc, 0x98, 0x3d, 0xc1, 0xdd, 0xc5, 0x4c, 0x27, 0xa1, 0xb2, 0x1b, 0x3c, 0xe5, 0x95, 0xd0,
-	0x48, 0x6c, 0x13, 0x40, 0x5c, 0xa8, 0xc8, 0xdd, 0x93, 0xb1, 0x8a, 0xeb, 0x25, 0x8a, 0x86, 0x1a,
-	0x18, 0x15, 0xbd, 0x43, 0x9e, 0xb1, 0x3a, 0xdf, 0x5b, 0x50, 0xa4, 0x20, 0xd9, 0x06, 0xa6, 0x34,
-	0x9c, 0xea, 0xea, 0xe4, 0x5b, 0xcc, 0xa4, 0x14, 0xa8, 0x78, 0xf3, 0x8c, 0x62, 0x21, 0x57, 0xa0,
-	0x12, 0x8b, 0x89, 0xf0, 0x94, 0x8c, 0x4c, 0xff, 0xcc, 0xd7, 0xe8, 0xfa, 0x10, 0x4b, 0xac, 0xa3,
-	0x21, 0x99, 0x6d, 0x41, 0x49, 0x52, 0x5d, 0x28, 0xa0, 0xdf, 0xa9, 0x96, 0x81, 0x20, 0x79, 0x24,
-	0xdc, 0xa1, 0x0c, 0x26, 0x33, 0x0a, 0xb3, 0xc2, 0xe7, 0x6b, 0xb6, 0x05, 0x36, 0x55, 0xe2, 0x68,
-	0x16, 0x8a, 0x7a, 0x89, 0x2a, 0xb0, 0x34, 0xaf, 0x12, 0x2a, 0x79, 0x6a, 0xc7, 0x9b, 0xe7, 0xb9,
-	0xde, 0xa9, 0xe8, 0x87, 0xaa, 0x7e, 0x2d, 0xcd, 0x57, 0xdb, 0xe8, 0xf8, 0xdc, 0x8a, 0xb4, 0xb1,
-	0xf0, 0x22, 0xa1, 0x10, 0x7a, 0x9d, 0xa0, 0x44, 0x3b, 0x48, 0x94, 0x3c, 0xb5, 0x33, 0x07, 0x4a,
-	0x83, 0xc1, 0x1e, 0x22, 0x6f, 0xa4, 0x2f, 0x83, 0xd6, 0x70, 0x63, 0x71, 0x7a, 0x50, 0x49, 0x8e,
-	0xc1, 0x6b, 0xd6, 0xeb, 0x98, 0x0b, 0x68, 0xf5, 0x3a, 0x6c, 0x1b, 0xca, 0xf1, 0xa9, 0x1b, 0xf9,
-	0xc1, 0x98, 0x72, 0xb7, 0xdc, 0xbc, 0x3a, 0xf7, 0x6a, 0xa0, 0xf5, 0xc8, 0x94, 0x60, 0x1c, 0x09,
-	0xf6, 0xdc, 0x8d, 0x37, 0xb8, 0x6a, 0x90, 0x9f, 0xfa, 0x43, 0xe2, 0x59, 0xe2, 0x28, 0xa2, 0x66,
-	0xec, 0xeb, 0x5e, 0x5a, 0xe2, 0x28, 0x62, 0x41, 0xce, 0xe5, 0x50, 0x50, 0xea, 0x97, 0x38, 0xc9,
-	0x98, 0x63, 0x19, 0x2a, 0x5f, 0x06, 0xee, 0x24, 0xc9, 0x71, 0xb2, 0x76, 0x26, 0x49, 0x7c, 0x7f,
-	0xcb, 0x69, 0x0f, 0xa1, 0xa4, 0x5f, 0x55, 0xb6, 0x0e, 0xf9, 0x38, 0xf2, 0xcc, 0xcb, 0xbe, 0x9c,
-	0x3c, 0xb7, 0xfa, 0x61, 0xe6, 0x68, 0x9a, 0xb7, 0x96, 0x95, 0xb6, 0x96, 0xc3, 0x01, 0x52, 0xd8,
-	0x5f, 0xd3, 0xc2, 0xce, 0x97, 0x39, 0xa8, 0x24, 0x03, 0x01, 0x5f, 0x37, 0x7f, 0x28, 0x02, 0xe5,
-	0x8f, 0x7c, 0x11, 0x99, 0x64, 0x64, 0x34, 0x6c, 0x1b, 0x8a, 0xae, 0x52, 0x51, 0xf2, 0x68, 0xfc,
-	0x33, 0x3b, 0x4d, 0x1a, 0xbb, 0x68, 0xe9, 0x06, 0x2a, 0x9a, 0x71, 0x8d, 0x5a, 0x79, 0x00, 0x90,
-	0x2a, 0x31, 0x7f, 0x67, 0x62, 0x66, 0x58, 0x51, 0x64, 0xd7, 0xa0, 0xf8, 0xd4, 0x9d, 0x4c, 0x85,
-	0x71, 0x4a, 0x2f, 0x3e, 0xb4, 0x1e, 0xe4, 0x9c, 0x6f, 0x2d, 0x28, 0x9b, 0xe9, 0xc2, 0xee, 0x40,
-	0x99, 0xa6, 0x8b, 0xf1, 0xe8, 0xed, 0x91, 0x26, 0x10, 0xb6, 0x33, 0x1f, 0x9b, 0x19, 0x1f, 0x0d,
-	0x95, 0x1e, 0x9f, 0xc6, 0xc7, 0x74, 0x88, 0xe6, 0x87, 0x62, 0x64, 0xe6, 0x23, 0x95, 0xa2, 0x23,
-	0x46, 0x7e, 0xe0, 0x63, 0xcd, 0x38, 0x9a, 0xd8, 0x9d, 0x24, 0xea, 0x02, 0x31, 0xde, 0xc8, 0x32,
-	0xbe, 0x19, 0x74, 0x0f, 0xaa, 0x99, 0x63, 0xde, 0x12, 0xf5, 0xff, 0xb2, 0x51, 0x9b, 0x23, 0x89,
-	0x4e, 0x0f, 0xf7, 0x34, 0x0b, 0x7f, 0x22, 0x7f, 0xf7, 0x00, 0x52, 0xca, 0x77, 0xef, 0x14, 0xe7,
-	0x79, 0x1e, 0xa0, 0x1f, 0xe2, 0x73, 0x3e, 0x74, 0x69, 0x4a, 0x2c, 0xfa, 0xe3, 0x40, 0x46, 0xe2,
-	0x09, 0x3d, 0x1f, 0xb4, 0xbf, 0xc2, 0xab, 0x5a, 0x47, 0xb7, 0x98, 0xed, 0x42, 0x75, 0x28, 0x62,
-	0x2f, 0xf2, 0xa9, 0xc9, 0x4d, 0xd2, 0xd7, 0x30, 0xa6, 0x94, 0xa7, 0xd1, 0x49, 0x11, 0x3a, 0x57,
-	0xd9, 0x3d, 0xac, 0x09, 0x8b, 0xe2, 0x22, 0x94, 0x91, 0x32, 0xa7, 0xe8, 0x8f, 0x90, 0x2b, 0xfa,
-	0x73, 0x06, 0xf5, 0x74, 0x12, 0xaf, 0x8a, 0x74, 0xc1, 0x5c, 0x28, 0x78, 0x6e, 0xa8, 0x27, 0x70,
-	0xb5, 0x59, 0x7f, 0xed, 0xbc, 0xb6, 0x1b, 0xea, 0xa4, 0xb5, 0xee, 0x62, 0xac, 0xcf, 0x7f, 0x5e,
-	0xdb, 0xca, 0x8c, 0xdd, 0x73, 0x79, 0x32, 0xdb, 0xa1, 0x7e, 0x39, 0xf3, 0xd5, 0xce, 0x54, 0xf9,
-	0x93, 0x1d, 0x37, 0xf4, 0x91, 0x0e, 0x37, 0xf6, 0x3a, 0x9c, 0xa8, 0x57, 0x1e, 0x42, 0xed, 0x75,
-	0xbf, 0xdf, 0xa7, 0x06, 0x2b, 0xf7, 0xc1, 0x9e, 0xfb, 0xf1, 0x47, 0x1b, 0x2b, 0xd9, 0xe2, 0xdd,
-	0x82, 0x6a, 0x26, 0x6e, 0x04, 0x1e, 0x13, 0x50, 0x67, 0x5f, 0x2f, 0x9c, 0xe7, 0xf8, 0x05, 0x94,
-	0xcc, 0xc0, 0xff, 0x00, 0x9c, 0x2a, 0x15, 0x3e, 0xa1, 0xa1, 0x68, 0x0e, 0xb1, 0x51, 0x43, 0x08,
-	0xb6, 0x06, 0x55, 0x5c, 0xc4, 0xc6, 0xae, 0x3d, 0xa5, 0x1d, 0xb1, 0x06, 0xfc, 0x1b, 0xec, 0xd1,
-	0x7c, 0xbb, 0x1e, 0x66, 0x95, 0x51, 0xb2, 0xfb, 0x5f, 0x50, 0x09, 0xa4, 0xb1, 0xe9, 0x19, 0x5d,
-	0x0e, 0x24, 0x99, 0x9c, 0x2d, 0xf8, 0xc7, 0x1b, 0x9f, 0x6b, 0xec, 0x06, 0x94, 0x46, 0xfe, 0x44,
-	0xd1, 0x75, 0xc5, 0xb1, 0x6f, 0x56, 0xce, 0x8f, 0x39, 0x80, 0xf4, 0x6a, 0x61, 0x46, 0xf0, 0xde,
-	0x21, 0x66, 0x51, 0xdf, 0xb3, 0x09, 0x54, 0xce, 0x4d, 0x05, 0x4d, 0x1f, 0xdd, 0x7c, 0xf5, 0x3a,
-	0x36, 0x92, 0x02, 0xeb, 0xda, 0x36, 0x4d, 0x6d, 0xdf, 0xe7, 0x93, 0x6a, 0x7e, 0xc2, 0xca, 0x63,
-	0x58, 0x7a, 0x85, 0xee, 0x1d, 0x6f, 0x6a, 0xda, 0x65, 0xd9, 0x92, 0xdd, 0x81, 0x92, 0xfe, 0xdc,
-	0xc0, 0x77, 0x1b, 0x25, 0x43, 0x43, 0x32, 0xcd, 0x96, 0xc3, 0xe4, 0xe3, 0xb3, 0x77, 0xb8, 0xb9,
-	0x01, 0x65, 0xf3, 0x19, 0xc5, 0x6c, 0x28, 0x7e, 0x7a, 0x30, 0xe8, 0x1e, 0xd5, 0x16, 0x58, 0x05,
-	0x0a, 0x7b, 0xfd, 0xc1, 0x51, 0x2d, 0x87, 0xd2, 0x41, 0xff, 0xa0, 0x5b, 0xb3, 0x36, 0x3f, 0x02,
-	0x7b, 0x3e, 0xee, 0x51, 0xdd, 0xea, 0x1d, 0x74, 0x6a, 0x0b, 0x0c, 0xa0, 0x34, 0xe8, 0xb6, 0x79,
-	0x17, 0xc1, 0x65, 0xc8, 0x0f, 0x06, 0x7b, 0x35, 0x0b, 0xa9, 0xda, 0xbb, 0xed, 0xbd, 0x6e, 0x2d,
-	0x8f, 0xe2, 0xd1, 0xfe, 0xe1, 0xa3, 0x41, 0xad, 0xb0, 0x79, 0x0f, 0xae, 0xbc, 0x36, 0x6e, 0x69,
-	0xf7, 0xde, 0x2e, 0xef, 0x22, 0x53, 0x15, 0xca, 0x87, 0xbc, 0x77, 0xbc, 0x7b, 0xd4, 0xad, 0xe5,
-	0xd0, 0xf0, 0x49, 0xbf, 0xfd, 0xb8, 0xdb, 0xa9, 0x59, 0xad, 0x6b, 0x2f, 0x2e, 0x57, 0x73, 0xdf,
-	0x5d, 0xae, 0xe6, 0x7e, 0xb8, 0x5c, 0xcd, 0xfd, 0x72, 0xb9, 0x9a, 0xfb, 0xe2, 0xd7, 0xd5, 0x85,
-	0x93, 0x12, 0xfd, 0x45, 0xb9, 0xfb, 0x5b, 0x00, 0x00, 0x00, 0xff, 0xff, 0x84, 0xfe, 0x08, 0x0c,
-	0xe2, 0x0c, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/solver/pb/ops.proto b/vendor/github.com/moby/buildkit/solver/pb/ops.proto
index 09442f60c4cb6..39983e0eeec2b 100644
--- a/vendor/github.com/moby/buildkit/solver/pb/ops.proto
+++ b/vendor/github.com/moby/buildkit/solver/pb/ops.proto
@@ -15,7 +15,7 @@ message Op {
 	oneof op {
 		ExecOp exec = 2;
 		SourceOp source = 3;
-		CopyOp copy = 4;
+		FileOp file = 4;
 		BuildOp build = 5;
 	}
 	Platform platform = 10;
@@ -44,6 +44,7 @@ message ExecOp {
 	Meta meta = 1;
 	repeated Mount mounts = 2;
 	NetMode network = 3;
+	SecurityMode security = 4;
 }
 
 // Meta is a set of arguments for ExecOp.
@@ -56,6 +57,7 @@ message Meta {
 	string user = 4;
 	ProxyEnv proxy_env = 5;
 	repeated HostIP extraHosts = 6;
+	string hostname = 7;
 }
 
 enum NetMode {
@@ -64,6 +66,11 @@ enum NetMode {
 	NONE = 2;
 }
 
+enum SecurityMode {
+	SANDBOX = 0;
+	INSECURE = 1; // privileged mode
+}
+
 // Mount specifies how to mount an input Op as a filesystem.
 message Mount {
 	int64 input = 1 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false];
@@ -75,6 +82,7 @@ message Mount {
 	CacheOpt cacheOpt = 20;
 	SecretOpt secretOpt = 21;
 	SSHOpt SSHOpt = 22;
+	string resultID = 23;
 }
 
 // MountType defines a type of a mount from a supported set
@@ -134,18 +142,6 @@ message SSHOpt {
 	bool optional = 5;
 }
 
-// CopyOp copies files across Ops.
-message CopyOp {
-	repeated CopySource src = 1;
-	string dest = 2;
-}
-
-// CopySource specifies a source for CopyOp.
-message CopySource {
-	int64 input = 1 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false];
-	string selector = 2;
-}
-
 // SourceOp specifies a source such as build contexts and images.
 message SourceOp {
 	// TODO: use source type or any type instead of URL protocol.
@@ -183,6 +179,42 @@ message OpMetadata {
 	map<string, bool> caps = 5 [(gogoproto.castkey) = "github.com/moby/buildkit/util/apicaps.CapID", (gogoproto.nullable) = false];
 }
 
+// Source is a source mapping description for a file
+message Source {
+	map<string, Locations> locations = 1;
+	repeated SourceInfo infos = 2;
+}
+
+// Locations is a list of ranges with a index to its source map.
+message Locations {
+	repeated Location locations = 1;
+}
+
+// Source info contains the shared metadata of a source mapping
+message SourceInfo {
+ 	string filename = 1;
+	bytes data = 2;
+	Definition definition = 3;
+}
+
+// Location defines list of areas in to source file
+message Location {
+	int32 sourceIndex = 1;
+	repeated Range ranges = 2;
+}
+
+// Range is an area in the source file
+message Range {
+	Position start = 1 [(gogoproto.nullable) = false];
+	Position end = 2 [(gogoproto.nullable) = false];
+}
+
+// Position is single location in a source file
+message Position {
+	int32 Line = 1;
+	int32 Character = 2;
+}
+
 message ExportCache {
 	bool Value = 1;
 }
@@ -192,6 +224,7 @@ message ProxyEnv {
 	string https_proxy = 2;
 	string ftp_proxy = 3;
 	string no_proxy = 4;
+	string all_proxy = 5;
 }
 
 // WorkerConstraints defines conditions for the worker
@@ -206,9 +239,112 @@ message Definition {
 	// metadata contains metadata for the each of the Op messages.
 	// A key must be an LLB op digest string. Currently, empty string is not expected as a key, but it may change in the future.
 	map<string, OpMetadata> metadata = 2 [(gogoproto.castkey) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	// Source contains the source mapping information for the vertexes in the definition
+	Source Source = 3;
 }
 
 message HostIP {
 	string Host = 1;
 	string IP = 2;
-}
\ No newline at end of file
+}
+
+message FileOp {
+	repeated FileAction actions = 2;
+}
+
+message FileAction {
+	int64 input = 1 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false]; // could be real input or target (target index + max input index)
+	int64 secondaryInput = 2 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false]; // --//--
+	int64 output = 3 [(gogoproto.customtype) = "OutputIndex", (gogoproto.nullable) = false];
+	oneof action {
+		// FileActionCopy copies files from secondaryInput on top of input
+		FileActionCopy copy = 4;
+		// FileActionMkFile creates a new file
+		FileActionMkFile mkfile = 5;
+		// FileActionMkDir creates a new directory
+		FileActionMkDir mkdir = 6;
+		// FileActionRm removes a file
+		FileActionRm rm = 7;
+	}
+}
+
+message FileActionCopy {
+	// src is the source path
+	string src = 1;
+	// dest path
+	string dest = 2;
+	// optional owner override
+	ChownOpt owner = 3;
+	// optional permission bits override
+	int32 mode = 4;
+	// followSymlink resolves symlinks in src
+	bool followSymlink = 5;
+	// dirCopyContents only copies contents if src is a directory
+	bool dirCopyContents = 6;
+	// attemptUnpackDockerCompatibility detects if src is an archive to unpack it instead
+	bool attemptUnpackDockerCompatibility = 7;
+	// createDestPath creates dest path directories if needed
+	bool createDestPath = 8;
+	// allowWildcard allows filepath.Match wildcards in src path
+	bool allowWildcard = 9;
+	// allowEmptyWildcard doesn't fail the whole copy if wildcard doesn't resolve to files
+	bool allowEmptyWildcard = 10;
+	// optional created time override
+	int64 timestamp = 11;
+	// include only files/dirs matching at least one of these patterns
+	repeated string include_patterns = 12;
+	// exclude files/dir matching any of these patterns (even if they match an include pattern)
+	repeated string exclude_patterns = 13;
+}
+
+message FileActionMkFile {
+	// path for the new file
+	string path = 1;
+	// permission bits
+	int32 mode = 2;
+	// data is the new file contents
+	bytes data = 3;
+	// optional owner for the new file
+	ChownOpt owner = 4;
+	// optional created time override
+	int64 timestamp = 5;
+}
+
+message FileActionMkDir {
+	// path for the new directory
+	string path = 1;
+	// permission bits
+	int32 mode = 2;
+	// makeParents creates parent directories as well if needed
+	bool makeParents = 3;
+	// optional owner for the new directory
+	ChownOpt owner = 4;
+	// optional created time override
+	int64 timestamp = 5;
+}
+
+message FileActionRm {
+	// path to remove
+	string path = 1;
+	// allowNotFound doesn't fail the rm if file is not found
+	bool allowNotFound = 2;
+	// allowWildcard allows filepath.Match wildcards in path
+	bool allowWildcard = 3;
+}
+
+message ChownOpt {
+	UserOpt user = 1;
+	UserOpt group = 2;
+}
+
+message UserOpt {
+	oneof user {
+		NamedUserOpt byName = 1;
+		uint32 byID = 2;
+	}
+}
+
+message NamedUserOpt {
+	string name = 1;
+	int64 input = 2 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false];
+}
diff --git a/vendor/github.com/moby/buildkit/solver/progress.go b/vendor/github.com/moby/buildkit/solver/progress.go
index 14f3f5e0199c3..0548ee3bc977a 100644
--- a/vendor/github.com/moby/buildkit/solver/progress.go
+++ b/vendor/github.com/moby/buildkit/solver/progress.go
@@ -12,7 +12,7 @@ import (
 )
 
 func (j *Job) Status(ctx context.Context, ch chan *client.SolveStatus) error {
-	vs := &vertexStream{cache: map[digest.Digest]*client.Vertex{}}
+	vs := &vertexStream{cache: map[digest.Digest]*client.Vertex{}, wasCached: make(map[digest.Digest]struct{})}
 	pr := j.pr.Reader(ctx)
 	defer func() {
 		if enc := vs.encore(); len(enc) > 0 {
@@ -72,7 +72,8 @@ func (j *Job) Status(ctx context.Context, ch chan *client.SolveStatus) error {
 }
 
 type vertexStream struct {
-	cache map[digest.Digest]*client.Vertex
+	cache     map[digest.Digest]*client.Vertex
+	wasCached map[digest.Digest]struct{}
 }
 
 func (vs *vertexStream) append(v client.Vertex) []*client.Vertex {
@@ -91,17 +92,34 @@ func (vs *vertexStream) append(v client.Vertex) []*client.Vertex {
 			}
 		}
 	}
+	if v.Cached {
+		vs.markCached(v.Digest)
+	}
+
 	vcopy := v
 	return append(out, &vcopy)
 }
 
+func (vs *vertexStream) markCached(dgst digest.Digest) {
+	if v, ok := vs.cache[dgst]; ok {
+		if _, ok := vs.wasCached[dgst]; !ok {
+			for _, inp := range v.Inputs {
+				vs.markCached(inp)
+			}
+		}
+		vs.wasCached[dgst] = struct{}{}
+	}
+}
+
 func (vs *vertexStream) encore() []*client.Vertex {
 	var out []*client.Vertex
 	for _, v := range vs.cache {
 		if v.Started != nil && v.Completed == nil {
 			now := time.Now()
 			v.Completed = &now
-			v.Error = context.Canceled.Error()
+			if _, ok := vs.wasCached[v.Digest]; !ok && v.Error == "" {
+				v.Error = context.Canceled.Error()
+			}
 			out = append(out, v)
 		}
 	}
diff --git a/vendor/github.com/moby/buildkit/solver/result.go b/vendor/github.com/moby/buildkit/solver/result.go
index b217ae083e4c5..b35c74b49e8e3 100644
--- a/vendor/github.com/moby/buildkit/solver/result.go
+++ b/vendor/github.com/moby/buildkit/solver/result.go
@@ -40,14 +40,14 @@ func dup(res Result) (Result, Result) {
 }
 
 type splitResult struct {
-	Result
 	released int64
 	sem      *int64
+	Result
 }
 
 func (r *splitResult) Release(ctx context.Context) error {
 	if atomic.AddInt64(&r.released, 1) > 1 {
-		err := errors.Errorf("releasing already released reference")
+		err := errors.Errorf("releasing already released reference %+v", r.Result.ID())
 		logrus.Error(err)
 		return err
 	}
@@ -78,10 +78,14 @@ func NewSharedCachedResult(res CachedResult) *SharedCachedResult {
 	}
 }
 
-func (r *SharedCachedResult) Clone() CachedResult {
+func (r *SharedCachedResult) CloneCachedResult() CachedResult {
 	return &clonedCachedResult{Result: r.SharedResult.Clone(), cr: r.CachedResult}
 }
 
+func (r *SharedCachedResult) Clone() Result {
+	return r.CloneCachedResult()
+}
+
 func (r *SharedCachedResult) Release(ctx context.Context) error {
 	return r.SharedResult.Release(ctx)
 }
@@ -91,12 +95,12 @@ type clonedCachedResult struct {
 	cr CachedResult
 }
 
-func (r *clonedCachedResult) ID() string {
-	return r.Result.ID()
+func (ccr *clonedCachedResult) ID() string {
+	return ccr.Result.ID()
 }
 
-func (cr *clonedCachedResult) CacheKeys() []ExportableCacheKey {
-	return cr.cr.CacheKeys()
+func (ccr *clonedCachedResult) CacheKeys() []ExportableCacheKey {
+	return ccr.cr.CacheKeys()
 }
 
 type SharedCachedResult struct {
diff --git a/vendor/github.com/moby/buildkit/solver/scheduler.go b/vendor/github.com/moby/buildkit/solver/scheduler.go
index 7fe981eff4547..b90f899f1bc96 100644
--- a/vendor/github.com/moby/buildkit/solver/scheduler.go
+++ b/vendor/github.com/moby/buildkit/solver/scheduler.go
@@ -130,9 +130,13 @@ func (s *scheduler) dispatch(e *edge) {
 	pf := &pipeFactory{s: s, e: e}
 
 	// unpark the edge
-	debugSchedulerPreUnpark(e, inc, updates, out)
+	if debugScheduler {
+		debugSchedulerPreUnpark(e, inc, updates, out)
+	}
 	e.unpark(inc, updates, out, pf)
-	debugSchedulerPostUnpark(e, inc)
+	if debugScheduler {
+		debugSchedulerPostUnpark(e, inc)
+	}
 
 postUnpark:
 	// set up new requests that didn't complete/were added by this run
@@ -166,9 +170,13 @@ postUnpark:
 			// skip this if not at least 1 key per dep
 			origEdge := e.index.LoadOrStore(k, e)
 			if origEdge != nil {
-				logrus.Debugf("merging edge %s to %s\n", e.edge.Vertex.Name(), origEdge.edge.Vertex.Name())
-				if s.mergeTo(origEdge, e) {
-					s.ef.setEdge(e.edge, origEdge)
+				if e.isDep(origEdge) || origEdge.isDep(e) {
+					logrus.Debugf("skip merge due to dependency")
+				} else {
+					logrus.Debugf("merging edge %s to %s\n", e.edge.Vertex.Name(), origEdge.edge.Vertex.Name())
+					if s.mergeTo(origEdge, e) {
+						s.ef.setEdge(e.edge, origEdge)
+					}
 				}
 			}
 		}
@@ -240,7 +248,7 @@ func (s *scheduler) build(ctx context.Context, edge Edge) (CachedResult, error)
 	if err := p.Receiver.Status().Err; err != nil {
 		return nil, err
 	}
-	return p.Receiver.Status().Value.(*edgeState).result.Clone(), nil
+	return p.Receiver.Status().Value.(*edgeState).result.CloneCachedResult(), nil
 }
 
 // newPipe creates a new request pipe between two edges
@@ -361,9 +369,6 @@ func (pf *pipeFactory) NewFuncRequest(f func(context.Context) (interface{}, erro
 }
 
 func debugSchedulerPreUnpark(e *edge, inc []pipe.Sender, updates, allPipes []pipe.Receiver) {
-	if !debugScheduler {
-		return
-	}
 	logrus.Debugf(">> unpark %s req=%d upt=%d out=%d state=%s %s", e.edge.Vertex.Name(), len(inc), len(updates), len(allPipes), e.state, e.edge.Vertex.Digest())
 
 	for i, dep := range e.deps {
@@ -371,7 +376,7 @@ func debugSchedulerPreUnpark(e *edge, inc []pipe.Sender, updates, allPipes []pip
 		if dep.req != nil {
 			des = dep.req.Request().(*edgeRequest).desiredState
 		}
-		logrus.Debugf(":: dep%d %s state=%s des=%s keys=%d hasslowcache=%v", i, e.edge.Vertex.Inputs()[i].Vertex.Name(), dep.state, des, len(dep.keys), e.slowCacheFunc(dep) != nil)
+		logrus.Debugf(":: dep%d %s state=%s des=%s keys=%d hasslowcache=%v preprocessfunc=%v", i, e.edge.Vertex.Inputs()[i].Vertex.Name(), dep.state, des, len(dep.keys), e.slowCacheFunc(dep) != nil, e.preprocessFunc(dep) != nil)
 	}
 
 	for i, in := range inc {
@@ -400,9 +405,6 @@ func debugSchedulerPreUnpark(e *edge, inc []pipe.Sender, updates, allPipes []pip
 }
 
 func debugSchedulerPostUnpark(e *edge, inc []pipe.Sender) {
-	if !debugScheduler {
-		return
-	}
 	for i, in := range inc {
 		logrus.Debugf("< incoming-%d: %p completed=%v", i, in, in.Status().Completed)
 	}
diff --git a/vendor/github.com/moby/buildkit/solver/types.go b/vendor/github.com/moby/buildkit/solver/types.go
index ccf4cad012c62..a87760692ebca 100644
--- a/vendor/github.com/moby/buildkit/solver/types.go
+++ b/vendor/github.com/moby/buildkit/solver/types.go
@@ -5,33 +5,49 @@ import (
 	"time"
 
 	"github.com/containerd/containerd/content"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver/pb"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
-// Vertex is one node in the build graph
+// Vertex is a node in a build graph. It defines an interface for a
+// content-addressable operation and its inputs.
 type Vertex interface {
-	// Digest is a content-addressable vertex identifier
+	// Digest returns a checksum of the definition up to the vertex including
+	// all of its inputs.
 	Digest() digest.Digest
-	// Sys returns an internal value that is used to execute the vertex. Usually
-	// this is capured by the operation resolver method during solve.
+
+	// Sys returns an object used to resolve the executor for this vertex.
+	// In LLB solver, this value would be of type `llb.Op`.
 	Sys() interface{}
+
+	// Options return metadata associated with the vertex that doesn't change the
+	// definition or equality check of it.
 	Options() VertexOptions
-	// Array of edges current vertex depends on.
+
+	// Inputs returns an array of edges the vertex depends on. An input edge is
+	// a vertex and an index from the returned array of results from an executor
+	// returned by Sys(). A vertex may have zero inputs.
 	Inputs() []Edge
+
 	Name() string
 }
 
-// Index is a index value for output edge
+// Index is an index value for the return array of an operation. Index starts
+// counting from zero.
 type Index int
 
-// Edge is a path to a specific output of the vertex
+// Edge is a connection point between vertexes. An edge references a specific
+// output of a vertex's operation. Edges are used as inputs to other vertexes.
 type Edge struct {
 	Index  Index
 	Vertex Vertex
 }
 
-// VertexOptions has optional metadata for the vertex that is not contained in digest
+// VertexOptions define optional metadata for a vertex that doesn't change the
+// definition or equality check of it. These options are not contained in the
+// vertex digest.
 type VertexOptions struct {
 	IgnoreCache  bool
 	CacheSources []CacheManager
@@ -45,6 +61,7 @@ type Result interface {
 	ID() string
 	Release(context.Context) error
 	Sys() interface{}
+	Clone() Result
 }
 
 // CachedResult is a result connected with its cache key
@@ -53,6 +70,12 @@ type CachedResult interface {
 	CacheKeys() []ExportableCacheKey
 }
 
+type ResultProxy interface {
+	Result(context.Context) (CachedResult, error)
+	Release(context.Context) error
+	Definition() *pb.Definition
+}
+
 // CacheExportMode is the type for setting cache exporting modes
 type CacheExportMode int
 
@@ -73,6 +96,8 @@ type CacheExportOpt struct {
 	Convert func(context.Context, Result) (*Remote, error)
 	// Mode defines a cache export algorithm
 	Mode CacheExportMode
+	// Session is the session group to client (for auth credentials etc)
+	Session session.Group
 }
 
 // CacheExporter can export the artifacts of the build chain
@@ -110,28 +135,61 @@ type CacheLink struct {
 	Selector digest.Digest `json:",omitempty"`
 }
 
-// Op is an implementation for running a vertex
+type ReleaseFunc func()
+
+// Op defines how the solver can evaluate the properties of a vertex operation.
+// An op is executed in the worker, and is retrieved from the vertex by the
+// value of `vertex.Sys()`. The solver is configured with a resolve function to
+// convert a `vertex.Sys()` into an `Op`.
 type Op interface {
 	// CacheMap returns structure describing how the operation is cached.
 	// Currently only roots are allowed to return multiple cache maps per op.
-	CacheMap(context.Context, int) (*CacheMap, bool, error)
+	CacheMap(context.Context, session.Group, int) (*CacheMap, bool, error)
+
 	// Exec runs an operation given results from previous operations.
-	Exec(ctx context.Context, inputs []Result) (outputs []Result, err error)
+	Exec(ctx context.Context, g session.Group, inputs []Result) (outputs []Result, err error)
+
+	// Acquire acquires the necessary resources to execute the `Op`.
+	Acquire(ctx context.Context) (release ReleaseFunc, err error)
 }
 
-type ResultBasedCacheFunc func(context.Context, Result) (digest.Digest, error)
+type ResultBasedCacheFunc func(context.Context, Result, session.Group) (digest.Digest, error)
+type PreprocessFunc func(context.Context, Result, session.Group) error
 
+// CacheMap is a description for calculating the cache key of an operation.
 type CacheMap struct {
-	// Digest is a base digest for operation that needs to be combined with
-	// inputs cache or selectors for dependencies.
+	// Digest returns a checksum for the operation. The operation result can be
+	// cached by a checksum that combines this digest and the cache keys of the
+	// operation's inputs.
+	//
+	// For example, in LLB this digest is a manifest digest for OCI images, or
+	// commit SHA for git sources.
 	Digest digest.Digest
-	Deps   []struct {
-		// Optional digest that is merged with the cache key of the input
+
+	// Deps contain optional selectors or content-based cache functions for its
+	// inputs.
+	Deps []struct {
+		// Selector is a digest that is merged with the cache key of the input.
+		// Selectors are not merged with the result of the `ComputeDigestFunc` for
+		// this input.
 		Selector digest.Digest
-		// Optional function that returns a digest for the input based on its
-		// return value
+
+		// ComputeDigestFunc should return a digest for the input based on its return
+		// value.
+		//
+		// For example, in LLB this is invoked to calculate the cache key based on
+		// the checksum of file contents from input snapshots.
 		ComputeDigestFunc ResultBasedCacheFunc
+
+		// PreprocessFunc is a function that runs on an input before it is passed to op
+		PreprocessFunc PreprocessFunc
 	}
+
+	// Opts specifies generic options that will be passed to cache load calls if/when
+	// the key associated with this CacheMap is used to load a ref. It allows options
+	// such as oci descriptor content providers and progress writers to be passed to
+	// the cache. Opts should not have any impact on the computed cache key.
+	Opts CacheOpts
 }
 
 // ExportableCacheKey is a cache key connected with an exporter that can export
@@ -152,17 +210,24 @@ type CacheRecord struct {
 	key          *CacheKey
 }
 
-// CacheManager implements build cache backend
+// CacheManager determines if there is a result that matches the cache keys
+// generated during the build that could be reused instead of fully
+// reevaluating the vertex and its inputs. There can be multiple cache
+// managers, and specific managers can be defined per vertex using
+// `VertexOptions`.
 type CacheManager interface {
 	// ID is used to identify cache providers that are backed by same source
-	// to avoid duplicate calls to the same provider
+	// to avoid duplicate calls to the same provider.
 	ID() string
+
 	// Query searches for cache paths from one cache key to the output of a
 	// possible match.
 	Query(inp []CacheKeyWithSelector, inputIndex Index, dgst digest.Digest, outputIndex Index) ([]*CacheKey, error)
 	Records(ck *CacheKey) ([]*CacheRecord, error)
-	// Load pulls and returns the cached result
+
+	// Load loads a cache record into a result reference.
 	Load(ctx context.Context, rec *CacheRecord) (Result, error)
+
 	// Save saves a result based on a cache key
-	Save(key *CacheKey, s Result) (*ExportableCacheKey, error)
+	Save(key *CacheKey, s Result, createdAt time.Time) (*ExportableCacheKey, error)
 }
diff --git a/vendor/github.com/moby/buildkit/source/git/gitsource.go b/vendor/github.com/moby/buildkit/source/git/gitsource.go
index 47d304b792350..08125c58e5917 100644
--- a/vendor/github.com/moby/buildkit/source/git/gitsource.go
+++ b/vendor/github.com/moby/buildkit/source/git/gitsource.go
@@ -3,25 +3,37 @@ package git
 import (
 	"bytes"
 	"context"
+	"encoding/base64"
 	"fmt"
 	"io"
+	"io/ioutil"
+	"net/url"
 	"os"
 	"os/exec"
+	"os/user"
+	"path"
 	"path/filepath"
 	"regexp"
+	"strconv"
 	"strings"
 
-	"github.com/docker/docker/pkg/locker"
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/metadata"
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/secrets"
+	"github.com/moby/buildkit/session/sshforward"
 	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/source"
 	"github.com/moby/buildkit/util/progress/logs"
+	"github.com/moby/locker"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	bolt "go.etcd.io/bbolt"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
 var validHex = regexp.MustCompile(`^[a-f0-9]{40}$`)
@@ -37,17 +49,20 @@ type gitSource struct {
 	locker *locker.Locker
 }
 
+// Supported returns nil if the system supports Git source
+func Supported() error {
+	if err := exec.Command("git", "version").Run(); err != nil {
+		return errors.Wrap(err, "failed to find git binary")
+	}
+	return nil
+}
+
 func NewSource(opt Opt) (source.Source, error) {
 	gs := &gitSource{
 		md:     opt.MetadataStore,
 		cache:  opt.CacheAccessor,
 		locker: locker.New(),
 	}
-
-	if err := exec.Command("git", "version").Run(); err != nil {
-		return nil, errors.Wrap(err, "failed to find git binary")
-	}
-
 	return gs, nil
 }
 
@@ -56,33 +71,33 @@ func (gs *gitSource) ID() string {
 }
 
 // needs to be called with repo lock
-func (gs *gitSource) mountRemote(ctx context.Context, remote string) (target string, release func(), retErr error) {
+func (gs *gitSource) mountRemote(ctx context.Context, remote string, auth []string, g session.Group) (target string, release func(), retErr error) {
 	remoteKey := "git-remote::" + remote
 
 	sis, err := gs.md.Search(remoteKey)
 	if err != nil {
-		return "", nil, errors.Wrapf(err, "failed to search metadata for %s", remote)
+		return "", nil, errors.Wrapf(err, "failed to search metadata for %s", redactCredentials(remote))
 	}
 
 	var remoteRef cache.MutableRef
 	for _, si := range sis {
 		remoteRef, err = gs.cache.GetMutable(ctx, si.ID())
 		if err != nil {
-			if cache.IsLocked(err) {
+			if errors.Is(err, cache.ErrLocked) {
 				// should never really happen as no other function should access this metadata, but lets be graceful
-				logrus.Warnf("mutable ref for %s  %s was locked: %v", remote, si.ID(), err)
+				logrus.Warnf("mutable ref for %s  %s was locked: %v", redactCredentials(remote), si.ID(), err)
 				continue
 			}
-			return "", nil, errors.Wrapf(err, "failed to get mutable ref for %s", remote)
+			return "", nil, errors.Wrapf(err, "failed to get mutable ref for %s", redactCredentials(remote))
 		}
 		break
 	}
 
 	initializeRepo := false
 	if remoteRef == nil {
-		remoteRef, err = gs.cache.New(ctx, nil, cache.CachePolicyRetain, cache.WithDescription(fmt.Sprintf("shared git repo for %s", remote)))
+		remoteRef, err = gs.cache.New(ctx, nil, g, cache.CachePolicyRetain, cache.WithDescription(fmt.Sprintf("shared git repo for %s", redactCredentials(remote))))
 		if err != nil {
-			return "", nil, errors.Wrapf(err, "failed to create new mutable for %s", remote)
+			return "", nil, errors.Wrapf(err, "failed to create new mutable for %s", redactCredentials(remote))
 		}
 		initializeRepo = true
 	}
@@ -97,7 +112,7 @@ func (gs *gitSource) mountRemote(ctx context.Context, remote string) (target str
 		}
 	}()
 
-	mount, err := remoteRef.Mount(ctx, false)
+	mount, err := remoteRef.Mount(ctx, false, g)
 	if err != nil {
 		return "", nil, err
 	}
@@ -115,21 +130,21 @@ func (gs *gitSource) mountRemote(ctx context.Context, remote string) (target str
 	}()
 
 	if initializeRepo {
-		if _, err := gitWithinDir(ctx, dir, "", "init", "--bare"); err != nil {
+		if _, err := gitWithinDir(ctx, dir, "", "", "", auth, "init", "--bare"); err != nil {
 			return "", nil, errors.Wrapf(err, "failed to init repo at %s", dir)
 		}
 
-		if _, err := gitWithinDir(ctx, dir, "", "remote", "add", "origin", remote); err != nil {
+		if _, err := gitWithinDir(ctx, dir, "", "", "", auth, "remote", "add", "origin", remote); err != nil {
 			return "", nil, errors.Wrapf(err, "failed add origin repo at %s", dir)
 		}
 
 		// same new remote metadata
 		si, _ := gs.md.Get(remoteRef.ID())
 		v, err := metadata.NewValue(remoteKey)
-		v.Index = remoteKey
 		if err != nil {
 			return "", nil, err
 		}
+		v.Index = remoteKey
 
 		if err := si.Update(func(b *bolt.Bucket) error {
 			return si.SetValue(b, "git-remote", v)
@@ -147,9 +162,22 @@ type gitSourceHandler struct {
 	*gitSource
 	src      source.GitIdentifier
 	cacheKey string
+	sm       *session.Manager
+	auth     []string
+}
+
+func (gs *gitSourceHandler) shaToCacheKey(sha string) string {
+	key := sha
+	if gs.src.KeepGitDir {
+		key += ".git"
+	}
+	if gs.src.Subdir != "" {
+		key += ":" + gs.src.Subdir
+	}
+	return key
 }
 
-func (gs *gitSource) Resolve(ctx context.Context, id source.Identifier) (source.SourceInstance, error) {
+func (gs *gitSource) Resolve(ctx context.Context, id source.Identifier, sm *session.Manager, _ solver.Vertex) (source.SourceInstance, error) {
 	gitIdentifier, ok := id.(*source.GitIdentifier)
 	if !ok {
 		return nil, errors.Errorf("invalid git identifier %v", id)
@@ -158,10 +186,126 @@ func (gs *gitSource) Resolve(ctx context.Context, id source.Identifier) (source.
 	return &gitSourceHandler{
 		src:       *gitIdentifier,
 		gitSource: gs,
+		sm:        sm,
 	}, nil
 }
 
-func (gs *gitSourceHandler) CacheKey(ctx context.Context, index int) (string, bool, error) {
+type authSecret struct {
+	token bool
+	name  string
+}
+
+func (gs *gitSourceHandler) authSecretNames() (sec []authSecret, _ error) {
+	u, err := url.Parse(gs.src.Remote)
+	if err != nil {
+		return nil, err
+	}
+	if gs.src.AuthHeaderSecret != "" {
+		sec = append(sec, authSecret{name: gs.src.AuthHeaderSecret + "." + u.Host})
+	}
+	if gs.src.AuthTokenSecret != "" {
+		sec = append(sec, authSecret{name: gs.src.AuthTokenSecret + "." + u.Host, token: true})
+	}
+	if gs.src.AuthHeaderSecret != "" {
+		sec = append(sec, authSecret{name: gs.src.AuthHeaderSecret})
+	}
+	if gs.src.AuthTokenSecret != "" {
+		sec = append(sec, authSecret{name: gs.src.AuthTokenSecret, token: true})
+	}
+	return sec, nil
+}
+
+func (gs *gitSourceHandler) getAuthToken(ctx context.Context, g session.Group) error {
+	if gs.auth != nil {
+		return nil
+	}
+	sec, err := gs.authSecretNames()
+	if err != nil {
+		return err
+	}
+	return gs.sm.Any(ctx, g, func(ctx context.Context, _ string, caller session.Caller) error {
+		for _, s := range sec {
+			dt, err := secrets.GetSecret(ctx, caller, s.name)
+			if err != nil {
+				if errors.Is(err, secrets.ErrNotFound) {
+					continue
+				}
+				return err
+			}
+			if s.token {
+				dt = []byte("basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("x-access-token:%s", dt))))
+			}
+			gs.auth = []string{"-c", "http." + tokenScope(gs.src.Remote) + ".extraheader=Authorization: " + string(dt)}
+			break
+		}
+		return nil
+	})
+}
+
+func (gs *gitSourceHandler) mountSSHAuthSock(ctx context.Context, sshID string, g session.Group) (string, func() error, error) {
+	var caller session.Caller
+	err := gs.sm.Any(ctx, g, func(ctx context.Context, _ string, c session.Caller) error {
+		if err := sshforward.CheckSSHID(ctx, c, sshID); err != nil {
+			if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented {
+				return errors.Errorf("no SSH key %q forwarded from the client", sshID)
+			}
+
+			return err
+		}
+		caller = c
+		return nil
+	})
+	if err != nil {
+		return "", nil, err
+	}
+
+	usr, err := user.Current()
+	if err != nil {
+		return "", nil, err
+	}
+
+	// best effort, default to root
+	uid, _ := strconv.Atoi(usr.Uid)
+	gid, _ := strconv.Atoi(usr.Gid)
+
+	sock, cleanup, err := sshforward.MountSSHSocket(ctx, caller, sshforward.SocketOpt{
+		ID:   sshID,
+		UID:  uid,
+		GID:  gid,
+		Mode: 0700,
+	})
+	if err != nil {
+		return "", nil, err
+	}
+
+	return sock, cleanup, nil
+}
+
+func (gs *gitSourceHandler) mountKnownHosts(ctx context.Context) (string, func() error, error) {
+	if gs.src.KnownSSHHosts == "" {
+		return "", nil, errors.Errorf("no configured known hosts forwarded from the client")
+	}
+	knownHosts, err := ioutil.TempFile("", "")
+	if err != nil {
+		return "", nil, err
+	}
+	cleanup := func() error {
+		return os.Remove(knownHosts.Name())
+	}
+	_, err = knownHosts.Write([]byte(gs.src.KnownSSHHosts))
+	if err != nil {
+		cleanup()
+		return "", nil, err
+	}
+	err = knownHosts.Close()
+	if err != nil {
+		cleanup()
+		return "", nil, err
+	}
+	return knownHosts.Name(), cleanup, nil
+}
+
+func (gs *gitSourceHandler) CacheKey(ctx context.Context, g session.Group, index int) (string, solver.CacheOpts, bool, error) {
 	remote := gs.src.Remote
 	ref := gs.src.Ref
 	if ref == "" {
@@ -171,37 +315,61 @@ func (gs *gitSourceHandler) CacheKey(ctx context.Context, index int) (string, bo
 	defer gs.locker.Unlock(remote)
 
 	if isCommitSHA(ref) {
+		ref = gs.shaToCacheKey(ref)
 		gs.cacheKey = ref
-		return ref, true, nil
+		return ref, nil, true, nil
 	}
 
-	gitDir, unmountGitDir, err := gs.mountRemote(ctx, remote)
+	gs.getAuthToken(ctx, g)
+
+	gitDir, unmountGitDir, err := gs.mountRemote(ctx, remote, gs.auth, g)
 	if err != nil {
-		return "", false, err
+		return "", nil, false, err
 	}
 	defer unmountGitDir()
 
+	var sock string
+	if gs.src.MountSSHSock != "" {
+		var unmountSock func() error
+		sock, unmountSock, err = gs.mountSSHAuthSock(ctx, gs.src.MountSSHSock, g)
+		if err != nil {
+			return "", nil, false, err
+		}
+		defer unmountSock()
+	}
+
+	var knownHosts string
+	if gs.src.KnownSSHHosts != "" {
+		var unmountKnownHosts func() error
+		knownHosts, unmountKnownHosts, err = gs.mountKnownHosts(ctx)
+		if err != nil {
+			return "", nil, false, err
+		}
+		defer unmountKnownHosts()
+	}
+
 	// TODO: should we assume that remote tag is immutable? add a timer?
 
-	buf, err := gitWithinDir(ctx, gitDir, "", "ls-remote", "origin", ref)
+	buf, err := gitWithinDir(ctx, gitDir, "", sock, knownHosts, gs.auth, "ls-remote", "origin", ref)
 	if err != nil {
-		return "", false, errors.Wrapf(err, "failed to fetch remote %s", remote)
+		return "", nil, false, errors.Wrapf(err, "failed to fetch remote %s", redactCredentials(remote))
 	}
 	out := buf.String()
 	idx := strings.Index(out, "\t")
 	if idx == -1 {
-		return "", false, errors.Errorf("failed to find commit SHA from output: %s", string(out))
+		return "", nil, false, errors.Errorf("repository does not contain ref %s, output: %q", ref, string(out))
 	}
 
 	sha := string(out[:idx])
 	if !isCommitSHA(sha) {
-		return "", false, errors.Errorf("invalid commit sha %q", sha)
+		return "", nil, false, errors.Errorf("invalid commit sha %q", sha)
 	}
+	sha = gs.shaToCacheKey(sha)
 	gs.cacheKey = sha
-	return sha, true, nil
+	return sha, nil, true, nil
 }
 
-func (gs *gitSourceHandler) Snapshot(ctx context.Context) (out cache.ImmutableRef, retErr error) {
+func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out cache.ImmutableRef, retErr error) {
 	ref := gs.src.Ref
 	if ref == "" {
 		ref = "master"
@@ -210,12 +378,14 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context) (out cache.ImmutableRe
 	cacheKey := gs.cacheKey
 	if cacheKey == "" {
 		var err error
-		cacheKey, _, err = gs.CacheKey(ctx, 0)
+		cacheKey, _, _, err = gs.CacheKey(ctx, g, 0)
 		if err != nil {
 			return nil, err
 		}
 	}
 
+	gs.getAuthToken(ctx, g)
+
 	snapshotKey := "git-snapshot::" + cacheKey + ":" + gs.src.Subdir
 	gs.locker.Lock(snapshotKey)
 	defer gs.locker.Unlock(snapshotKey)
@@ -230,21 +400,44 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context) (out cache.ImmutableRe
 
 	gs.locker.Lock(gs.src.Remote)
 	defer gs.locker.Unlock(gs.src.Remote)
-	gitDir, unmountGitDir, err := gs.mountRemote(ctx, gs.src.Remote)
+	gitDir, unmountGitDir, err := gs.mountRemote(ctx, gs.src.Remote, gs.auth, g)
 	if err != nil {
 		return nil, err
 	}
 	defer unmountGitDir()
 
+	var sock string
+	if gs.src.MountSSHSock != "" {
+		var unmountSock func() error
+		sock, unmountSock, err = gs.mountSSHAuthSock(ctx, gs.src.MountSSHSock, g)
+		if err != nil {
+			return nil, err
+		}
+		defer unmountSock()
+	}
+
+	var knownHosts string
+	if gs.src.KnownSSHHosts != "" {
+		var unmountKnownHosts func() error
+		knownHosts, unmountKnownHosts, err = gs.mountKnownHosts(ctx)
+		if err != nil {
+			return nil, err
+		}
+		defer unmountKnownHosts()
+	}
+
 	doFetch := true
 	if isCommitSHA(ref) {
 		// skip fetch if commit already exists
-		if _, err := gitWithinDir(ctx, gitDir, "", "cat-file", "-e", ref+"^{commit}"); err == nil {
+		if _, err := gitWithinDir(ctx, gitDir, "", sock, knownHosts, nil, "cat-file", "-e", ref+"^{commit}"); err == nil {
 			doFetch = false
 		}
 	}
 
 	if doFetch {
+		// make sure no old lock files have leaked
+		os.RemoveAll(filepath.Join(gitDir, "shallow.lock"))
+
 		args := []string{"fetch"}
 		if !isCommitSHA(ref) { // TODO: find a branch from ls-remote?
 			args = append(args, "--depth=1", "--no-tags")
@@ -255,18 +448,19 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context) (out cache.ImmutableRe
 		}
 		args = append(args, "origin")
 		if !isCommitSHA(ref) {
-			args = append(args, ref+":tags/"+ref)
-			// local refs are needed so they would be advertised on next fetches
+			args = append(args, "--force", ref+":tags/"+ref)
+			// local refs are needed so they would be advertised on next fetches. Force is used
+			// in case the ref is a branch and it now points to a different commit sha
 			// TODO: is there a better way to do this?
 		}
-		if _, err := gitWithinDir(ctx, gitDir, "", args...); err != nil {
-			return nil, errors.Wrapf(err, "failed to fetch remote %s", gs.src.Remote)
+		if _, err := gitWithinDir(ctx, gitDir, "", sock, knownHosts, gs.auth, args...); err != nil {
+			return nil, errors.Wrapf(err, "failed to fetch remote %s", redactCredentials(gs.src.Remote))
 		}
 	}
 
-	checkoutRef, err := gs.cache.New(ctx, nil, cache.WithRecordType(client.UsageRecordTypeGitCheckout), cache.WithDescription(fmt.Sprintf("git snapshot for %s#%s", gs.src.Remote, ref)))
+	checkoutRef, err := gs.cache.New(ctx, nil, g, cache.WithRecordType(client.UsageRecordTypeGitCheckout), cache.WithDescription(fmt.Sprintf("git snapshot for %s#%s", gs.src.Remote, ref)))
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to create new mutable for %s", gs.src.Remote)
+		return nil, errors.Wrapf(err, "failed to create new mutable for %s", redactCredentials(gs.src.Remote))
 	}
 
 	defer func() {
@@ -275,7 +469,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context) (out cache.ImmutableRe
 		}
 	}()
 
-	mount, err := checkoutRef.Mount(ctx, false)
+	mount, err := checkoutRef.Mount(ctx, false, g)
 	if err != nil {
 		return nil, err
 	}
@@ -290,42 +484,97 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context) (out cache.ImmutableRe
 		}
 	}()
 
-	if gs.src.KeepGitDir {
-		_, err = gitWithinDir(ctx, checkoutDir, "", "init")
+	subdir := path.Clean(gs.src.Subdir)
+	if subdir == "/" {
+		subdir = "."
+	}
+
+	if gs.src.KeepGitDir && subdir == "." {
+		checkoutDirGit := filepath.Join(checkoutDir, ".git")
+		if err := os.MkdirAll(checkoutDir, 0711); err != nil {
+			return nil, err
+		}
+		_, err = gitWithinDir(ctx, checkoutDirGit, "", sock, knownHosts, nil, "init")
 		if err != nil {
 			return nil, err
 		}
-		_, err = gitWithinDir(ctx, checkoutDir, "", "remote", "add", "origin", gitDir)
+		_, err = gitWithinDir(ctx, checkoutDirGit, "", sock, knownHosts, nil, "remote", "add", "origin", gitDir)
 		if err != nil {
 			return nil, err
 		}
 		pullref := ref
 		if isCommitSHA(ref) {
 			pullref = "refs/buildkit/" + identity.NewID()
-			_, err = gitWithinDir(ctx, gitDir, "", "update-ref", pullref, ref)
+			_, err = gitWithinDir(ctx, gitDir, "", sock, knownHosts, gs.auth, "update-ref", pullref, ref)
 			if err != nil {
 				return nil, err
 			}
+		} else {
+			pullref += ":" + pullref
 		}
-		_, err = gitWithinDir(ctx, checkoutDir, "", "fetch", "--depth=1", "origin", pullref)
+		_, err = gitWithinDir(ctx, checkoutDirGit, "", sock, knownHosts, gs.auth, "fetch", "-u", "--depth=1", "origin", pullref)
 		if err != nil {
 			return nil, err
 		}
-		_, err = gitWithinDir(ctx, checkoutDir, checkoutDir, "checkout", "FETCH_HEAD")
+		_, err = gitWithinDir(ctx, checkoutDirGit, checkoutDir, sock, knownHosts, nil, "checkout", "FETCH_HEAD")
 		if err != nil {
-			return nil, errors.Wrapf(err, "failed to checkout remote %s", gs.src.Remote)
+			return nil, errors.Wrapf(err, "failed to checkout remote %s", redactCredentials(gs.src.Remote))
 		}
-		gitDir = checkoutDir
+		gitDir = checkoutDirGit
 	} else {
-		_, err = gitWithinDir(ctx, gitDir, checkoutDir, "checkout", ref, "--", ".")
+		cd := checkoutDir
+		if subdir != "." {
+			cd, err = ioutil.TempDir(cd, "checkout")
+			if err != nil {
+				return nil, errors.Wrapf(err, "failed to create temporary checkout dir")
+			}
+		}
+		_, err = gitWithinDir(ctx, gitDir, cd, sock, knownHosts, nil, "checkout", ref, "--", ".")
 		if err != nil {
-			return nil, errors.Wrapf(err, "failed to checkout remote %s", gs.src.Remote)
+			return nil, errors.Wrapf(err, "failed to checkout remote %s", redactCredentials(gs.src.Remote))
+		}
+		if subdir != "." {
+			d, err := os.Open(filepath.Join(cd, subdir))
+			if err != nil {
+				return nil, errors.Wrapf(err, "failed to open subdir %v", subdir)
+			}
+			defer func() {
+				if d != nil {
+					d.Close()
+				}
+			}()
+			names, err := d.Readdirnames(0)
+			if err != nil {
+				return nil, err
+			}
+			for _, n := range names {
+				if err := os.Rename(filepath.Join(cd, subdir, n), filepath.Join(checkoutDir, n)); err != nil {
+					return nil, err
+				}
+			}
+			if err := d.Close(); err != nil {
+				return nil, err
+			}
+			d = nil // reset defer
+			if err := os.RemoveAll(cd); err != nil {
+				return nil, err
+			}
 		}
 	}
 
-	_, err = gitWithinDir(ctx, gitDir, checkoutDir, "submodule", "update", "--init", "--recursive", "--depth=1")
+	_, err = gitWithinDir(ctx, gitDir, checkoutDir, sock, knownHosts, gs.auth, "submodule", "update", "--init", "--recursive", "--depth=1")
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to update submodules for %s", gs.src.Remote)
+		return nil, errors.Wrapf(err, "failed to update submodules for %s", redactCredentials(gs.src.Remote))
+	}
+
+	if idmap := mount.IdentityMapping(); idmap != nil {
+		u := idmap.RootPair()
+		err := filepath.Walk(gitDir, func(p string, f os.FileInfo, err error) error {
+			return os.Lchown(p, u.UID, u.GID)
+		})
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to remap git checkout")
+		}
 	}
 
 	lm.Unmount()
@@ -345,10 +594,11 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context) (out cache.ImmutableRe
 
 	si, _ := gs.md.Get(snap.ID())
 	v, err := metadata.NewValue(snapshotKey)
-	v.Index = snapshotKey
 	if err != nil {
 		return nil, err
 	}
+	v.Index = snapshotKey
+
 	if err := si.Update(func(b *bolt.Bucket) error {
 		return si.SetValue(b, "git-snapshot", v)
 	}); err != nil {
@@ -362,15 +612,25 @@ func isCommitSHA(str string) bool {
 	return validHex.MatchString(str)
 }
 
-func gitWithinDir(ctx context.Context, gitDir, workDir string, args ...string) (*bytes.Buffer, error) {
-	a := []string{"--git-dir", gitDir}
+func gitWithinDir(ctx context.Context, gitDir, workDir, sshAuthSock, knownHosts string, auth []string, args ...string) (*bytes.Buffer, error) {
+	a := append([]string{"--git-dir", gitDir}, auth...)
 	if workDir != "" {
 		a = append(a, "--work-tree", workDir)
 	}
-	return git(ctx, workDir, append(a, args...)...)
+	return git(ctx, workDir, sshAuthSock, knownHosts, append(a, args...)...)
+}
+
+func getGitSSHCommand(knownHosts string) string {
+	gitSSHCommand := "ssh -F /dev/null"
+	if knownHosts != "" {
+		gitSSHCommand += " -o UserKnownHostsFile=" + knownHosts
+	} else {
+		gitSSHCommand += " -o StrictHostKeyChecking=no"
+	}
+	return gitSSHCommand
 }
 
-func git(ctx context.Context, dir string, args ...string) (*bytes.Buffer, error) {
+func git(ctx context.Context, dir, sshAuthSock, knownHosts string, args ...string) (*bytes.Buffer, error) {
 	for {
 		stdout, stderr := logs.NewLogStreams(ctx, false)
 		defer stdout.Close()
@@ -379,8 +639,18 @@ func git(ctx context.Context, dir string, args ...string) (*bytes.Buffer, error)
 		cmd.Dir = dir // some commands like submodule require this
 		buf := bytes.NewBuffer(nil)
 		errbuf := bytes.NewBuffer(nil)
+		cmd.Stdin = nil
 		cmd.Stdout = io.MultiWriter(stdout, buf)
 		cmd.Stderr = io.MultiWriter(stderr, errbuf)
+		cmd.Env = []string{
+			"PATH=" + os.Getenv("PATH"),
+			"GIT_TERMINAL_PROMPT=0",
+			"GIT_SSH_COMMAND=" + getGitSSHCommand(knownHosts),
+			//	"GIT_TRACE=1",
+		}
+		if sshAuthSock != "" {
+			cmd.Env = append(cmd.Env, "SSH_AUTH_SOCK="+sshAuthSock)
+		}
 		// remote git commands spawn helper processes that inherit FDs and don't
 		// handle parent death signal so exec.CommandContext can't be used
 		err := runProcessGroup(ctx, cmd)
@@ -405,3 +675,14 @@ func argsNoDepth(args []string) []string {
 	}
 	return out
 }
+
+func tokenScope(remote string) string {
+	// generally we can only use the token for fetching main remote but in case of github.com we do best effort
+	// to try reuse same token for all github.com remotes. This is the same behavior actions/checkout uses
+	for _, pfx := range []string{"https://github.com/", "https://www.github.com/"} {
+		if strings.HasPrefix(remote, pfx) {
+			return pfx
+		}
+	}
+	return remote
+}
diff --git a/vendor/github.com/moby/buildkit/source/git/gitsource_unix.go b/vendor/github.com/moby/buildkit/source/git/gitsource_unix.go
index 4d0e9d89d20a9..5d35dd9cb0d6c 100644
--- a/vendor/github.com/moby/buildkit/source/git/gitsource_unix.go
+++ b/vendor/github.com/moby/buildkit/source/git/gitsource_unix.go
@@ -6,6 +6,7 @@ import (
 	"context"
 	"os/exec"
 	"syscall"
+	"time"
 )
 
 func runProcessGroup(ctx context.Context, cmd *exec.Cmd) error {
@@ -17,7 +18,14 @@ func runProcessGroup(ctx context.Context, cmd *exec.Cmd) error {
 	go func() {
 		select {
 		case <-ctx.Done():
-			syscall.Kill(-cmd.Process.Pid, syscall.SIGKILL)
+			syscall.Kill(-cmd.Process.Pid, syscall.SIGTERM)
+			go func() {
+				select {
+				case <-waitDone:
+				case <-time.After(10 * time.Second):
+					syscall.Kill(-cmd.Process.Pid, syscall.SIGKILL)
+				}
+			}()
 		case <-waitDone:
 		}
 	}()
diff --git a/vendor/github.com/moby/buildkit/source/git/redact_credentials.go b/vendor/github.com/moby/buildkit/source/git/redact_credentials.go
new file mode 100644
index 0000000000000..e59324d7e06e8
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/source/git/redact_credentials.go
@@ -0,0 +1,17 @@
+// +build go1.15
+
+package git
+
+import "net/url"
+
+// redactCredentials takes a URL and redacts a password from it.
+// e.g. "https://user:password@github.com/user/private-repo-failure.git" will be changed to
+// "https://user:xxxxx@github.com/user/private-repo-failure.git"
+func redactCredentials(s string) string {
+	u, err := url.Parse(s)
+	if err != nil {
+		return s // string is not a URL, just return it
+	}
+
+	return u.Redacted()
+}
diff --git a/vendor/github.com/moby/buildkit/source/git/redact_credentials_go114.go b/vendor/github.com/moby/buildkit/source/git/redact_credentials_go114.go
new file mode 100644
index 0000000000000..b2aa31404279b
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/source/git/redact_credentials_go114.go
@@ -0,0 +1,30 @@
+// +build !go1.15
+
+package git
+
+import "net/url"
+
+// redactCredentials takes a URL and redacts a password from it.
+// e.g. "https://user:password@github.com/user/private-repo-failure.git" will be changed to
+// "https://user:xxxxx@github.com/user/private-repo-failure.git"
+func redactCredentials(s string) string {
+	u, err := url.Parse(s)
+	if err != nil {
+		return s // string is not a URL, just return it
+	}
+
+	return urlRedacted(u)
+}
+
+// urlRedacted comes from go's url.Redacted() which isn't available on go < 1.15
+func urlRedacted(u *url.URL) string {
+	if u == nil {
+		return ""
+	}
+
+	ru := *u
+	if _, has := ru.User.Password(); has {
+		ru.User = url.UserPassword(ru.User.Username(), "xxxxx")
+	}
+	return ru.String()
+}
diff --git a/vendor/github.com/moby/buildkit/source/gitidentifier.go b/vendor/github.com/moby/buildkit/source/gitidentifier.go
index 9f338343bf9ac..1547c713768d5 100644
--- a/vendor/github.com/moby/buildkit/source/gitidentifier.go
+++ b/vendor/github.com/moby/buildkit/source/gitidentifier.go
@@ -2,16 +2,21 @@ package source
 
 import (
 	"net/url"
+	"path"
 	"strings"
 
-	"github.com/pkg/errors"
+	"github.com/moby/buildkit/util/sshutil"
 )
 
 type GitIdentifier struct {
-	Remote     string
-	Ref        string
-	Subdir     string
-	KeepGitDir bool
+	Remote           string
+	Ref              string
+	Subdir           string
+	KeepGitDir       bool
+	AuthTokenSecret  string
+	AuthHeaderSecret string
+	MountSSHSock     string
+	KnownSSHHosts    string
 }
 
 func NewGitIdentifier(remoteURL string) (*GitIdentifier, error) {
@@ -22,8 +27,8 @@ func NewGitIdentifier(remoteURL string) (*GitIdentifier, error) {
 	}
 
 	var fragment string
-	if strings.HasPrefix(remoteURL, "git@") {
-		// git@.. is not an URL, so cannot be parsed as URL
+	if sshutil.IsImplicitSSHTransport(remoteURL) {
+		// implicit ssh urls such as "git@.." are not actually a URL, so cannot be parsed as URL
 		parts := strings.SplitN(remoteURL, "#", 2)
 
 		repo.Remote = parts[0]
@@ -41,8 +46,8 @@ func NewGitIdentifier(remoteURL string) (*GitIdentifier, error) {
 		u.Fragment = ""
 		repo.Remote = u.String()
 	}
-	if repo.Subdir != "" {
-		return nil, errors.Errorf("subdir not supported yet")
+	if sd := path.Clean(repo.Subdir); sd == "/" || sd == "." {
+		repo.Subdir = ""
 	}
 	return &repo, nil
 }
@@ -54,7 +59,7 @@ func (i *GitIdentifier) ID() string {
 // isGitTransport returns true if the provided str is a git transport by inspecting
 // the prefix of the string for known protocols used in git.
 func isGitTransport(str string) bool {
-	return strings.HasPrefix(str, "http://") || strings.HasPrefix(str, "https://") || strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "git@")
+	return strings.HasPrefix(str, "http://") || strings.HasPrefix(str, "https://") || strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "ssh://") || sshutil.IsImplicitSSHTransport(str)
 }
 
 func getRefAndSubdir(fragment string) (ref string, subdir string) {
diff --git a/vendor/github.com/moby/buildkit/source/http/httpsource.go b/vendor/github.com/moby/buildkit/source/http/httpsource.go
index 39939128cd9e6..dd9c12763bfe9 100644
--- a/vendor/github.com/moby/buildkit/source/http/httpsource.go
+++ b/vendor/github.com/moby/buildkit/source/http/httpsource.go
@@ -15,12 +15,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/locker"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/metadata"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/source"
 	"github.com/moby/buildkit/util/tracing"
+	"github.com/moby/locker"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	bolt "go.etcd.io/bbolt"
@@ -33,10 +36,10 @@ type Opt struct {
 }
 
 type httpSource struct {
-	md     *metadata.Store
-	cache  cache.Accessor
-	locker *locker.Locker
-	client *http.Client
+	md        *metadata.Store
+	cache     cache.Accessor
+	locker    *locker.Locker
+	transport http.RoundTripper
 }
 
 func NewSource(opt Opt) (source.Source, error) {
@@ -45,29 +48,28 @@ func NewSource(opt Opt) (source.Source, error) {
 		transport = tracing.DefaultTransport
 	}
 	hs := &httpSource{
-		md:     opt.MetadataStore,
-		cache:  opt.CacheAccessor,
-		locker: locker.New(),
-		client: &http.Client{
-			Transport: transport,
-		},
+		md:        opt.MetadataStore,
+		cache:     opt.CacheAccessor,
+		locker:    locker.New(),
+		transport: transport,
 	}
 	return hs, nil
 }
 
 func (hs *httpSource) ID() string {
-	return source.HttpsScheme
+	return source.HTTPSScheme
 }
 
 type httpSourceHandler struct {
 	*httpSource
-	src      source.HttpIdentifier
+	src      source.HTTPIdentifier
 	refID    string
 	cacheKey digest.Digest
+	sm       *session.Manager
 }
 
-func (hs *httpSource) Resolve(ctx context.Context, id source.Identifier) (source.SourceInstance, error) {
-	httpIdentifier, ok := id.(*source.HttpIdentifier)
+func (hs *httpSource) Resolve(ctx context.Context, id source.Identifier, sm *session.Manager, _ solver.Vertex) (source.SourceInstance, error) {
+	httpIdentifier, ok := id.(*source.HTTPIdentifier)
 	if !ok {
 		return nil, errors.Errorf("invalid http identifier %v", id)
 	}
@@ -75,9 +77,14 @@ func (hs *httpSource) Resolve(ctx context.Context, id source.Identifier) (source
 	return &httpSourceHandler{
 		src:        *httpIdentifier,
 		httpSource: hs,
+		sm:         sm,
 	}, nil
 }
 
+func (hs *httpSourceHandler) client(g session.Group) *http.Client {
+	return &http.Client{Transport: newTransport(hs.transport, hs.sm, g)}
+}
+
 // urlHash is internal hash the etag is stored by that doesn't leak outside
 // this package.
 func (hs *httpSourceHandler) urlHash() (digest.Digest, error) {
@@ -116,79 +123,134 @@ func (hs *httpSourceHandler) formatCacheKey(filename string, dgst digest.Digest,
 	return digest.FromBytes(dt)
 }
 
-func (hs *httpSourceHandler) CacheKey(ctx context.Context, index int) (string, bool, error) {
+func (hs *httpSourceHandler) CacheKey(ctx context.Context, g session.Group, index int) (string, solver.CacheOpts, bool, error) {
 	if hs.src.Checksum != "" {
 		hs.cacheKey = hs.src.Checksum
-		return hs.formatCacheKey(getFileName(hs.src.URL, hs.src.Filename, nil), hs.src.Checksum, "").String(), true, nil
+		return hs.formatCacheKey(getFileName(hs.src.URL, hs.src.Filename, nil), hs.src.Checksum, "").String(), nil, true, nil
 	}
 
 	uh, err := hs.urlHash()
 	if err != nil {
-		return "", false, nil
+		return "", nil, false, nil
 	}
 
 	// look up metadata(previously stored headers) for that URL
 	sis, err := hs.md.Search(uh.String())
 	if err != nil {
-		return "", false, errors.Wrapf(err, "failed to search metadata for %s", uh)
+		return "", nil, false, errors.Wrapf(err, "failed to search metadata for %s", uh)
 	}
 
 	req, err := http.NewRequest("GET", hs.src.URL, nil)
 	if err != nil {
-		return "", false, err
+		return "", nil, false, err
 	}
 	req = req.WithContext(ctx)
 	m := map[string]*metadata.StorageItem{}
 
+	// If we request a single ETag in 'If-None-Match', some servers omit the
+	// unambiguous ETag in their response.
+	// See: https://github.com/moby/buildkit/issues/905
+	var onlyETag string
+
 	if len(sis) > 0 {
 		for _, si := range sis {
 			// if metaDigest := getMetaDigest(si); metaDigest == hs.formatCacheKey("") {
 			if etag := getETag(si); etag != "" {
 				if dgst := getChecksum(si); dgst != "" {
 					m[etag] = si
-					req.Header.Add("If-None-Match", etag)
 				}
 			}
 			// }
 		}
+		if len(m) > 0 {
+			etags := make([]string, 0, len(m))
+			for t := range m {
+				etags = append(etags, t)
+			}
+			req.Header.Add("If-None-Match", strings.Join(etags, ", "))
+
+			if len(etags) == 1 {
+				onlyETag = etags[0]
+			}
+		}
 	}
 
-	resp, err := hs.client.Do(req)
+	client := hs.client(g)
+
+	// Some servers seem to have trouble supporting If-None-Match properly even
+	// though they return ETag-s. So first, optionally try a HEAD request with
+	// manual ETag value comparison.
+	if len(m) > 0 {
+		req.Method = "HEAD"
+		resp, err := client.Do(req)
+		if err == nil {
+			if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotModified {
+				respETag := resp.Header.Get("ETag")
+
+				// If a 304 is returned without an ETag and we had only sent one ETag,
+				// the response refers to the ETag we asked about.
+				if respETag == "" && onlyETag != "" && resp.StatusCode == http.StatusNotModified {
+					respETag = onlyETag
+				}
+				si, ok := m[respETag]
+				if ok {
+					hs.refID = si.ID()
+					dgst := getChecksum(si)
+					if dgst != "" {
+						modTime := getModTime(si)
+						resp.Body.Close()
+						return hs.formatCacheKey(getFileName(hs.src.URL, hs.src.Filename, resp), dgst, modTime).String(), nil, true, nil
+					}
+				}
+			}
+			resp.Body.Close()
+		}
+		req.Method = "GET"
+	}
+
+	resp, err := client.Do(req)
 	if err != nil {
-		return "", false, err
+		return "", nil, false, err
 	}
 	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
-		return "", false, errors.Errorf("invalid response status %d", resp.StatusCode)
+		return "", nil, false, errors.Errorf("invalid response status %d", resp.StatusCode)
 	}
 	if resp.StatusCode == http.StatusNotModified {
 		respETag := resp.Header.Get("ETag")
+		if respETag == "" && onlyETag != "" {
+			respETag = onlyETag
+
+			// Set the missing ETag header on the response so that it's available
+			// to .save()
+			resp.Header.Set("ETag", onlyETag)
+		}
 		si, ok := m[respETag]
 		if !ok {
-			return "", false, errors.Errorf("invalid not-modified ETag: %v", respETag)
+			return "", nil, false, errors.Errorf("invalid not-modified ETag: %v", respETag)
 		}
 		hs.refID = si.ID()
 		dgst := getChecksum(si)
 		if dgst == "" {
-			return "", false, errors.Errorf("invalid metadata change")
+			return "", nil, false, errors.Errorf("invalid metadata change")
 		}
 		modTime := getModTime(si)
 		resp.Body.Close()
-		return hs.formatCacheKey(getFileName(hs.src.URL, hs.src.Filename, resp), dgst, modTime).String(), true, nil
+		return hs.formatCacheKey(getFileName(hs.src.URL, hs.src.Filename, resp), dgst, modTime).String(), nil, true, nil
 	}
 
-	ref, dgst, err := hs.save(ctx, resp)
+	ref, dgst, err := hs.save(ctx, resp, g)
 	if err != nil {
-		return "", false, err
+		return "", nil, false, err
 	}
 	ref.Release(context.TODO())
 
 	hs.cacheKey = dgst
 
-	return hs.formatCacheKey(getFileName(hs.src.URL, hs.src.Filename, resp), dgst, resp.Header.Get("Last-Modified")).String(), true, nil
+	return hs.formatCacheKey(getFileName(hs.src.URL, hs.src.Filename, resp), dgst, resp.Header.Get("Last-Modified")).String(), nil, true, nil
 }
 
-func (hs *httpSourceHandler) save(ctx context.Context, resp *http.Response) (ref cache.ImmutableRef, dgst digest.Digest, retErr error) {
-	newRef, err := hs.cache.New(ctx, nil, cache.CachePolicyRetain, cache.WithDescription(fmt.Sprintf("http url %s", hs.src.URL)))
+func (hs *httpSourceHandler) save(ctx context.Context, resp *http.Response, s session.Group) (ref cache.ImmutableRef, dgst digest.Digest, retErr error) {
+	newRef, err := hs.cache.New(ctx, nil, s, cache.CachePolicyRetain, cache.WithDescription(fmt.Sprintf("http url %s", hs.src.URL)))
 	if err != nil {
 		return nil, "", err
 	}
@@ -203,7 +265,7 @@ func (hs *httpSourceHandler) save(ctx context.Context, resp *http.Response) (ref
 		}
 	}()
 
-	mount, err := newRef.Mount(ctx, false)
+	mount, err := newRef.Mount(ctx, false, s)
 	if err != nil {
 		return nil, "", err
 	}
@@ -246,8 +308,22 @@ func (hs *httpSourceHandler) save(ctx context.Context, resp *http.Response) (ref
 	}
 	f = nil
 
-	if hs.src.UID != 0 || hs.src.GID != 0 {
-		if err := os.Chown(fp, hs.src.UID, hs.src.GID); err != nil {
+	uid := hs.src.UID
+	gid := hs.src.GID
+	if idmap := mount.IdentityMapping(); idmap != nil {
+		identity, err := idmap.ToHost(idtools.Identity{
+			UID: int(uid),
+			GID: int(gid),
+		})
+		if err != nil {
+			return nil, "", err
+		}
+		uid = identity.UID
+		gid = identity.GID
+	}
+
+	if gid != 0 || uid != 0 {
+		if err := os.Chown(fp, uid, gid); err != nil {
 			return nil, "", err
 		}
 	}
@@ -295,7 +371,7 @@ func (hs *httpSourceHandler) save(ctx context.Context, resp *http.Response) (ref
 	return ref, dgst, nil
 }
 
-func (hs *httpSourceHandler) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
+func (hs *httpSourceHandler) Snapshot(ctx context.Context, g session.Group) (cache.ImmutableRef, error) {
 	if hs.refID != "" {
 		ref, err := hs.cache.Get(ctx, hs.refID)
 		if err == nil {
@@ -309,12 +385,14 @@ func (hs *httpSourceHandler) Snapshot(ctx context.Context) (cache.ImmutableRef,
 	}
 	req = req.WithContext(ctx)
 
-	resp, err := hs.client.Do(req)
+	client := hs.client(g)
+
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
 	}
 
-	ref, dgst, err := hs.save(ctx, resp)
+	ref, dgst, err := hs.save(ctx, resp, g)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/moby/buildkit/source/http/transport.go b/vendor/github.com/moby/buildkit/source/http/transport.go
new file mode 100644
index 0000000000000..e511e8634fb61
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/source/http/transport.go
@@ -0,0 +1,58 @@
+package http
+
+import (
+	"context"
+	"io"
+	"net/http"
+
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/upload"
+	"github.com/pkg/errors"
+)
+
+func newTransport(rt http.RoundTripper, sm *session.Manager, g session.Group) http.RoundTripper {
+	return &sessionHandler{rt: rt, sm: sm, g: g}
+}
+
+type sessionHandler struct {
+	sm *session.Manager
+	rt http.RoundTripper
+	g  session.Group
+}
+
+func (h *sessionHandler) RoundTrip(req *http.Request) (*http.Response, error) {
+	if req.URL.Host != "buildkit-session" {
+		return h.rt.RoundTrip(req)
+	}
+
+	if req.Method != "GET" {
+		return nil, errors.Errorf("invalid request")
+	}
+
+	var resp *http.Response
+	err := h.sm.Any(context.TODO(), h.g, func(ctx context.Context, _ string, caller session.Caller) error {
+		up, err := upload.New(context.TODO(), caller, req.URL)
+		if err != nil {
+			return err
+		}
+
+		pr, pw := io.Pipe()
+		go func() {
+			_, err := up.WriteTo(pw)
+			pw.CloseWithError(err)
+		}()
+
+		resp = &http.Response{
+			Status:        "200 OK",
+			StatusCode:    200,
+			Body:          pr,
+			ContentLength: -1,
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/moby/buildkit/source/identifier.go b/vendor/github.com/moby/buildkit/source/identifier.go
index 2a8611098ecfc..4c1251fc709bf 100644
--- a/vendor/github.com/moby/buildkit/source/identifier.go
+++ b/vendor/github.com/moby/buildkit/source/identifier.go
@@ -30,8 +30,8 @@ const (
 	DockerImageScheme = "docker-image"
 	GitScheme         = "git"
 	LocalScheme       = "local"
-	HttpScheme        = "http"
-	HttpsScheme       = "https"
+	HTTPScheme        = "http"
+	HTTPSScheme       = "https"
 )
 
 type Identifier interface {
@@ -52,10 +52,10 @@ func FromString(s string) (Identifier, error) {
 		return NewGitIdentifier(parts[1])
 	case LocalScheme:
 		return NewLocalIdentifier(parts[1])
-	case HttpsScheme:
-		return NewHttpIdentifier(parts[1], true)
-	case HttpScheme:
-		return NewHttpIdentifier(parts[1], false)
+	case HTTPSScheme:
+		return NewHTTPIdentifier(parts[1], true)
+	case HTTPScheme:
+		return NewHTTPIdentifier(parts[1], false)
 	default:
 		return nil, errors.Wrapf(errNotFound, "unknown schema %s", parts[0])
 	}
@@ -102,7 +102,18 @@ func FromLLB(op *pb.Op_Source, platform *pb.Platform) (Identifier, error) {
 					id.KeepGitDir = true
 				}
 			case pb.AttrFullRemoteURL:
+				if !isGitTransport(v) {
+					v = "https://" + v
+				}
 				id.Remote = v
+			case pb.AttrAuthHeaderSecret:
+				id.AuthHeaderSecret = v
+			case pb.AttrAuthTokenSecret:
+				id.AuthTokenSecret = v
+			case pb.AttrKnownSSHHosts:
+				id.KnownSSHHosts = v
+			case pb.AttrMountSSHSock:
+				id.MountSSHSock = v
 			}
 		}
 	}
@@ -138,7 +149,7 @@ func FromLLB(op *pb.Op_Source, platform *pb.Platform) (Identifier, error) {
 			}
 		}
 	}
-	if id, ok := id.(*HttpIdentifier); ok {
+	if id, ok := id.(*HTTPIdentifier); ok {
 		for k, v := range op.Source.Attrs {
 			switch k {
 			case pb.AttrHTTPChecksum:
@@ -192,7 +203,7 @@ func NewImageIdentifier(str string) (*ImageIdentifier, error) {
 	return &ImageIdentifier{Reference: ref}, nil
 }
 
-func (_ *ImageIdentifier) ID() string {
+func (*ImageIdentifier) ID() string {
 	return DockerImageScheme
 }
 
@@ -213,15 +224,15 @@ func (*LocalIdentifier) ID() string {
 	return LocalScheme
 }
 
-func NewHttpIdentifier(str string, tls bool) (*HttpIdentifier, error) {
+func NewHTTPIdentifier(str string, tls bool) (*HTTPIdentifier, error) {
 	proto := "https://"
 	if !tls {
 		proto = "http://"
 	}
-	return &HttpIdentifier{TLS: tls, URL: proto + str}, nil
+	return &HTTPIdentifier{TLS: tls, URL: proto + str}, nil
 }
 
-type HttpIdentifier struct {
+type HTTPIdentifier struct {
 	TLS      bool
 	URL      string
 	Checksum digest.Digest
@@ -231,8 +242,8 @@ type HttpIdentifier struct {
 	GID      int
 }
 
-func (_ *HttpIdentifier) ID() string {
-	return HttpsScheme
+func (*HTTPIdentifier) ID() string {
+	return HTTPSScheme
 }
 
 func (r ResolveMode) String() string {
diff --git a/vendor/github.com/moby/buildkit/source/local/local.go b/vendor/github.com/moby/buildkit/source/local/local.go
index 8ffe0c09ed361..3d385ab18fd65 100644
--- a/vendor/github.com/moby/buildkit/source/local/local.go
+++ b/vendor/github.com/moby/buildkit/source/local/local.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/contenthash"
 	"github.com/moby/buildkit/cache/metadata"
@@ -13,12 +14,14 @@ import (
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/session/filesync"
 	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/source"
 	"github.com/moby/buildkit/util/progress"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/tonistiigi/fsutil"
+	fstypes "github.com/tonistiigi/fsutil/types"
 	bolt "go.etcd.io/bbolt"
 	"golang.org/x/time/rate"
 	"google.golang.org/grpc/codes"
@@ -28,14 +31,12 @@ import (
 const keySharedKey = "local.sharedKey"
 
 type Opt struct {
-	SessionManager *session.Manager
-	CacheAccessor  cache.Accessor
-	MetadataStore  *metadata.Store
+	CacheAccessor cache.Accessor
+	MetadataStore *metadata.Store
 }
 
 func NewSource(opt Opt) (source.Source, error) {
 	ls := &localSource{
-		sm: opt.SessionManager,
 		cm: opt.CacheAccessor,
 		md: opt.MetadataStore,
 	}
@@ -43,7 +44,6 @@ func NewSource(opt Opt) (source.Source, error) {
 }
 
 type localSource struct {
-	sm *session.Manager
 	cm cache.Accessor
 	md *metadata.Store
 }
@@ -52,7 +52,7 @@ func (ls *localSource) ID() string {
 	return source.LocalScheme
 }
 
-func (ls *localSource) Resolve(ctx context.Context, id source.Identifier) (source.SourceInstance, error) {
+func (ls *localSource) Resolve(ctx context.Context, id source.Identifier, sm *session.Manager, _ solver.Vertex) (source.SourceInstance, error) {
 	localIdentifier, ok := id.(*source.LocalIdentifier)
 	if !ok {
 		return nil, errors.Errorf("invalid local identifier %v", id)
@@ -60,22 +60,24 @@ func (ls *localSource) Resolve(ctx context.Context, id source.Identifier) (sourc
 
 	return &localSourceHandler{
 		src:         *localIdentifier,
+		sm:          sm,
 		localSource: ls,
 	}, nil
 }
 
 type localSourceHandler struct {
 	src source.LocalIdentifier
+	sm  *session.Manager
 	*localSource
 }
 
-func (ls *localSourceHandler) CacheKey(ctx context.Context, index int) (string, bool, error) {
+func (ls *localSourceHandler) CacheKey(ctx context.Context, g session.Group, index int) (string, solver.CacheOpts, bool, error) {
 	sessionID := ls.src.SessionID
 
 	if sessionID == "" {
-		id := session.FromContext(ctx)
+		id := g.SessionIterator().NextSession()
 		if id == "" {
-			return "", false, errors.New("could not access local files without session")
+			return "", nil, false, errors.New("could not access local files without session")
 		}
 		sessionID = id
 	}
@@ -86,26 +88,28 @@ func (ls *localSourceHandler) CacheKey(ctx context.Context, index int) (string,
 		FollowPaths     []string
 	}{SessionID: sessionID, IncludePatterns: ls.src.IncludePatterns, ExcludePatterns: ls.src.ExcludePatterns, FollowPaths: ls.src.FollowPaths})
 	if err != nil {
-		return "", false, err
+		return "", nil, false, err
 	}
-	return "session:" + ls.src.Name + ":" + digest.FromBytes(dt).String(), true, nil
+	return "session:" + ls.src.Name + ":" + digest.FromBytes(dt).String(), nil, true, nil
 }
 
-func (ls *localSourceHandler) Snapshot(ctx context.Context) (out cache.ImmutableRef, retErr error) {
-
-	id := session.FromContext(ctx)
-	if id == "" {
-		return nil, errors.New("could not access local files without session")
-	}
-
-	timeoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
-	defer cancel()
-
-	caller, err := ls.sm.Get(timeoutCtx, id)
+func (ls *localSourceHandler) Snapshot(ctx context.Context, g session.Group) (cache.ImmutableRef, error) {
+	var ref cache.ImmutableRef
+	err := ls.sm.Any(ctx, g, func(ctx context.Context, _ string, c session.Caller) error {
+		r, err := ls.snapshot(ctx, g, c)
+		if err != nil {
+			return err
+		}
+		ref = r
+		return nil
+	})
 	if err != nil {
 		return nil, err
 	}
+	return ref, nil
+}
 
+func (ls *localSourceHandler) snapshot(ctx context.Context, s session.Group, caller session.Caller) (out cache.ImmutableRef, retErr error) {
 	sharedKey := keySharedKey + ":" + ls.src.Name + ":" + ls.src.SharedKeyHint + ":" + caller.SharedKey() // TODO: replace caller.SharedKey() with source based hint from client(absolute-path+nodeid)
 
 	var mutable cache.MutableRef
@@ -122,7 +126,7 @@ func (ls *localSourceHandler) Snapshot(ctx context.Context) (out cache.Immutable
 	}
 
 	if mutable == nil {
-		m, err := ls.cm.New(ctx, nil, cache.CachePolicyRetain, cache.WithRecordType(client.UsageRecordTypeLocalSource), cache.WithDescription(fmt.Sprintf("local source for %s", ls.src.Name)))
+		m, err := ls.cm.New(ctx, nil, s, cache.CachePolicyRetain, cache.WithRecordType(client.UsageRecordTypeLocalSource), cache.WithDescription(fmt.Sprintf("local source for %s", ls.src.Name)))
 		if err != nil {
 			return nil, err
 		}
@@ -132,11 +136,17 @@ func (ls *localSourceHandler) Snapshot(ctx context.Context) (out cache.Immutable
 
 	defer func() {
 		if retErr != nil && mutable != nil {
+			// on error remove the record as checksum update is in undefined state
+			cache.CachePolicyDefault(mutable)
+			if err := mutable.Metadata().Commit(); err != nil {
+				logrus.Errorf("failed to reset mutable cachepolicy: %v", err)
+			}
+			contenthash.ClearCacheContext(mutable.Metadata())
 			go mutable.Release(context.TODO())
 		}
 	}()
 
-	mount, err := mutable.Mount(ctx, false)
+	mount, err := mutable.Mount(ctx, false, s)
 	if err != nil {
 		return nil, err
 	}
@@ -154,7 +164,7 @@ func (ls *localSourceHandler) Snapshot(ctx context.Context) (out cache.Immutable
 		}
 	}()
 
-	cc, err := contenthash.GetCacheContext(ctx, mutable.Metadata())
+	cc, err := contenthash.GetCacheContext(ctx, mutable.Metadata(), mount.IdentityMapping())
 	if err != nil {
 		return nil, err
 	}
@@ -166,10 +176,25 @@ func (ls *localSourceHandler) Snapshot(ctx context.Context) (out cache.Immutable
 		FollowPaths:      ls.src.FollowPaths,
 		OverrideExcludes: false,
 		DestDir:          dest,
-		CacheUpdater:     &cacheUpdater{cc},
+		CacheUpdater:     &cacheUpdater{cc, mount.IdentityMapping()},
 		ProgressCb:       newProgressHandler(ctx, "transferring "+ls.src.Name+":"),
 	}
 
+	if idmap := mount.IdentityMapping(); idmap != nil {
+		opt.Filter = func(p string, stat *fstypes.Stat) bool {
+			identity, err := idmap.ToHost(idtools.Identity{
+				UID: int(stat.Uid),
+				GID: int(stat.Gid),
+			})
+			if err != nil {
+				return false
+			}
+			stat.Uid = uint32(identity.UID)
+			stat.Gid = uint32(identity.GID)
+			return true
+		}
+	}
+
 	if err := filesync.FSSync(ctx, caller, opt); err != nil {
 		if status.Code(err) == codes.NotFound {
 			return nil, errors.Errorf("local source %s not enabled from the client", ls.src.Name)
@@ -246,6 +271,7 @@ func newProgressHandler(ctx context.Context, id string) func(int, bool) {
 
 type cacheUpdater struct {
 	contenthash.CacheContext
+	idmap *idtools.IdentityMapping
 }
 
 func (cu *cacheUpdater) MarkSupported(bool) {
diff --git a/vendor/github.com/moby/buildkit/source/manager.go b/vendor/github.com/moby/buildkit/source/manager.go
index e520b6c77c3d6..aba45bffe13e9 100644
--- a/vendor/github.com/moby/buildkit/source/manager.go
+++ b/vendor/github.com/moby/buildkit/source/manager.go
@@ -5,17 +5,19 @@ import (
 	"sync"
 
 	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/solver"
 	"github.com/pkg/errors"
 )
 
 type Source interface {
 	ID() string
-	Resolve(ctx context.Context, id Identifier) (SourceInstance, error)
+	Resolve(ctx context.Context, id Identifier, sm *session.Manager, vtx solver.Vertex) (SourceInstance, error)
 }
 
 type SourceInstance interface {
-	CacheKey(ctx context.Context, index int) (string, bool, error)
-	Snapshot(ctx context.Context) (cache.ImmutableRef, error)
+	CacheKey(ctx context.Context, g session.Group, index int) (string, solver.CacheOpts, bool, error)
+	Snapshot(ctx context.Context, g session.Group) (cache.ImmutableRef, error)
 }
 
 type Manager struct {
@@ -35,7 +37,7 @@ func (sm *Manager) Register(src Source) {
 	sm.mu.Unlock()
 }
 
-func (sm *Manager) Resolve(ctx context.Context, id Identifier) (SourceInstance, error) {
+func (sm *Manager) Resolve(ctx context.Context, id Identifier, sessM *session.Manager, vtx solver.Vertex) (SourceInstance, error) {
 	sm.mu.Lock()
 	src, ok := sm.sources[id.ID()]
 	sm.mu.Unlock()
@@ -44,5 +46,5 @@ func (sm *Manager) Resolve(ctx context.Context, id Identifier) (SourceInstance,
 		return nil, errors.Errorf("no handler for %s", id.ID())
 	}
 
-	return src.Resolve(ctx, id)
+	return src.Resolve(ctx, id, sessM, vtx)
 }
diff --git a/vendor/github.com/moby/buildkit/util/apicaps/caps.go b/vendor/github.com/moby/buildkit/util/apicaps/caps.go
index 9a661b50c96e4..84a76a81f0b22 100644
--- a/vendor/github.com/moby/buildkit/util/apicaps/caps.go
+++ b/vendor/github.com/moby/buildkit/util/apicaps/caps.go
@@ -122,6 +122,13 @@ func (s *CapSet) Supports(id CapID) error {
 	return nil
 }
 
+// Contains checks if cap set contains cap. Note that unlike Supports() this
+// function only checks capability existence in remote set, not if cap has been initialized.
+func (s *CapSet) Contains(id CapID) bool {
+	_, ok := s.set[string(id)]
+	return ok
+}
+
 // CapError is an error for unsupported capability
 type CapError struct {
 	ID         CapID
diff --git a/vendor/github.com/moby/buildkit/util/apicaps/pb/caps.pb.go b/vendor/github.com/moby/buildkit/util/apicaps/pb/caps.pb.go
index 9d4d48802427b..e5768d3751f71 100644
--- a/vendor/github.com/moby/buildkit/util/apicaps/pb/caps.pb.go
+++ b/vendor/github.com/moby/buildkit/util/apicaps/pb/caps.pb.go
@@ -1,23 +1,16 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: caps.proto
 
-/*
-	Package moby_buildkit_v1_apicaps is a generated protocol buffer package.
-
-	It is generated from these files:
-		caps.proto
-
-	It has these top-level messages:
-		APICap
-*/
 package moby_buildkit_v1_apicaps
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/gogo/protobuf/gogoproto"
-
-import io "io"
+import (
+	fmt "fmt"
+	_ "github.com/gogo/protobuf/gogoproto"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -28,22 +21,53 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 // APICap defines a capability supported by the service
 type APICap struct {
-	ID                  string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
-	Enabled             bool   `protobuf:"varint,2,opt,name=Enabled,proto3" json:"Enabled,omitempty"`
-	Deprecated          bool   `protobuf:"varint,3,opt,name=Deprecated,proto3" json:"Deprecated,omitempty"`
-	DisabledReason      string `protobuf:"bytes,4,opt,name=DisabledReason,proto3" json:"DisabledReason,omitempty"`
-	DisabledReasonMsg   string `protobuf:"bytes,5,opt,name=DisabledReasonMsg,proto3" json:"DisabledReasonMsg,omitempty"`
-	DisabledAlternative string `protobuf:"bytes,6,opt,name=DisabledAlternative,proto3" json:"DisabledAlternative,omitempty"`
+	ID                   string   `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
+	Enabled              bool     `protobuf:"varint,2,opt,name=Enabled,proto3" json:"Enabled,omitempty"`
+	Deprecated           bool     `protobuf:"varint,3,opt,name=Deprecated,proto3" json:"Deprecated,omitempty"`
+	DisabledReason       string   `protobuf:"bytes,4,opt,name=DisabledReason,proto3" json:"DisabledReason,omitempty"`
+	DisabledReasonMsg    string   `protobuf:"bytes,5,opt,name=DisabledReasonMsg,proto3" json:"DisabledReasonMsg,omitempty"`
+	DisabledAlternative  string   `protobuf:"bytes,6,opt,name=DisabledAlternative,proto3" json:"DisabledAlternative,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *APICap) Reset()         { *m = APICap{} }
+func (m *APICap) String() string { return proto.CompactTextString(m) }
+func (*APICap) ProtoMessage()    {}
+func (*APICap) Descriptor() ([]byte, []int) {
+	return fileDescriptor_e19c39d9fcb89b83, []int{0}
+}
+func (m *APICap) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *APICap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_APICap.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *APICap) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_APICap.Merge(m, src)
+}
+func (m *APICap) XXX_Size() int {
+	return m.Size()
+}
+func (m *APICap) XXX_DiscardUnknown() {
+	xxx_messageInfo_APICap.DiscardUnknown(m)
 }
 
-func (m *APICap) Reset()                    { *m = APICap{} }
-func (m *APICap) String() string            { return proto.CompactTextString(m) }
-func (*APICap) ProtoMessage()               {}
-func (*APICap) Descriptor() ([]byte, []int) { return fileDescriptorCaps, []int{0} }
+var xxx_messageInfo_APICap proto.InternalMessageInfo
 
 func (m *APICap) GetID() string {
 	if m != nil {
@@ -90,10 +114,32 @@ func (m *APICap) GetDisabledAlternative() string {
 func init() {
 	proto.RegisterType((*APICap)(nil), "moby.buildkit.v1.apicaps.APICap")
 }
+
+func init() { proto.RegisterFile("caps.proto", fileDescriptor_e19c39d9fcb89b83) }
+
+var fileDescriptor_e19c39d9fcb89b83 = []byte{
+	// 236 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4a, 0x4e, 0x2c, 0x28,
+	0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x92, 0xc8, 0xcd, 0x4f, 0xaa, 0xd4, 0x4b, 0x2a, 0xcd,
+	0xcc, 0x49, 0xc9, 0xce, 0x2c, 0xd1, 0x2b, 0x33, 0xd4, 0x4b, 0x2c, 0xc8, 0x04, 0xc9, 0x4b, 0xe9,
+	0xa6, 0x67, 0x96, 0x64, 0x94, 0x26, 0xe9, 0x25, 0xe7, 0xe7, 0xea, 0xa7, 0xe7, 0xa7, 0xe7, 0xeb,
+	0x83, 0x35, 0x24, 0x95, 0xa6, 0x81, 0x79, 0x60, 0x0e, 0x98, 0x05, 0x31, 0x48, 0xe9, 0x16, 0x23,
+	0x17, 0x9b, 0x63, 0x80, 0xa7, 0x73, 0x62, 0x81, 0x10, 0x1f, 0x17, 0x93, 0xa7, 0x8b, 0x04, 0xa3,
+	0x02, 0xa3, 0x06, 0x67, 0x10, 0x93, 0xa7, 0x8b, 0x90, 0x04, 0x17, 0xbb, 0x6b, 0x5e, 0x62, 0x52,
+	0x4e, 0x6a, 0x8a, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x47, 0x10, 0x8c, 0x2b, 0x24, 0xc7, 0xc5, 0xe5,
+	0x92, 0x5a, 0x50, 0x94, 0x9a, 0x9c, 0x58, 0x92, 0x9a, 0x22, 0xc1, 0x0c, 0x96, 0x44, 0x12, 0x11,
+	0x52, 0xe3, 0xe2, 0x73, 0xc9, 0x2c, 0x06, 0xab, 0x0d, 0x4a, 0x4d, 0x2c, 0xce, 0xcf, 0x93, 0x60,
+	0x01, 0x9b, 0x8a, 0x26, 0x2a, 0xa4, 0xc3, 0x25, 0x88, 0x2a, 0xe2, 0x5b, 0x9c, 0x2e, 0xc1, 0x0a,
+	0x56, 0x8a, 0x29, 0x21, 0x64, 0xc0, 0x25, 0x0c, 0x13, 0x74, 0xcc, 0x29, 0x49, 0x2d, 0xca, 0x4b,
+	0x2c, 0xc9, 0x2c, 0x4b, 0x95, 0x60, 0x03, 0xab, 0xc7, 0x26, 0xe5, 0xc4, 0x73, 0xe2, 0x91, 0x1c,
+	0xe3, 0x85, 0x47, 0x72, 0x8c, 0x0f, 0x1e, 0xc9, 0x31, 0x26, 0xb1, 0x81, 0x7d, 0x6c, 0x0c, 0x08,
+	0x00, 0x00, 0xff, 0xff, 0x02, 0x2d, 0x9e, 0x91, 0x48, 0x01, 0x00, 0x00,
+}
+
 func (m *APICap) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -101,67 +147,85 @@ func (m *APICap) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *APICap) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *APICap) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ID) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintCaps(dAtA, i, uint64(len(m.ID)))
-		i += copy(dAtA[i:], m.ID)
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.Enabled {
-		dAtA[i] = 0x10
-		i++
-		if m.Enabled {
+	if len(m.DisabledAlternative) > 0 {
+		i -= len(m.DisabledAlternative)
+		copy(dAtA[i:], m.DisabledAlternative)
+		i = encodeVarintCaps(dAtA, i, uint64(len(m.DisabledAlternative)))
+		i--
+		dAtA[i] = 0x32
+	}
+	if len(m.DisabledReasonMsg) > 0 {
+		i -= len(m.DisabledReasonMsg)
+		copy(dAtA[i:], m.DisabledReasonMsg)
+		i = encodeVarintCaps(dAtA, i, uint64(len(m.DisabledReasonMsg)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if len(m.DisabledReason) > 0 {
+		i -= len(m.DisabledReason)
+		copy(dAtA[i:], m.DisabledReason)
+		i = encodeVarintCaps(dAtA, i, uint64(len(m.DisabledReason)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.Deprecated {
+		i--
+		if m.Deprecated {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if m.Deprecated {
+		i--
 		dAtA[i] = 0x18
-		i++
-		if m.Deprecated {
+	}
+	if m.Enabled {
+		i--
+		if m.Enabled {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if len(m.DisabledReason) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintCaps(dAtA, i, uint64(len(m.DisabledReason)))
-		i += copy(dAtA[i:], m.DisabledReason)
-	}
-	if len(m.DisabledReasonMsg) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintCaps(dAtA, i, uint64(len(m.DisabledReasonMsg)))
-		i += copy(dAtA[i:], m.DisabledReasonMsg)
+		i--
+		dAtA[i] = 0x10
 	}
-	if len(m.DisabledAlternative) > 0 {
-		dAtA[i] = 0x32
-		i++
-		i = encodeVarintCaps(dAtA, i, uint64(len(m.DisabledAlternative)))
-		i += copy(dAtA[i:], m.DisabledAlternative)
+	if len(m.ID) > 0 {
+		i -= len(m.ID)
+		copy(dAtA[i:], m.ID)
+		i = encodeVarintCaps(dAtA, i, uint64(len(m.ID)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintCaps(dAtA []byte, offset int, v uint64) int {
+	offset -= sovCaps(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *APICap) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.ID)
@@ -186,18 +250,14 @@ func (m *APICap) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovCaps(uint64(l))
 	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
 func sovCaps(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozCaps(x uint64) (n int) {
 	return sovCaps(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -217,7 +277,7 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -245,7 +305,7 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -255,6 +315,9 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCaps
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCaps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -274,7 +337,7 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -294,7 +357,7 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= (int(b) & 0x7F) << shift
+				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -314,7 +377,7 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -324,6 +387,9 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCaps
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCaps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -343,7 +409,7 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -353,6 +419,9 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCaps
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCaps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -372,7 +441,7 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -382,6 +451,9 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthCaps
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthCaps
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -393,12 +465,13 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthCaps
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
@@ -411,6 +484,7 @@ func (m *APICap) Unmarshal(dAtA []byte) error {
 func skipCaps(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -442,10 +516,8 @@ func skipCaps(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -462,74 +534,34 @@ func skipCaps(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthCaps
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowCaps
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipCaps(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupCaps
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthCaps
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthCaps = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowCaps   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthCaps        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowCaps          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupCaps = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("caps.proto", fileDescriptorCaps) }
-
-var fileDescriptorCaps = []byte{
-	// 236 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4a, 0x4e, 0x2c, 0x28,
-	0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x92, 0xc8, 0xcd, 0x4f, 0xaa, 0xd4, 0x4b, 0x2a, 0xcd,
-	0xcc, 0x49, 0xc9, 0xce, 0x2c, 0xd1, 0x2b, 0x33, 0xd4, 0x4b, 0x2c, 0xc8, 0x04, 0xc9, 0x4b, 0xe9,
-	0xa6, 0x67, 0x96, 0x64, 0x94, 0x26, 0xe9, 0x25, 0xe7, 0xe7, 0xea, 0xa7, 0xe7, 0xa7, 0xe7, 0xeb,
-	0x83, 0x35, 0x24, 0x95, 0xa6, 0x81, 0x79, 0x60, 0x0e, 0x98, 0x05, 0x31, 0x48, 0xe9, 0x16, 0x23,
-	0x17, 0x9b, 0x63, 0x80, 0xa7, 0x73, 0x62, 0x81, 0x10, 0x1f, 0x17, 0x93, 0xa7, 0x8b, 0x04, 0xa3,
-	0x02, 0xa3, 0x06, 0x67, 0x10, 0x93, 0xa7, 0x8b, 0x90, 0x04, 0x17, 0xbb, 0x6b, 0x5e, 0x62, 0x52,
-	0x4e, 0x6a, 0x8a, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x47, 0x10, 0x8c, 0x2b, 0x24, 0xc7, 0xc5, 0xe5,
-	0x92, 0x5a, 0x50, 0x94, 0x9a, 0x9c, 0x58, 0x92, 0x9a, 0x22, 0xc1, 0x0c, 0x96, 0x44, 0x12, 0x11,
-	0x52, 0xe3, 0xe2, 0x73, 0xc9, 0x2c, 0x06, 0xab, 0x0d, 0x4a, 0x4d, 0x2c, 0xce, 0xcf, 0x93, 0x60,
-	0x01, 0x9b, 0x8a, 0x26, 0x2a, 0xa4, 0xc3, 0x25, 0x88, 0x2a, 0xe2, 0x5b, 0x9c, 0x2e, 0xc1, 0x0a,
-	0x56, 0x8a, 0x29, 0x21, 0x64, 0xc0, 0x25, 0x0c, 0x13, 0x74, 0xcc, 0x29, 0x49, 0x2d, 0xca, 0x4b,
-	0x2c, 0xc9, 0x2c, 0x4b, 0x95, 0x60, 0x03, 0xab, 0xc7, 0x26, 0xe5, 0xc4, 0x73, 0xe2, 0x91, 0x1c,
-	0xe3, 0x85, 0x47, 0x72, 0x8c, 0x0f, 0x1e, 0xc9, 0x31, 0x26, 0xb1, 0x81, 0x7d, 0x6c, 0x0c, 0x08,
-	0x00, 0x00, 0xff, 0xff, 0x02, 0x2d, 0x9e, 0x91, 0x48, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/moby/buildkit/util/apicaps/pb/generate.go b/vendor/github.com/moby/buildkit/util/apicaps/pb/generate.go
index 281dfabd64a22..addfccfade016 100644
--- a/vendor/github.com/moby/buildkit/util/apicaps/pb/generate.go
+++ b/vendor/github.com/moby/buildkit/util/apicaps/pb/generate.go
@@ -1,3 +1,3 @@
-package moby_buildkit_v1_apicaps
+package moby_buildkit_v1_apicaps //nolint:golint
 
 //go:generate protoc -I=. -I=../../../vendor/ -I=../../../../../../ --gogo_out=plugins=grpc:. caps.proto
diff --git a/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_windows.go b/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_windows.go
index 74f8389da6564..d5d0ca1fb99f3 100644
--- a/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_windows.go
+++ b/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_windows.go
@@ -1,9 +1,17 @@
 package appdefaults
 
+import (
+	"os"
+	"path/filepath"
+)
+
 const (
-	Address   = "npipe:////./pipe/buildkitd"
-	Root      = ".buildstate"
-	ConfigDir = ""
+	Address = "npipe:////./pipe/buildkitd"
+)
+
+var (
+	Root      = filepath.Join(os.Getenv("ProgramData"), "buildkitd", ".buildstate")
+	ConfigDir = filepath.Join(os.Getenv("ProgramData"), "buildkitd")
 )
 
 func UserAddress() string {
diff --git a/vendor/github.com/moby/buildkit/util/archutil/386_binary.go b/vendor/github.com/moby/buildkit/util/archutil/386_binary.go
new file mode 100644
index 0000000000000..dab00ecf5eaec
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/386_binary.go
@@ -0,0 +1,8 @@
+// +build !386
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binary386 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xec\xd8\x31\x8a\xc2\x40\x14\x06\xe0\x7f\x36\xb3\xd9\x84\xdd\x62\x0e\x10\x96\x2d\xb6\xd8\x6a\x58\x21\x57\x50\x1b\x11\x2c\x3c\x80\x62\xd0\x2a\x09\xc9\x08\x5a\x99\x23\x78\x18\x0b\x4b\x2f\x20\xd8\x5b\x7b\x0f\x79\xc9\x0b\xa4\x48\x63\xff\x3e\xf8\x19\x7c\xf3\x7c\xa9\xdf\x1c\x86\x93\x91\x52\x0a\xad\x37\x78\xa8\x7f\x1d\x75\x10\x03\xf8\x37\x4d\x3d\xc6\x0f\x34\xfe\xa0\xdb\x7b\x52\xe9\x80\x72\x03\x40\xd1\x54\x33\x68\xee\x4d\x33\x83\x12\x02\xa0\xbc\x73\x9d\xfa\x4e\x94\x4a\x07\x94\x08\x40\xc4\xff\xa7\xcc\x1e\x6e\x85\x1e\x3e\x8f\xa5\x9e\x2f\x9e\x37\x9e\xce\xe9\x7b\x17\xaa\x29\x08\x21\x84\x10\x42\x08\x21\x84\x10\xa2\xcf\x99\x96\xe6\xc1\xfd\x5a\xc1\x96\x9b\xd2\x15\x6e\xb1\x84\x4d\x33\x97\xd8\x75\xba\xb5\x79\x91\xe5\x49\xe1\xf6\xb0\x2e\xd9\xb9\x57\xe6\x7e\x02\xf8\xa8\xdf\x13\x78\xcf\xe7\x1d\xbf\xa5\xf9\xfc\xe6\xbd\xdd\xe7\x37\x07\x5a\xf0\xc3\x4e\x9f\xea\x9c\x5e\xa7\x1e\x1a\xe0\xb7\xa7\xef\x19\x00\x00\xff\xff\x32\x71\x64\x98\xd0\x10\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/386_check.go b/vendor/github.com/moby/buildkit/util/archutil/386_check.go
new file mode 100644
index 0000000000000..5ef488f1e5522
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/386_check.go
@@ -0,0 +1,7 @@
+// +build !386
+
+package archutil
+
+func i386Supported() error {
+	return check(Binary386)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/386_check_386.go b/vendor/github.com/moby/buildkit/util/archutil/386_check_386.go
new file mode 100644
index 0000000000000..f2c0ee32423d6
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/386_check_386.go
@@ -0,0 +1,7 @@
+// +build 386
+
+package archutil
+
+func i386Supported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/amd64_binary.go b/vendor/github.com/moby/buildkit/util/archutil/amd64_binary.go
new file mode 100644
index 0000000000000..59f135f001c68
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/amd64_binary.go
@@ -0,0 +1,8 @@
+// +build !amd64
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binaryamd64 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x64\x64\x80\x01\x26\x06\x3b\x06\x30\x4f\xc0\x01\xcc\x77\x80\x8a\x1b\x08\xc0\x95\x30\x38\x30\x58\x30\xb0\x30\x38\x30\xb0\x30\x30\x83\xd5\xb2\x30\x20\x03\x07\x14\xda\x01\x6a\x34\x8c\x66\x80\x9a\x03\xe2\xb2\x22\xf1\x61\xf6\xc1\x68\x1e\xa8\x30\x8c\x86\xa9\x63\x81\x62\x05\xa8\x79\x0a\x8c\x0e\xa8\x34\x54\x39\x8c\xe6\x80\xd2\x81\x4f\x4b\x52\xd8\x18\x88\x07\x30\x67\xb1\x40\xd9\x20\xb7\xba\xfb\x85\x82\xdc\x7d\x80\x05\xea\xfe\x51\x30\x0a\x46\xc1\x28\x18\x05\xa3\x60\x14\x8c\x82\x51\x30\x0a\x46\xc1\x28\x18\x05\xa3\x60\xa8\x00\x8f\xe3\x07\x6c\x40\x94\xe1\x7f\x7e\x56\x06\xbd\xe2\x8c\xe2\x92\xa2\x92\xc4\x24\x06\xbd\xbc\xfc\x92\x54\xbd\xf4\xbc\x52\xbd\x82\xa2\xfc\x82\xd4\xa2\x92\x4a\x06\xbd\x92\xd4\x8a\x12\x8a\xed\xe3\x66\x60\x60\x60\x07\x8f\x33\xa0\xf7\xdf\x51\xfb\xed\x0c\x68\xfd\x77\x18\x90\x83\xf6\xbd\xe1\x7d\x79\xf8\xb8\x01\xda\x78\x01\x03\x62\x9c\x01\x9d\xcf\x8c\xc5\x5d\x3c\x50\xfd\x2a\x04\xf4\x03\x02\x00\x00\xff\xff\x90\x57\x64\xbb\x30\x11\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/amd64_check.go b/vendor/github.com/moby/buildkit/util/archutil/amd64_check.go
new file mode 100644
index 0000000000000..3942860553f52
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/amd64_check.go
@@ -0,0 +1,7 @@
+// +build !amd64
+
+package archutil
+
+func amd64Supported() error {
+	return check(Binaryamd64)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/amd64_check_amd64.go b/vendor/github.com/moby/buildkit/util/archutil/amd64_check_amd64.go
new file mode 100644
index 0000000000000..538840d1bde15
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/amd64_check_amd64.go
@@ -0,0 +1,7 @@
+// +build amd64
+
+package archutil
+
+func amd64Supported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/arm64_binary.go b/vendor/github.com/moby/buildkit/util/archutil/arm64_binary.go
new file mode 100644
index 0000000000000..f5b7feffca5a1
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/arm64_binary.go
@@ -0,0 +1,8 @@
+// +build !arm64
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binaryarm64 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x64\x64\x80\x01\x26\x86\xed\x0c\x20\xde\x06\x06\x07\x30\xdf\x01\x2a\x7e\x81\x01\x01\x1c\x18\x2c\x18\x98\x18\x1c\x18\x98\x19\x98\xc0\x6a\x59\x19\x18\x50\x64\x91\xe9\x3d\x50\xde\x1e\xb8\x3c\xc4\xae\xc0\xa7\x25\x29\x6c\x0c\xc4\x03\x01\x38\xab\xe1\xd2\x0a\xee\x86\x4b\x8c\x0c\x0c\x57\x18\xf4\x8a\x33\x8a\x4b\x8a\x4a\x12\x93\x18\xf4\x4a\x52\x2b\x4a\x18\xa8\x00\xb8\xa1\x2e\x84\xb9\x0d\x16\x0e\x1b\xa0\x7c\x1e\x34\xf5\x2c\x68\x7c\x90\x5e\x66\x2c\xe6\xc2\xfc\x2f\x88\x45\x3d\x32\x00\x04\x00\x00\xff\xff\xbb\x46\x88\x1e\x90\x01\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/arm64_check.go b/vendor/github.com/moby/buildkit/util/archutil/arm64_check.go
new file mode 100644
index 0000000000000..76600d070b872
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/arm64_check.go
@@ -0,0 +1,7 @@
+// +build !arm64
+
+package archutil
+
+func arm64Supported() error {
+	return check(Binaryarm64)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/arm64_check_arm64.go b/vendor/github.com/moby/buildkit/util/archutil/arm64_check_arm64.go
new file mode 100644
index 0000000000000..1b1c8c6ae0167
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/arm64_check_arm64.go
@@ -0,0 +1,7 @@
+// +build arm64
+
+package archutil
+
+func arm64Supported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/arm_binary.go b/vendor/github.com/moby/buildkit/util/archutil/arm_binary.go
new file mode 100644
index 0000000000000..15e6f25ac8ae3
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/arm_binary.go
@@ -0,0 +1,8 @@
+// +build !arm
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binaryarm = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\x8c\x8f\x3d\x6e\xc2\x40\x10\x85\xbf\x89\x7f\x12\x29\x29\x92\x9c\x20\xe9\xa8\xb6\xf2\x05\x5c\x40\x05\x05\xdc\x60\x2d\x2c\xe1\xce\xb2\x07\x89\x0e\xce\xc0\x09\x7c\x08\x6e\x64\x51\x73\x05\xe4\x65\x2d\xb6\x70\xc1\x93\x46\xb3\xfb\xcd\x2b\xde\x3b\xce\x97\x0b\x11\x61\xd4\x1b\x33\x86\x9f\x22\x64\xc0\xe5\x01\x93\x8c\x3f\x77\x8b\x89\x78\xba\xc5\xcd\x09\xdc\x24\x9e\xad\xaf\xba\x65\x42\x29\xf0\xed\x5e\x5d\x2f\x75\xd7\x03\xb7\xfc\x07\xb0\xa5\x2d\x2a\xe4\x1d\xf8\x10\x4c\xbb\x6b\xb5\x51\x5b\x60\xb4\x3c\x28\x26\xdf\xac\x8c\x55\x6d\xaa\x62\xaf\x65\xcb\xcb\xfa\xf4\x09\x53\xdf\x47\x81\xaf\xe0\x1e\xfb\x3d\x44\x88\xa0\x1e\xf9\xd0\xe5\x37\xf0\x49\xb0\xa3\x80\x9f\x81\xff\x09\xdf\x3d\x00\x00\xff\xff\x0b\x8f\xbf\xbd\x54\x01\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/arm_check.go b/vendor/github.com/moby/buildkit/util/archutil/arm_check.go
new file mode 100644
index 0000000000000..745e70505349d
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/arm_check.go
@@ -0,0 +1,7 @@
+// +build !arm
+
+package archutil
+
+func armSupported() error {
+	return check(Binaryarm)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/arm_check_arm.go b/vendor/github.com/moby/buildkit/util/archutil/arm_check_arm.go
new file mode 100644
index 0000000000000..d6dea6fa734a6
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/arm_check_arm.go
@@ -0,0 +1,7 @@
+// +build arm
+
+package archutil
+
+func armSupported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/check_unix.go b/vendor/github.com/moby/buildkit/util/archutil/check_unix.go
new file mode 100644
index 0000000000000..236c96a5e9296
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/check_unix.go
@@ -0,0 +1,51 @@
+// +build !windows
+
+package archutil
+
+import (
+	"bytes"
+	"compress/gzip"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"syscall"
+)
+
+func withChroot(cmd *exec.Cmd, dir string) {
+	cmd.SysProcAttr = &syscall.SysProcAttr{
+		Chroot: dir,
+	}
+}
+
+func check(bin string) error {
+	tmpdir, err := ioutil.TempDir("", "qemu-check")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpdir)
+	pp := filepath.Join(tmpdir, "check")
+
+	r, err := gzip.NewReader(bytes.NewReader([]byte(bin)))
+	if err != nil {
+		return err
+	}
+	defer r.Close()
+
+	f, err := os.OpenFile(pp, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0700)
+	if err != nil {
+		return err
+	}
+
+	if _, err := io.Copy(f, r); err != nil {
+		f.Close()
+		return err
+	}
+	f.Close()
+
+	cmd := exec.Command("/check")
+	withChroot(cmd, tmpdir)
+	err = cmd.Run()
+	return err
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/check_windows.go b/vendor/github.com/moby/buildkit/util/archutil/check_windows.go
new file mode 100644
index 0000000000000..18ec34dbae363
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/check_windows.go
@@ -0,0 +1,15 @@
+// +build windows
+
+package archutil
+
+import (
+	"errors"
+	"os/exec"
+)
+
+func withChroot(cmd *exec.Cmd, dir string) {
+}
+
+func check(bin string) error {
+	return errors.New("binfmt is not supported on Windows")
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/detect.go b/vendor/github.com/moby/buildkit/util/archutil/detect.go
new file mode 100644
index 0000000000000..7cf6b514ad670
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/detect.go
@@ -0,0 +1,156 @@
+package archutil
+
+import (
+	"strings"
+	"sync"
+
+	"github.com/containerd/containerd/platforms"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/sirupsen/logrus"
+)
+
+var mu sync.Mutex
+var arr []string
+
+func SupportedPlatforms(noCache bool) []string {
+	mu.Lock()
+	defer mu.Unlock()
+	if !noCache && arr != nil {
+		return arr
+	}
+	def := defaultPlatform()
+	arr = append([]string{}, def)
+	if p := "linux/amd64"; def != p && amd64Supported() == nil {
+		arr = append(arr, p)
+	}
+	if p := "linux/arm64"; def != p && arm64Supported() == nil {
+		arr = append(arr, p)
+	}
+	if p := "linux/riscv64"; def != p && riscv64Supported() == nil {
+		arr = append(arr, p)
+	}
+	if p := "linux/ppc64le"; def != p && ppc64leSupported() == nil {
+		arr = append(arr, p)
+	}
+	if p := "linux/s390x"; def != p && s390xSupported() == nil {
+		arr = append(arr, p)
+	}
+	if p := "linux/386"; def != p && i386Supported() == nil {
+		arr = append(arr, p)
+	}
+	if p := "linux/mips64le"; def != p && mips64leSupported() == nil {
+		arr = append(arr, p)
+	}
+	if p := "linux/mips64"; def != p && mips64Supported() == nil {
+		arr = append(arr, p)
+	}
+	if !strings.HasPrefix(def, "linux/arm/") && armSupported() == nil {
+		arr = append(arr, "linux/arm/v7", "linux/arm/v6")
+	} else if def == "linux/arm/v7" {
+		arr = append(arr, "linux/arm/v6")
+	}
+	return arr
+}
+
+func Check(pp specs.Platform) bool {
+	p := platforms.Format(pp)
+	if p == "linux/amd64" && amd64Supported() == nil {
+		return true
+	}
+	if p == "linux/arm64" && arm64Supported() == nil {
+		return true
+	}
+	if p == "linux/riscv64" && riscv64Supported() == nil {
+		return true
+	}
+	if p == "linux/ppc64le" && ppc64leSupported() == nil {
+		return true
+	}
+	if p == "linux/s390x" && s390xSupported() == nil {
+		return true
+	}
+	if p == "linux/386" && i386Supported() == nil {
+		return true
+	}
+	if p == "linux/mips64le" && mips64leSupported() == nil {
+		return true
+	}
+	if p == "linux/mips64" && mips64Supported() == nil {
+		return true
+	}
+	if !strings.HasPrefix(p, "linux/arm/") && armSupported() == nil {
+		return true
+	}
+
+	return false
+}
+
+//WarnIfUnsupported validates the platforms and show warning message if there is,
+//the end user could fix the issue based on those warning, and thus no need to drop
+//the platform from the candidates.
+func WarnIfUnsupported(pfs []string) {
+	def := defaultPlatform()
+	for _, p := range pfs {
+		if p != def {
+			if p == "linux/amd64" {
+				if err := amd64Supported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+			if p == "linux/arm64" {
+				if err := arm64Supported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+			if p == "linux/riscv64" {
+				if err := riscv64Supported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+			if p == "linux/ppc64le" {
+				if err := ppc64leSupported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+			if p == "linux/s390x" {
+				if err := s390xSupported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+			if p == "linux/386" {
+				if err := i386Supported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+			if p == "linux/mips64le" {
+				if err := mips64leSupported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+			if p == "linux/mips64" {
+				if err := mips64Supported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+			if strings.HasPrefix(p, "linux/arm/v6") || strings.HasPrefix(p, "linux/arm/v7") {
+				if err := armSupported(); err != nil {
+					printPlatformWarning(p, err)
+				}
+			}
+		}
+	}
+}
+
+func defaultPlatform() string {
+	return platforms.Format(platforms.Normalize(platforms.DefaultSpec()))
+}
+
+func printPlatformWarning(p string, err error) {
+	if strings.Contains(err.Error(), "exec format error") {
+		logrus.Warnf("platform %s cannot pass the validation, kernel support for miscellaneous binary may have not enabled.", p)
+	} else if strings.Contains(err.Error(), "no such file or directory") {
+		logrus.Warnf("platforms %s cannot pass the validation, '-F' flag might have not set for 'archutil'.", p)
+	} else {
+		logrus.Warnf("platforms %s cannot pass the validation: %s", p, err.Error())
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/mips64_binary.go b/vendor/github.com/moby/buildkit/util/archutil/mips64_binary.go
new file mode 100644
index 0000000000000..ff6afda0b2da1
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/mips64_binary.go
@@ -0,0 +1,8 @@
+// +build !mips64
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binarymips64 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xac\x92\xb1\x4a\xf4\x40\x14\x85\xbf\x99\xcd\xe6\xff\x41\xc5\x05\x2d\xc4\x2a\xc5\x16\x8b\xc5\x60\x69\x25\xb1\x50\x10\x14\x56\x7c\x82\x04\xd7\x18\x90\x24\x6c\x26\x60\x27\xbe\x81\xcf\xe4\xbb\x08\xbe\x80\xf5\xca\x24\x93\x98\x44\xa6\x10\x3c\x45\xce\xdc\x93\x7b\x72\xc3\x9c\xfb\x7c\x7e\x75\x21\xa5\xa0\x83\xe4\x3f\x60\x04\x11\x20\x8e\xad\x1a\x36\x24\x5e\x83\xa6\x3a\x61\x42\x88\xcf\xb4\x80\x09\xe0\xd9\xbe\x8f\xc6\x37\x60\x83\x83\x11\xb7\x33\xa6\xdf\x83\xeb\xfe\x3e\x9b\x63\x38\x60\x01\x77\xfa\xfd\x06\xf0\xf9\x1d\x66\xe6\x37\xa5\x44\xf4\xe7\xd5\x8f\x45\x57\xef\x3b\xbc\x22\x10\x2f\xed\x3d\x30\xf7\x60\x2e\xf7\xde\x80\x6d\x53\x9f\x01\xbb\x49\x56\xd5\x5f\xfb\xe7\x09\x54\xf9\x50\xea\xb5\x8e\x62\xd4\xf5\xe5\xf2\x56\x45\x71\x7a\xff\x18\x25\xa5\x2d\xf3\x42\xa7\x79\x56\xa2\xf4\xea\x49\xa3\x92\xac\x52\x91\xd6\xeb\x34\xae\xf4\xaa\xe4\x4f\xb0\x55\xc0\x51\x97\xe6\x30\x87\x71\x1e\xf4\xf2\x68\xf5\xc3\x02\x76\xac\x68\xfd\xa2\x7f\x65\x06\x0b\x87\x5f\xd8\x77\x6d\xa3\x3f\xdc\xa3\x6e\x9f\x66\x3f\xf3\xe9\xa0\xf2\xcd\xe6\xd3\x11\x45\xe8\xf0\x8f\x73\x9d\x38\xfc\x4b\x7b\x38\x75\xf9\xbf\x02\x00\x00\xff\xff\x61\x89\x8d\x22\x10\x03\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/mips64_check.go b/vendor/github.com/moby/buildkit/util/archutil/mips64_check.go
new file mode 100644
index 0000000000000..b6ee6495702c0
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/mips64_check.go
@@ -0,0 +1,7 @@
+// +build !mips64
+
+package archutil
+
+func mips64Supported() error {
+	return check(Binarymips64)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/mips64_check_mips64.go b/vendor/github.com/moby/buildkit/util/archutil/mips64_check_mips64.go
new file mode 100644
index 0000000000000..c4907053bae38
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/mips64_check_mips64.go
@@ -0,0 +1,7 @@
+// +build mips64
+
+package archutil
+
+func mips64Supported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/mips64le_binary.go b/vendor/github.com/moby/buildkit/util/archutil/mips64le_binary.go
new file mode 100644
index 0000000000000..21c49bce07c01
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/mips64le_binary.go
@@ -0,0 +1,8 @@
+// +build !mips64le
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binarymips64le = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xa4\x92\xb1\x4a\xf4\x40\x14\x85\xbf\x99\xec\xee\xbf\xf0\x2b\x0a\x5a\x88\x55\x8a\x2d\x82\xc5\x90\xd2\x4a\xc6\x42\x41\x50\x58\xf1\x09\x12\x5c\x63\x40\x92\xb0\x99\x80\x9d\xf8\x06\x3e\x93\xef\x22\xec\x0b\x58\xaf\x84\xcc\xac\x26\x26\x28\x78\x9b\x73\xcf\xbd\x73\x12\xe6\x9c\x79\x3a\xbb\x3c\x97\x42\xe0\x4a\x32\xa5\x66\xa1\xc0\xaf\x51\xdb\xf9\xcb\xe7\x11\x5f\x73\x8c\x87\x66\xc2\x18\x0f\x8a\x11\xb0\xb2\xcb\x15\x8d\xce\xe1\x81\x9d\x3b\x9c\x5a\xac\x77\x63\x5a\xe5\x8b\x2f\xa8\x2d\xd1\x9b\xff\x36\xcd\xf5\x9b\xb9\x9d\xf0\xfb\xda\xdd\x74\x1e\x52\xd2\xf9\x1a\x88\xa0\xc1\xfd\x01\x7d\xf8\x2c\x7c\xd1\x9a\x8c\x66\xaf\x7b\x72\xb6\x65\xd9\xe9\x0e\x90\x64\x15\xe2\x5f\xbd\x13\xa8\xf2\xbe\x34\x4b\x13\xc5\xa8\xab\x8b\xf9\x8d\x8a\xe2\xf4\xee\x21\x4a\x4a\x4b\xf3\xc2\xa4\x79\x56\xa2\xcc\xe2\xd1\xa0\x92\xac\x52\x91\x31\xcb\x34\xae\xcc\xa2\xe4\xef\xf5\x1f\x38\x82\x42\x7e\xcf\xa3\x95\x03\x9d\x3c\xdc\xfc\x10\xd8\x6e\xf4\x53\x6b\x54\x73\x7f\x6b\x42\x30\xa0\x77\x1e\x05\xb6\x77\x19\xb9\x77\x14\x8a\x6e\x1e\xfd\x5c\x01\xef\xeb\x75\xde\xbd\x97\x1e\xd0\x8b\x1e\xee\xf5\xf8\x32\xb7\x07\x4f\x7e\xd0\x7f\x04\x00\x00\xff\xff\xd1\x67\xf7\xcd\x10\x03\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/mips64le_check.go b/vendor/github.com/moby/buildkit/util/archutil/mips64le_check.go
new file mode 100644
index 0000000000000..b4d536f400949
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/mips64le_check.go
@@ -0,0 +1,7 @@
+// +build !mips64le
+
+package archutil
+
+func mips64leSupported() error {
+	return check(Binarymips64le)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/mips64le_check_mips64le.go b/vendor/github.com/moby/buildkit/util/archutil/mips64le_check_mips64le.go
new file mode 100644
index 0000000000000..80061bcf284a8
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/mips64le_check_mips64le.go
@@ -0,0 +1,7 @@
+// +build mips64le
+
+package archutil
+
+func mips64leSupported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/ppc64le_binary.go b/vendor/github.com/moby/buildkit/util/archutil/ppc64le_binary.go
new file mode 100644
index 0000000000000..3e4d4b38e93c0
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/ppc64le_binary.go
@@ -0,0 +1,8 @@
+// +build !ppc64le
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binaryppc64le = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x64\x64\x80\x01\x26\x06\x51\x06\x10\x6f\x03\x03\x83\x00\x88\xef\x00\x15\xbf\x01\x97\x07\x89\x59\x30\x30\x31\x38\x30\xb0\x30\x30\x83\xd5\xb2\x32\xa0\x00\x01\x64\x7a\x0f\x94\xb3\x07\x2e\x0d\xb1\x2b\xf0\x69\x49\x0a\x1b\x03\xf1\x40\x00\xa1\xdb\x82\x81\x21\xc1\x82\x89\x81\xc1\x85\x41\xaf\x38\xa3\xb8\xa4\xa8\x24\x31\x89\x41\xaf\x24\xb5\xa2\x84\x41\x2f\x35\x23\x3e\xad\x28\x31\x37\x95\x81\x62\xc0\x0d\x75\x29\xcc\x8d\xb0\xf0\xd8\x00\xe5\xf3\xa0\xa9\xe7\x40\xe3\x0b\x42\xf5\x33\x21\xfc\x2f\x80\x1a\x0e\xa8\x80\x05\x8d\x0f\xd2\xcb\x8c\x45\x1d\x4c\xbf\x34\x16\xf5\xc8\x00\x10\x00\x00\xff\xff\x59\x3e\xf6\x64\xd8\x01\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/ppc64le_check.go b/vendor/github.com/moby/buildkit/util/archutil/ppc64le_check.go
new file mode 100644
index 0000000000000..017258390bc7d
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/ppc64le_check.go
@@ -0,0 +1,7 @@
+// +build !ppc64le
+
+package archutil
+
+func ppc64leSupported() error {
+	return check(Binaryppc64le)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/ppc64le_check_ppc64le.go b/vendor/github.com/moby/buildkit/util/archutil/ppc64le_check_ppc64le.go
new file mode 100644
index 0000000000000..7da12d4b5ced3
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/ppc64le_check_ppc64le.go
@@ -0,0 +1,7 @@
+// +build ppc64le
+
+package archutil
+
+func ppc64leSupported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/riscv64_binary.go b/vendor/github.com/moby/buildkit/util/archutil/riscv64_binary.go
new file mode 100644
index 0000000000000..a5e115d6bdde3
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/riscv64_binary.go
@@ -0,0 +1,8 @@
+// +build !riscv64
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binaryriscv64 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x64\x64\x80\x01\x26\x86\xcf\x0c\x20\xde\x06\x06\x88\x98\x03\x54\xfc\x02\x94\x66\x01\x8b\x59\x30\x30\x31\x38\x30\x30\x33\x30\x81\x55\xb1\x32\x20\x03\x46\x14\x7a\x0f\x94\x07\xa3\x19\x04\x20\x54\xe0\xd3\x92\x14\x36\x06\xe2\x01\x54\x1b\x83\x30\x2b\x03\xc3\x64\x8e\x0b\xac\xc5\x20\x8e\x5e\x71\x46\x71\x49\x51\x49\x62\x12\x83\x5e\x49\x6a\x45\x09\x03\x15\x00\x37\xd4\xe5\x30\xb7\xc1\xc2\x61\x03\x94\xcf\x83\xa6\x9e\x05\x8d\x0f\x52\xcd\x8c\xc5\x5c\x98\xff\x05\xb1\xa8\x47\x06\x80\x00\x00\x00\xff\xff\x34\x4f\x05\xf7\x90\x01\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/riscv64_check.go b/vendor/github.com/moby/buildkit/util/archutil/riscv64_check.go
new file mode 100644
index 0000000000000..c1272d0a46458
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/riscv64_check.go
@@ -0,0 +1,7 @@
+// +build !riscv64
+
+package archutil
+
+func riscv64Supported() error {
+	return check(Binaryriscv64)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/riscv64_check_riscv64.go b/vendor/github.com/moby/buildkit/util/archutil/riscv64_check_riscv64.go
new file mode 100644
index 0000000000000..ceeb56075bde2
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/riscv64_check_riscv64.go
@@ -0,0 +1,7 @@
+// +build riscv64
+
+package archutil
+
+func riscv64Supported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/s390x_binary.go b/vendor/github.com/moby/buildkit/util/archutil/s390x_binary.go
new file mode 100644
index 0000000000000..0f43a0b89ff60
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/s390x_binary.go
@@ -0,0 +1,8 @@
+// +build !s390x
+
+package archutil
+
+// This file is generated by running make inside the archutil package.
+// Do not edit manually.
+
+const Binarys390x = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x62\x64\x80\x03\x26\x06\x31\x06\x06\x06\xb0\x00\x23\x03\xc3\x06\xa8\xa8\x03\x94\xbe\x00\xe5\x59\x30\x30\x31\x38\x30\x30\x33\x30\x41\xd5\xb2\x32\x20\x01\x46\x34\x9a\x81\x81\x61\x07\x2a\x2d\xc0\x90\x52\xf2\x34\x90\x81\x81\x81\x8d\x81\x34\x20\xb0\x5c\x93\x81\x81\x8b\x91\x9d\x9d\x41\xaf\x38\xa3\xb8\xa4\xa8\x24\x31\x89\x41\xaf\x24\xb5\xa2\x84\x81\x7a\x80\x1b\xc9\xe9\x6c\x68\xe1\x00\xa3\x39\xd0\xf4\xb0\xa0\x79\x9f\x19\x87\xd9\xb0\x70\x10\x44\x13\x87\x07\x15\x20\x00\x00\xff\xff\x28\x7b\x76\xee\x90\x01\x00\x00"
diff --git a/vendor/github.com/moby/buildkit/util/archutil/s390x_check.go b/vendor/github.com/moby/buildkit/util/archutil/s390x_check.go
new file mode 100644
index 0000000000000..89f5cf4343006
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/s390x_check.go
@@ -0,0 +1,7 @@
+// +build !s390x
+
+package archutil
+
+func s390xSupported() error {
+	return check(Binarys390x)
+}
diff --git a/vendor/github.com/moby/buildkit/util/archutil/s390x_check_s390x.go b/vendor/github.com/moby/buildkit/util/archutil/s390x_check_s390x.go
new file mode 100644
index 0000000000000..664bb15e18f25
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/archutil/s390x_check_s390x.go
@@ -0,0 +1,7 @@
+// +build s390x
+
+package archutil
+
+func s390xSupported() error {
+	return nil
+}
diff --git a/vendor/github.com/moby/buildkit/util/compression/compression.go b/vendor/github.com/moby/buildkit/util/compression/compression.go
new file mode 100644
index 0000000000000..654b056335d5c
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/compression/compression.go
@@ -0,0 +1,140 @@
+package compression
+
+import (
+	"bytes"
+	"context"
+	"io"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// Type represents compression type for blob data.
+type Type int
+
+const (
+	// Uncompressed indicates no compression.
+	Uncompressed Type = iota
+
+	// Gzip is used for blob data.
+	Gzip
+
+	// UnknownCompression means not supported yet.
+	UnknownCompression Type = -1
+)
+
+var Default = Gzip
+
+func (ct Type) String() string {
+	switch ct {
+	case Uncompressed:
+		return "uncompressed"
+	case Gzip:
+		return "gzip"
+	default:
+		return "unknown"
+	}
+}
+
+// DetectLayerMediaType returns media type from existing blob data.
+func DetectLayerMediaType(ctx context.Context, cs content.Store, id digest.Digest, oci bool) (string, error) {
+	ra, err := cs.ReaderAt(ctx, ocispec.Descriptor{Digest: id})
+	if err != nil {
+		return "", err
+	}
+	defer ra.Close()
+
+	ct, err := detectCompressionType(content.NewReader(ra))
+	if err != nil {
+		return "", err
+	}
+
+	switch ct {
+	case Uncompressed:
+		if oci {
+			return ocispec.MediaTypeImageLayer, nil
+		}
+		return images.MediaTypeDockerSchema2Layer, nil
+	case Gzip:
+		if oci {
+			return ocispec.MediaTypeImageLayerGzip, nil
+		}
+		return images.MediaTypeDockerSchema2LayerGzip, nil
+	default:
+		return "", errors.Errorf("failed to detect layer %v compression type", id)
+	}
+}
+
+// detectCompressionType detects compression type from real blob data.
+func detectCompressionType(cr io.Reader) (Type, error) {
+	var buf [10]byte
+	var n int
+	var err error
+
+	if n, err = cr.Read(buf[:]); err != nil && err != io.EOF {
+		// Note: we'll ignore any io.EOF error because there are some
+		// odd cases where the layer.tar file will be empty (zero bytes)
+		// and we'll just treat it as a non-compressed stream and that
+		// means just create an empty layer.
+		//
+		// See issue docker/docker#18170
+		return UnknownCompression, err
+	}
+
+	for c, m := range map[Type][]byte{
+		Gzip: {0x1F, 0x8B, 0x08},
+	} {
+		if n < len(m) {
+			continue
+		}
+		if bytes.Equal(m, buf[:len(m)]) {
+			return c, nil
+		}
+	}
+	return Uncompressed, nil
+}
+
+var toDockerLayerType = map[string]string{
+	ocispec.MediaTypeImageLayer:                   images.MediaTypeDockerSchema2Layer,
+	images.MediaTypeDockerSchema2Layer:            images.MediaTypeDockerSchema2Layer,
+	ocispec.MediaTypeImageLayerGzip:               images.MediaTypeDockerSchema2LayerGzip,
+	images.MediaTypeDockerSchema2LayerGzip:        images.MediaTypeDockerSchema2LayerGzip,
+	images.MediaTypeDockerSchema2LayerForeign:     images.MediaTypeDockerSchema2Layer,
+	images.MediaTypeDockerSchema2LayerForeignGzip: images.MediaTypeDockerSchema2LayerGzip,
+}
+
+var toOCILayerType = map[string]string{
+	ocispec.MediaTypeImageLayer:                   ocispec.MediaTypeImageLayer,
+	images.MediaTypeDockerSchema2Layer:            ocispec.MediaTypeImageLayer,
+	ocispec.MediaTypeImageLayerGzip:               ocispec.MediaTypeImageLayerGzip,
+	images.MediaTypeDockerSchema2LayerGzip:        ocispec.MediaTypeImageLayerGzip,
+	images.MediaTypeDockerSchema2LayerForeign:     ocispec.MediaTypeImageLayer,
+	images.MediaTypeDockerSchema2LayerForeignGzip: ocispec.MediaTypeImageLayerGzip,
+}
+
+func convertLayerMediaType(mediaType string, oci bool) string {
+	var converted string
+	if oci {
+		converted = toOCILayerType[mediaType]
+	} else {
+		converted = toDockerLayerType[mediaType]
+	}
+	if converted == "" {
+		logrus.Warnf("unhandled conversion for mediatype %q", mediaType)
+		return mediaType
+	}
+	return converted
+}
+
+func ConvertAllLayerMediaTypes(oci bool, descs ...ocispec.Descriptor) []ocispec.Descriptor {
+	var converted []ocispec.Descriptor
+	for _, desc := range descs {
+		desc.MediaType = convertLayerMediaType(desc.MediaType, oci)
+		converted = append(converted, desc)
+	}
+	return converted
+}
diff --git a/vendor/github.com/moby/buildkit/util/contentutil/copy.go b/vendor/github.com/moby/buildkit/util/contentutil/copy.go
index 04d46c4f36dc6..b471d8b94850d 100644
--- a/vendor/github.com/moby/buildkit/util/contentutil/copy.go
+++ b/vendor/github.com/moby/buildkit/util/contentutil/copy.go
@@ -8,12 +8,13 @@ import (
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/remotes"
+	"github.com/moby/buildkit/util/resolver/retryhandler"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
-func Copy(ctx context.Context, ingester content.Ingester, provider content.Provider, desc ocispec.Descriptor) error {
-	if _, err := remotes.FetchHandler(ingester, &localFetcher{provider})(ctx, desc); err != nil {
+func Copy(ctx context.Context, ingester content.Ingester, provider content.Provider, desc ocispec.Descriptor, logger func([]byte)) error {
+	if _, err := retryhandler.New(remotes.FetchHandler(ingester, &localFetcher{provider}), logger)(ctx, desc); err != nil {
 		return err
 	}
 	return nil
@@ -64,15 +65,15 @@ func CopyChain(ctx context.Context, ingester content.Ingester, provider content.
 	handlers := []images.Handler{
 		images.ChildrenHandler(provider),
 		filterHandler,
-		remotes.FetchHandler(ingester, &localFetcher{provider}),
+		retryhandler.New(remotes.FetchHandler(ingester, &localFetcher{provider}), func(_ []byte) {}),
 	}
 
-	if err := images.Dispatch(ctx, images.Handlers(handlers...), desc); err != nil {
+	if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, desc); err != nil {
 		return errors.WithStack(err)
 	}
 
 	for i := len(manifestStack) - 1; i >= 0; i-- {
-		if err := Copy(ctx, ingester, provider, manifestStack[i]); err != nil {
+		if err := Copy(ctx, ingester, provider, manifestStack[i], nil); err != nil {
 			return errors.WithStack(err)
 		}
 	}
diff --git a/vendor/github.com/moby/buildkit/util/contentutil/pusher.go b/vendor/github.com/moby/buildkit/util/contentutil/pusher.go
index ab88128aa2add..693dcfea93c9c 100644
--- a/vendor/github.com/moby/buildkit/util/contentutil/pusher.go
+++ b/vendor/github.com/moby/buildkit/util/contentutil/pusher.go
@@ -2,21 +2,34 @@ package contentutil
 
 import (
 	"context"
+	"runtime"
+	"sync"
+	"time"
 
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/remotes"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
 
 func FromPusher(p remotes.Pusher) content.Ingester {
+	var mu sync.Mutex
+	c := sync.NewCond(&mu)
 	return &pushingIngester{
-		p: p,
+		mu:     &mu,
+		c:      c,
+		p:      p,
+		active: map[digest.Digest]struct{}{},
 	}
 }
 
 type pushingIngester struct {
 	p remotes.Pusher
+
+	mu     *sync.Mutex
+	c      *sync.Cond
+	active map[digest.Digest]struct{}
 }
 
 // Writer implements content.Ingester. desc.MediaType must be set for manifest blobs.
@@ -30,20 +43,55 @@ func (i *pushingIngester) Writer(ctx context.Context, opts ...content.WriterOpt)
 	if wOpts.Ref == "" {
 		return nil, errors.Wrap(errdefs.ErrInvalidArgument, "ref must not be empty")
 	}
+
+	st := time.Now()
+
+	i.mu.Lock()
+	for {
+		if time.Since(st) > time.Hour {
+			i.mu.Unlock()
+			return nil, errors.Wrapf(errdefs.ErrUnavailable, "ref %v locked", wOpts.Desc.Digest)
+		}
+		if _, ok := i.active[wOpts.Desc.Digest]; ok {
+			i.c.Wait()
+		} else {
+			break
+		}
+	}
+
+	i.active[wOpts.Desc.Digest] = struct{}{}
+	i.mu.Unlock()
+
+	var once sync.Once
+	release := func() {
+		once.Do(func() {
+			i.mu.Lock()
+			delete(i.active, wOpts.Desc.Digest)
+			i.c.Broadcast()
+			i.mu.Unlock()
+		})
+	}
+
 	// pusher requires desc.MediaType to determine the PUT URL, especially for manifest blobs.
 	contentWriter, err := i.p.Push(ctx, wOpts.Desc)
 	if err != nil {
+		release()
 		return nil, err
 	}
+	runtime.SetFinalizer(contentWriter, func(_ content.Writer) {
+		release()
+	})
 	return &writer{
 		Writer:           contentWriter,
 		contentWriterRef: wOpts.Ref,
+		release:          release,
 	}, nil
 }
 
 type writer struct {
 	content.Writer          // returned from pusher.Push
 	contentWriterRef string // ref passed for Writer()
+	release          func()
 }
 
 func (w *writer) Status() (content.Status, error) {
@@ -56,3 +104,19 @@ func (w *writer) Status() (content.Status, error) {
 	}
 	return st, nil
 }
+
+func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error {
+	err := w.Writer.Commit(ctx, size, expected, opts...)
+	if w.release != nil {
+		w.release()
+	}
+	return err
+}
+
+func (w *writer) Close() error {
+	err := w.Writer.Close()
+	if w.release != nil {
+		w.release()
+	}
+	return err
+}
diff --git a/vendor/github.com/moby/buildkit/util/contentutil/refs.go b/vendor/github.com/moby/buildkit/util/contentutil/refs.go
index 9df84063c040f..9e41ea07d28b8 100644
--- a/vendor/github.com/moby/buildkit/util/contentutil/refs.go
+++ b/vendor/github.com/moby/buildkit/util/contentutil/refs.go
@@ -9,7 +9,7 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/remotes"
 	"github.com/containerd/containerd/remotes/docker"
-	"github.com/docker/docker/pkg/locker"
+	"github.com/moby/locker"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -72,6 +72,7 @@ func (w *ingester) Writer(ctx context.Context, opts ...content.WriterOpt) (conte
 	}
 	writer, err := w.pusher.Push(ctx, wo.Desc)
 	if err != nil {
+		unlock()
 		return nil, err
 	}
 	return &lockedWriter{unlock: unlock, Writer: writer}, nil
diff --git a/vendor/github.com/moby/buildkit/util/entitlements/entitlements.go b/vendor/github.com/moby/buildkit/util/entitlements/entitlements.go
index 4bd7f2a809696..f65b426bb2016 100644
--- a/vendor/github.com/moby/buildkit/util/entitlements/entitlements.go
+++ b/vendor/github.com/moby/buildkit/util/entitlements/entitlements.go
@@ -1,26 +1,19 @@
 package entitlements
 
-import "github.com/pkg/errors"
+import (
+	"github.com/pkg/errors"
+)
 
 type Entitlement string
 
 const (
-	EntitlementSecurityConfined   Entitlement = "security.confined"
-	EntitlementSecurityUnconfined Entitlement = "security.unconfined" // unimplemented
-	EntitlementNetworkHost        Entitlement = "network.host"
-	EntitlementNetworkNone        Entitlement = "network.none"
+	EntitlementSecurityInsecure Entitlement = "security.insecure"
+	EntitlementNetworkHost      Entitlement = "network.host"
 )
 
 var all = map[Entitlement]struct{}{
-	EntitlementSecurityConfined:   {},
-	EntitlementSecurityUnconfined: {},
-	EntitlementNetworkHost:        {},
-	EntitlementNetworkNone:        {},
-}
-
-var defaults = map[Entitlement]struct{}{
-	EntitlementSecurityConfined: {},
-	EntitlementNetworkNone:      {},
+	EntitlementSecurityInsecure: {},
+	EntitlementNetworkHost:      {},
 }
 
 func Parse(s string) (Entitlement, error) {
@@ -50,15 +43,12 @@ func WhiteList(allowed, supported []Entitlement) (Set, error) {
 		}
 		if supported != nil {
 			if !supm.Allowed(e) {
-				return nil, errors.Errorf("entitlement %s is not allowed", e)
+				return nil, errors.Errorf("granting entitlement %s is not allowed by build daemon configuration", e)
 			}
 		}
 		m[e] = struct{}{}
 	}
 
-	for e := range defaults {
-		m[e] = struct{}{}
-	}
 	return Set(m), nil
 }
 
diff --git a/vendor/github.com/moby/buildkit/util/entitlements/security/security_linux.go b/vendor/github.com/moby/buildkit/util/entitlements/security/security_linux.go
new file mode 100644
index 0000000000000..c79873e826f1b
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/entitlements/security/security_linux.go
@@ -0,0 +1,162 @@
+package security
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/oci"
+	"github.com/containerd/containerd/sys"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+// WithInsecureSpec sets spec with All capability.
+func WithInsecureSpec() oci.SpecOpts {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		addCaps := []string{
+			"CAP_FSETID",
+			"CAP_KILL",
+			"CAP_FOWNER",
+			"CAP_MKNOD",
+			"CAP_CHOWN",
+			"CAP_DAC_OVERRIDE",
+			"CAP_NET_RAW",
+			"CAP_SETGID",
+			"CAP_SETUID",
+			"CAP_SETPCAP",
+			"CAP_SETFCAP",
+			"CAP_NET_BIND_SERVICE",
+			"CAP_SYS_CHROOT",
+			"CAP_AUDIT_WRITE",
+			"CAP_MAC_ADMIN",
+			"CAP_MAC_OVERRIDE",
+			"CAP_DAC_READ_SEARCH",
+			"CAP_SYS_PTRACE",
+			"CAP_SYS_MODULE",
+			"CAP_SYSLOG",
+			"CAP_SYS_RAWIO",
+			"CAP_SYS_ADMIN",
+			"CAP_LINUX_IMMUTABLE",
+			"CAP_SYS_BOOT",
+			"CAP_SYS_NICE",
+			"CAP_SYS_PACCT",
+			"CAP_SYS_TTY_CONFIG",
+			"CAP_SYS_TIME",
+			"CAP_WAKE_ALARM",
+			"CAP_AUDIT_READ",
+			"CAP_AUDIT_CONTROL",
+			"CAP_SYS_RESOURCE",
+			"CAP_BLOCK_SUSPEND",
+			"CAP_IPC_LOCK",
+			"CAP_IPC_OWNER",
+			"CAP_LEASE",
+			"CAP_NET_ADMIN",
+			"CAP_NET_BROADCAST",
+		}
+		s.Process.Capabilities.Bounding = append(s.Process.Capabilities.Bounding, addCaps...)
+		s.Process.Capabilities.Ambient = append(s.Process.Capabilities.Ambient, addCaps...)
+		s.Process.Capabilities.Effective = append(s.Process.Capabilities.Effective, addCaps...)
+		s.Process.Capabilities.Inheritable = append(s.Process.Capabilities.Inheritable, addCaps...)
+		s.Process.Capabilities.Permitted = append(s.Process.Capabilities.Permitted, addCaps...)
+
+		s.Linux.ReadonlyPaths = []string{}
+		s.Linux.MaskedPaths = []string{}
+		s.Process.ApparmorProfile = ""
+
+		s.Linux.Resources.Devices = []specs.LinuxDeviceCgroup{
+			{
+				Allow:  true,
+				Type:   "c",
+				Access: "rwm",
+			},
+			{
+				Allow:  true,
+				Type:   "b",
+				Access: "rwm",
+			},
+		}
+
+		if !sys.RunningInUserNS() {
+			// Devices automatically mounted on insecure mode
+			s.Linux.Devices = append(s.Linux.Devices, []specs.LinuxDevice{
+				// Writes to this come out as printk's, reads export the buffered printk records. (dmesg)
+				{
+					Path:  "/dev/kmsg",
+					Type:  "c",
+					Major: 1,
+					Minor: 11,
+				},
+				// Cuse (character device in user-space)
+				{
+					Path:  "/dev/cuse",
+					Type:  "c",
+					Major: 10,
+					Minor: 203,
+				},
+				// Fuse (virtual filesystem in user-space)
+				{
+					Path:  "/dev/fuse",
+					Type:  "c",
+					Major: 10,
+					Minor: 229,
+				},
+				// Kernel-based virtual machine (hardware virtualization extensions)
+				{
+					Path:  "/dev/kvm",
+					Type:  "c",
+					Major: 10,
+					Minor: 232,
+				},
+				// TAP/TUN network device
+				{
+					Path:  "/dev/net/tun",
+					Type:  "c",
+					Major: 10,
+					Minor: 200,
+				},
+				// Loopback control device
+				{
+					Path:  "/dev/loop-control",
+					Type:  "c",
+					Major: 10,
+					Minor: 237,
+				},
+			}...)
+
+			loopID, err := getFreeLoopID()
+			if err != nil {
+				logrus.Debugf("failed to get next free loop device: %v", err)
+			}
+
+			for i := 0; i <= loopID+7; i++ {
+				s.Linux.Devices = append(s.Linux.Devices, specs.LinuxDevice{
+					Path:  fmt.Sprintf("/dev/loop%d", i),
+					Type:  "b",
+					Major: 7,
+					Minor: int64(i),
+				})
+			}
+		}
+
+		return nil
+	}
+}
+
+func getFreeLoopID() (int, error) {
+	fd, err := os.OpenFile("/dev/loop-control", os.O_RDWR, 0644)
+	if err != nil {
+		return 0, err
+	}
+	defer fd.Close()
+
+	const _LOOP_CTL_GET_FREE = 0x4C82 //nolint:golint
+	r1, _, uerr := unix.Syscall(unix.SYS_IOCTL, fd.Fd(), _LOOP_CTL_GET_FREE, 0)
+	if uerr == 0 {
+		return int(r1), nil
+	}
+	return 0, errors.Errorf("error getting free loop device: %v", uerr)
+}
diff --git a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go
index 89866b76bb61e..fc9f7272a42bc 100644
--- a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go
+++ b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go
@@ -24,7 +24,7 @@ type contextKeyT string
 
 var contextKey = contextKeyT("buildkit/util/flightcontrol.progress")
 
-// Group is a flightcontrol syncronization group
+// Group is a flightcontrol synchronization group
 type Group struct {
 	mu sync.Mutex       // protects m
 	m  map[string]*call // lazily initialized
@@ -35,7 +35,7 @@ func (g *Group) Do(ctx context.Context, key string, fn func(ctx context.Context)
 	var backoff time.Duration
 	for {
 		v, err = g.do(ctx, key, fn)
-		if err == nil || errors.Cause(err) != errRetry {
+		if err == nil || !errors.Is(err, errRetry) {
 			return v, err
 		}
 		// backoff logic
@@ -72,16 +72,18 @@ func (g *Group) do(ctx context.Context, key string, fn func(ctx context.Context)
 		g.mu.Lock()
 		delete(g.m, key)
 		g.mu.Unlock()
+		close(c.cleaned)
 	}()
 	g.mu.Unlock()
 	return c.wait(ctx)
 }
 
 type call struct {
-	mu     sync.Mutex
-	result interface{}
-	err    error
-	ready  chan struct{}
+	mu      sync.Mutex
+	result  interface{}
+	err     error
+	ready   chan struct{}
+	cleaned chan struct{}
 
 	ctx  *sharedContext
 	ctxs []context.Context
@@ -97,6 +99,7 @@ func newCall(fn func(ctx context.Context) (interface{}, error)) *call {
 	c := &call{
 		fn:            fn,
 		ready:         make(chan struct{}),
+		cleaned:       make(chan struct{}),
 		progressState: newProgressState(),
 	}
 	ctx := newContext(c) // newSharedContext
@@ -113,7 +116,9 @@ func newCall(fn func(ctx context.Context) (interface{}, error)) *call {
 
 func (c *call) run() {
 	defer c.closeProgressWriter()
-	v, err := c.fn(c.ctx)
+	ctx, cancel := context.WithCancel(c.ctx)
+	defer cancel()
+	v, err := c.fn(ctx)
 	c.mu.Lock()
 	c.result = v
 	c.err = err
@@ -125,8 +130,13 @@ func (c *call) wait(ctx context.Context) (v interface{}, err error) {
 	c.mu.Lock()
 	// detect case where caller has just returned, let it clean up before
 	select {
-	case <-c.ready: // could return if no error
+	case <-c.ready:
 		c.mu.Unlock()
+		<-c.cleaned
+		return nil, errRetry
+	case <-c.ctx.done: // could return if no error
+		c.mu.Unlock()
+		<-c.cleaned
 		return nil, errRetry
 	default:
 	}
@@ -135,6 +145,10 @@ func (c *call) wait(ctx context.Context) (v interface{}, err error) {
 	if ok {
 		c.progressState.add(pw)
 	}
+
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
 	c.ctxs = append(c.ctxs, ctx)
 
 	c.mu.Unlock()
@@ -143,18 +157,16 @@ func (c *call) wait(ctx context.Context) (v interface{}, err error) {
 
 	select {
 	case <-ctx.Done():
-		select {
-		case <-c.ctx.Done():
+		if c.ctx.checkDone() {
 			// if this cancelled the last context, then wait for function to shut down
 			// and don't accept any more callers
 			<-c.ready
 			return c.result, c.err
-		default:
-			if ok {
-				c.progressState.close(pw)
-			}
-			return nil, ctx.Err()
 		}
+		if ok {
+			c.progressState.close(pw)
+		}
+		return nil, ctx.Err()
 	case <-c.ready:
 		return c.result, c.err // shared not implemented yet
 	}
@@ -177,9 +189,6 @@ func (c *call) Deadline() (deadline time.Time, ok bool) {
 }
 
 func (c *call) Done() <-chan struct{} {
-	c.mu.Lock()
-	c.ctx.signal()
-	c.mu.Unlock()
 	return c.ctx.done
 }
 
@@ -232,23 +241,28 @@ func newContext(c *call) *sharedContext {
 	return &sharedContext{call: c, done: make(chan struct{})}
 }
 
-// call with lock
-func (c *sharedContext) signal() {
+func (sc *sharedContext) checkDone() bool {
+	sc.mu.Lock()
 	select {
-	case <-c.done:
+	case <-sc.done:
+		sc.mu.Unlock()
+		return true
 	default:
-		var err error
-		for _, ctx := range c.ctxs {
-			select {
-			case <-ctx.Done():
-				err = ctx.Err()
-			default:
-				return
-			}
+	}
+	var err error
+	for _, ctx := range sc.ctxs {
+		select {
+		case <-ctx.Done():
+			err = ctx.Err()
+		default:
+			sc.mu.Unlock()
+			return false
 		}
-		c.err = err
-		close(c.done)
 	}
+	sc.err = err
+	close(sc.done)
+	sc.mu.Unlock()
+	return true
 }
 
 type rawProgressWriter interface {
diff --git a/vendor/github.com/moby/buildkit/util/gitutil/git_protocol.go b/vendor/github.com/moby/buildkit/util/gitutil/git_protocol.go
new file mode 100644
index 0000000000000..3b9df83920b79
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/gitutil/git_protocol.go
@@ -0,0 +1,46 @@
+package gitutil
+
+import (
+	"strings"
+
+	"github.com/moby/buildkit/util/sshutil"
+)
+
+const (
+	HTTPProtocol = iota + 1
+	HTTPSProtocol
+	SSHProtocol
+	GitProtocol
+	UnknownProtocol
+)
+
+// ParseProtocol parses a git URL and returns the remote url and protocol type
+func ParseProtocol(remote string) (string, int) {
+	prefixes := map[string]int{
+		"http://":  HTTPProtocol,
+		"https://": HTTPSProtocol,
+		"git://":   GitProtocol,
+		"ssh://":   SSHProtocol,
+	}
+	protocolType := UnknownProtocol
+	for prefix, potentialType := range prefixes {
+		if strings.HasPrefix(remote, prefix) {
+			remote = strings.TrimPrefix(remote, prefix)
+			protocolType = potentialType
+		}
+	}
+
+	if protocolType == UnknownProtocol && sshutil.IsImplicitSSHTransport(remote) {
+		protocolType = SSHProtocol
+	}
+
+	// remove name from ssh
+	if protocolType == SSHProtocol {
+		parts := strings.SplitN(remote, "@", 2)
+		if len(parts) == 2 {
+			remote = parts[1]
+		}
+	}
+
+	return remote, protocolType
+}
diff --git a/vendor/github.com/moby/buildkit/util/grpcerrors/grpcerrors.go b/vendor/github.com/moby/buildkit/util/grpcerrors/grpcerrors.go
new file mode 100644
index 0000000000000..f12f10bc8a108
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/grpcerrors/grpcerrors.go
@@ -0,0 +1,218 @@
+package grpcerrors
+
+import (
+	"encoding/json"
+	"errors"
+
+	"github.com/containerd/typeurl"
+	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/golang/protobuf/proto"
+	"github.com/golang/protobuf/ptypes/any"
+	"github.com/moby/buildkit/util/stack"
+	"github.com/sirupsen/logrus"
+	spb "google.golang.org/genproto/googleapis/rpc/status"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+type TypedError interface {
+	ToProto() TypedErrorProto
+}
+
+type TypedErrorProto interface {
+	proto.Message
+	WrapError(error) error
+}
+
+func ToGRPC(err error) error {
+	if err == nil {
+		return nil
+	}
+	st, ok := AsGRPCStatus(err)
+	if !ok || st == nil {
+		st = status.New(Code(err), err.Error())
+	}
+	if st.Code() != Code(err) {
+		code := Code(err)
+		if code == codes.OK {
+			code = codes.Unknown
+		}
+		pb := st.Proto()
+		pb.Code = int32(code)
+		st = status.FromProto(pb)
+	}
+
+	var details []proto.Message
+
+	for _, st := range stack.Traces(err) {
+		details = append(details, st)
+	}
+
+	each(err, func(err error) {
+		if te, ok := err.(TypedError); ok {
+			details = append(details, te.ToProto())
+		}
+	})
+
+	if len(details) > 0 {
+		if st2, err := withDetails(st, details...); err == nil {
+			st = st2
+		}
+	}
+
+	return st.Err()
+}
+
+func withDetails(s *status.Status, details ...proto.Message) (*status.Status, error) {
+	if s.Code() == codes.OK {
+		return nil, errors.New("no error details for status with code OK")
+	}
+	p := s.Proto()
+	for _, detail := range details {
+		url, err := typeurl.TypeURL(detail)
+		if err != nil {
+			logrus.Warnf("ignoring typed error %T: not registered", detail)
+			continue
+		}
+		dt, err := json.Marshal(detail)
+		if err != nil {
+			return nil, err
+		}
+		p.Details = append(p.Details, &any.Any{TypeUrl: url, Value: dt})
+	}
+	return status.FromProto(p), nil
+}
+
+func Code(err error) codes.Code {
+	if se, ok := err.(interface {
+		Code() codes.Code
+	}); ok {
+		return se.Code()
+	}
+
+	if se, ok := err.(interface {
+		GRPCStatus() *status.Status
+	}); ok {
+		return se.GRPCStatus().Code()
+	}
+
+	wrapped, ok := err.(interface {
+		Unwrap() error
+	})
+	if ok {
+		if err := wrapped.Unwrap(); err != nil {
+			return Code(err)
+		}
+	}
+	return status.FromContextError(err).Code()
+}
+
+func WrapCode(err error, code codes.Code) error {
+	return &withCode{error: err, code: code}
+}
+
+func AsGRPCStatus(err error) (*status.Status, bool) {
+	if err == nil {
+		return nil, true
+	}
+	if se, ok := err.(interface {
+		GRPCStatus() *status.Status
+	}); ok {
+		return se.GRPCStatus(), true
+	}
+
+	wrapped, ok := err.(interface {
+		Unwrap() error
+	})
+	if ok {
+		if err := wrapped.Unwrap(); err != nil {
+			return AsGRPCStatus(err)
+		}
+	}
+
+	return nil, false
+}
+
+func FromGRPC(err error) error {
+	if err == nil {
+		return nil
+	}
+	st, ok := status.FromError(err)
+	if !ok {
+		return err
+	}
+
+	pb := st.Proto()
+
+	n := &spb.Status{
+		Code:    pb.Code,
+		Message: pb.Message,
+	}
+
+	details := make([]TypedErrorProto, 0, len(pb.Details))
+	stacks := make([]*stack.Stack, 0, len(pb.Details))
+
+	// details that we don't understand are copied as proto
+	for _, d := range pb.Details {
+		m, err := typeurl.UnmarshalAny(gogoAny(d))
+		if err != nil {
+			continue
+		}
+
+		switch v := m.(type) {
+		case *stack.Stack:
+			stacks = append(stacks, v)
+		case TypedErrorProto:
+			details = append(details, v)
+		default:
+			n.Details = append(n.Details, d)
+		}
+	}
+
+	err = status.FromProto(n).Err()
+
+	for _, s := range stacks {
+		if s != nil {
+			err = stack.Wrap(err, *s)
+		}
+	}
+
+	for _, d := range details {
+		err = d.WrapError(err)
+	}
+
+	if err != nil {
+		stack.Helper()
+	}
+
+	return stack.Enable(err)
+}
+
+type withCode struct {
+	code codes.Code
+	error
+}
+
+func (e *withCode) Code() codes.Code {
+	return e.code
+}
+
+func (e *withCode) Unwrap() error {
+	return e.error
+}
+
+func each(err error, fn func(error)) {
+	fn(err)
+	if wrapped, ok := err.(interface {
+		Unwrap() error
+	}); ok {
+		each(wrapped.Unwrap(), fn)
+	}
+}
+
+func gogoAny(in *any.Any) *gogotypes.Any {
+	return &gogotypes.Any{
+		TypeUrl: in.TypeUrl,
+		Value:   in.Value,
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/util/grpcerrors/intercept.go b/vendor/github.com/moby/buildkit/util/grpcerrors/intercept.go
new file mode 100644
index 0000000000000..1c17e4c67d274
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/grpcerrors/intercept.go
@@ -0,0 +1,54 @@
+package grpcerrors
+
+import (
+	"context"
+	"log"
+	"os"
+
+	"github.com/moby/buildkit/util/stack"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc"
+)
+
+func UnaryServerInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
+	resp, err = handler(ctx, req)
+	oldErr := err
+	if err != nil {
+		stack.Helper()
+		err = ToGRPC(err)
+	}
+	if oldErr != nil && err == nil {
+		logErr := errors.Wrap(err, "invalid grpc error conversion")
+		if os.Getenv("BUILDKIT_DEBUG_PANIC_ON_ERROR") == "1" {
+			panic(logErr)
+		}
+		log.Printf("%v", logErr)
+		err = oldErr
+	}
+
+	return resp, err
+}
+
+func StreamServerInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+	err := ToGRPC(handler(srv, ss))
+	if err != nil {
+		stack.Helper()
+	}
+	return err
+}
+
+func UnaryClientInterceptor(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+	err := FromGRPC(invoker(ctx, method, req, reply, cc, opts...))
+	if err != nil {
+		stack.Helper()
+	}
+	return err
+}
+
+func StreamClientInterceptor(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
+	s, err := streamer(ctx, desc, cc, method, opts...)
+	if err != nil {
+		stack.Helper()
+	}
+	return s, ToGRPC(err)
+}
diff --git a/vendor/github.com/moby/buildkit/util/imageutil/config.go b/vendor/github.com/moby/buildkit/util/imageutil/config.go
index a9890e730eb43..0be587058a6c8 100644
--- a/vendor/github.com/moby/buildkit/util/imageutil/config.go
+++ b/vendor/github.com/moby/buildkit/util/imageutil/config.go
@@ -3,12 +3,18 @@ package imageutil
 import (
 	"context"
 	"encoding/json"
+	"sync"
+	"time"
 
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/leases"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/reference"
 	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
+	"github.com/moby/buildkit/util/leaseutil"
+	"github.com/moby/buildkit/util/resolver/retryhandler"
 	digest "github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -19,7 +25,25 @@ type ContentCache interface {
 	content.Provider
 }
 
-func Config(ctx context.Context, str string, resolver remotes.Resolver, cache ContentCache, p *specs.Platform) (digest.Digest, []byte, error) {
+var leasesMu sync.Mutex
+var leasesF []func(context.Context) error
+
+func CancelCacheLeases() {
+	leasesMu.Lock()
+	for _, f := range leasesF {
+		f(context.TODO())
+	}
+	leasesF = nil
+	leasesMu.Unlock()
+}
+
+func AddLease(f func(context.Context) error) {
+	leasesMu.Lock()
+	leasesF = append(leasesF, f)
+	leasesMu.Unlock()
+}
+
+func Config(ctx context.Context, str string, resolver remotes.Resolver, cache ContentCache, leaseManager leases.Manager, p *specs.Platform) (digest.Digest, []byte, error) {
 	// TODO: fix buildkit to take interface instead of struct
 	var platform platforms.MatchComparer
 	if p != nil {
@@ -32,6 +56,18 @@ func Config(ctx context.Context, str string, resolver remotes.Resolver, cache Co
 		return "", nil, errors.WithStack(err)
 	}
 
+	if leaseManager != nil {
+		ctx2, done, err := leaseutil.WithLease(ctx, leaseManager, leases.WithExpiration(5*time.Minute), leaseutil.MakeTemporary)
+		if err != nil {
+			return "", nil, errors.WithStack(err)
+		}
+		ctx = ctx2
+		defer func() {
+			// this lease is not deleted to allow other components to access manifest/config from cache. It will be deleted after 5 min deadline or on pruning inactive builder
+			AddLease(done)
+		}()
+	}
+
 	desc := specs.Descriptor{
 		Digest: ref.Digest(),
 	}
@@ -62,11 +98,13 @@ func Config(ctx context.Context, str string, resolver remotes.Resolver, cache Co
 		return readSchema1Config(ctx, ref.String(), desc, fetcher, cache)
 	}
 
+	children := childrenConfigHandler(cache, platform)
+
 	handlers := []images.Handler{
-		remotes.FetchHandler(cache, fetcher),
-		childrenConfigHandler(cache, platform),
+		retryhandler.New(remotes.FetchHandler(cache, fetcher), func(_ []byte) {}),
+		children,
 	}
-	if err := images.Dispatch(ctx, images.Handlers(handlers...), desc); err != nil {
+	if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, desc); err != nil {
 		return "", nil, err
 	}
 	config, err := images.Config(ctx, cache, desc, platform)
@@ -120,7 +158,7 @@ func childrenConfigHandler(provider content.Provider, platform platforms.MatchCo
 			} else {
 				descs = append(descs, index.Manifests...)
 			}
-		case images.MediaTypeDockerSchema2Config, specs.MediaTypeImageConfig:
+		case images.MediaTypeDockerSchema2Config, specs.MediaTypeImageConfig, docker.LegacyConfigMediaType:
 			// childless data types.
 			return nil, nil
 		default:
@@ -135,17 +173,21 @@ func childrenConfigHandler(provider content.Provider, platform platforms.MatchCo
 func DetectManifestMediaType(ra content.ReaderAt) (string, error) {
 	// TODO: schema1
 
-	p := make([]byte, ra.Size())
-	if _, err := ra.ReadAt(p, 0); err != nil {
+	dt := make([]byte, ra.Size())
+	if _, err := ra.ReadAt(dt, 0); err != nil {
 		return "", err
 	}
 
+	return DetectManifestBlobMediaType(dt)
+}
+
+func DetectManifestBlobMediaType(dt []byte) (string, error) {
 	var mfst struct {
 		MediaType string          `json:"mediaType"`
 		Config    json.RawMessage `json:"config"`
 	}
 
-	if err := json.Unmarshal(p, &mfst); err != nil {
+	if err := json.Unmarshal(dt, &mfst); err != nil {
 		return "", err
 	}
 
diff --git a/vendor/github.com/moby/buildkit/util/leaseutil/manager.go b/vendor/github.com/moby/buildkit/util/leaseutil/manager.go
new file mode 100644
index 0000000000000..45a35273a51d1
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/leaseutil/manager.go
@@ -0,0 +1,75 @@
+package leaseutil
+
+import (
+	"context"
+	"time"
+
+	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/namespaces"
+)
+
+func WithLease(ctx context.Context, ls leases.Manager, opts ...leases.Opt) (context.Context, func(context.Context) error, error) {
+	_, ok := leases.FromContext(ctx)
+	if ok {
+		return ctx, func(context.Context) error {
+			return nil
+		}, nil
+	}
+
+	l, err := ls.Create(ctx, append([]leases.Opt{leases.WithRandomID(), leases.WithExpiration(time.Hour)}, opts...)...)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	ctx = leases.WithLease(ctx, l.ID)
+	return ctx, func(ctx context.Context) error {
+		return ls.Delete(ctx, l)
+	}, nil
+}
+
+func MakeTemporary(l *leases.Lease) error {
+	if l.Labels == nil {
+		l.Labels = map[string]string{}
+	}
+	l.Labels["buildkit/lease.temporary"] = time.Now().UTC().Format(time.RFC3339Nano)
+	return nil
+}
+
+func WithNamespace(lm leases.Manager, ns string) leases.Manager {
+	return &nsLM{manager: lm, ns: ns}
+}
+
+type nsLM struct {
+	manager leases.Manager
+	ns      string
+}
+
+func (l *nsLM) Create(ctx context.Context, opts ...leases.Opt) (leases.Lease, error) {
+	ctx = namespaces.WithNamespace(ctx, l.ns)
+	return l.manager.Create(ctx, opts...)
+}
+
+func (l *nsLM) Delete(ctx context.Context, lease leases.Lease, opts ...leases.DeleteOpt) error {
+	ctx = namespaces.WithNamespace(ctx, l.ns)
+	return l.manager.Delete(ctx, lease, opts...)
+}
+
+func (l *nsLM) List(ctx context.Context, filters ...string) ([]leases.Lease, error) {
+	ctx = namespaces.WithNamespace(ctx, l.ns)
+	return l.manager.List(ctx, filters...)
+}
+
+func (l *nsLM) AddResource(ctx context.Context, lease leases.Lease, resource leases.Resource) error {
+	ctx = namespaces.WithNamespace(ctx, l.ns)
+	return l.manager.AddResource(ctx, lease, resource)
+}
+
+func (l *nsLM) DeleteResource(ctx context.Context, lease leases.Lease, resource leases.Resource) error {
+	ctx = namespaces.WithNamespace(ctx, l.ns)
+	return l.manager.DeleteResource(ctx, lease, resource)
+}
+
+func (l *nsLM) ListResources(ctx context.Context, lease leases.Lease) ([]leases.Resource, error) {
+	ctx = namespaces.WithNamespace(ctx, l.ns)
+	return l.manager.ListResources(ctx, lease)
+}
diff --git a/vendor/github.com/moby/buildkit/util/network/host.go b/vendor/github.com/moby/buildkit/util/network/host.go
index dc58b1ce72e43..09aefdfc253ea 100644
--- a/vendor/github.com/moby/buildkit/util/network/host.go
+++ b/vendor/github.com/moby/buildkit/util/network/host.go
@@ -1,3 +1,5 @@
+// +build !windows
+
 package network
 
 import (
@@ -19,8 +21,8 @@ func (h *host) New() (Namespace, error) {
 type hostNS struct {
 }
 
-func (h *hostNS) Set(s *specs.Spec) {
-	oci.WithHostNamespace(specs.NetworkNamespace)(nil, nil, nil, s)
+func (h *hostNS) Set(s *specs.Spec) error {
+	return oci.WithHostNamespace(specs.NetworkNamespace)(nil, nil, nil, s)
 }
 
 func (h *hostNS) Close() error {
diff --git a/vendor/github.com/moby/buildkit/util/network/network.go b/vendor/github.com/moby/buildkit/util/network/network.go
index 055a52da8bce4..befeef0c75181 100644
--- a/vendor/github.com/moby/buildkit/util/network/network.go
+++ b/vendor/github.com/moby/buildkit/util/network/network.go
@@ -3,20 +3,9 @@ package network
 import (
 	"io"
 
-	"github.com/moby/buildkit/solver/pb"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-// Default returns the default network provider set
-func Default() map[pb.NetMode]Provider {
-	return map[pb.NetMode]Provider{
-		// FIXME: still uses host if no provider configured
-		pb.NetMode_UNSET: NewHostProvider(),
-		pb.NetMode_HOST:  NewHostProvider(),
-		pb.NetMode_NONE:  NewNoneProvider(),
-	}
-}
-
 // Provider interface for Network
 type Provider interface {
 	New() (Namespace, error)
@@ -26,12 +15,5 @@ type Provider interface {
 type Namespace interface {
 	io.Closer
 	// Set the namespace on the spec
-	Set(*specs.Spec)
-}
-
-// NetworkOpts hold network options
-type NetworkOpts struct {
-	Type          string
-	CNIConfigPath string
-	CNIPluginPath string
+	Set(*specs.Spec) error
 }
diff --git a/vendor/github.com/moby/buildkit/util/network/none.go b/vendor/github.com/moby/buildkit/util/network/none.go
index ebf1ebda941f2..336ff68b91b8b 100644
--- a/vendor/github.com/moby/buildkit/util/network/none.go
+++ b/vendor/github.com/moby/buildkit/util/network/none.go
@@ -18,7 +18,8 @@ func (h *none) New() (Namespace, error) {
 type noneNS struct {
 }
 
-func (h *noneNS) Set(s *specs.Spec) {
+func (h *noneNS) Set(s *specs.Spec) error {
+	return nil
 }
 
 func (h *noneNS) Close() error {
diff --git a/vendor/github.com/moby/buildkit/util/progress/logs/logs.go b/vendor/github.com/moby/buildkit/util/progress/logs/logs.go
index 54f6ff89657cf..15944d8c62051 100644
--- a/vendor/github.com/moby/buildkit/util/progress/logs/logs.go
+++ b/vendor/github.com/moby/buildkit/util/progress/logs/logs.go
@@ -2,17 +2,33 @@ package logs
 
 import (
 	"context"
+	"fmt"
 	"io"
+	"math"
 	"os"
+	"strconv"
+	"sync"
+	"time"
 
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/identity"
 	"github.com/moby/buildkit/util/progress"
 	"github.com/pkg/errors"
+	"github.com/tonistiigi/units"
 )
 
+var defaultMaxLogSize = 2 * 1024 * 1024
+var defaultMaxLogSpeed = 200 * 1024 // per second
+
+const (
+	stdout = 1
+	stderr = 2
+)
+
+var configCheckOnce sync.Once
+
 func NewLogStreams(ctx context.Context, printOutput bool) (io.WriteCloser, io.WriteCloser) {
-	return newStreamWriter(ctx, 1, printOutput), newStreamWriter(ctx, 2, printOutput)
+	return newStreamWriter(ctx, stdout, printOutput), newStreamWriter(ctx, stderr, printOutput)
 }
 
 func newStreamWriter(ctx context.Context, stream int, printOutput bool) io.WriteCloser {
@@ -21,33 +37,106 @@ func newStreamWriter(ctx context.Context, stream int, printOutput bool) io.Write
 		pw:          pw,
 		stream:      stream,
 		printOutput: printOutput,
+		created:     time.Now(),
 	}
 }
 
 type streamWriter struct {
-	pw          progress.Writer
-	stream      int
-	printOutput bool
+	pw              progress.Writer
+	stream          int
+	printOutput     bool
+	created         time.Time
+	size            int
+	clipping        bool
+	clipReasonSpeed bool
 }
 
-func (sw *streamWriter) Write(dt []byte) (int, error) {
-	sw.pw.Write(identity.NewID(), client.VertexLog{
-		Stream: sw.stream,
-		Data:   append([]byte{}, dt...),
+func (sw *streamWriter) checkLimit(n int) int {
+	configCheckOnce.Do(func() {
+		maxLogSize, err := strconv.ParseInt(os.Getenv("BUILDKIT_STEP_LOG_MAX_SIZE"), 10, 32)
+		if err == nil {
+			defaultMaxLogSize = int(maxLogSize)
+		}
+		maxLogSpeed, err := strconv.ParseInt(os.Getenv("BUILDKIT_STEP_LOG_MAX_SPEED"), 10, 32)
+		if err == nil {
+			defaultMaxLogSpeed = int(maxLogSpeed)
+		}
 	})
-	if sw.printOutput {
-		switch sw.stream {
-		case 1:
-			return os.Stdout.Write(dt)
-		case 2:
-			return os.Stderr.Write(dt)
-		default:
-			return 0, errors.Errorf("invalid stream %d", sw.stream)
+
+	oldSize := sw.size
+	sw.size += n
+
+	maxSize := -1
+	if defaultMaxLogSpeed != -1 {
+		maxSize = int(math.Ceil(time.Since(sw.created).Seconds())) * defaultMaxLogSpeed
+		sw.clipReasonSpeed = true
+	}
+	if maxSize == -1 || maxSize > defaultMaxLogSize {
+		maxSize = defaultMaxLogSize
+		sw.clipReasonSpeed = false
+	}
+
+	if maxSize != -1 {
+		if maxSize < oldSize {
+			return 0
+		}
+
+		if sw.size > maxSize {
+			return maxSize - oldSize
 		}
 	}
-	return len(dt), nil
+	return n
+}
+
+func (sw *streamWriter) clipLimitMessage() string {
+	if sw.clipReasonSpeed {
+		return fmt.Sprintf("%#g/s", units.Bytes(defaultMaxLogSpeed))
+	}
+	return fmt.Sprintf("%#g", units.Bytes(defaultMaxLogSize))
+}
+
+func (sw *streamWriter) Write(dt []byte) (int, error) {
+	oldSize := len(dt)
+	dt = append([]byte{}, dt[:sw.checkLimit(len(dt))]...)
+
+	if sw.clipping && oldSize == len(dt) {
+		sw.clipping = false
+	}
+	if !sw.clipping && oldSize != len(dt) {
+		dt = append(dt, []byte(fmt.Sprintf("\n[output clipped, log limit %s reached]\n", sw.clipLimitMessage()))...)
+		sw.clipping = true
+	}
+
+	if len(dt) != 0 {
+		sw.pw.Write(identity.NewID(), client.VertexLog{
+			Stream: sw.stream,
+			Data:   dt,
+		})
+		if sw.printOutput {
+			switch sw.stream {
+			case 1:
+				return os.Stdout.Write(dt)
+			case 2:
+				return os.Stderr.Write(dt)
+			default:
+				return 0, errors.Errorf("invalid stream %d", sw.stream)
+			}
+		}
+	}
+	return oldSize, nil
 }
 
 func (sw *streamWriter) Close() error {
 	return sw.pw.Close()
 }
+
+func LoggerFromContext(ctx context.Context) func([]byte) {
+	return func(dt []byte) {
+		pw, _, _ := progress.FromContext(ctx)
+		defer pw.Close()
+		pw.Write(identity.NewID(), client.VertexLog{
+			Stream: stderr,
+			Data:   []byte(dt),
+		})
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/util/progress/multiwriter.go b/vendor/github.com/moby/buildkit/util/progress/multiwriter.go
index 51989368ce5de..1ce37ea210b30 100644
--- a/vendor/github.com/moby/buildkit/util/progress/multiwriter.go
+++ b/vendor/github.com/moby/buildkit/util/progress/multiwriter.go
@@ -15,7 +15,6 @@ type MultiWriter struct {
 	mu      sync.Mutex
 	items   []*Progress
 	writers map[rawProgressWriter]struct{}
-	done    bool
 	meta    map[string]interface{}
 }
 
diff --git a/vendor/github.com/moby/buildkit/util/progress/progress.go b/vendor/github.com/moby/buildkit/util/progress/progress.go
index b802716bf7837..3ce212948c2d5 100644
--- a/vendor/github.com/moby/buildkit/util/progress/progress.go
+++ b/vendor/github.com/moby/buildkit/util/progress/progress.go
@@ -62,6 +62,11 @@ func WithMetadata(key string, val interface{}) WriterOption {
 	}
 }
 
+type Controller interface {
+	Start(context.Context) (context.Context, func(error))
+	Status(id string, action string) func()
+}
+
 type Writer interface {
 	Write(id string, value interface{}) error
 	Close() error
@@ -101,7 +106,9 @@ func (pr *progressReader) Read(ctx context.Context) ([]*Progress, error) {
 		select {
 		case <-done:
 		case <-ctx.Done():
+			pr.mu.Lock()
 			pr.cond.Broadcast()
+			pr.mu.Unlock()
 		}
 	}()
 	pr.mu.Lock()
@@ -163,7 +170,9 @@ func pipe() (*progressReader, *progressWriter, func()) {
 	pr.cond = sync.NewCond(&pr.mu)
 	go func() {
 		<-ctx.Done()
+		pr.mu.Lock()
 		pr.cond.Broadcast()
+		pr.mu.Unlock()
 	}()
 	pw := &progressWriter{
 		reader: pr,
diff --git a/vendor/github.com/moby/buildkit/util/pull/pullprogress/progress.go b/vendor/github.com/moby/buildkit/util/pull/pullprogress/progress.go
new file mode 100644
index 0000000000000..f16a06998d200
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/pull/pullprogress/progress.go
@@ -0,0 +1,138 @@
+package pullprogress
+
+import (
+	"context"
+	"io"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/remotes"
+	"github.com/moby/buildkit/util/progress"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type PullManager interface {
+	content.IngestManager
+	content.Manager
+}
+
+type ProviderWithProgress struct {
+	Provider content.Provider
+	Manager  PullManager
+}
+
+func (p *ProviderWithProgress) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
+	ra, err := p.Provider.ReaderAt(ctx, desc)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx, cancel := context.WithCancel(ctx)
+	doneCh := make(chan struct{})
+	go trackProgress(ctx, desc, p.Manager, doneCh)
+	return readerAtWithCancel{ReaderAt: ra, cancel: cancel, doneCh: doneCh}, nil
+}
+
+type readerAtWithCancel struct {
+	content.ReaderAt
+	cancel func()
+	doneCh <-chan struct{}
+}
+
+func (ra readerAtWithCancel) Close() error {
+	ra.cancel()
+	select {
+	case <-ra.doneCh:
+	case <-time.After(time.Second):
+		logrus.Warn("timeout waiting for pull progress to complete")
+	}
+	return ra.ReaderAt.Close()
+}
+
+type FetcherWithProgress struct {
+	Fetcher remotes.Fetcher
+	Manager PullManager
+}
+
+func (f *FetcherWithProgress) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error) {
+	rc, err := f.Fetcher.Fetch(ctx, desc)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx, cancel := context.WithCancel(ctx)
+	doneCh := make(chan struct{})
+	go trackProgress(ctx, desc, f.Manager, doneCh)
+	return readerWithCancel{ReadCloser: rc, cancel: cancel, doneCh: doneCh}, nil
+}
+
+type readerWithCancel struct {
+	io.ReadCloser
+	cancel func()
+	doneCh <-chan struct{}
+}
+
+func (r readerWithCancel) Close() error {
+	r.cancel()
+	select {
+	case <-r.doneCh:
+	case <-time.After(time.Second):
+		logrus.Warn("timeout waiting for pull progress to complete")
+	}
+	return r.ReadCloser.Close()
+}
+
+func trackProgress(ctx context.Context, desc ocispec.Descriptor, manager PullManager, doneCh chan<- struct{}) {
+
+	defer close(doneCh)
+
+	ticker := time.NewTicker(150 * time.Millisecond)
+	defer ticker.Stop()
+	go func() {
+		<-ctx.Done()
+		ticker.Stop()
+	}()
+
+	pw, _, _ := progress.FromContext(ctx)
+	defer pw.Close()
+
+	ingestRef := remotes.MakeRefKey(ctx, desc)
+
+	started := time.Now()
+	onFinalStatus := false
+	for !onFinalStatus {
+		select {
+		case <-ctx.Done():
+			onFinalStatus = true
+		case <-ticker.C:
+		}
+
+		status, err := manager.Status(ctx, ingestRef)
+		if err == nil {
+			pw.Write(desc.Digest.String(), progress.Status{
+				Current: int(status.Offset),
+				Total:   int(status.Total),
+				Started: &started,
+			})
+			continue
+		} else if !errors.Is(err, errdefs.ErrNotFound) {
+			logrus.Errorf("unexpected error getting ingest status of %q: %v", ingestRef, err)
+			return
+		}
+
+		info, err := manager.Info(ctx, desc.Digest)
+		if err == nil {
+			pw.Write(desc.Digest.String(), progress.Status{
+				Current:   int(info.Size),
+				Total:     int(info.Size),
+				Started:   &started,
+				Completed: &info.CreatedAt,
+			})
+			return
+		}
+
+	}
+}
diff --git a/vendor/github.com/moby/buildkit/util/resolver/authorizer.go b/vendor/github.com/moby/buildkit/util/resolver/authorizer.go
new file mode 100644
index 0000000000000..96755c362fa6a
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/resolver/authorizer.go
@@ -0,0 +1,494 @@
+package resolver
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/remotes/docker"
+	"github.com/containerd/containerd/remotes/docker/auth"
+	remoteserrors "github.com/containerd/containerd/remotes/errors"
+	"github.com/moby/buildkit/session"
+	sessionauth "github.com/moby/buildkit/session/auth"
+	"github.com/moby/buildkit/util/flightcontrol"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type authHandlerNS struct {
+	counter int64 // needs to be 64bit aligned for 32bit systems
+
+	mu       sync.Mutex
+	handlers map[string]*authHandler
+	hosts    map[string][]docker.RegistryHost
+	sm       *session.Manager
+	g        flightcontrol.Group
+}
+
+func newAuthHandlerNS(sm *session.Manager) *authHandlerNS {
+	return &authHandlerNS{
+		handlers: map[string]*authHandler{},
+		hosts:    map[string][]docker.RegistryHost{},
+		sm:       sm,
+	}
+}
+
+func (a *authHandlerNS) get(ctx context.Context, host string, sm *session.Manager, g session.Group) *authHandler {
+	if g != nil {
+		if iter := g.SessionIterator(); iter != nil {
+			for {
+				id := iter.NextSession()
+				if id == "" {
+					break
+				}
+				h, ok := a.handlers[host+"/"+id]
+				if ok {
+					h.lastUsed = time.Now()
+					return h
+				}
+			}
+		}
+	}
+
+	// link another handler
+	for k, h := range a.handlers {
+		parts := strings.SplitN(k, "/", 2)
+		if len(parts) != 2 {
+			continue
+		}
+		if parts[0] == host {
+			if h.authority != nil {
+				session, ok, err := sessionauth.VerifyTokenAuthority(ctx, host, h.authority, sm, g)
+				if err == nil && ok {
+					a.handlers[host+"/"+session] = h
+					h.lastUsed = time.Now()
+					return h
+				}
+			} else {
+				session, username, password, err := sessionauth.CredentialsFunc(sm, g)(host)
+				if err == nil {
+					if username == h.common.Username && password == h.common.Secret {
+						a.handlers[host+"/"+session] = h
+						h.lastUsed = time.Now()
+						return h
+					}
+				}
+			}
+		}
+	}
+
+	return nil
+}
+
+func (a *authHandlerNS) set(host, session string, h *authHandler) {
+	a.handlers[host+"/"+session] = h
+}
+
+func (a *authHandlerNS) delete(h *authHandler) {
+	for k, v := range a.handlers {
+		if v == h {
+			delete(a.handlers, k)
+		}
+	}
+}
+
+type dockerAuthorizer struct {
+	client *http.Client
+
+	sm       *session.Manager
+	session  session.Group
+	handlers *authHandlerNS
+}
+
+func newDockerAuthorizer(client *http.Client, handlers *authHandlerNS, sm *session.Manager, group session.Group) *dockerAuthorizer {
+	return &dockerAuthorizer{
+		client:   client,
+		handlers: handlers,
+		sm:       sm,
+		session:  group,
+	}
+}
+
+// Authorize handles auth request.
+func (a *dockerAuthorizer) Authorize(ctx context.Context, req *http.Request) error {
+	a.handlers.mu.Lock()
+	defer a.handlers.mu.Unlock()
+
+	// skip if there is no auth handler
+	ah := a.handlers.get(ctx, req.URL.Host, a.sm, a.session)
+	if ah == nil {
+		return nil
+	}
+
+	auth, err := ah.authorize(ctx, a.sm, a.session)
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Authorization", auth)
+	return nil
+}
+
+func (a *dockerAuthorizer) getCredentials(host string) (sessionID, username, secret string, err error) {
+	return sessionauth.CredentialsFunc(a.sm, a.session)(host)
+}
+
+func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.Response) error {
+	a.handlers.mu.Lock()
+	defer a.handlers.mu.Unlock()
+
+	last := responses[len(responses)-1]
+	host := last.Request.URL.Host
+
+	handler := a.handlers.get(ctx, host, a.sm, a.session)
+
+	for _, c := range auth.ParseAuthHeader(last.Header) {
+		if c.Scheme == auth.BearerAuth {
+			var oldScopes []string
+			if err := invalidAuthorization(c, responses); err != nil {
+				a.handlers.delete(handler)
+
+				if handler != nil {
+					oldScopes = handler.common.Scopes
+				}
+				handler = nil
+
+				// this hacky way seems to be best method to detect that error is fatal and should not be retried with a new token
+				if c.Parameters["error"] == "insufficient_scope" && parseScopes(oldScopes).contains(parseScopes(strings.Split(c.Parameters["scope"], " "))) {
+					return err
+				}
+			}
+
+			// reuse existing handler
+			//
+			// assume that one registry will return the common
+			// challenge information, including realm and service.
+			// and the resource scope is only different part
+			// which can be provided by each request.
+			if handler != nil {
+				return nil
+			}
+
+			var username, secret string
+			session, pubKey, err := sessionauth.GetTokenAuthority(ctx, host, a.sm, a.session)
+			if err != nil {
+				return err
+			}
+			if pubKey == nil {
+				session, username, secret, err = a.getCredentials(host)
+				if err != nil {
+					return err
+				}
+			}
+
+			common, err := auth.GenerateTokenOptions(ctx, host, username, secret, c)
+			if err != nil {
+				return err
+			}
+			common.Scopes = parseScopes(append(common.Scopes, oldScopes...)).normalize()
+
+			a.handlers.set(host, session, newAuthHandler(host, a.client, c.Scheme, pubKey, common))
+
+			return nil
+		} else if c.Scheme == auth.BasicAuth {
+			session, username, secret, err := a.getCredentials(host)
+			if err != nil {
+				return err
+			}
+
+			if username != "" && secret != "" {
+				common := auth.TokenOptions{
+					Username: username,
+					Secret:   secret,
+				}
+
+				a.handlers.set(host, session, newAuthHandler(host, a.client, c.Scheme, nil, common))
+
+				return nil
+			}
+		}
+	}
+	return errors.Wrap(errdefs.ErrNotImplemented, "failed to find supported auth scheme")
+}
+
+// authResult is used to control limit rate.
+type authResult struct {
+	token   string
+	expires time.Time
+}
+
+// authHandler is used to handle auth request per registry server.
+type authHandler struct {
+	g flightcontrol.Group
+
+	client *http.Client
+
+	// only support basic and bearer schemes
+	scheme auth.AuthenticationScheme
+
+	// common contains common challenge answer
+	common auth.TokenOptions
+
+	// scopedTokens caches token indexed by scopes, which used in
+	// bearer auth case
+	scopedTokens   map[string]*authResult
+	scopedTokensMu sync.Mutex
+
+	lastUsed time.Time
+
+	host string
+
+	authority *[32]byte
+}
+
+func newAuthHandler(host string, client *http.Client, scheme auth.AuthenticationScheme, authority *[32]byte, opts auth.TokenOptions) *authHandler {
+	return &authHandler{
+		host:         host,
+		client:       client,
+		scheme:       scheme,
+		common:       opts,
+		scopedTokens: map[string]*authResult{},
+		lastUsed:     time.Now(),
+		authority:    authority,
+	}
+}
+
+func (ah *authHandler) authorize(ctx context.Context, sm *session.Manager, g session.Group) (string, error) {
+	switch ah.scheme {
+	case auth.BasicAuth:
+		return ah.doBasicAuth(ctx)
+	case auth.BearerAuth:
+		return ah.doBearerAuth(ctx, sm, g)
+	default:
+		return "", errors.Wrapf(errdefs.ErrNotImplemented, "failed to find supported auth scheme: %s", string(ah.scheme))
+	}
+}
+
+func (ah *authHandler) doBasicAuth(ctx context.Context) (string, error) {
+	username, secret := ah.common.Username, ah.common.Secret
+
+	if username == "" || secret == "" {
+		return "", fmt.Errorf("failed to handle basic auth because missing username or secret")
+	}
+
+	auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + secret))
+	return fmt.Sprintf("Basic %s", auth), nil
+}
+
+func (ah *authHandler) doBearerAuth(ctx context.Context, sm *session.Manager, g session.Group) (token string, err error) {
+	// copy common tokenOptions
+	to := ah.common
+
+	to.Scopes = parseScopes(docker.GetTokenScopes(ctx, to.Scopes)).normalize()
+
+	// Docs: https://docs.docker.com/registry/spec/auth/scope
+	scoped := strings.Join(to.Scopes, " ")
+
+	res, err := ah.g.Do(ctx, scoped, func(ctx context.Context) (interface{}, error) {
+		ah.scopedTokensMu.Lock()
+		r, exist := ah.scopedTokens[scoped]
+		ah.scopedTokensMu.Unlock()
+		if exist {
+			if r.expires.IsZero() || r.expires.After(time.Now()) {
+				return r, nil
+			}
+		}
+		r, err := ah.fetchToken(ctx, sm, g, to)
+		if err != nil {
+			return nil, err
+		}
+		ah.scopedTokensMu.Lock()
+		ah.scopedTokens[scoped] = r
+		ah.scopedTokensMu.Unlock()
+		return r, nil
+	})
+
+	if err != nil || res == nil {
+		return "", err
+	}
+	r := res.(*authResult)
+	if r == nil {
+		return "", nil
+	}
+	return r.token, nil
+}
+
+func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g session.Group, to auth.TokenOptions) (r *authResult, err error) {
+	var issuedAt time.Time
+	var expires int
+	var token string
+	defer func() {
+		token = fmt.Sprintf("Bearer %s", token)
+
+		if err == nil {
+			r = &authResult{token: token}
+			if issuedAt.IsZero() {
+				issuedAt = time.Now()
+			}
+			if exp := issuedAt.Add(time.Duration(float64(expires)*0.9) * time.Second); time.Now().Before(exp) {
+				r.expires = exp
+			}
+		}
+	}()
+
+	if ah.authority != nil {
+		resp, err := sessionauth.FetchToken(ctx, &sessionauth.FetchTokenRequest{
+			ClientID: "buildkit-client",
+			Host:     ah.host,
+			Realm:    to.Realm,
+			Service:  to.Service,
+			Scopes:   to.Scopes,
+		}, sm, g)
+		if err != nil {
+			return nil, err
+		}
+		issuedAt, expires = time.Unix(resp.IssuedAt, 0), int(resp.ExpiresIn)
+		token = resp.Token
+		return nil, nil
+	}
+
+	// fetch token for the resource scope
+	if to.Secret != "" {
+		defer func() {
+			err = errors.Wrap(err, "failed to fetch oauth token")
+		}()
+		// try GET first because Docker Hub does not support POST
+		// switch once support has landed
+		resp, err := auth.FetchToken(ctx, ah.client, nil, to)
+		if err != nil {
+			var errStatus remoteserrors.ErrUnexpectedStatus
+			if errors.As(err, &errStatus) {
+				// retry with POST request
+				// As of September 2017, GCR is known to return 404.
+				// As of February 2018, JFrog Artifactory is known to return 401.
+				if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 {
+					resp, err := auth.FetchTokenWithOAuth(ctx, ah.client, nil, "buildkit-client", to)
+					if err != nil {
+						return nil, err
+					}
+					issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
+					token = resp.AccessToken
+					return nil, nil
+				}
+				log.G(ctx).WithFields(logrus.Fields{
+					"status": errStatus.Status,
+					"body":   string(errStatus.Body),
+				}).Debugf("token request failed")
+			}
+			return nil, err
+		}
+		issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
+		token = resp.Token
+		return nil, nil
+	}
+	// do request anonymously
+	resp, err := auth.FetchToken(ctx, ah.client, nil, to)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to fetch anonymous token")
+	}
+	issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
+
+	token = resp.Token
+	return nil, nil
+}
+
+func invalidAuthorization(c auth.Challenge, responses []*http.Response) error {
+	lastResponse := responses[len(responses)-1]
+	if lastResponse.StatusCode == http.StatusUnauthorized {
+		return errors.Wrapf(docker.ErrInvalidAuthorization, "authorization status: %v", lastResponse.StatusCode)
+	}
+
+	errStr := c.Parameters["error"]
+	if errStr == "" {
+		return nil
+	}
+
+	n := len(responses)
+	if n == 1 || (n > 1 && !sameRequest(responses[n-2].Request, responses[n-1].Request)) {
+		return nil
+	}
+
+	return errors.Wrapf(docker.ErrInvalidAuthorization, "server message: %s", errStr)
+}
+
+func sameRequest(r1, r2 *http.Request) bool {
+	if r1.Method != r2.Method {
+		return false
+	}
+	if *r1.URL != *r2.URL {
+		return false
+	}
+	return true
+}
+
+type scopes map[string]map[string]struct{}
+
+func parseScopes(s []string) scopes {
+	// https://docs.docker.com/registry/spec/auth/scope/
+	m := map[string]map[string]struct{}{}
+	for _, scope := range s {
+		parts := strings.SplitN(scope, ":", 3)
+		names := []string{parts[0]}
+		if len(parts) > 1 {
+			names = append(names, parts[1])
+		}
+		var actions []string
+		if len(parts) == 3 {
+			actions = append(actions, strings.Split(parts[2], ",")...)
+		}
+		name := strings.Join(names, ":")
+		ma, ok := m[name]
+		if !ok {
+			ma = map[string]struct{}{}
+			m[name] = ma
+		}
+
+		for _, a := range actions {
+			ma[a] = struct{}{}
+		}
+	}
+	return m
+}
+
+func (s scopes) normalize() []string {
+	names := make([]string, 0, len(s))
+	for n := range s {
+		names = append(names, n)
+	}
+	sort.Strings(names)
+
+	out := make([]string, 0, len(s))
+
+	for _, n := range names {
+		actions := make([]string, 0, len(s[n]))
+		for a := range s[n] {
+			actions = append(actions, a)
+		}
+		sort.Strings(actions)
+
+		out = append(out, n+":"+strings.Join(actions, ","))
+	}
+	return out
+}
+
+func (s scopes) contains(s2 scopes) bool {
+	for n := range s2 {
+		v, ok := s[n]
+		if !ok {
+			return false
+		}
+		for a := range s2[n] {
+			if _, ok := v[a]; !ok {
+				return false
+			}
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/moby/buildkit/util/resolver/pool.go b/vendor/github.com/moby/buildkit/util/resolver/pool.go
new file mode 100644
index 0000000000000..810e9620498be
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/resolver/pool.go
@@ -0,0 +1,207 @@
+package resolver
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
+	distreference "github.com/docker/distribution/reference"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/source"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// DefaultPool is the default shared resolver pool instance
+var DefaultPool = NewPool()
+
+// Pool is a cache of recently used resolvers
+type Pool struct {
+	mu sync.Mutex
+	m  map[string]*authHandlerNS
+}
+
+// NewPool creates a new pool for caching resolvers
+func NewPool() *Pool {
+	p := &Pool{
+		m: map[string]*authHandlerNS{},
+	}
+	time.AfterFunc(5*time.Minute, p.gc)
+	return p
+}
+
+func (p *Pool) gc() {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	for k, ns := range p.m {
+		ns.mu.Lock()
+		for key, h := range ns.handlers {
+			if time.Since(h.lastUsed) < 10*time.Minute {
+				continue
+			}
+			parts := strings.SplitN(key, "/", 2)
+			if len(parts) != 2 {
+				delete(ns.handlers, key)
+				continue
+			}
+			c, err := ns.sm.Get(context.TODO(), parts[1], true)
+			if c == nil || err != nil {
+				delete(ns.handlers, key)
+			}
+		}
+		if len(ns.handlers) == 0 {
+			delete(p.m, k)
+		}
+		ns.mu.Unlock()
+	}
+
+	time.AfterFunc(5*time.Minute, p.gc)
+}
+
+// Clear deletes currently cached items. This may be called on config changes for example.
+func (p *Pool) Clear() {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	p.m = map[string]*authHandlerNS{}
+}
+
+// GetResolver gets a resolver for a specified scope from the pool
+func (p *Pool) GetResolver(hosts docker.RegistryHosts, ref, scope string, sm *session.Manager, g session.Group) *Resolver {
+	name := ref
+	named, err := distreference.ParseNormalizedNamed(ref)
+	if err == nil {
+		name = named.Name()
+	}
+
+	key := fmt.Sprintf("%s::%s", name, scope)
+
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	h, ok := p.m[key]
+	if !ok {
+		h = newAuthHandlerNS(sm)
+		p.m[key] = h
+	}
+	return newResolver(hosts, h, sm, g)
+}
+
+func newResolver(hosts docker.RegistryHosts, handler *authHandlerNS, sm *session.Manager, g session.Group) *Resolver {
+	if hosts == nil {
+		hosts = docker.ConfigureDefaultRegistries(
+			docker.WithClient(newDefaultClient()),
+			docker.WithPlainHTTP(docker.MatchLocalhost),
+		)
+	}
+	r := &Resolver{
+		hosts:   hosts,
+		sm:      sm,
+		g:       g,
+		handler: handler,
+	}
+	r.Resolver = docker.NewResolver(docker.ResolverOptions{
+		Hosts: r.HostsFunc,
+	})
+	return r
+}
+
+// Resolver is a wrapper around remotes.Resolver
+type Resolver struct {
+	remotes.Resolver
+	hosts   docker.RegistryHosts
+	sm      *session.Manager
+	g       session.Group
+	handler *authHandlerNS
+	auth    *dockerAuthorizer
+
+	is   images.Store
+	mode source.ResolveMode
+}
+
+// HostsFunc implements registry configuration of this Resolver
+func (r *Resolver) HostsFunc(host string) ([]docker.RegistryHost, error) {
+	return func(domain string) ([]docker.RegistryHost, error) {
+		v, err := r.handler.g.Do(context.TODO(), domain, func(ctx context.Context) (interface{}, error) {
+			// long lock not needed because flightcontrol.Do
+			r.handler.mu.Lock()
+			v, ok := r.handler.hosts[domain]
+			r.handler.mu.Unlock()
+			if ok {
+				return v, nil
+			}
+			res, err := r.hosts(domain)
+			if err != nil {
+				return nil, err
+			}
+			r.handler.mu.Lock()
+			r.handler.hosts[domain] = res
+			r.handler.mu.Unlock()
+			return res, nil
+		})
+		if err != nil || v == nil {
+			return nil, err
+		}
+		res := v.([]docker.RegistryHost)
+		if len(res) == 0 {
+			return nil, nil
+		}
+		auth := newDockerAuthorizer(res[0].Client, r.handler, r.sm, r.g)
+		for i := range res {
+			res[i].Authorizer = auth
+		}
+		return res, nil
+	}(host)
+}
+
+// WithSession returns a new resolver that works with new session group
+func (r *Resolver) WithSession(s session.Group) *Resolver {
+	r2 := *r
+	r2.auth = nil
+	r2.g = s
+	return &r2
+}
+
+// WithImageStore returns new resolver that can also resolve from local images store
+func (r *Resolver) WithImageStore(is images.Store, mode source.ResolveMode) *Resolver {
+	r2 := *r
+	r2.Resolver = r.Resolver
+	r2.is = is
+	r2.mode = mode
+	return &r2
+}
+
+// Fetcher returns a new fetcher for the provided reference.
+func (r *Resolver) Fetcher(ctx context.Context, ref string) (remotes.Fetcher, error) {
+	if atomic.LoadInt64(&r.handler.counter) == 0 {
+		r.Resolve(ctx, ref)
+	}
+	return r.Resolver.Fetcher(ctx, ref)
+}
+
+// Resolve attempts to resolve the reference into a name and descriptor.
+func (r *Resolver) Resolve(ctx context.Context, ref string) (string, ocispec.Descriptor, error) {
+	if r.mode == source.ResolveModePreferLocal && r.is != nil {
+		if img, err := r.is.Get(ctx, ref); err == nil {
+			return ref, img.Target, nil
+		}
+	}
+
+	n, desc, err := r.Resolver.Resolve(ctx, ref)
+	if err == nil {
+		atomic.AddInt64(&r.handler.counter, 1)
+		return n, desc, err
+	}
+
+	if r.mode == source.ResolveModeDefault && r.is != nil {
+		if img, err := r.is.Get(ctx, ref); err == nil {
+			return ref, img.Target, nil
+		}
+	}
+
+	return "", ocispec.Descriptor{}, err
+}
diff --git a/vendor/github.com/moby/buildkit/util/resolver/resolver.go b/vendor/github.com/moby/buildkit/util/resolver/resolver.go
index da28923564cd3..64b895f73a1f4 100644
--- a/vendor/github.com/moby/buildkit/util/resolver/resolver.go
+++ b/vendor/github.com/moby/buildkit/util/resolver/resolver.go
@@ -1,45 +1,212 @@
 package resolver
 
 import (
-	"math/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"time"
 
 	"github.com/containerd/containerd/remotes/docker"
-	"github.com/docker/distribution/reference"
 	"github.com/moby/buildkit/util/tracing"
+	"github.com/pkg/errors"
 )
 
-type RegistryConf struct {
-	Mirrors   []string
-	PlainHTTP bool
+func fillInsecureOpts(host string, c RegistryConfig, h docker.RegistryHost) ([]docker.RegistryHost, error) {
+	var hosts []docker.RegistryHost
+
+	tc, err := loadTLSConfig(c)
+	if err != nil {
+		return nil, err
+	}
+	var isHTTP bool
+
+	if c.PlainHTTP != nil && *c.PlainHTTP {
+		isHTTP = true
+	}
+	if c.PlainHTTP == nil {
+		if ok, _ := docker.MatchLocalhost(host); ok {
+			isHTTP = true
+		}
+	}
+
+	if isHTTP {
+		h2 := h
+		h2.Scheme = "http"
+		hosts = append(hosts, h2)
+	}
+	if c.Insecure != nil && *c.Insecure {
+		h2 := h
+		transport := newDefaultTransport()
+		transport.TLSClientConfig = tc
+		h2.Client = &http.Client{
+			Transport: tracing.NewTransport(transport),
+		}
+		tc.InsecureSkipVerify = true
+		hosts = append(hosts, h2)
+	}
+
+	if len(hosts) == 0 {
+		transport := newDefaultTransport()
+		transport.TLSClientConfig = tc
+
+		h.Client = &http.Client{
+			Transport: tracing.NewTransport(transport),
+		}
+		hosts = append(hosts, h)
+	}
+
+	return hosts, nil
 }
 
-type ResolveOptionsFunc func(string) docker.ResolverOptions
+func loadTLSConfig(c RegistryConfig) (*tls.Config, error) {
+	for _, d := range c.TLSConfigDir {
+		fs, err := ioutil.ReadDir(d)
+		if err != nil && !errors.Is(err, os.ErrNotExist) && !errors.Is(err, os.ErrPermission) {
+			return nil, errors.WithStack(err)
+		}
+		for _, f := range fs {
+			if strings.HasSuffix(f.Name(), ".crt") {
+				c.RootCAs = append(c.RootCAs, filepath.Join(d, f.Name()))
+			}
+			if strings.HasSuffix(f.Name(), ".cert") {
+				c.KeyPairs = append(c.KeyPairs, TLSKeyPair{
+					Certificate: filepath.Join(d, f.Name()),
+					Key:         filepath.Join(d, strings.TrimSuffix(f.Name(), ".cert")+".key"),
+				})
+			}
+		}
+	}
 
-func NewResolveOptionsFunc(m map[string]RegistryConf) ResolveOptionsFunc {
-	return func(ref string) docker.ResolverOptions {
-		def := docker.ResolverOptions{
-			Client: tracing.DefaultClient,
+	tc := &tls.Config{}
+	if len(c.RootCAs) > 0 {
+		systemPool, err := x509.SystemCertPool()
+		if err != nil {
+			if runtime.GOOS == "windows" {
+				systemPool = x509.NewCertPool()
+			} else {
+				return nil, errors.Wrapf(err, "unable to get system cert pool")
+			}
 		}
+		tc.RootCAs = systemPool
+	}
 
-		parsed, err := reference.ParseNormalizedNamed(ref)
+	for _, p := range c.RootCAs {
+		dt, err := ioutil.ReadFile(p)
 		if err != nil {
-			return def
+			return nil, errors.Wrapf(err, "failed to read %s", p)
 		}
-		host := reference.Domain(parsed)
+		tc.RootCAs.AppendCertsFromPEM(dt)
+	}
 
-		c, ok := m[host]
-		if !ok {
-			return def
+	for _, kp := range c.KeyPairs {
+		cert, err := tls.LoadX509KeyPair(kp.Certificate, kp.Key)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to load keypair for %s", kp.Certificate)
 		}
+		tc.Certificates = append(tc.Certificates, cert)
+	}
+	return tc, nil
+}
+
+type RegistryConfig struct {
+	Mirrors      []string     `toml:"mirrors"`
+	PlainHTTP    *bool        `toml:"http"`
+	Insecure     *bool        `toml:"insecure"`
+	RootCAs      []string     `toml:"ca"`
+	KeyPairs     []TLSKeyPair `toml:"keypair"`
+	TLSConfigDir []string     `toml:"tlsconfigdir"`
+}
+
+type TLSKeyPair struct {
+	Key         string `toml:"key"`
+	Certificate string `toml:"cert"`
+}
 
-		if len(c.Mirrors) > 0 {
-			def.Host = func(string) (string, error) {
-				return c.Mirrors[rand.Intn(len(c.Mirrors))], nil
+// NewRegistryConfig converts registry config to docker.RegistryHosts callback
+func NewRegistryConfig(m map[string]RegistryConfig) docker.RegistryHosts {
+	return docker.Registries(
+		func(host string) ([]docker.RegistryHost, error) {
+			c, ok := m[host]
+			if !ok {
+				return nil, nil
 			}
-		}
 
-		def.PlainHTTP = c.PlainHTTP
+			var out []docker.RegistryHost
+
+			for _, mirror := range c.Mirrors {
+				h := docker.RegistryHost{
+					Scheme:       "https",
+					Client:       newDefaultClient(),
+					Host:         mirror,
+					Path:         "/v2",
+					Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
+				}
+
+				hosts, err := fillInsecureOpts(mirror, m[mirror], h)
+				if err != nil {
+					return nil, err
+				}
+
+				out = append(out, hosts...)
+			}
+
+			if host == "docker.io" {
+				host = "registry-1.docker.io"
+			}
+
+			h := docker.RegistryHost{
+				Scheme:       "https",
+				Client:       newDefaultClient(),
+				Host:         host,
+				Path:         "/v2",
+				Capabilities: docker.HostCapabilityPush | docker.HostCapabilityPull | docker.HostCapabilityResolve,
+			}
+
+			hosts, err := fillInsecureOpts(host, c, h)
+			if err != nil {
+				return nil, err
+			}
+
+			out = append(out, hosts...)
+			return out, nil
+		},
+		docker.ConfigureDefaultRegistries(
+			docker.WithClient(newDefaultClient()),
+			docker.WithPlainHTTP(docker.MatchLocalhost),
+		),
+	)
+}
+
+func newDefaultClient() *http.Client {
+	return &http.Client{
+		Transport: tracing.NewTransport(newDefaultTransport()),
+	}
+}
 
-		return def
+// newDefaultTransport is for pull or push client
+//
+// NOTE: For push, there must disable http2 for https because the flow control
+// will limit data transfer. The net/http package doesn't provide http2 tunable
+// settings which limits push performance.
+//
+// REF: https://github.com/golang/go/issues/14077
+func newDefaultTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 60 * time.Second,
+		}).DialContext,
+		MaxIdleConns:          10,
+		IdleConnTimeout:       30 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 5 * time.Second,
+		TLSNextProto:          make(map[string]func(authority string, c *tls.Conn) http.RoundTripper),
 	}
 }
diff --git a/vendor/github.com/moby/buildkit/util/resolver/retryhandler/retry.go b/vendor/github.com/moby/buildkit/util/resolver/retryhandler/retry.go
new file mode 100644
index 0000000000000..e30f83d7f9f1f
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/resolver/retryhandler/retry.go
@@ -0,0 +1,78 @@
+package retryhandler
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/containerd/containerd/images"
+	remoteserrors "github.com/containerd/containerd/remotes/errors"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+func New(f images.HandlerFunc, logger func([]byte)) images.HandlerFunc {
+	return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+		backoff := time.Second
+		for {
+			descs, err := f(ctx, desc)
+			if err != nil {
+				select {
+				case <-ctx.Done():
+					return nil, err
+				default:
+					if !retryError(err) {
+						return nil, err
+					}
+				}
+				if logger != nil {
+					logger([]byte(fmt.Sprintf("error: %v\n", err.Error())))
+				}
+			} else {
+				return descs, nil
+			}
+			// backoff logic
+			if backoff >= 8*time.Second {
+				return nil, err
+			}
+			if logger != nil {
+				logger([]byte(fmt.Sprintf("retrying in %v\n", backoff)))
+			}
+			time.Sleep(backoff)
+			backoff *= 2
+		}
+	}
+}
+
+func retryError(err error) bool {
+	// Retry on 5xx errors
+	var errUnexpectedStatus remoteserrors.ErrUnexpectedStatus
+	if errors.As(err, &errUnexpectedStatus) &&
+		errUnexpectedStatus.StatusCode >= 500 &&
+		errUnexpectedStatus.StatusCode <= 599 {
+		return true
+	}
+
+	if errors.Is(err, io.EOF) || errors.Is(err, syscall.ECONNRESET) || errors.Is(err, syscall.EPIPE) {
+		return true
+	}
+	// catches TLS timeout or other network-related temporary errors
+	if ne, ok := errors.Cause(err).(net.Error); ok && ne.Temporary() {
+		return true
+	}
+	// https://github.com/containerd/containerd/pull/4724
+	if errors.Cause(err).Error() == "no response" {
+		return true
+	}
+
+	// net.ErrClosed exposed in go1.16
+	if strings.Contains(err.Error(), "use of closed network connection") {
+		return true
+	}
+
+	return false
+}
diff --git a/vendor/github.com/moby/buildkit/util/rootless/specconv/specconv_linux.go b/vendor/github.com/moby/buildkit/util/rootless/specconv/specconv_linux.go
index 1b90219f1dec4..7118f8d6d2aac 100644
--- a/vendor/github.com/moby/buildkit/util/rootless/specconv/specconv_linux.go
+++ b/vendor/github.com/moby/buildkit/util/rootless/specconv/specconv_linux.go
@@ -1,113 +1,40 @@
 package specconv
 
 import (
-	"os"
-	"sort"
 	"strings"
 
-	"github.com/opencontainers/runc/libcontainer/system"
-	"github.com/opencontainers/runc/libcontainer/user"
-	"github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // ToRootless converts spec to be compatible with "rootless" runc.
-// * Adds userns (Note: since we are already in userns, ideally we should not need to do this. runc-side issue is tracked at https://github.com/opencontainers/runc/issues/1837)
-// * Fix up mount flags (same as above)
-// * Replace /sys with bind-mount (FIXME: we don't need to do this if netns is unshared)
+// * Remove /sys mount
+// * Remove cgroups
+//
+// See docs/rootless.md for the supported runc revision.
 func ToRootless(spec *specs.Spec) error {
-	if !system.RunningInUserNS() {
-		return errors.New("needs to be in user namespace")
-	}
-	uidMap, err := user.CurrentProcessUIDMap()
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	gidMap, err := user.CurrentProcessUIDMap()
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	return toRootless(spec, uidMap, gidMap)
-}
-
-// toRootless was forked from github.com/opencontainers/runc/libcontainer/specconv
-func toRootless(spec *specs.Spec, uidMap, gidMap []user.IDMap) error {
-	if err := configureUserNS(spec, uidMap, gidMap); err != nil {
-		return err
-	}
-	if err := configureMounts(spec); err != nil {
-		return err
-	}
-
-	// Remove cgroup settings.
-	spec.Linux.Resources = nil
-	spec.Linux.CgroupsPath = ""
-	return nil
-}
-
-// configureUserNS add suserns and the current ID map to the spec.
-// Since we are already in userns, ideally we should not need to add userns.
-// However, currently rootless runc always requires userns to be added.
-// https://github.com/opencontainers/runc/issues/1837
-func configureUserNS(spec *specs.Spec, uidMap, gidMap []user.IDMap) error {
-	spec.Linux.Namespaces = append(spec.Linux.Namespaces, specs.LinuxNamespace{
-		Type: specs.UserNamespace,
-	})
-
-	sort.Slice(uidMap, func(i, j int) bool { return uidMap[i].ID < uidMap[j].ID })
-	uNextContainerID := int64(0)
-	for _, u := range uidMap {
-		spec.Linux.UIDMappings = append(spec.Linux.UIDMappings,
-			specs.LinuxIDMapping{
-				HostID:      uint32(u.ID),
-				ContainerID: uint32(uNextContainerID),
-				Size:        uint32(u.Count),
-			})
-		uNextContainerID += int64(u.Count)
-	}
-	sort.Slice(gidMap, func(i, j int) bool { return gidMap[i].ID < gidMap[j].ID })
-	gNextContainerID := int64(0)
-	for _, g := range gidMap {
-		spec.Linux.GIDMappings = append(spec.Linux.GIDMappings,
-			specs.LinuxIDMapping{
-				HostID:      uint32(g.ID),
-				ContainerID: uint32(gNextContainerID),
-				Size:        uint32(g.Count),
-			})
-		gNextContainerID += int64(g.Count)
-	}
-	return nil
-}
-
-func configureMounts(spec *specs.Spec) error {
+	// Remove /sys mount because we can't mount /sys when the daemon netns
+	// is not unshared from the host.
+	//
+	// Instead, we could bind-mount /sys from the host, however, `rbind, ro`
+	// does not make /sys/fs/cgroup read-only (and we can't bind-mount /sys
+	// without rbind)
+	//
+	// PR for making /sys/fs/cgroup read-only is proposed, but it is very
+	// complicated: https://github.com/opencontainers/runc/pull/1869
+	//
+	// For buildkit usecase, we suppose we don't need to provide /sys to
+	// containers and remove /sys mount as a workaround.
 	var mounts []specs.Mount
 	for _, mount := range spec.Mounts {
-		// Ignore all mounts that are under /sys, because we add /sys later.
 		if strings.HasPrefix(mount.Destination, "/sys") {
 			continue
 		}
-
-		// Remove all gid= and uid= mappings.
-		// Since we are already in userns, ideally we should not need to do this.
-		// https://github.com/opencontainers/runc/issues/1837
-		var options []string
-		for _, option := range mount.Options {
-			if !strings.HasPrefix(option, "gid=") && !strings.HasPrefix(option, "uid=") {
-				options = append(options, option)
-			}
-		}
-		mount.Options = options
 		mounts = append(mounts, mount)
 	}
-
-	// Add the sysfs mount as an rbind, because we can't mount /sys unless we have netns.
-	// TODO: keep original /sys mount when we have netns.
-	mounts = append(mounts, specs.Mount{
-		Source:      "/sys",
-		Destination: "/sys",
-		Type:        "none",
-		Options:     []string{"rbind", "nosuid", "noexec", "nodev", "ro"},
-	})
 	spec.Mounts = mounts
+
+	// Remove cgroups so as to avoid `container_linux.go:337: starting container process caused "process_linux.go:280: applying cgroup configuration for process caused \"mkdir /sys/fs/cgroup/cpuset/buildkit: permission denied\""`
+	spec.Linux.Resources = nil
+	spec.Linux.CgroupsPath = ""
 	return nil
 }
diff --git a/vendor/github.com/moby/buildkit/util/rootless/specconv/specconv_nonlinux.go b/vendor/github.com/moby/buildkit/util/rootless/specconv/specconv_nonlinux.go
new file mode 100644
index 0000000000000..bb08ec1945aa6
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/rootless/specconv/specconv_nonlinux.go
@@ -0,0 +1,19 @@
+// +build !linux
+
+package specconv
+
+import (
+	"runtime"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+// ToRootless converts spec to be compatible with "rootless" runc.
+// * Remove /sys mount
+// * Remove cgroups
+//
+// See docs/rootless.md for the supported runc revision.
+func ToRootless(spec *specs.Spec) error {
+	return errors.Errorf("not implemented on on %s", runtime.GOOS)
+}
diff --git a/vendor/github.com/moby/buildkit/util/sshutil/keyscan.go b/vendor/github.com/moby/buildkit/util/sshutil/keyscan.go
new file mode 100644
index 0000000000000..b6f23678603a5
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/sshutil/keyscan.go
@@ -0,0 +1,51 @@
+package sshutil
+
+import (
+	"fmt"
+	"net"
+	"strconv"
+	"strings"
+
+	"golang.org/x/crypto/ssh"
+)
+
+const defaultPort = 22
+
+var errCallbackDone = fmt.Errorf("callback failed on purpose")
+
+// addDefaultPort appends a default port if hostport doesn't contain one
+func addDefaultPort(hostport string, defaultPort int) string {
+	_, _, err := net.SplitHostPort(hostport)
+	if err == nil {
+		return hostport
+	}
+	hostport = net.JoinHostPort(hostport, strconv.Itoa(defaultPort))
+	return hostport
+}
+
+// SshKeyScan scans a ssh server for the hostkey; server should be in the form hostname, or hostname:port
+func SSHKeyScan(server string) (string, error) {
+	var key string
+	KeyScanCallback := func(hostport string, remote net.Addr, pubKey ssh.PublicKey) error {
+		hostname, _, err := net.SplitHostPort(hostport)
+		if err != nil {
+			return err
+		}
+		key = strings.TrimSpace(fmt.Sprintf("%s %s", hostname, string(ssh.MarshalAuthorizedKey(pubKey))))
+		return errCallbackDone
+	}
+	config := &ssh.ClientConfig{
+		HostKeyCallback: KeyScanCallback,
+	}
+
+	server = addDefaultPort(server, defaultPort)
+	conn, err := ssh.Dial("tcp", server, config)
+	if key != "" {
+		// as long as we get the key, the function worked
+		err = nil
+	}
+	if conn != nil {
+		conn.Close()
+	}
+	return key, err
+}
diff --git a/vendor/github.com/moby/buildkit/util/sshutil/transport_validation.go b/vendor/github.com/moby/buildkit/util/sshutil/transport_validation.go
new file mode 100644
index 0000000000000..c50a2cc7f95da
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/sshutil/transport_validation.go
@@ -0,0 +1,11 @@
+package sshutil
+
+import (
+	"regexp"
+)
+
+var gitSSHRegex = regexp.MustCompile("^[a-zA-Z0-9-_]+@[a-zA-Z0-9-.]+:.*$")
+
+func IsImplicitSSHTransport(s string) bool {
+	return gitSSHRegex.MatchString(s)
+}
diff --git a/vendor/github.com/moby/buildkit/util/stack/generate.go b/vendor/github.com/moby/buildkit/util/stack/generate.go
new file mode 100644
index 0000000000000..97516baa99c5f
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/stack/generate.go
@@ -0,0 +1,3 @@
+package stack
+
+//go:generate protoc -I=. -I=../../vendor/ --go_out=. stack.proto
diff --git a/vendor/github.com/moby/buildkit/util/stack/stack.go b/vendor/github.com/moby/buildkit/util/stack/stack.go
new file mode 100644
index 0000000000000..3409ac047af03
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/stack/stack.go
@@ -0,0 +1,182 @@
+package stack
+
+import (
+	"fmt"
+	io "io"
+	"os"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/containerd/typeurl"
+	"github.com/pkg/errors"
+)
+
+var helpers map[string]struct{}
+var helpersMu sync.RWMutex
+
+func init() {
+	typeurl.Register((*Stack)(nil), "github.com/moby/buildkit", "stack.Stack+json")
+
+	helpers = map[string]struct{}{}
+}
+
+var version string
+var revision string
+
+func SetVersionInfo(v, r string) {
+	version = v
+	revision = r
+}
+
+func Helper() {
+	var pc [1]uintptr
+	n := runtime.Callers(2, pc[:])
+	if n == 0 {
+		return
+	}
+	frames := runtime.CallersFrames(pc[:n])
+	frame, _ := frames.Next()
+	helpersMu.Lock()
+	helpers[frame.Function] = struct{}{}
+	helpersMu.Unlock()
+}
+
+func Traces(err error) []*Stack {
+	var st []*Stack
+
+	wrapped, ok := err.(interface {
+		Unwrap() error
+	})
+	if ok {
+		st = Traces(wrapped.Unwrap())
+	}
+
+	if ste, ok := err.(interface {
+		StackTrace() errors.StackTrace
+	}); ok {
+		st = append(st, convertStack(ste.StackTrace()))
+	}
+
+	if ste, ok := err.(interface {
+		StackTrace() *Stack
+	}); ok {
+		st = append(st, ste.StackTrace())
+	}
+
+	return st
+}
+
+func Enable(err error) error {
+	if err == nil {
+		return nil
+	}
+	Helper()
+	if !hasLocalStackTrace(err) {
+		return errors.WithStack(err)
+	}
+	return err
+}
+
+func Wrap(err error, s Stack) error {
+	return &withStack{stack: s, error: err}
+}
+
+func hasLocalStackTrace(err error) bool {
+	wrapped, ok := err.(interface {
+		Unwrap() error
+	})
+	if ok && hasLocalStackTrace(wrapped.Unwrap()) {
+		return true
+	}
+
+	_, ok = err.(interface {
+		StackTrace() errors.StackTrace
+	})
+	return ok
+}
+
+func Formatter(err error) fmt.Formatter {
+	return &formatter{err}
+}
+
+type formatter struct {
+	error
+}
+
+func (w *formatter) Format(s fmt.State, verb rune) {
+	if w.error == nil {
+		fmt.Fprintf(s, "%v", w.error)
+		return
+	}
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			fmt.Fprintf(s, "%s\n", w.Error())
+			for _, stack := range Traces(w.error) {
+				fmt.Fprintf(s, "%d %s %s\n", stack.Pid, stack.Version, strings.Join(stack.Cmdline, " "))
+				for _, f := range stack.Frames {
+					fmt.Fprintf(s, "%s\n\t%s:%d\n", f.Name, f.File, f.Line)
+				}
+				fmt.Fprintln(s)
+			}
+			return
+		}
+		fallthrough
+	case 's':
+		io.WriteString(s, w.Error())
+	case 'q':
+		fmt.Fprintf(s, "%q", w.Error())
+	}
+}
+
+func convertStack(s errors.StackTrace) *Stack {
+	var out Stack
+	helpersMu.RLock()
+	defer helpersMu.RUnlock()
+	for _, f := range s {
+		dt, err := f.MarshalText()
+		if err != nil {
+			continue
+		}
+		p := strings.SplitN(string(dt), " ", 2)
+		if len(p) != 2 {
+			continue
+		}
+		if _, ok := helpers[p[0]]; ok {
+			continue
+		}
+		idx := strings.LastIndexByte(p[1], ':')
+		if idx == -1 {
+			continue
+		}
+		line, err := strconv.Atoi(p[1][idx+1:])
+		if err != nil {
+			continue
+		}
+		out.Frames = append(out.Frames, &Frame{
+			Name: p[0],
+			File: p[1][:idx],
+			Line: int32(line),
+		})
+	}
+	out.Cmdline = os.Args
+	out.Pid = int32(os.Getpid())
+	out.Version = version
+	out.Revision = revision
+	return &out
+}
+
+type withStack struct {
+	stack Stack
+	error
+}
+
+func (e *withStack) Unwrap() error {
+	return e.error
+}
+
+func (e *withStack) StackTrace() *Stack {
+	return &e.stack
+}
diff --git a/vendor/github.com/moby/buildkit/util/stack/stack.pb.go b/vendor/github.com/moby/buildkit/util/stack/stack.pb.go
new file mode 100644
index 0000000000000..df55582db48af
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/stack/stack.pb.go
@@ -0,0 +1,172 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: stack.proto
+
+package stack
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type Stack struct {
+	Frames               []*Frame `protobuf:"bytes,1,rep,name=frames,proto3" json:"frames,omitempty"`
+	Cmdline              []string `protobuf:"bytes,2,rep,name=cmdline,proto3" json:"cmdline,omitempty"`
+	Pid                  int32    `protobuf:"varint,3,opt,name=pid,proto3" json:"pid,omitempty"`
+	Version              string   `protobuf:"bytes,4,opt,name=version,proto3" json:"version,omitempty"`
+	Revision             string   `protobuf:"bytes,5,opt,name=revision,proto3" json:"revision,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Stack) Reset()         { *m = Stack{} }
+func (m *Stack) String() string { return proto.CompactTextString(m) }
+func (*Stack) ProtoMessage()    {}
+func (*Stack) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b44c07feb2ca0a5a, []int{0}
+}
+
+func (m *Stack) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Stack.Unmarshal(m, b)
+}
+func (m *Stack) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Stack.Marshal(b, m, deterministic)
+}
+func (m *Stack) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Stack.Merge(m, src)
+}
+func (m *Stack) XXX_Size() int {
+	return xxx_messageInfo_Stack.Size(m)
+}
+func (m *Stack) XXX_DiscardUnknown() {
+	xxx_messageInfo_Stack.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Stack proto.InternalMessageInfo
+
+func (m *Stack) GetFrames() []*Frame {
+	if m != nil {
+		return m.Frames
+	}
+	return nil
+}
+
+func (m *Stack) GetCmdline() []string {
+	if m != nil {
+		return m.Cmdline
+	}
+	return nil
+}
+
+func (m *Stack) GetPid() int32 {
+	if m != nil {
+		return m.Pid
+	}
+	return 0
+}
+
+func (m *Stack) GetVersion() string {
+	if m != nil {
+		return m.Version
+	}
+	return ""
+}
+
+func (m *Stack) GetRevision() string {
+	if m != nil {
+		return m.Revision
+	}
+	return ""
+}
+
+type Frame struct {
+	Name                 string   `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
+	File                 string   `protobuf:"bytes,2,opt,name=File,proto3" json:"File,omitempty"`
+	Line                 int32    `protobuf:"varint,3,opt,name=Line,proto3" json:"Line,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Frame) Reset()         { *m = Frame{} }
+func (m *Frame) String() string { return proto.CompactTextString(m) }
+func (*Frame) ProtoMessage()    {}
+func (*Frame) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b44c07feb2ca0a5a, []int{1}
+}
+
+func (m *Frame) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Frame.Unmarshal(m, b)
+}
+func (m *Frame) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Frame.Marshal(b, m, deterministic)
+}
+func (m *Frame) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Frame.Merge(m, src)
+}
+func (m *Frame) XXX_Size() int {
+	return xxx_messageInfo_Frame.Size(m)
+}
+func (m *Frame) XXX_DiscardUnknown() {
+	xxx_messageInfo_Frame.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Frame proto.InternalMessageInfo
+
+func (m *Frame) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Frame) GetFile() string {
+	if m != nil {
+		return m.File
+	}
+	return ""
+}
+
+func (m *Frame) GetLine() int32 {
+	if m != nil {
+		return m.Line
+	}
+	return 0
+}
+
+func init() {
+	proto.RegisterType((*Stack)(nil), "stack.Stack")
+	proto.RegisterType((*Frame)(nil), "stack.Frame")
+}
+
+func init() {
+	proto.RegisterFile("stack.proto", fileDescriptor_b44c07feb2ca0a5a)
+}
+
+var fileDescriptor_b44c07feb2ca0a5a = []byte{
+	// 185 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x3c, 0x8f, 0x3d, 0xce, 0x82, 0x40,
+	0x10, 0x86, 0xb3, 0xdf, 0xb2, 0x7c, 0x3a, 0x58, 0x98, 0xa9, 0x36, 0x56, 0x1b, 0x62, 0x41, 0x45,
+	0xa1, 0x47, 0x30, 0xa1, 0x32, 0x16, 0x78, 0x02, 0x84, 0x35, 0xd9, 0xc8, 0x5f, 0x76, 0x09, 0xd7,
+	0xf0, 0xca, 0x66, 0x06, 0xb4, 0x7b, 0xde, 0x9f, 0xe4, 0x9d, 0x81, 0x24, 0x4c, 0x55, 0xfd, 0xca,
+	0x47, 0x3f, 0x4c, 0x03, 0x2a, 0x16, 0xe9, 0x5b, 0x80, 0xba, 0x13, 0xe1, 0x11, 0xe2, 0xa7, 0xaf,
+	0x3a, 0x1b, 0xb4, 0x30, 0x32, 0x4b, 0x4e, 0xbb, 0x7c, 0xa9, 0x17, 0x64, 0x96, 0x6b, 0x86, 0x1a,
+	0xfe, 0xeb, 0xae, 0x69, 0x5d, 0x6f, 0xf5, 0x9f, 0x91, 0xd9, 0xb6, 0xfc, 0x4a, 0xdc, 0x83, 0x1c,
+	0x5d, 0xa3, 0xa5, 0x11, 0x99, 0x2a, 0x09, 0xa9, 0x3b, 0x5b, 0x1f, 0xdc, 0xd0, 0xeb, 0xc8, 0x08,
+	0xea, 0xae, 0x12, 0x0f, 0xb0, 0xf1, 0x76, 0x76, 0x1c, 0x29, 0x8e, 0x7e, 0x3a, 0xbd, 0x80, 0xe2,
+	0x49, 0x44, 0x88, 0x6e, 0x55, 0x67, 0xb5, 0xe0, 0x02, 0x33, 0x79, 0x85, 0x6b, 0x69, 0x9b, 0x3d,
+	0x62, 0xf2, 0xae, 0x74, 0xcf, 0xb2, 0xcc, 0xfc, 0x88, 0xf9, 0xc9, 0xf3, 0x27, 0x00, 0x00, 0xff,
+	0xff, 0xfd, 0x2c, 0xbb, 0xfb, 0xf3, 0x00, 0x00, 0x00,
+}
diff --git a/vendor/github.com/moby/buildkit/util/stack/stack.proto b/vendor/github.com/moby/buildkit/util/stack/stack.proto
new file mode 100644
index 0000000000000..9c63bc3626c19
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/stack/stack.proto
@@ -0,0 +1,17 @@
+syntax = "proto3";
+
+package stack;
+
+message Stack {
+    repeated Frame frames = 1;
+    repeated string cmdline = 2;
+    int32 pid = 3;
+    string version = 4;
+    string revision = 5;
+}
+
+message Frame {
+    string Name = 1;
+    string File = 2;
+    int32 Line = 3;
+}
\ No newline at end of file
diff --git a/vendor/github.com/moby/buildkit/util/system/path.go b/vendor/github.com/moby/buildkit/util/system/path.go
new file mode 100644
index 0000000000000..f6dc70dc8dd56
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/system/path.go
@@ -0,0 +1,18 @@
+package system
+
+// DefaultPathEnvUnix is unix style list of directories to search for
+// executables. Each directory is separated from the next by a colon
+// ':' character .
+const DefaultPathEnvUnix = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+// DefaultPathEnvWindows is windows style list of directories to search for
+// executables. Each directory is separated from the next by a colon
+// ';' character .
+const DefaultPathEnvWindows = "c:\\Windows\\System32;c:\\Windows"
+
+func DefaultPathEnv(os string) string {
+	if os == "windows" {
+		return DefaultPathEnvWindows
+	}
+	return DefaultPathEnvUnix
+}
diff --git a/vendor/github.com/moby/buildkit/util/system/path_unix.go b/vendor/github.com/moby/buildkit/util/system/path_unix.go
index c607c4db09f20..f3762e69d36ad 100644
--- a/vendor/github.com/moby/buildkit/util/system/path_unix.go
+++ b/vendor/github.com/moby/buildkit/util/system/path_unix.go
@@ -2,11 +2,6 @@
 
 package system
 
-// DefaultPathEnv is unix style list of directories to search for
-// executables. Each directory is separated from the next by a colon
-// ':' character .
-const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-
 // CheckSystemDriveAndRemoveDriveLetter verifies that a path, if it includes a drive letter,
 // is the system drive. This is a no-op on Linux.
 func CheckSystemDriveAndRemoveDriveLetter(path string) (string, error) {
diff --git a/vendor/github.com/moby/buildkit/util/system/path_windows.go b/vendor/github.com/moby/buildkit/util/system/path_windows.go
index cbfe2c1576ceb..3fc47449484e8 100644
--- a/vendor/github.com/moby/buildkit/util/system/path_windows.go
+++ b/vendor/github.com/moby/buildkit/util/system/path_windows.go
@@ -8,10 +8,6 @@ import (
 	"strings"
 )
 
-// DefaultPathEnv is deliberately empty on Windows as the default path will be set by
-// the container. Docker has no context of what the default path should be.
-const DefaultPathEnv = ""
-
 // CheckSystemDriveAndRemoveDriveLetter verifies and manipulates a Windows path.
 // This is used, for example, when validating a user provided path in docker cp.
 // If a drive letter is supplied, it must be the system drive. The drive letter
diff --git a/vendor/github.com/moby/buildkit/util/throttle/throttle.go b/vendor/github.com/moby/buildkit/util/throttle/throttle.go
index 490ccd9c3dcd6..dfc4aefa90dc8 100644
--- a/vendor/github.com/moby/buildkit/util/throttle/throttle.go
+++ b/vendor/github.com/moby/buildkit/util/throttle/throttle.go
@@ -11,10 +11,10 @@ func Throttle(d time.Duration, f func()) func() {
 	return throttle(d, f, true)
 }
 
-// ThrottleAfter wraps a function so that internal function does not get called
+// After wraps a function so that internal function does not get called
 // more frequently than the specified duration. The delay is added after function
 // has been called.
-func ThrottleAfter(d time.Duration, f func()) func() {
+func After(d time.Duration, f func()) func() {
 	return throttle(d, f, false)
 }
 
diff --git a/vendor/github.com/moby/buildkit/util/tracing/tracing.go b/vendor/github.com/moby/buildkit/util/tracing/tracing.go
index 6af2b8c55e392..8f2d4dd96213e 100644
--- a/vendor/github.com/moby/buildkit/util/tracing/tracing.go
+++ b/vendor/github.com/moby/buildkit/util/tracing/tracing.go
@@ -74,6 +74,12 @@ type Transport struct {
 	http.RoundTripper
 }
 
+func NewTransport(rt http.RoundTripper) http.RoundTripper {
+	return &Transport{
+		RoundTripper: &nethttp.Transport{RoundTripper: rt},
+	}
+}
+
 func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 	span := opentracing.SpanFromContext(req.Context())
 	if span == nil { // no tracer connected with either request or transport
diff --git a/vendor/github.com/moby/buildkit/util/winlayers/applier.go b/vendor/github.com/moby/buildkit/util/winlayers/applier.go
new file mode 100644
index 0000000000000..91e415232a3aa
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/winlayers/applier.go
@@ -0,0 +1,187 @@
+package winlayers
+
+import (
+	"archive/tar"
+	"context"
+	"io"
+	"io/ioutil"
+	"runtime"
+	"strings"
+	"sync"
+
+	"github.com/containerd/containerd/archive"
+	"github.com/containerd/containerd/archive/compression"
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/diff"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/mount"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+func NewFileSystemApplierWithWindows(cs content.Provider, a diff.Applier) diff.Applier {
+	if runtime.GOOS == "windows" {
+		return a
+	}
+
+	return &winApplier{
+		cs: cs,
+		a:  a,
+	}
+}
+
+type winApplier struct {
+	cs content.Provider
+	a  diff.Applier
+}
+
+func (s *winApplier) Apply(ctx context.Context, desc ocispec.Descriptor, mounts []mount.Mount, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
+	if !hasWindowsLayerMode(ctx) {
+		return s.a.Apply(ctx, desc, mounts, opts...)
+	}
+
+	compressed, err := images.DiffCompression(ctx, desc.MediaType)
+	if err != nil {
+		return ocispec.Descriptor{}, errors.Wrapf(errdefs.ErrNotImplemented, "unsupported diff media type: %v", desc.MediaType)
+	}
+
+	var ocidesc ocispec.Descriptor
+	if err := mount.WithTempMount(ctx, mounts, func(root string) error {
+		ra, err := s.cs.ReaderAt(ctx, desc)
+		if err != nil {
+			return errors.Wrap(err, "failed to get reader from content store")
+		}
+		defer ra.Close()
+
+		r := content.NewReader(ra)
+		if compressed != "" {
+			ds, err := compression.DecompressStream(r)
+			if err != nil {
+				return err
+			}
+			defer ds.Close()
+			r = ds
+		}
+
+		digester := digest.Canonical.Digester()
+		rc := &readCounter{
+			r: io.TeeReader(r, digester.Hash()),
+		}
+
+		rc2, discard := filter(rc, func(hdr *tar.Header) bool {
+			if strings.HasPrefix(hdr.Name, "Files/") {
+				hdr.Name = strings.TrimPrefix(hdr.Name, "Files/")
+				hdr.Linkname = strings.TrimPrefix(hdr.Linkname, "Files/")
+				// TODO: could convert the windows PAX headers to xattr here to reuse
+				// the original ones in diff for parent directories and file modifications
+				return true
+			}
+			return false
+		})
+
+		if _, err := archive.Apply(ctx, root, rc2); err != nil {
+			discard(err)
+			return err
+		}
+
+		// Read any trailing data
+		if _, err := io.Copy(ioutil.Discard, rc); err != nil {
+			discard(err)
+			return err
+		}
+
+		ocidesc = ocispec.Descriptor{
+			MediaType: ocispec.MediaTypeImageLayer,
+			Size:      rc.c,
+			Digest:    digester.Digest(),
+		}
+		return nil
+
+	}); err != nil {
+		return ocispec.Descriptor{}, err
+	}
+	return ocidesc, nil
+}
+
+type readCounter struct {
+	r io.Reader
+	c int64
+}
+
+func (rc *readCounter) Read(p []byte) (n int, err error) {
+	n, err = rc.r.Read(p)
+	rc.c += int64(n)
+	return
+}
+
+func filter(in io.Reader, f func(*tar.Header) bool) (io.Reader, func(error)) {
+	pr, pw := io.Pipe()
+
+	rc := &readCanceler{Reader: in}
+
+	go func() {
+		tarReader := tar.NewReader(rc)
+		tarWriter := tar.NewWriter(pw)
+
+		pw.CloseWithError(func() error {
+			for {
+				h, err := tarReader.Next()
+				if err == io.EOF {
+					break
+				}
+				if err != nil {
+					return err
+				}
+				if f(h) {
+					if err := tarWriter.WriteHeader(h); err != nil {
+						return err
+					}
+					if h.Size > 0 {
+						if _, err := io.Copy(tarWriter, tarReader); err != nil {
+							return err
+						}
+					}
+				} else {
+					if h.Size > 0 {
+						if _, err := io.Copy(ioutil.Discard, tarReader); err != nil {
+							return err
+						}
+					}
+				}
+			}
+			return tarWriter.Close()
+		}())
+	}()
+
+	discard := func(err error) {
+		rc.cancel(err)
+		pw.CloseWithError(err)
+	}
+
+	return pr, discard
+}
+
+type readCanceler struct {
+	mu sync.Mutex
+	io.Reader
+	err error
+}
+
+func (r *readCanceler) Read(b []byte) (int, error) {
+	r.mu.Lock()
+	if r.err != nil {
+		r.mu.Unlock()
+		return 0, r.err
+	}
+	n, err := r.Reader.Read(b)
+	r.mu.Unlock()
+	return n, err
+}
+
+func (r *readCanceler) cancel(err error) {
+	r.mu.Lock()
+	r.err = err
+	r.mu.Unlock()
+}
diff --git a/vendor/github.com/moby/buildkit/util/winlayers/context.go b/vendor/github.com/moby/buildkit/util/winlayers/context.go
new file mode 100644
index 0000000000000..c0bd3f8a2f066
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/winlayers/context.go
@@ -0,0 +1,19 @@
+package winlayers
+
+import "context"
+
+type contextKeyT string
+
+var contextKey = contextKeyT("buildkit/winlayers-on")
+
+func UseWindowsLayerMode(ctx context.Context) context.Context {
+	return context.WithValue(ctx, contextKey, true)
+}
+
+func hasWindowsLayerMode(ctx context.Context) bool {
+	v := ctx.Value(contextKey)
+	if v == nil {
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/moby/buildkit/util/winlayers/differ.go b/vendor/github.com/moby/buildkit/util/winlayers/differ.go
new file mode 100644
index 0000000000000..cdbc335d49d92
--- /dev/null
+++ b/vendor/github.com/moby/buildkit/util/winlayers/differ.go
@@ -0,0 +1,274 @@
+package winlayers
+
+import (
+	"archive/tar"
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"time"
+
+	"github.com/containerd/containerd/archive"
+	"github.com/containerd/containerd/archive/compression"
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/diff"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/mount"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	keyFileAttr     = "MSWINDOWS.fileattr"
+	keySDRaw        = "MSWINDOWS.rawsd"
+	keyCreationTime = "LIBARCHIVE.creationtime"
+)
+
+func NewWalkingDiffWithWindows(store content.Store, d diff.Comparer) diff.Comparer {
+	return &winDiffer{
+		store: store,
+		d:     d,
+	}
+}
+
+var emptyDesc = ocispec.Descriptor{}
+
+type winDiffer struct {
+	store content.Store
+	d     diff.Comparer
+}
+
+// Compare creates a diff between the given mounts and uploads the result
+// to the content store.
+func (s *winDiffer) Compare(ctx context.Context, lower, upper []mount.Mount, opts ...diff.Opt) (d ocispec.Descriptor, err error) {
+	if !hasWindowsLayerMode(ctx) {
+		return s.d.Compare(ctx, lower, upper, opts...)
+	}
+
+	var config diff.Config
+	for _, opt := range opts {
+		if err := opt(&config); err != nil {
+			return emptyDesc, err
+		}
+	}
+
+	if config.MediaType == "" {
+		config.MediaType = ocispec.MediaTypeImageLayerGzip
+	}
+
+	var isCompressed bool
+	switch config.MediaType {
+	case ocispec.MediaTypeImageLayer:
+	case ocispec.MediaTypeImageLayerGzip:
+		isCompressed = true
+	default:
+		return emptyDesc, errors.Wrapf(errdefs.ErrNotImplemented, "unsupported diff media type: %v", config.MediaType)
+	}
+
+	var ocidesc ocispec.Descriptor
+	if err := mount.WithTempMount(ctx, lower, func(lowerRoot string) error {
+		return mount.WithTempMount(ctx, upper, func(upperRoot string) error {
+			var newReference bool
+			if config.Reference == "" {
+				newReference = true
+				config.Reference = uniqueRef()
+			}
+
+			cw, err := s.store.Writer(ctx,
+				content.WithRef(config.Reference),
+				content.WithDescriptor(ocispec.Descriptor{
+					MediaType: config.MediaType, // most contentstore implementations just ignore this
+				}))
+			if err != nil {
+				return errors.Wrap(err, "failed to open writer")
+			}
+			defer func() {
+				if err != nil {
+					cw.Close()
+					if newReference {
+						if err := s.store.Abort(ctx, config.Reference); err != nil {
+							log.G(ctx).WithField("ref", config.Reference).Warnf("failed to delete diff upload")
+						}
+					}
+				}
+			}()
+			if !newReference {
+				if err := cw.Truncate(0); err != nil {
+					return err
+				}
+			}
+
+			if isCompressed {
+				dgstr := digest.SHA256.Digester()
+				compressed, err := compression.CompressStream(cw, compression.Gzip)
+				if err != nil {
+					return errors.Wrap(err, "failed to get compressed stream")
+				}
+				var w io.Writer = io.MultiWriter(compressed, dgstr.Hash())
+				w, discard, done := makeWindowsLayer(w)
+				err = archive.WriteDiff(ctx, w, lowerRoot, upperRoot)
+				if err != nil {
+					discard(err)
+				}
+				<-done
+				compressed.Close()
+				if err != nil {
+					return errors.Wrap(err, "failed to write compressed diff")
+				}
+
+				if config.Labels == nil {
+					config.Labels = map[string]string{}
+				}
+				config.Labels["containerd.io/uncompressed"] = dgstr.Digest().String()
+			} else {
+				w, discard, done := makeWindowsLayer(cw)
+				if err = archive.WriteDiff(ctx, w, lowerRoot, upperRoot); err != nil {
+					discard(err)
+					return errors.Wrap(err, "failed to write diff")
+				}
+				<-done
+			}
+
+			var commitopts []content.Opt
+			if config.Labels != nil {
+				commitopts = append(commitopts, content.WithLabels(config.Labels))
+			}
+
+			dgst := cw.Digest()
+			if err := cw.Commit(ctx, 0, dgst, commitopts...); err != nil {
+				return errors.Wrap(err, "failed to commit")
+			}
+
+			info, err := s.store.Info(ctx, dgst)
+			if err != nil {
+				return errors.Wrap(err, "failed to get info from content store")
+			}
+
+			ocidesc = ocispec.Descriptor{
+				MediaType: config.MediaType,
+				Size:      info.Size,
+				Digest:    info.Digest,
+			}
+			return nil
+		})
+	}); err != nil {
+		return emptyDesc, err
+	}
+
+	return ocidesc, nil
+}
+
+func uniqueRef() string {
+	t := time.Now()
+	var b [3]byte
+	// Ignore read failures, just decreases uniqueness
+	rand.Read(b[:])
+	return fmt.Sprintf("%d-%s", t.UnixNano(), base64.URLEncoding.EncodeToString(b[:]))
+}
+
+func prepareWinHeader(h *tar.Header) {
+	if h.PAXRecords == nil {
+		h.PAXRecords = map[string]string{}
+	}
+	if h.Typeflag == tar.TypeDir {
+		h.Mode |= 1 << 14
+		h.PAXRecords[keyFileAttr] = "16"
+	}
+
+	if h.Typeflag == tar.TypeReg {
+		h.Mode |= 1 << 15
+		h.PAXRecords[keyFileAttr] = "32"
+	}
+
+	if !h.ModTime.IsZero() {
+		h.PAXRecords[keyCreationTime] = fmt.Sprintf("%d.%d", h.ModTime.Unix(), h.ModTime.Nanosecond())
+	}
+
+	h.Format = tar.FormatPAX
+}
+
+func addSecurityDescriptor(h *tar.Header) {
+	if h.Typeflag == tar.TypeDir {
+		// O:BAG:SYD:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;FA;;;BA)(A;OICIIO;GA;;;CO)(A;OICI;0x1200a9;;;BU)(A;CI;LC;;;BU)(A;CI;DC;;;BU)
+		h.PAXRecords[keySDRaw] = "AQAEgBQAAAAkAAAAAAAAADAAAAABAgAAAAAABSAAAAAgAgAAAQEAAAAAAAUSAAAAAgCoAAcAAAAAAxgA/wEfAAECAAAAAAAFIAAAACACAAAAAxQA/wEfAAEBAAAAAAAFEgAAAAAAGAD/AR8AAQIAAAAAAAUgAAAAIAIAAAALFAAAAAAQAQEAAAAAAAMAAAAAAAMYAKkAEgABAgAAAAAABSAAAAAhAgAAAAIYAAQAAAABAgAAAAAABSAAAAAhAgAAAAIYAAIAAAABAgAAAAAABSAAAAAhAgAA"
+	}
+
+	if h.Typeflag == tar.TypeReg {
+		// O:BAG:SYD:(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x1200a9;;;BU)
+		h.PAXRecords[keySDRaw] = "AQAEgBQAAAAkAAAAAAAAADAAAAABAgAAAAAABSAAAAAgAgAAAQEAAAAAAAUSAAAAAgBMAAMAAAAAABgA/wEfAAECAAAAAAAFIAAAACACAAAAABQA/wEfAAEBAAAAAAAFEgAAAAAAGACpABIAAQIAAAAAAAUgAAAAIQIAAA=="
+	}
+}
+
+func makeWindowsLayer(w io.Writer) (io.Writer, func(error), chan error) {
+	pr, pw := io.Pipe()
+	done := make(chan error)
+
+	go func() {
+		tarReader := tar.NewReader(pr)
+		tarWriter := tar.NewWriter(w)
+
+		err := func() error {
+
+			h := &tar.Header{
+				Name:     "Hives",
+				Typeflag: tar.TypeDir,
+				ModTime:  time.Now(),
+			}
+			prepareWinHeader(h)
+			if err := tarWriter.WriteHeader(h); err != nil {
+				return err
+			}
+
+			h = &tar.Header{
+				Name:     "Files",
+				Typeflag: tar.TypeDir,
+				ModTime:  time.Now(),
+			}
+			prepareWinHeader(h)
+			if err := tarWriter.WriteHeader(h); err != nil {
+				return err
+			}
+
+			for {
+				h, err := tarReader.Next()
+				if err == io.EOF {
+					break
+				}
+				if err != nil {
+					return err
+				}
+				h.Name = "Files/" + h.Name
+				if h.Linkname != "" {
+					h.Linkname = "Files/" + h.Linkname
+				}
+				prepareWinHeader(h)
+				addSecurityDescriptor(h)
+				if err := tarWriter.WriteHeader(h); err != nil {
+					return err
+				}
+				if h.Size > 0 {
+					if _, err := io.Copy(tarWriter, tarReader); err != nil {
+						return err
+					}
+				}
+			}
+			return tarWriter.Close()
+		}()
+		if err != nil {
+			logrus.Errorf("makeWindowsLayer %+v", err)
+		}
+		pw.CloseWithError(err)
+		done <- err
+		return
+	}()
+
+	discard := func(err error) {
+		pw.CloseWithError(err)
+	}
+
+	return pw, discard, done
+}
diff --git a/vendor/github.com/moby/buildkit/vendor.conf b/vendor/github.com/moby/buildkit/vendor.conf
deleted file mode 100644
index ba9a01ed3c0f8..0000000000000
--- a/vendor/github.com/moby/buildkit/vendor.conf
+++ /dev/null
@@ -1,71 +0,0 @@
-github.com/pkg/errors v0.8.0
-go.etcd.io/bbolt v1.3.1-etcd.8
-
-github.com/stretchr/testify v1.1.4
-github.com/davecgh/go-spew v1.1.0
-github.com/pmezard/go-difflib v1.0.0
-golang.org/x/sys 1b2967e3c290b7c545b3db0deeda16e9be4f98a2
-
-github.com/containerd/containerd d97a907f7f781c0ab8340877d8e6b53cc7f1c2f6
-github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
-golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
-github.com/sirupsen/logrus v1.0.0
-google.golang.org/grpc v1.12.0
-github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7
-golang.org/x/net 0ed95abb35c445290478a5348a7b38bb154135fd
-github.com/gogo/protobuf v1.0.0
-github.com/gogo/googleapis b23578765ee54ff6bceff57f397d833bf4ca6869
-github.com/golang/protobuf v1.1.0
-github.com/containerd/continuity f44b615e492bdfb371aae2f76ec694d9da1db537
-github.com/opencontainers/image-spec v1.0.1
-github.com/opencontainers/runc 20aff4f0488c6d4b8df4d85b4f63f1f704c11abd
-github.com/Microsoft/go-winio v0.4.11
-github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
-github.com/opencontainers/runtime-spec eba862dc2470385a233c7507392675cbeadf7353 # v1.0.1-45-geba862d
-github.com/containerd/go-runc 5a6d9f37cfa36b15efba46dc7ea349fa9b7143c3
-github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23
-google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
-golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
-github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
-github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
-github.com/Microsoft/hcsshim v0.7.3
-golang.org/x/crypto 0709b304e793a5edb4a2c0145f281ecdc20838a4
-
-github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
-github.com/morikuni/aec 39771216ff4c63d11f5e604076f9c45e8be1067b
-github.com/docker/go-units v0.3.1
-github.com/google/shlex 6f45313302b9c56850fc17f99e40caebce98c716
-golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631
-
-github.com/docker/docker 71cd53e4a197b303c6ba086bd584ffd67a884281
-github.com/pkg/profile 5b67d428864e92711fcbd2f8629456121a56d91f
-
-github.com/tonistiigi/fsutil f567071bed2416e4d87d260d3162722651182317
-github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
-github.com/hashicorp/golang-lru a0d98a5f288019575c6d1f4bb1573fef2d1fcdc4
-github.com/mitchellh/hashstructure 2bca23e0e452137f789efbc8610126fd8b94f73b
-github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
-github.com/docker/distribution 30578ca32960a4d368bf6db67b0a33c2a1f3dc6f
-
-github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
-github.com/docker/cli 99576756eb3303b7af8102c502f21a912e3c1af6 https://github.com/tonistiigi/docker-cli.git
-github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1
-github.com/docker/libnetwork 36d3bed0e9f4b3c8c66df9bd45278bb90b33e911
-github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005
-github.com/ishidawataru/sctp 07191f837fedd2f13d1ec7b5f885f0f3ec54b1cb
-
-github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
-github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7
-github.com/uber/jaeger-client-go e02c85f9069ea625a96fc4e1afb5e9ac6c569a6d
-github.com/apache/thrift b2a4d4ae21c789b689dd162deb819665567f481c
-github.com/uber/jaeger-lib c48167d9cae5887393dd5e61efd06a4a48b7fbb3
-github.com/codahale/hdrhistogram f8ad88b59a584afeee9d334eff879b104439117b
-
-github.com/opentracing-contrib/go-stdlib b1a47cfbdd7543e70e9ef3e73d0802ad306cc1cc
-
-# used by dockerfile tests
-gotest.tools v2.1.0
-github.com/google/go-cmp v0.2.0
-
-# used by rootless spec conv test
-github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
diff --git a/vendor/github.com/moby/buildkit/worker/cacheresult.go b/vendor/github.com/moby/buildkit/worker/cacheresult.go
index fb11525d7724a..0e684e7d57b46 100644
--- a/vendor/github.com/moby/buildkit/worker/cacheresult.go
+++ b/vendor/github.com/moby/buildkit/worker/cacheresult.go
@@ -6,7 +6,9 @@ import (
 	"time"
 
 	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/util/compression"
 	"github.com/pkg/errors"
 )
 
@@ -20,7 +22,7 @@ type cacheResultStorage struct {
 	wc *Controller
 }
 
-func (s *cacheResultStorage) Save(res solver.Result) (solver.CacheResult, error) {
+func (s *cacheResultStorage) Save(res solver.Result, createdAt time.Time) (solver.CacheResult, error) {
 	ref, ok := res.Sys().(*WorkerRef)
 	if !ok {
 		return solver.CacheResult{}, errors.Errorf("invalid result: %T", res.Sys())
@@ -33,10 +35,10 @@ func (s *cacheResultStorage) Save(res solver.Result) (solver.CacheResult, error)
 			ref.ImmutableRef.Metadata().Commit()
 		}
 	}
-	return solver.CacheResult{ID: ref.ID(), CreatedAt: time.Now()}, nil
+	return solver.CacheResult{ID: ref.ID(), CreatedAt: createdAt}, nil
 }
 func (s *cacheResultStorage) Load(ctx context.Context, res solver.CacheResult) (solver.Result, error) {
-	return s.load(res.ID, false)
+	return s.load(ctx, res.ID, false)
 }
 
 func (s *cacheResultStorage) getWorkerRef(id string) (Worker, string, error) {
@@ -51,7 +53,7 @@ func (s *cacheResultStorage) getWorkerRef(id string) (Worker, string, error) {
 	return w, refID, nil
 }
 
-func (s *cacheResultStorage) load(id string, hidden bool) (solver.Result, error) {
+func (s *cacheResultStorage) load(ctx context.Context, id string, hidden bool) (solver.Result, error) {
 	w, refID, err := s.getWorkerRef(id)
 	if err != nil {
 		return nil, err
@@ -59,31 +61,32 @@ func (s *cacheResultStorage) load(id string, hidden bool) (solver.Result, error)
 	if refID == "" {
 		return NewWorkerRefResult(nil, w), nil
 	}
-	ref, err := w.LoadRef(refID, hidden)
+	ref, err := w.LoadRef(ctx, refID, hidden)
 	if err != nil {
 		return nil, err
 	}
 	return NewWorkerRefResult(ref, w), nil
 }
 
-func (s *cacheResultStorage) LoadRemote(ctx context.Context, res solver.CacheResult) (*solver.Remote, error) {
+func (s *cacheResultStorage) LoadRemote(ctx context.Context, res solver.CacheResult, g session.Group) (*solver.Remote, error) {
 	w, refID, err := s.getWorkerRef(res.ID)
 	if err != nil {
 		return nil, err
 	}
-	ref, err := w.LoadRef(refID, true)
+	ref, err := w.LoadRef(ctx, refID, true)
 	if err != nil {
 		return nil, err
 	}
 	defer ref.Release(context.TODO())
-	remote, err := w.GetRemote(ctx, ref, false)
+	wref := WorkerRef{ref, w}
+	remote, err := wref.GetRemote(ctx, false, compression.Default, g)
 	if err != nil {
 		return nil, nil // ignore error. loadRemote is best effort
 	}
 	return remote, nil
 }
 func (s *cacheResultStorage) Exists(id string) bool {
-	ref, err := s.load(id, true)
+	ref, err := s.load(context.TODO(), id, true)
 	if err != nil {
 		return false
 	}
diff --git a/vendor/github.com/moby/buildkit/worker/result.go b/vendor/github.com/moby/buildkit/worker/result.go
index 9aa6af4167489..9f4cdc5bfa808 100644
--- a/vendor/github.com/moby/buildkit/worker/result.go
+++ b/vendor/github.com/moby/buildkit/worker/result.go
@@ -4,7 +4,9 @@ import (
 	"context"
 
 	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/util/compression"
 )
 
 func NewWorkerRefResult(ref cache.ImmutableRef, worker Worker) solver.Result {
@@ -24,6 +26,18 @@ func (wr *WorkerRef) ID() string {
 	return wr.Worker.ID() + "::" + refID
 }
 
+// GetRemote method abstracts ImmutableRef's GetRemote to allow a Worker to override.
+// This is needed for moby integration.
+// Use this method instead of calling ImmutableRef.GetRemote() directly.
+func (wr *WorkerRef) GetRemote(ctx context.Context, createIfNeeded bool, compressionType compression.Type, g session.Group) (*solver.Remote, error) {
+	if w, ok := wr.Worker.(interface {
+		GetRemote(context.Context, cache.ImmutableRef, bool, compression.Type, session.Group) (*solver.Remote, error)
+	}); ok {
+		return w.GetRemote(ctx, wr.ImmutableRef, createIfNeeded, compressionType, g)
+	}
+	return wr.ImmutableRef.GetRemote(ctx, createIfNeeded, compressionType, g)
+}
+
 type workerRefResult struct {
 	*WorkerRef
 }
@@ -38,3 +52,11 @@ func (r *workerRefResult) Release(ctx context.Context) error {
 func (r *workerRefResult) Sys() interface{} {
 	return r.WorkerRef
 }
+
+func (r *workerRefResult) Clone() solver.Result {
+	r2 := *r
+	if r.ImmutableRef != nil {
+		r.ImmutableRef = r.ImmutableRef.Clone()
+	}
+	return &r2
+}
diff --git a/vendor/github.com/moby/buildkit/worker/worker.go b/vendor/github.com/moby/buildkit/worker/worker.go
index 47a5d4bf74eb4..db42c245a21df 100644
--- a/vendor/github.com/moby/buildkit/worker/worker.go
+++ b/vendor/github.com/moby/buildkit/worker/worker.go
@@ -2,14 +2,16 @@ package worker
 
 import (
 	"context"
-	"io"
 
+	"github.com/containerd/containerd/content"
 	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/cache/metadata"
 	"github.com/moby/buildkit/client"
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/executor"
 	"github.com/moby/buildkit/exporter"
 	"github.com/moby/buildkit/frontend"
-	gw "github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/solver"
 	digest "github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
@@ -19,25 +21,35 @@ type Worker interface {
 	// ID needs to be unique in the cluster
 	ID() string
 	Labels() map[string]string
-	Platforms() []specs.Platform
+	Platforms(noCache bool) []specs.Platform
+
 	GCPolicy() []client.PruneInfo
-	LoadRef(id string, hidden bool) (cache.ImmutableRef, error)
+	LoadRef(ctx context.Context, id string, hidden bool) (cache.ImmutableRef, error)
 	// ResolveOp resolves Vertex.Sys() to Op implementation.
-	ResolveOp(v solver.Vertex, s frontend.FrontendLLBBridge) (solver.Op, error)
-	ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (digest.Digest, []byte, error)
-	// Exec is similar to executor.Exec but without []mount.Mount
-	Exec(ctx context.Context, meta executor.Meta, rootFS cache.ImmutableRef, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error
+	ResolveOp(v solver.Vertex, s frontend.FrontendLLBBridge, sm *session.Manager) (solver.Op, error)
+	ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt, sm *session.Manager, g session.Group) (digest.Digest, []byte, error)
 	DiskUsage(ctx context.Context, opt client.DiskUsageInfo) ([]*client.UsageInfo, error)
-	Exporter(name string) (exporter.Exporter, error)
+	Exporter(name string, sm *session.Manager) (exporter.Exporter, error)
 	Prune(ctx context.Context, ch chan client.UsageInfo, opt ...client.PruneInfo) error
-	GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool) (*solver.Remote, error)
 	FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error)
+	PruneCacheMounts(ctx context.Context, ids []string) error
+	ContentStore() content.Store
+	Executor() executor.Executor
+	CacheManager() cache.Manager
+	MetadataStore() *metadata.Store
+}
+
+type Infos interface {
+	GetDefault() (Worker, error)
+	WorkerInfos() []client.WorkerInfo
 }
 
 // Pre-defined label keys
 const (
-	labelPrefix      = "org.mobyproject.buildkit.worker."
-	LabelExecutor    = labelPrefix + "executor"    // "oci" or "containerd"
-	LabelSnapshotter = labelPrefix + "snapshotter" // containerd snapshotter name ("overlay", "native", ...)
-	LabelHostname    = labelPrefix + "hostname"
+	labelPrefix              = "org.mobyproject.buildkit.worker."
+	LabelExecutor            = labelPrefix + "executor"    // "oci" or "containerd"
+	LabelSnapshotter         = labelPrefix + "snapshotter" // containerd snapshotter name ("overlay", "native", ...)
+	LabelHostname            = labelPrefix + "hostname"
+	LabelContainerdUUID      = labelPrefix + "containerd.uuid"      // containerd worker: containerd UUID
+	LabelContainerdNamespace = labelPrefix + "containerd.namespace" // containerd worker: containerd namespace
 )
diff --git a/vendor/github.com/moby/buildkit/worker/workercontroller.go b/vendor/github.com/moby/buildkit/worker/workercontroller.go
index b07db8f599f41..3899d5999cb60 100644
--- a/vendor/github.com/moby/buildkit/worker/workercontroller.go
+++ b/vendor/github.com/moby/buildkit/worker/workercontroller.go
@@ -1,8 +1,6 @@
 package worker
 
 import (
-	"sync"
-
 	"github.com/containerd/containerd/filters"
 	"github.com/moby/buildkit/client"
 	"github.com/pkg/errors"
@@ -12,16 +10,15 @@ import (
 // Currently, only local workers are supported.
 type Controller struct {
 	// TODO: define worker interface and support remote ones
-	workers   sync.Map
-	defaultID string
+	workers []Worker
 }
 
-// Add adds a local worker
+// Add adds a local worker.
+// The first worker becomes the default.
+//
+// Add is not thread-safe.
 func (c *Controller) Add(w Worker) error {
-	c.workers.Store(w.ID(), w)
-	if c.defaultID == "" {
-		c.defaultID = w.ID()
-	}
+	c.workers = append(c.workers, w)
 	return nil
 }
 
@@ -32,45 +29,42 @@ func (c *Controller) List(filterStrings ...string) ([]Worker, error) {
 		return nil, err
 	}
 	var workers []Worker
-	c.workers.Range(func(k, v interface{}) bool {
-		w := v.(Worker)
+	for _, w := range c.workers {
 		if filter.Match(adaptWorker(w)) {
 			workers = append(workers, w)
 		}
-		return true
-	})
+	}
 	return workers, nil
 }
 
 // GetDefault returns the default local worker
 func (c *Controller) GetDefault() (Worker, error) {
-	if c.defaultID == "" {
+	if len(c.workers) == 0 {
 		return nil, errors.Errorf("no default worker")
 	}
-	return c.Get(c.defaultID)
+	return c.workers[0], nil
 }
 
 func (c *Controller) Get(id string) (Worker, error) {
-	v, ok := c.workers.Load(id)
-	if !ok {
-		return nil, errors.Errorf("worker %s not found", id)
+	for _, w := range c.workers {
+		if w.ID() == id {
+			return w, nil
+		}
 	}
-	return v.(Worker), nil
+	return nil, errors.Errorf("worker %s not found", id)
 }
 
 // TODO: add Get(Constraint) (*Worker, error)
 
+// WorkerInfos returns slice of WorkerInfo.
+// The first item is the default worker.
 func (c *Controller) WorkerInfos() []client.WorkerInfo {
-	workers, err := c.List()
-	if err != nil {
-		return nil
-	}
-	out := make([]client.WorkerInfo, 0, len(workers))
-	for _, w := range workers {
+	out := make([]client.WorkerInfo, 0, len(c.workers))
+	for _, w := range c.workers {
 		out = append(out, client.WorkerInfo{
 			ID:        w.ID(),
 			Labels:    w.Labels(),
-			Platforms: w.Platforms(),
+			Platforms: w.Platforms(true),
 		})
 	}
 	return out
diff --git a/vendor/github.com/docker/libnetwork/LICENSE b/vendor/github.com/moby/ipvs/LICENSE
similarity index 100%
rename from vendor/github.com/docker/libnetwork/LICENSE
rename to vendor/github.com/moby/ipvs/LICENSE
diff --git a/vendor/github.com/moby/ipvs/README.md b/vendor/github.com/moby/ipvs/README.md
new file mode 100644
index 0000000000000..a45cf049a5592
--- /dev/null
+++ b/vendor/github.com/moby/ipvs/README.md
@@ -0,0 +1,34 @@
+# ipvs - networking for containers
+
+![Test](https://github.com/moby/ipvs/workflows/Test/badge.svg) [![GoDoc](https://godoc.org/github.com/moby/ipvs?status.svg)](https://godoc.org/github.com/moby/ipvs) [![Go Report Card](https://goreportcard.com/badge/github.com/moby/ipvs)](https://goreportcard.com/report/github.com/moby/ipvs)
+
+ipvs provides a native Go implementation for communicating with IPVS kernel module using a netlink socket.
+
+
+#### Using ipvs
+
+```go
+import (
+	"log"
+
+	"github.com/moby/ipvs"
+)
+
+func main() {
+	handle, err := ipvs.New("")
+	if err != nil {
+		log.Fatalf("ipvs.New: %s", err)
+	}
+	svcs, err := handle.GetServices()
+	if err != nil {
+		log.Fatalf("handle.GetServices: %s", err)
+	}
+}
+```
+
+## Contributing
+
+Want to hack on ipvs? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply.
+
+## Copyright and license
+Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.
diff --git a/vendor/github.com/docker/libnetwork/ipvs/constants.go b/vendor/github.com/moby/ipvs/constants.go
similarity index 88%
rename from vendor/github.com/docker/libnetwork/ipvs/constants.go
rename to vendor/github.com/moby/ipvs/constants.go
index b6b7f2bb5e34d..efac4e367cf87 100644
--- a/vendor/github.com/docker/libnetwork/ipvs/constants.go
+++ b/vendor/github.com/moby/ipvs/constants.go
@@ -144,6 +144,17 @@ const (
 	// a statically assigned hash table by their source IP
 	// addresses.
 	SourceHashing = "sh"
+
+	// WeightedRoundRobin assigns jobs to real servers proportionally
+	// to there real servers' weight. Servers with higher weights
+	// receive new jobs first and get more jobs than servers
+	// with lower weights. Servers with equal weights get
+	// an equal distribution of new jobs
+	WeightedRoundRobin = "wrr"
+
+	// WeightedLeastConnection assigns more jobs to servers
+	// with fewer jobs and relative to the real servers' weight
+	WeightedLeastConnection = "wlc"
 )
 
 const (
diff --git a/vendor/github.com/moby/ipvs/doc.go b/vendor/github.com/moby/ipvs/doc.go
new file mode 100644
index 0000000000000..91ce6808ad7e7
--- /dev/null
+++ b/vendor/github.com/moby/ipvs/doc.go
@@ -0,0 +1 @@
+package ipvs
diff --git a/vendor/github.com/moby/ipvs/go.mod b/vendor/github.com/moby/ipvs/go.mod
new file mode 100644
index 0000000000000..a57cc9d210b37
--- /dev/null
+++ b/vendor/github.com/moby/ipvs/go.mod
@@ -0,0 +1,12 @@
+module github.com/moby/ipvs
+
+go 1.13
+
+require (
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/sirupsen/logrus v1.4.2
+	github.com/vishvananda/netlink v1.1.0
+	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
+	golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527
+	gotest.tools/v3 v3.0.2
+)
diff --git a/vendor/github.com/docker/libnetwork/ipvs/ipvs.go b/vendor/github.com/moby/ipvs/ipvs.go
similarity index 87%
rename from vendor/github.com/docker/libnetwork/ipvs/ipvs.go
rename to vendor/github.com/moby/ipvs/ipvs.go
index ed3c2870d6d0e..61b6f0a5e4e54 100644
--- a/vendor/github.com/docker/libnetwork/ipvs/ipvs.go
+++ b/vendor/github.com/moby/ipvs/ipvs.go
@@ -3,14 +3,13 @@
 package ipvs
 
 import (
+	"fmt"
 	"net"
-	"syscall"
 	"time"
 
-	"fmt"
-
 	"github.com/vishvananda/netlink/nl"
 	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -68,6 +67,13 @@ type Destination struct {
 // DstStats defines IPVS destination (real server) statistics
 type DstStats SvcStats
 
+// Config defines IPVS timeout configuration
+type Config struct {
+	TimeoutTCP    time.Duration
+	TimeoutTCPFin time.Duration
+	TimeoutUDP    time.Duration
+}
+
 // Handle provides a namespace specific ipvs handle to program ipvs
 // rules.
 type Handle struct {
@@ -91,16 +97,16 @@ func New(path string) (*Handle, error) {
 	}
 	defer n.Close()
 
-	sock, err := nl.GetNetlinkSocketAt(n, netns.None(), syscall.NETLINK_GENERIC)
+	sock, err := nl.GetNetlinkSocketAt(n, netns.None(), unix.NETLINK_GENERIC)
 	if err != nil {
 		return nil, err
 	}
 	// Add operation timeout to avoid deadlocks
-	tv := syscall.NsecToTimeval(netlinkSendSocketTimeout.Nanoseconds())
+	tv := unix.NsecToTimeval(netlinkSendSocketTimeout.Nanoseconds())
 	if err := sock.SetSendTimeout(&tv); err != nil {
 		return nil, err
 	}
-	tv = syscall.NsecToTimeval(netlinkRecvSocketsTimeout.Nanoseconds())
+	tv = unix.NsecToTimeval(netlinkRecvSocketsTimeout.Nanoseconds())
 	if err := sock.SetReceiveTimeout(&tv); err != nil {
 		return nil, err
 	}
@@ -188,3 +194,13 @@ func (i *Handle) GetService(s *Service) (*Service, error) {
 
 	return res[0], nil
 }
+
+// GetConfig returns the current timeout configuration
+func (i *Handle) GetConfig() (*Config, error) {
+	return i.doGetConfigCmd()
+}
+
+// SetConfig set the current timeout configuration. 0: no change
+func (i *Handle) SetConfig(c *Config) error {
+	return i.doSetConfigCmd(c)
+}
diff --git a/vendor/github.com/docker/libnetwork/ipvs/netlink.go b/vendor/github.com/moby/ipvs/netlink.go
similarity index 80%
rename from vendor/github.com/docker/libnetwork/ipvs/netlink.go
rename to vendor/github.com/moby/ipvs/netlink.go
index d158d11153fb8..ac48d05a31d76 100644
--- a/vendor/github.com/docker/libnetwork/ipvs/netlink.go
+++ b/vendor/github.com/moby/ipvs/netlink.go
@@ -5,6 +5,7 @@ package ipvs
 import (
 	"bytes"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"net"
 	"os/exec"
@@ -12,6 +13,7 @@ import (
 	"sync"
 	"sync/atomic"
 	"syscall"
+	"time"
 	"unsafe"
 
 	"github.com/sirupsen/logrus"
@@ -216,7 +218,7 @@ func execute(s *nl.NetlinkSocket, req *nl.NetlinkRequest, resType uint16) ([][]b
 
 done:
 	for {
-		msgs, err := s.Receive()
+		msgs, _, err := s.Receive()
 		if err != nil {
 			if s.GetFd() == -1 {
 				return nil, fmt.Errorf("Socket got closed on receive")
@@ -314,6 +316,7 @@ func assembleStats(msg []byte) (SvcStats, error) {
 func assembleService(attrs []syscall.NetlinkRouteAttr) (*Service, error) {
 
 	var s Service
+	var addressBytes []byte
 
 	for _, attr := range attrs {
 
@@ -326,11 +329,7 @@ func assembleService(attrs []syscall.NetlinkRouteAttr) (*Service, error) {
 		case ipvsSvcAttrProtocol:
 			s.Protocol = native.Uint16(attr.Value)
 		case ipvsSvcAttrAddress:
-			ip, err := parseIP(attr.Value, s.AddressFamily)
-			if err != nil {
-				return nil, err
-			}
-			s.Address = ip
+			addressBytes = attr.Value
 		case ipvsSvcAttrPort:
 			s.Port = binary.BigEndian.Uint16(attr.Value)
 		case ipvsSvcAttrFWMark:
@@ -352,6 +351,16 @@ func assembleService(attrs []syscall.NetlinkRouteAttr) (*Service, error) {
 		}
 
 	}
+
+	// parse Address after parse AddressFamily incase of parseIP error
+	if addressBytes != nil {
+		ip, err := parseIP(addressBytes, s.AddressFamily)
+		if err != nil {
+			return nil, err
+		}
+		s.Address = ip
+	}
+
 	return &s, nil
 }
 
@@ -415,18 +424,18 @@ func (i *Handle) doCmdWithoutAttr(cmd uint8) ([][]byte, error) {
 func assembleDestination(attrs []syscall.NetlinkRouteAttr) (*Destination, error) {
 
 	var d Destination
+	var addressBytes []byte
 
 	for _, attr := range attrs {
 
 		attrType := int(attr.Attr.Type)
 
 		switch attrType {
+
+		case ipvsDestAttrAddressFamily:
+			d.AddressFamily = native.Uint16(attr.Value)
 		case ipvsDestAttrAddress:
-			ip, err := parseIP(attr.Value, syscall.AF_INET)
-			if err != nil {
-				return nil, err
-			}
-			d.Address = ip
+			addressBytes = attr.Value
 		case ipvsDestAttrPort:
 			d.Port = binary.BigEndian.Uint16(attr.Value)
 		case ipvsDestAttrForwardingMethod:
@@ -437,13 +446,11 @@ func assembleDestination(attrs []syscall.NetlinkRouteAttr) (*Destination, error)
 			d.UpperThreshold = native.Uint32(attr.Value)
 		case ipvsDestAttrLowerThreshold:
 			d.LowerThreshold = native.Uint32(attr.Value)
-		case ipvsDestAttrAddressFamily:
-			d.AddressFamily = native.Uint16(attr.Value)
 		case ipvsDestAttrActiveConnections:
 			d.ActiveConnections = int(native.Uint16(attr.Value))
 		case ipvsDestAttrInactiveConnections:
 			d.InactiveConnections = int(native.Uint16(attr.Value))
-		case ipvsSvcAttrStats:
+		case ipvsDestAttrStats:
 			stats, err := assembleStats(attr.Value)
 			if err != nil {
 				return nil, err
@@ -451,9 +458,63 @@ func assembleDestination(attrs []syscall.NetlinkRouteAttr) (*Destination, error)
 			d.Stats = DstStats(stats)
 		}
 	}
+
+	// in older kernels (< 3.18), the destination address family attribute doesn't exist so we must
+	// assume it based on the destination address provided.
+	if d.AddressFamily == 0 {
+		// we can't check the address family using net stdlib because netlink returns
+		// IPv4 addresses as the first 4 bytes in a []byte of length 16 where as
+		// stdlib expects it as the last 4 bytes.
+		addressFamily, err := getIPFamily(addressBytes)
+		if err != nil {
+			return nil, err
+		}
+		d.AddressFamily = addressFamily
+	}
+
+	// parse Address after parse AddressFamily incase of parseIP error
+	if addressBytes != nil {
+		ip, err := parseIP(addressBytes, d.AddressFamily)
+		if err != nil {
+			return nil, err
+		}
+		d.Address = ip
+	}
+
 	return &d, nil
 }
 
+// getIPFamily parses the IP family based on raw data from netlink.
+// For AF_INET, netlink will set the first 4 bytes with trailing zeros
+//   10.0.0.1 -> [10 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0]
+// For AF_INET6, the full 16 byte array is used:
+//   2001:db8:3c4d:15::1a00 -> [32 1 13 184 60 77 0 21 0 0 0 0 0 0 26 0]
+func getIPFamily(address []byte) (uint16, error) {
+	if len(address) == 4 {
+		return syscall.AF_INET, nil
+	}
+
+	if isZeros(address) {
+		return 0, errors.New("could not parse IP family from address data")
+	}
+
+	// assume IPv4 if first 4 bytes are non-zero but rest of the data is trailing zeros
+	if !isZeros(address[:4]) && isZeros(address[4:]) {
+		return syscall.AF_INET, nil
+	}
+
+	return syscall.AF_INET6, nil
+}
+
+func isZeros(b []byte) bool {
+	for i := 0; i < len(b); i++ {
+		if b[i] != 0 {
+			return false
+		}
+	}
+	return true
+}
+
 // parseDestination given a ipvs netlink response this function will respond with a valid destination entry, an error otherwise
 func (i *Handle) parseDestination(msg []byte) (*Destination, error) {
 	var dst *Destination
@@ -503,6 +564,60 @@ func (i *Handle) doGetDestinationsCmd(s *Service, d *Destination) ([]*Destinatio
 	return res, nil
 }
 
+// parseConfig given a ipvs netlink response this function will respond with a valid config entry, an error otherwise
+func (i *Handle) parseConfig(msg []byte) (*Config, error) {
+	var c Config
+
+	//Remove General header for this message
+	hdr := deserializeGenlMsg(msg)
+	attrs, err := nl.ParseRouteAttr(msg[hdr.Len():])
+	if err != nil {
+		return nil, err
+	}
+
+	for _, attr := range attrs {
+		attrType := int(attr.Attr.Type)
+		switch attrType {
+		case ipvsCmdAttrTimeoutTCP:
+			c.TimeoutTCP = time.Duration(native.Uint32(attr.Value)) * time.Second
+		case ipvsCmdAttrTimeoutTCPFin:
+			c.TimeoutTCPFin = time.Duration(native.Uint32(attr.Value)) * time.Second
+		case ipvsCmdAttrTimeoutUDP:
+			c.TimeoutUDP = time.Duration(native.Uint32(attr.Value)) * time.Second
+		}
+	}
+
+	return &c, nil
+}
+
+// doGetConfigCmd a wrapper function to be used by GetConfig
+func (i *Handle) doGetConfigCmd() (*Config, error) {
+	msg, err := i.doCmdWithoutAttr(ipvsCmdGetConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	res, err := i.parseConfig(msg[0])
+	if err != nil {
+		return res, err
+	}
+	return res, nil
+}
+
+// doSetConfigCmd a wrapper function to be used by SetConfig
+func (i *Handle) doSetConfigCmd(c *Config) error {
+	req := newIPVSRequest(ipvsCmdSetConfig)
+	req.Seq = atomic.AddUint32(&i.seq, 1)
+
+	req.AddData(nl.NewRtAttr(ipvsCmdAttrTimeoutTCP, nl.Uint32Attr(uint32(c.TimeoutTCP.Seconds()))))
+	req.AddData(nl.NewRtAttr(ipvsCmdAttrTimeoutTCPFin, nl.Uint32Attr(uint32(c.TimeoutTCPFin.Seconds()))))
+	req.AddData(nl.NewRtAttr(ipvsCmdAttrTimeoutUDP, nl.Uint32Attr(uint32(c.TimeoutUDP.Seconds()))))
+
+	_, err := execute(i.sock, req, 0)
+
+	return err
+}
+
 // IPVS related netlink message format explained
 
 /* EACH NETLINK MSG is of the below format, this is what we will receive from execute() api.
diff --git a/vendor/github.com/moby/locker/LICENSE b/vendor/github.com/moby/locker/LICENSE
new file mode 100644
index 0000000000000..2e0ec1dcf1e2f
--- /dev/null
+++ b/vendor/github.com/moby/locker/LICENSE
@@ -0,0 +1,190 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2013-2018 Docker, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/moby/locker/README.md b/vendor/github.com/moby/locker/README.md
new file mode 100644
index 0000000000000..a0852f0f8edaf
--- /dev/null
+++ b/vendor/github.com/moby/locker/README.md
@@ -0,0 +1,65 @@
+Locker
+=====
+
+locker provides a mechanism for creating finer-grained locking to help
+free up more global locks to handle other tasks.
+
+The implementation looks close to a sync.Mutex, however, the user must provide a
+reference to use to refer to the underlying lock when locking and unlocking,
+and unlock may generate an error.
+
+If a lock with a given name does not exist when `Lock` is called, one is
+created.
+Lock references are automatically cleaned up on `Unlock` if nothing else is
+waiting for the lock.
+
+
+## Usage
+
+```go
+package important
+
+import (
+	"sync"
+	"time"
+
+	"github.com/moby/locker"
+)
+
+type important struct {
+	locks *locker.Locker
+	data  map[string]interface{}
+	mu    sync.Mutex
+}
+
+func (i *important) Get(name string) interface{} {
+	i.locks.Lock(name)
+	defer i.locks.Unlock(name)
+	return i.data[name]
+}
+
+func (i *important) Create(name string, data interface{}) {
+	i.locks.Lock(name)
+	defer i.locks.Unlock(name)
+
+	i.createImportant(data)
+
+	i.mu.Lock()
+	i.data[name] = data
+	i.mu.Unlock()
+}
+
+func (i *important) createImportant(data interface{}) {
+	time.Sleep(10 * time.Second)
+}
+```
+
+For functions dealing with a given name, always lock at the beginning of the
+function (or before doing anything with the underlying state), this ensures any
+other function that is dealing with the same name will block.
+
+When needing to modify the underlying data, use the global lock to ensure nothing
+else is modifying it at the same time.
+Since name lock is already in place, no reads will occur while the modification
+is being performed.
+
diff --git a/vendor/github.com/moby/locker/go.mod b/vendor/github.com/moby/locker/go.mod
new file mode 100644
index 0000000000000..15b7adcdb7bce
--- /dev/null
+++ b/vendor/github.com/moby/locker/go.mod
@@ -0,0 +1,3 @@
+module github.com/moby/locker
+
+go 1.13
diff --git a/vendor/github.com/moby/locker/locker.go b/vendor/github.com/moby/locker/locker.go
new file mode 100644
index 0000000000000..0b22ddfab85c6
--- /dev/null
+++ b/vendor/github.com/moby/locker/locker.go
@@ -0,0 +1,112 @@
+/*
+Package locker provides a mechanism for creating finer-grained locking to help
+free up more global locks to handle other tasks.
+
+The implementation looks close to a sync.Mutex, however the user must provide a
+reference to use to refer to the underlying lock when locking and unlocking,
+and unlock may generate an error.
+
+If a lock with a given name does not exist when `Lock` is called, one is
+created.
+Lock references are automatically cleaned up on `Unlock` if nothing else is
+waiting for the lock.
+*/
+package locker
+
+import (
+	"errors"
+	"sync"
+	"sync/atomic"
+)
+
+// ErrNoSuchLock is returned when the requested lock does not exist
+var ErrNoSuchLock = errors.New("no such lock")
+
+// Locker provides a locking mechanism based on the passed in reference name
+type Locker struct {
+	mu    sync.Mutex
+	locks map[string]*lockCtr
+}
+
+// lockCtr is used by Locker to represent a lock with a given name.
+type lockCtr struct {
+	mu sync.Mutex
+	// waiters is the number of waiters waiting to acquire the lock
+	// this is int32 instead of uint32 so we can add `-1` in `dec()`
+	waiters int32
+}
+
+// inc increments the number of waiters waiting for the lock
+func (l *lockCtr) inc() {
+	atomic.AddInt32(&l.waiters, 1)
+}
+
+// dec decrements the number of waiters waiting on the lock
+func (l *lockCtr) dec() {
+	atomic.AddInt32(&l.waiters, -1)
+}
+
+// count gets the current number of waiters
+func (l *lockCtr) count() int32 {
+	return atomic.LoadInt32(&l.waiters)
+}
+
+// Lock locks the mutex
+func (l *lockCtr) Lock() {
+	l.mu.Lock()
+}
+
+// Unlock unlocks the mutex
+func (l *lockCtr) Unlock() {
+	l.mu.Unlock()
+}
+
+// New creates a new Locker
+func New() *Locker {
+	return &Locker{
+		locks: make(map[string]*lockCtr),
+	}
+}
+
+// Lock locks a mutex with the given name. If it doesn't exist, one is created
+func (l *Locker) Lock(name string) {
+	l.mu.Lock()
+	if l.locks == nil {
+		l.locks = make(map[string]*lockCtr)
+	}
+
+	nameLock, exists := l.locks[name]
+	if !exists {
+		nameLock = &lockCtr{}
+		l.locks[name] = nameLock
+	}
+
+	// increment the nameLock waiters while inside the main mutex
+	// this makes sure that the lock isn't deleted if `Lock` and `Unlock` are called concurrently
+	nameLock.inc()
+	l.mu.Unlock()
+
+	// Lock the nameLock outside the main mutex so we don't block other operations
+	// once locked then we can decrement the number of waiters for this lock
+	nameLock.Lock()
+	nameLock.dec()
+}
+
+// Unlock unlocks the mutex with the given name
+// If the given lock is not being waited on by any other callers, it is deleted
+func (l *Locker) Unlock(name string) error {
+	l.mu.Lock()
+	nameLock, exists := l.locks[name]
+	if !exists {
+		l.mu.Unlock()
+		return ErrNoSuchLock
+	}
+
+	if nameLock.count() == 0 {
+		delete(l.locks, name)
+	}
+	nameLock.Unlock()
+
+	l.mu.Unlock()
+	return nil
+}
diff --git a/vendor/github.com/moby/sys/LICENSE b/vendor/github.com/moby/sys/LICENSE
new file mode 100644
index 0000000000000..d645695673349
--- /dev/null
+++ b/vendor/github.com/moby/sys/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/moby/sys/mount/doc.go b/vendor/github.com/moby/sys/mount/doc.go
new file mode 100644
index 0000000000000..86c2e01bbd8c3
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/doc.go
@@ -0,0 +1,4 @@
+// Package mount provides a set of functions to mount and unmount mounts.
+//
+// Currently it supports Linux. For historical reasons, there is also some support for FreeBSD.
+package mount
diff --git a/vendor/github.com/moby/sys/mount/flags_bsd.go b/vendor/github.com/moby/sys/mount/flags_bsd.go
new file mode 100644
index 0000000000000..a7f8a71957cff
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/flags_bsd.go
@@ -0,0 +1,46 @@
+//go:build freebsd || openbsd
+// +build freebsd openbsd
+
+package mount
+
+import "golang.org/x/sys/unix"
+
+const (
+	// RDONLY will mount the filesystem as read-only.
+	RDONLY = unix.MNT_RDONLY
+
+	// NOSUID will not allow set-user-identifier or set-group-identifier bits to
+	// take effect.
+	NOSUID = unix.MNT_NOSUID
+
+	// NOEXEC will not allow execution of any binaries on the mounted file system.
+	NOEXEC = unix.MNT_NOEXEC
+
+	// SYNCHRONOUS will allow any I/O to the file system to be done synchronously.
+	SYNCHRONOUS = unix.MNT_SYNCHRONOUS
+
+	// NOATIME will not update the file access time when reading from a file.
+	NOATIME = unix.MNT_NOATIME
+)
+
+// These flags are unsupported.
+const (
+	BIND        = 0
+	DIRSYNC     = 0
+	MANDLOCK    = 0
+	NODEV       = 0
+	NODIRATIME  = 0
+	UNBINDABLE  = 0
+	RUNBINDABLE = 0
+	PRIVATE     = 0
+	RPRIVATE    = 0
+	SHARED      = 0
+	RSHARED     = 0
+	SLAVE       = 0
+	RSLAVE      = 0
+	RBIND       = 0
+	RELATIME    = 0
+	REMOUNT     = 0
+	STRICTATIME = 0
+	mntDetach   = 0
+)
diff --git a/pkg/mount/flags_linux.go b/vendor/github.com/moby/sys/mount/flags_linux.go
similarity index 97%
rename from pkg/mount/flags_linux.go
rename to vendor/github.com/moby/sys/mount/flags_linux.go
index a1b199a31ac6a..0425d0dd633c5 100644
--- a/pkg/mount/flags_linux.go
+++ b/vendor/github.com/moby/sys/mount/flags_linux.go
@@ -1,4 +1,4 @@
-package mount // import "github.com/docker/docker/pkg/mount"
+package mount
 
 import (
 	"golang.org/x/sys/unix"
diff --git a/vendor/github.com/moby/sys/mount/flags_unix.go b/vendor/github.com/moby/sys/mount/flags_unix.go
new file mode 100644
index 0000000000000..19fa61fccad75
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/flags_unix.go
@@ -0,0 +1,140 @@
+//go:build !darwin && !windows
+// +build !darwin,!windows
+
+package mount
+
+import (
+	"fmt"
+	"strings"
+)
+
+var flags = map[string]struct {
+	clear bool
+	flag  int
+}{
+	"defaults":      {false, 0},
+	"ro":            {false, RDONLY},
+	"rw":            {true, RDONLY},
+	"suid":          {true, NOSUID},
+	"nosuid":        {false, NOSUID},
+	"dev":           {true, NODEV},
+	"nodev":         {false, NODEV},
+	"exec":          {true, NOEXEC},
+	"noexec":        {false, NOEXEC},
+	"sync":          {false, SYNCHRONOUS},
+	"async":         {true, SYNCHRONOUS},
+	"dirsync":       {false, DIRSYNC},
+	"remount":       {false, REMOUNT},
+	"mand":          {false, MANDLOCK},
+	"nomand":        {true, MANDLOCK},
+	"atime":         {true, NOATIME},
+	"noatime":       {false, NOATIME},
+	"diratime":      {true, NODIRATIME},
+	"nodiratime":    {false, NODIRATIME},
+	"bind":          {false, BIND},
+	"rbind":         {false, RBIND},
+	"unbindable":    {false, UNBINDABLE},
+	"runbindable":   {false, RUNBINDABLE},
+	"private":       {false, PRIVATE},
+	"rprivate":      {false, RPRIVATE},
+	"shared":        {false, SHARED},
+	"rshared":       {false, RSHARED},
+	"slave":         {false, SLAVE},
+	"rslave":        {false, RSLAVE},
+	"relatime":      {false, RELATIME},
+	"norelatime":    {true, RELATIME},
+	"strictatime":   {false, STRICTATIME},
+	"nostrictatime": {true, STRICTATIME},
+}
+
+var validFlags = map[string]bool{
+	"":          true,
+	"size":      true,
+	"mode":      true,
+	"uid":       true,
+	"gid":       true,
+	"nr_inodes": true,
+	"nr_blocks": true,
+	"mpol":      true,
+}
+
+var propagationFlags = map[string]bool{
+	"bind":        true,
+	"rbind":       true,
+	"unbindable":  true,
+	"runbindable": true,
+	"private":     true,
+	"rprivate":    true,
+	"shared":      true,
+	"rshared":     true,
+	"slave":       true,
+	"rslave":      true,
+}
+
+// MergeTmpfsOptions merge mount options to make sure there is no duplicate.
+func MergeTmpfsOptions(options []string) ([]string, error) {
+	// We use collisions maps to remove duplicates.
+	// For flag, the key is the flag value (the key for propagation flag is -1)
+	// For data=value, the key is the data
+	flagCollisions := map[int]bool{}
+	dataCollisions := map[string]bool{}
+
+	var newOptions []string
+	// We process in reverse order
+	for i := len(options) - 1; i >= 0; i-- {
+		option := options[i]
+		if option == "defaults" {
+			continue
+		}
+		if f, ok := flags[option]; ok && f.flag != 0 {
+			// There is only one propagation mode
+			key := f.flag
+			if propagationFlags[option] {
+				key = -1
+			}
+			// Check to see if there is collision for flag
+			if !flagCollisions[key] {
+				// We prepend the option and add to collision map
+				newOptions = append([]string{option}, newOptions...)
+				flagCollisions[key] = true
+			}
+			continue
+		}
+		opt := strings.SplitN(option, "=", 2)
+		if len(opt) != 2 || !validFlags[opt[0]] {
+			return nil, fmt.Errorf("invalid tmpfs option %q", opt)
+		}
+		if !dataCollisions[opt[0]] {
+			// We prepend the option and add to collision map
+			newOptions = append([]string{option}, newOptions...)
+			dataCollisions[opt[0]] = true
+		}
+	}
+
+	return newOptions, nil
+}
+
+// Parse fstab type mount options into mount() flags
+// and device specific data
+func parseOptions(options string) (int, string) {
+	var (
+		flag int
+		data []string
+	)
+
+	for _, o := range strings.Split(options, ",") {
+		// If the option does not exist in the flags table or the flag
+		// is not supported on the platform,
+		// then it is a data value for a specific fs type
+		if f, exists := flags[o]; exists && f.flag != 0 {
+			if f.clear {
+				flag &= ^f.flag
+			} else {
+				flag |= f.flag
+			}
+		} else {
+			data = append(data, o)
+		}
+	}
+	return flag, strings.Join(data, ",")
+}
diff --git a/vendor/github.com/moby/sys/mount/go.mod b/vendor/github.com/moby/sys/mount/go.mod
new file mode 100644
index 0000000000000..b8c29b9bf5d1c
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/go.mod
@@ -0,0 +1,8 @@
+module github.com/moby/sys/mount
+
+go 1.16
+
+require (
+	github.com/moby/sys/mountinfo v0.5.0
+	golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
+)
diff --git a/vendor/github.com/moby/sys/mount/mount_errors.go b/vendor/github.com/moby/sys/mount/mount_errors.go
new file mode 100644
index 0000000000000..2bd1ef7f157a1
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/mount_errors.go
@@ -0,0 +1,47 @@
+//go:build !windows
+// +build !windows
+
+package mount
+
+import "strconv"
+
+// mountError records an error from mount or unmount operation
+type mountError struct {
+	op             string
+	source, target string
+	flags          uintptr
+	data           string
+	err            error
+}
+
+func (e *mountError) Error() string {
+	out := e.op + " "
+
+	if e.source != "" {
+		out += e.source + ":" + e.target
+	} else {
+		out += e.target
+	}
+
+	if e.flags != uintptr(0) {
+		out += ", flags: 0x" + strconv.FormatUint(uint64(e.flags), 16)
+	}
+	if e.data != "" {
+		out += ", data: " + e.data
+	}
+
+	out += ": " + e.err.Error()
+	return out
+}
+
+// Cause returns the underlying cause of the error.
+// This is a convention used in github.com/pkg/errors
+func (e *mountError) Cause() error {
+	return e.err
+}
+
+// Unwrap returns the underlying error.
+// This is a convention used in golang 1.13+
+func (e *mountError) Unwrap() error {
+	return e.err
+}
diff --git a/vendor/github.com/moby/sys/mount/mount_unix.go b/vendor/github.com/moby/sys/mount/mount_unix.go
new file mode 100644
index 0000000000000..4053fbbeb8152
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/mount_unix.go
@@ -0,0 +1,88 @@
+//go:build !darwin && !windows
+// +build !darwin,!windows
+
+package mount
+
+import (
+	"fmt"
+	"sort"
+
+	"github.com/moby/sys/mountinfo"
+	"golang.org/x/sys/unix"
+)
+
+// Mount will mount filesystem according to the specified configuration.
+// Options must be specified like the mount or fstab unix commands:
+// "opt1=val1,opt2=val2". See flags.go for supported option flags.
+func Mount(device, target, mType, options string) error {
+	flag, data := parseOptions(options)
+	return mount(device, target, mType, uintptr(flag), data)
+}
+
+// Unmount lazily unmounts a filesystem on supported platforms, otherwise does
+// a normal unmount. If target is not a mount point, no error is returned.
+func Unmount(target string) error {
+	err := unix.Unmount(target, mntDetach)
+	if err == nil || err == unix.EINVAL { //nolint:errorlint // unix errors are bare
+		// Ignore "not mounted" error here. Note the same error
+		// can be returned if flags are invalid, so this code
+		// assumes that the flags value is always correct.
+		return nil
+	}
+
+	return &mountError{
+		op:     "umount",
+		target: target,
+		flags:  uintptr(mntDetach),
+		err:    err,
+	}
+}
+
+// RecursiveUnmount unmounts the target and all mounts underneath, starting
+// with the deepest mount first. The argument does not have to be a mount
+// point itself.
+func RecursiveUnmount(target string) error {
+	// Fast path, works if target is a mount point that can be unmounted.
+	// On Linux, mntDetach flag ensures a recursive unmount.  For other
+	// platforms, if there are submounts, we'll get EBUSY (and fall back
+	// to the slow path). NOTE we do not ignore EINVAL here as target might
+	// not be a mount point itself (but there can be mounts underneath).
+	if err := unix.Unmount(target, mntDetach); err == nil {
+		return nil
+	}
+
+	// Slow path: get all submounts, sort, unmount one by one.
+	mounts, err := mountinfo.GetMounts(mountinfo.PrefixFilter(target))
+	if err != nil {
+		return err
+	}
+
+	// Make the deepest mount be first
+	sort.Slice(mounts, func(i, j int) bool {
+		return len(mounts[i].Mountpoint) > len(mounts[j].Mountpoint)
+	})
+
+	var (
+		suberr    error
+		lastMount = len(mounts) - 1
+	)
+	for i, m := range mounts {
+		err = Unmount(m.Mountpoint)
+		if err != nil {
+			if i == lastMount {
+				if suberr != nil {
+					return fmt.Errorf("%w (possible cause: %s)", err, suberr)
+				}
+				return err
+			}
+			// This is a submount, we can ignore the error for now,
+			// the final unmount will fail if this is a real problem.
+			// With that in mind, the _first_ failed unmount error
+			// might be the real error cause, so let's keep it.
+			if suberr == nil {
+				suberr = err
+			}
+		}
+	}
+	return nil
+}
diff --git a/pkg/mount/mounter_freebsd.go b/vendor/github.com/moby/sys/mount/mounter_freebsd.go
similarity index 78%
rename from pkg/mount/mounter_freebsd.go
rename to vendor/github.com/moby/sys/mount/mounter_freebsd.go
index b6ab83a23079f..1fffb69015368 100644
--- a/pkg/mount/mounter_freebsd.go
+++ b/vendor/github.com/moby/sys/mount/mounter_freebsd.go
@@ -1,4 +1,7 @@
-package mount // import "github.com/docker/docker/pkg/mount"
+//go:build freebsd && cgo
+// +build freebsd,cgo
+
+package mount
 
 /*
 #include <errno.h>
@@ -11,11 +14,9 @@ package mount // import "github.com/docker/docker/pkg/mount"
 import "C"
 
 import (
-	"fmt"
 	"strings"
+	"syscall"
 	"unsafe"
-
-	"golang.org/x/sys/unix"
 )
 
 func allocateIOVecs(options []string) []C.struct_iovec {
@@ -49,12 +50,13 @@ func mount(device, target, mType string, flag uintptr, data string) error {
 	}
 
 	if errno := C.nmount(&rawOptions[0], C.uint(len(options)), C.int(flag)); errno != 0 {
-		reason := C.GoString(C.strerror(*C.__error()))
-		return fmt.Errorf("Failed to call nmount: %s", reason)
+		return &mountError{
+			op:     "mount",
+			source: device,
+			target: target,
+			flags:  flag,
+			err:    syscall.Errno(errno),
+		}
 	}
 	return nil
 }
-
-func unmount(target string, flag int) error {
-	return unix.Unmount(target, flag)
-}
diff --git a/vendor/github.com/moby/sys/mount/mounter_linux.go b/vendor/github.com/moby/sys/mount/mounter_linux.go
new file mode 100644
index 0000000000000..4e18f4b6786c6
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/mounter_linux.go
@@ -0,0 +1,72 @@
+package mount
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+const (
+	// ptypes is the set propagation types.
+	ptypes = unix.MS_SHARED | unix.MS_PRIVATE | unix.MS_SLAVE | unix.MS_UNBINDABLE
+
+	// pflags is the full set valid flags for a change propagation call.
+	pflags = ptypes | unix.MS_REC | unix.MS_SILENT
+
+	// broflags is the combination of bind and read only
+	broflags = unix.MS_BIND | unix.MS_RDONLY
+)
+
+// isremount returns true if either device name or flags identify a remount request, false otherwise.
+func isremount(device string, flags uintptr) bool {
+	switch {
+	// We treat device "" and "none" as a remount request to provide compatibility with
+	// requests that don't explicitly set MS_REMOUNT such as those manipulating bind mounts.
+	case flags&unix.MS_REMOUNT != 0, device == "", device == "none":
+		return true
+	default:
+		return false
+	}
+}
+
+func mount(device, target, mType string, flags uintptr, data string) error {
+	oflags := flags &^ ptypes
+	if !isremount(device, flags) || data != "" {
+		// Initial call applying all non-propagation flags for mount
+		// or remount with changed data
+		if err := unix.Mount(device, target, mType, oflags, data); err != nil {
+			return &mountError{
+				op:     "mount",
+				source: device,
+				target: target,
+				flags:  oflags,
+				data:   data,
+				err:    err,
+			}
+		}
+	}
+
+	if flags&ptypes != 0 {
+		// Change the propagation type.
+		if err := unix.Mount("", target, "", flags&pflags, ""); err != nil {
+			return &mountError{
+				op:     "remount",
+				target: target,
+				flags:  flags & pflags,
+				err:    err,
+			}
+		}
+	}
+
+	if oflags&broflags == broflags {
+		// Remount the bind to apply read only.
+		if err := unix.Mount("", target, "", oflags|unix.MS_REMOUNT, ""); err != nil {
+			return &mountError{
+				op:     "remount-ro",
+				target: target,
+				flags:  oflags | unix.MS_REMOUNT,
+				err:    err,
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/moby/sys/mount/mounter_openbsd.go b/vendor/github.com/moby/sys/mount/mounter_openbsd.go
new file mode 100644
index 0000000000000..3c0718b907de2
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/mounter_openbsd.go
@@ -0,0 +1,78 @@
+//go:build openbsd && cgo
+// +build openbsd,cgo
+
+/*
+   Due to how OpenBSD mount(2) works, filesystem types need to be
+   supported explicitly since it uses separate structs to pass
+   filesystem-specific arguments.
+
+   For now only UFS/FFS is supported as it's the default fs
+   on OpenBSD systems.
+
+   See: https://man.openbsd.org/mount.2
+*/
+
+package mount
+
+/*
+#include <sys/types.h>
+#include <sys/mount.h>
+*/
+import "C"
+
+import (
+	"fmt"
+	"syscall"
+	"unsafe"
+)
+
+func createExportInfo(readOnly bool) C.struct_export_args {
+	exportFlags := C.int(0)
+	if readOnly {
+		exportFlags = C.MNT_EXRDONLY
+	}
+	out := C.struct_export_args{
+		ex_root:  0,
+		ex_flags: exportFlags,
+	}
+	return out
+}
+
+func createUfsArgs(device string, readOnly bool) unsafe.Pointer {
+	out := &C.struct_ufs_args{
+		fspec:       C.CString(device),
+		export_info: createExportInfo(readOnly),
+	}
+	return unsafe.Pointer(out)
+}
+
+func mount(device, target, mType string, flag uintptr, data string) error {
+	readOnly := flag&RDONLY != 0
+
+	var fsArgs unsafe.Pointer
+
+	switch mType {
+	case "ffs":
+		fsArgs = createUfsArgs(device, readOnly)
+	default:
+		return &mountError{
+			op:     "mount",
+			source: device,
+			target: target,
+			flags:  flag,
+			err:    fmt.Errorf("unsupported file system type: %s", mType),
+		}
+	}
+
+	if errno := C.mount(C.CString(mType), C.CString(target), C.int(flag), fsArgs); errno != 0 {
+		return &mountError{
+			op:     "mount",
+			source: device,
+			target: target,
+			flags:  flag,
+			err:    syscall.Errno(errno),
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/moby/sys/mount/mounter_unsupported.go b/vendor/github.com/moby/sys/mount/mounter_unsupported.go
new file mode 100644
index 0000000000000..31fb7235b0d20
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/mounter_unsupported.go
@@ -0,0 +1,8 @@
+//go:build (!linux && !freebsd && !openbsd && !windows) || (freebsd && !cgo) || (openbsd && !cgo)
+// +build !linux,!freebsd,!openbsd,!windows freebsd,!cgo openbsd,!cgo
+
+package mount
+
+func mount(device, target, mType string, flag uintptr, data string) error {
+	panic("cgo required on freebsd and openbsd")
+}
diff --git a/vendor/github.com/moby/sys/mount/sharedsubtree_linux.go b/vendor/github.com/moby/sys/mount/sharedsubtree_linux.go
new file mode 100644
index 0000000000000..948e6bacd8ae0
--- /dev/null
+++ b/vendor/github.com/moby/sys/mount/sharedsubtree_linux.go
@@ -0,0 +1,73 @@
+package mount
+
+import "github.com/moby/sys/mountinfo"
+
+// MakeShared ensures a mounted filesystem has the SHARED mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeShared(mountPoint string) error {
+	return ensureMountedAs(mountPoint, SHARED)
+}
+
+// MakeRShared ensures a mounted filesystem has the RSHARED mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeRShared(mountPoint string) error {
+	return ensureMountedAs(mountPoint, RSHARED)
+}
+
+// MakePrivate ensures a mounted filesystem has the PRIVATE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakePrivate(mountPoint string) error {
+	return ensureMountedAs(mountPoint, PRIVATE)
+}
+
+// MakeRPrivate ensures a mounted filesystem has the RPRIVATE mount option
+// enabled. See the supported options in flags.go for further reference.
+func MakeRPrivate(mountPoint string) error {
+	return ensureMountedAs(mountPoint, RPRIVATE)
+}
+
+// MakeSlave ensures a mounted filesystem has the SLAVE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeSlave(mountPoint string) error {
+	return ensureMountedAs(mountPoint, SLAVE)
+}
+
+// MakeRSlave ensures a mounted filesystem has the RSLAVE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeRSlave(mountPoint string) error {
+	return ensureMountedAs(mountPoint, RSLAVE)
+}
+
+// MakeUnbindable ensures a mounted filesystem has the UNBINDABLE mount option
+// enabled. See the supported options in flags.go for further reference.
+func MakeUnbindable(mountPoint string) error {
+	return ensureMountedAs(mountPoint, UNBINDABLE)
+}
+
+// MakeRUnbindable ensures a mounted filesystem has the RUNBINDABLE mount
+// option enabled. See the supported options in flags.go for further reference.
+func MakeRUnbindable(mountPoint string) error {
+	return ensureMountedAs(mountPoint, RUNBINDABLE)
+}
+
+// MakeMount ensures that the file or directory given is a mount point,
+// bind mounting it to itself it case it is not.
+func MakeMount(mnt string) error {
+	mounted, err := mountinfo.Mounted(mnt)
+	if err != nil {
+		return err
+	}
+	if mounted {
+		return nil
+	}
+
+	return mount(mnt, mnt, "none", uintptr(BIND), "")
+}
+
+func ensureMountedAs(mnt string, flags int) error {
+	if err := MakeMount(mnt); err != nil {
+		return err
+	}
+
+	return mount("", mnt, "none", uintptr(flags), "")
+}
diff --git a/vendor/github.com/moby/sys/mountinfo/doc.go b/vendor/github.com/moby/sys/mountinfo/doc.go
new file mode 100644
index 0000000000000..b80e05efd056b
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/doc.go
@@ -0,0 +1,44 @@
+// Package mountinfo provides a set of functions to retrieve information about OS mounts.
+//
+// Currently it supports Linux. For historical reasons, there is also some support for FreeBSD and OpenBSD,
+// and a shallow implementation for Windows, but in general this is Linux-only package, so
+// the rest of the document only applies to Linux, unless explicitly specified otherwise.
+//
+// In Linux, information about mounts seen by the current process is available from
+// /proc/self/mountinfo. Note that due to mount namespaces, different processes can
+// see different mounts. A per-process mountinfo table is available from /proc/<PID>/mountinfo,
+// where <PID> is a numerical process identifier.
+//
+// In general, /proc is not a very efficient interface, and mountinfo is not an exception.
+// For example, there is no way to get information about a specific mount point (i.e. it
+// is all-or-nothing). This package tries to hide the /proc ineffectiveness by using
+// parse filters while reading mountinfo. A filter can skip some entries, or stop
+// processing the rest of the file once the needed information is found.
+//
+// For mountinfo filters that accept path as an argument, the path must be absolute,
+// having all symlinks resolved, and being cleaned (i.e. no extra slashes or dots).
+// One way to achieve all of the above is to employ filepath.Abs followed by
+// filepath.EvalSymlinks (the latter calls filepath.Clean on the result so
+// there is no need to explicitly call filepath.Clean).
+//
+// NOTE that in many cases there is no need to consult mountinfo at all. Here are some
+// of the cases where mountinfo should not be parsed:
+//
+// 1. Before performing a mount. Usually, this is not needed, but if required (say to
+// prevent over-mounts), to check whether a directory is mounted, call os.Lstat
+// on it and its parent directory, and compare their st.Sys().(*syscall.Stat_t).Dev
+// fields -- if they differ, then the directory is the mount point. NOTE this does
+// not work for bind mounts. Optionally, the filesystem type can also be checked
+// by calling unix.Statfs and checking the Type field (i.e. filesystem type).
+//
+// 2. After performing a mount. If there is no error returned, the mount succeeded;
+// checking the mount table for a new mount is redundant and expensive.
+//
+// 3. Before performing an unmount. It is more efficient to do an unmount and ignore
+// a specific error (EINVAL) which tells the directory is not mounted.
+//
+// 4. After performing an unmount. If there is no error returned, the unmount succeeded.
+//
+// 5. To find the mount point root of a specific directory. You can perform os.Stat()
+// on the directory and traverse up until the Dev field of a parent directory differs.
+package mountinfo
diff --git a/vendor/github.com/moby/sys/mountinfo/go.mod b/vendor/github.com/moby/sys/mountinfo/go.mod
new file mode 100644
index 0000000000000..1cc3efcf74824
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/go.mod
@@ -0,0 +1,5 @@
+module github.com/moby/sys/mountinfo
+
+go 1.16
+
+require golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go
new file mode 100644
index 0000000000000..5c9e3e30e6622
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go
@@ -0,0 +1,57 @@
+package mountinfo
+
+import (
+	"os"
+	"path/filepath"
+
+	"golang.org/x/sys/unix"
+)
+
+// mountedByOpenat2 is a method of detecting a mount that works for all kinds
+// of mounts (incl. bind mounts), but requires a recent (v5.6+) linux kernel.
+func mountedByOpenat2(path string) (bool, error) {
+	dir, last := filepath.Split(path)
+
+	dirfd, err := unix.Openat2(unix.AT_FDCWD, dir, &unix.OpenHow{
+		Flags: unix.O_PATH | unix.O_CLOEXEC,
+	})
+	if err != nil {
+		return false, &os.PathError{Op: "openat2", Path: dir, Err: err}
+	}
+	fd, err := unix.Openat2(dirfd, last, &unix.OpenHow{
+		Flags:   unix.O_PATH | unix.O_CLOEXEC | unix.O_NOFOLLOW,
+		Resolve: unix.RESOLVE_NO_XDEV,
+	})
+	_ = unix.Close(dirfd)
+	switch err { //nolint:errorlint // unix errors are bare
+	case nil: // definitely not a mount
+		_ = unix.Close(fd)
+		return false, nil
+	case unix.EXDEV: // definitely a mount
+		return true, nil
+	}
+	// not sure
+	return false, &os.PathError{Op: "openat2", Path: path, Err: err}
+}
+
+func mounted(path string) (bool, error) {
+	path, err := normalizePath(path)
+	if err != nil {
+		return false, err
+	}
+	// Try a fast path, using openat2() with RESOLVE_NO_XDEV.
+	mounted, err := mountedByOpenat2(path)
+	if err == nil {
+		return mounted, nil
+	}
+	// Another fast path: compare st.st_dev fields.
+	mounted, err = mountedByStat(path)
+	// This does not work for bind mounts, so false negative
+	// is possible, therefore only trust if return is true.
+	if mounted && err == nil {
+		return mounted, nil
+	}
+
+	// Fallback to parsing mountinfo
+	return mountedByMountinfo(path)
+}
diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_unix.go b/vendor/github.com/moby/sys/mountinfo/mounted_unix.go
new file mode 100644
index 0000000000000..45ddad236f341
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/mounted_unix.go
@@ -0,0 +1,54 @@
+//go:build linux || (freebsd && cgo) || (openbsd && cgo) || (darwin && cgo)
+// +build linux freebsd,cgo openbsd,cgo darwin,cgo
+
+package mountinfo
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"golang.org/x/sys/unix"
+)
+
+func mountedByStat(path string) (bool, error) {
+	var st unix.Stat_t
+
+	if err := unix.Lstat(path, &st); err != nil {
+		return false, &os.PathError{Op: "stat", Path: path, Err: err}
+	}
+	dev := st.Dev
+	parent := filepath.Dir(path)
+	if err := unix.Lstat(parent, &st); err != nil {
+		return false, &os.PathError{Op: "stat", Path: parent, Err: err}
+	}
+	if dev != st.Dev {
+		// Device differs from that of parent,
+		// so definitely a mount point.
+		return true, nil
+	}
+	// NB: this does not detect bind mounts on Linux.
+	return false, nil
+}
+
+func normalizePath(path string) (realPath string, err error) {
+	if realPath, err = filepath.Abs(path); err != nil {
+		return "", fmt.Errorf("unable to get absolute path for %q: %w", path, err)
+	}
+	if realPath, err = filepath.EvalSymlinks(realPath); err != nil {
+		return "", fmt.Errorf("failed to canonicalise path for %q: %w", path, err)
+	}
+	if _, err := os.Stat(realPath); err != nil {
+		return "", fmt.Errorf("failed to stat target of %q: %w", path, err)
+	}
+	return realPath, nil
+}
+
+func mountedByMountinfo(path string) (bool, error) {
+	entries, err := GetMounts(SingleEntryFilter(path))
+	if err != nil {
+		return false, err
+	}
+
+	return len(entries) > 0, nil
+}
diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo.go b/vendor/github.com/moby/sys/mountinfo/mountinfo.go
new file mode 100644
index 0000000000000..9867a66dd85a6
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/mountinfo.go
@@ -0,0 +1,67 @@
+package mountinfo
+
+import (
+	"os"
+)
+
+// GetMounts retrieves a list of mounts for the current running process,
+// with an optional filter applied (use nil for no filter).
+func GetMounts(f FilterFunc) ([]*Info, error) {
+	return parseMountTable(f)
+}
+
+// Mounted determines if a specified path is a mount point. In case of any
+// error, false (and an error) is returned.
+//
+// The non-existent path returns an error. If a caller is not interested
+// in this particular error, it should handle it separately using e.g.
+// errors.Is(err, os.ErrNotExist).
+func Mounted(path string) (bool, error) {
+	// root is always mounted
+	if path == string(os.PathSeparator) {
+		return true, nil
+	}
+	return mounted(path)
+}
+
+// Info reveals information about a particular mounted filesystem. This
+// struct is populated from the content in the /proc/<pid>/mountinfo file.
+type Info struct {
+	// ID is a unique identifier of the mount (may be reused after umount).
+	ID int
+
+	// Parent is the ID of the parent mount (or of self for the root
+	// of this mount namespace's mount tree).
+	Parent int
+
+	// Major and Minor are the major and the minor components of the Dev
+	// field of unix.Stat_t structure returned by unix.*Stat calls for
+	// files on this filesystem.
+	Major, Minor int
+
+	// Root is the pathname of the directory in the filesystem which forms
+	// the root of this mount.
+	Root string
+
+	// Mountpoint is the pathname of the mount point relative to the
+	// process's root directory.
+	Mountpoint string
+
+	// Options is a comma-separated list of mount options.
+	Options string
+
+	// Optional are zero or more fields of the form "tag[:value]",
+	// separated by a space.  Currently, the possible optional fields are
+	// "shared", "master", "propagate_from", and "unbindable". For more
+	// information, see mount_namespaces(7) Linux man page.
+	Optional string
+
+	// FSType is the filesystem type in the form "type[.subtype]".
+	FSType string
+
+	// Source is filesystem-specific information, or "none".
+	Source string
+
+	// VFSOptions is a comma-separated list of superblock options.
+	VFSOptions string
+}
diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go
new file mode 100644
index 0000000000000..d5513a26d2fa6
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go
@@ -0,0 +1,72 @@
+//go:build (freebsd && cgo) || (openbsd && cgo) || (darwin && cgo)
+// +build freebsd,cgo openbsd,cgo darwin,cgo
+
+package mountinfo
+
+/*
+#include <sys/param.h>
+#include <sys/ucred.h>
+#include <sys/mount.h>
+*/
+import "C"
+
+import (
+	"fmt"
+	"reflect"
+	"unsafe"
+)
+
+// parseMountTable returns information about mounted filesystems
+func parseMountTable(filter FilterFunc) ([]*Info, error) {
+	var rawEntries *C.struct_statfs
+
+	count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT))
+	if count == 0 {
+		return nil, fmt.Errorf("failed to call getmntinfo")
+	}
+
+	var entries []C.struct_statfs
+	header := (*reflect.SliceHeader)(unsafe.Pointer(&entries))
+	header.Cap = count
+	header.Len = count
+	header.Data = uintptr(unsafe.Pointer(rawEntries))
+
+	var out []*Info
+	for _, entry := range entries {
+		var mountinfo Info
+		var skip, stop bool
+		mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0])
+		mountinfo.FSType = C.GoString(&entry.f_fstypename[0])
+		mountinfo.Source = C.GoString(&entry.f_mntfromname[0])
+
+		if filter != nil {
+			// filter out entries we're not interested in
+			skip, stop = filter(&mountinfo)
+			if skip {
+				continue
+			}
+		}
+
+		out = append(out, &mountinfo)
+		if stop {
+			break
+		}
+	}
+	return out, nil
+}
+
+func mounted(path string) (bool, error) {
+	path, err := normalizePath(path)
+	if err != nil {
+		return false, err
+	}
+	// Fast path: compare st.st_dev fields.
+	// This should always work for FreeBSD and OpenBSD.
+	mounted, err := mountedByStat(path)
+	if err == nil {
+		return mounted, nil
+	}
+
+	// Fallback to parsing mountinfo
+	return mountedByMountinfo(path)
+}
diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_filters.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_filters.go
new file mode 100644
index 0000000000000..16079c3c541b1
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_filters.go
@@ -0,0 +1,63 @@
+package mountinfo
+
+import "strings"
+
+// FilterFunc is a type defining a callback function for GetMount(),
+// used to filter out mountinfo entries we're not interested in,
+// and/or stop further processing if we found what we wanted.
+//
+// It takes a pointer to the Info struct (fully populated with all available
+// fields on the GOOS platform), and returns two booleans:
+//
+// skip: true if the entry should be skipped;
+//
+// stop: true if parsing should be stopped after the entry.
+type FilterFunc func(*Info) (skip, stop bool)
+
+// PrefixFilter discards all entries whose mount points do not start with, or
+// are equal to the path specified in prefix. The prefix path must be absolute,
+// have all symlinks resolved, and cleaned (i.e. no extra slashes or dots).
+//
+// PrefixFilter treats prefix as a path, not a partial prefix, which means that
+// given "/foo", "/foo/bar" and "/foobar" entries, PrefixFilter("/foo") returns
+// "/foo" and "/foo/bar", and discards "/foobar".
+func PrefixFilter(prefix string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		skip := !strings.HasPrefix(m.Mountpoint+"/", prefix+"/")
+		return skip, false
+	}
+}
+
+// SingleEntryFilter looks for a specific entry.
+func SingleEntryFilter(mp string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		if m.Mountpoint == mp {
+			return false, true // don't skip, stop now
+		}
+		return true, false // skip, keep going
+	}
+}
+
+// ParentsFilter returns all entries whose mount points
+// can be parents of a path specified, discarding others.
+//
+// For example, given /var/lib/docker/something, entries
+// like /var/lib/docker, /var and / are returned.
+func ParentsFilter(path string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		skip := !strings.HasPrefix(path, m.Mountpoint)
+		return skip, false
+	}
+}
+
+// FSTypeFilter returns all entries that match provided fstype(s).
+func FSTypeFilter(fstype ...string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		for _, t := range fstype {
+			if m.FSType == t {
+				return false, false // don't skip, keep going
+			}
+		}
+		return true, false // skip, keep going
+	}
+}
diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go
new file mode 100644
index 0000000000000..59332b07bf4b1
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go
@@ -0,0 +1,214 @@
+package mountinfo
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+)
+
+// GetMountsFromReader retrieves a list of mounts from the
+// reader provided, with an optional filter applied (use nil
+// for no filter). This can be useful in tests or benchmarks
+// that provide fake mountinfo data, or when a source other
+// than /proc/self/mountinfo needs to be read from.
+//
+// This function is Linux-specific.
+func GetMountsFromReader(r io.Reader, filter FilterFunc) ([]*Info, error) {
+	s := bufio.NewScanner(r)
+	out := []*Info{}
+	for s.Scan() {
+		var err error
+
+		/*
+		   See http://man7.org/linux/man-pages/man5/proc.5.html
+
+		   36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
+		   (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
+
+		   (1) mount ID:  unique identifier of the mount (may be reused after umount)
+		   (2) parent ID:  ID of parent (or of self for the top of the mount tree)
+		   (3) major:minor:  value of st_dev for files on filesystem
+		   (4) root:  root of the mount within the filesystem
+		   (5) mount point:  mount point relative to the process's root
+		   (6) mount options:  per mount options
+		   (7) optional fields:  zero or more fields of the form "tag[:value]"
+		   (8) separator:  marks the end of the optional fields
+		   (9) filesystem type:  name of filesystem of the form "type[.subtype]"
+		   (10) mount source:  filesystem specific information or "none"
+		   (11) super options:  per super block options
+
+		   In other words, we have:
+		    * 6 mandatory fields	(1)..(6)
+		    * 0 or more optional fields	(7)
+		    * a separator field		(8)
+		    * 3 mandatory fields	(9)..(11)
+		*/
+
+		text := s.Text()
+		fields := strings.Split(text, " ")
+		numFields := len(fields)
+		if numFields < 10 {
+			// should be at least 10 fields
+			return nil, fmt.Errorf("parsing '%s' failed: not enough fields (%d)", text, numFields)
+		}
+
+		// separator field
+		sepIdx := numFields - 4
+		// In Linux <= 3.9 mounting a cifs with spaces in a share
+		// name (like "//srv/My Docs") _may_ end up having a space
+		// in the last field of mountinfo (like "unc=//serv/My Docs").
+		// Since kernel 3.10-rc1, cifs option "unc=" is ignored,
+		// so spaces should not appear.
+		//
+		// Check for a separator, and work around the spaces bug
+		for fields[sepIdx] != "-" {
+			sepIdx--
+			if sepIdx == 5 {
+				return nil, fmt.Errorf("parsing '%s' failed: missing - separator", text)
+			}
+		}
+
+		p := &Info{}
+
+		p.Mountpoint, err = unescape(fields[4])
+		if err != nil {
+			return nil, fmt.Errorf("parsing '%s' failed: mount point: %w", fields[4], err)
+		}
+		p.FSType, err = unescape(fields[sepIdx+1])
+		if err != nil {
+			return nil, fmt.Errorf("parsing '%s' failed: fstype: %w", fields[sepIdx+1], err)
+		}
+		p.Source, err = unescape(fields[sepIdx+2])
+		if err != nil {
+			return nil, fmt.Errorf("parsing '%s' failed: source: %w", fields[sepIdx+2], err)
+		}
+		p.VFSOptions = fields[sepIdx+3]
+
+		// ignore any numbers parsing errors, as there should not be any
+		p.ID, _ = strconv.Atoi(fields[0])
+		p.Parent, _ = strconv.Atoi(fields[1])
+		mm := strings.SplitN(fields[2], ":", 3)
+		if len(mm) != 2 {
+			return nil, fmt.Errorf("parsing '%s' failed: unexpected major:minor pair %s", text, mm)
+		}
+		p.Major, _ = strconv.Atoi(mm[0])
+		p.Minor, _ = strconv.Atoi(mm[1])
+
+		p.Root, err = unescape(fields[3])
+		if err != nil {
+			return nil, fmt.Errorf("parsing '%s' failed: root: %w", fields[3], err)
+		}
+
+		p.Options = fields[5]
+
+		// zero or more optional fields
+		p.Optional = strings.Join(fields[6:sepIdx], " ")
+
+		// Run the filter after parsing all fields.
+		var skip, stop bool
+		if filter != nil {
+			skip, stop = filter(p)
+			if skip {
+				continue
+			}
+		}
+
+		out = append(out, p)
+		if stop {
+			break
+		}
+	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func parseMountTable(filter FilterFunc) ([]*Info, error) {
+	f, err := os.Open("/proc/self/mountinfo")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	return GetMountsFromReader(f, filter)
+}
+
+// PidMountInfo retrieves the list of mounts from a given process' mount
+// namespace. Unless there is a need to get mounts from a mount namespace
+// different from that of a calling process, use GetMounts.
+//
+// This function is Linux-specific.
+//
+// Deprecated: this will be removed before v1; use GetMountsFromReader with
+// opened /proc/<pid>/mountinfo as an argument instead.
+func PidMountInfo(pid int) ([]*Info, error) {
+	f, err := os.Open(fmt.Sprintf("/proc/%d/mountinfo", pid))
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	return GetMountsFromReader(f, nil)
+}
+
+// A few specific characters in mountinfo path entries (root and mountpoint)
+// are escaped using a backslash followed by a character's ascii code in octal.
+//
+//   space              -- as \040
+//   tab (aka \t)       -- as \011
+//   newline (aka \n)   -- as \012
+//   backslash (aka \\) -- as \134
+//
+// This function converts path from mountinfo back, i.e. it unescapes the above sequences.
+func unescape(path string) (string, error) {
+	// try to avoid copying
+	if strings.IndexByte(path, '\\') == -1 {
+		return path, nil
+	}
+
+	// The following code is UTF-8 transparent as it only looks for some
+	// specific characters (backslash and 0..7) with values < utf8.RuneSelf,
+	// and everything else is passed through as is.
+	buf := make([]byte, len(path))
+	bufLen := 0
+	for i := 0; i < len(path); i++ {
+		if path[i] != '\\' {
+			buf[bufLen] = path[i]
+			bufLen++
+			continue
+		}
+		s := path[i:]
+		if len(s) < 4 {
+			// too short
+			return "", fmt.Errorf("bad escape sequence %q: too short", s)
+		}
+		c := s[1]
+		switch c {
+		case '0', '1', '2', '3', '4', '5', '6', '7':
+			v := c - '0'
+			for j := 2; j < 4; j++ { // one digit already; two more
+				if s[j] < '0' || s[j] > '7' {
+					return "", fmt.Errorf("bad escape sequence %q: not a digit", s[:3])
+				}
+				x := s[j] - '0'
+				v = (v << 3) | x
+			}
+			if v > 255 {
+				return "", fmt.Errorf("bad escape sequence %q: out of range" + s[:3])
+			}
+			buf[bufLen] = v
+			bufLen++
+			i += 3
+			continue
+		default:
+			return "", fmt.Errorf("bad escape sequence %q: not a digit" + s[:3])
+
+		}
+	}
+
+	return string(buf[:bufLen]), nil
+}
diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go
new file mode 100644
index 0000000000000..95769a76dadb1
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go
@@ -0,0 +1,19 @@
+//go:build (!windows && !linux && !freebsd && !openbsd && !darwin) || (freebsd && !cgo) || (openbsd && !cgo) || (darwin && !cgo)
+// +build !windows,!linux,!freebsd,!openbsd,!darwin freebsd,!cgo openbsd,!cgo darwin,!cgo
+
+package mountinfo
+
+import (
+	"fmt"
+	"runtime"
+)
+
+var errNotImplemented = fmt.Errorf("not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
+
+func parseMountTable(_ FilterFunc) ([]*Info, error) {
+	return nil, errNotImplemented
+}
+
+func mounted(path string) (bool, error) {
+	return false, errNotImplemented
+}
diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_windows.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_windows.go
new file mode 100644
index 0000000000000..13fad165e5d31
--- /dev/null
+++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_windows.go
@@ -0,0 +1,10 @@
+package mountinfo
+
+func parseMountTable(_ FilterFunc) ([]*Info, error) {
+	// Do NOT return an error!
+	return nil, nil
+}
+
+func mounted(_ string) (bool, error) {
+	return false, nil
+}
diff --git a/vendor/github.com/moby/sys/signal/go.mod b/vendor/github.com/moby/sys/signal/go.mod
new file mode 100644
index 0000000000000..a9e4436859281
--- /dev/null
+++ b/vendor/github.com/moby/sys/signal/go.mod
@@ -0,0 +1,5 @@
+module github.com/moby/sys/signal
+
+go 1.16
+
+require golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
diff --git a/vendor/github.com/moby/sys/signal/signal.go b/vendor/github.com/moby/sys/signal/signal.go
new file mode 100644
index 0000000000000..3fbf1aac2de96
--- /dev/null
+++ b/vendor/github.com/moby/sys/signal/signal.go
@@ -0,0 +1,61 @@
+// Package signal provides helper functions for dealing with signals across
+// various operating systems.
+package signal
+
+import (
+	"fmt"
+	"os"
+	"os/signal"
+	"strconv"
+	"strings"
+	"syscall"
+)
+
+// CatchAll catches all signals and relays them to the specified channel.
+// SIGURG is not handled, as it's used by the Go runtime to support
+// preemptable system calls.
+func CatchAll(sigc chan os.Signal) {
+	var handledSigs []os.Signal
+	for n, s := range SignalMap {
+		if n == "URG" {
+			// Do not handle SIGURG, as in go1.14+, the go runtime issues
+			// SIGURG as an interrupt to support preemptable system calls on Linux.
+			continue
+		}
+		handledSigs = append(handledSigs, s)
+	}
+	signal.Notify(sigc, handledSigs...)
+}
+
+// StopCatch stops catching the signals and closes the specified channel.
+func StopCatch(sigc chan os.Signal) {
+	signal.Stop(sigc)
+	close(sigc)
+}
+
+// ParseSignal translates a string to a valid syscall signal.
+// It returns an error if the signal map doesn't include the given signal.
+func ParseSignal(rawSignal string) (syscall.Signal, error) {
+	s, err := strconv.Atoi(rawSignal)
+	if err == nil {
+		if s == 0 {
+			return -1, fmt.Errorf("invalid signal: %s", rawSignal)
+		}
+		return syscall.Signal(s), nil
+	}
+	signal, ok := SignalMap[strings.TrimPrefix(strings.ToUpper(rawSignal), "SIG")]
+	if !ok {
+		return -1, fmt.Errorf("invalid signal: %s", rawSignal)
+	}
+	return signal, nil
+}
+
+// ValidSignalForPlatform returns true if a signal is valid on the platform
+func ValidSignalForPlatform(sig syscall.Signal) bool {
+	for _, v := range SignalMap {
+		if v == sig {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pkg/signal/signal_darwin.go b/vendor/github.com/moby/sys/signal/signal_darwin.go
similarity index 91%
rename from pkg/signal/signal_darwin.go
rename to vendor/github.com/moby/sys/signal/signal_darwin.go
index ee5501e3d92e5..355b0d2fc00b3 100644
--- a/pkg/signal/signal_darwin.go
+++ b/vendor/github.com/moby/sys/signal/signal_darwin.go
@@ -1,4 +1,4 @@
-package signal // import "github.com/docker/docker/pkg/signal"
+package signal
 
 import (
 	"syscall"
@@ -8,7 +8,7 @@ import (
 var SignalMap = map[string]syscall.Signal{
 	"ABRT":   syscall.SIGABRT,
 	"ALRM":   syscall.SIGALRM,
-	"BUG":    syscall.SIGBUS,
+	"BUS":    syscall.SIGBUS,
 	"CHLD":   syscall.SIGCHLD,
 	"CONT":   syscall.SIGCONT,
 	"EMT":    syscall.SIGEMT,
diff --git a/pkg/signal/signal_freebsd.go b/vendor/github.com/moby/sys/signal/signal_freebsd.go
similarity index 91%
rename from pkg/signal/signal_freebsd.go
rename to vendor/github.com/moby/sys/signal/signal_freebsd.go
index 764f90e2647ac..b9f800e8fe5f0 100644
--- a/pkg/signal/signal_freebsd.go
+++ b/vendor/github.com/moby/sys/signal/signal_freebsd.go
@@ -1,4 +1,4 @@
-package signal // import "github.com/docker/docker/pkg/signal"
+package signal
 
 import (
 	"syscall"
@@ -8,7 +8,7 @@ import (
 var SignalMap = map[string]syscall.Signal{
 	"ABRT":   syscall.SIGABRT,
 	"ALRM":   syscall.SIGALRM,
-	"BUF":    syscall.SIGBUS,
+	"BUS":    syscall.SIGBUS,
 	"CHLD":   syscall.SIGCHLD,
 	"CONT":   syscall.SIGCONT,
 	"EMT":    syscall.SIGEMT,
diff --git a/pkg/signal/signal_linux.go b/vendor/github.com/moby/sys/signal/signal_linux.go
similarity index 96%
rename from pkg/signal/signal_linux.go
rename to vendor/github.com/moby/sys/signal/signal_linux.go
index 4013bded1361f..f2f658891f079 100644
--- a/pkg/signal/signal_linux.go
+++ b/vendor/github.com/moby/sys/signal/signal_linux.go
@@ -1,6 +1,7 @@
+//go:build !mips && !mipsle && !mips64 && !mips64le
 // +build !mips,!mipsle,!mips64,!mips64le
 
-package signal // import "github.com/docker/docker/pkg/signal"
+package signal
 
 import (
 	"syscall"
diff --git a/pkg/signal/signal_linux_mipsx.go b/vendor/github.com/moby/sys/signal/signal_linux_mipsx.go
similarity index 95%
rename from pkg/signal/signal_linux_mipsx.go
rename to vendor/github.com/moby/sys/signal/signal_linux_mipsx.go
index 4c79891216071..72f035ae72af9 100644
--- a/pkg/signal/signal_linux_mipsx.go
+++ b/vendor/github.com/moby/sys/signal/signal_linux_mipsx.go
@@ -1,7 +1,8 @@
+//go:build linux && (mips || mipsle || mips64 || mips64le)
 // +build linux
 // +build mips mipsle mips64 mips64le
 
-package signal // import "github.com/docker/docker/pkg/signal"
+package signal
 
 import (
 	"syscall"
@@ -35,7 +36,7 @@ var SignalMap = map[string]syscall.Signal{
 	"PWR":      unix.SIGPWR,
 	"QUIT":     unix.SIGQUIT,
 	"SEGV":     unix.SIGSEGV,
-	"SIGEMT":   unix.SIGEMT,
+	"EMT":      unix.SIGEMT,
 	"STOP":     unix.SIGSTOP,
 	"SYS":      unix.SIGSYS,
 	"TERM":     unix.SIGTERM,
diff --git a/pkg/signal/signal_unix.go b/vendor/github.com/moby/sys/signal/signal_unix.go
similarity index 75%
rename from pkg/signal/signal_unix.go
rename to vendor/github.com/moby/sys/signal/signal_unix.go
index a2aa4248fa437..93f01e289deac 100644
--- a/pkg/signal/signal_unix.go
+++ b/vendor/github.com/moby/sys/signal/signal_unix.go
@@ -1,6 +1,7 @@
+//go:build !windows
 // +build !windows
 
-package signal // import "github.com/docker/docker/pkg/signal"
+package signal
 
 import (
 	"syscall"
@@ -16,6 +17,4 @@ const (
 	SIGWINCH = syscall.SIGWINCH
 	// SIGPIPE is a signal sent to a process when a pipe is written to before the other end is open for reading
 	SIGPIPE = syscall.SIGPIPE
-	// DefaultStopSignal is the syscall signal used to stop a container in unix systems.
-	DefaultStopSignal = "SIGTERM"
 )
diff --git a/vendor/github.com/moby/sys/signal/signal_unsupported.go b/vendor/github.com/moby/sys/signal/signal_unsupported.go
new file mode 100644
index 0000000000000..f4200fbc41259
--- /dev/null
+++ b/vendor/github.com/moby/sys/signal/signal_unsupported.go
@@ -0,0 +1,11 @@
+//go:build !linux && !darwin && !freebsd && !windows
+// +build !linux,!darwin,!freebsd,!windows
+
+package signal
+
+import (
+	"syscall"
+)
+
+// SignalMap is an empty map of signals for unsupported platform.
+var SignalMap = map[string]syscall.Signal{}
diff --git a/vendor/github.com/moby/sys/signal/signal_windows.go b/vendor/github.com/moby/sys/signal/signal_windows.go
new file mode 100644
index 0000000000000..cb459d17c251a
--- /dev/null
+++ b/vendor/github.com/moby/sys/signal/signal_windows.go
@@ -0,0 +1,34 @@
+package signal
+
+import (
+	"syscall"
+
+	"golang.org/x/sys/windows"
+)
+
+// Signals used in cli/command (no windows equivalent, use
+// invalid signals so they don't get handled)
+const (
+	SIGCHLD  = syscall.Signal(0xff)
+	SIGWINCH = syscall.Signal(0xff)
+	SIGPIPE  = syscall.Signal(0xff)
+)
+
+// SignalMap is a map of "supported" signals. As per the comment in GOLang's
+// ztypes_windows.go: "More invented values for signals". Windows doesn't
+// really support signals in any way, shape or form that Unix does.
+var SignalMap = map[string]syscall.Signal{
+	"ABRT": syscall.Signal(windows.SIGABRT),
+	"ALRM": syscall.Signal(windows.SIGALRM),
+	"BUS":  syscall.Signal(windows.SIGBUS),
+	"FPE":  syscall.Signal(windows.SIGFPE),
+	"HUP":  syscall.Signal(windows.SIGHUP),
+	"ILL":  syscall.Signal(windows.SIGILL),
+	"INT":  syscall.Signal(windows.SIGINT),
+	"KILL": syscall.Signal(windows.SIGKILL),
+	"PIPE": syscall.Signal(windows.SIGPIPE),
+	"QUIT": syscall.Signal(windows.SIGQUIT),
+	"SEGV": syscall.Signal(windows.SIGSEGV),
+	"TERM": syscall.Signal(windows.SIGTERM),
+	"TRAP": syscall.Signal(windows.SIGTRAP),
+}
diff --git a/pkg/symlink/LICENSE.APACHE b/vendor/github.com/moby/sys/symlink/LICENSE.APACHE
similarity index 100%
rename from pkg/symlink/LICENSE.APACHE
rename to vendor/github.com/moby/sys/symlink/LICENSE.APACHE
diff --git a/pkg/symlink/LICENSE.BSD b/vendor/github.com/moby/sys/symlink/LICENSE.BSD
similarity index 100%
rename from pkg/symlink/LICENSE.BSD
rename to vendor/github.com/moby/sys/symlink/LICENSE.BSD
diff --git a/pkg/symlink/README.md b/vendor/github.com/moby/sys/symlink/README.md
similarity index 100%
rename from pkg/symlink/README.md
rename to vendor/github.com/moby/sys/symlink/README.md
diff --git a/vendor/github.com/moby/sys/symlink/doc.go b/vendor/github.com/moby/sys/symlink/doc.go
new file mode 100644
index 0000000000000..d2de7ecda0bfb
--- /dev/null
+++ b/vendor/github.com/moby/sys/symlink/doc.go
@@ -0,0 +1,4 @@
+// Package symlink implements EvalSymlinksInScope which is an extension of
+// filepath.EvalSymlinks, as well as a Windows long-path aware version of
+// filepath.EvalSymlinks from the Go standard library (https://golang.org/pkg/path/filepath).
+package symlink
diff --git a/vendor/github.com/moby/sys/symlink/fs.go b/vendor/github.com/moby/sys/symlink/fs.go
new file mode 100644
index 0000000000000..244b0096b9e0e
--- /dev/null
+++ b/vendor/github.com/moby/sys/symlink/fs.go
@@ -0,0 +1,142 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE.BSD file.
+
+// This code is a modified version of path/filepath/symlink.go from the Go standard library.
+
+package symlink
+
+import (
+	"bytes"
+	"errors"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+// FollowSymlinkInScope is a wrapper around evalSymlinksInScope that returns an
+// absolute path. This function handles paths in a platform-agnostic manner.
+func FollowSymlinkInScope(path, root string) (string, error) {
+	path, err := filepath.Abs(filepath.FromSlash(path))
+	if err != nil {
+		return "", err
+	}
+	root, err = filepath.Abs(filepath.FromSlash(root))
+	if err != nil {
+		return "", err
+	}
+	return evalSymlinksInScope(path, root)
+}
+
+// evalSymlinksInScope will evaluate symlinks in `path` within a scope `root` and return
+// a result guaranteed to be contained within the scope `root`, at the time of the call.
+// Symlinks in `root` are not evaluated and left as-is.
+// Errors encountered while attempting to evaluate symlinks in path will be returned.
+// Non-existing paths are valid and do not constitute an error.
+// `path` has to contain `root` as a prefix, or else an error will be returned.
+// Trying to break out from `root` does not constitute an error.
+//
+// Example:
+//   If /foo/bar -> /outside,
+//   FollowSymlinkInScope("/foo/bar", "/foo") == "/foo/outside" instead of "/outside"
+//
+// IMPORTANT: it is the caller's responsibility to call evalSymlinksInScope *after* relevant symlinks
+// are created and not to create subsequently, additional symlinks that could potentially make a
+// previously-safe path, unsafe. Example: if /foo/bar does not exist, evalSymlinksInScope("/foo/bar", "/foo")
+// would return "/foo/bar". If one makes /foo/bar a symlink to /baz subsequently, then "/foo/bar" should
+// no longer be considered safely contained in "/foo".
+func evalSymlinksInScope(path, root string) (string, error) {
+	root = filepath.Clean(root)
+	if path == root {
+		return path, nil
+	}
+	if !strings.HasPrefix(path, root) {
+		return "", errors.New("evalSymlinksInScope: " + path + " is not in " + root)
+	}
+	const maxIter = 255
+	originalPath := path
+	// given root of "/a" and path of "/a/b/../../c" we want path to be "/b/../../c"
+	path = path[len(root):]
+	if root == string(filepath.Separator) {
+		path = string(filepath.Separator) + path
+	}
+	if !strings.HasPrefix(path, string(filepath.Separator)) {
+		return "", errors.New("evalSymlinksInScope: " + path + " is not in " + root)
+	}
+	path = filepath.Clean(path)
+	// consume path by taking each frontmost path element,
+	// expanding it if it's a symlink, and appending it to b
+	var b bytes.Buffer
+	// b here will always be considered to be the "current absolute path inside
+	// root" when we append paths to it, we also append a slash and use
+	// filepath.Clean after the loop to trim the trailing slash
+	for n := 0; path != ""; n++ {
+		if n > maxIter {
+			return "", errors.New("evalSymlinksInScope: too many links in " + originalPath)
+		}
+
+		// find next path component, p
+		i := strings.IndexRune(path, filepath.Separator)
+		var p string
+		if i == -1 {
+			p, path = path, ""
+		} else {
+			p, path = path[:i], path[i+1:]
+		}
+
+		if p == "" {
+			continue
+		}
+
+		// this takes a b.String() like "b/../" and a p like "c" and turns it
+		// into "/b/../c" which then gets filepath.Cleaned into "/c" and then
+		// root gets prepended and we Clean again (to remove any trailing slash
+		// if the first Clean gave us just "/")
+		cleanP := filepath.Clean(string(filepath.Separator) + b.String() + p)
+		if isDriveOrRoot(cleanP) {
+			// never Lstat "/" itself, or drive letters on Windows
+			b.Reset()
+			continue
+		}
+		fullP := filepath.Clean(root + cleanP)
+
+		fi, err := os.Lstat(fullP)
+		if os.IsNotExist(err) {
+			// if p does not exist, accept it
+			b.WriteString(p)
+			b.WriteRune(filepath.Separator)
+			continue
+		}
+		if err != nil {
+			return "", err
+		}
+		if fi.Mode()&os.ModeSymlink == 0 {
+			b.WriteString(p)
+			b.WriteRune(filepath.Separator)
+			continue
+		}
+
+		// it's a symlink, put it at the front of path
+		dest, err := os.Readlink(fullP)
+		if err != nil {
+			return "", err
+		}
+		if isAbs(dest) {
+			b.Reset()
+		}
+		path = dest + string(filepath.Separator) + path
+	}
+
+	// see note above on "fullP := ..." for why this is double-cleaned and
+	// what's happening here
+	return filepath.Clean(root + filepath.Clean(string(filepath.Separator)+b.String())), nil
+}
+
+// EvalSymlinks returns the path name after the evaluation of any symbolic
+// links.
+// If path is relative the result will be relative to the current directory,
+// unless one of the components is an absolute symbolic link.
+// This version has been updated to support long paths prepended with `\\?\`.
+func EvalSymlinks(path string) (string, error) {
+	return evalSymlinks(path)
+}
diff --git a/pkg/symlink/fs_unix.go b/vendor/github.com/moby/sys/symlink/fs_unix.go
similarity index 77%
rename from pkg/symlink/fs_unix.go
rename to vendor/github.com/moby/sys/symlink/fs_unix.go
index c6dafcb0b94e4..13ce8251185b4 100644
--- a/pkg/symlink/fs_unix.go
+++ b/vendor/github.com/moby/sys/symlink/fs_unix.go
@@ -1,6 +1,7 @@
+//go:build !windows
 // +build !windows
 
-package symlink // import "github.com/docker/docker/pkg/symlink"
+package symlink
 
 import (
 	"path/filepath"
@@ -13,3 +14,5 @@ func evalSymlinks(path string) (string, error) {
 func isDriveOrRoot(p string) bool {
 	return p == string(filepath.Separator)
 }
+
+var isAbs = filepath.IsAbs
diff --git a/pkg/symlink/fs_windows.go b/vendor/github.com/moby/sys/symlink/fs_windows.go
similarity index 80%
rename from pkg/symlink/fs_windows.go
rename to vendor/github.com/moby/sys/symlink/fs_windows.go
index 754761717b9df..87fd1b8854e27 100644
--- a/pkg/symlink/fs_windows.go
+++ b/vendor/github.com/moby/sys/symlink/fs_windows.go
@@ -1,4 +1,4 @@
-package symlink // import "github.com/docker/docker/pkg/symlink"
+package symlink
 
 import (
 	"bytes"
@@ -7,7 +7,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/docker/docker/pkg/longpath"
 	"golang.org/x/sys/windows"
 )
 
@@ -77,7 +76,10 @@ func evalSymlinks(path string) (string, error) {
 	return filepath.Clean(p), nil
 }
 
-const utf8RuneSelf = 0x80
+const (
+	utf8RuneSelf   = 0x80
+	longPathPrefix = `\\?\`
+)
 
 func walkSymlinks(path string) (string, error) {
 	const maxIter = 255
@@ -87,19 +89,19 @@ func walkSymlinks(path string) (string, error) {
 	var b bytes.Buffer
 	for n := 0; path != ""; n++ {
 		if n > maxIter {
-			return "", errors.New("EvalSymlinks: too many links in " + originalPath)
+			return "", errors.New("too many links in " + originalPath)
 		}
 
 		// A path beginning with `\\?\` represents the root, so automatically
 		// skip that part and begin processing the next segment.
-		if strings.HasPrefix(path, longpath.Prefix) {
-			b.WriteString(longpath.Prefix)
+		if strings.HasPrefix(path, longPathPrefix) {
+			b.WriteString(longPathPrefix)
 			path = path[4:]
 			continue
 		}
 
 		// find next path component, p
-		var i = -1
+		i := -1
 		for j, c := range path {
 			if c < utf8RuneSelf && os.IsPathSeparator(uint8(c)) {
 				i = j
@@ -123,7 +125,7 @@ func walkSymlinks(path string) (string, error) {
 
 		// If this is the first segment after the long path prefix, accept the
 		// current segment as a volume root or UNC share and move on to the next.
-		if b.String() == longpath.Prefix {
+		if b.String() == longPathPrefix {
 			b.WriteString(p)
 			b.WriteRune(filepath.Separator)
 			continue
@@ -146,7 +148,7 @@ func walkSymlinks(path string) (string, error) {
 		if err != nil {
 			return "", err
 		}
-		if filepath.IsAbs(dest) || os.IsPathSeparator(dest[0]) {
+		if isAbs(dest) {
 			b.Reset()
 		}
 		path = dest + string(filepath.Separator) + path
@@ -167,3 +169,17 @@ func isDriveOrRoot(p string) bool {
 	}
 	return false
 }
+
+// isAbs is a platform-specific wrapper for filepath.IsAbs. On Windows,
+// golang filepath.IsAbs does not consider a path \windows\system32 as absolute
+// as it doesn't start with a drive-letter/colon combination. However, in
+// docker we need to verify things such as WORKDIR /windows/system32 in
+// a Dockerfile (which gets translated to \windows\system32 when being processed
+// by the daemon. This SHOULD be treated as absolute from a docker processing
+// perspective.
+func isAbs(path string) bool {
+	if filepath.IsAbs(path) || strings.HasPrefix(path, string(os.PathSeparator)) {
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/moby/sys/symlink/go.mod b/vendor/github.com/moby/sys/symlink/go.mod
new file mode 100644
index 0000000000000..1c18b6a0d40a6
--- /dev/null
+++ b/vendor/github.com/moby/sys/symlink/go.mod
@@ -0,0 +1,5 @@
+module github.com/moby/sys/symlink
+
+go 1.16
+
+require golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
diff --git a/vendor/github.com/moby/term/LICENSE b/vendor/github.com/moby/term/LICENSE
new file mode 100644
index 0000000000000..6d8d58fb676bb
--- /dev/null
+++ b/vendor/github.com/moby/term/LICENSE
@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2013-2018 Docker, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/moby/term/README.md b/vendor/github.com/moby/term/README.md
new file mode 100644
index 0000000000000..0ce92cc339800
--- /dev/null
+++ b/vendor/github.com/moby/term/README.md
@@ -0,0 +1,36 @@
+# term - utilities for dealing with terminals
+
+![Test](https://github.com/moby/term/workflows/Test/badge.svg) [![GoDoc](https://godoc.org/github.com/moby/term?status.svg)](https://godoc.org/github.com/moby/term) [![Go Report Card](https://goreportcard.com/badge/github.com/moby/term)](https://goreportcard.com/report/github.com/moby/term)
+
+term provides structures and helper functions to work with terminal (state, sizes).
+
+#### Using term
+
+```go
+package main
+
+import (
+	"log"
+	"os"
+
+	"github.com/moby/term"
+)
+
+func main() {
+	fd := os.Stdin.Fd()
+	if term.IsTerminal(fd) {
+		ws, err := term.GetWinsize(fd)
+		if err != nil {
+			log.Fatalf("term.GetWinsize: %s", err)
+		}
+		log.Printf("%d:%d\n", ws.Height, ws.Width)
+	}
+}
+```
+
+## Contributing
+
+Want to hack on term? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply.
+
+## Copyright and license
+Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.
diff --git a/pkg/term/ascii.go b/vendor/github.com/moby/term/ascii.go
similarity index 94%
rename from pkg/term/ascii.go
rename to vendor/github.com/moby/term/ascii.go
index 87bca8d4acdb1..55873c0556c90 100644
--- a/pkg/term/ascii.go
+++ b/vendor/github.com/moby/term/ascii.go
@@ -1,4 +1,4 @@
-package term // import "github.com/docker/docker/pkg/term"
+package term
 
 import (
 	"fmt"
diff --git a/vendor/github.com/moby/term/go.mod b/vendor/github.com/moby/term/go.mod
new file mode 100644
index 0000000000000..541f2d429f5ce
--- /dev/null
+++ b/vendor/github.com/moby/term/go.mod
@@ -0,0 +1,12 @@
+module github.com/moby/term
+
+go 1.13
+
+require (
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
+	github.com/creack/pty v1.1.11
+	github.com/google/go-cmp v0.4.0
+	github.com/pkg/errors v0.9.1 // indirect
+	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
+	gotest.tools/v3 v3.0.2
+)
diff --git a/vendor/github.com/moby/term/proxy.go b/vendor/github.com/moby/term/proxy.go
new file mode 100644
index 0000000000000..c47756b89a9cf
--- /dev/null
+++ b/vendor/github.com/moby/term/proxy.go
@@ -0,0 +1,88 @@
+package term
+
+import (
+	"io"
+)
+
+// EscapeError is special error which returned by a TTY proxy reader's Read()
+// method in case its detach escape sequence is read.
+type EscapeError struct{}
+
+func (EscapeError) Error() string {
+	return "read escape sequence"
+}
+
+// escapeProxy is used only for attaches with a TTY. It is used to proxy
+// stdin keypresses from the underlying reader and look for the passed in
+// escape key sequence to signal a detach.
+type escapeProxy struct {
+	escapeKeys   []byte
+	escapeKeyPos int
+	r            io.Reader
+	buf          []byte
+}
+
+// NewEscapeProxy returns a new TTY proxy reader which wraps the given reader
+// and detects when the specified escape keys are read, in which case the Read
+// method will return an error of type EscapeError.
+func NewEscapeProxy(r io.Reader, escapeKeys []byte) io.Reader {
+	return &escapeProxy{
+		escapeKeys: escapeKeys,
+		r:          r,
+	}
+}
+
+func (r *escapeProxy) Read(buf []byte) (n int, err error) {
+	if len(r.escapeKeys) > 0 && r.escapeKeyPos == len(r.escapeKeys) {
+		return 0, EscapeError{}
+	}
+
+	if len(r.buf) > 0 {
+		n = copy(buf, r.buf)
+		r.buf = r.buf[n:]
+	}
+
+	nr, err := r.r.Read(buf[n:])
+	n += nr
+	if len(r.escapeKeys) == 0 {
+		return n, err
+	}
+
+	for i := 0; i < n; i++ {
+		if buf[i] == r.escapeKeys[r.escapeKeyPos] {
+			r.escapeKeyPos++
+
+			// Check if the full escape sequence is matched.
+			if r.escapeKeyPos == len(r.escapeKeys) {
+				n = i + 1 - r.escapeKeyPos
+				if n < 0 {
+					n = 0
+				}
+				return n, EscapeError{}
+			}
+			continue
+		}
+
+		// If we need to prepend a partial escape sequence from the previous
+		// read, make sure the new buffer size doesn't exceed len(buf).
+		// Otherwise, preserve any extra data in a buffer for the next read.
+		if i < r.escapeKeyPos {
+			preserve := make([]byte, 0, r.escapeKeyPos+n)
+			preserve = append(preserve, r.escapeKeys[:r.escapeKeyPos]...)
+			preserve = append(preserve, buf[:n]...)
+			n = copy(buf, preserve)
+			i += r.escapeKeyPos
+			r.buf = append(r.buf, preserve[n:]...)
+		}
+		r.escapeKeyPos = 0
+	}
+
+	// If we're in the middle of reading an escape sequence, make sure we don't
+	// let the caller read it. If later on we find that this is not the escape
+	// sequence, we'll prepend it back to buf.
+	n -= r.escapeKeyPos
+	if n < 0 {
+		n = 0
+	}
+	return n, err
+}
diff --git a/vendor/github.com/moby/term/tc.go b/vendor/github.com/moby/term/tc.go
new file mode 100644
index 0000000000000..65556027a6d37
--- /dev/null
+++ b/vendor/github.com/moby/term/tc.go
@@ -0,0 +1,19 @@
+// +build !windows
+
+package term
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+func tcget(fd uintptr) (*Termios, error) {
+	p, err := unix.IoctlGetTermios(int(fd), getTermios)
+	if err != nil {
+		return nil, err
+	}
+	return p, nil
+}
+
+func tcset(fd uintptr, p *Termios) error {
+	return unix.IoctlSetTermios(int(fd), setTermios, p)
+}
diff --git a/pkg/term/term.go b/vendor/github.com/moby/term/term.go
similarity index 89%
rename from pkg/term/term.go
rename to vendor/github.com/moby/term/term.go
index 0589a955194bd..29c6acf1c7ef6 100644
--- a/pkg/term/term.go
+++ b/vendor/github.com/moby/term/term.go
@@ -2,7 +2,7 @@
 
 // Package term provides structures and helper functions to work with
 // terminal (state, sizes).
-package term // import "github.com/docker/docker/pkg/term"
+package term
 
 import (
 	"errors"
@@ -50,8 +50,8 @@ func GetFdInfo(in interface{}) (uintptr, bool) {
 
 // IsTerminal returns true if the given file descriptor is a terminal.
 func IsTerminal(fd uintptr) bool {
-	var termios Termios
-	return tcget(fd, &termios) == 0
+	_, err := tcget(fd)
+	return err == nil
 }
 
 // RestoreTerminal restores the terminal connected to the given file descriptor
@@ -60,20 +60,16 @@ func RestoreTerminal(fd uintptr, state *State) error {
 	if state == nil {
 		return ErrInvalidState
 	}
-	if err := tcset(fd, &state.termios); err != 0 {
-		return err
-	}
-	return nil
+	return tcset(fd, &state.termios)
 }
 
 // SaveState saves the state of the terminal connected to the given file descriptor.
 func SaveState(fd uintptr) (*State, error) {
-	var oldState State
-	if err := tcget(fd, &oldState.termios); err != 0 {
+	termios, err := tcget(fd)
+	if err != nil {
 		return nil, err
 	}
-
-	return &oldState, nil
+	return &State{termios: *termios}, nil
 }
 
 // DisableEcho applies the specified state to the terminal connected to the file
@@ -82,7 +78,7 @@ func DisableEcho(fd uintptr, state *State) error {
 	newState := state.termios
 	newState.Lflag &^= unix.ECHO
 
-	if err := tcset(fd, &newState); err != 0 {
+	if err := tcset(fd, &newState); err != nil {
 		return err
 	}
 	handleInterrupt(fd, state)
diff --git a/vendor/github.com/moby/term/term_windows.go b/vendor/github.com/moby/term/term_windows.go
new file mode 100644
index 0000000000000..ba82960d4a6d0
--- /dev/null
+++ b/vendor/github.com/moby/term/term_windows.go
@@ -0,0 +1,231 @@
+package term
+
+import (
+	"io"
+	"os"
+	"os/signal"
+
+	windowsconsole "github.com/moby/term/windows"
+	"golang.org/x/sys/windows"
+)
+
+// State holds the console mode for the terminal.
+type State struct {
+	mode uint32
+}
+
+// Winsize is used for window size.
+type Winsize struct {
+	Height uint16
+	Width  uint16
+}
+
+// vtInputSupported is true if winterm.ENABLE_VIRTUAL_TERMINAL_INPUT is supported by the console
+var vtInputSupported bool
+
+// StdStreams returns the standard streams (stdin, stdout, stderr).
+func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
+	// Turn on VT handling on all std handles, if possible. This might
+	// fail, in which case we will fall back to terminal emulation.
+	var (
+		emulateStdin, emulateStdout, emulateStderr bool
+
+		mode uint32
+	)
+
+	fd := windows.Handle(os.Stdin.Fd())
+	if err := windows.GetConsoleMode(fd, &mode); err == nil {
+		// Validate that winterm.ENABLE_VIRTUAL_TERMINAL_INPUT is supported, but do not set it.
+		if err = windows.SetConsoleMode(fd, mode|windows.ENABLE_VIRTUAL_TERMINAL_INPUT); err != nil {
+			emulateStdin = true
+		} else {
+			vtInputSupported = true
+		}
+		// Unconditionally set the console mode back even on failure because SetConsoleMode
+		// remembers invalid bits on input handles.
+		_ = windows.SetConsoleMode(fd, mode)
+	}
+
+	fd = windows.Handle(os.Stdout.Fd())
+	if err := windows.GetConsoleMode(fd, &mode); err == nil {
+		// Validate winterm.DISABLE_NEWLINE_AUTO_RETURN is supported, but do not set it.
+		if err = windows.SetConsoleMode(fd, mode|windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING|windows.DISABLE_NEWLINE_AUTO_RETURN); err != nil {
+			emulateStdout = true
+		} else {
+			_ = windows.SetConsoleMode(fd, mode|windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING)
+		}
+	}
+
+	fd = windows.Handle(os.Stderr.Fd())
+	if err := windows.GetConsoleMode(fd, &mode); err == nil {
+		// Validate winterm.DISABLE_NEWLINE_AUTO_RETURN is supported, but do not set it.
+		if err = windows.SetConsoleMode(fd, mode|windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING|windows.DISABLE_NEWLINE_AUTO_RETURN); err != nil {
+			emulateStderr = true
+		} else {
+			_ = windows.SetConsoleMode(fd, mode|windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING)
+		}
+	}
+
+	// Temporarily use STD_INPUT_HANDLE, STD_OUTPUT_HANDLE and
+	// STD_ERROR_HANDLE from syscall rather than x/sys/windows as long as
+	// go-ansiterm hasn't switch to x/sys/windows.
+	// TODO: switch back to x/sys/windows once go-ansiterm has switched
+	if emulateStdin {
+		h := uint32(windows.STD_INPUT_HANDLE)
+		stdIn = windowsconsole.NewAnsiReader(int(h))
+	} else {
+		stdIn = os.Stdin
+	}
+
+	if emulateStdout {
+		h := uint32(windows.STD_OUTPUT_HANDLE)
+		stdOut = windowsconsole.NewAnsiWriter(int(h))
+	} else {
+		stdOut = os.Stdout
+	}
+
+	if emulateStderr {
+		h := uint32(windows.STD_ERROR_HANDLE)
+		stdErr = windowsconsole.NewAnsiWriter(int(h))
+	} else {
+		stdErr = os.Stderr
+	}
+
+	return
+}
+
+// GetFdInfo returns the file descriptor for an os.File and indicates whether the file represents a terminal.
+func GetFdInfo(in interface{}) (uintptr, bool) {
+	return windowsconsole.GetHandleInfo(in)
+}
+
+// GetWinsize returns the window size based on the specified file descriptor.
+func GetWinsize(fd uintptr) (*Winsize, error) {
+	var info windows.ConsoleScreenBufferInfo
+	if err := windows.GetConsoleScreenBufferInfo(windows.Handle(fd), &info); err != nil {
+		return nil, err
+	}
+
+	winsize := &Winsize{
+		Width:  uint16(info.Window.Right - info.Window.Left + 1),
+		Height: uint16(info.Window.Bottom - info.Window.Top + 1),
+	}
+
+	return winsize, nil
+}
+
+// IsTerminal returns true if the given file descriptor is a terminal.
+func IsTerminal(fd uintptr) bool {
+	var mode uint32
+	err := windows.GetConsoleMode(windows.Handle(fd), &mode)
+	return err == nil
+}
+
+// RestoreTerminal restores the terminal connected to the given file descriptor
+// to a previous state.
+func RestoreTerminal(fd uintptr, state *State) error {
+	return windows.SetConsoleMode(windows.Handle(fd), state.mode)
+}
+
+// SaveState saves the state of the terminal connected to the given file descriptor.
+func SaveState(fd uintptr) (*State, error) {
+	var mode uint32
+
+	if err := windows.GetConsoleMode(windows.Handle(fd), &mode); err != nil {
+		return nil, err
+	}
+
+	return &State{mode: mode}, nil
+}
+
+// DisableEcho disables echo for the terminal connected to the given file descriptor.
+// -- See https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx
+func DisableEcho(fd uintptr, state *State) error {
+	mode := state.mode
+	mode &^= windows.ENABLE_ECHO_INPUT
+	mode |= windows.ENABLE_PROCESSED_INPUT | windows.ENABLE_LINE_INPUT
+	err := windows.SetConsoleMode(windows.Handle(fd), mode)
+	if err != nil {
+		return err
+	}
+
+	// Register an interrupt handler to catch and restore prior state
+	restoreAtInterrupt(fd, state)
+	return nil
+}
+
+// SetRawTerminal puts the terminal connected to the given file descriptor into
+// raw mode and returns the previous state. On UNIX, this puts both the input
+// and output into raw mode. On Windows, it only puts the input into raw mode.
+func SetRawTerminal(fd uintptr) (*State, error) {
+	state, err := MakeRaw(fd)
+	if err != nil {
+		return nil, err
+	}
+
+	// Register an interrupt handler to catch and restore prior state
+	restoreAtInterrupt(fd, state)
+	return state, err
+}
+
+// SetRawTerminalOutput puts the output of terminal connected to the given file
+// descriptor into raw mode. On UNIX, this does nothing and returns nil for the
+// state. On Windows, it disables LF -> CRLF translation.
+func SetRawTerminalOutput(fd uintptr) (*State, error) {
+	state, err := SaveState(fd)
+	if err != nil {
+		return nil, err
+	}
+
+	// Ignore failures, since winterm.DISABLE_NEWLINE_AUTO_RETURN might not be supported on this
+	// version of Windows.
+	_ = windows.SetConsoleMode(windows.Handle(fd), state.mode|windows.DISABLE_NEWLINE_AUTO_RETURN)
+	return state, err
+}
+
+// MakeRaw puts the terminal (Windows Console) connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	state, err := SaveState(fd)
+	if err != nil {
+		return nil, err
+	}
+
+	mode := state.mode
+
+	// See
+	// -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx
+	// -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx
+
+	// Disable these modes
+	mode &^= windows.ENABLE_ECHO_INPUT
+	mode &^= windows.ENABLE_LINE_INPUT
+	mode &^= windows.ENABLE_MOUSE_INPUT
+	mode &^= windows.ENABLE_WINDOW_INPUT
+	mode &^= windows.ENABLE_PROCESSED_INPUT
+
+	// Enable these modes
+	mode |= windows.ENABLE_EXTENDED_FLAGS
+	mode |= windows.ENABLE_INSERT_MODE
+	mode |= windows.ENABLE_QUICK_EDIT_MODE
+	if vtInputSupported {
+		mode |= windows.ENABLE_VIRTUAL_TERMINAL_INPUT
+	}
+
+	err = windows.SetConsoleMode(windows.Handle(fd), mode)
+	if err != nil {
+		return nil, err
+	}
+	return state, nil
+}
+
+func restoreAtInterrupt(fd uintptr, state *State) {
+	sigchan := make(chan os.Signal, 1)
+	signal.Notify(sigchan, os.Interrupt)
+
+	go func() {
+		_ = <-sigchan
+		_ = RestoreTerminal(fd, state)
+		os.Exit(0)
+	}()
+}
diff --git a/vendor/github.com/moby/term/termios.go b/vendor/github.com/moby/term/termios.go
new file mode 100644
index 0000000000000..0f028e2273ac9
--- /dev/null
+++ b/vendor/github.com/moby/term/termios.go
@@ -0,0 +1,35 @@
+// +build !windows
+
+package term
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// Termios is the Unix API for terminal I/O.
+type Termios = unix.Termios
+
+// MakeRaw puts the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	termios, err := tcget(fd)
+	if err != nil {
+		return nil, err
+	}
+
+	oldState := State{termios: *termios}
+
+	termios.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON)
+	termios.Oflag &^= unix.OPOST
+	termios.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN)
+	termios.Cflag &^= (unix.CSIZE | unix.PARENB)
+	termios.Cflag |= unix.CS8
+	termios.Cc[unix.VMIN] = 1
+	termios.Cc[unix.VTIME] = 0
+
+	if err := tcset(fd, termios); err != nil {
+		return nil, err
+	}
+	return &oldState, nil
+}
diff --git a/vendor/github.com/moby/term/termios_bsd.go b/vendor/github.com/moby/term/termios_bsd.go
new file mode 100644
index 0000000000000..922dd4baab04e
--- /dev/null
+++ b/vendor/github.com/moby/term/termios_bsd.go
@@ -0,0 +1,12 @@
+// +build darwin freebsd openbsd netbsd
+
+package term
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+const (
+	getTermios = unix.TIOCGETA
+	setTermios = unix.TIOCSETA
+)
diff --git a/vendor/github.com/moby/term/termios_nonbsd.go b/vendor/github.com/moby/term/termios_nonbsd.go
new file mode 100644
index 0000000000000..038fd61ba1eb6
--- /dev/null
+++ b/vendor/github.com/moby/term/termios_nonbsd.go
@@ -0,0 +1,12 @@
+//+build !darwin,!freebsd,!netbsd,!openbsd,!windows
+
+package term
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+const (
+	getTermios = unix.TCGETS
+	setTermios = unix.TCSETS
+)
diff --git a/pkg/term/windows/ansi_reader.go b/vendor/github.com/moby/term/windows/ansi_reader.go
similarity index 87%
rename from pkg/term/windows/ansi_reader.go
rename to vendor/github.com/moby/term/windows/ansi_reader.go
index 1d7c452cc845b..155251521b09a 100644
--- a/pkg/term/windows/ansi_reader.go
+++ b/vendor/github.com/moby/term/windows/ansi_reader.go
@@ -1,6 +1,6 @@
 // +build windows
 
-package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
+package windowsconsole
 
 import (
 	"bytes"
@@ -31,7 +31,6 @@ type ansiReader struct {
 // NewAnsiReader returns an io.ReadCloser that provides VT100 terminal emulation on top of a
 // Windows console input handle.
 func NewAnsiReader(nFile int) io.ReadCloser {
-	initLogger()
 	file, fd := winterm.GetStdFile(nFile)
 	return &ansiReader{
 		file:    file,
@@ -59,8 +58,6 @@ func (ar *ansiReader) Read(p []byte) (int, error) {
 
 	// Previously read bytes exist, read as much as we can and return
 	if len(ar.buffer) > 0 {
-		logger.Debugf("Reading previously cached bytes")
-
 		originalLength := len(ar.buffer)
 		copiedLength := copy(p, ar.buffer)
 
@@ -70,16 +67,14 @@ func (ar *ansiReader) Read(p []byte) (int, error) {
 			ar.buffer = ar.buffer[copiedLength:]
 		}
 
-		logger.Debugf("Read from cache p[%d]: % x", copiedLength, p)
 		return copiedLength, nil
 	}
 
 	// Read and translate key events
-	events, err := readInputEvents(ar.fd, len(p))
+	events, err := readInputEvents(ar, len(p))
 	if err != nil {
 		return 0, err
 	} else if len(events) == 0 {
-		logger.Debug("No input events detected")
 		return 0, nil
 	}
 
@@ -87,11 +82,9 @@ func (ar *ansiReader) Read(p []byte) (int, error) {
 
 	// Save excess bytes and right-size keyBytes
 	if len(keyBytes) > len(p) {
-		logger.Debugf("Received %d keyBytes, only room for %d bytes", len(keyBytes), len(p))
 		ar.buffer = keyBytes[len(p):]
 		keyBytes = keyBytes[:len(p)]
 	} else if len(keyBytes) == 0 {
-		logger.Debug("No key bytes returned from the translator")
 		return 0, nil
 	}
 
@@ -100,13 +93,11 @@ func (ar *ansiReader) Read(p []byte) (int, error) {
 		return 0, errors.New("unexpected copy length encountered")
 	}
 
-	logger.Debugf("Read        p[%d]: % x", copiedLength, p)
-	logger.Debugf("Read keyBytes[%d]: % x", copiedLength, keyBytes)
 	return copiedLength, nil
 }
 
 // readInputEvents polls until at least one event is available.
-func readInputEvents(fd uintptr, maxBytes int) ([]winterm.INPUT_RECORD, error) {
+func readInputEvents(ar *ansiReader, maxBytes int) ([]winterm.INPUT_RECORD, error) {
 	// Determine the maximum number of records to retrieve
 	// -- Cast around the type system to obtain the size of a single INPUT_RECORD.
 	//    unsafe.Sizeof requires an expression vs. a type-reference; the casting
@@ -118,25 +109,23 @@ func readInputEvents(fd uintptr, maxBytes int) ([]winterm.INPUT_RECORD, error) {
 	} else if countRecords == 0 {
 		countRecords = 1
 	}
-	logger.Debugf("[windows] readInputEvents: Reading %v records (buffer size %v, record size %v)", countRecords, maxBytes, recordSize)
 
 	// Wait for and read input events
 	events := make([]winterm.INPUT_RECORD, countRecords)
 	nEvents := uint32(0)
-	eventsExist, err := winterm.WaitForSingleObject(fd, winterm.WAIT_INFINITE)
+	eventsExist, err := winterm.WaitForSingleObject(ar.fd, winterm.WAIT_INFINITE)
 	if err != nil {
 		return nil, err
 	}
 
 	if eventsExist {
-		err = winterm.ReadConsoleInput(fd, events, &nEvents)
+		err = winterm.ReadConsoleInput(ar.fd, events, &nEvents)
 		if err != nil {
 			return nil, err
 		}
 	}
 
 	// Return a slice restricted to the number of returned records
-	logger.Debugf("[windows] readInputEvents: Read %v events", nEvents)
 	return events[:nEvents], nil
 }
 
diff --git a/pkg/term/windows/ansi_writer.go b/vendor/github.com/moby/term/windows/ansi_writer.go
similarity index 79%
rename from pkg/term/windows/ansi_writer.go
rename to vendor/github.com/moby/term/windows/ansi_writer.go
index 7799a03fc59ed..ccb5ef07757f3 100644
--- a/pkg/term/windows/ansi_writer.go
+++ b/vendor/github.com/moby/term/windows/ansi_writer.go
@@ -1,6 +1,6 @@
 // +build windows
 
-package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
+package windowsconsole
 
 import (
 	"io"
@@ -24,7 +24,6 @@ type ansiWriter struct {
 // NewAnsiWriter returns an io.Writer that provides VT100 terminal emulation on top of a
 // Windows console output handle.
 func NewAnsiWriter(nFile int) io.Writer {
-	initLogger()
 	file, fd := winterm.GetStdFile(nFile)
 	info, err := winterm.GetConsoleScreenBufferInfo(fd)
 	if err != nil {
@@ -32,9 +31,8 @@ func NewAnsiWriter(nFile int) io.Writer {
 	}
 
 	parser := ansiterm.CreateParser("Ground", winterm.CreateWinEventHandler(fd, file))
-	logger.Infof("newAnsiWriter: parser %p", parser)
 
-	aw := &ansiWriter{
+	return &ansiWriter{
 		file:           file,
 		fd:             fd,
 		infoReset:      info,
@@ -42,10 +40,6 @@ func NewAnsiWriter(nFile int) io.Writer {
 		escapeSequence: []byte(ansiterm.KEY_ESC_CSI),
 		parser:         parser,
 	}
-
-	logger.Infof("newAnsiWriter: aw.parser %p", aw.parser)
-	logger.Infof("newAnsiWriter: %v", aw)
-	return aw
 }
 
 func (aw *ansiWriter) Fd() uintptr {
@@ -58,7 +52,5 @@ func (aw *ansiWriter) Write(p []byte) (total int, err error) {
 		return 0, nil
 	}
 
-	logger.Infof("Write: % x", p)
-	logger.Infof("Write: %s", string(p))
 	return aw.parser.Parse(p)
 }
diff --git a/vendor/github.com/moby/term/windows/console.go b/vendor/github.com/moby/term/windows/console.go
new file mode 100644
index 0000000000000..993694ddcd99f
--- /dev/null
+++ b/vendor/github.com/moby/term/windows/console.go
@@ -0,0 +1,39 @@
+// +build windows
+
+package windowsconsole
+
+import (
+	"os"
+
+	"golang.org/x/sys/windows"
+)
+
+// GetHandleInfo returns file descriptor and bool indicating whether the file is a console.
+func GetHandleInfo(in interface{}) (uintptr, bool) {
+	switch t := in.(type) {
+	case *ansiReader:
+		return t.Fd(), true
+	case *ansiWriter:
+		return t.Fd(), true
+	}
+
+	var inFd uintptr
+	var isTerminal bool
+
+	if file, ok := in.(*os.File); ok {
+		inFd = file.Fd()
+		isTerminal = isConsole(inFd)
+	}
+	return inFd, isTerminal
+}
+
+// IsConsole returns true if the given file descriptor is a Windows Console.
+// The code assumes that GetConsoleMode will return an error for file descriptors that are not a console.
+// Deprecated: use golang.org/x/sys/windows.GetConsoleMode() or golang.org/x/term.IsTerminal()
+var IsConsole = isConsole
+
+func isConsole(fd uintptr) bool {
+	var mode uint32
+	err := windows.GetConsoleMode(windows.Handle(fd), &mode)
+	return err == nil
+}
diff --git a/vendor/github.com/moby/term/windows/doc.go b/vendor/github.com/moby/term/windows/doc.go
new file mode 100644
index 0000000000000..54265fffaffd3
--- /dev/null
+++ b/vendor/github.com/moby/term/windows/doc.go
@@ -0,0 +1,5 @@
+// These files implement ANSI-aware input and output streams for use by the Docker Windows client.
+// When asked for the set of standard streams (e.g., stdin, stdout, stderr), the code will create
+// and return pseudo-streams that convert ANSI sequences to / from Windows Console API calls.
+
+package windowsconsole
diff --git a/pkg/term/winsize.go b/vendor/github.com/moby/term/winsize.go
similarity index 91%
rename from pkg/term/winsize.go
rename to vendor/github.com/moby/term/winsize.go
index a19663ad834bf..1ef98d59961e0 100644
--- a/pkg/term/winsize.go
+++ b/vendor/github.com/moby/term/winsize.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package term // import "github.com/docker/docker/pkg/term"
+package term
 
 import (
 	"golang.org/x/sys/unix"
diff --git a/vendor/github.com/modern-go/concurrent/LICENSE b/vendor/github.com/modern-go/concurrent/LICENSE
new file mode 100644
index 0000000000000..261eeb9e9f8b2
--- /dev/null
+++ b/vendor/github.com/modern-go/concurrent/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/modern-go/concurrent/README.md b/vendor/github.com/modern-go/concurrent/README.md
new file mode 100644
index 0000000000000..acab3200aa2e4
--- /dev/null
+++ b/vendor/github.com/modern-go/concurrent/README.md
@@ -0,0 +1,49 @@
+# concurrent
+
+[![Sourcegraph](https://sourcegraph.com/github.com/modern-go/concurrent/-/badge.svg)](https://sourcegraph.com/github.com/modern-go/concurrent?badge)
+[![GoDoc](http://img.shields.io/badge/go-documentation-blue.svg?style=flat-square)](http://godoc.org/github.com/modern-go/concurrent)
+[![Build Status](https://travis-ci.org/modern-go/concurrent.svg?branch=master)](https://travis-ci.org/modern-go/concurrent)
+[![codecov](https://codecov.io/gh/modern-go/concurrent/branch/master/graph/badge.svg)](https://codecov.io/gh/modern-go/concurrent)
+[![rcard](https://goreportcard.com/badge/github.com/modern-go/concurrent)](https://goreportcard.com/report/github.com/modern-go/concurrent)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://raw.githubusercontent.com/modern-go/concurrent/master/LICENSE)
+
+* concurrent.Map: backport sync.Map for go below 1.9
+* concurrent.Executor: goroutine with explicit ownership and cancellable
+
+# concurrent.Map
+
+because sync.Map is only available in go 1.9, we can use concurrent.Map to make code portable
+
+```go
+m := concurrent.NewMap()
+m.Store("hello", "world")
+elem, found := m.Load("hello")
+// elem will be "world"
+// found will be true
+```
+
+# concurrent.Executor
+
+```go
+executor := concurrent.NewUnboundedExecutor()
+executor.Go(func(ctx context.Context) {
+    everyMillisecond := time.NewTicker(time.Millisecond)
+    for {
+        select {
+        case <-ctx.Done():
+            fmt.Println("goroutine exited")
+            return
+        case <-everyMillisecond.C:
+            // do something
+        }
+    }
+})
+time.Sleep(time.Second)
+executor.StopAndWaitForever()
+fmt.Println("executor stopped")
+```
+
+attach goroutine to executor instance, so that we can
+
+* cancel it by stop the executor with Stop/StopAndWait/StopAndWaitForever
+* handle panic by callback: the default behavior will no longer crash your application
\ No newline at end of file
diff --git a/vendor/github.com/modern-go/concurrent/executor.go b/vendor/github.com/modern-go/concurrent/executor.go
new file mode 100644
index 0000000000000..623dba1ac00f2
--- /dev/null
+++ b/vendor/github.com/modern-go/concurrent/executor.go
@@ -0,0 +1,14 @@
+package concurrent
+
+import "context"
+
+// Executor replace go keyword to start a new goroutine
+// the goroutine should cancel itself if the context passed in has been cancelled
+// the goroutine started by the executor, is owned by the executor
+// we can cancel all executors owned by the executor just by stop the executor itself
+// however Executor interface does not Stop method, the one starting and owning executor
+// should use the concrete type of executor, instead of this interface.
+type Executor interface {
+	// Go starts a new goroutine controlled by the context
+	Go(handler func(ctx context.Context))
+}
diff --git a/vendor/github.com/modern-go/concurrent/go_above_19.go b/vendor/github.com/modern-go/concurrent/go_above_19.go
new file mode 100644
index 0000000000000..aeabf8c4f9c80
--- /dev/null
+++ b/vendor/github.com/modern-go/concurrent/go_above_19.go
@@ -0,0 +1,15 @@
+//+build go1.9
+
+package concurrent
+
+import "sync"
+
+// Map is a wrapper for sync.Map introduced in go1.9
+type Map struct {
+	sync.Map
+}
+
+// NewMap creates a thread safe Map
+func NewMap() *Map {
+	return &Map{}
+}
diff --git a/vendor/github.com/modern-go/concurrent/go_below_19.go b/vendor/github.com/modern-go/concurrent/go_below_19.go
new file mode 100644
index 0000000000000..b9c8df7f4101b
--- /dev/null
+++ b/vendor/github.com/modern-go/concurrent/go_below_19.go
@@ -0,0 +1,33 @@
+//+build !go1.9
+
+package concurrent
+
+import "sync"
+
+// Map implements a thread safe map for go version below 1.9 using mutex
+type Map struct {
+	lock sync.RWMutex
+	data map[interface{}]interface{}
+}
+
+// NewMap creates a thread safe map
+func NewMap() *Map {
+	return &Map{
+		data: make(map[interface{}]interface{}, 32),
+	}
+}
+
+// Load is same as sync.Map Load
+func (m *Map) Load(key interface{}) (elem interface{}, found bool) {
+	m.lock.RLock()
+	elem, found = m.data[key]
+	m.lock.RUnlock()
+	return
+}
+
+// Load is same as sync.Map Store
+func (m *Map) Store(key interface{}, elem interface{}) {
+	m.lock.Lock()
+	m.data[key] = elem
+	m.lock.Unlock()
+}
diff --git a/vendor/github.com/modern-go/concurrent/log.go b/vendor/github.com/modern-go/concurrent/log.go
new file mode 100644
index 0000000000000..9756fcc75a79c
--- /dev/null
+++ b/vendor/github.com/modern-go/concurrent/log.go
@@ -0,0 +1,13 @@
+package concurrent
+
+import (
+	"os"
+	"log"
+	"io/ioutil"
+)
+
+// ErrorLogger is used to print out error, can be set to writer other than stderr
+var ErrorLogger = log.New(os.Stderr, "", 0)
+
+// InfoLogger is used to print informational message, default to off
+var InfoLogger = log.New(ioutil.Discard, "", 0)
\ No newline at end of file
diff --git a/vendor/github.com/modern-go/concurrent/unbounded_executor.go b/vendor/github.com/modern-go/concurrent/unbounded_executor.go
new file mode 100644
index 0000000000000..05a77dceb1e23
--- /dev/null
+++ b/vendor/github.com/modern-go/concurrent/unbounded_executor.go
@@ -0,0 +1,119 @@
+package concurrent
+
+import (
+	"context"
+	"fmt"
+	"runtime"
+	"runtime/debug"
+	"sync"
+	"time"
+	"reflect"
+)
+
+// HandlePanic logs goroutine panic by default
+var HandlePanic = func(recovered interface{}, funcName string) {
+	ErrorLogger.Println(fmt.Sprintf("%s panic: %v", funcName, recovered))
+	ErrorLogger.Println(string(debug.Stack()))
+}
+
+// UnboundedExecutor is a executor without limits on counts of alive goroutines
+// it tracks the goroutine started by it, and can cancel them when shutdown
+type UnboundedExecutor struct {
+	ctx                   context.Context
+	cancel                context.CancelFunc
+	activeGoroutinesMutex *sync.Mutex
+	activeGoroutines      map[string]int
+	HandlePanic           func(recovered interface{}, funcName string)
+}
+
+// GlobalUnboundedExecutor has the life cycle of the program itself
+// any goroutine want to be shutdown before main exit can be started from this executor
+// GlobalUnboundedExecutor expects the main function to call stop
+// it does not magically knows the main function exits
+var GlobalUnboundedExecutor = NewUnboundedExecutor()
+
+// NewUnboundedExecutor creates a new UnboundedExecutor,
+// UnboundedExecutor can not be created by &UnboundedExecutor{}
+// HandlePanic can be set with a callback to override global HandlePanic
+func NewUnboundedExecutor() *UnboundedExecutor {
+	ctx, cancel := context.WithCancel(context.TODO())
+	return &UnboundedExecutor{
+		ctx:                   ctx,
+		cancel:                cancel,
+		activeGoroutinesMutex: &sync.Mutex{},
+		activeGoroutines:      map[string]int{},
+	}
+}
+
+// Go starts a new goroutine and tracks its lifecycle.
+// Panic will be recovered and logged automatically, except for StopSignal
+func (executor *UnboundedExecutor) Go(handler func(ctx context.Context)) {
+	pc := reflect.ValueOf(handler).Pointer()
+	f := runtime.FuncForPC(pc)
+	funcName := f.Name()
+	file, line := f.FileLine(pc)
+	executor.activeGoroutinesMutex.Lock()
+	defer executor.activeGoroutinesMutex.Unlock()
+	startFrom := fmt.Sprintf("%s:%d", file, line)
+	executor.activeGoroutines[startFrom] += 1
+	go func() {
+		defer func() {
+			recovered := recover()
+			// if you want to quit a goroutine without trigger HandlePanic
+			// use runtime.Goexit() to quit
+			if recovered != nil {
+				if executor.HandlePanic == nil {
+					HandlePanic(recovered, funcName)
+				} else {
+					executor.HandlePanic(recovered, funcName)
+				}
+			}
+			executor.activeGoroutinesMutex.Lock()
+			executor.activeGoroutines[startFrom] -= 1
+			executor.activeGoroutinesMutex.Unlock()
+		}()
+		handler(executor.ctx)
+	}()
+}
+
+// Stop cancel all goroutines started by this executor without wait
+func (executor *UnboundedExecutor) Stop() {
+	executor.cancel()
+}
+
+// StopAndWaitForever cancel all goroutines started by this executor and
+// wait until all goroutines exited
+func (executor *UnboundedExecutor) StopAndWaitForever() {
+	executor.StopAndWait(context.Background())
+}
+
+// StopAndWait cancel all goroutines started by this executor and wait.
+// Wait can be cancelled by the context passed in.
+func (executor *UnboundedExecutor) StopAndWait(ctx context.Context) {
+	executor.cancel()
+	for {
+		oneHundredMilliseconds := time.NewTimer(time.Millisecond * 100)
+		select {
+		case <-oneHundredMilliseconds.C:
+			if executor.checkNoActiveGoroutines() {
+				return
+			}
+		case <-ctx.Done():
+			return
+		}
+	}
+}
+
+func (executor *UnboundedExecutor) checkNoActiveGoroutines() bool {
+	executor.activeGoroutinesMutex.Lock()
+	defer executor.activeGoroutinesMutex.Unlock()
+	for startFrom, count := range executor.activeGoroutines {
+		if count > 0 {
+			InfoLogger.Println("UnboundedExecutor is still waiting goroutines to quit",
+				"startFrom", startFrom,
+				"count", count)
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/modern-go/reflect2/LICENSE b/vendor/github.com/modern-go/reflect2/LICENSE
new file mode 100644
index 0000000000000..261eeb9e9f8b2
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/modern-go/reflect2/README.md b/vendor/github.com/modern-go/reflect2/README.md
new file mode 100644
index 0000000000000..6f968aab9ecba
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/README.md
@@ -0,0 +1,71 @@
+# reflect2
+
+[![Sourcegraph](https://sourcegraph.com/github.com/modern-go/reflect2/-/badge.svg)](https://sourcegraph.com/github.com/modern-go/reflect2?badge)
+[![GoDoc](http://img.shields.io/badge/go-documentation-blue.svg?style=flat-square)](http://godoc.org/github.com/modern-go/reflect2)
+[![Build Status](https://travis-ci.org/modern-go/reflect2.svg?branch=master)](https://travis-ci.org/modern-go/reflect2)
+[![codecov](https://codecov.io/gh/modern-go/reflect2/branch/master/graph/badge.svg)](https://codecov.io/gh/modern-go/reflect2)
+[![rcard](https://goreportcard.com/badge/github.com/modern-go/reflect2)](https://goreportcard.com/report/github.com/modern-go/reflect2)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://raw.githubusercontent.com/modern-go/reflect2/master/LICENSE)
+
+reflect api that avoids runtime reflect.Value cost
+
+* reflect get/set interface{}, with type checking
+* reflect get/set unsafe.Pointer, without type checking
+* `reflect2.TypeByName` works like `Class.forName` found in java
+
+[json-iterator](https://github.com/json-iterator/go) use this package to save runtime dispatching cost.
+This package is designed for low level libraries to optimize reflection performance.
+General application should still use reflect standard library.
+
+# reflect2.TypeByName
+
+```go
+// given package is github.com/your/awesome-package
+type MyStruct struct {
+	// ...
+}
+
+// will return the type
+reflect2.TypeByName("awesome-package.MyStruct")
+// however, if the type has not been used
+// it will be eliminated by compiler, so we can not get it in runtime
+```
+
+# reflect2 get/set interface{}
+
+```go
+valType := reflect2.TypeOf(1)
+i := 1
+j := 10
+valType.Set(&i, &j)
+// i will be 10
+```
+
+to get set `type`, always use its pointer `*type`
+
+# reflect2 get/set unsafe.Pointer
+
+```go
+valType := reflect2.TypeOf(1)
+i := 1
+j := 10
+valType.UnsafeSet(unsafe.Pointer(&i), unsafe.Pointer(&j))
+// i will be 10
+```
+
+to get set `type`, always use its pointer `*type`
+
+# benchmark
+
+Benchmark is not necessary for this package. It does nothing actually.
+As it is just a thin wrapper to make go runtime public. 
+Both `reflect2` and `reflect` call same function 
+provided by `runtime` package exposed by go language.
+
+# unsafe safety
+
+Instead of casting `[]byte` to `sliceHeader` in your application using unsafe.
+We can use reflect2 instead. This way, if `sliceHeader` changes in the future,
+only reflect2 need to be upgraded.
+
+reflect2 tries its best to keep the implementation same as reflect (by testing).
\ No newline at end of file
diff --git a/vendor/github.com/modern-go/reflect2/go_above_17.go b/vendor/github.com/modern-go/reflect2/go_above_17.go
new file mode 100644
index 0000000000000..5c1cea8683ab3
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/go_above_17.go
@@ -0,0 +1,8 @@
+//+build go1.7
+
+package reflect2
+
+import "unsafe"
+
+//go:linkname resolveTypeOff reflect.resolveTypeOff
+func resolveTypeOff(rtype unsafe.Pointer, off int32) unsafe.Pointer
diff --git a/vendor/github.com/modern-go/reflect2/go_above_19.go b/vendor/github.com/modern-go/reflect2/go_above_19.go
new file mode 100644
index 0000000000000..c7e3b780116a3
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/go_above_19.go
@@ -0,0 +1,14 @@
+//+build go1.9
+
+package reflect2
+
+import (
+	"unsafe"
+)
+
+//go:linkname makemap reflect.makemap
+func makemap(rtype unsafe.Pointer, cap int) (m unsafe.Pointer)
+
+func makeMapWithSize(rtype unsafe.Pointer, cap int) unsafe.Pointer {
+	return makemap(rtype, cap)
+}
diff --git a/vendor/github.com/modern-go/reflect2/go_below_17.go b/vendor/github.com/modern-go/reflect2/go_below_17.go
new file mode 100644
index 0000000000000..65a93c889b777
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/go_below_17.go
@@ -0,0 +1,9 @@
+//+build !go1.7
+
+package reflect2
+
+import "unsafe"
+
+func resolveTypeOff(rtype unsafe.Pointer, off int32) unsafe.Pointer {
+	return nil
+}
diff --git a/vendor/github.com/modern-go/reflect2/go_below_19.go b/vendor/github.com/modern-go/reflect2/go_below_19.go
new file mode 100644
index 0000000000000..b050ef70cddbd
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/go_below_19.go
@@ -0,0 +1,14 @@
+//+build !go1.9
+
+package reflect2
+
+import (
+	"unsafe"
+)
+
+//go:linkname makemap reflect.makemap
+func makemap(rtype unsafe.Pointer) (m unsafe.Pointer)
+
+func makeMapWithSize(rtype unsafe.Pointer, cap int) unsafe.Pointer {
+	return makemap(rtype)
+}
diff --git a/vendor/github.com/modern-go/reflect2/reflect2.go b/vendor/github.com/modern-go/reflect2/reflect2.go
new file mode 100644
index 0000000000000..63b49c7991947
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/reflect2.go
@@ -0,0 +1,298 @@
+package reflect2
+
+import (
+	"github.com/modern-go/concurrent"
+	"reflect"
+	"unsafe"
+)
+
+type Type interface {
+	Kind() reflect.Kind
+	// New return pointer to data of this type
+	New() interface{}
+	// UnsafeNew return the allocated space pointed by unsafe.Pointer
+	UnsafeNew() unsafe.Pointer
+	// PackEFace cast a unsafe pointer to object represented pointer
+	PackEFace(ptr unsafe.Pointer) interface{}
+	// Indirect dereference object represented pointer to this type
+	Indirect(obj interface{}) interface{}
+	// UnsafeIndirect dereference pointer to this type
+	UnsafeIndirect(ptr unsafe.Pointer) interface{}
+	// Type1 returns reflect.Type
+	Type1() reflect.Type
+	Implements(thatType Type) bool
+	String() string
+	RType() uintptr
+	// interface{} of this type has pointer like behavior
+	LikePtr() bool
+	IsNullable() bool
+	IsNil(obj interface{}) bool
+	UnsafeIsNil(ptr unsafe.Pointer) bool
+	Set(obj interface{}, val interface{})
+	UnsafeSet(ptr unsafe.Pointer, val unsafe.Pointer)
+	AssignableTo(anotherType Type) bool
+}
+
+type ListType interface {
+	Type
+	Elem() Type
+	SetIndex(obj interface{}, index int, elem interface{})
+	UnsafeSetIndex(obj unsafe.Pointer, index int, elem unsafe.Pointer)
+	GetIndex(obj interface{}, index int) interface{}
+	UnsafeGetIndex(obj unsafe.Pointer, index int) unsafe.Pointer
+}
+
+type ArrayType interface {
+	ListType
+	Len() int
+}
+
+type SliceType interface {
+	ListType
+	MakeSlice(length int, cap int) interface{}
+	UnsafeMakeSlice(length int, cap int) unsafe.Pointer
+	Grow(obj interface{}, newLength int)
+	UnsafeGrow(ptr unsafe.Pointer, newLength int)
+	Append(obj interface{}, elem interface{})
+	UnsafeAppend(obj unsafe.Pointer, elem unsafe.Pointer)
+	LengthOf(obj interface{}) int
+	UnsafeLengthOf(ptr unsafe.Pointer) int
+	SetNil(obj interface{})
+	UnsafeSetNil(ptr unsafe.Pointer)
+	Cap(obj interface{}) int
+	UnsafeCap(ptr unsafe.Pointer) int
+}
+
+type StructType interface {
+	Type
+	NumField() int
+	Field(i int) StructField
+	FieldByName(name string) StructField
+	FieldByIndex(index []int) StructField
+	FieldByNameFunc(match func(string) bool) StructField
+}
+
+type StructField interface {
+	Offset() uintptr
+	Name() string
+	PkgPath() string
+	Type() Type
+	Tag() reflect.StructTag
+	Index() []int
+	Anonymous() bool
+	Set(obj interface{}, value interface{})
+	UnsafeSet(obj unsafe.Pointer, value unsafe.Pointer)
+	Get(obj interface{}) interface{}
+	UnsafeGet(obj unsafe.Pointer) unsafe.Pointer
+}
+
+type MapType interface {
+	Type
+	Key() Type
+	Elem() Type
+	MakeMap(cap int) interface{}
+	UnsafeMakeMap(cap int) unsafe.Pointer
+	SetIndex(obj interface{}, key interface{}, elem interface{})
+	UnsafeSetIndex(obj unsafe.Pointer, key unsafe.Pointer, elem unsafe.Pointer)
+	TryGetIndex(obj interface{}, key interface{}) (interface{}, bool)
+	GetIndex(obj interface{}, key interface{}) interface{}
+	UnsafeGetIndex(obj unsafe.Pointer, key unsafe.Pointer) unsafe.Pointer
+	Iterate(obj interface{}) MapIterator
+	UnsafeIterate(obj unsafe.Pointer) MapIterator
+}
+
+type MapIterator interface {
+	HasNext() bool
+	Next() (key interface{}, elem interface{})
+	UnsafeNext() (key unsafe.Pointer, elem unsafe.Pointer)
+}
+
+type PtrType interface {
+	Type
+	Elem() Type
+}
+
+type InterfaceType interface {
+	NumMethod() int
+}
+
+type Config struct {
+	UseSafeImplementation bool
+}
+
+type API interface {
+	TypeOf(obj interface{}) Type
+	Type2(type1 reflect.Type) Type
+}
+
+var ConfigUnsafe = Config{UseSafeImplementation: false}.Froze()
+var ConfigSafe = Config{UseSafeImplementation: true}.Froze()
+
+type frozenConfig struct {
+	useSafeImplementation bool
+	cache                 *concurrent.Map
+}
+
+func (cfg Config) Froze() *frozenConfig {
+	return &frozenConfig{
+		useSafeImplementation: cfg.UseSafeImplementation,
+		cache: concurrent.NewMap(),
+	}
+}
+
+func (cfg *frozenConfig) TypeOf(obj interface{}) Type {
+	cacheKey := uintptr(unpackEFace(obj).rtype)
+	typeObj, found := cfg.cache.Load(cacheKey)
+	if found {
+		return typeObj.(Type)
+	}
+	return cfg.Type2(reflect.TypeOf(obj))
+}
+
+func (cfg *frozenConfig) Type2(type1 reflect.Type) Type {
+	if type1 == nil {
+		return nil
+	}
+	cacheKey := uintptr(unpackEFace(type1).data)
+	typeObj, found := cfg.cache.Load(cacheKey)
+	if found {
+		return typeObj.(Type)
+	}
+	type2 := cfg.wrapType(type1)
+	cfg.cache.Store(cacheKey, type2)
+	return type2
+}
+
+func (cfg *frozenConfig) wrapType(type1 reflect.Type) Type {
+	safeType := safeType{Type: type1, cfg: cfg}
+	switch type1.Kind() {
+	case reflect.Struct:
+		if cfg.useSafeImplementation {
+			return &safeStructType{safeType}
+		}
+		return newUnsafeStructType(cfg, type1)
+	case reflect.Array:
+		if cfg.useSafeImplementation {
+			return &safeSliceType{safeType}
+		}
+		return newUnsafeArrayType(cfg, type1)
+	case reflect.Slice:
+		if cfg.useSafeImplementation {
+			return &safeSliceType{safeType}
+		}
+		return newUnsafeSliceType(cfg, type1)
+	case reflect.Map:
+		if cfg.useSafeImplementation {
+			return &safeMapType{safeType}
+		}
+		return newUnsafeMapType(cfg, type1)
+	case reflect.Ptr, reflect.Chan, reflect.Func:
+		if cfg.useSafeImplementation {
+			return &safeMapType{safeType}
+		}
+		return newUnsafePtrType(cfg, type1)
+	case reflect.Interface:
+		if cfg.useSafeImplementation {
+			return &safeMapType{safeType}
+		}
+		if type1.NumMethod() == 0 {
+			return newUnsafeEFaceType(cfg, type1)
+		}
+		return newUnsafeIFaceType(cfg, type1)
+	default:
+		if cfg.useSafeImplementation {
+			return &safeType
+		}
+		return newUnsafeType(cfg, type1)
+	}
+}
+
+func TypeOf(obj interface{}) Type {
+	return ConfigUnsafe.TypeOf(obj)
+}
+
+func TypeOfPtr(obj interface{}) PtrType {
+	return TypeOf(obj).(PtrType)
+}
+
+func Type2(type1 reflect.Type) Type {
+	if type1 == nil {
+		return nil
+	}
+	return ConfigUnsafe.Type2(type1)
+}
+
+func PtrTo(typ Type) Type {
+	return Type2(reflect.PtrTo(typ.Type1()))
+}
+
+func PtrOf(obj interface{}) unsafe.Pointer {
+	return unpackEFace(obj).data
+}
+
+func RTypeOf(obj interface{}) uintptr {
+	return uintptr(unpackEFace(obj).rtype)
+}
+
+func IsNil(obj interface{}) bool {
+	if obj == nil {
+		return true
+	}
+	return unpackEFace(obj).data == nil
+}
+
+func IsNullable(kind reflect.Kind) bool {
+	switch kind {
+	case reflect.Ptr, reflect.Map, reflect.Chan, reflect.Func, reflect.Slice, reflect.Interface:
+		return true
+	}
+	return false
+}
+
+func likePtrKind(kind reflect.Kind) bool {
+	switch kind {
+	case reflect.Ptr, reflect.Map, reflect.Chan, reflect.Func:
+		return true
+	}
+	return false
+}
+
+func likePtrType(typ reflect.Type) bool {
+	if likePtrKind(typ.Kind()) {
+		return true
+	}
+	if typ.Kind() == reflect.Struct {
+		if typ.NumField() != 1 {
+			return false
+		}
+		return likePtrType(typ.Field(0).Type)
+	}
+	if typ.Kind() == reflect.Array {
+		if typ.Len() != 1 {
+			return false
+		}
+		return likePtrType(typ.Elem())
+	}
+	return false
+}
+
+// NoEscape hides a pointer from escape analysis.  noescape is
+// the identity function but escape analysis doesn't think the
+// output depends on the input.  noescape is inlined and currently
+// compiles down to zero instructions.
+// USE CAREFULLY!
+//go:nosplit
+func NoEscape(p unsafe.Pointer) unsafe.Pointer {
+	x := uintptr(p)
+	return unsafe.Pointer(x ^ 0)
+}
+
+func UnsafeCastString(str string) []byte {
+	stringHeader := (*reflect.StringHeader)(unsafe.Pointer(&str))
+	sliceHeader := &reflect.SliceHeader{
+		Data: stringHeader.Data,
+		Cap: stringHeader.Len,
+		Len: stringHeader.Len,
+	}
+	return *(*[]byte)(unsafe.Pointer(sliceHeader))
+}
diff --git a/vendor/github.com/modern-go/reflect2/reflect2_amd64.s b/vendor/github.com/modern-go/reflect2/reflect2_amd64.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/reflect2_kind.go b/vendor/github.com/modern-go/reflect2/reflect2_kind.go
new file mode 100644
index 0000000000000..62f299e404536
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/reflect2_kind.go
@@ -0,0 +1,30 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// DefaultTypeOfKind return the non aliased default type for the kind
+func DefaultTypeOfKind(kind reflect.Kind) Type {
+	return kindTypes[kind]
+}
+
+var kindTypes = map[reflect.Kind]Type{
+	reflect.Bool:          TypeOf(true),
+	reflect.Uint8:         TypeOf(uint8(0)),
+	reflect.Int8:          TypeOf(int8(0)),
+	reflect.Uint16:        TypeOf(uint16(0)),
+	reflect.Int16:         TypeOf(int16(0)),
+	reflect.Uint32:        TypeOf(uint32(0)),
+	reflect.Int32:         TypeOf(int32(0)),
+	reflect.Uint64:        TypeOf(uint64(0)),
+	reflect.Int64:         TypeOf(int64(0)),
+	reflect.Uint:          TypeOf(uint(0)),
+	reflect.Int:           TypeOf(int(0)),
+	reflect.Float32:       TypeOf(float32(0)),
+	reflect.Float64:       TypeOf(float64(0)),
+	reflect.Uintptr:       TypeOf(uintptr(0)),
+	reflect.String:        TypeOf(""),
+	reflect.UnsafePointer: TypeOf(unsafe.Pointer(nil)),
+}
diff --git a/vendor/github.com/modern-go/reflect2/relfect2_386.s b/vendor/github.com/modern-go/reflect2/relfect2_386.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/relfect2_amd64p32.s b/vendor/github.com/modern-go/reflect2/relfect2_amd64p32.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/relfect2_arm.s b/vendor/github.com/modern-go/reflect2/relfect2_arm.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/relfect2_arm64.s b/vendor/github.com/modern-go/reflect2/relfect2_arm64.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/relfect2_mips64x.s b/vendor/github.com/modern-go/reflect2/relfect2_mips64x.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/relfect2_mipsx.s b/vendor/github.com/modern-go/reflect2/relfect2_mipsx.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/relfect2_ppc64x.s b/vendor/github.com/modern-go/reflect2/relfect2_ppc64x.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/relfect2_s390x.s b/vendor/github.com/modern-go/reflect2/relfect2_s390x.s
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/vendor/github.com/modern-go/reflect2/safe_field.go b/vendor/github.com/modern-go/reflect2/safe_field.go
new file mode 100644
index 0000000000000..d4ba1f4f80e97
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/safe_field.go
@@ -0,0 +1,58 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type safeField struct {
+	reflect.StructField
+}
+
+func (field *safeField) Offset() uintptr {
+	return field.StructField.Offset
+}
+
+func (field *safeField) Name() string {
+	return field.StructField.Name
+}
+
+func (field *safeField) PkgPath() string {
+	return field.StructField.PkgPath
+}
+
+func (field *safeField) Type() Type {
+	panic("not implemented")
+}
+
+func (field *safeField) Tag() reflect.StructTag {
+	return field.StructField.Tag
+}
+
+func (field *safeField) Index() []int {
+	return field.StructField.Index
+}
+
+func (field *safeField) Anonymous() bool {
+	return field.StructField.Anonymous
+}
+
+func (field *safeField) Set(obj interface{}, value interface{}) {
+	val := reflect.ValueOf(obj).Elem()
+	val.FieldByIndex(field.Index()).Set(reflect.ValueOf(value).Elem())
+}
+
+func (field *safeField) UnsafeSet(obj unsafe.Pointer, value unsafe.Pointer) {
+	panic("unsafe operation is not supported")
+}
+
+func (field *safeField) Get(obj interface{}) interface{} {
+	val := reflect.ValueOf(obj).Elem().FieldByIndex(field.Index())
+	ptr := reflect.New(val.Type())
+	ptr.Elem().Set(val)
+	return ptr.Interface()
+}
+
+func (field *safeField) UnsafeGet(obj unsafe.Pointer) unsafe.Pointer {
+	panic("does not support unsafe operation")
+}
diff --git a/vendor/github.com/modern-go/reflect2/safe_map.go b/vendor/github.com/modern-go/reflect2/safe_map.go
new file mode 100644
index 0000000000000..88362205a2bb5
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/safe_map.go
@@ -0,0 +1,101 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type safeMapType struct {
+	safeType
+}
+
+func (type2 *safeMapType) Key() Type {
+	return type2.safeType.cfg.Type2(type2.Type.Key())
+}
+
+func (type2 *safeMapType) MakeMap(cap int) interface{} {
+	ptr := reflect.New(type2.Type)
+	ptr.Elem().Set(reflect.MakeMap(type2.Type))
+	return ptr.Interface()
+}
+
+func (type2 *safeMapType) UnsafeMakeMap(cap int) unsafe.Pointer {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeMapType) SetIndex(obj interface{}, key interface{}, elem interface{}) {
+	keyVal := reflect.ValueOf(key)
+	elemVal := reflect.ValueOf(elem)
+	val := reflect.ValueOf(obj)
+	val.Elem().SetMapIndex(keyVal.Elem(), elemVal.Elem())
+}
+
+func (type2 *safeMapType) UnsafeSetIndex(obj unsafe.Pointer, key unsafe.Pointer, elem unsafe.Pointer) {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeMapType) TryGetIndex(obj interface{}, key interface{}) (interface{}, bool) {
+	keyVal := reflect.ValueOf(key)
+	if key == nil {
+		keyVal = reflect.New(type2.Type.Key()).Elem()
+	}
+	val := reflect.ValueOf(obj).MapIndex(keyVal)
+	if !val.IsValid() {
+		return nil, false
+	}
+	return val.Interface(), true
+}
+
+func (type2 *safeMapType) GetIndex(obj interface{}, key interface{}) interface{} {
+	val := reflect.ValueOf(obj).Elem()
+	keyVal := reflect.ValueOf(key).Elem()
+	elemVal := val.MapIndex(keyVal)
+	if !elemVal.IsValid() {
+		ptr := reflect.New(reflect.PtrTo(val.Type().Elem()))
+		return ptr.Elem().Interface()
+	}
+	ptr := reflect.New(elemVal.Type())
+	ptr.Elem().Set(elemVal)
+	return ptr.Interface()
+}
+
+func (type2 *safeMapType) UnsafeGetIndex(obj unsafe.Pointer, key unsafe.Pointer) unsafe.Pointer {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeMapType) Iterate(obj interface{}) MapIterator {
+	m := reflect.ValueOf(obj).Elem()
+	return &safeMapIterator{
+		m:    m,
+		keys: m.MapKeys(),
+	}
+}
+
+func (type2 *safeMapType) UnsafeIterate(obj unsafe.Pointer) MapIterator {
+	panic("does not support unsafe operation")
+}
+
+type safeMapIterator struct {
+	i    int
+	m    reflect.Value
+	keys []reflect.Value
+}
+
+func (iter *safeMapIterator) HasNext() bool {
+	return iter.i != len(iter.keys)
+}
+
+func (iter *safeMapIterator) Next() (interface{}, interface{}) {
+	key := iter.keys[iter.i]
+	elem := iter.m.MapIndex(key)
+	iter.i += 1
+	keyPtr := reflect.New(key.Type())
+	keyPtr.Elem().Set(key)
+	elemPtr := reflect.New(elem.Type())
+	elemPtr.Elem().Set(elem)
+	return keyPtr.Interface(), elemPtr.Interface()
+}
+
+func (iter *safeMapIterator) UnsafeNext() (unsafe.Pointer, unsafe.Pointer) {
+	panic("does not support unsafe operation")
+}
diff --git a/vendor/github.com/modern-go/reflect2/safe_slice.go b/vendor/github.com/modern-go/reflect2/safe_slice.go
new file mode 100644
index 0000000000000..bcce6fd20e5cf
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/safe_slice.go
@@ -0,0 +1,92 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type safeSliceType struct {
+	safeType
+}
+
+func (type2 *safeSliceType) SetIndex(obj interface{}, index int, value interface{}) {
+	val := reflect.ValueOf(obj).Elem()
+	elem := reflect.ValueOf(value).Elem()
+	val.Index(index).Set(elem)
+}
+
+func (type2 *safeSliceType) UnsafeSetIndex(obj unsafe.Pointer, index int, value unsafe.Pointer) {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeSliceType) GetIndex(obj interface{}, index int) interface{} {
+	val := reflect.ValueOf(obj).Elem()
+	elem := val.Index(index)
+	ptr := reflect.New(elem.Type())
+	ptr.Elem().Set(elem)
+	return ptr.Interface()
+}
+
+func (type2 *safeSliceType) UnsafeGetIndex(obj unsafe.Pointer, index int) unsafe.Pointer {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeSliceType) MakeSlice(length int, cap int) interface{} {
+	val := reflect.MakeSlice(type2.Type, length, cap)
+	ptr := reflect.New(val.Type())
+	ptr.Elem().Set(val)
+	return ptr.Interface()
+}
+
+func (type2 *safeSliceType) UnsafeMakeSlice(length int, cap int) unsafe.Pointer {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeSliceType) Grow(obj interface{}, newLength int) {
+	oldCap := type2.Cap(obj)
+	oldSlice := reflect.ValueOf(obj).Elem()
+	delta := newLength - oldCap
+	deltaVals := make([]reflect.Value, delta)
+	newSlice := reflect.Append(oldSlice, deltaVals...)
+	oldSlice.Set(newSlice)
+}
+
+func (type2 *safeSliceType) UnsafeGrow(ptr unsafe.Pointer, newLength int) {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeSliceType) Append(obj interface{}, elem interface{}) {
+	val := reflect.ValueOf(obj).Elem()
+	elemVal := reflect.ValueOf(elem).Elem()
+	newVal := reflect.Append(val, elemVal)
+	val.Set(newVal)
+}
+
+func (type2 *safeSliceType) UnsafeAppend(obj unsafe.Pointer, elem unsafe.Pointer) {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeSliceType) SetNil(obj interface{}) {
+	val := reflect.ValueOf(obj).Elem()
+	val.Set(reflect.Zero(val.Type()))
+}
+
+func (type2 *safeSliceType) UnsafeSetNil(ptr unsafe.Pointer) {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeSliceType) LengthOf(obj interface{}) int {
+	return reflect.ValueOf(obj).Elem().Len()
+}
+
+func (type2 *safeSliceType) UnsafeLengthOf(ptr unsafe.Pointer) int {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeSliceType) Cap(obj interface{}) int {
+	return reflect.ValueOf(obj).Elem().Cap()
+}
+
+func (type2 *safeSliceType) UnsafeCap(ptr unsafe.Pointer) int {
+	panic("does not support unsafe operation")
+}
diff --git a/vendor/github.com/modern-go/reflect2/safe_struct.go b/vendor/github.com/modern-go/reflect2/safe_struct.go
new file mode 100644
index 0000000000000..e5fb9b313ecdb
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/safe_struct.go
@@ -0,0 +1,29 @@
+package reflect2
+
+type safeStructType struct {
+	safeType
+}
+
+func (type2 *safeStructType) FieldByName(name string) StructField {
+	field, found := type2.Type.FieldByName(name)
+	if !found {
+		panic("field " + name + " not found")
+	}
+	return &safeField{StructField: field}
+}
+
+func (type2 *safeStructType) Field(i int) StructField {
+	return &safeField{StructField: type2.Type.Field(i)}
+}
+
+func (type2 *safeStructType) FieldByIndex(index []int) StructField {
+	return &safeField{StructField: type2.Type.FieldByIndex(index)}
+}
+
+func (type2 *safeStructType) FieldByNameFunc(match func(string) bool) StructField {
+	field, found := type2.Type.FieldByNameFunc(match)
+	if !found {
+		panic("field match condition not found in " + type2.Type.String())
+	}
+	return &safeField{StructField: field}
+}
diff --git a/vendor/github.com/modern-go/reflect2/safe_type.go b/vendor/github.com/modern-go/reflect2/safe_type.go
new file mode 100644
index 0000000000000..ee4e7bb6edfdd
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/safe_type.go
@@ -0,0 +1,78 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type safeType struct {
+	reflect.Type
+	cfg *frozenConfig
+}
+
+func (type2 *safeType) New() interface{} {
+	return reflect.New(type2.Type).Interface()
+}
+
+func (type2 *safeType) UnsafeNew() unsafe.Pointer {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeType) Elem() Type {
+	return type2.cfg.Type2(type2.Type.Elem())
+}
+
+func (type2 *safeType) Type1() reflect.Type {
+	return type2.Type
+}
+
+func (type2 *safeType) PackEFace(ptr unsafe.Pointer) interface{} {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeType) Implements(thatType Type) bool {
+	return type2.Type.Implements(thatType.Type1())
+}
+
+func (type2 *safeType) RType() uintptr {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeType) Indirect(obj interface{}) interface{} {
+	return reflect.Indirect(reflect.ValueOf(obj)).Interface()
+}
+
+func (type2 *safeType) UnsafeIndirect(ptr unsafe.Pointer) interface{} {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeType) LikePtr() bool {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeType) IsNullable() bool {
+	return IsNullable(type2.Kind())
+}
+
+func (type2 *safeType) IsNil(obj interface{}) bool {
+	if obj == nil {
+		return true
+	}
+	return reflect.ValueOf(obj).Elem().IsNil()
+}
+
+func (type2 *safeType) UnsafeIsNil(ptr unsafe.Pointer) bool {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeType) Set(obj interface{}, val interface{}) {
+	reflect.ValueOf(obj).Elem().Set(reflect.ValueOf(val).Elem())
+}
+
+func (type2 *safeType) UnsafeSet(ptr unsafe.Pointer, val unsafe.Pointer) {
+	panic("does not support unsafe operation")
+}
+
+func (type2 *safeType) AssignableTo(anotherType Type) bool {
+	return type2.Type1().AssignableTo(anotherType.Type1())
+}
diff --git a/vendor/github.com/modern-go/reflect2/type_map.go b/vendor/github.com/modern-go/reflect2/type_map.go
new file mode 100644
index 0000000000000..3acfb55803a83
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/type_map.go
@@ -0,0 +1,113 @@
+package reflect2
+
+import (
+	"reflect"
+	"runtime"
+	"strings"
+	"sync"
+	"unsafe"
+)
+
+// typelinks1 for 1.5 ~ 1.6
+//go:linkname typelinks1 reflect.typelinks
+func typelinks1() [][]unsafe.Pointer
+
+// typelinks2 for 1.7 ~
+//go:linkname typelinks2 reflect.typelinks
+func typelinks2() (sections []unsafe.Pointer, offset [][]int32)
+
+// initOnce guards initialization of types and packages
+var initOnce sync.Once
+
+var types map[string]reflect.Type
+var packages map[string]map[string]reflect.Type
+
+// discoverTypes initializes types and packages
+func discoverTypes() {
+	types = make(map[string]reflect.Type)
+	packages = make(map[string]map[string]reflect.Type)
+
+	ver := runtime.Version()
+	if ver == "go1.5" || strings.HasPrefix(ver, "go1.5.") {
+		loadGo15Types()
+	} else if ver == "go1.6" || strings.HasPrefix(ver, "go1.6.") {
+		loadGo15Types()
+	} else {
+		loadGo17Types()
+	}
+}
+
+func loadGo15Types() {
+	var obj interface{} = reflect.TypeOf(0)
+	typePtrss := typelinks1()
+	for _, typePtrs := range typePtrss {
+		for _, typePtr := range typePtrs {
+			(*emptyInterface)(unsafe.Pointer(&obj)).word = typePtr
+			typ := obj.(reflect.Type)
+			if typ.Kind() == reflect.Ptr && typ.Elem().Kind() == reflect.Struct {
+				loadedType := typ.Elem()
+				pkgTypes := packages[loadedType.PkgPath()]
+				if pkgTypes == nil {
+					pkgTypes = map[string]reflect.Type{}
+					packages[loadedType.PkgPath()] = pkgTypes
+				}
+				types[loadedType.String()] = loadedType
+				pkgTypes[loadedType.Name()] = loadedType
+			}
+			if typ.Kind() == reflect.Slice && typ.Elem().Kind() == reflect.Ptr &&
+				typ.Elem().Elem().Kind() == reflect.Struct {
+				loadedType := typ.Elem().Elem()
+				pkgTypes := packages[loadedType.PkgPath()]
+				if pkgTypes == nil {
+					pkgTypes = map[string]reflect.Type{}
+					packages[loadedType.PkgPath()] = pkgTypes
+				}
+				types[loadedType.String()] = loadedType
+				pkgTypes[loadedType.Name()] = loadedType
+			}
+		}
+	}
+}
+
+func loadGo17Types() {
+	var obj interface{} = reflect.TypeOf(0)
+	sections, offset := typelinks2()
+	for i, offs := range offset {
+		rodata := sections[i]
+		for _, off := range offs {
+			(*emptyInterface)(unsafe.Pointer(&obj)).word = resolveTypeOff(unsafe.Pointer(rodata), off)
+			typ := obj.(reflect.Type)
+			if typ.Kind() == reflect.Ptr && typ.Elem().Kind() == reflect.Struct {
+				loadedType := typ.Elem()
+				pkgTypes := packages[loadedType.PkgPath()]
+				if pkgTypes == nil {
+					pkgTypes = map[string]reflect.Type{}
+					packages[loadedType.PkgPath()] = pkgTypes
+				}
+				types[loadedType.String()] = loadedType
+				pkgTypes[loadedType.Name()] = loadedType
+			}
+		}
+	}
+}
+
+type emptyInterface struct {
+	typ  unsafe.Pointer
+	word unsafe.Pointer
+}
+
+// TypeByName return the type by its name, just like Class.forName in java
+func TypeByName(typeName string) Type {
+	initOnce.Do(discoverTypes)
+	return Type2(types[typeName])
+}
+
+// TypeByPackageName return the type by its package and name
+func TypeByPackageName(pkgPath string, name string) Type {
+	initOnce.Do(discoverTypes)
+	pkgTypes := packages[pkgPath]
+	if pkgTypes == nil {
+		return nil
+	}
+	return Type2(pkgTypes[name])
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_array.go b/vendor/github.com/modern-go/reflect2/unsafe_array.go
new file mode 100644
index 0000000000000..76cbdba6eb1bb
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_array.go
@@ -0,0 +1,65 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type UnsafeArrayType struct {
+	unsafeType
+	elemRType  unsafe.Pointer
+	pElemRType unsafe.Pointer
+	elemSize   uintptr
+	likePtr    bool
+}
+
+func newUnsafeArrayType(cfg *frozenConfig, type1 reflect.Type) *UnsafeArrayType {
+	return &UnsafeArrayType{
+		unsafeType: *newUnsafeType(cfg, type1),
+		elemRType:  unpackEFace(type1.Elem()).data,
+		pElemRType: unpackEFace(reflect.PtrTo(type1.Elem())).data,
+		elemSize:   type1.Elem().Size(),
+		likePtr:    likePtrType(type1),
+	}
+}
+
+func (type2 *UnsafeArrayType) LikePtr() bool {
+	return type2.likePtr
+}
+
+func (type2 *UnsafeArrayType) Indirect(obj interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("Type.Indirect argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIndirect(objEFace.data)
+}
+
+func (type2 *UnsafeArrayType) UnsafeIndirect(ptr unsafe.Pointer) interface{} {
+	if type2.likePtr {
+		return packEFace(type2.rtype, *(*unsafe.Pointer)(ptr))
+	}
+	return packEFace(type2.rtype, ptr)
+}
+
+func (type2 *UnsafeArrayType) SetIndex(obj interface{}, index int, elem interface{}) {
+	objEFace := unpackEFace(obj)
+	assertType("ArrayType.SetIndex argument 1", type2.ptrRType, objEFace.rtype)
+	elemEFace := unpackEFace(elem)
+	assertType("ArrayType.SetIndex argument 3", type2.pElemRType, elemEFace.rtype)
+	type2.UnsafeSetIndex(objEFace.data, index, elemEFace.data)
+}
+
+func (type2 *UnsafeArrayType) UnsafeSetIndex(obj unsafe.Pointer, index int, elem unsafe.Pointer) {
+	elemPtr := arrayAt(obj, index, type2.elemSize, "i < s.Len")
+	typedmemmove(type2.elemRType, elemPtr, elem)
+}
+
+func (type2 *UnsafeArrayType) GetIndex(obj interface{}, index int) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("ArrayType.GetIndex argument 1", type2.ptrRType, objEFace.rtype)
+	elemPtr := type2.UnsafeGetIndex(objEFace.data, index)
+	return packEFace(type2.pElemRType, elemPtr)
+}
+
+func (type2 *UnsafeArrayType) UnsafeGetIndex(obj unsafe.Pointer, index int) unsafe.Pointer {
+	return arrayAt(obj, index, type2.elemSize, "i < s.Len")
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_eface.go b/vendor/github.com/modern-go/reflect2/unsafe_eface.go
new file mode 100644
index 0000000000000..805010f3a0c55
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_eface.go
@@ -0,0 +1,59 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type eface struct {
+	rtype unsafe.Pointer
+	data  unsafe.Pointer
+}
+
+func unpackEFace(obj interface{}) *eface {
+	return (*eface)(unsafe.Pointer(&obj))
+}
+
+func packEFace(rtype unsafe.Pointer, data unsafe.Pointer) interface{} {
+	var i interface{}
+	e := (*eface)(unsafe.Pointer(&i))
+	e.rtype = rtype
+	e.data = data
+	return i
+}
+
+type UnsafeEFaceType struct {
+	unsafeType
+}
+
+func newUnsafeEFaceType(cfg *frozenConfig, type1 reflect.Type) *UnsafeEFaceType {
+	return &UnsafeEFaceType{
+		unsafeType: *newUnsafeType(cfg, type1),
+	}
+}
+
+func (type2 *UnsafeEFaceType) IsNil(obj interface{}) bool {
+	if obj == nil {
+		return true
+	}
+	objEFace := unpackEFace(obj)
+	assertType("Type.IsNil argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIsNil(objEFace.data)
+}
+
+func (type2 *UnsafeEFaceType) UnsafeIsNil(ptr unsafe.Pointer) bool {
+	if ptr == nil {
+		return true
+	}
+	return unpackEFace(*(*interface{})(ptr)).data == nil
+}
+
+func (type2 *UnsafeEFaceType) Indirect(obj interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("Type.Indirect argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIndirect(objEFace.data)
+}
+
+func (type2 *UnsafeEFaceType) UnsafeIndirect(ptr unsafe.Pointer) interface{} {
+	return *(*interface{})(ptr)
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_field.go b/vendor/github.com/modern-go/reflect2/unsafe_field.go
new file mode 100644
index 0000000000000..5eb53130a2098
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_field.go
@@ -0,0 +1,74 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type UnsafeStructField struct {
+	reflect.StructField
+	structType *UnsafeStructType
+	rtype      unsafe.Pointer
+	ptrRType   unsafe.Pointer
+}
+
+func newUnsafeStructField(structType *UnsafeStructType, structField reflect.StructField) *UnsafeStructField {
+	return &UnsafeStructField{
+		StructField: structField,
+		rtype:       unpackEFace(structField.Type).data,
+		ptrRType:    unpackEFace(reflect.PtrTo(structField.Type)).data,
+		structType:  structType,
+	}
+}
+
+func (field *UnsafeStructField) Offset() uintptr {
+	return field.StructField.Offset
+}
+
+func (field *UnsafeStructField) Name() string {
+	return field.StructField.Name
+}
+
+func (field *UnsafeStructField) PkgPath() string {
+	return field.StructField.PkgPath
+}
+
+func (field *UnsafeStructField) Type() Type {
+	return field.structType.cfg.Type2(field.StructField.Type)
+}
+
+func (field *UnsafeStructField) Tag() reflect.StructTag {
+	return field.StructField.Tag
+}
+
+func (field *UnsafeStructField) Index() []int {
+	return field.StructField.Index
+}
+
+func (field *UnsafeStructField) Anonymous() bool {
+	return field.StructField.Anonymous
+}
+
+func (field *UnsafeStructField) Set(obj interface{}, value interface{}) {
+	objEFace := unpackEFace(obj)
+	assertType("StructField.SetIndex argument 1", field.structType.ptrRType, objEFace.rtype)
+	valueEFace := unpackEFace(value)
+	assertType("StructField.SetIndex argument 2", field.ptrRType, valueEFace.rtype)
+	field.UnsafeSet(objEFace.data, valueEFace.data)
+}
+
+func (field *UnsafeStructField) UnsafeSet(obj unsafe.Pointer, value unsafe.Pointer) {
+	fieldPtr := add(obj, field.StructField.Offset, "same as non-reflect &v.field")
+	typedmemmove(field.rtype, fieldPtr, value)
+}
+
+func (field *UnsafeStructField) Get(obj interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("StructField.GetIndex argument 1", field.structType.ptrRType, objEFace.rtype)
+	value := field.UnsafeGet(objEFace.data)
+	return packEFace(field.ptrRType, value)
+}
+
+func (field *UnsafeStructField) UnsafeGet(obj unsafe.Pointer) unsafe.Pointer {
+	return add(obj, field.StructField.Offset, "same as non-reflect &v.field")
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_iface.go b/vendor/github.com/modern-go/reflect2/unsafe_iface.go
new file mode 100644
index 0000000000000..b60195533ccf5
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_iface.go
@@ -0,0 +1,64 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type iface struct {
+	itab *itab
+	data unsafe.Pointer
+}
+
+type itab struct {
+	ignore unsafe.Pointer
+	rtype  unsafe.Pointer
+}
+
+func IFaceToEFace(ptr unsafe.Pointer) interface{} {
+	iface := (*iface)(ptr)
+	if iface.itab == nil {
+		return nil
+	}
+	return packEFace(iface.itab.rtype, iface.data)
+}
+
+type UnsafeIFaceType struct {
+	unsafeType
+}
+
+func newUnsafeIFaceType(cfg *frozenConfig, type1 reflect.Type) *UnsafeIFaceType {
+	return &UnsafeIFaceType{
+		unsafeType: *newUnsafeType(cfg, type1),
+	}
+}
+
+func (type2 *UnsafeIFaceType) Indirect(obj interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("Type.Indirect argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIndirect(objEFace.data)
+}
+
+func (type2 *UnsafeIFaceType) UnsafeIndirect(ptr unsafe.Pointer) interface{} {
+	return IFaceToEFace(ptr)
+}
+
+func (type2 *UnsafeIFaceType) IsNil(obj interface{}) bool {
+	if obj == nil {
+		return true
+	}
+	objEFace := unpackEFace(obj)
+	assertType("Type.IsNil argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIsNil(objEFace.data)
+}
+
+func (type2 *UnsafeIFaceType) UnsafeIsNil(ptr unsafe.Pointer) bool {
+	if ptr == nil {
+		return true
+	}
+	iface := (*iface)(ptr)
+	if iface.itab == nil {
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_link.go b/vendor/github.com/modern-go/reflect2/unsafe_link.go
new file mode 100644
index 0000000000000..57229c8db4170
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_link.go
@@ -0,0 +1,70 @@
+package reflect2
+
+import "unsafe"
+
+//go:linkname unsafe_New reflect.unsafe_New
+func unsafe_New(rtype unsafe.Pointer) unsafe.Pointer
+
+//go:linkname typedmemmove reflect.typedmemmove
+func typedmemmove(rtype unsafe.Pointer, dst, src unsafe.Pointer)
+
+//go:linkname unsafe_NewArray reflect.unsafe_NewArray
+func unsafe_NewArray(rtype unsafe.Pointer, length int) unsafe.Pointer
+
+// typedslicecopy copies a slice of elemType values from src to dst,
+// returning the number of elements copied.
+//go:linkname typedslicecopy reflect.typedslicecopy
+//go:noescape
+func typedslicecopy(elemType unsafe.Pointer, dst, src sliceHeader) int
+
+//go:linkname mapassign reflect.mapassign
+//go:noescape
+func mapassign(rtype unsafe.Pointer, m unsafe.Pointer, key, val unsafe.Pointer)
+
+//go:linkname mapaccess reflect.mapaccess
+//go:noescape
+func mapaccess(rtype unsafe.Pointer, m unsafe.Pointer, key unsafe.Pointer) (val unsafe.Pointer)
+
+// m escapes into the return value, but the caller of mapiterinit
+// doesn't let the return value escape.
+//go:noescape
+//go:linkname mapiterinit reflect.mapiterinit
+func mapiterinit(rtype unsafe.Pointer, m unsafe.Pointer) *hiter
+
+//go:noescape
+//go:linkname mapiternext reflect.mapiternext
+func mapiternext(it *hiter)
+
+//go:linkname ifaceE2I reflect.ifaceE2I
+func ifaceE2I(rtype unsafe.Pointer, src interface{}, dst unsafe.Pointer)
+
+// A hash iteration structure.
+// If you modify hiter, also change cmd/internal/gc/reflect.go to indicate
+// the layout of this structure.
+type hiter struct {
+	key   unsafe.Pointer // Must be in first position.  Write nil to indicate iteration end (see cmd/internal/gc/range.go).
+	value unsafe.Pointer // Must be in second position (see cmd/internal/gc/range.go).
+	// rest fields are ignored
+}
+
+// add returns p+x.
+//
+// The whySafe string is ignored, so that the function still inlines
+// as efficiently as p+x, but all call sites should use the string to
+// record why the addition is safe, which is to say why the addition
+// does not cause x to advance to the very end of p's allocation
+// and therefore point incorrectly at the next block in memory.
+func add(p unsafe.Pointer, x uintptr, whySafe string) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(p) + x)
+}
+
+// arrayAt returns the i-th element of p,
+// an array whose elements are eltSize bytes wide.
+// The array pointed at by p must have at least i+1 elements:
+// it is invalid (but impossible to check here) to pass i >= len,
+// because then the result will point outside the array.
+// whySafe must explain why i < len. (Passing "i < len" is fine;
+// the benefit is to surface this assumption at the call site.)
+func arrayAt(p unsafe.Pointer, i int, eltSize uintptr, whySafe string) unsafe.Pointer {
+	return add(p, uintptr(i)*eltSize, "i < len")
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_map.go b/vendor/github.com/modern-go/reflect2/unsafe_map.go
new file mode 100644
index 0000000000000..f2e76e6bb1491
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_map.go
@@ -0,0 +1,138 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type UnsafeMapType struct {
+	unsafeType
+	pKeyRType  unsafe.Pointer
+	pElemRType unsafe.Pointer
+}
+
+func newUnsafeMapType(cfg *frozenConfig, type1 reflect.Type) MapType {
+	return &UnsafeMapType{
+		unsafeType: *newUnsafeType(cfg, type1),
+		pKeyRType:  unpackEFace(reflect.PtrTo(type1.Key())).data,
+		pElemRType: unpackEFace(reflect.PtrTo(type1.Elem())).data,
+	}
+}
+
+func (type2 *UnsafeMapType) IsNil(obj interface{}) bool {
+	if obj == nil {
+		return true
+	}
+	objEFace := unpackEFace(obj)
+	assertType("Type.IsNil argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIsNil(objEFace.data)
+}
+
+func (type2 *UnsafeMapType) UnsafeIsNil(ptr unsafe.Pointer) bool {
+	if ptr == nil {
+		return true
+	}
+	return *(*unsafe.Pointer)(ptr) == nil
+}
+
+func (type2 *UnsafeMapType) LikePtr() bool {
+	return true
+}
+
+func (type2 *UnsafeMapType) Indirect(obj interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("MapType.Indirect argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIndirect(objEFace.data)
+}
+
+func (type2 *UnsafeMapType) UnsafeIndirect(ptr unsafe.Pointer) interface{} {
+	return packEFace(type2.rtype, *(*unsafe.Pointer)(ptr))
+}
+
+func (type2 *UnsafeMapType) Key() Type {
+	return type2.cfg.Type2(type2.Type.Key())
+}
+
+func (type2 *UnsafeMapType) MakeMap(cap int) interface{} {
+	return packEFace(type2.ptrRType, type2.UnsafeMakeMap(cap))
+}
+
+func (type2 *UnsafeMapType) UnsafeMakeMap(cap int) unsafe.Pointer {
+	m := makeMapWithSize(type2.rtype, cap)
+	return unsafe.Pointer(&m)
+}
+
+func (type2 *UnsafeMapType) SetIndex(obj interface{}, key interface{}, elem interface{}) {
+	objEFace := unpackEFace(obj)
+	assertType("MapType.SetIndex argument 1", type2.ptrRType, objEFace.rtype)
+	keyEFace := unpackEFace(key)
+	assertType("MapType.SetIndex argument 2", type2.pKeyRType, keyEFace.rtype)
+	elemEFace := unpackEFace(elem)
+	assertType("MapType.SetIndex argument 3", type2.pElemRType, elemEFace.rtype)
+	type2.UnsafeSetIndex(objEFace.data, keyEFace.data, elemEFace.data)
+}
+
+func (type2 *UnsafeMapType) UnsafeSetIndex(obj unsafe.Pointer, key unsafe.Pointer, elem unsafe.Pointer) {
+	mapassign(type2.rtype, *(*unsafe.Pointer)(obj), key, elem)
+}
+
+func (type2 *UnsafeMapType) TryGetIndex(obj interface{}, key interface{}) (interface{}, bool) {
+	objEFace := unpackEFace(obj)
+	assertType("MapType.TryGetIndex argument 1", type2.ptrRType, objEFace.rtype)
+	keyEFace := unpackEFace(key)
+	assertType("MapType.TryGetIndex argument 2", type2.pKeyRType, keyEFace.rtype)
+	elemPtr := type2.UnsafeGetIndex(objEFace.data, keyEFace.data)
+	if elemPtr == nil {
+		return nil, false
+	}
+	return packEFace(type2.pElemRType, elemPtr), true
+}
+
+func (type2 *UnsafeMapType) GetIndex(obj interface{}, key interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("MapType.GetIndex argument 1", type2.ptrRType, objEFace.rtype)
+	keyEFace := unpackEFace(key)
+	assertType("MapType.GetIndex argument 2", type2.pKeyRType, keyEFace.rtype)
+	elemPtr := type2.UnsafeGetIndex(objEFace.data, keyEFace.data)
+	return packEFace(type2.pElemRType, elemPtr)
+}
+
+func (type2 *UnsafeMapType) UnsafeGetIndex(obj unsafe.Pointer, key unsafe.Pointer) unsafe.Pointer {
+	return mapaccess(type2.rtype, *(*unsafe.Pointer)(obj), key)
+}
+
+func (type2 *UnsafeMapType) Iterate(obj interface{}) MapIterator {
+	objEFace := unpackEFace(obj)
+	assertType("MapType.Iterate argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIterate(objEFace.data)
+}
+
+func (type2 *UnsafeMapType) UnsafeIterate(obj unsafe.Pointer) MapIterator {
+	return &UnsafeMapIterator{
+		hiter:      mapiterinit(type2.rtype, *(*unsafe.Pointer)(obj)),
+		pKeyRType:  type2.pKeyRType,
+		pElemRType: type2.pElemRType,
+	}
+}
+
+type UnsafeMapIterator struct {
+	*hiter
+	pKeyRType  unsafe.Pointer
+	pElemRType unsafe.Pointer
+}
+
+func (iter *UnsafeMapIterator) HasNext() bool {
+	return iter.key != nil
+}
+
+func (iter *UnsafeMapIterator) Next() (interface{}, interface{}) {
+	key, elem := iter.UnsafeNext()
+	return packEFace(iter.pKeyRType, key), packEFace(iter.pElemRType, elem)
+}
+
+func (iter *UnsafeMapIterator) UnsafeNext() (unsafe.Pointer, unsafe.Pointer) {
+	key := iter.key
+	elem := iter.value
+	mapiternext(iter.hiter)
+	return key, elem
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_ptr.go b/vendor/github.com/modern-go/reflect2/unsafe_ptr.go
new file mode 100644
index 0000000000000..8e5ec9cf45ed8
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_ptr.go
@@ -0,0 +1,46 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type UnsafePtrType struct {
+	unsafeType
+}
+
+func newUnsafePtrType(cfg *frozenConfig, type1 reflect.Type) *UnsafePtrType {
+	return &UnsafePtrType{
+		unsafeType: *newUnsafeType(cfg, type1),
+	}
+}
+
+func (type2 *UnsafePtrType) IsNil(obj interface{}) bool {
+	if obj == nil {
+		return true
+	}
+	objEFace := unpackEFace(obj)
+	assertType("Type.IsNil argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIsNil(objEFace.data)
+}
+
+func (type2 *UnsafePtrType) UnsafeIsNil(ptr unsafe.Pointer) bool {
+	if ptr == nil {
+		return true
+	}
+	return *(*unsafe.Pointer)(ptr) == nil
+}
+
+func (type2 *UnsafePtrType) LikePtr() bool {
+	return true
+}
+
+func (type2 *UnsafePtrType) Indirect(obj interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("Type.Indirect argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIndirect(objEFace.data)
+}
+
+func (type2 *UnsafePtrType) UnsafeIndirect(ptr unsafe.Pointer) interface{} {
+	return packEFace(type2.rtype, *(*unsafe.Pointer)(ptr))
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_slice.go b/vendor/github.com/modern-go/reflect2/unsafe_slice.go
new file mode 100644
index 0000000000000..1c6d876c7f502
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_slice.go
@@ -0,0 +1,177 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// sliceHeader is a safe version of SliceHeader used within this package.
+type sliceHeader struct {
+	Data unsafe.Pointer
+	Len  int
+	Cap  int
+}
+
+type UnsafeSliceType struct {
+	unsafeType
+	elemRType  unsafe.Pointer
+	pElemRType unsafe.Pointer
+	elemSize   uintptr
+}
+
+func newUnsafeSliceType(cfg *frozenConfig, type1 reflect.Type) SliceType {
+	elemType := type1.Elem()
+	return &UnsafeSliceType{
+		unsafeType: *newUnsafeType(cfg, type1),
+		pElemRType: unpackEFace(reflect.PtrTo(elemType)).data,
+		elemRType:  unpackEFace(elemType).data,
+		elemSize:   elemType.Size(),
+	}
+}
+
+func (type2 *UnsafeSliceType) Set(obj interface{}, val interface{}) {
+	objEFace := unpackEFace(obj)
+	assertType("Type.Set argument 1", type2.ptrRType, objEFace.rtype)
+	valEFace := unpackEFace(val)
+	assertType("Type.Set argument 2", type2.ptrRType, valEFace.rtype)
+	type2.UnsafeSet(objEFace.data, valEFace.data)
+}
+
+func (type2 *UnsafeSliceType) UnsafeSet(ptr unsafe.Pointer, val unsafe.Pointer) {
+	*(*sliceHeader)(ptr) = *(*sliceHeader)(val)
+}
+
+func (type2 *UnsafeSliceType) IsNil(obj interface{}) bool {
+	if obj == nil {
+		return true
+	}
+	objEFace := unpackEFace(obj)
+	assertType("Type.IsNil argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIsNil(objEFace.data)
+}
+
+func (type2 *UnsafeSliceType) UnsafeIsNil(ptr unsafe.Pointer) bool {
+	if ptr == nil {
+		return true
+	}
+	return (*sliceHeader)(ptr).Data == nil
+}
+
+func (type2 *UnsafeSliceType) SetNil(obj interface{}) {
+	objEFace := unpackEFace(obj)
+	assertType("SliceType.SetNil argument 1", type2.ptrRType, objEFace.rtype)
+	type2.UnsafeSetNil(objEFace.data)
+}
+
+func (type2 *UnsafeSliceType) UnsafeSetNil(ptr unsafe.Pointer) {
+	header := (*sliceHeader)(ptr)
+	header.Len = 0
+	header.Cap = 0
+	header.Data = nil
+}
+
+func (type2 *UnsafeSliceType) MakeSlice(length int, cap int) interface{} {
+	return packEFace(type2.ptrRType, type2.UnsafeMakeSlice(length, cap))
+}
+
+func (type2 *UnsafeSliceType) UnsafeMakeSlice(length int, cap int) unsafe.Pointer {
+	header := &sliceHeader{unsafe_NewArray(type2.elemRType, cap), length, cap}
+	return unsafe.Pointer(header)
+}
+
+func (type2 *UnsafeSliceType) LengthOf(obj interface{}) int {
+	objEFace := unpackEFace(obj)
+	assertType("SliceType.Len argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeLengthOf(objEFace.data)
+}
+
+func (type2 *UnsafeSliceType) UnsafeLengthOf(obj unsafe.Pointer) int {
+	header := (*sliceHeader)(obj)
+	return header.Len
+}
+
+func (type2 *UnsafeSliceType) SetIndex(obj interface{}, index int, elem interface{}) {
+	objEFace := unpackEFace(obj)
+	assertType("SliceType.SetIndex argument 1", type2.ptrRType, objEFace.rtype)
+	elemEFace := unpackEFace(elem)
+	assertType("SliceType.SetIndex argument 3", type2.pElemRType, elemEFace.rtype)
+	type2.UnsafeSetIndex(objEFace.data, index, elemEFace.data)
+}
+
+func (type2 *UnsafeSliceType) UnsafeSetIndex(obj unsafe.Pointer, index int, elem unsafe.Pointer) {
+	header := (*sliceHeader)(obj)
+	elemPtr := arrayAt(header.Data, index, type2.elemSize, "i < s.Len")
+	typedmemmove(type2.elemRType, elemPtr, elem)
+}
+
+func (type2 *UnsafeSliceType) GetIndex(obj interface{}, index int) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("SliceType.GetIndex argument 1", type2.ptrRType, objEFace.rtype)
+	elemPtr := type2.UnsafeGetIndex(objEFace.data, index)
+	return packEFace(type2.pElemRType, elemPtr)
+}
+
+func (type2 *UnsafeSliceType) UnsafeGetIndex(obj unsafe.Pointer, index int) unsafe.Pointer {
+	header := (*sliceHeader)(obj)
+	return arrayAt(header.Data, index, type2.elemSize, "i < s.Len")
+}
+
+func (type2 *UnsafeSliceType) Append(obj interface{}, elem interface{}) {
+	objEFace := unpackEFace(obj)
+	assertType("SliceType.Append argument 1", type2.ptrRType, objEFace.rtype)
+	elemEFace := unpackEFace(elem)
+	assertType("SliceType.Append argument 2", type2.pElemRType, elemEFace.rtype)
+	type2.UnsafeAppend(objEFace.data, elemEFace.data)
+}
+
+func (type2 *UnsafeSliceType) UnsafeAppend(obj unsafe.Pointer, elem unsafe.Pointer) {
+	header := (*sliceHeader)(obj)
+	oldLen := header.Len
+	type2.UnsafeGrow(obj, oldLen+1)
+	type2.UnsafeSetIndex(obj, oldLen, elem)
+}
+
+func (type2 *UnsafeSliceType) Cap(obj interface{}) int {
+	objEFace := unpackEFace(obj)
+	assertType("SliceType.Cap argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeCap(objEFace.data)
+}
+
+func (type2 *UnsafeSliceType) UnsafeCap(ptr unsafe.Pointer) int {
+	return (*sliceHeader)(ptr).Cap
+}
+
+func (type2 *UnsafeSliceType) Grow(obj interface{}, newLength int) {
+	objEFace := unpackEFace(obj)
+	assertType("SliceType.Grow argument 1", type2.ptrRType, objEFace.rtype)
+	type2.UnsafeGrow(objEFace.data, newLength)
+}
+
+func (type2 *UnsafeSliceType) UnsafeGrow(obj unsafe.Pointer, newLength int) {
+	header := (*sliceHeader)(obj)
+	if newLength <= header.Cap {
+		header.Len = newLength
+		return
+	}
+	newCap := calcNewCap(header.Cap, newLength)
+	newHeader := (*sliceHeader)(type2.UnsafeMakeSlice(header.Len, newCap))
+	typedslicecopy(type2.elemRType, *newHeader, *header)
+	header.Data = newHeader.Data
+	header.Cap = newHeader.Cap
+	header.Len = newLength
+}
+
+func calcNewCap(cap int, expectedCap int) int {
+	if cap == 0 {
+		cap = expectedCap
+	} else {
+		for cap < expectedCap {
+			if cap < 1024 {
+				cap += cap
+			} else {
+				cap += cap / 4
+			}
+		}
+	}
+	return cap
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_struct.go b/vendor/github.com/modern-go/reflect2/unsafe_struct.go
new file mode 100644
index 0000000000000..804d9166397bb
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_struct.go
@@ -0,0 +1,59 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type UnsafeStructType struct {
+	unsafeType
+	likePtr bool
+}
+
+func newUnsafeStructType(cfg *frozenConfig, type1 reflect.Type) *UnsafeStructType {
+	return &UnsafeStructType{
+		unsafeType: *newUnsafeType(cfg, type1),
+		likePtr:    likePtrType(type1),
+	}
+}
+
+func (type2 *UnsafeStructType) LikePtr() bool {
+	return type2.likePtr
+}
+
+func (type2 *UnsafeStructType) Indirect(obj interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("Type.Indirect argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIndirect(objEFace.data)
+}
+
+func (type2 *UnsafeStructType) UnsafeIndirect(ptr unsafe.Pointer) interface{} {
+	if type2.likePtr {
+		return packEFace(type2.rtype, *(*unsafe.Pointer)(ptr))
+	}
+	return packEFace(type2.rtype, ptr)
+}
+
+func (type2 *UnsafeStructType) FieldByName(name string) StructField {
+	structField, found := type2.Type.FieldByName(name)
+	if !found {
+		return nil
+	}
+	return newUnsafeStructField(type2, structField)
+}
+
+func (type2 *UnsafeStructType) Field(i int) StructField {
+	return newUnsafeStructField(type2, type2.Type.Field(i))
+}
+
+func (type2 *UnsafeStructType) FieldByIndex(index []int) StructField {
+	return newUnsafeStructField(type2, type2.Type.FieldByIndex(index))
+}
+
+func (type2 *UnsafeStructType) FieldByNameFunc(match func(string) bool) StructField {
+	structField, found := type2.Type.FieldByNameFunc(match)
+	if !found {
+		panic("field match condition not found in " + type2.Type.String())
+	}
+	return newUnsafeStructField(type2, structField)
+}
diff --git a/vendor/github.com/modern-go/reflect2/unsafe_type.go b/vendor/github.com/modern-go/reflect2/unsafe_type.go
new file mode 100644
index 0000000000000..13941716ce3a2
--- /dev/null
+++ b/vendor/github.com/modern-go/reflect2/unsafe_type.go
@@ -0,0 +1,85 @@
+package reflect2
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type unsafeType struct {
+	safeType
+	rtype    unsafe.Pointer
+	ptrRType unsafe.Pointer
+}
+
+func newUnsafeType(cfg *frozenConfig, type1 reflect.Type) *unsafeType {
+	return &unsafeType{
+		safeType: safeType{
+			Type: type1,
+			cfg:  cfg,
+		},
+		rtype:    unpackEFace(type1).data,
+		ptrRType: unpackEFace(reflect.PtrTo(type1)).data,
+	}
+}
+
+func (type2 *unsafeType) Set(obj interface{}, val interface{}) {
+	objEFace := unpackEFace(obj)
+	assertType("Type.Set argument 1", type2.ptrRType, objEFace.rtype)
+	valEFace := unpackEFace(val)
+	assertType("Type.Set argument 2", type2.ptrRType, valEFace.rtype)
+	type2.UnsafeSet(objEFace.data, valEFace.data)
+}
+
+func (type2 *unsafeType) UnsafeSet(ptr unsafe.Pointer, val unsafe.Pointer) {
+	typedmemmove(type2.rtype, ptr, val)
+}
+
+func (type2 *unsafeType) IsNil(obj interface{}) bool {
+	objEFace := unpackEFace(obj)
+	assertType("Type.IsNil argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIsNil(objEFace.data)
+}
+
+func (type2 *unsafeType) UnsafeIsNil(ptr unsafe.Pointer) bool {
+	return ptr == nil
+}
+
+func (type2 *unsafeType) UnsafeNew() unsafe.Pointer {
+	return unsafe_New(type2.rtype)
+}
+
+func (type2 *unsafeType) New() interface{} {
+	return packEFace(type2.ptrRType, type2.UnsafeNew())
+}
+
+func (type2 *unsafeType) PackEFace(ptr unsafe.Pointer) interface{} {
+	return packEFace(type2.ptrRType, ptr)
+}
+
+func (type2 *unsafeType) RType() uintptr {
+	return uintptr(type2.rtype)
+}
+
+func (type2 *unsafeType) Indirect(obj interface{}) interface{} {
+	objEFace := unpackEFace(obj)
+	assertType("Type.Indirect argument 1", type2.ptrRType, objEFace.rtype)
+	return type2.UnsafeIndirect(objEFace.data)
+}
+
+func (type2 *unsafeType) UnsafeIndirect(obj unsafe.Pointer) interface{} {
+	return packEFace(type2.rtype, obj)
+}
+
+func (type2 *unsafeType) LikePtr() bool {
+	return false
+}
+
+func assertType(where string, expectRType unsafe.Pointer, actualRType unsafe.Pointer) {
+	if expectRType != actualRType {
+		expectType := reflect.TypeOf(0)
+		(*iface)(unsafe.Pointer(&expectType)).data = expectRType
+		actualType := reflect.TypeOf(0)
+		(*iface)(unsafe.Pointer(&actualType)).data = actualRType
+		panic(where + ": expect " + expectType.String() + ", actual " + actualType.String())
+	}
+}
diff --git a/vendor/github.com/morikuni/aec/LICENSE b/vendor/github.com/morikuni/aec/LICENSE
new file mode 100644
index 0000000000000..1c2640164192f
--- /dev/null
+++ b/vendor/github.com/morikuni/aec/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Taihei Morikuni
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/morikuni/aec/README.md b/vendor/github.com/morikuni/aec/README.md
new file mode 100644
index 0000000000000..3cbc4343ee26e
--- /dev/null
+++ b/vendor/github.com/morikuni/aec/README.md
@@ -0,0 +1,178 @@
+# aec
+
+[![GoDoc](https://godoc.org/github.com/morikuni/aec?status.svg)](https://godoc.org/github.com/morikuni/aec)
+
+Go wrapper for ANSI escape code.
+
+## Install
+
+```bash
+go get github.com/morikuni/aec
+```
+
+## Features
+
+ANSI escape codes depend on terminal environment.  
+Some of these features may not work.  
+Check supported Font-Style/Font-Color features with [checkansi](./checkansi).
+
+[Wikipedia](https://en.wikipedia.org/wiki/ANSI_escape_code) for more detail.
+
+### Cursor
+
+- `Up(n)`
+- `Down(n)`
+- `Right(n)`
+- `Left(n)`
+- `NextLine(n)`
+- `PreviousLine(n)`
+- `Column(col)`
+- `Position(row, col)`
+- `Save`
+- `Restore`
+- `Hide`
+- `Show`
+- `Report`
+
+### Erase
+
+- `EraseDisplay(mode)`
+- `EraseLine(mode)`
+
+### Scroll
+
+- `ScrollUp(n)`
+- `ScrollDown(n)`
+
+### Font Style
+
+- `Bold`
+- `Faint`
+- `Italic`
+- `Underline`
+- `BlinkSlow`
+- `BlinkRapid`
+- `Inverse`
+- `Conceal`
+- `CrossOut`
+- `Frame`
+- `Encircle`
+- `Overline`
+
+### Font Color
+
+Foreground color.
+
+- `DefaultF`
+- `BlackF`
+- `RedF`
+- `GreenF`
+- `YellowF`
+- `BlueF`
+- `MagentaF`
+- `CyanF`
+- `WhiteF`
+- `LightBlackF`
+- `LightRedF`
+- `LightGreenF`
+- `LightYellowF`
+- `LightBlueF`
+- `LightMagentaF`
+- `LightCyanF`
+- `LightWhiteF`
+- `Color3BitF(color)`
+- `Color8BitF(color)`
+- `FullColorF(r, g, b)`
+
+Background color.
+
+- `DefaultB`
+- `BlackB`
+- `RedB`
+- `GreenB`
+- `YellowB`
+- `BlueB`
+- `MagentaB`
+- `CyanB`
+- `WhiteB`
+- `LightBlackB`
+- `LightRedB`
+- `LightGreenB`
+- `LightYellowB`
+- `LightBlueB`
+- `LightMagentaB`
+- `LightCyanB`
+- `LightWhiteB`
+- `Color3BitB(color)`
+- `Color8BitB(color)`
+- `FullColorB(r, g, b)`
+
+### Color Converter
+
+24bit RGB color to ANSI color.
+
+- `NewRGB3Bit(r, g, b)`
+- `NewRGB8Bit(r, g, b)`
+
+### Builder
+
+To mix these features.
+
+```go
+custom := aec.EmptyBuilder.Right(2).RGB8BitF(128, 255, 64).RedB().ANSI
+custom.Apply("Hello World")
+```
+
+## Usage
+
+1. Create ANSI by `aec.XXX().With(aec.YYY())` or `aec.EmptyBuilder.XXX().YYY().ANSI`
+2. Print ANSI by `fmt.Print(ansi, "some string", aec.Reset)` or `fmt.Print(ansi.Apply("some string"))`
+
+`aec.Reset` should be added when using font style or font color features.
+
+## Example
+
+Simple progressbar.
+
+![sample](./sample.gif)
+
+```go
+package main
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/morikuni/aec"
+)
+
+func main() {
+	const n = 20
+	builder := aec.EmptyBuilder
+
+	up2 := aec.Up(2)
+	col := aec.Column(n + 2)
+	bar := aec.Color8BitF(aec.NewRGB8Bit(64, 255, 64))
+	label := builder.LightRedF().Underline().With(col).Right(1).ANSI
+
+	// for up2
+	fmt.Println()
+	fmt.Println()
+
+	for i := 0; i <= n; i++ {
+		fmt.Print(up2)
+		fmt.Println(label.Apply(fmt.Sprint(i, "/", n)))
+		fmt.Print("[")
+		fmt.Print(bar.Apply(strings.Repeat("=", i)))
+		fmt.Println(col.Apply("]"))
+		time.Sleep(100 * time.Millisecond)
+	}
+}
+```
+
+## License
+
+[MIT](./LICENSE)
+
+
diff --git a/vendor/github.com/morikuni/aec/aec.go b/vendor/github.com/morikuni/aec/aec.go
new file mode 100644
index 0000000000000..566be6eb1ef52
--- /dev/null
+++ b/vendor/github.com/morikuni/aec/aec.go
@@ -0,0 +1,137 @@
+package aec
+
+import "fmt"
+
+// EraseMode is listed in a variable EraseModes.
+type EraseMode uint
+
+var (
+	// EraseModes is a list of EraseMode.
+	EraseModes struct {
+		// All erase all.
+		All EraseMode
+
+		// Head erase to head.
+		Head EraseMode
+
+		// Tail erase to tail.
+		Tail EraseMode
+	}
+
+	// Save saves the cursor position.
+	Save ANSI
+
+	// Restore restores the cursor position.
+	Restore ANSI
+
+	// Hide hides the cursor.
+	Hide ANSI
+
+	// Show shows the cursor.
+	Show ANSI
+
+	// Report reports the cursor position.
+	Report ANSI
+)
+
+// Up moves up the cursor.
+func Up(n uint) ANSI {
+	if n == 0 {
+		return empty
+	}
+	return newAnsi(fmt.Sprintf(esc+"%dA", n))
+}
+
+// Down moves down the cursor.
+func Down(n uint) ANSI {
+	if n == 0 {
+		return empty
+	}
+	return newAnsi(fmt.Sprintf(esc+"%dB", n))
+}
+
+// Right moves right the cursor.
+func Right(n uint) ANSI {
+	if n == 0 {
+		return empty
+	}
+	return newAnsi(fmt.Sprintf(esc+"%dC", n))
+}
+
+// Left moves left the cursor.
+func Left(n uint) ANSI {
+	if n == 0 {
+		return empty
+	}
+	return newAnsi(fmt.Sprintf(esc+"%dD", n))
+}
+
+// NextLine moves down the cursor to head of a line.
+func NextLine(n uint) ANSI {
+	if n == 0 {
+		return empty
+	}
+	return newAnsi(fmt.Sprintf(esc+"%dE", n))
+}
+
+// PreviousLine moves up the cursor to head of a line.
+func PreviousLine(n uint) ANSI {
+	if n == 0 {
+		return empty
+	}
+	return newAnsi(fmt.Sprintf(esc+"%dF", n))
+}
+
+// Column set the cursor position to a given column.
+func Column(col uint) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"%dG", col))
+}
+
+// Position set the cursor position to a given absolute position.
+func Position(row, col uint) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"%d;%dH", row, col))
+}
+
+// EraseDisplay erases display by given EraseMode.
+func EraseDisplay(m EraseMode) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"%dJ", m))
+}
+
+// EraseLine erases lines by given EraseMode.
+func EraseLine(m EraseMode) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"%dK", m))
+}
+
+// ScrollUp scrolls up the page.
+func ScrollUp(n int) ANSI {
+	if n == 0 {
+		return empty
+	}
+	return newAnsi(fmt.Sprintf(esc+"%dS", n))
+}
+
+// ScrollDown scrolls down the page.
+func ScrollDown(n int) ANSI {
+	if n == 0 {
+		return empty
+	}
+	return newAnsi(fmt.Sprintf(esc+"%dT", n))
+}
+
+func init() {
+	EraseModes = struct {
+		All  EraseMode
+		Head EraseMode
+		Tail EraseMode
+	}{
+		Tail: 0,
+		Head: 1,
+		All:  2,
+	}
+
+	Save = newAnsi(esc + "s")
+	Restore = newAnsi(esc + "u")
+	Hide = newAnsi(esc + "?25l")
+	Show = newAnsi(esc + "?25h")
+	Report = newAnsi(esc + "6n")
+}
diff --git a/vendor/github.com/morikuni/aec/ansi.go b/vendor/github.com/morikuni/aec/ansi.go
new file mode 100644
index 0000000000000..e60722e6e60b1
--- /dev/null
+++ b/vendor/github.com/morikuni/aec/ansi.go
@@ -0,0 +1,59 @@
+package aec
+
+import (
+	"fmt"
+	"strings"
+)
+
+const esc = "\x1b["
+
+// Reset resets SGR effect.
+const Reset string = "\x1b[0m"
+
+var empty = newAnsi("")
+
+// ANSI represents ANSI escape code.
+type ANSI interface {
+	fmt.Stringer
+
+	// With adapts given ANSIs.
+	With(...ANSI) ANSI
+
+	// Apply wraps given string in ANSI.
+	Apply(string) string
+}
+
+type ansiImpl string
+
+func newAnsi(s string) *ansiImpl {
+	r := ansiImpl(s)
+	return &r
+}
+
+func (a *ansiImpl) With(ansi ...ANSI) ANSI {
+	return concat(append([]ANSI{a}, ansi...))
+}
+
+func (a *ansiImpl) Apply(s string) string {
+	return a.String() + s + Reset
+}
+
+func (a *ansiImpl) String() string {
+	return string(*a)
+}
+
+// Apply wraps given string in ANSIs.
+func Apply(s string, ansi ...ANSI) string {
+	if len(ansi) == 0 {
+		return s
+	}
+	return concat(ansi).Apply(s)
+}
+
+func concat(ansi []ANSI) ANSI {
+	strs := make([]string, 0, len(ansi))
+	for _, p := range ansi {
+		strs = append(strs, p.String())
+	}
+	return newAnsi(strings.Join(strs, ""))
+}
diff --git a/vendor/github.com/morikuni/aec/builder.go b/vendor/github.com/morikuni/aec/builder.go
new file mode 100644
index 0000000000000..13bd002d4e30e
--- /dev/null
+++ b/vendor/github.com/morikuni/aec/builder.go
@@ -0,0 +1,388 @@
+package aec
+
+// Builder is a lightweight syntax to construct customized ANSI.
+type Builder struct {
+	ANSI ANSI
+}
+
+// EmptyBuilder is an initialized Builder.
+var EmptyBuilder *Builder
+
+// NewBuilder creates a Builder from existing ANSI.
+func NewBuilder(a ...ANSI) *Builder {
+	return &Builder{concat(a)}
+}
+
+// With is a syntax for With.
+func (builder *Builder) With(a ...ANSI) *Builder {
+	return NewBuilder(builder.ANSI.With(a...))
+}
+
+// Up is a syntax for Up.
+func (builder *Builder) Up(n uint) *Builder {
+	return builder.With(Up(n))
+}
+
+// Down is a syntax for Down.
+func (builder *Builder) Down(n uint) *Builder {
+	return builder.With(Down(n))
+}
+
+// Right is a syntax for Right.
+func (builder *Builder) Right(n uint) *Builder {
+	return builder.With(Right(n))
+}
+
+// Left is a syntax for Left.
+func (builder *Builder) Left(n uint) *Builder {
+	return builder.With(Left(n))
+}
+
+// NextLine is a syntax for NextLine.
+func (builder *Builder) NextLine(n uint) *Builder {
+	return builder.With(NextLine(n))
+}
+
+// PreviousLine is a syntax for PreviousLine.
+func (builder *Builder) PreviousLine(n uint) *Builder {
+	return builder.With(PreviousLine(n))
+}
+
+// Column is a syntax for Column.
+func (builder *Builder) Column(col uint) *Builder {
+	return builder.With(Column(col))
+}
+
+// Position is a syntax for Position.
+func (builder *Builder) Position(row, col uint) *Builder {
+	return builder.With(Position(row, col))
+}
+
+// EraseDisplay is a syntax for EraseDisplay.
+func (builder *Builder) EraseDisplay(m EraseMode) *Builder {
+	return builder.With(EraseDisplay(m))
+}
+
+// EraseLine is a syntax for EraseLine.
+func (builder *Builder) EraseLine(m EraseMode) *Builder {
+	return builder.With(EraseLine(m))
+}
+
+// ScrollUp is a syntax for ScrollUp.
+func (builder *Builder) ScrollUp(n int) *Builder {
+	return builder.With(ScrollUp(n))
+}
+
+// ScrollDown is a syntax for ScrollDown.
+func (builder *Builder) ScrollDown(n int) *Builder {
+	return builder.With(ScrollDown(n))
+}
+
+// Save is a syntax for Save.
+func (builder *Builder) Save() *Builder {
+	return builder.With(Save)
+}
+
+// Restore is a syntax for Restore.
+func (builder *Builder) Restore() *Builder {
+	return builder.With(Restore)
+}
+
+// Hide is a syntax for Hide.
+func (builder *Builder) Hide() *Builder {
+	return builder.With(Hide)
+}
+
+// Show is a syntax for Show.
+func (builder *Builder) Show() *Builder {
+	return builder.With(Show)
+}
+
+// Report is a syntax for Report.
+func (builder *Builder) Report() *Builder {
+	return builder.With(Report)
+}
+
+// Bold is a syntax for Bold.
+func (builder *Builder) Bold() *Builder {
+	return builder.With(Bold)
+}
+
+// Faint is a syntax for Faint.
+func (builder *Builder) Faint() *Builder {
+	return builder.With(Faint)
+}
+
+// Italic is a syntax for Italic.
+func (builder *Builder) Italic() *Builder {
+	return builder.With(Italic)
+}
+
+// Underline is a syntax for Underline.
+func (builder *Builder) Underline() *Builder {
+	return builder.With(Underline)
+}
+
+// BlinkSlow is a syntax for BlinkSlow.
+func (builder *Builder) BlinkSlow() *Builder {
+	return builder.With(BlinkSlow)
+}
+
+// BlinkRapid is a syntax for BlinkRapid.
+func (builder *Builder) BlinkRapid() *Builder {
+	return builder.With(BlinkRapid)
+}
+
+// Inverse is a syntax for Inverse.
+func (builder *Builder) Inverse() *Builder {
+	return builder.With(Inverse)
+}
+
+// Conceal is a syntax for Conceal.
+func (builder *Builder) Conceal() *Builder {
+	return builder.With(Conceal)
+}
+
+// CrossOut is a syntax for CrossOut.
+func (builder *Builder) CrossOut() *Builder {
+	return builder.With(CrossOut)
+}
+
+// BlackF is a syntax for BlackF.
+func (builder *Builder) BlackF() *Builder {
+	return builder.With(BlackF)
+}
+
+// RedF is a syntax for RedF.
+func (builder *Builder) RedF() *Builder {
+	return builder.With(RedF)
+}
+
+// GreenF is a syntax for GreenF.
+func (builder *Builder) GreenF() *Builder {
+	return builder.With(GreenF)
+}
+
+// YellowF is a syntax for YellowF.
+func (builder *Builder) YellowF() *Builder {
+	return builder.With(YellowF)
+}
+
+// BlueF is a syntax for BlueF.
+func (builder *Builder) BlueF() *Builder {
+	return builder.With(BlueF)
+}
+
+// MagentaF is a syntax for MagentaF.
+func (builder *Builder) MagentaF() *Builder {
+	return builder.With(MagentaF)
+}
+
+// CyanF is a syntax for CyanF.
+func (builder *Builder) CyanF() *Builder {
+	return builder.With(CyanF)
+}
+
+// WhiteF is a syntax for WhiteF.
+func (builder *Builder) WhiteF() *Builder {
+	return builder.With(WhiteF)
+}
+
+// DefaultF is a syntax for DefaultF.
+func (builder *Builder) DefaultF() *Builder {
+	return builder.With(DefaultF)
+}
+
+// BlackB is a syntax for BlackB.
+func (builder *Builder) BlackB() *Builder {
+	return builder.With(BlackB)
+}
+
+// RedB is a syntax for RedB.
+func (builder *Builder) RedB() *Builder {
+	return builder.With(RedB)
+}
+
+// GreenB is a syntax for GreenB.
+func (builder *Builder) GreenB() *Builder {
+	return builder.With(GreenB)
+}
+
+// YellowB is a syntax for YellowB.
+func (builder *Builder) YellowB() *Builder {
+	return builder.With(YellowB)
+}
+
+// BlueB is a syntax for BlueB.
+func (builder *Builder) BlueB() *Builder {
+	return builder.With(BlueB)
+}
+
+// MagentaB is a syntax for MagentaB.
+func (builder *Builder) MagentaB() *Builder {
+	return builder.With(MagentaB)
+}
+
+// CyanB is a syntax for CyanB.
+func (builder *Builder) CyanB() *Builder {
+	return builder.With(CyanB)
+}
+
+// WhiteB is a syntax for WhiteB.
+func (builder *Builder) WhiteB() *Builder {
+	return builder.With(WhiteB)
+}
+
+// DefaultB is a syntax for DefaultB.
+func (builder *Builder) DefaultB() *Builder {
+	return builder.With(DefaultB)
+}
+
+// Frame is a syntax for Frame.
+func (builder *Builder) Frame() *Builder {
+	return builder.With(Frame)
+}
+
+// Encircle is a syntax for Encircle.
+func (builder *Builder) Encircle() *Builder {
+	return builder.With(Encircle)
+}
+
+// Overline is a syntax for Overline.
+func (builder *Builder) Overline() *Builder {
+	return builder.With(Overline)
+}
+
+// LightBlackF is a syntax for LightBlueF.
+func (builder *Builder) LightBlackF() *Builder {
+	return builder.With(LightBlackF)
+}
+
+// LightRedF is a syntax for LightRedF.
+func (builder *Builder) LightRedF() *Builder {
+	return builder.With(LightRedF)
+}
+
+// LightGreenF is a syntax for LightGreenF.
+func (builder *Builder) LightGreenF() *Builder {
+	return builder.With(LightGreenF)
+}
+
+// LightYellowF is a syntax for LightYellowF.
+func (builder *Builder) LightYellowF() *Builder {
+	return builder.With(LightYellowF)
+}
+
+// LightBlueF is a syntax for LightBlueF.
+func (builder *Builder) LightBlueF() *Builder {
+	return builder.With(LightBlueF)
+}
+
+// LightMagentaF is a syntax for LightMagentaF.
+func (builder *Builder) LightMagentaF() *Builder {
+	return builder.With(LightMagentaF)
+}
+
+// LightCyanF is a syntax for LightCyanF.
+func (builder *Builder) LightCyanF() *Builder {
+	return builder.With(LightCyanF)
+}
+
+// LightWhiteF is a syntax for LightWhiteF.
+func (builder *Builder) LightWhiteF() *Builder {
+	return builder.With(LightWhiteF)
+}
+
+// LightBlackB is a syntax for LightBlackB.
+func (builder *Builder) LightBlackB() *Builder {
+	return builder.With(LightBlackB)
+}
+
+// LightRedB is a syntax for LightRedB.
+func (builder *Builder) LightRedB() *Builder {
+	return builder.With(LightRedB)
+}
+
+// LightGreenB is a syntax for LightGreenB.
+func (builder *Builder) LightGreenB() *Builder {
+	return builder.With(LightGreenB)
+}
+
+// LightYellowB is a syntax for LightYellowB.
+func (builder *Builder) LightYellowB() *Builder {
+	return builder.With(LightYellowB)
+}
+
+// LightBlueB is a syntax for LightBlueB.
+func (builder *Builder) LightBlueB() *Builder {
+	return builder.With(LightBlueB)
+}
+
+// LightMagentaB is a syntax for LightMagentaB.
+func (builder *Builder) LightMagentaB() *Builder {
+	return builder.With(LightMagentaB)
+}
+
+// LightCyanB is a syntax for LightCyanB.
+func (builder *Builder) LightCyanB() *Builder {
+	return builder.With(LightCyanB)
+}
+
+// LightWhiteB is a syntax for LightWhiteB.
+func (builder *Builder) LightWhiteB() *Builder {
+	return builder.With(LightWhiteB)
+}
+
+// Color3BitF is a syntax for Color3BitF.
+func (builder *Builder) Color3BitF(c RGB3Bit) *Builder {
+	return builder.With(Color3BitF(c))
+}
+
+// Color3BitB is a syntax for Color3BitB.
+func (builder *Builder) Color3BitB(c RGB3Bit) *Builder {
+	return builder.With(Color3BitB(c))
+}
+
+// Color8BitF is a syntax for Color8BitF.
+func (builder *Builder) Color8BitF(c RGB8Bit) *Builder {
+	return builder.With(Color8BitF(c))
+}
+
+// Color8BitB is a syntax for Color8BitB.
+func (builder *Builder) Color8BitB(c RGB8Bit) *Builder {
+	return builder.With(Color8BitB(c))
+}
+
+// FullColorF is a syntax for FullColorF.
+func (builder *Builder) FullColorF(r, g, b uint8) *Builder {
+	return builder.With(FullColorF(r, g, b))
+}
+
+// FullColorB is a syntax for FullColorB.
+func (builder *Builder) FullColorB(r, g, b uint8) *Builder {
+	return builder.With(FullColorB(r, g, b))
+}
+
+// RGB3BitF is a syntax for Color3BitF with NewRGB3Bit.
+func (builder *Builder) RGB3BitF(r, g, b uint8) *Builder {
+	return builder.Color3BitF(NewRGB3Bit(r, g, b))
+}
+
+// RGB3BitB is a syntax for Color3BitB with NewRGB3Bit.
+func (builder *Builder) RGB3BitB(r, g, b uint8) *Builder {
+	return builder.Color3BitB(NewRGB3Bit(r, g, b))
+}
+
+// RGB8BitF is a syntax for Color8BitF with NewRGB8Bit.
+func (builder *Builder) RGB8BitF(r, g, b uint8) *Builder {
+	return builder.Color8BitF(NewRGB8Bit(r, g, b))
+}
+
+// RGB8BitB is a syntax for Color8BitB with NewRGB8Bit.
+func (builder *Builder) RGB8BitB(r, g, b uint8) *Builder {
+	return builder.Color8BitB(NewRGB8Bit(r, g, b))
+}
+
+func init() {
+	EmptyBuilder = &Builder{empty}
+}
diff --git a/vendor/github.com/morikuni/aec/sgr.go b/vendor/github.com/morikuni/aec/sgr.go
new file mode 100644
index 0000000000000..0ba3464e6dbdc
--- /dev/null
+++ b/vendor/github.com/morikuni/aec/sgr.go
@@ -0,0 +1,202 @@
+package aec
+
+import (
+	"fmt"
+)
+
+// RGB3Bit is a 3bit RGB color.
+type RGB3Bit uint8
+
+// RGB8Bit is a 8bit RGB color.
+type RGB8Bit uint8
+
+func newSGR(n uint) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"%dm", n))
+}
+
+// NewRGB3Bit create a RGB3Bit from given RGB.
+func NewRGB3Bit(r, g, b uint8) RGB3Bit {
+	return RGB3Bit((r >> 7) | ((g >> 6) & 0x2) | ((b >> 5) & 0x4))
+}
+
+// NewRGB8Bit create a RGB8Bit from given RGB.
+func NewRGB8Bit(r, g, b uint8) RGB8Bit {
+	return RGB8Bit(16 + 36*(r/43) + 6*(g/43) + b/43)
+}
+
+// Color3BitF set the foreground color of text.
+func Color3BitF(c RGB3Bit) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"%dm", c+30))
+}
+
+// Color3BitB set the background color of text.
+func Color3BitB(c RGB3Bit) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"%dm", c+40))
+}
+
+// Color8BitF set the foreground color of text.
+func Color8BitF(c RGB8Bit) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"38;5;%dm", c))
+}
+
+// Color8BitB set the background color of text.
+func Color8BitB(c RGB8Bit) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"48;5;%dm", c))
+}
+
+// FullColorF set the foreground color of text.
+func FullColorF(r, g, b uint8) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"38;2;%d;%d;%dm", r, g, b))
+}
+
+// FullColorB set the foreground color of text.
+func FullColorB(r, g, b uint8) ANSI {
+	return newAnsi(fmt.Sprintf(esc+"48;2;%d;%d;%dm", r, g, b))
+}
+
+// Style
+var (
+	// Bold set the text style to bold or increased intensity.
+	Bold ANSI
+
+	// Faint set the text style to faint.
+	Faint ANSI
+
+	// Italic set the text style to italic.
+	Italic ANSI
+
+	// Underline set the text style to underline.
+	Underline ANSI
+
+	// BlinkSlow set the text style to slow blink.
+	BlinkSlow ANSI
+
+	// BlinkRapid set the text style to rapid blink.
+	BlinkRapid ANSI
+
+	// Inverse swap the foreground color and background color.
+	Inverse ANSI
+
+	// Conceal set the text style to conceal.
+	Conceal ANSI
+
+	// CrossOut set the text style to crossed out.
+	CrossOut ANSI
+
+	// Frame set the text style to framed.
+	Frame ANSI
+
+	// Encircle set the text style to encircled.
+	Encircle ANSI
+
+	// Overline set the text style to overlined.
+	Overline ANSI
+)
+
+// Foreground color of text.
+var (
+	// DefaultF is the default color of foreground.
+	DefaultF ANSI
+
+	// Normal color
+	BlackF   ANSI
+	RedF     ANSI
+	GreenF   ANSI
+	YellowF  ANSI
+	BlueF    ANSI
+	MagentaF ANSI
+	CyanF    ANSI
+	WhiteF   ANSI
+
+	// Light color
+	LightBlackF   ANSI
+	LightRedF     ANSI
+	LightGreenF   ANSI
+	LightYellowF  ANSI
+	LightBlueF    ANSI
+	LightMagentaF ANSI
+	LightCyanF    ANSI
+	LightWhiteF   ANSI
+)
+
+// Background color of text.
+var (
+	// DefaultB is the default color of background.
+	DefaultB ANSI
+
+	// Normal color
+	BlackB   ANSI
+	RedB     ANSI
+	GreenB   ANSI
+	YellowB  ANSI
+	BlueB    ANSI
+	MagentaB ANSI
+	CyanB    ANSI
+	WhiteB   ANSI
+
+	// Light color
+	LightBlackB   ANSI
+	LightRedB     ANSI
+	LightGreenB   ANSI
+	LightYellowB  ANSI
+	LightBlueB    ANSI
+	LightMagentaB ANSI
+	LightCyanB    ANSI
+	LightWhiteB   ANSI
+)
+
+func init() {
+	Bold = newSGR(1)
+	Faint = newSGR(2)
+	Italic = newSGR(3)
+	Underline = newSGR(4)
+	BlinkSlow = newSGR(5)
+	BlinkRapid = newSGR(6)
+	Inverse = newSGR(7)
+	Conceal = newSGR(8)
+	CrossOut = newSGR(9)
+
+	BlackF = newSGR(30)
+	RedF = newSGR(31)
+	GreenF = newSGR(32)
+	YellowF = newSGR(33)
+	BlueF = newSGR(34)
+	MagentaF = newSGR(35)
+	CyanF = newSGR(36)
+	WhiteF = newSGR(37)
+
+	DefaultF = newSGR(39)
+
+	BlackB = newSGR(40)
+	RedB = newSGR(41)
+	GreenB = newSGR(42)
+	YellowB = newSGR(43)
+	BlueB = newSGR(44)
+	MagentaB = newSGR(45)
+	CyanB = newSGR(46)
+	WhiteB = newSGR(47)
+
+	DefaultB = newSGR(49)
+
+	Frame = newSGR(51)
+	Encircle = newSGR(52)
+	Overline = newSGR(53)
+
+	LightBlackF = newSGR(90)
+	LightRedF = newSGR(91)
+	LightGreenF = newSGR(92)
+	LightYellowF = newSGR(93)
+	LightBlueF = newSGR(94)
+	LightMagentaF = newSGR(95)
+	LightCyanF = newSGR(96)
+	LightWhiteF = newSGR(97)
+
+	LightBlackB = newSGR(100)
+	LightRedB = newSGR(101)
+	LightGreenB = newSGR(102)
+	LightYellowB = newSGR(103)
+	LightBlueB = newSGR(104)
+	LightMagentaB = newSGR(105)
+	LightCyanB = newSGR(106)
+	LightWhiteB = newSGR(107)
+}
diff --git a/vendor/github.com/opencontainers/go-digest/LICENSE b/vendor/github.com/opencontainers/go-digest/LICENSE
new file mode 100644
index 0000000000000..3ac8ab64872ed
--- /dev/null
+++ b/vendor/github.com/opencontainers/go-digest/LICENSE
@@ -0,0 +1,192 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2019, 2020 OCI Contributors
+   Copyright 2016 Docker, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/opencontainers/go-digest/LICENSE.code b/vendor/github.com/opencontainers/go-digest/LICENSE.code
deleted file mode 100644
index 0ea3ff81e3f48..0000000000000
--- a/vendor/github.com/opencontainers/go-digest/LICENSE.code
+++ /dev/null
@@ -1,191 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   Copyright 2016 Docker, Inc.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/opencontainers/go-digest/README.md b/vendor/github.com/opencontainers/go-digest/README.md
index 0f5a04092c42b..a11287207edcf 100644
--- a/vendor/github.com/opencontainers/go-digest/README.md
+++ b/vendor/github.com/opencontainers/go-digest/README.md
@@ -8,20 +8,16 @@ Please see the [godoc](https://godoc.org/github.com/opencontainers/go-digest) fo
 
 # What is a digest?
 
-A digest is just a hash.
+A digest is just a [hash](https://en.wikipedia.org/wiki/Hash_function).
 
-The most common use case for a digest is to create a content
-identifier for use in [Content Addressable Storage](https://en.wikipedia.org/wiki/Content-addressable_storage)
-systems:
+The most common use case for a digest is to create a content identifier for use in [Content Addressable Storage](https://en.wikipedia.org/wiki/Content-addressable_storage) systems:
 
 ```go
 id := digest.FromBytes([]byte("my content"))
 ```
 
-In the example above, the id can be used to uniquely identify 
-the byte slice "my content". This allows two disparate applications
-to agree on a verifiable identifier without having to trust one
-another.
+In the example above, the id can be used to uniquely identify the byte slice "my content".
+This allows two disparate applications to agree on a verifiable identifier without having to trust one another.
 
 An identifying digest can be verified, as follows:
 
@@ -31,8 +27,7 @@ if id != digest.FromBytes([]byte("my content")) {
 }
 ```
 
-A `Verifier` type can be used to handle cases where an `io.Reader`
-makes more sense:
+A `Verifier` type can be used to handle cases where an `io.Reader` makes more sense:
 
 ```go
 rd := getContent()
@@ -44,33 +39,28 @@ if !verifier.Verified() {
 }
 ```
 
-Using [Merkle DAGs](https://en.wikipedia.org/wiki/Merkle_tree), this
-can power a rich, safe, content distribution system.
+Using [Merkle DAGs](https://en.wikipedia.org/wiki/Merkle_tree), this can power a rich, safe, content distribution system.
 
 # Usage
 
-While the [godoc](https://godoc.org/github.com/opencontainers/go-digest) is
-considered the best resource, a few important items need to be called 
-out when using this package.
+While the [godoc](https://godoc.org/github.com/opencontainers/go-digest) is considered the best resource, a few important items need to be called out when using this package.
 
-1. Make sure to import the hash implementations into your application
-    or the package will panic. You should have something like the 
-    following in the main (or other entrypoint) of your application:
+1. Make sure to import the hash implementations into your application or the package will panic.
+    You should have something like the following in the main (or other entrypoint) of your application:
    
     ```go
     import (
         _ "crypto/sha256"
-   	    _ "crypto/sha512"
+        _ "crypto/sha512"
     )
     ```
     This may seem inconvenient but it allows you replace the hash 
     implementations with others, such as https://github.com/stevvooe/resumable.
  
-2. Even though `digest.Digest` may be assemable as a string, _always_ 
-    verify your input with `digest.Parse` or use `Digest.Validate`
-    when accepting untrusted input. While there are measures to 
-    avoid common problems, this will ensure you have valid digests
-    in the rest of your application.
+2. Even though `digest.Digest` may be assemblable as a string, _always_ verify your input with `digest.Parse` or use `Digest.Validate` when accepting untrusted input.
+    While there are measures to avoid common problems, this will ensure you have valid digests in the rest of your application.
+
+3. While alternative encodings of hash values (digests) are possible (for example, base64), this package deals exclusively with hex-encoded digests.
 
 # Stability
 
@@ -80,25 +70,27 @@ As always, before using a package export, read the [godoc](https://godoc.org/git
 
 # Contributing
 
-This package is considered fairly complete. It has been in production
-in thousands (millions?) of deployments and is fairly battle-hardened.
-New additions will be met with skepticism. If you think there is a 
-missing feature, please file a bug clearly describing the problem and 
-the alternatives you tried before submitting a PR.
+This package is considered fairly complete.
+It has been in production in thousands (millions?) of deployments and is fairly battle-hardened.
+New additions will be met with skepticism.
+If you think there is a missing feature, please file a bug clearly describing the problem and the alternatives you tried before submitting a PR.
 
-# Reporting security issues
+## Code of Conduct
 
-Please DO NOT file a public issue, instead send your report privately to
-security@opencontainers.org.
+Participation in the OpenContainers community is governed by [OpenContainer's Code of Conduct][code-of-conduct].
 
-The maintainers take security seriously. If you discover a security issue,
-please bring it to their attention right away!
+## Security
 
-If you are reporting a security issue, do not create an issue or file a pull
-request on GitHub. Instead, disclose the issue responsibly by sending an email
-to security@opencontainers.org (which is inhabited only by the maintainers of
-the various OCI projects).
+If you find an issue, please follow the [security][security] protocol to report it.
 
 # Copyright and license
 
-Copyright © 2016 Docker, Inc. All rights reserved, except as follows. Code is released under the [Apache 2.0 license](LICENSE.code). This `README.md` file and the [`CONTRIBUTING.md`](CONTRIBUTING.md) file are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file [`LICENSE.docs`](LICENSE.docs). You may obtain a duplicate copy of the same license, titled CC BY-SA 4.0, at http://creativecommons.org/licenses/by-sa/4.0/.
+Copyright © 2019, 2020 OCI Contributors
+Copyright © 2016 Docker, Inc.
+All rights reserved, except as follows.
+Code is released under the [Apache 2.0 license](LICENSE).
+This `README.md` file and the [`CONTRIBUTING.md`](CONTRIBUTING.md) file are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file [`LICENSE.docs`](LICENSE.docs).
+You may obtain a duplicate copy of the same license, titled CC BY-SA 4.0, at http://creativecommons.org/licenses/by-sa/4.0/.
+
+[security]: https://github.com/opencontainers/org/blob/master/security
+[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md
diff --git a/vendor/github.com/opencontainers/go-digest/algorithm.go b/vendor/github.com/opencontainers/go-digest/algorithm.go
index 8813bd26f1fbd..490951dc3f293 100644
--- a/vendor/github.com/opencontainers/go-digest/algorithm.go
+++ b/vendor/github.com/opencontainers/go-digest/algorithm.go
@@ -1,3 +1,4 @@
+// Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/vendor/github.com/opencontainers/go-digest/digest.go b/vendor/github.com/opencontainers/go-digest/digest.go
index ad398cba2fb71..518b5e7154563 100644
--- a/vendor/github.com/opencontainers/go-digest/digest.go
+++ b/vendor/github.com/opencontainers/go-digest/digest.go
@@ -1,3 +1,4 @@
+// Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/vendor/github.com/opencontainers/go-digest/digester.go b/vendor/github.com/opencontainers/go-digest/digester.go
index 36fa2728ef462..ede9077571150 100644
--- a/vendor/github.com/opencontainers/go-digest/digester.go
+++ b/vendor/github.com/opencontainers/go-digest/digester.go
@@ -1,3 +1,4 @@
+// Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/vendor/github.com/opencontainers/go-digest/doc.go b/vendor/github.com/opencontainers/go-digest/doc.go
index 491ea1ef1f81f..83d3a936ca6a2 100644
--- a/vendor/github.com/opencontainers/go-digest/doc.go
+++ b/vendor/github.com/opencontainers/go-digest/doc.go
@@ -1,3 +1,4 @@
+// Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -29,8 +30,13 @@
 //
 // 	sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc
 //
-// In this case, the string "sha256" is the algorithm and the hex bytes are
-// the "digest".
+// The "algorithm" portion defines both the hashing algorithm used to calculate
+// the digest and the encoding of the resulting digest, which defaults to "hex"
+// if not otherwise specified. Currently, all supported algorithms have their
+// digests encoded in hex strings.
+//
+// In the example above, the string "sha256" is the algorithm and the hex bytes
+// are the "digest".
 //
 // Because the Digest type is simply a string, once a valid Digest is
 // obtained, comparisons are cheap, quick and simple to express with the
diff --git a/vendor/github.com/opencontainers/go-digest/go.mod b/vendor/github.com/opencontainers/go-digest/go.mod
new file mode 100644
index 0000000000000..cf5d7b1d2d78a
--- /dev/null
+++ b/vendor/github.com/opencontainers/go-digest/go.mod
@@ -0,0 +1,3 @@
+module github.com/opencontainers/go-digest
+
+go 1.13
diff --git a/vendor/github.com/opencontainers/go-digest/verifiers.go b/vendor/github.com/opencontainers/go-digest/verifiers.go
index 32125e9187857..afef506f4649f 100644
--- a/vendor/github.com/opencontainers/go-digest/verifiers.go
+++ b/vendor/github.com/opencontainers/go-digest/verifiers.go
@@ -1,3 +1,4 @@
+// Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go
index 4e6c4b236237d..82da6c6a89896 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go
@@ -21,6 +21,9 @@ import "github.com/opencontainers/image-spec/specs-go"
 type Index struct {
 	specs.Versioned
 
+	// MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json`
+	MediaType string `json:"mediaType,omitempty"`
+
 	// Manifests references platform specific manifests.
 	Manifests []Descriptor `json:"manifests"`
 
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go
index 7ff32c40ba305..d72d15ce4bb8b 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go
@@ -20,6 +20,9 @@ import "github.com/opencontainers/image-spec/specs-go"
 type Manifest struct {
 	specs.Versioned
 
+	// MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.manifest.v1+json`
+	MediaType string `json:"mediaType,omitempty"`
+
 	// Config references a configuration object for a container, by digest.
 	// The referenced configuration object is a JSON blob that the runtime uses to set up the container.
 	Config Descriptor `json:"config"`
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/version.go b/vendor/github.com/opencontainers/image-spec/specs-go/version.go
index 5d493df23300e..0d9543f16000d 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/version.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/version.go
@@ -22,7 +22,7 @@ const (
 	// VersionMinor is for functionality in a backwards-compatible manner
 	VersionMinor = 0
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 1
+	VersionPatch = 2
 
 	// VersionDev indicates development branch. Releases will be empty string.
 	VersionDev = ""
diff --git a/vendor/github.com/opencontainers/runc/README.md b/vendor/github.com/opencontainers/runc/README.md
index 83379d9623a3f..23106d303c114 100644
--- a/vendor/github.com/opencontainers/runc/README.md
+++ b/vendor/github.com/opencontainers/runc/README.md
@@ -1,8 +1,10 @@
 # runc
 
-[![Build Status](https://travis-ci.org/opencontainers/runc.svg?branch=master)](https://travis-ci.org/opencontainers/runc)
 [![Go Report Card](https://goreportcard.com/badge/github.com/opencontainers/runc)](https://goreportcard.com/report/github.com/opencontainers/runc)
 [![GoDoc](https://godoc.org/github.com/opencontainers/runc?status.svg)](https://godoc.org/github.com/opencontainers/runc)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/588/badge)](https://bestpractices.coreinfrastructure.org/projects/588)
+[![gha/validate](https://github.com/opencontainers/runc/workflows/validate/badge.svg)](https://github.com/opencontainers/runc/actions?query=workflow%3Avalidate)
+[![gha/ci](https://github.com/opencontainers/runc/workflows/ci/badge.svg)](https://github.com/opencontainers/runc/actions?query=workflow%3Aci)
 
 ## Introduction
 
@@ -16,21 +18,21 @@ This means that `runc` 1.0.0 should implement the 1.0 version of the specificati
 
 You can find official releases of `runc` on the [release](https://github.com/opencontainers/runc/releases) page.
 
-### Security
+## Security
 
-If you wish to report a security issue, please disclose the issue responsibly
-to security@opencontainers.org.
+The reporting process and disclosure communications are outlined [here](https://github.com/opencontainers/org/blob/master/SECURITY.md).
+
+### Security Audit
+A third party security audit was performed by Cure53, you can see the full report [here](https://github.com/opencontainers/runc/blob/master/docs/Security-Audit.pdf).
 
 ## Building
 
 `runc` currently supports the Linux platform with various architecture support.
-It must be built with Go version 1.6 or higher in order for some features to function properly.
+It must be built with Go version 1.13 or higher.
 
 In order to enable seccomp support you will need to install `libseccomp` on your platform.
 > e.g. `libseccomp-devel` for CentOS, or `libseccomp-dev` for Ubuntu
 
-Otherwise, if you do not want to build `runc` with seccomp support you can add `BUILDTAGS=""` when running make.
-
 ```bash
 # create a 'github.com/opencontainers' in your GOPATH/src
 cd github.com/opencontainers
@@ -55,20 +57,24 @@ sudo make install
 
 #### Build Tags
 
-`runc` supports optional build tags for compiling support of various features.
-To add build tags to the make option the `BUILDTAGS` variable must be set.
+`runc` supports optional build tags for compiling support of various features,
+with some of them enabled by default (see `BUILDTAGS` in top-level `Makefile`).
+
+To change build tags from the default, set the `BUILDTAGS` variable for make,
+e.g. to disable seccomp:
 
 ```bash
-make BUILDTAGS='seccomp apparmor'
+make BUILDTAGS=""
 ```
 
-| Build Tag | Feature                            | Dependency  |
-|-----------|------------------------------------|-------------|
-| seccomp   | Syscall filtering                  | libseccomp  |
-| selinux   | selinux process and mount labeling | <none>      |
-| apparmor  | apparmor profile support           | <none>      |
-| ambient   | ambient capability support         | kernel 4.3  |
+| Build Tag | Feature                            | Enabled by default | Dependency |
+|-----------|------------------------------------|--------------------|------------|
+| seccomp   | Syscall filtering                  | yes                | libseccomp |
 
+The following build tags were used earlier, but are now obsoleted:
+ - **nokmem** (since runc v1.0.0-rc94 kernel memory settings are ignored)
+ - **apparmor** (since runc v1.0.0-rc93 the feature is always enabled)
+ - **selinux**  (since runc v1.0.0-rc93 the feature is always enabled)
 
 ### Running the test suite
 
@@ -93,20 +99,41 @@ You can run a specific integration test by setting the `TESTPATH` variable.
 # make test TESTPATH="/checkpoint.bats"
 ```
 
-You can run a test in your proxy environment by setting `DOCKER_BUILD_PROXY` and `DOCKER_RUN_PROXY` variables.
+You can run a specific rootless integration test by setting the `ROOTLESS_TESTPATH` variable.
+
+```bash
+# make test ROOTLESS_TESTPATH="/checkpoint.bats"
+```
+
+You can run a test using your container engine's flags by setting `CONTAINER_ENGINE_BUILD_FLAGS` and `CONTAINER_ENGINE_RUN_FLAGS` variables.
 
 ```bash
-# make test DOCKER_BUILD_PROXY="--build-arg HTTP_PROXY=http://yourproxy/" DOCKER_RUN_PROXY="-e HTTP_PROXY=http://yourproxy/"
+# make test CONTAINER_ENGINE_BUILD_FLAGS="--build-arg http_proxy=http://yourproxy/" CONTAINER_ENGINE_RUN_FLAGS="-e http_proxy=http://yourproxy/"
 ```
 
 ### Dependencies Management
 
-`runc` uses [vndr](https://github.com/LK4D4/vndr) for dependencies management.
-Please refer to [vndr](https://github.com/LK4D4/vndr) for how to add or update
-new dependencies.
+`runc` uses [Go Modules](https://github.com/golang/go/wiki/Modules) for dependencies management.
+Please refer to [Go Modules](https://github.com/golang/go/wiki/Modules) for how to add or update
+new dependencies. When updating dependencies, be sure that you are running Go `1.14` or newer.
+
+```
+# Update vendored dependencies
+make vendor
+# Verify all dependencies
+make verify-dependencies
+```
 
 ## Using runc
 
+Please note that runc is a low level tool not designed with an end user
+in mind. It is mostly employed by other higher level container software.
+
+Therefore, unless there is some specific use case that prevents the use
+of tools like Docker or Podman, it is not recommended to use runc directly.
+
+If you still want to use runc, here's how.
+
 ### Creating an OCI Bundle
 
 In order to use runc you must have your container in the format of an OCI bundle.
@@ -148,7 +175,9 @@ If you used the unmodified `runc spec` template this should give you a `sh` sess
 
 The second way to start a container is using the specs lifecycle operations.
 This gives you more power over how the container is created and managed while it is running.
-This will also launch the container in the background so you will have to edit the `config.json` to remove the `terminal` setting for the simple examples here.
+This will also launch the container in the background so you will have to edit
+the `config.json` to remove the `terminal` setting for the simple examples
+below (see more details about [runc terminal handling](docs/terminals.md)).
 Your process field in the `config.json` should look like this below with `"terminal": false` and `"args": ["sleep", "5"]`.
 
 
@@ -229,7 +258,14 @@ runc delete mycontainerid
 This allows higher level systems to augment the containers creation logic with setup of various settings after the container is created and/or before it is deleted. For example, the container's network stack is commonly set up after `create` but before `start`.
 
 #### Rootless containers
-`runc` has the ability to run containers without root privileges. This is called `rootless`. You need to pass some parameters to `runc` in order to run rootless containers. See below and compare with the previous version. Run the following commands as an ordinary user:
+`runc` has the ability to run containers without root privileges. This is called `rootless`. You need to pass some parameters to `runc` in order to run rootless containers. See below and compare with the previous version.
+
+**Note:** In order to use this feature, "User Namespaces" must be compiled and enabled in your kernel. There are various ways to do this depending on your distribution:
+- Confirm `CONFIG_USER_NS=y` is set in your kernel configuration (normally found in `/proc/config.gz`)
+- Arch/Debian: `echo 1 > /proc/sys/kernel/unprivileged_userns_clone`
+- RHEL/CentOS 7: `echo 28633 > /proc/sys/user/max_user_namespaces`
+
+Run the following commands as an ordinary user:
 ```bash
 # Same as the first example
 mkdir ~/mycontainer
@@ -263,3 +299,14 @@ PIDFile=/run/mycontainerid.pid
 [Install]
 WantedBy=multi-user.target
 ```
+
+## More documentation
+
+* [cgroup v2](./docs/cgroup-v2.md)
+* [Checkpoint and restore](./docs/checkpoint-restore.md)
+* [systemd cgroup driver](./docs/systemd.md)
+* [Terminals and standard IO](./docs/terminals.md)
+
+## License
+
+The code and docs are released under the [Apache 2.0 license](LICENSE).
diff --git a/vendor/github.com/opencontainers/runc/go.mod b/vendor/github.com/opencontainers/runc/go.mod
new file mode 100644
index 0000000000000..71e83fe980968
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/go.mod
@@ -0,0 +1,28 @@
+module github.com/opencontainers/runc
+
+go 1.13
+
+require (
+	github.com/bits-and-blooms/bitset v1.2.0
+	github.com/checkpoint-restore/go-criu/v5 v5.0.0
+	github.com/cilium/ebpf v0.6.2
+	github.com/containerd/console v1.0.2
+	github.com/coreos/go-systemd/v22 v22.3.2
+	github.com/cyphar/filepath-securejoin v0.2.2
+	github.com/docker/go-units v0.4.0
+	github.com/godbus/dbus/v5 v5.0.4
+	github.com/moby/sys/mountinfo v0.4.1
+	github.com/mrunalp/fileutils v0.5.0
+	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
+	github.com/opencontainers/selinux v1.8.2
+	github.com/pkg/errors v0.9.1
+	github.com/seccomp/libseccomp-golang v0.9.1
+	github.com/sirupsen/logrus v1.8.1
+	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
+	// NOTE: urfave/cli must be <= v1.22.1 due to a regression: https://github.com/urfave/cli/issues/1092
+	github.com/urfave/cli v1.22.1
+	github.com/vishvananda/netlink v1.1.0
+	golang.org/x/net v0.0.0-20201224014010-6772e930b67b
+	golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
+	google.golang.org/protobuf v1.26.0
+)
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/README.md b/vendor/github.com/opencontainers/runc/libcontainer/README.md
index 42f3efe563991..13eee49d4b974 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/README.md
+++ b/vendor/github.com/opencontainers/runc/libcontainer/README.md
@@ -57,90 +57,94 @@ struct describing how the container is to be created. A sample would look simila
 
 ```go
 defaultMountFlags := unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV
+var devices []*configs.DeviceRule
+for _, device := range specconv.AllowedDevices {
+	devices = append(devices, &device.Rule)
+}
 config := &configs.Config{
 	Rootfs: "/your/path/to/rootfs",
 	Capabilities: &configs.Capabilities{
-                Bounding: []string{
-                        "CAP_CHOWN",
-                        "CAP_DAC_OVERRIDE",
-                        "CAP_FSETID",
-                        "CAP_FOWNER",
-                        "CAP_MKNOD",
-                        "CAP_NET_RAW",
-                        "CAP_SETGID",
-                        "CAP_SETUID",
-                        "CAP_SETFCAP",
-                        "CAP_SETPCAP",
-                        "CAP_NET_BIND_SERVICE",
-                        "CAP_SYS_CHROOT",
-                        "CAP_KILL",
-                        "CAP_AUDIT_WRITE",
-                },
-                Effective: []string{
-                        "CAP_CHOWN",
-                        "CAP_DAC_OVERRIDE",
-                        "CAP_FSETID",
-                        "CAP_FOWNER",
-                        "CAP_MKNOD",
-                        "CAP_NET_RAW",
-                        "CAP_SETGID",
-                        "CAP_SETUID",
-                        "CAP_SETFCAP",
-                        "CAP_SETPCAP",
-                        "CAP_NET_BIND_SERVICE",
-                        "CAP_SYS_CHROOT",
-                        "CAP_KILL",
-                        "CAP_AUDIT_WRITE",
-                },
-                Inheritable: []string{
-                        "CAP_CHOWN",
-                        "CAP_DAC_OVERRIDE",
-                        "CAP_FSETID",
-                        "CAP_FOWNER",
-                        "CAP_MKNOD",
-                        "CAP_NET_RAW",
-                        "CAP_SETGID",
-                        "CAP_SETUID",
-                        "CAP_SETFCAP",
-                        "CAP_SETPCAP",
-                        "CAP_NET_BIND_SERVICE",
-                        "CAP_SYS_CHROOT",
-                        "CAP_KILL",
-                        "CAP_AUDIT_WRITE",
-                },
-                Permitted: []string{
-                        "CAP_CHOWN",
-                        "CAP_DAC_OVERRIDE",
-                        "CAP_FSETID",
-                        "CAP_FOWNER",
-                        "CAP_MKNOD",
-                        "CAP_NET_RAW",
-                        "CAP_SETGID",
-                        "CAP_SETUID",
-                        "CAP_SETFCAP",
-                        "CAP_SETPCAP",
-                        "CAP_NET_BIND_SERVICE",
-                        "CAP_SYS_CHROOT",
-                        "CAP_KILL",
-                        "CAP_AUDIT_WRITE",
-                },
-                Ambient: []string{
-                        "CAP_CHOWN",
-                        "CAP_DAC_OVERRIDE",
-                        "CAP_FSETID",
-                        "CAP_FOWNER",
-                        "CAP_MKNOD",
-                        "CAP_NET_RAW",
-                        "CAP_SETGID",
-                        "CAP_SETUID",
-                        "CAP_SETFCAP",
-                        "CAP_SETPCAP",
-                        "CAP_NET_BIND_SERVICE",
-                        "CAP_SYS_CHROOT",
-                        "CAP_KILL",
-                        "CAP_AUDIT_WRITE",
-                },
-        },
+		Bounding: []string{
+			"CAP_CHOWN",
+			"CAP_DAC_OVERRIDE",
+			"CAP_FSETID",
+			"CAP_FOWNER",
+			"CAP_MKNOD",
+			"CAP_NET_RAW",
+			"CAP_SETGID",
+			"CAP_SETUID",
+			"CAP_SETFCAP",
+			"CAP_SETPCAP",
+			"CAP_NET_BIND_SERVICE",
+			"CAP_SYS_CHROOT",
+			"CAP_KILL",
+			"CAP_AUDIT_WRITE",
+		},
+		Effective: []string{
+			"CAP_CHOWN",
+			"CAP_DAC_OVERRIDE",
+			"CAP_FSETID",
+			"CAP_FOWNER",
+			"CAP_MKNOD",
+			"CAP_NET_RAW",
+			"CAP_SETGID",
+			"CAP_SETUID",
+			"CAP_SETFCAP",
+			"CAP_SETPCAP",
+			"CAP_NET_BIND_SERVICE",
+			"CAP_SYS_CHROOT",
+			"CAP_KILL",
+			"CAP_AUDIT_WRITE",
+		},
+		Inheritable: []string{
+			"CAP_CHOWN",
+			"CAP_DAC_OVERRIDE",
+			"CAP_FSETID",
+			"CAP_FOWNER",
+			"CAP_MKNOD",
+			"CAP_NET_RAW",
+			"CAP_SETGID",
+			"CAP_SETUID",
+			"CAP_SETFCAP",
+			"CAP_SETPCAP",
+			"CAP_NET_BIND_SERVICE",
+			"CAP_SYS_CHROOT",
+			"CAP_KILL",
+			"CAP_AUDIT_WRITE",
+		},
+		Permitted: []string{
+			"CAP_CHOWN",
+			"CAP_DAC_OVERRIDE",
+			"CAP_FSETID",
+			"CAP_FOWNER",
+			"CAP_MKNOD",
+			"CAP_NET_RAW",
+			"CAP_SETGID",
+			"CAP_SETUID",
+			"CAP_SETFCAP",
+			"CAP_SETPCAP",
+			"CAP_NET_BIND_SERVICE",
+			"CAP_SYS_CHROOT",
+			"CAP_KILL",
+			"CAP_AUDIT_WRITE",
+		},
+		Ambient: []string{
+			"CAP_CHOWN",
+			"CAP_DAC_OVERRIDE",
+			"CAP_FSETID",
+			"CAP_FOWNER",
+			"CAP_MKNOD",
+			"CAP_NET_RAW",
+			"CAP_SETGID",
+			"CAP_SETUID",
+			"CAP_SETFCAP",
+			"CAP_SETPCAP",
+			"CAP_NET_BIND_SERVICE",
+			"CAP_SYS_CHROOT",
+			"CAP_KILL",
+			"CAP_AUDIT_WRITE",
+		},
+	},
 	Namespaces: configs.Namespaces([]configs.Namespace{
 		{Type: configs.NEWNS},
 		{Type: configs.NEWUTS},
@@ -148,14 +152,14 @@ config := &configs.Config{
 		{Type: configs.NEWPID},
 		{Type: configs.NEWUSER},
 		{Type: configs.NEWNET},
+		{Type: configs.NEWCGROUP},
 	}),
 	Cgroups: &configs.Cgroup{
 		Name:   "test-container",
 		Parent: "system",
 		Resources: &configs.Resources{
 			MemorySwappiness: nil,
-			AllowAllDevices:  nil,
-			AllowedDevices:   configs.DefaultAllowedDevices,
+			Devices:          devices,
 		},
 	},
 	MaskPaths: []string{
@@ -165,7 +169,7 @@ config := &configs.Config{
 	ReadonlyPaths: []string{
 		"/proc/sys", "/proc/sysrq-trigger", "/proc/irq", "/proc/bus",
 	},
-	Devices:  configs.DefaultAutoCreatedDevices,
+	Devices:  specconv.AllowedDevices,
 	Hostname: "testing",
 	Mounts: []*configs.Mount{
 		{
@@ -260,6 +264,7 @@ process := &libcontainer.Process{
 	Stdin:  os.Stdin,
 	Stdout: os.Stdout,
 	Stderr: os.Stderr,
+	Init:   true,
 }
 
 err := container.Run(process)
@@ -312,7 +317,7 @@ state, err := container.State()
 #### Checkpoint & Restore
 
 libcontainer now integrates [CRIU](http://criu.org/) for checkpointing and restoring containers.
-This let's you save the state of a process running inside a container to disk, and then restore
+This lets you save the state of a process running inside a container to disk, and then restore
 that state into a new process, on the same machine or on another machine.
 
 `criu` version 1.5.2 or higher is required to use checkpoint and restore.
@@ -323,6 +328,7 @@ generated when building libcontainer with docker.
 
 ## Copyright and license
 
-Code and documentation copyright 2014 Docker, inc. Code released under the Apache 2.0 license.
-Docs released under Creative commons.
-
+Code and documentation copyright 2014 Docker, inc.
+The code and documentation are released under the [Apache 2.0 license](../LICENSE).
+The documentation is also released under Creative Commons Attribution 4.0 International License.
+You may obtain a copy of the license, titled CC-BY-4.0, at http://creativecommons.org/licenses/by/4.0/.
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go
deleted file mode 100644
index 7fff0627fa1b3..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go
+++ /dev/null
@@ -1,54 +0,0 @@
-// +build apparmor,linux
-
-package apparmor
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-)
-
-// IsEnabled returns true if apparmor is enabled for the host.
-func IsEnabled() bool {
-	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
-		if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
-			buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
-			return err == nil && len(buf) > 1 && buf[0] == 'Y'
-		}
-	}
-	return false
-}
-
-func setprocattr(attr, value string) error {
-	// Under AppArmor you can only change your own attr, so use /proc/self/
-	// instead of /proc/<tid>/ like libapparmor does
-	path := fmt.Sprintf("/proc/self/attr/%s", attr)
-
-	f, err := os.OpenFile(path, os.O_WRONLY, 0)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	_, err = fmt.Fprintf(f, "%s", value)
-	return err
-}
-
-// changeOnExec reimplements aa_change_onexec from libapparmor in Go
-func changeOnExec(name string) error {
-	value := "exec " + name
-	if err := setprocattr("exec", value); err != nil {
-		return fmt.Errorf("apparmor failed to apply profile: %s", err)
-	}
-	return nil
-}
-
-// ApplyProfile will apply the profile with the specified name to the process after
-// the next exec.
-func ApplyProfile(name string) error {
-	if name == "" {
-		return nil
-	}
-
-	return changeOnExec(name)
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go
deleted file mode 100644
index d4110cf0bc6da..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// +build !apparmor !linux
-
-package apparmor
-
-import (
-	"errors"
-)
-
-var ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported")
-
-func IsEnabled() bool {
-	return false
-}
-
-func ApplyProfile(name string) error {
-	if name != "" {
-		return ErrApparmorNotEnabled
-	}
-	return nil
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go
index 25ff5158933ac..68a346ca531ad 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go
@@ -3,62 +3,59 @@
 package cgroups
 
 import (
-	"fmt"
-
 	"github.com/opencontainers/runc/libcontainer/configs"
 )
 
 type Manager interface {
-	// Applies cgroup configuration to the process with the specified pid
+	// Apply creates a cgroup, if not yet created, and adds a process
+	// with the specified pid into that cgroup.  A special value of -1
+	// can be used to merely create a cgroup.
 	Apply(pid int) error
 
-	// Returns the PIDs inside the cgroup set
+	// GetPids returns the PIDs of all processes inside the cgroup.
 	GetPids() ([]int, error)
 
-	// Returns the PIDs inside the cgroup set & all sub-cgroups
+	// GetAllPids returns the PIDs of all processes inside the cgroup
+	// any all its sub-cgroups.
 	GetAllPids() ([]int, error)
 
-	// Returns statistics for the cgroup set
+	// GetStats returns cgroups statistics.
 	GetStats() (*Stats, error)
 
-	// Toggles the freezer cgroup according with specified state
+	// Freeze sets the freezer cgroup to the specified state.
 	Freeze(state configs.FreezerState) error
 
-	// Destroys the cgroup set
+	// Destroy removes cgroup.
 	Destroy() error
 
-	// The option func SystemdCgroups() and Cgroupfs() require following attributes:
-	// 	Paths   map[string]string
-	// 	Cgroups *configs.Cgroup
-	// Paths maps cgroup subsystem to path at which it is mounted.
-	// Cgroups specifies specific cgroup settings for the various subsystems
-
-	// Returns cgroup paths to save in a state file and to be able to
-	// restore the object later.
+	// Path returns a cgroup path to the specified controller/subsystem.
+	// For cgroupv2, the argument is unused and can be empty.
+	Path(string) string
+
+	// Set sets cgroup resources parameters/limits. If the argument is nil,
+	// the resources specified during Manager creation (or the previous call
+	// to Set) are used.
+	Set(r *configs.Resources) error
+
+	// GetPaths returns cgroup path(s) to save in a state file in order to
+	// restore later.
+	//
+	// For cgroup v1, a key is cgroup subsystem name, and the value is the
+	// path to the cgroup for this subsystem.
+	//
+	// For cgroup v2 unified hierarchy, a key is "", and the value is the
+	// unified path.
 	GetPaths() map[string]string
 
-	// Sets the cgroup as configured.
-	Set(container *configs.Config) error
-}
+	// GetCgroups returns the cgroup data as configured.
+	GetCgroups() (*configs.Cgroup, error)
 
-type NotFoundError struct {
-	Subsystem string
-}
+	// GetFreezerState retrieves the current FreezerState of the cgroup.
+	GetFreezerState() (configs.FreezerState, error)
 
-func (e *NotFoundError) Error() string {
-	return fmt.Sprintf("mountpoint for %s not found", e.Subsystem)
-}
-
-func NewNotFoundError(sub string) error {
-	return &NotFoundError{
-		Subsystem: sub,
-	}
-}
+	// Exists returns whether the cgroup path exists or not.
+	Exists() bool
 
-func IsNotFound(err error) bool {
-	if err == nil {
-		return false
-	}
-	_, ok := err.(*NotFoundError)
-	return ok
+	// OOMKillCount reports OOM kill count for the cgroup.
+	OOMKillCount() (uint64, error)
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/file.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/file.go
new file mode 100644
index 0000000000000..5f6ab9fd69991
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/file.go
@@ -0,0 +1,166 @@
+package cgroups
+
+import (
+	"bytes"
+	"os"
+	"strings"
+	"sync"
+
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+// OpenFile opens a cgroup file in a given dir with given flags.
+// It is supposed to be used for cgroup files only.
+func OpenFile(dir, file string, flags int) (*os.File, error) {
+	if dir == "" {
+		return nil, errors.Errorf("no directory specified for %s", file)
+	}
+	return openFile(dir, file, flags)
+}
+
+// ReadFile reads data from a cgroup file in dir.
+// It is supposed to be used for cgroup files only.
+func ReadFile(dir, file string) (string, error) {
+	fd, err := OpenFile(dir, file, unix.O_RDONLY)
+	if err != nil {
+		return "", err
+	}
+	defer fd.Close()
+	var buf bytes.Buffer
+
+	_, err = buf.ReadFrom(fd)
+	return buf.String(), err
+}
+
+// WriteFile writes data to a cgroup file in dir.
+// It is supposed to be used for cgroup files only.
+func WriteFile(dir, file, data string) error {
+	fd, err := OpenFile(dir, file, unix.O_WRONLY)
+	if err != nil {
+		return err
+	}
+	defer fd.Close()
+	if err := retryingWriteFile(fd, data); err != nil {
+		return errors.Wrapf(err, "failed to write %q", data)
+	}
+	return nil
+}
+
+func retryingWriteFile(fd *os.File, data string) error {
+	for {
+		_, err := fd.Write([]byte(data))
+		if errors.Is(err, unix.EINTR) {
+			logrus.Infof("interrupted while writing %s to %s", data, fd.Name())
+			continue
+		}
+		return err
+	}
+}
+
+const (
+	cgroupfsDir    = "/sys/fs/cgroup"
+	cgroupfsPrefix = cgroupfsDir + "/"
+)
+
+var (
+	// TestMode is set to true by unit tests that need "fake" cgroupfs.
+	TestMode bool
+
+	cgroupFd     int = -1
+	prepOnce     sync.Once
+	prepErr      error
+	resolveFlags uint64
+)
+
+func prepareOpenat2() error {
+	prepOnce.Do(func() {
+		fd, err := unix.Openat2(-1, cgroupfsDir, &unix.OpenHow{
+			Flags: unix.O_DIRECTORY | unix.O_PATH,
+		})
+		if err != nil {
+			prepErr = &os.PathError{Op: "openat2", Path: cgroupfsDir, Err: err}
+			if err != unix.ENOSYS {
+				logrus.Warnf("falling back to securejoin: %s", prepErr)
+			} else {
+				logrus.Debug("openat2 not available, falling back to securejoin")
+			}
+			return
+		}
+		var st unix.Statfs_t
+		if err = unix.Fstatfs(fd, &st); err != nil {
+			prepErr = &os.PathError{Op: "statfs", Path: cgroupfsDir, Err: err}
+			logrus.Warnf("falling back to securejoin: %s", prepErr)
+			return
+		}
+
+		cgroupFd = fd
+
+		resolveFlags = unix.RESOLVE_BENEATH | unix.RESOLVE_NO_MAGICLINKS
+		if st.Type == unix.CGROUP2_SUPER_MAGIC {
+			// cgroupv2 has a single mountpoint and no "cpu,cpuacct" symlinks
+			resolveFlags |= unix.RESOLVE_NO_XDEV | unix.RESOLVE_NO_SYMLINKS
+		}
+	})
+
+	return prepErr
+}
+
+// OpenFile opens a cgroup file in a given dir with given flags.
+// It is supposed to be used for cgroup files only.
+func openFile(dir, file string, flags int) (*os.File, error) {
+	mode := os.FileMode(0)
+	if TestMode && flags&os.O_WRONLY != 0 {
+		// "emulate" cgroup fs for unit tests
+		flags |= os.O_TRUNC | os.O_CREATE
+		mode = 0o600
+	}
+	if prepareOpenat2() != nil {
+		return openFallback(dir, file, flags, mode)
+	}
+	reldir := strings.TrimPrefix(dir, cgroupfsPrefix)
+	if len(reldir) == len(dir) { // non-standard path, old system?
+		return openFallback(dir, file, flags, mode)
+	}
+
+	relname := reldir + "/" + file
+	fd, err := unix.Openat2(cgroupFd, relname,
+		&unix.OpenHow{
+			Resolve: resolveFlags,
+			Flags:   uint64(flags) | unix.O_CLOEXEC,
+			Mode:    uint64(mode),
+		})
+	if err != nil {
+		return nil, &os.PathError{Op: "openat2", Path: dir + "/" + file, Err: err}
+	}
+
+	return os.NewFile(uintptr(fd), cgroupfsPrefix+relname), nil
+}
+
+var errNotCgroupfs = errors.New("not a cgroup file")
+
+// openFallback is used when openat2(2) is not available. It checks the opened
+// file is on cgroupfs, returning an error otherwise.
+func openFallback(dir, file string, flags int, mode os.FileMode) (*os.File, error) {
+	path := dir + "/" + file
+	fd, err := os.OpenFile(path, flags, mode)
+	if err != nil {
+		return nil, err
+	}
+	if TestMode {
+		return fd, nil
+	}
+	// Check this is a cgroupfs file.
+	var st unix.Statfs_t
+	if err := unix.Fstatfs(int(fd.Fd()), &st); err != nil {
+		_ = fd.Close()
+		return nil, &os.PathError{Op: "statfs", Path: path, Err: err}
+	}
+	if st.Type != unix.CGROUP_SUPER_MAGIC && st.Type != unix.CGROUP2_SUPER_MAGIC {
+		_ = fd.Close()
+		return nil, &os.PathError{Op: "open", Path: path, Err: errNotCgroupfs}
+	}
+
+	return fd, nil
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/stats.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/stats.go
index 8eeedc55b078f..e7f9c462635c3 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/stats.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/stats.go
@@ -20,6 +20,12 @@ type CpuUsage struct {
 	// Total CPU time consumed per core.
 	// Units: nanoseconds.
 	PercpuUsage []uint64 `json:"percpu_usage,omitempty"`
+	// CPU time consumed per core in kernel mode
+	// Units: nanoseconds.
+	PercpuUsageInKernelmode []uint64 `json:"percpu_usage_in_kernelmode"`
+	// CPU time consumed per core in user mode
+	// Units: nanoseconds.
+	PercpuUsageInUsermode []uint64 `json:"percpu_usage_in_usermode"`
 	// Time spent by tasks of the cgroup in kernel mode.
 	// Units: nanoseconds.
 	UsageInKernelmode uint64 `json:"usage_in_kernelmode"`
@@ -33,6 +39,33 @@ type CpuStats struct {
 	ThrottlingData ThrottlingData `json:"throttling_data,omitempty"`
 }
 
+type CPUSetStats struct {
+	// List of the physical numbers of the CPUs on which processes
+	// in that cpuset are allowed to execute
+	CPUs []uint16 `json:"cpus,omitempty"`
+	// cpu_exclusive flag
+	CPUExclusive uint64 `json:"cpu_exclusive"`
+	// List of memory nodes on which processes in that cpuset
+	// are allowed to allocate memory
+	Mems []uint16 `json:"mems,omitempty"`
+	// mem_hardwall flag
+	MemHardwall uint64 `json:"mem_hardwall"`
+	// mem_exclusive flag
+	MemExclusive uint64 `json:"mem_exclusive"`
+	// memory_migrate flag
+	MemoryMigrate uint64 `json:"memory_migrate"`
+	// memory_spread page flag
+	MemorySpreadPage uint64 `json:"memory_spread_page"`
+	// memory_spread slab flag
+	MemorySpreadSlab uint64 `json:"memory_spread_slab"`
+	// memory_pressure
+	MemoryPressure uint64 `json:"memory_pressure"`
+	// sched_load balance flag
+	SchedLoadBalance uint64 `json:"sched_load_balance"`
+	// sched_relax_domain_level
+	SchedRelaxDomainLevel int64 `json:"sched_relax_domain_level"`
+}
+
 type MemoryData struct {
 	Usage    uint64 `json:"usage,omitempty"`
 	MaxUsage uint64 `json:"max_usage,omitempty"`
@@ -51,12 +84,33 @@ type MemoryStats struct {
 	KernelUsage MemoryData `json:"kernel_usage,omitempty"`
 	// usage of kernel TCP memory
 	KernelTCPUsage MemoryData `json:"kernel_tcp_usage,omitempty"`
+	// usage of memory pages by NUMA node
+	// see chapter 5.6 of memory controller documentation
+	PageUsageByNUMA PageUsageByNUMA `json:"page_usage_by_numa,omitempty"`
 	// if true, memory usage is accounted for throughout a hierarchy of cgroups.
 	UseHierarchy bool `json:"use_hierarchy"`
 
 	Stats map[string]uint64 `json:"stats,omitempty"`
 }
 
+type PageUsageByNUMA struct {
+	// Embedding is used as types can't be recursive.
+	PageUsageByNUMAInner
+	Hierarchical PageUsageByNUMAInner `json:"hierarchical,omitempty"`
+}
+
+type PageUsageByNUMAInner struct {
+	Total       PageStats `json:"total,omitempty"`
+	File        PageStats `json:"file,omitempty"`
+	Anon        PageStats `json:"anon,omitempty"`
+	Unevictable PageStats `json:"unevictable,omitempty"`
+}
+
+type PageStats struct {
+	Total uint64           `json:"total,omitempty"`
+	Nodes map[uint8]uint64 `json:"nodes,omitempty"`
+}
+
 type PidsStats struct {
 	// number of pids in the cgroup
 	Current uint64 `json:"current,omitempty"`
@@ -94,6 +148,7 @@ type HugetlbStats struct {
 
 type Stats struct {
 	CpuStats    CpuStats    `json:"cpu_stats,omitempty"`
+	CPUSetStats CPUSetStats `json:"cpuset_stats,omitempty"`
 	MemoryStats MemoryStats `json:"memory_stats,omitempty"`
 	PidsStats   PidsStats   `json:"pids_stats,omitempty"`
 	BlkioStats  BlkioStats  `json:"blkio_stats,omitempty"`
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
index 7c61ff13fcc0c..92606525b4d77 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
@@ -4,6 +4,7 @@ package cgroups
 
 import (
 	"bufio"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -11,111 +12,41 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
-	units "github.com/docker/go-units"
+	"github.com/opencontainers/runc/libcontainer/userns"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 const (
-	cgroupNamePrefix = "name="
-	CgroupProcesses  = "cgroup.procs"
+	CgroupProcesses   = "cgroup.procs"
+	unifiedMountpoint = "/sys/fs/cgroup"
 )
 
-// https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
-func FindCgroupMountpoint(subsystem string) (string, error) {
-	mnt, _, err := FindCgroupMountpointAndRoot(subsystem)
-	return mnt, err
-}
-
-func FindCgroupMountpointAndRoot(subsystem string) (string, string, error) {
-	// We are not using mount.GetMounts() because it's super-inefficient,
-	// parsing it directly sped up x10 times because of not using Sscanf.
-	// It was one of two major performance drawbacks in container start.
-	if !isSubsystemAvailable(subsystem) {
-		return "", "", NewNotFoundError(subsystem)
-	}
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return "", "", err
-	}
-	defer f.Close()
-
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		txt := scanner.Text()
-		fields := strings.Split(txt, " ")
-		for _, opt := range strings.Split(fields[len(fields)-1], ",") {
-			if opt == subsystem {
-				return fields[4], fields[3], nil
-			}
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return "", "", err
-	}
-
-	return "", "", NewNotFoundError(subsystem)
-}
-
-func isSubsystemAvailable(subsystem string) bool {
-	cgroups, err := ParseCgroupFile("/proc/self/cgroup")
-	if err != nil {
-		return false
-	}
-	_, avail := cgroups[subsystem]
-	return avail
-}
-
-func GetClosestMountpointAncestor(dir, mountinfo string) string {
-	deepestMountPoint := ""
-	for _, mountInfoEntry := range strings.Split(mountinfo, "\n") {
-		mountInfoParts := strings.Fields(mountInfoEntry)
-		if len(mountInfoParts) < 5 {
-			continue
-		}
-		mountPoint := mountInfoParts[4]
-		if strings.HasPrefix(mountPoint, deepestMountPoint) && strings.HasPrefix(dir, mountPoint) {
-			deepestMountPoint = mountPoint
-		}
-	}
-	return deepestMountPoint
-}
-
-func FindCgroupMountpointDir() (string, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		text := scanner.Text()
-		fields := strings.Split(text, " ")
-		// Safe as mountinfo encodes mountpoints with spaces as \040.
-		index := strings.Index(text, " - ")
-		postSeparatorFields := strings.Fields(text[index+3:])
-		numPostFields := len(postSeparatorFields)
-
-		// This is an error as we can't detect if the mount is for "cgroup"
-		if numPostFields == 0 {
-			return "", fmt.Errorf("Found no fields post '-' in %q", text)
-		}
+var (
+	isUnifiedOnce sync.Once
+	isUnified     bool
+)
 
-		if postSeparatorFields[0] == "cgroup" {
-			// Check that the mount is properly formatted.
-			if numPostFields < 3 {
-				return "", fmt.Errorf("Error found less than 3 fields post '-' in %q", text)
+// IsCgroup2UnifiedMode returns whether we are running in cgroup v2 unified mode.
+func IsCgroup2UnifiedMode() bool {
+	isUnifiedOnce.Do(func() {
+		var st unix.Statfs_t
+		err := unix.Statfs(unifiedMountpoint, &st)
+		if err != nil {
+			if os.IsNotExist(err) && userns.RunningInUserNS() {
+				// ignore the "not found" error if running in userns
+				logrus.WithError(err).Debugf("%s missing, assuming cgroup v1", unifiedMountpoint)
+				isUnified = false
+				return
 			}
-
-			return filepath.Dir(fields[4]), nil
+			panic(fmt.Sprintf("cannot statfs cgroup root: %s", err))
 		}
-	}
-	if err := scanner.Err(); err != nil {
-		return "", err
-	}
-
-	return "", NewNotFoundError("cgroup")
+		isUnified = st.Type == unix.CGROUP2_SUPER_MAGIC
+	})
+	return isUnified
 }
 
 type Mount struct {
@@ -124,77 +55,45 @@ type Mount struct {
 	Subsystems []string
 }
 
-func (m Mount) GetOwnCgroup(cgroups map[string]string) (string, error) {
-	if len(m.Subsystems) == 0 {
-		return "", fmt.Errorf("no subsystem for mount")
-	}
-
-	return getControllerPath(m.Subsystems[0], cgroups)
-}
-
-func getCgroupMountsHelper(ss map[string]bool, mi io.Reader, all bool) ([]Mount, error) {
-	res := make([]Mount, 0, len(ss))
-	scanner := bufio.NewScanner(mi)
-	numFound := 0
-	for scanner.Scan() && numFound < len(ss) {
-		txt := scanner.Text()
-		sepIdx := strings.Index(txt, " - ")
-		if sepIdx == -1 {
-			return nil, fmt.Errorf("invalid mountinfo format")
-		}
-		if txt[sepIdx+3:sepIdx+10] == "cgroup2" || txt[sepIdx+3:sepIdx+9] != "cgroup" {
-			continue
-		}
-		fields := strings.Split(txt, " ")
-		m := Mount{
-			Mountpoint: fields[4],
-			Root:       fields[3],
-		}
-		for _, opt := range strings.Split(fields[len(fields)-1], ",") {
-			seen, known := ss[opt]
-			if !known || (!all && seen) {
-				continue
-			}
-			ss[opt] = true
-			if strings.HasPrefix(opt, cgroupNamePrefix) {
-				opt = opt[len(cgroupNamePrefix):]
-			}
-			m.Subsystems = append(m.Subsystems, opt)
-			numFound++
-		}
-		if len(m.Subsystems) > 0 || all {
-			res = append(res, m)
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
 // GetCgroupMounts returns the mounts for the cgroup subsystems.
 // all indicates whether to return just the first instance or all the mounts.
+// This function should not be used from cgroupv2 code, as in this case
+// all the controllers are available under the constant unifiedMountpoint.
 func GetCgroupMounts(all bool) ([]Mount, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	allSubsystems, err := ParseCgroupFile("/proc/self/cgroup")
-	if err != nil {
-		return nil, err
+	if IsCgroup2UnifiedMode() {
+		// TODO: remove cgroupv2 case once all external users are converted
+		availableControllers, err := GetAllSubsystems()
+		if err != nil {
+			return nil, err
+		}
+		m := Mount{
+			Mountpoint: unifiedMountpoint,
+			Root:       unifiedMountpoint,
+			Subsystems: availableControllers,
+		}
+		return []Mount{m}, nil
 	}
 
-	allMap := make(map[string]bool)
-	for s := range allSubsystems {
-		allMap[s] = false
-	}
-	return getCgroupMountsHelper(allMap, f, all)
+	return getCgroupMountsV1(all)
 }
 
 // GetAllSubsystems returns all the cgroup subsystems supported by the kernel
 func GetAllSubsystems() ([]string, error) {
+	// /proc/cgroups is meaningless for v2
+	// https://github.com/torvalds/linux/blob/v5.3/Documentation/admin-guide/cgroup-v2.rst#deprecated-v1-core-features
+	if IsCgroup2UnifiedMode() {
+		// "pseudo" controllers do not appear in /sys/fs/cgroup/cgroup.controllers.
+		// - devices: implemented in kernel 4.15
+		// - freezer: implemented in kernel 5.2
+		// We assume these are always available, as it is hard to detect availability.
+		pseudo := []string{"devices", "freezer"}
+		data, err := ReadFile("/sys/fs/cgroup", "cgroup.controllers")
+		if err != nil {
+			return nil, err
+		}
+		subsystems := append(pseudo, strings.Fields(data)...)
+		return subsystems, nil
+	}
 	f, err := os.Open("/proc/cgroups")
 	if err != nil {
 		return nil, err
@@ -219,61 +118,8 @@ func GetAllSubsystems() ([]string, error) {
 	return subsystems, nil
 }
 
-// GetOwnCgroup returns the relative path to the cgroup docker is running in.
-func GetOwnCgroup(subsystem string) (string, error) {
-	cgroups, err := ParseCgroupFile("/proc/self/cgroup")
-	if err != nil {
-		return "", err
-	}
-
-	return getControllerPath(subsystem, cgroups)
-}
-
-func GetOwnCgroupPath(subsystem string) (string, error) {
-	cgroup, err := GetOwnCgroup(subsystem)
-	if err != nil {
-		return "", err
-	}
-
-	return getCgroupPathHelper(subsystem, cgroup)
-}
-
-func GetInitCgroup(subsystem string) (string, error) {
-	cgroups, err := ParseCgroupFile("/proc/1/cgroup")
-	if err != nil {
-		return "", err
-	}
-
-	return getControllerPath(subsystem, cgroups)
-}
-
-func GetInitCgroupPath(subsystem string) (string, error) {
-	cgroup, err := GetInitCgroup(subsystem)
-	if err != nil {
-		return "", err
-	}
-
-	return getCgroupPathHelper(subsystem, cgroup)
-}
-
-func getCgroupPathHelper(subsystem, cgroup string) (string, error) {
-	mnt, root, err := FindCgroupMountpointAndRoot(subsystem)
-	if err != nil {
-		return "", err
-	}
-
-	// This is needed for nested containers, because in /proc/self/cgroup we
-	// see paths from host, which don't exist in container.
-	relCgroup, err := filepath.Rel(root, cgroup)
-	if err != nil {
-		return "", err
-	}
-
-	return filepath.Join(mnt, relCgroup), nil
-}
-
-func readProcsFile(dir string) ([]int, error) {
-	f, err := os.Open(filepath.Join(dir, CgroupProcesses))
+func readProcsFile(file string) ([]int, error) {
+	f, err := os.Open(file)
 	if err != nil {
 		return nil, err
 	}
@@ -293,11 +139,18 @@ func readProcsFile(dir string) ([]int, error) {
 			out = append(out, pid)
 		}
 	}
-	return out, nil
+	return out, s.Err()
 }
 
-// ParseCgroupFile parses the given cgroup file, typically from
-// /proc/<pid>/cgroup, into a map of subgroups to cgroup names.
+// ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup
+// or /proc/<pid>/cgroup, into a map of subsystems to cgroup paths, e.g.
+//   "cpu": "/user.slice/user-1000.slice"
+//   "pids": "/user.slice/user-1000.slice"
+// etc.
+//
+// Note that for cgroup v2 unified hierarchy, there are no per-controller
+// cgroup paths, so the resulting map will have a single element where the key
+// is empty string ("") and the value is the cgroup path the <pid> is in.
 func ParseCgroupFile(path string) (map[string]string, error) {
 	f, err := os.Open(path)
 	if err != nil {
@@ -337,19 +190,6 @@ func parseCgroupFromReader(r io.Reader) (map[string]string, error) {
 	return cgroups, nil
 }
 
-func getControllerPath(subsystem string, cgroups map[string]string) (string, error) {
-
-	if p, ok := cgroups[subsystem]; ok {
-		return p, nil
-	}
-
-	if p, ok := cgroups[cgroupNamePrefix+subsystem]; ok {
-		return p, nil
-	}
-
-	return "", NewNotFoundError(subsystem)
-}
-
 func PathExists(path string) bool {
 	if _, err := os.Stat(path); err != nil {
 		return false
@@ -368,20 +208,65 @@ func EnterPid(cgroupPaths map[string]string, pid int) error {
 	return nil
 }
 
+func rmdir(path string) error {
+	err := unix.Rmdir(path)
+	if err == nil || err == unix.ENOENT {
+		return nil
+	}
+	return &os.PathError{Op: "rmdir", Path: path, Err: err}
+}
+
+// RemovePath aims to remove cgroup path. It does so recursively,
+// by removing any subdirectories (sub-cgroups) first.
+func RemovePath(path string) error {
+	// try the fast path first
+	if err := rmdir(path); err == nil {
+		return nil
+	}
+
+	infos, err := ioutil.ReadDir(path)
+	if err != nil {
+		if os.IsNotExist(err) {
+			err = nil
+		}
+		return err
+	}
+	for _, info := range infos {
+		if info.IsDir() {
+			// We should remove subcgroups dir first
+			if err = RemovePath(filepath.Join(path, info.Name())); err != nil {
+				break
+			}
+		}
+	}
+	if err == nil {
+		err = rmdir(path)
+	}
+	return err
+}
+
 // RemovePaths iterates over the provided paths removing them.
 // We trying to remove all paths five times with increasing delay between tries.
 // If after all there are not removed cgroups - appropriate error will be
 // returned.
 func RemovePaths(paths map[string]string) (err error) {
+	const retries = 5
 	delay := 10 * time.Millisecond
-	for i := 0; i < 5; i++ {
+	for i := 0; i < retries; i++ {
 		if i != 0 {
 			time.Sleep(delay)
 			delay *= 2
 		}
 		for s, p := range paths {
-			os.RemoveAll(p)
-			// TODO: here probably should be logging
+			if err := RemovePath(p); err != nil {
+				// do not log intermediate iterations
+				switch i {
+				case 0:
+					logrus.WithError(err).Warnf("Failed to remove cgroup (will retry)")
+				case retries - 1:
+					logrus.WithError(err).Error("Failed to remove cgroup")
+				}
+			}
 			_, err := os.Stat(p)
 			// We need this strange way of checking cgroups existence because
 			// RemoveAll almost always returns error, even on already removed
@@ -391,6 +276,8 @@ func RemovePaths(paths map[string]string) (err error) {
 			}
 		}
 		if len(paths) == 0 {
+			//nolint:ineffassign,staticcheck // done to help garbage collecting: opencontainers/runc#2506
+			paths = make(map[string]string)
 			return nil
 		}
 	}
@@ -398,28 +285,58 @@ func RemovePaths(paths map[string]string) (err error) {
 }
 
 func GetHugePageSize() ([]string, error) {
-	var pageSizes []string
-	sizeList := []string{"B", "kB", "MB", "GB", "TB", "PB"}
-	files, err := ioutil.ReadDir("/sys/kernel/mm/hugepages")
+	dir, err := os.OpenFile("/sys/kernel/mm/hugepages", unix.O_DIRECTORY|unix.O_RDONLY, 0)
 	if err != nil {
-		return pageSizes, err
+		return nil, err
 	}
-	for _, st := range files {
-		nameArray := strings.Split(st.Name(), "-")
-		pageSize, err := units.RAMInBytes(nameArray[1])
+	files, err := dir.Readdirnames(0)
+	dir.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	return getHugePageSizeFromFilenames(files)
+}
+
+func getHugePageSizeFromFilenames(fileNames []string) ([]string, error) {
+	pageSizes := make([]string, 0, len(fileNames))
+
+	for _, file := range fileNames {
+		// example: hugepages-1048576kB
+		val := strings.TrimPrefix(file, "hugepages-")
+		if len(val) == len(file) {
+			// unexpected file name: no prefix found
+			continue
+		}
+		// The suffix is always "kB" (as of Linux 5.9)
+		eLen := len(val) - 2
+		val = strings.TrimSuffix(val, "kB")
+		if len(val) != eLen {
+			logrus.Warnf("GetHugePageSize: %s: invalid filename suffix (expected \"kB\")", file)
+			continue
+		}
+		size, err := strconv.Atoi(val)
 		if err != nil {
-			return []string{}, err
+			return nil, err
 		}
-		sizeString := units.CustomSize("%g%s", float64(pageSize), 1024.0, sizeList)
-		pageSizes = append(pageSizes, sizeString)
+		// Model after https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/mm/hugetlb_cgroup.c?id=eff48ddeab782e35e58ccc8853f7386bbae9dec4#n574
+		// but in our case the size is in KB already.
+		if size >= (1 << 20) {
+			val = strconv.Itoa(size>>20) + "GB"
+		} else if size >= (1 << 10) {
+			val = strconv.Itoa(size>>10) + "MB"
+		} else {
+			val += "KB"
+		}
+		pageSizes = append(pageSizes, val)
 	}
 
 	return pageSizes, nil
 }
 
 // GetPids returns all pids, that were added to cgroup at path.
-func GetPids(path string) ([]int, error) {
-	return readProcsFile(path)
+func GetPids(dir string) ([]int, error) {
+	return readProcsFile(filepath.Join(dir, CgroupProcesses))
 }
 
 // GetAllPids returns all pids, that were added to cgroup at path and to all its
@@ -428,14 +345,13 @@ func GetAllPids(path string) ([]int, error) {
 	var pids []int
 	// collect pids from all sub-cgroups
 	err := filepath.Walk(path, func(p string, info os.FileInfo, iErr error) error {
-		dir, file := filepath.Split(p)
-		if file != CgroupProcesses {
-			return nil
-		}
 		if iErr != nil {
 			return iErr
 		}
-		cPids, err := readProcsFile(dir)
+		if info.IsDir() || info.Name() != CgroupProcesses {
+			return nil
+		}
+		cPids, err := readProcsFile(p)
 		if err != nil {
 			return err
 		}
@@ -454,10 +370,81 @@ func WriteCgroupProc(dir string, pid int) error {
 	}
 
 	// Dont attach any pid to the cgroup if -1 is specified as a pid
-	if pid != -1 {
-		if err := ioutil.WriteFile(filepath.Join(dir, CgroupProcesses), []byte(strconv.Itoa(pid)), 0700); err != nil {
-			return fmt.Errorf("failed to write %v to %v: %v", pid, CgroupProcesses, err)
+	if pid == -1 {
+		return nil
+	}
+
+	file, err := OpenFile(dir, CgroupProcesses, os.O_WRONLY)
+	if err != nil {
+		return fmt.Errorf("failed to write %v to %v: %v", pid, CgroupProcesses, err)
+	}
+	defer file.Close()
+
+	for i := 0; i < 5; i++ {
+		_, err = file.WriteString(strconv.Itoa(pid))
+		if err == nil {
+			return nil
 		}
+
+		// EINVAL might mean that the task being added to cgroup.procs is in state
+		// TASK_NEW. We should attempt to do so again.
+		if errors.Is(err, unix.EINVAL) {
+			time.Sleep(30 * time.Millisecond)
+			continue
+		}
+
+		return fmt.Errorf("failed to write %v to %v: %v", pid, CgroupProcesses, err)
 	}
-	return nil
+	return err
+}
+
+// Since the OCI spec is designed for cgroup v1, in some cases
+// there is need to convert from the cgroup v1 configuration to cgroup v2
+// the formula for cpuShares is y = (1 + ((x - 2) * 9999) / 262142)
+// convert from [2-262144] to [1-10000]
+// 262144 comes from Linux kernel definition "#define MAX_SHARES (1UL << 18)"
+func ConvertCPUSharesToCgroupV2Value(cpuShares uint64) uint64 {
+	if cpuShares == 0 {
+		return 0
+	}
+	return (1 + ((cpuShares-2)*9999)/262142)
+}
+
+// ConvertMemorySwapToCgroupV2Value converts MemorySwap value from OCI spec
+// for use by cgroup v2 drivers. A conversion is needed since Resources.MemorySwap
+// is defined as memory+swap combined, while in cgroup v2 swap is a separate value.
+func ConvertMemorySwapToCgroupV2Value(memorySwap, memory int64) (int64, error) {
+	// for compatibility with cgroup1 controller, set swap to unlimited in
+	// case the memory is set to unlimited, and swap is not explicitly set,
+	// treating the request as "set both memory and swap to unlimited".
+	if memory == -1 && memorySwap == 0 {
+		return -1, nil
+	}
+	if memorySwap == -1 || memorySwap == 0 {
+		// -1 is "max", 0 is "unset", so treat as is
+		return memorySwap, nil
+	}
+	// sanity checks
+	if memory == 0 || memory == -1 {
+		return 0, errors.New("unable to set swap limit without memory limit")
+	}
+	if memory < 0 {
+		return 0, fmt.Errorf("invalid memory value: %d", memory)
+	}
+	if memorySwap < memory {
+		return 0, errors.New("memory+swap limit should be >= memory limit")
+	}
+
+	return memorySwap - memory, nil
+}
+
+// Since the OCI spec is designed for cgroup v1, in some cases
+// there is need to convert from the cgroup v1 configuration to cgroup v2
+// the formula for BlkIOWeight to IOWeight is y = (1 + (x - 10) * 9999 / 990)
+// convert linearly from [10-1000] to [1-10000]
+func ConvertBlkIOToIOWeightValue(blkIoWeight uint16) uint64 {
+	if blkIoWeight == 0 {
+		return 0
+	}
+	return uint64(1 + (uint64(blkIoWeight)-10)*9999/990)
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/v1_utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/v1_utils.go
new file mode 100644
index 0000000000000..95ec9dff0284d
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/v1_utils.go
@@ -0,0 +1,283 @@
+package cgroups
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+	"syscall"
+
+	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/moby/sys/mountinfo"
+	"golang.org/x/sys/unix"
+)
+
+// Code in this source file are specific to cgroup v1,
+// and must not be used from any cgroup v2 code.
+
+const (
+	CgroupNamePrefix = "name="
+	defaultPrefix    = "/sys/fs/cgroup"
+)
+
+var (
+	errUnified     = errors.New("not implemented for cgroup v2 unified hierarchy")
+	ErrV1NoUnified = errors.New("invalid configuration: cannot use unified on cgroup v1")
+
+	readMountinfoOnce sync.Once
+	readMountinfoErr  error
+	cgroupMountinfo   []*mountinfo.Info
+)
+
+type NotFoundError struct {
+	Subsystem string
+}
+
+func (e *NotFoundError) Error() string {
+	return fmt.Sprintf("mountpoint for %s not found", e.Subsystem)
+}
+
+func NewNotFoundError(sub string) error {
+	return &NotFoundError{
+		Subsystem: sub,
+	}
+}
+
+func IsNotFound(err error) bool {
+	if err == nil {
+		return false
+	}
+	_, ok := err.(*NotFoundError)
+	return ok
+}
+
+func tryDefaultPath(cgroupPath, subsystem string) string {
+	if !strings.HasPrefix(defaultPrefix, cgroupPath) {
+		return ""
+	}
+
+	// remove possible prefix
+	subsystem = strings.TrimPrefix(subsystem, CgroupNamePrefix)
+
+	// Make sure we're still under defaultPrefix, and resolve
+	// a possible symlink (like cpu -> cpu,cpuacct).
+	path, err := securejoin.SecureJoin(defaultPrefix, subsystem)
+	if err != nil {
+		return ""
+	}
+
+	// (1) path should be a directory.
+	st, err := os.Lstat(path)
+	if err != nil || !st.IsDir() {
+		return ""
+	}
+
+	// (2) path should be a mount point.
+	pst, err := os.Lstat(filepath.Dir(path))
+	if err != nil {
+		return ""
+	}
+
+	if st.Sys().(*syscall.Stat_t).Dev == pst.Sys().(*syscall.Stat_t).Dev {
+		// parent dir has the same dev -- path is not a mount point
+		return ""
+	}
+
+	// (3) path should have 'cgroup' fs type.
+	fst := unix.Statfs_t{}
+	err = unix.Statfs(path, &fst)
+	if err != nil || fst.Type != unix.CGROUP_SUPER_MAGIC {
+		return ""
+	}
+
+	return path
+}
+
+// readCgroupMountinfo returns a list of cgroup v1 mounts (i.e. the ones
+// with fstype of "cgroup") for the current running process.
+//
+// The results are cached (to avoid re-reading mountinfo which is relatively
+// expensive), so it is assumed that cgroup mounts are not being changed.
+func readCgroupMountinfo() ([]*mountinfo.Info, error) {
+	readMountinfoOnce.Do(func() {
+		cgroupMountinfo, readMountinfoErr = mountinfo.GetMounts(
+			mountinfo.FSTypeFilter("cgroup"),
+		)
+	})
+
+	return cgroupMountinfo, readMountinfoErr
+}
+
+// https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
+func FindCgroupMountpoint(cgroupPath, subsystem string) (string, error) {
+	if IsCgroup2UnifiedMode() {
+		return "", errUnified
+	}
+
+	// Avoid parsing mountinfo by trying the default path first, if possible.
+	if path := tryDefaultPath(cgroupPath, subsystem); path != "" {
+		return path, nil
+	}
+
+	mnt, _, err := FindCgroupMountpointAndRoot(cgroupPath, subsystem)
+	return mnt, err
+}
+
+func FindCgroupMountpointAndRoot(cgroupPath, subsystem string) (string, string, error) {
+	if IsCgroup2UnifiedMode() {
+		return "", "", errUnified
+	}
+
+	mi, err := readCgroupMountinfo()
+	if err != nil {
+		return "", "", err
+	}
+
+	return findCgroupMountpointAndRootFromMI(mi, cgroupPath, subsystem)
+}
+
+func findCgroupMountpointAndRootFromMI(mounts []*mountinfo.Info, cgroupPath, subsystem string) (string, string, error) {
+	for _, mi := range mounts {
+		if strings.HasPrefix(mi.Mountpoint, cgroupPath) {
+			for _, opt := range strings.Split(mi.VFSOptions, ",") {
+				if opt == subsystem {
+					return mi.Mountpoint, mi.Root, nil
+				}
+			}
+		}
+	}
+
+	return "", "", NewNotFoundError(subsystem)
+}
+
+func (m Mount) GetOwnCgroup(cgroups map[string]string) (string, error) {
+	if len(m.Subsystems) == 0 {
+		return "", fmt.Errorf("no subsystem for mount")
+	}
+
+	return getControllerPath(m.Subsystems[0], cgroups)
+}
+
+func getCgroupMountsHelper(ss map[string]bool, mounts []*mountinfo.Info, all bool) ([]Mount, error) {
+	res := make([]Mount, 0, len(ss))
+	numFound := 0
+	for _, mi := range mounts {
+		m := Mount{
+			Mountpoint: mi.Mountpoint,
+			Root:       mi.Root,
+		}
+		for _, opt := range strings.Split(mi.VFSOptions, ",") {
+			seen, known := ss[opt]
+			if !known || (!all && seen) {
+				continue
+			}
+			ss[opt] = true
+			opt = strings.TrimPrefix(opt, CgroupNamePrefix)
+			m.Subsystems = append(m.Subsystems, opt)
+			numFound++
+		}
+		if len(m.Subsystems) > 0 || all {
+			res = append(res, m)
+		}
+		if !all && numFound >= len(ss) {
+			break
+		}
+	}
+	return res, nil
+}
+
+func getCgroupMountsV1(all bool) ([]Mount, error) {
+	mi, err := readCgroupMountinfo()
+	if err != nil {
+		return nil, err
+	}
+
+	allSubsystems, err := ParseCgroupFile("/proc/self/cgroup")
+	if err != nil {
+		return nil, err
+	}
+
+	allMap := make(map[string]bool)
+	for s := range allSubsystems {
+		allMap[s] = false
+	}
+
+	return getCgroupMountsHelper(allMap, mi, all)
+}
+
+// GetOwnCgroup returns the relative path to the cgroup docker is running in.
+func GetOwnCgroup(subsystem string) (string, error) {
+	if IsCgroup2UnifiedMode() {
+		return "", errUnified
+	}
+	cgroups, err := ParseCgroupFile("/proc/self/cgroup")
+	if err != nil {
+		return "", err
+	}
+
+	return getControllerPath(subsystem, cgroups)
+}
+
+func GetOwnCgroupPath(subsystem string) (string, error) {
+	cgroup, err := GetOwnCgroup(subsystem)
+	if err != nil {
+		return "", err
+	}
+
+	return getCgroupPathHelper(subsystem, cgroup)
+}
+
+func GetInitCgroup(subsystem string) (string, error) {
+	if IsCgroup2UnifiedMode() {
+		return "", errUnified
+	}
+	cgroups, err := ParseCgroupFile("/proc/1/cgroup")
+	if err != nil {
+		return "", err
+	}
+
+	return getControllerPath(subsystem, cgroups)
+}
+
+func GetInitCgroupPath(subsystem string) (string, error) {
+	cgroup, err := GetInitCgroup(subsystem)
+	if err != nil {
+		return "", err
+	}
+
+	return getCgroupPathHelper(subsystem, cgroup)
+}
+
+func getCgroupPathHelper(subsystem, cgroup string) (string, error) {
+	mnt, root, err := FindCgroupMountpointAndRoot("", subsystem)
+	if err != nil {
+		return "", err
+	}
+
+	// This is needed for nested containers, because in /proc/self/cgroup we
+	// see paths from host, which don't exist in container.
+	relCgroup, err := filepath.Rel(root, cgroup)
+	if err != nil {
+		return "", err
+	}
+
+	return filepath.Join(mnt, relCgroup), nil
+}
+
+func getControllerPath(subsystem string, cgroups map[string]string) (string, error) {
+	if IsCgroup2UnifiedMode() {
+		return "", errUnified
+	}
+
+	if p, ok := cgroups[subsystem]; ok {
+		return p, nil
+	}
+
+	if p, ok := cgroups[CgroupNamePrefix+subsystem]; ok {
+		return p, nil
+	}
+
+	return "", NewNotFoundError(subsystem)
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/blkio_device.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/blkio_device.go
index e0f3ca16533e9..fa195bf90f8f8 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/blkio_device.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/blkio_device.go
@@ -59,3 +59,8 @@ func NewThrottleDevice(major, minor int64, rate uint64) *ThrottleDevice {
 func (td *ThrottleDevice) String() string {
 	return fmt.Sprintf("%d:%d %d", td.Major, td.Minor, td.Rate)
 }
+
+// StringName formats the struct to be writable to the cgroup specific file
+func (td *ThrottleDevice) StringName(name string) string {
+	return fmt.Sprintf("%d:%d %s=%d", td.Major, td.Minor, name, td.Rate)
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go
index e15a662f52288..5ea9d940cef6d 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go
@@ -1,5 +1,10 @@
 package configs
 
+import (
+	systemdDbus "github.com/coreos/go-systemd/v22/dbus"
+	"github.com/opencontainers/runc/libcontainer/devices"
+)
+
 type FreezerState string
 
 const (
@@ -8,12 +13,12 @@ const (
 	Thawed    FreezerState = "THAWED"
 )
 
+// Cgroup holds properties of a cgroup on Linux.
 type Cgroup struct {
-	// Deprecated, use Path instead
+	// Name specifies the name of the cgroup
 	Name string `json:"name,omitempty"`
 
-	// name of parent of cgroup or slice
-	// Deprecated, use Path instead
+	// Parent specifies the name of parent of cgroup or slice
 	Parent string `json:"parent,omitempty"`
 
 	// Path specifies the path to cgroups that are created and/or joined by the container.
@@ -29,18 +34,16 @@ type Cgroup struct {
 
 	// Resources contains various cgroups settings to apply
 	*Resources
+
+	// SystemdProps are any additional properties for systemd,
+	// derived from org.systemd.property.xxx annotations.
+	// Ignored unless systemd is used for managing cgroups.
+	SystemdProps []systemdDbus.Property `json:"-"`
 }
 
 type Resources struct {
-	// If this is true allow access to any kind of device within the container.  If false, allow access only to devices explicitly listed in the allowed_devices list.
-	// Deprecated
-	AllowAllDevices *bool `json:"allow_all_devices,omitempty"`
-	// Deprecated
-	AllowedDevices []*Device `json:"allowed_devices,omitempty"`
-	// Deprecated
-	DeniedDevices []*Device `json:"denied_devices,omitempty"`
-
-	Devices []*Device `json:"devices"`
+	// Devices is the set of access rules for devices in the container.
+	Devices []*devices.Rule `json:"devices"`
 
 	// Memory limit (in bytes)
 	Memory int64 `json:"memory"`
@@ -51,12 +54,6 @@ type Resources struct {
 	// Total memory usage (memory + swap); set `-1` to enable unlimited swap
 	MemorySwap int64 `json:"memory_swap"`
 
-	// Kernel memory limit (in bytes)
-	KernelMemory int64 `json:"kernel_memory"`
-
-	// Kernel memory limit for TCP use (in bytes)
-	KernelMemoryTCP int64 `json:"kernel_memory_tcp"`
-
 	// CPU shares (relative weight vs. other containers)
 	CpuShares uint64 `json:"cpu_shares"`
 
@@ -119,4 +116,31 @@ type Resources struct {
 
 	// Set class identifier for container's network packets
 	NetClsClassid uint32 `json:"net_cls_classid_u"`
+
+	// Used on cgroups v2:
+
+	// CpuWeight sets a proportional bandwidth limit.
+	CpuWeight uint64 `json:"cpu_weight"`
+
+	// Unified is cgroupv2-only key-value map.
+	Unified map[string]string `json:"unified"`
+
+	// SkipDevices allows to skip configuring device permissions.
+	// Used by e.g. kubelet while creating a parent cgroup (kubepods)
+	// common for many containers, and by runc update.
+	//
+	// NOTE it is impossible to start a container which has this flag set.
+	SkipDevices bool `json:"-"`
+
+	// SkipFreezeOnSet is a flag for cgroup manager to skip the cgroup
+	// freeze when setting resources. Only applicable to systemd legacy
+	// (i.e. cgroup v1) manager (which uses freeze by default to avoid
+	// spurious permission errors caused by systemd inability to update
+	// device rules in a non-disruptive manner).
+	//
+	// If not set, a few methods (such as looking into cgroup's
+	// devices.list and querying the systemd unit properties) are used
+	// during Set() to figure out whether the freeze is required. Those
+	// methods may be relatively slow, thus this flag.
+	SkipFreezeOnSet bool `json:"-"`
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unsupported.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unsupported.go
new file mode 100644
index 0000000000000..2a519f582d2ac
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unsupported.go
@@ -0,0 +1,8 @@
+// +build !linux
+
+package configs
+
+// Cgroup holds properties of a cgroup on Linux
+// TODO Windows: This can ultimately be entirely factored out on Windows as
+// cgroups are a Unix-specific construct.
+type Cgroup struct{}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_windows.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_windows.go
deleted file mode 100644
index d74847b0db831..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_windows.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package configs
-
-// TODO Windows: This can ultimately be entirely factored out on Windows as
-// cgroups are a Unix-specific construct.
-type Cgroup struct {
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go
index b1c4762fe20c7..4281593f0b757 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go
@@ -7,8 +7,9 @@ import (
 	"os/exec"
 	"time"
 
+	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runtime-spec/specs-go"
-
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
@@ -30,9 +31,10 @@ type IDMap struct {
 // for syscalls. Additional architectures can be added by specifying them in
 // Architectures.
 type Seccomp struct {
-	DefaultAction Action     `json:"default_action"`
-	Architectures []string   `json:"architectures"`
-	Syscalls      []*Syscall `json:"syscalls"`
+	DefaultAction   Action     `json:"default_action"`
+	Architectures   []string   `json:"architectures"`
+	Syscalls        []*Syscall `json:"syscalls"`
+	DefaultErrnoRet *uint      `json:"default_errno_ret"`
 }
 
 // Action is taken upon rule match in Seccomp
@@ -44,6 +46,7 @@ const (
 	Trap
 	Allow
 	Trace
+	Log
 )
 
 // Operator is a comparison operator to be used when matching syscall arguments in Seccomp
@@ -69,9 +72,10 @@ type Arg struct {
 
 // Syscall is a rule to match a syscall in Seccomp
 type Syscall struct {
-	Name   string `json:"name"`
-	Action Action `json:"action"`
-	Args   []*Arg `json:"args"`
+	Name     string `json:"name"`
+	Action   Action `json:"action"`
+	ErrnoRet *uint  `json:"errnoRet"`
+	Args     []*Arg `json:"args"`
 }
 
 // TODO Windows. Many of these fields should be factored out into those parts
@@ -90,6 +94,9 @@ type Config struct {
 	// Path to a directory containing the container's root filesystem.
 	Rootfs string `json:"rootfs"`
 
+	// Umask is the umask to use inside of the container.
+	Umask *uint32 `json:"umask"`
+
 	// Readonlyfs will remount the container's rootfs as readonly where only externally mounted
 	// bind mounts are writtable.
 	Readonlyfs bool `json:"readonlyfs"`
@@ -102,7 +109,7 @@ type Config struct {
 	Mounts []*Mount `json:"mounts"`
 
 	// The device nodes that should be automatically created within the container upon container start.  Note, make sure that the node is marked as allowed in the cgroup as well!
-	Devices []*Device `json:"devices"`
+	Devices []*devices.Device `json:"devices"`
 
 	MountLabel string `json:"mount_label"`
 
@@ -174,7 +181,7 @@ type Config struct {
 
 	// Hooks are a collection of actions to perform at various container lifecycle events.
 	// CommandHooks are serialized to JSON, but other hooks are not.
-	Hooks *Hooks
+	Hooks Hooks
 
 	// Version is the version of opencontainer specification that is supported.
 	Version string `json:"version"`
@@ -186,25 +193,58 @@ type Config struct {
 	// callers keyring in this case.
 	NoNewKeyring bool `json:"no_new_keyring"`
 
-	// Rootless specifies whether the container is a rootless container.
-	Rootless bool `json:"rootless"`
-
-	// IntelRdt specifies settings for Intel RDT/CAT group that the container is placed into
-	// to limit the resources (e.g., L3 cache) the container has available
+	// IntelRdt specifies settings for Intel RDT group that the container is placed into
+	// to limit the resources (e.g., L3 cache, memory bandwidth) the container has available
 	IntelRdt *IntelRdt `json:"intel_rdt,omitempty"`
+
+	// RootlessEUID is set when the runc was launched with non-zero EUID.
+	// Note that RootlessEUID is set to false when launched with EUID=0 in userns.
+	// When RootlessEUID is set, runc creates a new userns for the container.
+	// (config.json needs to contain userns settings)
+	RootlessEUID bool `json:"rootless_euid,omitempty"`
+
+	// RootlessCgroups is set when unlikely to have the full access to cgroups.
+	// When RootlessCgroups is set, cgroups errors are ignored.
+	RootlessCgroups bool `json:"rootless_cgroups,omitempty"`
 }
 
-type Hooks struct {
+type (
+	HookName string
+	HookList []Hook
+	Hooks    map[HookName]HookList
+)
+
+const (
 	// Prestart commands are executed after the container namespaces are created,
 	// but before the user supplied command is executed from init.
-	Prestart []Hook
+	// Note: This hook is now deprecated
+	// Prestart commands are called in the Runtime namespace.
+	Prestart HookName = "prestart"
+
+	// CreateRuntime commands MUST be called as part of the create operation after
+	// the runtime environment has been created but before the pivot_root has been executed.
+	// CreateRuntime is called immediately after the deprecated Prestart hook.
+	// CreateRuntime commands are called in the Runtime Namespace.
+	CreateRuntime HookName = "createRuntime"
+
+	// CreateContainer commands MUST be called as part of the create operation after
+	// the runtime environment has been created but before the pivot_root has been executed.
+	// CreateContainer commands are called in the Container namespace.
+	CreateContainer HookName = "createContainer"
+
+	// StartContainer commands MUST be called as part of the start operation and before
+	// the container process is started.
+	// StartContainer commands are called in the Container namespace.
+	StartContainer HookName = "startContainer"
 
 	// Poststart commands are executed after the container init process starts.
-	Poststart []Hook
+	// Poststart commands are called in the Runtime Namespace.
+	Poststart HookName = "poststart"
 
 	// Poststop commands are executed after the container init process exits.
-	Poststop []Hook
-}
+	// Poststop commands are called in the Runtime Namespace.
+	Poststop HookName = "poststop"
+)
 
 type Capabilities struct {
 	// Bounding is the set of capabilities checked by the kernel.
@@ -219,32 +259,39 @@ type Capabilities struct {
 	Ambient []string
 }
 
-func (hooks *Hooks) UnmarshalJSON(b []byte) error {
-	var state struct {
-		Prestart  []CommandHook
-		Poststart []CommandHook
-		Poststop  []CommandHook
+func (hooks HookList) RunHooks(state *specs.State) error {
+	for i, h := range hooks {
+		if err := h.Run(state); err != nil {
+			return errors.Wrapf(err, "Running hook #%d:", i)
+		}
 	}
 
+	return nil
+}
+
+func (hooks *Hooks) UnmarshalJSON(b []byte) error {
+	var state map[HookName][]CommandHook
+
 	if err := json.Unmarshal(b, &state); err != nil {
 		return err
 	}
 
-	deserialize := func(shooks []CommandHook) (hooks []Hook) {
-		for _, shook := range shooks {
-			hooks = append(hooks, shook)
+	*hooks = Hooks{}
+	for n, commandHooks := range state {
+		if len(commandHooks) == 0 {
+			continue
 		}
 
-		return hooks
+		(*hooks)[n] = HookList{}
+		for _, h := range commandHooks {
+			(*hooks)[n] = append((*hooks)[n], h)
+		}
 	}
 
-	hooks.Prestart = deserialize(state.Prestart)
-	hooks.Poststart = deserialize(state.Poststart)
-	hooks.Poststop = deserialize(state.Poststop)
 	return nil
 }
 
-func (hooks Hooks) MarshalJSON() ([]byte, error) {
+func (hooks *Hooks) MarshalJSON() ([]byte, error) {
 	serialize := func(hooks []Hook) (serializableHooks []CommandHook) {
 		for _, hook := range hooks {
 			switch chook := hook.(type) {
@@ -259,32 +306,32 @@ func (hooks Hooks) MarshalJSON() ([]byte, error) {
 	}
 
 	return json.Marshal(map[string]interface{}{
-		"prestart":  serialize(hooks.Prestart),
-		"poststart": serialize(hooks.Poststart),
-		"poststop":  serialize(hooks.Poststop),
+		"prestart":        serialize((*hooks)[Prestart]),
+		"createRuntime":   serialize((*hooks)[CreateRuntime]),
+		"createContainer": serialize((*hooks)[CreateContainer]),
+		"startContainer":  serialize((*hooks)[StartContainer]),
+		"poststart":       serialize((*hooks)[Poststart]),
+		"poststop":        serialize((*hooks)[Poststop]),
 	})
 }
 
-// HookState is the payload provided to a hook on execution.
-type HookState specs.State
-
 type Hook interface {
 	// Run executes the hook with the provided state.
-	Run(HookState) error
+	Run(*specs.State) error
 }
 
 // NewFunctionHook will call the provided function when the hook is run.
-func NewFunctionHook(f func(HookState) error) FuncHook {
+func NewFunctionHook(f func(*specs.State) error) FuncHook {
 	return FuncHook{
 		run: f,
 	}
 }
 
 type FuncHook struct {
-	run func(HookState) error
+	run func(*specs.State) error
 }
 
-func (f FuncHook) Run(s HookState) error {
+func (f FuncHook) Run(s *specs.State) error {
 	return f.run(s)
 }
 
@@ -307,7 +354,7 @@ type CommandHook struct {
 	Command
 }
 
-func (c Command) Run(s HookState) error {
+func (c Command) Run(s *specs.State) error {
 	b, err := json.Marshal(s)
 	if err != nil {
 		return err
@@ -342,8 +389,8 @@ func (c Command) Run(s HookState) error {
 	case err := <-errC:
 		return err
 	case <-timerCh:
-		cmd.Process.Kill()
-		cmd.Wait()
+		_ = cmd.Process.Kill()
+		<-errC
 		return fmt.Errorf("hook ran past specified timeout of %.1fs", c.Timeout.Seconds())
 	}
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/configs_fuzzer.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/configs_fuzzer.go
new file mode 100644
index 0000000000000..93bf41c8defc8
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/configs_fuzzer.go
@@ -0,0 +1,9 @@
+// +build gofuzz
+
+package configs
+
+func FuzzUnmarshalJSON(data []byte) int {
+	hooks := Hooks{}
+	_ = hooks.UnmarshalJSON(data)
+	return 1
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/device.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/device.go
deleted file mode 100644
index 8701bb212d7ba..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/device.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package configs
-
-import (
-	"fmt"
-	"os"
-)
-
-const (
-	Wildcard = -1
-)
-
-// TODO Windows: This can be factored out in the future
-
-type Device struct {
-	// Device type, block, char, etc.
-	Type rune `json:"type"`
-
-	// Path to the device.
-	Path string `json:"path"`
-
-	// Major is the device's major number.
-	Major int64 `json:"major"`
-
-	// Minor is the device's minor number.
-	Minor int64 `json:"minor"`
-
-	// Cgroup permissions format, rwm.
-	Permissions string `json:"permissions"`
-
-	// FileMode permission bits for the device.
-	FileMode os.FileMode `json:"file_mode"`
-
-	// Uid of the device.
-	Uid uint32 `json:"uid"`
-
-	// Gid of the device.
-	Gid uint32 `json:"gid"`
-
-	// Write the file to the allowed list
-	Allow bool `json:"allow"`
-}
-
-func (d *Device) CgroupString() string {
-	return fmt.Sprintf("%c %s:%s %s", d.Type, deviceNumberString(d.Major), deviceNumberString(d.Minor), d.Permissions)
-}
-
-func (d *Device) Mkdev() int {
-	return int((d.Major << 8) | (d.Minor & 0xff) | ((d.Minor & 0xfff00) << 12))
-}
-
-// deviceNumberString converts the device number to a string return result.
-func deviceNumberString(number int64) string {
-	if number == Wildcard {
-		return "*"
-	}
-	return fmt.Sprint(number)
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/device_defaults.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/device_defaults.go
deleted file mode 100644
index e4f423c523ff4..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/device_defaults.go
+++ /dev/null
@@ -1,111 +0,0 @@
-// +build linux
-
-package configs
-
-var (
-	// DefaultSimpleDevices are devices that are to be both allowed and created.
-	DefaultSimpleDevices = []*Device{
-		// /dev/null and zero
-		{
-			Path:        "/dev/null",
-			Type:        'c',
-			Major:       1,
-			Minor:       3,
-			Permissions: "rwm",
-			FileMode:    0666,
-		},
-		{
-			Path:        "/dev/zero",
-			Type:        'c',
-			Major:       1,
-			Minor:       5,
-			Permissions: "rwm",
-			FileMode:    0666,
-		},
-
-		{
-			Path:        "/dev/full",
-			Type:        'c',
-			Major:       1,
-			Minor:       7,
-			Permissions: "rwm",
-			FileMode:    0666,
-		},
-
-		// consoles and ttys
-		{
-			Path:        "/dev/tty",
-			Type:        'c',
-			Major:       5,
-			Minor:       0,
-			Permissions: "rwm",
-			FileMode:    0666,
-		},
-
-		// /dev/urandom,/dev/random
-		{
-			Path:        "/dev/urandom",
-			Type:        'c',
-			Major:       1,
-			Minor:       9,
-			Permissions: "rwm",
-			FileMode:    0666,
-		},
-		{
-			Path:        "/dev/random",
-			Type:        'c',
-			Major:       1,
-			Minor:       8,
-			Permissions: "rwm",
-			FileMode:    0666,
-		},
-	}
-	DefaultAllowedDevices = append([]*Device{
-		// allow mknod for any device
-		{
-			Type:        'c',
-			Major:       Wildcard,
-			Minor:       Wildcard,
-			Permissions: "m",
-		},
-		{
-			Type:        'b',
-			Major:       Wildcard,
-			Minor:       Wildcard,
-			Permissions: "m",
-		},
-
-		{
-			Path:        "/dev/console",
-			Type:        'c',
-			Major:       5,
-			Minor:       1,
-			Permissions: "rwm",
-		},
-		// /dev/pts/ - pts namespaces are "coming soon"
-		{
-			Path:        "",
-			Type:        'c',
-			Major:       136,
-			Minor:       Wildcard,
-			Permissions: "rwm",
-		},
-		{
-			Path:        "",
-			Type:        'c',
-			Major:       5,
-			Minor:       2,
-			Permissions: "rwm",
-		},
-
-		// tuntap
-		{
-			Path:        "",
-			Type:        'c',
-			Major:       10,
-			Minor:       200,
-			Permissions: "rwm",
-		},
-	}, DefaultSimpleDevices...)
-	DefaultAutoCreatedDevices = append([]*Device{}, DefaultSimpleDevices...)
-)
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/intelrdt.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/intelrdt.go
index 36bd5f96a112b..57e9f037d9797 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/intelrdt.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/intelrdt.go
@@ -4,4 +4,10 @@ type IntelRdt struct {
 	// The schema for L3 cache id and capacity bitmask (CBM)
 	// Format: "L3:<cache_id0>=<cbm0>;<cache_id1>=<cbm1>;..."
 	L3CacheSchema string `json:"l3_cache_schema,omitempty"`
+
+	// The schema of memory bandwidth per L3 cache id
+	// Format: "MB:<cache_id0>=bandwidth0;<cache_id1>=bandwidth1;..."
+	// The unit of memory bandwidth is specified in "percentages" by
+	// default, and in "MBps" if MBA Software Controller is enabled.
+	MemBwSchema string `json:"memBwSchema,omitempty"`
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/mount.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/mount.go
index 670757ddb5f44..a75ff10ec9dd0 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/mount.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/mount.go
@@ -3,7 +3,7 @@ package configs
 const (
 	// EXT_COPYUP is a directive to copy up the contents of a directory when
 	// a tmpfs is mounted over it.
-	EXT_COPYUP = 1 << iota
+	EXT_COPYUP = 1 << iota //nolint:golint // ignore "don't use ALL_CAPS" warning
 )
 
 type Mount struct {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_linux.go
index 5fc171a57b365..d52d6fcd14781 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_linux.go
@@ -7,12 +7,13 @@ import (
 )
 
 const (
-	NEWNET  NamespaceType = "NEWNET"
-	NEWPID  NamespaceType = "NEWPID"
-	NEWNS   NamespaceType = "NEWNS"
-	NEWUTS  NamespaceType = "NEWUTS"
-	NEWIPC  NamespaceType = "NEWIPC"
-	NEWUSER NamespaceType = "NEWUSER"
+	NEWNET    NamespaceType = "NEWNET"
+	NEWPID    NamespaceType = "NEWPID"
+	NEWNS     NamespaceType = "NEWNS"
+	NEWUTS    NamespaceType = "NEWUTS"
+	NEWIPC    NamespaceType = "NEWIPC"
+	NEWUSER   NamespaceType = "NEWUSER"
+	NEWCGROUP NamespaceType = "NEWCGROUP"
 )
 
 var (
@@ -35,6 +36,8 @@ func NsName(ns NamespaceType) string {
 		return "user"
 	case NEWUTS:
 		return "uts"
+	case NEWCGROUP:
+		return "cgroup"
 	}
 	return ""
 }
@@ -53,7 +56,7 @@ func IsNamespaceSupported(ns NamespaceType) bool {
 	if nsFile == "" {
 		return false
 	}
-	_, err := os.Stat(fmt.Sprintf("/proc/self/ns/%s", nsFile))
+	_, err := os.Stat("/proc/self/ns/" + nsFile)
 	// a namespace is supported if it exists and we have permissions to read it
 	supported = err == nil
 	supportedNamespaces[ns] = supported
@@ -68,6 +71,7 @@ func NamespaceTypes() []NamespaceType {
 		NEWNET,
 		NEWPID,
 		NEWNS,
+		NEWCGROUP,
 	}
 }
 
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall.go
index 4ce6813d2330f..2dc7adfc9660a 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall.go
@@ -9,12 +9,13 @@ func (n *Namespace) Syscall() int {
 }
 
 var namespaceInfo = map[NamespaceType]int{
-	NEWNET:  unix.CLONE_NEWNET,
-	NEWNS:   unix.CLONE_NEWNS,
-	NEWUSER: unix.CLONE_NEWUSER,
-	NEWIPC:  unix.CLONE_NEWIPC,
-	NEWUTS:  unix.CLONE_NEWUTS,
-	NEWPID:  unix.CLONE_NEWPID,
+	NEWNET:    unix.CLONE_NEWNET,
+	NEWNS:     unix.CLONE_NEWNS,
+	NEWUSER:   unix.CLONE_NEWUSER,
+	NEWIPC:    unix.CLONE_NEWIPC,
+	NEWUTS:    unix.CLONE_NEWUTS,
+	NEWPID:    unix.CLONE_NEWPID,
+	NEWCGROUP: unix.CLONE_NEWCGROUP,
 }
 
 // CloneFlags parses the container's Namespaces options to set the correct
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_unsupported.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_unsupported.go
index 19bf713de3a3a..cc76e2f586adc 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_unsupported.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_unsupported.go
@@ -4,5 +4,4 @@ package configs
 
 // Namespace defines configuration for each namespace.  It specifies an
 // alternate path that is able to be joined via setns.
-type Namespace struct {
-}
+type Namespace struct{}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/network.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/network.go
index ccdb228e14c85..c44c3ea71b8f7 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/network.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/network.go
@@ -50,7 +50,10 @@ type Network struct {
 	HairpinMode bool `json:"hairpin_mode"`
 }
 
-// Routes can be specified to create entries in the route table as the container is started
+// Route defines a routing table entry.
+//
+// Routes can be specified to create entries in the routing table as the container
+// is started.
 //
 // All of destination, source, and gateway should be either IPv4 or IPv6.
 // One of the three options must be present, and omitted entries will use their
@@ -58,15 +61,15 @@ type Network struct {
 // gateway to 1.2.3.4 and the interface to eth0 will set up a standard
 // destination of 0.0.0.0(or *) when viewed in the route table.
 type Route struct {
-	// Sets the destination and mask, should be a CIDR.  Accepts IPv4 and IPv6
+	// Destination specifies the destination IP address and mask in the CIDR form.
 	Destination string `json:"destination"`
 
-	// Sets the source and mask, should be a CIDR.  Accepts IPv4 and IPv6
+	// Source specifies the source IP address and mask in the CIDR form.
 	Source string `json:"source"`
 
-	// Sets the gateway.  Accepts IPv4 and IPv6
+	// Gateway specifies the gateway IP address.
 	Gateway string `json:"gateway"`
 
-	// The device to set this route up for, for example: eth0
+	// InterfaceName specifies the device to set this route up for, for example eth0.
 	InterfaceName string `json:"interface_name"`
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go
new file mode 100644
index 0000000000000..c2c2b3bb7c0b4
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go
@@ -0,0 +1,174 @@
+package devices
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+)
+
+const (
+	Wildcard = -1
+)
+
+type Device struct {
+	Rule
+
+	// Path to the device.
+	Path string `json:"path"`
+
+	// FileMode permission bits for the device.
+	FileMode os.FileMode `json:"file_mode"`
+
+	// Uid of the device.
+	Uid uint32 `json:"uid"`
+
+	// Gid of the device.
+	Gid uint32 `json:"gid"`
+}
+
+// Permissions is a cgroupv1-style string to represent device access. It
+// has to be a string for backward compatibility reasons, hence why it has
+// methods to do set operations.
+type Permissions string
+
+const (
+	deviceRead uint = (1 << iota)
+	deviceWrite
+	deviceMknod
+)
+
+func (p Permissions) toSet() uint {
+	var set uint
+	for _, perm := range p {
+		switch perm {
+		case 'r':
+			set |= deviceRead
+		case 'w':
+			set |= deviceWrite
+		case 'm':
+			set |= deviceMknod
+		}
+	}
+	return set
+}
+
+func fromSet(set uint) Permissions {
+	var perm string
+	if set&deviceRead == deviceRead {
+		perm += "r"
+	}
+	if set&deviceWrite == deviceWrite {
+		perm += "w"
+	}
+	if set&deviceMknod == deviceMknod {
+		perm += "m"
+	}
+	return Permissions(perm)
+}
+
+// Union returns the union of the two sets of Permissions.
+func (p Permissions) Union(o Permissions) Permissions {
+	lhs := p.toSet()
+	rhs := o.toSet()
+	return fromSet(lhs | rhs)
+}
+
+// Difference returns the set difference of the two sets of Permissions.
+// In set notation, A.Difference(B) gives you A\B.
+func (p Permissions) Difference(o Permissions) Permissions {
+	lhs := p.toSet()
+	rhs := o.toSet()
+	return fromSet(lhs &^ rhs)
+}
+
+// Intersection computes the intersection of the two sets of Permissions.
+func (p Permissions) Intersection(o Permissions) Permissions {
+	lhs := p.toSet()
+	rhs := o.toSet()
+	return fromSet(lhs & rhs)
+}
+
+// IsEmpty returns whether the set of permissions in a Permissions is
+// empty.
+func (p Permissions) IsEmpty() bool {
+	return p == Permissions("")
+}
+
+// IsValid returns whether the set of permissions is a subset of valid
+// permissions (namely, {r,w,m}).
+func (p Permissions) IsValid() bool {
+	return p == fromSet(p.toSet())
+}
+
+type Type rune
+
+const (
+	WildcardDevice Type = 'a'
+	BlockDevice    Type = 'b'
+	CharDevice     Type = 'c' // or 'u'
+	FifoDevice     Type = 'p'
+)
+
+func (t Type) IsValid() bool {
+	switch t {
+	case WildcardDevice, BlockDevice, CharDevice, FifoDevice:
+		return true
+	default:
+		return false
+	}
+}
+
+func (t Type) CanMknod() bool {
+	switch t {
+	case BlockDevice, CharDevice, FifoDevice:
+		return true
+	default:
+		return false
+	}
+}
+
+func (t Type) CanCgroup() bool {
+	switch t {
+	case WildcardDevice, BlockDevice, CharDevice:
+		return true
+	default:
+		return false
+	}
+}
+
+type Rule struct {
+	// Type of device ('c' for char, 'b' for block). If set to 'a', this rule
+	// acts as a wildcard and all fields other than Allow are ignored.
+	Type Type `json:"type"`
+
+	// Major is the device's major number.
+	Major int64 `json:"major"`
+
+	// Minor is the device's minor number.
+	Minor int64 `json:"minor"`
+
+	// Permissions is the set of permissions that this rule applies to (in the
+	// cgroupv1 format -- any combination of "rwm").
+	Permissions Permissions `json:"permissions"`
+
+	// Allow specifies whether this rule is allowed.
+	Allow bool `json:"allow"`
+}
+
+func (d *Rule) CgroupString() string {
+	var (
+		major = strconv.FormatInt(d.Major, 10)
+		minor = strconv.FormatInt(d.Minor, 10)
+	)
+	if d.Major == Wildcard {
+		major = "*"
+	}
+	if d.Minor == Wildcard {
+		minor = "*"
+	}
+	return fmt.Sprintf("%c %s:%s %s", d.Type, major, minor, d.Permissions)
+}
+
+func (d *Rule) Mkdev() (uint64, error) {
+	return mkDev(d)
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go
new file mode 100644
index 0000000000000..6d5b3d09df3bd
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go
@@ -0,0 +1,120 @@
+// +build !windows
+
+package devices
+
+import (
+	"errors"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"golang.org/x/sys/unix"
+)
+
+// ErrNotADevice denotes that a file is not a valid linux device.
+var ErrNotADevice = errors.New("not a device node")
+
+// Testing dependencies
+var (
+	unixLstat     = unix.Lstat
+	ioutilReadDir = ioutil.ReadDir
+)
+
+func mkDev(d *Rule) (uint64, error) {
+	if d.Major == Wildcard || d.Minor == Wildcard {
+		return 0, errors.New("cannot mkdev() device with wildcards")
+	}
+	return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil
+}
+
+// DeviceFromPath takes the path to a device and its cgroup_permissions (which
+// cannot be easily queried) to look up the information about a linux device
+// and returns that information as a Device struct.
+func DeviceFromPath(path, permissions string) (*Device, error) {
+	var stat unix.Stat_t
+	err := unixLstat(path, &stat)
+	if err != nil {
+		return nil, err
+	}
+
+	var (
+		devType   Type
+		mode      = stat.Mode
+		devNumber = uint64(stat.Rdev)
+		major     = unix.Major(devNumber)
+		minor     = unix.Minor(devNumber)
+	)
+	switch mode & unix.S_IFMT {
+	case unix.S_IFBLK:
+		devType = BlockDevice
+	case unix.S_IFCHR:
+		devType = CharDevice
+	case unix.S_IFIFO:
+		devType = FifoDevice
+	default:
+		return nil, ErrNotADevice
+	}
+	return &Device{
+		Rule: Rule{
+			Type:        devType,
+			Major:       int64(major),
+			Minor:       int64(minor),
+			Permissions: Permissions(permissions),
+		},
+		Path:     path,
+		FileMode: os.FileMode(mode &^ unix.S_IFMT),
+		Uid:      stat.Uid,
+		Gid:      stat.Gid,
+	}, nil
+}
+
+// HostDevices returns all devices that can be found under /dev directory.
+func HostDevices() ([]*Device, error) {
+	return GetDevices("/dev")
+}
+
+// GetDevices recursively traverses a directory specified by path
+// and returns all devices found there.
+func GetDevices(path string) ([]*Device, error) {
+	files, err := ioutilReadDir(path)
+	if err != nil {
+		return nil, err
+	}
+	var out []*Device
+	for _, f := range files {
+		switch {
+		case f.IsDir():
+			switch f.Name() {
+			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
+			// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
+			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
+				continue
+			default:
+				sub, err := GetDevices(filepath.Join(path, f.Name()))
+				if err != nil {
+					return nil, err
+				}
+
+				out = append(out, sub...)
+				continue
+			}
+		case f.Name() == "console":
+			continue
+		}
+		device, err := DeviceFromPath(filepath.Join(path, f.Name()), "rwm")
+		if err != nil {
+			if err == ErrNotADevice {
+				continue
+			}
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, err
+		}
+		if device.Type == FifoDevice {
+			continue
+		}
+		out = append(out, device)
+	}
+	return out, nil
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go
deleted file mode 100644
index 5e2ab0581e2fb..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package devices
-
-import (
-	"errors"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-
-	"golang.org/x/sys/unix"
-)
-
-var (
-	ErrNotADevice = errors.New("not a device node")
-)
-
-// Testing dependencies
-var (
-	unixLstat     = unix.Lstat
-	ioutilReadDir = ioutil.ReadDir
-)
-
-// Given the path to a device and its cgroup_permissions(which cannot be easily queried) look up the information about a linux device and return that information as a Device struct.
-func DeviceFromPath(path, permissions string) (*configs.Device, error) {
-	var stat unix.Stat_t
-	err := unixLstat(path, &stat)
-	if err != nil {
-		return nil, err
-	}
-
-	var (
-		devNumber = uint64(stat.Rdev)
-		major     = unix.Major(devNumber)
-		minor     = unix.Minor(devNumber)
-	)
-	if major == 0 {
-		return nil, ErrNotADevice
-	}
-
-	var (
-		devType rune
-		mode    = stat.Mode
-	)
-	switch {
-	case mode&unix.S_IFBLK == unix.S_IFBLK:
-		devType = 'b'
-	case mode&unix.S_IFCHR == unix.S_IFCHR:
-		devType = 'c'
-	}
-	return &configs.Device{
-		Type:        devType,
-		Path:        path,
-		Major:       int64(major),
-		Minor:       int64(minor),
-		Permissions: permissions,
-		FileMode:    os.FileMode(mode),
-		Uid:         stat.Uid,
-		Gid:         stat.Gid,
-	}, nil
-}
-
-func HostDevices() ([]*configs.Device, error) {
-	return getDevices("/dev")
-}
-
-func getDevices(path string) ([]*configs.Device, error) {
-	files, err := ioutilReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-	out := []*configs.Device{}
-	for _, f := range files {
-		switch {
-		case f.IsDir():
-			switch f.Name() {
-			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
-			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts":
-				continue
-			default:
-				sub, err := getDevices(filepath.Join(path, f.Name()))
-				if err != nil {
-					return nil, err
-				}
-
-				out = append(out, sub...)
-				continue
-			}
-		case f.Name() == "console":
-			continue
-		}
-		device, err := DeviceFromPath(filepath.Join(path, f.Name()), "rwm")
-		if err != nil {
-			if err == ErrNotADevice {
-				continue
-			}
-			if os.IsNotExist(err) {
-				continue
-			}
-			return nil, err
-		}
-		out = append(out, device)
-	}
-	return out, nil
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/cloned_binary.c b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/cloned_binary.c
new file mode 100644
index 0000000000000..4268ebda9e07a
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/cloned_binary.c
@@ -0,0 +1,564 @@
+// SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later
+/*
+ * Copyright (C) 2019 Aleksa Sarai <cyphar@cyphar.com>
+ * Copyright (C) 2019 SUSE LLC
+ *
+ * This work is dual licensed under the following licenses. You may use,
+ * redistribute, and/or modify the work under the conditions of either (or
+ * both) licenses.
+ *
+ * === Apache-2.0 ===
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * === LGPL-2.1-or-later ===
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <https://www.gnu.org/licenses/>.
+ *
+ */
+
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <string.h>
+#include <limits.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/statfs.h>
+#include <sys/vfs.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/sendfile.h>
+#include <sys/syscall.h>
+
+/* Use our own wrapper for memfd_create. */
+#ifndef SYS_memfd_create
+#  ifdef __NR_memfd_create
+#    define SYS_memfd_create __NR_memfd_create
+#  else
+/* These values come from <https://fedora.juszkiewicz.com.pl/syscalls.html>. */
+#    warning "libc is outdated -- using hard-coded SYS_memfd_create"
+#    if defined(__x86_64__)
+#      define SYS_memfd_create 319
+#    elif defined(__i386__)
+#      define SYS_memfd_create 356
+#    elif defined(__ia64__)
+#      define SYS_memfd_create 1340
+#    elif defined(__arm__)
+#      define SYS_memfd_create 385
+#    elif defined(__aarch64__)
+#      define SYS_memfd_create 279
+#    elif defined(__ppc__) || defined(__PPC64__) || defined(__powerpc64__)
+#      define SYS_memfd_create 360
+#    elif defined(__s390__) || defined(__s390x__)
+#      define SYS_memfd_create 350
+#    else
+#      warning "unknown architecture -- cannot hard-code SYS_memfd_create"
+#    endif
+#  endif
+#endif
+
+/* memfd_create(2) flags -- copied from <linux/memfd.h>. */
+#ifndef MFD_CLOEXEC
+#  define MFD_CLOEXEC       0x0001U
+#  define MFD_ALLOW_SEALING 0x0002U
+#endif
+
+int memfd_create(const char *name, unsigned int flags)
+{
+#ifdef SYS_memfd_create
+	return syscall(SYS_memfd_create, name, flags);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+/* This comes directly from <linux/fcntl.h>. */
+#ifndef F_LINUX_SPECIFIC_BASE
+#  define F_LINUX_SPECIFIC_BASE 1024
+#endif
+#ifndef F_ADD_SEALS
+#  define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
+#  define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
+#endif
+#ifndef F_SEAL_SEAL
+#  define F_SEAL_SEAL   0x0001	/* prevent further seals from being set */
+#  define F_SEAL_SHRINK 0x0002	/* prevent file from shrinking */
+#  define F_SEAL_GROW   0x0004	/* prevent file from growing */
+#  define F_SEAL_WRITE  0x0008	/* prevent writes */
+#endif
+
+#define CLONED_BINARY_ENV "_LIBCONTAINER_CLONED_BINARY"
+#define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe"
+#define RUNC_MEMFD_SEALS \
+	(F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)
+
+static void *must_realloc(void *ptr, size_t size)
+{
+	void *old = ptr;
+	do {
+		ptr = realloc(old, size);
+	} while (!ptr);
+	return ptr;
+}
+
+/*
+ * Verify whether we are currently in a self-cloned program (namely, is
+ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather
+ * for shmem files), and we want to be sure it's actually sealed.
+ */
+static int is_self_cloned(void)
+{
+	int fd, ret, is_cloned = 0;
+	struct stat statbuf = { };
+	struct statfs fsbuf = { };
+
+	fd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
+	if (fd < 0) {
+		fprintf(stderr, "you have no read access to runc binary file\n");
+		return -ENOTRECOVERABLE;
+	}
+
+	/*
+	 * Is the binary a fully-sealed memfd? We don't need CLONED_BINARY_ENV for
+	 * this, because you cannot write to a sealed memfd no matter what (so
+	 * sharing it isn't a bad thing -- and an admin could bind-mount a sealed
+	 * memfd to /usr/bin/runc to allow re-use).
+	 */
+	ret = fcntl(fd, F_GET_SEALS);
+	if (ret >= 0) {
+		is_cloned = (ret == RUNC_MEMFD_SEALS);
+		goto out;
+	}
+
+	/*
+	 * All other forms require CLONED_BINARY_ENV, since they are potentially
+	 * writeable (or we can't tell if they're fully safe) and thus we must
+	 * check the environment as an extra layer of defence.
+	 */
+	if (!getenv(CLONED_BINARY_ENV)) {
+		is_cloned = false;
+		goto out;
+	}
+
+	/*
+	 * Is the binary on a read-only filesystem? We can't detect bind-mounts in
+	 * particular (in-kernel they are identical to regular mounts) but we can
+	 * at least be sure that it's read-only. In addition, to make sure that
+	 * it's *our* bind-mount we check CLONED_BINARY_ENV.
+	 */
+	if (fstatfs(fd, &fsbuf) >= 0)
+		is_cloned |= (fsbuf.f_flags & MS_RDONLY);
+
+	/*
+	 * Okay, we're a tmpfile -- or we're currently running on RHEL <=7.6
+	 * which appears to have a borked backport of F_GET_SEALS. Either way,
+	 * having a file which has no hardlinks indicates that we aren't using
+	 * a host-side "runc" binary and this is something that a container
+	 * cannot fake (because unlinking requires being able to resolve the
+	 * path that you want to unlink).
+	 */
+	if (fstat(fd, &statbuf) >= 0)
+		is_cloned |= (statbuf.st_nlink == 0);
+
+out:
+	close(fd);
+	return is_cloned;
+}
+
+/* Read a given file into a new buffer, and providing the length. */
+static char *read_file(char *path, size_t *length)
+{
+	int fd;
+	char buf[4096], *copy = NULL;
+
+	if (!length)
+		return NULL;
+
+	fd = open(path, O_RDONLY | O_CLOEXEC);
+	if (fd < 0)
+		return NULL;
+
+	*length = 0;
+	for (;;) {
+		ssize_t n;
+
+		n = read(fd, buf, sizeof(buf));
+		if (n < 0)
+			goto error;
+		if (!n)
+			break;
+
+		copy = must_realloc(copy, (*length + n) * sizeof(*copy));
+		memcpy(copy + *length, buf, n);
+		*length += n;
+	}
+	close(fd);
+	return copy;
+
+error:
+	close(fd);
+	free(copy);
+	return NULL;
+}
+
+/*
+ * A poor-man's version of "xargs -0". Basically parses a given block of
+ * NUL-delimited data, within the given length and adds a pointer to each entry
+ * to the array of pointers.
+ */
+static int parse_xargs(char *data, int data_length, char ***output)
+{
+	int num = 0;
+	char *cur = data;
+
+	if (!data || *output != NULL)
+		return -1;
+
+	while (cur < data + data_length) {
+		num++;
+		*output = must_realloc(*output, (num + 1) * sizeof(**output));
+		(*output)[num - 1] = cur;
+		cur += strlen(cur) + 1;
+	}
+	(*output)[num] = NULL;
+	return num;
+}
+
+/*
+ * "Parse" out argv from /proc/self/cmdline.
+ * This is necessary because we are running in a context where we don't have a
+ * main() that we can just get the arguments from.
+ */
+static int fetchve(char ***argv)
+{
+	char *cmdline = NULL;
+	size_t cmdline_size;
+
+	cmdline = read_file("/proc/self/cmdline", &cmdline_size);
+	if (!cmdline)
+		goto error;
+
+	if (parse_xargs(cmdline, cmdline_size, argv) <= 0)
+		goto error;
+
+	return 0;
+
+error:
+	free(cmdline);
+	return -EINVAL;
+}
+
+enum {
+	EFD_NONE = 0,
+	EFD_MEMFD,
+	EFD_FILE,
+};
+
+/*
+ * This comes from <linux/fcntl.h>. We can't hard-code __O_TMPFILE because it
+ * changes depending on the architecture. If we don't have O_TMPFILE we always
+ * have the mkostemp(3) fallback.
+ */
+#ifndef O_TMPFILE
+#  if defined(__O_TMPFILE) && defined(O_DIRECTORY)
+#    define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
+#  endif
+#endif
+
+static int make_execfd(int *fdtype)
+{
+	int fd = -1;
+	char template[PATH_MAX] = { 0 };
+	char *prefix = getenv("_LIBCONTAINER_STATEDIR");
+
+	if (!prefix || *prefix != '/')
+		prefix = "/tmp";
+	if (snprintf(template, sizeof(template), "%s/runc.XXXXXX", prefix) < 0)
+		return -1;
+
+	/*
+	 * Now try memfd, it's much nicer than actually creating a file in STATEDIR
+	 * since it's easily detected thanks to sealing and also doesn't require
+	 * assumptions about STATEDIR.
+	 */
+	*fdtype = EFD_MEMFD;
+	fd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING);
+	if (fd >= 0)
+		return fd;
+	if (errno != ENOSYS && errno != EINVAL)
+		goto error;
+
+#ifdef O_TMPFILE
+	/*
+	 * Try O_TMPFILE to avoid races where someone might snatch our file. Note
+	 * that O_EXCL isn't actually a security measure here (since you can just
+	 * fd re-open it and clear O_EXCL).
+	 */
+	*fdtype = EFD_FILE;
+	fd = open(prefix, O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0700);
+	if (fd >= 0) {
+		struct stat statbuf = { };
+		bool working_otmpfile = false;
+
+		/*
+		 * open(2) ignores unknown O_* flags -- yeah, I was surprised when I
+		 * found this out too. As a result we can't check for EINVAL. However,
+		 * if we get nlink != 0 (or EISDIR) then we know that this kernel
+		 * doesn't support O_TMPFILE.
+		 */
+		if (fstat(fd, &statbuf) >= 0)
+			working_otmpfile = (statbuf.st_nlink == 0);
+
+		if (working_otmpfile)
+			return fd;
+
+		/* Pretend that we got EISDIR since O_TMPFILE failed. */
+		close(fd);
+		errno = EISDIR;
+	}
+	if (errno != EISDIR)
+		goto error;
+#endif /* defined(O_TMPFILE) */
+
+	/*
+	 * Our final option is to create a temporary file the old-school way, and
+	 * then unlink it so that nothing else sees it by accident.
+	 */
+	*fdtype = EFD_FILE;
+	fd = mkostemp(template, O_CLOEXEC);
+	if (fd >= 0) {
+		if (unlink(template) >= 0)
+			return fd;
+		close(fd);
+	}
+
+error:
+	*fdtype = EFD_NONE;
+	return -1;
+}
+
+static int seal_execfd(int *fd, int fdtype)
+{
+	switch (fdtype) {
+	case EFD_MEMFD:
+		return fcntl(*fd, F_ADD_SEALS, RUNC_MEMFD_SEALS);
+	case EFD_FILE:{
+			/* Need to re-open our pseudo-memfd as an O_PATH to avoid execve(2) giving -ETXTBSY. */
+			int newfd;
+			char fdpath[PATH_MAX] = { 0 };
+
+			if (fchmod(*fd, 0100) < 0)
+				return -1;
+
+			if (snprintf(fdpath, sizeof(fdpath), "/proc/self/fd/%d", *fd) < 0)
+				return -1;
+
+			newfd = open(fdpath, O_PATH | O_CLOEXEC);
+			if (newfd < 0)
+				return -1;
+
+			close(*fd);
+			*fd = newfd;
+			return 0;
+		}
+	default:
+		break;
+	}
+	return -1;
+}
+
+static int try_bindfd(void)
+{
+	int fd, ret = -1;
+	char template[PATH_MAX] = { 0 };
+	char *prefix = getenv("_LIBCONTAINER_STATEDIR");
+
+	if (!prefix || *prefix != '/')
+		prefix = "/tmp";
+	if (snprintf(template, sizeof(template), "%s/runc.XXXXXX", prefix) < 0)
+		return ret;
+
+	/*
+	 * We need somewhere to mount it, mounting anything over /proc/self is a
+	 * BAD idea on the host -- even if we do it temporarily.
+	 */
+	fd = mkstemp(template);
+	if (fd < 0)
+		return ret;
+	close(fd);
+
+	/*
+	 * For obvious reasons this won't work in rootless mode because we haven't
+	 * created a userns+mntns -- but getting that to work will be a bit
+	 * complicated and it's only worth doing if someone actually needs it.
+	 */
+	ret = -EPERM;
+	if (mount("/proc/self/exe", template, "", MS_BIND, "") < 0)
+		goto out;
+	if (mount("", template, "", MS_REMOUNT | MS_BIND | MS_RDONLY, "") < 0)
+		goto out_umount;
+
+	/* Get read-only handle that we're sure can't be made read-write. */
+	ret = open(template, O_PATH | O_CLOEXEC);
+
+out_umount:
+	/*
+	 * Make sure the MNT_DETACH works, otherwise we could get remounted
+	 * read-write and that would be quite bad (the fd would be made read-write
+	 * too, invalidating the protection).
+	 */
+	if (umount2(template, MNT_DETACH) < 0) {
+		if (ret >= 0)
+			close(ret);
+		ret = -ENOTRECOVERABLE;
+	}
+
+out:
+	/*
+	 * We don't care about unlink errors, the worst that happens is that
+	 * there's an empty file left around in STATEDIR.
+	 */
+	unlink(template);
+	return ret;
+}
+
+static ssize_t fd_to_fd(int outfd, int infd)
+{
+	ssize_t total = 0;
+	char buffer[4096];
+
+	for (;;) {
+		ssize_t nread, nwritten = 0;
+
+		nread = read(infd, buffer, sizeof(buffer));
+		if (nread < 0)
+			return -1;
+		if (!nread)
+			break;
+
+		do {
+			ssize_t n = write(outfd, buffer + nwritten, nread - nwritten);
+			if (n < 0)
+				return -1;
+			nwritten += n;
+		} while (nwritten < nread);
+
+		total += nwritten;
+	}
+
+	return total;
+}
+
+static int clone_binary(void)
+{
+	int binfd, execfd;
+	struct stat statbuf = { };
+	size_t sent = 0;
+	int fdtype = EFD_NONE;
+
+	/*
+	 * Before we resort to copying, let's try creating an ro-binfd in one shot
+	 * by getting a handle for a read-only bind-mount of the execfd.
+	 */
+	execfd = try_bindfd();
+	if (execfd >= 0)
+		return execfd;
+
+	/*
+	 * Dammit, that didn't work -- time to copy the binary to a safe place we
+	 * can seal the contents.
+	 */
+	execfd = make_execfd(&fdtype);
+	if (execfd < 0 || fdtype == EFD_NONE)
+		return -ENOTRECOVERABLE;
+
+	binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
+	if (binfd < 0)
+		goto error;
+
+	if (fstat(binfd, &statbuf) < 0)
+		goto error_binfd;
+
+	while (sent < statbuf.st_size) {
+		int n = sendfile(execfd, binfd, NULL, statbuf.st_size - sent);
+		if (n < 0) {
+			/* sendfile can fail so we fallback to a dumb user-space copy. */
+			n = fd_to_fd(execfd, binfd);
+			if (n < 0)
+				goto error_binfd;
+		}
+		sent += n;
+	}
+	close(binfd);
+	if (sent != statbuf.st_size)
+		goto error;
+
+	if (seal_execfd(&execfd, fdtype) < 0)
+		goto error;
+
+	return execfd;
+
+error_binfd:
+	close(binfd);
+error:
+	close(execfd);
+	return -EIO;
+}
+
+/* Get cheap access to the environment. */
+extern char **environ;
+
+int ensure_cloned_binary(void)
+{
+	int execfd;
+	char **argv = NULL;
+
+	/* Check that we're not self-cloned, and if we are then bail. */
+	int cloned = is_self_cloned();
+	if (cloned > 0 || cloned == -ENOTRECOVERABLE)
+		return cloned;
+
+	if (fetchve(&argv) < 0)
+		return -EINVAL;
+
+	execfd = clone_binary();
+	if (execfd < 0)
+		return -EIO;
+
+	if (putenv(CLONED_BINARY_ENV "=1"))
+		goto error;
+
+	fexecve(execfd, argv, environ);
+error:
+	close(execfd);
+	return -ENOEXEC;
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/escape.c b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/escape.c
new file mode 100644
index 0000000000000..78e7e9f489363
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/escape.c
@@ -0,0 +1,142 @@
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef ESCAPE_TEST
+#  include <assert.h>
+#  define test_assert(arg) assert(arg)
+#else
+#  define test_assert(arg)
+#endif
+
+#define DEL '\x7f'
+
+/*
+ * Poor man version of itoa with base=16 and input number from 0 to 15,
+ * represented by a char. Converts it to a single hex digit ('0' to 'f').
+ */
+static char hex(char i)
+{
+	test_assert(i >= 0 && i < 16);
+
+	if (i >= 0 && i < 10) {
+		return '0' + i;
+	}
+	if (i >= 10 && i < 16) {
+		return 'a' + i - 10;
+	}
+	return '?';
+}
+
+/*
+ * Given the character, tells how many _extra_ characters are needed
+ * to JSON-escape it. If 0 is returned, the character does not need to
+ * be escaped.
+ */
+static int need_escape(char c)
+{
+	switch (c) {
+	case '\\':
+	case '"':
+	case '\b':
+	case '\n':
+	case '\r':
+	case '\t':
+	case '\f':
+		return 1;
+	case DEL:		// -> \u007f
+		return 5;
+	default:
+		if (c > 0 && c < ' ') {
+			// ASCII decimal 01 to 31 -> \u00xx
+			return 5;
+		}
+		return 0;
+	}
+}
+
+/*
+ * Escape the string so it can be used as a JSON string (per RFC4627,
+ * section 2.5 minimal requirements, plus the DEL (0x7f) character).
+ *
+ * It is expected that the argument is a string allocated via malloc.
+ * In case no escaping is needed, the original string is returned as is;
+ * otherwise, the original string is free'd, and the newly allocated
+ * escaped string is returned. Thus, in any case, the value returned
+ * need to be free'd by the caller.
+ */
+char *escape_json_string(char *s)
+{
+	int i, j, len;
+	char *c, *out;
+
+	/*
+	 * First, check if escaping is at all needed -- if not, we can avoid
+	 * malloc and return the argument as is.  While at it, count how much
+	 * extra space is required.
+	 *
+	 * XXX: the counting code must be in sync with the escaping code
+	 * (checked by test_assert()s below).
+	 */
+	for (i = j = 0; s[i] != '\0'; i++) {
+		j += need_escape(s[i]);
+	}
+	if (j == 0) {
+		// nothing to escape
+		return s;
+	}
+
+	len = i + j + 1;
+	out = malloc(len);
+	if (!out) {
+		free(s);
+		// As malloc failed, strdup can fail, too, so in the worst case
+		// scenario NULL will be returned from here.
+		return strdup("escape_json_string: out of memory");
+	}
+	for (c = s, j = 0; *c != '\0'; c++) {
+		switch (*c) {
+		case '"':
+		case '\\':
+			test_assert(need_escape(*c) == 1);
+			out[j++] = '\\';
+			out[j++] = *c;
+			continue;
+		}
+		if ((*c < 0 || *c >= ' ') && (*c != DEL)) {
+			// no escape needed
+			test_assert(need_escape(*c) == 0);
+			out[j++] = *c;
+			continue;
+		}
+		out[j++] = '\\';
+		switch (*c) {
+		case '\b':
+			out[j++] = 'b';
+			break;
+		case '\n':
+			out[j++] = 'n';
+			break;
+		case '\r':
+			out[j++] = 'r';
+			break;
+		case '\t':
+			out[j++] = 't';
+			break;
+		case '\f':
+			out[j++] = 'f';
+			break;
+		default:
+			test_assert(need_escape(*c) == 5);
+			out[j++] = 'u';
+			out[j++] = '0';
+			out[j++] = '0';
+			out[j++] = hex(*c >> 4);
+			out[j++] = hex(*c & 0x0f);
+		}
+	}
+	test_assert(j + 1 == len);
+	out[j] = '\0';
+
+	free(s);
+	return out;
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsenter_unsupported.go b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsenter_unsupported.go
index ac701ca393b40..2459c6367e419 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsenter_unsupported.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsenter_unsupported.go
@@ -1,5 +1,3 @@
 // +build !linux !cgo
 
 package nsenter
-
-import "C"
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
index cb22431473516..bdc59325778e6 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
+++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
@@ -29,6 +29,8 @@
 /* Get all of the CLONE_NEW* flags. */
 #include "namespace.h"
 
+extern char *escape_json_string(char *str);
+
 /* Synchronisation values. */
 enum sync_t {
 	SYNC_USERMAP_PLS = 0x40,	/* Request parent to map our users. */
@@ -36,19 +38,23 @@ enum sync_t {
 	SYNC_RECVPID_PLS = 0x42,	/* Tell parent we're sending the PID. */
 	SYNC_RECVPID_ACK = 0x43,	/* PID was correctly received by parent. */
 	SYNC_GRANDCHILD = 0x44,	/* The grandchild is ready to run. */
-	SYNC_CHILD_READY = 0x45,	/* The child or grandchild is ready to return. */
-
-	/* XXX: This doesn't help with segfaults and other such issues. */
-	SYNC_ERR = 0xFF,	/* Fatal error, no turning back. The error code follows. */
+	SYNC_CHILD_FINISH = 0x45,	/* The child or grandchild has finished. */
 };
 
+/*
+ * Synchronisation value for cgroup namespace setup.
+ * The same constant is defined in process_linux.go as "createCgroupns".
+ */
+#define CREATECGROUPNS 0x80
+
+#define STAGE_SETUP  -1
 /* longjmp() arguments. */
-#define JUMP_PARENT 0x00
-#define JUMP_CHILD  0xA0
-#define JUMP_INIT   0xA1
+#define STAGE_PARENT  0
+#define STAGE_CHILD   1
+#define STAGE_INIT    2
 
-/* JSON buffer. */
-#define JSON_MAX 4096
+/* Stores the current stage of nsexec. */
+int current_stage = STAGE_SETUP;
 
 /* Assume the stack grows down, so arguments should be above it. */
 struct clone_t {
@@ -56,7 +62,7 @@ struct clone_t {
 	 * Reserve some space for clone() to locate arguments
 	 * and retcode in this place
 	 */
-	char stack[4096] __attribute__ ((aligned(16)));
+	char stack[4096] __attribute__((aligned(16)));
 	char stack_ptr[0];
 
 	/* There's two children. This is used to execute the different code. */
@@ -82,42 +88,51 @@ struct nlconfig_t {
 	uint8_t is_setgroup;
 
 	/* Rootless container settings. */
-	uint8_t is_rootless;
+	uint8_t is_rootless_euid;	/* boolean */
 	char *uidmappath;
 	size_t uidmappath_len;
 	char *gidmappath;
 	size_t gidmappath_len;
 };
 
+#define PANIC   "panic"
+#define FATAL   "fatal"
+#define ERROR   "error"
+#define WARNING "warning"
+#define INFO    "info"
+#define DEBUG   "debug"
+
+static int logfd = -1;
+
 /*
  * List of netlink message types sent to us as part of bootstrapping the init.
  * These constants are defined in libcontainer/message_linux.go.
  */
-#define INIT_MSG			62000
+#define INIT_MSG		62000
 #define CLONE_FLAGS_ATTR	27281
 #define NS_PATHS_ATTR		27282
-#define UIDMAP_ATTR			27283
-#define GIDMAP_ATTR			27284
+#define UIDMAP_ATTR		27283
+#define GIDMAP_ATTR		27284
 #define SETGROUP_ATTR		27285
 #define OOM_SCORE_ADJ_ATTR	27286
-#define ROOTLESS_ATTR	    27287
-#define UIDMAPPATH_ATTR	    27288
-#define GIDMAPPATH_ATTR	    27289
+#define ROOTLESS_EUID_ATTR	27287
+#define UIDMAPPATH_ATTR		27288
+#define GIDMAPPATH_ATTR		27289
 
 /*
  * Use the raw syscall for versions of glibc which don't include a function for
  * it, namely (glibc 2.12).
  */
 #if __GLIBC__ == 2 && __GLIBC_MINOR__ < 14
-#	define _GNU_SOURCE
-#	include "syscall.h"
-#	if !defined(SYS_setns) && defined(__NR_setns)
-#		define SYS_setns __NR_setns
-#	endif
-
-#ifndef SYS_setns
-#	error "setns(2) syscall not supported by glibc version"
-#endif
+#  define _GNU_SOURCE
+#  include "syscall.h"
+#  if !defined(SYS_setns) && defined(__NR_setns)
+#    define SYS_setns __NR_setns
+#  endif
+
+#  ifndef SYS_setns
+#    error "setns(2) syscall not supported by glibc version"
+#  endif
 
 int setns(int fd, int nstype)
 {
@@ -125,22 +140,54 @@ int setns(int fd, int nstype)
 }
 #endif
 
+static void write_log(const char *level, const char *format, ...)
+{
+	char *message = NULL, *stage = NULL, *json = NULL;
+	va_list args;
+	int ret;
+
+	if (logfd < 0 || level == NULL)
+		goto out;
+
+	va_start(args, format);
+	ret = vasprintf(&message, format, args);
+	va_end(args);
+	if (ret < 0)
+		goto out;
+
+	message = escape_json_string(message);
+
+	if (current_stage == STAGE_SETUP)
+		stage = strdup("nsexec");
+	else
+		ret = asprintf(&stage, "nsexec-%d", current_stage);
+	if (ret < 0)
+		goto out;
+
+	ret = asprintf(&json, "{\"level\":\"%s\", \"msg\": \"%s[%d]: %s\"}\n", level, stage, getpid(), message);
+	if (ret < 0) {
+		json = NULL;
+		goto out;
+	}
+
+	/* This logging is on a best-effort basis. In case of a short or failed
+	 * write there is nothing we can do, so just ignore write() errors.
+	 */
+	ssize_t __attribute__((unused)) __res = write(logfd, json, ret);
+
+out:
+	free(message);
+	free(stage);
+	free(json);
+}
+
 /* XXX: This is ugly. */
 static int syncfd = -1;
 
-/* TODO(cyphar): Fix this so it correctly deals with syncT. */
-#define bail(fmt, ...)								\
-	do {									\
-		int ret = __COUNTER__ + 1;					\
-		fprintf(stderr, "nsenter: " fmt ": %m\n", ##__VA_ARGS__);	\
-		if (syncfd >= 0) {						\
-			enum sync_t s = SYNC_ERR;				\
-			if (write(syncfd, &s, sizeof(s)) != sizeof(s))		\
-				fprintf(stderr, "nsenter: failed: write(s)");	\
-			if (write(syncfd, &ret, sizeof(ret)) != sizeof(ret))	\
-				fprintf(stderr, "nsenter: failed: write(ret)");	\
-		}								\
-		exit(ret);							\
+#define bail(fmt, ...)                                       \
+	do {                                                       \
+		write_log(FATAL, fmt ": %m", ##__VA_ARGS__); \
+		exit(1);                                                 \
 	} while(0)
 
 static int write_file(char *data, size_t data_len, char *pathfmt, ...)
@@ -166,7 +213,7 @@ static int write_file(char *data, size_t data_len, char *pathfmt, ...)
 		goto out;
 	}
 
- out:
+out:
 	close(fd);
 	return ret;
 }
@@ -276,9 +323,11 @@ static void update_uidmap(const char *path, int pid, char *map, size_t map_len)
 	if (map == NULL || map_len <= 0)
 		return;
 
+	write_log(DEBUG, "update /proc/%d/uid_map to '%s'", pid, map);
 	if (write_file(map, map_len, "/proc/%d/uid_map", pid) < 0) {
 		if (errno != EPERM)
 			bail("failed to update /proc/%d/uid_map", pid);
+		write_log(DEBUG, "update /proc/%d/uid_map got -EPERM (trying %s)", pid, path);
 		if (try_mapping_tool(path, pid, map, map_len))
 			bail("failed to use newuid map on %d", pid);
 	}
@@ -289,9 +338,11 @@ static void update_gidmap(const char *path, int pid, char *map, size_t map_len)
 	if (map == NULL || map_len <= 0)
 		return;
 
+	write_log(DEBUG, "update /proc/%d/gid_map to '%s'", pid, map);
 	if (write_file(map, map_len, "/proc/%d/gid_map", pid) < 0) {
 		if (errno != EPERM)
 			bail("failed to update /proc/%d/gid_map", pid);
+		write_log(DEBUG, "update /proc/%d/gid_map got -EPERM (trying %s)", pid, path);
 		if (try_mapping_tool(path, pid, map, map_len))
 			bail("failed to use newgid map on %d", pid);
 	}
@@ -302,19 +353,20 @@ static void update_oom_score_adj(char *data, size_t len)
 	if (data == NULL || len <= 0)
 		return;
 
+	write_log(DEBUG, "update /proc/self/oom_score_adj to '%s'", data);
 	if (write_file(data, len, "/proc/self/oom_score_adj") < 0)
 		bail("failed to update /proc/self/oom_score_adj");
 }
 
 /* A dummy function that just jumps to the given jumpval. */
-static int child_func(void *arg) __attribute__ ((noinline));
+static int child_func(void *arg) __attribute__((noinline));
 static int child_func(void *arg)
 {
 	struct clone_t *ca = (struct clone_t *)arg;
 	longjmp(*ca->env, ca->jmpval);
 }
 
-static int clone_parent(jmp_buf *env, int jmpval) __attribute__ ((noinline));
+static int clone_parent(jmp_buf *env, int jmpval) __attribute__((noinline));
 static int clone_parent(jmp_buf *env, int jmpval)
 {
 	struct clone_t ca = {
@@ -346,6 +398,23 @@ static int initpipe(void)
 	return pipenum;
 }
 
+static void setup_logpipe(void)
+{
+	char *logpipe, *endptr;
+
+	logpipe = getenv("_LIBCONTAINER_LOGPIPE");
+	if (logpipe == NULL || *logpipe == '\0') {
+		return;
+	}
+
+	logfd = strtol(logpipe, &endptr, 10);
+	if (logpipe == endptr || *endptr != '\0') {
+		fprintf(stderr, "unable to parse _LIBCONTAINER_LOGPIPE, value: %s\n", logpipe);
+		/* It is too early to use bail */
+		exit(1);
+	}
+}
+
 /* Returns the clone(2) flag for a namespace, given the name of a namespace. */
 static int nsflag(char *name)
 {
@@ -419,8 +488,8 @@ static void nl_parse(int fd, struct nlconfig_t *config)
 		case CLONE_FLAGS_ATTR:
 			config->cloneflags = readint32(current);
 			break;
-		case ROOTLESS_ATTR:
-			config->is_rootless = readint8(current);
+		case ROOTLESS_EUID_ATTR:
+			config->is_rootless_euid = readint8(current);	/* boolean */
 			break;
 		case OOM_SCORE_ADJ_ATTR:
 			config->oom_score_adj = current;
@@ -469,7 +538,6 @@ void join_namespaces(char *nslist)
 	char *namespace = strtok_r(nslist, ",", &saveptr);
 	struct namespace_t {
 		int fd;
-		int ns;
 		char type[PATH_MAX];
 		char path[PATH_MAX];
 	} *namespaces = NULL;
@@ -504,7 +572,7 @@ void join_namespaces(char *nslist)
 			bail("failed to open %s", path);
 
 		ns->fd = fd;
-		ns->ns = nsflag(namespace);
+		strncpy(ns->type, namespace, PATH_MAX - 1);
 		strncpy(ns->path, path, PATH_MAX - 1);
 		ns->path[PATH_MAX - 1] = '\0';
 	} while ((namespace = strtok_r(NULL, ",", &saveptr)) != NULL);
@@ -517,17 +585,30 @@ void join_namespaces(char *nslist)
 	 */
 
 	for (i = 0; i < num; i++) {
-		struct namespace_t ns = namespaces[i];
+		struct namespace_t *ns = &namespaces[i];
+		int flag = nsflag(ns->type);
 
-		if (setns(ns.fd, ns.ns) < 0)
-			bail("failed to setns to %s", ns.path);
+		write_log(DEBUG, "setns(%#x) into %s namespace (with path %s)", flag, ns->type, ns->path);
+		if (setns(ns->fd, flag) < 0)
+			bail("failed to setns into %s namespace", ns->type);
 
-		close(ns.fd);
+		close(ns->fd);
 	}
 
 	free(namespaces);
 }
 
+/* Defined in cloned_binary.c. */
+extern int ensure_cloned_binary(void);
+
+static inline int sane_kill(pid_t pid, int signum)
+{
+	if (pid > 0)
+		return kill(pid, signum);
+	else
+		return 0;
+}
+
 void nsexec(void)
 {
 	int pipenum;
@@ -535,6 +616,12 @@ void nsexec(void)
 	int sync_child_pipe[2], sync_grandchild_pipe[2];
 	struct nlconfig_t config = { 0 };
 
+	/*
+	 * Setup a pipe to send logs to the parent. This should happen
+	 * first, because bail will use that pipe.
+	 */
+	setup_logpipe();
+
 	/*
 	 * If we don't have an init pipe, just return to the go routine.
 	 * We'll only get an init pipe for start or exec.
@@ -543,6 +630,23 @@ void nsexec(void)
 	if (pipenum == -1)
 		return;
 
+	/*
+	 * We need to re-exec if we are not in a cloned binary. This is necessary
+	 * to ensure that containers won't be able to access the host binary
+	 * through /proc/self/exe. See CVE-2019-5736.
+	 */
+	if (ensure_cloned_binary() < 0)
+		bail("could not ensure we are a cloned binary");
+
+	/*
+	 * Inform the parent we're past initial setup.
+	 * For the other side of this, see initWaiter.
+	 */
+	if (write(pipenum, "", 1) != 1)
+		bail("could not inform the parent we are past initial setup");
+
+	write_log(DEBUG, "=> nsexec container setup");
+
 	/* Parse all of the netlink configuration. */
 	nl_parse(pipenum, &config);
 
@@ -565,6 +669,7 @@ void nsexec(void)
 	 * containers), which is the recommendation from the kernel folks.
 	 */
 	if (config.namespaces) {
+		write_log(DEBUG, "set process as non-dumpable");
 		if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) < 0)
 			bail("failed to set process as non-dumpable");
 	}
@@ -629,53 +734,49 @@ void nsexec(void)
 	 * -- Aleksa "what has my life come to?" Sarai
 	 */
 
-	switch (setjmp(env)) {
+	current_stage = setjmp(env);
+	switch (current_stage) {
 		/*
 		 * Stage 0: We're in the parent. Our job is just to create a new child
-		 *          (stage 1: JUMP_CHILD) process and write its uid_map and
+		 *          (stage 1: STAGE_CHILD) process and write its uid_map and
 		 *          gid_map. That process will go on to create a new process, then
 		 *          it will send us its PID which we will send to the bootstrap
 		 *          process.
 		 */
-	case JUMP_PARENT:{
+	case STAGE_PARENT:{
 			int len;
-			pid_t child, first_child = -1;
-			char buf[JSON_MAX];
-			bool ready = false;
+			pid_t stage1_pid = -1, stage2_pid = -1;
+			bool stage1_complete, stage2_complete;
 
 			/* For debugging. */
 			prctl(PR_SET_NAME, (unsigned long)"runc:[0:PARENT]", 0, 0, 0);
+			write_log(DEBUG, "~> nsexec stage-0");
 
 			/* Start the process of getting a container. */
-			child = clone_parent(&env, JUMP_CHILD);
-			if (child < 0)
-				bail("unable to fork: child_func");
+			write_log(DEBUG, "spawn stage-1");
+			stage1_pid = clone_parent(&env, STAGE_CHILD);
+			if (stage1_pid < 0)
+				bail("unable to spawn stage-1");
+
+			syncfd = sync_child_pipe[1];
+			close(sync_child_pipe[0]);
 
 			/*
-			 * State machine for synchronisation with the children.
-			 *
-			 * Father only return when both child and grandchild are
-			 * ready, so we can receive all possible error codes
-			 * generated by children.
+			 * State machine for synchronisation with the children. We only
+			 * return once both the child and grandchild are ready.
 			 */
-			while (!ready) {
+			write_log(DEBUG, "-> stage-1 synchronisation loop");
+			stage1_complete = false;
+			while (!stage1_complete) {
 				enum sync_t s;
-				int ret;
-
-				syncfd = sync_child_pipe[1];
-				close(sync_child_pipe[0]);
 
 				if (read(syncfd, &s, sizeof(s)) != sizeof(s))
-					bail("failed to sync with child: next state");
+					bail("failed to sync with stage-1: next state");
 
 				switch (s) {
-				case SYNC_ERR:
-					/* We have to mirror the error code of the child. */
-					if (read(syncfd, &ret, sizeof(ret)) != sizeof(ret))
-						bail("failed to sync with child: read(error code)");
-
-					exit(ret);
 				case SYNC_USERMAP_PLS:
+					write_log(DEBUG, "stage-1 requested userns mappings");
+
 					/*
 					 * Enable setgroups(2) if we've been asked to. But we also
 					 * have to explicitly disable setgroups(2) if we're
@@ -686,59 +787,78 @@ void nsexec(void)
 					 * For rootless multi-entry mapping, config.is_setgroup shall be true and
 					 * newuidmap/newgidmap shall be used.
 					 */
-
-					if (config.is_rootless && !config.is_setgroup)
-						update_setgroups(child, SETGROUPS_DENY);
+					if (config.is_rootless_euid && !config.is_setgroup)
+						update_setgroups(stage1_pid, SETGROUPS_DENY);
 
 					/* Set up mappings. */
-					update_uidmap(config.uidmappath, child, config.uidmap, config.uidmap_len);
-					update_gidmap(config.gidmappath, child, config.gidmap, config.gidmap_len);
+					update_uidmap(config.uidmappath, stage1_pid, config.uidmap, config.uidmap_len);
+					update_gidmap(config.gidmappath, stage1_pid, config.gidmap, config.gidmap_len);
 
 					s = SYNC_USERMAP_ACK;
 					if (write(syncfd, &s, sizeof(s)) != sizeof(s)) {
-						kill(child, SIGKILL);
-						bail("failed to sync with child: write(SYNC_USERMAP_ACK)");
+						sane_kill(stage1_pid, SIGKILL);
+						sane_kill(stage2_pid, SIGKILL);
+						bail("failed to sync with stage-1: write(SYNC_USERMAP_ACK)");
 					}
 					break;
-				case SYNC_RECVPID_PLS:{
-						first_child = child;
-
-						/* Get the init_func pid. */
-						if (read(syncfd, &child, sizeof(child)) != sizeof(child)) {
-							kill(first_child, SIGKILL);
-							bail("failed to sync with child: read(childpid)");
-						}
-
-						/* Send ACK. */
-						s = SYNC_RECVPID_ACK;
-						if (write(syncfd, &s, sizeof(s)) != sizeof(s)) {
-							kill(first_child, SIGKILL);
-							kill(child, SIGKILL);
-							bail("failed to sync with child: write(SYNC_RECVPID_ACK)");
-						}
+				case SYNC_RECVPID_PLS:
+					write_log(DEBUG, "stage-1 requested pid to be forwarded");
+
+					/* Get the stage-2 pid. */
+					if (read(syncfd, &stage2_pid, sizeof(stage2_pid)) != sizeof(stage2_pid)) {
+						sane_kill(stage1_pid, SIGKILL);
+						sane_kill(stage2_pid, SIGKILL);
+						bail("failed to sync with stage-1: read(stage2_pid)");
+					}
+
+					/* Send ACK. */
+					s = SYNC_RECVPID_ACK;
+					if (write(syncfd, &s, sizeof(s)) != sizeof(s)) {
+						sane_kill(stage1_pid, SIGKILL);
+						sane_kill(stage2_pid, SIGKILL);
+						bail("failed to sync with stage-1: write(SYNC_RECVPID_ACK)");
+					}
+
+					/*
+					 * Send both the stage-1 and stage-2 pids back to runc.
+					 * runc needs the stage-2 to continue process management,
+					 * but because stage-1 was spawned with CLONE_PARENT we
+					 * cannot reap it within stage-0 and thus we need to ask
+					 * runc to reap the zombie for us.
+					 */
+					write_log(DEBUG, "forward stage-1 (%d) and stage-2 (%d) pids to runc",
+						  stage1_pid, stage2_pid);
+					len =
+					    dprintf(pipenum, "{\"stage1_pid\":%d,\"stage2_pid\":%d}\n", stage1_pid,
+						    stage2_pid);
+					if (len < 0) {
+						sane_kill(stage1_pid, SIGKILL);
+						sane_kill(stage2_pid, SIGKILL);
+						bail("failed to sync with runc: write(pid-JSON)");
 					}
 					break;
-				case SYNC_CHILD_READY:
-					ready = true;
+				case SYNC_CHILD_FINISH:
+					write_log(DEBUG, "stage-1 complete");
+					stage1_complete = true;
 					break;
 				default:
 					bail("unexpected sync value: %u", s);
 				}
 			}
+			write_log(DEBUG, "<- stage-1 synchronisation loop");
 
 			/* Now sync with grandchild. */
-
-			ready = false;
-			while (!ready) {
+			syncfd = sync_grandchild_pipe[1];
+			close(sync_grandchild_pipe[0]);
+			write_log(DEBUG, "-> stage-2 synchronisation loop");
+			stage2_complete = false;
+			while (!stage2_complete) {
 				enum sync_t s;
-				int ret;
-
-				syncfd = sync_grandchild_pipe[1];
-				close(sync_grandchild_pipe[0]);
 
+				write_log(DEBUG, "signalling stage-2 to run");
 				s = SYNC_GRANDCHILD;
 				if (write(syncfd, &s, sizeof(s)) != sizeof(s)) {
-					kill(child, SIGKILL);
+					sane_kill(stage2_pid, SIGKILL);
 					bail("failed to sync with child: write(SYNC_GRANDCHILD)");
 				}
 
@@ -746,50 +866,31 @@ void nsexec(void)
 					bail("failed to sync with child: next state");
 
 				switch (s) {
-				case SYNC_ERR:
-					/* We have to mirror the error code of the child. */
-					if (read(syncfd, &ret, sizeof(ret)) != sizeof(ret))
-						bail("failed to sync with child: read(error code)");
-
-					exit(ret);
-				case SYNC_CHILD_READY:
-					ready = true;
+				case SYNC_CHILD_FINISH:
+					write_log(DEBUG, "stage-2 complete");
+					stage2_complete = true;
 					break;
 				default:
 					bail("unexpected sync value: %u", s);
 				}
 			}
-
-			/*
-			 * Send the init_func pid and the pid of the first child back to our parent.
-			 *
-			 * We need to send both back because we can't reap the first child we created (CLONE_PARENT).
-			 * It becomes the responsibility of our parent to reap the first child.
-			 */
-			len = snprintf(buf, JSON_MAX, "{\"pid\": %d, \"pid_first\": %d}\n", child, first_child);
-			if (len < 0) {
-				kill(child, SIGKILL);
-				bail("unable to generate JSON for child pid");
-			}
-			if (write(pipenum, buf, len) != len) {
-				kill(child, SIGKILL);
-				bail("unable to send child pid to bootstrapper");
-			}
-
+			write_log(DEBUG, "<- stage-2 synchronisation loop");
+			write_log(DEBUG, "<~ nsexec stage-0");
 			exit(0);
 		}
+		break;
 
 		/*
 		 * Stage 1: We're in the first child process. Our job is to join any
-		 *          provided namespaces in the netlink payload and unshare all
-		 *          of the requested namespaces. If we've been asked to
-		 *          CLONE_NEWUSER, we will ask our parent (stage 0) to set up
-		 *          our user mappings for us. Then, we create a new child
-		 *          (stage 2: JUMP_INIT) for PID namespace. We then send the
-		 *          child's PID to our parent (stage 0).
+		 *          provided namespaces in the netlink payload and unshare all of
+		 *          the requested namespaces. If we've been asked to CLONE_NEWUSER,
+		 *          we will ask our parent (stage 0) to set up our user mappings
+		 *          for us. Then, we create a new child (stage 2: STAGE_INIT) for
+		 *          PID namespace. We then send the child's PID to our parent
+		 *          (stage 0).
 		 */
-	case JUMP_CHILD:{
-			pid_t child;
+	case STAGE_CHILD:{
+			pid_t stage2_pid = -1;
 			enum sync_t s;
 
 			/* We're in a child and thus need to tell the parent if we die. */
@@ -798,11 +899,12 @@ void nsexec(void)
 
 			/* For debugging. */
 			prctl(PR_SET_NAME, (unsigned long)"runc:[1:CHILD]", 0, 0, 0);
+			write_log(DEBUG, "~> nsexec stage-1");
 
 			/*
 			 * We need to setns first. We cannot do this earlier (in stage 0)
 			 * because of the fact that we forked to get here (the PID of
-			 * [stage 2: JUMP_INIT]) would be meaningless). We could send it
+			 * [stage 2: STAGE_INIT]) would be meaningless). We could send it
 			 * using cmsg(3) but that's just annoying.
 			 */
 			if (config.namespaces)
@@ -828,34 +930,43 @@ void nsexec(void)
 			 * problem.
 			 */
 			if (config.cloneflags & CLONE_NEWUSER) {
+				write_log(DEBUG, "unshare user namespace");
 				if (unshare(CLONE_NEWUSER) < 0)
 					bail("failed to unshare user namespace");
 				config.cloneflags &= ~CLONE_NEWUSER;
 
 				/*
-				 * We don't have the privileges to do any mapping here (see the
-				 * clone_parent rant). So signal our parent to hook us up.
+				 * We need to set ourselves as dumpable temporarily so that the
+				 * parent process can write to our procfs files.
 				 */
-
-				/* Switching is only necessary if we joined namespaces. */
 				if (config.namespaces) {
+					write_log(DEBUG, "temporarily set process as dumpable");
 					if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) < 0)
-						bail("failed to set process as dumpable");
+						bail("failed to temporarily set process as dumpable");
 				}
+
+				/*
+				 * We don't have the privileges to do any mapping here (see the
+				 * clone_parent rant). So signal stage-0 to do the mapping for
+				 * us.
+				 */
+				write_log(DEBUG, "request stage-0 to map user namespace");
 				s = SYNC_USERMAP_PLS;
 				if (write(syncfd, &s, sizeof(s)) != sizeof(s))
 					bail("failed to sync with parent: write(SYNC_USERMAP_PLS)");
 
 				/* ... wait for mapping ... */
-
+				write_log(DEBUG, "request stage-0 to map user namespace");
 				if (read(syncfd, &s, sizeof(s)) != sizeof(s))
 					bail("failed to sync with parent: read(SYNC_USERMAP_ACK)");
 				if (s != SYNC_USERMAP_ACK)
 					bail("failed to sync with parent: SYNC_USERMAP_ACK: got %u", s);
-				/* Switching is only necessary if we joined namespaces. */
+
+				/* Revert temporary re-dumpable setting. */
 				if (config.namespaces) {
+					write_log(DEBUG, "re-set process as non-dumpable");
 					if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) < 0)
-						bail("failed to set process as dumpable");
+						bail("failed to re-set process as non-dumpable");
 				}
 
 				/* Become root in the namespace proper. */
@@ -864,13 +975,18 @@ void nsexec(void)
 			}
 
 			/*
-			 * Unshare all of the namespaces. Note that we don't merge this
-			 * with clone() because there were some old kernel versions where
-			 * clone(CLONE_PARENT | CLONE_NEWPID) was broken, so we'll just do
-			 * it the long way.
+			 * Unshare all of the namespaces. Now, it should be noted that this
+			 * ordering might break in the future (especially with rootless
+			 * containers). But for now, it's not possible to split this into
+			 * CLONE_NEWUSER + [the rest] because of some RHEL SELinux issues.
+			 *
+			 * Note that we don't merge this with clone() because there were
+			 * some old kernel versions where clone(CLONE_PARENT | CLONE_NEWPID)
+			 * was broken, so we'll just do it the long way anyway.
 			 */
-			if (unshare(config.cloneflags) < 0)
-				bail("failed to unshare namespaces");
+			write_log(DEBUG, "unshare remaining namespace (except cgroupns)");
+			if (unshare(config.cloneflags & ~CLONE_NEWCGROUP) < 0)
+				bail("failed to unshare remaining namespaces (except cgroupns)");
 
 			/*
 			 * TODO: What about non-namespace clone flags that we're dropping here?
@@ -881,41 +997,45 @@ void nsexec(void)
 			 * which would break many applications and libraries, so we must fork
 			 * to actually enter the new PID namespace.
 			 */
-			child = clone_parent(&env, JUMP_INIT);
-			if (child < 0)
-				bail("unable to fork: init_func");
+			write_log(DEBUG, "spawn stage-2");
+			stage2_pid = clone_parent(&env, STAGE_INIT);
+			if (stage2_pid < 0)
+				bail("unable to spawn stage-2");
 
 			/* Send the child to our parent, which knows what it's doing. */
+			write_log(DEBUG, "request stage-0 to forward stage-2 pid (%d)", stage2_pid);
 			s = SYNC_RECVPID_PLS;
 			if (write(syncfd, &s, sizeof(s)) != sizeof(s)) {
-				kill(child, SIGKILL);
+				sane_kill(stage2_pid, SIGKILL);
 				bail("failed to sync with parent: write(SYNC_RECVPID_PLS)");
 			}
-			if (write(syncfd, &child, sizeof(child)) != sizeof(child)) {
-				kill(child, SIGKILL);
-				bail("failed to sync with parent: write(childpid)");
+			if (write(syncfd, &stage2_pid, sizeof(stage2_pid)) != sizeof(stage2_pid)) {
+				sane_kill(stage2_pid, SIGKILL);
+				bail("failed to sync with parent: write(stage2_pid)");
 			}
 
 			/* ... wait for parent to get the pid ... */
-
 			if (read(syncfd, &s, sizeof(s)) != sizeof(s)) {
-				kill(child, SIGKILL);
+				sane_kill(stage2_pid, SIGKILL);
 				bail("failed to sync with parent: read(SYNC_RECVPID_ACK)");
 			}
 			if (s != SYNC_RECVPID_ACK) {
-				kill(child, SIGKILL);
+				sane_kill(stage2_pid, SIGKILL);
 				bail("failed to sync with parent: SYNC_RECVPID_ACK: got %u", s);
 			}
 
-			s = SYNC_CHILD_READY;
+			write_log(DEBUG, "signal completion to stage-0");
+			s = SYNC_CHILD_FINISH;
 			if (write(syncfd, &s, sizeof(s)) != sizeof(s)) {
-				kill(child, SIGKILL);
-				bail("failed to sync with parent: write(SYNC_CHILD_READY)");
+				sane_kill(stage2_pid, SIGKILL);
+				bail("failed to sync with parent: write(SYNC_CHILD_FINISH)");
 			}
 
-			/* Our work is done. [Stage 2: JUMP_INIT] is doing the rest of the work. */
+			/* Our work is done. [Stage 2: STAGE_INIT] is doing the rest of the work. */
+			write_log(DEBUG, "<~ nsexec stage-1");
 			exit(0);
 		}
+		break;
 
 		/*
 		 * Stage 2: We're the final child process, and the only process that will
@@ -923,7 +1043,7 @@ void nsexec(void)
 		 *          final cleanup steps and then return to the Go runtime to allow
 		 *          init_linux.go to run.
 		 */
-	case JUMP_INIT:{
+	case STAGE_INIT:{
 			/*
 			 * We're inside the child now, having jumped from the
 			 * start_child() code after forking in the parent.
@@ -938,6 +1058,7 @@ void nsexec(void)
 
 			/* For debugging. */
 			prctl(PR_SET_NAME, (unsigned long)"runc:[2:INIT]", 0, 0, 0);
+			write_log(DEBUG, "~> nsexec stage-2");
 
 			if (read(syncfd, &s, sizeof(s)) != sizeof(s))
 				bail("failed to sync with parent: read(SYNC_GRANDCHILD)");
@@ -953,14 +1074,35 @@ void nsexec(void)
 			if (setgid(0) < 0)
 				bail("setgid failed");
 
-			if (!config.is_rootless && config.is_setgroup) {
+			if (!config.is_rootless_euid && config.is_setgroup) {
 				if (setgroups(0, NULL) < 0)
 					bail("setgroups failed");
 			}
 
-			s = SYNC_CHILD_READY;
+			/*
+			 * Wait until our topmost parent has finished cgroup setup in
+			 * p.manager.Apply().
+			 *
+			 * TODO(cyphar): Check if this code is actually needed because we
+			 *               should be in the cgroup even from stage-0, so
+			 *               waiting until now might not make sense.
+			 */
+			if (config.cloneflags & CLONE_NEWCGROUP) {
+				uint8_t value;
+				if (read(pipenum, &value, sizeof(value)) != sizeof(value))
+					bail("read synchronisation value failed");
+				if (value == CREATECGROUPNS) {
+					write_log(DEBUG, "unshare cgroup namespace");
+					if (unshare(CLONE_NEWCGROUP) < 0)
+						bail("failed to unshare cgroup namespace");
+				} else
+					bail("received unknown synchronisation value");
+			}
+
+			write_log(DEBUG, "signal completion to stage-0");
+			s = SYNC_CHILD_FINISH;
 			if (write(syncfd, &s, sizeof(s)) != sizeof(s))
-				bail("failed to sync with patent: write(SYNC_CHILD_READY)");
+				bail("failed to sync with patent: write(SYNC_CHILD_FINISH)");
 
 			/* Close sync pipes. */
 			close(sync_grandchild_pipe[0]);
@@ -969,10 +1111,13 @@ void nsexec(void)
 			nl_free(&config);
 
 			/* Finish executing, let the Go runtime take over. */
+			write_log(DEBUG, "<= nsexec container setup");
+			write_log(DEBUG, "booting up go runtime ...");
 			return;
 		}
+		break;
 	default:
-		bail("unexpected jump value");
+		bail("unknown stage '%d' for jump value", current_stage);
 	}
 
 	/* Should never be reached. */
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/test/escape.c b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/test/escape.c
new file mode 120000
index 0000000000000..c53e316a22cc2
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/test/escape.c
@@ -0,0 +1 @@
+../escape.c
\ No newline at end of file
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/test/escape.go b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/test/escape.go
new file mode 100644
index 0000000000000..f85d9e211feef
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/test/escape.go
@@ -0,0 +1,53 @@
+package escapetest
+
+// This file is part of escape_json_string unit test.
+// It is in a separate package so cgo can be used together
+// with go test.
+
+// #include <stdlib.h>
+// extern char *escape_json_string(char *str);
+// #cgo CFLAGS: -DESCAPE_TEST=1
+import "C"
+
+import (
+	"testing"
+	"unsafe"
+)
+
+func testEscapeJSONString(t *testing.T, input, want string) {
+	in := C.CString(input)
+	out := C.escape_json_string(in)
+	got := C.GoString(out)
+	C.free(unsafe.Pointer(out))
+	t.Logf("input: %q, output: %q", input, got)
+	if got != want {
+		t.Errorf("Failed on input: %q, want %q, got %q", input, want, got)
+	}
+}
+
+func testEscapeJSON(t *testing.T) {
+	testCases := []struct {
+		input, output string
+	}{
+		{"", ""},
+		{"abcdef", "abcdef"},
+		{`\\\\\\`, `\\\\\\\\\\\\`},
+		{`with"quote`, `with\"quote`},
+		{"\n\r\b\t\f\\", `\n\r\b\t\f\\`},
+		{"\007", "\\u0007"},
+		{"\017 \020 \037", "\\u000f \\u0010 \\u001f"},
+		{"\033", "\\u001b"},
+		{`<->`, `<->`},
+		{"\176\177\200", "~\\u007f\200"},
+		{"\000", ""},
+		{"a\x7fxc", "a\\u007fxc"},
+		{"a\033xc", "a\\u001bxc"},
+		{"a\nxc", "a\\nxc"},
+		{"a\\xc", "a\\\\xc"},
+		{"Barney B\303\244r", "Barney B\303\244r"},
+	}
+
+	for _, tc := range testCases {
+		testEscapeJSONString(t, tc.input, tc.output)
+	}
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
deleted file mode 100644
index a4ae8901acc06..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
+++ /dev/null
@@ -1,155 +0,0 @@
-// +build linux
-
-package system
-
-import (
-	"os"
-	"os/exec"
-	"syscall" // only for exec
-	"unsafe"
-
-	"github.com/opencontainers/runc/libcontainer/user"
-	"golang.org/x/sys/unix"
-)
-
-// If arg2 is nonzero, set the "child subreaper" attribute of the
-// calling process; if arg2 is zero, unset the attribute.  When a
-// process is marked as a child subreaper, all of the children
-// that it creates, and their descendants, will be marked as
-// having a subreaper.  In effect, a subreaper fulfills the role
-// of init(1) for its descendant processes.  Upon termination of
-// a process that is orphaned (i.e., its immediate parent has
-// already terminated) and marked as having a subreaper, the
-// nearest still living ancestor subreaper will receive a SIGCHLD
-// signal and be able to wait(2) on the process to discover its
-// termination status.
-const PR_SET_CHILD_SUBREAPER = 36
-
-type ParentDeathSignal int
-
-func (p ParentDeathSignal) Restore() error {
-	if p == 0 {
-		return nil
-	}
-	current, err := GetParentDeathSignal()
-	if err != nil {
-		return err
-	}
-	if p == current {
-		return nil
-	}
-	return p.Set()
-}
-
-func (p ParentDeathSignal) Set() error {
-	return SetParentDeathSignal(uintptr(p))
-}
-
-func Execv(cmd string, args []string, env []string) error {
-	name, err := exec.LookPath(cmd)
-	if err != nil {
-		return err
-	}
-
-	return syscall.Exec(name, args, env)
-}
-
-func Prlimit(pid, resource int, limit unix.Rlimit) error {
-	_, _, err := unix.RawSyscall6(unix.SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(&limit)), uintptr(unsafe.Pointer(&limit)), 0, 0)
-	if err != 0 {
-		return err
-	}
-	return nil
-}
-
-func SetParentDeathSignal(sig uintptr) error {
-	if err := unix.Prctl(unix.PR_SET_PDEATHSIG, sig, 0, 0, 0); err != nil {
-		return err
-	}
-	return nil
-}
-
-func GetParentDeathSignal() (ParentDeathSignal, error) {
-	var sig int
-	if err := unix.Prctl(unix.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0, 0, 0); err != nil {
-		return -1, err
-	}
-	return ParentDeathSignal(sig), nil
-}
-
-func SetKeepCaps() error {
-	if err := unix.Prctl(unix.PR_SET_KEEPCAPS, 1, 0, 0, 0); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func ClearKeepCaps() error {
-	if err := unix.Prctl(unix.PR_SET_KEEPCAPS, 0, 0, 0, 0); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func Setctty() error {
-	if err := unix.IoctlSetInt(0, unix.TIOCSCTTY, 0); err != nil {
-		return err
-	}
-	return nil
-}
-
-// RunningInUserNS detects whether we are currently running in a user namespace.
-// Originally copied from github.com/lxc/lxd/shared/util.go
-func RunningInUserNS() bool {
-	uidmap, err := user.CurrentProcessUIDMap()
-	if err != nil {
-		// This kernel-provided file only exists if user namespaces are supported
-		return false
-	}
-	return UIDMapInUserNS(uidmap)
-}
-
-func UIDMapInUserNS(uidmap []user.IDMap) bool {
-	/*
-	 * We assume we are in the initial user namespace if we have a full
-	 * range - 4294967295 uids starting at uid 0.
-	 */
-	if len(uidmap) == 1 && uidmap[0].ID == 0 && uidmap[0].ParentID == 0 && uidmap[0].Count == 4294967295 {
-		return false
-	}
-	return true
-}
-
-// GetParentNSeuid returns the euid within the parent user namespace
-func GetParentNSeuid() int64 {
-	euid := int64(os.Geteuid())
-	uidmap, err := user.CurrentProcessUIDMap()
-	if err != nil {
-		// This kernel-provided file only exists if user namespaces are supported
-		return euid
-	}
-	for _, um := range uidmap {
-		if um.ID <= euid && euid <= um.ID+um.Count-1 {
-			return um.ParentID + euid - um.ID
-		}
-	}
-	return euid
-}
-
-// SetSubreaper sets the value i as the subreaper setting for the calling process
-func SetSubreaper(i int) error {
-	return unix.Prctl(PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0)
-}
-
-// GetSubreaper returns the subreaper setting for the calling process
-func GetSubreaper() (int, error) {
-	var i uintptr
-
-	if err := unix.Prctl(unix.PR_GET_CHILD_SUBREAPER, uintptr(unsafe.Pointer(&i)), 0, 0, 0); err != nil {
-		return -1, err
-	}
-
-	return int(i), nil
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/proc.go b/vendor/github.com/opencontainers/runc/libcontainer/system/proc.go
deleted file mode 100644
index 79232a43715b2..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/proc.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package system
-
-import (
-	"fmt"
-	"io/ioutil"
-	"path/filepath"
-	"strconv"
-	"strings"
-)
-
-// State is the status of a process.
-type State rune
-
-const ( // Only values for Linux 3.14 and later are listed here
-	Dead        State = 'X'
-	DiskSleep   State = 'D'
-	Running     State = 'R'
-	Sleeping    State = 'S'
-	Stopped     State = 'T'
-	TracingStop State = 't'
-	Zombie      State = 'Z'
-)
-
-// String forms of the state from proc(5)'s documentation for
-// /proc/[pid]/status' "State" field.
-func (s State) String() string {
-	switch s {
-	case Dead:
-		return "dead"
-	case DiskSleep:
-		return "disk sleep"
-	case Running:
-		return "running"
-	case Sleeping:
-		return "sleeping"
-	case Stopped:
-		return "stopped"
-	case TracingStop:
-		return "tracing stop"
-	case Zombie:
-		return "zombie"
-	default:
-		return fmt.Sprintf("unknown (%c)", s)
-	}
-}
-
-// Stat_t represents the information from /proc/[pid]/stat, as
-// described in proc(5) with names based on the /proc/[pid]/status
-// fields.
-type Stat_t struct {
-	// PID is the process ID.
-	PID uint
-
-	// Name is the command run by the process.
-	Name string
-
-	// State is the state of the process.
-	State State
-
-	// StartTime is the number of clock ticks after system boot (since
-	// Linux 2.6).
-	StartTime uint64
-}
-
-// Stat returns a Stat_t instance for the specified process.
-func Stat(pid int) (stat Stat_t, err error) {
-	bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))
-	if err != nil {
-		return stat, err
-	}
-	return parseStat(string(bytes))
-}
-
-// GetProcessStartTime is deprecated.  Use Stat(pid) and
-// Stat_t.StartTime instead.
-func GetProcessStartTime(pid int) (string, error) {
-	stat, err := Stat(pid)
-	if err != nil {
-		return "", err
-	}
-	return fmt.Sprintf("%d", stat.StartTime), nil
-}
-
-func parseStat(data string) (stat Stat_t, err error) {
-	// From proc(5), field 2 could contain space and is inside `(` and `)`.
-	// The following is an example:
-	// 89653 (gunicorn: maste) S 89630 89653 89653 0 -1 4194560 29689 28896 0 3 146 32 76 19 20 0 1 0 2971844 52965376 3920 18446744073709551615 1 1 0 0 0 0 0 16781312 137447943 0 0 0 17 1 0 0 0 0 0 0 0 0 0 0 0 0 0
-	i := strings.LastIndex(data, ")")
-	if i <= 2 || i >= len(data)-1 {
-		return stat, fmt.Errorf("invalid stat data: %q", data)
-	}
-
-	parts := strings.SplitN(data[:i], "(", 2)
-	if len(parts) != 2 {
-		return stat, fmt.Errorf("invalid stat data: %q", data)
-	}
-
-	stat.Name = parts[1]
-	_, err = fmt.Sscanf(parts[0], "%d", &stat.PID)
-	if err != nil {
-		return stat, err
-	}
-
-	// parts indexes should be offset by 3 from the field number given
-	// proc(5), because parts is zero-indexed and we've removed fields
-	// one (PID) and two (Name) in the paren-split.
-	parts = strings.Split(data[i+2:], " ")
-	var state int
-	fmt.Sscanf(parts[3-3], "%c", &state)
-	stat.State = State(state)
-	fmt.Sscanf(parts[22-3], "%d", &stat.StartTime)
-	return stat, nil
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_32.go b/vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_32.go
deleted file mode 100644
index c5ca5d86235b9..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_32.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// +build linux
-// +build 386 arm
-
-package system
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-// Setuid sets the uid of the calling thread to the specified uid.
-func Setuid(uid int) (err error) {
-	_, _, e1 := unix.RawSyscall(unix.SYS_SETUID32, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-// Setgid sets the gid of the calling thread to the specified gid.
-func Setgid(gid int) (err error) {
-	_, _, e1 := unix.RawSyscall(unix.SYS_SETGID32, uintptr(gid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_64.go b/vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_64.go
deleted file mode 100644
index 11c3faafbf0bd..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_64.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// +build linux
-// +build arm64 amd64 mips mipsle mips64 mips64le ppc ppc64 ppc64le s390x
-
-package system
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-// Setuid sets the uid of the calling thread to the specified uid.
-func Setuid(uid int) (err error) {
-	_, _, e1 := unix.RawSyscall(unix.SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-// Setgid sets the gid of the calling thread to the specified gid.
-func Setgid(gid int) (err error) {
-	_, _, e1 := unix.RawSyscall(unix.SYS_SETGID, uintptr(gid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/sysconfig.go b/vendor/github.com/opencontainers/runc/libcontainer/system/sysconfig.go
deleted file mode 100644
index b8434f10500b3..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/sysconfig.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// +build cgo,linux
-
-package system
-
-/*
-#include <unistd.h>
-*/
-import "C"
-
-func GetClockTicks() int {
-	return int(C.sysconf(C._SC_CLK_TCK))
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/sysconfig_notcgo.go b/vendor/github.com/opencontainers/runc/libcontainer/system/sysconfig_notcgo.go
deleted file mode 100644
index d93b5d5fdf2c8..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/sysconfig_notcgo.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// +build !cgo windows
-
-package system
-
-func GetClockTicks() int {
-	// TODO figure out a better alternative for platforms where we're missing cgo
-	//
-	// TODO Windows. This could be implemented using Win32 QueryPerformanceFrequency().
-	// https://msdn.microsoft.com/en-us/library/windows/desktop/ms644905(v=vs.85).aspx
-	//
-	// An example of its usage can be found here.
-	// https://msdn.microsoft.com/en-us/library/windows/desktop/dn553408(v=vs.85).aspx
-
-	return 100
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/unsupported.go b/vendor/github.com/opencontainers/runc/libcontainer/system/unsupported.go
deleted file mode 100644
index b94be74a6648b..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/unsupported.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// +build !linux
-
-package system
-
-import (
-	"os"
-
-	"github.com/opencontainers/runc/libcontainer/user"
-)
-
-// RunningInUserNS is a stub for non-Linux systems
-// Always returns false
-func RunningInUserNS() bool {
-	return false
-}
-
-// UIDMapInUserNS is a stub for non-Linux systems
-// Always returns false
-func UIDMapInUserNS(uidmap []user.IDMap) bool {
-	return false
-}
-
-// GetParentNSeuid returns the euid within the parent user namespace
-// Always returns os.Geteuid on non-linux
-func GetParentNSeuid() int {
-	return os.Geteuid()
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/xattrs_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/system/xattrs_linux.go
deleted file mode 100644
index a6823fc99b2c8..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/xattrs_linux.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package system
-
-import "golang.org/x/sys/unix"
-
-// Returns a []byte slice if the xattr is set and nil otherwise
-// Requires path and its attribute as arguments
-func Lgetxattr(path string, attr string) ([]byte, error) {
-	var sz int
-	// Start with a 128 length byte array
-	dest := make([]byte, 128)
-	sz, errno := unix.Lgetxattr(path, attr, dest)
-
-	switch {
-	case errno == unix.ENODATA:
-		return nil, errno
-	case errno == unix.ENOTSUP:
-		return nil, errno
-	case errno == unix.ERANGE:
-		// 128 byte array might just not be good enough,
-		// A dummy buffer is used to get the real size
-		// of the xattrs on disk
-		sz, errno = unix.Lgetxattr(path, attr, []byte{})
-		if errno != nil {
-			return nil, errno
-		}
-		dest = make([]byte, sz)
-		sz, errno = unix.Lgetxattr(path, attr, dest)
-		if errno != nil {
-			return nil, errno
-		}
-	case errno != nil:
-		return nil, errno
-	}
-	return dest[:sz], nil
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup.go b/vendor/github.com/opencontainers/runc/libcontainer/user/lookup.go
deleted file mode 100644
index 6fd8dd0d44aa5..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package user
-
-import (
-	"errors"
-)
-
-var (
-	// The current operating system does not provide the required data for user lookups.
-	ErrUnsupported = errors.New("user lookup: operating system does not provide passwd-formatted data")
-	// No matching entries found in file.
-	ErrNoPasswdEntries = errors.New("no matching entries in passwd file")
-	ErrNoGroupEntries  = errors.New("no matching entries in group file")
-)
-
-// LookupUser looks up a user by their username in /etc/passwd. If the user
-// cannot be found (or there is no /etc/passwd file on the filesystem), then
-// LookupUser returns an error.
-func LookupUser(username string) (User, error) {
-	return lookupUser(username)
-}
-
-// LookupUid looks up a user by their user id in /etc/passwd. If the user cannot
-// be found (or there is no /etc/passwd file on the filesystem), then LookupId
-// returns an error.
-func LookupUid(uid int) (User, error) {
-	return lookupUid(uid)
-}
-
-// LookupGroup looks up a group by its name in /etc/group. If the group cannot
-// be found (or there is no /etc/group file on the filesystem), then LookupGroup
-// returns an error.
-func LookupGroup(groupname string) (Group, error) {
-	return lookupGroup(groupname)
-}
-
-// LookupGid looks up a group by its group id in /etc/group. If the group cannot
-// be found (or there is no /etc/group file on the filesystem), then LookupGid
-// returns an error.
-func LookupGid(gid int) (Group, error) {
-	return lookupGid(gid)
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go b/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go
index c1e634c949db8..967717a1b1c5a 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go
@@ -5,6 +5,7 @@ package user
 import (
 	"io"
 	"os"
+	"strconv"
 
 	"golang.org/x/sys/unix"
 )
@@ -15,13 +16,19 @@ const (
 	unixGroupPath  = "/etc/group"
 )
 
-func lookupUser(username string) (User, error) {
+// LookupUser looks up a user by their username in /etc/passwd. If the user
+// cannot be found (or there is no /etc/passwd file on the filesystem), then
+// LookupUser returns an error.
+func LookupUser(username string) (User, error) {
 	return lookupUserFunc(func(u User) bool {
 		return u.Name == username
 	})
 }
 
-func lookupUid(uid int) (User, error) {
+// LookupUid looks up a user by their user id in /etc/passwd. If the user cannot
+// be found (or there is no /etc/passwd file on the filesystem), then LookupId
+// returns an error.
+func LookupUid(uid int) (User, error) {
 	return lookupUserFunc(func(u User) bool {
 		return u.Uid == uid
 	})
@@ -50,13 +57,19 @@ func lookupUserFunc(filter func(u User) bool) (User, error) {
 	return users[0], nil
 }
 
-func lookupGroup(groupname string) (Group, error) {
+// LookupGroup looks up a group by its name in /etc/group. If the group cannot
+// be found (or there is no /etc/group file on the filesystem), then LookupGroup
+// returns an error.
+func LookupGroup(groupname string) (Group, error) {
 	return lookupGroupFunc(func(g Group) bool {
 		return g.Name == groupname
 	})
 }
 
-func lookupGid(gid int) (Group, error) {
+// LookupGid looks up a group by its group id in /etc/group. If the group cannot
+// be found (or there is no /etc/group file on the filesystem), then LookupGid
+// returns an error.
+func LookupGid(gid int) (Group, error) {
 	return lookupGroupFunc(func(g Group) bool {
 		return g.Gid == gid
 	})
@@ -115,22 +128,23 @@ func CurrentGroup() (Group, error) {
 	return LookupGid(unix.Getgid())
 }
 
-func CurrentUserSubUIDs() ([]SubID, error) {
+func currentUserSubIDs(fileName string) ([]SubID, error) {
 	u, err := CurrentUser()
 	if err != nil {
 		return nil, err
 	}
-	return ParseSubIDFileFilter("/etc/subuid",
-		func(entry SubID) bool { return entry.Name == u.Name })
+	filter := func(entry SubID) bool {
+		return entry.Name == u.Name || entry.Name == strconv.Itoa(u.Uid)
+	}
+	return ParseSubIDFileFilter(fileName, filter)
 }
 
-func CurrentGroupSubGIDs() ([]SubID, error) {
-	g, err := CurrentGroup()
-	if err != nil {
-		return nil, err
-	}
-	return ParseSubIDFileFilter("/etc/subgid",
-		func(entry SubID) bool { return entry.Name == g.Name })
+func CurrentUserSubUIDs() ([]SubID, error) {
+	return currentUserSubIDs("/etc/subuid")
+}
+
+func CurrentUserSubGIDs() ([]SubID, error) {
+	return currentUserSubIDs("/etc/subgid")
 }
 
 func CurrentProcessUIDMap() ([]IDMap, error) {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_windows.go b/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_windows.go
deleted file mode 100644
index 65cd40e9287b9..0000000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_windows.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// +build windows
-
-package user
-
-import (
-	"fmt"
-	"os/user"
-)
-
-func lookupUser(username string) (User, error) {
-	u, err := user.Lookup(username)
-	if err != nil {
-		return User{}, err
-	}
-	return userFromOS(u)
-}
-
-func lookupUid(uid int) (User, error) {
-	u, err := user.LookupId(fmt.Sprintf("%d", uid))
-	if err != nil {
-		return User{}, err
-	}
-	return userFromOS(u)
-}
-
-func lookupGroup(groupname string) (Group, error) {
-	g, err := user.LookupGroup(groupname)
-	if err != nil {
-		return Group{}, err
-	}
-	return groupFromOS(g)
-}
-
-func lookupGid(gid int) (Group, error) {
-	g, err := user.LookupGroupId(fmt.Sprintf("%d", gid))
-	if err != nil {
-		return Group{}, err
-	}
-	return groupFromOS(g)
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
index 7b912bbf8b44f..cc7a106be5db9 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
@@ -2,21 +2,27 @@ package user
 
 import (
 	"bufio"
+	"bytes"
+	"errors"
 	"fmt"
 	"io"
 	"os"
-	"os/user"
 	"strconv"
 	"strings"
 )
 
 const (
-	minId = 0
-	maxId = 1<<31 - 1 //for 32-bit systems compatibility
+	minID = 0
+	maxID = 1<<31 - 1 // for 32-bit systems compatibility
 )
 
 var (
-	ErrRange = fmt.Errorf("uids and gids must be in range %d-%d", minId, maxId)
+	// ErrNoPasswdEntries is returned if no matching entries were found in /etc/group.
+	ErrNoPasswdEntries = errors.New("no matching entries in passwd file")
+	// ErrNoGroupEntries is returned if no matching entries were found in /etc/passwd.
+	ErrNoGroupEntries = errors.New("no matching entries in group file")
+	// ErrRange is returned if a UID or GID is outside of the valid range.
+	ErrRange = fmt.Errorf("uids and gids must be in range %d-%d", minID, maxID)
 )
 
 type User struct {
@@ -29,28 +35,6 @@ type User struct {
 	Shell string
 }
 
-// userFromOS converts an os/user.(*User) to local User
-//
-// (This does not include Pass, Shell or Gecos)
-func userFromOS(u *user.User) (User, error) {
-	newUser := User{
-		Name: u.Username,
-		Home: u.HomeDir,
-	}
-	id, err := strconv.Atoi(u.Uid)
-	if err != nil {
-		return newUser, err
-	}
-	newUser.Uid = id
-
-	id, err = strconv.Atoi(u.Gid)
-	if err != nil {
-		return newUser, err
-	}
-	newUser.Gid = id
-	return newUser, nil
-}
-
 type Group struct {
 	Name string
 	Pass string
@@ -58,23 +42,6 @@ type Group struct {
 	List []string
 }
 
-// groupFromOS converts an os/user.(*Group) to local Group
-//
-// (This does not include Pass, Shell or Gecos)
-func groupFromOS(g *user.Group) (Group, error) {
-	newGroup := Group{
-		Name: g.Name,
-	}
-
-	id, err := strconv.Atoi(g.Gid)
-	if err != nil {
-		return newGroup, err
-	}
-	newGroup.Gid = id
-
-	return newGroup, nil
-}
-
 // SubID represents an entry in /etc/sub{u,g}id
 type SubID struct {
 	Name  string
@@ -89,11 +56,11 @@ type IDMap struct {
 	Count    int64
 }
 
-func parseLine(line string, v ...interface{}) {
-	parseParts(strings.Split(line, ":"), v...)
+func parseLine(line []byte, v ...interface{}) {
+	parseParts(bytes.Split(line, []byte(":")), v...)
 }
 
-func parseParts(parts []string, v ...interface{}) {
+func parseParts(parts [][]byte, v ...interface{}) {
 	if len(parts) == 0 {
 		return
 	}
@@ -109,16 +76,16 @@ func parseParts(parts []string, v ...interface{}) {
 		// This is legit.
 		switch e := v[i].(type) {
 		case *string:
-			*e = p
+			*e = string(p)
 		case *int:
 			// "numbers", with conversion errors ignored because of some misbehaving configuration files.
-			*e, _ = strconv.Atoi(p)
+			*e, _ = strconv.Atoi(string(p))
 		case *int64:
-			*e, _ = strconv.ParseInt(p, 10, 64)
+			*e, _ = strconv.ParseInt(string(p), 10, 64)
 		case *[]string:
 			// Comma-separated lists.
-			if p != "" {
-				*e = strings.Split(p, ",")
+			if len(p) != 0 {
+				*e = strings.Split(string(p), ",")
 			} else {
 				*e = []string{}
 			}
@@ -162,12 +129,8 @@ func ParsePasswdFilter(r io.Reader, filter func(User) bool) ([]User, error) {
 	)
 
 	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
-
-		line := strings.TrimSpace(s.Text())
-		if line == "" {
+		line := bytes.TrimSpace(s.Bytes())
+		if len(line) == 0 {
 			continue
 		}
 
@@ -183,6 +146,9 @@ func ParsePasswdFilter(r io.Reader, filter func(User) bool) ([]User, error) {
 			out = append(out, p)
 		}
 	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
 
 	return out, nil
 }
@@ -214,19 +180,53 @@ func ParseGroupFilter(r io.Reader, filter func(Group) bool) ([]Group, error) {
 	if r == nil {
 		return nil, fmt.Errorf("nil source for group-formatted data")
 	}
+	rd := bufio.NewReader(r)
+	out := []Group{}
 
-	var (
-		s   = bufio.NewScanner(r)
-		out = []Group{}
-	)
+	// Read the file line-by-line.
+	for {
+		var (
+			isPrefix  bool
+			wholeLine []byte
+			err       error
+		)
 
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
+		// Read the next line. We do so in chunks (as much as reader's
+		// buffer is able to keep), check if we read enough columns
+		// already on each step and store final result in wholeLine.
+		for {
+			var line []byte
+			line, isPrefix, err = rd.ReadLine()
+
+			if err != nil {
+				// We should return no error if EOF is reached
+				// without a match.
+				if err == io.EOF { //nolint:errorlint // comparison with io.EOF is legit, https://github.com/polyfloyd/go-errorlint/pull/12
+					err = nil
+				}
+				return out, err
+			}
+
+			// Simple common case: line is short enough to fit in a
+			// single reader's buffer.
+			if !isPrefix && len(wholeLine) == 0 {
+				wholeLine = line
+				break
+			}
+
+			wholeLine = append(wholeLine, line...)
+
+			// Check if we read the whole line already.
+			if !isPrefix {
+				break
+			}
 		}
 
-		text := s.Text()
-		if text == "" {
+		// There's no spec for /etc/passwd or /etc/group, but we try to follow
+		// the same rules as the glibc parser, which allows comments and blank
+		// space at the beginning of a line.
+		wholeLine = bytes.TrimSpace(wholeLine)
+		if len(wholeLine) == 0 || wholeLine[0] == '#' {
 			continue
 		}
 
@@ -236,14 +236,12 @@ func ParseGroupFilter(r io.Reader, filter func(Group) bool) ([]Group, error) {
 		//  root:x:0:root
 		//  adm:x:4:root,adm,daemon
 		p := Group{}
-		parseLine(text, &p.Name, &p.Pass, &p.Gid, &p.List)
+		parseLine(wholeLine, &p.Name, &p.Pass, &p.Gid, &p.List)
 
 		if filter == nil || filter(p) {
 			out = append(out, p)
 		}
 	}
-
-	return out, nil
 }
 
 type ExecUser struct {
@@ -314,7 +312,7 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (
 
 	// Allow for userArg to have either "user" syntax, or optionally "user:group" syntax
 	var userArg, groupArg string
-	parseLine(userSpec, &userArg, &groupArg)
+	parseLine([]byte(userSpec), &userArg, &groupArg)
 
 	// Convert userArg and groupArg to be numeric, so we don't have to execute
 	// Atoi *twice* for each iteration over lines.
@@ -362,7 +360,7 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (
 		user.Uid = uidArg
 
 		// Must be inside valid uid range.
-		if user.Uid < minId || user.Uid > maxId {
+		if user.Uid < minID || user.Uid > maxID {
 			return nil, ErrRange
 		}
 
@@ -411,7 +409,7 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (
 				user.Gid = gidArg
 
 				// Must be inside valid gid range.
-				if user.Gid < minId || user.Gid > maxId {
+				if user.Gid < minID || user.Gid > maxID {
 					return nil, ErrRange
 				}
 
@@ -435,7 +433,7 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (
 // or the given group data is nil, the id will be returned as-is
 // provided it is in the legal range.
 func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, error) {
-	var groups = []Group{}
+	groups := []Group{}
 	if group != nil {
 		var err error
 		groups, err = ParseGroupFilter(group, func(g Group) bool {
@@ -468,15 +466,15 @@ func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, err
 		// we asked for a group but didn't find it. let's check to see
 		// if we wanted a numeric group
 		if !found {
-			gid, err := strconv.Atoi(ag)
+			gid, err := strconv.ParseInt(ag, 10, 64)
 			if err != nil {
 				return nil, fmt.Errorf("Unable to find group %s", ag)
 			}
 			// Ensure gid is inside gid range.
-			if gid < minId || gid > maxId {
+			if gid < minID || gid > maxID {
 				return nil, ErrRange
 			}
-			gidMap[gid] = struct{}{}
+			gidMap[int(gid)] = struct{}{}
 		}
 	}
 	gids := []int{}
@@ -532,12 +530,8 @@ func ParseSubIDFilter(r io.Reader, filter func(SubID) bool) ([]SubID, error) {
 	)
 
 	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
-
-		line := strings.TrimSpace(s.Text())
-		if line == "" {
+		line := bytes.TrimSpace(s.Bytes())
+		if len(line) == 0 {
 			continue
 		}
 
@@ -549,6 +543,9 @@ func ParseSubIDFilter(r io.Reader, filter func(SubID) bool) ([]SubID, error) {
 			out = append(out, p)
 		}
 	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
 
 	return out, nil
 }
@@ -586,23 +583,22 @@ func ParseIDMapFilter(r io.Reader, filter func(IDMap) bool) ([]IDMap, error) {
 	)
 
 	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
-
-		line := strings.TrimSpace(s.Text())
-		if line == "" {
+		line := bytes.TrimSpace(s.Bytes())
+		if len(line) == 0 {
 			continue
 		}
 
 		// see: man 7 user_namespaces
 		p := IDMap{}
-		parseParts(strings.Fields(line), &p.ID, &p.ParentID, &p.Count)
+		parseParts(bytes.Fields(line), &p.ID, &p.ParentID, &p.Count)
 
 		if filter == nil || filter(p) {
 			out = append(out, p)
 		}
 	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
 
 	return out, nil
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user_fuzzer.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user_fuzzer.go
new file mode 100644
index 0000000000000..8c9bb5df39c2a
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user_fuzzer.go
@@ -0,0 +1,42 @@
+// +build gofuzz
+
+package user
+
+import (
+	"io"
+	"strings"
+)
+
+func IsDivisbleBy(n int, divisibleby int) bool {
+	return (n % divisibleby) == 0
+}
+
+func FuzzUser(data []byte) int {
+	if len(data) == 0 {
+		return -1
+	}
+	if !IsDivisbleBy(len(data), 5) {
+		return -1
+	}
+
+	var divided [][]byte
+
+	chunkSize := len(data) / 5
+
+	for i := 0; i < len(data); i += chunkSize {
+		end := i + chunkSize
+
+		divided = append(divided, data[i:end])
+	}
+
+	_, _ = ParsePasswdFilter(strings.NewReader(string(divided[0])), nil)
+
+	var passwd, group io.Reader
+
+	group = strings.NewReader(string(divided[1]))
+	_, _ = GetAdditionalGroups([]string{string(divided[2])}, group)
+
+	passwd = strings.NewReader(string(divided[3]))
+	_, _ = GetExecUser(string(divided[4]), nil, passwd, group)
+	return 1
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/userns/userns.go b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns.go
new file mode 100644
index 0000000000000..f6cb98e5e492f
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns.go
@@ -0,0 +1,5 @@
+package userns
+
+// RunningInUserNS detects whether we are currently running in a user namespace.
+// Originally copied from github.com/lxc/lxd/shared/util.go
+var RunningInUserNS = runningInUserNS
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_fuzzer.go b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_fuzzer.go
new file mode 100644
index 0000000000000..529f8eaea2f51
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_fuzzer.go
@@ -0,0 +1,15 @@
+// +build gofuzz
+
+package userns
+
+import (
+	"strings"
+
+	"github.com/opencontainers/runc/libcontainer/user"
+)
+
+func FuzzUIDMap(data []byte) int {
+	uidmap, _ := user.ParseIDMap(strings.NewReader(string(data)))
+	_ = uidMapInUserNS(uidmap)
+	return 1
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_linux.go
new file mode 100644
index 0000000000000..724e6df0120e3
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_linux.go
@@ -0,0 +1,37 @@
+package userns
+
+import (
+	"sync"
+
+	"github.com/opencontainers/runc/libcontainer/user"
+)
+
+var (
+	inUserNS bool
+	nsOnce   sync.Once
+)
+
+// runningInUserNS detects whether we are currently running in a user namespace.
+// Originally copied from github.com/lxc/lxd/shared/util.go
+func runningInUserNS() bool {
+	nsOnce.Do(func() {
+		uidmap, err := user.CurrentProcessUIDMap()
+		if err != nil {
+			// This kernel-provided file only exists if user namespaces are supported
+			return
+		}
+		inUserNS = uidMapInUserNS(uidmap)
+	})
+	return inUserNS
+}
+
+func uidMapInUserNS(uidmap []user.IDMap) bool {
+	/*
+	 * We assume we are in the initial user namespace if we have a full
+	 * range - 4294967295 uids starting at uid 0.
+	 */
+	if len(uidmap) == 1 && uidmap[0].ID == 0 && uidmap[0].ParentID == 0 && uidmap[0].Count == 4294967295 {
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_unsupported.go b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_unsupported.go
new file mode 100644
index 0000000000000..f45bb0c31560a
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_unsupported.go
@@ -0,0 +1,17 @@
+// +build !linux
+
+package userns
+
+import "github.com/opencontainers/runc/libcontainer/user"
+
+// runningInUserNS is a stub for non-Linux systems
+// Always returns false
+func runningInUserNS() bool {
+	return false
+}
+
+// uidMapInUserNS is a stub for non-Linux systems
+// Always returns false
+func uidMapInUserNS(uidmap []user.IDMap) bool {
+	return false
+}
diff --git a/vendor/github.com/opencontainers/runc/vendor.conf b/vendor/github.com/opencontainers/runc/vendor.conf
deleted file mode 100644
index e2b519e67382a..0000000000000
--- a/vendor/github.com/opencontainers/runc/vendor.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# OCI runtime-spec. When updating this, make sure you use a version tag rather
-# than a commit ID so it's much more obvious what version of the spec we are
-# using.
-github.com/opencontainers/runtime-spec v1.0.0
-# Core libcontainer functionality.
-github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
-github.com/opencontainers/selinux v1.0.0-rc1
-github.com/seccomp/libseccomp-golang 84e90a91acea0f4e51e62bc1a75de18b1fc0790f
-github.com/sirupsen/logrus a3f95b5c423586578a4e099b11a46c2479628cac
-github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
-github.com/vishvananda/netlink 1e2e08e8a2dcdacaae3f14ac44c5cfa31361f270
-# systemd integration.
-github.com/coreos/go-systemd v14
-github.com/coreos/pkg v3
-github.com/godbus/dbus v3
-github.com/golang/protobuf 18c9bb3261723cd5401db4d0c9fbc5c3b6c70fe8
-# Command-line interface.
-github.com/cyphar/filepath-securejoin v0.2.1
-github.com/docker/go-units v0.2.0
-github.com/urfave/cli d53eb991652b1d438abdd34ce4bfa3ef1539108e
-golang.org/x/sys 7ddbeae9ae08c6a06a59597f0c9edbc5ff2444ce https://github.com/golang/sys
-
-# console dependencies
-github.com/containerd/console 2748ece16665b45a47f884001d5831ec79703880
-github.com/pkg/errors v0.8.0
diff --git a/vendor/github.com/opencontainers/runtime-spec/README.md b/vendor/github.com/opencontainers/runtime-spec/README.md
index b40dba17d815c..3ec6f39b36798 100644
--- a/vendor/github.com/opencontainers/runtime-spec/README.md
+++ b/vendor/github.com/opencontainers/runtime-spec/README.md
@@ -12,7 +12,6 @@ Additional documentation about how this group operates:
 - [Style and Conventions](style.md)
 - [Implementations](implementations.md)
 - [Releases](RELEASES.md)
-- [project](project.md)
 - [charter][charter]
 
 ## Use Cases
@@ -54,11 +53,9 @@ When in doubt, start on the [mailing-list](#mailing-list).
 
 ### Meetings
 
-The contributors and maintainers of all OCI projects have monthly meetings, which are usually at 2:00 PM (USA Pacific) on the first Wednesday of every month.
-There is an [iCalendar][rfc5545] format for the meetings [here](meeting.ics).
-Everyone is welcome to participate via [UberConference web][uberconference] or audio-only: +1 415 968 0849 (no PIN needed).
-An initial agenda will be posted to the [mailing list](#mailing-list) in the week before each meeting, and everyone is welcome to propose additional topics or suggest other agenda alterations there.
-Minutes are posted to the [mailing list](#mailing-list) and minutes from past calls are archived [here][minutes], with minutes from especially old meetings (September 2015 and earlier) archived [here][runtime-wiki].
+Please see the [OCI org repository README](https://github.com/opencontainers/org#meetings) for the most up-to-date
+information on OCI contributor and maintainer meeting schedules. You can also find links to meeting agendas and
+minutes for all prior meetings.
 
 ### Mailing List
 
@@ -138,8 +135,8 @@ Read more on [How to Write a Git Commit Message][how-to-git-commit] or the Discu
 8. When possible, one keyword to scope the change in the subject (i.e. "README: ...", "runtime: ...")
 
 
-[charter]: https://www.opencontainers.org/about/governance
-[code-of-conduct]: https://github.com/opencontainers/tob/blob/master/code-of-conduct.md
+[charter]: https://github.com/opencontainers/tob/blob/master/CHARTER.md
+[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md
 [dev-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev
 [how-to-git-commit]: http://chris.beams.io/posts/git-commit
 [irc-logs]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
index f32698cab22e9..6a7a91e55969f 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
@@ -38,7 +38,9 @@ type Process struct {
 	// User specifies user information for the process.
 	User User `json:"user"`
 	// Args specifies the binary and arguments for the application to execute.
-	Args []string `json:"args"`
+	Args []string `json:"args,omitempty"`
+	// CommandLine specifies the full command line for the application to execute on Windows.
+	CommandLine string `json:"commandLine,omitempty" platform:"windows"`
 	// Env populates the process environment for the process.
 	Env []string `json:"env,omitempty"`
 	// Cwd is the current working directory for the process and must be
@@ -58,7 +60,7 @@ type Process struct {
 	SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
 }
 
-// LinuxCapabilities specifies the whitelist of capabilities that are kept for a process.
+// LinuxCapabilities specifies the list of allowed capabilities that are kept for a process.
 // http://man7.org/linux/man-pages/man7/capabilities.7.html
 type LinuxCapabilities struct {
 	// Bounding is the set of capabilities checked by the kernel.
@@ -87,6 +89,8 @@ type User struct {
 	UID uint32 `json:"uid" platform:"linux,solaris"`
 	// GID is the group id.
 	GID uint32 `json:"gid" platform:"linux,solaris"`
+	// Umask is the umask for the init process.
+	Umask *uint32 `json:"umask,omitempty" platform:"linux,solaris"`
 	// AdditionalGids are additional group ids set for the container's process.
 	AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"`
 	// Username is the user name.
@@ -121,13 +125,26 @@ type Hook struct {
 	Timeout *int     `json:"timeout,omitempty"`
 }
 
+// Hooks specifies a command that is run in the container at a particular event in the lifecycle of a container
 // Hooks for container setup and teardown
 type Hooks struct {
-	// Prestart is a list of hooks to be run before the container process is executed.
+	// Prestart is Deprecated. Prestart is a list of hooks to be run before the container process is executed.
+	// It is called in the Runtime Namespace
 	Prestart []Hook `json:"prestart,omitempty"`
+	// CreateRuntime is a list of hooks to be run after the container has been created but before pivot_root or any equivalent operation has been called
+	// It is called in the Runtime Namespace
+	CreateRuntime []Hook `json:"createRuntime,omitempty"`
+	// CreateContainer is a list of hooks to be run after the container has been created but before pivot_root or any equivalent operation has been called
+	// It is called in the Container Namespace
+	CreateContainer []Hook `json:"createContainer,omitempty"`
+	// StartContainer is a list of hooks to be run after the start operation is called but before the container process is started
+	// It is called in the Container Namespace
+	StartContainer []Hook `json:"startContainer,omitempty"`
 	// Poststart is a list of hooks to be run after the container process is started.
+	// It is called in the Runtime Namespace
 	Poststart []Hook `json:"poststart,omitempty"`
 	// Poststop is a list of hooks to be run after the container process exits.
+	// It is called in the Runtime Namespace
 	Poststop []Hook `json:"poststop,omitempty"`
 }
 
@@ -160,9 +177,11 @@ type Linux struct {
 	ReadonlyPaths []string `json:"readonlyPaths,omitempty"`
 	// MountLabel specifies the selinux context for the mounts in the container.
 	MountLabel string `json:"mountLabel,omitempty"`
-	// IntelRdt contains Intel Resource Director Technology (RDT) information
-	// for handling resource constraints (e.g., L3 cache) for the container
+	// IntelRdt contains Intel Resource Director Technology (RDT) information for
+	// handling resource constraints (e.g., L3 cache, memory bandwidth) for the container
 	IntelRdt *LinuxIntelRdt `json:"intelRdt,omitempty"`
+	// Personality contains configuration for the Linux personality syscall
+	Personality *LinuxPersonality `json:"personality,omitempty"`
 }
 
 // LinuxNamespace is the configuration for a Linux namespace
@@ -181,17 +200,17 @@ const (
 	// PIDNamespace for isolating process IDs
 	PIDNamespace LinuxNamespaceType = "pid"
 	// NetworkNamespace for isolating network devices, stacks, ports, etc
-	NetworkNamespace = "network"
+	NetworkNamespace LinuxNamespaceType = "network"
 	// MountNamespace for isolating mount points
-	MountNamespace = "mount"
+	MountNamespace LinuxNamespaceType = "mount"
 	// IPCNamespace for isolating System V IPC, POSIX message queues
-	IPCNamespace = "ipc"
+	IPCNamespace LinuxNamespaceType = "ipc"
 	// UTSNamespace for isolating hostname and NIS domain name
-	UTSNamespace = "uts"
+	UTSNamespace LinuxNamespaceType = "uts"
 	// UserNamespace for isolating user and group IDs
-	UserNamespace = "user"
+	UserNamespace LinuxNamespaceType = "user"
 	// CgroupNamespace for isolating cgroup hierarchies
-	CgroupNamespace = "cgroup"
+	CgroupNamespace LinuxNamespaceType = "cgroup"
 )
 
 // LinuxIDMapping specifies UID/GID mappings
@@ -217,6 +236,7 @@ type POSIXRlimit struct {
 // LinuxHugepageLimit structure corresponds to limiting kernel hugepages
 type LinuxHugepageLimit struct {
 	// Pagesize is the hugepage size
+	// Format: "<size><unit-prefix>B' (e.g. 64KB, 2MB, 1GB, etc.)
 	Pagesize string `json:"pageSize"`
 	// Limit is the limit of "hugepagesize" hugetlb usage
 	Limit uint64 `json:"limit"`
@@ -288,6 +308,8 @@ type LinuxMemory struct {
 	Swappiness *uint64 `json:"swappiness,omitempty"`
 	// DisableOOMKiller disables the OOM killer for out of memory conditions
 	DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"`
+	// Enables hierarchical memory accounting
+	UseHierarchy *bool `json:"useHierarchy,omitempty"`
 }
 
 // LinuxCPU for Linux cgroup 'cpu' resource management
@@ -332,7 +354,7 @@ type LinuxRdma struct {
 
 // LinuxResources has container runtime resource constraints
 type LinuxResources struct {
-	// Devices configures the device whitelist.
+	// Devices configures the device allowlist.
 	Devices []LinuxDeviceCgroup `json:"devices,omitempty"`
 	// Memory restriction configuration
 	Memory *LinuxMemory `json:"memory,omitempty"`
@@ -350,6 +372,8 @@ type LinuxResources struct {
 	// Limits are a set of key value pairs that define RDMA resource limits,
 	// where the key is device name and value is resource limits.
 	Rdma map[string]LinuxRdma `json:"rdma,omitempty"`
+	// Unified resources.
+	Unified map[string]string `json:"unified,omitempty"`
 }
 
 // LinuxDevice represents the mknod information for a Linux special device file
@@ -370,7 +394,8 @@ type LinuxDevice struct {
 	GID *uint32 `json:"gid,omitempty"`
 }
 
-// LinuxDeviceCgroup represents a device rule for the whitelist controller
+// LinuxDeviceCgroup represents a device rule for the devices specified to
+// the device controller
 type LinuxDeviceCgroup struct {
 	// Allow or deny
 	Allow bool `json:"allow"`
@@ -384,6 +409,28 @@ type LinuxDeviceCgroup struct {
 	Access string `json:"access,omitempty"`
 }
 
+// LinuxPersonalityDomain refers to a personality domain.
+type LinuxPersonalityDomain string
+
+// LinuxPersonalityFlag refers to an additional personality flag. None are currently defined.
+type LinuxPersonalityFlag string
+
+// Define domain and flags for Personality
+const (
+	// PerLinux is the standard Linux personality
+	PerLinux LinuxPersonalityDomain = "LINUX"
+	// PerLinux32 sets personality to 32 bit
+	PerLinux32 LinuxPersonalityDomain = "LINUX32"
+)
+
+// LinuxPersonality represents the Linux personality syscall input
+type LinuxPersonality struct {
+	// Domain for the personality
+	Domain LinuxPersonalityDomain `json:"domain"`
+	// Additional flags
+	Flags []LinuxPersonalityFlag `json:"flags,omitempty"`
+}
+
 // Solaris contains platform-specific configuration for Solaris application containers.
 type Solaris struct {
 	// SMF FMRI which should go "online" before we start the container process.
@@ -528,7 +575,7 @@ type VMHypervisor struct {
 	// Path is the host path to the hypervisor used to manage the virtual machine.
 	Path string `json:"path"`
 	// Parameters specifies parameters to pass to the hypervisor.
-	Parameters string `json:"parameters,omitempty"`
+	Parameters []string `json:"parameters,omitempty"`
 }
 
 // VMKernel contains information about the kernel to use for a virtual machine.
@@ -536,7 +583,7 @@ type VMKernel struct {
 	// Path is the host path to the kernel used to boot the virtual machine.
 	Path string `json:"path"`
 	// Parameters specifies parameters to pass to the kernel.
-	Parameters string `json:"parameters,omitempty"`
+	Parameters []string `json:"parameters,omitempty"`
 	// InitRD is the host path to an initial ramdisk to be used by the kernel.
 	InitRD string `json:"initrd,omitempty"`
 }
@@ -551,14 +598,21 @@ type VMImage struct {
 
 // LinuxSeccomp represents syscall restrictions
 type LinuxSeccomp struct {
-	DefaultAction LinuxSeccompAction `json:"defaultAction"`
-	Architectures []Arch             `json:"architectures,omitempty"`
-	Syscalls      []LinuxSyscall     `json:"syscalls,omitempty"`
+	DefaultAction    LinuxSeccompAction `json:"defaultAction"`
+	DefaultErrnoRet  *uint              `json:"defaultErrnoRet,omitempty"`
+	Architectures    []Arch             `json:"architectures,omitempty"`
+	Flags            []LinuxSeccompFlag `json:"flags,omitempty"`
+	ListenerPath     string             `json:"listenerPath,omitempty"`
+	ListenerMetadata string             `json:"listenerMetadata,omitempty"`
+	Syscalls         []LinuxSyscall     `json:"syscalls,omitempty"`
 }
 
 // Arch used for additional architectures
 type Arch string
 
+// LinuxSeccompFlag is a flag to pass to seccomp(2).
+type LinuxSeccompFlag string
+
 // Additional architectures permitted to be used for system calls
 // By default only the native architecture of the kernel is permitted
 const (
@@ -580,6 +634,7 @@ const (
 	ArchS390X       Arch = "SCMP_ARCH_S390X"
 	ArchPARISC      Arch = "SCMP_ARCH_PARISC"
 	ArchPARISC64    Arch = "SCMP_ARCH_PARISC64"
+	ArchRISCV64     Arch = "SCMP_ARCH_RISCV64"
 )
 
 // LinuxSeccompAction taken upon Seccomp rule match
@@ -587,11 +642,15 @@ type LinuxSeccompAction string
 
 // Define actions for Seccomp rules
 const (
-	ActKill  LinuxSeccompAction = "SCMP_ACT_KILL"
-	ActTrap  LinuxSeccompAction = "SCMP_ACT_TRAP"
-	ActErrno LinuxSeccompAction = "SCMP_ACT_ERRNO"
-	ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE"
-	ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW"
+	ActKill        LinuxSeccompAction = "SCMP_ACT_KILL"
+	ActKillProcess LinuxSeccompAction = "SCMP_ACT_KILL_PROCESS"
+	ActKillThread  LinuxSeccompAction = "SCMP_ACT_KILL_THREAD"
+	ActTrap        LinuxSeccompAction = "SCMP_ACT_TRAP"
+	ActErrno       LinuxSeccompAction = "SCMP_ACT_ERRNO"
+	ActTrace       LinuxSeccompAction = "SCMP_ACT_TRACE"
+	ActAllow       LinuxSeccompAction = "SCMP_ACT_ALLOW"
+	ActLog         LinuxSeccompAction = "SCMP_ACT_LOG"
+	ActNotify      LinuxSeccompAction = "SCMP_ACT_NOTIFY"
 )
 
 // LinuxSeccompOperator used to match syscall arguments in Seccomp
@@ -618,15 +677,24 @@ type LinuxSeccompArg struct {
 
 // LinuxSyscall is used to match a syscall in Seccomp
 type LinuxSyscall struct {
-	Names  []string           `json:"names"`
-	Action LinuxSeccompAction `json:"action"`
-	Args   []LinuxSeccompArg  `json:"args,omitempty"`
+	Names    []string           `json:"names"`
+	Action   LinuxSeccompAction `json:"action"`
+	ErrnoRet *uint              `json:"errnoRet,omitempty"`
+	Args     []LinuxSeccompArg  `json:"args,omitempty"`
 }
 
-// LinuxIntelRdt has container runtime resource constraints
-// for Intel RDT/CAT which introduced in Linux 4.10 kernel
+// LinuxIntelRdt has container runtime resource constraints for Intel RDT
+// CAT and MBA features which introduced in Linux 4.10 and 4.12 kernel
 type LinuxIntelRdt struct {
+	// The identity for RDT Class of Service
+	ClosID string `json:"closID,omitempty"`
 	// The schema for L3 cache id and capacity bitmask (CBM)
 	// Format: "L3:<cache_id0>=<cbm0>;<cache_id1>=<cbm1>;..."
 	L3CacheSchema string `json:"l3CacheSchema,omitempty"`
+
+	// The schema of memory bandwidth per L3 cache id
+	// Format: "MB:<cache_id0>=bandwidth0;<cache_id1>=bandwidth1;..."
+	// The unit of memory bandwidth is specified in "percentages" by
+	// default, and in "MBps" if MBA Software Controller is enabled.
+	MemBwSchema string `json:"memBwSchema,omitempty"`
 }
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
index 89dce34be2069..7c010d4fe7981 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
@@ -1,5 +1,23 @@
 package specs
 
+// ContainerState represents the state of a container.
+type ContainerState string
+
+const (
+	// StateCreating indicates that the container is being created
+	StateCreating ContainerState = "creating"
+
+	// StateCreated indicates that the runtime has finished the create operation
+	StateCreated ContainerState = "created"
+
+	// StateRunning indicates that the container process has executed the
+	// user-specified program but has not exited
+	StateRunning ContainerState = "running"
+
+	// StateStopped indicates that the container process has exited
+	StateStopped ContainerState = "stopped"
+)
+
 // State holds information about the runtime state of the container.
 type State struct {
 	// Version is the version of the specification that is supported.
@@ -7,7 +25,7 @@ type State struct {
 	// ID is the container ID
 	ID string `json:"id"`
 	// Status is the runtime status of the container.
-	Status string `json:"status"`
+	Status ContainerState `json:"status"`
 	// Pid is the process ID for the container process.
 	Pid int `json:"pid,omitempty"`
 	// Bundle is the path to the container's bundle directory.
@@ -15,3 +33,24 @@ type State struct {
 	// Annotations are key values associated with the container.
 	Annotations map[string]string `json:"annotations,omitempty"`
 }
+
+const (
+	// SeccompFdName is the name of the seccomp notify file descriptor.
+	SeccompFdName string = "seccompFd"
+)
+
+// ContainerProcessState holds information about the state of a container process.
+type ContainerProcessState struct {
+	// Version is the version of the specification that is supported.
+	Version string `json:"ociVersion"`
+	// Fds is a string array containing the names of the file descriptors passed.
+	// The index of the name in this array corresponds to index of the file
+	// descriptor in the `SCM_RIGHTS` array.
+	Fds []string `json:"fds"`
+	// Pid is the process ID as seen by the runtime.
+	Pid int `json:"pid"`
+	// Opaque metadata.
+	Metadata string `json:"metadata,omitempty"`
+	// State of the container.
+	State State `json:"state"`
+}
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go
index b920fc1b39d74..596af0c2fdb99 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go
@@ -8,7 +8,7 @@ const (
 	// VersionMinor is for functionality in a backwards-compatible manner
 	VersionMinor = 0
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 1
+	VersionPatch = 2
 
 	// VersionDev indicates development branch. Releases will be empty string.
 	VersionDev = "-dev"
diff --git a/vendor/github.com/opencontainers/selinux/README.md b/vendor/github.com/opencontainers/selinux/README.md
index 043a9293718fc..cd6a60f805dd4 100644
--- a/vendor/github.com/opencontainers/selinux/README.md
+++ b/vendor/github.com/opencontainers/selinux/README.md
@@ -4,4 +4,20 @@
 
 Common SELinux package used across the container ecosystem.
 
-Please see the [godoc](https://godoc.org/github.com/opencontainers/selinux) for more information.
+## Usage
+
+Prior to v1.8.0, the `selinux` build tag had to be used to enable selinux functionality for compiling consumers of this project.
+Starting with v1.8.0, the `selinux` build tag is no longer needed.
+
+For complete documentation, see [godoc](https://godoc.org/github.com/opencontainers/selinux).
+
+## Code of Conduct
+
+Participation in the OpenContainers community is governed by [OpenContainer's Code of Conduct][code-of-conduct].
+
+## Security
+
+If you find an issue, please follow the [security][security] protocol to report it.
+
+[security]: https://github.com/opencontainers/org/blob/master/SECURITY.md
+[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
new file mode 100644
index 0000000000000..0ac7d819e6d31
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
@@ -0,0 +1,14 @@
+/*
+Package selinux provides a high-level interface for interacting with selinux.
+
+Usage:
+
+	import "github.com/opencontainers/selinux/go-selinux"
+
+	// Ensure that selinux is enforcing mode.
+	if selinux.EnforceMode() != selinux.Enforcing {
+		selinux.SetEnforceMode(selinux.Enforcing)
+	}
+
+*/
+package selinux
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
index 6cfc5fded8527..fea096c180f61 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
@@ -1,84 +1,97 @@
-// +build !selinux !linux
-
 package label
 
-// InitLabels returns the process label and file labels to be used within
-// the container.  A list of options can be passed into this function to alter
-// the labels.
-func InitLabels(options []string) (string, string, error) {
-	return "", "", nil
-}
+import (
+	"fmt"
 
-func GetROMountLabel() string {
-	return ""
-}
+	"github.com/opencontainers/selinux/go-selinux"
+)
 
-func GenLabels(options string) (string, string, error) {
-	return "", "", nil
-}
+// Deprecated: use selinux.ROFileLabel
+var ROMountLabel = selinux.ROFileLabel
 
-func FormatMountLabel(src string, mountLabel string) string {
-	return src
-}
+// SetProcessLabel takes a process label and tells the kernel to assign the
+// label to the next program executed by the current process.
+// Deprecated: use selinux.SetExecLabel
+var SetProcessLabel = selinux.SetExecLabel
 
-func SetProcessLabel(processLabel string) error {
-	return nil
-}
+// ProcessLabel returns the process label that the kernel will assign
+// to the next program executed by the current process.  If "" is returned
+// this indicates that the default labeling will happen for the process.
+// Deprecated: use selinux.ExecLabel
+var ProcessLabel = selinux.ExecLabel
 
-func GetFileLabel(path string) (string, error) {
-	return "", nil
-}
+// SetSocketLabel takes a process label and tells the kernel to assign the
+// label to the next socket that gets created
+// Deprecated: use selinux.SetSocketLabel
+var SetSocketLabel = selinux.SetSocketLabel
 
-func SetFileLabel(path string, fileLabel string) error {
-	return nil
-}
+// SocketLabel retrieves the current default socket label setting
+// Deprecated: use selinux.SocketLabel
+var SocketLabel = selinux.SocketLabel
 
-func SetFileCreateLabel(fileLabel string) error {
-	return nil
-}
+// SetKeyLabel takes a process label and tells the kernel to assign the
+// label to the next kernel keyring that gets created
+// Deprecated: use selinux.SetKeyLabel
+var SetKeyLabel = selinux.SetKeyLabel
 
-func Relabel(path string, fileLabel string, shared bool) error {
-	return nil
-}
+// KeyLabel retrieves the current default kernel keyring label setting
+// Deprecated: use selinux.KeyLabel
+var KeyLabel = selinux.KeyLabel
 
-func GetPidLabel(pid int) (string, error) {
-	return "", nil
-}
+// FileLabel returns the label for specified path
+// Deprecated: use selinux.FileLabel
+var FileLabel = selinux.FileLabel
+
+// PidLabel will return the label of the process running with the specified pid
+// Deprecated: use selinux.PidLabel
+var PidLabel = selinux.PidLabel
 
+// Init initialises the labeling system
 func Init() {
+	_ = selinux.GetEnabled()
 }
 
+// ClearLabels will clear all reserved labels
+// Deprecated: use selinux.ClearLabels
+var ClearLabels = selinux.ClearLabels
+
+// ReserveLabel will record the fact that the MCS label has already been used.
+// This will prevent InitLabels from using the MCS label in a newly created
+// container
+// Deprecated: use selinux.ReserveLabel
 func ReserveLabel(label string) error {
+	selinux.ReserveLabel(label)
 	return nil
 }
 
+// ReleaseLabel will remove the reservation of the MCS label.
+// This will allow InitLabels to use the MCS label in a newly created
+// containers
+// Deprecated: use selinux.ReleaseLabel
 func ReleaseLabel(label string) error {
+	selinux.ReleaseLabel(label)
 	return nil
 }
 
 // DupSecOpt takes a process label and returns security options that
 // can be used to set duplicate labels on future container processes
-func DupSecOpt(src string) []string {
-	return nil
-}
-
-// DisableSecOpt returns a security opt that can disable labeling
-// support for future container processes
-func DisableSecOpt() []string {
-	return nil
-}
-
-// Validate checks that the label does not include unexpected options
-func Validate(label string) error {
-	return nil
-}
-
-// RelabelNeeded checks whether the user requested a relabel
-func RelabelNeeded(label string) bool {
-	return false
-}
-
-// IsShared checks that the label includes a "shared" mark
-func IsShared(label string) bool {
-	return false
+// Deprecated: use selinux.DupSecOpt
+var DupSecOpt = selinux.DupSecOpt
+
+// FormatMountLabel returns a string to be used by the mount command.
+// The format of this string will be used to alter the labeling of the mountpoint.
+// The string returned is suitable to be used as the options field of the mount command.
+// If you need to have additional mount point options, you can pass them in as
+// the first parameter.  Second parameter is the label that you wish to apply
+// to all content in the mount point.
+func FormatMountLabel(src, mountLabel string) string {
+	if mountLabel != "" {
+		switch src {
+		case "":
+			src = fmt.Sprintf("context=%q", mountLabel)
+		default:
+			src = fmt.Sprintf("%s,context=%q", src, mountLabel)
+		}
+	}
+	return src
 }
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
new file mode 100644
index 0000000000000..12de0ae5d65ed
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
@@ -0,0 +1,196 @@
+package label
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"os/user"
+	"strings"
+
+	"github.com/opencontainers/selinux/go-selinux"
+)
+
+// Valid Label Options
+var validOptions = map[string]bool{
+	"disable":  true,
+	"type":     true,
+	"filetype": true,
+	"user":     true,
+	"role":     true,
+	"level":    true,
+}
+
+var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be used together")
+
+// InitLabels returns the process label and file labels to be used within
+// the container.  A list of options can be passed into this function to alter
+// the labels.  The labels returned will include a random MCS String, that is
+// guaranteed to be unique.
+// If the disabled flag is passed in, the process label will not be set, but the mount label will be set
+// to the container_file label with the maximum category. This label is not usable by any confined label.
+func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
+	if !selinux.GetEnabled() {
+		return "", "", nil
+	}
+	processLabel, mountLabel := selinux.ContainerLabels()
+	if processLabel != "" {
+		defer func() {
+			if retErr != nil {
+				selinux.ReleaseLabel(mountLabel)
+			}
+		}()
+		pcon, err := selinux.NewContext(processLabel)
+		if err != nil {
+			return "", "", err
+		}
+		mcsLevel := pcon["level"]
+		mcon, err := selinux.NewContext(mountLabel)
+		if err != nil {
+			return "", "", err
+		}
+		for _, opt := range options {
+			if opt == "disable" {
+				selinux.ReleaseLabel(mountLabel)
+				return "", selinux.PrivContainerMountLabel(), nil
+			}
+			if i := strings.Index(opt, ":"); i == -1 {
+				return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt)
+			}
+			con := strings.SplitN(opt, ":", 2)
+			if !validOptions[con[0]] {
+				return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0])
+			}
+			if con[0] == "filetype" {
+				mcon["type"] = con[1]
+				continue
+			}
+			pcon[con[0]] = con[1]
+			if con[0] == "level" || con[0] == "user" {
+				mcon[con[0]] = con[1]
+			}
+		}
+		if pcon.Get() != processLabel {
+			if pcon["level"] != mcsLevel {
+				selinux.ReleaseLabel(processLabel)
+			}
+			processLabel = pcon.Get()
+			selinux.ReserveLabel(processLabel)
+		}
+		mountLabel = mcon.Get()
+	}
+	return processLabel, mountLabel, nil
+}
+
+// Deprecated: The GenLabels function is only to be used during the transition
+// to the official API. Use InitLabels(strings.Fields(options)) instead.
+func GenLabels(options string) (string, string, error) {
+	return InitLabels(strings.Fields(options))
+}
+
+// SetFileLabel modifies the "path" label to the specified file label
+func SetFileLabel(path string, fileLabel string) error {
+	if !selinux.GetEnabled() || fileLabel == "" {
+		return nil
+	}
+	return selinux.SetFileLabel(path, fileLabel)
+}
+
+// SetFileCreateLabel tells the kernel the label for all files to be created
+func SetFileCreateLabel(fileLabel string) error {
+	if !selinux.GetEnabled() {
+		return nil
+	}
+	return selinux.SetFSCreateLabel(fileLabel)
+}
+
+// Relabel changes the label of path and all the entries beneath the path.
+// It changes the MCS label to s0 if shared is true.
+// This will allow all containers to share the content.
+//
+// The path itself is guaranteed to be relabeled last.
+func Relabel(path string, fileLabel string, shared bool) error {
+	if !selinux.GetEnabled() || fileLabel == "" {
+		return nil
+	}
+
+	exclude_paths := map[string]bool{
+		"/":           true,
+		"/bin":        true,
+		"/boot":       true,
+		"/dev":        true,
+		"/etc":        true,
+		"/etc/passwd": true,
+		"/etc/pki":    true,
+		"/etc/shadow": true,
+		"/home":       true,
+		"/lib":        true,
+		"/lib64":      true,
+		"/media":      true,
+		"/opt":        true,
+		"/proc":       true,
+		"/root":       true,
+		"/run":        true,
+		"/sbin":       true,
+		"/srv":        true,
+		"/sys":        true,
+		"/tmp":        true,
+		"/usr":        true,
+		"/var":        true,
+		"/var/lib":    true,
+		"/var/log":    true,
+	}
+
+	if home := os.Getenv("HOME"); home != "" {
+		exclude_paths[home] = true
+	}
+
+	if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" {
+		if usr, err := user.Lookup(sudoUser); err == nil {
+			exclude_paths[usr.HomeDir] = true
+		}
+	}
+
+	if path != "/" {
+		path = strings.TrimSuffix(path, "/")
+	}
+	if exclude_paths[path] {
+		return fmt.Errorf("SELinux relabeling of %s is not allowed", path)
+	}
+
+	if shared {
+		c, err := selinux.NewContext(fileLabel)
+		if err != nil {
+			return err
+		}
+
+		c["level"] = "s0"
+		fileLabel = c.Get()
+	}
+	if err := selinux.Chcon(path, fileLabel, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+// DisableSecOpt returns a security opt that can disable labeling
+// support for future container processes
+// Deprecated: use selinux.DisableSecOpt
+var DisableSecOpt = selinux.DisableSecOpt
+
+// Validate checks that the label does not include unexpected options
+func Validate(label string) error {
+	if strings.Contains(label, "z") && strings.Contains(label, "Z") {
+		return ErrIncompatibleLabel
+	}
+	return nil
+}
+
+// RelabelNeeded checks whether the user requested a relabel
+func RelabelNeeded(label string) bool {
+	return strings.Contains(label, "z") || strings.Contains(label, "Z")
+}
+
+// IsShared checks that the label includes a "shared" mark
+func IsShared(label string) bool {
+	return strings.Contains(label, "z")
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
deleted file mode 100644
index f0a055b87e7e2..0000000000000
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ /dev/null
@@ -1,203 +0,0 @@
-// +build selinux,linux
-
-package label
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/opencontainers/selinux/go-selinux"
-)
-
-// Valid Label Options
-var validOptions = map[string]bool{
-	"disable": true,
-	"type":    true,
-	"user":    true,
-	"role":    true,
-	"level":   true,
-}
-
-var ErrIncompatibleLabel = fmt.Errorf("Bad SELinux option z and Z can not be used together")
-
-// InitLabels returns the process label and file labels to be used within
-// the container.  A list of options can be passed into this function to alter
-// the labels.  The labels returned will include a random MCS String, that is
-// guaranteed to be unique.
-func InitLabels(options []string) (string, string, error) {
-	if !selinux.GetEnabled() {
-		return "", "", nil
-	}
-	processLabel, mountLabel := selinux.ContainerLabels()
-	if processLabel != "" {
-		pcon := selinux.NewContext(processLabel)
-		mcon := selinux.NewContext(mountLabel)
-		for _, opt := range options {
-			if opt == "disable" {
-				return "", "", nil
-			}
-			if i := strings.Index(opt, ":"); i == -1 {
-				return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt)
-			}
-			con := strings.SplitN(opt, ":", 2)
-			if !validOptions[con[0]] {
-				return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type'", con[0])
-
-			}
-			pcon[con[0]] = con[1]
-			if con[0] == "level" || con[0] == "user" {
-				mcon[con[0]] = con[1]
-			}
-		}
-		_ = ReleaseLabel(processLabel)
-		processLabel = pcon.Get()
-		mountLabel = mcon.Get()
-		_ = ReserveLabel(processLabel)
-	}
-	return processLabel, mountLabel, nil
-}
-
-func ROMountLabel() string {
-	return selinux.ROFileLabel()
-}
-
-// DEPRECATED: The GenLabels function is only to be used during the transition to the official API.
-func GenLabels(options string) (string, string, error) {
-	return InitLabels(strings.Fields(options))
-}
-
-// FormatMountLabel returns a string to be used by the mount command.
-// The format of this string will be used to alter the labeling of the mountpoint.
-// The string returned is suitable to be used as the options field of the mount command.
-// If you need to have additional mount point options, you can pass them in as
-// the first parameter.  Second parameter is the label that you wish to apply
-// to all content in the mount point.
-func FormatMountLabel(src, mountLabel string) string {
-	if mountLabel != "" {
-		switch src {
-		case "":
-			src = fmt.Sprintf("context=%q", mountLabel)
-		default:
-			src = fmt.Sprintf("%s,context=%q", src, mountLabel)
-		}
-	}
-	return src
-}
-
-// SetProcessLabel takes a process label and tells the kernel to assign the
-// label to the next program executed by the current process.
-func SetProcessLabel(processLabel string) error {
-	return selinux.SetExecLabel(processLabel)
-}
-
-// ProcessLabel returns the process label that the kernel will assign
-// to the next program executed by the current process.  If "" is returned
-// this indicates that the default labeling will happen for the process.
-func ProcessLabel() (string, error) {
-	return selinux.ExecLabel()
-}
-
-// GetFileLabel returns the label for specified path
-func FileLabel(path string) (string, error) {
-	return selinux.FileLabel(path)
-}
-
-// SetFileLabel modifies the "path" label to the specified file label
-func SetFileLabel(path string, fileLabel string) error {
-	if selinux.GetEnabled() && fileLabel != "" {
-		return selinux.SetFileLabel(path, fileLabel)
-	}
-	return nil
-}
-
-// SetFileCreateLabel tells the kernel the label for all files to be created
-func SetFileCreateLabel(fileLabel string) error {
-	if selinux.GetEnabled() {
-		return selinux.SetFSCreateLabel(fileLabel)
-	}
-	return nil
-}
-
-// Relabel changes the label of path to the filelabel string.
-// It changes the MCS label to s0 if shared is true.
-// This will allow all containers to share the content.
-func Relabel(path string, fileLabel string, shared bool) error {
-	if !selinux.GetEnabled() {
-		return nil
-	}
-
-	if fileLabel == "" {
-		return nil
-	}
-
-	exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true, "/tmp": true, "/home": true, "/run": true, "/var": true, "/root": true}
-	if exclude_paths[path] {
-		return fmt.Errorf("SELinux relabeling of %s is not allowed", path)
-	}
-
-	if shared {
-		c := selinux.NewContext(fileLabel)
-		c["level"] = "s0"
-		fileLabel = c.Get()
-	}
-	if err := selinux.Chcon(path, fileLabel, true); err != nil {
-		return err
-	}
-	return nil
-}
-
-// PidLabel will return the label of the process running with the specified pid
-func PidLabel(pid int) (string, error) {
-	return selinux.PidLabel(pid)
-}
-
-// Init initialises the labeling system
-func Init() {
-	selinux.GetEnabled()
-}
-
-// ReserveLabel will record the fact that the MCS label has already been used.
-// This will prevent InitLabels from using the MCS label in a newly created
-// container
-func ReserveLabel(label string) error {
-	selinux.ReserveLabel(label)
-	return nil
-}
-
-// ReleaseLabel will remove the reservation of the MCS label.
-// This will allow InitLabels to use the MCS label in a newly created
-// containers
-func ReleaseLabel(label string) error {
-	selinux.ReleaseLabel(label)
-	return nil
-}
-
-// DupSecOpt takes a process label and returns security options that
-// can be used to set duplicate labels on future container processes
-func DupSecOpt(src string) []string {
-	return selinux.DupSecOpt(src)
-}
-
-// DisableSecOpt returns a security opt that can disable labeling
-// support for future container processes
-func DisableSecOpt() []string {
-	return selinux.DisableSecOpt()
-}
-
-// Validate checks that the label does not include unexpected options
-func Validate(label string) error {
-	if strings.Contains(label, "z") && strings.Contains(label, "Z") {
-		return ErrIncompatibleLabel
-	}
-	return nil
-}
-
-// RelabelNeeded checks whether the user requested a relabel
-func RelabelNeeded(label string) bool {
-	return strings.Contains(label, "z") || strings.Contains(label, "Z")
-}
-
-// IsShared checks that the label includes a "shared" mark
-func IsShared(label string) bool {
-	return strings.Contains(label, "z")
-}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
new file mode 100644
index 0000000000000..02d206239c7ec
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
@@ -0,0 +1,49 @@
+// +build !linux
+
+package label
+
+// InitLabels returns the process label and file labels to be used within
+// the container.  A list of options can be passed into this function to alter
+// the labels.
+func InitLabels(options []string) (string, string, error) {
+	return "", "", nil
+}
+
+// Deprecated: The GenLabels function is only to be used during the transition
+// to the official API. Use InitLabels(strings.Fields(options)) instead.
+func GenLabels(options string) (string, string, error) {
+	return "", "", nil
+}
+
+func SetFileLabel(path string, fileLabel string) error {
+	return nil
+}
+
+func SetFileCreateLabel(fileLabel string) error {
+	return nil
+}
+
+func Relabel(path string, fileLabel string, shared bool) error {
+	return nil
+}
+
+// DisableSecOpt returns a security opt that can disable labeling
+// support for future container processes
+func DisableSecOpt() []string {
+	return nil
+}
+
+// Validate checks that the label does not include unexpected options
+func Validate(label string) error {
+	return nil
+}
+
+// RelabelNeeded checks whether the user requested a relabel
+func RelabelNeeded(label string) bool {
+	return false
+}
+
+// IsShared checks that the label includes a "shared" mark
+func IsShared(label string) bool {
+	return false
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
new file mode 100644
index 0000000000000..897ecbac41cee
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
@@ -0,0 +1,22 @@
+// +build linux,go1.16
+
+package selinux
+
+import (
+	"errors"
+	"io/fs"
+	"os"
+
+	"github.com/opencontainers/selinux/pkg/pwalkdir"
+)
+
+func rchcon(fpath, label string) error {
+	return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error {
+		e := setFileLabel(p, label)
+		// Walk a file tree can race with removal, so ignore ENOENT.
+		if errors.Is(e, os.ErrNotExist) {
+			return nil
+		}
+		return e
+	})
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
new file mode 100644
index 0000000000000..2c8b033ce058b
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
@@ -0,0 +1,21 @@
+// +build linux,!go1.16
+
+package selinux
+
+import (
+	"errors"
+	"os"
+
+	"github.com/opencontainers/selinux/pkg/pwalk"
+)
+
+func rchcon(fpath, label string) error {
+	return pwalk.Walk(fpath, func(p string, _ os.FileInfo, _ error) error {
+		e := setFileLabel(p, label)
+		// Walk a file tree can race with removal, so ignore ENOENT.
+		if errors.Is(e, os.ErrNotExist) {
+			return nil
+		}
+		return e
+	})
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
new file mode 100644
index 0000000000000..cad467507a5b3
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
@@ -0,0 +1,290 @@
+package selinux
+
+import (
+	"errors"
+)
+
+const (
+	// Enforcing constant indicate SELinux is in enforcing mode
+	Enforcing = 1
+	// Permissive constant to indicate SELinux is in permissive mode
+	Permissive = 0
+	// Disabled constant to indicate SELinux is disabled
+	Disabled = -1
+	// maxCategory is the maximum number of categories used within containers
+	maxCategory = 1024
+	// DefaultCategoryRange is the upper bound on the category range
+	DefaultCategoryRange = uint32(maxCategory)
+)
+
+var (
+	// ErrMCSAlreadyExists is returned when trying to allocate a duplicate MCS.
+	ErrMCSAlreadyExists = errors.New("MCS label already exists")
+	// ErrEmptyPath is returned when an empty path has been specified.
+	ErrEmptyPath = errors.New("empty path")
+
+	// InvalidLabel is returned when an invalid label is specified.
+	InvalidLabel = errors.New("Invalid Label")
+
+	// ErrIncomparable is returned two levels are not comparable
+	ErrIncomparable = errors.New("incomparable levels")
+	// ErrLevelSyntax is returned when a sensitivity or category do not have correct syntax in a level
+	ErrLevelSyntax = errors.New("invalid level syntax")
+
+	// ErrContextMissing is returned if a requested context is not found in a file.
+	ErrContextMissing = errors.New("context does not have a match")
+	// ErrVerifierNil is returned when a context verifier function is nil.
+	ErrVerifierNil = errors.New("verifier function is nil")
+
+	// CategoryRange allows the upper bound on the category range to be adjusted
+	CategoryRange = DefaultCategoryRange
+
+	privContainerMountLabel string
+)
+
+// Context is a representation of the SELinux label broken into 4 parts
+type Context map[string]string
+
+// SetDisabled disables SELinux support for the package
+func SetDisabled() {
+	setDisabled()
+}
+
+// GetEnabled returns whether SELinux is currently enabled.
+func GetEnabled() bool {
+	return getEnabled()
+}
+
+// ClassIndex returns the int index for an object class in the loaded policy,
+// or -1 and an error
+func ClassIndex(class string) (int, error) {
+	return classIndex(class)
+}
+
+// SetFileLabel sets the SELinux label for this path or returns an error.
+func SetFileLabel(fpath string, label string) error {
+	return setFileLabel(fpath, label)
+}
+
+// FileLabel returns the SELinux label for this path or returns an error.
+func FileLabel(fpath string) (string, error) {
+	return fileLabel(fpath)
+}
+
+// SetFSCreateLabel tells the kernel what label to use for all file system objects
+// created by this task.
+// Set the label to an empty string to return to the default label. Calls to SetFSCreateLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until file system
+// objects created by this task are finished to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
+func SetFSCreateLabel(label string) error {
+	return setFSCreateLabel(label)
+}
+
+// FSCreateLabel returns the default label the kernel which the kernel is using
+// for file system objects created by this task. "" indicates default.
+func FSCreateLabel() (string, error) {
+	return fsCreateLabel()
+}
+
+// CurrentLabel returns the SELinux label of the current process thread, or an error.
+func CurrentLabel() (string, error) {
+	return currentLabel()
+}
+
+// PidLabel returns the SELinux label of the given pid, or an error.
+func PidLabel(pid int) (string, error) {
+	return pidLabel(pid)
+}
+
+// ExecLabel returns the SELinux label that the kernel will use for any programs
+// that are executed by the current process thread, or an error.
+func ExecLabel() (string, error) {
+	return execLabel()
+}
+
+// CanonicalizeContext takes a context string and writes it to the kernel
+// the function then returns the context that the kernel will use. Use this
+// function to check if two contexts are equivalent
+func CanonicalizeContext(val string) (string, error) {
+	return canonicalizeContext(val)
+}
+
+// ComputeCreateContext requests the type transition from source to target for
+// class from the kernel.
+func ComputeCreateContext(source string, target string, class string) (string, error) {
+	return computeCreateContext(source, target, class)
+}
+
+// CalculateGlbLub computes the glb (greatest lower bound) and lub (least upper bound)
+// of a source and target range.
+// The glblub is calculated as the greater of the low sensitivities and
+// the lower of the high sensitivities and the and of each category bitset.
+func CalculateGlbLub(sourceRange, targetRange string) (string, error) {
+	return calculateGlbLub(sourceRange, targetRange)
+}
+
+// SetExecLabel sets the SELinux label that the kernel will use for any programs
+// that are executed by the current process thread, or an error. Calls to SetExecLabel
+// should  be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until execution
+// of the program is finished to guarantee another goroutine does not migrate to the current
+// thread before execution is complete.
+func SetExecLabel(label string) error {
+	return setExecLabel(label)
+}
+
+// SetTaskLabel sets the SELinux label for the current thread, or an error.
+// This requires the dyntransition permission. Calls to SetTaskLabel should
+// be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() to guarantee
+// the current thread does not run in a new mislabeled thread.
+func SetTaskLabel(label string) error {
+	return setTaskLabel(label)
+}
+
+// SetSocketLabel takes a process label and tells the kernel to assign the
+// label to the next socket that gets created. Calls to SetSocketLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until
+// the the socket is created to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
+func SetSocketLabel(label string) error {
+	return setSocketLabel(label)
+}
+
+// SocketLabel retrieves the current socket label setting
+func SocketLabel() (string, error) {
+	return socketLabel()
+}
+
+// PeerLabel retrieves the label of the client on the other side of a socket
+func PeerLabel(fd uintptr) (string, error) {
+	return peerLabel(fd)
+}
+
+// SetKeyLabel takes a process label and tells the kernel to assign the
+// label to the next kernel keyring that gets created. Calls to SetKeyLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until
+// the kernel keyring is created to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
+func SetKeyLabel(label string) error {
+	return setKeyLabel(label)
+}
+
+// KeyLabel retrieves the current kernel keyring label setting
+func KeyLabel() (string, error) {
+	return keyLabel()
+}
+
+// Get returns the Context as a string
+func (c Context) Get() string {
+	return c.get()
+}
+
+// NewContext creates a new Context struct from the specified label
+func NewContext(label string) (Context, error) {
+	return newContext(label)
+}
+
+// ClearLabels clears all reserved labels
+func ClearLabels() {
+	clearLabels()
+}
+
+// ReserveLabel reserves the MLS/MCS level component of the specified label
+func ReserveLabel(label string) {
+	reserveLabel(label)
+}
+
+// EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled
+func EnforceMode() int {
+	return enforceMode()
+}
+
+// SetEnforceMode sets the current SELinux mode Enforcing, Permissive.
+// Disabled is not valid, since this needs to be set at boot time.
+func SetEnforceMode(mode int) error {
+	return setEnforceMode(mode)
+}
+
+// DefaultEnforceMode returns the systems default SELinux mode Enforcing,
+// Permissive or Disabled. Note this is is just the default at boot time.
+// EnforceMode tells you the systems current mode.
+func DefaultEnforceMode() int {
+	return defaultEnforceMode()
+}
+
+// ReleaseLabel un-reserves the MLS/MCS Level field of the specified label,
+// allowing it to be used by another process.
+func ReleaseLabel(label string) {
+	releaseLabel(label)
+}
+
+// ROFileLabel returns the specified SELinux readonly file label
+func ROFileLabel() string {
+	return roFileLabel()
+}
+
+// KVMContainerLabels returns the default processLabel and mountLabel to be used
+// for kvm containers by the calling process.
+func KVMContainerLabels() (string, string) {
+	return kvmContainerLabels()
+}
+
+// InitContainerLabels returns the default processLabel and file labels to be
+// used for containers running an init system like systemd by the calling process.
+func InitContainerLabels() (string, string) {
+	return initContainerLabels()
+}
+
+// ContainerLabels returns an allocated processLabel and fileLabel to be used for
+// container labeling by the calling process.
+func ContainerLabels() (processLabel string, fileLabel string) {
+	return containerLabels()
+}
+
+// SecurityCheckContext validates that the SELinux label is understood by the kernel
+func SecurityCheckContext(val string) error {
+	return securityCheckContext(val)
+}
+
+// CopyLevel returns a label with the MLS/MCS level from src label replaced on
+// the dest label.
+func CopyLevel(src, dest string) (string, error) {
+	return copyLevel(src, dest)
+}
+
+// Chcon changes the fpath file object to the SELinux label label.
+// If fpath is a directory and recurse is true, then Chcon walks the
+// directory tree setting the label.
+//
+// The fpath itself is guaranteed to be relabeled last.
+func Chcon(fpath string, label string, recurse bool) error {
+	return chcon(fpath, label, recurse)
+}
+
+// DupSecOpt takes an SELinux process label and returns security options that
+// can be used to set the SELinux Type and Level for future container processes.
+func DupSecOpt(src string) ([]string, error) {
+	return dupSecOpt(src)
+}
+
+// DisableSecOpt returns a security opt that can be used to disable SELinux
+// labeling support for future container processes.
+func DisableSecOpt() []string {
+	return disableSecOpt()
+}
+
+// GetDefaultContextWithLevel gets a single context for the specified SELinux user
+// identity that is reachable from the specified scon context. The context is based
+// on the per-user /etc/selinux/{SELINUXTYPE}/contexts/users/<username> if it exists,
+// and falls back to the global /etc/selinux/{SELINUXTYPE}/contexts/default_contexts
+// file.
+func GetDefaultContextWithLevel(user, level, scon string) (string, error) {
+	return getDefaultContextWithLevel(user, level, scon)
+}
+
+// PrivContainerMountLabel returns mount label for privileged containers
+func PrivContainerMountLabel() string {
+	// Make sure label is initialized.
+	_ = label("")
+	return privContainerMountLabel
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 5dc09a51eb210..b045843ad6ecd 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -1,5 +1,3 @@
-// +build selinux,linux
-
 package selinux
 
 import (
@@ -11,57 +9,89 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"math/big"
 	"os"
+	"path"
 	"path/filepath"
-	"regexp"
 	"strconv"
 	"strings"
 	"sync"
-	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
 const (
-	// Enforcing constant indicate SELinux is in enforcing mode
-	Enforcing = 1
-	// Permissive constant to indicate SELinux is in permissive mode
-	Permissive = 0
-	// Disabled constant to indicate SELinux is disabled
-	Disabled = -1
-
+	minSensLen       = 2
+	contextFile      = "/usr/share/containers/selinux/contexts"
 	selinuxDir       = "/etc/selinux/"
+	selinuxUsersDir  = "contexts/users"
+	defaultContexts  = "contexts/default_contexts"
 	selinuxConfig    = selinuxDir + "config"
 	selinuxfsMount   = "/sys/fs/selinux"
 	selinuxTypeTag   = "SELINUXTYPE"
 	selinuxTag       = "SELINUX"
 	xattrNameSelinux = "security.selinux"
-	stRdOnly         = 0x01
-	selinuxfsMagic   = 0xf97cff8c
 )
 
 type selinuxState struct {
-	enabledSet   bool
-	enabled      bool
-	selinuxfsSet bool
-	selinuxfs    string
-	mcsList      map[string]bool
+	enabledSet    bool
+	enabled       bool
+	selinuxfsOnce sync.Once
+	selinuxfs     string
+	mcsList       map[string]bool
 	sync.Mutex
 }
 
+type level struct {
+	sens uint
+	cats *big.Int
+}
+
+type mlsRange struct {
+	low  *level
+	high *level
+}
+
+type defaultSECtx struct {
+	user, level, scon   string
+	userRdr, defaultRdr io.Reader
+
+	verifier func(string) error
+}
+
+type levelItem byte
+
+const (
+	sensitivity levelItem = 's'
+	category    levelItem = 'c'
+)
+
 var (
-	// ErrMCSAlreadyExists is returned when trying to allocate a duplicate MCS.
-	ErrMCSAlreadyExists = errors.New("MCS label already exists")
-	// ErrEmptyPath is returned when an empty path has been specified.
-	ErrEmptyPath = errors.New("empty path")
-
-	assignRegex = regexp.MustCompile(`^([^=]+)=(.*)$`)
-	roFileLabel string
-	state       = selinuxState{
+	readOnlyFileLabel string
+	state             = selinuxState{
 		mcsList: make(map[string]bool),
 	}
+
+	// for attrPath()
+	attrPathOnce   sync.Once
+	haveThreadSelf bool
+
+	// for policyRoot()
+	policyRootOnce sync.Once
+	policyRootVal  string
+
+	// for label()
+	loadLabelsOnce sync.Once
+	labels         map[string]string
 )
 
-// Context is a representation of the SELinux label broken into 4 parts
-type Context map[string]string
+func policyRoot() string {
+	policyRootOnce.Do(func() {
+		policyRootVal = filepath.Join(selinuxDir, readConfig(selinuxTypeTag))
+	})
+
+	return policyRootVal
+}
 
 func (s *selinuxState) setEnable(enabled bool) bool {
 	s.Lock()
@@ -89,35 +119,28 @@ func (s *selinuxState) getEnabled() bool {
 	return s.setEnable(enabled)
 }
 
-// SetDisabled disables selinux support for the package
-func SetDisabled() {
+// setDisabled disables SELinux support for the package
+func setDisabled() {
 	state.setEnable(false)
 }
 
-func (s *selinuxState) setSELinuxfs(selinuxfs string) string {
-	s.Lock()
-	defer s.Unlock()
-	s.selinuxfsSet = true
-	s.selinuxfs = selinuxfs
-	return s.selinuxfs
-}
-
 func verifySELinuxfsMount(mnt string) bool {
-	var buf syscall.Statfs_t
+	var buf unix.Statfs_t
 	for {
-		err := syscall.Statfs(mnt, &buf)
+		err := unix.Statfs(mnt, &buf)
 		if err == nil {
 			break
 		}
-		if err == syscall.EAGAIN {
+		if err == unix.EAGAIN || err == unix.EINTR { //nolint:errorlint // unix errors are bare
 			continue
 		}
 		return false
 	}
-	if uint32(buf.Type) != uint32(selinuxfsMagic) {
+
+	if uint32(buf.Type) != uint32(unix.SELINUX_MAGIC) {
 		return false
 	}
-	if (buf.Flags & stRdOnly) != 0 {
+	if (buf.Flags & unix.ST_RDONLY) != 0 {
 		return false
 	}
 
@@ -162,72 +185,56 @@ func findSELinuxfs() string {
 // if there is one, or an empty string in case of EOF or error.
 func findSELinuxfsMount(s *bufio.Scanner) string {
 	for s.Scan() {
-		txt := s.Text()
+		txt := s.Bytes()
 		// The first field after - is fs type.
 		// Safe as spaces in mountpoints are encoded as \040
-		if !strings.Contains(txt, " - selinuxfs ") {
+		if !bytes.Contains(txt, []byte(" - selinuxfs ")) {
 			continue
 		}
 		const mPos = 5 // mount point is 5th field
-		fields := strings.SplitN(txt, " ", mPos+1)
+		fields := bytes.SplitN(txt, []byte(" "), mPos+1)
 		if len(fields) < mPos+1 {
 			continue
 		}
-		return fields[mPos-1]
+		return string(fields[mPos-1])
 	}
 
 	return ""
 }
 
 func (s *selinuxState) getSELinuxfs() string {
-	s.Lock()
-	selinuxfs := s.selinuxfs
-	selinuxfsSet := s.selinuxfsSet
-	s.Unlock()
-	if selinuxfsSet {
-		return selinuxfs
-	}
+	s.selinuxfsOnce.Do(func() {
+		s.selinuxfs = findSELinuxfs()
+	})
 
-	return s.setSELinuxfs(findSELinuxfs())
+	return s.selinuxfs
 }
 
 // getSelinuxMountPoint returns the path to the mountpoint of an selinuxfs
 // filesystem or an empty string if no mountpoint is found.  Selinuxfs is
-// a proc-like pseudo-filesystem that exposes the selinux policy API to
+// a proc-like pseudo-filesystem that exposes the SELinux policy API to
 // processes.  The existence of an selinuxfs mount is used to determine
-// whether selinux is currently enabled or not.
+// whether SELinux is currently enabled or not.
 func getSelinuxMountPoint() string {
 	return state.getSELinuxfs()
 }
 
-// GetEnabled returns whether selinux is currently enabled.
-func GetEnabled() bool {
+// getEnabled returns whether SELinux is currently enabled.
+func getEnabled() bool {
 	return state.getEnabled()
 }
 
 func readConfig(target string) string {
-	var (
-		val, key string
-		bufin    *bufio.Reader
-	)
-
 	in, err := os.Open(selinuxConfig)
 	if err != nil {
 		return ""
 	}
 	defer in.Close()
 
-	bufin = bufio.NewReader(in)
+	scanner := bufio.NewScanner(in)
 
-	for done := false; !done; {
-		var line string
-		if line, err = bufin.ReadString('\n'); err != nil {
-			if err != io.EOF {
-				return ""
-			}
-			done = true
-		}
-		line = strings.TrimSpace(line)
+	for scanner.Scan() {
+		line := bytes.TrimSpace(scanner.Bytes())
 		if len(line) == 0 {
 			// Skip blank lines
 			continue
@@ -236,18 +243,34 @@ func readConfig(target string) string {
 			// Skip comments
 			continue
 		}
-		if groups := assignRegex.FindStringSubmatch(line); groups != nil {
-			key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
-			if key == target {
-				return strings.Trim(val, "\"")
-			}
+		fields := bytes.SplitN(line, []byte{'='}, 2)
+		if len(fields) != 2 {
+			continue
+		}
+		if bytes.Equal(fields[0], []byte(target)) {
+			return string(bytes.Trim(fields[1], `"`))
 		}
 	}
 	return ""
 }
 
-func getSELinuxPolicyRoot() string {
-	return filepath.Join(selinuxDir, readConfig(selinuxTypeTag))
+func isProcHandle(fh *os.File) error {
+	var buf unix.Statfs_t
+
+	for {
+		err := unix.Fstatfs(int(fh.Fd()), &buf)
+		if err == nil {
+			break
+		}
+		if err != unix.EINTR { //nolint:errorlint // unix errors are bare
+			return &os.PathError{Op: "fstatfs", Path: fh.Name(), Err: err}
+		}
+	}
+	if buf.Type != unix.PROC_SUPER_MAGIC {
+		return fmt.Errorf("file %q is not on procfs", fh.Name())
+	}
+
+	return nil
 }
 
 func readCon(fpath string) (string, error) {
@@ -261,30 +284,65 @@ func readCon(fpath string) (string, error) {
 	}
 	defer in.Close()
 
-	var retval string
-	if _, err := fmt.Fscanf(in, "%s", &retval); err != nil {
+	if err := isProcHandle(in); err != nil {
 		return "", err
 	}
-	return strings.Trim(retval, "\x00"), nil
+	return readConFd(in)
+}
+
+func readConFd(in *os.File) (string, error) {
+	data, err := ioutil.ReadAll(in)
+	if err != nil {
+		return "", err
+	}
+	return string(bytes.TrimSuffix(data, []byte{0})), nil
+}
+
+// classIndex returns the int index for an object class in the loaded policy,
+// or -1 and an error
+func classIndex(class string) (int, error) {
+	permpath := fmt.Sprintf("class/%s/index", class)
+	indexpath := filepath.Join(getSelinuxMountPoint(), permpath)
+
+	indexB, err := ioutil.ReadFile(indexpath)
+	if err != nil {
+		return -1, err
+	}
+	index, err := strconv.Atoi(string(indexB))
+	if err != nil {
+		return -1, err
+	}
+
+	return index, nil
 }
 
-// SetFileLabel sets the SELinux label for this path or returns an error.
-func SetFileLabel(fpath string, label string) error {
+// setFileLabel sets the SELinux label for this path or returns an error.
+func setFileLabel(fpath string, label string) error {
 	if fpath == "" {
 		return ErrEmptyPath
 	}
-	return lsetxattr(fpath, xattrNameSelinux, []byte(label), 0)
+	for {
+		err := unix.Lsetxattr(fpath, xattrNameSelinux, []byte(label), 0)
+		if err == nil {
+			break
+		}
+		if err != unix.EINTR { //nolint:errorlint // unix errors are bare
+			return &os.PathError{Op: "lsetxattr", Path: fpath, Err: err}
+		}
+	}
+
+	return nil
 }
 
-// FileLabel returns the SELinux label for this path or returns an error.
-func FileLabel(fpath string) (string, error) {
+// fileLabel returns the SELinux label for this path or returns an error.
+func fileLabel(fpath string) (string, error) {
 	if fpath == "" {
 		return "", ErrEmptyPath
 	}
 
 	label, err := lgetxattr(fpath, xattrNameSelinux)
 	if err != nil {
-		return "", err
+		return "", &os.PathError{Op: "lgetxattr", Path: fpath, Err: err}
 	}
 	// Trim the NUL byte at the end of the byte buffer, if present.
 	if len(label) > 0 && label[len(label)-1] == '\x00' {
@@ -293,44 +351,43 @@ func FileLabel(fpath string) (string, error) {
 	return string(label), nil
 }
 
-/*
-SetFSCreateLabel tells kernel the label to create all file system objects
-created by this task. Setting label="" to return to default.
-*/
-func SetFSCreateLabel(label string) error {
-	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid()), label)
+// setFSCreateLabel tells kernel the label to create all file system objects
+// created by this task. Setting label="" to return to default.
+func setFSCreateLabel(label string) error {
+	return writeAttr("fscreate", label)
 }
 
-/*
-FSCreateLabel returns the default label the kernel which the kernel is using
-for file system objects created by this task. "" indicates default.
-*/
-func FSCreateLabel() (string, error) {
-	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid()))
+// fsCreateLabel returns the default label the kernel which the kernel is using
+// for file system objects created by this task. "" indicates default.
+func fsCreateLabel() (string, error) {
+	return readAttr("fscreate")
 }
 
-// CurrentLabel returns the SELinux label of the current process thread, or an error.
-func CurrentLabel() (string, error) {
-	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", syscall.Gettid()))
+// currentLabel returns the SELinux label of the current process thread, or an error.
+func currentLabel() (string, error) {
+	return readAttr("current")
 }
 
-// PidLabel returns the SELinux label of the given pid, or an error.
-func PidLabel(pid int) (string, error) {
+// pidLabel returns the SELinux label of the given pid, or an error.
+func pidLabel(pid int) (string, error) {
 	return readCon(fmt.Sprintf("/proc/%d/attr/current", pid))
 }
 
-/*
-ExecLabel returns the SELinux label that the kernel will use for any programs
-that are executed by the current process thread, or an error.
-*/
-func ExecLabel() (string, error) {
-	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()))
+// ExecLabel returns the SELinux label that the kernel will use for any programs
+// that are executed by the current process thread, or an error.
+func execLabel() (string, error) {
+	return readAttr("exec")
 }
 
-func writeCon(fpath string, val string) error {
+func writeCon(fpath, val string) error {
 	if fpath == "" {
 		return ErrEmptyPath
 	}
+	if val == "" {
+		if !getEnabled() {
+			return nil
+		}
+	}
 
 	out, err := os.OpenFile(fpath, os.O_WRONLY, 0)
 	if err != nil {
@@ -338,23 +395,274 @@ func writeCon(fpath string, val string) error {
 	}
 	defer out.Close()
 
+	if err := isProcHandle(out); err != nil {
+		return err
+	}
+
 	if val != "" {
 		_, err = out.Write([]byte(val))
 	} else {
 		_, err = out.Write(nil)
 	}
-	return err
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func attrPath(attr string) string {
+	// Linux >= 3.17 provides this
+	const threadSelfPrefix = "/proc/thread-self/attr"
+
+	attrPathOnce.Do(func() {
+		st, err := os.Stat(threadSelfPrefix)
+		if err == nil && st.Mode().IsDir() {
+			haveThreadSelf = true
+		}
+	})
+
+	if haveThreadSelf {
+		return path.Join(threadSelfPrefix, attr)
+	}
+
+	return path.Join("/proc/self/task/", strconv.Itoa(unix.Gettid()), "/attr/", attr)
 }
 
-/*
-CanonicalizeContext takes a context string and writes it to the kernel
-the function then returns the context that the kernel will use.  This function
-can be used to see if two contexts are equivalent
-*/
-func CanonicalizeContext(val string) (string, error) {
+func readAttr(attr string) (string, error) {
+	return readCon(attrPath(attr))
+}
+
+func writeAttr(attr, val string) error {
+	return writeCon(attrPath(attr), val)
+}
+
+// canonicalizeContext takes a context string and writes it to the kernel
+// the function then returns the context that the kernel will use. Use this
+// function to check if two contexts are equivalent
+func canonicalizeContext(val string) (string, error) {
 	return readWriteCon(filepath.Join(getSelinuxMountPoint(), "context"), val)
 }
 
+// computeCreateContext requests the type transition from source to target for
+// class from the kernel.
+func computeCreateContext(source string, target string, class string) (string, error) {
+	classidx, err := classIndex(class)
+	if err != nil {
+		return "", err
+	}
+
+	return readWriteCon(filepath.Join(getSelinuxMountPoint(), "create"), fmt.Sprintf("%s %s %d", source, target, classidx))
+}
+
+// catsToBitset stores categories in a bitset.
+func catsToBitset(cats string) (*big.Int, error) {
+	bitset := new(big.Int)
+
+	catlist := strings.Split(cats, ",")
+	for _, r := range catlist {
+		ranges := strings.SplitN(r, ".", 2)
+		if len(ranges) > 1 {
+			catstart, err := parseLevelItem(ranges[0], category)
+			if err != nil {
+				return nil, err
+			}
+			catend, err := parseLevelItem(ranges[1], category)
+			if err != nil {
+				return nil, err
+			}
+			for i := catstart; i <= catend; i++ {
+				bitset.SetBit(bitset, int(i), 1)
+			}
+		} else {
+			cat, err := parseLevelItem(ranges[0], category)
+			if err != nil {
+				return nil, err
+			}
+			bitset.SetBit(bitset, int(cat), 1)
+		}
+	}
+
+	return bitset, nil
+}
+
+// parseLevelItem parses and verifies that a sensitivity or category are valid
+func parseLevelItem(s string, sep levelItem) (uint, error) {
+	if len(s) < minSensLen || levelItem(s[0]) != sep {
+		return 0, ErrLevelSyntax
+	}
+	val, err := strconv.ParseUint(s[1:], 10, 32)
+	if err != nil {
+		return 0, err
+	}
+
+	return uint(val), nil
+}
+
+// parseLevel fills a level from a string that contains
+// a sensitivity and categories
+func (l *level) parseLevel(levelStr string) error {
+	lvl := strings.SplitN(levelStr, ":", 2)
+	sens, err := parseLevelItem(lvl[0], sensitivity)
+	if err != nil {
+		return fmt.Errorf("failed to parse sensitivity: %w", err)
+	}
+	l.sens = sens
+	if len(lvl) > 1 {
+		cats, err := catsToBitset(lvl[1])
+		if err != nil {
+			return fmt.Errorf("failed to parse categories: %w", err)
+		}
+		l.cats = cats
+	}
+
+	return nil
+}
+
+// rangeStrToMLSRange marshals a string representation of a range.
+func rangeStrToMLSRange(rangeStr string) (*mlsRange, error) {
+	mlsRange := &mlsRange{}
+	levelSlice := strings.SplitN(rangeStr, "-", 2)
+
+	switch len(levelSlice) {
+	// rangeStr that has a low and a high level, e.g. s4:c0.c1023-s6:c0.c1023
+	case 2:
+		mlsRange.high = &level{}
+		if err := mlsRange.high.parseLevel(levelSlice[1]); err != nil {
+			return nil, fmt.Errorf("failed to parse high level %q: %w", levelSlice[1], err)
+		}
+		fallthrough
+	// rangeStr that is single level, e.g. s6:c0,c3,c5,c30.c1023
+	case 1:
+		mlsRange.low = &level{}
+		if err := mlsRange.low.parseLevel(levelSlice[0]); err != nil {
+			return nil, fmt.Errorf("failed to parse low level %q: %w", levelSlice[0], err)
+		}
+	}
+
+	if mlsRange.high == nil {
+		mlsRange.high = mlsRange.low
+	}
+
+	return mlsRange, nil
+}
+
+// bitsetToStr takes a category bitset and returns it in the
+// canonical selinux syntax
+func bitsetToStr(c *big.Int) string {
+	var str string
+
+	length := 0
+	for i := int(c.TrailingZeroBits()); i < c.BitLen(); i++ {
+		if c.Bit(i) == 0 {
+			continue
+		}
+		if length == 0 {
+			if str != "" {
+				str += ","
+			}
+			str += "c" + strconv.Itoa(i)
+		}
+		if c.Bit(i+1) == 1 {
+			length++
+			continue
+		}
+		if length == 1 {
+			str += ",c" + strconv.Itoa(i)
+		} else if length > 1 {
+			str += ".c" + strconv.Itoa(i)
+		}
+		length = 0
+	}
+
+	return str
+}
+
+func (l1 *level) equal(l2 *level) bool {
+	if l2 == nil || l1 == nil {
+		return l1 == l2
+	}
+	if l1.sens != l2.sens {
+		return false
+	}
+	if l2.cats == nil || l1.cats == nil {
+		return l2.cats == l1.cats
+	}
+	return l1.cats.Cmp(l2.cats) == 0
+}
+
+// String returns an mlsRange as a string.
+func (m mlsRange) String() string {
+	low := "s" + strconv.Itoa(int(m.low.sens))
+	if m.low.cats != nil && m.low.cats.BitLen() > 0 {
+		low += ":" + bitsetToStr(m.low.cats)
+	}
+
+	if m.low.equal(m.high) {
+		return low
+	}
+
+	high := "s" + strconv.Itoa(int(m.high.sens))
+	if m.high.cats != nil && m.high.cats.BitLen() > 0 {
+		high += ":" + bitsetToStr(m.high.cats)
+	}
+
+	return low + "-" + high
+}
+
+func max(a, b uint) uint {
+	if a > b {
+		return a
+	}
+	return b
+}
+
+func min(a, b uint) uint {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+// calculateGlbLub computes the glb (greatest lower bound) and lub (least upper bound)
+// of a source and target range.
+// The glblub is calculated as the greater of the low sensitivities and
+// the lower of the high sensitivities and the and of each category bitset.
+func calculateGlbLub(sourceRange, targetRange string) (string, error) {
+	s, err := rangeStrToMLSRange(sourceRange)
+	if err != nil {
+		return "", err
+	}
+	t, err := rangeStrToMLSRange(targetRange)
+	if err != nil {
+		return "", err
+	}
+
+	if s.high.sens < t.low.sens || t.high.sens < s.low.sens {
+		/* these ranges have no common sensitivities */
+		return "", ErrIncomparable
+	}
+
+	outrange := &mlsRange{low: &level{}, high: &level{}}
+
+	/* take the greatest of the low */
+	outrange.low.sens = max(s.low.sens, t.low.sens)
+
+	/* take the least of the high */
+	outrange.high.sens = min(s.high.sens, t.high.sens)
+
+	/* find the intersecting categories */
+	if s.low.cats != nil && t.low.cats != nil {
+		outrange.low.cats = new(big.Int)
+		outrange.low.cats.And(s.low.cats, t.low.cats)
+	}
+	if s.high.cats != nil && t.high.cats != nil {
+		outrange.high.cats = new(big.Int)
+		outrange.high.cats.And(s.high.cats, t.high.cats)
+	}
+
+	return outrange.String(), nil
+}
+
 func readWriteCon(fpath string, val string) (string, error) {
 	if fpath == "" {
 		return "", ErrEmptyPath
@@ -370,35 +678,76 @@ func readWriteCon(fpath string, val string) (string, error) {
 		return "", err
 	}
 
-	var retval string
-	if _, err := fmt.Fscanf(f, "%s", &retval); err != nil {
-		return "", err
+	return readConFd(f)
+}
+
+// setExecLabel sets the SELinux label that the kernel will use for any programs
+// that are executed by the current process thread, or an error.
+func setExecLabel(label string) error {
+	return writeAttr("exec", label)
+}
+
+// setTaskLabel sets the SELinux label for the current thread, or an error.
+// This requires the dyntransition permission.
+func setTaskLabel(label string) error {
+	return writeAttr("current", label)
+}
+
+// setSocketLabel takes a process label and tells the kernel to assign the
+// label to the next socket that gets created
+func setSocketLabel(label string) error {
+	return writeAttr("sockcreate", label)
+}
+
+// socketLabel retrieves the current socket label setting
+func socketLabel() (string, error) {
+	return readAttr("sockcreate")
+}
+
+// peerLabel retrieves the label of the client on the other side of a socket
+func peerLabel(fd uintptr) (string, error) {
+	label, err := unix.GetsockoptString(int(fd), unix.SOL_SOCKET, unix.SO_PEERSEC)
+	if err != nil {
+		return "", &os.PathError{Op: "getsockopt", Path: "fd " + strconv.Itoa(int(fd)), Err: err}
+	}
+	return label, nil
+}
+
+// setKeyLabel takes a process label and tells the kernel to assign the
+// label to the next kernel keyring that gets created
+func setKeyLabel(label string) error {
+	err := writeCon("/proc/self/attr/keycreate", label)
+	if errors.Is(err, os.ErrNotExist) {
+		return nil
+	}
+	if label == "" && errors.Is(err, os.ErrPermission) {
+		return nil
 	}
-	return strings.Trim(retval, "\x00"), nil
+	return err
 }
 
-/*
-SetExecLabel sets the SELinux label that the kernel will use for any programs
-that are executed by the current process thread, or an error.
-*/
-func SetExecLabel(label string) error {
-	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), label)
+// keyLabel retrieves the current kernel keyring label setting
+func keyLabel() (string, error) {
+	return readCon("/proc/self/attr/keycreate")
 }
 
-// Get returns the Context as a string
-func (c Context) Get() string {
-	if c["level"] != "" {
-		return fmt.Sprintf("%s:%s:%s:%s", c["user"], c["role"], c["type"], c["level"])
+// get returns the Context as a string
+func (c Context) get() string {
+	if level := c["level"]; level != "" {
+		return c["user"] + ":" + c["role"] + ":" + c["type"] + ":" + level
 	}
-	return fmt.Sprintf("%s:%s:%s", c["user"], c["role"], c["type"])
+	return c["user"] + ":" + c["role"] + ":" + c["type"]
 }
 
-// NewContext creates a new Context struct from the specified label
-func NewContext(label string) Context {
+// newContext creates a new Context struct from the specified label
+func newContext(label string) (Context, error) {
 	c := make(Context)
 
 	if len(label) != 0 {
 		con := strings.SplitN(label, ":", 4)
+		if len(con) < 3 {
+			return c, InvalidLabel
+		}
 		c["user"] = con[0]
 		c["role"] = con[1]
 		c["type"] = con[2]
@@ -406,53 +755,55 @@ func NewContext(label string) Context {
 			c["level"] = con[3]
 		}
 	}
-	return c
+	return c, nil
+}
+
+// clearLabels clears all reserved labels
+func clearLabels() {
+	state.Lock()
+	state.mcsList = make(map[string]bool)
+	state.Unlock()
 }
 
-// ReserveLabel reserves the MLS/MCS level component of the specified label
-func ReserveLabel(label string) {
+// reserveLabel reserves the MLS/MCS level component of the specified label
+func reserveLabel(label string) {
 	if len(label) != 0 {
 		con := strings.SplitN(label, ":", 4)
 		if len(con) > 3 {
-			mcsAdd(con[3])
+			_ = mcsAdd(con[3])
 		}
 	}
 }
 
 func selinuxEnforcePath() string {
-	return fmt.Sprintf("%s/enforce", getSelinuxMountPoint())
+	return path.Join(getSelinuxMountPoint(), "enforce")
 }
 
-// EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled
-func EnforceMode() int {
+// enforceMode returns the current SELinux mode Enforcing, Permissive, Disabled
+func enforceMode() int {
 	var enforce int
 
-	enforceS, err := readCon(selinuxEnforcePath())
+	enforceB, err := ioutil.ReadFile(selinuxEnforcePath())
 	if err != nil {
 		return -1
 	}
-
-	enforce, err = strconv.Atoi(string(enforceS))
+	enforce, err = strconv.Atoi(string(enforceB))
 	if err != nil {
 		return -1
 	}
 	return enforce
 }
 
-/*
-SetEnforceMode sets the current SELinux mode Enforcing, Permissive.
-Disabled is not valid, since this needs to be set at boot time.
-*/
-func SetEnforceMode(mode int) error {
-	return writeCon(selinuxEnforcePath(), fmt.Sprintf("%d", mode))
+// setEnforceMode sets the current SELinux mode Enforcing, Permissive.
+// Disabled is not valid, since this needs to be set at boot time.
+func setEnforceMode(mode int) error {
+	return ioutil.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0o644)
 }
 
-/*
-DefaultEnforceMode returns the systems default SELinux mode Enforcing,
-Permissive or Disabled. Note this is is just the default at boot time.
-EnforceMode tells you the systems current mode.
-*/
-func DefaultEnforceMode() int {
+// defaultEnforceMode returns the systems default SELinux mode Enforcing,
+// Permissive or Disabled. Note this is is just the default at boot time.
+// EnforceMode tells you the systems current mode.
+func defaultEnforceMode() int {
 	switch readConfig(selinuxTag) {
 	case "enforcing":
 		return Enforcing
@@ -496,11 +847,11 @@ func intToMcs(id int, catRange uint32) string {
 	}
 
 	for ORD > TIER {
-		ORD = ORD - TIER
+		ORD -= TIER
 		TIER--
 	}
 	TIER = SETSIZE - TIER
-	ORD = ORD + TIER
+	ORD += TIER
 	return fmt.Sprintf("s0:c%d,c%d", TIER, ORD)
 }
 
@@ -512,16 +863,14 @@ func uniqMcs(catRange uint32) string {
 	)
 
 	for {
-		binary.Read(rand.Reader, binary.LittleEndian, &n)
+		_ = binary.Read(rand.Reader, binary.LittleEndian, &n)
 		c1 = n % catRange
-		binary.Read(rand.Reader, binary.LittleEndian, &n)
+		_ = binary.Read(rand.Reader, binary.LittleEndian, &n)
 		c2 = n % catRange
 		if c1 == c2 {
 			continue
-		} else {
-			if c1 > c2 {
-				c1, c2 = c2, c1
-			}
+		} else if c1 > c2 {
+			c1, c2 = c2, c1
 		}
 		mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2)
 		if err := mcsAdd(mcs); err != nil {
@@ -532,11 +881,9 @@ func uniqMcs(catRange uint32) string {
 	return mcs
 }
 
-/*
-ReleaseLabel will unreserve the MLS/MCS Level field of the specified label.
-Allowing it to be used by another process.
-*/
-func ReleaseLabel(label string) {
+// releaseLabel un-reserves the MLS/MCS Level field of the specified label,
+// allowing it to be used by another process.
+func releaseLabel(label string) {
 	if len(label) != 0 {
 		con := strings.SplitN(label, ":", 4)
 		if len(con) > 3 {
@@ -545,43 +892,30 @@ func ReleaseLabel(label string) {
 	}
 }
 
-// ROFileLabel returns the specified SELinux readonly file label
-func ROFileLabel() string {
-	return roFileLabel
+// roFileLabel returns the specified SELinux readonly file label
+func roFileLabel() string {
+	return readOnlyFileLabel
 }
 
-/*
-ContainerLabels returns an allocated processLabel and fileLabel to be used for
-container labeling by the calling process.
-*/
-func ContainerLabels() (processLabel string, fileLabel string) {
-	var (
-		val, key string
-		bufin    *bufio.Reader
-	)
-
-	if !GetEnabled() {
-		return "", ""
+func openContextFile() (*os.File, error) {
+	if f, err := os.Open(contextFile); err == nil {
+		return f, nil
 	}
-	lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", getSELinuxPolicyRoot())
-	in, err := os.Open(lxcPath)
+	return os.Open(filepath.Join(policyRoot(), "/contexts/lxc_contexts"))
+}
+
+func loadLabels() {
+	labels = make(map[string]string)
+	in, err := openContextFile()
 	if err != nil {
-		return "", ""
+		return
 	}
 	defer in.Close()
 
-	bufin = bufio.NewReader(in)
+	scanner := bufio.NewScanner(in)
 
-	for done := false; !done; {
-		var line string
-		if line, err = bufin.ReadString('\n'); err != nil {
-			if err == io.EOF {
-				done = true
-			} else {
-				goto exit
-			}
-		}
-		line = strings.TrimSpace(line)
+	for scanner.Scan() {
+		line := bytes.TrimSpace(scanner.Bytes())
 		if len(line) == 0 {
 			// Skip blank lines
 			continue
@@ -590,50 +924,92 @@ func ContainerLabels() (processLabel string, fileLabel string) {
 			// Skip comments
 			continue
 		}
-		if groups := assignRegex.FindStringSubmatch(line); groups != nil {
-			key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
-			if key == "process" {
-				processLabel = strings.Trim(val, "\"")
-			}
-			if key == "file" {
-				fileLabel = strings.Trim(val, "\"")
-			}
-			if key == "ro_file" {
-				roFileLabel = strings.Trim(val, "\"")
-			}
+		fields := bytes.SplitN(line, []byte{'='}, 2)
+		if len(fields) != 2 {
+			continue
 		}
+		key, val := bytes.TrimSpace(fields[0]), bytes.TrimSpace(fields[1])
+		labels[string(key)] = string(bytes.Trim(val, `"`))
 	}
 
-	if processLabel == "" || fileLabel == "" {
+	con, _ := NewContext(labels["file"])
+	con["level"] = fmt.Sprintf("s0:c%d,c%d", maxCategory-2, maxCategory-1)
+	privContainerMountLabel = con.get()
+	reserveLabel(privContainerMountLabel)
+}
+
+func label(key string) string {
+	loadLabelsOnce.Do(func() {
+		loadLabels()
+	})
+	return labels[key]
+}
+
+// kvmContainerLabels returns the default processLabel and mountLabel to be used
+// for kvm containers by the calling process.
+func kvmContainerLabels() (string, string) {
+	processLabel := label("kvm_process")
+	if processLabel == "" {
+		processLabel = label("process")
+	}
+
+	return addMcs(processLabel, label("file"))
+}
+
+// initContainerLabels returns the default processLabel and file labels to be
+// used for containers running an init system like systemd by the calling process.
+func initContainerLabels() (string, string) {
+	processLabel := label("init_process")
+	if processLabel == "" {
+		processLabel = label("process")
+	}
+
+	return addMcs(processLabel, label("file"))
+}
+
+// containerLabels returns an allocated processLabel and fileLabel to be used for
+// container labeling by the calling process.
+func containerLabels() (processLabel string, fileLabel string) {
+	if !getEnabled() {
 		return "", ""
 	}
 
-	if roFileLabel == "" {
-		roFileLabel = fileLabel
+	processLabel = label("process")
+	fileLabel = label("file")
+	readOnlyFileLabel = label("ro_file")
+
+	if processLabel == "" || fileLabel == "" {
+		return "", fileLabel
+	}
+
+	if readOnlyFileLabel == "" {
+		readOnlyFileLabel = fileLabel
 	}
-exit:
-	scon := NewContext(processLabel)
+
+	return addMcs(processLabel, fileLabel)
+}
+
+func addMcs(processLabel, fileLabel string) (string, string) {
+	scon, _ := NewContext(processLabel)
 	if scon["level"] != "" {
-		mcs := uniqMcs(1024)
+		mcs := uniqMcs(CategoryRange)
 		scon["level"] = mcs
 		processLabel = scon.Get()
-		scon = NewContext(fileLabel)
+		scon, _ = NewContext(fileLabel)
 		scon["level"] = mcs
 		fileLabel = scon.Get()
 	}
 	return processLabel, fileLabel
 }
 
-// SecurityCheckContext validates that the SELinux label is understood by the kernel
-func SecurityCheckContext(val string) error {
-	return writeCon(fmt.Sprintf("%s/context", getSelinuxMountPoint()), val)
+// securityCheckContext validates that the SELinux label is understood by the kernel
+func securityCheckContext(val string) error {
+	return ioutil.WriteFile(path.Join(getSelinuxMountPoint(), "context"), []byte(val), 0o644)
 }
 
-/*
-CopyLevel returns a label with the MLS/MCS level from src label replaced on
-the dest label.
-*/
-func CopyLevel(src, dest string) (string, error) {
+// copyLevel returns a label with the MLS/MCS level from src label replaced on
+// the dest label.
+func copyLevel(src, dest string) (string, error) {
 	if src == "" {
 		return "", nil
 	}
@@ -643,15 +1019,21 @@ func CopyLevel(src, dest string) (string, error) {
 	if err := SecurityCheckContext(dest); err != nil {
 		return "", err
 	}
-	scon := NewContext(src)
-	tcon := NewContext(dest)
+	scon, err := NewContext(src)
+	if err != nil {
+		return "", err
+	}
+	tcon, err := NewContext(dest)
+	if err != nil {
+		return "", err
+	}
 	mcsDelete(tcon["level"])
-	mcsAdd(scon["level"])
+	_ = mcsAdd(scon["level"])
 	tcon["level"] = scon["level"]
 	return tcon.Get(), nil
 }
 
-// Prevent users from relabing system files
+// Prevent users from relabeling system files
 func badPrefix(fpath string) error {
 	if fpath == "" {
 		return ErrEmptyPath
@@ -666,10 +1048,10 @@ func badPrefix(fpath string) error {
 	return nil
 }
 
-// Chcon changes the `fpath` file object to the SELinux label `label`.
-// If `fpath` is a directory and `recurse`` is true, Chcon will walk the
+// chcon changes the fpath file object to the SELinux label label.
+// If fpath is a directory and recurse is true, then chcon walks the
 // directory tree setting the label.
-func Chcon(fpath string, label string, recurse bool) error {
+func chcon(fpath string, label string, recurse bool) error {
 	if fpath == "" {
 		return ErrEmptyPath
 	}
@@ -679,30 +1061,31 @@ func Chcon(fpath string, label string, recurse bool) error {
 	if err := badPrefix(fpath); err != nil {
 		return err
 	}
-	callback := func(p string, info os.FileInfo, err error) error {
-		return SetFileLabel(p, label)
-	}
 
-	if recurse {
-		return filepath.Walk(fpath, callback)
+	if !recurse {
+		return setFileLabel(fpath, label)
 	}
 
-	return SetFileLabel(fpath, label)
+	return rchcon(fpath, label)
 }
 
-// DupSecOpt takes an SELinux process label and returns security options that
+// dupSecOpt takes an SELinux process label and returns security options that
 // can be used to set the SELinux Type and Level for future container processes.
-func DupSecOpt(src string) []string {
+func dupSecOpt(src string) ([]string, error) {
 	if src == "" {
-		return nil
+		return nil, nil
+	}
+	con, err := NewContext(src)
+	if err != nil {
+		return nil, err
 	}
-	con := NewContext(src)
 	if con["user"] == "" ||
 		con["role"] == "" ||
 		con["type"] == "" {
-		return nil
+		return nil, nil
 	}
-	dup := []string{"user:" + con["user"],
+	dup := []string{
+		"user:" + con["user"],
 		"role:" + con["role"],
 		"type:" + con["type"],
 	}
@@ -711,11 +1094,130 @@ func DupSecOpt(src string) []string {
 		dup = append(dup, "level:"+con["level"])
 	}
 
-	return dup
+	return dup, nil
 }
 
-// DisableSecOpt returns a security opt that can be used to disable SELinux
+// disableSecOpt returns a security opt that can be used to disable SELinux
 // labeling support for future container processes.
-func DisableSecOpt() []string {
+func disableSecOpt() []string {
 	return []string{"disable"}
 }
+
+// findUserInContext scans the reader for a valid SELinux context
+// match that is verified with the verifier. Invalid contexts are
+// skipped. It returns a matched context or an empty string if no
+// match is found. If a scanner error occurs, it is returned.
+func findUserInContext(context Context, r io.Reader, verifier func(string) error) (string, error) {
+	fromRole := context["role"]
+	fromType := context["type"]
+	scanner := bufio.NewScanner(r)
+
+	for scanner.Scan() {
+		fromConns := strings.Fields(scanner.Text())
+		if len(fromConns) == 0 {
+			// Skip blank lines
+			continue
+		}
+
+		line := fromConns[0]
+
+		if line[0] == ';' || line[0] == '#' {
+			// Skip comments
+			continue
+		}
+
+		// user context files contexts are formatted as
+		// role_r:type_t:s0 where the user is missing.
+		lineArr := strings.SplitN(line, ":", 4)
+		// skip context with typo, or role and type do not match
+		if len(lineArr) != 3 ||
+			lineArr[0] != fromRole ||
+			lineArr[1] != fromType {
+			continue
+		}
+
+		for _, cc := range fromConns[1:] {
+			toConns := strings.SplitN(cc, ":", 4)
+			if len(toConns) != 3 {
+				continue
+			}
+
+			context["role"] = toConns[0]
+			context["type"] = toConns[1]
+
+			outConn := context.get()
+			if err := verifier(outConn); err != nil {
+				continue
+			}
+
+			return outConn, nil
+		}
+	}
+	if err := scanner.Err(); err != nil {
+		return "", fmt.Errorf("failed to scan for context: %w", err)
+	}
+
+	return "", nil
+}
+
+func getDefaultContextFromReaders(c *defaultSECtx) (string, error) {
+	if c.verifier == nil {
+		return "", ErrVerifierNil
+	}
+
+	context, err := newContext(c.scon)
+	if err != nil {
+		return "", fmt.Errorf("failed to create label for %s: %w", c.scon, err)
+	}
+
+	// set so the verifier validates the matched context with the provided user and level.
+	context["user"] = c.user
+	context["level"] = c.level
+
+	conn, err := findUserInContext(context, c.userRdr, c.verifier)
+	if err != nil {
+		return "", err
+	}
+
+	if conn != "" {
+		return conn, nil
+	}
+
+	conn, err = findUserInContext(context, c.defaultRdr, c.verifier)
+	if err != nil {
+		return "", err
+	}
+
+	if conn != "" {
+		return conn, nil
+	}
+
+	return "", fmt.Errorf("context %q not found: %w", c.scon, ErrContextMissing)
+}
+
+func getDefaultContextWithLevel(user, level, scon string) (string, error) {
+	userPath := filepath.Join(policyRoot(), selinuxUsersDir, user)
+	fu, err := os.Open(userPath)
+	if err != nil {
+		return "", err
+	}
+	defer fu.Close()
+
+	defaultPath := filepath.Join(policyRoot(), defaultContexts)
+	fd, err := os.Open(defaultPath)
+	if err != nil {
+		return "", err
+	}
+	defer fd.Close()
+
+	c := defaultSECtx{
+		user:       user,
+		level:      level,
+		scon:       scon,
+		userRdr:    fu,
+		defaultRdr: fd,
+		verifier:   securityCheckContext,
+	}
+
+	return getDefaultContextFromReaders(&c)
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
index 4dbfd83edaa4e..42657759c38b6 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -1,188 +1,156 @@
-// +build !selinux
+// +build !linux
 
 package selinux
 
-import (
-	"errors"
-)
-
-const (
-	// Enforcing constant indicate SELinux is in enforcing mode
-	Enforcing = 1
-	// Permissive constant to indicate SELinux is in permissive mode
-	Permissive = 0
-	// Disabled constant to indicate SELinux is disabled
-	Disabled = -1
-)
+func setDisabled() {
+}
 
-var (
-	// ErrMCSAlreadyExists is returned when trying to allocate a duplicate MCS.
-	ErrMCSAlreadyExists = errors.New("MCS label already exists")
-	// ErrEmptyPath is returned when an empty path has been specified.
-	ErrEmptyPath = errors.New("empty path")
-)
+func getEnabled() bool {
+	return false
+}
 
-// Context is a representation of the SELinux label broken into 4 parts
-type Context map[string]string
+func classIndex(class string) (int, error) {
+	return -1, nil
+}
 
-// SetDisabled disables selinux support for the package
-func SetDisabled() {
-	return
+func setFileLabel(fpath string, label string) error {
+	return nil
 }
 
-// GetEnabled returns whether selinux is currently enabled.
-func GetEnabled() bool {
-	return false
+func fileLabel(fpath string) (string, error) {
+	return "", nil
 }
 
-// SetFileLabel sets the SELinux label for this path or returns an error.
-func SetFileLabel(fpath string, label string) error {
+func setFSCreateLabel(label string) error {
 	return nil
 }
 
-// FileLabel returns the SELinux label for this path or returns an error.
-func FileLabel(fpath string) (string, error) {
+func fsCreateLabel() (string, error) {
 	return "", nil
 }
 
-/*
-SetFSCreateLabel tells kernel the label to create all file system objects
-created by this task. Setting label="" to return to default.
-*/
-func SetFSCreateLabel(label string) error {
-	return nil
+func currentLabel() (string, error) {
+	return "", nil
 }
 
-/*
-FSCreateLabel returns the default label the kernel which the kernel is using
-for file system objects created by this task. "" indicates default.
-*/
-func FSCreateLabel() (string, error) {
+func pidLabel(pid int) (string, error) {
 	return "", nil
 }
 
-// CurrentLabel returns the SELinux label of the current process thread, or an error.
-func CurrentLabel() (string, error) {
+func execLabel() (string, error) {
 	return "", nil
 }
 
-// PidLabel returns the SELinux label of the given pid, or an error.
-func PidLabel(pid int) (string, error) {
+func canonicalizeContext(val string) (string, error) {
 	return "", nil
 }
 
-/*
-ExecLabel returns the SELinux label that the kernel will use for any programs
-that are executed by the current process thread, or an error.
-*/
-func ExecLabel() (string, error) {
+func computeCreateContext(source string, target string, class string) (string, error) {
 	return "", nil
 }
 
-/*
-CanonicalizeContext takes a context string and writes it to the kernel
-the function then returns the context that the kernel will use.  This function
-can be used to see if two contexts are equivalent
-*/
-func CanonicalizeContext(val string) (string, error) {
+func calculateGlbLub(sourceRange, targetRange string) (string, error) {
 	return "", nil
 }
 
-/*
-SetExecLabel sets the SELinux label that the kernel will use for any programs
-that are executed by the current process thread, or an error.
-*/
-func SetExecLabel(label string) error {
+func setExecLabel(label string) error {
+	return nil
+}
+
+func setTaskLabel(label string) error {
+	return nil
+}
+
+func setSocketLabel(label string) error {
 	return nil
 }
 
-// Get returns the Context as a string
-func (c Context) Get() string {
+func socketLabel() (string, error) {
+	return "", nil
+}
+
+func peerLabel(fd uintptr) (string, error) {
+	return "", nil
+}
+
+func setKeyLabel(label string) error {
+	return nil
+}
+
+func keyLabel() (string, error) {
+	return "", nil
+}
+
+func (c Context) get() string {
 	return ""
 }
 
-// NewContext creates a new Context struct from the specified label
-func NewContext(label string) Context {
+func newContext(label string) (Context, error) {
 	c := make(Context)
-	return c
+	return c, nil
 }
 
-// ReserveLabel reserves the MLS/MCS level component of the specified label
-func ReserveLabel(label string) {
-	return
+func clearLabels() {
 }
 
-// EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled
-func EnforceMode() int {
+func reserveLabel(label string) {
+}
+
+func enforceMode() int {
 	return Disabled
 }
 
-/*
-SetEnforceMode sets the current SELinux mode Enforcing, Permissive.
-Disabled is not valid, since this needs to be set at boot time.
-*/
-func SetEnforceMode(mode int) error {
+func setEnforceMode(mode int) error {
 	return nil
 }
 
-/*
-DefaultEnforceMode returns the systems default SELinux mode Enforcing,
-Permissive or Disabled. Note this is is just the default at boot time.
-EnforceMode tells you the systems current mode.
-*/
-func DefaultEnforceMode() int {
+func defaultEnforceMode() int {
 	return Disabled
 }
 
-/*
-ReleaseLabel will unreserve the MLS/MCS Level field of the specified label.
-Allowing it to be used by another process.
-*/
-func ReleaseLabel(label string) {
-	return
+func releaseLabel(label string) {
 }
 
-// ROFileLabel returns the specified SELinux readonly file label
-func ROFileLabel() string {
+func roFileLabel() string {
 	return ""
 }
 
-/*
-ContainerLabels returns an allocated processLabel and fileLabel to be used for
-container labeling by the calling process.
-*/
-func ContainerLabels() (processLabel string, fileLabel string) {
+func kvmContainerLabels() (string, string) {
+	return "", ""
+}
+
+func initContainerLabels() (string, string) {
 	return "", ""
 }
 
-// SecurityCheckContext validates that the SELinux label is understood by the kernel
-func SecurityCheckContext(val string) error {
+func containerLabels() (processLabel string, fileLabel string) {
+	return "", ""
+}
+
+func securityCheckContext(val string) error {
 	return nil
 }
 
-/*
-CopyLevel returns a label with the MLS/MCS level from src label replaced on
-the dest label.
-*/
-func CopyLevel(src, dest string) (string, error) {
+func copyLevel(src, dest string) (string, error) {
 	return "", nil
 }
 
-// Chcon changes the `fpath` file object to the SELinux label `label`.
-// If `fpath` is a directory and `recurse`` is true, Chcon will walk the
-// directory tree setting the label.
-func Chcon(fpath string, label string, recurse bool) error {
+func chcon(fpath string, label string, recurse bool) error {
 	return nil
 }
 
-// DupSecOpt takes an SELinux process label and returns security options that
-// can be used to set the SELinux Type and Level for future container processes.
-func DupSecOpt(src string) []string {
-	return nil
+func dupSecOpt(src string) ([]string, error) {
+	return nil, nil
 }
 
-// DisableSecOpt returns a security opt that can be used to disable SELinux
-// labeling support for future container processes.
-func DisableSecOpt() []string {
+func disableSecOpt() []string {
 	return []string{"disable"}
 }
+
+func getDefaultContextWithLevel(user, level, scon string) (string, error) {
+	return "", nil
+}
+
+func label(_ string) string {
+	return ""
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
deleted file mode 100644
index 67a9d8ee85ff4..0000000000000
--- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
+++ /dev/null
@@ -1,78 +0,0 @@
-// +build selinux,linux
-
-package selinux
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-var _zero uintptr
-
-// Returns a []byte slice if the xattr is set and nil otherwise
-// Requires path and its attribute as arguments
-func lgetxattr(path string, attr string) ([]byte, error) {
-	var sz int
-	pathBytes, err := syscall.BytePtrFromString(path)
-	if err != nil {
-		return nil, err
-	}
-	attrBytes, err := syscall.BytePtrFromString(attr)
-	if err != nil {
-		return nil, err
-	}
-
-	// Start with a 128 length byte array
-	sz = 128
-	dest := make([]byte, sz)
-	destBytes := unsafe.Pointer(&dest[0])
-	_sz, _, errno := syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
-
-	switch {
-	case errno == syscall.ENODATA:
-		return nil, errno
-	case errno == syscall.ENOTSUP:
-		return nil, errno
-	case errno == syscall.ERANGE:
-		// 128 byte array might just not be good enough,
-		// A dummy buffer is used ``uintptr(0)`` to get real size
-		// of the xattrs on disk
-		_sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(unsafe.Pointer(nil)), uintptr(0), 0, 0)
-		sz = int(_sz)
-		if sz < 0 {
-			return nil, errno
-		}
-		dest = make([]byte, sz)
-		destBytes := unsafe.Pointer(&dest[0])
-		_sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
-		if errno != 0 {
-			return nil, errno
-		}
-	case errno != 0:
-		return nil, errno
-	}
-	sz = int(_sz)
-	return dest[:sz], nil
-}
-
-func lsetxattr(path string, attr string, data []byte, flags int) error {
-	pathBytes, err := syscall.BytePtrFromString(path)
-	if err != nil {
-		return err
-	}
-	attrBytes, err := syscall.BytePtrFromString(attr)
-	if err != nil {
-		return err
-	}
-	var dataBytes unsafe.Pointer
-	if len(data) > 0 {
-		dataBytes = unsafe.Pointer(&data[0])
-	} else {
-		dataBytes = unsafe.Pointer(&_zero)
-	}
-	_, _, errno := syscall.Syscall6(syscall.SYS_LSETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(dataBytes), uintptr(len(data)), uintptr(flags), 0)
-	if errno != 0 {
-		return errno
-	}
-	return nil
-}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go
new file mode 100644
index 0000000000000..c6b0a7f265524
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go
@@ -0,0 +1,38 @@
+package selinux
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// lgetxattr returns a []byte slice containing the value of
+// an extended attribute attr set for path.
+func lgetxattr(path, attr string) ([]byte, error) {
+	// Start with a 128 length byte array
+	dest := make([]byte, 128)
+	sz, errno := doLgetxattr(path, attr, dest)
+	for errno == unix.ERANGE { //nolint:errorlint // unix errors are bare
+		// Buffer too small, use zero-sized buffer to get the actual size
+		sz, errno = doLgetxattr(path, attr, []byte{})
+		if errno != nil {
+			return nil, errno
+		}
+
+		dest = make([]byte, sz)
+		sz, errno = doLgetxattr(path, attr, dest)
+	}
+	if errno != nil {
+		return nil, errno
+	}
+
+	return dest[:sz], nil
+}
+
+// doLgetxattr is a wrapper that retries on EINTR
+func doLgetxattr(path, attr string, dest []byte) (int, error) {
+	for {
+		sz, err := unix.Lgetxattr(path, attr, dest)
+		if err != unix.EINTR { //nolint:errorlint // unix errors are bare
+			return sz, err
+		}
+	}
+}
diff --git a/vendor/github.com/opencontainers/selinux/go.mod b/vendor/github.com/opencontainers/selinux/go.mod
new file mode 100644
index 0000000000000..93ee78e18689e
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/go.mod
@@ -0,0 +1,5 @@
+module github.com/opencontainers/selinux
+
+go 1.13
+
+require golang.org/x/sys v0.0.0-20191115151921-52ab43148777
diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalk/README.md b/vendor/github.com/opencontainers/selinux/pkg/pwalk/README.md
new file mode 100644
index 0000000000000..7e78dce0156b2
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/pkg/pwalk/README.md
@@ -0,0 +1,48 @@
+## pwalk: parallel implementation of filepath.Walk
+
+This is a wrapper for [filepath.Walk](https://pkg.go.dev/path/filepath?tab=doc#Walk)
+which may speed it up by calling multiple callback functions (WalkFunc) in parallel,
+utilizing goroutines.
+
+By default, it utilizes 2\*runtime.NumCPU() goroutines for callbacks.
+This can be changed by using WalkN function which has the additional
+parameter, specifying the number of goroutines (concurrency).
+
+### pwalk vs pwalkdir
+
+This package is deprecated in favor of
+[pwalkdir](https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir),
+which is faster, but requires at least Go 1.16.
+
+### Caveats
+
+Please note the following limitations of this code:
+
+* Unlike filepath.Walk, the order of calls is non-deterministic;
+
+* Only primitive error handling is supported:
+
+  * filepath.SkipDir is not supported;
+
+  * no errors are ever passed to WalkFunc;
+
+  * once any error is returned from any WalkFunc instance, no more new calls
+    to WalkFunc are made, and the error is returned to the caller of Walk;
+
+  * if more than one walkFunc instance will return an error, only one
+    of such errors will be propagated and returned by Walk, others
+    will be silently discarded.
+
+### Documentation
+
+For the official documentation, see
+https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalk?tab=doc
+
+### Benchmarks
+
+For a WalkFunc that consists solely of the return statement, this
+implementation is about 10% slower than the standard library's
+filepath.Walk.
+
+Otherwise (if a WalkFunc is doing something) this is usually faster,
+except when the WalkN(..., 1) is used.
diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
new file mode 100644
index 0000000000000..202c80da59c3b
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
@@ -0,0 +1,115 @@
+package pwalk
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sync"
+)
+
+type WalkFunc = filepath.WalkFunc
+
+// Walk is a wrapper for filepath.Walk which can call multiple walkFn
+// in parallel, allowing to handle each item concurrently. A maximum of
+// twice the runtime.NumCPU() walkFn will be called at any one time.
+// If you want to change the maximum, use WalkN instead.
+//
+// The order of calls is non-deterministic.
+//
+// Note that this implementation only supports primitive error handling:
+//
+// - no errors are ever passed to walkFn;
+//
+// - once a walkFn returns any error, all further processing stops
+// and the error is returned to the caller of Walk;
+//
+// - filepath.SkipDir is not supported;
+//
+// - if more than one walkFn instance will return an error, only one
+// of such errors will be propagated and returned by Walk, others
+// will be silently discarded.
+func Walk(root string, walkFn WalkFunc) error {
+	return WalkN(root, walkFn, runtime.NumCPU()*2)
+}
+
+// WalkN is a wrapper for filepath.Walk which can call multiple walkFn
+// in parallel, allowing to handle each item concurrently. A maximum of
+// num walkFn will be called at any one time.
+//
+// Please see Walk documentation for caveats of using this function.
+func WalkN(root string, walkFn WalkFunc, num int) error {
+	// make sure limit is sensible
+	if num < 1 {
+		return fmt.Errorf("walk(%q): num must be > 0", root)
+	}
+
+	files := make(chan *walkArgs, 2*num)
+	errCh := make(chan error, 1) // get the first error, ignore others
+
+	// Start walking a tree asap
+	var (
+		err error
+		wg  sync.WaitGroup
+
+		rootLen   = len(root)
+		rootEntry *walkArgs
+	)
+	wg.Add(1)
+	go func() {
+		err = filepath.Walk(root, func(p string, info os.FileInfo, err error) error {
+			if err != nil {
+				close(files)
+				return err
+			}
+			if len(p) == rootLen {
+				// Root entry is processed separately below.
+				rootEntry = &walkArgs{path: p, info: &info}
+				return nil
+			}
+			// add a file to the queue unless a callback sent an error
+			select {
+			case e := <-errCh:
+				close(files)
+				return e
+			default:
+				files <- &walkArgs{path: p, info: &info}
+				return nil
+			}
+		})
+		if err == nil {
+			close(files)
+		}
+		wg.Done()
+	}()
+
+	wg.Add(num)
+	for i := 0; i < num; i++ {
+		go func() {
+			for file := range files {
+				if e := walkFn(file.path, *file.info, nil); e != nil {
+					select {
+					case errCh <- e: // sent ok
+					default: // buffer full
+					}
+				}
+			}
+			wg.Done()
+		}()
+	}
+
+	wg.Wait()
+
+	if err == nil {
+		err = walkFn(rootEntry.path, *rootEntry.info, nil)
+	}
+
+	return err
+}
+
+// walkArgs holds the arguments that were passed to the Walk or WalkN
+// functions.
+type walkArgs struct {
+	path string
+	info *os.FileInfo
+}
diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/README.md b/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/README.md
new file mode 100644
index 0000000000000..068ac400565bc
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/README.md
@@ -0,0 +1,54 @@
+## pwalkdir: parallel implementation of filepath.WalkDir
+
+This is a wrapper for [filepath.WalkDir](https://pkg.go.dev/path/filepath#WalkDir)
+which may speed it up by calling multiple callback functions (WalkDirFunc)
+in parallel, utilizing goroutines.
+
+By default, it utilizes 2\*runtime.NumCPU() goroutines for callbacks.
+This can be changed by using WalkN function which has the additional
+parameter, specifying the number of goroutines (concurrency).
+
+### pwalk vs pwalkdir
+
+This package is very similar to
+[pwalk](https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir),
+but utilizes `filepath.WalkDir` (added to Go 1.16), which does not call stat(2)
+on every entry and is therefore faster (up to 3x, depending on usage scenario).
+
+Users who are OK with requiring Go 1.16+ should switch to this
+implementation.
+
+### Caveats
+
+Please note the following limitations of this code:
+
+* Unlike filepath.WalkDir, the order of calls is non-deterministic;
+
+* Only primitive error handling is supported:
+
+  * fs.SkipDir is not supported;
+
+  * no errors are ever passed to WalkDirFunc;
+
+  * once any error is returned from any walkDirFunc instance, no more calls
+    to WalkDirFunc are made, and the error is returned to the caller of WalkDir;
+
+  * if more than one WalkDirFunc instance will return an error, only one
+    of such errors will be propagated to and returned by WalkDir, others
+    will be silently discarded.
+
+### Documentation
+
+For the official documentation, see
+https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir
+
+### Benchmarks
+
+For a WalkDirFunc that consists solely of the return statement, this
+implementation is about 15% slower than the standard library's
+filepath.WalkDir.
+
+Otherwise (if a WalkDirFunc is actually doing something) this is usually
+faster, except when the WalkDirN(..., 1) is used. Run `go test -bench .`
+to see how different operations can benefit from it, as well as how the
+level of paralellism affects the speed.
diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go b/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go
new file mode 100644
index 0000000000000..a5796b2c4f1c5
--- /dev/null
+++ b/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go
@@ -0,0 +1,116 @@
+//go:build go1.16
+// +build go1.16
+
+package pwalkdir
+
+import (
+	"fmt"
+	"io/fs"
+	"path/filepath"
+	"runtime"
+	"sync"
+)
+
+// Walk is a wrapper for filepath.WalkDir which can call multiple walkFn
+// in parallel, allowing to handle each item concurrently. A maximum of
+// twice the runtime.NumCPU() walkFn will be called at any one time.
+// If you want to change the maximum, use WalkN instead.
+//
+// The order of calls is non-deterministic.
+//
+// Note that this implementation only supports primitive error handling:
+//
+// - no errors are ever passed to walkFn;
+//
+// - once a walkFn returns any error, all further processing stops
+// and the error is returned to the caller of Walk;
+//
+// - filepath.SkipDir is not supported;
+//
+// - if more than one walkFn instance will return an error, only one
+// of such errors will be propagated and returned by Walk, others
+// will be silently discarded.
+func Walk(root string, walkFn fs.WalkDirFunc) error {
+	return WalkN(root, walkFn, runtime.NumCPU()*2)
+}
+
+// WalkN is a wrapper for filepath.WalkDir which can call multiple walkFn
+// in parallel, allowing to handle each item concurrently. A maximum of
+// num walkFn will be called at any one time.
+//
+// Please see Walk documentation for caveats of using this function.
+func WalkN(root string, walkFn fs.WalkDirFunc, num int) error {
+	// make sure limit is sensible
+	if num < 1 {
+		return fmt.Errorf("walk(%q): num must be > 0", root)
+	}
+
+	files := make(chan *walkArgs, 2*num)
+	errCh := make(chan error, 1) // Get the first error, ignore others.
+
+	// Start walking a tree asap.
+	var (
+		err error
+		wg  sync.WaitGroup
+
+		rootLen   = len(root)
+		rootEntry *walkArgs
+	)
+	wg.Add(1)
+	go func() {
+		err = filepath.WalkDir(root, func(p string, entry fs.DirEntry, err error) error {
+			if err != nil {
+				close(files)
+				return err
+			}
+			if len(p) == rootLen {
+				// Root entry is processed separately below.
+				rootEntry = &walkArgs{path: p, entry: entry}
+				return nil
+			}
+			// Add a file to the queue unless a callback sent an error.
+			select {
+			case e := <-errCh:
+				close(files)
+				return e
+			default:
+				files <- &walkArgs{path: p, entry: entry}
+				return nil
+			}
+		})
+		if err == nil {
+			close(files)
+		}
+		wg.Done()
+	}()
+
+	wg.Add(num)
+	for i := 0; i < num; i++ {
+		go func() {
+			for file := range files {
+				if e := walkFn(file.path, file.entry, nil); e != nil {
+					select {
+					case errCh <- e: // sent ok
+					default: // buffer full
+					}
+				}
+			}
+			wg.Done()
+		}()
+	}
+
+	wg.Wait()
+
+	if err == nil {
+		err = walkFn(rootEntry.path, rootEntry.entry, nil)
+	}
+
+	return err
+}
+
+// walkArgs holds the arguments that were passed to the Walk or WalkN
+// functions.
+type walkArgs struct {
+	path  string
+	entry fs.DirEntry
+}
diff --git a/vendor/github.com/opentracing-contrib/go-stdlib/LICENSE b/vendor/github.com/opentracing-contrib/go-stdlib/LICENSE
index c259d1290717d..261eeb9e9f8b2 100644
--- a/vendor/github.com/opentracing-contrib/go-stdlib/LICENSE
+++ b/vendor/github.com/opentracing-contrib/go-stdlib/LICENSE
@@ -1,27 +1,201 @@
-Copyright (c) 2016, opentracing-contrib
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-* Neither the name of go-stdlib nor the names of its
-  contributors may be used to endorse or promote products derived from
-  this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/opentracing-contrib/go-stdlib/README.md b/vendor/github.com/opentracing-contrib/go-stdlib/README.md
index 139709c1461a5..c820daad1456c 100644
--- a/vendor/github.com/opentracing-contrib/go-stdlib/README.md
+++ b/vendor/github.com/opentracing-contrib/go-stdlib/README.md
@@ -16,3 +16,7 @@ following caveats:
 
 - **net/http**: Client and server instrumentation. *Only supported
   with Go 1.7 and later.*
+
+## License
+
+By contributing to this repository, you agree that your contributions will be licensed under [Apache 2.0 License](./LICENSE).
diff --git a/vendor/github.com/opentracing-contrib/go-stdlib/go.mod b/vendor/github.com/opentracing-contrib/go-stdlib/go.mod
new file mode 100644
index 0000000000000..3b3c5c2230b1f
--- /dev/null
+++ b/vendor/github.com/opentracing-contrib/go-stdlib/go.mod
@@ -0,0 +1,7 @@
+module github.com/opentracing-contrib/go-stdlib
+
+go 1.14
+
+require (
+	github.com/opentracing/opentracing-go v1.1.0
+)
diff --git a/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/client.go b/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/client.go
index 8d33bcb63c0fe..bfb305ffa463a 100644
--- a/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/client.go
+++ b/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/client.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptrace"
+	"net/url"
 
 	"github.com/opentracing/opentracing-go"
 	"github.com/opentracing/opentracing-go/ext"
@@ -31,9 +32,12 @@ type Transport struct {
 }
 
 type clientOptions struct {
-	operationName      string
-	componentName      string
-	disableClientTrace bool
+	operationName            string
+	componentName            string
+	urlTagFunc         func(u *url.URL) string
+	disableClientTrace       bool
+	disableInjectSpanContext bool
+	spanObserver             func(span opentracing.Span, r *http.Request)
 }
 
 // ClientOption contols the behavior of TraceRequest.
@@ -47,6 +51,15 @@ func OperationName(operationName string) ClientOption {
 	}
 }
 
+// URLTagFunc returns a ClientOption that uses given function f
+// to set the span's http.url tag. Can be used to change the default
+// http.url tag, eg to redact sensitive information.
+func URLTagFunc(f func(u *url.URL) string) ClientOption {
+	return func(options *clientOptions) {
+		options.urlTagFunc = f
+	}
+}
+
 // ComponentName returns a ClientOption that sets the component
 // name for the client-side span.
 func ComponentName(componentName string) ClientOption {
@@ -63,6 +76,24 @@ func ClientTrace(enabled bool) ClientOption {
 	}
 }
 
+// InjectSpanContext returns a ClientOption that turns on or off
+// injection of the Span context in the request HTTP headers.
+// If this option is not used, the default behaviour is to
+// inject the span context.
+func InjectSpanContext(enabled bool) ClientOption {
+	return func(options *clientOptions) {
+		options.disableInjectSpanContext = !enabled
+	}
+}
+
+// ClientSpanObserver returns a ClientOption that observes the span
+// for the client-side span.
+func ClientSpanObserver(f func(span opentracing.Span, r *http.Request)) ClientOption {
+	return func(options *clientOptions) {
+		options.spanObserver = f
+	}
+}
+
 // TraceRequest adds a ClientTracer to req, tracing the request and
 // all requests caused due to redirects. When tracing requests this
 // way you must also use Transport.
@@ -88,7 +119,12 @@ func ClientTrace(enabled bool) ClientOption {
 // 		return nil
 // 	}
 func TraceRequest(tr opentracing.Tracer, req *http.Request, options ...ClientOption) (*http.Request, *Tracer) {
-	opts := &clientOptions{}
+	opts := &clientOptions{
+		urlTagFunc: func(u *url.URL) string {
+			return u.String()
+		},
+		spanObserver: func(_ opentracing.Span, _ *http.Request) {},
+	}
 	for _, opt := range options {
 		opt(opts)
 	}
@@ -113,24 +149,38 @@ func (c closeTracker) Close() error {
 	return err
 }
 
+// TracerFromRequest retrieves the Tracer from the request. If the request does
+// not have a Tracer it will return nil.
+func TracerFromRequest(req *http.Request) *Tracer {
+	tr, ok := req.Context().Value(keyTracer).(*Tracer)
+	if !ok {
+		return nil
+	}
+	return tr
+}
+
 // RoundTrip implements the RoundTripper interface.
 func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 	rt := t.RoundTripper
 	if rt == nil {
 		rt = http.DefaultTransport
 	}
-	tracer, ok := req.Context().Value(keyTracer).(*Tracer)
-	if !ok {
+	tracer := TracerFromRequest(req)
+	if tracer == nil {
 		return rt.RoundTrip(req)
 	}
 
 	tracer.start(req)
 
 	ext.HTTPMethod.Set(tracer.sp, req.Method)
-	ext.HTTPUrl.Set(tracer.sp, req.URL.String())
+	ext.HTTPUrl.Set(tracer.sp, tracer.opts.urlTagFunc(req.URL))
+	tracer.opts.spanObserver(tracer.sp, req)
+
+	if !tracer.opts.disableInjectSpanContext {
+		carrier := opentracing.HTTPHeadersCarrier(req.Header)
+		tracer.sp.Tracer().Inject(tracer.sp.Context(), opentracing.HTTPHeaders, carrier)
+	}
 
-	carrier := opentracing.HTTPHeadersCarrier(req.Header)
-	tracer.sp.Tracer().Inject(tracer.sp.Context(), opentracing.HTTPHeaders, carrier)
 	resp, err := rt.RoundTrip(req)
 
 	if err != nil {
@@ -138,6 +188,9 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 		return resp, err
 	}
 	ext.HTTPStatusCode.Set(tracer.sp, uint16(resp.StatusCode))
+	if resp.StatusCode >= http.StatusInternalServerError {
+		ext.Error.Set(tracer.sp, true)
+	}
 	if req.Method == "HEAD" {
 		tracer.sp.Finish()
 	} else {
diff --git a/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/server.go b/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/server.go
index 2b31415e7e871..db2df6620412b 100644
--- a/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/server.go
+++ b/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/server.go
@@ -4,23 +4,17 @@ package nethttp
 
 import (
 	"net/http"
+	"net/url"
 
 	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/opentracing/opentracing-go/ext"
 )
 
-type statusCodeTracker struct {
-	http.ResponseWriter
-	status int
-}
-
-func (w *statusCodeTracker) WriteHeader(status int) {
-	w.status = status
-	w.ResponseWriter.WriteHeader(status)
-}
-
 type mwOptions struct {
 	opNameFunc    func(r *http.Request) string
+	spanFilter    func(r *http.Request) bool
+	spanObserver  func(span opentracing.Span, r *http.Request)
+	urlTagFunc    func(u *url.URL) string
 	componentName string
 }
 
@@ -36,13 +30,39 @@ func OperationNameFunc(f func(r *http.Request) string) MWOption {
 }
 
 // MWComponentName returns a MWOption that sets the component name
-// name for the server-side span.
+// for the server-side span.
 func MWComponentName(componentName string) MWOption {
 	return func(options *mwOptions) {
 		options.componentName = componentName
 	}
 }
 
+// MWSpanFilter returns a MWOption that filters requests from creating a span
+// for the server-side span.
+// Span won't be created if it returns false.
+func MWSpanFilter(f func(r *http.Request) bool) MWOption {
+	return func(options *mwOptions) {
+		options.spanFilter = f
+	}
+}
+
+// MWSpanObserver returns a MWOption that observe the span
+// for the server-side span.
+func MWSpanObserver(f func(span opentracing.Span, r *http.Request)) MWOption {
+	return func(options *mwOptions) {
+		options.spanObserver = f
+	}
+}
+
+// MWURLTagFunc returns a MWOption that uses given function f
+// to set the span's http.url tag. Can be used to change the default
+// http.url tag, eg to redact sensitive information.
+func MWURLTagFunc(f func(u *url.URL) string) MWOption {
+	return func(options *mwOptions) {
+		options.urlTagFunc = f
+	}
+}
+
 // Middleware wraps an http.Handler and traces incoming requests.
 // Additionally, it adds the span to the request's context.
 //
@@ -58,39 +78,80 @@ func MWComponentName(componentName string) MWOption {
 //   mw := nethttp.Middleware(
 //      tracer,
 //      http.DefaultServeMux,
-//      nethttp.OperationName(func(r *http.Request) string {
+//      nethttp.OperationNameFunc(func(r *http.Request) string {
 //	        return "HTTP " + r.Method + ":/api/customers"
 //      }),
+//      nethttp.MWSpanObserver(func(sp opentracing.Span, r *http.Request) {
+//			sp.SetTag("http.uri", r.URL.EscapedPath())
+//		}),
 //   )
 func Middleware(tr opentracing.Tracer, h http.Handler, options ...MWOption) http.Handler {
+	return MiddlewareFunc(tr, h.ServeHTTP, options...)
+}
+
+// MiddlewareFunc wraps an http.HandlerFunc and traces incoming requests.
+// It behaves identically to the Middleware function above.
+//
+// Example:
+//   http.ListenAndServe("localhost:80", nethttp.MiddlewareFunc(tracer, MyHandler))
+func MiddlewareFunc(tr opentracing.Tracer, h http.HandlerFunc, options ...MWOption) http.HandlerFunc {
 	opts := mwOptions{
 		opNameFunc: func(r *http.Request) string {
 			return "HTTP " + r.Method
 		},
+		spanFilter:   func(r *http.Request) bool { return true },
+		spanObserver: func(span opentracing.Span, r *http.Request) {},
+		urlTagFunc: func(u *url.URL) string {
+			return u.String()
+		},
 	}
 	for _, opt := range options {
 		opt(&opts)
 	}
+	// set component name, use "net/http" if caller does not specify
+	componentName := opts.componentName
+	if componentName == "" {
+		componentName = defaultComponentName
+	}
+
 	fn := func(w http.ResponseWriter, r *http.Request) {
+		if !opts.spanFilter(r) {
+			h(w, r)
+			return
+		}
 		ctx, _ := tr.Extract(opentracing.HTTPHeaders, opentracing.HTTPHeadersCarrier(r.Header))
 		sp := tr.StartSpan(opts.opNameFunc(r), ext.RPCServerOption(ctx))
 		ext.HTTPMethod.Set(sp, r.Method)
-		ext.HTTPUrl.Set(sp, r.URL.String())
-
-		// set component name, use "net/http" if caller does not specify
-		componentName := opts.componentName
-		if componentName == "" {
-			componentName = defaultComponentName
-		}
+		ext.HTTPUrl.Set(sp, opts.urlTagFunc(r.URL))
 		ext.Component.Set(sp, componentName)
+		opts.spanObserver(sp, r)
 
-		w = &statusCodeTracker{w, 200}
+		sct := &statusCodeTracker{ResponseWriter: w}
 		r = r.WithContext(opentracing.ContextWithSpan(r.Context(), sp))
 
-		h.ServeHTTP(w, r)
+		defer func() {
+			panicErr := recover()
+			didPanic := panicErr != nil
+
+			if sct.status == 0 && !didPanic {
+				// Standard behavior of http.Server is to assume status code 200 if one was not written by a handler that returned successfully.
+				// https://github.com/golang/go/blob/fca286bed3ed0e12336532cc711875ae5b3cb02a/src/net/http/server.go#L120
+				sct.status = 200
+			}
+			if sct.status > 0 {
+				ext.HTTPStatusCode.Set(sp, uint16(sct.status))
+			}
+			if sct.status >= http.StatusInternalServerError || didPanic {
+				ext.Error.Set(sp, true)
+			}
+			sp.Finish()
+
+			if didPanic {
+				panic(panicErr)
+			}
+		}()
 
-		ext.HTTPStatusCode.Set(sp, uint16(w.(*statusCodeTracker).status))
-		sp.Finish()
+		h(sct.wrappedResponseWriter(), r)
 	}
 	return http.HandlerFunc(fn)
 }
diff --git a/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/status-code-tracker.go b/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/status-code-tracker.go
new file mode 100644
index 0000000000000..80a5ce08645b3
--- /dev/null
+++ b/vendor/github.com/opentracing-contrib/go-stdlib/nethttp/status-code-tracker.go
@@ -0,0 +1,251 @@
+// +build go1.8
+
+package nethttp
+
+import (
+	"io"
+	"net/http"
+)
+
+type statusCodeTracker struct {
+	http.ResponseWriter
+	status int
+}
+
+func (w *statusCodeTracker) WriteHeader(status int) {
+	w.status = status
+	w.ResponseWriter.WriteHeader(status)
+}
+
+func (w *statusCodeTracker) Write(b []byte) (int, error) {
+	return w.ResponseWriter.Write(b)
+}
+
+// wrappedResponseWriter returns a wrapped version of the original
+// ResponseWriter and only implements the same combination of additional
+// interfaces as the original.  This implementation is based on
+// https://github.com/felixge/httpsnoop.
+func (w *statusCodeTracker) wrappedResponseWriter() http.ResponseWriter {
+	var (
+		hj, i0 = w.ResponseWriter.(http.Hijacker)
+		cn, i1 = w.ResponseWriter.(http.CloseNotifier)
+		pu, i2 = w.ResponseWriter.(http.Pusher)
+		fl, i3 = w.ResponseWriter.(http.Flusher)
+		rf, i4 = w.ResponseWriter.(io.ReaderFrom)
+	)
+
+	switch {
+	case !i0 && !i1 && !i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+		}{w}
+	case !i0 && !i1 && !i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			io.ReaderFrom
+		}{w, rf}
+	case !i0 && !i1 && !i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Flusher
+		}{w, fl}
+	case !i0 && !i1 && !i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Flusher
+			io.ReaderFrom
+		}{w, fl, rf}
+	case !i0 && !i1 && i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Pusher
+		}{w, pu}
+	case !i0 && !i1 && i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Pusher
+			io.ReaderFrom
+		}{w, pu, rf}
+	case !i0 && !i1 && i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Pusher
+			http.Flusher
+		}{w, pu, fl}
+	case !i0 && !i1 && i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Pusher
+			http.Flusher
+			io.ReaderFrom
+		}{w, pu, fl, rf}
+	case !i0 && i1 && !i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+		}{w, cn}
+	case !i0 && i1 && !i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			io.ReaderFrom
+		}{w, cn, rf}
+	case !i0 && i1 && !i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Flusher
+		}{w, cn, fl}
+	case !i0 && i1 && !i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Flusher
+			io.ReaderFrom
+		}{w, cn, fl, rf}
+	case !i0 && i1 && i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+		}{w, cn, pu}
+	case !i0 && i1 && i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+			io.ReaderFrom
+		}{w, cn, pu, rf}
+	case !i0 && i1 && i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+			http.Flusher
+		}{w, cn, pu, fl}
+	case !i0 && i1 && i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+			http.Flusher
+			io.ReaderFrom
+		}{w, cn, pu, fl, rf}
+	case i0 && !i1 && !i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+		}{w, hj}
+	case i0 && !i1 && !i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			io.ReaderFrom
+		}{w, hj, rf}
+	case i0 && !i1 && !i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Flusher
+		}{w, hj, fl}
+	case i0 && !i1 && !i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Flusher
+			io.ReaderFrom
+		}{w, hj, fl, rf}
+	case i0 && !i1 && i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+		}{w, hj, pu}
+	case i0 && !i1 && i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+			io.ReaderFrom
+		}{w, hj, pu, rf}
+	case i0 && !i1 && i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+			http.Flusher
+		}{w, hj, pu, fl}
+	case i0 && !i1 && i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+			http.Flusher
+			io.ReaderFrom
+		}{w, hj, pu, fl, rf}
+	case i0 && i1 && !i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+		}{w, hj, cn}
+	case i0 && i1 && !i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			io.ReaderFrom
+		}{w, hj, cn, rf}
+	case i0 && i1 && !i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Flusher
+		}{w, hj, cn, fl}
+	case i0 && i1 && !i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Flusher
+			io.ReaderFrom
+		}{w, hj, cn, fl, rf}
+	case i0 && i1 && i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Pusher
+		}{w, hj, cn, pu}
+	case i0 && i1 && i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Pusher
+			io.ReaderFrom
+		}{w, hj, cn, pu, rf}
+	case i0 && i1 && i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Pusher
+			http.Flusher
+		}{w, hj, cn, pu, fl}
+	case i0 && i1 && i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Pusher
+			http.Flusher
+			io.ReaderFrom
+		}{w, hj, cn, pu, fl, rf}
+	default:
+		return struct {
+			http.ResponseWriter
+		}{w}
+	}
+}
diff --git a/vendor/github.com/opentracing/opentracing-go/LICENSE b/vendor/github.com/opentracing/opentracing-go/LICENSE
index 148509a4035a9..f0027349e8302 100644
--- a/vendor/github.com/opentracing/opentracing-go/LICENSE
+++ b/vendor/github.com/opentracing/opentracing-go/LICENSE
@@ -1,21 +1,201 @@
-The MIT License (MIT)
-
-Copyright (c) 2016 The OpenTracing Authors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2016 The OpenTracing Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/opentracing/opentracing-go/README.md b/vendor/github.com/opentracing/opentracing-go/README.md
index 19a541c2c593d..6ef1d7c9d2749 100644
--- a/vendor/github.com/opentracing/opentracing-go/README.md
+++ b/vendor/github.com/opentracing/opentracing-go/README.md
@@ -8,8 +8,8 @@ This package is a Go platform API for OpenTracing.
 ## Required Reading
 
 In order to understand the Go platform API, one must first be familiar with the
-[OpenTracing project](http://opentracing.io) and
-[terminology](http://opentracing.io/documentation/pages/spec.html) more specifically.
+[OpenTracing project](https://opentracing.io) and
+[terminology](https://opentracing.io/specification/) more specifically.
 
 ## API overview for those adding instrumentation
 
@@ -27,7 +27,7 @@ The simplest starting point is `./default_tracer.go`. As early as possible, call
     import ".../some_tracing_impl"
 
     func main() {
-        opentracing.InitGlobalTracer(
+        opentracing.SetGlobalTracer(
             // tracing impl specific:
             some_tracing_impl.New(...),
         )
@@ -35,7 +35,7 @@ The simplest starting point is `./default_tracer.go`. As early as possible, call
     }
 ```
 
-##### Non-Singleton initialization
+#### Non-Singleton initialization
 
 If you prefer direct control to singletons, manage ownership of the
 `opentracing.Tracer` implementation explicitly.
@@ -161,3 +161,11 @@ Tracing system implementors may be able to reuse or copy-paste-modify the `basic
 ## API compatibility
 
 For the time being, "mild" backwards-incompatible changes may be made without changing the major version number. As OpenTracing and `opentracing-go` mature, backwards compatibility will become more of a priority.
+
+## Tracer test suite
+
+A test suite is available in the [harness](https://godoc.org/github.com/opentracing/opentracing-go/harness) package that can assist Tracer implementors to assert that their Tracer is working correctly.
+
+## Licensing
+
+[Apache 2.0 License](./LICENSE).
diff --git a/vendor/github.com/opentracing/opentracing-go/ext.go b/vendor/github.com/opentracing/opentracing-go/ext.go
new file mode 100644
index 0000000000000..e11977ebe85db
--- /dev/null
+++ b/vendor/github.com/opentracing/opentracing-go/ext.go
@@ -0,0 +1,24 @@
+package opentracing
+
+import (
+	"context"
+)
+
+// TracerContextWithSpanExtension is an extension interface that the
+// implementation of the Tracer interface may want to implement. It
+// allows to have some control over the go context when the
+// ContextWithSpan is invoked.
+//
+// The primary purpose of this extension are adapters from opentracing
+// API to some other tracing API.
+type TracerContextWithSpanExtension interface {
+	// ContextWithSpanHook gets called by the ContextWithSpan
+	// function, when the Tracer implementation also implements
+	// this interface. It allows to put extra information into the
+	// context and make it available to the callers of the
+	// ContextWithSpan.
+	//
+	// This hook is invoked before the ContextWithSpan function
+	// actually puts the span into the context.
+	ContextWithSpanHook(ctx context.Context, span Span) context.Context
+}
diff --git a/vendor/github.com/opentracing/opentracing-go/ext/field.go b/vendor/github.com/opentracing/opentracing-go/ext/field.go
new file mode 100644
index 0000000000000..8282bd7584676
--- /dev/null
+++ b/vendor/github.com/opentracing/opentracing-go/ext/field.go
@@ -0,0 +1,17 @@
+package ext
+
+import (
+	"github.com/opentracing/opentracing-go"
+	"github.com/opentracing/opentracing-go/log"
+)
+
+// LogError sets the error=true tag on the Span and logs err as an "error" event.
+func LogError(span opentracing.Span, err error, fields ...log.Field) {
+	Error.Set(span, true)
+	ef := []log.Field{
+		log.Event("error"),
+		log.Error(err),
+	}
+	ef = append(ef, fields...)
+	span.LogFields(ef...)
+}
diff --git a/vendor/github.com/opentracing/opentracing-go/ext/tags.go b/vendor/github.com/opentracing/opentracing-go/ext/tags.go
index 8800129a237de..a414b5951f03f 100644
--- a/vendor/github.com/opentracing/opentracing-go/ext/tags.go
+++ b/vendor/github.com/opentracing/opentracing-go/ext/tags.go
@@ -1,6 +1,6 @@
 package ext
 
-import opentracing "github.com/opentracing/opentracing-go"
+import "github.com/opentracing/opentracing-go"
 
 // These constants define common tag names recommended for better portability across
 // tracing systems and languages/platforms.
@@ -47,40 +47,40 @@ var (
 
 	// Component is a low-cardinality identifier of the module, library,
 	// or package that is generating a span.
-	Component = stringTagName("component")
+	Component = StringTagName("component")
 
 	//////////////////////////////////////////////////////////////////////
 	// Sampling hint
 	//////////////////////////////////////////////////////////////////////
 
 	// SamplingPriority determines the priority of sampling this Span.
-	SamplingPriority = uint16TagName("sampling.priority")
+	SamplingPriority = Uint16TagName("sampling.priority")
 
 	//////////////////////////////////////////////////////////////////////
-	// Peer tags. These tags can be emitted by either client-side of
+	// Peer tags. These tags can be emitted by either client-side or
 	// server-side to describe the other side/service in a peer-to-peer
 	// communications, like an RPC call.
 	//////////////////////////////////////////////////////////////////////
 
 	// PeerService records the service name of the peer.
-	PeerService = stringTagName("peer.service")
+	PeerService = StringTagName("peer.service")
 
 	// PeerAddress records the address name of the peer. This may be a "ip:port",
 	// a bare "hostname", a FQDN or even a database DSN substring
 	// like "mysql://username@127.0.0.1:3306/dbname"
-	PeerAddress = stringTagName("peer.address")
+	PeerAddress = StringTagName("peer.address")
 
 	// PeerHostname records the host name of the peer
-	PeerHostname = stringTagName("peer.hostname")
+	PeerHostname = StringTagName("peer.hostname")
 
 	// PeerHostIPv4 records IP v4 host address of the peer
-	PeerHostIPv4 = ipv4Tag("peer.ipv4")
+	PeerHostIPv4 = IPv4TagName("peer.ipv4")
 
 	// PeerHostIPv6 records IP v6 host address of the peer
-	PeerHostIPv6 = stringTagName("peer.ipv6")
+	PeerHostIPv6 = StringTagName("peer.ipv6")
 
 	// PeerPort records port number of the peer
-	PeerPort = uint16TagName("peer.port")
+	PeerPort = Uint16TagName("peer.port")
 
 	//////////////////////////////////////////////////////////////////////
 	// HTTP Tags
@@ -88,46 +88,46 @@ var (
 
 	// HTTPUrl should be the URL of the request being handled in this segment
 	// of the trace, in standard URI format. The protocol is optional.
-	HTTPUrl = stringTagName("http.url")
+	HTTPUrl = StringTagName("http.url")
 
 	// HTTPMethod is the HTTP method of the request, and is case-insensitive.
-	HTTPMethod = stringTagName("http.method")
+	HTTPMethod = StringTagName("http.method")
 
 	// HTTPStatusCode is the numeric HTTP status code (200, 404, etc) of the
 	// HTTP response.
-	HTTPStatusCode = uint16TagName("http.status_code")
+	HTTPStatusCode = Uint16TagName("http.status_code")
 
 	//////////////////////////////////////////////////////////////////////
 	// DB Tags
 	//////////////////////////////////////////////////////////////////////
 
 	// DBInstance is database instance name.
-	DBInstance = stringTagName("db.instance")
+	DBInstance = StringTagName("db.instance")
 
 	// DBStatement is a database statement for the given database type.
 	// It can be a query or a prepared statement (i.e., before substitution).
-	DBStatement = stringTagName("db.statement")
+	DBStatement = StringTagName("db.statement")
 
 	// DBType is a database type. For any SQL database, "sql".
 	// For others, the lower-case database category, e.g. "redis"
-	DBType = stringTagName("db.type")
+	DBType = StringTagName("db.type")
 
 	// DBUser is a username for accessing database.
-	DBUser = stringTagName("db.user")
+	DBUser = StringTagName("db.user")
 
 	//////////////////////////////////////////////////////////////////////
 	// Message Bus Tag
 	//////////////////////////////////////////////////////////////////////
 
 	// MessageBusDestination is an address at which messages can be exchanged
-	MessageBusDestination = stringTagName("message_bus.destination")
+	MessageBusDestination = StringTagName("message_bus.destination")
 
 	//////////////////////////////////////////////////////////////////////
 	// Error Tag
 	//////////////////////////////////////////////////////////////////////
 
 	// Error indicates that operation represented by the span resulted in an error.
-	Error = boolTagName("error")
+	Error = BoolTagName("error")
 )
 
 // ---
@@ -163,48 +163,53 @@ func RPCServerOption(client opentracing.SpanContext) opentracing.StartSpanOption
 
 // ---
 
-type stringTagName string
+// StringTagName is a common tag name to be set to a string value
+type StringTagName string
 
 // Set adds a string tag to the `span`
-func (tag stringTagName) Set(span opentracing.Span, value string) {
+func (tag StringTagName) Set(span opentracing.Span, value string) {
 	span.SetTag(string(tag), value)
 }
 
 // ---
 
-type uint32TagName string
+// Uint32TagName is a common tag name to be set to a uint32 value
+type Uint32TagName string
 
 // Set adds a uint32 tag to the `span`
-func (tag uint32TagName) Set(span opentracing.Span, value uint32) {
+func (tag Uint32TagName) Set(span opentracing.Span, value uint32) {
 	span.SetTag(string(tag), value)
 }
 
 // ---
 
-type uint16TagName string
+// Uint16TagName is a common tag name to be set to a uint16 value
+type Uint16TagName string
 
 // Set adds a uint16 tag to the `span`
-func (tag uint16TagName) Set(span opentracing.Span, value uint16) {
+func (tag Uint16TagName) Set(span opentracing.Span, value uint16) {
 	span.SetTag(string(tag), value)
 }
 
 // ---
 
-type boolTagName string
+// BoolTagName is a common tag name to be set to a bool value
+type BoolTagName string
 
-// Add adds a bool tag to the `span`
-func (tag boolTagName) Set(span opentracing.Span, value bool) {
+// Set adds a bool tag to the `span`
+func (tag BoolTagName) Set(span opentracing.Span, value bool) {
 	span.SetTag(string(tag), value)
 }
 
-type ipv4Tag string
+// IPv4TagName is a common tag name to be set to an ipv4 value
+type IPv4TagName string
 
 // Set adds IP v4 host address of the peer as an uint32 value to the `span`, keep this for backward and zipkin compatibility
-func (tag ipv4Tag) Set(span opentracing.Span, value uint32) {
+func (tag IPv4TagName) Set(span opentracing.Span, value uint32) {
 	span.SetTag(string(tag), value)
 }
 
 // SetString records IP v4 host address of the peer as a .-separated tuple to the `span`. E.g., "127.0.0.1"
-func (tag ipv4Tag) SetString(span opentracing.Span, value string) {
+func (tag IPv4TagName) SetString(span opentracing.Span, value string) {
 	span.SetTag(string(tag), value)
 }
diff --git a/vendor/github.com/opentracing/opentracing-go/globaltracer.go b/vendor/github.com/opentracing/opentracing-go/globaltracer.go
index 8c8e793ff23c6..4f7066a925cd9 100644
--- a/vendor/github.com/opentracing/opentracing-go/globaltracer.go
+++ b/vendor/github.com/opentracing/opentracing-go/globaltracer.go
@@ -1,7 +1,12 @@
 package opentracing
 
+type registeredTracer struct {
+	tracer       Tracer
+	isRegistered bool
+}
+
 var (
-	globalTracer Tracer = NoopTracer{}
+	globalTracer = registeredTracer{NoopTracer{}, false}
 )
 
 // SetGlobalTracer sets the [singleton] opentracing.Tracer returned by
@@ -11,22 +16,27 @@ var (
 // Prior to calling `SetGlobalTracer`, any Spans started via the `StartSpan`
 // (etc) globals are noops.
 func SetGlobalTracer(tracer Tracer) {
-	globalTracer = tracer
+	globalTracer = registeredTracer{tracer, true}
 }
 
 // GlobalTracer returns the global singleton `Tracer` implementation.
 // Before `SetGlobalTracer()` is called, the `GlobalTracer()` is a noop
 // implementation that drops all data handed to it.
 func GlobalTracer() Tracer {
-	return globalTracer
+	return globalTracer.tracer
 }
 
 // StartSpan defers to `Tracer.StartSpan`. See `GlobalTracer()`.
 func StartSpan(operationName string, opts ...StartSpanOption) Span {
-	return globalTracer.StartSpan(operationName, opts...)
+	return globalTracer.tracer.StartSpan(operationName, opts...)
 }
 
 // InitGlobalTracer is deprecated. Please use SetGlobalTracer.
 func InitGlobalTracer(tracer Tracer) {
 	SetGlobalTracer(tracer)
 }
+
+// IsGlobalTracerRegistered returns a `bool` to indicate if a tracer has been globally registered
+func IsGlobalTracerRegistered() bool {
+	return globalTracer.isRegistered
+}
diff --git a/vendor/github.com/opentracing/opentracing-go/go.mod b/vendor/github.com/opentracing/opentracing-go/go.mod
new file mode 100644
index 0000000000000..bf48bb5d73f74
--- /dev/null
+++ b/vendor/github.com/opentracing/opentracing-go/go.mod
@@ -0,0 +1,5 @@
+module github.com/opentracing/opentracing-go
+
+go 1.14
+
+require github.com/stretchr/testify v1.3.0
diff --git a/vendor/github.com/opentracing/opentracing-go/gocontext.go b/vendor/github.com/opentracing/opentracing-go/gocontext.go
index 222a65202f49b..1831bc9b26371 100644
--- a/vendor/github.com/opentracing/opentracing-go/gocontext.go
+++ b/vendor/github.com/opentracing/opentracing-go/gocontext.go
@@ -1,14 +1,19 @@
 package opentracing
 
-import "golang.org/x/net/context"
+import "context"
 
 type contextKey struct{}
 
 var activeSpanKey = contextKey{}
 
 // ContextWithSpan returns a new `context.Context` that holds a reference to
-// `span`'s SpanContext.
+// the span. If span is nil, a new context without an active span is returned.
 func ContextWithSpan(ctx context.Context, span Span) context.Context {
+	if span != nil {
+		if tracerWithHook, ok := span.Tracer().(TracerContextWithSpanExtension); ok {
+			ctx = tracerWithHook.ContextWithSpanHook(ctx, span)
+		}
+	}
 	return context.WithValue(ctx, activeSpanKey, span)
 }
 
@@ -41,17 +46,20 @@ func SpanFromContext(ctx context.Context) Span {
 //        ...
 //    }
 func StartSpanFromContext(ctx context.Context, operationName string, opts ...StartSpanOption) (Span, context.Context) {
-	return startSpanFromContextWithTracer(ctx, GlobalTracer(), operationName, opts...)
+	return StartSpanFromContextWithTracer(ctx, GlobalTracer(), operationName, opts...)
 }
 
-// startSpanFromContextWithTracer is factored out for testing purposes.
-func startSpanFromContextWithTracer(ctx context.Context, tracer Tracer, operationName string, opts ...StartSpanOption) (Span, context.Context) {
-	var span Span
+// StartSpanFromContextWithTracer starts and returns a span with `operationName`
+// using  a span found within the context as a ChildOfRef. If that doesn't exist
+// it creates a root span. It also returns a context.Context object built
+// around the returned span.
+//
+// It's behavior is identical to StartSpanFromContext except that it takes an explicit
+// tracer as opposed to using the global tracer.
+func StartSpanFromContextWithTracer(ctx context.Context, tracer Tracer, operationName string, opts ...StartSpanOption) (Span, context.Context) {
 	if parentSpan := SpanFromContext(ctx); parentSpan != nil {
 		opts = append(opts, ChildOf(parentSpan.Context()))
-		span = tracer.StartSpan(operationName, opts...)
-	} else {
-		span = tracer.StartSpan(operationName, opts...)
 	}
+	span := tracer.StartSpan(operationName, opts...)
 	return span, ContextWithSpan(ctx, span)
 }
diff --git a/vendor/github.com/opentracing/opentracing-go/log/field.go b/vendor/github.com/opentracing/opentracing-go/log/field.go
index 50feea341a732..f222ded797c17 100644
--- a/vendor/github.com/opentracing/opentracing-go/log/field.go
+++ b/vendor/github.com/opentracing/opentracing-go/log/field.go
@@ -122,16 +122,19 @@ func Float64(key string, val float64) Field {
 	}
 }
 
-// Error adds an error with the key "error" to a Span.LogFields() record
+// Error adds an error with the key "error.object" to a Span.LogFields() record
 func Error(err error) Field {
 	return Field{
-		key:          "error",
+		key:          "error.object",
 		fieldType:    errorType,
 		interfaceVal: err,
 	}
 }
 
 // Object adds an object-valued key:value pair to a Span.LogFields() record
+// Please pass in an immutable object, otherwise there may be concurrency issues.
+// Such as passing in the map, log.Object may result in "fatal error: concurrent map iteration and map write".
+// Because span is sent asynchronously, it is possible that this map will also be modified.
 func Object(key string, obj interface{}) Field {
 	return Field{
 		key:          key,
@@ -140,6 +143,16 @@ func Object(key string, obj interface{}) Field {
 	}
 }
 
+// Event creates a string-valued Field for span logs with key="event" and value=val.
+func Event(val string) Field {
+	return String("event", val)
+}
+
+// Message creates a string-valued Field for span logs with key="message" and value=val.
+func Message(val string) Field {
+	return String("message", val)
+}
+
 // LazyLogger allows for user-defined, late-bound logging of arbitrary data
 type LazyLogger func(fv Encoder)
 
diff --git a/vendor/github.com/opentracing/opentracing-go/log/util.go b/vendor/github.com/opentracing/opentracing-go/log/util.go
index 3832feb5ceb29..d57e28aa57f36 100644
--- a/vendor/github.com/opentracing/opentracing-go/log/util.go
+++ b/vendor/github.com/opentracing/opentracing-go/log/util.go
@@ -1,6 +1,9 @@
 package log
 
-import "fmt"
+import (
+	"fmt"
+	"reflect"
+)
 
 // InterleavedKVToFields converts keyValues a la Span.LogKV() to a Field slice
 // a la Span.LogFields().
@@ -46,6 +49,10 @@ func InterleavedKVToFields(keyValues ...interface{}) ([]Field, error) {
 		case float64:
 			fields[i] = Float64(key, typedVal)
 		default:
+			if typedVal == nil || (reflect.ValueOf(typedVal).Kind() == reflect.Ptr && reflect.ValueOf(typedVal).IsNil()) {
+				fields[i] = String(key, "nil")
+				continue
+			}
 			// When in doubt, coerce to a string
 			fields[i] = String(key, fmt.Sprint(typedVal))
 		}
diff --git a/vendor/github.com/opentracing/opentracing-go/noop.go b/vendor/github.com/opentracing/opentracing-go/noop.go
index 0d32f692c4104..f9b680a213de9 100644
--- a/vendor/github.com/opentracing/opentracing-go/noop.go
+++ b/vendor/github.com/opentracing/opentracing-go/noop.go
@@ -21,9 +21,9 @@ type noopSpan struct{}
 type noopSpanContext struct{}
 
 var (
-	defaultNoopSpanContext = noopSpanContext{}
-	defaultNoopSpan        = noopSpan{}
-	defaultNoopTracer      = NoopTracer{}
+	defaultNoopSpanContext SpanContext = noopSpanContext{}
+	defaultNoopSpan        Span        = noopSpan{}
+	defaultNoopTracer      Tracer      = NoopTracer{}
 )
 
 const (
@@ -35,7 +35,7 @@ func (n noopSpanContext) ForeachBaggageItem(handler func(k, v string) bool) {}
 
 // noopSpan:
 func (n noopSpan) Context() SpanContext                                  { return defaultNoopSpanContext }
-func (n noopSpan) SetBaggageItem(key, val string) Span                   { return defaultNoopSpan }
+func (n noopSpan) SetBaggageItem(key, val string) Span                   { return n }
 func (n noopSpan) BaggageItem(key string) string                         { return emptyString }
 func (n noopSpan) SetTag(key string, value interface{}) Span             { return n }
 func (n noopSpan) LogFields(fields ...log.Field)                         {}
diff --git a/vendor/github.com/opentracing/opentracing-go/propagation.go b/vendor/github.com/opentracing/opentracing-go/propagation.go
index 0dd466a373efa..b0c275eb05e4d 100644
--- a/vendor/github.com/opentracing/opentracing-go/propagation.go
+++ b/vendor/github.com/opentracing/opentracing-go/propagation.go
@@ -160,7 +160,7 @@ type HTTPHeadersCarrier http.Header
 // Set conforms to the TextMapWriter interface.
 func (c HTTPHeadersCarrier) Set(key, val string) {
 	h := http.Header(c)
-	h.Add(key, val)
+	h.Set(key, val)
 }
 
 // ForeachKey conforms to the TextMapReader interface.
diff --git a/vendor/github.com/opentracing/opentracing-go/span.go b/vendor/github.com/opentracing/opentracing-go/span.go
index f6c3234accf67..0d3fb53418382 100644
--- a/vendor/github.com/opentracing/opentracing-go/span.go
+++ b/vendor/github.com/opentracing/opentracing-go/span.go
@@ -41,6 +41,8 @@ type Span interface {
 	Context() SpanContext
 
 	// Sets or changes the operation name.
+	//
+	// Returns a reference to this Span for chaining.
 	SetOperationName(operationName string) Span
 
 	// Adds a tag to the span.
@@ -51,6 +53,8 @@ type Span interface {
 	// other tag value types is undefined at the OpenTracing level. If a
 	// tracing system does not know how to handle a particular value type, it
 	// may ignore the tag, but shall not panic.
+	//
+	// Returns a reference to this Span for chaining.
 	SetTag(key string, value interface{}) Span
 
 	// LogFields is an efficient and type-checked way to record key:value
diff --git a/vendor/github.com/opentracing/opentracing-go/tracer.go b/vendor/github.com/opentracing/opentracing-go/tracer.go
index 7bca1f73676d9..715f0cedfb60e 100644
--- a/vendor/github.com/opentracing/opentracing-go/tracer.go
+++ b/vendor/github.com/opentracing/opentracing-go/tracer.go
@@ -44,8 +44,7 @@ type Tracer interface {
 	// and each has an expected carrier type.
 	//
 	// Other packages may declare their own `format` values, much like the keys
-	// used by `context.Context` (see
-	// https://godoc.org/golang.org/x/net/context#WithValue).
+	// used by `context.Context` (see https://godoc.org/context#WithValue).
 	//
 	// Example usage (sans error handling):
 	//
diff --git a/vendor/github.com/pborman/uuid/README.md b/vendor/github.com/pborman/uuid/README.md
deleted file mode 100644
index f023d47ca80a1..0000000000000
--- a/vendor/github.com/pborman/uuid/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-This project was automatically exported from code.google.com/p/go-uuid
-
-# uuid ![build status](https://travis-ci.org/pborman/uuid.svg?branch=master)
-The uuid package generates and inspects UUIDs based on [RFC 412](http://tools.ietf.org/html/rfc4122) and DCE 1.1: Authentication and Security Services. 
-
-###### Install
-`go get github.com/pborman/uuid`
-
-###### Documentation 
-[![GoDoc](https://godoc.org/github.com/pborman/uuid?status.svg)](http://godoc.org/github.com/pborman/uuid)
-
-Full `go doc` style documentation for the package can be viewed online without installing this package by using the GoDoc site here: 
-http://godoc.org/github.com/pborman/uuid
diff --git a/vendor/github.com/pborman/uuid/dce.go b/vendor/github.com/pborman/uuid/dce.go
deleted file mode 100755
index 50a0f2d099248..0000000000000
--- a/vendor/github.com/pborman/uuid/dce.go
+++ /dev/null
@@ -1,84 +0,0 @@
-// Copyright 2011 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import (
-	"encoding/binary"
-	"fmt"
-	"os"
-)
-
-// A Domain represents a Version 2 domain
-type Domain byte
-
-// Domain constants for DCE Security (Version 2) UUIDs.
-const (
-	Person = Domain(0)
-	Group  = Domain(1)
-	Org    = Domain(2)
-)
-
-// NewDCESecurity returns a DCE Security (Version 2) UUID.
-//
-// The domain should be one of Person, Group or Org.
-// On a POSIX system the id should be the users UID for the Person
-// domain and the users GID for the Group.  The meaning of id for
-// the domain Org or on non-POSIX systems is site defined.
-//
-// For a given domain/id pair the same token may be returned for up to
-// 7 minutes and 10 seconds.
-func NewDCESecurity(domain Domain, id uint32) UUID {
-	uuid := NewUUID()
-	if uuid != nil {
-		uuid[6] = (uuid[6] & 0x0f) | 0x20 // Version 2
-		uuid[9] = byte(domain)
-		binary.BigEndian.PutUint32(uuid[0:], id)
-	}
-	return uuid
-}
-
-// NewDCEPerson returns a DCE Security (Version 2) UUID in the person
-// domain with the id returned by os.Getuid.
-//
-//  NewDCEPerson(Person, uint32(os.Getuid()))
-func NewDCEPerson() UUID {
-	return NewDCESecurity(Person, uint32(os.Getuid()))
-}
-
-// NewDCEGroup returns a DCE Security (Version 2) UUID in the group
-// domain with the id returned by os.Getgid.
-//
-//  NewDCEGroup(Group, uint32(os.Getgid()))
-func NewDCEGroup() UUID {
-	return NewDCESecurity(Group, uint32(os.Getgid()))
-}
-
-// Domain returns the domain for a Version 2 UUID or false.
-func (uuid UUID) Domain() (Domain, bool) {
-	if v, _ := uuid.Version(); v != 2 {
-		return 0, false
-	}
-	return Domain(uuid[9]), true
-}
-
-// Id returns the id for a Version 2 UUID or false.
-func (uuid UUID) Id() (uint32, bool) {
-	if v, _ := uuid.Version(); v != 2 {
-		return 0, false
-	}
-	return binary.BigEndian.Uint32(uuid[0:4]), true
-}
-
-func (d Domain) String() string {
-	switch d {
-	case Person:
-		return "Person"
-	case Group:
-		return "Group"
-	case Org:
-		return "Org"
-	}
-	return fmt.Sprintf("Domain%d", int(d))
-}
diff --git a/vendor/github.com/pborman/uuid/doc.go b/vendor/github.com/pborman/uuid/doc.go
deleted file mode 100755
index d8bd013e68905..0000000000000
--- a/vendor/github.com/pborman/uuid/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2011 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// The uuid package generates and inspects UUIDs.
-//
-// UUIDs are based on RFC 4122 and DCE 1.1: Authentication and Security Services.
-package uuid
diff --git a/vendor/github.com/pborman/uuid/hash.go b/vendor/github.com/pborman/uuid/hash.go
deleted file mode 100644
index a0420c1ef3a9e..0000000000000
--- a/vendor/github.com/pborman/uuid/hash.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2011 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import (
-	"crypto/md5"
-	"crypto/sha1"
-	"hash"
-)
-
-// Well known Name Space IDs and UUIDs
-var (
-	NameSpace_DNS  = Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8")
-	NameSpace_URL  = Parse("6ba7b811-9dad-11d1-80b4-00c04fd430c8")
-	NameSpace_OID  = Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8")
-	NameSpace_X500 = Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8")
-	NIL            = Parse("00000000-0000-0000-0000-000000000000")
-)
-
-// NewHash returns a new UUID derived from the hash of space concatenated with
-// data generated by h.  The hash should be at least 16 byte in length.  The
-// first 16 bytes of the hash are used to form the UUID.  The version of the
-// UUID will be the lower 4 bits of version.  NewHash is used to implement
-// NewMD5 and NewSHA1.
-func NewHash(h hash.Hash, space UUID, data []byte, version int) UUID {
-	h.Reset()
-	h.Write(space)
-	h.Write([]byte(data))
-	s := h.Sum(nil)
-	uuid := make([]byte, 16)
-	copy(uuid, s)
-	uuid[6] = (uuid[6] & 0x0f) | uint8((version&0xf)<<4)
-	uuid[8] = (uuid[8] & 0x3f) | 0x80 // RFC 4122 variant
-	return uuid
-}
-
-// NewMD5 returns a new MD5 (Version 3) UUID based on the
-// supplied name space and data.
-//
-//  NewHash(md5.New(), space, data, 3)
-func NewMD5(space UUID, data []byte) UUID {
-	return NewHash(md5.New(), space, data, 3)
-}
-
-// NewSHA1 returns a new SHA1 (Version 5) UUID based on the
-// supplied name space and data.
-//
-//  NewHash(sha1.New(), space, data, 5)
-func NewSHA1(space UUID, data []byte) UUID {
-	return NewHash(sha1.New(), space, data, 5)
-}
diff --git a/vendor/github.com/pborman/uuid/json.go b/vendor/github.com/pborman/uuid/json.go
deleted file mode 100644
index 9dda1dfba97c4..0000000000000
--- a/vendor/github.com/pborman/uuid/json.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2014 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import "errors"
-
-func (u UUID) MarshalJSON() ([]byte, error) {
-	if len(u) != 16 {
-		return []byte(`""`), nil
-	}
-	var js [38]byte
-	js[0] = '"'
-	encodeHex(js[1:], u)
-	js[37] = '"'
-	return js[:], nil
-}
-
-func (u *UUID) UnmarshalJSON(data []byte) error {
-	if string(data) == `""` {
-		return nil
-	}
-	if data[0] != '"' {
-		return errors.New("invalid UUID format")
-	}
-	data = data[1 : len(data)-1]
-	uu := Parse(string(data))
-	if uu == nil {
-		return errors.New("invalid UUID format")
-	}
-	*u = uu
-	return nil
-}
diff --git a/vendor/github.com/pborman/uuid/node.go b/vendor/github.com/pborman/uuid/node.go
deleted file mode 100755
index 42d60da8f10f8..0000000000000
--- a/vendor/github.com/pborman/uuid/node.go
+++ /dev/null
@@ -1,117 +0,0 @@
-// Copyright 2011 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import (
-	"net"
-	"sync"
-)
-
-var (
-	nodeMu     sync.Mutex
-	interfaces []net.Interface // cached list of interfaces
-	ifname     string          // name of interface being used
-	nodeID     []byte          // hardware for version 1 UUIDs
-)
-
-// NodeInterface returns the name of the interface from which the NodeID was
-// derived.  The interface "user" is returned if the NodeID was set by
-// SetNodeID.
-func NodeInterface() string {
-	defer nodeMu.Unlock()
-	nodeMu.Lock()
-	return ifname
-}
-
-// SetNodeInterface selects the hardware address to be used for Version 1 UUIDs.
-// If name is "" then the first usable interface found will be used or a random
-// Node ID will be generated.  If a named interface cannot be found then false
-// is returned.
-//
-// SetNodeInterface never fails when name is "".
-func SetNodeInterface(name string) bool {
-	defer nodeMu.Unlock()
-	nodeMu.Lock()
-	return setNodeInterface(name)
-}
-
-func setNodeInterface(name string) bool {
-	if interfaces == nil {
-		var err error
-		interfaces, err = net.Interfaces()
-		if err != nil && name != "" {
-			return false
-		}
-	}
-
-	for _, ifs := range interfaces {
-		if len(ifs.HardwareAddr) >= 6 && (name == "" || name == ifs.Name) {
-			if setNodeID(ifs.HardwareAddr) {
-				ifname = ifs.Name
-				return true
-			}
-		}
-	}
-
-	// We found no interfaces with a valid hardware address.  If name
-	// does not specify a specific interface generate a random Node ID
-	// (section 4.1.6)
-	if name == "" {
-		if nodeID == nil {
-			nodeID = make([]byte, 6)
-		}
-		randomBits(nodeID)
-		return true
-	}
-	return false
-}
-
-// NodeID returns a slice of a copy of the current Node ID, setting the Node ID
-// if not already set.
-func NodeID() []byte {
-	defer nodeMu.Unlock()
-	nodeMu.Lock()
-	if nodeID == nil {
-		setNodeInterface("")
-	}
-	nid := make([]byte, 6)
-	copy(nid, nodeID)
-	return nid
-}
-
-// SetNodeID sets the Node ID to be used for Version 1 UUIDs.  The first 6 bytes
-// of id are used.  If id is less than 6 bytes then false is returned and the
-// Node ID is not set.
-func SetNodeID(id []byte) bool {
-	defer nodeMu.Unlock()
-	nodeMu.Lock()
-	if setNodeID(id) {
-		ifname = "user"
-		return true
-	}
-	return false
-}
-
-func setNodeID(id []byte) bool {
-	if len(id) < 6 {
-		return false
-	}
-	if nodeID == nil {
-		nodeID = make([]byte, 6)
-	}
-	copy(nodeID, id)
-	return true
-}
-
-// NodeID returns the 6 byte node id encoded in uuid.  It returns nil if uuid is
-// not valid.  The NodeID is only well defined for version 1 and 2 UUIDs.
-func (uuid UUID) NodeID() []byte {
-	if len(uuid) != 16 {
-		return nil
-	}
-	node := make([]byte, 6)
-	copy(node, uuid[10:])
-	return node
-}
diff --git a/vendor/github.com/pborman/uuid/sql.go b/vendor/github.com/pborman/uuid/sql.go
deleted file mode 100644
index c84f900d58ea0..0000000000000
--- a/vendor/github.com/pborman/uuid/sql.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright 2015 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import (
-	"errors"
-	"fmt"
-)
-
-// Scan implements sql.Scanner so UUIDs can be read from databases transparently
-// Currently, database types that map to string and []byte are supported. Please
-// consult database-specific driver documentation for matching types.
-func (uuid *UUID) Scan(src interface{}) error {
-	switch src.(type) {
-	case string:
-		// if an empty UUID comes from a table, we return a null UUID
-		if src.(string) == "" {
-			return nil
-		}
-
-		// see uuid.Parse for required string format
-		parsed := Parse(src.(string))
-
-		if parsed == nil {
-			return errors.New("Scan: invalid UUID format")
-		}
-
-		*uuid = parsed
-	case []byte:
-		b := src.([]byte)
-
-		// if an empty UUID comes from a table, we return a null UUID
-		if len(b) == 0 {
-			return nil
-		}
-
-		// assumes a simple slice of bytes if 16 bytes
-		// otherwise attempts to parse
-		if len(b) == 16 {
-			*uuid = UUID(b)
-		} else {
-			u := Parse(string(b))
-
-			if u == nil {
-				return errors.New("Scan: invalid UUID format")
-			}
-
-			*uuid = u
-		}
-
-	default:
-		return fmt.Errorf("Scan: unable to scan type %T into UUID", src)
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/pborman/uuid/time.go b/vendor/github.com/pborman/uuid/time.go
deleted file mode 100755
index eedf242194b2c..0000000000000
--- a/vendor/github.com/pborman/uuid/time.go
+++ /dev/null
@@ -1,132 +0,0 @@
-// Copyright 2014 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import (
-	"encoding/binary"
-	"sync"
-	"time"
-)
-
-// A Time represents a time as the number of 100's of nanoseconds since 15 Oct
-// 1582.
-type Time int64
-
-const (
-	lillian    = 2299160          // Julian day of 15 Oct 1582
-	unix       = 2440587          // Julian day of 1 Jan 1970
-	epoch      = unix - lillian   // Days between epochs
-	g1582      = epoch * 86400    // seconds between epochs
-	g1582ns100 = g1582 * 10000000 // 100s of a nanoseconds between epochs
-)
-
-var (
-	timeMu    sync.Mutex
-	lasttime  uint64 // last time we returned
-	clock_seq uint16 // clock sequence for this run
-
-	timeNow = time.Now // for testing
-)
-
-// UnixTime converts t the number of seconds and nanoseconds using the Unix
-// epoch of 1 Jan 1970.
-func (t Time) UnixTime() (sec, nsec int64) {
-	sec = int64(t - g1582ns100)
-	nsec = (sec % 10000000) * 100
-	sec /= 10000000
-	return sec, nsec
-}
-
-// GetTime returns the current Time (100s of nanoseconds since 15 Oct 1582) and
-// clock sequence as well as adjusting the clock sequence as needed.  An error
-// is returned if the current time cannot be determined.
-func GetTime() (Time, uint16, error) {
-	defer timeMu.Unlock()
-	timeMu.Lock()
-	return getTime()
-}
-
-func getTime() (Time, uint16, error) {
-	t := timeNow()
-
-	// If we don't have a clock sequence already, set one.
-	if clock_seq == 0 {
-		setClockSequence(-1)
-	}
-	now := uint64(t.UnixNano()/100) + g1582ns100
-
-	// If time has gone backwards with this clock sequence then we
-	// increment the clock sequence
-	if now <= lasttime {
-		clock_seq = ((clock_seq + 1) & 0x3fff) | 0x8000
-	}
-	lasttime = now
-	return Time(now), clock_seq, nil
-}
-
-// ClockSequence returns the current clock sequence, generating one if not
-// already set.  The clock sequence is only used for Version 1 UUIDs.
-//
-// The uuid package does not use global static storage for the clock sequence or
-// the last time a UUID was generated.  Unless SetClockSequence a new random
-// clock sequence is generated the first time a clock sequence is requested by
-// ClockSequence, GetTime, or NewUUID.  (section 4.2.1.1) sequence is generated
-// for
-func ClockSequence() int {
-	defer timeMu.Unlock()
-	timeMu.Lock()
-	return clockSequence()
-}
-
-func clockSequence() int {
-	if clock_seq == 0 {
-		setClockSequence(-1)
-	}
-	return int(clock_seq & 0x3fff)
-}
-
-// SetClockSeq sets the clock sequence to the lower 14 bits of seq.  Setting to
-// -1 causes a new sequence to be generated.
-func SetClockSequence(seq int) {
-	defer timeMu.Unlock()
-	timeMu.Lock()
-	setClockSequence(seq)
-}
-
-func setClockSequence(seq int) {
-	if seq == -1 {
-		var b [2]byte
-		randomBits(b[:]) // clock sequence
-		seq = int(b[0])<<8 | int(b[1])
-	}
-	old_seq := clock_seq
-	clock_seq = uint16(seq&0x3fff) | 0x8000 // Set our variant
-	if old_seq != clock_seq {
-		lasttime = 0
-	}
-}
-
-// Time returns the time in 100s of nanoseconds since 15 Oct 1582 encoded in
-// uuid.  It returns false if uuid is not valid.  The time is only well defined
-// for version 1 and 2 UUIDs.
-func (uuid UUID) Time() (Time, bool) {
-	if len(uuid) != 16 {
-		return 0, false
-	}
-	time := int64(binary.BigEndian.Uint32(uuid[0:4]))
-	time |= int64(binary.BigEndian.Uint16(uuid[4:6])) << 32
-	time |= int64(binary.BigEndian.Uint16(uuid[6:8])&0xfff) << 48
-	return Time(time), true
-}
-
-// ClockSequence returns the clock sequence encoded in uuid.  It returns false
-// if uuid is not valid.  The clock sequence is only well defined for version 1
-// and 2 UUIDs.
-func (uuid UUID) ClockSequence() (int, bool) {
-	if len(uuid) != 16 {
-		return 0, false
-	}
-	return int(binary.BigEndian.Uint16(uuid[8:10])) & 0x3fff, true
-}
diff --git a/vendor/github.com/pborman/uuid/util.go b/vendor/github.com/pborman/uuid/util.go
deleted file mode 100644
index fc8e052c7a6b0..0000000000000
--- a/vendor/github.com/pborman/uuid/util.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2011 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import (
-	"io"
-)
-
-// randomBits completely fills slice b with random data.
-func randomBits(b []byte) {
-	if _, err := io.ReadFull(rander, b); err != nil {
-		panic(err.Error()) // rand should never fail
-	}
-}
-
-// xvalues returns the value of a byte as a hexadecimal digit or 255.
-var xvalues = [256]byte{
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255,
-	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-}
-
-// xtob converts the the first two hex bytes of x into a byte.
-func xtob(x string) (byte, bool) {
-	b1 := xvalues[x[0]]
-	b2 := xvalues[x[1]]
-	return (b1 << 4) | b2, b1 != 255 && b2 != 255
-}
diff --git a/vendor/github.com/pborman/uuid/uuid.go b/vendor/github.com/pborman/uuid/uuid.go
deleted file mode 100644
index c4482cd87337c..0000000000000
--- a/vendor/github.com/pborman/uuid/uuid.go
+++ /dev/null
@@ -1,176 +0,0 @@
-// Copyright 2011 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import (
-	"bytes"
-	"crypto/rand"
-	"encoding/hex"
-	"fmt"
-	"io"
-	"strings"
-)
-
-// A UUID is a 128 bit (16 byte) Universal Unique IDentifier as defined in RFC
-// 4122.
-type UUID []byte
-
-// A Version represents a UUIDs version.
-type Version byte
-
-// A Variant represents a UUIDs variant.
-type Variant byte
-
-// Constants returned by Variant.
-const (
-	Invalid   = Variant(iota) // Invalid UUID
-	RFC4122                   // The variant specified in RFC4122
-	Reserved                  // Reserved, NCS backward compatibility.
-	Microsoft                 // Reserved, Microsoft Corporation backward compatibility.
-	Future                    // Reserved for future definition.
-)
-
-var rander = rand.Reader // random function
-
-// New returns a new random (version 4) UUID as a string.  It is a convenience
-// function for NewRandom().String().
-func New() string {
-	return NewRandom().String()
-}
-
-// Parse decodes s into a UUID or returns nil.  Both the UUID form of
-// xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and
-// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded.
-func Parse(s string) UUID {
-	if len(s) == 36+9 {
-		if strings.ToLower(s[:9]) != "urn:uuid:" {
-			return nil
-		}
-		s = s[9:]
-	} else if len(s) != 36 {
-		return nil
-	}
-	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
-		return nil
-	}
-	var uuid [16]byte
-	for i, x := range [16]int{
-		0, 2, 4, 6,
-		9, 11,
-		14, 16,
-		19, 21,
-		24, 26, 28, 30, 32, 34} {
-		if v, ok := xtob(s[x:]); !ok {
-			return nil
-		} else {
-			uuid[i] = v
-		}
-	}
-	return uuid[:]
-}
-
-// Equal returns true if uuid1 and uuid2 are equal.
-func Equal(uuid1, uuid2 UUID) bool {
-	return bytes.Equal(uuid1, uuid2)
-}
-
-// String returns the string form of uuid, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-// , or "" if uuid is invalid.
-func (uuid UUID) String() string {
-	if len(uuid) != 16 {
-		return ""
-	}
-	var buf [36]byte
-	encodeHex(buf[:], uuid)
-	return string(buf[:])
-}
-
-// URN returns the RFC 2141 URN form of uuid,
-// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,  or "" if uuid is invalid.
-func (uuid UUID) URN() string {
-	if len(uuid) != 16 {
-		return ""
-	}
-	var buf [36 + 9]byte
-	copy(buf[:], "urn:uuid:")
-	encodeHex(buf[9:], uuid)
-	return string(buf[:])
-}
-
-func encodeHex(dst []byte, uuid UUID) {
-	hex.Encode(dst[:], uuid[:4])
-	dst[8] = '-'
-	hex.Encode(dst[9:13], uuid[4:6])
-	dst[13] = '-'
-	hex.Encode(dst[14:18], uuid[6:8])
-	dst[18] = '-'
-	hex.Encode(dst[19:23], uuid[8:10])
-	dst[23] = '-'
-	hex.Encode(dst[24:], uuid[10:])
-}
-
-// Variant returns the variant encoded in uuid.  It returns Invalid if
-// uuid is invalid.
-func (uuid UUID) Variant() Variant {
-	if len(uuid) != 16 {
-		return Invalid
-	}
-	switch {
-	case (uuid[8] & 0xc0) == 0x80:
-		return RFC4122
-	case (uuid[8] & 0xe0) == 0xc0:
-		return Microsoft
-	case (uuid[8] & 0xe0) == 0xe0:
-		return Future
-	default:
-		return Reserved
-	}
-}
-
-// Version returns the version of uuid.  It returns false if uuid is not
-// valid.
-func (uuid UUID) Version() (Version, bool) {
-	if len(uuid) != 16 {
-		return 0, false
-	}
-	return Version(uuid[6] >> 4), true
-}
-
-func (v Version) String() string {
-	if v > 15 {
-		return fmt.Sprintf("BAD_VERSION_%d", v)
-	}
-	return fmt.Sprintf("VERSION_%d", v)
-}
-
-func (v Variant) String() string {
-	switch v {
-	case RFC4122:
-		return "RFC4122"
-	case Reserved:
-		return "Reserved"
-	case Microsoft:
-		return "Microsoft"
-	case Future:
-		return "Future"
-	case Invalid:
-		return "Invalid"
-	}
-	return fmt.Sprintf("BadVariant%d", int(v))
-}
-
-// SetRand sets the random number generator to r, which implents io.Reader.
-// If r.Read returns an error when the package requests random data then
-// a panic will be issued.
-//
-// Calling SetRand with nil sets the random number generator to the default
-// generator.
-func SetRand(r io.Reader) {
-	if r == nil {
-		rander = rand.Reader
-		return
-	}
-	rander = r
-}
diff --git a/vendor/github.com/pborman/uuid/version1.go b/vendor/github.com/pborman/uuid/version1.go
deleted file mode 100644
index 0127eacfab8ac..0000000000000
--- a/vendor/github.com/pborman/uuid/version1.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright 2011 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-import (
-	"encoding/binary"
-)
-
-// NewUUID returns a Version 1 UUID based on the current NodeID and clock
-// sequence, and the current time.  If the NodeID has not been set by SetNodeID
-// or SetNodeInterface then it will be set automatically.  If the NodeID cannot
-// be set NewUUID returns nil.  If clock sequence has not been set by
-// SetClockSequence then it will be set automatically.  If GetTime fails to
-// return the current NewUUID returns nil.
-func NewUUID() UUID {
-	if nodeID == nil {
-		SetNodeInterface("")
-	}
-
-	now, seq, err := GetTime()
-	if err != nil {
-		return nil
-	}
-
-	uuid := make([]byte, 16)
-
-	time_low := uint32(now & 0xffffffff)
-	time_mid := uint16((now >> 32) & 0xffff)
-	time_hi := uint16((now >> 48) & 0x0fff)
-	time_hi |= 0x1000 // Version 1
-
-	binary.BigEndian.PutUint32(uuid[0:], time_low)
-	binary.BigEndian.PutUint16(uuid[4:], time_mid)
-	binary.BigEndian.PutUint16(uuid[6:], time_hi)
-	binary.BigEndian.PutUint16(uuid[8:], seq)
-	copy(uuid[10:], nodeID)
-
-	return uuid
-}
diff --git a/vendor/github.com/pborman/uuid/version4.go b/vendor/github.com/pborman/uuid/version4.go
deleted file mode 100644
index b3d4a368dd0e0..0000000000000
--- a/vendor/github.com/pborman/uuid/version4.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2011 Google Inc.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uuid
-
-// Random returns a Random (Version 4) UUID or panics.
-//
-// The strength of the UUIDs is based on the strength of the crypto/rand
-// package.
-//
-// A note about uniqueness derived from from the UUID Wikipedia entry:
-//
-//  Randomly generated UUIDs have 122 random bits.  One's annual risk of being
-//  hit by a meteorite is estimated to be one chance in 17 billion, that
-//  means the probability is about 0.00000000006 (6 × 10−11),
-//  equivalent to the odds of creating a few tens of trillions of UUIDs in a
-//  year and having one duplicate.
-func NewRandom() UUID {
-	uuid := make([]byte, 16)
-	randomBits([]byte(uuid))
-	uuid[6] = (uuid[6] & 0x0f) | 0x40 // Version 4
-	uuid[8] = (uuid[8] & 0x3f) | 0x80 // Variant is 10
-	return uuid
-}
diff --git a/vendor/github.com/pelletier/go-toml/LICENSE b/vendor/github.com/pelletier/go-toml/LICENSE
new file mode 100644
index 0000000000000..583bdae628238
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 - 2017 Thomas Pelletier, Eric Anderton
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/pelletier/go-toml/README.md b/vendor/github.com/pelletier/go-toml/README.md
new file mode 100644
index 0000000000000..6831deb5bd1c7
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/README.md
@@ -0,0 +1,151 @@
+# go-toml
+
+Go library for the [TOML](https://github.com/mojombo/toml) format.
+
+This library supports TOML version
+[v1.0.0-rc.1](https://github.com/toml-lang/toml/blob/master/versions/en/toml-v1.0.0-rc.1.md)
+
+[![GoDoc](https://godoc.org/github.com/pelletier/go-toml?status.svg)](http://godoc.org/github.com/pelletier/go-toml)
+[![license](https://img.shields.io/github/license/pelletier/go-toml.svg)](https://github.com/pelletier/go-toml/blob/master/LICENSE)
+[![Build Status](https://dev.azure.com/pelletierthomas/go-toml-ci/_apis/build/status/pelletier.go-toml?branchName=master)](https://dev.azure.com/pelletierthomas/go-toml-ci/_build/latest?definitionId=1&branchName=master)
+[![codecov](https://codecov.io/gh/pelletier/go-toml/branch/master/graph/badge.svg)](https://codecov.io/gh/pelletier/go-toml)
+[![Go Report Card](https://goreportcard.com/badge/github.com/pelletier/go-toml)](https://goreportcard.com/report/github.com/pelletier/go-toml)
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fpelletier%2Fgo-toml.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fpelletier%2Fgo-toml?ref=badge_shield)
+
+## Features
+
+Go-toml provides the following features for using data parsed from TOML documents:
+
+* Load TOML documents from files and string data
+* Easily navigate TOML structure using Tree
+* Marshaling and unmarshaling to and from data structures
+* Line & column position data for all parsed elements
+* [Query support similar to JSON-Path](query/)
+* Syntax errors contain line and column numbers
+
+## Import
+
+```go
+import "github.com/pelletier/go-toml"
+```
+
+## Usage example
+
+Read a TOML document:
+
+```go
+config, _ := toml.Load(`
+[postgres]
+user = "pelletier"
+password = "mypassword"`)
+// retrieve data directly
+user := config.Get("postgres.user").(string)
+
+// or using an intermediate object
+postgresConfig := config.Get("postgres").(*toml.Tree)
+password := postgresConfig.Get("password").(string)
+```
+
+Or use Unmarshal:
+
+```go
+type Postgres struct {
+    User     string
+    Password string
+}
+type Config struct {
+    Postgres Postgres
+}
+
+doc := []byte(`
+[Postgres]
+User = "pelletier"
+Password = "mypassword"`)
+
+config := Config{}
+toml.Unmarshal(doc, &config)
+fmt.Println("user=", config.Postgres.User)
+```
+
+Or use a query:
+
+```go
+// use a query to gather elements without walking the tree
+q, _ := query.Compile("$..[user,password]")
+results := q.Execute(config)
+for ii, item := range results.Values() {
+    fmt.Printf("Query result %d: %v\n", ii, item)
+}
+```
+
+## Documentation
+
+The documentation and additional examples are available at
+[godoc.org](http://godoc.org/github.com/pelletier/go-toml).
+
+## Tools
+
+Go-toml provides two handy command line tools:
+
+* `tomll`: Reads TOML files and lints them.
+
+    ```
+    go install github.com/pelletier/go-toml/cmd/tomll
+    tomll --help
+    ```
+* `tomljson`: Reads a TOML file and outputs its JSON representation.
+
+    ```
+    go install github.com/pelletier/go-toml/cmd/tomljson
+    tomljson --help
+    ```
+
+ * `jsontoml`: Reads a JSON file and outputs a TOML representation.
+
+    ```
+    go install github.com/pelletier/go-toml/cmd/jsontoml
+    jsontoml --help
+    ```
+
+### Docker image
+
+Those tools are also availble as a Docker image from
+[dockerhub](https://hub.docker.com/r/pelletier/go-toml). For example, to
+use `tomljson`:
+
+```
+docker run -v $PWD:/workdir pelletier/go-toml tomljson /workdir/example.toml
+```
+
+Only master (`latest`) and tagged versions are published to dockerhub. You
+can build your own image as usual:
+
+```
+docker build -t go-toml .
+```
+
+## Contribute
+
+Feel free to report bugs and patches using GitHub's pull requests system on
+[pelletier/go-toml](https://github.com/pelletier/go-toml). Any feedback would be
+much appreciated!
+
+### Run tests
+
+`go test ./...`
+
+### Fuzzing
+
+The script `./fuzz.sh` is available to
+run [go-fuzz](https://github.com/dvyukov/go-fuzz) on go-toml.
+
+## Versioning
+
+Go-toml follows [Semantic Versioning](http://semver.org/). The supported version
+of [TOML](https://github.com/toml-lang/toml) is indicated at the beginning of
+this document. The last two major versions of Go are supported
+(see [Go Release Policy](https://golang.org/doc/devel/release.html#policy)).
+
+## License
+
+The MIT License (MIT). Read [LICENSE](LICENSE).
diff --git a/vendor/github.com/pelletier/go-toml/doc.go b/vendor/github.com/pelletier/go-toml/doc.go
new file mode 100644
index 0000000000000..a1406a32b3819
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/doc.go
@@ -0,0 +1,23 @@
+// Package toml is a TOML parser and manipulation library.
+//
+// This version supports the specification as described in
+// https://github.com/toml-lang/toml/blob/master/versions/en/toml-v0.5.0.md
+//
+// Marshaling
+//
+// Go-toml can marshal and unmarshal TOML documents from and to data
+// structures.
+//
+// TOML document as a tree
+//
+// Go-toml can operate on a TOML document as a tree. Use one of the Load*
+// functions to parse TOML data and obtain a Tree instance, then one of its
+// methods to manipulate the tree.
+//
+// JSONPath-like queries
+//
+// The package github.com/pelletier/go-toml/query implements a system
+// similar to JSONPath to quickly retrieve elements of a TOML document using a
+// single expression. See the package documentation for more information.
+//
+package toml
diff --git a/vendor/github.com/pelletier/go-toml/fuzz.go b/vendor/github.com/pelletier/go-toml/fuzz.go
new file mode 100644
index 0000000000000..14570c8d35773
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/fuzz.go
@@ -0,0 +1,31 @@
+// +build gofuzz
+
+package toml
+
+func Fuzz(data []byte) int {
+	tree, err := LoadBytes(data)
+	if err != nil {
+		if tree != nil {
+			panic("tree must be nil if there is an error")
+		}
+		return 0
+	}
+
+	str, err := tree.ToTomlString()
+	if err != nil {
+		if str != "" {
+			panic(`str must be "" if there is an error`)
+		}
+		panic(err)
+	}
+
+	tree, err = Load(str)
+	if err != nil {
+		if tree != nil {
+			panic("tree must be nil if there is an error")
+		}
+		return 0
+	}
+
+	return 1
+}
diff --git a/vendor/github.com/pelletier/go-toml/go.mod b/vendor/github.com/pelletier/go-toml/go.mod
new file mode 100644
index 0000000000000..e924cb90c0501
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/go.mod
@@ -0,0 +1,5 @@
+module github.com/pelletier/go-toml
+
+go 1.12
+
+require github.com/davecgh/go-spew v1.1.1
diff --git a/vendor/github.com/pelletier/go-toml/keysparsing.go b/vendor/github.com/pelletier/go-toml/keysparsing.go
new file mode 100644
index 0000000000000..e091500b24602
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/keysparsing.go
@@ -0,0 +1,112 @@
+// Parsing keys handling both bare and quoted keys.
+
+package toml
+
+import (
+	"errors"
+	"fmt"
+)
+
+// Convert the bare key group string to an array.
+// The input supports double quotation and single quotation,
+// but escape sequences are not supported. Lexers must unescape them beforehand.
+func parseKey(key string) ([]string, error) {
+	runes := []rune(key)
+	var groups []string
+
+	if len(key) == 0 {
+		return nil, errors.New("empty key")
+	}
+
+	idx := 0
+	for idx < len(runes) {
+		for ; idx < len(runes) && isSpace(runes[idx]); idx++ {
+			// skip leading whitespace
+		}
+		if idx >= len(runes) {
+			break
+		}
+		r := runes[idx]
+		if isValidBareChar(r) {
+			// parse bare key
+			startIdx := idx
+			endIdx := -1
+			idx++
+			for idx < len(runes) {
+				r = runes[idx]
+				if isValidBareChar(r) {
+					idx++
+				} else if r == '.' {
+					endIdx = idx
+					break
+				} else if isSpace(r) {
+					endIdx = idx
+					for ; idx < len(runes) && isSpace(runes[idx]); idx++ {
+						// skip trailing whitespace
+					}
+					if idx < len(runes) && runes[idx] != '.' {
+						return nil, fmt.Errorf("invalid key character after whitespace: %c", runes[idx])
+					}
+					break
+				} else {
+					return nil, fmt.Errorf("invalid bare key character: %c", r)
+				}
+			}
+			if endIdx == -1 {
+				endIdx = idx
+			}
+			groups = append(groups, string(runes[startIdx:endIdx]))
+		} else if r == '\'' {
+			// parse single quoted key
+			idx++
+			startIdx := idx
+			for {
+				if idx >= len(runes) {
+					return nil, fmt.Errorf("unclosed single-quoted key")
+				}
+				r = runes[idx]
+				if r == '\'' {
+					groups = append(groups, string(runes[startIdx:idx]))
+					idx++
+					break
+				}
+				idx++
+			}
+		} else if r == '"' {
+			// parse double quoted key
+			idx++
+			startIdx := idx
+			for {
+				if idx >= len(runes) {
+					return nil, fmt.Errorf("unclosed double-quoted key")
+				}
+				r = runes[idx]
+				if r == '"' {
+					groups = append(groups, string(runes[startIdx:idx]))
+					idx++
+					break
+				}
+				idx++
+			}
+		} else if r == '.' {
+			idx++
+			if idx >= len(runes) {
+				return nil, fmt.Errorf("unexpected end of key")
+			}
+			r = runes[idx]
+			if !isValidBareChar(r) && r != '\'' && r != '"' && r != ' ' {
+				return nil, fmt.Errorf("expecting key part after dot")
+			}
+		} else {
+			return nil, fmt.Errorf("invalid key character: %c", r)
+		}
+	}
+	if len(groups) == 0 {
+		return nil, fmt.Errorf("empty key")
+	}
+	return groups, nil
+}
+
+func isValidBareChar(r rune) bool {
+	return isAlphanumeric(r) || r == '-' || isDigit(r)
+}
diff --git a/vendor/github.com/pelletier/go-toml/lexer.go b/vendor/github.com/pelletier/go-toml/lexer.go
new file mode 100644
index 0000000000000..b188619246d51
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/lexer.go
@@ -0,0 +1,807 @@
+// TOML lexer.
+//
+// Written using the principles developed by Rob Pike in
+// http://www.youtube.com/watch?v=HxaD_trXwRE
+
+package toml
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+var dateRegexp *regexp.Regexp
+
+// Define state functions
+type tomlLexStateFn func() tomlLexStateFn
+
+// Define lexer
+type tomlLexer struct {
+	inputIdx          int
+	input             []rune // Textual source
+	currentTokenStart int
+	currentTokenStop  int
+	tokens            []token
+	brackets          []rune
+	line              int
+	col               int
+	endbufferLine     int
+	endbufferCol      int
+}
+
+// Basic read operations on input
+
+func (l *tomlLexer) read() rune {
+	r := l.peek()
+	if r == '\n' {
+		l.endbufferLine++
+		l.endbufferCol = 1
+	} else {
+		l.endbufferCol++
+	}
+	l.inputIdx++
+	return r
+}
+
+func (l *tomlLexer) next() rune {
+	r := l.read()
+
+	if r != eof {
+		l.currentTokenStop++
+	}
+	return r
+}
+
+func (l *tomlLexer) ignore() {
+	l.currentTokenStart = l.currentTokenStop
+	l.line = l.endbufferLine
+	l.col = l.endbufferCol
+}
+
+func (l *tomlLexer) skip() {
+	l.next()
+	l.ignore()
+}
+
+func (l *tomlLexer) fastForward(n int) {
+	for i := 0; i < n; i++ {
+		l.next()
+	}
+}
+
+func (l *tomlLexer) emitWithValue(t tokenType, value string) {
+	l.tokens = append(l.tokens, token{
+		Position: Position{l.line, l.col},
+		typ:      t,
+		val:      value,
+	})
+	l.ignore()
+}
+
+func (l *tomlLexer) emit(t tokenType) {
+	l.emitWithValue(t, string(l.input[l.currentTokenStart:l.currentTokenStop]))
+}
+
+func (l *tomlLexer) peek() rune {
+	if l.inputIdx >= len(l.input) {
+		return eof
+	}
+	return l.input[l.inputIdx]
+}
+
+func (l *tomlLexer) peekString(size int) string {
+	maxIdx := len(l.input)
+	upperIdx := l.inputIdx + size // FIXME: potential overflow
+	if upperIdx > maxIdx {
+		upperIdx = maxIdx
+	}
+	return string(l.input[l.inputIdx:upperIdx])
+}
+
+func (l *tomlLexer) follow(next string) bool {
+	return next == l.peekString(len(next))
+}
+
+// Error management
+
+func (l *tomlLexer) errorf(format string, args ...interface{}) tomlLexStateFn {
+	l.tokens = append(l.tokens, token{
+		Position: Position{l.line, l.col},
+		typ:      tokenError,
+		val:      fmt.Sprintf(format, args...),
+	})
+	return nil
+}
+
+// State functions
+
+func (l *tomlLexer) lexVoid() tomlLexStateFn {
+	for {
+		next := l.peek()
+		switch next {
+		case '}': // after '{'
+			return l.lexRightCurlyBrace
+		case '[':
+			return l.lexTableKey
+		case '#':
+			return l.lexComment(l.lexVoid)
+		case '=':
+			return l.lexEqual
+		case '\r':
+			fallthrough
+		case '\n':
+			l.skip()
+			continue
+		}
+
+		if isSpace(next) {
+			l.skip()
+		}
+
+		if isKeyStartChar(next) {
+			return l.lexKey
+		}
+
+		if next == eof {
+			l.next()
+			break
+		}
+	}
+
+	l.emit(tokenEOF)
+	return nil
+}
+
+func (l *tomlLexer) lexRvalue() tomlLexStateFn {
+	for {
+		next := l.peek()
+		switch next {
+		case '.':
+			return l.errorf("cannot start float with a dot")
+		case '=':
+			return l.lexEqual
+		case '[':
+			return l.lexLeftBracket
+		case ']':
+			return l.lexRightBracket
+		case '{':
+			return l.lexLeftCurlyBrace
+		case '}':
+			return l.lexRightCurlyBrace
+		case '#':
+			return l.lexComment(l.lexRvalue)
+		case '"':
+			return l.lexString
+		case '\'':
+			return l.lexLiteralString
+		case ',':
+			return l.lexComma
+		case '\r':
+			fallthrough
+		case '\n':
+			l.skip()
+			if len(l.brackets) > 0 && l.brackets[len(l.brackets)-1] == '[' {
+				return l.lexRvalue
+			}
+			return l.lexVoid
+		}
+
+		if l.follow("true") {
+			return l.lexTrue
+		}
+
+		if l.follow("false") {
+			return l.lexFalse
+		}
+
+		if l.follow("inf") {
+			return l.lexInf
+		}
+
+		if l.follow("nan") {
+			return l.lexNan
+		}
+
+		if isSpace(next) {
+			l.skip()
+			continue
+		}
+
+		if next == eof {
+			l.next()
+			break
+		}
+
+		possibleDate := l.peekString(35)
+		dateSubmatches := dateRegexp.FindStringSubmatch(possibleDate)
+		if dateSubmatches != nil && dateSubmatches[0] != "" {
+			l.fastForward(len(dateSubmatches[0]))
+			if dateSubmatches[2] == "" { // no timezone information => local date
+				return l.lexLocalDate
+			}
+			return l.lexDate
+		}
+
+		if next == '+' || next == '-' || isDigit(next) {
+			return l.lexNumber
+		}
+
+		return l.errorf("no value can start with %c", next)
+	}
+
+	l.emit(tokenEOF)
+	return nil
+}
+
+func (l *tomlLexer) lexLeftCurlyBrace() tomlLexStateFn {
+	l.next()
+	l.emit(tokenLeftCurlyBrace)
+	l.brackets = append(l.brackets, '{')
+	return l.lexVoid
+}
+
+func (l *tomlLexer) lexRightCurlyBrace() tomlLexStateFn {
+	l.next()
+	l.emit(tokenRightCurlyBrace)
+	if len(l.brackets) == 0 || l.brackets[len(l.brackets)-1] != '{' {
+		return l.errorf("cannot have '}' here")
+	}
+	l.brackets = l.brackets[:len(l.brackets)-1]
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexDate() tomlLexStateFn {
+	l.emit(tokenDate)
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexLocalDate() tomlLexStateFn {
+	l.emit(tokenLocalDate)
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexTrue() tomlLexStateFn {
+	l.fastForward(4)
+	l.emit(tokenTrue)
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexFalse() tomlLexStateFn {
+	l.fastForward(5)
+	l.emit(tokenFalse)
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexInf() tomlLexStateFn {
+	l.fastForward(3)
+	l.emit(tokenInf)
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexNan() tomlLexStateFn {
+	l.fastForward(3)
+	l.emit(tokenNan)
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexEqual() tomlLexStateFn {
+	l.next()
+	l.emit(tokenEqual)
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexComma() tomlLexStateFn {
+	l.next()
+	l.emit(tokenComma)
+	if len(l.brackets) > 0 && l.brackets[len(l.brackets)-1] == '{' {
+		return l.lexVoid
+	}
+	return l.lexRvalue
+}
+
+// Parse the key and emits its value without escape sequences.
+// bare keys, basic string keys and literal string keys are supported.
+func (l *tomlLexer) lexKey() tomlLexStateFn {
+	var sb strings.Builder
+
+	for r := l.peek(); isKeyChar(r) || r == '\n' || r == '\r'; r = l.peek() {
+		if r == '"' {
+			l.next()
+			str, err := l.lexStringAsString(`"`, false, true)
+			if err != nil {
+				return l.errorf(err.Error())
+			}
+			sb.WriteString("\"")
+			sb.WriteString(str)
+			sb.WriteString("\"")
+			l.next()
+			continue
+		} else if r == '\'' {
+			l.next()
+			str, err := l.lexLiteralStringAsString(`'`, false)
+			if err != nil {
+				return l.errorf(err.Error())
+			}
+			sb.WriteString("'")
+			sb.WriteString(str)
+			sb.WriteString("'")
+			l.next()
+			continue
+		} else if r == '\n' {
+			return l.errorf("keys cannot contain new lines")
+		} else if isSpace(r) {
+			var str strings.Builder
+			str.WriteString(" ")
+
+			// skip trailing whitespace
+			l.next()
+			for r = l.peek(); isSpace(r); r = l.peek() {
+				str.WriteRune(r)
+				l.next()
+			}
+			// break loop if not a dot
+			if r != '.' {
+				break
+			}
+			str.WriteString(".")
+			// skip trailing whitespace after dot
+			l.next()
+			for r = l.peek(); isSpace(r); r = l.peek() {
+				str.WriteRune(r)
+				l.next()
+			}
+			sb.WriteString(str.String())
+			continue
+		} else if r == '.' {
+			// skip
+		} else if !isValidBareChar(r) {
+			return l.errorf("keys cannot contain %c character", r)
+		}
+		sb.WriteRune(r)
+		l.next()
+	}
+	l.emitWithValue(tokenKey, sb.String())
+	return l.lexVoid
+}
+
+func (l *tomlLexer) lexComment(previousState tomlLexStateFn) tomlLexStateFn {
+	return func() tomlLexStateFn {
+		for next := l.peek(); next != '\n' && next != eof; next = l.peek() {
+			if next == '\r' && l.follow("\r\n") {
+				break
+			}
+			l.next()
+		}
+		l.ignore()
+		return previousState
+	}
+}
+
+func (l *tomlLexer) lexLeftBracket() tomlLexStateFn {
+	l.next()
+	l.emit(tokenLeftBracket)
+	l.brackets = append(l.brackets, '[')
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexLiteralStringAsString(terminator string, discardLeadingNewLine bool) (string, error) {
+	var sb strings.Builder
+
+	if discardLeadingNewLine {
+		if l.follow("\r\n") {
+			l.skip()
+			l.skip()
+		} else if l.peek() == '\n' {
+			l.skip()
+		}
+	}
+
+	// find end of string
+	for {
+		if l.follow(terminator) {
+			return sb.String(), nil
+		}
+
+		next := l.peek()
+		if next == eof {
+			break
+		}
+		sb.WriteRune(l.next())
+	}
+
+	return "", errors.New("unclosed string")
+}
+
+func (l *tomlLexer) lexLiteralString() tomlLexStateFn {
+	l.skip()
+
+	// handle special case for triple-quote
+	terminator := "'"
+	discardLeadingNewLine := false
+	if l.follow("''") {
+		l.skip()
+		l.skip()
+		terminator = "'''"
+		discardLeadingNewLine = true
+	}
+
+	str, err := l.lexLiteralStringAsString(terminator, discardLeadingNewLine)
+	if err != nil {
+		return l.errorf(err.Error())
+	}
+
+	l.emitWithValue(tokenString, str)
+	l.fastForward(len(terminator))
+	l.ignore()
+	return l.lexRvalue
+}
+
+// Lex a string and return the results as a string.
+// Terminator is the substring indicating the end of the token.
+// The resulting string does not include the terminator.
+func (l *tomlLexer) lexStringAsString(terminator string, discardLeadingNewLine, acceptNewLines bool) (string, error) {
+	var sb strings.Builder
+
+	if discardLeadingNewLine {
+		if l.follow("\r\n") {
+			l.skip()
+			l.skip()
+		} else if l.peek() == '\n' {
+			l.skip()
+		}
+	}
+
+	for {
+		if l.follow(terminator) {
+			return sb.String(), nil
+		}
+
+		if l.follow("\\") {
+			l.next()
+			switch l.peek() {
+			case '\r':
+				fallthrough
+			case '\n':
+				fallthrough
+			case '\t':
+				fallthrough
+			case ' ':
+				// skip all whitespace chars following backslash
+				for strings.ContainsRune("\r\n\t ", l.peek()) {
+					l.next()
+				}
+			case '"':
+				sb.WriteString("\"")
+				l.next()
+			case 'n':
+				sb.WriteString("\n")
+				l.next()
+			case 'b':
+				sb.WriteString("\b")
+				l.next()
+			case 'f':
+				sb.WriteString("\f")
+				l.next()
+			case '/':
+				sb.WriteString("/")
+				l.next()
+			case 't':
+				sb.WriteString("\t")
+				l.next()
+			case 'r':
+				sb.WriteString("\r")
+				l.next()
+			case '\\':
+				sb.WriteString("\\")
+				l.next()
+			case 'u':
+				l.next()
+				var code strings.Builder
+				for i := 0; i < 4; i++ {
+					c := l.peek()
+					if !isHexDigit(c) {
+						return "", errors.New("unfinished unicode escape")
+					}
+					l.next()
+					code.WriteRune(c)
+				}
+				intcode, err := strconv.ParseInt(code.String(), 16, 32)
+				if err != nil {
+					return "", errors.New("invalid unicode escape: \\u" + code.String())
+				}
+				sb.WriteRune(rune(intcode))
+			case 'U':
+				l.next()
+				var code strings.Builder
+				for i := 0; i < 8; i++ {
+					c := l.peek()
+					if !isHexDigit(c) {
+						return "", errors.New("unfinished unicode escape")
+					}
+					l.next()
+					code.WriteRune(c)
+				}
+				intcode, err := strconv.ParseInt(code.String(), 16, 64)
+				if err != nil {
+					return "", errors.New("invalid unicode escape: \\U" + code.String())
+				}
+				sb.WriteRune(rune(intcode))
+			default:
+				return "", errors.New("invalid escape sequence: \\" + string(l.peek()))
+			}
+		} else {
+			r := l.peek()
+
+			if 0x00 <= r && r <= 0x1F && r != '\t' && !(acceptNewLines && (r == '\n' || r == '\r')) {
+				return "", fmt.Errorf("unescaped control character %U", r)
+			}
+			l.next()
+			sb.WriteRune(r)
+		}
+
+		if l.peek() == eof {
+			break
+		}
+	}
+
+	return "", errors.New("unclosed string")
+}
+
+func (l *tomlLexer) lexString() tomlLexStateFn {
+	l.skip()
+
+	// handle special case for triple-quote
+	terminator := `"`
+	discardLeadingNewLine := false
+	acceptNewLines := false
+	if l.follow(`""`) {
+		l.skip()
+		l.skip()
+		terminator = `"""`
+		discardLeadingNewLine = true
+		acceptNewLines = true
+	}
+
+	str, err := l.lexStringAsString(terminator, discardLeadingNewLine, acceptNewLines)
+	if err != nil {
+		return l.errorf(err.Error())
+	}
+
+	l.emitWithValue(tokenString, str)
+	l.fastForward(len(terminator))
+	l.ignore()
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) lexTableKey() tomlLexStateFn {
+	l.next()
+
+	if l.peek() == '[' {
+		// token '[[' signifies an array of tables
+		l.next()
+		l.emit(tokenDoubleLeftBracket)
+		return l.lexInsideTableArrayKey
+	}
+	// vanilla table key
+	l.emit(tokenLeftBracket)
+	return l.lexInsideTableKey
+}
+
+// Parse the key till "]]", but only bare keys are supported
+func (l *tomlLexer) lexInsideTableArrayKey() tomlLexStateFn {
+	for r := l.peek(); r != eof; r = l.peek() {
+		switch r {
+		case ']':
+			if l.currentTokenStop > l.currentTokenStart {
+				l.emit(tokenKeyGroupArray)
+			}
+			l.next()
+			if l.peek() != ']' {
+				break
+			}
+			l.next()
+			l.emit(tokenDoubleRightBracket)
+			return l.lexVoid
+		case '[':
+			return l.errorf("table array key cannot contain ']'")
+		default:
+			l.next()
+		}
+	}
+	return l.errorf("unclosed table array key")
+}
+
+// Parse the key till "]" but only bare keys are supported
+func (l *tomlLexer) lexInsideTableKey() tomlLexStateFn {
+	for r := l.peek(); r != eof; r = l.peek() {
+		switch r {
+		case ']':
+			if l.currentTokenStop > l.currentTokenStart {
+				l.emit(tokenKeyGroup)
+			}
+			l.next()
+			l.emit(tokenRightBracket)
+			return l.lexVoid
+		case '[':
+			return l.errorf("table key cannot contain ']'")
+		default:
+			l.next()
+		}
+	}
+	return l.errorf("unclosed table key")
+}
+
+func (l *tomlLexer) lexRightBracket() tomlLexStateFn {
+	l.next()
+	l.emit(tokenRightBracket)
+	if len(l.brackets) == 0 || l.brackets[len(l.brackets)-1] != '[' {
+		return l.errorf("cannot have ']' here")
+	}
+	l.brackets = l.brackets[:len(l.brackets)-1]
+	return l.lexRvalue
+}
+
+type validRuneFn func(r rune) bool
+
+func isValidHexRune(r rune) bool {
+	return r >= 'a' && r <= 'f' ||
+		r >= 'A' && r <= 'F' ||
+		r >= '0' && r <= '9' ||
+		r == '_'
+}
+
+func isValidOctalRune(r rune) bool {
+	return r >= '0' && r <= '7' || r == '_'
+}
+
+func isValidBinaryRune(r rune) bool {
+	return r == '0' || r == '1' || r == '_'
+}
+
+func (l *tomlLexer) lexNumber() tomlLexStateFn {
+	r := l.peek()
+
+	if r == '0' {
+		follow := l.peekString(2)
+		if len(follow) == 2 {
+			var isValidRune validRuneFn
+			switch follow[1] {
+			case 'x':
+				isValidRune = isValidHexRune
+			case 'o':
+				isValidRune = isValidOctalRune
+			case 'b':
+				isValidRune = isValidBinaryRune
+			default:
+				if follow[1] >= 'a' && follow[1] <= 'z' || follow[1] >= 'A' && follow[1] <= 'Z' {
+					return l.errorf("unknown number base: %s. possible options are x (hex) o (octal) b (binary)", string(follow[1]))
+				}
+			}
+
+			if isValidRune != nil {
+				l.next()
+				l.next()
+				digitSeen := false
+				for {
+					next := l.peek()
+					if !isValidRune(next) {
+						break
+					}
+					digitSeen = true
+					l.next()
+				}
+
+				if !digitSeen {
+					return l.errorf("number needs at least one digit")
+				}
+
+				l.emit(tokenInteger)
+
+				return l.lexRvalue
+			}
+		}
+	}
+
+	if r == '+' || r == '-' {
+		l.next()
+		if l.follow("inf") {
+			return l.lexInf
+		}
+		if l.follow("nan") {
+			return l.lexNan
+		}
+	}
+
+	pointSeen := false
+	expSeen := false
+	digitSeen := false
+	for {
+		next := l.peek()
+		if next == '.' {
+			if pointSeen {
+				return l.errorf("cannot have two dots in one float")
+			}
+			l.next()
+			if !isDigit(l.peek()) {
+				return l.errorf("float cannot end with a dot")
+			}
+			pointSeen = true
+		} else if next == 'e' || next == 'E' {
+			expSeen = true
+			l.next()
+			r := l.peek()
+			if r == '+' || r == '-' {
+				l.next()
+			}
+		} else if isDigit(next) {
+			digitSeen = true
+			l.next()
+		} else if next == '_' {
+			l.next()
+		} else {
+			break
+		}
+		if pointSeen && !digitSeen {
+			return l.errorf("cannot start float with a dot")
+		}
+	}
+
+	if !digitSeen {
+		return l.errorf("no digit in that number")
+	}
+	if pointSeen || expSeen {
+		l.emit(tokenFloat)
+	} else {
+		l.emit(tokenInteger)
+	}
+	return l.lexRvalue
+}
+
+func (l *tomlLexer) run() {
+	for state := l.lexVoid; state != nil; {
+		state = state()
+	}
+}
+
+func init() {
+	// Regexp for all date/time formats supported by TOML.
+	// Group 1: nano precision
+	// Group 2: timezone
+	//
+	// /!\ also matches the empty string
+	//
+	// Example matches:
+	// 1979-05-27T07:32:00Z
+	// 1979-05-27T00:32:00-07:00
+	// 1979-05-27T00:32:00.999999-07:00
+	// 1979-05-27 07:32:00Z
+	// 1979-05-27 00:32:00-07:00
+	// 1979-05-27 00:32:00.999999-07:00
+	// 1979-05-27T07:32:00
+	// 1979-05-27T00:32:00.999999
+	// 1979-05-27 07:32:00
+	// 1979-05-27 00:32:00.999999
+	// 1979-05-27
+	// 07:32:00
+	// 00:32:00.999999
+	dateRegexp = regexp.MustCompile(`^(?:\d{1,4}-\d{2}-\d{2})?(?:[T ]?\d{2}:\d{2}:\d{2}(\.\d{1,9})?(Z|[+-]\d{2}:\d{2})?)?`)
+}
+
+// Entry point
+func lexToml(inputBytes []byte) []token {
+	runes := bytes.Runes(inputBytes)
+	l := &tomlLexer{
+		input:         runes,
+		tokens:        make([]token, 0, 256),
+		line:          1,
+		col:           1,
+		endbufferLine: 1,
+		endbufferCol:  1,
+	}
+	l.run()
+	return l.tokens
+}
diff --git a/vendor/github.com/pelletier/go-toml/localtime.go b/vendor/github.com/pelletier/go-toml/localtime.go
new file mode 100644
index 0000000000000..a2149e9663a8c
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/localtime.go
@@ -0,0 +1,281 @@
+// Implementation of TOML's local date/time.
+// Copied over from https://github.com/googleapis/google-cloud-go/blob/master/civil/civil.go
+// to avoid pulling all the Google dependencies.
+//
+// Copyright 2016 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package civil implements types for civil time, a time-zone-independent
+// representation of time that follows the rules of the proleptic
+// Gregorian calendar with exactly 24-hour days, 60-minute hours, and 60-second
+// minutes.
+//
+// Because they lack location information, these types do not represent unique
+// moments or intervals of time. Use time.Time for that purpose.
+package toml
+
+import (
+	"fmt"
+	"time"
+)
+
+// A LocalDate represents a date (year, month, day).
+//
+// This type does not include location information, and therefore does not
+// describe a unique 24-hour timespan.
+type LocalDate struct {
+	Year  int        // Year (e.g., 2014).
+	Month time.Month // Month of the year (January = 1, ...).
+	Day   int        // Day of the month, starting at 1.
+}
+
+// LocalDateOf returns the LocalDate in which a time occurs in that time's location.
+func LocalDateOf(t time.Time) LocalDate {
+	var d LocalDate
+	d.Year, d.Month, d.Day = t.Date()
+	return d
+}
+
+// ParseLocalDate parses a string in RFC3339 full-date format and returns the date value it represents.
+func ParseLocalDate(s string) (LocalDate, error) {
+	t, err := time.Parse("2006-01-02", s)
+	if err != nil {
+		return LocalDate{}, err
+	}
+	return LocalDateOf(t), nil
+}
+
+// String returns the date in RFC3339 full-date format.
+func (d LocalDate) String() string {
+	return fmt.Sprintf("%04d-%02d-%02d", d.Year, d.Month, d.Day)
+}
+
+// IsValid reports whether the date is valid.
+func (d LocalDate) IsValid() bool {
+	return LocalDateOf(d.In(time.UTC)) == d
+}
+
+// In returns the time corresponding to time 00:00:00 of the date in the location.
+//
+// In is always consistent with time.LocalDate, even when time.LocalDate returns a time
+// on a different day. For example, if loc is America/Indiana/Vincennes, then both
+//     time.LocalDate(1955, time.May, 1, 0, 0, 0, 0, loc)
+// and
+//     civil.LocalDate{Year: 1955, Month: time.May, Day: 1}.In(loc)
+// return 23:00:00 on April 30, 1955.
+//
+// In panics if loc is nil.
+func (d LocalDate) In(loc *time.Location) time.Time {
+	return time.Date(d.Year, d.Month, d.Day, 0, 0, 0, 0, loc)
+}
+
+// AddDays returns the date that is n days in the future.
+// n can also be negative to go into the past.
+func (d LocalDate) AddDays(n int) LocalDate {
+	return LocalDateOf(d.In(time.UTC).AddDate(0, 0, n))
+}
+
+// DaysSince returns the signed number of days between the date and s, not including the end day.
+// This is the inverse operation to AddDays.
+func (d LocalDate) DaysSince(s LocalDate) (days int) {
+	// We convert to Unix time so we do not have to worry about leap seconds:
+	// Unix time increases by exactly 86400 seconds per day.
+	deltaUnix := d.In(time.UTC).Unix() - s.In(time.UTC).Unix()
+	return int(deltaUnix / 86400)
+}
+
+// Before reports whether d1 occurs before d2.
+func (d1 LocalDate) Before(d2 LocalDate) bool {
+	if d1.Year != d2.Year {
+		return d1.Year < d2.Year
+	}
+	if d1.Month != d2.Month {
+		return d1.Month < d2.Month
+	}
+	return d1.Day < d2.Day
+}
+
+// After reports whether d1 occurs after d2.
+func (d1 LocalDate) After(d2 LocalDate) bool {
+	return d2.Before(d1)
+}
+
+// MarshalText implements the encoding.TextMarshaler interface.
+// The output is the result of d.String().
+func (d LocalDate) MarshalText() ([]byte, error) {
+	return []byte(d.String()), nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface.
+// The date is expected to be a string in a format accepted by ParseLocalDate.
+func (d *LocalDate) UnmarshalText(data []byte) error {
+	var err error
+	*d, err = ParseLocalDate(string(data))
+	return err
+}
+
+// A LocalTime represents a time with nanosecond precision.
+//
+// This type does not include location information, and therefore does not
+// describe a unique moment in time.
+//
+// This type exists to represent the TIME type in storage-based APIs like BigQuery.
+// Most operations on Times are unlikely to be meaningful. Prefer the LocalDateTime type.
+type LocalTime struct {
+	Hour       int // The hour of the day in 24-hour format; range [0-23]
+	Minute     int // The minute of the hour; range [0-59]
+	Second     int // The second of the minute; range [0-59]
+	Nanosecond int // The nanosecond of the second; range [0-999999999]
+}
+
+// LocalTimeOf returns the LocalTime representing the time of day in which a time occurs
+// in that time's location. It ignores the date.
+func LocalTimeOf(t time.Time) LocalTime {
+	var tm LocalTime
+	tm.Hour, tm.Minute, tm.Second = t.Clock()
+	tm.Nanosecond = t.Nanosecond()
+	return tm
+}
+
+// ParseLocalTime parses a string and returns the time value it represents.
+// ParseLocalTime accepts an extended form of the RFC3339 partial-time format. After
+// the HH:MM:SS part of the string, an optional fractional part may appear,
+// consisting of a decimal point followed by one to nine decimal digits.
+// (RFC3339 admits only one digit after the decimal point).
+func ParseLocalTime(s string) (LocalTime, error) {
+	t, err := time.Parse("15:04:05.999999999", s)
+	if err != nil {
+		return LocalTime{}, err
+	}
+	return LocalTimeOf(t), nil
+}
+
+// String returns the date in the format described in ParseLocalTime. If Nanoseconds
+// is zero, no fractional part will be generated. Otherwise, the result will
+// end with a fractional part consisting of a decimal point and nine digits.
+func (t LocalTime) String() string {
+	s := fmt.Sprintf("%02d:%02d:%02d", t.Hour, t.Minute, t.Second)
+	if t.Nanosecond == 0 {
+		return s
+	}
+	return s + fmt.Sprintf(".%09d", t.Nanosecond)
+}
+
+// IsValid reports whether the time is valid.
+func (t LocalTime) IsValid() bool {
+	// Construct a non-zero time.
+	tm := time.Date(2, 2, 2, t.Hour, t.Minute, t.Second, t.Nanosecond, time.UTC)
+	return LocalTimeOf(tm) == t
+}
+
+// MarshalText implements the encoding.TextMarshaler interface.
+// The output is the result of t.String().
+func (t LocalTime) MarshalText() ([]byte, error) {
+	return []byte(t.String()), nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface.
+// The time is expected to be a string in a format accepted by ParseLocalTime.
+func (t *LocalTime) UnmarshalText(data []byte) error {
+	var err error
+	*t, err = ParseLocalTime(string(data))
+	return err
+}
+
+// A LocalDateTime represents a date and time.
+//
+// This type does not include location information, and therefore does not
+// describe a unique moment in time.
+type LocalDateTime struct {
+	Date LocalDate
+	Time LocalTime
+}
+
+// Note: We deliberately do not embed LocalDate into LocalDateTime, to avoid promoting AddDays and Sub.
+
+// LocalDateTimeOf returns the LocalDateTime in which a time occurs in that time's location.
+func LocalDateTimeOf(t time.Time) LocalDateTime {
+	return LocalDateTime{
+		Date: LocalDateOf(t),
+		Time: LocalTimeOf(t),
+	}
+}
+
+// ParseLocalDateTime parses a string and returns the LocalDateTime it represents.
+// ParseLocalDateTime accepts a variant of the RFC3339 date-time format that omits
+// the time offset but includes an optional fractional time, as described in
+// ParseLocalTime. Informally, the accepted format is
+//     YYYY-MM-DDTHH:MM:SS[.FFFFFFFFF]
+// where the 'T' may be a lower-case 't'.
+func ParseLocalDateTime(s string) (LocalDateTime, error) {
+	t, err := time.Parse("2006-01-02T15:04:05.999999999", s)
+	if err != nil {
+		t, err = time.Parse("2006-01-02t15:04:05.999999999", s)
+		if err != nil {
+			return LocalDateTime{}, err
+		}
+	}
+	return LocalDateTimeOf(t), nil
+}
+
+// String returns the date in the format described in ParseLocalDate.
+func (dt LocalDateTime) String() string {
+	return dt.Date.String() + "T" + dt.Time.String()
+}
+
+// IsValid reports whether the datetime is valid.
+func (dt LocalDateTime) IsValid() bool {
+	return dt.Date.IsValid() && dt.Time.IsValid()
+}
+
+// In returns the time corresponding to the LocalDateTime in the given location.
+//
+// If the time is missing or ambigous at the location, In returns the same
+// result as time.LocalDate. For example, if loc is America/Indiana/Vincennes, then
+// both
+//     time.LocalDate(1955, time.May, 1, 0, 30, 0, 0, loc)
+// and
+//     civil.LocalDateTime{
+//         civil.LocalDate{Year: 1955, Month: time.May, Day: 1}},
+//         civil.LocalTime{Minute: 30}}.In(loc)
+// return 23:30:00 on April 30, 1955.
+//
+// In panics if loc is nil.
+func (dt LocalDateTime) In(loc *time.Location) time.Time {
+	return time.Date(dt.Date.Year, dt.Date.Month, dt.Date.Day, dt.Time.Hour, dt.Time.Minute, dt.Time.Second, dt.Time.Nanosecond, loc)
+}
+
+// Before reports whether dt1 occurs before dt2.
+func (dt1 LocalDateTime) Before(dt2 LocalDateTime) bool {
+	return dt1.In(time.UTC).Before(dt2.In(time.UTC))
+}
+
+// After reports whether dt1 occurs after dt2.
+func (dt1 LocalDateTime) After(dt2 LocalDateTime) bool {
+	return dt2.Before(dt1)
+}
+
+// MarshalText implements the encoding.TextMarshaler interface.
+// The output is the result of dt.String().
+func (dt LocalDateTime) MarshalText() ([]byte, error) {
+	return []byte(dt.String()), nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface.
+// The datetime is expected to be a string in a format accepted by ParseLocalDateTime
+func (dt *LocalDateTime) UnmarshalText(data []byte) error {
+	var err error
+	*dt, err = ParseLocalDateTime(string(data))
+	return err
+}
diff --git a/vendor/github.com/pelletier/go-toml/marshal.go b/vendor/github.com/pelletier/go-toml/marshal.go
new file mode 100644
index 0000000000000..032e0ffc52940
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/marshal.go
@@ -0,0 +1,1269 @@
+package toml
+
+import (
+	"bytes"
+	"encoding"
+	"errors"
+	"fmt"
+	"io"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	tagFieldName    = "toml"
+	tagFieldComment = "comment"
+	tagCommented    = "commented"
+	tagMultiline    = "multiline"
+	tagDefault      = "default"
+)
+
+type tomlOpts struct {
+	name         string
+	nameFromTag  bool
+	comment      string
+	commented    bool
+	multiline    bool
+	include      bool
+	omitempty    bool
+	defaultValue string
+}
+
+type encOpts struct {
+	quoteMapKeys            bool
+	arraysOneElementPerLine bool
+}
+
+var encOptsDefaults = encOpts{
+	quoteMapKeys: false,
+}
+
+type annotation struct {
+	tag          string
+	comment      string
+	commented    string
+	multiline    string
+	defaultValue string
+}
+
+var annotationDefault = annotation{
+	tag:          tagFieldName,
+	comment:      tagFieldComment,
+	commented:    tagCommented,
+	multiline:    tagMultiline,
+	defaultValue: tagDefault,
+}
+
+type marshalOrder int
+
+// Orders the Encoder can write the fields to the output stream.
+const (
+	// Sort fields alphabetically.
+	OrderAlphabetical marshalOrder = iota + 1
+	// Preserve the order the fields are encountered. For example, the order of fields in
+	// a struct.
+	OrderPreserve
+)
+
+var timeType = reflect.TypeOf(time.Time{})
+var marshalerType = reflect.TypeOf(new(Marshaler)).Elem()
+var unmarshalerType = reflect.TypeOf(new(Unmarshaler)).Elem()
+var textMarshalerType = reflect.TypeOf(new(encoding.TextMarshaler)).Elem()
+var textUnmarshalerType = reflect.TypeOf(new(encoding.TextUnmarshaler)).Elem()
+var localDateType = reflect.TypeOf(LocalDate{})
+var localTimeType = reflect.TypeOf(LocalTime{})
+var localDateTimeType = reflect.TypeOf(LocalDateTime{})
+var mapStringInterfaceType = reflect.TypeOf(map[string]interface{}{})
+
+// Check if the given marshal type maps to a Tree primitive
+func isPrimitive(mtype reflect.Type) bool {
+	switch mtype.Kind() {
+	case reflect.Ptr:
+		return isPrimitive(mtype.Elem())
+	case reflect.Bool:
+		return true
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return true
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		return true
+	case reflect.Float32, reflect.Float64:
+		return true
+	case reflect.String:
+		return true
+	case reflect.Struct:
+		return isTimeType(mtype)
+	default:
+		return false
+	}
+}
+
+func isTimeType(mtype reflect.Type) bool {
+	return mtype == timeType || mtype == localDateType || mtype == localDateTimeType || mtype == localTimeType
+}
+
+// Check if the given marshal type maps to a Tree slice or array
+func isTreeSequence(mtype reflect.Type) bool {
+	switch mtype.Kind() {
+	case reflect.Ptr:
+		return isTreeSequence(mtype.Elem())
+	case reflect.Slice, reflect.Array:
+		return isTree(mtype.Elem())
+	default:
+		return false
+	}
+}
+
+// Check if the given marshal type maps to a slice or array of a custom marshaler type
+func isCustomMarshalerSequence(mtype reflect.Type) bool {
+	switch mtype.Kind() {
+	case reflect.Ptr:
+		return isCustomMarshalerSequence(mtype.Elem())
+	case reflect.Slice, reflect.Array:
+		return isCustomMarshaler(mtype.Elem()) || isCustomMarshaler(reflect.New(mtype.Elem()).Type())
+	default:
+		return false
+	}
+}
+
+// Check if the given marshal type maps to a slice or array of a text marshaler type
+func isTextMarshalerSequence(mtype reflect.Type) bool {
+	switch mtype.Kind() {
+	case reflect.Ptr:
+		return isTextMarshalerSequence(mtype.Elem())
+	case reflect.Slice, reflect.Array:
+		return isTextMarshaler(mtype.Elem()) || isTextMarshaler(reflect.New(mtype.Elem()).Type())
+	default:
+		return false
+	}
+}
+
+// Check if the given marshal type maps to a non-Tree slice or array
+func isOtherSequence(mtype reflect.Type) bool {
+	switch mtype.Kind() {
+	case reflect.Ptr:
+		return isOtherSequence(mtype.Elem())
+	case reflect.Slice, reflect.Array:
+		return !isTreeSequence(mtype)
+	default:
+		return false
+	}
+}
+
+// Check if the given marshal type maps to a Tree
+func isTree(mtype reflect.Type) bool {
+	switch mtype.Kind() {
+	case reflect.Ptr:
+		return isTree(mtype.Elem())
+	case reflect.Map:
+		return true
+	case reflect.Struct:
+		return !isPrimitive(mtype)
+	default:
+		return false
+	}
+}
+
+func isCustomMarshaler(mtype reflect.Type) bool {
+	return mtype.Implements(marshalerType)
+}
+
+func callCustomMarshaler(mval reflect.Value) ([]byte, error) {
+	return mval.Interface().(Marshaler).MarshalTOML()
+}
+
+func isTextMarshaler(mtype reflect.Type) bool {
+	return mtype.Implements(textMarshalerType) && !isTimeType(mtype)
+}
+
+func callTextMarshaler(mval reflect.Value) ([]byte, error) {
+	return mval.Interface().(encoding.TextMarshaler).MarshalText()
+}
+
+func isCustomUnmarshaler(mtype reflect.Type) bool {
+	return mtype.Implements(unmarshalerType)
+}
+
+func callCustomUnmarshaler(mval reflect.Value, tval interface{}) error {
+	return mval.Interface().(Unmarshaler).UnmarshalTOML(tval)
+}
+
+func isTextUnmarshaler(mtype reflect.Type) bool {
+	return mtype.Implements(textUnmarshalerType)
+}
+
+func callTextUnmarshaler(mval reflect.Value, text []byte) error {
+	return mval.Interface().(encoding.TextUnmarshaler).UnmarshalText(text)
+}
+
+// Marshaler is the interface implemented by types that
+// can marshal themselves into valid TOML.
+type Marshaler interface {
+	MarshalTOML() ([]byte, error)
+}
+
+// Unmarshaler is the interface implemented by types that
+// can unmarshal a TOML description of themselves.
+type Unmarshaler interface {
+	UnmarshalTOML(interface{}) error
+}
+
+/*
+Marshal returns the TOML encoding of v.  Behavior is similar to the Go json
+encoder, except that there is no concept of a Marshaler interface or MarshalTOML
+function for sub-structs, and currently only definite types can be marshaled
+(i.e. no `interface{}`).
+
+The following struct annotations are supported:
+
+  toml:"Field"      Overrides the field's name to output.
+  omitempty         When set, empty values and groups are not emitted.
+  comment:"comment" Emits a # comment on the same line. This supports new lines.
+  commented:"true"  Emits the value as commented.
+
+Note that pointers are automatically assigned the "omitempty" option, as TOML
+explicitly does not handle null values (saying instead the label should be
+dropped).
+
+Tree structural types and corresponding marshal types:
+
+  *Tree                            (*)struct, (*)map[string]interface{}
+  []*Tree                          (*)[](*)struct, (*)[](*)map[string]interface{}
+  []interface{} (as interface{})   (*)[]primitive, (*)[]([]interface{})
+  interface{}                      (*)primitive
+
+Tree primitive types and corresponding marshal types:
+
+  uint64     uint, uint8-uint64, pointers to same
+  int64      int, int8-uint64, pointers to same
+  float64    float32, float64, pointers to same
+  string     string, pointers to same
+  bool       bool, pointers to same
+  time.LocalTime  time.LocalTime{}, pointers to same
+
+For additional flexibility, use the Encoder API.
+*/
+func Marshal(v interface{}) ([]byte, error) {
+	return NewEncoder(nil).marshal(v)
+}
+
+// Encoder writes TOML values to an output stream.
+type Encoder struct {
+	w io.Writer
+	encOpts
+	annotation
+	line        int
+	col         int
+	order       marshalOrder
+	promoteAnon bool
+	indentation string
+}
+
+// NewEncoder returns a new encoder that writes to w.
+func NewEncoder(w io.Writer) *Encoder {
+	return &Encoder{
+		w:           w,
+		encOpts:     encOptsDefaults,
+		annotation:  annotationDefault,
+		line:        0,
+		col:         1,
+		order:       OrderAlphabetical,
+		indentation: "  ",
+	}
+}
+
+// Encode writes the TOML encoding of v to the stream.
+//
+// See the documentation for Marshal for details.
+func (e *Encoder) Encode(v interface{}) error {
+	b, err := e.marshal(v)
+	if err != nil {
+		return err
+	}
+	if _, err := e.w.Write(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+// QuoteMapKeys sets up the encoder to encode
+// maps with string type keys with quoted TOML keys.
+//
+// This relieves the character limitations on map keys.
+func (e *Encoder) QuoteMapKeys(v bool) *Encoder {
+	e.quoteMapKeys = v
+	return e
+}
+
+// ArraysWithOneElementPerLine sets up the encoder to encode arrays
+// with more than one element on multiple lines instead of one.
+//
+// For example:
+//
+//   A = [1,2,3]
+//
+// Becomes
+//
+//   A = [
+//     1,
+//     2,
+//     3,
+//   ]
+func (e *Encoder) ArraysWithOneElementPerLine(v bool) *Encoder {
+	e.arraysOneElementPerLine = v
+	return e
+}
+
+// Order allows to change in which order fields will be written to the output stream.
+func (e *Encoder) Order(ord marshalOrder) *Encoder {
+	e.order = ord
+	return e
+}
+
+// Indentation allows to change indentation when marshalling.
+func (e *Encoder) Indentation(indent string) *Encoder {
+	e.indentation = indent
+	return e
+}
+
+// SetTagName allows changing default tag "toml"
+func (e *Encoder) SetTagName(v string) *Encoder {
+	e.tag = v
+	return e
+}
+
+// SetTagComment allows changing default tag "comment"
+func (e *Encoder) SetTagComment(v string) *Encoder {
+	e.comment = v
+	return e
+}
+
+// SetTagCommented allows changing default tag "commented"
+func (e *Encoder) SetTagCommented(v string) *Encoder {
+	e.commented = v
+	return e
+}
+
+// SetTagMultiline allows changing default tag "multiline"
+func (e *Encoder) SetTagMultiline(v string) *Encoder {
+	e.multiline = v
+	return e
+}
+
+// PromoteAnonymous allows to change how anonymous struct fields are marshaled.
+// Usually, they are marshaled as if the inner exported fields were fields in
+// the outer struct. However, if an anonymous struct field is given a name in
+// its TOML tag, it is treated like a regular struct field with that name.
+// rather than being anonymous.
+//
+// In case anonymous promotion is enabled, all anonymous structs are promoted
+// and treated like regular struct fields.
+func (e *Encoder) PromoteAnonymous(promote bool) *Encoder {
+	e.promoteAnon = promote
+	return e
+}
+
+func (e *Encoder) marshal(v interface{}) ([]byte, error) {
+	// Check if indentation is valid
+	for _, char := range e.indentation {
+		if !isSpace(char) {
+			return []byte{}, fmt.Errorf("invalid indentation: must only contains space or tab characters")
+		}
+	}
+
+	mtype := reflect.TypeOf(v)
+	if mtype == nil {
+		return []byte{}, errors.New("nil cannot be marshaled to TOML")
+	}
+
+	switch mtype.Kind() {
+	case reflect.Struct, reflect.Map:
+	case reflect.Ptr:
+		if mtype.Elem().Kind() != reflect.Struct {
+			return []byte{}, errors.New("Only pointer to struct can be marshaled to TOML")
+		}
+		if reflect.ValueOf(v).IsNil() {
+			return []byte{}, errors.New("nil pointer cannot be marshaled to TOML")
+		}
+	default:
+		return []byte{}, errors.New("Only a struct or map can be marshaled to TOML")
+	}
+
+	sval := reflect.ValueOf(v)
+	if isCustomMarshaler(mtype) {
+		return callCustomMarshaler(sval)
+	}
+	if isTextMarshaler(mtype) {
+		return callTextMarshaler(sval)
+	}
+	t, err := e.valueToTree(mtype, sval)
+	if err != nil {
+		return []byte{}, err
+	}
+
+	var buf bytes.Buffer
+	_, err = t.writeToOrdered(&buf, "", "", 0, e.arraysOneElementPerLine, e.order, e.indentation, false)
+
+	return buf.Bytes(), err
+}
+
+// Create next tree with a position based on Encoder.line
+func (e *Encoder) nextTree() *Tree {
+	return newTreeWithPosition(Position{Line: e.line, Col: 1})
+}
+
+// Convert given marshal struct or map value to toml tree
+func (e *Encoder) valueToTree(mtype reflect.Type, mval reflect.Value) (*Tree, error) {
+	if mtype.Kind() == reflect.Ptr {
+		return e.valueToTree(mtype.Elem(), mval.Elem())
+	}
+	tval := e.nextTree()
+	switch mtype.Kind() {
+	case reflect.Struct:
+		switch mval.Interface().(type) {
+		case Tree:
+			reflect.ValueOf(tval).Elem().Set(mval)
+		default:
+			for i := 0; i < mtype.NumField(); i++ {
+				mtypef, mvalf := mtype.Field(i), mval.Field(i)
+				opts := tomlOptions(mtypef, e.annotation)
+				if opts.include && ((mtypef.Type.Kind() != reflect.Interface && !opts.omitempty) || !isZero(mvalf)) {
+					val, err := e.valueToToml(mtypef.Type, mvalf)
+					if err != nil {
+						return nil, err
+					}
+					if tree, ok := val.(*Tree); ok && mtypef.Anonymous && !opts.nameFromTag && !e.promoteAnon {
+						e.appendTree(tval, tree)
+					} else {
+						val = e.wrapTomlValue(val, tval)
+						tval.SetPathWithOptions([]string{opts.name}, SetOptions{
+							Comment:   opts.comment,
+							Commented: opts.commented,
+							Multiline: opts.multiline,
+						}, val)
+					}
+				}
+			}
+		}
+	case reflect.Map:
+		keys := mval.MapKeys()
+		if e.order == OrderPreserve && len(keys) > 0 {
+			// Sorting []reflect.Value is not straight forward.
+			//
+			// OrderPreserve will support deterministic results when string is used
+			// as the key to maps.
+			typ := keys[0].Type()
+			kind := keys[0].Kind()
+			if kind == reflect.String {
+				ikeys := make([]string, len(keys))
+				for i := range keys {
+					ikeys[i] = keys[i].Interface().(string)
+				}
+				sort.Strings(ikeys)
+				for i := range ikeys {
+					keys[i] = reflect.ValueOf(ikeys[i]).Convert(typ)
+				}
+			}
+		}
+		for _, key := range keys {
+			mvalf := mval.MapIndex(key)
+			if (mtype.Elem().Kind() == reflect.Ptr || mtype.Elem().Kind() == reflect.Interface) && mvalf.IsNil() {
+				continue
+			}
+			val, err := e.valueToToml(mtype.Elem(), mvalf)
+			if err != nil {
+				return nil, err
+			}
+			val = e.wrapTomlValue(val, tval)
+			if e.quoteMapKeys {
+				keyStr, err := tomlValueStringRepresentation(key.String(), "", "", e.order, e.arraysOneElementPerLine)
+				if err != nil {
+					return nil, err
+				}
+				tval.SetPath([]string{keyStr}, val)
+			} else {
+				tval.SetPath([]string{key.String()}, val)
+			}
+		}
+	}
+	return tval, nil
+}
+
+// Convert given marshal slice to slice of Toml trees
+func (e *Encoder) valueToTreeSlice(mtype reflect.Type, mval reflect.Value) ([]*Tree, error) {
+	tval := make([]*Tree, mval.Len(), mval.Len())
+	for i := 0; i < mval.Len(); i++ {
+		val, err := e.valueToTree(mtype.Elem(), mval.Index(i))
+		if err != nil {
+			return nil, err
+		}
+		tval[i] = val
+	}
+	return tval, nil
+}
+
+// Convert given marshal slice to slice of toml values
+func (e *Encoder) valueToOtherSlice(mtype reflect.Type, mval reflect.Value) (interface{}, error) {
+	tval := make([]interface{}, mval.Len(), mval.Len())
+	for i := 0; i < mval.Len(); i++ {
+		val, err := e.valueToToml(mtype.Elem(), mval.Index(i))
+		if err != nil {
+			return nil, err
+		}
+		tval[i] = val
+	}
+	return tval, nil
+}
+
+// Convert given marshal value to toml value
+func (e *Encoder) valueToToml(mtype reflect.Type, mval reflect.Value) (interface{}, error) {
+	if mtype.Kind() == reflect.Ptr {
+		switch {
+		case isCustomMarshaler(mtype):
+			return callCustomMarshaler(mval)
+		case isTextMarshaler(mtype):
+			b, err := callTextMarshaler(mval)
+			return string(b), err
+		default:
+			return e.valueToToml(mtype.Elem(), mval.Elem())
+		}
+	}
+	if mtype.Kind() == reflect.Interface {
+		return e.valueToToml(mval.Elem().Type(), mval.Elem())
+	}
+	switch {
+	case isCustomMarshaler(mtype):
+		return callCustomMarshaler(mval)
+	case isTextMarshaler(mtype):
+		b, err := callTextMarshaler(mval)
+		return string(b), err
+	case isTree(mtype):
+		return e.valueToTree(mtype, mval)
+	case isOtherSequence(mtype), isCustomMarshalerSequence(mtype), isTextMarshalerSequence(mtype):
+		return e.valueToOtherSlice(mtype, mval)
+	case isTreeSequence(mtype):
+		return e.valueToTreeSlice(mtype, mval)
+	default:
+		switch mtype.Kind() {
+		case reflect.Bool:
+			return mval.Bool(), nil
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			if mtype.Kind() == reflect.Int64 && mtype == reflect.TypeOf(time.Duration(1)) {
+				return fmt.Sprint(mval), nil
+			}
+			return mval.Int(), nil
+		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+			return mval.Uint(), nil
+		case reflect.Float32, reflect.Float64:
+			return mval.Float(), nil
+		case reflect.String:
+			return mval.String(), nil
+		case reflect.Struct:
+			return mval.Interface(), nil
+		default:
+			return nil, fmt.Errorf("Marshal can't handle %v(%v)", mtype, mtype.Kind())
+		}
+	}
+}
+
+func (e *Encoder) appendTree(t, o *Tree) error {
+	for key, value := range o.values {
+		if _, ok := t.values[key]; ok {
+			continue
+		}
+		if tomlValue, ok := value.(*tomlValue); ok {
+			tomlValue.position.Col = t.position.Col
+		}
+		t.values[key] = value
+	}
+	return nil
+}
+
+// Create a toml value with the current line number as the position line
+func (e *Encoder) wrapTomlValue(val interface{}, parent *Tree) interface{} {
+	_, isTree := val.(*Tree)
+	_, isTreeS := val.([]*Tree)
+	if isTree || isTreeS {
+		return val
+	}
+
+	ret := &tomlValue{
+		value: val,
+		position: Position{
+			e.line,
+			parent.position.Col,
+		},
+	}
+	e.line++
+	return ret
+}
+
+// Unmarshal attempts to unmarshal the Tree into a Go struct pointed by v.
+// Neither Unmarshaler interfaces nor UnmarshalTOML functions are supported for
+// sub-structs, and only definite types can be unmarshaled.
+func (t *Tree) Unmarshal(v interface{}) error {
+	d := Decoder{tval: t, tagName: tagFieldName}
+	return d.unmarshal(v)
+}
+
+// Marshal returns the TOML encoding of Tree.
+// See Marshal() documentation for types mapping table.
+func (t *Tree) Marshal() ([]byte, error) {
+	var buf bytes.Buffer
+	_, err := t.WriteTo(&buf)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// Unmarshal parses the TOML-encoded data and stores the result in the value
+// pointed to by v. Behavior is similar to the Go json encoder, except that there
+// is no concept of an Unmarshaler interface or UnmarshalTOML function for
+// sub-structs, and currently only definite types can be unmarshaled to (i.e. no
+// `interface{}`).
+//
+// The following struct annotations are supported:
+//
+//   toml:"Field" Overrides the field's name to map to.
+//   default:"foo" Provides a default value.
+//
+// For default values, only fields of the following types are supported:
+//   * string
+//   * bool
+//   * int
+//   * int64
+//   * float64
+//
+// See Marshal() documentation for types mapping table.
+func Unmarshal(data []byte, v interface{}) error {
+	t, err := LoadReader(bytes.NewReader(data))
+	if err != nil {
+		return err
+	}
+	return t.Unmarshal(v)
+}
+
+// Decoder reads and decodes TOML values from an input stream.
+type Decoder struct {
+	r    io.Reader
+	tval *Tree
+	encOpts
+	tagName string
+	strict  bool
+	visitor visitorState
+}
+
+// NewDecoder returns a new decoder that reads from r.
+func NewDecoder(r io.Reader) *Decoder {
+	return &Decoder{
+		r:       r,
+		encOpts: encOptsDefaults,
+		tagName: tagFieldName,
+	}
+}
+
+// Decode reads a TOML-encoded value from it's input
+// and unmarshals it in the value pointed at by v.
+//
+// See the documentation for Marshal for details.
+func (d *Decoder) Decode(v interface{}) error {
+	var err error
+	d.tval, err = LoadReader(d.r)
+	if err != nil {
+		return err
+	}
+	return d.unmarshal(v)
+}
+
+// SetTagName allows changing default tag "toml"
+func (d *Decoder) SetTagName(v string) *Decoder {
+	d.tagName = v
+	return d
+}
+
+// Strict allows changing to strict decoding. Any fields that are found in the
+// input data and do not have a corresponding struct member cause an error.
+func (d *Decoder) Strict(strict bool) *Decoder {
+	d.strict = strict
+	return d
+}
+
+func (d *Decoder) unmarshal(v interface{}) error {
+	mtype := reflect.TypeOf(v)
+	if mtype == nil {
+		return errors.New("nil cannot be unmarshaled from TOML")
+	}
+	if mtype.Kind() != reflect.Ptr {
+		return errors.New("only a pointer to struct or map can be unmarshaled from TOML")
+	}
+
+	elem := mtype.Elem()
+
+	switch elem.Kind() {
+	case reflect.Struct, reflect.Map:
+	case reflect.Interface:
+		elem = mapStringInterfaceType
+	default:
+		return errors.New("only a pointer to struct or map can be unmarshaled from TOML")
+	}
+
+	if reflect.ValueOf(v).IsNil() {
+		return errors.New("nil pointer cannot be unmarshaled from TOML")
+	}
+
+	vv := reflect.ValueOf(v).Elem()
+
+	if d.strict {
+		d.visitor = newVisitorState(d.tval)
+	}
+
+	sval, err := d.valueFromTree(elem, d.tval, &vv)
+	if err != nil {
+		return err
+	}
+	if err := d.visitor.validate(); err != nil {
+		return err
+	}
+	reflect.ValueOf(v).Elem().Set(sval)
+	return nil
+}
+
+// Convert toml tree to marshal struct or map, using marshal type. When mval1
+// is non-nil, merge fields into the given value instead of allocating a new one.
+func (d *Decoder) valueFromTree(mtype reflect.Type, tval *Tree, mval1 *reflect.Value) (reflect.Value, error) {
+	if mtype.Kind() == reflect.Ptr {
+		return d.unwrapPointer(mtype, tval, mval1)
+	}
+
+	// Check if pointer to value implements the Unmarshaler interface.
+	if mvalPtr := reflect.New(mtype); isCustomUnmarshaler(mvalPtr.Type()) {
+		d.visitor.visitAll()
+
+		if tval == nil {
+			return mvalPtr.Elem(), nil
+		}
+
+		if err := callCustomUnmarshaler(mvalPtr, tval.ToMap()); err != nil {
+			return reflect.ValueOf(nil), fmt.Errorf("unmarshal toml: %v", err)
+		}
+		return mvalPtr.Elem(), nil
+	}
+
+	var mval reflect.Value
+	switch mtype.Kind() {
+	case reflect.Struct:
+		if mval1 != nil {
+			mval = *mval1
+		} else {
+			mval = reflect.New(mtype).Elem()
+		}
+
+		switch mval.Interface().(type) {
+		case Tree:
+			mval.Set(reflect.ValueOf(tval).Elem())
+		default:
+			for i := 0; i < mtype.NumField(); i++ {
+				mtypef := mtype.Field(i)
+				an := annotation{tag: d.tagName}
+				opts := tomlOptions(mtypef, an)
+				if !opts.include {
+					continue
+				}
+				baseKey := opts.name
+				keysToTry := []string{
+					baseKey,
+					strings.ToLower(baseKey),
+					strings.ToTitle(baseKey),
+					strings.ToLower(string(baseKey[0])) + baseKey[1:],
+				}
+
+				found := false
+				if tval != nil {
+					for _, key := range keysToTry {
+						exists := tval.HasPath([]string{key})
+						if !exists {
+							continue
+						}
+
+						d.visitor.push(key)
+						val := tval.GetPath([]string{key})
+						fval := mval.Field(i)
+						mvalf, err := d.valueFromToml(mtypef.Type, val, &fval)
+						if err != nil {
+							return mval, formatError(err, tval.GetPositionPath([]string{key}))
+						}
+						mval.Field(i).Set(mvalf)
+						found = true
+						d.visitor.pop()
+						break
+					}
+				}
+
+				if !found && opts.defaultValue != "" {
+					mvalf := mval.Field(i)
+					var val interface{}
+					var err error
+					switch mvalf.Kind() {
+					case reflect.String:
+						val = opts.defaultValue
+					case reflect.Bool:
+						val, err = strconv.ParseBool(opts.defaultValue)
+					case reflect.Uint:
+						val, err = strconv.ParseUint(opts.defaultValue, 10, 0)
+					case reflect.Uint8:
+						val, err = strconv.ParseUint(opts.defaultValue, 10, 8)
+					case reflect.Uint16:
+						val, err = strconv.ParseUint(opts.defaultValue, 10, 16)
+					case reflect.Uint32:
+						val, err = strconv.ParseUint(opts.defaultValue, 10, 32)
+					case reflect.Uint64:
+						val, err = strconv.ParseUint(opts.defaultValue, 10, 64)
+					case reflect.Int:
+						val, err = strconv.ParseInt(opts.defaultValue, 10, 0)
+					case reflect.Int8:
+						val, err = strconv.ParseInt(opts.defaultValue, 10, 8)
+					case reflect.Int16:
+						val, err = strconv.ParseInt(opts.defaultValue, 10, 16)
+					case reflect.Int32:
+						val, err = strconv.ParseInt(opts.defaultValue, 10, 32)
+					case reflect.Int64:
+						val, err = strconv.ParseInt(opts.defaultValue, 10, 64)
+					case reflect.Float32:
+						val, err = strconv.ParseFloat(opts.defaultValue, 32)
+					case reflect.Float64:
+						val, err = strconv.ParseFloat(opts.defaultValue, 64)
+					default:
+						return mvalf, fmt.Errorf("unsupported field type for default option")
+					}
+
+					if err != nil {
+						return mvalf, err
+					}
+					mvalf.Set(reflect.ValueOf(val).Convert(mvalf.Type()))
+				}
+
+				// save the old behavior above and try to check structs
+				if !found && opts.defaultValue == "" && mtypef.Type.Kind() == reflect.Struct {
+					tmpTval := tval
+					if !mtypef.Anonymous {
+						tmpTval = nil
+					}
+					fval := mval.Field(i)
+					v, err := d.valueFromTree(mtypef.Type, tmpTval, &fval)
+					if err != nil {
+						return v, err
+					}
+					mval.Field(i).Set(v)
+				}
+			}
+		}
+	case reflect.Map:
+		mval = reflect.MakeMap(mtype)
+		for _, key := range tval.Keys() {
+			d.visitor.push(key)
+			// TODO: path splits key
+			val := tval.GetPath([]string{key})
+			mvalf, err := d.valueFromToml(mtype.Elem(), val, nil)
+			if err != nil {
+				return mval, formatError(err, tval.GetPositionPath([]string{key}))
+			}
+			mval.SetMapIndex(reflect.ValueOf(key).Convert(mtype.Key()), mvalf)
+			d.visitor.pop()
+		}
+	}
+	return mval, nil
+}
+
+// Convert toml value to marshal struct/map slice, using marshal type
+func (d *Decoder) valueFromTreeSlice(mtype reflect.Type, tval []*Tree) (reflect.Value, error) {
+	mval, err := makeSliceOrArray(mtype, len(tval))
+	if err != nil {
+		return mval, err
+	}
+
+	for i := 0; i < len(tval); i++ {
+		d.visitor.push(strconv.Itoa(i))
+		val, err := d.valueFromTree(mtype.Elem(), tval[i], nil)
+		if err != nil {
+			return mval, err
+		}
+		mval.Index(i).Set(val)
+		d.visitor.pop()
+	}
+	return mval, nil
+}
+
+// Convert toml value to marshal primitive slice, using marshal type
+func (d *Decoder) valueFromOtherSlice(mtype reflect.Type, tval []interface{}) (reflect.Value, error) {
+	mval, err := makeSliceOrArray(mtype, len(tval))
+	if err != nil {
+		return mval, err
+	}
+
+	for i := 0; i < len(tval); i++ {
+		val, err := d.valueFromToml(mtype.Elem(), tval[i], nil)
+		if err != nil {
+			return mval, err
+		}
+		mval.Index(i).Set(val)
+	}
+	return mval, nil
+}
+
+// Convert toml value to marshal primitive slice, using marshal type
+func (d *Decoder) valueFromOtherSliceI(mtype reflect.Type, tval interface{}) (reflect.Value, error) {
+	val := reflect.ValueOf(tval)
+	length := val.Len()
+
+	mval, err := makeSliceOrArray(mtype, length)
+	if err != nil {
+		return mval, err
+	}
+
+	for i := 0; i < length; i++ {
+		val, err := d.valueFromToml(mtype.Elem(), val.Index(i).Interface(), nil)
+		if err != nil {
+			return mval, err
+		}
+		mval.Index(i).Set(val)
+	}
+	return mval, nil
+}
+
+// Create a new slice or a new array with specified length
+func makeSliceOrArray(mtype reflect.Type, tLength int) (reflect.Value, error) {
+	var mval reflect.Value
+	switch mtype.Kind() {
+	case reflect.Slice:
+		mval = reflect.MakeSlice(mtype, tLength, tLength)
+	case reflect.Array:
+		mval = reflect.New(reflect.ArrayOf(mtype.Len(), mtype.Elem())).Elem()
+		if tLength > mtype.Len() {
+			return mval, fmt.Errorf("unmarshal: TOML array length (%v) exceeds destination array length (%v)", tLength, mtype.Len())
+		}
+	}
+	return mval, nil
+}
+
+// Convert toml value to marshal value, using marshal type. When mval1 is non-nil
+// and the given type is a struct value, merge fields into it.
+func (d *Decoder) valueFromToml(mtype reflect.Type, tval interface{}, mval1 *reflect.Value) (reflect.Value, error) {
+	if mtype.Kind() == reflect.Ptr {
+		return d.unwrapPointer(mtype, tval, mval1)
+	}
+
+	switch t := tval.(type) {
+	case *Tree:
+		var mval11 *reflect.Value
+		if mtype.Kind() == reflect.Struct {
+			mval11 = mval1
+		}
+
+		if isTree(mtype) {
+			return d.valueFromTree(mtype, t, mval11)
+		}
+
+		if mtype.Kind() == reflect.Interface {
+			if mval1 == nil || mval1.IsNil() {
+				return d.valueFromTree(reflect.TypeOf(map[string]interface{}{}), t, nil)
+			} else {
+				return d.valueFromToml(mval1.Elem().Type(), t, nil)
+			}
+		}
+
+		return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to a tree", tval, tval)
+	case []*Tree:
+		if isTreeSequence(mtype) {
+			return d.valueFromTreeSlice(mtype, t)
+		}
+		if mtype.Kind() == reflect.Interface {
+			if mval1 == nil || mval1.IsNil() {
+				return d.valueFromTreeSlice(reflect.TypeOf([]map[string]interface{}{}), t)
+			} else {
+				ival := mval1.Elem()
+				return d.valueFromToml(mval1.Elem().Type(), t, &ival)
+			}
+		}
+		return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to trees", tval, tval)
+	case []interface{}:
+		d.visitor.visit()
+		if isOtherSequence(mtype) {
+			return d.valueFromOtherSlice(mtype, t)
+		}
+		if mtype.Kind() == reflect.Interface {
+			if mval1 == nil || mval1.IsNil() {
+				return d.valueFromOtherSlice(reflect.TypeOf([]interface{}{}), t)
+			} else {
+				ival := mval1.Elem()
+				return d.valueFromToml(mval1.Elem().Type(), t, &ival)
+			}
+		}
+		return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to a slice", tval, tval)
+	default:
+		d.visitor.visit()
+		// Check if pointer to value implements the encoding.TextUnmarshaler.
+		if mvalPtr := reflect.New(mtype); isTextUnmarshaler(mvalPtr.Type()) && !isTimeType(mtype) {
+			if err := d.unmarshalText(tval, mvalPtr); err != nil {
+				return reflect.ValueOf(nil), fmt.Errorf("unmarshal text: %v", err)
+			}
+			return mvalPtr.Elem(), nil
+		}
+
+		switch mtype.Kind() {
+		case reflect.Bool, reflect.Struct:
+			val := reflect.ValueOf(tval)
+
+			switch val.Type() {
+			case localDateType:
+				localDate := val.Interface().(LocalDate)
+				switch mtype {
+				case timeType:
+					return reflect.ValueOf(time.Date(localDate.Year, localDate.Month, localDate.Day, 0, 0, 0, 0, time.Local)), nil
+				}
+			case localDateTimeType:
+				localDateTime := val.Interface().(LocalDateTime)
+				switch mtype {
+				case timeType:
+					return reflect.ValueOf(time.Date(
+						localDateTime.Date.Year,
+						localDateTime.Date.Month,
+						localDateTime.Date.Day,
+						localDateTime.Time.Hour,
+						localDateTime.Time.Minute,
+						localDateTime.Time.Second,
+						localDateTime.Time.Nanosecond,
+						time.Local)), nil
+				}
+			}
+
+			// if this passes for when mtype is reflect.Struct, tval is a time.LocalTime
+			if !val.Type().ConvertibleTo(mtype) {
+				return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v", tval, tval, mtype.String())
+			}
+
+			return val.Convert(mtype), nil
+		case reflect.String:
+			val := reflect.ValueOf(tval)
+			// stupidly, int64 is convertible to string. So special case this.
+			if !val.Type().ConvertibleTo(mtype) || val.Kind() == reflect.Int64 {
+				return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v", tval, tval, mtype.String())
+			}
+
+			return val.Convert(mtype), nil
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			val := reflect.ValueOf(tval)
+			if mtype.Kind() == reflect.Int64 && mtype == reflect.TypeOf(time.Duration(1)) && val.Kind() == reflect.String {
+				d, err := time.ParseDuration(val.String())
+				if err != nil {
+					return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v. %s", tval, tval, mtype.String(), err)
+				}
+				return reflect.ValueOf(d), nil
+			}
+			if !val.Type().ConvertibleTo(mtype) || val.Kind() == reflect.Float64 {
+				return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v", tval, tval, mtype.String())
+			}
+			if reflect.Indirect(reflect.New(mtype)).OverflowInt(val.Convert(reflect.TypeOf(int64(0))).Int()) {
+				return reflect.ValueOf(nil), fmt.Errorf("%v(%T) would overflow %v", tval, tval, mtype.String())
+			}
+
+			return val.Convert(mtype), nil
+		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+			val := reflect.ValueOf(tval)
+			if !val.Type().ConvertibleTo(mtype) || val.Kind() == reflect.Float64 {
+				return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v", tval, tval, mtype.String())
+			}
+
+			if val.Convert(reflect.TypeOf(int(1))).Int() < 0 {
+				return reflect.ValueOf(nil), fmt.Errorf("%v(%T) is negative so does not fit in %v", tval, tval, mtype.String())
+			}
+			if reflect.Indirect(reflect.New(mtype)).OverflowUint(val.Convert(reflect.TypeOf(uint64(0))).Uint()) {
+				return reflect.ValueOf(nil), fmt.Errorf("%v(%T) would overflow %v", tval, tval, mtype.String())
+			}
+
+			return val.Convert(mtype), nil
+		case reflect.Float32, reflect.Float64:
+			val := reflect.ValueOf(tval)
+			if !val.Type().ConvertibleTo(mtype) || val.Kind() == reflect.Int64 {
+				return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v", tval, tval, mtype.String())
+			}
+			if reflect.Indirect(reflect.New(mtype)).OverflowFloat(val.Convert(reflect.TypeOf(float64(0))).Float()) {
+				return reflect.ValueOf(nil), fmt.Errorf("%v(%T) would overflow %v", tval, tval, mtype.String())
+			}
+
+			return val.Convert(mtype), nil
+		case reflect.Interface:
+			if mval1 == nil || mval1.IsNil() {
+				return reflect.ValueOf(tval), nil
+			} else {
+				ival := mval1.Elem()
+				return d.valueFromToml(mval1.Elem().Type(), t, &ival)
+			}
+		case reflect.Slice, reflect.Array:
+			if isOtherSequence(mtype) && isOtherSequence(reflect.TypeOf(t)) {
+				return d.valueFromOtherSliceI(mtype, t)
+			}
+			return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v(%v)", tval, tval, mtype, mtype.Kind())
+		default:
+			return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v(%v)", tval, tval, mtype, mtype.Kind())
+		}
+	}
+}
+
+func (d *Decoder) unwrapPointer(mtype reflect.Type, tval interface{}, mval1 *reflect.Value) (reflect.Value, error) {
+	var melem *reflect.Value
+
+	if mval1 != nil && !mval1.IsNil() && (mtype.Elem().Kind() == reflect.Struct || mtype.Elem().Kind() == reflect.Interface) {
+		elem := mval1.Elem()
+		melem = &elem
+	}
+
+	val, err := d.valueFromToml(mtype.Elem(), tval, melem)
+	if err != nil {
+		return reflect.ValueOf(nil), err
+	}
+	mval := reflect.New(mtype.Elem())
+	mval.Elem().Set(val)
+	return mval, nil
+}
+
+func (d *Decoder) unmarshalText(tval interface{}, mval reflect.Value) error {
+	var buf bytes.Buffer
+	fmt.Fprint(&buf, tval)
+	return callTextUnmarshaler(mval, buf.Bytes())
+}
+
+func tomlOptions(vf reflect.StructField, an annotation) tomlOpts {
+	tag := vf.Tag.Get(an.tag)
+	parse := strings.Split(tag, ",")
+	var comment string
+	if c := vf.Tag.Get(an.comment); c != "" {
+		comment = c
+	}
+	commented, _ := strconv.ParseBool(vf.Tag.Get(an.commented))
+	multiline, _ := strconv.ParseBool(vf.Tag.Get(an.multiline))
+	defaultValue := vf.Tag.Get(tagDefault)
+	result := tomlOpts{
+		name:         vf.Name,
+		nameFromTag:  false,
+		comment:      comment,
+		commented:    commented,
+		multiline:    multiline,
+		include:      true,
+		omitempty:    false,
+		defaultValue: defaultValue,
+	}
+	if parse[0] != "" {
+		if parse[0] == "-" && len(parse) == 1 {
+			result.include = false
+		} else {
+			result.name = strings.Trim(parse[0], " ")
+			result.nameFromTag = true
+		}
+	}
+	if vf.PkgPath != "" {
+		result.include = false
+	}
+	if len(parse) > 1 && strings.Trim(parse[1], " ") == "omitempty" {
+		result.omitempty = true
+	}
+	if vf.Type.Kind() == reflect.Ptr {
+		result.omitempty = true
+	}
+	return result
+}
+
+func isZero(val reflect.Value) bool {
+	switch val.Type().Kind() {
+	case reflect.Slice, reflect.Array, reflect.Map:
+		return val.Len() == 0
+	default:
+		return reflect.DeepEqual(val.Interface(), reflect.Zero(val.Type()).Interface())
+	}
+}
+
+func formatError(err error, pos Position) error {
+	if err.Error()[0] == '(' { // Error already contains position information
+		return err
+	}
+	return fmt.Errorf("%s: %s", pos, err)
+}
+
+// visitorState keeps track of which keys were unmarshaled.
+type visitorState struct {
+	tree   *Tree
+	path   []string
+	keys   map[string]struct{}
+	active bool
+}
+
+func newVisitorState(tree *Tree) visitorState {
+	path, result := []string{}, map[string]struct{}{}
+	insertKeys(path, result, tree)
+	return visitorState{
+		tree:   tree,
+		path:   path[:0],
+		keys:   result,
+		active: true,
+	}
+}
+
+func (s *visitorState) push(key string) {
+	if s.active {
+		s.path = append(s.path, key)
+	}
+}
+
+func (s *visitorState) pop() {
+	if s.active {
+		s.path = s.path[:len(s.path)-1]
+	}
+}
+
+func (s *visitorState) visit() {
+	if s.active {
+		delete(s.keys, strings.Join(s.path, "."))
+	}
+}
+
+func (s *visitorState) visitAll() {
+	if s.active {
+		for k := range s.keys {
+			if strings.HasPrefix(k, strings.Join(s.path, ".")) {
+				delete(s.keys, k)
+			}
+		}
+	}
+}
+
+func (s *visitorState) validate() error {
+	if !s.active {
+		return nil
+	}
+	undecoded := make([]string, 0, len(s.keys))
+	for key := range s.keys {
+		undecoded = append(undecoded, key)
+	}
+	sort.Strings(undecoded)
+	if len(undecoded) > 0 {
+		return fmt.Errorf("undecoded keys: %q", undecoded)
+	}
+	return nil
+}
+
+func insertKeys(path []string, m map[string]struct{}, tree *Tree) {
+	for k, v := range tree.values {
+		switch node := v.(type) {
+		case []*Tree:
+			for i, item := range node {
+				insertKeys(append(path, k, strconv.Itoa(i)), m, item)
+			}
+		case *Tree:
+			insertKeys(append(path, k), m, node)
+		case *tomlValue:
+			m[strings.Join(append(path, k), ".")] = struct{}{}
+		}
+	}
+}
diff --git a/vendor/github.com/pelletier/go-toml/parser.go b/vendor/github.com/pelletier/go-toml/parser.go
new file mode 100644
index 0000000000000..7bf40bbdc7e06
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/parser.go
@@ -0,0 +1,493 @@
+// TOML Parser.
+
+package toml
+
+import (
+	"errors"
+	"fmt"
+	"math"
+	"reflect"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+)
+
+type tomlParser struct {
+	flowIdx       int
+	flow          []token
+	tree          *Tree
+	currentTable  []string
+	seenTableKeys []string
+}
+
+type tomlParserStateFn func() tomlParserStateFn
+
+// Formats and panics an error message based on a token
+func (p *tomlParser) raiseError(tok *token, msg string, args ...interface{}) {
+	panic(tok.Position.String() + ": " + fmt.Sprintf(msg, args...))
+}
+
+func (p *tomlParser) run() {
+	for state := p.parseStart; state != nil; {
+		state = state()
+	}
+}
+
+func (p *tomlParser) peek() *token {
+	if p.flowIdx >= len(p.flow) {
+		return nil
+	}
+	return &p.flow[p.flowIdx]
+}
+
+func (p *tomlParser) assume(typ tokenType) {
+	tok := p.getToken()
+	if tok == nil {
+		p.raiseError(tok, "was expecting token %s, but token stream is empty", tok)
+	}
+	if tok.typ != typ {
+		p.raiseError(tok, "was expecting token %s, but got %s instead", typ, tok)
+	}
+}
+
+func (p *tomlParser) getToken() *token {
+	tok := p.peek()
+	if tok == nil {
+		return nil
+	}
+	p.flowIdx++
+	return tok
+}
+
+func (p *tomlParser) parseStart() tomlParserStateFn {
+	tok := p.peek()
+
+	// end of stream, parsing is finished
+	if tok == nil {
+		return nil
+	}
+
+	switch tok.typ {
+	case tokenDoubleLeftBracket:
+		return p.parseGroupArray
+	case tokenLeftBracket:
+		return p.parseGroup
+	case tokenKey:
+		return p.parseAssign
+	case tokenEOF:
+		return nil
+	case tokenError:
+		p.raiseError(tok, "parsing error: %s", tok.String())
+	default:
+		p.raiseError(tok, "unexpected token %s", tok.typ)
+	}
+	return nil
+}
+
+func (p *tomlParser) parseGroupArray() tomlParserStateFn {
+	startToken := p.getToken() // discard the [[
+	key := p.getToken()
+	if key.typ != tokenKeyGroupArray {
+		p.raiseError(key, "unexpected token %s, was expecting a table array key", key)
+	}
+
+	// get or create table array element at the indicated part in the path
+	keys, err := parseKey(key.val)
+	if err != nil {
+		p.raiseError(key, "invalid table array key: %s", err)
+	}
+	p.tree.createSubTree(keys[:len(keys)-1], startToken.Position) // create parent entries
+	destTree := p.tree.GetPath(keys)
+	var array []*Tree
+	if destTree == nil {
+		array = make([]*Tree, 0)
+	} else if target, ok := destTree.([]*Tree); ok && target != nil {
+		array = destTree.([]*Tree)
+	} else {
+		p.raiseError(key, "key %s is already assigned and not of type table array", key)
+	}
+	p.currentTable = keys
+
+	// add a new tree to the end of the table array
+	newTree := newTree()
+	newTree.position = startToken.Position
+	array = append(array, newTree)
+	p.tree.SetPath(p.currentTable, array)
+
+	// remove all keys that were children of this table array
+	prefix := key.val + "."
+	found := false
+	for ii := 0; ii < len(p.seenTableKeys); {
+		tableKey := p.seenTableKeys[ii]
+		if strings.HasPrefix(tableKey, prefix) {
+			p.seenTableKeys = append(p.seenTableKeys[:ii], p.seenTableKeys[ii+1:]...)
+		} else {
+			found = (tableKey == key.val)
+			ii++
+		}
+	}
+
+	// keep this key name from use by other kinds of assignments
+	if !found {
+		p.seenTableKeys = append(p.seenTableKeys, key.val)
+	}
+
+	// move to next parser state
+	p.assume(tokenDoubleRightBracket)
+	return p.parseStart
+}
+
+func (p *tomlParser) parseGroup() tomlParserStateFn {
+	startToken := p.getToken() // discard the [
+	key := p.getToken()
+	if key.typ != tokenKeyGroup {
+		p.raiseError(key, "unexpected token %s, was expecting a table key", key)
+	}
+	for _, item := range p.seenTableKeys {
+		if item == key.val {
+			p.raiseError(key, "duplicated tables")
+		}
+	}
+
+	p.seenTableKeys = append(p.seenTableKeys, key.val)
+	keys, err := parseKey(key.val)
+	if err != nil {
+		p.raiseError(key, "invalid table array key: %s", err)
+	}
+	if err := p.tree.createSubTree(keys, startToken.Position); err != nil {
+		p.raiseError(key, "%s", err)
+	}
+	destTree := p.tree.GetPath(keys)
+	if target, ok := destTree.(*Tree); ok && target != nil && target.inline {
+		p.raiseError(key, "could not re-define exist inline table or its sub-table : %s",
+			strings.Join(keys, "."))
+	}
+	p.assume(tokenRightBracket)
+	p.currentTable = keys
+	return p.parseStart
+}
+
+func (p *tomlParser) parseAssign() tomlParserStateFn {
+	key := p.getToken()
+	p.assume(tokenEqual)
+
+	parsedKey, err := parseKey(key.val)
+	if err != nil {
+		p.raiseError(key, "invalid key: %s", err.Error())
+	}
+
+	value := p.parseRvalue()
+	var tableKey []string
+	if len(p.currentTable) > 0 {
+		tableKey = p.currentTable
+	} else {
+		tableKey = []string{}
+	}
+
+	prefixKey := parsedKey[0 : len(parsedKey)-1]
+	tableKey = append(tableKey, prefixKey...)
+
+	// find the table to assign, looking out for arrays of tables
+	var targetNode *Tree
+	switch node := p.tree.GetPath(tableKey).(type) {
+	case []*Tree:
+		targetNode = node[len(node)-1]
+	case *Tree:
+		targetNode = node
+	case nil:
+		// create intermediate
+		if err := p.tree.createSubTree(tableKey, key.Position); err != nil {
+			p.raiseError(key, "could not create intermediate group: %s", err)
+		}
+		targetNode = p.tree.GetPath(tableKey).(*Tree)
+	default:
+		p.raiseError(key, "Unknown table type for path: %s",
+			strings.Join(tableKey, "."))
+	}
+
+	if targetNode.inline {
+		p.raiseError(key, "could not add key or sub-table to exist inline table or its sub-table : %s",
+			strings.Join(tableKey, "."))
+	}
+
+	// assign value to the found table
+	keyVal := parsedKey[len(parsedKey)-1]
+	localKey := []string{keyVal}
+	finalKey := append(tableKey, keyVal)
+	if targetNode.GetPath(localKey) != nil {
+		p.raiseError(key, "The following key was defined twice: %s",
+			strings.Join(finalKey, "."))
+	}
+	var toInsert interface{}
+
+	switch value.(type) {
+	case *Tree, []*Tree:
+		toInsert = value
+	default:
+		toInsert = &tomlValue{value: value, position: key.Position}
+	}
+	targetNode.values[keyVal] = toInsert
+	return p.parseStart
+}
+
+var numberUnderscoreInvalidRegexp *regexp.Regexp
+var hexNumberUnderscoreInvalidRegexp *regexp.Regexp
+
+func numberContainsInvalidUnderscore(value string) error {
+	if numberUnderscoreInvalidRegexp.MatchString(value) {
+		return errors.New("invalid use of _ in number")
+	}
+	return nil
+}
+
+func hexNumberContainsInvalidUnderscore(value string) error {
+	if hexNumberUnderscoreInvalidRegexp.MatchString(value) {
+		return errors.New("invalid use of _ in hex number")
+	}
+	return nil
+}
+
+func cleanupNumberToken(value string) string {
+	cleanedVal := strings.Replace(value, "_", "", -1)
+	return cleanedVal
+}
+
+func (p *tomlParser) parseRvalue() interface{} {
+	tok := p.getToken()
+	if tok == nil || tok.typ == tokenEOF {
+		p.raiseError(tok, "expecting a value")
+	}
+
+	switch tok.typ {
+	case tokenString:
+		return tok.val
+	case tokenTrue:
+		return true
+	case tokenFalse:
+		return false
+	case tokenInf:
+		if tok.val[0] == '-' {
+			return math.Inf(-1)
+		}
+		return math.Inf(1)
+	case tokenNan:
+		return math.NaN()
+	case tokenInteger:
+		cleanedVal := cleanupNumberToken(tok.val)
+		var err error
+		var val int64
+		if len(cleanedVal) >= 3 && cleanedVal[0] == '0' {
+			switch cleanedVal[1] {
+			case 'x':
+				err = hexNumberContainsInvalidUnderscore(tok.val)
+				if err != nil {
+					p.raiseError(tok, "%s", err)
+				}
+				val, err = strconv.ParseInt(cleanedVal[2:], 16, 64)
+			case 'o':
+				err = numberContainsInvalidUnderscore(tok.val)
+				if err != nil {
+					p.raiseError(tok, "%s", err)
+				}
+				val, err = strconv.ParseInt(cleanedVal[2:], 8, 64)
+			case 'b':
+				err = numberContainsInvalidUnderscore(tok.val)
+				if err != nil {
+					p.raiseError(tok, "%s", err)
+				}
+				val, err = strconv.ParseInt(cleanedVal[2:], 2, 64)
+			default:
+				panic("invalid base") // the lexer should catch this first
+			}
+		} else {
+			err = numberContainsInvalidUnderscore(tok.val)
+			if err != nil {
+				p.raiseError(tok, "%s", err)
+			}
+			val, err = strconv.ParseInt(cleanedVal, 10, 64)
+		}
+		if err != nil {
+			p.raiseError(tok, "%s", err)
+		}
+		return val
+	case tokenFloat:
+		err := numberContainsInvalidUnderscore(tok.val)
+		if err != nil {
+			p.raiseError(tok, "%s", err)
+		}
+		cleanedVal := cleanupNumberToken(tok.val)
+		val, err := strconv.ParseFloat(cleanedVal, 64)
+		if err != nil {
+			p.raiseError(tok, "%s", err)
+		}
+		return val
+	case tokenDate:
+		layout := time.RFC3339Nano
+		if !strings.Contains(tok.val, "T") {
+			layout = strings.Replace(layout, "T", " ", 1)
+		}
+		val, err := time.ParseInLocation(layout, tok.val, time.UTC)
+		if err != nil {
+			p.raiseError(tok, "%s", err)
+		}
+		return val
+	case tokenLocalDate:
+		v := strings.Replace(tok.val, " ", "T", -1)
+		isDateTime := false
+		isTime := false
+		for _, c := range v {
+			if c == 'T' || c == 't' {
+				isDateTime = true
+				break
+			}
+			if c == ':' {
+				isTime = true
+				break
+			}
+		}
+
+		var val interface{}
+		var err error
+
+		if isDateTime {
+			val, err = ParseLocalDateTime(v)
+		} else if isTime {
+			val, err = ParseLocalTime(v)
+		} else {
+			val, err = ParseLocalDate(v)
+		}
+
+		if err != nil {
+			p.raiseError(tok, "%s", err)
+		}
+		return val
+	case tokenLeftBracket:
+		return p.parseArray()
+	case tokenLeftCurlyBrace:
+		return p.parseInlineTable()
+	case tokenEqual:
+		p.raiseError(tok, "cannot have multiple equals for the same key")
+	case tokenError:
+		p.raiseError(tok, "%s", tok)
+	}
+
+	p.raiseError(tok, "never reached")
+
+	return nil
+}
+
+func tokenIsComma(t *token) bool {
+	return t != nil && t.typ == tokenComma
+}
+
+func (p *tomlParser) parseInlineTable() *Tree {
+	tree := newTree()
+	var previous *token
+Loop:
+	for {
+		follow := p.peek()
+		if follow == nil || follow.typ == tokenEOF {
+			p.raiseError(follow, "unterminated inline table")
+		}
+		switch follow.typ {
+		case tokenRightCurlyBrace:
+			p.getToken()
+			break Loop
+		case tokenKey, tokenInteger, tokenString:
+			if !tokenIsComma(previous) && previous != nil {
+				p.raiseError(follow, "comma expected between fields in inline table")
+			}
+			key := p.getToken()
+			p.assume(tokenEqual)
+
+			parsedKey, err := parseKey(key.val)
+			if err != nil {
+				p.raiseError(key, "invalid key: %s", err)
+			}
+
+			value := p.parseRvalue()
+			tree.SetPath(parsedKey, value)
+		case tokenComma:
+			if tokenIsComma(previous) {
+				p.raiseError(follow, "need field between two commas in inline table")
+			}
+			p.getToken()
+		default:
+			p.raiseError(follow, "unexpected token type in inline table: %s", follow.String())
+		}
+		previous = follow
+	}
+	if tokenIsComma(previous) {
+		p.raiseError(previous, "trailing comma at the end of inline table")
+	}
+	tree.inline = true
+	return tree
+}
+
+func (p *tomlParser) parseArray() interface{} {
+	var array []interface{}
+	arrayType := reflect.TypeOf(newTree())
+	for {
+		follow := p.peek()
+		if follow == nil || follow.typ == tokenEOF {
+			p.raiseError(follow, "unterminated array")
+		}
+		if follow.typ == tokenRightBracket {
+			p.getToken()
+			break
+		}
+		val := p.parseRvalue()
+		if reflect.TypeOf(val) != arrayType {
+			arrayType = nil
+		}
+		array = append(array, val)
+		follow = p.peek()
+		if follow == nil || follow.typ == tokenEOF {
+			p.raiseError(follow, "unterminated array")
+		}
+		if follow.typ != tokenRightBracket && follow.typ != tokenComma {
+			p.raiseError(follow, "missing comma")
+		}
+		if follow.typ == tokenComma {
+			p.getToken()
+		}
+	}
+
+	// if the array is a mixed-type array or its length is 0,
+	// don't convert it to a table array
+	if len(array) <= 0 {
+		arrayType = nil
+	}
+	// An array of Trees is actually an array of inline
+	// tables, which is a shorthand for a table array. If the
+	// array was not converted from []interface{} to []*Tree,
+	// the two notations would not be equivalent.
+	if arrayType == reflect.TypeOf(newTree()) {
+		tomlArray := make([]*Tree, len(array))
+		for i, v := range array {
+			tomlArray[i] = v.(*Tree)
+		}
+		return tomlArray
+	}
+	return array
+}
+
+func parseToml(flow []token) *Tree {
+	result := newTree()
+	result.position = Position{1, 1}
+	parser := &tomlParser{
+		flowIdx:       0,
+		flow:          flow,
+		tree:          result,
+		currentTable:  make([]string, 0),
+		seenTableKeys: make([]string, 0),
+	}
+	parser.run()
+	return result
+}
+
+func init() {
+	numberUnderscoreInvalidRegexp = regexp.MustCompile(`([^\d]_|_[^\d])|_$|^_`)
+	hexNumberUnderscoreInvalidRegexp = regexp.MustCompile(`(^0x_)|([^\da-f]_|_[^\da-f])|_$|^_`)
+}
diff --git a/vendor/github.com/pelletier/go-toml/position.go b/vendor/github.com/pelletier/go-toml/position.go
new file mode 100644
index 0000000000000..c17bff87baaa6
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/position.go
@@ -0,0 +1,29 @@
+// Position support for go-toml
+
+package toml
+
+import (
+	"fmt"
+)
+
+// Position of a document element within a TOML document.
+//
+// Line and Col are both 1-indexed positions for the element's line number and
+// column number, respectively.  Values of zero or less will cause Invalid(),
+// to return true.
+type Position struct {
+	Line int // line within the document
+	Col  int // column within the line
+}
+
+// String representation of the position.
+// Displays 1-indexed line and column numbers.
+func (p Position) String() string {
+	return fmt.Sprintf("(%d, %d)", p.Line, p.Col)
+}
+
+// Invalid returns whether or not the position is valid (i.e. with negative or
+// null values)
+func (p Position) Invalid() bool {
+	return p.Line <= 0 || p.Col <= 0
+}
diff --git a/vendor/github.com/pelletier/go-toml/token.go b/vendor/github.com/pelletier/go-toml/token.go
new file mode 100644
index 0000000000000..6af4ec46bcf7b
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/token.go
@@ -0,0 +1,134 @@
+package toml
+
+import "fmt"
+
+// Define tokens
+type tokenType int
+
+const (
+	eof = -(iota + 1)
+)
+
+const (
+	tokenError tokenType = iota
+	tokenEOF
+	tokenComment
+	tokenKey
+	tokenString
+	tokenInteger
+	tokenTrue
+	tokenFalse
+	tokenFloat
+	tokenInf
+	tokenNan
+	tokenEqual
+	tokenLeftBracket
+	tokenRightBracket
+	tokenLeftCurlyBrace
+	tokenRightCurlyBrace
+	tokenLeftParen
+	tokenRightParen
+	tokenDoubleLeftBracket
+	tokenDoubleRightBracket
+	tokenDate
+	tokenLocalDate
+	tokenKeyGroup
+	tokenKeyGroupArray
+	tokenComma
+	tokenColon
+	tokenDollar
+	tokenStar
+	tokenQuestion
+	tokenDot
+	tokenDotDot
+	tokenEOL
+)
+
+var tokenTypeNames = []string{
+	"Error",
+	"EOF",
+	"Comment",
+	"Key",
+	"String",
+	"Integer",
+	"True",
+	"False",
+	"Float",
+	"Inf",
+	"NaN",
+	"=",
+	"[",
+	"]",
+	"{",
+	"}",
+	"(",
+	")",
+	"]]",
+	"[[",
+	"LocalDate",
+	"LocalDate",
+	"KeyGroup",
+	"KeyGroupArray",
+	",",
+	":",
+	"$",
+	"*",
+	"?",
+	".",
+	"..",
+	"EOL",
+}
+
+type token struct {
+	Position
+	typ tokenType
+	val string
+}
+
+func (tt tokenType) String() string {
+	idx := int(tt)
+	if idx < len(tokenTypeNames) {
+		return tokenTypeNames[idx]
+	}
+	return "Unknown"
+}
+
+func (t token) String() string {
+	switch t.typ {
+	case tokenEOF:
+		return "EOF"
+	case tokenError:
+		return t.val
+	}
+
+	return fmt.Sprintf("%q", t.val)
+}
+
+func isSpace(r rune) bool {
+	return r == ' ' || r == '\t'
+}
+
+func isAlphanumeric(r rune) bool {
+	return 'a' <= r && r <= 'z' || 'A' <= r && r <= 'Z' || r == '_'
+}
+
+func isKeyChar(r rune) bool {
+	// Keys start with the first character that isn't whitespace or [ and end
+	// with the last non-whitespace character before the equals sign. Keys
+	// cannot contain a # character."
+	return !(r == '\r' || r == '\n' || r == eof || r == '=')
+}
+
+func isKeyStartChar(r rune) bool {
+	return !(isSpace(r) || r == '\r' || r == '\n' || r == eof || r == '[')
+}
+
+func isDigit(r rune) bool {
+	return '0' <= r && r <= '9'
+}
+
+func isHexDigit(r rune) bool {
+	return isDigit(r) ||
+		(r >= 'a' && r <= 'f') ||
+		(r >= 'A' && r <= 'F')
+}
diff --git a/vendor/github.com/pelletier/go-toml/toml.go b/vendor/github.com/pelletier/go-toml/toml.go
new file mode 100644
index 0000000000000..cbb89a9af3a47
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/toml.go
@@ -0,0 +1,529 @@
+package toml
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strings"
+)
+
+type tomlValue struct {
+	value     interface{} // string, int64, uint64, float64, bool, time.Time, [] of any of this list
+	comment   string
+	commented bool
+	multiline bool
+	position  Position
+}
+
+// Tree is the result of the parsing of a TOML file.
+type Tree struct {
+	values    map[string]interface{} // string -> *tomlValue, *Tree, []*Tree
+	comment   string
+	commented bool
+	inline    bool
+	position  Position
+}
+
+func newTree() *Tree {
+	return newTreeWithPosition(Position{})
+}
+
+func newTreeWithPosition(pos Position) *Tree {
+	return &Tree{
+		values:   make(map[string]interface{}),
+		position: pos,
+	}
+}
+
+// TreeFromMap initializes a new Tree object using the given map.
+func TreeFromMap(m map[string]interface{}) (*Tree, error) {
+	result, err := toTree(m)
+	if err != nil {
+		return nil, err
+	}
+	return result.(*Tree), nil
+}
+
+// Position returns the position of the tree.
+func (t *Tree) Position() Position {
+	return t.position
+}
+
+// Has returns a boolean indicating if the given key exists.
+func (t *Tree) Has(key string) bool {
+	if key == "" {
+		return false
+	}
+	return t.HasPath(strings.Split(key, "."))
+}
+
+// HasPath returns true if the given path of keys exists, false otherwise.
+func (t *Tree) HasPath(keys []string) bool {
+	return t.GetPath(keys) != nil
+}
+
+// Keys returns the keys of the toplevel tree (does not recurse).
+func (t *Tree) Keys() []string {
+	keys := make([]string, len(t.values))
+	i := 0
+	for k := range t.values {
+		keys[i] = k
+		i++
+	}
+	return keys
+}
+
+// Get the value at key in the Tree.
+// Key is a dot-separated path (e.g. a.b.c) without single/double quoted strings.
+// If you need to retrieve non-bare keys, use GetPath.
+// Returns nil if the path does not exist in the tree.
+// If keys is of length zero, the current tree is returned.
+func (t *Tree) Get(key string) interface{} {
+	if key == "" {
+		return t
+	}
+	return t.GetPath(strings.Split(key, "."))
+}
+
+// GetPath returns the element in the tree indicated by 'keys'.
+// If keys is of length zero, the current tree is returned.
+func (t *Tree) GetPath(keys []string) interface{} {
+	if len(keys) == 0 {
+		return t
+	}
+	subtree := t
+	for _, intermediateKey := range keys[:len(keys)-1] {
+		value, exists := subtree.values[intermediateKey]
+		if !exists {
+			return nil
+		}
+		switch node := value.(type) {
+		case *Tree:
+			subtree = node
+		case []*Tree:
+			// go to most recent element
+			if len(node) == 0 {
+				return nil
+			}
+			subtree = node[len(node)-1]
+		default:
+			return nil // cannot navigate through other node types
+		}
+	}
+	// branch based on final node type
+	switch node := subtree.values[keys[len(keys)-1]].(type) {
+	case *tomlValue:
+		return node.value
+	default:
+		return node
+	}
+}
+
+// GetArray returns the value at key in the Tree.
+// It returns []string, []int64, etc type if key has homogeneous lists
+// Key is a dot-separated path (e.g. a.b.c) without single/double quoted strings.
+// Returns nil if the path does not exist in the tree.
+// If keys is of length zero, the current tree is returned.
+func (t *Tree) GetArray(key string) interface{} {
+	if key == "" {
+		return t
+	}
+	return t.GetArrayPath(strings.Split(key, "."))
+}
+
+// GetArrayPath returns the element in the tree indicated by 'keys'.
+// If keys is of length zero, the current tree is returned.
+func (t *Tree) GetArrayPath(keys []string) interface{} {
+	if len(keys) == 0 {
+		return t
+	}
+	subtree := t
+	for _, intermediateKey := range keys[:len(keys)-1] {
+		value, exists := subtree.values[intermediateKey]
+		if !exists {
+			return nil
+		}
+		switch node := value.(type) {
+		case *Tree:
+			subtree = node
+		case []*Tree:
+			// go to most recent element
+			if len(node) == 0 {
+				return nil
+			}
+			subtree = node[len(node)-1]
+		default:
+			return nil // cannot navigate through other node types
+		}
+	}
+	// branch based on final node type
+	switch node := subtree.values[keys[len(keys)-1]].(type) {
+	case *tomlValue:
+		switch n := node.value.(type) {
+		case []interface{}:
+			return getArray(n)
+		default:
+			return node.value
+		}
+	default:
+		return node
+	}
+}
+
+// if homogeneous array, then return slice type object over []interface{}
+func getArray(n []interface{}) interface{} {
+	var s []string
+	var i64 []int64
+	var f64 []float64
+	var bl []bool
+	for _, value := range n {
+		switch v := value.(type) {
+		case string:
+			s = append(s, v)
+		case int64:
+			i64 = append(i64, v)
+		case float64:
+			f64 = append(f64, v)
+		case bool:
+			bl = append(bl, v)
+		default:
+			return n
+		}
+	}
+	if len(s) == len(n) {
+		return s
+	} else if len(i64) == len(n) {
+		return i64
+	} else if len(f64) == len(n) {
+		return f64
+	} else if len(bl) == len(n) {
+		return bl
+	}
+	return n
+}
+
+// GetPosition returns the position of the given key.
+func (t *Tree) GetPosition(key string) Position {
+	if key == "" {
+		return t.position
+	}
+	return t.GetPositionPath(strings.Split(key, "."))
+}
+
+// SetPositionPath sets the position of element in the tree indicated by 'keys'.
+// If keys is of length zero, the current tree position is set.
+func (t *Tree) SetPositionPath(keys []string, pos Position) {
+	if len(keys) == 0 {
+		t.position = pos
+		return
+	}
+	subtree := t
+	for _, intermediateKey := range keys[:len(keys)-1] {
+		value, exists := subtree.values[intermediateKey]
+		if !exists {
+			return
+		}
+		switch node := value.(type) {
+		case *Tree:
+			subtree = node
+		case []*Tree:
+			// go to most recent element
+			if len(node) == 0 {
+				return
+			}
+			subtree = node[len(node)-1]
+		default:
+			return
+		}
+	}
+	// branch based on final node type
+	switch node := subtree.values[keys[len(keys)-1]].(type) {
+	case *tomlValue:
+		node.position = pos
+		return
+	case *Tree:
+		node.position = pos
+		return
+	case []*Tree:
+		// go to most recent element
+		if len(node) == 0 {
+			return
+		}
+		node[len(node)-1].position = pos
+		return
+	}
+}
+
+// GetPositionPath returns the element in the tree indicated by 'keys'.
+// If keys is of length zero, the current tree is returned.
+func (t *Tree) GetPositionPath(keys []string) Position {
+	if len(keys) == 0 {
+		return t.position
+	}
+	subtree := t
+	for _, intermediateKey := range keys[:len(keys)-1] {
+		value, exists := subtree.values[intermediateKey]
+		if !exists {
+			return Position{0, 0}
+		}
+		switch node := value.(type) {
+		case *Tree:
+			subtree = node
+		case []*Tree:
+			// go to most recent element
+			if len(node) == 0 {
+				return Position{0, 0}
+			}
+			subtree = node[len(node)-1]
+		default:
+			return Position{0, 0}
+		}
+	}
+	// branch based on final node type
+	switch node := subtree.values[keys[len(keys)-1]].(type) {
+	case *tomlValue:
+		return node.position
+	case *Tree:
+		return node.position
+	case []*Tree:
+		// go to most recent element
+		if len(node) == 0 {
+			return Position{0, 0}
+		}
+		return node[len(node)-1].position
+	default:
+		return Position{0, 0}
+	}
+}
+
+// GetDefault works like Get but with a default value
+func (t *Tree) GetDefault(key string, def interface{}) interface{} {
+	val := t.Get(key)
+	if val == nil {
+		return def
+	}
+	return val
+}
+
+// SetOptions arguments are supplied to the SetWithOptions and SetPathWithOptions functions to modify marshalling behaviour.
+// The default values within the struct are valid default options.
+type SetOptions struct {
+	Comment   string
+	Commented bool
+	Multiline bool
+}
+
+// SetWithOptions is the same as Set, but allows you to provide formatting
+// instructions to the key, that will be used by Marshal().
+func (t *Tree) SetWithOptions(key string, opts SetOptions, value interface{}) {
+	t.SetPathWithOptions(strings.Split(key, "."), opts, value)
+}
+
+// SetPathWithOptions is the same as SetPath, but allows you to provide
+// formatting instructions to the key, that will be reused by Marshal().
+func (t *Tree) SetPathWithOptions(keys []string, opts SetOptions, value interface{}) {
+	subtree := t
+	for i, intermediateKey := range keys[:len(keys)-1] {
+		nextTree, exists := subtree.values[intermediateKey]
+		if !exists {
+			nextTree = newTreeWithPosition(Position{Line: t.position.Line + i, Col: t.position.Col})
+			subtree.values[intermediateKey] = nextTree // add new element here
+		}
+		switch node := nextTree.(type) {
+		case *Tree:
+			subtree = node
+		case []*Tree:
+			// go to most recent element
+			if len(node) == 0 {
+				// create element if it does not exist
+				node = append(node, newTreeWithPosition(Position{Line: t.position.Line + i, Col: t.position.Col}))
+				subtree.values[intermediateKey] = node
+			}
+			subtree = node[len(node)-1]
+		}
+	}
+
+	var toInsert interface{}
+
+	switch v := value.(type) {
+	case *Tree:
+		v.comment = opts.Comment
+		v.commented = opts.Commented
+		toInsert = value
+	case []*Tree:
+		for i := range v {
+			v[i].commented = opts.Commented
+		}
+		toInsert = value
+	case *tomlValue:
+		v.comment = opts.Comment
+		v.commented = opts.Commented
+		v.multiline = opts.Multiline
+		toInsert = v
+	default:
+		toInsert = &tomlValue{value: value,
+			comment:   opts.Comment,
+			commented: opts.Commented,
+			multiline: opts.Multiline,
+			position:  Position{Line: subtree.position.Line + len(subtree.values) + 1, Col: subtree.position.Col}}
+	}
+
+	subtree.values[keys[len(keys)-1]] = toInsert
+}
+
+// Set an element in the tree.
+// Key is a dot-separated path (e.g. a.b.c).
+// Creates all necessary intermediate trees, if needed.
+func (t *Tree) Set(key string, value interface{}) {
+	t.SetWithComment(key, "", false, value)
+}
+
+// SetWithComment is the same as Set, but allows you to provide comment
+// information to the key, that will be reused by Marshal().
+func (t *Tree) SetWithComment(key string, comment string, commented bool, value interface{}) {
+	t.SetPathWithComment(strings.Split(key, "."), comment, commented, value)
+}
+
+// SetPath sets an element in the tree.
+// Keys is an array of path elements (e.g. {"a","b","c"}).
+// Creates all necessary intermediate trees, if needed.
+func (t *Tree) SetPath(keys []string, value interface{}) {
+	t.SetPathWithComment(keys, "", false, value)
+}
+
+// SetPathWithComment is the same as SetPath, but allows you to provide comment
+// information to the key, that will be reused by Marshal().
+func (t *Tree) SetPathWithComment(keys []string, comment string, commented bool, value interface{}) {
+	t.SetPathWithOptions(keys, SetOptions{Comment: comment, Commented: commented}, value)
+}
+
+// Delete removes a key from the tree.
+// Key is a dot-separated path (e.g. a.b.c).
+func (t *Tree) Delete(key string) error {
+	keys, err := parseKey(key)
+	if err != nil {
+		return err
+	}
+	return t.DeletePath(keys)
+}
+
+// DeletePath removes a key from the tree.
+// Keys is an array of path elements (e.g. {"a","b","c"}).
+func (t *Tree) DeletePath(keys []string) error {
+	keyLen := len(keys)
+	if keyLen == 1 {
+		delete(t.values, keys[0])
+		return nil
+	}
+	tree := t.GetPath(keys[:keyLen-1])
+	item := keys[keyLen-1]
+	switch node := tree.(type) {
+	case *Tree:
+		delete(node.values, item)
+		return nil
+	}
+	return errors.New("no such key to delete")
+}
+
+// createSubTree takes a tree and a key and create the necessary intermediate
+// subtrees to create a subtree at that point. In-place.
+//
+// e.g. passing a.b.c will create (assuming tree is empty) tree[a], tree[a][b]
+// and tree[a][b][c]
+//
+// Returns nil on success, error object on failure
+func (t *Tree) createSubTree(keys []string, pos Position) error {
+	subtree := t
+	for i, intermediateKey := range keys {
+		nextTree, exists := subtree.values[intermediateKey]
+		if !exists {
+			tree := newTreeWithPosition(Position{Line: t.position.Line + i, Col: t.position.Col})
+			tree.position = pos
+			tree.inline = subtree.inline
+			subtree.values[intermediateKey] = tree
+			nextTree = tree
+		}
+
+		switch node := nextTree.(type) {
+		case []*Tree:
+			subtree = node[len(node)-1]
+		case *Tree:
+			subtree = node
+		default:
+			return fmt.Errorf("unknown type for path %s (%s): %T (%#v)",
+				strings.Join(keys, "."), intermediateKey, nextTree, nextTree)
+		}
+	}
+	return nil
+}
+
+// LoadBytes creates a Tree from a []byte.
+func LoadBytes(b []byte) (tree *Tree, err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			if _, ok := r.(runtime.Error); ok {
+				panic(r)
+			}
+			err = errors.New(r.(string))
+		}
+	}()
+
+	if len(b) >= 4 && (hasUTF32BigEndianBOM4(b) || hasUTF32LittleEndianBOM4(b)) {
+		b = b[4:]
+	} else if len(b) >= 3 && hasUTF8BOM3(b) {
+		b = b[3:]
+	} else if len(b) >= 2 && (hasUTF16BigEndianBOM2(b) || hasUTF16LittleEndianBOM2(b)) {
+		b = b[2:]
+	}
+
+	tree = parseToml(lexToml(b))
+	return
+}
+
+func hasUTF16BigEndianBOM2(b []byte) bool {
+	return b[0] == 0xFE && b[1] == 0xFF
+}
+
+func hasUTF16LittleEndianBOM2(b []byte) bool {
+	return b[0] == 0xFF && b[1] == 0xFE
+}
+
+func hasUTF8BOM3(b []byte) bool {
+	return b[0] == 0xEF && b[1] == 0xBB && b[2] == 0xBF
+}
+
+func hasUTF32BigEndianBOM4(b []byte) bool {
+	return b[0] == 0x00 && b[1] == 0x00 && b[2] == 0xFE && b[3] == 0xFF
+}
+
+func hasUTF32LittleEndianBOM4(b []byte) bool {
+	return b[0] == 0xFF && b[1] == 0xFE && b[2] == 0x00 && b[3] == 0x00
+}
+
+// LoadReader creates a Tree from any io.Reader.
+func LoadReader(reader io.Reader) (tree *Tree, err error) {
+	inputBytes, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return
+	}
+	tree, err = LoadBytes(inputBytes)
+	return
+}
+
+// Load creates a Tree from a string.
+func Load(content string) (tree *Tree, err error) {
+	return LoadBytes([]byte(content))
+}
+
+// LoadFile creates a Tree from a file.
+func LoadFile(path string) (tree *Tree, err error) {
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+	return LoadReader(file)
+}
diff --git a/vendor/github.com/pelletier/go-toml/tomltree_create.go b/vendor/github.com/pelletier/go-toml/tomltree_create.go
new file mode 100644
index 0000000000000..80353500a0a37
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/tomltree_create.go
@@ -0,0 +1,155 @@
+package toml
+
+import (
+	"fmt"
+	"reflect"
+	"time"
+)
+
+var kindToType = [reflect.String + 1]reflect.Type{
+	reflect.Bool:    reflect.TypeOf(true),
+	reflect.String:  reflect.TypeOf(""),
+	reflect.Float32: reflect.TypeOf(float64(1)),
+	reflect.Float64: reflect.TypeOf(float64(1)),
+	reflect.Int:     reflect.TypeOf(int64(1)),
+	reflect.Int8:    reflect.TypeOf(int64(1)),
+	reflect.Int16:   reflect.TypeOf(int64(1)),
+	reflect.Int32:   reflect.TypeOf(int64(1)),
+	reflect.Int64:   reflect.TypeOf(int64(1)),
+	reflect.Uint:    reflect.TypeOf(uint64(1)),
+	reflect.Uint8:   reflect.TypeOf(uint64(1)),
+	reflect.Uint16:  reflect.TypeOf(uint64(1)),
+	reflect.Uint32:  reflect.TypeOf(uint64(1)),
+	reflect.Uint64:  reflect.TypeOf(uint64(1)),
+}
+
+// typeFor returns a reflect.Type for a reflect.Kind, or nil if none is found.
+// supported values:
+// string, bool, int64, uint64, float64, time.Time, int, int8, int16, int32, uint, uint8, uint16, uint32, float32
+func typeFor(k reflect.Kind) reflect.Type {
+	if k > 0 && int(k) < len(kindToType) {
+		return kindToType[k]
+	}
+	return nil
+}
+
+func simpleValueCoercion(object interface{}) (interface{}, error) {
+	switch original := object.(type) {
+	case string, bool, int64, uint64, float64, time.Time:
+		return original, nil
+	case int:
+		return int64(original), nil
+	case int8:
+		return int64(original), nil
+	case int16:
+		return int64(original), nil
+	case int32:
+		return int64(original), nil
+	case uint:
+		return uint64(original), nil
+	case uint8:
+		return uint64(original), nil
+	case uint16:
+		return uint64(original), nil
+	case uint32:
+		return uint64(original), nil
+	case float32:
+		return float64(original), nil
+	case fmt.Stringer:
+		return original.String(), nil
+	case []interface{}:
+		value := reflect.ValueOf(original)
+		length := value.Len()
+		arrayValue := reflect.MakeSlice(value.Type(), 0, length)
+		for i := 0; i < length; i++ {
+			val := value.Index(i).Interface()
+			simpleValue, err := simpleValueCoercion(val)
+			if err != nil {
+				return nil, err
+			}
+			arrayValue = reflect.Append(arrayValue, reflect.ValueOf(simpleValue))
+		}
+		return arrayValue.Interface(), nil
+	default:
+		return nil, fmt.Errorf("cannot convert type %T to Tree", object)
+	}
+}
+
+func sliceToTree(object interface{}) (interface{}, error) {
+	// arrays are a bit tricky, since they can represent either a
+	// collection of simple values, which is represented by one
+	// *tomlValue, or an array of tables, which is represented by an
+	// array of *Tree.
+
+	// holding the assumption that this function is called from toTree only when value.Kind() is Array or Slice
+	value := reflect.ValueOf(object)
+	insideType := value.Type().Elem()
+	length := value.Len()
+	if length > 0 {
+		insideType = reflect.ValueOf(value.Index(0).Interface()).Type()
+	}
+	if insideType.Kind() == reflect.Map {
+		// this is considered as an array of tables
+		tablesArray := make([]*Tree, 0, length)
+		for i := 0; i < length; i++ {
+			table := value.Index(i)
+			tree, err := toTree(table.Interface())
+			if err != nil {
+				return nil, err
+			}
+			tablesArray = append(tablesArray, tree.(*Tree))
+		}
+		return tablesArray, nil
+	}
+
+	sliceType := typeFor(insideType.Kind())
+	if sliceType == nil {
+		sliceType = insideType
+	}
+
+	arrayValue := reflect.MakeSlice(reflect.SliceOf(sliceType), 0, length)
+
+	for i := 0; i < length; i++ {
+		val := value.Index(i).Interface()
+		simpleValue, err := simpleValueCoercion(val)
+		if err != nil {
+			return nil, err
+		}
+		arrayValue = reflect.Append(arrayValue, reflect.ValueOf(simpleValue))
+	}
+	return &tomlValue{value: arrayValue.Interface(), position: Position{}}, nil
+}
+
+func toTree(object interface{}) (interface{}, error) {
+	value := reflect.ValueOf(object)
+
+	if value.Kind() == reflect.Map {
+		values := map[string]interface{}{}
+		keys := value.MapKeys()
+		for _, key := range keys {
+			if key.Kind() != reflect.String {
+				if _, ok := key.Interface().(string); !ok {
+					return nil, fmt.Errorf("map key needs to be a string, not %T (%v)", key.Interface(), key.Kind())
+				}
+			}
+
+			v := value.MapIndex(key)
+			newValue, err := toTree(v.Interface())
+			if err != nil {
+				return nil, err
+			}
+			values[key.String()] = newValue
+		}
+		return &Tree{values: values, position: Position{}}, nil
+	}
+
+	if value.Kind() == reflect.Array || value.Kind() == reflect.Slice {
+		return sliceToTree(object)
+	}
+
+	simpleValue, err := simpleValueCoercion(object)
+	if err != nil {
+		return nil, err
+	}
+	return &tomlValue{value: simpleValue, position: Position{}}, nil
+}
diff --git a/vendor/github.com/pelletier/go-toml/tomltree_write.go b/vendor/github.com/pelletier/go-toml/tomltree_write.go
new file mode 100644
index 0000000000000..ae6dac49d18ec
--- /dev/null
+++ b/vendor/github.com/pelletier/go-toml/tomltree_write.go
@@ -0,0 +1,517 @@
+package toml
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"math"
+	"math/big"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+)
+
+type valueComplexity int
+
+const (
+	valueSimple valueComplexity = iota + 1
+	valueComplex
+)
+
+type sortNode struct {
+	key        string
+	complexity valueComplexity
+}
+
+// Encodes a string to a TOML-compliant multi-line string value
+// This function is a clone of the existing encodeTomlString function, except that whitespace characters
+// are preserved. Quotation marks and backslashes are also not escaped.
+func encodeMultilineTomlString(value string, commented string) string {
+	var b bytes.Buffer
+	adjacentQuoteCount := 0
+
+	b.WriteString(commented)
+	for i, rr := range value {
+		if rr != '"' {
+			adjacentQuoteCount = 0
+		} else {
+			adjacentQuoteCount++
+		}
+		switch rr {
+		case '\b':
+			b.WriteString(`\b`)
+		case '\t':
+			b.WriteString("\t")
+		case '\n':
+			b.WriteString("\n" + commented)
+		case '\f':
+			b.WriteString(`\f`)
+		case '\r':
+			b.WriteString("\r")
+		case '"':
+			if adjacentQuoteCount >= 3 || i == len(value)-1 {
+				adjacentQuoteCount = 0
+				b.WriteString(`\"`)
+			} else {
+				b.WriteString(`"`)
+			}
+		case '\\':
+			b.WriteString(`\`)
+		default:
+			intRr := uint16(rr)
+			if intRr < 0x001F {
+				b.WriteString(fmt.Sprintf("\\u%0.4X", intRr))
+			} else {
+				b.WriteRune(rr)
+			}
+		}
+	}
+	return b.String()
+}
+
+// Encodes a string to a TOML-compliant string value
+func encodeTomlString(value string) string {
+	var b bytes.Buffer
+
+	for _, rr := range value {
+		switch rr {
+		case '\b':
+			b.WriteString(`\b`)
+		case '\t':
+			b.WriteString(`\t`)
+		case '\n':
+			b.WriteString(`\n`)
+		case '\f':
+			b.WriteString(`\f`)
+		case '\r':
+			b.WriteString(`\r`)
+		case '"':
+			b.WriteString(`\"`)
+		case '\\':
+			b.WriteString(`\\`)
+		default:
+			intRr := uint16(rr)
+			if intRr < 0x001F {
+				b.WriteString(fmt.Sprintf("\\u%0.4X", intRr))
+			} else {
+				b.WriteRune(rr)
+			}
+		}
+	}
+	return b.String()
+}
+
+func tomlTreeStringRepresentation(t *Tree, ord marshalOrder) (string, error) {
+	var orderedVals []sortNode
+	switch ord {
+	case OrderPreserve:
+		orderedVals = sortByLines(t)
+	default:
+		orderedVals = sortAlphabetical(t)
+	}
+
+	var values []string
+	for _, node := range orderedVals {
+		k := node.key
+		v := t.values[k]
+
+		repr, err := tomlValueStringRepresentation(v, "", "", ord, false)
+		if err != nil {
+			return "", err
+		}
+		values = append(values, quoteKeyIfNeeded(k)+" = "+repr)
+	}
+	return "{ " + strings.Join(values, ", ") + " }", nil
+}
+
+func tomlValueStringRepresentation(v interface{}, commented string, indent string, ord marshalOrder, arraysOneElementPerLine bool) (string, error) {
+	// this interface check is added to dereference the change made in the writeTo function.
+	// That change was made to allow this function to see formatting options.
+	tv, ok := v.(*tomlValue)
+	if ok {
+		v = tv.value
+	} else {
+		tv = &tomlValue{}
+	}
+
+	switch value := v.(type) {
+	case uint64:
+		return strconv.FormatUint(value, 10), nil
+	case int64:
+		return strconv.FormatInt(value, 10), nil
+	case float64:
+		// Default bit length is full 64
+		bits := 64
+		// Float panics if nan is used
+		if !math.IsNaN(value) {
+			// if 32 bit accuracy is enough to exactly show, use 32
+			_, acc := big.NewFloat(value).Float32()
+			if acc == big.Exact {
+				bits = 32
+			}
+		}
+		if math.Trunc(value) == value {
+			return strings.ToLower(strconv.FormatFloat(value, 'f', 1, bits)), nil
+		}
+		return strings.ToLower(strconv.FormatFloat(value, 'f', -1, bits)), nil
+	case string:
+		if tv.multiline {
+			return "\"\"\"\n" + encodeMultilineTomlString(value, commented) + "\"\"\"", nil
+		}
+		return "\"" + encodeTomlString(value) + "\"", nil
+	case []byte:
+		b, _ := v.([]byte)
+		return string(b), nil
+	case bool:
+		if value {
+			return "true", nil
+		}
+		return "false", nil
+	case time.Time:
+		return value.Format(time.RFC3339), nil
+	case LocalDate:
+		return value.String(), nil
+	case LocalDateTime:
+		return value.String(), nil
+	case LocalTime:
+		return value.String(), nil
+	case *Tree:
+		return tomlTreeStringRepresentation(value, ord)
+	case nil:
+		return "", nil
+	}
+
+	rv := reflect.ValueOf(v)
+
+	if rv.Kind() == reflect.Slice {
+		var values []string
+		for i := 0; i < rv.Len(); i++ {
+			item := rv.Index(i).Interface()
+			itemRepr, err := tomlValueStringRepresentation(item, commented, indent, ord, arraysOneElementPerLine)
+			if err != nil {
+				return "", err
+			}
+			values = append(values, itemRepr)
+		}
+		if arraysOneElementPerLine && len(values) > 1 {
+			stringBuffer := bytes.Buffer{}
+			valueIndent := indent + `  ` // TODO: move that to a shared encoder state
+
+			stringBuffer.WriteString("[\n")
+
+			for _, value := range values {
+				stringBuffer.WriteString(valueIndent)
+				stringBuffer.WriteString(commented + value)
+				stringBuffer.WriteString(`,`)
+				stringBuffer.WriteString("\n")
+			}
+
+			stringBuffer.WriteString(indent + commented + "]")
+
+			return stringBuffer.String(), nil
+		}
+		return "[" + strings.Join(values, ", ") + "]", nil
+	}
+	return "", fmt.Errorf("unsupported value type %T: %v", v, v)
+}
+
+func getTreeArrayLine(trees []*Tree) (line int) {
+	// get lowest line number that is not 0
+	for _, tv := range trees {
+		if tv.position.Line < line || line == 0 {
+			line = tv.position.Line
+		}
+	}
+	return
+}
+
+func sortByLines(t *Tree) (vals []sortNode) {
+	var (
+		line  int
+		lines []int
+		tv    *Tree
+		tom   *tomlValue
+		node  sortNode
+	)
+	vals = make([]sortNode, 0)
+	m := make(map[int]sortNode)
+
+	for k := range t.values {
+		v := t.values[k]
+		switch v.(type) {
+		case *Tree:
+			tv = v.(*Tree)
+			line = tv.position.Line
+			node = sortNode{key: k, complexity: valueComplex}
+		case []*Tree:
+			line = getTreeArrayLine(v.([]*Tree))
+			node = sortNode{key: k, complexity: valueComplex}
+		default:
+			tom = v.(*tomlValue)
+			line = tom.position.Line
+			node = sortNode{key: k, complexity: valueSimple}
+		}
+		lines = append(lines, line)
+		vals = append(vals, node)
+		m[line] = node
+	}
+	sort.Ints(lines)
+
+	for i, line := range lines {
+		vals[i] = m[line]
+	}
+
+	return vals
+}
+
+func sortAlphabetical(t *Tree) (vals []sortNode) {
+	var (
+		node     sortNode
+		simpVals []string
+		compVals []string
+	)
+	vals = make([]sortNode, 0)
+	m := make(map[string]sortNode)
+
+	for k := range t.values {
+		v := t.values[k]
+		switch v.(type) {
+		case *Tree, []*Tree:
+			node = sortNode{key: k, complexity: valueComplex}
+			compVals = append(compVals, node.key)
+		default:
+			node = sortNode{key: k, complexity: valueSimple}
+			simpVals = append(simpVals, node.key)
+		}
+		vals = append(vals, node)
+		m[node.key] = node
+	}
+
+	// Simples first to match previous implementation
+	sort.Strings(simpVals)
+	i := 0
+	for _, key := range simpVals {
+		vals[i] = m[key]
+		i++
+	}
+
+	sort.Strings(compVals)
+	for _, key := range compVals {
+		vals[i] = m[key]
+		i++
+	}
+
+	return vals
+}
+
+func (t *Tree) writeTo(w io.Writer, indent, keyspace string, bytesCount int64, arraysOneElementPerLine bool) (int64, error) {
+	return t.writeToOrdered(w, indent, keyspace, bytesCount, arraysOneElementPerLine, OrderAlphabetical, "  ", false)
+}
+
+func (t *Tree) writeToOrdered(w io.Writer, indent, keyspace string, bytesCount int64, arraysOneElementPerLine bool, ord marshalOrder, indentString string, parentCommented bool) (int64, error) {
+	var orderedVals []sortNode
+
+	switch ord {
+	case OrderPreserve:
+		orderedVals = sortByLines(t)
+	default:
+		orderedVals = sortAlphabetical(t)
+	}
+
+	for _, node := range orderedVals {
+		switch node.complexity {
+		case valueComplex:
+			k := node.key
+			v := t.values[k]
+
+			combinedKey := quoteKeyIfNeeded(k)
+			if keyspace != "" {
+				combinedKey = keyspace + "." + combinedKey
+			}
+
+			switch node := v.(type) {
+			// node has to be of those two types given how keys are sorted above
+			case *Tree:
+				tv, ok := t.values[k].(*Tree)
+				if !ok {
+					return bytesCount, fmt.Errorf("invalid value type at %s: %T", k, t.values[k])
+				}
+				if tv.comment != "" {
+					comment := strings.Replace(tv.comment, "\n", "\n"+indent+"#", -1)
+					start := "# "
+					if strings.HasPrefix(comment, "#") {
+						start = ""
+					}
+					writtenBytesCountComment, errc := writeStrings(w, "\n", indent, start, comment)
+					bytesCount += int64(writtenBytesCountComment)
+					if errc != nil {
+						return bytesCount, errc
+					}
+				}
+
+				var commented string
+				if parentCommented || t.commented || tv.commented {
+					commented = "# "
+				}
+				writtenBytesCount, err := writeStrings(w, "\n", indent, commented, "[", combinedKey, "]\n")
+				bytesCount += int64(writtenBytesCount)
+				if err != nil {
+					return bytesCount, err
+				}
+				bytesCount, err = node.writeToOrdered(w, indent+indentString, combinedKey, bytesCount, arraysOneElementPerLine, ord, indentString, parentCommented || t.commented || tv.commented)
+				if err != nil {
+					return bytesCount, err
+				}
+			case []*Tree:
+				for _, subTree := range node {
+					var commented string
+					if parentCommented || t.commented || subTree.commented {
+						commented = "# "
+					}
+					writtenBytesCount, err := writeStrings(w, "\n", indent, commented, "[[", combinedKey, "]]\n")
+					bytesCount += int64(writtenBytesCount)
+					if err != nil {
+						return bytesCount, err
+					}
+
+					bytesCount, err = subTree.writeToOrdered(w, indent+indentString, combinedKey, bytesCount, arraysOneElementPerLine, ord, indentString, parentCommented || t.commented || subTree.commented)
+					if err != nil {
+						return bytesCount, err
+					}
+				}
+			}
+		default: // Simple
+			k := node.key
+			v, ok := t.values[k].(*tomlValue)
+			if !ok {
+				return bytesCount, fmt.Errorf("invalid value type at %s: %T", k, t.values[k])
+			}
+
+			var commented string
+			if parentCommented || t.commented || v.commented {
+				commented = "# "
+			}
+			repr, err := tomlValueStringRepresentation(v, commented, indent, ord, arraysOneElementPerLine)
+			if err != nil {
+				return bytesCount, err
+			}
+
+			if v.comment != "" {
+				comment := strings.Replace(v.comment, "\n", "\n"+indent+"#", -1)
+				start := "# "
+				if strings.HasPrefix(comment, "#") {
+					start = ""
+				}
+				writtenBytesCountComment, errc := writeStrings(w, "\n", indent, start, comment, "\n")
+				bytesCount += int64(writtenBytesCountComment)
+				if errc != nil {
+					return bytesCount, errc
+				}
+			}
+
+			quotedKey := quoteKeyIfNeeded(k)
+			writtenBytesCount, err := writeStrings(w, indent, commented, quotedKey, " = ", repr, "\n")
+			bytesCount += int64(writtenBytesCount)
+			if err != nil {
+				return bytesCount, err
+			}
+		}
+	}
+
+	return bytesCount, nil
+}
+
+// quote a key if it does not fit the bare key format (A-Za-z0-9_-)
+// quoted keys use the same rules as strings
+func quoteKeyIfNeeded(k string) string {
+	// when encoding a map with the 'quoteMapKeys' option enabled, the tree will contain
+	// keys that have already been quoted.
+	// not an ideal situation, but good enough of a stop gap.
+	if len(k) >= 2 && k[0] == '"' && k[len(k)-1] == '"' {
+		return k
+	}
+	isBare := true
+	for _, r := range k {
+		if !isValidBareChar(r) {
+			isBare = false
+			break
+		}
+	}
+	if isBare {
+		return k
+	}
+	return quoteKey(k)
+}
+
+func quoteKey(k string) string {
+	return "\"" + encodeTomlString(k) + "\""
+}
+
+func writeStrings(w io.Writer, s ...string) (int, error) {
+	var n int
+	for i := range s {
+		b, err := io.WriteString(w, s[i])
+		n += b
+		if err != nil {
+			return n, err
+		}
+	}
+	return n, nil
+}
+
+// WriteTo encode the Tree as Toml and writes it to the writer w.
+// Returns the number of bytes written in case of success, or an error if anything happened.
+func (t *Tree) WriteTo(w io.Writer) (int64, error) {
+	return t.writeTo(w, "", "", 0, false)
+}
+
+// ToTomlString generates a human-readable representation of the current tree.
+// Output spans multiple lines, and is suitable for ingest by a TOML parser.
+// If the conversion cannot be performed, ToString returns a non-nil error.
+func (t *Tree) ToTomlString() (string, error) {
+	b, err := t.Marshal()
+	if err != nil {
+		return "", err
+	}
+	return string(b), nil
+}
+
+// String generates a human-readable representation of the current tree.
+// Alias of ToString. Present to implement the fmt.Stringer interface.
+func (t *Tree) String() string {
+	result, _ := t.ToTomlString()
+	return result
+}
+
+// ToMap recursively generates a representation of the tree using Go built-in structures.
+// The following types are used:
+//
+//	* bool
+//	* float64
+//	* int64
+//	* string
+//	* uint64
+//	* time.Time
+//	* map[string]interface{} (where interface{} is any of this list)
+//	* []interface{} (where interface{} is any of this list)
+func (t *Tree) ToMap() map[string]interface{} {
+	result := map[string]interface{}{}
+
+	for k, v := range t.values {
+		switch node := v.(type) {
+		case []*Tree:
+			var array []interface{}
+			for _, item := range node {
+				array = append(array, item.ToMap())
+			}
+			result[k] = array
+		case *Tree:
+			result[k] = node.ToMap()
+		case *tomlValue:
+			result[k] = node.value
+		}
+	}
+	return result
+}
diff --git a/vendor/github.com/philhofer/fwd/reader.go b/vendor/github.com/philhofer/fwd/reader.go
index e5919103063e1..75be62ab09b5b 100644
--- a/vendor/github.com/philhofer/fwd/reader.go
+++ b/vendor/github.com/philhofer/fwd/reader.go
@@ -109,6 +109,10 @@ func (r *Reader) more() {
 	if a == 0 && r.state == nil {
 		r.state = io.ErrNoProgress
 		return
+	} else if a > 0 && r.state == io.EOF {
+		// discard the io.EOF if we read more than 0 bytes.
+		// the next call to Read should return io.EOF again.
+		r.state = nil
 	}
 	r.data = r.data[:len(r.data)+a]
 }
diff --git a/vendor/github.com/pivotal-golang/clock/LICENSE b/vendor/github.com/pivotal-golang/clock/LICENSE
deleted file mode 100644
index e06d2081865a7..0000000000000
--- a/vendor/github.com/pivotal-golang/clock/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
diff --git a/vendor/github.com/pivotal-golang/clock/README.md b/vendor/github.com/pivotal-golang/clock/README.md
deleted file mode 100644
index 9741b8b457b28..0000000000000
--- a/vendor/github.com/pivotal-golang/clock/README.md
+++ /dev/null
@@ -1 +0,0 @@
-Provides a `Clock` interface, useful for injecting time dependencies in tests.
diff --git a/vendor/github.com/pivotal-golang/clock/clock.go b/vendor/github.com/pivotal-golang/clock/clock.go
deleted file mode 100644
index 9c7322cd502f3..0000000000000
--- a/vendor/github.com/pivotal-golang/clock/clock.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package clock
-
-import "time"
-
-type Clock interface {
-	Now() time.Time
-	Sleep(d time.Duration)
-	Since(t time.Time) time.Duration
-
-	NewTimer(d time.Duration) Timer
-	NewTicker(d time.Duration) Ticker
-}
-
-type realClock struct{}
-
-func NewClock() Clock {
-	return &realClock{}
-}
-
-func (clock *realClock) Now() time.Time {
-	return time.Now()
-}
-
-func (clock *realClock) Since(t time.Time) time.Duration {
-	return time.Now().Sub(t)
-}
-
-func (clock *realClock) Sleep(d time.Duration) {
-	<-clock.NewTimer(d).C()
-}
-
-func (clock *realClock) NewTimer(d time.Duration) Timer {
-	return &realTimer{
-		t: time.NewTimer(d),
-	}
-}
-
-func (clock *realClock) NewTicker(d time.Duration) Ticker {
-	return &realTicker{
-		t: time.NewTicker(d),
-	}
-}
diff --git a/vendor/github.com/pkg/errors/README.md b/vendor/github.com/pkg/errors/README.md
index 273db3c98aea7..54dfdcb12ea1b 100644
--- a/vendor/github.com/pkg/errors/README.md
+++ b/vendor/github.com/pkg/errors/README.md
@@ -1,4 +1,4 @@
-# errors [![Travis-CI](https://travis-ci.org/pkg/errors.svg)](https://travis-ci.org/pkg/errors) [![AppVeyor](https://ci.appveyor.com/api/projects/status/b98mptawhudj53ep/branch/master?svg=true)](https://ci.appveyor.com/project/davecheney/errors/branch/master) [![GoDoc](https://godoc.org/github.com/pkg/errors?status.svg)](http://godoc.org/github.com/pkg/errors) [![Report card](https://goreportcard.com/badge/github.com/pkg/errors)](https://goreportcard.com/report/github.com/pkg/errors)
+# errors [![Travis-CI](https://travis-ci.org/pkg/errors.svg)](https://travis-ci.org/pkg/errors) [![AppVeyor](https://ci.appveyor.com/api/projects/status/b98mptawhudj53ep/branch/master?svg=true)](https://ci.appveyor.com/project/davecheney/errors/branch/master) [![GoDoc](https://godoc.org/github.com/pkg/errors?status.svg)](http://godoc.org/github.com/pkg/errors) [![Report card](https://goreportcard.com/badge/github.com/pkg/errors)](https://goreportcard.com/report/github.com/pkg/errors) [![Sourcegraph](https://sourcegraph.com/github.com/pkg/errors/-/badge.svg)](https://sourcegraph.com/github.com/pkg/errors?badge)
 
 Package errors provides simple error handling primitives.
 
@@ -41,12 +41,19 @@ default:
 
 [Read the package documentation for more information](https://godoc.org/github.com/pkg/errors).
 
+## Roadmap
+
+With the upcoming [Go2 error proposals](https://go.googlesource.com/proposal/+/master/design/go2draft.md) this package is moving into maintenance mode. The roadmap for a 1.0 release is as follows:
+
+- 0.9. Remove pre Go 1.9 and Go 1.10 support, address outstanding pull requests (if possible)
+- 1.0. Final release.
+
 ## Contributing
 
-We welcome pull requests, bug fixes and issue reports. With that said, the bar for adding new symbols to this package is intentionally set high.
+Because of the Go2 errors changes, this package is not accepting proposals for new functionality. With that said, we welcome pull requests, bug fixes and issue reports. 
 
-Before proposing a change, please discuss your change by raising an issue.
+Before sending a PR, please discuss your change by raising an issue.
 
-## Licence
+## License
 
 BSD-2-Clause
diff --git a/vendor/github.com/pkg/errors/errors.go b/vendor/github.com/pkg/errors/errors.go
index 842ee80456dba..161aea2582969 100644
--- a/vendor/github.com/pkg/errors/errors.go
+++ b/vendor/github.com/pkg/errors/errors.go
@@ -6,7 +6,7 @@
 //             return err
 //     }
 //
-// which applied recursively up the call stack results in error reports
+// which when applied recursively up the call stack results in error reports
 // without context or debugging information. The errors package allows
 // programmers to add context to the failure path in their code in a way
 // that does not destroy the original value of the error.
@@ -15,16 +15,17 @@
 //
 // The errors.Wrap function returns a new error that adds context to the
 // original error by recording a stack trace at the point Wrap is called,
-// and the supplied message. For example
+// together with the supplied message. For example
 //
 //     _, err := ioutil.ReadAll(r)
 //     if err != nil {
 //             return errors.Wrap(err, "read failed")
 //     }
 //
-// If additional control is required the errors.WithStack and errors.WithMessage
-// functions destructure errors.Wrap into its component operations of annotating
-// an error with a stack trace and an a message, respectively.
+// If additional control is required, the errors.WithStack and
+// errors.WithMessage functions destructure errors.Wrap into its component
+// operations: annotating an error with a stack trace and with a message,
+// respectively.
 //
 // Retrieving the cause of an error
 //
@@ -38,7 +39,7 @@
 //     }
 //
 // can be inspected by errors.Cause. errors.Cause will recursively retrieve
-// the topmost error which does not implement causer, which is assumed to be
+// the topmost error that does not implement causer, which is assumed to be
 // the original cause. For example:
 //
 //     switch err := errors.Cause(err).(type) {
@@ -48,16 +49,16 @@
 //             // unknown error
 //     }
 //
-// causer interface is not exported by this package, but is considered a part
-// of stable public API.
+// Although the causer interface is not exported by this package, it is
+// considered a part of its stable public interface.
 //
 // Formatted printing of errors
 //
 // All error values returned from this package implement fmt.Formatter and can
-// be formatted by the fmt package. The following verbs are supported
+// be formatted by the fmt package. The following verbs are supported:
 //
 //     %s    print the error. If the error has a Cause it will be
-//           printed recursively
+//           printed recursively.
 //     %v    see %s
 //     %+v   extended format. Each Frame of the error's StackTrace will
 //           be printed in detail.
@@ -65,13 +66,13 @@
 // Retrieving the stack trace of an error or wrapper
 //
 // New, Errorf, Wrap, and Wrapf record a stack trace at the point they are
-// invoked. This information can be retrieved with the following interface.
+// invoked. This information can be retrieved with the following interface:
 //
 //     type stackTracer interface {
 //             StackTrace() errors.StackTrace
 //     }
 //
-// Where errors.StackTrace is defined as
+// The returned errors.StackTrace type is defined as
 //
 //     type StackTrace []Frame
 //
@@ -81,12 +82,12 @@
 //
 //     if err, ok := err.(stackTracer); ok {
 //             for _, f := range err.StackTrace() {
-//                     fmt.Printf("%+s:%d", f)
+//                     fmt.Printf("%+s:%d\n", f, f)
 //             }
 //     }
 //
-// stackTracer interface is not exported by this package, but is considered a part
-// of stable public API.
+// Although the stackTracer interface is not exported by this package, it is
+// considered a part of its stable public interface.
 //
 // See the documentation for Frame.Format for more details.
 package errors
@@ -158,6 +159,9 @@ type withStack struct {
 
 func (w *withStack) Cause() error { return w.error }
 
+// Unwrap provides compatibility for Go 1.13 error chains.
+func (w *withStack) Unwrap() error { return w.error }
+
 func (w *withStack) Format(s fmt.State, verb rune) {
 	switch verb {
 	case 'v':
@@ -192,7 +196,7 @@ func Wrap(err error, message string) error {
 }
 
 // Wrapf returns an error annotating err with a stack trace
-// at the point Wrapf is call, and the format specifier.
+// at the point Wrapf is called, and the format specifier.
 // If err is nil, Wrapf returns nil.
 func Wrapf(err error, format string, args ...interface{}) error {
 	if err == nil {
@@ -220,6 +224,18 @@ func WithMessage(err error, message string) error {
 	}
 }
 
+// WithMessagef annotates err with the format specifier.
+// If err is nil, WithMessagef returns nil.
+func WithMessagef(err error, format string, args ...interface{}) error {
+	if err == nil {
+		return nil
+	}
+	return &withMessage{
+		cause: err,
+		msg:   fmt.Sprintf(format, args...),
+	}
+}
+
 type withMessage struct {
 	cause error
 	msg   string
@@ -228,6 +244,9 @@ type withMessage struct {
 func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() }
 func (w *withMessage) Cause() error  { return w.cause }
 
+// Unwrap provides compatibility for Go 1.13 error chains.
+func (w *withMessage) Unwrap() error { return w.cause }
+
 func (w *withMessage) Format(s fmt.State, verb rune) {
 	switch verb {
 	case 'v':
diff --git a/vendor/github.com/pkg/errors/go113.go b/vendor/github.com/pkg/errors/go113.go
new file mode 100644
index 0000000000000..be0d10d0c793d
--- /dev/null
+++ b/vendor/github.com/pkg/errors/go113.go
@@ -0,0 +1,38 @@
+// +build go1.13
+
+package errors
+
+import (
+	stderrors "errors"
+)
+
+// Is reports whether any error in err's chain matches target.
+//
+// The chain consists of err itself followed by the sequence of errors obtained by
+// repeatedly calling Unwrap.
+//
+// An error is considered to match a target if it is equal to that target or if
+// it implements a method Is(error) bool such that Is(target) returns true.
+func Is(err, target error) bool { return stderrors.Is(err, target) }
+
+// As finds the first error in err's chain that matches target, and if so, sets
+// target to that error value and returns true.
+//
+// The chain consists of err itself followed by the sequence of errors obtained by
+// repeatedly calling Unwrap.
+//
+// An error matches target if the error's concrete value is assignable to the value
+// pointed to by target, or if the error has a method As(interface{}) bool such that
+// As(target) returns true. In the latter case, the As method is responsible for
+// setting target.
+//
+// As will panic if target is not a non-nil pointer to either a type that implements
+// error, or to any interface type. As returns false if err is nil.
+func As(err error, target interface{}) bool { return stderrors.As(err, target) }
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's
+// type contains an Unwrap method returning error.
+// Otherwise, Unwrap returns nil.
+func Unwrap(err error) error {
+	return stderrors.Unwrap(err)
+}
diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go
index 6b1f2891a5ac0..779a8348fb9c2 100644
--- a/vendor/github.com/pkg/errors/stack.go
+++ b/vendor/github.com/pkg/errors/stack.go
@@ -5,10 +5,13 @@ import (
 	"io"
 	"path"
 	"runtime"
+	"strconv"
 	"strings"
 )
 
 // Frame represents a program counter inside a stack frame.
+// For historical reasons if Frame is interpreted as a uintptr
+// its value represents the program counter + 1.
 type Frame uintptr
 
 // pc returns the program counter for this frame;
@@ -37,6 +40,15 @@ func (f Frame) line() int {
 	return line
 }
 
+// name returns the name of this function, if known.
+func (f Frame) name() string {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return "unknown"
+	}
+	return fn.Name()
+}
+
 // Format formats the frame according to the fmt.Formatter interface.
 //
 //    %s    source file
@@ -46,29 +58,24 @@ func (f Frame) line() int {
 //
 // Format accepts flags that alter the printing of some verbs, as follows:
 //
-//    %+s   path of source file relative to the compile time GOPATH
+//    %+s   function name and path of source file relative to the compile time
+//          GOPATH separated by \n\t (<funcname>\n\t<path>)
 //    %+v   equivalent to %+s:%d
 func (f Frame) Format(s fmt.State, verb rune) {
 	switch verb {
 	case 's':
 		switch {
 		case s.Flag('+'):
-			pc := f.pc()
-			fn := runtime.FuncForPC(pc)
-			if fn == nil {
-				io.WriteString(s, "unknown")
-			} else {
-				file, _ := fn.FileLine(pc)
-				fmt.Fprintf(s, "%s\n\t%s", fn.Name(), file)
-			}
+			io.WriteString(s, f.name())
+			io.WriteString(s, "\n\t")
+			io.WriteString(s, f.file())
 		default:
 			io.WriteString(s, path.Base(f.file()))
 		}
 	case 'd':
-		fmt.Fprintf(s, "%d", f.line())
+		io.WriteString(s, strconv.Itoa(f.line()))
 	case 'n':
-		name := runtime.FuncForPC(f.pc()).Name()
-		io.WriteString(s, funcname(name))
+		io.WriteString(s, funcname(f.name()))
 	case 'v':
 		f.Format(s, 's')
 		io.WriteString(s, ":")
@@ -76,25 +83,57 @@ func (f Frame) Format(s fmt.State, verb rune) {
 	}
 }
 
+// MarshalText formats a stacktrace Frame as a text string. The output is the
+// same as that of fmt.Sprintf("%+v", f), but without newlines or tabs.
+func (f Frame) MarshalText() ([]byte, error) {
+	name := f.name()
+	if name == "unknown" {
+		return []byte(name), nil
+	}
+	return []byte(fmt.Sprintf("%s %s:%d", name, f.file(), f.line())), nil
+}
+
 // StackTrace is stack of Frames from innermost (newest) to outermost (oldest).
 type StackTrace []Frame
 
+// Format formats the stack of Frames according to the fmt.Formatter interface.
+//
+//    %s	lists source files for each Frame in the stack
+//    %v	lists the source file and line number for each Frame in the stack
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+//    %+v   Prints filename, function, and line number for each Frame in the stack.
 func (st StackTrace) Format(s fmt.State, verb rune) {
 	switch verb {
 	case 'v':
 		switch {
 		case s.Flag('+'):
 			for _, f := range st {
-				fmt.Fprintf(s, "\n%+v", f)
+				io.WriteString(s, "\n")
+				f.Format(s, verb)
 			}
 		case s.Flag('#'):
 			fmt.Fprintf(s, "%#v", []Frame(st))
 		default:
-			fmt.Fprintf(s, "%v", []Frame(st))
+			st.formatSlice(s, verb)
 		}
 	case 's':
-		fmt.Fprintf(s, "%s", []Frame(st))
+		st.formatSlice(s, verb)
+	}
+}
+
+// formatSlice will format this StackTrace into the given buffer as a slice of
+// Frame, only valid when called with '%s' or '%v'.
+func (st StackTrace) formatSlice(s fmt.State, verb rune) {
+	io.WriteString(s, "[")
+	for i, f := range st {
+		if i > 0 {
+			io.WriteString(s, " ")
+		}
+		f.Format(s, verb)
 	}
+	io.WriteString(s, "]")
 }
 
 // stack represents a stack of program counters.
@@ -136,43 +175,3 @@ func funcname(name string) string {
 	i = strings.Index(name, ".")
 	return name[i+1:]
 }
-
-func trimGOPATH(name, file string) string {
-	// Here we want to get the source file path relative to the compile time
-	// GOPATH. As of Go 1.6.x there is no direct way to know the compiled
-	// GOPATH at runtime, but we can infer the number of path segments in the
-	// GOPATH. We note that fn.Name() returns the function name qualified by
-	// the import path, which does not include the GOPATH. Thus we can trim
-	// segments from the beginning of the file path until the number of path
-	// separators remaining is one more than the number of path separators in
-	// the function name. For example, given:
-	//
-	//    GOPATH     /home/user
-	//    file       /home/user/src/pkg/sub/file.go
-	//    fn.Name()  pkg/sub.Type.Method
-	//
-	// We want to produce:
-	//
-	//    pkg/sub/file.go
-	//
-	// From this we can easily see that fn.Name() has one less path separator
-	// than our desired output. We count separators from the end of the file
-	// path until it finds two more than in the function name and then move
-	// one character forward to preserve the initial path segment without a
-	// leading separator.
-	const sep = "/"
-	goal := strings.Count(name, sep) + 2
-	i := len(file)
-	for n := 0; n < goal; n++ {
-		i = strings.LastIndex(file[:i], sep)
-		if i == -1 {
-			// not enough separators found, set i so that the slice expression
-			// below leaves file unmodified
-			i = -len(sep)
-			break
-		}
-	}
-	// get back to 0 or trim the leading separator
-	file = file[i+len(sep):]
-	return file
-}
diff --git a/vendor/github.com/prometheus/client_golang/README.md b/vendor/github.com/prometheus/client_golang/README.md
index 557eacf5a824f..9bab32a2155f7 100644
--- a/vendor/github.com/prometheus/client_golang/README.md
+++ b/vendor/github.com/prometheus/client_golang/README.md
@@ -1,12 +1,34 @@
 # Prometheus Go client library
 
 [![Build Status](https://travis-ci.org/prometheus/client_golang.svg?branch=master)](https://travis-ci.org/prometheus/client_golang)
+[![Go Report Card](https://goreportcard.com/badge/github.com/prometheus/client_golang)](https://goreportcard.com/report/github.com/prometheus/client_golang)
+[![go-doc](https://godoc.org/github.com/prometheus/client_golang?status.svg)](https://godoc.org/github.com/prometheus/client_golang)
 
 This is the [Go](http://golang.org) client library for
 [Prometheus](http://prometheus.io). It has two separate parts, one for
 instrumenting application code, and one for creating clients that talk to the
 Prometheus HTTP API.
 
+__This library requires Go1.9 or later.__ The minimum required patch releases for older Go versions are Go1.9.7 and Go1.10.3.
+
+## Important note about releases and stability
+
+This repository generally follows [Semantic
+Versioning](https://semver.org/). However, the API client in
+prometheus/client_golang/api/… is still considered experimental. Breaking
+changes of the API client will _not_ trigger a new major release. The same is
+true for selected other new features explicitly marked as **EXPERIMENTAL** in
+CHANGELOG.md.
+
+Features that require breaking changes in the stable parts of the repository
+are being batched up and tracked in the [v2
+milestone](https://github.com/prometheus/client_golang/milestone/2). The v2
+development happens in a [separate
+branch](https://github.com/prometheus/client_golang/tree/dev-v2) for the time
+being. v2 releases off that branch will happen once sufficient stability is
+reached. In view of the widespread use of this repository, v1 and v2 will
+coexist for a while to enable a convenient transition.
+
 ## Instrumenting applications
 
 [![code-coverage](http://gocover.io/_badge/github.com/prometheus/client_golang/prometheus)](http://gocover.io/github.com/prometheus/client_golang/prometheus) [![go-doc](https://godoc.org/github.com/prometheus/client_golang/prometheus?status.svg)](https://godoc.org/github.com/prometheus/client_golang/prometheus)
@@ -14,8 +36,8 @@ Prometheus HTTP API.
 The
 [`prometheus` directory](https://github.com/prometheus/client_golang/tree/master/prometheus)
 contains the instrumentation library. See the
-[best practices section](http://prometheus.io/docs/practices/naming/) of the
-Prometheus documentation to learn more about instrumenting applications.
+[guide](https://prometheus.io/docs/guides/go-application/) on the Prometheus
+website to learn more about instrumenting applications.
 
 The
 [`examples` directory](https://github.com/prometheus/client_golang/tree/master/examples)
@@ -23,13 +45,14 @@ contains simple examples of instrumented code.
 
 ## Client for the Prometheus HTTP API
 
-[![code-coverage](http://gocover.io/_badge/github.com/prometheus/client_golang/api/prometheus)](http://gocover.io/github.com/prometheus/client_golang/api/prometheus) [![go-doc](https://godoc.org/github.com/prometheus/client_golang/api/prometheus?status.svg)](https://godoc.org/github.com/prometheus/client_golang/api/prometheus)
+[![code-coverage](http://gocover.io/_badge/github.com/prometheus/client_golang/api/prometheus/v1)](http://gocover.io/github.com/prometheus/client_golang/api/prometheus/v1) [![go-doc](https://godoc.org/github.com/prometheus/client_golang/api/prometheus?status.svg)](https://godoc.org/github.com/prometheus/client_golang/api)
 
 The
 [`api/prometheus` directory](https://github.com/prometheus/client_golang/tree/master/api/prometheus)
 contains the client for the
 [Prometheus HTTP API](http://prometheus.io/docs/querying/api/). It allows you
-to write Go applications that query time series data from a Prometheus server.
+to write Go applications that query time series data from a Prometheus
+server. It is still in alpha stage.
 
 ## Where is `model`, `extraction`, and `text`?
 
diff --git a/vendor/github.com/prometheus/client_golang/go.mod b/vendor/github.com/prometheus/client_golang/go.mod
new file mode 100644
index 0000000000000..61b13edc7a007
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/go.mod
@@ -0,0 +1,18 @@
+module github.com/prometheus/client_golang
+
+require (
+	github.com/beorn7/perks v1.0.1
+	github.com/cespare/xxhash/v2 v2.1.1
+	github.com/golang/protobuf v1.4.0
+	github.com/json-iterator/go v1.1.9
+	github.com/kr/pretty v0.1.0 // indirect
+	github.com/prometheus/client_model v0.2.0
+	github.com/prometheus/common v0.9.1
+	github.com/prometheus/procfs v0.0.11
+	github.com/stretchr/testify v1.4.0 // indirect
+	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
+	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
+	gopkg.in/yaml.v2 v2.2.5 // indirect
+)
+
+go 1.11
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/build_info.go b/vendor/github.com/prometheus/client_golang/prometheus/build_info.go
new file mode 100644
index 0000000000000..288f0e854885c
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/build_info.go
@@ -0,0 +1,29 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build go1.12
+
+package prometheus
+
+import "runtime/debug"
+
+// readBuildInfo is a wrapper around debug.ReadBuildInfo for Go 1.12+.
+func readBuildInfo() (path, version, sum string) {
+	path, version, sum = "unknown", "unknown", "unknown"
+	if bi, ok := debug.ReadBuildInfo(); ok {
+		path = bi.Main.Path
+		version = bi.Main.Version
+		sum = bi.Main.Sum
+	}
+	return
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/build_info_pre_1.12.go b/vendor/github.com/prometheus/client_golang/prometheus/build_info_pre_1.12.go
new file mode 100644
index 0000000000000..6609e2877c0b0
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/build_info_pre_1.12.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !go1.12
+
+package prometheus
+
+// readBuildInfo is a wrapper around debug.ReadBuildInfo for Go versions before
+// 1.12. Remove this whole file once the minimum supported Go version is 1.12.
+func readBuildInfo() (path, version, sum string) {
+	return "unknown", "unknown", "unknown"
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collector.go b/vendor/github.com/prometheus/client_golang/prometheus/collector.go
index 623d3d83fefc8..1e839650d4d93 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/collector.go
@@ -29,27 +29,72 @@ type Collector interface {
 	// collected by this Collector to the provided channel and returns once
 	// the last descriptor has been sent. The sent descriptors fulfill the
 	// consistency and uniqueness requirements described in the Desc
-	// documentation. (It is valid if one and the same Collector sends
-	// duplicate descriptors. Those duplicates are simply ignored. However,
-	// two different Collectors must not send duplicate descriptors.) This
-	// method idempotently sends the same descriptors throughout the
-	// lifetime of the Collector. If a Collector encounters an error while
-	// executing this method, it must send an invalid descriptor (created
-	// with NewInvalidDesc) to signal the error to the registry.
+	// documentation.
+	//
+	// It is valid if one and the same Collector sends duplicate
+	// descriptors. Those duplicates are simply ignored. However, two
+	// different Collectors must not send duplicate descriptors.
+	//
+	// Sending no descriptor at all marks the Collector as “unchecked”,
+	// i.e. no checks will be performed at registration time, and the
+	// Collector may yield any Metric it sees fit in its Collect method.
+	//
+	// This method idempotently sends the same descriptors throughout the
+	// lifetime of the Collector. It may be called concurrently and
+	// therefore must be implemented in a concurrency safe way.
+	//
+	// If a Collector encounters an error while executing this method, it
+	// must send an invalid descriptor (created with NewInvalidDesc) to
+	// signal the error to the registry.
 	Describe(chan<- *Desc)
 	// Collect is called by the Prometheus registry when collecting
 	// metrics. The implementation sends each collected metric via the
 	// provided channel and returns once the last metric has been sent. The
-	// descriptor of each sent metric is one of those returned by
-	// Describe. Returned metrics that share the same descriptor must differ
-	// in their variable label values. This method may be called
-	// concurrently and must therefore be implemented in a concurrency safe
-	// way. Blocking occurs at the expense of total performance of rendering
-	// all registered metrics. Ideally, Collector implementations support
-	// concurrent readers.
+	// descriptor of each sent metric is one of those returned by Describe
+	// (unless the Collector is unchecked, see above). Returned metrics that
+	// share the same descriptor must differ in their variable label
+	// values.
+	//
+	// This method may be called concurrently and must therefore be
+	// implemented in a concurrency safe way. Blocking occurs at the expense
+	// of total performance of rendering all registered metrics. Ideally,
+	// Collector implementations support concurrent readers.
 	Collect(chan<- Metric)
 }
 
+// DescribeByCollect is a helper to implement the Describe method of a custom
+// Collector. It collects the metrics from the provided Collector and sends
+// their descriptors to the provided channel.
+//
+// If a Collector collects the same metrics throughout its lifetime, its
+// Describe method can simply be implemented as:
+//
+//   func (c customCollector) Describe(ch chan<- *Desc) {
+//   	DescribeByCollect(c, ch)
+//   }
+//
+// However, this will not work if the metrics collected change dynamically over
+// the lifetime of the Collector in a way that their combined set of descriptors
+// changes as well. The shortcut implementation will then violate the contract
+// of the Describe method. If a Collector sometimes collects no metrics at all
+// (for example vectors like CounterVec, GaugeVec, etc., which only collect
+// metrics after a metric with a fully specified label set has been accessed),
+// it might even get registered as an unchecked Collector (cf. the Register
+// method of the Registerer interface). Hence, only use this shortcut
+// implementation of Describe if you are certain to fulfill the contract.
+//
+// The Collector example demonstrates a use of DescribeByCollect.
+func DescribeByCollect(c Collector, descs chan<- *Desc) {
+	metrics := make(chan Metric)
+	go func() {
+		c.Collect(metrics)
+		close(metrics)
+	}()
+	for m := range metrics {
+		descs <- m.Desc()
+	}
+}
+
 // selfCollector implements Collector for a single Metric so that the Metric
 // collects itself. Add it as an anonymous field to a struct that implements
 // Metric, and call init with the Metric itself as an argument.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/counter.go b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
index ee37949ada1d6..0e1b48c03f142 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/counter.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
@@ -15,6 +15,11 @@ package prometheus
 
 import (
 	"errors"
+	"math"
+	"sync/atomic"
+	"time"
+
+	dto "github.com/prometheus/client_model/go"
 )
 
 // Counter is a Metric that represents a single numerical value that only ever
@@ -30,26 +35,42 @@ type Counter interface {
 	Metric
 	Collector
 
-	// Set is used to set the Counter to an arbitrary value. It is only used
-	// if you have to transfer a value from an external counter into this
-	// Prometheus metric. Do not use it for regular handling of a
-	// Prometheus counter (as it can be used to break the contract of
-	// monotonically increasing values).
-	//
-	// Deprecated: Use NewConstMetric to create a counter for an external
-	// value. A Counter should never be set.
-	Set(float64)
-	// Inc increments the counter by 1.
+	// Inc increments the counter by 1. Use Add to increment it by arbitrary
+	// non-negative values.
 	Inc()
 	// Add adds the given value to the counter. It panics if the value is <
 	// 0.
 	Add(float64)
 }
 
+// ExemplarAdder is implemented by Counters that offer the option of adding a
+// value to the Counter together with an exemplar. Its AddWithExemplar method
+// works like the Add method of the Counter interface but also replaces the
+// currently saved exemplar (if any) with a new one, created from the provided
+// value, the current time as timestamp, and the provided labels. Empty Labels
+// will lead to a valid (label-less) exemplar. But if Labels is nil, the current
+// exemplar is left in place. AddWithExemplar panics if the value is < 0, if any
+// of the provided labels are invalid, or if the provided labels contain more
+// than 64 runes in total.
+type ExemplarAdder interface {
+	AddWithExemplar(value float64, exemplar Labels)
+}
+
 // CounterOpts is an alias for Opts. See there for doc comments.
 type CounterOpts Opts
 
 // NewCounter creates a new Counter based on the provided CounterOpts.
+//
+// The returned implementation also implements ExemplarAdder. It is safe to
+// perform the corresponding type assertion.
+//
+// The returned implementation tracks the counter value in two separate
+// variables, a float64 and a uint64. The latter is used to track calls of the
+// Inc method and calls of the Add method with a value that can be represented
+// as a uint64. This allows atomic increments of the counter with optimal
+// performance. (It is common to have an Inc call in very hot execution paths.)
+// Both internal tracking values are added up in the Write method. This has to
+// be taken into account when it comes to precision and overflow behavior.
 func NewCounter(opts CounterOpts) Counter {
 	desc := NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
@@ -57,20 +78,83 @@ func NewCounter(opts CounterOpts) Counter {
 		nil,
 		opts.ConstLabels,
 	)
-	result := &counter{value: value{desc: desc, valType: CounterValue, labelPairs: desc.constLabelPairs}}
+	result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: time.Now}
 	result.init(result) // Init self-collection.
 	return result
 }
 
 type counter struct {
-	value
+	// valBits contains the bits of the represented float64 value, while
+	// valInt stores values that are exact integers. Both have to go first
+	// in the struct to guarantee alignment for atomic operations.
+	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
+	valBits uint64
+	valInt  uint64
+
+	selfCollector
+	desc *Desc
+
+	labelPairs []*dto.LabelPair
+	exemplar   atomic.Value // Containing nil or a *dto.Exemplar.
+
+	now func() time.Time // To mock out time.Now() for testing.
+}
+
+func (c *counter) Desc() *Desc {
+	return c.desc
 }
 
 func (c *counter) Add(v float64) {
 	if v < 0 {
 		panic(errors.New("counter cannot decrease in value"))
 	}
-	c.value.Add(v)
+
+	ival := uint64(v)
+	if float64(ival) == v {
+		atomic.AddUint64(&c.valInt, ival)
+		return
+	}
+
+	for {
+		oldBits := atomic.LoadUint64(&c.valBits)
+		newBits := math.Float64bits(math.Float64frombits(oldBits) + v)
+		if atomic.CompareAndSwapUint64(&c.valBits, oldBits, newBits) {
+			return
+		}
+	}
+}
+
+func (c *counter) AddWithExemplar(v float64, e Labels) {
+	c.Add(v)
+	c.updateExemplar(v, e)
+}
+
+func (c *counter) Inc() {
+	atomic.AddUint64(&c.valInt, 1)
+}
+
+func (c *counter) Write(out *dto.Metric) error {
+	fval := math.Float64frombits(atomic.LoadUint64(&c.valBits))
+	ival := atomic.LoadUint64(&c.valInt)
+	val := fval + float64(ival)
+
+	var exemplar *dto.Exemplar
+	if e := c.exemplar.Load(); e != nil {
+		exemplar = e.(*dto.Exemplar)
+	}
+
+	return populateMetric(CounterValue, val, c.labelPairs, exemplar, out)
+}
+
+func (c *counter) updateExemplar(v float64, l Labels) {
+	if l == nil {
+		return
+	}
+	e, err := newExemplar(v, c.now(), l)
+	if err != nil {
+		panic(err)
+	}
+	c.exemplar.Store(e)
 }
 
 // CounterVec is a Collector that bundles a set of Counters that all share the
@@ -78,16 +162,12 @@ func (c *counter) Add(v float64) {
 // if you want to count the same thing partitioned by various dimensions
 // (e.g. number of HTTP requests, partitioned by response code and
 // method). Create instances with NewCounterVec.
-//
-// CounterVec embeds MetricVec. See there for a full list of methods with
-// detailed documentation.
 type CounterVec struct {
-	*MetricVec
+	*metricVec
 }
 
 // NewCounterVec creates a new CounterVec based on the provided CounterOpts and
-// partitioned by the given label names. At least one label name must be
-// provided.
+// partitioned by the given label names.
 func NewCounterVec(opts CounterOpts, labelNames []string) *CounterVec {
 	desc := NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
@@ -96,34 +176,62 @@ func NewCounterVec(opts CounterOpts, labelNames []string) *CounterVec {
 		opts.ConstLabels,
 	)
 	return &CounterVec{
-		MetricVec: newMetricVec(desc, func(lvs ...string) Metric {
-			result := &counter{value: value{
-				desc:       desc,
-				valType:    CounterValue,
-				labelPairs: makeLabelPairs(desc, lvs),
-			}}
+		metricVec: newMetricVec(desc, func(lvs ...string) Metric {
+			if len(lvs) != len(desc.variableLabels) {
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, lvs))
+			}
+			result := &counter{desc: desc, labelPairs: makeLabelPairs(desc, lvs), now: time.Now}
 			result.init(result) // Init self-collection.
 			return result
 		}),
 	}
 }
 
-// GetMetricWithLabelValues replaces the method of the same name in
-// MetricVec. The difference is that this method returns a Counter and not a
-// Metric so that no type conversion is required.
-func (m *CounterVec) GetMetricWithLabelValues(lvs ...string) (Counter, error) {
-	metric, err := m.MetricVec.GetMetricWithLabelValues(lvs...)
+// GetMetricWithLabelValues returns the Counter for the given slice of label
+// values (same order as the VariableLabels in Desc). If that combination of
+// label values is accessed for the first time, a new Counter is created.
+//
+// It is possible to call this method without using the returned Counter to only
+// create the new Counter but leave it at its starting value 0. See also the
+// SummaryVec example.
+//
+// Keeping the Counter for later use is possible (and should be considered if
+// performance is critical), but keep in mind that Reset, DeleteLabelValues and
+// Delete can be used to delete the Counter from the CounterVec. In that case,
+// the Counter will still exist, but it will not be exported anymore, even if a
+// Counter with the same label values is created later.
+//
+// An error is returned if the number of label values is not the same as the
+// number of VariableLabels in Desc (minus any curried labels).
+//
+// Note that for more than one label value, this method is prone to mistakes
+// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
+// an alternative to avoid that type of mistake. For higher label numbers, the
+// latter has a much more readable (albeit more verbose) syntax, but it comes
+// with a performance overhead (for creating and processing the Labels map).
+// See also the GaugeVec example.
+func (v *CounterVec) GetMetricWithLabelValues(lvs ...string) (Counter, error) {
+	metric, err := v.metricVec.getMetricWithLabelValues(lvs...)
 	if metric != nil {
 		return metric.(Counter), err
 	}
 	return nil, err
 }
 
-// GetMetricWith replaces the method of the same name in MetricVec. The
-// difference is that this method returns a Counter and not a Metric so that no
-// type conversion is required.
-func (m *CounterVec) GetMetricWith(labels Labels) (Counter, error) {
-	metric, err := m.MetricVec.GetMetricWith(labels)
+// GetMetricWith returns the Counter for the given Labels map (the label names
+// must match those of the VariableLabels in Desc). If that label map is
+// accessed for the first time, a new Counter is created. Implications of
+// creating a Counter without using it and keeping the Counter for later use are
+// the same as for GetMetricWithLabelValues.
+//
+// An error is returned if the number and names of the Labels are inconsistent
+// with those of the VariableLabels in Desc (minus any curried labels).
+//
+// This method is used for the same purpose as
+// GetMetricWithLabelValues(...string). See there for pros and cons of the two
+// methods.
+func (v *CounterVec) GetMetricWith(labels Labels) (Counter, error) {
+	metric, err := v.metricVec.getMetricWith(labels)
 	if metric != nil {
 		return metric.(Counter), err
 	}
@@ -131,18 +239,57 @@ func (m *CounterVec) GetMetricWith(labels Labels) (Counter, error) {
 }
 
 // WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. By not returning an
-// error, WithLabelValues allows shortcuts like
+// GetMetricWithLabelValues would have returned an error. Not returning an
+// error allows shortcuts like
 //     myVec.WithLabelValues("404", "GET").Add(42)
-func (m *CounterVec) WithLabelValues(lvs ...string) Counter {
-	return m.MetricVec.WithLabelValues(lvs...).(Counter)
+func (v *CounterVec) WithLabelValues(lvs ...string) Counter {
+	c, err := v.GetMetricWithLabelValues(lvs...)
+	if err != nil {
+		panic(err)
+	}
+	return c
 }
 
 // With works as GetMetricWith, but panics where GetMetricWithLabels would have
-// returned an error. By not returning an error, With allows shortcuts like
-//     myVec.With(Labels{"code": "404", "method": "GET"}).Add(42)
-func (m *CounterVec) With(labels Labels) Counter {
-	return m.MetricVec.With(labels).(Counter)
+// returned an error. Not returning an error allows shortcuts like
+//     myVec.With(prometheus.Labels{"code": "404", "method": "GET"}).Add(42)
+func (v *CounterVec) With(labels Labels) Counter {
+	c, err := v.GetMetricWith(labels)
+	if err != nil {
+		panic(err)
+	}
+	return c
+}
+
+// CurryWith returns a vector curried with the provided labels, i.e. the
+// returned vector has those labels pre-set for all labeled operations performed
+// on it. The cardinality of the curried vector is reduced accordingly. The
+// order of the remaining labels stays the same (just with the curried labels
+// taken out of the sequence – which is relevant for the
+// (GetMetric)WithLabelValues methods). It is possible to curry a curried
+// vector, but only with labels not yet used for currying before.
+//
+// The metrics contained in the CounterVec are shared between the curried and
+// uncurried vectors. They are just accessed differently. Curried and uncurried
+// vectors behave identically in terms of collection. Only one must be
+// registered with a given registry (usually the uncurried version). The Reset
+// method deletes all metrics, even if called on a curried vector.
+func (v *CounterVec) CurryWith(labels Labels) (*CounterVec, error) {
+	vec, err := v.curryWith(labels)
+	if vec != nil {
+		return &CounterVec{vec}, err
+	}
+	return nil, err
+}
+
+// MustCurryWith works as CurryWith but panics where CurryWith would have
+// returned an error.
+func (v *CounterVec) MustCurryWith(labels Labels) *CounterVec {
+	vec, err := v.CurryWith(labels)
+	if err != nil {
+		panic(err)
+	}
+	return vec
 }
 
 // CounterFunc is a Counter whose value is determined at collect time by calling a
@@ -162,6 +309,8 @@ type CounterFunc interface {
 // provided function must be concurrency-safe. The function should also honor
 // the contract for a Counter (values only go up, not down), but compliance will
 // not be checked.
+//
+// Check out the ExampleGaugeFunc examples for the similar GaugeFunc.
 func NewCounterFunc(opts CounterOpts, function func() float64) CounterFunc {
 	return newValueFunc(NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/desc.go b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
index 77f4b30e8478e..e3232d79f44b9 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/desc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
@@ -16,33 +16,16 @@ package prometheus
 import (
 	"errors"
 	"fmt"
-	"regexp"
 	"sort"
 	"strings"
 
+	"github.com/cespare/xxhash/v2"
 	"github.com/golang/protobuf/proto"
+	"github.com/prometheus/common/model"
 
 	dto "github.com/prometheus/client_model/go"
 )
 
-var (
-	metricNameRE = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_:]*$`)
-	labelNameRE  = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9_]*$")
-)
-
-// reservedLabelPrefix is a prefix which is not legal in user-supplied
-// label names.
-const reservedLabelPrefix = "__"
-
-// Labels represents a collection of label name -> value mappings. This type is
-// commonly used with the With(Labels) and GetMetricWith(Labels) methods of
-// metric vector Collectors, e.g.:
-//     myVec.With(Labels{"code": "404", "method": "GET"}).Add(42)
-//
-// The other use-case is the specification of constant label pairs in Opts or to
-// create a Desc.
-type Labels map[string]string
-
 // Desc is the descriptor used by every Prometheus Metric. It is essentially
 // the immutable meta-data of a Metric. The normal Metric implementations
 // included in this package manage their Desc under the hood. Users only have to
@@ -78,32 +61,27 @@ type Desc struct {
 	// Help string. Each Desc with the same fqName must have the same
 	// dimHash.
 	dimHash uint64
-	// err is an error that occured during construction. It is reported on
+	// err is an error that occurred during construction. It is reported on
 	// registration time.
 	err error
 }
 
 // NewDesc allocates and initializes a new Desc. Errors are recorded in the Desc
 // and will be reported on registration time. variableLabels and constLabels can
-// be nil if no such labels should be set. fqName and help must not be empty.
+// be nil if no such labels should be set. fqName must not be empty.
 //
 // variableLabels only contain the label names. Their label values are variable
 // and therefore not part of the Desc. (They are managed within the Metric.)
 //
 // For constLabels, the label values are constant. Therefore, they are fully
-// specified in the Desc. See the Opts documentation for the implications of
-// constant labels.
+// specified in the Desc. See the Collector example for a usage pattern.
 func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *Desc {
 	d := &Desc{
 		fqName:         fqName,
 		help:           help,
 		variableLabels: variableLabels,
 	}
-	if help == "" {
-		d.err = errors.New("empty help string")
-		return d
-	}
-	if !metricNameRE.MatchString(fqName) {
+	if !model.IsValidMetricName(model.LabelValue(fqName)) {
 		d.err = fmt.Errorf("%q is not a valid metric name", fqName)
 		return d
 	}
@@ -116,7 +94,7 @@ func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *
 	// First add only the const label names and sort them...
 	for labelName := range constLabels {
 		if !checkLabelName(labelName) {
-			d.err = fmt.Errorf("%q is not a valid label name", labelName)
+			d.err = fmt.Errorf("%q is not a valid label name for metric %q", labelName, fqName)
 			return d
 		}
 		labelNames = append(labelNames, labelName)
@@ -127,12 +105,18 @@ func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *
 	for _, labelName := range labelNames {
 		labelValues = append(labelValues, constLabels[labelName])
 	}
+	// Validate the const label values. They can't have a wrong cardinality, so
+	// use in len(labelValues) as expectedNumberOfValues.
+	if err := validateLabelValues(labelValues, len(labelValues)); err != nil {
+		d.err = err
+		return d
+	}
 	// Now add the variable label names, but prefix them with something that
 	// cannot be in a regular label name. That prevents matching the label
 	// dimension with a different mix between preset and variable labels.
 	for _, labelName := range variableLabels {
 		if !checkLabelName(labelName) {
-			d.err = fmt.Errorf("%q is not a valid label name", labelName)
+			d.err = fmt.Errorf("%q is not a valid label name for metric %q", labelName, fqName)
 			return d
 		}
 		labelNames = append(labelNames, "$"+labelName)
@@ -142,24 +126,25 @@ func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *
 		d.err = errors.New("duplicate label names")
 		return d
 	}
-	vh := hashNew()
+
+	xxh := xxhash.New()
 	for _, val := range labelValues {
-		vh = hashAdd(vh, val)
-		vh = hashAddByte(vh, separatorByte)
+		xxh.WriteString(val)
+		xxh.Write(separatorByteSlice)
 	}
-	d.id = vh
+	d.id = xxh.Sum64()
 	// Sort labelNames so that order doesn't matter for the hash.
 	sort.Strings(labelNames)
 	// Now hash together (in this order) the help string and the sorted
 	// label names.
-	lh := hashNew()
-	lh = hashAdd(lh, help)
-	lh = hashAddByte(lh, separatorByte)
+	xxh.Reset()
+	xxh.WriteString(help)
+	xxh.Write(separatorByteSlice)
 	for _, labelName := range labelNames {
-		lh = hashAdd(lh, labelName)
-		lh = hashAddByte(lh, separatorByte)
+		xxh.WriteString(labelName)
+		xxh.Write(separatorByteSlice)
 	}
-	d.dimHash = lh
+	d.dimHash = xxh.Sum64()
 
 	d.constLabelPairs = make([]*dto.LabelPair, 0, len(constLabels))
 	for n, v := range constLabels {
@@ -168,7 +153,7 @@ func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *
 			Value: proto.String(v),
 		})
 	}
-	sort.Sort(LabelPairSorter(d.constLabelPairs))
+	sort.Sort(labelPairSorter(d.constLabelPairs))
 	return d
 }
 
@@ -198,8 +183,3 @@ func (d *Desc) String() string {
 		d.variableLabels,
 	)
 }
-
-func checkLabelName(l string) bool {
-	return labelNameRE.MatchString(l) &&
-		!strings.HasPrefix(l, reservedLabelPrefix)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/doc.go b/vendor/github.com/prometheus/client_golang/prometheus/doc.go
index b15a2d3b9864f..98450125d6a35 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/doc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/doc.go
@@ -11,13 +11,15 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package prometheus provides metrics primitives to instrument code for
-// monitoring. It also offers a registry for metrics. Sub-packages allow to
-// expose the registered metrics via HTTP (package promhttp) or push them to a
-// Pushgateway (package push).
+// Package prometheus is the core instrumentation package. It provides metrics
+// primitives to instrument code for monitoring. It also offers a registry for
+// metrics. Sub-packages allow to expose the registered metrics via HTTP
+// (package promhttp) or push them to a Pushgateway (package push). There is
+// also a sub-package promauto, which provides metrics constructors with
+// automatic registration.
 //
 // All exported functions and methods are safe to be used concurrently unless
-//specified otherwise.
+// specified otherwise.
 //
 // A Basic Example
 //
@@ -26,6 +28,7 @@
 //    package main
 //
 //    import (
+//    	"log"
 //    	"net/http"
 //
 //    	"github.com/prometheus/client_golang/prometheus"
@@ -59,7 +62,7 @@
 //    	// The Handler function provides a default handler to expose metrics
 //    	// via an HTTP server. "/metrics" is the usual endpoint for that.
 //    	http.Handle("/metrics", promhttp.Handler())
-//    	http.ListenAndServe(":8080", nil)
+//    	log.Fatal(http.ListenAndServe(":8080", nil))
 //    }
 //
 //
@@ -69,34 +72,33 @@
 // Metrics
 //
 // The number of exported identifiers in this package might appear a bit
-// overwhelming. Hovever, in addition to the basic plumbing shown in the example
+// overwhelming. However, in addition to the basic plumbing shown in the example
 // above, you only need to understand the different metric types and their
-// vector versions for basic usage.
+// vector versions for basic usage. Furthermore, if you are not concerned with
+// fine-grained control of when and how to register metrics with the registry,
+// have a look at the promauto package, which will effectively allow you to
+// ignore registration altogether in simple cases.
 //
 // Above, you have already touched the Counter and the Gauge. There are two more
 // advanced metric types: the Summary and Histogram. A more thorough description
 // of those four metric types can be found in the Prometheus docs:
 // https://prometheus.io/docs/concepts/metric_types/
 //
-// A fifth "type" of metric is Untyped. It behaves like a Gauge, but signals the
-// Prometheus server not to assume anything about its type.
-//
-// In addition to the fundamental metric types Gauge, Counter, Summary,
-// Histogram, and Untyped, a very important part of the Prometheus data model is
-// the partitioning of samples along dimensions called labels, which results in
+// In addition to the fundamental metric types Gauge, Counter, Summary, and
+// Histogram, a very important part of the Prometheus data model is the
+// partitioning of samples along dimensions called labels, which results in
 // metric vectors. The fundamental types are GaugeVec, CounterVec, SummaryVec,
-// HistogramVec, and UntypedVec.
+// and HistogramVec.
 //
 // While only the fundamental metric types implement the Metric interface, both
 // the metrics and their vector versions implement the Collector interface. A
 // Collector manages the collection of a number of Metrics, but for convenience,
-// a Metric can also “collect itself”. Note that Gauge, Counter, Summary,
-// Histogram, and Untyped are interfaces themselves while GaugeVec, CounterVec,
-// SummaryVec, HistogramVec, and UntypedVec are not.
+// a Metric can also “collect itself”. Note that Gauge, Counter, Summary, and
+// Histogram are interfaces themselves while GaugeVec, CounterVec, SummaryVec,
+// and HistogramVec are not.
 //
 // To create instances of Metrics and their vector versions, you need a suitable
-// …Opts struct, i.e. GaugeOpts, CounterOpts, SummaryOpts,
-// HistogramOpts, or UntypedOpts.
+// …Opts struct, i.e. GaugeOpts, CounterOpts, SummaryOpts, or HistogramOpts.
 //
 // Custom Collectors and constant Metrics
 //
@@ -112,10 +114,23 @@
 // existing numbers into Prometheus Metrics during collection. An own
 // implementation of the Collector interface is perfect for that. You can create
 // Metric instances “on the fly” using NewConstMetric, NewConstHistogram, and
-// NewConstSummary (and their respective Must… versions). That will happen in
-// the Collect method. The Describe method has to return separate Desc
-// instances, representative of the “throw-away” metrics to be created
-// later. NewDesc comes in handy to create those Desc instances.
+// NewConstSummary (and their respective Must… versions). NewConstMetric is used
+// for all metric types with just a float64 as their value: Counter, Gauge, and
+// a special “type” called Untyped. Use the latter if you are not sure if the
+// mirrored metric is a Counter or a Gauge. Creation of the Metric instance
+// happens in the Collect method. The Describe method has to return separate
+// Desc instances, representative of the “throw-away” metrics to be created
+// later.  NewDesc comes in handy to create those Desc instances. Alternatively,
+// you could return no Desc at all, which will mark the Collector “unchecked”.
+// No checks are performed at registration time, but metric consistency will
+// still be ensured at scrape time, i.e. any inconsistencies will lead to scrape
+// errors. Thus, with unchecked Collectors, the responsibility to not collect
+// metrics that lead to inconsistencies in the total scrape result lies with the
+// implementer of the Collector. While this is not a desirable state, it is
+// sometimes necessary. The typical use case is a situation where the exact
+// metrics to be returned by a Collector cannot be predicted at registration
+// time, but the implementer has sufficient knowledge of the whole system to
+// guarantee metric consistency.
 //
 // The Collector example illustrates the use case. You can also look at the
 // source code of the processCollector (mirroring process metrics), the
@@ -129,34 +144,34 @@
 // Advanced Uses of the Registry
 //
 // While MustRegister is the by far most common way of registering a Collector,
-// sometimes you might want to handle the errors the registration might
-// cause. As suggested by the name, MustRegister panics if an error occurs. With
-// the Register function, the error is returned and can be handled.
+// sometimes you might want to handle the errors the registration might cause.
+// As suggested by the name, MustRegister panics if an error occurs. With the
+// Register function, the error is returned and can be handled.
 //
 // An error is returned if the registered Collector is incompatible or
 // inconsistent with already registered metrics. The registry aims for
-// consistency of the collected metrics according to the Prometheus data
-// model. Inconsistencies are ideally detected at registration time, not at
-// collect time. The former will usually be detected at start-up time of a
-// program, while the latter will only happen at scrape time, possibly not even
-// on the first scrape if the inconsistency only becomes relevant later. That is
-// the main reason why a Collector and a Metric have to describe themselves to
-// the registry.
+// consistency of the collected metrics according to the Prometheus data model.
+// Inconsistencies are ideally detected at registration time, not at collect
+// time. The former will usually be detected at start-up time of a program,
+// while the latter will only happen at scrape time, possibly not even on the
+// first scrape if the inconsistency only becomes relevant later. That is the
+// main reason why a Collector and a Metric have to describe themselves to the
+// registry.
 //
 // So far, everything we did operated on the so-called default registry, as it
-// can be found in the global DefaultRegistry variable. With NewRegistry, you
+// can be found in the global DefaultRegisterer variable. With NewRegistry, you
 // can create a custom registry, or you can even implement the Registerer or
-// Gatherer interfaces yourself. The methods Register and Unregister work in
-// the same way on a custom registry as the global functions Register and
-// Unregister on the default registry.
-//
-// There are a number of uses for custom registries: You can use registries
-// with special properties, see NewPedanticRegistry. You can avoid global state,
-// as it is imposed by the DefaultRegistry. You can use multiple registries at
-// the same time to expose different metrics in different ways. You can use
+// Gatherer interfaces yourself. The methods Register and Unregister work in the
+// same way on a custom registry as the global functions Register and Unregister
+// on the default registry.
+//
+// There are a number of uses for custom registries: You can use registries with
+// special properties, see NewPedanticRegistry. You can avoid global state, as
+// it is imposed by the DefaultRegisterer. You can use multiple registries at
+// the same time to expose different metrics in different ways.  You can use
 // separate registries for testing purposes.
 //
-// Also note that the DefaultRegistry comes registered with a Collector for Go
+// Also note that the DefaultRegisterer comes registered with a Collector for Go
 // runtime metrics (via NewGoCollector) and a Collector for process metrics (via
 // NewProcessCollector). With a custom registry, you are in control and decide
 // yourself about the Collectors to register.
@@ -166,16 +181,19 @@
 // The Registry implements the Gatherer interface. The caller of the Gather
 // method can then expose the gathered metrics in some way. Usually, the metrics
 // are served via HTTP on the /metrics endpoint. That's happening in the example
-// above. The tools to expose metrics via HTTP are in the promhttp
-// sub-package. (The top-level functions in the prometheus package are
-// deprecated.)
+// above. The tools to expose metrics via HTTP are in the promhttp sub-package.
 //
 // Pushing to the Pushgateway
 //
 // Function for pushing to the Pushgateway can be found in the push sub-package.
 //
+// Graphite Bridge
+//
+// Functions and examples to push metrics from a Gatherer to Graphite can be
+// found in the graphite sub-package.
+//
 // Other Means of Exposition
 //
-// More ways of exposing metrics can easily be added. Sending metrics to
-// Graphite would be an example that will soon be implemented.
+// More ways of exposing metrics can easily be added by following the approaches
+// of the existing implementations.
 package prometheus
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/fnv.go b/vendor/github.com/prometheus/client_golang/prometheus/fnv.go
index e3b67df8ac068..3d383a735c385 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/fnv.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/fnv.go
@@ -1,3 +1,16 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package prometheus
 
 // Inline and byte-free variant of hash/fnv's fnv64a.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
index 8b70e5141d409..d67573f767a96 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
@@ -13,6 +13,14 @@
 
 package prometheus
 
+import (
+	"math"
+	"sync/atomic"
+	"time"
+
+	dto "github.com/prometheus/client_model/go"
+)
+
 // Gauge is a Metric that represents a single numerical value that can
 // arbitrarily go up and down.
 //
@@ -27,29 +35,95 @@ type Gauge interface {
 
 	// Set sets the Gauge to an arbitrary value.
 	Set(float64)
-	// Inc increments the Gauge by 1.
+	// Inc increments the Gauge by 1. Use Add to increment it by arbitrary
+	// values.
 	Inc()
-	// Dec decrements the Gauge by 1.
+	// Dec decrements the Gauge by 1. Use Sub to decrement it by arbitrary
+	// values.
 	Dec()
-	// Add adds the given value to the Gauge. (The value can be
-	// negative, resulting in a decrease of the Gauge.)
+	// Add adds the given value to the Gauge. (The value can be negative,
+	// resulting in a decrease of the Gauge.)
 	Add(float64)
 	// Sub subtracts the given value from the Gauge. (The value can be
 	// negative, resulting in an increase of the Gauge.)
 	Sub(float64)
+
+	// SetToCurrentTime sets the Gauge to the current Unix time in seconds.
+	SetToCurrentTime()
 }
 
 // GaugeOpts is an alias for Opts. See there for doc comments.
 type GaugeOpts Opts
 
 // NewGauge creates a new Gauge based on the provided GaugeOpts.
+//
+// The returned implementation is optimized for a fast Set method. If you have a
+// choice for managing the value of a Gauge via Set vs. Inc/Dec/Add/Sub, pick
+// the former. For example, the Inc method of the returned Gauge is slower than
+// the Inc method of a Counter returned by NewCounter. This matches the typical
+// scenarios for Gauges and Counters, where the former tends to be Set-heavy and
+// the latter Inc-heavy.
 func NewGauge(opts GaugeOpts) Gauge {
-	return newValue(NewDesc(
+	desc := NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
 		opts.Help,
 		nil,
 		opts.ConstLabels,
-	), GaugeValue, 0)
+	)
+	result := &gauge{desc: desc, labelPairs: desc.constLabelPairs}
+	result.init(result) // Init self-collection.
+	return result
+}
+
+type gauge struct {
+	// valBits contains the bits of the represented float64 value. It has
+	// to go first in the struct to guarantee alignment for atomic
+	// operations.  http://golang.org/pkg/sync/atomic/#pkg-note-BUG
+	valBits uint64
+
+	selfCollector
+
+	desc       *Desc
+	labelPairs []*dto.LabelPair
+}
+
+func (g *gauge) Desc() *Desc {
+	return g.desc
+}
+
+func (g *gauge) Set(val float64) {
+	atomic.StoreUint64(&g.valBits, math.Float64bits(val))
+}
+
+func (g *gauge) SetToCurrentTime() {
+	g.Set(float64(time.Now().UnixNano()) / 1e9)
+}
+
+func (g *gauge) Inc() {
+	g.Add(1)
+}
+
+func (g *gauge) Dec() {
+	g.Add(-1)
+}
+
+func (g *gauge) Add(val float64) {
+	for {
+		oldBits := atomic.LoadUint64(&g.valBits)
+		newBits := math.Float64bits(math.Float64frombits(oldBits) + val)
+		if atomic.CompareAndSwapUint64(&g.valBits, oldBits, newBits) {
+			return
+		}
+	}
+}
+
+func (g *gauge) Sub(val float64) {
+	g.Add(val * -1)
+}
+
+func (g *gauge) Write(out *dto.Metric) error {
+	val := math.Float64frombits(atomic.LoadUint64(&g.valBits))
+	return populateMetric(GaugeValue, val, g.labelPairs, nil, out)
 }
 
 // GaugeVec is a Collector that bundles a set of Gauges that all share the same
@@ -58,12 +132,11 @@ func NewGauge(opts GaugeOpts) Gauge {
 // (e.g. number of operations queued, partitioned by user and operation
 // type). Create instances with NewGaugeVec.
 type GaugeVec struct {
-	*MetricVec
+	*metricVec
 }
 
 // NewGaugeVec creates a new GaugeVec based on the provided GaugeOpts and
-// partitioned by the given label names. At least one label name must be
-// provided.
+// partitioned by the given label names.
 func NewGaugeVec(opts GaugeOpts, labelNames []string) *GaugeVec {
 	desc := NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
@@ -72,28 +145,62 @@ func NewGaugeVec(opts GaugeOpts, labelNames []string) *GaugeVec {
 		opts.ConstLabels,
 	)
 	return &GaugeVec{
-		MetricVec: newMetricVec(desc, func(lvs ...string) Metric {
-			return newValue(desc, GaugeValue, 0, lvs...)
+		metricVec: newMetricVec(desc, func(lvs ...string) Metric {
+			if len(lvs) != len(desc.variableLabels) {
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, lvs))
+			}
+			result := &gauge{desc: desc, labelPairs: makeLabelPairs(desc, lvs)}
+			result.init(result) // Init self-collection.
+			return result
 		}),
 	}
 }
 
-// GetMetricWithLabelValues replaces the method of the same name in
-// MetricVec. The difference is that this method returns a Gauge and not a
-// Metric so that no type conversion is required.
-func (m *GaugeVec) GetMetricWithLabelValues(lvs ...string) (Gauge, error) {
-	metric, err := m.MetricVec.GetMetricWithLabelValues(lvs...)
+// GetMetricWithLabelValues returns the Gauge for the given slice of label
+// values (same order as the VariableLabels in Desc). If that combination of
+// label values is accessed for the first time, a new Gauge is created.
+//
+// It is possible to call this method without using the returned Gauge to only
+// create the new Gauge but leave it at its starting value 0. See also the
+// SummaryVec example.
+//
+// Keeping the Gauge for later use is possible (and should be considered if
+// performance is critical), but keep in mind that Reset, DeleteLabelValues and
+// Delete can be used to delete the Gauge from the GaugeVec. In that case, the
+// Gauge will still exist, but it will not be exported anymore, even if a
+// Gauge with the same label values is created later. See also the CounterVec
+// example.
+//
+// An error is returned if the number of label values is not the same as the
+// number of VariableLabels in Desc (minus any curried labels).
+//
+// Note that for more than one label value, this method is prone to mistakes
+// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
+// an alternative to avoid that type of mistake. For higher label numbers, the
+// latter has a much more readable (albeit more verbose) syntax, but it comes
+// with a performance overhead (for creating and processing the Labels map).
+func (v *GaugeVec) GetMetricWithLabelValues(lvs ...string) (Gauge, error) {
+	metric, err := v.metricVec.getMetricWithLabelValues(lvs...)
 	if metric != nil {
 		return metric.(Gauge), err
 	}
 	return nil, err
 }
 
-// GetMetricWith replaces the method of the same name in MetricVec. The
-// difference is that this method returns a Gauge and not a Metric so that no
-// type conversion is required.
-func (m *GaugeVec) GetMetricWith(labels Labels) (Gauge, error) {
-	metric, err := m.MetricVec.GetMetricWith(labels)
+// GetMetricWith returns the Gauge for the given Labels map (the label names
+// must match those of the VariableLabels in Desc). If that label map is
+// accessed for the first time, a new Gauge is created. Implications of
+// creating a Gauge without using it and keeping the Gauge for later use are
+// the same as for GetMetricWithLabelValues.
+//
+// An error is returned if the number and names of the Labels are inconsistent
+// with those of the VariableLabels in Desc (minus any curried labels).
+//
+// This method is used for the same purpose as
+// GetMetricWithLabelValues(...string). See there for pros and cons of the two
+// methods.
+func (v *GaugeVec) GetMetricWith(labels Labels) (Gauge, error) {
+	metric, err := v.metricVec.getMetricWith(labels)
 	if metric != nil {
 		return metric.(Gauge), err
 	}
@@ -101,18 +208,57 @@ func (m *GaugeVec) GetMetricWith(labels Labels) (Gauge, error) {
 }
 
 // WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. By not returning an
-// error, WithLabelValues allows shortcuts like
+// GetMetricWithLabelValues would have returned an error. Not returning an
+// error allows shortcuts like
 //     myVec.WithLabelValues("404", "GET").Add(42)
-func (m *GaugeVec) WithLabelValues(lvs ...string) Gauge {
-	return m.MetricVec.WithLabelValues(lvs...).(Gauge)
+func (v *GaugeVec) WithLabelValues(lvs ...string) Gauge {
+	g, err := v.GetMetricWithLabelValues(lvs...)
+	if err != nil {
+		panic(err)
+	}
+	return g
 }
 
 // With works as GetMetricWith, but panics where GetMetricWithLabels would have
-// returned an error. By not returning an error, With allows shortcuts like
-//     myVec.With(Labels{"code": "404", "method": "GET"}).Add(42)
-func (m *GaugeVec) With(labels Labels) Gauge {
-	return m.MetricVec.With(labels).(Gauge)
+// returned an error. Not returning an error allows shortcuts like
+//     myVec.With(prometheus.Labels{"code": "404", "method": "GET"}).Add(42)
+func (v *GaugeVec) With(labels Labels) Gauge {
+	g, err := v.GetMetricWith(labels)
+	if err != nil {
+		panic(err)
+	}
+	return g
+}
+
+// CurryWith returns a vector curried with the provided labels, i.e. the
+// returned vector has those labels pre-set for all labeled operations performed
+// on it. The cardinality of the curried vector is reduced accordingly. The
+// order of the remaining labels stays the same (just with the curried labels
+// taken out of the sequence – which is relevant for the
+// (GetMetric)WithLabelValues methods). It is possible to curry a curried
+// vector, but only with labels not yet used for currying before.
+//
+// The metrics contained in the GaugeVec are shared between the curried and
+// uncurried vectors. They are just accessed differently. Curried and uncurried
+// vectors behave identically in terms of collection. Only one must be
+// registered with a given registry (usually the uncurried version). The Reset
+// method deletes all metrics, even if called on a curried vector.
+func (v *GaugeVec) CurryWith(labels Labels) (*GaugeVec, error) {
+	vec, err := v.curryWith(labels)
+	if vec != nil {
+		return &GaugeVec{vec}, err
+	}
+	return nil, err
+}
+
+// MustCurryWith works as CurryWith but panics where CurryWith would have
+// returned an error.
+func (v *GaugeVec) MustCurryWith(labels Labels) *GaugeVec {
+	vec, err := v.CurryWith(labels)
+	if err != nil {
+		panic(err)
+	}
+	return vec
 }
 
 // GaugeFunc is a Gauge whose value is determined at collect time by calling a
@@ -127,9 +273,12 @@ type GaugeFunc interface {
 // NewGaugeFunc creates a new GaugeFunc based on the provided GaugeOpts. The
 // value reported is determined by calling the given function from within the
 // Write method. Take into account that metric collection may happen
-// concurrently. If that results in concurrent calls to Write, like in the case
-// where a GaugeFunc is directly registered with Prometheus, the provided
-// function must be concurrency-safe.
+// concurrently. Therefore, it must be safe to call the provided function
+// concurrently.
+//
+// NewGaugeFunc is a good way to create an “info” style metric with a constant
+// value of 1. Example:
+// https://github.com/prometheus/common/blob/8558a5b7db3c84fa38b4766966059a7bd5bfa2ee/version/info.go#L36-L56
 func NewGaugeFunc(opts GaugeOpts, function func() float64) GaugeFunc {
 	return newValueFunc(NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/go_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/go_collector.go
index abc9d4ec403c4..ea05cf429f2ba 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/go_collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/go_collector.go
@@ -1,34 +1,89 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package prometheus
 
 import (
-	"fmt"
 	"runtime"
 	"runtime/debug"
+	"sync"
 	"time"
 )
 
 type goCollector struct {
-	goroutines Gauge
-	gcDesc     *Desc
+	goroutinesDesc *Desc
+	threadsDesc    *Desc
+	gcDesc         *Desc
+	goInfoDesc     *Desc
 
-	// metrics to describe and collect
-	metrics memStatsMetrics
+	// ms... are memstats related.
+	msLast          *runtime.MemStats // Previously collected memstats.
+	msLastTimestamp time.Time
+	msMtx           sync.Mutex // Protects msLast and msLastTimestamp.
+	msMetrics       memStatsMetrics
+	msRead          func(*runtime.MemStats) // For mocking in tests.
+	msMaxWait       time.Duration           // Wait time for fresh memstats.
+	msMaxAge        time.Duration           // Maximum allowed age of old memstats.
 }
 
-// NewGoCollector returns a collector which exports metrics about the current
-// go process.
+// NewGoCollector returns a collector that exports metrics about the current Go
+// process. This includes memory stats. To collect those, runtime.ReadMemStats
+// is called. This requires to “stop the world”, which usually only happens for
+// garbage collection (GC). Take the following implications into account when
+// deciding whether to use the Go collector:
+//
+// 1. The performance impact of stopping the world is the more relevant the more
+// frequently metrics are collected. However, with Go1.9 or later the
+// stop-the-world time per metrics collection is very short (~25µs) so that the
+// performance impact will only matter in rare cases. However, with older Go
+// versions, the stop-the-world duration depends on the heap size and can be
+// quite significant (~1.7 ms/GiB as per
+// https://go-review.googlesource.com/c/go/+/34937).
+//
+// 2. During an ongoing GC, nothing else can stop the world. Therefore, if the
+// metrics collection happens to coincide with GC, it will only complete after
+// GC has finished. Usually, GC is fast enough to not cause problems. However,
+// with a very large heap, GC might take multiple seconds, which is enough to
+// cause scrape timeouts in common setups. To avoid this problem, the Go
+// collector will use the memstats from a previous collection if
+// runtime.ReadMemStats takes more than 1s. However, if there are no previously
+// collected memstats, or their collection is more than 5m ago, the collection
+// will block until runtime.ReadMemStats succeeds. (The problem might be solved
+// in Go1.13, see https://github.com/golang/go/issues/19812 for the related Go
+// issue.)
 func NewGoCollector() Collector {
 	return &goCollector{
-		goroutines: NewGauge(GaugeOpts{
-			Namespace: "go",
-			Name:      "goroutines",
-			Help:      "Number of goroutines that currently exist.",
-		}),
+		goroutinesDesc: NewDesc(
+			"go_goroutines",
+			"Number of goroutines that currently exist.",
+			nil, nil),
+		threadsDesc: NewDesc(
+			"go_threads",
+			"Number of OS threads created.",
+			nil, nil),
 		gcDesc: NewDesc(
 			"go_gc_duration_seconds",
-			"A summary of the GC invocation durations.",
+			"A summary of the pause duration of garbage collection cycles.",
 			nil, nil),
-		metrics: memStatsMetrics{
+		goInfoDesc: NewDesc(
+			"go_info",
+			"Information about the Go environment.",
+			nil, Labels{"version": runtime.Version()}),
+		msLast:    &runtime.MemStats{},
+		msRead:    runtime.ReadMemStats,
+		msMaxWait: time.Second,
+		msMaxAge:  5 * time.Minute,
+		msMetrics: memStatsMetrics{
 			{
 				desc: NewDesc(
 					memstatNamespace("alloc_bytes"),
@@ -48,7 +103,7 @@ func NewGoCollector() Collector {
 			}, {
 				desc: NewDesc(
 					memstatNamespace("sys_bytes"),
-					"Number of bytes obtained by system. Sum of all system allocations.",
+					"Number of bytes obtained from system.",
 					nil, nil,
 				),
 				eval:    func(ms *runtime.MemStats) float64 { return float64(ms.Sys) },
@@ -111,12 +166,12 @@ func NewGoCollector() Collector {
 				valType: GaugeValue,
 			}, {
 				desc: NewDesc(
-					memstatNamespace("heap_released_bytes_total"),
-					"Total number of heap bytes released to OS.",
+					memstatNamespace("heap_released_bytes"),
+					"Number of heap bytes released to OS.",
 					nil, nil,
 				),
 				eval:    func(ms *runtime.MemStats) float64 { return float64(ms.HeapReleased) },
-				valType: CounterValue,
+				valType: GaugeValue,
 			}, {
 				desc: NewDesc(
 					memstatNamespace("heap_objects"),
@@ -213,29 +268,53 @@ func NewGoCollector() Collector {
 				),
 				eval:    func(ms *runtime.MemStats) float64 { return float64(ms.LastGC) / 1e9 },
 				valType: GaugeValue,
+			}, {
+				desc: NewDesc(
+					memstatNamespace("gc_cpu_fraction"),
+					"The fraction of this program's available CPU time used by the GC since the program started.",
+					nil, nil,
+				),
+				eval:    func(ms *runtime.MemStats) float64 { return ms.GCCPUFraction },
+				valType: GaugeValue,
 			},
 		},
 	}
 }
 
 func memstatNamespace(s string) string {
-	return fmt.Sprintf("go_memstats_%s", s)
+	return "go_memstats_" + s
 }
 
 // Describe returns all descriptions of the collector.
 func (c *goCollector) Describe(ch chan<- *Desc) {
-	ch <- c.goroutines.Desc()
+	ch <- c.goroutinesDesc
+	ch <- c.threadsDesc
 	ch <- c.gcDesc
-
-	for _, i := range c.metrics {
+	ch <- c.goInfoDesc
+	for _, i := range c.msMetrics {
 		ch <- i.desc
 	}
 }
 
 // Collect returns the current state of all metrics of the collector.
 func (c *goCollector) Collect(ch chan<- Metric) {
-	c.goroutines.Set(float64(runtime.NumGoroutine()))
-	ch <- c.goroutines
+	var (
+		ms   = &runtime.MemStats{}
+		done = make(chan struct{})
+	)
+	// Start reading memstats first as it might take a while.
+	go func() {
+		c.msRead(ms)
+		c.msMtx.Lock()
+		c.msLast = ms
+		c.msLastTimestamp = time.Now()
+		c.msMtx.Unlock()
+		close(done)
+	}()
+
+	ch <- MustNewConstMetric(c.goroutinesDesc, GaugeValue, float64(runtime.NumGoroutine()))
+	n, _ := runtime.ThreadCreateProfile(nil)
+	ch <- MustNewConstMetric(c.threadsDesc, GaugeValue, float64(n))
 
 	var stats debug.GCStats
 	stats.PauseQuantiles = make([]time.Duration, 5)
@@ -246,11 +325,35 @@ func (c *goCollector) Collect(ch chan<- Metric) {
 		quantiles[float64(idx+1)/float64(len(stats.PauseQuantiles)-1)] = pq.Seconds()
 	}
 	quantiles[0.0] = stats.PauseQuantiles[0].Seconds()
-	ch <- MustNewConstSummary(c.gcDesc, uint64(stats.NumGC), float64(stats.PauseTotal.Seconds()), quantiles)
+	ch <- MustNewConstSummary(c.gcDesc, uint64(stats.NumGC), stats.PauseTotal.Seconds(), quantiles)
+
+	ch <- MustNewConstMetric(c.goInfoDesc, GaugeValue, 1)
 
-	ms := &runtime.MemStats{}
-	runtime.ReadMemStats(ms)
-	for _, i := range c.metrics {
+	timer := time.NewTimer(c.msMaxWait)
+	select {
+	case <-done: // Our own ReadMemStats succeeded in time. Use it.
+		timer.Stop() // Important for high collection frequencies to not pile up timers.
+		c.msCollect(ch, ms)
+		return
+	case <-timer.C: // Time out, use last memstats if possible. Continue below.
+	}
+	c.msMtx.Lock()
+	if time.Since(c.msLastTimestamp) < c.msMaxAge {
+		// Last memstats are recent enough. Collect from them under the lock.
+		c.msCollect(ch, c.msLast)
+		c.msMtx.Unlock()
+		return
+	}
+	// If we are here, the last memstats are too old or don't exist. We have
+	// to wait until our own ReadMemStats finally completes. For that to
+	// happen, we have to release the lock.
+	c.msMtx.Unlock()
+	<-done
+	c.msCollect(ch, ms)
+}
+
+func (c *goCollector) msCollect(ch chan<- Metric, ms *runtime.MemStats) {
+	for _, i := range c.msMetrics {
 		ch <- MustNewConstMetric(i.desc, i.valType, i.eval(ms))
 	}
 }
@@ -261,3 +364,33 @@ type memStatsMetrics []struct {
 	eval    func(*runtime.MemStats) float64
 	valType ValueType
 }
+
+// NewBuildInfoCollector returns a collector collecting a single metric
+// "go_build_info" with the constant value 1 and three labels "path", "version",
+// and "checksum". Their label values contain the main module path, version, and
+// checksum, respectively. The labels will only have meaningful values if the
+// binary is built with Go module support and from source code retrieved from
+// the source repository (rather than the local file system). This is usually
+// accomplished by building from outside of GOPATH, specifying the full address
+// of the main package, e.g. "GO111MODULE=on go run
+// github.com/prometheus/client_golang/examples/random". If built without Go
+// module support, all label values will be "unknown". If built with Go module
+// support but using the source code from the local file system, the "path" will
+// be set appropriately, but "checksum" will be empty and "version" will be
+// "(devel)".
+//
+// This collector uses only the build information for the main module. See
+// https://github.com/povilasv/prommod for an example of a collector for the
+// module dependencies.
+func NewBuildInfoCollector() Collector {
+	path, version, sum := readBuildInfo()
+	c := &selfCollector{MustNewConstMetric(
+		NewDesc(
+			"go_build_info",
+			"Build information about the main Go module.",
+			nil, Labels{"path": path, "version": version, "checksum": sum},
+		),
+		GaugeValue, 1)}
+	c.init(c.self)
+	return c
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
index 9719e8fac8ba3..4271f438aeaaf 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
@@ -16,8 +16,11 @@ package prometheus
 import (
 	"fmt"
 	"math"
+	"runtime"
 	"sort"
+	"sync"
 	"sync/atomic"
+	"time"
 
 	"github.com/golang/protobuf/proto"
 
@@ -108,8 +111,9 @@ func ExponentialBuckets(start, factor float64, count int) []float64 {
 }
 
 // HistogramOpts bundles the options for creating a Histogram metric. It is
-// mandatory to set Name and Help to a non-empty string. All other fields are
-// optional and can safely be left at their zero value.
+// mandatory to set Name to a non-empty string. All other fields are optional
+// and can safely be left at their zero value, although it is strongly
+// encouraged to set a Help string.
 type HistogramOpts struct {
 	// Namespace, Subsystem, and Name are components of the fully-qualified
 	// name of the Histogram (created by joining these components with
@@ -120,29 +124,22 @@ type HistogramOpts struct {
 	Subsystem string
 	Name      string
 
-	// Help provides information about this Histogram. Mandatory!
+	// Help provides information about this Histogram.
 	//
 	// Metrics with the same fully-qualified name must have the same Help
 	// string.
 	Help string
 
-	// ConstLabels are used to attach fixed labels to this
-	// Histogram. Histograms with the same fully-qualified name must have the
-	// same label names in their ConstLabels.
+	// ConstLabels are used to attach fixed labels to this metric. Metrics
+	// with the same fully-qualified name must have the same label names in
+	// their ConstLabels.
 	//
-	// Note that in most cases, labels have a value that varies during the
-	// lifetime of a process. Those labels are usually managed with a
-	// HistogramVec. ConstLabels serve only special purposes. One is for the
-	// special case where the value of a label does not change during the
-	// lifetime of a process, e.g. if the revision of the running binary is
-	// put into a label. Another, more advanced purpose is if more than one
-	// Collector needs to collect Histograms with the same fully-qualified
-	// name. In that case, those Summaries must differ in the values of
-	// their ConstLabels. See the Collector examples.
-	//
-	// If the value of a label never changes (not even between binaries),
-	// that label most likely should not be a label at all (but part of the
-	// metric name).
+	// ConstLabels are only used rarely. In particular, do not use them to
+	// attach the same labels to all your metrics. Those use cases are
+	// better covered by target labels set by the scraping Prometheus
+	// server, or by one specific metric (e.g. a build_info or a
+	// machine_role metric). See also
+	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels
 	ConstLabels Labels
 
 	// Buckets defines the buckets into which observations are counted. Each
@@ -155,6 +152,10 @@ type HistogramOpts struct {
 
 // NewHistogram creates a new Histogram based on the provided HistogramOpts. It
 // panics if the buckets in HistogramOpts are not in strictly increasing order.
+//
+// The returned implementation also implements ExemplarObserver. It is safe to
+// perform the corresponding type assertion. Exemplars are tracked separately
+// for each bucket.
 func NewHistogram(opts HistogramOpts) Histogram {
 	return newHistogram(
 		NewDesc(
@@ -169,7 +170,7 @@ func NewHistogram(opts HistogramOpts) Histogram {
 
 func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogram {
 	if len(desc.variableLabels) != len(labelValues) {
-		panic(errInconsistentCardinality)
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, labelValues))
 	}
 
 	for _, n := range desc.variableLabels {
@@ -191,6 +192,8 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 		desc:        desc,
 		upperBounds: opts.Buckets,
 		labelPairs:  makeLabelPairs(desc, labelValues),
+		counts:      [2]*histogramCounts{{}, {}},
+		now:         time.Now,
 	}
 	for i, upperBound := range h.upperBounds {
 		if i < len(h.upperBounds)-1 {
@@ -207,30 +210,60 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 			}
 		}
 	}
-	// Finally we know the final length of h.upperBounds and can make counts.
-	h.counts = make([]uint64, len(h.upperBounds))
+	// Finally we know the final length of h.upperBounds and can make buckets
+	// for both counts as well as exemplars:
+	h.counts[0].buckets = make([]uint64, len(h.upperBounds))
+	h.counts[1].buckets = make([]uint64, len(h.upperBounds))
+	h.exemplars = make([]atomic.Value, len(h.upperBounds)+1)
 
 	h.init(h) // Init self-collection.
 	return h
 }
 
-type histogram struct {
+type histogramCounts struct {
 	// sumBits contains the bits of the float64 representing the sum of all
 	// observations. sumBits and count have to go first in the struct to
 	// guarantee alignment for atomic operations.
 	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
 	sumBits uint64
 	count   uint64
+	buckets []uint64
+}
+
+type histogram struct {
+	// countAndHotIdx enables lock-free writes with use of atomic updates.
+	// The most significant bit is the hot index [0 or 1] of the count field
+	// below. Observe calls update the hot one. All remaining bits count the
+	// number of Observe calls. Observe starts by incrementing this counter,
+	// and finish by incrementing the count field in the respective
+	// histogramCounts, as a marker for completion.
+	//
+	// Calls of the Write method (which are non-mutating reads from the
+	// perspective of the histogram) swap the hot–cold under the writeMtx
+	// lock. A cooldown is awaited (while locked) by comparing the number of
+	// observations with the initiation count. Once they match, then the
+	// last observation on the now cool one has completed. All cool fields must
+	// be merged into the new hot before releasing writeMtx.
+	//
+	// Fields with atomic access first! See alignment constraint:
+	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
+	countAndHotIdx uint64
 
 	selfCollector
-	// Note that there is no mutex required.
+	desc     *Desc
+	writeMtx sync.Mutex // Only used in the Write method.
 
-	desc *Desc
+	// Two counts, one is "hot" for lock-free observations, the other is
+	// "cold" for writing out a dto.Metric. It has to be an array of
+	// pointers to guarantee 64bit alignment of the histogramCounts, see
+	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG.
+	counts [2]*histogramCounts
 
 	upperBounds []float64
-	counts      []uint64
+	labelPairs  []*dto.LabelPair
+	exemplars   []atomic.Value // One more than buckets (to include +Inf), each a *dto.Exemplar.
 
-	labelPairs []*dto.LabelPair
+	now func() time.Time // To mock out time.Now() for testing.
 }
 
 func (h *histogram) Desc() *Desc {
@@ -238,6 +271,89 @@ func (h *histogram) Desc() *Desc {
 }
 
 func (h *histogram) Observe(v float64) {
+	h.observe(v, h.findBucket(v))
+}
+
+func (h *histogram) ObserveWithExemplar(v float64, e Labels) {
+	i := h.findBucket(v)
+	h.observe(v, i)
+	h.updateExemplar(v, i, e)
+}
+
+func (h *histogram) Write(out *dto.Metric) error {
+	// For simplicity, we protect this whole method by a mutex. It is not in
+	// the hot path, i.e. Observe is called much more often than Write. The
+	// complication of making Write lock-free isn't worth it, if possible at
+	// all.
+	h.writeMtx.Lock()
+	defer h.writeMtx.Unlock()
+
+	// Adding 1<<63 switches the hot index (from 0 to 1 or from 1 to 0)
+	// without touching the count bits. See the struct comments for a full
+	// description of the algorithm.
+	n := atomic.AddUint64(&h.countAndHotIdx, 1<<63)
+	// count is contained unchanged in the lower 63 bits.
+	count := n & ((1 << 63) - 1)
+	// The most significant bit tells us which counts is hot. The complement
+	// is thus the cold one.
+	hotCounts := h.counts[n>>63]
+	coldCounts := h.counts[(^n)>>63]
+
+	// Await cooldown.
+	for count != atomic.LoadUint64(&coldCounts.count) {
+		runtime.Gosched() // Let observations get work done.
+	}
+
+	his := &dto.Histogram{
+		Bucket:      make([]*dto.Bucket, len(h.upperBounds)),
+		SampleCount: proto.Uint64(count),
+		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+	}
+	var cumCount uint64
+	for i, upperBound := range h.upperBounds {
+		cumCount += atomic.LoadUint64(&coldCounts.buckets[i])
+		his.Bucket[i] = &dto.Bucket{
+			CumulativeCount: proto.Uint64(cumCount),
+			UpperBound:      proto.Float64(upperBound),
+		}
+		if e := h.exemplars[i].Load(); e != nil {
+			his.Bucket[i].Exemplar = e.(*dto.Exemplar)
+		}
+	}
+	// If there is an exemplar for the +Inf bucket, we have to add that bucket explicitly.
+	if e := h.exemplars[len(h.upperBounds)].Load(); e != nil {
+		b := &dto.Bucket{
+			CumulativeCount: proto.Uint64(count),
+			UpperBound:      proto.Float64(math.Inf(1)),
+			Exemplar:        e.(*dto.Exemplar),
+		}
+		his.Bucket = append(his.Bucket, b)
+	}
+
+	out.Histogram = his
+	out.Label = h.labelPairs
+
+	// Finally add all the cold counts to the new hot counts and reset the cold counts.
+	atomic.AddUint64(&hotCounts.count, count)
+	atomic.StoreUint64(&coldCounts.count, 0)
+	for {
+		oldBits := atomic.LoadUint64(&hotCounts.sumBits)
+		newBits := math.Float64bits(math.Float64frombits(oldBits) + his.GetSampleSum())
+		if atomic.CompareAndSwapUint64(&hotCounts.sumBits, oldBits, newBits) {
+			atomic.StoreUint64(&coldCounts.sumBits, 0)
+			break
+		}
+	}
+	for i := range h.upperBounds {
+		atomic.AddUint64(&hotCounts.buckets[i], atomic.LoadUint64(&coldCounts.buckets[i]))
+		atomic.StoreUint64(&coldCounts.buckets[i], 0)
+	}
+	return nil
+}
+
+// findBucket returns the index of the bucket for the provided value, or
+// len(h.upperBounds) for the +Inf bucket.
+func (h *histogram) findBucket(v float64) int {
 	// TODO(beorn7): For small numbers of buckets (<30), a linear search is
 	// slightly faster than the binary search. If we really care, we could
 	// switch from one search strategy to the other depending on the number
@@ -247,38 +363,43 @@ func (h *histogram) Observe(v float64) {
 	// 11 buckets: 38.3 ns/op linear - binary 48.7 ns/op
 	// 100 buckets: 78.1 ns/op linear - binary 54.9 ns/op
 	// 300 buckets: 154 ns/op linear - binary 61.6 ns/op
-	i := sort.SearchFloat64s(h.upperBounds, v)
-	if i < len(h.counts) {
-		atomic.AddUint64(&h.counts[i], 1)
+	return sort.SearchFloat64s(h.upperBounds, v)
+}
+
+// observe is the implementation for Observe without the findBucket part.
+func (h *histogram) observe(v float64, bucket int) {
+	// We increment h.countAndHotIdx so that the counter in the lower
+	// 63 bits gets incremented. At the same time, we get the new value
+	// back, which we can use to find the currently-hot counts.
+	n := atomic.AddUint64(&h.countAndHotIdx, 1)
+	hotCounts := h.counts[n>>63]
+
+	if bucket < len(h.upperBounds) {
+		atomic.AddUint64(&hotCounts.buckets[bucket], 1)
 	}
-	atomic.AddUint64(&h.count, 1)
 	for {
-		oldBits := atomic.LoadUint64(&h.sumBits)
+		oldBits := atomic.LoadUint64(&hotCounts.sumBits)
 		newBits := math.Float64bits(math.Float64frombits(oldBits) + v)
-		if atomic.CompareAndSwapUint64(&h.sumBits, oldBits, newBits) {
+		if atomic.CompareAndSwapUint64(&hotCounts.sumBits, oldBits, newBits) {
 			break
 		}
 	}
+	// Increment count last as we take it as a signal that the observation
+	// is complete.
+	atomic.AddUint64(&hotCounts.count, 1)
 }
 
-func (h *histogram) Write(out *dto.Metric) error {
-	his := &dto.Histogram{}
-	buckets := make([]*dto.Bucket, len(h.upperBounds))
-
-	his.SampleSum = proto.Float64(math.Float64frombits(atomic.LoadUint64(&h.sumBits)))
-	his.SampleCount = proto.Uint64(atomic.LoadUint64(&h.count))
-	var count uint64
-	for i, upperBound := range h.upperBounds {
-		count += atomic.LoadUint64(&h.counts[i])
-		buckets[i] = &dto.Bucket{
-			CumulativeCount: proto.Uint64(count),
-			UpperBound:      proto.Float64(upperBound),
-		}
+// updateExemplar replaces the exemplar for the provided bucket. With empty
+// labels, it's a no-op. It panics if any of the labels is invalid.
+func (h *histogram) updateExemplar(v float64, bucket int, l Labels) {
+	if l == nil {
+		return
 	}
-	his.Bucket = buckets
-	out.Histogram = his
-	out.Label = h.labelPairs
-	return nil
+	e, err := newExemplar(v, h.now(), l)
+	if err != nil {
+		panic(err)
+	}
+	h.exemplars[bucket].Store(e)
 }
 
 // HistogramVec is a Collector that bundles a set of Histograms that all share the
@@ -287,12 +408,11 @@ func (h *histogram) Write(out *dto.Metric) error {
 // (e.g. HTTP request latencies, partitioned by status code and method). Create
 // instances with NewHistogramVec.
 type HistogramVec struct {
-	*MetricVec
+	*metricVec
 }
 
 // NewHistogramVec creates a new HistogramVec based on the provided HistogramOpts and
-// partitioned by the given label names. At least one label name must be
-// provided.
+// partitioned by the given label names.
 func NewHistogramVec(opts HistogramOpts, labelNames []string) *HistogramVec {
 	desc := NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
@@ -301,47 +421,116 @@ func NewHistogramVec(opts HistogramOpts, labelNames []string) *HistogramVec {
 		opts.ConstLabels,
 	)
 	return &HistogramVec{
-		MetricVec: newMetricVec(desc, func(lvs ...string) Metric {
+		metricVec: newMetricVec(desc, func(lvs ...string) Metric {
 			return newHistogram(desc, opts, lvs...)
 		}),
 	}
 }
 
-// GetMetricWithLabelValues replaces the method of the same name in
-// MetricVec. The difference is that this method returns a Histogram and not a
-// Metric so that no type conversion is required.
-func (m *HistogramVec) GetMetricWithLabelValues(lvs ...string) (Histogram, error) {
-	metric, err := m.MetricVec.GetMetricWithLabelValues(lvs...)
+// GetMetricWithLabelValues returns the Histogram for the given slice of label
+// values (same order as the VariableLabels in Desc). If that combination of
+// label values is accessed for the first time, a new Histogram is created.
+//
+// It is possible to call this method without using the returned Histogram to only
+// create the new Histogram but leave it at its starting value, a Histogram without
+// any observations.
+//
+// Keeping the Histogram for later use is possible (and should be considered if
+// performance is critical), but keep in mind that Reset, DeleteLabelValues and
+// Delete can be used to delete the Histogram from the HistogramVec. In that case, the
+// Histogram will still exist, but it will not be exported anymore, even if a
+// Histogram with the same label values is created later. See also the CounterVec
+// example.
+//
+// An error is returned if the number of label values is not the same as the
+// number of VariableLabels in Desc (minus any curried labels).
+//
+// Note that for more than one label value, this method is prone to mistakes
+// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
+// an alternative to avoid that type of mistake. For higher label numbers, the
+// latter has a much more readable (albeit more verbose) syntax, but it comes
+// with a performance overhead (for creating and processing the Labels map).
+// See also the GaugeVec example.
+func (v *HistogramVec) GetMetricWithLabelValues(lvs ...string) (Observer, error) {
+	metric, err := v.metricVec.getMetricWithLabelValues(lvs...)
 	if metric != nil {
-		return metric.(Histogram), err
+		return metric.(Observer), err
 	}
 	return nil, err
 }
 
-// GetMetricWith replaces the method of the same name in MetricVec. The
-// difference is that this method returns a Histogram and not a Metric so that no
-// type conversion is required.
-func (m *HistogramVec) GetMetricWith(labels Labels) (Histogram, error) {
-	metric, err := m.MetricVec.GetMetricWith(labels)
+// GetMetricWith returns the Histogram for the given Labels map (the label names
+// must match those of the VariableLabels in Desc). If that label map is
+// accessed for the first time, a new Histogram is created. Implications of
+// creating a Histogram without using it and keeping the Histogram for later use
+// are the same as for GetMetricWithLabelValues.
+//
+// An error is returned if the number and names of the Labels are inconsistent
+// with those of the VariableLabels in Desc (minus any curried labels).
+//
+// This method is used for the same purpose as
+// GetMetricWithLabelValues(...string). See there for pros and cons of the two
+// methods.
+func (v *HistogramVec) GetMetricWith(labels Labels) (Observer, error) {
+	metric, err := v.metricVec.getMetricWith(labels)
 	if metric != nil {
-		return metric.(Histogram), err
+		return metric.(Observer), err
 	}
 	return nil, err
 }
 
 // WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. By not returning an
-// error, WithLabelValues allows shortcuts like
+// GetMetricWithLabelValues would have returned an error. Not returning an
+// error allows shortcuts like
 //     myVec.WithLabelValues("404", "GET").Observe(42.21)
-func (m *HistogramVec) WithLabelValues(lvs ...string) Histogram {
-	return m.MetricVec.WithLabelValues(lvs...).(Histogram)
+func (v *HistogramVec) WithLabelValues(lvs ...string) Observer {
+	h, err := v.GetMetricWithLabelValues(lvs...)
+	if err != nil {
+		panic(err)
+	}
+	return h
+}
+
+// With works as GetMetricWith but panics where GetMetricWithLabels would have
+// returned an error. Not returning an error allows shortcuts like
+//     myVec.With(prometheus.Labels{"code": "404", "method": "GET"}).Observe(42.21)
+func (v *HistogramVec) With(labels Labels) Observer {
+	h, err := v.GetMetricWith(labels)
+	if err != nil {
+		panic(err)
+	}
+	return h
 }
 
-// With works as GetMetricWith, but panics where GetMetricWithLabels would have
-// returned an error. By not returning an error, With allows shortcuts like
-//     myVec.With(Labels{"code": "404", "method": "GET"}).Observe(42.21)
-func (m *HistogramVec) With(labels Labels) Histogram {
-	return m.MetricVec.With(labels).(Histogram)
+// CurryWith returns a vector curried with the provided labels, i.e. the
+// returned vector has those labels pre-set for all labeled operations performed
+// on it. The cardinality of the curried vector is reduced accordingly. The
+// order of the remaining labels stays the same (just with the curried labels
+// taken out of the sequence – which is relevant for the
+// (GetMetric)WithLabelValues methods). It is possible to curry a curried
+// vector, but only with labels not yet used for currying before.
+//
+// The metrics contained in the HistogramVec are shared between the curried and
+// uncurried vectors. They are just accessed differently. Curried and uncurried
+// vectors behave identically in terms of collection. Only one must be
+// registered with a given registry (usually the uncurried version). The Reset
+// method deletes all metrics, even if called on a curried vector.
+func (v *HistogramVec) CurryWith(labels Labels) (ObserverVec, error) {
+	vec, err := v.curryWith(labels)
+	if vec != nil {
+		return &HistogramVec{vec}, err
+	}
+	return nil, err
+}
+
+// MustCurryWith works as CurryWith but panics where CurryWith would have
+// returned an error.
+func (v *HistogramVec) MustCurryWith(labels Labels) ObserverVec {
+	vec, err := v.CurryWith(labels)
+	if err != nil {
+		panic(err)
+	}
+	return vec
 }
 
 type constHistogram struct {
@@ -393,7 +582,7 @@ func (h *constHistogram) Write(out *dto.Metric) error {
 // bucket.
 //
 // NewConstHistogram returns an error if the length of labelValues is not
-// consistent with the variable labels in Desc.
+// consistent with the variable labels in Desc or if Desc is invalid.
 func NewConstHistogram(
 	desc *Desc,
 	count uint64,
@@ -401,8 +590,11 @@ func NewConstHistogram(
 	buckets map[float64]uint64,
 	labelValues ...string,
 ) (Metric, error) {
-	if len(desc.variableLabels) != len(labelValues) {
-		return nil, errInconsistentCardinality
+	if desc.err != nil {
+		return nil, desc.err
+	}
+	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+		return nil, err
 	}
 	return &constHistogram{
 		desc:       desc,
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/http.go b/vendor/github.com/prometheus/client_golang/prometheus/http.go
deleted file mode 100644
index 67ee5ac794c27..0000000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/http.go
+++ /dev/null
@@ -1,490 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"bufio"
-	"bytes"
-	"compress/gzip"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/prometheus/common/expfmt"
-)
-
-// TODO(beorn7): Remove this whole file. It is a partial mirror of
-// promhttp/http.go (to avoid circular import chains) where everything HTTP
-// related should live. The functions here are just for avoiding
-// breakage. Everything is deprecated.
-
-const (
-	contentTypeHeader     = "Content-Type"
-	contentLengthHeader   = "Content-Length"
-	contentEncodingHeader = "Content-Encoding"
-	acceptEncodingHeader  = "Accept-Encoding"
-)
-
-var bufPool sync.Pool
-
-func getBuf() *bytes.Buffer {
-	buf := bufPool.Get()
-	if buf == nil {
-		return &bytes.Buffer{}
-	}
-	return buf.(*bytes.Buffer)
-}
-
-func giveBuf(buf *bytes.Buffer) {
-	buf.Reset()
-	bufPool.Put(buf)
-}
-
-// Handler returns an HTTP handler for the DefaultGatherer. It is
-// already instrumented with InstrumentHandler (using "prometheus" as handler
-// name).
-//
-// Deprecated: Please note the issues described in the doc comment of
-// InstrumentHandler. You might want to consider using promhttp.Handler instead
-// (which is non instrumented).
-func Handler() http.Handler {
-	return InstrumentHandler("prometheus", UninstrumentedHandler())
-}
-
-// UninstrumentedHandler returns an HTTP handler for the DefaultGatherer.
-//
-// Deprecated: Use promhttp.Handler instead. See there for further documentation.
-func UninstrumentedHandler() http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		mfs, err := DefaultGatherer.Gather()
-		if err != nil {
-			http.Error(w, "An error has occurred during metrics collection:\n\n"+err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		contentType := expfmt.Negotiate(req.Header)
-		buf := getBuf()
-		defer giveBuf(buf)
-		writer, encoding := decorateWriter(req, buf)
-		enc := expfmt.NewEncoder(writer, contentType)
-		var lastErr error
-		for _, mf := range mfs {
-			if err := enc.Encode(mf); err != nil {
-				lastErr = err
-				http.Error(w, "An error has occurred during metrics encoding:\n\n"+err.Error(), http.StatusInternalServerError)
-				return
-			}
-		}
-		if closer, ok := writer.(io.Closer); ok {
-			closer.Close()
-		}
-		if lastErr != nil && buf.Len() == 0 {
-			http.Error(w, "No metrics encoded, last error:\n\n"+err.Error(), http.StatusInternalServerError)
-			return
-		}
-		header := w.Header()
-		header.Set(contentTypeHeader, string(contentType))
-		header.Set(contentLengthHeader, fmt.Sprint(buf.Len()))
-		if encoding != "" {
-			header.Set(contentEncodingHeader, encoding)
-		}
-		w.Write(buf.Bytes())
-	})
-}
-
-// decorateWriter wraps a writer to handle gzip compression if requested.  It
-// returns the decorated writer and the appropriate "Content-Encoding" header
-// (which is empty if no compression is enabled).
-func decorateWriter(request *http.Request, writer io.Writer) (io.Writer, string) {
-	header := request.Header.Get(acceptEncodingHeader)
-	parts := strings.Split(header, ",")
-	for _, part := range parts {
-		part := strings.TrimSpace(part)
-		if part == "gzip" || strings.HasPrefix(part, "gzip;") {
-			return gzip.NewWriter(writer), "gzip"
-		}
-	}
-	return writer, ""
-}
-
-var instLabels = []string{"method", "code"}
-
-type nower interface {
-	Now() time.Time
-}
-
-type nowFunc func() time.Time
-
-func (n nowFunc) Now() time.Time {
-	return n()
-}
-
-var now nower = nowFunc(func() time.Time {
-	return time.Now()
-})
-
-func nowSeries(t ...time.Time) nower {
-	return nowFunc(func() time.Time {
-		defer func() {
-			t = t[1:]
-		}()
-
-		return t[0]
-	})
-}
-
-// InstrumentHandler wraps the given HTTP handler for instrumentation. It
-// registers four metric collectors (if not already done) and reports HTTP
-// metrics to the (newly or already) registered collectors: http_requests_total
-// (CounterVec), http_request_duration_microseconds (Summary),
-// http_request_size_bytes (Summary), http_response_size_bytes (Summary). Each
-// has a constant label named "handler" with the provided handlerName as
-// value. http_requests_total is a metric vector partitioned by HTTP method
-// (label name "method") and HTTP status code (label name "code").
-//
-// Deprecated: InstrumentHandler has several issues:
-//
-// - It uses Summaries rather than Histograms. Summaries are not useful if
-// aggregation across multiple instances is required.
-//
-// - It uses microseconds as unit, which is deprecated and should be replaced by
-// seconds.
-//
-// - The size of the request is calculated in a separate goroutine. Since this
-// calculator requires access to the request header, it creates a race with
-// any writes to the header performed during request handling.
-// httputil.ReverseProxy is a prominent example for a handler
-// performing such writes.
-//
-// Upcoming versions of this package will provide ways of instrumenting HTTP
-// handlers that are more flexible and have fewer issues. Please prefer direct
-// instrumentation in the meantime.
-func InstrumentHandler(handlerName string, handler http.Handler) http.HandlerFunc {
-	return InstrumentHandlerFunc(handlerName, handler.ServeHTTP)
-}
-
-// InstrumentHandlerFunc wraps the given function for instrumentation. It
-// otherwise works in the same way as InstrumentHandler (and shares the same
-// issues).
-//
-// Deprecated: InstrumentHandlerFunc is deprecated for the same reasons as
-// InstrumentHandler is.
-func InstrumentHandlerFunc(handlerName string, handlerFunc func(http.ResponseWriter, *http.Request)) http.HandlerFunc {
-	return InstrumentHandlerFuncWithOpts(
-		SummaryOpts{
-			Subsystem:   "http",
-			ConstLabels: Labels{"handler": handlerName},
-		},
-		handlerFunc,
-	)
-}
-
-// InstrumentHandlerWithOpts works like InstrumentHandler (and shares the same
-// issues) but provides more flexibility (at the cost of a more complex call
-// syntax). As InstrumentHandler, this function registers four metric
-// collectors, but it uses the provided SummaryOpts to create them. However, the
-// fields "Name" and "Help" in the SummaryOpts are ignored. "Name" is replaced
-// by "requests_total", "request_duration_microseconds", "request_size_bytes",
-// and "response_size_bytes", respectively. "Help" is replaced by an appropriate
-// help string. The names of the variable labels of the http_requests_total
-// CounterVec are "method" (get, post, etc.), and "code" (HTTP status code).
-//
-// If InstrumentHandlerWithOpts is called as follows, it mimics exactly the
-// behavior of InstrumentHandler:
-//
-//     prometheus.InstrumentHandlerWithOpts(
-//         prometheus.SummaryOpts{
-//              Subsystem:   "http",
-//              ConstLabels: prometheus.Labels{"handler": handlerName},
-//         },
-//         handler,
-//     )
-//
-// Technical detail: "requests_total" is a CounterVec, not a SummaryVec, so it
-// cannot use SummaryOpts. Instead, a CounterOpts struct is created internally,
-// and all its fields are set to the equally named fields in the provided
-// SummaryOpts.
-//
-// Deprecated: InstrumentHandlerWithOpts is deprecated for the same reasons as
-// InstrumentHandler is.
-func InstrumentHandlerWithOpts(opts SummaryOpts, handler http.Handler) http.HandlerFunc {
-	return InstrumentHandlerFuncWithOpts(opts, handler.ServeHTTP)
-}
-
-// InstrumentHandlerFuncWithOpts works like InstrumentHandlerFunc (and shares
-// the same issues) but provides more flexibility (at the cost of a more complex
-// call syntax). See InstrumentHandlerWithOpts for details how the provided
-// SummaryOpts are used.
-//
-// Deprecated: InstrumentHandlerFuncWithOpts is deprecated for the same reasons
-// as InstrumentHandler is.
-func InstrumentHandlerFuncWithOpts(opts SummaryOpts, handlerFunc func(http.ResponseWriter, *http.Request)) http.HandlerFunc {
-	reqCnt := NewCounterVec(
-		CounterOpts{
-			Namespace:   opts.Namespace,
-			Subsystem:   opts.Subsystem,
-			Name:        "requests_total",
-			Help:        "Total number of HTTP requests made.",
-			ConstLabels: opts.ConstLabels,
-		},
-		instLabels,
-	)
-
-	opts.Name = "request_duration_microseconds"
-	opts.Help = "The HTTP request latencies in microseconds."
-	reqDur := NewSummary(opts)
-
-	opts.Name = "request_size_bytes"
-	opts.Help = "The HTTP request sizes in bytes."
-	reqSz := NewSummary(opts)
-
-	opts.Name = "response_size_bytes"
-	opts.Help = "The HTTP response sizes in bytes."
-	resSz := NewSummary(opts)
-
-	regReqCnt := MustRegisterOrGet(reqCnt).(*CounterVec)
-	regReqDur := MustRegisterOrGet(reqDur).(Summary)
-	regReqSz := MustRegisterOrGet(reqSz).(Summary)
-	regResSz := MustRegisterOrGet(resSz).(Summary)
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		now := time.Now()
-
-		delegate := &responseWriterDelegator{ResponseWriter: w}
-		out := make(chan int)
-		urlLen := 0
-		if r.URL != nil {
-			urlLen = len(r.URL.String())
-		}
-		go computeApproximateRequestSize(r, out, urlLen)
-
-		_, cn := w.(http.CloseNotifier)
-		_, fl := w.(http.Flusher)
-		_, hj := w.(http.Hijacker)
-		_, rf := w.(io.ReaderFrom)
-		var rw http.ResponseWriter
-		if cn && fl && hj && rf {
-			rw = &fancyResponseWriterDelegator{delegate}
-		} else {
-			rw = delegate
-		}
-		handlerFunc(rw, r)
-
-		elapsed := float64(time.Since(now)) / float64(time.Microsecond)
-
-		method := sanitizeMethod(r.Method)
-		code := sanitizeCode(delegate.status)
-		regReqCnt.WithLabelValues(method, code).Inc()
-		regReqDur.Observe(elapsed)
-		regResSz.Observe(float64(delegate.written))
-		regReqSz.Observe(float64(<-out))
-	})
-}
-
-func computeApproximateRequestSize(r *http.Request, out chan int, s int) {
-	s += len(r.Method)
-	s += len(r.Proto)
-	for name, values := range r.Header {
-		s += len(name)
-		for _, value := range values {
-			s += len(value)
-		}
-	}
-	s += len(r.Host)
-
-	// N.B. r.Form and r.MultipartForm are assumed to be included in r.URL.
-
-	if r.ContentLength != -1 {
-		s += int(r.ContentLength)
-	}
-	out <- s
-}
-
-type responseWriterDelegator struct {
-	http.ResponseWriter
-
-	handler, method string
-	status          int
-	written         int64
-	wroteHeader     bool
-}
-
-func (r *responseWriterDelegator) WriteHeader(code int) {
-	r.status = code
-	r.wroteHeader = true
-	r.ResponseWriter.WriteHeader(code)
-}
-
-func (r *responseWriterDelegator) Write(b []byte) (int, error) {
-	if !r.wroteHeader {
-		r.WriteHeader(http.StatusOK)
-	}
-	n, err := r.ResponseWriter.Write(b)
-	r.written += int64(n)
-	return n, err
-}
-
-type fancyResponseWriterDelegator struct {
-	*responseWriterDelegator
-}
-
-func (f *fancyResponseWriterDelegator) CloseNotify() <-chan bool {
-	return f.ResponseWriter.(http.CloseNotifier).CloseNotify()
-}
-
-func (f *fancyResponseWriterDelegator) Flush() {
-	f.ResponseWriter.(http.Flusher).Flush()
-}
-
-func (f *fancyResponseWriterDelegator) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	return f.ResponseWriter.(http.Hijacker).Hijack()
-}
-
-func (f *fancyResponseWriterDelegator) ReadFrom(r io.Reader) (int64, error) {
-	if !f.wroteHeader {
-		f.WriteHeader(http.StatusOK)
-	}
-	n, err := f.ResponseWriter.(io.ReaderFrom).ReadFrom(r)
-	f.written += n
-	return n, err
-}
-
-func sanitizeMethod(m string) string {
-	switch m {
-	case "GET", "get":
-		return "get"
-	case "PUT", "put":
-		return "put"
-	case "HEAD", "head":
-		return "head"
-	case "POST", "post":
-		return "post"
-	case "DELETE", "delete":
-		return "delete"
-	case "CONNECT", "connect":
-		return "connect"
-	case "OPTIONS", "options":
-		return "options"
-	case "NOTIFY", "notify":
-		return "notify"
-	default:
-		return strings.ToLower(m)
-	}
-}
-
-func sanitizeCode(s int) string {
-	switch s {
-	case 100:
-		return "100"
-	case 101:
-		return "101"
-
-	case 200:
-		return "200"
-	case 201:
-		return "201"
-	case 202:
-		return "202"
-	case 203:
-		return "203"
-	case 204:
-		return "204"
-	case 205:
-		return "205"
-	case 206:
-		return "206"
-
-	case 300:
-		return "300"
-	case 301:
-		return "301"
-	case 302:
-		return "302"
-	case 304:
-		return "304"
-	case 305:
-		return "305"
-	case 307:
-		return "307"
-
-	case 400:
-		return "400"
-	case 401:
-		return "401"
-	case 402:
-		return "402"
-	case 403:
-		return "403"
-	case 404:
-		return "404"
-	case 405:
-		return "405"
-	case 406:
-		return "406"
-	case 407:
-		return "407"
-	case 408:
-		return "408"
-	case 409:
-		return "409"
-	case 410:
-		return "410"
-	case 411:
-		return "411"
-	case 412:
-		return "412"
-	case 413:
-		return "413"
-	case 414:
-		return "414"
-	case 415:
-		return "415"
-	case 416:
-		return "416"
-	case 417:
-		return "417"
-	case 418:
-		return "418"
-
-	case 500:
-		return "500"
-	case 501:
-		return "501"
-	case 502:
-		return "502"
-	case 503:
-		return "503"
-	case 504:
-		return "504"
-	case 505:
-		return "505"
-
-	case 428:
-		return "428"
-	case 429:
-		return "429"
-	case 431:
-		return "431"
-	case 511:
-		return "511"
-
-	default:
-		return strconv.Itoa(s)
-	}
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/metric.go
new file mode 100644
index 0000000000000..351c26e1aedb4
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/internal/metric.go
@@ -0,0 +1,85 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal
+
+import (
+	"sort"
+
+	dto "github.com/prometheus/client_model/go"
+)
+
+// metricSorter is a sortable slice of *dto.Metric.
+type metricSorter []*dto.Metric
+
+func (s metricSorter) Len() int {
+	return len(s)
+}
+
+func (s metricSorter) Swap(i, j int) {
+	s[i], s[j] = s[j], s[i]
+}
+
+func (s metricSorter) Less(i, j int) bool {
+	if len(s[i].Label) != len(s[j].Label) {
+		// This should not happen. The metrics are
+		// inconsistent. However, we have to deal with the fact, as
+		// people might use custom collectors or metric family injection
+		// to create inconsistent metrics. So let's simply compare the
+		// number of labels in this case. That will still yield
+		// reproducible sorting.
+		return len(s[i].Label) < len(s[j].Label)
+	}
+	for n, lp := range s[i].Label {
+		vi := lp.GetValue()
+		vj := s[j].Label[n].GetValue()
+		if vi != vj {
+			return vi < vj
+		}
+	}
+
+	// We should never arrive here. Multiple metrics with the same
+	// label set in the same scrape will lead to undefined ingestion
+	// behavior. However, as above, we have to provide stable sorting
+	// here, even for inconsistent metrics. So sort equal metrics
+	// by their timestamp, with missing timestamps (implying "now")
+	// coming last.
+	if s[i].TimestampMs == nil {
+		return false
+	}
+	if s[j].TimestampMs == nil {
+		return true
+	}
+	return s[i].GetTimestampMs() < s[j].GetTimestampMs()
+}
+
+// NormalizeMetricFamilies returns a MetricFamily slice with empty
+// MetricFamilies pruned and the remaining MetricFamilies sorted by name within
+// the slice, with the contained Metrics sorted within each MetricFamily.
+func NormalizeMetricFamilies(metricFamiliesByName map[string]*dto.MetricFamily) []*dto.MetricFamily {
+	for _, mf := range metricFamiliesByName {
+		sort.Sort(metricSorter(mf.Metric))
+	}
+	names := make([]string, 0, len(metricFamiliesByName))
+	for name, mf := range metricFamiliesByName {
+		if len(mf.Metric) > 0 {
+			names = append(names, name)
+		}
+	}
+	sort.Strings(names)
+	result := make([]*dto.MetricFamily, 0, len(names))
+	for _, name := range names {
+		result = append(result, metricFamiliesByName[name])
+	}
+	return result
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/labels.go b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
new file mode 100644
index 0000000000000..2744443ac228b
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
@@ -0,0 +1,87 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package prometheus
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+	"unicode/utf8"
+
+	"github.com/prometheus/common/model"
+)
+
+// Labels represents a collection of label name -> value mappings. This type is
+// commonly used with the With(Labels) and GetMetricWith(Labels) methods of
+// metric vector Collectors, e.g.:
+//     myVec.With(Labels{"code": "404", "method": "GET"}).Add(42)
+//
+// The other use-case is the specification of constant label pairs in Opts or to
+// create a Desc.
+type Labels map[string]string
+
+// reservedLabelPrefix is a prefix which is not legal in user-supplied
+// label names.
+const reservedLabelPrefix = "__"
+
+var errInconsistentCardinality = errors.New("inconsistent label cardinality")
+
+func makeInconsistentCardinalityError(fqName string, labels, labelValues []string) error {
+	return fmt.Errorf(
+		"%s: %q has %d variable labels named %q but %d values %q were provided",
+		errInconsistentCardinality, fqName,
+		len(labels), labels,
+		len(labelValues), labelValues,
+	)
+}
+
+func validateValuesInLabels(labels Labels, expectedNumberOfValues int) error {
+	if len(labels) != expectedNumberOfValues {
+		return fmt.Errorf(
+			"%s: expected %d label values but got %d in %#v",
+			errInconsistentCardinality, expectedNumberOfValues,
+			len(labels), labels,
+		)
+	}
+
+	for name, val := range labels {
+		if !utf8.ValidString(val) {
+			return fmt.Errorf("label %s: value %q is not valid UTF-8", name, val)
+		}
+	}
+
+	return nil
+}
+
+func validateLabelValues(vals []string, expectedNumberOfValues int) error {
+	if len(vals) != expectedNumberOfValues {
+		return fmt.Errorf(
+			"%s: expected %d label values but got %d in %#v",
+			errInconsistentCardinality, expectedNumberOfValues,
+			len(vals), vals,
+		)
+	}
+
+	for _, val := range vals {
+		if !utf8.ValidString(val) {
+			return fmt.Errorf("label value %q is not valid UTF-8", val)
+		}
+	}
+
+	return nil
+}
+
+func checkLabelName(l string) bool {
+	return model.LabelName(l).IsValid() && !strings.HasPrefix(l, reservedLabelPrefix)
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
index d4063d98f4172..0df1eff8814fb 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/metric.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
@@ -15,11 +15,15 @@ package prometheus
 
 import (
 	"strings"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/prometheus/common/model"
 
 	dto "github.com/prometheus/client_model/go"
 )
 
-const separatorByte byte = 255
+var separatorByteSlice = []byte{model.SeparatorByte} // For convenient use with xxhash.
 
 // A Metric models a single sample value with its meta data being exported to
 // Prometheus. Implementations of Metric in this package are Gauge, Counter,
@@ -43,9 +47,8 @@ type Metric interface {
 	// While populating dto.Metric, it is the responsibility of the
 	// implementation to ensure validity of the Metric protobuf (like valid
 	// UTF-8 strings or syntactically valid metric and label names). It is
-	// recommended to sort labels lexicographically. (Implementers may find
-	// LabelPairSorter useful for that.) Callers of Write should still make
-	// sure of sorting if they depend on it.
+	// recommended to sort labels lexicographically. Callers of Write should
+	// still make sure of sorting if they depend on it.
 	Write(*dto.Metric) error
 	// TODO(beorn7): The original rationale of passing in a pre-allocated
 	// dto.Metric protobuf to save allocations has disappeared. The
@@ -57,8 +60,9 @@ type Metric interface {
 // implementation XXX has its own XXXOpts type, but in most cases, it is just be
 // an alias of this type (which might change when the requirement arises.)
 //
-// It is mandatory to set Name and Help to a non-empty string. All other fields
-// are optional and can safely be left at their zero value.
+// It is mandatory to set Name to a non-empty string. All other fields are
+// optional and can safely be left at their zero value, although it is strongly
+// encouraged to set a Help string.
 type Opts struct {
 	// Namespace, Subsystem, and Name are components of the fully-qualified
 	// name of the Metric (created by joining these components with
@@ -69,7 +73,7 @@ type Opts struct {
 	Subsystem string
 	Name      string
 
-	// Help provides information about this metric. Mandatory!
+	// Help provides information about this metric.
 	//
 	// Metrics with the same fully-qualified name must have the same Help
 	// string.
@@ -79,20 +83,12 @@ type Opts struct {
 	// with the same fully-qualified name must have the same label names in
 	// their ConstLabels.
 	//
-	// Note that in most cases, labels have a value that varies during the
-	// lifetime of a process. Those labels are usually managed with a metric
-	// vector collector (like CounterVec, GaugeVec, UntypedVec). ConstLabels
-	// serve only special purposes. One is for the special case where the
-	// value of a label does not change during the lifetime of a process,
-	// e.g. if the revision of the running binary is put into a
-	// label. Another, more advanced purpose is if more than one Collector
-	// needs to collect Metrics with the same fully-qualified name. In that
-	// case, those Metrics must differ in the values of their
-	// ConstLabels. See the Collector examples.
-	//
-	// If the value of a label never changes (not even between binaries),
-	// that label most likely should not be a label at all (but part of the
-	// metric name).
+	// ConstLabels are only used rarely. In particular, do not use them to
+	// attach the same labels to all your metrics. Those use cases are
+	// better covered by target labels set by the scraping Prometheus
+	// server, or by one specific metric (e.g. a build_info or a
+	// machine_role metric). See also
+	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels,-not-static-scraped-labels
 	ConstLabels Labels
 }
 
@@ -118,37 +114,22 @@ func BuildFQName(namespace, subsystem, name string) string {
 	return name
 }
 
-// LabelPairSorter implements sort.Interface. It is used to sort a slice of
-// dto.LabelPair pointers. This is useful for implementing the Write method of
-// custom metrics.
-type LabelPairSorter []*dto.LabelPair
+// labelPairSorter implements sort.Interface. It is used to sort a slice of
+// dto.LabelPair pointers.
+type labelPairSorter []*dto.LabelPair
 
-func (s LabelPairSorter) Len() int {
+func (s labelPairSorter) Len() int {
 	return len(s)
 }
 
-func (s LabelPairSorter) Swap(i, j int) {
+func (s labelPairSorter) Swap(i, j int) {
 	s[i], s[j] = s[j], s[i]
 }
 
-func (s LabelPairSorter) Less(i, j int) bool {
+func (s labelPairSorter) Less(i, j int) bool {
 	return s[i].GetName() < s[j].GetName()
 }
 
-type hashSorter []uint64
-
-func (s hashSorter) Len() int {
-	return len(s)
-}
-
-func (s hashSorter) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-func (s hashSorter) Less(i, j int) bool {
-	return s[i] < s[j]
-}
-
 type invalidMetric struct {
 	desc *Desc
 	err  error
@@ -164,3 +145,31 @@ func NewInvalidMetric(desc *Desc, err error) Metric {
 func (m *invalidMetric) Desc() *Desc { return m.desc }
 
 func (m *invalidMetric) Write(*dto.Metric) error { return m.err }
+
+type timestampedMetric struct {
+	Metric
+	t time.Time
+}
+
+func (m timestampedMetric) Write(pb *dto.Metric) error {
+	e := m.Metric.Write(pb)
+	pb.TimestampMs = proto.Int64(m.t.Unix()*1000 + int64(m.t.Nanosecond()/1000000))
+	return e
+}
+
+// NewMetricWithTimestamp returns a new Metric wrapping the provided Metric in a
+// way that it has an explicit timestamp set to the provided Time. This is only
+// useful in rare cases as the timestamp of a Prometheus metric should usually
+// be set by the Prometheus server during scraping. Exceptions include mirroring
+// metrics with given timestamps from other metric
+// sources.
+//
+// NewMetricWithTimestamp works best with MustNewConstMetric,
+// MustNewConstHistogram, and MustNewConstSummary, see example.
+//
+// Currently, the exposition formats used by Prometheus are limited to
+// millisecond resolution. Thus, the provided time will be rounded down to the
+// next full millisecond value.
+func NewMetricWithTimestamp(t time.Time, m Metric) Metric {
+	return timestampedMetric{Metric: m, t: t}
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/observer.go b/vendor/github.com/prometheus/client_golang/prometheus/observer.go
new file mode 100644
index 0000000000000..44128016fd1d5
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/observer.go
@@ -0,0 +1,64 @@
+// Copyright 2017 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package prometheus
+
+// Observer is the interface that wraps the Observe method, which is used by
+// Histogram and Summary to add observations.
+type Observer interface {
+	Observe(float64)
+}
+
+// The ObserverFunc type is an adapter to allow the use of ordinary
+// functions as Observers. If f is a function with the appropriate
+// signature, ObserverFunc(f) is an Observer that calls f.
+//
+// This adapter is usually used in connection with the Timer type, and there are
+// two general use cases:
+//
+// The most common one is to use a Gauge as the Observer for a Timer.
+// See the "Gauge" Timer example.
+//
+// The more advanced use case is to create a function that dynamically decides
+// which Observer to use for observing the duration. See the "Complex" Timer
+// example.
+type ObserverFunc func(float64)
+
+// Observe calls f(value). It implements Observer.
+func (f ObserverFunc) Observe(value float64) {
+	f(value)
+}
+
+// ObserverVec is an interface implemented by `HistogramVec` and `SummaryVec`.
+type ObserverVec interface {
+	GetMetricWith(Labels) (Observer, error)
+	GetMetricWithLabelValues(lvs ...string) (Observer, error)
+	With(Labels) Observer
+	WithLabelValues(...string) Observer
+	CurryWith(Labels) (ObserverVec, error)
+	MustCurryWith(Labels) ObserverVec
+
+	Collector
+}
+
+// ExemplarObserver is implemented by Observers that offer the option of
+// observing a value together with an exemplar. Its ObserveWithExemplar method
+// works like the Observe method of an Observer but also replaces the currently
+// saved exemplar (if any) with a new one, created from the provided value, the
+// current time as timestamp, and the provided Labels. Empty Labels will lead to
+// a valid (label-less) exemplar. But if Labels is nil, the current exemplar is
+// left in place. ObserveWithExemplar panics if any of the provided labels are
+// invalid or if the provided labels contain more than 64 runes in total.
+type ExemplarObserver interface {
+	ObserveWithExemplar(value float64, exemplar Labels)
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
index e31e62e78d0d1..9b809794212d2 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
@@ -13,89 +13,126 @@
 
 package prometheus
 
-import "github.com/prometheus/procfs"
+import (
+	"errors"
+	"os"
+)
 
 type processCollector struct {
-	pid             int
 	collectFn       func(chan<- Metric)
 	pidFn           func() (int, error)
-	cpuTotal        Counter
-	openFDs, maxFDs Gauge
-	vsize, rss      Gauge
-	startTime       Gauge
+	reportErrors    bool
+	cpuTotal        *Desc
+	openFDs, maxFDs *Desc
+	vsize, maxVsize *Desc
+	rss             *Desc
+	startTime       *Desc
 }
 
-// NewProcessCollector returns a collector which exports the current state of
-// process metrics including cpu, memory and file descriptor usage as well as
-// the process start time for the given process id under the given namespace.
-func NewProcessCollector(pid int, namespace string) Collector {
-	return NewProcessCollectorPIDFn(
-		func() (int, error) { return pid, nil },
-		namespace,
-	)
+// ProcessCollectorOpts defines the behavior of a process metrics collector
+// created with NewProcessCollector.
+type ProcessCollectorOpts struct {
+	// PidFn returns the PID of the process the collector collects metrics
+	// for. It is called upon each collection. By default, the PID of the
+	// current process is used, as determined on construction time by
+	// calling os.Getpid().
+	PidFn func() (int, error)
+	// If non-empty, each of the collected metrics is prefixed by the
+	// provided string and an underscore ("_").
+	Namespace string
+	// If true, any error encountered during collection is reported as an
+	// invalid metric (see NewInvalidMetric). Otherwise, errors are ignored
+	// and the collected metrics will be incomplete. (Possibly, no metrics
+	// will be collected at all.) While that's usually not desired, it is
+	// appropriate for the common "mix-in" of process metrics, where process
+	// metrics are nice to have, but failing to collect them should not
+	// disrupt the collection of the remaining metrics.
+	ReportErrors bool
 }
 
-// NewProcessCollectorPIDFn returns a collector which exports the current state
-// of process metrics including cpu, memory and file descriptor usage as well
-// as the process start time under the given namespace. The given pidFn is
-// called on each collect and is used to determine the process to export
-// metrics for.
-func NewProcessCollectorPIDFn(
-	pidFn func() (int, error),
-	namespace string,
-) Collector {
-	c := processCollector{
-		pidFn:     pidFn,
-		collectFn: func(chan<- Metric) {},
+// NewProcessCollector returns a collector which exports the current state of
+// process metrics including CPU, memory and file descriptor usage as well as
+// the process start time. The detailed behavior is defined by the provided
+// ProcessCollectorOpts. The zero value of ProcessCollectorOpts creates a
+// collector for the current process with an empty namespace string and no error
+// reporting.
+//
+// The collector only works on operating systems with a Linux-style proc
+// filesystem and on Microsoft Windows. On other operating systems, it will not
+// collect any metrics.
+func NewProcessCollector(opts ProcessCollectorOpts) Collector {
+	ns := ""
+	if len(opts.Namespace) > 0 {
+		ns = opts.Namespace + "_"
+	}
 
-		cpuTotal: NewCounter(CounterOpts{
-			Namespace: namespace,
-			Name:      "process_cpu_seconds_total",
-			Help:      "Total user and system CPU time spent in seconds.",
-		}),
-		openFDs: NewGauge(GaugeOpts{
-			Namespace: namespace,
-			Name:      "process_open_fds",
-			Help:      "Number of open file descriptors.",
-		}),
-		maxFDs: NewGauge(GaugeOpts{
-			Namespace: namespace,
-			Name:      "process_max_fds",
-			Help:      "Maximum number of open file descriptors.",
-		}),
-		vsize: NewGauge(GaugeOpts{
-			Namespace: namespace,
-			Name:      "process_virtual_memory_bytes",
-			Help:      "Virtual memory size in bytes.",
-		}),
-		rss: NewGauge(GaugeOpts{
-			Namespace: namespace,
-			Name:      "process_resident_memory_bytes",
-			Help:      "Resident memory size in bytes.",
-		}),
-		startTime: NewGauge(GaugeOpts{
-			Namespace: namespace,
-			Name:      "process_start_time_seconds",
-			Help:      "Start time of the process since unix epoch in seconds.",
-		}),
+	c := &processCollector{
+		reportErrors: opts.ReportErrors,
+		cpuTotal: NewDesc(
+			ns+"process_cpu_seconds_total",
+			"Total user and system CPU time spent in seconds.",
+			nil, nil,
+		),
+		openFDs: NewDesc(
+			ns+"process_open_fds",
+			"Number of open file descriptors.",
+			nil, nil,
+		),
+		maxFDs: NewDesc(
+			ns+"process_max_fds",
+			"Maximum number of open file descriptors.",
+			nil, nil,
+		),
+		vsize: NewDesc(
+			ns+"process_virtual_memory_bytes",
+			"Virtual memory size in bytes.",
+			nil, nil,
+		),
+		maxVsize: NewDesc(
+			ns+"process_virtual_memory_max_bytes",
+			"Maximum amount of virtual memory available in bytes.",
+			nil, nil,
+		),
+		rss: NewDesc(
+			ns+"process_resident_memory_bytes",
+			"Resident memory size in bytes.",
+			nil, nil,
+		),
+		startTime: NewDesc(
+			ns+"process_start_time_seconds",
+			"Start time of the process since unix epoch in seconds.",
+			nil, nil,
+		),
+	}
+
+	if opts.PidFn == nil {
+		pid := os.Getpid()
+		c.pidFn = func() (int, error) { return pid, nil }
+	} else {
+		c.pidFn = opts.PidFn
 	}
 
 	// Set up process metric collection if supported by the runtime.
-	if _, err := procfs.NewStat(); err == nil {
+	if canCollectProcess() {
 		c.collectFn = c.processCollect
+	} else {
+		c.collectFn = func(ch chan<- Metric) {
+			c.reportError(ch, nil, errors.New("process metrics not supported on this platform"))
+		}
 	}
 
-	return &c
+	return c
 }
 
 // Describe returns all descriptions of the collector.
 func (c *processCollector) Describe(ch chan<- *Desc) {
-	ch <- c.cpuTotal.Desc()
-	ch <- c.openFDs.Desc()
-	ch <- c.maxFDs.Desc()
-	ch <- c.vsize.Desc()
-	ch <- c.rss.Desc()
-	ch <- c.startTime.Desc()
+	ch <- c.cpuTotal
+	ch <- c.openFDs
+	ch <- c.maxFDs
+	ch <- c.vsize
+	ch <- c.maxVsize
+	ch <- c.rss
+	ch <- c.startTime
 }
 
 // Collect returns the current state of all metrics of the collector.
@@ -103,40 +140,12 @@ func (c *processCollector) Collect(ch chan<- Metric) {
 	c.collectFn(ch)
 }
 
-// TODO(ts): Bring back error reporting by reverting 7faf9e7 as soon as the
-// client allows users to configure the error behavior.
-func (c *processCollector) processCollect(ch chan<- Metric) {
-	pid, err := c.pidFn()
-	if err != nil {
+func (c *processCollector) reportError(ch chan<- Metric, desc *Desc, err error) {
+	if !c.reportErrors {
 		return
 	}
-
-	p, err := procfs.NewProc(pid)
-	if err != nil {
-		return
-	}
-
-	if stat, err := p.NewStat(); err == nil {
-		c.cpuTotal.Set(stat.CPUTime())
-		ch <- c.cpuTotal
-		c.vsize.Set(float64(stat.VirtualMemory()))
-		ch <- c.vsize
-		c.rss.Set(float64(stat.ResidentMemory()))
-		ch <- c.rss
-
-		if startTime, err := stat.StartTime(); err == nil {
-			c.startTime.Set(startTime)
-			ch <- c.startTime
-		}
-	}
-
-	if fds, err := p.FileDescriptorsLen(); err == nil {
-		c.openFDs.Set(float64(fds))
-		ch <- c.openFDs
-	}
-
-	if limits, err := p.NewLimits(); err == nil {
-		c.maxFDs.Set(float64(limits.OpenFiles))
-		ch <- c.maxFDs
+	if desc == nil {
+		desc = NewInvalidDesc(err)
 	}
+	ch <- NewInvalidMetric(desc, err)
 }
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
new file mode 100644
index 0000000000000..3117461cde758
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
@@ -0,0 +1,65 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !windows
+
+package prometheus
+
+import (
+	"github.com/prometheus/procfs"
+)
+
+func canCollectProcess() bool {
+	_, err := procfs.NewDefaultFS()
+	return err == nil
+}
+
+func (c *processCollector) processCollect(ch chan<- Metric) {
+	pid, err := c.pidFn()
+	if err != nil {
+		c.reportError(ch, nil, err)
+		return
+	}
+
+	p, err := procfs.NewProc(pid)
+	if err != nil {
+		c.reportError(ch, nil, err)
+		return
+	}
+
+	if stat, err := p.Stat(); err == nil {
+		ch <- MustNewConstMetric(c.cpuTotal, CounterValue, stat.CPUTime())
+		ch <- MustNewConstMetric(c.vsize, GaugeValue, float64(stat.VirtualMemory()))
+		ch <- MustNewConstMetric(c.rss, GaugeValue, float64(stat.ResidentMemory()))
+		if startTime, err := stat.StartTime(); err == nil {
+			ch <- MustNewConstMetric(c.startTime, GaugeValue, startTime)
+		} else {
+			c.reportError(ch, c.startTime, err)
+		}
+	} else {
+		c.reportError(ch, nil, err)
+	}
+
+	if fds, err := p.FileDescriptorsLen(); err == nil {
+		ch <- MustNewConstMetric(c.openFDs, GaugeValue, float64(fds))
+	} else {
+		c.reportError(ch, c.openFDs, err)
+	}
+
+	if limits, err := p.Limits(); err == nil {
+		ch <- MustNewConstMetric(c.maxFDs, GaugeValue, float64(limits.OpenFiles))
+		ch <- MustNewConstMetric(c.maxVsize, GaugeValue, float64(limits.AddressSpace))
+	} else {
+		c.reportError(ch, nil, err)
+	}
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go
new file mode 100644
index 0000000000000..f973398df2d4a
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go
@@ -0,0 +1,116 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package prometheus
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+func canCollectProcess() bool {
+	return true
+}
+
+var (
+	modpsapi    = syscall.NewLazyDLL("psapi.dll")
+	modkernel32 = syscall.NewLazyDLL("kernel32.dll")
+
+	procGetProcessMemoryInfo  = modpsapi.NewProc("GetProcessMemoryInfo")
+	procGetProcessHandleCount = modkernel32.NewProc("GetProcessHandleCount")
+)
+
+type processMemoryCounters struct {
+	// System interface description
+	// https://docs.microsoft.com/en-us/windows/desktop/api/psapi/ns-psapi-process_memory_counters_ex
+
+	// Refer to the Golang internal implementation
+	// https://golang.org/src/internal/syscall/windows/psapi_windows.go
+	_                          uint32
+	PageFaultCount             uint32
+	PeakWorkingSetSize         uintptr
+	WorkingSetSize             uintptr
+	QuotaPeakPagedPoolUsage    uintptr
+	QuotaPagedPoolUsage        uintptr
+	QuotaPeakNonPagedPoolUsage uintptr
+	QuotaNonPagedPoolUsage     uintptr
+	PagefileUsage              uintptr
+	PeakPagefileUsage          uintptr
+	PrivateUsage               uintptr
+}
+
+func getProcessMemoryInfo(handle windows.Handle) (processMemoryCounters, error) {
+	mem := processMemoryCounters{}
+	r1, _, err := procGetProcessMemoryInfo.Call(
+		uintptr(handle),
+		uintptr(unsafe.Pointer(&mem)),
+		uintptr(unsafe.Sizeof(mem)),
+	)
+	if r1 != 1 {
+		return mem, err
+	} else {
+		return mem, nil
+	}
+}
+
+func getProcessHandleCount(handle windows.Handle) (uint32, error) {
+	var count uint32
+	r1, _, err := procGetProcessHandleCount.Call(
+		uintptr(handle),
+		uintptr(unsafe.Pointer(&count)),
+	)
+	if r1 != 1 {
+		return 0, err
+	} else {
+		return count, nil
+	}
+}
+
+func (c *processCollector) processCollect(ch chan<- Metric) {
+	h, err := windows.GetCurrentProcess()
+	if err != nil {
+		c.reportError(ch, nil, err)
+		return
+	}
+
+	var startTime, exitTime, kernelTime, userTime windows.Filetime
+	err = windows.GetProcessTimes(h, &startTime, &exitTime, &kernelTime, &userTime)
+	if err != nil {
+		c.reportError(ch, nil, err)
+		return
+	}
+	ch <- MustNewConstMetric(c.startTime, GaugeValue, float64(startTime.Nanoseconds()/1e9))
+	ch <- MustNewConstMetric(c.cpuTotal, CounterValue, fileTimeToSeconds(kernelTime)+fileTimeToSeconds(userTime))
+
+	mem, err := getProcessMemoryInfo(h)
+	if err != nil {
+		c.reportError(ch, nil, err)
+		return
+	}
+	ch <- MustNewConstMetric(c.vsize, GaugeValue, float64(mem.PrivateUsage))
+	ch <- MustNewConstMetric(c.rss, GaugeValue, float64(mem.WorkingSetSize))
+
+	handles, err := getProcessHandleCount(h)
+	if err != nil {
+		c.reportError(ch, nil, err)
+		return
+	}
+	ch <- MustNewConstMetric(c.openFDs, GaugeValue, float64(handles))
+	ch <- MustNewConstMetric(c.maxFDs, GaugeValue, float64(16*1024*1024)) // Windows has a hard-coded max limit, not per-process.
+}
+
+func fileTimeToSeconds(ft windows.Filetime) float64 {
+	return float64(uint64(ft.HighDateTime)<<32+uint64(ft.LowDateTime)) / 1e7
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/delegator.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/delegator.go
new file mode 100644
index 0000000000000..5070e72e28fee
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/delegator.go
@@ -0,0 +1,370 @@
+// Copyright 2017 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package promhttp
+
+import (
+	"bufio"
+	"io"
+	"net"
+	"net/http"
+)
+
+const (
+	closeNotifier = 1 << iota
+	flusher
+	hijacker
+	readerFrom
+	pusher
+)
+
+type delegator interface {
+	http.ResponseWriter
+
+	Status() int
+	Written() int64
+}
+
+type responseWriterDelegator struct {
+	http.ResponseWriter
+
+	status             int
+	written            int64
+	wroteHeader        bool
+	observeWriteHeader func(int)
+}
+
+func (r *responseWriterDelegator) Status() int {
+	return r.status
+}
+
+func (r *responseWriterDelegator) Written() int64 {
+	return r.written
+}
+
+func (r *responseWriterDelegator) WriteHeader(code int) {
+	if r.observeWriteHeader != nil && !r.wroteHeader {
+		// Only call observeWriteHeader for the 1st time. It's a bug if
+		// WriteHeader is called more than once, but we want to protect
+		// against it here. Note that we still delegate the WriteHeader
+		// to the original ResponseWriter to not mask the bug from it.
+		r.observeWriteHeader(code)
+	}
+	r.status = code
+	r.wroteHeader = true
+	r.ResponseWriter.WriteHeader(code)
+}
+
+func (r *responseWriterDelegator) Write(b []byte) (int, error) {
+	// If applicable, call WriteHeader here so that observeWriteHeader is
+	// handled appropriately.
+	if !r.wroteHeader {
+		r.WriteHeader(http.StatusOK)
+	}
+	n, err := r.ResponseWriter.Write(b)
+	r.written += int64(n)
+	return n, err
+}
+
+type closeNotifierDelegator struct{ *responseWriterDelegator }
+type flusherDelegator struct{ *responseWriterDelegator }
+type hijackerDelegator struct{ *responseWriterDelegator }
+type readerFromDelegator struct{ *responseWriterDelegator }
+type pusherDelegator struct{ *responseWriterDelegator }
+
+func (d closeNotifierDelegator) CloseNotify() <-chan bool {
+	//lint:ignore SA1019 http.CloseNotifier is deprecated but we don't want to
+	//remove support from client_golang yet.
+	return d.ResponseWriter.(http.CloseNotifier).CloseNotify()
+}
+func (d flusherDelegator) Flush() {
+	// If applicable, call WriteHeader here so that observeWriteHeader is
+	// handled appropriately.
+	if !d.wroteHeader {
+		d.WriteHeader(http.StatusOK)
+	}
+	d.ResponseWriter.(http.Flusher).Flush()
+}
+func (d hijackerDelegator) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+	return d.ResponseWriter.(http.Hijacker).Hijack()
+}
+func (d readerFromDelegator) ReadFrom(re io.Reader) (int64, error) {
+	// If applicable, call WriteHeader here so that observeWriteHeader is
+	// handled appropriately.
+	if !d.wroteHeader {
+		d.WriteHeader(http.StatusOK)
+	}
+	n, err := d.ResponseWriter.(io.ReaderFrom).ReadFrom(re)
+	d.written += n
+	return n, err
+}
+func (d pusherDelegator) Push(target string, opts *http.PushOptions) error {
+	return d.ResponseWriter.(http.Pusher).Push(target, opts)
+}
+
+var pickDelegator = make([]func(*responseWriterDelegator) delegator, 32)
+
+func init() {
+	// TODO(beorn7): Code generation would help here.
+	pickDelegator[0] = func(d *responseWriterDelegator) delegator { // 0
+		return d
+	}
+	pickDelegator[closeNotifier] = func(d *responseWriterDelegator) delegator { // 1
+		return closeNotifierDelegator{d}
+	}
+	pickDelegator[flusher] = func(d *responseWriterDelegator) delegator { // 2
+		return flusherDelegator{d}
+	}
+	pickDelegator[flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 3
+		return struct {
+			*responseWriterDelegator
+			http.Flusher
+			http.CloseNotifier
+		}{d, flusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[hijacker] = func(d *responseWriterDelegator) delegator { // 4
+		return hijackerDelegator{d}
+	}
+	pickDelegator[hijacker+closeNotifier] = func(d *responseWriterDelegator) delegator { // 5
+		return struct {
+			*responseWriterDelegator
+			http.Hijacker
+			http.CloseNotifier
+		}{d, hijackerDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[hijacker+flusher] = func(d *responseWriterDelegator) delegator { // 6
+		return struct {
+			*responseWriterDelegator
+			http.Hijacker
+			http.Flusher
+		}{d, hijackerDelegator{d}, flusherDelegator{d}}
+	}
+	pickDelegator[hijacker+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 7
+		return struct {
+			*responseWriterDelegator
+			http.Hijacker
+			http.Flusher
+			http.CloseNotifier
+		}{d, hijackerDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[readerFrom] = func(d *responseWriterDelegator) delegator { // 8
+		return readerFromDelegator{d}
+	}
+	pickDelegator[readerFrom+closeNotifier] = func(d *responseWriterDelegator) delegator { // 9
+		return struct {
+			*responseWriterDelegator
+			io.ReaderFrom
+			http.CloseNotifier
+		}{d, readerFromDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[readerFrom+flusher] = func(d *responseWriterDelegator) delegator { // 10
+		return struct {
+			*responseWriterDelegator
+			io.ReaderFrom
+			http.Flusher
+		}{d, readerFromDelegator{d}, flusherDelegator{d}}
+	}
+	pickDelegator[readerFrom+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 11
+		return struct {
+			*responseWriterDelegator
+			io.ReaderFrom
+			http.Flusher
+			http.CloseNotifier
+		}{d, readerFromDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[readerFrom+hijacker] = func(d *responseWriterDelegator) delegator { // 12
+		return struct {
+			*responseWriterDelegator
+			io.ReaderFrom
+			http.Hijacker
+		}{d, readerFromDelegator{d}, hijackerDelegator{d}}
+	}
+	pickDelegator[readerFrom+hijacker+closeNotifier] = func(d *responseWriterDelegator) delegator { // 13
+		return struct {
+			*responseWriterDelegator
+			io.ReaderFrom
+			http.Hijacker
+			http.CloseNotifier
+		}{d, readerFromDelegator{d}, hijackerDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[readerFrom+hijacker+flusher] = func(d *responseWriterDelegator) delegator { // 14
+		return struct {
+			*responseWriterDelegator
+			io.ReaderFrom
+			http.Hijacker
+			http.Flusher
+		}{d, readerFromDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}}
+	}
+	pickDelegator[readerFrom+hijacker+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 15
+		return struct {
+			*responseWriterDelegator
+			io.ReaderFrom
+			http.Hijacker
+			http.Flusher
+			http.CloseNotifier
+		}{d, readerFromDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[pusher] = func(d *responseWriterDelegator) delegator { // 16
+		return pusherDelegator{d}
+	}
+	pickDelegator[pusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 17
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			http.CloseNotifier
+		}{d, pusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[pusher+flusher] = func(d *responseWriterDelegator) delegator { // 18
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			http.Flusher
+		}{d, pusherDelegator{d}, flusherDelegator{d}}
+	}
+	pickDelegator[pusher+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 19
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			http.Flusher
+			http.CloseNotifier
+		}{d, pusherDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[pusher+hijacker] = func(d *responseWriterDelegator) delegator { // 20
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			http.Hijacker
+		}{d, pusherDelegator{d}, hijackerDelegator{d}}
+	}
+	pickDelegator[pusher+hijacker+closeNotifier] = func(d *responseWriterDelegator) delegator { // 21
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			http.Hijacker
+			http.CloseNotifier
+		}{d, pusherDelegator{d}, hijackerDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[pusher+hijacker+flusher] = func(d *responseWriterDelegator) delegator { // 22
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			http.Hijacker
+			http.Flusher
+		}{d, pusherDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}}
+	}
+	pickDelegator[pusher+hijacker+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { //23
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			http.Hijacker
+			http.Flusher
+			http.CloseNotifier
+		}{d, pusherDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[pusher+readerFrom] = func(d *responseWriterDelegator) delegator { // 24
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			io.ReaderFrom
+		}{d, pusherDelegator{d}, readerFromDelegator{d}}
+	}
+	pickDelegator[pusher+readerFrom+closeNotifier] = func(d *responseWriterDelegator) delegator { // 25
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			io.ReaderFrom
+			http.CloseNotifier
+		}{d, pusherDelegator{d}, readerFromDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[pusher+readerFrom+flusher] = func(d *responseWriterDelegator) delegator { // 26
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			io.ReaderFrom
+			http.Flusher
+		}{d, pusherDelegator{d}, readerFromDelegator{d}, flusherDelegator{d}}
+	}
+	pickDelegator[pusher+readerFrom+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 27
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			io.ReaderFrom
+			http.Flusher
+			http.CloseNotifier
+		}{d, pusherDelegator{d}, readerFromDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[pusher+readerFrom+hijacker] = func(d *responseWriterDelegator) delegator { // 28
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			io.ReaderFrom
+			http.Hijacker
+		}{d, pusherDelegator{d}, readerFromDelegator{d}, hijackerDelegator{d}}
+	}
+	pickDelegator[pusher+readerFrom+hijacker+closeNotifier] = func(d *responseWriterDelegator) delegator { // 29
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			io.ReaderFrom
+			http.Hijacker
+			http.CloseNotifier
+		}{d, pusherDelegator{d}, readerFromDelegator{d}, hijackerDelegator{d}, closeNotifierDelegator{d}}
+	}
+	pickDelegator[pusher+readerFrom+hijacker+flusher] = func(d *responseWriterDelegator) delegator { // 30
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			io.ReaderFrom
+			http.Hijacker
+			http.Flusher
+		}{d, pusherDelegator{d}, readerFromDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}}
+	}
+	pickDelegator[pusher+readerFrom+hijacker+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 31
+		return struct {
+			*responseWriterDelegator
+			http.Pusher
+			io.ReaderFrom
+			http.Hijacker
+			http.Flusher
+			http.CloseNotifier
+		}{d, pusherDelegator{d}, readerFromDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
+	}
+}
+
+func newDelegator(w http.ResponseWriter, observeWriteHeaderFunc func(int)) delegator {
+	d := &responseWriterDelegator{
+		ResponseWriter:     w,
+		observeWriteHeader: observeWriteHeaderFunc,
+	}
+
+	id := 0
+	//lint:ignore SA1019 http.CloseNotifier is deprecated but we don't want to
+	//remove support from client_golang yet.
+	if _, ok := w.(http.CloseNotifier); ok {
+		id += closeNotifier
+	}
+	if _, ok := w.(http.Flusher); ok {
+		id += flusher
+	}
+	if _, ok := w.(http.Hijacker); ok {
+		id += hijacker
+	}
+	if _, ok := w.(io.ReaderFrom); ok {
+		id += readerFrom
+	}
+	if _, ok := w.(http.Pusher); ok {
+		id += pusher
+	}
+
+	return pickDelegator[id](d)
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
new file mode 100644
index 0000000000000..5e1c4546ceb88
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
@@ -0,0 +1,379 @@
+// Copyright 2016 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package promhttp provides tooling around HTTP servers and clients.
+//
+// First, the package allows the creation of http.Handler instances to expose
+// Prometheus metrics via HTTP. promhttp.Handler acts on the
+// prometheus.DefaultGatherer. With HandlerFor, you can create a handler for a
+// custom registry or anything that implements the Gatherer interface. It also
+// allows the creation of handlers that act differently on errors or allow to
+// log errors.
+//
+// Second, the package provides tooling to instrument instances of http.Handler
+// via middleware. Middleware wrappers follow the naming scheme
+// InstrumentHandlerX, where X describes the intended use of the middleware.
+// See each function's doc comment for specific details.
+//
+// Finally, the package allows for an http.RoundTripper to be instrumented via
+// middleware. Middleware wrappers follow the naming scheme
+// InstrumentRoundTripperX, where X describes the intended use of the
+// middleware. See each function's doc comment for specific details.
+package promhttp
+
+import (
+	"compress/gzip"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/prometheus/common/expfmt"
+
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+const (
+	contentTypeHeader     = "Content-Type"
+	contentEncodingHeader = "Content-Encoding"
+	acceptEncodingHeader  = "Accept-Encoding"
+)
+
+var gzipPool = sync.Pool{
+	New: func() interface{} {
+		return gzip.NewWriter(nil)
+	},
+}
+
+// Handler returns an http.Handler for the prometheus.DefaultGatherer, using
+// default HandlerOpts, i.e. it reports the first error as an HTTP error, it has
+// no error logging, and it applies compression if requested by the client.
+//
+// The returned http.Handler is already instrumented using the
+// InstrumentMetricHandler function and the prometheus.DefaultRegisterer. If you
+// create multiple http.Handlers by separate calls of the Handler function, the
+// metrics used for instrumentation will be shared between them, providing
+// global scrape counts.
+//
+// This function is meant to cover the bulk of basic use cases. If you are doing
+// anything that requires more customization (including using a non-default
+// Gatherer, different instrumentation, and non-default HandlerOpts), use the
+// HandlerFor function. See there for details.
+func Handler() http.Handler {
+	return InstrumentMetricHandler(
+		prometheus.DefaultRegisterer, HandlerFor(prometheus.DefaultGatherer, HandlerOpts{}),
+	)
+}
+
+// HandlerFor returns an uninstrumented http.Handler for the provided
+// Gatherer. The behavior of the Handler is defined by the provided
+// HandlerOpts. Thus, HandlerFor is useful to create http.Handlers for custom
+// Gatherers, with non-default HandlerOpts, and/or with custom (or no)
+// instrumentation. Use the InstrumentMetricHandler function to apply the same
+// kind of instrumentation as it is used by the Handler function.
+func HandlerFor(reg prometheus.Gatherer, opts HandlerOpts) http.Handler {
+	var (
+		inFlightSem chan struct{}
+		errCnt      = prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "promhttp_metric_handler_errors_total",
+				Help: "Total number of internal errors encountered by the promhttp metric handler.",
+			},
+			[]string{"cause"},
+		)
+	)
+
+	if opts.MaxRequestsInFlight > 0 {
+		inFlightSem = make(chan struct{}, opts.MaxRequestsInFlight)
+	}
+	if opts.Registry != nil {
+		// Initialize all possibilites that can occur below.
+		errCnt.WithLabelValues("gathering")
+		errCnt.WithLabelValues("encoding")
+		if err := opts.Registry.Register(errCnt); err != nil {
+			if are, ok := err.(prometheus.AlreadyRegisteredError); ok {
+				errCnt = are.ExistingCollector.(*prometheus.CounterVec)
+			} else {
+				panic(err)
+			}
+		}
+	}
+
+	h := http.HandlerFunc(func(rsp http.ResponseWriter, req *http.Request) {
+		if inFlightSem != nil {
+			select {
+			case inFlightSem <- struct{}{}: // All good, carry on.
+				defer func() { <-inFlightSem }()
+			default:
+				http.Error(rsp, fmt.Sprintf(
+					"Limit of concurrent requests reached (%d), try again later.", opts.MaxRequestsInFlight,
+				), http.StatusServiceUnavailable)
+				return
+			}
+		}
+		mfs, err := reg.Gather()
+		if err != nil {
+			if opts.ErrorLog != nil {
+				opts.ErrorLog.Println("error gathering metrics:", err)
+			}
+			errCnt.WithLabelValues("gathering").Inc()
+			switch opts.ErrorHandling {
+			case PanicOnError:
+				panic(err)
+			case ContinueOnError:
+				if len(mfs) == 0 {
+					// Still report the error if no metrics have been gathered.
+					httpError(rsp, err)
+					return
+				}
+			case HTTPErrorOnError:
+				httpError(rsp, err)
+				return
+			}
+		}
+
+		var contentType expfmt.Format
+		if opts.EnableOpenMetrics {
+			contentType = expfmt.NegotiateIncludingOpenMetrics(req.Header)
+		} else {
+			contentType = expfmt.Negotiate(req.Header)
+		}
+		header := rsp.Header()
+		header.Set(contentTypeHeader, string(contentType))
+
+		w := io.Writer(rsp)
+		if !opts.DisableCompression && gzipAccepted(req.Header) {
+			header.Set(contentEncodingHeader, "gzip")
+			gz := gzipPool.Get().(*gzip.Writer)
+			defer gzipPool.Put(gz)
+
+			gz.Reset(w)
+			defer gz.Close()
+
+			w = gz
+		}
+
+		enc := expfmt.NewEncoder(w, contentType)
+
+		// handleError handles the error according to opts.ErrorHandling
+		// and returns true if we have to abort after the handling.
+		handleError := func(err error) bool {
+			if err == nil {
+				return false
+			}
+			if opts.ErrorLog != nil {
+				opts.ErrorLog.Println("error encoding and sending metric family:", err)
+			}
+			errCnt.WithLabelValues("encoding").Inc()
+			switch opts.ErrorHandling {
+			case PanicOnError:
+				panic(err)
+			case HTTPErrorOnError:
+				// We cannot really send an HTTP error at this
+				// point because we most likely have written
+				// something to rsp already. But at least we can
+				// stop sending.
+				return true
+			}
+			// Do nothing in all other cases, including ContinueOnError.
+			return false
+		}
+
+		for _, mf := range mfs {
+			if handleError(enc.Encode(mf)) {
+				return
+			}
+		}
+		if closer, ok := enc.(expfmt.Closer); ok {
+			// This in particular takes care of the final "# EOF\n" line for OpenMetrics.
+			if handleError(closer.Close()) {
+				return
+			}
+		}
+	})
+
+	if opts.Timeout <= 0 {
+		return h
+	}
+	return http.TimeoutHandler(h, opts.Timeout, fmt.Sprintf(
+		"Exceeded configured timeout of %v.\n",
+		opts.Timeout,
+	))
+}
+
+// InstrumentMetricHandler is usually used with an http.Handler returned by the
+// HandlerFor function. It instruments the provided http.Handler with two
+// metrics: A counter vector "promhttp_metric_handler_requests_total" to count
+// scrapes partitioned by HTTP status code, and a gauge
+// "promhttp_metric_handler_requests_in_flight" to track the number of
+// simultaneous scrapes. This function idempotently registers collectors for
+// both metrics with the provided Registerer. It panics if the registration
+// fails. The provided metrics are useful to see how many scrapes hit the
+// monitored target (which could be from different Prometheus servers or other
+// scrapers), and how often they overlap (which would result in more than one
+// scrape in flight at the same time). Note that the scrapes-in-flight gauge
+// will contain the scrape by which it is exposed, while the scrape counter will
+// only get incremented after the scrape is complete (as only then the status
+// code is known). For tracking scrape durations, use the
+// "scrape_duration_seconds" gauge created by the Prometheus server upon each
+// scrape.
+func InstrumentMetricHandler(reg prometheus.Registerer, handler http.Handler) http.Handler {
+	cnt := prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Name: "promhttp_metric_handler_requests_total",
+			Help: "Total number of scrapes by HTTP status code.",
+		},
+		[]string{"code"},
+	)
+	// Initialize the most likely HTTP status codes.
+	cnt.WithLabelValues("200")
+	cnt.WithLabelValues("500")
+	cnt.WithLabelValues("503")
+	if err := reg.Register(cnt); err != nil {
+		if are, ok := err.(prometheus.AlreadyRegisteredError); ok {
+			cnt = are.ExistingCollector.(*prometheus.CounterVec)
+		} else {
+			panic(err)
+		}
+	}
+
+	gge := prometheus.NewGauge(prometheus.GaugeOpts{
+		Name: "promhttp_metric_handler_requests_in_flight",
+		Help: "Current number of scrapes being served.",
+	})
+	if err := reg.Register(gge); err != nil {
+		if are, ok := err.(prometheus.AlreadyRegisteredError); ok {
+			gge = are.ExistingCollector.(prometheus.Gauge)
+		} else {
+			panic(err)
+		}
+	}
+
+	return InstrumentHandlerCounter(cnt, InstrumentHandlerInFlight(gge, handler))
+}
+
+// HandlerErrorHandling defines how a Handler serving metrics will handle
+// errors.
+type HandlerErrorHandling int
+
+// These constants cause handlers serving metrics to behave as described if
+// errors are encountered.
+const (
+	// Serve an HTTP status code 500 upon the first error
+	// encountered. Report the error message in the body. Note that HTTP
+	// errors cannot be served anymore once the beginning of a regular
+	// payload has been sent. Thus, in the (unlikely) case that encoding the
+	// payload into the negotiated wire format fails, serving the response
+	// will simply be aborted. Set an ErrorLog in HandlerOpts to detect
+	// those errors.
+	HTTPErrorOnError HandlerErrorHandling = iota
+	// Ignore errors and try to serve as many metrics as possible.  However,
+	// if no metrics can be served, serve an HTTP status code 500 and the
+	// last error message in the body. Only use this in deliberate "best
+	// effort" metrics collection scenarios. In this case, it is highly
+	// recommended to provide other means of detecting errors: By setting an
+	// ErrorLog in HandlerOpts, the errors are logged. By providing a
+	// Registry in HandlerOpts, the exposed metrics include an error counter
+	// "promhttp_metric_handler_errors_total", which can be used for
+	// alerts.
+	ContinueOnError
+	// Panic upon the first error encountered (useful for "crash only" apps).
+	PanicOnError
+)
+
+// Logger is the minimal interface HandlerOpts needs for logging. Note that
+// log.Logger from the standard library implements this interface, and it is
+// easy to implement by custom loggers, if they don't do so already anyway.
+type Logger interface {
+	Println(v ...interface{})
+}
+
+// HandlerOpts specifies options how to serve metrics via an http.Handler. The
+// zero value of HandlerOpts is a reasonable default.
+type HandlerOpts struct {
+	// ErrorLog specifies an optional logger for errors collecting and
+	// serving metrics. If nil, errors are not logged at all.
+	ErrorLog Logger
+	// ErrorHandling defines how errors are handled. Note that errors are
+	// logged regardless of the configured ErrorHandling provided ErrorLog
+	// is not nil.
+	ErrorHandling HandlerErrorHandling
+	// If Registry is not nil, it is used to register a metric
+	// "promhttp_metric_handler_errors_total", partitioned by "cause". A
+	// failed registration causes a panic. Note that this error counter is
+	// different from the instrumentation you get from the various
+	// InstrumentHandler... helpers. It counts errors that don't necessarily
+	// result in a non-2xx HTTP status code. There are two typical cases:
+	// (1) Encoding errors that only happen after streaming of the HTTP body
+	// has already started (and the status code 200 has been sent). This
+	// should only happen with custom collectors. (2) Collection errors with
+	// no effect on the HTTP status code because ErrorHandling is set to
+	// ContinueOnError.
+	Registry prometheus.Registerer
+	// If DisableCompression is true, the handler will never compress the
+	// response, even if requested by the client.
+	DisableCompression bool
+	// The number of concurrent HTTP requests is limited to
+	// MaxRequestsInFlight. Additional requests are responded to with 503
+	// Service Unavailable and a suitable message in the body. If
+	// MaxRequestsInFlight is 0 or negative, no limit is applied.
+	MaxRequestsInFlight int
+	// If handling a request takes longer than Timeout, it is responded to
+	// with 503 ServiceUnavailable and a suitable Message. No timeout is
+	// applied if Timeout is 0 or negative. Note that with the current
+	// implementation, reaching the timeout simply ends the HTTP requests as
+	// described above (and even that only if sending of the body hasn't
+	// started yet), while the bulk work of gathering all the metrics keeps
+	// running in the background (with the eventual result to be thrown
+	// away). Until the implementation is improved, it is recommended to
+	// implement a separate timeout in potentially slow Collectors.
+	Timeout time.Duration
+	// If true, the experimental OpenMetrics encoding is added to the
+	// possible options during content negotiation. Note that Prometheus
+	// 2.5.0+ will negotiate OpenMetrics as first priority. OpenMetrics is
+	// the only way to transmit exemplars. However, the move to OpenMetrics
+	// is not completely transparent. Most notably, the values of "quantile"
+	// labels of Summaries and "le" labels of Histograms are formatted with
+	// a trailing ".0" if they would otherwise look like integer numbers
+	// (which changes the identity of the resulting series on the Prometheus
+	// server).
+	EnableOpenMetrics bool
+}
+
+// gzipAccepted returns whether the client will accept gzip-encoded content.
+func gzipAccepted(header http.Header) bool {
+	a := header.Get(acceptEncodingHeader)
+	parts := strings.Split(a, ",")
+	for _, part := range parts {
+		part = strings.TrimSpace(part)
+		if part == "gzip" || strings.HasPrefix(part, "gzip;") {
+			return true
+		}
+	}
+	return false
+}
+
+// httpError removes any content-encoding header and then calls http.Error with
+// the provided error and http.StatusInternalServerError. Error contents is
+// supposed to be uncompressed plain text. Same as with a plain http.Error, this
+// must not be called if the header or any payload has already been sent.
+func httpError(rsp http.ResponseWriter, err error) {
+	rsp.Header().Del(contentEncodingHeader)
+	http.Error(
+		rsp,
+		"An error has occurred while serving metrics:\n\n"+err.Error(),
+		http.StatusInternalServerError,
+	)
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go
new file mode 100644
index 0000000000000..83c49b66a8105
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go
@@ -0,0 +1,219 @@
+// Copyright 2017 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package promhttp
+
+import (
+	"crypto/tls"
+	"net/http"
+	"net/http/httptrace"
+	"time"
+
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+// The RoundTripperFunc type is an adapter to allow the use of ordinary
+// functions as RoundTrippers. If f is a function with the appropriate
+// signature, RountTripperFunc(f) is a RoundTripper that calls f.
+type RoundTripperFunc func(req *http.Request) (*http.Response, error)
+
+// RoundTrip implements the RoundTripper interface.
+func (rt RoundTripperFunc) RoundTrip(r *http.Request) (*http.Response, error) {
+	return rt(r)
+}
+
+// InstrumentRoundTripperInFlight is a middleware that wraps the provided
+// http.RoundTripper. It sets the provided prometheus.Gauge to the number of
+// requests currently handled by the wrapped http.RoundTripper.
+//
+// See the example for ExampleInstrumentRoundTripperDuration for example usage.
+func InstrumentRoundTripperInFlight(gauge prometheus.Gauge, next http.RoundTripper) RoundTripperFunc {
+	return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
+		gauge.Inc()
+		defer gauge.Dec()
+		return next.RoundTrip(r)
+	})
+}
+
+// InstrumentRoundTripperCounter is a middleware that wraps the provided
+// http.RoundTripper to observe the request result with the provided CounterVec.
+// The CounterVec must have zero, one, or two non-const non-curried labels. For
+// those, the only allowed label names are "code" and "method". The function
+// panics otherwise. Partitioning of the CounterVec happens by HTTP status code
+// and/or HTTP method if the respective instance label names are present in the
+// CounterVec. For unpartitioned counting, use a CounterVec with zero labels.
+//
+// If the wrapped RoundTripper panics or returns a non-nil error, the Counter
+// is not incremented.
+//
+// See the example for ExampleInstrumentRoundTripperDuration for example usage.
+func InstrumentRoundTripperCounter(counter *prometheus.CounterVec, next http.RoundTripper) RoundTripperFunc {
+	code, method := checkLabels(counter)
+
+	return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
+		resp, err := next.RoundTrip(r)
+		if err == nil {
+			counter.With(labels(code, method, r.Method, resp.StatusCode)).Inc()
+		}
+		return resp, err
+	})
+}
+
+// InstrumentRoundTripperDuration is a middleware that wraps the provided
+// http.RoundTripper to observe the request duration with the provided
+// ObserverVec.  The ObserverVec must have zero, one, or two non-const
+// non-curried labels. For those, the only allowed label names are "code" and
+// "method". The function panics otherwise. The Observe method of the Observer
+// in the ObserverVec is called with the request duration in
+// seconds. Partitioning happens by HTTP status code and/or HTTP method if the
+// respective instance label names are present in the ObserverVec. For
+// unpartitioned observations, use an ObserverVec with zero labels. Note that
+// partitioning of Histograms is expensive and should be used judiciously.
+//
+// If the wrapped RoundTripper panics or returns a non-nil error, no values are
+// reported.
+//
+// Note that this method is only guaranteed to never observe negative durations
+// if used with Go1.9+.
+func InstrumentRoundTripperDuration(obs prometheus.ObserverVec, next http.RoundTripper) RoundTripperFunc {
+	code, method := checkLabels(obs)
+
+	return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
+		start := time.Now()
+		resp, err := next.RoundTrip(r)
+		if err == nil {
+			obs.With(labels(code, method, r.Method, resp.StatusCode)).Observe(time.Since(start).Seconds())
+		}
+		return resp, err
+	})
+}
+
+// InstrumentTrace is used to offer flexibility in instrumenting the available
+// httptrace.ClientTrace hook functions. Each function is passed a float64
+// representing the time in seconds since the start of the http request. A user
+// may choose to use separately buckets Histograms, or implement custom
+// instance labels on a per function basis.
+type InstrumentTrace struct {
+	GotConn              func(float64)
+	PutIdleConn          func(float64)
+	GotFirstResponseByte func(float64)
+	Got100Continue       func(float64)
+	DNSStart             func(float64)
+	DNSDone              func(float64)
+	ConnectStart         func(float64)
+	ConnectDone          func(float64)
+	TLSHandshakeStart    func(float64)
+	TLSHandshakeDone     func(float64)
+	WroteHeaders         func(float64)
+	Wait100Continue      func(float64)
+	WroteRequest         func(float64)
+}
+
+// InstrumentRoundTripperTrace is a middleware that wraps the provided
+// RoundTripper and reports times to hook functions provided in the
+// InstrumentTrace struct. Hook functions that are not present in the provided
+// InstrumentTrace struct are ignored. Times reported to the hook functions are
+// time since the start of the request. Only with Go1.9+, those times are
+// guaranteed to never be negative. (Earlier Go versions are not using a
+// monotonic clock.) Note that partitioning of Histograms is expensive and
+// should be used judiciously.
+//
+// For hook functions that receive an error as an argument, no observations are
+// made in the event of a non-nil error value.
+//
+// See the example for ExampleInstrumentRoundTripperDuration for example usage.
+func InstrumentRoundTripperTrace(it *InstrumentTrace, next http.RoundTripper) RoundTripperFunc {
+	return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
+		start := time.Now()
+
+		trace := &httptrace.ClientTrace{
+			GotConn: func(_ httptrace.GotConnInfo) {
+				if it.GotConn != nil {
+					it.GotConn(time.Since(start).Seconds())
+				}
+			},
+			PutIdleConn: func(err error) {
+				if err != nil {
+					return
+				}
+				if it.PutIdleConn != nil {
+					it.PutIdleConn(time.Since(start).Seconds())
+				}
+			},
+			DNSStart: func(_ httptrace.DNSStartInfo) {
+				if it.DNSStart != nil {
+					it.DNSStart(time.Since(start).Seconds())
+				}
+			},
+			DNSDone: func(_ httptrace.DNSDoneInfo) {
+				if it.DNSDone != nil {
+					it.DNSDone(time.Since(start).Seconds())
+				}
+			},
+			ConnectStart: func(_, _ string) {
+				if it.ConnectStart != nil {
+					it.ConnectStart(time.Since(start).Seconds())
+				}
+			},
+			ConnectDone: func(_, _ string, err error) {
+				if err != nil {
+					return
+				}
+				if it.ConnectDone != nil {
+					it.ConnectDone(time.Since(start).Seconds())
+				}
+			},
+			GotFirstResponseByte: func() {
+				if it.GotFirstResponseByte != nil {
+					it.GotFirstResponseByte(time.Since(start).Seconds())
+				}
+			},
+			Got100Continue: func() {
+				if it.Got100Continue != nil {
+					it.Got100Continue(time.Since(start).Seconds())
+				}
+			},
+			TLSHandshakeStart: func() {
+				if it.TLSHandshakeStart != nil {
+					it.TLSHandshakeStart(time.Since(start).Seconds())
+				}
+			},
+			TLSHandshakeDone: func(_ tls.ConnectionState, err error) {
+				if err != nil {
+					return
+				}
+				if it.TLSHandshakeDone != nil {
+					it.TLSHandshakeDone(time.Since(start).Seconds())
+				}
+			},
+			WroteHeaders: func() {
+				if it.WroteHeaders != nil {
+					it.WroteHeaders(time.Since(start).Seconds())
+				}
+			},
+			Wait100Continue: func() {
+				if it.Wait100Continue != nil {
+					it.Wait100Continue(time.Since(start).Seconds())
+				}
+			},
+			WroteRequest: func(_ httptrace.WroteRequestInfo) {
+				if it.WroteRequest != nil {
+					it.WroteRequest(time.Since(start).Seconds())
+				}
+			},
+		}
+		r = r.WithContext(httptrace.WithClientTrace(r.Context(), trace))
+
+		return next.RoundTrip(r)
+	})
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
new file mode 100644
index 0000000000000..9db24380533ad
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
@@ -0,0 +1,447 @@
+// Copyright 2017 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package promhttp
+
+import (
+	"errors"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	dto "github.com/prometheus/client_model/go"
+
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+// magicString is used for the hacky label test in checkLabels. Remove once fixed.
+const magicString = "zZgWfBxLqvG8kc8IMv3POi2Bb0tZI3vAnBx+gBaFi9FyPzB/CzKUer1yufDa"
+
+// InstrumentHandlerInFlight is a middleware that wraps the provided
+// http.Handler. It sets the provided prometheus.Gauge to the number of
+// requests currently handled by the wrapped http.Handler.
+//
+// See the example for InstrumentHandlerDuration for example usage.
+func InstrumentHandlerInFlight(g prometheus.Gauge, next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		g.Inc()
+		defer g.Dec()
+		next.ServeHTTP(w, r)
+	})
+}
+
+// InstrumentHandlerDuration is a middleware that wraps the provided
+// http.Handler to observe the request duration with the provided ObserverVec.
+// The ObserverVec must have zero, one, or two non-const non-curried labels. For
+// those, the only allowed label names are "code" and "method". The function
+// panics otherwise. The Observe method of the Observer in the ObserverVec is
+// called with the request duration in seconds. Partitioning happens by HTTP
+// status code and/or HTTP method if the respective instance label names are
+// present in the ObserverVec. For unpartitioned observations, use an
+// ObserverVec with zero labels. Note that partitioning of Histograms is
+// expensive and should be used judiciously.
+//
+// If the wrapped Handler does not set a status code, a status code of 200 is assumed.
+//
+// If the wrapped Handler panics, no values are reported.
+//
+// Note that this method is only guaranteed to never observe negative durations
+// if used with Go1.9+.
+func InstrumentHandlerDuration(obs prometheus.ObserverVec, next http.Handler) http.HandlerFunc {
+	code, method := checkLabels(obs)
+
+	if code {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			now := time.Now()
+			d := newDelegator(w, nil)
+			next.ServeHTTP(d, r)
+
+			obs.With(labels(code, method, r.Method, d.Status())).Observe(time.Since(now).Seconds())
+		})
+	}
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		now := time.Now()
+		next.ServeHTTP(w, r)
+		obs.With(labels(code, method, r.Method, 0)).Observe(time.Since(now).Seconds())
+	})
+}
+
+// InstrumentHandlerCounter is a middleware that wraps the provided http.Handler
+// to observe the request result with the provided CounterVec.  The CounterVec
+// must have zero, one, or two non-const non-curried labels. For those, the only
+// allowed label names are "code" and "method". The function panics
+// otherwise. Partitioning of the CounterVec happens by HTTP status code and/or
+// HTTP method if the respective instance label names are present in the
+// CounterVec. For unpartitioned counting, use a CounterVec with zero labels.
+//
+// If the wrapped Handler does not set a status code, a status code of 200 is assumed.
+//
+// If the wrapped Handler panics, the Counter is not incremented.
+//
+// See the example for InstrumentHandlerDuration for example usage.
+func InstrumentHandlerCounter(counter *prometheus.CounterVec, next http.Handler) http.HandlerFunc {
+	code, method := checkLabels(counter)
+
+	if code {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			d := newDelegator(w, nil)
+			next.ServeHTTP(d, r)
+			counter.With(labels(code, method, r.Method, d.Status())).Inc()
+		})
+	}
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		next.ServeHTTP(w, r)
+		counter.With(labels(code, method, r.Method, 0)).Inc()
+	})
+}
+
+// InstrumentHandlerTimeToWriteHeader is a middleware that wraps the provided
+// http.Handler to observe with the provided ObserverVec the request duration
+// until the response headers are written. The ObserverVec must have zero, one,
+// or two non-const non-curried labels. For those, the only allowed label names
+// are "code" and "method". The function panics otherwise. The Observe method of
+// the Observer in the ObserverVec is called with the request duration in
+// seconds. Partitioning happens by HTTP status code and/or HTTP method if the
+// respective instance label names are present in the ObserverVec. For
+// unpartitioned observations, use an ObserverVec with zero labels. Note that
+// partitioning of Histograms is expensive and should be used judiciously.
+//
+// If the wrapped Handler panics before calling WriteHeader, no value is
+// reported.
+//
+// Note that this method is only guaranteed to never observe negative durations
+// if used with Go1.9+.
+//
+// See the example for InstrumentHandlerDuration for example usage.
+func InstrumentHandlerTimeToWriteHeader(obs prometheus.ObserverVec, next http.Handler) http.HandlerFunc {
+	code, method := checkLabels(obs)
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		now := time.Now()
+		d := newDelegator(w, func(status int) {
+			obs.With(labels(code, method, r.Method, status)).Observe(time.Since(now).Seconds())
+		})
+		next.ServeHTTP(d, r)
+	})
+}
+
+// InstrumentHandlerRequestSize is a middleware that wraps the provided
+// http.Handler to observe the request size with the provided ObserverVec.  The
+// ObserverVec must have zero, one, or two non-const non-curried labels. For
+// those, the only allowed label names are "code" and "method". The function
+// panics otherwise. The Observe method of the Observer in the ObserverVec is
+// called with the request size in bytes. Partitioning happens by HTTP status
+// code and/or HTTP method if the respective instance label names are present in
+// the ObserverVec. For unpartitioned observations, use an ObserverVec with zero
+// labels. Note that partitioning of Histograms is expensive and should be used
+// judiciously.
+//
+// If the wrapped Handler does not set a status code, a status code of 200 is assumed.
+//
+// If the wrapped Handler panics, no values are reported.
+//
+// See the example for InstrumentHandlerDuration for example usage.
+func InstrumentHandlerRequestSize(obs prometheus.ObserverVec, next http.Handler) http.HandlerFunc {
+	code, method := checkLabels(obs)
+
+	if code {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			d := newDelegator(w, nil)
+			next.ServeHTTP(d, r)
+			size := computeApproximateRequestSize(r)
+			obs.With(labels(code, method, r.Method, d.Status())).Observe(float64(size))
+		})
+	}
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		next.ServeHTTP(w, r)
+		size := computeApproximateRequestSize(r)
+		obs.With(labels(code, method, r.Method, 0)).Observe(float64(size))
+	})
+}
+
+// InstrumentHandlerResponseSize is a middleware that wraps the provided
+// http.Handler to observe the response size with the provided ObserverVec.  The
+// ObserverVec must have zero, one, or two non-const non-curried labels. For
+// those, the only allowed label names are "code" and "method". The function
+// panics otherwise. The Observe method of the Observer in the ObserverVec is
+// called with the response size in bytes. Partitioning happens by HTTP status
+// code and/or HTTP method if the respective instance label names are present in
+// the ObserverVec. For unpartitioned observations, use an ObserverVec with zero
+// labels. Note that partitioning of Histograms is expensive and should be used
+// judiciously.
+//
+// If the wrapped Handler does not set a status code, a status code of 200 is assumed.
+//
+// If the wrapped Handler panics, no values are reported.
+//
+// See the example for InstrumentHandlerDuration for example usage.
+func InstrumentHandlerResponseSize(obs prometheus.ObserverVec, next http.Handler) http.Handler {
+	code, method := checkLabels(obs)
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		d := newDelegator(w, nil)
+		next.ServeHTTP(d, r)
+		obs.With(labels(code, method, r.Method, d.Status())).Observe(float64(d.Written()))
+	})
+}
+
+func checkLabels(c prometheus.Collector) (code bool, method bool) {
+	// TODO(beorn7): Remove this hacky way to check for instance labels
+	// once Descriptors can have their dimensionality queried.
+	var (
+		desc *prometheus.Desc
+		m    prometheus.Metric
+		pm   dto.Metric
+		lvs  []string
+	)
+
+	// Get the Desc from the Collector.
+	descc := make(chan *prometheus.Desc, 1)
+	c.Describe(descc)
+
+	select {
+	case desc = <-descc:
+	default:
+		panic("no description provided by collector")
+	}
+	select {
+	case <-descc:
+		panic("more than one description provided by collector")
+	default:
+	}
+
+	close(descc)
+
+	// Create a ConstMetric with the Desc. Since we don't know how many
+	// variable labels there are, try for as long as it needs.
+	for err := errors.New("dummy"); err != nil; lvs = append(lvs, magicString) {
+		m, err = prometheus.NewConstMetric(desc, prometheus.UntypedValue, 0, lvs...)
+	}
+
+	// Write out the metric into a proto message and look at the labels.
+	// If the value is not the magicString, it is a constLabel, which doesn't interest us.
+	// If the label is curried, it doesn't interest us.
+	// In all other cases, only "code" or "method" is allowed.
+	if err := m.Write(&pm); err != nil {
+		panic("error checking metric for labels")
+	}
+	for _, label := range pm.Label {
+		name, value := label.GetName(), label.GetValue()
+		if value != magicString || isLabelCurried(c, name) {
+			continue
+		}
+		switch name {
+		case "code":
+			code = true
+		case "method":
+			method = true
+		default:
+			panic("metric partitioned with non-supported labels")
+		}
+	}
+	return
+}
+
+func isLabelCurried(c prometheus.Collector, label string) bool {
+	// This is even hackier than the label test above.
+	// We essentially try to curry again and see if it works.
+	// But for that, we need to type-convert to the two
+	// types we use here, ObserverVec or *CounterVec.
+	switch v := c.(type) {
+	case *prometheus.CounterVec:
+		if _, err := v.CurryWith(prometheus.Labels{label: "dummy"}); err == nil {
+			return false
+		}
+	case prometheus.ObserverVec:
+		if _, err := v.CurryWith(prometheus.Labels{label: "dummy"}); err == nil {
+			return false
+		}
+	default:
+		panic("unsupported metric vec type")
+	}
+	return true
+}
+
+// emptyLabels is a one-time allocation for non-partitioned metrics to avoid
+// unnecessary allocations on each request.
+var emptyLabels = prometheus.Labels{}
+
+func labels(code, method bool, reqMethod string, status int) prometheus.Labels {
+	if !(code || method) {
+		return emptyLabels
+	}
+	labels := prometheus.Labels{}
+
+	if code {
+		labels["code"] = sanitizeCode(status)
+	}
+	if method {
+		labels["method"] = sanitizeMethod(reqMethod)
+	}
+
+	return labels
+}
+
+func computeApproximateRequestSize(r *http.Request) int {
+	s := 0
+	if r.URL != nil {
+		s += len(r.URL.String())
+	}
+
+	s += len(r.Method)
+	s += len(r.Proto)
+	for name, values := range r.Header {
+		s += len(name)
+		for _, value := range values {
+			s += len(value)
+		}
+	}
+	s += len(r.Host)
+
+	// N.B. r.Form and r.MultipartForm are assumed to be included in r.URL.
+
+	if r.ContentLength != -1 {
+		s += int(r.ContentLength)
+	}
+	return s
+}
+
+func sanitizeMethod(m string) string {
+	switch m {
+	case "GET", "get":
+		return "get"
+	case "PUT", "put":
+		return "put"
+	case "HEAD", "head":
+		return "head"
+	case "POST", "post":
+		return "post"
+	case "DELETE", "delete":
+		return "delete"
+	case "CONNECT", "connect":
+		return "connect"
+	case "OPTIONS", "options":
+		return "options"
+	case "NOTIFY", "notify":
+		return "notify"
+	default:
+		return strings.ToLower(m)
+	}
+}
+
+// If the wrapped http.Handler has not set a status code, i.e. the value is
+// currently 0, santizeCode will return 200, for consistency with behavior in
+// the stdlib.
+func sanitizeCode(s int) string {
+	switch s {
+	case 100:
+		return "100"
+	case 101:
+		return "101"
+
+	case 200, 0:
+		return "200"
+	case 201:
+		return "201"
+	case 202:
+		return "202"
+	case 203:
+		return "203"
+	case 204:
+		return "204"
+	case 205:
+		return "205"
+	case 206:
+		return "206"
+
+	case 300:
+		return "300"
+	case 301:
+		return "301"
+	case 302:
+		return "302"
+	case 304:
+		return "304"
+	case 305:
+		return "305"
+	case 307:
+		return "307"
+
+	case 400:
+		return "400"
+	case 401:
+		return "401"
+	case 402:
+		return "402"
+	case 403:
+		return "403"
+	case 404:
+		return "404"
+	case 405:
+		return "405"
+	case 406:
+		return "406"
+	case 407:
+		return "407"
+	case 408:
+		return "408"
+	case 409:
+		return "409"
+	case 410:
+		return "410"
+	case 411:
+		return "411"
+	case 412:
+		return "412"
+	case 413:
+		return "413"
+	case 414:
+		return "414"
+	case 415:
+		return "415"
+	case 416:
+		return "416"
+	case 417:
+		return "417"
+	case 418:
+		return "418"
+
+	case 500:
+		return "500"
+	case 501:
+		return "501"
+	case 502:
+		return "502"
+	case 503:
+		return "503"
+	case 504:
+		return "504"
+	case 505:
+		return "505"
+
+	case 428:
+		return "428"
+	case 429:
+		return "429"
+	case 431:
+		return "431"
+	case 511:
+		return "511"
+
+	default:
+		return strconv.Itoa(s)
+	}
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/registry.go b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
index 32a3986b06c8b..c05d6ee1b3853 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/registry.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
@@ -15,15 +15,23 @@ package prometheus
 
 import (
 	"bytes"
-	"errors"
 	"fmt"
+	"io/ioutil"
 	"os"
+	"path/filepath"
+	"runtime"
 	"sort"
+	"strings"
 	"sync"
+	"unicode/utf8"
 
+	"github.com/cespare/xxhash/v2"
 	"github.com/golang/protobuf/proto"
+	"github.com/prometheus/common/expfmt"
 
 	dto "github.com/prometheus/client_model/go"
+
+	"github.com/prometheus/client_golang/prometheus/internal"
 )
 
 const (
@@ -35,13 +43,14 @@ const (
 // DefaultRegisterer and DefaultGatherer are the implementations of the
 // Registerer and Gatherer interface a number of convenience functions in this
 // package act on. Initially, both variables point to the same Registry, which
-// has a process collector (see NewProcessCollector) and a Go collector (see
-// NewGoCollector) already registered. This approach to keep default instances
-// as global state mirrors the approach of other packages in the Go standard
-// library. Note that there are caveats. Change the variables with caution and
-// only if you understand the consequences. Users who want to avoid global state
-// altogether should not use the convenience function and act on custom
-// instances instead.
+// has a process collector (currently on Linux only, see NewProcessCollector)
+// and a Go collector (see NewGoCollector, in particular the note about
+// stop-the-world implication with Go versions older than 1.9) already
+// registered. This approach to keep default instances as global state mirrors
+// the approach of other packages in the Go standard library. Note that there
+// are caveats. Change the variables with caution and only if you understand the
+// consequences. Users who want to avoid global state altogether should not use
+// the convenience functions and act on custom instances instead.
 var (
 	defaultRegistry              = NewRegistry()
 	DefaultRegisterer Registerer = defaultRegistry
@@ -49,7 +58,7 @@ var (
 )
 
 func init() {
-	MustRegister(NewProcessCollector(os.Getpid(), ""))
+	MustRegister(NewProcessCollector(ProcessCollectorOpts{}))
 	MustRegister(NewGoCollector())
 }
 
@@ -65,7 +74,8 @@ func NewRegistry() *Registry {
 
 // NewPedanticRegistry returns a registry that checks during collection if each
 // collected Metric is consistent with its reported Desc, and if the Desc has
-// actually been registered with the registry.
+// actually been registered with the registry. Unchecked Collectors (those whose
+// Describe method does not yield any descriptors) are excluded from the check.
 //
 // Usually, a Registry will be happy as long as the union of all collected
 // Metrics is consistent and valid even if some metrics are not consistent with
@@ -80,7 +90,7 @@ func NewPedanticRegistry() *Registry {
 
 // Registerer is the interface for the part of a registry in charge of
 // registering and unregistering. Users of custom registries should use
-// Registerer as type for registration purposes (rather then the Registry type
+// Registerer as type for registration purposes (rather than the Registry type
 // directly). In that way, they are free to use custom Registerer implementation
 // (e.g. for testing purposes).
 type Registerer interface {
@@ -95,8 +105,13 @@ type Registerer interface {
 	// returned error is an instance of AlreadyRegisteredError, which
 	// contains the previously registered Collector.
 	//
-	// It is in general not safe to register the same Collector multiple
-	// times concurrently.
+	// A Collector whose Describe method does not yield any Desc is treated
+	// as unchecked. Registration will always succeed. No check for
+	// re-registering (see previous paragraph) is performed. Thus, the
+	// caller is responsible for not double-registering the same unchecked
+	// Collector, and for providing a Collector that will not cause
+	// inconsistent metrics on collection. (This would lead to scrape
+	// errors.)
 	Register(Collector) error
 	// MustRegister works like Register but registers any number of
 	// Collectors and panics upon the first registration that causes an
@@ -105,7 +120,9 @@ type Registerer interface {
 	// Unregister unregisters the Collector that equals the Collector passed
 	// in as an argument.  (Two Collectors are considered equal if their
 	// Describe method yields the same set of descriptors.) The function
-	// returns whether a Collector was unregistered.
+	// returns whether a Collector was unregistered. Note that an unchecked
+	// Collector cannot be unregistered (as its Describe method does not
+	// yield any descriptor).
 	//
 	// Note that even after unregistering, it will not be possible to
 	// register a new Collector that is inconsistent with the unregistered
@@ -123,15 +140,23 @@ type Registerer interface {
 type Gatherer interface {
 	// Gather calls the Collect method of the registered Collectors and then
 	// gathers the collected metrics into a lexicographically sorted slice
-	// of MetricFamily protobufs. Even if an error occurs, Gather attempts
-	// to gather as many metrics as possible. Hence, if a non-nil error is
-	// returned, the returned MetricFamily slice could be nil (in case of a
-	// fatal error that prevented any meaningful metric collection) or
-	// contain a number of MetricFamily protobufs, some of which might be
-	// incomplete, and some might be missing altogether. The returned error
-	// (which might be a MultiError) explains the details. In scenarios
-	// where complete collection is critical, the returned MetricFamily
-	// protobufs should be disregarded if the returned error is non-nil.
+	// of uniquely named MetricFamily protobufs. Gather ensures that the
+	// returned slice is valid and self-consistent so that it can be used
+	// for valid exposition. As an exception to the strict consistency
+	// requirements described for metric.Desc, Gather will tolerate
+	// different sets of label names for metrics of the same metric family.
+	//
+	// Even if an error occurs, Gather attempts to gather as many metrics as
+	// possible. Hence, if a non-nil error is returned, the returned
+	// MetricFamily slice could be nil (in case of a fatal error that
+	// prevented any meaningful metric collection) or contain a number of
+	// MetricFamily protobufs, some of which might be incomplete, and some
+	// might be missing altogether. The returned error (which might be a
+	// MultiError) explains the details. Note that this is mostly useful for
+	// debugging purposes. If the gathered protobufs are to be used for
+	// exposition in actual monitoring, it is almost always better to not
+	// expose an incomplete result and instead disregard the returned
+	// MetricFamily protobufs in case the returned error is non-nil.
 	Gather() ([]*dto.MetricFamily, error)
 }
 
@@ -152,38 +177,6 @@ func MustRegister(cs ...Collector) {
 	DefaultRegisterer.MustRegister(cs...)
 }
 
-// RegisterOrGet registers the provided Collector with the DefaultRegisterer and
-// returns the Collector, unless an equal Collector was registered before, in
-// which case that Collector is returned.
-//
-// Deprecated: RegisterOrGet is merely a convenience function for the
-// implementation as described in the documentation for
-// AlreadyRegisteredError. As the use case is relatively rare, this function
-// will be removed in a future version of this package to clean up the
-// namespace.
-func RegisterOrGet(c Collector) (Collector, error) {
-	if err := Register(c); err != nil {
-		if are, ok := err.(AlreadyRegisteredError); ok {
-			return are.ExistingCollector, nil
-		}
-		return nil, err
-	}
-	return c, nil
-}
-
-// MustRegisterOrGet behaves like RegisterOrGet but panics instead of returning
-// an error.
-//
-// Deprecated: This is deprecated for the same reason RegisterOrGet is. See
-// there for details.
-func MustRegisterOrGet(c Collector) Collector {
-	c, err := RegisterOrGet(c)
-	if err != nil {
-		panic(err)
-	}
-	return c
-}
-
 // Unregister removes the registration of the provided Collector from the
 // DefaultRegisterer.
 //
@@ -201,25 +194,6 @@ func (gf GathererFunc) Gather() ([]*dto.MetricFamily, error) {
 	return gf()
 }
 
-// SetMetricFamilyInjectionHook replaces the DefaultGatherer with one that
-// gathers from the previous DefaultGatherers but then merges the MetricFamily
-// protobufs returned from the provided hook function with the MetricFamily
-// protobufs returned from the original DefaultGatherer.
-//
-// Deprecated: This function manipulates the DefaultGatherer variable. Consider
-// the implications, i.e. don't do this concurrently with any uses of the
-// DefaultGatherer. In the rare cases where you need to inject MetricFamily
-// protobufs directly, it is recommended to use a custom Registry and combine it
-// with a custom Gatherer using the Gatherers type (see
-// there). SetMetricFamilyInjectionHook only exists for compatibility reasons
-// with previous versions of this package.
-func SetMetricFamilyInjectionHook(hook func() []*dto.MetricFamily) {
-	DefaultGatherer = Gatherers{
-		DefaultGatherer,
-		GathererFunc(func() ([]*dto.MetricFamily, error) { return hook(), nil }),
-	}
-}
-
 // AlreadyRegisteredError is returned by the Register method if the Collector to
 // be registered has already been registered before, or a different Collector
 // that collects the same metrics has been registered before. Registration fails
@@ -252,6 +226,13 @@ func (errs MultiError) Error() string {
 	return buf.String()
 }
 
+// Append appends the provided error if it is not nil.
+func (errs *MultiError) Append(err error) {
+	if err != nil {
+		*errs = append(*errs, err)
+	}
+}
+
 // MaybeUnwrap returns nil if len(errs) is 0. It returns the first and only
 // contained error as error if len(errs is 1). In all other cases, it returns
 // the MultiError directly. This is helpful for returning a MultiError in a way
@@ -276,6 +257,7 @@ type Registry struct {
 	collectorsByID        map[uint64]Collector // ID is a hash of the descIDs.
 	descIDs               map[uint64]struct{}
 	dimHashesByName       map[string]uint64
+	uncheckedCollectors   []Collector
 	pedanticChecksEnabled bool
 }
 
@@ -285,7 +267,7 @@ func (r *Registry) Register(c Collector) error {
 		descChan           = make(chan *Desc, capDescChan)
 		newDescIDs         = map[uint64]struct{}{}
 		newDimHashesByName = map[string]uint64{}
-		collectorID        uint64 // Just a sum of all desc IDs.
+		collectorID        uint64 // All desc IDs XOR'd together.
 		duplicateDescErr   error
 	)
 	go func() {
@@ -293,8 +275,13 @@ func (r *Registry) Register(c Collector) error {
 		close(descChan)
 	}()
 	r.mtx.Lock()
-	defer r.mtx.Unlock()
-	// Coduct various tests...
+	defer func() {
+		// Drain channel in case of premature return to not leak a goroutine.
+		for range descChan {
+		}
+		r.mtx.Unlock()
+	}()
+	// Conduct various tests...
 	for desc := range descChan {
 
 		// Is the descriptor valid at all?
@@ -307,12 +294,12 @@ func (r *Registry) Register(c Collector) error {
 		if _, exists := r.descIDs[desc.id]; exists {
 			duplicateDescErr = fmt.Errorf("descriptor %s already exists with the same fully-qualified name and const label values", desc)
 		}
-		// If it is not a duplicate desc in this collector, add it to
+		// If it is not a duplicate desc in this collector, XOR it to
 		// the collectorID.  (We allow duplicate descs within the same
 		// collector, but their existence must be a no-op.)
 		if _, exists := newDescIDs[desc.id]; !exists {
 			newDescIDs[desc.id] = struct{}{}
-			collectorID += desc.id
+			collectorID ^= desc.id
 		}
 
 		// Are all the label names and the help string consistent with
@@ -333,14 +320,23 @@ func (r *Registry) Register(c Collector) error {
 			}
 		}
 	}
-	// Did anything happen at all?
+	// A Collector yielding no Desc at all is considered unchecked.
 	if len(newDescIDs) == 0 {
-		return errors.New("collector has no descriptors")
+		r.uncheckedCollectors = append(r.uncheckedCollectors, c)
+		return nil
 	}
 	if existing, exists := r.collectorsByID[collectorID]; exists {
-		return AlreadyRegisteredError{
-			ExistingCollector: existing,
-			NewCollector:      c,
+		switch e := existing.(type) {
+		case *wrappingCollector:
+			return AlreadyRegisteredError{
+				ExistingCollector: e.unwrapRecursively(),
+				NewCollector:      c,
+			}
+		default:
+			return AlreadyRegisteredError{
+				ExistingCollector: e,
+				NewCollector:      c,
+			}
 		}
 	}
 	// If the collectorID is new, but at least one of the descs existed
@@ -365,7 +361,7 @@ func (r *Registry) Unregister(c Collector) bool {
 	var (
 		descChan    = make(chan *Desc, capDescChan)
 		descIDs     = map[uint64]struct{}{}
-		collectorID uint64 // Just a sum of the desc IDs.
+		collectorID uint64 // All desc IDs XOR'd together.
 	)
 	go func() {
 		c.Describe(descChan)
@@ -373,7 +369,7 @@ func (r *Registry) Unregister(c Collector) bool {
 	}()
 	for desc := range descChan {
 		if _, exists := descIDs[desc.id]; !exists {
-			collectorID += desc.id
+			collectorID ^= desc.id
 			descIDs[desc.id] = struct{}{}
 		}
 	}
@@ -409,31 +405,25 @@ func (r *Registry) MustRegister(cs ...Collector) {
 // Gather implements Gatherer.
 func (r *Registry) Gather() ([]*dto.MetricFamily, error) {
 	var (
-		metricChan        = make(chan Metric, capMetricChan)
-		metricHashes      = map[uint64]struct{}{}
-		dimHashes         = map[string]uint64{}
-		wg                sync.WaitGroup
-		errs              MultiError          // The collected errors to return in the end.
-		registeredDescIDs map[uint64]struct{} // Only used for pedantic checks
+		checkedMetricChan   = make(chan Metric, capMetricChan)
+		uncheckedMetricChan = make(chan Metric, capMetricChan)
+		metricHashes        = map[uint64]struct{}{}
+		wg                  sync.WaitGroup
+		errs                MultiError          // The collected errors to return in the end.
+		registeredDescIDs   map[uint64]struct{} // Only used for pedantic checks
 	)
 
 	r.mtx.RLock()
+	goroutineBudget := len(r.collectorsByID) + len(r.uncheckedCollectors)
 	metricFamiliesByName := make(map[string]*dto.MetricFamily, len(r.dimHashesByName))
-
-	// Scatter.
-	// (Collectors could be complex and slow, so we call them all at once.)
-	wg.Add(len(r.collectorsByID))
-	go func() {
-		wg.Wait()
-		close(metricChan)
-	}()
+	checkedCollectors := make(chan Collector, len(r.collectorsByID))
+	uncheckedCollectors := make(chan Collector, len(r.uncheckedCollectors))
 	for _, collector := range r.collectorsByID {
-		go func(collector Collector) {
-			defer wg.Done()
-			collector.Collect(metricChan)
-		}(collector)
+		checkedCollectors <- collector
+	}
+	for _, collector := range r.uncheckedCollectors {
+		uncheckedCollectors <- collector
 	}
-
 	// In case pedantic checks are enabled, we have to copy the map before
 	// giving up the RLock.
 	if r.pedanticChecksEnabled {
@@ -442,133 +432,264 @@ func (r *Registry) Gather() ([]*dto.MetricFamily, error) {
 			registeredDescIDs[id] = struct{}{}
 		}
 	}
-
 	r.mtx.RUnlock()
 
-	// Drain metricChan in case of premature return.
+	wg.Add(goroutineBudget)
+
+	collectWorker := func() {
+		for {
+			select {
+			case collector := <-checkedCollectors:
+				collector.Collect(checkedMetricChan)
+			case collector := <-uncheckedCollectors:
+				collector.Collect(uncheckedMetricChan)
+			default:
+				return
+			}
+			wg.Done()
+		}
+	}
+
+	// Start the first worker now to make sure at least one is running.
+	go collectWorker()
+	goroutineBudget--
+
+	// Close checkedMetricChan and uncheckedMetricChan once all collectors
+	// are collected.
+	go func() {
+		wg.Wait()
+		close(checkedMetricChan)
+		close(uncheckedMetricChan)
+	}()
+
+	// Drain checkedMetricChan and uncheckedMetricChan in case of premature return.
 	defer func() {
-		for _ = range metricChan {
+		if checkedMetricChan != nil {
+			for range checkedMetricChan {
+			}
+		}
+		if uncheckedMetricChan != nil {
+			for range uncheckedMetricChan {
+			}
 		}
 	}()
 
-	// Gather.
-	for metric := range metricChan {
-		// This could be done concurrently, too, but it required locking
-		// of metricFamiliesByName (and of metricHashes if checks are
-		// enabled). Most likely not worth it.
-		desc := metric.Desc()
-		dtoMetric := &dto.Metric{}
-		if err := metric.Write(dtoMetric); err != nil {
-			errs = append(errs, fmt.Errorf(
-				"error collecting metric %v: %s", desc, err,
+	// Copy the channel references so we can nil them out later to remove
+	// them from the select statements below.
+	cmc := checkedMetricChan
+	umc := uncheckedMetricChan
+
+	for {
+		select {
+		case metric, ok := <-cmc:
+			if !ok {
+				cmc = nil
+				break
+			}
+			errs.Append(processMetric(
+				metric, metricFamiliesByName,
+				metricHashes,
+				registeredDescIDs,
 			))
-			continue
-		}
-		metricFamily, ok := metricFamiliesByName[desc.fqName]
-		if ok {
-			if metricFamily.GetHelp() != desc.help {
-				errs = append(errs, fmt.Errorf(
-					"collected metric %s %s has help %q but should have %q",
-					desc.fqName, dtoMetric, desc.help, metricFamily.GetHelp(),
-				))
-				continue
+		case metric, ok := <-umc:
+			if !ok {
+				umc = nil
+				break
 			}
-			// TODO(beorn7): Simplify switch once Desc has type.
-			switch metricFamily.GetType() {
-			case dto.MetricType_COUNTER:
-				if dtoMetric.Counter == nil {
-					errs = append(errs, fmt.Errorf(
-						"collected metric %s %s should be a Counter",
-						desc.fqName, dtoMetric,
-					))
-					continue
-				}
-			case dto.MetricType_GAUGE:
-				if dtoMetric.Gauge == nil {
-					errs = append(errs, fmt.Errorf(
-						"collected metric %s %s should be a Gauge",
-						desc.fqName, dtoMetric,
-					))
-					continue
-				}
-			case dto.MetricType_SUMMARY:
-				if dtoMetric.Summary == nil {
-					errs = append(errs, fmt.Errorf(
-						"collected metric %s %s should be a Summary",
-						desc.fqName, dtoMetric,
-					))
-					continue
-				}
-			case dto.MetricType_UNTYPED:
-				if dtoMetric.Untyped == nil {
-					errs = append(errs, fmt.Errorf(
-						"collected metric %s %s should be Untyped",
-						desc.fqName, dtoMetric,
+			errs.Append(processMetric(
+				metric, metricFamiliesByName,
+				metricHashes,
+				nil,
+			))
+		default:
+			if goroutineBudget <= 0 || len(checkedCollectors)+len(uncheckedCollectors) == 0 {
+				// All collectors are already being worked on or
+				// we have already as many goroutines started as
+				// there are collectors. Do the same as above,
+				// just without the default.
+				select {
+				case metric, ok := <-cmc:
+					if !ok {
+						cmc = nil
+						break
+					}
+					errs.Append(processMetric(
+						metric, metricFamiliesByName,
+						metricHashes,
+						registeredDescIDs,
 					))
-					continue
-				}
-			case dto.MetricType_HISTOGRAM:
-				if dtoMetric.Histogram == nil {
-					errs = append(errs, fmt.Errorf(
-						"collected metric %s %s should be a Histogram",
-						desc.fqName, dtoMetric,
+				case metric, ok := <-umc:
+					if !ok {
+						umc = nil
+						break
+					}
+					errs.Append(processMetric(
+						metric, metricFamiliesByName,
+						metricHashes,
+						nil,
 					))
-					continue
 				}
-			default:
-				panic("encountered MetricFamily with invalid type")
+				break
 			}
-		} else {
-			metricFamily = &dto.MetricFamily{}
-			metricFamily.Name = proto.String(desc.fqName)
-			metricFamily.Help = proto.String(desc.help)
-			// TODO(beorn7): Simplify switch once Desc has type.
-			switch {
-			case dtoMetric.Gauge != nil:
-				metricFamily.Type = dto.MetricType_GAUGE.Enum()
-			case dtoMetric.Counter != nil:
-				metricFamily.Type = dto.MetricType_COUNTER.Enum()
-			case dtoMetric.Summary != nil:
-				metricFamily.Type = dto.MetricType_SUMMARY.Enum()
-			case dtoMetric.Untyped != nil:
-				metricFamily.Type = dto.MetricType_UNTYPED.Enum()
-			case dtoMetric.Histogram != nil:
-				metricFamily.Type = dto.MetricType_HISTOGRAM.Enum()
-			default:
-				errs = append(errs, fmt.Errorf(
-					"empty metric collected: %s", dtoMetric,
-				))
-				continue
+			// Start more workers.
+			go collectWorker()
+			goroutineBudget--
+			runtime.Gosched()
+		}
+		// Once both checkedMetricChan and uncheckdMetricChan are closed
+		// and drained, the contraption above will nil out cmc and umc,
+		// and then we can leave the collect loop here.
+		if cmc == nil && umc == nil {
+			break
+		}
+	}
+	return internal.NormalizeMetricFamilies(metricFamiliesByName), errs.MaybeUnwrap()
+}
+
+// WriteToTextfile calls Gather on the provided Gatherer, encodes the result in the
+// Prometheus text format, and writes it to a temporary file. Upon success, the
+// temporary file is renamed to the provided filename.
+//
+// This is intended for use with the textfile collector of the node exporter.
+// Note that the node exporter expects the filename to be suffixed with ".prom".
+func WriteToTextfile(filename string, g Gatherer) error {
+	tmp, err := ioutil.TempFile(filepath.Dir(filename), filepath.Base(filename))
+	if err != nil {
+		return err
+	}
+	defer os.Remove(tmp.Name())
+
+	mfs, err := g.Gather()
+	if err != nil {
+		return err
+	}
+	for _, mf := range mfs {
+		if _, err := expfmt.MetricFamilyToText(tmp, mf); err != nil {
+			return err
+		}
+	}
+	if err := tmp.Close(); err != nil {
+		return err
+	}
+
+	if err := os.Chmod(tmp.Name(), 0644); err != nil {
+		return err
+	}
+	return os.Rename(tmp.Name(), filename)
+}
+
+// processMetric is an internal helper method only used by the Gather method.
+func processMetric(
+	metric Metric,
+	metricFamiliesByName map[string]*dto.MetricFamily,
+	metricHashes map[uint64]struct{},
+	registeredDescIDs map[uint64]struct{},
+) error {
+	desc := metric.Desc()
+	// Wrapped metrics collected by an unchecked Collector can have an
+	// invalid Desc.
+	if desc.err != nil {
+		return desc.err
+	}
+	dtoMetric := &dto.Metric{}
+	if err := metric.Write(dtoMetric); err != nil {
+		return fmt.Errorf("error collecting metric %v: %s", desc, err)
+	}
+	metricFamily, ok := metricFamiliesByName[desc.fqName]
+	if ok { // Existing name.
+		if metricFamily.GetHelp() != desc.help {
+			return fmt.Errorf(
+				"collected metric %s %s has help %q but should have %q",
+				desc.fqName, dtoMetric, desc.help, metricFamily.GetHelp(),
+			)
+		}
+		// TODO(beorn7): Simplify switch once Desc has type.
+		switch metricFamily.GetType() {
+		case dto.MetricType_COUNTER:
+			if dtoMetric.Counter == nil {
+				return fmt.Errorf(
+					"collected metric %s %s should be a Counter",
+					desc.fqName, dtoMetric,
+				)
+			}
+		case dto.MetricType_GAUGE:
+			if dtoMetric.Gauge == nil {
+				return fmt.Errorf(
+					"collected metric %s %s should be a Gauge",
+					desc.fqName, dtoMetric,
+				)
 			}
-			metricFamiliesByName[desc.fqName] = metricFamily
-		}
-		if err := checkMetricConsistency(metricFamily, dtoMetric, metricHashes, dimHashes); err != nil {
-			errs = append(errs, err)
-			continue
-		}
-		if r.pedanticChecksEnabled {
-			// Is the desc registered at all?
-			if _, exist := registeredDescIDs[desc.id]; !exist {
-				errs = append(errs, fmt.Errorf(
-					"collected metric %s %s with unregistered descriptor %s",
-					metricFamily.GetName(), dtoMetric, desc,
-				))
-				continue
+		case dto.MetricType_SUMMARY:
+			if dtoMetric.Summary == nil {
+				return fmt.Errorf(
+					"collected metric %s %s should be a Summary",
+					desc.fqName, dtoMetric,
+				)
 			}
-			if err := checkDescConsistency(metricFamily, dtoMetric, desc); err != nil {
-				errs = append(errs, err)
-				continue
+		case dto.MetricType_UNTYPED:
+			if dtoMetric.Untyped == nil {
+				return fmt.Errorf(
+					"collected metric %s %s should be Untyped",
+					desc.fqName, dtoMetric,
+				)
 			}
+		case dto.MetricType_HISTOGRAM:
+			if dtoMetric.Histogram == nil {
+				return fmt.Errorf(
+					"collected metric %s %s should be a Histogram",
+					desc.fqName, dtoMetric,
+				)
+			}
+		default:
+			panic("encountered MetricFamily with invalid type")
+		}
+	} else { // New name.
+		metricFamily = &dto.MetricFamily{}
+		metricFamily.Name = proto.String(desc.fqName)
+		metricFamily.Help = proto.String(desc.help)
+		// TODO(beorn7): Simplify switch once Desc has type.
+		switch {
+		case dtoMetric.Gauge != nil:
+			metricFamily.Type = dto.MetricType_GAUGE.Enum()
+		case dtoMetric.Counter != nil:
+			metricFamily.Type = dto.MetricType_COUNTER.Enum()
+		case dtoMetric.Summary != nil:
+			metricFamily.Type = dto.MetricType_SUMMARY.Enum()
+		case dtoMetric.Untyped != nil:
+			metricFamily.Type = dto.MetricType_UNTYPED.Enum()
+		case dtoMetric.Histogram != nil:
+			metricFamily.Type = dto.MetricType_HISTOGRAM.Enum()
+		default:
+			return fmt.Errorf("empty metric collected: %s", dtoMetric)
+		}
+		if err := checkSuffixCollisions(metricFamily, metricFamiliesByName); err != nil {
+			return err
+		}
+		metricFamiliesByName[desc.fqName] = metricFamily
+	}
+	if err := checkMetricConsistency(metricFamily, dtoMetric, metricHashes); err != nil {
+		return err
+	}
+	if registeredDescIDs != nil {
+		// Is the desc registered at all?
+		if _, exist := registeredDescIDs[desc.id]; !exist {
+			return fmt.Errorf(
+				"collected metric %s %s with unregistered descriptor %s",
+				metricFamily.GetName(), dtoMetric, desc,
+			)
+		}
+		if err := checkDescConsistency(metricFamily, dtoMetric, desc); err != nil {
+			return err
 		}
-		metricFamily.Metric = append(metricFamily.Metric, dtoMetric)
 	}
-	return normalizeMetricFamilies(metricFamiliesByName), errs.MaybeUnwrap()
+	metricFamily.Metric = append(metricFamily.Metric, dtoMetric)
+	return nil
 }
 
 // Gatherers is a slice of Gatherer instances that implements the Gatherer
 // interface itself. Its Gather method calls Gather on all Gatherers in the
 // slice in order and returns the merged results. Errors returned from the
-// Gather calles are all returned in a flattened MultiError. Duplicate and
+// Gather calls are all returned in a flattened MultiError. Duplicate and
 // inconsistent Metrics are skipped (first occurrence in slice order wins) and
 // reported in the returned error.
 //
@@ -588,7 +709,6 @@ func (gs Gatherers) Gather() ([]*dto.MetricFamily, error) {
 	var (
 		metricFamiliesByName = map[string]*dto.MetricFamily{}
 		metricHashes         = map[uint64]struct{}{}
-		dimHashes            = map[string]uint64{}
 		errs                 MultiError // The collected errors to return in the end.
 	)
 
@@ -625,10 +745,14 @@ func (gs Gatherers) Gather() ([]*dto.MetricFamily, error) {
 				existingMF.Name = mf.Name
 				existingMF.Help = mf.Help
 				existingMF.Type = mf.Type
+				if err := checkSuffixCollisions(existingMF, metricFamiliesByName); err != nil {
+					errs = append(errs, err)
+					continue
+				}
 				metricFamiliesByName[mf.GetName()] = existingMF
 			}
 			for _, m := range mf.Metric {
-				if err := checkMetricConsistency(existingMF, m, metricHashes, dimHashes); err != nil {
+				if err := checkMetricConsistency(existingMF, m, metricHashes); err != nil {
 					errs = append(errs, err)
 					continue
 				}
@@ -636,88 +760,80 @@ func (gs Gatherers) Gather() ([]*dto.MetricFamily, error) {
 			}
 		}
 	}
-	return normalizeMetricFamilies(metricFamiliesByName), errs.MaybeUnwrap()
-}
-
-// metricSorter is a sortable slice of *dto.Metric.
-type metricSorter []*dto.Metric
-
-func (s metricSorter) Len() int {
-	return len(s)
-}
-
-func (s metricSorter) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-func (s metricSorter) Less(i, j int) bool {
-	if len(s[i].Label) != len(s[j].Label) {
-		// This should not happen. The metrics are
-		// inconsistent. However, we have to deal with the fact, as
-		// people might use custom collectors or metric family injection
-		// to create inconsistent metrics. So let's simply compare the
-		// number of labels in this case. That will still yield
-		// reproducible sorting.
-		return len(s[i].Label) < len(s[j].Label)
-	}
-	for n, lp := range s[i].Label {
-		vi := lp.GetValue()
-		vj := s[j].Label[n].GetValue()
-		if vi != vj {
-			return vi < vj
-		}
-	}
-
-	// We should never arrive here. Multiple metrics with the same
-	// label set in the same scrape will lead to undefined ingestion
-	// behavior. However, as above, we have to provide stable sorting
-	// here, even for inconsistent metrics. So sort equal metrics
-	// by their timestamp, with missing timestamps (implying "now")
-	// coming last.
-	if s[i].TimestampMs == nil {
-		return false
-	}
-	if s[j].TimestampMs == nil {
-		return true
-	}
-	return s[i].GetTimestampMs() < s[j].GetTimestampMs()
+	return internal.NormalizeMetricFamilies(metricFamiliesByName), errs.MaybeUnwrap()
 }
 
-// normalizeMetricFamilies returns a MetricFamily slice whith empty
-// MetricFamilies pruned and the remaining MetricFamilies sorted by name within
-// the slice, with the contained Metrics sorted within each MetricFamily.
-func normalizeMetricFamilies(metricFamiliesByName map[string]*dto.MetricFamily) []*dto.MetricFamily {
-	for _, mf := range metricFamiliesByName {
-		sort.Sort(metricSorter(mf.Metric))
+// checkSuffixCollisions checks for collisions with the “magic” suffixes the
+// Prometheus text format and the internal metric representation of the
+// Prometheus server add while flattening Summaries and Histograms.
+func checkSuffixCollisions(mf *dto.MetricFamily, mfs map[string]*dto.MetricFamily) error {
+	var (
+		newName              = mf.GetName()
+		newType              = mf.GetType()
+		newNameWithoutSuffix = ""
+	)
+	switch {
+	case strings.HasSuffix(newName, "_count"):
+		newNameWithoutSuffix = newName[:len(newName)-6]
+	case strings.HasSuffix(newName, "_sum"):
+		newNameWithoutSuffix = newName[:len(newName)-4]
+	case strings.HasSuffix(newName, "_bucket"):
+		newNameWithoutSuffix = newName[:len(newName)-7]
+	}
+	if newNameWithoutSuffix != "" {
+		if existingMF, ok := mfs[newNameWithoutSuffix]; ok {
+			switch existingMF.GetType() {
+			case dto.MetricType_SUMMARY:
+				if !strings.HasSuffix(newName, "_bucket") {
+					return fmt.Errorf(
+						"collected metric named %q collides with previously collected summary named %q",
+						newName, newNameWithoutSuffix,
+					)
+				}
+			case dto.MetricType_HISTOGRAM:
+				return fmt.Errorf(
+					"collected metric named %q collides with previously collected histogram named %q",
+					newName, newNameWithoutSuffix,
+				)
+			}
+		}
 	}
-	names := make([]string, 0, len(metricFamiliesByName))
-	for name, mf := range metricFamiliesByName {
-		if len(mf.Metric) > 0 {
-			names = append(names, name)
+	if newType == dto.MetricType_SUMMARY || newType == dto.MetricType_HISTOGRAM {
+		if _, ok := mfs[newName+"_count"]; ok {
+			return fmt.Errorf(
+				"collected histogram or summary named %q collides with previously collected metric named %q",
+				newName, newName+"_count",
+			)
+		}
+		if _, ok := mfs[newName+"_sum"]; ok {
+			return fmt.Errorf(
+				"collected histogram or summary named %q collides with previously collected metric named %q",
+				newName, newName+"_sum",
+			)
 		}
 	}
-	sort.Strings(names)
-	result := make([]*dto.MetricFamily, 0, len(names))
-	for _, name := range names {
-		result = append(result, metricFamiliesByName[name])
+	if newType == dto.MetricType_HISTOGRAM {
+		if _, ok := mfs[newName+"_bucket"]; ok {
+			return fmt.Errorf(
+				"collected histogram named %q collides with previously collected metric named %q",
+				newName, newName+"_bucket",
+			)
+		}
 	}
-	return result
+	return nil
 }
 
 // checkMetricConsistency checks if the provided Metric is consistent with the
-// provided MetricFamily. It also hashed the Metric labels and the MetricFamily
-// name. If the resulting hash is alread in the provided metricHashes, an error
-// is returned. If not, it is added to metricHashes. The provided dimHashes maps
-// MetricFamily names to their dimHash (hashed sorted label names). If dimHashes
-// doesn't yet contain a hash for the provided MetricFamily, it is
-// added. Otherwise, an error is returned if the existing dimHashes in not equal
-// the calculated dimHash.
+// provided MetricFamily. It also hashes the Metric labels and the MetricFamily
+// name. If the resulting hash is already in the provided metricHashes, an error
+// is returned. If not, it is added to metricHashes.
 func checkMetricConsistency(
 	metricFamily *dto.MetricFamily,
 	dtoMetric *dto.Metric,
 	metricHashes map[uint64]struct{},
-	dimHashes map[string]uint64,
 ) error {
+	name := metricFamily.GetName()
+
 	// Type consistency with metric family.
 	if metricFamily.GetType() == dto.MetricType_GAUGE && dtoMetric.Gauge == nil ||
 		metricFamily.GetType() == dto.MetricType_COUNTER && dtoMetric.Counter == nil ||
@@ -725,42 +841,67 @@ func checkMetricConsistency(
 		metricFamily.GetType() == dto.MetricType_HISTOGRAM && dtoMetric.Histogram == nil ||
 		metricFamily.GetType() == dto.MetricType_UNTYPED && dtoMetric.Untyped == nil {
 		return fmt.Errorf(
-			"collected metric %s %s is not a %s",
-			metricFamily.GetName(), dtoMetric, metricFamily.GetType(),
+			"collected metric %q { %s} is not a %s",
+			name, dtoMetric, metricFamily.GetType(),
 		)
 	}
 
-	// Is the metric unique (i.e. no other metric with the same name and the same label values)?
-	h := hashNew()
-	h = hashAdd(h, metricFamily.GetName())
-	h = hashAddByte(h, separatorByte)
-	dh := hashNew()
+	previousLabelName := ""
+	for _, labelPair := range dtoMetric.GetLabel() {
+		labelName := labelPair.GetName()
+		if labelName == previousLabelName {
+			return fmt.Errorf(
+				"collected metric %q { %s} has two or more labels with the same name: %s",
+				name, dtoMetric, labelName,
+			)
+		}
+		if !checkLabelName(labelName) {
+			return fmt.Errorf(
+				"collected metric %q { %s} has a label with an invalid name: %s",
+				name, dtoMetric, labelName,
+			)
+		}
+		if dtoMetric.Summary != nil && labelName == quantileLabel {
+			return fmt.Errorf(
+				"collected metric %q { %s} must not have an explicit %q label",
+				name, dtoMetric, quantileLabel,
+			)
+		}
+		if !utf8.ValidString(labelPair.GetValue()) {
+			return fmt.Errorf(
+				"collected metric %q { %s} has a label named %q whose value is not utf8: %#v",
+				name, dtoMetric, labelName, labelPair.GetValue())
+		}
+		previousLabelName = labelName
+	}
+
+	// Is the metric unique (i.e. no other metric with the same name and the same labels)?
+	h := xxhash.New()
+	h.WriteString(name)
+	h.Write(separatorByteSlice)
 	// Make sure label pairs are sorted. We depend on it for the consistency
 	// check.
-	sort.Sort(LabelPairSorter(dtoMetric.Label))
+	if !sort.IsSorted(labelPairSorter(dtoMetric.Label)) {
+		// We cannot sort dtoMetric.Label in place as it is immutable by contract.
+		copiedLabels := make([]*dto.LabelPair, len(dtoMetric.Label))
+		copy(copiedLabels, dtoMetric.Label)
+		sort.Sort(labelPairSorter(copiedLabels))
+		dtoMetric.Label = copiedLabels
+	}
 	for _, lp := range dtoMetric.Label {
-		h = hashAdd(h, lp.GetValue())
-		h = hashAddByte(h, separatorByte)
-		dh = hashAdd(dh, lp.GetName())
-		dh = hashAddByte(dh, separatorByte)
+		h.WriteString(lp.GetName())
+		h.Write(separatorByteSlice)
+		h.WriteString(lp.GetValue())
+		h.Write(separatorByteSlice)
 	}
-	if _, exists := metricHashes[h]; exists {
+	hSum := h.Sum64()
+	if _, exists := metricHashes[hSum]; exists {
 		return fmt.Errorf(
-			"collected metric %s %s was collected before with the same name and label values",
-			metricFamily.GetName(), dtoMetric,
+			"collected metric %q { %s} was collected before with the same name and label values",
+			name, dtoMetric,
 		)
 	}
-	if dimHash, ok := dimHashes[metricFamily.GetName()]; ok {
-		if dimHash != dh {
-			return fmt.Errorf(
-				"collected metric %s %s has label dimensions inconsistent with previously collected metrics in the same metric family",
-				metricFamily.GetName(), dtoMetric,
-			)
-		}
-	} else {
-		dimHashes[metricFamily.GetName()] = dh
-	}
-	metricHashes[h] = struct{}{}
+	metricHashes[hSum] = struct{}{}
 	return nil
 }
 
@@ -778,8 +919,8 @@ func checkDescConsistency(
 	}
 
 	// Is the desc consistent with the content of the metric?
-	lpsFromDesc := make([]*dto.LabelPair, 0, len(dtoMetric.Label))
-	lpsFromDesc = append(lpsFromDesc, desc.constLabelPairs...)
+	lpsFromDesc := make([]*dto.LabelPair, len(desc.constLabelPairs), len(dtoMetric.Label))
+	copy(lpsFromDesc, desc.constLabelPairs)
 	for _, l := range desc.variableLabels {
 		lpsFromDesc = append(lpsFromDesc, &dto.LabelPair{
 			Name: proto.String(l),
@@ -791,7 +932,7 @@ func checkDescConsistency(
 			metricFamily.GetName(), dtoMetric, desc,
 		)
 	}
-	sort.Sort(LabelPairSorter(lpsFromDesc))
+	sort.Sort(labelPairSorter(lpsFromDesc))
 	for i, lpFromDesc := range lpsFromDesc {
 		lpFromMetric := dtoMetric.Label[i]
 		if lpFromDesc.GetName() != lpFromMetric.GetName() ||
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/summary.go b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
index bce05bf9a0276..ae42e761a19a2 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/summary.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
@@ -16,8 +16,10 @@ package prometheus
 import (
 	"fmt"
 	"math"
+	"runtime"
 	"sort"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/beorn7/perks/quantile"
@@ -36,7 +38,10 @@ const quantileLabel = "quantile"
 //
 // A typical use-case is the observation of request latencies. By default, a
 // Summary provides the median, the 90th and the 99th percentile of the latency
-// as rank estimations.
+// as rank estimations. However, the default behavior will change in the
+// upcoming v1.0.0 of the library. There will be no rank estimations at all by
+// default. For a sane transition, it is recommended to set the desired rank
+// estimations explicitly.
 //
 // Note that the rank estimations cannot be aggregated in a meaningful way with
 // the Prometheus query language (i.e. you cannot average or add them). If you
@@ -53,13 +58,8 @@ type Summary interface {
 	Observe(float64)
 }
 
-// DefObjectives are the default Summary quantile values.
-var (
-	DefObjectives = map[float64]float64{0.5: 0.05, 0.9: 0.01, 0.99: 0.001}
-
-	errQuantileLabelNotAllowed = fmt.Errorf(
-		"%q is not allowed as label name in summaries", quantileLabel,
-	)
+var errQuantileLabelNotAllowed = fmt.Errorf(
+	"%q is not allowed as label name in summaries", quantileLabel,
 )
 
 // Default values for SummaryOpts.
@@ -75,8 +75,10 @@ const (
 )
 
 // SummaryOpts bundles the options for creating a Summary metric. It is
-// mandatory to set Name and Help to a non-empty string. All other fields are
-// optional and can safely be left at their zero value.
+// mandatory to set Name to a non-empty string. While all other fields are
+// optional and can safely be left at their zero value, it is recommended to set
+// a help string and to explicitly set the Objectives field to the desired value
+// as the default value will change in the upcoming v1.0.0 of the library.
 type SummaryOpts struct {
 	// Namespace, Subsystem, and Name are components of the fully-qualified
 	// name of the Summary (created by joining these components with
@@ -87,35 +89,34 @@ type SummaryOpts struct {
 	Subsystem string
 	Name      string
 
-	// Help provides information about this Summary. Mandatory!
+	// Help provides information about this Summary.
 	//
 	// Metrics with the same fully-qualified name must have the same Help
 	// string.
 	Help string
 
-	// ConstLabels are used to attach fixed labels to this
-	// Summary. Summaries with the same fully-qualified name must have the
-	// same label names in their ConstLabels.
+	// ConstLabels are used to attach fixed labels to this metric. Metrics
+	// with the same fully-qualified name must have the same label names in
+	// their ConstLabels.
 	//
-	// Note that in most cases, labels have a value that varies during the
-	// lifetime of a process. Those labels are usually managed with a
-	// SummaryVec. ConstLabels serve only special purposes. One is for the
-	// special case where the value of a label does not change during the
-	// lifetime of a process, e.g. if the revision of the running binary is
-	// put into a label. Another, more advanced purpose is if more than one
-	// Collector needs to collect Summaries with the same fully-qualified
-	// name. In that case, those Summaries must differ in the values of
-	// their ConstLabels. See the Collector examples.
+	// Due to the way a Summary is represented in the Prometheus text format
+	// and how it is handled by the Prometheus server internally, “quantile”
+	// is an illegal label name. Construction of a Summary or SummaryVec
+	// will panic if this label name is used in ConstLabels.
 	//
-	// If the value of a label never changes (not even between binaries),
-	// that label most likely should not be a label at all (but part of the
-	// metric name).
+	// ConstLabels are only used rarely. In particular, do not use them to
+	// attach the same labels to all your metrics. Those use cases are
+	// better covered by target labels set by the scraping Prometheus
+	// server, or by one specific metric (e.g. a build_info or a
+	// machine_role metric). See also
+	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels,-not-static-scraped-labels
 	ConstLabels Labels
 
 	// Objectives defines the quantile rank estimates with their respective
-	// absolute error. If Objectives[q] = e, then the value reported
-	// for q will be the φ-quantile value for some φ between q-e and q+e.
-	// The default value is DefObjectives.
+	// absolute error. If Objectives[q] = e, then the value reported for q
+	// will be the φ-quantile value for some φ between q-e and q+e.  The
+	// default value is an empty map, resulting in a summary without
+	// quantiles.
 	Objectives map[float64]float64
 
 	// MaxAge defines the duration for which an observation stays relevant
@@ -139,7 +140,7 @@ type SummaryOpts struct {
 	BufCap uint32
 }
 
-// Great fuck-up with the sliding-window decay algorithm... The Merge method of
+// Problem with the sliding-window decay algorithm... The Merge method of
 // perk/quantile is actually not working as advertised - and it might be
 // unfixable, as the underlying algorithm is apparently not capable of merging
 // summaries in the first place. To avoid using Merge, we are currently adding
@@ -169,7 +170,7 @@ func NewSummary(opts SummaryOpts) Summary {
 
 func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 	if len(desc.variableLabels) != len(labelValues) {
-		panic(errInconsistentCardinality)
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, labelValues))
 	}
 
 	for _, n := range desc.variableLabels {
@@ -183,8 +184,8 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 		}
 	}
 
-	if len(opts.Objectives) == 0 {
-		opts.Objectives = DefObjectives
+	if opts.Objectives == nil {
+		opts.Objectives = map[float64]float64{}
 	}
 
 	if opts.MaxAge < 0 {
@@ -202,6 +203,17 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 		opts.BufCap = DefBufCap
 	}
 
+	if len(opts.Objectives) == 0 {
+		// Use the lock-free implementation of a Summary without objectives.
+		s := &noObjectivesSummary{
+			desc:       desc,
+			labelPairs: makeLabelPairs(desc, labelValues),
+			counts:     [2]*summaryCounts{{}, {}},
+		}
+		s.init(s) // Init self-collection.
+		return s
+	}
+
 	s := &summary{
 		desc: desc,
 
@@ -370,6 +382,116 @@ func (s *summary) swapBufs(now time.Time) {
 	}
 }
 
+type summaryCounts struct {
+	// sumBits contains the bits of the float64 representing the sum of all
+	// observations. sumBits and count have to go first in the struct to
+	// guarantee alignment for atomic operations.
+	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
+	sumBits uint64
+	count   uint64
+}
+
+type noObjectivesSummary struct {
+	// countAndHotIdx enables lock-free writes with use of atomic updates.
+	// The most significant bit is the hot index [0 or 1] of the count field
+	// below. Observe calls update the hot one. All remaining bits count the
+	// number of Observe calls. Observe starts by incrementing this counter,
+	// and finish by incrementing the count field in the respective
+	// summaryCounts, as a marker for completion.
+	//
+	// Calls of the Write method (which are non-mutating reads from the
+	// perspective of the summary) swap the hot–cold under the writeMtx
+	// lock. A cooldown is awaited (while locked) by comparing the number of
+	// observations with the initiation count. Once they match, then the
+	// last observation on the now cool one has completed. All cool fields must
+	// be merged into the new hot before releasing writeMtx.
+
+	// Fields with atomic access first! See alignment constraint:
+	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
+	countAndHotIdx uint64
+
+	selfCollector
+	desc     *Desc
+	writeMtx sync.Mutex // Only used in the Write method.
+
+	// Two counts, one is "hot" for lock-free observations, the other is
+	// "cold" for writing out a dto.Metric. It has to be an array of
+	// pointers to guarantee 64bit alignment of the histogramCounts, see
+	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG.
+	counts [2]*summaryCounts
+
+	labelPairs []*dto.LabelPair
+}
+
+func (s *noObjectivesSummary) Desc() *Desc {
+	return s.desc
+}
+
+func (s *noObjectivesSummary) Observe(v float64) {
+	// We increment h.countAndHotIdx so that the counter in the lower
+	// 63 bits gets incremented. At the same time, we get the new value
+	// back, which we can use to find the currently-hot counts.
+	n := atomic.AddUint64(&s.countAndHotIdx, 1)
+	hotCounts := s.counts[n>>63]
+
+	for {
+		oldBits := atomic.LoadUint64(&hotCounts.sumBits)
+		newBits := math.Float64bits(math.Float64frombits(oldBits) + v)
+		if atomic.CompareAndSwapUint64(&hotCounts.sumBits, oldBits, newBits) {
+			break
+		}
+	}
+	// Increment count last as we take it as a signal that the observation
+	// is complete.
+	atomic.AddUint64(&hotCounts.count, 1)
+}
+
+func (s *noObjectivesSummary) Write(out *dto.Metric) error {
+	// For simplicity, we protect this whole method by a mutex. It is not in
+	// the hot path, i.e. Observe is called much more often than Write. The
+	// complication of making Write lock-free isn't worth it, if possible at
+	// all.
+	s.writeMtx.Lock()
+	defer s.writeMtx.Unlock()
+
+	// Adding 1<<63 switches the hot index (from 0 to 1 or from 1 to 0)
+	// without touching the count bits. See the struct comments for a full
+	// description of the algorithm.
+	n := atomic.AddUint64(&s.countAndHotIdx, 1<<63)
+	// count is contained unchanged in the lower 63 bits.
+	count := n & ((1 << 63) - 1)
+	// The most significant bit tells us which counts is hot. The complement
+	// is thus the cold one.
+	hotCounts := s.counts[n>>63]
+	coldCounts := s.counts[(^n)>>63]
+
+	// Await cooldown.
+	for count != atomic.LoadUint64(&coldCounts.count) {
+		runtime.Gosched() // Let observations get work done.
+	}
+
+	sum := &dto.Summary{
+		SampleCount: proto.Uint64(count),
+		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+	}
+
+	out.Summary = sum
+	out.Label = s.labelPairs
+
+	// Finally add all the cold counts to the new hot counts and reset the cold counts.
+	atomic.AddUint64(&hotCounts.count, count)
+	atomic.StoreUint64(&coldCounts.count, 0)
+	for {
+		oldBits := atomic.LoadUint64(&hotCounts.sumBits)
+		newBits := math.Float64bits(math.Float64frombits(oldBits) + sum.GetSampleSum())
+		if atomic.CompareAndSwapUint64(&hotCounts.sumBits, oldBits, newBits) {
+			atomic.StoreUint64(&coldCounts.sumBits, 0)
+			break
+		}
+	}
+	return nil
+}
+
 type quantSort []*dto.Quantile
 
 func (s quantSort) Len() int {
@@ -390,13 +512,21 @@ func (s quantSort) Less(i, j int) bool {
 // (e.g. HTTP request latencies, partitioned by status code and method). Create
 // instances with NewSummaryVec.
 type SummaryVec struct {
-	*MetricVec
+	*metricVec
 }
 
 // NewSummaryVec creates a new SummaryVec based on the provided SummaryOpts and
-// partitioned by the given label names. At least one label name must be
-// provided.
+// partitioned by the given label names.
+//
+// Due to the way a Summary is represented in the Prometheus text format and how
+// it is handled by the Prometheus server internally, “quantile” is an illegal
+// label name. NewSummaryVec will panic if this label name is used.
 func NewSummaryVec(opts SummaryOpts, labelNames []string) *SummaryVec {
+	for _, ln := range labelNames {
+		if ln == quantileLabel {
+			panic(errQuantileLabelNotAllowed)
+		}
+	}
 	desc := NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
 		opts.Help,
@@ -404,47 +534,116 @@ func NewSummaryVec(opts SummaryOpts, labelNames []string) *SummaryVec {
 		opts.ConstLabels,
 	)
 	return &SummaryVec{
-		MetricVec: newMetricVec(desc, func(lvs ...string) Metric {
+		metricVec: newMetricVec(desc, func(lvs ...string) Metric {
 			return newSummary(desc, opts, lvs...)
 		}),
 	}
 }
 
-// GetMetricWithLabelValues replaces the method of the same name in
-// MetricVec. The difference is that this method returns a Summary and not a
-// Metric so that no type conversion is required.
-func (m *SummaryVec) GetMetricWithLabelValues(lvs ...string) (Summary, error) {
-	metric, err := m.MetricVec.GetMetricWithLabelValues(lvs...)
+// GetMetricWithLabelValues returns the Summary for the given slice of label
+// values (same order as the VariableLabels in Desc). If that combination of
+// label values is accessed for the first time, a new Summary is created.
+//
+// It is possible to call this method without using the returned Summary to only
+// create the new Summary but leave it at its starting value, a Summary without
+// any observations.
+//
+// Keeping the Summary for later use is possible (and should be considered if
+// performance is critical), but keep in mind that Reset, DeleteLabelValues and
+// Delete can be used to delete the Summary from the SummaryVec. In that case,
+// the Summary will still exist, but it will not be exported anymore, even if a
+// Summary with the same label values is created later. See also the CounterVec
+// example.
+//
+// An error is returned if the number of label values is not the same as the
+// number of VariableLabels in Desc (minus any curried labels).
+//
+// Note that for more than one label value, this method is prone to mistakes
+// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
+// an alternative to avoid that type of mistake. For higher label numbers, the
+// latter has a much more readable (albeit more verbose) syntax, but it comes
+// with a performance overhead (for creating and processing the Labels map).
+// See also the GaugeVec example.
+func (v *SummaryVec) GetMetricWithLabelValues(lvs ...string) (Observer, error) {
+	metric, err := v.metricVec.getMetricWithLabelValues(lvs...)
 	if metric != nil {
-		return metric.(Summary), err
+		return metric.(Observer), err
 	}
 	return nil, err
 }
 
-// GetMetricWith replaces the method of the same name in MetricVec. The
-// difference is that this method returns a Summary and not a Metric so that no
-// type conversion is required.
-func (m *SummaryVec) GetMetricWith(labels Labels) (Summary, error) {
-	metric, err := m.MetricVec.GetMetricWith(labels)
+// GetMetricWith returns the Summary for the given Labels map (the label names
+// must match those of the VariableLabels in Desc). If that label map is
+// accessed for the first time, a new Summary is created. Implications of
+// creating a Summary without using it and keeping the Summary for later use are
+// the same as for GetMetricWithLabelValues.
+//
+// An error is returned if the number and names of the Labels are inconsistent
+// with those of the VariableLabels in Desc (minus any curried labels).
+//
+// This method is used for the same purpose as
+// GetMetricWithLabelValues(...string). See there for pros and cons of the two
+// methods.
+func (v *SummaryVec) GetMetricWith(labels Labels) (Observer, error) {
+	metric, err := v.metricVec.getMetricWith(labels)
 	if metric != nil {
-		return metric.(Summary), err
+		return metric.(Observer), err
 	}
 	return nil, err
 }
 
 // WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. By not returning an
-// error, WithLabelValues allows shortcuts like
+// GetMetricWithLabelValues would have returned an error. Not returning an
+// error allows shortcuts like
 //     myVec.WithLabelValues("404", "GET").Observe(42.21)
-func (m *SummaryVec) WithLabelValues(lvs ...string) Summary {
-	return m.MetricVec.WithLabelValues(lvs...).(Summary)
+func (v *SummaryVec) WithLabelValues(lvs ...string) Observer {
+	s, err := v.GetMetricWithLabelValues(lvs...)
+	if err != nil {
+		panic(err)
+	}
+	return s
 }
 
 // With works as GetMetricWith, but panics where GetMetricWithLabels would have
-// returned an error. By not returning an error, With allows shortcuts like
-//     myVec.With(Labels{"code": "404", "method": "GET"}).Observe(42.21)
-func (m *SummaryVec) With(labels Labels) Summary {
-	return m.MetricVec.With(labels).(Summary)
+// returned an error. Not returning an error allows shortcuts like
+//     myVec.With(prometheus.Labels{"code": "404", "method": "GET"}).Observe(42.21)
+func (v *SummaryVec) With(labels Labels) Observer {
+	s, err := v.GetMetricWith(labels)
+	if err != nil {
+		panic(err)
+	}
+	return s
+}
+
+// CurryWith returns a vector curried with the provided labels, i.e. the
+// returned vector has those labels pre-set for all labeled operations performed
+// on it. The cardinality of the curried vector is reduced accordingly. The
+// order of the remaining labels stays the same (just with the curried labels
+// taken out of the sequence – which is relevant for the
+// (GetMetric)WithLabelValues methods). It is possible to curry a curried
+// vector, but only with labels not yet used for currying before.
+//
+// The metrics contained in the SummaryVec are shared between the curried and
+// uncurried vectors. They are just accessed differently. Curried and uncurried
+// vectors behave identically in terms of collection. Only one must be
+// registered with a given registry (usually the uncurried version). The Reset
+// method deletes all metrics, even if called on a curried vector.
+func (v *SummaryVec) CurryWith(labels Labels) (ObserverVec, error) {
+	vec, err := v.curryWith(labels)
+	if vec != nil {
+		return &SummaryVec{vec}, err
+	}
+	return nil, err
+}
+
+// MustCurryWith works as CurryWith but panics where CurryWith would have
+// returned an error.
+func (v *SummaryVec) MustCurryWith(labels Labels) ObserverVec {
+	vec, err := v.CurryWith(labels)
+	if err != nil {
+		panic(err)
+	}
+	return vec
 }
 
 type constSummary struct {
@@ -497,7 +696,7 @@ func (s *constSummary) Write(out *dto.Metric) error {
 //     map[float64]float64{0.5: 0.23, 0.99: 0.56}
 //
 // NewConstSummary returns an error if the length of labelValues is not
-// consistent with the variable labels in Desc.
+// consistent with the variable labels in Desc or if Desc is invalid.
 func NewConstSummary(
 	desc *Desc,
 	count uint64,
@@ -505,8 +704,11 @@ func NewConstSummary(
 	quantiles map[float64]float64,
 	labelValues ...string,
 ) (Metric, error) {
-	if len(desc.variableLabels) != len(labelValues) {
-		return nil, errInconsistentCardinality
+	if desc.err != nil {
+		return nil, desc.err
+	}
+	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+		return nil, err
 	}
 	return &constSummary{
 		desc:       desc,
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/timer.go b/vendor/github.com/prometheus/client_golang/prometheus/timer.go
new file mode 100644
index 0000000000000..8d5f10523375a
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/timer.go
@@ -0,0 +1,54 @@
+// Copyright 2016 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package prometheus
+
+import "time"
+
+// Timer is a helper type to time functions. Use NewTimer to create new
+// instances.
+type Timer struct {
+	begin    time.Time
+	observer Observer
+}
+
+// NewTimer creates a new Timer. The provided Observer is used to observe a
+// duration in seconds. Timer is usually used to time a function call in the
+// following way:
+//    func TimeMe() {
+//        timer := NewTimer(myHistogram)
+//        defer timer.ObserveDuration()
+//        // Do actual work.
+//    }
+func NewTimer(o Observer) *Timer {
+	return &Timer{
+		begin:    time.Now(),
+		observer: o,
+	}
+}
+
+// ObserveDuration records the duration passed since the Timer was created with
+// NewTimer. It calls the Observe method of the Observer provided during
+// construction with the duration in seconds as an argument. The observed
+// duration is also returned. ObserveDuration is usually called with a defer
+// statement.
+//
+// Note that this method is only guaranteed to never observe negative durations
+// if used with Go1.9+.
+func (t *Timer) ObserveDuration() time.Duration {
+	d := time.Since(t.begin)
+	if t.observer != nil {
+		t.observer.Observe(d.Seconds())
+	}
+	return d
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/untyped.go b/vendor/github.com/prometheus/client_golang/prometheus/untyped.go
index 5faf7e6e3eba2..0f9ce63f4093b 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/untyped.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/untyped.go
@@ -13,108 +13,12 @@
 
 package prometheus
 
-// Untyped is a Metric that represents a single numerical value that can
-// arbitrarily go up and down.
-//
-// An Untyped metric works the same as a Gauge. The only difference is that to
-// no type information is implied.
-//
-// To create Untyped instances, use NewUntyped.
-type Untyped interface {
-	Metric
-	Collector
-
-	// Set sets the Untyped metric to an arbitrary value.
-	Set(float64)
-	// Inc increments the Untyped metric by 1.
-	Inc()
-	// Dec decrements the Untyped metric by 1.
-	Dec()
-	// Add adds the given value to the Untyped metric. (The value can be
-	// negative, resulting in a decrease.)
-	Add(float64)
-	// Sub subtracts the given value from the Untyped metric. (The value can
-	// be negative, resulting in an increase.)
-	Sub(float64)
-}
-
 // UntypedOpts is an alias for Opts. See there for doc comments.
 type UntypedOpts Opts
 
-// NewUntyped creates a new Untyped metric from the provided UntypedOpts.
-func NewUntyped(opts UntypedOpts) Untyped {
-	return newValue(NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		nil,
-		opts.ConstLabels,
-	), UntypedValue, 0)
-}
-
-// UntypedVec is a Collector that bundles a set of Untyped metrics that all
-// share the same Desc, but have different values for their variable
-// labels. This is used if you want to count the same thing partitioned by
-// various dimensions. Create instances with NewUntypedVec.
-type UntypedVec struct {
-	*MetricVec
-}
-
-// NewUntypedVec creates a new UntypedVec based on the provided UntypedOpts and
-// partitioned by the given label names. At least one label name must be
-// provided.
-func NewUntypedVec(opts UntypedOpts, labelNames []string) *UntypedVec {
-	desc := NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		labelNames,
-		opts.ConstLabels,
-	)
-	return &UntypedVec{
-		MetricVec: newMetricVec(desc, func(lvs ...string) Metric {
-			return newValue(desc, UntypedValue, 0, lvs...)
-		}),
-	}
-}
-
-// GetMetricWithLabelValues replaces the method of the same name in
-// MetricVec. The difference is that this method returns an Untyped and not a
-// Metric so that no type conversion is required.
-func (m *UntypedVec) GetMetricWithLabelValues(lvs ...string) (Untyped, error) {
-	metric, err := m.MetricVec.GetMetricWithLabelValues(lvs...)
-	if metric != nil {
-		return metric.(Untyped), err
-	}
-	return nil, err
-}
-
-// GetMetricWith replaces the method of the same name in MetricVec. The
-// difference is that this method returns an Untyped and not a Metric so that no
-// type conversion is required.
-func (m *UntypedVec) GetMetricWith(labels Labels) (Untyped, error) {
-	metric, err := m.MetricVec.GetMetricWith(labels)
-	if metric != nil {
-		return metric.(Untyped), err
-	}
-	return nil, err
-}
-
-// WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. By not returning an
-// error, WithLabelValues allows shortcuts like
-//     myVec.WithLabelValues("404", "GET").Add(42)
-func (m *UntypedVec) WithLabelValues(lvs ...string) Untyped {
-	return m.MetricVec.WithLabelValues(lvs...).(Untyped)
-}
-
-// With works as GetMetricWith, but panics where GetMetricWithLabels would have
-// returned an error. By not returning an error, With allows shortcuts like
-//     myVec.With(Labels{"code": "404", "method": "GET"}).Add(42)
-func (m *UntypedVec) With(labels Labels) Untyped {
-	return m.MetricVec.With(labels).(Untyped)
-}
-
-// UntypedFunc is an Untyped whose value is determined at collect time by
-// calling a provided function.
+// UntypedFunc works like GaugeFunc but the collected metric is of type
+// "Untyped". UntypedFunc is useful to mirror an external metric of unknown
+// type.
 //
 // To create UntypedFunc instances, use NewUntypedFunc.
 type UntypedFunc interface {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/value.go b/vendor/github.com/prometheus/client_golang/prometheus/value.go
index a944c37754fef..2be470ce15275 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/value.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/value.go
@@ -14,21 +14,22 @@
 package prometheus
 
 import (
-	"errors"
 	"fmt"
-	"math"
 	"sort"
-	"sync/atomic"
-
-	dto "github.com/prometheus/client_model/go"
+	"time"
+	"unicode/utf8"
 
 	"github.com/golang/protobuf/proto"
+	"github.com/golang/protobuf/ptypes"
+
+	dto "github.com/prometheus/client_model/go"
 )
 
 // ValueType is an enumeration of metric types that represent a simple value.
 type ValueType int
 
-// Possible values for the ValueType enum.
+// Possible values for the ValueType enum. Use UntypedValue to mark a metric
+// with an unknown type.
 const (
 	_ ValueType = iota
 	CounterValue
@@ -36,77 +37,6 @@ const (
 	UntypedValue
 )
 
-var errInconsistentCardinality = errors.New("inconsistent label cardinality")
-
-// value is a generic metric for simple values. It implements Metric, Collector,
-// Counter, Gauge, and Untyped. Its effective type is determined by
-// ValueType. This is a low-level building block used by the library to back the
-// implementations of Counter, Gauge, and Untyped.
-type value struct {
-	// valBits containst the bits of the represented float64 value. It has
-	// to go first in the struct to guarantee alignment for atomic
-	// operations.  http://golang.org/pkg/sync/atomic/#pkg-note-BUG
-	valBits uint64
-
-	selfCollector
-
-	desc       *Desc
-	valType    ValueType
-	labelPairs []*dto.LabelPair
-}
-
-// newValue returns a newly allocated value with the given Desc, ValueType,
-// sample value and label values. It panics if the number of label
-// values is different from the number of variable labels in Desc.
-func newValue(desc *Desc, valueType ValueType, val float64, labelValues ...string) *value {
-	if len(labelValues) != len(desc.variableLabels) {
-		panic(errInconsistentCardinality)
-	}
-	result := &value{
-		desc:       desc,
-		valType:    valueType,
-		valBits:    math.Float64bits(val),
-		labelPairs: makeLabelPairs(desc, labelValues),
-	}
-	result.init(result)
-	return result
-}
-
-func (v *value) Desc() *Desc {
-	return v.desc
-}
-
-func (v *value) Set(val float64) {
-	atomic.StoreUint64(&v.valBits, math.Float64bits(val))
-}
-
-func (v *value) Inc() {
-	v.Add(1)
-}
-
-func (v *value) Dec() {
-	v.Add(-1)
-}
-
-func (v *value) Add(val float64) {
-	for {
-		oldBits := atomic.LoadUint64(&v.valBits)
-		newBits := math.Float64bits(math.Float64frombits(oldBits) + val)
-		if atomic.CompareAndSwapUint64(&v.valBits, oldBits, newBits) {
-			return
-		}
-	}
-}
-
-func (v *value) Sub(val float64) {
-	v.Add(val * -1)
-}
-
-func (v *value) Write(out *dto.Metric) error {
-	val := math.Float64frombits(atomic.LoadUint64(&v.valBits))
-	return populateMetric(v.valType, val, v.labelPairs, out)
-}
-
 // valueFunc is a generic metric for simple values retrieved on collect time
 // from a function. It implements Metric and Collector. Its effective type is
 // determined by ValueType. This is a low-level building block used by the
@@ -143,7 +73,7 @@ func (v *valueFunc) Desc() *Desc {
 }
 
 func (v *valueFunc) Write(out *dto.Metric) error {
-	return populateMetric(v.valType, v.function(), v.labelPairs, out)
+	return populateMetric(v.valType, v.function(), v.labelPairs, nil, out)
 }
 
 // NewConstMetric returns a metric with one fixed value that cannot be
@@ -151,10 +81,14 @@ func (v *valueFunc) Write(out *dto.Metric) error {
 // operations. However, when implementing custom Collectors, it is useful as a
 // throw-away metric that is generated on the fly to send it to Prometheus in
 // the Collect method. NewConstMetric returns an error if the length of
-// labelValues is not consistent with the variable labels in Desc.
+// labelValues is not consistent with the variable labels in Desc or if Desc is
+// invalid.
 func NewConstMetric(desc *Desc, valueType ValueType, value float64, labelValues ...string) (Metric, error) {
-	if len(desc.variableLabels) != len(labelValues) {
-		return nil, errInconsistentCardinality
+	if desc.err != nil {
+		return nil, desc.err
+	}
+	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+		return nil, err
 	}
 	return &constMetric{
 		desc:       desc,
@@ -186,19 +120,20 @@ func (m *constMetric) Desc() *Desc {
 }
 
 func (m *constMetric) Write(out *dto.Metric) error {
-	return populateMetric(m.valType, m.val, m.labelPairs, out)
+	return populateMetric(m.valType, m.val, m.labelPairs, nil, out)
 }
 
 func populateMetric(
 	t ValueType,
 	v float64,
 	labelPairs []*dto.LabelPair,
+	e *dto.Exemplar,
 	m *dto.Metric,
 ) error {
 	m.Label = labelPairs
 	switch t {
 	case CounterValue:
-		m.Counter = &dto.Counter{Value: proto.Float64(v)}
+		m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e}
 	case GaugeValue:
 		m.Gauge = &dto.Gauge{Value: proto.Float64(v)}
 	case UntypedValue:
@@ -226,9 +161,44 @@ func makeLabelPairs(desc *Desc, labelValues []string) []*dto.LabelPair {
 			Value: proto.String(labelValues[i]),
 		})
 	}
-	for _, lp := range desc.constLabelPairs {
-		labelPairs = append(labelPairs, lp)
-	}
-	sort.Sort(LabelPairSorter(labelPairs))
+	labelPairs = append(labelPairs, desc.constLabelPairs...)
+	sort.Sort(labelPairSorter(labelPairs))
 	return labelPairs
 }
+
+// ExemplarMaxRunes is the max total number of runes allowed in exemplar labels.
+const ExemplarMaxRunes = 64
+
+// newExemplar creates a new dto.Exemplar from the provided values. An error is
+// returned if any of the label names or values are invalid or if the total
+// number of runes in the label names and values exceeds ExemplarMaxRunes.
+func newExemplar(value float64, ts time.Time, l Labels) (*dto.Exemplar, error) {
+	e := &dto.Exemplar{}
+	e.Value = proto.Float64(value)
+	tsProto, err := ptypes.TimestampProto(ts)
+	if err != nil {
+		return nil, err
+	}
+	e.Timestamp = tsProto
+	labelPairs := make([]*dto.LabelPair, 0, len(l))
+	var runes int
+	for name, value := range l {
+		if !checkLabelName(name) {
+			return nil, fmt.Errorf("exemplar label name %q is invalid", name)
+		}
+		runes += utf8.RuneCountInString(name)
+		if !utf8.ValidString(value) {
+			return nil, fmt.Errorf("exemplar label value %q is not valid UTF-8", value)
+		}
+		runes += utf8.RuneCountInString(value)
+		labelPairs = append(labelPairs, &dto.LabelPair{
+			Name:  proto.String(name),
+			Value: proto.String(value),
+		})
+	}
+	if runes > ExemplarMaxRunes {
+		return nil, fmt.Errorf("exemplar labels have %d runes, exceeding the limit of %d", runes, ExemplarMaxRunes)
+	}
+	e.Label = labelPairs
+	return e, nil
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/vec.go b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
index 7f3eef9a46707..d53848dc48100 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/vec.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
@@ -20,200 +20,265 @@ import (
 	"github.com/prometheus/common/model"
 )
 
-// MetricVec is a Collector to bundle metrics of the same name that
-// differ in their label values. MetricVec is usually not used directly but as a
-// building block for implementations of vectors of a given metric
-// type. GaugeVec, CounterVec, SummaryVec, and UntypedVec are examples already
-// provided in this package.
-type MetricVec struct {
-	mtx      sync.RWMutex // Protects the children.
-	children map[uint64][]metricWithLabelValues
-	desc     *Desc
-
-	newMetric   func(labelValues ...string) Metric
-	hashAdd     func(h uint64, s string) uint64 // replace hash function for testing collision handling
+// metricVec is a Collector to bundle metrics of the same name that differ in
+// their label values. metricVec is not used directly (and therefore
+// unexported). It is used as a building block for implementations of vectors of
+// a given metric type, like GaugeVec, CounterVec, SummaryVec, and HistogramVec.
+// It also handles label currying.
+type metricVec struct {
+	*metricMap
+
+	curry []curriedLabelValue
+
+	// hashAdd and hashAddByte can be replaced for testing collision handling.
+	hashAdd     func(h uint64, s string) uint64
 	hashAddByte func(h uint64, b byte) uint64
 }
 
-// newMetricVec returns an initialized MetricVec. The concrete value is
-// returned for embedding into another struct.
-func newMetricVec(desc *Desc, newMetric func(lvs ...string) Metric) *MetricVec {
-	return &MetricVec{
-		children:    map[uint64][]metricWithLabelValues{},
-		desc:        desc,
-		newMetric:   newMetric,
+// newMetricVec returns an initialized metricVec.
+func newMetricVec(desc *Desc, newMetric func(lvs ...string) Metric) *metricVec {
+	return &metricVec{
+		metricMap: &metricMap{
+			metrics:   map[uint64][]metricWithLabelValues{},
+			desc:      desc,
+			newMetric: newMetric,
+		},
 		hashAdd:     hashAdd,
 		hashAddByte: hashAddByte,
 	}
 }
 
-// metricWithLabelValues provides the metric and its label values for
-// disambiguation on hash collision.
-type metricWithLabelValues struct {
-	values []string
-	metric Metric
+// DeleteLabelValues removes the metric where the variable labels are the same
+// as those passed in as labels (same order as the VariableLabels in Desc). It
+// returns true if a metric was deleted.
+//
+// It is not an error if the number of label values is not the same as the
+// number of VariableLabels in Desc. However, such inconsistent label count can
+// never match an actual metric, so the method will always return false in that
+// case.
+//
+// Note that for more than one label value, this method is prone to mistakes
+// caused by an incorrect order of arguments. Consider Delete(Labels) as an
+// alternative to avoid that type of mistake. For higher label numbers, the
+// latter has a much more readable (albeit more verbose) syntax, but it comes
+// with a performance overhead (for creating and processing the Labels map).
+// See also the CounterVec example.
+func (m *metricVec) DeleteLabelValues(lvs ...string) bool {
+	h, err := m.hashLabelValues(lvs)
+	if err != nil {
+		return false
+	}
+
+	return m.metricMap.deleteByHashWithLabelValues(h, lvs, m.curry)
 }
 
-// Describe implements Collector. The length of the returned slice
-// is always one.
-func (m *MetricVec) Describe(ch chan<- *Desc) {
-	ch <- m.desc
+// Delete deletes the metric where the variable labels are the same as those
+// passed in as labels. It returns true if a metric was deleted.
+//
+// It is not an error if the number and names of the Labels are inconsistent
+// with those of the VariableLabels in Desc. However, such inconsistent Labels
+// can never match an actual metric, so the method will always return false in
+// that case.
+//
+// This method is used for the same purpose as DeleteLabelValues(...string). See
+// there for pros and cons of the two methods.
+func (m *metricVec) Delete(labels Labels) bool {
+	h, err := m.hashLabels(labels)
+	if err != nil {
+		return false
+	}
+
+	return m.metricMap.deleteByHashWithLabels(h, labels, m.curry)
 }
 
+// Without explicit forwarding of Describe, Collect, Reset, those methods won't
+// show up in GoDoc.
+
+// Describe implements Collector.
+func (m *metricVec) Describe(ch chan<- *Desc) { m.metricMap.Describe(ch) }
+
 // Collect implements Collector.
-func (m *MetricVec) Collect(ch chan<- Metric) {
-	m.mtx.RLock()
-	defer m.mtx.RUnlock()
+func (m *metricVec) Collect(ch chan<- Metric) { m.metricMap.Collect(ch) }
 
-	for _, metrics := range m.children {
-		for _, metric := range metrics {
-			ch <- metric.metric
+// Reset deletes all metrics in this vector.
+func (m *metricVec) Reset() { m.metricMap.Reset() }
+
+func (m *metricVec) curryWith(labels Labels) (*metricVec, error) {
+	var (
+		newCurry []curriedLabelValue
+		oldCurry = m.curry
+		iCurry   int
+	)
+	for i, label := range m.desc.variableLabels {
+		val, ok := labels[label]
+		if iCurry < len(oldCurry) && oldCurry[iCurry].index == i {
+			if ok {
+				return nil, fmt.Errorf("label name %q is already curried", label)
+			}
+			newCurry = append(newCurry, oldCurry[iCurry])
+			iCurry++
+		} else {
+			if !ok {
+				continue // Label stays uncurried.
+			}
+			newCurry = append(newCurry, curriedLabelValue{i, val})
 		}
 	}
+	if l := len(oldCurry) + len(labels) - len(newCurry); l > 0 {
+		return nil, fmt.Errorf("%d unknown label(s) found during currying", l)
+	}
+
+	return &metricVec{
+		metricMap:   m.metricMap,
+		curry:       newCurry,
+		hashAdd:     m.hashAdd,
+		hashAddByte: m.hashAddByte,
+	}, nil
 }
 
-// GetMetricWithLabelValues returns the Metric for the given slice of label
-// values (same order as the VariableLabels in Desc). If that combination of
-// label values is accessed for the first time, a new Metric is created.
-//
-// It is possible to call this method without using the returned Metric to only
-// create the new Metric but leave it at its start value (e.g. a Summary or
-// Histogram without any observations). See also the SummaryVec example.
-//
-// Keeping the Metric for later use is possible (and should be considered if
-// performance is critical), but keep in mind that Reset, DeleteLabelValues and
-// Delete can be used to delete the Metric from the MetricVec. In that case, the
-// Metric will still exist, but it will not be exported anymore, even if a
-// Metric with the same label values is created later. See also the CounterVec
-// example.
-//
-// An error is returned if the number of label values is not the same as the
-// number of VariableLabels in Desc.
-//
-// Note that for more than one label value, this method is prone to mistakes
-// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
-// an alternative to avoid that type of mistake. For higher label numbers, the
-// latter has a much more readable (albeit more verbose) syntax, but it comes
-// with a performance overhead (for creating and processing the Labels map).
-// See also the GaugeVec example.
-func (m *MetricVec) GetMetricWithLabelValues(lvs ...string) (Metric, error) {
+func (m *metricVec) getMetricWithLabelValues(lvs ...string) (Metric, error) {
 	h, err := m.hashLabelValues(lvs)
 	if err != nil {
 		return nil, err
 	}
 
-	return m.getOrCreateMetricWithLabelValues(h, lvs), nil
+	return m.metricMap.getOrCreateMetricWithLabelValues(h, lvs, m.curry), nil
 }
 
-// GetMetricWith returns the Metric for the given Labels map (the label names
-// must match those of the VariableLabels in Desc). If that label map is
-// accessed for the first time, a new Metric is created. Implications of
-// creating a Metric without using it and keeping the Metric for later use are
-// the same as for GetMetricWithLabelValues.
-//
-// An error is returned if the number and names of the Labels are inconsistent
-// with those of the VariableLabels in Desc.
-//
-// This method is used for the same purpose as
-// GetMetricWithLabelValues(...string). See there for pros and cons of the two
-// methods.
-func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
+func (m *metricVec) getMetricWith(labels Labels) (Metric, error) {
 	h, err := m.hashLabels(labels)
 	if err != nil {
 		return nil, err
 	}
 
-	return m.getOrCreateMetricWithLabels(h, labels), nil
+	return m.metricMap.getOrCreateMetricWithLabels(h, labels, m.curry), nil
 }
 
-// WithLabelValues works as GetMetricWithLabelValues, but panics if an error
-// occurs. The method allows neat syntax like:
-//     httpReqs.WithLabelValues("404", "POST").Inc()
-func (m *MetricVec) WithLabelValues(lvs ...string) Metric {
-	metric, err := m.GetMetricWithLabelValues(lvs...)
-	if err != nil {
-		panic(err)
+func (m *metricVec) hashLabelValues(vals []string) (uint64, error) {
+	if err := validateLabelValues(vals, len(m.desc.variableLabels)-len(m.curry)); err != nil {
+		return 0, err
+	}
+
+	var (
+		h             = hashNew()
+		curry         = m.curry
+		iVals, iCurry int
+	)
+	for i := 0; i < len(m.desc.variableLabels); i++ {
+		if iCurry < len(curry) && curry[iCurry].index == i {
+			h = m.hashAdd(h, curry[iCurry].value)
+			iCurry++
+		} else {
+			h = m.hashAdd(h, vals[iVals])
+			iVals++
+		}
+		h = m.hashAddByte(h, model.SeparatorByte)
 	}
-	return metric
+	return h, nil
 }
 
-// With works as GetMetricWith, but panics if an error occurs. The method allows
-// neat syntax like:
-//     httpReqs.With(Labels{"status":"404", "method":"POST"}).Inc()
-func (m *MetricVec) With(labels Labels) Metric {
-	metric, err := m.GetMetricWith(labels)
-	if err != nil {
-		panic(err)
+func (m *metricVec) hashLabels(labels Labels) (uint64, error) {
+	if err := validateValuesInLabels(labels, len(m.desc.variableLabels)-len(m.curry)); err != nil {
+		return 0, err
 	}
-	return metric
+
+	var (
+		h      = hashNew()
+		curry  = m.curry
+		iCurry int
+	)
+	for i, label := range m.desc.variableLabels {
+		val, ok := labels[label]
+		if iCurry < len(curry) && curry[iCurry].index == i {
+			if ok {
+				return 0, fmt.Errorf("label name %q is already curried", label)
+			}
+			h = m.hashAdd(h, curry[iCurry].value)
+			iCurry++
+		} else {
+			if !ok {
+				return 0, fmt.Errorf("label name %q missing in label map", label)
+			}
+			h = m.hashAdd(h, val)
+		}
+		h = m.hashAddByte(h, model.SeparatorByte)
+	}
+	return h, nil
 }
 
-// DeleteLabelValues removes the metric where the variable labels are the same
-// as those passed in as labels (same order as the VariableLabels in Desc). It
-// returns true if a metric was deleted.
-//
-// It is not an error if the number of label values is not the same as the
-// number of VariableLabels in Desc.  However, such inconsistent label count can
-// never match an actual Metric, so the method will always return false in that
-// case.
-//
-// Note that for more than one label value, this method is prone to mistakes
-// caused by an incorrect order of arguments. Consider Delete(Labels) as an
-// alternative to avoid that type of mistake. For higher label numbers, the
-// latter has a much more readable (albeit more verbose) syntax, but it comes
-// with a performance overhead (for creating and processing the Labels map).
-// See also the CounterVec example.
-func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
+// metricWithLabelValues provides the metric and its label values for
+// disambiguation on hash collision.
+type metricWithLabelValues struct {
+	values []string
+	metric Metric
+}
 
-	h, err := m.hashLabelValues(lvs)
-	if err != nil {
-		return false
+// curriedLabelValue sets the curried value for a label at the given index.
+type curriedLabelValue struct {
+	index int
+	value string
+}
+
+// metricMap is a helper for metricVec and shared between differently curried
+// metricVecs.
+type metricMap struct {
+	mtx       sync.RWMutex // Protects metrics.
+	metrics   map[uint64][]metricWithLabelValues
+	desc      *Desc
+	newMetric func(labelValues ...string) Metric
+}
+
+// Describe implements Collector. It will send exactly one Desc to the provided
+// channel.
+func (m *metricMap) Describe(ch chan<- *Desc) {
+	ch <- m.desc
+}
+
+// Collect implements Collector.
+func (m *metricMap) Collect(ch chan<- Metric) {
+	m.mtx.RLock()
+	defer m.mtx.RUnlock()
+
+	for _, metrics := range m.metrics {
+		for _, metric := range metrics {
+			ch <- metric.metric
+		}
 	}
-	return m.deleteByHashWithLabelValues(h, lvs)
 }
 
-// Delete deletes the metric where the variable labels are the same as those
-// passed in as labels. It returns true if a metric was deleted.
-//
-// It is not an error if the number and names of the Labels are inconsistent
-// with those of the VariableLabels in the Desc of the MetricVec. However, such
-// inconsistent Labels can never match an actual Metric, so the method will
-// always return false in that case.
-//
-// This method is used for the same purpose as DeleteLabelValues(...string). See
-// there for pros and cons of the two methods.
-func (m *MetricVec) Delete(labels Labels) bool {
+// Reset deletes all metrics in this vector.
+func (m *metricMap) Reset() {
 	m.mtx.Lock()
 	defer m.mtx.Unlock()
 
-	h, err := m.hashLabels(labels)
-	if err != nil {
-		return false
+	for h := range m.metrics {
+		delete(m.metrics, h)
 	}
-
-	return m.deleteByHashWithLabels(h, labels)
 }
 
 // deleteByHashWithLabelValues removes the metric from the hash bucket h. If
 // there are multiple matches in the bucket, use lvs to select a metric and
 // remove only that metric.
-func (m *MetricVec) deleteByHashWithLabelValues(h uint64, lvs []string) bool {
-	metrics, ok := m.children[h]
+func (m *metricMap) deleteByHashWithLabelValues(
+	h uint64, lvs []string, curry []curriedLabelValue,
+) bool {
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+
+	metrics, ok := m.metrics[h]
 	if !ok {
 		return false
 	}
 
-	i := m.findMetricWithLabelValues(metrics, lvs)
+	i := findMetricWithLabelValues(metrics, lvs, curry)
 	if i >= len(metrics) {
 		return false
 	}
 
 	if len(metrics) > 1 {
-		m.children[h] = append(metrics[:i], metrics[i+1:]...)
+		m.metrics[h] = append(metrics[:i], metrics[i+1:]...)
 	} else {
-		delete(m.children, h)
+		delete(m.metrics, h)
 	}
 	return true
 }
@@ -221,69 +286,38 @@ func (m *MetricVec) deleteByHashWithLabelValues(h uint64, lvs []string) bool {
 // deleteByHashWithLabels removes the metric from the hash bucket h. If there
 // are multiple matches in the bucket, use lvs to select a metric and remove
 // only that metric.
-func (m *MetricVec) deleteByHashWithLabels(h uint64, labels Labels) bool {
-	metrics, ok := m.children[h]
+func (m *metricMap) deleteByHashWithLabels(
+	h uint64, labels Labels, curry []curriedLabelValue,
+) bool {
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+
+	metrics, ok := m.metrics[h]
 	if !ok {
 		return false
 	}
-	i := m.findMetricWithLabels(metrics, labels)
+	i := findMetricWithLabels(m.desc, metrics, labels, curry)
 	if i >= len(metrics) {
 		return false
 	}
 
 	if len(metrics) > 1 {
-		m.children[h] = append(metrics[:i], metrics[i+1:]...)
+		m.metrics[h] = append(metrics[:i], metrics[i+1:]...)
 	} else {
-		delete(m.children, h)
+		delete(m.metrics, h)
 	}
 	return true
 }
 
-// Reset deletes all metrics in this vector.
-func (m *MetricVec) Reset() {
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
-
-	for h := range m.children {
-		delete(m.children, h)
-	}
-}
-
-func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
-	if len(vals) != len(m.desc.variableLabels) {
-		return 0, errInconsistentCardinality
-	}
-	h := hashNew()
-	for _, val := range vals {
-		h = m.hashAdd(h, val)
-		h = m.hashAddByte(h, model.SeparatorByte)
-	}
-	return h, nil
-}
-
-func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
-	if len(labels) != len(m.desc.variableLabels) {
-		return 0, errInconsistentCardinality
-	}
-	h := hashNew()
-	for _, label := range m.desc.variableLabels {
-		val, ok := labels[label]
-		if !ok {
-			return 0, fmt.Errorf("label name %q missing in label map", label)
-		}
-		h = m.hashAdd(h, val)
-		h = m.hashAddByte(h, model.SeparatorByte)
-	}
-	return h, nil
-}
-
 // getOrCreateMetricWithLabelValues retrieves the metric by hash and label value
 // or creates it and returns the new one.
 //
 // This function holds the mutex.
-func (m *MetricVec) getOrCreateMetricWithLabelValues(hash uint64, lvs []string) Metric {
+func (m *metricMap) getOrCreateMetricWithLabelValues(
+	hash uint64, lvs []string, curry []curriedLabelValue,
+) Metric {
 	m.mtx.RLock()
-	metric, ok := m.getMetricWithLabelValues(hash, lvs)
+	metric, ok := m.getMetricWithHashAndLabelValues(hash, lvs, curry)
 	m.mtx.RUnlock()
 	if ok {
 		return metric
@@ -291,13 +325,11 @@ func (m *MetricVec) getOrCreateMetricWithLabelValues(hash uint64, lvs []string)
 
 	m.mtx.Lock()
 	defer m.mtx.Unlock()
-	metric, ok = m.getMetricWithLabelValues(hash, lvs)
+	metric, ok = m.getMetricWithHashAndLabelValues(hash, lvs, curry)
 	if !ok {
-		// Copy to avoid allocation in case wo don't go down this code path.
-		copiedLVs := make([]string, len(lvs))
-		copy(copiedLVs, lvs)
-		metric = m.newMetric(copiedLVs...)
-		m.children[hash] = append(m.children[hash], metricWithLabelValues{values: copiedLVs, metric: metric})
+		inlinedLVs := inlineLabelValues(lvs, curry)
+		metric = m.newMetric(inlinedLVs...)
+		m.metrics[hash] = append(m.metrics[hash], metricWithLabelValues{values: inlinedLVs, metric: metric})
 	}
 	return metric
 }
@@ -306,9 +338,11 @@ func (m *MetricVec) getOrCreateMetricWithLabelValues(hash uint64, lvs []string)
 // or creates it and returns the new one.
 //
 // This function holds the mutex.
-func (m *MetricVec) getOrCreateMetricWithLabels(hash uint64, labels Labels) Metric {
+func (m *metricMap) getOrCreateMetricWithLabels(
+	hash uint64, labels Labels, curry []curriedLabelValue,
+) Metric {
 	m.mtx.RLock()
-	metric, ok := m.getMetricWithLabels(hash, labels)
+	metric, ok := m.getMetricWithHashAndLabels(hash, labels, curry)
 	m.mtx.RUnlock()
 	if ok {
 		return metric
@@ -316,33 +350,37 @@ func (m *MetricVec) getOrCreateMetricWithLabels(hash uint64, labels Labels) Metr
 
 	m.mtx.Lock()
 	defer m.mtx.Unlock()
-	metric, ok = m.getMetricWithLabels(hash, labels)
+	metric, ok = m.getMetricWithHashAndLabels(hash, labels, curry)
 	if !ok {
-		lvs := m.extractLabelValues(labels)
+		lvs := extractLabelValues(m.desc, labels, curry)
 		metric = m.newMetric(lvs...)
-		m.children[hash] = append(m.children[hash], metricWithLabelValues{values: lvs, metric: metric})
+		m.metrics[hash] = append(m.metrics[hash], metricWithLabelValues{values: lvs, metric: metric})
 	}
 	return metric
 }
 
-// getMetricWithLabelValues gets a metric while handling possible collisions in
-// the hash space. Must be called while holding read mutex.
-func (m *MetricVec) getMetricWithLabelValues(h uint64, lvs []string) (Metric, bool) {
-	metrics, ok := m.children[h]
+// getMetricWithHashAndLabelValues gets a metric while handling possible
+// collisions in the hash space. Must be called while holding the read mutex.
+func (m *metricMap) getMetricWithHashAndLabelValues(
+	h uint64, lvs []string, curry []curriedLabelValue,
+) (Metric, bool) {
+	metrics, ok := m.metrics[h]
 	if ok {
-		if i := m.findMetricWithLabelValues(metrics, lvs); i < len(metrics) {
+		if i := findMetricWithLabelValues(metrics, lvs, curry); i < len(metrics) {
 			return metrics[i].metric, true
 		}
 	}
 	return nil, false
 }
 
-// getMetricWithLabels gets a metric while handling possible collisions in
+// getMetricWithHashAndLabels gets a metric while handling possible collisions in
 // the hash space. Must be called while holding read mutex.
-func (m *MetricVec) getMetricWithLabels(h uint64, labels Labels) (Metric, bool) {
-	metrics, ok := m.children[h]
+func (m *metricMap) getMetricWithHashAndLabels(
+	h uint64, labels Labels, curry []curriedLabelValue,
+) (Metric, bool) {
+	metrics, ok := m.metrics[h]
 	if ok {
-		if i := m.findMetricWithLabels(metrics, labels); i < len(metrics) {
+		if i := findMetricWithLabels(m.desc, metrics, labels, curry); i < len(metrics) {
 			return metrics[i].metric, true
 		}
 	}
@@ -351,9 +389,11 @@ func (m *MetricVec) getMetricWithLabels(h uint64, labels Labels) (Metric, bool)
 
 // findMetricWithLabelValues returns the index of the matching metric or
 // len(metrics) if not found.
-func (m *MetricVec) findMetricWithLabelValues(metrics []metricWithLabelValues, lvs []string) int {
+func findMetricWithLabelValues(
+	metrics []metricWithLabelValues, lvs []string, curry []curriedLabelValue,
+) int {
 	for i, metric := range metrics {
-		if m.matchLabelValues(metric.values, lvs) {
+		if matchLabelValues(metric.values, lvs, curry) {
 			return i
 		}
 	}
@@ -362,32 +402,51 @@ func (m *MetricVec) findMetricWithLabelValues(metrics []metricWithLabelValues, l
 
 // findMetricWithLabels returns the index of the matching metric or len(metrics)
 // if not found.
-func (m *MetricVec) findMetricWithLabels(metrics []metricWithLabelValues, labels Labels) int {
+func findMetricWithLabels(
+	desc *Desc, metrics []metricWithLabelValues, labels Labels, curry []curriedLabelValue,
+) int {
 	for i, metric := range metrics {
-		if m.matchLabels(metric.values, labels) {
+		if matchLabels(desc, metric.values, labels, curry) {
 			return i
 		}
 	}
 	return len(metrics)
 }
 
-func (m *MetricVec) matchLabelValues(values []string, lvs []string) bool {
-	if len(values) != len(lvs) {
+func matchLabelValues(values []string, lvs []string, curry []curriedLabelValue) bool {
+	if len(values) != len(lvs)+len(curry) {
 		return false
 	}
+	var iLVs, iCurry int
 	for i, v := range values {
-		if v != lvs[i] {
+		if iCurry < len(curry) && curry[iCurry].index == i {
+			if v != curry[iCurry].value {
+				return false
+			}
+			iCurry++
+			continue
+		}
+		if v != lvs[iLVs] {
 			return false
 		}
+		iLVs++
 	}
 	return true
 }
 
-func (m *MetricVec) matchLabels(values []string, labels Labels) bool {
-	if len(labels) != len(values) {
+func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabelValue) bool {
+	if len(values) != len(labels)+len(curry) {
 		return false
 	}
-	for i, k := range m.desc.variableLabels {
+	iCurry := 0
+	for i, k := range desc.variableLabels {
+		if iCurry < len(curry) && curry[iCurry].index == i {
+			if values[i] != curry[iCurry].value {
+				return false
+			}
+			iCurry++
+			continue
+		}
 		if values[i] != labels[k] {
 			return false
 		}
@@ -395,10 +454,31 @@ func (m *MetricVec) matchLabels(values []string, labels Labels) bool {
 	return true
 }
 
-func (m *MetricVec) extractLabelValues(labels Labels) []string {
-	labelValues := make([]string, len(labels))
-	for i, k := range m.desc.variableLabels {
+func extractLabelValues(desc *Desc, labels Labels, curry []curriedLabelValue) []string {
+	labelValues := make([]string, len(labels)+len(curry))
+	iCurry := 0
+	for i, k := range desc.variableLabels {
+		if iCurry < len(curry) && curry[iCurry].index == i {
+			labelValues[i] = curry[iCurry].value
+			iCurry++
+			continue
+		}
 		labelValues[i] = labels[k]
 	}
 	return labelValues
 }
+
+func inlineLabelValues(lvs []string, curry []curriedLabelValue) []string {
+	labelValues := make([]string, len(lvs)+len(curry))
+	var iCurry, iLVs int
+	for i := range labelValues {
+		if iCurry < len(curry) && curry[iCurry].index == i {
+			labelValues[i] = curry[iCurry].value
+			iCurry++
+			continue
+		}
+		labelValues[i] = lvs[iLVs]
+		iLVs++
+	}
+	return labelValues
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/wrap.go b/vendor/github.com/prometheus/client_golang/prometheus/wrap.go
new file mode 100644
index 0000000000000..e303eef6d33be
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/wrap.go
@@ -0,0 +1,200 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package prometheus
+
+import (
+	"fmt"
+	"sort"
+
+	"github.com/golang/protobuf/proto"
+
+	dto "github.com/prometheus/client_model/go"
+)
+
+// WrapRegistererWith returns a Registerer wrapping the provided
+// Registerer. Collectors registered with the returned Registerer will be
+// registered with the wrapped Registerer in a modified way. The modified
+// Collector adds the provided Labels to all Metrics it collects (as
+// ConstLabels). The Metrics collected by the unmodified Collector must not
+// duplicate any of those labels.
+//
+// WrapRegistererWith provides a way to add fixed labels to a subset of
+// Collectors. It should not be used to add fixed labels to all metrics exposed.
+//
+// Conflicts between Collectors registered through the original Registerer with
+// Collectors registered through the wrapping Registerer will still be
+// detected. Any AlreadyRegisteredError returned by the Register method of
+// either Registerer will contain the ExistingCollector in the form it was
+// provided to the respective registry.
+//
+// The Collector example demonstrates a use of WrapRegistererWith.
+func WrapRegistererWith(labels Labels, reg Registerer) Registerer {
+	return &wrappingRegisterer{
+		wrappedRegisterer: reg,
+		labels:            labels,
+	}
+}
+
+// WrapRegistererWithPrefix returns a Registerer wrapping the provided
+// Registerer. Collectors registered with the returned Registerer will be
+// registered with the wrapped Registerer in a modified way. The modified
+// Collector adds the provided prefix to the name of all Metrics it collects.
+//
+// WrapRegistererWithPrefix is useful to have one place to prefix all metrics of
+// a sub-system. To make this work, register metrics of the sub-system with the
+// wrapping Registerer returned by WrapRegistererWithPrefix. It is rarely useful
+// to use the same prefix for all metrics exposed. In particular, do not prefix
+// metric names that are standardized across applications, as that would break
+// horizontal monitoring, for example the metrics provided by the Go collector
+// (see NewGoCollector) and the process collector (see NewProcessCollector). (In
+// fact, those metrics are already prefixed with “go_” or “process_”,
+// respectively.)
+//
+// Conflicts between Collectors registered through the original Registerer with
+// Collectors registered through the wrapping Registerer will still be
+// detected. Any AlreadyRegisteredError returned by the Register method of
+// either Registerer will contain the ExistingCollector in the form it was
+// provided to the respective registry.
+func WrapRegistererWithPrefix(prefix string, reg Registerer) Registerer {
+	return &wrappingRegisterer{
+		wrappedRegisterer: reg,
+		prefix:            prefix,
+	}
+}
+
+type wrappingRegisterer struct {
+	wrappedRegisterer Registerer
+	prefix            string
+	labels            Labels
+}
+
+func (r *wrappingRegisterer) Register(c Collector) error {
+	return r.wrappedRegisterer.Register(&wrappingCollector{
+		wrappedCollector: c,
+		prefix:           r.prefix,
+		labels:           r.labels,
+	})
+}
+
+func (r *wrappingRegisterer) MustRegister(cs ...Collector) {
+	for _, c := range cs {
+		if err := r.Register(c); err != nil {
+			panic(err)
+		}
+	}
+}
+
+func (r *wrappingRegisterer) Unregister(c Collector) bool {
+	return r.wrappedRegisterer.Unregister(&wrappingCollector{
+		wrappedCollector: c,
+		prefix:           r.prefix,
+		labels:           r.labels,
+	})
+}
+
+type wrappingCollector struct {
+	wrappedCollector Collector
+	prefix           string
+	labels           Labels
+}
+
+func (c *wrappingCollector) Collect(ch chan<- Metric) {
+	wrappedCh := make(chan Metric)
+	go func() {
+		c.wrappedCollector.Collect(wrappedCh)
+		close(wrappedCh)
+	}()
+	for m := range wrappedCh {
+		ch <- &wrappingMetric{
+			wrappedMetric: m,
+			prefix:        c.prefix,
+			labels:        c.labels,
+		}
+	}
+}
+
+func (c *wrappingCollector) Describe(ch chan<- *Desc) {
+	wrappedCh := make(chan *Desc)
+	go func() {
+		c.wrappedCollector.Describe(wrappedCh)
+		close(wrappedCh)
+	}()
+	for desc := range wrappedCh {
+		ch <- wrapDesc(desc, c.prefix, c.labels)
+	}
+}
+
+func (c *wrappingCollector) unwrapRecursively() Collector {
+	switch wc := c.wrappedCollector.(type) {
+	case *wrappingCollector:
+		return wc.unwrapRecursively()
+	default:
+		return wc
+	}
+}
+
+type wrappingMetric struct {
+	wrappedMetric Metric
+	prefix        string
+	labels        Labels
+}
+
+func (m *wrappingMetric) Desc() *Desc {
+	return wrapDesc(m.wrappedMetric.Desc(), m.prefix, m.labels)
+}
+
+func (m *wrappingMetric) Write(out *dto.Metric) error {
+	if err := m.wrappedMetric.Write(out); err != nil {
+		return err
+	}
+	if len(m.labels) == 0 {
+		// No wrapping labels.
+		return nil
+	}
+	for ln, lv := range m.labels {
+		out.Label = append(out.Label, &dto.LabelPair{
+			Name:  proto.String(ln),
+			Value: proto.String(lv),
+		})
+	}
+	sort.Sort(labelPairSorter(out.Label))
+	return nil
+}
+
+func wrapDesc(desc *Desc, prefix string, labels Labels) *Desc {
+	constLabels := Labels{}
+	for _, lp := range desc.constLabelPairs {
+		constLabels[*lp.Name] = *lp.Value
+	}
+	for ln, lv := range labels {
+		if _, alreadyUsed := constLabels[ln]; alreadyUsed {
+			return &Desc{
+				fqName:          desc.fqName,
+				help:            desc.help,
+				variableLabels:  desc.variableLabels,
+				constLabelPairs: desc.constLabelPairs,
+				err:             fmt.Errorf("attempted wrapping with already existing label name %q", ln),
+			}
+		}
+		constLabels[ln] = lv
+	}
+	// NewDesc will do remaining validations.
+	newDesc := NewDesc(prefix+desc.fqName, desc.help, desc.variableLabels, constLabels)
+	// Propagate errors if there was any. This will override any errer
+	// created by NewDesc above, i.e. earlier errors get precedence.
+	if desc.err != nil {
+		newDesc.err = desc.err
+	}
+	return newDesc
+}
diff --git a/vendor/github.com/prometheus/client_model/README.md b/vendor/github.com/prometheus/client_model/README.md
index a710042db5efd..e1009758276c6 100644
--- a/vendor/github.com/prometheus/client_model/README.md
+++ b/vendor/github.com/prometheus/client_model/README.md
@@ -1,26 +1,34 @@
-# Background
-Under most circumstances, manually downloading this repository should never
-be required.
+# Deprecation note
 
-# Prerequisites
-# Base
-* [Google Protocol Buffers](https://developers.google.com/protocol-buffers)
+This repository used to contain the [protocol
+buffer](https://developers.google.com/protocol-buffers) code that defined both
+the data model and the exposition format of Prometheus metrics.
 
-## Java
-* [Apache Maven](http://maven.apache.org)
-* [Prometheus Maven Repository](https://github.com/prometheus/io.prometheus-maven-repository) checked out into ../io.prometheus-maven-repository
+Starting with v2.0.0, the [Prometheus
+server](https://github.com/prometheus/prometheus) does not ingest the
+protobuf-based exposition format anymore. Currently, all but one of the
+[official instrumentation
+libraries](https://prometheus.io/docs/instrumenting/clientlibs/) do not expose
+the protobuf-based exposition format. The [Go instrumentation
+library](https://github.com/prometheus/client_golang), however, has been built
+around the protobuf-based data model. As a byproduct thereof, it is still able
+to expose the protobuf-based exposition format. The Go instrumentation library
+is the only remaining repository within the [Prometheus GitHub
+org](https://github.com/prometheus) directly using the prometheus/client_model
+repository.
 
-## Go
-*  [Go](http://golang.org)
-*  [goprotobuf](https://code.google.com/p/goprotobuf)
+Therefore, formerly existing support for languages other than Go (namely C++,
+Java, Python, Ruby) has been removed from this repository. If you are a 3rd
+party user of those languages, you can go back to [commit
+14fe0d1](https://github.com/prometheus/client_model/commit/14fe0d1b01d4d5fc031dd4bec1823bd3ebbe8016)
+to keep using the old code, or you can consume
+[`metrics.proto`](https://github.com/prometheus/client_model/blob/master/metrics.proto)
+directly with your own protobuf tooling. Note, however, that changes of
+`metrics.proto` after [commit
+14fe0d1](https://github.com/prometheus/client_model/commit/14fe0d1b01d4d5fc031dd4bec1823bd3ebbe8016)
+are solely informed by requirements of the Go instrumentation library and will
+not take into account any requirements of other languages or stability concerns
+for the protobuf-based exposition format.
 
-## Ruby
-*  [Ruby](https://www.ruby-lang.org)
-*  [bundler](https://rubygems.org/gems/bundler)
-
-# Building
-    $ make
-
-# Getting Started
-  * The Go source code is periodically indexed: [Go Protocol Buffer Model](http://godoc.org/github.com/prometheus/client_model/go).
-  * All of the core developers are accessible via the [Prometheus Developers Mailinglist](https://groups.google.com/forum/?fromgroups#!forum/prometheus-developers).
+Check out the [OpenMetrics project](https://openmetrics.io/) for the future of
+the data model and exposition format used by Prometheus and others.
diff --git a/vendor/github.com/prometheus/client_model/go.mod b/vendor/github.com/prometheus/client_model/go.mod
new file mode 100644
index 0000000000000..e7e0a86ccc127
--- /dev/null
+++ b/vendor/github.com/prometheus/client_model/go.mod
@@ -0,0 +1,8 @@
+module github.com/prometheus/client_model
+
+go 1.9
+
+require (
+	github.com/golang/protobuf v1.2.0
+	golang.org/x/sync v0.0.0-20181108010431-42b317875d0f // indirect
+)
diff --git a/vendor/github.com/prometheus/client_model/go/metrics.pb.go b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
index b065f8683f0bd..2f4930d9dd344 100644
--- a/vendor/github.com/prometheus/client_model/go/metrics.pb.go
+++ b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
@@ -1,34 +1,26 @@
-// Code generated by protoc-gen-go.
+// Code generated by protoc-gen-go. DO NOT EDIT.
 // source: metrics.proto
-// DO NOT EDIT!
-
-/*
-Package io_prometheus_client is a generated protocol buffer package.
-
-It is generated from these files:
-	metrics.proto
-
-It has these top-level messages:
-	LabelPair
-	Gauge
-	Counter
-	Quantile
-	Summary
-	Untyped
-	Histogram
-	Bucket
-	Metric
-	MetricFamily
-*/
+
 package io_prometheus_client
 
-import proto "github.com/golang/protobuf/proto"
-import math "math"
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
+	math "math"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
+var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
 type MetricType int32
 
 const (
@@ -46,6 +38,7 @@ var MetricType_name = map[int32]string{
 	3: "UNTYPED",
 	4: "HISTOGRAM",
 }
+
 var MetricType_value = map[string]int32{
 	"COUNTER":   0,
 	"GAUGE":     1,
@@ -59,9 +52,11 @@ func (x MetricType) Enum() *MetricType {
 	*p = x
 	return p
 }
+
 func (x MetricType) String() string {
 	return proto.EnumName(MetricType_name, int32(x))
 }
+
 func (x *MetricType) UnmarshalJSON(data []byte) error {
 	value, err := proto.UnmarshalJSONEnum(MetricType_value, data, "MetricType")
 	if err != nil {
@@ -71,15 +66,42 @@ func (x *MetricType) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+func (MetricType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{0}
+}
+
 type LabelPair struct {
-	Name             *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Value            *string `protobuf:"bytes,2,opt,name=value" json:"value,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
+	Name                 *string  `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Value                *string  `protobuf:"bytes,2,opt,name=value" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *LabelPair) Reset()         { *m = LabelPair{} }
 func (m *LabelPair) String() string { return proto.CompactTextString(m) }
 func (*LabelPair) ProtoMessage()    {}
+func (*LabelPair) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{0}
+}
+
+func (m *LabelPair) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_LabelPair.Unmarshal(m, b)
+}
+func (m *LabelPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_LabelPair.Marshal(b, m, deterministic)
+}
+func (m *LabelPair) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LabelPair.Merge(m, src)
+}
+func (m *LabelPair) XXX_Size() int {
+	return xxx_messageInfo_LabelPair.Size(m)
+}
+func (m *LabelPair) XXX_DiscardUnknown() {
+	xxx_messageInfo_LabelPair.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LabelPair proto.InternalMessageInfo
 
 func (m *LabelPair) GetName() string {
 	if m != nil && m.Name != nil {
@@ -96,13 +118,36 @@ func (m *LabelPair) GetValue() string {
 }
 
 type Gauge struct {
-	Value            *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	Value                *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *Gauge) Reset()         { *m = Gauge{} }
 func (m *Gauge) String() string { return proto.CompactTextString(m) }
 func (*Gauge) ProtoMessage()    {}
+func (*Gauge) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{1}
+}
+
+func (m *Gauge) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Gauge.Unmarshal(m, b)
+}
+func (m *Gauge) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Gauge.Marshal(b, m, deterministic)
+}
+func (m *Gauge) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Gauge.Merge(m, src)
+}
+func (m *Gauge) XXX_Size() int {
+	return xxx_messageInfo_Gauge.Size(m)
+}
+func (m *Gauge) XXX_DiscardUnknown() {
+	xxx_messageInfo_Gauge.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Gauge proto.InternalMessageInfo
 
 func (m *Gauge) GetValue() float64 {
 	if m != nil && m.Value != nil {
@@ -112,13 +157,37 @@ func (m *Gauge) GetValue() float64 {
 }
 
 type Counter struct {
-	Value            *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	Value                *float64  `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
+	Exemplar             *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
 }
 
 func (m *Counter) Reset()         { *m = Counter{} }
 func (m *Counter) String() string { return proto.CompactTextString(m) }
 func (*Counter) ProtoMessage()    {}
+func (*Counter) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{2}
+}
+
+func (m *Counter) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Counter.Unmarshal(m, b)
+}
+func (m *Counter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Counter.Marshal(b, m, deterministic)
+}
+func (m *Counter) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Counter.Merge(m, src)
+}
+func (m *Counter) XXX_Size() int {
+	return xxx_messageInfo_Counter.Size(m)
+}
+func (m *Counter) XXX_DiscardUnknown() {
+	xxx_messageInfo_Counter.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Counter proto.InternalMessageInfo
 
 func (m *Counter) GetValue() float64 {
 	if m != nil && m.Value != nil {
@@ -127,15 +196,45 @@ func (m *Counter) GetValue() float64 {
 	return 0
 }
 
+func (m *Counter) GetExemplar() *Exemplar {
+	if m != nil {
+		return m.Exemplar
+	}
+	return nil
+}
+
 type Quantile struct {
-	Quantile         *float64 `protobuf:"fixed64,1,opt,name=quantile" json:"quantile,omitempty"`
-	Value            *float64 `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	Quantile             *float64 `protobuf:"fixed64,1,opt,name=quantile" json:"quantile,omitempty"`
+	Value                *float64 `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *Quantile) Reset()         { *m = Quantile{} }
 func (m *Quantile) String() string { return proto.CompactTextString(m) }
 func (*Quantile) ProtoMessage()    {}
+func (*Quantile) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{3}
+}
+
+func (m *Quantile) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Quantile.Unmarshal(m, b)
+}
+func (m *Quantile) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Quantile.Marshal(b, m, deterministic)
+}
+func (m *Quantile) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Quantile.Merge(m, src)
+}
+func (m *Quantile) XXX_Size() int {
+	return xxx_messageInfo_Quantile.Size(m)
+}
+func (m *Quantile) XXX_DiscardUnknown() {
+	xxx_messageInfo_Quantile.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Quantile proto.InternalMessageInfo
 
 func (m *Quantile) GetQuantile() float64 {
 	if m != nil && m.Quantile != nil {
@@ -152,15 +251,38 @@ func (m *Quantile) GetValue() float64 {
 }
 
 type Summary struct {
-	SampleCount      *uint64     `protobuf:"varint,1,opt,name=sample_count" json:"sample_count,omitempty"`
-	SampleSum        *float64    `protobuf:"fixed64,2,opt,name=sample_sum" json:"sample_sum,omitempty"`
-	Quantile         []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
-	XXX_unrecognized []byte      `json:"-"`
+	SampleCount          *uint64     `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
+	SampleSum            *float64    `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
+	Quantile             []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
 }
 
 func (m *Summary) Reset()         { *m = Summary{} }
 func (m *Summary) String() string { return proto.CompactTextString(m) }
 func (*Summary) ProtoMessage()    {}
+func (*Summary) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{4}
+}
+
+func (m *Summary) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Summary.Unmarshal(m, b)
+}
+func (m *Summary) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Summary.Marshal(b, m, deterministic)
+}
+func (m *Summary) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Summary.Merge(m, src)
+}
+func (m *Summary) XXX_Size() int {
+	return xxx_messageInfo_Summary.Size(m)
+}
+func (m *Summary) XXX_DiscardUnknown() {
+	xxx_messageInfo_Summary.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Summary proto.InternalMessageInfo
 
 func (m *Summary) GetSampleCount() uint64 {
 	if m != nil && m.SampleCount != nil {
@@ -184,13 +306,36 @@ func (m *Summary) GetQuantile() []*Quantile {
 }
 
 type Untyped struct {
-	Value            *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	Value                *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *Untyped) Reset()         { *m = Untyped{} }
 func (m *Untyped) String() string { return proto.CompactTextString(m) }
 func (*Untyped) ProtoMessage()    {}
+func (*Untyped) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{5}
+}
+
+func (m *Untyped) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Untyped.Unmarshal(m, b)
+}
+func (m *Untyped) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Untyped.Marshal(b, m, deterministic)
+}
+func (m *Untyped) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Untyped.Merge(m, src)
+}
+func (m *Untyped) XXX_Size() int {
+	return xxx_messageInfo_Untyped.Size(m)
+}
+func (m *Untyped) XXX_DiscardUnknown() {
+	xxx_messageInfo_Untyped.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Untyped proto.InternalMessageInfo
 
 func (m *Untyped) GetValue() float64 {
 	if m != nil && m.Value != nil {
@@ -200,15 +345,38 @@ func (m *Untyped) GetValue() float64 {
 }
 
 type Histogram struct {
-	SampleCount      *uint64   `protobuf:"varint,1,opt,name=sample_count" json:"sample_count,omitempty"`
-	SampleSum        *float64  `protobuf:"fixed64,2,opt,name=sample_sum" json:"sample_sum,omitempty"`
-	Bucket           []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"`
-	XXX_unrecognized []byte    `json:"-"`
+	SampleCount          *uint64   `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
+	SampleSum            *float64  `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
+	Bucket               []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
 }
 
 func (m *Histogram) Reset()         { *m = Histogram{} }
 func (m *Histogram) String() string { return proto.CompactTextString(m) }
 func (*Histogram) ProtoMessage()    {}
+func (*Histogram) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{6}
+}
+
+func (m *Histogram) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Histogram.Unmarshal(m, b)
+}
+func (m *Histogram) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Histogram.Marshal(b, m, deterministic)
+}
+func (m *Histogram) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Histogram.Merge(m, src)
+}
+func (m *Histogram) XXX_Size() int {
+	return xxx_messageInfo_Histogram.Size(m)
+}
+func (m *Histogram) XXX_DiscardUnknown() {
+	xxx_messageInfo_Histogram.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Histogram proto.InternalMessageInfo
 
 func (m *Histogram) GetSampleCount() uint64 {
 	if m != nil && m.SampleCount != nil {
@@ -232,14 +400,38 @@ func (m *Histogram) GetBucket() []*Bucket {
 }
 
 type Bucket struct {
-	CumulativeCount  *uint64  `protobuf:"varint,1,opt,name=cumulative_count" json:"cumulative_count,omitempty"`
-	UpperBound       *float64 `protobuf:"fixed64,2,opt,name=upper_bound" json:"upper_bound,omitempty"`
-	XXX_unrecognized []byte   `json:"-"`
+	CumulativeCount      *uint64   `protobuf:"varint,1,opt,name=cumulative_count,json=cumulativeCount" json:"cumulative_count,omitempty"`
+	UpperBound           *float64  `protobuf:"fixed64,2,opt,name=upper_bound,json=upperBound" json:"upper_bound,omitempty"`
+	Exemplar             *Exemplar `protobuf:"bytes,3,opt,name=exemplar" json:"exemplar,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
 }
 
 func (m *Bucket) Reset()         { *m = Bucket{} }
 func (m *Bucket) String() string { return proto.CompactTextString(m) }
 func (*Bucket) ProtoMessage()    {}
+func (*Bucket) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{7}
+}
+
+func (m *Bucket) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Bucket.Unmarshal(m, b)
+}
+func (m *Bucket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Bucket.Marshal(b, m, deterministic)
+}
+func (m *Bucket) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Bucket.Merge(m, src)
+}
+func (m *Bucket) XXX_Size() int {
+	return xxx_messageInfo_Bucket.Size(m)
+}
+func (m *Bucket) XXX_DiscardUnknown() {
+	xxx_messageInfo_Bucket.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Bucket proto.InternalMessageInfo
 
 func (m *Bucket) GetCumulativeCount() uint64 {
 	if m != nil && m.CumulativeCount != nil {
@@ -255,20 +447,105 @@ func (m *Bucket) GetUpperBound() float64 {
 	return 0
 }
 
+func (m *Bucket) GetExemplar() *Exemplar {
+	if m != nil {
+		return m.Exemplar
+	}
+	return nil
+}
+
+type Exemplar struct {
+	Label                []*LabelPair         `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
+	Value                *float64             `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
+	Timestamp            *timestamp.Timestamp `protobuf:"bytes,3,opt,name=timestamp" json:"timestamp,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
+	XXX_unrecognized     []byte               `json:"-"`
+	XXX_sizecache        int32                `json:"-"`
+}
+
+func (m *Exemplar) Reset()         { *m = Exemplar{} }
+func (m *Exemplar) String() string { return proto.CompactTextString(m) }
+func (*Exemplar) ProtoMessage()    {}
+func (*Exemplar) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{8}
+}
+
+func (m *Exemplar) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Exemplar.Unmarshal(m, b)
+}
+func (m *Exemplar) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Exemplar.Marshal(b, m, deterministic)
+}
+func (m *Exemplar) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Exemplar.Merge(m, src)
+}
+func (m *Exemplar) XXX_Size() int {
+	return xxx_messageInfo_Exemplar.Size(m)
+}
+func (m *Exemplar) XXX_DiscardUnknown() {
+	xxx_messageInfo_Exemplar.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Exemplar proto.InternalMessageInfo
+
+func (m *Exemplar) GetLabel() []*LabelPair {
+	if m != nil {
+		return m.Label
+	}
+	return nil
+}
+
+func (m *Exemplar) GetValue() float64 {
+	if m != nil && m.Value != nil {
+		return *m.Value
+	}
+	return 0
+}
+
+func (m *Exemplar) GetTimestamp() *timestamp.Timestamp {
+	if m != nil {
+		return m.Timestamp
+	}
+	return nil
+}
+
 type Metric struct {
-	Label            []*LabelPair `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
-	Gauge            *Gauge       `protobuf:"bytes,2,opt,name=gauge" json:"gauge,omitempty"`
-	Counter          *Counter     `protobuf:"bytes,3,opt,name=counter" json:"counter,omitempty"`
-	Summary          *Summary     `protobuf:"bytes,4,opt,name=summary" json:"summary,omitempty"`
-	Untyped          *Untyped     `protobuf:"bytes,5,opt,name=untyped" json:"untyped,omitempty"`
-	Histogram        *Histogram   `protobuf:"bytes,7,opt,name=histogram" json:"histogram,omitempty"`
-	TimestampMs      *int64       `protobuf:"varint,6,opt,name=timestamp_ms" json:"timestamp_ms,omitempty"`
-	XXX_unrecognized []byte       `json:"-"`
+	Label                []*LabelPair `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
+	Gauge                *Gauge       `protobuf:"bytes,2,opt,name=gauge" json:"gauge,omitempty"`
+	Counter              *Counter     `protobuf:"bytes,3,opt,name=counter" json:"counter,omitempty"`
+	Summary              *Summary     `protobuf:"bytes,4,opt,name=summary" json:"summary,omitempty"`
+	Untyped              *Untyped     `protobuf:"bytes,5,opt,name=untyped" json:"untyped,omitempty"`
+	Histogram            *Histogram   `protobuf:"bytes,7,opt,name=histogram" json:"histogram,omitempty"`
+	TimestampMs          *int64       `protobuf:"varint,6,opt,name=timestamp_ms,json=timestampMs" json:"timestamp_ms,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
+	XXX_unrecognized     []byte       `json:"-"`
+	XXX_sizecache        int32        `json:"-"`
 }
 
 func (m *Metric) Reset()         { *m = Metric{} }
 func (m *Metric) String() string { return proto.CompactTextString(m) }
 func (*Metric) ProtoMessage()    {}
+func (*Metric) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{9}
+}
+
+func (m *Metric) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Metric.Unmarshal(m, b)
+}
+func (m *Metric) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Metric.Marshal(b, m, deterministic)
+}
+func (m *Metric) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Metric.Merge(m, src)
+}
+func (m *Metric) XXX_Size() int {
+	return xxx_messageInfo_Metric.Size(m)
+}
+func (m *Metric) XXX_DiscardUnknown() {
+	xxx_messageInfo_Metric.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Metric proto.InternalMessageInfo
 
 func (m *Metric) GetLabel() []*LabelPair {
 	if m != nil {
@@ -320,16 +597,39 @@ func (m *Metric) GetTimestampMs() int64 {
 }
 
 type MetricFamily struct {
-	Name             *string     `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Help             *string     `protobuf:"bytes,2,opt,name=help" json:"help,omitempty"`
-	Type             *MetricType `protobuf:"varint,3,opt,name=type,enum=io.prometheus.client.MetricType" json:"type,omitempty"`
-	Metric           []*Metric   `protobuf:"bytes,4,rep,name=metric" json:"metric,omitempty"`
-	XXX_unrecognized []byte      `json:"-"`
+	Name                 *string     `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Help                 *string     `protobuf:"bytes,2,opt,name=help" json:"help,omitempty"`
+	Type                 *MetricType `protobuf:"varint,3,opt,name=type,enum=io.prometheus.client.MetricType" json:"type,omitempty"`
+	Metric               []*Metric   `protobuf:"bytes,4,rep,name=metric" json:"metric,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
 }
 
 func (m *MetricFamily) Reset()         { *m = MetricFamily{} }
 func (m *MetricFamily) String() string { return proto.CompactTextString(m) }
 func (*MetricFamily) ProtoMessage()    {}
+func (*MetricFamily) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6039342a2ba47b72, []int{10}
+}
+
+func (m *MetricFamily) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_MetricFamily.Unmarshal(m, b)
+}
+func (m *MetricFamily) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_MetricFamily.Marshal(b, m, deterministic)
+}
+func (m *MetricFamily) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MetricFamily.Merge(m, src)
+}
+func (m *MetricFamily) XXX_Size() int {
+	return xxx_messageInfo_MetricFamily.Size(m)
+}
+func (m *MetricFamily) XXX_DiscardUnknown() {
+	xxx_messageInfo_MetricFamily.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MetricFamily proto.InternalMessageInfo
 
 func (m *MetricFamily) GetName() string {
 	if m != nil && m.Name != nil {
@@ -361,4 +661,63 @@ func (m *MetricFamily) GetMetric() []*Metric {
 
 func init() {
 	proto.RegisterEnum("io.prometheus.client.MetricType", MetricType_name, MetricType_value)
+	proto.RegisterType((*LabelPair)(nil), "io.prometheus.client.LabelPair")
+	proto.RegisterType((*Gauge)(nil), "io.prometheus.client.Gauge")
+	proto.RegisterType((*Counter)(nil), "io.prometheus.client.Counter")
+	proto.RegisterType((*Quantile)(nil), "io.prometheus.client.Quantile")
+	proto.RegisterType((*Summary)(nil), "io.prometheus.client.Summary")
+	proto.RegisterType((*Untyped)(nil), "io.prometheus.client.Untyped")
+	proto.RegisterType((*Histogram)(nil), "io.prometheus.client.Histogram")
+	proto.RegisterType((*Bucket)(nil), "io.prometheus.client.Bucket")
+	proto.RegisterType((*Exemplar)(nil), "io.prometheus.client.Exemplar")
+	proto.RegisterType((*Metric)(nil), "io.prometheus.client.Metric")
+	proto.RegisterType((*MetricFamily)(nil), "io.prometheus.client.MetricFamily")
+}
+
+func init() { proto.RegisterFile("metrics.proto", fileDescriptor_6039342a2ba47b72) }
+
+var fileDescriptor_6039342a2ba47b72 = []byte{
+	// 665 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xcd, 0x6e, 0xd3, 0x4c,
+	0x14, 0xfd, 0xdc, 0x38, 0x3f, 0xbe, 0x69, 0x3f, 0xa2, 0x51, 0x17, 0x56, 0xa1, 0x24, 0x78, 0x55,
+	0x58, 0x38, 0xa2, 0x6a, 0x05, 0x2a, 0xb0, 0x68, 0x4b, 0x48, 0x91, 0x48, 0x5b, 0x26, 0xc9, 0xa2,
+	0xb0, 0x88, 0x1c, 0x77, 0x70, 0x2c, 0x3c, 0xb1, 0xb1, 0x67, 0x2a, 0xb2, 0x66, 0xc1, 0x16, 0x5e,
+	0x81, 0x17, 0x05, 0xcd, 0x8f, 0x6d, 0x2a, 0xb9, 0x95, 0x40, 0xec, 0x66, 0xee, 0x3d, 0xe7, 0xfa,
+	0xcc, 0xf8, 0x9c, 0x81, 0x0d, 0x4a, 0x58, 0x1a, 0xfa, 0x99, 0x9b, 0xa4, 0x31, 0x8b, 0xd1, 0x66,
+	0x18, 0x8b, 0x15, 0x25, 0x6c, 0x41, 0x78, 0xe6, 0xfa, 0x51, 0x48, 0x96, 0x6c, 0xab, 0x1b, 0xc4,
+	0x71, 0x10, 0x91, 0xbe, 0xc4, 0xcc, 0xf9, 0x87, 0x3e, 0x0b, 0x29, 0xc9, 0x98, 0x47, 0x13, 0x45,
+	0x73, 0xf6, 0xc1, 0x7a, 0xe3, 0xcd, 0x49, 0x74, 0xee, 0x85, 0x29, 0x42, 0x60, 0x2e, 0x3d, 0x4a,
+	0x6c, 0xa3, 0x67, 0xec, 0x58, 0x58, 0xae, 0xd1, 0x26, 0xd4, 0xaf, 0xbc, 0x88, 0x13, 0x7b, 0x4d,
+	0x16, 0xd5, 0xc6, 0xd9, 0x86, 0xfa, 0xd0, 0xe3, 0xc1, 0x6f, 0x6d, 0xc1, 0x31, 0xf2, 0xf6, 0x7b,
+	0x68, 0x1e, 0xc7, 0x7c, 0xc9, 0x48, 0x5a, 0x0d, 0x40, 0x07, 0xd0, 0x22, 0x9f, 0x09, 0x4d, 0x22,
+	0x2f, 0x95, 0x83, 0xdb, 0xbb, 0xf7, 0xdd, 0xaa, 0x03, 0xb8, 0x03, 0x8d, 0xc2, 0x05, 0xde, 0x79,
+	0x0e, 0xad, 0xb7, 0xdc, 0x5b, 0xb2, 0x30, 0x22, 0x68, 0x0b, 0x5a, 0x9f, 0xf4, 0x5a, 0x7f, 0xa0,
+	0xd8, 0x5f, 0x57, 0x5e, 0x48, 0xfb, 0x6a, 0x40, 0x73, 0xcc, 0x29, 0xf5, 0xd2, 0x15, 0x7a, 0x00,
+	0xeb, 0x99, 0x47, 0x93, 0x88, 0xcc, 0x7c, 0xa1, 0x56, 0x4e, 0x30, 0x71, 0x5b, 0xd5, 0xe4, 0x01,
+	0xd0, 0x36, 0x80, 0x86, 0x64, 0x9c, 0xea, 0x49, 0x96, 0xaa, 0x8c, 0x39, 0x15, 0xe7, 0x28, 0xbe,
+	0x5f, 0xeb, 0xd5, 0x6e, 0x3e, 0x47, 0xae, 0xb8, 0xd4, 0xe7, 0x74, 0xa1, 0x39, 0x5d, 0xb2, 0x55,
+	0x42, 0x2e, 0x6f, 0xb8, 0xc5, 0x2f, 0x06, 0x58, 0x27, 0x61, 0xc6, 0xe2, 0x20, 0xf5, 0xe8, 0x3f,
+	0x10, 0xbb, 0x07, 0x8d, 0x39, 0xf7, 0x3f, 0x12, 0xa6, 0xa5, 0xde, 0xab, 0x96, 0x7a, 0x24, 0x31,
+	0x58, 0x63, 0x9d, 0x6f, 0x06, 0x34, 0x54, 0x09, 0x3d, 0x84, 0x8e, 0xcf, 0x29, 0x8f, 0x3c, 0x16,
+	0x5e, 0x5d, 0x97, 0x71, 0xa7, 0xac, 0x2b, 0x29, 0x5d, 0x68, 0xf3, 0x24, 0x21, 0xe9, 0x6c, 0x1e,
+	0xf3, 0xe5, 0xa5, 0xd6, 0x02, 0xb2, 0x74, 0x24, 0x2a, 0xd7, 0x1c, 0x50, 0xfb, 0x43, 0x07, 0x7c,
+	0x37, 0xa0, 0x95, 0x97, 0xd1, 0x3e, 0xd4, 0x23, 0xe1, 0x60, 0xdb, 0x90, 0x87, 0xea, 0x56, 0x4f,
+	0x29, 0x4c, 0x8e, 0x15, 0xba, 0xda, 0x1d, 0xe8, 0x29, 0x58, 0x45, 0x42, 0xb4, 0xac, 0x2d, 0x57,
+	0x65, 0xc8, 0xcd, 0x33, 0xe4, 0x4e, 0x72, 0x04, 0x2e, 0xc1, 0xce, 0xcf, 0x35, 0x68, 0x8c, 0x64,
+	0x22, 0xff, 0x56, 0xd1, 0x63, 0xa8, 0x07, 0x22, 0x53, 0x3a, 0x10, 0x77, 0xab, 0x69, 0x32, 0x76,
+	0x58, 0x21, 0xd1, 0x13, 0x68, 0xfa, 0x2a, 0x67, 0x5a, 0xec, 0x76, 0x35, 0x49, 0x87, 0x11, 0xe7,
+	0x68, 0x41, 0xcc, 0x54, 0x08, 0x6c, 0xf3, 0x36, 0xa2, 0x4e, 0x0a, 0xce, 0xd1, 0x82, 0xc8, 0x95,
+	0x69, 0xed, 0xfa, 0x6d, 0x44, 0xed, 0x6c, 0x9c, 0xa3, 0xd1, 0x0b, 0xb0, 0x16, 0xb9, 0x97, 0xed,
+	0xa6, 0xa4, 0xde, 0x70, 0x31, 0x85, 0xe5, 0x71, 0xc9, 0x10, 0xee, 0x2f, 0xee, 0x7a, 0x46, 0x33,
+	0xbb, 0xd1, 0x33, 0x76, 0x6a, 0xb8, 0x5d, 0xd4, 0x46, 0x99, 0xf3, 0xc3, 0x80, 0x75, 0xf5, 0x07,
+	0x5e, 0x79, 0x34, 0x8c, 0x56, 0x95, 0xcf, 0x19, 0x02, 0x73, 0x41, 0xa2, 0x44, 0xbf, 0x66, 0x72,
+	0x8d, 0xf6, 0xc0, 0x14, 0x1a, 0xe5, 0x15, 0xfe, 0xbf, 0xdb, 0xab, 0x56, 0xa5, 0x26, 0x4f, 0x56,
+	0x09, 0xc1, 0x12, 0x2d, 0xd2, 0xa4, 0x5e, 0x60, 0xdb, 0xbc, 0x2d, 0x4d, 0x8a, 0x87, 0x35, 0xf6,
+	0xd1, 0x08, 0xa0, 0x9c, 0x84, 0xda, 0xd0, 0x3c, 0x3e, 0x9b, 0x9e, 0x4e, 0x06, 0xb8, 0xf3, 0x1f,
+	0xb2, 0xa0, 0x3e, 0x3c, 0x9c, 0x0e, 0x07, 0x1d, 0x43, 0xd4, 0xc7, 0xd3, 0xd1, 0xe8, 0x10, 0x5f,
+	0x74, 0xd6, 0xc4, 0x66, 0x7a, 0x3a, 0xb9, 0x38, 0x1f, 0xbc, 0xec, 0xd4, 0xd0, 0x06, 0x58, 0x27,
+	0xaf, 0xc7, 0x93, 0xb3, 0x21, 0x3e, 0x1c, 0x75, 0xcc, 0x23, 0x0c, 0x95, 0xef, 0xfe, 0xbb, 0x83,
+	0x20, 0x64, 0x0b, 0x3e, 0x77, 0xfd, 0x98, 0xf6, 0xcb, 0x6e, 0x5f, 0x75, 0x67, 0x34, 0xbe, 0x24,
+	0x51, 0x3f, 0x88, 0x9f, 0x85, 0xf1, 0xac, 0xec, 0xce, 0x54, 0xf7, 0x57, 0x00, 0x00, 0x00, 0xff,
+	0xff, 0xd0, 0x84, 0x91, 0x73, 0x59, 0x06, 0x00, 0x00,
 }
diff --git a/vendor/github.com/prometheus/common/README.md b/vendor/github.com/prometheus/common/README.md
index 47985e4ad2a6f..4dd257bddb1e8 100644
--- a/vendor/github.com/prometheus/common/README.md
+++ b/vendor/github.com/prometheus/common/README.md
@@ -6,7 +6,11 @@ components and libraries.
 
 * **config**: Common configuration structures
 * **expfmt**: Decoding and encoding for the exposition format
-* **log**: A logging wrapper around [logrus](https://github.com/sirupsen/logrus)
 * **model**: Shared data structures
+* **promlog**: A logging wrapper around [go-kit/log](https://github.com/go-kit/kit/tree/master/log)
 * **route**: A routing wrapper around [httprouter](https://github.com/julienschmidt/httprouter) using `context.Context`
+* **server**: Common servers
 * **version**: Version information and metrics
+
+## Deprecated
+* **log**: A logging wrapper around [logrus](https://github.com/sirupsen/logrus)
diff --git a/vendor/github.com/prometheus/common/expfmt/encode.go b/vendor/github.com/prometheus/common/expfmt/encode.go
index 11839ed65ce37..bd4e34745461e 100644
--- a/vendor/github.com/prometheus/common/expfmt/encode.go
+++ b/vendor/github.com/prometheus/common/expfmt/encode.go
@@ -30,17 +30,38 @@ type Encoder interface {
 	Encode(*dto.MetricFamily) error
 }
 
-type encoder func(*dto.MetricFamily) error
+// Closer is implemented by Encoders that need to be closed to finalize
+// encoding. (For example, OpenMetrics needs a final `# EOF` line.)
+//
+// Note that all Encoder implementations returned from this package implement
+// Closer, too, even if the Close call is a no-op. This happens in preparation
+// for adding a Close method to the Encoder interface directly in a (mildly
+// breaking) release in the future.
+type Closer interface {
+	Close() error
+}
+
+type encoderCloser struct {
+	encode func(*dto.MetricFamily) error
+	close  func() error
+}
 
-func (e encoder) Encode(v *dto.MetricFamily) error {
-	return e(v)
+func (ec encoderCloser) Encode(v *dto.MetricFamily) error {
+	return ec.encode(v)
 }
 
-// Negotiate returns the Content-Type based on the given Accept header.
-// If no appropriate accepted type is found, FmtText is returned.
+func (ec encoderCloser) Close() error {
+	return ec.close()
+}
+
+// Negotiate returns the Content-Type based on the given Accept header. If no
+// appropriate accepted type is found, FmtText is returned (which is the
+// Prometheus text format). This function will never negotiate FmtOpenMetrics,
+// as the support is still experimental. To include the option to negotiate
+// FmtOpenMetrics, use NegotiateOpenMetrics.
 func Negotiate(h http.Header) Format {
 	for _, ac := range goautoneg.ParseAccept(h.Get(hdrAccept)) {
-		// Check for protocol buffer
+		ver := ac.Params["version"]
 		if ac.Type+"/"+ac.SubType == ProtoType && ac.Params["proto"] == ProtoProtocol {
 			switch ac.Params["encoding"] {
 			case "delimited":
@@ -51,38 +72,91 @@ func Negotiate(h http.Header) Format {
 				return FmtProtoCompact
 			}
 		}
-		// Check for text format.
+		if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
+			return FmtText
+		}
+	}
+	return FmtText
+}
+
+// NegotiateIncludingOpenMetrics works like Negotiate but includes
+// FmtOpenMetrics as an option for the result. Note that this function is
+// temporary and will disappear once FmtOpenMetrics is fully supported and as
+// such may be negotiated by the normal Negotiate function.
+func NegotiateIncludingOpenMetrics(h http.Header) Format {
+	for _, ac := range goautoneg.ParseAccept(h.Get(hdrAccept)) {
 		ver := ac.Params["version"]
+		if ac.Type+"/"+ac.SubType == ProtoType && ac.Params["proto"] == ProtoProtocol {
+			switch ac.Params["encoding"] {
+			case "delimited":
+				return FmtProtoDelim
+			case "text":
+				return FmtProtoText
+			case "compact-text":
+				return FmtProtoCompact
+			}
+		}
 		if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
 			return FmtText
 		}
+		if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion || ver == "") {
+			return FmtOpenMetrics
+		}
 	}
 	return FmtText
 }
 
-// NewEncoder returns a new encoder based on content type negotiation.
+// NewEncoder returns a new encoder based on content type negotiation. All
+// Encoder implementations returned by NewEncoder also implement Closer, and
+// callers should always call the Close method. It is currently only required
+// for FmtOpenMetrics, but a future (breaking) release will add the Close method
+// to the Encoder interface directly. The current version of the Encoder
+// interface is kept for backwards compatibility.
 func NewEncoder(w io.Writer, format Format) Encoder {
 	switch format {
 	case FmtProtoDelim:
-		return encoder(func(v *dto.MetricFamily) error {
-			_, err := pbutil.WriteDelimited(w, v)
-			return err
-		})
+		return encoderCloser{
+			encode: func(v *dto.MetricFamily) error {
+				_, err := pbutil.WriteDelimited(w, v)
+				return err
+			},
+			close: func() error { return nil },
+		}
 	case FmtProtoCompact:
-		return encoder(func(v *dto.MetricFamily) error {
-			_, err := fmt.Fprintln(w, v.String())
-			return err
-		})
+		return encoderCloser{
+			encode: func(v *dto.MetricFamily) error {
+				_, err := fmt.Fprintln(w, v.String())
+				return err
+			},
+			close: func() error { return nil },
+		}
 	case FmtProtoText:
-		return encoder(func(v *dto.MetricFamily) error {
-			_, err := fmt.Fprintln(w, proto.MarshalTextString(v))
-			return err
-		})
+		return encoderCloser{
+			encode: func(v *dto.MetricFamily) error {
+				_, err := fmt.Fprintln(w, proto.MarshalTextString(v))
+				return err
+			},
+			close: func() error { return nil },
+		}
 	case FmtText:
-		return encoder(func(v *dto.MetricFamily) error {
-			_, err := MetricFamilyToText(w, v)
-			return err
-		})
+		return encoderCloser{
+			encode: func(v *dto.MetricFamily) error {
+				_, err := MetricFamilyToText(w, v)
+				return err
+			},
+			close: func() error { return nil },
+		}
+	case FmtOpenMetrics:
+		return encoderCloser{
+			encode: func(v *dto.MetricFamily) error {
+				_, err := MetricFamilyToOpenMetrics(w, v)
+				return err
+			},
+			close: func() error {
+				_, err := FinalizeOpenMetrics(w)
+				return err
+			},
+		}
 	}
-	panic("expfmt.NewEncoder: unknown format")
+	panic(fmt.Errorf("expfmt.NewEncoder: unknown format %q", format))
 }
diff --git a/vendor/github.com/prometheus/common/expfmt/expfmt.go b/vendor/github.com/prometheus/common/expfmt/expfmt.go
index c71bcb98167cb..0f176fa64f258 100644
--- a/vendor/github.com/prometheus/common/expfmt/expfmt.go
+++ b/vendor/github.com/prometheus/common/expfmt/expfmt.go
@@ -19,10 +19,12 @@ type Format string
 
 // Constants to assemble the Content-Type values for the different wire protocols.
 const (
-	TextVersion   = "0.0.4"
-	ProtoType     = `application/vnd.google.protobuf`
-	ProtoProtocol = `io.prometheus.client.MetricFamily`
-	ProtoFmt      = ProtoType + "; proto=" + ProtoProtocol + ";"
+	TextVersion        = "0.0.4"
+	ProtoType          = `application/vnd.google.protobuf`
+	ProtoProtocol      = `io.prometheus.client.MetricFamily`
+	ProtoFmt           = ProtoType + "; proto=" + ProtoProtocol + ";"
+	OpenMetricsType    = `application/openmetrics-text`
+	OpenMetricsVersion = "0.0.1"
 
 	// The Content-Type values for the different wire protocols.
 	FmtUnknown      Format = `<unknown>`
@@ -30,6 +32,7 @@ const (
 	FmtProtoDelim   Format = ProtoFmt + ` encoding=delimited`
 	FmtProtoText    Format = ProtoFmt + ` encoding=text`
 	FmtProtoCompact Format = ProtoFmt + ` encoding=compact-text`
+	FmtOpenMetrics  Format = OpenMetricsType + `; version=` + OpenMetricsVersion + `; charset=utf-8`
 )
 
 const (
diff --git a/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go b/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
new file mode 100644
index 0000000000000..8a9313a3bee9c
--- /dev/null
+++ b/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
@@ -0,0 +1,527 @@
+// Copyright 2020 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package expfmt
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"math"
+	"strconv"
+	"strings"
+
+	"github.com/golang/protobuf/ptypes"
+	"github.com/prometheus/common/model"
+
+	dto "github.com/prometheus/client_model/go"
+)
+
+// MetricFamilyToOpenMetrics converts a MetricFamily proto message into the
+// OpenMetrics text format and writes the resulting lines to 'out'. It returns
+// the number of bytes written and any error encountered. The output will have
+// the same order as the input, no further sorting is performed. Furthermore,
+// this function assumes the input is already sanitized and does not perform any
+// sanity checks. If the input contains duplicate metrics or invalid metric or
+// label names, the conversion will result in invalid text format output.
+//
+// This function fulfills the type 'expfmt.encoder'.
+//
+// Note that OpenMetrics requires a final `# EOF` line. Since this function acts
+// on individual metric families, it is the responsibility of the caller to
+// append this line to 'out' once all metric families have been written.
+// Conveniently, this can be done by calling FinalizeOpenMetrics.
+//
+// The output should be fully OpenMetrics compliant. However, there are a few
+// missing features and peculiarities to avoid complications when switching from
+// Prometheus to OpenMetrics or vice versa:
+//
+// - Counters are expected to have the `_total` suffix in their metric name. In
+//   the output, the suffix will be truncated from the `# TYPE` and `# HELP`
+//   line. A counter with a missing `_total` suffix is not an error. However,
+//   its type will be set to `unknown` in that case to avoid invalid OpenMetrics
+//   output.
+//
+// - No support for the following (optional) features: `# UNIT` line, `_created`
+//   line, info type, stateset type, gaugehistogram type.
+//
+// - The size of exemplar labels is not checked (i.e. it's possible to create
+//   exemplars that are larger than allowed by the OpenMetrics specification).
+//
+// - The value of Counters is not checked. (OpenMetrics doesn't allow counters
+//   with a `NaN` value.)
+func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int, err error) {
+	name := in.GetName()
+	if name == "" {
+		return 0, fmt.Errorf("MetricFamily has no name: %s", in)
+	}
+
+	// Try the interface upgrade. If it doesn't work, we'll use a
+	// bufio.Writer from the sync.Pool.
+	w, ok := out.(enhancedWriter)
+	if !ok {
+		b := bufPool.Get().(*bufio.Writer)
+		b.Reset(out)
+		w = b
+		defer func() {
+			bErr := b.Flush()
+			if err == nil {
+				err = bErr
+			}
+			bufPool.Put(b)
+		}()
+	}
+
+	var (
+		n          int
+		metricType = in.GetType()
+		shortName  = name
+	)
+	if metricType == dto.MetricType_COUNTER && strings.HasSuffix(shortName, "_total") {
+		shortName = name[:len(name)-6]
+	}
+
+	// Comments, first HELP, then TYPE.
+	if in.Help != nil {
+		n, err = w.WriteString("# HELP ")
+		written += n
+		if err != nil {
+			return
+		}
+		n, err = w.WriteString(shortName)
+		written += n
+		if err != nil {
+			return
+		}
+		err = w.WriteByte(' ')
+		written++
+		if err != nil {
+			return
+		}
+		n, err = writeEscapedString(w, *in.Help, true)
+		written += n
+		if err != nil {
+			return
+		}
+		err = w.WriteByte('\n')
+		written++
+		if err != nil {
+			return
+		}
+	}
+	n, err = w.WriteString("# TYPE ")
+	written += n
+	if err != nil {
+		return
+	}
+	n, err = w.WriteString(shortName)
+	written += n
+	if err != nil {
+		return
+	}
+	switch metricType {
+	case dto.MetricType_COUNTER:
+		if strings.HasSuffix(name, "_total") {
+			n, err = w.WriteString(" counter\n")
+		} else {
+			n, err = w.WriteString(" unknown\n")
+		}
+	case dto.MetricType_GAUGE:
+		n, err = w.WriteString(" gauge\n")
+	case dto.MetricType_SUMMARY:
+		n, err = w.WriteString(" summary\n")
+	case dto.MetricType_UNTYPED:
+		n, err = w.WriteString(" unknown\n")
+	case dto.MetricType_HISTOGRAM:
+		n, err = w.WriteString(" histogram\n")
+	default:
+		return written, fmt.Errorf("unknown metric type %s", metricType.String())
+	}
+	written += n
+	if err != nil {
+		return
+	}
+
+	// Finally the samples, one line for each.
+	for _, metric := range in.Metric {
+		switch metricType {
+		case dto.MetricType_COUNTER:
+			if metric.Counter == nil {
+				return written, fmt.Errorf(
+					"expected counter in metric %s %s", name, metric,
+				)
+			}
+			// Note that we have ensured above that either the name
+			// ends on `_total` or that the rendered type is
+			// `unknown`. Therefore, no `_total` must be added here.
+			n, err = writeOpenMetricsSample(
+				w, name, "", metric, "", 0,
+				metric.Counter.GetValue(), 0, false,
+				metric.Counter.Exemplar,
+			)
+		case dto.MetricType_GAUGE:
+			if metric.Gauge == nil {
+				return written, fmt.Errorf(
+					"expected gauge in metric %s %s", name, metric,
+				)
+			}
+			n, err = writeOpenMetricsSample(
+				w, name, "", metric, "", 0,
+				metric.Gauge.GetValue(), 0, false,
+				nil,
+			)
+		case dto.MetricType_UNTYPED:
+			if metric.Untyped == nil {
+				return written, fmt.Errorf(
+					"expected untyped in metric %s %s", name, metric,
+				)
+			}
+			n, err = writeOpenMetricsSample(
+				w, name, "", metric, "", 0,
+				metric.Untyped.GetValue(), 0, false,
+				nil,
+			)
+		case dto.MetricType_SUMMARY:
+			if metric.Summary == nil {
+				return written, fmt.Errorf(
+					"expected summary in metric %s %s", name, metric,
+				)
+			}
+			for _, q := range metric.Summary.Quantile {
+				n, err = writeOpenMetricsSample(
+					w, name, "", metric,
+					model.QuantileLabel, q.GetQuantile(),
+					q.GetValue(), 0, false,
+					nil,
+				)
+				written += n
+				if err != nil {
+					return
+				}
+			}
+			n, err = writeOpenMetricsSample(
+				w, name, "_sum", metric, "", 0,
+				metric.Summary.GetSampleSum(), 0, false,
+				nil,
+			)
+			written += n
+			if err != nil {
+				return
+			}
+			n, err = writeOpenMetricsSample(
+				w, name, "_count", metric, "", 0,
+				0, metric.Summary.GetSampleCount(), true,
+				nil,
+			)
+		case dto.MetricType_HISTOGRAM:
+			if metric.Histogram == nil {
+				return written, fmt.Errorf(
+					"expected histogram in metric %s %s", name, metric,
+				)
+			}
+			infSeen := false
+			for _, b := range metric.Histogram.Bucket {
+				n, err = writeOpenMetricsSample(
+					w, name, "_bucket", metric,
+					model.BucketLabel, b.GetUpperBound(),
+					0, b.GetCumulativeCount(), true,
+					b.Exemplar,
+				)
+				written += n
+				if err != nil {
+					return
+				}
+				if math.IsInf(b.GetUpperBound(), +1) {
+					infSeen = true
+				}
+			}
+			if !infSeen {
+				n, err = writeOpenMetricsSample(
+					w, name, "_bucket", metric,
+					model.BucketLabel, math.Inf(+1),
+					0, metric.Histogram.GetSampleCount(), true,
+					nil,
+				)
+				written += n
+				if err != nil {
+					return
+				}
+			}
+			n, err = writeOpenMetricsSample(
+				w, name, "_sum", metric, "", 0,
+				metric.Histogram.GetSampleSum(), 0, false,
+				nil,
+			)
+			written += n
+			if err != nil {
+				return
+			}
+			n, err = writeOpenMetricsSample(
+				w, name, "_count", metric, "", 0,
+				0, metric.Histogram.GetSampleCount(), true,
+				nil,
+			)
+		default:
+			return written, fmt.Errorf(
+				"unexpected type in metric %s %s", name, metric,
+			)
+		}
+		written += n
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+// FinalizeOpenMetrics writes the final `# EOF\n` line required by OpenMetrics.
+func FinalizeOpenMetrics(w io.Writer) (written int, err error) {
+	return w.Write([]byte("# EOF\n"))
+}
+
+// writeOpenMetricsSample writes a single sample in OpenMetrics text format to
+// w, given the metric name, the metric proto message itself, optionally an
+// additional label name with a float64 value (use empty string as label name if
+// not required), the value (optionally as float64 or uint64, determined by
+// useIntValue), and optionally an exemplar (use nil if not required). The
+// function returns the number of bytes written and any error encountered.
+func writeOpenMetricsSample(
+	w enhancedWriter,
+	name, suffix string,
+	metric *dto.Metric,
+	additionalLabelName string, additionalLabelValue float64,
+	floatValue float64, intValue uint64, useIntValue bool,
+	exemplar *dto.Exemplar,
+) (int, error) {
+	var written int
+	n, err := w.WriteString(name)
+	written += n
+	if err != nil {
+		return written, err
+	}
+	if suffix != "" {
+		n, err = w.WriteString(suffix)
+		written += n
+		if err != nil {
+			return written, err
+		}
+	}
+	n, err = writeOpenMetricsLabelPairs(
+		w, metric.Label, additionalLabelName, additionalLabelValue,
+	)
+	written += n
+	if err != nil {
+		return written, err
+	}
+	err = w.WriteByte(' ')
+	written++
+	if err != nil {
+		return written, err
+	}
+	if useIntValue {
+		n, err = writeUint(w, intValue)
+	} else {
+		n, err = writeOpenMetricsFloat(w, floatValue)
+	}
+	written += n
+	if err != nil {
+		return written, err
+	}
+	if metric.TimestampMs != nil {
+		err = w.WriteByte(' ')
+		written++
+		if err != nil {
+			return written, err
+		}
+		// TODO(beorn7): Format this directly without converting to a float first.
+		n, err = writeOpenMetricsFloat(w, float64(*metric.TimestampMs)/1000)
+		written += n
+		if err != nil {
+			return written, err
+		}
+	}
+	if exemplar != nil {
+		n, err = writeExemplar(w, exemplar)
+		written += n
+		if err != nil {
+			return written, err
+		}
+	}
+	err = w.WriteByte('\n')
+	written++
+	if err != nil {
+		return written, err
+	}
+	return written, nil
+}
+
+// writeOpenMetricsLabelPairs works like writeOpenMetrics but formats the float
+// in OpenMetrics style.
+func writeOpenMetricsLabelPairs(
+	w enhancedWriter,
+	in []*dto.LabelPair,
+	additionalLabelName string, additionalLabelValue float64,
+) (int, error) {
+	if len(in) == 0 && additionalLabelName == "" {
+		return 0, nil
+	}
+	var (
+		written   int
+		separator byte = '{'
+	)
+	for _, lp := range in {
+		err := w.WriteByte(separator)
+		written++
+		if err != nil {
+			return written, err
+		}
+		n, err := w.WriteString(lp.GetName())
+		written += n
+		if err != nil {
+			return written, err
+		}
+		n, err = w.WriteString(`="`)
+		written += n
+		if err != nil {
+			return written, err
+		}
+		n, err = writeEscapedString(w, lp.GetValue(), true)
+		written += n
+		if err != nil {
+			return written, err
+		}
+		err = w.WriteByte('"')
+		written++
+		if err != nil {
+			return written, err
+		}
+		separator = ','
+	}
+	if additionalLabelName != "" {
+		err := w.WriteByte(separator)
+		written++
+		if err != nil {
+			return written, err
+		}
+		n, err := w.WriteString(additionalLabelName)
+		written += n
+		if err != nil {
+			return written, err
+		}
+		n, err = w.WriteString(`="`)
+		written += n
+		if err != nil {
+			return written, err
+		}
+		n, err = writeOpenMetricsFloat(w, additionalLabelValue)
+		written += n
+		if err != nil {
+			return written, err
+		}
+		err = w.WriteByte('"')
+		written++
+		if err != nil {
+			return written, err
+		}
+	}
+	err := w.WriteByte('}')
+	written++
+	if err != nil {
+		return written, err
+	}
+	return written, nil
+}
+
+// writeExemplar writes the provided exemplar in OpenMetrics format to w. The
+// function returns the number of bytes written and any error encountered.
+func writeExemplar(w enhancedWriter, e *dto.Exemplar) (int, error) {
+	written := 0
+	n, err := w.WriteString(" # ")
+	written += n
+	if err != nil {
+		return written, err
+	}
+	n, err = writeOpenMetricsLabelPairs(w, e.Label, "", 0)
+	written += n
+	if err != nil {
+		return written, err
+	}
+	err = w.WriteByte(' ')
+	written++
+	if err != nil {
+		return written, err
+	}
+	n, err = writeOpenMetricsFloat(w, e.GetValue())
+	written += n
+	if err != nil {
+		return written, err
+	}
+	if e.Timestamp != nil {
+		err = w.WriteByte(' ')
+		written++
+		if err != nil {
+			return written, err
+		}
+		ts, err := ptypes.Timestamp((*e).Timestamp)
+		if err != nil {
+			return written, err
+		}
+		// TODO(beorn7): Format this directly from components of ts to
+		// avoid overflow/underflow and precision issues of the float
+		// conversion.
+		n, err = writeOpenMetricsFloat(w, float64(ts.UnixNano())/1e9)
+		written += n
+		if err != nil {
+			return written, err
+		}
+	}
+	return written, nil
+}
+
+// writeOpenMetricsFloat works like writeFloat but appends ".0" if the resulting
+// number would otherwise contain neither a "." nor an "e".
+func writeOpenMetricsFloat(w enhancedWriter, f float64) (int, error) {
+	switch {
+	case f == 1:
+		return w.WriteString("1.0")
+	case f == 0:
+		return w.WriteString("0.0")
+	case f == -1:
+		return w.WriteString("-1.0")
+	case math.IsNaN(f):
+		return w.WriteString("NaN")
+	case math.IsInf(f, +1):
+		return w.WriteString("+Inf")
+	case math.IsInf(f, -1):
+		return w.WriteString("-Inf")
+	default:
+		bp := numBufPool.Get().(*[]byte)
+		*bp = strconv.AppendFloat((*bp)[:0], f, 'g', -1, 64)
+		if !bytes.ContainsAny(*bp, "e.") {
+			*bp = append(*bp, '.', '0')
+		}
+		written, err := w.Write(*bp)
+		numBufPool.Put(bp)
+		return written, err
+	}
+}
+
+// writeUint is like writeInt just for uint64.
+func writeUint(w enhancedWriter, u uint64) (int, error) {
+	bp := numBufPool.Get().(*[]byte)
+	*bp = strconv.AppendUint((*bp)[:0], u, 10)
+	written, err := w.Write(*bp)
+	numBufPool.Put(bp)
+	return written, err
+}
diff --git a/vendor/github.com/prometheus/common/expfmt/text_create.go b/vendor/github.com/prometheus/common/expfmt/text_create.go
index f11321cd0c726..5ba503b06547d 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_create.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_create.go
@@ -14,13 +14,45 @@
 package expfmt
 
 import (
+	"bufio"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"math"
+	"strconv"
 	"strings"
+	"sync"
 
-	dto "github.com/prometheus/client_model/go"
 	"github.com/prometheus/common/model"
+
+	dto "github.com/prometheus/client_model/go"
+)
+
+// enhancedWriter has all the enhanced write functions needed here. bufio.Writer
+// implements it.
+type enhancedWriter interface {
+	io.Writer
+	WriteRune(r rune) (n int, err error)
+	WriteString(s string) (n int, err error)
+	WriteByte(c byte) error
+}
+
+const (
+	initialNumBufSize = 24
+)
+
+var (
+	bufPool = sync.Pool{
+		New: func() interface{} {
+			return bufio.NewWriter(ioutil.Discard)
+		},
+	}
+	numBufPool = sync.Pool{
+		New: func() interface{} {
+			b := make([]byte, 0, initialNumBufSize)
+			return &b
+		},
+	}
 )
 
 // MetricFamilyToText converts a MetricFamily proto message into text format and
@@ -32,37 +64,90 @@ import (
 // will result in invalid text format output.
 //
 // This method fulfills the type 'prometheus.encoder'.
-func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (int, error) {
-	var written int
-
+func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (written int, err error) {
 	// Fail-fast checks.
 	if len(in.Metric) == 0 {
-		return written, fmt.Errorf("MetricFamily has no metrics: %s", in)
+		return 0, fmt.Errorf("MetricFamily has no metrics: %s", in)
 	}
 	name := in.GetName()
 	if name == "" {
-		return written, fmt.Errorf("MetricFamily has no name: %s", in)
+		return 0, fmt.Errorf("MetricFamily has no name: %s", in)
+	}
+
+	// Try the interface upgrade. If it doesn't work, we'll use a
+	// bufio.Writer from the sync.Pool.
+	w, ok := out.(enhancedWriter)
+	if !ok {
+		b := bufPool.Get().(*bufio.Writer)
+		b.Reset(out)
+		w = b
+		defer func() {
+			bErr := b.Flush()
+			if err == nil {
+				err = bErr
+			}
+			bufPool.Put(b)
+		}()
 	}
 
+	var n int
+
 	// Comments, first HELP, then TYPE.
 	if in.Help != nil {
-		n, err := fmt.Fprintf(
-			out, "# HELP %s %s\n",
-			name, escapeString(*in.Help, false),
-		)
+		n, err = w.WriteString("# HELP ")
 		written += n
 		if err != nil {
-			return written, err
+			return
+		}
+		n, err = w.WriteString(name)
+		written += n
+		if err != nil {
+			return
+		}
+		err = w.WriteByte(' ')
+		written++
+		if err != nil {
+			return
 		}
+		n, err = writeEscapedString(w, *in.Help, false)
+		written += n
+		if err != nil {
+			return
+		}
+		err = w.WriteByte('\n')
+		written++
+		if err != nil {
+			return
+		}
+	}
+	n, err = w.WriteString("# TYPE ")
+	written += n
+	if err != nil {
+		return
+	}
+	n, err = w.WriteString(name)
+	written += n
+	if err != nil {
+		return
 	}
 	metricType := in.GetType()
-	n, err := fmt.Fprintf(
-		out, "# TYPE %s %s\n",
-		name, strings.ToLower(metricType.String()),
-	)
+	switch metricType {
+	case dto.MetricType_COUNTER:
+		n, err = w.WriteString(" counter\n")
+	case dto.MetricType_GAUGE:
+		n, err = w.WriteString(" gauge\n")
+	case dto.MetricType_SUMMARY:
+		n, err = w.WriteString(" summary\n")
+	case dto.MetricType_UNTYPED:
+		n, err = w.WriteString(" untyped\n")
+	case dto.MetricType_HISTOGRAM:
+		n, err = w.WriteString(" histogram\n")
+	default:
+		return written, fmt.Errorf("unknown metric type %s", metricType.String())
+	}
 	written += n
 	if err != nil {
-		return written, err
+		return
 	}
 
 	// Finally the samples, one line for each.
@@ -75,9 +160,8 @@ func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (int, error) {
 				)
 			}
 			n, err = writeSample(
-				name, metric, "", "",
+				w, name, "", metric, "", 0,
 				metric.Counter.GetValue(),
-				out,
 			)
 		case dto.MetricType_GAUGE:
 			if metric.Gauge == nil {
@@ -86,9 +170,8 @@ func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (int, error) {
 				)
 			}
 			n, err = writeSample(
-				name, metric, "", "",
+				w, name, "", metric, "", 0,
 				metric.Gauge.GetValue(),
-				out,
 			)
 		case dto.MetricType_UNTYPED:
 			if metric.Untyped == nil {
@@ -97,9 +180,8 @@ func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (int, error) {
 				)
 			}
 			n, err = writeSample(
-				name, metric, "", "",
+				w, name, "", metric, "", 0,
 				metric.Untyped.GetValue(),
-				out,
 			)
 		case dto.MetricType_SUMMARY:
 			if metric.Summary == nil {
@@ -109,29 +191,26 @@ func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (int, error) {
 			}
 			for _, q := range metric.Summary.Quantile {
 				n, err = writeSample(
-					name, metric,
-					model.QuantileLabel, fmt.Sprint(q.GetQuantile()),
+					w, name, "", metric,
+					model.QuantileLabel, q.GetQuantile(),
 					q.GetValue(),
-					out,
 				)
 				written += n
 				if err != nil {
-					return written, err
+					return
 				}
 			}
 			n, err = writeSample(
-				name+"_sum", metric, "", "",
+				w, name, "_sum", metric, "", 0,
 				metric.Summary.GetSampleSum(),
-				out,
 			)
+			written += n
 			if err != nil {
-				return written, err
+				return
 			}
-			written += n
 			n, err = writeSample(
-				name+"_count", metric, "", "",
+				w, name, "_count", metric, "", 0,
 				float64(metric.Summary.GetSampleCount()),
-				out,
 			)
 		case dto.MetricType_HISTOGRAM:
 			if metric.Histogram == nil {
@@ -140,46 +219,42 @@ func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (int, error) {
 				)
 			}
 			infSeen := false
-			for _, q := range metric.Histogram.Bucket {
+			for _, b := range metric.Histogram.Bucket {
 				n, err = writeSample(
-					name+"_bucket", metric,
-					model.BucketLabel, fmt.Sprint(q.GetUpperBound()),
-					float64(q.GetCumulativeCount()),
-					out,
+					w, name, "_bucket", metric,
+					model.BucketLabel, b.GetUpperBound(),
+					float64(b.GetCumulativeCount()),
 				)
 				written += n
 				if err != nil {
-					return written, err
+					return
 				}
-				if math.IsInf(q.GetUpperBound(), +1) {
+				if math.IsInf(b.GetUpperBound(), +1) {
 					infSeen = true
 				}
 			}
 			if !infSeen {
 				n, err = writeSample(
-					name+"_bucket", metric,
-					model.BucketLabel, "+Inf",
+					w, name, "_bucket", metric,
+					model.BucketLabel, math.Inf(+1),
 					float64(metric.Histogram.GetSampleCount()),
-					out,
 				)
+				written += n
 				if err != nil {
-					return written, err
+					return
 				}
-				written += n
 			}
 			n, err = writeSample(
-				name+"_sum", metric, "", "",
+				w, name, "_sum", metric, "", 0,
 				metric.Histogram.GetSampleSum(),
-				out,
 			)
+			written += n
 			if err != nil {
-				return written, err
+				return
 			}
-			written += n
 			n, err = writeSample(
-				name+"_count", metric, "", "",
+				w, name, "_count", metric, "", 0,
 				float64(metric.Histogram.GetSampleCount()),
-				out,
 			)
 		default:
 			return written, fmt.Errorf(
@@ -188,116 +263,203 @@ func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (int, error) {
 		}
 		written += n
 		if err != nil {
-			return written, err
+			return
 		}
 	}
-	return written, nil
+	return
 }
 
-// writeSample writes a single sample in text format to out, given the metric
+// writeSample writes a single sample in text format to w, given the metric
 // name, the metric proto message itself, optionally an additional label name
-// and value (use empty strings if not required), and the value. The function
-// returns the number of bytes written and any error encountered.
+// with a float64 value (use empty string as label name if not required), and
+// the value. The function returns the number of bytes written and any error
+// encountered.
 func writeSample(
-	name string,
+	w enhancedWriter,
+	name, suffix string,
 	metric *dto.Metric,
-	additionalLabelName, additionalLabelValue string,
+	additionalLabelName string, additionalLabelValue float64,
 	value float64,
-	out io.Writer,
 ) (int, error) {
 	var written int
-	n, err := fmt.Fprint(out, name)
+	n, err := w.WriteString(name)
 	written += n
 	if err != nil {
 		return written, err
 	}
-	n, err = labelPairsToText(
-		metric.Label,
-		additionalLabelName, additionalLabelValue,
-		out,
+	if suffix != "" {
+		n, err = w.WriteString(suffix)
+		written += n
+		if err != nil {
+			return written, err
+		}
+	}
+	n, err = writeLabelPairs(
+		w, metric.Label, additionalLabelName, additionalLabelValue,
 	)
 	written += n
 	if err != nil {
 		return written, err
 	}
-	n, err = fmt.Fprintf(out, " %v", value)
+	err = w.WriteByte(' ')
+	written++
+	if err != nil {
+		return written, err
+	}
+	n, err = writeFloat(w, value)
 	written += n
 	if err != nil {
 		return written, err
 	}
 	if metric.TimestampMs != nil {
-		n, err = fmt.Fprintf(out, " %v", *metric.TimestampMs)
+		err = w.WriteByte(' ')
+		written++
+		if err != nil {
+			return written, err
+		}
+		n, err = writeInt(w, *metric.TimestampMs)
 		written += n
 		if err != nil {
 			return written, err
 		}
 	}
-	n, err = out.Write([]byte{'\n'})
-	written += n
+	err = w.WriteByte('\n')
+	written++
 	if err != nil {
 		return written, err
 	}
 	return written, nil
 }
 
-// labelPairsToText converts a slice of LabelPair proto messages plus the
+// writeLabelPairs converts a slice of LabelPair proto messages plus the
 // explicitly given additional label pair into text formatted as required by the
-// text format and writes it to 'out'. An empty slice in combination with an
-// empty string 'additionalLabelName' results in nothing being
-// written. Otherwise, the label pairs are written, escaped as required by the
-// text format, and enclosed in '{...}'. The function returns the number of
-// bytes written and any error encountered.
-func labelPairsToText(
+// text format and writes it to 'w'. An empty slice in combination with an empty
+// string 'additionalLabelName' results in nothing being written. Otherwise, the
+// label pairs are written, escaped as required by the text format, and enclosed
+// in '{...}'. The function returns the number of bytes written and any error
+// encountered.
+func writeLabelPairs(
+	w enhancedWriter,
 	in []*dto.LabelPair,
-	additionalLabelName, additionalLabelValue string,
-	out io.Writer,
+	additionalLabelName string, additionalLabelValue float64,
 ) (int, error) {
 	if len(in) == 0 && additionalLabelName == "" {
 		return 0, nil
 	}
-	var written int
-	separator := '{'
+	var (
+		written   int
+		separator byte = '{'
+	)
 	for _, lp := range in {
-		n, err := fmt.Fprintf(
-			out, `%c%s="%s"`,
-			separator, lp.GetName(), escapeString(lp.GetValue(), true),
-		)
+		err := w.WriteByte(separator)
+		written++
+		if err != nil {
+			return written, err
+		}
+		n, err := w.WriteString(lp.GetName())
+		written += n
+		if err != nil {
+			return written, err
+		}
+		n, err = w.WriteString(`="`)
+		written += n
+		if err != nil {
+			return written, err
+		}
+		n, err = writeEscapedString(w, lp.GetValue(), true)
 		written += n
 		if err != nil {
 			return written, err
 		}
+		err = w.WriteByte('"')
+		written++
+		if err != nil {
+			return written, err
+		}
 		separator = ','
 	}
 	if additionalLabelName != "" {
-		n, err := fmt.Fprintf(
-			out, `%c%s="%s"`,
-			separator, additionalLabelName,
-			escapeString(additionalLabelValue, true),
-		)
+		err := w.WriteByte(separator)
+		written++
+		if err != nil {
+			return written, err
+		}
+		n, err := w.WriteString(additionalLabelName)
+		written += n
+		if err != nil {
+			return written, err
+		}
+		n, err = w.WriteString(`="`)
+		written += n
+		if err != nil {
+			return written, err
+		}
+		n, err = writeFloat(w, additionalLabelValue)
 		written += n
 		if err != nil {
 			return written, err
 		}
+		err = w.WriteByte('"')
+		written++
+		if err != nil {
+			return written, err
+		}
 	}
-	n, err := out.Write([]byte{'}'})
-	written += n
+	err := w.WriteByte('}')
+	written++
 	if err != nil {
 		return written, err
 	}
 	return written, nil
 }
 
+// writeEscapedString replaces '\' by '\\', new line character by '\n', and - if
+// includeDoubleQuote is true - '"' by '\"'.
 var (
-	escape                = strings.NewReplacer("\\", `\\`, "\n", `\n`)
-	escapeWithDoubleQuote = strings.NewReplacer("\\", `\\`, "\n", `\n`, "\"", `\"`)
+	escaper       = strings.NewReplacer("\\", `\\`, "\n", `\n`)
+	quotedEscaper = strings.NewReplacer("\\", `\\`, "\n", `\n`, "\"", `\"`)
 )
 
-// escapeString replaces '\' by '\\', new line character by '\n', and - if
-// includeDoubleQuote is true - '"' by '\"'.
-func escapeString(v string, includeDoubleQuote bool) string {
+func writeEscapedString(w enhancedWriter, v string, includeDoubleQuote bool) (int, error) {
 	if includeDoubleQuote {
-		return escapeWithDoubleQuote.Replace(v)
+		return quotedEscaper.WriteString(w, v)
+	}
+	return escaper.WriteString(w, v)
+}
+
+// writeFloat is equivalent to fmt.Fprint with a float64 argument but hardcodes
+// a few common cases for increased efficiency. For non-hardcoded cases, it uses
+// strconv.AppendFloat to avoid allocations, similar to writeInt.
+func writeFloat(w enhancedWriter, f float64) (int, error) {
+	switch {
+	case f == 1:
+		return 1, w.WriteByte('1')
+	case f == 0:
+		return 1, w.WriteByte('0')
+	case f == -1:
+		return w.WriteString("-1")
+	case math.IsNaN(f):
+		return w.WriteString("NaN")
+	case math.IsInf(f, +1):
+		return w.WriteString("+Inf")
+	case math.IsInf(f, -1):
+		return w.WriteString("-Inf")
+	default:
+		bp := numBufPool.Get().(*[]byte)
+		*bp = strconv.AppendFloat((*bp)[:0], f, 'g', -1, 64)
+		written, err := w.Write(*bp)
+		numBufPool.Put(bp)
+		return written, err
 	}
+}
 
-	return escape.Replace(v)
+// writeInt is equivalent to fmt.Fprint with an int64 argument but uses
+// strconv.AppendInt with a byte slice taken from a sync.Pool to avoid
+// allocations.
+func writeInt(w enhancedWriter, i int64) (int, error) {
+	bp := numBufPool.Get().(*[]byte)
+	*bp = strconv.AppendInt((*bp)[:0], i, 10)
+	written, err := w.Write(*bp)
+	numBufPool.Put(bp)
+	return written, err
 }
diff --git a/vendor/github.com/prometheus/common/expfmt/text_parse.go b/vendor/github.com/prometheus/common/expfmt/text_parse.go
index b86290afa399b..342e5940d0f7d 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_parse.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_parse.go
@@ -325,7 +325,7 @@ func (p *TextParser) startLabelValue() stateFn {
 	// - Other labels have to be added to currentLabels for signature calculation.
 	if p.currentMF.GetType() == dto.MetricType_SUMMARY {
 		if p.currentLabelPair.GetName() == model.QuantileLabel {
-			if p.currentQuantile, p.err = strconv.ParseFloat(p.currentLabelPair.GetValue(), 64); p.err != nil {
+			if p.currentQuantile, p.err = parseFloat(p.currentLabelPair.GetValue()); p.err != nil {
 				// Create a more helpful error message.
 				p.parseError(fmt.Sprintf("expected float as value for 'quantile' label, got %q", p.currentLabelPair.GetValue()))
 				return nil
@@ -337,7 +337,7 @@ func (p *TextParser) startLabelValue() stateFn {
 	// Similar special treatment of histograms.
 	if p.currentMF.GetType() == dto.MetricType_HISTOGRAM {
 		if p.currentLabelPair.GetName() == model.BucketLabel {
-			if p.currentBucket, p.err = strconv.ParseFloat(p.currentLabelPair.GetValue(), 64); p.err != nil {
+			if p.currentBucket, p.err = parseFloat(p.currentLabelPair.GetValue()); p.err != nil {
 				// Create a more helpful error message.
 				p.parseError(fmt.Sprintf("expected float as value for 'le' label, got %q", p.currentLabelPair.GetValue()))
 				return nil
@@ -359,7 +359,7 @@ func (p *TextParser) startLabelValue() stateFn {
 		}
 		return p.readingValue
 	default:
-		p.parseError(fmt.Sprintf("unexpected end of label value %q", p.currentLabelPair.Value))
+		p.parseError(fmt.Sprintf("unexpected end of label value %q", p.currentLabelPair.GetValue()))
 		return nil
 	}
 }
@@ -392,7 +392,7 @@ func (p *TextParser) readingValue() stateFn {
 	if p.readTokenUntilWhitespace(); p.err != nil {
 		return nil // Unexpected end of input.
 	}
-	value, err := strconv.ParseFloat(p.currentToken.String(), 64)
+	value, err := parseFloat(p.currentToken.String())
 	if err != nil {
 		// Create a more helpful error message.
 		p.parseError(fmt.Sprintf("expected float as value, got %q", p.currentToken.String()))
@@ -755,3 +755,10 @@ func histogramMetricName(name string) string {
 		return name
 	}
 }
+
+func parseFloat(s string) (float64, error) {
+	if strings.ContainsAny(s, "pP_") {
+		return 0, fmt.Errorf("unsupported character in float")
+	}
+	return strconv.ParseFloat(s, 64)
+}
diff --git a/vendor/github.com/prometheus/common/go.mod b/vendor/github.com/prometheus/common/go.mod
new file mode 100644
index 0000000000000..de597e7135039
--- /dev/null
+++ b/vendor/github.com/prometheus/common/go.mod
@@ -0,0 +1,22 @@
+module github.com/prometheus/common
+
+require (
+	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
+	github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4 // indirect
+	github.com/go-kit/kit v0.9.0
+	github.com/go-logfmt/logfmt v0.4.0 // indirect
+	github.com/golang/protobuf v1.3.2
+	github.com/julienschmidt/httprouter v1.2.0
+	github.com/matttproud/golang_protobuf_extensions v1.0.1
+	github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223
+	github.com/pkg/errors v0.8.1
+	github.com/prometheus/client_golang v1.0.0
+	github.com/prometheus/client_model v0.2.0
+	github.com/sirupsen/logrus v1.4.2
+	golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 // indirect
+	golang.org/x/sys v0.0.0-20190422165155-953cdadca894
+	gopkg.in/alecthomas/kingpin.v2 v2.2.6
+	gopkg.in/yaml.v2 v2.2.4
+)
+
+go 1.11
diff --git a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go b/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go
index 648b38cb6546d..26e92288c7c09 100644
--- a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go
+++ b/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go
@@ -1,12 +1,12 @@
 /*
+Copyright (c) 2011, Open Knowledge Foundation Ltd.
+All rights reserved.
+
 HTTP Content-Type Autonegotiation.
 
 The functions in this package implement the behaviour specified in
 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
 
-Copyright (c) 2011, Open Knowledge Foundation Ltd.
-All rights reserved.
-
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
diff --git a/vendor/github.com/prometheus/common/model/metric.go b/vendor/github.com/prometheus/common/model/metric.go
index f7250909b9fd3..00804b7fedb02 100644
--- a/vendor/github.com/prometheus/common/model/metric.go
+++ b/vendor/github.com/prometheus/common/model/metric.go
@@ -21,7 +21,6 @@ import (
 )
 
 var (
-	separator = []byte{0}
 	// MetricNameRE is a regular expression matching valid metric
 	// names. Note that the IsValidMetricName function performs the same
 	// check but faster than a match with this regular expression.
diff --git a/vendor/github.com/prometheus/common/model/time.go b/vendor/github.com/prometheus/common/model/time.go
index 74ed5a9f7e9cd..7b0064fdb2329 100644
--- a/vendor/github.com/prometheus/common/model/time.go
+++ b/vendor/github.com/prometheus/common/model/time.go
@@ -43,7 +43,7 @@ const (
 // (1970-01-01 00:00 UTC) excluding leap seconds.
 type Time int64
 
-// Interval describes and interval between two timestamps.
+// Interval describes an interval between two timestamps.
 type Interval struct {
 	Start, End Time
 }
@@ -150,7 +150,13 @@ func (t *Time) UnmarshalJSON(b []byte) error {
 			return err
 		}
 
-		*t = Time(v + va)
+		// If the value was something like -0.1 the negative is lost in the
+		// parsing because of the leading zero, this ensures that we capture it.
+		if len(p[0]) > 0 && p[0][0] == '-' && v+va > 0 {
+			*t = Time(v+va) * -1
+		} else {
+			*t = Time(v + va)
+		}
 
 	default:
 		return fmt.Errorf("invalid time %q", string(b))
diff --git a/vendor/github.com/prometheus/procfs/README.md b/vendor/github.com/prometheus/procfs/README.md
index 2095494719b08..55d1e3261c9d9 100644
--- a/vendor/github.com/prometheus/procfs/README.md
+++ b/vendor/github.com/prometheus/procfs/README.md
@@ -1,7 +1,7 @@
 # procfs
 
-This procfs package provides functions to retrieve system, kernel and process
-metrics from the pseudo-filesystem proc.
+This package provides functions to retrieve system, kernel, and process
+metrics from the pseudo-filesystems /proc and /sys.
 
 *WARNING*: This package is a work in progress. Its API may still break in
 backwards-incompatible ways without warnings. Use it at your own risk.
@@ -9,3 +9,53 @@ backwards-incompatible ways without warnings. Use it at your own risk.
 [![GoDoc](https://godoc.org/github.com/prometheus/procfs?status.png)](https://godoc.org/github.com/prometheus/procfs)
 [![Build Status](https://travis-ci.org/prometheus/procfs.svg?branch=master)](https://travis-ci.org/prometheus/procfs)
 [![Go Report Card](https://goreportcard.com/badge/github.com/prometheus/procfs)](https://goreportcard.com/report/github.com/prometheus/procfs)
+
+## Usage
+
+The procfs library is organized by packages based on whether the gathered data is coming from
+/proc, /sys, or both.  Each package contains an `FS` type which represents the path to either /proc, 
+/sys, or both.  For example, cpu statistics are gathered from
+`/proc/stat` and are available via the root procfs package.  First, the proc filesystem mount
+point is initialized, and then the stat information is read.
+
+```go
+fs, err := procfs.NewFS("/proc")
+stats, err := fs.Stat()
+```
+
+Some sub-packages such as `blockdevice`, require access to both the proc and sys filesystems.
+
+```go
+    fs, err := blockdevice.NewFS("/proc", "/sys")
+    stats, err := fs.ProcDiskstats()
+```
+
+## Package Organization
+
+The packages in this project are organized according to (1) whether the data comes from the `/proc` or
+`/sys` filesystem and (2) the type of information being retrieved.  For example, most process information
+can be gathered from the functions in the root `procfs` package.  Information about block devices such as disk drives
+is available in the `blockdevices` sub-package.
+
+## Building and Testing
+
+The procfs library is intended to be built as part of another application, so there are no distributable binaries.  
+However, most of the API includes unit tests which can be run with `make test`.
+
+### Updating Test Fixtures
+
+The procfs library includes a set of test fixtures which include many example files from
+the `/proc` and `/sys` filesystems.  These fixtures are included as a [ttar](https://github.com/ideaship/ttar) file
+which is extracted automatically during testing.  To add/update the test fixtures, first
+ensure the `fixtures` directory is up to date by removing the existing directory and then
+extracting the ttar file using `make fixtures/.unpacked` or just `make test`.
+
+```bash
+rm -rf fixtures
+make test
+```
+
+Next, make the required changes to the extracted files in the `fixtures` directory.  When
+the changes are complete, run `make update_fixtures` to create a new `fixtures.ttar` file
+based on the updated `fixtures` directory.  And finally, verify the changes using
+`git diff fixtures.ttar`.
diff --git a/vendor/github.com/prometheus/procfs/arp.go b/vendor/github.com/prometheus/procfs/arp.go
new file mode 100644
index 0000000000000..916c9182a8b10
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/arp.go
@@ -0,0 +1,85 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"strings"
+)
+
+// ARPEntry contains a single row of the columnar data represented in
+// /proc/net/arp.
+type ARPEntry struct {
+	// IP address
+	IPAddr net.IP
+	// MAC address
+	HWAddr net.HardwareAddr
+	// Name of the device
+	Device string
+}
+
+// GatherARPEntries retrieves all the ARP entries, parse the relevant columns,
+// and then return a slice of ARPEntry's.
+func (fs FS) GatherARPEntries() ([]ARPEntry, error) {
+	data, err := ioutil.ReadFile(fs.proc.Path("net/arp"))
+	if err != nil {
+		return nil, fmt.Errorf("error reading arp %s: %s", fs.proc.Path("net/arp"), err)
+	}
+
+	return parseARPEntries(data)
+}
+
+func parseARPEntries(data []byte) ([]ARPEntry, error) {
+	lines := strings.Split(string(data), "\n")
+	entries := make([]ARPEntry, 0)
+	var err error
+	const (
+		expectedDataWidth   = 6
+		expectedHeaderWidth = 9
+	)
+	for _, line := range lines {
+		columns := strings.Fields(line)
+		width := len(columns)
+
+		if width == expectedHeaderWidth || width == 0 {
+			continue
+		} else if width == expectedDataWidth {
+			entry, err := parseARPEntry(columns)
+			if err != nil {
+				return []ARPEntry{}, fmt.Errorf("failed to parse ARP entry: %s", err)
+			}
+			entries = append(entries, entry)
+		} else {
+			return []ARPEntry{}, fmt.Errorf("%d columns were detected, but %d were expected", width, expectedDataWidth)
+		}
+
+	}
+
+	return entries, err
+}
+
+func parseARPEntry(columns []string) (ARPEntry, error) {
+	ip := net.ParseIP(columns[0])
+	mac := net.HardwareAddr(columns[3])
+
+	entry := ARPEntry{
+		IPAddr: ip,
+		HWAddr: mac,
+		Device: columns[5],
+	}
+
+	return entry, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/buddyinfo.go b/vendor/github.com/prometheus/procfs/buddyinfo.go
index d3a8268078c7b..10bd067a0a55d 100644
--- a/vendor/github.com/prometheus/procfs/buddyinfo.go
+++ b/vendor/github.com/prometheus/procfs/buddyinfo.go
@@ -31,19 +31,9 @@ type BuddyInfo struct {
 	Sizes []float64
 }
 
-// NewBuddyInfo reads the buddyinfo statistics.
-func NewBuddyInfo() ([]BuddyInfo, error) {
-	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
-		return nil, err
-	}
-
-	return fs.NewBuddyInfo()
-}
-
-// NewBuddyInfo reads the buddyinfo statistics from the specified `proc` filesystem.
-func (fs FS) NewBuddyInfo() ([]BuddyInfo, error) {
-	file, err := os.Open(fs.Path("buddyinfo"))
+// BuddyInfo reads the buddyinfo statistics from the specified `proc` filesystem.
+func (fs FS) BuddyInfo() ([]BuddyInfo, error) {
+	file, err := os.Open(fs.proc.Path("buddyinfo"))
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo.go b/vendor/github.com/prometheus/procfs/cpuinfo.go
new file mode 100644
index 0000000000000..2e02215528f09
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/cpuinfo.go
@@ -0,0 +1,167 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// CPUInfo contains general information about a system CPU found in /proc/cpuinfo
+type CPUInfo struct {
+	Processor       uint
+	VendorID        string
+	CPUFamily       string
+	Model           string
+	ModelName       string
+	Stepping        string
+	Microcode       string
+	CPUMHz          float64
+	CacheSize       string
+	PhysicalID      string
+	Siblings        uint
+	CoreID          string
+	CPUCores        uint
+	APICID          string
+	InitialAPICID   string
+	FPU             string
+	FPUException    string
+	CPUIDLevel      uint
+	WP              string
+	Flags           []string
+	Bugs            []string
+	BogoMips        float64
+	CLFlushSize     uint
+	CacheAlignment  uint
+	AddressSizes    string
+	PowerManagement string
+}
+
+// CPUInfo returns information about current system CPUs.
+// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
+func (fs FS) CPUInfo() ([]CPUInfo, error) {
+	data, err := util.ReadFileNoStat(fs.proc.Path("cpuinfo"))
+	if err != nil {
+		return nil, err
+	}
+	return parseCPUInfo(data)
+}
+
+// parseCPUInfo parses data from /proc/cpuinfo
+func parseCPUInfo(info []byte) ([]CPUInfo, error) {
+	cpuinfo := []CPUInfo{}
+	i := -1
+	scanner := bufio.NewScanner(bytes.NewReader(info))
+	for scanner.Scan() {
+		line := scanner.Text()
+		if strings.TrimSpace(line) == "" {
+			continue
+		}
+		field := strings.SplitN(line, ": ", 2)
+		switch strings.TrimSpace(field[0]) {
+		case "processor":
+			cpuinfo = append(cpuinfo, CPUInfo{}) // start of the next processor
+			i++
+			v, err := strconv.ParseUint(field[1], 0, 32)
+			if err != nil {
+				return nil, err
+			}
+			cpuinfo[i].Processor = uint(v)
+		case "vendor_id":
+			cpuinfo[i].VendorID = field[1]
+		case "cpu family":
+			cpuinfo[i].CPUFamily = field[1]
+		case "model":
+			cpuinfo[i].Model = field[1]
+		case "model name":
+			cpuinfo[i].ModelName = field[1]
+		case "stepping":
+			cpuinfo[i].Stepping = field[1]
+		case "microcode":
+			cpuinfo[i].Microcode = field[1]
+		case "cpu MHz":
+			v, err := strconv.ParseFloat(field[1], 64)
+			if err != nil {
+				return nil, err
+			}
+			cpuinfo[i].CPUMHz = v
+		case "cache size":
+			cpuinfo[i].CacheSize = field[1]
+		case "physical id":
+			cpuinfo[i].PhysicalID = field[1]
+		case "siblings":
+			v, err := strconv.ParseUint(field[1], 0, 32)
+			if err != nil {
+				return nil, err
+			}
+			cpuinfo[i].Siblings = uint(v)
+		case "core id":
+			cpuinfo[i].CoreID = field[1]
+		case "cpu cores":
+			v, err := strconv.ParseUint(field[1], 0, 32)
+			if err != nil {
+				return nil, err
+			}
+			cpuinfo[i].CPUCores = uint(v)
+		case "apicid":
+			cpuinfo[i].APICID = field[1]
+		case "initial apicid":
+			cpuinfo[i].InitialAPICID = field[1]
+		case "fpu":
+			cpuinfo[i].FPU = field[1]
+		case "fpu_exception":
+			cpuinfo[i].FPUException = field[1]
+		case "cpuid level":
+			v, err := strconv.ParseUint(field[1], 0, 32)
+			if err != nil {
+				return nil, err
+			}
+			cpuinfo[i].CPUIDLevel = uint(v)
+		case "wp":
+			cpuinfo[i].WP = field[1]
+		case "flags":
+			cpuinfo[i].Flags = strings.Fields(field[1])
+		case "bugs":
+			cpuinfo[i].Bugs = strings.Fields(field[1])
+		case "bogomips":
+			v, err := strconv.ParseFloat(field[1], 64)
+			if err != nil {
+				return nil, err
+			}
+			cpuinfo[i].BogoMips = v
+		case "clflush size":
+			v, err := strconv.ParseUint(field[1], 0, 32)
+			if err != nil {
+				return nil, err
+			}
+			cpuinfo[i].CLFlushSize = uint(v)
+		case "cache_alignment":
+			v, err := strconv.ParseUint(field[1], 0, 32)
+			if err != nil {
+				return nil, err
+			}
+			cpuinfo[i].CacheAlignment = uint(v)
+		case "address sizes":
+			cpuinfo[i].AddressSizes = field[1]
+		case "power management":
+			cpuinfo[i].PowerManagement = field[1]
+		}
+	}
+	return cpuinfo, nil
+
+}
diff --git a/vendor/github.com/prometheus/procfs/crypto.go b/vendor/github.com/prometheus/procfs/crypto.go
new file mode 100644
index 0000000000000..a9589337577bb
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/crypto.go
@@ -0,0 +1,153 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// Crypto holds info parsed from /proc/crypto.
+type Crypto struct {
+	Alignmask   *uint64
+	Async       bool
+	Blocksize   *uint64
+	Chunksize   *uint64
+	Ctxsize     *uint64
+	Digestsize  *uint64
+	Driver      string
+	Geniv       string
+	Internal    string
+	Ivsize      *uint64
+	Maxauthsize *uint64
+	MaxKeysize  *uint64
+	MinKeysize  *uint64
+	Module      string
+	Name        string
+	Priority    *int64
+	Refcnt      *int64
+	Seedsize    *uint64
+	Selftest    string
+	Type        string
+	Walksize    *uint64
+}
+
+// Crypto parses an crypto-file (/proc/crypto) and returns a slice of
+// structs containing the relevant info.  More information available here:
+// https://kernel.readthedocs.io/en/sphinx-samples/crypto-API.html
+func (fs FS) Crypto() ([]Crypto, error) {
+	path := fs.proc.Path("crypto")
+	b, err := util.ReadFileNoStat(path)
+	if err != nil {
+		return nil, fmt.Errorf("error reading crypto %s: %s", path, err)
+	}
+
+	crypto, err := parseCrypto(bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("error parsing crypto %s: %s", path, err)
+	}
+
+	return crypto, nil
+}
+
+// parseCrypto parses a /proc/crypto stream into Crypto elements.
+func parseCrypto(r io.Reader) ([]Crypto, error) {
+	var out []Crypto
+
+	s := bufio.NewScanner(r)
+	for s.Scan() {
+		text := s.Text()
+		switch {
+		case strings.HasPrefix(text, "name"):
+			// Each crypto element begins with its name.
+			out = append(out, Crypto{})
+		case text == "":
+			continue
+		}
+
+		kv := strings.Split(text, ":")
+		if len(kv) != 2 {
+			return nil, fmt.Errorf("malformed crypto line: %q", text)
+		}
+
+		k := strings.TrimSpace(kv[0])
+		v := strings.TrimSpace(kv[1])
+
+		// Parse the key/value pair into the currently focused element.
+		c := &out[len(out)-1]
+		if err := c.parseKV(k, v); err != nil {
+			return nil, err
+		}
+	}
+
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
+
+	return out, nil
+}
+
+// parseKV parses a key/value pair into the appropriate field of c.
+func (c *Crypto) parseKV(k, v string) error {
+	vp := util.NewValueParser(v)
+
+	switch k {
+	case "async":
+		// Interpret literal yes as true.
+		c.Async = v == "yes"
+	case "blocksize":
+		c.Blocksize = vp.PUInt64()
+	case "chunksize":
+		c.Chunksize = vp.PUInt64()
+	case "digestsize":
+		c.Digestsize = vp.PUInt64()
+	case "driver":
+		c.Driver = v
+	case "geniv":
+		c.Geniv = v
+	case "internal":
+		c.Internal = v
+	case "ivsize":
+		c.Ivsize = vp.PUInt64()
+	case "maxauthsize":
+		c.Maxauthsize = vp.PUInt64()
+	case "max keysize":
+		c.MaxKeysize = vp.PUInt64()
+	case "min keysize":
+		c.MinKeysize = vp.PUInt64()
+	case "module":
+		c.Module = v
+	case "name":
+		c.Name = v
+	case "priority":
+		c.Priority = vp.PInt64()
+	case "refcnt":
+		c.Refcnt = vp.PInt64()
+	case "seedsize":
+		c.Seedsize = vp.PUInt64()
+	case "selftest":
+		c.Selftest = v
+	case "type":
+		c.Type = v
+	case "walksize":
+		c.Walksize = vp.PUInt64()
+	}
+
+	return vp.Err()
+}
diff --git a/vendor/github.com/prometheus/procfs/fs.go b/vendor/github.com/prometheus/procfs/fs.go
index b6c6b2ce1f06d..0102ab0fd856c 100644
--- a/vendor/github.com/prometheus/procfs/fs.go
+++ b/vendor/github.com/prometheus/procfs/fs.go
@@ -14,69 +14,30 @@
 package procfs
 
 import (
-	"fmt"
-	"os"
-	"path"
-
-	"github.com/prometheus/procfs/nfs"
-	"github.com/prometheus/procfs/xfs"
+	"github.com/prometheus/procfs/internal/fs"
 )
 
-// FS represents the pseudo-filesystem proc, which provides an interface to
+// FS represents the pseudo-filesystem sys, which provides an interface to
 // kernel data structures.
-type FS string
-
-// DefaultMountPoint is the common mount point of the proc filesystem.
-const DefaultMountPoint = "/proc"
-
-// NewFS returns a new FS mounted under the given mountPoint. It will error
-// if the mount point can't be read.
-func NewFS(mountPoint string) (FS, error) {
-	info, err := os.Stat(mountPoint)
-	if err != nil {
-		return "", fmt.Errorf("could not read %s: %s", mountPoint, err)
-	}
-	if !info.IsDir() {
-		return "", fmt.Errorf("mount point %s is not a directory", mountPoint)
-	}
-
-	return FS(mountPoint), nil
-}
-
-// Path returns the path of the given subsystem relative to the procfs root.
-func (fs FS) Path(p ...string) string {
-	return path.Join(append([]string{string(fs)}, p...)...)
+type FS struct {
+	proc fs.FS
 }
 
-// XFSStats retrieves XFS filesystem runtime statistics.
-func (fs FS) XFSStats() (*xfs.Stats, error) {
-	f, err := os.Open(fs.Path("fs/xfs/stat"))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	return xfs.ParseStats(f)
-}
-
-// NFSClientRPCStats retrieves NFS client RPC statistics.
-func (fs FS) NFSClientRPCStats() (*nfs.ClientRPCStats, error) {
-	f, err := os.Open(fs.Path("net/rpc/nfs"))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
+// DefaultMountPoint is the common mount point of the proc filesystem.
+const DefaultMountPoint = fs.DefaultProcMountPoint
 
-	return nfs.ParseClientRPCStats(f)
+// NewDefaultFS returns a new proc FS mounted under the default proc mountPoint.
+// It will error if the mount point directory can't be read or is a file.
+func NewDefaultFS() (FS, error) {
+	return NewFS(DefaultMountPoint)
 }
 
-// NFSdServerRPCStats retrieves NFS daemon RPC statistics.
-func (fs FS) NFSdServerRPCStats() (*nfs.ServerRPCStats, error) {
-	f, err := os.Open(fs.Path("net/rpc/nfsd"))
+// NewFS returns a new proc FS mounted under the given proc mountPoint. It will error
+// if the mount point directory can't be read or is a file.
+func NewFS(mountPoint string) (FS, error) {
+	fs, err := fs.NewFS(mountPoint)
 	if err != nil {
-		return nil, err
+		return FS{}, err
 	}
-	defer f.Close()
-
-	return nfs.ParseServerRPCStats(f)
+	return FS{fs}, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/go.mod b/vendor/github.com/prometheus/procfs/go.mod
new file mode 100644
index 0000000000000..ded48253cd663
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/go.mod
@@ -0,0 +1,9 @@
+module github.com/prometheus/procfs
+
+go 1.12
+
+require (
+	github.com/google/go-cmp v0.3.1
+	golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
+	golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e
+)
diff --git a/vendor/github.com/prometheus/procfs/internal/fs/fs.go b/vendor/github.com/prometheus/procfs/internal/fs/fs.go
new file mode 100644
index 0000000000000..565e89e42c4dc
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/internal/fs/fs.go
@@ -0,0 +1,55 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package fs
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+)
+
+const (
+	// DefaultProcMountPoint is the common mount point of the proc filesystem.
+	DefaultProcMountPoint = "/proc"
+
+	// DefaultSysMountPoint is the common mount point of the sys filesystem.
+	DefaultSysMountPoint = "/sys"
+
+	// DefaultConfigfsMountPoint is the common mount point of the configfs
+	DefaultConfigfsMountPoint = "/sys/kernel/config"
+)
+
+// FS represents a pseudo-filesystem, normally /proc or /sys, which provides an
+// interface to kernel data structures.
+type FS string
+
+// NewFS returns a new FS mounted under the given mountPoint. It will error
+// if the mount point can't be read.
+func NewFS(mountPoint string) (FS, error) {
+	info, err := os.Stat(mountPoint)
+	if err != nil {
+		return "", fmt.Errorf("could not read %s: %s", mountPoint, err)
+	}
+	if !info.IsDir() {
+		return "", fmt.Errorf("mount point %s is not a directory", mountPoint)
+	}
+
+	return FS(mountPoint), nil
+}
+
+// Path appends the given path elements to the filesystem path, adding separators
+// as necessary.
+func (fs FS) Path(p ...string) string {
+	return filepath.Join(append([]string{string(fs)}, p...)...)
+}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/parse.go b/vendor/github.com/prometheus/procfs/internal/util/parse.go
index 1ad21c91a3315..755591d9a5e96 100644
--- a/vendor/github.com/prometheus/procfs/internal/util/parse.go
+++ b/vendor/github.com/prometheus/procfs/internal/util/parse.go
@@ -13,7 +13,11 @@
 
 package util
 
-import "strconv"
+import (
+	"io/ioutil"
+	"strconv"
+	"strings"
+)
 
 // ParseUint32s parses a slice of strings into a slice of uint32s.
 func ParseUint32s(ss []string) ([]uint32, error) {
@@ -44,3 +48,41 @@ func ParseUint64s(ss []string) ([]uint64, error) {
 
 	return us, nil
 }
+
+// ParsePInt64s parses a slice of strings into a slice of int64 pointers.
+func ParsePInt64s(ss []string) ([]*int64, error) {
+	us := make([]*int64, 0, len(ss))
+	for _, s := range ss {
+		u, err := strconv.ParseInt(s, 10, 64)
+		if err != nil {
+			return nil, err
+		}
+
+		us = append(us, &u)
+	}
+
+	return us, nil
+}
+
+// ReadUintFromFile reads a file and attempts to parse a uint64 from it.
+func ReadUintFromFile(path string) (uint64, error) {
+	data, err := ioutil.ReadFile(path)
+	if err != nil {
+		return 0, err
+	}
+	return strconv.ParseUint(strings.TrimSpace(string(data)), 10, 64)
+}
+
+// ParseBool parses a string into a boolean pointer.
+func ParseBool(b string) *bool {
+	var truth bool
+	switch b {
+	case "enabled":
+		truth = true
+	case "disabled":
+		truth = false
+	default:
+		return nil
+	}
+	return &truth
+}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/readfile.go b/vendor/github.com/prometheus/procfs/internal/util/readfile.go
new file mode 100644
index 0000000000000..8051161b2aa4d
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/internal/util/readfile.go
@@ -0,0 +1,38 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+)
+
+// ReadFileNoStat uses ioutil.ReadAll to read contents of entire file.
+// This is similar to ioutil.ReadFile but without the call to os.Stat, because
+// many files in /proc and /sys report incorrect file sizes (either 0 or 4096).
+// Reads a max file size of 512kB.  For files larger than this, a scanner
+// should be used.
+func ReadFileNoStat(filename string) ([]byte, error) {
+	const maxBufferSize = 1024 * 512
+
+	f, err := os.Open(filename)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	reader := io.LimitReader(f, maxBufferSize)
+	return ioutil.ReadAll(reader)
+}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go b/vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go
new file mode 100644
index 0000000000000..c07de0b6c9c6a
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go
@@ -0,0 +1,48 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build linux,!appengine
+
+package util
+
+import (
+	"bytes"
+	"os"
+	"syscall"
+)
+
+// SysReadFile is a simplified ioutil.ReadFile that invokes syscall.Read directly.
+// https://github.com/prometheus/node_exporter/pull/728/files
+//
+// Note that this function will not read files larger than 128 bytes.
+func SysReadFile(file string) (string, error) {
+	f, err := os.Open(file)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+
+	// On some machines, hwmon drivers are broken and return EAGAIN.  This causes
+	// Go's ioutil.ReadFile implementation to poll forever.
+	//
+	// Since we either want to read data or bail immediately, do the simplest
+	// possible read using syscall directly.
+	const sysFileBufferSize = 128
+	b := make([]byte, sysFileBufferSize)
+	n, err := syscall.Read(int(f.Fd()), b)
+	if err != nil {
+		return "", err
+	}
+
+	return string(bytes.TrimSpace(b[:n])), nil
+}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/sysreadfile_compat.go b/vendor/github.com/prometheus/procfs/internal/util/sysreadfile_compat.go
new file mode 100644
index 0000000000000..bd55b45377dbc
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/internal/util/sysreadfile_compat.go
@@ -0,0 +1,26 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build linux,appengine !linux
+
+package util
+
+import (
+	"fmt"
+)
+
+// SysReadFile is here implemented as a noop for builds that do not support
+// the read syscall. For example Windows, or Linux on Google App Engine.
+func SysReadFile(file string) (string, error) {
+	return "", fmt.Errorf("not supported on this platform")
+}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/valueparser.go b/vendor/github.com/prometheus/procfs/internal/util/valueparser.go
new file mode 100644
index 0000000000000..fe2355d3c6ffe
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/internal/util/valueparser.go
@@ -0,0 +1,91 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"strconv"
+)
+
+// TODO(mdlayher): util packages are an anti-pattern and this should be moved
+// somewhere else that is more focused in the future.
+
+// A ValueParser enables parsing a single string into a variety of data types
+// in a concise and safe way. The Err method must be invoked after invoking
+// any other methods to ensure a value was successfully parsed.
+type ValueParser struct {
+	v   string
+	err error
+}
+
+// NewValueParser creates a ValueParser using the input string.
+func NewValueParser(v string) *ValueParser {
+	return &ValueParser{v: v}
+}
+
+// Int interprets the underlying value as an int and returns that value.
+func (vp *ValueParser) Int() int { return int(vp.int64()) }
+
+// PInt64 interprets the underlying value as an int64 and returns a pointer to
+// that value.
+func (vp *ValueParser) PInt64() *int64 {
+	if vp.err != nil {
+		return nil
+	}
+
+	v := vp.int64()
+	return &v
+}
+
+// int64 interprets the underlying value as an int64 and returns that value.
+// TODO: export if/when necessary.
+func (vp *ValueParser) int64() int64 {
+	if vp.err != nil {
+		return 0
+	}
+
+	// A base value of zero makes ParseInt infer the correct base using the
+	// string's prefix, if any.
+	const base = 0
+	v, err := strconv.ParseInt(vp.v, base, 64)
+	if err != nil {
+		vp.err = err
+		return 0
+	}
+
+	return v
+}
+
+// PUInt64 interprets the underlying value as an uint64 and returns a pointer to
+// that value.
+func (vp *ValueParser) PUInt64() *uint64 {
+	if vp.err != nil {
+		return nil
+	}
+
+	// A base value of zero makes ParseInt infer the correct base using the
+	// string's prefix, if any.
+	const base = 0
+	v, err := strconv.ParseUint(vp.v, base, 64)
+	if err != nil {
+		vp.err = err
+		return nil
+	}
+
+	return &v
+}
+
+// Err returns the last error, if any, encountered by the ValueParser.
+func (vp *ValueParser) Err() error {
+	return vp.err
+}
diff --git a/vendor/github.com/prometheus/procfs/ipvs.go b/vendor/github.com/prometheus/procfs/ipvs.go
index e36d4a3bd08e2..89e447746cfe1 100644
--- a/vendor/github.com/prometheus/procfs/ipvs.go
+++ b/vendor/github.com/prometheus/procfs/ipvs.go
@@ -15,6 +15,7 @@ package procfs
 
 import (
 	"bufio"
+	"bytes"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -24,6 +25,8 @@ import (
 	"os"
 	"strconv"
 	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
 )
 
 // IPVSStats holds IPVS statistics, as exposed by the kernel in `/proc/net/ip_vs_stats`.
@@ -62,29 +65,18 @@ type IPVSBackendStatus struct {
 	Weight uint64
 }
 
-// NewIPVSStats reads the IPVS statistics.
-func NewIPVSStats() (IPVSStats, error) {
-	fs, err := NewFS(DefaultMountPoint)
+// IPVSStats reads the IPVS statistics from the specified `proc` filesystem.
+func (fs FS) IPVSStats() (IPVSStats, error) {
+	data, err := util.ReadFileNoStat(fs.proc.Path("net/ip_vs_stats"))
 	if err != nil {
 		return IPVSStats{}, err
 	}
 
-	return fs.NewIPVSStats()
-}
-
-// NewIPVSStats reads the IPVS statistics from the specified `proc` filesystem.
-func (fs FS) NewIPVSStats() (IPVSStats, error) {
-	file, err := os.Open(fs.Path("net/ip_vs_stats"))
-	if err != nil {
-		return IPVSStats{}, err
-	}
-	defer file.Close()
-
-	return parseIPVSStats(file)
+	return parseIPVSStats(bytes.NewReader(data))
 }
 
 // parseIPVSStats performs the actual parsing of `ip_vs_stats`.
-func parseIPVSStats(file io.Reader) (IPVSStats, error) {
+func parseIPVSStats(r io.Reader) (IPVSStats, error) {
 	var (
 		statContent []byte
 		statLines   []string
@@ -92,7 +84,7 @@ func parseIPVSStats(file io.Reader) (IPVSStats, error) {
 		stats       IPVSStats
 	)
 
-	statContent, err := ioutil.ReadAll(file)
+	statContent, err := ioutil.ReadAll(r)
 	if err != nil {
 		return IPVSStats{}, err
 	}
@@ -131,19 +123,9 @@ func parseIPVSStats(file io.Reader) (IPVSStats, error) {
 	return stats, nil
 }
 
-// NewIPVSBackendStatus reads and returns the status of all (virtual,real) server pairs.
-func NewIPVSBackendStatus() ([]IPVSBackendStatus, error) {
-	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
-		return []IPVSBackendStatus{}, err
-	}
-
-	return fs.NewIPVSBackendStatus()
-}
-
-// NewIPVSBackendStatus reads and returns the status of all (virtual,real) server pairs from the specified `proc` filesystem.
-func (fs FS) NewIPVSBackendStatus() ([]IPVSBackendStatus, error) {
-	file, err := os.Open(fs.Path("net/ip_vs"))
+// IPVSBackendStatus reads and returns the status of all (virtual,real) server pairs from the specified `proc` filesystem.
+func (fs FS) IPVSBackendStatus() ([]IPVSBackendStatus, error) {
+	file, err := os.Open(fs.proc.Path("net/ip_vs"))
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/prometheus/procfs/loadavg.go b/vendor/github.com/prometheus/procfs/loadavg.go
new file mode 100644
index 0000000000000..00bbe14417274
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/loadavg.go
@@ -0,0 +1,62 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// LoadAvg represents an entry in /proc/loadavg
+type LoadAvg struct {
+	Load1  float64
+	Load5  float64
+	Load15 float64
+}
+
+// LoadAvg returns loadavg from /proc.
+func (fs FS) LoadAvg() (*LoadAvg, error) {
+	path := fs.proc.Path("loadavg")
+
+	data, err := util.ReadFileNoStat(path)
+	if err != nil {
+		return nil, err
+	}
+	return parseLoad(data)
+}
+
+// Parse /proc loadavg and return 1m, 5m and 15m.
+func parseLoad(loadavgBytes []byte) (*LoadAvg, error) {
+	loads := make([]float64, 3)
+	parts := strings.Fields(string(loadavgBytes))
+	if len(parts) < 3 {
+		return nil, fmt.Errorf("malformed loadavg line: too few fields in loadavg string: %s", string(loadavgBytes))
+	}
+
+	var err error
+	for i, load := range parts[0:3] {
+		loads[i], err = strconv.ParseFloat(load, 64)
+		if err != nil {
+			return nil, fmt.Errorf("could not parse load '%s': %s", load, err)
+		}
+	}
+	return &LoadAvg{
+		Load1:  loads[0],
+		Load5:  loads[1],
+		Load15: loads[2],
+	}, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/mdstat.go b/vendor/github.com/prometheus/procfs/mdstat.go
index 9dc19583d8d00..2af3ada180453 100644
--- a/vendor/github.com/prometheus/procfs/mdstat.go
+++ b/vendor/github.com/prometheus/procfs/mdstat.go
@@ -22,8 +22,8 @@ import (
 )
 
 var (
-	statuslineRE = regexp.MustCompile(`(\d+) blocks .*\[(\d+)/(\d+)\] \[[U_]+\]`)
-	buildlineRE  = regexp.MustCompile(`\((\d+)/\d+\)`)
+	statusLineRE   = regexp.MustCompile(`(\d+) blocks .*\[(\d+)/(\d+)\] \[[U_]+\]`)
+	recoveryLineRE = regexp.MustCompile(`\((\d+)/\d+\)`)
 )
 
 // MDStat holds info parsed from /proc/mdstat.
@@ -34,117 +34,160 @@ type MDStat struct {
 	ActivityState string
 	// Number of active disks.
 	DisksActive int64
-	// Total number of disks the device consists of.
+	// Total number of disks the device requires.
 	DisksTotal int64
+	// Number of failed disks.
+	DisksFailed int64
+	// Spare disks in the device.
+	DisksSpare int64
 	// Number of blocks the device holds.
 	BlocksTotal int64
 	// Number of blocks on the device that are in sync.
 	BlocksSynced int64
 }
 
-// ParseMDStat parses an mdstat-file and returns a struct with the relevant infos.
-func (fs FS) ParseMDStat() (mdstates []MDStat, err error) {
-	mdStatusFilePath := fs.Path("mdstat")
-	content, err := ioutil.ReadFile(mdStatusFilePath)
+// MDStat parses an mdstat-file (/proc/mdstat) and returns a slice of
+// structs containing the relevant info.  More information available here:
+// https://raid.wiki.kernel.org/index.php/Mdstat
+func (fs FS) MDStat() ([]MDStat, error) {
+	data, err := ioutil.ReadFile(fs.proc.Path("mdstat"))
 	if err != nil {
-		return []MDStat{}, fmt.Errorf("error parsing %s: %s", mdStatusFilePath, err)
+		return nil, fmt.Errorf("error parsing mdstat %s: %s", fs.proc.Path("mdstat"), err)
 	}
+	mdstat, err := parseMDStat(data)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing mdstat %s: %s", fs.proc.Path("mdstat"), err)
+	}
+	return mdstat, nil
+}
 
-	mdStates := []MDStat{}
-	lines := strings.Split(string(content), "\n")
-	for i, l := range lines {
-		if l == "" {
-			continue
-		}
-		if l[0] == ' ' {
-			continue
-		}
-		if strings.HasPrefix(l, "Personalities") || strings.HasPrefix(l, "unused") {
+// parseMDStat parses data from mdstat file (/proc/mdstat) and returns a slice of
+// structs containing the relevant info.
+func parseMDStat(mdStatData []byte) ([]MDStat, error) {
+	mdStats := []MDStat{}
+	lines := strings.Split(string(mdStatData), "\n")
+
+	for i, line := range lines {
+		if strings.TrimSpace(line) == "" || line[0] == ' ' ||
+			strings.HasPrefix(line, "Personalities") ||
+			strings.HasPrefix(line, "unused") {
 			continue
 		}
 
-		mainLine := strings.Split(l, " ")
-		if len(mainLine) < 3 {
-			return mdStates, fmt.Errorf("error parsing mdline: %s", l)
+		deviceFields := strings.Fields(line)
+		if len(deviceFields) < 3 {
+			return nil, fmt.Errorf("not enough fields in mdline (expected at least 3): %s", line)
 		}
-		mdName := mainLine[0]
-		activityState := mainLine[2]
+		mdName := deviceFields[0] // mdx
+		state := deviceFields[2]  // active or inactive
 
 		if len(lines) <= i+3 {
-			return mdStates, fmt.Errorf(
-				"error parsing %s: too few lines for md device %s",
-				mdStatusFilePath,
+			return nil, fmt.Errorf(
+				"error parsing %s: too few lines for md device",
 				mdName,
 			)
 		}
 
-		active, total, size, err := evalStatusline(lines[i+1])
+		// Failed disks have the suffix (F) & Spare disks have the suffix (S).
+		fail := int64(strings.Count(line, "(F)"))
+		spare := int64(strings.Count(line, "(S)"))
+		active, total, size, err := evalStatusLine(lines[i], lines[i+1])
+
 		if err != nil {
-			return mdStates, fmt.Errorf("error parsing %s: %s", mdStatusFilePath, err)
+			return nil, fmt.Errorf("error parsing md device lines: %s", err)
 		}
 
-		// j is the line number of the syncing-line.
-		j := i + 2
+		syncLineIdx := i + 2
 		if strings.Contains(lines[i+2], "bitmap") { // skip bitmap line
-			j = i + 3
+			syncLineIdx++
 		}
 
 		// If device is syncing at the moment, get the number of currently
 		// synced bytes, otherwise that number equals the size of the device.
 		syncedBlocks := size
-		if strings.Contains(lines[j], "recovery") || strings.Contains(lines[j], "resync") {
-			syncedBlocks, err = evalBuildline(lines[j])
-			if err != nil {
-				return mdStates, fmt.Errorf("error parsing %s: %s", mdStatusFilePath, err)
+		recovering := strings.Contains(lines[syncLineIdx], "recovery")
+		resyncing := strings.Contains(lines[syncLineIdx], "resync")
+
+		// Append recovery and resyncing state info.
+		if recovering || resyncing {
+			if recovering {
+				state = "recovering"
+			} else {
+				state = "resyncing"
+			}
+
+			// Handle case when resync=PENDING or resync=DELAYED.
+			if strings.Contains(lines[syncLineIdx], "PENDING") ||
+				strings.Contains(lines[syncLineIdx], "DELAYED") {
+				syncedBlocks = 0
+			} else {
+				syncedBlocks, err = evalRecoveryLine(lines[syncLineIdx])
+				if err != nil {
+					return nil, fmt.Errorf("error parsing sync line in md device %s: %s", mdName, err)
+				}
 			}
 		}
 
-		mdStates = append(mdStates, MDStat{
+		mdStats = append(mdStats, MDStat{
 			Name:          mdName,
-			ActivityState: activityState,
+			ActivityState: state,
 			DisksActive:   active,
+			DisksFailed:   fail,
+			DisksSpare:    spare,
 			DisksTotal:    total,
 			BlocksTotal:   size,
 			BlocksSynced:  syncedBlocks,
 		})
 	}
 
-	return mdStates, nil
+	return mdStats, nil
 }
 
-func evalStatusline(statusline string) (active, total, size int64, err error) {
-	matches := statuslineRE.FindStringSubmatch(statusline)
-	if len(matches) != 4 {
-		return 0, 0, 0, fmt.Errorf("unexpected statusline: %s", statusline)
-	}
+func evalStatusLine(deviceLine, statusLine string) (active, total, size int64, err error) {
 
-	size, err = strconv.ParseInt(matches[1], 10, 64)
+	sizeStr := strings.Fields(statusLine)[0]
+	size, err = strconv.ParseInt(sizeStr, 10, 64)
 	if err != nil {
-		return 0, 0, 0, fmt.Errorf("unexpected statusline %s: %s", statusline, err)
+		return 0, 0, 0, fmt.Errorf("unexpected statusLine %s: %s", statusLine, err)
+	}
+
+	if strings.Contains(deviceLine, "raid0") || strings.Contains(deviceLine, "linear") {
+		// In the device deviceLine, only disks have a number associated with them in [].
+		total = int64(strings.Count(deviceLine, "["))
+		return total, total, size, nil
+	}
+
+	if strings.Contains(deviceLine, "inactive") {
+		return 0, 0, size, nil
+	}
+
+	matches := statusLineRE.FindStringSubmatch(statusLine)
+	if len(matches) != 4 {
+		return 0, 0, 0, fmt.Errorf("couldn't find all the substring matches: %s", statusLine)
 	}
 
 	total, err = strconv.ParseInt(matches[2], 10, 64)
 	if err != nil {
-		return 0, 0, 0, fmt.Errorf("unexpected statusline %s: %s", statusline, err)
+		return 0, 0, 0, fmt.Errorf("unexpected statusLine %s: %s", statusLine, err)
 	}
 
 	active, err = strconv.ParseInt(matches[3], 10, 64)
 	if err != nil {
-		return 0, 0, 0, fmt.Errorf("unexpected statusline %s: %s", statusline, err)
+		return 0, 0, 0, fmt.Errorf("unexpected statusLine %s: %s", statusLine, err)
 	}
 
 	return active, total, size, nil
 }
 
-func evalBuildline(buildline string) (syncedBlocks int64, err error) {
-	matches := buildlineRE.FindStringSubmatch(buildline)
+func evalRecoveryLine(recoveryLine string) (syncedBlocks int64, err error) {
+	matches := recoveryLineRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return 0, fmt.Errorf("unexpected buildline: %s", buildline)
+		return 0, fmt.Errorf("unexpected recoveryLine: %s", recoveryLine)
 	}
 
 	syncedBlocks, err = strconv.ParseInt(matches[1], 10, 64)
 	if err != nil {
-		return 0, fmt.Errorf("%s in buildline: %s", err, buildline)
+		return 0, fmt.Errorf("%s in recoveryLine: %s", err, recoveryLine)
 	}
 
 	return syncedBlocks, nil
diff --git a/vendor/github.com/prometheus/procfs/meminfo.go b/vendor/github.com/prometheus/procfs/meminfo.go
new file mode 100644
index 0000000000000..50dab4bcd59f4
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/meminfo.go
@@ -0,0 +1,277 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// Meminfo represents memory statistics.
+type Meminfo struct {
+	// Total usable ram (i.e. physical ram minus a few reserved
+	// bits and the kernel binary code)
+	MemTotal uint64
+	// The sum of LowFree+HighFree
+	MemFree uint64
+	// An estimate of how much memory is available for starting
+	// new applications, without swapping. Calculated from
+	// MemFree, SReclaimable, the size of the file LRU lists, and
+	// the low watermarks in each zone.  The estimate takes into
+	// account that the system needs some page cache to function
+	// well, and that not all reclaimable slab will be
+	// reclaimable, due to items being in use. The impact of those
+	// factors will vary from system to system.
+	MemAvailable uint64
+	// Relatively temporary storage for raw disk blocks shouldn't
+	// get tremendously large (20MB or so)
+	Buffers uint64
+	Cached  uint64
+	// Memory that once was swapped out, is swapped back in but
+	// still also is in the swapfile (if memory is needed it
+	// doesn't need to be swapped out AGAIN because it is already
+	// in the swapfile. This saves I/O)
+	SwapCached uint64
+	// Memory that has been used more recently and usually not
+	// reclaimed unless absolutely necessary.
+	Active uint64
+	// Memory which has been less recently used.  It is more
+	// eligible to be reclaimed for other purposes
+	Inactive     uint64
+	ActiveAnon   uint64
+	InactiveAnon uint64
+	ActiveFile   uint64
+	InactiveFile uint64
+	Unevictable  uint64
+	Mlocked      uint64
+	// total amount of swap space available
+	SwapTotal uint64
+	// Memory which has been evicted from RAM, and is temporarily
+	// on the disk
+	SwapFree uint64
+	// Memory which is waiting to get written back to the disk
+	Dirty uint64
+	// Memory which is actively being written back to the disk
+	Writeback uint64
+	// Non-file backed pages mapped into userspace page tables
+	AnonPages uint64
+	// files which have been mapped, such as libraries
+	Mapped uint64
+	Shmem  uint64
+	// in-kernel data structures cache
+	Slab uint64
+	// Part of Slab, that might be reclaimed, such as caches
+	SReclaimable uint64
+	// Part of Slab, that cannot be reclaimed on memory pressure
+	SUnreclaim  uint64
+	KernelStack uint64
+	// amount of memory dedicated to the lowest level of page
+	// tables.
+	PageTables uint64
+	// NFS pages sent to the server, but not yet committed to
+	// stable storage
+	NFSUnstable uint64
+	// Memory used for block device "bounce buffers"
+	Bounce uint64
+	// Memory used by FUSE for temporary writeback buffers
+	WritebackTmp uint64
+	// Based on the overcommit ratio ('vm.overcommit_ratio'),
+	// this is the total amount of  memory currently available to
+	// be allocated on the system. This limit is only adhered to
+	// if strict overcommit accounting is enabled (mode 2 in
+	// 'vm.overcommit_memory').
+	// The CommitLimit is calculated with the following formula:
+	// CommitLimit = ([total RAM pages] - [total huge TLB pages]) *
+	//                overcommit_ratio / 100 + [total swap pages]
+	// For example, on a system with 1G of physical RAM and 7G
+	// of swap with a `vm.overcommit_ratio` of 30 it would
+	// yield a CommitLimit of 7.3G.
+	// For more details, see the memory overcommit documentation
+	// in vm/overcommit-accounting.
+	CommitLimit uint64
+	// The amount of memory presently allocated on the system.
+	// The committed memory is a sum of all of the memory which
+	// has been allocated by processes, even if it has not been
+	// "used" by them as of yet. A process which malloc()'s 1G
+	// of memory, but only touches 300M of it will show up as
+	// using 1G. This 1G is memory which has been "committed" to
+	// by the VM and can be used at any time by the allocating
+	// application. With strict overcommit enabled on the system
+	// (mode 2 in 'vm.overcommit_memory'),allocations which would
+	// exceed the CommitLimit (detailed above) will not be permitted.
+	// This is useful if one needs to guarantee that processes will
+	// not fail due to lack of memory once that memory has been
+	// successfully allocated.
+	CommittedAS uint64
+	// total size of vmalloc memory area
+	VmallocTotal uint64
+	// amount of vmalloc area which is used
+	VmallocUsed uint64
+	// largest contiguous block of vmalloc area which is free
+	VmallocChunk      uint64
+	HardwareCorrupted uint64
+	AnonHugePages     uint64
+	ShmemHugePages    uint64
+	ShmemPmdMapped    uint64
+	CmaTotal          uint64
+	CmaFree           uint64
+	HugePagesTotal    uint64
+	HugePagesFree     uint64
+	HugePagesRsvd     uint64
+	HugePagesSurp     uint64
+	Hugepagesize      uint64
+	DirectMap4k       uint64
+	DirectMap2M       uint64
+	DirectMap1G       uint64
+}
+
+// Meminfo returns an information about current kernel/system memory statistics.
+// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
+func (fs FS) Meminfo() (Meminfo, error) {
+	b, err := util.ReadFileNoStat(fs.proc.Path("meminfo"))
+	if err != nil {
+		return Meminfo{}, err
+	}
+
+	m, err := parseMemInfo(bytes.NewReader(b))
+	if err != nil {
+		return Meminfo{}, fmt.Errorf("failed to parse meminfo: %v", err)
+	}
+
+	return *m, nil
+}
+
+func parseMemInfo(r io.Reader) (*Meminfo, error) {
+	var m Meminfo
+	s := bufio.NewScanner(r)
+	for s.Scan() {
+		// Each line has at least a name and value; we ignore the unit.
+		fields := strings.Fields(s.Text())
+		if len(fields) < 2 {
+			return nil, fmt.Errorf("malformed meminfo line: %q", s.Text())
+		}
+
+		v, err := strconv.ParseUint(fields[1], 0, 64)
+		if err != nil {
+			return nil, err
+		}
+
+		switch fields[0] {
+		case "MemTotal:":
+			m.MemTotal = v
+		case "MemFree:":
+			m.MemFree = v
+		case "MemAvailable:":
+			m.MemAvailable = v
+		case "Buffers:":
+			m.Buffers = v
+		case "Cached:":
+			m.Cached = v
+		case "SwapCached:":
+			m.SwapCached = v
+		case "Active:":
+			m.Active = v
+		case "Inactive:":
+			m.Inactive = v
+		case "Active(anon):":
+			m.ActiveAnon = v
+		case "Inactive(anon):":
+			m.InactiveAnon = v
+		case "Active(file):":
+			m.ActiveFile = v
+		case "Inactive(file):":
+			m.InactiveFile = v
+		case "Unevictable:":
+			m.Unevictable = v
+		case "Mlocked:":
+			m.Mlocked = v
+		case "SwapTotal:":
+			m.SwapTotal = v
+		case "SwapFree:":
+			m.SwapFree = v
+		case "Dirty:":
+			m.Dirty = v
+		case "Writeback:":
+			m.Writeback = v
+		case "AnonPages:":
+			m.AnonPages = v
+		case "Mapped:":
+			m.Mapped = v
+		case "Shmem:":
+			m.Shmem = v
+		case "Slab:":
+			m.Slab = v
+		case "SReclaimable:":
+			m.SReclaimable = v
+		case "SUnreclaim:":
+			m.SUnreclaim = v
+		case "KernelStack:":
+			m.KernelStack = v
+		case "PageTables:":
+			m.PageTables = v
+		case "NFS_Unstable:":
+			m.NFSUnstable = v
+		case "Bounce:":
+			m.Bounce = v
+		case "WritebackTmp:":
+			m.WritebackTmp = v
+		case "CommitLimit:":
+			m.CommitLimit = v
+		case "Committed_AS:":
+			m.CommittedAS = v
+		case "VmallocTotal:":
+			m.VmallocTotal = v
+		case "VmallocUsed:":
+			m.VmallocUsed = v
+		case "VmallocChunk:":
+			m.VmallocChunk = v
+		case "HardwareCorrupted:":
+			m.HardwareCorrupted = v
+		case "AnonHugePages:":
+			m.AnonHugePages = v
+		case "ShmemHugePages:":
+			m.ShmemHugePages = v
+		case "ShmemPmdMapped:":
+			m.ShmemPmdMapped = v
+		case "CmaTotal:":
+			m.CmaTotal = v
+		case "CmaFree:":
+			m.CmaFree = v
+		case "HugePages_Total:":
+			m.HugePagesTotal = v
+		case "HugePages_Free:":
+			m.HugePagesFree = v
+		case "HugePages_Rsvd:":
+			m.HugePagesRsvd = v
+		case "HugePages_Surp:":
+			m.HugePagesSurp = v
+		case "Hugepagesize:":
+			m.Hugepagesize = v
+		case "DirectMap4k:":
+			m.DirectMap4k = v
+		case "DirectMap2M:":
+			m.DirectMap2M = v
+		case "DirectMap1G:":
+			m.DirectMap1G = v
+		}
+	}
+
+	return &m, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/mountinfo.go b/vendor/github.com/prometheus/procfs/mountinfo.go
new file mode 100644
index 0000000000000..9471136101313
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/mountinfo.go
@@ -0,0 +1,180 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// A MountInfo is a type that describes the details, options
+// for each mount, parsed from /proc/self/mountinfo.
+// The fields described in each entry of /proc/self/mountinfo
+// is described in the following man page.
+// http://man7.org/linux/man-pages/man5/proc.5.html
+type MountInfo struct {
+	// Unique ID for the mount
+	MountID int
+	// The ID of the parent mount
+	ParentID int
+	// The value of `st_dev` for the files on this FS
+	MajorMinorVer string
+	// The pathname of the directory in the FS that forms
+	// the root for this mount
+	Root string
+	// The pathname of the mount point relative to the root
+	MountPoint string
+	// Mount options
+	Options map[string]string
+	// Zero or more optional fields
+	OptionalFields map[string]string
+	// The Filesystem type
+	FSType string
+	// FS specific information or "none"
+	Source string
+	// Superblock options
+	SuperOptions map[string]string
+}
+
+// Reads each line of the mountinfo file, and returns a list of formatted MountInfo structs.
+func parseMountInfo(info []byte) ([]*MountInfo, error) {
+	mounts := []*MountInfo{}
+	scanner := bufio.NewScanner(bytes.NewReader(info))
+	for scanner.Scan() {
+		mountString := scanner.Text()
+		parsedMounts, err := parseMountInfoString(mountString)
+		if err != nil {
+			return nil, err
+		}
+		mounts = append(mounts, parsedMounts)
+	}
+
+	err := scanner.Err()
+	return mounts, err
+}
+
+// Parses a mountinfo file line, and converts it to a MountInfo struct.
+// An important check here is to see if the hyphen separator, as if it does not exist,
+// it means that the line is malformed.
+func parseMountInfoString(mountString string) (*MountInfo, error) {
+	var err error
+
+	mountInfo := strings.Split(mountString, " ")
+	mountInfoLength := len(mountInfo)
+	if mountInfoLength < 11 {
+		return nil, fmt.Errorf("couldn't find enough fields in mount string: %s", mountString)
+	}
+
+	if mountInfo[mountInfoLength-4] != "-" {
+		return nil, fmt.Errorf("couldn't find separator in expected field: %s", mountInfo[mountInfoLength-4])
+	}
+
+	mount := &MountInfo{
+		MajorMinorVer:  mountInfo[2],
+		Root:           mountInfo[3],
+		MountPoint:     mountInfo[4],
+		Options:        mountOptionsParser(mountInfo[5]),
+		OptionalFields: nil,
+		FSType:         mountInfo[mountInfoLength-3],
+		Source:         mountInfo[mountInfoLength-2],
+		SuperOptions:   mountOptionsParser(mountInfo[mountInfoLength-1]),
+	}
+
+	mount.MountID, err = strconv.Atoi(mountInfo[0])
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse mount ID")
+	}
+	mount.ParentID, err = strconv.Atoi(mountInfo[1])
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse parent ID")
+	}
+	// Has optional fields, which is a space separated list of values.
+	// Example: shared:2 master:7
+	if mountInfo[6] != "" {
+		mount.OptionalFields, err = mountOptionsParseOptionalFields(mountInfo[6 : mountInfoLength-4])
+		if err != nil {
+			return nil, err
+		}
+	}
+	return mount, nil
+}
+
+// mountOptionsIsValidField checks a string against a valid list of optional fields keys.
+func mountOptionsIsValidField(s string) bool {
+	switch s {
+	case
+		"shared",
+		"master",
+		"propagate_from",
+		"unbindable":
+		return true
+	}
+	return false
+}
+
+// mountOptionsParseOptionalFields parses a list of optional fields strings into a double map of strings.
+func mountOptionsParseOptionalFields(o []string) (map[string]string, error) {
+	optionalFields := make(map[string]string)
+	for _, field := range o {
+		optionSplit := strings.SplitN(field, ":", 2)
+		value := ""
+		if len(optionSplit) == 2 {
+			value = optionSplit[1]
+		}
+		if mountOptionsIsValidField(optionSplit[0]) {
+			optionalFields[optionSplit[0]] = value
+		}
+	}
+	return optionalFields, nil
+}
+
+// Parses the mount options, superblock options.
+func mountOptionsParser(mountOptions string) map[string]string {
+	opts := make(map[string]string)
+	options := strings.Split(mountOptions, ",")
+	for _, opt := range options {
+		splitOption := strings.Split(opt, "=")
+		if len(splitOption) < 2 {
+			key := splitOption[0]
+			opts[key] = ""
+		} else {
+			key, value := splitOption[0], splitOption[1]
+			opts[key] = value
+		}
+	}
+	return opts
+}
+
+// Retrieves mountinfo information from `/proc/self/mountinfo`.
+func GetMounts() ([]*MountInfo, error) {
+	data, err := util.ReadFileNoStat("/proc/self/mountinfo")
+	if err != nil {
+		return nil, err
+	}
+	return parseMountInfo(data)
+}
+
+// Retrieves mountinfo information from a processes' `/proc/<pid>/mountinfo`.
+func GetProcMounts(pid int) ([]*MountInfo, error) {
+	data, err := util.ReadFileNoStat(fmt.Sprintf("/proc/%d/mountinfo", pid))
+	if err != nil {
+		return nil, err
+	}
+	return parseMountInfo(data)
+}
diff --git a/vendor/github.com/prometheus/procfs/mountstats.go b/vendor/github.com/prometheus/procfs/mountstats.go
index e95ddbc67c068..35b2ef3513f91 100644
--- a/vendor/github.com/prometheus/procfs/mountstats.go
+++ b/vendor/github.com/prometheus/procfs/mountstats.go
@@ -39,8 +39,11 @@ const (
 	statVersion10 = "1.0"
 	statVersion11 = "1.1"
 
-	fieldTransport10Len = 10
-	fieldTransport11Len = 13
+	fieldTransport10TCPLen = 10
+	fieldTransport10UDPLen = 7
+
+	fieldTransport11TCPLen = 13
+	fieldTransport11UDPLen = 10
 )
 
 // A Mount is a device mount parsed from /proc/[pid]/mountstats.
@@ -66,6 +69,8 @@ type MountStats interface {
 type MountStatsNFS struct {
 	// The version of statistics provided.
 	StatVersion string
+	// The mount options of the NFS mount.
+	Opts map[string]string
 	// The age of the NFS mount.
 	Age time.Duration
 	// Statistics related to byte counters for various operations.
@@ -176,16 +181,18 @@ type NFSOperationStats struct {
 	// Number of bytes received for this operation, including RPC headers and payload.
 	BytesReceived uint64
 	// Duration all requests spent queued for transmission before they were sent.
-	CumulativeQueueTime time.Duration
+	CumulativeQueueMilliseconds uint64
 	// Duration it took to get a reply back after the request was transmitted.
-	CumulativeTotalResponseTime time.Duration
+	CumulativeTotalResponseMilliseconds uint64
 	// Duration from when a request was enqueued to when it was completely handled.
-	CumulativeTotalRequestTime time.Duration
+	CumulativeTotalRequestMilliseconds uint64
 }
 
 // A NFSTransportStats contains statistics for the NFS mount RPC requests and
 // responses.
 type NFSTransportStats struct {
+	// The transport protocol used for the NFS mount.
+	Protocol string
 	// The local port used for the NFS mount.
 	Port uint64
 	// Number of times the client has had to establish a connection from scratch
@@ -197,7 +204,7 @@ type NFSTransportStats struct {
 	// spent waiting for connections to the server to be established.
 	ConnectIdleTime uint64
 	// Duration since the NFS mount last saw any RPC traffic.
-	IdleTime time.Duration
+	IdleTimeSeconds uint64
 	// Number of RPC requests for this mount sent to the NFS server.
 	Sends uint64
 	// Number of RPC responses for this mount received from the NFS server.
@@ -312,6 +319,7 @@ func parseMount(ss []string) (*Mount, error) {
 func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, error) {
 	// Field indicators for parsing specific types of data
 	const (
+		fieldOpts       = "opts:"
 		fieldAge        = "age:"
 		fieldBytes      = "bytes:"
 		fieldEvents     = "events:"
@@ -333,6 +341,18 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 		}
 
 		switch ss[0] {
+		case fieldOpts:
+			if stats.Opts == nil {
+				stats.Opts = map[string]string{}
+			}
+			for _, opt := range strings.Split(ss[1], ",") {
+				split := strings.Split(opt, "=")
+				if len(split) == 2 {
+					stats.Opts[split[0]] = split[1]
+				} else {
+					stats.Opts[opt] = ""
+				}
+			}
 		case fieldAge:
 			// Age integer is in seconds
 			d, err := time.ParseDuration(ss[1] + "s")
@@ -360,7 +380,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 				return nil, fmt.Errorf("not enough information for NFS transport stats: %v", ss)
 			}
 
-			tstats, err := parseNFSTransportStats(ss[2:], statVersion)
+			tstats, err := parseNFSTransportStats(ss[1:], statVersion)
 			if err != nil {
 				return nil, err
 			}
@@ -504,15 +524,15 @@ func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) {
 		}
 
 		ops = append(ops, NFSOperationStats{
-			Operation:                   strings.TrimSuffix(ss[0], ":"),
-			Requests:                    ns[0],
-			Transmissions:               ns[1],
-			MajorTimeouts:               ns[2],
-			BytesSent:                   ns[3],
-			BytesReceived:               ns[4],
-			CumulativeQueueTime:         time.Duration(ns[5]) * time.Millisecond,
-			CumulativeTotalResponseTime: time.Duration(ns[6]) * time.Millisecond,
-			CumulativeTotalRequestTime:  time.Duration(ns[7]) * time.Millisecond,
+			Operation:                           strings.TrimSuffix(ss[0], ":"),
+			Requests:                            ns[0],
+			Transmissions:                       ns[1],
+			MajorTimeouts:                       ns[2],
+			BytesSent:                           ns[3],
+			BytesReceived:                       ns[4],
+			CumulativeQueueMilliseconds:         ns[5],
+			CumulativeTotalResponseMilliseconds: ns[6],
+			CumulativeTotalRequestMilliseconds:  ns[7],
 		})
 	}
 
@@ -522,13 +542,33 @@ func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) {
 // parseNFSTransportStats parses a NFSTransportStats line using an input set of
 // integer fields matched to a specific stats version.
 func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats, error) {
+	// Extract the protocol field. It is the only string value in the line
+	protocol := ss[0]
+	ss = ss[1:]
+
 	switch statVersion {
 	case statVersion10:
-		if len(ss) != fieldTransport10Len {
+		var expectedLength int
+		if protocol == "tcp" {
+			expectedLength = fieldTransport10TCPLen
+		} else if protocol == "udp" {
+			expectedLength = fieldTransport10UDPLen
+		} else {
+			return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.0 statement: %v", protocol, ss)
+		}
+		if len(ss) != expectedLength {
 			return nil, fmt.Errorf("invalid NFS transport stats 1.0 statement: %v", ss)
 		}
 	case statVersion11:
-		if len(ss) != fieldTransport11Len {
+		var expectedLength int
+		if protocol == "tcp" {
+			expectedLength = fieldTransport11TCPLen
+		} else if protocol == "udp" {
+			expectedLength = fieldTransport11UDPLen
+		} else {
+			return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.1 statement: %v", protocol, ss)
+		}
+		if len(ss) != expectedLength {
 			return nil, fmt.Errorf("invalid NFS transport stats 1.1 statement: %v", ss)
 		}
 	default:
@@ -536,12 +576,13 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 	}
 
 	// Allocate enough for v1.1 stats since zero value for v1.1 stats will be okay
-	// in a v1.0 response.
+	// in a v1.0 response. Since the stat length is bigger for TCP stats, we use
+	// the TCP length here.
 	//
 	// Note: slice length must be set to length of v1.1 stats to avoid a panic when
 	// only v1.0 stats are present.
 	// See: https://github.com/prometheus/node_exporter/issues/571.
-	ns := make([]uint64, fieldTransport11Len)
+	ns := make([]uint64, fieldTransport11TCPLen)
 	for i, s := range ss {
 		n, err := strconv.ParseUint(s, 10, 64)
 		if err != nil {
@@ -551,12 +592,23 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 		ns[i] = n
 	}
 
+	// The fields differ depending on the transport protocol (TCP or UDP)
+	// From https://utcc.utoronto.ca/%7Ecks/space/blog/linux/NFSMountstatsXprt
+	//
+	// For the udp RPC transport there is no connection count, connect idle time,
+	// or idle time (fields #3, #4, and #5); all other fields are the same. So
+	// we set them to 0 here.
+	if protocol == "udp" {
+		ns = append(ns[:2], append(make([]uint64, 3), ns[2:]...)...)
+	}
+
 	return &NFSTransportStats{
+		Protocol:                 protocol,
 		Port:                     ns[0],
 		Bind:                     ns[1],
 		Connect:                  ns[2],
 		ConnectIdleTime:          ns[3],
-		IdleTime:                 time.Duration(ns[4]) * time.Second,
+		IdleTimeSeconds:          ns[4],
 		Sends:                    ns[5],
 		Receives:                 ns[6],
 		BadTransactionIDs:        ns[7],
diff --git a/vendor/github.com/prometheus/procfs/net_conntrackstat.go b/vendor/github.com/prometheus/procfs/net_conntrackstat.go
new file mode 100644
index 0000000000000..1e27c83d50e51
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_conntrackstat.go
@@ -0,0 +1,153 @@
+// Copyright 2020 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// A ConntrackStatEntry represents one line from net/stat/nf_conntrack
+// and contains netfilter conntrack statistics at one CPU core
+type ConntrackStatEntry struct {
+	Entries       uint64
+	Found         uint64
+	Invalid       uint64
+	Ignore        uint64
+	Insert        uint64
+	InsertFailed  uint64
+	Drop          uint64
+	EarlyDrop     uint64
+	SearchRestart uint64
+}
+
+// Retrieves netfilter's conntrack statistics, split by CPU cores
+func (fs FS) ConntrackStat() ([]ConntrackStatEntry, error) {
+	return readConntrackStat(fs.proc.Path("net", "stat", "nf_conntrack"))
+}
+
+// Parses a slice of ConntrackStatEntries from the given filepath
+func readConntrackStat(path string) ([]ConntrackStatEntry, error) {
+	// This file is small and can be read with one syscall.
+	b, err := util.ReadFileNoStat(path)
+	if err != nil {
+		// Do not wrap this error so the caller can detect os.IsNotExist and
+		// similar conditions.
+		return nil, err
+	}
+
+	stat, err := parseConntrackStat(bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("failed to read conntrack stats from %q: %v", path, err)
+	}
+
+	return stat, nil
+}
+
+// Reads the contents of a conntrack statistics file and parses a slice of ConntrackStatEntries
+func parseConntrackStat(r io.Reader) ([]ConntrackStatEntry, error) {
+	var entries []ConntrackStatEntry
+
+	scanner := bufio.NewScanner(r)
+	scanner.Scan()
+	for scanner.Scan() {
+		fields := strings.Fields(scanner.Text())
+		conntrackEntry, err := parseConntrackStatEntry(fields)
+		if err != nil {
+			return nil, err
+		}
+		entries = append(entries, *conntrackEntry)
+	}
+
+	return entries, nil
+}
+
+// Parses a ConntrackStatEntry from given array of fields
+func parseConntrackStatEntry(fields []string) (*ConntrackStatEntry, error) {
+	if len(fields) != 17 {
+		return nil, fmt.Errorf("invalid conntrackstat entry, missing fields")
+	}
+	entry := &ConntrackStatEntry{}
+
+	entries, err := parseConntrackStatField(fields[0])
+	if err != nil {
+		return nil, err
+	}
+	entry.Entries = entries
+
+	found, err := parseConntrackStatField(fields[2])
+	if err != nil {
+		return nil, err
+	}
+	entry.Found = found
+
+	invalid, err := parseConntrackStatField(fields[4])
+	if err != nil {
+		return nil, err
+	}
+	entry.Invalid = invalid
+
+	ignore, err := parseConntrackStatField(fields[5])
+	if err != nil {
+		return nil, err
+	}
+	entry.Ignore = ignore
+
+	insert, err := parseConntrackStatField(fields[8])
+	if err != nil {
+		return nil, err
+	}
+	entry.Insert = insert
+
+	insertFailed, err := parseConntrackStatField(fields[9])
+	if err != nil {
+		return nil, err
+	}
+	entry.InsertFailed = insertFailed
+
+	drop, err := parseConntrackStatField(fields[10])
+	if err != nil {
+		return nil, err
+	}
+	entry.Drop = drop
+
+	earlyDrop, err := parseConntrackStatField(fields[11])
+	if err != nil {
+		return nil, err
+	}
+	entry.EarlyDrop = earlyDrop
+
+	searchRestart, err := parseConntrackStatField(fields[16])
+	if err != nil {
+		return nil, err
+	}
+	entry.SearchRestart = searchRestart
+
+	return entry, nil
+}
+
+// Parses a uint64 from given hex in string
+func parseConntrackStatField(field string) (uint64, error) {
+	val, err := strconv.ParseUint(field, 16, 64)
+	if err != nil {
+		return 0, fmt.Errorf("couldn't parse \"%s\" field: %s", field, err)
+	}
+	return val, err
+}
diff --git a/vendor/github.com/prometheus/procfs/net_dev.go b/vendor/github.com/prometheus/procfs/net_dev.go
index 3f2523371ab10..47a710befb93f 100644
--- a/vendor/github.com/prometheus/procfs/net_dev.go
+++ b/vendor/github.com/prometheus/procfs/net_dev.go
@@ -47,23 +47,13 @@ type NetDevLine struct {
 // are interface names.
 type NetDev map[string]NetDevLine
 
-// NewNetDev returns kernel/system statistics read from /proc/net/dev.
-func NewNetDev() (NetDev, error) {
-	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
-		return nil, err
-	}
-
-	return fs.NewNetDev()
+// NetDev returns kernel/system statistics read from /proc/net/dev.
+func (fs FS) NetDev() (NetDev, error) {
+	return newNetDev(fs.proc.Path("net/dev"))
 }
 
-// NewNetDev returns kernel/system statistics read from /proc/net/dev.
-func (fs FS) NewNetDev() (NetDev, error) {
-	return newNetDev(fs.Path("net/dev"))
-}
-
-// NewNetDev returns kernel/system statistics read from /proc/[pid]/net/dev.
-func (p Proc) NewNetDev() (NetDev, error) {
+// NetDev returns kernel/system statistics read from /proc/[pid]/net/dev.
+func (p Proc) NetDev() (NetDev, error) {
 	return newNetDev(p.path("net/dev"))
 }
 
@@ -75,7 +65,7 @@ func newNetDev(file string) (NetDev, error) {
 	}
 	defer f.Close()
 
-	nd := NetDev{}
+	netDev := NetDev{}
 	s := bufio.NewScanner(f)
 	for n := 0; s.Scan(); n++ {
 		// Skip the 2 header lines.
@@ -83,20 +73,20 @@ func newNetDev(file string) (NetDev, error) {
 			continue
 		}
 
-		line, err := nd.parseLine(s.Text())
+		line, err := netDev.parseLine(s.Text())
 		if err != nil {
-			return nd, err
+			return netDev, err
 		}
 
-		nd[line.Name] = *line
+		netDev[line.Name] = *line
 	}
 
-	return nd, s.Err()
+	return netDev, s.Err()
 }
 
 // parseLine parses a single line from the /proc/net/dev file. Header lines
 // must be filtered prior to calling this method.
-func (nd NetDev) parseLine(rawLine string) (*NetDevLine, error) {
+func (netDev NetDev) parseLine(rawLine string) (*NetDevLine, error) {
 	parts := strings.SplitN(rawLine, ":", 2)
 	if len(parts) != 2 {
 		return nil, errors.New("invalid net/dev line, missing colon")
@@ -185,15 +175,14 @@ func (nd NetDev) parseLine(rawLine string) (*NetDevLine, error) {
 
 // Total aggregates the values across interfaces and returns a new NetDevLine.
 // The Name field will be a sorted comma separated list of interface names.
-func (nd NetDev) Total() NetDevLine {
+func (netDev NetDev) Total() NetDevLine {
 	total := NetDevLine{}
 
-	names := make([]string, 0, len(nd))
-	for _, ifc := range nd {
+	names := make([]string, 0, len(netDev))
+	for _, ifc := range netDev {
 		names = append(names, ifc.Name)
 		total.RxBytes += ifc.RxBytes
 		total.RxPackets += ifc.RxPackets
-		total.RxPackets += ifc.RxPackets
 		total.RxErrors += ifc.RxErrors
 		total.RxDropped += ifc.RxDropped
 		total.RxFIFO += ifc.RxFIFO
diff --git a/vendor/github.com/prometheus/procfs/net_sockstat.go b/vendor/github.com/prometheus/procfs/net_sockstat.go
new file mode 100644
index 0000000000000..f91ef55237613
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_sockstat.go
@@ -0,0 +1,163 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// A NetSockstat contains the output of /proc/net/sockstat{,6} for IPv4 or IPv6,
+// respectively.
+type NetSockstat struct {
+	// Used is non-nil for IPv4 sockstat results, but nil for IPv6.
+	Used      *int
+	Protocols []NetSockstatProtocol
+}
+
+// A NetSockstatProtocol contains statistics about a given socket protocol.
+// Pointer fields indicate that the value may or may not be present on any
+// given protocol.
+type NetSockstatProtocol struct {
+	Protocol string
+	InUse    int
+	Orphan   *int
+	TW       *int
+	Alloc    *int
+	Mem      *int
+	Memory   *int
+}
+
+// NetSockstat retrieves IPv4 socket statistics.
+func (fs FS) NetSockstat() (*NetSockstat, error) {
+	return readSockstat(fs.proc.Path("net", "sockstat"))
+}
+
+// NetSockstat6 retrieves IPv6 socket statistics.
+//
+// If IPv6 is disabled on this kernel, the returned error can be checked with
+// os.IsNotExist.
+func (fs FS) NetSockstat6() (*NetSockstat, error) {
+	return readSockstat(fs.proc.Path("net", "sockstat6"))
+}
+
+// readSockstat opens and parses a NetSockstat from the input file.
+func readSockstat(name string) (*NetSockstat, error) {
+	// This file is small and can be read with one syscall.
+	b, err := util.ReadFileNoStat(name)
+	if err != nil {
+		// Do not wrap this error so the caller can detect os.IsNotExist and
+		// similar conditions.
+		return nil, err
+	}
+
+	stat, err := parseSockstat(bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("failed to read sockstats from %q: %v", name, err)
+	}
+
+	return stat, nil
+}
+
+// parseSockstat reads the contents of a sockstat file and parses a NetSockstat.
+func parseSockstat(r io.Reader) (*NetSockstat, error) {
+	var stat NetSockstat
+	s := bufio.NewScanner(r)
+	for s.Scan() {
+		// Expect a minimum of a protocol and one key/value pair.
+		fields := strings.Split(s.Text(), " ")
+		if len(fields) < 3 {
+			return nil, fmt.Errorf("malformed sockstat line: %q", s.Text())
+		}
+
+		// The remaining fields are key/value pairs.
+		kvs, err := parseSockstatKVs(fields[1:])
+		if err != nil {
+			return nil, fmt.Errorf("error parsing sockstat key/value pairs from %q: %v", s.Text(), err)
+		}
+
+		// The first field is the protocol. We must trim its colon suffix.
+		proto := strings.TrimSuffix(fields[0], ":")
+		switch proto {
+		case "sockets":
+			// Special case: IPv4 has a sockets "used" key/value pair that we
+			// embed at the top level of the structure.
+			used := kvs["used"]
+			stat.Used = &used
+		default:
+			// Parse all other lines as individual protocols.
+			nsp := parseSockstatProtocol(kvs)
+			nsp.Protocol = proto
+			stat.Protocols = append(stat.Protocols, nsp)
+		}
+	}
+
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
+
+	return &stat, nil
+}
+
+// parseSockstatKVs parses a string slice into a map of key/value pairs.
+func parseSockstatKVs(kvs []string) (map[string]int, error) {
+	if len(kvs)%2 != 0 {
+		return nil, errors.New("odd number of fields in key/value pairs")
+	}
+
+	// Iterate two values at a time to gather key/value pairs.
+	out := make(map[string]int, len(kvs)/2)
+	for i := 0; i < len(kvs); i += 2 {
+		vp := util.NewValueParser(kvs[i+1])
+		out[kvs[i]] = vp.Int()
+
+		if err := vp.Err(); err != nil {
+			return nil, err
+		}
+	}
+
+	return out, nil
+}
+
+// parseSockstatProtocol parses a NetSockstatProtocol from the input kvs map.
+func parseSockstatProtocol(kvs map[string]int) NetSockstatProtocol {
+	var nsp NetSockstatProtocol
+	for k, v := range kvs {
+		// Capture the range variable to ensure we get unique pointers for
+		// each of the optional fields.
+		v := v
+		switch k {
+		case "inuse":
+			nsp.InUse = v
+		case "orphan":
+			nsp.Orphan = &v
+		case "tw":
+			nsp.TW = &v
+		case "alloc":
+			nsp.Alloc = &v
+		case "mem":
+			nsp.Mem = &v
+		case "memory":
+			nsp.Memory = &v
+		}
+	}
+
+	return nsp
+}
diff --git a/vendor/github.com/prometheus/procfs/net_softnet.go b/vendor/github.com/prometheus/procfs/net_softnet.go
new file mode 100644
index 0000000000000..db5debdf4a1fe
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_softnet.go
@@ -0,0 +1,102 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// For the proc file format details,
+// See:
+// * Linux 2.6.23 https://elixir.bootlin.com/linux/v2.6.23/source/net/core/dev.c#L2343
+// * Linux 4.17 https://elixir.bootlin.com/linux/v4.17/source/net/core/net-procfs.c#L162
+// and https://elixir.bootlin.com/linux/v4.17/source/include/linux/netdevice.h#L2810.
+
+// SoftnetStat contains a single row of data from /proc/net/softnet_stat
+type SoftnetStat struct {
+	// Number of processed packets
+	Processed uint32
+	// Number of dropped packets
+	Dropped uint32
+	// Number of times processing packets ran out of quota
+	TimeSqueezed uint32
+}
+
+var softNetProcFile = "net/softnet_stat"
+
+// NetSoftnetStat reads data from /proc/net/softnet_stat.
+func (fs FS) NetSoftnetStat() ([]SoftnetStat, error) {
+	b, err := util.ReadFileNoStat(fs.proc.Path(softNetProcFile))
+	if err != nil {
+		return nil, err
+	}
+
+	entries, err := parseSoftnet(bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse /proc/net/softnet_stat: %v", err)
+	}
+
+	return entries, nil
+}
+
+func parseSoftnet(r io.Reader) ([]SoftnetStat, error) {
+	const minColumns = 9
+
+	s := bufio.NewScanner(r)
+
+	var stats []SoftnetStat
+	for s.Scan() {
+		columns := strings.Fields(s.Text())
+		width := len(columns)
+
+		if width < minColumns {
+			return nil, fmt.Errorf("%d columns were detected, but at least %d were expected", width, minColumns)
+		}
+
+		// We only parse the first three columns at the moment.
+		us, err := parseHexUint32s(columns[0:3])
+		if err != nil {
+			return nil, err
+		}
+
+		stats = append(stats, SoftnetStat{
+			Processed:    us[0],
+			Dropped:      us[1],
+			TimeSqueezed: us[2],
+		})
+	}
+
+	return stats, nil
+}
+
+func parseHexUint32s(ss []string) ([]uint32, error) {
+	us := make([]uint32, 0, len(ss))
+	for _, s := range ss {
+		u, err := strconv.ParseUint(s, 16, 32)
+		if err != nil {
+			return nil, err
+		}
+
+		us = append(us, uint32(u))
+	}
+
+	return us, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/net_udp.go b/vendor/github.com/prometheus/procfs/net_udp.go
new file mode 100644
index 0000000000000..d017e3f18da07
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_udp.go
@@ -0,0 +1,229 @@
+// Copyright 2020 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+)
+
+const (
+	// readLimit is used by io.LimitReader while reading the content of the
+	// /proc/net/udp{,6} files. The number of lines inside such a file is dynamic
+	// as each line represents a single used socket.
+	// In theory, the number of available sockets is 65535 (2^16 - 1) per IP.
+	// With e.g. 150 Byte per line and the maximum number of 65535,
+	// the reader needs to handle 150 Byte * 65535 =~ 10 MB for a single IP.
+	readLimit = 4294967296 // Byte -> 4 GiB
+)
+
+type (
+	// NetUDP represents the contents of /proc/net/udp{,6} file without the header.
+	NetUDP []*netUDPLine
+
+	// NetUDPSummary provides already computed values like the total queue lengths or
+	// the total number of used sockets. In contrast to NetUDP it does not collect
+	// the parsed lines into a slice.
+	NetUDPSummary struct {
+		// TxQueueLength shows the total queue length of all parsed tx_queue lengths.
+		TxQueueLength uint64
+		// RxQueueLength shows the total queue length of all parsed rx_queue lengths.
+		RxQueueLength uint64
+		// UsedSockets shows the total number of parsed lines representing the
+		// number of used sockets.
+		UsedSockets uint64
+	}
+
+	// netUDPLine represents the fields parsed from a single line
+	// in /proc/net/udp{,6}. Fields which are not used by UDP are skipped.
+	// For the proc file format details, see https://linux.die.net/man/5/proc.
+	netUDPLine struct {
+		Sl        uint64
+		LocalAddr net.IP
+		LocalPort uint64
+		RemAddr   net.IP
+		RemPort   uint64
+		St        uint64
+		TxQueue   uint64
+		RxQueue   uint64
+		UID       uint64
+	}
+)
+
+// NetUDP returns the IPv4 kernel/networking statistics for UDP datagrams
+// read from /proc/net/udp.
+func (fs FS) NetUDP() (NetUDP, error) {
+	return newNetUDP(fs.proc.Path("net/udp"))
+}
+
+// NetUDP6 returns the IPv6 kernel/networking statistics for UDP datagrams
+// read from /proc/net/udp6.
+func (fs FS) NetUDP6() (NetUDP, error) {
+	return newNetUDP(fs.proc.Path("net/udp6"))
+}
+
+// NetUDPSummary returns already computed statistics like the total queue lengths
+// for UDP datagrams read from /proc/net/udp.
+func (fs FS) NetUDPSummary() (*NetUDPSummary, error) {
+	return newNetUDPSummary(fs.proc.Path("net/udp"))
+}
+
+// NetUDP6Summary returns already computed statistics like the total queue lengths
+// for UDP datagrams read from /proc/net/udp6.
+func (fs FS) NetUDP6Summary() (*NetUDPSummary, error) {
+	return newNetUDPSummary(fs.proc.Path("net/udp6"))
+}
+
+// newNetUDP creates a new NetUDP{,6} from the contents of the given file.
+func newNetUDP(file string) (NetUDP, error) {
+	f, err := os.Open(file)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	netUDP := NetUDP{}
+
+	lr := io.LimitReader(f, readLimit)
+	s := bufio.NewScanner(lr)
+	s.Scan() // skip first line with headers
+	for s.Scan() {
+		fields := strings.Fields(s.Text())
+		line, err := parseNetUDPLine(fields)
+		if err != nil {
+			return nil, err
+		}
+		netUDP = append(netUDP, line)
+	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
+	return netUDP, nil
+}
+
+// newNetUDPSummary creates a new NetUDP{,6} from the contents of the given file.
+func newNetUDPSummary(file string) (*NetUDPSummary, error) {
+	f, err := os.Open(file)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	netUDPSummary := &NetUDPSummary{}
+
+	lr := io.LimitReader(f, readLimit)
+	s := bufio.NewScanner(lr)
+	s.Scan() // skip first line with headers
+	for s.Scan() {
+		fields := strings.Fields(s.Text())
+		line, err := parseNetUDPLine(fields)
+		if err != nil {
+			return nil, err
+		}
+		netUDPSummary.TxQueueLength += line.TxQueue
+		netUDPSummary.RxQueueLength += line.RxQueue
+		netUDPSummary.UsedSockets++
+	}
+	if err := s.Err(); err != nil {
+		return nil, err
+	}
+	return netUDPSummary, nil
+}
+
+// parseNetUDPLine parses a single line, represented by a list of fields.
+func parseNetUDPLine(fields []string) (*netUDPLine, error) {
+	line := &netUDPLine{}
+	if len(fields) < 8 {
+		return nil, fmt.Errorf(
+			"cannot parse net udp socket line as it has less then 8 columns: %s",
+			strings.Join(fields, " "),
+		)
+	}
+	var err error // parse error
+
+	// sl
+	s := strings.Split(fields[0], ":")
+	if len(s) != 2 {
+		return nil, fmt.Errorf(
+			"cannot parse sl field in udp socket line: %s", fields[0])
+	}
+
+	if line.Sl, err = strconv.ParseUint(s[0], 0, 64); err != nil {
+		return nil, fmt.Errorf("cannot parse sl value in udp socket line: %s", err)
+	}
+	// local_address
+	l := strings.Split(fields[1], ":")
+	if len(l) != 2 {
+		return nil, fmt.Errorf(
+			"cannot parse local_address field in udp socket line: %s", fields[1])
+	}
+	if line.LocalAddr, err = hex.DecodeString(l[0]); err != nil {
+		return nil, fmt.Errorf(
+			"cannot parse local_address value in udp socket line: %s", err)
+	}
+	if line.LocalPort, err = strconv.ParseUint(l[1], 16, 64); err != nil {
+		return nil, fmt.Errorf(
+			"cannot parse local_address port value in udp socket line: %s", err)
+	}
+
+	// remote_address
+	r := strings.Split(fields[2], ":")
+	if len(r) != 2 {
+		return nil, fmt.Errorf(
+			"cannot parse rem_address field in udp socket line: %s", fields[1])
+	}
+	if line.RemAddr, err = hex.DecodeString(r[0]); err != nil {
+		return nil, fmt.Errorf(
+			"cannot parse rem_address value in udp socket line: %s", err)
+	}
+	if line.RemPort, err = strconv.ParseUint(r[1], 16, 64); err != nil {
+		return nil, fmt.Errorf(
+			"cannot parse rem_address port value in udp socket line: %s", err)
+	}
+
+	// st
+	if line.St, err = strconv.ParseUint(fields[3], 16, 64); err != nil {
+		return nil, fmt.Errorf(
+			"cannot parse st value in udp socket line: %s", err)
+	}
+
+	// tx_queue and rx_queue
+	q := strings.Split(fields[4], ":")
+	if len(q) != 2 {
+		return nil, fmt.Errorf(
+			"cannot parse tx/rx queues in udp socket line as it has a missing colon: %s",
+			fields[4],
+		)
+	}
+	if line.TxQueue, err = strconv.ParseUint(q[0], 16, 64); err != nil {
+		return nil, fmt.Errorf("cannot parse tx_queue value in udp socket line: %s", err)
+	}
+	if line.RxQueue, err = strconv.ParseUint(q[1], 16, 64); err != nil {
+		return nil, fmt.Errorf("cannot parse rx_queue value in udp socket line: %s", err)
+	}
+
+	// uid
+	if line.UID, err = strconv.ParseUint(fields[7], 0, 64); err != nil {
+		return nil, fmt.Errorf(
+			"cannot parse uid value in udp socket line: %s", err)
+	}
+
+	return line, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/net_unix.go b/vendor/github.com/prometheus/procfs/net_unix.go
new file mode 100644
index 0000000000000..c55b4b18e4f38
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_unix.go
@@ -0,0 +1,257 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+)
+
+// For the proc file format details,
+// see https://elixir.bootlin.com/linux/v4.17/source/net/unix/af_unix.c#L2815
+// and https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/net.h#L48.
+
+// Constants for the various /proc/net/unix enumerations.
+// TODO: match against x/sys/unix or similar?
+const (
+	netUnixTypeStream    = 1
+	netUnixTypeDgram     = 2
+	netUnixTypeSeqpacket = 5
+
+	netUnixFlagDefault = 0
+	netUnixFlagListen  = 1 << 16
+
+	netUnixStateUnconnected  = 1
+	netUnixStateConnecting   = 2
+	netUnixStateConnected    = 3
+	netUnixStateDisconnected = 4
+)
+
+// NetUNIXType is the type of the type field.
+type NetUNIXType uint64
+
+// NetUNIXFlags is the type of the flags field.
+type NetUNIXFlags uint64
+
+// NetUNIXState is the type of the state field.
+type NetUNIXState uint64
+
+// NetUNIXLine represents a line of /proc/net/unix.
+type NetUNIXLine struct {
+	KernelPtr string
+	RefCount  uint64
+	Protocol  uint64
+	Flags     NetUNIXFlags
+	Type      NetUNIXType
+	State     NetUNIXState
+	Inode     uint64
+	Path      string
+}
+
+// NetUNIX holds the data read from /proc/net/unix.
+type NetUNIX struct {
+	Rows []*NetUNIXLine
+}
+
+// NetUNIX returns data read from /proc/net/unix.
+func (fs FS) NetUNIX() (*NetUNIX, error) {
+	return readNetUNIX(fs.proc.Path("net/unix"))
+}
+
+// readNetUNIX reads data in /proc/net/unix format from the specified file.
+func readNetUNIX(file string) (*NetUNIX, error) {
+	// This file could be quite large and a streaming read is desirable versus
+	// reading the entire contents at once.
+	f, err := os.Open(file)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	return parseNetUNIX(f)
+}
+
+// parseNetUNIX creates a NetUnix structure from the incoming stream.
+func parseNetUNIX(r io.Reader) (*NetUNIX, error) {
+	// Begin scanning by checking for the existence of Inode.
+	s := bufio.NewScanner(r)
+	s.Scan()
+
+	// From the man page of proc(5), it does not contain an Inode field,
+	// but in actually it exists. This code works for both cases.
+	hasInode := strings.Contains(s.Text(), "Inode")
+
+	// Expect a minimum number of fields, but Inode and Path are optional:
+	// Num       RefCount Protocol Flags    Type St Inode Path
+	minFields := 6
+	if hasInode {
+		minFields++
+	}
+
+	var nu NetUNIX
+	for s.Scan() {
+		line := s.Text()
+		item, err := nu.parseLine(line, hasInode, minFields)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse /proc/net/unix data %q: %v", line, err)
+		}
+
+		nu.Rows = append(nu.Rows, item)
+	}
+
+	if err := s.Err(); err != nil {
+		return nil, fmt.Errorf("failed to scan /proc/net/unix data: %v", err)
+	}
+
+	return &nu, nil
+}
+
+func (u *NetUNIX) parseLine(line string, hasInode bool, min int) (*NetUNIXLine, error) {
+	fields := strings.Fields(line)
+
+	l := len(fields)
+	if l < min {
+		return nil, fmt.Errorf("expected at least %d fields but got %d", min, l)
+	}
+
+	// Field offsets are as follows:
+	// Num       RefCount Protocol Flags    Type St Inode Path
+
+	kernelPtr := strings.TrimSuffix(fields[0], ":")
+
+	users, err := u.parseUsers(fields[1])
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse ref count(%s): %v", fields[1], err)
+	}
+
+	flags, err := u.parseFlags(fields[3])
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse flags(%s): %v", fields[3], err)
+	}
+
+	typ, err := u.parseType(fields[4])
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse type(%s): %v", fields[4], err)
+	}
+
+	state, err := u.parseState(fields[5])
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse state(%s): %v", fields[5], err)
+	}
+
+	var inode uint64
+	if hasInode {
+		inode, err = u.parseInode(fields[6])
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse inode(%s): %v", fields[6], err)
+		}
+	}
+
+	n := &NetUNIXLine{
+		KernelPtr: kernelPtr,
+		RefCount:  users,
+		Type:      typ,
+		Flags:     flags,
+		State:     state,
+		Inode:     inode,
+	}
+
+	// Path field is optional.
+	if l > min {
+		// Path occurs at either index 6 or 7 depending on whether inode is
+		// already present.
+		pathIdx := 7
+		if !hasInode {
+			pathIdx--
+		}
+
+		n.Path = fields[pathIdx]
+	}
+
+	return n, nil
+}
+
+func (u NetUNIX) parseUsers(s string) (uint64, error) {
+	return strconv.ParseUint(s, 16, 32)
+}
+
+func (u NetUNIX) parseType(s string) (NetUNIXType, error) {
+	typ, err := strconv.ParseUint(s, 16, 16)
+	if err != nil {
+		return 0, err
+	}
+
+	return NetUNIXType(typ), nil
+}
+
+func (u NetUNIX) parseFlags(s string) (NetUNIXFlags, error) {
+	flags, err := strconv.ParseUint(s, 16, 32)
+	if err != nil {
+		return 0, err
+	}
+
+	return NetUNIXFlags(flags), nil
+}
+
+func (u NetUNIX) parseState(s string) (NetUNIXState, error) {
+	st, err := strconv.ParseInt(s, 16, 8)
+	if err != nil {
+		return 0, err
+	}
+
+	return NetUNIXState(st), nil
+}
+
+func (u NetUNIX) parseInode(s string) (uint64, error) {
+	return strconv.ParseUint(s, 10, 64)
+}
+
+func (t NetUNIXType) String() string {
+	switch t {
+	case netUnixTypeStream:
+		return "stream"
+	case netUnixTypeDgram:
+		return "dgram"
+	case netUnixTypeSeqpacket:
+		return "seqpacket"
+	}
+	return "unknown"
+}
+
+func (f NetUNIXFlags) String() string {
+	switch f {
+	case netUnixFlagListen:
+		return "listen"
+	default:
+		return "default"
+	}
+}
+
+func (s NetUNIXState) String() string {
+	switch s {
+	case netUnixStateUnconnected:
+		return "unconnected"
+	case netUnixStateConnecting:
+		return "connecting"
+	case netUnixStateConnected:
+		return "connected"
+	case netUnixStateDisconnected:
+		return "disconnected"
+	}
+	return "unknown"
+}
diff --git a/vendor/github.com/prometheus/procfs/nfs/nfs.go b/vendor/github.com/prometheus/procfs/nfs/nfs.go
deleted file mode 100644
index 651bf68195284..0000000000000
--- a/vendor/github.com/prometheus/procfs/nfs/nfs.go
+++ /dev/null
@@ -1,263 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package nfs implements parsing of /proc/net/rpc/nfsd.
-// Fields are documented in https://www.svennd.be/nfsd-stats-explained-procnetrpcnfsd/
-package nfs
-
-// ReplyCache models the "rc" line.
-type ReplyCache struct {
-	Hits    uint64
-	Misses  uint64
-	NoCache uint64
-}
-
-// FileHandles models the "fh" line.
-type FileHandles struct {
-	Stale        uint64
-	TotalLookups uint64
-	AnonLookups  uint64
-	DirNoCache   uint64
-	NoDirNoCache uint64
-}
-
-// InputOutput models the "io" line.
-type InputOutput struct {
-	Read  uint64
-	Write uint64
-}
-
-// Threads models the "th" line.
-type Threads struct {
-	Threads uint64
-	FullCnt uint64
-}
-
-// ReadAheadCache models the "ra" line.
-type ReadAheadCache struct {
-	CacheSize      uint64
-	CacheHistogram []uint64
-	NotFound       uint64
-}
-
-// Network models the "net" line.
-type Network struct {
-	NetCount   uint64
-	UDPCount   uint64
-	TCPCount   uint64
-	TCPConnect uint64
-}
-
-// ClientRPC models the nfs "rpc" line.
-type ClientRPC struct {
-	RPCCount        uint64
-	Retransmissions uint64
-	AuthRefreshes   uint64
-}
-
-// ServerRPC models the nfsd "rpc" line.
-type ServerRPC struct {
-	RPCCount uint64
-	BadCnt   uint64
-	BadFmt   uint64
-	BadAuth  uint64
-	BadcInt  uint64
-}
-
-// V2Stats models the "proc2" line.
-type V2Stats struct {
-	Null     uint64
-	GetAttr  uint64
-	SetAttr  uint64
-	Root     uint64
-	Lookup   uint64
-	ReadLink uint64
-	Read     uint64
-	WrCache  uint64
-	Write    uint64
-	Create   uint64
-	Remove   uint64
-	Rename   uint64
-	Link     uint64
-	SymLink  uint64
-	MkDir    uint64
-	RmDir    uint64
-	ReadDir  uint64
-	FsStat   uint64
-}
-
-// V3Stats models the "proc3" line.
-type V3Stats struct {
-	Null        uint64
-	GetAttr     uint64
-	SetAttr     uint64
-	Lookup      uint64
-	Access      uint64
-	ReadLink    uint64
-	Read        uint64
-	Write       uint64
-	Create      uint64
-	MkDir       uint64
-	SymLink     uint64
-	MkNod       uint64
-	Remove      uint64
-	RmDir       uint64
-	Rename      uint64
-	Link        uint64
-	ReadDir     uint64
-	ReadDirPlus uint64
-	FsStat      uint64
-	FsInfo      uint64
-	PathConf    uint64
-	Commit      uint64
-}
-
-// ClientV4Stats models the nfs "proc4" line.
-type ClientV4Stats struct {
-	Null               uint64
-	Read               uint64
-	Write              uint64
-	Commit             uint64
-	Open               uint64
-	OpenConfirm        uint64
-	OpenNoattr         uint64
-	OpenDowngrade      uint64
-	Close              uint64
-	Setattr            uint64
-	FsInfo             uint64
-	Renew              uint64
-	SetClientID        uint64
-	SetClientIDConfirm uint64
-	Lock               uint64
-	Lockt              uint64
-	Locku              uint64
-	Access             uint64
-	Getattr            uint64
-	Lookup             uint64
-	LookupRoot         uint64
-	Remove             uint64
-	Rename             uint64
-	Link               uint64
-	Symlink            uint64
-	Create             uint64
-	Pathconf           uint64
-	StatFs             uint64
-	ReadLink           uint64
-	ReadDir            uint64
-	ServerCaps         uint64
-	DelegReturn        uint64
-	GetACL             uint64
-	SetACL             uint64
-	FsLocations        uint64
-	ReleaseLockowner   uint64
-	Secinfo            uint64
-	FsidPresent        uint64
-	ExchangeID         uint64
-	CreateSession      uint64
-	DestroySession     uint64
-	Sequence           uint64
-	GetLeaseTime       uint64
-	ReclaimComplete    uint64
-	LayoutGet          uint64
-	GetDeviceInfo      uint64
-	LayoutCommit       uint64
-	LayoutReturn       uint64
-	SecinfoNoName      uint64
-	TestStateID        uint64
-	FreeStateID        uint64
-	GetDeviceList      uint64
-	BindConnToSession  uint64
-	DestroyClientID    uint64
-	Seek               uint64
-	Allocate           uint64
-	DeAllocate         uint64
-	LayoutStats        uint64
-	Clone              uint64
-}
-
-// ServerV4Stats models the nfsd "proc4" line.
-type ServerV4Stats struct {
-	Null     uint64
-	Compound uint64
-}
-
-// V4Ops models the "proc4ops" line: NFSv4 operations
-// Variable list, see:
-// v4.0 https://tools.ietf.org/html/rfc3010 (38 operations)
-// v4.1 https://tools.ietf.org/html/rfc5661 (58 operations)
-// v4.2 https://tools.ietf.org/html/draft-ietf-nfsv4-minorversion2-41 (71 operations)
-type V4Ops struct {
-	//Values       uint64 // Variable depending on v4.x sub-version. TODO: Will this always at least include the fields in this struct?
-	Op0Unused    uint64
-	Op1Unused    uint64
-	Op2Future    uint64
-	Access       uint64
-	Close        uint64
-	Commit       uint64
-	Create       uint64
-	DelegPurge   uint64
-	DelegReturn  uint64
-	GetAttr      uint64
-	GetFH        uint64
-	Link         uint64
-	Lock         uint64
-	Lockt        uint64
-	Locku        uint64
-	Lookup       uint64
-	LookupRoot   uint64
-	Nverify      uint64
-	Open         uint64
-	OpenAttr     uint64
-	OpenConfirm  uint64
-	OpenDgrd     uint64
-	PutFH        uint64
-	PutPubFH     uint64
-	PutRootFH    uint64
-	Read         uint64
-	ReadDir      uint64
-	ReadLink     uint64
-	Remove       uint64
-	Rename       uint64
-	Renew        uint64
-	RestoreFH    uint64
-	SaveFH       uint64
-	SecInfo      uint64
-	SetAttr      uint64
-	Verify       uint64
-	Write        uint64
-	RelLockOwner uint64
-}
-
-// ClientRPCStats models all stats from /proc/net/rpc/nfs.
-type ClientRPCStats struct {
-	Network       Network
-	ClientRPC     ClientRPC
-	V2Stats       V2Stats
-	V3Stats       V3Stats
-	ClientV4Stats ClientV4Stats
-}
-
-// ServerRPCStats models all stats from /proc/net/rpc/nfsd.
-type ServerRPCStats struct {
-	ReplyCache     ReplyCache
-	FileHandles    FileHandles
-	InputOutput    InputOutput
-	Threads        Threads
-	ReadAheadCache ReadAheadCache
-	Network        Network
-	ServerRPC      ServerRPC
-	V2Stats        V2Stats
-	V3Stats        V3Stats
-	ServerV4Stats  ServerV4Stats
-	V4Ops          V4Ops
-}
diff --git a/vendor/github.com/prometheus/procfs/nfs/parse.go b/vendor/github.com/prometheus/procfs/nfs/parse.go
deleted file mode 100644
index 95a83cc5bc5f9..0000000000000
--- a/vendor/github.com/prometheus/procfs/nfs/parse.go
+++ /dev/null
@@ -1,317 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package nfs
-
-import (
-	"fmt"
-)
-
-func parseReplyCache(v []uint64) (ReplyCache, error) {
-	if len(v) != 3 {
-		return ReplyCache{}, fmt.Errorf("invalid ReplyCache line %q", v)
-	}
-
-	return ReplyCache{
-		Hits:    v[0],
-		Misses:  v[1],
-		NoCache: v[2],
-	}, nil
-}
-
-func parseFileHandles(v []uint64) (FileHandles, error) {
-	if len(v) != 5 {
-		return FileHandles{}, fmt.Errorf("invalid FileHandles, line %q", v)
-	}
-
-	return FileHandles{
-		Stale:        v[0],
-		TotalLookups: v[1],
-		AnonLookups:  v[2],
-		DirNoCache:   v[3],
-		NoDirNoCache: v[4],
-	}, nil
-}
-
-func parseInputOutput(v []uint64) (InputOutput, error) {
-	if len(v) != 2 {
-		return InputOutput{}, fmt.Errorf("invalid InputOutput line %q", v)
-	}
-
-	return InputOutput{
-		Read:  v[0],
-		Write: v[1],
-	}, nil
-}
-
-func parseThreads(v []uint64) (Threads, error) {
-	if len(v) != 2 {
-		return Threads{}, fmt.Errorf("invalid Threads line %q", v)
-	}
-
-	return Threads{
-		Threads: v[0],
-		FullCnt: v[1],
-	}, nil
-}
-
-func parseReadAheadCache(v []uint64) (ReadAheadCache, error) {
-	if len(v) != 12 {
-		return ReadAheadCache{}, fmt.Errorf("invalid ReadAheadCache line %q", v)
-	}
-
-	return ReadAheadCache{
-		CacheSize:      v[0],
-		CacheHistogram: v[1:11],
-		NotFound:       v[11],
-	}, nil
-}
-
-func parseNetwork(v []uint64) (Network, error) {
-	if len(v) != 4 {
-		return Network{}, fmt.Errorf("invalid Network line %q", v)
-	}
-
-	return Network{
-		NetCount:   v[0],
-		UDPCount:   v[1],
-		TCPCount:   v[2],
-		TCPConnect: v[3],
-	}, nil
-}
-
-func parseServerRPC(v []uint64) (ServerRPC, error) {
-	if len(v) != 5 {
-		return ServerRPC{}, fmt.Errorf("invalid RPC line %q", v)
-	}
-
-	return ServerRPC{
-		RPCCount: v[0],
-		BadCnt:   v[1],
-		BadFmt:   v[2],
-		BadAuth:  v[3],
-		BadcInt:  v[4],
-	}, nil
-}
-
-func parseClientRPC(v []uint64) (ClientRPC, error) {
-	if len(v) != 3 {
-		return ClientRPC{}, fmt.Errorf("invalid RPC line %q", v)
-	}
-
-	return ClientRPC{
-		RPCCount:        v[0],
-		Retransmissions: v[1],
-		AuthRefreshes:   v[2],
-	}, nil
-}
-
-func parseV2Stats(v []uint64) (V2Stats, error) {
-	values := int(v[0])
-	if len(v[1:]) != values || values != 18 {
-		return V2Stats{}, fmt.Errorf("invalid V2Stats line %q", v)
-	}
-
-	return V2Stats{
-		Null:     v[1],
-		GetAttr:  v[2],
-		SetAttr:  v[3],
-		Root:     v[4],
-		Lookup:   v[5],
-		ReadLink: v[6],
-		Read:     v[7],
-		WrCache:  v[8],
-		Write:    v[9],
-		Create:   v[10],
-		Remove:   v[11],
-		Rename:   v[12],
-		Link:     v[13],
-		SymLink:  v[14],
-		MkDir:    v[15],
-		RmDir:    v[16],
-		ReadDir:  v[17],
-		FsStat:   v[18],
-	}, nil
-}
-
-func parseV3Stats(v []uint64) (V3Stats, error) {
-	values := int(v[0])
-	if len(v[1:]) != values || values != 22 {
-		return V3Stats{}, fmt.Errorf("invalid V3Stats line %q", v)
-	}
-
-	return V3Stats{
-		Null:        v[1],
-		GetAttr:     v[2],
-		SetAttr:     v[3],
-		Lookup:      v[4],
-		Access:      v[5],
-		ReadLink:    v[6],
-		Read:        v[7],
-		Write:       v[8],
-		Create:      v[9],
-		MkDir:       v[10],
-		SymLink:     v[11],
-		MkNod:       v[12],
-		Remove:      v[13],
-		RmDir:       v[14],
-		Rename:      v[15],
-		Link:        v[16],
-		ReadDir:     v[17],
-		ReadDirPlus: v[18],
-		FsStat:      v[19],
-		FsInfo:      v[20],
-		PathConf:    v[21],
-		Commit:      v[22],
-	}, nil
-}
-
-func parseClientV4Stats(v []uint64) (ClientV4Stats, error) {
-	values := int(v[0])
-	if len(v[1:]) != values {
-		return ClientV4Stats{}, fmt.Errorf("invalid ClientV4Stats line %q", v)
-	}
-
-	// This function currently supports mapping 59 NFS v4 client stats.  Older
-	// kernels may emit fewer stats, so we must detect this and pad out the
-	// values to match the expected slice size.
-	if values < 59 {
-		newValues := make([]uint64, 60)
-		copy(newValues, v)
-		v = newValues
-	}
-
-	return ClientV4Stats{
-		Null:               v[1],
-		Read:               v[2],
-		Write:              v[3],
-		Commit:             v[4],
-		Open:               v[5],
-		OpenConfirm:        v[6],
-		OpenNoattr:         v[7],
-		OpenDowngrade:      v[8],
-		Close:              v[9],
-		Setattr:            v[10],
-		FsInfo:             v[11],
-		Renew:              v[12],
-		SetClientID:        v[13],
-		SetClientIDConfirm: v[14],
-		Lock:               v[15],
-		Lockt:              v[16],
-		Locku:              v[17],
-		Access:             v[18],
-		Getattr:            v[19],
-		Lookup:             v[20],
-		LookupRoot:         v[21],
-		Remove:             v[22],
-		Rename:             v[23],
-		Link:               v[24],
-		Symlink:            v[25],
-		Create:             v[26],
-		Pathconf:           v[27],
-		StatFs:             v[28],
-		ReadLink:           v[29],
-		ReadDir:            v[30],
-		ServerCaps:         v[31],
-		DelegReturn:        v[32],
-		GetACL:             v[33],
-		SetACL:             v[34],
-		FsLocations:        v[35],
-		ReleaseLockowner:   v[36],
-		Secinfo:            v[37],
-		FsidPresent:        v[38],
-		ExchangeID:         v[39],
-		CreateSession:      v[40],
-		DestroySession:     v[41],
-		Sequence:           v[42],
-		GetLeaseTime:       v[43],
-		ReclaimComplete:    v[44],
-		LayoutGet:          v[45],
-		GetDeviceInfo:      v[46],
-		LayoutCommit:       v[47],
-		LayoutReturn:       v[48],
-		SecinfoNoName:      v[49],
-		TestStateID:        v[50],
-		FreeStateID:        v[51],
-		GetDeviceList:      v[52],
-		BindConnToSession:  v[53],
-		DestroyClientID:    v[54],
-		Seek:               v[55],
-		Allocate:           v[56],
-		DeAllocate:         v[57],
-		LayoutStats:        v[58],
-		Clone:              v[59],
-	}, nil
-}
-
-func parseServerV4Stats(v []uint64) (ServerV4Stats, error) {
-	values := int(v[0])
-	if len(v[1:]) != values || values != 2 {
-		return ServerV4Stats{}, fmt.Errorf("invalid V4Stats line %q", v)
-	}
-
-	return ServerV4Stats{
-		Null:     v[1],
-		Compound: v[2],
-	}, nil
-}
-
-func parseV4Ops(v []uint64) (V4Ops, error) {
-	values := int(v[0])
-	if len(v[1:]) != values || values < 39 {
-		return V4Ops{}, fmt.Errorf("invalid V4Ops line %q", v)
-	}
-
-	stats := V4Ops{
-		Op0Unused:    v[1],
-		Op1Unused:    v[2],
-		Op2Future:    v[3],
-		Access:       v[4],
-		Close:        v[5],
-		Commit:       v[6],
-		Create:       v[7],
-		DelegPurge:   v[8],
-		DelegReturn:  v[9],
-		GetAttr:      v[10],
-		GetFH:        v[11],
-		Link:         v[12],
-		Lock:         v[13],
-		Lockt:        v[14],
-		Locku:        v[15],
-		Lookup:       v[16],
-		LookupRoot:   v[17],
-		Nverify:      v[18],
-		Open:         v[19],
-		OpenAttr:     v[20],
-		OpenConfirm:  v[21],
-		OpenDgrd:     v[22],
-		PutFH:        v[23],
-		PutPubFH:     v[24],
-		PutRootFH:    v[25],
-		Read:         v[26],
-		ReadDir:      v[27],
-		ReadLink:     v[28],
-		Remove:       v[29],
-		Rename:       v[30],
-		Renew:        v[31],
-		RestoreFH:    v[32],
-		SaveFH:       v[33],
-		SecInfo:      v[34],
-		SetAttr:      v[35],
-		Verify:       v[36],
-		Write:        v[37],
-		RelLockOwner: v[38],
-	}
-
-	return stats, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/nfs/parse_nfs.go b/vendor/github.com/prometheus/procfs/nfs/parse_nfs.go
deleted file mode 100644
index c0d3a5ad9bdfe..0000000000000
--- a/vendor/github.com/prometheus/procfs/nfs/parse_nfs.go
+++ /dev/null
@@ -1,67 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package nfs
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// ParseClientRPCStats returns stats read from /proc/net/rpc/nfs
-func ParseClientRPCStats(r io.Reader) (*ClientRPCStats, error) {
-	stats := &ClientRPCStats{}
-
-	scanner := bufio.NewScanner(r)
-	for scanner.Scan() {
-		line := scanner.Text()
-		parts := strings.Fields(scanner.Text())
-		// require at least <key> <value>
-		if len(parts) < 2 {
-			return nil, fmt.Errorf("invalid NFS metric line %q", line)
-		}
-
-		values, err := util.ParseUint64s(parts[1:])
-		if err != nil {
-			return nil, fmt.Errorf("error parsing NFS metric line: %s", err)
-		}
-
-		switch metricLine := parts[0]; metricLine {
-		case "net":
-			stats.Network, err = parseNetwork(values)
-		case "rpc":
-			stats.ClientRPC, err = parseClientRPC(values)
-		case "proc2":
-			stats.V2Stats, err = parseV2Stats(values)
-		case "proc3":
-			stats.V3Stats, err = parseV3Stats(values)
-		case "proc4":
-			stats.ClientV4Stats, err = parseClientV4Stats(values)
-		default:
-			return nil, fmt.Errorf("unknown NFS metric line %q", metricLine)
-		}
-		if err != nil {
-			return nil, fmt.Errorf("errors parsing NFS metric line: %s", err)
-		}
-	}
-
-	if err := scanner.Err(); err != nil {
-		return nil, fmt.Errorf("error scanning NFS file: %s", err)
-	}
-
-	return stats, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/nfs/parse_nfsd.go b/vendor/github.com/prometheus/procfs/nfs/parse_nfsd.go
deleted file mode 100644
index 57bb4a35858c2..0000000000000
--- a/vendor/github.com/prometheus/procfs/nfs/parse_nfsd.go
+++ /dev/null
@@ -1,89 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package nfs
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// ParseServerRPCStats returns stats read from /proc/net/rpc/nfsd
-func ParseServerRPCStats(r io.Reader) (*ServerRPCStats, error) {
-	stats := &ServerRPCStats{}
-
-	scanner := bufio.NewScanner(r)
-	for scanner.Scan() {
-		line := scanner.Text()
-		parts := strings.Fields(scanner.Text())
-		// require at least <key> <value>
-		if len(parts) < 2 {
-			return nil, fmt.Errorf("invalid NFSd metric line %q", line)
-		}
-		label := parts[0]
-
-		var values []uint64
-		var err error
-		if label == "th" {
-			if len(parts) < 3 {
-				return nil, fmt.Errorf("invalid NFSd th metric line %q", line)
-			}
-			values, err = util.ParseUint64s(parts[1:3])
-		} else {
-			values, err = util.ParseUint64s(parts[1:])
-		}
-		if err != nil {
-			return nil, fmt.Errorf("error parsing NFSd metric line: %s", err)
-		}
-
-		switch metricLine := parts[0]; metricLine {
-		case "rc":
-			stats.ReplyCache, err = parseReplyCache(values)
-		case "fh":
-			stats.FileHandles, err = parseFileHandles(values)
-		case "io":
-			stats.InputOutput, err = parseInputOutput(values)
-		case "th":
-			stats.Threads, err = parseThreads(values)
-		case "ra":
-			stats.ReadAheadCache, err = parseReadAheadCache(values)
-		case "net":
-			stats.Network, err = parseNetwork(values)
-		case "rpc":
-			stats.ServerRPC, err = parseServerRPC(values)
-		case "proc2":
-			stats.V2Stats, err = parseV2Stats(values)
-		case "proc3":
-			stats.V3Stats, err = parseV3Stats(values)
-		case "proc4":
-			stats.ServerV4Stats, err = parseServerV4Stats(values)
-		case "proc4ops":
-			stats.V4Ops, err = parseV4Ops(values)
-		default:
-			return nil, fmt.Errorf("unknown NFSd metric line %q", metricLine)
-		}
-		if err != nil {
-			return nil, fmt.Errorf("errors parsing NFSd metric line: %s", err)
-		}
-	}
-
-	if err := scanner.Err(); err != nil {
-		return nil, fmt.Errorf("error scanning NFSd file: %s", err)
-	}
-
-	return stats, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/proc.go b/vendor/github.com/prometheus/procfs/proc.go
index 7cf5b8acf9565..330e472c70fd2 100644
--- a/vendor/github.com/prometheus/procfs/proc.go
+++ b/vendor/github.com/prometheus/procfs/proc.go
@@ -20,6 +20,9 @@ import (
 	"os"
 	"strconv"
 	"strings"
+
+	"github.com/prometheus/procfs/internal/fs"
+	"github.com/prometheus/procfs/internal/util"
 )
 
 // Proc provides information about a running process.
@@ -27,7 +30,7 @@ type Proc struct {
 	// The process ID.
 	PID int
 
-	fs FS
+	fs fs.FS
 }
 
 // Procs represents a list of Proc structs.
@@ -52,7 +55,7 @@ func NewProc(pid int) (Proc, error) {
 	if err != nil {
 		return Proc{}, err
 	}
-	return fs.NewProc(pid)
+	return fs.Proc(pid)
 }
 
 // AllProcs returns a list of all currently available processes under /proc.
@@ -66,28 +69,35 @@ func AllProcs() (Procs, error) {
 
 // Self returns a process for the current process.
 func (fs FS) Self() (Proc, error) {
-	p, err := os.Readlink(fs.Path("self"))
+	p, err := os.Readlink(fs.proc.Path("self"))
 	if err != nil {
 		return Proc{}, err
 	}
-	pid, err := strconv.Atoi(strings.Replace(p, string(fs), "", -1))
+	pid, err := strconv.Atoi(strings.Replace(p, string(fs.proc), "", -1))
 	if err != nil {
 		return Proc{}, err
 	}
-	return fs.NewProc(pid)
+	return fs.Proc(pid)
 }
 
 // NewProc returns a process for the given pid.
+//
+// Deprecated: use fs.Proc() instead
 func (fs FS) NewProc(pid int) (Proc, error) {
-	if _, err := os.Stat(fs.Path(strconv.Itoa(pid))); err != nil {
+	return fs.Proc(pid)
+}
+
+// Proc returns a process for the given pid.
+func (fs FS) Proc(pid int) (Proc, error) {
+	if _, err := os.Stat(fs.proc.Path(strconv.Itoa(pid))); err != nil {
 		return Proc{}, err
 	}
-	return Proc{PID: pid, fs: fs}, nil
+	return Proc{PID: pid, fs: fs.proc}, nil
 }
 
 // AllProcs returns a list of all currently available processes.
 func (fs FS) AllProcs() (Procs, error) {
-	d, err := os.Open(fs.Path())
+	d, err := os.Open(fs.proc.Path())
 	if err != nil {
 		return Procs{}, err
 	}
@@ -104,7 +114,7 @@ func (fs FS) AllProcs() (Procs, error) {
 		if err != nil {
 			continue
 		}
-		p = append(p, Proc{PID: int(pid), fs: fs})
+		p = append(p, Proc{PID: int(pid), fs: fs.proc})
 	}
 
 	return p, nil
@@ -112,13 +122,7 @@ func (fs FS) AllProcs() (Procs, error) {
 
 // CmdLine returns the command line of a process.
 func (p Proc) CmdLine() ([]string, error) {
-	f, err := os.Open(p.path("cmdline"))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	data, err := ioutil.ReadAll(f)
+	data, err := util.ReadFileNoStat(p.path("cmdline"))
 	if err != nil {
 		return nil, err
 	}
@@ -132,13 +136,7 @@ func (p Proc) CmdLine() ([]string, error) {
 
 // Comm returns the command name of a process.
 func (p Proc) Comm() (string, error) {
-	f, err := os.Open(p.path("comm"))
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	data, err := ioutil.ReadAll(f)
+	data, err := util.ReadFileNoStat(p.path("comm"))
 	if err != nil {
 		return "", err
 	}
@@ -156,6 +154,26 @@ func (p Proc) Executable() (string, error) {
 	return exe, err
 }
 
+// Cwd returns the absolute path to the current working directory of the process.
+func (p Proc) Cwd() (string, error) {
+	wd, err := os.Readlink(p.path("cwd"))
+	if os.IsNotExist(err) {
+		return "", nil
+	}
+
+	return wd, err
+}
+
+// RootDir returns the absolute path to the process's root directory (as set by chroot)
+func (p Proc) RootDir() (string, error) {
+	rdir, err := os.Readlink(p.path("root"))
+	if os.IsNotExist(err) {
+		return "", nil
+	}
+
+	return rdir, err
+}
+
 // FileDescriptors returns the currently open file descriptors of a process.
 func (p Proc) FileDescriptors() ([]uintptr, error) {
 	names, err := p.fileDescriptors()
@@ -218,6 +236,18 @@ func (p Proc) MountStats() ([]*Mount, error) {
 	return parseMountStats(f)
 }
 
+// MountInfo retrieves mount information for mount points in a
+// process's namespace.
+// It supplies information missing in `/proc/self/mounts` and
+// fixes various other problems with that file too.
+func (p Proc) MountInfo() ([]*MountInfo, error) {
+	data, err := util.ReadFileNoStat(p.path("mountinfo"))
+	if err != nil {
+		return nil, err
+	}
+	return parseMountInfo(data)
+}
+
 func (p Proc) fileDescriptors() ([]string, error) {
 	d, err := os.Open(p.path("fd"))
 	if err != nil {
@@ -236,3 +266,33 @@ func (p Proc) fileDescriptors() ([]string, error) {
 func (p Proc) path(pa ...string) string {
 	return p.fs.Path(append([]string{strconv.Itoa(p.PID)}, pa...)...)
 }
+
+// FileDescriptorsInfo retrieves information about all file descriptors of
+// the process.
+func (p Proc) FileDescriptorsInfo() (ProcFDInfos, error) {
+	names, err := p.fileDescriptors()
+	if err != nil {
+		return nil, err
+	}
+
+	var fdinfos ProcFDInfos
+
+	for _, n := range names {
+		fdinfo, err := p.FDInfo(n)
+		if err != nil {
+			continue
+		}
+		fdinfos = append(fdinfos, *fdinfo)
+	}
+
+	return fdinfos, nil
+}
+
+// Schedstat returns task scheduling information for the process.
+func (p Proc) Schedstat() (ProcSchedstat, error) {
+	contents, err := ioutil.ReadFile(p.path("schedstat"))
+	if err != nil {
+		return ProcSchedstat{}, err
+	}
+	return parseProcSchedstat(string(contents))
+}
diff --git a/vendor/github.com/prometheus/procfs/proc_environ.go b/vendor/github.com/prometheus/procfs/proc_environ.go
new file mode 100644
index 0000000000000..6134b3580c453
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/proc_environ.go
@@ -0,0 +1,37 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// Environ reads process environments from /proc/<pid>/environ
+func (p Proc) Environ() ([]string, error) {
+	environments := make([]string, 0)
+
+	data, err := util.ReadFileNoStat(p.path("environ"))
+	if err != nil {
+		return environments, err
+	}
+
+	environments = strings.Split(string(data), "\000")
+	if len(environments) > 0 {
+		environments = environments[:len(environments)-1]
+	}
+
+	return environments, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/proc_fdinfo.go b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
new file mode 100644
index 0000000000000..0c9c402850c0f
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
@@ -0,0 +1,133 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"regexp"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// Regexp variables
+var (
+	rPos          = regexp.MustCompile(`^pos:\s+(\d+)$`)
+	rFlags        = regexp.MustCompile(`^flags:\s+(\d+)$`)
+	rMntID        = regexp.MustCompile(`^mnt_id:\s+(\d+)$`)
+	rInotify      = regexp.MustCompile(`^inotify`)
+	rInotifyParts = regexp.MustCompile(`^inotify\s+wd:([0-9a-f]+)\s+ino:([0-9a-f]+)\s+sdev:([0-9a-f]+)(?:\s+mask:([0-9a-f]+))?`)
+)
+
+// ProcFDInfo contains represents file descriptor information.
+type ProcFDInfo struct {
+	// File descriptor
+	FD string
+	// File offset
+	Pos string
+	// File access mode and status flags
+	Flags string
+	// Mount point ID
+	MntID string
+	// List of inotify lines (structed) in the fdinfo file (kernel 3.8+ only)
+	InotifyInfos []InotifyInfo
+}
+
+// FDInfo constructor. On kernels older than 3.8, InotifyInfos will always be empty.
+func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
+	data, err := util.ReadFileNoStat(p.path("fdinfo", fd))
+	if err != nil {
+		return nil, err
+	}
+
+	var text, pos, flags, mntid string
+	var inotify []InotifyInfo
+
+	scanner := bufio.NewScanner(bytes.NewReader(data))
+	for scanner.Scan() {
+		text = scanner.Text()
+		if rPos.MatchString(text) {
+			pos = rPos.FindStringSubmatch(text)[1]
+		} else if rFlags.MatchString(text) {
+			flags = rFlags.FindStringSubmatch(text)[1]
+		} else if rMntID.MatchString(text) {
+			mntid = rMntID.FindStringSubmatch(text)[1]
+		} else if rInotify.MatchString(text) {
+			newInotify, err := parseInotifyInfo(text)
+			if err != nil {
+				return nil, err
+			}
+			inotify = append(inotify, *newInotify)
+		}
+	}
+
+	i := &ProcFDInfo{
+		FD:           fd,
+		Pos:          pos,
+		Flags:        flags,
+		MntID:        mntid,
+		InotifyInfos: inotify,
+	}
+
+	return i, nil
+}
+
+// InotifyInfo represents a single inotify line in the fdinfo file.
+type InotifyInfo struct {
+	// Watch descriptor number
+	WD string
+	// Inode number
+	Ino string
+	// Device ID
+	Sdev string
+	// Mask of events being monitored
+	Mask string
+}
+
+// InotifyInfo constructor. Only available on kernel 3.8+.
+func parseInotifyInfo(line string) (*InotifyInfo, error) {
+	m := rInotifyParts.FindStringSubmatch(line)
+	if len(m) >= 4 {
+		var mask string
+		if len(m) == 5 {
+			mask = m[4]
+		}
+		i := &InotifyInfo{
+			WD:   m[1],
+			Ino:  m[2],
+			Sdev: m[3],
+			Mask: mask,
+		}
+		return i, nil
+	}
+	return nil, errors.New("invalid inode entry: " + line)
+}
+
+// ProcFDInfos represents a list of ProcFDInfo structs.
+type ProcFDInfos []ProcFDInfo
+
+func (p ProcFDInfos) Len() int           { return len(p) }
+func (p ProcFDInfos) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
+func (p ProcFDInfos) Less(i, j int) bool { return p[i].FD < p[j].FD }
+
+// InotifyWatchLen returns the total number of inotify watches
+func (p ProcFDInfos) InotifyWatchLen() (int, error) {
+	length := 0
+	for _, f := range p {
+		length += len(f.InotifyInfos)
+	}
+
+	return length, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/proc_io.go b/vendor/github.com/prometheus/procfs/proc_io.go
index 0251c83bfe819..776f34971730d 100644
--- a/vendor/github.com/prometheus/procfs/proc_io.go
+++ b/vendor/github.com/prometheus/procfs/proc_io.go
@@ -15,8 +15,8 @@ package procfs
 
 import (
 	"fmt"
-	"io/ioutil"
-	"os"
+
+	"github.com/prometheus/procfs/internal/util"
 )
 
 // ProcIO models the content of /proc/<pid>/io.
@@ -39,17 +39,11 @@ type ProcIO struct {
 	CancelledWriteBytes int64
 }
 
-// NewIO creates a new ProcIO instance from a given Proc instance.
-func (p Proc) NewIO() (ProcIO, error) {
+// IO creates a new ProcIO instance from a given Proc instance.
+func (p Proc) IO() (ProcIO, error) {
 	pio := ProcIO{}
 
-	f, err := os.Open(p.path("io"))
-	if err != nil {
-		return pio, err
-	}
-	defer f.Close()
-
-	data, err := ioutil.ReadAll(f)
+	data, err := util.ReadFileNoStat(p.path("io"))
 	if err != nil {
 		return pio, err
 	}
diff --git a/vendor/github.com/prometheus/procfs/proc_limits.go b/vendor/github.com/prometheus/procfs/proc_limits.go
index f04ba6fda8526..91ee24df8bdec 100644
--- a/vendor/github.com/prometheus/procfs/proc_limits.go
+++ b/vendor/github.com/prometheus/procfs/proc_limits.go
@@ -78,7 +78,14 @@ var (
 )
 
 // NewLimits returns the current soft limits of the process.
+//
+// Deprecated: use p.Limits() instead
 func (p Proc) NewLimits() (ProcLimits, error) {
+	return p.Limits()
+}
+
+// Limits returns the current soft limits of the process.
+func (p Proc) Limits() (ProcLimits, error) {
 	f, err := os.Open(p.path("limits"))
 	if err != nil {
 		return ProcLimits{}, err
diff --git a/vendor/github.com/prometheus/procfs/proc_maps.go b/vendor/github.com/prometheus/procfs/proc_maps.go
new file mode 100644
index 0000000000000..28d5c6eb1da89
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/proc_maps.go
@@ -0,0 +1,208 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !windows
+
+package procfs
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"golang.org/x/sys/unix"
+)
+
+type ProcMapPermissions struct {
+	// mapping has the [R]ead flag set
+	Read bool
+	// mapping has the [W]rite flag set
+	Write bool
+	// mapping has the [X]ecutable flag set
+	Execute bool
+	// mapping has the [S]hared flag set
+	Shared bool
+	// mapping is marked as [P]rivate (copy on write)
+	Private bool
+}
+
+// ProcMap contains the process memory-mappings of the process,
+// read from /proc/[pid]/maps
+type ProcMap struct {
+	// The start address of current mapping.
+	StartAddr uintptr
+	// The end address of the current mapping
+	EndAddr uintptr
+	// The permissions for this mapping
+	Perms *ProcMapPermissions
+	// The current offset into the file/fd (e.g., shared libs)
+	Offset int64
+	// Device owner of this mapping (major:minor) in Mkdev format.
+	Dev uint64
+	// The inode of the device above
+	Inode uint64
+	// The file or psuedofile (or empty==anonymous)
+	Pathname string
+}
+
+// parseDevice parses the device token of a line and converts it to a dev_t
+// (mkdev) like structure.
+func parseDevice(s string) (uint64, error) {
+	toks := strings.Split(s, ":")
+	if len(toks) < 2 {
+		return 0, fmt.Errorf("unexpected number of fields")
+	}
+
+	major, err := strconv.ParseUint(toks[0], 16, 0)
+	if err != nil {
+		return 0, err
+	}
+
+	minor, err := strconv.ParseUint(toks[1], 16, 0)
+	if err != nil {
+		return 0, err
+	}
+
+	return unix.Mkdev(uint32(major), uint32(minor)), nil
+}
+
+// parseAddress just converts a hex-string to a uintptr
+func parseAddress(s string) (uintptr, error) {
+	a, err := strconv.ParseUint(s, 16, 0)
+	if err != nil {
+		return 0, err
+	}
+
+	return uintptr(a), nil
+}
+
+// parseAddresses parses the start-end address
+func parseAddresses(s string) (uintptr, uintptr, error) {
+	toks := strings.Split(s, "-")
+	if len(toks) < 2 {
+		return 0, 0, fmt.Errorf("invalid address")
+	}
+
+	saddr, err := parseAddress(toks[0])
+	if err != nil {
+		return 0, 0, err
+	}
+
+	eaddr, err := parseAddress(toks[1])
+	if err != nil {
+		return 0, 0, err
+	}
+
+	return saddr, eaddr, nil
+}
+
+// parsePermissions parses a token and returns any that are set.
+func parsePermissions(s string) (*ProcMapPermissions, error) {
+	if len(s) < 4 {
+		return nil, fmt.Errorf("invalid permissions token")
+	}
+
+	perms := ProcMapPermissions{}
+	for _, ch := range s {
+		switch ch {
+		case 'r':
+			perms.Read = true
+		case 'w':
+			perms.Write = true
+		case 'x':
+			perms.Execute = true
+		case 'p':
+			perms.Private = true
+		case 's':
+			perms.Shared = true
+		}
+	}
+
+	return &perms, nil
+}
+
+// parseProcMap will attempt to parse a single line within a proc/[pid]/maps
+// buffer.
+func parseProcMap(text string) (*ProcMap, error) {
+	fields := strings.Fields(text)
+	if len(fields) < 5 {
+		return nil, fmt.Errorf("truncated procmap entry")
+	}
+
+	saddr, eaddr, err := parseAddresses(fields[0])
+	if err != nil {
+		return nil, err
+	}
+
+	perms, err := parsePermissions(fields[1])
+	if err != nil {
+		return nil, err
+	}
+
+	offset, err := strconv.ParseInt(fields[2], 16, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	device, err := parseDevice(fields[3])
+	if err != nil {
+		return nil, err
+	}
+
+	inode, err := strconv.ParseUint(fields[4], 10, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	pathname := ""
+
+	if len(fields) >= 5 {
+		pathname = strings.Join(fields[5:], " ")
+	}
+
+	return &ProcMap{
+		StartAddr: saddr,
+		EndAddr:   eaddr,
+		Perms:     perms,
+		Offset:    offset,
+		Dev:       device,
+		Inode:     inode,
+		Pathname:  pathname,
+	}, nil
+}
+
+// ProcMaps reads from /proc/[pid]/maps to get the memory-mappings of the
+// process.
+func (p Proc) ProcMaps() ([]*ProcMap, error) {
+	file, err := os.Open(p.path("maps"))
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	maps := []*ProcMap{}
+	scan := bufio.NewScanner(file)
+
+	for scan.Scan() {
+		m, err := parseProcMap(scan.Text())
+		if err != nil {
+			return nil, err
+		}
+
+		maps = append(maps, m)
+	}
+
+	return maps, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/proc_ns.go b/vendor/github.com/prometheus/procfs/proc_ns.go
index d06c26ebad9b2..c66740ff746a5 100644
--- a/vendor/github.com/prometheus/procfs/proc_ns.go
+++ b/vendor/github.com/prometheus/procfs/proc_ns.go
@@ -29,9 +29,9 @@ type Namespace struct {
 // Namespaces contains all of the namespaces that the process is contained in.
 type Namespaces map[string]Namespace
 
-// NewNamespaces reads from /proc/[pid/ns/* to get the namespaces of which the
+// Namespaces reads from /proc/<pid>/ns/* to get the namespaces of which the
 // process is a member.
-func (p Proc) NewNamespaces() (Namespaces, error) {
+func (p Proc) Namespaces() (Namespaces, error) {
 	d, err := os.Open(p.path("ns"))
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/prometheus/procfs/proc_psi.go b/vendor/github.com/prometheus/procfs/proc_psi.go
new file mode 100644
index 0000000000000..0d7bee54cac3a
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/proc_psi.go
@@ -0,0 +1,100 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+// The PSI / pressure interface is described at
+//   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/accounting/psi.txt
+// Each resource (cpu, io, memory, ...) is exposed as a single file.
+// Each file may contain up to two lines, one for "some" pressure and one for "full" pressure.
+// Each line contains several averages (over n seconds) and a total in µs.
+//
+// Example io pressure file:
+// > some avg10=0.06 avg60=0.21 avg300=0.99 total=8537362
+// > full avg10=0.00 avg60=0.13 avg300=0.96 total=8183134
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+const lineFormat = "avg10=%f avg60=%f avg300=%f total=%d"
+
+// PSILine is a single line of values as returned by /proc/pressure/*
+// The Avg entries are averages over n seconds, as a percentage
+// The Total line is in microseconds
+type PSILine struct {
+	Avg10  float64
+	Avg60  float64
+	Avg300 float64
+	Total  uint64
+}
+
+// PSIStats represent pressure stall information from /proc/pressure/*
+// Some indicates the share of time in which at least some tasks are stalled
+// Full indicates the share of time in which all non-idle tasks are stalled simultaneously
+type PSIStats struct {
+	Some *PSILine
+	Full *PSILine
+}
+
+// PSIStatsForResource reads pressure stall information for the specified
+// resource from /proc/pressure/<resource>. At time of writing this can be
+// either "cpu", "memory" or "io".
+func (fs FS) PSIStatsForResource(resource string) (PSIStats, error) {
+	data, err := util.ReadFileNoStat(fs.proc.Path(fmt.Sprintf("%s/%s", "pressure", resource)))
+	if err != nil {
+		return PSIStats{}, fmt.Errorf("psi_stats: unavailable for %s", resource)
+	}
+
+	return parsePSIStats(resource, bytes.NewReader(data))
+}
+
+// parsePSIStats parses the specified file for pressure stall information
+func parsePSIStats(resource string, r io.Reader) (PSIStats, error) {
+	psiStats := PSIStats{}
+
+	scanner := bufio.NewScanner(r)
+	for scanner.Scan() {
+		l := scanner.Text()
+		prefix := strings.Split(l, " ")[0]
+		switch prefix {
+		case "some":
+			psi := PSILine{}
+			_, err := fmt.Sscanf(l, fmt.Sprintf("some %s", lineFormat), &psi.Avg10, &psi.Avg60, &psi.Avg300, &psi.Total)
+			if err != nil {
+				return PSIStats{}, err
+			}
+			psiStats.Some = &psi
+		case "full":
+			psi := PSILine{}
+			_, err := fmt.Sscanf(l, fmt.Sprintf("full %s", lineFormat), &psi.Avg10, &psi.Avg60, &psi.Avg300, &psi.Total)
+			if err != nil {
+				return PSIStats{}, err
+			}
+			psiStats.Full = &psi
+		default:
+			// If we encounter a line with an unknown prefix, ignore it and move on
+			// Should new measurement types be added in the future we'll simply ignore them instead
+			// of erroring on retrieval
+			continue
+		}
+	}
+
+	return psiStats, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/proc_stat.go b/vendor/github.com/prometheus/procfs/proc_stat.go
index 3cf2a9f18f00f..4517d2e9dd013 100644
--- a/vendor/github.com/prometheus/procfs/proc_stat.go
+++ b/vendor/github.com/prometheus/procfs/proc_stat.go
@@ -16,8 +16,10 @@ package procfs
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
 	"os"
+
+	"github.com/prometheus/procfs/internal/fs"
+	"github.com/prometheus/procfs/internal/util"
 )
 
 // Originally, this USER_HZ value was dynamically retrieved via a sysconf call
@@ -95,22 +97,23 @@ type ProcStat struct {
 	// in clock ticks.
 	Starttime uint64
 	// Virtual memory size in bytes.
-	VSize int
+	VSize uint
 	// Resident set size in pages.
 	RSS int
 
-	fs FS
+	proc fs.FS
 }
 
 // NewStat returns the current status information of the process.
+//
+// Deprecated: use p.Stat() instead
 func (p Proc) NewStat() (ProcStat, error) {
-	f, err := os.Open(p.path("stat"))
-	if err != nil {
-		return ProcStat{}, err
-	}
-	defer f.Close()
+	return p.Stat()
+}
 
-	data, err := ioutil.ReadAll(f)
+// Stat returns the current status information of the process.
+func (p Proc) Stat() (ProcStat, error) {
+	data, err := util.ReadFileNoStat(p.path("stat"))
 	if err != nil {
 		return ProcStat{}, err
 	}
@@ -118,7 +121,7 @@ func (p Proc) NewStat() (ProcStat, error) {
 	var (
 		ignore int
 
-		s = ProcStat{PID: p.PID, fs: p.fs}
+		s = ProcStat{PID: p.PID, proc: p.fs}
 		l = bytes.Index(data, []byte("("))
 		r = bytes.LastIndex(data, []byte(")"))
 	)
@@ -164,7 +167,7 @@ func (p Proc) NewStat() (ProcStat, error) {
 }
 
 // VirtualMemory returns the virtual memory size in bytes.
-func (s ProcStat) VirtualMemory() int {
+func (s ProcStat) VirtualMemory() uint {
 	return s.VSize
 }
 
@@ -175,7 +178,8 @@ func (s ProcStat) ResidentMemory() int {
 
 // StartTime returns the unix timestamp of the process in seconds.
 func (s ProcStat) StartTime() (float64, error) {
-	stat, err := s.fs.NewStat()
+	fs := FS{proc: s.proc}
+	stat, err := fs.Stat()
 	if err != nil {
 		return 0, err
 	}
diff --git a/vendor/github.com/prometheus/procfs/proc_status.go b/vendor/github.com/prometheus/procfs/proc_status.go
new file mode 100644
index 0000000000000..c58346d910f70
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/proc_status.go
@@ -0,0 +1,166 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bytes"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// ProcStatus provides status information about the process,
+// read from /proc/[pid]/stat.
+type ProcStatus struct {
+	// The process ID.
+	PID int
+	// The process name.
+	Name string
+
+	// Thread group ID.
+	TGID int
+
+	// Peak virtual memory size.
+	VmPeak uint64 // nolint:golint
+	// Virtual memory size.
+	VmSize uint64 // nolint:golint
+	// Locked memory size.
+	VmLck uint64 // nolint:golint
+	// Pinned memory size.
+	VmPin uint64 // nolint:golint
+	// Peak resident set size.
+	VmHWM uint64 // nolint:golint
+	// Resident set size (sum of RssAnnon RssFile and RssShmem).
+	VmRSS uint64 // nolint:golint
+	// Size of resident anonymous memory.
+	RssAnon uint64 // nolint:golint
+	// Size of resident file mappings.
+	RssFile uint64 // nolint:golint
+	// Size of resident shared memory.
+	RssShmem uint64 // nolint:golint
+	// Size of data segments.
+	VmData uint64 // nolint:golint
+	// Size of stack segments.
+	VmStk uint64 // nolint:golint
+	// Size of text segments.
+	VmExe uint64 // nolint:golint
+	// Shared library code size.
+	VmLib uint64 // nolint:golint
+	// Page table entries size.
+	VmPTE uint64 // nolint:golint
+	// Size of second-level page tables.
+	VmPMD uint64 // nolint:golint
+	// Swapped-out virtual memory size by anonymous private.
+	VmSwap uint64 // nolint:golint
+	// Size of hugetlb memory portions
+	HugetlbPages uint64
+
+	// Number of voluntary context switches.
+	VoluntaryCtxtSwitches uint64
+	// Number of involuntary context switches.
+	NonVoluntaryCtxtSwitches uint64
+
+	// UIDs of the process (Real, effective, saved set, and filesystem UIDs (GIDs))
+	UIDs [4]string
+}
+
+// NewStatus returns the current status information of the process.
+func (p Proc) NewStatus() (ProcStatus, error) {
+	data, err := util.ReadFileNoStat(p.path("status"))
+	if err != nil {
+		return ProcStatus{}, err
+	}
+
+	s := ProcStatus{PID: p.PID}
+
+	lines := strings.Split(string(data), "\n")
+	for _, line := range lines {
+		if !bytes.Contains([]byte(line), []byte(":")) {
+			continue
+		}
+
+		kv := strings.SplitN(line, ":", 2)
+
+		// removes spaces
+		k := string(strings.TrimSpace(kv[0]))
+		v := string(strings.TrimSpace(kv[1]))
+		// removes "kB"
+		v = string(bytes.Trim([]byte(v), " kB"))
+
+		// value to int when possible
+		// we can skip error check here, 'cause vKBytes is not used when value is a string
+		vKBytes, _ := strconv.ParseUint(v, 10, 64)
+		// convert kB to B
+		vBytes := vKBytes * 1024
+
+		s.fillStatus(k, v, vKBytes, vBytes)
+	}
+
+	return s, nil
+}
+
+func (s *ProcStatus) fillStatus(k string, vString string, vUint uint64, vUintBytes uint64) {
+	switch k {
+	case "Tgid":
+		s.TGID = int(vUint)
+	case "Name":
+		s.Name = vString
+	case "Uid":
+		copy(s.UIDs[:], strings.Split(vString, "\t"))
+	case "VmPeak":
+		s.VmPeak = vUintBytes
+	case "VmSize":
+		s.VmSize = vUintBytes
+	case "VmLck":
+		s.VmLck = vUintBytes
+	case "VmPin":
+		s.VmPin = vUintBytes
+	case "VmHWM":
+		s.VmHWM = vUintBytes
+	case "VmRSS":
+		s.VmRSS = vUintBytes
+	case "RssAnon":
+		s.RssAnon = vUintBytes
+	case "RssFile":
+		s.RssFile = vUintBytes
+	case "RssShmem":
+		s.RssShmem = vUintBytes
+	case "VmData":
+		s.VmData = vUintBytes
+	case "VmStk":
+		s.VmStk = vUintBytes
+	case "VmExe":
+		s.VmExe = vUintBytes
+	case "VmLib":
+		s.VmLib = vUintBytes
+	case "VmPTE":
+		s.VmPTE = vUintBytes
+	case "VmPMD":
+		s.VmPMD = vUintBytes
+	case "VmSwap":
+		s.VmSwap = vUintBytes
+	case "HugetlbPages":
+		s.HugetlbPages = vUintBytes
+	case "voluntary_ctxt_switches":
+		s.VoluntaryCtxtSwitches = vUint
+	case "nonvoluntary_ctxt_switches":
+		s.NonVoluntaryCtxtSwitches = vUint
+	}
+}
+
+// TotalCtxtSwitches returns the total context switch.
+func (s ProcStatus) TotalCtxtSwitches() uint64 {
+	return s.VoluntaryCtxtSwitches + s.NonVoluntaryCtxtSwitches
+}
diff --git a/vendor/github.com/prometheus/procfs/schedstat.go b/vendor/github.com/prometheus/procfs/schedstat.go
new file mode 100644
index 0000000000000..a4c4089ac529e
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/schedstat.go
@@ -0,0 +1,118 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"errors"
+	"os"
+	"regexp"
+	"strconv"
+)
+
+var (
+	cpuLineRE  = regexp.MustCompile(`cpu(\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+)`)
+	procLineRE = regexp.MustCompile(`(\d+) (\d+) (\d+)`)
+)
+
+// Schedstat contains scheduler statistics from /proc/schedstat
+//
+// See
+// https://www.kernel.org/doc/Documentation/scheduler/sched-stats.txt
+// for a detailed description of what these numbers mean.
+//
+// Note the current kernel documentation claims some of the time units are in
+// jiffies when they are actually in nanoseconds since 2.6.23 with the
+// introduction of CFS. A fix to the documentation is pending. See
+// https://lore.kernel.org/patchwork/project/lkml/list/?series=403473
+type Schedstat struct {
+	CPUs []*SchedstatCPU
+}
+
+// SchedstatCPU contains the values from one "cpu<N>" line
+type SchedstatCPU struct {
+	CPUNum string
+
+	RunningNanoseconds uint64
+	WaitingNanoseconds uint64
+	RunTimeslices      uint64
+}
+
+// ProcSchedstat contains the values from /proc/<pid>/schedstat
+type ProcSchedstat struct {
+	RunningNanoseconds uint64
+	WaitingNanoseconds uint64
+	RunTimeslices      uint64
+}
+
+// Schedstat reads data from /proc/schedstat
+func (fs FS) Schedstat() (*Schedstat, error) {
+	file, err := os.Open(fs.proc.Path("schedstat"))
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	stats := &Schedstat{}
+	scanner := bufio.NewScanner(file)
+
+	for scanner.Scan() {
+		match := cpuLineRE.FindStringSubmatch(scanner.Text())
+		if match != nil {
+			cpu := &SchedstatCPU{}
+			cpu.CPUNum = match[1]
+
+			cpu.RunningNanoseconds, err = strconv.ParseUint(match[8], 10, 64)
+			if err != nil {
+				continue
+			}
+
+			cpu.WaitingNanoseconds, err = strconv.ParseUint(match[9], 10, 64)
+			if err != nil {
+				continue
+			}
+
+			cpu.RunTimeslices, err = strconv.ParseUint(match[10], 10, 64)
+			if err != nil {
+				continue
+			}
+
+			stats.CPUs = append(stats.CPUs, cpu)
+		}
+	}
+
+	return stats, nil
+}
+
+func parseProcSchedstat(contents string) (stats ProcSchedstat, err error) {
+	match := procLineRE.FindStringSubmatch(contents)
+
+	if match != nil {
+		stats.RunningNanoseconds, err = strconv.ParseUint(match[1], 10, 64)
+		if err != nil {
+			return
+		}
+
+		stats.WaitingNanoseconds, err = strconv.ParseUint(match[2], 10, 64)
+		if err != nil {
+			return
+		}
+
+		stats.RunTimeslices, err = strconv.ParseUint(match[3], 10, 64)
+		return
+	}
+
+	err = errors.New("could not parse schedstat")
+	return
+}
diff --git a/vendor/github.com/prometheus/procfs/stat.go b/vendor/github.com/prometheus/procfs/stat.go
index 61eb6b0e3ceaa..b2a6fc994c11c 100644
--- a/vendor/github.com/prometheus/procfs/stat.go
+++ b/vendor/github.com/prometheus/procfs/stat.go
@@ -15,11 +15,14 @@ package procfs
 
 import (
 	"bufio"
+	"bytes"
 	"fmt"
 	"io"
-	"os"
 	"strconv"
 	"strings"
+
+	"github.com/prometheus/procfs/internal/fs"
+	"github.com/prometheus/procfs/internal/util"
 )
 
 // CPUStat shows how much time the cpu spend in various stages.
@@ -78,16 +81,6 @@ type Stat struct {
 	SoftIRQ SoftIRQStat
 }
 
-// NewStat returns kernel/system statistics read from /proc/stat.
-func NewStat() (Stat, error) {
-	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
-		return Stat{}, err
-	}
-
-	return fs.NewStat()
-}
-
 // Parse a cpu statistics line and returns the CPUStat struct plus the cpu id (or -1 for the overall sum).
 func parseCPUStat(line string) (CPUStat, int64, error) {
 	cpuStat := CPUStat{}
@@ -149,19 +142,38 @@ func parseSoftIRQStat(line string) (SoftIRQStat, uint64, error) {
 	return softIRQStat, total, nil
 }
 
-// NewStat returns an information about current kernel/system statistics.
+// NewStat returns information about current cpu/process statistics.
+// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
+//
+// Deprecated: use fs.Stat() instead
+func NewStat() (Stat, error) {
+	fs, err := NewFS(fs.DefaultProcMountPoint)
+	if err != nil {
+		return Stat{}, err
+	}
+	return fs.Stat()
+}
+
+// NewStat returns information about current cpu/process statistics.
+// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
+//
+// Deprecated: use fs.Stat() instead
 func (fs FS) NewStat() (Stat, error) {
-	// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
+	return fs.Stat()
+}
 
-	f, err := os.Open(fs.Path("stat"))
+// Stat returns information about current cpu/process statistics.
+// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
+func (fs FS) Stat() (Stat, error) {
+	fileName := fs.proc.Path("stat")
+	data, err := util.ReadFileNoStat(fileName)
 	if err != nil {
 		return Stat{}, err
 	}
-	defer f.Close()
 
 	stat := Stat{}
 
-	scanner := bufio.NewScanner(f)
+	scanner := bufio.NewScanner(bytes.NewReader(data))
 	for scanner.Scan() {
 		line := scanner.Text()
 		parts := strings.Fields(scanner.Text())
@@ -225,7 +237,7 @@ func (fs FS) NewStat() (Stat, error) {
 	}
 
 	if err := scanner.Err(); err != nil {
-		return Stat{}, fmt.Errorf("couldn't parse %s: %s", f.Name(), err)
+		return Stat{}, fmt.Errorf("couldn't parse %s: %s", fileName, err)
 	}
 
 	return stat, nil
diff --git a/vendor/github.com/prometheus/procfs/swaps.go b/vendor/github.com/prometheus/procfs/swaps.go
new file mode 100644
index 0000000000000..15edc2212b672
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/swaps.go
@@ -0,0 +1,89 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// Swap represents an entry in /proc/swaps.
+type Swap struct {
+	Filename string
+	Type     string
+	Size     int
+	Used     int
+	Priority int
+}
+
+// Swaps returns a slice of all configured swap devices on the system.
+func (fs FS) Swaps() ([]*Swap, error) {
+	data, err := util.ReadFileNoStat(fs.proc.Path("swaps"))
+	if err != nil {
+		return nil, err
+	}
+	return parseSwaps(data)
+}
+
+func parseSwaps(info []byte) ([]*Swap, error) {
+	swaps := []*Swap{}
+	scanner := bufio.NewScanner(bytes.NewReader(info))
+	scanner.Scan() // ignore header line
+	for scanner.Scan() {
+		swapString := scanner.Text()
+		parsedSwap, err := parseSwapString(swapString)
+		if err != nil {
+			return nil, err
+		}
+		swaps = append(swaps, parsedSwap)
+	}
+
+	err := scanner.Err()
+	return swaps, err
+}
+
+func parseSwapString(swapString string) (*Swap, error) {
+	var err error
+
+	swapFields := strings.Fields(swapString)
+	swapLength := len(swapFields)
+	if swapLength < 5 {
+		return nil, fmt.Errorf("too few fields in swap string: %s", swapString)
+	}
+
+	swap := &Swap{
+		Filename: swapFields[0],
+		Type:     swapFields[1],
+	}
+
+	swap.Size, err = strconv.Atoi(swapFields[2])
+	if err != nil {
+		return nil, fmt.Errorf("invalid swap size: %s", swapFields[2])
+	}
+	swap.Used, err = strconv.Atoi(swapFields[3])
+	if err != nil {
+		return nil, fmt.Errorf("invalid swap used: %s", swapFields[3])
+	}
+	swap.Priority, err = strconv.Atoi(swapFields[4])
+	if err != nil {
+		return nil, fmt.Errorf("invalid swap priority: %s", swapFields[4])
+	}
+
+	return swap, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/vm.go b/vendor/github.com/prometheus/procfs/vm.go
new file mode 100644
index 0000000000000..cb13891414b16
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/vm.go
@@ -0,0 +1,210 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !windows
+
+package procfs
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// The VM interface is described at
+//   https://www.kernel.org/doc/Documentation/sysctl/vm.txt
+// Each setting is exposed as a single file.
+// Each file contains one line with a single numerical value, except lowmem_reserve_ratio which holds an array
+// and numa_zonelist_order (deprecated) which is a string
+type VM struct {
+	AdminReserveKbytes        *int64   // /proc/sys/vm/admin_reserve_kbytes
+	BlockDump                 *int64   // /proc/sys/vm/block_dump
+	CompactUnevictableAllowed *int64   // /proc/sys/vm/compact_unevictable_allowed
+	DirtyBackgroundBytes      *int64   // /proc/sys/vm/dirty_background_bytes
+	DirtyBackgroundRatio      *int64   // /proc/sys/vm/dirty_background_ratio
+	DirtyBytes                *int64   // /proc/sys/vm/dirty_bytes
+	DirtyExpireCentisecs      *int64   // /proc/sys/vm/dirty_expire_centisecs
+	DirtyRatio                *int64   // /proc/sys/vm/dirty_ratio
+	DirtytimeExpireSeconds    *int64   // /proc/sys/vm/dirtytime_expire_seconds
+	DirtyWritebackCentisecs   *int64   // /proc/sys/vm/dirty_writeback_centisecs
+	DropCaches                *int64   // /proc/sys/vm/drop_caches
+	ExtfragThreshold          *int64   // /proc/sys/vm/extfrag_threshold
+	HugetlbShmGroup           *int64   // /proc/sys/vm/hugetlb_shm_group
+	LaptopMode                *int64   // /proc/sys/vm/laptop_mode
+	LegacyVaLayout            *int64   // /proc/sys/vm/legacy_va_layout
+	LowmemReserveRatio        []*int64 // /proc/sys/vm/lowmem_reserve_ratio
+	MaxMapCount               *int64   // /proc/sys/vm/max_map_count
+	MemoryFailureEarlyKill    *int64   // /proc/sys/vm/memory_failure_early_kill
+	MemoryFailureRecovery     *int64   // /proc/sys/vm/memory_failure_recovery
+	MinFreeKbytes             *int64   // /proc/sys/vm/min_free_kbytes
+	MinSlabRatio              *int64   // /proc/sys/vm/min_slab_ratio
+	MinUnmappedRatio          *int64   // /proc/sys/vm/min_unmapped_ratio
+	MmapMinAddr               *int64   // /proc/sys/vm/mmap_min_addr
+	NrHugepages               *int64   // /proc/sys/vm/nr_hugepages
+	NrHugepagesMempolicy      *int64   // /proc/sys/vm/nr_hugepages_mempolicy
+	NrOvercommitHugepages     *int64   // /proc/sys/vm/nr_overcommit_hugepages
+	NumaStat                  *int64   // /proc/sys/vm/numa_stat
+	NumaZonelistOrder         string   // /proc/sys/vm/numa_zonelist_order
+	OomDumpTasks              *int64   // /proc/sys/vm/oom_dump_tasks
+	OomKillAllocatingTask     *int64   // /proc/sys/vm/oom_kill_allocating_task
+	OvercommitKbytes          *int64   // /proc/sys/vm/overcommit_kbytes
+	OvercommitMemory          *int64   // /proc/sys/vm/overcommit_memory
+	OvercommitRatio           *int64   // /proc/sys/vm/overcommit_ratio
+	PageCluster               *int64   // /proc/sys/vm/page-cluster
+	PanicOnOom                *int64   // /proc/sys/vm/panic_on_oom
+	PercpuPagelistFraction    *int64   // /proc/sys/vm/percpu_pagelist_fraction
+	StatInterval              *int64   // /proc/sys/vm/stat_interval
+	Swappiness                *int64   // /proc/sys/vm/swappiness
+	UserReserveKbytes         *int64   // /proc/sys/vm/user_reserve_kbytes
+	VfsCachePressure          *int64   // /proc/sys/vm/vfs_cache_pressure
+	WatermarkBoostFactor      *int64   // /proc/sys/vm/watermark_boost_factor
+	WatermarkScaleFactor      *int64   // /proc/sys/vm/watermark_scale_factor
+	ZoneReclaimMode           *int64   // /proc/sys/vm/zone_reclaim_mode
+}
+
+// VM reads the VM statistics from the specified `proc` filesystem.
+func (fs FS) VM() (*VM, error) {
+	path := fs.proc.Path("sys/vm")
+	file, err := os.Stat(path)
+	if err != nil {
+		return nil, err
+	}
+	if !file.Mode().IsDir() {
+		return nil, fmt.Errorf("%s is not a directory", path)
+	}
+
+	files, err := ioutil.ReadDir(path)
+	if err != nil {
+		return nil, err
+	}
+
+	var vm VM
+	for _, f := range files {
+		if f.IsDir() {
+			continue
+		}
+
+		name := filepath.Join(path, f.Name())
+		// ignore errors on read, as there are some write only
+		// in /proc/sys/vm
+		value, err := util.SysReadFile(name)
+		if err != nil {
+			continue
+		}
+		vp := util.NewValueParser(value)
+
+		switch f.Name() {
+		case "admin_reserve_kbytes":
+			vm.AdminReserveKbytes = vp.PInt64()
+		case "block_dump":
+			vm.BlockDump = vp.PInt64()
+		case "compact_unevictable_allowed":
+			vm.CompactUnevictableAllowed = vp.PInt64()
+		case "dirty_background_bytes":
+			vm.DirtyBackgroundBytes = vp.PInt64()
+		case "dirty_background_ratio":
+			vm.DirtyBackgroundRatio = vp.PInt64()
+		case "dirty_bytes":
+			vm.DirtyBytes = vp.PInt64()
+		case "dirty_expire_centisecs":
+			vm.DirtyExpireCentisecs = vp.PInt64()
+		case "dirty_ratio":
+			vm.DirtyRatio = vp.PInt64()
+		case "dirtytime_expire_seconds":
+			vm.DirtytimeExpireSeconds = vp.PInt64()
+		case "dirty_writeback_centisecs":
+			vm.DirtyWritebackCentisecs = vp.PInt64()
+		case "drop_caches":
+			vm.DropCaches = vp.PInt64()
+		case "extfrag_threshold":
+			vm.ExtfragThreshold = vp.PInt64()
+		case "hugetlb_shm_group":
+			vm.HugetlbShmGroup = vp.PInt64()
+		case "laptop_mode":
+			vm.LaptopMode = vp.PInt64()
+		case "legacy_va_layout":
+			vm.LegacyVaLayout = vp.PInt64()
+		case "lowmem_reserve_ratio":
+			stringSlice := strings.Fields(value)
+			pint64Slice := make([]*int64, 0, len(stringSlice))
+			for _, value := range stringSlice {
+				vp := util.NewValueParser(value)
+				pint64Slice = append(pint64Slice, vp.PInt64())
+			}
+			vm.LowmemReserveRatio = pint64Slice
+		case "max_map_count":
+			vm.MaxMapCount = vp.PInt64()
+		case "memory_failure_early_kill":
+			vm.MemoryFailureEarlyKill = vp.PInt64()
+		case "memory_failure_recovery":
+			vm.MemoryFailureRecovery = vp.PInt64()
+		case "min_free_kbytes":
+			vm.MinFreeKbytes = vp.PInt64()
+		case "min_slab_ratio":
+			vm.MinSlabRatio = vp.PInt64()
+		case "min_unmapped_ratio":
+			vm.MinUnmappedRatio = vp.PInt64()
+		case "mmap_min_addr":
+			vm.MmapMinAddr = vp.PInt64()
+		case "nr_hugepages":
+			vm.NrHugepages = vp.PInt64()
+		case "nr_hugepages_mempolicy":
+			vm.NrHugepagesMempolicy = vp.PInt64()
+		case "nr_overcommit_hugepages":
+			vm.NrOvercommitHugepages = vp.PInt64()
+		case "numa_stat":
+			vm.NumaStat = vp.PInt64()
+		case "numa_zonelist_order":
+			vm.NumaZonelistOrder = value
+		case "oom_dump_tasks":
+			vm.OomDumpTasks = vp.PInt64()
+		case "oom_kill_allocating_task":
+			vm.OomKillAllocatingTask = vp.PInt64()
+		case "overcommit_kbytes":
+			vm.OvercommitKbytes = vp.PInt64()
+		case "overcommit_memory":
+			vm.OvercommitMemory = vp.PInt64()
+		case "overcommit_ratio":
+			vm.OvercommitRatio = vp.PInt64()
+		case "page-cluster":
+			vm.PageCluster = vp.PInt64()
+		case "panic_on_oom":
+			vm.PanicOnOom = vp.PInt64()
+		case "percpu_pagelist_fraction":
+			vm.PercpuPagelistFraction = vp.PInt64()
+		case "stat_interval":
+			vm.StatInterval = vp.PInt64()
+		case "swappiness":
+			vm.Swappiness = vp.PInt64()
+		case "user_reserve_kbytes":
+			vm.UserReserveKbytes = vp.PInt64()
+		case "vfs_cache_pressure":
+			vm.VfsCachePressure = vp.PInt64()
+		case "watermark_boost_factor":
+			vm.WatermarkBoostFactor = vp.PInt64()
+		case "watermark_scale_factor":
+			vm.WatermarkScaleFactor = vp.PInt64()
+		case "zone_reclaim_mode":
+			vm.ZoneReclaimMode = vp.PInt64()
+		}
+		if err := vp.Err(); err != nil {
+			return nil, err
+		}
+	}
+
+	return &vm, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/xfrm.go b/vendor/github.com/prometheus/procfs/xfrm.go
index ffe9df50d6c6f..30aa417d530f8 100644
--- a/vendor/github.com/prometheus/procfs/xfrm.go
+++ b/vendor/github.com/prometheus/procfs/xfrm.go
@@ -97,7 +97,7 @@ func NewXfrmStat() (XfrmStat, error) {
 
 // NewXfrmStat reads the xfrm_stat statistics from the 'proc' filesystem.
 func (fs FS) NewXfrmStat() (XfrmStat, error) {
-	file, err := os.Open(fs.Path("net/xfrm_stat"))
+	file, err := os.Open(fs.proc.Path("net/xfrm_stat"))
 	if err != nil {
 		return XfrmStat{}, err
 	}
@@ -113,7 +113,7 @@ func (fs FS) NewXfrmStat() (XfrmStat, error) {
 
 		if len(fields) != 2 {
 			return XfrmStat{}, fmt.Errorf(
-				"couldnt parse %s line %s", file.Name(), s.Text())
+				"couldn't parse %s line %s", file.Name(), s.Text())
 		}
 
 		name := fields[0]
diff --git a/vendor/github.com/prometheus/procfs/xfs/parse.go b/vendor/github.com/prometheus/procfs/xfs/parse.go
deleted file mode 100644
index 2bc0ef3427d2c..0000000000000
--- a/vendor/github.com/prometheus/procfs/xfs/parse.go
+++ /dev/null
@@ -1,330 +0,0 @@
-// Copyright 2017 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package xfs
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// ParseStats parses a Stats from an input io.Reader, using the format
-// found in /proc/fs/xfs/stat.
-func ParseStats(r io.Reader) (*Stats, error) {
-	const (
-		// Fields parsed into stats structures.
-		fieldExtentAlloc = "extent_alloc"
-		fieldAbt         = "abt"
-		fieldBlkMap      = "blk_map"
-		fieldBmbt        = "bmbt"
-		fieldDir         = "dir"
-		fieldTrans       = "trans"
-		fieldIg          = "ig"
-		fieldLog         = "log"
-		fieldRw          = "rw"
-		fieldAttr        = "attr"
-		fieldIcluster    = "icluster"
-		fieldVnodes      = "vnodes"
-		fieldBuf         = "buf"
-		fieldXpc         = "xpc"
-
-		// Unimplemented at this time due to lack of documentation.
-		fieldPushAil = "push_ail"
-		fieldXstrat  = "xstrat"
-		fieldAbtb2   = "abtb2"
-		fieldAbtc2   = "abtc2"
-		fieldBmbt2   = "bmbt2"
-		fieldIbt2    = "ibt2"
-		fieldFibt2   = "fibt2"
-		fieldQm      = "qm"
-		fieldDebug   = "debug"
-	)
-
-	var xfss Stats
-
-	s := bufio.NewScanner(r)
-	for s.Scan() {
-		// Expect at least a string label and a single integer value, ex:
-		//   - abt 0
-		//   - rw 1 2
-		ss := strings.Fields(string(s.Bytes()))
-		if len(ss) < 2 {
-			continue
-		}
-		label := ss[0]
-
-		// Extended precision counters are uint64 values.
-		if label == fieldXpc {
-			us, err := util.ParseUint64s(ss[1:])
-			if err != nil {
-				return nil, err
-			}
-
-			xfss.ExtendedPrecision, err = extendedPrecisionStats(us)
-			if err != nil {
-				return nil, err
-			}
-
-			continue
-		}
-
-		// All other counters are uint32 values.
-		us, err := util.ParseUint32s(ss[1:])
-		if err != nil {
-			return nil, err
-		}
-
-		switch label {
-		case fieldExtentAlloc:
-			xfss.ExtentAllocation, err = extentAllocationStats(us)
-		case fieldAbt:
-			xfss.AllocationBTree, err = btreeStats(us)
-		case fieldBlkMap:
-			xfss.BlockMapping, err = blockMappingStats(us)
-		case fieldBmbt:
-			xfss.BlockMapBTree, err = btreeStats(us)
-		case fieldDir:
-			xfss.DirectoryOperation, err = directoryOperationStats(us)
-		case fieldTrans:
-			xfss.Transaction, err = transactionStats(us)
-		case fieldIg:
-			xfss.InodeOperation, err = inodeOperationStats(us)
-		case fieldLog:
-			xfss.LogOperation, err = logOperationStats(us)
-		case fieldRw:
-			xfss.ReadWrite, err = readWriteStats(us)
-		case fieldAttr:
-			xfss.AttributeOperation, err = attributeOperationStats(us)
-		case fieldIcluster:
-			xfss.InodeClustering, err = inodeClusteringStats(us)
-		case fieldVnodes:
-			xfss.Vnode, err = vnodeStats(us)
-		case fieldBuf:
-			xfss.Buffer, err = bufferStats(us)
-		}
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return &xfss, s.Err()
-}
-
-// extentAllocationStats builds an ExtentAllocationStats from a slice of uint32s.
-func extentAllocationStats(us []uint32) (ExtentAllocationStats, error) {
-	if l := len(us); l != 4 {
-		return ExtentAllocationStats{}, fmt.Errorf("incorrect number of values for XFS extent allocation stats: %d", l)
-	}
-
-	return ExtentAllocationStats{
-		ExtentsAllocated: us[0],
-		BlocksAllocated:  us[1],
-		ExtentsFreed:     us[2],
-		BlocksFreed:      us[3],
-	}, nil
-}
-
-// btreeStats builds a BTreeStats from a slice of uint32s.
-func btreeStats(us []uint32) (BTreeStats, error) {
-	if l := len(us); l != 4 {
-		return BTreeStats{}, fmt.Errorf("incorrect number of values for XFS btree stats: %d", l)
-	}
-
-	return BTreeStats{
-		Lookups:         us[0],
-		Compares:        us[1],
-		RecordsInserted: us[2],
-		RecordsDeleted:  us[3],
-	}, nil
-}
-
-// BlockMappingStat builds a BlockMappingStats from a slice of uint32s.
-func blockMappingStats(us []uint32) (BlockMappingStats, error) {
-	if l := len(us); l != 7 {
-		return BlockMappingStats{}, fmt.Errorf("incorrect number of values for XFS block mapping stats: %d", l)
-	}
-
-	return BlockMappingStats{
-		Reads:                us[0],
-		Writes:               us[1],
-		Unmaps:               us[2],
-		ExtentListInsertions: us[3],
-		ExtentListDeletions:  us[4],
-		ExtentListLookups:    us[5],
-		ExtentListCompares:   us[6],
-	}, nil
-}
-
-// DirectoryOperationStats builds a DirectoryOperationStats from a slice of uint32s.
-func directoryOperationStats(us []uint32) (DirectoryOperationStats, error) {
-	if l := len(us); l != 4 {
-		return DirectoryOperationStats{}, fmt.Errorf("incorrect number of values for XFS directory operation stats: %d", l)
-	}
-
-	return DirectoryOperationStats{
-		Lookups:  us[0],
-		Creates:  us[1],
-		Removes:  us[2],
-		Getdents: us[3],
-	}, nil
-}
-
-// TransactionStats builds a TransactionStats from a slice of uint32s.
-func transactionStats(us []uint32) (TransactionStats, error) {
-	if l := len(us); l != 3 {
-		return TransactionStats{}, fmt.Errorf("incorrect number of values for XFS transaction stats: %d", l)
-	}
-
-	return TransactionStats{
-		Sync:  us[0],
-		Async: us[1],
-		Empty: us[2],
-	}, nil
-}
-
-// InodeOperationStats builds an InodeOperationStats from a slice of uint32s.
-func inodeOperationStats(us []uint32) (InodeOperationStats, error) {
-	if l := len(us); l != 7 {
-		return InodeOperationStats{}, fmt.Errorf("incorrect number of values for XFS inode operation stats: %d", l)
-	}
-
-	return InodeOperationStats{
-		Attempts:        us[0],
-		Found:           us[1],
-		Recycle:         us[2],
-		Missed:          us[3],
-		Duplicate:       us[4],
-		Reclaims:        us[5],
-		AttributeChange: us[6],
-	}, nil
-}
-
-// LogOperationStats builds a LogOperationStats from a slice of uint32s.
-func logOperationStats(us []uint32) (LogOperationStats, error) {
-	if l := len(us); l != 5 {
-		return LogOperationStats{}, fmt.Errorf("incorrect number of values for XFS log operation stats: %d", l)
-	}
-
-	return LogOperationStats{
-		Writes:            us[0],
-		Blocks:            us[1],
-		NoInternalBuffers: us[2],
-		Force:             us[3],
-		ForceSleep:        us[4],
-	}, nil
-}
-
-// ReadWriteStats builds a ReadWriteStats from a slice of uint32s.
-func readWriteStats(us []uint32) (ReadWriteStats, error) {
-	if l := len(us); l != 2 {
-		return ReadWriteStats{}, fmt.Errorf("incorrect number of values for XFS read write stats: %d", l)
-	}
-
-	return ReadWriteStats{
-		Read:  us[0],
-		Write: us[1],
-	}, nil
-}
-
-// AttributeOperationStats builds an AttributeOperationStats from a slice of uint32s.
-func attributeOperationStats(us []uint32) (AttributeOperationStats, error) {
-	if l := len(us); l != 4 {
-		return AttributeOperationStats{}, fmt.Errorf("incorrect number of values for XFS attribute operation stats: %d", l)
-	}
-
-	return AttributeOperationStats{
-		Get:    us[0],
-		Set:    us[1],
-		Remove: us[2],
-		List:   us[3],
-	}, nil
-}
-
-// InodeClusteringStats builds an InodeClusteringStats from a slice of uint32s.
-func inodeClusteringStats(us []uint32) (InodeClusteringStats, error) {
-	if l := len(us); l != 3 {
-		return InodeClusteringStats{}, fmt.Errorf("incorrect number of values for XFS inode clustering stats: %d", l)
-	}
-
-	return InodeClusteringStats{
-		Iflush:     us[0],
-		Flush:      us[1],
-		FlushInode: us[2],
-	}, nil
-}
-
-// VnodeStats builds a VnodeStats from a slice of uint32s.
-func vnodeStats(us []uint32) (VnodeStats, error) {
-	// The attribute "Free" appears to not be available on older XFS
-	// stats versions.  Therefore, 7 or 8 elements may appear in
-	// this slice.
-	l := len(us)
-	if l != 7 && l != 8 {
-		return VnodeStats{}, fmt.Errorf("incorrect number of values for XFS vnode stats: %d", l)
-	}
-
-	s := VnodeStats{
-		Active:   us[0],
-		Allocate: us[1],
-		Get:      us[2],
-		Hold:     us[3],
-		Release:  us[4],
-		Reclaim:  us[5],
-		Remove:   us[6],
-	}
-
-	// Skip adding free, unless it is present. The zero value will
-	// be used in place of an actual count.
-	if l == 7 {
-		return s, nil
-	}
-
-	s.Free = us[7]
-	return s, nil
-}
-
-// BufferStats builds a BufferStats from a slice of uint32s.
-func bufferStats(us []uint32) (BufferStats, error) {
-	if l := len(us); l != 9 {
-		return BufferStats{}, fmt.Errorf("incorrect number of values for XFS buffer stats: %d", l)
-	}
-
-	return BufferStats{
-		Get:             us[0],
-		Create:          us[1],
-		GetLocked:       us[2],
-		GetLockedWaited: us[3],
-		BusyLocked:      us[4],
-		MissLocked:      us[5],
-		PageRetries:     us[6],
-		PageFound:       us[7],
-		GetRead:         us[8],
-	}, nil
-}
-
-// ExtendedPrecisionStats builds an ExtendedPrecisionStats from a slice of uint32s.
-func extendedPrecisionStats(us []uint64) (ExtendedPrecisionStats, error) {
-	if l := len(us); l != 3 {
-		return ExtendedPrecisionStats{}, fmt.Errorf("incorrect number of values for XFS extended precision stats: %d", l)
-	}
-
-	return ExtendedPrecisionStats{
-		FlushBytes: us[0],
-		WriteBytes: us[1],
-		ReadBytes:  us[2],
-	}, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/xfs/xfs.go b/vendor/github.com/prometheus/procfs/xfs/xfs.go
deleted file mode 100644
index d86794b7ca998..0000000000000
--- a/vendor/github.com/prometheus/procfs/xfs/xfs.go
+++ /dev/null
@@ -1,163 +0,0 @@
-// Copyright 2017 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package xfs provides access to statistics exposed by the XFS filesystem.
-package xfs
-
-// Stats contains XFS filesystem runtime statistics, parsed from
-// /proc/fs/xfs/stat.
-//
-// The names and meanings of each statistic were taken from
-// http://xfs.org/index.php/Runtime_Stats and xfs_stats.h in the Linux
-// kernel source. Most counters are uint32s (same data types used in
-// xfs_stats.h), but some of the "extended precision stats" are uint64s.
-type Stats struct {
-	// The name of the filesystem used to source these statistics.
-	// If empty, this indicates aggregated statistics for all XFS
-	// filesystems on the host.
-	Name string
-
-	ExtentAllocation   ExtentAllocationStats
-	AllocationBTree    BTreeStats
-	BlockMapping       BlockMappingStats
-	BlockMapBTree      BTreeStats
-	DirectoryOperation DirectoryOperationStats
-	Transaction        TransactionStats
-	InodeOperation     InodeOperationStats
-	LogOperation       LogOperationStats
-	ReadWrite          ReadWriteStats
-	AttributeOperation AttributeOperationStats
-	InodeClustering    InodeClusteringStats
-	Vnode              VnodeStats
-	Buffer             BufferStats
-	ExtendedPrecision  ExtendedPrecisionStats
-}
-
-// ExtentAllocationStats contains statistics regarding XFS extent allocations.
-type ExtentAllocationStats struct {
-	ExtentsAllocated uint32
-	BlocksAllocated  uint32
-	ExtentsFreed     uint32
-	BlocksFreed      uint32
-}
-
-// BTreeStats contains statistics regarding an XFS internal B-tree.
-type BTreeStats struct {
-	Lookups         uint32
-	Compares        uint32
-	RecordsInserted uint32
-	RecordsDeleted  uint32
-}
-
-// BlockMappingStats contains statistics regarding XFS block maps.
-type BlockMappingStats struct {
-	Reads                uint32
-	Writes               uint32
-	Unmaps               uint32
-	ExtentListInsertions uint32
-	ExtentListDeletions  uint32
-	ExtentListLookups    uint32
-	ExtentListCompares   uint32
-}
-
-// DirectoryOperationStats contains statistics regarding XFS directory entries.
-type DirectoryOperationStats struct {
-	Lookups  uint32
-	Creates  uint32
-	Removes  uint32
-	Getdents uint32
-}
-
-// TransactionStats contains statistics regarding XFS metadata transactions.
-type TransactionStats struct {
-	Sync  uint32
-	Async uint32
-	Empty uint32
-}
-
-// InodeOperationStats contains statistics regarding XFS inode operations.
-type InodeOperationStats struct {
-	Attempts        uint32
-	Found           uint32
-	Recycle         uint32
-	Missed          uint32
-	Duplicate       uint32
-	Reclaims        uint32
-	AttributeChange uint32
-}
-
-// LogOperationStats contains statistics regarding the XFS log buffer.
-type LogOperationStats struct {
-	Writes            uint32
-	Blocks            uint32
-	NoInternalBuffers uint32
-	Force             uint32
-	ForceSleep        uint32
-}
-
-// ReadWriteStats contains statistics regarding the number of read and write
-// system calls for XFS filesystems.
-type ReadWriteStats struct {
-	Read  uint32
-	Write uint32
-}
-
-// AttributeOperationStats contains statistics regarding manipulation of
-// XFS extended file attributes.
-type AttributeOperationStats struct {
-	Get    uint32
-	Set    uint32
-	Remove uint32
-	List   uint32
-}
-
-// InodeClusteringStats contains statistics regarding XFS inode clustering
-// operations.
-type InodeClusteringStats struct {
-	Iflush     uint32
-	Flush      uint32
-	FlushInode uint32
-}
-
-// VnodeStats contains statistics regarding XFS vnode operations.
-type VnodeStats struct {
-	Active   uint32
-	Allocate uint32
-	Get      uint32
-	Hold     uint32
-	Release  uint32
-	Reclaim  uint32
-	Remove   uint32
-	Free     uint32
-}
-
-// BufferStats contains statistics regarding XFS read/write I/O buffers.
-type BufferStats struct {
-	Get             uint32
-	Create          uint32
-	GetLocked       uint32
-	GetLockedWaited uint32
-	BusyLocked      uint32
-	MissLocked      uint32
-	PageRetries     uint32
-	PageFound       uint32
-	GetRead         uint32
-}
-
-// ExtendedPrecisionStats contains high precision counters used to track the
-// total number of bytes read, written, or flushed, during XFS operations.
-type ExtendedPrecisionStats struct {
-	FlushBytes uint64
-	WriteBytes uint64
-	ReadBytes  uint64
-}
diff --git a/vendor/github.com/prometheus/procfs/zoneinfo.go b/vendor/github.com/prometheus/procfs/zoneinfo.go
new file mode 100644
index 0000000000000..e941503d5cdd0
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/zoneinfo.go
@@ -0,0 +1,196 @@
+// Copyright 2019 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !windows
+
+package procfs
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"regexp"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// Zoneinfo holds info parsed from /proc/zoneinfo.
+type Zoneinfo struct {
+	Node                       string
+	Zone                       string
+	NrFreePages                *int64
+	Min                        *int64
+	Low                        *int64
+	High                       *int64
+	Scanned                    *int64
+	Spanned                    *int64
+	Present                    *int64
+	Managed                    *int64
+	NrActiveAnon               *int64
+	NrInactiveAnon             *int64
+	NrIsolatedAnon             *int64
+	NrAnonPages                *int64
+	NrAnonTransparentHugepages *int64
+	NrActiveFile               *int64
+	NrInactiveFile             *int64
+	NrIsolatedFile             *int64
+	NrFilePages                *int64
+	NrSlabReclaimable          *int64
+	NrSlabUnreclaimable        *int64
+	NrMlockStack               *int64
+	NrKernelStack              *int64
+	NrMapped                   *int64
+	NrDirty                    *int64
+	NrWriteback                *int64
+	NrUnevictable              *int64
+	NrShmem                    *int64
+	NrDirtied                  *int64
+	NrWritten                  *int64
+	NumaHit                    *int64
+	NumaMiss                   *int64
+	NumaForeign                *int64
+	NumaInterleave             *int64
+	NumaLocal                  *int64
+	NumaOther                  *int64
+	Protection                 []*int64
+}
+
+var nodeZoneRE = regexp.MustCompile(`(\d+), zone\s+(\w+)`)
+
+// Zoneinfo parses an zoneinfo-file (/proc/zoneinfo) and returns a slice of
+// structs containing the relevant info.  More information available here:
+// https://www.kernel.org/doc/Documentation/sysctl/vm.txt
+func (fs FS) Zoneinfo() ([]Zoneinfo, error) {
+	data, err := ioutil.ReadFile(fs.proc.Path("zoneinfo"))
+	if err != nil {
+		return nil, fmt.Errorf("error reading zoneinfo %s: %s", fs.proc.Path("zoneinfo"), err)
+	}
+	zoneinfo, err := parseZoneinfo(data)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing zoneinfo %s: %s", fs.proc.Path("zoneinfo"), err)
+	}
+	return zoneinfo, nil
+}
+
+func parseZoneinfo(zoneinfoData []byte) ([]Zoneinfo, error) {
+
+	zoneinfo := []Zoneinfo{}
+
+	zoneinfoBlocks := bytes.Split(zoneinfoData, []byte("\nNode"))
+	for _, block := range zoneinfoBlocks {
+		var zoneinfoElement Zoneinfo
+		lines := strings.Split(string(block), "\n")
+		for _, line := range lines {
+
+			if nodeZone := nodeZoneRE.FindStringSubmatch(line); nodeZone != nil {
+				zoneinfoElement.Node = nodeZone[1]
+				zoneinfoElement.Zone = nodeZone[2]
+				continue
+			}
+			if strings.HasPrefix(strings.TrimSpace(line), "per-node stats") {
+				zoneinfoElement.Zone = ""
+				continue
+			}
+			parts := strings.Fields(strings.TrimSpace(line))
+			if len(parts) < 2 {
+				continue
+			}
+			vp := util.NewValueParser(parts[1])
+			switch parts[0] {
+			case "nr_free_pages":
+				zoneinfoElement.NrFreePages = vp.PInt64()
+			case "min":
+				zoneinfoElement.Min = vp.PInt64()
+			case "low":
+				zoneinfoElement.Low = vp.PInt64()
+			case "high":
+				zoneinfoElement.High = vp.PInt64()
+			case "scanned":
+				zoneinfoElement.Scanned = vp.PInt64()
+			case "spanned":
+				zoneinfoElement.Spanned = vp.PInt64()
+			case "present":
+				zoneinfoElement.Present = vp.PInt64()
+			case "managed":
+				zoneinfoElement.Managed = vp.PInt64()
+			case "nr_active_anon":
+				zoneinfoElement.NrActiveAnon = vp.PInt64()
+			case "nr_inactive_anon":
+				zoneinfoElement.NrInactiveAnon = vp.PInt64()
+			case "nr_isolated_anon":
+				zoneinfoElement.NrIsolatedAnon = vp.PInt64()
+			case "nr_anon_pages":
+				zoneinfoElement.NrAnonPages = vp.PInt64()
+			case "nr_anon_transparent_hugepages":
+				zoneinfoElement.NrAnonTransparentHugepages = vp.PInt64()
+			case "nr_active_file":
+				zoneinfoElement.NrActiveFile = vp.PInt64()
+			case "nr_inactive_file":
+				zoneinfoElement.NrInactiveFile = vp.PInt64()
+			case "nr_isolated_file":
+				zoneinfoElement.NrIsolatedFile = vp.PInt64()
+			case "nr_file_pages":
+				zoneinfoElement.NrFilePages = vp.PInt64()
+			case "nr_slab_reclaimable":
+				zoneinfoElement.NrSlabReclaimable = vp.PInt64()
+			case "nr_slab_unreclaimable":
+				zoneinfoElement.NrSlabUnreclaimable = vp.PInt64()
+			case "nr_mlock_stack":
+				zoneinfoElement.NrMlockStack = vp.PInt64()
+			case "nr_kernel_stack":
+				zoneinfoElement.NrKernelStack = vp.PInt64()
+			case "nr_mapped":
+				zoneinfoElement.NrMapped = vp.PInt64()
+			case "nr_dirty":
+				zoneinfoElement.NrDirty = vp.PInt64()
+			case "nr_writeback":
+				zoneinfoElement.NrWriteback = vp.PInt64()
+			case "nr_unevictable":
+				zoneinfoElement.NrUnevictable = vp.PInt64()
+			case "nr_shmem":
+				zoneinfoElement.NrShmem = vp.PInt64()
+			case "nr_dirtied":
+				zoneinfoElement.NrDirtied = vp.PInt64()
+			case "nr_written":
+				zoneinfoElement.NrWritten = vp.PInt64()
+			case "numa_hit":
+				zoneinfoElement.NumaHit = vp.PInt64()
+			case "numa_miss":
+				zoneinfoElement.NumaMiss = vp.PInt64()
+			case "numa_foreign":
+				zoneinfoElement.NumaForeign = vp.PInt64()
+			case "numa_interleave":
+				zoneinfoElement.NumaInterleave = vp.PInt64()
+			case "numa_local":
+				zoneinfoElement.NumaLocal = vp.PInt64()
+			case "numa_other":
+				zoneinfoElement.NumaOther = vp.PInt64()
+			case "protection:":
+				protectionParts := strings.Split(line, ":")
+				protectionValues := strings.Replace(protectionParts[1], "(", "", 1)
+				protectionValues = strings.Replace(protectionValues, ")", "", 1)
+				protectionValues = strings.TrimSpace(protectionValues)
+				protectionStringMap := strings.Split(protectionValues, ", ")
+				val, err := util.ParsePInt64s(protectionStringMap)
+				if err == nil {
+					zoneinfoElement.Protection = val
+				}
+			}
+
+		}
+
+		zoneinfo = append(zoneinfo, zoneinfoElement)
+	}
+	return zoneinfo, nil
+}
diff --git a/vendor/github.com/seccomp/libseccomp-golang/LICENSE b/vendor/github.com/seccomp/libseccomp-golang/LICENSE
deleted file mode 100644
index 81cf60de29ef6..0000000000000
--- a/vendor/github.com/seccomp/libseccomp-golang/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-Copyright (c) 2015 Matthew Heon <mheon@redhat.com>
-Copyright (c) 2015 Paul Moore <pmoore@redhat.com>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-- Redistributions of source code must retain the above copyright notice,
-  this list of conditions and the following disclaimer.
-- Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/seccomp/libseccomp-golang/README b/vendor/github.com/seccomp/libseccomp-golang/README
deleted file mode 100644
index 64cab6911d5ad..0000000000000
--- a/vendor/github.com/seccomp/libseccomp-golang/README
+++ /dev/null
@@ -1,26 +0,0 @@
-libseccomp-golang: Go Language Bindings for the libseccomp Project
-===============================================================================
-https://github.com/seccomp/libseccomp-golang
-https://github.com/seccomp/libseccomp
-
-The libseccomp library provides an easy to use, platform independent, interface
-to the Linux Kernel's syscall filtering mechanism.  The libseccomp API is
-designed to abstract away the underlying BPF based syscall filter language and
-present a more conventional function-call based filtering interface that should
-be familiar to, and easily adopted by, application developers.
-
-The libseccomp-golang library provides a Go based interface to the libseccomp
-library.
-
-* Online Resources
-
-The library source repository currently lives on GitHub at the following URLs:
-
-	-> https://github.com/seccomp/libseccomp-golang
-	-> https://github.com/seccomp/libseccomp
-
-The project mailing list is currently hosted on Google Groups at the URL below,
-please note that a Google account is not required to subscribe to the mailing
-list.
-
-	-> https://groups.google.com/d/forum/libseccomp
diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go
deleted file mode 100644
index b2c010fc3873f..0000000000000
--- a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go
+++ /dev/null
@@ -1,857 +0,0 @@
-// +build linux
-
-// Public API specification for libseccomp Go bindings
-// Contains public API for the bindings
-
-// Package seccomp provides bindings for libseccomp, a library wrapping the Linux
-// seccomp syscall. Seccomp enables an application to restrict system call use
-// for itself and its children.
-package seccomp
-
-import (
-	"fmt"
-	"os"
-	"runtime"
-	"strings"
-	"sync"
-	"syscall"
-	"unsafe"
-)
-
-// C wrapping code
-
-// #cgo pkg-config: libseccomp
-// #include <stdlib.h>
-// #include <seccomp.h>
-import "C"
-
-// Exported types
-
-// ScmpArch represents a CPU architecture. Seccomp can restrict syscalls on a
-// per-architecture basis.
-type ScmpArch uint
-
-// ScmpAction represents an action to be taken on a filter rule match in
-// libseccomp
-type ScmpAction uint
-
-// ScmpCompareOp represents a comparison operator which can be used in a filter
-// rule
-type ScmpCompareOp uint
-
-// ScmpCondition represents a rule in a libseccomp filter context
-type ScmpCondition struct {
-	Argument uint          `json:"argument,omitempty"`
-	Op       ScmpCompareOp `json:"operator,omitempty"`
-	Operand1 uint64        `json:"operand_one,omitempty"`
-	Operand2 uint64        `json:"operand_two,omitempty"`
-}
-
-// ScmpSyscall represents a Linux System Call
-type ScmpSyscall int32
-
-// Exported Constants
-
-const (
-	// Valid architectures recognized by libseccomp
-	// ARM64 and all MIPS architectures are unsupported by versions of the
-	// library before v2.2 and will return errors if used
-
-	// ArchInvalid is a placeholder to ensure uninitialized ScmpArch
-	// variables are invalid
-	ArchInvalid ScmpArch = iota
-	// ArchNative is the native architecture of the kernel
-	ArchNative ScmpArch = iota
-	// ArchX86 represents 32-bit x86 syscalls
-	ArchX86 ScmpArch = iota
-	// ArchAMD64 represents 64-bit x86-64 syscalls
-	ArchAMD64 ScmpArch = iota
-	// ArchX32 represents 64-bit x86-64 syscalls (32-bit pointers)
-	ArchX32 ScmpArch = iota
-	// ArchARM represents 32-bit ARM syscalls
-	ArchARM ScmpArch = iota
-	// ArchARM64 represents 64-bit ARM syscalls
-	ArchARM64 ScmpArch = iota
-	// ArchMIPS represents 32-bit MIPS syscalls
-	ArchMIPS ScmpArch = iota
-	// ArchMIPS64 represents 64-bit MIPS syscalls
-	ArchMIPS64 ScmpArch = iota
-	// ArchMIPS64N32 represents 64-bit MIPS syscalls (32-bit pointers)
-	ArchMIPS64N32 ScmpArch = iota
-	// ArchMIPSEL represents 32-bit MIPS syscalls (little endian)
-	ArchMIPSEL ScmpArch = iota
-	// ArchMIPSEL64 represents 64-bit MIPS syscalls (little endian)
-	ArchMIPSEL64 ScmpArch = iota
-	// ArchMIPSEL64N32 represents 64-bit MIPS syscalls (little endian,
-	// 32-bit pointers)
-	ArchMIPSEL64N32 ScmpArch = iota
-	// ArchPPC represents 32-bit POWERPC syscalls
-	ArchPPC ScmpArch = iota
-	// ArchPPC64 represents 64-bit POWER syscalls (big endian)
-	ArchPPC64 ScmpArch = iota
-	// ArchPPC64LE represents 64-bit POWER syscalls (little endian)
-	ArchPPC64LE ScmpArch = iota
-	// ArchS390 represents 31-bit System z/390 syscalls
-	ArchS390 ScmpArch = iota
-	// ArchS390X represents 64-bit System z/390 syscalls
-	ArchS390X ScmpArch = iota
-)
-
-const (
-	// Supported actions on filter match
-
-	// ActInvalid is a placeholder to ensure uninitialized ScmpAction
-	// variables are invalid
-	ActInvalid ScmpAction = iota
-	// ActKill kills the process
-	ActKill ScmpAction = iota
-	// ActTrap throws SIGSYS
-	ActTrap ScmpAction = iota
-	// ActErrno causes the syscall to return a negative error code. This
-	// code can be set with the SetReturnCode method
-	ActErrno ScmpAction = iota
-	// ActTrace causes the syscall to notify tracing processes with the
-	// given error code. This code can be set with the SetReturnCode method
-	ActTrace ScmpAction = iota
-	// ActAllow permits the syscall to continue execution
-	ActAllow ScmpAction = iota
-)
-
-const (
-	// These are comparison operators used in conditional seccomp rules
-	// They are used to compare the value of a single argument of a syscall
-	// against a user-defined constant
-
-	// CompareInvalid is a placeholder to ensure uninitialized ScmpCompareOp
-	// variables are invalid
-	CompareInvalid ScmpCompareOp = iota
-	// CompareNotEqual returns true if the argument is not equal to the
-	// given value
-	CompareNotEqual ScmpCompareOp = iota
-	// CompareLess returns true if the argument is less than the given value
-	CompareLess ScmpCompareOp = iota
-	// CompareLessOrEqual returns true if the argument is less than or equal
-	// to the given value
-	CompareLessOrEqual ScmpCompareOp = iota
-	// CompareEqual returns true if the argument is equal to the given value
-	CompareEqual ScmpCompareOp = iota
-	// CompareGreaterEqual returns true if the argument is greater than or
-	// equal to the given value
-	CompareGreaterEqual ScmpCompareOp = iota
-	// CompareGreater returns true if the argument is greater than the given
-	// value
-	CompareGreater ScmpCompareOp = iota
-	// CompareMaskedEqual returns true if the argument is equal to the given
-	// value, when masked (bitwise &) against the second given value
-	CompareMaskedEqual ScmpCompareOp = iota
-)
-
-// Helpers for types
-
-// GetArchFromString returns an ScmpArch constant from a string representing an
-// architecture
-func GetArchFromString(arch string) (ScmpArch, error) {
-	switch strings.ToLower(arch) {
-	case "x86":
-		return ArchX86, nil
-	case "amd64", "x86-64", "x86_64", "x64":
-		return ArchAMD64, nil
-	case "x32":
-		return ArchX32, nil
-	case "arm":
-		return ArchARM, nil
-	case "arm64", "aarch64":
-		return ArchARM64, nil
-	case "mips":
-		return ArchMIPS, nil
-	case "mips64":
-		return ArchMIPS64, nil
-	case "mips64n32":
-		return ArchMIPS64N32, nil
-	case "mipsel":
-		return ArchMIPSEL, nil
-	case "mipsel64":
-		return ArchMIPSEL64, nil
-	case "mipsel64n32":
-		return ArchMIPSEL64N32, nil
-	case "ppc":
-		return ArchPPC, nil
-	case "ppc64":
-		return ArchPPC64, nil
-	case "ppc64le":
-		return ArchPPC64LE, nil
-	case "s390":
-		return ArchS390, nil
-	case "s390x":
-		return ArchS390X, nil
-	default:
-		return ArchInvalid, fmt.Errorf("cannot convert unrecognized string %s", arch)
-	}
-}
-
-// String returns a string representation of an architecture constant
-func (a ScmpArch) String() string {
-	switch a {
-	case ArchX86:
-		return "x86"
-	case ArchAMD64:
-		return "amd64"
-	case ArchX32:
-		return "x32"
-	case ArchARM:
-		return "arm"
-	case ArchARM64:
-		return "arm64"
-	case ArchMIPS:
-		return "mips"
-	case ArchMIPS64:
-		return "mips64"
-	case ArchMIPS64N32:
-		return "mips64n32"
-	case ArchMIPSEL:
-		return "mipsel"
-	case ArchMIPSEL64:
-		return "mipsel64"
-	case ArchMIPSEL64N32:
-		return "mipsel64n32"
-	case ArchPPC:
-		return "ppc"
-	case ArchPPC64:
-		return "ppc64"
-	case ArchPPC64LE:
-		return "ppc64le"
-	case ArchS390:
-		return "s390"
-	case ArchS390X:
-		return "s390x"
-	case ArchNative:
-		return "native"
-	case ArchInvalid:
-		return "Invalid architecture"
-	default:
-		return "Unknown architecture"
-	}
-}
-
-// String returns a string representation of a comparison operator constant
-func (a ScmpCompareOp) String() string {
-	switch a {
-	case CompareNotEqual:
-		return "Not equal"
-	case CompareLess:
-		return "Less than"
-	case CompareLessOrEqual:
-		return "Less than or equal to"
-	case CompareEqual:
-		return "Equal"
-	case CompareGreaterEqual:
-		return "Greater than or equal to"
-	case CompareGreater:
-		return "Greater than"
-	case CompareMaskedEqual:
-		return "Masked equality"
-	case CompareInvalid:
-		return "Invalid comparison operator"
-	default:
-		return "Unrecognized comparison operator"
-	}
-}
-
-// String returns a string representation of a seccomp match action
-func (a ScmpAction) String() string {
-	switch a & 0xFFFF {
-	case ActKill:
-		return "Action: Kill Process"
-	case ActTrap:
-		return "Action: Send SIGSYS"
-	case ActErrno:
-		return fmt.Sprintf("Action: Return error code %d", (a >> 16))
-	case ActTrace:
-		return fmt.Sprintf("Action: Notify tracing processes with code %d",
-			(a >> 16))
-	case ActAllow:
-		return "Action: Allow system call"
-	default:
-		return "Unrecognized Action"
-	}
-}
-
-// SetReturnCode adds a return code to a supporting ScmpAction, clearing any
-// existing code Only valid on ActErrno and ActTrace. Takes no action otherwise.
-// Accepts 16-bit return code as argument.
-// Returns a valid ScmpAction of the original type with the new error code set.
-func (a ScmpAction) SetReturnCode(code int16) ScmpAction {
-	aTmp := a & 0x0000FFFF
-	if aTmp == ActErrno || aTmp == ActTrace {
-		return (aTmp | (ScmpAction(code)&0xFFFF)<<16)
-	}
-	return a
-}
-
-// GetReturnCode returns the return code of an ScmpAction
-func (a ScmpAction) GetReturnCode() int16 {
-	return int16(a >> 16)
-}
-
-// General utility functions
-
-// GetLibraryVersion returns the version of the library the bindings are built
-// against.
-// The version is formatted as follows: Major.Minor.Micro
-func GetLibraryVersion() (major, minor, micro int) {
-	return verMajor, verMinor, verMicro
-}
-
-// Syscall functions
-
-// GetName retrieves the name of a syscall from its number.
-// Acts on any syscall number.
-// Returns either a string containing the name of the syscall, or an error.
-func (s ScmpSyscall) GetName() (string, error) {
-	return s.GetNameByArch(ArchNative)
-}
-
-// GetNameByArch retrieves the name of a syscall from its number for a given
-// architecture.
-// Acts on any syscall number.
-// Accepts a valid architecture constant.
-// Returns either a string containing the name of the syscall, or an error.
-// if the syscall is unrecognized or an issue occurred.
-func (s ScmpSyscall) GetNameByArch(arch ScmpArch) (string, error) {
-	if err := sanitizeArch(arch); err != nil {
-		return "", err
-	}
-
-	cString := C.seccomp_syscall_resolve_num_arch(arch.toNative(), C.int(s))
-	if cString == nil {
-		return "", fmt.Errorf("could not resolve syscall name")
-	}
-	defer C.free(unsafe.Pointer(cString))
-
-	finalStr := C.GoString(cString)
-	return finalStr, nil
-}
-
-// GetSyscallFromName returns the number of a syscall by name on the kernel's
-// native architecture.
-// Accepts a string containing the name of a syscall.
-// Returns the number of the syscall, or an error if no syscall with that name
-// was found.
-func GetSyscallFromName(name string) (ScmpSyscall, error) {
-	cString := C.CString(name)
-	defer C.free(unsafe.Pointer(cString))
-
-	result := C.seccomp_syscall_resolve_name(cString)
-	if result == scmpError {
-		return 0, fmt.Errorf("could not resolve name to syscall")
-	}
-
-	return ScmpSyscall(result), nil
-}
-
-// GetSyscallFromNameByArch returns the number of a syscall by name for a given
-// architecture's ABI.
-// Accepts the name of a syscall and an architecture constant.
-// Returns the number of the syscall, or an error if an invalid architecture is
-// passed or a syscall with that name was not found.
-func GetSyscallFromNameByArch(name string, arch ScmpArch) (ScmpSyscall, error) {
-	if err := sanitizeArch(arch); err != nil {
-		return 0, err
-	}
-
-	cString := C.CString(name)
-	defer C.free(unsafe.Pointer(cString))
-
-	result := C.seccomp_syscall_resolve_name_arch(arch.toNative(), cString)
-	if result == scmpError {
-		return 0, fmt.Errorf("could not resolve name to syscall")
-	}
-
-	return ScmpSyscall(result), nil
-}
-
-// MakeCondition creates and returns a new condition to attach to a filter rule.
-// Associated rules will only match if this condition is true.
-// Accepts the number the argument we are checking, and a comparison operator
-// and value to compare to.
-// The rule will match if argument $arg (zero-indexed) of the syscall is
-// $COMPARE_OP the provided comparison value.
-// Some comparison operators accept two values. Masked equals, for example,
-// will mask $arg of the syscall with the second value provided (via bitwise
-// AND) and then compare against the first value provided.
-// For example, in the less than or equal case, if the syscall argument was
-// 0 and the value provided was 1, the condition would match, as 0 is less
-// than or equal to 1.
-// Return either an error on bad argument or a valid ScmpCondition struct.
-func MakeCondition(arg uint, comparison ScmpCompareOp, values ...uint64) (ScmpCondition, error) {
-	var condStruct ScmpCondition
-
-	if comparison == CompareInvalid {
-		return condStruct, fmt.Errorf("invalid comparison operator")
-	} else if arg > 5 {
-		return condStruct, fmt.Errorf("syscalls only have up to 6 arguments")
-	} else if len(values) > 2 {
-		return condStruct, fmt.Errorf("conditions can have at most 2 arguments")
-	} else if len(values) == 0 {
-		return condStruct, fmt.Errorf("must provide at least one value to compare against")
-	}
-
-	condStruct.Argument = arg
-	condStruct.Op = comparison
-	condStruct.Operand1 = values[0]
-	if len(values) == 2 {
-		condStruct.Operand2 = values[1]
-	} else {
-		condStruct.Operand2 = 0 // Unused
-	}
-
-	return condStruct, nil
-}
-
-// Utility Functions
-
-// GetNativeArch returns architecture token representing the native kernel
-// architecture
-func GetNativeArch() (ScmpArch, error) {
-	arch := C.seccomp_arch_native()
-
-	return archFromNative(arch)
-}
-
-// Public Filter API
-
-// ScmpFilter represents a filter context in libseccomp.
-// A filter context is initially empty. Rules can be added to it, and it can
-// then be loaded into the kernel.
-type ScmpFilter struct {
-	filterCtx C.scmp_filter_ctx
-	valid     bool
-	lock      sync.Mutex
-}
-
-// NewFilter creates and returns a new filter context.
-// Accepts a default action to be taken for syscalls which match no rules in
-// the filter.
-// Returns a reference to a valid filter context, or nil and an error if the
-// filter context could not be created or an invalid default action was given.
-func NewFilter(defaultAction ScmpAction) (*ScmpFilter, error) {
-	if err := sanitizeAction(defaultAction); err != nil {
-		return nil, err
-	}
-
-	fPtr := C.seccomp_init(defaultAction.toNative())
-	if fPtr == nil {
-		return nil, fmt.Errorf("could not create filter")
-	}
-
-	filter := new(ScmpFilter)
-	filter.filterCtx = fPtr
-	filter.valid = true
-	runtime.SetFinalizer(filter, filterFinalizer)
-
-	return filter, nil
-}
-
-// IsValid determines whether a filter context is valid to use.
-// Some operations (Release and Merge) render filter contexts invalid and
-// consequently prevent further use.
-func (f *ScmpFilter) IsValid() bool {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	return f.valid
-}
-
-// Reset resets a filter context, removing all its existing state.
-// Accepts a new default action to be taken for syscalls which do not match.
-// Returns an error if the filter or action provided are invalid.
-func (f *ScmpFilter) Reset(defaultAction ScmpAction) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if err := sanitizeAction(defaultAction); err != nil {
-		return err
-	} else if !f.valid {
-		return errBadFilter
-	}
-
-	retCode := C.seccomp_reset(f.filterCtx, defaultAction.toNative())
-	if retCode != 0 {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
-
-// Release releases a filter context, freeing its memory. Should be called after
-// loading into the kernel, when the filter is no longer needed.
-// After calling this function, the given filter is no longer valid and cannot
-// be used.
-// Release() will be invoked automatically when a filter context is garbage
-// collected, but can also be called manually to free memory.
-func (f *ScmpFilter) Release() {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if !f.valid {
-		return
-	}
-
-	f.valid = false
-	C.seccomp_release(f.filterCtx)
-}
-
-// Merge merges two filter contexts.
-// The source filter src will be released as part of the process, and will no
-// longer be usable or valid after this call.
-// To be merged, filters must NOT share any architectures, and all their
-// attributes (Default Action, Bad Arch Action, No New Privs and TSync bools)
-// must match.
-// The filter src will be merged into the filter this is called on.
-// The architectures of the src filter not present in the destination, and all
-// associated rules, will be added to the destination.
-// Returns an error if merging the filters failed.
-func (f *ScmpFilter) Merge(src *ScmpFilter) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	src.lock.Lock()
-	defer src.lock.Unlock()
-
-	if !src.valid || !f.valid {
-		return fmt.Errorf("one or more of the filter contexts is invalid or uninitialized")
-	}
-
-	// Merge the filters
-	retCode := C.seccomp_merge(f.filterCtx, src.filterCtx)
-	if syscall.Errno(-1*retCode) == syscall.EINVAL {
-		return fmt.Errorf("filters could not be merged due to a mismatch in attributes or invalid filter")
-	} else if retCode != 0 {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	src.valid = false
-
-	return nil
-}
-
-// IsArchPresent checks if an architecture is present in a filter.
-// If a filter contains an architecture, it uses its default action for
-// syscalls which do not match rules in it, and its rules can match syscalls
-// for that ABI.
-// If a filter does not contain an architecture, all syscalls made to that
-// kernel ABI will fail with the filter's default Bad Architecture Action
-// (by default, killing the process).
-// Accepts an architecture constant.
-// Returns true if the architecture is present in the filter, false otherwise,
-// and an error on an invalid filter context, architecture constant, or an
-// issue with the call to libseccomp.
-func (f *ScmpFilter) IsArchPresent(arch ScmpArch) (bool, error) {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if err := sanitizeArch(arch); err != nil {
-		return false, err
-	} else if !f.valid {
-		return false, errBadFilter
-	}
-
-	retCode := C.seccomp_arch_exist(f.filterCtx, arch.toNative())
-	if syscall.Errno(-1*retCode) == syscall.EEXIST {
-		// -EEXIST is "arch not present"
-		return false, nil
-	} else if retCode != 0 {
-		return false, syscall.Errno(-1 * retCode)
-	}
-
-	return true, nil
-}
-
-// AddArch adds an architecture to the filter.
-// Accepts an architecture constant.
-// Returns an error on invalid filter context or architecture token, or an
-// issue with the call to libseccomp.
-func (f *ScmpFilter) AddArch(arch ScmpArch) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if err := sanitizeArch(arch); err != nil {
-		return err
-	} else if !f.valid {
-		return errBadFilter
-	}
-
-	// Libseccomp returns -EEXIST if the specified architecture is already
-	// present. Succeed silently in this case, as it's not fatal, and the
-	// architecture is present already.
-	retCode := C.seccomp_arch_add(f.filterCtx, arch.toNative())
-	if retCode != 0 && syscall.Errno(-1*retCode) != syscall.EEXIST {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
-
-// RemoveArch removes an architecture from the filter.
-// Accepts an architecture constant.
-// Returns an error on invalid filter context or architecture token, or an
-// issue with the call to libseccomp.
-func (f *ScmpFilter) RemoveArch(arch ScmpArch) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if err := sanitizeArch(arch); err != nil {
-		return err
-	} else if !f.valid {
-		return errBadFilter
-	}
-
-	// Similar to AddArch, -EEXIST is returned if the arch is not present
-	// Succeed silently in that case, this is not fatal and the architecture
-	// is not present in the filter after RemoveArch
-	retCode := C.seccomp_arch_remove(f.filterCtx, arch.toNative())
-	if retCode != 0 && syscall.Errno(-1*retCode) != syscall.EEXIST {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
-
-// Load loads a filter context into the kernel.
-// Returns an error if the filter context is invalid or the syscall failed.
-func (f *ScmpFilter) Load() error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if !f.valid {
-		return errBadFilter
-	}
-
-	if retCode := C.seccomp_load(f.filterCtx); retCode != 0 {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
-
-// GetDefaultAction returns the default action taken on a syscall which does not
-// match a rule in the filter, or an error if an issue was encountered
-// retrieving the value.
-func (f *ScmpFilter) GetDefaultAction() (ScmpAction, error) {
-	action, err := f.getFilterAttr(filterAttrActDefault)
-	if err != nil {
-		return 0x0, err
-	}
-
-	return actionFromNative(action)
-}
-
-// GetBadArchAction returns the default action taken on a syscall for an
-// architecture not in the filter, or an error if an issue was encountered
-// retrieving the value.
-func (f *ScmpFilter) GetBadArchAction() (ScmpAction, error) {
-	action, err := f.getFilterAttr(filterAttrActBadArch)
-	if err != nil {
-		return 0x0, err
-	}
-
-	return actionFromNative(action)
-}
-
-// GetNoNewPrivsBit returns the current state the No New Privileges bit will be set
-// to on the filter being loaded, or an error if an issue was encountered
-// retrieving the value.
-// The No New Privileges bit tells the kernel that new processes run with exec()
-// cannot gain more privileges than the process that ran exec().
-// For example, a process with No New Privileges set would be unable to exec
-// setuid/setgid executables.
-func (f *ScmpFilter) GetNoNewPrivsBit() (bool, error) {
-	noNewPrivs, err := f.getFilterAttr(filterAttrNNP)
-	if err != nil {
-		return false, err
-	}
-
-	if noNewPrivs == 0 {
-		return false, nil
-	}
-
-	return true, nil
-}
-
-// GetTsyncBit returns whether Thread Synchronization will be enabled on the
-// filter being loaded, or an error if an issue was encountered retrieving the
-// value.
-// Thread Sync ensures that all members of the thread group of the calling
-// process will share the same Seccomp filter set.
-// Tsync is a fairly recent addition to the Linux kernel and older kernels
-// lack support. If the running kernel does not support Tsync and it is
-// requested in a filter, Libseccomp will not enable TSync support and will
-// proceed as normal.
-// This function is unavailable before v2.2 of libseccomp and will return an
-// error.
-func (f *ScmpFilter) GetTsyncBit() (bool, error) {
-	tSync, err := f.getFilterAttr(filterAttrTsync)
-	if err != nil {
-		return false, err
-	}
-
-	if tSync == 0 {
-		return false, nil
-	}
-
-	return true, nil
-}
-
-// SetBadArchAction sets the default action taken on a syscall for an
-// architecture not in the filter, or an error if an issue was encountered
-// setting the value.
-func (f *ScmpFilter) SetBadArchAction(action ScmpAction) error {
-	if err := sanitizeAction(action); err != nil {
-		return err
-	}
-
-	return f.setFilterAttr(filterAttrActBadArch, action.toNative())
-}
-
-// SetNoNewPrivsBit sets the state of the No New Privileges bit, which will be
-// applied on filter load, or an error if an issue was encountered setting the
-// value.
-// Filters with No New Privileges set to 0 can only be loaded if the process
-// has the CAP_SYS_ADMIN capability.
-func (f *ScmpFilter) SetNoNewPrivsBit(state bool) error {
-	var toSet C.uint32_t = 0x0
-
-	if state {
-		toSet = 0x1
-	}
-
-	return f.setFilterAttr(filterAttrNNP, toSet)
-}
-
-// SetTsync sets whether Thread Synchronization will be enabled on the filter
-// being loaded. Returns an error if setting Tsync failed, or the filter is
-// invalid.
-// Thread Sync ensures that all members of the thread group of the calling
-// process will share the same Seccomp filter set.
-// Tsync is a fairly recent addition to the Linux kernel and older kernels
-// lack support. If the running kernel does not support Tsync and it is
-// requested in a filter, Libseccomp will not enable TSync support and will
-// proceed as normal.
-// This function is unavailable before v2.2 of libseccomp and will return an
-// error.
-func (f *ScmpFilter) SetTsync(enable bool) error {
-	var toSet C.uint32_t = 0x0
-
-	if enable {
-		toSet = 0x1
-	}
-
-	return f.setFilterAttr(filterAttrTsync, toSet)
-}
-
-// SetSyscallPriority sets a syscall's priority.
-// This provides a hint to the filter generator in libseccomp about the
-// importance of this syscall. High-priority syscalls are placed
-// first in the filter code, and incur less overhead (at the expense of
-// lower-priority syscalls).
-func (f *ScmpFilter) SetSyscallPriority(call ScmpSyscall, priority uint8) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if !f.valid {
-		return errBadFilter
-	}
-
-	if retCode := C.seccomp_syscall_priority(f.filterCtx, C.int(call),
-		C.uint8_t(priority)); retCode != 0 {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
-
-// AddRule adds a single rule for an unconditional action on a syscall.
-// Accepts the number of the syscall and the action to be taken on the call
-// being made.
-// Returns an error if an issue was encountered adding the rule.
-func (f *ScmpFilter) AddRule(call ScmpSyscall, action ScmpAction) error {
-	return f.addRuleGeneric(call, action, false, nil)
-}
-
-// AddRuleExact adds a single rule for an unconditional action on a syscall.
-// Accepts the number of the syscall and the action to be taken on the call
-// being made.
-// No modifications will be made to the rule, and it will fail to add if it
-// cannot be applied to the current architecture without modification.
-// The rule will function exactly as described, but it may not function identically
-// (or be able to be applied to) all architectures.
-// Returns an error if an issue was encountered adding the rule.
-func (f *ScmpFilter) AddRuleExact(call ScmpSyscall, action ScmpAction) error {
-	return f.addRuleGeneric(call, action, true, nil)
-}
-
-// AddRuleConditional adds a single rule for a conditional action on a syscall.
-// Returns an error if an issue was encountered adding the rule.
-// All conditions must match for the rule to match.
-// There is a bug in library versions below v2.2.1 which can, in some cases,
-// cause conditions to be lost when more than one are used. Consequently,
-// AddRuleConditional is disabled on library versions lower than v2.2.1
-func (f *ScmpFilter) AddRuleConditional(call ScmpSyscall, action ScmpAction, conds []ScmpCondition) error {
-	return f.addRuleGeneric(call, action, false, conds)
-}
-
-// AddRuleConditionalExact adds a single rule for a conditional action on a
-// syscall.
-// No modifications will be made to the rule, and it will fail to add if it
-// cannot be applied to the current architecture without modification.
-// The rule will function exactly as described, but it may not function identically
-// (or be able to be applied to) all architectures.
-// Returns an error if an issue was encountered adding the rule.
-// There is a bug in library versions below v2.2.1 which can, in some cases,
-// cause conditions to be lost when more than one are used. Consequently,
-// AddRuleConditionalExact is disabled on library versions lower than v2.2.1
-func (f *ScmpFilter) AddRuleConditionalExact(call ScmpSyscall, action ScmpAction, conds []ScmpCondition) error {
-	return f.addRuleGeneric(call, action, true, conds)
-}
-
-// ExportPFC output PFC-formatted, human-readable dump of a filter context's
-// rules to a file.
-// Accepts file to write to (must be open for writing).
-// Returns an error if writing to the file fails.
-func (f *ScmpFilter) ExportPFC(file *os.File) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	fd := file.Fd()
-
-	if !f.valid {
-		return errBadFilter
-	}
-
-	if retCode := C.seccomp_export_pfc(f.filterCtx, C.int(fd)); retCode != 0 {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
-
-// ExportBPF outputs Berkeley Packet Filter-formatted, kernel-readable dump of a
-// filter context's rules to a file.
-// Accepts file to write to (must be open for writing).
-// Returns an error if writing to the file fails.
-func (f *ScmpFilter) ExportBPF(file *os.File) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	fd := file.Fd()
-
-	if !f.valid {
-		return errBadFilter
-	}
-
-	if retCode := C.seccomp_export_bpf(f.filterCtx, C.int(fd)); retCode != 0 {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
deleted file mode 100644
index ab67a3dedc0cc..0000000000000
--- a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
+++ /dev/null
@@ -1,506 +0,0 @@
-// +build linux
-
-// Internal functions for libseccomp Go bindings
-// No exported functions
-
-package seccomp
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-)
-
-// Unexported C wrapping code - provides the C-Golang interface
-// Get the seccomp header in scope
-// Need stdlib.h for free() on cstrings
-
-// #cgo pkg-config: libseccomp
-/*
-#include <stdlib.h>
-#include <seccomp.h>
-
-#if SCMP_VER_MAJOR < 2
-#error Minimum supported version of Libseccomp is v2.1.0
-#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 1
-#error Minimum supported version of Libseccomp is v2.1.0
-#endif
-
-#define ARCH_BAD ~0
-
-const uint32_t C_ARCH_BAD = ARCH_BAD;
-
-#ifndef SCMP_ARCH_AARCH64
-#define SCMP_ARCH_AARCH64 ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_MIPS
-#define SCMP_ARCH_MIPS ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_MIPS64
-#define SCMP_ARCH_MIPS64 ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_MIPS64N32
-#define SCMP_ARCH_MIPS64N32 ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_MIPSEL
-#define SCMP_ARCH_MIPSEL ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_MIPSEL64
-#define SCMP_ARCH_MIPSEL64 ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_MIPSEL64N32
-#define SCMP_ARCH_MIPSEL64N32 ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_PPC
-#define SCMP_ARCH_PPC ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_PPC64
-#define SCMP_ARCH_PPC64 ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_PPC64LE
-#define SCMP_ARCH_PPC64LE ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_S390
-#define SCMP_ARCH_S390 ARCH_BAD
-#endif
-
-#ifndef SCMP_ARCH_S390X
-#define SCMP_ARCH_S390X ARCH_BAD
-#endif
-
-const uint32_t C_ARCH_NATIVE       = SCMP_ARCH_NATIVE;
-const uint32_t C_ARCH_X86          = SCMP_ARCH_X86;
-const uint32_t C_ARCH_X86_64       = SCMP_ARCH_X86_64;
-const uint32_t C_ARCH_X32          = SCMP_ARCH_X32;
-const uint32_t C_ARCH_ARM          = SCMP_ARCH_ARM;
-const uint32_t C_ARCH_AARCH64      = SCMP_ARCH_AARCH64;
-const uint32_t C_ARCH_MIPS         = SCMP_ARCH_MIPS;
-const uint32_t C_ARCH_MIPS64       = SCMP_ARCH_MIPS64;
-const uint32_t C_ARCH_MIPS64N32    = SCMP_ARCH_MIPS64N32;
-const uint32_t C_ARCH_MIPSEL       = SCMP_ARCH_MIPSEL;
-const uint32_t C_ARCH_MIPSEL64     = SCMP_ARCH_MIPSEL64;
-const uint32_t C_ARCH_MIPSEL64N32  = SCMP_ARCH_MIPSEL64N32;
-const uint32_t C_ARCH_PPC          = SCMP_ARCH_PPC;
-const uint32_t C_ARCH_PPC64        = SCMP_ARCH_PPC64;
-const uint32_t C_ARCH_PPC64LE      = SCMP_ARCH_PPC64LE;
-const uint32_t C_ARCH_S390         = SCMP_ARCH_S390;
-const uint32_t C_ARCH_S390X        = SCMP_ARCH_S390X;
-
-const uint32_t C_ACT_KILL          = SCMP_ACT_KILL;
-const uint32_t C_ACT_TRAP          = SCMP_ACT_TRAP;
-const uint32_t C_ACT_ERRNO         = SCMP_ACT_ERRNO(0);
-const uint32_t C_ACT_TRACE         = SCMP_ACT_TRACE(0);
-const uint32_t C_ACT_ALLOW         = SCMP_ACT_ALLOW;
-
-// If TSync is not supported, make sure it doesn't map to a supported filter attribute
-// Don't worry about major version < 2, the minimum version checks should catch that case
-#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 2
-#define SCMP_FLTATR_CTL_TSYNC _SCMP_CMP_MIN
-#endif
-
-const uint32_t C_ATTRIBUTE_DEFAULT = (uint32_t)SCMP_FLTATR_ACT_DEFAULT;
-const uint32_t C_ATTRIBUTE_BADARCH = (uint32_t)SCMP_FLTATR_ACT_BADARCH;
-const uint32_t C_ATTRIBUTE_NNP     = (uint32_t)SCMP_FLTATR_CTL_NNP;
-const uint32_t C_ATTRIBUTE_TSYNC   = (uint32_t)SCMP_FLTATR_CTL_TSYNC;
-
-const int      C_CMP_NE            = (int)SCMP_CMP_NE;
-const int      C_CMP_LT            = (int)SCMP_CMP_LT;
-const int      C_CMP_LE            = (int)SCMP_CMP_LE;
-const int      C_CMP_EQ            = (int)SCMP_CMP_EQ;
-const int      C_CMP_GE            = (int)SCMP_CMP_GE;
-const int      C_CMP_GT            = (int)SCMP_CMP_GT;
-const int      C_CMP_MASKED_EQ     = (int)SCMP_CMP_MASKED_EQ;
-
-const int      C_VERSION_MAJOR     = SCMP_VER_MAJOR;
-const int      C_VERSION_MINOR     = SCMP_VER_MINOR;
-const int      C_VERSION_MICRO     = SCMP_VER_MICRO;
-
-typedef struct scmp_arg_cmp* scmp_cast_t;
-
-// Wrapper to create an scmp_arg_cmp struct
-void*
-make_struct_arg_cmp(
-                    unsigned int arg,
-                    int compare,
-                    uint64_t a,
-                    uint64_t b
-                   )
-{
-	struct scmp_arg_cmp *s = malloc(sizeof(struct scmp_arg_cmp));
-
-	s->arg = arg;
-	s->op = compare;
-	s->datum_a = a;
-	s->datum_b = b;
-
-	return s;
-}
-*/
-import "C"
-
-// Nonexported types
-type scmpFilterAttr uint32
-
-// Nonexported constants
-
-const (
-	filterAttrActDefault scmpFilterAttr = iota
-	filterAttrActBadArch scmpFilterAttr = iota
-	filterAttrNNP        scmpFilterAttr = iota
-	filterAttrTsync      scmpFilterAttr = iota
-)
-
-const (
-	// An error return from certain libseccomp functions
-	scmpError C.int = -1
-	// Comparison boundaries to check for architecture validity
-	archStart ScmpArch = ArchNative
-	archEnd   ScmpArch = ArchS390X
-	// Comparison boundaries to check for action validity
-	actionStart ScmpAction = ActKill
-	actionEnd   ScmpAction = ActAllow
-	// Comparison boundaries to check for comparison operator validity
-	compareOpStart ScmpCompareOp = CompareNotEqual
-	compareOpEnd   ScmpCompareOp = CompareMaskedEqual
-)
-
-var (
-	// Error thrown on bad filter context
-	errBadFilter = fmt.Errorf("filter is invalid or uninitialized")
-	// Constants representing library major, minor, and micro versions
-	verMajor = int(C.C_VERSION_MAJOR)
-	verMinor = int(C.C_VERSION_MINOR)
-	verMicro = int(C.C_VERSION_MICRO)
-)
-
-// Nonexported functions
-
-// Check if library version is greater than or equal to the given one
-func checkVersionAbove(major, minor, micro int) bool {
-	return (verMajor > major) ||
-		(verMajor == major && verMinor > minor) ||
-		(verMajor == major && verMinor == minor && verMicro >= micro)
-}
-
-// Init function: Verify library version is appropriate
-func init() {
-	if !checkVersionAbove(2, 1, 0) {
-		fmt.Fprintf(os.Stderr, "Libseccomp version too low: minimum supported is 2.1.0, detected %d.%d.%d", C.C_VERSION_MAJOR, C.C_VERSION_MINOR, C.C_VERSION_MICRO)
-		os.Exit(-1)
-	}
-}
-
-// Filter helpers
-
-// Filter finalizer - ensure that kernel context for filters is freed
-func filterFinalizer(f *ScmpFilter) {
-	f.Release()
-}
-
-// Get a raw filter attribute
-func (f *ScmpFilter) getFilterAttr(attr scmpFilterAttr) (C.uint32_t, error) {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if !f.valid {
-		return 0x0, errBadFilter
-	}
-
-	if !checkVersionAbove(2, 2, 0) && attr == filterAttrTsync {
-		return 0x0, fmt.Errorf("the thread synchronization attribute is not supported in this version of the library")
-	}
-
-	var attribute C.uint32_t
-
-	retCode := C.seccomp_attr_get(f.filterCtx, attr.toNative(), &attribute)
-	if retCode != 0 {
-		return 0x0, syscall.Errno(-1 * retCode)
-	}
-
-	return attribute, nil
-}
-
-// Set a raw filter attribute
-func (f *ScmpFilter) setFilterAttr(attr scmpFilterAttr, value C.uint32_t) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if !f.valid {
-		return errBadFilter
-	}
-
-	if !checkVersionAbove(2, 2, 0) && attr == filterAttrTsync {
-		return fmt.Errorf("the thread synchronization attribute is not supported in this version of the library")
-	}
-
-	retCode := C.seccomp_attr_set(f.filterCtx, attr.toNative(), value)
-	if retCode != 0 {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
-
-// DOES NOT LOCK OR CHECK VALIDITY
-// Assumes caller has already done this
-// Wrapper for seccomp_rule_add_... functions
-func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, cond C.scmp_cast_t) error {
-	var length C.uint
-	if cond != nil {
-		length = 1
-	} else {
-		length = 0
-	}
-
-	var retCode C.int
-	if exact {
-		retCode = C.seccomp_rule_add_exact_array(f.filterCtx, action.toNative(), C.int(call), length, cond)
-	} else {
-		retCode = C.seccomp_rule_add_array(f.filterCtx, action.toNative(), C.int(call), length, cond)
-	}
-
-	if syscall.Errno(-1*retCode) == syscall.EFAULT {
-		return fmt.Errorf("unrecognized syscall")
-	} else if syscall.Errno(-1*retCode) == syscall.EPERM {
-		return fmt.Errorf("requested action matches default action of filter")
-	} else if retCode != 0 {
-		return syscall.Errno(-1 * retCode)
-	}
-
-	return nil
-}
-
-// Generic add function for filter rules
-func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact bool, conds []ScmpCondition) error {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	if !f.valid {
-		return errBadFilter
-	}
-
-	if len(conds) == 0 {
-		if err := f.addRuleWrapper(call, action, exact, nil); err != nil {
-			return err
-		}
-	} else {
-		// We don't support conditional filtering in library version v2.1
-		if !checkVersionAbove(2, 2, 1) {
-			return fmt.Errorf("conditional filtering requires libseccomp version >= 2.2.1")
-		}
-
-		for _, cond := range conds {
-			cmpStruct := C.make_struct_arg_cmp(C.uint(cond.Argument), cond.Op.toNative(), C.uint64_t(cond.Operand1), C.uint64_t(cond.Operand2))
-			defer C.free(cmpStruct)
-
-			if err := f.addRuleWrapper(call, action, exact, C.scmp_cast_t(cmpStruct)); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-// Generic Helpers
-
-// Helper - Sanitize Arch token input
-func sanitizeArch(in ScmpArch) error {
-	if in < archStart || in > archEnd {
-		return fmt.Errorf("unrecognized architecture")
-	}
-
-	if in.toNative() == C.C_ARCH_BAD {
-		return fmt.Errorf("architecture is not supported on this version of the library")
-	}
-
-	return nil
-}
-
-func sanitizeAction(in ScmpAction) error {
-	inTmp := in & 0x0000FFFF
-	if inTmp < actionStart || inTmp > actionEnd {
-		return fmt.Errorf("unrecognized action")
-	}
-
-	if inTmp != ActTrace && inTmp != ActErrno && (in&0xFFFF0000) != 0 {
-		return fmt.Errorf("highest 16 bits must be zeroed except for Trace and Errno")
-	}
-
-	return nil
-}
-
-func sanitizeCompareOp(in ScmpCompareOp) error {
-	if in < compareOpStart || in > compareOpEnd {
-		return fmt.Errorf("unrecognized comparison operator")
-	}
-
-	return nil
-}
-
-func archFromNative(a C.uint32_t) (ScmpArch, error) {
-	switch a {
-	case C.C_ARCH_X86:
-		return ArchX86, nil
-	case C.C_ARCH_X86_64:
-		return ArchAMD64, nil
-	case C.C_ARCH_X32:
-		return ArchX32, nil
-	case C.C_ARCH_ARM:
-		return ArchARM, nil
-	case C.C_ARCH_NATIVE:
-		return ArchNative, nil
-	case C.C_ARCH_AARCH64:
-		return ArchARM64, nil
-	case C.C_ARCH_MIPS:
-		return ArchMIPS, nil
-	case C.C_ARCH_MIPS64:
-		return ArchMIPS64, nil
-	case C.C_ARCH_MIPS64N32:
-		return ArchMIPS64N32, nil
-	case C.C_ARCH_MIPSEL:
-		return ArchMIPSEL, nil
-	case C.C_ARCH_MIPSEL64:
-		return ArchMIPSEL64, nil
-	case C.C_ARCH_MIPSEL64N32:
-		return ArchMIPSEL64N32, nil
-	case C.C_ARCH_PPC:
-		return ArchPPC, nil
-	case C.C_ARCH_PPC64:
-		return ArchPPC64, nil
-	case C.C_ARCH_PPC64LE:
-		return ArchPPC64LE, nil
-	case C.C_ARCH_S390:
-		return ArchS390, nil
-	case C.C_ARCH_S390X:
-		return ArchS390X, nil
-	default:
-		return 0x0, fmt.Errorf("unrecognized architecture")
-	}
-}
-
-// Only use with sanitized arches, no error handling
-func (a ScmpArch) toNative() C.uint32_t {
-	switch a {
-	case ArchX86:
-		return C.C_ARCH_X86
-	case ArchAMD64:
-		return C.C_ARCH_X86_64
-	case ArchX32:
-		return C.C_ARCH_X32
-	case ArchARM:
-		return C.C_ARCH_ARM
-	case ArchARM64:
-		return C.C_ARCH_AARCH64
-	case ArchMIPS:
-		return C.C_ARCH_MIPS
-	case ArchMIPS64:
-		return C.C_ARCH_MIPS64
-	case ArchMIPS64N32:
-		return C.C_ARCH_MIPS64N32
-	case ArchMIPSEL:
-		return C.C_ARCH_MIPSEL
-	case ArchMIPSEL64:
-		return C.C_ARCH_MIPSEL64
-	case ArchMIPSEL64N32:
-		return C.C_ARCH_MIPSEL64N32
-	case ArchPPC:
-		return C.C_ARCH_PPC
-	case ArchPPC64:
-		return C.C_ARCH_PPC64
-	case ArchPPC64LE:
-		return C.C_ARCH_PPC64LE
-	case ArchS390:
-		return C.C_ARCH_S390
-	case ArchS390X:
-		return C.C_ARCH_S390X
-	case ArchNative:
-		return C.C_ARCH_NATIVE
-	default:
-		return 0x0
-	}
-}
-
-// Only use with sanitized ops, no error handling
-func (a ScmpCompareOp) toNative() C.int {
-	switch a {
-	case CompareNotEqual:
-		return C.C_CMP_NE
-	case CompareLess:
-		return C.C_CMP_LT
-	case CompareLessOrEqual:
-		return C.C_CMP_LE
-	case CompareEqual:
-		return C.C_CMP_EQ
-	case CompareGreaterEqual:
-		return C.C_CMP_GE
-	case CompareGreater:
-		return C.C_CMP_GT
-	case CompareMaskedEqual:
-		return C.C_CMP_MASKED_EQ
-	default:
-		return 0x0
-	}
-}
-
-func actionFromNative(a C.uint32_t) (ScmpAction, error) {
-	aTmp := a & 0xFFFF
-	switch a & 0xFFFF0000 {
-	case C.C_ACT_KILL:
-		return ActKill, nil
-	case C.C_ACT_TRAP:
-		return ActTrap, nil
-	case C.C_ACT_ERRNO:
-		return ActErrno.SetReturnCode(int16(aTmp)), nil
-	case C.C_ACT_TRACE:
-		return ActTrace.SetReturnCode(int16(aTmp)), nil
-	case C.C_ACT_ALLOW:
-		return ActAllow, nil
-	default:
-		return 0x0, fmt.Errorf("unrecognized action")
-	}
-}
-
-// Only use with sanitized actions, no error handling
-func (a ScmpAction) toNative() C.uint32_t {
-	switch a & 0xFFFF {
-	case ActKill:
-		return C.C_ACT_KILL
-	case ActTrap:
-		return C.C_ACT_TRAP
-	case ActErrno:
-		return C.C_ACT_ERRNO | (C.uint32_t(a) >> 16)
-	case ActTrace:
-		return C.C_ACT_TRACE | (C.uint32_t(a) >> 16)
-	case ActAllow:
-		return C.C_ACT_ALLOW
-	default:
-		return 0x0
-	}
-}
-
-// Internal only, assumes safe attribute
-func (a scmpFilterAttr) toNative() uint32 {
-	switch a {
-	case filterAttrActDefault:
-		return uint32(C.C_ATTRIBUTE_DEFAULT)
-	case filterAttrActBadArch:
-		return uint32(C.C_ATTRIBUTE_BADARCH)
-	case filterAttrNNP:
-		return uint32(C.C_ATTRIBUTE_NNP)
-	case filterAttrTsync:
-		return uint32(C.C_ATTRIBUTE_TSYNC)
-	default:
-		return 0x0
-	}
-}
diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md
index 072e99be31376..5152b6aa406fe 100644
--- a/vendor/github.com/sirupsen/logrus/README.md
+++ b/vendor/github.com/sirupsen/logrus/README.md
@@ -1,8 +1,28 @@
-# Logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:"/>&nbsp;[![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus)&nbsp;[![GoDoc](https://godoc.org/github.com/sirupsen/logrus?status.svg)](https://godoc.org/github.com/sirupsen/logrus)
+# Logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:"/> [![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus) [![GoDoc](https://godoc.org/github.com/sirupsen/logrus?status.svg)](https://godoc.org/github.com/sirupsen/logrus)
 
 Logrus is a structured logger for Go (golang), completely API compatible with
 the standard library logger.
 
+**Logrus is in maintenance-mode.** We will not be introducing new features. It's
+simply too hard to do in a way that won't break many people's projects, which is
+the last thing you want from your Logging library (again...).
+
+This does not mean Logrus is dead. Logrus will continue to be maintained for
+security, (backwards compatible) bug fixes, and performance (where we are
+limited by the interface). 
+
+I believe Logrus' biggest contribution is to have played a part in today's
+widespread use of structured logging in Golang. There doesn't seem to be a
+reason to do a major, breaking iteration into Logrus V2, since the fantastic Go
+community has built those independently. Many fantastic alternatives have sprung
+up. Logrus would look like those, had it been re-designed with what we know
+about structured logging in Go today. Check out, for example,
+[Zerolog][zerolog], [Zap][zap], and [Apex][apex].
+
+[zerolog]: https://github.com/rs/zerolog
+[zap]: https://github.com/uber-go/zap
+[apex]: https://github.com/apex/log
+
 **Seeing weird case-sensitive problems?** It's in the past been possible to
 import Logrus as both upper- and lower-case. Due to the Go package environment,
 this caused issues in the community and we needed a standard. Some environments
@@ -15,11 +35,6 @@ comments](https://github.com/sirupsen/logrus/issues/553#issuecomment-306591437).
 For an in-depth explanation of the casing issue, see [this
 comment](https://github.com/sirupsen/logrus/issues/570#issuecomment-313933276).
 
-**Are you interested in assisting in maintaining Logrus?** Currently I have a
-lot of obligations, and I am unable to provide Logrus with the maintainership it
-needs. If you'd like to help, please reach out to me at `simon at author's
-username dot com`.
-
 Nicely color-coded in development (when a TTY is attached, otherwise just
 plain text):
 
@@ -56,8 +71,39 @@ time="2015-03-26T01:27:38-04:00" level=warning msg="The group's number increased
 time="2015-03-26T01:27:38-04:00" level=debug msg="Temperature changes" temperature=-4
 time="2015-03-26T01:27:38-04:00" level=panic msg="It's over 9000!" animal=orca size=9009
 time="2015-03-26T01:27:38-04:00" level=fatal msg="The ice breaks!" err=&{0x2082280c0 map[animal:orca size:9009] 2015-03-26 01:27:38.441574009 -0400 EDT panic It's over 9000!} number=100 omg=true
-exit status 1
 ```
+To ensure this behaviour even if a TTY is attached, set your formatter as follows:
+
+```go
+	log.SetFormatter(&log.TextFormatter{
+		DisableColors: true,
+		FullTimestamp: true,
+	})
+```
+
+#### Logging Method Name
+
+If you wish to add the calling method as a field, instruct the logger via:
+```go
+log.SetReportCaller(true)
+```
+This adds the caller as 'method' like so:
+
+```json
+{"animal":"penguin","level":"fatal","method":"github.com/sirupsen/arcticcreatures.migrate","msg":"a penguin swims by",
+"time":"2014-03-10 19:57:38.562543129 -0400 EDT"}
+```
+
+```text
+time="2015-03-26T01:27:38-04:00" level=fatal method=github.com/sirupsen/arcticcreatures.migrate msg="a penguin swims by" animal=penguin
+```
+Note that this does add measurable overhead - the cost will depend on the version of Go, but is
+between 20 and 40% in recent tests with 1.6 and 1.7.  You can validate this in your
+environment via benchmarks: 
+```
+go test -bench=.*CallerTracing
+```
+
 
 #### Case-sensitivity
 
@@ -156,7 +202,7 @@ func main() {
   log.Out = os.Stdout
 
   // You could set this to any `io.Writer` such as a file
-  // file, err := os.OpenFile("logrus.log", os.O_CREATE|os.O_WRONLY, 0666)
+  // file, err := os.OpenFile("logrus.log", os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
   // if err == nil {
   //  log.Out = file
   // } else {
@@ -241,14 +287,15 @@ func init() {
 ```
 Note: Syslog hook also support connecting to local syslog (Ex. "/dev/log" or "/var/run/syslog" or "/var/run/log"). For the detail, please check the [syslog hook README](hooks/syslog/README.md).
 
-A list of currently known of service hook can be found in this wiki [page](https://github.com/sirupsen/logrus/wiki/Hooks)
+A list of currently known service hooks can be found in this wiki [page](https://github.com/sirupsen/logrus/wiki/Hooks)
 
 
 #### Level logging
 
-Logrus has six logging levels: Debug, Info, Warning, Error, Fatal and Panic.
+Logrus has seven logging levels: Trace, Debug, Info, Warning, Error, Fatal and Panic.
 
 ```go
+log.Trace("Something very low level.")
 log.Debug("Useful debugging information.")
 log.Info("Something noteworthy happened!")
 log.Warn("You should probably take a look at this.")
@@ -322,6 +369,7 @@ The built-in logging formatters are:
     [github.com/mattn/go-colorable](https://github.com/mattn/go-colorable).
   * When colors are enabled, levels are truncated to 4 characters by default. To disable
     truncation set the `DisableLevelTruncation` field to `true`.
+  * When outputting to a TTY, it's often helpful to visually scan down a column where all the levels are the same width. Setting the `PadLevelText` field to `true` enables this behavior, by adding padding to the level text.
   * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#TextFormatter).
 * `logrus.JSONFormatter`. Logs fields as JSON.
   * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#JSONFormatter).
@@ -329,9 +377,13 @@ The built-in logging formatters are:
 Third party logging formatters:
 
 * [`FluentdFormatter`](https://github.com/joonix/log). Formats entries that can be parsed by Kubernetes and Google Container Engine.
+* [`GELF`](https://github.com/fabienm/go-logrus-formatters). Formats entries so they comply to Graylog's [GELF 1.1 specification](http://docs.graylog.org/en/2.4/pages/gelf.html).
 * [`logstash`](https://github.com/bshuster-repo/logrus-logstash-hook). Logs fields as [Logstash](http://logstash.net) Events.
 * [`prefixed`](https://github.com/x-cray/logrus-prefixed-formatter). Displays log entry source along with alternative layout.
-* [`zalgo`](https://github.com/aybabtme/logzalgo). Invoking the P͉̫o̳̼̊w̖͈̰͎e̬͔̭͂r͚̼̹̲ ̫͓͉̳͈ō̠͕͖̚f̝͍̠ ͕̲̞͖͑Z̖̫̤̫ͪa͉̬͈̗l͖͎g̳̥o̰̥̅!̣͔̲̻͊̄ ̙̘̦̹̦.
+* [`zalgo`](https://github.com/aybabtme/logzalgo). Invoking the Power of Zalgo.
+* [`nested-logrus-formatter`](https://github.com/antonfisher/nested-logrus-formatter). Converts logrus fields to a nested structure.
+* [`powerful-logrus-formatter`](https://github.com/zput/zxcTool). get fileName, log's line number and the latest function's name when print log; Sava log to files.
+* [`caption-json-formatter`](https://github.com/nolleh/caption_json_formatter). logrus's message json formatter with human-readable caption added.
 
 You can define your formatter by implementing the `Formatter` interface,
 requiring a `Format` method. `Format` takes an `*Entry`. `entry.Data` is a
@@ -350,7 +402,7 @@ func (f *MyJSONFormatter) Format(entry *Entry) ([]byte, error) {
   // source of the official loggers.
   serialized, err := json.Marshal(entry.Data)
     if err != nil {
-      return nil, fmt.Errorf("Failed to marshal fields to JSON, %v", err)
+      return nil, fmt.Errorf("Failed to marshal fields to JSON, %w", err)
     }
   return append(serialized, '\n'), nil
 }
@@ -396,14 +448,14 @@ entries. It should not be a feature of the application-level logger.
 
 | Tool | Description |
 | ---- | ----------- |
-|[Logrus Mate](https://github.com/gogap/logrus_mate)|Logrus mate is a tool for Logrus to manage loggers, you can initial logger's level, hook and formatter by config file, the logger will generated with different config at different environment.|
+|[Logrus Mate](https://github.com/gogap/logrus_mate)|Logrus mate is a tool for Logrus to manage loggers, you can initial logger's level, hook and formatter by config file, the logger will be generated with different configs in different environments.|
 |[Logrus Viper Helper](https://github.com/heirko/go-contrib/tree/master/logrusHelper)|An Helper around Logrus to wrap with spf13/Viper to load configuration with fangs! And to simplify Logrus configuration use some behavior of [Logrus Mate](https://github.com/gogap/logrus_mate). [sample](https://github.com/heirko/iris-contrib/blob/master/middleware/logrus-logger/example) |
 
 #### Testing
 
 Logrus has a built in facility for asserting the presence of log messages. This is implemented through the `test` hook and provides:
 
-* decorators for existing logger (`test.NewLocal` and `test.NewGlobal`) which basically just add the `test` hook
+* decorators for existing logger (`test.NewLocal` and `test.NewGlobal`) which basically just adds the `test` hook
 * a test logger (`test.NewNullLogger`) that just records log messages (and does not output any):
 
 ```go
@@ -431,7 +483,7 @@ func TestSomething(t*testing.T){
 
 Logrus can register one or more functions that will be called when any `fatal`
 level message is logged. The registered handlers will be executed before
-logrus performs a `os.Exit(1)`. This behavior may be helpful if callers need
+logrus performs an `os.Exit(1)`. This behavior may be helpful if callers need
 to gracefully shutdown. Unlike a `panic("Something went wrong...")` call which can be intercepted with a deferred `recover` a call to `os.Exit(1)` can not be intercepted.
 
 ```
@@ -456,6 +508,6 @@ Situation when locking is not needed includes:
 
   1) logger.Out is protected by locks.
 
-  2) logger.Out is a os.File handler opened with `O_APPEND` flag, and every write is smaller than 4k. (This allow multi-thread/multi-process writing)
+  2) logger.Out is an os.File handler opened with `O_APPEND` flag, and every write is smaller than 4k. (This allows multi-thread/multi-process writing)
 
      (Refer to http://www.notthewizard.com/2014/06/17/are-files-appends-really-atomic/)
diff --git a/vendor/github.com/sirupsen/logrus/alt_exit.go b/vendor/github.com/sirupsen/logrus/alt_exit.go
index 8af90637a99e6..8fd189e1ccae8 100644
--- a/vendor/github.com/sirupsen/logrus/alt_exit.go
+++ b/vendor/github.com/sirupsen/logrus/alt_exit.go
@@ -51,9 +51,9 @@ func Exit(code int) {
 	os.Exit(code)
 }
 
-// RegisterExitHandler adds a Logrus Exit handler, call logrus.Exit to invoke
-// all handlers. The handlers will also be invoked when any Fatal log entry is
-// made.
+// RegisterExitHandler appends a Logrus Exit handler to the list of handlers,
+// call logrus.Exit to invoke all handlers. The handlers will also be invoked when
+// any Fatal log entry is made.
 //
 // This method is useful when a caller wishes to use logrus to log a fatal
 // message but also needs to gracefully shutdown. An example usecase could be
@@ -62,3 +62,15 @@ func Exit(code int) {
 func RegisterExitHandler(handler func()) {
 	handlers = append(handlers, handler)
 }
+
+// DeferExitHandler prepends a Logrus Exit handler to the list of handlers,
+// call logrus.Exit to invoke all handlers. The handlers will also be invoked when
+// any Fatal log entry is made.
+//
+// This method is useful when a caller wishes to use logrus to log a fatal
+// message but also needs to gracefully shutdown. An example usecase could be
+// closing database connections, or sending a alert that the application is
+// closing.
+func DeferExitHandler(handler func()) {
+	handlers = append([]func(){handler}, handlers...)
+}
diff --git a/vendor/github.com/sirupsen/logrus/buffer_pool.go b/vendor/github.com/sirupsen/logrus/buffer_pool.go
new file mode 100644
index 0000000000000..4545dec07d8b6
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/buffer_pool.go
@@ -0,0 +1,52 @@
+package logrus
+
+import (
+	"bytes"
+	"sync"
+)
+
+var (
+	bufferPool BufferPool
+)
+
+type BufferPool interface {
+	Put(*bytes.Buffer)
+	Get() *bytes.Buffer
+}
+
+type defaultPool struct {
+	pool *sync.Pool
+}
+
+func (p *defaultPool) Put(buf *bytes.Buffer) {
+	p.pool.Put(buf)
+}
+
+func (p *defaultPool) Get() *bytes.Buffer {
+	return p.pool.Get().(*bytes.Buffer)
+}
+
+func getBuffer() *bytes.Buffer {
+	return bufferPool.Get()
+}
+
+func putBuffer(buf *bytes.Buffer) {
+	buf.Reset()
+	bufferPool.Put(buf)
+}
+
+// SetBufferPool allows to replace the default logrus buffer pool
+// to better meets the specific needs of an application.
+func SetBufferPool(bp BufferPool) {
+	bufferPool = bp
+}
+
+func init() {
+	SetBufferPool(&defaultPool{
+		pool: &sync.Pool{
+			New: func() interface{} {
+				return new(bytes.Buffer)
+			},
+		},
+	})
+}
diff --git a/vendor/github.com/sirupsen/logrus/entry.go b/vendor/github.com/sirupsen/logrus/entry.go
index 473bd1a0d3b12..07a1e5fa7249c 100644
--- a/vendor/github.com/sirupsen/logrus/entry.go
+++ b/vendor/github.com/sirupsen/logrus/entry.go
@@ -2,29 +2,45 @@ package logrus
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"os"
+	"reflect"
+	"runtime"
+	"strings"
 	"sync"
 	"time"
 )
 
-var bufferPool *sync.Pool
+var (
+
+	// qualified package name, cached at first use
+	logrusPackage string
+
+	// Positions in the call stack when tracing to report the calling method
+	minimumCallerDepth int
+
+	// Used for caller information initialisation
+	callerInitOnce sync.Once
+)
+
+const (
+	maximumCallerDepth int = 25
+	knownLogrusFrames  int = 4
+)
 
 func init() {
-	bufferPool = &sync.Pool{
-		New: func() interface{} {
-			return new(bytes.Buffer)
-		},
-	}
+	// start at the bottom of the stack before the package-name cache is primed
+	minimumCallerDepth = 1
 }
 
 // Defines the key when adding errors using WithError.
 var ErrorKey = "error"
 
 // An entry is the final or intermediate Logrus logging entry. It contains all
-// the fields passed with WithField{,s}. It's finally logged when Debug, Info,
-// Warn, Error, Fatal or Panic is called on it. These objects can be reused and
-// passed around as much as you wish to avoid field duplication.
+// the fields passed with WithField{,s}. It's finally logged when Trace, Debug,
+// Info, Warn, Error, Fatal or Panic is called on it. These objects can be
+// reused and passed around as much as you wish to avoid field duplication.
 type Entry struct {
 	Logger *Logger
 
@@ -34,29 +50,51 @@ type Entry struct {
 	// Time at which the log entry was created
 	Time time.Time
 
-	// Level the log entry was logged at: Debug, Info, Warn, Error, Fatal or Panic
+	// Level the log entry was logged at: Trace, Debug, Info, Warn, Error, Fatal or Panic
 	// This field will be set on entry firing and the value will be equal to the one in Logger struct field.
 	Level Level
 
-	// Message passed to Debug, Info, Warn, Error, Fatal or Panic
+	// Calling method, with package name
+	Caller *runtime.Frame
+
+	// Message passed to Trace, Debug, Info, Warn, Error, Fatal or Panic
 	Message string
 
-	// When formatter is called in entry.log(), an Buffer may be set to entry
+	// When formatter is called in entry.log(), a Buffer may be set to entry
 	Buffer *bytes.Buffer
+
+	// Contains the context set by the user. Useful for hook processing etc.
+	Context context.Context
+
+	// err may contain a field formatting error
+	err string
 }
 
 func NewEntry(logger *Logger) *Entry {
 	return &Entry{
 		Logger: logger,
-		// Default is five fields, give a little extra room
-		Data: make(Fields, 5),
+		// Default is three fields, plus one optional.  Give a little extra room.
+		Data: make(Fields, 6),
 	}
 }
 
+func (entry *Entry) Dup() *Entry {
+	data := make(Fields, len(entry.Data))
+	for k, v := range entry.Data {
+		data[k] = v
+	}
+	return &Entry{Logger: entry.Logger, Data: data, Time: entry.Time, Context: entry.Context, err: entry.err}
+}
+
+// Returns the bytes representation of this entry from the formatter.
+func (entry *Entry) Bytes() ([]byte, error) {
+	return entry.Logger.Formatter.Format(entry)
+}
+
 // Returns the string representation from the reader and ultimately the
 // formatter.
 func (entry *Entry) String() (string, error) {
-	serialized, err := entry.Logger.Formatter.Format(entry)
+	serialized, err := entry.Bytes()
 	if err != nil {
 		return "", err
 	}
@@ -69,6 +107,15 @@ func (entry *Entry) WithError(err error) *Entry {
 	return entry.WithField(ErrorKey, err)
 }
 
+// Add a context to the Entry.
+func (entry *Entry) WithContext(ctx context.Context) *Entry {
+	dataCopy := make(Fields, len(entry.Data))
+	for k, v := range entry.Data {
+		dataCopy[k] = v
+	}
+	return &Entry{Logger: entry.Logger, Data: dataCopy, Time: entry.Time, err: entry.err, Context: ctx}
+}
+
 // Add a single field to the Entry.
 func (entry *Entry) WithField(key string, value interface{}) *Entry {
 	return entry.WithFields(Fields{key: value})
@@ -80,57 +127,149 @@ func (entry *Entry) WithFields(fields Fields) *Entry {
 	for k, v := range entry.Data {
 		data[k] = v
 	}
+	fieldErr := entry.err
 	for k, v := range fields {
-		data[k] = v
+		isErrField := false
+		if t := reflect.TypeOf(v); t != nil {
+			switch {
+			case t.Kind() == reflect.Func, t.Kind() == reflect.Ptr && t.Elem().Kind() == reflect.Func:
+				isErrField = true
+			}
+		}
+		if isErrField {
+			tmp := fmt.Sprintf("can not add field %q", k)
+			if fieldErr != "" {
+				fieldErr = entry.err + ", " + tmp
+			} else {
+				fieldErr = tmp
+			}
+		} else {
+			data[k] = v
+		}
 	}
-	return &Entry{Logger: entry.Logger, Data: data, Time: entry.Time}
+	return &Entry{Logger: entry.Logger, Data: data, Time: entry.Time, err: fieldErr, Context: entry.Context}
 }
 
 // Overrides the time of the Entry.
 func (entry *Entry) WithTime(t time.Time) *Entry {
-	return &Entry{Logger: entry.Logger, Data: entry.Data, Time: t}
+	dataCopy := make(Fields, len(entry.Data))
+	for k, v := range entry.Data {
+		dataCopy[k] = v
+	}
+	return &Entry{Logger: entry.Logger, Data: dataCopy, Time: t, err: entry.err, Context: entry.Context}
+}
+
+// getPackageName reduces a fully qualified function name to the package name
+// There really ought to be to be a better way...
+func getPackageName(f string) string {
+	for {
+		lastPeriod := strings.LastIndex(f, ".")
+		lastSlash := strings.LastIndex(f, "/")
+		if lastPeriod > lastSlash {
+			f = f[:lastPeriod]
+		} else {
+			break
+		}
+	}
+
+	return f
+}
+
+// getCaller retrieves the name of the first non-logrus calling function
+func getCaller() *runtime.Frame {
+	// cache this package's fully-qualified name
+	callerInitOnce.Do(func() {
+		pcs := make([]uintptr, maximumCallerDepth)
+		_ = runtime.Callers(0, pcs)
+
+		// dynamic get the package name and the minimum caller depth
+		for i := 0; i < maximumCallerDepth; i++ {
+			funcName := runtime.FuncForPC(pcs[i]).Name()
+			if strings.Contains(funcName, "getCaller") {
+				logrusPackage = getPackageName(funcName)
+				break
+			}
+		}
+
+		minimumCallerDepth = knownLogrusFrames
+	})
+
+	// Restrict the lookback frames to avoid runaway lookups
+	pcs := make([]uintptr, maximumCallerDepth)
+	depth := runtime.Callers(minimumCallerDepth, pcs)
+	frames := runtime.CallersFrames(pcs[:depth])
+
+	for f, again := frames.Next(); again; f, again = frames.Next() {
+		pkg := getPackageName(f.Function)
+
+		// If the caller isn't part of this package, we're done
+		if pkg != logrusPackage {
+			return &f //nolint:scopelint
+		}
+	}
+
+	// if we got here, we failed to find the caller's context
+	return nil
+}
+
+func (entry Entry) HasCaller() (has bool) {
+	return entry.Logger != nil &&
+		entry.Logger.ReportCaller &&
+		entry.Caller != nil
 }
 
-// This function is not declared with a pointer value because otherwise
-// race conditions will occur when using multiple goroutines
-func (entry Entry) log(level Level, msg string) {
+func (entry *Entry) log(level Level, msg string) {
 	var buffer *bytes.Buffer
 
-	// Default to now, but allow users to override if they want.
-	//
-	// We don't have to worry about polluting future calls to Entry#log()
-	// with this assignment because this function is declared with a
-	// non-pointer receiver.
-	if entry.Time.IsZero() {
-		entry.Time = time.Now()
+	newEntry := entry.Dup()
+
+	if newEntry.Time.IsZero() {
+		newEntry.Time = time.Now()
 	}
 
-	entry.Level = level
-	entry.Message = msg
+	newEntry.Level = level
+	newEntry.Message = msg
 
-	entry.fireHooks()
+	newEntry.Logger.mu.Lock()
+	reportCaller := newEntry.Logger.ReportCaller
+	newEntry.Logger.mu.Unlock()
 
-	buffer = bufferPool.Get().(*bytes.Buffer)
+	if reportCaller {
+		newEntry.Caller = getCaller()
+	}
+
+	newEntry.fireHooks()
+
+	buffer = getBuffer()
+	defer func() {
+		newEntry.Buffer = nil
+		putBuffer(buffer)
+	}()
 	buffer.Reset()
-	defer bufferPool.Put(buffer)
-	entry.Buffer = buffer
+	newEntry.Buffer = buffer
 
-	entry.write()
+	newEntry.write()
 
-	entry.Buffer = nil
+	newEntry.Buffer = nil
 
 	// To avoid Entry#log() returning a value that only would make sense for
 	// panic() to use in Entry#Panic(), we avoid the allocation by checking
 	// directly here.
 	if level <= PanicLevel {
-		panic(&entry)
+		panic(newEntry)
 	}
 }
 
 func (entry *Entry) fireHooks() {
+	var tmpHooks LevelHooks
 	entry.Logger.mu.Lock()
-	defer entry.Logger.mu.Unlock()
-	err := entry.Logger.Hooks.Fire(entry.Level, entry)
+	tmpHooks = make(LevelHooks, len(entry.Logger.Hooks))
+	for k, v := range entry.Logger.Hooks {
+		tmpHooks[k] = v
+	}
+	entry.Logger.mu.Unlock()
+
+	err := tmpHooks.Fire(entry.Level, entry)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Failed to fire hook: %v\n", err)
 	}
@@ -138,38 +277,41 @@ func (entry *Entry) fireHooks() {
 
 func (entry *Entry) write() {
 	serialized, err := entry.Logger.Formatter.Format(entry)
-	entry.Logger.mu.Lock()
-	defer entry.Logger.mu.Unlock()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Failed to obtain reader, %v\n", err)
-	} else {
-		_, err = entry.Logger.Out.Write(serialized)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Failed to write to log, %v\n", err)
-		}
+		return
+	}
+	entry.Logger.mu.Lock()
+	defer entry.Logger.mu.Unlock()
+	if _, err := entry.Logger.Out.Write(serialized); err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to write to log, %v\n", err)
 	}
 }
 
-func (entry *Entry) Debug(args ...interface{}) {
-	if entry.Logger.level() >= DebugLevel {
-		entry.log(DebugLevel, fmt.Sprint(args...))
+func (entry *Entry) Log(level Level, args ...interface{}) {
+	if entry.Logger.IsLevelEnabled(level) {
+		entry.log(level, fmt.Sprint(args...))
 	}
 }
 
+func (entry *Entry) Trace(args ...interface{}) {
+	entry.Log(TraceLevel, args...)
+}
+
+func (entry *Entry) Debug(args ...interface{}) {
+	entry.Log(DebugLevel, args...)
+}
+
 func (entry *Entry) Print(args ...interface{}) {
 	entry.Info(args...)
 }
 
 func (entry *Entry) Info(args ...interface{}) {
-	if entry.Logger.level() >= InfoLevel {
-		entry.log(InfoLevel, fmt.Sprint(args...))
-	}
+	entry.Log(InfoLevel, args...)
 }
 
 func (entry *Entry) Warn(args ...interface{}) {
-	if entry.Logger.level() >= WarnLevel {
-		entry.log(WarnLevel, fmt.Sprint(args...))
-	}
+	entry.Log(WarnLevel, args...)
 }
 
 func (entry *Entry) Warning(args ...interface{}) {
@@ -177,37 +319,36 @@ func (entry *Entry) Warning(args ...interface{}) {
 }
 
 func (entry *Entry) Error(args ...interface{}) {
-	if entry.Logger.level() >= ErrorLevel {
-		entry.log(ErrorLevel, fmt.Sprint(args...))
-	}
+	entry.Log(ErrorLevel, args...)
 }
 
 func (entry *Entry) Fatal(args ...interface{}) {
-	if entry.Logger.level() >= FatalLevel {
-		entry.log(FatalLevel, fmt.Sprint(args...))
-	}
-	Exit(1)
+	entry.Log(FatalLevel, args...)
+	entry.Logger.Exit(1)
 }
 
 func (entry *Entry) Panic(args ...interface{}) {
-	if entry.Logger.level() >= PanicLevel {
-		entry.log(PanicLevel, fmt.Sprint(args...))
-	}
-	panic(fmt.Sprint(args...))
+	entry.Log(PanicLevel, args...)
 }
 
 // Entry Printf family functions
 
-func (entry *Entry) Debugf(format string, args ...interface{}) {
-	if entry.Logger.level() >= DebugLevel {
-		entry.Debug(fmt.Sprintf(format, args...))
+func (entry *Entry) Logf(level Level, format string, args ...interface{}) {
+	if entry.Logger.IsLevelEnabled(level) {
+		entry.Log(level, fmt.Sprintf(format, args...))
 	}
 }
 
+func (entry *Entry) Tracef(format string, args ...interface{}) {
+	entry.Logf(TraceLevel, format, args...)
+}
+
+func (entry *Entry) Debugf(format string, args ...interface{}) {
+	entry.Logf(DebugLevel, format, args...)
+}
+
 func (entry *Entry) Infof(format string, args ...interface{}) {
-	if entry.Logger.level() >= InfoLevel {
-		entry.Info(fmt.Sprintf(format, args...))
-	}
+	entry.Logf(InfoLevel, format, args...)
 }
 
 func (entry *Entry) Printf(format string, args ...interface{}) {
@@ -215,9 +356,7 @@ func (entry *Entry) Printf(format string, args ...interface{}) {
 }
 
 func (entry *Entry) Warnf(format string, args ...interface{}) {
-	if entry.Logger.level() >= WarnLevel {
-		entry.Warn(fmt.Sprintf(format, args...))
-	}
+	entry.Logf(WarnLevel, format, args...)
 }
 
 func (entry *Entry) Warningf(format string, args ...interface{}) {
@@ -225,36 +364,36 @@ func (entry *Entry) Warningf(format string, args ...interface{}) {
 }
 
 func (entry *Entry) Errorf(format string, args ...interface{}) {
-	if entry.Logger.level() >= ErrorLevel {
-		entry.Error(fmt.Sprintf(format, args...))
-	}
+	entry.Logf(ErrorLevel, format, args...)
 }
 
 func (entry *Entry) Fatalf(format string, args ...interface{}) {
-	if entry.Logger.level() >= FatalLevel {
-		entry.Fatal(fmt.Sprintf(format, args...))
-	}
-	Exit(1)
+	entry.Logf(FatalLevel, format, args...)
+	entry.Logger.Exit(1)
 }
 
 func (entry *Entry) Panicf(format string, args ...interface{}) {
-	if entry.Logger.level() >= PanicLevel {
-		entry.Panic(fmt.Sprintf(format, args...))
-	}
+	entry.Logf(PanicLevel, format, args...)
 }
 
 // Entry Println family functions
 
-func (entry *Entry) Debugln(args ...interface{}) {
-	if entry.Logger.level() >= DebugLevel {
-		entry.Debug(entry.sprintlnn(args...))
+func (entry *Entry) Logln(level Level, args ...interface{}) {
+	if entry.Logger.IsLevelEnabled(level) {
+		entry.Log(level, entry.sprintlnn(args...))
 	}
 }
 
+func (entry *Entry) Traceln(args ...interface{}) {
+	entry.Logln(TraceLevel, args...)
+}
+
+func (entry *Entry) Debugln(args ...interface{}) {
+	entry.Logln(DebugLevel, args...)
+}
+
 func (entry *Entry) Infoln(args ...interface{}) {
-	if entry.Logger.level() >= InfoLevel {
-		entry.Info(entry.sprintlnn(args...))
-	}
+	entry.Logln(InfoLevel, args...)
 }
 
 func (entry *Entry) Println(args ...interface{}) {
@@ -262,9 +401,7 @@ func (entry *Entry) Println(args ...interface{}) {
 }
 
 func (entry *Entry) Warnln(args ...interface{}) {
-	if entry.Logger.level() >= WarnLevel {
-		entry.Warn(entry.sprintlnn(args...))
-	}
+	entry.Logln(WarnLevel, args...)
 }
 
 func (entry *Entry) Warningln(args ...interface{}) {
@@ -272,22 +409,16 @@ func (entry *Entry) Warningln(args ...interface{}) {
 }
 
 func (entry *Entry) Errorln(args ...interface{}) {
-	if entry.Logger.level() >= ErrorLevel {
-		entry.Error(entry.sprintlnn(args...))
-	}
+	entry.Logln(ErrorLevel, args...)
 }
 
 func (entry *Entry) Fatalln(args ...interface{}) {
-	if entry.Logger.level() >= FatalLevel {
-		entry.Fatal(entry.sprintlnn(args...))
-	}
-	Exit(1)
+	entry.Logln(FatalLevel, args...)
+	entry.Logger.Exit(1)
 }
 
 func (entry *Entry) Panicln(args ...interface{}) {
-	if entry.Logger.level() >= PanicLevel {
-		entry.Panic(entry.sprintlnn(args...))
-	}
+	entry.Logln(PanicLevel, args...)
 }
 
 // Sprintlnn => Sprint no newline. This is to get the behavior of how
diff --git a/vendor/github.com/sirupsen/logrus/exported.go b/vendor/github.com/sirupsen/logrus/exported.go
index eb612a6f3e8a8..017c30ce67830 100644
--- a/vendor/github.com/sirupsen/logrus/exported.go
+++ b/vendor/github.com/sirupsen/logrus/exported.go
@@ -1,6 +1,7 @@
 package logrus
 
 import (
+	"context"
 	"io"
 	"time"
 )
@@ -21,30 +22,33 @@ func SetOutput(out io.Writer) {
 
 // SetFormatter sets the standard logger formatter.
 func SetFormatter(formatter Formatter) {
-	std.mu.Lock()
-	defer std.mu.Unlock()
-	std.Formatter = formatter
+	std.SetFormatter(formatter)
+}
+
+// SetReportCaller sets whether the standard logger will include the calling
+// method as a field.
+func SetReportCaller(include bool) {
+	std.SetReportCaller(include)
 }
 
 // SetLevel sets the standard logger level.
 func SetLevel(level Level) {
-	std.mu.Lock()
-	defer std.mu.Unlock()
 	std.SetLevel(level)
 }
 
 // GetLevel returns the standard logger level.
 func GetLevel() Level {
-	std.mu.Lock()
-	defer std.mu.Unlock()
-	return std.level()
+	return std.GetLevel()
+}
+
+// IsLevelEnabled checks if the log level of the standard logger is greater than the level param
+func IsLevelEnabled(level Level) bool {
+	return std.IsLevelEnabled(level)
 }
 
 // AddHook adds a hook to the standard logger hooks.
 func AddHook(hook Hook) {
-	std.mu.Lock()
-	defer std.mu.Unlock()
-	std.Hooks.Add(hook)
+	std.AddHook(hook)
 }
 
 // WithError creates an entry from the standard logger and adds an error to it, using the value defined in ErrorKey as key.
@@ -52,6 +56,11 @@ func WithError(err error) *Entry {
 	return std.WithField(ErrorKey, err)
 }
 
+// WithContext creates an entry from the standard logger and adds a context to it.
+func WithContext(ctx context.Context) *Entry {
+	return std.WithContext(ctx)
+}
+
 // WithField creates an entry from the standard logger and adds a field to
 // it. If you want multiple fields, use `WithFields`.
 //
@@ -71,7 +80,7 @@ func WithFields(fields Fields) *Entry {
 	return std.WithFields(fields)
 }
 
-// WithTime creats an entry from the standard logger and overrides the time of
+// WithTime creates an entry from the standard logger and overrides the time of
 // logs generated with it.
 //
 // Note that it doesn't log until you call Debug, Print, Info, Warn, Fatal
@@ -80,6 +89,11 @@ func WithTime(t time.Time) *Entry {
 	return std.WithTime(t)
 }
 
+// Trace logs a message at level Trace on the standard logger.
+func Trace(args ...interface{}) {
+	std.Trace(args...)
+}
+
 // Debug logs a message at level Debug on the standard logger.
 func Debug(args ...interface{}) {
 	std.Debug(args...)
@@ -120,6 +134,56 @@ func Fatal(args ...interface{}) {
 	std.Fatal(args...)
 }
 
+// TraceFn logs a message from a func at level Trace on the standard logger.
+func TraceFn(fn LogFunction) {
+	std.TraceFn(fn)
+}
+
+// DebugFn logs a message from a func at level Debug on the standard logger.
+func DebugFn(fn LogFunction) {
+	std.DebugFn(fn)
+}
+
+// PrintFn logs a message from a func at level Info on the standard logger.
+func PrintFn(fn LogFunction) {
+	std.PrintFn(fn)
+}
+
+// InfoFn logs a message from a func at level Info on the standard logger.
+func InfoFn(fn LogFunction) {
+	std.InfoFn(fn)
+}
+
+// WarnFn logs a message from a func at level Warn on the standard logger.
+func WarnFn(fn LogFunction) {
+	std.WarnFn(fn)
+}
+
+// WarningFn logs a message from a func at level Warn on the standard logger.
+func WarningFn(fn LogFunction) {
+	std.WarningFn(fn)
+}
+
+// ErrorFn logs a message from a func at level Error on the standard logger.
+func ErrorFn(fn LogFunction) {
+	std.ErrorFn(fn)
+}
+
+// PanicFn logs a message from a func at level Panic on the standard logger.
+func PanicFn(fn LogFunction) {
+	std.PanicFn(fn)
+}
+
+// FatalFn logs a message from a func at level Fatal on the standard logger then the process will exit with status set to 1.
+func FatalFn(fn LogFunction) {
+	std.FatalFn(fn)
+}
+
+// Tracef logs a message at level Trace on the standard logger.
+func Tracef(format string, args ...interface{}) {
+	std.Tracef(format, args...)
+}
+
 // Debugf logs a message at level Debug on the standard logger.
 func Debugf(format string, args ...interface{}) {
 	std.Debugf(format, args...)
@@ -160,6 +224,11 @@ func Fatalf(format string, args ...interface{}) {
 	std.Fatalf(format, args...)
 }
 
+// Traceln logs a message at level Trace on the standard logger.
+func Traceln(args ...interface{}) {
+	std.Traceln(args...)
+}
+
 // Debugln logs a message at level Debug on the standard logger.
 func Debugln(args ...interface{}) {
 	std.Debugln(args...)
diff --git a/vendor/github.com/sirupsen/logrus/formatter.go b/vendor/github.com/sirupsen/logrus/formatter.go
index 83c74947beab2..408883773ebbd 100644
--- a/vendor/github.com/sirupsen/logrus/formatter.go
+++ b/vendor/github.com/sirupsen/logrus/formatter.go
@@ -2,7 +2,16 @@ package logrus
 
 import "time"
 
-const defaultTimestampFormat = time.RFC3339
+// Default key names for the default fields
+const (
+	defaultTimestampFormat = time.RFC3339
+	FieldKeyMsg            = "msg"
+	FieldKeyLevel          = "level"
+	FieldKeyTime           = "time"
+	FieldKeyLogrusError    = "logrus_error"
+	FieldKeyFunc           = "func"
+	FieldKeyFile           = "file"
+)
 
 // The Formatter interface is used to implement a custom Formatter. It takes an
 // `Entry`. It exposes all the fields, including the default ones:
@@ -18,7 +27,7 @@ type Formatter interface {
 	Format(*Entry) ([]byte, error)
 }
 
-// This is to not silently overwrite `time`, `msg` and `level` fields when
+// This is to not silently overwrite `time`, `msg`, `func` and `level` fields when
 // dumping it. If this code wasn't there doing:
 //
 //  logrus.WithField("level", 1).Info("hello")
@@ -30,7 +39,7 @@ type Formatter interface {
 //
 // It's not exported because it's still using Data in an opinionated way. It's to
 // avoid code duplication between the two default formatters.
-func prefixFieldClashes(data Fields, fieldMap FieldMap) {
+func prefixFieldClashes(data Fields, fieldMap FieldMap, reportCaller bool) {
 	timeKey := fieldMap.resolve(FieldKeyTime)
 	if t, ok := data[timeKey]; ok {
 		data["fields."+timeKey] = t
@@ -48,4 +57,22 @@ func prefixFieldClashes(data Fields, fieldMap FieldMap) {
 		data["fields."+levelKey] = l
 		delete(data, levelKey)
 	}
+
+	logrusErrKey := fieldMap.resolve(FieldKeyLogrusError)
+	if l, ok := data[logrusErrKey]; ok {
+		data["fields."+logrusErrKey] = l
+		delete(data, logrusErrKey)
+	}
+
+	// If reportCaller is not set, 'func' will not conflict.
+	if reportCaller {
+		funcKey := fieldMap.resolve(FieldKeyFunc)
+		if l, ok := data[funcKey]; ok {
+			data["fields."+funcKey] = l
+		}
+		fileKey := fieldMap.resolve(FieldKeyFile)
+		if l, ok := data[fileKey]; ok {
+			data["fields."+fileKey] = l
+		}
+	}
 }
diff --git a/vendor/github.com/sirupsen/logrus/go.mod b/vendor/github.com/sirupsen/logrus/go.mod
new file mode 100644
index 0000000000000..b3919d5eabf89
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/go.mod
@@ -0,0 +1,10 @@
+module github.com/sirupsen/logrus
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/testify v1.2.2
+	golang.org/x/sys v0.0.0-20191026070338-33540a1f6037
+)
+
+go 1.13
diff --git a/vendor/github.com/sirupsen/logrus/json_formatter.go b/vendor/github.com/sirupsen/logrus/json_formatter.go
index dab17610f172e..c96dc5636bf04 100644
--- a/vendor/github.com/sirupsen/logrus/json_formatter.go
+++ b/vendor/github.com/sirupsen/logrus/json_formatter.go
@@ -1,8 +1,10 @@
 package logrus
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
+	"runtime"
 )
 
 type fieldKey string
@@ -10,13 +12,6 @@ type fieldKey string
 // FieldMap allows customization of the key names for default fields.
 type FieldMap map[fieldKey]string
 
-// Default key names for the default fields
-const (
-	FieldKeyMsg   = "msg"
-	FieldKeyLevel = "level"
-	FieldKeyTime  = "time"
-)
-
 func (f FieldMap) resolve(key fieldKey) string {
 	if k, ok := f[key]; ok {
 		return k
@@ -28,11 +23,17 @@ func (f FieldMap) resolve(key fieldKey) string {
 // JSONFormatter formats logs into parsable json
 type JSONFormatter struct {
 	// TimestampFormat sets the format used for marshaling timestamps.
+	// The format to use is the same than for time.Format or time.Parse from the standard
+	// library.
+	// The standard Library already provides a set of predefined format.
 	TimestampFormat string
 
 	// DisableTimestamp allows disabling automatic timestamps in output
 	DisableTimestamp bool
 
+	// DisableHTMLEscape allows disabling html escaping in output
+	DisableHTMLEscape bool
+
 	// DataKey allows users to put all the log entry parameters into a nested dictionary at a given key.
 	DataKey string
 
@@ -40,17 +41,27 @@ type JSONFormatter struct {
 	// As an example:
 	// formatter := &JSONFormatter{
 	//   	FieldMap: FieldMap{
-	// 		 FieldKeyTime: "@timestamp",
+	// 		 FieldKeyTime:  "@timestamp",
 	// 		 FieldKeyLevel: "@level",
-	// 		 FieldKeyMsg: "@message",
+	// 		 FieldKeyMsg:   "@message",
+	// 		 FieldKeyFunc:  "@caller",
 	//    },
 	// }
 	FieldMap FieldMap
+
+	// CallerPrettyfier can be set by the user to modify the content
+	// of the function and file keys in the json data when ReportCaller is
+	// activated. If any of the returned value is the empty string the
+	// corresponding key will be removed from json fields.
+	CallerPrettyfier func(*runtime.Frame) (function string, file string)
+
+	// PrettyPrint will indent all json logs
+	PrettyPrint bool
 }
 
 // Format renders a single log entry
 func (f *JSONFormatter) Format(entry *Entry) ([]byte, error) {
-	data := make(Fields, len(entry.Data)+3)
+	data := make(Fields, len(entry.Data)+4)
 	for k, v := range entry.Data {
 		switch v := v.(type) {
 		case error:
@@ -68,22 +79,50 @@ func (f *JSONFormatter) Format(entry *Entry) ([]byte, error) {
 		data = newData
 	}
 
-	prefixFieldClashes(data, f.FieldMap)
+	prefixFieldClashes(data, f.FieldMap, entry.HasCaller())
 
 	timestampFormat := f.TimestampFormat
 	if timestampFormat == "" {
 		timestampFormat = defaultTimestampFormat
 	}
 
+	if entry.err != "" {
+		data[f.FieldMap.resolve(FieldKeyLogrusError)] = entry.err
+	}
 	if !f.DisableTimestamp {
 		data[f.FieldMap.resolve(FieldKeyTime)] = entry.Time.Format(timestampFormat)
 	}
 	data[f.FieldMap.resolve(FieldKeyMsg)] = entry.Message
 	data[f.FieldMap.resolve(FieldKeyLevel)] = entry.Level.String()
+	if entry.HasCaller() {
+		funcVal := entry.Caller.Function
+		fileVal := fmt.Sprintf("%s:%d", entry.Caller.File, entry.Caller.Line)
+		if f.CallerPrettyfier != nil {
+			funcVal, fileVal = f.CallerPrettyfier(entry.Caller)
+		}
+		if funcVal != "" {
+			data[f.FieldMap.resolve(FieldKeyFunc)] = funcVal
+		}
+		if fileVal != "" {
+			data[f.FieldMap.resolve(FieldKeyFile)] = fileVal
+		}
+	}
 
-	serialized, err := json.Marshal(data)
-	if err != nil {
-		return nil, fmt.Errorf("Failed to marshal fields to JSON, %v", err)
+	var b *bytes.Buffer
+	if entry.Buffer != nil {
+		b = entry.Buffer
+	} else {
+		b = &bytes.Buffer{}
 	}
-	return append(serialized, '\n'), nil
+
+	encoder := json.NewEncoder(b)
+	encoder.SetEscapeHTML(!f.DisableHTMLEscape)
+	if f.PrettyPrint {
+		encoder.SetIndent("", "  ")
+	}
+	if err := encoder.Encode(data); err != nil {
+		return nil, fmt.Errorf("failed to marshal fields to JSON, %w", err)
+	}
+
+	return b.Bytes(), nil
 }
diff --git a/vendor/github.com/sirupsen/logrus/logger.go b/vendor/github.com/sirupsen/logrus/logger.go
index 342f7977d85b8..337704457a288 100644
--- a/vendor/github.com/sirupsen/logrus/logger.go
+++ b/vendor/github.com/sirupsen/logrus/logger.go
@@ -1,6 +1,7 @@
 package logrus
 
 import (
+	"context"
 	"io"
 	"os"
 	"sync"
@@ -8,10 +9,15 @@ import (
 	"time"
 )
 
+// LogFunction For big messages, it can be more efficient to pass a function
+// and only call it if the log level is actually enables rather than
+// generating the log message and then checking if the level is enabled
+type LogFunction func() []interface{}
+
 type Logger struct {
 	// The logs are `io.Copy`'d to this in a mutex. It's common to set this to a
 	// file, or leave it default which is `os.Stderr`. You can also set this to
-	// something more adventorous, such as logging to Kafka.
+	// something more adventurous, such as logging to Kafka.
 	Out io.Writer
 	// Hooks for the logger instance. These allow firing events based on logging
 	// levels and log entries. For example, to send errors to an error tracking
@@ -24,6 +30,10 @@ type Logger struct {
 	// own that implements the `Formatter` interface, see the `README` or included
 	// formatters for examples.
 	Formatter Formatter
+
+	// Flag for whether to log caller info (off by default)
+	ReportCaller bool
+
 	// The logging level the logger should log at. This is typically (and defaults
 	// to) `logrus.Info`, which allows Info(), Warn(), Error() and Fatal() to be
 	// logged.
@@ -32,8 +42,12 @@ type Logger struct {
 	mu MutexWrap
 	// Reusable empty entry
 	entryPool sync.Pool
+	// Function to exit the application, defaults to `os.Exit()`
+	ExitFunc exitFunc
 }
 
+type exitFunc func(int)
+
 type MutexWrap struct {
 	lock     sync.Mutex
 	disabled bool
@@ -59,20 +73,22 @@ func (mw *MutexWrap) Disable() {
 // `Out` and `Hooks` directly on the default logger instance. You can also just
 // instantiate your own:
 //
-//    var log = &Logger{
+//    var log = &logrus.Logger{
 //      Out: os.Stderr,
-//      Formatter: new(JSONFormatter),
-//      Hooks: make(LevelHooks),
+//      Formatter: new(logrus.TextFormatter),
+//      Hooks: make(logrus.LevelHooks),
 //      Level: logrus.DebugLevel,
 //    }
 //
 // It's recommended to make this a global instance called `log`.
 func New() *Logger {
 	return &Logger{
-		Out:       os.Stderr,
-		Formatter: new(TextFormatter),
-		Hooks:     make(LevelHooks),
-		Level:     InfoLevel,
+		Out:          os.Stderr,
+		Formatter:    new(TextFormatter),
+		Hooks:        make(LevelHooks),
+		Level:        InfoLevel,
+		ExitFunc:     os.Exit,
+		ReportCaller: false,
 	}
 }
 
@@ -85,11 +101,13 @@ func (logger *Logger) newEntry() *Entry {
 }
 
 func (logger *Logger) releaseEntry(entry *Entry) {
+	entry.Data = map[string]interface{}{}
 	logger.entryPool.Put(entry)
 }
 
-// Adds a field to the log entry, note that it doesn't log until you call
-// Debug, Print, Info, Warn, Error, Fatal or Panic. It only creates a log entry.
+// WithField allocates a new entry and adds a field to it.
+// Debug, Print, Info, Warn, Error, Fatal or Panic must be then applied to
+// this new returned entry.
 // If you want multiple fields, use `WithFields`.
 func (logger *Logger) WithField(key string, value interface{}) *Entry {
 	entry := logger.newEntry()
@@ -113,6 +131,13 @@ func (logger *Logger) WithError(err error) *Entry {
 	return entry.WithError(err)
 }
 
+// Add a context to the log entry.
+func (logger *Logger) WithContext(ctx context.Context) *Entry {
+	entry := logger.newEntry()
+	defer logger.releaseEntry(entry)
+	return entry.WithContext(ctx)
+}
+
 // Overrides the time of the log entry.
 func (logger *Logger) WithTime(t time.Time) *Entry {
 	entry := logger.newEntry()
@@ -120,20 +145,24 @@ func (logger *Logger) WithTime(t time.Time) *Entry {
 	return entry.WithTime(t)
 }
 
-func (logger *Logger) Debugf(format string, args ...interface{}) {
-	if logger.level() >= DebugLevel {
+func (logger *Logger) Logf(level Level, format string, args ...interface{}) {
+	if logger.IsLevelEnabled(level) {
 		entry := logger.newEntry()
-		entry.Debugf(format, args...)
+		entry.Logf(level, format, args...)
 		logger.releaseEntry(entry)
 	}
 }
 
+func (logger *Logger) Tracef(format string, args ...interface{}) {
+	logger.Logf(TraceLevel, format, args...)
+}
+
+func (logger *Logger) Debugf(format string, args ...interface{}) {
+	logger.Logf(DebugLevel, format, args...)
+}
+
 func (logger *Logger) Infof(format string, args ...interface{}) {
-	if logger.level() >= InfoLevel {
-		entry := logger.newEntry()
-		entry.Infof(format, args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Logf(InfoLevel, format, args...)
 }
 
 func (logger *Logger) Printf(format string, args ...interface{}) {
@@ -143,123 +172,138 @@ func (logger *Logger) Printf(format string, args ...interface{}) {
 }
 
 func (logger *Logger) Warnf(format string, args ...interface{}) {
-	if logger.level() >= WarnLevel {
-		entry := logger.newEntry()
-		entry.Warnf(format, args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Logf(WarnLevel, format, args...)
 }
 
 func (logger *Logger) Warningf(format string, args ...interface{}) {
-	if logger.level() >= WarnLevel {
-		entry := logger.newEntry()
-		entry.Warnf(format, args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Warnf(format, args...)
 }
 
 func (logger *Logger) Errorf(format string, args ...interface{}) {
-	if logger.level() >= ErrorLevel {
-		entry := logger.newEntry()
-		entry.Errorf(format, args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Logf(ErrorLevel, format, args...)
 }
 
 func (logger *Logger) Fatalf(format string, args ...interface{}) {
-	if logger.level() >= FatalLevel {
-		entry := logger.newEntry()
-		entry.Fatalf(format, args...)
-		logger.releaseEntry(entry)
-	}
-	Exit(1)
+	logger.Logf(FatalLevel, format, args...)
+	logger.Exit(1)
 }
 
 func (logger *Logger) Panicf(format string, args ...interface{}) {
-	if logger.level() >= PanicLevel {
+	logger.Logf(PanicLevel, format, args...)
+}
+
+func (logger *Logger) Log(level Level, args ...interface{}) {
+	if logger.IsLevelEnabled(level) {
 		entry := logger.newEntry()
-		entry.Panicf(format, args...)
+		entry.Log(level, args...)
 		logger.releaseEntry(entry)
 	}
 }
 
-func (logger *Logger) Debug(args ...interface{}) {
-	if logger.level() >= DebugLevel {
+func (logger *Logger) LogFn(level Level, fn LogFunction) {
+	if logger.IsLevelEnabled(level) {
 		entry := logger.newEntry()
-		entry.Debug(args...)
+		entry.Log(level, fn()...)
 		logger.releaseEntry(entry)
 	}
 }
 
+func (logger *Logger) Trace(args ...interface{}) {
+	logger.Log(TraceLevel, args...)
+}
+
+func (logger *Logger) Debug(args ...interface{}) {
+	logger.Log(DebugLevel, args...)
+}
+
 func (logger *Logger) Info(args ...interface{}) {
-	if logger.level() >= InfoLevel {
-		entry := logger.newEntry()
-		entry.Info(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Log(InfoLevel, args...)
 }
 
 func (logger *Logger) Print(args ...interface{}) {
 	entry := logger.newEntry()
-	entry.Info(args...)
+	entry.Print(args...)
 	logger.releaseEntry(entry)
 }
 
 func (logger *Logger) Warn(args ...interface{}) {
-	if logger.level() >= WarnLevel {
-		entry := logger.newEntry()
-		entry.Warn(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Log(WarnLevel, args...)
 }
 
 func (logger *Logger) Warning(args ...interface{}) {
-	if logger.level() >= WarnLevel {
-		entry := logger.newEntry()
-		entry.Warn(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Warn(args...)
 }
 
 func (logger *Logger) Error(args ...interface{}) {
-	if logger.level() >= ErrorLevel {
-		entry := logger.newEntry()
-		entry.Error(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Log(ErrorLevel, args...)
 }
 
 func (logger *Logger) Fatal(args ...interface{}) {
-	if logger.level() >= FatalLevel {
-		entry := logger.newEntry()
-		entry.Fatal(args...)
-		logger.releaseEntry(entry)
-	}
-	Exit(1)
+	logger.Log(FatalLevel, args...)
+	logger.Exit(1)
 }
 
 func (logger *Logger) Panic(args ...interface{}) {
-	if logger.level() >= PanicLevel {
+	logger.Log(PanicLevel, args...)
+}
+
+func (logger *Logger) TraceFn(fn LogFunction) {
+	logger.LogFn(TraceLevel, fn)
+}
+
+func (logger *Logger) DebugFn(fn LogFunction) {
+	logger.LogFn(DebugLevel, fn)
+}
+
+func (logger *Logger) InfoFn(fn LogFunction) {
+	logger.LogFn(InfoLevel, fn)
+}
+
+func (logger *Logger) PrintFn(fn LogFunction) {
+	entry := logger.newEntry()
+	entry.Print(fn()...)
+	logger.releaseEntry(entry)
+}
+
+func (logger *Logger) WarnFn(fn LogFunction) {
+	logger.LogFn(WarnLevel, fn)
+}
+
+func (logger *Logger) WarningFn(fn LogFunction) {
+	logger.WarnFn(fn)
+}
+
+func (logger *Logger) ErrorFn(fn LogFunction) {
+	logger.LogFn(ErrorLevel, fn)
+}
+
+func (logger *Logger) FatalFn(fn LogFunction) {
+	logger.LogFn(FatalLevel, fn)
+	logger.Exit(1)
+}
+
+func (logger *Logger) PanicFn(fn LogFunction) {
+	logger.LogFn(PanicLevel, fn)
+}
+
+func (logger *Logger) Logln(level Level, args ...interface{}) {
+	if logger.IsLevelEnabled(level) {
 		entry := logger.newEntry()
-		entry.Panic(args...)
+		entry.Logln(level, args...)
 		logger.releaseEntry(entry)
 	}
 }
 
+func (logger *Logger) Traceln(args ...interface{}) {
+	logger.Logln(TraceLevel, args...)
+}
+
 func (logger *Logger) Debugln(args ...interface{}) {
-	if logger.level() >= DebugLevel {
-		entry := logger.newEntry()
-		entry.Debugln(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Logln(DebugLevel, args...)
 }
 
 func (logger *Logger) Infoln(args ...interface{}) {
-	if logger.level() >= InfoLevel {
-		entry := logger.newEntry()
-		entry.Infoln(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Logln(InfoLevel, args...)
 }
 
 func (logger *Logger) Println(args ...interface{}) {
@@ -269,44 +313,32 @@ func (logger *Logger) Println(args ...interface{}) {
 }
 
 func (logger *Logger) Warnln(args ...interface{}) {
-	if logger.level() >= WarnLevel {
-		entry := logger.newEntry()
-		entry.Warnln(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Logln(WarnLevel, args...)
 }
 
 func (logger *Logger) Warningln(args ...interface{}) {
-	if logger.level() >= WarnLevel {
-		entry := logger.newEntry()
-		entry.Warnln(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Warnln(args...)
 }
 
 func (logger *Logger) Errorln(args ...interface{}) {
-	if logger.level() >= ErrorLevel {
-		entry := logger.newEntry()
-		entry.Errorln(args...)
-		logger.releaseEntry(entry)
-	}
+	logger.Logln(ErrorLevel, args...)
 }
 
 func (logger *Logger) Fatalln(args ...interface{}) {
-	if logger.level() >= FatalLevel {
-		entry := logger.newEntry()
-		entry.Fatalln(args...)
-		logger.releaseEntry(entry)
-	}
-	Exit(1)
+	logger.Logln(FatalLevel, args...)
+	logger.Exit(1)
 }
 
 func (logger *Logger) Panicln(args ...interface{}) {
-	if logger.level() >= PanicLevel {
-		entry := logger.newEntry()
-		entry.Panicln(args...)
-		logger.releaseEntry(entry)
+	logger.Logln(PanicLevel, args...)
+}
+
+func (logger *Logger) Exit(code int) {
+	runHandlers()
+	if logger.ExitFunc == nil {
+		logger.ExitFunc = os.Exit
 	}
+	logger.ExitFunc(code)
 }
 
 //When file is opened with appending mode, it's safe to
@@ -320,18 +352,53 @@ func (logger *Logger) level() Level {
 	return Level(atomic.LoadUint32((*uint32)(&logger.Level)))
 }
 
+// SetLevel sets the logger level.
 func (logger *Logger) SetLevel(level Level) {
 	atomic.StoreUint32((*uint32)(&logger.Level), uint32(level))
 }
 
-func (logger *Logger) SetOutput(out io.Writer) {
-	logger.mu.Lock()
-	defer logger.mu.Unlock()
-	logger.Out = out
+// GetLevel returns the logger level.
+func (logger *Logger) GetLevel() Level {
+	return logger.level()
 }
 
+// AddHook adds a hook to the logger hooks.
 func (logger *Logger) AddHook(hook Hook) {
 	logger.mu.Lock()
 	defer logger.mu.Unlock()
 	logger.Hooks.Add(hook)
 }
+
+// IsLevelEnabled checks if the log level of the logger is greater than the level param
+func (logger *Logger) IsLevelEnabled(level Level) bool {
+	return logger.level() >= level
+}
+
+// SetFormatter sets the logger formatter.
+func (logger *Logger) SetFormatter(formatter Formatter) {
+	logger.mu.Lock()
+	defer logger.mu.Unlock()
+	logger.Formatter = formatter
+}
+
+// SetOutput sets the logger output.
+func (logger *Logger) SetOutput(output io.Writer) {
+	logger.mu.Lock()
+	defer logger.mu.Unlock()
+	logger.Out = output
+}
+
+func (logger *Logger) SetReportCaller(reportCaller bool) {
+	logger.mu.Lock()
+	defer logger.mu.Unlock()
+	logger.ReportCaller = reportCaller
+}
+
+// ReplaceHooks replaces the logger hooks and returns the old ones
+func (logger *Logger) ReplaceHooks(hooks LevelHooks) LevelHooks {
+	logger.mu.Lock()
+	oldHooks := logger.Hooks
+	logger.Hooks = hooks
+	logger.mu.Unlock()
+	return oldHooks
+}
diff --git a/vendor/github.com/sirupsen/logrus/logrus.go b/vendor/github.com/sirupsen/logrus/logrus.go
index dd38999741ed0..2f16224cb9ffa 100644
--- a/vendor/github.com/sirupsen/logrus/logrus.go
+++ b/vendor/github.com/sirupsen/logrus/logrus.go
@@ -14,22 +14,11 @@ type Level uint32
 
 // Convert the Level to a string. E.g. PanicLevel becomes "panic".
 func (level Level) String() string {
-	switch level {
-	case DebugLevel:
-		return "debug"
-	case InfoLevel:
-		return "info"
-	case WarnLevel:
-		return "warning"
-	case ErrorLevel:
-		return "error"
-	case FatalLevel:
-		return "fatal"
-	case PanicLevel:
-		return "panic"
+	if b, err := level.MarshalText(); err == nil {
+		return string(b)
+	} else {
+		return "unknown"
 	}
-
-	return "unknown"
 }
 
 // ParseLevel takes a string level and returns the Logrus log level constant.
@@ -47,12 +36,47 @@ func ParseLevel(lvl string) (Level, error) {
 		return InfoLevel, nil
 	case "debug":
 		return DebugLevel, nil
+	case "trace":
+		return TraceLevel, nil
 	}
 
 	var l Level
 	return l, fmt.Errorf("not a valid logrus Level: %q", lvl)
 }
 
+// UnmarshalText implements encoding.TextUnmarshaler.
+func (level *Level) UnmarshalText(text []byte) error {
+	l, err := ParseLevel(string(text))
+	if err != nil {
+		return err
+	}
+
+	*level = l
+
+	return nil
+}
+
+func (level Level) MarshalText() ([]byte, error) {
+	switch level {
+	case TraceLevel:
+		return []byte("trace"), nil
+	case DebugLevel:
+		return []byte("debug"), nil
+	case InfoLevel:
+		return []byte("info"), nil
+	case WarnLevel:
+		return []byte("warning"), nil
+	case ErrorLevel:
+		return []byte("error"), nil
+	case FatalLevel:
+		return []byte("fatal"), nil
+	case PanicLevel:
+		return []byte("panic"), nil
+	}
+
+	return nil, fmt.Errorf("not a valid logrus level %d", level)
+}
+
 // A constant exposing all logging levels
 var AllLevels = []Level{
 	PanicLevel,
@@ -61,6 +85,7 @@ var AllLevels = []Level{
 	WarnLevel,
 	InfoLevel,
 	DebugLevel,
+	TraceLevel,
 }
 
 // These are the different logging levels. You can set the logging level to log
@@ -69,7 +94,7 @@ const (
 	// PanicLevel level, highest level of severity. Logs and then calls panic with the
 	// message passed to Debug, Info, ...
 	PanicLevel Level = iota
-	// FatalLevel level. Logs and then calls `os.Exit(1)`. It will exit even if the
+	// FatalLevel level. Logs and then calls `logger.Exit(1)`. It will exit even if the
 	// logging level is set to Panic.
 	FatalLevel
 	// ErrorLevel level. Logs. Used for errors that should definitely be noted.
@@ -82,6 +107,8 @@ const (
 	InfoLevel
 	// DebugLevel level. Usually only enabled when debugging. Very verbose logging.
 	DebugLevel
+	// TraceLevel level. Designates finer-grained informational events than the Debug.
+	TraceLevel
 )
 
 // Won't compile if StdLogger can't be realized by a log.Logger
@@ -140,4 +167,20 @@ type FieldLogger interface {
 	Errorln(args ...interface{})
 	Fatalln(args ...interface{})
 	Panicln(args ...interface{})
+
+	// IsDebugEnabled() bool
+	// IsInfoEnabled() bool
+	// IsWarnEnabled() bool
+	// IsErrorEnabled() bool
+	// IsFatalEnabled() bool
+	// IsPanicEnabled() bool
+}
+
+// Ext1FieldLogger (the first extension to FieldLogger) is superfluous, it is
+// here for consistancy. Do not use. Use Logger or Entry instead.
+type Ext1FieldLogger interface {
+	FieldLogger
+	Tracef(format string, args ...interface{})
+	Trace(args ...interface{})
+	Traceln(args ...interface{})
 }
diff --git a/vendor/github.com/sirupsen/logrus/terminal_bsd.go b/vendor/github.com/sirupsen/logrus/terminal_bsd.go
deleted file mode 100644
index 4880d13d26d80..0000000000000
--- a/vendor/github.com/sirupsen/logrus/terminal_bsd.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// +build darwin freebsd openbsd netbsd dragonfly
-// +build !appengine,!gopherjs
-
-package logrus
-
-import "golang.org/x/sys/unix"
-
-const ioctlReadTermios = unix.TIOCGETA
-
-type Termios unix.Termios
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_appengine.go b/vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
index 3de08e802fde8..2403de981929f 100644
--- a/vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
@@ -1,4 +1,4 @@
-// +build appengine gopherjs
+// +build appengine
 
 package logrus
 
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go b/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
new file mode 100644
index 0000000000000..499789984d2bf
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
@@ -0,0 +1,13 @@
+// +build darwin dragonfly freebsd netbsd openbsd
+// +build !js
+
+package logrus
+
+import "golang.org/x/sys/unix"
+
+const ioctlReadTermios = unix.TIOCGETA
+
+func isTerminal(fd int) bool {
+	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
+	return err == nil
+}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_js.go b/vendor/github.com/sirupsen/logrus/terminal_check_js.go
new file mode 100644
index 0000000000000..ebdae3ec62629
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_js.go
@@ -0,0 +1,7 @@
+// +build js
+
+package logrus
+
+func isTerminal(fd int) bool {
+	return false
+}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_no_terminal.go b/vendor/github.com/sirupsen/logrus/terminal_check_no_terminal.go
new file mode 100644
index 0000000000000..97af92c68ea2d
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_no_terminal.go
@@ -0,0 +1,11 @@
+// +build js nacl plan9
+
+package logrus
+
+import (
+	"io"
+)
+
+func checkIfTerminal(w io.Writer) bool {
+	return false
+}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go b/vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
index 067047a123340..3293fb3caad45 100644
--- a/vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
@@ -1,18 +1,16 @@
-// +build !appengine,!gopherjs
+// +build !appengine,!js,!windows,!nacl,!plan9
 
 package logrus
 
 import (
 	"io"
 	"os"
-
-	"golang.org/x/crypto/ssh/terminal"
 )
 
 func checkIfTerminal(w io.Writer) bool {
 	switch v := w.(type) {
 	case *os.File:
-		return terminal.IsTerminal(int(v.Fd()))
+		return isTerminal(int(v.Fd()))
 	default:
 		return false
 	}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_solaris.go b/vendor/github.com/sirupsen/logrus/terminal_check_solaris.go
new file mode 100644
index 0000000000000..f6710b3bd0b04
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_solaris.go
@@ -0,0 +1,11 @@
+package logrus
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// IsTerminal returns true if the given file descriptor is a terminal.
+func isTerminal(fd int) bool {
+	_, err := unix.IoctlGetTermio(fd, unix.TCGETA)
+	return err == nil
+}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_unix.go b/vendor/github.com/sirupsen/logrus/terminal_check_unix.go
new file mode 100644
index 0000000000000..04748b8515f16
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_unix.go
@@ -0,0 +1,13 @@
+// +build linux aix zos
+// +build !js
+
+package logrus
+
+import "golang.org/x/sys/unix"
+
+const ioctlReadTermios = unix.TCGETS
+
+func isTerminal(fd int) bool {
+	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
+	return err == nil
+}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_windows.go b/vendor/github.com/sirupsen/logrus/terminal_check_windows.go
new file mode 100644
index 0000000000000..2879eb50ea6d5
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_windows.go
@@ -0,0 +1,27 @@
+// +build !appengine,!js,windows
+
+package logrus
+
+import (
+	"io"
+	"os"
+
+	"golang.org/x/sys/windows"
+)
+
+func checkIfTerminal(w io.Writer) bool {
+	switch v := w.(type) {
+	case *os.File:
+		handle := windows.Handle(v.Fd())
+		var mode uint32
+		if err := windows.GetConsoleMode(handle, &mode); err != nil {
+			return false
+		}
+		mode |= windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING
+		if err := windows.SetConsoleMode(handle, mode); err != nil {
+			return false
+		}
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_linux.go b/vendor/github.com/sirupsen/logrus/terminal_linux.go
deleted file mode 100644
index f29a0097c81d5..0000000000000
--- a/vendor/github.com/sirupsen/logrus/terminal_linux.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Based on ssh/terminal:
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !appengine,!gopherjs
-
-package logrus
-
-import "golang.org/x/sys/unix"
-
-const ioctlReadTermios = unix.TCGETS
-
-type Termios unix.Termios
diff --git a/vendor/github.com/sirupsen/logrus/text_formatter.go b/vendor/github.com/sirupsen/logrus/text_formatter.go
index 3e55040304dfb..be2c6efe5ed03 100644
--- a/vendor/github.com/sirupsen/logrus/text_formatter.go
+++ b/vendor/github.com/sirupsen/logrus/text_formatter.go
@@ -3,25 +3,24 @@ package logrus
 import (
 	"bytes"
 	"fmt"
+	"os"
+	"runtime"
 	"sort"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
+	"unicode/utf8"
 )
 
 const (
-	nocolor = 0
-	red     = 31
-	green   = 32
-	yellow  = 33
-	blue    = 36
-	gray    = 37
+	red    = 31
+	yellow = 33
+	blue   = 36
+	gray   = 37
 )
 
-var (
-	baseTimestamp time.Time
-	emptyFieldMap FieldMap
-)
+var baseTimestamp time.Time
 
 func init() {
 	baseTimestamp = time.Now()
@@ -35,6 +34,17 @@ type TextFormatter struct {
 	// Force disabling colors.
 	DisableColors bool
 
+	// Force quoting of all values
+	ForceQuote bool
+
+	// DisableQuote disables quoting for all values.
+	// DisableQuote will have a lower priority than ForceQuote.
+	// If both of them are set to true, quote will be forced on all values.
+	DisableQuote bool
+
+	// Override coloring based on CLICOLOR and CLICOLOR_FORCE. - https://bixense.com/clicolors/
+	EnvironmentOverrideColors bool
+
 	// Disable timestamp logging. useful when output is redirected to logging
 	// system that already adds timestamps.
 	DisableTimestamp bool
@@ -43,7 +53,10 @@ type TextFormatter struct {
 	// the time passed since beginning of execution.
 	FullTimestamp bool
 
-	// TimestampFormat to use for display when a full timestamp is printed
+	// TimestampFormat to use for display when a full timestamp is printed.
+	// The format to use is the same than for time.Format or time.Parse from the standard
+	// library.
+	// The standard Library already provides a set of predefined format.
 	TimestampFormat string
 
 	// The fields are sorted by default for a consistent output. For applications
@@ -51,9 +64,16 @@ type TextFormatter struct {
 	// be desired.
 	DisableSorting bool
 
+	// The keys sorting function, when uninitialized it uses sort.Strings.
+	SortingFunc func([]string)
+
 	// Disables the truncation of the level text to 4 characters.
 	DisableLevelTruncation bool
 
+	// PadLevelText Adds padding the level text so that all the levels output at the same length
+	// PadLevelText is a superset of the DisableLevelTruncation option
+	PadLevelText bool
+
 	// QuoteEmptyFields will wrap empty fields in quotes if true
 	QuoteEmptyFields bool
 
@@ -69,26 +89,101 @@ type TextFormatter struct {
 	//         FieldKeyMsg:   "@message"}}
 	FieldMap FieldMap
 
-	sync.Once
+	// CallerPrettyfier can be set by the user to modify the content
+	// of the function and file keys in the data when ReportCaller is
+	// activated. If any of the returned value is the empty string the
+	// corresponding key will be removed from fields.
+	CallerPrettyfier func(*runtime.Frame) (function string, file string)
+
+	terminalInitOnce sync.Once
+
+	// The max length of the level text, generated dynamically on init
+	levelTextMaxLength int
 }
 
 func (f *TextFormatter) init(entry *Entry) {
 	if entry.Logger != nil {
 		f.isTerminal = checkIfTerminal(entry.Logger.Out)
 	}
+	// Get the max length of the level text
+	for _, level := range AllLevels {
+		levelTextLength := utf8.RuneCount([]byte(level.String()))
+		if levelTextLength > f.levelTextMaxLength {
+			f.levelTextMaxLength = levelTextLength
+		}
+	}
+}
+
+func (f *TextFormatter) isColored() bool {
+	isColored := f.ForceColors || (f.isTerminal && (runtime.GOOS != "windows"))
+
+	if f.EnvironmentOverrideColors {
+		switch force, ok := os.LookupEnv("CLICOLOR_FORCE"); {
+		case ok && force != "0":
+			isColored = true
+		case ok && force == "0", os.Getenv("CLICOLOR") == "0":
+			isColored = false
+		}
+	}
+
+	return isColored && !f.DisableColors
 }
 
 // Format renders a single log entry
 func (f *TextFormatter) Format(entry *Entry) ([]byte, error) {
-	prefixFieldClashes(entry.Data, f.FieldMap)
-
-	keys := make([]string, 0, len(entry.Data))
-	for k := range entry.Data {
+	data := make(Fields)
+	for k, v := range entry.Data {
+		data[k] = v
+	}
+	prefixFieldClashes(data, f.FieldMap, entry.HasCaller())
+	keys := make([]string, 0, len(data))
+	for k := range data {
 		keys = append(keys, k)
 	}
 
+	var funcVal, fileVal string
+
+	fixedKeys := make([]string, 0, 4+len(data))
+	if !f.DisableTimestamp {
+		fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyTime))
+	}
+	fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyLevel))
+	if entry.Message != "" {
+		fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyMsg))
+	}
+	if entry.err != "" {
+		fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyLogrusError))
+	}
+	if entry.HasCaller() {
+		if f.CallerPrettyfier != nil {
+			funcVal, fileVal = f.CallerPrettyfier(entry.Caller)
+		} else {
+			funcVal = entry.Caller.Function
+			fileVal = fmt.Sprintf("%s:%d", entry.Caller.File, entry.Caller.Line)
+		}
+
+		if funcVal != "" {
+			fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyFunc))
+		}
+		if fileVal != "" {
+			fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyFile))
+		}
+	}
+
 	if !f.DisableSorting {
-		sort.Strings(keys)
+		if f.SortingFunc == nil {
+			sort.Strings(keys)
+			fixedKeys = append(fixedKeys, keys...)
+		} else {
+			if !f.isColored() {
+				fixedKeys = append(fixedKeys, keys...)
+				f.SortingFunc(fixedKeys)
+			} else {
+				f.SortingFunc(keys)
+			}
+		}
+	} else {
+		fixedKeys = append(fixedKeys, keys...)
 	}
 
 	var b *bytes.Buffer
@@ -98,26 +193,35 @@ func (f *TextFormatter) Format(entry *Entry) ([]byte, error) {
 		b = &bytes.Buffer{}
 	}
 
-	f.Do(func() { f.init(entry) })
-
-	isColored := (f.ForceColors || f.isTerminal) && !f.DisableColors
+	f.terminalInitOnce.Do(func() { f.init(entry) })
 
 	timestampFormat := f.TimestampFormat
 	if timestampFormat == "" {
 		timestampFormat = defaultTimestampFormat
 	}
-	if isColored {
-		f.printColored(b, entry, keys, timestampFormat)
+	if f.isColored() {
+		f.printColored(b, entry, keys, data, timestampFormat)
 	} else {
-		if !f.DisableTimestamp {
-			f.appendKeyValue(b, f.FieldMap.resolve(FieldKeyTime), entry.Time.Format(timestampFormat))
-		}
-		f.appendKeyValue(b, f.FieldMap.resolve(FieldKeyLevel), entry.Level.String())
-		if entry.Message != "" {
-			f.appendKeyValue(b, f.FieldMap.resolve(FieldKeyMsg), entry.Message)
-		}
-		for _, key := range keys {
-			f.appendKeyValue(b, key, entry.Data[key])
+
+		for _, key := range fixedKeys {
+			var value interface{}
+			switch {
+			case key == f.FieldMap.resolve(FieldKeyTime):
+				value = entry.Time.Format(timestampFormat)
+			case key == f.FieldMap.resolve(FieldKeyLevel):
+				value = entry.Level.String()
+			case key == f.FieldMap.resolve(FieldKeyMsg):
+				value = entry.Message
+			case key == f.FieldMap.resolve(FieldKeyLogrusError):
+				value = entry.err
+			case key == f.FieldMap.resolve(FieldKeyFunc) && entry.HasCaller():
+				value = funcVal
+			case key == f.FieldMap.resolve(FieldKeyFile) && entry.HasCaller():
+				value = fileVal
+			default:
+				value = data[key]
+			}
+			f.appendKeyValue(b, key, value)
 		}
 	}
 
@@ -125,42 +229,82 @@ func (f *TextFormatter) Format(entry *Entry) ([]byte, error) {
 	return b.Bytes(), nil
 }
 
-func (f *TextFormatter) printColored(b *bytes.Buffer, entry *Entry, keys []string, timestampFormat string) {
+func (f *TextFormatter) printColored(b *bytes.Buffer, entry *Entry, keys []string, data Fields, timestampFormat string) {
 	var levelColor int
 	switch entry.Level {
-	case DebugLevel:
+	case DebugLevel, TraceLevel:
 		levelColor = gray
 	case WarnLevel:
 		levelColor = yellow
 	case ErrorLevel, FatalLevel, PanicLevel:
 		levelColor = red
+	case InfoLevel:
+		levelColor = blue
 	default:
 		levelColor = blue
 	}
 
 	levelText := strings.ToUpper(entry.Level.String())
-	if !f.DisableLevelTruncation {
+	if !f.DisableLevelTruncation && !f.PadLevelText {
 		levelText = levelText[0:4]
 	}
+	if f.PadLevelText {
+		// Generates the format string used in the next line, for example "%-6s" or "%-7s".
+		// Based on the max level text length.
+		formatString := "%-" + strconv.Itoa(f.levelTextMaxLength) + "s"
+		// Formats the level text by appending spaces up to the max length, for example:
+		// 	- "INFO   "
+		//	- "WARNING"
+		levelText = fmt.Sprintf(formatString, levelText)
+	}
 
-	if f.DisableTimestamp {
-		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m %-44s ", levelColor, levelText, entry.Message)
-	} else if !f.FullTimestamp {
-		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%04d] %-44s ", levelColor, levelText, int(entry.Time.Sub(baseTimestamp)/time.Second), entry.Message)
-	} else {
-		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%s] %-44s ", levelColor, levelText, entry.Time.Format(timestampFormat), entry.Message)
+	// Remove a single newline if it already exists in the message to keep
+	// the behavior of logrus text_formatter the same as the stdlib log package
+	entry.Message = strings.TrimSuffix(entry.Message, "\n")
+
+	caller := ""
+	if entry.HasCaller() {
+		funcVal := fmt.Sprintf("%s()", entry.Caller.Function)
+		fileVal := fmt.Sprintf("%s:%d", entry.Caller.File, entry.Caller.Line)
+
+		if f.CallerPrettyfier != nil {
+			funcVal, fileVal = f.CallerPrettyfier(entry.Caller)
+		}
+
+		if fileVal == "" {
+			caller = funcVal
+		} else if funcVal == "" {
+			caller = fileVal
+		} else {
+			caller = fileVal + " " + funcVal
+		}
+	}
+
+	switch {
+	case f.DisableTimestamp:
+		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m%s %-44s ", levelColor, levelText, caller, entry.Message)
+	case !f.FullTimestamp:
+		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%04d]%s %-44s ", levelColor, levelText, int(entry.Time.Sub(baseTimestamp)/time.Second), caller, entry.Message)
+	default:
+		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%s]%s %-44s ", levelColor, levelText, entry.Time.Format(timestampFormat), caller, entry.Message)
 	}
 	for _, k := range keys {
-		v := entry.Data[k]
+		v := data[k]
 		fmt.Fprintf(b, " \x1b[%dm%s\x1b[0m=", levelColor, k)
 		f.appendValue(b, v)
 	}
 }
 
 func (f *TextFormatter) needsQuoting(text string) bool {
+	if f.ForceQuote {
+		return true
+	}
 	if f.QuoteEmptyFields && len(text) == 0 {
 		return true
 	}
+	if f.DisableQuote {
+		return false
+	}
 	for _, ch := range text {
 		if !((ch >= 'a' && ch <= 'z') ||
 			(ch >= 'A' && ch <= 'Z') ||
diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go
index 7bdebedc60bb9..72e8e3a1b65f1 100644
--- a/vendor/github.com/sirupsen/logrus/writer.go
+++ b/vendor/github.com/sirupsen/logrus/writer.go
@@ -6,10 +6,16 @@ import (
 	"runtime"
 )
 
+// Writer at INFO level. See WriterLevel for details.
 func (logger *Logger) Writer() *io.PipeWriter {
 	return logger.WriterLevel(InfoLevel)
 }
 
+// WriterLevel returns an io.Writer that can be used to write arbitrary text to
+// the logger at the given log level. Each line written to the writer will be
+// printed in the usual way using formatters and hooks. The writer is part of an
+// io.Pipe and it is the callers responsibility to close the writer when done.
+// This can be used to override the standard library logger easily.
 func (logger *Logger) WriterLevel(level Level) *io.PipeWriter {
 	return NewEntry(logger).WriterLevel(level)
 }
@@ -24,6 +30,8 @@ func (entry *Entry) WriterLevel(level Level) *io.PipeWriter {
 	var printFunc func(args ...interface{})
 
 	switch level {
+	case TraceLevel:
+		printFunc = entry.Trace
 	case DebugLevel:
 		printFunc = entry.Debug
 	case InfoLevel:
diff --git a/vendor/github.com/spf13/cobra/README.md b/vendor/github.com/spf13/cobra/README.md
index 851fcc087caee..a1b13ddda6ca5 100644
--- a/vendor/github.com/spf13/cobra/README.md
+++ b/vendor/github.com/spf13/cobra/README.md
@@ -2,29 +2,15 @@
 
 Cobra is both a library for creating powerful modern CLI applications as well as a program to generate applications and command files.
 
-Many of the most widely used Go projects are built using Cobra including:
-
-* [Kubernetes](http://kubernetes.io/)
-* [Hugo](http://gohugo.io)
-* [rkt](https://github.com/coreos/rkt)
-* [etcd](https://github.com/coreos/etcd)
-* [Moby (former Docker)](https://github.com/moby/moby)
-* [Docker (distribution)](https://github.com/docker/distribution)
-* [OpenShift](https://www.openshift.com/)
-* [Delve](https://github.com/derekparker/delve)
-* [GopherJS](http://www.gopherjs.org/)
-* [CockroachDB](http://www.cockroachlabs.com/)
-* [Bleve](http://www.blevesearch.com/)
-* [ProjectAtomic (enterprise)](http://www.projectatomic.io/)
-* [GiantSwarm's swarm](https://github.com/giantswarm/cli)
-* [Nanobox](https://github.com/nanobox-io/nanobox)/[Nanopack](https://github.com/nanopack)
-* [rclone](http://rclone.org/)
-* [nehm](https://github.com/bogem/nehm)
-* [Pouch](https://github.com/alibaba/pouch)
+Cobra is used in many Go projects such as [Kubernetes](http://kubernetes.io/),
+[Hugo](https://gohugo.io), and [Github CLI](https://github.com/cli/cli) to
+name a few. [This list](./projects_using_cobra.md) contains a more extensive list of projects using Cobra.
 
+[![](https://img.shields.io/github/workflow/status/spf13/cobra/Test?longCache=tru&label=Test&logo=github%20actions&logoColor=fff)](https://github.com/spf13/cobra/actions?query=workflow%3ATest)
 [![Build Status](https://travis-ci.org/spf13/cobra.svg "Travis CI status")](https://travis-ci.org/spf13/cobra)
-[![CircleCI status](https://circleci.com/gh/spf13/cobra.png?circle-token=:circle-token "CircleCI status")](https://circleci.com/gh/spf13/cobra)
 [![GoDoc](https://godoc.org/github.com/spf13/cobra?status.svg)](https://godoc.org/github.com/spf13/cobra)
+[![Go Report Card](https://goreportcard.com/badge/github.com/spf13/cobra)](https://goreportcard.com/report/github.com/spf13/cobra)
+[![Slack](https://img.shields.io/badge/Slack-cobra-brightgreen)](https://gophers.slack.com/archives/CD3LP1199)
 
 # Table of Contents
 
@@ -44,8 +30,8 @@ Many of the most widely used Go projects are built using Cobra including:
   * [PreRun and PostRun Hooks](#prerun-and-postrun-hooks)
   * [Suggestions when "unknown command" happens](#suggestions-when-unknown-command-happens)
   * [Generating documentation for your command](#generating-documentation-for-your-command)
-  * [Generating bash completions](#generating-bash-completions)
-- [Contributing](#contributing)
+  * [Generating shell completions](#generating-shell-completions)
+- [Contributing](CONTRIBUTING.md)
 - [License](#license)
 
 # Overview
@@ -65,7 +51,7 @@ Cobra provides:
 * Intelligent suggestions (`app srver`... did you mean `app server`?)
 * Automatic help generation for commands and flags
 * Automatic help flag recognition of `-h`, `--help`, etc.
-* Automatically generated bash autocomplete for your application
+* Automatically generated shell autocomplete for your application (bash, zsh, fish, powershell)
 * Automatically generated man pages for your application
 * Command aliases so you can change things without breaking them
 * The flexibility to define your own help, usage, etc.
@@ -77,8 +63,8 @@ Cobra is built on a structure of commands, arguments & flags.
 
 **Commands** represent actions, **Args** are things and **Flags** are modifiers for those actions.
 
-The best applications will read like sentences when used. Users will know how
-to use the application because they will natively understand how to use it.
+The best applications read like sentences when used, and as a result, users
+intuitively know how to interact with them.
 
 The pattern to follow is
 `APPNAME VERB NOUN --ADJECTIVE.`
@@ -123,7 +109,7 @@ Using Cobra is easy. First, use `go get` to install the latest version
 of the library. This command will install the `cobra` generator executable
 along with the library and its dependencies:
 
-    go get -u github.com/spf13/cobra/cobra
+    go get -u github.com/spf13/cobra
 
 Next, include Cobra in your application:
 
@@ -152,9 +138,6 @@ In a Cobra app, typically the main.go file is very bare. It serves one purpose:
 package main
 
 import (
-  "fmt"
-  "os"
-
   "{pathToYourApp}/cmd"
 )
 
@@ -195,7 +178,7 @@ var rootCmd = &cobra.Command{
 
 func Execute() {
   if err := rootCmd.Execute(); err != nil {
-    fmt.Println(err)
+    fmt.Fprintln(os.Stderr, err)
     os.Exit(1)
   }
 }
@@ -206,51 +189,71 @@ You will additionally define flags and handle configuration in your init() funct
 For example cmd/root.go:
 
 ```go
+package cmd
+
 import (
-  "fmt"
-  "os"
+	"fmt"
+	"os"
 
-  homedir "github.com/mitchellh/go-homedir"
-  "github.com/spf13/cobra"
-  "github.com/spf13/viper"
+	homedir "github.com/mitchellh/go-homedir"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 )
 
+var (
+	// Used for flags.
+	cfgFile     string
+	userLicense string
+
+	rootCmd = &cobra.Command{
+		Use:   "cobra",
+		Short: "A generator for Cobra based Applications",
+		Long: `Cobra is a CLI library for Go that empowers applications.
+This application is a tool to generate the needed files
+to quickly create a Cobra application.`,
+	}
+)
+
+// Execute executes the root command.
+func Execute() error {
+	return rootCmd.Execute()
+}
+
 func init() {
-  cobra.OnInitialize(initConfig)
-  rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
-  rootCmd.PersistentFlags().StringVarP(&projectBase, "projectbase", "b", "", "base project directory eg. github.com/spf13/")
-  rootCmd.PersistentFlags().StringP("author", "a", "YOUR NAME", "Author name for copyright attribution")
-  rootCmd.PersistentFlags().StringVarP(&userLicense, "license", "l", "", "Name of license for the project (can provide `licensetext` in config)")
-  rootCmd.PersistentFlags().Bool("viper", true, "Use Viper for configuration")
-  viper.BindPFlag("author", rootCmd.PersistentFlags().Lookup("author"))
-  viper.BindPFlag("projectbase", rootCmd.PersistentFlags().Lookup("projectbase"))
-  viper.BindPFlag("useViper", rootCmd.PersistentFlags().Lookup("viper"))
-  viper.SetDefault("author", "NAME HERE <EMAIL ADDRESS>")
-  viper.SetDefault("license", "apache")
+	cobra.OnInitialize(initConfig)
+
+	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
+	rootCmd.PersistentFlags().StringP("author", "a", "YOUR NAME", "author name for copyright attribution")
+	rootCmd.PersistentFlags().StringVarP(&userLicense, "license", "l", "", "name of license for the project")
+	rootCmd.PersistentFlags().Bool("viper", true, "use Viper for configuration")
+	viper.BindPFlag("author", rootCmd.PersistentFlags().Lookup("author"))
+	viper.BindPFlag("useViper", rootCmd.PersistentFlags().Lookup("viper"))
+	viper.SetDefault("author", "NAME HERE <EMAIL ADDRESS>")
+	viper.SetDefault("license", "apache")
+
+	rootCmd.AddCommand(addCmd)
+	rootCmd.AddCommand(initCmd)
 }
 
 func initConfig() {
-  // Don't forget to read config either from cfgFile or from home directory!
-  if cfgFile != "" {
-    // Use config file from the flag.
-    viper.SetConfigFile(cfgFile)
-  } else {
-    // Find home directory.
-    home, err := homedir.Dir()
-    if err != nil {
-      fmt.Println(err)
-      os.Exit(1)
-    }
-
-    // Search config in home directory with name ".cobra" (without extension).
-    viper.AddConfigPath(home)
-    viper.SetConfigName(".cobra")
-  }
-
-  if err := viper.ReadInConfig(); err != nil {
-    fmt.Println("Can't read config:", err)
-    os.Exit(1)
-  }
+	if cfgFile != "" {
+		// Use config file from the flag.
+		viper.SetConfigFile(cfgFile)
+	} else {
+		// Find home directory.
+		home, err := homedir.Dir()
+		cobra.CheckErr(err)
+
+		// Search config in home directory with name ".cobra" (without extension).
+		viper.AddConfigPath(home)
+		viper.SetConfigName(".cobra")
+	}
+
+	viper.AutomaticEnv()
+
+	if err := viper.ReadInConfig(); err == nil {
+		fmt.Println("Using config file:", viper.ConfigFileUsed())
+	}
 }
 ```
 
@@ -259,15 +262,12 @@ func initConfig() {
 With the root command you need to have your main function execute it.
 Execute should be run on the root for clarity, though it can be called on any command.
 
-In a Cobra app, typically the main.go file is very bare. It serves, one purpose, to initialize Cobra.
+In a Cobra app, typically the main.go file is very bare. It serves one purpose: to initialize Cobra.
 
 ```go
 package main
 
 import (
-  "fmt"
-  "os"
-
   "{pathToYourApp}/cmd"
 )
 
@@ -307,6 +307,37 @@ var versionCmd = &cobra.Command{
 }
 ```
 
+### Returning and handling errors
+
+If you wish to return an error to the caller of a command, `RunE` can be used.
+
+```go
+package cmd
+
+import (
+  "fmt"
+
+  "github.com/spf13/cobra"
+)
+
+func init() {
+  rootCmd.AddCommand(tryCmd)
+}
+
+var tryCmd = &cobra.Command{
+  Use:   "try",
+  Short: "Try and possibly fail at something",
+  RunE: func(cmd *cobra.Command, args []string) error {
+    if err := someFunc(); err != nil {
+	return err
+    }
+    return nil
+  },
+}
+```
+
+The error can then be caught at the execute function call.
+
 ## Working with Flags
 
 Flags provide modifiers to control how the action command operates.
@@ -326,7 +357,7 @@ There are two different approaches to assign a flag.
 
 ### Persistent Flags
 
-A flag can be 'persistent' meaning that this flag will be available to the
+A flag can be 'persistent', meaning that this flag will be available to the
 command it's assigned to as well as every command under that command. For
 global flags, assign a flag as a persistent flag on the root.
 
@@ -336,16 +367,16 @@ rootCmd.PersistentFlags().BoolVarP(&Verbose, "verbose", "v", false, "verbose out
 
 ### Local Flags
 
-A flag can also be assigned locally which will only apply to that specific command.
+A flag can also be assigned locally, which will only apply to that specific command.
 
 ```go
-rootCmd.Flags().StringVarP(&Source, "source", "s", "", "Source directory to read from")
+localCmd.Flags().StringVarP(&Source, "source", "s", "", "Source directory to read from")
 ```
 
 ### Local Flag on Parent Commands
 
-By default Cobra only parses local flags on the target command, any local flags on
-parent commands are ignored. By enabling `Command.TraverseChildren` Cobra will
+By default, Cobra only parses local flags on the target command, and any local flags on
+parent commands are ignored. By enabling `Command.TraverseChildren`, Cobra will
 parse local flags on each command before executing the target command.
 
 ```go
@@ -367,8 +398,8 @@ func init() {
 }
 ```
 
-In this example the persistent flag `author` is bound with `viper`.
-**Note**, that the variable `author` will not be set to the value from config,
+In this example, the persistent flag `author` is bound with `viper`.
+**Note**: the variable `author` will not be set to the value from config,
 when the `--author` flag is not provided by user.
 
 More in [viper documentation](https://github.com/spf13/viper#working-with-flags).
@@ -382,6 +413,12 @@ rootCmd.Flags().StringVarP(&Region, "region", "r", "", "AWS region (required)")
 rootCmd.MarkFlagRequired("region")
 ```
 
+Or, for persistent flags:
+```go
+rootCmd.PersistentFlags().StringVarP(&Region, "region", "r", "", "AWS region (required)")
+rootCmd.MarkPersistentFlagRequired("region")
+```
+
 ## Positional and Custom Arguments
 
 Validation of positional arguments can be specified using the `Args` field
@@ -395,6 +432,7 @@ The following validators are built in:
 - `MinimumNArgs(int)` - the command will report an error if there are not at least N positional args.
 - `MaximumNArgs(int)` - the command will report an error if there are more than N positional args.
 - `ExactArgs(int)` - the command will report an error if there are not exactly N positional args.
+- `ExactValidArgs(int)` - the command will report an error if there are not exactly N positional args OR if there are any positional args that are not in the `ValidArgs` field of `Command`
 - `RangeArgs(min, max)` - the command will report an error if the number of args is not between the minimum and maximum number of expected args.
 
 An example of setting the custom validator:
@@ -404,7 +442,7 @@ var cmd = &cobra.Command{
   Short: "hello",
   Args: func(cmd *cobra.Command, args []string) error {
     if len(args) < 1 {
-      return errors.New("requires at least one arg")
+      return errors.New("requires a color argument")
     }
     if myapp.IsValidColor(args[0]) {
       return nil
@@ -421,7 +459,7 @@ var cmd = &cobra.Command{
 
 In the example below, we have defined three commands. Two are at the top level
 and one (cmdTimes) is a child of one of the top commands. In this case the root
-is not executable meaning that a subcommand is required. This is accomplished
+is not executable, meaning that a subcommand is required. This is accomplished
 by not providing a 'Run' for the 'rootCmd'.
 
 We have only defined one flag for a single command.
@@ -459,12 +497,12 @@ For many years people have printed back to the screen.`,
 Echo works a lot like print, except it has a child command.`,
     Args: cobra.MinimumNArgs(1),
     Run: func(cmd *cobra.Command, args []string) {
-      fmt.Println("Print: " + strings.Join(args, " "))
+      fmt.Println("Echo: " + strings.Join(args, " "))
     },
   }
 
   var cmdTimes = &cobra.Command{
-    Use:   "times [# times] [string to echo]",
+    Use:   "times [string to echo]",
     Short: "Echo anything to the screen more times",
     Long: `echo things multiple times back to the user by providing
 a count and a string.`,
@@ -711,25 +749,11 @@ Run 'kubectl help' for usage.
 
 ## Generating documentation for your command
 
-Cobra can generate documentation based on subcommands, flags, etc. in the following formats:
-
-- [Markdown](doc/md_docs.md)
-- [ReStructured Text](doc/rest_docs.md)
-- [Man Page](doc/man_docs.md)
-
-## Generating bash completions
-
-Cobra can generate a bash-completion file. If you add more information to your command, these completions can be amazingly powerful and flexible.  Read more about it in [Bash Completions](bash_completions.md).
+Cobra can generate documentation based on subcommands, flags, etc. Read more about it in the [docs generation documentation](doc/README.md).
 
-# Contributing
+## Generating shell completions
 
-1. Fork it
-2. Download your fork to your PC (`git clone https://github.com/your_username/cobra && cd cobra`)
-3. Create your feature branch (`git checkout -b my-new-feature`)
-4. Make changes and add them (`git add .`)
-5. Commit your changes (`git commit -m 'Add some feature'`)
-6. Push to the branch (`git push origin my-new-feature`)
-7. Create new pull request
+Cobra can generate a shell-completion file for the following shells: bash, zsh, fish, PowerShell. If you add more information to your commands, these completions can be amazingly powerful and flexible.  Read more about it in [Shell Completions](shell_completions.md).
 
 # License
 
diff --git a/vendor/github.com/spf13/cobra/args.go b/vendor/github.com/spf13/cobra/args.go
index a5d8a9273eab0..70e9b262912e4 100644
--- a/vendor/github.com/spf13/cobra/args.go
+++ b/vendor/github.com/spf13/cobra/args.go
@@ -2,6 +2,7 @@ package cobra
 
 import (
 	"fmt"
+	"strings"
 )
 
 type PositionalArgs func(cmd *Command, args []string) error
@@ -34,8 +35,15 @@ func NoArgs(cmd *Command, args []string) error {
 // OnlyValidArgs returns an error if any args are not in the list of ValidArgs.
 func OnlyValidArgs(cmd *Command, args []string) error {
 	if len(cmd.ValidArgs) > 0 {
+		// Remove any description that may be included in ValidArgs.
+		// A description is following a tab character.
+		var validArgs []string
+		for _, v := range cmd.ValidArgs {
+			validArgs = append(validArgs, strings.Split(v, "\t")[0])
+		}
+
 		for _, v := range args {
-			if !stringInSlice(v, cmd.ValidArgs) {
+			if !stringInSlice(v, validArgs) {
 				return fmt.Errorf("invalid argument %q for %q%s", v, cmd.CommandPath(), cmd.findSuggestions(args[0]))
 			}
 		}
@@ -78,6 +86,18 @@ func ExactArgs(n int) PositionalArgs {
 	}
 }
 
+// ExactValidArgs returns an error if
+// there are not exactly N positional args OR
+// there are any positional args that are not in the `ValidArgs` field of `Command`
+func ExactValidArgs(n int) PositionalArgs {
+	return func(cmd *Command, args []string) error {
+		if err := ExactArgs(n)(cmd, args); err != nil {
+			return err
+		}
+		return OnlyValidArgs(cmd, args)
+	}
+}
+
 // RangeArgs returns an error if the number of args is not within the expected range.
 func RangeArgs(min int, max int) PositionalArgs {
 	return func(cmd *Command, args []string) error {
diff --git a/vendor/github.com/spf13/cobra/bash_completions.go b/vendor/github.com/spf13/cobra/bash_completions.go
index 8fa8f486facc3..7106147937e82 100644
--- a/vendor/github.com/spf13/cobra/bash_completions.go
+++ b/vendor/github.com/spf13/cobra/bash_completions.go
@@ -19,9 +19,9 @@ const (
 	BashCompSubdirsInDir    = "cobra_annotation_bash_completion_subdirs_in_dir"
 )
 
-func writePreamble(buf *bytes.Buffer, name string) {
-	buf.WriteString(fmt.Sprintf("# bash completion for %-36s -*- shell-script -*-\n", name))
-	buf.WriteString(fmt.Sprintf(`
+func writePreamble(buf io.StringWriter, name string) {
+	WriteStringAndCheck(buf, fmt.Sprintf("# bash completion for %-36s -*- shell-script -*-\n", name))
+	WriteStringAndCheck(buf, fmt.Sprintf(`
 __%[1]s_debug()
 {
     if [[ -n ${BASH_COMP_DEBUG_FILE} ]]; then
@@ -58,9 +58,103 @@ __%[1]s_contains_word()
     return 1
 }
 
+__%[1]s_handle_go_custom_completion()
+{
+    __%[1]s_debug "${FUNCNAME[0]}: cur is ${cur}, words[*] is ${words[*]}, #words[@] is ${#words[@]}"
+
+    local shellCompDirectiveError=%[3]d
+    local shellCompDirectiveNoSpace=%[4]d
+    local shellCompDirectiveNoFileComp=%[5]d
+    local shellCompDirectiveFilterFileExt=%[6]d
+    local shellCompDirectiveFilterDirs=%[7]d
+
+    local out requestComp lastParam lastChar comp directive args
+
+    # Prepare the command to request completions for the program.
+    # Calling ${words[0]} instead of directly %[1]s allows to handle aliases
+    args=("${words[@]:1}")
+    requestComp="${words[0]} %[2]s ${args[*]}"
+
+    lastParam=${words[$((${#words[@]}-1))]}
+    lastChar=${lastParam:$((${#lastParam}-1)):1}
+    __%[1]s_debug "${FUNCNAME[0]}: lastParam ${lastParam}, lastChar ${lastChar}"
+
+    if [ -z "${cur}" ] && [ "${lastChar}" != "=" ]; then
+        # If the last parameter is complete (there is a space following it)
+        # We add an extra empty parameter so we can indicate this to the go method.
+        __%[1]s_debug "${FUNCNAME[0]}: Adding extra empty parameter"
+        requestComp="${requestComp} \"\""
+    fi
+
+    __%[1]s_debug "${FUNCNAME[0]}: calling ${requestComp}"
+    # Use eval to handle any environment variables and such
+    out=$(eval "${requestComp}" 2>/dev/null)
+
+    # Extract the directive integer at the very end of the output following a colon (:)
+    directive=${out##*:}
+    # Remove the directive
+    out=${out%%:*}
+    if [ "${directive}" = "${out}" ]; then
+        # There is not directive specified
+        directive=0
+    fi
+    __%[1]s_debug "${FUNCNAME[0]}: the completion directive is: ${directive}"
+    __%[1]s_debug "${FUNCNAME[0]}: the completions are: ${out[*]}"
+
+    if [ $((directive & shellCompDirectiveError)) -ne 0 ]; then
+        # Error code.  No completion.
+        __%[1]s_debug "${FUNCNAME[0]}: received error from custom completion go code"
+        return
+    else
+        if [ $((directive & shellCompDirectiveNoSpace)) -ne 0 ]; then
+            if [[ $(type -t compopt) = "builtin" ]]; then
+                __%[1]s_debug "${FUNCNAME[0]}: activating no space"
+                compopt -o nospace
+            fi
+        fi
+        if [ $((directive & shellCompDirectiveNoFileComp)) -ne 0 ]; then
+            if [[ $(type -t compopt) = "builtin" ]]; then
+                __%[1]s_debug "${FUNCNAME[0]}: activating no file completion"
+                compopt +o default
+            fi
+        fi
+    fi
+
+    if [ $((directive & shellCompDirectiveFilterFileExt)) -ne 0 ]; then
+        # File extension filtering
+        local fullFilter filter filteringCmd
+        # Do not use quotes around the $out variable or else newline
+        # characters will be kept.
+        for filter in ${out[*]}; do
+            fullFilter+="$filter|"
+        done
+
+        filteringCmd="_filedir $fullFilter"
+        __%[1]s_debug "File filtering command: $filteringCmd"
+        $filteringCmd
+    elif [ $((directive & shellCompDirectiveFilterDirs)) -ne 0 ]; then
+        # File completion for directories only
+        local subDir
+        # Use printf to strip any trailing newline
+        subdir=$(printf "%%s" "${out[0]}")
+        if [ -n "$subdir" ]; then
+            __%[1]s_debug "Listing directories in $subdir"
+            __%[1]s_handle_subdirs_in_dir_flag "$subdir"
+        else
+            __%[1]s_debug "Listing directories in ."
+            _filedir -d
+        fi
+    else
+        while IFS='' read -r comp; do
+            COMPREPLY+=("$comp")
+        done < <(compgen -W "${out[*]}" -- "$cur")
+    fi
+}
+
 __%[1]s_handle_reply()
 {
     __%[1]s_debug "${FUNCNAME[0]}"
+    local comp
     case $cur in
         -*)
             if [[ $(type -t compopt) = "builtin" ]]; then
@@ -72,7 +166,9 @@ __%[1]s_handle_reply()
             else
                 allflags=("${flags[*]} ${two_word_flags[*]}")
             fi
-            COMPREPLY=( $(compgen -W "${allflags[*]}" -- "$cur") )
+            while IFS='' read -r comp; do
+                COMPREPLY+=("$comp")
+            done < <(compgen -W "${allflags[*]}" -- "$cur")
             if [[ $(type -t compopt) = "builtin" ]]; then
                 [[ "${COMPREPLY[0]}" == *= ]] || compopt +o nospace
             fi
@@ -117,19 +213,32 @@ __%[1]s_handle_reply()
     local completions
     completions=("${commands[@]}")
     if [[ ${#must_have_one_noun[@]} -ne 0 ]]; then
-        completions=("${must_have_one_noun[@]}")
+        completions+=("${must_have_one_noun[@]}")
+    elif [[ -n "${has_completion_function}" ]]; then
+        # if a go completion function is provided, defer to that function
+        __%[1]s_handle_go_custom_completion
     fi
     if [[ ${#must_have_one_flag[@]} -ne 0 ]]; then
         completions+=("${must_have_one_flag[@]}")
     fi
-    COMPREPLY=( $(compgen -W "${completions[*]}" -- "$cur") )
+    while IFS='' read -r comp; do
+        COMPREPLY+=("$comp")
+    done < <(compgen -W "${completions[*]}" -- "$cur")
 
     if [[ ${#COMPREPLY[@]} -eq 0 && ${#noun_aliases[@]} -gt 0 && ${#must_have_one_noun[@]} -ne 0 ]]; then
-        COMPREPLY=( $(compgen -W "${noun_aliases[*]}" -- "$cur") )
+        while IFS='' read -r comp; do
+            COMPREPLY+=("$comp")
+        done < <(compgen -W "${noun_aliases[*]}" -- "$cur")
     fi
 
     if [[ ${#COMPREPLY[@]} -eq 0 ]]; then
-        declare -F __custom_func >/dev/null && __custom_func
+		if declare -F __%[1]s_custom_func >/dev/null; then
+			# try command name qualified custom func
+			__%[1]s_custom_func
+		else
+			# otherwise fall back to unqualified for compatibility
+			declare -F __custom_func >/dev/null && __custom_func
+		fi
     fi
 
     # available in bash-completion >= 2, not always present on macOS
@@ -154,7 +263,7 @@ __%[1]s_handle_filename_extension_flag()
 __%[1]s_handle_subdirs_in_dir_flag()
 {
     local dir="$1"
-    pushd "${dir}" >/dev/null 2>&1 && _filedir -d && popd >/dev/null 2>&1
+    pushd "${dir}" >/dev/null 2>&1 && _filedir -d && popd >/dev/null 2>&1 || return
 }
 
 __%[1]s_handle_flag()
@@ -193,7 +302,8 @@ __%[1]s_handle_flag()
     fi
 
     # skip the argument to a two word flag
-    if __%[1]s_contains_word "${words[c]}" "${two_word_flags[@]}"; then
+    if [[ ${words[c]} != *"="* ]] && __%[1]s_contains_word "${words[c]}" "${two_word_flags[@]}"; then
+			  __%[1]s_debug "${FUNCNAME[0]}: found a flag ${words[c]}, skip the next argument"
         c=$((c+1))
         # if we are looking for a flags value, don't show commands
         if [[ $c -eq $cword ]]; then
@@ -265,13 +375,15 @@ __%[1]s_handle_word()
     __%[1]s_handle_word
 }
 
-`, name))
+`, name, ShellCompNoDescRequestCmd,
+		ShellCompDirectiveError, ShellCompDirectiveNoSpace, ShellCompDirectiveNoFileComp,
+		ShellCompDirectiveFilterFileExt, ShellCompDirectiveFilterDirs))
 }
 
-func writePostscript(buf *bytes.Buffer, name string) {
+func writePostscript(buf io.StringWriter, name string) {
 	name = strings.Replace(name, ":", "__", -1)
-	buf.WriteString(fmt.Sprintf("__start_%s()\n", name))
-	buf.WriteString(fmt.Sprintf(`{
+	WriteStringAndCheck(buf, fmt.Sprintf("__start_%s()\n", name))
+	WriteStringAndCheck(buf, fmt.Sprintf(`{
     local cur prev words cword
     declare -A flaghash 2>/dev/null || :
     declare -A aliashash 2>/dev/null || :
@@ -290,6 +402,7 @@ func writePostscript(buf *bytes.Buffer, name string) {
     local commands=("%[1]s")
     local must_have_one_flag=()
     local must_have_one_noun=()
+    local has_completion_function
     local last_command
     local nouns=()
 
@@ -297,33 +410,33 @@ func writePostscript(buf *bytes.Buffer, name string) {
 }
 
 `, name))
-	buf.WriteString(fmt.Sprintf(`if [[ $(type -t compopt) = "builtin" ]]; then
+	WriteStringAndCheck(buf, fmt.Sprintf(`if [[ $(type -t compopt) = "builtin" ]]; then
     complete -o default -F __start_%s %s
 else
     complete -o default -o nospace -F __start_%s %s
 fi
 
 `, name, name, name, name))
-	buf.WriteString("# ex: ts=4 sw=4 et filetype=sh\n")
+	WriteStringAndCheck(buf, "# ex: ts=4 sw=4 et filetype=sh\n")
 }
 
-func writeCommands(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString("    commands=()\n")
+func writeCommands(buf io.StringWriter, cmd *Command) {
+	WriteStringAndCheck(buf, "    commands=()\n")
 	for _, c := range cmd.Commands() {
-		if !c.IsAvailableCommand() || c == cmd.helpCommand {
+		if !c.IsAvailableCommand() && c != cmd.helpCommand {
 			continue
 		}
-		buf.WriteString(fmt.Sprintf("    commands+=(%q)\n", c.Name()))
+		WriteStringAndCheck(buf, fmt.Sprintf("    commands+=(%q)\n", c.Name()))
 		writeCmdAliases(buf, c)
 	}
-	buf.WriteString("\n")
+	WriteStringAndCheck(buf, "\n")
 }
 
-func writeFlagHandler(buf *bytes.Buffer, name string, annotations map[string][]string, cmd *Command) {
+func writeFlagHandler(buf io.StringWriter, name string, annotations map[string][]string, cmd *Command) {
 	for key, value := range annotations {
 		switch key {
 		case BashCompFilenameExt:
-			buf.WriteString(fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
+			WriteStringAndCheck(buf, fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
 
 			var ext string
 			if len(value) > 0 {
@@ -331,17 +444,18 @@ func writeFlagHandler(buf *bytes.Buffer, name string, annotations map[string][]s
 			} else {
 				ext = "_filedir"
 			}
-			buf.WriteString(fmt.Sprintf("    flags_completion+=(%q)\n", ext))
+			WriteStringAndCheck(buf, fmt.Sprintf("    flags_completion+=(%q)\n", ext))
 		case BashCompCustom:
-			buf.WriteString(fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
+			WriteStringAndCheck(buf, fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
+
 			if len(value) > 0 {
 				handlers := strings.Join(value, "; ")
-				buf.WriteString(fmt.Sprintf("    flags_completion+=(%q)\n", handlers))
+				WriteStringAndCheck(buf, fmt.Sprintf("    flags_completion+=(%q)\n", handlers))
 			} else {
-				buf.WriteString("    flags_completion+=(:)\n")
+				WriteStringAndCheck(buf, "    flags_completion+=(:)\n")
 			}
 		case BashCompSubdirsInDir:
-			buf.WriteString(fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
+			WriteStringAndCheck(buf, fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
 
 			var ext string
 			if len(value) == 1 {
@@ -349,45 +463,68 @@ func writeFlagHandler(buf *bytes.Buffer, name string, annotations map[string][]s
 			} else {
 				ext = "_filedir -d"
 			}
-			buf.WriteString(fmt.Sprintf("    flags_completion+=(%q)\n", ext))
+			WriteStringAndCheck(buf, fmt.Sprintf("    flags_completion+=(%q)\n", ext))
 		}
 	}
 }
 
-func writeShortFlag(buf *bytes.Buffer, flag *pflag.Flag, cmd *Command) {
+const cbn = "\")\n"
+
+func writeShortFlag(buf io.StringWriter, flag *pflag.Flag, cmd *Command) {
 	name := flag.Shorthand
 	format := "    "
 	if len(flag.NoOptDefVal) == 0 {
 		format += "two_word_"
 	}
-	format += "flags+=(\"-%s\")\n"
-	buf.WriteString(fmt.Sprintf(format, name))
+	format += "flags+=(\"-%s" + cbn
+	WriteStringAndCheck(buf, fmt.Sprintf(format, name))
 	writeFlagHandler(buf, "-"+name, flag.Annotations, cmd)
 }
 
-func writeFlag(buf *bytes.Buffer, flag *pflag.Flag, cmd *Command) {
+func writeFlag(buf io.StringWriter, flag *pflag.Flag, cmd *Command) {
 	name := flag.Name
 	format := "    flags+=(\"--%s"
 	if len(flag.NoOptDefVal) == 0 {
 		format += "="
 	}
-	format += "\")\n"
-	buf.WriteString(fmt.Sprintf(format, name))
+	format += cbn
+	WriteStringAndCheck(buf, fmt.Sprintf(format, name))
+	if len(flag.NoOptDefVal) == 0 {
+		format = "    two_word_flags+=(\"--%s" + cbn
+		WriteStringAndCheck(buf, fmt.Sprintf(format, name))
+	}
 	writeFlagHandler(buf, "--"+name, flag.Annotations, cmd)
 }
 
-func writeLocalNonPersistentFlag(buf *bytes.Buffer, flag *pflag.Flag) {
+func writeLocalNonPersistentFlag(buf io.StringWriter, flag *pflag.Flag) {
 	name := flag.Name
-	format := "    local_nonpersistent_flags+=(\"--%s"
+	format := "    local_nonpersistent_flags+=(\"--%[1]s" + cbn
 	if len(flag.NoOptDefVal) == 0 {
-		format += "="
+		format += "    local_nonpersistent_flags+=(\"--%[1]s=" + cbn
+	}
+	WriteStringAndCheck(buf, fmt.Sprintf(format, name))
+	if len(flag.Shorthand) > 0 {
+		WriteStringAndCheck(buf, fmt.Sprintf("    local_nonpersistent_flags+=(\"-%s\")\n", flag.Shorthand))
 	}
-	format += "\")\n"
-	buf.WriteString(fmt.Sprintf(format, name))
 }
 
-func writeFlags(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString(`    flags=()
+// Setup annotations for go completions for registered flags
+func prepareCustomAnnotationsForFlags(cmd *Command) {
+	for flag := range flagCompletionFunctions {
+		// Make sure the completion script calls the __*_go_custom_completion function for
+		// every registered flag.  We need to do this here (and not when the flag was registered
+		// for completion) so that we can know the root command name for the prefix
+		// of __<prefix>_go_custom_completion
+		if flag.Annotations == nil {
+			flag.Annotations = map[string][]string{}
+		}
+		flag.Annotations[BashCompCustom] = []string{fmt.Sprintf("__%[1]s_handle_go_custom_completion", cmd.Root().Name())}
+	}
+}
+
+func writeFlags(buf io.StringWriter, cmd *Command) {
+	prepareCustomAnnotationsForFlags(cmd)
+	WriteStringAndCheck(buf, `    flags=()
     two_word_flags=()
     local_nonpersistent_flags=()
     flags_with_completion=()
@@ -403,7 +540,9 @@ func writeFlags(buf *bytes.Buffer, cmd *Command) {
 		if len(flag.Shorthand) > 0 {
 			writeShortFlag(buf, flag, cmd)
 		}
-		if localNonPersistentFlags.Lookup(flag.Name) != nil {
+		// localNonPersistentFlags are used to stop the completion of subcommands when one is set
+		// if TraverseChildren is true we should allow to complete subcommands
+		if localNonPersistentFlags.Lookup(flag.Name) != nil && !cmd.Root().TraverseChildren {
 			writeLocalNonPersistentFlag(buf, flag)
 		}
 	})
@@ -417,11 +556,11 @@ func writeFlags(buf *bytes.Buffer, cmd *Command) {
 		}
 	})
 
-	buf.WriteString("\n")
+	WriteStringAndCheck(buf, "\n")
 }
 
-func writeRequiredFlag(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString("    must_have_one_flag=()\n")
+func writeRequiredFlag(buf io.StringWriter, cmd *Command) {
+	WriteStringAndCheck(buf, "    must_have_one_flag=()\n")
 	flags := cmd.NonInheritedFlags()
 	flags.VisitAll(func(flag *pflag.Flag) {
 		if nonCompletableFlag(flag) {
@@ -434,51 +573,57 @@ func writeRequiredFlag(buf *bytes.Buffer, cmd *Command) {
 				if flag.Value.Type() != "bool" {
 					format += "="
 				}
-				format += "\")\n"
-				buf.WriteString(fmt.Sprintf(format, flag.Name))
+				format += cbn
+				WriteStringAndCheck(buf, fmt.Sprintf(format, flag.Name))
 
 				if len(flag.Shorthand) > 0 {
-					buf.WriteString(fmt.Sprintf("    must_have_one_flag+=(\"-%s\")\n", flag.Shorthand))
+					WriteStringAndCheck(buf, fmt.Sprintf("    must_have_one_flag+=(\"-%s"+cbn, flag.Shorthand))
 				}
 			}
 		}
 	})
 }
 
-func writeRequiredNouns(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString("    must_have_one_noun=()\n")
-	sort.Sort(sort.StringSlice(cmd.ValidArgs))
+func writeRequiredNouns(buf io.StringWriter, cmd *Command) {
+	WriteStringAndCheck(buf, "    must_have_one_noun=()\n")
+	sort.Strings(cmd.ValidArgs)
 	for _, value := range cmd.ValidArgs {
-		buf.WriteString(fmt.Sprintf("    must_have_one_noun+=(%q)\n", value))
+		// Remove any description that may be included following a tab character.
+		// Descriptions are not supported by bash completion.
+		value = strings.Split(value, "\t")[0]
+		WriteStringAndCheck(buf, fmt.Sprintf("    must_have_one_noun+=(%q)\n", value))
+	}
+	if cmd.ValidArgsFunction != nil {
+		WriteStringAndCheck(buf, "    has_completion_function=1\n")
 	}
 }
 
-func writeCmdAliases(buf *bytes.Buffer, cmd *Command) {
+func writeCmdAliases(buf io.StringWriter, cmd *Command) {
 	if len(cmd.Aliases) == 0 {
 		return
 	}
 
-	sort.Sort(sort.StringSlice(cmd.Aliases))
+	sort.Strings(cmd.Aliases)
 
-	buf.WriteString(fmt.Sprint(`    if [[ -z "${BASH_VERSION}" || "${BASH_VERSINFO[0]}" -gt 3 ]]; then`, "\n"))
+	WriteStringAndCheck(buf, fmt.Sprint(`    if [[ -z "${BASH_VERSION}" || "${BASH_VERSINFO[0]}" -gt 3 ]]; then`, "\n"))
 	for _, value := range cmd.Aliases {
-		buf.WriteString(fmt.Sprintf("        command_aliases+=(%q)\n", value))
-		buf.WriteString(fmt.Sprintf("        aliashash[%q]=%q\n", value, cmd.Name()))
+		WriteStringAndCheck(buf, fmt.Sprintf("        command_aliases+=(%q)\n", value))
+		WriteStringAndCheck(buf, fmt.Sprintf("        aliashash[%q]=%q\n", value, cmd.Name()))
 	}
-	buf.WriteString(`    fi`)
-	buf.WriteString("\n")
+	WriteStringAndCheck(buf, `    fi`)
+	WriteStringAndCheck(buf, "\n")
 }
-func writeArgAliases(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString("    noun_aliases=()\n")
-	sort.Sort(sort.StringSlice(cmd.ArgAliases))
+func writeArgAliases(buf io.StringWriter, cmd *Command) {
+	WriteStringAndCheck(buf, "    noun_aliases=()\n")
+	sort.Strings(cmd.ArgAliases)
 	for _, value := range cmd.ArgAliases {
-		buf.WriteString(fmt.Sprintf("    noun_aliases+=(%q)\n", value))
+		WriteStringAndCheck(buf, fmt.Sprintf("    noun_aliases+=(%q)\n", value))
 	}
 }
 
-func gen(buf *bytes.Buffer, cmd *Command) {
+func gen(buf io.StringWriter, cmd *Command) {
 	for _, c := range cmd.Commands() {
-		if !c.IsAvailableCommand() || c == cmd.helpCommand {
+		if !c.IsAvailableCommand() && c != cmd.helpCommand {
 			continue
 		}
 		gen(buf, c)
@@ -488,22 +633,22 @@ func gen(buf *bytes.Buffer, cmd *Command) {
 	commandName = strings.Replace(commandName, ":", "__", -1)
 
 	if cmd.Root() == cmd {
-		buf.WriteString(fmt.Sprintf("_%s_root_command()\n{\n", commandName))
+		WriteStringAndCheck(buf, fmt.Sprintf("_%s_root_command()\n{\n", commandName))
 	} else {
-		buf.WriteString(fmt.Sprintf("_%s()\n{\n", commandName))
+		WriteStringAndCheck(buf, fmt.Sprintf("_%s()\n{\n", commandName))
 	}
 
-	buf.WriteString(fmt.Sprintf("    last_command=%q\n", commandName))
-	buf.WriteString("\n")
-	buf.WriteString("    command_aliases=()\n")
-	buf.WriteString("\n")
+	WriteStringAndCheck(buf, fmt.Sprintf("    last_command=%q\n", commandName))
+	WriteStringAndCheck(buf, "\n")
+	WriteStringAndCheck(buf, "    command_aliases=()\n")
+	WriteStringAndCheck(buf, "\n")
 
 	writeCommands(buf, cmd)
 	writeFlags(buf, cmd)
 	writeRequiredFlag(buf, cmd)
 	writeRequiredNouns(buf, cmd)
 	writeArgAliases(buf, cmd)
-	buf.WriteString("}\n\n")
+	WriteStringAndCheck(buf, "}\n\n")
 }
 
 // GenBashCompletion generates bash completion file and writes to the passed writer.
@@ -534,51 +679,3 @@ func (c *Command) GenBashCompletionFile(filename string) error {
 
 	return c.GenBashCompletion(outFile)
 }
-
-// MarkFlagRequired adds the BashCompOneRequiredFlag annotation to the named flag if it exists,
-// and causes your command to report an error if invoked without the flag.
-func (c *Command) MarkFlagRequired(name string) error {
-	return MarkFlagRequired(c.Flags(), name)
-}
-
-// MarkPersistentFlagRequired adds the BashCompOneRequiredFlag annotation to the named persistent flag if it exists,
-// and causes your command to report an error if invoked without the flag.
-func (c *Command) MarkPersistentFlagRequired(name string) error {
-	return MarkFlagRequired(c.PersistentFlags(), name)
-}
-
-// MarkFlagRequired adds the BashCompOneRequiredFlag annotation to the named flag if it exists,
-// and causes your command to report an error if invoked without the flag.
-func MarkFlagRequired(flags *pflag.FlagSet, name string) error {
-	return flags.SetAnnotation(name, BashCompOneRequiredFlag, []string{"true"})
-}
-
-// MarkFlagFilename adds the BashCompFilenameExt annotation to the named flag, if it exists.
-// Generated bash autocompletion will select filenames for the flag, limiting to named extensions if provided.
-func (c *Command) MarkFlagFilename(name string, extensions ...string) error {
-	return MarkFlagFilename(c.Flags(), name, extensions...)
-}
-
-// MarkFlagCustom adds the BashCompCustom annotation to the named flag, if it exists.
-// Generated bash autocompletion will call the bash function f for the flag.
-func (c *Command) MarkFlagCustom(name string, f string) error {
-	return MarkFlagCustom(c.Flags(), name, f)
-}
-
-// MarkPersistentFlagFilename adds the BashCompFilenameExt annotation to the named persistent flag, if it exists.
-// Generated bash autocompletion will select filenames for the flag, limiting to named extensions if provided.
-func (c *Command) MarkPersistentFlagFilename(name string, extensions ...string) error {
-	return MarkFlagFilename(c.PersistentFlags(), name, extensions...)
-}
-
-// MarkFlagFilename adds the BashCompFilenameExt annotation to the named flag in the flag set, if it exists.
-// Generated bash autocompletion will select filenames for the flag, limiting to named extensions if provided.
-func MarkFlagFilename(flags *pflag.FlagSet, name string, extensions ...string) error {
-	return flags.SetAnnotation(name, BashCompFilenameExt, extensions)
-}
-
-// MarkFlagCustom adds the BashCompCustom annotation to the named flag in the flag set, if it exists.
-// Generated bash autocompletion will call the bash function f for the flag.
-func MarkFlagCustom(flags *pflag.FlagSet, name string, f string) error {
-	return flags.SetAnnotation(name, BashCompCustom, []string{f})
-}
diff --git a/vendor/github.com/spf13/cobra/cobra.go b/vendor/github.com/spf13/cobra/cobra.go
index 7010fd15b723e..d6cbfd7198582 100644
--- a/vendor/github.com/spf13/cobra/cobra.go
+++ b/vendor/github.com/spf13/cobra/cobra.go
@@ -19,10 +19,12 @@ package cobra
 import (
 	"fmt"
 	"io"
+	"os"
 	"reflect"
 	"strconv"
 	"strings"
 	"text/template"
+	"time"
 	"unicode"
 )
 
@@ -51,11 +53,17 @@ var EnableCommandSorting = true
 // if the CLI is started from explorer.exe.
 // To disable the mousetrap, just set this variable to blank string ("").
 // Works only on Microsoft Windows.
-var MousetrapHelpText string = `This is a command line tool.
+var MousetrapHelpText = `This is a command line tool.
 
 You need to open cmd.exe and run it from there.
 `
 
+// MousetrapDisplayDuration controls how long the MousetrapHelpText message is displayed on Windows
+// if the CLI is started from explorer.exe. Set to 0 to wait for the return key to be pressed.
+// To disable the mousetrap, just set MousetrapHelpText to blank string ("").
+// Works only on Microsoft Windows.
+var MousetrapDisplayDuration = 5 * time.Second
+
 // AddTemplateFunc adds a template function that's available to Usage and Help
 // template generation.
 func AddTemplateFunc(name string, tmplFunc interface{}) {
@@ -198,3 +206,17 @@ func stringInSlice(a string, list []string) bool {
 	}
 	return false
 }
+
+// CheckErr prints the msg with the prefix 'Error:' and exits with error code 1. If the msg is nil, it does nothing.
+func CheckErr(msg interface{}) {
+	if msg != nil {
+		fmt.Fprintln(os.Stderr, "Error:", msg)
+		os.Exit(1)
+	}
+}
+
+// WriteStringAndCheck writes a string into a buffer, and checks if the error is not nil.
+func WriteStringAndCheck(b io.StringWriter, s string) {
+	_, err := b.WriteString(s)
+	CheckErr(err)
+}
diff --git a/vendor/github.com/spf13/cobra/command.go b/vendor/github.com/spf13/cobra/command.go
index 34d1bf367129f..d6732ad115400 100644
--- a/vendor/github.com/spf13/cobra/command.go
+++ b/vendor/github.com/spf13/cobra/command.go
@@ -17,6 +17,7 @@ package cobra
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io"
 	"os"
@@ -36,6 +37,14 @@ type FParseErrWhitelist flag.ParseErrorsWhitelist
 // definition to ensure usability.
 type Command struct {
 	// Use is the one-line usage message.
+	// Recommended syntax is as follow:
+	//   [ ] identifies an optional argument. Arguments that are not enclosed in brackets are required.
+	//   ... indicates that you can specify multiple values for the previous argument.
+	//   |   indicates mutually exclusive information. You can use the argument to the left of the separator or the
+	//       argument to the right of the separator. You cannot use both arguments in a single use of the command.
+	//   { } delimits a set of mutually exclusive arguments when one of the arguments is required. If the arguments are
+	//       optional, they are enclosed in brackets ([ ]).
+	// Example: add [-F file | -D dir]... [-f format] profile
 	Use string
 
 	// Aliases is an array of aliases that can be used instead of the first word in Use.
@@ -56,6 +65,10 @@ type Command struct {
 
 	// ValidArgs is list of all valid non-flag arguments that are accepted in bash completions
 	ValidArgs []string
+	// ValidArgsFunction is an optional function that provides valid non-flag arguments for bash completion.
+	// It is a dynamic version of using ValidArgs.
+	// Only one of ValidArgs and ValidArgsFunction can be used for a command.
+	ValidArgsFunction func(cmd *Command, args []string, toComplete string) ([]string, ShellCompDirective)
 
 	// Expected arguments
 	Args PositionalArgs
@@ -71,16 +84,14 @@ type Command struct {
 	// Deprecated defines, if this command is deprecated and should print this string when used.
 	Deprecated string
 
-	// Hidden defines, if this command is hidden and should NOT show up in the list of available commands.
-	Hidden bool
-
 	// Annotations are key/value pairs that can be used by applications to identify or
 	// group commands.
 	Annotations map[string]string
 
 	// Version defines the version for this command. If this value is non-empty and the command does not
 	// define a "version" flag, a "version" boolean flag will be added to the command and, if specified,
-	// will print content of the "Version" variable.
+	// will print content of the "Version" variable. A shorthand "v" flag will also be added if the
+	// command does not define one.
 	Version string
 
 	// The *Run functions are executed in the following order:
@@ -112,53 +123,6 @@ type Command struct {
 	// PersistentPostRunE: PersistentPostRun but returns an error.
 	PersistentPostRunE func(cmd *Command, args []string) error
 
-	// SilenceErrors is an option to quiet errors down stream.
-	SilenceErrors bool
-
-	// SilenceUsage is an option to silence usage when an error occurs.
-	SilenceUsage bool
-
-	// DisableFlagParsing disables the flag parsing.
-	// If this is true all flags will be passed to the command as arguments.
-	DisableFlagParsing bool
-
-	// DisableAutoGenTag defines, if gen tag ("Auto generated by spf13/cobra...")
-	// will be printed by generating docs for this command.
-	DisableAutoGenTag bool
-
-	// DisableFlagsInUseLine will disable the addition of [flags] to the usage
-	// line of a command when printing help or generating docs
-	DisableFlagsInUseLine bool
-
-	// DisableSuggestions disables the suggestions based on Levenshtein distance
-	// that go along with 'unknown command' messages.
-	DisableSuggestions bool
-	// SuggestionsMinimumDistance defines minimum levenshtein distance to display suggestions.
-	// Must be > 0.
-	SuggestionsMinimumDistance int
-
-	// TraverseChildren parses flags on all parents before executing child command.
-	TraverseChildren bool
-
-	//FParseErrWhitelist flag parse errors to be ignored
-	FParseErrWhitelist FParseErrWhitelist
-
-	// commands is the list of commands supported by this program.
-	commands []*Command
-	// parent is a parent command for this command.
-	parent *Command
-	// Max lengths of commands' string lengths for use in padding.
-	commandsMaxUseLen         int
-	commandsMaxCommandPathLen int
-	commandsMaxNameLen        int
-	// commandsAreSorted defines, if command slice are sorted or not.
-	commandsAreSorted bool
-	// commandCalledAs is the name or alias value used to call this command.
-	commandCalledAs struct {
-		name   string
-		called bool
-	}
-
 	// args is actual args parsed from flags.
 	args []string
 	// flagErrorBuf contains all error messages from pflag.
@@ -177,8 +141,6 @@ type Command struct {
 	// that we can use on every pflag set and children commands
 	globNormFunc func(f *flag.FlagSet, name string) flag.NormalizedName
 
-	// output is an output writer defined by user.
-	output io.Writer
 	// usageFunc is usage func defined by user.
 	usageFunc func(*Command) error
 	// usageTemplate is usage template defined by user.
@@ -195,6 +157,73 @@ type Command struct {
 	helpCommand *Command
 	// versionTemplate is the version template defined by user.
 	versionTemplate string
+
+	// inReader is a reader defined by the user that replaces stdin
+	inReader io.Reader
+	// outWriter is a writer defined by the user that replaces stdout
+	outWriter io.Writer
+	// errWriter is a writer defined by the user that replaces stderr
+	errWriter io.Writer
+
+	//FParseErrWhitelist flag parse errors to be ignored
+	FParseErrWhitelist FParseErrWhitelist
+
+	// commandsAreSorted defines, if command slice are sorted or not.
+	commandsAreSorted bool
+	// commandCalledAs is the name or alias value used to call this command.
+	commandCalledAs struct {
+		name   string
+		called bool
+	}
+
+	ctx context.Context
+
+	// commands is the list of commands supported by this program.
+	commands []*Command
+	// parent is a parent command for this command.
+	parent *Command
+	// Max lengths of commands' string lengths for use in padding.
+	commandsMaxUseLen         int
+	commandsMaxCommandPathLen int
+	commandsMaxNameLen        int
+
+	// TraverseChildren parses flags on all parents before executing child command.
+	TraverseChildren bool
+
+	// Hidden defines, if this command is hidden and should NOT show up in the list of available commands.
+	Hidden bool
+
+	// SilenceErrors is an option to quiet errors down stream.
+	SilenceErrors bool
+
+	// SilenceUsage is an option to silence usage when an error occurs.
+	SilenceUsage bool
+
+	// DisableFlagParsing disables the flag parsing.
+	// If this is true all flags will be passed to the command as arguments.
+	DisableFlagParsing bool
+
+	// DisableAutoGenTag defines, if gen tag ("Auto generated by spf13/cobra...")
+	// will be printed by generating docs for this command.
+	DisableAutoGenTag bool
+
+	// DisableFlagsInUseLine will disable the addition of [flags] to the usage
+	// line of a command when printing help or generating docs
+	DisableFlagsInUseLine bool
+
+	// DisableSuggestions disables the suggestions based on Levenshtein distance
+	// that go along with 'unknown command' messages.
+	DisableSuggestions bool
+
+	// SuggestionsMinimumDistance defines minimum levenshtein distance to display suggestions.
+	// Must be > 0.
+	SuggestionsMinimumDistance int
+}
+
+// Context returns underlying command context. If command wasn't
+// executed with ExecuteContext Context returns Background context.
+func (c *Command) Context() context.Context {
+	return c.ctx
 }
 
 // SetArgs sets arguments for the command. It is set to os.Args[1:] by default, if desired, can be overridden
@@ -205,8 +234,28 @@ func (c *Command) SetArgs(a []string) {
 
 // SetOutput sets the destination for usage and error messages.
 // If output is nil, os.Stderr is used.
+// Deprecated: Use SetOut and/or SetErr instead
 func (c *Command) SetOutput(output io.Writer) {
-	c.output = output
+	c.outWriter = output
+	c.errWriter = output
+}
+
+// SetOut sets the destination for usage messages.
+// If newOut is nil, os.Stdout is used.
+func (c *Command) SetOut(newOut io.Writer) {
+	c.outWriter = newOut
+}
+
+// SetErr sets the destination for error messages.
+// If newErr is nil, os.Stderr is used.
+func (c *Command) SetErr(newErr io.Writer) {
+	c.errWriter = newErr
+}
+
+// SetIn sets the source for input data
+// If newIn is nil, os.Stdin is used.
+func (c *Command) SetIn(newIn io.Reader) {
+	c.inReader = newIn
 }
 
 // SetUsageFunc sets usage function. Usage can be defined by application.
@@ -267,9 +316,19 @@ func (c *Command) OutOrStderr() io.Writer {
 	return c.getOut(os.Stderr)
 }
 
+// ErrOrStderr returns output to stderr
+func (c *Command) ErrOrStderr() io.Writer {
+	return c.getErr(os.Stderr)
+}
+
+// InOrStdin returns input to stdin
+func (c *Command) InOrStdin() io.Reader {
+	return c.getIn(os.Stdin)
+}
+
 func (c *Command) getOut(def io.Writer) io.Writer {
-	if c.output != nil {
-		return c.output
+	if c.outWriter != nil {
+		return c.outWriter
 	}
 	if c.HasParent() {
 		return c.parent.getOut(def)
@@ -277,6 +336,26 @@ func (c *Command) getOut(def io.Writer) io.Writer {
 	return def
 }
 
+func (c *Command) getErr(def io.Writer) io.Writer {
+	if c.errWriter != nil {
+		return c.errWriter
+	}
+	if c.HasParent() {
+		return c.parent.getErr(def)
+	}
+	return def
+}
+
+func (c *Command) getIn(def io.Reader) io.Reader {
+	if c.inReader != nil {
+		return c.inReader
+	}
+	if c.HasParent() {
+		return c.parent.getIn(def)
+	}
+	return def
+}
+
 // UsageFunc returns either the function set by SetUsageFunc for this command
 // or a parent, or it returns a default usage function.
 func (c *Command) UsageFunc() (f func(*Command) error) {
@@ -290,7 +369,7 @@ func (c *Command) UsageFunc() (f func(*Command) error) {
 		c.mergePersistentFlags()
 		err := tmpl(c.OutOrStderr(), c.UsageTemplate(), c)
 		if err != nil {
-			c.Println(err)
+			c.PrintErrln(err)
 		}
 		return err
 	}
@@ -314,9 +393,11 @@ func (c *Command) HelpFunc() func(*Command, []string) {
 	}
 	return func(c *Command, a []string) {
 		c.mergePersistentFlags()
+		// The help should be sent to stdout
+		// See https://github.com/spf13/cobra/issues/1002
 		err := tmpl(c.OutOrStdout(), c.HelpTemplate(), c)
 		if err != nil {
-			c.Println(err)
+			c.PrintErrln(err)
 		}
 	}
 }
@@ -329,13 +410,22 @@ func (c *Command) Help() error {
 	return nil
 }
 
-// UsageString return usage string.
+// UsageString returns usage string.
 func (c *Command) UsageString() string {
-	tmpOutput := c.output
+	// Storing normal writers
+	tmpOutput := c.outWriter
+	tmpErr := c.errWriter
+
 	bb := new(bytes.Buffer)
-	c.SetOutput(bb)
-	c.Usage()
-	c.output = tmpOutput
+	c.outWriter = bb
+	c.errWriter = bb
+
+	CheckErr(c.Usage())
+
+	// Setting things back to normal
+	c.outWriter = tmpOutput
+	c.errWriter = tmpErr
+
 	return bb.String()
 }
 
@@ -793,6 +883,13 @@ func (c *Command) preRun() {
 	}
 }
 
+// ExecuteContext is the same as Execute(), but sets the ctx on the command.
+// Retrieve ctx by calling cmd.Context() inside your *Run lifecycle functions.
+func (c *Command) ExecuteContext(ctx context.Context) error {
+	c.ctx = ctx
+	return c.Execute()
+}
+
 // Execute uses the args (os.Args[1:] by default)
 // and run through the command tree finding appropriate matches
 // for commands and then corresponding flags.
@@ -803,6 +900,10 @@ func (c *Command) Execute() error {
 
 // ExecuteC executes the command.
 func (c *Command) ExecuteC() (cmd *Command, err error) {
+	if c.ctx == nil {
+		c.ctx = context.Background()
+	}
+
 	// Regardless of what command execute is called on, run on Root only
 	if c.HasParent() {
 		return c.Root().ExecuteC()
@@ -817,15 +918,16 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 	// overriding
 	c.InitDefaultHelpCmd()
 
-	var args []string
+	args := c.args
 
 	// Workaround FAIL with "go test -v" or "cobra.test -test.v", see #155
 	if c.args == nil && filepath.Base(os.Args[0]) != "cobra.test" {
 		args = os.Args[1:]
-	} else {
-		args = c.args
 	}
 
+	// initialize the hidden command to be used for bash completion
+	c.initCompleteCmd(args)
+
 	var flags []string
 	if c.TraverseChildren {
 		cmd, flags, err = c.Traverse(args)
@@ -838,8 +940,8 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 			c = cmd
 		}
 		if !c.SilenceErrors {
-			c.Println("Error:", err.Error())
-			c.Printf("Run '%v --help' for usage.\n", c.CommandPath())
+			c.PrintErrln("Error:", err.Error())
+			c.PrintErrf("Run '%v --help' for usage.\n", c.CommandPath())
 		}
 		return c, err
 	}
@@ -849,6 +951,12 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 		cmd.commandCalledAs.name = cmd.Name()
 	}
 
+	// We have to pass global context to children command
+	// if context is present on the parent command.
+	if cmd.ctx == nil {
+		cmd.ctx = c.ctx
+	}
+
 	err = cmd.execute(flags)
 	if err != nil {
 		// Always show help if requested, even if SilenceErrors is in
@@ -858,13 +966,13 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 			return cmd, nil
 		}
 
-		// If root command has SilentErrors flagged,
+		// If root command has SilenceErrors flagged,
 		// all subcommands should respect it
 		if !cmd.SilenceErrors && !c.SilenceErrors {
-			c.Println("Error:", err.Error())
+			c.PrintErrln("Error:", err.Error())
 		}
 
-		// If root command has SilentUsage flagged,
+		// If root command has SilenceUsage flagged,
 		// all subcommands should respect it
 		if !cmd.SilenceUsage && !c.SilenceUsage {
 			c.Println(cmd.UsageString())
@@ -881,6 +989,10 @@ func (c *Command) ValidateArgs(args []string) error {
 }
 
 func (c *Command) validateRequiredFlags() error {
+	if c.DisableFlagParsing {
+		return nil
+	}
+
 	flags := c.Flags()
 	missingFlagNames := []string{}
 	flags.VisitAll(func(pflag *flag.Flag) {
@@ -932,7 +1044,11 @@ func (c *Command) InitDefaultVersionFlag() {
 		} else {
 			usage += c.Name()
 		}
-		c.Flags().Bool("version", false, usage)
+		if c.Flags().ShorthandLookup("v") == nil {
+			c.Flags().BoolP("version", "v", false, usage)
+		} else {
+			c.Flags().Bool("version", false, usage)
+		}
 	}
 }
 
@@ -950,15 +1066,33 @@ func (c *Command) InitDefaultHelpCmd() {
 			Short: "Help about any command",
 			Long: `Help provides help for any command in the application.
 Simply type ` + c.Name() + ` help [path to command] for full details.`,
-
+			ValidArgsFunction: func(c *Command, args []string, toComplete string) ([]string, ShellCompDirective) {
+				var completions []string
+				cmd, _, e := c.Root().Find(args)
+				if e != nil {
+					return nil, ShellCompDirectiveNoFileComp
+				}
+				if cmd == nil {
+					// Root help command.
+					cmd = c.Root()
+				}
+				for _, subCmd := range cmd.Commands() {
+					if subCmd.IsAvailableCommand() || subCmd == cmd.helpCommand {
+						if strings.HasPrefix(subCmd.Name(), toComplete) {
+							completions = append(completions, fmt.Sprintf("%s\t%s", subCmd.Name(), subCmd.Short))
+						}
+					}
+				}
+				return completions, ShellCompDirectiveNoFileComp
+			},
 			Run: func(c *Command, args []string) {
 				cmd, _, e := c.Root().Find(args)
 				if cmd == nil || e != nil {
 					c.Printf("Unknown help topic %#q\n", args)
-					c.Root().Usage()
+					CheckErr(c.Root().Usage())
 				} else {
 					cmd.InitDefaultHelpFlag() // make possible 'help' flag to be shown
-					cmd.Help()
+					CheckErr(cmd.Help())
 				}
 			},
 		}
@@ -1070,6 +1204,21 @@ func (c *Command) Printf(format string, i ...interface{}) {
 	c.Print(fmt.Sprintf(format, i...))
 }
 
+// PrintErr is a convenience method to Print to the defined Err output, fallback to Stderr if not set.
+func (c *Command) PrintErr(i ...interface{}) {
+	fmt.Fprint(c.ErrOrStderr(), i...)
+}
+
+// PrintErrln is a convenience method to Println to the defined Err output, fallback to Stderr if not set.
+func (c *Command) PrintErrln(i ...interface{}) {
+	c.PrintErr(fmt.Sprintln(i...))
+}
+
+// PrintErrf is a convenience method to Printf to the defined Err output, fallback to Stderr if not set.
+func (c *Command) PrintErrf(format string, i ...interface{}) {
+	c.PrintErr(fmt.Sprintf(format, i...))
+}
+
 // CommandPath returns the full path to this command.
 func (c *Command) CommandPath() string {
 	if c.HasParent() {
@@ -1335,7 +1484,7 @@ func (c *Command) LocalFlags() *flag.FlagSet {
 	return c.lflags
 }
 
-// InheritedFlags returns all flags which were inherited from parents commands.
+// InheritedFlags returns all flags which were inherited from parent commands.
 func (c *Command) InheritedFlags() *flag.FlagSet {
 	c.mergePersistentFlags()
 
@@ -1470,7 +1619,7 @@ func (c *Command) ParseFlags(args []string) error {
 	beforeErrorBufLen := c.flagErrorBuf.Len()
 	c.mergePersistentFlags()
 
-	//do it here after merging all flags and just before parse
+	// do it here after merging all flags and just before parse
 	c.Flags().ParseErrorsWhitelist = flag.ParseErrorsWhitelist(c.FParseErrWhitelist)
 
 	err := c.Flags().Parse(args)
diff --git a/vendor/github.com/spf13/cobra/command_win.go b/vendor/github.com/spf13/cobra/command_win.go
index edec728e4f5af..8768b1736dca3 100644
--- a/vendor/github.com/spf13/cobra/command_win.go
+++ b/vendor/github.com/spf13/cobra/command_win.go
@@ -3,6 +3,7 @@
 package cobra
 
 import (
+	"fmt"
 	"os"
 	"time"
 
@@ -14,7 +15,12 @@ var preExecHookFn = preExecHook
 func preExecHook(c *Command) {
 	if MousetrapHelpText != "" && mousetrap.StartedByExplorer() {
 		c.Print(MousetrapHelpText)
-		time.Sleep(5 * time.Second)
+		if MousetrapDisplayDuration > 0 {
+			time.Sleep(MousetrapDisplayDuration)
+		} else {
+			c.Println("Press return to continue...")
+			fmt.Scanln()
+		}
 		os.Exit(1)
 	}
 }
diff --git a/vendor/github.com/spf13/cobra/custom_completions.go b/vendor/github.com/spf13/cobra/custom_completions.go
new file mode 100644
index 0000000000000..fa060c147befc
--- /dev/null
+++ b/vendor/github.com/spf13/cobra/custom_completions.go
@@ -0,0 +1,557 @@
+package cobra
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/spf13/pflag"
+)
+
+const (
+	// ShellCompRequestCmd is the name of the hidden command that is used to request
+	// completion results from the program.  It is used by the shell completion scripts.
+	ShellCompRequestCmd = "__complete"
+	// ShellCompNoDescRequestCmd is the name of the hidden command that is used to request
+	// completion results without their description.  It is used by the shell completion scripts.
+	ShellCompNoDescRequestCmd = "__completeNoDesc"
+)
+
+// Global map of flag completion functions.
+var flagCompletionFunctions = map[*pflag.Flag]func(cmd *Command, args []string, toComplete string) ([]string, ShellCompDirective){}
+
+// ShellCompDirective is a bit map representing the different behaviors the shell
+// can be instructed to have once completions have been provided.
+type ShellCompDirective int
+
+const (
+	// ShellCompDirectiveError indicates an error occurred and completions should be ignored.
+	ShellCompDirectiveError ShellCompDirective = 1 << iota
+
+	// ShellCompDirectiveNoSpace indicates that the shell should not add a space
+	// after the completion even if there is a single completion provided.
+	ShellCompDirectiveNoSpace
+
+	// ShellCompDirectiveNoFileComp indicates that the shell should not provide
+	// file completion even when no completion is provided.
+	// This currently does not work for zsh or bash < 4
+	ShellCompDirectiveNoFileComp
+
+	// ShellCompDirectiveFilterFileExt indicates that the provided completions
+	// should be used as file extension filters.
+	// For flags, using Command.MarkFlagFilename() and Command.MarkPersistentFlagFilename()
+	// is a shortcut to using this directive explicitly.  The BashCompFilenameExt
+	// annotation can also be used to obtain the same behavior for flags.
+	ShellCompDirectiveFilterFileExt
+
+	// ShellCompDirectiveFilterDirs indicates that only directory names should
+	// be provided in file completion.  To request directory names within another
+	// directory, the returned completions should specify the directory within
+	// which to search.  The BashCompSubdirsInDir annotation can be used to
+	// obtain the same behavior but only for flags.
+	ShellCompDirectiveFilterDirs
+
+	// ===========================================================================
+
+	// All directives using iota should be above this one.
+	// For internal use.
+	shellCompDirectiveMaxValue
+
+	// ShellCompDirectiveDefault indicates to let the shell perform its default
+	// behavior after completions have been provided.
+	// This one must be last to avoid messing up the iota count.
+	ShellCompDirectiveDefault ShellCompDirective = 0
+)
+
+// RegisterFlagCompletionFunc should be called to register a function to provide completion for a flag.
+func (c *Command) RegisterFlagCompletionFunc(flagName string, f func(cmd *Command, args []string, toComplete string) ([]string, ShellCompDirective)) error {
+	flag := c.Flag(flagName)
+	if flag == nil {
+		return fmt.Errorf("RegisterFlagCompletionFunc: flag '%s' does not exist", flagName)
+	}
+	if _, exists := flagCompletionFunctions[flag]; exists {
+		return fmt.Errorf("RegisterFlagCompletionFunc: flag '%s' already registered", flagName)
+	}
+	flagCompletionFunctions[flag] = f
+	return nil
+}
+
+// Returns a string listing the different directive enabled in the specified parameter
+func (d ShellCompDirective) string() string {
+	var directives []string
+	if d&ShellCompDirectiveError != 0 {
+		directives = append(directives, "ShellCompDirectiveError")
+	}
+	if d&ShellCompDirectiveNoSpace != 0 {
+		directives = append(directives, "ShellCompDirectiveNoSpace")
+	}
+	if d&ShellCompDirectiveNoFileComp != 0 {
+		directives = append(directives, "ShellCompDirectiveNoFileComp")
+	}
+	if d&ShellCompDirectiveFilterFileExt != 0 {
+		directives = append(directives, "ShellCompDirectiveFilterFileExt")
+	}
+	if d&ShellCompDirectiveFilterDirs != 0 {
+		directives = append(directives, "ShellCompDirectiveFilterDirs")
+	}
+	if len(directives) == 0 {
+		directives = append(directives, "ShellCompDirectiveDefault")
+	}
+
+	if d >= shellCompDirectiveMaxValue {
+		return fmt.Sprintf("ERROR: unexpected ShellCompDirective value: %d", d)
+	}
+	return strings.Join(directives, ", ")
+}
+
+// Adds a special hidden command that can be used to request custom completions.
+func (c *Command) initCompleteCmd(args []string) {
+	completeCmd := &Command{
+		Use:                   fmt.Sprintf("%s [command-line]", ShellCompRequestCmd),
+		Aliases:               []string{ShellCompNoDescRequestCmd},
+		DisableFlagsInUseLine: true,
+		Hidden:                true,
+		DisableFlagParsing:    true,
+		Args:                  MinimumNArgs(1),
+		Short:                 "Request shell completion choices for the specified command-line",
+		Long: fmt.Sprintf("%[2]s is a special command that is used by the shell completion logic\n%[1]s",
+			"to request completion choices for the specified command-line.", ShellCompRequestCmd),
+		Run: func(cmd *Command, args []string) {
+			finalCmd, completions, directive, err := cmd.getCompletions(args)
+			if err != nil {
+				CompErrorln(err.Error())
+				// Keep going for multiple reasons:
+				// 1- There could be some valid completions even though there was an error
+				// 2- Even without completions, we need to print the directive
+			}
+
+			noDescriptions := (cmd.CalledAs() == ShellCompNoDescRequestCmd)
+			for _, comp := range completions {
+				if noDescriptions {
+					// Remove any description that may be included following a tab character.
+					comp = strings.Split(comp, "\t")[0]
+				}
+
+				// Make sure we only write the first line to the output.
+				// This is needed if a description contains a linebreak.
+				// Otherwise the shell scripts will interpret the other lines as new flags
+				// and could therefore provide a wrong completion.
+				comp = strings.Split(comp, "\n")[0]
+
+				// Finally trim the completion.  This is especially important to get rid
+				// of a trailing tab when there are no description following it.
+				// For example, a sub-command without a description should not be completed
+				// with a tab at the end (or else zsh will show a -- following it
+				// although there is no description).
+				comp = strings.TrimSpace(comp)
+
+				// Print each possible completion to stdout for the completion script to consume.
+				fmt.Fprintln(finalCmd.OutOrStdout(), comp)
+			}
+
+			if directive >= shellCompDirectiveMaxValue {
+				directive = ShellCompDirectiveDefault
+			}
+
+			// As the last printout, print the completion directive for the completion script to parse.
+			// The directive integer must be that last character following a single colon (:).
+			// The completion script expects :<directive>
+			fmt.Fprintf(finalCmd.OutOrStdout(), ":%d\n", directive)
+
+			// Print some helpful info to stderr for the user to understand.
+			// Output from stderr must be ignored by the completion script.
+			fmt.Fprintf(finalCmd.ErrOrStderr(), "Completion ended with directive: %s\n", directive.string())
+		},
+	}
+	c.AddCommand(completeCmd)
+	subCmd, _, err := c.Find(args)
+	if err != nil || subCmd.Name() != ShellCompRequestCmd {
+		// Only create this special command if it is actually being called.
+		// This reduces possible side-effects of creating such a command;
+		// for example, having this command would cause problems to a
+		// cobra program that only consists of the root command, since this
+		// command would cause the root command to suddenly have a subcommand.
+		c.RemoveCommand(completeCmd)
+	}
+}
+
+func (c *Command) getCompletions(args []string) (*Command, []string, ShellCompDirective, error) {
+	// The last argument, which is not completely typed by the user,
+	// should not be part of the list of arguments
+	toComplete := args[len(args)-1]
+	trimmedArgs := args[:len(args)-1]
+
+	var finalCmd *Command
+	var finalArgs []string
+	var err error
+	// Find the real command for which completion must be performed
+	// check if we need to traverse here to parse local flags on parent commands
+	if c.Root().TraverseChildren {
+		finalCmd, finalArgs, err = c.Root().Traverse(trimmedArgs)
+	} else {
+		finalCmd, finalArgs, err = c.Root().Find(trimmedArgs)
+	}
+	if err != nil {
+		// Unable to find the real command. E.g., <program> someInvalidCmd <TAB>
+		return c, []string{}, ShellCompDirectiveDefault, fmt.Errorf("Unable to find a command for arguments: %v", trimmedArgs)
+	}
+
+	// Check if we are doing flag value completion before parsing the flags.
+	// This is important because if we are completing a flag value, we need to also
+	// remove the flag name argument from the list of finalArgs or else the parsing
+	// could fail due to an invalid value (incomplete) for the flag.
+	flag, finalArgs, toComplete, err := checkIfFlagCompletion(finalCmd, finalArgs, toComplete)
+	if err != nil {
+		// Error while attempting to parse flags
+		return finalCmd, []string{}, ShellCompDirectiveDefault, err
+	}
+
+	// Parse the flags early so we can check if required flags are set
+	if err = finalCmd.ParseFlags(finalArgs); err != nil {
+		return finalCmd, []string{}, ShellCompDirectiveDefault, fmt.Errorf("Error while parsing flags from args %v: %s", finalArgs, err.Error())
+	}
+
+	if flag != nil {
+		// Check if we are completing a flag value subject to annotations
+		if validExts, present := flag.Annotations[BashCompFilenameExt]; present {
+			if len(validExts) != 0 {
+				// File completion filtered by extensions
+				return finalCmd, validExts, ShellCompDirectiveFilterFileExt, nil
+			}
+
+			// The annotation requests simple file completion.  There is no reason to do
+			// that since it is the default behavior anyway.  Let's ignore this annotation
+			// in case the program also registered a completion function for this flag.
+			// Even though it is a mistake on the program's side, let's be nice when we can.
+		}
+
+		if subDir, present := flag.Annotations[BashCompSubdirsInDir]; present {
+			if len(subDir) == 1 {
+				// Directory completion from within a directory
+				return finalCmd, subDir, ShellCompDirectiveFilterDirs, nil
+			}
+			// Directory completion
+			return finalCmd, []string{}, ShellCompDirectiveFilterDirs, nil
+		}
+	}
+
+	// When doing completion of a flag name, as soon as an argument starts with
+	// a '-' we know it is a flag.  We cannot use isFlagArg() here as it requires
+	// the flag name to be complete
+	if flag == nil && len(toComplete) > 0 && toComplete[0] == '-' && !strings.Contains(toComplete, "=") {
+		var completions []string
+
+		// First check for required flags
+		completions = completeRequireFlags(finalCmd, toComplete)
+
+		// If we have not found any required flags, only then can we show regular flags
+		if len(completions) == 0 {
+			doCompleteFlags := func(flag *pflag.Flag) {
+				if !flag.Changed ||
+					strings.Contains(flag.Value.Type(), "Slice") ||
+					strings.Contains(flag.Value.Type(), "Array") {
+					// If the flag is not already present, or if it can be specified multiple times (Array or Slice)
+					// we suggest it as a completion
+					completions = append(completions, getFlagNameCompletions(flag, toComplete)...)
+				}
+			}
+
+			// We cannot use finalCmd.Flags() because we may not have called ParsedFlags() for commands
+			// that have set DisableFlagParsing; it is ParseFlags() that merges the inherited and
+			// non-inherited flags.
+			finalCmd.InheritedFlags().VisitAll(func(flag *pflag.Flag) {
+				doCompleteFlags(flag)
+			})
+			finalCmd.NonInheritedFlags().VisitAll(func(flag *pflag.Flag) {
+				doCompleteFlags(flag)
+			})
+		}
+
+		directive := ShellCompDirectiveNoFileComp
+		if len(completions) == 1 && strings.HasSuffix(completions[0], "=") {
+			// If there is a single completion, the shell usually adds a space
+			// after the completion.  We don't want that if the flag ends with an =
+			directive = ShellCompDirectiveNoSpace
+		}
+		return finalCmd, completions, directive, nil
+	}
+
+	// We only remove the flags from the arguments if DisableFlagParsing is not set.
+	// This is important for commands which have requested to do their own flag completion.
+	if !finalCmd.DisableFlagParsing {
+		finalArgs = finalCmd.Flags().Args()
+	}
+
+	var completions []string
+	directive := ShellCompDirectiveDefault
+	if flag == nil {
+		foundLocalNonPersistentFlag := false
+		// If TraverseChildren is true on the root command we don't check for
+		// local flags because we can use a local flag on a parent command
+		if !finalCmd.Root().TraverseChildren {
+			// Check if there are any local, non-persistent flags on the command-line
+			localNonPersistentFlags := finalCmd.LocalNonPersistentFlags()
+			finalCmd.NonInheritedFlags().VisitAll(func(flag *pflag.Flag) {
+				if localNonPersistentFlags.Lookup(flag.Name) != nil && flag.Changed {
+					foundLocalNonPersistentFlag = true
+				}
+			})
+		}
+
+		// Complete subcommand names, including the help command
+		if len(finalArgs) == 0 && !foundLocalNonPersistentFlag {
+			// We only complete sub-commands if:
+			// - there are no arguments on the command-line and
+			// - there are no local, non-peristent flag on the command-line or TraverseChildren is true
+			for _, subCmd := range finalCmd.Commands() {
+				if subCmd.IsAvailableCommand() || subCmd == finalCmd.helpCommand {
+					if strings.HasPrefix(subCmd.Name(), toComplete) {
+						completions = append(completions, fmt.Sprintf("%s\t%s", subCmd.Name(), subCmd.Short))
+					}
+					directive = ShellCompDirectiveNoFileComp
+				}
+			}
+		}
+
+		// Complete required flags even without the '-' prefix
+		completions = append(completions, completeRequireFlags(finalCmd, toComplete)...)
+
+		// Always complete ValidArgs, even if we are completing a subcommand name.
+		// This is for commands that have both subcommands and ValidArgs.
+		if len(finalCmd.ValidArgs) > 0 {
+			if len(finalArgs) == 0 {
+				// ValidArgs are only for the first argument
+				for _, validArg := range finalCmd.ValidArgs {
+					if strings.HasPrefix(validArg, toComplete) {
+						completions = append(completions, validArg)
+					}
+				}
+				directive = ShellCompDirectiveNoFileComp
+
+				// If no completions were found within commands or ValidArgs,
+				// see if there are any ArgAliases that should be completed.
+				if len(completions) == 0 {
+					for _, argAlias := range finalCmd.ArgAliases {
+						if strings.HasPrefix(argAlias, toComplete) {
+							completions = append(completions, argAlias)
+						}
+					}
+				}
+			}
+
+			// If there are ValidArgs specified (even if they don't match), we stop completion.
+			// Only one of ValidArgs or ValidArgsFunction can be used for a single command.
+			return finalCmd, completions, directive, nil
+		}
+
+		// Let the logic continue so as to add any ValidArgsFunction completions,
+		// even if we already found sub-commands.
+		// This is for commands that have subcommands but also specify a ValidArgsFunction.
+	}
+
+	// Find the completion function for the flag or command
+	var completionFn func(cmd *Command, args []string, toComplete string) ([]string, ShellCompDirective)
+	if flag != nil {
+		completionFn = flagCompletionFunctions[flag]
+	} else {
+		completionFn = finalCmd.ValidArgsFunction
+	}
+	if completionFn != nil {
+		// Go custom completion defined for this flag or command.
+		// Call the registered completion function to get the completions.
+		var comps []string
+		comps, directive = completionFn(finalCmd, finalArgs, toComplete)
+		completions = append(completions, comps...)
+	}
+
+	return finalCmd, completions, directive, nil
+}
+
+func getFlagNameCompletions(flag *pflag.Flag, toComplete string) []string {
+	if nonCompletableFlag(flag) {
+		return []string{}
+	}
+
+	var completions []string
+	flagName := "--" + flag.Name
+	if strings.HasPrefix(flagName, toComplete) {
+		// Flag without the =
+		completions = append(completions, fmt.Sprintf("%s\t%s", flagName, flag.Usage))
+
+		// Why suggest both long forms: --flag and --flag= ?
+		// This forces the user to *always* have to type either an = or a space after the flag name.
+		// Let's be nice and avoid making users have to do that.
+		// Since boolean flags and shortname flags don't show the = form, let's go that route and never show it.
+		// The = form will still work, we just won't suggest it.
+		// This also makes the list of suggested flags shorter as we avoid all the = forms.
+		//
+		// if len(flag.NoOptDefVal) == 0 {
+		// 	// Flag requires a value, so it can be suffixed with =
+		// 	flagName += "="
+		// 	completions = append(completions, fmt.Sprintf("%s\t%s", flagName, flag.Usage))
+		// }
+	}
+
+	flagName = "-" + flag.Shorthand
+	if len(flag.Shorthand) > 0 && strings.HasPrefix(flagName, toComplete) {
+		completions = append(completions, fmt.Sprintf("%s\t%s", flagName, flag.Usage))
+	}
+
+	return completions
+}
+
+func completeRequireFlags(finalCmd *Command, toComplete string) []string {
+	var completions []string
+
+	doCompleteRequiredFlags := func(flag *pflag.Flag) {
+		if _, present := flag.Annotations[BashCompOneRequiredFlag]; present {
+			if !flag.Changed {
+				// If the flag is not already present, we suggest it as a completion
+				completions = append(completions, getFlagNameCompletions(flag, toComplete)...)
+			}
+		}
+	}
+
+	// We cannot use finalCmd.Flags() because we may not have called ParsedFlags() for commands
+	// that have set DisableFlagParsing; it is ParseFlags() that merges the inherited and
+	// non-inherited flags.
+	finalCmd.InheritedFlags().VisitAll(func(flag *pflag.Flag) {
+		doCompleteRequiredFlags(flag)
+	})
+	finalCmd.NonInheritedFlags().VisitAll(func(flag *pflag.Flag) {
+		doCompleteRequiredFlags(flag)
+	})
+
+	return completions
+}
+
+func checkIfFlagCompletion(finalCmd *Command, args []string, lastArg string) (*pflag.Flag, []string, string, error) {
+	if finalCmd.DisableFlagParsing {
+		// We only do flag completion if we are allowed to parse flags
+		// This is important for commands which have requested to do their own flag completion.
+		return nil, args, lastArg, nil
+	}
+
+	var flagName string
+	trimmedArgs := args
+	flagWithEqual := false
+
+	// When doing completion of a flag name, as soon as an argument starts with
+	// a '-' we know it is a flag.  We cannot use isFlagArg() here as that function
+	// requires the flag name to be complete
+	if len(lastArg) > 0 && lastArg[0] == '-' {
+		if index := strings.Index(lastArg, "="); index >= 0 {
+			// Flag with an =
+			flagName = strings.TrimLeft(lastArg[:index], "-")
+			lastArg = lastArg[index+1:]
+			flagWithEqual = true
+		} else {
+			// Normal flag completion
+			return nil, args, lastArg, nil
+		}
+	}
+
+	if len(flagName) == 0 {
+		if len(args) > 0 {
+			prevArg := args[len(args)-1]
+			if isFlagArg(prevArg) {
+				// Only consider the case where the flag does not contain an =.
+				// If the flag contains an = it means it has already been fully processed,
+				// so we don't need to deal with it here.
+				if index := strings.Index(prevArg, "="); index < 0 {
+					flagName = strings.TrimLeft(prevArg, "-")
+
+					// Remove the uncompleted flag or else there could be an error created
+					// for an invalid value for that flag
+					trimmedArgs = args[:len(args)-1]
+				}
+			}
+		}
+	}
+
+	if len(flagName) == 0 {
+		// Not doing flag completion
+		return nil, trimmedArgs, lastArg, nil
+	}
+
+	flag := findFlag(finalCmd, flagName)
+	if flag == nil {
+		// Flag not supported by this command, nothing to complete
+		err := fmt.Errorf("Subcommand '%s' does not support flag '%s'", finalCmd.Name(), flagName)
+		return nil, nil, "", err
+	}
+
+	if !flagWithEqual {
+		if len(flag.NoOptDefVal) != 0 {
+			// We had assumed dealing with a two-word flag but the flag is a boolean flag.
+			// In that case, there is no value following it, so we are not really doing flag completion.
+			// Reset everything to do noun completion.
+			trimmedArgs = args
+			flag = nil
+		}
+	}
+
+	return flag, trimmedArgs, lastArg, nil
+}
+
+func findFlag(cmd *Command, name string) *pflag.Flag {
+	flagSet := cmd.Flags()
+	if len(name) == 1 {
+		// First convert the short flag into a long flag
+		// as the cmd.Flag() search only accepts long flags
+		if short := flagSet.ShorthandLookup(name); short != nil {
+			name = short.Name
+		} else {
+			set := cmd.InheritedFlags()
+			if short = set.ShorthandLookup(name); short != nil {
+				name = short.Name
+			} else {
+				return nil
+			}
+		}
+	}
+	return cmd.Flag(name)
+}
+
+// CompDebug prints the specified string to the same file as where the
+// completion script prints its logs.
+// Note that completion printouts should never be on stdout as they would
+// be wrongly interpreted as actual completion choices by the completion script.
+func CompDebug(msg string, printToStdErr bool) {
+	msg = fmt.Sprintf("[Debug] %s", msg)
+
+	// Such logs are only printed when the user has set the environment
+	// variable BASH_COMP_DEBUG_FILE to the path of some file to be used.
+	if path := os.Getenv("BASH_COMP_DEBUG_FILE"); path != "" {
+		f, err := os.OpenFile(path,
+			os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err == nil {
+			defer f.Close()
+			WriteStringAndCheck(f, msg)
+		}
+	}
+
+	if printToStdErr {
+		// Must print to stderr for this not to be read by the completion script.
+		fmt.Fprint(os.Stderr, msg)
+	}
+}
+
+// CompDebugln prints the specified string with a newline at the end
+// to the same file as where the completion script prints its logs.
+// Such logs are only printed when the user has set the environment
+// variable BASH_COMP_DEBUG_FILE to the path of some file to be used.
+func CompDebugln(msg string, printToStdErr bool) {
+	CompDebug(fmt.Sprintf("%s\n", msg), printToStdErr)
+}
+
+// CompError prints the specified completion message to stderr.
+func CompError(msg string) {
+	msg = fmt.Sprintf("[Error] %s", msg)
+	CompDebug(msg, true)
+}
+
+// CompErrorln prints the specified completion message to stderr with a newline at the end.
+func CompErrorln(msg string) {
+	CompError(fmt.Sprintf("%s\n", msg))
+}
diff --git a/vendor/github.com/spf13/cobra/fish_completions.go b/vendor/github.com/spf13/cobra/fish_completions.go
new file mode 100644
index 0000000000000..3e112347d7b9d
--- /dev/null
+++ b/vendor/github.com/spf13/cobra/fish_completions.go
@@ -0,0 +1,207 @@
+package cobra
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+)
+
+func genFishComp(buf io.StringWriter, name string, includeDesc bool) {
+	// Variables should not contain a '-' or ':' character
+	nameForVar := name
+	nameForVar = strings.Replace(nameForVar, "-", "_", -1)
+	nameForVar = strings.Replace(nameForVar, ":", "_", -1)
+
+	compCmd := ShellCompRequestCmd
+	if !includeDesc {
+		compCmd = ShellCompNoDescRequestCmd
+	}
+	WriteStringAndCheck(buf, fmt.Sprintf("# fish completion for %-36s -*- shell-script -*-\n", name))
+	WriteStringAndCheck(buf, fmt.Sprintf(`
+function __%[1]s_debug
+    set file "$BASH_COMP_DEBUG_FILE"
+    if test -n "$file"
+        echo "$argv" >> $file
+    end
+end
+
+function __%[1]s_perform_completion
+    __%[1]s_debug "Starting __%[1]s_perform_completion with: $argv"
+
+    set args (string split -- " " "$argv")
+    set lastArg "$args[-1]"
+
+    __%[1]s_debug "args: $args"
+    __%[1]s_debug "last arg: $lastArg"
+
+    set emptyArg ""
+    if test -z "$lastArg"
+        __%[1]s_debug "Setting emptyArg"
+        set emptyArg \"\"
+    end
+    __%[1]s_debug "emptyArg: $emptyArg"
+
+    if not type -q "$args[1]"
+        # This can happen when "complete --do-complete %[2]s" is called when running this script.
+        __%[1]s_debug "Cannot find $args[1]. No completions."
+        return
+    end
+
+    set requestComp "$args[1] %[3]s $args[2..-1] $emptyArg"
+    __%[1]s_debug "Calling $requestComp"
+
+    set results (eval $requestComp 2> /dev/null)
+    set comps $results[1..-2]
+    set directiveLine $results[-1]
+
+    # For Fish, when completing a flag with an = (e.g., <program> -n=<TAB>)
+    # completions must be prefixed with the flag
+    set flagPrefix (string match -r -- '-.*=' "$lastArg")
+
+    __%[1]s_debug "Comps: $comps"
+    __%[1]s_debug "DirectiveLine: $directiveLine"
+    __%[1]s_debug "flagPrefix: $flagPrefix"
+
+    for comp in $comps
+        printf "%%s%%s\n" "$flagPrefix" "$comp"
+    end
+
+    printf "%%s\n" "$directiveLine"
+end
+
+# This function does three things:
+# 1- Obtain the completions and store them in the global __%[1]s_comp_results
+# 2- Set the __%[1]s_comp_do_file_comp flag if file completion should be performed
+#    and unset it otherwise
+# 3- Return true if the completion results are not empty
+function __%[1]s_prepare_completions
+    # Start fresh
+    set --erase __%[1]s_comp_do_file_comp
+    set --erase __%[1]s_comp_results
+
+    # Check if the command-line is already provided.  This is useful for testing.
+    if not set --query __%[1]s_comp_commandLine
+        # Use the -c flag to allow for completion in the middle of the line
+        set __%[1]s_comp_commandLine (commandline -c)
+    end
+    __%[1]s_debug "commandLine is: $__%[1]s_comp_commandLine"
+
+    set results (__%[1]s_perform_completion "$__%[1]s_comp_commandLine")
+    set --erase __%[1]s_comp_commandLine
+    __%[1]s_debug "Completion results: $results"
+
+    if test -z "$results"
+        __%[1]s_debug "No completion, probably due to a failure"
+        # Might as well do file completion, in case it helps
+        set --global __%[1]s_comp_do_file_comp 1
+        return 1
+    end
+
+    set directive (string sub --start 2 $results[-1])
+    set --global __%[1]s_comp_results $results[1..-2]
+
+    __%[1]s_debug "Completions are: $__%[1]s_comp_results"
+    __%[1]s_debug "Directive is: $directive"
+
+    set shellCompDirectiveError %[4]d
+    set shellCompDirectiveNoSpace %[5]d
+    set shellCompDirectiveNoFileComp %[6]d
+    set shellCompDirectiveFilterFileExt %[7]d
+    set shellCompDirectiveFilterDirs %[8]d
+
+    if test -z "$directive"
+        set directive 0
+    end
+
+    set compErr (math (math --scale 0 $directive / $shellCompDirectiveError) %% 2)
+    if test $compErr -eq 1
+        __%[1]s_debug "Received error directive: aborting."
+        # Might as well do file completion, in case it helps
+        set --global __%[1]s_comp_do_file_comp 1
+        return 1
+    end
+
+    set filefilter (math (math --scale 0 $directive / $shellCompDirectiveFilterFileExt) %% 2)
+    set dirfilter (math (math --scale 0 $directive / $shellCompDirectiveFilterDirs) %% 2)
+    if test $filefilter -eq 1; or test $dirfilter -eq 1
+        __%[1]s_debug "File extension filtering or directory filtering not supported"
+        # Do full file completion instead
+        set --global __%[1]s_comp_do_file_comp 1
+        return 1
+    end
+
+    set nospace (math (math --scale 0 $directive / $shellCompDirectiveNoSpace) %% 2)
+    set nofiles (math (math --scale 0 $directive / $shellCompDirectiveNoFileComp) %% 2)
+
+    __%[1]s_debug "nospace: $nospace, nofiles: $nofiles"
+
+    # Important not to quote the variable for count to work
+    set numComps (count $__%[1]s_comp_results)
+    __%[1]s_debug "numComps: $numComps"
+
+    if test $numComps -eq 1; and test $nospace -ne 0
+        # To support the "nospace" directive we trick the shell
+        # by outputting an extra, longer completion.
+        __%[1]s_debug "Adding second completion to perform nospace directive"
+        set --append __%[1]s_comp_results $__%[1]s_comp_results[1].
+    end
+
+    if test $numComps -eq 0; and test $nofiles -eq 0
+        __%[1]s_debug "Requesting file completion"
+        set --global __%[1]s_comp_do_file_comp 1
+    end
+
+    # If we don't want file completion, we must return true even if there
+    # are no completions found.  This is because fish will perform the last
+    # completion command, even if its condition is false, if no other
+    # completion command was triggered
+    return (not set --query __%[1]s_comp_do_file_comp)
+end
+
+# Since Fish completions are only loaded once the user triggers them, we trigger them ourselves
+# so we can properly delete any completions provided by another script.
+# The space after the the program name is essential to trigger completion for the program
+# and not completion of the program name itself.
+complete --do-complete "%[2]s " > /dev/null 2>&1
+# Using '> /dev/null 2>&1' since '&>' is not supported in older versions of fish.
+
+# Remove any pre-existing completions for the program since we will be handling all of them.
+complete -c %[2]s -e
+
+# The order in which the below two lines are defined is very important so that __%[1]s_prepare_completions
+# is called first.  It is __%[1]s_prepare_completions that sets up the __%[1]s_comp_do_file_comp variable.
+#
+# This completion will be run second as complete commands are added FILO.
+# It triggers file completion choices when __%[1]s_comp_do_file_comp is set.
+complete -c %[2]s -n 'set --query __%[1]s_comp_do_file_comp'
+
+# This completion will be run first as complete commands are added FILO.
+# The call to __%[1]s_prepare_completions will setup both __%[1]s_comp_results and __%[1]s_comp_do_file_comp.
+# It provides the program's completion choices.
+complete -c %[2]s -n '__%[1]s_prepare_completions' -f -a '$__%[1]s_comp_results'
+
+`, nameForVar, name, compCmd,
+		ShellCompDirectiveError, ShellCompDirectiveNoSpace, ShellCompDirectiveNoFileComp,
+		ShellCompDirectiveFilterFileExt, ShellCompDirectiveFilterDirs))
+}
+
+// GenFishCompletion generates fish completion file and writes to the passed writer.
+func (c *Command) GenFishCompletion(w io.Writer, includeDesc bool) error {
+	buf := new(bytes.Buffer)
+	genFishComp(buf, c.Name(), includeDesc)
+	_, err := buf.WriteTo(w)
+	return err
+}
+
+// GenFishCompletionFile generates fish completion file.
+func (c *Command) GenFishCompletionFile(filename string, includeDesc bool) error {
+	outFile, err := os.Create(filename)
+	if err != nil {
+		return err
+	}
+	defer outFile.Close()
+
+	return c.GenFishCompletion(outFile, includeDesc)
+}
diff --git a/vendor/github.com/spf13/cobra/go.mod b/vendor/github.com/spf13/cobra/go.mod
new file mode 100644
index 0000000000000..ff56144056a0b
--- /dev/null
+++ b/vendor/github.com/spf13/cobra/go.mod
@@ -0,0 +1,12 @@
+module github.com/spf13/cobra
+
+go 1.12
+
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.0
+	github.com/inconshreveable/mousetrap v1.0.0
+	github.com/mitchellh/go-homedir v1.1.0
+	github.com/spf13/pflag v1.0.5
+	github.com/spf13/viper v1.7.0
+	gopkg.in/yaml.v2 v2.4.0
+)
diff --git a/vendor/github.com/spf13/cobra/powershell_completions.go b/vendor/github.com/spf13/cobra/powershell_completions.go
new file mode 100644
index 0000000000000..c55be71cd14c6
--- /dev/null
+++ b/vendor/github.com/spf13/cobra/powershell_completions.go
@@ -0,0 +1,285 @@
+// The generated scripts require PowerShell v5.0+ (which comes Windows 10, but
+// can be downloaded separately for windows 7 or 8.1).
+
+package cobra
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+)
+
+func genPowerShellComp(buf io.StringWriter, name string, includeDesc bool) {
+	compCmd := ShellCompRequestCmd
+	if !includeDesc {
+		compCmd = ShellCompNoDescRequestCmd
+	}
+	WriteStringAndCheck(buf, fmt.Sprintf(`# powershell completion for %-36[1]s -*- shell-script -*-
+
+function __%[1]s_debug {
+    if ($env:BASH_COMP_DEBUG_FILE) {
+        "$args" | Out-File -Append -FilePath "$env:BASH_COMP_DEBUG_FILE"
+    }
+}
+
+filter __%[1]s_escapeStringWithSpecialChars {
+`+"    $_ -replace '\\s|#|@|\\$|;|,|''|\\{|\\}|\\(|\\)|\"|`|\\||<|>|&','`$&'"+`
+}
+
+Register-ArgumentCompleter -CommandName '%[1]s' -ScriptBlock {
+    param(
+            $WordToComplete,
+            $CommandAst,
+            $CursorPosition
+        )
+
+    # Get the current command line and convert into a string
+    $Command = $CommandAst.CommandElements
+    $Command = "$Command"
+
+    __%[1]s_debug ""
+    __%[1]s_debug "========= starting completion logic =========="
+    __%[1]s_debug "WordToComplete: $WordToComplete Command: $Command CursorPosition: $CursorPosition"
+
+    # The user could have moved the cursor backwards on the command-line.
+    # We need to trigger completion from the $CursorPosition location, so we need
+    # to truncate the command-line ($Command) up to the $CursorPosition location.
+    # Make sure the $Command is longer then the $CursorPosition before we truncate.
+    # This happens because the $Command does not include the last space.
+    if ($Command.Length -gt $CursorPosition) {
+        $Command=$Command.Substring(0,$CursorPosition)
+    }
+	__%[1]s_debug "Truncated command: $Command"
+
+    $ShellCompDirectiveError=%[3]d
+    $ShellCompDirectiveNoSpace=%[4]d
+    $ShellCompDirectiveNoFileComp=%[5]d
+    $ShellCompDirectiveFilterFileExt=%[6]d
+    $ShellCompDirectiveFilterDirs=%[7]d
+
+	# Prepare the command to request completions for the program.
+    # Split the command at the first space to separate the program and arguments.
+    $Program,$Arguments = $Command.Split(" ",2)
+    $RequestComp="$Program %[2]s $Arguments"
+    __%[1]s_debug "RequestComp: $RequestComp"
+
+    # we cannot use $WordToComplete because it
+    # has the wrong values if the cursor was moved
+    # so use the last argument
+    if ($WordToComplete -ne "" ) {
+        $WordToComplete = $Arguments.Split(" ")[-1]
+    }
+    __%[1]s_debug "New WordToComplete: $WordToComplete"
+
+
+    # Check for flag with equal sign
+    $IsEqualFlag = ($WordToComplete -Like "--*=*" )
+    if ( $IsEqualFlag ) {
+        __%[1]s_debug "Completing equal sign flag"
+        # Remove the flag part
+        $Flag,$WordToComplete = $WordToComplete.Split("=",2)
+    }
+
+    if ( $WordToComplete -eq "" -And ( -Not $IsEqualFlag )) {
+        # If the last parameter is complete (there is a space following it)
+        # We add an extra empty parameter so we can indicate this to the go method.
+        __%[1]s_debug "Adding extra empty parameter"
+`+"        # We need to use `\"`\" to pass an empty argument a \"\" or '' does not work!!!"+`
+`+"        $RequestComp=\"$RequestComp\" + ' `\"`\"' "+`
+    }
+
+    __%[1]s_debug "Calling $RequestComp"
+    #call the command store the output in $out and redirect stderr and stdout to null
+    # $Out is an array contains each line per element
+    Invoke-Expression -OutVariable out "$RequestComp" 2>&1 | Out-Null
+
+
+    # get directive from last line
+    [int]$Directive = $Out[-1].TrimStart(':')
+    if ($Directive -eq "") {
+        # There is no directive specified
+        $Directive = 0
+    }
+    __%[1]s_debug "The completion directive is: $Directive"
+
+    # remove directive (last element) from out
+    $Out = $Out | Where-Object { $_ -ne $Out[-1] }
+    __%[1]s_debug "The completions are: $Out"
+
+    if (($Directive -band $ShellCompDirectiveError) -ne 0 ) {
+        # Error code.  No completion.
+        __%[1]s_debug "Received error from custom completion go code"
+        return
+    }
+
+    $Longest = 0
+    $Values = $Out | ForEach-Object {
+        #Split the output in name and description
+`+"        $Name, $Description = $_.Split(\"`t\",2)"+`
+        __%[1]s_debug "Name: $Name Description: $Description"
+
+        # Look for the longest completion so that we can format things nicely
+        if ($Longest -lt $Name.Length) {
+            $Longest = $Name.Length
+        }
+
+        # Set the description to a one space string if there is none set.
+        # This is needed because the CompletionResult does not accept an empty string as argument
+        if (-Not $Description) {
+            $Description = " "
+        }
+        @{Name="$Name";Description="$Description"}
+    }
+
+
+    $Space = " "
+    if (($Directive -band $ShellCompDirectiveNoSpace) -ne 0 ) {
+        # remove the space here
+        __%[1]s_debug "ShellCompDirectiveNoSpace is called"
+        $Space = ""
+    }
+
+    if (($Directive -band $ShellCompDirectiveNoFileComp) -ne 0 ) {
+        __%[1]s_debug "ShellCompDirectiveNoFileComp is called"
+
+        if ($Values.Length -eq 0) {
+            # Just print an empty string here so the
+            # shell does not start to complete paths.
+            # We cannot use CompletionResult here because
+            # it does not accept an empty string as argument.
+            ""
+            return
+        }
+    }
+
+    if ((($Directive -band $ShellCompDirectiveFilterFileExt) -ne 0 ) -or
+       (($Directive -band $ShellCompDirectiveFilterDirs) -ne 0 ))  {
+        __%[1]s_debug "ShellCompDirectiveFilterFileExt ShellCompDirectiveFilterDirs are not supported"
+
+        # return here to prevent the completion of the extensions
+        return
+    }
+
+    $Values = $Values | Where-Object {
+        # filter the result
+        $_.Name -like "$WordToComplete*"
+
+        # Join the flag back if we have a equal sign flag
+        if ( $IsEqualFlag ) {
+            __%[1]s_debug "Join the equal sign flag back to the completion value"
+            $_.Name = $Flag + "=" + $_.Name
+        }
+    }
+
+    # Get the current mode
+    $Mode = (Get-PSReadLineKeyHandler | Where-Object {$_.Key -eq "Tab" }).Function
+    __%[1]s_debug "Mode: $Mode"
+
+    $Values | ForEach-Object {
+
+        # store temporay because switch will overwrite $_
+        $comp = $_
+
+        # PowerShell supports three different completion modes
+        # - TabCompleteNext (default windows style - on each key press the next option is displayed)
+        # - Complete (works like bash)
+        # - MenuComplete (works like zsh)
+        # You set the mode with Set-PSReadLineKeyHandler -Key Tab -Function <mode>
+
+        # CompletionResult Arguments:
+        # 1) CompletionText text to be used as the auto completion result
+        # 2) ListItemText   text to be displayed in the suggestion list
+        # 3) ResultType     type of completion result
+        # 4) ToolTip        text for the tooltip with details about the object
+
+        switch ($Mode) {
+
+            # bash like
+            "Complete" {
+
+                if ($Values.Length -eq 1) {
+                    __%[1]s_debug "Only one completion left"
+
+                    # insert space after value
+                    [System.Management.Automation.CompletionResult]::new($($comp.Name | __%[1]s_escapeStringWithSpecialChars) + $Space, "$($comp.Name)", 'ParameterValue', "$($comp.Description)")
+
+                } else {
+                    # Add the proper number of spaces to align the descriptions
+                    while($comp.Name.Length -lt $Longest) {
+                        $comp.Name = $comp.Name + " "
+                    }
+
+                    # Check for empty description and only add parentheses if needed
+                    if ($($comp.Description) -eq " " ) {
+                        $Description = ""
+                    } else {
+                        $Description = "  ($($comp.Description))"
+                    }
+
+                    [System.Management.Automation.CompletionResult]::new("$($comp.Name)$Description", "$($comp.Name)$Description", 'ParameterValue', "$($comp.Description)")
+                }
+             }
+
+            # zsh like
+            "MenuComplete" {
+                # insert space after value
+                # MenuComplete will automatically show the ToolTip of
+                # the highlighted value at the bottom of the suggestions.
+                [System.Management.Automation.CompletionResult]::new($($comp.Name | __%[1]s_escapeStringWithSpecialChars) + $Space, "$($comp.Name)", 'ParameterValue', "$($comp.Description)")
+            }
+
+            # TabCompleteNext and in case we get something unknown
+            Default {
+                # Like MenuComplete but we don't want to add a space here because
+                # the user need to press space anyway to get the completion.
+                # Description will not be shown because thats not possible with TabCompleteNext
+                [System.Management.Automation.CompletionResult]::new($($comp.Name | __%[1]s_escapeStringWithSpecialChars), "$($comp.Name)", 'ParameterValue', "$($comp.Description)")
+            }
+        }
+
+    }
+}
+`, name, compCmd,
+		ShellCompDirectiveError, ShellCompDirectiveNoSpace, ShellCompDirectiveNoFileComp,
+		ShellCompDirectiveFilterFileExt, ShellCompDirectiveFilterDirs))
+}
+
+func (c *Command) genPowerShellCompletion(w io.Writer, includeDesc bool) error {
+	buf := new(bytes.Buffer)
+	genPowerShellComp(buf, c.Name(), includeDesc)
+	_, err := buf.WriteTo(w)
+	return err
+}
+
+func (c *Command) genPowerShellCompletionFile(filename string, includeDesc bool) error {
+	outFile, err := os.Create(filename)
+	if err != nil {
+		return err
+	}
+	defer outFile.Close()
+
+	return c.genPowerShellCompletion(outFile, includeDesc)
+}
+
+// GenPowerShellCompletionFile generates powershell completion file without descriptions.
+func (c *Command) GenPowerShellCompletionFile(filename string) error {
+	return c.genPowerShellCompletionFile(filename, false)
+}
+
+// GenPowerShellCompletion generates powershell completion file without descriptions
+// and writes it to the passed writer.
+func (c *Command) GenPowerShellCompletion(w io.Writer) error {
+	return c.genPowerShellCompletion(w, false)
+}
+
+// GenPowerShellCompletionFileWithDesc generates powershell completion file with descriptions.
+func (c *Command) GenPowerShellCompletionFileWithDesc(filename string) error {
+	return c.genPowerShellCompletionFile(filename, true)
+}
+
+// GenPowerShellCompletionWithDesc generates powershell completion file with descriptions
+// and writes it to the passed writer.
+func (c *Command) GenPowerShellCompletionWithDesc(w io.Writer) error {
+	return c.genPowerShellCompletion(w, true)
+}
diff --git a/vendor/github.com/spf13/cobra/shell_completions.go b/vendor/github.com/spf13/cobra/shell_completions.go
new file mode 100644
index 0000000000000..d99bf91e5f9e3
--- /dev/null
+++ b/vendor/github.com/spf13/cobra/shell_completions.go
@@ -0,0 +1,84 @@
+package cobra
+
+import (
+	"github.com/spf13/pflag"
+)
+
+// MarkFlagRequired instructs the various shell completion implementations to
+// prioritize the named flag when performing completion,
+// and causes your command to report an error if invoked without the flag.
+func (c *Command) MarkFlagRequired(name string) error {
+	return MarkFlagRequired(c.Flags(), name)
+}
+
+// MarkPersistentFlagRequired instructs the various shell completion implementations to
+// prioritize the named persistent flag when performing completion,
+// and causes your command to report an error if invoked without the flag.
+func (c *Command) MarkPersistentFlagRequired(name string) error {
+	return MarkFlagRequired(c.PersistentFlags(), name)
+}
+
+// MarkFlagRequired instructs the various shell completion implementations to
+// prioritize the named flag when performing completion,
+// and causes your command to report an error if invoked without the flag.
+func MarkFlagRequired(flags *pflag.FlagSet, name string) error {
+	return flags.SetAnnotation(name, BashCompOneRequiredFlag, []string{"true"})
+}
+
+// MarkFlagFilename instructs the various shell completion implementations to
+// limit completions for the named flag to the specified file extensions.
+func (c *Command) MarkFlagFilename(name string, extensions ...string) error {
+	return MarkFlagFilename(c.Flags(), name, extensions...)
+}
+
+// MarkFlagCustom adds the BashCompCustom annotation to the named flag, if it exists.
+// The bash completion script will call the bash function f for the flag.
+//
+// This will only work for bash completion.
+// It is recommended to instead use c.RegisterFlagCompletionFunc(...) which allows
+// to register a Go function which will work across all shells.
+func (c *Command) MarkFlagCustom(name string, f string) error {
+	return MarkFlagCustom(c.Flags(), name, f)
+}
+
+// MarkPersistentFlagFilename instructs the various shell completion
+// implementations to limit completions for the named persistent flag to the
+// specified file extensions.
+func (c *Command) MarkPersistentFlagFilename(name string, extensions ...string) error {
+	return MarkFlagFilename(c.PersistentFlags(), name, extensions...)
+}
+
+// MarkFlagFilename instructs the various shell completion implementations to
+// limit completions for the named flag to the specified file extensions.
+func MarkFlagFilename(flags *pflag.FlagSet, name string, extensions ...string) error {
+	return flags.SetAnnotation(name, BashCompFilenameExt, extensions)
+}
+
+// MarkFlagCustom adds the BashCompCustom annotation to the named flag, if it exists.
+// The bash completion script will call the bash function f for the flag.
+//
+// This will only work for bash completion.
+// It is recommended to instead use c.RegisterFlagCompletionFunc(...) which allows
+// to register a Go function which will work across all shells.
+func MarkFlagCustom(flags *pflag.FlagSet, name string, f string) error {
+	return flags.SetAnnotation(name, BashCompCustom, []string{f})
+}
+
+// MarkFlagDirname instructs the various shell completion implementations to
+// limit completions for the named flag to directory names.
+func (c *Command) MarkFlagDirname(name string) error {
+	return MarkFlagDirname(c.Flags(), name)
+}
+
+// MarkPersistentFlagDirname instructs the various shell completion
+// implementations to limit completions for the named persistent flag to
+// directory names.
+func (c *Command) MarkPersistentFlagDirname(name string) error {
+	return MarkFlagDirname(c.PersistentFlags(), name)
+}
+
+// MarkFlagDirname instructs the various shell completion implementations to
+// limit completions for the named flag to directory names.
+func MarkFlagDirname(flags *pflag.FlagSet, name string) error {
+	return flags.SetAnnotation(name, BashCompSubdirsInDir, []string{})
+}
diff --git a/vendor/github.com/spf13/cobra/zsh_completions.go b/vendor/github.com/spf13/cobra/zsh_completions.go
index 889c22e273c4a..2e840285f389a 100644
--- a/vendor/github.com/spf13/cobra/zsh_completions.go
+++ b/vendor/github.com/spf13/cobra/zsh_completions.go
@@ -5,122 +5,236 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"strings"
 )
 
-// GenZshCompletionFile generates zsh completion file.
+// GenZshCompletionFile generates zsh completion file including descriptions.
 func (c *Command) GenZshCompletionFile(filename string) error {
-	outFile, err := os.Create(filename)
-	if err != nil {
-		return err
-	}
-	defer outFile.Close()
-
-	return c.GenZshCompletion(outFile)
+	return c.genZshCompletionFile(filename, true)
 }
 
-// GenZshCompletion generates a zsh completion file and writes to the passed writer.
+// GenZshCompletion generates zsh completion file including descriptions
+// and writes it to the passed writer.
 func (c *Command) GenZshCompletion(w io.Writer) error {
-	buf := new(bytes.Buffer)
-
-	writeHeader(buf, c)
-	maxDepth := maxDepth(c)
-	writeLevelMapping(buf, maxDepth)
-	writeLevelCases(buf, maxDepth, c)
-
-	_, err := buf.WriteTo(w)
-	return err
+	return c.genZshCompletion(w, true)
 }
 
-func writeHeader(w io.Writer, cmd *Command) {
-	fmt.Fprintf(w, "#compdef %s\n\n", cmd.Name())
+// GenZshCompletionFileNoDesc generates zsh completion file without descriptions.
+func (c *Command) GenZshCompletionFileNoDesc(filename string) error {
+	return c.genZshCompletionFile(filename, false)
 }
 
-func maxDepth(c *Command) int {
-	if len(c.Commands()) == 0 {
-		return 0
-	}
-	maxDepthSub := 0
-	for _, s := range c.Commands() {
-		subDepth := maxDepth(s)
-		if subDepth > maxDepthSub {
-			maxDepthSub = subDepth
-		}
-	}
-	return 1 + maxDepthSub
+// GenZshCompletionNoDesc generates zsh completion file without descriptions
+// and writes it to the passed writer.
+func (c *Command) GenZshCompletionNoDesc(w io.Writer) error {
+	return c.genZshCompletion(w, false)
 }
 
-func writeLevelMapping(w io.Writer, numLevels int) {
-	fmt.Fprintln(w, `_arguments \`)
-	for i := 1; i <= numLevels; i++ {
-		fmt.Fprintf(w, `  '%d: :->level%d' \`, i, i)
-		fmt.Fprintln(w)
-	}
-	fmt.Fprintf(w, `  '%d: :%s'`, numLevels+1, "_files")
-	fmt.Fprintln(w)
+// MarkZshCompPositionalArgumentFile only worked for zsh and its behavior was
+// not consistent with Bash completion. It has therefore been disabled.
+// Instead, when no other completion is specified, file completion is done by
+// default for every argument. One can disable file completion on a per-argument
+// basis by using ValidArgsFunction and ShellCompDirectiveNoFileComp.
+// To achieve file extension filtering, one can use ValidArgsFunction and
+// ShellCompDirectiveFilterFileExt.
+//
+// Deprecated
+func (c *Command) MarkZshCompPositionalArgumentFile(argPosition int, patterns ...string) error {
+	return nil
 }
 
-func writeLevelCases(w io.Writer, maxDepth int, root *Command) {
-	fmt.Fprintln(w, "case $state in")
-	defer fmt.Fprintln(w, "esac")
+// MarkZshCompPositionalArgumentWords only worked for zsh. It has therefore
+// been disabled.
+// To achieve the same behavior across all shells, one can use
+// ValidArgs (for the first argument only) or ValidArgsFunction for
+// any argument (can include the first one also).
+//
+// Deprecated
+func (c *Command) MarkZshCompPositionalArgumentWords(argPosition int, words ...string) error {
+	return nil
+}
 
-	for i := 1; i <= maxDepth; i++ {
-		fmt.Fprintf(w, "  level%d)\n", i)
-		writeLevel(w, root, i)
-		fmt.Fprintln(w, "  ;;")
+func (c *Command) genZshCompletionFile(filename string, includeDesc bool) error {
+	outFile, err := os.Create(filename)
+	if err != nil {
+		return err
 	}
-	fmt.Fprintln(w, "  *)")
-	fmt.Fprintln(w, "    _arguments '*: :_files'")
-	fmt.Fprintln(w, "  ;;")
-}
+	defer outFile.Close()
 
-func writeLevel(w io.Writer, root *Command, i int) {
-	fmt.Fprintf(w, "    case $words[%d] in\n", i)
-	defer fmt.Fprintln(w, "    esac")
+	return c.genZshCompletion(outFile, includeDesc)
+}
 
-	commands := filterByLevel(root, i)
-	byParent := groupByParent(commands)
+func (c *Command) genZshCompletion(w io.Writer, includeDesc bool) error {
+	buf := new(bytes.Buffer)
+	genZshComp(buf, c.Name(), includeDesc)
+	_, err := buf.WriteTo(w)
+	return err
+}
 
-	for p, c := range byParent {
-		names := names(c)
-		fmt.Fprintf(w, "      %s)\n", p)
-		fmt.Fprintf(w, "        _arguments '%d: :(%s)'\n", i, strings.Join(names, " "))
-		fmt.Fprintln(w, "      ;;")
+func genZshComp(buf io.StringWriter, name string, includeDesc bool) {
+	compCmd := ShellCompRequestCmd
+	if !includeDesc {
+		compCmd = ShellCompNoDescRequestCmd
 	}
-	fmt.Fprintln(w, "      *)")
-	fmt.Fprintln(w, "        _arguments '*: :_files'")
-	fmt.Fprintln(w, "      ;;")
+	WriteStringAndCheck(buf, fmt.Sprintf(`#compdef _%[1]s %[1]s
 
-}
+# zsh completion for %-36[1]s -*- shell-script -*-
 
-func filterByLevel(c *Command, l int) []*Command {
-	cs := make([]*Command, 0)
-	if l == 0 {
-		cs = append(cs, c)
-		return cs
-	}
-	for _, s := range c.Commands() {
-		cs = append(cs, filterByLevel(s, l-1)...)
-	}
-	return cs
+__%[1]s_debug()
+{
+    local file="$BASH_COMP_DEBUG_FILE"
+    if [[ -n ${file} ]]; then
+        echo "$*" >> "${file}"
+    fi
 }
 
-func groupByParent(commands []*Command) map[string][]*Command {
-	m := make(map[string][]*Command)
-	for _, c := range commands {
-		parent := c.Parent()
-		if parent == nil {
-			continue
-		}
-		m[parent.Name()] = append(m[parent.Name()], c)
-	}
-	return m
+_%[1]s()
+{
+    local shellCompDirectiveError=%[3]d
+    local shellCompDirectiveNoSpace=%[4]d
+    local shellCompDirectiveNoFileComp=%[5]d
+    local shellCompDirectiveFilterFileExt=%[6]d
+    local shellCompDirectiveFilterDirs=%[7]d
+
+    local lastParam lastChar flagPrefix requestComp out directive compCount comp lastComp
+    local -a completions
+
+    __%[1]s_debug "\n========= starting completion logic =========="
+    __%[1]s_debug "CURRENT: ${CURRENT}, words[*]: ${words[*]}"
+
+    # The user could have moved the cursor backwards on the command-line.
+    # We need to trigger completion from the $CURRENT location, so we need
+    # to truncate the command-line ($words) up to the $CURRENT location.
+    # (We cannot use $CURSOR as its value does not work when a command is an alias.)
+    words=("${=words[1,CURRENT]}")
+    __%[1]s_debug "Truncated words[*]: ${words[*]},"
+
+    lastParam=${words[-1]}
+    lastChar=${lastParam[-1]}
+    __%[1]s_debug "lastParam: ${lastParam}, lastChar: ${lastChar}"
+
+    # For zsh, when completing a flag with an = (e.g., %[1]s -n=<TAB>)
+    # completions must be prefixed with the flag
+    setopt local_options BASH_REMATCH
+    if [[ "${lastParam}" =~ '-.*=' ]]; then
+        # We are dealing with a flag with an =
+        flagPrefix="-P ${BASH_REMATCH}"
+    fi
+
+    # Prepare the command to obtain completions
+    requestComp="${words[1]} %[2]s ${words[2,-1]}"
+    if [ "${lastChar}" = "" ]; then
+        # If the last parameter is complete (there is a space following it)
+        # We add an extra empty parameter so we can indicate this to the go completion code.
+        __%[1]s_debug "Adding extra empty parameter"
+        requestComp="${requestComp} \"\""
+    fi
+
+    __%[1]s_debug "About to call: eval ${requestComp}"
+
+    # Use eval to handle any environment variables and such
+    out=$(eval ${requestComp} 2>/dev/null)
+    __%[1]s_debug "completion output: ${out}"
+
+    # Extract the directive integer following a : from the last line
+    local lastLine
+    while IFS='\n' read -r line; do
+        lastLine=${line}
+    done < <(printf "%%s\n" "${out[@]}")
+    __%[1]s_debug "last line: ${lastLine}"
+
+    if [ "${lastLine[1]}" = : ]; then
+        directive=${lastLine[2,-1]}
+        # Remove the directive including the : and the newline
+        local suffix
+        (( suffix=${#lastLine}+2))
+        out=${out[1,-$suffix]}
+    else
+        # There is no directive specified.  Leave $out as is.
+        __%[1]s_debug "No directive found.  Setting do default"
+        directive=0
+    fi
+
+    __%[1]s_debug "directive: ${directive}"
+    __%[1]s_debug "completions: ${out}"
+    __%[1]s_debug "flagPrefix: ${flagPrefix}"
+
+    if [ $((directive & shellCompDirectiveError)) -ne 0 ]; then
+        __%[1]s_debug "Completion received error. Ignoring completions."
+        return
+    fi
+
+    compCount=0
+    while IFS='\n' read -r comp; do
+        if [ -n "$comp" ]; then
+            # If requested, completions are returned with a description.
+            # The description is preceded by a TAB character.
+            # For zsh's _describe, we need to use a : instead of a TAB.
+            # We first need to escape any : as part of the completion itself.
+            comp=${comp//:/\\:}
+
+            local tab=$(printf '\t')
+            comp=${comp//$tab/:}
+
+            ((compCount++))
+            __%[1]s_debug "Adding completion: ${comp}"
+            completions+=${comp}
+            lastComp=$comp
+        fi
+    done < <(printf "%%s\n" "${out[@]}")
+
+    if [ $((directive & shellCompDirectiveFilterFileExt)) -ne 0 ]; then
+        # File extension filtering
+        local filteringCmd
+        filteringCmd='_files'
+        for filter in ${completions[@]}; do
+            if [ ${filter[1]} != '*' ]; then
+                # zsh requires a glob pattern to do file filtering
+                filter="\*.$filter"
+            fi
+            filteringCmd+=" -g $filter"
+        done
+        filteringCmd+=" ${flagPrefix}"
+
+        __%[1]s_debug "File filtering command: $filteringCmd"
+        _arguments '*:filename:'"$filteringCmd"
+    elif [ $((directive & shellCompDirectiveFilterDirs)) -ne 0 ]; then
+        # File completion for directories only
+        local subDir
+        subdir="${completions[1]}"
+        if [ -n "$subdir" ]; then
+            __%[1]s_debug "Listing directories in $subdir"
+            pushd "${subdir}" >/dev/null 2>&1
+        else
+            __%[1]s_debug "Listing directories in ."
+        fi
+
+        _arguments '*:dirname:_files -/'" ${flagPrefix}"
+        if [ -n "$subdir" ]; then
+            popd >/dev/null 2>&1
+        fi
+    elif [ $((directive & shellCompDirectiveNoSpace)) -ne 0 ] && [ ${compCount} -eq 1 ]; then
+        __%[1]s_debug "Activating nospace."
+        # We can use compadd here as there is no description when
+        # there is only one completion.
+        compadd -S '' "${lastComp}"
+    elif [ ${compCount} -eq 0 ]; then
+        if [ $((directive & shellCompDirectiveNoFileComp)) -ne 0 ]; then
+            __%[1]s_debug "deactivating file completion"
+        else
+            # Perform file completion
+            __%[1]s_debug "activating file completion"
+            _arguments '*:filename:_files'" ${flagPrefix}"
+        fi
+    else
+        _describe "completions" completions $(echo $flagPrefix)
+    fi
 }
 
-func names(commands []*Command) []string {
-	ns := make([]string, len(commands))
-	for i, c := range commands {
-		ns[i] = c.Name()
-	}
-	return ns
+# don't run the completion function when being source-ed or eval-ed
+if [ "$funcstack[1]" = "_%[1]s" ]; then
+	_%[1]s
+fi
+`, name, compCmd,
+		ShellCompDirectiveError, ShellCompDirectiveNoSpace, ShellCompDirectiveNoFileComp,
+		ShellCompDirectiveFilterFileExt, ShellCompDirectiveFilterDirs))
 }
diff --git a/vendor/github.com/spf13/pflag/README.md b/vendor/github.com/spf13/pflag/README.md
index b052414d12951..7eacc5bdbe5f4 100644
--- a/vendor/github.com/spf13/pflag/README.md
+++ b/vendor/github.com/spf13/pflag/README.md
@@ -86,8 +86,8 @@ fmt.Println("ip has value ", *ip)
 fmt.Println("flagvar has value ", flagvar)
 ```
 
-There are helpers function to get values later if you have the FlagSet but
-it was difficult to keep up with all of the flag pointers in your code.
+There are helper functions available to get the value stored in a Flag if you have a FlagSet but find
+it difficult to keep up with all of the pointers in your code.
 If you have a pflag.FlagSet with a flag called 'flagname' of type int you
 can use GetInt() to get the int value. But notice that 'flagname' must exist
 and it must be an int. GetString("flagname") will fail.
diff --git a/vendor/github.com/spf13/pflag/bool_slice.go b/vendor/github.com/spf13/pflag/bool_slice.go
index 5af02f1a75a9d..3731370d6a572 100644
--- a/vendor/github.com/spf13/pflag/bool_slice.go
+++ b/vendor/github.com/spf13/pflag/bool_slice.go
@@ -71,6 +71,44 @@ func (s *boolSliceValue) String() string {
 	return "[" + out + "]"
 }
 
+func (s *boolSliceValue) fromString(val string) (bool, error) {
+	return strconv.ParseBool(val)
+}
+
+func (s *boolSliceValue) toString(val bool) string {
+	return strconv.FormatBool(val)
+}
+
+func (s *boolSliceValue) Append(val string) error {
+	i, err := s.fromString(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *boolSliceValue) Replace(val []string) error {
+	out := make([]bool, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = s.fromString(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *boolSliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = s.toString(d)
+	}
+	return out
+}
+
 func boolSliceConv(val string) (interface{}, error) {
 	val = strings.Trim(val, "[]")
 	// Empty string would cause a slice with one (empty) entry
diff --git a/vendor/github.com/spf13/pflag/bytes.go b/vendor/github.com/spf13/pflag/bytes.go
index 12c58db9fe30c..67d53045708fe 100644
--- a/vendor/github.com/spf13/pflag/bytes.go
+++ b/vendor/github.com/spf13/pflag/bytes.go
@@ -1,6 +1,7 @@
 package pflag
 
 import (
+	"encoding/base64"
 	"encoding/hex"
 	"fmt"
 	"strings"
@@ -9,10 +10,12 @@ import (
 // BytesHex adapts []byte for use as a flag. Value of flag is HEX encoded
 type bytesHexValue []byte
 
+// String implements pflag.Value.String.
 func (bytesHex bytesHexValue) String() string {
 	return fmt.Sprintf("%X", []byte(bytesHex))
 }
 
+// Set implements pflag.Value.Set.
 func (bytesHex *bytesHexValue) Set(value string) error {
 	bin, err := hex.DecodeString(strings.TrimSpace(value))
 
@@ -25,6 +28,7 @@ func (bytesHex *bytesHexValue) Set(value string) error {
 	return nil
 }
 
+// Type implements pflag.Value.Type.
 func (*bytesHexValue) Type() string {
 	return "bytesHex"
 }
@@ -103,3 +107,103 @@ func BytesHex(name string, value []byte, usage string) *[]byte {
 func BytesHexP(name, shorthand string, value []byte, usage string) *[]byte {
 	return CommandLine.BytesHexP(name, shorthand, value, usage)
 }
+
+// BytesBase64 adapts []byte for use as a flag. Value of flag is Base64 encoded
+type bytesBase64Value []byte
+
+// String implements pflag.Value.String.
+func (bytesBase64 bytesBase64Value) String() string {
+	return base64.StdEncoding.EncodeToString([]byte(bytesBase64))
+}
+
+// Set implements pflag.Value.Set.
+func (bytesBase64 *bytesBase64Value) Set(value string) error {
+	bin, err := base64.StdEncoding.DecodeString(strings.TrimSpace(value))
+
+	if err != nil {
+		return err
+	}
+
+	*bytesBase64 = bin
+
+	return nil
+}
+
+// Type implements pflag.Value.Type.
+func (*bytesBase64Value) Type() string {
+	return "bytesBase64"
+}
+
+func newBytesBase64Value(val []byte, p *[]byte) *bytesBase64Value {
+	*p = val
+	return (*bytesBase64Value)(p)
+}
+
+func bytesBase64ValueConv(sval string) (interface{}, error) {
+
+	bin, err := base64.StdEncoding.DecodeString(sval)
+	if err == nil {
+		return bin, nil
+	}
+
+	return nil, fmt.Errorf("invalid string being converted to Bytes: %s %s", sval, err)
+}
+
+// GetBytesBase64 return the []byte value of a flag with the given name
+func (f *FlagSet) GetBytesBase64(name string) ([]byte, error) {
+	val, err := f.getFlagType(name, "bytesBase64", bytesBase64ValueConv)
+
+	if err != nil {
+		return []byte{}, err
+	}
+
+	return val.([]byte), nil
+}
+
+// BytesBase64Var defines an []byte flag with specified name, default value, and usage string.
+// The argument p points to an []byte variable in which to store the value of the flag.
+func (f *FlagSet) BytesBase64Var(p *[]byte, name string, value []byte, usage string) {
+	f.VarP(newBytesBase64Value(value, p), name, "", usage)
+}
+
+// BytesBase64VarP is like BytesBase64Var, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) BytesBase64VarP(p *[]byte, name, shorthand string, value []byte, usage string) {
+	f.VarP(newBytesBase64Value(value, p), name, shorthand, usage)
+}
+
+// BytesBase64Var defines an []byte flag with specified name, default value, and usage string.
+// The argument p points to an []byte variable in which to store the value of the flag.
+func BytesBase64Var(p *[]byte, name string, value []byte, usage string) {
+	CommandLine.VarP(newBytesBase64Value(value, p), name, "", usage)
+}
+
+// BytesBase64VarP is like BytesBase64Var, but accepts a shorthand letter that can be used after a single dash.
+func BytesBase64VarP(p *[]byte, name, shorthand string, value []byte, usage string) {
+	CommandLine.VarP(newBytesBase64Value(value, p), name, shorthand, usage)
+}
+
+// BytesBase64 defines an []byte flag with specified name, default value, and usage string.
+// The return value is the address of an []byte variable that stores the value of the flag.
+func (f *FlagSet) BytesBase64(name string, value []byte, usage string) *[]byte {
+	p := new([]byte)
+	f.BytesBase64VarP(p, name, "", value, usage)
+	return p
+}
+
+// BytesBase64P is like BytesBase64, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) BytesBase64P(name, shorthand string, value []byte, usage string) *[]byte {
+	p := new([]byte)
+	f.BytesBase64VarP(p, name, shorthand, value, usage)
+	return p
+}
+
+// BytesBase64 defines an []byte flag with specified name, default value, and usage string.
+// The return value is the address of an []byte variable that stores the value of the flag.
+func BytesBase64(name string, value []byte, usage string) *[]byte {
+	return CommandLine.BytesBase64P(name, "", value, usage)
+}
+
+// BytesBase64P is like BytesBase64, but accepts a shorthand letter that can be used after a single dash.
+func BytesBase64P(name, shorthand string, value []byte, usage string) *[]byte {
+	return CommandLine.BytesBase64P(name, shorthand, value, usage)
+}
diff --git a/vendor/github.com/spf13/pflag/count.go b/vendor/github.com/spf13/pflag/count.go
index aa126e44d1c83..a0b2679f71c75 100644
--- a/vendor/github.com/spf13/pflag/count.go
+++ b/vendor/github.com/spf13/pflag/count.go
@@ -46,7 +46,7 @@ func (f *FlagSet) GetCount(name string) (int, error) {
 
 // CountVar defines a count flag with specified name, default value, and usage string.
 // The argument p points to an int variable in which to store the value of the flag.
-// A count flag will add 1 to its value evey time it is found on the command line
+// A count flag will add 1 to its value every time it is found on the command line
 func (f *FlagSet) CountVar(p *int, name string, usage string) {
 	f.CountVarP(p, name, "", usage)
 }
@@ -69,7 +69,7 @@ func CountVarP(p *int, name, shorthand string, usage string) {
 
 // Count defines a count flag with specified name, default value, and usage string.
 // The return value is the address of an int variable that stores the value of the flag.
-// A count flag will add 1 to its value evey time it is found on the command line
+// A count flag will add 1 to its value every time it is found on the command line
 func (f *FlagSet) Count(name string, usage string) *int {
 	p := new(int)
 	f.CountVarP(p, name, "", usage)
diff --git a/vendor/github.com/spf13/pflag/duration_slice.go b/vendor/github.com/spf13/pflag/duration_slice.go
index 52c6b6dc1041f..badadda53fdbc 100644
--- a/vendor/github.com/spf13/pflag/duration_slice.go
+++ b/vendor/github.com/spf13/pflag/duration_slice.go
@@ -51,6 +51,44 @@ func (s *durationSliceValue) String() string {
 	return "[" + strings.Join(out, ",") + "]"
 }
 
+func (s *durationSliceValue) fromString(val string) (time.Duration, error) {
+	return time.ParseDuration(val)
+}
+
+func (s *durationSliceValue) toString(val time.Duration) string {
+	return fmt.Sprintf("%s", val)
+}
+
+func (s *durationSliceValue) Append(val string) error {
+	i, err := s.fromString(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *durationSliceValue) Replace(val []string) error {
+	out := make([]time.Duration, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = s.fromString(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *durationSliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = s.toString(d)
+	}
+	return out
+}
+
 func durationSliceConv(val string) (interface{}, error) {
 	val = strings.Trim(val, "[]")
 	// Empty string would cause a slice with one (empty) entry
diff --git a/vendor/github.com/spf13/pflag/flag.go b/vendor/github.com/spf13/pflag/flag.go
index 5eadc84e3c42c..24a5036e95b61 100644
--- a/vendor/github.com/spf13/pflag/flag.go
+++ b/vendor/github.com/spf13/pflag/flag.go
@@ -57,9 +57,9 @@ that give one-letter shorthands for flags. You can use these by appending
 	var ip = flag.IntP("flagname", "f", 1234, "help message")
 	var flagvar bool
 	func init() {
-		flag.BoolVarP("boolname", "b", true, "help message")
+		flag.BoolVarP(&flagvar, "boolname", "b", true, "help message")
 	}
-	flag.VarP(&flagVar, "varname", "v", 1234, "help message")
+	flag.VarP(&flagval, "varname", "v", "help message")
 Shorthand letters can be used with single dashes on the command line.
 Boolean shorthand flags can be combined with other shorthand flags.
 
@@ -190,6 +190,18 @@ type Value interface {
 	Type() string
 }
 
+// SliceValue is a secondary interface to all flags which hold a list
+// of values.  This allows full control over the value of list flags,
+// and avoids complicated marshalling and unmarshalling to csv.
+type SliceValue interface {
+	// Append adds the specified value to the end of the flag value list.
+	Append(string) error
+	// Replace will fully overwrite any data currently in the flag value list.
+	Replace([]string) error
+	// GetSlice returns the flag value list as an array of strings.
+	GetSlice() []string
+}
+
 // sortFlags returns the flags as a slice in lexicographical sorted order.
 func sortFlags(flags map[NormalizedName]*Flag) []*Flag {
 	list := make(sort.StringSlice, len(flags))
@@ -925,13 +937,16 @@ func stripUnknownFlagValue(args []string) []string {
 	}
 
 	first := args[0]
-	if first[0] == '-' {
+	if len(first) > 0 && first[0] == '-' {
 		//--unknown --next-flag ...
 		return args
 	}
 
 	//--unknown arg ... (args will be arg ...)
-	return args[1:]
+	if len(args) > 1 {
+		return args[1:]
+	}
+	return nil
 }
 
 func (f *FlagSet) parseLongArg(s string, args []string, fn parseFunc) (a []string, err error) {
@@ -990,11 +1005,12 @@ func (f *FlagSet) parseLongArg(s string, args []string, fn parseFunc) (a []strin
 }
 
 func (f *FlagSet) parseSingleShortArg(shorthands string, args []string, fn parseFunc) (outShorts string, outArgs []string, err error) {
+	outArgs = args
+
 	if strings.HasPrefix(shorthands, "test.") {
 		return
 	}
 
-	outArgs = args
 	outShorts = shorthands[1:]
 	c := shorthands[0]
 
diff --git a/vendor/github.com/spf13/pflag/float32_slice.go b/vendor/github.com/spf13/pflag/float32_slice.go
new file mode 100644
index 0000000000000..caa352741a603
--- /dev/null
+++ b/vendor/github.com/spf13/pflag/float32_slice.go
@@ -0,0 +1,174 @@
+package pflag
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// -- float32Slice Value
+type float32SliceValue struct {
+	value   *[]float32
+	changed bool
+}
+
+func newFloat32SliceValue(val []float32, p *[]float32) *float32SliceValue {
+	isv := new(float32SliceValue)
+	isv.value = p
+	*isv.value = val
+	return isv
+}
+
+func (s *float32SliceValue) Set(val string) error {
+	ss := strings.Split(val, ",")
+	out := make([]float32, len(ss))
+	for i, d := range ss {
+		var err error
+		var temp64 float64
+		temp64, err = strconv.ParseFloat(d, 32)
+		if err != nil {
+			return err
+		}
+		out[i] = float32(temp64)
+
+	}
+	if !s.changed {
+		*s.value = out
+	} else {
+		*s.value = append(*s.value, out...)
+	}
+	s.changed = true
+	return nil
+}
+
+func (s *float32SliceValue) Type() string {
+	return "float32Slice"
+}
+
+func (s *float32SliceValue) String() string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = fmt.Sprintf("%f", d)
+	}
+	return "[" + strings.Join(out, ",") + "]"
+}
+
+func (s *float32SliceValue) fromString(val string) (float32, error) {
+	t64, err := strconv.ParseFloat(val, 32)
+	if err != nil {
+		return 0, err
+	}
+	return float32(t64), nil
+}
+
+func (s *float32SliceValue) toString(val float32) string {
+	return fmt.Sprintf("%f", val)
+}
+
+func (s *float32SliceValue) Append(val string) error {
+	i, err := s.fromString(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *float32SliceValue) Replace(val []string) error {
+	out := make([]float32, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = s.fromString(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *float32SliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = s.toString(d)
+	}
+	return out
+}
+
+func float32SliceConv(val string) (interface{}, error) {
+	val = strings.Trim(val, "[]")
+	// Empty string would cause a slice with one (empty) entry
+	if len(val) == 0 {
+		return []float32{}, nil
+	}
+	ss := strings.Split(val, ",")
+	out := make([]float32, len(ss))
+	for i, d := range ss {
+		var err error
+		var temp64 float64
+		temp64, err = strconv.ParseFloat(d, 32)
+		if err != nil {
+			return nil, err
+		}
+		out[i] = float32(temp64)
+
+	}
+	return out, nil
+}
+
+// GetFloat32Slice return the []float32 value of a flag with the given name
+func (f *FlagSet) GetFloat32Slice(name string) ([]float32, error) {
+	val, err := f.getFlagType(name, "float32Slice", float32SliceConv)
+	if err != nil {
+		return []float32{}, err
+	}
+	return val.([]float32), nil
+}
+
+// Float32SliceVar defines a float32Slice flag with specified name, default value, and usage string.
+// The argument p points to a []float32 variable in which to store the value of the flag.
+func (f *FlagSet) Float32SliceVar(p *[]float32, name string, value []float32, usage string) {
+	f.VarP(newFloat32SliceValue(value, p), name, "", usage)
+}
+
+// Float32SliceVarP is like Float32SliceVar, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) Float32SliceVarP(p *[]float32, name, shorthand string, value []float32, usage string) {
+	f.VarP(newFloat32SliceValue(value, p), name, shorthand, usage)
+}
+
+// Float32SliceVar defines a float32[] flag with specified name, default value, and usage string.
+// The argument p points to a float32[] variable in which to store the value of the flag.
+func Float32SliceVar(p *[]float32, name string, value []float32, usage string) {
+	CommandLine.VarP(newFloat32SliceValue(value, p), name, "", usage)
+}
+
+// Float32SliceVarP is like Float32SliceVar, but accepts a shorthand letter that can be used after a single dash.
+func Float32SliceVarP(p *[]float32, name, shorthand string, value []float32, usage string) {
+	CommandLine.VarP(newFloat32SliceValue(value, p), name, shorthand, usage)
+}
+
+// Float32Slice defines a []float32 flag with specified name, default value, and usage string.
+// The return value is the address of a []float32 variable that stores the value of the flag.
+func (f *FlagSet) Float32Slice(name string, value []float32, usage string) *[]float32 {
+	p := []float32{}
+	f.Float32SliceVarP(&p, name, "", value, usage)
+	return &p
+}
+
+// Float32SliceP is like Float32Slice, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) Float32SliceP(name, shorthand string, value []float32, usage string) *[]float32 {
+	p := []float32{}
+	f.Float32SliceVarP(&p, name, shorthand, value, usage)
+	return &p
+}
+
+// Float32Slice defines a []float32 flag with specified name, default value, and usage string.
+// The return value is the address of a []float32 variable that stores the value of the flag.
+func Float32Slice(name string, value []float32, usage string) *[]float32 {
+	return CommandLine.Float32SliceP(name, "", value, usage)
+}
+
+// Float32SliceP is like Float32Slice, but accepts a shorthand letter that can be used after a single dash.
+func Float32SliceP(name, shorthand string, value []float32, usage string) *[]float32 {
+	return CommandLine.Float32SliceP(name, shorthand, value, usage)
+}
diff --git a/vendor/github.com/spf13/pflag/float64_slice.go b/vendor/github.com/spf13/pflag/float64_slice.go
new file mode 100644
index 0000000000000..85bf3073d5064
--- /dev/null
+++ b/vendor/github.com/spf13/pflag/float64_slice.go
@@ -0,0 +1,166 @@
+package pflag
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// -- float64Slice Value
+type float64SliceValue struct {
+	value   *[]float64
+	changed bool
+}
+
+func newFloat64SliceValue(val []float64, p *[]float64) *float64SliceValue {
+	isv := new(float64SliceValue)
+	isv.value = p
+	*isv.value = val
+	return isv
+}
+
+func (s *float64SliceValue) Set(val string) error {
+	ss := strings.Split(val, ",")
+	out := make([]float64, len(ss))
+	for i, d := range ss {
+		var err error
+		out[i], err = strconv.ParseFloat(d, 64)
+		if err != nil {
+			return err
+		}
+
+	}
+	if !s.changed {
+		*s.value = out
+	} else {
+		*s.value = append(*s.value, out...)
+	}
+	s.changed = true
+	return nil
+}
+
+func (s *float64SliceValue) Type() string {
+	return "float64Slice"
+}
+
+func (s *float64SliceValue) String() string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = fmt.Sprintf("%f", d)
+	}
+	return "[" + strings.Join(out, ",") + "]"
+}
+
+func (s *float64SliceValue) fromString(val string) (float64, error) {
+	return strconv.ParseFloat(val, 64)
+}
+
+func (s *float64SliceValue) toString(val float64) string {
+	return fmt.Sprintf("%f", val)
+}
+
+func (s *float64SliceValue) Append(val string) error {
+	i, err := s.fromString(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *float64SliceValue) Replace(val []string) error {
+	out := make([]float64, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = s.fromString(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *float64SliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = s.toString(d)
+	}
+	return out
+}
+
+func float64SliceConv(val string) (interface{}, error) {
+	val = strings.Trim(val, "[]")
+	// Empty string would cause a slice with one (empty) entry
+	if len(val) == 0 {
+		return []float64{}, nil
+	}
+	ss := strings.Split(val, ",")
+	out := make([]float64, len(ss))
+	for i, d := range ss {
+		var err error
+		out[i], err = strconv.ParseFloat(d, 64)
+		if err != nil {
+			return nil, err
+		}
+
+	}
+	return out, nil
+}
+
+// GetFloat64Slice return the []float64 value of a flag with the given name
+func (f *FlagSet) GetFloat64Slice(name string) ([]float64, error) {
+	val, err := f.getFlagType(name, "float64Slice", float64SliceConv)
+	if err != nil {
+		return []float64{}, err
+	}
+	return val.([]float64), nil
+}
+
+// Float64SliceVar defines a float64Slice flag with specified name, default value, and usage string.
+// The argument p points to a []float64 variable in which to store the value of the flag.
+func (f *FlagSet) Float64SliceVar(p *[]float64, name string, value []float64, usage string) {
+	f.VarP(newFloat64SliceValue(value, p), name, "", usage)
+}
+
+// Float64SliceVarP is like Float64SliceVar, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) Float64SliceVarP(p *[]float64, name, shorthand string, value []float64, usage string) {
+	f.VarP(newFloat64SliceValue(value, p), name, shorthand, usage)
+}
+
+// Float64SliceVar defines a float64[] flag with specified name, default value, and usage string.
+// The argument p points to a float64[] variable in which to store the value of the flag.
+func Float64SliceVar(p *[]float64, name string, value []float64, usage string) {
+	CommandLine.VarP(newFloat64SliceValue(value, p), name, "", usage)
+}
+
+// Float64SliceVarP is like Float64SliceVar, but accepts a shorthand letter that can be used after a single dash.
+func Float64SliceVarP(p *[]float64, name, shorthand string, value []float64, usage string) {
+	CommandLine.VarP(newFloat64SliceValue(value, p), name, shorthand, usage)
+}
+
+// Float64Slice defines a []float64 flag with specified name, default value, and usage string.
+// The return value is the address of a []float64 variable that stores the value of the flag.
+func (f *FlagSet) Float64Slice(name string, value []float64, usage string) *[]float64 {
+	p := []float64{}
+	f.Float64SliceVarP(&p, name, "", value, usage)
+	return &p
+}
+
+// Float64SliceP is like Float64Slice, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) Float64SliceP(name, shorthand string, value []float64, usage string) *[]float64 {
+	p := []float64{}
+	f.Float64SliceVarP(&p, name, shorthand, value, usage)
+	return &p
+}
+
+// Float64Slice defines a []float64 flag with specified name, default value, and usage string.
+// The return value is the address of a []float64 variable that stores the value of the flag.
+func Float64Slice(name string, value []float64, usage string) *[]float64 {
+	return CommandLine.Float64SliceP(name, "", value, usage)
+}
+
+// Float64SliceP is like Float64Slice, but accepts a shorthand letter that can be used after a single dash.
+func Float64SliceP(name, shorthand string, value []float64, usage string) *[]float64 {
+	return CommandLine.Float64SliceP(name, shorthand, value, usage)
+}
diff --git a/vendor/github.com/spf13/pflag/go.mod b/vendor/github.com/spf13/pflag/go.mod
new file mode 100644
index 0000000000000..b2287eec13482
--- /dev/null
+++ b/vendor/github.com/spf13/pflag/go.mod
@@ -0,0 +1,3 @@
+module github.com/spf13/pflag
+
+go 1.12
diff --git a/vendor/github.com/spf13/pflag/int32_slice.go b/vendor/github.com/spf13/pflag/int32_slice.go
new file mode 100644
index 0000000000000..ff128ff06d869
--- /dev/null
+++ b/vendor/github.com/spf13/pflag/int32_slice.go
@@ -0,0 +1,174 @@
+package pflag
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// -- int32Slice Value
+type int32SliceValue struct {
+	value   *[]int32
+	changed bool
+}
+
+func newInt32SliceValue(val []int32, p *[]int32) *int32SliceValue {
+	isv := new(int32SliceValue)
+	isv.value = p
+	*isv.value = val
+	return isv
+}
+
+func (s *int32SliceValue) Set(val string) error {
+	ss := strings.Split(val, ",")
+	out := make([]int32, len(ss))
+	for i, d := range ss {
+		var err error
+		var temp64 int64
+		temp64, err = strconv.ParseInt(d, 0, 32)
+		if err != nil {
+			return err
+		}
+		out[i] = int32(temp64)
+
+	}
+	if !s.changed {
+		*s.value = out
+	} else {
+		*s.value = append(*s.value, out...)
+	}
+	s.changed = true
+	return nil
+}
+
+func (s *int32SliceValue) Type() string {
+	return "int32Slice"
+}
+
+func (s *int32SliceValue) String() string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = fmt.Sprintf("%d", d)
+	}
+	return "[" + strings.Join(out, ",") + "]"
+}
+
+func (s *int32SliceValue) fromString(val string) (int32, error) {
+	t64, err := strconv.ParseInt(val, 0, 32)
+	if err != nil {
+		return 0, err
+	}
+	return int32(t64), nil
+}
+
+func (s *int32SliceValue) toString(val int32) string {
+	return fmt.Sprintf("%d", val)
+}
+
+func (s *int32SliceValue) Append(val string) error {
+	i, err := s.fromString(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *int32SliceValue) Replace(val []string) error {
+	out := make([]int32, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = s.fromString(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *int32SliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = s.toString(d)
+	}
+	return out
+}
+
+func int32SliceConv(val string) (interface{}, error) {
+	val = strings.Trim(val, "[]")
+	// Empty string would cause a slice with one (empty) entry
+	if len(val) == 0 {
+		return []int32{}, nil
+	}
+	ss := strings.Split(val, ",")
+	out := make([]int32, len(ss))
+	for i, d := range ss {
+		var err error
+		var temp64 int64
+		temp64, err = strconv.ParseInt(d, 0, 32)
+		if err != nil {
+			return nil, err
+		}
+		out[i] = int32(temp64)
+
+	}
+	return out, nil
+}
+
+// GetInt32Slice return the []int32 value of a flag with the given name
+func (f *FlagSet) GetInt32Slice(name string) ([]int32, error) {
+	val, err := f.getFlagType(name, "int32Slice", int32SliceConv)
+	if err != nil {
+		return []int32{}, err
+	}
+	return val.([]int32), nil
+}
+
+// Int32SliceVar defines a int32Slice flag with specified name, default value, and usage string.
+// The argument p points to a []int32 variable in which to store the value of the flag.
+func (f *FlagSet) Int32SliceVar(p *[]int32, name string, value []int32, usage string) {
+	f.VarP(newInt32SliceValue(value, p), name, "", usage)
+}
+
+// Int32SliceVarP is like Int32SliceVar, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) Int32SliceVarP(p *[]int32, name, shorthand string, value []int32, usage string) {
+	f.VarP(newInt32SliceValue(value, p), name, shorthand, usage)
+}
+
+// Int32SliceVar defines a int32[] flag with specified name, default value, and usage string.
+// The argument p points to a int32[] variable in which to store the value of the flag.
+func Int32SliceVar(p *[]int32, name string, value []int32, usage string) {
+	CommandLine.VarP(newInt32SliceValue(value, p), name, "", usage)
+}
+
+// Int32SliceVarP is like Int32SliceVar, but accepts a shorthand letter that can be used after a single dash.
+func Int32SliceVarP(p *[]int32, name, shorthand string, value []int32, usage string) {
+	CommandLine.VarP(newInt32SliceValue(value, p), name, shorthand, usage)
+}
+
+// Int32Slice defines a []int32 flag with specified name, default value, and usage string.
+// The return value is the address of a []int32 variable that stores the value of the flag.
+func (f *FlagSet) Int32Slice(name string, value []int32, usage string) *[]int32 {
+	p := []int32{}
+	f.Int32SliceVarP(&p, name, "", value, usage)
+	return &p
+}
+
+// Int32SliceP is like Int32Slice, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) Int32SliceP(name, shorthand string, value []int32, usage string) *[]int32 {
+	p := []int32{}
+	f.Int32SliceVarP(&p, name, shorthand, value, usage)
+	return &p
+}
+
+// Int32Slice defines a []int32 flag with specified name, default value, and usage string.
+// The return value is the address of a []int32 variable that stores the value of the flag.
+func Int32Slice(name string, value []int32, usage string) *[]int32 {
+	return CommandLine.Int32SliceP(name, "", value, usage)
+}
+
+// Int32SliceP is like Int32Slice, but accepts a shorthand letter that can be used after a single dash.
+func Int32SliceP(name, shorthand string, value []int32, usage string) *[]int32 {
+	return CommandLine.Int32SliceP(name, shorthand, value, usage)
+}
diff --git a/vendor/github.com/spf13/pflag/int64_slice.go b/vendor/github.com/spf13/pflag/int64_slice.go
new file mode 100644
index 0000000000000..25464638f3ab6
--- /dev/null
+++ b/vendor/github.com/spf13/pflag/int64_slice.go
@@ -0,0 +1,166 @@
+package pflag
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// -- int64Slice Value
+type int64SliceValue struct {
+	value   *[]int64
+	changed bool
+}
+
+func newInt64SliceValue(val []int64, p *[]int64) *int64SliceValue {
+	isv := new(int64SliceValue)
+	isv.value = p
+	*isv.value = val
+	return isv
+}
+
+func (s *int64SliceValue) Set(val string) error {
+	ss := strings.Split(val, ",")
+	out := make([]int64, len(ss))
+	for i, d := range ss {
+		var err error
+		out[i], err = strconv.ParseInt(d, 0, 64)
+		if err != nil {
+			return err
+		}
+
+	}
+	if !s.changed {
+		*s.value = out
+	} else {
+		*s.value = append(*s.value, out...)
+	}
+	s.changed = true
+	return nil
+}
+
+func (s *int64SliceValue) Type() string {
+	return "int64Slice"
+}
+
+func (s *int64SliceValue) String() string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = fmt.Sprintf("%d", d)
+	}
+	return "[" + strings.Join(out, ",") + "]"
+}
+
+func (s *int64SliceValue) fromString(val string) (int64, error) {
+	return strconv.ParseInt(val, 0, 64)
+}
+
+func (s *int64SliceValue) toString(val int64) string {
+	return fmt.Sprintf("%d", val)
+}
+
+func (s *int64SliceValue) Append(val string) error {
+	i, err := s.fromString(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *int64SliceValue) Replace(val []string) error {
+	out := make([]int64, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = s.fromString(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *int64SliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = s.toString(d)
+	}
+	return out
+}
+
+func int64SliceConv(val string) (interface{}, error) {
+	val = strings.Trim(val, "[]")
+	// Empty string would cause a slice with one (empty) entry
+	if len(val) == 0 {
+		return []int64{}, nil
+	}
+	ss := strings.Split(val, ",")
+	out := make([]int64, len(ss))
+	for i, d := range ss {
+		var err error
+		out[i], err = strconv.ParseInt(d, 0, 64)
+		if err != nil {
+			return nil, err
+		}
+
+	}
+	return out, nil
+}
+
+// GetInt64Slice return the []int64 value of a flag with the given name
+func (f *FlagSet) GetInt64Slice(name string) ([]int64, error) {
+	val, err := f.getFlagType(name, "int64Slice", int64SliceConv)
+	if err != nil {
+		return []int64{}, err
+	}
+	return val.([]int64), nil
+}
+
+// Int64SliceVar defines a int64Slice flag with specified name, default value, and usage string.
+// The argument p points to a []int64 variable in which to store the value of the flag.
+func (f *FlagSet) Int64SliceVar(p *[]int64, name string, value []int64, usage string) {
+	f.VarP(newInt64SliceValue(value, p), name, "", usage)
+}
+
+// Int64SliceVarP is like Int64SliceVar, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) Int64SliceVarP(p *[]int64, name, shorthand string, value []int64, usage string) {
+	f.VarP(newInt64SliceValue(value, p), name, shorthand, usage)
+}
+
+// Int64SliceVar defines a int64[] flag with specified name, default value, and usage string.
+// The argument p points to a int64[] variable in which to store the value of the flag.
+func Int64SliceVar(p *[]int64, name string, value []int64, usage string) {
+	CommandLine.VarP(newInt64SliceValue(value, p), name, "", usage)
+}
+
+// Int64SliceVarP is like Int64SliceVar, but accepts a shorthand letter that can be used after a single dash.
+func Int64SliceVarP(p *[]int64, name, shorthand string, value []int64, usage string) {
+	CommandLine.VarP(newInt64SliceValue(value, p), name, shorthand, usage)
+}
+
+// Int64Slice defines a []int64 flag with specified name, default value, and usage string.
+// The return value is the address of a []int64 variable that stores the value of the flag.
+func (f *FlagSet) Int64Slice(name string, value []int64, usage string) *[]int64 {
+	p := []int64{}
+	f.Int64SliceVarP(&p, name, "", value, usage)
+	return &p
+}
+
+// Int64SliceP is like Int64Slice, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) Int64SliceP(name, shorthand string, value []int64, usage string) *[]int64 {
+	p := []int64{}
+	f.Int64SliceVarP(&p, name, shorthand, value, usage)
+	return &p
+}
+
+// Int64Slice defines a []int64 flag with specified name, default value, and usage string.
+// The return value is the address of a []int64 variable that stores the value of the flag.
+func Int64Slice(name string, value []int64, usage string) *[]int64 {
+	return CommandLine.Int64SliceP(name, "", value, usage)
+}
+
+// Int64SliceP is like Int64Slice, but accepts a shorthand letter that can be used after a single dash.
+func Int64SliceP(name, shorthand string, value []int64, usage string) *[]int64 {
+	return CommandLine.Int64SliceP(name, shorthand, value, usage)
+}
diff --git a/vendor/github.com/spf13/pflag/int_slice.go b/vendor/github.com/spf13/pflag/int_slice.go
index 1e7c9edde955c..e71c39d91aa71 100644
--- a/vendor/github.com/spf13/pflag/int_slice.go
+++ b/vendor/github.com/spf13/pflag/int_slice.go
@@ -51,6 +51,36 @@ func (s *intSliceValue) String() string {
 	return "[" + strings.Join(out, ",") + "]"
 }
 
+func (s *intSliceValue) Append(val string) error {
+	i, err := strconv.Atoi(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *intSliceValue) Replace(val []string) error {
+	out := make([]int, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = strconv.Atoi(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *intSliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = strconv.Itoa(d)
+	}
+	return out
+}
+
 func intSliceConv(val string) (interface{}, error) {
 	val = strings.Trim(val, "[]")
 	// Empty string would cause a slice with one (empty) entry
diff --git a/vendor/github.com/spf13/pflag/ip_slice.go b/vendor/github.com/spf13/pflag/ip_slice.go
index 7dd196fe3fb11..775faae4fd8d2 100644
--- a/vendor/github.com/spf13/pflag/ip_slice.go
+++ b/vendor/github.com/spf13/pflag/ip_slice.go
@@ -72,9 +72,47 @@ func (s *ipSliceValue) String() string {
 	return "[" + out + "]"
 }
 
+func (s *ipSliceValue) fromString(val string) (net.IP, error) {
+	return net.ParseIP(strings.TrimSpace(val)), nil
+}
+
+func (s *ipSliceValue) toString(val net.IP) string {
+	return val.String()
+}
+
+func (s *ipSliceValue) Append(val string) error {
+	i, err := s.fromString(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *ipSliceValue) Replace(val []string) error {
+	out := make([]net.IP, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = s.fromString(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *ipSliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = s.toString(d)
+	}
+	return out
+}
+
 func ipSliceConv(val string) (interface{}, error) {
 	val = strings.Trim(val, "[]")
-	// Emtpy string would cause a slice with one (empty) entry
+	// Empty string would cause a slice with one (empty) entry
 	if len(val) == 0 {
 		return []net.IP{}, nil
 	}
diff --git a/vendor/github.com/spf13/pflag/string_array.go b/vendor/github.com/spf13/pflag/string_array.go
index fa7bc60187a79..4894af818023b 100644
--- a/vendor/github.com/spf13/pflag/string_array.go
+++ b/vendor/github.com/spf13/pflag/string_array.go
@@ -23,6 +23,32 @@ func (s *stringArrayValue) Set(val string) error {
 	return nil
 }
 
+func (s *stringArrayValue) Append(val string) error {
+	*s.value = append(*s.value, val)
+	return nil
+}
+
+func (s *stringArrayValue) Replace(val []string) error {
+	out := make([]string, len(val))
+	for i, d := range val {
+		var err error
+		out[i] = d
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *stringArrayValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = d
+	}
+	return out
+}
+
 func (s *stringArrayValue) Type() string {
 	return "stringArray"
 }
diff --git a/vendor/github.com/spf13/pflag/string_slice.go b/vendor/github.com/spf13/pflag/string_slice.go
index 0cd3ccc083e28..3cb2e69dba026 100644
--- a/vendor/github.com/spf13/pflag/string_slice.go
+++ b/vendor/github.com/spf13/pflag/string_slice.go
@@ -62,6 +62,20 @@ func (s *stringSliceValue) String() string {
 	return "[" + str + "]"
 }
 
+func (s *stringSliceValue) Append(val string) error {
+	*s.value = append(*s.value, val)
+	return nil
+}
+
+func (s *stringSliceValue) Replace(val []string) error {
+	*s.value = val
+	return nil
+}
+
+func (s *stringSliceValue) GetSlice() []string {
+	return *s.value
+}
+
 func stringSliceConv(sval string) (interface{}, error) {
 	sval = sval[1 : len(sval)-1]
 	// An empty string would cause a slice with one (empty) string
@@ -84,7 +98,7 @@ func (f *FlagSet) GetStringSlice(name string) ([]string, error) {
 // The argument p points to a []string variable in which to store the value of the flag.
 // Compared to StringArray flags, StringSlice flags take comma-separated value as arguments and split them accordingly.
 // For example:
-//   --ss="v1,v2" -ss="v3"
+//   --ss="v1,v2" --ss="v3"
 // will result in
 //   []string{"v1", "v2", "v3"}
 func (f *FlagSet) StringSliceVar(p *[]string, name string, value []string, usage string) {
@@ -100,7 +114,7 @@ func (f *FlagSet) StringSliceVarP(p *[]string, name, shorthand string, value []s
 // The argument p points to a []string variable in which to store the value of the flag.
 // Compared to StringArray flags, StringSlice flags take comma-separated value as arguments and split them accordingly.
 // For example:
-//   --ss="v1,v2" -ss="v3"
+//   --ss="v1,v2" --ss="v3"
 // will result in
 //   []string{"v1", "v2", "v3"}
 func StringSliceVar(p *[]string, name string, value []string, usage string) {
@@ -116,7 +130,7 @@ func StringSliceVarP(p *[]string, name, shorthand string, value []string, usage
 // The return value is the address of a []string variable that stores the value of the flag.
 // Compared to StringArray flags, StringSlice flags take comma-separated value as arguments and split them accordingly.
 // For example:
-//   --ss="v1,v2" -ss="v3"
+//   --ss="v1,v2" --ss="v3"
 // will result in
 //   []string{"v1", "v2", "v3"}
 func (f *FlagSet) StringSlice(name string, value []string, usage string) *[]string {
@@ -136,7 +150,7 @@ func (f *FlagSet) StringSliceP(name, shorthand string, value []string, usage str
 // The return value is the address of a []string variable that stores the value of the flag.
 // Compared to StringArray flags, StringSlice flags take comma-separated value as arguments and split them accordingly.
 // For example:
-//   --ss="v1,v2" -ss="v3"
+//   --ss="v1,v2" --ss="v3"
 // will result in
 //   []string{"v1", "v2", "v3"}
 func StringSlice(name string, value []string, usage string) *[]string {
diff --git a/vendor/github.com/spf13/pflag/string_to_int.go b/vendor/github.com/spf13/pflag/string_to_int.go
new file mode 100644
index 0000000000000..5ceda3965dfeb
--- /dev/null
+++ b/vendor/github.com/spf13/pflag/string_to_int.go
@@ -0,0 +1,149 @@
+package pflag
+
+import (
+	"bytes"
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// -- stringToInt Value
+type stringToIntValue struct {
+	value   *map[string]int
+	changed bool
+}
+
+func newStringToIntValue(val map[string]int, p *map[string]int) *stringToIntValue {
+	ssv := new(stringToIntValue)
+	ssv.value = p
+	*ssv.value = val
+	return ssv
+}
+
+// Format: a=1,b=2
+func (s *stringToIntValue) Set(val string) error {
+	ss := strings.Split(val, ",")
+	out := make(map[string]int, len(ss))
+	for _, pair := range ss {
+		kv := strings.SplitN(pair, "=", 2)
+		if len(kv) != 2 {
+			return fmt.Errorf("%s must be formatted as key=value", pair)
+		}
+		var err error
+		out[kv[0]], err = strconv.Atoi(kv[1])
+		if err != nil {
+			return err
+		}
+	}
+	if !s.changed {
+		*s.value = out
+	} else {
+		for k, v := range out {
+			(*s.value)[k] = v
+		}
+	}
+	s.changed = true
+	return nil
+}
+
+func (s *stringToIntValue) Type() string {
+	return "stringToInt"
+}
+
+func (s *stringToIntValue) String() string {
+	var buf bytes.Buffer
+	i := 0
+	for k, v := range *s.value {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteString(k)
+		buf.WriteRune('=')
+		buf.WriteString(strconv.Itoa(v))
+		i++
+	}
+	return "[" + buf.String() + "]"
+}
+
+func stringToIntConv(val string) (interface{}, error) {
+	val = strings.Trim(val, "[]")
+	// An empty string would cause an empty map
+	if len(val) == 0 {
+		return map[string]int{}, nil
+	}
+	ss := strings.Split(val, ",")
+	out := make(map[string]int, len(ss))
+	for _, pair := range ss {
+		kv := strings.SplitN(pair, "=", 2)
+		if len(kv) != 2 {
+			return nil, fmt.Errorf("%s must be formatted as key=value", pair)
+		}
+		var err error
+		out[kv[0]], err = strconv.Atoi(kv[1])
+		if err != nil {
+			return nil, err
+		}
+	}
+	return out, nil
+}
+
+// GetStringToInt return the map[string]int value of a flag with the given name
+func (f *FlagSet) GetStringToInt(name string) (map[string]int, error) {
+	val, err := f.getFlagType(name, "stringToInt", stringToIntConv)
+	if err != nil {
+		return map[string]int{}, err
+	}
+	return val.(map[string]int), nil
+}
+
+// StringToIntVar defines a string flag with specified name, default value, and usage string.
+// The argument p points to a map[string]int variable in which to store the values of the multiple flags.
+// The value of each argument will not try to be separated by comma
+func (f *FlagSet) StringToIntVar(p *map[string]int, name string, value map[string]int, usage string) {
+	f.VarP(newStringToIntValue(value, p), name, "", usage)
+}
+
+// StringToIntVarP is like StringToIntVar, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) StringToIntVarP(p *map[string]int, name, shorthand string, value map[string]int, usage string) {
+	f.VarP(newStringToIntValue(value, p), name, shorthand, usage)
+}
+
+// StringToIntVar defines a string flag with specified name, default value, and usage string.
+// The argument p points to a map[string]int variable in which to store the value of the flag.
+// The value of each argument will not try to be separated by comma
+func StringToIntVar(p *map[string]int, name string, value map[string]int, usage string) {
+	CommandLine.VarP(newStringToIntValue(value, p), name, "", usage)
+}
+
+// StringToIntVarP is like StringToIntVar, but accepts a shorthand letter that can be used after a single dash.
+func StringToIntVarP(p *map[string]int, name, shorthand string, value map[string]int, usage string) {
+	CommandLine.VarP(newStringToIntValue(value, p), name, shorthand, usage)
+}
+
+// StringToInt defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a map[string]int variable that stores the value of the flag.
+// The value of each argument will not try to be separated by comma
+func (f *FlagSet) StringToInt(name string, value map[string]int, usage string) *map[string]int {
+	p := map[string]int{}
+	f.StringToIntVarP(&p, name, "", value, usage)
+	return &p
+}
+
+// StringToIntP is like StringToInt, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) StringToIntP(name, shorthand string, value map[string]int, usage string) *map[string]int {
+	p := map[string]int{}
+	f.StringToIntVarP(&p, name, shorthand, value, usage)
+	return &p
+}
+
+// StringToInt defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a map[string]int variable that stores the value of the flag.
+// The value of each argument will not try to be separated by comma
+func StringToInt(name string, value map[string]int, usage string) *map[string]int {
+	return CommandLine.StringToIntP(name, "", value, usage)
+}
+
+// StringToIntP is like StringToInt, but accepts a shorthand letter that can be used after a single dash.
+func StringToIntP(name, shorthand string, value map[string]int, usage string) *map[string]int {
+	return CommandLine.StringToIntP(name, shorthand, value, usage)
+}
diff --git a/vendor/github.com/spf13/pflag/string_to_int64.go b/vendor/github.com/spf13/pflag/string_to_int64.go
new file mode 100644
index 0000000000000..a807a04a0bad8
--- /dev/null
+++ b/vendor/github.com/spf13/pflag/string_to_int64.go
@@ -0,0 +1,149 @@
+package pflag
+
+import (
+	"bytes"
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// -- stringToInt64 Value
+type stringToInt64Value struct {
+	value   *map[string]int64
+	changed bool
+}
+
+func newStringToInt64Value(val map[string]int64, p *map[string]int64) *stringToInt64Value {
+	ssv := new(stringToInt64Value)
+	ssv.value = p
+	*ssv.value = val
+	return ssv
+}
+
+// Format: a=1,b=2
+func (s *stringToInt64Value) Set(val string) error {
+	ss := strings.Split(val, ",")
+	out := make(map[string]int64, len(ss))
+	for _, pair := range ss {
+		kv := strings.SplitN(pair, "=", 2)
+		if len(kv) != 2 {
+			return fmt.Errorf("%s must be formatted as key=value", pair)
+		}
+		var err error
+		out[kv[0]], err = strconv.ParseInt(kv[1], 10, 64)
+		if err != nil {
+			return err
+		}
+	}
+	if !s.changed {
+		*s.value = out
+	} else {
+		for k, v := range out {
+			(*s.value)[k] = v
+		}
+	}
+	s.changed = true
+	return nil
+}
+
+func (s *stringToInt64Value) Type() string {
+	return "stringToInt64"
+}
+
+func (s *stringToInt64Value) String() string {
+	var buf bytes.Buffer
+	i := 0
+	for k, v := range *s.value {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteString(k)
+		buf.WriteRune('=')
+		buf.WriteString(strconv.FormatInt(v, 10))
+		i++
+	}
+	return "[" + buf.String() + "]"
+}
+
+func stringToInt64Conv(val string) (interface{}, error) {
+	val = strings.Trim(val, "[]")
+	// An empty string would cause an empty map
+	if len(val) == 0 {
+		return map[string]int64{}, nil
+	}
+	ss := strings.Split(val, ",")
+	out := make(map[string]int64, len(ss))
+	for _, pair := range ss {
+		kv := strings.SplitN(pair, "=", 2)
+		if len(kv) != 2 {
+			return nil, fmt.Errorf("%s must be formatted as key=value", pair)
+		}
+		var err error
+		out[kv[0]], err = strconv.ParseInt(kv[1], 10, 64)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return out, nil
+}
+
+// GetStringToInt64 return the map[string]int64 value of a flag with the given name
+func (f *FlagSet) GetStringToInt64(name string) (map[string]int64, error) {
+	val, err := f.getFlagType(name, "stringToInt64", stringToInt64Conv)
+	if err != nil {
+		return map[string]int64{}, err
+	}
+	return val.(map[string]int64), nil
+}
+
+// StringToInt64Var defines a string flag with specified name, default value, and usage string.
+// The argument p point64s to a map[string]int64 variable in which to store the values of the multiple flags.
+// The value of each argument will not try to be separated by comma
+func (f *FlagSet) StringToInt64Var(p *map[string]int64, name string, value map[string]int64, usage string) {
+	f.VarP(newStringToInt64Value(value, p), name, "", usage)
+}
+
+// StringToInt64VarP is like StringToInt64Var, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) StringToInt64VarP(p *map[string]int64, name, shorthand string, value map[string]int64, usage string) {
+	f.VarP(newStringToInt64Value(value, p), name, shorthand, usage)
+}
+
+// StringToInt64Var defines a string flag with specified name, default value, and usage string.
+// The argument p point64s to a map[string]int64 variable in which to store the value of the flag.
+// The value of each argument will not try to be separated by comma
+func StringToInt64Var(p *map[string]int64, name string, value map[string]int64, usage string) {
+	CommandLine.VarP(newStringToInt64Value(value, p), name, "", usage)
+}
+
+// StringToInt64VarP is like StringToInt64Var, but accepts a shorthand letter that can be used after a single dash.
+func StringToInt64VarP(p *map[string]int64, name, shorthand string, value map[string]int64, usage string) {
+	CommandLine.VarP(newStringToInt64Value(value, p), name, shorthand, usage)
+}
+
+// StringToInt64 defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a map[string]int64 variable that stores the value of the flag.
+// The value of each argument will not try to be separated by comma
+func (f *FlagSet) StringToInt64(name string, value map[string]int64, usage string) *map[string]int64 {
+	p := map[string]int64{}
+	f.StringToInt64VarP(&p, name, "", value, usage)
+	return &p
+}
+
+// StringToInt64P is like StringToInt64, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) StringToInt64P(name, shorthand string, value map[string]int64, usage string) *map[string]int64 {
+	p := map[string]int64{}
+	f.StringToInt64VarP(&p, name, shorthand, value, usage)
+	return &p
+}
+
+// StringToInt64 defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a map[string]int64 variable that stores the value of the flag.
+// The value of each argument will not try to be separated by comma
+func StringToInt64(name string, value map[string]int64, usage string) *map[string]int64 {
+	return CommandLine.StringToInt64P(name, "", value, usage)
+}
+
+// StringToInt64P is like StringToInt64, but accepts a shorthand letter that can be used after a single dash.
+func StringToInt64P(name, shorthand string, value map[string]int64, usage string) *map[string]int64 {
+	return CommandLine.StringToInt64P(name, shorthand, value, usage)
+}
diff --git a/vendor/github.com/spf13/pflag/string_to_string.go b/vendor/github.com/spf13/pflag/string_to_string.go
new file mode 100644
index 0000000000000..890a01afc0300
--- /dev/null
+++ b/vendor/github.com/spf13/pflag/string_to_string.go
@@ -0,0 +1,160 @@
+package pflag
+
+import (
+	"bytes"
+	"encoding/csv"
+	"fmt"
+	"strings"
+)
+
+// -- stringToString Value
+type stringToStringValue struct {
+	value   *map[string]string
+	changed bool
+}
+
+func newStringToStringValue(val map[string]string, p *map[string]string) *stringToStringValue {
+	ssv := new(stringToStringValue)
+	ssv.value = p
+	*ssv.value = val
+	return ssv
+}
+
+// Format: a=1,b=2
+func (s *stringToStringValue) Set(val string) error {
+	var ss []string
+	n := strings.Count(val, "=")
+	switch n {
+	case 0:
+		return fmt.Errorf("%s must be formatted as key=value", val)
+	case 1:
+		ss = append(ss, strings.Trim(val, `"`))
+	default:
+		r := csv.NewReader(strings.NewReader(val))
+		var err error
+		ss, err = r.Read()
+		if err != nil {
+			return err
+		}
+	}
+
+	out := make(map[string]string, len(ss))
+	for _, pair := range ss {
+		kv := strings.SplitN(pair, "=", 2)
+		if len(kv) != 2 {
+			return fmt.Errorf("%s must be formatted as key=value", pair)
+		}
+		out[kv[0]] = kv[1]
+	}
+	if !s.changed {
+		*s.value = out
+	} else {
+		for k, v := range out {
+			(*s.value)[k] = v
+		}
+	}
+	s.changed = true
+	return nil
+}
+
+func (s *stringToStringValue) Type() string {
+	return "stringToString"
+}
+
+func (s *stringToStringValue) String() string {
+	records := make([]string, 0, len(*s.value)>>1)
+	for k, v := range *s.value {
+		records = append(records, k+"="+v)
+	}
+
+	var buf bytes.Buffer
+	w := csv.NewWriter(&buf)
+	if err := w.Write(records); err != nil {
+		panic(err)
+	}
+	w.Flush()
+	return "[" + strings.TrimSpace(buf.String()) + "]"
+}
+
+func stringToStringConv(val string) (interface{}, error) {
+	val = strings.Trim(val, "[]")
+	// An empty string would cause an empty map
+	if len(val) == 0 {
+		return map[string]string{}, nil
+	}
+	r := csv.NewReader(strings.NewReader(val))
+	ss, err := r.Read()
+	if err != nil {
+		return nil, err
+	}
+	out := make(map[string]string, len(ss))
+	for _, pair := range ss {
+		kv := strings.SplitN(pair, "=", 2)
+		if len(kv) != 2 {
+			return nil, fmt.Errorf("%s must be formatted as key=value", pair)
+		}
+		out[kv[0]] = kv[1]
+	}
+	return out, nil
+}
+
+// GetStringToString return the map[string]string value of a flag with the given name
+func (f *FlagSet) GetStringToString(name string) (map[string]string, error) {
+	val, err := f.getFlagType(name, "stringToString", stringToStringConv)
+	if err != nil {
+		return map[string]string{}, err
+	}
+	return val.(map[string]string), nil
+}
+
+// StringToStringVar defines a string flag with specified name, default value, and usage string.
+// The argument p points to a map[string]string variable in which to store the values of the multiple flags.
+// The value of each argument will not try to be separated by comma
+func (f *FlagSet) StringToStringVar(p *map[string]string, name string, value map[string]string, usage string) {
+	f.VarP(newStringToStringValue(value, p), name, "", usage)
+}
+
+// StringToStringVarP is like StringToStringVar, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) StringToStringVarP(p *map[string]string, name, shorthand string, value map[string]string, usage string) {
+	f.VarP(newStringToStringValue(value, p), name, shorthand, usage)
+}
+
+// StringToStringVar defines a string flag with specified name, default value, and usage string.
+// The argument p points to a map[string]string variable in which to store the value of the flag.
+// The value of each argument will not try to be separated by comma
+func StringToStringVar(p *map[string]string, name string, value map[string]string, usage string) {
+	CommandLine.VarP(newStringToStringValue(value, p), name, "", usage)
+}
+
+// StringToStringVarP is like StringToStringVar, but accepts a shorthand letter that can be used after a single dash.
+func StringToStringVarP(p *map[string]string, name, shorthand string, value map[string]string, usage string) {
+	CommandLine.VarP(newStringToStringValue(value, p), name, shorthand, usage)
+}
+
+// StringToString defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a map[string]string variable that stores the value of the flag.
+// The value of each argument will not try to be separated by comma
+func (f *FlagSet) StringToString(name string, value map[string]string, usage string) *map[string]string {
+	p := map[string]string{}
+	f.StringToStringVarP(&p, name, "", value, usage)
+	return &p
+}
+
+// StringToStringP is like StringToString, but accepts a shorthand letter that can be used after a single dash.
+func (f *FlagSet) StringToStringP(name, shorthand string, value map[string]string, usage string) *map[string]string {
+	p := map[string]string{}
+	f.StringToStringVarP(&p, name, shorthand, value, usage)
+	return &p
+}
+
+// StringToString defines a string flag with specified name, default value, and usage string.
+// The return value is the address of a map[string]string variable that stores the value of the flag.
+// The value of each argument will not try to be separated by comma
+func StringToString(name string, value map[string]string, usage string) *map[string]string {
+	return CommandLine.StringToStringP(name, "", value, usage)
+}
+
+// StringToStringP is like StringToString, but accepts a shorthand letter that can be used after a single dash.
+func StringToStringP(name, shorthand string, value map[string]string, usage string) *map[string]string {
+	return CommandLine.StringToStringP(name, shorthand, value, usage)
+}
diff --git a/vendor/github.com/spf13/pflag/uint_slice.go b/vendor/github.com/spf13/pflag/uint_slice.go
index edd94c600af09..5fa924835ed3f 100644
--- a/vendor/github.com/spf13/pflag/uint_slice.go
+++ b/vendor/github.com/spf13/pflag/uint_slice.go
@@ -50,6 +50,48 @@ func (s *uintSliceValue) String() string {
 	return "[" + strings.Join(out, ",") + "]"
 }
 
+func (s *uintSliceValue) fromString(val string) (uint, error) {
+	t, err := strconv.ParseUint(val, 10, 0)
+	if err != nil {
+		return 0, err
+	}
+	return uint(t), nil
+}
+
+func (s *uintSliceValue) toString(val uint) string {
+	return fmt.Sprintf("%d", val)
+}
+
+func (s *uintSliceValue) Append(val string) error {
+	i, err := s.fromString(val)
+	if err != nil {
+		return err
+	}
+	*s.value = append(*s.value, i)
+	return nil
+}
+
+func (s *uintSliceValue) Replace(val []string) error {
+	out := make([]uint, len(val))
+	for i, d := range val {
+		var err error
+		out[i], err = s.fromString(d)
+		if err != nil {
+			return err
+		}
+	}
+	*s.value = out
+	return nil
+}
+
+func (s *uintSliceValue) GetSlice() []string {
+	out := make([]string, len(*s.value))
+	for i, d := range *s.value {
+		out[i] = s.toString(d)
+	}
+	return out
+}
+
 func uintSliceConv(val string) (interface{}, error) {
 	val = strings.Trim(val, "[]")
 	// Empty string would cause a slice with one (empty) entry
diff --git a/vendor/github.com/syndtr/gocapability/LICENSE b/vendor/github.com/syndtr/gocapability/LICENSE
deleted file mode 100644
index 80dd96de77fab..0000000000000
--- a/vendor/github.com/syndtr/gocapability/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-Copyright 2013 Suryandaru Triandana <syndtr@gmail.com>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/syndtr/gocapability/capability/capability.go b/vendor/github.com/syndtr/gocapability/capability/capability.go
deleted file mode 100644
index c13f4e52a9cfe..0000000000000
--- a/vendor/github.com/syndtr/gocapability/capability/capability.go
+++ /dev/null
@@ -1,72 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Package capability provides utilities for manipulating POSIX capabilities.
-package capability
-
-type Capabilities interface {
-	// Get check whether a capability present in the given
-	// capabilities set. The 'which' value should be one of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Get(which CapType, what Cap) bool
-
-	// Empty check whether all capability bits of the given capabilities
-	// set are zero. The 'which' value should be one of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Empty(which CapType) bool
-
-	// Full check whether all capability bits of the given capabilities
-	// set are one. The 'which' value should be one of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Full(which CapType) bool
-
-	// Set sets capabilities of the given capabilities sets. The
-	// 'which' value should be one or combination (OR'ed) of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Set(which CapType, caps ...Cap)
-
-	// Unset unsets capabilities of the given capabilities sets. The
-	// 'which' value should be one or combination (OR'ed) of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Unset(which CapType, caps ...Cap)
-
-	// Fill sets all bits of the given capabilities kind to one. The
-	// 'kind' value should be one or combination (OR'ed) of CAPS or
-	// BOUNDS.
-	Fill(kind CapType)
-
-	// Clear sets all bits of the given capabilities kind to zero. The
-	// 'kind' value should be one or combination (OR'ed) of CAPS or
-	// BOUNDS.
-	Clear(kind CapType)
-
-	// String return current capabilities state of the given capabilities
-	// set as string. The 'which' value should be one of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	StringCap(which CapType) string
-
-	// String return current capabilities state as string.
-	String() string
-
-	// Load load actual capabilities value. This will overwrite all
-	// outstanding changes.
-	Load() error
-
-	// Apply apply the capabilities settings, so all changes will take
-	// effect.
-	Apply(kind CapType) error
-}
-
-// NewPid create new initialized Capabilities object for given pid when it
-// is nonzero, or for the current pid if pid is 0
-func NewPid(pid int) (Capabilities, error) {
-	return newPid(pid)
-}
-
-// NewFile create new initialized Capabilities object for given named file.
-func NewFile(name string) (Capabilities, error) {
-	return newFile(name)
-}
diff --git a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go b/vendor/github.com/syndtr/gocapability/capability/capability_linux.go
deleted file mode 100644
index 3dfcd398dcd74..0000000000000
--- a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go
+++ /dev/null
@@ -1,608 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package capability
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"strings"
-	"syscall"
-)
-
-var errUnknownVers = errors.New("unknown capability version")
-
-const (
-	linuxCapVer1 = 0x19980330
-	linuxCapVer2 = 0x20071026
-	linuxCapVer3 = 0x20080522
-)
-
-var (
-	capVers    uint32
-	capLastCap Cap
-)
-
-func init() {
-	var hdr capHeader
-	capget(&hdr, nil)
-	capVers = hdr.version
-
-	if initLastCap() == nil {
-		CAP_LAST_CAP = capLastCap
-		if capLastCap > 31 {
-			capUpperMask = (uint32(1) << (uint(capLastCap) - 31)) - 1
-		} else {
-			capUpperMask = 0
-		}
-	}
-}
-
-func initLastCap() error {
-	if capLastCap != 0 {
-		return nil
-	}
-
-	f, err := os.Open("/proc/sys/kernel/cap_last_cap")
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	var b []byte = make([]byte, 11)
-	_, err = f.Read(b)
-	if err != nil {
-		return err
-	}
-
-	fmt.Sscanf(string(b), "%d", &capLastCap)
-
-	return nil
-}
-
-func mkStringCap(c Capabilities, which CapType) (ret string) {
-	for i, first := Cap(0), true; i <= CAP_LAST_CAP; i++ {
-		if !c.Get(which, i) {
-			continue
-		}
-		if first {
-			first = false
-		} else {
-			ret += ", "
-		}
-		ret += i.String()
-	}
-	return
-}
-
-func mkString(c Capabilities, max CapType) (ret string) {
-	ret = "{"
-	for i := CapType(1); i <= max; i <<= 1 {
-		ret += " " + i.String() + "=\""
-		if c.Empty(i) {
-			ret += "empty"
-		} else if c.Full(i) {
-			ret += "full"
-		} else {
-			ret += c.StringCap(i)
-		}
-		ret += "\""
-	}
-	ret += " }"
-	return
-}
-
-func newPid(pid int) (c Capabilities, err error) {
-	switch capVers {
-	case linuxCapVer1:
-		p := new(capsV1)
-		p.hdr.version = capVers
-		p.hdr.pid = pid
-		c = p
-	case linuxCapVer2, linuxCapVer3:
-		p := new(capsV3)
-		p.hdr.version = capVers
-		p.hdr.pid = pid
-		c = p
-	default:
-		err = errUnknownVers
-		return
-	}
-	err = c.Load()
-	if err != nil {
-		c = nil
-	}
-	return
-}
-
-type capsV1 struct {
-	hdr  capHeader
-	data capData
-}
-
-func (c *capsV1) Get(which CapType, what Cap) bool {
-	if what > 32 {
-		return false
-	}
-
-	switch which {
-	case EFFECTIVE:
-		return (1<<uint(what))&c.data.effective != 0
-	case PERMITTED:
-		return (1<<uint(what))&c.data.permitted != 0
-	case INHERITABLE:
-		return (1<<uint(what))&c.data.inheritable != 0
-	}
-
-	return false
-}
-
-func (c *capsV1) getData(which CapType) (ret uint32) {
-	switch which {
-	case EFFECTIVE:
-		ret = c.data.effective
-	case PERMITTED:
-		ret = c.data.permitted
-	case INHERITABLE:
-		ret = c.data.inheritable
-	}
-	return
-}
-
-func (c *capsV1) Empty(which CapType) bool {
-	return c.getData(which) == 0
-}
-
-func (c *capsV1) Full(which CapType) bool {
-	return (c.getData(which) & 0x7fffffff) == 0x7fffffff
-}
-
-func (c *capsV1) Set(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		if what > 32 {
-			continue
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data.effective |= 1 << uint(what)
-		}
-		if which&PERMITTED != 0 {
-			c.data.permitted |= 1 << uint(what)
-		}
-		if which&INHERITABLE != 0 {
-			c.data.inheritable |= 1 << uint(what)
-		}
-	}
-}
-
-func (c *capsV1) Unset(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		if what > 32 {
-			continue
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data.effective &= ^(1 << uint(what))
-		}
-		if which&PERMITTED != 0 {
-			c.data.permitted &= ^(1 << uint(what))
-		}
-		if which&INHERITABLE != 0 {
-			c.data.inheritable &= ^(1 << uint(what))
-		}
-	}
-}
-
-func (c *capsV1) Fill(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data.effective = 0x7fffffff
-		c.data.permitted = 0x7fffffff
-		c.data.inheritable = 0
-	}
-}
-
-func (c *capsV1) Clear(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data.effective = 0
-		c.data.permitted = 0
-		c.data.inheritable = 0
-	}
-}
-
-func (c *capsV1) StringCap(which CapType) (ret string) {
-	return mkStringCap(c, which)
-}
-
-func (c *capsV1) String() (ret string) {
-	return mkString(c, BOUNDING)
-}
-
-func (c *capsV1) Load() (err error) {
-	return capget(&c.hdr, &c.data)
-}
-
-func (c *capsV1) Apply(kind CapType) error {
-	if kind&CAPS == CAPS {
-		return capset(&c.hdr, &c.data)
-	}
-	return nil
-}
-
-type capsV3 struct {
-	hdr    capHeader
-	data   [2]capData
-	bounds [2]uint32
-}
-
-func (c *capsV3) Get(which CapType, what Cap) bool {
-	var i uint
-	if what > 31 {
-		i = uint(what) >> 5
-		what %= 32
-	}
-
-	switch which {
-	case EFFECTIVE:
-		return (1<<uint(what))&c.data[i].effective != 0
-	case PERMITTED:
-		return (1<<uint(what))&c.data[i].permitted != 0
-	case INHERITABLE:
-		return (1<<uint(what))&c.data[i].inheritable != 0
-	case BOUNDING:
-		return (1<<uint(what))&c.bounds[i] != 0
-	}
-
-	return false
-}
-
-func (c *capsV3) getData(which CapType, dest []uint32) {
-	switch which {
-	case EFFECTIVE:
-		dest[0] = c.data[0].effective
-		dest[1] = c.data[1].effective
-	case PERMITTED:
-		dest[0] = c.data[0].permitted
-		dest[1] = c.data[1].permitted
-	case INHERITABLE:
-		dest[0] = c.data[0].inheritable
-		dest[1] = c.data[1].inheritable
-	case BOUNDING:
-		dest[0] = c.bounds[0]
-		dest[1] = c.bounds[1]
-	}
-}
-
-func (c *capsV3) Empty(which CapType) bool {
-	var data [2]uint32
-	c.getData(which, data[:])
-	return data[0] == 0 && data[1] == 0
-}
-
-func (c *capsV3) Full(which CapType) bool {
-	var data [2]uint32
-	c.getData(which, data[:])
-	if (data[0] & 0xffffffff) != 0xffffffff {
-		return false
-	}
-	return (data[1] & capUpperMask) == capUpperMask
-}
-
-func (c *capsV3) Set(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		var i uint
-		if what > 31 {
-			i = uint(what) >> 5
-			what %= 32
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data[i].effective |= 1 << uint(what)
-		}
-		if which&PERMITTED != 0 {
-			c.data[i].permitted |= 1 << uint(what)
-		}
-		if which&INHERITABLE != 0 {
-			c.data[i].inheritable |= 1 << uint(what)
-		}
-		if which&BOUNDING != 0 {
-			c.bounds[i] |= 1 << uint(what)
-		}
-	}
-}
-
-func (c *capsV3) Unset(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		var i uint
-		if what > 31 {
-			i = uint(what) >> 5
-			what %= 32
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data[i].effective &= ^(1 << uint(what))
-		}
-		if which&PERMITTED != 0 {
-			c.data[i].permitted &= ^(1 << uint(what))
-		}
-		if which&INHERITABLE != 0 {
-			c.data[i].inheritable &= ^(1 << uint(what))
-		}
-		if which&BOUNDING != 0 {
-			c.bounds[i] &= ^(1 << uint(what))
-		}
-	}
-}
-
-func (c *capsV3) Fill(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data[0].effective = 0xffffffff
-		c.data[0].permitted = 0xffffffff
-		c.data[0].inheritable = 0
-		c.data[1].effective = 0xffffffff
-		c.data[1].permitted = 0xffffffff
-		c.data[1].inheritable = 0
-	}
-
-	if kind&BOUNDS == BOUNDS {
-		c.bounds[0] = 0xffffffff
-		c.bounds[1] = 0xffffffff
-	}
-}
-
-func (c *capsV3) Clear(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data[0].effective = 0
-		c.data[0].permitted = 0
-		c.data[0].inheritable = 0
-		c.data[1].effective = 0
-		c.data[1].permitted = 0
-		c.data[1].inheritable = 0
-	}
-
-	if kind&BOUNDS == BOUNDS {
-		c.bounds[0] = 0
-		c.bounds[1] = 0
-	}
-}
-
-func (c *capsV3) StringCap(which CapType) (ret string) {
-	return mkStringCap(c, which)
-}
-
-func (c *capsV3) String() (ret string) {
-	return mkString(c, BOUNDING)
-}
-
-func (c *capsV3) Load() (err error) {
-	err = capget(&c.hdr, &c.data[0])
-	if err != nil {
-		return
-	}
-
-	var status_path string
-
-	if c.hdr.pid == 0 {
-		status_path = fmt.Sprintf("/proc/self/status")
-	} else {
-		status_path = fmt.Sprintf("/proc/%d/status", c.hdr.pid)
-	}
-
-	f, err := os.Open(status_path)
-	if err != nil {
-		return
-	}
-	b := bufio.NewReader(f)
-	for {
-		line, e := b.ReadString('\n')
-		if e != nil {
-			if e != io.EOF {
-				err = e
-			}
-			break
-		}
-		if strings.HasPrefix(line, "CapB") {
-			fmt.Sscanf(line[4:], "nd:  %08x%08x", &c.bounds[1], &c.bounds[0])
-			break
-		}
-	}
-	f.Close()
-
-	return
-}
-
-func (c *capsV3) Apply(kind CapType) (err error) {
-	if kind&BOUNDS == BOUNDS {
-		var data [2]capData
-		err = capget(&c.hdr, &data[0])
-		if err != nil {
-			return
-		}
-		if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {
-			for i := Cap(0); i <= CAP_LAST_CAP; i++ {
-				if c.Get(BOUNDING, i) {
-					continue
-				}
-				err = prctl(syscall.PR_CAPBSET_DROP, uintptr(i), 0, 0, 0)
-				if err != nil {
-					// Ignore EINVAL since the capability may not be supported in this system.
-					if errno, ok := err.(syscall.Errno); ok && errno == syscall.EINVAL {
-						err = nil
-						continue
-					}
-					return
-				}
-			}
-		}
-	}
-
-	if kind&CAPS == CAPS {
-		return capset(&c.hdr, &c.data[0])
-	}
-
-	return
-}
-
-func newFile(path string) (c Capabilities, err error) {
-	c = &capsFile{path: path}
-	err = c.Load()
-	if err != nil {
-		c = nil
-	}
-	return
-}
-
-type capsFile struct {
-	path string
-	data vfscapData
-}
-
-func (c *capsFile) Get(which CapType, what Cap) bool {
-	var i uint
-	if what > 31 {
-		if c.data.version == 1 {
-			return false
-		}
-		i = uint(what) >> 5
-		what %= 32
-	}
-
-	switch which {
-	case EFFECTIVE:
-		return (1<<uint(what))&c.data.effective[i] != 0
-	case PERMITTED:
-		return (1<<uint(what))&c.data.data[i].permitted != 0
-	case INHERITABLE:
-		return (1<<uint(what))&c.data.data[i].inheritable != 0
-	}
-
-	return false
-}
-
-func (c *capsFile) getData(which CapType, dest []uint32) {
-	switch which {
-	case EFFECTIVE:
-		dest[0] = c.data.effective[0]
-		dest[1] = c.data.effective[1]
-	case PERMITTED:
-		dest[0] = c.data.data[0].permitted
-		dest[1] = c.data.data[1].permitted
-	case INHERITABLE:
-		dest[0] = c.data.data[0].inheritable
-		dest[1] = c.data.data[1].inheritable
-	}
-}
-
-func (c *capsFile) Empty(which CapType) bool {
-	var data [2]uint32
-	c.getData(which, data[:])
-	return data[0] == 0 && data[1] == 0
-}
-
-func (c *capsFile) Full(which CapType) bool {
-	var data [2]uint32
-	c.getData(which, data[:])
-	if c.data.version == 0 {
-		return (data[0] & 0x7fffffff) == 0x7fffffff
-	}
-	if (data[0] & 0xffffffff) != 0xffffffff {
-		return false
-	}
-	return (data[1] & capUpperMask) == capUpperMask
-}
-
-func (c *capsFile) Set(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		var i uint
-		if what > 31 {
-			if c.data.version == 1 {
-				continue
-			}
-			i = uint(what) >> 5
-			what %= 32
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data.effective[i] |= 1 << uint(what)
-		}
-		if which&PERMITTED != 0 {
-			c.data.data[i].permitted |= 1 << uint(what)
-		}
-		if which&INHERITABLE != 0 {
-			c.data.data[i].inheritable |= 1 << uint(what)
-		}
-	}
-}
-
-func (c *capsFile) Unset(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		var i uint
-		if what > 31 {
-			if c.data.version == 1 {
-				continue
-			}
-			i = uint(what) >> 5
-			what %= 32
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data.effective[i] &= ^(1 << uint(what))
-		}
-		if which&PERMITTED != 0 {
-			c.data.data[i].permitted &= ^(1 << uint(what))
-		}
-		if which&INHERITABLE != 0 {
-			c.data.data[i].inheritable &= ^(1 << uint(what))
-		}
-	}
-}
-
-func (c *capsFile) Fill(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data.effective[0] = 0xffffffff
-		c.data.data[0].permitted = 0xffffffff
-		c.data.data[0].inheritable = 0
-		if c.data.version == 2 {
-			c.data.effective[1] = 0xffffffff
-			c.data.data[1].permitted = 0xffffffff
-			c.data.data[1].inheritable = 0
-		}
-	}
-}
-
-func (c *capsFile) Clear(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data.effective[0] = 0
-		c.data.data[0].permitted = 0
-		c.data.data[0].inheritable = 0
-		if c.data.version == 2 {
-			c.data.effective[1] = 0
-			c.data.data[1].permitted = 0
-			c.data.data[1].inheritable = 0
-		}
-	}
-}
-
-func (c *capsFile) StringCap(which CapType) (ret string) {
-	return mkStringCap(c, which)
-}
-
-func (c *capsFile) String() (ret string) {
-	return mkString(c, INHERITABLE)
-}
-
-func (c *capsFile) Load() (err error) {
-	return getVfsCap(c.path, &c.data)
-}
-
-func (c *capsFile) Apply(kind CapType) (err error) {
-	if kind&CAPS == CAPS {
-		return setVfsCap(c.path, &c.data)
-	}
-	return
-}
diff --git a/vendor/github.com/syndtr/gocapability/capability/capability_noop.go b/vendor/github.com/syndtr/gocapability/capability/capability_noop.go
deleted file mode 100644
index 9bb3070c5ec5a..0000000000000
--- a/vendor/github.com/syndtr/gocapability/capability/capability_noop.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// +build !linux
-
-package capability
-
-import "errors"
-
-func newPid(pid int) (Capabilities, error) {
-	return nil, errors.New("not supported")
-}
-
-func newFile(path string) (Capabilities, error) {
-	return nil, errors.New("not supported")
-}
diff --git a/vendor/github.com/syndtr/gocapability/capability/enum.go b/vendor/github.com/syndtr/gocapability/capability/enum.go
deleted file mode 100644
index fd0ce7fe8ee89..0000000000000
--- a/vendor/github.com/syndtr/gocapability/capability/enum.go
+++ /dev/null
@@ -1,264 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package capability
-
-type CapType uint
-
-func (c CapType) String() string {
-	switch c {
-	case EFFECTIVE:
-		return "effective"
-	case PERMITTED:
-		return "permitted"
-	case INHERITABLE:
-		return "inheritable"
-	case BOUNDING:
-		return "bounding"
-	case CAPS:
-		return "caps"
-	}
-	return "unknown"
-}
-
-const (
-	EFFECTIVE CapType = 1 << iota
-	PERMITTED
-	INHERITABLE
-	BOUNDING
-
-	CAPS   = EFFECTIVE | PERMITTED | INHERITABLE
-	BOUNDS = BOUNDING
-)
-
-//go:generate go run enumgen/gen.go
-type Cap int
-
-// POSIX-draft defined capabilities.
-const (
-	// In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
-	// overrides the restriction of changing file ownership and group
-	// ownership.
-	CAP_CHOWN = Cap(0)
-
-	// Override all DAC access, including ACL execute access if
-	// [_POSIX_ACL] is defined. Excluding DAC access covered by
-	// CAP_LINUX_IMMUTABLE.
-	CAP_DAC_OVERRIDE = Cap(1)
-
-	// Overrides all DAC restrictions regarding read and search on files
-	// and directories, including ACL restrictions if [_POSIX_ACL] is
-	// defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
-	CAP_DAC_READ_SEARCH = Cap(2)
-
-	// Overrides all restrictions about allowed operations on files, where
-	// file owner ID must be equal to the user ID, except where CAP_FSETID
-	// is applicable. It doesn't override MAC and DAC restrictions.
-	CAP_FOWNER = Cap(3)
-
-	// Overrides the following restrictions that the effective user ID
-	// shall match the file owner ID when setting the S_ISUID and S_ISGID
-	// bits on that file; that the effective group ID (or one of the
-	// supplementary group IDs) shall match the file owner ID when setting
-	// the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
-	// cleared on successful return from chown(2) (not implemented).
-	CAP_FSETID = Cap(4)
-
-	// Overrides the restriction that the real or effective user ID of a
-	// process sending a signal must match the real or effective user ID
-	// of the process receiving the signal.
-	CAP_KILL = Cap(5)
-
-	// Allows setgid(2) manipulation
-	// Allows setgroups(2)
-	// Allows forged gids on socket credentials passing.
-	CAP_SETGID = Cap(6)
-
-	// Allows set*uid(2) manipulation (including fsuid).
-	// Allows forged pids on socket credentials passing.
-	CAP_SETUID = Cap(7)
-
-	// Linux-specific capabilities
-
-	// Without VFS support for capabilities:
-	//   Transfer any capability in your permitted set to any pid,
-	//   remove any capability in your permitted set from any pid
-	// With VFS support for capabilities (neither of above, but)
-	//   Add any capability from current's capability bounding set
-	//     to the current process' inheritable set
-	//   Allow taking bits out of capability bounding set
-	//   Allow modification of the securebits for a process
-	CAP_SETPCAP = Cap(8)
-
-	// Allow modification of S_IMMUTABLE and S_APPEND file attributes
-	CAP_LINUX_IMMUTABLE = Cap(9)
-
-	// Allows binding to TCP/UDP sockets below 1024
-	// Allows binding to ATM VCIs below 32
-	CAP_NET_BIND_SERVICE = Cap(10)
-
-	// Allow broadcasting, listen to multicast
-	CAP_NET_BROADCAST = Cap(11)
-
-	// Allow interface configuration
-	// Allow administration of IP firewall, masquerading and accounting
-	// Allow setting debug option on sockets
-	// Allow modification of routing tables
-	// Allow setting arbitrary process / process group ownership on
-	// sockets
-	// Allow binding to any address for transparent proxying (also via NET_RAW)
-	// Allow setting TOS (type of service)
-	// Allow setting promiscuous mode
-	// Allow clearing driver statistics
-	// Allow multicasting
-	// Allow read/write of device-specific registers
-	// Allow activation of ATM control sockets
-	CAP_NET_ADMIN = Cap(12)
-
-	// Allow use of RAW sockets
-	// Allow use of PACKET sockets
-	// Allow binding to any address for transparent proxying (also via NET_ADMIN)
-	CAP_NET_RAW = Cap(13)
-
-	// Allow locking of shared memory segments
-	// Allow mlock and mlockall (which doesn't really have anything to do
-	// with IPC)
-	CAP_IPC_LOCK = Cap(14)
-
-	// Override IPC ownership checks
-	CAP_IPC_OWNER = Cap(15)
-
-	// Insert and remove kernel modules - modify kernel without limit
-	CAP_SYS_MODULE = Cap(16)
-
-	// Allow ioperm/iopl access
-	// Allow sending USB messages to any device via /proc/bus/usb
-	CAP_SYS_RAWIO = Cap(17)
-
-	// Allow use of chroot()
-	CAP_SYS_CHROOT = Cap(18)
-
-	// Allow ptrace() of any process
-	CAP_SYS_PTRACE = Cap(19)
-
-	// Allow configuration of process accounting
-	CAP_SYS_PACCT = Cap(20)
-
-	// Allow configuration of the secure attention key
-	// Allow administration of the random device
-	// Allow examination and configuration of disk quotas
-	// Allow setting the domainname
-	// Allow setting the hostname
-	// Allow calling bdflush()
-	// Allow mount() and umount(), setting up new smb connection
-	// Allow some autofs root ioctls
-	// Allow nfsservctl
-	// Allow VM86_REQUEST_IRQ
-	// Allow to read/write pci config on alpha
-	// Allow irix_prctl on mips (setstacksize)
-	// Allow flushing all cache on m68k (sys_cacheflush)
-	// Allow removing semaphores
-	// Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
-	// and shared memory
-	// Allow locking/unlocking of shared memory segment
-	// Allow turning swap on/off
-	// Allow forged pids on socket credentials passing
-	// Allow setting readahead and flushing buffers on block devices
-	// Allow setting geometry in floppy driver
-	// Allow turning DMA on/off in xd driver
-	// Allow administration of md devices (mostly the above, but some
-	// extra ioctls)
-	// Allow tuning the ide driver
-	// Allow access to the nvram device
-	// Allow administration of apm_bios, serial and bttv (TV) device
-	// Allow manufacturer commands in isdn CAPI support driver
-	// Allow reading non-standardized portions of pci configuration space
-	// Allow DDI debug ioctl on sbpcd driver
-	// Allow setting up serial ports
-	// Allow sending raw qic-117 commands
-	// Allow enabling/disabling tagged queuing on SCSI controllers and sending
-	// arbitrary SCSI commands
-	// Allow setting encryption key on loopback filesystem
-	// Allow setting zone reclaim policy
-	CAP_SYS_ADMIN = Cap(21)
-
-	// Allow use of reboot()
-	CAP_SYS_BOOT = Cap(22)
-
-	// Allow raising priority and setting priority on other (different
-	// UID) processes
-	// Allow use of FIFO and round-robin (realtime) scheduling on own
-	// processes and setting the scheduling algorithm used by another
-	// process.
-	// Allow setting cpu affinity on other processes
-	CAP_SYS_NICE = Cap(23)
-
-	// Override resource limits. Set resource limits.
-	// Override quota limits.
-	// Override reserved space on ext2 filesystem
-	// Modify data journaling mode on ext3 filesystem (uses journaling
-	// resources)
-	// NOTE: ext2 honors fsuid when checking for resource overrides, so
-	// you can override using fsuid too
-	// Override size restrictions on IPC message queues
-	// Allow more than 64hz interrupts from the real-time clock
-	// Override max number of consoles on console allocation
-	// Override max number of keymaps
-	CAP_SYS_RESOURCE = Cap(24)
-
-	// Allow manipulation of system clock
-	// Allow irix_stime on mips
-	// Allow setting the real-time clock
-	CAP_SYS_TIME = Cap(25)
-
-	// Allow configuration of tty devices
-	// Allow vhangup() of tty
-	CAP_SYS_TTY_CONFIG = Cap(26)
-
-	// Allow the privileged aspects of mknod()
-	CAP_MKNOD = Cap(27)
-
-	// Allow taking of leases on files
-	CAP_LEASE = Cap(28)
-
-	CAP_AUDIT_WRITE   = Cap(29)
-	CAP_AUDIT_CONTROL = Cap(30)
-	CAP_SETFCAP       = Cap(31)
-
-	// Override MAC access.
-	// The base kernel enforces no MAC policy.
-	// An LSM may enforce a MAC policy, and if it does and it chooses
-	// to implement capability based overrides of that policy, this is
-	// the capability it should use to do so.
-	CAP_MAC_OVERRIDE = Cap(32)
-
-	// Allow MAC configuration or state changes.
-	// The base kernel requires no MAC configuration.
-	// An LSM may enforce a MAC policy, and if it does and it chooses
-	// to implement capability based checks on modifications to that
-	// policy or the data required to maintain it, this is the
-	// capability it should use to do so.
-	CAP_MAC_ADMIN = Cap(33)
-
-	// Allow configuring the kernel's syslog (printk behaviour)
-	CAP_SYSLOG = Cap(34)
-
-	// Allow triggering something that will wake the system
-	CAP_WAKE_ALARM = Cap(35)
-
-	// Allow preventing system suspends
-	CAP_BLOCK_SUSPEND = Cap(36)
-
-	// Allow reading audit messages from the kernel
-	CAP_AUDIT_READ = Cap(37)
-)
-
-var (
-	// Highest valid capability of the running kernel.
-	CAP_LAST_CAP = Cap(63)
-
-	capUpperMask = ^uint32(0)
-)
diff --git a/vendor/github.com/syndtr/gocapability/capability/enum_gen.go b/vendor/github.com/syndtr/gocapability/capability/enum_gen.go
deleted file mode 100644
index b9e6d2d5e1ee5..0000000000000
--- a/vendor/github.com/syndtr/gocapability/capability/enum_gen.go
+++ /dev/null
@@ -1,129 +0,0 @@
-// generated file; DO NOT EDIT - use go generate in directory with source
-
-package capability
-
-func (c Cap) String() string {
-	switch c {
-	case CAP_CHOWN:
-		return "chown"
-	case CAP_DAC_OVERRIDE:
-		return "dac_override"
-	case CAP_DAC_READ_SEARCH:
-		return "dac_read_search"
-	case CAP_FOWNER:
-		return "fowner"
-	case CAP_FSETID:
-		return "fsetid"
-	case CAP_KILL:
-		return "kill"
-	case CAP_SETGID:
-		return "setgid"
-	case CAP_SETUID:
-		return "setuid"
-	case CAP_SETPCAP:
-		return "setpcap"
-	case CAP_LINUX_IMMUTABLE:
-		return "linux_immutable"
-	case CAP_NET_BIND_SERVICE:
-		return "net_bind_service"
-	case CAP_NET_BROADCAST:
-		return "net_broadcast"
-	case CAP_NET_ADMIN:
-		return "net_admin"
-	case CAP_NET_RAW:
-		return "net_raw"
-	case CAP_IPC_LOCK:
-		return "ipc_lock"
-	case CAP_IPC_OWNER:
-		return "ipc_owner"
-	case CAP_SYS_MODULE:
-		return "sys_module"
-	case CAP_SYS_RAWIO:
-		return "sys_rawio"
-	case CAP_SYS_CHROOT:
-		return "sys_chroot"
-	case CAP_SYS_PTRACE:
-		return "sys_ptrace"
-	case CAP_SYS_PACCT:
-		return "sys_pacct"
-	case CAP_SYS_ADMIN:
-		return "sys_admin"
-	case CAP_SYS_BOOT:
-		return "sys_boot"
-	case CAP_SYS_NICE:
-		return "sys_nice"
-	case CAP_SYS_RESOURCE:
-		return "sys_resource"
-	case CAP_SYS_TIME:
-		return "sys_time"
-	case CAP_SYS_TTY_CONFIG:
-		return "sys_tty_config"
-	case CAP_MKNOD:
-		return "mknod"
-	case CAP_LEASE:
-		return "lease"
-	case CAP_AUDIT_WRITE:
-		return "audit_write"
-	case CAP_AUDIT_CONTROL:
-		return "audit_control"
-	case CAP_SETFCAP:
-		return "setfcap"
-	case CAP_MAC_OVERRIDE:
-		return "mac_override"
-	case CAP_MAC_ADMIN:
-		return "mac_admin"
-	case CAP_SYSLOG:
-		return "syslog"
-	case CAP_WAKE_ALARM:
-		return "wake_alarm"
-	case CAP_BLOCK_SUSPEND:
-		return "block_suspend"
-	case CAP_AUDIT_READ:
-		return "audit_read"
-	}
-	return "unknown"
-}
-
-// List returns list of all supported capabilities
-func List() []Cap {
-	return []Cap{
-		CAP_CHOWN,
-		CAP_DAC_OVERRIDE,
-		CAP_DAC_READ_SEARCH,
-		CAP_FOWNER,
-		CAP_FSETID,
-		CAP_KILL,
-		CAP_SETGID,
-		CAP_SETUID,
-		CAP_SETPCAP,
-		CAP_LINUX_IMMUTABLE,
-		CAP_NET_BIND_SERVICE,
-		CAP_NET_BROADCAST,
-		CAP_NET_ADMIN,
-		CAP_NET_RAW,
-		CAP_IPC_LOCK,
-		CAP_IPC_OWNER,
-		CAP_SYS_MODULE,
-		CAP_SYS_RAWIO,
-		CAP_SYS_CHROOT,
-		CAP_SYS_PTRACE,
-		CAP_SYS_PACCT,
-		CAP_SYS_ADMIN,
-		CAP_SYS_BOOT,
-		CAP_SYS_NICE,
-		CAP_SYS_RESOURCE,
-		CAP_SYS_TIME,
-		CAP_SYS_TTY_CONFIG,
-		CAP_MKNOD,
-		CAP_LEASE,
-		CAP_AUDIT_WRITE,
-		CAP_AUDIT_CONTROL,
-		CAP_SETFCAP,
-		CAP_MAC_OVERRIDE,
-		CAP_MAC_ADMIN,
-		CAP_SYSLOG,
-		CAP_WAKE_ALARM,
-		CAP_BLOCK_SUSPEND,
-		CAP_AUDIT_READ,
-	}
-}
diff --git a/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go b/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go
deleted file mode 100644
index dd6f4540650b3..0000000000000
--- a/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go
+++ /dev/null
@@ -1,145 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package capability
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-type capHeader struct {
-	version uint32
-	pid     int
-}
-
-type capData struct {
-	effective   uint32
-	permitted   uint32
-	inheritable uint32
-}
-
-func capget(hdr *capHeader, data *capData) (err error) {
-	_, _, e1 := syscall.Syscall(syscall.SYS_CAPGET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-func capset(hdr *capHeader, data *capData) (err error) {
-	_, _, e1 := syscall.Syscall(syscall.SYS_CAPSET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-func prctl(option int, arg2, arg3, arg4, arg5 uintptr) (err error) {
-	_, _, e1 := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-const (
-	vfsXattrName = "security.capability"
-
-	vfsCapVerMask = 0xff000000
-	vfsCapVer1    = 0x01000000
-	vfsCapVer2    = 0x02000000
-
-	vfsCapFlagMask      = ^vfsCapVerMask
-	vfsCapFlageffective = 0x000001
-
-	vfscapDataSizeV1 = 4 * (1 + 2*1)
-	vfscapDataSizeV2 = 4 * (1 + 2*2)
-)
-
-type vfscapData struct {
-	magic uint32
-	data  [2]struct {
-		permitted   uint32
-		inheritable uint32
-	}
-	effective [2]uint32
-	version   int8
-}
-
-var (
-	_vfsXattrName *byte
-)
-
-func init() {
-	_vfsXattrName, _ = syscall.BytePtrFromString(vfsXattrName)
-}
-
-func getVfsCap(path string, dest *vfscapData) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(dest)), vfscapDataSizeV2, 0, 0)
-	if e1 != 0 {
-		if e1 == syscall.ENODATA {
-			dest.version = 2
-			return
-		}
-		err = e1
-	}
-	switch dest.magic & vfsCapVerMask {
-	case vfsCapVer1:
-		dest.version = 1
-		if r0 != vfscapDataSizeV1 {
-			return syscall.EINVAL
-		}
-		dest.data[1].permitted = 0
-		dest.data[1].inheritable = 0
-	case vfsCapVer2:
-		dest.version = 2
-		if r0 != vfscapDataSizeV2 {
-			return syscall.EINVAL
-		}
-	default:
-		return syscall.EINVAL
-	}
-	if dest.magic&vfsCapFlageffective != 0 {
-		dest.effective[0] = dest.data[0].permitted | dest.data[0].inheritable
-		dest.effective[1] = dest.data[1].permitted | dest.data[1].inheritable
-	} else {
-		dest.effective[0] = 0
-		dest.effective[1] = 0
-	}
-	return
-}
-
-func setVfsCap(path string, data *vfscapData) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var size uintptr
-	if data.version == 1 {
-		data.magic = vfsCapVer1
-		size = vfscapDataSizeV1
-	} else if data.version == 2 {
-		data.magic = vfsCapVer2
-		if data.effective[0] != 0 || data.effective[1] != 0 {
-			data.magic |= vfsCapFlageffective
-		}
-		size = vfscapDataSizeV2
-	} else {
-		return syscall.EINVAL
-	}
-	_, _, e1 := syscall.Syscall6(syscall.SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(data)), size, 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/github.com/tchap/go-patricia/README.md b/vendor/github.com/tchap/go-patricia/README.md
index d9cbf624f3f7a..e936d18390d53 100644
--- a/vendor/github.com/tchap/go-patricia/README.md
+++ b/vendor/github.com/tchap/go-patricia/README.md
@@ -1,8 +1,6 @@
 # go-patricia #
 
 **Documentation**: [GoDoc](http://godoc.org/github.com/tchap/go-patricia/patricia)<br />
-**Build Status**: [![Build
-Status](https://drone.io/github.com/tchap/go-patricia/status.png)](https://drone.io/github.com/tchap/go-patricia/latest)<br />
 **Test Coverage**: [![Coverage
 Status](https://coveralls.io/repos/tchap/go-patricia/badge.png)](https://coveralls.io/r/tchap/go-patricia)
 
@@ -117,7 +115,3 @@ MIT, check the `LICENSE` file.
 [![Gittip
 Badge](http://img.shields.io/gittip/alanhamlett.png)](https://www.gittip.com/tchap/
 "Gittip Badge")
-
-[![Bitdeli
-Badge](https://d2weczhvl823v0.cloudfront.net/tchap/go-patricia/trend.png)](https://bitdeli.com/free
-"Bitdeli Badge")
diff --git a/vendor/github.com/tchap/go-patricia/patricia/children.go b/vendor/github.com/tchap/go-patricia/patricia/children.go
index a5677c3352198..bcfd0a5dd0491 100644
--- a/vendor/github.com/tchap/go-patricia/patricia/children.go
+++ b/vendor/github.com/tchap/go-patricia/patricia/children.go
@@ -20,6 +20,7 @@ type childList interface {
 	next(b byte) *Trie
 	walk(prefix *Prefix, visitor VisitorFunc) error
 	print(w io.Writer, indent int)
+	clone() childList
 	total() int
 }
 
@@ -143,6 +144,17 @@ func (list *sparseChildList) total() int {
 	return tot
 }
 
+func (list *sparseChildList) clone() childList {
+	clones := make(tries, len(list.children), cap(list.children))
+	for i, child := range list.children {
+		clones[i] = child.Clone()
+	}
+
+	return &sparseChildList{
+		children: clones,
+	}
+}
+
 func (list *sparseChildList) print(w io.Writer, indent int) {
 	for _, child := range list.children {
 		if child != nil {
@@ -314,6 +326,32 @@ func (list *denseChildList) print(w io.Writer, indent int) {
 	}
 }
 
+func (list *denseChildList) clone() childList {
+	clones := make(tries, cap(list.children))
+
+	if list.numChildren != 0 {
+		clonedCount := 0
+		for i := list.headIndex; i < len(list.children); i++ {
+			child := list.children[i]
+			if child != nil {
+				clones[i] = child.Clone()
+				clonedCount++
+				if clonedCount == list.numChildren {
+					break
+				}
+			}
+		}
+	}
+
+	return &denseChildList{
+		min:         list.min,
+		max:         list.max,
+		numChildren: list.numChildren,
+		headIndex:   list.headIndex,
+		children:    clones,
+	}
+}
+
 func (list *denseChildList) total() int {
 	tot := 0
 	for _, child := range list.children {
diff --git a/vendor/github.com/tchap/go-patricia/patricia/patricia.go b/vendor/github.com/tchap/go-patricia/patricia/patricia.go
index a1fc53d5db049..7b9975e3837fa 100644
--- a/vendor/github.com/tchap/go-patricia/patricia/patricia.go
+++ b/vendor/github.com/tchap/go-patricia/patricia/patricia.go
@@ -77,6 +77,18 @@ func MaxChildrenPerSparseNode(value int) Option {
 	}
 }
 
+// Clone makes a copy of an existing trie.
+// Items stored in both tries become shared, obviously.
+func (trie *Trie) Clone() *Trie {
+	return &Trie{
+		prefix:                   append(Prefix(nil), trie.prefix...),
+		item:                     trie.item,
+		maxPrefixPerNode:         trie.maxPrefixPerNode,
+		maxChildrenPerSparseNode: trie.maxChildrenPerSparseNode,
+		children:                 trie.children.clone(),
+	}
+}
+
 // Item returns the item stored in the root of this trie.
 func (trie *Trie) Item() Item {
 	return trie.item
diff --git a/vendor/github.com/tinylib/msgp/msgp/appengine.go b/vendor/github.com/tinylib/msgp/msgp/appengine.go
deleted file mode 100644
index bff9e768ab9f0..0000000000000
--- a/vendor/github.com/tinylib/msgp/msgp/appengine.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// +build appengine
-
-package msgp
-
-// let's just assume appengine
-// uses 64-bit hardware...
-const smallint = false
-
-func UnsafeString(b []byte) string {
-	return string(b)
-}
-
-func UnsafeBytes(s string) []byte {
-	return []byte(s)
-}
diff --git a/vendor/github.com/tinylib/msgp/msgp/edit.go b/vendor/github.com/tinylib/msgp/msgp/edit.go
index 41f9298646426..b473a6f66861c 100644
--- a/vendor/github.com/tinylib/msgp/msgp/edit.go
+++ b/vendor/github.com/tinylib/msgp/msgp/edit.go
@@ -198,6 +198,7 @@ func resizeMap(raw []byte, delta int64) []byte {
 		if cap(raw)-len(raw) >= 2 {
 			raw = raw[0 : len(raw)+2]
 			copy(raw[5:], raw[3:])
+			raw[0] = mmap32
 			big.PutUint32(raw[1:], uint32(sz+delta))
 			return raw
 		}
diff --git a/vendor/github.com/tinylib/msgp/msgp/errors.go b/vendor/github.com/tinylib/msgp/msgp/errors.go
index 5c24f27103887..cc78a980c62ac 100644
--- a/vendor/github.com/tinylib/msgp/msgp/errors.go
+++ b/vendor/github.com/tinylib/msgp/msgp/errors.go
@@ -5,6 +5,8 @@ import (
 	"reflect"
 )
 
+const resumableDefault = false
+
 var (
 	// ErrShortBytes is returned when the
 	// slice being decoded is too short to
@@ -26,84 +28,240 @@ type Error interface {
 	// Resumable returns whether
 	// or not the error means that
 	// the stream of data is malformed
-	// and  the information is unrecoverable.
+	// and the information is unrecoverable.
 	Resumable() bool
 }
 
+// contextError allows msgp Error instances to be enhanced with additional
+// context about their origin.
+type contextError interface {
+	Error
+
+	// withContext must not modify the error instance - it must clone and
+	// return a new error with the context added.
+	withContext(ctx string) error
+}
+
+// Cause returns the underlying cause of an error that has been wrapped
+// with additional context.
+func Cause(e error) error {
+	out := e
+	if e, ok := e.(errWrapped); ok && e.cause != nil {
+		out = e.cause
+	}
+	return out
+}
+
+// Resumable returns whether or not the error means that the stream of data is
+// malformed and the information is unrecoverable.
+func Resumable(e error) bool {
+	if e, ok := e.(Error); ok {
+		return e.Resumable()
+	}
+	return resumableDefault
+}
+
+// WrapError wraps an error with additional context that allows the part of the
+// serialized type that caused the problem to be identified. Underlying errors
+// can be retrieved using Cause()
+//
+// The input error is not modified - a new error should be returned.
+//
+// ErrShortBytes is not wrapped with any context due to backward compatibility
+// issues with the public API.
+//
+func WrapError(err error, ctx ...interface{}) error {
+	switch e := err.(type) {
+	case errShort:
+		return e
+	case contextError:
+		return e.withContext(ctxString(ctx))
+	default:
+		return errWrapped{cause: err, ctx: ctxString(ctx)}
+	}
+}
+
+// ctxString converts the incoming interface{} slice into a single string.
+func ctxString(ctx []interface{}) string {
+	out := ""
+	for idx, cv := range ctx {
+		if idx > 0 {
+			out += "/"
+		}
+		out += fmt.Sprintf("%v", cv)
+	}
+	return out
+}
+
+func addCtx(ctx, add string) string {
+	if ctx != "" {
+		return add + "/" + ctx
+	} else {
+		return add
+	}
+}
+
+// errWrapped allows arbitrary errors passed to WrapError to be enhanced with
+// context and unwrapped with Cause()
+type errWrapped struct {
+	cause error
+	ctx   string
+}
+
+func (e errWrapped) Error() string {
+	if e.ctx != "" {
+		return fmt.Sprintf("%s at %s", e.cause, e.ctx)
+	} else {
+		return e.cause.Error()
+	}
+}
+
+func (e errWrapped) Resumable() bool {
+	if e, ok := e.cause.(Error); ok {
+		return e.Resumable()
+	}
+	return resumableDefault
+}
+
 type errShort struct{}
 
 func (e errShort) Error() string   { return "msgp: too few bytes left to read object" }
 func (e errShort) Resumable() bool { return false }
 
-type errFatal struct{}
+type errFatal struct {
+	ctx string
+}
+
+func (f errFatal) Error() string {
+	out := "msgp: fatal decoding error (unreachable code)"
+	if f.ctx != "" {
+		out += " at " + f.ctx
+	}
+	return out
+}
 
-func (f errFatal) Error() string   { return "msgp: fatal decoding error (unreachable code)" }
 func (f errFatal) Resumable() bool { return false }
 
+func (f errFatal) withContext(ctx string) error { f.ctx = addCtx(f.ctx, ctx); return f }
+
 // ArrayError is an error returned
 // when decoding a fix-sized array
 // of the wrong size
 type ArrayError struct {
 	Wanted uint32
 	Got    uint32
+	ctx    string
 }
 
 // Error implements the error interface
 func (a ArrayError) Error() string {
-	return fmt.Sprintf("msgp: wanted array of size %d; got %d", a.Wanted, a.Got)
+	out := fmt.Sprintf("msgp: wanted array of size %d; got %d", a.Wanted, a.Got)
+	if a.ctx != "" {
+		out += " at " + a.ctx
+	}
+	return out
 }
 
 // Resumable is always 'true' for ArrayErrors
 func (a ArrayError) Resumable() bool { return true }
 
+func (a ArrayError) withContext(ctx string) error { a.ctx = addCtx(a.ctx, ctx); return a }
+
 // IntOverflow is returned when a call
 // would downcast an integer to a type
 // with too few bits to hold its value.
 type IntOverflow struct {
 	Value         int64 // the value of the integer
 	FailedBitsize int   // the bit size that the int64 could not fit into
+	ctx           string
 }
 
 // Error implements the error interface
 func (i IntOverflow) Error() string {
-	return fmt.Sprintf("msgp: %d overflows int%d", i.Value, i.FailedBitsize)
+	str := fmt.Sprintf("msgp: %d overflows int%d", i.Value, i.FailedBitsize)
+	if i.ctx != "" {
+		str += " at " + i.ctx
+	}
+	return str
 }
 
 // Resumable is always 'true' for overflows
 func (i IntOverflow) Resumable() bool { return true }
 
+func (i IntOverflow) withContext(ctx string) error { i.ctx = addCtx(i.ctx, ctx); return i }
+
 // UintOverflow is returned when a call
 // would downcast an unsigned integer to a type
 // with too few bits to hold its value
 type UintOverflow struct {
 	Value         uint64 // value of the uint
 	FailedBitsize int    // the bit size that couldn't fit the value
+	ctx           string
 }
 
 // Error implements the error interface
 func (u UintOverflow) Error() string {
-	return fmt.Sprintf("msgp: %d overflows uint%d", u.Value, u.FailedBitsize)
+	str := fmt.Sprintf("msgp: %d overflows uint%d", u.Value, u.FailedBitsize)
+	if u.ctx != "" {
+		str += " at " + u.ctx
+	}
+	return str
 }
 
 // Resumable is always 'true' for overflows
 func (u UintOverflow) Resumable() bool { return true }
 
+func (u UintOverflow) withContext(ctx string) error { u.ctx = addCtx(u.ctx, ctx); return u }
+
+// UintBelowZero is returned when a call
+// would cast a signed integer below zero
+// to an unsigned integer.
+type UintBelowZero struct {
+	Value int64 // value of the incoming int
+	ctx   string
+}
+
+// Error implements the error interface
+func (u UintBelowZero) Error() string {
+	str := fmt.Sprintf("msgp: attempted to cast int %d to unsigned", u.Value)
+	if u.ctx != "" {
+		str += " at " + u.ctx
+	}
+	return str
+}
+
+// Resumable is always 'true' for overflows
+func (u UintBelowZero) Resumable() bool { return true }
+
+func (u UintBelowZero) withContext(ctx string) error {
+	u.ctx = ctx
+	return u
+}
+
 // A TypeError is returned when a particular
 // decoding method is unsuitable for decoding
 // a particular MessagePack value.
 type TypeError struct {
 	Method  Type // Type expected by method
 	Encoded Type // Type actually encoded
+
+	ctx string
 }
 
 // Error implements the error interface
 func (t TypeError) Error() string {
-	return fmt.Sprintf("msgp: attempted to decode type %q with method for %q", t.Encoded, t.Method)
+	out := fmt.Sprintf("msgp: attempted to decode type %q with method for %q", t.Encoded, t.Method)
+	if t.ctx != "" {
+		out += " at " + t.ctx
+	}
+	return out
 }
 
 // Resumable returns 'true' for TypeErrors
 func (t TypeError) Resumable() bool { return true }
 
+func (t TypeError) withContext(ctx string) error { t.ctx = addCtx(t.ctx, ctx); return t }
+
 // returns either InvalidPrefixError or
 // TypeError depending on whether or not
 // the prefix is recognized
@@ -133,10 +291,24 @@ func (i InvalidPrefixError) Resumable() bool { return false }
 // to a function that takes `interface{}`.
 type ErrUnsupportedType struct {
 	T reflect.Type
+
+	ctx string
 }
 
 // Error implements error
-func (e *ErrUnsupportedType) Error() string { return fmt.Sprintf("msgp: type %q not supported", e.T) }
+func (e *ErrUnsupportedType) Error() string {
+	out := fmt.Sprintf("msgp: type %q not supported", e.T)
+	if e.ctx != "" {
+		out += " at " + e.ctx
+	}
+	return out
+}
 
 // Resumable returns 'true' for ErrUnsupportedType
 func (e *ErrUnsupportedType) Resumable() bool { return true }
+
+func (e *ErrUnsupportedType) withContext(ctx string) error {
+	o := *e
+	o.ctx = addCtx(o.ctx, ctx)
+	return &o
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/extension.go b/vendor/github.com/tinylib/msgp/msgp/extension.go
index 588b18f95b97a..0b31dcdb7b677 100644
--- a/vendor/github.com/tinylib/msgp/msgp/extension.go
+++ b/vendor/github.com/tinylib/msgp/msgp/extension.go
@@ -445,26 +445,27 @@ func AppendExtension(b []byte, e Extension) ([]byte, error) {
 		o[n] = mfixext16
 		o[n+1] = byte(e.ExtensionType())
 		n += 2
-	}
-	switch {
-	case l < math.MaxUint8:
-		o, n = ensure(b, l+3)
-		o[n] = mext8
-		o[n+1] = byte(uint8(l))
-		o[n+2] = byte(e.ExtensionType())
-		n += 3
-	case l < math.MaxUint16:
-		o, n = ensure(b, l+4)
-		o[n] = mext16
-		big.PutUint16(o[n+1:], uint16(l))
-		o[n+3] = byte(e.ExtensionType())
-		n += 4
 	default:
-		o, n = ensure(b, l+6)
-		o[n] = mext32
-		big.PutUint32(o[n+1:], uint32(l))
-		o[n+5] = byte(e.ExtensionType())
-		n += 6
+		switch {
+		case l < math.MaxUint8:
+			o, n = ensure(b, l+3)
+			o[n] = mext8
+			o[n+1] = byte(uint8(l))
+			o[n+2] = byte(e.ExtensionType())
+			n += 3
+		case l < math.MaxUint16:
+			o, n = ensure(b, l+4)
+			o[n] = mext16
+			big.PutUint16(o[n+1:], uint16(l))
+			o[n+3] = byte(e.ExtensionType())
+			n += 4
+		default:
+			o, n = ensure(b, l+6)
+			o[n] = mext32
+			big.PutUint32(o[n+1:], uint32(l))
+			o[n+5] = byte(e.ExtensionType())
+			n += 6
+		}
 	}
 	return o, e.MarshalBinaryTo(o[n:])
 }
diff --git a/vendor/github.com/tinylib/msgp/msgp/purego.go b/vendor/github.com/tinylib/msgp/msgp/purego.go
new file mode 100644
index 0000000000000..c828f7ecad3bc
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/purego.go
@@ -0,0 +1,15 @@
+// +build purego appengine
+
+package msgp
+
+// let's just assume appengine
+// uses 64-bit hardware...
+const smallint = false
+
+func UnsafeString(b []byte) string {
+	return string(b)
+}
+
+func UnsafeBytes(s string) []byte {
+	return []byte(s)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/read.go b/vendor/github.com/tinylib/msgp/msgp/read.go
index 20cd1ef893ba9..aa668c5731001 100644
--- a/vendor/github.com/tinylib/msgp/msgp/read.go
+++ b/vendor/github.com/tinylib/msgp/msgp/read.go
@@ -583,6 +583,14 @@ func (m *Reader) ReadInt64() (i int64, err error) {
 		i = int64(getMint8(p))
 		return
 
+	case muint8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		i = int64(getMuint8(p))
+		return
+
 	case mint16:
 		p, err = m.R.Next(3)
 		if err != nil {
@@ -591,6 +599,14 @@ func (m *Reader) ReadInt64() (i int64, err error) {
 		i = int64(getMint16(p))
 		return
 
+	case muint16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		i = int64(getMuint16(p))
+		return
+
 	case mint32:
 		p, err = m.R.Next(5)
 		if err != nil {
@@ -599,6 +615,14 @@ func (m *Reader) ReadInt64() (i int64, err error) {
 		i = int64(getMint32(p))
 		return
 
+	case muint32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		i = int64(getMuint32(p))
+		return
+
 	case mint64:
 		p, err = m.R.Next(9)
 		if err != nil {
@@ -607,6 +631,19 @@ func (m *Reader) ReadInt64() (i int64, err error) {
 		i = getMint64(p)
 		return
 
+	case muint64:
+		p, err = m.R.Next(9)
+		if err != nil {
+			return
+		}
+		u := getMuint64(p)
+		if u > math.MaxInt64 {
+			err = UintOverflow{Value: u, FailedBitsize: 64}
+			return
+		}
+		i = int64(u)
+		return
+
 	default:
 		err = badPrefix(IntType, lead)
 		return
@@ -678,6 +715,19 @@ func (m *Reader) ReadUint64() (u uint64, err error) {
 		return
 	}
 	switch lead {
+	case mint8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		v := int64(getMint8(p))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		return
+
 	case muint8:
 		p, err = m.R.Next(2)
 		if err != nil {
@@ -686,6 +736,19 @@ func (m *Reader) ReadUint64() (u uint64, err error) {
 		u = uint64(getMuint8(p))
 		return
 
+	case mint16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		v := int64(getMint16(p))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		return
+
 	case muint16:
 		p, err = m.R.Next(3)
 		if err != nil {
@@ -694,6 +757,19 @@ func (m *Reader) ReadUint64() (u uint64, err error) {
 		u = uint64(getMuint16(p))
 		return
 
+	case mint32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		v := int64(getMint32(p))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		return
+
 	case muint32:
 		p, err = m.R.Next(5)
 		if err != nil {
@@ -702,6 +778,19 @@ func (m *Reader) ReadUint64() (u uint64, err error) {
 		u = uint64(getMuint32(p))
 		return
 
+	case mint64:
+		p, err = m.R.Next(9)
+		if err != nil {
+			return
+		}
+		v := int64(getMint64(p))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		return
+
 	case muint64:
 		p, err = m.R.Next(9)
 		if err != nil {
@@ -711,7 +800,11 @@ func (m *Reader) ReadUint64() (u uint64, err error) {
 		return
 
 	default:
-		err = badPrefix(UintType, lead)
+		if isnfixint(lead) {
+			err = UintBelowZero{Value: int64(rnfixint(lead))}
+		} else {
+			err = badPrefix(UintType, lead)
+		}
 		return
 
 	}
diff --git a/vendor/github.com/tinylib/msgp/msgp/read_bytes.go b/vendor/github.com/tinylib/msgp/msgp/read_bytes.go
index 78e466fc1f15f..f53f84d0130da 100644
--- a/vendor/github.com/tinylib/msgp/msgp/read_bytes.go
+++ b/vendor/github.com/tinylib/msgp/msgp/read_bytes.go
@@ -79,6 +79,9 @@ func (r *Raw) UnmarshalMsg(b []byte) ([]byte, error) {
 		return b, err
 	}
 	rlen := l - len(out)
+	if IsNil(b[:rlen]) {
+		rlen = 0
+	}
 	if cap(*r) < rlen {
 		*r = make(Raw, rlen)
 	} else {
@@ -104,7 +107,11 @@ func (r Raw) EncodeMsg(w *Writer) error {
 // next object on the wire.
 func (r *Raw) DecodeMsg(f *Reader) error {
 	*r = (*r)[:0]
-	return appendNext(f, (*[]byte)(r))
+	err := appendNext(f, (*[]byte)(r))
+	if IsNil(*r) {
+		*r = (*r)[:0]
+	}
+	return err
 }
 
 // Msgsize implements msgp.Sizer
@@ -368,6 +375,15 @@ func ReadInt64Bytes(b []byte) (i int64, o []byte, err error) {
 		o = b[2:]
 		return
 
+	case muint8:
+		if l < 2 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMuint8(b))
+		o = b[2:]
+		return
+
 	case mint16:
 		if l < 3 {
 			err = ErrShortBytes
@@ -377,6 +393,15 @@ func ReadInt64Bytes(b []byte) (i int64, o []byte, err error) {
 		o = b[3:]
 		return
 
+	case muint16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMuint16(b))
+		o = b[3:]
+		return
+
 	case mint32:
 		if l < 5 {
 			err = ErrShortBytes
@@ -386,12 +411,35 @@ func ReadInt64Bytes(b []byte) (i int64, o []byte, err error) {
 		o = b[5:]
 		return
 
+	case muint32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMuint32(b))
+		o = b[5:]
+		return
+
 	case mint64:
 		if l < 9 {
 			err = ErrShortBytes
 			return
 		}
-		i = getMint64(b)
+		i = int64(getMint64(b))
+		o = b[9:]
+		return
+
+	case muint64:
+		if l < 9 {
+			err = ErrShortBytes
+			return
+		}
+		u := getMuint64(b)
+		if u > math.MaxInt64 {
+			err = UintOverflow{Value: u, FailedBitsize: 64}
+			return
+		}
+		i = int64(u)
 		o = b[9:]
 		return
 
@@ -477,6 +525,20 @@ func ReadUint64Bytes(b []byte) (u uint64, o []byte, err error) {
 	}
 
 	switch lead {
+	case mint8:
+		if l < 2 {
+			err = ErrShortBytes
+			return
+		}
+		v := int64(getMint8(b))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		o = b[2:]
+		return
+
 	case muint8:
 		if l < 2 {
 			err = ErrShortBytes
@@ -486,6 +548,20 @@ func ReadUint64Bytes(b []byte) (u uint64, o []byte, err error) {
 		o = b[2:]
 		return
 
+	case mint16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		v := int64(getMint16(b))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		o = b[3:]
+		return
+
 	case muint16:
 		if l < 3 {
 			err = ErrShortBytes
@@ -495,6 +571,20 @@ func ReadUint64Bytes(b []byte) (u uint64, o []byte, err error) {
 		o = b[3:]
 		return
 
+	case mint32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		v := int64(getMint32(b))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		o = b[5:]
+		return
+
 	case muint32:
 		if l < 5 {
 			err = ErrShortBytes
@@ -504,6 +594,20 @@ func ReadUint64Bytes(b []byte) (u uint64, o []byte, err error) {
 		o = b[5:]
 		return
 
+	case mint64:
+		if l < 9 {
+			err = ErrShortBytes
+			return
+		}
+		v := int64(getMint64(b))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		o = b[9:]
+		return
+
 	case muint64:
 		if l < 9 {
 			err = ErrShortBytes
@@ -514,7 +618,11 @@ func ReadUint64Bytes(b []byte) (u uint64, o []byte, err error) {
 		return
 
 	default:
-		err = badPrefix(UintType, lead)
+		if isnfixint(lead) {
+			err = UintBelowZero{Value: int64(rnfixint(lead))}
+		} else {
+			err = badPrefix(UintType, lead)
+		}
 		return
 	}
 }
diff --git a/vendor/github.com/tinylib/msgp/msgp/unsafe.go b/vendor/github.com/tinylib/msgp/msgp/unsafe.go
index 4bcf32125ab03..3978b6ff6f875 100644
--- a/vendor/github.com/tinylib/msgp/msgp/unsafe.go
+++ b/vendor/github.com/tinylib/msgp/msgp/unsafe.go
@@ -1,4 +1,4 @@
-// +build !appengine
+// +build !purego,!appengine
 
 package msgp
 
diff --git a/vendor/github.com/tinylib/msgp/msgp/write.go b/vendor/github.com/tinylib/msgp/msgp/write.go
index da9099c2e9a08..fb1947c574720 100644
--- a/vendor/github.com/tinylib/msgp/msgp/write.go
+++ b/vendor/github.com/tinylib/msgp/msgp/write.go
@@ -685,7 +685,7 @@ func (mw *Writer) WriteIntf(v interface{}) error {
 	case reflect.Map:
 		return mw.writeMap(val)
 	}
-	return &ErrUnsupportedType{val.Type()}
+	return &ErrUnsupportedType{T: val.Type()}
 }
 
 func (mw *Writer) writeMap(v reflect.Value) (err error) {
diff --git a/vendor/github.com/tonistiigi/fsutil/chtimes_nolinux.go b/vendor/github.com/tonistiigi/fsutil/chtimes_nolinux.go
index cdd80ec9a73e4..a3ba09881d59f 100644
--- a/vendor/github.com/tonistiigi/fsutil/chtimes_nolinux.go
+++ b/vendor/github.com/tonistiigi/fsutil/chtimes_nolinux.go
@@ -5,16 +5,18 @@ package fsutil
 import (
 	"os"
 	"time"
+
+	"github.com/pkg/errors"
 )
 
 func chtimes(path string, un int64) error {
 	mtime := time.Unix(0, un)
 	fi, err := os.Lstat(path)
 	if err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 	if fi.Mode()&os.ModeSymlink != 0 {
 		return nil
 	}
-	return os.Chtimes(path, mtime, mtime)
+	return errors.WithStack(os.Chtimes(path, mtime, mtime))
 }
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/copy.go b/vendor/github.com/tonistiigi/fsutil/copy/copy.go
new file mode 100644
index 0000000000000..569b4ed88576b
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/copy.go
@@ -0,0 +1,581 @@
+package fs
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/containerd/continuity/fs"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/pkg/errors"
+)
+
+var bufferPool = &sync.Pool{
+	New: func() interface{} {
+		buffer := make([]byte, 32*1024)
+		return &buffer
+	},
+}
+
+func rootPath(root, p string, followLinks bool) (string, error) {
+	p = filepath.Join("/", p)
+	if p == "/" {
+		return root, nil
+	}
+	if followLinks {
+		return fs.RootPath(root, p)
+	}
+	d, f := filepath.Split(p)
+	ppath, err := fs.RootPath(root, d)
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(ppath, f), nil
+}
+
+func ResolveWildcards(root, src string, followLinks bool) ([]string, error) {
+	d1, d2 := splitWildcards(src)
+	if d2 != "" {
+		p, err := rootPath(root, d1, followLinks)
+		if err != nil {
+			return nil, err
+		}
+		matches, err := resolveWildcards(p, d2)
+		if err != nil {
+			return nil, err
+		}
+		for i, m := range matches {
+			p, err := rel(root, m)
+			if err != nil {
+				return nil, err
+			}
+			matches[i] = p
+		}
+		return matches, nil
+	}
+	return []string{d1}, nil
+}
+
+// Copy copies files using `cp -a` semantics.
+// Copy is likely unsafe to be used in non-containerized environments.
+func Copy(ctx context.Context, srcRoot, src, dstRoot, dst string, opts ...Opt) error {
+	var ci CopyInfo
+	for _, o := range opts {
+		o(&ci)
+	}
+	ensureDstPath := dst
+	if d, f := filepath.Split(dst); f != "" && f != "." {
+		ensureDstPath = d
+	}
+	if ensureDstPath != "" {
+		ensureDstPath, err := fs.RootPath(dstRoot, ensureDstPath)
+		if err != nil {
+			return err
+		}
+		if err := MkdirAll(ensureDstPath, 0755, ci.Chown, ci.Utime); err != nil {
+			return err
+		}
+	}
+
+	dst, err := fs.RootPath(dstRoot, filepath.Clean(dst))
+	if err != nil {
+		return err
+	}
+
+	c, err := newCopier(ci.Chown, ci.Utime, ci.Mode, ci.XAttrErrorHandler, ci.IncludePatterns, ci.ExcludePatterns)
+	if err != nil {
+		return err
+	}
+	srcs := []string{src}
+
+	if ci.AllowWildcards {
+		matches, err := ResolveWildcards(srcRoot, src, ci.FollowLinks)
+		if err != nil {
+			return err
+		}
+		if len(matches) == 0 {
+			return errors.Errorf("no matches found: %s", src)
+		}
+		srcs = matches
+	}
+
+	for _, src := range srcs {
+		srcFollowed, err := rootPath(srcRoot, src, ci.FollowLinks)
+		if err != nil {
+			return err
+		}
+		dst, err := c.prepareTargetDir(srcFollowed, src, dst, ci.CopyDirContents)
+		if err != nil {
+			return err
+		}
+		skipIncludePatterns := c.includePatternMatcher == nil
+		if err := c.copy(ctx, srcFollowed, "", dst, false, skipIncludePatterns); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (c *copier) prepareTargetDir(srcFollowed, src, destPath string, copyDirContents bool) (string, error) {
+	fiSrc, err := os.Lstat(srcFollowed)
+	if err != nil {
+		return "", err
+	}
+
+	fiDest, err := os.Stat(destPath)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return "", errors.Wrap(err, "failed to lstat destination path")
+		}
+	}
+
+	if (!copyDirContents && fiSrc.IsDir() && fiDest != nil) || (!fiSrc.IsDir() && fiDest != nil && fiDest.IsDir()) {
+		destPath = filepath.Join(destPath, filepath.Base(src))
+	}
+
+	target := filepath.Dir(destPath)
+
+	if copyDirContents && fiSrc.IsDir() && fiDest == nil {
+		target = destPath
+	}
+	if err := MkdirAll(target, 0755, c.chown, c.utime); err != nil {
+		return "", err
+	}
+
+	return destPath, nil
+}
+
+type User struct {
+	UID, GID int
+}
+
+type Chowner func(*User) (*User, error)
+
+type XAttrErrorHandler func(dst, src, xattrKey string, err error) error
+
+type CopyInfo struct {
+	Chown             Chowner
+	Utime             *time.Time
+	AllowWildcards    bool
+	Mode              *int
+	XAttrErrorHandler XAttrErrorHandler
+	CopyDirContents   bool
+	FollowLinks       bool
+	// Include only files/dirs matching at least one of these patterns
+	IncludePatterns []string
+	// Exclude files/dir matching any of these patterns (even if they match an include pattern)
+	ExcludePatterns []string
+}
+
+type Opt func(*CopyInfo)
+
+func WithCopyInfo(ci CopyInfo) func(*CopyInfo) {
+	return func(c *CopyInfo) {
+		*c = ci
+	}
+}
+
+func WithChown(uid, gid int) Opt {
+	return func(ci *CopyInfo) {
+		ci.Chown = func(*User) (*User, error) {
+			return &User{UID: uid, GID: gid}, nil
+		}
+	}
+}
+
+func AllowWildcards(ci *CopyInfo) {
+	ci.AllowWildcards = true
+}
+
+func WithXAttrErrorHandler(h XAttrErrorHandler) Opt {
+	return func(ci *CopyInfo) {
+		ci.XAttrErrorHandler = h
+	}
+}
+
+func AllowXAttrErrors(ci *CopyInfo) {
+	h := func(string, string, string, error) error {
+		return nil
+	}
+	WithXAttrErrorHandler(h)(ci)
+}
+
+func WithIncludePattern(includePattern string) Opt {
+	return func(ci *CopyInfo) {
+		ci.IncludePatterns = append(ci.IncludePatterns, includePattern)
+	}
+}
+
+func WithExcludePattern(excludePattern string) Opt {
+	return func(ci *CopyInfo) {
+		ci.ExcludePatterns = append(ci.ExcludePatterns, excludePattern)
+	}
+}
+
+type copier struct {
+	chown                 Chowner
+	utime                 *time.Time
+	mode                  *int
+	inodes                map[uint64]string
+	xattrErrorHandler     XAttrErrorHandler
+	includePatternMatcher *fileutils.PatternMatcher
+	excludePatternMatcher *fileutils.PatternMatcher
+	parentDirs            []parentDir
+}
+
+type parentDir struct {
+	srcPath string
+	dstPath string
+	copied  bool
+}
+
+func newCopier(chown Chowner, tm *time.Time, mode *int, xeh XAttrErrorHandler, includePatterns, excludePatterns []string) (*copier, error) {
+	if xeh == nil {
+		xeh = func(dst, src, key string, err error) error {
+			return err
+		}
+	}
+
+	var includePatternMatcher *fileutils.PatternMatcher
+	if len(includePatterns) != 0 {
+		var err error
+		includePatternMatcher, err = fileutils.NewPatternMatcher(includePatterns)
+		if err != nil {
+			return nil, errors.Wrapf(err, "invalid includepatterns: %s", includePatterns)
+		}
+	}
+
+	var excludePatternMatcher *fileutils.PatternMatcher
+	if len(excludePatterns) != 0 {
+		var err error
+		excludePatternMatcher, err = fileutils.NewPatternMatcher(excludePatterns)
+		if err != nil {
+			return nil, errors.Wrapf(err, "invalid excludepatterns: %s", excludePatterns)
+		}
+	}
+
+	return &copier{
+		inodes:                map[uint64]string{},
+		chown:                 chown,
+		utime:                 tm,
+		xattrErrorHandler:     xeh,
+		mode:                  mode,
+		includePatternMatcher: includePatternMatcher,
+		excludePatternMatcher: excludePatternMatcher,
+	}, nil
+}
+
+// dest is always clean
+func (c *copier) copy(ctx context.Context, src, srcComponents, target string, overwriteTargetMetadata, skipIncludePatterns bool) error {
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	default:
+	}
+
+	fi, err := os.Lstat(src)
+	if err != nil {
+		return errors.Wrapf(err, "failed to stat %s", src)
+	}
+
+	include := true
+	if srcComponents != "" {
+		if !skipIncludePatterns {
+			include, err = c.include(srcComponents, fi)
+			if err != nil {
+				return err
+			}
+		}
+		exclude, err := c.exclude(srcComponents, fi)
+		if err != nil {
+			return err
+		}
+		if exclude {
+			include = false
+		}
+	}
+
+	if include {
+		if err := c.createParentDirs(src, srcComponents, target, overwriteTargetMetadata); err != nil {
+			return err
+		}
+	}
+
+	if !fi.IsDir() {
+		if !include {
+			return nil
+		}
+
+		if err := ensureEmptyFileTarget(target); err != nil {
+			return err
+		}
+	}
+
+	copyFileInfo := true
+
+	switch {
+	case fi.IsDir():
+		if created, err := c.copyDirectory(ctx, src, srcComponents, target, fi, overwriteTargetMetadata, skipIncludePatterns, include); err != nil {
+			return err
+		} else if !overwriteTargetMetadata || !skipIncludePatterns {
+			copyFileInfo = created
+		}
+	case (fi.Mode() & os.ModeType) == 0:
+		link, err := getLinkSource(target, fi, c.inodes)
+		if err != nil {
+			return errors.Wrap(err, "failed to get hardlink")
+		}
+		if link != "" {
+			if err := os.Link(link, target); err != nil {
+				return errors.Wrap(err, "failed to create hard link")
+			}
+		} else if err := copyFile(src, target); err != nil {
+			return errors.Wrap(err, "failed to copy files")
+		}
+	case (fi.Mode() & os.ModeSymlink) == os.ModeSymlink:
+		link, err := os.Readlink(src)
+		if err != nil {
+			return errors.Wrapf(err, "failed to read link: %s", src)
+		}
+		if err := os.Symlink(link, target); err != nil {
+			return errors.Wrapf(err, "failed to create symlink: %s", target)
+		}
+	case (fi.Mode() & os.ModeDevice) == os.ModeDevice:
+		if err := copyDevice(target, fi); err != nil {
+			return errors.Wrapf(err, "failed to create device")
+		}
+	default:
+		// TODO: Support pipes and sockets
+		return errors.Wrapf(err, "unsupported mode %s", fi.Mode())
+	}
+
+	if copyFileInfo {
+		if err := c.copyFileInfo(fi, target); err != nil {
+			return errors.Wrap(err, "failed to copy file info")
+		}
+
+		if err := copyXAttrs(target, src, c.xattrErrorHandler); err != nil {
+			return errors.Wrap(err, "failed to copy xattrs")
+		}
+	}
+	return nil
+}
+
+func (c *copier) include(path string, fi os.FileInfo) (bool, error) {
+	if c.includePatternMatcher == nil {
+		return false, nil
+	}
+
+	m, err := c.includePatternMatcher.Matches(path)
+	if err != nil {
+		return false, errors.Wrap(err, "failed to match includepatterns")
+	}
+	return m, nil
+}
+
+func (c *copier) exclude(path string, fi os.FileInfo) (bool, error) {
+	if c.excludePatternMatcher == nil {
+		return false, nil
+	}
+
+	m, err := c.excludePatternMatcher.Matches(path)
+	if err != nil {
+		return false, errors.Wrap(err, "failed to match excludepatterns")
+	}
+	return m, nil
+}
+
+// Delayed creation of parent directories when a file or dir matches an include
+// pattern.
+func (c *copier) createParentDirs(src, srcComponents, target string, overwriteTargetMetadata bool) error {
+	for i, parentDir := range c.parentDirs {
+		if parentDir.copied {
+			continue
+		}
+
+		fi, err := os.Stat(parentDir.srcPath)
+		if err != nil {
+			return errors.Wrapf(err, "failed to stat %s", src)
+		}
+		if !fi.IsDir() {
+			return errors.Errorf("%s is not a directory", parentDir.srcPath)
+		}
+
+		created, err := copyDirectoryOnly(parentDir.srcPath, parentDir.dstPath, fi, overwriteTargetMetadata)
+		if err != nil {
+			return err
+		}
+		if created {
+			if err := c.copyFileInfo(fi, parentDir.dstPath); err != nil {
+				return errors.Wrap(err, "failed to copy file info")
+			}
+
+			if err := copyXAttrs(parentDir.dstPath, parentDir.srcPath, c.xattrErrorHandler); err != nil {
+				return errors.Wrap(err, "failed to copy xattrs")
+			}
+		}
+
+		c.parentDirs[i].copied = true
+	}
+	return nil
+}
+
+func (c *copier) copyDirectory(ctx context.Context, src, srcComponents, dst string, stat os.FileInfo, overwriteTargetMetadata, skipIncludePatterns, matchedExactly bool) (bool, error) {
+	if !stat.IsDir() {
+		return false, errors.Errorf("source is not directory")
+	}
+
+	created := false
+
+	// If there are no include patterns or this directory matched an include
+	// pattern exactly, go ahead and create the directory. Otherwise, delay to
+	// handle include patterns like a/*/c where we do not want to create a/b
+	// until we encounter a/b/c.
+	if matchedExactly || skipIncludePatterns {
+		var err error
+		created, err = copyDirectoryOnly(src, dst, stat, overwriteTargetMetadata)
+		if err != nil {
+			return created, err
+		}
+	}
+
+	c.parentDirs = append(c.parentDirs, parentDir{
+		srcPath: src,
+		dstPath: dst,
+		copied:  skipIncludePatterns,
+	})
+
+	defer func() {
+		c.parentDirs = c.parentDirs[:len(c.parentDirs)-1]
+	}()
+
+	fis, err := ioutil.ReadDir(src)
+	if err != nil {
+		return false, errors.Wrapf(err, "failed to read %s", src)
+	}
+
+	for _, fi := range fis {
+		if err := c.copy(ctx, filepath.Join(src, fi.Name()), filepath.Join(srcComponents, fi.Name()), filepath.Join(dst, fi.Name()), true, skipIncludePatterns); err != nil {
+			return false, err
+		}
+	}
+
+	return created, nil
+}
+
+func copyDirectoryOnly(src, dst string, stat os.FileInfo, overwriteTargetMetadata bool) (bool, error) {
+	if st, err := os.Lstat(dst); err != nil {
+		if !os.IsNotExist(err) {
+			return false, err
+		}
+		if err := os.Mkdir(dst, stat.Mode()); err != nil {
+			return false, errors.Wrapf(err, "failed to mkdir %s", dst)
+		}
+		return true, nil
+	} else if !st.IsDir() {
+		return false, errors.Errorf("cannot copy to non-directory: %s", dst)
+	} else if overwriteTargetMetadata {
+		if err := os.Chmod(dst, stat.Mode()); err != nil {
+			return false, errors.Wrapf(err, "failed to chmod on %s", dst)
+		}
+	}
+	return false, nil
+}
+
+func ensureEmptyFileTarget(dst string) error {
+	fi, err := os.Lstat(dst)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return errors.Wrap(err, "failed to lstat file target")
+	}
+	if fi.IsDir() {
+		return errors.Errorf("cannot replace to directory %s with file", dst)
+	}
+	return os.Remove(dst)
+}
+
+func containsWildcards(name string) bool {
+	isWindows := runtime.GOOS == "windows"
+	for i := 0; i < len(name); i++ {
+		ch := name[i]
+		if ch == '\\' && !isWindows {
+			i++
+		} else if ch == '*' || ch == '?' || ch == '[' {
+			return true
+		}
+	}
+	return false
+}
+
+func splitWildcards(p string) (d1, d2 string) {
+	parts := strings.Split(filepath.Join(p), string(filepath.Separator))
+	var p1, p2 []string
+	var found bool
+	for _, p := range parts {
+		if !found && containsWildcards(p) {
+			found = true
+		}
+		if p == "" {
+			p = "/"
+		}
+		if !found {
+			p1 = append(p1, p)
+		} else {
+			p2 = append(p2, p)
+		}
+	}
+	return filepath.Join(p1...), filepath.Join(p2...)
+}
+
+func resolveWildcards(basePath, comp string) ([]string, error) {
+	var out []string
+	err := filepath.Walk(basePath, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		rel, err := rel(basePath, path)
+		if err != nil {
+			return err
+		}
+		if rel == "." {
+			return nil
+		}
+		if match, _ := filepath.Match(comp, rel); !match {
+			return nil
+		}
+		out = append(out, path)
+		if info.IsDir() {
+			return filepath.SkipDir
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// rel makes a path relative to base path. Same as `filepath.Rel` but can also
+// handle UUID paths in windows.
+func rel(basepath, targpath string) (string, error) {
+	// filepath.Rel can't handle UUID paths in windows
+	if runtime.GOOS == "windows" {
+		pfx := basepath + `\`
+		if strings.HasPrefix(targpath, pfx) {
+			p := strings.TrimPrefix(targpath, pfx)
+			if p == "" {
+				p = "."
+			}
+			return p, nil
+		}
+	}
+	return filepath.Rel(basepath, targpath)
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/copy_darwin.go b/vendor/github.com/tonistiigi/fsutil/copy/copy_darwin.go
new file mode 100644
index 0000000000000..0d8149693a177
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/copy_darwin.go
@@ -0,0 +1,42 @@
+// +build darwin
+
+package fs
+
+import (
+	"io"
+	"os"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+func copyFile(source, target string) error {
+	if err := unix.Clonefileat(unix.AT_FDCWD, source, unix.AT_FDCWD, target, unix.CLONE_NOFOLLOW); err != nil {
+		if err != unix.EINVAL {
+			return err
+		}
+	} else {
+		return nil
+	}
+
+	src, err := os.Open(source)
+	if err != nil {
+		return errors.Wrapf(err, "failed to open source %s", source)
+	}
+	defer src.Close()
+	tgt, err := os.Create(target)
+	if err != nil {
+		return errors.Wrapf(err, "failed to open target %s", target)
+	}
+	defer tgt.Close()
+
+	return copyFileContent(tgt, src)
+}
+
+func copyFileContent(dst, src *os.File) error {
+	buf := bufferPool.Get().(*[]byte)
+	_, err := io.CopyBuffer(dst, src, *buf)
+	bufferPool.Put(buf)
+
+	return err
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/copy_linux.go b/vendor/github.com/tonistiigi/fsutil/copy/copy_linux.go
new file mode 100644
index 0000000000000..326b7ee76b6fa
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/copy_linux.go
@@ -0,0 +1,115 @@
+package fs
+
+import (
+	"io"
+	"math"
+	"os"
+	"syscall"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+func getUIDGID(fi os.FileInfo) (uid, gid int) {
+	st := fi.Sys().(*syscall.Stat_t)
+	return int(st.Uid), int(st.Gid)
+}
+
+func (c *copier) copyFileInfo(fi os.FileInfo, name string) error {
+	st := fi.Sys().(*syscall.Stat_t)
+
+	chown := c.chown
+	uid, gid := getUIDGID(fi)
+	old := &User{UID: uid, GID: gid}
+	if chown == nil {
+		chown = func(u *User) (*User, error) {
+			return u, nil
+		}
+	}
+	if err := Chown(name, old, chown); err != nil {
+		return errors.Wrapf(err, "failed to chown %s", name)
+	}
+
+	m := fi.Mode()
+	if c.mode != nil {
+		m = (m & ^os.FileMode(0777)) | os.FileMode(*c.mode&0777)
+	}
+	if (fi.Mode() & os.ModeSymlink) != os.ModeSymlink {
+		if err := os.Chmod(name, m); err != nil {
+			return errors.Wrapf(err, "failed to chmod %s", name)
+		}
+	}
+
+	if c.utime != nil {
+		if err := Utimes(name, c.utime); err != nil {
+			return err
+		}
+	} else {
+		timespec := []unix.Timespec{unix.Timespec(StatAtime(st)), unix.Timespec(StatMtime(st))}
+		if err := unix.UtimesNanoAt(unix.AT_FDCWD, name, timespec, unix.AT_SYMLINK_NOFOLLOW); err != nil {
+			return errors.Wrapf(err, "failed to utime %s", name)
+		}
+	}
+
+	return nil
+}
+
+func copyFile(source, target string) error {
+	src, err := os.Open(source)
+	if err != nil {
+		return errors.Wrapf(err, "failed to open source %s", source)
+	}
+	defer src.Close()
+	tgt, err := os.Create(target)
+	if err != nil {
+		return errors.Wrapf(err, "failed to open target %s", target)
+	}
+	defer tgt.Close()
+
+	return copyFileContent(tgt, src)
+}
+
+func copyFileContent(dst, src *os.File) error {
+	st, err := src.Stat()
+	if err != nil {
+		return errors.Wrap(err, "unable to stat source")
+	}
+
+	var written int64
+	size := st.Size()
+	first := true
+
+	for written < size {
+		var desired int
+		if size-written > math.MaxInt32 {
+			desired = int(math.MaxInt32)
+		} else {
+			desired = int(size - written)
+		}
+
+		n, err := unix.CopyFileRange(int(src.Fd()), nil, int(dst.Fd()), nil, desired, 0)
+		if err != nil {
+			// matches go/src/internal/poll/copy_file_range_linux.go
+			if (err != unix.ENOSYS && err != unix.EXDEV && err != unix.EPERM && err != syscall.EIO && err != unix.EOPNOTSUPP && err != syscall.EINVAL) || !first {
+				return errors.Wrap(err, "copy file range failed")
+			}
+
+			buf := bufferPool.Get().(*[]byte)
+			_, err = io.CopyBuffer(dst, src, *buf)
+			bufferPool.Put(buf)
+			return errors.Wrap(err, "userspace copy failed")
+		}
+
+		first = false
+		written += int64(n)
+	}
+	return nil
+}
+
+func copyDevice(dst string, fi os.FileInfo) error {
+	st, ok := fi.Sys().(*syscall.Stat_t)
+	if !ok {
+		return errors.New("unsupported stat type")
+	}
+	return unix.Mknod(dst, uint32(fi.Mode()), int(st.Rdev))
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/copy_nowindows.go b/vendor/github.com/tonistiigi/fsutil/copy/copy_nowindows.go
new file mode 100644
index 0000000000000..cbd784e5f570e
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/copy_nowindows.go
@@ -0,0 +1,28 @@
+// +build !windows
+
+package fs
+
+import (
+	"github.com/pkg/errors"
+
+	"github.com/containerd/continuity/sysx"
+)
+
+// copyXAttrs requires xeh to be non-nil
+func copyXAttrs(dst, src string, xeh XAttrErrorHandler) error {
+	xattrKeys, err := sysx.LListxattr(src)
+	if err != nil {
+		return xeh(dst, src, "", errors.Wrapf(err, "failed to list xattrs on %s", src))
+	}
+	for _, xattr := range xattrKeys {
+		data, err := sysx.LGetxattr(src, xattr)
+		if err != nil {
+			return xeh(dst, src, xattr, errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src))
+		}
+		if err := sysx.LSetxattr(dst, xattr, data, 0); err != nil {
+			return xeh(dst, src, xattr, errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst))
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/copy_unix.go b/vendor/github.com/tonistiigi/fsutil/copy/copy_unix.go
new file mode 100644
index 0000000000000..6debee281d0e8
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/copy_unix.go
@@ -0,0 +1,61 @@
+// +build solaris darwin freebsd
+
+package fs
+
+import (
+	"os"
+	"syscall"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+func getUIDGID(fi os.FileInfo) (uid, gid int) {
+	st := fi.Sys().(*syscall.Stat_t)
+	return int(st.Uid), int(st.Gid)
+}
+
+func (c *copier) copyFileInfo(fi os.FileInfo, name string) error {
+	st := fi.Sys().(*syscall.Stat_t)
+	chown := c.chown
+	uid, gid := getUIDGID(fi)
+	old := &User{UID: uid, GID: gid}
+	if chown == nil {
+		chown = func(u *User) (*User, error) {
+			return u, nil
+		}
+	}
+	if err := Chown(name, old, chown); err != nil {
+		return errors.Wrapf(err, "failed to chown %s", name)
+	}
+
+	m := fi.Mode()
+	if c.mode != nil {
+		m = (m & ^os.FileMode(0777)) | os.FileMode(*c.mode&0777)
+	}
+	if (fi.Mode() & os.ModeSymlink) != os.ModeSymlink {
+		if err := os.Chmod(name, m); err != nil {
+			return errors.Wrapf(err, "failed to chmod %s", name)
+		}
+	}
+
+	if c.utime != nil {
+		if err := Utimes(name, c.utime); err != nil {
+			return err
+		}
+	} else {
+		timespec := []unix.Timespec{unix.Timespec(StatAtime(st)), unix.Timespec(StatMtime(st))}
+		if err := unix.UtimesNanoAt(unix.AT_FDCWD, name, timespec, unix.AT_SYMLINK_NOFOLLOW); err != nil {
+			return errors.Wrapf(err, "failed to utime %s", name)
+		}
+	}
+	return nil
+}
+
+func copyDevice(dst string, fi os.FileInfo) error {
+	st, ok := fi.Sys().(*syscall.Stat_t)
+	if !ok {
+		return errors.New("unsupported stat type")
+	}
+	return unix.Mknod(dst, uint32(fi.Mode()), int(st.Rdev))
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/copy_windows.go b/vendor/github.com/tonistiigi/fsutil/copy/copy_windows.go
new file mode 100644
index 0000000000000..330c0e3f2c352
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/copy_windows.go
@@ -0,0 +1,48 @@
+package fs
+
+import (
+	"io"
+	"os"
+
+	"github.com/pkg/errors"
+)
+
+func (c *copier) copyFileInfo(fi os.FileInfo, name string) error {
+	if err := os.Chmod(name, fi.Mode()); err != nil {
+		return errors.Wrapf(err, "failed to chmod %s", name)
+	}
+
+	// TODO: copy windows specific metadata
+
+	return nil
+}
+
+func copyFile(source, target string) error {
+	src, err := os.Open(source)
+	if err != nil {
+		return errors.Wrapf(err, "failed to open source %s", source)
+	}
+	defer src.Close()
+	tgt, err := os.Create(target)
+	if err != nil {
+		return errors.Wrapf(err, "failed to open target %s", target)
+	}
+	defer tgt.Close()
+
+	return copyFileContent(tgt, src)
+}
+
+func copyFileContent(dst, src *os.File) error {
+	buf := bufferPool.Get().(*[]byte)
+	_, err := io.CopyBuffer(dst, src, *buf)
+	bufferPool.Put(buf)
+	return err
+}
+
+func copyXAttrs(dst, src string, xeh XAttrErrorHandler) error {
+	return nil
+}
+
+func copyDevice(dst string, fi os.FileInfo) error {
+	return errors.New("device copy not supported")
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/hardlink.go b/vendor/github.com/tonistiigi/fsutil/copy/hardlink.go
new file mode 100644
index 0000000000000..38da93813ce84
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/hardlink.go
@@ -0,0 +1,27 @@
+package fs
+
+import "os"
+
+// GetLinkInfo returns an identifier representing the node a hardlink is pointing
+// to. If the file is not hard linked then 0 will be returned.
+func GetLinkInfo(fi os.FileInfo) (uint64, bool) {
+	return getLinkInfo(fi)
+}
+
+// getLinkSource returns a path for the given name and
+// file info to its link source in the provided inode
+// map. If the given file name is not in the map and
+// has other links, it is added to the inode map
+// to be a source for other link locations.
+func getLinkSource(name string, fi os.FileInfo, inodes map[uint64]string) (string, error) {
+	inode, isHardlink := getLinkInfo(fi)
+	if !isHardlink {
+		return "", nil
+	}
+
+	path, ok := inodes[inode]
+	if !ok {
+		inodes[inode] = name
+	}
+	return path, nil
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/hardlink_unix.go b/vendor/github.com/tonistiigi/fsutil/copy/hardlink_unix.go
new file mode 100644
index 0000000000000..3b825c940bf75
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/hardlink_unix.go
@@ -0,0 +1,17 @@
+// +build !windows
+
+package fs
+
+import (
+	"os"
+	"syscall"
+)
+
+func getLinkInfo(fi os.FileInfo) (uint64, bool) {
+	s, ok := fi.Sys().(*syscall.Stat_t)
+	if !ok {
+		return 0, false
+	}
+
+	return uint64(s.Ino), !fi.IsDir() && s.Nlink > 1
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/hardlink_windows.go b/vendor/github.com/tonistiigi/fsutil/copy/hardlink_windows.go
new file mode 100644
index 0000000000000..ad8845a7fb2cc
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/hardlink_windows.go
@@ -0,0 +1,7 @@
+package fs
+
+import "os"
+
+func getLinkInfo(fi os.FileInfo) (uint64, bool) {
+	return 0, false
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/mkdir.go b/vendor/github.com/tonistiigi/fsutil/copy/mkdir.go
new file mode 100644
index 0000000000000..98547544759b6
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/mkdir.go
@@ -0,0 +1,83 @@
+package fs
+
+import (
+	"os"
+	"syscall"
+	"time"
+
+	"github.com/pkg/errors"
+)
+
+func Chown(p string, old *User, fn Chowner) error {
+	if fn == nil {
+		return nil
+	}
+	user, err := fn(old)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	if user != nil {
+		if err := os.Lchown(p, user.UID, user.GID); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// MkdirAll is forked os.MkdirAll
+func MkdirAll(path string, perm os.FileMode, user Chowner, tm *time.Time) error {
+	// Fast path: if we can tell whether path is a directory or file, stop with success or error.
+	dir, err := os.Stat(path)
+	if err == nil {
+		if dir.IsDir() {
+			return nil
+		}
+		return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR}
+	}
+
+	// Slow path: make sure parent exists and then call Mkdir for path.
+	i := len(path)
+	for i > 0 && os.IsPathSeparator(path[i-1]) { // Skip trailing path separator.
+		i--
+	}
+
+	j := i
+	for j > 0 && !os.IsPathSeparator(path[j-1]) { // Scan backward over element.
+		j--
+	}
+
+	if j > 1 {
+		// Create parent.
+		err = MkdirAll(fixRootDirectory(path[:j-1]), perm, user, tm)
+		if err != nil {
+			return err
+		}
+	}
+
+	dir, err1 := os.Lstat(path)
+	if err1 == nil && dir.IsDir() {
+		return nil
+	}
+
+	// Parent now exists; invoke Mkdir and use its result.
+	err = os.Mkdir(path, perm)
+	if err != nil {
+		// Handle arguments like "foo/." by
+		// double-checking that directory doesn't exist.
+		dir, err1 := os.Lstat(path)
+		if err1 == nil && dir.IsDir() {
+			return nil
+		}
+		return err
+	}
+
+	if err := Chown(path, nil, user); err != nil {
+		return err
+	}
+
+	if err := Utimes(path, tm); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/mkdir_unix.go b/vendor/github.com/tonistiigi/fsutil/copy/mkdir_unix.go
new file mode 100644
index 0000000000000..8fb0f6bc604b0
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/mkdir_unix.go
@@ -0,0 +1,32 @@
+// +build !windows
+
+package fs
+
+import (
+	"time"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+func fixRootDirectory(p string) string {
+	return p
+}
+
+func Utimes(p string, tm *time.Time) error {
+	if tm == nil {
+		return nil
+	}
+
+	ts, err := unix.TimeToTimespec(*tm)
+	if err != nil {
+		return err
+	}
+
+	timespec := []unix.Timespec{ts, ts}
+	if err := unix.UtimesNanoAt(unix.AT_FDCWD, p, timespec, unix.AT_SYMLINK_NOFOLLOW); err != nil {
+		return errors.Wrapf(err, "failed to utime %s", p)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/mkdir_windows.go b/vendor/github.com/tonistiigi/fsutil/copy/mkdir_windows.go
new file mode 100644
index 0000000000000..6bd17e813358f
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/mkdir_windows.go
@@ -0,0 +1,21 @@
+// +build windows
+
+package fs
+
+import (
+	"os"
+	"time"
+)
+
+func fixRootDirectory(p string) string {
+	if len(p) == len(`\\?\c:`) {
+		if os.IsPathSeparator(p[0]) && os.IsPathSeparator(p[1]) && p[2] == '?' && os.IsPathSeparator(p[3]) && p[5] == ':' {
+			return p + `\`
+		}
+	}
+	return p
+}
+
+func Utimes(p string, tm *time.Time) error {
+	return nil
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/stat_bsd.go b/vendor/github.com/tonistiigi/fsutil/copy/stat_bsd.go
new file mode 100644
index 0000000000000..362142de6cf2b
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/stat_bsd.go
@@ -0,0 +1,17 @@
+// +build darwin freebsd netbsd openbsd
+
+package fs
+
+import (
+	"syscall"
+)
+
+// Returns the last-accessed time
+func StatAtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Atimespec
+}
+
+// Returns the last-modified time
+func StatMtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Mtimespec
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/copy/stat_sysv.go b/vendor/github.com/tonistiigi/fsutil/copy/stat_sysv.go
new file mode 100644
index 0000000000000..59accf054d317
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/copy/stat_sysv.go
@@ -0,0 +1,17 @@
+// +build dragonfly linux solaris
+
+package fs
+
+import (
+	"syscall"
+)
+
+// Returns the last-accessed time
+func StatAtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Atim
+}
+
+// Returns the last-modified time
+func StatMtime(st *syscall.Stat_t) syscall.Timespec {
+	return st.Mtim
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/diff.go b/vendor/github.com/tonistiigi/fsutil/diff.go
index acad9f4f2235d..a7405dc5332c3 100644
--- a/vendor/github.com/tonistiigi/fsutil/diff.go
+++ b/vendor/github.com/tonistiigi/fsutil/diff.go
@@ -5,6 +5,7 @@ import (
 	"hash"
 	"os"
 
+	"github.com/pkg/errors"
 	"github.com/tonistiigi/fsutil/types"
 )
 
@@ -18,16 +19,21 @@ type HandleChangeFn func(ChangeKind, string, os.FileInfo, error) error
 
 type ContentHasher func(*types.Stat) (hash.Hash, error)
 
-func GetWalkerFn(root string) walkerFn {
+func getWalkerFn(root string) walkerFn {
 	return func(ctx context.Context, pathC chan<- *currentPath) error {
-		return Walk(ctx, root, nil, func(path string, f os.FileInfo, err error) error {
+		return errors.Wrap(Walk(ctx, root, nil, func(path string, f os.FileInfo, err error) error {
 			if err != nil {
 				return err
 			}
 
+			stat, ok := f.Sys().(*types.Stat)
+			if !ok {
+				return errors.Errorf("%T invalid file without stat information", f.Sys())
+			}
+
 			p := &currentPath{
 				path: path,
-				f:    f,
+				stat: stat,
 			}
 
 			select {
@@ -36,7 +42,7 @@ func GetWalkerFn(root string) walkerFn {
 			case pathC <- p:
 				return nil
 			}
-		})
+		}), "failed to walk")
 	}
 }
 
diff --git a/vendor/github.com/tonistiigi/fsutil/diff_containerd.go b/vendor/github.com/tonistiigi/fsutil/diff_containerd.go
index e63ee916a6af1..d72f4e64fec12 100644
--- a/vendor/github.com/tonistiigi/fsutil/diff_containerd.go
+++ b/vendor/github.com/tonistiigi/fsutil/diff_containerd.go
@@ -1,7 +1,9 @@
 package fsutil
 
 import (
+	"bytes"
 	"context"
+	"io"
 	"os"
 	"strings"
 
@@ -35,14 +37,16 @@ const (
 // computed during a directory changes calculation.
 type ChangeFunc func(ChangeKind, string, os.FileInfo, error) error
 
+const compareChunkSize = 32 * 1024
+
 type currentPath struct {
 	path string
-	f    os.FileInfo
+	stat *types.Stat
 	//	fullPath string
 }
 
 // doubleWalkDiff walks both directories to create a diff
-func doubleWalkDiff(ctx context.Context, changeFn ChangeFunc, a, b walkerFn) (err error) {
+func doubleWalkDiff(ctx context.Context, changeFn ChangeFunc, a, b walkerFn, filter FilterFunc, differ DiffType) (err error) {
 	g, ctx := errgroup.WithContext(ctx)
 
 	var (
@@ -86,14 +90,22 @@ func doubleWalkDiff(ctx context.Context, changeFn ChangeFunc, a, b walkerFn) (er
 				continue
 			}
 
-			var f os.FileInfo
-			k, p := pathChange(f1, f2)
+			var f *types.Stat
+			var f2copy *currentPath
+			if f2 != nil {
+				statCopy := *f2.stat
+				if filter != nil {
+					filter(f2.path, &statCopy)
+				}
+				f2copy = &currentPath{path: f2.path, stat: &statCopy}
+			}
+			k, p := pathChange(f1, f2copy)
 			switch k {
 			case ChangeKindAdd:
 				if rmdir != "" {
 					rmdir = ""
 				}
-				f = f2.f
+				f = f2.stat
 				f2 = nil
 			case ChangeKindDelete:
 				// Check if this file is already removed by being
@@ -101,30 +113,30 @@ func doubleWalkDiff(ctx context.Context, changeFn ChangeFunc, a, b walkerFn) (er
 				if rmdir != "" && strings.HasPrefix(f1.path, rmdir) {
 					f1 = nil
 					continue
-				} else if rmdir == "" && f1.f.IsDir() {
+				} else if rmdir == "" && f1.stat.IsDir() {
 					rmdir = f1.path + string(os.PathSeparator)
 				} else if rmdir != "" {
 					rmdir = ""
 				}
 				f1 = nil
 			case ChangeKindModify:
-				same, err := sameFile(f1, f2)
+				same, err := sameFile(f1, f2copy, differ)
 				if err != nil {
 					return err
 				}
-				if f1.f.IsDir() && !f2.f.IsDir() {
+				if f1.stat.IsDir() && !f2copy.stat.IsDir() {
 					rmdir = f1.path + string(os.PathSeparator)
 				} else if rmdir != "" {
 					rmdir = ""
 				}
-				f = f2.f
+				f = f2.stat
 				f1 = nil
 				f2 = nil
 				if same {
 					continue loop0
 				}
 			}
-			if err := changeFn(k, p, f, nil); err != nil {
+			if err := changeFn(k, p, &StatInfo{f}, nil); err != nil {
 				return err
 			}
 		}
@@ -157,30 +169,58 @@ func pathChange(lower, upper *currentPath) (ChangeKind, string) {
 	}
 }
 
-func sameFile(f1, f2 *currentPath) (same bool, retErr error) {
+func sameFile(f1, f2 *currentPath, differ DiffType) (same bool, retErr error) {
+	if differ == DiffNone {
+		return false, nil
+	}
 	// If not a directory also check size, modtime, and content
-	if !f1.f.IsDir() {
-		if f1.f.Size() != f2.f.Size() {
+	if !f1.stat.IsDir() {
+		if f1.stat.Size_ != f2.stat.Size_ {
 			return false, nil
 		}
 
-		t1 := f1.f.ModTime()
-		t2 := f2.f.ModTime()
-		if t1.UnixNano() != t2.UnixNano() {
+		if f1.stat.ModTime != f2.stat.ModTime {
 			return false, nil
 		}
 	}
 
-	ls1, ok := f1.f.Sys().(*types.Stat)
-	if !ok {
-		return false, nil
-	}
-	ls2, ok := f2.f.Sys().(*types.Stat)
-	if !ok {
-		return false, nil
+	same, err := compareStat(f1.stat, f2.stat)
+	if err != nil || !same || differ == DiffMetadata {
+		return same, err
 	}
+	return compareFileContent(f1.path, f2.path)
+}
 
-	return compareStat(ls1, ls2)
+func compareFileContent(p1, p2 string) (bool, error) {
+	f1, err := os.Open(p1)
+	if err != nil {
+		return false, err
+	}
+	defer f1.Close()
+	f2, err := os.Open(p2)
+	if err != nil {
+		return false, err
+	}
+	defer f2.Close()
+
+	b1 := make([]byte, compareChunkSize)
+	b2 := make([]byte, compareChunkSize)
+	for {
+		n1, err1 := f1.Read(b1)
+		if err1 != nil && err1 != io.EOF {
+			return false, err1
+		}
+		n2, err2 := f2.Read(b2)
+		if err2 != nil && err2 != io.EOF {
+			return false, err2
+		}
+		if n1 != n2 || !bytes.Equal(b1[:n1], b2[:n2]) {
+			return false, nil
+		}
+		if err1 == io.EOF && err2 == io.EOF {
+			return true, nil
+		}
+	}
 }
 
 // compareStat returns whether the stats are equivalent,
diff --git a/vendor/github.com/tonistiigi/fsutil/diff_containerd_linux.go b/vendor/github.com/tonistiigi/fsutil/diff_containerd_linux.go
deleted file mode 100644
index 4ac7ec5ed7057..0000000000000
--- a/vendor/github.com/tonistiigi/fsutil/diff_containerd_linux.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package fsutil
-
-import (
-	"bytes"
-	"syscall"
-
-	"github.com/containerd/continuity/sysx"
-	"github.com/pkg/errors"
-)
-
-// compareSysStat returns whether the stats are equivalent,
-// whether the files are considered the same file, and
-// an error
-func compareSysStat(s1, s2 interface{}) (bool, error) {
-	ls1, ok := s1.(*syscall.Stat_t)
-	if !ok {
-		return false, nil
-	}
-	ls2, ok := s2.(*syscall.Stat_t)
-	if !ok {
-		return false, nil
-	}
-
-	return ls1.Mode == ls2.Mode && ls1.Uid == ls2.Uid && ls1.Gid == ls2.Gid && ls1.Rdev == ls2.Rdev, nil
-}
-
-func compareCapabilities(p1, p2 string) (bool, error) {
-	c1, err := sysx.LGetxattr(p1, "security.capability")
-	if err != nil && err != syscall.ENODATA {
-		return false, errors.Wrapf(err, "failed to get xattr for %s", p1)
-	}
-	c2, err := sysx.LGetxattr(p2, "security.capability")
-	if err != nil && err != syscall.ENODATA {
-		return false, errors.Wrapf(err, "failed to get xattr for %s", p2)
-	}
-	return bytes.Equal(c1, c2), nil
-}
diff --git a/vendor/github.com/tonistiigi/fsutil/diskwriter.go b/vendor/github.com/tonistiigi/fsutil/diskwriter.go
index 3213113e0d634..786432264f0f1 100644
--- a/vendor/github.com/tonistiigi/fsutil/diskwriter.go
+++ b/vendor/github.com/tonistiigi/fsutil/diskwriter.go
@@ -8,6 +8,7 @@ import (
 	"path/filepath"
 	"strconv"
 	"sync"
+	"syscall"
 	"time"
 
 	"github.com/opencontainers/go-digest"
@@ -26,13 +27,12 @@ type DiskWriterOpt struct {
 	Filter        FilterFunc
 }
 
-type FilterFunc func(*types.Stat) bool
+type FilterFunc func(string, *types.Stat) bool
 
 type DiskWriter struct {
 	opt  DiskWriterOpt
 	dest string
 
-	wg     sync.WaitGroup
 	ctx    context.Context
 	cancel func()
 	eg     *errgroup.Group
@@ -84,6 +84,12 @@ func (dw *DiskWriter) HandleChange(kind ChangeKind, p string, fi os.FileInfo, er
 	destPath := filepath.Join(dw.dest, filepath.FromSlash(p))
 
 	if kind == ChangeKindDelete {
+		if dw.filter != nil {
+			var empty types.Stat
+			if ok := dw.filter(p, &empty); !ok {
+				return nil
+			}
+		}
 		// todo: no need to validate if diff is trusted but is it always?
 		if err := os.RemoveAll(destPath); err != nil {
 			return errors.Wrapf(err, "failed to remove: %s", destPath)
@@ -98,13 +104,13 @@ func (dw *DiskWriter) HandleChange(kind ChangeKind, p string, fi os.FileInfo, er
 
 	stat, ok := fi.Sys().(*types.Stat)
 	if !ok {
-		return errors.Errorf("%s invalid change without stat information", p)
+		return errors.WithStack(&os.PathError{Path: p, Err: syscall.EBADMSG, Op: "change without stat info"})
 	}
 
 	statCopy := *stat
 
 	if dw.filter != nil {
-		if ok := dw.filter(&statCopy); !ok {
+		if ok := dw.filter(p, &statCopy); !ok {
 			return nil
 		}
 	}
@@ -112,13 +118,13 @@ func (dw *DiskWriter) HandleChange(kind ChangeKind, p string, fi os.FileInfo, er
 	rename := true
 	oldFi, err := os.Lstat(destPath)
 	if err != nil {
-		if os.IsNotExist(err) {
+		if errors.Is(err, os.ErrNotExist) {
 			if kind != ChangeKindAdd {
-				return errors.Wrapf(err, "invalid addition: %s", destPath)
+				return errors.Wrap(err, "modify/rm")
 			}
 			rename = false
 		} else {
-			return errors.Wrapf(err, "failed to stat %s", destPath)
+			return errors.WithStack(err)
 		}
 	}
 
@@ -188,7 +194,7 @@ func (dw *DiskWriter) HandleChange(kind ChangeKind, p string, fi os.FileInfo, er
 
 	if isRegularFile {
 		if dw.opt.AsyncDataCb != nil {
-			dw.requestAsyncFileData(p, destPath, fi)
+			dw.requestAsyncFileData(p, destPath, fi, &statCopy)
 		}
 	} else {
 		return dw.processChange(kind, p, fi, nil)
@@ -197,7 +203,7 @@ func (dw *DiskWriter) HandleChange(kind ChangeKind, p string, fi os.FileInfo, er
 	return nil
 }
 
-func (dw *DiskWriter) requestAsyncFileData(p, dest string, fi os.FileInfo) {
+func (dw *DiskWriter) requestAsyncFileData(p, dest string, fi os.FileInfo, st *types.Stat) {
 	// todo: limit worker threads
 	dw.eg.Go(func() error {
 		if err := dw.processChange(ChangeKindAdd, p, fi, &lazyFileWriter{
@@ -205,7 +211,7 @@ func (dw *DiskWriter) requestAsyncFileData(p, dest string, fi os.FileInfo) {
 		}); err != nil {
 			return err
 		}
-		return chtimes(dest, fi.ModTime().UnixNano()) // TODO: parent dirs
+		return chtimes(dest, st.ModTime) // TODO: parent dirs
 	})
 }
 
@@ -279,7 +285,6 @@ func (hw *hashedWriter) Digest() digest.Digest {
 
 type lazyFileWriter struct {
 	dest     string
-	ctx      context.Context
 	f        *os.File
 	fileMode *os.FileMode
 }
diff --git a/vendor/github.com/tonistiigi/fsutil/diskwriter_unix.go b/vendor/github.com/tonistiigi/fsutil/diskwriter_unix.go
index ff0a22e3caf8e..aa2d298f40ea1 100644
--- a/vendor/github.com/tonistiigi/fsutil/diskwriter_unix.go
+++ b/vendor/github.com/tonistiigi/fsutil/diskwriter_unix.go
@@ -17,17 +17,17 @@ func rewriteMetadata(p string, stat *types.Stat) error {
 	}
 
 	if err := os.Lchown(p, int(stat.Uid), int(stat.Gid)); err != nil {
-		return errors.Wrapf(err, "failed to lchown %s", p)
+		return errors.WithStack(err)
 	}
 
 	if os.FileMode(stat.Mode)&os.ModeSymlink == 0 {
 		if err := os.Chmod(p, os.FileMode(stat.Mode)); err != nil {
-			return errors.Wrapf(err, "failed to chown %s", p)
+			return errors.WithStack(err)
 		}
 	}
 
 	if err := chtimes(p, stat.ModTime); err != nil {
-		return errors.Wrapf(err, "failed to chtimes %s", p)
+		return err
 	}
 
 	return nil
@@ -46,7 +46,7 @@ func handleTarTypeBlockCharFifo(path string, stat *types.Stat) error {
 	}
 
 	if err := syscall.Mknod(path, mode, int(mkdev(stat.Devmajor, stat.Devminor))); err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 	return nil
 }
diff --git a/vendor/github.com/tonistiigi/fsutil/followlinks.go b/vendor/github.com/tonistiigi/fsutil/followlinks.go
index ed4af6e816565..a0942413e8112 100644
--- a/vendor/github.com/tonistiigi/fsutil/followlinks.go
+++ b/vendor/github.com/tonistiigi/fsutil/followlinks.go
@@ -77,10 +77,10 @@ func (r *symlinkResolver) readSymlink(p string, allowWildcard bool) ([]string, e
 	if allowWildcard && containsWildcards(base) {
 		fis, err := ioutil.ReadDir(filepath.Dir(realPath))
 		if err != nil {
-			if os.IsNotExist(err) {
+			if errors.Is(err, os.ErrNotExist) {
 				return nil, nil
 			}
-			return nil, errors.Wrapf(err, "failed to read dir %s", filepath.Dir(realPath))
+			return nil, errors.Wrap(err, "readdir")
 		}
 		var out []string
 		for _, f := range fis {
@@ -97,17 +97,17 @@ func (r *symlinkResolver) readSymlink(p string, allowWildcard bool) ([]string, e
 
 	fi, err := os.Lstat(realPath)
 	if err != nil {
-		if os.IsNotExist(err) {
+		if errors.Is(err, os.ErrNotExist) {
 			return nil, nil
 		}
-		return nil, errors.Wrapf(err, "failed to lstat %s", realPath)
+		return nil, errors.WithStack(err)
 	}
 	if fi.Mode()&os.ModeSymlink == 0 {
 		return nil, nil
 	}
 	link, err := os.Readlink(realPath)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to readlink %s", realPath)
+		return nil, errors.WithStack(err)
 	}
 	link = filepath.Clean(link)
 	if filepath.IsAbs(link) {
diff --git a/vendor/github.com/tonistiigi/fsutil/fs.go b/vendor/github.com/tonistiigi/fsutil/fs.go
index 132850c90495e..e26110b320b37 100644
--- a/vendor/github.com/tonistiigi/fsutil/fs.go
+++ b/vendor/github.com/tonistiigi/fsutil/fs.go
@@ -3,10 +3,13 @@ package fsutil
 import (
 	"context"
 	"io"
+	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
+	"sort"
 	"strings"
+	"syscall"
 
 	"github.com/pkg/errors"
 	"github.com/tonistiigi/fsutil/types"
@@ -34,39 +37,84 @@ func (fs *fs) Walk(ctx context.Context, fn filepath.WalkFunc) error {
 }
 
 func (fs *fs) Open(p string) (io.ReadCloser, error) {
-	return os.Open(filepath.Join(fs.root, p))
+	rc, err := os.Open(filepath.Join(fs.root, p))
+	return rc, errors.WithStack(err)
 }
 
-func SubDirFS(fs FS, stat types.Stat) FS {
-	return &subDirFS{fs: fs, stat: stat}
+type Dir struct {
+	Stat types.Stat
+	FS   FS
+}
+
+func SubDirFS(dirs []Dir) (FS, error) {
+	sort.Slice(dirs, func(i, j int) bool {
+		return dirs[i].Stat.Path < dirs[j].Stat.Path
+	})
+	m := map[string]Dir{}
+	for _, d := range dirs {
+		if path.Base(d.Stat.Path) != d.Stat.Path {
+			return nil, errors.WithStack(&os.PathError{Path: d.Stat.Path, Err: syscall.EISDIR, Op: "invalid path"})
+		}
+		if _, ok := m[d.Stat.Path]; ok {
+			return nil, errors.WithStack(&os.PathError{Path: d.Stat.Path, Err: syscall.EEXIST, Op: "duplicate path"})
+		}
+		m[d.Stat.Path] = d
+	}
+	return &subDirFS{m: m, dirs: dirs}, nil
 }
 
 type subDirFS struct {
-	fs   FS
-	stat types.Stat
+	m    map[string]Dir
+	dirs []Dir
 }
 
 func (fs *subDirFS) Walk(ctx context.Context, fn filepath.WalkFunc) error {
-	main := &StatInfo{Stat: &fs.stat}
-	if !main.IsDir() {
-		return errors.Errorf("fs subdir not mode directory")
+	for _, d := range fs.dirs {
+		fi := &StatInfo{Stat: &d.Stat}
+		if !fi.IsDir() {
+			return errors.WithStack(&os.PathError{Path: d.Stat.Path, Err: syscall.ENOTDIR, Op: "walk subdir"})
+		}
+		if err := fn(d.Stat.Path, fi, nil); err != nil {
+			return err
+		}
+		if err := d.FS.Walk(ctx, func(p string, fi os.FileInfo, err error) error {
+			stat, ok := fi.Sys().(*types.Stat)
+			if !ok {
+				return errors.WithStack(&os.PathError{Path: d.Stat.Path, Err: syscall.EBADMSG, Op: "fileinfo without stat info"})
+			}
+			stat.Path = path.Join(d.Stat.Path, stat.Path)
+			if stat.Linkname != "" {
+				if fi.Mode()&os.ModeSymlink != 0 {
+					if strings.HasPrefix(stat.Linkname, "/") {
+						stat.Linkname = path.Join("/"+d.Stat.Path, stat.Linkname)
+					}
+				} else {
+					stat.Linkname = path.Join(d.Stat.Path, stat.Linkname)
+				}
+			}
+			return fn(filepath.Join(d.Stat.Path, p), &StatInfo{stat}, nil)
+		}); err != nil {
+			return err
+		}
 	}
-	if main.Name() != fs.stat.Path {
-		return errors.Errorf("subdir path must be single file")
+	return nil
+}
+
+func (fs *subDirFS) Open(p string) (io.ReadCloser, error) {
+	parts := strings.SplitN(filepath.Clean(p), string(filepath.Separator), 2)
+	if len(parts) == 0 {
+		return ioutil.NopCloser(&emptyReader{}), nil
 	}
-	if err := fn(fs.stat.Path, main, nil); err != nil {
-		return err
+	d, ok := fs.m[parts[0]]
+	if !ok {
+		return nil, errors.WithStack(&os.PathError{Path: parts[0], Err: syscall.ENOENT, Op: "open"})
 	}
-	return fs.fs.Walk(ctx, func(p string, fi os.FileInfo, err error) error {
-		stat, ok := fi.Sys().(*types.Stat)
-		if !ok {
-			return errors.Wrapf(err, "invalid fileinfo without stat info: %s", p)
-		}
-		stat.Path = path.Join(fs.stat.Path, stat.Path)
-		return fn(filepath.Join(fs.stat.Path, p), &StatInfo{stat}, nil)
-	})
+	return d.FS.Open(parts[1])
 }
 
-func (fs *subDirFS) Open(p string) (io.ReadCloser, error) {
-	return fs.fs.Open(strings.TrimPrefix(p, fs.stat.Path+"/"))
+type emptyReader struct {
+}
+
+func (*emptyReader) Read([]byte) (int, error) {
+	return 0, io.EOF
 }
diff --git a/vendor/github.com/tonistiigi/fsutil/go.mod b/vendor/github.com/tonistiigi/fsutil/go.mod
new file mode 100644
index 0000000000000..fc4cdb0014b0c
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/go.mod
@@ -0,0 +1,20 @@
+module github.com/tonistiigi/fsutil
+
+go 1.13
+
+require (
+	github.com/containerd/continuity v0.1.0
+	github.com/docker/docker v20.10.3-0.20210609071616-4c2ec79bf2a8+incompatible // master (v21.xx-dev)
+	github.com/gogo/protobuf v1.3.2
+	github.com/golang/protobuf v1.4.3 // indirect
+	github.com/google/go-cmp v0.5.2 // indirect
+	github.com/kr/pretty v0.2.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.7.0
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/sys v0.0.0-20210313202042-bd2e13477e9c
+	google.golang.org/protobuf v1.25.0 // indirect
+	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
+	gotest.tools/v3 v3.0.3 // indirect
+)
diff --git a/vendor/github.com/tonistiigi/fsutil/hardlinks.go b/vendor/github.com/tonistiigi/fsutil/hardlinks.go
index d977f0d6bbf3e..ef8bbfb5daff7 100644
--- a/vendor/github.com/tonistiigi/fsutil/hardlinks.go
+++ b/vendor/github.com/tonistiigi/fsutil/hardlinks.go
@@ -2,6 +2,7 @@ package fsutil
 
 import (
 	"os"
+	"syscall"
 
 	"github.com/pkg/errors"
 	"github.com/tonistiigi/fsutil/types"
@@ -28,7 +29,7 @@ func (v *Hardlinks) HandleChange(kind ChangeKind, p string, fi os.FileInfo, err
 
 	stat, ok := fi.Sys().(*types.Stat)
 	if !ok {
-		return errors.Errorf("invalid change without stat info: %s", p)
+		return errors.WithStack(&os.PathError{Path: p, Err: syscall.EBADMSG, Op: "change without stat info"})
 	}
 
 	if fi.IsDir() || fi.Mode()&os.ModeSymlink != 0 {
diff --git a/vendor/github.com/tonistiigi/fsutil/prefix/match.go b/vendor/github.com/tonistiigi/fsutil/prefix/match.go
new file mode 100644
index 0000000000000..57e745c681739
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/prefix/match.go
@@ -0,0 +1,45 @@
+package prefix
+
+import (
+	"path"
+	"path/filepath"
+	"strings"
+)
+
+// Match matches a path against a pattern. It returns m = true if the path
+// matches the pattern, and partial = true if the pattern has more separators
+// than the path and the common components match (for example, name = foo and
+// pattern = foo/bar/*). slashSeparator determines whether the path and pattern
+// are '/' delimited (true) or use the native path separator (false).
+func Match(pattern, name string, slashSeparator bool) (m bool, partial bool) {
+	separator := filepath.Separator
+	if slashSeparator {
+		separator = '/'
+	}
+	count := strings.Count(name, string(separator))
+	if strings.Count(pattern, string(separator)) > count {
+		pattern = trimUntilIndex(pattern, string(separator), count)
+		partial = true
+	}
+	if slashSeparator {
+		m, _ = path.Match(pattern, name)
+	} else {
+		m, _ = filepath.Match(pattern, name)
+	}
+	return m, partial
+}
+
+func trimUntilIndex(str, sep string, count int) string {
+	s := str
+	i := 0
+	c := 0
+	for {
+		idx := strings.Index(s, sep)
+		s = s[idx+len(sep):]
+		i += idx + len(sep)
+		c++
+		if c > count {
+			return str[:i-len(sep)]
+		}
+	}
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/receive.go b/vendor/github.com/tonistiigi/fsutil/receive.go
index fd9ef9aa60128..209d1d2fafa29 100644
--- a/vendor/github.com/tonistiigi/fsutil/receive.go
+++ b/vendor/github.com/tonistiigi/fsutil/receive.go
@@ -11,16 +11,25 @@ import (
 	"golang.org/x/sync/errgroup"
 )
 
+type DiffType int
+
+const (
+	DiffMetadata DiffType = iota
+	DiffNone
+	DiffContent
+)
+
 type ReceiveOpt struct {
 	NotifyHashed  ChangeFunc
 	ContentHasher ContentHasher
 	ProgressCb    func(int, bool)
 	Merge         bool
 	Filter        FilterFunc
+	Differ        DiffType
 }
 
 func Receive(ctx context.Context, conn Stream, dest string, opt ReceiveOpt) error {
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 
 	r := &receiver{
@@ -33,6 +42,7 @@ func Receive(ctx context.Context, conn Stream, dest string, opt ReceiveOpt) erro
 		progressCb:    opt.ProgressCb,
 		merge:         opt.Merge,
 		filter:        opt.Filter,
+		differ:        opt.Differ,
 	}
 	return r.run(ctx)
 }
@@ -47,6 +57,7 @@ type receiver struct {
 	progressCb func(int, bool)
 	merge      bool
 	filter     FilterFunc
+	differ     DiffType
 
 	notifyHashed   ChangeFunc
 	contentHasher  ContentHasher
@@ -92,14 +103,19 @@ func (w *dynamicWalker) fill(ctx context.Context, pathC chan<- *currentPath) err
 			if !ok {
 				return nil
 			}
-			pathC <- p
+			select {
+			case pathC <- p:
+			case <-ctx.Done():
+				w.err = ctx.Err()
+				close(w.closeCh)
+				return ctx.Err()
+			}
 		case <-ctx.Done():
 			w.err = ctx.Err()
 			close(w.closeCh)
 			return ctx.Err()
 		}
 	}
-	return nil
 }
 
 func (r *receiver) run(ctx context.Context) error {
@@ -125,9 +141,9 @@ func (r *receiver) run(ctx context.Context) error {
 		}()
 		destWalker := emptyWalker
 		if !r.merge {
-			destWalker = GetWalkerFn(r.dest)
+			destWalker = getWalkerFn(r.dest)
 		}
-		err := doubleWalkDiff(ctx, dw.HandleChange, destWalker, w.fill)
+		err := doubleWalkDiff(ctx, dw.HandleChange, destWalker, w.fill, r.filter, r.differ)
 		if err != nil {
 			return err
 		}
@@ -174,11 +190,11 @@ func (r *receiver) run(ctx context.Context) error {
 					r.mu.Unlock()
 				}
 				i++
-				cp := &currentPath{path: p.Stat.Path, f: &StatInfo{p.Stat}}
-				if err := r.orderValidator.HandleChange(ChangeKindAdd, cp.path, cp.f, nil); err != nil {
+				cp := &currentPath{path: p.Stat.Path, stat: p.Stat}
+				if err := r.orderValidator.HandleChange(ChangeKindAdd, cp.path, &StatInfo{cp.stat}, nil); err != nil {
 					return err
 				}
-				if err := r.hlValidator.HandleChange(ChangeKindAdd, cp.path, cp.f, nil); err != nil {
+				if err := r.hlValidator.HandleChange(ChangeKindAdd, cp.path, &StatInfo{cp.stat}, nil); err != nil {
 					return err
 				}
 				if err := w.update(cp); err != nil {
diff --git a/vendor/github.com/tonistiigi/fsutil/send.go b/vendor/github.com/tonistiigi/fsutil/send.go
index e7c5a37d1b172..2c1a3801d58a2 100644
--- a/vendor/github.com/tonistiigi/fsutil/send.go
+++ b/vendor/github.com/tonistiigi/fsutil/send.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"os"
 	"sync"
+	"syscall"
 
 	"github.com/pkg/errors"
 	"github.com/tonistiigi/fsutil/types"
@@ -13,7 +14,8 @@ import (
 
 var bufPool = sync.Pool{
 	New: func() interface{} {
-		return make([]byte, 32*1<<10)
+		buf := make([]byte, 32*1<<10)
+		return &buf
 	},
 }
 
@@ -131,9 +133,9 @@ func (s *sender) sendFile(h *sendHandle) error {
 	f, err := s.fs.Open(h.path)
 	if err == nil {
 		defer f.Close()
-		buf := bufPool.Get().([]byte)
+		buf := bufPool.Get().(*[]byte)
 		defer bufPool.Put(buf)
-		if _, err := io.CopyBuffer(&fileSender{sender: s, id: h.id}, f, buf); err != nil {
+		if _, err := io.CopyBuffer(&fileSender{sender: s, id: h.id}, f, *buf); err != nil {
 			return err
 		}
 	}
@@ -148,7 +150,7 @@ func (s *sender) walk(ctx context.Context) error {
 		}
 		stat, ok := fi.Sys().(*types.Stat)
 		if !ok {
-			return errors.Wrapf(err, "invalid fileinfo without stat info: %s", path)
+			return errors.WithStack(&os.PathError{Path: path, Err: syscall.EBADMSG, Op: "fileinfo without stat info"})
 		}
 
 		p := &types.Packet{
diff --git a/vendor/github.com/tonistiigi/fsutil/stat.go b/vendor/github.com/tonistiigi/fsutil/stat.go
index 573894da8062d..2ab8da118e2cf 100644
--- a/vendor/github.com/tonistiigi/fsutil/stat.go
+++ b/vendor/github.com/tonistiigi/fsutil/stat.go
@@ -31,13 +31,13 @@ func mkstat(path, relpath string, fi os.FileInfo, inodemap map[uint64]string) (*
 		if fi.Mode()&os.ModeSymlink != 0 {
 			link, err := os.Readlink(path)
 			if err != nil {
-				return nil, errors.Wrapf(err, "failed to readlink %s", path)
+				return nil, errors.WithStack(err)
 			}
 			stat.Linkname = link
 		}
 	}
 	if err := loadXattr(path, stat); err != nil {
-		return nil, errors.Wrapf(err, "failed to xattr %s", relpath)
+		return nil, err
 	}
 
 	if runtime.GOOS == "windows" {
@@ -49,13 +49,16 @@ func mkstat(path, relpath string, fi os.FileInfo, inodemap map[uint64]string) (*
 		stat.Mode = noPermPart | permPart
 	}
 
+	// Clear the socket bit since archive/tar.FileInfoHeader does not handle it
+	stat.Mode &^= uint32(os.ModeSocket)
+
 	return stat, nil
 }
 
 func Stat(path string) (*types.Stat, error) {
 	fi, err := os.Lstat(path)
 	if err != nil {
-		return nil, errors.Wrap(err, "os stat")
+		return nil, errors.WithStack(err)
 	}
 	return mkstat(path, filepath.Base(path), fi, nil)
 }
diff --git a/vendor/github.com/tonistiigi/fsutil/stat_unix.go b/vendor/github.com/tonistiigi/fsutil/stat_unix.go
index b2e8fea2cb7ea..dd0ed455166f5 100644
--- a/vendor/github.com/tonistiigi/fsutil/stat_unix.go
+++ b/vendor/github.com/tonistiigi/fsutil/stat_unix.go
@@ -14,7 +14,7 @@ import (
 func loadXattr(origpath string, stat *types.Stat) error {
 	xattrs, err := sysx.LListxattr(origpath)
 	if err != nil {
-		if errors.Cause(err) == syscall.ENOTSUP {
+		if errors.Is(err, syscall.ENOTSUP) {
 			return nil
 		}
 		return errors.Wrapf(err, "failed to xattr %s", origpath)
@@ -46,14 +46,18 @@ func setUnixOpt(fi os.FileInfo, stat *types.Stat, path string, seenFiles map[uin
 		}
 
 		ino := s.Ino
+		linked := false
 		if seenFiles != nil {
 			if s.Nlink > 1 {
 				if oldpath, ok := seenFiles[ino]; ok {
 					stat.Linkname = oldpath
 					stat.Size_ = 0
+					linked = true
 				}
 			}
-			seenFiles[ino] = path
+			if !linked {
+				seenFiles[ino] = path
+			}
 		}
 	}
 }
diff --git a/vendor/github.com/tonistiigi/fsutil/tarwriter.go b/vendor/github.com/tonistiigi/fsutil/tarwriter.go
new file mode 100644
index 0000000000000..bd46a2250ff84
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/tarwriter.go
@@ -0,0 +1,80 @@
+package fsutil
+
+import (
+	"archive/tar"
+	"context"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"github.com/pkg/errors"
+	"github.com/tonistiigi/fsutil/types"
+)
+
+func WriteTar(ctx context.Context, fs FS, w io.Writer) error {
+	tw := tar.NewWriter(w)
+	err := fs.Walk(ctx, func(path string, fi os.FileInfo, err error) error {
+		if err != nil && !errors.Is(err, os.ErrNotExist) {
+			return err
+		}
+		stat, ok := fi.Sys().(*types.Stat)
+		if !ok {
+			return errors.WithStack(&os.PathError{Path: path, Err: syscall.EBADMSG, Op: "fileinfo without stat info"})
+		}
+		hdr, err := tar.FileInfoHeader(fi, stat.Linkname)
+		if err != nil {
+			return err
+		}
+
+		name := filepath.ToSlash(path)
+		if fi.IsDir() && !strings.HasSuffix(name, "/") {
+			name += "/"
+		}
+		hdr.Name = name
+
+		hdr.Uid = int(stat.Uid)
+		hdr.Gid = int(stat.Gid)
+		hdr.Devmajor = stat.Devmajor
+		hdr.Devminor = stat.Devminor
+		hdr.Linkname = stat.Linkname
+		if hdr.Linkname != "" {
+			hdr.Size = 0
+			if fi.Mode()&os.ModeSymlink != 0 {
+				hdr.Typeflag = tar.TypeSymlink
+			} else {
+				hdr.Typeflag = tar.TypeLink
+			}
+		}
+
+		if len(stat.Xattrs) > 0 {
+			hdr.PAXRecords = map[string]string{}
+		}
+		for k, v := range stat.Xattrs {
+			hdr.PAXRecords["SCHILY.xattr."+k] = string(v)
+		}
+
+		if err := tw.WriteHeader(hdr); err != nil {
+			return errors.Wrapf(err, "failed to write file header %s", name)
+		}
+
+		if hdr.Typeflag == tar.TypeReg && hdr.Size > 0 && hdr.Linkname == "" {
+			rc, err := fs.Open(path)
+			if err != nil {
+				return err
+			}
+			if _, err := io.Copy(tw, rc); err != nil {
+				return errors.WithStack(err)
+			}
+			if err := rc.Close(); err != nil {
+				return errors.WithStack(err)
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	return tw.Close()
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/types/stat.go b/vendor/github.com/tonistiigi/fsutil/types/stat.go
new file mode 100644
index 0000000000000..b79fd2bd76d42
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/types/stat.go
@@ -0,0 +1,7 @@
+package types
+
+import "os"
+
+func (s Stat) IsDir() bool {
+	return os.FileMode(s.Mode).IsDir()
+}
diff --git a/vendor/github.com/tonistiigi/fsutil/types/stat.pb.go b/vendor/github.com/tonistiigi/fsutil/types/stat.pb.go
index d8b984e65f551..91200fb7790dd 100644
--- a/vendor/github.com/tonistiigi/fsutil/types/stat.pb.go
+++ b/vendor/github.com/tonistiigi/fsutil/types/stat.pb.go
@@ -1,30 +1,19 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: stat.proto
 
-/*
-	Package types is a generated protocol buffer package.
-
-	It is generated from these files:
-		stat.proto
-		wire.proto
-
-	It has these top-level messages:
-		Stat
-		Packet
-*/
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import bytes "bytes"
-
-import strings "strings"
-import reflect "reflect"
-import sortkeys "github.com/gogo/protobuf/sortkeys"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -35,7 +24,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Stat struct {
 	Path    string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
@@ -48,12 +37,40 @@ type Stat struct {
 	Linkname string            `protobuf:"bytes,7,opt,name=linkname,proto3" json:"linkname,omitempty"`
 	Devmajor int64             `protobuf:"varint,8,opt,name=devmajor,proto3" json:"devmajor,omitempty"`
 	Devminor int64             `protobuf:"varint,9,opt,name=devminor,proto3" json:"devminor,omitempty"`
-	Xattrs   map[string][]byte `protobuf:"bytes,10,rep,name=xattrs" json:"xattrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Xattrs   map[string][]byte `protobuf:"bytes,10,rep,name=xattrs,proto3" json:"xattrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 }
 
-func (m *Stat) Reset()                    { *m = Stat{} }
-func (*Stat) ProtoMessage()               {}
-func (*Stat) Descriptor() ([]byte, []int) { return fileDescriptorStat, []int{0} }
+func (m *Stat) Reset()      { *m = Stat{} }
+func (*Stat) ProtoMessage() {}
+func (*Stat) Descriptor() ([]byte, []int) {
+	return fileDescriptor_01fabdc1b78bd68b, []int{0}
+}
+func (m *Stat) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Stat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Stat.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Stat) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Stat.Merge(m, src)
+}
+func (m *Stat) XXX_Size() int {
+	return m.Size()
+}
+func (m *Stat) XXX_DiscardUnknown() {
+	xxx_messageInfo_Stat.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Stat proto.InternalMessageInfo
 
 func (m *Stat) GetPath() string {
 	if m != nil {
@@ -127,7 +144,35 @@ func (m *Stat) GetXattrs() map[string][]byte {
 
 func init() {
 	proto.RegisterType((*Stat)(nil), "fsutil.types.Stat")
+	proto.RegisterMapType((map[string][]byte)(nil), "fsutil.types.Stat.XattrsEntry")
 }
+
+func init() { proto.RegisterFile("stat.proto", fileDescriptor_01fabdc1b78bd68b) }
+
+var fileDescriptor_01fabdc1b78bd68b = []byte{
+	// 317 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x4c, 0x91, 0xbd, 0x4e, 0xc3, 0x30,
+	0x14, 0x85, 0x73, 0x9b, 0xfe, 0xba, 0x45, 0x42, 0x16, 0x83, 0xd5, 0xe1, 0x2a, 0x62, 0xca, 0x94,
+	0x01, 0x24, 0xc4, 0xcf, 0x86, 0xc4, 0x0b, 0x04, 0x06, 0xc4, 0x66, 0x64, 0x53, 0x4c, 0x9b, 0xb8,
+	0x4a, 0xdc, 0x8a, 0x32, 0xf1, 0x08, 0x3c, 0x06, 0x6f, 0x02, 0x63, 0xc7, 0x8e, 0xd4, 0x5d, 0x18,
+	0xfb, 0x08, 0xc8, 0x4e, 0x5b, 0xba, 0x9d, 0xf3, 0x9d, 0x7b, 0x95, 0x9c, 0x6b, 0x42, 0x4a, 0xc3,
+	0x4d, 0x32, 0x2e, 0xb4, 0xd1, 0xb4, 0xf7, 0x54, 0x4e, 0x8c, 0x1a, 0x25, 0x66, 0x36, 0x96, 0xe5,
+	0xf1, 0x57, 0x8d, 0xd4, 0x6f, 0x0d, 0x37, 0x94, 0x92, 0xfa, 0x98, 0x9b, 0x67, 0x06, 0x11, 0xc4,
+	0x9d, 0xd4, 0x6b, 0xc7, 0x32, 0x2d, 0x24, 0xab, 0x45, 0x10, 0x1f, 0xa4, 0x5e, 0xd3, 0x43, 0x12,
+	0x4e, 0x94, 0x60, 0xa1, 0x47, 0x4e, 0x3a, 0x32, 0x50, 0x82, 0xd5, 0x2b, 0x32, 0x50, 0xc2, 0xed,
+	0x95, 0xea, 0x4d, 0xb2, 0x46, 0x04, 0x71, 0x98, 0x7a, 0x4d, 0x19, 0x69, 0x65, 0x5a, 0xdc, 0xa9,
+	0x4c, 0xb2, 0xa6, 0xc7, 0x5b, 0x4b, 0xfb, 0xa4, 0x3d, 0x52, 0xf9, 0x30, 0xe7, 0x99, 0x64, 0x2d,
+	0xff, 0xf5, 0x9d, 0x77, 0x99, 0x90, 0xd3, 0x8c, 0xbf, 0xe8, 0x82, 0xb5, 0xfd, 0xda, 0xce, 0x6f,
+	0x33, 0x95, 0xeb, 0x82, 0x75, 0xfe, 0x33, 0xe7, 0xe9, 0x19, 0x69, 0xbe, 0x72, 0x63, 0x8a, 0x92,
+	0x91, 0x28, 0x8c, 0xbb, 0x27, 0x98, 0xec, 0xb7, 0x4e, 0x5c, 0xe3, 0xe4, 0xde, 0x0f, 0xdc, 0xe4,
+	0xa6, 0x98, 0xa5, 0x9b, 0xe9, 0xfe, 0x05, 0xe9, 0xee, 0x61, 0x57, 0x6d, 0x28, 0x67, 0x9b, 0x9b,
+	0x38, 0x49, 0x8f, 0x48, 0x63, 0xca, 0x47, 0x93, 0xea, 0x26, 0xbd, 0xb4, 0x32, 0x97, 0xb5, 0x73,
+	0xb8, 0xbe, 0x9a, 0x2f, 0x31, 0x58, 0x2c, 0x31, 0x58, 0x2f, 0x11, 0xde, 0x2d, 0xc2, 0xa7, 0x45,
+	0xf8, 0xb6, 0x08, 0x73, 0x8b, 0xf0, 0x63, 0x11, 0x7e, 0x2d, 0x06, 0x6b, 0x8b, 0xf0, 0xb1, 0xc2,
+	0x60, 0xbe, 0xc2, 0x60, 0xb1, 0xc2, 0xe0, 0xa1, 0xe1, 0x7f, 0xe8, 0xb1, 0xe9, 0xdf, 0xe6, 0xf4,
+	0x2f, 0x00, 0x00, 0xff, 0xff, 0x06, 0x97, 0xf3, 0xd7, 0xa9, 0x01, 0x00, 0x00,
+}
+
 func (this *Stat) Equal(that interface{}) bool {
 	if that == nil {
 		return this == nil
@@ -203,7 +248,7 @@ func (this *Stat) GoString() string {
 	for k, _ := range this.Xattrs {
 		keysForXattrs = append(keysForXattrs, k)
 	}
-	sortkeys.Strings(keysForXattrs)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForXattrs)
 	mapStringForXattrs := "map[string][]byte{"
 	for _, k := range keysForXattrs {
 		mapStringForXattrs += fmt.Sprintf("%#v: %#v,", k, this.Xattrs[k])
@@ -226,7 +271,7 @@ func valueToGoStringStat(v interface{}, typ string) string {
 func (m *Stat) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -234,93 +279,103 @@ func (m *Stat) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Stat) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Stat) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Path) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintStat(dAtA, i, uint64(len(m.Path)))
-		i += copy(dAtA[i:], m.Path)
-	}
-	if m.Mode != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintStat(dAtA, i, uint64(m.Mode))
+	if len(m.Xattrs) > 0 {
+		for k := range m.Xattrs {
+			v := m.Xattrs[k]
+			baseI := i
+			if len(v) > 0 {
+				i -= len(v)
+				copy(dAtA[i:], v)
+				i = encodeVarintStat(dAtA, i, uint64(len(v)))
+				i--
+				dAtA[i] = 0x12
+			}
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintStat(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintStat(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x52
+		}
 	}
-	if m.Uid != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintStat(dAtA, i, uint64(m.Uid))
+	if m.Devminor != 0 {
+		i = encodeVarintStat(dAtA, i, uint64(m.Devminor))
+		i--
+		dAtA[i] = 0x48
 	}
-	if m.Gid != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintStat(dAtA, i, uint64(m.Gid))
+	if m.Devmajor != 0 {
+		i = encodeVarintStat(dAtA, i, uint64(m.Devmajor))
+		i--
+		dAtA[i] = 0x40
 	}
-	if m.Size_ != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintStat(dAtA, i, uint64(m.Size_))
+	if len(m.Linkname) > 0 {
+		i -= len(m.Linkname)
+		copy(dAtA[i:], m.Linkname)
+		i = encodeVarintStat(dAtA, i, uint64(len(m.Linkname)))
+		i--
+		dAtA[i] = 0x3a
 	}
 	if m.ModTime != 0 {
-		dAtA[i] = 0x30
-		i++
 		i = encodeVarintStat(dAtA, i, uint64(m.ModTime))
+		i--
+		dAtA[i] = 0x30
 	}
-	if len(m.Linkname) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintStat(dAtA, i, uint64(len(m.Linkname)))
-		i += copy(dAtA[i:], m.Linkname)
+	if m.Size_ != 0 {
+		i = encodeVarintStat(dAtA, i, uint64(m.Size_))
+		i--
+		dAtA[i] = 0x28
 	}
-	if m.Devmajor != 0 {
-		dAtA[i] = 0x40
-		i++
-		i = encodeVarintStat(dAtA, i, uint64(m.Devmajor))
+	if m.Gid != 0 {
+		i = encodeVarintStat(dAtA, i, uint64(m.Gid))
+		i--
+		dAtA[i] = 0x20
 	}
-	if m.Devminor != 0 {
-		dAtA[i] = 0x48
-		i++
-		i = encodeVarintStat(dAtA, i, uint64(m.Devminor))
+	if m.Uid != 0 {
+		i = encodeVarintStat(dAtA, i, uint64(m.Uid))
+		i--
+		dAtA[i] = 0x18
 	}
-	if len(m.Xattrs) > 0 {
-		for k, _ := range m.Xattrs {
-			dAtA[i] = 0x52
-			i++
-			v := m.Xattrs[k]
-			byteSize := 0
-			if len(v) > 0 {
-				byteSize = 1 + len(v) + sovStat(uint64(len(v)))
-			}
-			mapSize := 1 + len(k) + sovStat(uint64(len(k))) + byteSize
-			i = encodeVarintStat(dAtA, i, uint64(mapSize))
-			dAtA[i] = 0xa
-			i++
-			i = encodeVarintStat(dAtA, i, uint64(len(k)))
-			i += copy(dAtA[i:], k)
-			if len(v) > 0 {
-				dAtA[i] = 0x12
-				i++
-				i = encodeVarintStat(dAtA, i, uint64(len(v)))
-				i += copy(dAtA[i:], v)
-			}
-		}
+	if m.Mode != 0 {
+		i = encodeVarintStat(dAtA, i, uint64(m.Mode))
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Path) > 0 {
+		i -= len(m.Path)
+		copy(dAtA[i:], m.Path)
+		i = encodeVarintStat(dAtA, i, uint64(len(m.Path)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintStat(dAtA []byte, offset int, v uint64) int {
+	offset -= sovStat(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Stat) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	l = len(m.Path)
@@ -368,14 +423,7 @@ func (m *Stat) Size() (n int) {
 }
 
 func sovStat(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozStat(x uint64) (n int) {
 	return sovStat(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -388,7 +436,7 @@ func (this *Stat) String() string {
 	for k, _ := range this.Xattrs {
 		keysForXattrs = append(keysForXattrs, k)
 	}
-	sortkeys.Strings(keysForXattrs)
+	github_com_gogo_protobuf_sortkeys.Strings(keysForXattrs)
 	mapStringForXattrs := "map[string][]byte{"
 	for _, k := range keysForXattrs {
 		mapStringForXattrs += fmt.Sprintf("%v: %v,", k, this.Xattrs[k])
@@ -432,7 +480,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -460,7 +508,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -470,6 +518,9 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStat
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthStat
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -489,7 +540,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Mode |= (uint32(b) & 0x7F) << shift
+				m.Mode |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -508,7 +559,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Uid |= (uint32(b) & 0x7F) << shift
+				m.Uid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -527,7 +578,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Gid |= (uint32(b) & 0x7F) << shift
+				m.Gid |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -546,7 +597,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Size_ |= (int64(b) & 0x7F) << shift
+				m.Size_ |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -565,7 +616,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ModTime |= (int64(b) & 0x7F) << shift
+				m.ModTime |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -584,7 +635,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -594,6 +645,9 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStat
 			}
 			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthStat
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -613,7 +667,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Devmajor |= (int64(b) & 0x7F) << shift
+				m.Devmajor |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -632,7 +686,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Devminor |= (int64(b) & 0x7F) << shift
+				m.Devminor |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -651,7 +705,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -660,6 +714,9 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthStat
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthStat
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -680,7 +737,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					wire |= (uint64(b) & 0x7F) << shift
+					wire |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
@@ -697,7 +754,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						stringLenmapkey |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -707,6 +764,9 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthStat
 					}
 					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthStat
+					}
 					if postStringIndexmapkey > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -723,7 +783,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						mapbyteLen |= (uint64(b) & 0x7F) << shift
+						mapbyteLen |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
@@ -733,6 +793,9 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 						return ErrInvalidLengthStat
 					}
 					postbytesIndex := iNdEx + intMapbyteLen
+					if postbytesIndex < 0 {
+						return ErrInvalidLengthStat
+					}
 					if postbytesIndex > l {
 						return io.ErrUnexpectedEOF
 					}
@@ -765,6 +828,9 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthStat
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthStat
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -780,6 +846,7 @@ func (m *Stat) Unmarshal(dAtA []byte) error {
 func skipStat(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -811,10 +878,8 @@ func skipStat(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -831,79 +896,34 @@ func skipStat(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthStat
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowStat
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipStat(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupStat
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthStat
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthStat = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowStat   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthStat        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowStat          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupStat = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("stat.proto", fileDescriptorStat) }
-
-var fileDescriptorStat = []byte{
-	// 310 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x4c, 0x91, 0xbd, 0x4e, 0xc3, 0x30,
-	0x14, 0x85, 0x73, 0x9b, 0xfe, 0xba, 0x45, 0x42, 0x16, 0x83, 0xd5, 0xe1, 0x2a, 0x62, 0xca, 0x94,
-	0x81, 0x4a, 0x08, 0x18, 0x91, 0x78, 0x81, 0xc0, 0x80, 0xd8, 0x8c, 0x6c, 0x8a, 0x69, 0x13, 0x57,
-	0x89, 0x5b, 0x51, 0x26, 0x1e, 0x81, 0xc7, 0xe0, 0x4d, 0x60, 0xec, 0xc8, 0x48, 0xcc, 0xc2, 0xd8,
-	0x47, 0x40, 0x76, 0xda, 0xd2, 0xed, 0x9c, 0xef, 0xdc, 0xab, 0xe4, 0x5c, 0x13, 0x52, 0x1a, 0x6e,
-	0x92, 0x59, 0xa1, 0x8d, 0xa6, 0x83, 0x87, 0x72, 0x6e, 0xd4, 0x34, 0x31, 0xcb, 0x99, 0x2c, 0x8f,
-	0x3f, 0x1a, 0xa4, 0x79, 0x6d, 0xb8, 0xa1, 0x94, 0x34, 0x67, 0xdc, 0x3c, 0x32, 0x88, 0x20, 0xee,
-	0xa5, 0x5e, 0x3b, 0x96, 0x69, 0x21, 0x59, 0x23, 0x82, 0xf8, 0x20, 0xf5, 0x9a, 0x1e, 0x92, 0x70,
-	0xae, 0x04, 0x0b, 0x3d, 0x72, 0xd2, 0x91, 0xb1, 0x12, 0xac, 0x59, 0x93, 0xb1, 0x12, 0x6e, 0xaf,
-	0x54, 0x2f, 0x92, 0xb5, 0x22, 0x88, 0xc3, 0xd4, 0x6b, 0xca, 0x48, 0x27, 0xd3, 0xe2, 0x46, 0x65,
-	0x92, 0xb5, 0x3d, 0xde, 0x5a, 0x3a, 0x24, 0xdd, 0xa9, 0xca, 0x27, 0x39, 0xcf, 0x24, 0xeb, 0xf8,
-	0xaf, 0xef, 0xbc, 0xcb, 0x84, 0x5c, 0x64, 0xfc, 0x49, 0x17, 0xac, 0xeb, 0xd7, 0x76, 0x7e, 0x9b,
-	0xa9, 0x5c, 0x17, 0xac, 0xf7, 0x9f, 0x39, 0x4f, 0x4f, 0x49, 0xfb, 0x99, 0x1b, 0x53, 0x94, 0x8c,
-	0x44, 0x61, 0xdc, 0x3f, 0xc1, 0x64, 0xbf, 0x75, 0xe2, 0x1a, 0x27, 0xb7, 0x7e, 0xe0, 0x2a, 0x37,
-	0xc5, 0x32, 0xdd, 0x4c, 0x0f, 0xcf, 0x49, 0x7f, 0x0f, 0xbb, 0x6a, 0x13, 0xb9, 0xdc, 0xdc, 0xc4,
-	0x49, 0x7a, 0x44, 0x5a, 0x0b, 0x3e, 0x9d, 0xd7, 0x37, 0x19, 0xa4, 0xb5, 0xb9, 0x68, 0x9c, 0xc1,
-	0xe5, 0x68, 0x55, 0x61, 0xf0, 0x55, 0x61, 0xb0, 0xae, 0x10, 0x5e, 0x2d, 0xc2, 0xbb, 0x45, 0xf8,
-	0xb4, 0x08, 0x2b, 0x8b, 0xf0, 0x6d, 0x11, 0x7e, 0x2d, 0x06, 0x6b, 0x8b, 0xf0, 0xf6, 0x83, 0xc1,
-	0x5d, 0xcb, 0xff, 0xc8, 0x7d, 0xdb, 0xbf, 0xc9, 0xe8, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x90, 0xc2,
-	0xcf, 0x79, 0xa1, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/tonistiigi/fsutil/types/wire.pb.go b/vendor/github.com/tonistiigi/fsutil/types/wire.pb.go
index 47db09479a1a1..9e22269e95c17 100644
--- a/vendor/github.com/tonistiigi/fsutil/types/wire.pb.go
+++ b/vendor/github.com/tonistiigi/fsutil/types/wire.pb.go
@@ -3,24 +3,29 @@
 
 package types
 
-import proto "github.com/gogo/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-import strconv "strconv"
-
-import bytes "bytes"
-
-import strings "strings"
-import reflect "reflect"
-
-import io "io"
+import (
+	bytes "bytes"
+	fmt "fmt"
+	proto "github.com/gogo/protobuf/proto"
+	io "io"
+	math "math"
+	math_bits "math/bits"
+	reflect "reflect"
+	strconv "strconv"
+	strings "strings"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+
 type Packet_PacketType int32
 
 const (
@@ -38,6 +43,7 @@ var Packet_PacketType_name = map[int32]string{
 	3: "PACKET_FIN",
 	4: "PACKET_ERR",
 }
+
 var Packet_PacketType_value = map[string]int32{
 	"PACKET_STAT": 0,
 	"PACKET_REQ":  1,
@@ -46,18 +52,48 @@ var Packet_PacketType_value = map[string]int32{
 	"PACKET_ERR":  4,
 }
 
-func (Packet_PacketType) EnumDescriptor() ([]byte, []int) { return fileDescriptorWire, []int{0, 0} }
+func (Packet_PacketType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_f2dcdddcdf68d8e0, []int{0, 0}
+}
 
 type Packet struct {
 	Type Packet_PacketType `protobuf:"varint,1,opt,name=type,proto3,enum=fsutil.types.Packet_PacketType" json:"type,omitempty"`
-	Stat *Stat             `protobuf:"bytes,2,opt,name=stat" json:"stat,omitempty"`
+	Stat *Stat             `protobuf:"bytes,2,opt,name=stat,proto3" json:"stat,omitempty"`
 	ID   uint32            `protobuf:"varint,3,opt,name=ID,proto3" json:"ID,omitempty"`
 	Data []byte            `protobuf:"bytes,4,opt,name=data,proto3" json:"data,omitempty"`
 }
 
-func (m *Packet) Reset()                    { *m = Packet{} }
-func (*Packet) ProtoMessage()               {}
-func (*Packet) Descriptor() ([]byte, []int) { return fileDescriptorWire, []int{0} }
+func (m *Packet) Reset()      { *m = Packet{} }
+func (*Packet) ProtoMessage() {}
+func (*Packet) Descriptor() ([]byte, []int) {
+	return fileDescriptor_f2dcdddcdf68d8e0, []int{0}
+}
+func (m *Packet) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Packet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_Packet.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *Packet) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Packet.Merge(m, src)
+}
+func (m *Packet) XXX_Size() int {
+	return m.Size()
+}
+func (m *Packet) XXX_DiscardUnknown() {
+	xxx_messageInfo_Packet.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Packet proto.InternalMessageInfo
 
 func (m *Packet) GetType() Packet_PacketType {
 	if m != nil {
@@ -88,9 +124,34 @@ func (m *Packet) GetData() []byte {
 }
 
 func init() {
-	proto.RegisterType((*Packet)(nil), "fsutil.types.Packet")
 	proto.RegisterEnum("fsutil.types.Packet_PacketType", Packet_PacketType_name, Packet_PacketType_value)
+	proto.RegisterType((*Packet)(nil), "fsutil.types.Packet")
+}
+
+func init() { proto.RegisterFile("wire.proto", fileDescriptor_f2dcdddcdf68d8e0) }
+
+var fileDescriptor_f2dcdddcdf68d8e0 = []byte{
+	// 276 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2a, 0xcf, 0x2c, 0x4a,
+	0xd5, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x49, 0x2b, 0x2e, 0x2d, 0xc9, 0xcc, 0xd1, 0x2b,
+	0xa9, 0x2c, 0x48, 0x2d, 0x96, 0xe2, 0x2a, 0x2e, 0x49, 0x2c, 0x81, 0xc8, 0x28, 0xbd, 0x64, 0xe4,
+	0x62, 0x0b, 0x48, 0x4c, 0xce, 0x4e, 0x2d, 0x11, 0x32, 0xe6, 0x62, 0x01, 0xc9, 0x4b, 0x30, 0x2a,
+	0x30, 0x6a, 0xf0, 0x19, 0xc9, 0xeb, 0x21, 0xeb, 0xd1, 0x83, 0xa8, 0x81, 0x52, 0x21, 0x95, 0x05,
+	0xa9, 0x41, 0x60, 0xc5, 0x42, 0x6a, 0x5c, 0x2c, 0x20, 0xd3, 0x24, 0x98, 0x14, 0x18, 0x35, 0xb8,
+	0x8d, 0x84, 0x50, 0x35, 0x05, 0x97, 0x24, 0x96, 0x04, 0x81, 0xe5, 0x85, 0xf8, 0xb8, 0x98, 0x3c,
+	0x5d, 0x24, 0x98, 0x15, 0x18, 0x35, 0x78, 0x83, 0x98, 0x3c, 0x5d, 0x84, 0x84, 0xb8, 0x58, 0x52,
+	0x12, 0x4b, 0x12, 0x25, 0x58, 0x14, 0x18, 0x35, 0x78, 0x82, 0xc0, 0x6c, 0xa5, 0x38, 0x2e, 0x2e,
+	0x84, 0xf9, 0x42, 0xfc, 0x5c, 0xdc, 0x01, 0x8e, 0xce, 0xde, 0xae, 0x21, 0xf1, 0xc1, 0x21, 0x8e,
+	0x21, 0x02, 0x0c, 0x42, 0x7c, 0x5c, 0x5c, 0x50, 0x81, 0x20, 0xd7, 0x40, 0x01, 0x46, 0x24, 0x05,
+	0x2e, 0x8e, 0x21, 0x8e, 0x02, 0x4c, 0x48, 0x0a, 0xdc, 0x3c, 0xfd, 0x04, 0x98, 0x91, 0xf8, 0xae,
+	0x41, 0x41, 0x02, 0x2c, 0x4e, 0xd6, 0x17, 0x1e, 0xca, 0x31, 0xdc, 0x78, 0x28, 0xc7, 0xf0, 0xe1,
+	0xa1, 0x1c, 0x63, 0xc3, 0x23, 0x39, 0xc6, 0x15, 0x8f, 0xe4, 0x18, 0x4f, 0x3c, 0x92, 0x63, 0xbc,
+	0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x17, 0x8f, 0xe4, 0x18, 0x3e, 0x3c, 0x92, 0x63,
+	0x9c, 0xf0, 0x58, 0x8e, 0xe1, 0xc2, 0x63, 0x39, 0x86, 0x1b, 0x8f, 0xe5, 0x18, 0xa2, 0x58, 0xc1,
+	0x7e, 0x49, 0x62, 0x03, 0x87, 0x97, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0x3f, 0x9d, 0xe3, 0x51,
+	0x57, 0x01, 0x00, 0x00,
 }
+
 func (x Packet_PacketType) String() string {
 	s, ok := Packet_PacketType_name[int32(x)]
 	if ok {
@@ -157,7 +218,7 @@ func valueToGoStringWire(v interface{}, typ string) string {
 func (m *Packet) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -165,49 +226,62 @@ func (m *Packet) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Packet) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Packet) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Type != 0 {
-		dAtA[i] = 0x8
-		i++
-		i = encodeVarintWire(dAtA, i, uint64(m.Type))
-	}
-	if m.Stat != nil {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintWire(dAtA, i, uint64(m.Stat.Size()))
-		n1, err := m.Stat.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n1
+	if len(m.Data) > 0 {
+		i -= len(m.Data)
+		copy(dAtA[i:], m.Data)
+		i = encodeVarintWire(dAtA, i, uint64(len(m.Data)))
+		i--
+		dAtA[i] = 0x22
 	}
 	if m.ID != 0 {
-		dAtA[i] = 0x18
-		i++
 		i = encodeVarintWire(dAtA, i, uint64(m.ID))
+		i--
+		dAtA[i] = 0x18
 	}
-	if len(m.Data) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintWire(dAtA, i, uint64(len(m.Data)))
-		i += copy(dAtA[i:], m.Data)
+	if m.Stat != nil {
+		{
+			size, err := m.Stat.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintWire(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Type != 0 {
+		i = encodeVarintWire(dAtA, i, uint64(m.Type))
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintWire(dAtA []byte, offset int, v uint64) int {
+	offset -= sovWire(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Packet) Size() (n int) {
+	if m == nil {
+		return 0
+	}
 	var l int
 	_ = l
 	if m.Type != 0 {
@@ -228,14 +302,7 @@ func (m *Packet) Size() (n int) {
 }
 
 func sovWire(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozWire(x uint64) (n int) {
 	return sovWire(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -276,7 +343,7 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
+			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -304,7 +371,7 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Type |= (Packet_PacketType(b) & 0x7F) << shift
+				m.Type |= Packet_PacketType(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -323,7 +390,7 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -332,6 +399,9 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWire
 			}
 			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthWire
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -356,7 +426,7 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.ID |= (uint32(b) & 0x7F) << shift
+				m.ID |= uint32(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -375,7 +445,7 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= (int(b) & 0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -384,6 +454,9 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthWire
 			}
 			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthWire
+			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -401,6 +474,9 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 			if skippy < 0 {
 				return ErrInvalidLengthWire
 			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthWire
+			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -416,6 +492,7 @@ func (m *Packet) Unmarshal(dAtA []byte) error {
 func skipWire(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -447,10 +524,8 @@ func skipWire(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -467,76 +542,34 @@ func skipWire(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthWire
 			}
-			return iNdEx, nil
+			iNdEx += length
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowWire
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipWire(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupWire
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthWire
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthWire = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowWire   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthWire        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowWire          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupWire = fmt.Errorf("proto: unexpected end of group")
 )
-
-func init() { proto.RegisterFile("wire.proto", fileDescriptorWire) }
-
-var fileDescriptorWire = []byte{
-	// 268 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2a, 0xcf, 0x2c, 0x4a,
-	0xd5, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x49, 0x2b, 0x2e, 0x2d, 0xc9, 0xcc, 0xd1, 0x2b,
-	0xa9, 0x2c, 0x48, 0x2d, 0x96, 0xe2, 0x2a, 0x2e, 0x49, 0x2c, 0x81, 0xc8, 0x28, 0xbd, 0x64, 0xe4,
-	0x62, 0x0b, 0x48, 0x4c, 0xce, 0x4e, 0x2d, 0x11, 0x32, 0xe6, 0x62, 0x01, 0xc9, 0x4b, 0x30, 0x2a,
-	0x30, 0x6a, 0xf0, 0x19, 0xc9, 0xeb, 0x21, 0xeb, 0xd1, 0x83, 0xa8, 0x81, 0x52, 0x21, 0x95, 0x05,
-	0xa9, 0x41, 0x60, 0xc5, 0x42, 0x6a, 0x5c, 0x2c, 0x20, 0xd3, 0x24, 0x98, 0x14, 0x18, 0x35, 0xb8,
-	0x8d, 0x84, 0x50, 0x35, 0x05, 0x97, 0x24, 0x96, 0x04, 0x81, 0xe5, 0x85, 0xf8, 0xb8, 0x98, 0x3c,
-	0x5d, 0x24, 0x98, 0x15, 0x18, 0x35, 0x78, 0x83, 0x98, 0x3c, 0x5d, 0x84, 0x84, 0xb8, 0x58, 0x52,
-	0x12, 0x4b, 0x12, 0x25, 0x58, 0x14, 0x18, 0x35, 0x78, 0x82, 0xc0, 0x6c, 0xa5, 0x38, 0x2e, 0x2e,
-	0x84, 0xf9, 0x42, 0xfc, 0x5c, 0xdc, 0x01, 0x8e, 0xce, 0xde, 0xae, 0x21, 0xf1, 0xc1, 0x21, 0x8e,
-	0x21, 0x02, 0x0c, 0x42, 0x7c, 0x5c, 0x5c, 0x50, 0x81, 0x20, 0xd7, 0x40, 0x01, 0x46, 0x24, 0x05,
-	0x2e, 0x8e, 0x21, 0x8e, 0x02, 0x4c, 0x48, 0x0a, 0xdc, 0x3c, 0xfd, 0x04, 0x98, 0x91, 0xf8, 0xae,
-	0x41, 0x41, 0x02, 0x2c, 0x4e, 0xc6, 0x17, 0x1e, 0xca, 0x31, 0xdc, 0x78, 0x28, 0xc7, 0xf0, 0xe1,
-	0xa1, 0x1c, 0x63, 0xc3, 0x23, 0x39, 0xc6, 0x15, 0x8f, 0xe4, 0x18, 0x4f, 0x3c, 0x92, 0x63, 0xbc,
-	0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x17, 0x8f, 0xe4, 0x18, 0x3e, 0x3c, 0x92, 0x63,
-	0x9c, 0xf0, 0x58, 0x8e, 0x21, 0x8a, 0x15, 0xec, 0x87, 0x24, 0x36, 0x70, 0x38, 0x19, 0x03, 0x02,
-	0x00, 0x00, 0xff, 0xff, 0xce, 0x0f, 0xe2, 0x94, 0x4f, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/github.com/tonistiigi/fsutil/validator.go b/vendor/github.com/tonistiigi/fsutil/validator.go
index 2bd1287a8535f..9bd7d94d36438 100644
--- a/vendor/github.com/tonistiigi/fsutil/validator.go
+++ b/vendor/github.com/tonistiigi/fsutil/validator.go
@@ -6,6 +6,7 @@ import (
 	"runtime"
 	"sort"
 	"strings"
+	"syscall"
 
 	"github.com/pkg/errors"
 )
@@ -31,10 +32,10 @@ func (v *Validator) HandleChange(kind ChangeKind, p string, fi os.FileInfo, err
 		p = strings.Replace(p, "\\", "", -1)
 	}
 	if p != path.Clean(p) {
-		return errors.Errorf("invalid unclean path %s", p)
+		return errors.WithStack(&os.PathError{Path: p, Err: syscall.EINVAL, Op: "unclean path"})
 	}
 	if path.IsAbs(p) {
-		return errors.Errorf("abolute path %s not allowed", p)
+		return errors.WithStack(&os.PathError{Path: p, Err: syscall.EINVAL, Op: "absolute path"})
 	}
 	dir := path.Dir(p)
 	base := path.Base(p)
@@ -42,7 +43,7 @@ func (v *Validator) HandleChange(kind ChangeKind, p string, fi os.FileInfo, err
 		dir = ""
 	}
 	if dir == ".." || strings.HasPrefix(p, "../") {
-		return errors.Errorf("invalid path: %s", p)
+		return errors.WithStack(&os.PathError{Path: p, Err: syscall.EINVAL, Op: "escape check"})
 	}
 
 	// find a parent dir from saved records
diff --git a/vendor/github.com/tonistiigi/fsutil/walker.go b/vendor/github.com/tonistiigi/fsutil/walker.go
index 39e6c940471b7..cc6143db49c73 100644
--- a/vendor/github.com/tonistiigi/fsutil/walker.go
+++ b/vendor/github.com/tonistiigi/fsutil/walker.go
@@ -5,10 +5,12 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"syscall"
 	"time"
 
 	"github.com/docker/docker/pkg/fileutils"
 	"github.com/pkg/errors"
+	"github.com/tonistiigi/fsutil/prefix"
 	"github.com/tonistiigi/fsutil/types"
 )
 
@@ -18,27 +20,27 @@ type WalkOpt struct {
 	// FollowPaths contains symlinks that are resolved into include patterns
 	// before performing the fs walk
 	FollowPaths []string
-	Map         func(*types.Stat) bool
+	Map         FilterFunc
 }
 
 func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) error {
 	root, err := filepath.EvalSymlinks(p)
 	if err != nil {
-		return errors.Wrapf(err, "failed to resolve %s", root)
+		return errors.WithStack(&os.PathError{Op: "resolve", Path: root, Err: err})
 	}
 	fi, err := os.Stat(root)
 	if err != nil {
-		return errors.Wrapf(err, "failed to stat: %s", root)
+		return errors.WithStack(err)
 	}
 	if !fi.IsDir() {
-		return errors.Errorf("%s is not a directory", root)
+		return errors.WithStack(&os.PathError{Op: "walk", Path: root, Err: syscall.ENOTDIR})
 	}
 
 	var pm *fileutils.PatternMatcher
 	if opt != nil && opt.ExcludePatterns != nil {
 		pm, err = fileutils.NewPatternMatcher(opt.ExcludePatterns)
 		if err != nil {
-			return errors.Wrapf(err, "invalid excludepaths %s", opt.ExcludePatterns)
+			return errors.Wrapf(err, "invalid excludepatterns: %s", opt.ExcludePatterns)
 		}
 	}
 
@@ -64,17 +66,15 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
 
 	seenFiles := make(map[uint64]string)
 	return filepath.Walk(root, func(path string, fi os.FileInfo, err error) (retErr error) {
-		if err != nil {
-			if os.IsNotExist(err) {
-				return filepath.SkipDir
-			}
-			return err
-		}
 		defer func() {
-			if retErr != nil && os.IsNotExist(errors.Cause(retErr)) {
+			if retErr != nil && isNotExist(retErr) {
 				retErr = filepath.SkipDir
 			}
 		}()
+		if err != nil {
+			return err
+		}
+
 		origpath := path
 		path, err = filepath.Rel(root, path)
 		if err != nil {
@@ -97,8 +97,8 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
 				if !skip {
 					matched := false
 					partial := true
-					for _, p := range includePatterns {
-						if ok, p := matchPrefix(p, path); ok {
+					for _, pattern := range includePatterns {
+						if ok, p := prefix.Match(pattern, path, false); ok {
 							matched = true
 							if !p {
 								partial = false
@@ -156,7 +156,7 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
 			return ctx.Err()
 		default:
 			if opt != nil && opt.Map != nil {
-				if allowed := opt.Map(stat); !allowed {
+				if allowed := opt.Map(stat.Path, stat); !allowed {
 					return nil
 				}
 			}
@@ -191,28 +191,6 @@ func (s *StatInfo) Sys() interface{} {
 	return s.Stat
 }
 
-func matchPrefix(pattern, name string) (bool, bool) {
-	count := strings.Count(name, string(filepath.Separator))
-	partial := false
-	if strings.Count(pattern, string(filepath.Separator)) > count {
-		pattern = trimUntilIndex(pattern, string(filepath.Separator), count)
-		partial = true
-	}
-	m, _ := filepath.Match(pattern, name)
-	return m, partial
-}
-
-func trimUntilIndex(str, sep string, count int) string {
-	s := str
-	i := 0
-	c := 0
-	for {
-		idx := strings.Index(s, sep)
-		s = s[idx+len(sep):]
-		i += idx + len(sep)
-		c++
-		if c > count {
-			return str[:i-len(sep)]
-		}
-	}
+func isNotExist(err error) bool {
+	return errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR)
 }
diff --git a/vendor/github.com/tonistiigi/units/LICENSE b/vendor/github.com/tonistiigi/units/LICENSE
new file mode 100644
index 0000000000000..5c1095df0d9da
--- /dev/null
+++ b/vendor/github.com/tonistiigi/units/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Tõnis Tiigi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/tonistiigi/units/bytes.go b/vendor/github.com/tonistiigi/units/bytes.go
new file mode 100644
index 0000000000000..5a82fc1b349b9
--- /dev/null
+++ b/vendor/github.com/tonistiigi/units/bytes.go
@@ -0,0 +1,125 @@
+/*
+	Simple byte size formatting.
+
+	This package implements types that can be used in stdlib formatting functions
+	like `fmt.Printf` to control the output of the expected printed string.
+
+
+	Floating point flags %f and %g print the value in using the correct unit
+	suffix. Decimal units are default, # switches to binary units. If a value is
+	best represented as full bytes, integer bytes are printed instead.
+
+		Examples:
+			fmt.Printf("%.2f", 123 * B)   => "123B"
+			fmt.Printf("%.2f", 1234 * B)  => "1.23kB"
+			fmt.Printf("%g", 1200 * B)    => "1.2kB"
+			fmt.Printf("%#g", 1024 * B)   => "1KiB"
+
+
+	Integer flag %d always prints the value in bytes. # flag adds an unit prefix.
+
+		Examples:
+			fmt.Printf("%d", 1234 * B)    => "1234"
+			fmt.Printf("%#d", 1234 * B)   => "1234B"
+
+	%v is equal to %g
+
+*/
+package units
+
+import (
+	"fmt"
+	"io"
+	"math"
+	"math/big"
+)
+
+type Bytes int64
+
+const (
+	B Bytes = 1 << (10 * iota)
+	KiB
+	MiB
+	GiB
+	TiB
+	PiB
+	EiB
+
+	KB = 1e3 * B
+	MB = 1e3 * KB
+	GB = 1e3 * MB
+	TB = 1e3 * GB
+	PB = 1e3 * TB
+	EB = 1e3 * PB
+)
+
+var units = map[bool][]string{
+	false: []string{
+		"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB",
+	},
+	true: []string{
+		"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB",
+	},
+}
+
+func (b Bytes) Format(f fmt.State, c rune) {
+	switch c {
+	case 'f', 'g':
+		fv, unit, ok := b.floatValue(f.Flag('#'))
+		if !ok {
+			b.formatInt(&noPrecision{f}, 'd', true)
+			return
+		}
+		big.NewFloat(fv).Format(f, c)
+		io.WriteString(f, unit)
+	case 'd':
+		b.formatInt(f, c, f.Flag('#'))
+	default:
+		if f.Flag('#') {
+			fmt.Fprintf(f, "bytes(%d)", int64(b))
+		} else {
+			fmt.Fprintf(f, "%g", b)
+		}
+	}
+}
+
+func (b Bytes) formatInt(f fmt.State, c rune, withUnit bool) {
+	big.NewInt(int64(b)).Format(f, c)
+	if withUnit {
+		io.WriteString(f, "B")
+	}
+}
+
+func (b Bytes) floatValue(binary bool) (float64, string, bool) {
+	i := 0
+	var baseUnit Bytes = 1
+	if b < 0 {
+		baseUnit *= -1
+	}
+	for {
+		next := baseUnit
+		if binary {
+			next *= 1 << 10
+		} else {
+			next *= 1e3
+		}
+		if (baseUnit > 0 && b >= next) || (baseUnit < 0 && b <= next) {
+			i++
+			baseUnit = next
+			continue
+		}
+		if i == 0 {
+			return 0, "", false
+		}
+
+		return float64(b) / math.Abs(float64(baseUnit)), units[binary][i], true
+	}
+}
+
+type noPrecision struct {
+	fmt.State
+}
+
+func (*noPrecision) Precision() (prec int, ok bool) {
+	return 0, false
+}
diff --git a/vendor/github.com/tonistiigi/units/readme.md b/vendor/github.com/tonistiigi/units/readme.md
new file mode 100644
index 0000000000000..5c67d30d43d18
--- /dev/null
+++ b/vendor/github.com/tonistiigi/units/readme.md
@@ -0,0 +1,29 @@
+#### Simple byte size formatting.
+
+This package implements types that can be used in stdlib formatting functions
+like `fmt.Printf` to control the output of the expected printed string.
+
+Floating point flags `%f` and %g print the value in using the correct unit
+suffix. Decimal units are default, `#` switches to binary units. If a value is
+best represented as full bytes, integer bytes are printed instead.
+
+##### Examples:
+
+```
+fmt.Printf("%.2f", 123 * B)   => "123B"
+fmt.Printf("%.2f", 1234 * B)  => "1.23kB"
+fmt.Printf("%g", 1200 * B)    => "1.2kB"
+fmt.Printf("%#g", 1024 * B)   => "1KiB"
+```
+
+
+Integer flag `%d` always prints the value in bytes. `#` flag adds an unit prefix.
+
+##### Examples:
+
+```
+fmt.Printf("%d", 1234 * B)    => "1234"
+fmt.Printf("%#d", 1234 * B)   => "1234B"
+```
+
+`%v` is equal to `%g`
\ No newline at end of file
diff --git a/vendor/github.com/ugorji/go/LICENSE b/vendor/github.com/ugorji/go/LICENSE
deleted file mode 100644
index 95a0f0541cdaa..0000000000000
--- a/vendor/github.com/ugorji/go/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2012-2015 Ugorji Nwoke.
-All rights reserved.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/vendor/github.com/ugorji/go/README.md b/vendor/github.com/ugorji/go/README.md
deleted file mode 100644
index 291c6b4add4e7..0000000000000
--- a/vendor/github.com/ugorji/go/README.md
+++ /dev/null
@@ -1,31 +0,0 @@
-[![Sourcegraph](https://sourcegraph.com/github.com/ugorji/go/-/badge.svg?v=2)](https://sourcegraph.com/github.com/ugorji/go/-/tree/codec)
-[![Build Status](https://travis-ci.org/ugorji/go.svg?branch=master)](https://travis-ci.org/ugorji/go)
-[![codecov](https://codecov.io/gh/ugorji/go/branch/master/graph/badge.svg?v=2)](https://codecov.io/gh/ugorji/go)
-[![GoDoc](http://img.shields.io/badge/go-documentation-blue.svg?style=flat-square)](http://godoc.org/github.com/ugorji/go/codec)
-[![rcard](https://goreportcard.com/badge/github.com/ugorji/go/codec?v=2)](https://goreportcard.com/report/github.com/ugorji/go/codec)
-[![License](http://img.shields.io/badge/license-mit-blue.svg?style=flat-square)](https://raw.githubusercontent.com/ugorji/go/master/LICENSE)
-
-# go/codec
-
-This repository contains the `go-codec` library,
-a High Performance and Feature-Rich Idiomatic encode/decode and rpc library for
-
-  - msgpack: https://github.com/msgpack/msgpack
-  - binc:    http://github.com/ugorji/binc
-  - cbor:    http://cbor.io http://tools.ietf.org/html/rfc7049
-  - json:    http://json.org http://tools.ietf.org/html/rfc7159 
-
-For more information:
-
-  - [see the codec/Readme for quick usage information](https://github.com/ugorji/go/tree/master/codec#readme)
-  - [view the API on godoc](http://godoc.org/github.com/ugorji/go/codec)
-  - [read the detailed usage/how-to primer](http://ugorji.net/blog/go-codec-primer)
-
-Install using:
-
-    go get github.com/ugorji/go/codec
-
-TODO:
-
-  - [ ] 2018-03-12 - Release v1.1.1 containing 32-bit fixes
-
diff --git a/vendor/github.com/ugorji/go/codec/0doc.go b/vendor/github.com/ugorji/go/codec/0doc.go
deleted file mode 100644
index b61a8180e4c5b..0000000000000
--- a/vendor/github.com/ugorji/go/codec/0doc.go
+++ /dev/null
@@ -1,264 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-/*
-Package codec provides a
-High Performance, Feature-Rich Idiomatic Go 1.4+ codec/encoding library
-for binc, msgpack, cbor, json.
-
-Supported Serialization formats are:
-
-  - msgpack: https://github.com/msgpack/msgpack
-  - binc:    http://github.com/ugorji/binc
-  - cbor:    http://cbor.io http://tools.ietf.org/html/rfc7049
-  - json:    http://json.org http://tools.ietf.org/html/rfc7159
-  - simple:
-
-To install:
-
-    go get github.com/ugorji/go/codec
-
-This package will carefully use 'unsafe' for performance reasons in specific places.
-You can build without unsafe use by passing the safe or appengine tag
-i.e. 'go install -tags=safe ...'. Note that unsafe is only supported for the last 3
-go sdk versions e.g. current go release is go 1.9, so we support unsafe use only from
-go 1.7+ . This is because supporting unsafe requires knowledge of implementation details.
-
-For detailed usage information, read the primer at http://ugorji.net/blog/go-codec-primer .
-
-The idiomatic Go support is as seen in other encoding packages in
-the standard library (ie json, xml, gob, etc).
-
-Rich Feature Set includes:
-
-  - Simple but extremely powerful and feature-rich API
-  - Support for go1.4 and above, while selectively using newer APIs for later releases
-  - Excellent code coverage ( > 90% )
-  - Very High Performance.
-    Our extensive benchmarks show us outperforming Gob, Json, Bson, etc by 2-4X.
-  - Careful selected use of 'unsafe' for targeted performance gains.
-    100% mode exists where 'unsafe' is not used at all.
-  - Lock-free (sans mutex) concurrency for scaling to 100's of cores
-  - Coerce types where appropriate
-    e.g. decode an int in the stream into a float, decode numbers from formatted strings, etc
-  - Corner Cases:
-    Overflows, nil maps/slices, nil values in streams are handled correctly
-  - Standard field renaming via tags
-  - Support for omitting empty fields during an encoding
-  - Encoding from any value and decoding into pointer to any value
-    (struct, slice, map, primitives, pointers, interface{}, etc)
-  - Extensions to support efficient encoding/decoding of any named types
-  - Support encoding.(Binary|Text)(M|Unm)arshaler interfaces
-  - Support IsZero() bool to determine if a value is a zero value.
-    Analogous to time.Time.IsZero() bool.
-  - Decoding without a schema (into a interface{}).
-    Includes Options to configure what specific map or slice type to use
-    when decoding an encoded list or map into a nil interface{}
-  - Mapping a non-interface type to an interface, so we can decode appropriately
-    into any interface type with a correctly configured non-interface value.
-  - Encode a struct as an array, and decode struct from an array in the data stream
-  - Option to encode struct keys as numbers (instead of strings)
-    (to support structured streams with fields encoded as numeric codes)
-  - Comprehensive support for anonymous fields
-  - Fast (no-reflection) encoding/decoding of common maps and slices
-  - Code-generation for faster performance.
-  - Support binary (e.g. messagepack, cbor) and text (e.g. json) formats
-  - Support indefinite-length formats to enable true streaming
-    (for formats which support it e.g. json, cbor)
-  - Support canonical encoding, where a value is ALWAYS encoded as same sequence of bytes.
-    This mostly applies to maps, where iteration order is non-deterministic.
-  - NIL in data stream decoded as zero value
-  - Never silently skip data when decoding.
-    User decides whether to return an error or silently skip data when keys or indexes
-    in the data stream do not map to fields in the struct.
-  - Detect and error when encoding a cyclic reference (instead of stack overflow shutdown)
-  - Encode/Decode from/to chan types (for iterative streaming support)
-  - Drop-in replacement for encoding/json. `json:` key in struct tag supported.
-  - Provides a RPC Server and Client Codec for net/rpc communication protocol.
-  - Handle unique idiosyncrasies of codecs e.g.
-    - For messagepack, configure how ambiguities in handling raw bytes are resolved
-    - For messagepack, provide rpc server/client codec to support
-      msgpack-rpc protocol defined at:
-      https://github.com/msgpack-rpc/msgpack-rpc/blob/master/spec.md
-
-Extension Support
-
-Users can register a function to handle the encoding or decoding of
-their custom types.
-
-There are no restrictions on what the custom type can be. Some examples:
-
-    type BisSet   []int
-    type BitSet64 uint64
-    type UUID     string
-    type MyStructWithUnexportedFields struct { a int; b bool; c []int; }
-    type GifImage struct { ... }
-
-As an illustration, MyStructWithUnexportedFields would normally be
-encoded as an empty map because it has no exported fields, while UUID
-would be encoded as a string. However, with extension support, you can
-encode any of these however you like.
-
-Custom Encoding and Decoding
-
-This package maintains symmetry in the encoding and decoding halfs.
-We determine how to encode or decode by walking this decision tree
-
-  - is type a codec.Selfer?
-  - is there an extension registered for the type?
-  - is format binary, and is type a encoding.BinaryMarshaler and BinaryUnmarshaler?
-  - is format specifically json, and is type a encoding/json.Marshaler and Unmarshaler?
-  - is format text-based, and type an encoding.TextMarshaler?
-  - else we use a pair of functions based on the "kind" of the type e.g. map, slice, int64, etc
-
-This symmetry is important to reduce chances of issues happening because the
-encoding and decoding sides are out of sync e.g. decoded via very specific
-encoding.TextUnmarshaler but encoded via kind-specific generalized mode.
-
-Consequently, if a type only defines one-half of the symmetry
-(e.g. it implements UnmarshalJSON() but not MarshalJSON() ),
-then that type doesn't satisfy the check and we will continue walking down the
-decision tree.
-
-RPC
-
-RPC Client and Server Codecs are implemented, so the codecs can be used
-with the standard net/rpc package.
-
-Usage
-
-The Handle is SAFE for concurrent READ, but NOT SAFE for concurrent modification.
-
-The Encoder and Decoder are NOT safe for concurrent use.
-
-Consequently, the usage model is basically:
-
-    - Create and initialize the Handle before any use.
-      Once created, DO NOT modify it.
-    - Multiple Encoders or Decoders can now use the Handle concurrently.
-      They only read information off the Handle (never write).
-    - However, each Encoder or Decoder MUST not be used concurrently
-    - To re-use an Encoder/Decoder, call Reset(...) on it first.
-      This allows you use state maintained on the Encoder/Decoder.
-
-Sample usage model:
-
-    // create and configure Handle
-    var (
-      bh codec.BincHandle
-      mh codec.MsgpackHandle
-      ch codec.CborHandle
-    )
-
-    mh.MapType = reflect.TypeOf(map[string]interface{}(nil))
-
-    // configure extensions
-    // e.g. for msgpack, define functions and enable Time support for tag 1
-    // mh.SetExt(reflect.TypeOf(time.Time{}), 1, myExt)
-
-    // create and use decoder/encoder
-    var (
-      r io.Reader
-      w io.Writer
-      b []byte
-      h = &bh // or mh to use msgpack
-    )
-
-    dec = codec.NewDecoder(r, h)
-    dec = codec.NewDecoderBytes(b, h)
-    err = dec.Decode(&v)
-
-    enc = codec.NewEncoder(w, h)
-    enc = codec.NewEncoderBytes(&b, h)
-    err = enc.Encode(v)
-
-    //RPC Server
-    go func() {
-        for {
-            conn, err := listener.Accept()
-            rpcCodec := codec.GoRpc.ServerCodec(conn, h)
-            //OR rpcCodec := codec.MsgpackSpecRpc.ServerCodec(conn, h)
-            rpc.ServeCodec(rpcCodec)
-        }
-    }()
-
-    //RPC Communication (client side)
-    conn, err = net.Dial("tcp", "localhost:5555")
-    rpcCodec := codec.GoRpc.ClientCodec(conn, h)
-    //OR rpcCodec := codec.MsgpackSpecRpc.ClientCodec(conn, h)
-    client := rpc.NewClientWithCodec(rpcCodec)
-
-Running Tests
-
-To run tests, use the following:
-
-    go test
-
-To run the full suite of tests, use the following:
-
-    go test -tags alltests -run Suite
-
-You can run the tag 'safe' to run tests or build in safe mode. e.g.
-
-    go test -tags safe -run Json
-    go test -tags "alltests safe" -run Suite
-
-Running Benchmarks
-
-Please see http://github.com/ugorji/go-codec-bench .
-
-Caveats
-
-Struct fields matching the following are ignored during encoding and decoding
-    - struct tag value set to -
-    - func, complex numbers, unsafe pointers
-    - unexported and not embedded
-    - unexported and embedded and not struct kind
-    - unexported and embedded pointers (from go1.10)
-
-Every other field in a struct will be encoded/decoded.
-
-Embedded fields are encoded as if they exist in the top-level struct,
-with some caveats. See Encode documentation.
-
-*/
-package codec
-
-// TODO:
-//   - For Go 1.11, when mid-stack inlining is enabled,
-//     we should use committed functions for writeXXX and readXXX calls.
-//     This involves uncommenting the methods for decReaderSwitch and encWriterSwitch
-//     and using those (decReaderSwitch and encWriterSwitch) in all handles
-//     instead of encWriter and decReader.
-//     The benefit is that, for the (En|De)coder over []byte, the encWriter/decReader
-//     will be inlined, giving a performance bump for that typical case.
-//     However, it will only  be inlined if mid-stack inlining is enabled,
-//     as we call panic to raise errors, and panic currently prevents inlining.
-//
-// PUNTED:
-//   - To make Handle comparable, make extHandle in BasicHandle a non-embedded pointer,
-//     and use overlay methods on *BasicHandle to call through to extHandle after initializing
-//     the "xh *extHandle" to point to a real slice.
-//
-// BEFORE EACH RELEASE:
-//   - Look through and fix padding for each type, to eliminate false sharing
-//     - critical shared objects that are read many times
-//       TypeInfos
-//     - pooled objects:
-//       decNaked, decNakedContainers, codecFner, typeInfoLoadArray, 
-//     - small objects allocated independently, that we read/use much across threads:
-//       codecFn, typeInfo
-//     - Objects allocated independently and used a lot
-//       Decoder, Encoder,
-//       xxxHandle, xxxEncDriver, xxxDecDriver (xxx = json, msgpack, cbor, binc, simple)
-//     - In all above, arrange values modified together to be close to each other.
-//
-//     For all of these, either ensure that they occupy full cache lines,
-//     or ensure that the things just past the cache line boundary are hardly read/written
-//     e.g. JsonHandle.RawBytesExt - which is copied into json(En|De)cDriver at init
-//
-//     Occupying full cache lines means they occupy 8*N words (where N is an integer).
-//     Check this out by running: ./run.sh -z
-//     - look at those tagged ****, meaning they are not occupying full cache lines
-//     - look at those tagged <<<<, meaning they are larger than 32 words (something to watch)
-//   - Run "golint -min_confidence 0.81"
diff --git a/vendor/github.com/ugorji/go/codec/README.md b/vendor/github.com/ugorji/go/codec/README.md
deleted file mode 100644
index 50d65e550d604..0000000000000
--- a/vendor/github.com/ugorji/go/codec/README.md
+++ /dev/null
@@ -1,206 +0,0 @@
-# Codec
-
-High Performance, Feature-Rich Idiomatic Go codec/encoding library for
-binc, msgpack, cbor, json.
-
-Supported Serialization formats are:
-
-  - msgpack: https://github.com/msgpack/msgpack
-  - binc:    http://github.com/ugorji/binc
-  - cbor:    http://cbor.io http://tools.ietf.org/html/rfc7049
-  - json:    http://json.org http://tools.ietf.org/html/rfc7159
-  - simple: 
-
-To install:
-
-    go get github.com/ugorji/go/codec
-
-This package will carefully use 'unsafe' for performance reasons in specific places.
-You can build without unsafe use by passing the safe or appengine tag
-i.e. 'go install -tags=safe ...'. Note that unsafe is only supported for the last 3
-go sdk versions e.g. current go release is go 1.9, so we support unsafe use only from
-go 1.7+ . This is because supporting unsafe requires knowledge of implementation details.
-
-Online documentation: http://godoc.org/github.com/ugorji/go/codec  
-Detailed Usage/How-to Primer: http://ugorji.net/blog/go-codec-primer
-
-The idiomatic Go support is as seen in other encoding packages in
-the standard library (ie json, xml, gob, etc).
-
-Rich Feature Set includes:
-
-  - Simple but extremely powerful and feature-rich API
-  - Support for go1.4 and above, while selectively using newer APIs for later releases
-  - Excellent code coverage ( > 90% )
-  - Very High Performance.
-    Our extensive benchmarks show us outperforming Gob, Json, Bson, etc by 2-4X.
-  - Careful selected use of 'unsafe' for targeted performance gains.
-    100% mode exists where 'unsafe' is not used at all.
-  - Lock-free (sans mutex) concurrency for scaling to 100's of cores
-  - Coerce types where appropriate
-    e.g. decode an int in the stream into a float, decode numbers from formatted strings, etc
-  - Corner Cases: 
-    Overflows, nil maps/slices, nil values in streams are handled correctly
-  - Standard field renaming via tags
-  - Support for omitting empty fields during an encoding
-  - Encoding from any value and decoding into pointer to any value
-    (struct, slice, map, primitives, pointers, interface{}, etc)
-  - Extensions to support efficient encoding/decoding of any named types
-  - Support encoding.(Binary|Text)(M|Unm)arshaler interfaces
-  - Support IsZero() bool to determine if a value is a zero value.
-    Analogous to time.Time.IsZero() bool.
-  - Decoding without a schema (into a interface{}).
-    Includes Options to configure what specific map or slice type to use
-    when decoding an encoded list or map into a nil interface{}
-  - Mapping a non-interface type to an interface, so we can decode appropriately
-    into any interface type with a correctly configured non-interface value.
-  - Encode a struct as an array, and decode struct from an array in the data stream
-  - Option to encode struct keys as numbers (instead of strings)
-    (to support structured streams with fields encoded as numeric codes)
-  - Comprehensive support for anonymous fields
-  - Fast (no-reflection) encoding/decoding of common maps and slices
-  - Code-generation for faster performance.
-  - Support binary (e.g. messagepack, cbor) and text (e.g. json) formats
-  - Support indefinite-length formats to enable true streaming 
-    (for formats which support it e.g. json, cbor)
-  - Support canonical encoding, where a value is ALWAYS encoded as same sequence of bytes.
-    This mostly applies to maps, where iteration order is non-deterministic.
-  - NIL in data stream decoded as zero value
-  - Never silently skip data when decoding.
-    User decides whether to return an error or silently skip data when keys or indexes
-    in the data stream do not map to fields in the struct.
-  - Encode/Decode from/to chan types (for iterative streaming support)
-  - Drop-in replacement for encoding/json. `json:` key in struct tag supported.
-  - Provides a RPC Server and Client Codec for net/rpc communication protocol.
-  - Handle unique idiosyncrasies of codecs e.g. 
-    - For messagepack, configure how ambiguities in handling raw bytes are resolved 
-    - For messagepack, provide rpc server/client codec to support
-      msgpack-rpc protocol defined at:
-      https://github.com/msgpack-rpc/msgpack-rpc/blob/master/spec.md
-
-## Extension Support
-
-Users can register a function to handle the encoding or decoding of
-their custom types.
-
-There are no restrictions on what the custom type can be. Some examples:
-
-    type BisSet   []int
-    type BitSet64 uint64
-    type UUID     string
-    type MyStructWithUnexportedFields struct { a int; b bool; c []int; }
-    type GifImage struct { ... }
-
-As an illustration, MyStructWithUnexportedFields would normally be
-encoded as an empty map because it has no exported fields, while UUID
-would be encoded as a string. However, with extension support, you can
-encode any of these however you like.
-
-## Custom Encoding and Decoding
-
-This package maintains symmetry in the encoding and decoding halfs.
-We determine how to encode or decode by walking this decision tree
-
-  - is type a codec.Selfer?
-  - is there an extension registered for the type?
-  - is format binary, and is type a encoding.BinaryMarshaler and BinaryUnmarshaler?
-  - is format specifically json, and is type a encoding/json.Marshaler and Unmarshaler?
-  - is format text-based, and type an encoding.TextMarshaler?
-  - else we use a pair of functions based on the "kind" of the type e.g. map, slice, int64, etc
-
-This symmetry is important to reduce chances of issues happening because the
-encoding and decoding sides are out of sync e.g. decoded via very specific
-encoding.TextUnmarshaler but encoded via kind-specific generalized mode.
-
-Consequently, if a type only defines one-half of the symmetry
-(e.g. it implements UnmarshalJSON() but not MarshalJSON() ),
-then that type doesn't satisfy the check and we will continue walking down the
-decision tree.
-
-## RPC
-
-RPC Client and Server Codecs are implemented, so the codecs can be used
-with the standard net/rpc package.
-
-## Usage
-
-Typical usage model:
-
-    // create and configure Handle
-    var (
-      bh codec.BincHandle
-      mh codec.MsgpackHandle
-      ch codec.CborHandle
-    )
-
-    mh.MapType = reflect.TypeOf(map[string]interface{}(nil))
-
-    // configure extensions
-    // e.g. for msgpack, define functions and enable Time support for tag 1
-    // mh.SetExt(reflect.TypeOf(time.Time{}), 1, myExt)
-
-    // create and use decoder/encoder
-    var (
-      r io.Reader
-      w io.Writer
-      b []byte
-      h = &bh // or mh to use msgpack
-    )
-
-    dec = codec.NewDecoder(r, h)
-    dec = codec.NewDecoderBytes(b, h)
-    err = dec.Decode(&v)
-
-    enc = codec.NewEncoder(w, h)
-    enc = codec.NewEncoderBytes(&b, h)
-    err = enc.Encode(v)
-
-    //RPC Server
-    go func() {
-        for {
-            conn, err := listener.Accept()
-            rpcCodec := codec.GoRpc.ServerCodec(conn, h)
-            //OR rpcCodec := codec.MsgpackSpecRpc.ServerCodec(conn, h)
-            rpc.ServeCodec(rpcCodec)
-        }
-    }()
-
-    //RPC Communication (client side)
-    conn, err = net.Dial("tcp", "localhost:5555")
-    rpcCodec := codec.GoRpc.ClientCodec(conn, h)
-    //OR rpcCodec := codec.MsgpackSpecRpc.ClientCodec(conn, h)
-    client := rpc.NewClientWithCodec(rpcCodec)
-
-## Running Tests
-
-To run tests, use the following:
-
-    go test
-
-To run the full suite of tests, use the following:
-
-    go test -tags alltests -run Suite
-
-You can run the tag 'safe' to run tests or build in safe mode. e.g.
-
-    go test -tags safe -run Json
-    go test -tags "alltests safe" -run Suite
-
-## Running Benchmarks
-
-Please see http://github.com/ugorji/go-codec-bench .
-
-## Caveats
-
-Struct fields matching the following are ignored during encoding and decoding
-
-  - struct tag value set to -
-  - func, complex numbers, unsafe pointers
-  - unexported and not embedded
-  - unexported and embedded and not struct kind
-  - unexported and embedded pointers (from go1.10)
-
-Every other field in a struct will be encoded/decoded.
-
-Embedded fields are encoded as if they exist in the top-level struct,
-with some caveats. See Encode documentation.
diff --git a/vendor/github.com/ugorji/go/codec/binc.go b/vendor/github.com/ugorji/go/codec/binc.go
deleted file mode 100644
index a3c96fe741916..0000000000000
--- a/vendor/github.com/ugorji/go/codec/binc.go
+++ /dev/null
@@ -1,1168 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"math"
-	"reflect"
-	"time"
-)
-
-const bincDoPrune = true // No longer needed. Needed before as C lib did not support pruning.
-
-// vd as low 4 bits (there are 16 slots)
-const (
-	bincVdSpecial byte = iota
-	bincVdPosInt
-	bincVdNegInt
-	bincVdFloat
-
-	bincVdString
-	bincVdByteArray
-	bincVdArray
-	bincVdMap
-
-	bincVdTimestamp
-	bincVdSmallInt
-	bincVdUnicodeOther
-	bincVdSymbol
-
-	bincVdDecimal
-	_               // open slot
-	_               // open slot
-	bincVdCustomExt = 0x0f
-)
-
-const (
-	bincSpNil byte = iota
-	bincSpFalse
-	bincSpTrue
-	bincSpNan
-	bincSpPosInf
-	bincSpNegInf
-	bincSpZeroFloat
-	bincSpZero
-	bincSpNegOne
-)
-
-const (
-	bincFlBin16 byte = iota
-	bincFlBin32
-	_ // bincFlBin32e
-	bincFlBin64
-	_ // bincFlBin64e
-	// others not currently supported
-)
-
-func bincdesc(vd, vs byte) string {
-	switch vd {
-	case bincVdSpecial:
-		switch vs {
-		case bincSpNil:
-			return "nil"
-		case bincSpFalse:
-			return "false"
-		case bincSpTrue:
-			return "true"
-		case bincSpNan, bincSpPosInf, bincSpNegInf, bincSpZeroFloat:
-			return "float"
-		case bincSpZero:
-			return "uint"
-		case bincSpNegOne:
-			return "int"
-		default:
-			return "unknown"
-		}
-	case bincVdSmallInt, bincVdPosInt:
-		return "uint"
-	case bincVdNegInt:
-		return "int"
-	case bincVdFloat:
-		return "float"
-	case bincVdSymbol:
-		return "string"
-	case bincVdString:
-		return "string"
-	case bincVdByteArray:
-		return "bytes"
-	case bincVdTimestamp:
-		return "time"
-	case bincVdCustomExt:
-		return "ext"
-	case bincVdArray:
-		return "array"
-	case bincVdMap:
-		return "map"
-	default:
-		return "unknown"
-	}
-}
-
-type bincEncDriver struct {
-	e *Encoder
-	h *BincHandle
-	w encWriter
-	m map[string]uint16 // symbols
-	b [16]byte          // scratch, used for encoding numbers - bigendian style
-	s uint16            // symbols sequencer
-	// c containerState
-	encDriverTrackContainerWriter
-	noBuiltInTypes
-	// encNoSeparator
-}
-
-func (e *bincEncDriver) EncodeNil() {
-	e.w.writen1(bincVdSpecial<<4 | bincSpNil)
-}
-
-func (e *bincEncDriver) EncodeTime(t time.Time) {
-	if t.IsZero() {
-		e.EncodeNil()
-	} else {
-		bs := bincEncodeTime(t)
-		e.w.writen1(bincVdTimestamp<<4 | uint8(len(bs)))
-		e.w.writeb(bs)
-	}
-}
-
-func (e *bincEncDriver) EncodeBool(b bool) {
-	if b {
-		e.w.writen1(bincVdSpecial<<4 | bincSpTrue)
-	} else {
-		e.w.writen1(bincVdSpecial<<4 | bincSpFalse)
-	}
-}
-
-func (e *bincEncDriver) EncodeFloat32(f float32) {
-	if f == 0 {
-		e.w.writen1(bincVdSpecial<<4 | bincSpZeroFloat)
-		return
-	}
-	e.w.writen1(bincVdFloat<<4 | bincFlBin32)
-	bigenHelper{e.b[:4], e.w}.writeUint32(math.Float32bits(f))
-}
-
-func (e *bincEncDriver) EncodeFloat64(f float64) {
-	if f == 0 {
-		e.w.writen1(bincVdSpecial<<4 | bincSpZeroFloat)
-		return
-	}
-	bigen.PutUint64(e.b[:8], math.Float64bits(f))
-	if bincDoPrune {
-		i := 7
-		for ; i >= 0 && (e.b[i] == 0); i-- {
-		}
-		i++
-		if i <= 6 {
-			e.w.writen1(bincVdFloat<<4 | 0x8 | bincFlBin64)
-			e.w.writen1(byte(i))
-			e.w.writeb(e.b[:i])
-			return
-		}
-	}
-	e.w.writen1(bincVdFloat<<4 | bincFlBin64)
-	e.w.writeb(e.b[:8])
-}
-
-func (e *bincEncDriver) encIntegerPrune(bd byte, pos bool, v uint64, lim uint8) {
-	if lim == 4 {
-		bigen.PutUint32(e.b[:lim], uint32(v))
-	} else {
-		bigen.PutUint64(e.b[:lim], v)
-	}
-	if bincDoPrune {
-		i := pruneSignExt(e.b[:lim], pos)
-		e.w.writen1(bd | lim - 1 - byte(i))
-		e.w.writeb(e.b[i:lim])
-	} else {
-		e.w.writen1(bd | lim - 1)
-		e.w.writeb(e.b[:lim])
-	}
-}
-
-func (e *bincEncDriver) EncodeInt(v int64) {
-	const nbd byte = bincVdNegInt << 4
-	if v >= 0 {
-		e.encUint(bincVdPosInt<<4, true, uint64(v))
-	} else if v == -1 {
-		e.w.writen1(bincVdSpecial<<4 | bincSpNegOne)
-	} else {
-		e.encUint(bincVdNegInt<<4, false, uint64(-v))
-	}
-}
-
-func (e *bincEncDriver) EncodeUint(v uint64) {
-	e.encUint(bincVdPosInt<<4, true, v)
-}
-
-func (e *bincEncDriver) encUint(bd byte, pos bool, v uint64) {
-	if v == 0 {
-		e.w.writen1(bincVdSpecial<<4 | bincSpZero)
-	} else if pos && v >= 1 && v <= 16 {
-		e.w.writen1(bincVdSmallInt<<4 | byte(v-1))
-	} else if v <= math.MaxUint8 {
-		e.w.writen2(bd|0x0, byte(v))
-	} else if v <= math.MaxUint16 {
-		e.w.writen1(bd | 0x01)
-		bigenHelper{e.b[:2], e.w}.writeUint16(uint16(v))
-	} else if v <= math.MaxUint32 {
-		e.encIntegerPrune(bd, pos, v, 4)
-	} else {
-		e.encIntegerPrune(bd, pos, v, 8)
-	}
-}
-
-func (e *bincEncDriver) EncodeExt(rv interface{}, xtag uint64, ext Ext, _ *Encoder) {
-	bs := ext.WriteExt(rv)
-	if bs == nil {
-		e.EncodeNil()
-		return
-	}
-	e.encodeExtPreamble(uint8(xtag), len(bs))
-	e.w.writeb(bs)
-}
-
-func (e *bincEncDriver) EncodeRawExt(re *RawExt, _ *Encoder) {
-	e.encodeExtPreamble(uint8(re.Tag), len(re.Data))
-	e.w.writeb(re.Data)
-}
-
-func (e *bincEncDriver) encodeExtPreamble(xtag byte, length int) {
-	e.encLen(bincVdCustomExt<<4, uint64(length))
-	e.w.writen1(xtag)
-}
-
-func (e *bincEncDriver) WriteArrayStart(length int) {
-	e.encLen(bincVdArray<<4, uint64(length))
-	e.c = containerArrayStart
-}
-
-func (e *bincEncDriver) WriteMapStart(length int) {
-	e.encLen(bincVdMap<<4, uint64(length))
-	e.c = containerMapStart
-}
-
-func (e *bincEncDriver) EncodeString(c charEncoding, v string) {
-	if e.c == containerMapKey && c == cUTF8 && (e.h.AsSymbols == 0 || e.h.AsSymbols == 1) {
-		e.EncodeSymbol(v)
-		return
-	}
-	l := uint64(len(v))
-	e.encBytesLen(c, l)
-	if l > 0 {
-		e.w.writestr(v)
-	}
-}
-
-func (e *bincEncDriver) EncodeSymbol(v string) {
-	// if WriteSymbolsNoRefs {
-	// 	e.encodeString(cUTF8, v)
-	// 	return
-	// }
-
-	//symbols only offer benefit when string length > 1.
-	//This is because strings with length 1 take only 2 bytes to store
-	//(bd with embedded length, and single byte for string val).
-
-	l := len(v)
-	if l == 0 {
-		e.encBytesLen(cUTF8, 0)
-		return
-	} else if l == 1 {
-		e.encBytesLen(cUTF8, 1)
-		e.w.writen1(v[0])
-		return
-	}
-	if e.m == nil {
-		e.m = make(map[string]uint16, 16)
-	}
-	ui, ok := e.m[v]
-	if ok {
-		if ui <= math.MaxUint8 {
-			e.w.writen2(bincVdSymbol<<4, byte(ui))
-		} else {
-			e.w.writen1(bincVdSymbol<<4 | 0x8)
-			bigenHelper{e.b[:2], e.w}.writeUint16(ui)
-		}
-	} else {
-		e.s++
-		ui = e.s
-		//ui = uint16(atomic.AddUint32(&e.s, 1))
-		e.m[v] = ui
-		var lenprec uint8
-		if l <= math.MaxUint8 {
-			// lenprec = 0
-		} else if l <= math.MaxUint16 {
-			lenprec = 1
-		} else if int64(l) <= math.MaxUint32 {
-			lenprec = 2
-		} else {
-			lenprec = 3
-		}
-		if ui <= math.MaxUint8 {
-			e.w.writen2(bincVdSymbol<<4|0x0|0x4|lenprec, byte(ui))
-		} else {
-			e.w.writen1(bincVdSymbol<<4 | 0x8 | 0x4 | lenprec)
-			bigenHelper{e.b[:2], e.w}.writeUint16(ui)
-		}
-		if lenprec == 0 {
-			e.w.writen1(byte(l))
-		} else if lenprec == 1 {
-			bigenHelper{e.b[:2], e.w}.writeUint16(uint16(l))
-		} else if lenprec == 2 {
-			bigenHelper{e.b[:4], e.w}.writeUint32(uint32(l))
-		} else {
-			bigenHelper{e.b[:8], e.w}.writeUint64(uint64(l))
-		}
-		e.w.writestr(v)
-	}
-}
-
-func (e *bincEncDriver) EncodeStringBytes(c charEncoding, v []byte) {
-	if v == nil {
-		e.EncodeNil()
-		return
-	}
-	l := uint64(len(v))
-	e.encBytesLen(c, l)
-	if l > 0 {
-		e.w.writeb(v)
-	}
-}
-
-func (e *bincEncDriver) encBytesLen(c charEncoding, length uint64) {
-	//TODO: support bincUnicodeOther (for now, just use string or bytearray)
-	if c == cRAW {
-		e.encLen(bincVdByteArray<<4, length)
-	} else {
-		e.encLen(bincVdString<<4, length)
-	}
-}
-
-func (e *bincEncDriver) encLen(bd byte, l uint64) {
-	if l < 12 {
-		e.w.writen1(bd | uint8(l+4))
-	} else {
-		e.encLenNumber(bd, l)
-	}
-}
-
-func (e *bincEncDriver) encLenNumber(bd byte, v uint64) {
-	if v <= math.MaxUint8 {
-		e.w.writen2(bd, byte(v))
-	} else if v <= math.MaxUint16 {
-		e.w.writen1(bd | 0x01)
-		bigenHelper{e.b[:2], e.w}.writeUint16(uint16(v))
-	} else if v <= math.MaxUint32 {
-		e.w.writen1(bd | 0x02)
-		bigenHelper{e.b[:4], e.w}.writeUint32(uint32(v))
-	} else {
-		e.w.writen1(bd | 0x03)
-		bigenHelper{e.b[:8], e.w}.writeUint64(uint64(v))
-	}
-}
-
-//------------------------------------
-
-type bincDecSymbol struct {
-	s string
-	b []byte
-	i uint16
-}
-
-type bincDecDriver struct {
-	decDriverNoopContainerReader
-	noBuiltInTypes
-
-	d      *Decoder
-	h      *BincHandle
-	r      decReader
-	br     bool // bytes reader
-	bdRead bool
-	bd     byte
-	vd     byte
-	vs     byte
-	_      [3]byte // padding
-	// linear searching on this slice is ok,
-	// because we typically expect < 32 symbols in each stream.
-	s []bincDecSymbol
-
-	// noStreamingCodec
-	// decNoSeparator
-
-	b [8 * 8]byte // scratch
-}
-
-func (d *bincDecDriver) readNextBd() {
-	d.bd = d.r.readn1()
-	d.vd = d.bd >> 4
-	d.vs = d.bd & 0x0f
-	d.bdRead = true
-}
-
-func (d *bincDecDriver) uncacheRead() {
-	if d.bdRead {
-		d.r.unreadn1()
-		d.bdRead = false
-	}
-}
-
-func (d *bincDecDriver) ContainerType() (vt valueType) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.vd == bincVdSpecial && d.vs == bincSpNil {
-		return valueTypeNil
-	} else if d.vd == bincVdByteArray {
-		return valueTypeBytes
-	} else if d.vd == bincVdString {
-		return valueTypeString
-	} else if d.vd == bincVdArray {
-		return valueTypeArray
-	} else if d.vd == bincVdMap {
-		return valueTypeMap
-	}
-	// else {
-	// d.d.errorf("isContainerType: unsupported parameter: %v", vt)
-	// }
-	return valueTypeUnset
-}
-
-func (d *bincDecDriver) TryDecodeAsNil() bool {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == bincVdSpecial<<4|bincSpNil {
-		d.bdRead = false
-		return true
-	}
-	return false
-}
-
-func (d *bincDecDriver) DecodeTime() (t time.Time) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == bincVdSpecial<<4|bincSpNil {
-		d.bdRead = false
-		return
-	}
-	if d.vd != bincVdTimestamp {
-		d.d.errorf("cannot decode time - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-		return
-	}
-	t, err := bincDecodeTime(d.r.readx(int(d.vs)))
-	if err != nil {
-		panic(err)
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *bincDecDriver) decFloatPre(vs, defaultLen byte) {
-	if vs&0x8 == 0 {
-		d.r.readb(d.b[0:defaultLen])
-	} else {
-		l := d.r.readn1()
-		if l > 8 {
-			d.d.errorf("cannot read float - at most 8 bytes used to represent float - received %v bytes", l)
-			return
-		}
-		for i := l; i < 8; i++ {
-			d.b[i] = 0
-		}
-		d.r.readb(d.b[0:l])
-	}
-}
-
-func (d *bincDecDriver) decFloat() (f float64) {
-	//if true { f = math.Float64frombits(bigen.Uint64(d.r.readx(8))); break; }
-	if x := d.vs & 0x7; x == bincFlBin32 {
-		d.decFloatPre(d.vs, 4)
-		f = float64(math.Float32frombits(bigen.Uint32(d.b[0:4])))
-	} else if x == bincFlBin64 {
-		d.decFloatPre(d.vs, 8)
-		f = math.Float64frombits(bigen.Uint64(d.b[0:8]))
-	} else {
-		d.d.errorf("read float - only float32 and float64 are supported - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-		return
-	}
-	return
-}
-
-func (d *bincDecDriver) decUint() (v uint64) {
-	// need to inline the code (interface conversion and type assertion expensive)
-	switch d.vs {
-	case 0:
-		v = uint64(d.r.readn1())
-	case 1:
-		d.r.readb(d.b[6:8])
-		v = uint64(bigen.Uint16(d.b[6:8]))
-	case 2:
-		d.b[4] = 0
-		d.r.readb(d.b[5:8])
-		v = uint64(bigen.Uint32(d.b[4:8]))
-	case 3:
-		d.r.readb(d.b[4:8])
-		v = uint64(bigen.Uint32(d.b[4:8]))
-	case 4, 5, 6:
-		lim := int(7 - d.vs)
-		d.r.readb(d.b[lim:8])
-		for i := 0; i < lim; i++ {
-			d.b[i] = 0
-		}
-		v = uint64(bigen.Uint64(d.b[:8]))
-	case 7:
-		d.r.readb(d.b[:8])
-		v = uint64(bigen.Uint64(d.b[:8]))
-	default:
-		d.d.errorf("unsigned integers with greater than 64 bits of precision not supported")
-		return
-	}
-	return
-}
-
-func (d *bincDecDriver) decCheckInteger() (ui uint64, neg bool) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	vd, vs := d.vd, d.vs
-	if vd == bincVdPosInt {
-		ui = d.decUint()
-	} else if vd == bincVdNegInt {
-		ui = d.decUint()
-		neg = true
-	} else if vd == bincVdSmallInt {
-		ui = uint64(d.vs) + 1
-	} else if vd == bincVdSpecial {
-		if vs == bincSpZero {
-			//i = 0
-		} else if vs == bincSpNegOne {
-			neg = true
-			ui = 1
-		} else {
-			d.d.errorf("integer decode fails - invalid special value from descriptor %x-%x/%s",
-				d.vd, d.vs, bincdesc(d.vd, d.vs))
-			return
-		}
-	} else {
-		d.d.errorf("integer can only be decoded from int/uint. d.bd: 0x%x, d.vd: 0x%x", d.bd, d.vd)
-		return
-	}
-	return
-}
-
-func (d *bincDecDriver) DecodeInt64() (i int64) {
-	ui, neg := d.decCheckInteger()
-	i = chkOvf.SignedIntV(ui)
-	if neg {
-		i = -i
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *bincDecDriver) DecodeUint64() (ui uint64) {
-	ui, neg := d.decCheckInteger()
-	if neg {
-		d.d.errorf("assigning negative signed value to unsigned integer type")
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *bincDecDriver) DecodeFloat64() (f float64) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	vd, vs := d.vd, d.vs
-	if vd == bincVdSpecial {
-		d.bdRead = false
-		if vs == bincSpNan {
-			return math.NaN()
-		} else if vs == bincSpPosInf {
-			return math.Inf(1)
-		} else if vs == bincSpZeroFloat || vs == bincSpZero {
-			return
-		} else if vs == bincSpNegInf {
-			return math.Inf(-1)
-		} else {
-			d.d.errorf("float - invalid special value from descriptor %x-%x/%s",
-				d.vd, d.vs, bincdesc(d.vd, d.vs))
-			return
-		}
-	} else if vd == bincVdFloat {
-		f = d.decFloat()
-	} else {
-		f = float64(d.DecodeInt64())
-	}
-	d.bdRead = false
-	return
-}
-
-// bool can be decoded from bool only (single byte).
-func (d *bincDecDriver) DecodeBool() (b bool) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if bd := d.bd; bd == (bincVdSpecial | bincSpFalse) {
-		// b = false
-	} else if bd == (bincVdSpecial | bincSpTrue) {
-		b = true
-	} else {
-		d.d.errorf("bool - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *bincDecDriver) ReadMapStart() (length int) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.vd != bincVdMap {
-		d.d.errorf("map - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-		return
-	}
-	length = d.decLen()
-	d.bdRead = false
-	return
-}
-
-func (d *bincDecDriver) ReadArrayStart() (length int) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.vd != bincVdArray {
-		d.d.errorf("array - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-		return
-	}
-	length = d.decLen()
-	d.bdRead = false
-	return
-}
-
-func (d *bincDecDriver) decLen() int {
-	if d.vs > 3 {
-		return int(d.vs - 4)
-	}
-	return int(d.decLenNumber())
-}
-
-func (d *bincDecDriver) decLenNumber() (v uint64) {
-	if x := d.vs; x == 0 {
-		v = uint64(d.r.readn1())
-	} else if x == 1 {
-		d.r.readb(d.b[6:8])
-		v = uint64(bigen.Uint16(d.b[6:8]))
-	} else if x == 2 {
-		d.r.readb(d.b[4:8])
-		v = uint64(bigen.Uint32(d.b[4:8]))
-	} else {
-		d.r.readb(d.b[:8])
-		v = bigen.Uint64(d.b[:8])
-	}
-	return
-}
-
-func (d *bincDecDriver) decStringAndBytes(bs []byte, withString, zerocopy bool) (
-	bs2 []byte, s string) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == bincVdSpecial<<4|bincSpNil {
-		d.bdRead = false
-		return
-	}
-	var slen = -1
-	// var ok bool
-	switch d.vd {
-	case bincVdString, bincVdByteArray:
-		slen = d.decLen()
-		if zerocopy {
-			if d.br {
-				bs2 = d.r.readx(slen)
-			} else if len(bs) == 0 {
-				bs2 = decByteSlice(d.r, slen, d.d.h.MaxInitLen, d.b[:])
-			} else {
-				bs2 = decByteSlice(d.r, slen, d.d.h.MaxInitLen, bs)
-			}
-		} else {
-			bs2 = decByteSlice(d.r, slen, d.d.h.MaxInitLen, bs)
-		}
-		if withString {
-			s = string(bs2)
-		}
-	case bincVdSymbol:
-		// zerocopy doesn't apply for symbols,
-		// as the values must be stored in a table for later use.
-		//
-		//from vs: extract numSymbolBytes, containsStringVal, strLenPrecision,
-		//extract symbol
-		//if containsStringVal, read it and put in map
-		//else look in map for string value
-		var symbol uint16
-		vs := d.vs
-		if vs&0x8 == 0 {
-			symbol = uint16(d.r.readn1())
-		} else {
-			symbol = uint16(bigen.Uint16(d.r.readx(2)))
-		}
-		if d.s == nil {
-			d.s = make([]bincDecSymbol, 0, 16)
-		}
-
-		if vs&0x4 == 0 {
-			for i := range d.s {
-				j := &d.s[i]
-				if j.i == symbol {
-					bs2 = j.b
-					if withString {
-						if j.s == "" && bs2 != nil {
-							j.s = string(bs2)
-						}
-						s = j.s
-					}
-					break
-				}
-			}
-		} else {
-			switch vs & 0x3 {
-			case 0:
-				slen = int(d.r.readn1())
-			case 1:
-				slen = int(bigen.Uint16(d.r.readx(2)))
-			case 2:
-				slen = int(bigen.Uint32(d.r.readx(4)))
-			case 3:
-				slen = int(bigen.Uint64(d.r.readx(8)))
-			}
-			// since using symbols, do not store any part of
-			// the parameter bs in the map, as it might be a shared buffer.
-			// bs2 = decByteSlice(d.r, slen, bs)
-			bs2 = decByteSlice(d.r, slen, d.d.h.MaxInitLen, nil)
-			if withString {
-				s = string(bs2)
-			}
-			d.s = append(d.s, bincDecSymbol{i: symbol, s: s, b: bs2})
-		}
-	default:
-		d.d.errorf("string/bytes - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *bincDecDriver) DecodeString() (s string) {
-	// DecodeBytes does not accommodate symbols, whose impl stores string version in map.
-	// Use decStringAndBytes directly.
-	// return string(d.DecodeBytes(d.b[:], true, true))
-	_, s = d.decStringAndBytes(d.b[:], true, true)
-	return
-}
-
-func (d *bincDecDriver) DecodeStringAsBytes() (s []byte) {
-	s, _ = d.decStringAndBytes(d.b[:], false, true)
-	return
-}
-
-func (d *bincDecDriver) DecodeBytes(bs []byte, zerocopy bool) (bsOut []byte) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == bincVdSpecial<<4|bincSpNil {
-		d.bdRead = false
-		return nil
-	}
-	// check if an "array" of uint8's (see ContainerType for how to infer if an array)
-	if d.vd == bincVdArray {
-		bsOut, _ = fastpathTV.DecSliceUint8V(bs, true, d.d)
-		return
-	}
-	var clen int
-	if d.vd == bincVdString || d.vd == bincVdByteArray {
-		clen = d.decLen()
-	} else {
-		d.d.errorf("bytes - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-		return
-	}
-	d.bdRead = false
-	if zerocopy {
-		if d.br {
-			return d.r.readx(clen)
-		} else if len(bs) == 0 {
-			bs = d.b[:]
-		}
-	}
-	return decByteSlice(d.r, clen, d.d.h.MaxInitLen, bs)
-}
-
-func (d *bincDecDriver) DecodeExt(rv interface{}, xtag uint64, ext Ext) (realxtag uint64) {
-	if xtag > 0xff {
-		d.d.errorf("ext: tag must be <= 0xff; got: %v", xtag)
-		return
-	}
-	realxtag1, xbs := d.decodeExtV(ext != nil, uint8(xtag))
-	realxtag = uint64(realxtag1)
-	if ext == nil {
-		re := rv.(*RawExt)
-		re.Tag = realxtag
-		re.Data = detachZeroCopyBytes(d.br, re.Data, xbs)
-	} else {
-		ext.ReadExt(rv, xbs)
-	}
-	return
-}
-
-func (d *bincDecDriver) decodeExtV(verifyTag bool, tag byte) (xtag byte, xbs []byte) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.vd == bincVdCustomExt {
-		l := d.decLen()
-		xtag = d.r.readn1()
-		if verifyTag && xtag != tag {
-			d.d.errorf("wrong extension tag - got %b, expecting: %v", xtag, tag)
-			return
-		}
-		xbs = d.r.readx(l)
-	} else if d.vd == bincVdByteArray {
-		xbs = d.DecodeBytes(nil, true)
-	} else {
-		d.d.errorf("ext - expecting extensions or byte array - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *bincDecDriver) DecodeNaked() {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-
-	n := d.d.n
-	var decodeFurther bool
-
-	switch d.vd {
-	case bincVdSpecial:
-		switch d.vs {
-		case bincSpNil:
-			n.v = valueTypeNil
-		case bincSpFalse:
-			n.v = valueTypeBool
-			n.b = false
-		case bincSpTrue:
-			n.v = valueTypeBool
-			n.b = true
-		case bincSpNan:
-			n.v = valueTypeFloat
-			n.f = math.NaN()
-		case bincSpPosInf:
-			n.v = valueTypeFloat
-			n.f = math.Inf(1)
-		case bincSpNegInf:
-			n.v = valueTypeFloat
-			n.f = math.Inf(-1)
-		case bincSpZeroFloat:
-			n.v = valueTypeFloat
-			n.f = float64(0)
-		case bincSpZero:
-			n.v = valueTypeUint
-			n.u = uint64(0) // int8(0)
-		case bincSpNegOne:
-			n.v = valueTypeInt
-			n.i = int64(-1) // int8(-1)
-		default:
-			d.d.errorf("cannot infer value - unrecognized special value from descriptor %x-%x/%s", d.vd, d.vs, bincdesc(d.vd, d.vs))
-		}
-	case bincVdSmallInt:
-		n.v = valueTypeUint
-		n.u = uint64(int8(d.vs)) + 1 // int8(d.vs) + 1
-	case bincVdPosInt:
-		n.v = valueTypeUint
-		n.u = d.decUint()
-	case bincVdNegInt:
-		n.v = valueTypeInt
-		n.i = -(int64(d.decUint()))
-	case bincVdFloat:
-		n.v = valueTypeFloat
-		n.f = d.decFloat()
-	case bincVdSymbol:
-		n.v = valueTypeSymbol
-		n.s = d.DecodeString()
-	case bincVdString:
-		n.v = valueTypeString
-		n.s = d.DecodeString()
-	case bincVdByteArray:
-		n.v = valueTypeBytes
-		n.l = d.DecodeBytes(nil, false)
-	case bincVdTimestamp:
-		n.v = valueTypeTime
-		tt, err := bincDecodeTime(d.r.readx(int(d.vs)))
-		if err != nil {
-			panic(err)
-		}
-		n.t = tt
-	case bincVdCustomExt:
-		n.v = valueTypeExt
-		l := d.decLen()
-		n.u = uint64(d.r.readn1())
-		n.l = d.r.readx(l)
-	case bincVdArray:
-		n.v = valueTypeArray
-		decodeFurther = true
-	case bincVdMap:
-		n.v = valueTypeMap
-		decodeFurther = true
-	default:
-		d.d.errorf("cannot infer value - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs))
-	}
-
-	if !decodeFurther {
-		d.bdRead = false
-	}
-	if n.v == valueTypeUint && d.h.SignedInteger {
-		n.v = valueTypeInt
-		n.i = int64(n.u)
-	}
-	return
-}
-
-//------------------------------------
-
-//BincHandle is a Handle for the Binc Schema-Free Encoding Format
-//defined at https://github.com/ugorji/binc .
-//
-//BincHandle currently supports all Binc features with the following EXCEPTIONS:
-//  - only integers up to 64 bits of precision are supported.
-//    big integers are unsupported.
-//  - Only IEEE 754 binary32 and binary64 floats are supported (ie Go float32 and float64 types).
-//    extended precision and decimal IEEE 754 floats are unsupported.
-//  - Only UTF-8 strings supported.
-//    Unicode_Other Binc types (UTF16, UTF32) are currently unsupported.
-//
-//Note that these EXCEPTIONS are temporary and full support is possible and may happen soon.
-type BincHandle struct {
-	BasicHandle
-	binaryEncodingType
-	noElemSeparators
-
-	// AsSymbols defines what should be encoded as symbols.
-	//
-	// Encoding as symbols can reduce the encoded size significantly.
-	//
-	// However, during decoding, each string to be encoded as a symbol must
-	// be checked to see if it has been seen before. Consequently, encoding time
-	// will increase if using symbols, because string comparisons has a clear cost.
-	//
-	// Values:
-	// - 0: default: library uses best judgement
-	// - 1: use symbols
-	// - 2: do not use symbols
-	AsSymbols uint8
-
-	// AsSymbols: may later on introduce more options ...
-	// - m: map keys
-	// - s: struct fields
-	// - n: none
-	// - a: all: same as m, s, ...
-
-	// _ [1]uint64 // padding
-}
-
-// Name returns the name of the handle: binc
-func (h *BincHandle) Name() string { return "binc" }
-
-// SetBytesExt sets an extension
-func (h *BincHandle) SetBytesExt(rt reflect.Type, tag uint64, ext BytesExt) (err error) {
-	return h.SetExt(rt, tag, &extWrapper{ext, interfaceExtFailer{}})
-}
-
-func (h *BincHandle) newEncDriver(e *Encoder) encDriver {
-	return &bincEncDriver{e: e, h: h, w: e.w}
-}
-
-func (h *BincHandle) newDecDriver(d *Decoder) decDriver {
-	return &bincDecDriver{d: d, h: h, r: d.r, br: d.bytes}
-}
-
-func (e *bincEncDriver) reset() {
-	e.w = e.e.w
-	e.s = 0
-	e.c = 0
-	e.m = nil
-}
-
-func (d *bincDecDriver) reset() {
-	d.r, d.br = d.d.r, d.d.bytes
-	d.s = nil
-	d.bd, d.bdRead, d.vd, d.vs = 0, false, 0, 0
-}
-
-// var timeDigits = [...]byte{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'}
-
-// EncodeTime encodes a time.Time as a []byte, including
-// information on the instant in time and UTC offset.
-//
-// Format Description
-//
-//   A timestamp is composed of 3 components:
-//
-//   - secs: signed integer representing seconds since unix epoch
-//   - nsces: unsigned integer representing fractional seconds as a
-//     nanosecond offset within secs, in the range 0 <= nsecs < 1e9
-//   - tz: signed integer representing timezone offset in minutes east of UTC,
-//     and a dst (daylight savings time) flag
-//
-//   When encoding a timestamp, the first byte is the descriptor, which
-//   defines which components are encoded and how many bytes are used to
-//   encode secs and nsecs components. *If secs/nsecs is 0 or tz is UTC, it
-//   is not encoded in the byte array explicitly*.
-//
-//       Descriptor 8 bits are of the form `A B C DDD EE`:
-//           A:   Is secs component encoded? 1 = true
-//           B:   Is nsecs component encoded? 1 = true
-//           C:   Is tz component encoded? 1 = true
-//           DDD: Number of extra bytes for secs (range 0-7).
-//                If A = 1, secs encoded in DDD+1 bytes.
-//                    If A = 0, secs is not encoded, and is assumed to be 0.
-//                    If A = 1, then we need at least 1 byte to encode secs.
-//                    DDD says the number of extra bytes beyond that 1.
-//                    E.g. if DDD=0, then secs is represented in 1 byte.
-//                         if DDD=2, then secs is represented in 3 bytes.
-//           EE:  Number of extra bytes for nsecs (range 0-3).
-//                If B = 1, nsecs encoded in EE+1 bytes (similar to secs/DDD above)
-//
-//   Following the descriptor bytes, subsequent bytes are:
-//
-//       secs component encoded in `DDD + 1` bytes (if A == 1)
-//       nsecs component encoded in `EE + 1` bytes (if B == 1)
-//       tz component encoded in 2 bytes (if C == 1)
-//
-//   secs and nsecs components are integers encoded in a BigEndian
-//   2-complement encoding format.
-//
-//   tz component is encoded as 2 bytes (16 bits). Most significant bit 15 to
-//   Least significant bit 0 are described below:
-//
-//       Timezone offset has a range of -12:00 to +14:00 (ie -720 to +840 minutes).
-//       Bit 15 = have\_dst: set to 1 if we set the dst flag.
-//       Bit 14 = dst\_on: set to 1 if dst is in effect at the time, or 0 if not.
-//       Bits 13..0 = timezone offset in minutes. It is a signed integer in Big Endian format.
-//
-func bincEncodeTime(t time.Time) []byte {
-	//t := rv.Interface().(time.Time)
-	tsecs, tnsecs := t.Unix(), t.Nanosecond()
-	var (
-		bd   byte
-		btmp [8]byte
-		bs   [16]byte
-		i    int = 1
-	)
-	l := t.Location()
-	if l == time.UTC {
-		l = nil
-	}
-	if tsecs != 0 {
-		bd = bd | 0x80
-		bigen.PutUint64(btmp[:], uint64(tsecs))
-		f := pruneSignExt(btmp[:], tsecs >= 0)
-		bd = bd | (byte(7-f) << 2)
-		copy(bs[i:], btmp[f:])
-		i = i + (8 - f)
-	}
-	if tnsecs != 0 {
-		bd = bd | 0x40
-		bigen.PutUint32(btmp[:4], uint32(tnsecs))
-		f := pruneSignExt(btmp[:4], true)
-		bd = bd | byte(3-f)
-		copy(bs[i:], btmp[f:4])
-		i = i + (4 - f)
-	}
-	if l != nil {
-		bd = bd | 0x20
-		// Note that Go Libs do not give access to dst flag.
-		_, zoneOffset := t.Zone()
-		//zoneName, zoneOffset := t.Zone()
-		zoneOffset /= 60
-		z := uint16(zoneOffset)
-		bigen.PutUint16(btmp[:2], z)
-		// clear dst flags
-		bs[i] = btmp[0] & 0x3f
-		bs[i+1] = btmp[1]
-		i = i + 2
-	}
-	bs[0] = bd
-	return bs[0:i]
-}
-
-// bincDecodeTime decodes a []byte into a time.Time.
-func bincDecodeTime(bs []byte) (tt time.Time, err error) {
-	bd := bs[0]
-	var (
-		tsec  int64
-		tnsec uint32
-		tz    uint16
-		i     byte = 1
-		i2    byte
-		n     byte
-	)
-	if bd&(1<<7) != 0 {
-		var btmp [8]byte
-		n = ((bd >> 2) & 0x7) + 1
-		i2 = i + n
-		copy(btmp[8-n:], bs[i:i2])
-		//if first bit of bs[i] is set, then fill btmp[0..8-n] with 0xff (ie sign extend it)
-		if bs[i]&(1<<7) != 0 {
-			copy(btmp[0:8-n], bsAll0xff)
-			//for j,k := byte(0), 8-n; j < k; j++ {	btmp[j] = 0xff }
-		}
-		i = i2
-		tsec = int64(bigen.Uint64(btmp[:]))
-	}
-	if bd&(1<<6) != 0 {
-		var btmp [4]byte
-		n = (bd & 0x3) + 1
-		i2 = i + n
-		copy(btmp[4-n:], bs[i:i2])
-		i = i2
-		tnsec = bigen.Uint32(btmp[:])
-	}
-	if bd&(1<<5) == 0 {
-		tt = time.Unix(tsec, int64(tnsec)).UTC()
-		return
-	}
-	// In stdlib time.Parse, when a date is parsed without a zone name, it uses "" as zone name.
-	// However, we need name here, so it can be shown when time is printed.
-	// Zone name is in form: UTC-08:00.
-	// Note that Go Libs do not give access to dst flag, so we ignore dst bits
-
-	i2 = i + 2
-	tz = bigen.Uint16(bs[i:i2])
-	// i = i2
-	// sign extend sign bit into top 2 MSB (which were dst bits):
-	if tz&(1<<13) == 0 { // positive
-		tz = tz & 0x3fff //clear 2 MSBs: dst bits
-	} else { // negative
-		tz = tz | 0xc000 //set 2 MSBs: dst bits
-	}
-	tzint := int16(tz)
-	if tzint == 0 {
-		tt = time.Unix(tsec, int64(tnsec)).UTC()
-	} else {
-		// For Go Time, do not use a descriptive timezone.
-		// It's unnecessary, and makes it harder to do a reflect.DeepEqual.
-		// The Offset already tells what the offset should be, if not on UTC and unknown zone name.
-		// var zoneName = timeLocUTCName(tzint)
-		tt = time.Unix(tsec, int64(tnsec)).In(time.FixedZone("", int(tzint)*60))
-	}
-	return
-}
-
-var _ decDriver = (*bincDecDriver)(nil)
-var _ encDriver = (*bincEncDriver)(nil)
diff --git a/vendor/github.com/ugorji/go/codec/cbor.go b/vendor/github.com/ugorji/go/codec/cbor.go
deleted file mode 100644
index 7633c04ac3ece..0000000000000
--- a/vendor/github.com/ugorji/go/codec/cbor.go
+++ /dev/null
@@ -1,756 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"math"
-	"reflect"
-	"time"
-)
-
-const (
-	cborMajorUint byte = iota
-	cborMajorNegInt
-	cborMajorBytes
-	cborMajorText
-	cborMajorArray
-	cborMajorMap
-	cborMajorTag
-	cborMajorOther
-)
-
-const (
-	cborBdFalse byte = 0xf4 + iota
-	cborBdTrue
-	cborBdNil
-	cborBdUndefined
-	cborBdExt
-	cborBdFloat16
-	cborBdFloat32
-	cborBdFloat64
-)
-
-const (
-	cborBdIndefiniteBytes  byte = 0x5f
-	cborBdIndefiniteString      = 0x7f
-	cborBdIndefiniteArray       = 0x9f
-	cborBdIndefiniteMap         = 0xbf
-	cborBdBreak                 = 0xff
-)
-
-// These define some in-stream descriptors for
-// manual encoding e.g. when doing explicit indefinite-length
-const (
-	CborStreamBytes  byte = 0x5f
-	CborStreamString      = 0x7f
-	CborStreamArray       = 0x9f
-	CborStreamMap         = 0xbf
-	CborStreamBreak       = 0xff
-)
-
-const (
-	cborBaseUint   byte = 0x00
-	cborBaseNegInt      = 0x20
-	cborBaseBytes       = 0x40
-	cborBaseString      = 0x60
-	cborBaseArray       = 0x80
-	cborBaseMap         = 0xa0
-	cborBaseTag         = 0xc0
-	cborBaseSimple      = 0xe0
-)
-
-func cbordesc(bd byte) string {
-	switch bd {
-	case cborBdNil:
-		return "nil"
-	case cborBdFalse:
-		return "false"
-	case cborBdTrue:
-		return "true"
-	case cborBdFloat16, cborBdFloat32, cborBdFloat64:
-		return "float"
-	case cborBdIndefiniteBytes:
-		return "bytes*"
-	case cborBdIndefiniteString:
-		return "string*"
-	case cborBdIndefiniteArray:
-		return "array*"
-	case cborBdIndefiniteMap:
-		return "map*"
-	default:
-		switch {
-		case bd >= cborBaseUint && bd < cborBaseNegInt:
-			return "(u)int"
-		case bd >= cborBaseNegInt && bd < cborBaseBytes:
-			return "int"
-		case bd >= cborBaseBytes && bd < cborBaseString:
-			return "bytes"
-		case bd >= cborBaseString && bd < cborBaseArray:
-			return "string"
-		case bd >= cborBaseArray && bd < cborBaseMap:
-			return "array"
-		case bd >= cborBaseMap && bd < cborBaseTag:
-			return "map"
-		case bd >= cborBaseTag && bd < cborBaseSimple:
-			return "ext"
-		default:
-			return "unknown"
-		}
-	}
-}
-
-// -------------------
-
-type cborEncDriver struct {
-	noBuiltInTypes
-	encDriverNoopContainerWriter
-	// encNoSeparator
-	e *Encoder
-	w encWriter
-	h *CborHandle
-	x [8]byte
-	_ [3]uint64 // padding
-}
-
-func (e *cborEncDriver) EncodeNil() {
-	e.w.writen1(cborBdNil)
-}
-
-func (e *cborEncDriver) EncodeBool(b bool) {
-	if b {
-		e.w.writen1(cborBdTrue)
-	} else {
-		e.w.writen1(cborBdFalse)
-	}
-}
-
-func (e *cborEncDriver) EncodeFloat32(f float32) {
-	e.w.writen1(cborBdFloat32)
-	bigenHelper{e.x[:4], e.w}.writeUint32(math.Float32bits(f))
-}
-
-func (e *cborEncDriver) EncodeFloat64(f float64) {
-	e.w.writen1(cborBdFloat64)
-	bigenHelper{e.x[:8], e.w}.writeUint64(math.Float64bits(f))
-}
-
-func (e *cborEncDriver) encUint(v uint64, bd byte) {
-	if v <= 0x17 {
-		e.w.writen1(byte(v) + bd)
-	} else if v <= math.MaxUint8 {
-		e.w.writen2(bd+0x18, uint8(v))
-	} else if v <= math.MaxUint16 {
-		e.w.writen1(bd + 0x19)
-		bigenHelper{e.x[:2], e.w}.writeUint16(uint16(v))
-	} else if v <= math.MaxUint32 {
-		e.w.writen1(bd + 0x1a)
-		bigenHelper{e.x[:4], e.w}.writeUint32(uint32(v))
-	} else { // if v <= math.MaxUint64 {
-		e.w.writen1(bd + 0x1b)
-		bigenHelper{e.x[:8], e.w}.writeUint64(v)
-	}
-}
-
-func (e *cborEncDriver) EncodeInt(v int64) {
-	if v < 0 {
-		e.encUint(uint64(-1-v), cborBaseNegInt)
-	} else {
-		e.encUint(uint64(v), cborBaseUint)
-	}
-}
-
-func (e *cborEncDriver) EncodeUint(v uint64) {
-	e.encUint(v, cborBaseUint)
-}
-
-func (e *cborEncDriver) encLen(bd byte, length int) {
-	e.encUint(uint64(length), bd)
-}
-
-func (e *cborEncDriver) EncodeTime(t time.Time) {
-	if t.IsZero() {
-		e.EncodeNil()
-	} else if e.h.TimeRFC3339 {
-		e.encUint(0, cborBaseTag)
-		e.EncodeString(cUTF8, t.Format(time.RFC3339Nano))
-	} else {
-		e.encUint(1, cborBaseTag)
-		t = t.UTC().Round(time.Microsecond)
-		sec, nsec := t.Unix(), uint64(t.Nanosecond())
-		if nsec == 0 {
-			e.EncodeInt(sec)
-		} else {
-			e.EncodeFloat64(float64(sec) + float64(nsec)/1e9)
-		}
-	}
-}
-
-func (e *cborEncDriver) EncodeExt(rv interface{}, xtag uint64, ext Ext, en *Encoder) {
-	e.encUint(uint64(xtag), cborBaseTag)
-	if v := ext.ConvertExt(rv); v == nil {
-		e.EncodeNil()
-	} else {
-		en.encode(v)
-	}
-}
-
-func (e *cborEncDriver) EncodeRawExt(re *RawExt, en *Encoder) {
-	e.encUint(uint64(re.Tag), cborBaseTag)
-	if false && re.Data != nil {
-		en.encode(re.Data)
-	} else if re.Value != nil {
-		en.encode(re.Value)
-	} else {
-		e.EncodeNil()
-	}
-}
-
-func (e *cborEncDriver) WriteArrayStart(length int) {
-	if e.h.IndefiniteLength {
-		e.w.writen1(cborBdIndefiniteArray)
-	} else {
-		e.encLen(cborBaseArray, length)
-	}
-}
-
-func (e *cborEncDriver) WriteMapStart(length int) {
-	if e.h.IndefiniteLength {
-		e.w.writen1(cborBdIndefiniteMap)
-	} else {
-		e.encLen(cborBaseMap, length)
-	}
-}
-
-func (e *cborEncDriver) WriteMapEnd() {
-	if e.h.IndefiniteLength {
-		e.w.writen1(cborBdBreak)
-	}
-}
-
-func (e *cborEncDriver) WriteArrayEnd() {
-	if e.h.IndefiniteLength {
-		e.w.writen1(cborBdBreak)
-	}
-}
-
-func (e *cborEncDriver) EncodeString(c charEncoding, v string) {
-	e.encStringBytesS(cborBaseString, v)
-}
-
-func (e *cborEncDriver) EncodeStringBytes(c charEncoding, v []byte) {
-	if v == nil {
-		e.EncodeNil()
-	} else if c == cRAW {
-		e.encStringBytesS(cborBaseBytes, stringView(v))
-	} else {
-		e.encStringBytesS(cborBaseString, stringView(v))
-	}
-}
-
-func (e *cborEncDriver) encStringBytesS(bb byte, v string) {
-	if e.h.IndefiniteLength {
-		if bb == cborBaseBytes {
-			e.w.writen1(cborBdIndefiniteBytes)
-		} else {
-			e.w.writen1(cborBdIndefiniteString)
-		}
-		blen := len(v) / 4
-		if blen == 0 {
-			blen = 64
-		} else if blen > 1024 {
-			blen = 1024
-		}
-		for i := 0; i < len(v); {
-			var v2 string
-			i2 := i + blen
-			if i2 < len(v) {
-				v2 = v[i:i2]
-			} else {
-				v2 = v[i:]
-			}
-			e.encLen(bb, len(v2))
-			e.w.writestr(v2)
-			i = i2
-		}
-		e.w.writen1(cborBdBreak)
-	} else {
-		e.encLen(bb, len(v))
-		e.w.writestr(v)
-	}
-}
-
-// ----------------------
-
-type cborDecDriver struct {
-	d *Decoder
-	h *CborHandle
-	r decReader
-	// b      [scratchByteArrayLen]byte
-	br     bool // bytes reader
-	bdRead bool
-	bd     byte
-	noBuiltInTypes
-	// decNoSeparator
-	decDriverNoopContainerReader
-	_ [3]uint64 // padding
-}
-
-func (d *cborDecDriver) readNextBd() {
-	d.bd = d.r.readn1()
-	d.bdRead = true
-}
-
-func (d *cborDecDriver) uncacheRead() {
-	if d.bdRead {
-		d.r.unreadn1()
-		d.bdRead = false
-	}
-}
-
-func (d *cborDecDriver) ContainerType() (vt valueType) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == cborBdNil {
-		return valueTypeNil
-	} else if d.bd == cborBdIndefiniteBytes || (d.bd >= cborBaseBytes && d.bd < cborBaseString) {
-		return valueTypeBytes
-	} else if d.bd == cborBdIndefiniteString || (d.bd >= cborBaseString && d.bd < cborBaseArray) {
-		return valueTypeString
-	} else if d.bd == cborBdIndefiniteArray || (d.bd >= cborBaseArray && d.bd < cborBaseMap) {
-		return valueTypeArray
-	} else if d.bd == cborBdIndefiniteMap || (d.bd >= cborBaseMap && d.bd < cborBaseTag) {
-		return valueTypeMap
-	}
-	// else {
-	// d.d.errorf("isContainerType: unsupported parameter: %v", vt)
-	// }
-	return valueTypeUnset
-}
-
-func (d *cborDecDriver) TryDecodeAsNil() bool {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	// treat Nil and Undefined as nil values
-	if d.bd == cborBdNil || d.bd == cborBdUndefined {
-		d.bdRead = false
-		return true
-	}
-	return false
-}
-
-func (d *cborDecDriver) CheckBreak() bool {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == cborBdBreak {
-		d.bdRead = false
-		return true
-	}
-	return false
-}
-
-func (d *cborDecDriver) decUint() (ui uint64) {
-	v := d.bd & 0x1f
-	if v <= 0x17 {
-		ui = uint64(v)
-	} else {
-		if v == 0x18 {
-			ui = uint64(d.r.readn1())
-		} else if v == 0x19 {
-			ui = uint64(bigen.Uint16(d.r.readx(2)))
-		} else if v == 0x1a {
-			ui = uint64(bigen.Uint32(d.r.readx(4)))
-		} else if v == 0x1b {
-			ui = uint64(bigen.Uint64(d.r.readx(8)))
-		} else {
-			d.d.errorf("invalid descriptor decoding uint: %x/%s", d.bd, cbordesc(d.bd))
-			return
-		}
-	}
-	return
-}
-
-func (d *cborDecDriver) decCheckInteger() (neg bool) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	major := d.bd >> 5
-	if major == cborMajorUint {
-	} else if major == cborMajorNegInt {
-		neg = true
-	} else {
-		d.d.errorf("not an integer - invalid major %v from descriptor %x/%s", major, d.bd, cbordesc(d.bd))
-		return
-	}
-	return
-}
-
-func (d *cborDecDriver) DecodeInt64() (i int64) {
-	neg := d.decCheckInteger()
-	ui := d.decUint()
-	// check if this number can be converted to an int without overflow
-	if neg {
-		i = -(chkOvf.SignedIntV(ui + 1))
-	} else {
-		i = chkOvf.SignedIntV(ui)
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *cborDecDriver) DecodeUint64() (ui uint64) {
-	if d.decCheckInteger() {
-		d.d.errorf("assigning negative signed value to unsigned type")
-		return
-	}
-	ui = d.decUint()
-	d.bdRead = false
-	return
-}
-
-func (d *cborDecDriver) DecodeFloat64() (f float64) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if bd := d.bd; bd == cborBdFloat16 {
-		f = float64(math.Float32frombits(halfFloatToFloatBits(bigen.Uint16(d.r.readx(2)))))
-	} else if bd == cborBdFloat32 {
-		f = float64(math.Float32frombits(bigen.Uint32(d.r.readx(4))))
-	} else if bd == cborBdFloat64 {
-		f = math.Float64frombits(bigen.Uint64(d.r.readx(8)))
-	} else if bd >= cborBaseUint && bd < cborBaseBytes {
-		f = float64(d.DecodeInt64())
-	} else {
-		d.d.errorf("float only valid from float16/32/64 - invalid descriptor %x/%s", bd, cbordesc(bd))
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-// bool can be decoded from bool only (single byte).
-func (d *cborDecDriver) DecodeBool() (b bool) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if bd := d.bd; bd == cborBdTrue {
-		b = true
-	} else if bd == cborBdFalse {
-	} else {
-		d.d.errorf("not bool - %s %x/%s", msgBadDesc, d.bd, cbordesc(d.bd))
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *cborDecDriver) ReadMapStart() (length int) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	d.bdRead = false
-	if d.bd == cborBdIndefiniteMap {
-		return -1
-	}
-	return d.decLen()
-}
-
-func (d *cborDecDriver) ReadArrayStart() (length int) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	d.bdRead = false
-	if d.bd == cborBdIndefiniteArray {
-		return -1
-	}
-	return d.decLen()
-}
-
-func (d *cborDecDriver) decLen() int {
-	return int(d.decUint())
-}
-
-func (d *cborDecDriver) decAppendIndefiniteBytes(bs []byte) []byte {
-	d.bdRead = false
-	for {
-		if d.CheckBreak() {
-			break
-		}
-		if major := d.bd >> 5; major != cborMajorBytes && major != cborMajorText {
-			d.d.errorf("expect bytes/string major type in indefinite string/bytes;"+
-				" got major %v from descriptor %x/%x", major, d.bd, cbordesc(d.bd))
-			return nil
-		}
-		n := d.decLen()
-		oldLen := len(bs)
-		newLen := oldLen + n
-		if newLen > cap(bs) {
-			bs2 := make([]byte, newLen, 2*cap(bs)+n)
-			copy(bs2, bs)
-			bs = bs2
-		} else {
-			bs = bs[:newLen]
-		}
-		d.r.readb(bs[oldLen:newLen])
-		// bs = append(bs, d.r.readn()...)
-		d.bdRead = false
-	}
-	d.bdRead = false
-	return bs
-}
-
-func (d *cborDecDriver) DecodeBytes(bs []byte, zerocopy bool) (bsOut []byte) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == cborBdNil || d.bd == cborBdUndefined {
-		d.bdRead = false
-		return nil
-	}
-	if d.bd == cborBdIndefiniteBytes || d.bd == cborBdIndefiniteString {
-		d.bdRead = false
-		if bs == nil {
-			if zerocopy {
-				return d.decAppendIndefiniteBytes(d.d.b[:0])
-			}
-			return d.decAppendIndefiniteBytes(zeroByteSlice)
-		}
-		return d.decAppendIndefiniteBytes(bs[:0])
-	}
-	// check if an "array" of uint8's (see ContainerType for how to infer if an array)
-	if d.bd == cborBdIndefiniteArray || (d.bd >= cborBaseArray && d.bd < cborBaseMap) {
-		bsOut, _ = fastpathTV.DecSliceUint8V(bs, true, d.d)
-		return
-	}
-	clen := d.decLen()
-	d.bdRead = false
-	if zerocopy {
-		if d.br {
-			return d.r.readx(clen)
-		} else if len(bs) == 0 {
-			bs = d.d.b[:]
-		}
-	}
-	return decByteSlice(d.r, clen, d.h.MaxInitLen, bs)
-}
-
-func (d *cborDecDriver) DecodeString() (s string) {
-	return string(d.DecodeBytes(d.d.b[:], true))
-}
-
-func (d *cborDecDriver) DecodeStringAsBytes() (s []byte) {
-	return d.DecodeBytes(d.d.b[:], true)
-}
-
-func (d *cborDecDriver) DecodeTime() (t time.Time) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == cborBdNil || d.bd == cborBdUndefined {
-		d.bdRead = false
-		return
-	}
-	xtag := d.decUint()
-	d.bdRead = false
-	return d.decodeTime(xtag)
-}
-
-func (d *cborDecDriver) decodeTime(xtag uint64) (t time.Time) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	switch xtag {
-	case 0:
-		var err error
-		if t, err = time.Parse(time.RFC3339, stringView(d.DecodeStringAsBytes())); err != nil {
-			d.d.errorv(err)
-		}
-	case 1:
-		// decode an int64 or a float, and infer time.Time from there.
-		// for floats, round to microseconds, as that is what is guaranteed to fit well.
-		switch {
-		case d.bd == cborBdFloat16, d.bd == cborBdFloat32:
-			f1, f2 := math.Modf(d.DecodeFloat64())
-			t = time.Unix(int64(f1), int64(f2*1e9))
-		case d.bd == cborBdFloat64:
-			f1, f2 := math.Modf(d.DecodeFloat64())
-			t = time.Unix(int64(f1), int64(f2*1e9))
-		case d.bd >= cborBaseUint && d.bd < cborBaseNegInt,
-			d.bd >= cborBaseNegInt && d.bd < cborBaseBytes:
-			t = time.Unix(d.DecodeInt64(), 0)
-		default:
-			d.d.errorf("time.Time can only be decoded from a number (or RFC3339 string)")
-		}
-	default:
-		d.d.errorf("invalid tag for time.Time - expecting 0 or 1, got 0x%x", xtag)
-	}
-	t = t.UTC().Round(time.Microsecond)
-	return
-}
-
-func (d *cborDecDriver) DecodeExt(rv interface{}, xtag uint64, ext Ext) (realxtag uint64) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	u := d.decUint()
-	d.bdRead = false
-	realxtag = u
-	if ext == nil {
-		re := rv.(*RawExt)
-		re.Tag = realxtag
-		d.d.decode(&re.Value)
-	} else if xtag != realxtag {
-		d.d.errorf("Wrong extension tag. Got %b. Expecting: %v", realxtag, xtag)
-		return
-	} else {
-		var v interface{}
-		d.d.decode(&v)
-		ext.UpdateExt(rv, v)
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *cborDecDriver) DecodeNaked() {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-
-	n := d.d.n
-	var decodeFurther bool
-
-	switch d.bd {
-	case cborBdNil:
-		n.v = valueTypeNil
-	case cborBdFalse:
-		n.v = valueTypeBool
-		n.b = false
-	case cborBdTrue:
-		n.v = valueTypeBool
-		n.b = true
-	case cborBdFloat16, cborBdFloat32, cborBdFloat64:
-		n.v = valueTypeFloat
-		n.f = d.DecodeFloat64()
-	case cborBdIndefiniteBytes:
-		n.v = valueTypeBytes
-		n.l = d.DecodeBytes(nil, false)
-	case cborBdIndefiniteString:
-		n.v = valueTypeString
-		n.s = d.DecodeString()
-	case cborBdIndefiniteArray:
-		n.v = valueTypeArray
-		decodeFurther = true
-	case cborBdIndefiniteMap:
-		n.v = valueTypeMap
-		decodeFurther = true
-	default:
-		switch {
-		case d.bd >= cborBaseUint && d.bd < cborBaseNegInt:
-			if d.h.SignedInteger {
-				n.v = valueTypeInt
-				n.i = d.DecodeInt64()
-			} else {
-				n.v = valueTypeUint
-				n.u = d.DecodeUint64()
-			}
-		case d.bd >= cborBaseNegInt && d.bd < cborBaseBytes:
-			n.v = valueTypeInt
-			n.i = d.DecodeInt64()
-		case d.bd >= cborBaseBytes && d.bd < cborBaseString:
-			n.v = valueTypeBytes
-			n.l = d.DecodeBytes(nil, false)
-		case d.bd >= cborBaseString && d.bd < cborBaseArray:
-			n.v = valueTypeString
-			n.s = d.DecodeString()
-		case d.bd >= cborBaseArray && d.bd < cborBaseMap:
-			n.v = valueTypeArray
-			decodeFurther = true
-		case d.bd >= cborBaseMap && d.bd < cborBaseTag:
-			n.v = valueTypeMap
-			decodeFurther = true
-		case d.bd >= cborBaseTag && d.bd < cborBaseSimple:
-			n.v = valueTypeExt
-			n.u = d.decUint()
-			n.l = nil
-			if n.u == 0 || n.u == 1 {
-				d.bdRead = false
-				n.v = valueTypeTime
-				n.t = d.decodeTime(n.u)
-			}
-			// d.bdRead = false
-			// d.d.decode(&re.Value) // handled by decode itself.
-			// decodeFurther = true
-		default:
-			d.d.errorf("decodeNaked: Unrecognized d.bd: 0x%x", d.bd)
-			return
-		}
-	}
-
-	if !decodeFurther {
-		d.bdRead = false
-	}
-	return
-}
-
-// -------------------------
-
-// CborHandle is a Handle for the CBOR encoding format,
-// defined at http://tools.ietf.org/html/rfc7049 and documented further at http://cbor.io .
-//
-// CBOR is comprehensively supported, including support for:
-//   - indefinite-length arrays/maps/bytes/strings
-//   - (extension) tags in range 0..0xffff (0 .. 65535)
-//   - half, single and double-precision floats
-//   - all numbers (1, 2, 4 and 8-byte signed and unsigned integers)
-//   - nil, true, false, ...
-//   - arrays and maps, bytes and text strings
-//
-// None of the optional extensions (with tags) defined in the spec are supported out-of-the-box.
-// Users can implement them as needed (using SetExt), including spec-documented ones:
-//   - timestamp, BigNum, BigFloat, Decimals,
-//   - Encoded Text (e.g. URL, regexp, base64, MIME Message), etc.
-type CborHandle struct {
-	binaryEncodingType
-	noElemSeparators
-	BasicHandle
-
-	// IndefiniteLength=true, means that we encode using indefinitelength
-	IndefiniteLength bool
-
-	// TimeRFC3339 says to encode time.Time using RFC3339 format.
-	// If unset, we encode time.Time using seconds past epoch.
-	TimeRFC3339 bool
-
-	// _ [1]uint64 // padding
-}
-
-// Name returns the name of the handle: cbor
-func (h *CborHandle) Name() string { return "cbor" }
-
-// SetInterfaceExt sets an extension
-func (h *CborHandle) SetInterfaceExt(rt reflect.Type, tag uint64, ext InterfaceExt) (err error) {
-	return h.SetExt(rt, tag, &extWrapper{bytesExtFailer{}, ext})
-}
-
-func (h *CborHandle) newEncDriver(e *Encoder) encDriver {
-	return &cborEncDriver{e: e, w: e.w, h: h}
-}
-
-func (h *CborHandle) newDecDriver(d *Decoder) decDriver {
-	return &cborDecDriver{d: d, h: h, r: d.r, br: d.bytes}
-}
-
-func (e *cborEncDriver) reset() {
-	e.w = e.e.w
-}
-
-func (d *cborDecDriver) reset() {
-	d.r, d.br = d.d.r, d.d.bytes
-	d.bd, d.bdRead = 0, false
-}
-
-var _ decDriver = (*cborDecDriver)(nil)
-var _ encDriver = (*cborEncDriver)(nil)
diff --git a/vendor/github.com/ugorji/go/codec/decode.go b/vendor/github.com/ugorji/go/codec/decode.go
deleted file mode 100644
index 1c0817aafa6f9..0000000000000
--- a/vendor/github.com/ugorji/go/codec/decode.go
+++ /dev/null
@@ -1,2552 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"encoding"
-	"errors"
-	"fmt"
-	"io"
-	"reflect"
-	"strconv"
-	"sync"
-	"time"
-)
-
-// Some tagging information for error messages.
-const (
-	msgBadDesc            = "unrecognized descriptor byte"
-	msgDecCannotExpandArr = "cannot expand go array from %v to stream length: %v"
-)
-
-const decDefSliceCap = 8
-const decDefChanCap = 64 // should be large, as cap cannot be expanded
-const decScratchByteArrayLen = cacheLineSize - 8
-
-var (
-	errstrOnlyMapOrArrayCanDecodeIntoStruct = "only encoded map or array can be decoded into a struct"
-	errstrCannotDecodeIntoNil               = "cannot decode into nil"
-
-	errmsgExpandSliceOverflow     = "expand slice: slice overflow"
-	errmsgExpandSliceCannotChange = "expand slice: cannot change"
-
-	errDecoderNotInitialized = errors.New("Decoder not initialized")
-
-	errDecUnreadByteNothingToRead   = errors.New("cannot unread - nothing has been read")
-	errDecUnreadByteLastByteNotRead = errors.New("cannot unread - last byte has not been read")
-	errDecUnreadByteUnknown         = errors.New("cannot unread - reason unknown")
-)
-
-// decReader abstracts the reading source, allowing implementations that can
-// read from an io.Reader or directly off a byte slice with zero-copying.
-type decReader interface {
-	unreadn1()
-
-	// readx will use the implementation scratch buffer if possible i.e. n < len(scratchbuf), OR
-	// just return a view of the []byte being decoded from.
-	// Ensure you call detachZeroCopyBytes later if this needs to be sent outside codec control.
-	readx(n int) []byte
-	readb([]byte)
-	readn1() uint8
-	numread() int // number of bytes read
-	track()
-	stopTrack() []byte
-
-	// skip will skip any byte that matches, and return the first non-matching byte
-	skip(accept *bitset256) (token byte)
-	// readTo will read any byte that matches, stopping once no-longer matching.
-	readTo(in []byte, accept *bitset256) (out []byte)
-	// readUntil will read, only stopping once it matches the 'stop' byte.
-	readUntil(in []byte, stop byte) (out []byte)
-}
-
-type decDriver interface {
-	// this will check if the next token is a break.
-	CheckBreak() bool
-	// Note: TryDecodeAsNil should be careful not to share any temporary []byte with
-	// the rest of the decDriver. This is because sometimes, we optimize by holding onto
-	// a transient []byte, and ensuring the only other call we make to the decDriver
-	// during that time is maybe a TryDecodeAsNil() call.
-	TryDecodeAsNil() bool
-	// vt is one of: Bytes, String, Nil, Slice or Map. Return unSet if not known.
-	ContainerType() (vt valueType)
-	// IsBuiltinType(rt uintptr) bool
-
-	// DecodeNaked will decode primitives (number, bool, string, []byte) and RawExt.
-	// For maps and arrays, it will not do the decoding in-band, but will signal
-	// the decoder, so that is done later, by setting the decNaked.valueType field.
-	//
-	// Note: Numbers are decoded as int64, uint64, float64 only (no smaller sized number types).
-	// for extensions, DecodeNaked must read the tag and the []byte if it exists.
-	// if the []byte is not read, then kInterfaceNaked will treat it as a Handle
-	// that stores the subsequent value in-band, and complete reading the RawExt.
-	//
-	// extensions should also use readx to decode them, for efficiency.
-	// kInterface will extract the detached byte slice if it has to pass it outside its realm.
-	DecodeNaked()
-
-	// Deprecated: use DecodeInt64 and DecodeUint64 instead
-	// DecodeInt(bitsize uint8) (i int64)
-	// DecodeUint(bitsize uint8) (ui uint64)
-
-	DecodeInt64() (i int64)
-	DecodeUint64() (ui uint64)
-
-	DecodeFloat64() (f float64)
-	DecodeBool() (b bool)
-	// DecodeString can also decode symbols.
-	// It looks redundant as DecodeBytes is available.
-	// However, some codecs (e.g. binc) support symbols and can
-	// return a pre-stored string value, meaning that it can bypass
-	// the cost of []byte->string conversion.
-	DecodeString() (s string)
-	DecodeStringAsBytes() (v []byte)
-
-	// DecodeBytes may be called directly, without going through reflection.
-	// Consequently, it must be designed to handle possible nil.
-	DecodeBytes(bs []byte, zerocopy bool) (bsOut []byte)
-	// DecodeBytes(bs []byte, isstring, zerocopy bool) (bsOut []byte)
-
-	// decodeExt will decode into a *RawExt or into an extension.
-	DecodeExt(v interface{}, xtag uint64, ext Ext) (realxtag uint64)
-	// decodeExt(verifyTag bool, tag byte) (xtag byte, xbs []byte)
-
-	DecodeTime() (t time.Time)
-
-	ReadArrayStart() int
-	ReadArrayElem()
-	ReadArrayEnd()
-	ReadMapStart() int
-	ReadMapElemKey()
-	ReadMapElemValue()
-	ReadMapEnd()
-
-	reset()
-	uncacheRead()
-}
-
-type decDriverNoopContainerReader struct{}
-
-func (x decDriverNoopContainerReader) ReadArrayStart() (v int) { return }
-func (x decDriverNoopContainerReader) ReadArrayElem()          {}
-func (x decDriverNoopContainerReader) ReadArrayEnd()           {}
-func (x decDriverNoopContainerReader) ReadMapStart() (v int)   { return }
-func (x decDriverNoopContainerReader) ReadMapElemKey()         {}
-func (x decDriverNoopContainerReader) ReadMapElemValue()       {}
-func (x decDriverNoopContainerReader) ReadMapEnd()             {}
-func (x decDriverNoopContainerReader) CheckBreak() (v bool)    { return }
-
-// func (x decNoSeparator) uncacheRead() {}
-
-// DecodeOptions captures configuration options during decode.
-type DecodeOptions struct {
-	// MapType specifies type to use during schema-less decoding of a map in the stream.
-	// If nil (unset), we default to map[string]interface{} iff json handle and MapStringAsKey=true,
-	// else map[interface{}]interface{}.
-	MapType reflect.Type
-
-	// SliceType specifies type to use during schema-less decoding of an array in the stream.
-	// If nil (unset), we default to []interface{} for all formats.
-	SliceType reflect.Type
-
-	// MaxInitLen defines the maxinum initial length that we "make" a collection
-	// (string, slice, map, chan). If 0 or negative, we default to a sensible value
-	// based on the size of an element in the collection.
-	//
-	// For example, when decoding, a stream may say that it has 2^64 elements.
-	// We should not auto-matically provision a slice of that size, to prevent Out-Of-Memory crash.
-	// Instead, we provision up to MaxInitLen, fill that up, and start appending after that.
-	MaxInitLen int
-
-	// ReaderBufferSize is the size of the buffer used when reading.
-	//
-	// if > 0, we use a smart buffer internally for performance purposes.
-	ReaderBufferSize int
-
-	// If ErrorIfNoField, return an error when decoding a map
-	// from a codec stream into a struct, and no matching struct field is found.
-	ErrorIfNoField bool
-
-	// If ErrorIfNoArrayExpand, return an error when decoding a slice/array that cannot be expanded.
-	// For example, the stream contains an array of 8 items, but you are decoding into a [4]T array,
-	// or you are decoding into a slice of length 4 which is non-addressable (and so cannot be set).
-	ErrorIfNoArrayExpand bool
-
-	// If SignedInteger, use the int64 during schema-less decoding of unsigned values (not uint64).
-	SignedInteger bool
-
-	// MapValueReset controls how we decode into a map value.
-	//
-	// By default, we MAY retrieve the mapping for a key, and then decode into that.
-	// However, especially with big maps, that retrieval may be expensive and unnecessary
-	// if the stream already contains all that is necessary to recreate the value.
-	//
-	// If true, we will never retrieve the previous mapping,
-	// but rather decode into a new value and set that in the map.
-	//
-	// If false, we will retrieve the previous mapping if necessary e.g.
-	// the previous mapping is a pointer, or is a struct or array with pre-set state,
-	// or is an interface.
-	MapValueReset bool
-
-	// SliceElementReset: on decoding a slice, reset the element to a zero value first.
-	//
-	// concern: if the slice already contained some garbage, we will decode into that garbage.
-	SliceElementReset bool
-
-	// InterfaceReset controls how we decode into an interface.
-	//
-	// By default, when we see a field that is an interface{...},
-	// or a map with interface{...} value, we will attempt decoding into the
-	// "contained" value.
-	//
-	// However, this prevents us from reading a string into an interface{}
-	// that formerly contained a number.
-	//
-	// If true, we will decode into a new "blank" value, and set that in the interface.
-	// If false, we will decode into whatever is contained in the interface.
-	InterfaceReset bool
-
-	// InternString controls interning of strings during decoding.
-	//
-	// Some handles, e.g. json, typically will read map keys as strings.
-	// If the set of keys are finite, it may help reduce allocation to
-	// look them up from a map (than to allocate them afresh).
-	//
-	// Note: Handles will be smart when using the intern functionality.
-	// Every string should not be interned.
-	// An excellent use-case for interning is struct field names,
-	// or map keys where key type is string.
-	InternString bool
-
-	// PreferArrayOverSlice controls whether to decode to an array or a slice.
-	//
-	// This only impacts decoding into a nil interface{}.
-	// Consequently, it has no effect on codecgen.
-	//
-	// *Note*: This only applies if using go1.5 and above,
-	// as it requires reflect.ArrayOf support which was absent before go1.5.
-	PreferArrayOverSlice bool
-
-	// DeleteOnNilMapValue controls how to decode a nil value in the stream.
-	//
-	// If true, we will delete the mapping of the key.
-	// Else, just set the mapping to the zero value of the type.
-	DeleteOnNilMapValue bool
-}
-
-// ------------------------------------
-
-type bufioDecReader struct {
-	buf []byte
-	r   io.Reader
-
-	c   int // cursor
-	n   int // num read
-	err error
-
-	tr  []byte
-	trb bool
-	b   [4]byte
-}
-
-func (z *bufioDecReader) reset(r io.Reader) {
-	z.r, z.c, z.n, z.err, z.trb = r, 0, 0, nil, false
-	if z.tr != nil {
-		z.tr = z.tr[:0]
-	}
-}
-
-func (z *bufioDecReader) Read(p []byte) (n int, err error) {
-	if z.err != nil {
-		return 0, z.err
-	}
-	p0 := p
-	n = copy(p, z.buf[z.c:])
-	z.c += n
-	if z.c == len(z.buf) {
-		z.c = 0
-	}
-	z.n += n
-	if len(p) == n {
-		if z.c == 0 {
-			z.buf = z.buf[:1]
-			z.buf[0] = p[len(p)-1]
-			z.c = 1
-		}
-		if z.trb {
-			z.tr = append(z.tr, p0[:n]...)
-		}
-		return
-	}
-	p = p[n:]
-	var n2 int
-	// if we are here, then z.buf is all read
-	if len(p) > len(z.buf) {
-		n2, err = decReadFull(z.r, p)
-		n += n2
-		z.n += n2
-		z.err = err
-		// don't return EOF if some bytes were read. keep for next time.
-		if n > 0 && err == io.EOF {
-			err = nil
-		}
-		// always keep last byte in z.buf
-		z.buf = z.buf[:1]
-		z.buf[0] = p[len(p)-1]
-		z.c = 1
-		if z.trb {
-			z.tr = append(z.tr, p0[:n]...)
-		}
-		return
-	}
-	// z.c is now 0, and len(p) <= len(z.buf)
-	for len(p) > 0 && z.err == nil {
-		// println("len(p) loop starting ... ")
-		z.c = 0
-		z.buf = z.buf[0:cap(z.buf)]
-		n2, err = z.r.Read(z.buf)
-		if n2 > 0 {
-			if err == io.EOF {
-				err = nil
-			}
-			z.buf = z.buf[:n2]
-			n2 = copy(p, z.buf)
-			z.c = n2
-			n += n2
-			z.n += n2
-			p = p[n2:]
-		}
-		z.err = err
-		// println("... len(p) loop done")
-	}
-	if z.c == 0 {
-		z.buf = z.buf[:1]
-		z.buf[0] = p[len(p)-1]
-		z.c = 1
-	}
-	if z.trb {
-		z.tr = append(z.tr, p0[:n]...)
-	}
-	return
-}
-
-func (z *bufioDecReader) ReadByte() (b byte, err error) {
-	z.b[0] = 0
-	_, err = z.Read(z.b[:1])
-	b = z.b[0]
-	return
-}
-
-func (z *bufioDecReader) UnreadByte() (err error) {
-	if z.err != nil {
-		return z.err
-	}
-	if z.c > 0 {
-		z.c--
-		z.n--
-		if z.trb {
-			z.tr = z.tr[:len(z.tr)-1]
-		}
-		return
-	}
-	return errDecUnreadByteNothingToRead
-}
-
-func (z *bufioDecReader) numread() int {
-	return z.n
-}
-
-func (z *bufioDecReader) readx(n int) (bs []byte) {
-	if n <= 0 || z.err != nil {
-		return
-	}
-	if z.c+n <= len(z.buf) {
-		bs = z.buf[z.c : z.c+n]
-		z.n += n
-		z.c += n
-		if z.trb {
-			z.tr = append(z.tr, bs...)
-		}
-		return
-	}
-	bs = make([]byte, n)
-	_, err := z.Read(bs)
-	if err != nil {
-		panic(err)
-	}
-	return
-}
-
-func (z *bufioDecReader) readb(bs []byte) {
-	_, err := z.Read(bs)
-	if err != nil {
-		panic(err)
-	}
-}
-
-// func (z *bufioDecReader) readn1eof() (b uint8, eof bool) {
-// 	b, err := z.ReadByte()
-// 	if err != nil {
-// 		if err == io.EOF {
-// 			eof = true
-// 		} else {
-// 			panic(err)
-// 		}
-// 	}
-// 	return
-// }
-
-func (z *bufioDecReader) readn1() (b uint8) {
-	b, err := z.ReadByte()
-	if err != nil {
-		panic(err)
-	}
-	return
-}
-
-func (z *bufioDecReader) search(in []byte, accept *bitset256, stop, flag uint8) (token byte, out []byte) {
-	// flag: 1 (skip), 2 (readTo), 4 (readUntil)
-	if flag == 4 {
-		for i := z.c; i < len(z.buf); i++ {
-			if z.buf[i] == stop {
-				token = z.buf[i]
-				z.n = z.n + (i - z.c) - 1
-				i++
-				out = z.buf[z.c:i]
-				if z.trb {
-					z.tr = append(z.tr, z.buf[z.c:i]...)
-				}
-				z.c = i
-				return
-			}
-		}
-	} else {
-		for i := z.c; i < len(z.buf); i++ {
-			if !accept.isset(z.buf[i]) {
-				token = z.buf[i]
-				z.n = z.n + (i - z.c) - 1
-				if flag == 1 {
-					i++
-				} else {
-					out = z.buf[z.c:i]
-				}
-				if z.trb {
-					z.tr = append(z.tr, z.buf[z.c:i]...)
-				}
-				z.c = i
-				return
-			}
-		}
-	}
-	z.n += len(z.buf) - z.c
-	if flag != 1 {
-		out = append(in, z.buf[z.c:]...)
-	}
-	if z.trb {
-		z.tr = append(z.tr, z.buf[z.c:]...)
-	}
-	var n2 int
-	if z.err != nil {
-		return
-	}
-	for {
-		z.c = 0
-		z.buf = z.buf[0:cap(z.buf)]
-		n2, z.err = z.r.Read(z.buf)
-		if n2 > 0 && z.err != nil {
-			z.err = nil
-		}
-		z.buf = z.buf[:n2]
-		if flag == 4 {
-			for i := 0; i < n2; i++ {
-				if z.buf[i] == stop {
-					token = z.buf[i]
-					z.n += i - 1
-					i++
-					out = append(out, z.buf[z.c:i]...)
-					if z.trb {
-						z.tr = append(z.tr, z.buf[z.c:i]...)
-					}
-					z.c = i
-					return
-				}
-			}
-		} else {
-			for i := 0; i < n2; i++ {
-				if !accept.isset(z.buf[i]) {
-					token = z.buf[i]
-					z.n += i - 1
-					if flag == 1 {
-						i++
-					}
-					if flag != 1 {
-						out = append(out, z.buf[z.c:i]...)
-					}
-					if z.trb {
-						z.tr = append(z.tr, z.buf[z.c:i]...)
-					}
-					z.c = i
-					return
-				}
-			}
-		}
-		if flag != 1 {
-			out = append(out, z.buf[:n2]...)
-		}
-		z.n += n2
-		if z.err != nil {
-			return
-		}
-		if z.trb {
-			z.tr = append(z.tr, z.buf[:n2]...)
-		}
-	}
-}
-
-func (z *bufioDecReader) skip(accept *bitset256) (token byte) {
-	token, _ = z.search(nil, accept, 0, 1)
-	return
-}
-
-func (z *bufioDecReader) readTo(in []byte, accept *bitset256) (out []byte) {
-	_, out = z.search(in, accept, 0, 2)
-	return
-}
-
-func (z *bufioDecReader) readUntil(in []byte, stop byte) (out []byte) {
-	_, out = z.search(in, nil, stop, 4)
-	return
-}
-
-func (z *bufioDecReader) unreadn1() {
-	err := z.UnreadByte()
-	if err != nil {
-		panic(err)
-	}
-}
-
-func (z *bufioDecReader) track() {
-	if z.tr != nil {
-		z.tr = z.tr[:0]
-	}
-	z.trb = true
-}
-
-func (z *bufioDecReader) stopTrack() (bs []byte) {
-	z.trb = false
-	return z.tr
-}
-
-// ioDecReader is a decReader that reads off an io.Reader.
-//
-// It also has a fallback implementation of ByteScanner if needed.
-type ioDecReader struct {
-	r io.Reader // the reader passed in
-
-	rr io.Reader
-	br io.ByteScanner
-
-	l   byte // last byte
-	ls  byte // last byte status. 0: init-canDoNothing, 1: canRead, 2: canUnread
-	trb bool // tracking bytes turned on
-	_   bool
-	b   [4]byte // tiny buffer for reading single bytes
-
-	x  [scratchByteArrayLen]byte // for: get struct field name, swallow valueTypeBytes, etc
-	n  int                       // num read
-	tr []byte                    // tracking bytes read
-}
-
-func (z *ioDecReader) reset(r io.Reader) {
-	z.r = r
-	z.rr = r
-	z.l, z.ls, z.n, z.trb = 0, 0, 0, false
-	if z.tr != nil {
-		z.tr = z.tr[:0]
-	}
-	var ok bool
-	if z.br, ok = r.(io.ByteScanner); !ok {
-		z.br = z
-		z.rr = z
-	}
-}
-
-func (z *ioDecReader) Read(p []byte) (n int, err error) {
-	if len(p) == 0 {
-		return
-	}
-	var firstByte bool
-	if z.ls == 1 {
-		z.ls = 2
-		p[0] = z.l
-		if len(p) == 1 {
-			n = 1
-			return
-		}
-		firstByte = true
-		p = p[1:]
-	}
-	n, err = z.r.Read(p)
-	if n > 0 {
-		if err == io.EOF && n == len(p) {
-			err = nil // read was successful, so postpone EOF (till next time)
-		}
-		z.l = p[n-1]
-		z.ls = 2
-	}
-	if firstByte {
-		n++
-	}
-	return
-}
-
-func (z *ioDecReader) ReadByte() (c byte, err error) {
-	n, err := z.Read(z.b[:1])
-	if n == 1 {
-		c = z.b[0]
-		if err == io.EOF {
-			err = nil // read was successful, so postpone EOF (till next time)
-		}
-	}
-	return
-}
-
-func (z *ioDecReader) UnreadByte() (err error) {
-	switch z.ls {
-	case 2:
-		z.ls = 1
-	case 0:
-		err = errDecUnreadByteNothingToRead
-	case 1:
-		err = errDecUnreadByteLastByteNotRead
-	default:
-		err = errDecUnreadByteUnknown
-	}
-	return
-}
-
-func (z *ioDecReader) numread() int {
-	return z.n
-}
-
-func (z *ioDecReader) readx(n int) (bs []byte) {
-	if n <= 0 {
-		return
-	}
-	if n < len(z.x) {
-		bs = z.x[:n]
-	} else {
-		bs = make([]byte, n)
-	}
-	if _, err := decReadFull(z.rr, bs); err != nil {
-		panic(err)
-	}
-	z.n += len(bs)
-	if z.trb {
-		z.tr = append(z.tr, bs...)
-	}
-	return
-}
-
-func (z *ioDecReader) readb(bs []byte) {
-	// if len(bs) == 0 {
-	// 	return
-	// }
-	if _, err := decReadFull(z.rr, bs); err != nil {
-		panic(err)
-	}
-	z.n += len(bs)
-	if z.trb {
-		z.tr = append(z.tr, bs...)
-	}
-}
-
-func (z *ioDecReader) readn1eof() (b uint8, eof bool) {
-	b, err := z.br.ReadByte()
-	if err == nil {
-		z.n++
-		if z.trb {
-			z.tr = append(z.tr, b)
-		}
-	} else if err == io.EOF {
-		eof = true
-	} else {
-		panic(err)
-	}
-	return
-}
-
-func (z *ioDecReader) readn1() (b uint8) {
-	var err error
-	if b, err = z.br.ReadByte(); err == nil {
-		z.n++
-		if z.trb {
-			z.tr = append(z.tr, b)
-		}
-		return
-	}
-	panic(err)
-}
-
-func (z *ioDecReader) skip(accept *bitset256) (token byte) {
-	for {
-		var eof bool
-		token, eof = z.readn1eof()
-		if eof {
-			return
-		}
-		if accept.isset(token) {
-			continue
-		}
-		return
-	}
-}
-
-func (z *ioDecReader) readTo(in []byte, accept *bitset256) (out []byte) {
-	out = in
-	for {
-		token, eof := z.readn1eof()
-		if eof {
-			return
-		}
-		if accept.isset(token) {
-			out = append(out, token)
-		} else {
-			z.unreadn1()
-			return
-		}
-	}
-}
-
-func (z *ioDecReader) readUntil(in []byte, stop byte) (out []byte) {
-	out = in
-	for {
-		token, eof := z.readn1eof()
-		if eof {
-			panic(io.EOF)
-		}
-		out = append(out, token)
-		if token == stop {
-			return
-		}
-	}
-}
-
-func (z *ioDecReader) unreadn1() {
-	err := z.br.UnreadByte()
-	if err != nil {
-		panic(err)
-	}
-	z.n--
-	if z.trb {
-		if l := len(z.tr) - 1; l >= 0 {
-			z.tr = z.tr[:l]
-		}
-	}
-}
-
-func (z *ioDecReader) track() {
-	if z.tr != nil {
-		z.tr = z.tr[:0]
-	}
-	z.trb = true
-}
-
-func (z *ioDecReader) stopTrack() (bs []byte) {
-	z.trb = false
-	return z.tr
-}
-
-// ------------------------------------
-
-var errBytesDecReaderCannotUnread = errors.New("cannot unread last byte read")
-
-// bytesDecReader is a decReader that reads off a byte slice with zero copying
-type bytesDecReader struct {
-	b []byte // data
-	c int    // cursor
-	a int    // available
-	t int    // track start
-}
-
-func (z *bytesDecReader) reset(in []byte) {
-	z.b = in
-	z.a = len(in)
-	z.c = 0
-	z.t = 0
-}
-
-func (z *bytesDecReader) numread() int {
-	return z.c
-}
-
-func (z *bytesDecReader) unreadn1() {
-	if z.c == 0 || len(z.b) == 0 {
-		panic(errBytesDecReaderCannotUnread)
-	}
-	z.c--
-	z.a++
-	return
-}
-
-func (z *bytesDecReader) readx(n int) (bs []byte) {
-	// slicing from a non-constant start position is more expensive,
-	// as more computation is required to decipher the pointer start position.
-	// However, we do it only once, and it's better than reslicing both z.b and return value.
-
-	if n <= 0 {
-	} else if z.a == 0 {
-		panic(io.EOF)
-	} else if n > z.a {
-		panic(io.ErrUnexpectedEOF)
-	} else {
-		c0 := z.c
-		z.c = c0 + n
-		z.a = z.a - n
-		bs = z.b[c0:z.c]
-	}
-	return
-}
-
-func (z *bytesDecReader) readb(bs []byte) {
-	copy(bs, z.readx(len(bs)))
-}
-
-func (z *bytesDecReader) readn1() (v uint8) {
-	if z.a == 0 {
-		panic(io.EOF)
-	}
-	v = z.b[z.c]
-	z.c++
-	z.a--
-	return
-}
-
-// func (z *bytesDecReader) readn1eof() (v uint8, eof bool) {
-// 	if z.a == 0 {
-// 		eof = true
-// 		return
-// 	}
-// 	v = z.b[z.c]
-// 	z.c++
-// 	z.a--
-// 	return
-// }
-
-func (z *bytesDecReader) skip(accept *bitset256) (token byte) {
-	if z.a == 0 {
-		return
-	}
-	blen := len(z.b)
-	for i := z.c; i < blen; i++ {
-		if !accept.isset(z.b[i]) {
-			token = z.b[i]
-			i++
-			z.a -= (i - z.c)
-			z.c = i
-			return
-		}
-	}
-	z.a, z.c = 0, blen
-	return
-}
-
-func (z *bytesDecReader) readTo(_ []byte, accept *bitset256) (out []byte) {
-	if z.a == 0 {
-		return
-	}
-	blen := len(z.b)
-	for i := z.c; i < blen; i++ {
-		if !accept.isset(z.b[i]) {
-			out = z.b[z.c:i]
-			z.a -= (i - z.c)
-			z.c = i
-			return
-		}
-	}
-	out = z.b[z.c:]
-	z.a, z.c = 0, blen
-	return
-}
-
-func (z *bytesDecReader) readUntil(_ []byte, stop byte) (out []byte) {
-	if z.a == 0 {
-		panic(io.EOF)
-	}
-	blen := len(z.b)
-	for i := z.c; i < blen; i++ {
-		if z.b[i] == stop {
-			i++
-			out = z.b[z.c:i]
-			z.a -= (i - z.c)
-			z.c = i
-			return
-		}
-	}
-	z.a, z.c = 0, blen
-	panic(io.EOF)
-}
-
-func (z *bytesDecReader) track() {
-	z.t = z.c
-}
-
-func (z *bytesDecReader) stopTrack() (bs []byte) {
-	return z.b[z.t:z.c]
-}
-
-// ----------------------------------------
-
-// func (d *Decoder) builtin(f *codecFnInfo, rv reflect.Value) {
-// 	d.d.DecodeBuiltin(f.ti.rtid, rv2i(rv))
-// }
-
-func (d *Decoder) rawExt(f *codecFnInfo, rv reflect.Value) {
-	d.d.DecodeExt(rv2i(rv), 0, nil)
-}
-
-func (d *Decoder) ext(f *codecFnInfo, rv reflect.Value) {
-	d.d.DecodeExt(rv2i(rv), f.xfTag, f.xfFn)
-}
-
-func (d *Decoder) selferUnmarshal(f *codecFnInfo, rv reflect.Value) {
-	rv2i(rv).(Selfer).CodecDecodeSelf(d)
-}
-
-func (d *Decoder) binaryUnmarshal(f *codecFnInfo, rv reflect.Value) {
-	bm := rv2i(rv).(encoding.BinaryUnmarshaler)
-	xbs := d.d.DecodeBytes(nil, true)
-	if fnerr := bm.UnmarshalBinary(xbs); fnerr != nil {
-		panic(fnerr)
-	}
-}
-
-func (d *Decoder) textUnmarshal(f *codecFnInfo, rv reflect.Value) {
-	tm := rv2i(rv).(encoding.TextUnmarshaler)
-	fnerr := tm.UnmarshalText(d.d.DecodeStringAsBytes())
-	if fnerr != nil {
-		panic(fnerr)
-	}
-}
-
-func (d *Decoder) jsonUnmarshal(f *codecFnInfo, rv reflect.Value) {
-	tm := rv2i(rv).(jsonUnmarshaler)
-	// bs := d.d.DecodeBytes(d.b[:], true, true)
-	// grab the bytes to be read, as UnmarshalJSON needs the full JSON so as to unmarshal it itself.
-	fnerr := tm.UnmarshalJSON(d.nextValueBytes())
-	if fnerr != nil {
-		panic(fnerr)
-	}
-}
-
-func (d *Decoder) kErr(f *codecFnInfo, rv reflect.Value) {
-	d.errorf("no decoding function defined for kind %v", rv.Kind())
-}
-
-// var kIntfCtr uint64
-
-func (d *Decoder) kInterfaceNaked(f *codecFnInfo) (rvn reflect.Value) {
-	// nil interface:
-	// use some hieristics to decode it appropriately
-	// based on the detected next value in the stream.
-	n := d.naked()
-	d.d.DecodeNaked()
-	if n.v == valueTypeNil {
-		return
-	}
-	// We cannot decode non-nil stream value into nil interface with methods (e.g. io.Reader).
-	if f.ti.numMeth > 0 {
-		d.errorf("cannot decode non-nil codec value into nil %v (%v methods)", f.ti.rt, f.ti.numMeth)
-		return
-	}
-	// var useRvn bool
-	switch n.v {
-	case valueTypeMap:
-		// if json, default to a map type with string keys
-		mtid := d.mtid
-		if mtid == 0 {
-			if d.jsms {
-				mtid = mapStrIntfTypId
-			} else {
-				mtid = mapIntfIntfTypId
-			}
-		}
-		if mtid == mapIntfIntfTypId {
-			n.initContainers()
-			if n.lm < arrayCacheLen {
-				n.ma[n.lm] = nil
-				rvn = n.rma[n.lm]
-				n.lm++
-				d.decode(&n.ma[n.lm-1])
-				n.lm--
-			} else {
-				var v2 map[interface{}]interface{}
-				d.decode(&v2)
-				rvn = reflect.ValueOf(&v2).Elem()
-			}
-		} else if mtid == mapStrIntfTypId { // for json performance
-			n.initContainers()
-			if n.ln < arrayCacheLen {
-				n.na[n.ln] = nil
-				rvn = n.rna[n.ln]
-				n.ln++
-				d.decode(&n.na[n.ln-1])
-				n.ln--
-			} else {
-				var v2 map[string]interface{}
-				d.decode(&v2)
-				rvn = reflect.ValueOf(&v2).Elem()
-			}
-		} else {
-			if d.mtr {
-				rvn = reflect.New(d.h.MapType)
-				d.decode(rv2i(rvn))
-				rvn = rvn.Elem()
-			} else {
-				rvn = reflect.New(d.h.MapType).Elem()
-				d.decodeValue(rvn, nil, true)
-			}
-		}
-	case valueTypeArray:
-		if d.stid == 0 || d.stid == intfSliceTypId {
-			n.initContainers()
-			if n.ls < arrayCacheLen {
-				n.sa[n.ls] = nil
-				rvn = n.rsa[n.ls]
-				n.ls++
-				d.decode(&n.sa[n.ls-1])
-				n.ls--
-			} else {
-				var v2 []interface{}
-				d.decode(&v2)
-				rvn = reflect.ValueOf(&v2).Elem()
-			}
-			if reflectArrayOfSupported && d.stid == 0 && d.h.PreferArrayOverSlice {
-				rvn2 := reflect.New(reflectArrayOf(rvn.Len(), intfTyp)).Elem()
-				reflect.Copy(rvn2, rvn)
-				rvn = rvn2
-			}
-		} else {
-			if d.str {
-				rvn = reflect.New(d.h.SliceType)
-				d.decode(rv2i(rvn))
-				rvn = rvn.Elem()
-			} else {
-				rvn = reflect.New(d.h.SliceType).Elem()
-				d.decodeValue(rvn, nil, true)
-			}
-		}
-	case valueTypeExt:
-		var v interface{}
-		tag, bytes := n.u, n.l // calling decode below might taint the values
-		if bytes == nil {
-			n.initContainers()
-			if n.li < arrayCacheLen {
-				n.ia[n.li] = nil
-				n.li++
-				d.decode(&n.ia[n.li-1])
-				// v = *(&n.ia[l])
-				n.li--
-				v = n.ia[n.li]
-				n.ia[n.li] = nil
-			} else {
-				d.decode(&v)
-			}
-		}
-		bfn := d.h.getExtForTag(tag)
-		if bfn == nil {
-			var re RawExt
-			re.Tag = tag
-			re.Data = detachZeroCopyBytes(d.bytes, nil, bytes)
-			re.Value = v
-			rvn = reflect.ValueOf(&re).Elem()
-		} else {
-			rvnA := reflect.New(bfn.rt)
-			if bytes != nil {
-				bfn.ext.ReadExt(rv2i(rvnA), bytes)
-			} else {
-				bfn.ext.UpdateExt(rv2i(rvnA), v)
-			}
-			rvn = rvnA.Elem()
-		}
-	case valueTypeNil:
-		// no-op
-	case valueTypeInt:
-		rvn = n.ri
-	case valueTypeUint:
-		rvn = n.ru
-	case valueTypeFloat:
-		rvn = n.rf
-	case valueTypeBool:
-		rvn = n.rb
-	case valueTypeString, valueTypeSymbol:
-		rvn = n.rs
-	case valueTypeBytes:
-		rvn = n.rl
-	case valueTypeTime:
-		rvn = n.rt
-	default:
-		panicv.errorf("kInterfaceNaked: unexpected valueType: %d", n.v)
-	}
-	return
-}
-
-func (d *Decoder) kInterface(f *codecFnInfo, rv reflect.Value) {
-	// Note:
-	// A consequence of how kInterface works, is that
-	// if an interface already contains something, we try
-	// to decode into what was there before.
-	// We do not replace with a generic value (as got from decodeNaked).
-
-	// every interface passed here MUST be settable.
-	var rvn reflect.Value
-	if rv.IsNil() || d.h.InterfaceReset {
-		// check if mapping to a type: if so, initialize it and move on
-		rvn = d.h.intf2impl(f.ti.rtid)
-		if rvn.IsValid() {
-			rv.Set(rvn)
-		} else {
-			rvn = d.kInterfaceNaked(f)
-			if rvn.IsValid() {
-				rv.Set(rvn)
-			} else if d.h.InterfaceReset {
-				// reset to zero value based on current type in there.
-				rv.Set(reflect.Zero(rv.Elem().Type()))
-			}
-			return
-		}
-	} else {
-		// now we have a non-nil interface value, meaning it contains a type
-		rvn = rv.Elem()
-	}
-	if d.d.TryDecodeAsNil() {
-		rv.Set(reflect.Zero(rvn.Type()))
-		return
-	}
-
-	// Note: interface{} is settable, but underlying type may not be.
-	// Consequently, we MAY have to create a decodable value out of the underlying value,
-	// decode into it, and reset the interface itself.
-	// fmt.Printf(">>>> kInterface: rvn type: %v, rv type: %v\n", rvn.Type(), rv.Type())
-
-	rvn2, canDecode := isDecodeable(rvn)
-	if canDecode {
-		d.decodeValue(rvn2, nil, true)
-		return
-	}
-
-	rvn2 = reflect.New(rvn.Type()).Elem()
-	rvn2.Set(rvn)
-	d.decodeValue(rvn2, nil, true)
-	rv.Set(rvn2)
-}
-
-func decStructFieldKey(dd decDriver, keyType valueType, b *[decScratchByteArrayLen]byte) (rvkencname []byte) {
-	// use if-else-if, not switch (which compiles to binary-search)
-	// since keyType is typically valueTypeString, branch prediction is pretty good.
-
-	if keyType == valueTypeString {
-		rvkencname = dd.DecodeStringAsBytes()
-	} else if keyType == valueTypeInt {
-		rvkencname = strconv.AppendInt(b[:0], dd.DecodeInt64(), 10)
-	} else if keyType == valueTypeUint {
-		rvkencname = strconv.AppendUint(b[:0], dd.DecodeUint64(), 10)
-	} else if keyType == valueTypeFloat {
-		rvkencname = strconv.AppendFloat(b[:0], dd.DecodeFloat64(), 'f', -1, 64)
-	} else {
-		rvkencname = dd.DecodeStringAsBytes()
-	}
-	return rvkencname
-}
-
-func (d *Decoder) kStruct(f *codecFnInfo, rv reflect.Value) {
-	fti := f.ti
-	dd := d.d
-	elemsep := d.esep
-	sfn := structFieldNode{v: rv, update: true}
-	ctyp := dd.ContainerType()
-	if ctyp == valueTypeMap {
-		containerLen := dd.ReadMapStart()
-		if containerLen == 0 {
-			dd.ReadMapEnd()
-			return
-		}
-		tisfi := fti.sfiSort
-		hasLen := containerLen >= 0
-
-		var rvkencname []byte
-		for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-			if elemsep {
-				dd.ReadMapElemKey()
-			}
-			rvkencname = decStructFieldKey(dd, fti.keyType, &d.b)
-			if elemsep {
-				dd.ReadMapElemValue()
-			}
-			if k := fti.indexForEncName(rvkencname); k > -1 {
-				si := tisfi[k]
-				if dd.TryDecodeAsNil() {
-					si.setToZeroValue(rv)
-				} else {
-					d.decodeValue(sfn.field(si), nil, true)
-				}
-			} else {
-				d.structFieldNotFound(-1, stringView(rvkencname))
-			}
-			// keepAlive4StringView(rvkencnameB) // not needed, as reference is outside loop
-		}
-		dd.ReadMapEnd()
-	} else if ctyp == valueTypeArray {
-		containerLen := dd.ReadArrayStart()
-		if containerLen == 0 {
-			dd.ReadArrayEnd()
-			return
-		}
-		// Not much gain from doing it two ways for array.
-		// Arrays are not used as much for structs.
-		hasLen := containerLen >= 0
-		for j, si := range fti.sfiSrc {
-			if (hasLen && j == containerLen) || (!hasLen && dd.CheckBreak()) {
-				break
-			}
-			if elemsep {
-				dd.ReadArrayElem()
-			}
-			if dd.TryDecodeAsNil() {
-				si.setToZeroValue(rv)
-			} else {
-				d.decodeValue(sfn.field(si), nil, true)
-			}
-		}
-		if containerLen > len(fti.sfiSrc) {
-			// read remaining values and throw away
-			for j := len(fti.sfiSrc); j < containerLen; j++ {
-				if elemsep {
-					dd.ReadArrayElem()
-				}
-				d.structFieldNotFound(j, "")
-			}
-		}
-		dd.ReadArrayEnd()
-	} else {
-		d.errorstr(errstrOnlyMapOrArrayCanDecodeIntoStruct)
-		return
-	}
-}
-
-func (d *Decoder) kSlice(f *codecFnInfo, rv reflect.Value) {
-	// A slice can be set from a map or array in stream.
-	// This way, the order can be kept (as order is lost with map).
-	ti := f.ti
-	if f.seq == seqTypeChan && ti.chandir&uint8(reflect.SendDir) == 0 {
-		d.errorf("receive-only channel cannot be decoded")
-	}
-	dd := d.d
-	rtelem0 := ti.elem
-	ctyp := dd.ContainerType()
-	if ctyp == valueTypeBytes || ctyp == valueTypeString {
-		// you can only decode bytes or string in the stream into a slice or array of bytes
-		if !(ti.rtid == uint8SliceTypId || rtelem0.Kind() == reflect.Uint8) {
-			d.errorf("bytes/string in stream must decode into slice/array of bytes, not %v", ti.rt)
-		}
-		if f.seq == seqTypeChan {
-			bs2 := dd.DecodeBytes(nil, true)
-			irv := rv2i(rv)
-			ch, ok := irv.(chan<- byte)
-			if !ok {
-				ch = irv.(chan byte)
-			}
-			for _, b := range bs2 {
-				ch <- b
-			}
-		} else {
-			rvbs := rv.Bytes()
-			bs2 := dd.DecodeBytes(rvbs, false)
-			// if rvbs == nil && bs2 != nil || rvbs != nil && bs2 == nil || len(bs2) != len(rvbs) {
-			if !(len(bs2) > 0 && len(bs2) == len(rvbs) && &bs2[0] == &rvbs[0]) {
-				if rv.CanSet() {
-					rv.SetBytes(bs2)
-				} else if len(rvbs) > 0 && len(bs2) > 0 {
-					copy(rvbs, bs2)
-				}
-			}
-		}
-		return
-	}
-
-	// array := f.seq == seqTypeChan
-
-	slh, containerLenS := d.decSliceHelperStart() // only expects valueType(Array|Map)
-
-	// an array can never return a nil slice. so no need to check f.array here.
-	if containerLenS == 0 {
-		if rv.CanSet() {
-			if f.seq == seqTypeSlice {
-				if rv.IsNil() {
-					rv.Set(reflect.MakeSlice(ti.rt, 0, 0))
-				} else {
-					rv.SetLen(0)
-				}
-			} else if f.seq == seqTypeChan {
-				if rv.IsNil() {
-					rv.Set(reflect.MakeChan(ti.rt, 0))
-				}
-			}
-		}
-		slh.End()
-		return
-	}
-
-	rtelem0Size := int(rtelem0.Size())
-	rtElem0Kind := rtelem0.Kind()
-	rtelem0Mut := !isImmutableKind(rtElem0Kind)
-	rtelem := rtelem0
-	rtelemkind := rtelem.Kind()
-	for rtelemkind == reflect.Ptr {
-		rtelem = rtelem.Elem()
-		rtelemkind = rtelem.Kind()
-	}
-
-	var fn *codecFn
-
-	var rvCanset = rv.CanSet()
-	var rvChanged bool
-	var rv0 = rv
-	var rv9 reflect.Value
-
-	rvlen := rv.Len()
-	rvcap := rv.Cap()
-	hasLen := containerLenS > 0
-	if hasLen && f.seq == seqTypeSlice {
-		if containerLenS > rvcap {
-			oldRvlenGtZero := rvlen > 0
-			rvlen = decInferLen(containerLenS, d.h.MaxInitLen, int(rtelem0.Size()))
-			if rvlen <= rvcap {
-				if rvCanset {
-					rv.SetLen(rvlen)
-				}
-			} else if rvCanset {
-				rv = reflect.MakeSlice(ti.rt, rvlen, rvlen)
-				rvcap = rvlen
-				rvChanged = true
-			} else {
-				d.errorf("cannot decode into non-settable slice")
-			}
-			if rvChanged && oldRvlenGtZero && !isImmutableKind(rtelem0.Kind()) {
-				reflect.Copy(rv, rv0) // only copy up to length NOT cap i.e. rv0.Slice(0, rvcap)
-			}
-		} else if containerLenS != rvlen {
-			rvlen = containerLenS
-			if rvCanset {
-				rv.SetLen(rvlen)
-			}
-			// else {
-			// rv = rv.Slice(0, rvlen)
-			// rvChanged = true
-			// d.errorf("cannot decode into non-settable slice")
-			// }
-		}
-	}
-
-	// consider creating new element once, and just decoding into it.
-	var rtelem0Zero reflect.Value
-	var rtelem0ZeroValid bool
-	var decodeAsNil bool
-	var j int
-	d.cfer()
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && (f.seq == seqTypeSlice || f.seq == seqTypeChan) && rv.IsNil() {
-			if hasLen {
-				rvlen = decInferLen(containerLenS, d.h.MaxInitLen, rtelem0Size)
-			} else if f.seq == seqTypeSlice {
-				rvlen = decDefSliceCap
-			} else {
-				rvlen = decDefChanCap
-			}
-			if rvCanset {
-				if f.seq == seqTypeSlice {
-					rv = reflect.MakeSlice(ti.rt, rvlen, rvlen)
-					rvChanged = true
-				} else { // chan
-					// xdebugf(">>>>>> haslen = %v, make chan of type '%v' with length: %v", hasLen, ti.rt, rvlen)
-					rv = reflect.MakeChan(ti.rt, rvlen)
-					rvChanged = true
-				}
-			} else {
-				d.errorf("cannot decode into non-settable slice")
-			}
-		}
-		slh.ElemContainerState(j)
-		decodeAsNil = dd.TryDecodeAsNil()
-		if f.seq == seqTypeChan {
-			if decodeAsNil {
-				rv.Send(reflect.Zero(rtelem0))
-				continue
-			}
-			if rtelem0Mut || !rv9.IsValid() { // || (rtElem0Kind == reflect.Ptr && rv9.IsNil()) {
-				rv9 = reflect.New(rtelem0).Elem()
-			}
-			if fn == nil {
-				fn = d.cf.get(rtelem, true, true)
-			}
-			d.decodeValue(rv9, fn, true)
-			// xdebugf(">>>> rv9 sent on %v during decode: %v, with len=%v, cap=%v", rv.Type(), rv9, rv.Len(), rv.Cap())
-			rv.Send(rv9)
-		} else {
-			// if indefinite, etc, then expand the slice if necessary
-			var decodeIntoBlank bool
-			if j >= rvlen {
-				if f.seq == seqTypeArray {
-					d.arrayCannotExpand(rvlen, j+1)
-					decodeIntoBlank = true
-				} else { // if f.seq == seqTypeSlice
-					// rv = reflect.Append(rv, reflect.Zero(rtelem0)) // append logic + varargs
-					var rvcap2 int
-					var rvErrmsg2 string
-					rv9, rvcap2, rvChanged, rvErrmsg2 =
-						expandSliceRV(rv, ti.rt, rvCanset, rtelem0Size, 1, rvlen, rvcap)
-					if rvErrmsg2 != "" {
-						d.errorf(rvErrmsg2)
-					}
-					rvlen++
-					if rvChanged {
-						rv = rv9
-						rvcap = rvcap2
-					}
-				}
-			}
-			if decodeIntoBlank {
-				if !decodeAsNil {
-					d.swallow()
-				}
-			} else {
-				rv9 = rv.Index(j)
-				if d.h.SliceElementReset || decodeAsNil {
-					if !rtelem0ZeroValid {
-						rtelem0ZeroValid = true
-						rtelem0Zero = reflect.Zero(rtelem0)
-					}
-					rv9.Set(rtelem0Zero)
-				}
-				if decodeAsNil {
-					continue
-				}
-
-				if fn == nil {
-					fn = d.cf.get(rtelem, true, true)
-				}
-				d.decodeValue(rv9, fn, true)
-			}
-		}
-	}
-	if f.seq == seqTypeSlice {
-		if j < rvlen {
-			if rv.CanSet() {
-				rv.SetLen(j)
-			} else if rvCanset {
-				rv = rv.Slice(0, j)
-				rvChanged = true
-			} // else { d.errorf("kSlice: cannot change non-settable slice") }
-			rvlen = j
-		} else if j == 0 && rv.IsNil() {
-			if rvCanset {
-				rv = reflect.MakeSlice(ti.rt, 0, 0)
-				rvChanged = true
-			} // else { d.errorf("kSlice: cannot change non-settable slice") }
-		}
-	}
-	slh.End()
-
-	if rvChanged { // infers rvCanset=true, so it can be reset
-		rv0.Set(rv)
-	}
-}
-
-// func (d *Decoder) kArray(f *codecFnInfo, rv reflect.Value) {
-// 	// d.decodeValueFn(rv.Slice(0, rv.Len()))
-// 	f.kSlice(rv.Slice(0, rv.Len()))
-// }
-
-func (d *Decoder) kMap(f *codecFnInfo, rv reflect.Value) {
-	dd := d.d
-	containerLen := dd.ReadMapStart()
-	elemsep := d.esep
-	ti := f.ti
-	if rv.IsNil() {
-		rv.Set(makeMapReflect(ti.rt, containerLen))
-	}
-
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return
-	}
-
-	ktype, vtype := ti.key, ti.elem
-	ktypeId := rt2id(ktype)
-	vtypeKind := vtype.Kind()
-
-	var keyFn, valFn *codecFn
-	var ktypeLo, vtypeLo reflect.Type
-
-	for ktypeLo = ktype; ktypeLo.Kind() == reflect.Ptr; ktypeLo = ktypeLo.Elem() {
-	}
-
-	for vtypeLo = vtype; vtypeLo.Kind() == reflect.Ptr; vtypeLo = vtypeLo.Elem() {
-	}
-
-	var mapGet, mapSet bool
-	rvvImmut := isImmutableKind(vtypeKind)
-	if !d.h.MapValueReset {
-		// if pointer, mapGet = true
-		// if interface, mapGet = true if !DecodeNakedAlways (else false)
-		// if builtin, mapGet = false
-		// else mapGet = true
-		if vtypeKind == reflect.Ptr {
-			mapGet = true
-		} else if vtypeKind == reflect.Interface {
-			if !d.h.InterfaceReset {
-				mapGet = true
-			}
-		} else if !rvvImmut {
-			mapGet = true
-		}
-	}
-
-	var rvk, rvkp, rvv, rvz reflect.Value
-	rvkMut := !isImmutableKind(ktype.Kind()) // if ktype is immutable, then re-use the same rvk.
-	ktypeIsString := ktypeId == stringTypId
-	ktypeIsIntf := ktypeId == intfTypId
-	hasLen := containerLen > 0
-	var kstrbs []byte
-	d.cfer()
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if rvkMut || !rvkp.IsValid() {
-			rvkp = reflect.New(ktype)
-			rvk = rvkp.Elem()
-		}
-		if elemsep {
-			dd.ReadMapElemKey()
-		}
-		if false && dd.TryDecodeAsNil() { // nil cannot be a map key, so disregard this block
-			// Previously, if a nil key, we just ignored the mapped value and continued.
-			// However, that makes the result of encoding and then decoding map[intf]intf{nil:nil}
-			// to be an empty map.
-			// Instead, we treat a nil key as the zero value of the type.
-			rvk.Set(reflect.Zero(ktype))
-		} else if ktypeIsString {
-			kstrbs = dd.DecodeStringAsBytes()
-			rvk.SetString(stringView(kstrbs))
-			// NOTE: if doing an insert, you MUST use a real string (not stringview)
-		} else {
-			if keyFn == nil {
-				keyFn = d.cf.get(ktypeLo, true, true)
-			}
-			d.decodeValue(rvk, keyFn, true)
-		}
-		// special case if a byte array.
-		if ktypeIsIntf {
-			if rvk2 := rvk.Elem(); rvk2.IsValid() {
-				if rvk2.Type() == uint8SliceTyp {
-					rvk = reflect.ValueOf(d.string(rvk2.Bytes()))
-				} else {
-					rvk = rvk2
-				}
-			}
-		}
-
-		if elemsep {
-			dd.ReadMapElemValue()
-		}
-
-		// Brittle, but OK per TryDecodeAsNil() contract.
-		// i.e. TryDecodeAsNil never shares slices with other decDriver procedures
-		if dd.TryDecodeAsNil() {
-			if ktypeIsString {
-				rvk.SetString(d.string(kstrbs))
-			}
-			if d.h.DeleteOnNilMapValue {
-				rv.SetMapIndex(rvk, reflect.Value{})
-			} else {
-				rv.SetMapIndex(rvk, reflect.Zero(vtype))
-			}
-			continue
-		}
-
-		mapSet = true // set to false if u do a get, and its a non-nil pointer
-		if mapGet {
-			// mapGet true only in case where kind=Ptr|Interface or kind is otherwise mutable.
-			rvv = rv.MapIndex(rvk)
-			if !rvv.IsValid() {
-				rvv = reflect.New(vtype).Elem()
-			} else if vtypeKind == reflect.Ptr {
-				if rvv.IsNil() {
-					rvv = reflect.New(vtype).Elem()
-				} else {
-					mapSet = false
-				}
-			} else if vtypeKind == reflect.Interface {
-				// not addressable, and thus not settable.
-				// e MUST create a settable/addressable variant
-				rvv2 := reflect.New(rvv.Type()).Elem()
-				if !rvv.IsNil() {
-					rvv2.Set(rvv)
-				}
-				rvv = rvv2
-			}
-			// else it is ~mutable, and we can just decode into it directly
-		} else if rvvImmut {
-			if !rvz.IsValid() {
-				rvz = reflect.New(vtype).Elem()
-			}
-			rvv = rvz
-		} else {
-			rvv = reflect.New(vtype).Elem()
-		}
-
-		// We MUST be done with the stringview of the key, before decoding the value
-		// so that we don't bastardize the reused byte array.
-		if mapSet && ktypeIsString {
-			rvk.SetString(d.string(kstrbs))
-		}
-		if valFn == nil {
-			valFn = d.cf.get(vtypeLo, true, true)
-		}
-		d.decodeValue(rvv, valFn, true)
-		// d.decodeValueFn(rvv, valFn)
-		if mapSet {
-			rv.SetMapIndex(rvk, rvv)
-		}
-		// if ktypeIsString {
-		// 	// keepAlive4StringView(kstrbs) // not needed, as reference is outside loop
-		// }
-	}
-
-	dd.ReadMapEnd()
-}
-
-// decNaked is used to keep track of the primitives decoded.
-// Without it, we would have to decode each primitive and wrap it
-// in an interface{}, causing an allocation.
-// In this model, the primitives are decoded in a "pseudo-atomic" fashion,
-// so we can rest assured that no other decoding happens while these
-// primitives are being decoded.
-//
-// maps and arrays are not handled by this mechanism.
-// However, RawExt is, and we accommodate for extensions that decode
-// RawExt from DecodeNaked, but need to decode the value subsequently.
-// kInterfaceNaked and swallow, which call DecodeNaked, handle this caveat.
-//
-// However, decNaked also keeps some arrays of default maps and slices
-// used in DecodeNaked. This way, we can get a pointer to it
-// without causing a new heap allocation.
-//
-// kInterfaceNaked will ensure that there is no allocation for the common
-// uses.
-
-type decNakedContainers struct {
-	// array/stacks for reducing allocation
-	// keep arrays at the bottom? Chance is that they are not used much.
-	ia [arrayCacheLen]interface{}
-	ma [arrayCacheLen]map[interface{}]interface{}
-	na [arrayCacheLen]map[string]interface{}
-	sa [arrayCacheLen][]interface{}
-
-	// ria [arrayCacheLen]reflect.Value // not needed, as we decode directly into &ia[n]
-	rma, rna, rsa [arrayCacheLen]reflect.Value // reflect.Value mapping to above
-}
-
-func (n *decNakedContainers) init() {
-	for i := 0; i < arrayCacheLen; i++ {
-		// n.ria[i] = reflect.ValueOf(&(n.ia[i])).Elem()
-		n.rma[i] = reflect.ValueOf(&(n.ma[i])).Elem()
-		n.rna[i] = reflect.ValueOf(&(n.na[i])).Elem()
-		n.rsa[i] = reflect.ValueOf(&(n.sa[i])).Elem()
-	}
-}
-
-type decNaked struct {
-	// r RawExt // used for RawExt, uint, []byte.
-
-	// primitives below
-	u uint64
-	i int64
-	f float64
-	l []byte
-	s string
-
-	// ---- cpu cache line boundary?
-	t time.Time
-	b bool
-
-	// state
-	v              valueType
-	li, lm, ln, ls int8
-	inited         bool
-
-	*decNakedContainers
-
-	ru, ri, rf, rl, rs, rb, rt reflect.Value // mapping to the primitives above
-
-	// _ [6]uint64 // padding // no padding - rt goes into next cache line
-}
-
-func (n *decNaked) init() {
-	if n.inited {
-		return
-	}
-	n.ru = reflect.ValueOf(&n.u).Elem()
-	n.ri = reflect.ValueOf(&n.i).Elem()
-	n.rf = reflect.ValueOf(&n.f).Elem()
-	n.rl = reflect.ValueOf(&n.l).Elem()
-	n.rs = reflect.ValueOf(&n.s).Elem()
-	n.rt = reflect.ValueOf(&n.t).Elem()
-	n.rb = reflect.ValueOf(&n.b).Elem()
-
-	n.inited = true
-	// n.rr[] = reflect.ValueOf(&n.)
-}
-
-func (n *decNaked) initContainers() {
-	if n.decNakedContainers == nil {
-		n.decNakedContainers = new(decNakedContainers)
-		n.decNakedContainers.init()
-	}
-}
-
-func (n *decNaked) reset() {
-	if n == nil {
-		return
-	}
-	n.li, n.lm, n.ln, n.ls = 0, 0, 0, 0
-}
-
-type rtid2rv struct {
-	rtid uintptr
-	rv   reflect.Value
-}
-
-// --------------
-
-type decReaderSwitch struct {
-	rb bytesDecReader
-	// ---- cpu cache line boundary?
-	ri       *ioDecReader
-	mtr, str bool // whether maptype or slicetype are known types
-
-	be    bool // is binary encoding
-	bytes bool // is bytes reader
-	js    bool // is json handle
-	jsms  bool // is json handle, and MapKeyAsString
-	esep  bool // has elem separators
-}
-
-// TODO: Uncomment after mid-stack inlining enabled in go 1.11
-//
-// func (z *decReaderSwitch) unreadn1() {
-// 	if z.bytes {
-// 		z.rb.unreadn1()
-// 	} else {
-// 		z.ri.unreadn1()
-// 	}
-// }
-// func (z *decReaderSwitch) readx(n int) []byte {
-// 	if z.bytes {
-// 		return z.rb.readx(n)
-// 	}
-// 	return z.ri.readx(n)
-// }
-// func (z *decReaderSwitch) readb(s []byte) {
-// 	if z.bytes {
-// 		z.rb.readb(s)
-// 	} else {
-// 		z.ri.readb(s)
-// 	}
-// }
-// func (z *decReaderSwitch) readn1() uint8 {
-// 	if z.bytes {
-// 		return z.rb.readn1()
-// 	}
-// 	return z.ri.readn1()
-// }
-// func (z *decReaderSwitch) numread() int {
-// 	if z.bytes {
-// 		return z.rb.numread()
-// 	}
-// 	return z.ri.numread()
-// }
-// func (z *decReaderSwitch) track() {
-// 	if z.bytes {
-// 		z.rb.track()
-// 	} else {
-// 		z.ri.track()
-// 	}
-// }
-// func (z *decReaderSwitch) stopTrack() []byte {
-// 	if z.bytes {
-// 		return z.rb.stopTrack()
-// 	}
-// 	return z.ri.stopTrack()
-// }
-// func (z *decReaderSwitch) skip(accept *bitset256) (token byte) {
-// 	if z.bytes {
-// 		return z.rb.skip(accept)
-// 	}
-// 	return z.ri.skip(accept)
-// }
-// func (z *decReaderSwitch) readTo(in []byte, accept *bitset256) (out []byte) {
-// 	if z.bytes {
-// 		return z.rb.readTo(in, accept)
-// 	}
-// 	return z.ri.readTo(in, accept)
-// }
-// func (z *decReaderSwitch) readUntil(in []byte, stop byte) (out []byte) {
-// 	if z.bytes {
-// 		return z.rb.readUntil(in, stop)
-// 	}
-// 	return z.ri.readUntil(in, stop)
-// }
-
-// A Decoder reads and decodes an object from an input stream in the codec format.
-type Decoder struct {
-	panicHdl
-	// hopefully, reduce derefencing cost by laying the decReader inside the Decoder.
-	// Try to put things that go together to fit within a cache line (8 words).
-
-	d decDriver
-	// NOTE: Decoder shouldn't call it's read methods,
-	// as the handler MAY need to do some coordination.
-	r  decReader
-	h  *BasicHandle
-	bi *bufioDecReader
-	// cache the mapTypeId and sliceTypeId for faster comparisons
-	mtid uintptr
-	stid uintptr
-
-	// ---- cpu cache line boundary?
-	decReaderSwitch
-
-	// ---- cpu cache line boundary?
-	codecFnPooler
-	// cr containerStateRecv
-	n   *decNaked
-	nsp *sync.Pool
-	err error
-
-	// ---- cpu cache line boundary?
-	b  [decScratchByteArrayLen]byte // scratch buffer, used by Decoder and xxxEncDrivers
-	is map[string]string            // used for interning strings
-
-	// padding - false sharing help // modify 232 if Decoder struct changes.
-	// _ [cacheLineSize - 232%cacheLineSize]byte
-}
-
-// NewDecoder returns a Decoder for decoding a stream of bytes from an io.Reader.
-//
-// For efficiency, Users are encouraged to pass in a memory buffered reader
-// (eg bufio.Reader, bytes.Buffer).
-func NewDecoder(r io.Reader, h Handle) *Decoder {
-	d := newDecoder(h)
-	d.Reset(r)
-	return d
-}
-
-// NewDecoderBytes returns a Decoder which efficiently decodes directly
-// from a byte slice with zero copying.
-func NewDecoderBytes(in []byte, h Handle) *Decoder {
-	d := newDecoder(h)
-	d.ResetBytes(in)
-	return d
-}
-
-var defaultDecNaked decNaked
-
-func newDecoder(h Handle) *Decoder {
-	d := &Decoder{h: h.getBasicHandle(), err: errDecoderNotInitialized}
-	d.hh = h
-	d.be = h.isBinary()
-	// NOTE: do not initialize d.n here. It is lazily initialized in d.naked()
-	var jh *JsonHandle
-	jh, d.js = h.(*JsonHandle)
-	if d.js {
-		d.jsms = jh.MapKeyAsString
-	}
-	d.esep = d.hh.hasElemSeparators()
-	if d.h.InternString {
-		d.is = make(map[string]string, 32)
-	}
-	d.d = h.newDecDriver(d)
-	// d.cr, _ = d.d.(containerStateRecv)
-	return d
-}
-
-func (d *Decoder) resetCommon() {
-	d.n.reset()
-	d.d.reset()
-	d.err = nil
-	// reset all things which were cached from the Handle, but could change
-	d.mtid, d.stid = 0, 0
-	d.mtr, d.str = false, false
-	if d.h.MapType != nil {
-		d.mtid = rt2id(d.h.MapType)
-		d.mtr = fastpathAV.index(d.mtid) != -1
-	}
-	if d.h.SliceType != nil {
-		d.stid = rt2id(d.h.SliceType)
-		d.str = fastpathAV.index(d.stid) != -1
-	}
-}
-
-// Reset the Decoder with a new Reader to decode from,
-// clearing all state from last run(s).
-func (d *Decoder) Reset(r io.Reader) {
-	if r == nil {
-		return
-	}
-	if d.bi == nil {
-		d.bi = new(bufioDecReader)
-	}
-	d.bytes = false
-	if d.h.ReaderBufferSize > 0 {
-		d.bi.buf = make([]byte, 0, d.h.ReaderBufferSize)
-		d.bi.reset(r)
-		d.r = d.bi
-	} else {
-		// d.ri.x = &d.b
-		// d.s = d.sa[:0]
-		if d.ri == nil {
-			d.ri = new(ioDecReader)
-		}
-		d.ri.reset(r)
-		d.r = d.ri
-	}
-	d.resetCommon()
-}
-
-// ResetBytes resets the Decoder with a new []byte to decode from,
-// clearing all state from last run(s).
-func (d *Decoder) ResetBytes(in []byte) {
-	if in == nil {
-		return
-	}
-	d.bytes = true
-	d.rb.reset(in)
-	d.r = &d.rb
-	d.resetCommon()
-}
-
-// naked must be called before each call to .DecodeNaked,
-// as they will use it.
-func (d *Decoder) naked() *decNaked {
-	if d.n == nil {
-		// consider one of:
-		//   - get from sync.Pool  (if GC is frequent, there's no value here)
-		//   - new alloc           (safest. only init'ed if it a naked decode will be done)
-		//   - field in Decoder    (makes the Decoder struct very big)
-		// To support using a decoder where a DecodeNaked is not needed,
-		// we prefer #1 or #2.
-		// d.n = new(decNaked) // &d.nv // new(decNaked) // grab from a sync.Pool
-		// d.n.init()
-		var v interface{}
-		d.nsp, v = pool.decNaked()
-		d.n = v.(*decNaked)
-	}
-	return d.n
-}
-
-// Decode decodes the stream from reader and stores the result in the
-// value pointed to by v. v cannot be a nil pointer. v can also be
-// a reflect.Value of a pointer.
-//
-// Note that a pointer to a nil interface is not a nil pointer.
-// If you do not know what type of stream it is, pass in a pointer to a nil interface.
-// We will decode and store a value in that nil interface.
-//
-// Sample usages:
-//   // Decoding into a non-nil typed value
-//   var f float32
-//   err = codec.NewDecoder(r, handle).Decode(&f)
-//
-//   // Decoding into nil interface
-//   var v interface{}
-//   dec := codec.NewDecoder(r, handle)
-//   err = dec.Decode(&v)
-//
-// When decoding into a nil interface{}, we will decode into an appropriate value based
-// on the contents of the stream:
-//   - Numbers are decoded as float64, int64 or uint64.
-//   - Other values are decoded appropriately depending on the type:
-//     bool, string, []byte, time.Time, etc
-//   - Extensions are decoded as RawExt (if no ext function registered for the tag)
-// Configurations exist on the Handle to override defaults
-// (e.g. for MapType, SliceType and how to decode raw bytes).
-//
-// When decoding into a non-nil interface{} value, the mode of encoding is based on the
-// type of the value. When a value is seen:
-//   - If an extension is registered for it, call that extension function
-//   - If it implements BinaryUnmarshaler, call its UnmarshalBinary(data []byte) error
-//   - Else decode it based on its reflect.Kind
-//
-// There are some special rules when decoding into containers (slice/array/map/struct).
-// Decode will typically use the stream contents to UPDATE the container.
-//   - A map can be decoded from a stream map, by updating matching keys.
-//   - A slice can be decoded from a stream array,
-//     by updating the first n elements, where n is length of the stream.
-//   - A slice can be decoded from a stream map, by decoding as if
-//     it contains a sequence of key-value pairs.
-//   - A struct can be decoded from a stream map, by updating matching fields.
-//   - A struct can be decoded from a stream array,
-//     by updating fields as they occur in the struct (by index).
-//
-// When decoding a stream map or array with length of 0 into a nil map or slice,
-// we reset the destination map or slice to a zero-length value.
-//
-// However, when decoding a stream nil, we reset the destination container
-// to its "zero" value (e.g. nil for slice/map, etc).
-//
-// Note: we allow nil values in the stream anywhere except for map keys.
-// A nil value in the encoded stream where a map key is expected is treated as an error.
-func (d *Decoder) Decode(v interface{}) (err error) {
-	defer d.deferred(&err)
-	d.MustDecode(v)
-	return
-}
-
-// MustDecode is like Decode, but panics if unable to Decode.
-// This provides insight to the code location that triggered the error.
-func (d *Decoder) MustDecode(v interface{}) {
-	// TODO: Top-level: ensure that v is a pointer and not nil.
-	if d.err != nil {
-		panic(d.err)
-	}
-	if d.d.TryDecodeAsNil() {
-		setZero(v)
-	} else {
-		d.decode(v)
-	}
-	d.alwaysAtEnd()
-	// xprintf(">>>>>>>> >>>>>>>> num decFns: %v\n", d.cf.sn)
-}
-
-func (d *Decoder) deferred(err1 *error) {
-	d.alwaysAtEnd()
-	if recoverPanicToErr {
-		if x := recover(); x != nil {
-			panicValToErr(d, x, err1)
-			panicValToErr(d, x, &d.err)
-		}
-	}
-}
-
-func (d *Decoder) alwaysAtEnd() {
-	if d.n != nil {
-		// if n != nil, then nsp != nil (they are always set together)
-		d.nsp.Put(d.n)
-		d.n, d.nsp = nil, nil
-	}
-	d.codecFnPooler.alwaysAtEnd()
-}
-
-// // this is not a smart swallow, as it allocates objects and does unnecessary work.
-// func (d *Decoder) swallowViaHammer() {
-// 	var blank interface{}
-// 	d.decodeValueNoFn(reflect.ValueOf(&blank).Elem())
-// }
-
-func (d *Decoder) swallow() {
-	// smarter decode that just swallows the content
-	dd := d.d
-	if dd.TryDecodeAsNil() {
-		return
-	}
-	elemsep := d.esep
-	switch dd.ContainerType() {
-	case valueTypeMap:
-		containerLen := dd.ReadMapStart()
-		hasLen := containerLen >= 0
-		for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-			// if clenGtEqualZero {if j >= containerLen {break} } else if dd.CheckBreak() {break}
-			if elemsep {
-				dd.ReadMapElemKey()
-			}
-			d.swallow()
-			if elemsep {
-				dd.ReadMapElemValue()
-			}
-			d.swallow()
-		}
-		dd.ReadMapEnd()
-	case valueTypeArray:
-		containerLen := dd.ReadArrayStart()
-		hasLen := containerLen >= 0
-		for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-			if elemsep {
-				dd.ReadArrayElem()
-			}
-			d.swallow()
-		}
-		dd.ReadArrayEnd()
-	case valueTypeBytes:
-		dd.DecodeBytes(d.b[:], true)
-	case valueTypeString:
-		dd.DecodeStringAsBytes()
-	default:
-		// these are all primitives, which we can get from decodeNaked
-		// if RawExt using Value, complete the processing.
-		n := d.naked()
-		dd.DecodeNaked()
-		if n.v == valueTypeExt && n.l == nil {
-			n.initContainers()
-			if n.li < arrayCacheLen {
-				n.ia[n.li] = nil
-				n.li++
-				d.decode(&n.ia[n.li-1])
-				n.ia[n.li-1] = nil
-				n.li--
-			} else {
-				var v2 interface{}
-				d.decode(&v2)
-			}
-		}
-	}
-}
-
-func setZero(iv interface{}) {
-	if iv == nil || definitelyNil(iv) {
-		return
-	}
-	var canDecode bool
-	switch v := iv.(type) {
-	case *string:
-		*v = ""
-	case *bool:
-		*v = false
-	case *int:
-		*v = 0
-	case *int8:
-		*v = 0
-	case *int16:
-		*v = 0
-	case *int32:
-		*v = 0
-	case *int64:
-		*v = 0
-	case *uint:
-		*v = 0
-	case *uint8:
-		*v = 0
-	case *uint16:
-		*v = 0
-	case *uint32:
-		*v = 0
-	case *uint64:
-		*v = 0
-	case *float32:
-		*v = 0
-	case *float64:
-		*v = 0
-	case *[]uint8:
-		*v = nil
-	case *Raw:
-		*v = nil
-	case *time.Time:
-		*v = time.Time{}
-	case reflect.Value:
-		if v, canDecode = isDecodeable(v); canDecode && v.CanSet() {
-			v.Set(reflect.Zero(v.Type()))
-		} // TODO: else drain if chan, clear if map, set all to nil if slice???
-	default:
-		if !fastpathDecodeSetZeroTypeSwitch(iv) {
-			v := reflect.ValueOf(iv)
-			if v, canDecode = isDecodeable(v); canDecode && v.CanSet() {
-				v.Set(reflect.Zero(v.Type()))
-			} // TODO: else drain if chan, clear if map, set all to nil if slice???
-		}
-	}
-}
-
-func (d *Decoder) decode(iv interface{}) {
-	// check nil and interfaces explicitly,
-	// so that type switches just have a run of constant non-interface types.
-	if iv == nil {
-		d.errorstr(errstrCannotDecodeIntoNil)
-		return
-	}
-	if v, ok := iv.(Selfer); ok {
-		v.CodecDecodeSelf(d)
-		return
-	}
-
-	switch v := iv.(type) {
-	// case nil:
-	// case Selfer:
-
-	case reflect.Value:
-		v = d.ensureDecodeable(v)
-		d.decodeValue(v, nil, true)
-
-	case *string:
-		*v = d.d.DecodeString()
-	case *bool:
-		*v = d.d.DecodeBool()
-	case *int:
-		*v = int(chkOvf.IntV(d.d.DecodeInt64(), intBitsize))
-	case *int8:
-		*v = int8(chkOvf.IntV(d.d.DecodeInt64(), 8))
-	case *int16:
-		*v = int16(chkOvf.IntV(d.d.DecodeInt64(), 16))
-	case *int32:
-		*v = int32(chkOvf.IntV(d.d.DecodeInt64(), 32))
-	case *int64:
-		*v = d.d.DecodeInt64()
-	case *uint:
-		*v = uint(chkOvf.UintV(d.d.DecodeUint64(), uintBitsize))
-	case *uint8:
-		*v = uint8(chkOvf.UintV(d.d.DecodeUint64(), 8))
-	case *uint16:
-		*v = uint16(chkOvf.UintV(d.d.DecodeUint64(), 16))
-	case *uint32:
-		*v = uint32(chkOvf.UintV(d.d.DecodeUint64(), 32))
-	case *uint64:
-		*v = d.d.DecodeUint64()
-	case *float32:
-		f64 := d.d.DecodeFloat64()
-		if chkOvf.Float32(f64) {
-			d.errorf("float32 overflow: %v", f64)
-		}
-		*v = float32(f64)
-	case *float64:
-		*v = d.d.DecodeFloat64()
-	case *[]uint8:
-		*v = d.d.DecodeBytes(*v, false)
-	case []uint8:
-		b := d.d.DecodeBytes(v, false)
-		if !(len(b) > 0 && len(b) == len(v) && &b[0] == &v[0]) {
-			copy(v, b)
-		}
-	case *time.Time:
-		*v = d.d.DecodeTime()
-	case *Raw:
-		*v = d.rawBytes()
-
-	case *interface{}:
-		d.decodeValue(reflect.ValueOf(iv).Elem(), nil, true)
-		// d.decodeValueNotNil(reflect.ValueOf(iv).Elem())
-
-	default:
-		if !fastpathDecodeTypeSwitch(iv, d) {
-			v := reflect.ValueOf(iv)
-			v = d.ensureDecodeable(v)
-			d.decodeValue(v, nil, false)
-			// d.decodeValueFallback(v)
-		}
-	}
-}
-
-func (d *Decoder) decodeValue(rv reflect.Value, fn *codecFn, chkAll bool) {
-	// If stream is not containing a nil value, then we can deref to the base
-	// non-pointer value, and decode into that.
-	var rvp reflect.Value
-	var rvpValid bool
-	if rv.Kind() == reflect.Ptr {
-		rvpValid = true
-		for {
-			if rv.IsNil() {
-				rv.Set(reflect.New(rv.Type().Elem()))
-			}
-			rvp = rv
-			rv = rv.Elem()
-			if rv.Kind() != reflect.Ptr {
-				break
-			}
-		}
-	}
-
-	if fn == nil {
-		// always pass checkCodecSelfer=true, in case T or ****T is passed, where *T is a Selfer
-		fn = d.cfer().get(rv.Type(), chkAll, true) // chkAll, chkAll)
-	}
-	if fn.i.addrD {
-		if rvpValid {
-			fn.fd(d, &fn.i, rvp)
-		} else if rv.CanAddr() {
-			fn.fd(d, &fn.i, rv.Addr())
-		} else if !fn.i.addrF {
-			fn.fd(d, &fn.i, rv)
-		} else {
-			d.errorf("cannot decode into a non-pointer value")
-		}
-	} else {
-		fn.fd(d, &fn.i, rv)
-	}
-	// return rv
-}
-
-func (d *Decoder) structFieldNotFound(index int, rvkencname string) {
-	// NOTE: rvkencname may be a stringView, so don't pass it to another function.
-	if d.h.ErrorIfNoField {
-		if index >= 0 {
-			d.errorf("no matching struct field found when decoding stream array at index %v", index)
-			return
-		} else if rvkencname != "" {
-			d.errorf("no matching struct field found when decoding stream map with key " + rvkencname)
-			return
-		}
-	}
-	d.swallow()
-}
-
-func (d *Decoder) arrayCannotExpand(sliceLen, streamLen int) {
-	if d.h.ErrorIfNoArrayExpand {
-		d.errorf("cannot expand array len during decode from %v to %v", sliceLen, streamLen)
-	}
-}
-
-func isDecodeable(rv reflect.Value) (rv2 reflect.Value, canDecode bool) {
-	switch rv.Kind() {
-	case reflect.Array:
-		return rv, true
-	case reflect.Ptr:
-		if !rv.IsNil() {
-			return rv.Elem(), true
-		}
-	case reflect.Slice, reflect.Chan, reflect.Map:
-		if !rv.IsNil() {
-			return rv, true
-		}
-	}
-	return
-}
-
-func (d *Decoder) ensureDecodeable(rv reflect.Value) (rv2 reflect.Value) {
-	// decode can take any reflect.Value that is a inherently addressable i.e.
-	//   - array
-	//   - non-nil chan    (we will SEND to it)
-	//   - non-nil slice   (we will set its elements)
-	//   - non-nil map     (we will put into it)
-	//   - non-nil pointer (we can "update" it)
-	rv2, canDecode := isDecodeable(rv)
-	if canDecode {
-		return
-	}
-	if !rv.IsValid() {
-		d.errorstr(errstrCannotDecodeIntoNil)
-		return
-	}
-	if !rv.CanInterface() {
-		d.errorf("cannot decode into a value without an interface: %v", rv)
-		return
-	}
-	rvi := rv2i(rv)
-	rvk := rv.Kind()
-	d.errorf("cannot decode into value of kind: %v, type: %T, %v", rvk, rvi, rvi)
-	return
-}
-
-// Possibly get an interned version of a string
-//
-// This should mostly be used for map keys, where the key type is string.
-// This is because keys of a map/struct are typically reused across many objects.
-func (d *Decoder) string(v []byte) (s string) {
-	if d.is == nil {
-		return string(v) // don't return stringView, as we need a real string here.
-	}
-	s, ok := d.is[string(v)] // no allocation here, per go implementation
-	if !ok {
-		s = string(v) // new allocation here
-		d.is[s] = s
-	}
-	return s
-}
-
-// nextValueBytes returns the next value in the stream as a set of bytes.
-func (d *Decoder) nextValueBytes() (bs []byte) {
-	d.d.uncacheRead()
-	d.r.track()
-	d.swallow()
-	bs = d.r.stopTrack()
-	return
-}
-
-func (d *Decoder) rawBytes() []byte {
-	// ensure that this is not a view into the bytes
-	// i.e. make new copy always.
-	bs := d.nextValueBytes()
-	bs2 := make([]byte, len(bs))
-	copy(bs2, bs)
-	return bs2
-}
-
-func (d *Decoder) wrapErrstr(v interface{}, err *error) {
-	*err = fmt.Errorf("%s decode error [pos %d]: %v", d.hh.Name(), d.r.numread(), v)
-}
-
-// --------------------------------------------------
-
-// decSliceHelper assists when decoding into a slice, from a map or an array in the stream.
-// A slice can be set from a map or array in stream. This supports the MapBySlice interface.
-type decSliceHelper struct {
-	d *Decoder
-	// ct valueType
-	array bool
-}
-
-func (d *Decoder) decSliceHelperStart() (x decSliceHelper, clen int) {
-	dd := d.d
-	ctyp := dd.ContainerType()
-	switch ctyp {
-	case valueTypeArray:
-		x.array = true
-		clen = dd.ReadArrayStart()
-	case valueTypeMap:
-		clen = dd.ReadMapStart() * 2
-	default:
-		d.errorf("only encoded map or array can be decoded into a slice (%d)", ctyp)
-	}
-	// x.ct = ctyp
-	x.d = d
-	return
-}
-
-func (x decSliceHelper) End() {
-	if x.array {
-		x.d.d.ReadArrayEnd()
-	} else {
-		x.d.d.ReadMapEnd()
-	}
-}
-
-func (x decSliceHelper) ElemContainerState(index int) {
-	if x.array {
-		x.d.d.ReadArrayElem()
-	} else if index%2 == 0 {
-		x.d.d.ReadMapElemKey()
-	} else {
-		x.d.d.ReadMapElemValue()
-	}
-}
-
-func decByteSlice(r decReader, clen, maxInitLen int, bs []byte) (bsOut []byte) {
-	if clen == 0 {
-		return zeroByteSlice
-	}
-	if len(bs) == clen {
-		bsOut = bs
-		r.readb(bsOut)
-	} else if cap(bs) >= clen {
-		bsOut = bs[:clen]
-		r.readb(bsOut)
-	} else {
-		// bsOut = make([]byte, clen)
-		len2 := decInferLen(clen, maxInitLen, 1)
-		bsOut = make([]byte, len2)
-		r.readb(bsOut)
-		for len2 < clen {
-			len3 := decInferLen(clen-len2, maxInitLen, 1)
-			bs3 := bsOut
-			bsOut = make([]byte, len2+len3)
-			copy(bsOut, bs3)
-			r.readb(bsOut[len2:])
-			len2 += len3
-		}
-	}
-	return
-}
-
-func detachZeroCopyBytes(isBytesReader bool, dest []byte, in []byte) (out []byte) {
-	if xlen := len(in); xlen > 0 {
-		if isBytesReader || xlen <= scratchByteArrayLen {
-			if cap(dest) >= xlen {
-				out = dest[:xlen]
-			} else {
-				out = make([]byte, xlen)
-			}
-			copy(out, in)
-			return
-		}
-	}
-	return in
-}
-
-// decInferLen will infer a sensible length, given the following:
-//    - clen: length wanted.
-//    - maxlen: max length to be returned.
-//      if <= 0, it is unset, and we infer it based on the unit size
-//    - unit: number of bytes for each element of the collection
-func decInferLen(clen, maxlen, unit int) (rvlen int) {
-	// handle when maxlen is not set i.e. <= 0
-	if clen <= 0 {
-		return
-	}
-	if unit == 0 {
-		return clen
-	}
-	if maxlen <= 0 {
-		// no maxlen defined. Use maximum of 256K memory, with a floor of 4K items.
-		// maxlen = 256 * 1024 / unit
-		// if maxlen < (4 * 1024) {
-		// 	maxlen = 4 * 1024
-		// }
-		if unit < (256 / 4) {
-			maxlen = 256 * 1024 / unit
-		} else {
-			maxlen = 4 * 1024
-		}
-	}
-	if clen > maxlen {
-		rvlen = maxlen
-	} else {
-		rvlen = clen
-	}
-	return
-}
-
-func expandSliceRV(s reflect.Value, st reflect.Type, canChange bool, stElemSize, num, slen, scap int) (
-	s2 reflect.Value, scap2 int, changed bool, err string) {
-	l1 := slen + num // new slice length
-	if l1 < slen {
-		err = errmsgExpandSliceOverflow
-		return
-	}
-	if l1 <= scap {
-		if s.CanSet() {
-			s.SetLen(l1)
-		} else if canChange {
-			s2 = s.Slice(0, l1)
-			scap2 = scap
-			changed = true
-		} else {
-			err = errmsgExpandSliceCannotChange
-			return
-		}
-		return
-	}
-	if !canChange {
-		err = errmsgExpandSliceCannotChange
-		return
-	}
-	scap2 = growCap(scap, stElemSize, num)
-	s2 = reflect.MakeSlice(st, l1, scap2)
-	changed = true
-	reflect.Copy(s2, s)
-	return
-}
-
-func decReadFull(r io.Reader, bs []byte) (n int, err error) {
-	var nn int
-	for n < len(bs) && err == nil {
-		nn, err = r.Read(bs[n:])
-		if nn > 0 {
-			if err == io.EOF {
-				// leave EOF for next time
-				err = nil
-			}
-			n += nn
-		}
-	}
-
-	// do not do this - it serves no purpose
-	// if n != len(bs) && err == io.EOF { err = io.ErrUnexpectedEOF }
-	return
-}
diff --git a/vendor/github.com/ugorji/go/codec/encode.go b/vendor/github.com/ugorji/go/codec/encode.go
deleted file mode 100644
index ef4652945fe98..0000000000000
--- a/vendor/github.com/ugorji/go/codec/encode.go
+++ /dev/null
@@ -1,1375 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"bufio"
-	"encoding"
-	"errors"
-	"fmt"
-	"io"
-	"reflect"
-	"sort"
-	"strconv"
-	"sync"
-	"time"
-)
-
-const defEncByteBufSize = 1 << 6 // 4:16, 6:64, 8:256, 10:1024
-
-var errEncoderNotInitialized = errors.New("Encoder not initialized")
-
-// encWriter abstracts writing to a byte array or to an io.Writer.
-type encWriter interface {
-	writeb([]byte)
-	writestr(string)
-	writen1(byte)
-	writen2(byte, byte)
-	atEndOfEncode()
-}
-
-// encDriver abstracts the actual codec (binc vs msgpack, etc)
-type encDriver interface {
-	EncodeNil()
-	EncodeInt(i int64)
-	EncodeUint(i uint64)
-	EncodeBool(b bool)
-	EncodeFloat32(f float32)
-	EncodeFloat64(f float64)
-	// encodeExtPreamble(xtag byte, length int)
-	EncodeRawExt(re *RawExt, e *Encoder)
-	EncodeExt(v interface{}, xtag uint64, ext Ext, e *Encoder)
-	EncodeString(c charEncoding, v string)
-	// EncodeSymbol(v string)
-	EncodeStringBytes(c charEncoding, v []byte)
-	EncodeTime(time.Time)
-	//encBignum(f *big.Int)
-	//encStringRunes(c charEncoding, v []rune)
-	WriteArrayStart(length int)
-	WriteArrayElem()
-	WriteArrayEnd()
-	WriteMapStart(length int)
-	WriteMapElemKey()
-	WriteMapElemValue()
-	WriteMapEnd()
-
-	reset()
-	atEndOfEncode()
-}
-
-type ioEncStringWriter interface {
-	WriteString(s string) (n int, err error)
-}
-
-type encDriverAsis interface {
-	EncodeAsis(v []byte)
-}
-
-type encDriverNoopContainerWriter struct{}
-
-func (encDriverNoopContainerWriter) WriteArrayStart(length int) {}
-func (encDriverNoopContainerWriter) WriteArrayElem()            {}
-func (encDriverNoopContainerWriter) WriteArrayEnd()             {}
-func (encDriverNoopContainerWriter) WriteMapStart(length int)   {}
-func (encDriverNoopContainerWriter) WriteMapElemKey()           {}
-func (encDriverNoopContainerWriter) WriteMapElemValue()         {}
-func (encDriverNoopContainerWriter) WriteMapEnd()               {}
-func (encDriverNoopContainerWriter) atEndOfEncode()             {}
-
-type encDriverTrackContainerWriter struct {
-	c containerState
-}
-
-func (e *encDriverTrackContainerWriter) WriteArrayStart(length int) { e.c = containerArrayStart }
-func (e *encDriverTrackContainerWriter) WriteArrayElem()            { e.c = containerArrayElem }
-func (e *encDriverTrackContainerWriter) WriteArrayEnd()             { e.c = containerArrayEnd }
-func (e *encDriverTrackContainerWriter) WriteMapStart(length int)   { e.c = containerMapStart }
-func (e *encDriverTrackContainerWriter) WriteMapElemKey()           { e.c = containerMapKey }
-func (e *encDriverTrackContainerWriter) WriteMapElemValue()         { e.c = containerMapValue }
-func (e *encDriverTrackContainerWriter) WriteMapEnd()               { e.c = containerMapEnd }
-func (e *encDriverTrackContainerWriter) atEndOfEncode()             {}
-
-// type ioEncWriterWriter interface {
-// 	WriteByte(c byte) error
-// 	WriteString(s string) (n int, err error)
-// 	Write(p []byte) (n int, err error)
-// }
-
-// EncodeOptions captures configuration options during encode.
-type EncodeOptions struct {
-	// WriterBufferSize is the size of the buffer used when writing.
-	//
-	// if > 0, we use a smart buffer internally for performance purposes.
-	WriterBufferSize int
-
-	// ChanRecvTimeout is the timeout used when selecting from a chan.
-	//
-	// Configuring this controls how we receive from a chan during the encoding process.
-	//   - If ==0, we only consume the elements currently available in the chan.
-	//   - if  <0, we consume until the chan is closed.
-	//   - If  >0, we consume until this timeout.
-	ChanRecvTimeout time.Duration
-
-	// StructToArray specifies to encode a struct as an array, and not as a map
-	StructToArray bool
-
-	// Canonical representation means that encoding a value will always result in the same
-	// sequence of bytes.
-	//
-	// This only affects maps, as the iteration order for maps is random.
-	//
-	// The implementation MAY use the natural sort order for the map keys if possible:
-	//
-	//     - If there is a natural sort order (ie for number, bool, string or []byte keys),
-	//       then the map keys are first sorted in natural order and then written
-	//       with corresponding map values to the strema.
-	//     - If there is no natural sort order, then the map keys will first be
-	//       encoded into []byte, and then sorted,
-	//       before writing the sorted keys and the corresponding map values to the stream.
-	//
-	Canonical bool
-
-	// CheckCircularRef controls whether we check for circular references
-	// and error fast during an encode.
-	//
-	// If enabled, an error is received if a pointer to a struct
-	// references itself either directly or through one of its fields (iteratively).
-	//
-	// This is opt-in, as there may be a performance hit to checking circular references.
-	CheckCircularRef bool
-
-	// RecursiveEmptyCheck controls whether we descend into interfaces, structs and pointers
-	// when checking if a value is empty.
-	//
-	// Note that this may make OmitEmpty more expensive, as it incurs a lot more reflect calls.
-	RecursiveEmptyCheck bool
-
-	// Raw controls whether we encode Raw values.
-	// This is a "dangerous" option and must be explicitly set.
-	// If set, we blindly encode Raw values as-is, without checking
-	// if they are a correct representation of a value in that format.
-	// If unset, we error out.
-	Raw bool
-
-	// // AsSymbols defines what should be encoded as symbols.
-	// //
-	// // Encoding as symbols can reduce the encoded size significantly.
-	// //
-	// // However, during decoding, each string to be encoded as a symbol must
-	// // be checked to see if it has been seen before. Consequently, encoding time
-	// // will increase if using symbols, because string comparisons has a clear cost.
-	// //
-	// // Sample values:
-	// //   AsSymbolNone
-	// //   AsSymbolAll
-	// //   AsSymbolMapStringKeys
-	// //   AsSymbolMapStringKeysFlag | AsSymbolStructFieldNameFlag
-	// AsSymbols AsSymbolFlag
-}
-
-// ---------------------------------------------
-
-// ioEncWriter implements encWriter and can write to an io.Writer implementation
-type ioEncWriter struct {
-	w  io.Writer
-	ww io.Writer
-	bw io.ByteWriter
-	sw ioEncStringWriter
-	fw ioFlusher
-	b  [8]byte
-}
-
-func (z *ioEncWriter) WriteByte(b byte) (err error) {
-	z.b[0] = b
-	_, err = z.w.Write(z.b[:1])
-	return
-}
-
-func (z *ioEncWriter) WriteString(s string) (n int, err error) {
-	return z.w.Write(bytesView(s))
-}
-
-func (z *ioEncWriter) writeb(bs []byte) {
-	if _, err := z.ww.Write(bs); err != nil {
-		panic(err)
-	}
-}
-
-func (z *ioEncWriter) writestr(s string) {
-	if _, err := z.sw.WriteString(s); err != nil {
-		panic(err)
-	}
-}
-
-func (z *ioEncWriter) writen1(b byte) {
-	if err := z.bw.WriteByte(b); err != nil {
-		panic(err)
-	}
-}
-
-func (z *ioEncWriter) writen2(b1, b2 byte) {
-	var err error
-	if err = z.bw.WriteByte(b1); err == nil {
-		if err = z.bw.WriteByte(b2); err == nil {
-			return
-		}
-	}
-	panic(err)
-}
-
-// func (z *ioEncWriter) writen5(b1, b2, b3, b4, b5 byte) {
-// 	z.b[0], z.b[1], z.b[2], z.b[3], z.b[4] = b1, b2, b3, b4, b5
-// 	if _, err := z.ww.Write(z.b[:5]); err != nil {
-// 		panic(err)
-// 	}
-// }
-
-func (z *ioEncWriter) atEndOfEncode() {
-	if z.fw != nil {
-		if err := z.fw.Flush(); err != nil {
-			panic(err)
-		}
-	}
-}
-
-// ---------------------------------------------
-
-// bytesEncAppender implements encWriter and can write to an byte slice.
-type bytesEncAppender struct {
-	b   []byte
-	out *[]byte
-}
-
-func (z *bytesEncAppender) writeb(s []byte) {
-	z.b = append(z.b, s...)
-}
-func (z *bytesEncAppender) writestr(s string) {
-	z.b = append(z.b, s...)
-}
-func (z *bytesEncAppender) writen1(b1 byte) {
-	z.b = append(z.b, b1)
-}
-func (z *bytesEncAppender) writen2(b1, b2 byte) {
-	z.b = append(z.b, b1, b2)
-}
-func (z *bytesEncAppender) atEndOfEncode() {
-	*(z.out) = z.b
-}
-func (z *bytesEncAppender) reset(in []byte, out *[]byte) {
-	z.b = in[:0]
-	z.out = out
-}
-
-// ---------------------------------------------
-
-func (e *Encoder) rawExt(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeRawExt(rv2i(rv).(*RawExt), e)
-}
-
-func (e *Encoder) ext(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeExt(rv2i(rv), f.xfTag, f.xfFn, e)
-}
-
-func (e *Encoder) selferMarshal(f *codecFnInfo, rv reflect.Value) {
-	rv2i(rv).(Selfer).CodecEncodeSelf(e)
-}
-
-func (e *Encoder) binaryMarshal(f *codecFnInfo, rv reflect.Value) {
-	bs, fnerr := rv2i(rv).(encoding.BinaryMarshaler).MarshalBinary()
-	e.marshal(bs, fnerr, false, cRAW)
-}
-
-func (e *Encoder) textMarshal(f *codecFnInfo, rv reflect.Value) {
-	bs, fnerr := rv2i(rv).(encoding.TextMarshaler).MarshalText()
-	e.marshal(bs, fnerr, false, cUTF8)
-}
-
-func (e *Encoder) jsonMarshal(f *codecFnInfo, rv reflect.Value) {
-	bs, fnerr := rv2i(rv).(jsonMarshaler).MarshalJSON()
-	e.marshal(bs, fnerr, true, cUTF8)
-}
-
-func (e *Encoder) raw(f *codecFnInfo, rv reflect.Value) {
-	e.rawBytes(rv2i(rv).(Raw))
-}
-
-func (e *Encoder) kInvalid(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeNil()
-}
-
-func (e *Encoder) kErr(f *codecFnInfo, rv reflect.Value) {
-	e.errorf("unsupported kind %s, for %#v", rv.Kind(), rv)
-}
-
-func (e *Encoder) kSlice(f *codecFnInfo, rv reflect.Value) {
-	ti := f.ti
-	ee := e.e
-	// array may be non-addressable, so we have to manage with care
-	//   (don't call rv.Bytes, rv.Slice, etc).
-	// E.g. type struct S{B [2]byte};
-	//   Encode(S{}) will bomb on "panic: slice of unaddressable array".
-	if f.seq != seqTypeArray {
-		if rv.IsNil() {
-			ee.EncodeNil()
-			return
-		}
-		// If in this method, then there was no extension function defined.
-		// So it's okay to treat as []byte.
-		if ti.rtid == uint8SliceTypId {
-			ee.EncodeStringBytes(cRAW, rv.Bytes())
-			return
-		}
-	}
-	if f.seq == seqTypeChan && ti.chandir&uint8(reflect.RecvDir) == 0 {
-		e.errorf("send-only channel cannot be encoded")
-	}
-	elemsep := e.esep
-	rtelem := ti.elem
-	rtelemIsByte := uint8TypId == rt2id(rtelem) // NOT rtelem.Kind() == reflect.Uint8
-	var l int
-	// if a slice, array or chan of bytes, treat specially
-	if rtelemIsByte {
-		switch f.seq {
-		case seqTypeSlice:
-			ee.EncodeStringBytes(cRAW, rv.Bytes())
-		case seqTypeArray:
-			l = rv.Len()
-			if rv.CanAddr() {
-				ee.EncodeStringBytes(cRAW, rv.Slice(0, l).Bytes())
-			} else {
-				var bs []byte
-				if l <= cap(e.b) {
-					bs = e.b[:l]
-				} else {
-					bs = make([]byte, l)
-				}
-				reflect.Copy(reflect.ValueOf(bs), rv)
-				ee.EncodeStringBytes(cRAW, bs)
-			}
-		case seqTypeChan:
-			// do not use range, so that the number of elements encoded
-			// does not change, and encoding does not hang waiting on someone to close chan.
-			// for b := range rv2i(rv).(<-chan byte) { bs = append(bs, b) }
-			// ch := rv2i(rv).(<-chan byte) // fix error - that this is a chan byte, not a <-chan byte.
-
-			if rv.IsNil() {
-				ee.EncodeNil()
-				break
-			}
-			bs := e.b[:0]
-			irv := rv2i(rv)
-			ch, ok := irv.(<-chan byte)
-			if !ok {
-				ch = irv.(chan byte)
-			}
-
-		L1:
-			switch timeout := e.h.ChanRecvTimeout; {
-			case timeout == 0: // only consume available
-				for {
-					select {
-					case b := <-ch:
-						bs = append(bs, b)
-					default:
-						break L1
-					}
-				}
-			case timeout > 0: // consume until timeout
-				tt := time.NewTimer(timeout)
-				for {
-					select {
-					case b := <-ch:
-						bs = append(bs, b)
-					case <-tt.C:
-						// close(tt.C)
-						break L1
-					}
-				}
-			default: // consume until close
-				for b := range ch {
-					bs = append(bs, b)
-				}
-			}
-
-			ee.EncodeStringBytes(cRAW, bs)
-		}
-		return
-	}
-
-	// if chan, consume chan into a slice, and work off that slice.
-	var rvcs reflect.Value
-	if f.seq == seqTypeChan {
-		rvcs = reflect.Zero(reflect.SliceOf(rtelem))
-		timeout := e.h.ChanRecvTimeout
-		if timeout < 0 { // consume until close
-			for {
-				recv, recvOk := rv.Recv()
-				if !recvOk {
-					break
-				}
-				rvcs = reflect.Append(rvcs, recv)
-			}
-		} else {
-			cases := make([]reflect.SelectCase, 2)
-			cases[0] = reflect.SelectCase{Dir: reflect.SelectRecv, Chan: rv}
-			if timeout == 0 {
-				cases[1] = reflect.SelectCase{Dir: reflect.SelectDefault}
-			} else {
-				tt := time.NewTimer(timeout)
-				cases[1] = reflect.SelectCase{Dir: reflect.SelectRecv, Chan: reflect.ValueOf(tt.C)}
-			}
-			for {
-				chosen, recv, recvOk := reflect.Select(cases)
-				if chosen == 1 || !recvOk {
-					break
-				}
-				rvcs = reflect.Append(rvcs, recv)
-			}
-		}
-		rv = rvcs // TODO: ensure this doesn't mess up anywhere that rv of kind chan is expected
-	}
-
-	l = rv.Len()
-	if ti.mbs {
-		if l%2 == 1 {
-			e.errorf("mapBySlice requires even slice length, but got %v", l)
-			return
-		}
-		ee.WriteMapStart(l / 2)
-	} else {
-		ee.WriteArrayStart(l)
-	}
-
-	if l > 0 {
-		var fn *codecFn
-		for rtelem.Kind() == reflect.Ptr {
-			rtelem = rtelem.Elem()
-		}
-		// if kind is reflect.Interface, do not pre-determine the
-		// encoding type, because preEncodeValue may break it down to
-		// a concrete type and kInterface will bomb.
-		if rtelem.Kind() != reflect.Interface {
-			fn = e.cfer().get(rtelem, true, true)
-		}
-		for j := 0; j < l; j++ {
-			if elemsep {
-				if ti.mbs {
-					if j%2 == 0 {
-						ee.WriteMapElemKey()
-					} else {
-						ee.WriteMapElemValue()
-					}
-				} else {
-					ee.WriteArrayElem()
-				}
-			}
-			e.encodeValue(rv.Index(j), fn, true)
-		}
-	}
-
-	if ti.mbs {
-		ee.WriteMapEnd()
-	} else {
-		ee.WriteArrayEnd()
-	}
-}
-
-func (e *Encoder) kStructNoOmitempty(f *codecFnInfo, rv reflect.Value) {
-	fti := f.ti
-	elemsep := e.esep
-	tisfi := fti.sfiSrc
-	toMap := !(fti.toArray || e.h.StructToArray)
-	if toMap {
-		tisfi = fti.sfiSort
-	}
-	ee := e.e
-
-	sfn := structFieldNode{v: rv, update: false}
-	if toMap {
-		ee.WriteMapStart(len(tisfi))
-		if elemsep {
-			for _, si := range tisfi {
-				ee.WriteMapElemKey()
-				// ee.EncodeString(cUTF8, si.encName)
-				encStructFieldKey(ee, fti.keyType, si.encName)
-				ee.WriteMapElemValue()
-				e.encodeValue(sfn.field(si), nil, true)
-			}
-		} else {
-			for _, si := range tisfi {
-				// ee.EncodeString(cUTF8, si.encName)
-				encStructFieldKey(ee, fti.keyType, si.encName)
-				e.encodeValue(sfn.field(si), nil, true)
-			}
-		}
-		ee.WriteMapEnd()
-	} else {
-		ee.WriteArrayStart(len(tisfi))
-		if elemsep {
-			for _, si := range tisfi {
-				ee.WriteArrayElem()
-				e.encodeValue(sfn.field(si), nil, true)
-			}
-		} else {
-			for _, si := range tisfi {
-				e.encodeValue(sfn.field(si), nil, true)
-			}
-		}
-		ee.WriteArrayEnd()
-	}
-}
-
-func encStructFieldKey(ee encDriver, keyType valueType, s string) {
-	var m must
-
-	// use if-else-if, not switch (which compiles to binary-search)
-	// since keyType is typically valueTypeString, branch prediction is pretty good.
-
-	if keyType == valueTypeString {
-		ee.EncodeString(cUTF8, s)
-	} else if keyType == valueTypeInt {
-		ee.EncodeInt(m.Int(strconv.ParseInt(s, 10, 64)))
-	} else if keyType == valueTypeUint {
-		ee.EncodeUint(m.Uint(strconv.ParseUint(s, 10, 64)))
-	} else if keyType == valueTypeFloat {
-		ee.EncodeFloat64(m.Float(strconv.ParseFloat(s, 64)))
-	} else {
-		ee.EncodeString(cUTF8, s)
-	}
-}
-
-func (e *Encoder) kStruct(f *codecFnInfo, rv reflect.Value) {
-	fti := f.ti
-	elemsep := e.esep
-	tisfi := fti.sfiSrc
-	toMap := !(fti.toArray || e.h.StructToArray)
-	// if toMap, use the sorted array. If toArray, use unsorted array (to match sequence in struct)
-	if toMap {
-		tisfi = fti.sfiSort
-	}
-	newlen := len(fti.sfiSort)
-	ee := e.e
-
-	// Use sync.Pool to reduce allocating slices unnecessarily.
-	// The cost of sync.Pool is less than the cost of new allocation.
-	//
-	// Each element of the array pools one of encStructPool(8|16|32|64).
-	// It allows the re-use of slices up to 64 in length.
-	// A performance cost of encoding structs was collecting
-	// which values were empty and should be omitted.
-	// We needed slices of reflect.Value and string to collect them.
-	// This shared pool reduces the amount of unnecessary creation we do.
-	// The cost is that of locking sometimes, but sync.Pool is efficient
-	// enough to reduce thread contention.
-
-	var spool *sync.Pool
-	var poolv interface{}
-	var fkvs []stringRv
-	// fmt.Printf(">>>>>>>>>>>>>> encode.kStruct: newlen: %d\n", newlen)
-	if newlen <= 8 {
-		spool, poolv = pool.stringRv8()
-		fkvs = poolv.(*[8]stringRv)[:newlen]
-	} else if newlen <= 16 {
-		spool, poolv = pool.stringRv16()
-		fkvs = poolv.(*[16]stringRv)[:newlen]
-	} else if newlen <= 32 {
-		spool, poolv = pool.stringRv32()
-		fkvs = poolv.(*[32]stringRv)[:newlen]
-	} else if newlen <= 64 {
-		spool, poolv = pool.stringRv64()
-		fkvs = poolv.(*[64]stringRv)[:newlen]
-	} else if newlen <= 128 {
-		spool, poolv = pool.stringRv128()
-		fkvs = poolv.(*[128]stringRv)[:newlen]
-	} else {
-		fkvs = make([]stringRv, newlen)
-	}
-
-	newlen = 0
-	var kv stringRv
-	recur := e.h.RecursiveEmptyCheck
-	sfn := structFieldNode{v: rv, update: false}
-	for _, si := range tisfi {
-		// kv.r = si.field(rv, false)
-		kv.r = sfn.field(si)
-		if toMap {
-			if si.omitEmpty() && isEmptyValue(kv.r, e.h.TypeInfos, recur, recur) {
-				continue
-			}
-			kv.v = si.encName
-		} else {
-			// use the zero value.
-			// if a reference or struct, set to nil (so you do not output too much)
-			if si.omitEmpty() && isEmptyValue(kv.r, e.h.TypeInfos, recur, recur) {
-				switch kv.r.Kind() {
-				case reflect.Struct, reflect.Interface, reflect.Ptr, reflect.Array, reflect.Map, reflect.Slice:
-					kv.r = reflect.Value{} //encode as nil
-				}
-			}
-		}
-		fkvs[newlen] = kv
-		newlen++
-	}
-
-	if toMap {
-		ee.WriteMapStart(newlen)
-		if elemsep {
-			for j := 0; j < newlen; j++ {
-				kv = fkvs[j]
-				ee.WriteMapElemKey()
-				// ee.EncodeString(cUTF8, kv.v)
-				encStructFieldKey(ee, fti.keyType, kv.v)
-				ee.WriteMapElemValue()
-				e.encodeValue(kv.r, nil, true)
-			}
-		} else {
-			for j := 0; j < newlen; j++ {
-				kv = fkvs[j]
-				// ee.EncodeString(cUTF8, kv.v)
-				encStructFieldKey(ee, fti.keyType, kv.v)
-				e.encodeValue(kv.r, nil, true)
-			}
-		}
-		ee.WriteMapEnd()
-	} else {
-		ee.WriteArrayStart(newlen)
-		if elemsep {
-			for j := 0; j < newlen; j++ {
-				ee.WriteArrayElem()
-				e.encodeValue(fkvs[j].r, nil, true)
-			}
-		} else {
-			for j := 0; j < newlen; j++ {
-				e.encodeValue(fkvs[j].r, nil, true)
-			}
-		}
-		ee.WriteArrayEnd()
-	}
-
-	// do not use defer. Instead, use explicit pool return at end of function.
-	// defer has a cost we are trying to avoid.
-	// If there is a panic and these slices are not returned, it is ok.
-	if spool != nil {
-		spool.Put(poolv)
-	}
-}
-
-func (e *Encoder) kMap(f *codecFnInfo, rv reflect.Value) {
-	ee := e.e
-	if rv.IsNil() {
-		ee.EncodeNil()
-		return
-	}
-
-	l := rv.Len()
-	ee.WriteMapStart(l)
-	elemsep := e.esep
-	if l == 0 {
-		ee.WriteMapEnd()
-		return
-	}
-	// var asSymbols bool
-	// determine the underlying key and val encFn's for the map.
-	// This eliminates some work which is done for each loop iteration i.e.
-	// rv.Type(), ref.ValueOf(rt).Pointer(), then check map/list for fn.
-	//
-	// However, if kind is reflect.Interface, do not pre-determine the
-	// encoding type, because preEncodeValue may break it down to
-	// a concrete type and kInterface will bomb.
-	var keyFn, valFn *codecFn
-	ti := f.ti
-	rtkey0 := ti.key
-	rtkey := rtkey0
-	rtval0 := ti.elem
-	rtval := rtval0
-	// rtkeyid := rt2id(rtkey0)
-	for rtval.Kind() == reflect.Ptr {
-		rtval = rtval.Elem()
-	}
-	if rtval.Kind() != reflect.Interface {
-		valFn = e.cfer().get(rtval, true, true)
-	}
-	mks := rv.MapKeys()
-
-	if e.h.Canonical {
-		e.kMapCanonical(rtkey, rv, mks, valFn)
-		ee.WriteMapEnd()
-		return
-	}
-
-	var keyTypeIsString = stringTypId == rt2id(rtkey0) // rtkeyid
-	if !keyTypeIsString {
-		for rtkey.Kind() == reflect.Ptr {
-			rtkey = rtkey.Elem()
-		}
-		if rtkey.Kind() != reflect.Interface {
-			// rtkeyid = rt2id(rtkey)
-			keyFn = e.cfer().get(rtkey, true, true)
-		}
-	}
-
-	// for j, lmks := 0, len(mks); j < lmks; j++ {
-	for j := range mks {
-		if elemsep {
-			ee.WriteMapElemKey()
-		}
-		if keyTypeIsString {
-			ee.EncodeString(cUTF8, mks[j].String())
-		} else {
-			e.encodeValue(mks[j], keyFn, true)
-		}
-		if elemsep {
-			ee.WriteMapElemValue()
-		}
-		e.encodeValue(rv.MapIndex(mks[j]), valFn, true)
-
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) kMapCanonical(rtkey reflect.Type, rv reflect.Value, mks []reflect.Value, valFn *codecFn) {
-	ee := e.e
-	elemsep := e.esep
-	// we previously did out-of-band if an extension was registered.
-	// This is not necessary, as the natural kind is sufficient for ordering.
-
-	switch rtkey.Kind() {
-	case reflect.Bool:
-		mksv := make([]boolRv, len(mks))
-		for i, k := range mks {
-			v := &mksv[i]
-			v.r = k
-			v.v = k.Bool()
-		}
-		sort.Sort(boolRvSlice(mksv))
-		for i := range mksv {
-			if elemsep {
-				ee.WriteMapElemKey()
-			}
-			ee.EncodeBool(mksv[i].v)
-			if elemsep {
-				ee.WriteMapElemValue()
-			}
-			e.encodeValue(rv.MapIndex(mksv[i].r), valFn, true)
-		}
-	case reflect.String:
-		mksv := make([]stringRv, len(mks))
-		for i, k := range mks {
-			v := &mksv[i]
-			v.r = k
-			v.v = k.String()
-		}
-		sort.Sort(stringRvSlice(mksv))
-		for i := range mksv {
-			if elemsep {
-				ee.WriteMapElemKey()
-			}
-			ee.EncodeString(cUTF8, mksv[i].v)
-			if elemsep {
-				ee.WriteMapElemValue()
-			}
-			e.encodeValue(rv.MapIndex(mksv[i].r), valFn, true)
-		}
-	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint, reflect.Uintptr:
-		mksv := make([]uintRv, len(mks))
-		for i, k := range mks {
-			v := &mksv[i]
-			v.r = k
-			v.v = k.Uint()
-		}
-		sort.Sort(uintRvSlice(mksv))
-		for i := range mksv {
-			if elemsep {
-				ee.WriteMapElemKey()
-			}
-			ee.EncodeUint(mksv[i].v)
-			if elemsep {
-				ee.WriteMapElemValue()
-			}
-			e.encodeValue(rv.MapIndex(mksv[i].r), valFn, true)
-		}
-	case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
-		mksv := make([]intRv, len(mks))
-		for i, k := range mks {
-			v := &mksv[i]
-			v.r = k
-			v.v = k.Int()
-		}
-		sort.Sort(intRvSlice(mksv))
-		for i := range mksv {
-			if elemsep {
-				ee.WriteMapElemKey()
-			}
-			ee.EncodeInt(mksv[i].v)
-			if elemsep {
-				ee.WriteMapElemValue()
-			}
-			e.encodeValue(rv.MapIndex(mksv[i].r), valFn, true)
-		}
-	case reflect.Float32:
-		mksv := make([]floatRv, len(mks))
-		for i, k := range mks {
-			v := &mksv[i]
-			v.r = k
-			v.v = k.Float()
-		}
-		sort.Sort(floatRvSlice(mksv))
-		for i := range mksv {
-			if elemsep {
-				ee.WriteMapElemKey()
-			}
-			ee.EncodeFloat32(float32(mksv[i].v))
-			if elemsep {
-				ee.WriteMapElemValue()
-			}
-			e.encodeValue(rv.MapIndex(mksv[i].r), valFn, true)
-		}
-	case reflect.Float64:
-		mksv := make([]floatRv, len(mks))
-		for i, k := range mks {
-			v := &mksv[i]
-			v.r = k
-			v.v = k.Float()
-		}
-		sort.Sort(floatRvSlice(mksv))
-		for i := range mksv {
-			if elemsep {
-				ee.WriteMapElemKey()
-			}
-			ee.EncodeFloat64(mksv[i].v)
-			if elemsep {
-				ee.WriteMapElemValue()
-			}
-			e.encodeValue(rv.MapIndex(mksv[i].r), valFn, true)
-		}
-	case reflect.Struct:
-		if rv.Type() == timeTyp {
-			mksv := make([]timeRv, len(mks))
-			for i, k := range mks {
-				v := &mksv[i]
-				v.r = k
-				v.v = rv2i(k).(time.Time)
-			}
-			sort.Sort(timeRvSlice(mksv))
-			for i := range mksv {
-				if elemsep {
-					ee.WriteMapElemKey()
-				}
-				ee.EncodeTime(mksv[i].v)
-				if elemsep {
-					ee.WriteMapElemValue()
-				}
-				e.encodeValue(rv.MapIndex(mksv[i].r), valFn, true)
-			}
-			break
-		}
-		fallthrough
-	default:
-		// out-of-band
-		// first encode each key to a []byte first, then sort them, then record
-		var mksv []byte = make([]byte, 0, len(mks)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		mksbv := make([]bytesRv, len(mks))
-		for i, k := range mks {
-			v := &mksbv[i]
-			l := len(mksv)
-			e2.MustEncode(k)
-			v.r = k
-			v.v = mksv[l:]
-		}
-		sort.Sort(bytesRvSlice(mksbv))
-		for j := range mksbv {
-			if elemsep {
-				ee.WriteMapElemKey()
-			}
-			e.asis(mksbv[j].v)
-			if elemsep {
-				ee.WriteMapElemValue()
-			}
-			e.encodeValue(rv.MapIndex(mksbv[j].r), valFn, true)
-		}
-	}
-}
-
-// // --------------------------------------------------
-
-type encWriterSwitch struct {
-	wi *ioEncWriter
-	// wb bytesEncWriter
-	wb   bytesEncAppender
-	wx   bool // if bytes, wx=true
-	esep bool // whether it has elem separators
-	isas bool // whether e.as != nil
-}
-
-// // TODO: Uncomment after mid-stack inlining enabled in go 1.11
-
-// func (z *encWriterSwitch) writeb(s []byte) {
-// 	if z.wx {
-// 		z.wb.writeb(s)
-// 	} else {
-// 		z.wi.writeb(s)
-// 	}
-// }
-// func (z *encWriterSwitch) writestr(s string) {
-// 	if z.wx {
-// 		z.wb.writestr(s)
-// 	} else {
-// 		z.wi.writestr(s)
-// 	}
-// }
-// func (z *encWriterSwitch) writen1(b1 byte) {
-// 	if z.wx {
-// 		z.wb.writen1(b1)
-// 	} else {
-// 		z.wi.writen1(b1)
-// 	}
-// }
-// func (z *encWriterSwitch) writen2(b1, b2 byte) {
-// 	if z.wx {
-// 		z.wb.writen2(b1, b2)
-// 	} else {
-// 		z.wi.writen2(b1, b2)
-// 	}
-// }
-
-// An Encoder writes an object to an output stream in the codec format.
-type Encoder struct {
-	panicHdl
-	// hopefully, reduce derefencing cost by laying the encWriter inside the Encoder
-	e encDriver
-	// NOTE: Encoder shouldn't call it's write methods,
-	// as the handler MAY need to do some coordination.
-	w encWriter
-
-	h  *BasicHandle
-	bw *bufio.Writer
-	as encDriverAsis
-
-	// ---- cpu cache line boundary?
-
-	// ---- cpu cache line boundary?
-	encWriterSwitch
-	err error
-
-	// ---- cpu cache line boundary?
-	codecFnPooler
-	ci set
-	js bool    // here, so that no need to piggy back on *codecFner for this
-	be bool    // here, so that no need to piggy back on *codecFner for this
-	_  [6]byte // padding
-
-	// ---- writable fields during execution --- *try* to keep in sep cache line
-
-	// ---- cpu cache line boundary?
-	// b [scratchByteArrayLen]byte
-	// _ [cacheLineSize - scratchByteArrayLen]byte // padding
-	b [cacheLineSize - 0]byte // used for encoding a chan or (non-addressable) array of bytes
-}
-
-// NewEncoder returns an Encoder for encoding into an io.Writer.
-//
-// For efficiency, Users are encouraged to pass in a memory buffered writer
-// (eg bufio.Writer, bytes.Buffer).
-func NewEncoder(w io.Writer, h Handle) *Encoder {
-	e := newEncoder(h)
-	e.Reset(w)
-	return e
-}
-
-// NewEncoderBytes returns an encoder for encoding directly and efficiently
-// into a byte slice, using zero-copying to temporary slices.
-//
-// It will potentially replace the output byte slice pointed to.
-// After encoding, the out parameter contains the encoded contents.
-func NewEncoderBytes(out *[]byte, h Handle) *Encoder {
-	e := newEncoder(h)
-	e.ResetBytes(out)
-	return e
-}
-
-func newEncoder(h Handle) *Encoder {
-	e := &Encoder{h: h.getBasicHandle(), err: errEncoderNotInitialized}
-	e.hh = h
-	e.esep = h.hasElemSeparators()
-	return e
-}
-
-func (e *Encoder) resetCommon() {
-	if e.e == nil || e.hh.recreateEncDriver(e.e) {
-		e.e = e.hh.newEncDriver(e)
-		e.as, e.isas = e.e.(encDriverAsis)
-		// e.cr, _ = e.e.(containerStateRecv)
-	}
-	e.be = e.hh.isBinary()
-	_, e.js = e.hh.(*JsonHandle)
-	e.e.reset()
-	e.err = nil
-}
-
-// Reset resets the Encoder with a new output stream.
-//
-// This accommodates using the state of the Encoder,
-// where it has "cached" information about sub-engines.
-func (e *Encoder) Reset(w io.Writer) {
-	if w == nil {
-		return
-	}
-	if e.wi == nil {
-		e.wi = new(ioEncWriter)
-	}
-	var ok bool
-	e.wx = false
-	e.wi.w = w
-	if e.h.WriterBufferSize > 0 {
-		e.bw = bufio.NewWriterSize(w, e.h.WriterBufferSize)
-		e.wi.bw = e.bw
-		e.wi.sw = e.bw
-		e.wi.fw = e.bw
-		e.wi.ww = e.bw
-	} else {
-		if e.wi.bw, ok = w.(io.ByteWriter); !ok {
-			e.wi.bw = e.wi
-		}
-		if e.wi.sw, ok = w.(ioEncStringWriter); !ok {
-			e.wi.sw = e.wi
-		}
-		e.wi.fw, _ = w.(ioFlusher)
-		e.wi.ww = w
-	}
-	e.w = e.wi
-	e.resetCommon()
-}
-
-// ResetBytes resets the Encoder with a new destination output []byte.
-func (e *Encoder) ResetBytes(out *[]byte) {
-	if out == nil {
-		return
-	}
-	var in []byte
-	if out != nil {
-		in = *out
-	}
-	if in == nil {
-		in = make([]byte, defEncByteBufSize)
-	}
-	e.wx = true
-	e.wb.reset(in, out)
-	e.w = &e.wb
-	e.resetCommon()
-}
-
-// Encode writes an object into a stream.
-//
-// Encoding can be configured via the struct tag for the fields.
-// The key (in the struct tags) that we look at is configurable.
-//
-// By default, we look up the "codec" key in the struct field's tags,
-// and fall bak to the "json" key if "codec" is absent.
-// That key in struct field's tag value is the key name,
-// followed by an optional comma and options.
-//
-// To set an option on all fields (e.g. omitempty on all fields), you
-// can create a field called _struct, and set flags on it. The options
-// which can be set on _struct are:
-//    - omitempty: so all fields are omitted if empty
-//    - toarray: so struct is encoded as an array
-//    - int: so struct key names are encoded as signed integers (instead of strings)
-//    - uint: so struct key names are encoded as unsigned integers (instead of strings)
-//    - float: so struct key names are encoded as floats (instead of strings)
-// More details on these below.
-//
-// Struct values "usually" encode as maps. Each exported struct field is encoded unless:
-//    - the field's tag is "-", OR
-//    - the field is empty (empty or the zero value) and its tag specifies the "omitempty" option.
-//
-// When encoding as a map, the first string in the tag (before the comma)
-// is the map key string to use when encoding.
-// ...
-// This key is typically encoded as a string.
-// However, there are instances where the encoded stream has mapping keys encoded as numbers.
-// For example, some cbor streams have keys as integer codes in the stream, but they should map
-// to fields in a structured object. Consequently, a struct is the natural representation in code.
-// For these, configure the struct to encode/decode the keys as numbers (instead of string).
-// This is done with the int,uint or float option on the _struct field (see above).
-//
-// However, struct values may encode as arrays. This happens when:
-//    - StructToArray Encode option is set, OR
-//    - the tag on the _struct field sets the "toarray" option
-// Note that omitempty is ignored when encoding struct values as arrays,
-// as an entry must be encoded for each field, to maintain its position.
-//
-// Values with types that implement MapBySlice are encoded as stream maps.
-//
-// The empty values (for omitempty option) are false, 0, any nil pointer
-// or interface value, and any array, slice, map, or string of length zero.
-//
-// Anonymous fields are encoded inline except:
-//    - the struct tag specifies a replacement name (first value)
-//    - the field is of an interface type
-//
-// Examples:
-//
-//      // NOTE: 'json:' can be used as struct tag key, in place 'codec:' below.
-//      type MyStruct struct {
-//          _struct bool    `codec:",omitempty"`   //set omitempty for every field
-//          Field1 string   `codec:"-"`            //skip this field
-//          Field2 int      `codec:"myName"`       //Use key "myName" in encode stream
-//          Field3 int32    `codec:",omitempty"`   //use key "Field3". Omit if empty.
-//          Field4 bool     `codec:"f4,omitempty"` //use key "f4". Omit if empty.
-//          io.Reader                              //use key "Reader".
-//          MyStruct        `codec:"my1"           //use key "my1".
-//          MyStruct                               //inline it
-//          ...
-//      }
-//
-//      type MyStruct struct {
-//          _struct bool    `codec:",toarray"`     //encode struct as an array
-//      }
-//
-//      type MyStruct struct {
-//          _struct bool    `codec:",uint"`        //encode struct with "unsigned integer" keys
-//          Field1 string   `codec:"1"`            //encode Field1 key using: EncodeInt(1)
-//          Field2 string   `codec:"2"`            //encode Field2 key using: EncodeInt(2)
-//      }
-//
-// The mode of encoding is based on the type of the value. When a value is seen:
-//   - If a Selfer, call its CodecEncodeSelf method
-//   - If an extension is registered for it, call that extension function
-//   - If implements encoding.(Binary|Text|JSON)Marshaler, call Marshal(Binary|Text|JSON) method
-//   - Else encode it based on its reflect.Kind
-//
-// Note that struct field names and keys in map[string]XXX will be treated as symbols.
-// Some formats support symbols (e.g. binc) and will properly encode the string
-// only once in the stream, and use a tag to refer to it thereafter.
-func (e *Encoder) Encode(v interface{}) (err error) {
-	defer e.deferred(&err)
-	e.MustEncode(v)
-	return
-}
-
-// MustEncode is like Encode, but panics if unable to Encode.
-// This provides insight to the code location that triggered the error.
-func (e *Encoder) MustEncode(v interface{}) {
-	if e.err != nil {
-		panic(e.err)
-	}
-	e.encode(v)
-	e.e.atEndOfEncode()
-	e.w.atEndOfEncode()
-	e.alwaysAtEnd()
-}
-
-func (e *Encoder) deferred(err1 *error) {
-	e.alwaysAtEnd()
-	if recoverPanicToErr {
-		if x := recover(); x != nil {
-			panicValToErr(e, x, err1)
-			panicValToErr(e, x, &e.err)
-		}
-	}
-}
-
-// func (e *Encoder) alwaysAtEnd() {
-// 	e.codecFnPooler.alwaysAtEnd()
-// }
-
-func (e *Encoder) encode(iv interface{}) {
-	if iv == nil || definitelyNil(iv) {
-		e.e.EncodeNil()
-		return
-	}
-	if v, ok := iv.(Selfer); ok {
-		v.CodecEncodeSelf(e)
-		return
-	}
-
-	// a switch with only concrete types can be optimized.
-	// consequently, we deal with nil and interfaces outside.
-
-	switch v := iv.(type) {
-	case Raw:
-		e.rawBytes(v)
-	case reflect.Value:
-		e.encodeValue(v, nil, true)
-
-	case string:
-		e.e.EncodeString(cUTF8, v)
-	case bool:
-		e.e.EncodeBool(v)
-	case int:
-		e.e.EncodeInt(int64(v))
-	case int8:
-		e.e.EncodeInt(int64(v))
-	case int16:
-		e.e.EncodeInt(int64(v))
-	case int32:
-		e.e.EncodeInt(int64(v))
-	case int64:
-		e.e.EncodeInt(v)
-	case uint:
-		e.e.EncodeUint(uint64(v))
-	case uint8:
-		e.e.EncodeUint(uint64(v))
-	case uint16:
-		e.e.EncodeUint(uint64(v))
-	case uint32:
-		e.e.EncodeUint(uint64(v))
-	case uint64:
-		e.e.EncodeUint(v)
-	case uintptr:
-		e.e.EncodeUint(uint64(v))
-	case float32:
-		e.e.EncodeFloat32(v)
-	case float64:
-		e.e.EncodeFloat64(v)
-	case time.Time:
-		e.e.EncodeTime(v)
-	case []uint8:
-		e.e.EncodeStringBytes(cRAW, v)
-
-	case *Raw:
-		e.rawBytes(*v)
-
-	case *string:
-		e.e.EncodeString(cUTF8, *v)
-	case *bool:
-		e.e.EncodeBool(*v)
-	case *int:
-		e.e.EncodeInt(int64(*v))
-	case *int8:
-		e.e.EncodeInt(int64(*v))
-	case *int16:
-		e.e.EncodeInt(int64(*v))
-	case *int32:
-		e.e.EncodeInt(int64(*v))
-	case *int64:
-		e.e.EncodeInt(*v)
-	case *uint:
-		e.e.EncodeUint(uint64(*v))
-	case *uint8:
-		e.e.EncodeUint(uint64(*v))
-	case *uint16:
-		e.e.EncodeUint(uint64(*v))
-	case *uint32:
-		e.e.EncodeUint(uint64(*v))
-	case *uint64:
-		e.e.EncodeUint(*v)
-	case *uintptr:
-		e.e.EncodeUint(uint64(*v))
-	case *float32:
-		e.e.EncodeFloat32(*v)
-	case *float64:
-		e.e.EncodeFloat64(*v)
-	case *time.Time:
-		e.e.EncodeTime(*v)
-
-	case *[]uint8:
-		e.e.EncodeStringBytes(cRAW, *v)
-
-	default:
-		if !fastpathEncodeTypeSwitch(iv, e) {
-			// checkfastpath=true (not false), as underlying slice/map type may be fast-path
-			e.encodeValue(reflect.ValueOf(iv), nil, true)
-		}
-	}
-}
-
-func (e *Encoder) encodeValue(rv reflect.Value, fn *codecFn, checkFastpath bool) {
-	// if a valid fn is passed, it MUST BE for the dereferenced type of rv
-	var sptr uintptr
-	var rvp reflect.Value
-	var rvpValid bool
-TOP:
-	switch rv.Kind() {
-	case reflect.Ptr:
-		if rv.IsNil() {
-			e.e.EncodeNil()
-			return
-		}
-		rvpValid = true
-		rvp = rv
-		rv = rv.Elem()
-		if e.h.CheckCircularRef && rv.Kind() == reflect.Struct {
-			// TODO: Movable pointers will be an issue here. Future problem.
-			sptr = rv.UnsafeAddr()
-			break TOP
-		}
-		goto TOP
-	case reflect.Interface:
-		if rv.IsNil() {
-			e.e.EncodeNil()
-			return
-		}
-		rv = rv.Elem()
-		goto TOP
-	case reflect.Slice, reflect.Map:
-		if rv.IsNil() {
-			e.e.EncodeNil()
-			return
-		}
-	case reflect.Invalid, reflect.Func:
-		e.e.EncodeNil()
-		return
-	}
-
-	if sptr != 0 && (&e.ci).add(sptr) {
-		e.errorf("circular reference found: # %d", sptr)
-	}
-
-	if fn == nil {
-		rt := rv.Type()
-		// always pass checkCodecSelfer=true, in case T or ****T is passed, where *T is a Selfer
-		fn = e.cfer().get(rt, checkFastpath, true)
-	}
-	if fn.i.addrE {
-		if rvpValid {
-			fn.fe(e, &fn.i, rvp)
-		} else if rv.CanAddr() {
-			fn.fe(e, &fn.i, rv.Addr())
-		} else {
-			rv2 := reflect.New(rv.Type())
-			rv2.Elem().Set(rv)
-			fn.fe(e, &fn.i, rv2)
-		}
-	} else {
-		fn.fe(e, &fn.i, rv)
-	}
-	if sptr != 0 {
-		(&e.ci).remove(sptr)
-	}
-}
-
-func (e *Encoder) marshal(bs []byte, fnerr error, asis bool, c charEncoding) {
-	if fnerr != nil {
-		panic(fnerr)
-	}
-	if bs == nil {
-		e.e.EncodeNil()
-	} else if asis {
-		e.asis(bs)
-	} else {
-		e.e.EncodeStringBytes(c, bs)
-	}
-}
-
-func (e *Encoder) asis(v []byte) {
-	if e.isas {
-		e.as.EncodeAsis(v)
-	} else {
-		e.w.writeb(v)
-	}
-}
-
-func (e *Encoder) rawBytes(vv Raw) {
-	v := []byte(vv)
-	if !e.h.Raw {
-		e.errorf("Raw values cannot be encoded: %v", v)
-	}
-	e.asis(v)
-}
-
-func (e *Encoder) wrapErrstr(v interface{}, err *error) {
-	*err = fmt.Errorf("%s encode error: %v", e.hh.Name(), v)
-}
diff --git a/vendor/github.com/ugorji/go/codec/fast-path.generated.go b/vendor/github.com/ugorji/go/codec/fast-path.generated.go
deleted file mode 100644
index 87f2562f65403..0000000000000
--- a/vendor/github.com/ugorji/go/codec/fast-path.generated.go
+++ /dev/null
@@ -1,34522 +0,0 @@
-// +build !notfastpath
-
-// Copyright (c) 2012-2015 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// Code generated from fast-path.go.tmpl - DO NOT EDIT.
-
-package codec
-
-// Fast path functions try to create a fast path encode or decode implementation
-// for common maps and slices.
-//
-// We define the functions and register then in this single file
-// so as not to pollute the encode.go and decode.go, and create a dependency in there.
-// This file can be omitted without causing a build failure.
-//
-// The advantage of fast paths is:
-//	  - Many calls bypass reflection altogether
-//
-// Currently support
-//	  - slice of all builtin types,
-//	  - map of all builtin types to string or interface value
-//	  - symmetrical maps of all builtin types (e.g. str-str, uint8-uint8)
-// This should provide adequate "typical" implementations.
-//
-// Note that fast track decode functions must handle values for which an address cannot be obtained.
-// For example:
-//	 m2 := map[string]int{}
-//	 p2 := []interface{}{m2}
-//	 // decoding into p2 will bomb if fast track functions do not treat like unaddressable.
-//
-
-import (
-	"reflect"
-	"sort"
-)
-
-const fastpathEnabled = true
-
-type fastpathT struct{}
-
-var fastpathTV fastpathT
-
-type fastpathE struct {
-	rtid  uintptr
-	rt    reflect.Type
-	encfn func(*Encoder, *codecFnInfo, reflect.Value)
-	decfn func(*Decoder, *codecFnInfo, reflect.Value)
-}
-
-type fastpathA [271]fastpathE
-
-func (x *fastpathA) index(rtid uintptr) int {
-	// use binary search to grab the index (adapted from sort/search.go)
-	h, i, j := 0, 0, 271 // len(x)
-	for i < j {
-		h = i + (j-i)/2
-		if x[h].rtid < rtid {
-			i = h + 1
-		} else {
-			j = h
-		}
-	}
-	if i < 271 && x[i].rtid == rtid {
-		return i
-	}
-	return -1
-}
-
-type fastpathAslice []fastpathE
-
-func (x fastpathAslice) Len() int           { return len(x) }
-func (x fastpathAslice) Less(i, j int) bool { return x[i].rtid < x[j].rtid }
-func (x fastpathAslice) Swap(i, j int)      { x[i], x[j] = x[j], x[i] }
-
-var fastpathAV fastpathA
-
-// due to possible initialization loop error, make fastpath in an init()
-func init() {
-	i := 0
-	fn := func(v interface{},
-		fe func(*Encoder, *codecFnInfo, reflect.Value),
-		fd func(*Decoder, *codecFnInfo, reflect.Value)) (f fastpathE) {
-		xrt := reflect.TypeOf(v)
-		xptr := rt2id(xrt)
-		fastpathAV[i] = fastpathE{xptr, xrt, fe, fd}
-		i++
-		return
-	}
-
-	fn([]interface{}(nil), (*Encoder).fastpathEncSliceIntfR, (*Decoder).fastpathDecSliceIntfR)
-	fn([]string(nil), (*Encoder).fastpathEncSliceStringR, (*Decoder).fastpathDecSliceStringR)
-	fn([]float32(nil), (*Encoder).fastpathEncSliceFloat32R, (*Decoder).fastpathDecSliceFloat32R)
-	fn([]float64(nil), (*Encoder).fastpathEncSliceFloat64R, (*Decoder).fastpathDecSliceFloat64R)
-	fn([]uint(nil), (*Encoder).fastpathEncSliceUintR, (*Decoder).fastpathDecSliceUintR)
-	fn([]uint16(nil), (*Encoder).fastpathEncSliceUint16R, (*Decoder).fastpathDecSliceUint16R)
-	fn([]uint32(nil), (*Encoder).fastpathEncSliceUint32R, (*Decoder).fastpathDecSliceUint32R)
-	fn([]uint64(nil), (*Encoder).fastpathEncSliceUint64R, (*Decoder).fastpathDecSliceUint64R)
-	fn([]uintptr(nil), (*Encoder).fastpathEncSliceUintptrR, (*Decoder).fastpathDecSliceUintptrR)
-	fn([]int(nil), (*Encoder).fastpathEncSliceIntR, (*Decoder).fastpathDecSliceIntR)
-	fn([]int8(nil), (*Encoder).fastpathEncSliceInt8R, (*Decoder).fastpathDecSliceInt8R)
-	fn([]int16(nil), (*Encoder).fastpathEncSliceInt16R, (*Decoder).fastpathDecSliceInt16R)
-	fn([]int32(nil), (*Encoder).fastpathEncSliceInt32R, (*Decoder).fastpathDecSliceInt32R)
-	fn([]int64(nil), (*Encoder).fastpathEncSliceInt64R, (*Decoder).fastpathDecSliceInt64R)
-	fn([]bool(nil), (*Encoder).fastpathEncSliceBoolR, (*Decoder).fastpathDecSliceBoolR)
-
-	fn(map[interface{}]interface{}(nil), (*Encoder).fastpathEncMapIntfIntfR, (*Decoder).fastpathDecMapIntfIntfR)
-	fn(map[interface{}]string(nil), (*Encoder).fastpathEncMapIntfStringR, (*Decoder).fastpathDecMapIntfStringR)
-	fn(map[interface{}]uint(nil), (*Encoder).fastpathEncMapIntfUintR, (*Decoder).fastpathDecMapIntfUintR)
-	fn(map[interface{}]uint8(nil), (*Encoder).fastpathEncMapIntfUint8R, (*Decoder).fastpathDecMapIntfUint8R)
-	fn(map[interface{}]uint16(nil), (*Encoder).fastpathEncMapIntfUint16R, (*Decoder).fastpathDecMapIntfUint16R)
-	fn(map[interface{}]uint32(nil), (*Encoder).fastpathEncMapIntfUint32R, (*Decoder).fastpathDecMapIntfUint32R)
-	fn(map[interface{}]uint64(nil), (*Encoder).fastpathEncMapIntfUint64R, (*Decoder).fastpathDecMapIntfUint64R)
-	fn(map[interface{}]uintptr(nil), (*Encoder).fastpathEncMapIntfUintptrR, (*Decoder).fastpathDecMapIntfUintptrR)
-	fn(map[interface{}]int(nil), (*Encoder).fastpathEncMapIntfIntR, (*Decoder).fastpathDecMapIntfIntR)
-	fn(map[interface{}]int8(nil), (*Encoder).fastpathEncMapIntfInt8R, (*Decoder).fastpathDecMapIntfInt8R)
-	fn(map[interface{}]int16(nil), (*Encoder).fastpathEncMapIntfInt16R, (*Decoder).fastpathDecMapIntfInt16R)
-	fn(map[interface{}]int32(nil), (*Encoder).fastpathEncMapIntfInt32R, (*Decoder).fastpathDecMapIntfInt32R)
-	fn(map[interface{}]int64(nil), (*Encoder).fastpathEncMapIntfInt64R, (*Decoder).fastpathDecMapIntfInt64R)
-	fn(map[interface{}]float32(nil), (*Encoder).fastpathEncMapIntfFloat32R, (*Decoder).fastpathDecMapIntfFloat32R)
-	fn(map[interface{}]float64(nil), (*Encoder).fastpathEncMapIntfFloat64R, (*Decoder).fastpathDecMapIntfFloat64R)
-	fn(map[interface{}]bool(nil), (*Encoder).fastpathEncMapIntfBoolR, (*Decoder).fastpathDecMapIntfBoolR)
-	fn(map[string]interface{}(nil), (*Encoder).fastpathEncMapStringIntfR, (*Decoder).fastpathDecMapStringIntfR)
-	fn(map[string]string(nil), (*Encoder).fastpathEncMapStringStringR, (*Decoder).fastpathDecMapStringStringR)
-	fn(map[string]uint(nil), (*Encoder).fastpathEncMapStringUintR, (*Decoder).fastpathDecMapStringUintR)
-	fn(map[string]uint8(nil), (*Encoder).fastpathEncMapStringUint8R, (*Decoder).fastpathDecMapStringUint8R)
-	fn(map[string]uint16(nil), (*Encoder).fastpathEncMapStringUint16R, (*Decoder).fastpathDecMapStringUint16R)
-	fn(map[string]uint32(nil), (*Encoder).fastpathEncMapStringUint32R, (*Decoder).fastpathDecMapStringUint32R)
-	fn(map[string]uint64(nil), (*Encoder).fastpathEncMapStringUint64R, (*Decoder).fastpathDecMapStringUint64R)
-	fn(map[string]uintptr(nil), (*Encoder).fastpathEncMapStringUintptrR, (*Decoder).fastpathDecMapStringUintptrR)
-	fn(map[string]int(nil), (*Encoder).fastpathEncMapStringIntR, (*Decoder).fastpathDecMapStringIntR)
-	fn(map[string]int8(nil), (*Encoder).fastpathEncMapStringInt8R, (*Decoder).fastpathDecMapStringInt8R)
-	fn(map[string]int16(nil), (*Encoder).fastpathEncMapStringInt16R, (*Decoder).fastpathDecMapStringInt16R)
-	fn(map[string]int32(nil), (*Encoder).fastpathEncMapStringInt32R, (*Decoder).fastpathDecMapStringInt32R)
-	fn(map[string]int64(nil), (*Encoder).fastpathEncMapStringInt64R, (*Decoder).fastpathDecMapStringInt64R)
-	fn(map[string]float32(nil), (*Encoder).fastpathEncMapStringFloat32R, (*Decoder).fastpathDecMapStringFloat32R)
-	fn(map[string]float64(nil), (*Encoder).fastpathEncMapStringFloat64R, (*Decoder).fastpathDecMapStringFloat64R)
-	fn(map[string]bool(nil), (*Encoder).fastpathEncMapStringBoolR, (*Decoder).fastpathDecMapStringBoolR)
-	fn(map[float32]interface{}(nil), (*Encoder).fastpathEncMapFloat32IntfR, (*Decoder).fastpathDecMapFloat32IntfR)
-	fn(map[float32]string(nil), (*Encoder).fastpathEncMapFloat32StringR, (*Decoder).fastpathDecMapFloat32StringR)
-	fn(map[float32]uint(nil), (*Encoder).fastpathEncMapFloat32UintR, (*Decoder).fastpathDecMapFloat32UintR)
-	fn(map[float32]uint8(nil), (*Encoder).fastpathEncMapFloat32Uint8R, (*Decoder).fastpathDecMapFloat32Uint8R)
-	fn(map[float32]uint16(nil), (*Encoder).fastpathEncMapFloat32Uint16R, (*Decoder).fastpathDecMapFloat32Uint16R)
-	fn(map[float32]uint32(nil), (*Encoder).fastpathEncMapFloat32Uint32R, (*Decoder).fastpathDecMapFloat32Uint32R)
-	fn(map[float32]uint64(nil), (*Encoder).fastpathEncMapFloat32Uint64R, (*Decoder).fastpathDecMapFloat32Uint64R)
-	fn(map[float32]uintptr(nil), (*Encoder).fastpathEncMapFloat32UintptrR, (*Decoder).fastpathDecMapFloat32UintptrR)
-	fn(map[float32]int(nil), (*Encoder).fastpathEncMapFloat32IntR, (*Decoder).fastpathDecMapFloat32IntR)
-	fn(map[float32]int8(nil), (*Encoder).fastpathEncMapFloat32Int8R, (*Decoder).fastpathDecMapFloat32Int8R)
-	fn(map[float32]int16(nil), (*Encoder).fastpathEncMapFloat32Int16R, (*Decoder).fastpathDecMapFloat32Int16R)
-	fn(map[float32]int32(nil), (*Encoder).fastpathEncMapFloat32Int32R, (*Decoder).fastpathDecMapFloat32Int32R)
-	fn(map[float32]int64(nil), (*Encoder).fastpathEncMapFloat32Int64R, (*Decoder).fastpathDecMapFloat32Int64R)
-	fn(map[float32]float32(nil), (*Encoder).fastpathEncMapFloat32Float32R, (*Decoder).fastpathDecMapFloat32Float32R)
-	fn(map[float32]float64(nil), (*Encoder).fastpathEncMapFloat32Float64R, (*Decoder).fastpathDecMapFloat32Float64R)
-	fn(map[float32]bool(nil), (*Encoder).fastpathEncMapFloat32BoolR, (*Decoder).fastpathDecMapFloat32BoolR)
-	fn(map[float64]interface{}(nil), (*Encoder).fastpathEncMapFloat64IntfR, (*Decoder).fastpathDecMapFloat64IntfR)
-	fn(map[float64]string(nil), (*Encoder).fastpathEncMapFloat64StringR, (*Decoder).fastpathDecMapFloat64StringR)
-	fn(map[float64]uint(nil), (*Encoder).fastpathEncMapFloat64UintR, (*Decoder).fastpathDecMapFloat64UintR)
-	fn(map[float64]uint8(nil), (*Encoder).fastpathEncMapFloat64Uint8R, (*Decoder).fastpathDecMapFloat64Uint8R)
-	fn(map[float64]uint16(nil), (*Encoder).fastpathEncMapFloat64Uint16R, (*Decoder).fastpathDecMapFloat64Uint16R)
-	fn(map[float64]uint32(nil), (*Encoder).fastpathEncMapFloat64Uint32R, (*Decoder).fastpathDecMapFloat64Uint32R)
-	fn(map[float64]uint64(nil), (*Encoder).fastpathEncMapFloat64Uint64R, (*Decoder).fastpathDecMapFloat64Uint64R)
-	fn(map[float64]uintptr(nil), (*Encoder).fastpathEncMapFloat64UintptrR, (*Decoder).fastpathDecMapFloat64UintptrR)
-	fn(map[float64]int(nil), (*Encoder).fastpathEncMapFloat64IntR, (*Decoder).fastpathDecMapFloat64IntR)
-	fn(map[float64]int8(nil), (*Encoder).fastpathEncMapFloat64Int8R, (*Decoder).fastpathDecMapFloat64Int8R)
-	fn(map[float64]int16(nil), (*Encoder).fastpathEncMapFloat64Int16R, (*Decoder).fastpathDecMapFloat64Int16R)
-	fn(map[float64]int32(nil), (*Encoder).fastpathEncMapFloat64Int32R, (*Decoder).fastpathDecMapFloat64Int32R)
-	fn(map[float64]int64(nil), (*Encoder).fastpathEncMapFloat64Int64R, (*Decoder).fastpathDecMapFloat64Int64R)
-	fn(map[float64]float32(nil), (*Encoder).fastpathEncMapFloat64Float32R, (*Decoder).fastpathDecMapFloat64Float32R)
-	fn(map[float64]float64(nil), (*Encoder).fastpathEncMapFloat64Float64R, (*Decoder).fastpathDecMapFloat64Float64R)
-	fn(map[float64]bool(nil), (*Encoder).fastpathEncMapFloat64BoolR, (*Decoder).fastpathDecMapFloat64BoolR)
-	fn(map[uint]interface{}(nil), (*Encoder).fastpathEncMapUintIntfR, (*Decoder).fastpathDecMapUintIntfR)
-	fn(map[uint]string(nil), (*Encoder).fastpathEncMapUintStringR, (*Decoder).fastpathDecMapUintStringR)
-	fn(map[uint]uint(nil), (*Encoder).fastpathEncMapUintUintR, (*Decoder).fastpathDecMapUintUintR)
-	fn(map[uint]uint8(nil), (*Encoder).fastpathEncMapUintUint8R, (*Decoder).fastpathDecMapUintUint8R)
-	fn(map[uint]uint16(nil), (*Encoder).fastpathEncMapUintUint16R, (*Decoder).fastpathDecMapUintUint16R)
-	fn(map[uint]uint32(nil), (*Encoder).fastpathEncMapUintUint32R, (*Decoder).fastpathDecMapUintUint32R)
-	fn(map[uint]uint64(nil), (*Encoder).fastpathEncMapUintUint64R, (*Decoder).fastpathDecMapUintUint64R)
-	fn(map[uint]uintptr(nil), (*Encoder).fastpathEncMapUintUintptrR, (*Decoder).fastpathDecMapUintUintptrR)
-	fn(map[uint]int(nil), (*Encoder).fastpathEncMapUintIntR, (*Decoder).fastpathDecMapUintIntR)
-	fn(map[uint]int8(nil), (*Encoder).fastpathEncMapUintInt8R, (*Decoder).fastpathDecMapUintInt8R)
-	fn(map[uint]int16(nil), (*Encoder).fastpathEncMapUintInt16R, (*Decoder).fastpathDecMapUintInt16R)
-	fn(map[uint]int32(nil), (*Encoder).fastpathEncMapUintInt32R, (*Decoder).fastpathDecMapUintInt32R)
-	fn(map[uint]int64(nil), (*Encoder).fastpathEncMapUintInt64R, (*Decoder).fastpathDecMapUintInt64R)
-	fn(map[uint]float32(nil), (*Encoder).fastpathEncMapUintFloat32R, (*Decoder).fastpathDecMapUintFloat32R)
-	fn(map[uint]float64(nil), (*Encoder).fastpathEncMapUintFloat64R, (*Decoder).fastpathDecMapUintFloat64R)
-	fn(map[uint]bool(nil), (*Encoder).fastpathEncMapUintBoolR, (*Decoder).fastpathDecMapUintBoolR)
-	fn(map[uint8]interface{}(nil), (*Encoder).fastpathEncMapUint8IntfR, (*Decoder).fastpathDecMapUint8IntfR)
-	fn(map[uint8]string(nil), (*Encoder).fastpathEncMapUint8StringR, (*Decoder).fastpathDecMapUint8StringR)
-	fn(map[uint8]uint(nil), (*Encoder).fastpathEncMapUint8UintR, (*Decoder).fastpathDecMapUint8UintR)
-	fn(map[uint8]uint8(nil), (*Encoder).fastpathEncMapUint8Uint8R, (*Decoder).fastpathDecMapUint8Uint8R)
-	fn(map[uint8]uint16(nil), (*Encoder).fastpathEncMapUint8Uint16R, (*Decoder).fastpathDecMapUint8Uint16R)
-	fn(map[uint8]uint32(nil), (*Encoder).fastpathEncMapUint8Uint32R, (*Decoder).fastpathDecMapUint8Uint32R)
-	fn(map[uint8]uint64(nil), (*Encoder).fastpathEncMapUint8Uint64R, (*Decoder).fastpathDecMapUint8Uint64R)
-	fn(map[uint8]uintptr(nil), (*Encoder).fastpathEncMapUint8UintptrR, (*Decoder).fastpathDecMapUint8UintptrR)
-	fn(map[uint8]int(nil), (*Encoder).fastpathEncMapUint8IntR, (*Decoder).fastpathDecMapUint8IntR)
-	fn(map[uint8]int8(nil), (*Encoder).fastpathEncMapUint8Int8R, (*Decoder).fastpathDecMapUint8Int8R)
-	fn(map[uint8]int16(nil), (*Encoder).fastpathEncMapUint8Int16R, (*Decoder).fastpathDecMapUint8Int16R)
-	fn(map[uint8]int32(nil), (*Encoder).fastpathEncMapUint8Int32R, (*Decoder).fastpathDecMapUint8Int32R)
-	fn(map[uint8]int64(nil), (*Encoder).fastpathEncMapUint8Int64R, (*Decoder).fastpathDecMapUint8Int64R)
-	fn(map[uint8]float32(nil), (*Encoder).fastpathEncMapUint8Float32R, (*Decoder).fastpathDecMapUint8Float32R)
-	fn(map[uint8]float64(nil), (*Encoder).fastpathEncMapUint8Float64R, (*Decoder).fastpathDecMapUint8Float64R)
-	fn(map[uint8]bool(nil), (*Encoder).fastpathEncMapUint8BoolR, (*Decoder).fastpathDecMapUint8BoolR)
-	fn(map[uint16]interface{}(nil), (*Encoder).fastpathEncMapUint16IntfR, (*Decoder).fastpathDecMapUint16IntfR)
-	fn(map[uint16]string(nil), (*Encoder).fastpathEncMapUint16StringR, (*Decoder).fastpathDecMapUint16StringR)
-	fn(map[uint16]uint(nil), (*Encoder).fastpathEncMapUint16UintR, (*Decoder).fastpathDecMapUint16UintR)
-	fn(map[uint16]uint8(nil), (*Encoder).fastpathEncMapUint16Uint8R, (*Decoder).fastpathDecMapUint16Uint8R)
-	fn(map[uint16]uint16(nil), (*Encoder).fastpathEncMapUint16Uint16R, (*Decoder).fastpathDecMapUint16Uint16R)
-	fn(map[uint16]uint32(nil), (*Encoder).fastpathEncMapUint16Uint32R, (*Decoder).fastpathDecMapUint16Uint32R)
-	fn(map[uint16]uint64(nil), (*Encoder).fastpathEncMapUint16Uint64R, (*Decoder).fastpathDecMapUint16Uint64R)
-	fn(map[uint16]uintptr(nil), (*Encoder).fastpathEncMapUint16UintptrR, (*Decoder).fastpathDecMapUint16UintptrR)
-	fn(map[uint16]int(nil), (*Encoder).fastpathEncMapUint16IntR, (*Decoder).fastpathDecMapUint16IntR)
-	fn(map[uint16]int8(nil), (*Encoder).fastpathEncMapUint16Int8R, (*Decoder).fastpathDecMapUint16Int8R)
-	fn(map[uint16]int16(nil), (*Encoder).fastpathEncMapUint16Int16R, (*Decoder).fastpathDecMapUint16Int16R)
-	fn(map[uint16]int32(nil), (*Encoder).fastpathEncMapUint16Int32R, (*Decoder).fastpathDecMapUint16Int32R)
-	fn(map[uint16]int64(nil), (*Encoder).fastpathEncMapUint16Int64R, (*Decoder).fastpathDecMapUint16Int64R)
-	fn(map[uint16]float32(nil), (*Encoder).fastpathEncMapUint16Float32R, (*Decoder).fastpathDecMapUint16Float32R)
-	fn(map[uint16]float64(nil), (*Encoder).fastpathEncMapUint16Float64R, (*Decoder).fastpathDecMapUint16Float64R)
-	fn(map[uint16]bool(nil), (*Encoder).fastpathEncMapUint16BoolR, (*Decoder).fastpathDecMapUint16BoolR)
-	fn(map[uint32]interface{}(nil), (*Encoder).fastpathEncMapUint32IntfR, (*Decoder).fastpathDecMapUint32IntfR)
-	fn(map[uint32]string(nil), (*Encoder).fastpathEncMapUint32StringR, (*Decoder).fastpathDecMapUint32StringR)
-	fn(map[uint32]uint(nil), (*Encoder).fastpathEncMapUint32UintR, (*Decoder).fastpathDecMapUint32UintR)
-	fn(map[uint32]uint8(nil), (*Encoder).fastpathEncMapUint32Uint8R, (*Decoder).fastpathDecMapUint32Uint8R)
-	fn(map[uint32]uint16(nil), (*Encoder).fastpathEncMapUint32Uint16R, (*Decoder).fastpathDecMapUint32Uint16R)
-	fn(map[uint32]uint32(nil), (*Encoder).fastpathEncMapUint32Uint32R, (*Decoder).fastpathDecMapUint32Uint32R)
-	fn(map[uint32]uint64(nil), (*Encoder).fastpathEncMapUint32Uint64R, (*Decoder).fastpathDecMapUint32Uint64R)
-	fn(map[uint32]uintptr(nil), (*Encoder).fastpathEncMapUint32UintptrR, (*Decoder).fastpathDecMapUint32UintptrR)
-	fn(map[uint32]int(nil), (*Encoder).fastpathEncMapUint32IntR, (*Decoder).fastpathDecMapUint32IntR)
-	fn(map[uint32]int8(nil), (*Encoder).fastpathEncMapUint32Int8R, (*Decoder).fastpathDecMapUint32Int8R)
-	fn(map[uint32]int16(nil), (*Encoder).fastpathEncMapUint32Int16R, (*Decoder).fastpathDecMapUint32Int16R)
-	fn(map[uint32]int32(nil), (*Encoder).fastpathEncMapUint32Int32R, (*Decoder).fastpathDecMapUint32Int32R)
-	fn(map[uint32]int64(nil), (*Encoder).fastpathEncMapUint32Int64R, (*Decoder).fastpathDecMapUint32Int64R)
-	fn(map[uint32]float32(nil), (*Encoder).fastpathEncMapUint32Float32R, (*Decoder).fastpathDecMapUint32Float32R)
-	fn(map[uint32]float64(nil), (*Encoder).fastpathEncMapUint32Float64R, (*Decoder).fastpathDecMapUint32Float64R)
-	fn(map[uint32]bool(nil), (*Encoder).fastpathEncMapUint32BoolR, (*Decoder).fastpathDecMapUint32BoolR)
-	fn(map[uint64]interface{}(nil), (*Encoder).fastpathEncMapUint64IntfR, (*Decoder).fastpathDecMapUint64IntfR)
-	fn(map[uint64]string(nil), (*Encoder).fastpathEncMapUint64StringR, (*Decoder).fastpathDecMapUint64StringR)
-	fn(map[uint64]uint(nil), (*Encoder).fastpathEncMapUint64UintR, (*Decoder).fastpathDecMapUint64UintR)
-	fn(map[uint64]uint8(nil), (*Encoder).fastpathEncMapUint64Uint8R, (*Decoder).fastpathDecMapUint64Uint8R)
-	fn(map[uint64]uint16(nil), (*Encoder).fastpathEncMapUint64Uint16R, (*Decoder).fastpathDecMapUint64Uint16R)
-	fn(map[uint64]uint32(nil), (*Encoder).fastpathEncMapUint64Uint32R, (*Decoder).fastpathDecMapUint64Uint32R)
-	fn(map[uint64]uint64(nil), (*Encoder).fastpathEncMapUint64Uint64R, (*Decoder).fastpathDecMapUint64Uint64R)
-	fn(map[uint64]uintptr(nil), (*Encoder).fastpathEncMapUint64UintptrR, (*Decoder).fastpathDecMapUint64UintptrR)
-	fn(map[uint64]int(nil), (*Encoder).fastpathEncMapUint64IntR, (*Decoder).fastpathDecMapUint64IntR)
-	fn(map[uint64]int8(nil), (*Encoder).fastpathEncMapUint64Int8R, (*Decoder).fastpathDecMapUint64Int8R)
-	fn(map[uint64]int16(nil), (*Encoder).fastpathEncMapUint64Int16R, (*Decoder).fastpathDecMapUint64Int16R)
-	fn(map[uint64]int32(nil), (*Encoder).fastpathEncMapUint64Int32R, (*Decoder).fastpathDecMapUint64Int32R)
-	fn(map[uint64]int64(nil), (*Encoder).fastpathEncMapUint64Int64R, (*Decoder).fastpathDecMapUint64Int64R)
-	fn(map[uint64]float32(nil), (*Encoder).fastpathEncMapUint64Float32R, (*Decoder).fastpathDecMapUint64Float32R)
-	fn(map[uint64]float64(nil), (*Encoder).fastpathEncMapUint64Float64R, (*Decoder).fastpathDecMapUint64Float64R)
-	fn(map[uint64]bool(nil), (*Encoder).fastpathEncMapUint64BoolR, (*Decoder).fastpathDecMapUint64BoolR)
-	fn(map[uintptr]interface{}(nil), (*Encoder).fastpathEncMapUintptrIntfR, (*Decoder).fastpathDecMapUintptrIntfR)
-	fn(map[uintptr]string(nil), (*Encoder).fastpathEncMapUintptrStringR, (*Decoder).fastpathDecMapUintptrStringR)
-	fn(map[uintptr]uint(nil), (*Encoder).fastpathEncMapUintptrUintR, (*Decoder).fastpathDecMapUintptrUintR)
-	fn(map[uintptr]uint8(nil), (*Encoder).fastpathEncMapUintptrUint8R, (*Decoder).fastpathDecMapUintptrUint8R)
-	fn(map[uintptr]uint16(nil), (*Encoder).fastpathEncMapUintptrUint16R, (*Decoder).fastpathDecMapUintptrUint16R)
-	fn(map[uintptr]uint32(nil), (*Encoder).fastpathEncMapUintptrUint32R, (*Decoder).fastpathDecMapUintptrUint32R)
-	fn(map[uintptr]uint64(nil), (*Encoder).fastpathEncMapUintptrUint64R, (*Decoder).fastpathDecMapUintptrUint64R)
-	fn(map[uintptr]uintptr(nil), (*Encoder).fastpathEncMapUintptrUintptrR, (*Decoder).fastpathDecMapUintptrUintptrR)
-	fn(map[uintptr]int(nil), (*Encoder).fastpathEncMapUintptrIntR, (*Decoder).fastpathDecMapUintptrIntR)
-	fn(map[uintptr]int8(nil), (*Encoder).fastpathEncMapUintptrInt8R, (*Decoder).fastpathDecMapUintptrInt8R)
-	fn(map[uintptr]int16(nil), (*Encoder).fastpathEncMapUintptrInt16R, (*Decoder).fastpathDecMapUintptrInt16R)
-	fn(map[uintptr]int32(nil), (*Encoder).fastpathEncMapUintptrInt32R, (*Decoder).fastpathDecMapUintptrInt32R)
-	fn(map[uintptr]int64(nil), (*Encoder).fastpathEncMapUintptrInt64R, (*Decoder).fastpathDecMapUintptrInt64R)
-	fn(map[uintptr]float32(nil), (*Encoder).fastpathEncMapUintptrFloat32R, (*Decoder).fastpathDecMapUintptrFloat32R)
-	fn(map[uintptr]float64(nil), (*Encoder).fastpathEncMapUintptrFloat64R, (*Decoder).fastpathDecMapUintptrFloat64R)
-	fn(map[uintptr]bool(nil), (*Encoder).fastpathEncMapUintptrBoolR, (*Decoder).fastpathDecMapUintptrBoolR)
-	fn(map[int]interface{}(nil), (*Encoder).fastpathEncMapIntIntfR, (*Decoder).fastpathDecMapIntIntfR)
-	fn(map[int]string(nil), (*Encoder).fastpathEncMapIntStringR, (*Decoder).fastpathDecMapIntStringR)
-	fn(map[int]uint(nil), (*Encoder).fastpathEncMapIntUintR, (*Decoder).fastpathDecMapIntUintR)
-	fn(map[int]uint8(nil), (*Encoder).fastpathEncMapIntUint8R, (*Decoder).fastpathDecMapIntUint8R)
-	fn(map[int]uint16(nil), (*Encoder).fastpathEncMapIntUint16R, (*Decoder).fastpathDecMapIntUint16R)
-	fn(map[int]uint32(nil), (*Encoder).fastpathEncMapIntUint32R, (*Decoder).fastpathDecMapIntUint32R)
-	fn(map[int]uint64(nil), (*Encoder).fastpathEncMapIntUint64R, (*Decoder).fastpathDecMapIntUint64R)
-	fn(map[int]uintptr(nil), (*Encoder).fastpathEncMapIntUintptrR, (*Decoder).fastpathDecMapIntUintptrR)
-	fn(map[int]int(nil), (*Encoder).fastpathEncMapIntIntR, (*Decoder).fastpathDecMapIntIntR)
-	fn(map[int]int8(nil), (*Encoder).fastpathEncMapIntInt8R, (*Decoder).fastpathDecMapIntInt8R)
-	fn(map[int]int16(nil), (*Encoder).fastpathEncMapIntInt16R, (*Decoder).fastpathDecMapIntInt16R)
-	fn(map[int]int32(nil), (*Encoder).fastpathEncMapIntInt32R, (*Decoder).fastpathDecMapIntInt32R)
-	fn(map[int]int64(nil), (*Encoder).fastpathEncMapIntInt64R, (*Decoder).fastpathDecMapIntInt64R)
-	fn(map[int]float32(nil), (*Encoder).fastpathEncMapIntFloat32R, (*Decoder).fastpathDecMapIntFloat32R)
-	fn(map[int]float64(nil), (*Encoder).fastpathEncMapIntFloat64R, (*Decoder).fastpathDecMapIntFloat64R)
-	fn(map[int]bool(nil), (*Encoder).fastpathEncMapIntBoolR, (*Decoder).fastpathDecMapIntBoolR)
-	fn(map[int8]interface{}(nil), (*Encoder).fastpathEncMapInt8IntfR, (*Decoder).fastpathDecMapInt8IntfR)
-	fn(map[int8]string(nil), (*Encoder).fastpathEncMapInt8StringR, (*Decoder).fastpathDecMapInt8StringR)
-	fn(map[int8]uint(nil), (*Encoder).fastpathEncMapInt8UintR, (*Decoder).fastpathDecMapInt8UintR)
-	fn(map[int8]uint8(nil), (*Encoder).fastpathEncMapInt8Uint8R, (*Decoder).fastpathDecMapInt8Uint8R)
-	fn(map[int8]uint16(nil), (*Encoder).fastpathEncMapInt8Uint16R, (*Decoder).fastpathDecMapInt8Uint16R)
-	fn(map[int8]uint32(nil), (*Encoder).fastpathEncMapInt8Uint32R, (*Decoder).fastpathDecMapInt8Uint32R)
-	fn(map[int8]uint64(nil), (*Encoder).fastpathEncMapInt8Uint64R, (*Decoder).fastpathDecMapInt8Uint64R)
-	fn(map[int8]uintptr(nil), (*Encoder).fastpathEncMapInt8UintptrR, (*Decoder).fastpathDecMapInt8UintptrR)
-	fn(map[int8]int(nil), (*Encoder).fastpathEncMapInt8IntR, (*Decoder).fastpathDecMapInt8IntR)
-	fn(map[int8]int8(nil), (*Encoder).fastpathEncMapInt8Int8R, (*Decoder).fastpathDecMapInt8Int8R)
-	fn(map[int8]int16(nil), (*Encoder).fastpathEncMapInt8Int16R, (*Decoder).fastpathDecMapInt8Int16R)
-	fn(map[int8]int32(nil), (*Encoder).fastpathEncMapInt8Int32R, (*Decoder).fastpathDecMapInt8Int32R)
-	fn(map[int8]int64(nil), (*Encoder).fastpathEncMapInt8Int64R, (*Decoder).fastpathDecMapInt8Int64R)
-	fn(map[int8]float32(nil), (*Encoder).fastpathEncMapInt8Float32R, (*Decoder).fastpathDecMapInt8Float32R)
-	fn(map[int8]float64(nil), (*Encoder).fastpathEncMapInt8Float64R, (*Decoder).fastpathDecMapInt8Float64R)
-	fn(map[int8]bool(nil), (*Encoder).fastpathEncMapInt8BoolR, (*Decoder).fastpathDecMapInt8BoolR)
-	fn(map[int16]interface{}(nil), (*Encoder).fastpathEncMapInt16IntfR, (*Decoder).fastpathDecMapInt16IntfR)
-	fn(map[int16]string(nil), (*Encoder).fastpathEncMapInt16StringR, (*Decoder).fastpathDecMapInt16StringR)
-	fn(map[int16]uint(nil), (*Encoder).fastpathEncMapInt16UintR, (*Decoder).fastpathDecMapInt16UintR)
-	fn(map[int16]uint8(nil), (*Encoder).fastpathEncMapInt16Uint8R, (*Decoder).fastpathDecMapInt16Uint8R)
-	fn(map[int16]uint16(nil), (*Encoder).fastpathEncMapInt16Uint16R, (*Decoder).fastpathDecMapInt16Uint16R)
-	fn(map[int16]uint32(nil), (*Encoder).fastpathEncMapInt16Uint32R, (*Decoder).fastpathDecMapInt16Uint32R)
-	fn(map[int16]uint64(nil), (*Encoder).fastpathEncMapInt16Uint64R, (*Decoder).fastpathDecMapInt16Uint64R)
-	fn(map[int16]uintptr(nil), (*Encoder).fastpathEncMapInt16UintptrR, (*Decoder).fastpathDecMapInt16UintptrR)
-	fn(map[int16]int(nil), (*Encoder).fastpathEncMapInt16IntR, (*Decoder).fastpathDecMapInt16IntR)
-	fn(map[int16]int8(nil), (*Encoder).fastpathEncMapInt16Int8R, (*Decoder).fastpathDecMapInt16Int8R)
-	fn(map[int16]int16(nil), (*Encoder).fastpathEncMapInt16Int16R, (*Decoder).fastpathDecMapInt16Int16R)
-	fn(map[int16]int32(nil), (*Encoder).fastpathEncMapInt16Int32R, (*Decoder).fastpathDecMapInt16Int32R)
-	fn(map[int16]int64(nil), (*Encoder).fastpathEncMapInt16Int64R, (*Decoder).fastpathDecMapInt16Int64R)
-	fn(map[int16]float32(nil), (*Encoder).fastpathEncMapInt16Float32R, (*Decoder).fastpathDecMapInt16Float32R)
-	fn(map[int16]float64(nil), (*Encoder).fastpathEncMapInt16Float64R, (*Decoder).fastpathDecMapInt16Float64R)
-	fn(map[int16]bool(nil), (*Encoder).fastpathEncMapInt16BoolR, (*Decoder).fastpathDecMapInt16BoolR)
-	fn(map[int32]interface{}(nil), (*Encoder).fastpathEncMapInt32IntfR, (*Decoder).fastpathDecMapInt32IntfR)
-	fn(map[int32]string(nil), (*Encoder).fastpathEncMapInt32StringR, (*Decoder).fastpathDecMapInt32StringR)
-	fn(map[int32]uint(nil), (*Encoder).fastpathEncMapInt32UintR, (*Decoder).fastpathDecMapInt32UintR)
-	fn(map[int32]uint8(nil), (*Encoder).fastpathEncMapInt32Uint8R, (*Decoder).fastpathDecMapInt32Uint8R)
-	fn(map[int32]uint16(nil), (*Encoder).fastpathEncMapInt32Uint16R, (*Decoder).fastpathDecMapInt32Uint16R)
-	fn(map[int32]uint32(nil), (*Encoder).fastpathEncMapInt32Uint32R, (*Decoder).fastpathDecMapInt32Uint32R)
-	fn(map[int32]uint64(nil), (*Encoder).fastpathEncMapInt32Uint64R, (*Decoder).fastpathDecMapInt32Uint64R)
-	fn(map[int32]uintptr(nil), (*Encoder).fastpathEncMapInt32UintptrR, (*Decoder).fastpathDecMapInt32UintptrR)
-	fn(map[int32]int(nil), (*Encoder).fastpathEncMapInt32IntR, (*Decoder).fastpathDecMapInt32IntR)
-	fn(map[int32]int8(nil), (*Encoder).fastpathEncMapInt32Int8R, (*Decoder).fastpathDecMapInt32Int8R)
-	fn(map[int32]int16(nil), (*Encoder).fastpathEncMapInt32Int16R, (*Decoder).fastpathDecMapInt32Int16R)
-	fn(map[int32]int32(nil), (*Encoder).fastpathEncMapInt32Int32R, (*Decoder).fastpathDecMapInt32Int32R)
-	fn(map[int32]int64(nil), (*Encoder).fastpathEncMapInt32Int64R, (*Decoder).fastpathDecMapInt32Int64R)
-	fn(map[int32]float32(nil), (*Encoder).fastpathEncMapInt32Float32R, (*Decoder).fastpathDecMapInt32Float32R)
-	fn(map[int32]float64(nil), (*Encoder).fastpathEncMapInt32Float64R, (*Decoder).fastpathDecMapInt32Float64R)
-	fn(map[int32]bool(nil), (*Encoder).fastpathEncMapInt32BoolR, (*Decoder).fastpathDecMapInt32BoolR)
-	fn(map[int64]interface{}(nil), (*Encoder).fastpathEncMapInt64IntfR, (*Decoder).fastpathDecMapInt64IntfR)
-	fn(map[int64]string(nil), (*Encoder).fastpathEncMapInt64StringR, (*Decoder).fastpathDecMapInt64StringR)
-	fn(map[int64]uint(nil), (*Encoder).fastpathEncMapInt64UintR, (*Decoder).fastpathDecMapInt64UintR)
-	fn(map[int64]uint8(nil), (*Encoder).fastpathEncMapInt64Uint8R, (*Decoder).fastpathDecMapInt64Uint8R)
-	fn(map[int64]uint16(nil), (*Encoder).fastpathEncMapInt64Uint16R, (*Decoder).fastpathDecMapInt64Uint16R)
-	fn(map[int64]uint32(nil), (*Encoder).fastpathEncMapInt64Uint32R, (*Decoder).fastpathDecMapInt64Uint32R)
-	fn(map[int64]uint64(nil), (*Encoder).fastpathEncMapInt64Uint64R, (*Decoder).fastpathDecMapInt64Uint64R)
-	fn(map[int64]uintptr(nil), (*Encoder).fastpathEncMapInt64UintptrR, (*Decoder).fastpathDecMapInt64UintptrR)
-	fn(map[int64]int(nil), (*Encoder).fastpathEncMapInt64IntR, (*Decoder).fastpathDecMapInt64IntR)
-	fn(map[int64]int8(nil), (*Encoder).fastpathEncMapInt64Int8R, (*Decoder).fastpathDecMapInt64Int8R)
-	fn(map[int64]int16(nil), (*Encoder).fastpathEncMapInt64Int16R, (*Decoder).fastpathDecMapInt64Int16R)
-	fn(map[int64]int32(nil), (*Encoder).fastpathEncMapInt64Int32R, (*Decoder).fastpathDecMapInt64Int32R)
-	fn(map[int64]int64(nil), (*Encoder).fastpathEncMapInt64Int64R, (*Decoder).fastpathDecMapInt64Int64R)
-	fn(map[int64]float32(nil), (*Encoder).fastpathEncMapInt64Float32R, (*Decoder).fastpathDecMapInt64Float32R)
-	fn(map[int64]float64(nil), (*Encoder).fastpathEncMapInt64Float64R, (*Decoder).fastpathDecMapInt64Float64R)
-	fn(map[int64]bool(nil), (*Encoder).fastpathEncMapInt64BoolR, (*Decoder).fastpathDecMapInt64BoolR)
-	fn(map[bool]interface{}(nil), (*Encoder).fastpathEncMapBoolIntfR, (*Decoder).fastpathDecMapBoolIntfR)
-	fn(map[bool]string(nil), (*Encoder).fastpathEncMapBoolStringR, (*Decoder).fastpathDecMapBoolStringR)
-	fn(map[bool]uint(nil), (*Encoder).fastpathEncMapBoolUintR, (*Decoder).fastpathDecMapBoolUintR)
-	fn(map[bool]uint8(nil), (*Encoder).fastpathEncMapBoolUint8R, (*Decoder).fastpathDecMapBoolUint8R)
-	fn(map[bool]uint16(nil), (*Encoder).fastpathEncMapBoolUint16R, (*Decoder).fastpathDecMapBoolUint16R)
-	fn(map[bool]uint32(nil), (*Encoder).fastpathEncMapBoolUint32R, (*Decoder).fastpathDecMapBoolUint32R)
-	fn(map[bool]uint64(nil), (*Encoder).fastpathEncMapBoolUint64R, (*Decoder).fastpathDecMapBoolUint64R)
-	fn(map[bool]uintptr(nil), (*Encoder).fastpathEncMapBoolUintptrR, (*Decoder).fastpathDecMapBoolUintptrR)
-	fn(map[bool]int(nil), (*Encoder).fastpathEncMapBoolIntR, (*Decoder).fastpathDecMapBoolIntR)
-	fn(map[bool]int8(nil), (*Encoder).fastpathEncMapBoolInt8R, (*Decoder).fastpathDecMapBoolInt8R)
-	fn(map[bool]int16(nil), (*Encoder).fastpathEncMapBoolInt16R, (*Decoder).fastpathDecMapBoolInt16R)
-	fn(map[bool]int32(nil), (*Encoder).fastpathEncMapBoolInt32R, (*Decoder).fastpathDecMapBoolInt32R)
-	fn(map[bool]int64(nil), (*Encoder).fastpathEncMapBoolInt64R, (*Decoder).fastpathDecMapBoolInt64R)
-	fn(map[bool]float32(nil), (*Encoder).fastpathEncMapBoolFloat32R, (*Decoder).fastpathDecMapBoolFloat32R)
-	fn(map[bool]float64(nil), (*Encoder).fastpathEncMapBoolFloat64R, (*Decoder).fastpathDecMapBoolFloat64R)
-	fn(map[bool]bool(nil), (*Encoder).fastpathEncMapBoolBoolR, (*Decoder).fastpathDecMapBoolBoolR)
-
-	sort.Sort(fastpathAslice(fastpathAV[:]))
-}
-
-// -- encode
-
-// -- -- fast path type switch
-func fastpathEncodeTypeSwitch(iv interface{}, e *Encoder) bool {
-	switch v := iv.(type) {
-
-	case []interface{}:
-		fastpathTV.EncSliceIntfV(v, e)
-	case *[]interface{}:
-		fastpathTV.EncSliceIntfV(*v, e)
-	case []string:
-		fastpathTV.EncSliceStringV(v, e)
-	case *[]string:
-		fastpathTV.EncSliceStringV(*v, e)
-	case []float32:
-		fastpathTV.EncSliceFloat32V(v, e)
-	case *[]float32:
-		fastpathTV.EncSliceFloat32V(*v, e)
-	case []float64:
-		fastpathTV.EncSliceFloat64V(v, e)
-	case *[]float64:
-		fastpathTV.EncSliceFloat64V(*v, e)
-	case []uint:
-		fastpathTV.EncSliceUintV(v, e)
-	case *[]uint:
-		fastpathTV.EncSliceUintV(*v, e)
-	case []uint16:
-		fastpathTV.EncSliceUint16V(v, e)
-	case *[]uint16:
-		fastpathTV.EncSliceUint16V(*v, e)
-	case []uint32:
-		fastpathTV.EncSliceUint32V(v, e)
-	case *[]uint32:
-		fastpathTV.EncSliceUint32V(*v, e)
-	case []uint64:
-		fastpathTV.EncSliceUint64V(v, e)
-	case *[]uint64:
-		fastpathTV.EncSliceUint64V(*v, e)
-	case []uintptr:
-		fastpathTV.EncSliceUintptrV(v, e)
-	case *[]uintptr:
-		fastpathTV.EncSliceUintptrV(*v, e)
-	case []int:
-		fastpathTV.EncSliceIntV(v, e)
-	case *[]int:
-		fastpathTV.EncSliceIntV(*v, e)
-	case []int8:
-		fastpathTV.EncSliceInt8V(v, e)
-	case *[]int8:
-		fastpathTV.EncSliceInt8V(*v, e)
-	case []int16:
-		fastpathTV.EncSliceInt16V(v, e)
-	case *[]int16:
-		fastpathTV.EncSliceInt16V(*v, e)
-	case []int32:
-		fastpathTV.EncSliceInt32V(v, e)
-	case *[]int32:
-		fastpathTV.EncSliceInt32V(*v, e)
-	case []int64:
-		fastpathTV.EncSliceInt64V(v, e)
-	case *[]int64:
-		fastpathTV.EncSliceInt64V(*v, e)
-	case []bool:
-		fastpathTV.EncSliceBoolV(v, e)
-	case *[]bool:
-		fastpathTV.EncSliceBoolV(*v, e)
-
-	case map[interface{}]interface{}:
-		fastpathTV.EncMapIntfIntfV(v, e)
-	case *map[interface{}]interface{}:
-		fastpathTV.EncMapIntfIntfV(*v, e)
-	case map[interface{}]string:
-		fastpathTV.EncMapIntfStringV(v, e)
-	case *map[interface{}]string:
-		fastpathTV.EncMapIntfStringV(*v, e)
-	case map[interface{}]uint:
-		fastpathTV.EncMapIntfUintV(v, e)
-	case *map[interface{}]uint:
-		fastpathTV.EncMapIntfUintV(*v, e)
-	case map[interface{}]uint8:
-		fastpathTV.EncMapIntfUint8V(v, e)
-	case *map[interface{}]uint8:
-		fastpathTV.EncMapIntfUint8V(*v, e)
-	case map[interface{}]uint16:
-		fastpathTV.EncMapIntfUint16V(v, e)
-	case *map[interface{}]uint16:
-		fastpathTV.EncMapIntfUint16V(*v, e)
-	case map[interface{}]uint32:
-		fastpathTV.EncMapIntfUint32V(v, e)
-	case *map[interface{}]uint32:
-		fastpathTV.EncMapIntfUint32V(*v, e)
-	case map[interface{}]uint64:
-		fastpathTV.EncMapIntfUint64V(v, e)
-	case *map[interface{}]uint64:
-		fastpathTV.EncMapIntfUint64V(*v, e)
-	case map[interface{}]uintptr:
-		fastpathTV.EncMapIntfUintptrV(v, e)
-	case *map[interface{}]uintptr:
-		fastpathTV.EncMapIntfUintptrV(*v, e)
-	case map[interface{}]int:
-		fastpathTV.EncMapIntfIntV(v, e)
-	case *map[interface{}]int:
-		fastpathTV.EncMapIntfIntV(*v, e)
-	case map[interface{}]int8:
-		fastpathTV.EncMapIntfInt8V(v, e)
-	case *map[interface{}]int8:
-		fastpathTV.EncMapIntfInt8V(*v, e)
-	case map[interface{}]int16:
-		fastpathTV.EncMapIntfInt16V(v, e)
-	case *map[interface{}]int16:
-		fastpathTV.EncMapIntfInt16V(*v, e)
-	case map[interface{}]int32:
-		fastpathTV.EncMapIntfInt32V(v, e)
-	case *map[interface{}]int32:
-		fastpathTV.EncMapIntfInt32V(*v, e)
-	case map[interface{}]int64:
-		fastpathTV.EncMapIntfInt64V(v, e)
-	case *map[interface{}]int64:
-		fastpathTV.EncMapIntfInt64V(*v, e)
-	case map[interface{}]float32:
-		fastpathTV.EncMapIntfFloat32V(v, e)
-	case *map[interface{}]float32:
-		fastpathTV.EncMapIntfFloat32V(*v, e)
-	case map[interface{}]float64:
-		fastpathTV.EncMapIntfFloat64V(v, e)
-	case *map[interface{}]float64:
-		fastpathTV.EncMapIntfFloat64V(*v, e)
-	case map[interface{}]bool:
-		fastpathTV.EncMapIntfBoolV(v, e)
-	case *map[interface{}]bool:
-		fastpathTV.EncMapIntfBoolV(*v, e)
-	case map[string]interface{}:
-		fastpathTV.EncMapStringIntfV(v, e)
-	case *map[string]interface{}:
-		fastpathTV.EncMapStringIntfV(*v, e)
-	case map[string]string:
-		fastpathTV.EncMapStringStringV(v, e)
-	case *map[string]string:
-		fastpathTV.EncMapStringStringV(*v, e)
-	case map[string]uint:
-		fastpathTV.EncMapStringUintV(v, e)
-	case *map[string]uint:
-		fastpathTV.EncMapStringUintV(*v, e)
-	case map[string]uint8:
-		fastpathTV.EncMapStringUint8V(v, e)
-	case *map[string]uint8:
-		fastpathTV.EncMapStringUint8V(*v, e)
-	case map[string]uint16:
-		fastpathTV.EncMapStringUint16V(v, e)
-	case *map[string]uint16:
-		fastpathTV.EncMapStringUint16V(*v, e)
-	case map[string]uint32:
-		fastpathTV.EncMapStringUint32V(v, e)
-	case *map[string]uint32:
-		fastpathTV.EncMapStringUint32V(*v, e)
-	case map[string]uint64:
-		fastpathTV.EncMapStringUint64V(v, e)
-	case *map[string]uint64:
-		fastpathTV.EncMapStringUint64V(*v, e)
-	case map[string]uintptr:
-		fastpathTV.EncMapStringUintptrV(v, e)
-	case *map[string]uintptr:
-		fastpathTV.EncMapStringUintptrV(*v, e)
-	case map[string]int:
-		fastpathTV.EncMapStringIntV(v, e)
-	case *map[string]int:
-		fastpathTV.EncMapStringIntV(*v, e)
-	case map[string]int8:
-		fastpathTV.EncMapStringInt8V(v, e)
-	case *map[string]int8:
-		fastpathTV.EncMapStringInt8V(*v, e)
-	case map[string]int16:
-		fastpathTV.EncMapStringInt16V(v, e)
-	case *map[string]int16:
-		fastpathTV.EncMapStringInt16V(*v, e)
-	case map[string]int32:
-		fastpathTV.EncMapStringInt32V(v, e)
-	case *map[string]int32:
-		fastpathTV.EncMapStringInt32V(*v, e)
-	case map[string]int64:
-		fastpathTV.EncMapStringInt64V(v, e)
-	case *map[string]int64:
-		fastpathTV.EncMapStringInt64V(*v, e)
-	case map[string]float32:
-		fastpathTV.EncMapStringFloat32V(v, e)
-	case *map[string]float32:
-		fastpathTV.EncMapStringFloat32V(*v, e)
-	case map[string]float64:
-		fastpathTV.EncMapStringFloat64V(v, e)
-	case *map[string]float64:
-		fastpathTV.EncMapStringFloat64V(*v, e)
-	case map[string]bool:
-		fastpathTV.EncMapStringBoolV(v, e)
-	case *map[string]bool:
-		fastpathTV.EncMapStringBoolV(*v, e)
-	case map[float32]interface{}:
-		fastpathTV.EncMapFloat32IntfV(v, e)
-	case *map[float32]interface{}:
-		fastpathTV.EncMapFloat32IntfV(*v, e)
-	case map[float32]string:
-		fastpathTV.EncMapFloat32StringV(v, e)
-	case *map[float32]string:
-		fastpathTV.EncMapFloat32StringV(*v, e)
-	case map[float32]uint:
-		fastpathTV.EncMapFloat32UintV(v, e)
-	case *map[float32]uint:
-		fastpathTV.EncMapFloat32UintV(*v, e)
-	case map[float32]uint8:
-		fastpathTV.EncMapFloat32Uint8V(v, e)
-	case *map[float32]uint8:
-		fastpathTV.EncMapFloat32Uint8V(*v, e)
-	case map[float32]uint16:
-		fastpathTV.EncMapFloat32Uint16V(v, e)
-	case *map[float32]uint16:
-		fastpathTV.EncMapFloat32Uint16V(*v, e)
-	case map[float32]uint32:
-		fastpathTV.EncMapFloat32Uint32V(v, e)
-	case *map[float32]uint32:
-		fastpathTV.EncMapFloat32Uint32V(*v, e)
-	case map[float32]uint64:
-		fastpathTV.EncMapFloat32Uint64V(v, e)
-	case *map[float32]uint64:
-		fastpathTV.EncMapFloat32Uint64V(*v, e)
-	case map[float32]uintptr:
-		fastpathTV.EncMapFloat32UintptrV(v, e)
-	case *map[float32]uintptr:
-		fastpathTV.EncMapFloat32UintptrV(*v, e)
-	case map[float32]int:
-		fastpathTV.EncMapFloat32IntV(v, e)
-	case *map[float32]int:
-		fastpathTV.EncMapFloat32IntV(*v, e)
-	case map[float32]int8:
-		fastpathTV.EncMapFloat32Int8V(v, e)
-	case *map[float32]int8:
-		fastpathTV.EncMapFloat32Int8V(*v, e)
-	case map[float32]int16:
-		fastpathTV.EncMapFloat32Int16V(v, e)
-	case *map[float32]int16:
-		fastpathTV.EncMapFloat32Int16V(*v, e)
-	case map[float32]int32:
-		fastpathTV.EncMapFloat32Int32V(v, e)
-	case *map[float32]int32:
-		fastpathTV.EncMapFloat32Int32V(*v, e)
-	case map[float32]int64:
-		fastpathTV.EncMapFloat32Int64V(v, e)
-	case *map[float32]int64:
-		fastpathTV.EncMapFloat32Int64V(*v, e)
-	case map[float32]float32:
-		fastpathTV.EncMapFloat32Float32V(v, e)
-	case *map[float32]float32:
-		fastpathTV.EncMapFloat32Float32V(*v, e)
-	case map[float32]float64:
-		fastpathTV.EncMapFloat32Float64V(v, e)
-	case *map[float32]float64:
-		fastpathTV.EncMapFloat32Float64V(*v, e)
-	case map[float32]bool:
-		fastpathTV.EncMapFloat32BoolV(v, e)
-	case *map[float32]bool:
-		fastpathTV.EncMapFloat32BoolV(*v, e)
-	case map[float64]interface{}:
-		fastpathTV.EncMapFloat64IntfV(v, e)
-	case *map[float64]interface{}:
-		fastpathTV.EncMapFloat64IntfV(*v, e)
-	case map[float64]string:
-		fastpathTV.EncMapFloat64StringV(v, e)
-	case *map[float64]string:
-		fastpathTV.EncMapFloat64StringV(*v, e)
-	case map[float64]uint:
-		fastpathTV.EncMapFloat64UintV(v, e)
-	case *map[float64]uint:
-		fastpathTV.EncMapFloat64UintV(*v, e)
-	case map[float64]uint8:
-		fastpathTV.EncMapFloat64Uint8V(v, e)
-	case *map[float64]uint8:
-		fastpathTV.EncMapFloat64Uint8V(*v, e)
-	case map[float64]uint16:
-		fastpathTV.EncMapFloat64Uint16V(v, e)
-	case *map[float64]uint16:
-		fastpathTV.EncMapFloat64Uint16V(*v, e)
-	case map[float64]uint32:
-		fastpathTV.EncMapFloat64Uint32V(v, e)
-	case *map[float64]uint32:
-		fastpathTV.EncMapFloat64Uint32V(*v, e)
-	case map[float64]uint64:
-		fastpathTV.EncMapFloat64Uint64V(v, e)
-	case *map[float64]uint64:
-		fastpathTV.EncMapFloat64Uint64V(*v, e)
-	case map[float64]uintptr:
-		fastpathTV.EncMapFloat64UintptrV(v, e)
-	case *map[float64]uintptr:
-		fastpathTV.EncMapFloat64UintptrV(*v, e)
-	case map[float64]int:
-		fastpathTV.EncMapFloat64IntV(v, e)
-	case *map[float64]int:
-		fastpathTV.EncMapFloat64IntV(*v, e)
-	case map[float64]int8:
-		fastpathTV.EncMapFloat64Int8V(v, e)
-	case *map[float64]int8:
-		fastpathTV.EncMapFloat64Int8V(*v, e)
-	case map[float64]int16:
-		fastpathTV.EncMapFloat64Int16V(v, e)
-	case *map[float64]int16:
-		fastpathTV.EncMapFloat64Int16V(*v, e)
-	case map[float64]int32:
-		fastpathTV.EncMapFloat64Int32V(v, e)
-	case *map[float64]int32:
-		fastpathTV.EncMapFloat64Int32V(*v, e)
-	case map[float64]int64:
-		fastpathTV.EncMapFloat64Int64V(v, e)
-	case *map[float64]int64:
-		fastpathTV.EncMapFloat64Int64V(*v, e)
-	case map[float64]float32:
-		fastpathTV.EncMapFloat64Float32V(v, e)
-	case *map[float64]float32:
-		fastpathTV.EncMapFloat64Float32V(*v, e)
-	case map[float64]float64:
-		fastpathTV.EncMapFloat64Float64V(v, e)
-	case *map[float64]float64:
-		fastpathTV.EncMapFloat64Float64V(*v, e)
-	case map[float64]bool:
-		fastpathTV.EncMapFloat64BoolV(v, e)
-	case *map[float64]bool:
-		fastpathTV.EncMapFloat64BoolV(*v, e)
-	case map[uint]interface{}:
-		fastpathTV.EncMapUintIntfV(v, e)
-	case *map[uint]interface{}:
-		fastpathTV.EncMapUintIntfV(*v, e)
-	case map[uint]string:
-		fastpathTV.EncMapUintStringV(v, e)
-	case *map[uint]string:
-		fastpathTV.EncMapUintStringV(*v, e)
-	case map[uint]uint:
-		fastpathTV.EncMapUintUintV(v, e)
-	case *map[uint]uint:
-		fastpathTV.EncMapUintUintV(*v, e)
-	case map[uint]uint8:
-		fastpathTV.EncMapUintUint8V(v, e)
-	case *map[uint]uint8:
-		fastpathTV.EncMapUintUint8V(*v, e)
-	case map[uint]uint16:
-		fastpathTV.EncMapUintUint16V(v, e)
-	case *map[uint]uint16:
-		fastpathTV.EncMapUintUint16V(*v, e)
-	case map[uint]uint32:
-		fastpathTV.EncMapUintUint32V(v, e)
-	case *map[uint]uint32:
-		fastpathTV.EncMapUintUint32V(*v, e)
-	case map[uint]uint64:
-		fastpathTV.EncMapUintUint64V(v, e)
-	case *map[uint]uint64:
-		fastpathTV.EncMapUintUint64V(*v, e)
-	case map[uint]uintptr:
-		fastpathTV.EncMapUintUintptrV(v, e)
-	case *map[uint]uintptr:
-		fastpathTV.EncMapUintUintptrV(*v, e)
-	case map[uint]int:
-		fastpathTV.EncMapUintIntV(v, e)
-	case *map[uint]int:
-		fastpathTV.EncMapUintIntV(*v, e)
-	case map[uint]int8:
-		fastpathTV.EncMapUintInt8V(v, e)
-	case *map[uint]int8:
-		fastpathTV.EncMapUintInt8V(*v, e)
-	case map[uint]int16:
-		fastpathTV.EncMapUintInt16V(v, e)
-	case *map[uint]int16:
-		fastpathTV.EncMapUintInt16V(*v, e)
-	case map[uint]int32:
-		fastpathTV.EncMapUintInt32V(v, e)
-	case *map[uint]int32:
-		fastpathTV.EncMapUintInt32V(*v, e)
-	case map[uint]int64:
-		fastpathTV.EncMapUintInt64V(v, e)
-	case *map[uint]int64:
-		fastpathTV.EncMapUintInt64V(*v, e)
-	case map[uint]float32:
-		fastpathTV.EncMapUintFloat32V(v, e)
-	case *map[uint]float32:
-		fastpathTV.EncMapUintFloat32V(*v, e)
-	case map[uint]float64:
-		fastpathTV.EncMapUintFloat64V(v, e)
-	case *map[uint]float64:
-		fastpathTV.EncMapUintFloat64V(*v, e)
-	case map[uint]bool:
-		fastpathTV.EncMapUintBoolV(v, e)
-	case *map[uint]bool:
-		fastpathTV.EncMapUintBoolV(*v, e)
-	case map[uint8]interface{}:
-		fastpathTV.EncMapUint8IntfV(v, e)
-	case *map[uint8]interface{}:
-		fastpathTV.EncMapUint8IntfV(*v, e)
-	case map[uint8]string:
-		fastpathTV.EncMapUint8StringV(v, e)
-	case *map[uint8]string:
-		fastpathTV.EncMapUint8StringV(*v, e)
-	case map[uint8]uint:
-		fastpathTV.EncMapUint8UintV(v, e)
-	case *map[uint8]uint:
-		fastpathTV.EncMapUint8UintV(*v, e)
-	case map[uint8]uint8:
-		fastpathTV.EncMapUint8Uint8V(v, e)
-	case *map[uint8]uint8:
-		fastpathTV.EncMapUint8Uint8V(*v, e)
-	case map[uint8]uint16:
-		fastpathTV.EncMapUint8Uint16V(v, e)
-	case *map[uint8]uint16:
-		fastpathTV.EncMapUint8Uint16V(*v, e)
-	case map[uint8]uint32:
-		fastpathTV.EncMapUint8Uint32V(v, e)
-	case *map[uint8]uint32:
-		fastpathTV.EncMapUint8Uint32V(*v, e)
-	case map[uint8]uint64:
-		fastpathTV.EncMapUint8Uint64V(v, e)
-	case *map[uint8]uint64:
-		fastpathTV.EncMapUint8Uint64V(*v, e)
-	case map[uint8]uintptr:
-		fastpathTV.EncMapUint8UintptrV(v, e)
-	case *map[uint8]uintptr:
-		fastpathTV.EncMapUint8UintptrV(*v, e)
-	case map[uint8]int:
-		fastpathTV.EncMapUint8IntV(v, e)
-	case *map[uint8]int:
-		fastpathTV.EncMapUint8IntV(*v, e)
-	case map[uint8]int8:
-		fastpathTV.EncMapUint8Int8V(v, e)
-	case *map[uint8]int8:
-		fastpathTV.EncMapUint8Int8V(*v, e)
-	case map[uint8]int16:
-		fastpathTV.EncMapUint8Int16V(v, e)
-	case *map[uint8]int16:
-		fastpathTV.EncMapUint8Int16V(*v, e)
-	case map[uint8]int32:
-		fastpathTV.EncMapUint8Int32V(v, e)
-	case *map[uint8]int32:
-		fastpathTV.EncMapUint8Int32V(*v, e)
-	case map[uint8]int64:
-		fastpathTV.EncMapUint8Int64V(v, e)
-	case *map[uint8]int64:
-		fastpathTV.EncMapUint8Int64V(*v, e)
-	case map[uint8]float32:
-		fastpathTV.EncMapUint8Float32V(v, e)
-	case *map[uint8]float32:
-		fastpathTV.EncMapUint8Float32V(*v, e)
-	case map[uint8]float64:
-		fastpathTV.EncMapUint8Float64V(v, e)
-	case *map[uint8]float64:
-		fastpathTV.EncMapUint8Float64V(*v, e)
-	case map[uint8]bool:
-		fastpathTV.EncMapUint8BoolV(v, e)
-	case *map[uint8]bool:
-		fastpathTV.EncMapUint8BoolV(*v, e)
-	case map[uint16]interface{}:
-		fastpathTV.EncMapUint16IntfV(v, e)
-	case *map[uint16]interface{}:
-		fastpathTV.EncMapUint16IntfV(*v, e)
-	case map[uint16]string:
-		fastpathTV.EncMapUint16StringV(v, e)
-	case *map[uint16]string:
-		fastpathTV.EncMapUint16StringV(*v, e)
-	case map[uint16]uint:
-		fastpathTV.EncMapUint16UintV(v, e)
-	case *map[uint16]uint:
-		fastpathTV.EncMapUint16UintV(*v, e)
-	case map[uint16]uint8:
-		fastpathTV.EncMapUint16Uint8V(v, e)
-	case *map[uint16]uint8:
-		fastpathTV.EncMapUint16Uint8V(*v, e)
-	case map[uint16]uint16:
-		fastpathTV.EncMapUint16Uint16V(v, e)
-	case *map[uint16]uint16:
-		fastpathTV.EncMapUint16Uint16V(*v, e)
-	case map[uint16]uint32:
-		fastpathTV.EncMapUint16Uint32V(v, e)
-	case *map[uint16]uint32:
-		fastpathTV.EncMapUint16Uint32V(*v, e)
-	case map[uint16]uint64:
-		fastpathTV.EncMapUint16Uint64V(v, e)
-	case *map[uint16]uint64:
-		fastpathTV.EncMapUint16Uint64V(*v, e)
-	case map[uint16]uintptr:
-		fastpathTV.EncMapUint16UintptrV(v, e)
-	case *map[uint16]uintptr:
-		fastpathTV.EncMapUint16UintptrV(*v, e)
-	case map[uint16]int:
-		fastpathTV.EncMapUint16IntV(v, e)
-	case *map[uint16]int:
-		fastpathTV.EncMapUint16IntV(*v, e)
-	case map[uint16]int8:
-		fastpathTV.EncMapUint16Int8V(v, e)
-	case *map[uint16]int8:
-		fastpathTV.EncMapUint16Int8V(*v, e)
-	case map[uint16]int16:
-		fastpathTV.EncMapUint16Int16V(v, e)
-	case *map[uint16]int16:
-		fastpathTV.EncMapUint16Int16V(*v, e)
-	case map[uint16]int32:
-		fastpathTV.EncMapUint16Int32V(v, e)
-	case *map[uint16]int32:
-		fastpathTV.EncMapUint16Int32V(*v, e)
-	case map[uint16]int64:
-		fastpathTV.EncMapUint16Int64V(v, e)
-	case *map[uint16]int64:
-		fastpathTV.EncMapUint16Int64V(*v, e)
-	case map[uint16]float32:
-		fastpathTV.EncMapUint16Float32V(v, e)
-	case *map[uint16]float32:
-		fastpathTV.EncMapUint16Float32V(*v, e)
-	case map[uint16]float64:
-		fastpathTV.EncMapUint16Float64V(v, e)
-	case *map[uint16]float64:
-		fastpathTV.EncMapUint16Float64V(*v, e)
-	case map[uint16]bool:
-		fastpathTV.EncMapUint16BoolV(v, e)
-	case *map[uint16]bool:
-		fastpathTV.EncMapUint16BoolV(*v, e)
-	case map[uint32]interface{}:
-		fastpathTV.EncMapUint32IntfV(v, e)
-	case *map[uint32]interface{}:
-		fastpathTV.EncMapUint32IntfV(*v, e)
-	case map[uint32]string:
-		fastpathTV.EncMapUint32StringV(v, e)
-	case *map[uint32]string:
-		fastpathTV.EncMapUint32StringV(*v, e)
-	case map[uint32]uint:
-		fastpathTV.EncMapUint32UintV(v, e)
-	case *map[uint32]uint:
-		fastpathTV.EncMapUint32UintV(*v, e)
-	case map[uint32]uint8:
-		fastpathTV.EncMapUint32Uint8V(v, e)
-	case *map[uint32]uint8:
-		fastpathTV.EncMapUint32Uint8V(*v, e)
-	case map[uint32]uint16:
-		fastpathTV.EncMapUint32Uint16V(v, e)
-	case *map[uint32]uint16:
-		fastpathTV.EncMapUint32Uint16V(*v, e)
-	case map[uint32]uint32:
-		fastpathTV.EncMapUint32Uint32V(v, e)
-	case *map[uint32]uint32:
-		fastpathTV.EncMapUint32Uint32V(*v, e)
-	case map[uint32]uint64:
-		fastpathTV.EncMapUint32Uint64V(v, e)
-	case *map[uint32]uint64:
-		fastpathTV.EncMapUint32Uint64V(*v, e)
-	case map[uint32]uintptr:
-		fastpathTV.EncMapUint32UintptrV(v, e)
-	case *map[uint32]uintptr:
-		fastpathTV.EncMapUint32UintptrV(*v, e)
-	case map[uint32]int:
-		fastpathTV.EncMapUint32IntV(v, e)
-	case *map[uint32]int:
-		fastpathTV.EncMapUint32IntV(*v, e)
-	case map[uint32]int8:
-		fastpathTV.EncMapUint32Int8V(v, e)
-	case *map[uint32]int8:
-		fastpathTV.EncMapUint32Int8V(*v, e)
-	case map[uint32]int16:
-		fastpathTV.EncMapUint32Int16V(v, e)
-	case *map[uint32]int16:
-		fastpathTV.EncMapUint32Int16V(*v, e)
-	case map[uint32]int32:
-		fastpathTV.EncMapUint32Int32V(v, e)
-	case *map[uint32]int32:
-		fastpathTV.EncMapUint32Int32V(*v, e)
-	case map[uint32]int64:
-		fastpathTV.EncMapUint32Int64V(v, e)
-	case *map[uint32]int64:
-		fastpathTV.EncMapUint32Int64V(*v, e)
-	case map[uint32]float32:
-		fastpathTV.EncMapUint32Float32V(v, e)
-	case *map[uint32]float32:
-		fastpathTV.EncMapUint32Float32V(*v, e)
-	case map[uint32]float64:
-		fastpathTV.EncMapUint32Float64V(v, e)
-	case *map[uint32]float64:
-		fastpathTV.EncMapUint32Float64V(*v, e)
-	case map[uint32]bool:
-		fastpathTV.EncMapUint32BoolV(v, e)
-	case *map[uint32]bool:
-		fastpathTV.EncMapUint32BoolV(*v, e)
-	case map[uint64]interface{}:
-		fastpathTV.EncMapUint64IntfV(v, e)
-	case *map[uint64]interface{}:
-		fastpathTV.EncMapUint64IntfV(*v, e)
-	case map[uint64]string:
-		fastpathTV.EncMapUint64StringV(v, e)
-	case *map[uint64]string:
-		fastpathTV.EncMapUint64StringV(*v, e)
-	case map[uint64]uint:
-		fastpathTV.EncMapUint64UintV(v, e)
-	case *map[uint64]uint:
-		fastpathTV.EncMapUint64UintV(*v, e)
-	case map[uint64]uint8:
-		fastpathTV.EncMapUint64Uint8V(v, e)
-	case *map[uint64]uint8:
-		fastpathTV.EncMapUint64Uint8V(*v, e)
-	case map[uint64]uint16:
-		fastpathTV.EncMapUint64Uint16V(v, e)
-	case *map[uint64]uint16:
-		fastpathTV.EncMapUint64Uint16V(*v, e)
-	case map[uint64]uint32:
-		fastpathTV.EncMapUint64Uint32V(v, e)
-	case *map[uint64]uint32:
-		fastpathTV.EncMapUint64Uint32V(*v, e)
-	case map[uint64]uint64:
-		fastpathTV.EncMapUint64Uint64V(v, e)
-	case *map[uint64]uint64:
-		fastpathTV.EncMapUint64Uint64V(*v, e)
-	case map[uint64]uintptr:
-		fastpathTV.EncMapUint64UintptrV(v, e)
-	case *map[uint64]uintptr:
-		fastpathTV.EncMapUint64UintptrV(*v, e)
-	case map[uint64]int:
-		fastpathTV.EncMapUint64IntV(v, e)
-	case *map[uint64]int:
-		fastpathTV.EncMapUint64IntV(*v, e)
-	case map[uint64]int8:
-		fastpathTV.EncMapUint64Int8V(v, e)
-	case *map[uint64]int8:
-		fastpathTV.EncMapUint64Int8V(*v, e)
-	case map[uint64]int16:
-		fastpathTV.EncMapUint64Int16V(v, e)
-	case *map[uint64]int16:
-		fastpathTV.EncMapUint64Int16V(*v, e)
-	case map[uint64]int32:
-		fastpathTV.EncMapUint64Int32V(v, e)
-	case *map[uint64]int32:
-		fastpathTV.EncMapUint64Int32V(*v, e)
-	case map[uint64]int64:
-		fastpathTV.EncMapUint64Int64V(v, e)
-	case *map[uint64]int64:
-		fastpathTV.EncMapUint64Int64V(*v, e)
-	case map[uint64]float32:
-		fastpathTV.EncMapUint64Float32V(v, e)
-	case *map[uint64]float32:
-		fastpathTV.EncMapUint64Float32V(*v, e)
-	case map[uint64]float64:
-		fastpathTV.EncMapUint64Float64V(v, e)
-	case *map[uint64]float64:
-		fastpathTV.EncMapUint64Float64V(*v, e)
-	case map[uint64]bool:
-		fastpathTV.EncMapUint64BoolV(v, e)
-	case *map[uint64]bool:
-		fastpathTV.EncMapUint64BoolV(*v, e)
-	case map[uintptr]interface{}:
-		fastpathTV.EncMapUintptrIntfV(v, e)
-	case *map[uintptr]interface{}:
-		fastpathTV.EncMapUintptrIntfV(*v, e)
-	case map[uintptr]string:
-		fastpathTV.EncMapUintptrStringV(v, e)
-	case *map[uintptr]string:
-		fastpathTV.EncMapUintptrStringV(*v, e)
-	case map[uintptr]uint:
-		fastpathTV.EncMapUintptrUintV(v, e)
-	case *map[uintptr]uint:
-		fastpathTV.EncMapUintptrUintV(*v, e)
-	case map[uintptr]uint8:
-		fastpathTV.EncMapUintptrUint8V(v, e)
-	case *map[uintptr]uint8:
-		fastpathTV.EncMapUintptrUint8V(*v, e)
-	case map[uintptr]uint16:
-		fastpathTV.EncMapUintptrUint16V(v, e)
-	case *map[uintptr]uint16:
-		fastpathTV.EncMapUintptrUint16V(*v, e)
-	case map[uintptr]uint32:
-		fastpathTV.EncMapUintptrUint32V(v, e)
-	case *map[uintptr]uint32:
-		fastpathTV.EncMapUintptrUint32V(*v, e)
-	case map[uintptr]uint64:
-		fastpathTV.EncMapUintptrUint64V(v, e)
-	case *map[uintptr]uint64:
-		fastpathTV.EncMapUintptrUint64V(*v, e)
-	case map[uintptr]uintptr:
-		fastpathTV.EncMapUintptrUintptrV(v, e)
-	case *map[uintptr]uintptr:
-		fastpathTV.EncMapUintptrUintptrV(*v, e)
-	case map[uintptr]int:
-		fastpathTV.EncMapUintptrIntV(v, e)
-	case *map[uintptr]int:
-		fastpathTV.EncMapUintptrIntV(*v, e)
-	case map[uintptr]int8:
-		fastpathTV.EncMapUintptrInt8V(v, e)
-	case *map[uintptr]int8:
-		fastpathTV.EncMapUintptrInt8V(*v, e)
-	case map[uintptr]int16:
-		fastpathTV.EncMapUintptrInt16V(v, e)
-	case *map[uintptr]int16:
-		fastpathTV.EncMapUintptrInt16V(*v, e)
-	case map[uintptr]int32:
-		fastpathTV.EncMapUintptrInt32V(v, e)
-	case *map[uintptr]int32:
-		fastpathTV.EncMapUintptrInt32V(*v, e)
-	case map[uintptr]int64:
-		fastpathTV.EncMapUintptrInt64V(v, e)
-	case *map[uintptr]int64:
-		fastpathTV.EncMapUintptrInt64V(*v, e)
-	case map[uintptr]float32:
-		fastpathTV.EncMapUintptrFloat32V(v, e)
-	case *map[uintptr]float32:
-		fastpathTV.EncMapUintptrFloat32V(*v, e)
-	case map[uintptr]float64:
-		fastpathTV.EncMapUintptrFloat64V(v, e)
-	case *map[uintptr]float64:
-		fastpathTV.EncMapUintptrFloat64V(*v, e)
-	case map[uintptr]bool:
-		fastpathTV.EncMapUintptrBoolV(v, e)
-	case *map[uintptr]bool:
-		fastpathTV.EncMapUintptrBoolV(*v, e)
-	case map[int]interface{}:
-		fastpathTV.EncMapIntIntfV(v, e)
-	case *map[int]interface{}:
-		fastpathTV.EncMapIntIntfV(*v, e)
-	case map[int]string:
-		fastpathTV.EncMapIntStringV(v, e)
-	case *map[int]string:
-		fastpathTV.EncMapIntStringV(*v, e)
-	case map[int]uint:
-		fastpathTV.EncMapIntUintV(v, e)
-	case *map[int]uint:
-		fastpathTV.EncMapIntUintV(*v, e)
-	case map[int]uint8:
-		fastpathTV.EncMapIntUint8V(v, e)
-	case *map[int]uint8:
-		fastpathTV.EncMapIntUint8V(*v, e)
-	case map[int]uint16:
-		fastpathTV.EncMapIntUint16V(v, e)
-	case *map[int]uint16:
-		fastpathTV.EncMapIntUint16V(*v, e)
-	case map[int]uint32:
-		fastpathTV.EncMapIntUint32V(v, e)
-	case *map[int]uint32:
-		fastpathTV.EncMapIntUint32V(*v, e)
-	case map[int]uint64:
-		fastpathTV.EncMapIntUint64V(v, e)
-	case *map[int]uint64:
-		fastpathTV.EncMapIntUint64V(*v, e)
-	case map[int]uintptr:
-		fastpathTV.EncMapIntUintptrV(v, e)
-	case *map[int]uintptr:
-		fastpathTV.EncMapIntUintptrV(*v, e)
-	case map[int]int:
-		fastpathTV.EncMapIntIntV(v, e)
-	case *map[int]int:
-		fastpathTV.EncMapIntIntV(*v, e)
-	case map[int]int8:
-		fastpathTV.EncMapIntInt8V(v, e)
-	case *map[int]int8:
-		fastpathTV.EncMapIntInt8V(*v, e)
-	case map[int]int16:
-		fastpathTV.EncMapIntInt16V(v, e)
-	case *map[int]int16:
-		fastpathTV.EncMapIntInt16V(*v, e)
-	case map[int]int32:
-		fastpathTV.EncMapIntInt32V(v, e)
-	case *map[int]int32:
-		fastpathTV.EncMapIntInt32V(*v, e)
-	case map[int]int64:
-		fastpathTV.EncMapIntInt64V(v, e)
-	case *map[int]int64:
-		fastpathTV.EncMapIntInt64V(*v, e)
-	case map[int]float32:
-		fastpathTV.EncMapIntFloat32V(v, e)
-	case *map[int]float32:
-		fastpathTV.EncMapIntFloat32V(*v, e)
-	case map[int]float64:
-		fastpathTV.EncMapIntFloat64V(v, e)
-	case *map[int]float64:
-		fastpathTV.EncMapIntFloat64V(*v, e)
-	case map[int]bool:
-		fastpathTV.EncMapIntBoolV(v, e)
-	case *map[int]bool:
-		fastpathTV.EncMapIntBoolV(*v, e)
-	case map[int8]interface{}:
-		fastpathTV.EncMapInt8IntfV(v, e)
-	case *map[int8]interface{}:
-		fastpathTV.EncMapInt8IntfV(*v, e)
-	case map[int8]string:
-		fastpathTV.EncMapInt8StringV(v, e)
-	case *map[int8]string:
-		fastpathTV.EncMapInt8StringV(*v, e)
-	case map[int8]uint:
-		fastpathTV.EncMapInt8UintV(v, e)
-	case *map[int8]uint:
-		fastpathTV.EncMapInt8UintV(*v, e)
-	case map[int8]uint8:
-		fastpathTV.EncMapInt8Uint8V(v, e)
-	case *map[int8]uint8:
-		fastpathTV.EncMapInt8Uint8V(*v, e)
-	case map[int8]uint16:
-		fastpathTV.EncMapInt8Uint16V(v, e)
-	case *map[int8]uint16:
-		fastpathTV.EncMapInt8Uint16V(*v, e)
-	case map[int8]uint32:
-		fastpathTV.EncMapInt8Uint32V(v, e)
-	case *map[int8]uint32:
-		fastpathTV.EncMapInt8Uint32V(*v, e)
-	case map[int8]uint64:
-		fastpathTV.EncMapInt8Uint64V(v, e)
-	case *map[int8]uint64:
-		fastpathTV.EncMapInt8Uint64V(*v, e)
-	case map[int8]uintptr:
-		fastpathTV.EncMapInt8UintptrV(v, e)
-	case *map[int8]uintptr:
-		fastpathTV.EncMapInt8UintptrV(*v, e)
-	case map[int8]int:
-		fastpathTV.EncMapInt8IntV(v, e)
-	case *map[int8]int:
-		fastpathTV.EncMapInt8IntV(*v, e)
-	case map[int8]int8:
-		fastpathTV.EncMapInt8Int8V(v, e)
-	case *map[int8]int8:
-		fastpathTV.EncMapInt8Int8V(*v, e)
-	case map[int8]int16:
-		fastpathTV.EncMapInt8Int16V(v, e)
-	case *map[int8]int16:
-		fastpathTV.EncMapInt8Int16V(*v, e)
-	case map[int8]int32:
-		fastpathTV.EncMapInt8Int32V(v, e)
-	case *map[int8]int32:
-		fastpathTV.EncMapInt8Int32V(*v, e)
-	case map[int8]int64:
-		fastpathTV.EncMapInt8Int64V(v, e)
-	case *map[int8]int64:
-		fastpathTV.EncMapInt8Int64V(*v, e)
-	case map[int8]float32:
-		fastpathTV.EncMapInt8Float32V(v, e)
-	case *map[int8]float32:
-		fastpathTV.EncMapInt8Float32V(*v, e)
-	case map[int8]float64:
-		fastpathTV.EncMapInt8Float64V(v, e)
-	case *map[int8]float64:
-		fastpathTV.EncMapInt8Float64V(*v, e)
-	case map[int8]bool:
-		fastpathTV.EncMapInt8BoolV(v, e)
-	case *map[int8]bool:
-		fastpathTV.EncMapInt8BoolV(*v, e)
-	case map[int16]interface{}:
-		fastpathTV.EncMapInt16IntfV(v, e)
-	case *map[int16]interface{}:
-		fastpathTV.EncMapInt16IntfV(*v, e)
-	case map[int16]string:
-		fastpathTV.EncMapInt16StringV(v, e)
-	case *map[int16]string:
-		fastpathTV.EncMapInt16StringV(*v, e)
-	case map[int16]uint:
-		fastpathTV.EncMapInt16UintV(v, e)
-	case *map[int16]uint:
-		fastpathTV.EncMapInt16UintV(*v, e)
-	case map[int16]uint8:
-		fastpathTV.EncMapInt16Uint8V(v, e)
-	case *map[int16]uint8:
-		fastpathTV.EncMapInt16Uint8V(*v, e)
-	case map[int16]uint16:
-		fastpathTV.EncMapInt16Uint16V(v, e)
-	case *map[int16]uint16:
-		fastpathTV.EncMapInt16Uint16V(*v, e)
-	case map[int16]uint32:
-		fastpathTV.EncMapInt16Uint32V(v, e)
-	case *map[int16]uint32:
-		fastpathTV.EncMapInt16Uint32V(*v, e)
-	case map[int16]uint64:
-		fastpathTV.EncMapInt16Uint64V(v, e)
-	case *map[int16]uint64:
-		fastpathTV.EncMapInt16Uint64V(*v, e)
-	case map[int16]uintptr:
-		fastpathTV.EncMapInt16UintptrV(v, e)
-	case *map[int16]uintptr:
-		fastpathTV.EncMapInt16UintptrV(*v, e)
-	case map[int16]int:
-		fastpathTV.EncMapInt16IntV(v, e)
-	case *map[int16]int:
-		fastpathTV.EncMapInt16IntV(*v, e)
-	case map[int16]int8:
-		fastpathTV.EncMapInt16Int8V(v, e)
-	case *map[int16]int8:
-		fastpathTV.EncMapInt16Int8V(*v, e)
-	case map[int16]int16:
-		fastpathTV.EncMapInt16Int16V(v, e)
-	case *map[int16]int16:
-		fastpathTV.EncMapInt16Int16V(*v, e)
-	case map[int16]int32:
-		fastpathTV.EncMapInt16Int32V(v, e)
-	case *map[int16]int32:
-		fastpathTV.EncMapInt16Int32V(*v, e)
-	case map[int16]int64:
-		fastpathTV.EncMapInt16Int64V(v, e)
-	case *map[int16]int64:
-		fastpathTV.EncMapInt16Int64V(*v, e)
-	case map[int16]float32:
-		fastpathTV.EncMapInt16Float32V(v, e)
-	case *map[int16]float32:
-		fastpathTV.EncMapInt16Float32V(*v, e)
-	case map[int16]float64:
-		fastpathTV.EncMapInt16Float64V(v, e)
-	case *map[int16]float64:
-		fastpathTV.EncMapInt16Float64V(*v, e)
-	case map[int16]bool:
-		fastpathTV.EncMapInt16BoolV(v, e)
-	case *map[int16]bool:
-		fastpathTV.EncMapInt16BoolV(*v, e)
-	case map[int32]interface{}:
-		fastpathTV.EncMapInt32IntfV(v, e)
-	case *map[int32]interface{}:
-		fastpathTV.EncMapInt32IntfV(*v, e)
-	case map[int32]string:
-		fastpathTV.EncMapInt32StringV(v, e)
-	case *map[int32]string:
-		fastpathTV.EncMapInt32StringV(*v, e)
-	case map[int32]uint:
-		fastpathTV.EncMapInt32UintV(v, e)
-	case *map[int32]uint:
-		fastpathTV.EncMapInt32UintV(*v, e)
-	case map[int32]uint8:
-		fastpathTV.EncMapInt32Uint8V(v, e)
-	case *map[int32]uint8:
-		fastpathTV.EncMapInt32Uint8V(*v, e)
-	case map[int32]uint16:
-		fastpathTV.EncMapInt32Uint16V(v, e)
-	case *map[int32]uint16:
-		fastpathTV.EncMapInt32Uint16V(*v, e)
-	case map[int32]uint32:
-		fastpathTV.EncMapInt32Uint32V(v, e)
-	case *map[int32]uint32:
-		fastpathTV.EncMapInt32Uint32V(*v, e)
-	case map[int32]uint64:
-		fastpathTV.EncMapInt32Uint64V(v, e)
-	case *map[int32]uint64:
-		fastpathTV.EncMapInt32Uint64V(*v, e)
-	case map[int32]uintptr:
-		fastpathTV.EncMapInt32UintptrV(v, e)
-	case *map[int32]uintptr:
-		fastpathTV.EncMapInt32UintptrV(*v, e)
-	case map[int32]int:
-		fastpathTV.EncMapInt32IntV(v, e)
-	case *map[int32]int:
-		fastpathTV.EncMapInt32IntV(*v, e)
-	case map[int32]int8:
-		fastpathTV.EncMapInt32Int8V(v, e)
-	case *map[int32]int8:
-		fastpathTV.EncMapInt32Int8V(*v, e)
-	case map[int32]int16:
-		fastpathTV.EncMapInt32Int16V(v, e)
-	case *map[int32]int16:
-		fastpathTV.EncMapInt32Int16V(*v, e)
-	case map[int32]int32:
-		fastpathTV.EncMapInt32Int32V(v, e)
-	case *map[int32]int32:
-		fastpathTV.EncMapInt32Int32V(*v, e)
-	case map[int32]int64:
-		fastpathTV.EncMapInt32Int64V(v, e)
-	case *map[int32]int64:
-		fastpathTV.EncMapInt32Int64V(*v, e)
-	case map[int32]float32:
-		fastpathTV.EncMapInt32Float32V(v, e)
-	case *map[int32]float32:
-		fastpathTV.EncMapInt32Float32V(*v, e)
-	case map[int32]float64:
-		fastpathTV.EncMapInt32Float64V(v, e)
-	case *map[int32]float64:
-		fastpathTV.EncMapInt32Float64V(*v, e)
-	case map[int32]bool:
-		fastpathTV.EncMapInt32BoolV(v, e)
-	case *map[int32]bool:
-		fastpathTV.EncMapInt32BoolV(*v, e)
-	case map[int64]interface{}:
-		fastpathTV.EncMapInt64IntfV(v, e)
-	case *map[int64]interface{}:
-		fastpathTV.EncMapInt64IntfV(*v, e)
-	case map[int64]string:
-		fastpathTV.EncMapInt64StringV(v, e)
-	case *map[int64]string:
-		fastpathTV.EncMapInt64StringV(*v, e)
-	case map[int64]uint:
-		fastpathTV.EncMapInt64UintV(v, e)
-	case *map[int64]uint:
-		fastpathTV.EncMapInt64UintV(*v, e)
-	case map[int64]uint8:
-		fastpathTV.EncMapInt64Uint8V(v, e)
-	case *map[int64]uint8:
-		fastpathTV.EncMapInt64Uint8V(*v, e)
-	case map[int64]uint16:
-		fastpathTV.EncMapInt64Uint16V(v, e)
-	case *map[int64]uint16:
-		fastpathTV.EncMapInt64Uint16V(*v, e)
-	case map[int64]uint32:
-		fastpathTV.EncMapInt64Uint32V(v, e)
-	case *map[int64]uint32:
-		fastpathTV.EncMapInt64Uint32V(*v, e)
-	case map[int64]uint64:
-		fastpathTV.EncMapInt64Uint64V(v, e)
-	case *map[int64]uint64:
-		fastpathTV.EncMapInt64Uint64V(*v, e)
-	case map[int64]uintptr:
-		fastpathTV.EncMapInt64UintptrV(v, e)
-	case *map[int64]uintptr:
-		fastpathTV.EncMapInt64UintptrV(*v, e)
-	case map[int64]int:
-		fastpathTV.EncMapInt64IntV(v, e)
-	case *map[int64]int:
-		fastpathTV.EncMapInt64IntV(*v, e)
-	case map[int64]int8:
-		fastpathTV.EncMapInt64Int8V(v, e)
-	case *map[int64]int8:
-		fastpathTV.EncMapInt64Int8V(*v, e)
-	case map[int64]int16:
-		fastpathTV.EncMapInt64Int16V(v, e)
-	case *map[int64]int16:
-		fastpathTV.EncMapInt64Int16V(*v, e)
-	case map[int64]int32:
-		fastpathTV.EncMapInt64Int32V(v, e)
-	case *map[int64]int32:
-		fastpathTV.EncMapInt64Int32V(*v, e)
-	case map[int64]int64:
-		fastpathTV.EncMapInt64Int64V(v, e)
-	case *map[int64]int64:
-		fastpathTV.EncMapInt64Int64V(*v, e)
-	case map[int64]float32:
-		fastpathTV.EncMapInt64Float32V(v, e)
-	case *map[int64]float32:
-		fastpathTV.EncMapInt64Float32V(*v, e)
-	case map[int64]float64:
-		fastpathTV.EncMapInt64Float64V(v, e)
-	case *map[int64]float64:
-		fastpathTV.EncMapInt64Float64V(*v, e)
-	case map[int64]bool:
-		fastpathTV.EncMapInt64BoolV(v, e)
-	case *map[int64]bool:
-		fastpathTV.EncMapInt64BoolV(*v, e)
-	case map[bool]interface{}:
-		fastpathTV.EncMapBoolIntfV(v, e)
-	case *map[bool]interface{}:
-		fastpathTV.EncMapBoolIntfV(*v, e)
-	case map[bool]string:
-		fastpathTV.EncMapBoolStringV(v, e)
-	case *map[bool]string:
-		fastpathTV.EncMapBoolStringV(*v, e)
-	case map[bool]uint:
-		fastpathTV.EncMapBoolUintV(v, e)
-	case *map[bool]uint:
-		fastpathTV.EncMapBoolUintV(*v, e)
-	case map[bool]uint8:
-		fastpathTV.EncMapBoolUint8V(v, e)
-	case *map[bool]uint8:
-		fastpathTV.EncMapBoolUint8V(*v, e)
-	case map[bool]uint16:
-		fastpathTV.EncMapBoolUint16V(v, e)
-	case *map[bool]uint16:
-		fastpathTV.EncMapBoolUint16V(*v, e)
-	case map[bool]uint32:
-		fastpathTV.EncMapBoolUint32V(v, e)
-	case *map[bool]uint32:
-		fastpathTV.EncMapBoolUint32V(*v, e)
-	case map[bool]uint64:
-		fastpathTV.EncMapBoolUint64V(v, e)
-	case *map[bool]uint64:
-		fastpathTV.EncMapBoolUint64V(*v, e)
-	case map[bool]uintptr:
-		fastpathTV.EncMapBoolUintptrV(v, e)
-	case *map[bool]uintptr:
-		fastpathTV.EncMapBoolUintptrV(*v, e)
-	case map[bool]int:
-		fastpathTV.EncMapBoolIntV(v, e)
-	case *map[bool]int:
-		fastpathTV.EncMapBoolIntV(*v, e)
-	case map[bool]int8:
-		fastpathTV.EncMapBoolInt8V(v, e)
-	case *map[bool]int8:
-		fastpathTV.EncMapBoolInt8V(*v, e)
-	case map[bool]int16:
-		fastpathTV.EncMapBoolInt16V(v, e)
-	case *map[bool]int16:
-		fastpathTV.EncMapBoolInt16V(*v, e)
-	case map[bool]int32:
-		fastpathTV.EncMapBoolInt32V(v, e)
-	case *map[bool]int32:
-		fastpathTV.EncMapBoolInt32V(*v, e)
-	case map[bool]int64:
-		fastpathTV.EncMapBoolInt64V(v, e)
-	case *map[bool]int64:
-		fastpathTV.EncMapBoolInt64V(*v, e)
-	case map[bool]float32:
-		fastpathTV.EncMapBoolFloat32V(v, e)
-	case *map[bool]float32:
-		fastpathTV.EncMapBoolFloat32V(*v, e)
-	case map[bool]float64:
-		fastpathTV.EncMapBoolFloat64V(v, e)
-	case *map[bool]float64:
-		fastpathTV.EncMapBoolFloat64V(*v, e)
-	case map[bool]bool:
-		fastpathTV.EncMapBoolBoolV(v, e)
-	case *map[bool]bool:
-		fastpathTV.EncMapBoolBoolV(*v, e)
-
-	default:
-		_ = v // workaround https://github.com/golang/go/issues/12927 seen in go1.4
-		return false
-	}
-	return true
-}
-
-// -- -- fast path functions
-
-func (e *Encoder) fastpathEncSliceIntfR(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceIntfV(rv2i(rv).([]interface{}), e)
-	} else {
-		fastpathTV.EncSliceIntfV(rv2i(rv).([]interface{}), e)
-	}
-}
-func (_ fastpathT) EncSliceIntfV(v []interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			e.encode(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			e.encode(v2)
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceIntfV(v []interface{}, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			e.encode(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			e.encode(v2)
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceStringR(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceStringV(rv2i(rv).([]string), e)
-	} else {
-		fastpathTV.EncSliceStringV(rv2i(rv).([]string), e)
-	}
-}
-func (_ fastpathT) EncSliceStringV(v []string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeString(cUTF8, v2)
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeString(cUTF8, v2)
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceStringV(v []string, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeString(cUTF8, v2)
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeString(cUTF8, v2)
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceFloat32R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceFloat32V(rv2i(rv).([]float32), e)
-	} else {
-		fastpathTV.EncSliceFloat32V(rv2i(rv).([]float32), e)
-	}
-}
-func (_ fastpathT) EncSliceFloat32V(v []float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeFloat32(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeFloat32(v2)
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceFloat32V(v []float32, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeFloat32(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeFloat32(v2)
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceFloat64R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceFloat64V(rv2i(rv).([]float64), e)
-	} else {
-		fastpathTV.EncSliceFloat64V(rv2i(rv).([]float64), e)
-	}
-}
-func (_ fastpathT) EncSliceFloat64V(v []float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeFloat64(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeFloat64(v2)
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceFloat64V(v []float64, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeFloat64(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeFloat64(v2)
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceUintR(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceUintV(rv2i(rv).([]uint), e)
-	} else {
-		fastpathTV.EncSliceUintV(rv2i(rv).([]uint), e)
-	}
-}
-func (_ fastpathT) EncSliceUintV(v []uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceUintV(v []uint, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceUint8R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceUint8V(rv2i(rv).([]uint8), e)
-	} else {
-		fastpathTV.EncSliceUint8V(rv2i(rv).([]uint8), e)
-	}
-}
-func (_ fastpathT) EncSliceUint8V(v []uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceUint8V(v []uint8, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceUint16R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceUint16V(rv2i(rv).([]uint16), e)
-	} else {
-		fastpathTV.EncSliceUint16V(rv2i(rv).([]uint16), e)
-	}
-}
-func (_ fastpathT) EncSliceUint16V(v []uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceUint16V(v []uint16, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceUint32R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceUint32V(rv2i(rv).([]uint32), e)
-	} else {
-		fastpathTV.EncSliceUint32V(rv2i(rv).([]uint32), e)
-	}
-}
-func (_ fastpathT) EncSliceUint32V(v []uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceUint32V(v []uint32, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceUint64R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceUint64V(rv2i(rv).([]uint64), e)
-	} else {
-		fastpathTV.EncSliceUint64V(rv2i(rv).([]uint64), e)
-	}
-}
-func (_ fastpathT) EncSliceUint64V(v []uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceUint64V(v []uint64, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeUint(uint64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeUint(uint64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceUintptrR(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceUintptrV(rv2i(rv).([]uintptr), e)
-	} else {
-		fastpathTV.EncSliceUintptrV(rv2i(rv).([]uintptr), e)
-	}
-}
-func (_ fastpathT) EncSliceUintptrV(v []uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			e.encode(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			e.encode(v2)
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceUintptrV(v []uintptr, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			e.encode(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			e.encode(v2)
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceIntR(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceIntV(rv2i(rv).([]int), e)
-	} else {
-		fastpathTV.EncSliceIntV(rv2i(rv).([]int), e)
-	}
-}
-func (_ fastpathT) EncSliceIntV(v []int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceIntV(v []int, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceInt8R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceInt8V(rv2i(rv).([]int8), e)
-	} else {
-		fastpathTV.EncSliceInt8V(rv2i(rv).([]int8), e)
-	}
-}
-func (_ fastpathT) EncSliceInt8V(v []int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceInt8V(v []int8, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceInt16R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceInt16V(rv2i(rv).([]int16), e)
-	} else {
-		fastpathTV.EncSliceInt16V(rv2i(rv).([]int16), e)
-	}
-}
-func (_ fastpathT) EncSliceInt16V(v []int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceInt16V(v []int16, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceInt32R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceInt32V(rv2i(rv).([]int32), e)
-	} else {
-		fastpathTV.EncSliceInt32V(rv2i(rv).([]int32), e)
-	}
-}
-func (_ fastpathT) EncSliceInt32V(v []int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceInt32V(v []int32, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceInt64R(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceInt64V(rv2i(rv).([]int64), e)
-	} else {
-		fastpathTV.EncSliceInt64V(rv2i(rv).([]int64), e)
-	}
-}
-func (_ fastpathT) EncSliceInt64V(v []int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceInt64V(v []int64, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeInt(int64(v2))
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeInt(int64(v2))
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncSliceBoolR(f *codecFnInfo, rv reflect.Value) {
-	if f.ti.mbs {
-		fastpathTV.EncAsMapSliceBoolV(rv2i(rv).([]bool), e)
-	} else {
-		fastpathTV.EncSliceBoolV(rv2i(rv).([]bool), e)
-	}
-}
-func (_ fastpathT) EncSliceBoolV(v []bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteArrayStart(len(v))
-	if esep {
-		for _, v2 := range v {
-			ee.WriteArrayElem()
-			ee.EncodeBool(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeBool(v2)
-		}
-	}
-	ee.WriteArrayEnd()
-}
-func (_ fastpathT) EncAsMapSliceBoolV(v []bool, e *Encoder) {
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	if len(v)%2 == 1 {
-		e.errorf("mapBySlice requires even slice length, but got %v", len(v))
-		return
-	}
-	ee.WriteMapStart(len(v) / 2)
-	if esep {
-		for j, v2 := range v {
-			if j%2 == 0 {
-				ee.WriteMapElemKey()
-			} else {
-				ee.WriteMapElemValue()
-			}
-			ee.EncodeBool(v2)
-		}
-	} else {
-		for _, v2 := range v {
-			ee.EncodeBool(v2)
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfIntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfIntfV(rv2i(rv).(map[interface{}]interface{}), e)
-}
-func (_ fastpathT) EncMapIntfIntfV(v map[interface{}]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfStringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfStringV(rv2i(rv).(map[interface{}]string), e)
-}
-func (_ fastpathT) EncMapIntfStringV(v map[interface{}]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfUintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfUintV(rv2i(rv).(map[interface{}]uint), e)
-}
-func (_ fastpathT) EncMapIntfUintV(v map[interface{}]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfUint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfUint8V(rv2i(rv).(map[interface{}]uint8), e)
-}
-func (_ fastpathT) EncMapIntfUint8V(v map[interface{}]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfUint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfUint16V(rv2i(rv).(map[interface{}]uint16), e)
-}
-func (_ fastpathT) EncMapIntfUint16V(v map[interface{}]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfUint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfUint32V(rv2i(rv).(map[interface{}]uint32), e)
-}
-func (_ fastpathT) EncMapIntfUint32V(v map[interface{}]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfUint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfUint64V(rv2i(rv).(map[interface{}]uint64), e)
-}
-func (_ fastpathT) EncMapIntfUint64V(v map[interface{}]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfUintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfUintptrV(rv2i(rv).(map[interface{}]uintptr), e)
-}
-func (_ fastpathT) EncMapIntfUintptrV(v map[interface{}]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfIntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfIntV(rv2i(rv).(map[interface{}]int), e)
-}
-func (_ fastpathT) EncMapIntfIntV(v map[interface{}]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfInt8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfInt8V(rv2i(rv).(map[interface{}]int8), e)
-}
-func (_ fastpathT) EncMapIntfInt8V(v map[interface{}]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfInt16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfInt16V(rv2i(rv).(map[interface{}]int16), e)
-}
-func (_ fastpathT) EncMapIntfInt16V(v map[interface{}]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfInt32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfInt32V(rv2i(rv).(map[interface{}]int32), e)
-}
-func (_ fastpathT) EncMapIntfInt32V(v map[interface{}]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfInt64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfInt64V(rv2i(rv).(map[interface{}]int64), e)
-}
-func (_ fastpathT) EncMapIntfInt64V(v map[interface{}]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfFloat32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfFloat32V(rv2i(rv).(map[interface{}]float32), e)
-}
-func (_ fastpathT) EncMapIntfFloat32V(v map[interface{}]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfFloat64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfFloat64V(rv2i(rv).(map[interface{}]float64), e)
-}
-func (_ fastpathT) EncMapIntfFloat64V(v map[interface{}]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntfBoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntfBoolV(rv2i(rv).(map[interface{}]bool), e)
-}
-func (_ fastpathT) EncMapIntfBoolV(v map[interface{}]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		var mksv []byte = make([]byte, 0, len(v)*16) // temporary byte slice for the encoding
-		e2 := NewEncoderBytes(&mksv, e.hh)
-		v2 := make([]bytesI, len(v))
-		var i, l int
-		var vp *bytesI
-		for k2, _ := range v {
-			l = len(mksv)
-			e2.MustEncode(k2)
-			vp = &v2[i]
-			vp.v = mksv[l:]
-			vp.i = k2
-			i++
-		}
-		sort.Sort(bytesISlice(v2))
-		if esep {
-			for j := range v2 {
-				ee.WriteMapElemKey()
-				e.asis(v2[j].v)
-				ee.WriteMapElemValue()
-				e.encode(v[v2[j].i])
-			}
-		} else {
-			for j := range v2 {
-				e.asis(v2[j].v)
-				e.encode(v[v2[j].i])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringIntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringIntfV(rv2i(rv).(map[string]interface{}), e)
-}
-func (_ fastpathT) EncMapStringIntfV(v map[string]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				e.encode(v[string(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				e.encode(v[string(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringStringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringStringV(rv2i(rv).(map[string]string), e)
-}
-func (_ fastpathT) EncMapStringStringV(v map[string]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[string(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeString(cUTF8, v[string(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringUintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringUintV(rv2i(rv).(map[string]uint), e)
-}
-func (_ fastpathT) EncMapStringUintV(v map[string]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringUint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringUint8V(rv2i(rv).(map[string]uint8), e)
-}
-func (_ fastpathT) EncMapStringUint8V(v map[string]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringUint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringUint16V(rv2i(rv).(map[string]uint16), e)
-}
-func (_ fastpathT) EncMapStringUint16V(v map[string]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringUint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringUint32V(rv2i(rv).(map[string]uint32), e)
-}
-func (_ fastpathT) EncMapStringUint32V(v map[string]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringUint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringUint64V(rv2i(rv).(map[string]uint64), e)
-}
-func (_ fastpathT) EncMapStringUint64V(v map[string]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringUintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringUintptrV(rv2i(rv).(map[string]uintptr), e)
-}
-func (_ fastpathT) EncMapStringUintptrV(v map[string]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				e.encode(v[string(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				e.encode(v[string(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringIntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringIntV(rv2i(rv).(map[string]int), e)
-}
-func (_ fastpathT) EncMapStringIntV(v map[string]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringInt8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringInt8V(rv2i(rv).(map[string]int8), e)
-}
-func (_ fastpathT) EncMapStringInt8V(v map[string]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringInt16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringInt16V(rv2i(rv).(map[string]int16), e)
-}
-func (_ fastpathT) EncMapStringInt16V(v map[string]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringInt32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringInt32V(rv2i(rv).(map[string]int32), e)
-}
-func (_ fastpathT) EncMapStringInt32V(v map[string]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringInt64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringInt64V(rv2i(rv).(map[string]int64), e)
-}
-func (_ fastpathT) EncMapStringInt64V(v map[string]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v[string(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringFloat32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringFloat32V(rv2i(rv).(map[string]float32), e)
-}
-func (_ fastpathT) EncMapStringFloat32V(v map[string]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[string(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeFloat32(v[string(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringFloat64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringFloat64V(rv2i(rv).(map[string]float64), e)
-}
-func (_ fastpathT) EncMapStringFloat64V(v map[string]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[string(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeFloat64(v[string(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapStringBoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapStringBoolV(rv2i(rv).(map[string]bool), e)
-}
-func (_ fastpathT) EncMapStringBoolV(v map[string]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]string, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = string(k)
-			i++
-		}
-		sort.Sort(stringSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[string(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeBool(v[string(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeString(cUTF8, k2)
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeString(cUTF8, k2)
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32IntfV(rv2i(rv).(map[float32]interface{}), e)
-}
-func (_ fastpathT) EncMapFloat32IntfV(v map[float32]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				e.encode(v[float32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				e.encode(v[float32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32StringV(rv2i(rv).(map[float32]string), e)
-}
-func (_ fastpathT) EncMapFloat32StringV(v map[float32]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[float32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeString(cUTF8, v[float32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32UintV(rv2i(rv).(map[float32]uint), e)
-}
-func (_ fastpathT) EncMapFloat32UintV(v map[float32]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Uint8V(rv2i(rv).(map[float32]uint8), e)
-}
-func (_ fastpathT) EncMapFloat32Uint8V(v map[float32]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Uint16V(rv2i(rv).(map[float32]uint16), e)
-}
-func (_ fastpathT) EncMapFloat32Uint16V(v map[float32]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Uint32V(rv2i(rv).(map[float32]uint32), e)
-}
-func (_ fastpathT) EncMapFloat32Uint32V(v map[float32]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Uint64V(rv2i(rv).(map[float32]uint64), e)
-}
-func (_ fastpathT) EncMapFloat32Uint64V(v map[float32]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeUint(uint64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32UintptrV(rv2i(rv).(map[float32]uintptr), e)
-}
-func (_ fastpathT) EncMapFloat32UintptrV(v map[float32]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				e.encode(v[float32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				e.encode(v[float32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32IntV(rv2i(rv).(map[float32]int), e)
-}
-func (_ fastpathT) EncMapFloat32IntV(v map[float32]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Int8V(rv2i(rv).(map[float32]int8), e)
-}
-func (_ fastpathT) EncMapFloat32Int8V(v map[float32]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Int16V(rv2i(rv).(map[float32]int16), e)
-}
-func (_ fastpathT) EncMapFloat32Int16V(v map[float32]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Int32V(rv2i(rv).(map[float32]int32), e)
-}
-func (_ fastpathT) EncMapFloat32Int32V(v map[float32]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Int64V(rv2i(rv).(map[float32]int64), e)
-}
-func (_ fastpathT) EncMapFloat32Int64V(v map[float32]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeInt(int64(v[float32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Float32V(rv2i(rv).(map[float32]float32), e)
-}
-func (_ fastpathT) EncMapFloat32Float32V(v map[float32]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[float32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeFloat32(v[float32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32Float64V(rv2i(rv).(map[float32]float64), e)
-}
-func (_ fastpathT) EncMapFloat32Float64V(v map[float32]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[float32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeFloat64(v[float32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat32BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat32BoolV(rv2i(rv).(map[float32]bool), e)
-}
-func (_ fastpathT) EncMapFloat32BoolV(v map[float32]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(float32(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[float32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat32(float32(k2))
-				ee.EncodeBool(v[float32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat32(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat32(k2)
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64IntfV(rv2i(rv).(map[float64]interface{}), e)
-}
-func (_ fastpathT) EncMapFloat64IntfV(v map[float64]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v[float64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				e.encode(v[float64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64StringV(rv2i(rv).(map[float64]string), e)
-}
-func (_ fastpathT) EncMapFloat64StringV(v map[float64]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[float64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeString(cUTF8, v[float64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64UintV(rv2i(rv).(map[float64]uint), e)
-}
-func (_ fastpathT) EncMapFloat64UintV(v map[float64]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Uint8V(rv2i(rv).(map[float64]uint8), e)
-}
-func (_ fastpathT) EncMapFloat64Uint8V(v map[float64]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Uint16V(rv2i(rv).(map[float64]uint16), e)
-}
-func (_ fastpathT) EncMapFloat64Uint16V(v map[float64]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Uint32V(rv2i(rv).(map[float64]uint32), e)
-}
-func (_ fastpathT) EncMapFloat64Uint32V(v map[float64]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Uint64V(rv2i(rv).(map[float64]uint64), e)
-}
-func (_ fastpathT) EncMapFloat64Uint64V(v map[float64]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeUint(uint64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64UintptrV(rv2i(rv).(map[float64]uintptr), e)
-}
-func (_ fastpathT) EncMapFloat64UintptrV(v map[float64]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v[float64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				e.encode(v[float64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64IntV(rv2i(rv).(map[float64]int), e)
-}
-func (_ fastpathT) EncMapFloat64IntV(v map[float64]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Int8V(rv2i(rv).(map[float64]int8), e)
-}
-func (_ fastpathT) EncMapFloat64Int8V(v map[float64]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Int16V(rv2i(rv).(map[float64]int16), e)
-}
-func (_ fastpathT) EncMapFloat64Int16V(v map[float64]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Int32V(rv2i(rv).(map[float64]int32), e)
-}
-func (_ fastpathT) EncMapFloat64Int32V(v map[float64]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Int64V(rv2i(rv).(map[float64]int64), e)
-}
-func (_ fastpathT) EncMapFloat64Int64V(v map[float64]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeInt(int64(v[float64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Float32V(rv2i(rv).(map[float64]float32), e)
-}
-func (_ fastpathT) EncMapFloat64Float32V(v map[float64]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[float64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeFloat32(v[float64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64Float64V(rv2i(rv).(map[float64]float64), e)
-}
-func (_ fastpathT) EncMapFloat64Float64V(v map[float64]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[float64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeFloat64(v[float64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapFloat64BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapFloat64BoolV(rv2i(rv).(map[float64]bool), e)
-}
-func (_ fastpathT) EncMapFloat64BoolV(v map[float64]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]float64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = float64(k)
-			i++
-		}
-		sort.Sort(floatSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(float64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[float64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeFloat64(float64(k2))
-				ee.EncodeBool(v[float64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeFloat64(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeFloat64(k2)
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintIntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintIntfV(rv2i(rv).(map[uint]interface{}), e)
-}
-func (_ fastpathT) EncMapUintIntfV(v map[uint]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				e.encode(v[uint(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintStringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintStringV(rv2i(rv).(map[uint]string), e)
-}
-func (_ fastpathT) EncMapUintStringV(v map[uint]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[uint(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeString(cUTF8, v[uint(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintUintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintUintV(rv2i(rv).(map[uint]uint), e)
-}
-func (_ fastpathT) EncMapUintUintV(v map[uint]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintUint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintUint8V(rv2i(rv).(map[uint]uint8), e)
-}
-func (_ fastpathT) EncMapUintUint8V(v map[uint]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintUint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintUint16V(rv2i(rv).(map[uint]uint16), e)
-}
-func (_ fastpathT) EncMapUintUint16V(v map[uint]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintUint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintUint32V(rv2i(rv).(map[uint]uint32), e)
-}
-func (_ fastpathT) EncMapUintUint32V(v map[uint]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintUint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintUint64V(rv2i(rv).(map[uint]uint64), e)
-}
-func (_ fastpathT) EncMapUintUint64V(v map[uint]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeUint(uint64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintUintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintUintptrV(rv2i(rv).(map[uint]uintptr), e)
-}
-func (_ fastpathT) EncMapUintUintptrV(v map[uint]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				e.encode(v[uint(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintIntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintIntV(rv2i(rv).(map[uint]int), e)
-}
-func (_ fastpathT) EncMapUintIntV(v map[uint]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintInt8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintInt8V(rv2i(rv).(map[uint]int8), e)
-}
-func (_ fastpathT) EncMapUintInt8V(v map[uint]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintInt16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintInt16V(rv2i(rv).(map[uint]int16), e)
-}
-func (_ fastpathT) EncMapUintInt16V(v map[uint]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintInt32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintInt32V(rv2i(rv).(map[uint]int32), e)
-}
-func (_ fastpathT) EncMapUintInt32V(v map[uint]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintInt64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintInt64V(rv2i(rv).(map[uint]int64), e)
-}
-func (_ fastpathT) EncMapUintInt64V(v map[uint]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeInt(int64(v[uint(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintFloat32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintFloat32V(rv2i(rv).(map[uint]float32), e)
-}
-func (_ fastpathT) EncMapUintFloat32V(v map[uint]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[uint(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeFloat32(v[uint(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintFloat64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintFloat64V(rv2i(rv).(map[uint]float64), e)
-}
-func (_ fastpathT) EncMapUintFloat64V(v map[uint]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[uint(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeFloat64(v[uint(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintBoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintBoolV(rv2i(rv).(map[uint]bool), e)
-}
-func (_ fastpathT) EncMapUintBoolV(v map[uint]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[uint(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint(k2)))
-				ee.EncodeBool(v[uint(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8IntfV(rv2i(rv).(map[uint8]interface{}), e)
-}
-func (_ fastpathT) EncMapUint8IntfV(v map[uint8]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				e.encode(v[uint8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8StringV(rv2i(rv).(map[uint8]string), e)
-}
-func (_ fastpathT) EncMapUint8StringV(v map[uint8]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[uint8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeString(cUTF8, v[uint8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8UintV(rv2i(rv).(map[uint8]uint), e)
-}
-func (_ fastpathT) EncMapUint8UintV(v map[uint8]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Uint8V(rv2i(rv).(map[uint8]uint8), e)
-}
-func (_ fastpathT) EncMapUint8Uint8V(v map[uint8]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Uint16V(rv2i(rv).(map[uint8]uint16), e)
-}
-func (_ fastpathT) EncMapUint8Uint16V(v map[uint8]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Uint32V(rv2i(rv).(map[uint8]uint32), e)
-}
-func (_ fastpathT) EncMapUint8Uint32V(v map[uint8]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Uint64V(rv2i(rv).(map[uint8]uint64), e)
-}
-func (_ fastpathT) EncMapUint8Uint64V(v map[uint8]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeUint(uint64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8UintptrV(rv2i(rv).(map[uint8]uintptr), e)
-}
-func (_ fastpathT) EncMapUint8UintptrV(v map[uint8]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				e.encode(v[uint8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8IntV(rv2i(rv).(map[uint8]int), e)
-}
-func (_ fastpathT) EncMapUint8IntV(v map[uint8]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Int8V(rv2i(rv).(map[uint8]int8), e)
-}
-func (_ fastpathT) EncMapUint8Int8V(v map[uint8]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Int16V(rv2i(rv).(map[uint8]int16), e)
-}
-func (_ fastpathT) EncMapUint8Int16V(v map[uint8]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Int32V(rv2i(rv).(map[uint8]int32), e)
-}
-func (_ fastpathT) EncMapUint8Int32V(v map[uint8]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Int64V(rv2i(rv).(map[uint8]int64), e)
-}
-func (_ fastpathT) EncMapUint8Int64V(v map[uint8]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeInt(int64(v[uint8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Float32V(rv2i(rv).(map[uint8]float32), e)
-}
-func (_ fastpathT) EncMapUint8Float32V(v map[uint8]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[uint8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeFloat32(v[uint8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8Float64V(rv2i(rv).(map[uint8]float64), e)
-}
-func (_ fastpathT) EncMapUint8Float64V(v map[uint8]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[uint8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeFloat64(v[uint8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint8BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint8BoolV(rv2i(rv).(map[uint8]bool), e)
-}
-func (_ fastpathT) EncMapUint8BoolV(v map[uint8]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[uint8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint8(k2)))
-				ee.EncodeBool(v[uint8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16IntfV(rv2i(rv).(map[uint16]interface{}), e)
-}
-func (_ fastpathT) EncMapUint16IntfV(v map[uint16]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				e.encode(v[uint16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16StringV(rv2i(rv).(map[uint16]string), e)
-}
-func (_ fastpathT) EncMapUint16StringV(v map[uint16]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[uint16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeString(cUTF8, v[uint16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16UintV(rv2i(rv).(map[uint16]uint), e)
-}
-func (_ fastpathT) EncMapUint16UintV(v map[uint16]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Uint8V(rv2i(rv).(map[uint16]uint8), e)
-}
-func (_ fastpathT) EncMapUint16Uint8V(v map[uint16]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Uint16V(rv2i(rv).(map[uint16]uint16), e)
-}
-func (_ fastpathT) EncMapUint16Uint16V(v map[uint16]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Uint32V(rv2i(rv).(map[uint16]uint32), e)
-}
-func (_ fastpathT) EncMapUint16Uint32V(v map[uint16]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Uint64V(rv2i(rv).(map[uint16]uint64), e)
-}
-func (_ fastpathT) EncMapUint16Uint64V(v map[uint16]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeUint(uint64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16UintptrV(rv2i(rv).(map[uint16]uintptr), e)
-}
-func (_ fastpathT) EncMapUint16UintptrV(v map[uint16]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				e.encode(v[uint16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16IntV(rv2i(rv).(map[uint16]int), e)
-}
-func (_ fastpathT) EncMapUint16IntV(v map[uint16]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Int8V(rv2i(rv).(map[uint16]int8), e)
-}
-func (_ fastpathT) EncMapUint16Int8V(v map[uint16]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Int16V(rv2i(rv).(map[uint16]int16), e)
-}
-func (_ fastpathT) EncMapUint16Int16V(v map[uint16]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Int32V(rv2i(rv).(map[uint16]int32), e)
-}
-func (_ fastpathT) EncMapUint16Int32V(v map[uint16]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Int64V(rv2i(rv).(map[uint16]int64), e)
-}
-func (_ fastpathT) EncMapUint16Int64V(v map[uint16]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeInt(int64(v[uint16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Float32V(rv2i(rv).(map[uint16]float32), e)
-}
-func (_ fastpathT) EncMapUint16Float32V(v map[uint16]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[uint16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeFloat32(v[uint16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16Float64V(rv2i(rv).(map[uint16]float64), e)
-}
-func (_ fastpathT) EncMapUint16Float64V(v map[uint16]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[uint16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeFloat64(v[uint16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint16BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint16BoolV(rv2i(rv).(map[uint16]bool), e)
-}
-func (_ fastpathT) EncMapUint16BoolV(v map[uint16]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[uint16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint16(k2)))
-				ee.EncodeBool(v[uint16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32IntfV(rv2i(rv).(map[uint32]interface{}), e)
-}
-func (_ fastpathT) EncMapUint32IntfV(v map[uint32]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				e.encode(v[uint32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32StringV(rv2i(rv).(map[uint32]string), e)
-}
-func (_ fastpathT) EncMapUint32StringV(v map[uint32]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[uint32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeString(cUTF8, v[uint32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32UintV(rv2i(rv).(map[uint32]uint), e)
-}
-func (_ fastpathT) EncMapUint32UintV(v map[uint32]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Uint8V(rv2i(rv).(map[uint32]uint8), e)
-}
-func (_ fastpathT) EncMapUint32Uint8V(v map[uint32]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Uint16V(rv2i(rv).(map[uint32]uint16), e)
-}
-func (_ fastpathT) EncMapUint32Uint16V(v map[uint32]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Uint32V(rv2i(rv).(map[uint32]uint32), e)
-}
-func (_ fastpathT) EncMapUint32Uint32V(v map[uint32]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Uint64V(rv2i(rv).(map[uint32]uint64), e)
-}
-func (_ fastpathT) EncMapUint32Uint64V(v map[uint32]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeUint(uint64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32UintptrV(rv2i(rv).(map[uint32]uintptr), e)
-}
-func (_ fastpathT) EncMapUint32UintptrV(v map[uint32]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				e.encode(v[uint32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32IntV(rv2i(rv).(map[uint32]int), e)
-}
-func (_ fastpathT) EncMapUint32IntV(v map[uint32]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Int8V(rv2i(rv).(map[uint32]int8), e)
-}
-func (_ fastpathT) EncMapUint32Int8V(v map[uint32]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Int16V(rv2i(rv).(map[uint32]int16), e)
-}
-func (_ fastpathT) EncMapUint32Int16V(v map[uint32]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Int32V(rv2i(rv).(map[uint32]int32), e)
-}
-func (_ fastpathT) EncMapUint32Int32V(v map[uint32]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Int64V(rv2i(rv).(map[uint32]int64), e)
-}
-func (_ fastpathT) EncMapUint32Int64V(v map[uint32]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeInt(int64(v[uint32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Float32V(rv2i(rv).(map[uint32]float32), e)
-}
-func (_ fastpathT) EncMapUint32Float32V(v map[uint32]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[uint32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeFloat32(v[uint32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32Float64V(rv2i(rv).(map[uint32]float64), e)
-}
-func (_ fastpathT) EncMapUint32Float64V(v map[uint32]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[uint32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeFloat64(v[uint32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint32BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint32BoolV(rv2i(rv).(map[uint32]bool), e)
-}
-func (_ fastpathT) EncMapUint32BoolV(v map[uint32]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[uint32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint32(k2)))
-				ee.EncodeBool(v[uint32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64IntfV(rv2i(rv).(map[uint64]interface{}), e)
-}
-func (_ fastpathT) EncMapUint64IntfV(v map[uint64]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				e.encode(v[uint64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64StringV(rv2i(rv).(map[uint64]string), e)
-}
-func (_ fastpathT) EncMapUint64StringV(v map[uint64]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[uint64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeString(cUTF8, v[uint64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64UintV(rv2i(rv).(map[uint64]uint), e)
-}
-func (_ fastpathT) EncMapUint64UintV(v map[uint64]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Uint8V(rv2i(rv).(map[uint64]uint8), e)
-}
-func (_ fastpathT) EncMapUint64Uint8V(v map[uint64]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Uint16V(rv2i(rv).(map[uint64]uint16), e)
-}
-func (_ fastpathT) EncMapUint64Uint16V(v map[uint64]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Uint32V(rv2i(rv).(map[uint64]uint32), e)
-}
-func (_ fastpathT) EncMapUint64Uint32V(v map[uint64]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Uint64V(rv2i(rv).(map[uint64]uint64), e)
-}
-func (_ fastpathT) EncMapUint64Uint64V(v map[uint64]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeUint(uint64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64UintptrV(rv2i(rv).(map[uint64]uintptr), e)
-}
-func (_ fastpathT) EncMapUint64UintptrV(v map[uint64]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[uint64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				e.encode(v[uint64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64IntV(rv2i(rv).(map[uint64]int), e)
-}
-func (_ fastpathT) EncMapUint64IntV(v map[uint64]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Int8V(rv2i(rv).(map[uint64]int8), e)
-}
-func (_ fastpathT) EncMapUint64Int8V(v map[uint64]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Int16V(rv2i(rv).(map[uint64]int16), e)
-}
-func (_ fastpathT) EncMapUint64Int16V(v map[uint64]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Int32V(rv2i(rv).(map[uint64]int32), e)
-}
-func (_ fastpathT) EncMapUint64Int32V(v map[uint64]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Int64V(rv2i(rv).(map[uint64]int64), e)
-}
-func (_ fastpathT) EncMapUint64Int64V(v map[uint64]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeInt(int64(v[uint64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Float32V(rv2i(rv).(map[uint64]float32), e)
-}
-func (_ fastpathT) EncMapUint64Float32V(v map[uint64]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[uint64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeFloat32(v[uint64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64Float64V(rv2i(rv).(map[uint64]float64), e)
-}
-func (_ fastpathT) EncMapUint64Float64V(v map[uint64]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[uint64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeFloat64(v[uint64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUint64BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUint64BoolV(rv2i(rv).(map[uint64]bool), e)
-}
-func (_ fastpathT) EncMapUint64BoolV(v map[uint64]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[uint64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeUint(uint64(uint64(k2)))
-				ee.EncodeBool(v[uint64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeUint(uint64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeUint(uint64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrIntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrIntfV(rv2i(rv).(map[uintptr]interface{}), e)
-}
-func (_ fastpathT) EncMapUintptrIntfV(v map[uintptr]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				e.encode(v[uintptr(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				e.encode(v[uintptr(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrStringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrStringV(rv2i(rv).(map[uintptr]string), e)
-}
-func (_ fastpathT) EncMapUintptrStringV(v map[uintptr]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[uintptr(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeString(cUTF8, v[uintptr(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrUintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrUintV(rv2i(rv).(map[uintptr]uint), e)
-}
-func (_ fastpathT) EncMapUintptrUintV(v map[uintptr]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrUint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrUint8V(rv2i(rv).(map[uintptr]uint8), e)
-}
-func (_ fastpathT) EncMapUintptrUint8V(v map[uintptr]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrUint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrUint16V(rv2i(rv).(map[uintptr]uint16), e)
-}
-func (_ fastpathT) EncMapUintptrUint16V(v map[uintptr]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrUint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrUint32V(rv2i(rv).(map[uintptr]uint32), e)
-}
-func (_ fastpathT) EncMapUintptrUint32V(v map[uintptr]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrUint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrUint64V(rv2i(rv).(map[uintptr]uint64), e)
-}
-func (_ fastpathT) EncMapUintptrUint64V(v map[uintptr]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeUint(uint64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrUintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrUintptrV(rv2i(rv).(map[uintptr]uintptr), e)
-}
-func (_ fastpathT) EncMapUintptrUintptrV(v map[uintptr]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				e.encode(v[uintptr(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				e.encode(v[uintptr(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrIntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrIntV(rv2i(rv).(map[uintptr]int), e)
-}
-func (_ fastpathT) EncMapUintptrIntV(v map[uintptr]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrInt8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrInt8V(rv2i(rv).(map[uintptr]int8), e)
-}
-func (_ fastpathT) EncMapUintptrInt8V(v map[uintptr]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrInt16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrInt16V(rv2i(rv).(map[uintptr]int16), e)
-}
-func (_ fastpathT) EncMapUintptrInt16V(v map[uintptr]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrInt32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrInt32V(rv2i(rv).(map[uintptr]int32), e)
-}
-func (_ fastpathT) EncMapUintptrInt32V(v map[uintptr]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrInt64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrInt64V(rv2i(rv).(map[uintptr]int64), e)
-}
-func (_ fastpathT) EncMapUintptrInt64V(v map[uintptr]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeInt(int64(v[uintptr(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrFloat32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrFloat32V(rv2i(rv).(map[uintptr]float32), e)
-}
-func (_ fastpathT) EncMapUintptrFloat32V(v map[uintptr]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[uintptr(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeFloat32(v[uintptr(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrFloat64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrFloat64V(rv2i(rv).(map[uintptr]float64), e)
-}
-func (_ fastpathT) EncMapUintptrFloat64V(v map[uintptr]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[uintptr(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeFloat64(v[uintptr(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapUintptrBoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapUintptrBoolV(rv2i(rv).(map[uintptr]bool), e)
-}
-func (_ fastpathT) EncMapUintptrBoolV(v map[uintptr]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]uint64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = uint64(k)
-			i++
-		}
-		sort.Sort(uintSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				e.encode(uintptr(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[uintptr(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				e.encode(uintptr(k2))
-				ee.EncodeBool(v[uintptr(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				e.encode(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				e.encode(k2)
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntIntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntIntfV(rv2i(rv).(map[int]interface{}), e)
-}
-func (_ fastpathT) EncMapIntIntfV(v map[int]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				e.encode(v[int(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntStringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntStringV(rv2i(rv).(map[int]string), e)
-}
-func (_ fastpathT) EncMapIntStringV(v map[int]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[int(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeString(cUTF8, v[int(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntUintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntUintV(rv2i(rv).(map[int]uint), e)
-}
-func (_ fastpathT) EncMapIntUintV(v map[int]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntUint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntUint8V(rv2i(rv).(map[int]uint8), e)
-}
-func (_ fastpathT) EncMapIntUint8V(v map[int]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntUint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntUint16V(rv2i(rv).(map[int]uint16), e)
-}
-func (_ fastpathT) EncMapIntUint16V(v map[int]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntUint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntUint32V(rv2i(rv).(map[int]uint32), e)
-}
-func (_ fastpathT) EncMapIntUint32V(v map[int]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntUint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntUint64V(rv2i(rv).(map[int]uint64), e)
-}
-func (_ fastpathT) EncMapIntUint64V(v map[int]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeUint(uint64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntUintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntUintptrV(rv2i(rv).(map[int]uintptr), e)
-}
-func (_ fastpathT) EncMapIntUintptrV(v map[int]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				e.encode(v[int(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntIntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntIntV(rv2i(rv).(map[int]int), e)
-}
-func (_ fastpathT) EncMapIntIntV(v map[int]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntInt8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntInt8V(rv2i(rv).(map[int]int8), e)
-}
-func (_ fastpathT) EncMapIntInt8V(v map[int]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntInt16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntInt16V(rv2i(rv).(map[int]int16), e)
-}
-func (_ fastpathT) EncMapIntInt16V(v map[int]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntInt32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntInt32V(rv2i(rv).(map[int]int32), e)
-}
-func (_ fastpathT) EncMapIntInt32V(v map[int]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntInt64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntInt64V(rv2i(rv).(map[int]int64), e)
-}
-func (_ fastpathT) EncMapIntInt64V(v map[int]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeInt(int64(v[int(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntFloat32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntFloat32V(rv2i(rv).(map[int]float32), e)
-}
-func (_ fastpathT) EncMapIntFloat32V(v map[int]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[int(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeFloat32(v[int(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntFloat64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntFloat64V(rv2i(rv).(map[int]float64), e)
-}
-func (_ fastpathT) EncMapIntFloat64V(v map[int]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[int(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeFloat64(v[int(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapIntBoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapIntBoolV(rv2i(rv).(map[int]bool), e)
-}
-func (_ fastpathT) EncMapIntBoolV(v map[int]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[int(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int(k2)))
-				ee.EncodeBool(v[int(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8IntfV(rv2i(rv).(map[int8]interface{}), e)
-}
-func (_ fastpathT) EncMapInt8IntfV(v map[int8]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				e.encode(v[int8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8StringV(rv2i(rv).(map[int8]string), e)
-}
-func (_ fastpathT) EncMapInt8StringV(v map[int8]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[int8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeString(cUTF8, v[int8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8UintV(rv2i(rv).(map[int8]uint), e)
-}
-func (_ fastpathT) EncMapInt8UintV(v map[int8]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Uint8V(rv2i(rv).(map[int8]uint8), e)
-}
-func (_ fastpathT) EncMapInt8Uint8V(v map[int8]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Uint16V(rv2i(rv).(map[int8]uint16), e)
-}
-func (_ fastpathT) EncMapInt8Uint16V(v map[int8]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Uint32V(rv2i(rv).(map[int8]uint32), e)
-}
-func (_ fastpathT) EncMapInt8Uint32V(v map[int8]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Uint64V(rv2i(rv).(map[int8]uint64), e)
-}
-func (_ fastpathT) EncMapInt8Uint64V(v map[int8]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeUint(uint64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8UintptrV(rv2i(rv).(map[int8]uintptr), e)
-}
-func (_ fastpathT) EncMapInt8UintptrV(v map[int8]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				e.encode(v[int8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8IntV(rv2i(rv).(map[int8]int), e)
-}
-func (_ fastpathT) EncMapInt8IntV(v map[int8]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Int8V(rv2i(rv).(map[int8]int8), e)
-}
-func (_ fastpathT) EncMapInt8Int8V(v map[int8]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Int16V(rv2i(rv).(map[int8]int16), e)
-}
-func (_ fastpathT) EncMapInt8Int16V(v map[int8]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Int32V(rv2i(rv).(map[int8]int32), e)
-}
-func (_ fastpathT) EncMapInt8Int32V(v map[int8]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Int64V(rv2i(rv).(map[int8]int64), e)
-}
-func (_ fastpathT) EncMapInt8Int64V(v map[int8]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeInt(int64(v[int8(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Float32V(rv2i(rv).(map[int8]float32), e)
-}
-func (_ fastpathT) EncMapInt8Float32V(v map[int8]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[int8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeFloat32(v[int8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8Float64V(rv2i(rv).(map[int8]float64), e)
-}
-func (_ fastpathT) EncMapInt8Float64V(v map[int8]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[int8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeFloat64(v[int8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt8BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt8BoolV(rv2i(rv).(map[int8]bool), e)
-}
-func (_ fastpathT) EncMapInt8BoolV(v map[int8]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int8(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[int8(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int8(k2)))
-				ee.EncodeBool(v[int8(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16IntfV(rv2i(rv).(map[int16]interface{}), e)
-}
-func (_ fastpathT) EncMapInt16IntfV(v map[int16]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				e.encode(v[int16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16StringV(rv2i(rv).(map[int16]string), e)
-}
-func (_ fastpathT) EncMapInt16StringV(v map[int16]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[int16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeString(cUTF8, v[int16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16UintV(rv2i(rv).(map[int16]uint), e)
-}
-func (_ fastpathT) EncMapInt16UintV(v map[int16]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Uint8V(rv2i(rv).(map[int16]uint8), e)
-}
-func (_ fastpathT) EncMapInt16Uint8V(v map[int16]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Uint16V(rv2i(rv).(map[int16]uint16), e)
-}
-func (_ fastpathT) EncMapInt16Uint16V(v map[int16]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Uint32V(rv2i(rv).(map[int16]uint32), e)
-}
-func (_ fastpathT) EncMapInt16Uint32V(v map[int16]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Uint64V(rv2i(rv).(map[int16]uint64), e)
-}
-func (_ fastpathT) EncMapInt16Uint64V(v map[int16]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeUint(uint64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16UintptrV(rv2i(rv).(map[int16]uintptr), e)
-}
-func (_ fastpathT) EncMapInt16UintptrV(v map[int16]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				e.encode(v[int16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16IntV(rv2i(rv).(map[int16]int), e)
-}
-func (_ fastpathT) EncMapInt16IntV(v map[int16]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Int8V(rv2i(rv).(map[int16]int8), e)
-}
-func (_ fastpathT) EncMapInt16Int8V(v map[int16]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Int16V(rv2i(rv).(map[int16]int16), e)
-}
-func (_ fastpathT) EncMapInt16Int16V(v map[int16]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Int32V(rv2i(rv).(map[int16]int32), e)
-}
-func (_ fastpathT) EncMapInt16Int32V(v map[int16]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Int64V(rv2i(rv).(map[int16]int64), e)
-}
-func (_ fastpathT) EncMapInt16Int64V(v map[int16]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeInt(int64(v[int16(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Float32V(rv2i(rv).(map[int16]float32), e)
-}
-func (_ fastpathT) EncMapInt16Float32V(v map[int16]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[int16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeFloat32(v[int16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16Float64V(rv2i(rv).(map[int16]float64), e)
-}
-func (_ fastpathT) EncMapInt16Float64V(v map[int16]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[int16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeFloat64(v[int16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt16BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt16BoolV(rv2i(rv).(map[int16]bool), e)
-}
-func (_ fastpathT) EncMapInt16BoolV(v map[int16]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int16(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[int16(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int16(k2)))
-				ee.EncodeBool(v[int16(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32IntfV(rv2i(rv).(map[int32]interface{}), e)
-}
-func (_ fastpathT) EncMapInt32IntfV(v map[int32]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				e.encode(v[int32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32StringV(rv2i(rv).(map[int32]string), e)
-}
-func (_ fastpathT) EncMapInt32StringV(v map[int32]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[int32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeString(cUTF8, v[int32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32UintV(rv2i(rv).(map[int32]uint), e)
-}
-func (_ fastpathT) EncMapInt32UintV(v map[int32]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Uint8V(rv2i(rv).(map[int32]uint8), e)
-}
-func (_ fastpathT) EncMapInt32Uint8V(v map[int32]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Uint16V(rv2i(rv).(map[int32]uint16), e)
-}
-func (_ fastpathT) EncMapInt32Uint16V(v map[int32]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Uint32V(rv2i(rv).(map[int32]uint32), e)
-}
-func (_ fastpathT) EncMapInt32Uint32V(v map[int32]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Uint64V(rv2i(rv).(map[int32]uint64), e)
-}
-func (_ fastpathT) EncMapInt32Uint64V(v map[int32]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeUint(uint64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32UintptrV(rv2i(rv).(map[int32]uintptr), e)
-}
-func (_ fastpathT) EncMapInt32UintptrV(v map[int32]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				e.encode(v[int32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32IntV(rv2i(rv).(map[int32]int), e)
-}
-func (_ fastpathT) EncMapInt32IntV(v map[int32]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Int8V(rv2i(rv).(map[int32]int8), e)
-}
-func (_ fastpathT) EncMapInt32Int8V(v map[int32]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Int16V(rv2i(rv).(map[int32]int16), e)
-}
-func (_ fastpathT) EncMapInt32Int16V(v map[int32]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Int32V(rv2i(rv).(map[int32]int32), e)
-}
-func (_ fastpathT) EncMapInt32Int32V(v map[int32]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Int64V(rv2i(rv).(map[int32]int64), e)
-}
-func (_ fastpathT) EncMapInt32Int64V(v map[int32]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeInt(int64(v[int32(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Float32V(rv2i(rv).(map[int32]float32), e)
-}
-func (_ fastpathT) EncMapInt32Float32V(v map[int32]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[int32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeFloat32(v[int32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32Float64V(rv2i(rv).(map[int32]float64), e)
-}
-func (_ fastpathT) EncMapInt32Float64V(v map[int32]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[int32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeFloat64(v[int32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt32BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt32BoolV(rv2i(rv).(map[int32]bool), e)
-}
-func (_ fastpathT) EncMapInt32BoolV(v map[int32]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int32(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[int32(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int32(k2)))
-				ee.EncodeBool(v[int32(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64IntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64IntfV(rv2i(rv).(map[int64]interface{}), e)
-}
-func (_ fastpathT) EncMapInt64IntfV(v map[int64]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				e.encode(v[int64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64StringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64StringV(rv2i(rv).(map[int64]string), e)
-}
-func (_ fastpathT) EncMapInt64StringV(v map[int64]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[int64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeString(cUTF8, v[int64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64UintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64UintV(rv2i(rv).(map[int64]uint), e)
-}
-func (_ fastpathT) EncMapInt64UintV(v map[int64]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Uint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Uint8V(rv2i(rv).(map[int64]uint8), e)
-}
-func (_ fastpathT) EncMapInt64Uint8V(v map[int64]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Uint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Uint16V(rv2i(rv).(map[int64]uint16), e)
-}
-func (_ fastpathT) EncMapInt64Uint16V(v map[int64]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Uint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Uint32V(rv2i(rv).(map[int64]uint32), e)
-}
-func (_ fastpathT) EncMapInt64Uint32V(v map[int64]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Uint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Uint64V(rv2i(rv).(map[int64]uint64), e)
-}
-func (_ fastpathT) EncMapInt64Uint64V(v map[int64]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeUint(uint64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64UintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64UintptrV(rv2i(rv).(map[int64]uintptr), e)
-}
-func (_ fastpathT) EncMapInt64UintptrV(v map[int64]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				e.encode(v[int64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				e.encode(v[int64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64IntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64IntV(rv2i(rv).(map[int64]int), e)
-}
-func (_ fastpathT) EncMapInt64IntV(v map[int64]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Int8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Int8V(rv2i(rv).(map[int64]int8), e)
-}
-func (_ fastpathT) EncMapInt64Int8V(v map[int64]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Int16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Int16V(rv2i(rv).(map[int64]int16), e)
-}
-func (_ fastpathT) EncMapInt64Int16V(v map[int64]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Int32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Int32V(rv2i(rv).(map[int64]int32), e)
-}
-func (_ fastpathT) EncMapInt64Int32V(v map[int64]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Int64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Int64V(rv2i(rv).(map[int64]int64), e)
-}
-func (_ fastpathT) EncMapInt64Int64V(v map[int64]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeInt(int64(v[int64(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Float32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Float32V(rv2i(rv).(map[int64]float32), e)
-}
-func (_ fastpathT) EncMapInt64Float32V(v map[int64]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[int64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeFloat32(v[int64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64Float64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64Float64V(rv2i(rv).(map[int64]float64), e)
-}
-func (_ fastpathT) EncMapInt64Float64V(v map[int64]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[int64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeFloat64(v[int64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapInt64BoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapInt64BoolV(rv2i(rv).(map[int64]bool), e)
-}
-func (_ fastpathT) EncMapInt64BoolV(v map[int64]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]int64, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = int64(k)
-			i++
-		}
-		sort.Sort(intSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(int64(k2)))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[int64(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeInt(int64(int64(k2)))
-				ee.EncodeBool(v[int64(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeInt(int64(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeInt(int64(k2))
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolIntfR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolIntfV(rv2i(rv).(map[bool]interface{}), e)
-}
-func (_ fastpathT) EncMapBoolIntfV(v map[bool]interface{}, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				e.encode(v[bool(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				e.encode(v[bool(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolStringR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolStringV(rv2i(rv).(map[bool]string), e)
-}
-func (_ fastpathT) EncMapBoolStringV(v map[bool]string, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v[bool(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeString(cUTF8, v[bool(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeString(cUTF8, v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeString(cUTF8, v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolUintR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolUintV(rv2i(rv).(map[bool]uint), e)
-}
-func (_ fastpathT) EncMapBoolUintV(v map[bool]uint, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolUint8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolUint8V(rv2i(rv).(map[bool]uint8), e)
-}
-func (_ fastpathT) EncMapBoolUint8V(v map[bool]uint8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolUint16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolUint16V(rv2i(rv).(map[bool]uint16), e)
-}
-func (_ fastpathT) EncMapBoolUint16V(v map[bool]uint16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolUint32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolUint32V(rv2i(rv).(map[bool]uint32), e)
-}
-func (_ fastpathT) EncMapBoolUint32V(v map[bool]uint32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolUint64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolUint64V(rv2i(rv).(map[bool]uint64), e)
-}
-func (_ fastpathT) EncMapBoolUint64V(v map[bool]uint64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeUint(uint64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeUint(uint64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeUint(uint64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolUintptrR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolUintptrV(rv2i(rv).(map[bool]uintptr), e)
-}
-func (_ fastpathT) EncMapBoolUintptrV(v map[bool]uintptr, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				e.encode(v[bool(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				e.encode(v[bool(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				e.encode(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				e.encode(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolIntR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolIntV(rv2i(rv).(map[bool]int), e)
-}
-func (_ fastpathT) EncMapBoolIntV(v map[bool]int, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolInt8R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolInt8V(rv2i(rv).(map[bool]int8), e)
-}
-func (_ fastpathT) EncMapBoolInt8V(v map[bool]int8, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolInt16R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolInt16V(rv2i(rv).(map[bool]int16), e)
-}
-func (_ fastpathT) EncMapBoolInt16V(v map[bool]int16, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolInt32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolInt32V(rv2i(rv).(map[bool]int32), e)
-}
-func (_ fastpathT) EncMapBoolInt32V(v map[bool]int32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolInt64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolInt64V(rv2i(rv).(map[bool]int64), e)
-}
-func (_ fastpathT) EncMapBoolInt64V(v map[bool]int64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeInt(int64(v[bool(k2)]))
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeInt(int64(v2))
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeInt(int64(v2))
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolFloat32R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolFloat32V(rv2i(rv).(map[bool]float32), e)
-}
-func (_ fastpathT) EncMapBoolFloat32V(v map[bool]float32, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v[bool(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeFloat32(v[bool(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat32(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeFloat32(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolFloat64R(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolFloat64V(rv2i(rv).(map[bool]float64), e)
-}
-func (_ fastpathT) EncMapBoolFloat64V(v map[bool]float64, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v[bool(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeFloat64(v[bool(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeFloat64(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeFloat64(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-func (e *Encoder) fastpathEncMapBoolBoolR(f *codecFnInfo, rv reflect.Value) {
-	fastpathTV.EncMapBoolBoolV(rv2i(rv).(map[bool]bool), e)
-}
-func (_ fastpathT) EncMapBoolBoolV(v map[bool]bool, e *Encoder) {
-	if v == nil {
-		e.e.EncodeNil()
-		return
-	}
-	ee, esep := e.e, e.hh.hasElemSeparators()
-	ee.WriteMapStart(len(v))
-	if e.h.Canonical {
-		v2 := make([]bool, len(v))
-		var i int
-		for k, _ := range v {
-			v2[i] = bool(k)
-			i++
-		}
-		sort.Sort(boolSlice(v2))
-		if esep {
-			for _, k2 := range v2 {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(bool(k2))
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v[bool(k2)])
-			}
-		} else {
-			for _, k2 := range v2 {
-				ee.EncodeBool(bool(k2))
-				ee.EncodeBool(v[bool(k2)])
-			}
-		}
-	} else {
-		if esep {
-			for k2, v2 := range v {
-				ee.WriteMapElemKey()
-				ee.EncodeBool(k2)
-				ee.WriteMapElemValue()
-				ee.EncodeBool(v2)
-			}
-		} else {
-			for k2, v2 := range v {
-				ee.EncodeBool(k2)
-				ee.EncodeBool(v2)
-			}
-		}
-	}
-	ee.WriteMapEnd()
-}
-
-// -- decode
-
-// -- -- fast path type switch
-func fastpathDecodeTypeSwitch(iv interface{}, d *Decoder) bool {
-	var changed bool
-	switch v := iv.(type) {
-
-	case []interface{}:
-		var v2 []interface{}
-		v2, changed = fastpathTV.DecSliceIntfV(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]interface{}:
-		var v2 []interface{}
-		v2, changed = fastpathTV.DecSliceIntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []string:
-		var v2 []string
-		v2, changed = fastpathTV.DecSliceStringV(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]string:
-		var v2 []string
-		v2, changed = fastpathTV.DecSliceStringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []float32:
-		var v2 []float32
-		v2, changed = fastpathTV.DecSliceFloat32V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]float32:
-		var v2 []float32
-		v2, changed = fastpathTV.DecSliceFloat32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []float64:
-		var v2 []float64
-		v2, changed = fastpathTV.DecSliceFloat64V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]float64:
-		var v2 []float64
-		v2, changed = fastpathTV.DecSliceFloat64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []uint:
-		var v2 []uint
-		v2, changed = fastpathTV.DecSliceUintV(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]uint:
-		var v2 []uint
-		v2, changed = fastpathTV.DecSliceUintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []uint16:
-		var v2 []uint16
-		v2, changed = fastpathTV.DecSliceUint16V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]uint16:
-		var v2 []uint16
-		v2, changed = fastpathTV.DecSliceUint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []uint32:
-		var v2 []uint32
-		v2, changed = fastpathTV.DecSliceUint32V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]uint32:
-		var v2 []uint32
-		v2, changed = fastpathTV.DecSliceUint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []uint64:
-		var v2 []uint64
-		v2, changed = fastpathTV.DecSliceUint64V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]uint64:
-		var v2 []uint64
-		v2, changed = fastpathTV.DecSliceUint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []uintptr:
-		var v2 []uintptr
-		v2, changed = fastpathTV.DecSliceUintptrV(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]uintptr:
-		var v2 []uintptr
-		v2, changed = fastpathTV.DecSliceUintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []int:
-		var v2 []int
-		v2, changed = fastpathTV.DecSliceIntV(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]int:
-		var v2 []int
-		v2, changed = fastpathTV.DecSliceIntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []int8:
-		var v2 []int8
-		v2, changed = fastpathTV.DecSliceInt8V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]int8:
-		var v2 []int8
-		v2, changed = fastpathTV.DecSliceInt8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []int16:
-		var v2 []int16
-		v2, changed = fastpathTV.DecSliceInt16V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]int16:
-		var v2 []int16
-		v2, changed = fastpathTV.DecSliceInt16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []int32:
-		var v2 []int32
-		v2, changed = fastpathTV.DecSliceInt32V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]int32:
-		var v2 []int32
-		v2, changed = fastpathTV.DecSliceInt32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []int64:
-		var v2 []int64
-		v2, changed = fastpathTV.DecSliceInt64V(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]int64:
-		var v2 []int64
-		v2, changed = fastpathTV.DecSliceInt64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case []bool:
-		var v2 []bool
-		v2, changed = fastpathTV.DecSliceBoolV(v, false, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	case *[]bool:
-		var v2 []bool
-		v2, changed = fastpathTV.DecSliceBoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-
-	case map[interface{}]interface{}:
-		fastpathTV.DecMapIntfIntfV(v, false, d)
-	case *map[interface{}]interface{}:
-		var v2 map[interface{}]interface{}
-		v2, changed = fastpathTV.DecMapIntfIntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]string:
-		fastpathTV.DecMapIntfStringV(v, false, d)
-	case *map[interface{}]string:
-		var v2 map[interface{}]string
-		v2, changed = fastpathTV.DecMapIntfStringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]uint:
-		fastpathTV.DecMapIntfUintV(v, false, d)
-	case *map[interface{}]uint:
-		var v2 map[interface{}]uint
-		v2, changed = fastpathTV.DecMapIntfUintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]uint8:
-		fastpathTV.DecMapIntfUint8V(v, false, d)
-	case *map[interface{}]uint8:
-		var v2 map[interface{}]uint8
-		v2, changed = fastpathTV.DecMapIntfUint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]uint16:
-		fastpathTV.DecMapIntfUint16V(v, false, d)
-	case *map[interface{}]uint16:
-		var v2 map[interface{}]uint16
-		v2, changed = fastpathTV.DecMapIntfUint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]uint32:
-		fastpathTV.DecMapIntfUint32V(v, false, d)
-	case *map[interface{}]uint32:
-		var v2 map[interface{}]uint32
-		v2, changed = fastpathTV.DecMapIntfUint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]uint64:
-		fastpathTV.DecMapIntfUint64V(v, false, d)
-	case *map[interface{}]uint64:
-		var v2 map[interface{}]uint64
-		v2, changed = fastpathTV.DecMapIntfUint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]uintptr:
-		fastpathTV.DecMapIntfUintptrV(v, false, d)
-	case *map[interface{}]uintptr:
-		var v2 map[interface{}]uintptr
-		v2, changed = fastpathTV.DecMapIntfUintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]int:
-		fastpathTV.DecMapIntfIntV(v, false, d)
-	case *map[interface{}]int:
-		var v2 map[interface{}]int
-		v2, changed = fastpathTV.DecMapIntfIntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]int8:
-		fastpathTV.DecMapIntfInt8V(v, false, d)
-	case *map[interface{}]int8:
-		var v2 map[interface{}]int8
-		v2, changed = fastpathTV.DecMapIntfInt8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]int16:
-		fastpathTV.DecMapIntfInt16V(v, false, d)
-	case *map[interface{}]int16:
-		var v2 map[interface{}]int16
-		v2, changed = fastpathTV.DecMapIntfInt16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]int32:
-		fastpathTV.DecMapIntfInt32V(v, false, d)
-	case *map[interface{}]int32:
-		var v2 map[interface{}]int32
-		v2, changed = fastpathTV.DecMapIntfInt32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]int64:
-		fastpathTV.DecMapIntfInt64V(v, false, d)
-	case *map[interface{}]int64:
-		var v2 map[interface{}]int64
-		v2, changed = fastpathTV.DecMapIntfInt64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]float32:
-		fastpathTV.DecMapIntfFloat32V(v, false, d)
-	case *map[interface{}]float32:
-		var v2 map[interface{}]float32
-		v2, changed = fastpathTV.DecMapIntfFloat32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]float64:
-		fastpathTV.DecMapIntfFloat64V(v, false, d)
-	case *map[interface{}]float64:
-		var v2 map[interface{}]float64
-		v2, changed = fastpathTV.DecMapIntfFloat64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[interface{}]bool:
-		fastpathTV.DecMapIntfBoolV(v, false, d)
-	case *map[interface{}]bool:
-		var v2 map[interface{}]bool
-		v2, changed = fastpathTV.DecMapIntfBoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]interface{}:
-		fastpathTV.DecMapStringIntfV(v, false, d)
-	case *map[string]interface{}:
-		var v2 map[string]interface{}
-		v2, changed = fastpathTV.DecMapStringIntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]string:
-		fastpathTV.DecMapStringStringV(v, false, d)
-	case *map[string]string:
-		var v2 map[string]string
-		v2, changed = fastpathTV.DecMapStringStringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]uint:
-		fastpathTV.DecMapStringUintV(v, false, d)
-	case *map[string]uint:
-		var v2 map[string]uint
-		v2, changed = fastpathTV.DecMapStringUintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]uint8:
-		fastpathTV.DecMapStringUint8V(v, false, d)
-	case *map[string]uint8:
-		var v2 map[string]uint8
-		v2, changed = fastpathTV.DecMapStringUint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]uint16:
-		fastpathTV.DecMapStringUint16V(v, false, d)
-	case *map[string]uint16:
-		var v2 map[string]uint16
-		v2, changed = fastpathTV.DecMapStringUint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]uint32:
-		fastpathTV.DecMapStringUint32V(v, false, d)
-	case *map[string]uint32:
-		var v2 map[string]uint32
-		v2, changed = fastpathTV.DecMapStringUint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]uint64:
-		fastpathTV.DecMapStringUint64V(v, false, d)
-	case *map[string]uint64:
-		var v2 map[string]uint64
-		v2, changed = fastpathTV.DecMapStringUint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]uintptr:
-		fastpathTV.DecMapStringUintptrV(v, false, d)
-	case *map[string]uintptr:
-		var v2 map[string]uintptr
-		v2, changed = fastpathTV.DecMapStringUintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]int:
-		fastpathTV.DecMapStringIntV(v, false, d)
-	case *map[string]int:
-		var v2 map[string]int
-		v2, changed = fastpathTV.DecMapStringIntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]int8:
-		fastpathTV.DecMapStringInt8V(v, false, d)
-	case *map[string]int8:
-		var v2 map[string]int8
-		v2, changed = fastpathTV.DecMapStringInt8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]int16:
-		fastpathTV.DecMapStringInt16V(v, false, d)
-	case *map[string]int16:
-		var v2 map[string]int16
-		v2, changed = fastpathTV.DecMapStringInt16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]int32:
-		fastpathTV.DecMapStringInt32V(v, false, d)
-	case *map[string]int32:
-		var v2 map[string]int32
-		v2, changed = fastpathTV.DecMapStringInt32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]int64:
-		fastpathTV.DecMapStringInt64V(v, false, d)
-	case *map[string]int64:
-		var v2 map[string]int64
-		v2, changed = fastpathTV.DecMapStringInt64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]float32:
-		fastpathTV.DecMapStringFloat32V(v, false, d)
-	case *map[string]float32:
-		var v2 map[string]float32
-		v2, changed = fastpathTV.DecMapStringFloat32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]float64:
-		fastpathTV.DecMapStringFloat64V(v, false, d)
-	case *map[string]float64:
-		var v2 map[string]float64
-		v2, changed = fastpathTV.DecMapStringFloat64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[string]bool:
-		fastpathTV.DecMapStringBoolV(v, false, d)
-	case *map[string]bool:
-		var v2 map[string]bool
-		v2, changed = fastpathTV.DecMapStringBoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]interface{}:
-		fastpathTV.DecMapFloat32IntfV(v, false, d)
-	case *map[float32]interface{}:
-		var v2 map[float32]interface{}
-		v2, changed = fastpathTV.DecMapFloat32IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]string:
-		fastpathTV.DecMapFloat32StringV(v, false, d)
-	case *map[float32]string:
-		var v2 map[float32]string
-		v2, changed = fastpathTV.DecMapFloat32StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]uint:
-		fastpathTV.DecMapFloat32UintV(v, false, d)
-	case *map[float32]uint:
-		var v2 map[float32]uint
-		v2, changed = fastpathTV.DecMapFloat32UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]uint8:
-		fastpathTV.DecMapFloat32Uint8V(v, false, d)
-	case *map[float32]uint8:
-		var v2 map[float32]uint8
-		v2, changed = fastpathTV.DecMapFloat32Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]uint16:
-		fastpathTV.DecMapFloat32Uint16V(v, false, d)
-	case *map[float32]uint16:
-		var v2 map[float32]uint16
-		v2, changed = fastpathTV.DecMapFloat32Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]uint32:
-		fastpathTV.DecMapFloat32Uint32V(v, false, d)
-	case *map[float32]uint32:
-		var v2 map[float32]uint32
-		v2, changed = fastpathTV.DecMapFloat32Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]uint64:
-		fastpathTV.DecMapFloat32Uint64V(v, false, d)
-	case *map[float32]uint64:
-		var v2 map[float32]uint64
-		v2, changed = fastpathTV.DecMapFloat32Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]uintptr:
-		fastpathTV.DecMapFloat32UintptrV(v, false, d)
-	case *map[float32]uintptr:
-		var v2 map[float32]uintptr
-		v2, changed = fastpathTV.DecMapFloat32UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]int:
-		fastpathTV.DecMapFloat32IntV(v, false, d)
-	case *map[float32]int:
-		var v2 map[float32]int
-		v2, changed = fastpathTV.DecMapFloat32IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]int8:
-		fastpathTV.DecMapFloat32Int8V(v, false, d)
-	case *map[float32]int8:
-		var v2 map[float32]int8
-		v2, changed = fastpathTV.DecMapFloat32Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]int16:
-		fastpathTV.DecMapFloat32Int16V(v, false, d)
-	case *map[float32]int16:
-		var v2 map[float32]int16
-		v2, changed = fastpathTV.DecMapFloat32Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]int32:
-		fastpathTV.DecMapFloat32Int32V(v, false, d)
-	case *map[float32]int32:
-		var v2 map[float32]int32
-		v2, changed = fastpathTV.DecMapFloat32Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]int64:
-		fastpathTV.DecMapFloat32Int64V(v, false, d)
-	case *map[float32]int64:
-		var v2 map[float32]int64
-		v2, changed = fastpathTV.DecMapFloat32Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]float32:
-		fastpathTV.DecMapFloat32Float32V(v, false, d)
-	case *map[float32]float32:
-		var v2 map[float32]float32
-		v2, changed = fastpathTV.DecMapFloat32Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]float64:
-		fastpathTV.DecMapFloat32Float64V(v, false, d)
-	case *map[float32]float64:
-		var v2 map[float32]float64
-		v2, changed = fastpathTV.DecMapFloat32Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float32]bool:
-		fastpathTV.DecMapFloat32BoolV(v, false, d)
-	case *map[float32]bool:
-		var v2 map[float32]bool
-		v2, changed = fastpathTV.DecMapFloat32BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]interface{}:
-		fastpathTV.DecMapFloat64IntfV(v, false, d)
-	case *map[float64]interface{}:
-		var v2 map[float64]interface{}
-		v2, changed = fastpathTV.DecMapFloat64IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]string:
-		fastpathTV.DecMapFloat64StringV(v, false, d)
-	case *map[float64]string:
-		var v2 map[float64]string
-		v2, changed = fastpathTV.DecMapFloat64StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]uint:
-		fastpathTV.DecMapFloat64UintV(v, false, d)
-	case *map[float64]uint:
-		var v2 map[float64]uint
-		v2, changed = fastpathTV.DecMapFloat64UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]uint8:
-		fastpathTV.DecMapFloat64Uint8V(v, false, d)
-	case *map[float64]uint8:
-		var v2 map[float64]uint8
-		v2, changed = fastpathTV.DecMapFloat64Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]uint16:
-		fastpathTV.DecMapFloat64Uint16V(v, false, d)
-	case *map[float64]uint16:
-		var v2 map[float64]uint16
-		v2, changed = fastpathTV.DecMapFloat64Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]uint32:
-		fastpathTV.DecMapFloat64Uint32V(v, false, d)
-	case *map[float64]uint32:
-		var v2 map[float64]uint32
-		v2, changed = fastpathTV.DecMapFloat64Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]uint64:
-		fastpathTV.DecMapFloat64Uint64V(v, false, d)
-	case *map[float64]uint64:
-		var v2 map[float64]uint64
-		v2, changed = fastpathTV.DecMapFloat64Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]uintptr:
-		fastpathTV.DecMapFloat64UintptrV(v, false, d)
-	case *map[float64]uintptr:
-		var v2 map[float64]uintptr
-		v2, changed = fastpathTV.DecMapFloat64UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]int:
-		fastpathTV.DecMapFloat64IntV(v, false, d)
-	case *map[float64]int:
-		var v2 map[float64]int
-		v2, changed = fastpathTV.DecMapFloat64IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]int8:
-		fastpathTV.DecMapFloat64Int8V(v, false, d)
-	case *map[float64]int8:
-		var v2 map[float64]int8
-		v2, changed = fastpathTV.DecMapFloat64Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]int16:
-		fastpathTV.DecMapFloat64Int16V(v, false, d)
-	case *map[float64]int16:
-		var v2 map[float64]int16
-		v2, changed = fastpathTV.DecMapFloat64Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]int32:
-		fastpathTV.DecMapFloat64Int32V(v, false, d)
-	case *map[float64]int32:
-		var v2 map[float64]int32
-		v2, changed = fastpathTV.DecMapFloat64Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]int64:
-		fastpathTV.DecMapFloat64Int64V(v, false, d)
-	case *map[float64]int64:
-		var v2 map[float64]int64
-		v2, changed = fastpathTV.DecMapFloat64Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]float32:
-		fastpathTV.DecMapFloat64Float32V(v, false, d)
-	case *map[float64]float32:
-		var v2 map[float64]float32
-		v2, changed = fastpathTV.DecMapFloat64Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]float64:
-		fastpathTV.DecMapFloat64Float64V(v, false, d)
-	case *map[float64]float64:
-		var v2 map[float64]float64
-		v2, changed = fastpathTV.DecMapFloat64Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[float64]bool:
-		fastpathTV.DecMapFloat64BoolV(v, false, d)
-	case *map[float64]bool:
-		var v2 map[float64]bool
-		v2, changed = fastpathTV.DecMapFloat64BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]interface{}:
-		fastpathTV.DecMapUintIntfV(v, false, d)
-	case *map[uint]interface{}:
-		var v2 map[uint]interface{}
-		v2, changed = fastpathTV.DecMapUintIntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]string:
-		fastpathTV.DecMapUintStringV(v, false, d)
-	case *map[uint]string:
-		var v2 map[uint]string
-		v2, changed = fastpathTV.DecMapUintStringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]uint:
-		fastpathTV.DecMapUintUintV(v, false, d)
-	case *map[uint]uint:
-		var v2 map[uint]uint
-		v2, changed = fastpathTV.DecMapUintUintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]uint8:
-		fastpathTV.DecMapUintUint8V(v, false, d)
-	case *map[uint]uint8:
-		var v2 map[uint]uint8
-		v2, changed = fastpathTV.DecMapUintUint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]uint16:
-		fastpathTV.DecMapUintUint16V(v, false, d)
-	case *map[uint]uint16:
-		var v2 map[uint]uint16
-		v2, changed = fastpathTV.DecMapUintUint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]uint32:
-		fastpathTV.DecMapUintUint32V(v, false, d)
-	case *map[uint]uint32:
-		var v2 map[uint]uint32
-		v2, changed = fastpathTV.DecMapUintUint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]uint64:
-		fastpathTV.DecMapUintUint64V(v, false, d)
-	case *map[uint]uint64:
-		var v2 map[uint]uint64
-		v2, changed = fastpathTV.DecMapUintUint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]uintptr:
-		fastpathTV.DecMapUintUintptrV(v, false, d)
-	case *map[uint]uintptr:
-		var v2 map[uint]uintptr
-		v2, changed = fastpathTV.DecMapUintUintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]int:
-		fastpathTV.DecMapUintIntV(v, false, d)
-	case *map[uint]int:
-		var v2 map[uint]int
-		v2, changed = fastpathTV.DecMapUintIntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]int8:
-		fastpathTV.DecMapUintInt8V(v, false, d)
-	case *map[uint]int8:
-		var v2 map[uint]int8
-		v2, changed = fastpathTV.DecMapUintInt8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]int16:
-		fastpathTV.DecMapUintInt16V(v, false, d)
-	case *map[uint]int16:
-		var v2 map[uint]int16
-		v2, changed = fastpathTV.DecMapUintInt16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]int32:
-		fastpathTV.DecMapUintInt32V(v, false, d)
-	case *map[uint]int32:
-		var v2 map[uint]int32
-		v2, changed = fastpathTV.DecMapUintInt32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]int64:
-		fastpathTV.DecMapUintInt64V(v, false, d)
-	case *map[uint]int64:
-		var v2 map[uint]int64
-		v2, changed = fastpathTV.DecMapUintInt64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]float32:
-		fastpathTV.DecMapUintFloat32V(v, false, d)
-	case *map[uint]float32:
-		var v2 map[uint]float32
-		v2, changed = fastpathTV.DecMapUintFloat32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]float64:
-		fastpathTV.DecMapUintFloat64V(v, false, d)
-	case *map[uint]float64:
-		var v2 map[uint]float64
-		v2, changed = fastpathTV.DecMapUintFloat64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint]bool:
-		fastpathTV.DecMapUintBoolV(v, false, d)
-	case *map[uint]bool:
-		var v2 map[uint]bool
-		v2, changed = fastpathTV.DecMapUintBoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]interface{}:
-		fastpathTV.DecMapUint8IntfV(v, false, d)
-	case *map[uint8]interface{}:
-		var v2 map[uint8]interface{}
-		v2, changed = fastpathTV.DecMapUint8IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]string:
-		fastpathTV.DecMapUint8StringV(v, false, d)
-	case *map[uint8]string:
-		var v2 map[uint8]string
-		v2, changed = fastpathTV.DecMapUint8StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]uint:
-		fastpathTV.DecMapUint8UintV(v, false, d)
-	case *map[uint8]uint:
-		var v2 map[uint8]uint
-		v2, changed = fastpathTV.DecMapUint8UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]uint8:
-		fastpathTV.DecMapUint8Uint8V(v, false, d)
-	case *map[uint8]uint8:
-		var v2 map[uint8]uint8
-		v2, changed = fastpathTV.DecMapUint8Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]uint16:
-		fastpathTV.DecMapUint8Uint16V(v, false, d)
-	case *map[uint8]uint16:
-		var v2 map[uint8]uint16
-		v2, changed = fastpathTV.DecMapUint8Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]uint32:
-		fastpathTV.DecMapUint8Uint32V(v, false, d)
-	case *map[uint8]uint32:
-		var v2 map[uint8]uint32
-		v2, changed = fastpathTV.DecMapUint8Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]uint64:
-		fastpathTV.DecMapUint8Uint64V(v, false, d)
-	case *map[uint8]uint64:
-		var v2 map[uint8]uint64
-		v2, changed = fastpathTV.DecMapUint8Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]uintptr:
-		fastpathTV.DecMapUint8UintptrV(v, false, d)
-	case *map[uint8]uintptr:
-		var v2 map[uint8]uintptr
-		v2, changed = fastpathTV.DecMapUint8UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]int:
-		fastpathTV.DecMapUint8IntV(v, false, d)
-	case *map[uint8]int:
-		var v2 map[uint8]int
-		v2, changed = fastpathTV.DecMapUint8IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]int8:
-		fastpathTV.DecMapUint8Int8V(v, false, d)
-	case *map[uint8]int8:
-		var v2 map[uint8]int8
-		v2, changed = fastpathTV.DecMapUint8Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]int16:
-		fastpathTV.DecMapUint8Int16V(v, false, d)
-	case *map[uint8]int16:
-		var v2 map[uint8]int16
-		v2, changed = fastpathTV.DecMapUint8Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]int32:
-		fastpathTV.DecMapUint8Int32V(v, false, d)
-	case *map[uint8]int32:
-		var v2 map[uint8]int32
-		v2, changed = fastpathTV.DecMapUint8Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]int64:
-		fastpathTV.DecMapUint8Int64V(v, false, d)
-	case *map[uint8]int64:
-		var v2 map[uint8]int64
-		v2, changed = fastpathTV.DecMapUint8Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]float32:
-		fastpathTV.DecMapUint8Float32V(v, false, d)
-	case *map[uint8]float32:
-		var v2 map[uint8]float32
-		v2, changed = fastpathTV.DecMapUint8Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]float64:
-		fastpathTV.DecMapUint8Float64V(v, false, d)
-	case *map[uint8]float64:
-		var v2 map[uint8]float64
-		v2, changed = fastpathTV.DecMapUint8Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint8]bool:
-		fastpathTV.DecMapUint8BoolV(v, false, d)
-	case *map[uint8]bool:
-		var v2 map[uint8]bool
-		v2, changed = fastpathTV.DecMapUint8BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]interface{}:
-		fastpathTV.DecMapUint16IntfV(v, false, d)
-	case *map[uint16]interface{}:
-		var v2 map[uint16]interface{}
-		v2, changed = fastpathTV.DecMapUint16IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]string:
-		fastpathTV.DecMapUint16StringV(v, false, d)
-	case *map[uint16]string:
-		var v2 map[uint16]string
-		v2, changed = fastpathTV.DecMapUint16StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]uint:
-		fastpathTV.DecMapUint16UintV(v, false, d)
-	case *map[uint16]uint:
-		var v2 map[uint16]uint
-		v2, changed = fastpathTV.DecMapUint16UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]uint8:
-		fastpathTV.DecMapUint16Uint8V(v, false, d)
-	case *map[uint16]uint8:
-		var v2 map[uint16]uint8
-		v2, changed = fastpathTV.DecMapUint16Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]uint16:
-		fastpathTV.DecMapUint16Uint16V(v, false, d)
-	case *map[uint16]uint16:
-		var v2 map[uint16]uint16
-		v2, changed = fastpathTV.DecMapUint16Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]uint32:
-		fastpathTV.DecMapUint16Uint32V(v, false, d)
-	case *map[uint16]uint32:
-		var v2 map[uint16]uint32
-		v2, changed = fastpathTV.DecMapUint16Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]uint64:
-		fastpathTV.DecMapUint16Uint64V(v, false, d)
-	case *map[uint16]uint64:
-		var v2 map[uint16]uint64
-		v2, changed = fastpathTV.DecMapUint16Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]uintptr:
-		fastpathTV.DecMapUint16UintptrV(v, false, d)
-	case *map[uint16]uintptr:
-		var v2 map[uint16]uintptr
-		v2, changed = fastpathTV.DecMapUint16UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]int:
-		fastpathTV.DecMapUint16IntV(v, false, d)
-	case *map[uint16]int:
-		var v2 map[uint16]int
-		v2, changed = fastpathTV.DecMapUint16IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]int8:
-		fastpathTV.DecMapUint16Int8V(v, false, d)
-	case *map[uint16]int8:
-		var v2 map[uint16]int8
-		v2, changed = fastpathTV.DecMapUint16Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]int16:
-		fastpathTV.DecMapUint16Int16V(v, false, d)
-	case *map[uint16]int16:
-		var v2 map[uint16]int16
-		v2, changed = fastpathTV.DecMapUint16Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]int32:
-		fastpathTV.DecMapUint16Int32V(v, false, d)
-	case *map[uint16]int32:
-		var v2 map[uint16]int32
-		v2, changed = fastpathTV.DecMapUint16Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]int64:
-		fastpathTV.DecMapUint16Int64V(v, false, d)
-	case *map[uint16]int64:
-		var v2 map[uint16]int64
-		v2, changed = fastpathTV.DecMapUint16Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]float32:
-		fastpathTV.DecMapUint16Float32V(v, false, d)
-	case *map[uint16]float32:
-		var v2 map[uint16]float32
-		v2, changed = fastpathTV.DecMapUint16Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]float64:
-		fastpathTV.DecMapUint16Float64V(v, false, d)
-	case *map[uint16]float64:
-		var v2 map[uint16]float64
-		v2, changed = fastpathTV.DecMapUint16Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint16]bool:
-		fastpathTV.DecMapUint16BoolV(v, false, d)
-	case *map[uint16]bool:
-		var v2 map[uint16]bool
-		v2, changed = fastpathTV.DecMapUint16BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]interface{}:
-		fastpathTV.DecMapUint32IntfV(v, false, d)
-	case *map[uint32]interface{}:
-		var v2 map[uint32]interface{}
-		v2, changed = fastpathTV.DecMapUint32IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]string:
-		fastpathTV.DecMapUint32StringV(v, false, d)
-	case *map[uint32]string:
-		var v2 map[uint32]string
-		v2, changed = fastpathTV.DecMapUint32StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]uint:
-		fastpathTV.DecMapUint32UintV(v, false, d)
-	case *map[uint32]uint:
-		var v2 map[uint32]uint
-		v2, changed = fastpathTV.DecMapUint32UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]uint8:
-		fastpathTV.DecMapUint32Uint8V(v, false, d)
-	case *map[uint32]uint8:
-		var v2 map[uint32]uint8
-		v2, changed = fastpathTV.DecMapUint32Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]uint16:
-		fastpathTV.DecMapUint32Uint16V(v, false, d)
-	case *map[uint32]uint16:
-		var v2 map[uint32]uint16
-		v2, changed = fastpathTV.DecMapUint32Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]uint32:
-		fastpathTV.DecMapUint32Uint32V(v, false, d)
-	case *map[uint32]uint32:
-		var v2 map[uint32]uint32
-		v2, changed = fastpathTV.DecMapUint32Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]uint64:
-		fastpathTV.DecMapUint32Uint64V(v, false, d)
-	case *map[uint32]uint64:
-		var v2 map[uint32]uint64
-		v2, changed = fastpathTV.DecMapUint32Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]uintptr:
-		fastpathTV.DecMapUint32UintptrV(v, false, d)
-	case *map[uint32]uintptr:
-		var v2 map[uint32]uintptr
-		v2, changed = fastpathTV.DecMapUint32UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]int:
-		fastpathTV.DecMapUint32IntV(v, false, d)
-	case *map[uint32]int:
-		var v2 map[uint32]int
-		v2, changed = fastpathTV.DecMapUint32IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]int8:
-		fastpathTV.DecMapUint32Int8V(v, false, d)
-	case *map[uint32]int8:
-		var v2 map[uint32]int8
-		v2, changed = fastpathTV.DecMapUint32Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]int16:
-		fastpathTV.DecMapUint32Int16V(v, false, d)
-	case *map[uint32]int16:
-		var v2 map[uint32]int16
-		v2, changed = fastpathTV.DecMapUint32Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]int32:
-		fastpathTV.DecMapUint32Int32V(v, false, d)
-	case *map[uint32]int32:
-		var v2 map[uint32]int32
-		v2, changed = fastpathTV.DecMapUint32Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]int64:
-		fastpathTV.DecMapUint32Int64V(v, false, d)
-	case *map[uint32]int64:
-		var v2 map[uint32]int64
-		v2, changed = fastpathTV.DecMapUint32Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]float32:
-		fastpathTV.DecMapUint32Float32V(v, false, d)
-	case *map[uint32]float32:
-		var v2 map[uint32]float32
-		v2, changed = fastpathTV.DecMapUint32Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]float64:
-		fastpathTV.DecMapUint32Float64V(v, false, d)
-	case *map[uint32]float64:
-		var v2 map[uint32]float64
-		v2, changed = fastpathTV.DecMapUint32Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint32]bool:
-		fastpathTV.DecMapUint32BoolV(v, false, d)
-	case *map[uint32]bool:
-		var v2 map[uint32]bool
-		v2, changed = fastpathTV.DecMapUint32BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]interface{}:
-		fastpathTV.DecMapUint64IntfV(v, false, d)
-	case *map[uint64]interface{}:
-		var v2 map[uint64]interface{}
-		v2, changed = fastpathTV.DecMapUint64IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]string:
-		fastpathTV.DecMapUint64StringV(v, false, d)
-	case *map[uint64]string:
-		var v2 map[uint64]string
-		v2, changed = fastpathTV.DecMapUint64StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]uint:
-		fastpathTV.DecMapUint64UintV(v, false, d)
-	case *map[uint64]uint:
-		var v2 map[uint64]uint
-		v2, changed = fastpathTV.DecMapUint64UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]uint8:
-		fastpathTV.DecMapUint64Uint8V(v, false, d)
-	case *map[uint64]uint8:
-		var v2 map[uint64]uint8
-		v2, changed = fastpathTV.DecMapUint64Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]uint16:
-		fastpathTV.DecMapUint64Uint16V(v, false, d)
-	case *map[uint64]uint16:
-		var v2 map[uint64]uint16
-		v2, changed = fastpathTV.DecMapUint64Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]uint32:
-		fastpathTV.DecMapUint64Uint32V(v, false, d)
-	case *map[uint64]uint32:
-		var v2 map[uint64]uint32
-		v2, changed = fastpathTV.DecMapUint64Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]uint64:
-		fastpathTV.DecMapUint64Uint64V(v, false, d)
-	case *map[uint64]uint64:
-		var v2 map[uint64]uint64
-		v2, changed = fastpathTV.DecMapUint64Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]uintptr:
-		fastpathTV.DecMapUint64UintptrV(v, false, d)
-	case *map[uint64]uintptr:
-		var v2 map[uint64]uintptr
-		v2, changed = fastpathTV.DecMapUint64UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]int:
-		fastpathTV.DecMapUint64IntV(v, false, d)
-	case *map[uint64]int:
-		var v2 map[uint64]int
-		v2, changed = fastpathTV.DecMapUint64IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]int8:
-		fastpathTV.DecMapUint64Int8V(v, false, d)
-	case *map[uint64]int8:
-		var v2 map[uint64]int8
-		v2, changed = fastpathTV.DecMapUint64Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]int16:
-		fastpathTV.DecMapUint64Int16V(v, false, d)
-	case *map[uint64]int16:
-		var v2 map[uint64]int16
-		v2, changed = fastpathTV.DecMapUint64Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]int32:
-		fastpathTV.DecMapUint64Int32V(v, false, d)
-	case *map[uint64]int32:
-		var v2 map[uint64]int32
-		v2, changed = fastpathTV.DecMapUint64Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]int64:
-		fastpathTV.DecMapUint64Int64V(v, false, d)
-	case *map[uint64]int64:
-		var v2 map[uint64]int64
-		v2, changed = fastpathTV.DecMapUint64Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]float32:
-		fastpathTV.DecMapUint64Float32V(v, false, d)
-	case *map[uint64]float32:
-		var v2 map[uint64]float32
-		v2, changed = fastpathTV.DecMapUint64Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]float64:
-		fastpathTV.DecMapUint64Float64V(v, false, d)
-	case *map[uint64]float64:
-		var v2 map[uint64]float64
-		v2, changed = fastpathTV.DecMapUint64Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uint64]bool:
-		fastpathTV.DecMapUint64BoolV(v, false, d)
-	case *map[uint64]bool:
-		var v2 map[uint64]bool
-		v2, changed = fastpathTV.DecMapUint64BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]interface{}:
-		fastpathTV.DecMapUintptrIntfV(v, false, d)
-	case *map[uintptr]interface{}:
-		var v2 map[uintptr]interface{}
-		v2, changed = fastpathTV.DecMapUintptrIntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]string:
-		fastpathTV.DecMapUintptrStringV(v, false, d)
-	case *map[uintptr]string:
-		var v2 map[uintptr]string
-		v2, changed = fastpathTV.DecMapUintptrStringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]uint:
-		fastpathTV.DecMapUintptrUintV(v, false, d)
-	case *map[uintptr]uint:
-		var v2 map[uintptr]uint
-		v2, changed = fastpathTV.DecMapUintptrUintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]uint8:
-		fastpathTV.DecMapUintptrUint8V(v, false, d)
-	case *map[uintptr]uint8:
-		var v2 map[uintptr]uint8
-		v2, changed = fastpathTV.DecMapUintptrUint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]uint16:
-		fastpathTV.DecMapUintptrUint16V(v, false, d)
-	case *map[uintptr]uint16:
-		var v2 map[uintptr]uint16
-		v2, changed = fastpathTV.DecMapUintptrUint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]uint32:
-		fastpathTV.DecMapUintptrUint32V(v, false, d)
-	case *map[uintptr]uint32:
-		var v2 map[uintptr]uint32
-		v2, changed = fastpathTV.DecMapUintptrUint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]uint64:
-		fastpathTV.DecMapUintptrUint64V(v, false, d)
-	case *map[uintptr]uint64:
-		var v2 map[uintptr]uint64
-		v2, changed = fastpathTV.DecMapUintptrUint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]uintptr:
-		fastpathTV.DecMapUintptrUintptrV(v, false, d)
-	case *map[uintptr]uintptr:
-		var v2 map[uintptr]uintptr
-		v2, changed = fastpathTV.DecMapUintptrUintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]int:
-		fastpathTV.DecMapUintptrIntV(v, false, d)
-	case *map[uintptr]int:
-		var v2 map[uintptr]int
-		v2, changed = fastpathTV.DecMapUintptrIntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]int8:
-		fastpathTV.DecMapUintptrInt8V(v, false, d)
-	case *map[uintptr]int8:
-		var v2 map[uintptr]int8
-		v2, changed = fastpathTV.DecMapUintptrInt8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]int16:
-		fastpathTV.DecMapUintptrInt16V(v, false, d)
-	case *map[uintptr]int16:
-		var v2 map[uintptr]int16
-		v2, changed = fastpathTV.DecMapUintptrInt16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]int32:
-		fastpathTV.DecMapUintptrInt32V(v, false, d)
-	case *map[uintptr]int32:
-		var v2 map[uintptr]int32
-		v2, changed = fastpathTV.DecMapUintptrInt32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]int64:
-		fastpathTV.DecMapUintptrInt64V(v, false, d)
-	case *map[uintptr]int64:
-		var v2 map[uintptr]int64
-		v2, changed = fastpathTV.DecMapUintptrInt64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]float32:
-		fastpathTV.DecMapUintptrFloat32V(v, false, d)
-	case *map[uintptr]float32:
-		var v2 map[uintptr]float32
-		v2, changed = fastpathTV.DecMapUintptrFloat32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]float64:
-		fastpathTV.DecMapUintptrFloat64V(v, false, d)
-	case *map[uintptr]float64:
-		var v2 map[uintptr]float64
-		v2, changed = fastpathTV.DecMapUintptrFloat64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[uintptr]bool:
-		fastpathTV.DecMapUintptrBoolV(v, false, d)
-	case *map[uintptr]bool:
-		var v2 map[uintptr]bool
-		v2, changed = fastpathTV.DecMapUintptrBoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]interface{}:
-		fastpathTV.DecMapIntIntfV(v, false, d)
-	case *map[int]interface{}:
-		var v2 map[int]interface{}
-		v2, changed = fastpathTV.DecMapIntIntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]string:
-		fastpathTV.DecMapIntStringV(v, false, d)
-	case *map[int]string:
-		var v2 map[int]string
-		v2, changed = fastpathTV.DecMapIntStringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]uint:
-		fastpathTV.DecMapIntUintV(v, false, d)
-	case *map[int]uint:
-		var v2 map[int]uint
-		v2, changed = fastpathTV.DecMapIntUintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]uint8:
-		fastpathTV.DecMapIntUint8V(v, false, d)
-	case *map[int]uint8:
-		var v2 map[int]uint8
-		v2, changed = fastpathTV.DecMapIntUint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]uint16:
-		fastpathTV.DecMapIntUint16V(v, false, d)
-	case *map[int]uint16:
-		var v2 map[int]uint16
-		v2, changed = fastpathTV.DecMapIntUint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]uint32:
-		fastpathTV.DecMapIntUint32V(v, false, d)
-	case *map[int]uint32:
-		var v2 map[int]uint32
-		v2, changed = fastpathTV.DecMapIntUint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]uint64:
-		fastpathTV.DecMapIntUint64V(v, false, d)
-	case *map[int]uint64:
-		var v2 map[int]uint64
-		v2, changed = fastpathTV.DecMapIntUint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]uintptr:
-		fastpathTV.DecMapIntUintptrV(v, false, d)
-	case *map[int]uintptr:
-		var v2 map[int]uintptr
-		v2, changed = fastpathTV.DecMapIntUintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]int:
-		fastpathTV.DecMapIntIntV(v, false, d)
-	case *map[int]int:
-		var v2 map[int]int
-		v2, changed = fastpathTV.DecMapIntIntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]int8:
-		fastpathTV.DecMapIntInt8V(v, false, d)
-	case *map[int]int8:
-		var v2 map[int]int8
-		v2, changed = fastpathTV.DecMapIntInt8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]int16:
-		fastpathTV.DecMapIntInt16V(v, false, d)
-	case *map[int]int16:
-		var v2 map[int]int16
-		v2, changed = fastpathTV.DecMapIntInt16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]int32:
-		fastpathTV.DecMapIntInt32V(v, false, d)
-	case *map[int]int32:
-		var v2 map[int]int32
-		v2, changed = fastpathTV.DecMapIntInt32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]int64:
-		fastpathTV.DecMapIntInt64V(v, false, d)
-	case *map[int]int64:
-		var v2 map[int]int64
-		v2, changed = fastpathTV.DecMapIntInt64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]float32:
-		fastpathTV.DecMapIntFloat32V(v, false, d)
-	case *map[int]float32:
-		var v2 map[int]float32
-		v2, changed = fastpathTV.DecMapIntFloat32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]float64:
-		fastpathTV.DecMapIntFloat64V(v, false, d)
-	case *map[int]float64:
-		var v2 map[int]float64
-		v2, changed = fastpathTV.DecMapIntFloat64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int]bool:
-		fastpathTV.DecMapIntBoolV(v, false, d)
-	case *map[int]bool:
-		var v2 map[int]bool
-		v2, changed = fastpathTV.DecMapIntBoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]interface{}:
-		fastpathTV.DecMapInt8IntfV(v, false, d)
-	case *map[int8]interface{}:
-		var v2 map[int8]interface{}
-		v2, changed = fastpathTV.DecMapInt8IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]string:
-		fastpathTV.DecMapInt8StringV(v, false, d)
-	case *map[int8]string:
-		var v2 map[int8]string
-		v2, changed = fastpathTV.DecMapInt8StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]uint:
-		fastpathTV.DecMapInt8UintV(v, false, d)
-	case *map[int8]uint:
-		var v2 map[int8]uint
-		v2, changed = fastpathTV.DecMapInt8UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]uint8:
-		fastpathTV.DecMapInt8Uint8V(v, false, d)
-	case *map[int8]uint8:
-		var v2 map[int8]uint8
-		v2, changed = fastpathTV.DecMapInt8Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]uint16:
-		fastpathTV.DecMapInt8Uint16V(v, false, d)
-	case *map[int8]uint16:
-		var v2 map[int8]uint16
-		v2, changed = fastpathTV.DecMapInt8Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]uint32:
-		fastpathTV.DecMapInt8Uint32V(v, false, d)
-	case *map[int8]uint32:
-		var v2 map[int8]uint32
-		v2, changed = fastpathTV.DecMapInt8Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]uint64:
-		fastpathTV.DecMapInt8Uint64V(v, false, d)
-	case *map[int8]uint64:
-		var v2 map[int8]uint64
-		v2, changed = fastpathTV.DecMapInt8Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]uintptr:
-		fastpathTV.DecMapInt8UintptrV(v, false, d)
-	case *map[int8]uintptr:
-		var v2 map[int8]uintptr
-		v2, changed = fastpathTV.DecMapInt8UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]int:
-		fastpathTV.DecMapInt8IntV(v, false, d)
-	case *map[int8]int:
-		var v2 map[int8]int
-		v2, changed = fastpathTV.DecMapInt8IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]int8:
-		fastpathTV.DecMapInt8Int8V(v, false, d)
-	case *map[int8]int8:
-		var v2 map[int8]int8
-		v2, changed = fastpathTV.DecMapInt8Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]int16:
-		fastpathTV.DecMapInt8Int16V(v, false, d)
-	case *map[int8]int16:
-		var v2 map[int8]int16
-		v2, changed = fastpathTV.DecMapInt8Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]int32:
-		fastpathTV.DecMapInt8Int32V(v, false, d)
-	case *map[int8]int32:
-		var v2 map[int8]int32
-		v2, changed = fastpathTV.DecMapInt8Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]int64:
-		fastpathTV.DecMapInt8Int64V(v, false, d)
-	case *map[int8]int64:
-		var v2 map[int8]int64
-		v2, changed = fastpathTV.DecMapInt8Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]float32:
-		fastpathTV.DecMapInt8Float32V(v, false, d)
-	case *map[int8]float32:
-		var v2 map[int8]float32
-		v2, changed = fastpathTV.DecMapInt8Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]float64:
-		fastpathTV.DecMapInt8Float64V(v, false, d)
-	case *map[int8]float64:
-		var v2 map[int8]float64
-		v2, changed = fastpathTV.DecMapInt8Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int8]bool:
-		fastpathTV.DecMapInt8BoolV(v, false, d)
-	case *map[int8]bool:
-		var v2 map[int8]bool
-		v2, changed = fastpathTV.DecMapInt8BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]interface{}:
-		fastpathTV.DecMapInt16IntfV(v, false, d)
-	case *map[int16]interface{}:
-		var v2 map[int16]interface{}
-		v2, changed = fastpathTV.DecMapInt16IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]string:
-		fastpathTV.DecMapInt16StringV(v, false, d)
-	case *map[int16]string:
-		var v2 map[int16]string
-		v2, changed = fastpathTV.DecMapInt16StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]uint:
-		fastpathTV.DecMapInt16UintV(v, false, d)
-	case *map[int16]uint:
-		var v2 map[int16]uint
-		v2, changed = fastpathTV.DecMapInt16UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]uint8:
-		fastpathTV.DecMapInt16Uint8V(v, false, d)
-	case *map[int16]uint8:
-		var v2 map[int16]uint8
-		v2, changed = fastpathTV.DecMapInt16Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]uint16:
-		fastpathTV.DecMapInt16Uint16V(v, false, d)
-	case *map[int16]uint16:
-		var v2 map[int16]uint16
-		v2, changed = fastpathTV.DecMapInt16Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]uint32:
-		fastpathTV.DecMapInt16Uint32V(v, false, d)
-	case *map[int16]uint32:
-		var v2 map[int16]uint32
-		v2, changed = fastpathTV.DecMapInt16Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]uint64:
-		fastpathTV.DecMapInt16Uint64V(v, false, d)
-	case *map[int16]uint64:
-		var v2 map[int16]uint64
-		v2, changed = fastpathTV.DecMapInt16Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]uintptr:
-		fastpathTV.DecMapInt16UintptrV(v, false, d)
-	case *map[int16]uintptr:
-		var v2 map[int16]uintptr
-		v2, changed = fastpathTV.DecMapInt16UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]int:
-		fastpathTV.DecMapInt16IntV(v, false, d)
-	case *map[int16]int:
-		var v2 map[int16]int
-		v2, changed = fastpathTV.DecMapInt16IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]int8:
-		fastpathTV.DecMapInt16Int8V(v, false, d)
-	case *map[int16]int8:
-		var v2 map[int16]int8
-		v2, changed = fastpathTV.DecMapInt16Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]int16:
-		fastpathTV.DecMapInt16Int16V(v, false, d)
-	case *map[int16]int16:
-		var v2 map[int16]int16
-		v2, changed = fastpathTV.DecMapInt16Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]int32:
-		fastpathTV.DecMapInt16Int32V(v, false, d)
-	case *map[int16]int32:
-		var v2 map[int16]int32
-		v2, changed = fastpathTV.DecMapInt16Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]int64:
-		fastpathTV.DecMapInt16Int64V(v, false, d)
-	case *map[int16]int64:
-		var v2 map[int16]int64
-		v2, changed = fastpathTV.DecMapInt16Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]float32:
-		fastpathTV.DecMapInt16Float32V(v, false, d)
-	case *map[int16]float32:
-		var v2 map[int16]float32
-		v2, changed = fastpathTV.DecMapInt16Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]float64:
-		fastpathTV.DecMapInt16Float64V(v, false, d)
-	case *map[int16]float64:
-		var v2 map[int16]float64
-		v2, changed = fastpathTV.DecMapInt16Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int16]bool:
-		fastpathTV.DecMapInt16BoolV(v, false, d)
-	case *map[int16]bool:
-		var v2 map[int16]bool
-		v2, changed = fastpathTV.DecMapInt16BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]interface{}:
-		fastpathTV.DecMapInt32IntfV(v, false, d)
-	case *map[int32]interface{}:
-		var v2 map[int32]interface{}
-		v2, changed = fastpathTV.DecMapInt32IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]string:
-		fastpathTV.DecMapInt32StringV(v, false, d)
-	case *map[int32]string:
-		var v2 map[int32]string
-		v2, changed = fastpathTV.DecMapInt32StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]uint:
-		fastpathTV.DecMapInt32UintV(v, false, d)
-	case *map[int32]uint:
-		var v2 map[int32]uint
-		v2, changed = fastpathTV.DecMapInt32UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]uint8:
-		fastpathTV.DecMapInt32Uint8V(v, false, d)
-	case *map[int32]uint8:
-		var v2 map[int32]uint8
-		v2, changed = fastpathTV.DecMapInt32Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]uint16:
-		fastpathTV.DecMapInt32Uint16V(v, false, d)
-	case *map[int32]uint16:
-		var v2 map[int32]uint16
-		v2, changed = fastpathTV.DecMapInt32Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]uint32:
-		fastpathTV.DecMapInt32Uint32V(v, false, d)
-	case *map[int32]uint32:
-		var v2 map[int32]uint32
-		v2, changed = fastpathTV.DecMapInt32Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]uint64:
-		fastpathTV.DecMapInt32Uint64V(v, false, d)
-	case *map[int32]uint64:
-		var v2 map[int32]uint64
-		v2, changed = fastpathTV.DecMapInt32Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]uintptr:
-		fastpathTV.DecMapInt32UintptrV(v, false, d)
-	case *map[int32]uintptr:
-		var v2 map[int32]uintptr
-		v2, changed = fastpathTV.DecMapInt32UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]int:
-		fastpathTV.DecMapInt32IntV(v, false, d)
-	case *map[int32]int:
-		var v2 map[int32]int
-		v2, changed = fastpathTV.DecMapInt32IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]int8:
-		fastpathTV.DecMapInt32Int8V(v, false, d)
-	case *map[int32]int8:
-		var v2 map[int32]int8
-		v2, changed = fastpathTV.DecMapInt32Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]int16:
-		fastpathTV.DecMapInt32Int16V(v, false, d)
-	case *map[int32]int16:
-		var v2 map[int32]int16
-		v2, changed = fastpathTV.DecMapInt32Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]int32:
-		fastpathTV.DecMapInt32Int32V(v, false, d)
-	case *map[int32]int32:
-		var v2 map[int32]int32
-		v2, changed = fastpathTV.DecMapInt32Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]int64:
-		fastpathTV.DecMapInt32Int64V(v, false, d)
-	case *map[int32]int64:
-		var v2 map[int32]int64
-		v2, changed = fastpathTV.DecMapInt32Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]float32:
-		fastpathTV.DecMapInt32Float32V(v, false, d)
-	case *map[int32]float32:
-		var v2 map[int32]float32
-		v2, changed = fastpathTV.DecMapInt32Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]float64:
-		fastpathTV.DecMapInt32Float64V(v, false, d)
-	case *map[int32]float64:
-		var v2 map[int32]float64
-		v2, changed = fastpathTV.DecMapInt32Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int32]bool:
-		fastpathTV.DecMapInt32BoolV(v, false, d)
-	case *map[int32]bool:
-		var v2 map[int32]bool
-		v2, changed = fastpathTV.DecMapInt32BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]interface{}:
-		fastpathTV.DecMapInt64IntfV(v, false, d)
-	case *map[int64]interface{}:
-		var v2 map[int64]interface{}
-		v2, changed = fastpathTV.DecMapInt64IntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]string:
-		fastpathTV.DecMapInt64StringV(v, false, d)
-	case *map[int64]string:
-		var v2 map[int64]string
-		v2, changed = fastpathTV.DecMapInt64StringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]uint:
-		fastpathTV.DecMapInt64UintV(v, false, d)
-	case *map[int64]uint:
-		var v2 map[int64]uint
-		v2, changed = fastpathTV.DecMapInt64UintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]uint8:
-		fastpathTV.DecMapInt64Uint8V(v, false, d)
-	case *map[int64]uint8:
-		var v2 map[int64]uint8
-		v2, changed = fastpathTV.DecMapInt64Uint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]uint16:
-		fastpathTV.DecMapInt64Uint16V(v, false, d)
-	case *map[int64]uint16:
-		var v2 map[int64]uint16
-		v2, changed = fastpathTV.DecMapInt64Uint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]uint32:
-		fastpathTV.DecMapInt64Uint32V(v, false, d)
-	case *map[int64]uint32:
-		var v2 map[int64]uint32
-		v2, changed = fastpathTV.DecMapInt64Uint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]uint64:
-		fastpathTV.DecMapInt64Uint64V(v, false, d)
-	case *map[int64]uint64:
-		var v2 map[int64]uint64
-		v2, changed = fastpathTV.DecMapInt64Uint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]uintptr:
-		fastpathTV.DecMapInt64UintptrV(v, false, d)
-	case *map[int64]uintptr:
-		var v2 map[int64]uintptr
-		v2, changed = fastpathTV.DecMapInt64UintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]int:
-		fastpathTV.DecMapInt64IntV(v, false, d)
-	case *map[int64]int:
-		var v2 map[int64]int
-		v2, changed = fastpathTV.DecMapInt64IntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]int8:
-		fastpathTV.DecMapInt64Int8V(v, false, d)
-	case *map[int64]int8:
-		var v2 map[int64]int8
-		v2, changed = fastpathTV.DecMapInt64Int8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]int16:
-		fastpathTV.DecMapInt64Int16V(v, false, d)
-	case *map[int64]int16:
-		var v2 map[int64]int16
-		v2, changed = fastpathTV.DecMapInt64Int16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]int32:
-		fastpathTV.DecMapInt64Int32V(v, false, d)
-	case *map[int64]int32:
-		var v2 map[int64]int32
-		v2, changed = fastpathTV.DecMapInt64Int32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]int64:
-		fastpathTV.DecMapInt64Int64V(v, false, d)
-	case *map[int64]int64:
-		var v2 map[int64]int64
-		v2, changed = fastpathTV.DecMapInt64Int64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]float32:
-		fastpathTV.DecMapInt64Float32V(v, false, d)
-	case *map[int64]float32:
-		var v2 map[int64]float32
-		v2, changed = fastpathTV.DecMapInt64Float32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]float64:
-		fastpathTV.DecMapInt64Float64V(v, false, d)
-	case *map[int64]float64:
-		var v2 map[int64]float64
-		v2, changed = fastpathTV.DecMapInt64Float64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[int64]bool:
-		fastpathTV.DecMapInt64BoolV(v, false, d)
-	case *map[int64]bool:
-		var v2 map[int64]bool
-		v2, changed = fastpathTV.DecMapInt64BoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]interface{}:
-		fastpathTV.DecMapBoolIntfV(v, false, d)
-	case *map[bool]interface{}:
-		var v2 map[bool]interface{}
-		v2, changed = fastpathTV.DecMapBoolIntfV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]string:
-		fastpathTV.DecMapBoolStringV(v, false, d)
-	case *map[bool]string:
-		var v2 map[bool]string
-		v2, changed = fastpathTV.DecMapBoolStringV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]uint:
-		fastpathTV.DecMapBoolUintV(v, false, d)
-	case *map[bool]uint:
-		var v2 map[bool]uint
-		v2, changed = fastpathTV.DecMapBoolUintV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]uint8:
-		fastpathTV.DecMapBoolUint8V(v, false, d)
-	case *map[bool]uint8:
-		var v2 map[bool]uint8
-		v2, changed = fastpathTV.DecMapBoolUint8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]uint16:
-		fastpathTV.DecMapBoolUint16V(v, false, d)
-	case *map[bool]uint16:
-		var v2 map[bool]uint16
-		v2, changed = fastpathTV.DecMapBoolUint16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]uint32:
-		fastpathTV.DecMapBoolUint32V(v, false, d)
-	case *map[bool]uint32:
-		var v2 map[bool]uint32
-		v2, changed = fastpathTV.DecMapBoolUint32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]uint64:
-		fastpathTV.DecMapBoolUint64V(v, false, d)
-	case *map[bool]uint64:
-		var v2 map[bool]uint64
-		v2, changed = fastpathTV.DecMapBoolUint64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]uintptr:
-		fastpathTV.DecMapBoolUintptrV(v, false, d)
-	case *map[bool]uintptr:
-		var v2 map[bool]uintptr
-		v2, changed = fastpathTV.DecMapBoolUintptrV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]int:
-		fastpathTV.DecMapBoolIntV(v, false, d)
-	case *map[bool]int:
-		var v2 map[bool]int
-		v2, changed = fastpathTV.DecMapBoolIntV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]int8:
-		fastpathTV.DecMapBoolInt8V(v, false, d)
-	case *map[bool]int8:
-		var v2 map[bool]int8
-		v2, changed = fastpathTV.DecMapBoolInt8V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]int16:
-		fastpathTV.DecMapBoolInt16V(v, false, d)
-	case *map[bool]int16:
-		var v2 map[bool]int16
-		v2, changed = fastpathTV.DecMapBoolInt16V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]int32:
-		fastpathTV.DecMapBoolInt32V(v, false, d)
-	case *map[bool]int32:
-		var v2 map[bool]int32
-		v2, changed = fastpathTV.DecMapBoolInt32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]int64:
-		fastpathTV.DecMapBoolInt64V(v, false, d)
-	case *map[bool]int64:
-		var v2 map[bool]int64
-		v2, changed = fastpathTV.DecMapBoolInt64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]float32:
-		fastpathTV.DecMapBoolFloat32V(v, false, d)
-	case *map[bool]float32:
-		var v2 map[bool]float32
-		v2, changed = fastpathTV.DecMapBoolFloat32V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]float64:
-		fastpathTV.DecMapBoolFloat64V(v, false, d)
-	case *map[bool]float64:
-		var v2 map[bool]float64
-		v2, changed = fastpathTV.DecMapBoolFloat64V(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	case map[bool]bool:
-		fastpathTV.DecMapBoolBoolV(v, false, d)
-	case *map[bool]bool:
-		var v2 map[bool]bool
-		v2, changed = fastpathTV.DecMapBoolBoolV(*v, true, d)
-		if changed {
-			*v = v2
-		}
-	default:
-		_ = v // workaround https://github.com/golang/go/issues/12927 seen in go1.4
-		return false
-	}
-	return true
-}
-
-func fastpathDecodeSetZeroTypeSwitch(iv interface{}) bool {
-	switch v := iv.(type) {
-
-	case *[]interface{}:
-		*v = nil
-	case *[]string:
-		*v = nil
-	case *[]float32:
-		*v = nil
-	case *[]float64:
-		*v = nil
-	case *[]uint:
-		*v = nil
-	case *[]uint8:
-		*v = nil
-	case *[]uint16:
-		*v = nil
-	case *[]uint32:
-		*v = nil
-	case *[]uint64:
-		*v = nil
-	case *[]uintptr:
-		*v = nil
-	case *[]int:
-		*v = nil
-	case *[]int8:
-		*v = nil
-	case *[]int16:
-		*v = nil
-	case *[]int32:
-		*v = nil
-	case *[]int64:
-		*v = nil
-	case *[]bool:
-		*v = nil
-
-	case *map[interface{}]interface{}:
-		*v = nil
-	case *map[interface{}]string:
-		*v = nil
-	case *map[interface{}]uint:
-		*v = nil
-	case *map[interface{}]uint8:
-		*v = nil
-	case *map[interface{}]uint16:
-		*v = nil
-	case *map[interface{}]uint32:
-		*v = nil
-	case *map[interface{}]uint64:
-		*v = nil
-	case *map[interface{}]uintptr:
-		*v = nil
-	case *map[interface{}]int:
-		*v = nil
-	case *map[interface{}]int8:
-		*v = nil
-	case *map[interface{}]int16:
-		*v = nil
-	case *map[interface{}]int32:
-		*v = nil
-	case *map[interface{}]int64:
-		*v = nil
-	case *map[interface{}]float32:
-		*v = nil
-	case *map[interface{}]float64:
-		*v = nil
-	case *map[interface{}]bool:
-		*v = nil
-	case *map[string]interface{}:
-		*v = nil
-	case *map[string]string:
-		*v = nil
-	case *map[string]uint:
-		*v = nil
-	case *map[string]uint8:
-		*v = nil
-	case *map[string]uint16:
-		*v = nil
-	case *map[string]uint32:
-		*v = nil
-	case *map[string]uint64:
-		*v = nil
-	case *map[string]uintptr:
-		*v = nil
-	case *map[string]int:
-		*v = nil
-	case *map[string]int8:
-		*v = nil
-	case *map[string]int16:
-		*v = nil
-	case *map[string]int32:
-		*v = nil
-	case *map[string]int64:
-		*v = nil
-	case *map[string]float32:
-		*v = nil
-	case *map[string]float64:
-		*v = nil
-	case *map[string]bool:
-		*v = nil
-	case *map[float32]interface{}:
-		*v = nil
-	case *map[float32]string:
-		*v = nil
-	case *map[float32]uint:
-		*v = nil
-	case *map[float32]uint8:
-		*v = nil
-	case *map[float32]uint16:
-		*v = nil
-	case *map[float32]uint32:
-		*v = nil
-	case *map[float32]uint64:
-		*v = nil
-	case *map[float32]uintptr:
-		*v = nil
-	case *map[float32]int:
-		*v = nil
-	case *map[float32]int8:
-		*v = nil
-	case *map[float32]int16:
-		*v = nil
-	case *map[float32]int32:
-		*v = nil
-	case *map[float32]int64:
-		*v = nil
-	case *map[float32]float32:
-		*v = nil
-	case *map[float32]float64:
-		*v = nil
-	case *map[float32]bool:
-		*v = nil
-	case *map[float64]interface{}:
-		*v = nil
-	case *map[float64]string:
-		*v = nil
-	case *map[float64]uint:
-		*v = nil
-	case *map[float64]uint8:
-		*v = nil
-	case *map[float64]uint16:
-		*v = nil
-	case *map[float64]uint32:
-		*v = nil
-	case *map[float64]uint64:
-		*v = nil
-	case *map[float64]uintptr:
-		*v = nil
-	case *map[float64]int:
-		*v = nil
-	case *map[float64]int8:
-		*v = nil
-	case *map[float64]int16:
-		*v = nil
-	case *map[float64]int32:
-		*v = nil
-	case *map[float64]int64:
-		*v = nil
-	case *map[float64]float32:
-		*v = nil
-	case *map[float64]float64:
-		*v = nil
-	case *map[float64]bool:
-		*v = nil
-	case *map[uint]interface{}:
-		*v = nil
-	case *map[uint]string:
-		*v = nil
-	case *map[uint]uint:
-		*v = nil
-	case *map[uint]uint8:
-		*v = nil
-	case *map[uint]uint16:
-		*v = nil
-	case *map[uint]uint32:
-		*v = nil
-	case *map[uint]uint64:
-		*v = nil
-	case *map[uint]uintptr:
-		*v = nil
-	case *map[uint]int:
-		*v = nil
-	case *map[uint]int8:
-		*v = nil
-	case *map[uint]int16:
-		*v = nil
-	case *map[uint]int32:
-		*v = nil
-	case *map[uint]int64:
-		*v = nil
-	case *map[uint]float32:
-		*v = nil
-	case *map[uint]float64:
-		*v = nil
-	case *map[uint]bool:
-		*v = nil
-	case *map[uint8]interface{}:
-		*v = nil
-	case *map[uint8]string:
-		*v = nil
-	case *map[uint8]uint:
-		*v = nil
-	case *map[uint8]uint8:
-		*v = nil
-	case *map[uint8]uint16:
-		*v = nil
-	case *map[uint8]uint32:
-		*v = nil
-	case *map[uint8]uint64:
-		*v = nil
-	case *map[uint8]uintptr:
-		*v = nil
-	case *map[uint8]int:
-		*v = nil
-	case *map[uint8]int8:
-		*v = nil
-	case *map[uint8]int16:
-		*v = nil
-	case *map[uint8]int32:
-		*v = nil
-	case *map[uint8]int64:
-		*v = nil
-	case *map[uint8]float32:
-		*v = nil
-	case *map[uint8]float64:
-		*v = nil
-	case *map[uint8]bool:
-		*v = nil
-	case *map[uint16]interface{}:
-		*v = nil
-	case *map[uint16]string:
-		*v = nil
-	case *map[uint16]uint:
-		*v = nil
-	case *map[uint16]uint8:
-		*v = nil
-	case *map[uint16]uint16:
-		*v = nil
-	case *map[uint16]uint32:
-		*v = nil
-	case *map[uint16]uint64:
-		*v = nil
-	case *map[uint16]uintptr:
-		*v = nil
-	case *map[uint16]int:
-		*v = nil
-	case *map[uint16]int8:
-		*v = nil
-	case *map[uint16]int16:
-		*v = nil
-	case *map[uint16]int32:
-		*v = nil
-	case *map[uint16]int64:
-		*v = nil
-	case *map[uint16]float32:
-		*v = nil
-	case *map[uint16]float64:
-		*v = nil
-	case *map[uint16]bool:
-		*v = nil
-	case *map[uint32]interface{}:
-		*v = nil
-	case *map[uint32]string:
-		*v = nil
-	case *map[uint32]uint:
-		*v = nil
-	case *map[uint32]uint8:
-		*v = nil
-	case *map[uint32]uint16:
-		*v = nil
-	case *map[uint32]uint32:
-		*v = nil
-	case *map[uint32]uint64:
-		*v = nil
-	case *map[uint32]uintptr:
-		*v = nil
-	case *map[uint32]int:
-		*v = nil
-	case *map[uint32]int8:
-		*v = nil
-	case *map[uint32]int16:
-		*v = nil
-	case *map[uint32]int32:
-		*v = nil
-	case *map[uint32]int64:
-		*v = nil
-	case *map[uint32]float32:
-		*v = nil
-	case *map[uint32]float64:
-		*v = nil
-	case *map[uint32]bool:
-		*v = nil
-	case *map[uint64]interface{}:
-		*v = nil
-	case *map[uint64]string:
-		*v = nil
-	case *map[uint64]uint:
-		*v = nil
-	case *map[uint64]uint8:
-		*v = nil
-	case *map[uint64]uint16:
-		*v = nil
-	case *map[uint64]uint32:
-		*v = nil
-	case *map[uint64]uint64:
-		*v = nil
-	case *map[uint64]uintptr:
-		*v = nil
-	case *map[uint64]int:
-		*v = nil
-	case *map[uint64]int8:
-		*v = nil
-	case *map[uint64]int16:
-		*v = nil
-	case *map[uint64]int32:
-		*v = nil
-	case *map[uint64]int64:
-		*v = nil
-	case *map[uint64]float32:
-		*v = nil
-	case *map[uint64]float64:
-		*v = nil
-	case *map[uint64]bool:
-		*v = nil
-	case *map[uintptr]interface{}:
-		*v = nil
-	case *map[uintptr]string:
-		*v = nil
-	case *map[uintptr]uint:
-		*v = nil
-	case *map[uintptr]uint8:
-		*v = nil
-	case *map[uintptr]uint16:
-		*v = nil
-	case *map[uintptr]uint32:
-		*v = nil
-	case *map[uintptr]uint64:
-		*v = nil
-	case *map[uintptr]uintptr:
-		*v = nil
-	case *map[uintptr]int:
-		*v = nil
-	case *map[uintptr]int8:
-		*v = nil
-	case *map[uintptr]int16:
-		*v = nil
-	case *map[uintptr]int32:
-		*v = nil
-	case *map[uintptr]int64:
-		*v = nil
-	case *map[uintptr]float32:
-		*v = nil
-	case *map[uintptr]float64:
-		*v = nil
-	case *map[uintptr]bool:
-		*v = nil
-	case *map[int]interface{}:
-		*v = nil
-	case *map[int]string:
-		*v = nil
-	case *map[int]uint:
-		*v = nil
-	case *map[int]uint8:
-		*v = nil
-	case *map[int]uint16:
-		*v = nil
-	case *map[int]uint32:
-		*v = nil
-	case *map[int]uint64:
-		*v = nil
-	case *map[int]uintptr:
-		*v = nil
-	case *map[int]int:
-		*v = nil
-	case *map[int]int8:
-		*v = nil
-	case *map[int]int16:
-		*v = nil
-	case *map[int]int32:
-		*v = nil
-	case *map[int]int64:
-		*v = nil
-	case *map[int]float32:
-		*v = nil
-	case *map[int]float64:
-		*v = nil
-	case *map[int]bool:
-		*v = nil
-	case *map[int8]interface{}:
-		*v = nil
-	case *map[int8]string:
-		*v = nil
-	case *map[int8]uint:
-		*v = nil
-	case *map[int8]uint8:
-		*v = nil
-	case *map[int8]uint16:
-		*v = nil
-	case *map[int8]uint32:
-		*v = nil
-	case *map[int8]uint64:
-		*v = nil
-	case *map[int8]uintptr:
-		*v = nil
-	case *map[int8]int:
-		*v = nil
-	case *map[int8]int8:
-		*v = nil
-	case *map[int8]int16:
-		*v = nil
-	case *map[int8]int32:
-		*v = nil
-	case *map[int8]int64:
-		*v = nil
-	case *map[int8]float32:
-		*v = nil
-	case *map[int8]float64:
-		*v = nil
-	case *map[int8]bool:
-		*v = nil
-	case *map[int16]interface{}:
-		*v = nil
-	case *map[int16]string:
-		*v = nil
-	case *map[int16]uint:
-		*v = nil
-	case *map[int16]uint8:
-		*v = nil
-	case *map[int16]uint16:
-		*v = nil
-	case *map[int16]uint32:
-		*v = nil
-	case *map[int16]uint64:
-		*v = nil
-	case *map[int16]uintptr:
-		*v = nil
-	case *map[int16]int:
-		*v = nil
-	case *map[int16]int8:
-		*v = nil
-	case *map[int16]int16:
-		*v = nil
-	case *map[int16]int32:
-		*v = nil
-	case *map[int16]int64:
-		*v = nil
-	case *map[int16]float32:
-		*v = nil
-	case *map[int16]float64:
-		*v = nil
-	case *map[int16]bool:
-		*v = nil
-	case *map[int32]interface{}:
-		*v = nil
-	case *map[int32]string:
-		*v = nil
-	case *map[int32]uint:
-		*v = nil
-	case *map[int32]uint8:
-		*v = nil
-	case *map[int32]uint16:
-		*v = nil
-	case *map[int32]uint32:
-		*v = nil
-	case *map[int32]uint64:
-		*v = nil
-	case *map[int32]uintptr:
-		*v = nil
-	case *map[int32]int:
-		*v = nil
-	case *map[int32]int8:
-		*v = nil
-	case *map[int32]int16:
-		*v = nil
-	case *map[int32]int32:
-		*v = nil
-	case *map[int32]int64:
-		*v = nil
-	case *map[int32]float32:
-		*v = nil
-	case *map[int32]float64:
-		*v = nil
-	case *map[int32]bool:
-		*v = nil
-	case *map[int64]interface{}:
-		*v = nil
-	case *map[int64]string:
-		*v = nil
-	case *map[int64]uint:
-		*v = nil
-	case *map[int64]uint8:
-		*v = nil
-	case *map[int64]uint16:
-		*v = nil
-	case *map[int64]uint32:
-		*v = nil
-	case *map[int64]uint64:
-		*v = nil
-	case *map[int64]uintptr:
-		*v = nil
-	case *map[int64]int:
-		*v = nil
-	case *map[int64]int8:
-		*v = nil
-	case *map[int64]int16:
-		*v = nil
-	case *map[int64]int32:
-		*v = nil
-	case *map[int64]int64:
-		*v = nil
-	case *map[int64]float32:
-		*v = nil
-	case *map[int64]float64:
-		*v = nil
-	case *map[int64]bool:
-		*v = nil
-	case *map[bool]interface{}:
-		*v = nil
-	case *map[bool]string:
-		*v = nil
-	case *map[bool]uint:
-		*v = nil
-	case *map[bool]uint8:
-		*v = nil
-	case *map[bool]uint16:
-		*v = nil
-	case *map[bool]uint32:
-		*v = nil
-	case *map[bool]uint64:
-		*v = nil
-	case *map[bool]uintptr:
-		*v = nil
-	case *map[bool]int:
-		*v = nil
-	case *map[bool]int8:
-		*v = nil
-	case *map[bool]int16:
-		*v = nil
-	case *map[bool]int32:
-		*v = nil
-	case *map[bool]int64:
-		*v = nil
-	case *map[bool]float32:
-		*v = nil
-	case *map[bool]float64:
-		*v = nil
-	case *map[bool]bool:
-		*v = nil
-	default:
-		_ = v // workaround https://github.com/golang/go/issues/12927 seen in go1.4
-		return false
-	}
-	return true
-}
-
-// -- -- fast path functions
-
-func (d *Decoder) fastpathDecSliceIntfR(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]interface{})
-		v, changed := fastpathTV.DecSliceIntfV(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]interface{})
-		v2, changed := fastpathTV.DecSliceIntfV(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceIntfX(vp *[]interface{}, d *Decoder) {
-	v, changed := f.DecSliceIntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceIntfV(v []interface{}, canChange bool, d *Decoder) (_ []interface{}, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []interface{}{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 16)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]interface{}, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 16)
-			} else {
-				xlen = 8
-			}
-			v = make([]interface{}, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, nil)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = nil
-		} else {
-			d.decode(&v[j])
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]interface{}, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceStringR(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]string)
-		v, changed := fastpathTV.DecSliceStringV(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]string)
-		v2, changed := fastpathTV.DecSliceStringV(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceStringX(vp *[]string, d *Decoder) {
-	v, changed := f.DecSliceStringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceStringV(v []string, canChange bool, d *Decoder) (_ []string, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []string{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 16)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]string, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 16)
-			} else {
-				xlen = 8
-			}
-			v = make([]string, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, "")
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = ""
-		} else {
-			v[j] = dd.DecodeString()
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]string, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceFloat32R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]float32)
-		v, changed := fastpathTV.DecSliceFloat32V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]float32)
-		v2, changed := fastpathTV.DecSliceFloat32V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceFloat32X(vp *[]float32, d *Decoder) {
-	v, changed := f.DecSliceFloat32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceFloat32V(v []float32, canChange bool, d *Decoder) (_ []float32, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []float32{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 4)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]float32, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 4)
-			} else {
-				xlen = 8
-			}
-			v = make([]float32, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]float32, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceFloat64R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]float64)
-		v, changed := fastpathTV.DecSliceFloat64V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]float64)
-		v2, changed := fastpathTV.DecSliceFloat64V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceFloat64X(vp *[]float64, d *Decoder) {
-	v, changed := f.DecSliceFloat64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceFloat64V(v []float64, canChange bool, d *Decoder) (_ []float64, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []float64{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]float64, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			} else {
-				xlen = 8
-			}
-			v = make([]float64, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = dd.DecodeFloat64()
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]float64, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceUintR(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]uint)
-		v, changed := fastpathTV.DecSliceUintV(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]uint)
-		v2, changed := fastpathTV.DecSliceUintV(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceUintX(vp *[]uint, d *Decoder) {
-	v, changed := f.DecSliceUintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceUintV(v []uint, canChange bool, d *Decoder) (_ []uint, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []uint{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]uint, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			} else {
-				xlen = 8
-			}
-			v = make([]uint, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]uint, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceUint8R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]uint8)
-		v, changed := fastpathTV.DecSliceUint8V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]uint8)
-		v2, changed := fastpathTV.DecSliceUint8V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceUint8X(vp *[]uint8, d *Decoder) {
-	v, changed := f.DecSliceUint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceUint8V(v []uint8, canChange bool, d *Decoder) (_ []uint8, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []uint8{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 1)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]uint8, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 1)
-			} else {
-				xlen = 8
-			}
-			v = make([]uint8, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]uint8, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceUint16R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]uint16)
-		v, changed := fastpathTV.DecSliceUint16V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]uint16)
-		v2, changed := fastpathTV.DecSliceUint16V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceUint16X(vp *[]uint16, d *Decoder) {
-	v, changed := f.DecSliceUint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceUint16V(v []uint16, canChange bool, d *Decoder) (_ []uint16, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []uint16{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 2)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]uint16, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 2)
-			} else {
-				xlen = 8
-			}
-			v = make([]uint16, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]uint16, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceUint32R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]uint32)
-		v, changed := fastpathTV.DecSliceUint32V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]uint32)
-		v2, changed := fastpathTV.DecSliceUint32V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceUint32X(vp *[]uint32, d *Decoder) {
-	v, changed := f.DecSliceUint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceUint32V(v []uint32, canChange bool, d *Decoder) (_ []uint32, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []uint32{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 4)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]uint32, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 4)
-			} else {
-				xlen = 8
-			}
-			v = make([]uint32, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]uint32, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceUint64R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]uint64)
-		v, changed := fastpathTV.DecSliceUint64V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]uint64)
-		v2, changed := fastpathTV.DecSliceUint64V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceUint64X(vp *[]uint64, d *Decoder) {
-	v, changed := f.DecSliceUint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceUint64V(v []uint64, canChange bool, d *Decoder) (_ []uint64, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []uint64{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]uint64, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			} else {
-				xlen = 8
-			}
-			v = make([]uint64, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = dd.DecodeUint64()
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]uint64, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceUintptrR(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]uintptr)
-		v, changed := fastpathTV.DecSliceUintptrV(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]uintptr)
-		v2, changed := fastpathTV.DecSliceUintptrV(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceUintptrX(vp *[]uintptr, d *Decoder) {
-	v, changed := f.DecSliceUintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceUintptrV(v []uintptr, canChange bool, d *Decoder) (_ []uintptr, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []uintptr{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]uintptr, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			} else {
-				xlen = 8
-			}
-			v = make([]uintptr, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]uintptr, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceIntR(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]int)
-		v, changed := fastpathTV.DecSliceIntV(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]int)
-		v2, changed := fastpathTV.DecSliceIntV(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceIntX(vp *[]int, d *Decoder) {
-	v, changed := f.DecSliceIntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceIntV(v []int, canChange bool, d *Decoder) (_ []int, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []int{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]int, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			} else {
-				xlen = 8
-			}
-			v = make([]int, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]int, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceInt8R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]int8)
-		v, changed := fastpathTV.DecSliceInt8V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]int8)
-		v2, changed := fastpathTV.DecSliceInt8V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceInt8X(vp *[]int8, d *Decoder) {
-	v, changed := f.DecSliceInt8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceInt8V(v []int8, canChange bool, d *Decoder) (_ []int8, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []int8{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 1)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]int8, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 1)
-			} else {
-				xlen = 8
-			}
-			v = make([]int8, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]int8, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceInt16R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]int16)
-		v, changed := fastpathTV.DecSliceInt16V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]int16)
-		v2, changed := fastpathTV.DecSliceInt16V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceInt16X(vp *[]int16, d *Decoder) {
-	v, changed := f.DecSliceInt16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceInt16V(v []int16, canChange bool, d *Decoder) (_ []int16, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []int16{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 2)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]int16, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 2)
-			} else {
-				xlen = 8
-			}
-			v = make([]int16, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]int16, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceInt32R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]int32)
-		v, changed := fastpathTV.DecSliceInt32V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]int32)
-		v2, changed := fastpathTV.DecSliceInt32V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceInt32X(vp *[]int32, d *Decoder) {
-	v, changed := f.DecSliceInt32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceInt32V(v []int32, canChange bool, d *Decoder) (_ []int32, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []int32{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 4)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]int32, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 4)
-			} else {
-				xlen = 8
-			}
-			v = make([]int32, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]int32, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceInt64R(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]int64)
-		v, changed := fastpathTV.DecSliceInt64V(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]int64)
-		v2, changed := fastpathTV.DecSliceInt64V(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceInt64X(vp *[]int64, d *Decoder) {
-	v, changed := f.DecSliceInt64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceInt64V(v []int64, canChange bool, d *Decoder) (_ []int64, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []int64{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]int64, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 8)
-			} else {
-				xlen = 8
-			}
-			v = make([]int64, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, 0)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = 0
-		} else {
-			v[j] = dd.DecodeInt64()
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]int64, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecSliceBoolR(f *codecFnInfo, rv reflect.Value) {
-	if array := f.seq == seqTypeArray; !array && rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*[]bool)
-		v, changed := fastpathTV.DecSliceBoolV(*vp, !array, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		v := rv2i(rv).([]bool)
-		v2, changed := fastpathTV.DecSliceBoolV(v, !array, d)
-		if changed && len(v) > 0 && len(v2) > 0 && !(len(v2) == len(v) && &v2[0] == &v[0]) {
-			copy(v, v2)
-		}
-	}
-}
-func (f fastpathT) DecSliceBoolX(vp *[]bool, d *Decoder) {
-	v, changed := f.DecSliceBoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecSliceBoolV(v []bool, canChange bool, d *Decoder) (_ []bool, changed bool) {
-	dd := d.d
-	slh, containerLenS := d.decSliceHelperStart()
-	if containerLenS == 0 {
-		if canChange {
-			if v == nil {
-				v = []bool{}
-			} else if len(v) != 0 {
-				v = v[:0]
-			}
-			changed = true
-		}
-		slh.End()
-		return v, changed
-	}
-	hasLen := containerLenS > 0
-	var xlen int
-	if hasLen && canChange {
-		if containerLenS > cap(v) {
-			xlen = decInferLen(containerLenS, d.h.MaxInitLen, 1)
-			if xlen <= cap(v) {
-				v = v[:xlen]
-			} else {
-				v = make([]bool, xlen)
-			}
-			changed = true
-		} else if containerLenS != len(v) {
-			v = v[:containerLenS]
-			changed = true
-		}
-	}
-	j := 0
-	for ; (hasLen && j < containerLenS) || !(hasLen || dd.CheckBreak()); j++ {
-		if j == 0 && len(v) == 0 && canChange {
-			if hasLen {
-				xlen = decInferLen(containerLenS, d.h.MaxInitLen, 1)
-			} else {
-				xlen = 8
-			}
-			v = make([]bool, xlen)
-			changed = true
-		}
-		// if indefinite, etc, then expand the slice if necessary
-		var decodeIntoBlank bool
-		if j >= len(v) {
-			if canChange {
-				v = append(v, false)
-				changed = true
-			} else {
-				d.arrayCannotExpand(len(v), j+1)
-				decodeIntoBlank = true
-			}
-		}
-		slh.ElemContainerState(j)
-		if decodeIntoBlank {
-			d.swallow()
-		} else if dd.TryDecodeAsNil() {
-			v[j] = false
-		} else {
-			v[j] = dd.DecodeBool()
-		}
-	}
-	if canChange {
-		if j < len(v) {
-			v = v[:j]
-			changed = true
-		} else if j == 0 && v == nil {
-			v = make([]bool, 0)
-			changed = true
-		}
-	}
-	slh.End()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfIntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]interface{})
-		v, changed := fastpathTV.DecMapIntfIntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfIntfV(rv2i(rv).(map[interface{}]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfIntfX(vp *map[interface{}]interface{}, d *Decoder) {
-	v, changed := f.DecMapIntfIntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfIntfV(v map[interface{}]interface{}, canChange bool,
-	d *Decoder) (_ map[interface{}]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 32)
-		v = make(map[interface{}]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk interface{}
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfStringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]string)
-		v, changed := fastpathTV.DecMapIntfStringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfStringV(rv2i(rv).(map[interface{}]string), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfStringX(vp *map[interface{}]string, d *Decoder) {
-	v, changed := f.DecMapIntfStringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfStringV(v map[interface{}]string, canChange bool,
-	d *Decoder) (_ map[interface{}]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 32)
-		v = make(map[interface{}]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfUintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]uint)
-		v, changed := fastpathTV.DecMapIntfUintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfUintV(rv2i(rv).(map[interface{}]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfUintX(vp *map[interface{}]uint, d *Decoder) {
-	v, changed := f.DecMapIntfUintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfUintV(v map[interface{}]uint, canChange bool,
-	d *Decoder) (_ map[interface{}]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[interface{}]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfUint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]uint8)
-		v, changed := fastpathTV.DecMapIntfUint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfUint8V(rv2i(rv).(map[interface{}]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfUint8X(vp *map[interface{}]uint8, d *Decoder) {
-	v, changed := f.DecMapIntfUint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfUint8V(v map[interface{}]uint8, canChange bool,
-	d *Decoder) (_ map[interface{}]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[interface{}]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfUint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]uint16)
-		v, changed := fastpathTV.DecMapIntfUint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfUint16V(rv2i(rv).(map[interface{}]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfUint16X(vp *map[interface{}]uint16, d *Decoder) {
-	v, changed := f.DecMapIntfUint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfUint16V(v map[interface{}]uint16, canChange bool,
-	d *Decoder) (_ map[interface{}]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 18)
-		v = make(map[interface{}]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfUint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]uint32)
-		v, changed := fastpathTV.DecMapIntfUint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfUint32V(rv2i(rv).(map[interface{}]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfUint32X(vp *map[interface{}]uint32, d *Decoder) {
-	v, changed := f.DecMapIntfUint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfUint32V(v map[interface{}]uint32, canChange bool,
-	d *Decoder) (_ map[interface{}]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[interface{}]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfUint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]uint64)
-		v, changed := fastpathTV.DecMapIntfUint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfUint64V(rv2i(rv).(map[interface{}]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfUint64X(vp *map[interface{}]uint64, d *Decoder) {
-	v, changed := f.DecMapIntfUint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfUint64V(v map[interface{}]uint64, canChange bool,
-	d *Decoder) (_ map[interface{}]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[interface{}]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfUintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]uintptr)
-		v, changed := fastpathTV.DecMapIntfUintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfUintptrV(rv2i(rv).(map[interface{}]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfUintptrX(vp *map[interface{}]uintptr, d *Decoder) {
-	v, changed := f.DecMapIntfUintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfUintptrV(v map[interface{}]uintptr, canChange bool,
-	d *Decoder) (_ map[interface{}]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[interface{}]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfIntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]int)
-		v, changed := fastpathTV.DecMapIntfIntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfIntV(rv2i(rv).(map[interface{}]int), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfIntX(vp *map[interface{}]int, d *Decoder) {
-	v, changed := f.DecMapIntfIntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfIntV(v map[interface{}]int, canChange bool,
-	d *Decoder) (_ map[interface{}]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[interface{}]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfInt8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]int8)
-		v, changed := fastpathTV.DecMapIntfInt8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfInt8V(rv2i(rv).(map[interface{}]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfInt8X(vp *map[interface{}]int8, d *Decoder) {
-	v, changed := f.DecMapIntfInt8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfInt8V(v map[interface{}]int8, canChange bool,
-	d *Decoder) (_ map[interface{}]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[interface{}]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfInt16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]int16)
-		v, changed := fastpathTV.DecMapIntfInt16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfInt16V(rv2i(rv).(map[interface{}]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfInt16X(vp *map[interface{}]int16, d *Decoder) {
-	v, changed := f.DecMapIntfInt16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfInt16V(v map[interface{}]int16, canChange bool,
-	d *Decoder) (_ map[interface{}]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 18)
-		v = make(map[interface{}]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfInt32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]int32)
-		v, changed := fastpathTV.DecMapIntfInt32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfInt32V(rv2i(rv).(map[interface{}]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfInt32X(vp *map[interface{}]int32, d *Decoder) {
-	v, changed := f.DecMapIntfInt32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfInt32V(v map[interface{}]int32, canChange bool,
-	d *Decoder) (_ map[interface{}]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[interface{}]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfInt64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]int64)
-		v, changed := fastpathTV.DecMapIntfInt64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfInt64V(rv2i(rv).(map[interface{}]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfInt64X(vp *map[interface{}]int64, d *Decoder) {
-	v, changed := f.DecMapIntfInt64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfInt64V(v map[interface{}]int64, canChange bool,
-	d *Decoder) (_ map[interface{}]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[interface{}]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfFloat32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]float32)
-		v, changed := fastpathTV.DecMapIntfFloat32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfFloat32V(rv2i(rv).(map[interface{}]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfFloat32X(vp *map[interface{}]float32, d *Decoder) {
-	v, changed := f.DecMapIntfFloat32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfFloat32V(v map[interface{}]float32, canChange bool,
-	d *Decoder) (_ map[interface{}]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[interface{}]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfFloat64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]float64)
-		v, changed := fastpathTV.DecMapIntfFloat64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfFloat64V(rv2i(rv).(map[interface{}]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfFloat64X(vp *map[interface{}]float64, d *Decoder) {
-	v, changed := f.DecMapIntfFloat64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfFloat64V(v map[interface{}]float64, canChange bool,
-	d *Decoder) (_ map[interface{}]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[interface{}]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntfBoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[interface{}]bool)
-		v, changed := fastpathTV.DecMapIntfBoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntfBoolV(rv2i(rv).(map[interface{}]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapIntfBoolX(vp *map[interface{}]bool, d *Decoder) {
-	v, changed := f.DecMapIntfBoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntfBoolV(v map[interface{}]bool, canChange bool,
-	d *Decoder) (_ map[interface{}]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[interface{}]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk interface{}
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = nil
-		d.decode(&mk)
-		if bv, bok := mk.([]byte); bok {
-			mk = d.string(bv)
-		}
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringIntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]interface{})
-		v, changed := fastpathTV.DecMapStringIntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringIntfV(rv2i(rv).(map[string]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapStringIntfX(vp *map[string]interface{}, d *Decoder) {
-	v, changed := f.DecMapStringIntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringIntfV(v map[string]interface{}, canChange bool,
-	d *Decoder) (_ map[string]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 32)
-		v = make(map[string]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk string
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringStringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]string)
-		v, changed := fastpathTV.DecMapStringStringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringStringV(rv2i(rv).(map[string]string), false, d)
-	}
-}
-func (f fastpathT) DecMapStringStringX(vp *map[string]string, d *Decoder) {
-	v, changed := f.DecMapStringStringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringStringV(v map[string]string, canChange bool,
-	d *Decoder) (_ map[string]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 32)
-		v = make(map[string]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringUintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]uint)
-		v, changed := fastpathTV.DecMapStringUintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringUintV(rv2i(rv).(map[string]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapStringUintX(vp *map[string]uint, d *Decoder) {
-	v, changed := f.DecMapStringUintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringUintV(v map[string]uint, canChange bool,
-	d *Decoder) (_ map[string]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[string]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringUint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]uint8)
-		v, changed := fastpathTV.DecMapStringUint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringUint8V(rv2i(rv).(map[string]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapStringUint8X(vp *map[string]uint8, d *Decoder) {
-	v, changed := f.DecMapStringUint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringUint8V(v map[string]uint8, canChange bool,
-	d *Decoder) (_ map[string]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[string]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringUint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]uint16)
-		v, changed := fastpathTV.DecMapStringUint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringUint16V(rv2i(rv).(map[string]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapStringUint16X(vp *map[string]uint16, d *Decoder) {
-	v, changed := f.DecMapStringUint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringUint16V(v map[string]uint16, canChange bool,
-	d *Decoder) (_ map[string]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 18)
-		v = make(map[string]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringUint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]uint32)
-		v, changed := fastpathTV.DecMapStringUint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringUint32V(rv2i(rv).(map[string]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapStringUint32X(vp *map[string]uint32, d *Decoder) {
-	v, changed := f.DecMapStringUint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringUint32V(v map[string]uint32, canChange bool,
-	d *Decoder) (_ map[string]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[string]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringUint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]uint64)
-		v, changed := fastpathTV.DecMapStringUint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringUint64V(rv2i(rv).(map[string]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapStringUint64X(vp *map[string]uint64, d *Decoder) {
-	v, changed := f.DecMapStringUint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringUint64V(v map[string]uint64, canChange bool,
-	d *Decoder) (_ map[string]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[string]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringUintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]uintptr)
-		v, changed := fastpathTV.DecMapStringUintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringUintptrV(rv2i(rv).(map[string]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapStringUintptrX(vp *map[string]uintptr, d *Decoder) {
-	v, changed := f.DecMapStringUintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringUintptrV(v map[string]uintptr, canChange bool,
-	d *Decoder) (_ map[string]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[string]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringIntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]int)
-		v, changed := fastpathTV.DecMapStringIntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringIntV(rv2i(rv).(map[string]int), false, d)
-	}
-}
-func (f fastpathT) DecMapStringIntX(vp *map[string]int, d *Decoder) {
-	v, changed := f.DecMapStringIntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringIntV(v map[string]int, canChange bool,
-	d *Decoder) (_ map[string]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[string]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringInt8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]int8)
-		v, changed := fastpathTV.DecMapStringInt8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringInt8V(rv2i(rv).(map[string]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapStringInt8X(vp *map[string]int8, d *Decoder) {
-	v, changed := f.DecMapStringInt8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringInt8V(v map[string]int8, canChange bool,
-	d *Decoder) (_ map[string]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[string]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringInt16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]int16)
-		v, changed := fastpathTV.DecMapStringInt16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringInt16V(rv2i(rv).(map[string]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapStringInt16X(vp *map[string]int16, d *Decoder) {
-	v, changed := f.DecMapStringInt16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringInt16V(v map[string]int16, canChange bool,
-	d *Decoder) (_ map[string]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 18)
-		v = make(map[string]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringInt32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]int32)
-		v, changed := fastpathTV.DecMapStringInt32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringInt32V(rv2i(rv).(map[string]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapStringInt32X(vp *map[string]int32, d *Decoder) {
-	v, changed := f.DecMapStringInt32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringInt32V(v map[string]int32, canChange bool,
-	d *Decoder) (_ map[string]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[string]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringInt64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]int64)
-		v, changed := fastpathTV.DecMapStringInt64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringInt64V(rv2i(rv).(map[string]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapStringInt64X(vp *map[string]int64, d *Decoder) {
-	v, changed := f.DecMapStringInt64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringInt64V(v map[string]int64, canChange bool,
-	d *Decoder) (_ map[string]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[string]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringFloat32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]float32)
-		v, changed := fastpathTV.DecMapStringFloat32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringFloat32V(rv2i(rv).(map[string]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapStringFloat32X(vp *map[string]float32, d *Decoder) {
-	v, changed := f.DecMapStringFloat32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringFloat32V(v map[string]float32, canChange bool,
-	d *Decoder) (_ map[string]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[string]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringFloat64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]float64)
-		v, changed := fastpathTV.DecMapStringFloat64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringFloat64V(rv2i(rv).(map[string]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapStringFloat64X(vp *map[string]float64, d *Decoder) {
-	v, changed := f.DecMapStringFloat64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringFloat64V(v map[string]float64, canChange bool,
-	d *Decoder) (_ map[string]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[string]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapStringBoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[string]bool)
-		v, changed := fastpathTV.DecMapStringBoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapStringBoolV(rv2i(rv).(map[string]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapStringBoolX(vp *map[string]bool, d *Decoder) {
-	v, changed := f.DecMapStringBoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapStringBoolV(v map[string]bool, canChange bool,
-	d *Decoder) (_ map[string]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[string]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk string
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeString()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]interface{})
-		v, changed := fastpathTV.DecMapFloat32IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32IntfV(rv2i(rv).(map[float32]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32IntfX(vp *map[float32]interface{}, d *Decoder) {
-	v, changed := f.DecMapFloat32IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32IntfV(v map[float32]interface{}, canChange bool,
-	d *Decoder) (_ map[float32]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[float32]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk float32
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]string)
-		v, changed := fastpathTV.DecMapFloat32StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32StringV(rv2i(rv).(map[float32]string), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32StringX(vp *map[float32]string, d *Decoder) {
-	v, changed := f.DecMapFloat32StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32StringV(v map[float32]string, canChange bool,
-	d *Decoder) (_ map[float32]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[float32]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]uint)
-		v, changed := fastpathTV.DecMapFloat32UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32UintV(rv2i(rv).(map[float32]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32UintX(vp *map[float32]uint, d *Decoder) {
-	v, changed := f.DecMapFloat32UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32UintV(v map[float32]uint, canChange bool,
-	d *Decoder) (_ map[float32]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float32]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]uint8)
-		v, changed := fastpathTV.DecMapFloat32Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Uint8V(rv2i(rv).(map[float32]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Uint8X(vp *map[float32]uint8, d *Decoder) {
-	v, changed := f.DecMapFloat32Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Uint8V(v map[float32]uint8, canChange bool,
-	d *Decoder) (_ map[float32]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[float32]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]uint16)
-		v, changed := fastpathTV.DecMapFloat32Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Uint16V(rv2i(rv).(map[float32]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Uint16X(vp *map[float32]uint16, d *Decoder) {
-	v, changed := f.DecMapFloat32Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Uint16V(v map[float32]uint16, canChange bool,
-	d *Decoder) (_ map[float32]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[float32]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]uint32)
-		v, changed := fastpathTV.DecMapFloat32Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Uint32V(rv2i(rv).(map[float32]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Uint32X(vp *map[float32]uint32, d *Decoder) {
-	v, changed := f.DecMapFloat32Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Uint32V(v map[float32]uint32, canChange bool,
-	d *Decoder) (_ map[float32]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[float32]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]uint64)
-		v, changed := fastpathTV.DecMapFloat32Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Uint64V(rv2i(rv).(map[float32]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Uint64X(vp *map[float32]uint64, d *Decoder) {
-	v, changed := f.DecMapFloat32Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Uint64V(v map[float32]uint64, canChange bool,
-	d *Decoder) (_ map[float32]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float32]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]uintptr)
-		v, changed := fastpathTV.DecMapFloat32UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32UintptrV(rv2i(rv).(map[float32]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32UintptrX(vp *map[float32]uintptr, d *Decoder) {
-	v, changed := f.DecMapFloat32UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32UintptrV(v map[float32]uintptr, canChange bool,
-	d *Decoder) (_ map[float32]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float32]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]int)
-		v, changed := fastpathTV.DecMapFloat32IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32IntV(rv2i(rv).(map[float32]int), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32IntX(vp *map[float32]int, d *Decoder) {
-	v, changed := f.DecMapFloat32IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32IntV(v map[float32]int, canChange bool,
-	d *Decoder) (_ map[float32]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float32]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]int8)
-		v, changed := fastpathTV.DecMapFloat32Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Int8V(rv2i(rv).(map[float32]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Int8X(vp *map[float32]int8, d *Decoder) {
-	v, changed := f.DecMapFloat32Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Int8V(v map[float32]int8, canChange bool,
-	d *Decoder) (_ map[float32]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[float32]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]int16)
-		v, changed := fastpathTV.DecMapFloat32Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Int16V(rv2i(rv).(map[float32]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Int16X(vp *map[float32]int16, d *Decoder) {
-	v, changed := f.DecMapFloat32Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Int16V(v map[float32]int16, canChange bool,
-	d *Decoder) (_ map[float32]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[float32]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]int32)
-		v, changed := fastpathTV.DecMapFloat32Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Int32V(rv2i(rv).(map[float32]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Int32X(vp *map[float32]int32, d *Decoder) {
-	v, changed := f.DecMapFloat32Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Int32V(v map[float32]int32, canChange bool,
-	d *Decoder) (_ map[float32]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[float32]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]int64)
-		v, changed := fastpathTV.DecMapFloat32Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Int64V(rv2i(rv).(map[float32]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Int64X(vp *map[float32]int64, d *Decoder) {
-	v, changed := f.DecMapFloat32Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Int64V(v map[float32]int64, canChange bool,
-	d *Decoder) (_ map[float32]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float32]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]float32)
-		v, changed := fastpathTV.DecMapFloat32Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Float32V(rv2i(rv).(map[float32]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Float32X(vp *map[float32]float32, d *Decoder) {
-	v, changed := f.DecMapFloat32Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Float32V(v map[float32]float32, canChange bool,
-	d *Decoder) (_ map[float32]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[float32]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]float64)
-		v, changed := fastpathTV.DecMapFloat32Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32Float64V(rv2i(rv).(map[float32]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32Float64X(vp *map[float32]float64, d *Decoder) {
-	v, changed := f.DecMapFloat32Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32Float64V(v map[float32]float64, canChange bool,
-	d *Decoder) (_ map[float32]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float32]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat32BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float32]bool)
-		v, changed := fastpathTV.DecMapFloat32BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat32BoolV(rv2i(rv).(map[float32]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat32BoolX(vp *map[float32]bool, d *Decoder) {
-	v, changed := f.DecMapFloat32BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat32BoolV(v map[float32]bool, canChange bool,
-	d *Decoder) (_ map[float32]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[float32]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float32
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]interface{})
-		v, changed := fastpathTV.DecMapFloat64IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64IntfV(rv2i(rv).(map[float64]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64IntfX(vp *map[float64]interface{}, d *Decoder) {
-	v, changed := f.DecMapFloat64IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64IntfV(v map[float64]interface{}, canChange bool,
-	d *Decoder) (_ map[float64]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[float64]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk float64
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]string)
-		v, changed := fastpathTV.DecMapFloat64StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64StringV(rv2i(rv).(map[float64]string), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64StringX(vp *map[float64]string, d *Decoder) {
-	v, changed := f.DecMapFloat64StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64StringV(v map[float64]string, canChange bool,
-	d *Decoder) (_ map[float64]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[float64]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]uint)
-		v, changed := fastpathTV.DecMapFloat64UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64UintV(rv2i(rv).(map[float64]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64UintX(vp *map[float64]uint, d *Decoder) {
-	v, changed := f.DecMapFloat64UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64UintV(v map[float64]uint, canChange bool,
-	d *Decoder) (_ map[float64]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[float64]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]uint8)
-		v, changed := fastpathTV.DecMapFloat64Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Uint8V(rv2i(rv).(map[float64]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Uint8X(vp *map[float64]uint8, d *Decoder) {
-	v, changed := f.DecMapFloat64Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Uint8V(v map[float64]uint8, canChange bool,
-	d *Decoder) (_ map[float64]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[float64]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]uint16)
-		v, changed := fastpathTV.DecMapFloat64Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Uint16V(rv2i(rv).(map[float64]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Uint16X(vp *map[float64]uint16, d *Decoder) {
-	v, changed := f.DecMapFloat64Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Uint16V(v map[float64]uint16, canChange bool,
-	d *Decoder) (_ map[float64]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[float64]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]uint32)
-		v, changed := fastpathTV.DecMapFloat64Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Uint32V(rv2i(rv).(map[float64]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Uint32X(vp *map[float64]uint32, d *Decoder) {
-	v, changed := f.DecMapFloat64Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Uint32V(v map[float64]uint32, canChange bool,
-	d *Decoder) (_ map[float64]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float64]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]uint64)
-		v, changed := fastpathTV.DecMapFloat64Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Uint64V(rv2i(rv).(map[float64]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Uint64X(vp *map[float64]uint64, d *Decoder) {
-	v, changed := f.DecMapFloat64Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Uint64V(v map[float64]uint64, canChange bool,
-	d *Decoder) (_ map[float64]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[float64]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]uintptr)
-		v, changed := fastpathTV.DecMapFloat64UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64UintptrV(rv2i(rv).(map[float64]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64UintptrX(vp *map[float64]uintptr, d *Decoder) {
-	v, changed := f.DecMapFloat64UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64UintptrV(v map[float64]uintptr, canChange bool,
-	d *Decoder) (_ map[float64]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[float64]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]int)
-		v, changed := fastpathTV.DecMapFloat64IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64IntV(rv2i(rv).(map[float64]int), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64IntX(vp *map[float64]int, d *Decoder) {
-	v, changed := f.DecMapFloat64IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64IntV(v map[float64]int, canChange bool,
-	d *Decoder) (_ map[float64]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[float64]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]int8)
-		v, changed := fastpathTV.DecMapFloat64Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Int8V(rv2i(rv).(map[float64]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Int8X(vp *map[float64]int8, d *Decoder) {
-	v, changed := f.DecMapFloat64Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Int8V(v map[float64]int8, canChange bool,
-	d *Decoder) (_ map[float64]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[float64]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]int16)
-		v, changed := fastpathTV.DecMapFloat64Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Int16V(rv2i(rv).(map[float64]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Int16X(vp *map[float64]int16, d *Decoder) {
-	v, changed := f.DecMapFloat64Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Int16V(v map[float64]int16, canChange bool,
-	d *Decoder) (_ map[float64]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[float64]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]int32)
-		v, changed := fastpathTV.DecMapFloat64Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Int32V(rv2i(rv).(map[float64]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Int32X(vp *map[float64]int32, d *Decoder) {
-	v, changed := f.DecMapFloat64Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Int32V(v map[float64]int32, canChange bool,
-	d *Decoder) (_ map[float64]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float64]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]int64)
-		v, changed := fastpathTV.DecMapFloat64Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Int64V(rv2i(rv).(map[float64]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Int64X(vp *map[float64]int64, d *Decoder) {
-	v, changed := f.DecMapFloat64Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Int64V(v map[float64]int64, canChange bool,
-	d *Decoder) (_ map[float64]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[float64]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]float32)
-		v, changed := fastpathTV.DecMapFloat64Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Float32V(rv2i(rv).(map[float64]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Float32X(vp *map[float64]float32, d *Decoder) {
-	v, changed := f.DecMapFloat64Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Float32V(v map[float64]float32, canChange bool,
-	d *Decoder) (_ map[float64]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[float64]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]float64)
-		v, changed := fastpathTV.DecMapFloat64Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64Float64V(rv2i(rv).(map[float64]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64Float64X(vp *map[float64]float64, d *Decoder) {
-	v, changed := f.DecMapFloat64Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64Float64V(v map[float64]float64, canChange bool,
-	d *Decoder) (_ map[float64]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[float64]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapFloat64BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[float64]bool)
-		v, changed := fastpathTV.DecMapFloat64BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapFloat64BoolV(rv2i(rv).(map[float64]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapFloat64BoolX(vp *map[float64]bool, d *Decoder) {
-	v, changed := f.DecMapFloat64BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapFloat64BoolV(v map[float64]bool, canChange bool,
-	d *Decoder) (_ map[float64]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[float64]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk float64
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeFloat64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintIntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]interface{})
-		v, changed := fastpathTV.DecMapUintIntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintIntfV(rv2i(rv).(map[uint]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapUintIntfX(vp *map[uint]interface{}, d *Decoder) {
-	v, changed := f.DecMapUintIntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintIntfV(v map[uint]interface{}, canChange bool,
-	d *Decoder) (_ map[uint]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[uint]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk uint
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintStringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]string)
-		v, changed := fastpathTV.DecMapUintStringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintStringV(rv2i(rv).(map[uint]string), false, d)
-	}
-}
-func (f fastpathT) DecMapUintStringX(vp *map[uint]string, d *Decoder) {
-	v, changed := f.DecMapUintStringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintStringV(v map[uint]string, canChange bool,
-	d *Decoder) (_ map[uint]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[uint]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintUintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]uint)
-		v, changed := fastpathTV.DecMapUintUintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintUintV(rv2i(rv).(map[uint]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapUintUintX(vp *map[uint]uint, d *Decoder) {
-	v, changed := f.DecMapUintUintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintUintV(v map[uint]uint, canChange bool,
-	d *Decoder) (_ map[uint]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintUint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]uint8)
-		v, changed := fastpathTV.DecMapUintUint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintUint8V(rv2i(rv).(map[uint]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapUintUint8X(vp *map[uint]uint8, d *Decoder) {
-	v, changed := f.DecMapUintUint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintUint8V(v map[uint]uint8, canChange bool,
-	d *Decoder) (_ map[uint]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintUint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]uint16)
-		v, changed := fastpathTV.DecMapUintUint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintUint16V(rv2i(rv).(map[uint]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapUintUint16X(vp *map[uint]uint16, d *Decoder) {
-	v, changed := f.DecMapUintUint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintUint16V(v map[uint]uint16, canChange bool,
-	d *Decoder) (_ map[uint]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintUint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]uint32)
-		v, changed := fastpathTV.DecMapUintUint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintUint32V(rv2i(rv).(map[uint]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapUintUint32X(vp *map[uint]uint32, d *Decoder) {
-	v, changed := f.DecMapUintUint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintUint32V(v map[uint]uint32, canChange bool,
-	d *Decoder) (_ map[uint]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintUint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]uint64)
-		v, changed := fastpathTV.DecMapUintUint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintUint64V(rv2i(rv).(map[uint]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapUintUint64X(vp *map[uint]uint64, d *Decoder) {
-	v, changed := f.DecMapUintUint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintUint64V(v map[uint]uint64, canChange bool,
-	d *Decoder) (_ map[uint]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintUintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]uintptr)
-		v, changed := fastpathTV.DecMapUintUintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintUintptrV(rv2i(rv).(map[uint]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapUintUintptrX(vp *map[uint]uintptr, d *Decoder) {
-	v, changed := f.DecMapUintUintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintUintptrV(v map[uint]uintptr, canChange bool,
-	d *Decoder) (_ map[uint]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintIntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]int)
-		v, changed := fastpathTV.DecMapUintIntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintIntV(rv2i(rv).(map[uint]int), false, d)
-	}
-}
-func (f fastpathT) DecMapUintIntX(vp *map[uint]int, d *Decoder) {
-	v, changed := f.DecMapUintIntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintIntV(v map[uint]int, canChange bool,
-	d *Decoder) (_ map[uint]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintInt8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]int8)
-		v, changed := fastpathTV.DecMapUintInt8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintInt8V(rv2i(rv).(map[uint]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapUintInt8X(vp *map[uint]int8, d *Decoder) {
-	v, changed := f.DecMapUintInt8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintInt8V(v map[uint]int8, canChange bool,
-	d *Decoder) (_ map[uint]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintInt16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]int16)
-		v, changed := fastpathTV.DecMapUintInt16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintInt16V(rv2i(rv).(map[uint]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapUintInt16X(vp *map[uint]int16, d *Decoder) {
-	v, changed := f.DecMapUintInt16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintInt16V(v map[uint]int16, canChange bool,
-	d *Decoder) (_ map[uint]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintInt32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]int32)
-		v, changed := fastpathTV.DecMapUintInt32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintInt32V(rv2i(rv).(map[uint]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapUintInt32X(vp *map[uint]int32, d *Decoder) {
-	v, changed := f.DecMapUintInt32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintInt32V(v map[uint]int32, canChange bool,
-	d *Decoder) (_ map[uint]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintInt64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]int64)
-		v, changed := fastpathTV.DecMapUintInt64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintInt64V(rv2i(rv).(map[uint]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapUintInt64X(vp *map[uint]int64, d *Decoder) {
-	v, changed := f.DecMapUintInt64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintInt64V(v map[uint]int64, canChange bool,
-	d *Decoder) (_ map[uint]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintFloat32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]float32)
-		v, changed := fastpathTV.DecMapUintFloat32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintFloat32V(rv2i(rv).(map[uint]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapUintFloat32X(vp *map[uint]float32, d *Decoder) {
-	v, changed := f.DecMapUintFloat32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintFloat32V(v map[uint]float32, canChange bool,
-	d *Decoder) (_ map[uint]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintFloat64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]float64)
-		v, changed := fastpathTV.DecMapUintFloat64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintFloat64V(rv2i(rv).(map[uint]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapUintFloat64X(vp *map[uint]float64, d *Decoder) {
-	v, changed := f.DecMapUintFloat64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintFloat64V(v map[uint]float64, canChange bool,
-	d *Decoder) (_ map[uint]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintBoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint]bool)
-		v, changed := fastpathTV.DecMapUintBoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintBoolV(rv2i(rv).(map[uint]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapUintBoolX(vp *map[uint]bool, d *Decoder) {
-	v, changed := f.DecMapUintBoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintBoolV(v map[uint]bool, canChange bool,
-	d *Decoder) (_ map[uint]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]interface{})
-		v, changed := fastpathTV.DecMapUint8IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8IntfV(rv2i(rv).(map[uint8]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8IntfX(vp *map[uint8]interface{}, d *Decoder) {
-	v, changed := f.DecMapUint8IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8IntfV(v map[uint8]interface{}, canChange bool,
-	d *Decoder) (_ map[uint8]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[uint8]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk uint8
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]string)
-		v, changed := fastpathTV.DecMapUint8StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8StringV(rv2i(rv).(map[uint8]string), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8StringX(vp *map[uint8]string, d *Decoder) {
-	v, changed := f.DecMapUint8StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8StringV(v map[uint8]string, canChange bool,
-	d *Decoder) (_ map[uint8]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[uint8]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]uint)
-		v, changed := fastpathTV.DecMapUint8UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8UintV(rv2i(rv).(map[uint8]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8UintX(vp *map[uint8]uint, d *Decoder) {
-	v, changed := f.DecMapUint8UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8UintV(v map[uint8]uint, canChange bool,
-	d *Decoder) (_ map[uint8]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint8]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]uint8)
-		v, changed := fastpathTV.DecMapUint8Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Uint8V(rv2i(rv).(map[uint8]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Uint8X(vp *map[uint8]uint8, d *Decoder) {
-	v, changed := f.DecMapUint8Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Uint8V(v map[uint8]uint8, canChange bool,
-	d *Decoder) (_ map[uint8]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[uint8]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]uint16)
-		v, changed := fastpathTV.DecMapUint8Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Uint16V(rv2i(rv).(map[uint8]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Uint16X(vp *map[uint8]uint16, d *Decoder) {
-	v, changed := f.DecMapUint8Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Uint16V(v map[uint8]uint16, canChange bool,
-	d *Decoder) (_ map[uint8]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[uint8]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]uint32)
-		v, changed := fastpathTV.DecMapUint8Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Uint32V(rv2i(rv).(map[uint8]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Uint32X(vp *map[uint8]uint32, d *Decoder) {
-	v, changed := f.DecMapUint8Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Uint32V(v map[uint8]uint32, canChange bool,
-	d *Decoder) (_ map[uint8]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[uint8]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]uint64)
-		v, changed := fastpathTV.DecMapUint8Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Uint64V(rv2i(rv).(map[uint8]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Uint64X(vp *map[uint8]uint64, d *Decoder) {
-	v, changed := f.DecMapUint8Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Uint64V(v map[uint8]uint64, canChange bool,
-	d *Decoder) (_ map[uint8]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint8]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]uintptr)
-		v, changed := fastpathTV.DecMapUint8UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8UintptrV(rv2i(rv).(map[uint8]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8UintptrX(vp *map[uint8]uintptr, d *Decoder) {
-	v, changed := f.DecMapUint8UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8UintptrV(v map[uint8]uintptr, canChange bool,
-	d *Decoder) (_ map[uint8]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint8]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]int)
-		v, changed := fastpathTV.DecMapUint8IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8IntV(rv2i(rv).(map[uint8]int), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8IntX(vp *map[uint8]int, d *Decoder) {
-	v, changed := f.DecMapUint8IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8IntV(v map[uint8]int, canChange bool,
-	d *Decoder) (_ map[uint8]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint8]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]int8)
-		v, changed := fastpathTV.DecMapUint8Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Int8V(rv2i(rv).(map[uint8]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Int8X(vp *map[uint8]int8, d *Decoder) {
-	v, changed := f.DecMapUint8Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Int8V(v map[uint8]int8, canChange bool,
-	d *Decoder) (_ map[uint8]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[uint8]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]int16)
-		v, changed := fastpathTV.DecMapUint8Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Int16V(rv2i(rv).(map[uint8]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Int16X(vp *map[uint8]int16, d *Decoder) {
-	v, changed := f.DecMapUint8Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Int16V(v map[uint8]int16, canChange bool,
-	d *Decoder) (_ map[uint8]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[uint8]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]int32)
-		v, changed := fastpathTV.DecMapUint8Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Int32V(rv2i(rv).(map[uint8]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Int32X(vp *map[uint8]int32, d *Decoder) {
-	v, changed := f.DecMapUint8Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Int32V(v map[uint8]int32, canChange bool,
-	d *Decoder) (_ map[uint8]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[uint8]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]int64)
-		v, changed := fastpathTV.DecMapUint8Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Int64V(rv2i(rv).(map[uint8]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Int64X(vp *map[uint8]int64, d *Decoder) {
-	v, changed := f.DecMapUint8Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Int64V(v map[uint8]int64, canChange bool,
-	d *Decoder) (_ map[uint8]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint8]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]float32)
-		v, changed := fastpathTV.DecMapUint8Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Float32V(rv2i(rv).(map[uint8]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Float32X(vp *map[uint8]float32, d *Decoder) {
-	v, changed := f.DecMapUint8Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Float32V(v map[uint8]float32, canChange bool,
-	d *Decoder) (_ map[uint8]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[uint8]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]float64)
-		v, changed := fastpathTV.DecMapUint8Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8Float64V(rv2i(rv).(map[uint8]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8Float64X(vp *map[uint8]float64, d *Decoder) {
-	v, changed := f.DecMapUint8Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8Float64V(v map[uint8]float64, canChange bool,
-	d *Decoder) (_ map[uint8]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint8]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint8BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint8]bool)
-		v, changed := fastpathTV.DecMapUint8BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint8BoolV(rv2i(rv).(map[uint8]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapUint8BoolX(vp *map[uint8]bool, d *Decoder) {
-	v, changed := f.DecMapUint8BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint8BoolV(v map[uint8]bool, canChange bool,
-	d *Decoder) (_ map[uint8]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[uint8]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint8
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]interface{})
-		v, changed := fastpathTV.DecMapUint16IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16IntfV(rv2i(rv).(map[uint16]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16IntfX(vp *map[uint16]interface{}, d *Decoder) {
-	v, changed := f.DecMapUint16IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16IntfV(v map[uint16]interface{}, canChange bool,
-	d *Decoder) (_ map[uint16]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 18)
-		v = make(map[uint16]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk uint16
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]string)
-		v, changed := fastpathTV.DecMapUint16StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16StringV(rv2i(rv).(map[uint16]string), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16StringX(vp *map[uint16]string, d *Decoder) {
-	v, changed := f.DecMapUint16StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16StringV(v map[uint16]string, canChange bool,
-	d *Decoder) (_ map[uint16]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 18)
-		v = make(map[uint16]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]uint)
-		v, changed := fastpathTV.DecMapUint16UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16UintV(rv2i(rv).(map[uint16]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16UintX(vp *map[uint16]uint, d *Decoder) {
-	v, changed := f.DecMapUint16UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16UintV(v map[uint16]uint, canChange bool,
-	d *Decoder) (_ map[uint16]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint16]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]uint8)
-		v, changed := fastpathTV.DecMapUint16Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Uint8V(rv2i(rv).(map[uint16]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Uint8X(vp *map[uint16]uint8, d *Decoder) {
-	v, changed := f.DecMapUint16Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Uint8V(v map[uint16]uint8, canChange bool,
-	d *Decoder) (_ map[uint16]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[uint16]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]uint16)
-		v, changed := fastpathTV.DecMapUint16Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Uint16V(rv2i(rv).(map[uint16]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Uint16X(vp *map[uint16]uint16, d *Decoder) {
-	v, changed := f.DecMapUint16Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Uint16V(v map[uint16]uint16, canChange bool,
-	d *Decoder) (_ map[uint16]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 4)
-		v = make(map[uint16]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]uint32)
-		v, changed := fastpathTV.DecMapUint16Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Uint32V(rv2i(rv).(map[uint16]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Uint32X(vp *map[uint16]uint32, d *Decoder) {
-	v, changed := f.DecMapUint16Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Uint32V(v map[uint16]uint32, canChange bool,
-	d *Decoder) (_ map[uint16]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[uint16]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]uint64)
-		v, changed := fastpathTV.DecMapUint16Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Uint64V(rv2i(rv).(map[uint16]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Uint64X(vp *map[uint16]uint64, d *Decoder) {
-	v, changed := f.DecMapUint16Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Uint64V(v map[uint16]uint64, canChange bool,
-	d *Decoder) (_ map[uint16]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint16]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]uintptr)
-		v, changed := fastpathTV.DecMapUint16UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16UintptrV(rv2i(rv).(map[uint16]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16UintptrX(vp *map[uint16]uintptr, d *Decoder) {
-	v, changed := f.DecMapUint16UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16UintptrV(v map[uint16]uintptr, canChange bool,
-	d *Decoder) (_ map[uint16]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint16]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]int)
-		v, changed := fastpathTV.DecMapUint16IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16IntV(rv2i(rv).(map[uint16]int), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16IntX(vp *map[uint16]int, d *Decoder) {
-	v, changed := f.DecMapUint16IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16IntV(v map[uint16]int, canChange bool,
-	d *Decoder) (_ map[uint16]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint16]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]int8)
-		v, changed := fastpathTV.DecMapUint16Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Int8V(rv2i(rv).(map[uint16]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Int8X(vp *map[uint16]int8, d *Decoder) {
-	v, changed := f.DecMapUint16Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Int8V(v map[uint16]int8, canChange bool,
-	d *Decoder) (_ map[uint16]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[uint16]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]int16)
-		v, changed := fastpathTV.DecMapUint16Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Int16V(rv2i(rv).(map[uint16]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Int16X(vp *map[uint16]int16, d *Decoder) {
-	v, changed := f.DecMapUint16Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Int16V(v map[uint16]int16, canChange bool,
-	d *Decoder) (_ map[uint16]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 4)
-		v = make(map[uint16]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]int32)
-		v, changed := fastpathTV.DecMapUint16Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Int32V(rv2i(rv).(map[uint16]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Int32X(vp *map[uint16]int32, d *Decoder) {
-	v, changed := f.DecMapUint16Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Int32V(v map[uint16]int32, canChange bool,
-	d *Decoder) (_ map[uint16]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[uint16]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]int64)
-		v, changed := fastpathTV.DecMapUint16Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Int64V(rv2i(rv).(map[uint16]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Int64X(vp *map[uint16]int64, d *Decoder) {
-	v, changed := f.DecMapUint16Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Int64V(v map[uint16]int64, canChange bool,
-	d *Decoder) (_ map[uint16]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint16]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]float32)
-		v, changed := fastpathTV.DecMapUint16Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Float32V(rv2i(rv).(map[uint16]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Float32X(vp *map[uint16]float32, d *Decoder) {
-	v, changed := f.DecMapUint16Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Float32V(v map[uint16]float32, canChange bool,
-	d *Decoder) (_ map[uint16]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[uint16]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]float64)
-		v, changed := fastpathTV.DecMapUint16Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16Float64V(rv2i(rv).(map[uint16]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16Float64X(vp *map[uint16]float64, d *Decoder) {
-	v, changed := f.DecMapUint16Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16Float64V(v map[uint16]float64, canChange bool,
-	d *Decoder) (_ map[uint16]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint16]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint16BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint16]bool)
-		v, changed := fastpathTV.DecMapUint16BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint16BoolV(rv2i(rv).(map[uint16]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapUint16BoolX(vp *map[uint16]bool, d *Decoder) {
-	v, changed := f.DecMapUint16BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint16BoolV(v map[uint16]bool, canChange bool,
-	d *Decoder) (_ map[uint16]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[uint16]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint16
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]interface{})
-		v, changed := fastpathTV.DecMapUint32IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32IntfV(rv2i(rv).(map[uint32]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32IntfX(vp *map[uint32]interface{}, d *Decoder) {
-	v, changed := f.DecMapUint32IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32IntfV(v map[uint32]interface{}, canChange bool,
-	d *Decoder) (_ map[uint32]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[uint32]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk uint32
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]string)
-		v, changed := fastpathTV.DecMapUint32StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32StringV(rv2i(rv).(map[uint32]string), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32StringX(vp *map[uint32]string, d *Decoder) {
-	v, changed := f.DecMapUint32StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32StringV(v map[uint32]string, canChange bool,
-	d *Decoder) (_ map[uint32]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[uint32]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]uint)
-		v, changed := fastpathTV.DecMapUint32UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32UintV(rv2i(rv).(map[uint32]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32UintX(vp *map[uint32]uint, d *Decoder) {
-	v, changed := f.DecMapUint32UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32UintV(v map[uint32]uint, canChange bool,
-	d *Decoder) (_ map[uint32]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint32]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]uint8)
-		v, changed := fastpathTV.DecMapUint32Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Uint8V(rv2i(rv).(map[uint32]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Uint8X(vp *map[uint32]uint8, d *Decoder) {
-	v, changed := f.DecMapUint32Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Uint8V(v map[uint32]uint8, canChange bool,
-	d *Decoder) (_ map[uint32]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[uint32]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]uint16)
-		v, changed := fastpathTV.DecMapUint32Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Uint16V(rv2i(rv).(map[uint32]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Uint16X(vp *map[uint32]uint16, d *Decoder) {
-	v, changed := f.DecMapUint32Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Uint16V(v map[uint32]uint16, canChange bool,
-	d *Decoder) (_ map[uint32]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[uint32]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]uint32)
-		v, changed := fastpathTV.DecMapUint32Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Uint32V(rv2i(rv).(map[uint32]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Uint32X(vp *map[uint32]uint32, d *Decoder) {
-	v, changed := f.DecMapUint32Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Uint32V(v map[uint32]uint32, canChange bool,
-	d *Decoder) (_ map[uint32]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[uint32]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]uint64)
-		v, changed := fastpathTV.DecMapUint32Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Uint64V(rv2i(rv).(map[uint32]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Uint64X(vp *map[uint32]uint64, d *Decoder) {
-	v, changed := f.DecMapUint32Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Uint64V(v map[uint32]uint64, canChange bool,
-	d *Decoder) (_ map[uint32]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint32]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]uintptr)
-		v, changed := fastpathTV.DecMapUint32UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32UintptrV(rv2i(rv).(map[uint32]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32UintptrX(vp *map[uint32]uintptr, d *Decoder) {
-	v, changed := f.DecMapUint32UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32UintptrV(v map[uint32]uintptr, canChange bool,
-	d *Decoder) (_ map[uint32]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint32]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]int)
-		v, changed := fastpathTV.DecMapUint32IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32IntV(rv2i(rv).(map[uint32]int), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32IntX(vp *map[uint32]int, d *Decoder) {
-	v, changed := f.DecMapUint32IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32IntV(v map[uint32]int, canChange bool,
-	d *Decoder) (_ map[uint32]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint32]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]int8)
-		v, changed := fastpathTV.DecMapUint32Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Int8V(rv2i(rv).(map[uint32]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Int8X(vp *map[uint32]int8, d *Decoder) {
-	v, changed := f.DecMapUint32Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Int8V(v map[uint32]int8, canChange bool,
-	d *Decoder) (_ map[uint32]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[uint32]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]int16)
-		v, changed := fastpathTV.DecMapUint32Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Int16V(rv2i(rv).(map[uint32]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Int16X(vp *map[uint32]int16, d *Decoder) {
-	v, changed := f.DecMapUint32Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Int16V(v map[uint32]int16, canChange bool,
-	d *Decoder) (_ map[uint32]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[uint32]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]int32)
-		v, changed := fastpathTV.DecMapUint32Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Int32V(rv2i(rv).(map[uint32]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Int32X(vp *map[uint32]int32, d *Decoder) {
-	v, changed := f.DecMapUint32Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Int32V(v map[uint32]int32, canChange bool,
-	d *Decoder) (_ map[uint32]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[uint32]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]int64)
-		v, changed := fastpathTV.DecMapUint32Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Int64V(rv2i(rv).(map[uint32]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Int64X(vp *map[uint32]int64, d *Decoder) {
-	v, changed := f.DecMapUint32Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Int64V(v map[uint32]int64, canChange bool,
-	d *Decoder) (_ map[uint32]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint32]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]float32)
-		v, changed := fastpathTV.DecMapUint32Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Float32V(rv2i(rv).(map[uint32]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Float32X(vp *map[uint32]float32, d *Decoder) {
-	v, changed := f.DecMapUint32Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Float32V(v map[uint32]float32, canChange bool,
-	d *Decoder) (_ map[uint32]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[uint32]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]float64)
-		v, changed := fastpathTV.DecMapUint32Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32Float64V(rv2i(rv).(map[uint32]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32Float64X(vp *map[uint32]float64, d *Decoder) {
-	v, changed := f.DecMapUint32Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32Float64V(v map[uint32]float64, canChange bool,
-	d *Decoder) (_ map[uint32]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint32]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint32BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint32]bool)
-		v, changed := fastpathTV.DecMapUint32BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint32BoolV(rv2i(rv).(map[uint32]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapUint32BoolX(vp *map[uint32]bool, d *Decoder) {
-	v, changed := f.DecMapUint32BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint32BoolV(v map[uint32]bool, canChange bool,
-	d *Decoder) (_ map[uint32]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[uint32]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint32
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]interface{})
-		v, changed := fastpathTV.DecMapUint64IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64IntfV(rv2i(rv).(map[uint64]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64IntfX(vp *map[uint64]interface{}, d *Decoder) {
-	v, changed := f.DecMapUint64IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64IntfV(v map[uint64]interface{}, canChange bool,
-	d *Decoder) (_ map[uint64]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[uint64]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk uint64
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]string)
-		v, changed := fastpathTV.DecMapUint64StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64StringV(rv2i(rv).(map[uint64]string), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64StringX(vp *map[uint64]string, d *Decoder) {
-	v, changed := f.DecMapUint64StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64StringV(v map[uint64]string, canChange bool,
-	d *Decoder) (_ map[uint64]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[uint64]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]uint)
-		v, changed := fastpathTV.DecMapUint64UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64UintV(rv2i(rv).(map[uint64]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64UintX(vp *map[uint64]uint, d *Decoder) {
-	v, changed := f.DecMapUint64UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64UintV(v map[uint64]uint, canChange bool,
-	d *Decoder) (_ map[uint64]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint64]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]uint8)
-		v, changed := fastpathTV.DecMapUint64Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Uint8V(rv2i(rv).(map[uint64]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Uint8X(vp *map[uint64]uint8, d *Decoder) {
-	v, changed := f.DecMapUint64Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Uint8V(v map[uint64]uint8, canChange bool,
-	d *Decoder) (_ map[uint64]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint64]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]uint16)
-		v, changed := fastpathTV.DecMapUint64Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Uint16V(rv2i(rv).(map[uint64]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Uint16X(vp *map[uint64]uint16, d *Decoder) {
-	v, changed := f.DecMapUint64Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Uint16V(v map[uint64]uint16, canChange bool,
-	d *Decoder) (_ map[uint64]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint64]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]uint32)
-		v, changed := fastpathTV.DecMapUint64Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Uint32V(rv2i(rv).(map[uint64]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Uint32X(vp *map[uint64]uint32, d *Decoder) {
-	v, changed := f.DecMapUint64Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Uint32V(v map[uint64]uint32, canChange bool,
-	d *Decoder) (_ map[uint64]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint64]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]uint64)
-		v, changed := fastpathTV.DecMapUint64Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Uint64V(rv2i(rv).(map[uint64]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Uint64X(vp *map[uint64]uint64, d *Decoder) {
-	v, changed := f.DecMapUint64Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Uint64V(v map[uint64]uint64, canChange bool,
-	d *Decoder) (_ map[uint64]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint64]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]uintptr)
-		v, changed := fastpathTV.DecMapUint64UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64UintptrV(rv2i(rv).(map[uint64]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64UintptrX(vp *map[uint64]uintptr, d *Decoder) {
-	v, changed := f.DecMapUint64UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64UintptrV(v map[uint64]uintptr, canChange bool,
-	d *Decoder) (_ map[uint64]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint64]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]int)
-		v, changed := fastpathTV.DecMapUint64IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64IntV(rv2i(rv).(map[uint64]int), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64IntX(vp *map[uint64]int, d *Decoder) {
-	v, changed := f.DecMapUint64IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64IntV(v map[uint64]int, canChange bool,
-	d *Decoder) (_ map[uint64]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint64]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]int8)
-		v, changed := fastpathTV.DecMapUint64Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Int8V(rv2i(rv).(map[uint64]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Int8X(vp *map[uint64]int8, d *Decoder) {
-	v, changed := f.DecMapUint64Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Int8V(v map[uint64]int8, canChange bool,
-	d *Decoder) (_ map[uint64]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint64]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]int16)
-		v, changed := fastpathTV.DecMapUint64Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Int16V(rv2i(rv).(map[uint64]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Int16X(vp *map[uint64]int16, d *Decoder) {
-	v, changed := f.DecMapUint64Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Int16V(v map[uint64]int16, canChange bool,
-	d *Decoder) (_ map[uint64]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uint64]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]int32)
-		v, changed := fastpathTV.DecMapUint64Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Int32V(rv2i(rv).(map[uint64]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Int32X(vp *map[uint64]int32, d *Decoder) {
-	v, changed := f.DecMapUint64Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Int32V(v map[uint64]int32, canChange bool,
-	d *Decoder) (_ map[uint64]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint64]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]int64)
-		v, changed := fastpathTV.DecMapUint64Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Int64V(rv2i(rv).(map[uint64]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Int64X(vp *map[uint64]int64, d *Decoder) {
-	v, changed := f.DecMapUint64Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Int64V(v map[uint64]int64, canChange bool,
-	d *Decoder) (_ map[uint64]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint64]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]float32)
-		v, changed := fastpathTV.DecMapUint64Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Float32V(rv2i(rv).(map[uint64]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Float32X(vp *map[uint64]float32, d *Decoder) {
-	v, changed := f.DecMapUint64Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Float32V(v map[uint64]float32, canChange bool,
-	d *Decoder) (_ map[uint64]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uint64]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]float64)
-		v, changed := fastpathTV.DecMapUint64Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64Float64V(rv2i(rv).(map[uint64]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64Float64X(vp *map[uint64]float64, d *Decoder) {
-	v, changed := f.DecMapUint64Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64Float64V(v map[uint64]float64, canChange bool,
-	d *Decoder) (_ map[uint64]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uint64]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUint64BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uint64]bool)
-		v, changed := fastpathTV.DecMapUint64BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUint64BoolV(rv2i(rv).(map[uint64]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapUint64BoolX(vp *map[uint64]bool, d *Decoder) {
-	v, changed := f.DecMapUint64BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUint64BoolV(v map[uint64]bool, canChange bool,
-	d *Decoder) (_ map[uint64]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uint64]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uint64
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeUint64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrIntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]interface{})
-		v, changed := fastpathTV.DecMapUintptrIntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrIntfV(rv2i(rv).(map[uintptr]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrIntfX(vp *map[uintptr]interface{}, d *Decoder) {
-	v, changed := f.DecMapUintptrIntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrIntfV(v map[uintptr]interface{}, canChange bool,
-	d *Decoder) (_ map[uintptr]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[uintptr]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk uintptr
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrStringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]string)
-		v, changed := fastpathTV.DecMapUintptrStringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrStringV(rv2i(rv).(map[uintptr]string), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrStringX(vp *map[uintptr]string, d *Decoder) {
-	v, changed := f.DecMapUintptrStringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrStringV(v map[uintptr]string, canChange bool,
-	d *Decoder) (_ map[uintptr]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[uintptr]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrUintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]uint)
-		v, changed := fastpathTV.DecMapUintptrUintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrUintV(rv2i(rv).(map[uintptr]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrUintX(vp *map[uintptr]uint, d *Decoder) {
-	v, changed := f.DecMapUintptrUintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrUintV(v map[uintptr]uint, canChange bool,
-	d *Decoder) (_ map[uintptr]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uintptr]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrUint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]uint8)
-		v, changed := fastpathTV.DecMapUintptrUint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrUint8V(rv2i(rv).(map[uintptr]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrUint8X(vp *map[uintptr]uint8, d *Decoder) {
-	v, changed := f.DecMapUintptrUint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrUint8V(v map[uintptr]uint8, canChange bool,
-	d *Decoder) (_ map[uintptr]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uintptr]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrUint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]uint16)
-		v, changed := fastpathTV.DecMapUintptrUint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrUint16V(rv2i(rv).(map[uintptr]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrUint16X(vp *map[uintptr]uint16, d *Decoder) {
-	v, changed := f.DecMapUintptrUint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrUint16V(v map[uintptr]uint16, canChange bool,
-	d *Decoder) (_ map[uintptr]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uintptr]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrUint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]uint32)
-		v, changed := fastpathTV.DecMapUintptrUint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrUint32V(rv2i(rv).(map[uintptr]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrUint32X(vp *map[uintptr]uint32, d *Decoder) {
-	v, changed := f.DecMapUintptrUint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrUint32V(v map[uintptr]uint32, canChange bool,
-	d *Decoder) (_ map[uintptr]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uintptr]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrUint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]uint64)
-		v, changed := fastpathTV.DecMapUintptrUint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrUint64V(rv2i(rv).(map[uintptr]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrUint64X(vp *map[uintptr]uint64, d *Decoder) {
-	v, changed := f.DecMapUintptrUint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrUint64V(v map[uintptr]uint64, canChange bool,
-	d *Decoder) (_ map[uintptr]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uintptr]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrUintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]uintptr)
-		v, changed := fastpathTV.DecMapUintptrUintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrUintptrV(rv2i(rv).(map[uintptr]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrUintptrX(vp *map[uintptr]uintptr, d *Decoder) {
-	v, changed := f.DecMapUintptrUintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrUintptrV(v map[uintptr]uintptr, canChange bool,
-	d *Decoder) (_ map[uintptr]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uintptr]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrIntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]int)
-		v, changed := fastpathTV.DecMapUintptrIntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrIntV(rv2i(rv).(map[uintptr]int), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrIntX(vp *map[uintptr]int, d *Decoder) {
-	v, changed := f.DecMapUintptrIntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrIntV(v map[uintptr]int, canChange bool,
-	d *Decoder) (_ map[uintptr]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uintptr]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrInt8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]int8)
-		v, changed := fastpathTV.DecMapUintptrInt8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrInt8V(rv2i(rv).(map[uintptr]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrInt8X(vp *map[uintptr]int8, d *Decoder) {
-	v, changed := f.DecMapUintptrInt8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrInt8V(v map[uintptr]int8, canChange bool,
-	d *Decoder) (_ map[uintptr]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uintptr]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrInt16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]int16)
-		v, changed := fastpathTV.DecMapUintptrInt16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrInt16V(rv2i(rv).(map[uintptr]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrInt16X(vp *map[uintptr]int16, d *Decoder) {
-	v, changed := f.DecMapUintptrInt16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrInt16V(v map[uintptr]int16, canChange bool,
-	d *Decoder) (_ map[uintptr]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[uintptr]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrInt32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]int32)
-		v, changed := fastpathTV.DecMapUintptrInt32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrInt32V(rv2i(rv).(map[uintptr]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrInt32X(vp *map[uintptr]int32, d *Decoder) {
-	v, changed := f.DecMapUintptrInt32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrInt32V(v map[uintptr]int32, canChange bool,
-	d *Decoder) (_ map[uintptr]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uintptr]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrInt64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]int64)
-		v, changed := fastpathTV.DecMapUintptrInt64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrInt64V(rv2i(rv).(map[uintptr]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrInt64X(vp *map[uintptr]int64, d *Decoder) {
-	v, changed := f.DecMapUintptrInt64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrInt64V(v map[uintptr]int64, canChange bool,
-	d *Decoder) (_ map[uintptr]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uintptr]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrFloat32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]float32)
-		v, changed := fastpathTV.DecMapUintptrFloat32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrFloat32V(rv2i(rv).(map[uintptr]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrFloat32X(vp *map[uintptr]float32, d *Decoder) {
-	v, changed := f.DecMapUintptrFloat32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrFloat32V(v map[uintptr]float32, canChange bool,
-	d *Decoder) (_ map[uintptr]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[uintptr]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrFloat64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]float64)
-		v, changed := fastpathTV.DecMapUintptrFloat64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrFloat64V(rv2i(rv).(map[uintptr]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrFloat64X(vp *map[uintptr]float64, d *Decoder) {
-	v, changed := f.DecMapUintptrFloat64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrFloat64V(v map[uintptr]float64, canChange bool,
-	d *Decoder) (_ map[uintptr]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[uintptr]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapUintptrBoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[uintptr]bool)
-		v, changed := fastpathTV.DecMapUintptrBoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapUintptrBoolV(rv2i(rv).(map[uintptr]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapUintptrBoolX(vp *map[uintptr]bool, d *Decoder) {
-	v, changed := f.DecMapUintptrBoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapUintptrBoolV(v map[uintptr]bool, canChange bool,
-	d *Decoder) (_ map[uintptr]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[uintptr]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk uintptr
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntIntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]interface{})
-		v, changed := fastpathTV.DecMapIntIntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntIntfV(rv2i(rv).(map[int]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapIntIntfX(vp *map[int]interface{}, d *Decoder) {
-	v, changed := f.DecMapIntIntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntIntfV(v map[int]interface{}, canChange bool,
-	d *Decoder) (_ map[int]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[int]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk int
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntStringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]string)
-		v, changed := fastpathTV.DecMapIntStringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntStringV(rv2i(rv).(map[int]string), false, d)
-	}
-}
-func (f fastpathT) DecMapIntStringX(vp *map[int]string, d *Decoder) {
-	v, changed := f.DecMapIntStringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntStringV(v map[int]string, canChange bool,
-	d *Decoder) (_ map[int]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[int]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntUintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]uint)
-		v, changed := fastpathTV.DecMapIntUintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntUintV(rv2i(rv).(map[int]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapIntUintX(vp *map[int]uint, d *Decoder) {
-	v, changed := f.DecMapIntUintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntUintV(v map[int]uint, canChange bool,
-	d *Decoder) (_ map[int]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntUint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]uint8)
-		v, changed := fastpathTV.DecMapIntUint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntUint8V(rv2i(rv).(map[int]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapIntUint8X(vp *map[int]uint8, d *Decoder) {
-	v, changed := f.DecMapIntUint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntUint8V(v map[int]uint8, canChange bool,
-	d *Decoder) (_ map[int]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntUint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]uint16)
-		v, changed := fastpathTV.DecMapIntUint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntUint16V(rv2i(rv).(map[int]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapIntUint16X(vp *map[int]uint16, d *Decoder) {
-	v, changed := f.DecMapIntUint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntUint16V(v map[int]uint16, canChange bool,
-	d *Decoder) (_ map[int]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntUint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]uint32)
-		v, changed := fastpathTV.DecMapIntUint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntUint32V(rv2i(rv).(map[int]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapIntUint32X(vp *map[int]uint32, d *Decoder) {
-	v, changed := f.DecMapIntUint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntUint32V(v map[int]uint32, canChange bool,
-	d *Decoder) (_ map[int]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntUint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]uint64)
-		v, changed := fastpathTV.DecMapIntUint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntUint64V(rv2i(rv).(map[int]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapIntUint64X(vp *map[int]uint64, d *Decoder) {
-	v, changed := f.DecMapIntUint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntUint64V(v map[int]uint64, canChange bool,
-	d *Decoder) (_ map[int]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntUintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]uintptr)
-		v, changed := fastpathTV.DecMapIntUintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntUintptrV(rv2i(rv).(map[int]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapIntUintptrX(vp *map[int]uintptr, d *Decoder) {
-	v, changed := f.DecMapIntUintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntUintptrV(v map[int]uintptr, canChange bool,
-	d *Decoder) (_ map[int]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntIntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]int)
-		v, changed := fastpathTV.DecMapIntIntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntIntV(rv2i(rv).(map[int]int), false, d)
-	}
-}
-func (f fastpathT) DecMapIntIntX(vp *map[int]int, d *Decoder) {
-	v, changed := f.DecMapIntIntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntIntV(v map[int]int, canChange bool,
-	d *Decoder) (_ map[int]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntInt8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]int8)
-		v, changed := fastpathTV.DecMapIntInt8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntInt8V(rv2i(rv).(map[int]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapIntInt8X(vp *map[int]int8, d *Decoder) {
-	v, changed := f.DecMapIntInt8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntInt8V(v map[int]int8, canChange bool,
-	d *Decoder) (_ map[int]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntInt16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]int16)
-		v, changed := fastpathTV.DecMapIntInt16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntInt16V(rv2i(rv).(map[int]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapIntInt16X(vp *map[int]int16, d *Decoder) {
-	v, changed := f.DecMapIntInt16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntInt16V(v map[int]int16, canChange bool,
-	d *Decoder) (_ map[int]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntInt32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]int32)
-		v, changed := fastpathTV.DecMapIntInt32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntInt32V(rv2i(rv).(map[int]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapIntInt32X(vp *map[int]int32, d *Decoder) {
-	v, changed := f.DecMapIntInt32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntInt32V(v map[int]int32, canChange bool,
-	d *Decoder) (_ map[int]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntInt64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]int64)
-		v, changed := fastpathTV.DecMapIntInt64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntInt64V(rv2i(rv).(map[int]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapIntInt64X(vp *map[int]int64, d *Decoder) {
-	v, changed := f.DecMapIntInt64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntInt64V(v map[int]int64, canChange bool,
-	d *Decoder) (_ map[int]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntFloat32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]float32)
-		v, changed := fastpathTV.DecMapIntFloat32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntFloat32V(rv2i(rv).(map[int]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapIntFloat32X(vp *map[int]float32, d *Decoder) {
-	v, changed := f.DecMapIntFloat32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntFloat32V(v map[int]float32, canChange bool,
-	d *Decoder) (_ map[int]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntFloat64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]float64)
-		v, changed := fastpathTV.DecMapIntFloat64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntFloat64V(rv2i(rv).(map[int]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapIntFloat64X(vp *map[int]float64, d *Decoder) {
-	v, changed := f.DecMapIntFloat64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntFloat64V(v map[int]float64, canChange bool,
-	d *Decoder) (_ map[int]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapIntBoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int]bool)
-		v, changed := fastpathTV.DecMapIntBoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapIntBoolV(rv2i(rv).(map[int]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapIntBoolX(vp *map[int]bool, d *Decoder) {
-	v, changed := f.DecMapIntBoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapIntBoolV(v map[int]bool, canChange bool,
-	d *Decoder) (_ map[int]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]interface{})
-		v, changed := fastpathTV.DecMapInt8IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8IntfV(rv2i(rv).(map[int8]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8IntfX(vp *map[int8]interface{}, d *Decoder) {
-	v, changed := f.DecMapInt8IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8IntfV(v map[int8]interface{}, canChange bool,
-	d *Decoder) (_ map[int8]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[int8]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk int8
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]string)
-		v, changed := fastpathTV.DecMapInt8StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8StringV(rv2i(rv).(map[int8]string), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8StringX(vp *map[int8]string, d *Decoder) {
-	v, changed := f.DecMapInt8StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8StringV(v map[int8]string, canChange bool,
-	d *Decoder) (_ map[int8]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[int8]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]uint)
-		v, changed := fastpathTV.DecMapInt8UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8UintV(rv2i(rv).(map[int8]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8UintX(vp *map[int8]uint, d *Decoder) {
-	v, changed := f.DecMapInt8UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8UintV(v map[int8]uint, canChange bool,
-	d *Decoder) (_ map[int8]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int8]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]uint8)
-		v, changed := fastpathTV.DecMapInt8Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Uint8V(rv2i(rv).(map[int8]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Uint8X(vp *map[int8]uint8, d *Decoder) {
-	v, changed := f.DecMapInt8Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Uint8V(v map[int8]uint8, canChange bool,
-	d *Decoder) (_ map[int8]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[int8]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]uint16)
-		v, changed := fastpathTV.DecMapInt8Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Uint16V(rv2i(rv).(map[int8]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Uint16X(vp *map[int8]uint16, d *Decoder) {
-	v, changed := f.DecMapInt8Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Uint16V(v map[int8]uint16, canChange bool,
-	d *Decoder) (_ map[int8]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[int8]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]uint32)
-		v, changed := fastpathTV.DecMapInt8Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Uint32V(rv2i(rv).(map[int8]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Uint32X(vp *map[int8]uint32, d *Decoder) {
-	v, changed := f.DecMapInt8Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Uint32V(v map[int8]uint32, canChange bool,
-	d *Decoder) (_ map[int8]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[int8]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]uint64)
-		v, changed := fastpathTV.DecMapInt8Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Uint64V(rv2i(rv).(map[int8]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Uint64X(vp *map[int8]uint64, d *Decoder) {
-	v, changed := f.DecMapInt8Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Uint64V(v map[int8]uint64, canChange bool,
-	d *Decoder) (_ map[int8]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int8]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]uintptr)
-		v, changed := fastpathTV.DecMapInt8UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8UintptrV(rv2i(rv).(map[int8]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8UintptrX(vp *map[int8]uintptr, d *Decoder) {
-	v, changed := f.DecMapInt8UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8UintptrV(v map[int8]uintptr, canChange bool,
-	d *Decoder) (_ map[int8]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int8]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]int)
-		v, changed := fastpathTV.DecMapInt8IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8IntV(rv2i(rv).(map[int8]int), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8IntX(vp *map[int8]int, d *Decoder) {
-	v, changed := f.DecMapInt8IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8IntV(v map[int8]int, canChange bool,
-	d *Decoder) (_ map[int8]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int8]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]int8)
-		v, changed := fastpathTV.DecMapInt8Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Int8V(rv2i(rv).(map[int8]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Int8X(vp *map[int8]int8, d *Decoder) {
-	v, changed := f.DecMapInt8Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Int8V(v map[int8]int8, canChange bool,
-	d *Decoder) (_ map[int8]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[int8]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]int16)
-		v, changed := fastpathTV.DecMapInt8Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Int16V(rv2i(rv).(map[int8]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Int16X(vp *map[int8]int16, d *Decoder) {
-	v, changed := f.DecMapInt8Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Int16V(v map[int8]int16, canChange bool,
-	d *Decoder) (_ map[int8]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[int8]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]int32)
-		v, changed := fastpathTV.DecMapInt8Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Int32V(rv2i(rv).(map[int8]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Int32X(vp *map[int8]int32, d *Decoder) {
-	v, changed := f.DecMapInt8Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Int32V(v map[int8]int32, canChange bool,
-	d *Decoder) (_ map[int8]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[int8]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]int64)
-		v, changed := fastpathTV.DecMapInt8Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Int64V(rv2i(rv).(map[int8]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Int64X(vp *map[int8]int64, d *Decoder) {
-	v, changed := f.DecMapInt8Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Int64V(v map[int8]int64, canChange bool,
-	d *Decoder) (_ map[int8]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int8]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]float32)
-		v, changed := fastpathTV.DecMapInt8Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Float32V(rv2i(rv).(map[int8]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Float32X(vp *map[int8]float32, d *Decoder) {
-	v, changed := f.DecMapInt8Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Float32V(v map[int8]float32, canChange bool,
-	d *Decoder) (_ map[int8]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[int8]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]float64)
-		v, changed := fastpathTV.DecMapInt8Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8Float64V(rv2i(rv).(map[int8]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8Float64X(vp *map[int8]float64, d *Decoder) {
-	v, changed := f.DecMapInt8Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8Float64V(v map[int8]float64, canChange bool,
-	d *Decoder) (_ map[int8]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int8]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt8BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int8]bool)
-		v, changed := fastpathTV.DecMapInt8BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt8BoolV(rv2i(rv).(map[int8]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapInt8BoolX(vp *map[int8]bool, d *Decoder) {
-	v, changed := f.DecMapInt8BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt8BoolV(v map[int8]bool, canChange bool,
-	d *Decoder) (_ map[int8]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[int8]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int8
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]interface{})
-		v, changed := fastpathTV.DecMapInt16IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16IntfV(rv2i(rv).(map[int16]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16IntfX(vp *map[int16]interface{}, d *Decoder) {
-	v, changed := f.DecMapInt16IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16IntfV(v map[int16]interface{}, canChange bool,
-	d *Decoder) (_ map[int16]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 18)
-		v = make(map[int16]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk int16
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]string)
-		v, changed := fastpathTV.DecMapInt16StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16StringV(rv2i(rv).(map[int16]string), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16StringX(vp *map[int16]string, d *Decoder) {
-	v, changed := f.DecMapInt16StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16StringV(v map[int16]string, canChange bool,
-	d *Decoder) (_ map[int16]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 18)
-		v = make(map[int16]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]uint)
-		v, changed := fastpathTV.DecMapInt16UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16UintV(rv2i(rv).(map[int16]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16UintX(vp *map[int16]uint, d *Decoder) {
-	v, changed := f.DecMapInt16UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16UintV(v map[int16]uint, canChange bool,
-	d *Decoder) (_ map[int16]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int16]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]uint8)
-		v, changed := fastpathTV.DecMapInt16Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Uint8V(rv2i(rv).(map[int16]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Uint8X(vp *map[int16]uint8, d *Decoder) {
-	v, changed := f.DecMapInt16Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Uint8V(v map[int16]uint8, canChange bool,
-	d *Decoder) (_ map[int16]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[int16]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]uint16)
-		v, changed := fastpathTV.DecMapInt16Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Uint16V(rv2i(rv).(map[int16]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Uint16X(vp *map[int16]uint16, d *Decoder) {
-	v, changed := f.DecMapInt16Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Uint16V(v map[int16]uint16, canChange bool,
-	d *Decoder) (_ map[int16]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 4)
-		v = make(map[int16]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]uint32)
-		v, changed := fastpathTV.DecMapInt16Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Uint32V(rv2i(rv).(map[int16]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Uint32X(vp *map[int16]uint32, d *Decoder) {
-	v, changed := f.DecMapInt16Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Uint32V(v map[int16]uint32, canChange bool,
-	d *Decoder) (_ map[int16]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[int16]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]uint64)
-		v, changed := fastpathTV.DecMapInt16Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Uint64V(rv2i(rv).(map[int16]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Uint64X(vp *map[int16]uint64, d *Decoder) {
-	v, changed := f.DecMapInt16Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Uint64V(v map[int16]uint64, canChange bool,
-	d *Decoder) (_ map[int16]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int16]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]uintptr)
-		v, changed := fastpathTV.DecMapInt16UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16UintptrV(rv2i(rv).(map[int16]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16UintptrX(vp *map[int16]uintptr, d *Decoder) {
-	v, changed := f.DecMapInt16UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16UintptrV(v map[int16]uintptr, canChange bool,
-	d *Decoder) (_ map[int16]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int16]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]int)
-		v, changed := fastpathTV.DecMapInt16IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16IntV(rv2i(rv).(map[int16]int), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16IntX(vp *map[int16]int, d *Decoder) {
-	v, changed := f.DecMapInt16IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16IntV(v map[int16]int, canChange bool,
-	d *Decoder) (_ map[int16]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int16]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]int8)
-		v, changed := fastpathTV.DecMapInt16Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Int8V(rv2i(rv).(map[int16]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Int8X(vp *map[int16]int8, d *Decoder) {
-	v, changed := f.DecMapInt16Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Int8V(v map[int16]int8, canChange bool,
-	d *Decoder) (_ map[int16]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[int16]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]int16)
-		v, changed := fastpathTV.DecMapInt16Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Int16V(rv2i(rv).(map[int16]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Int16X(vp *map[int16]int16, d *Decoder) {
-	v, changed := f.DecMapInt16Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Int16V(v map[int16]int16, canChange bool,
-	d *Decoder) (_ map[int16]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 4)
-		v = make(map[int16]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]int32)
-		v, changed := fastpathTV.DecMapInt16Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Int32V(rv2i(rv).(map[int16]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Int32X(vp *map[int16]int32, d *Decoder) {
-	v, changed := f.DecMapInt16Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Int32V(v map[int16]int32, canChange bool,
-	d *Decoder) (_ map[int16]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[int16]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]int64)
-		v, changed := fastpathTV.DecMapInt16Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Int64V(rv2i(rv).(map[int16]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Int64X(vp *map[int16]int64, d *Decoder) {
-	v, changed := f.DecMapInt16Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Int64V(v map[int16]int64, canChange bool,
-	d *Decoder) (_ map[int16]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int16]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]float32)
-		v, changed := fastpathTV.DecMapInt16Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Float32V(rv2i(rv).(map[int16]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Float32X(vp *map[int16]float32, d *Decoder) {
-	v, changed := f.DecMapInt16Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Float32V(v map[int16]float32, canChange bool,
-	d *Decoder) (_ map[int16]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[int16]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]float64)
-		v, changed := fastpathTV.DecMapInt16Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16Float64V(rv2i(rv).(map[int16]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16Float64X(vp *map[int16]float64, d *Decoder) {
-	v, changed := f.DecMapInt16Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16Float64V(v map[int16]float64, canChange bool,
-	d *Decoder) (_ map[int16]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int16]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt16BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int16]bool)
-		v, changed := fastpathTV.DecMapInt16BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt16BoolV(rv2i(rv).(map[int16]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapInt16BoolX(vp *map[int16]bool, d *Decoder) {
-	v, changed := f.DecMapInt16BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt16BoolV(v map[int16]bool, canChange bool,
-	d *Decoder) (_ map[int16]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[int16]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int16
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]interface{})
-		v, changed := fastpathTV.DecMapInt32IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32IntfV(rv2i(rv).(map[int32]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32IntfX(vp *map[int32]interface{}, d *Decoder) {
-	v, changed := f.DecMapInt32IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32IntfV(v map[int32]interface{}, canChange bool,
-	d *Decoder) (_ map[int32]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[int32]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk int32
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]string)
-		v, changed := fastpathTV.DecMapInt32StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32StringV(rv2i(rv).(map[int32]string), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32StringX(vp *map[int32]string, d *Decoder) {
-	v, changed := f.DecMapInt32StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32StringV(v map[int32]string, canChange bool,
-	d *Decoder) (_ map[int32]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 20)
-		v = make(map[int32]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]uint)
-		v, changed := fastpathTV.DecMapInt32UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32UintV(rv2i(rv).(map[int32]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32UintX(vp *map[int32]uint, d *Decoder) {
-	v, changed := f.DecMapInt32UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32UintV(v map[int32]uint, canChange bool,
-	d *Decoder) (_ map[int32]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int32]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]uint8)
-		v, changed := fastpathTV.DecMapInt32Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Uint8V(rv2i(rv).(map[int32]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Uint8X(vp *map[int32]uint8, d *Decoder) {
-	v, changed := f.DecMapInt32Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Uint8V(v map[int32]uint8, canChange bool,
-	d *Decoder) (_ map[int32]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[int32]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]uint16)
-		v, changed := fastpathTV.DecMapInt32Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Uint16V(rv2i(rv).(map[int32]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Uint16X(vp *map[int32]uint16, d *Decoder) {
-	v, changed := f.DecMapInt32Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Uint16V(v map[int32]uint16, canChange bool,
-	d *Decoder) (_ map[int32]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[int32]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]uint32)
-		v, changed := fastpathTV.DecMapInt32Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Uint32V(rv2i(rv).(map[int32]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Uint32X(vp *map[int32]uint32, d *Decoder) {
-	v, changed := f.DecMapInt32Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Uint32V(v map[int32]uint32, canChange bool,
-	d *Decoder) (_ map[int32]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[int32]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]uint64)
-		v, changed := fastpathTV.DecMapInt32Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Uint64V(rv2i(rv).(map[int32]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Uint64X(vp *map[int32]uint64, d *Decoder) {
-	v, changed := f.DecMapInt32Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Uint64V(v map[int32]uint64, canChange bool,
-	d *Decoder) (_ map[int32]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int32]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]uintptr)
-		v, changed := fastpathTV.DecMapInt32UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32UintptrV(rv2i(rv).(map[int32]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32UintptrX(vp *map[int32]uintptr, d *Decoder) {
-	v, changed := f.DecMapInt32UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32UintptrV(v map[int32]uintptr, canChange bool,
-	d *Decoder) (_ map[int32]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int32]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]int)
-		v, changed := fastpathTV.DecMapInt32IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32IntV(rv2i(rv).(map[int32]int), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32IntX(vp *map[int32]int, d *Decoder) {
-	v, changed := f.DecMapInt32IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32IntV(v map[int32]int, canChange bool,
-	d *Decoder) (_ map[int32]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int32]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]int8)
-		v, changed := fastpathTV.DecMapInt32Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Int8V(rv2i(rv).(map[int32]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Int8X(vp *map[int32]int8, d *Decoder) {
-	v, changed := f.DecMapInt32Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Int8V(v map[int32]int8, canChange bool,
-	d *Decoder) (_ map[int32]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[int32]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]int16)
-		v, changed := fastpathTV.DecMapInt32Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Int16V(rv2i(rv).(map[int32]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Int16X(vp *map[int32]int16, d *Decoder) {
-	v, changed := f.DecMapInt32Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Int16V(v map[int32]int16, canChange bool,
-	d *Decoder) (_ map[int32]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 6)
-		v = make(map[int32]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]int32)
-		v, changed := fastpathTV.DecMapInt32Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Int32V(rv2i(rv).(map[int32]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Int32X(vp *map[int32]int32, d *Decoder) {
-	v, changed := f.DecMapInt32Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Int32V(v map[int32]int32, canChange bool,
-	d *Decoder) (_ map[int32]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[int32]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]int64)
-		v, changed := fastpathTV.DecMapInt32Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Int64V(rv2i(rv).(map[int32]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Int64X(vp *map[int32]int64, d *Decoder) {
-	v, changed := f.DecMapInt32Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Int64V(v map[int32]int64, canChange bool,
-	d *Decoder) (_ map[int32]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int32]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]float32)
-		v, changed := fastpathTV.DecMapInt32Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Float32V(rv2i(rv).(map[int32]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Float32X(vp *map[int32]float32, d *Decoder) {
-	v, changed := f.DecMapInt32Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Float32V(v map[int32]float32, canChange bool,
-	d *Decoder) (_ map[int32]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 8)
-		v = make(map[int32]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]float64)
-		v, changed := fastpathTV.DecMapInt32Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32Float64V(rv2i(rv).(map[int32]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32Float64X(vp *map[int32]float64, d *Decoder) {
-	v, changed := f.DecMapInt32Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32Float64V(v map[int32]float64, canChange bool,
-	d *Decoder) (_ map[int32]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int32]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt32BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int32]bool)
-		v, changed := fastpathTV.DecMapInt32BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt32BoolV(rv2i(rv).(map[int32]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapInt32BoolX(vp *map[int32]bool, d *Decoder) {
-	v, changed := f.DecMapInt32BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt32BoolV(v map[int32]bool, canChange bool,
-	d *Decoder) (_ map[int32]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[int32]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int32
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64IntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]interface{})
-		v, changed := fastpathTV.DecMapInt64IntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64IntfV(rv2i(rv).(map[int64]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64IntfX(vp *map[int64]interface{}, d *Decoder) {
-	v, changed := f.DecMapInt64IntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64IntfV(v map[int64]interface{}, canChange bool,
-	d *Decoder) (_ map[int64]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[int64]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk int64
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64StringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]string)
-		v, changed := fastpathTV.DecMapInt64StringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64StringV(rv2i(rv).(map[int64]string), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64StringX(vp *map[int64]string, d *Decoder) {
-	v, changed := f.DecMapInt64StringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64StringV(v map[int64]string, canChange bool,
-	d *Decoder) (_ map[int64]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 24)
-		v = make(map[int64]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64UintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]uint)
-		v, changed := fastpathTV.DecMapInt64UintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64UintV(rv2i(rv).(map[int64]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64UintX(vp *map[int64]uint, d *Decoder) {
-	v, changed := f.DecMapInt64UintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64UintV(v map[int64]uint, canChange bool,
-	d *Decoder) (_ map[int64]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int64]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Uint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]uint8)
-		v, changed := fastpathTV.DecMapInt64Uint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Uint8V(rv2i(rv).(map[int64]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Uint8X(vp *map[int64]uint8, d *Decoder) {
-	v, changed := f.DecMapInt64Uint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Uint8V(v map[int64]uint8, canChange bool,
-	d *Decoder) (_ map[int64]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int64]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Uint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]uint16)
-		v, changed := fastpathTV.DecMapInt64Uint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Uint16V(rv2i(rv).(map[int64]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Uint16X(vp *map[int64]uint16, d *Decoder) {
-	v, changed := f.DecMapInt64Uint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Uint16V(v map[int64]uint16, canChange bool,
-	d *Decoder) (_ map[int64]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int64]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Uint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]uint32)
-		v, changed := fastpathTV.DecMapInt64Uint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Uint32V(rv2i(rv).(map[int64]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Uint32X(vp *map[int64]uint32, d *Decoder) {
-	v, changed := f.DecMapInt64Uint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Uint32V(v map[int64]uint32, canChange bool,
-	d *Decoder) (_ map[int64]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int64]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Uint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]uint64)
-		v, changed := fastpathTV.DecMapInt64Uint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Uint64V(rv2i(rv).(map[int64]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Uint64X(vp *map[int64]uint64, d *Decoder) {
-	v, changed := f.DecMapInt64Uint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Uint64V(v map[int64]uint64, canChange bool,
-	d *Decoder) (_ map[int64]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int64]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64UintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]uintptr)
-		v, changed := fastpathTV.DecMapInt64UintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64UintptrV(rv2i(rv).(map[int64]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64UintptrX(vp *map[int64]uintptr, d *Decoder) {
-	v, changed := f.DecMapInt64UintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64UintptrV(v map[int64]uintptr, canChange bool,
-	d *Decoder) (_ map[int64]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int64]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64IntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]int)
-		v, changed := fastpathTV.DecMapInt64IntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64IntV(rv2i(rv).(map[int64]int), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64IntX(vp *map[int64]int, d *Decoder) {
-	v, changed := f.DecMapInt64IntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64IntV(v map[int64]int, canChange bool,
-	d *Decoder) (_ map[int64]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int64]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Int8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]int8)
-		v, changed := fastpathTV.DecMapInt64Int8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Int8V(rv2i(rv).(map[int64]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Int8X(vp *map[int64]int8, d *Decoder) {
-	v, changed := f.DecMapInt64Int8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Int8V(v map[int64]int8, canChange bool,
-	d *Decoder) (_ map[int64]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int64]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Int16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]int16)
-		v, changed := fastpathTV.DecMapInt64Int16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Int16V(rv2i(rv).(map[int64]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Int16X(vp *map[int64]int16, d *Decoder) {
-	v, changed := f.DecMapInt64Int16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Int16V(v map[int64]int16, canChange bool,
-	d *Decoder) (_ map[int64]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 10)
-		v = make(map[int64]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Int32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]int32)
-		v, changed := fastpathTV.DecMapInt64Int32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Int32V(rv2i(rv).(map[int64]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Int32X(vp *map[int64]int32, d *Decoder) {
-	v, changed := f.DecMapInt64Int32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Int32V(v map[int64]int32, canChange bool,
-	d *Decoder) (_ map[int64]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int64]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Int64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]int64)
-		v, changed := fastpathTV.DecMapInt64Int64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Int64V(rv2i(rv).(map[int64]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Int64X(vp *map[int64]int64, d *Decoder) {
-	v, changed := f.DecMapInt64Int64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Int64V(v map[int64]int64, canChange bool,
-	d *Decoder) (_ map[int64]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int64]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Float32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]float32)
-		v, changed := fastpathTV.DecMapInt64Float32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Float32V(rv2i(rv).(map[int64]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Float32X(vp *map[int64]float32, d *Decoder) {
-	v, changed := f.DecMapInt64Float32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Float32V(v map[int64]float32, canChange bool,
-	d *Decoder) (_ map[int64]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 12)
-		v = make(map[int64]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64Float64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]float64)
-		v, changed := fastpathTV.DecMapInt64Float64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64Float64V(rv2i(rv).(map[int64]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64Float64X(vp *map[int64]float64, d *Decoder) {
-	v, changed := f.DecMapInt64Float64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64Float64V(v map[int64]float64, canChange bool,
-	d *Decoder) (_ map[int64]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 16)
-		v = make(map[int64]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapInt64BoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[int64]bool)
-		v, changed := fastpathTV.DecMapInt64BoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapInt64BoolV(rv2i(rv).(map[int64]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapInt64BoolX(vp *map[int64]bool, d *Decoder) {
-	v, changed := f.DecMapInt64BoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapInt64BoolV(v map[int64]bool, canChange bool,
-	d *Decoder) (_ map[int64]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[int64]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk int64
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeInt64()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolIntfR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]interface{})
-		v, changed := fastpathTV.DecMapBoolIntfV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolIntfV(rv2i(rv).(map[bool]interface{}), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolIntfX(vp *map[bool]interface{}, d *Decoder) {
-	v, changed := f.DecMapBoolIntfV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolIntfV(v map[bool]interface{}, canChange bool,
-	d *Decoder) (_ map[bool]interface{}, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[bool]interface{}, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	mapGet := v != nil && !d.h.MapValueReset && !d.h.InterfaceReset
-	var mk bool
-	var mv interface{}
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = nil
-			}
-			continue
-		}
-		if mapGet {
-			mv = v[mk]
-		} else {
-			mv = nil
-		}
-		d.decode(&mv)
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolStringR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]string)
-		v, changed := fastpathTV.DecMapBoolStringV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolStringV(rv2i(rv).(map[bool]string), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolStringX(vp *map[bool]string, d *Decoder) {
-	v, changed := f.DecMapBoolStringV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolStringV(v map[bool]string, canChange bool,
-	d *Decoder) (_ map[bool]string, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 17)
-		v = make(map[bool]string, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv string
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = ""
-			}
-			continue
-		}
-		mv = dd.DecodeString()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolUintR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]uint)
-		v, changed := fastpathTV.DecMapBoolUintV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolUintV(rv2i(rv).(map[bool]uint), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolUintX(vp *map[bool]uint, d *Decoder) {
-	v, changed := f.DecMapBoolUintV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolUintV(v map[bool]uint, canChange bool,
-	d *Decoder) (_ map[bool]uint, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[bool]uint, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv uint
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolUint8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]uint8)
-		v, changed := fastpathTV.DecMapBoolUint8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolUint8V(rv2i(rv).(map[bool]uint8), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolUint8X(vp *map[bool]uint8, d *Decoder) {
-	v, changed := f.DecMapBoolUint8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolUint8V(v map[bool]uint8, canChange bool,
-	d *Decoder) (_ map[bool]uint8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[bool]uint8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv uint8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint8(chkOvf.UintV(dd.DecodeUint64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolUint16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]uint16)
-		v, changed := fastpathTV.DecMapBoolUint16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolUint16V(rv2i(rv).(map[bool]uint16), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolUint16X(vp *map[bool]uint16, d *Decoder) {
-	v, changed := f.DecMapBoolUint16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolUint16V(v map[bool]uint16, canChange bool,
-	d *Decoder) (_ map[bool]uint16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[bool]uint16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv uint16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint16(chkOvf.UintV(dd.DecodeUint64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolUint32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]uint32)
-		v, changed := fastpathTV.DecMapBoolUint32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolUint32V(rv2i(rv).(map[bool]uint32), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolUint32X(vp *map[bool]uint32, d *Decoder) {
-	v, changed := f.DecMapBoolUint32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolUint32V(v map[bool]uint32, canChange bool,
-	d *Decoder) (_ map[bool]uint32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[bool]uint32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv uint32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uint32(chkOvf.UintV(dd.DecodeUint64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolUint64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]uint64)
-		v, changed := fastpathTV.DecMapBoolUint64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolUint64V(rv2i(rv).(map[bool]uint64), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolUint64X(vp *map[bool]uint64, d *Decoder) {
-	v, changed := f.DecMapBoolUint64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolUint64V(v map[bool]uint64, canChange bool,
-	d *Decoder) (_ map[bool]uint64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[bool]uint64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv uint64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeUint64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolUintptrR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]uintptr)
-		v, changed := fastpathTV.DecMapBoolUintptrV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolUintptrV(rv2i(rv).(map[bool]uintptr), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolUintptrX(vp *map[bool]uintptr, d *Decoder) {
-	v, changed := f.DecMapBoolUintptrV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolUintptrV(v map[bool]uintptr, canChange bool,
-	d *Decoder) (_ map[bool]uintptr, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[bool]uintptr, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv uintptr
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolIntR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]int)
-		v, changed := fastpathTV.DecMapBoolIntV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolIntV(rv2i(rv).(map[bool]int), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolIntX(vp *map[bool]int, d *Decoder) {
-	v, changed := f.DecMapBoolIntV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolIntV(v map[bool]int, canChange bool,
-	d *Decoder) (_ map[bool]int, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[bool]int, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv int
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolInt8R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]int8)
-		v, changed := fastpathTV.DecMapBoolInt8V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolInt8V(rv2i(rv).(map[bool]int8), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolInt8X(vp *map[bool]int8, d *Decoder) {
-	v, changed := f.DecMapBoolInt8V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolInt8V(v map[bool]int8, canChange bool,
-	d *Decoder) (_ map[bool]int8, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[bool]int8, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv int8
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int8(chkOvf.IntV(dd.DecodeInt64(), 8))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolInt16R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]int16)
-		v, changed := fastpathTV.DecMapBoolInt16V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolInt16V(rv2i(rv).(map[bool]int16), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolInt16X(vp *map[bool]int16, d *Decoder) {
-	v, changed := f.DecMapBoolInt16V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolInt16V(v map[bool]int16, canChange bool,
-	d *Decoder) (_ map[bool]int16, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 3)
-		v = make(map[bool]int16, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv int16
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int16(chkOvf.IntV(dd.DecodeInt64(), 16))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolInt32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]int32)
-		v, changed := fastpathTV.DecMapBoolInt32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolInt32V(rv2i(rv).(map[bool]int32), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolInt32X(vp *map[bool]int32, d *Decoder) {
-	v, changed := f.DecMapBoolInt32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolInt32V(v map[bool]int32, canChange bool,
-	d *Decoder) (_ map[bool]int32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[bool]int32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv int32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = int32(chkOvf.IntV(dd.DecodeInt64(), 32))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolInt64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]int64)
-		v, changed := fastpathTV.DecMapBoolInt64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolInt64V(rv2i(rv).(map[bool]int64), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolInt64X(vp *map[bool]int64, d *Decoder) {
-	v, changed := f.DecMapBoolInt64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolInt64V(v map[bool]int64, canChange bool,
-	d *Decoder) (_ map[bool]int64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[bool]int64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv int64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeInt64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolFloat32R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]float32)
-		v, changed := fastpathTV.DecMapBoolFloat32V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolFloat32V(rv2i(rv).(map[bool]float32), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolFloat32X(vp *map[bool]float32, d *Decoder) {
-	v, changed := f.DecMapBoolFloat32V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolFloat32V(v map[bool]float32, canChange bool,
-	d *Decoder) (_ map[bool]float32, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 5)
-		v = make(map[bool]float32, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv float32
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = float32(chkOvf.Float32V(dd.DecodeFloat64()))
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolFloat64R(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]float64)
-		v, changed := fastpathTV.DecMapBoolFloat64V(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolFloat64V(rv2i(rv).(map[bool]float64), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolFloat64X(vp *map[bool]float64, d *Decoder) {
-	v, changed := f.DecMapBoolFloat64V(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolFloat64V(v map[bool]float64, canChange bool,
-	d *Decoder) (_ map[bool]float64, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 9)
-		v = make(map[bool]float64, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv float64
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = 0
-			}
-			continue
-		}
-		mv = dd.DecodeFloat64()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
-
-func (d *Decoder) fastpathDecMapBoolBoolR(f *codecFnInfo, rv reflect.Value) {
-	if rv.Kind() == reflect.Ptr {
-		vp := rv2i(rv).(*map[bool]bool)
-		v, changed := fastpathTV.DecMapBoolBoolV(*vp, true, d)
-		if changed {
-			*vp = v
-		}
-	} else {
-		fastpathTV.DecMapBoolBoolV(rv2i(rv).(map[bool]bool), false, d)
-	}
-}
-func (f fastpathT) DecMapBoolBoolX(vp *map[bool]bool, d *Decoder) {
-	v, changed := f.DecMapBoolBoolV(*vp, true, d)
-	if changed {
-		*vp = v
-	}
-}
-func (_ fastpathT) DecMapBoolBoolV(v map[bool]bool, canChange bool,
-	d *Decoder) (_ map[bool]bool, changed bool) {
-	dd, esep := d.d, d.hh.hasElemSeparators()
-	containerLen := dd.ReadMapStart()
-	if canChange && v == nil {
-		xlen := decInferLen(containerLen, d.h.MaxInitLen, 2)
-		v = make(map[bool]bool, xlen)
-		changed = true
-	}
-	if containerLen == 0 {
-		dd.ReadMapEnd()
-		return v, changed
-	}
-	var mk bool
-	var mv bool
-	hasLen := containerLen > 0
-	for j := 0; (hasLen && j < containerLen) || !(hasLen || dd.CheckBreak()); j++ {
-		if esep {
-			dd.ReadMapElemKey()
-		}
-		mk = dd.DecodeBool()
-		if esep {
-			dd.ReadMapElemValue()
-		}
-		if dd.TryDecodeAsNil() {
-			if v == nil {
-			} else if d.h.DeleteOnNilMapValue {
-				delete(v, mk)
-			} else {
-				v[mk] = false
-			}
-			continue
-		}
-		mv = dd.DecodeBool()
-		if v != nil {
-			v[mk] = mv
-		}
-	}
-	dd.ReadMapEnd()
-	return v, changed
-}
diff --git a/vendor/github.com/ugorji/go/codec/fast-path.not.go b/vendor/github.com/ugorji/go/codec/fast-path.not.go
deleted file mode 100644
index f11b4674f817b..0000000000000
--- a/vendor/github.com/ugorji/go/codec/fast-path.not.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build notfastpath
-
-package codec
-
-import "reflect"
-
-const fastpathEnabled = false
-
-// The generated fast-path code is very large, and adds a few seconds to the build time.
-// This causes test execution, execution of small tools which use codec, etc
-// to take a long time.
-//
-// To mitigate, we now support the notfastpath tag.
-// This tag disables fastpath during build, allowing for faster build, test execution,
-// short-program runs, etc.
-
-func fastpathDecodeTypeSwitch(iv interface{}, d *Decoder) bool      { return false }
-func fastpathEncodeTypeSwitch(iv interface{}, e *Encoder) bool      { return false }
-func fastpathEncodeTypeSwitchSlice(iv interface{}, e *Encoder) bool { return false }
-func fastpathEncodeTypeSwitchMap(iv interface{}, e *Encoder) bool   { return false }
-func fastpathDecodeSetZeroTypeSwitch(iv interface{}) bool           { return false }
-
-type fastpathT struct{}
-type fastpathE struct {
-	rtid  uintptr
-	rt    reflect.Type
-	encfn func(*Encoder, *codecFnInfo, reflect.Value)
-	decfn func(*Decoder, *codecFnInfo, reflect.Value)
-}
-type fastpathA [0]fastpathE
-
-func (x fastpathA) index(rtid uintptr) int { return -1 }
-
-func (_ fastpathT) DecSliceUint8V(v []uint8, canChange bool, d *Decoder) (_ []uint8, changed bool) {
-	fn := d.cfer().get(uint8SliceTyp, true, true)
-	d.kSlice(&fn.i, reflect.ValueOf(&v).Elem())
-	return v, true
-}
-
-var fastpathAV fastpathA
-var fastpathTV fastpathT
-
-// ----
-type TestMammoth2Wrapper struct{} // to allow testMammoth work in notfastpath mode
diff --git a/vendor/github.com/ugorji/go/codec/gen-helper.generated.go b/vendor/github.com/ugorji/go/codec/gen-helper.generated.go
deleted file mode 100644
index 917d28283793b..0000000000000
--- a/vendor/github.com/ugorji/go/codec/gen-helper.generated.go
+++ /dev/null
@@ -1,335 +0,0 @@
-/* // +build ignore */
-
-// Copyright (c) 2012-2015 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// Code generated from gen-helper.go.tmpl - DO NOT EDIT.
-
-package codec
-
-import (
-	"encoding"
-	"reflect"
-)
-
-// GenVersion is the current version of codecgen.
-const GenVersion = 8
-
-// This file is used to generate helper code for codecgen.
-// The values here i.e. genHelper(En|De)coder are not to be used directly by
-// library users. They WILL change continuously and without notice.
-//
-// To help enforce this, we create an unexported type with exported members.
-// The only way to get the type is via the one exported type that we control (somewhat).
-//
-// When static codecs are created for types, they will use this value
-// to perform encoding or decoding of primitives or known slice or map types.
-
-// GenHelperEncoder is exported so that it can be used externally by codecgen.
-//
-// Library users: DO NOT USE IT DIRECTLY. IT WILL CHANGE CONTINOUSLY WITHOUT NOTICE.
-func GenHelperEncoder(e *Encoder) (ge genHelperEncoder, ee genHelperEncDriver) {
-	ge = genHelperEncoder{e: e}
-	ee = genHelperEncDriver{encDriver: e.e}
-	return
-}
-
-// GenHelperDecoder is exported so that it can be used externally by codecgen.
-//
-// Library users: DO NOT USE IT DIRECTLY. IT WILL CHANGE CONTINOUSLY WITHOUT NOTICE.
-func GenHelperDecoder(d *Decoder) (gd genHelperDecoder, dd genHelperDecDriver) {
-	gd = genHelperDecoder{d: d}
-	dd = genHelperDecDriver{decDriver: d.d}
-	return
-}
-
-type genHelperEncDriver struct {
-	encDriver
-}
-
-func (x genHelperEncDriver) EncodeBuiltin(rt uintptr, v interface{}) {}
-func (x genHelperEncDriver) EncStructFieldKey(keyType valueType, s string) {
-	encStructFieldKey(x.encDriver, keyType, s)
-}
-func (x genHelperEncDriver) EncodeSymbol(s string) {
-	x.encDriver.EncodeString(cUTF8, s)
-}
-
-type genHelperDecDriver struct {
-	decDriver
-	C checkOverflow
-}
-
-func (x genHelperDecDriver) DecodeBuiltin(rt uintptr, v interface{}) {}
-func (x genHelperDecDriver) DecStructFieldKey(keyType valueType, buf *[decScratchByteArrayLen]byte) []byte {
-	return decStructFieldKey(x.decDriver, keyType, buf)
-}
-func (x genHelperDecDriver) DecodeInt(bitsize uint8) (i int64) {
-	return x.C.IntV(x.decDriver.DecodeInt64(), bitsize)
-}
-func (x genHelperDecDriver) DecodeUint(bitsize uint8) (ui uint64) {
-	return x.C.UintV(x.decDriver.DecodeUint64(), bitsize)
-}
-func (x genHelperDecDriver) DecodeFloat(chkOverflow32 bool) (f float64) {
-	f = x.DecodeFloat64()
-	if chkOverflow32 && chkOvf.Float32(f) {
-		panicv.errorf("float32 overflow: %v", f)
-	}
-	return
-}
-func (x genHelperDecDriver) DecodeFloat32As64() (f float64) {
-	f = x.DecodeFloat64()
-	if chkOvf.Float32(f) {
-		panicv.errorf("float32 overflow: %v", f)
-	}
-	return
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-type genHelperEncoder struct {
-	M must
-	e *Encoder
-	F fastpathT
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-type genHelperDecoder struct {
-	C checkOverflow
-	d *Decoder
-	F fastpathT
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) EncBasicHandle() *BasicHandle {
-	return f.e.h
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) EncBinary() bool {
-	return f.e.be // f.e.hh.isBinaryEncoding()
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) IsJSONHandle() bool {
-	return f.e.js
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) EncFallback(iv interface{}) {
-	// println(">>>>>>>>> EncFallback")
-	// f.e.encodeI(iv, false, false)
-	f.e.encodeValue(reflect.ValueOf(iv), nil, false)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) EncTextMarshal(iv encoding.TextMarshaler) {
-	bs, fnerr := iv.MarshalText()
-	f.e.marshal(bs, fnerr, false, cUTF8)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) EncJSONMarshal(iv jsonMarshaler) {
-	bs, fnerr := iv.MarshalJSON()
-	f.e.marshal(bs, fnerr, true, cUTF8)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) EncBinaryMarshal(iv encoding.BinaryMarshaler) {
-	bs, fnerr := iv.MarshalBinary()
-	f.e.marshal(bs, fnerr, false, cRAW)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) EncRaw(iv Raw) { f.e.rawBytes(iv) }
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-//
-// Deprecated: builtin no longer supported - so we make this method a no-op,
-// but leave in-place so that old generated files continue to work without regeneration.
-func (f genHelperEncoder) TimeRtidIfBinc() (v uintptr) { return }
-
-// func (f genHelperEncoder) TimeRtidIfBinc() uintptr {
-// 	if _, ok := f.e.hh.(*BincHandle); ok {
-// 		return timeTypId
-// 	}
-// }
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) I2Rtid(v interface{}) uintptr {
-	return i2rtid(v)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) Extension(rtid uintptr) (xfn *extTypeTagFn) {
-	return f.e.h.getExt(rtid)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperEncoder) EncExtension(v interface{}, xfFn *extTypeTagFn) {
-	f.e.e.EncodeExt(v, xfFn.tag, xfFn.ext, f.e)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-//
-// Deprecated: No longer used,
-// but leave in-place so that old generated files continue to work without regeneration.
-func (f genHelperEncoder) HasExtensions() bool {
-	return len(f.e.h.extHandle) != 0
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-//
-// Deprecated: No longer used,
-// but leave in-place so that old generated files continue to work without regeneration.
-func (f genHelperEncoder) EncExt(v interface{}) (r bool) {
-	if xfFn := f.e.h.getExt(i2rtid(v)); xfFn != nil {
-		f.e.e.EncodeExt(v, xfFn.tag, xfFn.ext, f.e)
-		return true
-	}
-	return false
-}
-
-// ---------------- DECODER FOLLOWS -----------------
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecBasicHandle() *BasicHandle {
-	return f.d.h
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecBinary() bool {
-	return f.d.be // f.d.hh.isBinaryEncoding()
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecSwallow() { f.d.swallow() }
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecScratchBuffer() []byte {
-	return f.d.b[:]
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecScratchArrayBuffer() *[decScratchByteArrayLen]byte {
-	return &f.d.b
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecFallback(iv interface{}, chkPtr bool) {
-	// println(">>>>>>>>> DecFallback")
-	rv := reflect.ValueOf(iv)
-	if chkPtr {
-		rv = f.d.ensureDecodeable(rv)
-	}
-	f.d.decodeValue(rv, nil, false)
-	// f.d.decodeValueFallback(rv)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecSliceHelperStart() (decSliceHelper, int) {
-	return f.d.decSliceHelperStart()
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecStructFieldNotFound(index int, name string) {
-	f.d.structFieldNotFound(index, name)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecArrayCannotExpand(sliceLen, streamLen int) {
-	f.d.arrayCannotExpand(sliceLen, streamLen)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecTextUnmarshal(tm encoding.TextUnmarshaler) {
-	fnerr := tm.UnmarshalText(f.d.d.DecodeStringAsBytes())
-	if fnerr != nil {
-		panic(fnerr)
-	}
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecJSONUnmarshal(tm jsonUnmarshaler) {
-	// bs := f.dd.DecodeStringAsBytes()
-	// grab the bytes to be read, as UnmarshalJSON needs the full JSON so as to unmarshal it itself.
-	fnerr := tm.UnmarshalJSON(f.d.nextValueBytes())
-	if fnerr != nil {
-		panic(fnerr)
-	}
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecBinaryUnmarshal(bm encoding.BinaryUnmarshaler) {
-	fnerr := bm.UnmarshalBinary(f.d.d.DecodeBytes(nil, true))
-	if fnerr != nil {
-		panic(fnerr)
-	}
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecRaw() []byte { return f.d.rawBytes() }
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-//
-// Deprecated: builtin no longer supported - so we make this method a no-op,
-// but leave in-place so that old generated files continue to work without regeneration.
-func (f genHelperDecoder) TimeRtidIfBinc() (v uintptr) { return }
-
-// func (f genHelperDecoder) TimeRtidIfBinc() uintptr {
-// 	// Note: builtin is no longer supported - so make this a no-op
-// 	if _, ok := f.d.hh.(*BincHandle); ok {
-// 		return timeTypId
-// 	}
-// 	return 0
-// }
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) IsJSONHandle() bool {
-	return f.d.js
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) I2Rtid(v interface{}) uintptr {
-	return i2rtid(v)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) Extension(rtid uintptr) (xfn *extTypeTagFn) {
-	return f.d.h.getExt(rtid)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecExtension(v interface{}, xfFn *extTypeTagFn) {
-	f.d.d.DecodeExt(v, xfFn.tag, xfFn.ext)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-//
-// Deprecated: No longer used,
-// but leave in-place so that old generated files continue to work without regeneration.
-func (f genHelperDecoder) HasExtensions() bool {
-	return len(f.d.h.extHandle) != 0
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-//
-// Deprecated: No longer used,
-// but leave in-place so that old generated files continue to work without regeneration.
-func (f genHelperDecoder) DecExt(v interface{}) (r bool) {
-	if xfFn := f.d.h.getExt(i2rtid(v)); xfFn != nil {
-		f.d.d.DecodeExt(v, xfFn.tag, xfFn.ext)
-		return true
-	}
-	return false
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-func (f genHelperDecoder) DecInferLen(clen, maxlen, unit int) (rvlen int) {
-	return decInferLen(clen, maxlen, unit)
-}
-
-// FOR USE BY CODECGEN ONLY. IT *WILL* CHANGE WITHOUT NOTICE. *DO NOT USE*
-//
-// Deprecated: no longer used,
-// but leave in-place so that old generated files continue to work without regeneration.
-func (f genHelperDecoder) StringView(v []byte) string { return stringView(v) }
diff --git a/vendor/github.com/ugorji/go/codec/gen.generated.go b/vendor/github.com/ugorji/go/codec/gen.generated.go
deleted file mode 100644
index 240ba9f8c77c1..0000000000000
--- a/vendor/github.com/ugorji/go/codec/gen.generated.go
+++ /dev/null
@@ -1,164 +0,0 @@
-// +build codecgen.exec
-
-// Copyright (c) 2012-2015 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-// DO NOT EDIT. THIS FILE IS AUTO-GENERATED FROM gen-dec-(map|array).go.tmpl
-
-const genDecMapTmpl = `
-{{var "v"}} := *{{ .Varname }}
-{{var "l"}} := r.ReadMapStart()
-{{var "bh"}} := z.DecBasicHandle()
-if {{var "v"}} == nil {
-	{{var "rl"}} := z.DecInferLen({{var "l"}}, {{var "bh"}}.MaxInitLen, {{ .Size }})
-	{{var "v"}} = make(map[{{ .KTyp }}]{{ .Typ }}, {{var "rl"}})
-	*{{ .Varname }} = {{var "v"}}
-}
-var {{var "mk"}} {{ .KTyp }}
-var {{var "mv"}} {{ .Typ }}
-var {{var "mg"}}, {{var "mdn"}} {{if decElemKindPtr}}, {{var "ms"}}, {{var "mok"}}{{end}} bool
-if {{var "bh"}}.MapValueReset {
-	{{if decElemKindPtr}}{{var "mg"}} = true
-	{{else if decElemKindIntf}}if !{{var "bh"}}.InterfaceReset { {{var "mg"}} = true }
-	{{else if not decElemKindImmutable}}{{var "mg"}} = true
-	{{end}} }
-if {{var "l"}} != 0 {
-{{var "hl"}} := {{var "l"}} > 0 
-	for {{var "j"}} := 0; ({{var "hl"}} && {{var "j"}} < {{var "l"}}) || !({{var "hl"}} || r.CheckBreak()); {{var "j"}}++ {
-	r.ReadMapElemKey() {{/* z.DecSendContainerState(codecSelfer_containerMapKey{{ .Sfx }}) */}}
-	{{ $x := printf "%vmk%v" .TempVar .Rand }}{{ decLineVarK $x }}
-{{ if eq .KTyp "interface{}" }}{{/* // special case if a byte array. */}}if {{var "bv"}}, {{var "bok"}} := {{var "mk"}}.([]byte); {{var "bok"}} {
-		{{var "mk"}} = string({{var "bv"}})
-	}{{ end }}{{if decElemKindPtr}}
-	{{var "ms"}} = true{{end}}
-	if {{var "mg"}} {
-		{{if decElemKindPtr}}{{var "mv"}}, {{var "mok"}} = {{var "v"}}[{{var "mk"}}] 
-		if {{var "mok"}} {
-			{{var "ms"}} = false
-		} {{else}}{{var "mv"}} = {{var "v"}}[{{var "mk"}}] {{end}}
-	} {{if not decElemKindImmutable}}else { {{var "mv"}} = {{decElemZero}} }{{end}}
-	r.ReadMapElemValue() {{/* z.DecSendContainerState(codecSelfer_containerMapValue{{ .Sfx }}) */}}
-	{{var "mdn"}} = false
-	{{ $x := printf "%vmv%v" .TempVar .Rand }}{{ $y := printf "%vmdn%v" .TempVar .Rand }}{{ decLineVar $x $y }}
-	if {{var "mdn"}} {
-		if {{ var "bh" }}.DeleteOnNilMapValue { delete({{var "v"}}, {{var "mk"}}) } else { {{var "v"}}[{{var "mk"}}] = {{decElemZero}} }
-	} else if {{if decElemKindPtr}} {{var "ms"}} && {{end}} {{var "v"}} != nil {
-		{{var "v"}}[{{var "mk"}}] = {{var "mv"}}
-	}
-}
-} // else len==0: TODO: Should we clear map entries?
-r.ReadMapEnd() {{/* z.DecSendContainerState(codecSelfer_containerMapEnd{{ .Sfx }}) */}}
-`
-
-const genDecListTmpl = `
-{{var "v"}} := {{if not isArray}}*{{end}}{{ .Varname }}
-{{var "h"}}, {{var "l"}} := z.DecSliceHelperStart() {{/* // helper, containerLenS */}}{{if not isArray}}
-var {{var "c"}} bool {{/* // changed */}}
-_ = {{var "c"}}{{end}}
-if {{var "l"}} == 0 {
-	{{if isSlice }}if {{var "v"}} == nil {
-		{{var "v"}} = []{{ .Typ }}{}
-		{{var "c"}} = true
-	} else if len({{var "v"}}) != 0 {
-		{{var "v"}} = {{var "v"}}[:0]
-		{{var "c"}} = true
-	} {{else if isChan }}if {{var "v"}} == nil {
-		{{var "v"}} = make({{ .CTyp }}, 0)
-		{{var "c"}} = true
-	} {{end}}
-} else {
-	{{var "hl"}} := {{var "l"}} > 0
-	var {{var "rl"}} int
-	_ =  {{var "rl"}}
-	{{if isSlice }} if {{var "hl"}} {
-	if {{var "l"}} > cap({{var "v"}}) {
-		{{var "rl"}} = z.DecInferLen({{var "l"}}, z.DecBasicHandle().MaxInitLen, {{ .Size }})
-		if {{var "rl"}} <= cap({{var "v"}}) {
-			{{var "v"}} = {{var "v"}}[:{{var "rl"}}]
-		} else {
-			{{var "v"}} = make([]{{ .Typ }}, {{var "rl"}})
-		}
-		{{var "c"}} = true
-	} else if {{var "l"}} != len({{var "v"}}) {
-		{{var "v"}} = {{var "v"}}[:{{var "l"}}]
-		{{var "c"}} = true
-	}
-	} {{end}}
-	var {{var "j"}} int 
-    // var {{var "dn"}} bool 
-	for ; ({{var "hl"}} && {{var "j"}} < {{var "l"}}) || !({{var "hl"}} || r.CheckBreak()); {{var "j"}}++ {
-		{{if not isArray}} if {{var "j"}} == 0 && {{var "v"}} == nil {
-			if {{var "hl"}} {
-				{{var "rl"}} = z.DecInferLen({{var "l"}}, z.DecBasicHandle().MaxInitLen, {{ .Size }})
-			} else {
-				{{var "rl"}} = {{if isSlice}}8{{else if isChan}}64{{end}}
-			}
-			{{var "v"}} = make({{if isSlice}}[]{{ .Typ }}{{else if isChan}}{{.CTyp}}{{end}}, {{var "rl"}})
-			{{var "c"}} = true 
-		}{{end}}
-		{{var "h"}}.ElemContainerState({{var "j"}})
-        {{/* {{var "dn"}} = r.TryDecodeAsNil() */}}{{/* commented out, as decLineVar handles this already each time */}}
-        {{if isChan}}{{ $x := printf "%[1]vvcx%[2]v" .TempVar .Rand }}var {{$x}} {{ .Typ }}
-		{{ decLineVar $x }}
-		{{var "v"}} <- {{ $x }}
-        // println(">>>> sending ", {{ $x }}, " into ", {{var "v"}}) // TODO: remove this
-        {{else}}{{/* // if indefinite, etc, then expand the slice if necessary */}}
-		var {{var "db"}} bool
-		if {{var "j"}} >= len({{var "v"}}) {
-			{{if isSlice }} {{var "v"}} = append({{var "v"}}, {{ zero }})
-			{{var "c"}} = true
-			{{else}} z.DecArrayCannotExpand(len(v), {{var "j"}}+1); {{var "db"}} = true
-			{{end}}
-		}
-		if {{var "db"}} {
-			z.DecSwallow()
-		} else {
-			{{ $x := printf "%[1]vv%[2]v[%[1]vj%[2]v]" .TempVar .Rand }}{{ decLineVar $x }}
-		}
-        {{end}}
-	}
-	{{if isSlice}} if {{var "j"}} < len({{var "v"}}) {
-		{{var "v"}} = {{var "v"}}[:{{var "j"}}]
-		{{var "c"}} = true
-	} else if {{var "j"}} == 0 && {{var "v"}} == nil {
-		{{var "v"}} = make([]{{ .Typ }}, 0)
-		{{var "c"}} = true
-	} {{end}}
-}
-{{var "h"}}.End()
-{{if not isArray }}if {{var "c"}} { 
-	*{{ .Varname }} = {{var "v"}}
-}{{end}}
-`
-
-const genEncChanTmpl = `
-{{.Label}}:
-switch timeout{{.Sfx}} :=  z.EncBasicHandle().ChanRecvTimeout; {
-case timeout{{.Sfx}} == 0: // only consume available
-	for {
-		select {
-		case b{{.Sfx}} := <-{{.Chan}}:
-			{{ .Slice }} = append({{.Slice}}, b{{.Sfx}})
-		default:
-			break {{.Label}}
-		}
-	}
-case timeout{{.Sfx}} > 0: // consume until timeout
-	tt{{.Sfx}} := time.NewTimer(timeout{{.Sfx}})
-	for {
-		select {
-		case b{{.Sfx}} := <-{{.Chan}}:
-			{{.Slice}} = append({{.Slice}}, b{{.Sfx}})
-		case <-tt{{.Sfx}}.C:
-			// close(tt.C)
-			break {{.Label}}
-		}
-	}
-default: // consume until close
-	for b{{.Sfx}} := range {{.Chan}} {
-		{{.Slice}} = append({{.Slice}}, b{{.Sfx}})
-	}
-}
-`
diff --git a/vendor/github.com/ugorji/go/codec/gen.go b/vendor/github.com/ugorji/go/codec/gen.go
deleted file mode 100644
index b4c4031ff4560..0000000000000
--- a/vendor/github.com/ugorji/go/codec/gen.go
+++ /dev/null
@@ -1,2139 +0,0 @@
-// +build codecgen.exec
-
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"bytes"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"go/format"
-	"io"
-	"io/ioutil"
-	"math/rand"
-	"reflect"
-	"regexp"
-	"sort"
-	"strconv"
-	"strings"
-	"sync"
-	"text/template"
-	"time"
-	"unicode"
-	"unicode/utf8"
-)
-
-// ---------------------------------------------------
-// codecgen supports the full cycle of reflection-based codec:
-//    - RawExt
-//    - Raw
-//    - Extensions
-//    - (Binary|Text|JSON)(Unm|M)arshal
-//    - generic by-kind
-//
-// This means that, for dynamic things, we MUST use reflection to at least get the reflect.Type.
-// In those areas, we try to only do reflection or interface-conversion when NECESSARY:
-//    - Extensions, only if Extensions are configured.
-//
-// However, codecgen doesn't support the following:
-//   - Canonical option. (codecgen IGNORES it currently)
-//     This is just because it has not been implemented.
-//
-// During encode/decode, Selfer takes precedence.
-// A type implementing Selfer will know how to encode/decode itself statically.
-//
-// The following field types are supported:
-//     array: [n]T
-//     slice: []T
-//     map: map[K]V
-//     primitive: [u]int[n], float(32|64), bool, string
-//     struct
-//
-// ---------------------------------------------------
-// Note that a Selfer cannot call (e|d).(En|De)code on itself,
-// as this will cause a circular reference, as (En|De)code will call Selfer methods.
-// Any type that implements Selfer must implement completely and not fallback to (En|De)code.
-//
-// In addition, code in this file manages the generation of fast-path implementations of
-// encode/decode of slices/maps of primitive keys/values.
-//
-// Users MUST re-generate their implementations whenever the code shape changes.
-// The generated code will panic if it was generated with a version older than the supporting library.
-// ---------------------------------------------------
-//
-// codec framework is very feature rich.
-// When encoding or decoding into an interface, it depends on the runtime type of the interface.
-// The type of the interface may be a named type, an extension, etc.
-// Consequently, we fallback to runtime codec for encoding/decoding interfaces.
-// In addition, we fallback for any value which cannot be guaranteed at runtime.
-// This allows us support ANY value, including any named types, specifically those which
-// do not implement our interfaces (e.g. Selfer).
-//
-// This explains some slowness compared to other code generation codecs (e.g. msgp).
-// This reduction in speed is only seen when your refers to interfaces,
-// e.g. type T struct { A interface{}; B []interface{}; C map[string]interface{} }
-//
-// codecgen will panic if the file was generated with an old version of the library in use.
-//
-// Note:
-//   It was a conscious decision to have gen.go always explicitly call EncodeNil or TryDecodeAsNil.
-//   This way, there isn't a function call overhead just to see that we should not enter a block of code.
-//
-// Note:
-//   codecgen-generated code depends on the variables defined by fast-path.generated.go.
-//   consequently, you cannot run with tags "codecgen notfastpath".
-
-// GenVersion is the current version of codecgen.
-//
-// NOTE: Increment this value each time codecgen changes fundamentally.
-// Fundamental changes are:
-//   - helper methods change (signature change, new ones added, some removed, etc)
-//   - codecgen command line changes
-//
-// v1: Initial Version
-// v2:
-// v3: Changes for Kubernetes:
-//     changes in signature of some unpublished helper methods and codecgen cmdline arguments.
-// v4: Removed separator support from (en|de)cDriver, and refactored codec(gen)
-// v5: changes to support faster json decoding. Let encoder/decoder maintain state of collections.
-// v6: removed unsafe from gen, and now uses codecgen.exec tag
-// v7:
-// v8: current - we now maintain compatibility with old generated code.
-const genVersion = 8
-
-const (
-	genCodecPkg        = "codec1978"
-	genTempVarPfx      = "yy"
-	genTopLevelVarName = "x"
-
-	// ignore canBeNil parameter, and always set to true.
-	// This is because nil can appear anywhere, so we should always check.
-	genAnythingCanBeNil = true
-
-	// if genUseOneFunctionForDecStructMap, make a single codecDecodeSelferFromMap function;
-	// else make codecDecodeSelferFromMap{LenPrefix,CheckBreak} so that conditionals
-	// are not executed a lot.
-	//
-	// From testing, it didn't make much difference in runtime, so keep as true (one function only)
-	genUseOneFunctionForDecStructMap = true
-)
-
-type genStructMapStyle uint8
-
-const (
-	genStructMapStyleConsolidated genStructMapStyle = iota
-	genStructMapStyleLenPrefix
-	genStructMapStyleCheckBreak
-)
-
-var (
-	errGenAllTypesSamePkg  = errors.New("All types must be in the same package")
-	errGenExpectArrayOrMap = errors.New("unexpected type. Expecting array/map/slice")
-
-	genBase64enc  = base64.NewEncoding("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789__")
-	genQNameRegex = regexp.MustCompile(`[A-Za-z_.]+`)
-)
-
-type genBuf struct {
-	buf []byte
-}
-
-func (x *genBuf) s(s string) *genBuf              { x.buf = append(x.buf, s...); return x }
-func (x *genBuf) b(s []byte) *genBuf              { x.buf = append(x.buf, s...); return x }
-func (x *genBuf) v() string                       { return string(x.buf) }
-func (x *genBuf) f(s string, args ...interface{}) { x.s(fmt.Sprintf(s, args...)) }
-func (x *genBuf) reset() {
-	if x.buf != nil {
-		x.buf = x.buf[:0]
-	}
-}
-
-// genRunner holds some state used during a Gen run.
-type genRunner struct {
-	w io.Writer      // output
-	c uint64         // counter used for generating varsfx
-	t []reflect.Type // list of types to run selfer on
-
-	tc reflect.Type     // currently running selfer on this type
-	te map[uintptr]bool // types for which the encoder has been created
-	td map[uintptr]bool // types for which the decoder has been created
-	cp string           // codec import path
-
-	im  map[string]reflect.Type // imports to add
-	imn map[string]string       // package names of imports to add
-	imc uint64                  // counter for import numbers
-
-	is map[reflect.Type]struct{} // types seen during import search
-	bp string                    // base PkgPath, for which we are generating for
-
-	cpfx string // codec package prefix
-
-	tm map[reflect.Type]struct{} // types for which enc/dec must be generated
-	ts []reflect.Type            // types for which enc/dec must be generated
-
-	xs string // top level variable/constant suffix
-	hn string // fn helper type name
-
-	ti *TypeInfos
-	// rr *rand.Rand // random generator for file-specific types
-
-	nx bool // no extensions
-}
-
-// Gen will write a complete go file containing Selfer implementations for each
-// type passed. All the types must be in the same package.
-//
-// Library users: DO NOT USE IT DIRECTLY. IT WILL CHANGE CONTINUOUSLY WITHOUT NOTICE.
-func Gen(w io.Writer, buildTags, pkgName, uid string, noExtensions bool,
-	ti *TypeInfos, typ ...reflect.Type) {
-	// All types passed to this method do not have a codec.Selfer method implemented directly.
-	// codecgen already checks the AST and skips any types that define the codec.Selfer methods.
-	// Consequently, there's no need to check and trim them if they implement codec.Selfer
-
-	if len(typ) == 0 {
-		return
-	}
-	x := genRunner{
-		w:   w,
-		t:   typ,
-		te:  make(map[uintptr]bool),
-		td:  make(map[uintptr]bool),
-		im:  make(map[string]reflect.Type),
-		imn: make(map[string]string),
-		is:  make(map[reflect.Type]struct{}),
-		tm:  make(map[reflect.Type]struct{}),
-		ts:  []reflect.Type{},
-		bp:  genImportPath(typ[0]),
-		xs:  uid,
-		ti:  ti,
-		nx:  noExtensions,
-	}
-	if x.ti == nil {
-		x.ti = defTypeInfos
-	}
-	if x.xs == "" {
-		rr := rand.New(rand.NewSource(time.Now().UnixNano()))
-		x.xs = strconv.FormatInt(rr.Int63n(9999), 10)
-	}
-
-	// gather imports first:
-	x.cp = genImportPath(reflect.TypeOf(x))
-	x.imn[x.cp] = genCodecPkg
-	for _, t := range typ {
-		// fmt.Printf("###########: PkgPath: '%v', Name: '%s'\n", genImportPath(t), t.Name())
-		if genImportPath(t) != x.bp {
-			panic(errGenAllTypesSamePkg)
-		}
-		x.genRefPkgs(t)
-	}
-	if buildTags != "" {
-		x.line("// +build " + buildTags)
-		x.line("")
-	}
-	x.line(`
-
-// Code generated by codecgen - DO NOT EDIT.
-
-`)
-	x.line("package " + pkgName)
-	x.line("")
-	x.line("import (")
-	if x.cp != x.bp {
-		x.cpfx = genCodecPkg + "."
-		x.linef("%s \"%s\"", genCodecPkg, x.cp)
-	}
-	// use a sorted set of im keys, so that we can get consistent output
-	imKeys := make([]string, 0, len(x.im))
-	for k := range x.im {
-		imKeys = append(imKeys, k)
-	}
-	sort.Strings(imKeys)
-	for _, k := range imKeys { // for k, _ := range x.im {
-		if k == x.imn[k] {
-			x.linef("\"%s\"", k)
-		} else {
-			x.linef("%s \"%s\"", x.imn[k], k)
-		}
-	}
-	// add required packages
-	for _, k := range [...]string{"runtime", "errors", "strconv"} { // "reflect", "fmt"
-		if _, ok := x.im[k]; !ok {
-			x.line("\"" + k + "\"")
-		}
-	}
-	x.line(")")
-	x.line("")
-
-	x.line("const (")
-	x.linef("// ----- content types ----")
-	x.linef("codecSelferCcUTF8%s = %v", x.xs, int64(cUTF8))
-	x.linef("codecSelferCcRAW%s = %v", x.xs, int64(cRAW))
-	x.linef("// ----- value types used ----")
-	for _, vt := range [...]valueType{
-		valueTypeArray, valueTypeMap, valueTypeString,
-		valueTypeInt, valueTypeUint, valueTypeFloat} {
-		x.linef("codecSelferValueType%s%s = %v", vt.String(), x.xs, int64(vt))
-	}
-
-	x.linef("codecSelferBitsize%s = uint8(32 << (^uint(0) >> 63))", x.xs)
-	x.line(")")
-	x.line("var (")
-	x.line("errCodecSelferOnlyMapOrArrayEncodeToStruct" + x.xs + " = errors.New(`only encoded map or array can be decoded into a struct`)")
-	x.line(")")
-	x.line("")
-
-	x.hn = "codecSelfer" + x.xs
-	x.line("type " + x.hn + " struct{}")
-	x.line("")
-
-	x.varsfxreset()
-	x.line("func init() {")
-	x.linef("if %sGenVersion != %v {", x.cpfx, genVersion)
-	x.line("_, file, _, _ := runtime.Caller(0)")
-	x.outf(`panic("codecgen version mismatch: current: %v, need " + strconv.FormatInt(int64(%sGenVersion), 10) + ". Re-generate file: " + file)`, genVersion, x.cpfx)
-	// x.out(`panic(fmt.Errorf("codecgen version mismatch: current: %v, need %v. Re-generate file: %v", `)
-	// x.linef(`%v, %sGenVersion, file))`, genVersion, x.cpfx)
-	x.linef("}")
-	x.line("if false { // reference the types, but skip this branch at build/run time")
-	// x.line("_ = strconv.ParseInt")
-	var n int
-	// for k, t := range x.im {
-	for _, k := range imKeys {
-		t := x.im[k]
-		x.linef("var v%v %s.%s", n, x.imn[k], t.Name())
-		n++
-	}
-	if n > 0 {
-		x.out("_")
-		for i := 1; i < n; i++ {
-			x.out(", _")
-		}
-		x.out(" = v0")
-		for i := 1; i < n; i++ {
-			x.outf(", v%v", i)
-		}
-	}
-	x.line("} ") // close if false
-	x.line("}")  // close init
-	x.line("")
-
-	// generate rest of type info
-	for _, t := range typ {
-		x.tc = t
-		x.selfer(true)
-		x.selfer(false)
-	}
-
-	for _, t := range x.ts {
-		rtid := rt2id(t)
-		// generate enc functions for all these slice/map types.
-		x.varsfxreset()
-		x.linef("func (x %s) enc%s(v %s%s, e *%sEncoder) {", x.hn, x.genMethodNameT(t), x.arr2str(t, "*"), x.genTypeName(t), x.cpfx)
-		x.genRequiredMethodVars(true)
-		switch t.Kind() {
-		case reflect.Array, reflect.Slice, reflect.Chan:
-			x.encListFallback("v", t)
-		case reflect.Map:
-			x.encMapFallback("v", t)
-		default:
-			panic(errGenExpectArrayOrMap)
-		}
-		x.line("}")
-		x.line("")
-
-		// generate dec functions for all these slice/map types.
-		x.varsfxreset()
-		x.linef("func (x %s) dec%s(v *%s, d *%sDecoder) {", x.hn, x.genMethodNameT(t), x.genTypeName(t), x.cpfx)
-		x.genRequiredMethodVars(false)
-		switch t.Kind() {
-		case reflect.Array, reflect.Slice, reflect.Chan:
-			x.decListFallback("v", rtid, t)
-		case reflect.Map:
-			x.decMapFallback("v", rtid, t)
-		default:
-			panic(errGenExpectArrayOrMap)
-		}
-		x.line("}")
-		x.line("")
-	}
-
-	x.line("")
-}
-
-func (x *genRunner) checkForSelfer(t reflect.Type, varname string) bool {
-	// return varname != genTopLevelVarName && t != x.tc
-	// the only time we checkForSelfer is if we are not at the TOP of the generated code.
-	return varname != genTopLevelVarName
-}
-
-func (x *genRunner) arr2str(t reflect.Type, s string) string {
-	if t.Kind() == reflect.Array {
-		return s
-	}
-	return ""
-}
-
-func (x *genRunner) genRequiredMethodVars(encode bool) {
-	x.line("var h " + x.hn)
-	if encode {
-		x.line("z, r := " + x.cpfx + "GenHelperEncoder(e)")
-	} else {
-		x.line("z, r := " + x.cpfx + "GenHelperDecoder(d)")
-	}
-	x.line("_, _, _ = h, z, r")
-}
-
-func (x *genRunner) genRefPkgs(t reflect.Type) {
-	if _, ok := x.is[t]; ok {
-		return
-	}
-	x.is[t] = struct{}{}
-	tpkg, tname := genImportPath(t), t.Name()
-	if tpkg != "" && tpkg != x.bp && tpkg != x.cp && tname != "" && tname[0] >= 'A' && tname[0] <= 'Z' {
-		if _, ok := x.im[tpkg]; !ok {
-			x.im[tpkg] = t
-			if idx := strings.LastIndex(tpkg, "/"); idx < 0 {
-				x.imn[tpkg] = tpkg
-			} else {
-				x.imc++
-				x.imn[tpkg] = "pkg" + strconv.FormatUint(x.imc, 10) + "_" + genGoIdentifier(tpkg[idx+1:], false)
-			}
-		}
-	}
-	switch t.Kind() {
-	case reflect.Array, reflect.Slice, reflect.Ptr, reflect.Chan:
-		x.genRefPkgs(t.Elem())
-	case reflect.Map:
-		x.genRefPkgs(t.Elem())
-		x.genRefPkgs(t.Key())
-	case reflect.Struct:
-		for i := 0; i < t.NumField(); i++ {
-			if fname := t.Field(i).Name; fname != "" && fname[0] >= 'A' && fname[0] <= 'Z' {
-				x.genRefPkgs(t.Field(i).Type)
-			}
-		}
-	}
-}
-
-func (x *genRunner) varsfx() string {
-	x.c++
-	return strconv.FormatUint(x.c, 10)
-}
-
-func (x *genRunner) varsfxreset() {
-	x.c = 0
-}
-
-func (x *genRunner) out(s string) {
-	_, err := io.WriteString(x.w, s)
-	if err != nil {
-		panic(err)
-	}
-}
-
-func (x *genRunner) outf(s string, params ...interface{}) {
-	_, err := fmt.Fprintf(x.w, s, params...)
-	if err != nil {
-		panic(err)
-	}
-}
-
-func (x *genRunner) line(s string) {
-	x.out(s)
-	if len(s) == 0 || s[len(s)-1] != '\n' {
-		x.out("\n")
-	}
-}
-
-func (x *genRunner) linef(s string, params ...interface{}) {
-	x.outf(s, params...)
-	if len(s) == 0 || s[len(s)-1] != '\n' {
-		x.out("\n")
-	}
-}
-
-func (x *genRunner) genTypeName(t reflect.Type) (n string) {
-	// defer func() { fmt.Printf(">>>> ####: genTypeName: t: %v, name: '%s'\n", t, n) }()
-
-	// if the type has a PkgPath, which doesn't match the current package,
-	// then include it.
-	// We cannot depend on t.String() because it includes current package,
-	// or t.PkgPath because it includes full import path,
-	//
-	var ptrPfx string
-	for t.Kind() == reflect.Ptr {
-		ptrPfx += "*"
-		t = t.Elem()
-	}
-	if tn := t.Name(); tn != "" {
-		return ptrPfx + x.genTypeNamePrim(t)
-	}
-	switch t.Kind() {
-	case reflect.Map:
-		return ptrPfx + "map[" + x.genTypeName(t.Key()) + "]" + x.genTypeName(t.Elem())
-	case reflect.Slice:
-		return ptrPfx + "[]" + x.genTypeName(t.Elem())
-	case reflect.Array:
-		return ptrPfx + "[" + strconv.FormatInt(int64(t.Len()), 10) + "]" + x.genTypeName(t.Elem())
-	case reflect.Chan:
-		return ptrPfx + t.ChanDir().String() + " " + x.genTypeName(t.Elem())
-	default:
-		if t == intfTyp {
-			return ptrPfx + "interface{}"
-		} else {
-			return ptrPfx + x.genTypeNamePrim(t)
-		}
-	}
-}
-
-func (x *genRunner) genTypeNamePrim(t reflect.Type) (n string) {
-	if t.Name() == "" {
-		return t.String()
-	} else if genImportPath(t) == "" || genImportPath(t) == genImportPath(x.tc) {
-		return t.Name()
-	} else {
-		return x.imn[genImportPath(t)] + "." + t.Name()
-		// return t.String() // best way to get the package name inclusive
-	}
-}
-
-func (x *genRunner) genZeroValueR(t reflect.Type) string {
-	// if t is a named type, w
-	switch t.Kind() {
-	case reflect.Ptr, reflect.Interface, reflect.Chan, reflect.Func,
-		reflect.Slice, reflect.Map, reflect.Invalid:
-		return "nil"
-	case reflect.Bool:
-		return "false"
-	case reflect.String:
-		return `""`
-	case reflect.Struct, reflect.Array:
-		return x.genTypeName(t) + "{}"
-	default: // all numbers
-		return "0"
-	}
-}
-
-func (x *genRunner) genMethodNameT(t reflect.Type) (s string) {
-	return genMethodNameT(t, x.tc)
-}
-
-func (x *genRunner) selfer(encode bool) {
-	t := x.tc
-	t0 := t
-	// always make decode use a pointer receiver,
-	// and structs/arrays always use a ptr receiver (encode|decode)
-	isptr := !encode || t.Kind() == reflect.Array || (t.Kind() == reflect.Struct && t != timeTyp)
-	x.varsfxreset()
-
-	fnSigPfx := "func (" + genTopLevelVarName + " "
-	if isptr {
-		fnSigPfx += "*"
-	}
-	fnSigPfx += x.genTypeName(t)
-	x.out(fnSigPfx)
-
-	if isptr {
-		t = reflect.PtrTo(t)
-	}
-	if encode {
-		x.line(") CodecEncodeSelf(e *" + x.cpfx + "Encoder) {")
-		x.genRequiredMethodVars(true)
-		x.encVar(genTopLevelVarName, t)
-	} else {
-		x.line(") CodecDecodeSelf(d *" + x.cpfx + "Decoder) {")
-		x.genRequiredMethodVars(false)
-		// do not use decVar, as there is no need to check TryDecodeAsNil
-		// or way to elegantly handle that, and also setting it to a
-		// non-nil value doesn't affect the pointer passed.
-		// x.decVar(genTopLevelVarName, t, false)
-		x.dec(genTopLevelVarName, t0, true)
-	}
-	x.line("}")
-	x.line("")
-
-	if encode || t0.Kind() != reflect.Struct {
-		return
-	}
-
-	// write is containerMap
-	if genUseOneFunctionForDecStructMap {
-		x.out(fnSigPfx)
-		x.line(") codecDecodeSelfFromMap(l int, d *" + x.cpfx + "Decoder) {")
-		x.genRequiredMethodVars(false)
-		x.decStructMap(genTopLevelVarName, "l", rt2id(t0), t0, genStructMapStyleConsolidated)
-		x.line("}")
-		x.line("")
-	} else {
-		x.out(fnSigPfx)
-		x.line(") codecDecodeSelfFromMapLenPrefix(l int, d *" + x.cpfx + "Decoder) {")
-		x.genRequiredMethodVars(false)
-		x.decStructMap(genTopLevelVarName, "l", rt2id(t0), t0, genStructMapStyleLenPrefix)
-		x.line("}")
-		x.line("")
-
-		x.out(fnSigPfx)
-		x.line(") codecDecodeSelfFromMapCheckBreak(l int, d *" + x.cpfx + "Decoder) {")
-		x.genRequiredMethodVars(false)
-		x.decStructMap(genTopLevelVarName, "l", rt2id(t0), t0, genStructMapStyleCheckBreak)
-		x.line("}")
-		x.line("")
-	}
-
-	// write containerArray
-	x.out(fnSigPfx)
-	x.line(") codecDecodeSelfFromArray(l int, d *" + x.cpfx + "Decoder) {")
-	x.genRequiredMethodVars(false)
-	x.decStructArray(genTopLevelVarName, "l", "return", rt2id(t0), t0)
-	x.line("}")
-	x.line("")
-
-}
-
-// used for chan, array, slice, map
-func (x *genRunner) xtraSM(varname string, t reflect.Type, encode, isptr bool) {
-	var ptrPfx, addrPfx string
-	if isptr {
-		ptrPfx = "*"
-	} else {
-		addrPfx = "&"
-	}
-	if encode {
-		x.linef("h.enc%s((%s%s)(%s), e)", x.genMethodNameT(t), ptrPfx, x.genTypeName(t), varname)
-	} else {
-		x.linef("h.dec%s((*%s)(%s%s), d)", x.genMethodNameT(t), x.genTypeName(t), addrPfx, varname)
-	}
-	x.registerXtraT(t)
-}
-
-func (x *genRunner) registerXtraT(t reflect.Type) {
-	// recursively register the types
-	if _, ok := x.tm[t]; ok {
-		return
-	}
-	var tkey reflect.Type
-	switch t.Kind() {
-	case reflect.Chan, reflect.Slice, reflect.Array:
-	case reflect.Map:
-		tkey = t.Key()
-	default:
-		return
-	}
-	x.tm[t] = struct{}{}
-	x.ts = append(x.ts, t)
-	// check if this refers to any xtra types eg. a slice of array: add the array
-	x.registerXtraT(t.Elem())
-	if tkey != nil {
-		x.registerXtraT(tkey)
-	}
-}
-
-// encVar will encode a variable.
-// The parameter, t, is the reflect.Type of the variable itself
-func (x *genRunner) encVar(varname string, t reflect.Type) {
-	// fmt.Printf(">>>>>> varname: %s, t: %v\n", varname, t)
-	var checkNil bool
-	switch t.Kind() {
-	case reflect.Ptr, reflect.Interface, reflect.Slice, reflect.Map, reflect.Chan:
-		checkNil = true
-	}
-	if checkNil {
-		x.linef("if %s == nil { r.EncodeNil() } else { ", varname)
-	}
-
-	switch t.Kind() {
-	case reflect.Ptr:
-		telem := t.Elem()
-		tek := telem.Kind()
-		if tek == reflect.Array || (tek == reflect.Struct && telem != timeTyp) {
-			x.enc(varname, genNonPtr(t))
-			break
-		}
-		i := x.varsfx()
-		x.line(genTempVarPfx + i + " := *" + varname)
-		x.enc(genTempVarPfx+i, genNonPtr(t))
-	case reflect.Struct, reflect.Array:
-		if t == timeTyp {
-			x.enc(varname, t)
-			break
-		}
-		i := x.varsfx()
-		x.line(genTempVarPfx + i + " := &" + varname)
-		x.enc(genTempVarPfx+i, t)
-	default:
-		x.enc(varname, t)
-	}
-
-	if checkNil {
-		x.line("}")
-	}
-
-}
-
-// enc will encode a variable (varname) of type t, where t represents T.
-// if t is !time.Time and t is of kind reflect.Struct or reflect.Array, varname is of type *T
-// (to prevent copying),
-// else t is of type T
-func (x *genRunner) enc(varname string, t reflect.Type) {
-	rtid := rt2id(t)
-	ti2 := x.ti.get(rtid, t)
-	// We call CodecEncodeSelf if one of the following are honored:
-	//   - the type already implements Selfer, call that
-	//   - the type has a Selfer implementation just created, use that
-	//   - the type is in the list of the ones we will generate for, but it is not currently being generated
-
-	mi := x.varsfx()
-	// tptr := reflect.PtrTo(t)
-	tk := t.Kind()
-	if x.checkForSelfer(t, varname) {
-		if tk == reflect.Array || (tk == reflect.Struct && rtid != timeTypId) { // varname is of type *T
-			// if tptr.Implements(selferTyp) || t.Implements(selferTyp) {
-			if ti2.isFlag(typeInfoFlagIsZeroerPtr) || ti2.isFlag(typeInfoFlagIsZeroer) {
-				x.line(varname + ".CodecEncodeSelf(e)")
-				return
-			}
-		} else { // varname is of type T
-			if ti2.cs { // t.Implements(selferTyp) {
-				x.line(varname + ".CodecEncodeSelf(e)")
-				return
-			} else if ti2.csp { // tptr.Implements(selferTyp) {
-				x.linef("%ssf%s := &%s", genTempVarPfx, mi, varname)
-				x.linef("%ssf%s.CodecEncodeSelf(e)", genTempVarPfx, mi)
-				return
-			}
-		}
-
-		if _, ok := x.te[rtid]; ok {
-			x.line(varname + ".CodecEncodeSelf(e)")
-			return
-		}
-	}
-
-	inlist := false
-	for _, t0 := range x.t {
-		if t == t0 {
-			inlist = true
-			if x.checkForSelfer(t, varname) {
-				x.line(varname + ".CodecEncodeSelf(e)")
-				return
-			}
-			break
-		}
-	}
-
-	var rtidAdded bool
-	if t == x.tc {
-		x.te[rtid] = true
-		rtidAdded = true
-	}
-
-	// check if
-	//   - type is time.Time, RawExt, Raw
-	//   - the type implements (Text|JSON|Binary)(Unm|M)arshal
-
-	x.line("if false {")           //start if block
-	defer func() { x.line("}") }() //end if block
-
-	if t == timeTyp {
-		x.linef("} else { r.EncodeTime(%s)", varname)
-		return
-	}
-	if t == rawTyp {
-		x.linef("} else { z.EncRaw(%s)", varname)
-		return
-	}
-	if t == rawExtTyp {
-		x.linef("} else { r.EncodeRawExt(%s, e)", varname)
-		return
-	}
-	// only check for extensions if the type is named, and has a packagePath.
-	var arrayOrStruct = tk == reflect.Array || tk == reflect.Struct // meaning varname if of type *T
-	if !x.nx && genImportPath(t) != "" && t.Name() != "" {
-		yy := fmt.Sprintf("%sxt%s", genTempVarPfx, mi)
-		x.linef("} else if %s := z.Extension(z.I2Rtid(%s)); %s != nil { z.EncExtension(%s, %s) ", yy, varname, yy, varname, yy)
-	}
-	if arrayOrStruct { // varname is of type *T
-		if ti2.bm || ti2.bmp { // t.Implements(binaryMarshalerTyp) || tptr.Implements(binaryMarshalerTyp) {
-			x.linef("} else if z.EncBinary() { z.EncBinaryMarshal(%v) ", varname)
-		}
-		if ti2.jm || ti2.jmp { // t.Implements(jsonMarshalerTyp) || tptr.Implements(jsonMarshalerTyp) {
-			x.linef("} else if !z.EncBinary() && z.IsJSONHandle() { z.EncJSONMarshal(%v) ", varname)
-		} else if ti2.tm || ti2.tmp { // t.Implements(textMarshalerTyp) || tptr.Implements(textMarshalerTyp) {
-			x.linef("} else if !z.EncBinary() { z.EncTextMarshal(%v) ", varname)
-		}
-	} else { // varname is of type T
-		if ti2.bm { // t.Implements(binaryMarshalerTyp) {
-			x.linef("} else if z.EncBinary() { z.EncBinaryMarshal(%v) ", varname)
-		} else if ti2.bmp { // tptr.Implements(binaryMarshalerTyp) {
-			x.linef("} else if z.EncBinary() { z.EncBinaryMarshal(&%v) ", varname)
-		}
-		if ti2.jm { // t.Implements(jsonMarshalerTyp) {
-			x.linef("} else if !z.EncBinary() && z.IsJSONHandle() { z.EncJSONMarshal(%v) ", varname)
-		} else if ti2.jmp { // tptr.Implements(jsonMarshalerTyp) {
-			x.linef("} else if !z.EncBinary() && z.IsJSONHandle() { z.EncJSONMarshal(&%v) ", varname)
-		} else if ti2.tm { // t.Implements(textMarshalerTyp) {
-			x.linef("} else if !z.EncBinary() { z.EncTextMarshal(%v) ", varname)
-		} else if ti2.tmp { // tptr.Implements(textMarshalerTyp) {
-			x.linef("} else if !z.EncBinary() { z.EncTextMarshal(&%v) ", varname)
-		}
-	}
-	x.line("} else {")
-
-	switch t.Kind() {
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		x.line("r.EncodeInt(int64(" + varname + "))")
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		x.line("r.EncodeUint(uint64(" + varname + "))")
-	case reflect.Float32:
-		x.line("r.EncodeFloat32(float32(" + varname + "))")
-	case reflect.Float64:
-		x.line("r.EncodeFloat64(float64(" + varname + "))")
-	case reflect.Bool:
-		x.line("r.EncodeBool(bool(" + varname + "))")
-	case reflect.String:
-		x.line("r.EncodeString(codecSelferCcUTF8" + x.xs + ", string(" + varname + "))")
-	case reflect.Chan:
-		x.xtraSM(varname, t, true, false)
-		// x.encListFallback(varname, rtid, t)
-	case reflect.Array:
-		x.xtraSM(varname, t, true, true)
-	case reflect.Slice:
-		// if nil, call dedicated function
-		// if a []uint8, call dedicated function
-		// if a known fastpath slice, call dedicated function
-		// else write encode function in-line.
-		// - if elements are primitives or Selfers, call dedicated function on each member.
-		// - else call Encoder.encode(XXX) on it.
-		if rtid == uint8SliceTypId {
-			x.line("r.EncodeStringBytes(codecSelferCcRAW" + x.xs + ", []byte(" + varname + "))")
-		} else if fastpathAV.index(rtid) != -1 {
-			g := x.newGenV(t)
-			x.line("z.F." + g.MethodNamePfx("Enc", false) + "V(" + varname + ", e)")
-		} else {
-			x.xtraSM(varname, t, true, false)
-			// x.encListFallback(varname, rtid, t)
-		}
-	case reflect.Map:
-		// if nil, call dedicated function
-		// if a known fastpath map, call dedicated function
-		// else write encode function in-line.
-		// - if elements are primitives or Selfers, call dedicated function on each member.
-		// - else call Encoder.encode(XXX) on it.
-		// x.line("if " + varname + " == nil { \nr.EncodeNil()\n } else { ")
-		if fastpathAV.index(rtid) != -1 {
-			g := x.newGenV(t)
-			x.line("z.F." + g.MethodNamePfx("Enc", false) + "V(" + varname + ", e)")
-		} else {
-			x.xtraSM(varname, t, true, false)
-			// x.encMapFallback(varname, rtid, t)
-		}
-	case reflect.Struct:
-		if !inlist {
-			delete(x.te, rtid)
-			x.line("z.EncFallback(" + varname + ")")
-			break
-		}
-		x.encStruct(varname, rtid, t)
-	default:
-		if rtidAdded {
-			delete(x.te, rtid)
-		}
-		x.line("z.EncFallback(" + varname + ")")
-	}
-}
-
-func (x *genRunner) encZero(t reflect.Type) {
-	switch t.Kind() {
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		x.line("r.EncodeInt(0)")
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		x.line("r.EncodeUint(0)")
-	case reflect.Float32:
-		x.line("r.EncodeFloat32(0)")
-	case reflect.Float64:
-		x.line("r.EncodeFloat64(0)")
-	case reflect.Bool:
-		x.line("r.EncodeBool(false)")
-	case reflect.String:
-		x.line("r.EncodeString(codecSelferCcUTF8" + x.xs + `, "")`)
-	default:
-		x.line("r.EncodeNil()")
-	}
-}
-
-func (x *genRunner) encOmitEmptyLine(t2 reflect.StructField, varname string, buf *genBuf) {
-	// smartly check omitEmpty on a struct type, as it may contain uncomparable map/slice/etc.
-	// also, for maps/slices/arrays, check if len ! 0 (not if == zero value)
-	varname2 := varname + "." + t2.Name
-	switch t2.Type.Kind() {
-	case reflect.Struct:
-		rtid2 := rt2id(t2.Type)
-		ti2 := x.ti.get(rtid2, t2.Type)
-		// fmt.Printf(">>>> structfield: omitempty: type: %s, field: %s\n", t2.Type.Name(), t2.Name)
-		if ti2.rtid == timeTypId {
-			buf.s("!(").s(varname2).s(".IsZero())")
-			break
-		}
-		if ti2.isFlag(typeInfoFlagIsZeroerPtr) || ti2.isFlag(typeInfoFlagIsZeroer) {
-			buf.s("!(").s(varname2).s(".IsZero())")
-			break
-		}
-		if ti2.isFlag(typeInfoFlagComparable) {
-			buf.s(varname2).s(" != ").s(x.genZeroValueR(t2.Type))
-			break
-		}
-		// buf.s("(")
-		buf.s("false")
-		for i, n := 0, t2.Type.NumField(); i < n; i++ {
-			f := t2.Type.Field(i)
-			if f.PkgPath != "" { // unexported
-				continue
-			}
-			buf.s(" || ")
-			x.encOmitEmptyLine(f, varname2, buf)
-		}
-		//buf.s(")")
-	case reflect.Bool:
-		buf.s(varname2)
-	case reflect.Map, reflect.Slice, reflect.Array, reflect.Chan:
-		buf.s("len(").s(varname2).s(") != 0")
-	default:
-		buf.s(varname2).s(" != ").s(x.genZeroValueR(t2.Type))
-	}
-}
-
-func (x *genRunner) encStruct(varname string, rtid uintptr, t reflect.Type) {
-	// Use knowledge from structfieldinfo (mbs, encodable fields. Ignore omitempty. )
-	// replicate code in kStruct i.e. for each field, deref type to non-pointer, and call x.enc on it
-
-	// if t === type currently running selfer on, do for all
-	ti := x.ti.get(rtid, t)
-	i := x.varsfx()
-	sepVarname := genTempVarPfx + "sep" + i
-	numfieldsvar := genTempVarPfx + "q" + i
-	ti2arrayvar := genTempVarPfx + "r" + i
-	struct2arrvar := genTempVarPfx + "2arr" + i
-
-	x.line(sepVarname + " := !z.EncBinary()")
-	x.linef("%s := z.EncBasicHandle().StructToArray", struct2arrvar)
-	x.linef("_, _ = %s, %s", sepVarname, struct2arrvar)
-	x.linef("const %s bool = %v // struct tag has 'toArray'", ti2arrayvar, ti.toArray)
-
-	tisfi := ti.sfiSrc // always use sequence from file. decStruct expects same thing.
-
-	// var nn int
-	// due to omitEmpty, we need to calculate the
-	// number of non-empty things we write out first.
-	// This is required as we need to pre-determine the size of the container,
-	// to support length-prefixing.
-	if ti.anyOmitEmpty {
-		x.linef("var %s = [%v]bool{ // should field at this index be written?", numfieldsvar, len(tisfi))
-
-		for j, si := range tisfi {
-			_ = j
-			if !si.omitEmpty() {
-				// x.linef("%s[%v] = true // %s", numfieldsvar, j, si.fieldName)
-				x.linef("true, // %s", si.fieldName)
-				// nn++
-				continue
-			}
-			var t2 reflect.StructField
-			var omitline genBuf
-			{
-				t2typ := t
-				varname3 := varname
-				// go through the loop, record the t2 field explicitly,
-				// and gather the omit line if embedded in pointers.
-				for ij, ix := range si.is {
-					if uint8(ij) == si.nis {
-						break
-					}
-					for t2typ.Kind() == reflect.Ptr {
-						t2typ = t2typ.Elem()
-					}
-					t2 = t2typ.Field(int(ix))
-					t2typ = t2.Type
-					varname3 = varname3 + "." + t2.Name
-					// do not include actual field in the omit line.
-					// that is done subsequently (right after - below).
-					if uint8(ij+1) < si.nis && t2typ.Kind() == reflect.Ptr {
-						omitline.s(varname3).s(" != nil && ")
-					}
-				}
-			}
-			x.encOmitEmptyLine(t2, varname, &omitline)
-			x.linef("%s, // %s", omitline.v(), si.fieldName)
-		}
-		x.line("}")
-		x.linef("_ = %s", numfieldsvar)
-	}
-	// x.linef("var %snn%s int", genTempVarPfx, i)
-	x.linef("if %s || %s {", ti2arrayvar, struct2arrvar) // if ti.toArray {
-	x.linef("r.WriteArrayStart(%d)", len(tisfi))
-	x.linef("} else {") // if not ti.toArray
-	if ti.anyOmitEmpty {
-		// nn = 0
-		// x.linef("var %snn%s = %v", genTempVarPfx, i, nn)
-		x.linef("var %snn%s int", genTempVarPfx, i)
-		x.linef("for _, b := range %s { if b { %snn%s++ } }", numfieldsvar, genTempVarPfx, i)
-		x.linef("r.WriteMapStart(%snn%s)", genTempVarPfx, i)
-		x.linef("%snn%s = %v", genTempVarPfx, i, 0)
-	} else {
-		x.linef("r.WriteMapStart(%d)", len(tisfi))
-	}
-	x.line("}") // close if not StructToArray
-
-	for j, si := range tisfi {
-		i := x.varsfx()
-		isNilVarName := genTempVarPfx + "n" + i
-		var labelUsed bool
-		var t2 reflect.StructField
-		{
-			t2typ := t
-			varname3 := varname
-			for ij, ix := range si.is {
-				if uint8(ij) == si.nis {
-					break
-				}
-				for t2typ.Kind() == reflect.Ptr {
-					t2typ = t2typ.Elem()
-				}
-				t2 = t2typ.Field(int(ix))
-				t2typ = t2.Type
-				varname3 = varname3 + "." + t2.Name
-				if t2typ.Kind() == reflect.Ptr {
-					if !labelUsed {
-						x.line("var " + isNilVarName + " bool")
-					}
-					x.line("if " + varname3 + " == nil { " + isNilVarName + " = true ")
-					x.line("goto LABEL" + i)
-					x.line("}")
-					labelUsed = true
-					// "varname3 = new(" + x.genTypeName(t3.Elem()) + ") }")
-				}
-			}
-			// t2 = t.FieldByIndex(si.is)
-		}
-		if labelUsed {
-			x.line("LABEL" + i + ":")
-		}
-		// if the type of the field is a Selfer, or one of the ones
-
-		x.linef("if %s || %s {", ti2arrayvar, struct2arrvar) // if ti.toArray
-		if labelUsed {
-			x.linef("if %s { r.WriteArrayElem(); r.EncodeNil() } else { ", isNilVarName)
-		}
-		x.line("r.WriteArrayElem()")
-		if si.omitEmpty() {
-			x.linef("if %s[%v] {", numfieldsvar, j)
-		}
-		x.encVar(varname+"."+t2.Name, t2.Type)
-		if si.omitEmpty() {
-			x.linef("} else {")
-			x.encZero(t2.Type)
-			x.linef("}")
-		}
-		if labelUsed {
-			x.line("}")
-		}
-
-		x.linef("} else {") // if not ti.toArray
-
-		if si.omitEmpty() {
-			x.linef("if %s[%v] {", numfieldsvar, j)
-		}
-		x.line("r.WriteMapElemKey()")
-
-		// x.line("r.EncodeString(codecSelferCcUTF8" + x.xs + ", `" + si.encName + "`)")
-		// emulate EncStructFieldKey
-		switch ti.keyType {
-		case valueTypeInt:
-			x.linef("r.EncodeInt(z.M.Int(strconv.ParseInt(`%s`, 10, 64)))", si.encName)
-		case valueTypeUint:
-			x.linef("r.EncodeUint(z.M.Uint(strconv.ParseUint(`%s`, 10, 64)))", si.encName)
-		case valueTypeFloat:
-			x.linef("r.EncodeFloat64(z.M.Float(strconv.ParseFloat(`%s`, 64)))", si.encName)
-		default: // string
-			x.linef("r.EncodeString(codecSelferCcUTF8%s, `%s`)", x.xs, si.encName)
-		}
-		// x.linef("r.EncStructFieldKey(codecSelferValueType%s%s, `%s`)", ti.keyType.String(), x.xs, si.encName)
-		x.line("r.WriteMapElemValue()")
-		if labelUsed {
-			x.line("if " + isNilVarName + " { r.EncodeNil() } else { ")
-			x.encVar(varname+"."+t2.Name, t2.Type)
-			x.line("}")
-		} else {
-			x.encVar(varname+"."+t2.Name, t2.Type)
-		}
-		if si.omitEmpty() {
-			x.line("}")
-		}
-		x.linef("} ") // end if/else ti.toArray
-	}
-	x.linef("if %s || %s {", ti2arrayvar, struct2arrvar) // if ti.toArray {
-	x.line("r.WriteArrayEnd()")
-	x.line("} else {")
-	x.line("r.WriteMapEnd()")
-	x.line("}")
-
-}
-
-func (x *genRunner) encListFallback(varname string, t reflect.Type) {
-	elemBytes := t.Elem().Kind() == reflect.Uint8
-	if t.AssignableTo(uint8SliceTyp) {
-		x.linef("r.EncodeStringBytes(codecSelferCcRAW%s, []byte(%s))", x.xs, varname)
-		return
-	}
-	if t.Kind() == reflect.Array && elemBytes {
-		x.linef("r.EncodeStringBytes(codecSelferCcRAW%s, ((*[%d]byte)(%s))[:])", x.xs, t.Len(), varname)
-		return
-	}
-	i := x.varsfx()
-	if t.Kind() == reflect.Chan {
-		type ts struct {
-			Label, Chan, Slice, Sfx string
-		}
-		tm, err := template.New("").Parse(genEncChanTmpl)
-		if err != nil {
-			panic(err)
-		}
-		x.linef("if %s == nil { r.EncodeNil() } else { ", varname)
-		x.linef("var sch%s []%s", i, x.genTypeName(t.Elem()))
-		err = tm.Execute(x.w, &ts{"Lsch" + i, varname, "sch" + i, i})
-		if err != nil {
-			panic(err)
-		}
-		// x.linef("%s = sch%s", varname, i)
-		if elemBytes {
-			x.linef("r.EncodeStringBytes(codecSelferCcRAW%s, []byte(%s))", x.xs, "sch"+i)
-			x.line("}")
-			return
-		}
-		varname = "sch" + i
-	}
-
-	x.line("r.WriteArrayStart(len(" + varname + "))")
-	x.linef("for _, %sv%s := range %s {", genTempVarPfx, i, varname)
-	x.line("r.WriteArrayElem()")
-
-	x.encVar(genTempVarPfx+"v"+i, t.Elem())
-	x.line("}")
-	x.line("r.WriteArrayEnd()")
-	if t.Kind() == reflect.Chan {
-		x.line("}")
-	}
-}
-
-func (x *genRunner) encMapFallback(varname string, t reflect.Type) {
-	// TODO: expand this to handle canonical.
-	i := x.varsfx()
-	x.line("r.WriteMapStart(len(" + varname + "))")
-	x.linef("for %sk%s, %sv%s := range %s {", genTempVarPfx, i, genTempVarPfx, i, varname)
-	x.line("r.WriteMapElemKey()")
-	x.encVar(genTempVarPfx+"k"+i, t.Key())
-	x.line("r.WriteMapElemValue()")
-	x.encVar(genTempVarPfx+"v"+i, t.Elem())
-	x.line("}")
-	x.line("r.WriteMapEnd()")
-}
-
-func (x *genRunner) decVarInitPtr(varname, nilvar string, t reflect.Type, si *structFieldInfo,
-	newbuf, nilbuf *genBuf) (t2 reflect.StructField) {
-	//we must accommodate anonymous fields, where the embedded field is a nil pointer in the value.
-	// t2 = t.FieldByIndex(si.is)
-	t2typ := t
-	varname3 := varname
-	t2kind := t2typ.Kind()
-	var nilbufed bool
-	if si != nil {
-		for ij, ix := range si.is {
-			if uint8(ij) == si.nis {
-				break
-			}
-			for t2typ.Kind() == reflect.Ptr {
-				t2typ = t2typ.Elem()
-			}
-			t2 = t2typ.Field(int(ix))
-			t2typ = t2.Type
-			varname3 = varname3 + "." + t2.Name
-			t2kind = t2typ.Kind()
-			if t2kind != reflect.Ptr {
-				continue
-			}
-			if newbuf != nil {
-				newbuf.f("if %s == nil { %s = new(%s) }\n", varname3, varname3, x.genTypeName(t2typ.Elem()))
-			}
-			if nilbuf != nil {
-				if !nilbufed {
-					nilbuf.s("if true")
-					nilbufed = true
-				}
-				nilbuf.s(" && ").s(varname3).s(" != nil")
-			}
-		}
-	}
-	// if t2typ.Kind() == reflect.Ptr {
-	// 	varname3 = varname3 + t2.Name
-	// }
-	if nilbuf != nil {
-		if nilbufed {
-			nilbuf.s(" { ")
-		}
-		if nilvar != "" {
-			nilbuf.s(nilvar).s(" = true")
-		} else if tk := t2typ.Kind(); tk == reflect.Ptr {
-			if strings.IndexByte(varname3, '.') != -1 || strings.IndexByte(varname3, '[') != -1 {
-				nilbuf.s(varname3).s(" = nil")
-			} else {
-				nilbuf.s("*").s(varname3).s(" = ").s(x.genZeroValueR(t2typ.Elem()))
-			}
-		} else {
-			nilbuf.s(varname3).s(" = ").s(x.genZeroValueR(t2typ))
-		}
-		if nilbufed {
-			nilbuf.s("}")
-		}
-	}
-	return t2
-}
-
-// decVar takes a variable called varname, of type t
-func (x *genRunner) decVarMain(varname, rand string, t reflect.Type, checkNotNil bool) {
-	// We only encode as nil if a nillable value.
-	// This removes some of the wasted checks for TryDecodeAsNil.
-	// We need to think about this more, to see what happens if omitempty, etc
-	// cause a nil value to be stored when something is expected.
-	// This could happen when decoding from a struct encoded as an array.
-	// For that, decVar should be called with canNil=true, to force true as its value.
-	var varname2 string
-	if t.Kind() != reflect.Ptr {
-		if t.PkgPath() != "" || !x.decTryAssignPrimitive(varname, t, false) {
-			x.dec(varname, t, false)
-		}
-	} else {
-		if checkNotNil {
-			x.linef("if %s == nil { %s = new(%s) }", varname, varname, x.genTypeName(t.Elem()))
-		}
-		// Ensure we set underlying ptr to a non-nil value (so we can deref to it later).
-		// There's a chance of a **T in here which is nil.
-		var ptrPfx string
-		for t = t.Elem(); t.Kind() == reflect.Ptr; t = t.Elem() {
-			ptrPfx += "*"
-			if checkNotNil {
-				x.linef("if %s%s == nil { %s%s = new(%s)}",
-					ptrPfx, varname, ptrPfx, varname, x.genTypeName(t))
-			}
-		}
-		// Should we create temp var if a slice/map indexing? No. dec(...) can now handle it.
-
-		if ptrPfx == "" {
-			x.dec(varname, t, true)
-		} else {
-			varname2 = genTempVarPfx + "z" + rand
-			x.line(varname2 + " := " + ptrPfx + varname)
-			x.dec(varname2, t, true)
-		}
-	}
-}
-
-// decVar takes a variable called varname, of type t
-func (x *genRunner) decVar(varname, nilvar string, t reflect.Type, canBeNil, checkNotNil bool) {
-	i := x.varsfx()
-
-	// We only encode as nil if a nillable value.
-	// This removes some of the wasted checks for TryDecodeAsNil.
-	// We need to think about this more, to see what happens if omitempty, etc
-	// cause a nil value to be stored when something is expected.
-	// This could happen when decoding from a struct encoded as an array.
-	// For that, decVar should be called with canNil=true, to force true as its value.
-
-	if !canBeNil {
-		canBeNil = genAnythingCanBeNil || !genIsImmutable(t)
-	}
-
-	if canBeNil {
-		var buf genBuf
-		x.decVarInitPtr(varname, nilvar, t, nil, nil, &buf)
-		x.linef("if r.TryDecodeAsNil() { %s } else {", buf.buf)
-	} else {
-		x.line("// cannot be nil")
-	}
-
-	x.decVarMain(varname, i, t, checkNotNil)
-
-	if canBeNil {
-		x.line("} ")
-	}
-}
-
-// dec will decode a variable (varname) of type t or ptrTo(t) if isptr==true.
-// t is always a basetype (i.e. not of kind reflect.Ptr).
-func (x *genRunner) dec(varname string, t reflect.Type, isptr bool) {
-	// assumptions:
-	//   - the varname is to a pointer already. No need to take address of it
-	//   - t is always a baseType T (not a *T, etc).
-	rtid := rt2id(t)
-	ti2 := x.ti.get(rtid, t)
-	// tptr := reflect.PtrTo(t)
-	if x.checkForSelfer(t, varname) {
-		if ti2.cs || ti2.csp { // t.Implements(selferTyp) || tptr.Implements(selferTyp) {
-			x.line(varname + ".CodecDecodeSelf(d)")
-			return
-		}
-		if _, ok := x.td[rtid]; ok {
-			x.line(varname + ".CodecDecodeSelf(d)")
-			return
-		}
-	}
-
-	inlist := false
-	for _, t0 := range x.t {
-		if t == t0 {
-			inlist = true
-			if x.checkForSelfer(t, varname) {
-				x.line(varname + ".CodecDecodeSelf(d)")
-				return
-			}
-			break
-		}
-	}
-
-	var rtidAdded bool
-	if t == x.tc {
-		x.td[rtid] = true
-		rtidAdded = true
-	}
-
-	// check if
-	//   - type is time.Time, Raw, RawExt
-	//   - the type implements (Text|JSON|Binary)(Unm|M)arshal
-
-	mi := x.varsfx()
-	// x.linef("%sm%s := z.DecBinary()", genTempVarPfx, mi)
-	// x.linef("_ = %sm%s", genTempVarPfx, mi)
-	x.line("if false {")           //start if block
-	defer func() { x.line("}") }() //end if block
-
-	var ptrPfx, addrPfx string
-	if isptr {
-		ptrPfx = "*"
-	} else {
-		addrPfx = "&"
-	}
-	if t == timeTyp {
-		x.linef("} else { %s%v = r.DecodeTime()", ptrPfx, varname)
-		return
-	}
-	if t == rawTyp {
-		x.linef("} else { %s%v = z.DecRaw()", ptrPfx, varname)
-		return
-	}
-
-	if t == rawExtTyp {
-		x.linef("} else { r.DecodeExt(%s%v, 0, nil)", addrPfx, varname)
-		return
-	}
-
-	// only check for extensions if the type is named, and has a packagePath.
-	if !x.nx && genImportPath(t) != "" && t.Name() != "" {
-		// first check if extensions are configued, before doing the interface conversion
-		// x.linef("} else if z.HasExtensions() && z.DecExt(%s) {", varname)
-		yy := fmt.Sprintf("%sxt%s", genTempVarPfx, mi)
-		x.linef("} else if %s := z.Extension(z.I2Rtid(%s)); %s != nil { z.DecExtension(%s, %s) ", yy, varname, yy, varname, yy)
-	}
-
-	if ti2.bu || ti2.bup { // t.Implements(binaryUnmarshalerTyp) || tptr.Implements(binaryUnmarshalerTyp) {
-		x.linef("} else if z.DecBinary() { z.DecBinaryUnmarshal(%s%v) ", addrPfx, varname)
-	}
-	if ti2.ju || ti2.jup { // t.Implements(jsonUnmarshalerTyp) || tptr.Implements(jsonUnmarshalerTyp) {
-		x.linef("} else if !z.DecBinary() && z.IsJSONHandle() { z.DecJSONUnmarshal(%s%v)", addrPfx, varname)
-	} else if ti2.tu || ti2.tup { // t.Implements(textUnmarshalerTyp) || tptr.Implements(textUnmarshalerTyp) {
-		x.linef("} else if !z.DecBinary() { z.DecTextUnmarshal(%s%v)", addrPfx, varname)
-	}
-
-	x.line("} else {")
-
-	if x.decTryAssignPrimitive(varname, t, isptr) {
-		return
-	}
-
-	switch t.Kind() {
-	case reflect.Array, reflect.Chan:
-		x.xtraSM(varname, t, false, isptr)
-	case reflect.Slice:
-		// if a []uint8, call dedicated function
-		// if a known fastpath slice, call dedicated function
-		// else write encode function in-line.
-		// - if elements are primitives or Selfers, call dedicated function on each member.
-		// - else call Encoder.encode(XXX) on it.
-		if rtid == uint8SliceTypId {
-			x.linef("%s%s = r.DecodeBytes(%s(%s[]byte)(%s), false)",
-				ptrPfx, varname, ptrPfx, ptrPfx, varname)
-		} else if fastpathAV.index(rtid) != -1 {
-			g := x.newGenV(t)
-			x.linef("z.F.%sX(%s%s, d)", g.MethodNamePfx("Dec", false), addrPfx, varname)
-		} else {
-			x.xtraSM(varname, t, false, isptr)
-			// x.decListFallback(varname, rtid, false, t)
-		}
-	case reflect.Map:
-		// if a known fastpath map, call dedicated function
-		// else write encode function in-line.
-		// - if elements are primitives or Selfers, call dedicated function on each member.
-		// - else call Encoder.encode(XXX) on it.
-		if fastpathAV.index(rtid) != -1 {
-			g := x.newGenV(t)
-			x.linef("z.F.%sX(%s%s, d)", g.MethodNamePfx("Dec", false), addrPfx, varname)
-		} else {
-			x.xtraSM(varname, t, false, isptr)
-			// x.decMapFallback(varname, rtid, t)
-		}
-	case reflect.Struct:
-		if inlist {
-			// no need to create temp variable if isptr, or x.F or x[F]
-			if isptr || strings.IndexByte(varname, '.') != -1 || strings.IndexByte(varname, '[') != -1 {
-				x.decStruct(varname, rtid, t)
-			} else {
-				varname2 := genTempVarPfx + "j" + mi
-				x.line(varname2 + " := &" + varname)
-				x.decStruct(varname2, rtid, t)
-			}
-		} else {
-			// delete(x.td, rtid)
-			x.line("z.DecFallback(" + addrPfx + varname + ", false)")
-		}
-	default:
-		if rtidAdded {
-			delete(x.te, rtid)
-		}
-		x.line("z.DecFallback(" + addrPfx + varname + ", true)")
-	}
-}
-
-func (x *genRunner) decTryAssignPrimitive(varname string, t reflect.Type, isptr bool) (done bool) {
-	// This should only be used for exact primitives (ie un-named types).
-	// Named types may be implementations of Selfer, Unmarshaler, etc.
-	// They should be handled by dec(...)
-
-	var ptr string
-	if isptr {
-		ptr = "*"
-	}
-	switch t.Kind() {
-	case reflect.Int:
-		x.linef("%s%s = (%s)(z.C.IntV(r.DecodeInt64(), codecSelferBitsize%s))", ptr, varname, x.genTypeName(t), x.xs)
-	case reflect.Int8:
-		x.linef("%s%s = (%s)(z.C.IntV(r.DecodeInt64(), 8))", ptr, varname, x.genTypeName(t))
-	case reflect.Int16:
-		x.linef("%s%s = (%s)(z.C.IntV(r.DecodeInt64(), 16))", ptr, varname, x.genTypeName(t))
-	case reflect.Int32:
-		x.linef("%s%s = (%s)(z.C.IntV(r.DecodeInt64(), 32))", ptr, varname, x.genTypeName(t))
-	case reflect.Int64:
-		x.linef("%s%s = (%s)(r.DecodeInt64())", ptr, varname, x.genTypeName(t))
-
-	case reflect.Uint:
-		x.linef("%s%s = (%s)(z.C.UintV(r.DecodeUint64(), codecSelferBitsize%s))", ptr, varname, x.genTypeName(t), x.xs)
-	case reflect.Uint8:
-		x.linef("%s%s = (%s)(z.C.UintV(r.DecodeUint64(), 8))", ptr, varname, x.genTypeName(t))
-	case reflect.Uint16:
-		x.linef("%s%s = (%s)(z.C.UintV(r.DecodeUint64(), 16))", ptr, varname, x.genTypeName(t))
-	case reflect.Uint32:
-		x.linef("%s%s = (%s)(z.C.UintV(r.DecodeUint64(), 32))", ptr, varname, x.genTypeName(t))
-	case reflect.Uint64:
-		x.linef("%s%s = (%s)(r.DecodeUint64())", ptr, varname, x.genTypeName(t))
-	case reflect.Uintptr:
-		x.linef("%s%s = (%s)(z.C.UintV(r.DecodeUint64(), codecSelferBitsize%s))", ptr, varname, x.genTypeName(t), x.xs)
-
-	case reflect.Float32:
-		x.linef("%s%s = (%s)(r.DecodeFloat32As64())", ptr, varname, x.genTypeName(t))
-	case reflect.Float64:
-		x.linef("%s%s = (%s)(r.DecodeFloat64())", ptr, varname, x.genTypeName(t))
-
-	case reflect.Bool:
-		x.linef("%s%s = (%s)(r.DecodeBool())", ptr, varname, x.genTypeName(t))
-	case reflect.String:
-		x.linef("%s%s = (%s)(r.DecodeString())", ptr, varname, x.genTypeName(t))
-	default:
-		return false
-	}
-	return true
-}
-
-func (x *genRunner) decListFallback(varname string, rtid uintptr, t reflect.Type) {
-	if t.AssignableTo(uint8SliceTyp) {
-		x.line("*" + varname + " = r.DecodeBytes(*((*[]byte)(" + varname + ")), false)")
-		return
-	}
-	if t.Kind() == reflect.Array && t.Elem().Kind() == reflect.Uint8 {
-		x.linef("r.DecodeBytes( ((*[%d]byte)(%s))[:], true)", t.Len(), varname)
-		return
-	}
-	type tstruc struct {
-		TempVar   string
-		Rand      string
-		Varname   string
-		CTyp      string
-		Typ       string
-		Immutable bool
-		Size      int
-	}
-	telem := t.Elem()
-	ts := tstruc{genTempVarPfx, x.varsfx(), varname, x.genTypeName(t), x.genTypeName(telem), genIsImmutable(telem), int(telem.Size())}
-
-	funcs := make(template.FuncMap)
-
-	funcs["decLineVar"] = func(varname string) string {
-		x.decVar(varname, "", telem, false, true)
-		return ""
-	}
-	funcs["var"] = func(s string) string {
-		return ts.TempVar + s + ts.Rand
-	}
-	funcs["zero"] = func() string {
-		return x.genZeroValueR(telem)
-	}
-	funcs["isArray"] = func() bool {
-		return t.Kind() == reflect.Array
-	}
-	funcs["isSlice"] = func() bool {
-		return t.Kind() == reflect.Slice
-	}
-	funcs["isChan"] = func() bool {
-		return t.Kind() == reflect.Chan
-	}
-	tm, err := template.New("").Funcs(funcs).Parse(genDecListTmpl)
-	if err != nil {
-		panic(err)
-	}
-	if err = tm.Execute(x.w, &ts); err != nil {
-		panic(err)
-	}
-}
-
-func (x *genRunner) decMapFallback(varname string, rtid uintptr, t reflect.Type) {
-	type tstruc struct {
-		TempVar string
-		Sfx     string
-		Rand    string
-		Varname string
-		KTyp    string
-		Typ     string
-		Size    int
-	}
-	telem := t.Elem()
-	tkey := t.Key()
-	ts := tstruc{
-		genTempVarPfx, x.xs, x.varsfx(), varname, x.genTypeName(tkey),
-		x.genTypeName(telem), int(telem.Size() + tkey.Size()),
-	}
-
-	funcs := make(template.FuncMap)
-	funcs["decElemZero"] = func() string {
-		return x.genZeroValueR(telem)
-	}
-	funcs["decElemKindImmutable"] = func() bool {
-		return genIsImmutable(telem)
-	}
-	funcs["decElemKindPtr"] = func() bool {
-		return telem.Kind() == reflect.Ptr
-	}
-	funcs["decElemKindIntf"] = func() bool {
-		return telem.Kind() == reflect.Interface
-	}
-	funcs["decLineVarK"] = func(varname string) string {
-		x.decVar(varname, "", tkey, false, true)
-		return ""
-	}
-	funcs["decLineVar"] = func(varname, decodedNilVarname string) string {
-		x.decVar(varname, decodedNilVarname, telem, false, true)
-		return ""
-	}
-	funcs["var"] = func(s string) string {
-		return ts.TempVar + s + ts.Rand
-	}
-
-	tm, err := template.New("").Funcs(funcs).Parse(genDecMapTmpl)
-	if err != nil {
-		panic(err)
-	}
-	if err = tm.Execute(x.w, &ts); err != nil {
-		panic(err)
-	}
-}
-
-func (x *genRunner) decStructMapSwitch(kName string, varname string, rtid uintptr, t reflect.Type) {
-	ti := x.ti.get(rtid, t)
-	tisfi := ti.sfiSrc // always use sequence from file. decStruct expects same thing.
-	x.line("switch (" + kName + ") {")
-	var newbuf, nilbuf genBuf
-	for _, si := range tisfi {
-		x.line("case \"" + si.encName + "\":")
-		newbuf.reset()
-		nilbuf.reset()
-		t2 := x.decVarInitPtr(varname, "", t, si, &newbuf, &nilbuf)
-		x.linef("if r.TryDecodeAsNil() { %s } else { %s", nilbuf.buf, newbuf.buf)
-		x.decVarMain(varname+"."+t2.Name, x.varsfx(), t2.Type, false)
-		x.line("}")
-	}
-	x.line("default:")
-	// pass the slice here, so that the string will not escape, and maybe save allocation
-	x.line("z.DecStructFieldNotFound(-1, " + kName + ")")
-	x.line("} // end switch " + kName)
-}
-
-func (x *genRunner) decStructMap(varname, lenvarname string, rtid uintptr, t reflect.Type, style genStructMapStyle) {
-	tpfx := genTempVarPfx
-	ti := x.ti.get(rtid, t)
-	i := x.varsfx()
-	kName := tpfx + "s" + i
-
-	switch style {
-	case genStructMapStyleLenPrefix:
-		x.linef("for %sj%s := 0; %sj%s < %s; %sj%s++ {", tpfx, i, tpfx, i, lenvarname, tpfx, i)
-	case genStructMapStyleCheckBreak:
-		x.linef("for %sj%s := 0; !r.CheckBreak(); %sj%s++ {", tpfx, i, tpfx, i)
-	default: // 0, otherwise.
-		x.linef("var %shl%s bool = %s >= 0", tpfx, i, lenvarname) // has length
-		x.linef("for %sj%s := 0; ; %sj%s++ {", tpfx, i, tpfx, i)
-		x.linef("if %shl%s { if %sj%s >= %s { break }", tpfx, i, tpfx, i, lenvarname)
-		x.line("} else { if r.CheckBreak() { break }; }")
-	}
-	x.line("r.ReadMapElemKey()")
-
-	// emulate decstructfieldkey
-	switch ti.keyType {
-	case valueTypeInt:
-		x.linef("%s := z.StringView(strconv.AppendInt(z.DecScratchArrayBuffer()[:0], r.DecodeInt64(), 10))", kName)
-	case valueTypeUint:
-		x.linef("%s := z.StringView(strconv.AppendUint(z.DecScratchArrayBuffer()[:0], r.DecodeUint64(), 10))", kName)
-	case valueTypeFloat:
-		x.linef("%s := z.StringView(strconv.AppendFloat(z.DecScratchArrayBuffer()[:0], r.DecodeFloat64(), 'f', -1, 64))", kName)
-	default: // string
-		x.linef("%s := z.StringView(r.DecodeStringAsBytes())", kName)
-	}
-	// x.linef("%s := z.StringView(r.DecStructFieldKey(codecSelferValueType%s%s, z.DecScratchArrayBuffer()))", kName, ti.keyType.String(), x.xs)
-
-	x.line("r.ReadMapElemValue()")
-	x.decStructMapSwitch(kName, varname, rtid, t)
-
-	x.line("} // end for " + tpfx + "j" + i)
-	x.line("r.ReadMapEnd()")
-}
-
-func (x *genRunner) decStructArray(varname, lenvarname, breakString string, rtid uintptr, t reflect.Type) {
-	tpfx := genTempVarPfx
-	i := x.varsfx()
-	ti := x.ti.get(rtid, t)
-	tisfi := ti.sfiSrc // always use sequence from file. decStruct expects same thing.
-	x.linef("var %sj%s int", tpfx, i)
-	x.linef("var %sb%s bool", tpfx, i)                        // break
-	x.linef("var %shl%s bool = %s >= 0", tpfx, i, lenvarname) // has length
-	var newbuf, nilbuf genBuf
-	for _, si := range tisfi {
-		x.linef("%sj%s++; if %shl%s { %sb%s = %sj%s > %s } else { %sb%s = r.CheckBreak() }",
-			tpfx, i, tpfx, i, tpfx, i,
-			tpfx, i, lenvarname, tpfx, i)
-		x.linef("if %sb%s { r.ReadArrayEnd(); %s }", tpfx, i, breakString)
-		x.line("r.ReadArrayElem()")
-		newbuf.reset()
-		nilbuf.reset()
-		t2 := x.decVarInitPtr(varname, "", t, si, &newbuf, &nilbuf)
-		x.linef("if r.TryDecodeAsNil() { %s } else { %s", nilbuf.buf, newbuf.buf)
-		x.decVarMain(varname+"."+t2.Name, x.varsfx(), t2.Type, false)
-		x.line("}")
-	}
-	// read remaining values and throw away.
-	x.line("for {")
-	x.linef("%sj%s++; if %shl%s { %sb%s = %sj%s > %s } else { %sb%s = r.CheckBreak() }",
-		tpfx, i, tpfx, i, tpfx, i,
-		tpfx, i, lenvarname, tpfx, i)
-	x.linef("if %sb%s { break }", tpfx, i)
-	x.line("r.ReadArrayElem()")
-	x.linef(`z.DecStructFieldNotFound(%sj%s - 1, "")`, tpfx, i)
-	x.line("}")
-	x.line("r.ReadArrayEnd()")
-}
-
-func (x *genRunner) decStruct(varname string, rtid uintptr, t reflect.Type) {
-	// varname MUST be a ptr, or a struct field or a slice element.
-	i := x.varsfx()
-	x.linef("%sct%s := r.ContainerType()", genTempVarPfx, i)
-	x.linef("if %sct%s == codecSelferValueTypeMap%s {", genTempVarPfx, i, x.xs)
-	x.line(genTempVarPfx + "l" + i + " := r.ReadMapStart()")
-	x.linef("if %sl%s == 0 {", genTempVarPfx, i)
-	x.line("r.ReadMapEnd()")
-	if genUseOneFunctionForDecStructMap {
-		x.line("} else { ")
-		x.linef("%s.codecDecodeSelfFromMap(%sl%s, d)", varname, genTempVarPfx, i)
-	} else {
-		x.line("} else if " + genTempVarPfx + "l" + i + " > 0 { ")
-		x.line(varname + ".codecDecodeSelfFromMapLenPrefix(" + genTempVarPfx + "l" + i + ", d)")
-		x.line("} else {")
-		x.line(varname + ".codecDecodeSelfFromMapCheckBreak(" + genTempVarPfx + "l" + i + ", d)")
-	}
-	x.line("}")
-
-	// else if container is array
-	x.linef("} else if %sct%s == codecSelferValueTypeArray%s {", genTempVarPfx, i, x.xs)
-	x.line(genTempVarPfx + "l" + i + " := r.ReadArrayStart()")
-	x.linef("if %sl%s == 0 {", genTempVarPfx, i)
-	x.line("r.ReadArrayEnd()")
-	x.line("} else { ")
-	x.linef("%s.codecDecodeSelfFromArray(%sl%s, d)", varname, genTempVarPfx, i)
-	x.line("}")
-	// else panic
-	x.line("} else { ")
-	x.line("panic(errCodecSelferOnlyMapOrArrayEncodeToStruct" + x.xs + ")")
-	x.line("} ")
-}
-
-// --------
-
-type genV struct {
-	// genV is either a primitive (Primitive != "") or a map (MapKey != "") or a slice
-	MapKey    string
-	Elem      string
-	Primitive string
-	Size      int
-}
-
-func (x *genRunner) newGenV(t reflect.Type) (v genV) {
-	switch t.Kind() {
-	case reflect.Slice, reflect.Array:
-		te := t.Elem()
-		v.Elem = x.genTypeName(te)
-		v.Size = int(te.Size())
-	case reflect.Map:
-		te, tk := t.Elem(), t.Key()
-		v.Elem = x.genTypeName(te)
-		v.MapKey = x.genTypeName(tk)
-		v.Size = int(te.Size() + tk.Size())
-	default:
-		panic("unexpected type for newGenV. Requires map or slice type")
-	}
-	return
-}
-
-func (x *genV) MethodNamePfx(prefix string, prim bool) string {
-	var name []byte
-	if prefix != "" {
-		name = append(name, prefix...)
-	}
-	if prim {
-		name = append(name, genTitleCaseName(x.Primitive)...)
-	} else {
-		if x.MapKey == "" {
-			name = append(name, "Slice"...)
-		} else {
-			name = append(name, "Map"...)
-			name = append(name, genTitleCaseName(x.MapKey)...)
-		}
-		name = append(name, genTitleCaseName(x.Elem)...)
-	}
-	return string(name)
-
-}
-
-// genImportPath returns import path of a non-predeclared named typed, or an empty string otherwise.
-//
-// This handles the misbehaviour that occurs when 1.5-style vendoring is enabled,
-// where PkgPath returns the full path, including the vendoring pre-fix that should have been stripped.
-// We strip it here.
-func genImportPath(t reflect.Type) (s string) {
-	s = t.PkgPath()
-	if genCheckVendor {
-		// HACK: always handle vendoring. It should be typically on in go 1.6, 1.7
-		s = genStripVendor(s)
-	}
-	return
-}
-
-// A go identifier is (letter|_)[letter|number|_]*
-func genGoIdentifier(s string, checkFirstChar bool) string {
-	b := make([]byte, 0, len(s))
-	t := make([]byte, 4)
-	var n int
-	for i, r := range s {
-		if checkFirstChar && i == 0 && !unicode.IsLetter(r) {
-			b = append(b, '_')
-		}
-		// r must be unicode_letter, unicode_digit or _
-		if unicode.IsLetter(r) || unicode.IsDigit(r) {
-			n = utf8.EncodeRune(t, r)
-			b = append(b, t[:n]...)
-		} else {
-			b = append(b, '_')
-		}
-	}
-	return string(b)
-}
-
-func genNonPtr(t reflect.Type) reflect.Type {
-	for t.Kind() == reflect.Ptr {
-		t = t.Elem()
-	}
-	return t
-}
-
-func genTitleCaseName(s string) string {
-	switch s {
-	case "interface{}", "interface {}":
-		return "Intf"
-	default:
-		return strings.ToUpper(s[0:1]) + s[1:]
-	}
-}
-
-func genMethodNameT(t reflect.Type, tRef reflect.Type) (n string) {
-	var ptrPfx string
-	for t.Kind() == reflect.Ptr {
-		ptrPfx += "Ptrto"
-		t = t.Elem()
-	}
-	tstr := t.String()
-	if tn := t.Name(); tn != "" {
-		if tRef != nil && genImportPath(t) == genImportPath(tRef) {
-			return ptrPfx + tn
-		} else {
-			if genQNameRegex.MatchString(tstr) {
-				return ptrPfx + strings.Replace(tstr, ".", "_", 1000)
-			} else {
-				return ptrPfx + genCustomTypeName(tstr)
-			}
-		}
-	}
-	switch t.Kind() {
-	case reflect.Map:
-		return ptrPfx + "Map" + genMethodNameT(t.Key(), tRef) + genMethodNameT(t.Elem(), tRef)
-	case reflect.Slice:
-		return ptrPfx + "Slice" + genMethodNameT(t.Elem(), tRef)
-	case reflect.Array:
-		return ptrPfx + "Array" + strconv.FormatInt(int64(t.Len()), 10) + genMethodNameT(t.Elem(), tRef)
-	case reflect.Chan:
-		var cx string
-		switch t.ChanDir() {
-		case reflect.SendDir:
-			cx = "ChanSend"
-		case reflect.RecvDir:
-			cx = "ChanRecv"
-		default:
-			cx = "Chan"
-		}
-		return ptrPfx + cx + genMethodNameT(t.Elem(), tRef)
-	default:
-		if t == intfTyp {
-			return ptrPfx + "Interface"
-		} else {
-			if tRef != nil && genImportPath(t) == genImportPath(tRef) {
-				if t.Name() != "" {
-					return ptrPfx + t.Name()
-				} else {
-					return ptrPfx + genCustomTypeName(tstr)
-				}
-			} else {
-				// best way to get the package name inclusive
-				// return ptrPfx + strings.Replace(tstr, ".", "_", 1000)
-				// return ptrPfx + genBase64enc.EncodeToString([]byte(tstr))
-				if t.Name() != "" && genQNameRegex.MatchString(tstr) {
-					return ptrPfx + strings.Replace(tstr, ".", "_", 1000)
-				} else {
-					return ptrPfx + genCustomTypeName(tstr)
-				}
-			}
-		}
-	}
-}
-
-// genCustomNameForType base64encodes the t.String() value in such a way
-// that it can be used within a function name.
-func genCustomTypeName(tstr string) string {
-	len2 := genBase64enc.EncodedLen(len(tstr))
-	bufx := make([]byte, len2)
-	genBase64enc.Encode(bufx, []byte(tstr))
-	for i := len2 - 1; i >= 0; i-- {
-		if bufx[i] == '=' {
-			len2--
-		} else {
-			break
-		}
-	}
-	return string(bufx[:len2])
-}
-
-func genIsImmutable(t reflect.Type) (v bool) {
-	return isImmutableKind(t.Kind())
-}
-
-type genInternal struct {
-	Version int
-	Values  []genV
-}
-
-func (x genInternal) FastpathLen() (l int) {
-	for _, v := range x.Values {
-		if v.Primitive == "" && !(v.MapKey == "" && v.Elem == "uint8") {
-			l++
-		}
-	}
-	return
-}
-
-func genInternalZeroValue(s string) string {
-	switch s {
-	case "interface{}", "interface {}":
-		return "nil"
-	case "bool":
-		return "false"
-	case "string":
-		return `""`
-	default:
-		return "0"
-	}
-}
-
-var genInternalNonZeroValueIdx [5]uint64
-var genInternalNonZeroValueStrs = [2][5]string{
-	{`"string-is-an-interface"`, "true", `"some-string"`, "11.1", "33"},
-	{`"string-is-an-interface-2"`, "true", `"some-string-2"`, "22.2", "44"},
-}
-
-func genInternalNonZeroValue(s string) string {
-	switch s {
-	case "interface{}", "interface {}":
-		genInternalNonZeroValueIdx[0]++
-		return genInternalNonZeroValueStrs[genInternalNonZeroValueIdx[0]%2][0] // return string, to remove ambiguity
-	case "bool":
-		genInternalNonZeroValueIdx[1]++
-		return genInternalNonZeroValueStrs[genInternalNonZeroValueIdx[1]%2][1]
-	case "string":
-		genInternalNonZeroValueIdx[2]++
-		return genInternalNonZeroValueStrs[genInternalNonZeroValueIdx[2]%2][2]
-	case "float32", "float64", "float", "double":
-		genInternalNonZeroValueIdx[3]++
-		return genInternalNonZeroValueStrs[genInternalNonZeroValueIdx[3]%2][3]
-	default:
-		genInternalNonZeroValueIdx[4]++
-		return genInternalNonZeroValueStrs[genInternalNonZeroValueIdx[4]%2][4]
-	}
-}
-
-func genInternalEncCommandAsString(s string, vname string) string {
-	switch s {
-	case "uint", "uint8", "uint16", "uint32", "uint64":
-		return "ee.EncodeUint(uint64(" + vname + "))"
-	case "int", "int8", "int16", "int32", "int64":
-		return "ee.EncodeInt(int64(" + vname + "))"
-	case "string":
-		return "ee.EncodeString(cUTF8, " + vname + ")"
-	case "float32":
-		return "ee.EncodeFloat32(" + vname + ")"
-	case "float64":
-		return "ee.EncodeFloat64(" + vname + ")"
-	case "bool":
-		return "ee.EncodeBool(" + vname + ")"
-	// case "symbol":
-	// 	return "ee.EncodeSymbol(" + vname + ")"
-	default:
-		return "e.encode(" + vname + ")"
-	}
-}
-
-func genInternalDecCommandAsString(s string) string {
-	switch s {
-	case "uint":
-		return "uint(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))"
-	case "uint8":
-		return "uint8(chkOvf.UintV(dd.DecodeUint64(), 8))"
-	case "uint16":
-		return "uint16(chkOvf.UintV(dd.DecodeUint64(), 16))"
-	case "uint32":
-		return "uint32(chkOvf.UintV(dd.DecodeUint64(), 32))"
-	case "uint64":
-		return "dd.DecodeUint64()"
-	case "uintptr":
-		return "uintptr(chkOvf.UintV(dd.DecodeUint64(), uintBitsize))"
-	case "int":
-		return "int(chkOvf.IntV(dd.DecodeInt64(), intBitsize))"
-	case "int8":
-		return "int8(chkOvf.IntV(dd.DecodeInt64(), 8))"
-	case "int16":
-		return "int16(chkOvf.IntV(dd.DecodeInt64(), 16))"
-	case "int32":
-		return "int32(chkOvf.IntV(dd.DecodeInt64(), 32))"
-	case "int64":
-		return "dd.DecodeInt64()"
-
-	case "string":
-		return "dd.DecodeString()"
-	case "float32":
-		return "float32(chkOvf.Float32V(dd.DecodeFloat64()))"
-	case "float64":
-		return "dd.DecodeFloat64()"
-	case "bool":
-		return "dd.DecodeBool()"
-	default:
-		panic(errors.New("gen internal: unknown type for decode: " + s))
-	}
-}
-
-func genInternalSortType(s string, elem bool) string {
-	for _, v := range [...]string{"int", "uint", "float", "bool", "string"} {
-		if strings.HasPrefix(s, v) {
-			if elem {
-				if v == "int" || v == "uint" || v == "float" {
-					return v + "64"
-				} else {
-					return v
-				}
-			}
-			return v + "Slice"
-		}
-	}
-	panic("sorttype: unexpected type: " + s)
-}
-
-func genStripVendor(s string) string {
-	// HACK: Misbehaviour occurs in go 1.5. May have to re-visit this later.
-	// if s contains /vendor/ OR startsWith vendor/, then return everything after it.
-	const vendorStart = "vendor/"
-	const vendorInline = "/vendor/"
-	if i := strings.LastIndex(s, vendorInline); i >= 0 {
-		s = s[i+len(vendorInline):]
-	} else if strings.HasPrefix(s, vendorStart) {
-		s = s[len(vendorStart):]
-	}
-	return s
-}
-
-// var genInternalMu sync.Mutex
-var genInternalV = genInternal{Version: genVersion}
-var genInternalTmplFuncs template.FuncMap
-var genInternalOnce sync.Once
-
-func genInternalInit() {
-	types := [...]string{
-		"interface{}",
-		"string",
-		"float32",
-		"float64",
-		"uint",
-		"uint8",
-		"uint16",
-		"uint32",
-		"uint64",
-		"uintptr",
-		"int",
-		"int8",
-		"int16",
-		"int32",
-		"int64",
-		"bool",
-	}
-	// keep as slice, so it is in specific iteration order.
-	// Initial order was uint64, string, interface{}, int, int64
-	mapvaltypes := [...]string{
-		"interface{}",
-		"string",
-		"uint",
-		"uint8",
-		"uint16",
-		"uint32",
-		"uint64",
-		"uintptr",
-		"int",
-		"int8",
-		"int16",
-		"int32",
-		"int64",
-		"float32",
-		"float64",
-		"bool",
-	}
-	wordSizeBytes := int(intBitsize) / 8
-
-	mapvaltypes2 := map[string]int{
-		"interface{}": 2 * wordSizeBytes,
-		"string":      2 * wordSizeBytes,
-		"uint":        1 * wordSizeBytes,
-		"uint8":       1,
-		"uint16":      2,
-		"uint32":      4,
-		"uint64":      8,
-		"uintptr":     1 * wordSizeBytes,
-		"int":         1 * wordSizeBytes,
-		"int8":        1,
-		"int16":       2,
-		"int32":       4,
-		"int64":       8,
-		"float32":     4,
-		"float64":     8,
-		"bool":        1,
-	}
-	var gt = genInternal{Version: genVersion}
-
-	// For each slice or map type, there must be a (symmetrical) Encode and Decode fast-path function
-	for _, s := range types {
-		gt.Values = append(gt.Values, genV{Primitive: s, Size: mapvaltypes2[s]})
-		// if s != "uint8" { // do not generate fast path for slice of bytes. Treat specially already.
-		// 	gt.Values = append(gt.Values, genV{Elem: s, Size: mapvaltypes2[s]})
-		// }
-		gt.Values = append(gt.Values, genV{Elem: s, Size: mapvaltypes2[s]})
-		if _, ok := mapvaltypes2[s]; !ok {
-			gt.Values = append(gt.Values, genV{MapKey: s, Elem: s, Size: 2 * mapvaltypes2[s]})
-		}
-		for _, ms := range mapvaltypes {
-			gt.Values = append(gt.Values, genV{MapKey: s, Elem: ms, Size: mapvaltypes2[s] + mapvaltypes2[ms]})
-		}
-	}
-
-	funcs := make(template.FuncMap)
-	// funcs["haspfx"] = strings.HasPrefix
-	funcs["encmd"] = genInternalEncCommandAsString
-	funcs["decmd"] = genInternalDecCommandAsString
-	funcs["zerocmd"] = genInternalZeroValue
-	funcs["nonzerocmd"] = genInternalNonZeroValue
-	funcs["hasprefix"] = strings.HasPrefix
-	funcs["sorttype"] = genInternalSortType
-
-	genInternalV = gt
-	genInternalTmplFuncs = funcs
-}
-
-// genInternalGoFile is used to generate source files from templates.
-// It is run by the program author alone.
-// Unfortunately, it has to be exported so that it can be called from a command line tool.
-// *** DO NOT USE ***
-func genInternalGoFile(r io.Reader, w io.Writer) (err error) {
-	genInternalOnce.Do(genInternalInit)
-
-	gt := genInternalV
-
-	t := template.New("").Funcs(genInternalTmplFuncs)
-
-	tmplstr, err := ioutil.ReadAll(r)
-	if err != nil {
-		return
-	}
-
-	if t, err = t.Parse(string(tmplstr)); err != nil {
-		return
-	}
-
-	var out bytes.Buffer
-	err = t.Execute(&out, gt)
-	if err != nil {
-		return
-	}
-
-	bout, err := format.Source(out.Bytes())
-	if err != nil {
-		w.Write(out.Bytes()) // write out if error, so we can still see.
-		// w.Write(bout) // write out if error, as much as possible, so we can still see.
-		return
-	}
-	w.Write(bout)
-	return
-}
diff --git a/vendor/github.com/ugorji/go/codec/goversion_arrayof_gte_go15.go b/vendor/github.com/ugorji/go/codec/goversion_arrayof_gte_go15.go
deleted file mode 100644
index 9ddbe2059336f..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_arrayof_gte_go15.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build go1.5
-
-package codec
-
-import "reflect"
-
-const reflectArrayOfSupported = true
-
-func reflectArrayOf(count int, elem reflect.Type) reflect.Type {
-	return reflect.ArrayOf(count, elem)
-}
diff --git a/vendor/github.com/ugorji/go/codec/goversion_arrayof_lt_go15.go b/vendor/github.com/ugorji/go/codec/goversion_arrayof_lt_go15.go
deleted file mode 100644
index c5fcd6697ef6d..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_arrayof_lt_go15.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build !go1.5
-
-package codec
-
-import "reflect"
-
-const reflectArrayOfSupported = false
-
-func reflectArrayOf(count int, elem reflect.Type) reflect.Type {
-	panic("codec: reflect.ArrayOf unsupported in this go version")
-}
diff --git a/vendor/github.com/ugorji/go/codec/goversion_makemap_gte_go19.go b/vendor/github.com/ugorji/go/codec/goversion_makemap_gte_go19.go
deleted file mode 100644
index bc39d6b719f34..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_makemap_gte_go19.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build go1.9
-
-package codec
-
-import "reflect"
-
-func makeMapReflect(t reflect.Type, size int) reflect.Value {
-	if size < 0 {
-		return reflect.MakeMapWithSize(t, 4)
-	}
-	return reflect.MakeMapWithSize(t, size)
-}
diff --git a/vendor/github.com/ugorji/go/codec/goversion_makemap_lt_go19.go b/vendor/github.com/ugorji/go/codec/goversion_makemap_lt_go19.go
deleted file mode 100644
index cde4cd372514d..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_makemap_lt_go19.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build !go1.9
-
-package codec
-
-import "reflect"
-
-func makeMapReflect(t reflect.Type, size int) reflect.Value {
-	return reflect.MakeMap(t)
-}
diff --git a/vendor/github.com/ugorji/go/codec/goversion_unexportedembeddedptr_gte_go110.go b/vendor/github.com/ugorji/go/codec/goversion_unexportedembeddedptr_gte_go110.go
deleted file mode 100644
index 794133a3cbb79..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_unexportedembeddedptr_gte_go110.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build go1.10
-
-package codec
-
-const allowSetUnexportedEmbeddedPtr = false
diff --git a/vendor/github.com/ugorji/go/codec/goversion_unexportedembeddedptr_lt_go110.go b/vendor/github.com/ugorji/go/codec/goversion_unexportedembeddedptr_lt_go110.go
deleted file mode 100644
index fd92ede3558ec..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_unexportedembeddedptr_lt_go110.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build !go1.10
-
-package codec
-
-const allowSetUnexportedEmbeddedPtr = true
diff --git a/vendor/github.com/ugorji/go/codec/goversion_unsupported_lt_go14.go b/vendor/github.com/ugorji/go/codec/goversion_unsupported_lt_go14.go
deleted file mode 100644
index 8debfa6137131..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_unsupported_lt_go14.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build !go1.4
-
-package codec
-
-// This codec package will only work for go1.4 and above.
-// This is for the following reasons:
-//   - go 1.4 was released in 2014
-//   - go runtime is written fully in go
-//   - interface only holds pointers
-//   - reflect.Value is stabilized as 3 words
-
-func init() {
-	panic("codec: go 1.3 and below are not supported")
-}
diff --git a/vendor/github.com/ugorji/go/codec/goversion_vendor_eq_go15.go b/vendor/github.com/ugorji/go/codec/goversion_vendor_eq_go15.go
deleted file mode 100644
index 0f1bb01e5a134..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_vendor_eq_go15.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build go1.5,!go1.6
-
-package codec
-
-import "os"
-
-var genCheckVendor = os.Getenv("GO15VENDOREXPERIMENT") == "1"
diff --git a/vendor/github.com/ugorji/go/codec/goversion_vendor_eq_go16.go b/vendor/github.com/ugorji/go/codec/goversion_vendor_eq_go16.go
deleted file mode 100644
index 2fb4b057ddc0b..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_vendor_eq_go16.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build go1.6,!go1.7
-
-package codec
-
-import "os"
-
-var genCheckVendor = os.Getenv("GO15VENDOREXPERIMENT") != "0"
diff --git a/vendor/github.com/ugorji/go/codec/goversion_vendor_gte_go17.go b/vendor/github.com/ugorji/go/codec/goversion_vendor_gte_go17.go
deleted file mode 100644
index c5b8155053948..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_vendor_gte_go17.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build go1.7
-
-package codec
-
-const genCheckVendor = true
diff --git a/vendor/github.com/ugorji/go/codec/goversion_vendor_lt_go15.go b/vendor/github.com/ugorji/go/codec/goversion_vendor_lt_go15.go
deleted file mode 100644
index 837cf240bae3a..0000000000000
--- a/vendor/github.com/ugorji/go/codec/goversion_vendor_lt_go15.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-// +build !go1.5
-
-package codec
-
-var genCheckVendor = false
diff --git a/vendor/github.com/ugorji/go/codec/helper.go b/vendor/github.com/ugorji/go/codec/helper.go
deleted file mode 100644
index bd29895b6d148..0000000000000
--- a/vendor/github.com/ugorji/go/codec/helper.go
+++ /dev/null
@@ -1,2414 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-// Contains code shared by both encode and decode.
-
-// Some shared ideas around encoding/decoding
-// ------------------------------------------
-//
-// If an interface{} is passed, we first do a type assertion to see if it is
-// a primitive type or a map/slice of primitive types, and use a fastpath to handle it.
-//
-// If we start with a reflect.Value, we are already in reflect.Value land and
-// will try to grab the function for the underlying Type and directly call that function.
-// This is more performant than calling reflect.Value.Interface().
-//
-// This still helps us bypass many layers of reflection, and give best performance.
-//
-// Containers
-// ------------
-// Containers in the stream are either associative arrays (key-value pairs) or
-// regular arrays (indexed by incrementing integers).
-//
-// Some streams support indefinite-length containers, and use a breaking
-// byte-sequence to denote that the container has come to an end.
-//
-// Some streams also are text-based, and use explicit separators to denote the
-// end/beginning of different values.
-//
-// During encode, we use a high-level condition to determine how to iterate through
-// the container. That decision is based on whether the container is text-based (with
-// separators) or binary (without separators). If binary, we do not even call the
-// encoding of separators.
-//
-// During decode, we use a different high-level condition to determine how to iterate
-// through the containers. That decision is based on whether the stream contained
-// a length prefix, or if it used explicit breaks. If length-prefixed, we assume that
-// it has to be binary, and we do not even try to read separators.
-//
-// Philosophy
-// ------------
-// On decode, this codec will update containers appropriately:
-//    - If struct, update fields from stream into fields of struct.
-//      If field in stream not found in struct, handle appropriately (based on option).
-//      If a struct field has no corresponding value in the stream, leave it AS IS.
-//      If nil in stream, set value to nil/zero value.
-//    - If map, update map from stream.
-//      If the stream value is NIL, set the map to nil.
-//    - if slice, try to update up to length of array in stream.
-//      if container len is less than stream array length,
-//      and container cannot be expanded, handled (based on option).
-//      This means you can decode 4-element stream array into 1-element array.
-//
-// ------------------------------------
-// On encode, user can specify omitEmpty. This means that the value will be omitted
-// if the zero value. The problem may occur during decode, where omitted values do not affect
-// the value being decoded into. This means that if decoding into a struct with an
-// int field with current value=5, and the field is omitted in the stream, then after
-// decoding, the value will still be 5 (not 0).
-// omitEmpty only works if you guarantee that you always decode into zero-values.
-//
-// ------------------------------------
-// We could have truncated a map to remove keys not available in the stream,
-// or set values in the struct which are not in the stream to their zero values.
-// We decided against it because there is no efficient way to do it.
-// We may introduce it as an option later.
-// However, that will require enabling it for both runtime and code generation modes.
-//
-// To support truncate, we need to do 2 passes over the container:
-//   map
-//   - first collect all keys (e.g. in k1)
-//   - for each key in stream, mark k1 that the key should not be removed
-//   - after updating map, do second pass and call delete for all keys in k1 which are not marked
-//   struct:
-//   - for each field, track the *typeInfo s1
-//   - iterate through all s1, and for each one not marked, set value to zero
-//   - this involves checking the possible anonymous fields which are nil ptrs.
-//     too much work.
-//
-// ------------------------------------------
-// Error Handling is done within the library using panic.
-//
-// This way, the code doesn't have to keep checking if an error has happened,
-// and we don't have to keep sending the error value along with each call
-// or storing it in the En|Decoder and checking it constantly along the way.
-//
-// The disadvantage is that small functions which use panics cannot be inlined.
-// The code accounts for that by only using panics behind an interface;
-// since interface calls cannot be inlined, this is irrelevant.
-//
-// We considered storing the error is En|Decoder.
-//   - once it has its err field set, it cannot be used again.
-//   - panicing will be optional, controlled by const flag.
-//   - code should always check error first and return early.
-// We eventually decided against it as it makes the code clumsier to always
-// check for these error conditions.
-
-import (
-	"bytes"
-	"encoding"
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"io"
-	"math"
-	"reflect"
-	"sort"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-)
-
-const (
-	scratchByteArrayLen = 32
-	// initCollectionCap   = 16 // 32 is defensive. 16 is preferred.
-
-	// Support encoding.(Binary|Text)(Unm|M)arshaler.
-	// This constant flag will enable or disable it.
-	supportMarshalInterfaces = true
-
-	// for debugging, set this to false, to catch panic traces.
-	// Note that this will always cause rpc tests to fail, since they need io.EOF sent via panic.
-	recoverPanicToErr = true
-
-	// arrayCacheLen is the length of the cache used in encoder or decoder for
-	// allowing zero-alloc initialization.
-	arrayCacheLen = 8
-
-	// size of the cacheline: defaulting to value for archs: amd64, arm64, 386
-	// should use "runtime/internal/sys".CacheLineSize, but that is not exposed.
-	cacheLineSize = 64
-
-	wordSizeBits = 32 << (^uint(0) >> 63) // strconv.IntSize
-	wordSize     = wordSizeBits / 8
-
-	maxLevelsEmbedding = 15 // use this, so structFieldInfo fits into 8 bytes
-)
-
-var (
-	oneByteArr    = [1]byte{0}
-	zeroByteSlice = oneByteArr[:0:0]
-)
-
-var refBitset bitset32
-var pool pooler
-var panicv panicHdl
-
-func init() {
-	pool.init()
-
-	refBitset.set(byte(reflect.Map))
-	refBitset.set(byte(reflect.Ptr))
-	refBitset.set(byte(reflect.Func))
-	refBitset.set(byte(reflect.Chan))
-}
-
-type charEncoding uint8
-
-const (
-	cRAW charEncoding = iota
-	cUTF8
-	cUTF16LE
-	cUTF16BE
-	cUTF32LE
-	cUTF32BE
-)
-
-// valueType is the stream type
-type valueType uint8
-
-const (
-	valueTypeUnset valueType = iota
-	valueTypeNil
-	valueTypeInt
-	valueTypeUint
-	valueTypeFloat
-	valueTypeBool
-	valueTypeString
-	valueTypeSymbol
-	valueTypeBytes
-	valueTypeMap
-	valueTypeArray
-	valueTypeTime
-	valueTypeExt
-
-	// valueTypeInvalid = 0xff
-)
-
-var valueTypeStrings = [...]string{
-	"Unset",
-	"Nil",
-	"Int",
-	"Uint",
-	"Float",
-	"Bool",
-	"String",
-	"Symbol",
-	"Bytes",
-	"Map",
-	"Array",
-	"Timestamp",
-	"Ext",
-}
-
-func (x valueType) String() string {
-	if int(x) < len(valueTypeStrings) {
-		return valueTypeStrings[x]
-	}
-	return strconv.FormatInt(int64(x), 10)
-}
-
-type seqType uint8
-
-const (
-	_ seqType = iota
-	seqTypeArray
-	seqTypeSlice
-	seqTypeChan
-)
-
-// note that containerMapStart and containerArraySend are not sent.
-// This is because the ReadXXXStart and EncodeXXXStart already does these.
-type containerState uint8
-
-const (
-	_ containerState = iota
-
-	containerMapStart // slot left open, since Driver method already covers it
-	containerMapKey
-	containerMapValue
-	containerMapEnd
-	containerArrayStart // slot left open, since Driver methods already cover it
-	containerArrayElem
-	containerArrayEnd
-)
-
-// // sfiIdx used for tracking where a (field/enc)Name is seen in a []*structFieldInfo
-// type sfiIdx struct {
-// 	name  string
-// 	index int
-// }
-
-// do not recurse if a containing type refers to an embedded type
-// which refers back to its containing type (via a pointer).
-// The second time this back-reference happens, break out,
-// so as not to cause an infinite loop.
-const rgetMaxRecursion = 2
-
-// Anecdotally, we believe most types have <= 12 fields.
-// - even Java's PMD rules set TooManyFields threshold to 15.
-// However, go has embedded fields, which should be regarded as
-// top level, allowing structs to possibly double or triple.
-// In addition, we don't want to keep creating transient arrays,
-// especially for the sfi index tracking, and the evtypes tracking.
-//
-// So - try to keep typeInfoLoadArray within 2K bytes
-const (
-	typeInfoLoadArraySfisLen   = 16
-	typeInfoLoadArraySfiidxLen = 8 * 112
-	typeInfoLoadArrayEtypesLen = 12
-	typeInfoLoadArrayBLen      = 8 * 4
-)
-
-type typeInfoLoad struct {
-	// fNames   []string
-	// encNames []string
-	etypes []uintptr
-	sfis   []structFieldInfo
-}
-
-type typeInfoLoadArray struct {
-	// fNames   [typeInfoLoadArrayLen]string
-	// encNames [typeInfoLoadArrayLen]string
-	sfis   [typeInfoLoadArraySfisLen]structFieldInfo
-	sfiidx [typeInfoLoadArraySfiidxLen]byte
-	etypes [typeInfoLoadArrayEtypesLen]uintptr
-	b      [typeInfoLoadArrayBLen]byte // scratch - used for struct field names
-}
-
-// mirror json.Marshaler and json.Unmarshaler here,
-// so we don't import the encoding/json package
-
-type jsonMarshaler interface {
-	MarshalJSON() ([]byte, error)
-}
-type jsonUnmarshaler interface {
-	UnmarshalJSON([]byte) error
-}
-
-type isZeroer interface {
-	IsZero() bool
-}
-
-// type byteAccepter func(byte) bool
-
-var (
-	bigen               = binary.BigEndian
-	structInfoFieldName = "_struct"
-
-	mapStrIntfTyp  = reflect.TypeOf(map[string]interface{}(nil))
-	mapIntfIntfTyp = reflect.TypeOf(map[interface{}]interface{}(nil))
-	intfSliceTyp   = reflect.TypeOf([]interface{}(nil))
-	intfTyp        = intfSliceTyp.Elem()
-
-	reflectValTyp = reflect.TypeOf((*reflect.Value)(nil)).Elem()
-
-	stringTyp     = reflect.TypeOf("")
-	timeTyp       = reflect.TypeOf(time.Time{})
-	rawExtTyp     = reflect.TypeOf(RawExt{})
-	rawTyp        = reflect.TypeOf(Raw{})
-	uintptrTyp    = reflect.TypeOf(uintptr(0))
-	uint8Typ      = reflect.TypeOf(uint8(0))
-	uint8SliceTyp = reflect.TypeOf([]uint8(nil))
-	uintTyp       = reflect.TypeOf(uint(0))
-	intTyp        = reflect.TypeOf(int(0))
-
-	mapBySliceTyp = reflect.TypeOf((*MapBySlice)(nil)).Elem()
-
-	binaryMarshalerTyp   = reflect.TypeOf((*encoding.BinaryMarshaler)(nil)).Elem()
-	binaryUnmarshalerTyp = reflect.TypeOf((*encoding.BinaryUnmarshaler)(nil)).Elem()
-
-	textMarshalerTyp   = reflect.TypeOf((*encoding.TextMarshaler)(nil)).Elem()
-	textUnmarshalerTyp = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
-
-	jsonMarshalerTyp   = reflect.TypeOf((*jsonMarshaler)(nil)).Elem()
-	jsonUnmarshalerTyp = reflect.TypeOf((*jsonUnmarshaler)(nil)).Elem()
-
-	selferTyp = reflect.TypeOf((*Selfer)(nil)).Elem()
-	iszeroTyp = reflect.TypeOf((*isZeroer)(nil)).Elem()
-
-	uint8TypId      = rt2id(uint8Typ)
-	uint8SliceTypId = rt2id(uint8SliceTyp)
-	rawExtTypId     = rt2id(rawExtTyp)
-	rawTypId        = rt2id(rawTyp)
-	intfTypId       = rt2id(intfTyp)
-	timeTypId       = rt2id(timeTyp)
-	stringTypId     = rt2id(stringTyp)
-
-	mapStrIntfTypId  = rt2id(mapStrIntfTyp)
-	mapIntfIntfTypId = rt2id(mapIntfIntfTyp)
-	intfSliceTypId   = rt2id(intfSliceTyp)
-	// mapBySliceTypId  = rt2id(mapBySliceTyp)
-
-	intBitsize  = uint8(intTyp.Bits())
-	uintBitsize = uint8(uintTyp.Bits())
-
-	bsAll0x00 = []byte{0, 0, 0, 0, 0, 0, 0, 0}
-	bsAll0xff = []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
-
-	chkOvf checkOverflow
-
-	errNoFieldNameToStructFieldInfo = errors.New("no field name passed to parseStructFieldInfo")
-)
-
-var defTypeInfos = NewTypeInfos([]string{"codec", "json"})
-
-var immutableKindsSet = [32]bool{
-	// reflect.Invalid:  ,
-	reflect.Bool:       true,
-	reflect.Int:        true,
-	reflect.Int8:       true,
-	reflect.Int16:      true,
-	reflect.Int32:      true,
-	reflect.Int64:      true,
-	reflect.Uint:       true,
-	reflect.Uint8:      true,
-	reflect.Uint16:     true,
-	reflect.Uint32:     true,
-	reflect.Uint64:     true,
-	reflect.Uintptr:    true,
-	reflect.Float32:    true,
-	reflect.Float64:    true,
-	reflect.Complex64:  true,
-	reflect.Complex128: true,
-	// reflect.Array
-	// reflect.Chan
-	// reflect.Func: true,
-	// reflect.Interface
-	// reflect.Map
-	// reflect.Ptr
-	// reflect.Slice
-	reflect.String: true,
-	// reflect.Struct
-	// reflect.UnsafePointer
-}
-
-// Selfer defines methods by which a value can encode or decode itself.
-//
-// Any type which implements Selfer will be able to encode or decode itself.
-// Consequently, during (en|de)code, this takes precedence over
-// (text|binary)(M|Unm)arshal or extension support.
-//
-// Note: *the first set of bytes of any value MUST NOT represent nil in the format*.
-// This is because, during each decode, we first check the the next set of bytes
-// represent nil, and if so, we just set the value to nil.
-type Selfer interface {
-	CodecEncodeSelf(*Encoder)
-	CodecDecodeSelf(*Decoder)
-}
-
-// MapBySlice is a tag interface that denotes wrapped slice should encode as a map in the stream.
-// The slice contains a sequence of key-value pairs.
-// This affords storing a map in a specific sequence in the stream.
-//
-// Example usage:
-//    type T1 []string         // or []int or []Point or any other "slice" type
-//    func (_ T1) MapBySlice{} // T1 now implements MapBySlice, and will be encoded as a map
-//    type T2 struct { KeyValues T1 }
-//
-//    var kvs = []string{"one", "1", "two", "2", "three", "3"}
-//    var v2 = T2{ KeyValues: T1(kvs) }
-//    // v2 will be encoded like the map: {"KeyValues": {"one": "1", "two": "2", "three": "3"} }
-//
-// The support of MapBySlice affords the following:
-//   - A slice type which implements MapBySlice will be encoded as a map
-//   - A slice can be decoded from a map in the stream
-//   - It MUST be a slice type (not a pointer receiver) that implements MapBySlice
-type MapBySlice interface {
-	MapBySlice()
-}
-
-// BasicHandle encapsulates the common options and extension functions.
-//
-// Deprecated: DO NOT USE DIRECTLY. EXPORTED FOR GODOC BENEFIT. WILL BE REMOVED.
-type BasicHandle struct {
-	// BasicHandle is always a part of a different type.
-	// It doesn't have to fit into it own cache lines.
-
-	// TypeInfos is used to get the type info for any type.
-	//
-	// If not configured, the default TypeInfos is used, which uses struct tag keys: codec, json
-	TypeInfos *TypeInfos
-
-	// Note: BasicHandle is not comparable, due to these slices here (extHandle, intf2impls).
-	// If *[]T is used instead, this becomes comparable, at the cost of extra indirection.
-	// Thses slices are used all the time, so keep as slices (not pointers).
-
-	extHandle
-
-	intf2impls
-
-	RPCOptions
-
-	// ---- cache line
-
-	DecodeOptions
-
-	// ---- cache line
-
-	EncodeOptions
-
-	// noBuiltInTypeChecker
-}
-
-func (x *BasicHandle) getBasicHandle() *BasicHandle {
-	return x
-}
-
-func (x *BasicHandle) getTypeInfo(rtid uintptr, rt reflect.Type) (pti *typeInfo) {
-	if x.TypeInfos == nil {
-		return defTypeInfos.get(rtid, rt)
-	}
-	return x.TypeInfos.get(rtid, rt)
-}
-
-// Handle is the interface for a specific encoding format.
-//
-// Typically, a Handle is pre-configured before first time use,
-// and not modified while in use. Such a pre-configured Handle
-// is safe for concurrent access.
-type Handle interface {
-	Name() string
-	getBasicHandle() *BasicHandle
-	recreateEncDriver(encDriver) bool
-	newEncDriver(w *Encoder) encDriver
-	newDecDriver(r *Decoder) decDriver
-	isBinary() bool
-	hasElemSeparators() bool
-	// IsBuiltinType(rtid uintptr) bool
-}
-
-// Raw represents raw formatted bytes.
-// We "blindly" store it during encode and retrieve the raw bytes during decode.
-// Note: it is dangerous during encode, so we may gate the behaviour
-// behind an Encode flag which must be explicitly set.
-type Raw []byte
-
-// RawExt represents raw unprocessed extension data.
-// Some codecs will decode extension data as a *RawExt
-// if there is no registered extension for the tag.
-//
-// Only one of Data or Value is nil.
-// If Data is nil, then the content of the RawExt is in the Value.
-type RawExt struct {
-	Tag uint64
-	// Data is the []byte which represents the raw ext. If nil, ext is exposed in Value.
-	// Data is used by codecs (e.g. binc, msgpack, simple) which do custom serialization of types
-	Data []byte
-	// Value represents the extension, if Data is nil.
-	// Value is used by codecs (e.g. cbor, json) which leverage the format to do
-	// custom serialization of the types.
-	Value interface{}
-}
-
-// BytesExt handles custom (de)serialization of types to/from []byte.
-// It is used by codecs (e.g. binc, msgpack, simple) which do custom serialization of the types.
-type BytesExt interface {
-	// WriteExt converts a value to a []byte.
-	//
-	// Note: v is a pointer iff the registered extension type is a struct or array kind.
-	WriteExt(v interface{}) []byte
-
-	// ReadExt updates a value from a []byte.
-	//
-	// Note: dst is always a pointer kind to the registered extension type.
-	ReadExt(dst interface{}, src []byte)
-}
-
-// InterfaceExt handles custom (de)serialization of types to/from another interface{} value.
-// The Encoder or Decoder will then handle the further (de)serialization of that known type.
-//
-// It is used by codecs (e.g. cbor, json) which use the format to do custom serialization of types.
-type InterfaceExt interface {
-	// ConvertExt converts a value into a simpler interface for easy encoding
-	// e.g. convert time.Time to int64.
-	//
-	// Note: v is a pointer iff the registered extension type is a struct or array kind.
-	ConvertExt(v interface{}) interface{}
-
-	// UpdateExt updates a value from a simpler interface for easy decoding
-	// e.g. convert int64 to time.Time.
-	//
-	// Note: dst is always a pointer kind to the registered extension type.
-	UpdateExt(dst interface{}, src interface{})
-}
-
-// Ext handles custom (de)serialization of custom types / extensions.
-type Ext interface {
-	BytesExt
-	InterfaceExt
-}
-
-// addExtWrapper is a wrapper implementation to support former AddExt exported method.
-type addExtWrapper struct {
-	encFn func(reflect.Value) ([]byte, error)
-	decFn func(reflect.Value, []byte) error
-}
-
-func (x addExtWrapper) WriteExt(v interface{}) []byte {
-	bs, err := x.encFn(reflect.ValueOf(v))
-	if err != nil {
-		panic(err)
-	}
-	return bs
-}
-
-func (x addExtWrapper) ReadExt(v interface{}, bs []byte) {
-	if err := x.decFn(reflect.ValueOf(v), bs); err != nil {
-		panic(err)
-	}
-}
-
-func (x addExtWrapper) ConvertExt(v interface{}) interface{} {
-	return x.WriteExt(v)
-}
-
-func (x addExtWrapper) UpdateExt(dest interface{}, v interface{}) {
-	x.ReadExt(dest, v.([]byte))
-}
-
-type extWrapper struct {
-	BytesExt
-	InterfaceExt
-}
-
-type bytesExtFailer struct{}
-
-func (bytesExtFailer) WriteExt(v interface{}) []byte {
-	panicv.errorstr("BytesExt.WriteExt is not supported")
-	return nil
-}
-func (bytesExtFailer) ReadExt(v interface{}, bs []byte) {
-	panicv.errorstr("BytesExt.ReadExt is not supported")
-}
-
-type interfaceExtFailer struct{}
-
-func (interfaceExtFailer) ConvertExt(v interface{}) interface{} {
-	panicv.errorstr("InterfaceExt.ConvertExt is not supported")
-	return nil
-}
-func (interfaceExtFailer) UpdateExt(dest interface{}, v interface{}) {
-	panicv.errorstr("InterfaceExt.UpdateExt is not supported")
-}
-
-type binaryEncodingType struct{}
-
-func (binaryEncodingType) isBinary() bool { return true }
-
-type textEncodingType struct{}
-
-func (textEncodingType) isBinary() bool { return false }
-
-// noBuiltInTypes is embedded into many types which do not support builtins
-// e.g. msgpack, simple, cbor.
-
-// type noBuiltInTypeChecker struct{}
-// func (noBuiltInTypeChecker) IsBuiltinType(rt uintptr) bool { return false }
-// type noBuiltInTypes struct{ noBuiltInTypeChecker }
-
-type noBuiltInTypes struct{}
-
-func (noBuiltInTypes) EncodeBuiltin(rt uintptr, v interface{}) {}
-func (noBuiltInTypes) DecodeBuiltin(rt uintptr, v interface{}) {}
-
-// type noStreamingCodec struct{}
-// func (noStreamingCodec) CheckBreak() bool { return false }
-// func (noStreamingCodec) hasElemSeparators() bool { return false }
-
-type noElemSeparators struct{}
-
-func (noElemSeparators) hasElemSeparators() (v bool)            { return }
-func (noElemSeparators) recreateEncDriver(e encDriver) (v bool) { return }
-
-// bigenHelper.
-// Users must already slice the x completely, because we will not reslice.
-type bigenHelper struct {
-	x []byte // must be correctly sliced to appropriate len. slicing is a cost.
-	w encWriter
-}
-
-func (z bigenHelper) writeUint16(v uint16) {
-	bigen.PutUint16(z.x, v)
-	z.w.writeb(z.x)
-}
-
-func (z bigenHelper) writeUint32(v uint32) {
-	bigen.PutUint32(z.x, v)
-	z.w.writeb(z.x)
-}
-
-func (z bigenHelper) writeUint64(v uint64) {
-	bigen.PutUint64(z.x, v)
-	z.w.writeb(z.x)
-}
-
-type extTypeTagFn struct {
-	rtid    uintptr
-	rtidptr uintptr
-	rt      reflect.Type
-	tag     uint64
-	ext     Ext
-	_       [1]uint64 // padding
-}
-
-type extHandle []extTypeTagFn
-
-// AddExt registes an encode and decode function for a reflect.Type.
-// To deregister an Ext, call AddExt with nil encfn and/or nil decfn.
-//
-// Deprecated: Use SetBytesExt or SetInterfaceExt on the Handle instead.
-func (o *extHandle) AddExt(rt reflect.Type, tag byte,
-	encfn func(reflect.Value) ([]byte, error),
-	decfn func(reflect.Value, []byte) error) (err error) {
-	if encfn == nil || decfn == nil {
-		return o.SetExt(rt, uint64(tag), nil)
-	}
-	return o.SetExt(rt, uint64(tag), addExtWrapper{encfn, decfn})
-}
-
-// SetExt will set the extension for a tag and reflect.Type.
-// Note that the type must be a named type, and specifically not a pointer or Interface.
-// An error is returned if that is not honored.
-// To Deregister an ext, call SetExt with nil Ext.
-//
-// Deprecated: Use SetBytesExt or SetInterfaceExt on the Handle instead.
-func (o *extHandle) SetExt(rt reflect.Type, tag uint64, ext Ext) (err error) {
-	// o is a pointer, because we may need to initialize it
-	rk := rt.Kind()
-	for rk == reflect.Ptr {
-		rt = rt.Elem()
-		rk = rt.Kind()
-	}
-
-	if rt.PkgPath() == "" || rk == reflect.Interface { // || rk == reflect.Ptr {
-		return fmt.Errorf("codec.Handle.SetExt: Takes named type, not a pointer or interface: %v", rt)
-	}
-
-	rtid := rt2id(rt)
-	switch rtid {
-	case timeTypId, rawTypId, rawExtTypId:
-		// all natively supported type, so cannot have an extension
-		return // TODO: should we silently ignore, or return an error???
-	}
-	// if o == nil {
-	// 	return errors.New("codec.Handle.SetExt: extHandle not initialized")
-	// }
-	o2 := *o
-	// if o2 == nil {
-	// 	return errors.New("codec.Handle.SetExt: extHandle not initialized")
-	// }
-	for i := range o2 {
-		v := &o2[i]
-		if v.rtid == rtid {
-			v.tag, v.ext = tag, ext
-			return
-		}
-	}
-	rtidptr := rt2id(reflect.PtrTo(rt))
-	*o = append(o2, extTypeTagFn{rtid, rtidptr, rt, tag, ext, [1]uint64{}})
-	return
-}
-
-func (o extHandle) getExt(rtid uintptr) (v *extTypeTagFn) {
-	for i := range o {
-		v = &o[i]
-		if v.rtid == rtid || v.rtidptr == rtid {
-			return
-		}
-	}
-	return nil
-}
-
-func (o extHandle) getExtForTag(tag uint64) (v *extTypeTagFn) {
-	for i := range o {
-		v = &o[i]
-		if v.tag == tag {
-			return
-		}
-	}
-	return nil
-}
-
-type intf2impl struct {
-	rtid uintptr // for intf
-	impl reflect.Type
-	// _    [1]uint64 // padding // not-needed, as *intf2impl is never returned.
-}
-
-type intf2impls []intf2impl
-
-// Intf2Impl maps an interface to an implementing type.
-// This allows us support infering the concrete type
-// and populating it when passed an interface.
-// e.g. var v io.Reader can be decoded as a bytes.Buffer, etc.
-//
-// Passing a nil impl will clear the mapping.
-func (o *intf2impls) Intf2Impl(intf, impl reflect.Type) (err error) {
-	if impl != nil && !impl.Implements(intf) {
-		return fmt.Errorf("Intf2Impl: %v does not implement %v", impl, intf)
-	}
-	rtid := rt2id(intf)
-	o2 := *o
-	for i := range o2 {
-		v := &o2[i]
-		if v.rtid == rtid {
-			v.impl = impl
-			return
-		}
-	}
-	*o = append(o2, intf2impl{rtid, impl})
-	return
-}
-
-func (o intf2impls) intf2impl(rtid uintptr) (rv reflect.Value) {
-	for i := range o {
-		v := &o[i]
-		if v.rtid == rtid {
-			if v.impl == nil {
-				return
-			}
-			if v.impl.Kind() == reflect.Ptr {
-				return reflect.New(v.impl.Elem())
-			}
-			return reflect.New(v.impl).Elem()
-		}
-	}
-	return
-}
-
-type structFieldInfoFlag uint8
-
-const (
-	_ structFieldInfoFlag = 1 << iota
-	structFieldInfoFlagReady
-	structFieldInfoFlagOmitEmpty
-)
-
-func (x *structFieldInfoFlag) flagSet(f structFieldInfoFlag) {
-	*x = *x | f
-}
-
-func (x *structFieldInfoFlag) flagClr(f structFieldInfoFlag) {
-	*x = *x &^ f
-}
-
-func (x structFieldInfoFlag) flagGet(f structFieldInfoFlag) bool {
-	return x&f != 0
-}
-
-func (x structFieldInfoFlag) omitEmpty() bool {
-	return x.flagGet(structFieldInfoFlagOmitEmpty)
-}
-
-func (x structFieldInfoFlag) ready() bool {
-	return x.flagGet(structFieldInfoFlagReady)
-}
-
-type structFieldInfo struct {
-	encName   string // encode name
-	fieldName string // field name
-
-	is  [maxLevelsEmbedding]uint16 // (recursive/embedded) field index in struct
-	nis uint8                      // num levels of embedding. if 1, then it's not embedded.
-	structFieldInfoFlag
-}
-
-func (si *structFieldInfo) setToZeroValue(v reflect.Value) {
-	if v, valid := si.field(v, false); valid {
-		v.Set(reflect.Zero(v.Type()))
-	}
-}
-
-// rv returns the field of the struct.
-// If anonymous, it returns an Invalid
-func (si *structFieldInfo) field(v reflect.Value, update bool) (rv2 reflect.Value, valid bool) {
-	// replicate FieldByIndex
-	for i, x := range si.is {
-		if uint8(i) == si.nis {
-			break
-		}
-		if v, valid = baseStructRv(v, update); !valid {
-			return
-		}
-		v = v.Field(int(x))
-	}
-
-	return v, true
-}
-
-// func (si *structFieldInfo) fieldval(v reflect.Value, update bool) reflect.Value {
-// 	v, _ = si.field(v, update)
-// 	return v
-// }
-
-func parseStructInfo(stag string) (toArray, omitEmpty bool, keytype valueType) {
-	keytype = valueTypeString // default
-	if stag == "" {
-		return
-	}
-	for i, s := range strings.Split(stag, ",") {
-		if i == 0 {
-		} else {
-			switch s {
-			case "omitempty":
-				omitEmpty = true
-			case "toarray":
-				toArray = true
-			case "int":
-				keytype = valueTypeInt
-			case "uint":
-				keytype = valueTypeUint
-			case "float":
-				keytype = valueTypeFloat
-				// case "bool":
-				// 	keytype = valueTypeBool
-			case "string":
-				keytype = valueTypeString
-			}
-		}
-	}
-	return
-}
-
-func (si *structFieldInfo) parseTag(stag string) {
-	// if fname == "" {
-	// 	panic(errNoFieldNameToStructFieldInfo)
-	// }
-
-	if stag == "" {
-		return
-	}
-	for i, s := range strings.Split(stag, ",") {
-		if i == 0 {
-			if s != "" {
-				si.encName = s
-			}
-		} else {
-			switch s {
-			case "omitempty":
-				si.flagSet(structFieldInfoFlagOmitEmpty)
-				// si.omitEmpty = true
-				// case "toarray":
-				// 	si.toArray = true
-			}
-		}
-	}
-}
-
-type sfiSortedByEncName []*structFieldInfo
-
-func (p sfiSortedByEncName) Len() int {
-	return len(p)
-}
-
-func (p sfiSortedByEncName) Less(i, j int) bool {
-	return p[i].encName < p[j].encName
-}
-
-func (p sfiSortedByEncName) Swap(i, j int) {
-	p[i], p[j] = p[j], p[i]
-}
-
-const structFieldNodeNumToCache = 4
-
-type structFieldNodeCache struct {
-	rv  [structFieldNodeNumToCache]reflect.Value
-	idx [structFieldNodeNumToCache]uint32
-	num uint8
-}
-
-func (x *structFieldNodeCache) get(key uint32) (fv reflect.Value, valid bool) {
-	for i, k := range &x.idx {
-		if uint8(i) == x.num {
-			return // break
-		}
-		if key == k {
-			return x.rv[i], true
-		}
-	}
-	return
-}
-
-func (x *structFieldNodeCache) tryAdd(fv reflect.Value, key uint32) {
-	if x.num < structFieldNodeNumToCache {
-		x.rv[x.num] = fv
-		x.idx[x.num] = key
-		x.num++
-		return
-	}
-}
-
-type structFieldNode struct {
-	v      reflect.Value
-	cache2 structFieldNodeCache
-	cache3 structFieldNodeCache
-	update bool
-}
-
-func (x *structFieldNode) field(si *structFieldInfo) (fv reflect.Value) {
-	// return si.fieldval(x.v, x.update)
-	// Note: we only cache if nis=2 or nis=3 i.e. up to 2 levels of embedding
-	// This mostly saves us time on the repeated calls to v.Elem, v.Field, etc.
-	var valid bool
-	switch si.nis {
-	case 1:
-		fv = x.v.Field(int(si.is[0]))
-	case 2:
-		if fv, valid = x.cache2.get(uint32(si.is[0])); valid {
-			fv = fv.Field(int(si.is[1]))
-			return
-		}
-		fv = x.v.Field(int(si.is[0]))
-		if fv, valid = baseStructRv(fv, x.update); !valid {
-			return
-		}
-		x.cache2.tryAdd(fv, uint32(si.is[0]))
-		fv = fv.Field(int(si.is[1]))
-	case 3:
-		var key uint32 = uint32(si.is[0])<<16 | uint32(si.is[1])
-		if fv, valid = x.cache3.get(key); valid {
-			fv = fv.Field(int(si.is[2]))
-			return
-		}
-		fv = x.v.Field(int(si.is[0]))
-		if fv, valid = baseStructRv(fv, x.update); !valid {
-			return
-		}
-		fv = fv.Field(int(si.is[1]))
-		if fv, valid = baseStructRv(fv, x.update); !valid {
-			return
-		}
-		x.cache3.tryAdd(fv, key)
-		fv = fv.Field(int(si.is[2]))
-	default:
-		fv, _ = si.field(x.v, x.update)
-	}
-	return
-}
-
-func baseStructRv(v reflect.Value, update bool) (v2 reflect.Value, valid bool) {
-	for v.Kind() == reflect.Ptr {
-		if v.IsNil() {
-			if !update {
-				return
-			}
-			v.Set(reflect.New(v.Type().Elem()))
-		}
-		v = v.Elem()
-	}
-	return v, true
-}
-
-type typeInfoFlag uint8
-
-const (
-	typeInfoFlagComparable = 1 << iota
-	typeInfoFlagIsZeroer
-	typeInfoFlagIsZeroerPtr
-)
-
-// typeInfo keeps information about each (non-ptr) type referenced in the encode/decode sequence.
-//
-// During an encode/decode sequence, we work as below:
-//   - If base is a built in type, en/decode base value
-//   - If base is registered as an extension, en/decode base value
-//   - If type is binary(M/Unm)arshaler, call Binary(M/Unm)arshal method
-//   - If type is text(M/Unm)arshaler, call Text(M/Unm)arshal method
-//   - Else decode appropriately based on the reflect.Kind
-type typeInfo struct {
-	rt      reflect.Type
-	elem    reflect.Type
-	pkgpath string
-
-	rtid uintptr
-	// rv0  reflect.Value // saved zero value, used if immutableKind
-
-	numMeth uint16 // number of methods
-	kind    uint8
-	chandir uint8
-
-	anyOmitEmpty bool      // true if a struct, and any of the fields are tagged "omitempty"
-	toArray      bool      // whether this (struct) type should be encoded as an array
-	keyType      valueType // if struct, how is the field name stored in a stream? default is string
-	mbs          bool      // base type (T or *T) is a MapBySlice
-
-	// ---- cpu cache line boundary?
-	sfiSort []*structFieldInfo // sorted. Used when enc/dec struct to map.
-	sfiSrc  []*structFieldInfo // unsorted. Used when enc/dec struct to array.
-
-	key reflect.Type
-
-	// ---- cpu cache line boundary?
-	// sfis         []structFieldInfo // all sfi, in src order, as created.
-	sfiNamesSort []byte // all names, with indexes into the sfiSort
-
-	// format of marshal type fields below: [btj][mu]p? OR csp?
-
-	bm  bool // T is a binaryMarshaler
-	bmp bool // *T is a binaryMarshaler
-	bu  bool // T is a binaryUnmarshaler
-	bup bool // *T is a binaryUnmarshaler
-	tm  bool // T is a textMarshaler
-	tmp bool // *T is a textMarshaler
-	tu  bool // T is a textUnmarshaler
-	tup bool // *T is a textUnmarshaler
-
-	jm  bool // T is a jsonMarshaler
-	jmp bool // *T is a jsonMarshaler
-	ju  bool // T is a jsonUnmarshaler
-	jup bool // *T is a jsonUnmarshaler
-	cs  bool // T is a Selfer
-	csp bool // *T is a Selfer
-
-	// other flags, with individual bits representing if set.
-	flags typeInfoFlag
-
-	// _ [2]byte   // padding
-	_ [3]uint64 // padding
-}
-
-func (ti *typeInfo) isFlag(f typeInfoFlag) bool {
-	return ti.flags&f != 0
-}
-
-func (ti *typeInfo) indexForEncName(name []byte) (index int16) {
-	var sn []byte
-	if len(name)+2 <= 32 {
-		var buf [32]byte // should not escape
-		sn = buf[:len(name)+2]
-	} else {
-		sn = make([]byte, len(name)+2)
-	}
-	copy(sn[1:], name)
-	sn[0], sn[len(sn)-1] = tiSep2(name), 0xff
-	j := bytes.Index(ti.sfiNamesSort, sn)
-	if j < 0 {
-		return -1
-	}
-	index = int16(uint16(ti.sfiNamesSort[j+len(sn)+1]) | uint16(ti.sfiNamesSort[j+len(sn)])<<8)
-	return
-}
-
-type rtid2ti struct {
-	rtid uintptr
-	ti   *typeInfo
-}
-
-// TypeInfos caches typeInfo for each type on first inspection.
-//
-// It is configured with a set of tag keys, which are used to get
-// configuration for the type.
-type TypeInfos struct {
-	// infos: formerly map[uintptr]*typeInfo, now *[]rtid2ti, 2 words expected
-	infos atomicTypeInfoSlice
-	mu    sync.Mutex
-	tags  []string
-	_     [2]uint64 // padding
-}
-
-// NewTypeInfos creates a TypeInfos given a set of struct tags keys.
-//
-// This allows users customize the struct tag keys which contain configuration
-// of their types.
-func NewTypeInfos(tags []string) *TypeInfos {
-	return &TypeInfos{tags: tags}
-}
-
-func (x *TypeInfos) structTag(t reflect.StructTag) (s string) {
-	// check for tags: codec, json, in that order.
-	// this allows seamless support for many configured structs.
-	for _, x := range x.tags {
-		s = t.Get(x)
-		if s != "" {
-			return s
-		}
-	}
-	return
-}
-
-func (x *TypeInfos) find(s []rtid2ti, rtid uintptr) (idx int, ti *typeInfo) {
-	// binary search. adapted from sort/search.go.
-	// if sp == nil {
-	// 	return -1, nil
-	// }
-	// s := *sp
-	h, i, j := 0, 0, len(s)
-	for i < j {
-		h = i + (j-i)/2
-		if s[h].rtid < rtid {
-			i = h + 1
-		} else {
-			j = h
-		}
-	}
-	if i < len(s) && s[i].rtid == rtid {
-		return i, s[i].ti
-	}
-	return i, nil
-}
-
-func (x *TypeInfos) get(rtid uintptr, rt reflect.Type) (pti *typeInfo) {
-	sp := x.infos.load()
-	var idx int
-	if sp != nil {
-		idx, pti = x.find(sp, rtid)
-		if pti != nil {
-			return
-		}
-	}
-
-	rk := rt.Kind()
-
-	if rk == reflect.Ptr { // || (rk == reflect.Interface && rtid != intfTypId) {
-		panicv.errorf("invalid kind passed to TypeInfos.get: %v - %v", rk, rt)
-	}
-
-	// do not hold lock while computing this.
-	// it may lead to duplication, but that's ok.
-	ti := typeInfo{rt: rt, rtid: rtid, kind: uint8(rk), pkgpath: rt.PkgPath()}
-	// ti.rv0 = reflect.Zero(rt)
-
-	// ti.comparable = rt.Comparable()
-	ti.numMeth = uint16(rt.NumMethod())
-
-	ti.bm, ti.bmp = implIntf(rt, binaryMarshalerTyp)
-	ti.bu, ti.bup = implIntf(rt, binaryUnmarshalerTyp)
-	ti.tm, ti.tmp = implIntf(rt, textMarshalerTyp)
-	ti.tu, ti.tup = implIntf(rt, textUnmarshalerTyp)
-	ti.jm, ti.jmp = implIntf(rt, jsonMarshalerTyp)
-	ti.ju, ti.jup = implIntf(rt, jsonUnmarshalerTyp)
-	ti.cs, ti.csp = implIntf(rt, selferTyp)
-
-	b1, b2 := implIntf(rt, iszeroTyp)
-	if b1 {
-		ti.flags |= typeInfoFlagIsZeroer
-	}
-	if b2 {
-		ti.flags |= typeInfoFlagIsZeroerPtr
-	}
-	if rt.Comparable() {
-		ti.flags |= typeInfoFlagComparable
-	}
-
-	switch rk {
-	case reflect.Struct:
-		var omitEmpty bool
-		if f, ok := rt.FieldByName(structInfoFieldName); ok {
-			ti.toArray, omitEmpty, ti.keyType = parseStructInfo(x.structTag(f.Tag))
-		} else {
-			ti.keyType = valueTypeString
-		}
-		pp, pi := pool.tiLoad()
-		pv := pi.(*typeInfoLoadArray)
-		pv.etypes[0] = ti.rtid
-		// vv := typeInfoLoad{pv.fNames[:0], pv.encNames[:0], pv.etypes[:1], pv.sfis[:0]}
-		vv := typeInfoLoad{pv.etypes[:1], pv.sfis[:0]}
-		x.rget(rt, rtid, omitEmpty, nil, &vv)
-		// ti.sfis = vv.sfis
-		ti.sfiSrc, ti.sfiSort, ti.sfiNamesSort, ti.anyOmitEmpty = rgetResolveSFI(rt, vv.sfis, pv)
-		pp.Put(pi)
-	case reflect.Map:
-		ti.elem = rt.Elem()
-		ti.key = rt.Key()
-	case reflect.Slice:
-		ti.mbs, _ = implIntf(rt, mapBySliceTyp)
-		ti.elem = rt.Elem()
-	case reflect.Chan:
-		ti.elem = rt.Elem()
-		ti.chandir = uint8(rt.ChanDir())
-	case reflect.Array, reflect.Ptr:
-		ti.elem = rt.Elem()
-	}
-	// sfi = sfiSrc
-
-	x.mu.Lock()
-	sp = x.infos.load()
-	if sp == nil {
-		pti = &ti
-		vs := []rtid2ti{{rtid, pti}}
-		x.infos.store(vs)
-	} else {
-		idx, pti = x.find(sp, rtid)
-		if pti == nil {
-			pti = &ti
-			vs := make([]rtid2ti, len(sp)+1)
-			copy(vs, sp[:idx])
-			copy(vs[idx+1:], sp[idx:])
-			vs[idx] = rtid2ti{rtid, pti}
-			x.infos.store(vs)
-		}
-	}
-	x.mu.Unlock()
-	return
-}
-
-func (x *TypeInfos) rget(rt reflect.Type, rtid uintptr, omitEmpty bool,
-	indexstack []uint16, pv *typeInfoLoad) {
-	// Read up fields and store how to access the value.
-	//
-	// It uses go's rules for message selectors,
-	// which say that the field with the shallowest depth is selected.
-	//
-	// Note: we consciously use slices, not a map, to simulate a set.
-	//       Typically, types have < 16 fields,
-	//       and iteration using equals is faster than maps there
-	flen := rt.NumField()
-	if flen > (1<<maxLevelsEmbedding - 1) {
-		panicv.errorf("codec: types with > %v fields are not supported - has %v fields",
-			(1<<maxLevelsEmbedding - 1), flen)
-	}
-	// pv.sfis = make([]structFieldInfo, flen)
-LOOP:
-	for j, jlen := uint16(0), uint16(flen); j < jlen; j++ {
-		f := rt.Field(int(j))
-		fkind := f.Type.Kind()
-		// skip if a func type, or is unexported, or structTag value == "-"
-		switch fkind {
-		case reflect.Func, reflect.Complex64, reflect.Complex128, reflect.UnsafePointer:
-			continue LOOP
-		}
-
-		isUnexported := f.PkgPath != ""
-		if isUnexported && !f.Anonymous {
-			continue
-		}
-		stag := x.structTag(f.Tag)
-		if stag == "-" {
-			continue
-		}
-		var si structFieldInfo
-		var parsed bool
-		// if anonymous and no struct tag (or it's blank),
-		// and a struct (or pointer to struct), inline it.
-		if f.Anonymous && fkind != reflect.Interface {
-			// ^^ redundant but ok: per go spec, an embedded pointer type cannot be to an interface
-			ft := f.Type
-			isPtr := ft.Kind() == reflect.Ptr
-			for ft.Kind() == reflect.Ptr {
-				ft = ft.Elem()
-			}
-			isStruct := ft.Kind() == reflect.Struct
-
-			// Ignore embedded fields of unexported non-struct types.
-			// Also, from go1.10, ignore pointers to unexported struct types
-			// because unmarshal cannot assign a new struct to an unexported field.
-			// See https://golang.org/issue/21357
-			if (isUnexported && !isStruct) || (!allowSetUnexportedEmbeddedPtr && isUnexported && isPtr) {
-				continue
-			}
-			doInline := stag == ""
-			if !doInline {
-				si.parseTag(stag)
-				parsed = true
-				doInline = si.encName == ""
-				// doInline = si.isZero()
-			}
-			if doInline && isStruct {
-				// if etypes contains this, don't call rget again (as fields are already seen here)
-				ftid := rt2id(ft)
-				// We cannot recurse forever, but we need to track other field depths.
-				// So - we break if we see a type twice (not the first time).
-				// This should be sufficient to handle an embedded type that refers to its
-				// owning type, which then refers to its embedded type.
-				processIt := true
-				numk := 0
-				for _, k := range pv.etypes {
-					if k == ftid {
-						numk++
-						if numk == rgetMaxRecursion {
-							processIt = false
-							break
-						}
-					}
-				}
-				if processIt {
-					pv.etypes = append(pv.etypes, ftid)
-					indexstack2 := make([]uint16, len(indexstack)+1)
-					copy(indexstack2, indexstack)
-					indexstack2[len(indexstack)] = j
-					// indexstack2 := append(append(make([]int, 0, len(indexstack)+4), indexstack...), j)
-					x.rget(ft, ftid, omitEmpty, indexstack2, pv)
-				}
-				continue
-			}
-		}
-
-		// after the anonymous dance: if an unexported field, skip
-		if isUnexported {
-			continue
-		}
-
-		if f.Name == "" {
-			panic(errNoFieldNameToStructFieldInfo)
-		}
-
-		// pv.fNames = append(pv.fNames, f.Name)
-		// if si.encName == "" {
-
-		if !parsed {
-			si.encName = f.Name
-			si.parseTag(stag)
-			parsed = true
-		} else if si.encName == "" {
-			si.encName = f.Name
-		}
-		si.fieldName = f.Name
-		si.flagSet(structFieldInfoFlagReady)
-
-		// pv.encNames = append(pv.encNames, si.encName)
-
-		// si.ikind = int(f.Type.Kind())
-		if len(indexstack) > maxLevelsEmbedding-1 {
-			panicv.errorf("codec: only supports up to %v depth of embedding - type has %v depth",
-				maxLevelsEmbedding-1, len(indexstack))
-		}
-		si.nis = uint8(len(indexstack)) + 1
-		copy(si.is[:], indexstack)
-		si.is[len(indexstack)] = j
-
-		if omitEmpty {
-			si.flagSet(structFieldInfoFlagOmitEmpty)
-		}
-		pv.sfis = append(pv.sfis, si)
-	}
-}
-
-func tiSep(name string) uint8 {
-	// (xn[0]%64) // (between 192-255 - outside ascii BMP)
-	// return 0xfe - (name[0] & 63)
-	// return 0xfe - (name[0] & 63) - uint8(len(name))
-	// return 0xfe - (name[0] & 63) - uint8(len(name)&63)
-	// return ((0xfe - (name[0] & 63)) & 0xf8) | (uint8(len(name) & 0x07))
-	return 0xfe - (name[0] & 63) - uint8(len(name)&63)
-}
-
-func tiSep2(name []byte) uint8 {
-	return 0xfe - (name[0] & 63) - uint8(len(name)&63)
-}
-
-// resolves the struct field info got from a call to rget.
-// Returns a trimmed, unsorted and sorted []*structFieldInfo.
-func rgetResolveSFI(rt reflect.Type, x []structFieldInfo, pv *typeInfoLoadArray) (
-	y, z []*structFieldInfo, ss []byte, anyOmitEmpty bool) {
-	sa := pv.sfiidx[:0]
-	sn := pv.b[:]
-	n := len(x)
-
-	var xn string
-	var ui uint16
-	var sep byte
-
-	for i := range x {
-		ui = uint16(i)
-		xn = x[i].encName // fieldName or encName? use encName for now.
-		if len(xn)+2 > cap(pv.b) {
-			sn = make([]byte, len(xn)+2)
-		} else {
-			sn = sn[:len(xn)+2]
-		}
-		// use a custom sep, so that misses are less frequent,
-		// since the sep (first char in search) is as unique as first char in field name.
-		sep = tiSep(xn)
-		sn[0], sn[len(sn)-1] = sep, 0xff
-		copy(sn[1:], xn)
-		j := bytes.Index(sa, sn)
-		if j == -1 {
-			sa = append(sa, sep)
-			sa = append(sa, xn...)
-			sa = append(sa, 0xff, byte(ui>>8), byte(ui))
-		} else {
-			index := uint16(sa[j+len(sn)+1]) | uint16(sa[j+len(sn)])<<8
-			// one of them must be reset to nil,
-			// and the index updated appropriately to the other one
-			if x[i].nis == x[index].nis {
-			} else if x[i].nis < x[index].nis {
-				sa[j+len(sn)], sa[j+len(sn)+1] = byte(ui>>8), byte(ui)
-				if x[index].ready() {
-					x[index].flagClr(structFieldInfoFlagReady)
-					n--
-				}
-			} else {
-				if x[i].ready() {
-					x[i].flagClr(structFieldInfoFlagReady)
-					n--
-				}
-			}
-		}
-
-	}
-	var w []structFieldInfo
-	sharingArray := len(x) <= typeInfoLoadArraySfisLen // sharing array with typeInfoLoadArray
-	if sharingArray {
-		w = make([]structFieldInfo, n)
-	}
-
-	// remove all the nils (non-ready)
-	y = make([]*structFieldInfo, n)
-	n = 0
-	var sslen int
-	for i := range x {
-		if !x[i].ready() {
-			continue
-		}
-		if !anyOmitEmpty && x[i].omitEmpty() {
-			anyOmitEmpty = true
-		}
-		if sharingArray {
-			w[n] = x[i]
-			y[n] = &w[n]
-		} else {
-			y[n] = &x[i]
-		}
-		sslen = sslen + len(x[i].encName) + 4
-		n++
-	}
-	if n != len(y) {
-		panicv.errorf("failure reading struct %v - expecting %d of %d valid fields, got %d",
-			rt, len(y), len(x), n)
-	}
-
-	z = make([]*structFieldInfo, len(y))
-	copy(z, y)
-	sort.Sort(sfiSortedByEncName(z))
-
-	sharingArray = len(sa) <= typeInfoLoadArraySfiidxLen
-	if sharingArray {
-		ss = make([]byte, 0, sslen)
-	} else {
-		ss = sa[:0] // reuse the newly made sa array if necessary
-	}
-	for i := range z {
-		xn = z[i].encName
-		sep = tiSep(xn)
-		ui = uint16(i)
-		ss = append(ss, sep)
-		ss = append(ss, xn...)
-		ss = append(ss, 0xff, byte(ui>>8), byte(ui))
-	}
-	return
-}
-
-func implIntf(rt, iTyp reflect.Type) (base bool, indir bool) {
-	return rt.Implements(iTyp), reflect.PtrTo(rt).Implements(iTyp)
-}
-
-// isEmptyStruct is only called from isEmptyValue, and checks if a struct is empty:
-//    - does it implement IsZero() bool
-//    - is it comparable, and can i compare directly using ==
-//    - if checkStruct, then walk through the encodable fields
-//      and check if they are empty or not.
-func isEmptyStruct(v reflect.Value, tinfos *TypeInfos, deref, checkStruct bool) bool {
-	// v is a struct kind - no need to check again.
-	// We only check isZero on a struct kind, to reduce the amount of times
-	// that we lookup the rtid and typeInfo for each type as we walk the tree.
-
-	vt := v.Type()
-	rtid := rt2id(vt)
-	if tinfos == nil {
-		tinfos = defTypeInfos
-	}
-	ti := tinfos.get(rtid, vt)
-	if ti.rtid == timeTypId {
-		return rv2i(v).(time.Time).IsZero()
-	}
-	if ti.isFlag(typeInfoFlagIsZeroerPtr) && v.CanAddr() {
-		return rv2i(v.Addr()).(isZeroer).IsZero()
-	}
-	if ti.isFlag(typeInfoFlagIsZeroer) {
-		return rv2i(v).(isZeroer).IsZero()
-	}
-	if ti.isFlag(typeInfoFlagComparable) {
-		return rv2i(v) == rv2i(reflect.Zero(vt))
-	}
-	if !checkStruct {
-		return false
-	}
-	// We only care about what we can encode/decode,
-	// so that is what we use to check omitEmpty.
-	for _, si := range ti.sfiSrc {
-		sfv, valid := si.field(v, false)
-		if valid && !isEmptyValue(sfv, tinfos, deref, checkStruct) {
-			return false
-		}
-	}
-	return true
-}
-
-// func roundFloat(x float64) float64 {
-// 	t := math.Trunc(x)
-// 	if math.Abs(x-t) >= 0.5 {
-// 		return t + math.Copysign(1, x)
-// 	}
-// 	return t
-// }
-
-func panicToErr(h errstrDecorator, err *error) {
-	// Note: This method MUST be called directly from defer i.e. defer panicToErr ...
-	// else it seems the recover is not fully handled
-	if recoverPanicToErr {
-		if x := recover(); x != nil {
-			// fmt.Printf("panic'ing with: %v\n", x)
-			// debug.PrintStack()
-			panicValToErr(h, x, err)
-		}
-	}
-}
-
-func panicValToErr(h errstrDecorator, v interface{}, err *error) {
-	switch xerr := v.(type) {
-	case nil:
-	case error:
-		switch xerr {
-		case nil:
-		case io.EOF, io.ErrUnexpectedEOF, errEncoderNotInitialized, errDecoderNotInitialized:
-			// treat as special (bubble up)
-			*err = xerr
-		default:
-			h.wrapErrstr(xerr.Error(), err)
-		}
-	case string:
-		if xerr != "" {
-			h.wrapErrstr(xerr, err)
-		}
-	case fmt.Stringer:
-		if xerr != nil {
-			h.wrapErrstr(xerr.String(), err)
-		}
-	default:
-		h.wrapErrstr(v, err)
-	}
-}
-
-func isImmutableKind(k reflect.Kind) (v bool) {
-	return immutableKindsSet[k]
-}
-
-// ----
-
-type codecFnInfo struct {
-	ti    *typeInfo
-	xfFn  Ext
-	xfTag uint64
-	seq   seqType
-	addrD bool
-	addrF bool // if addrD, this says whether decode function can take a value or a ptr
-	addrE bool
-	ready bool // ready to use
-}
-
-// codecFn encapsulates the captured variables and the encode function.
-// This way, we only do some calculations one times, and pass to the
-// code block that should be called (encapsulated in a function)
-// instead of executing the checks every time.
-type codecFn struct {
-	i  codecFnInfo
-	fe func(*Encoder, *codecFnInfo, reflect.Value)
-	fd func(*Decoder, *codecFnInfo, reflect.Value)
-	_  [1]uint64 // padding
-}
-
-type codecRtidFn struct {
-	rtid uintptr
-	fn   *codecFn
-}
-
-type codecFner struct {
-	// hh Handle
-	h  *BasicHandle
-	s  []codecRtidFn
-	be bool
-	js bool
-	_  [6]byte   // padding
-	_  [3]uint64 // padding
-}
-
-func (c *codecFner) reset(hh Handle) {
-	bh := hh.getBasicHandle()
-	// only reset iff extensions changed or *TypeInfos changed
-	var hhSame = true &&
-		c.h == bh && c.h.TypeInfos == bh.TypeInfos &&
-		len(c.h.extHandle) == len(bh.extHandle) &&
-		(len(c.h.extHandle) == 0 || &c.h.extHandle[0] == &bh.extHandle[0])
-	if !hhSame {
-		// c.hh = hh
-		c.h, bh = bh, c.h // swap both
-		_, c.js = hh.(*JsonHandle)
-		c.be = hh.isBinary()
-		for i := range c.s {
-			c.s[i].fn.i.ready = false
-		}
-	}
-}
-
-func (c *codecFner) get(rt reflect.Type, checkFastpath, checkCodecSelfer bool) (fn *codecFn) {
-	rtid := rt2id(rt)
-
-	for _, x := range c.s {
-		if x.rtid == rtid {
-			// if rtid exists, then there's a *codenFn attached (non-nil)
-			fn = x.fn
-			if fn.i.ready {
-				return
-			}
-			break
-		}
-	}
-	var ti *typeInfo
-	if fn == nil {
-		fn = new(codecFn)
-		if c.s == nil {
-			c.s = make([]codecRtidFn, 0, 8)
-		}
-		c.s = append(c.s, codecRtidFn{rtid, fn})
-	} else {
-		ti = fn.i.ti
-		*fn = codecFn{}
-		fn.i.ti = ti
-		// fn.fe, fn.fd = nil, nil
-	}
-	fi := &(fn.i)
-	fi.ready = true
-	if ti == nil {
-		ti = c.h.getTypeInfo(rtid, rt)
-		fi.ti = ti
-	}
-
-	rk := reflect.Kind(ti.kind)
-
-	if checkCodecSelfer && (ti.cs || ti.csp) {
-		fn.fe = (*Encoder).selferMarshal
-		fn.fd = (*Decoder).selferUnmarshal
-		fi.addrF = true
-		fi.addrD = ti.csp
-		fi.addrE = ti.csp
-	} else if rtid == timeTypId {
-		fn.fe = (*Encoder).kTime
-		fn.fd = (*Decoder).kTime
-	} else if rtid == rawTypId {
-		fn.fe = (*Encoder).raw
-		fn.fd = (*Decoder).raw
-	} else if rtid == rawExtTypId {
-		fn.fe = (*Encoder).rawExt
-		fn.fd = (*Decoder).rawExt
-		fi.addrF = true
-		fi.addrD = true
-		fi.addrE = true
-	} else if xfFn := c.h.getExt(rtid); xfFn != nil {
-		fi.xfTag, fi.xfFn = xfFn.tag, xfFn.ext
-		fn.fe = (*Encoder).ext
-		fn.fd = (*Decoder).ext
-		fi.addrF = true
-		fi.addrD = true
-		if rk == reflect.Struct || rk == reflect.Array {
-			fi.addrE = true
-		}
-	} else if supportMarshalInterfaces && c.be && (ti.bm || ti.bmp) && (ti.bu || ti.bup) {
-		fn.fe = (*Encoder).binaryMarshal
-		fn.fd = (*Decoder).binaryUnmarshal
-		fi.addrF = true
-		fi.addrD = ti.bup
-		fi.addrE = ti.bmp
-	} else if supportMarshalInterfaces && !c.be && c.js && (ti.jm || ti.jmp) && (ti.ju || ti.jup) {
-		//If JSON, we should check JSONMarshal before textMarshal
-		fn.fe = (*Encoder).jsonMarshal
-		fn.fd = (*Decoder).jsonUnmarshal
-		fi.addrF = true
-		fi.addrD = ti.jup
-		fi.addrE = ti.jmp
-	} else if supportMarshalInterfaces && !c.be && (ti.tm || ti.tmp) && (ti.tu || ti.tup) {
-		fn.fe = (*Encoder).textMarshal
-		fn.fd = (*Decoder).textUnmarshal
-		fi.addrF = true
-		fi.addrD = ti.tup
-		fi.addrE = ti.tmp
-	} else {
-		if fastpathEnabled && checkFastpath && (rk == reflect.Map || rk == reflect.Slice) {
-			if ti.pkgpath == "" { // un-named slice or map
-				if idx := fastpathAV.index(rtid); idx != -1 {
-					fn.fe = fastpathAV[idx].encfn
-					fn.fd = fastpathAV[idx].decfn
-					fi.addrD = true
-					fi.addrF = false
-				}
-			} else {
-				// use mapping for underlying type if there
-				var rtu reflect.Type
-				if rk == reflect.Map {
-					rtu = reflect.MapOf(ti.key, ti.elem)
-				} else {
-					rtu = reflect.SliceOf(ti.elem)
-				}
-				rtuid := rt2id(rtu)
-				if idx := fastpathAV.index(rtuid); idx != -1 {
-					xfnf := fastpathAV[idx].encfn
-					xrt := fastpathAV[idx].rt
-					fn.fe = func(e *Encoder, xf *codecFnInfo, xrv reflect.Value) {
-						xfnf(e, xf, xrv.Convert(xrt))
-					}
-					fi.addrD = true
-					fi.addrF = false // meaning it can be an address(ptr) or a value
-					xfnf2 := fastpathAV[idx].decfn
-					fn.fd = func(d *Decoder, xf *codecFnInfo, xrv reflect.Value) {
-						if xrv.Kind() == reflect.Ptr {
-							xfnf2(d, xf, xrv.Convert(reflect.PtrTo(xrt)))
-						} else {
-							xfnf2(d, xf, xrv.Convert(xrt))
-						}
-					}
-				}
-			}
-		}
-		if fn.fe == nil && fn.fd == nil {
-			switch rk {
-			case reflect.Bool:
-				fn.fe = (*Encoder).kBool
-				fn.fd = (*Decoder).kBool
-			case reflect.String:
-				fn.fe = (*Encoder).kString
-				fn.fd = (*Decoder).kString
-			case reflect.Int:
-				fn.fd = (*Decoder).kInt
-				fn.fe = (*Encoder).kInt
-			case reflect.Int8:
-				fn.fe = (*Encoder).kInt8
-				fn.fd = (*Decoder).kInt8
-			case reflect.Int16:
-				fn.fe = (*Encoder).kInt16
-				fn.fd = (*Decoder).kInt16
-			case reflect.Int32:
-				fn.fe = (*Encoder).kInt32
-				fn.fd = (*Decoder).kInt32
-			case reflect.Int64:
-				fn.fe = (*Encoder).kInt64
-				fn.fd = (*Decoder).kInt64
-			case reflect.Uint:
-				fn.fd = (*Decoder).kUint
-				fn.fe = (*Encoder).kUint
-			case reflect.Uint8:
-				fn.fe = (*Encoder).kUint8
-				fn.fd = (*Decoder).kUint8
-			case reflect.Uint16:
-				fn.fe = (*Encoder).kUint16
-				fn.fd = (*Decoder).kUint16
-			case reflect.Uint32:
-				fn.fe = (*Encoder).kUint32
-				fn.fd = (*Decoder).kUint32
-			case reflect.Uint64:
-				fn.fe = (*Encoder).kUint64
-				fn.fd = (*Decoder).kUint64
-			case reflect.Uintptr:
-				fn.fe = (*Encoder).kUintptr
-				fn.fd = (*Decoder).kUintptr
-			case reflect.Float32:
-				fn.fe = (*Encoder).kFloat32
-				fn.fd = (*Decoder).kFloat32
-			case reflect.Float64:
-				fn.fe = (*Encoder).kFloat64
-				fn.fd = (*Decoder).kFloat64
-			case reflect.Invalid:
-				fn.fe = (*Encoder).kInvalid
-				fn.fd = (*Decoder).kErr
-			case reflect.Chan:
-				fi.seq = seqTypeChan
-				fn.fe = (*Encoder).kSlice
-				fn.fd = (*Decoder).kSlice
-			case reflect.Slice:
-				fi.seq = seqTypeSlice
-				fn.fe = (*Encoder).kSlice
-				fn.fd = (*Decoder).kSlice
-			case reflect.Array:
-				fi.seq = seqTypeArray
-				fn.fe = (*Encoder).kSlice
-				fi.addrF = false
-				fi.addrD = false
-				rt2 := reflect.SliceOf(ti.elem)
-				fn.fd = func(d *Decoder, xf *codecFnInfo, xrv reflect.Value) {
-					d.cfer().get(rt2, true, false).fd(d, xf, xrv.Slice(0, xrv.Len()))
-				}
-				// fn.fd = (*Decoder).kArray
-			case reflect.Struct:
-				if ti.anyOmitEmpty {
-					fn.fe = (*Encoder).kStruct
-				} else {
-					fn.fe = (*Encoder).kStructNoOmitempty
-				}
-				fn.fd = (*Decoder).kStruct
-			case reflect.Map:
-				fn.fe = (*Encoder).kMap
-				fn.fd = (*Decoder).kMap
-			case reflect.Interface:
-				// encode: reflect.Interface are handled already by preEncodeValue
-				fn.fd = (*Decoder).kInterface
-				fn.fe = (*Encoder).kErr
-			default:
-				// reflect.Ptr and reflect.Interface are handled already by preEncodeValue
-				fn.fe = (*Encoder).kErr
-				fn.fd = (*Decoder).kErr
-			}
-		}
-	}
-	return
-}
-
-type codecFnPooler struct {
-	cf  *codecFner
-	cfp *sync.Pool
-	hh  Handle
-}
-
-func (d *codecFnPooler) cfer() *codecFner {
-	if d.cf == nil {
-		var v interface{}
-		d.cfp, v = pool.codecFner()
-		d.cf = v.(*codecFner)
-		d.cf.reset(d.hh)
-	}
-	return d.cf
-}
-
-func (d *codecFnPooler) alwaysAtEnd() {
-	if d.cf != nil {
-		d.cfp.Put(d.cf)
-		d.cf, d.cfp = nil, nil
-	}
-}
-
-// ----
-
-// these "checkOverflow" functions must be inlinable, and not call anybody.
-// Overflow means that the value cannot be represented without wrapping/overflow.
-// Overflow=false does not mean that the value can be represented without losing precision
-// (especially for floating point).
-
-type checkOverflow struct{}
-
-// func (checkOverflow) Float16(f float64) (overflow bool) {
-// 	panicv.errorf("unimplemented")
-// 	if f < 0 {
-// 		f = -f
-// 	}
-// 	return math.MaxFloat32 < f && f <= math.MaxFloat64
-// }
-
-func (checkOverflow) Float32(v float64) (overflow bool) {
-	if v < 0 {
-		v = -v
-	}
-	return math.MaxFloat32 < v && v <= math.MaxFloat64
-}
-func (checkOverflow) Uint(v uint64, bitsize uint8) (overflow bool) {
-	if bitsize == 0 || bitsize >= 64 || v == 0 {
-		return
-	}
-	if trunc := (v << (64 - bitsize)) >> (64 - bitsize); v != trunc {
-		overflow = true
-	}
-	return
-}
-func (checkOverflow) Int(v int64, bitsize uint8) (overflow bool) {
-	if bitsize == 0 || bitsize >= 64 || v == 0 {
-		return
-	}
-	if trunc := (v << (64 - bitsize)) >> (64 - bitsize); v != trunc {
-		overflow = true
-	}
-	return
-}
-func (checkOverflow) SignedInt(v uint64) (overflow bool) {
-	//e.g. -127 to 128 for int8
-	pos := (v >> 63) == 0
-	ui2 := v & 0x7fffffffffffffff
-	if pos {
-		if ui2 > math.MaxInt64 {
-			overflow = true
-		}
-	} else {
-		if ui2 > math.MaxInt64-1 {
-			overflow = true
-		}
-	}
-	return
-}
-
-func (x checkOverflow) Float32V(v float64) float64 {
-	if x.Float32(v) {
-		panicv.errorf("float32 overflow: %v", v)
-	}
-	return v
-}
-func (x checkOverflow) UintV(v uint64, bitsize uint8) uint64 {
-	if x.Uint(v, bitsize) {
-		panicv.errorf("uint64 overflow: %v", v)
-	}
-	return v
-}
-func (x checkOverflow) IntV(v int64, bitsize uint8) int64 {
-	if x.Int(v, bitsize) {
-		panicv.errorf("int64 overflow: %v", v)
-	}
-	return v
-}
-func (x checkOverflow) SignedIntV(v uint64) int64 {
-	if x.SignedInt(v) {
-		panicv.errorf("uint64 to int64 overflow: %v", v)
-	}
-	return int64(v)
-}
-
-// ------------------ SORT -----------------
-
-func isNaN(f float64) bool { return f != f }
-
-// -----------------------
-
-type ioFlusher interface {
-	Flush() error
-}
-
-type ioPeeker interface {
-	Peek(int) ([]byte, error)
-}
-
-type ioBuffered interface {
-	Buffered() int
-}
-
-// -----------------------
-
-type intSlice []int64
-type uintSlice []uint64
-
-// type uintptrSlice []uintptr
-type floatSlice []float64
-type boolSlice []bool
-type stringSlice []string
-
-// type bytesSlice [][]byte
-
-func (p intSlice) Len() int           { return len(p) }
-func (p intSlice) Less(i, j int) bool { return p[i] < p[j] }
-func (p intSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-func (p uintSlice) Len() int           { return len(p) }
-func (p uintSlice) Less(i, j int) bool { return p[i] < p[j] }
-func (p uintSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-// func (p uintptrSlice) Len() int           { return len(p) }
-// func (p uintptrSlice) Less(i, j int) bool { return p[i] < p[j] }
-// func (p uintptrSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-func (p floatSlice) Len() int { return len(p) }
-func (p floatSlice) Less(i, j int) bool {
-	return p[i] < p[j] || isNaN(p[i]) && !isNaN(p[j])
-}
-func (p floatSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
-
-func (p stringSlice) Len() int           { return len(p) }
-func (p stringSlice) Less(i, j int) bool { return p[i] < p[j] }
-func (p stringSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-// func (p bytesSlice) Len() int           { return len(p) }
-// func (p bytesSlice) Less(i, j int) bool { return bytes.Compare(p[i], p[j]) == -1 }
-// func (p bytesSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-func (p boolSlice) Len() int           { return len(p) }
-func (p boolSlice) Less(i, j int) bool { return !p[i] && p[j] }
-func (p boolSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-// ---------------------
-
-type intRv struct {
-	v int64
-	r reflect.Value
-}
-type intRvSlice []intRv
-type uintRv struct {
-	v uint64
-	r reflect.Value
-}
-type uintRvSlice []uintRv
-type floatRv struct {
-	v float64
-	r reflect.Value
-}
-type floatRvSlice []floatRv
-type boolRv struct {
-	v bool
-	r reflect.Value
-}
-type boolRvSlice []boolRv
-type stringRv struct {
-	v string
-	r reflect.Value
-}
-type stringRvSlice []stringRv
-type bytesRv struct {
-	v []byte
-	r reflect.Value
-}
-type bytesRvSlice []bytesRv
-type timeRv struct {
-	v time.Time
-	r reflect.Value
-}
-type timeRvSlice []timeRv
-
-func (p intRvSlice) Len() int           { return len(p) }
-func (p intRvSlice) Less(i, j int) bool { return p[i].v < p[j].v }
-func (p intRvSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-func (p uintRvSlice) Len() int           { return len(p) }
-func (p uintRvSlice) Less(i, j int) bool { return p[i].v < p[j].v }
-func (p uintRvSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-func (p floatRvSlice) Len() int { return len(p) }
-func (p floatRvSlice) Less(i, j int) bool {
-	return p[i].v < p[j].v || isNaN(p[i].v) && !isNaN(p[j].v)
-}
-func (p floatRvSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
-
-func (p stringRvSlice) Len() int           { return len(p) }
-func (p stringRvSlice) Less(i, j int) bool { return p[i].v < p[j].v }
-func (p stringRvSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-func (p bytesRvSlice) Len() int           { return len(p) }
-func (p bytesRvSlice) Less(i, j int) bool { return bytes.Compare(p[i].v, p[j].v) == -1 }
-func (p bytesRvSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-func (p boolRvSlice) Len() int           { return len(p) }
-func (p boolRvSlice) Less(i, j int) bool { return !p[i].v && p[j].v }
-func (p boolRvSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-func (p timeRvSlice) Len() int           { return len(p) }
-func (p timeRvSlice) Less(i, j int) bool { return p[i].v.Before(p[j].v) }
-func (p timeRvSlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-// -----------------
-
-type bytesI struct {
-	v []byte
-	i interface{}
-}
-
-type bytesISlice []bytesI
-
-func (p bytesISlice) Len() int           { return len(p) }
-func (p bytesISlice) Less(i, j int) bool { return bytes.Compare(p[i].v, p[j].v) == -1 }
-func (p bytesISlice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-// -----------------
-
-type set []uintptr
-
-func (s *set) add(v uintptr) (exists bool) {
-	// e.ci is always nil, or len >= 1
-	x := *s
-	if x == nil {
-		x = make([]uintptr, 1, 8)
-		x[0] = v
-		*s = x
-		return
-	}
-	// typically, length will be 1. make this perform.
-	if len(x) == 1 {
-		if j := x[0]; j == 0 {
-			x[0] = v
-		} else if j == v {
-			exists = true
-		} else {
-			x = append(x, v)
-			*s = x
-		}
-		return
-	}
-	// check if it exists
-	for _, j := range x {
-		if j == v {
-			exists = true
-			return
-		}
-	}
-	// try to replace a "deleted" slot
-	for i, j := range x {
-		if j == 0 {
-			x[i] = v
-			return
-		}
-	}
-	// if unable to replace deleted slot, just append it.
-	x = append(x, v)
-	*s = x
-	return
-}
-
-func (s *set) remove(v uintptr) (exists bool) {
-	x := *s
-	if len(x) == 0 {
-		return
-	}
-	if len(x) == 1 {
-		if x[0] == v {
-			x[0] = 0
-		}
-		return
-	}
-	for i, j := range x {
-		if j == v {
-			exists = true
-			x[i] = 0 // set it to 0, as way to delete it.
-			// copy(x[i:], x[i+1:])
-			// x = x[:len(x)-1]
-			return
-		}
-	}
-	return
-}
-
-// ------
-
-// bitset types are better than [256]bool, because they permit the whole
-// bitset array being on a single cache line and use less memory.
-
-// given x > 0 and n > 0 and x is exactly 2^n, then pos/x === pos>>n AND pos%x === pos&(x-1).
-// consequently, pos/32 === pos>>5, pos/16 === pos>>4, pos/8 === pos>>3, pos%8 == pos&7
-
-type bitset256 [32]byte
-
-func (x *bitset256) isset(pos byte) bool {
-	return x[pos>>3]&(1<<(pos&7)) != 0
-}
-func (x *bitset256) issetv(pos byte) byte {
-	return x[pos>>3] & (1 << (pos & 7))
-}
-func (x *bitset256) set(pos byte) {
-	x[pos>>3] |= (1 << (pos & 7))
-}
-
-// func (x *bitset256) unset(pos byte) {
-// 	x[pos>>3] &^= (1 << (pos & 7))
-// }
-
-type bitset128 [16]byte
-
-func (x *bitset128) isset(pos byte) bool {
-	return x[pos>>3]&(1<<(pos&7)) != 0
-}
-func (x *bitset128) set(pos byte) {
-	x[pos>>3] |= (1 << (pos & 7))
-}
-
-// func (x *bitset128) unset(pos byte) {
-// 	x[pos>>3] &^= (1 << (pos & 7))
-// }
-
-type bitset32 [4]byte
-
-func (x *bitset32) isset(pos byte) bool {
-	return x[pos>>3]&(1<<(pos&7)) != 0
-}
-func (x *bitset32) set(pos byte) {
-	x[pos>>3] |= (1 << (pos & 7))
-}
-
-// func (x *bitset32) unset(pos byte) {
-// 	x[pos>>3] &^= (1 << (pos & 7))
-// }
-
-// type bit2set256 [64]byte
-
-// func (x *bit2set256) set(pos byte, v1, v2 bool) {
-// 	var pos2 uint8 = (pos & 3) << 1 // returning 0, 2, 4 or 6
-// 	if v1 {
-// 		x[pos>>2] |= 1 << (pos2 + 1)
-// 	}
-// 	if v2 {
-// 		x[pos>>2] |= 1 << pos2
-// 	}
-// }
-// func (x *bit2set256) get(pos byte) uint8 {
-// 	var pos2 uint8 = (pos & 3) << 1     // returning 0, 2, 4 or 6
-// 	return x[pos>>2] << (6 - pos2) >> 6 // 11000000 -> 00000011
-// }
-
-// ------------
-
-type pooler struct {
-	dn                                          sync.Pool // for decNaked
-	cfn                                         sync.Pool // for codecFner
-	tiload                                      sync.Pool
-	strRv8, strRv16, strRv32, strRv64, strRv128 sync.Pool // for stringRV
-}
-
-func (p *pooler) init() {
-	p.strRv8.New = func() interface{} { return new([8]stringRv) }
-	p.strRv16.New = func() interface{} { return new([16]stringRv) }
-	p.strRv32.New = func() interface{} { return new([32]stringRv) }
-	p.strRv64.New = func() interface{} { return new([64]stringRv) }
-	p.strRv128.New = func() interface{} { return new([128]stringRv) }
-	p.dn.New = func() interface{} { x := new(decNaked); x.init(); return x }
-	p.tiload.New = func() interface{} { return new(typeInfoLoadArray) }
-	p.cfn.New = func() interface{} { return new(codecFner) }
-}
-
-func (p *pooler) stringRv8() (sp *sync.Pool, v interface{}) {
-	return &p.strRv8, p.strRv8.Get()
-}
-func (p *pooler) stringRv16() (sp *sync.Pool, v interface{}) {
-	return &p.strRv16, p.strRv16.Get()
-}
-func (p *pooler) stringRv32() (sp *sync.Pool, v interface{}) {
-	return &p.strRv32, p.strRv32.Get()
-}
-func (p *pooler) stringRv64() (sp *sync.Pool, v interface{}) {
-	return &p.strRv64, p.strRv64.Get()
-}
-func (p *pooler) stringRv128() (sp *sync.Pool, v interface{}) {
-	return &p.strRv128, p.strRv128.Get()
-}
-func (p *pooler) decNaked() (sp *sync.Pool, v interface{}) {
-	return &p.dn, p.dn.Get()
-}
-func (p *pooler) codecFner() (sp *sync.Pool, v interface{}) {
-	return &p.cfn, p.cfn.Get()
-}
-func (p *pooler) tiLoad() (sp *sync.Pool, v interface{}) {
-	return &p.tiload, p.tiload.Get()
-}
-
-// func (p *pooler) decNaked() (v *decNaked, f func(*decNaked) ) {
-// 	sp := &(p.dn)
-// 	vv := sp.Get()
-// 	return vv.(*decNaked), func(x *decNaked) { sp.Put(vv) }
-// }
-// func (p *pooler) decNakedGet() (v interface{}) {
-// 	return p.dn.Get()
-// }
-// func (p *pooler) codecFnerGet() (v interface{}) {
-// 	return p.cfn.Get()
-// }
-// func (p *pooler) tiLoadGet() (v interface{}) {
-// 	return p.tiload.Get()
-// }
-// func (p *pooler) decNakedPut(v interface{}) {
-// 	p.dn.Put(v)
-// }
-// func (p *pooler) codecFnerPut(v interface{}) {
-// 	p.cfn.Put(v)
-// }
-// func (p *pooler) tiLoadPut(v interface{}) {
-// 	p.tiload.Put(v)
-// }
-
-type panicHdl struct{}
-
-func (panicHdl) errorv(err error) {
-	if err != nil {
-		panic(err)
-	}
-}
-
-func (panicHdl) errorstr(message string) {
-	if message != "" {
-		panic(message)
-	}
-}
-
-func (panicHdl) errorf(format string, params ...interface{}) {
-	if format != "" {
-		if len(params) == 0 {
-			panic(format)
-		} else {
-			panic(fmt.Sprintf(format, params...))
-		}
-	}
-}
-
-type errstrDecorator interface {
-	wrapErrstr(interface{}, *error)
-}
-
-type errstrDecoratorDef struct{}
-
-func (errstrDecoratorDef) wrapErrstr(v interface{}, e *error) { *e = fmt.Errorf("%v", v) }
-
-type must struct{}
-
-func (must) String(s string, err error) string {
-	if err != nil {
-		panicv.errorv(err)
-	}
-	return s
-}
-func (must) Int(s int64, err error) int64 {
-	if err != nil {
-		panicv.errorv(err)
-	}
-	return s
-}
-func (must) Uint(s uint64, err error) uint64 {
-	if err != nil {
-		panicv.errorv(err)
-	}
-	return s
-}
-func (must) Float(s float64, err error) float64 {
-	if err != nil {
-		panicv.errorv(err)
-	}
-	return s
-}
-
-// xdebugf prints the message in red on the terminal.
-// Use it in place of fmt.Printf (which it calls internally)
-func xdebugf(pattern string, args ...interface{}) {
-	var delim string
-	if len(pattern) > 0 && pattern[len(pattern)-1] != '\n' {
-		delim = "\n"
-	}
-	fmt.Printf("\033[1;31m"+pattern+delim+"\033[0m", args...)
-}
-
-// func isImmutableKind(k reflect.Kind) (v bool) {
-// 	return false ||
-// 		k == reflect.Int ||
-// 		k == reflect.Int8 ||
-// 		k == reflect.Int16 ||
-// 		k == reflect.Int32 ||
-// 		k == reflect.Int64 ||
-// 		k == reflect.Uint ||
-// 		k == reflect.Uint8 ||
-// 		k == reflect.Uint16 ||
-// 		k == reflect.Uint32 ||
-// 		k == reflect.Uint64 ||
-// 		k == reflect.Uintptr ||
-// 		k == reflect.Float32 ||
-// 		k == reflect.Float64 ||
-// 		k == reflect.Bool ||
-// 		k == reflect.String
-// }
-
-// func timeLocUTCName(tzint int16) string {
-// 	if tzint == 0 {
-// 		return "UTC"
-// 	}
-// 	var tzname = []byte("UTC+00:00")
-// 	//tzname := fmt.Sprintf("UTC%s%02d:%02d", tzsign, tz/60, tz%60) //perf issue using Sprintf. inline below.
-// 	//tzhr, tzmin := tz/60, tz%60 //faster if u convert to int first
-// 	var tzhr, tzmin int16
-// 	if tzint < 0 {
-// 		tzname[3] = '-' // (TODO: verify. this works here)
-// 		tzhr, tzmin = -tzint/60, (-tzint)%60
-// 	} else {
-// 		tzhr, tzmin = tzint/60, tzint%60
-// 	}
-// 	tzname[4] = timeDigits[tzhr/10]
-// 	tzname[5] = timeDigits[tzhr%10]
-// 	tzname[7] = timeDigits[tzmin/10]
-// 	tzname[8] = timeDigits[tzmin%10]
-// 	return string(tzname)
-// 	//return time.FixedZone(string(tzname), int(tzint)*60)
-// }
diff --git a/vendor/github.com/ugorji/go/codec/helper_internal.go b/vendor/github.com/ugorji/go/codec/helper_internal.go
deleted file mode 100644
index 0cbd665e257f0..0000000000000
--- a/vendor/github.com/ugorji/go/codec/helper_internal.go
+++ /dev/null
@@ -1,121 +0,0 @@
-// Copyright (c) 2012-2015 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-// All non-std package dependencies live in this file,
-// so porting to different environment is easy (just update functions).
-
-func pruneSignExt(v []byte, pos bool) (n int) {
-	if len(v) < 2 {
-	} else if pos && v[0] == 0 {
-		for ; v[n] == 0 && n+1 < len(v) && (v[n+1]&(1<<7) == 0); n++ {
-		}
-	} else if !pos && v[0] == 0xff {
-		for ; v[n] == 0xff && n+1 < len(v) && (v[n+1]&(1<<7) != 0); n++ {
-		}
-	}
-	return
-}
-
-// validate that this function is correct ...
-// culled from OGRE (Object-Oriented Graphics Rendering Engine)
-// function: halfToFloatI (http://stderr.org/doc/ogre-doc/api/OgreBitwise_8h-source.html)
-func halfFloatToFloatBits(yy uint16) (d uint32) {
-	y := uint32(yy)
-	s := (y >> 15) & 0x01
-	e := (y >> 10) & 0x1f
-	m := y & 0x03ff
-
-	if e == 0 {
-		if m == 0 { // plu or minus 0
-			return s << 31
-		}
-		// Denormalized number -- renormalize it
-		for (m & 0x00000400) == 0 {
-			m <<= 1
-			e -= 1
-		}
-		e += 1
-		const zz uint32 = 0x0400
-		m &= ^zz
-	} else if e == 31 {
-		if m == 0 { // Inf
-			return (s << 31) | 0x7f800000
-		}
-		return (s << 31) | 0x7f800000 | (m << 13) // NaN
-	}
-	e = e + (127 - 15)
-	m = m << 13
-	return (s << 31) | (e << 23) | m
-}
-
-// GrowCap will return a new capacity for a slice, given the following:
-//   - oldCap: current capacity
-//   - unit: in-memory size of an element
-//   - num: number of elements to add
-func growCap(oldCap, unit, num int) (newCap int) {
-	// appendslice logic (if cap < 1024, *2, else *1.25):
-	//   leads to many copy calls, especially when copying bytes.
-	//   bytes.Buffer model (2*cap + n): much better for bytes.
-	// smarter way is to take the byte-size of the appended element(type) into account
-
-	// maintain 3 thresholds:
-	// t1: if cap <= t1, newcap = 2x
-	// t2: if cap <= t2, newcap = 1.75x
-	// t3: if cap <= t3, newcap = 1.5x
-	//     else          newcap = 1.25x
-	//
-	// t1, t2, t3 >= 1024 always.
-	// i.e. if unit size >= 16, then always do 2x or 1.25x (ie t1, t2, t3 are all same)
-	//
-	// With this, appending for bytes increase by:
-	//    100% up to 4K
-	//     75% up to 8K
-	//     50% up to 16K
-	//     25% beyond that
-
-	// unit can be 0 e.g. for struct{}{}; handle that appropriately
-	var t1, t2, t3 int // thresholds
-	if unit <= 1 {
-		t1, t2, t3 = 4*1024, 8*1024, 16*1024
-	} else if unit < 16 {
-		t3 = 16 / unit * 1024
-		t1 = t3 * 1 / 4
-		t2 = t3 * 2 / 4
-	} else {
-		t1, t2, t3 = 1024, 1024, 1024
-	}
-
-	var x int // temporary variable
-
-	// x is multiplier here: one of 5, 6, 7 or 8; incr of 25%, 50%, 75% or 100% respectively
-	if oldCap <= t1 { // [0,t1]
-		x = 8
-	} else if oldCap > t3 { // (t3,infinity]
-		x = 5
-	} else if oldCap <= t2 { // (t1,t2]
-		x = 7
-	} else { // (t2,t3]
-		x = 6
-	}
-	newCap = x * oldCap / 4
-
-	if num > 0 {
-		newCap += num
-	}
-
-	// ensure newCap is a multiple of 64 (if it is > 64) or 16.
-	if newCap > 64 {
-		if x = newCap % 64; x != 0 {
-			x = newCap / 64
-			newCap = 64 * (x + 1)
-		}
-	} else {
-		if x = newCap % 16; x != 0 {
-			x = newCap / 16
-			newCap = 16 * (x + 1)
-		}
-	}
-	return
-}
diff --git a/vendor/github.com/ugorji/go/codec/helper_not_unsafe.go b/vendor/github.com/ugorji/go/codec/helper_not_unsafe.go
deleted file mode 100644
index fd52690c94105..0000000000000
--- a/vendor/github.com/ugorji/go/codec/helper_not_unsafe.go
+++ /dev/null
@@ -1,272 +0,0 @@
-// +build !go1.7 safe appengine
-
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"reflect"
-	"sync/atomic"
-	"time"
-)
-
-const safeMode = true
-
-// stringView returns a view of the []byte as a string.
-// In unsafe mode, it doesn't incur allocation and copying caused by conversion.
-// In regular safe mode, it is an allocation and copy.
-//
-// Usage: Always maintain a reference to v while result of this call is in use,
-//        and call keepAlive4BytesView(v) at point where done with view.
-func stringView(v []byte) string {
-	return string(v)
-}
-
-// bytesView returns a view of the string as a []byte.
-// In unsafe mode, it doesn't incur allocation and copying caused by conversion.
-// In regular safe mode, it is an allocation and copy.
-//
-// Usage: Always maintain a reference to v while result of this call is in use,
-//        and call keepAlive4BytesView(v) at point where done with view.
-func bytesView(v string) []byte {
-	return []byte(v)
-}
-
-func definitelyNil(v interface{}) bool {
-	// this is a best-effort option.
-	// We just return false, so we don't unnecessarily incur the cost of reflection this early.
-	return false
-}
-
-func rv2i(rv reflect.Value) interface{} {
-	return rv.Interface()
-}
-
-func rt2id(rt reflect.Type) uintptr {
-	return reflect.ValueOf(rt).Pointer()
-}
-
-func rv2rtid(rv reflect.Value) uintptr {
-	return reflect.ValueOf(rv.Type()).Pointer()
-}
-
-func i2rtid(i interface{}) uintptr {
-	return reflect.ValueOf(reflect.TypeOf(i)).Pointer()
-}
-
-// --------------------------
-
-func isEmptyValue(v reflect.Value, tinfos *TypeInfos, deref, checkStruct bool) bool {
-	switch v.Kind() {
-	case reflect.Invalid:
-		return true
-	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
-		return v.Len() == 0
-	case reflect.Bool:
-		return !v.Bool()
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		return v.Int() == 0
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		return v.Uint() == 0
-	case reflect.Float32, reflect.Float64:
-		return v.Float() == 0
-	case reflect.Interface, reflect.Ptr:
-		if deref {
-			if v.IsNil() {
-				return true
-			}
-			return isEmptyValue(v.Elem(), tinfos, deref, checkStruct)
-		}
-		return v.IsNil()
-	case reflect.Struct:
-		return isEmptyStruct(v, tinfos, deref, checkStruct)
-	}
-	return false
-}
-
-// --------------------------
-// type ptrToRvMap struct{}
-
-// func (*ptrToRvMap) init() {}
-// func (*ptrToRvMap) get(i interface{}) reflect.Value {
-// 	return reflect.ValueOf(i).Elem()
-// }
-
-// --------------------------
-type atomicTypeInfoSlice struct { // expected to be 2 words
-	v atomic.Value
-}
-
-func (x *atomicTypeInfoSlice) load() []rtid2ti {
-	i := x.v.Load()
-	if i == nil {
-		return nil
-	}
-	return i.([]rtid2ti)
-}
-
-func (x *atomicTypeInfoSlice) store(p []rtid2ti) {
-	x.v.Store(p)
-}
-
-// --------------------------
-func (d *Decoder) raw(f *codecFnInfo, rv reflect.Value) {
-	rv.SetBytes(d.rawBytes())
-}
-
-func (d *Decoder) kString(f *codecFnInfo, rv reflect.Value) {
-	rv.SetString(d.d.DecodeString())
-}
-
-func (d *Decoder) kBool(f *codecFnInfo, rv reflect.Value) {
-	rv.SetBool(d.d.DecodeBool())
-}
-
-func (d *Decoder) kTime(f *codecFnInfo, rv reflect.Value) {
-	rv.Set(reflect.ValueOf(d.d.DecodeTime()))
-}
-
-func (d *Decoder) kFloat32(f *codecFnInfo, rv reflect.Value) {
-	fv := d.d.DecodeFloat64()
-	if chkOvf.Float32(fv) {
-		d.errorf("float32 overflow: %v", fv)
-	}
-	rv.SetFloat(fv)
-}
-
-func (d *Decoder) kFloat64(f *codecFnInfo, rv reflect.Value) {
-	rv.SetFloat(d.d.DecodeFloat64())
-}
-
-func (d *Decoder) kInt(f *codecFnInfo, rv reflect.Value) {
-	rv.SetInt(chkOvf.IntV(d.d.DecodeInt64(), intBitsize))
-}
-
-func (d *Decoder) kInt8(f *codecFnInfo, rv reflect.Value) {
-	rv.SetInt(chkOvf.IntV(d.d.DecodeInt64(), 8))
-}
-
-func (d *Decoder) kInt16(f *codecFnInfo, rv reflect.Value) {
-	rv.SetInt(chkOvf.IntV(d.d.DecodeInt64(), 16))
-}
-
-func (d *Decoder) kInt32(f *codecFnInfo, rv reflect.Value) {
-	rv.SetInt(chkOvf.IntV(d.d.DecodeInt64(), 32))
-}
-
-func (d *Decoder) kInt64(f *codecFnInfo, rv reflect.Value) {
-	rv.SetInt(d.d.DecodeInt64())
-}
-
-func (d *Decoder) kUint(f *codecFnInfo, rv reflect.Value) {
-	rv.SetUint(chkOvf.UintV(d.d.DecodeUint64(), uintBitsize))
-}
-
-func (d *Decoder) kUintptr(f *codecFnInfo, rv reflect.Value) {
-	rv.SetUint(chkOvf.UintV(d.d.DecodeUint64(), uintBitsize))
-}
-
-func (d *Decoder) kUint8(f *codecFnInfo, rv reflect.Value) {
-	rv.SetUint(chkOvf.UintV(d.d.DecodeUint64(), 8))
-}
-
-func (d *Decoder) kUint16(f *codecFnInfo, rv reflect.Value) {
-	rv.SetUint(chkOvf.UintV(d.d.DecodeUint64(), 16))
-}
-
-func (d *Decoder) kUint32(f *codecFnInfo, rv reflect.Value) {
-	rv.SetUint(chkOvf.UintV(d.d.DecodeUint64(), 32))
-}
-
-func (d *Decoder) kUint64(f *codecFnInfo, rv reflect.Value) {
-	rv.SetUint(d.d.DecodeUint64())
-}
-
-// ----------------
-
-func (e *Encoder) kBool(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeBool(rv.Bool())
-}
-
-func (e *Encoder) kTime(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeTime(rv2i(rv).(time.Time))
-}
-
-func (e *Encoder) kString(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeString(cUTF8, rv.String())
-}
-
-func (e *Encoder) kFloat64(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeFloat64(rv.Float())
-}
-
-func (e *Encoder) kFloat32(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeFloat32(float32(rv.Float()))
-}
-
-func (e *Encoder) kInt(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeInt(rv.Int())
-}
-
-func (e *Encoder) kInt8(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeInt(rv.Int())
-}
-
-func (e *Encoder) kInt16(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeInt(rv.Int())
-}
-
-func (e *Encoder) kInt32(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeInt(rv.Int())
-}
-
-func (e *Encoder) kInt64(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeInt(rv.Int())
-}
-
-func (e *Encoder) kUint(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeUint(rv.Uint())
-}
-
-func (e *Encoder) kUint8(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeUint(rv.Uint())
-}
-
-func (e *Encoder) kUint16(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeUint(rv.Uint())
-}
-
-func (e *Encoder) kUint32(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeUint(rv.Uint())
-}
-
-func (e *Encoder) kUint64(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeUint(rv.Uint())
-}
-
-func (e *Encoder) kUintptr(f *codecFnInfo, rv reflect.Value) {
-	e.e.EncodeUint(rv.Uint())
-}
-
-// // keepAlive4BytesView maintains a reference to the input parameter for bytesView.
-// //
-// // Usage: call this at point where done with the bytes view.
-// func keepAlive4BytesView(v string) {}
-
-// // keepAlive4BytesView maintains a reference to the input parameter for stringView.
-// //
-// // Usage: call this at point where done with the string view.
-// func keepAlive4StringView(v []byte) {}
-
-// func definitelyNil(v interface{}) bool {
-// 	rv := reflect.ValueOf(v)
-// 	switch rv.Kind() {
-// 	case reflect.Invalid:
-// 		return true
-// 	case reflect.Ptr, reflect.Interface, reflect.Chan, reflect.Slice, reflect.Map, reflect.Func:
-// 		return rv.IsNil()
-// 	default:
-// 		return false
-// 	}
-// }
diff --git a/vendor/github.com/ugorji/go/codec/helper_unsafe.go b/vendor/github.com/ugorji/go/codec/helper_unsafe.go
deleted file mode 100644
index e3df60abeab21..0000000000000
--- a/vendor/github.com/ugorji/go/codec/helper_unsafe.go
+++ /dev/null
@@ -1,639 +0,0 @@
-// +build !safe
-// +build !appengine
-// +build go1.7
-
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"reflect"
-	"sync/atomic"
-	"time"
-	"unsafe"
-)
-
-// This file has unsafe variants of some helper methods.
-// NOTE: See helper_not_unsafe.go for the usage information.
-
-// var zeroRTv [4]uintptr
-
-const safeMode = false
-const unsafeFlagIndir = 1 << 7 // keep in sync with GO_ROOT/src/reflect/value.go
-
-type unsafeString struct {
-	Data unsafe.Pointer
-	Len  int
-}
-
-type unsafeSlice struct {
-	Data unsafe.Pointer
-	Len  int
-	Cap  int
-}
-
-type unsafeIntf struct {
-	typ  unsafe.Pointer
-	word unsafe.Pointer
-}
-
-type unsafeReflectValue struct {
-	typ  unsafe.Pointer
-	ptr  unsafe.Pointer
-	flag uintptr
-}
-
-func stringView(v []byte) string {
-	if len(v) == 0 {
-		return ""
-	}
-	bx := (*unsafeSlice)(unsafe.Pointer(&v))
-	return *(*string)(unsafe.Pointer(&unsafeString{bx.Data, bx.Len}))
-}
-
-func bytesView(v string) []byte {
-	if len(v) == 0 {
-		return zeroByteSlice
-	}
-	sx := (*unsafeString)(unsafe.Pointer(&v))
-	return *(*[]byte)(unsafe.Pointer(&unsafeSlice{sx.Data, sx.Len, sx.Len}))
-}
-
-func definitelyNil(v interface{}) bool {
-	// There is no global way of checking if an interface is nil.
-	// For true references (map, ptr, func, chan), you can just look
-	// at the word of the interface. However, for slices, you have to dereference
-	// the word, and get a pointer to the 3-word interface value.
-	//
-	// However, the following are cheap calls
-	// - TypeOf(interface): cheap 2-line call.
-	// - ValueOf(interface{}): expensive
-	// - type.Kind: cheap call through an interface
-	// - Value.Type(): cheap call
-	//                 except it's a method value (e.g. r.Read, which implies that it is a Func)
-
-	return ((*unsafeIntf)(unsafe.Pointer(&v))).word == nil
-}
-
-func rv2i(rv reflect.Value) interface{} {
-	// TODO: consider a more generally-known optimization for reflect.Value ==> Interface
-	//
-	// Currently, we use this fragile method that taps into implememtation details from
-	// the source go stdlib reflect/value.go, and trims the implementation.
-
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	// true references (map, func, chan, ptr - NOT slice) may be double-referenced as flagIndir
-	var ptr unsafe.Pointer
-	if refBitset.isset(byte(urv.flag&(1<<5-1))) && urv.flag&unsafeFlagIndir != 0 {
-		ptr = *(*unsafe.Pointer)(urv.ptr)
-	} else {
-		ptr = urv.ptr
-	}
-	return *(*interface{})(unsafe.Pointer(&unsafeIntf{typ: urv.typ, word: ptr}))
-}
-
-func rt2id(rt reflect.Type) uintptr {
-	return uintptr(((*unsafeIntf)(unsafe.Pointer(&rt))).word)
-}
-
-func rv2rtid(rv reflect.Value) uintptr {
-	return uintptr((*unsafeReflectValue)(unsafe.Pointer(&rv)).typ)
-}
-
-func i2rtid(i interface{}) uintptr {
-	return uintptr(((*unsafeIntf)(unsafe.Pointer(&i))).typ)
-}
-
-// --------------------------
-
-func isEmptyValue(v reflect.Value, tinfos *TypeInfos, deref, checkStruct bool) bool {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&v))
-	if urv.flag == 0 {
-		return true
-	}
-	switch v.Kind() {
-	case reflect.Invalid:
-		return true
-	case reflect.String:
-		return (*unsafeString)(urv.ptr).Len == 0
-	case reflect.Slice:
-		return (*unsafeSlice)(urv.ptr).Len == 0
-	case reflect.Bool:
-		return !*(*bool)(urv.ptr)
-	case reflect.Int:
-		return *(*int)(urv.ptr) == 0
-	case reflect.Int8:
-		return *(*int8)(urv.ptr) == 0
-	case reflect.Int16:
-		return *(*int16)(urv.ptr) == 0
-	case reflect.Int32:
-		return *(*int32)(urv.ptr) == 0
-	case reflect.Int64:
-		return *(*int64)(urv.ptr) == 0
-	case reflect.Uint:
-		return *(*uint)(urv.ptr) == 0
-	case reflect.Uint8:
-		return *(*uint8)(urv.ptr) == 0
-	case reflect.Uint16:
-		return *(*uint16)(urv.ptr) == 0
-	case reflect.Uint32:
-		return *(*uint32)(urv.ptr) == 0
-	case reflect.Uint64:
-		return *(*uint64)(urv.ptr) == 0
-	case reflect.Uintptr:
-		return *(*uintptr)(urv.ptr) == 0
-	case reflect.Float32:
-		return *(*float32)(urv.ptr) == 0
-	case reflect.Float64:
-		return *(*float64)(urv.ptr) == 0
-	case reflect.Interface:
-		isnil := urv.ptr == nil || *(*unsafe.Pointer)(urv.ptr) == nil
-		if deref {
-			if isnil {
-				return true
-			}
-			return isEmptyValue(v.Elem(), tinfos, deref, checkStruct)
-		}
-		return isnil
-	case reflect.Ptr:
-		// isnil := urv.ptr == nil (not sufficient, as a pointer value encodes the type)
-		isnil := urv.ptr == nil || *(*unsafe.Pointer)(urv.ptr) == nil
-		if deref {
-			if isnil {
-				return true
-			}
-			return isEmptyValue(v.Elem(), tinfos, deref, checkStruct)
-		}
-		return isnil
-	case reflect.Struct:
-		return isEmptyStruct(v, tinfos, deref, checkStruct)
-	case reflect.Map, reflect.Array, reflect.Chan:
-		return v.Len() == 0
-	}
-	return false
-}
-
-// --------------------------
-
-// atomicTypeInfoSlice contains length and pointer to the array for a slice.
-// It is expected to be 2 words.
-//
-// Previously, we atomically loaded and stored the length and array pointer separately,
-// which could lead to some races.
-// We now just atomically store and load the pointer to the value directly.
-
-type atomicTypeInfoSlice struct { // expected to be 2 words
-	l int            // length of the data array (must be first in struct, for 64-bit alignment necessary for 386)
-	v unsafe.Pointer // data array - Pointer (not uintptr) to maintain GC reference
-}
-
-func (x *atomicTypeInfoSlice) load() []rtid2ti {
-	xp := unsafe.Pointer(x)
-	x2 := *(*atomicTypeInfoSlice)(atomic.LoadPointer(&xp))
-	if x2.l == 0 {
-		return nil
-	}
-	return *(*[]rtid2ti)(unsafe.Pointer(&unsafeSlice{Data: x2.v, Len: x2.l, Cap: x2.l}))
-}
-
-func (x *atomicTypeInfoSlice) store(p []rtid2ti) {
-	s := (*unsafeSlice)(unsafe.Pointer(&p))
-	xp := unsafe.Pointer(x)
-	atomic.StorePointer(&xp, unsafe.Pointer(&atomicTypeInfoSlice{l: s.Len, v: s.Data}))
-}
-
-// --------------------------
-func (d *Decoder) raw(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*[]byte)(urv.ptr) = d.rawBytes()
-}
-
-func (d *Decoder) kString(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*string)(urv.ptr) = d.d.DecodeString()
-}
-
-func (d *Decoder) kBool(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*bool)(urv.ptr) = d.d.DecodeBool()
-}
-
-func (d *Decoder) kTime(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*time.Time)(urv.ptr) = d.d.DecodeTime()
-}
-
-func (d *Decoder) kFloat32(f *codecFnInfo, rv reflect.Value) {
-	fv := d.d.DecodeFloat64()
-	if chkOvf.Float32(fv) {
-		d.errorf("float32 overflow: %v", fv)
-	}
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*float32)(urv.ptr) = float32(fv)
-}
-
-func (d *Decoder) kFloat64(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*float64)(urv.ptr) = d.d.DecodeFloat64()
-}
-
-func (d *Decoder) kInt(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*int)(urv.ptr) = int(chkOvf.IntV(d.d.DecodeInt64(), intBitsize))
-}
-
-func (d *Decoder) kInt8(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*int8)(urv.ptr) = int8(chkOvf.IntV(d.d.DecodeInt64(), 8))
-}
-
-func (d *Decoder) kInt16(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*int16)(urv.ptr) = int16(chkOvf.IntV(d.d.DecodeInt64(), 16))
-}
-
-func (d *Decoder) kInt32(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*int32)(urv.ptr) = int32(chkOvf.IntV(d.d.DecodeInt64(), 32))
-}
-
-func (d *Decoder) kInt64(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*int64)(urv.ptr) = d.d.DecodeInt64()
-}
-
-func (d *Decoder) kUint(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*uint)(urv.ptr) = uint(chkOvf.UintV(d.d.DecodeUint64(), uintBitsize))
-}
-
-func (d *Decoder) kUintptr(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*uintptr)(urv.ptr) = uintptr(chkOvf.UintV(d.d.DecodeUint64(), uintBitsize))
-}
-
-func (d *Decoder) kUint8(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*uint8)(urv.ptr) = uint8(chkOvf.UintV(d.d.DecodeUint64(), 8))
-}
-
-func (d *Decoder) kUint16(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*uint16)(urv.ptr) = uint16(chkOvf.UintV(d.d.DecodeUint64(), 16))
-}
-
-func (d *Decoder) kUint32(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*uint32)(urv.ptr) = uint32(chkOvf.UintV(d.d.DecodeUint64(), 32))
-}
-
-func (d *Decoder) kUint64(f *codecFnInfo, rv reflect.Value) {
-	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	*(*uint64)(urv.ptr) = d.d.DecodeUint64()
-}
-
-// ------------
-
-func (e *Encoder) kBool(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeBool(*(*bool)(v.ptr))
-}
-
-func (e *Encoder) kTime(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeTime(*(*time.Time)(v.ptr))
-}
-
-func (e *Encoder) kString(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeString(cUTF8, *(*string)(v.ptr))
-}
-
-func (e *Encoder) kFloat64(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeFloat64(*(*float64)(v.ptr))
-}
-
-func (e *Encoder) kFloat32(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeFloat32(*(*float32)(v.ptr))
-}
-
-func (e *Encoder) kInt(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeInt(int64(*(*int)(v.ptr)))
-}
-
-func (e *Encoder) kInt8(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeInt(int64(*(*int8)(v.ptr)))
-}
-
-func (e *Encoder) kInt16(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeInt(int64(*(*int16)(v.ptr)))
-}
-
-func (e *Encoder) kInt32(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeInt(int64(*(*int32)(v.ptr)))
-}
-
-func (e *Encoder) kInt64(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeInt(int64(*(*int64)(v.ptr)))
-}
-
-func (e *Encoder) kUint(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeUint(uint64(*(*uint)(v.ptr)))
-}
-
-func (e *Encoder) kUint8(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeUint(uint64(*(*uint8)(v.ptr)))
-}
-
-func (e *Encoder) kUint16(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeUint(uint64(*(*uint16)(v.ptr)))
-}
-
-func (e *Encoder) kUint32(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeUint(uint64(*(*uint32)(v.ptr)))
-}
-
-func (e *Encoder) kUint64(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeUint(uint64(*(*uint64)(v.ptr)))
-}
-
-func (e *Encoder) kUintptr(f *codecFnInfo, rv reflect.Value) {
-	v := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-	e.e.EncodeUint(uint64(*(*uintptr)(v.ptr)))
-}
-
-// ------------
-
-// func (d *Decoder) raw(f *codecFnInfo, rv reflect.Value) {
-// 	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-// 	// if urv.flag&unsafeFlagIndir != 0 {
-// 	// 	urv.ptr = *(*unsafe.Pointer)(urv.ptr)
-// 	// }
-// 	*(*[]byte)(urv.ptr) = d.rawBytes()
-// }
-
-// func rv0t(rt reflect.Type) reflect.Value {
-// 	ut := (*unsafeIntf)(unsafe.Pointer(&rt))
-// 	// we need to determine whether ifaceIndir, and then whether to just pass 0 as the ptr
-// 	uv := unsafeReflectValue{ut.word, &zeroRTv, flag(rt.Kind())}
-// 	return *(*reflect.Value)(unsafe.Pointer(&uv})
-// }
-
-// func rv2i(rv reflect.Value) interface{} {
-// 	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-// 	// true references (map, func, chan, ptr - NOT slice) may be double-referenced as flagIndir
-// 	var ptr unsafe.Pointer
-// 	// kk := reflect.Kind(urv.flag & (1<<5 - 1))
-// 	// if (kk == reflect.Map || kk == reflect.Ptr || kk == reflect.Chan || kk == reflect.Func) && urv.flag&unsafeFlagIndir != 0 {
-// 	if refBitset.isset(byte(urv.flag&(1<<5-1))) && urv.flag&unsafeFlagIndir != 0 {
-// 		ptr = *(*unsafe.Pointer)(urv.ptr)
-// 	} else {
-// 		ptr = urv.ptr
-// 	}
-// 	return *(*interface{})(unsafe.Pointer(&unsafeIntf{typ: urv.typ, word: ptr}))
-// 	// return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: *(*unsafe.Pointer)(urv.ptr), typ: urv.typ}))
-// 	// return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: urv.ptr, typ: urv.typ}))
-// }
-
-// func definitelyNil(v interface{}) bool {
-// 	var ui *unsafeIntf = (*unsafeIntf)(unsafe.Pointer(&v))
-// 	if ui.word == nil {
-// 		return true
-// 	}
-// 	var tk = reflect.TypeOf(v).Kind()
-// 	return (tk == reflect.Interface || tk == reflect.Slice) && *(*unsafe.Pointer)(ui.word) == nil
-// 	fmt.Printf(">>>> definitely nil: isnil: %v, TYPE: \t%T, word: %v, *word: %v, type: %v, nil: %v\n",
-// 	v == nil, v, word, *((*unsafe.Pointer)(word)), ui.typ, nil)
-// }
-
-// func keepAlive4BytesView(v string) {
-// 	runtime.KeepAlive(v)
-// }
-
-// func keepAlive4StringView(v []byte) {
-// 	runtime.KeepAlive(v)
-// }
-
-// func rt2id(rt reflect.Type) uintptr {
-// 	return uintptr(((*unsafeIntf)(unsafe.Pointer(&rt))).word)
-// 	// var i interface{} = rt
-// 	// // ui := (*unsafeIntf)(unsafe.Pointer(&i))
-// 	// return ((*unsafeIntf)(unsafe.Pointer(&i))).word
-// }
-
-// func rv2i(rv reflect.Value) interface{} {
-// 	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-// 	// non-reference type: already indir
-// 	// reference type: depend on flagIndir property ('cos maybe was double-referenced)
-// 	// const (unsafeRvFlagKindMask    = 1<<5 - 1 , unsafeRvFlagIndir       = 1 << 7 )
-// 	// rvk := reflect.Kind(urv.flag & (1<<5 - 1))
-// 	// if (rvk == reflect.Chan ||
-// 	// 	rvk == reflect.Func ||
-// 	// 	rvk == reflect.Interface ||
-// 	// 	rvk == reflect.Map ||
-// 	// 	rvk == reflect.Ptr ||
-// 	// 	rvk == reflect.UnsafePointer) && urv.flag&(1<<8) != 0 {
-// 	// 	fmt.Printf(">>>>> ---- double indirect reference: %v, %v\n", rvk, rv.Type())
-// 	// 	return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: *(*unsafe.Pointer)(urv.ptr), typ: urv.typ}))
-// 	// }
-// 	if urv.flag&(1<<5-1) == uintptr(reflect.Map) && urv.flag&(1<<7) != 0 {
-// 		// fmt.Printf(">>>>> ---- double indirect reference: %v, %v\n", rvk, rv.Type())
-// 		return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: *(*unsafe.Pointer)(urv.ptr), typ: urv.typ}))
-// 	}
-// 	// fmt.Printf(">>>>> ++++ direct reference: %v, %v\n", rvk, rv.Type())
-// 	return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: urv.ptr, typ: urv.typ}))
-// }
-
-// const (
-// 	unsafeRvFlagKindMask    = 1<<5 - 1
-// 	unsafeRvKindDirectIface = 1 << 5
-// 	unsafeRvFlagIndir       = 1 << 7
-// 	unsafeRvFlagAddr        = 1 << 8
-// 	unsafeRvFlagMethod      = 1 << 9
-
-// 	_USE_RV_INTERFACE bool = false
-// 	_UNSAFE_RV_DEBUG       = true
-// )
-
-// type unsafeRtype struct {
-// 	_    [2]uintptr
-// 	_    uint32
-// 	_    uint8
-// 	_    uint8
-// 	_    uint8
-// 	kind uint8
-// 	_    [2]uintptr
-// 	_    int32
-// }
-
-// func _rv2i(rv reflect.Value) interface{} {
-// 	// Note: From use,
-// 	//   - it's never an interface
-// 	//   - the only calls here are for ifaceIndir types.
-// 	//     (though that conditional is wrong)
-// 	//     To know for sure, we need the value of t.kind (which is not exposed).
-// 	//
-// 	// Need to validate the path: type is indirect ==> only value is indirect ==> default (value is direct)
-// 	//    - Type indirect, Value indirect: ==> numbers, boolean, slice, struct, array, string
-// 	//    - Type Direct,   Value indirect: ==> map???
-// 	//    - Type Direct,   Value direct:   ==> pointers, unsafe.Pointer, func, chan, map
-// 	//
-// 	// TRANSLATES TO:
-// 	//    if typeIndirect { } else if valueIndirect { } else { }
-// 	//
-// 	// Since we don't deal with funcs, then "flagNethod" is unset, and can be ignored.
-
-// 	if _USE_RV_INTERFACE {
-// 		return rv.Interface()
-// 	}
-// 	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-
-// 	// if urv.flag&unsafeRvFlagMethod != 0 || urv.flag&unsafeRvFlagKindMask == uintptr(reflect.Interface) {
-// 	// 	println("***** IS flag method or interface: delegating to rv.Interface()")
-// 	// 	return rv.Interface()
-// 	// }
-
-// 	// if urv.flag&unsafeRvFlagKindMask == uintptr(reflect.Interface) {
-// 	// 	println("***** IS Interface: delegate to rv.Interface")
-// 	// 	return rv.Interface()
-// 	// }
-// 	// if urv.flag&unsafeRvFlagKindMask&unsafeRvKindDirectIface == 0 {
-// 	// 	if urv.flag&unsafeRvFlagAddr == 0 {
-// 	// 		println("***** IS ifaceIndir typ")
-// 	// 		// ui := unsafeIntf{word: urv.ptr, typ: urv.typ}
-// 	// 		// return *(*interface{})(unsafe.Pointer(&ui))
-// 	// 		// return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: urv.ptr, typ: urv.typ}))
-// 	// 	}
-// 	// } else if urv.flag&unsafeRvFlagIndir != 0 {
-// 	// 	println("***** IS flagindir")
-// 	// 	// return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: *(*unsafe.Pointer)(urv.ptr), typ: urv.typ}))
-// 	// } else {
-// 	// 	println("***** NOT flagindir")
-// 	// 	return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: urv.ptr, typ: urv.typ}))
-// 	// }
-// 	// println("***** default: delegate to rv.Interface")
-
-// 	urt := (*unsafeRtype)(unsafe.Pointer(urv.typ))
-// 	if _UNSAFE_RV_DEBUG {
-// 		fmt.Printf(">>>> start: %v: ", rv.Type())
-// 		fmt.Printf("%v - %v\n", *urv, *urt)
-// 	}
-// 	if urt.kind&unsafeRvKindDirectIface == 0 {
-// 		if _UNSAFE_RV_DEBUG {
-// 			fmt.Printf("**** +ifaceIndir type: %v\n", rv.Type())
-// 		}
-// 		// println("***** IS ifaceIndir typ")
-// 		// if true || urv.flag&unsafeRvFlagAddr == 0 {
-// 		// 	// println("    ***** IS NOT addr")
-// 		return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: urv.ptr, typ: urv.typ}))
-// 		// }
-// 	} else if urv.flag&unsafeRvFlagIndir != 0 {
-// 		if _UNSAFE_RV_DEBUG {
-// 			fmt.Printf("**** +flagIndir type: %v\n", rv.Type())
-// 		}
-// 		// println("***** IS flagindir")
-// 		return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: *(*unsafe.Pointer)(urv.ptr), typ: urv.typ}))
-// 	} else {
-// 		if _UNSAFE_RV_DEBUG {
-// 			fmt.Printf("**** -flagIndir type: %v\n", rv.Type())
-// 		}
-// 		// println("***** NOT flagindir")
-// 		return *(*interface{})(unsafe.Pointer(&unsafeIntf{word: urv.ptr, typ: urv.typ}))
-// 	}
-// 	// println("***** default: delegating to rv.Interface()")
-// 	// return rv.Interface()
-// }
-
-// var staticM0 = make(map[string]uint64)
-// var staticI0 = (int32)(-5)
-
-// func staticRv2iTest() {
-// 	i0 := (int32)(-5)
-// 	m0 := make(map[string]uint16)
-// 	m0["1"] = 1
-// 	for _, i := range []interface{}{
-// 		(int)(7),
-// 		(uint)(8),
-// 		(int16)(-9),
-// 		(uint16)(19),
-// 		(uintptr)(77),
-// 		(bool)(true),
-// 		float32(-32.7),
-// 		float64(64.9),
-// 		complex(float32(19), 5),
-// 		complex(float64(-32), 7),
-// 		[4]uint64{1, 2, 3, 4},
-// 		(chan<- int)(nil), // chan,
-// 		rv2i,              // func
-// 		io.Writer(ioutil.Discard),
-// 		make(map[string]uint),
-// 		(map[string]uint)(nil),
-// 		staticM0,
-// 		m0,
-// 		&m0,
-// 		i0,
-// 		&i0,
-// 		&staticI0,
-// 		&staticM0,
-// 		[]uint32{6, 7, 8},
-// 		"abc",
-// 		Raw{},
-// 		RawExt{},
-// 		&Raw{},
-// 		&RawExt{},
-// 		unsafe.Pointer(&i0),
-// 	} {
-// 		i2 := rv2i(reflect.ValueOf(i))
-// 		eq := reflect.DeepEqual(i, i2)
-// 		fmt.Printf(">>>> %v == %v? %v\n", i, i2, eq)
-// 	}
-// 	// os.Exit(0)
-// }
-
-// func init() {
-// 	staticRv2iTest()
-// }
-
-// func rv2i(rv reflect.Value) interface{} {
-// 	if _USE_RV_INTERFACE || rv.Kind() == reflect.Interface || rv.CanAddr() {
-// 		return rv.Interface()
-// 	}
-// 	// var i interface{}
-// 	// ui := (*unsafeIntf)(unsafe.Pointer(&i))
-// 	var ui unsafeIntf
-// 	urv := (*unsafeReflectValue)(unsafe.Pointer(&rv))
-// 	// fmt.Printf("urv: flag: %b, typ: %b, ptr: %b\n", urv.flag, uintptr(urv.typ), uintptr(urv.ptr))
-// 	if (urv.flag&unsafeRvFlagKindMask)&unsafeRvKindDirectIface == 0 {
-// 		if urv.flag&unsafeRvFlagAddr != 0 {
-// 			println("***** indirect and addressable! Needs typed move - delegate to rv.Interface()")
-// 			return rv.Interface()
-// 		}
-// 		println("****** indirect type/kind")
-// 		ui.word = urv.ptr
-// 	} else if urv.flag&unsafeRvFlagIndir != 0 {
-// 		println("****** unsafe rv flag indir")
-// 		ui.word = *(*unsafe.Pointer)(urv.ptr)
-// 	} else {
-// 		println("****** default: assign prt to word directly")
-// 		ui.word = urv.ptr
-// 	}
-// 	// ui.word = urv.ptr
-// 	ui.typ = urv.typ
-// 	// fmt.Printf("(pointers) ui.typ: %p, word: %p\n", ui.typ, ui.word)
-// 	// fmt.Printf("(binary)   ui.typ: %b, word: %b\n", uintptr(ui.typ), uintptr(ui.word))
-// 	return *(*interface{})(unsafe.Pointer(&ui))
-// 	// return i
-// }
diff --git a/vendor/github.com/ugorji/go/codec/json.go b/vendor/github.com/ugorji/go/codec/json.go
deleted file mode 100644
index bdd1996639225..0000000000000
--- a/vendor/github.com/ugorji/go/codec/json.go
+++ /dev/null
@@ -1,1423 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-// By default, this json support uses base64 encoding for bytes, because you cannot
-// store and read any arbitrary string in json (only unicode).
-// However, the user can configre how to encode/decode bytes.
-//
-// This library specifically supports UTF-8 for encoding and decoding only.
-//
-// Note that the library will happily encode/decode things which are not valid
-// json e.g. a map[int64]string. We do it for consistency. With valid json,
-// we will encode and decode appropriately.
-// Users can specify their map type if necessary to force it.
-//
-// Note:
-//   - we cannot use strconv.Quote and strconv.Unquote because json quotes/unquotes differently.
-//     We implement it here.
-
-// Top-level methods of json(End|Dec)Driver (which are implementations of (en|de)cDriver
-// MUST not call one-another.
-
-import (
-	"bytes"
-	"encoding/base64"
-	"math"
-	"reflect"
-	"strconv"
-	"time"
-	"unicode"
-	"unicode/utf16"
-	"unicode/utf8"
-)
-
-//--------------------------------
-
-var jsonLiterals = [...]byte{
-	'"', 't', 'r', 'u', 'e', '"',
-	'"', 'f', 'a', 'l', 's', 'e', '"',
-	'"', 'n', 'u', 'l', 'l', '"',
-}
-
-const (
-	jsonLitTrueQ  = 0
-	jsonLitTrue   = 1
-	jsonLitFalseQ = 6
-	jsonLitFalse  = 7
-	jsonLitNullQ  = 13
-	jsonLitNull   = 14
-)
-
-const (
-	jsonU4Chk2 = '0'
-	jsonU4Chk1 = 'a' - 10
-	jsonU4Chk0 = 'A' - 10
-
-	jsonScratchArrayLen = 64
-)
-
-const (
-	// If !jsonValidateSymbols, decoding will be faster, by skipping some checks:
-	//   - If we see first character of null, false or true,
-	//     do not validate subsequent characters.
-	//   - e.g. if we see a n, assume null and skip next 3 characters,
-	//     and do not validate they are ull.
-	// P.S. Do not expect a significant decoding boost from this.
-	jsonValidateSymbols = true
-
-	jsonSpacesOrTabsLen = 128
-
-	jsonAlwaysReturnInternString = false
-)
-
-var (
-	// jsonTabs and jsonSpaces are used as caches for indents
-	jsonTabs, jsonSpaces [jsonSpacesOrTabsLen]byte
-
-	jsonCharHtmlSafeSet   bitset128
-	jsonCharSafeSet       bitset128
-	jsonCharWhitespaceSet bitset256
-	jsonNumSet            bitset256
-)
-
-func init() {
-	for i := 0; i < jsonSpacesOrTabsLen; i++ {
-		jsonSpaces[i] = ' '
-		jsonTabs[i] = '\t'
-	}
-
-	// populate the safe values as true: note: ASCII control characters are (0-31)
-	// jsonCharSafeSet:     all true except (0-31) " \
-	// jsonCharHtmlSafeSet: all true except (0-31) " \ < > &
-	var i byte
-	for i = 32; i < utf8.RuneSelf; i++ {
-		switch i {
-		case '"', '\\':
-		case '<', '>', '&':
-			jsonCharSafeSet.set(i) // = true
-		default:
-			jsonCharSafeSet.set(i)
-			jsonCharHtmlSafeSet.set(i)
-		}
-	}
-	for i = 0; i <= utf8.RuneSelf; i++ {
-		switch i {
-		case ' ', '\t', '\r', '\n':
-			jsonCharWhitespaceSet.set(i)
-		case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'e', 'E', '.', '+', '-':
-			jsonNumSet.set(i)
-		}
-	}
-}
-
-// ----------------
-
-type jsonEncDriverTypical struct {
-	w encWriter
-	// w  *encWriterSwitch
-	b  *[jsonScratchArrayLen]byte
-	tw bool // term white space
-	c  containerState
-}
-
-func (e *jsonEncDriverTypical) typical() {}
-
-func (e *jsonEncDriverTypical) reset(ee *jsonEncDriver) {
-	e.w = ee.ew
-	// e.w = &ee.e.encWriterSwitch
-	e.b = &ee.b
-	e.tw = ee.h.TermWhitespace
-	e.c = 0
-}
-
-func (e *jsonEncDriverTypical) WriteArrayStart(length int) {
-	e.w.writen1('[')
-	e.c = containerArrayStart
-}
-
-func (e *jsonEncDriverTypical) WriteArrayElem() {
-	if e.c != containerArrayStart {
-		e.w.writen1(',')
-	}
-	e.c = containerArrayElem
-}
-
-func (e *jsonEncDriverTypical) WriteArrayEnd() {
-	e.w.writen1(']')
-	e.c = containerArrayEnd
-}
-
-func (e *jsonEncDriverTypical) WriteMapStart(length int) {
-	e.w.writen1('{')
-	e.c = containerMapStart
-}
-
-func (e *jsonEncDriverTypical) WriteMapElemKey() {
-	if e.c != containerMapStart {
-		e.w.writen1(',')
-	}
-	e.c = containerMapKey
-}
-
-func (e *jsonEncDriverTypical) WriteMapElemValue() {
-	e.w.writen1(':')
-	e.c = containerMapValue
-}
-
-func (e *jsonEncDriverTypical) WriteMapEnd() {
-	e.w.writen1('}')
-	e.c = containerMapEnd
-}
-
-func (e *jsonEncDriverTypical) EncodeBool(b bool) {
-	if b {
-		e.w.writeb(jsonLiterals[jsonLitTrue : jsonLitTrue+4])
-	} else {
-		e.w.writeb(jsonLiterals[jsonLitFalse : jsonLitFalse+5])
-	}
-}
-
-func (e *jsonEncDriverTypical) EncodeFloat64(f float64) {
-	fmt, prec := jsonFloatStrconvFmtPrec(f)
-	e.w.writeb(strconv.AppendFloat(e.b[:0], f, fmt, prec, 64))
-}
-
-func (e *jsonEncDriverTypical) EncodeInt(v int64) {
-	e.w.writeb(strconv.AppendInt(e.b[:0], v, 10))
-}
-
-func (e *jsonEncDriverTypical) EncodeUint(v uint64) {
-	e.w.writeb(strconv.AppendUint(e.b[:0], v, 10))
-}
-
-func (e *jsonEncDriverTypical) EncodeFloat32(f float32) {
-	e.EncodeFloat64(float64(f))
-}
-
-func (e *jsonEncDriverTypical) atEndOfEncode() {
-	if e.tw {
-		e.w.writen1(' ')
-	}
-}
-
-// ----------------
-
-type jsonEncDriverGeneric struct {
-	w encWriter // encWriter // *encWriterSwitch
-	b *[jsonScratchArrayLen]byte
-	c containerState
-	// ds string // indent string
-	di int8    // indent per
-	d  bool    // indenting?
-	dt bool    // indent using tabs
-	dl uint16  // indent level
-	ks bool    // map key as string
-	is byte    // integer as string
-	tw bool    // term white space
-	_  [7]byte // padding
-}
-
-// indent is done as below:
-//   - newline and indent are added before each mapKey or arrayElem
-//   - newline and indent are added before each ending,
-//     except there was no entry (so we can have {} or [])
-
-func (e *jsonEncDriverGeneric) reset(ee *jsonEncDriver) {
-	e.w = ee.ew
-	e.b = &ee.b
-	e.tw = ee.h.TermWhitespace
-	e.c = 0
-	e.d, e.dt, e.dl, e.di = false, false, 0, 0
-	h := ee.h
-	if h.Indent > 0 {
-		e.d = true
-		e.di = int8(h.Indent)
-	} else if h.Indent < 0 {
-		e.d = true
-		e.dt = true
-		e.di = int8(-h.Indent)
-	}
-	e.ks = h.MapKeyAsString
-	e.is = h.IntegerAsString
-}
-
-func (e *jsonEncDriverGeneric) WriteArrayStart(length int) {
-	if e.d {
-		e.dl++
-	}
-	e.w.writen1('[')
-	e.c = containerArrayStart
-}
-
-func (e *jsonEncDriverGeneric) WriteArrayElem() {
-	if e.c != containerArrayStart {
-		e.w.writen1(',')
-	}
-	if e.d {
-		e.writeIndent()
-	}
-	e.c = containerArrayElem
-}
-
-func (e *jsonEncDriverGeneric) WriteArrayEnd() {
-	if e.d {
-		e.dl--
-		if e.c != containerArrayStart {
-			e.writeIndent()
-		}
-	}
-	e.w.writen1(']')
-	e.c = containerArrayEnd
-}
-
-func (e *jsonEncDriverGeneric) WriteMapStart(length int) {
-	if e.d {
-		e.dl++
-	}
-	e.w.writen1('{')
-	e.c = containerMapStart
-}
-
-func (e *jsonEncDriverGeneric) WriteMapElemKey() {
-	if e.c != containerMapStart {
-		e.w.writen1(',')
-	}
-	if e.d {
-		e.writeIndent()
-	}
-	e.c = containerMapKey
-}
-
-func (e *jsonEncDriverGeneric) WriteMapElemValue() {
-	if e.d {
-		e.w.writen2(':', ' ')
-	} else {
-		e.w.writen1(':')
-	}
-	e.c = containerMapValue
-}
-
-func (e *jsonEncDriverGeneric) WriteMapEnd() {
-	if e.d {
-		e.dl--
-		if e.c != containerMapStart {
-			e.writeIndent()
-		}
-	}
-	e.w.writen1('}')
-	e.c = containerMapEnd
-}
-
-func (e *jsonEncDriverGeneric) writeIndent() {
-	e.w.writen1('\n')
-	x := int(e.di) * int(e.dl)
-	if e.dt {
-		for x > jsonSpacesOrTabsLen {
-			e.w.writeb(jsonTabs[:])
-			x -= jsonSpacesOrTabsLen
-		}
-		e.w.writeb(jsonTabs[:x])
-	} else {
-		for x > jsonSpacesOrTabsLen {
-			e.w.writeb(jsonSpaces[:])
-			x -= jsonSpacesOrTabsLen
-		}
-		e.w.writeb(jsonSpaces[:x])
-	}
-}
-
-func (e *jsonEncDriverGeneric) EncodeBool(b bool) {
-	if e.ks && e.c == containerMapKey {
-		if b {
-			e.w.writeb(jsonLiterals[jsonLitTrueQ : jsonLitTrueQ+6])
-		} else {
-			e.w.writeb(jsonLiterals[jsonLitFalseQ : jsonLitFalseQ+7])
-		}
-	} else {
-		if b {
-			e.w.writeb(jsonLiterals[jsonLitTrue : jsonLitTrue+4])
-		} else {
-			e.w.writeb(jsonLiterals[jsonLitFalse : jsonLitFalse+5])
-		}
-	}
-}
-
-func (e *jsonEncDriverGeneric) EncodeFloat64(f float64) {
-	// instead of using 'g', specify whether to use 'e' or 'f'
-	fmt, prec := jsonFloatStrconvFmtPrec(f)
-
-	var blen int
-	if e.ks && e.c == containerMapKey {
-		blen = 2 + len(strconv.AppendFloat(e.b[1:1], f, fmt, prec, 64))
-		e.b[0] = '"'
-		e.b[blen-1] = '"'
-	} else {
-		blen = len(strconv.AppendFloat(e.b[:0], f, fmt, prec, 64))
-	}
-	e.w.writeb(e.b[:blen])
-}
-
-func (e *jsonEncDriverGeneric) EncodeInt(v int64) {
-	x := e.is
-	if x == 'A' || x == 'L' && (v > 1<<53 || v < -(1<<53)) || (e.ks && e.c == containerMapKey) {
-		blen := 2 + len(strconv.AppendInt(e.b[1:1], v, 10))
-		e.b[0] = '"'
-		e.b[blen-1] = '"'
-		e.w.writeb(e.b[:blen])
-		return
-	}
-	e.w.writeb(strconv.AppendInt(e.b[:0], v, 10))
-}
-
-func (e *jsonEncDriverGeneric) EncodeUint(v uint64) {
-	x := e.is
-	if x == 'A' || x == 'L' && v > 1<<53 || (e.ks && e.c == containerMapKey) {
-		blen := 2 + len(strconv.AppendUint(e.b[1:1], v, 10))
-		e.b[0] = '"'
-		e.b[blen-1] = '"'
-		e.w.writeb(e.b[:blen])
-		return
-	}
-	e.w.writeb(strconv.AppendUint(e.b[:0], v, 10))
-}
-
-func (e *jsonEncDriverGeneric) EncodeFloat32(f float32) {
-	// e.encodeFloat(float64(f), 32)
-	// always encode all floats as IEEE 64-bit floating point.
-	// It also ensures that we can decode in full precision even if into a float32,
-	// as what is written is always to float64 precision.
-	e.EncodeFloat64(float64(f))
-}
-
-func (e *jsonEncDriverGeneric) atEndOfEncode() {
-	if e.tw {
-		if e.d {
-			e.w.writen1('\n')
-		} else {
-			e.w.writen1(' ')
-		}
-	}
-}
-
-// --------------------
-
-type jsonEncDriver struct {
-	noBuiltInTypes
-	e  *Encoder
-	h  *JsonHandle
-	ew encWriter // encWriter // *encWriterSwitch
-	se extWrapper
-	// ---- cpu cache line boundary?
-	bs []byte // scratch
-	// ---- cpu cache line boundary?
-	b [jsonScratchArrayLen]byte // scratch (encode time,
-}
-
-func (e *jsonEncDriver) EncodeNil() {
-	// We always encode nil as just null (never in quotes)
-	// This allows us to easily decode if a nil in the json stream
-	// ie if initial token is n.
-	e.ew.writeb(jsonLiterals[jsonLitNull : jsonLitNull+4])
-
-	// if e.h.MapKeyAsString && e.c == containerMapKey {
-	// 	e.ew.writeb(jsonLiterals[jsonLitNullQ : jsonLitNullQ+6])
-	// } else {
-	// 	e.ew.writeb(jsonLiterals[jsonLitNull : jsonLitNull+4])
-	// }
-}
-
-func (e *jsonEncDriver) EncodeTime(t time.Time) {
-	// Do NOT use MarshalJSON, as it allocates internally.
-	// instead, we call AppendFormat directly, using our scratch buffer (e.b)
-	if t.IsZero() {
-		e.EncodeNil()
-	} else {
-		e.b[0] = '"'
-		b := t.AppendFormat(e.b[1:1], time.RFC3339Nano)
-		e.b[len(b)+1] = '"'
-		e.ew.writeb(e.b[:len(b)+2])
-	}
-	// v, err := t.MarshalJSON(); if err != nil { e.e.error(err) } e.ew.writeb(v)
-}
-
-func (e *jsonEncDriver) EncodeExt(rv interface{}, xtag uint64, ext Ext, en *Encoder) {
-	if v := ext.ConvertExt(rv); v == nil {
-		e.EncodeNil()
-	} else {
-		en.encode(v)
-	}
-}
-
-func (e *jsonEncDriver) EncodeRawExt(re *RawExt, en *Encoder) {
-	// only encodes re.Value (never re.Data)
-	if re.Value == nil {
-		e.EncodeNil()
-	} else {
-		en.encode(re.Value)
-	}
-}
-
-func (e *jsonEncDriver) EncodeString(c charEncoding, v string) {
-	e.quoteStr(v)
-}
-
-func (e *jsonEncDriver) EncodeStringBytes(c charEncoding, v []byte) {
-	// if encoding raw bytes and RawBytesExt is configured, use it to encode
-	if v == nil {
-		e.EncodeNil()
-		return
-	}
-	if c == cRAW {
-		if e.se.InterfaceExt != nil {
-			e.EncodeExt(v, 0, &e.se, e.e)
-			return
-		}
-
-		slen := base64.StdEncoding.EncodedLen(len(v))
-		if cap(e.bs) >= slen+2 {
-			e.bs = e.bs[:slen+2]
-		} else {
-			e.bs = make([]byte, slen+2)
-		}
-		e.bs[0] = '"'
-		base64.StdEncoding.Encode(e.bs[1:], v)
-		e.bs[slen+1] = '"'
-		e.ew.writeb(e.bs)
-	} else {
-		e.quoteStr(stringView(v))
-	}
-}
-
-func (e *jsonEncDriver) EncodeAsis(v []byte) {
-	e.ew.writeb(v)
-}
-
-func (e *jsonEncDriver) quoteStr(s string) {
-	// adapted from std pkg encoding/json
-	const hex = "0123456789abcdef"
-	w := e.ew
-	htmlasis := e.h.HTMLCharsAsIs
-	w.writen1('"')
-	var start int
-	for i, slen := 0, len(s); i < slen; {
-		// encode all bytes < 0x20 (except \r, \n).
-		// also encode < > & to prevent security holes when served to some browsers.
-		if b := s[i]; b < utf8.RuneSelf {
-			// if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
-			// if (htmlasis && jsonCharSafeSet.isset(b)) || jsonCharHtmlSafeSet.isset(b) {
-			if jsonCharHtmlSafeSet.isset(b) || (htmlasis && jsonCharSafeSet.isset(b)) {
-				i++
-				continue
-			}
-			if start < i {
-				w.writestr(s[start:i])
-			}
-			switch b {
-			case '\\', '"':
-				w.writen2('\\', b)
-			case '\n':
-				w.writen2('\\', 'n')
-			case '\r':
-				w.writen2('\\', 'r')
-			case '\b':
-				w.writen2('\\', 'b')
-			case '\f':
-				w.writen2('\\', 'f')
-			case '\t':
-				w.writen2('\\', 't')
-			default:
-				w.writestr(`\u00`)
-				w.writen2(hex[b>>4], hex[b&0xF])
-			}
-			i++
-			start = i
-			continue
-		}
-		c, size := utf8.DecodeRuneInString(s[i:])
-		if c == utf8.RuneError && size == 1 {
-			if start < i {
-				w.writestr(s[start:i])
-			}
-			w.writestr(`\ufffd`)
-			i += size
-			start = i
-			continue
-		}
-		// U+2028 is LINE SEPARATOR. U+2029 is PARAGRAPH SEPARATOR.
-		// Both technically valid JSON, but bomb on JSONP, so fix here unconditionally.
-		if c == '\u2028' || c == '\u2029' {
-			if start < i {
-				w.writestr(s[start:i])
-			}
-			w.writestr(`\u202`)
-			w.writen1(hex[c&0xF])
-			i += size
-			start = i
-			continue
-		}
-		i += size
-	}
-	if start < len(s) {
-		w.writestr(s[start:])
-	}
-	w.writen1('"')
-}
-
-type jsonDecDriver struct {
-	noBuiltInTypes
-	d  *Decoder
-	h  *JsonHandle
-	r  decReader // *decReaderSwitch // decReader
-	se extWrapper
-
-	// ---- writable fields during execution --- *try* to keep in sep cache line
-
-	c containerState
-	// tok is used to store the token read right after skipWhiteSpace.
-	tok   uint8
-	fnull bool    // found null from appendStringAsBytes
-	bs    []byte  // scratch. Initialized from b. Used for parsing strings or numbers.
-	bstr  [8]byte // scratch used for string \UXXX parsing
-	// ---- cpu cache line boundary?
-	b  [jsonScratchArrayLen]byte // scratch 1, used for parsing strings or numbers or time.Time
-	b2 [jsonScratchArrayLen]byte // scratch 2, used only for readUntil, decNumBytes
-
-	_ [3]uint64 // padding
-	// n jsonNum
-}
-
-// func jsonIsWS(b byte) bool {
-// 	// return b == ' ' || b == '\t' || b == '\r' || b == '\n'
-// 	return jsonCharWhitespaceSet.isset(b)
-// }
-
-func (d *jsonDecDriver) uncacheRead() {
-	if d.tok != 0 {
-		d.r.unreadn1()
-		d.tok = 0
-	}
-}
-
-func (d *jsonDecDriver) ReadMapStart() int {
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	const xc uint8 = '{'
-	if d.tok != xc {
-		d.d.errorf("read map - expect char '%c' but got char '%c'", xc, d.tok)
-	}
-	d.tok = 0
-	d.c = containerMapStart
-	return -1
-}
-
-func (d *jsonDecDriver) ReadArrayStart() int {
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	const xc uint8 = '['
-	if d.tok != xc {
-		d.d.errorf("read array - expect char '%c' but got char '%c'", xc, d.tok)
-	}
-	d.tok = 0
-	d.c = containerArrayStart
-	return -1
-}
-
-func (d *jsonDecDriver) CheckBreak() bool {
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	return d.tok == '}' || d.tok == ']'
-}
-
-// For the ReadXXX methods below, we could just delegate to helper functions
-// readContainerState(c containerState, xc uint8, check bool)
-// - ReadArrayElem would become:
-//   readContainerState(containerArrayElem, ',', d.c != containerArrayStart)
-//
-// However, until mid-stack inlining comes in go1.11 which supports inlining of
-// one-liners, we explicitly write them all 5 out to elide the extra func call.
-//
-// TODO: For Go 1.11, if inlined, consider consolidating these.
-
-func (d *jsonDecDriver) ReadArrayElem() {
-	const xc uint8 = ','
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	if d.c != containerArrayStart {
-		if d.tok != xc {
-			d.d.errorf("read array element - expect char '%c' but got char '%c'", xc, d.tok)
-		}
-		d.tok = 0
-	}
-	d.c = containerArrayElem
-}
-
-func (d *jsonDecDriver) ReadArrayEnd() {
-	const xc uint8 = ']'
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	if d.tok != xc {
-		d.d.errorf("read array end - expect char '%c' but got char '%c'", xc, d.tok)
-	}
-	d.tok = 0
-	d.c = containerArrayEnd
-}
-
-func (d *jsonDecDriver) ReadMapElemKey() {
-	const xc uint8 = ','
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	if d.c != containerMapStart {
-		if d.tok != xc {
-			d.d.errorf("read map key - expect char '%c' but got char '%c'", xc, d.tok)
-		}
-		d.tok = 0
-	}
-	d.c = containerMapKey
-}
-
-func (d *jsonDecDriver) ReadMapElemValue() {
-	const xc uint8 = ':'
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	if d.tok != xc {
-		d.d.errorf("read map value - expect char '%c' but got char '%c'", xc, d.tok)
-	}
-	d.tok = 0
-	d.c = containerMapValue
-}
-
-func (d *jsonDecDriver) ReadMapEnd() {
-	const xc uint8 = '}'
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	if d.tok != xc {
-		d.d.errorf("read map end - expect char '%c' but got char '%c'", xc, d.tok)
-	}
-	d.tok = 0
-	d.c = containerMapEnd
-}
-
-func (d *jsonDecDriver) readLit(length, fromIdx uint8) {
-	bs := d.r.readx(int(length))
-	d.tok = 0
-	if jsonValidateSymbols && !bytes.Equal(bs, jsonLiterals[fromIdx:fromIdx+length]) {
-		d.d.errorf("expecting %s: got %s", jsonLiterals[fromIdx:fromIdx+length], bs)
-		return
-	}
-}
-
-func (d *jsonDecDriver) TryDecodeAsNil() bool {
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	// we shouldn't try to see if "null" was here, right?
-	// only the plain string: `null` denotes a nil (ie not quotes)
-	if d.tok == 'n' {
-		d.readLit(3, jsonLitNull+1) // (n)ull
-		return true
-	}
-	return false
-}
-
-func (d *jsonDecDriver) DecodeBool() (v bool) {
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	fquot := d.c == containerMapKey && d.tok == '"'
-	if fquot {
-		d.tok = d.r.readn1()
-	}
-	switch d.tok {
-	case 'f':
-		d.readLit(4, jsonLitFalse+1) // (f)alse
-		// v = false
-	case 't':
-		d.readLit(3, jsonLitTrue+1) // (t)rue
-		v = true
-	default:
-		d.d.errorf("decode bool: got first char %c", d.tok)
-		// v = false // "unreachable"
-	}
-	if fquot {
-		d.r.readn1()
-	}
-	return
-}
-
-func (d *jsonDecDriver) DecodeTime() (t time.Time) {
-	// read string, and pass the string into json.unmarshal
-	d.appendStringAsBytes()
-	if d.fnull {
-		return
-	}
-	t, err := time.Parse(time.RFC3339, stringView(d.bs))
-	if err != nil {
-		d.d.errorv(err)
-	}
-	return
-}
-
-func (d *jsonDecDriver) ContainerType() (vt valueType) {
-	// check container type by checking the first char
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-
-	// optimize this, so we don't do 4 checks but do one computation.
-	// return jsonContainerSet[d.tok]
-
-	// ContainerType is mostly called for Map and Array,
-	// so this conditional is good enough (max 2 checks typically)
-	if b := d.tok; b == '{' {
-		return valueTypeMap
-	} else if b == '[' {
-		return valueTypeArray
-	} else if b == 'n' {
-		return valueTypeNil
-	} else if b == '"' {
-		return valueTypeString
-	}
-	return valueTypeUnset
-}
-
-func (d *jsonDecDriver) decNumBytes() (bs []byte) {
-	// stores num bytes in d.bs
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	if d.tok == '"' {
-		bs = d.r.readUntil(d.b2[:0], '"')
-		bs = bs[:len(bs)-1]
-	} else {
-		d.r.unreadn1()
-		bs = d.r.readTo(d.bs[:0], &jsonNumSet)
-	}
-	d.tok = 0
-	return bs
-}
-
-func (d *jsonDecDriver) DecodeUint64() (u uint64) {
-	bs := d.decNumBytes()
-	n, neg, badsyntax, overflow := jsonParseInteger(bs)
-	if overflow {
-		d.d.errorf("overflow parsing unsigned integer: %s", bs)
-	} else if neg {
-		d.d.errorf("minus found parsing unsigned integer: %s", bs)
-	} else if badsyntax {
-		// fallback: try to decode as float, and cast
-		n = d.decUint64ViaFloat(stringView(bs))
-	}
-	return n
-}
-
-func (d *jsonDecDriver) DecodeInt64() (i int64) {
-	const cutoff = uint64(1 << uint(64-1))
-	bs := d.decNumBytes()
-	n, neg, badsyntax, overflow := jsonParseInteger(bs)
-	if overflow {
-		d.d.errorf("overflow parsing integer: %s", bs)
-	} else if badsyntax {
-		// d.d.errorf("invalid syntax for integer: %s", bs)
-		// fallback: try to decode as float, and cast
-		if neg {
-			n = d.decUint64ViaFloat(stringView(bs[1:]))
-		} else {
-			n = d.decUint64ViaFloat(stringView(bs))
-		}
-	}
-	if neg {
-		if n > cutoff {
-			d.d.errorf("overflow parsing integer: %s", bs)
-		}
-		i = -(int64(n))
-	} else {
-		if n >= cutoff {
-			d.d.errorf("overflow parsing integer: %s", bs)
-		}
-		i = int64(n)
-	}
-	return
-}
-
-func (d *jsonDecDriver) decUint64ViaFloat(s string) (u uint64) {
-	f, err := strconv.ParseFloat(s, 64)
-	if err != nil {
-		d.d.errorf("invalid syntax for integer: %s", s)
-		// d.d.errorv(err)
-	}
-	fi, ff := math.Modf(f)
-	if ff > 0 {
-		d.d.errorf("fractional part found parsing integer: %s", s)
-	} else if fi > float64(math.MaxUint64) {
-		d.d.errorf("overflow parsing integer: %s", s)
-	}
-	return uint64(fi)
-}
-
-func (d *jsonDecDriver) DecodeFloat64() (f float64) {
-	bs := d.decNumBytes()
-	f, err := strconv.ParseFloat(stringView(bs), 64)
-	if err != nil {
-		d.d.errorv(err)
-	}
-	return
-}
-
-func (d *jsonDecDriver) DecodeExt(rv interface{}, xtag uint64, ext Ext) (realxtag uint64) {
-	if ext == nil {
-		re := rv.(*RawExt)
-		re.Tag = xtag
-		d.d.decode(&re.Value)
-	} else {
-		var v interface{}
-		d.d.decode(&v)
-		ext.UpdateExt(rv, v)
-	}
-	return
-}
-
-func (d *jsonDecDriver) DecodeBytes(bs []byte, zerocopy bool) (bsOut []byte) {
-	// if decoding into raw bytes, and the RawBytesExt is configured, use it to decode.
-	if d.se.InterfaceExt != nil {
-		bsOut = bs
-		d.DecodeExt(&bsOut, 0, &d.se)
-		return
-	}
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	// check if an "array" of uint8's (see ContainerType for how to infer if an array)
-	if d.tok == '[' {
-		bsOut, _ = fastpathTV.DecSliceUint8V(bs, true, d.d)
-		return
-	}
-	d.appendStringAsBytes()
-	// base64 encodes []byte{} as "", and we encode nil []byte as null.
-	// Consequently, base64 should decode null as a nil []byte, and "" as an empty []byte{}.
-	// appendStringAsBytes returns a zero-len slice for both, so as not to reset d.bs.
-	// However, it sets a fnull field to true, so we can check if a null was found.
-	if len(d.bs) == 0 {
-		if d.fnull {
-			return nil
-		}
-		return []byte{}
-	}
-	bs0 := d.bs
-	slen := base64.StdEncoding.DecodedLen(len(bs0))
-	if slen <= cap(bs) {
-		bsOut = bs[:slen]
-	} else if zerocopy && slen <= cap(d.b2) {
-		bsOut = d.b2[:slen]
-	} else {
-		bsOut = make([]byte, slen)
-	}
-	slen2, err := base64.StdEncoding.Decode(bsOut, bs0)
-	if err != nil {
-		d.d.errorf("error decoding base64 binary '%s': %v", bs0, err)
-		return nil
-	}
-	if slen != slen2 {
-		bsOut = bsOut[:slen2]
-	}
-	return
-}
-
-func (d *jsonDecDriver) DecodeString() (s string) {
-	d.appendStringAsBytes()
-	return d.bsToString()
-}
-
-func (d *jsonDecDriver) DecodeStringAsBytes() (s []byte) {
-	d.appendStringAsBytes()
-	return d.bs
-}
-
-func (d *jsonDecDriver) appendStringAsBytes() {
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-
-	d.fnull = false
-	if d.tok != '"' {
-		// d.d.errorf("expect char '%c' but got char '%c'", '"', d.tok)
-		// handle non-string scalar: null, true, false or a number
-		switch d.tok {
-		case 'n':
-			d.readLit(3, jsonLitNull+1) // (n)ull
-			d.bs = d.bs[:0]
-			d.fnull = true
-		case 'f':
-			d.readLit(4, jsonLitFalse+1) // (f)alse
-			d.bs = d.bs[:5]
-			copy(d.bs, "false")
-		case 't':
-			d.readLit(3, jsonLitTrue+1) // (t)rue
-			d.bs = d.bs[:4]
-			copy(d.bs, "true")
-		default:
-			// try to parse a valid number
-			bs := d.decNumBytes()
-			if len(bs) <= cap(d.bs) {
-				d.bs = d.bs[:len(bs)]
-			} else {
-				d.bs = make([]byte, len(bs))
-			}
-			copy(d.bs, bs)
-		}
-		return
-	}
-
-	d.tok = 0
-	r := d.r
-	var cs = r.readUntil(d.b2[:0], '"')
-	var cslen = len(cs)
-	var c uint8
-	v := d.bs[:0]
-	// append on each byte seen can be expensive, so we just
-	// keep track of where we last read a contiguous set of
-	// non-special bytes (using cursor variable),
-	// and when we see a special byte
-	// e.g. end-of-slice, " or \,
-	// we will append the full range into the v slice before proceeding
-	for i, cursor := 0, 0; ; {
-		if i == cslen {
-			v = append(v, cs[cursor:]...)
-			cs = r.readUntil(d.b2[:0], '"')
-			cslen = len(cs)
-			i, cursor = 0, 0
-		}
-		c = cs[i]
-		if c == '"' {
-			v = append(v, cs[cursor:i]...)
-			break
-		}
-		if c != '\\' {
-			i++
-			continue
-		}
-		v = append(v, cs[cursor:i]...)
-		i++
-		c = cs[i]
-		switch c {
-		case '"', '\\', '/', '\'':
-			v = append(v, c)
-		case 'b':
-			v = append(v, '\b')
-		case 'f':
-			v = append(v, '\f')
-		case 'n':
-			v = append(v, '\n')
-		case 'r':
-			v = append(v, '\r')
-		case 't':
-			v = append(v, '\t')
-		case 'u':
-			var r rune
-			var rr uint32
-			if len(cs) < i+4 { // may help reduce bounds-checking
-				d.d.errorf("need at least 4 more bytes for unicode sequence")
-			}
-			// c = cs[i+4] // may help reduce bounds-checking
-			for j := 1; j < 5; j++ {
-				// best to use explicit if-else
-				// - not a table, etc which involve memory loads, array lookup with bounds checks, etc
-				c = cs[i+j]
-				if c >= '0' && c <= '9' {
-					rr = rr*16 + uint32(c-jsonU4Chk2)
-				} else if c >= 'a' && c <= 'f' {
-					rr = rr*16 + uint32(c-jsonU4Chk1)
-				} else if c >= 'A' && c <= 'F' {
-					rr = rr*16 + uint32(c-jsonU4Chk0)
-				} else {
-					r = unicode.ReplacementChar
-					i += 4
-					goto encode_rune
-				}
-			}
-			r = rune(rr)
-			i += 4
-			if utf16.IsSurrogate(r) {
-				if len(cs) >= i+6 && cs[i+2] == 'u' && cs[i+1] == '\\' {
-					i += 2
-					// c = cs[i+4] // may help reduce bounds-checking
-					var rr1 uint32
-					for j := 1; j < 5; j++ {
-						c = cs[i+j]
-						if c >= '0' && c <= '9' {
-							rr = rr*16 + uint32(c-jsonU4Chk2)
-						} else if c >= 'a' && c <= 'f' {
-							rr = rr*16 + uint32(c-jsonU4Chk1)
-						} else if c >= 'A' && c <= 'F' {
-							rr = rr*16 + uint32(c-jsonU4Chk0)
-						} else {
-							r = unicode.ReplacementChar
-							i += 4
-							goto encode_rune
-						}
-					}
-					r = utf16.DecodeRune(r, rune(rr1))
-					i += 4
-				} else {
-					r = unicode.ReplacementChar
-					goto encode_rune
-				}
-			}
-		encode_rune:
-			w2 := utf8.EncodeRune(d.bstr[:], r)
-			v = append(v, d.bstr[:w2]...)
-		default:
-			d.d.errorf("unsupported escaped value: %c", c)
-		}
-		i++
-		cursor = i
-	}
-	d.bs = v
-}
-
-func (d *jsonDecDriver) nakedNum(z *decNaked, bs []byte) (err error) {
-	const cutoff = uint64(1 << uint(64-1))
-	var n uint64
-	var neg, badsyntax, overflow bool
-
-	if d.h.PreferFloat {
-		goto F
-	}
-	n, neg, badsyntax, overflow = jsonParseInteger(bs)
-	if badsyntax || overflow {
-		goto F
-	}
-	if neg {
-		if n > cutoff {
-			goto F
-		}
-		z.v = valueTypeInt
-		z.i = -(int64(n))
-	} else if d.h.SignedInteger {
-		if n >= cutoff {
-			goto F
-		}
-		z.v = valueTypeInt
-		z.i = int64(n)
-	} else {
-		z.v = valueTypeUint
-		z.u = n
-	}
-	return
-F:
-	z.v = valueTypeFloat
-	z.f, err = strconv.ParseFloat(stringView(bs), 64)
-	return
-}
-
-func (d *jsonDecDriver) bsToString() string {
-	// if x := d.s.sc; x != nil && x.so && x.st == '}' { // map key
-	if jsonAlwaysReturnInternString || d.c == containerMapKey {
-		return d.d.string(d.bs)
-	}
-	return string(d.bs)
-}
-
-func (d *jsonDecDriver) DecodeNaked() {
-	z := d.d.n
-	// var decodeFurther bool
-
-	if d.tok == 0 {
-		d.tok = d.r.skip(&jsonCharWhitespaceSet)
-	}
-	switch d.tok {
-	case 'n':
-		d.readLit(3, jsonLitNull+1) // (n)ull
-		z.v = valueTypeNil
-	case 'f':
-		d.readLit(4, jsonLitFalse+1) // (f)alse
-		z.v = valueTypeBool
-		z.b = false
-	case 't':
-		d.readLit(3, jsonLitTrue+1) // (t)rue
-		z.v = valueTypeBool
-		z.b = true
-	case '{':
-		z.v = valueTypeMap // don't consume. kInterfaceNaked will call ReadMapStart
-	case '[':
-		z.v = valueTypeArray // don't consume. kInterfaceNaked will call ReadArrayStart
-	case '"':
-		// if a string, and MapKeyAsString, then try to decode it as a nil, bool or number first
-		d.appendStringAsBytes()
-		if len(d.bs) > 0 && d.c == containerMapKey && d.h.MapKeyAsString {
-			switch stringView(d.bs) {
-			case "null":
-				z.v = valueTypeNil
-			case "true":
-				z.v = valueTypeBool
-				z.b = true
-			case "false":
-				z.v = valueTypeBool
-				z.b = false
-			default:
-				// check if a number: float, int or uint
-				if err := d.nakedNum(z, d.bs); err != nil {
-					z.v = valueTypeString
-					z.s = d.bsToString()
-				}
-			}
-		} else {
-			z.v = valueTypeString
-			z.s = d.bsToString()
-		}
-	default: // number
-		bs := d.decNumBytes()
-		if len(bs) == 0 {
-			d.d.errorf("decode number from empty string")
-			return
-		}
-		if err := d.nakedNum(z, bs); err != nil {
-			d.d.errorf("decode number from %s: %v", bs, err)
-			return
-		}
-	}
-	// if decodeFurther {
-	// 	d.s.sc.retryRead()
-	// }
-	return
-}
-
-//----------------------
-
-// JsonHandle is a handle for JSON encoding format.
-//
-// Json is comprehensively supported:
-//    - decodes numbers into interface{} as int, uint or float64
-//      based on how the number looks and some config parameters e.g. PreferFloat, SignedInt, etc.
-//    - decode integers from float formatted numbers e.g. 1.27e+8
-//    - decode any json value (numbers, bool, etc) from quoted strings
-//    - configurable way to encode/decode []byte .
-//      by default, encodes and decodes []byte using base64 Std Encoding
-//    - UTF-8 support for encoding and decoding
-//
-// It has better performance than the json library in the standard library,
-// by leveraging the performance improvements of the codec library.
-//
-// In addition, it doesn't read more bytes than necessary during a decode, which allows
-// reading multiple values from a stream containing json and non-json content.
-// For example, a user can read a json value, then a cbor value, then a msgpack value,
-// all from the same stream in sequence.
-//
-// Note that, when decoding quoted strings, invalid UTF-8 or invalid UTF-16 surrogate pairs are
-// not treated as an error. Instead, they are replaced by the Unicode replacement character U+FFFD.
-type JsonHandle struct {
-	textEncodingType
-	BasicHandle
-
-	// Indent indicates how a value is encoded.
-	//   - If positive, indent by that number of spaces.
-	//   - If negative, indent by that number of tabs.
-	Indent int8
-
-	// IntegerAsString controls how integers (signed and unsigned) are encoded.
-	//
-	// Per the JSON Spec, JSON numbers are 64-bit floating point numbers.
-	// Consequently, integers > 2^53 cannot be represented as a JSON number without losing precision.
-	// This can be mitigated by configuring how to encode integers.
-	//
-	// IntegerAsString interpretes the following values:
-	//   - if 'L', then encode integers > 2^53 as a json string.
-	//   - if 'A', then encode all integers as a json string
-	//             containing the exact integer representation as a decimal.
-	//   - else    encode all integers as a json number (default)
-	IntegerAsString byte
-
-	// HTMLCharsAsIs controls how to encode some special characters to html: < > &
-	//
-	// By default, we encode them as \uXXX
-	// to prevent security holes when served from some browsers.
-	HTMLCharsAsIs bool
-
-	// PreferFloat says that we will default to decoding a number as a float.
-	// If not set, we will examine the characters of the number and decode as an
-	// integer type if it doesn't have any of the characters [.eE].
-	PreferFloat bool
-
-	// TermWhitespace says that we add a whitespace character
-	// at the end of an encoding.
-	//
-	// The whitespace is important, especially if using numbers in a context
-	// where multiple items are written to a stream.
-	TermWhitespace bool
-
-	// MapKeyAsString says to encode all map keys as strings.
-	//
-	// Use this to enforce strict json output.
-	// The only caveat is that nil value is ALWAYS written as null (never as "null")
-	MapKeyAsString bool
-
-	// _ [2]byte // padding
-
-	// Note: below, we store hardly-used items e.g. RawBytesExt is cached in the (en|de)cDriver.
-
-	// RawBytesExt, if configured, is used to encode and decode raw bytes in a custom way.
-	// If not configured, raw bytes are encoded to/from base64 text.
-	RawBytesExt InterfaceExt
-
-	_ [2]uint64 // padding
-}
-
-// Name returns the name of the handle: json
-func (h *JsonHandle) Name() string            { return "json" }
-func (h *JsonHandle) hasElemSeparators() bool { return true }
-func (h *JsonHandle) typical() bool {
-	return h.Indent == 0 && !h.MapKeyAsString && h.IntegerAsString != 'A' && h.IntegerAsString != 'L'
-}
-
-type jsonTypical interface {
-	typical()
-}
-
-func (h *JsonHandle) recreateEncDriver(ed encDriver) (v bool) {
-	_, v = ed.(jsonTypical)
-	return v != h.typical()
-}
-
-// SetInterfaceExt sets an extension
-func (h *JsonHandle) SetInterfaceExt(rt reflect.Type, tag uint64, ext InterfaceExt) (err error) {
-	return h.SetExt(rt, tag, &extWrapper{bytesExtFailer{}, ext})
-}
-
-type jsonEncDriverTypicalImpl struct {
-	jsonEncDriver
-	jsonEncDriverTypical
-	_ [1]uint64 // padding
-}
-
-func (x *jsonEncDriverTypicalImpl) reset() {
-	x.jsonEncDriver.reset()
-	x.jsonEncDriverTypical.reset(&x.jsonEncDriver)
-}
-
-type jsonEncDriverGenericImpl struct {
-	jsonEncDriver
-	jsonEncDriverGeneric
-}
-
-func (x *jsonEncDriverGenericImpl) reset() {
-	x.jsonEncDriver.reset()
-	x.jsonEncDriverGeneric.reset(&x.jsonEncDriver)
-}
-
-func (h *JsonHandle) newEncDriver(e *Encoder) (ee encDriver) {
-	var hd *jsonEncDriver
-	if h.typical() {
-		var v jsonEncDriverTypicalImpl
-		ee = &v
-		hd = &v.jsonEncDriver
-	} else {
-		var v jsonEncDriverGenericImpl
-		ee = &v
-		hd = &v.jsonEncDriver
-	}
-	hd.e, hd.h, hd.bs = e, h, hd.b[:0]
-	hd.se.BytesExt = bytesExtFailer{}
-	ee.reset()
-	return
-}
-
-func (h *JsonHandle) newDecDriver(d *Decoder) decDriver {
-	// d := jsonDecDriver{r: r.(*bytesDecReader), h: h}
-	hd := jsonDecDriver{d: d, h: h}
-	hd.se.BytesExt = bytesExtFailer{}
-	hd.bs = hd.b[:0]
-	hd.reset()
-	return &hd
-}
-
-func (e *jsonEncDriver) reset() {
-	e.ew = e.e.w // e.e.w // &e.e.encWriterSwitch
-	e.se.InterfaceExt = e.h.RawBytesExt
-	if e.bs != nil {
-		e.bs = e.bs[:0]
-	}
-}
-
-func (d *jsonDecDriver) reset() {
-	d.r = d.d.r // &d.d.decReaderSwitch // d.d.r
-	d.se.InterfaceExt = d.h.RawBytesExt
-	if d.bs != nil {
-		d.bs = d.bs[:0]
-	}
-	d.c, d.tok = 0, 0
-	// d.n.reset()
-}
-
-func jsonFloatStrconvFmtPrec(f float64) (fmt byte, prec int) {
-	prec = -1
-	var abs = math.Abs(f)
-	if abs != 0 && (abs < 1e-6 || abs >= 1e21) {
-		fmt = 'e'
-	} else {
-		fmt = 'f'
-		// set prec to 1 iff mod is 0.
-		//     better than using jsonIsFloatBytesB2 to check if a . or E in the float bytes.
-		// this ensures that every float has an e or .0 in it.
-		if abs <= 1 {
-			if abs == 0 || abs == 1 {
-				prec = 1
-			}
-		} else if _, mod := math.Modf(abs); mod == 0 {
-			prec = 1
-		}
-	}
-	return
-}
-
-// custom-fitted version of strconv.Parse(Ui|I)nt.
-// Also ensures we don't have to search for .eE to determine if a float or not.
-func jsonParseInteger(s []byte) (n uint64, neg, badSyntax, overflow bool) {
-	const maxUint64 = (1<<64 - 1)
-	const cutoff = maxUint64/10 + 1
-
-	if len(s) == 0 {
-		badSyntax = true
-		return
-	}
-	switch s[0] {
-	case '+':
-		s = s[1:]
-	case '-':
-		s = s[1:]
-		neg = true
-	}
-	for _, c := range s {
-		if c < '0' || c > '9' {
-			badSyntax = true
-			return
-		}
-		// unsigned integers don't overflow well on multiplication, so check cutoff here
-		// e.g. (maxUint64-5)*10 doesn't overflow well ...
-		if n >= cutoff {
-			overflow = true
-			return
-		}
-		n *= 10
-		n1 := n + uint64(c-'0')
-		if n1 < n || n1 > maxUint64 {
-			overflow = true
-			return
-		}
-		n = n1
-	}
-	return
-}
-
-var _ decDriver = (*jsonDecDriver)(nil)
-var _ encDriver = (*jsonEncDriverGenericImpl)(nil)
-var _ encDriver = (*jsonEncDriverTypicalImpl)(nil)
-var _ jsonTypical = (*jsonEncDriverTypical)(nil)
diff --git a/vendor/github.com/ugorji/go/codec/msgpack.go b/vendor/github.com/ugorji/go/codec/msgpack.go
deleted file mode 100644
index 3271579a1a4d8..0000000000000
--- a/vendor/github.com/ugorji/go/codec/msgpack.go
+++ /dev/null
@@ -1,1092 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-/*
-MSGPACK
-
-Msgpack-c implementation powers the c, c++, python, ruby, etc libraries.
-We need to maintain compatibility with it and how it encodes integer values
-without caring about the type.
-
-For compatibility with behaviour of msgpack-c reference implementation:
-  - Go intX (>0) and uintX
-       IS ENCODED AS
-    msgpack +ve fixnum, unsigned
-  - Go intX (<0)
-       IS ENCODED AS
-    msgpack -ve fixnum, signed
-*/
-
-package codec
-
-import (
-	"fmt"
-	"io"
-	"math"
-	"net/rpc"
-	"reflect"
-	"time"
-)
-
-const (
-	mpPosFixNumMin byte = 0x00
-	mpPosFixNumMax      = 0x7f
-	mpFixMapMin         = 0x80
-	mpFixMapMax         = 0x8f
-	mpFixArrayMin       = 0x90
-	mpFixArrayMax       = 0x9f
-	mpFixStrMin         = 0xa0
-	mpFixStrMax         = 0xbf
-	mpNil               = 0xc0
-	_                   = 0xc1
-	mpFalse             = 0xc2
-	mpTrue              = 0xc3
-	mpFloat             = 0xca
-	mpDouble            = 0xcb
-	mpUint8             = 0xcc
-	mpUint16            = 0xcd
-	mpUint32            = 0xce
-	mpUint64            = 0xcf
-	mpInt8              = 0xd0
-	mpInt16             = 0xd1
-	mpInt32             = 0xd2
-	mpInt64             = 0xd3
-
-	// extensions below
-	mpBin8     = 0xc4
-	mpBin16    = 0xc5
-	mpBin32    = 0xc6
-	mpExt8     = 0xc7
-	mpExt16    = 0xc8
-	mpExt32    = 0xc9
-	mpFixExt1  = 0xd4
-	mpFixExt2  = 0xd5
-	mpFixExt4  = 0xd6
-	mpFixExt8  = 0xd7
-	mpFixExt16 = 0xd8
-
-	mpStr8  = 0xd9 // new
-	mpStr16 = 0xda
-	mpStr32 = 0xdb
-
-	mpArray16 = 0xdc
-	mpArray32 = 0xdd
-
-	mpMap16 = 0xde
-	mpMap32 = 0xdf
-
-	mpNegFixNumMin = 0xe0
-	mpNegFixNumMax = 0xff
-)
-
-var mpTimeExtTag int8 = -1
-var mpTimeExtTagU = uint8(mpTimeExtTag)
-
-// var mpdesc = map[byte]string{
-// 	mpPosFixNumMin: "PosFixNumMin",
-// 	mpPosFixNumMax: "PosFixNumMax",
-// 	mpFixMapMin:    "FixMapMin",
-// 	mpFixMapMax:    "FixMapMax",
-// 	mpFixArrayMin:  "FixArrayMin",
-// 	mpFixArrayMax:  "FixArrayMax",
-// 	mpFixStrMin:    "FixStrMin",
-// 	mpFixStrMax:    "FixStrMax",
-// 	mpNil:          "Nil",
-// 	mpFalse:        "False",
-// 	mpTrue:         "True",
-// 	mpFloat:        "Float",
-// 	mpDouble:       "Double",
-// 	mpUint8:        "Uint8",
-// 	mpUint16:       "Uint16",
-// 	mpUint32:       "Uint32",
-// 	mpUint64:       "Uint64",
-// 	mpInt8:         "Int8",
-// 	mpInt16:        "Int16",
-// 	mpInt32:        "Int32",
-// 	mpInt64:        "Int64",
-// 	mpBin8:         "Bin8",
-// 	mpBin16:        "Bin16",
-// 	mpBin32:        "Bin32",
-// 	mpExt8:         "Ext8",
-// 	mpExt16:        "Ext16",
-// 	mpExt32:        "Ext32",
-// 	mpFixExt1:      "FixExt1",
-// 	mpFixExt2:      "FixExt2",
-// 	mpFixExt4:      "FixExt4",
-// 	mpFixExt8:      "FixExt8",
-// 	mpFixExt16:     "FixExt16",
-// 	mpStr8:         "Str8",
-// 	mpStr16:        "Str16",
-// 	mpStr32:        "Str32",
-// 	mpArray16:      "Array16",
-// 	mpArray32:      "Array32",
-// 	mpMap16:        "Map16",
-// 	mpMap32:        "Map32",
-// 	mpNegFixNumMin: "NegFixNumMin",
-// 	mpNegFixNumMax: "NegFixNumMax",
-// }
-
-func mpdesc(bd byte) string {
-	switch bd {
-	case mpNil:
-		return "nil"
-	case mpFalse:
-		return "false"
-	case mpTrue:
-		return "true"
-	case mpFloat, mpDouble:
-		return "float"
-	case mpUint8, mpUint16, mpUint32, mpUint64:
-		return "uint"
-	case mpInt8, mpInt16, mpInt32, mpInt64:
-		return "int"
-	default:
-		switch {
-		case bd >= mpPosFixNumMin && bd <= mpPosFixNumMax:
-			return "int"
-		case bd >= mpNegFixNumMin && bd <= mpNegFixNumMax:
-			return "int"
-		case bd == mpStr8, bd == mpStr16, bd == mpStr32, bd >= mpFixStrMin && bd <= mpFixStrMax:
-			return "string|bytes"
-		case bd == mpBin8, bd == mpBin16, bd == mpBin32:
-			return "bytes"
-		case bd == mpArray16, bd == mpArray32, bd >= mpFixArrayMin && bd <= mpFixArrayMax:
-			return "array"
-		case bd == mpMap16, bd == mpMap32, bd >= mpFixMapMin && bd <= mpFixMapMax:
-			return "map"
-		case bd >= mpFixExt1 && bd <= mpFixExt16, bd >= mpExt8 && bd <= mpExt32:
-			return "ext"
-		default:
-			return "unknown"
-		}
-	}
-}
-
-// MsgpackSpecRpcMultiArgs is a special type which signifies to the MsgpackSpecRpcCodec
-// that the backend RPC service takes multiple arguments, which have been arranged
-// in sequence in the slice.
-//
-// The Codec then passes it AS-IS to the rpc service (without wrapping it in an
-// array of 1 element).
-type MsgpackSpecRpcMultiArgs []interface{}
-
-// A MsgpackContainer type specifies the different types of msgpackContainers.
-type msgpackContainerType struct {
-	fixCutoff                   int
-	bFixMin, b8, b16, b32       byte
-	hasFixMin, has8, has8Always bool
-}
-
-var (
-	msgpackContainerStr = msgpackContainerType{
-		32, mpFixStrMin, mpStr8, mpStr16, mpStr32, true, true, false,
-	}
-	msgpackContainerBin = msgpackContainerType{
-		0, 0, mpBin8, mpBin16, mpBin32, false, true, true,
-	}
-	msgpackContainerList = msgpackContainerType{
-		16, mpFixArrayMin, 0, mpArray16, mpArray32, true, false, false,
-	}
-	msgpackContainerMap = msgpackContainerType{
-		16, mpFixMapMin, 0, mpMap16, mpMap32, true, false, false,
-	}
-)
-
-//---------------------------------------------
-
-type msgpackEncDriver struct {
-	noBuiltInTypes
-	encDriverNoopContainerWriter
-	// encNoSeparator
-	e *Encoder
-	w encWriter
-	h *MsgpackHandle
-	x [8]byte
-	_ [3]uint64 // padding
-}
-
-func (e *msgpackEncDriver) EncodeNil() {
-	e.w.writen1(mpNil)
-}
-
-func (e *msgpackEncDriver) EncodeInt(i int64) {
-	// if i >= 0 {
-	// 	e.EncodeUint(uint64(i))
-	// } else if false &&
-	if i > math.MaxInt8 {
-		if i <= math.MaxInt16 {
-			e.w.writen1(mpInt16)
-			bigenHelper{e.x[:2], e.w}.writeUint16(uint16(i))
-		} else if i <= math.MaxInt32 {
-			e.w.writen1(mpInt32)
-			bigenHelper{e.x[:4], e.w}.writeUint32(uint32(i))
-		} else {
-			e.w.writen1(mpInt64)
-			bigenHelper{e.x[:8], e.w}.writeUint64(uint64(i))
-		}
-	} else if i >= -32 {
-		if e.h.NoFixedNum {
-			e.w.writen2(mpInt8, byte(i))
-		} else {
-			e.w.writen1(byte(i))
-		}
-	} else if i >= math.MinInt8 {
-		e.w.writen2(mpInt8, byte(i))
-	} else if i >= math.MinInt16 {
-		e.w.writen1(mpInt16)
-		bigenHelper{e.x[:2], e.w}.writeUint16(uint16(i))
-	} else if i >= math.MinInt32 {
-		e.w.writen1(mpInt32)
-		bigenHelper{e.x[:4], e.w}.writeUint32(uint32(i))
-	} else {
-		e.w.writen1(mpInt64)
-		bigenHelper{e.x[:8], e.w}.writeUint64(uint64(i))
-	}
-}
-
-func (e *msgpackEncDriver) EncodeUint(i uint64) {
-	if i <= math.MaxInt8 {
-		if e.h.NoFixedNum {
-			e.w.writen2(mpUint8, byte(i))
-		} else {
-			e.w.writen1(byte(i))
-		}
-	} else if i <= math.MaxUint8 {
-		e.w.writen2(mpUint8, byte(i))
-	} else if i <= math.MaxUint16 {
-		e.w.writen1(mpUint16)
-		bigenHelper{e.x[:2], e.w}.writeUint16(uint16(i))
-	} else if i <= math.MaxUint32 {
-		e.w.writen1(mpUint32)
-		bigenHelper{e.x[:4], e.w}.writeUint32(uint32(i))
-	} else {
-		e.w.writen1(mpUint64)
-		bigenHelper{e.x[:8], e.w}.writeUint64(uint64(i))
-	}
-}
-
-func (e *msgpackEncDriver) EncodeBool(b bool) {
-	if b {
-		e.w.writen1(mpTrue)
-	} else {
-		e.w.writen1(mpFalse)
-	}
-}
-
-func (e *msgpackEncDriver) EncodeFloat32(f float32) {
-	e.w.writen1(mpFloat)
-	bigenHelper{e.x[:4], e.w}.writeUint32(math.Float32bits(f))
-}
-
-func (e *msgpackEncDriver) EncodeFloat64(f float64) {
-	e.w.writen1(mpDouble)
-	bigenHelper{e.x[:8], e.w}.writeUint64(math.Float64bits(f))
-}
-
-func (e *msgpackEncDriver) EncodeTime(t time.Time) {
-	if t.IsZero() {
-		e.EncodeNil()
-		return
-	}
-	t = t.UTC()
-	sec, nsec := t.Unix(), uint64(t.Nanosecond())
-	var data64 uint64
-	var l = 4
-	if sec >= 0 && sec>>34 == 0 {
-		data64 = (nsec << 34) | uint64(sec)
-		if data64&0xffffffff00000000 != 0 {
-			l = 8
-		}
-	} else {
-		l = 12
-	}
-	if e.h.WriteExt {
-		e.encodeExtPreamble(mpTimeExtTagU, l)
-	} else {
-		e.writeContainerLen(msgpackContainerStr, l)
-	}
-	switch l {
-	case 4:
-		bigenHelper{e.x[:4], e.w}.writeUint32(uint32(data64))
-	case 8:
-		bigenHelper{e.x[:8], e.w}.writeUint64(data64)
-	case 12:
-		bigenHelper{e.x[:4], e.w}.writeUint32(uint32(nsec))
-		bigenHelper{e.x[:8], e.w}.writeUint64(uint64(sec))
-	}
-}
-
-func (e *msgpackEncDriver) EncodeExt(v interface{}, xtag uint64, ext Ext, _ *Encoder) {
-	bs := ext.WriteExt(v)
-	if bs == nil {
-		e.EncodeNil()
-		return
-	}
-	if e.h.WriteExt {
-		e.encodeExtPreamble(uint8(xtag), len(bs))
-		e.w.writeb(bs)
-	} else {
-		e.EncodeStringBytes(cRAW, bs)
-	}
-}
-
-func (e *msgpackEncDriver) EncodeRawExt(re *RawExt, _ *Encoder) {
-	e.encodeExtPreamble(uint8(re.Tag), len(re.Data))
-	e.w.writeb(re.Data)
-}
-
-func (e *msgpackEncDriver) encodeExtPreamble(xtag byte, l int) {
-	if l == 1 {
-		e.w.writen2(mpFixExt1, xtag)
-	} else if l == 2 {
-		e.w.writen2(mpFixExt2, xtag)
-	} else if l == 4 {
-		e.w.writen2(mpFixExt4, xtag)
-	} else if l == 8 {
-		e.w.writen2(mpFixExt8, xtag)
-	} else if l == 16 {
-		e.w.writen2(mpFixExt16, xtag)
-	} else if l < 256 {
-		e.w.writen2(mpExt8, byte(l))
-		e.w.writen1(xtag)
-	} else if l < 65536 {
-		e.w.writen1(mpExt16)
-		bigenHelper{e.x[:2], e.w}.writeUint16(uint16(l))
-		e.w.writen1(xtag)
-	} else {
-		e.w.writen1(mpExt32)
-		bigenHelper{e.x[:4], e.w}.writeUint32(uint32(l))
-		e.w.writen1(xtag)
-	}
-}
-
-func (e *msgpackEncDriver) WriteArrayStart(length int) {
-	e.writeContainerLen(msgpackContainerList, length)
-}
-
-func (e *msgpackEncDriver) WriteMapStart(length int) {
-	e.writeContainerLen(msgpackContainerMap, length)
-}
-
-func (e *msgpackEncDriver) EncodeString(c charEncoding, s string) {
-	slen := len(s)
-	if c == cRAW && e.h.WriteExt {
-		e.writeContainerLen(msgpackContainerBin, slen)
-	} else {
-		e.writeContainerLen(msgpackContainerStr, slen)
-	}
-	if slen > 0 {
-		e.w.writestr(s)
-	}
-}
-
-func (e *msgpackEncDriver) EncodeStringBytes(c charEncoding, bs []byte) {
-	if bs == nil {
-		e.EncodeNil()
-		return
-	}
-	slen := len(bs)
-	if c == cRAW && e.h.WriteExt {
-		e.writeContainerLen(msgpackContainerBin, slen)
-	} else {
-		e.writeContainerLen(msgpackContainerStr, slen)
-	}
-	if slen > 0 {
-		e.w.writeb(bs)
-	}
-}
-
-func (e *msgpackEncDriver) writeContainerLen(ct msgpackContainerType, l int) {
-	if ct.hasFixMin && l < ct.fixCutoff {
-		e.w.writen1(ct.bFixMin | byte(l))
-	} else if ct.has8 && l < 256 && (ct.has8Always || e.h.WriteExt) {
-		e.w.writen2(ct.b8, uint8(l))
-	} else if l < 65536 {
-		e.w.writen1(ct.b16)
-		bigenHelper{e.x[:2], e.w}.writeUint16(uint16(l))
-	} else {
-		e.w.writen1(ct.b32)
-		bigenHelper{e.x[:4], e.w}.writeUint32(uint32(l))
-	}
-}
-
-//---------------------------------------------
-
-type msgpackDecDriver struct {
-	d *Decoder
-	r decReader // *Decoder decReader decReaderT
-	h *MsgpackHandle
-	// b      [scratchByteArrayLen]byte
-	bd     byte
-	bdRead bool
-	br     bool // bytes reader
-	noBuiltInTypes
-	// noStreamingCodec
-	// decNoSeparator
-	decDriverNoopContainerReader
-	_ [3]uint64 // padding
-}
-
-// Note: This returns either a primitive (int, bool, etc) for non-containers,
-// or a containerType, or a specific type denoting nil or extension.
-// It is called when a nil interface{} is passed, leaving it up to the DecDriver
-// to introspect the stream and decide how best to decode.
-// It deciphers the value by looking at the stream first.
-func (d *msgpackDecDriver) DecodeNaked() {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	bd := d.bd
-	n := d.d.n
-	var decodeFurther bool
-
-	switch bd {
-	case mpNil:
-		n.v = valueTypeNil
-		d.bdRead = false
-	case mpFalse:
-		n.v = valueTypeBool
-		n.b = false
-	case mpTrue:
-		n.v = valueTypeBool
-		n.b = true
-
-	case mpFloat:
-		n.v = valueTypeFloat
-		n.f = float64(math.Float32frombits(bigen.Uint32(d.r.readx(4))))
-	case mpDouble:
-		n.v = valueTypeFloat
-		n.f = math.Float64frombits(bigen.Uint64(d.r.readx(8)))
-
-	case mpUint8:
-		n.v = valueTypeUint
-		n.u = uint64(d.r.readn1())
-	case mpUint16:
-		n.v = valueTypeUint
-		n.u = uint64(bigen.Uint16(d.r.readx(2)))
-	case mpUint32:
-		n.v = valueTypeUint
-		n.u = uint64(bigen.Uint32(d.r.readx(4)))
-	case mpUint64:
-		n.v = valueTypeUint
-		n.u = uint64(bigen.Uint64(d.r.readx(8)))
-
-	case mpInt8:
-		n.v = valueTypeInt
-		n.i = int64(int8(d.r.readn1()))
-	case mpInt16:
-		n.v = valueTypeInt
-		n.i = int64(int16(bigen.Uint16(d.r.readx(2))))
-	case mpInt32:
-		n.v = valueTypeInt
-		n.i = int64(int32(bigen.Uint32(d.r.readx(4))))
-	case mpInt64:
-		n.v = valueTypeInt
-		n.i = int64(int64(bigen.Uint64(d.r.readx(8))))
-
-	default:
-		switch {
-		case bd >= mpPosFixNumMin && bd <= mpPosFixNumMax:
-			// positive fixnum (always signed)
-			n.v = valueTypeInt
-			n.i = int64(int8(bd))
-		case bd >= mpNegFixNumMin && bd <= mpNegFixNumMax:
-			// negative fixnum
-			n.v = valueTypeInt
-			n.i = int64(int8(bd))
-		case bd == mpStr8, bd == mpStr16, bd == mpStr32, bd >= mpFixStrMin && bd <= mpFixStrMax:
-			if d.h.RawToString {
-				n.v = valueTypeString
-				n.s = d.DecodeString()
-			} else {
-				n.v = valueTypeBytes
-				n.l = d.DecodeBytes(nil, false)
-			}
-		case bd == mpBin8, bd == mpBin16, bd == mpBin32:
-			n.v = valueTypeBytes
-			n.l = d.DecodeBytes(nil, false)
-		case bd == mpArray16, bd == mpArray32, bd >= mpFixArrayMin && bd <= mpFixArrayMax:
-			n.v = valueTypeArray
-			decodeFurther = true
-		case bd == mpMap16, bd == mpMap32, bd >= mpFixMapMin && bd <= mpFixMapMax:
-			n.v = valueTypeMap
-			decodeFurther = true
-		case bd >= mpFixExt1 && bd <= mpFixExt16, bd >= mpExt8 && bd <= mpExt32:
-			n.v = valueTypeExt
-			clen := d.readExtLen()
-			n.u = uint64(d.r.readn1())
-			if n.u == uint64(mpTimeExtTagU) {
-				n.v = valueTypeTime
-				n.t = d.decodeTime(clen)
-			} else {
-				n.l = d.r.readx(clen)
-			}
-		default:
-			d.d.errorf("cannot infer value: %s: Ox%x/%d/%s", msgBadDesc, bd, bd, mpdesc(bd))
-		}
-	}
-	if !decodeFurther {
-		d.bdRead = false
-	}
-	if n.v == valueTypeUint && d.h.SignedInteger {
-		n.v = valueTypeInt
-		n.i = int64(n.u)
-	}
-	return
-}
-
-// int can be decoded from msgpack type: intXXX or uintXXX
-func (d *msgpackDecDriver) DecodeInt64() (i int64) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	switch d.bd {
-	case mpUint8:
-		i = int64(uint64(d.r.readn1()))
-	case mpUint16:
-		i = int64(uint64(bigen.Uint16(d.r.readx(2))))
-	case mpUint32:
-		i = int64(uint64(bigen.Uint32(d.r.readx(4))))
-	case mpUint64:
-		i = int64(bigen.Uint64(d.r.readx(8)))
-	case mpInt8:
-		i = int64(int8(d.r.readn1()))
-	case mpInt16:
-		i = int64(int16(bigen.Uint16(d.r.readx(2))))
-	case mpInt32:
-		i = int64(int32(bigen.Uint32(d.r.readx(4))))
-	case mpInt64:
-		i = int64(bigen.Uint64(d.r.readx(8)))
-	default:
-		switch {
-		case d.bd >= mpPosFixNumMin && d.bd <= mpPosFixNumMax:
-			i = int64(int8(d.bd))
-		case d.bd >= mpNegFixNumMin && d.bd <= mpNegFixNumMax:
-			i = int64(int8(d.bd))
-		default:
-			d.d.errorf("cannot decode signed integer: %s: %x/%s", msgBadDesc, d.bd, mpdesc(d.bd))
-			return
-		}
-	}
-	d.bdRead = false
-	return
-}
-
-// uint can be decoded from msgpack type: intXXX or uintXXX
-func (d *msgpackDecDriver) DecodeUint64() (ui uint64) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	switch d.bd {
-	case mpUint8:
-		ui = uint64(d.r.readn1())
-	case mpUint16:
-		ui = uint64(bigen.Uint16(d.r.readx(2)))
-	case mpUint32:
-		ui = uint64(bigen.Uint32(d.r.readx(4)))
-	case mpUint64:
-		ui = bigen.Uint64(d.r.readx(8))
-	case mpInt8:
-		if i := int64(int8(d.r.readn1())); i >= 0 {
-			ui = uint64(i)
-		} else {
-			d.d.errorf("assigning negative signed value: %v, to unsigned type", i)
-			return
-		}
-	case mpInt16:
-		if i := int64(int16(bigen.Uint16(d.r.readx(2)))); i >= 0 {
-			ui = uint64(i)
-		} else {
-			d.d.errorf("assigning negative signed value: %v, to unsigned type", i)
-			return
-		}
-	case mpInt32:
-		if i := int64(int32(bigen.Uint32(d.r.readx(4)))); i >= 0 {
-			ui = uint64(i)
-		} else {
-			d.d.errorf("assigning negative signed value: %v, to unsigned type", i)
-			return
-		}
-	case mpInt64:
-		if i := int64(bigen.Uint64(d.r.readx(8))); i >= 0 {
-			ui = uint64(i)
-		} else {
-			d.d.errorf("assigning negative signed value: %v, to unsigned type", i)
-			return
-		}
-	default:
-		switch {
-		case d.bd >= mpPosFixNumMin && d.bd <= mpPosFixNumMax:
-			ui = uint64(d.bd)
-		case d.bd >= mpNegFixNumMin && d.bd <= mpNegFixNumMax:
-			d.d.errorf("assigning negative signed value: %v, to unsigned type", int(d.bd))
-			return
-		default:
-			d.d.errorf("cannot decode unsigned integer: %s: %x/%s", msgBadDesc, d.bd, mpdesc(d.bd))
-			return
-		}
-	}
-	d.bdRead = false
-	return
-}
-
-// float can either be decoded from msgpack type: float, double or intX
-func (d *msgpackDecDriver) DecodeFloat64() (f float64) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == mpFloat {
-		f = float64(math.Float32frombits(bigen.Uint32(d.r.readx(4))))
-	} else if d.bd == mpDouble {
-		f = math.Float64frombits(bigen.Uint64(d.r.readx(8)))
-	} else {
-		f = float64(d.DecodeInt64())
-	}
-	d.bdRead = false
-	return
-}
-
-// bool can be decoded from bool, fixnum 0 or 1.
-func (d *msgpackDecDriver) DecodeBool() (b bool) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == mpFalse || d.bd == 0 {
-		// b = false
-	} else if d.bd == mpTrue || d.bd == 1 {
-		b = true
-	} else {
-		d.d.errorf("cannot decode bool: %s: %x/%s", msgBadDesc, d.bd, mpdesc(d.bd))
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *msgpackDecDriver) DecodeBytes(bs []byte, zerocopy bool) (bsOut []byte) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-
-	// check if an "array" of uint8's (see ContainerType for how to infer if an array)
-	bd := d.bd
-	// DecodeBytes could be from: bin str fixstr fixarray array ...
-	var clen int
-	vt := d.ContainerType()
-	switch vt {
-	case valueTypeBytes:
-		// valueTypeBytes may be a mpBin or an mpStr container
-		if bd == mpBin8 || bd == mpBin16 || bd == mpBin32 {
-			clen = d.readContainerLen(msgpackContainerBin)
-		} else {
-			clen = d.readContainerLen(msgpackContainerStr)
-		}
-	case valueTypeString:
-		clen = d.readContainerLen(msgpackContainerStr)
-	case valueTypeArray:
-		if zerocopy && len(bs) == 0 {
-			bs = d.d.b[:]
-		}
-		bsOut, _ = fastpathTV.DecSliceUint8V(bs, true, d.d)
-		return
-	default:
-		d.d.errorf("invalid container type: expecting bin|str|array, got: 0x%x", uint8(vt))
-		return
-	}
-
-	// these are (bin|str)(8|16|32)
-	d.bdRead = false
-	// bytes may be nil, so handle it. if nil, clen=-1.
-	if clen < 0 {
-		return nil
-	}
-	if zerocopy {
-		if d.br {
-			return d.r.readx(clen)
-		} else if len(bs) == 0 {
-			bs = d.d.b[:]
-		}
-	}
-	return decByteSlice(d.r, clen, d.h.MaxInitLen, bs)
-}
-
-func (d *msgpackDecDriver) DecodeString() (s string) {
-	return string(d.DecodeBytes(d.d.b[:], true))
-}
-
-func (d *msgpackDecDriver) DecodeStringAsBytes() (s []byte) {
-	return d.DecodeBytes(d.d.b[:], true)
-}
-
-func (d *msgpackDecDriver) readNextBd() {
-	d.bd = d.r.readn1()
-	d.bdRead = true
-}
-
-func (d *msgpackDecDriver) uncacheRead() {
-	if d.bdRead {
-		d.r.unreadn1()
-		d.bdRead = false
-	}
-}
-
-func (d *msgpackDecDriver) ContainerType() (vt valueType) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	bd := d.bd
-	if bd == mpNil {
-		return valueTypeNil
-	} else if bd == mpBin8 || bd == mpBin16 || bd == mpBin32 ||
-		(!d.h.RawToString &&
-			(bd == mpStr8 || bd == mpStr16 || bd == mpStr32 || (bd >= mpFixStrMin && bd <= mpFixStrMax))) {
-		return valueTypeBytes
-	} else if d.h.RawToString &&
-		(bd == mpStr8 || bd == mpStr16 || bd == mpStr32 || (bd >= mpFixStrMin && bd <= mpFixStrMax)) {
-		return valueTypeString
-	} else if bd == mpArray16 || bd == mpArray32 || (bd >= mpFixArrayMin && bd <= mpFixArrayMax) {
-		return valueTypeArray
-	} else if bd == mpMap16 || bd == mpMap32 || (bd >= mpFixMapMin && bd <= mpFixMapMax) {
-		return valueTypeMap
-	}
-	// else {
-	// d.d.errorf("isContainerType: unsupported parameter: %v", vt)
-	// }
-	return valueTypeUnset
-}
-
-func (d *msgpackDecDriver) TryDecodeAsNil() (v bool) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == mpNil {
-		d.bdRead = false
-		return true
-	}
-	return
-}
-
-func (d *msgpackDecDriver) readContainerLen(ct msgpackContainerType) (clen int) {
-	bd := d.bd
-	if bd == mpNil {
-		clen = -1 // to represent nil
-	} else if bd == ct.b8 {
-		clen = int(d.r.readn1())
-	} else if bd == ct.b16 {
-		clen = int(bigen.Uint16(d.r.readx(2)))
-	} else if bd == ct.b32 {
-		clen = int(bigen.Uint32(d.r.readx(4)))
-	} else if (ct.bFixMin & bd) == ct.bFixMin {
-		clen = int(ct.bFixMin ^ bd)
-	} else {
-		d.d.errorf("cannot read container length: %s: hex: %x, decimal: %d", msgBadDesc, bd, bd)
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *msgpackDecDriver) ReadMapStart() int {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	return d.readContainerLen(msgpackContainerMap)
-}
-
-func (d *msgpackDecDriver) ReadArrayStart() int {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	return d.readContainerLen(msgpackContainerList)
-}
-
-func (d *msgpackDecDriver) readExtLen() (clen int) {
-	switch d.bd {
-	case mpNil:
-		clen = -1 // to represent nil
-	case mpFixExt1:
-		clen = 1
-	case mpFixExt2:
-		clen = 2
-	case mpFixExt4:
-		clen = 4
-	case mpFixExt8:
-		clen = 8
-	case mpFixExt16:
-		clen = 16
-	case mpExt8:
-		clen = int(d.r.readn1())
-	case mpExt16:
-		clen = int(bigen.Uint16(d.r.readx(2)))
-	case mpExt32:
-		clen = int(bigen.Uint32(d.r.readx(4)))
-	default:
-		d.d.errorf("decoding ext bytes: found unexpected byte: %x", d.bd)
-		return
-	}
-	return
-}
-
-func (d *msgpackDecDriver) DecodeTime() (t time.Time) {
-	// decode time from string bytes or ext
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == mpNil {
-		d.bdRead = false
-		return
-	}
-	var clen int
-	switch d.ContainerType() {
-	case valueTypeBytes, valueTypeString:
-		clen = d.readContainerLen(msgpackContainerStr)
-	default:
-		// expect to see mpFixExt4,-1 OR mpFixExt8,-1 OR mpExt8,12,-1
-		d.bdRead = false
-		b2 := d.r.readn1()
-		if d.bd == mpFixExt4 && b2 == mpTimeExtTagU {
-			clen = 4
-		} else if d.bd == mpFixExt8 && b2 == mpTimeExtTagU {
-			clen = 8
-		} else if d.bd == mpExt8 && b2 == 12 && d.r.readn1() == mpTimeExtTagU {
-			clen = 12
-		} else {
-			d.d.errorf("invalid bytes for decoding time as extension: got 0x%x, 0x%x", d.bd, b2)
-			return
-		}
-	}
-	return d.decodeTime(clen)
-}
-
-func (d *msgpackDecDriver) decodeTime(clen int) (t time.Time) {
-	// bs = d.r.readx(clen)
-	d.bdRead = false
-	switch clen {
-	case 4:
-		t = time.Unix(int64(bigen.Uint32(d.r.readx(4))), 0).UTC()
-	case 8:
-		tv := bigen.Uint64(d.r.readx(8))
-		t = time.Unix(int64(tv&0x00000003ffffffff), int64(tv>>34)).UTC()
-	case 12:
-		nsec := bigen.Uint32(d.r.readx(4))
-		sec := bigen.Uint64(d.r.readx(8))
-		t = time.Unix(int64(sec), int64(nsec)).UTC()
-	default:
-		d.d.errorf("invalid length of bytes for decoding time - expecting 4 or 8 or 12, got %d", clen)
-		return
-	}
-	return
-}
-
-func (d *msgpackDecDriver) DecodeExt(rv interface{}, xtag uint64, ext Ext) (realxtag uint64) {
-	if xtag > 0xff {
-		d.d.errorf("ext: tag must be <= 0xff; got: %v", xtag)
-		return
-	}
-	realxtag1, xbs := d.decodeExtV(ext != nil, uint8(xtag))
-	realxtag = uint64(realxtag1)
-	if ext == nil {
-		re := rv.(*RawExt)
-		re.Tag = realxtag
-		re.Data = detachZeroCopyBytes(d.br, re.Data, xbs)
-	} else {
-		ext.ReadExt(rv, xbs)
-	}
-	return
-}
-
-func (d *msgpackDecDriver) decodeExtV(verifyTag bool, tag byte) (xtag byte, xbs []byte) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	xbd := d.bd
-	if xbd == mpBin8 || xbd == mpBin16 || xbd == mpBin32 {
-		xbs = d.DecodeBytes(nil, true)
-	} else if xbd == mpStr8 || xbd == mpStr16 || xbd == mpStr32 ||
-		(xbd >= mpFixStrMin && xbd <= mpFixStrMax) {
-		xbs = d.DecodeStringAsBytes()
-	} else {
-		clen := d.readExtLen()
-		xtag = d.r.readn1()
-		if verifyTag && xtag != tag {
-			d.d.errorf("wrong extension tag - got %b, expecting %v", xtag, tag)
-			return
-		}
-		xbs = d.r.readx(clen)
-	}
-	d.bdRead = false
-	return
-}
-
-//--------------------------------------------------
-
-//MsgpackHandle is a Handle for the Msgpack Schema-Free Encoding Format.
-type MsgpackHandle struct {
-	BasicHandle
-
-	// RawToString controls how raw bytes are decoded into a nil interface{}.
-	RawToString bool
-
-	// NoFixedNum says to output all signed integers as 2-bytes, never as 1-byte fixednum.
-	NoFixedNum bool
-
-	// WriteExt flag supports encoding configured extensions with extension tags.
-	// It also controls whether other elements of the new spec are encoded (ie Str8).
-	//
-	// With WriteExt=false, configured extensions are serialized as raw bytes
-	// and Str8 is not encoded.
-	//
-	// A stream can still be decoded into a typed value, provided an appropriate value
-	// is provided, but the type cannot be inferred from the stream. If no appropriate
-	// type is provided (e.g. decoding into a nil interface{}), you get back
-	// a []byte or string based on the setting of RawToString.
-	WriteExt bool
-
-	binaryEncodingType
-	noElemSeparators
-
-	// _ [1]uint64 // padding
-}
-
-// Name returns the name of the handle: msgpack
-func (h *MsgpackHandle) Name() string { return "msgpack" }
-
-// SetBytesExt sets an extension
-func (h *MsgpackHandle) SetBytesExt(rt reflect.Type, tag uint64, ext BytesExt) (err error) {
-	return h.SetExt(rt, tag, &extWrapper{ext, interfaceExtFailer{}})
-}
-
-func (h *MsgpackHandle) newEncDriver(e *Encoder) encDriver {
-	return &msgpackEncDriver{e: e, w: e.w, h: h}
-}
-
-func (h *MsgpackHandle) newDecDriver(d *Decoder) decDriver {
-	return &msgpackDecDriver{d: d, h: h, r: d.r, br: d.bytes}
-}
-
-func (e *msgpackEncDriver) reset() {
-	e.w = e.e.w
-}
-
-func (d *msgpackDecDriver) reset() {
-	d.r, d.br = d.d.r, d.d.bytes
-	d.bd, d.bdRead = 0, false
-}
-
-//--------------------------------------------------
-
-type msgpackSpecRpcCodec struct {
-	rpcCodec
-}
-
-// /////////////// Spec RPC Codec ///////////////////
-func (c *msgpackSpecRpcCodec) WriteRequest(r *rpc.Request, body interface{}) error {
-	// WriteRequest can write to both a Go service, and other services that do
-	// not abide by the 1 argument rule of a Go service.
-	// We discriminate based on if the body is a MsgpackSpecRpcMultiArgs
-	var bodyArr []interface{}
-	if m, ok := body.(MsgpackSpecRpcMultiArgs); ok {
-		bodyArr = ([]interface{})(m)
-	} else {
-		bodyArr = []interface{}{body}
-	}
-	r2 := []interface{}{0, uint32(r.Seq), r.ServiceMethod, bodyArr}
-	return c.write(r2, nil, false)
-}
-
-func (c *msgpackSpecRpcCodec) WriteResponse(r *rpc.Response, body interface{}) error {
-	var moe interface{}
-	if r.Error != "" {
-		moe = r.Error
-	}
-	if moe != nil && body != nil {
-		body = nil
-	}
-	r2 := []interface{}{1, uint32(r.Seq), moe, body}
-	return c.write(r2, nil, false)
-}
-
-func (c *msgpackSpecRpcCodec) ReadResponseHeader(r *rpc.Response) error {
-	return c.parseCustomHeader(1, &r.Seq, &r.Error)
-}
-
-func (c *msgpackSpecRpcCodec) ReadRequestHeader(r *rpc.Request) error {
-	return c.parseCustomHeader(0, &r.Seq, &r.ServiceMethod)
-}
-
-func (c *msgpackSpecRpcCodec) ReadRequestBody(body interface{}) error {
-	if body == nil { // read and discard
-		return c.read(nil)
-	}
-	bodyArr := []interface{}{body}
-	return c.read(&bodyArr)
-}
-
-func (c *msgpackSpecRpcCodec) parseCustomHeader(expectTypeByte byte, msgid *uint64, methodOrError *string) (err error) {
-	if c.isClosed() {
-		return io.EOF
-	}
-
-	// We read the response header by hand
-	// so that the body can be decoded on its own from the stream at a later time.
-
-	const fia byte = 0x94 //four item array descriptor value
-	// Not sure why the panic of EOF is swallowed above.
-	// if bs1 := c.dec.r.readn1(); bs1 != fia {
-	// 	err = fmt.Errorf("Unexpected value for array descriptor: Expecting %v. Received %v", fia, bs1)
-	// 	return
-	// }
-	var ba [1]byte
-	var n int
-	for {
-		n, err = c.r.Read(ba[:])
-		if err != nil {
-			return
-		}
-		if n == 1 {
-			break
-		}
-	}
-
-	var b = ba[0]
-	if b != fia {
-		err = fmt.Errorf("not array - %s %x/%s", msgBadDesc, b, mpdesc(b))
-	} else {
-		err = c.read(&b)
-		if err == nil {
-			if b != expectTypeByte {
-				err = fmt.Errorf("%s - expecting %v but got %x/%s",
-					msgBadDesc, expectTypeByte, b, mpdesc(b))
-			} else {
-				err = c.read(msgid)
-				if err == nil {
-					err = c.read(methodOrError)
-				}
-			}
-		}
-	}
-	return
-}
-
-//--------------------------------------------------
-
-// msgpackSpecRpc is the implementation of Rpc that uses custom communication protocol
-// as defined in the msgpack spec at https://github.com/msgpack-rpc/msgpack-rpc/blob/master/spec.md
-type msgpackSpecRpc struct{}
-
-// MsgpackSpecRpc implements Rpc using the communication protocol defined in
-// the msgpack spec at https://github.com/msgpack-rpc/msgpack-rpc/blob/master/spec.md .
-//
-// See GoRpc documentation, for information on buffering for better performance.
-var MsgpackSpecRpc msgpackSpecRpc
-
-func (x msgpackSpecRpc) ServerCodec(conn io.ReadWriteCloser, h Handle) rpc.ServerCodec {
-	return &msgpackSpecRpcCodec{newRPCCodec(conn, h)}
-}
-
-func (x msgpackSpecRpc) ClientCodec(conn io.ReadWriteCloser, h Handle) rpc.ClientCodec {
-	return &msgpackSpecRpcCodec{newRPCCodec(conn, h)}
-}
-
-var _ decDriver = (*msgpackDecDriver)(nil)
-var _ encDriver = (*msgpackEncDriver)(nil)
diff --git a/vendor/github.com/ugorji/go/codec/rpc.go b/vendor/github.com/ugorji/go/codec/rpc.go
deleted file mode 100644
index 9fb3c01498216..0000000000000
--- a/vendor/github.com/ugorji/go/codec/rpc.go
+++ /dev/null
@@ -1,232 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"bufio"
-	"errors"
-	"io"
-	"net/rpc"
-	"sync"
-)
-
-// Rpc provides a rpc Server or Client Codec for rpc communication.
-type Rpc interface {
-	ServerCodec(conn io.ReadWriteCloser, h Handle) rpc.ServerCodec
-	ClientCodec(conn io.ReadWriteCloser, h Handle) rpc.ClientCodec
-}
-
-// RPCOptions holds options specific to rpc functionality
-type RPCOptions struct {
-	// RPCNoBuffer configures whether we attempt to buffer reads and writes during RPC calls.
-	//
-	// Set RPCNoBuffer=true to turn buffering off.
-	// Buffering can still be done if buffered connections are passed in, or
-	// buffering is configured on the handle.
-	RPCNoBuffer bool
-}
-
-// rpcCodec defines the struct members and common methods.
-type rpcCodec struct {
-	c io.Closer
-	r io.Reader
-	w io.Writer
-	f ioFlusher
-
-	dec *Decoder
-	enc *Encoder
-	// bw  *bufio.Writer
-	// br  *bufio.Reader
-	mu sync.Mutex
-	h  Handle
-
-	cls    bool
-	clsmu  sync.RWMutex
-	clsErr error
-}
-
-func newRPCCodec(conn io.ReadWriteCloser, h Handle) rpcCodec {
-	// return newRPCCodec2(bufio.NewReader(conn), bufio.NewWriter(conn), conn, h)
-	return newRPCCodec2(conn, conn, conn, h)
-}
-
-func newRPCCodec2(r io.Reader, w io.Writer, c io.Closer, h Handle) rpcCodec {
-	// defensive: ensure that jsonH has TermWhitespace turned on.
-	if jsonH, ok := h.(*JsonHandle); ok && !jsonH.TermWhitespace {
-		panic(errors.New("rpc requires a JsonHandle with TermWhitespace set to true"))
-	}
-	// always ensure that we use a flusher, and always flush what was written to the connection.
-	// we lose nothing by using a buffered writer internally.
-	f, ok := w.(ioFlusher)
-	bh := h.getBasicHandle()
-	if !bh.RPCNoBuffer {
-		if bh.WriterBufferSize <= 0 {
-			if !ok {
-				bw := bufio.NewWriter(w)
-				f, w = bw, bw
-			}
-		}
-		if bh.ReaderBufferSize <= 0 {
-			if _, ok = w.(ioPeeker); !ok {
-				if _, ok = w.(ioBuffered); !ok {
-					br := bufio.NewReader(r)
-					r = br
-				}
-			}
-		}
-	}
-	return rpcCodec{
-		c:   c,
-		w:   w,
-		r:   r,
-		f:   f,
-		h:   h,
-		enc: NewEncoder(w, h),
-		dec: NewDecoder(r, h),
-	}
-}
-
-func (c *rpcCodec) write(obj1, obj2 interface{}, writeObj2 bool) (err error) {
-	if c.isClosed() {
-		return c.clsErr
-	}
-	err = c.enc.Encode(obj1)
-	if err == nil {
-		if writeObj2 {
-			err = c.enc.Encode(obj2)
-		}
-		// if err == nil && c.f != nil {
-		// 	err = c.f.Flush()
-		// }
-	}
-	if c.f != nil {
-		if err == nil {
-			err = c.f.Flush()
-		} else {
-			_ = c.f.Flush() // swallow flush error, so we maintain prior error on write
-		}
-	}
-	return
-}
-
-func (c *rpcCodec) swallow(err *error) {
-	defer panicToErr(c.dec, err)
-	c.dec.swallow()
-}
-
-func (c *rpcCodec) read(obj interface{}) (err error) {
-	if c.isClosed() {
-		return c.clsErr
-	}
-	//If nil is passed in, we should read and discard
-	if obj == nil {
-		// var obj2 interface{}
-		// return c.dec.Decode(&obj2)
-		c.swallow(&err)
-		return
-	}
-	return c.dec.Decode(obj)
-}
-
-func (c *rpcCodec) isClosed() (b bool) {
-	if c.c != nil {
-		c.clsmu.RLock()
-		b = c.cls
-		c.clsmu.RUnlock()
-	}
-	return
-}
-
-func (c *rpcCodec) Close() error {
-	if c.c == nil || c.isClosed() {
-		return c.clsErr
-	}
-	c.clsmu.Lock()
-	c.cls = true
-	c.clsErr = c.c.Close()
-	c.clsmu.Unlock()
-	return c.clsErr
-}
-
-func (c *rpcCodec) ReadResponseBody(body interface{}) error {
-	return c.read(body)
-}
-
-// -------------------------------------
-
-type goRpcCodec struct {
-	rpcCodec
-}
-
-func (c *goRpcCodec) WriteRequest(r *rpc.Request, body interface{}) error {
-	// Must protect for concurrent access as per API
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	return c.write(r, body, true)
-}
-
-func (c *goRpcCodec) WriteResponse(r *rpc.Response, body interface{}) error {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	return c.write(r, body, true)
-}
-
-func (c *goRpcCodec) ReadResponseHeader(r *rpc.Response) error {
-	return c.read(r)
-}
-
-func (c *goRpcCodec) ReadRequestHeader(r *rpc.Request) error {
-	return c.read(r)
-}
-
-func (c *goRpcCodec) ReadRequestBody(body interface{}) error {
-	return c.read(body)
-}
-
-// -------------------------------------
-
-// goRpc is the implementation of Rpc that uses the communication protocol
-// as defined in net/rpc package.
-type goRpc struct{}
-
-// GoRpc implements Rpc using the communication protocol defined in net/rpc package.
-//
-// Note: network connection (from net.Dial, of type io.ReadWriteCloser) is not buffered.
-//
-// For performance, you should configure WriterBufferSize and ReaderBufferSize on the handle.
-// This ensures we use an adequate buffer during reading and writing.
-// If not configured, we will internally initialize and use a buffer during reads and writes.
-// This can be turned off via the RPCNoBuffer option on the Handle.
-//   var handle codec.JsonHandle
-//   handle.RPCNoBuffer = true // turns off attempt by rpc module to initialize a buffer
-//
-// Example 1: one way of configuring buffering explicitly:
-//   var handle codec.JsonHandle // codec handle
-//   handle.ReaderBufferSize = 1024
-//   handle.WriterBufferSize = 1024
-//   var conn io.ReadWriteCloser // connection got from a socket
-//   var serverCodec = GoRpc.ServerCodec(conn, handle)
-//   var clientCodec = GoRpc.ClientCodec(conn, handle)
-//
-// Example 2: you can also explicitly create a buffered connection yourself,
-// and not worry about configuring the buffer sizes in the Handle.
-//   var handle codec.Handle     // codec handle
-//   var conn io.ReadWriteCloser // connection got from a socket
-//   var bufconn = struct {      // bufconn here is a buffered io.ReadWriteCloser
-//       io.Closer
-//       *bufio.Reader
-//       *bufio.Writer
-//   }{conn, bufio.NewReader(conn), bufio.NewWriter(conn)}
-//   var serverCodec = GoRpc.ServerCodec(bufconn, handle)
-//   var clientCodec = GoRpc.ClientCodec(bufconn, handle)
-//
-var GoRpc goRpc
-
-func (x goRpc) ServerCodec(conn io.ReadWriteCloser, h Handle) rpc.ServerCodec {
-	return &goRpcCodec{newRPCCodec(conn, h)}
-}
-
-func (x goRpc) ClientCodec(conn io.ReadWriteCloser, h Handle) rpc.ClientCodec {
-	return &goRpcCodec{newRPCCodec(conn, h)}
-}
diff --git a/vendor/github.com/ugorji/go/codec/simple.go b/vendor/github.com/ugorji/go/codec/simple.go
deleted file mode 100644
index f1e181ef31dce..0000000000000
--- a/vendor/github.com/ugorji/go/codec/simple.go
+++ /dev/null
@@ -1,652 +0,0 @@
-// Copyright (c) 2012-2018 Ugorji Nwoke. All rights reserved.
-// Use of this source code is governed by a MIT license found in the LICENSE file.
-
-package codec
-
-import (
-	"math"
-	"reflect"
-	"time"
-)
-
-const (
-	_               uint8 = iota
-	simpleVdNil           = 1
-	simpleVdFalse         = 2
-	simpleVdTrue          = 3
-	simpleVdFloat32       = 4
-	simpleVdFloat64       = 5
-
-	// each lasts for 4 (ie n, n+1, n+2, n+3)
-	simpleVdPosInt = 8
-	simpleVdNegInt = 12
-
-	simpleVdTime = 24
-
-	// containers: each lasts for 4 (ie n, n+1, n+2, ... n+7)
-	simpleVdString    = 216
-	simpleVdByteArray = 224
-	simpleVdArray     = 232
-	simpleVdMap       = 240
-	simpleVdExt       = 248
-)
-
-type simpleEncDriver struct {
-	noBuiltInTypes
-	// encNoSeparator
-	e *Encoder
-	h *SimpleHandle
-	w encWriter
-	b [8]byte
-	// c containerState
-	encDriverTrackContainerWriter
-	// encDriverNoopContainerWriter
-	_ [2]uint64 // padding
-}
-
-func (e *simpleEncDriver) EncodeNil() {
-	e.w.writen1(simpleVdNil)
-}
-
-func (e *simpleEncDriver) EncodeBool(b bool) {
-	if e.h.EncZeroValuesAsNil && e.c != containerMapKey && !b {
-		e.EncodeNil()
-		return
-	}
-	if b {
-		e.w.writen1(simpleVdTrue)
-	} else {
-		e.w.writen1(simpleVdFalse)
-	}
-}
-
-func (e *simpleEncDriver) EncodeFloat32(f float32) {
-	if e.h.EncZeroValuesAsNil && e.c != containerMapKey && f == 0.0 {
-		e.EncodeNil()
-		return
-	}
-	e.w.writen1(simpleVdFloat32)
-	bigenHelper{e.b[:4], e.w}.writeUint32(math.Float32bits(f))
-}
-
-func (e *simpleEncDriver) EncodeFloat64(f float64) {
-	if e.h.EncZeroValuesAsNil && e.c != containerMapKey && f == 0.0 {
-		e.EncodeNil()
-		return
-	}
-	e.w.writen1(simpleVdFloat64)
-	bigenHelper{e.b[:8], e.w}.writeUint64(math.Float64bits(f))
-}
-
-func (e *simpleEncDriver) EncodeInt(v int64) {
-	if v < 0 {
-		e.encUint(uint64(-v), simpleVdNegInt)
-	} else {
-		e.encUint(uint64(v), simpleVdPosInt)
-	}
-}
-
-func (e *simpleEncDriver) EncodeUint(v uint64) {
-	e.encUint(v, simpleVdPosInt)
-}
-
-func (e *simpleEncDriver) encUint(v uint64, bd uint8) {
-	if e.h.EncZeroValuesAsNil && e.c != containerMapKey && v == 0 {
-		e.EncodeNil()
-		return
-	}
-	if v <= math.MaxUint8 {
-		e.w.writen2(bd, uint8(v))
-	} else if v <= math.MaxUint16 {
-		e.w.writen1(bd + 1)
-		bigenHelper{e.b[:2], e.w}.writeUint16(uint16(v))
-	} else if v <= math.MaxUint32 {
-		e.w.writen1(bd + 2)
-		bigenHelper{e.b[:4], e.w}.writeUint32(uint32(v))
-	} else { // if v <= math.MaxUint64 {
-		e.w.writen1(bd + 3)
-		bigenHelper{e.b[:8], e.w}.writeUint64(v)
-	}
-}
-
-func (e *simpleEncDriver) encLen(bd byte, length int) {
-	if length == 0 {
-		e.w.writen1(bd)
-	} else if length <= math.MaxUint8 {
-		e.w.writen1(bd + 1)
-		e.w.writen1(uint8(length))
-	} else if length <= math.MaxUint16 {
-		e.w.writen1(bd + 2)
-		bigenHelper{e.b[:2], e.w}.writeUint16(uint16(length))
-	} else if int64(length) <= math.MaxUint32 {
-		e.w.writen1(bd + 3)
-		bigenHelper{e.b[:4], e.w}.writeUint32(uint32(length))
-	} else {
-		e.w.writen1(bd + 4)
-		bigenHelper{e.b[:8], e.w}.writeUint64(uint64(length))
-	}
-}
-
-func (e *simpleEncDriver) EncodeExt(rv interface{}, xtag uint64, ext Ext, _ *Encoder) {
-	bs := ext.WriteExt(rv)
-	if bs == nil {
-		e.EncodeNil()
-		return
-	}
-	e.encodeExtPreamble(uint8(xtag), len(bs))
-	e.w.writeb(bs)
-}
-
-func (e *simpleEncDriver) EncodeRawExt(re *RawExt, _ *Encoder) {
-	e.encodeExtPreamble(uint8(re.Tag), len(re.Data))
-	e.w.writeb(re.Data)
-}
-
-func (e *simpleEncDriver) encodeExtPreamble(xtag byte, length int) {
-	e.encLen(simpleVdExt, length)
-	e.w.writen1(xtag)
-}
-
-func (e *simpleEncDriver) WriteArrayStart(length int) {
-	e.c = containerArrayStart
-	e.encLen(simpleVdArray, length)
-}
-
-func (e *simpleEncDriver) WriteMapStart(length int) {
-	e.c = containerMapStart
-	e.encLen(simpleVdMap, length)
-}
-
-func (e *simpleEncDriver) EncodeString(c charEncoding, v string) {
-	if false && e.h.EncZeroValuesAsNil && e.c != containerMapKey && v == "" {
-		e.EncodeNil()
-		return
-	}
-	e.encLen(simpleVdString, len(v))
-	e.w.writestr(v)
-}
-
-// func (e *simpleEncDriver) EncodeSymbol(v string) {
-// 	e.EncodeString(cUTF8, v)
-// }
-
-func (e *simpleEncDriver) EncodeStringBytes(c charEncoding, v []byte) {
-	// if e.h.EncZeroValuesAsNil && e.c != containerMapKey && v == nil {
-	if v == nil {
-		e.EncodeNil()
-		return
-	}
-	e.encLen(simpleVdByteArray, len(v))
-	e.w.writeb(v)
-}
-
-func (e *simpleEncDriver) EncodeTime(t time.Time) {
-	// if e.h.EncZeroValuesAsNil && e.c != containerMapKey && t.IsZero() {
-	if t.IsZero() {
-		e.EncodeNil()
-		return
-	}
-	v, err := t.MarshalBinary()
-	if err != nil {
-		e.e.errorv(err)
-		return
-	}
-	// time.Time marshalbinary takes about 14 bytes.
-	e.w.writen2(simpleVdTime, uint8(len(v)))
-	e.w.writeb(v)
-}
-
-//------------------------------------
-
-type simpleDecDriver struct {
-	d      *Decoder
-	h      *SimpleHandle
-	r      decReader
-	bdRead bool
-	bd     byte
-	br     bool // a bytes reader?
-	c      containerState
-	// b      [scratchByteArrayLen]byte
-	noBuiltInTypes
-	// noStreamingCodec
-	decDriverNoopContainerReader
-	_ [3]uint64 // padding
-}
-
-func (d *simpleDecDriver) readNextBd() {
-	d.bd = d.r.readn1()
-	d.bdRead = true
-}
-
-func (d *simpleDecDriver) uncacheRead() {
-	if d.bdRead {
-		d.r.unreadn1()
-		d.bdRead = false
-	}
-}
-
-func (d *simpleDecDriver) ContainerType() (vt valueType) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	switch d.bd {
-	case simpleVdNil:
-		return valueTypeNil
-	case simpleVdByteArray, simpleVdByteArray + 1,
-		simpleVdByteArray + 2, simpleVdByteArray + 3, simpleVdByteArray + 4:
-		return valueTypeBytes
-	case simpleVdString, simpleVdString + 1,
-		simpleVdString + 2, simpleVdString + 3, simpleVdString + 4:
-		return valueTypeString
-	case simpleVdArray, simpleVdArray + 1,
-		simpleVdArray + 2, simpleVdArray + 3, simpleVdArray + 4:
-		return valueTypeArray
-	case simpleVdMap, simpleVdMap + 1,
-		simpleVdMap + 2, simpleVdMap + 3, simpleVdMap + 4:
-		return valueTypeMap
-		// case simpleVdTime:
-		// 	return valueTypeTime
-	}
-	// else {
-	// d.d.errorf("isContainerType: unsupported parameter: %v", vt)
-	// }
-	return valueTypeUnset
-}
-
-func (d *simpleDecDriver) TryDecodeAsNil() bool {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == simpleVdNil {
-		d.bdRead = false
-		return true
-	}
-	return false
-}
-
-func (d *simpleDecDriver) decCheckInteger() (ui uint64, neg bool) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	switch d.bd {
-	case simpleVdPosInt:
-		ui = uint64(d.r.readn1())
-	case simpleVdPosInt + 1:
-		ui = uint64(bigen.Uint16(d.r.readx(2)))
-	case simpleVdPosInt + 2:
-		ui = uint64(bigen.Uint32(d.r.readx(4)))
-	case simpleVdPosInt + 3:
-		ui = uint64(bigen.Uint64(d.r.readx(8)))
-	case simpleVdNegInt:
-		ui = uint64(d.r.readn1())
-		neg = true
-	case simpleVdNegInt + 1:
-		ui = uint64(bigen.Uint16(d.r.readx(2)))
-		neg = true
-	case simpleVdNegInt + 2:
-		ui = uint64(bigen.Uint32(d.r.readx(4)))
-		neg = true
-	case simpleVdNegInt + 3:
-		ui = uint64(bigen.Uint64(d.r.readx(8)))
-		neg = true
-	default:
-		d.d.errorf("integer only valid from pos/neg integer1..8. Invalid descriptor: %v", d.bd)
-		return
-	}
-	// don't do this check, because callers may only want the unsigned value.
-	// if ui > math.MaxInt64 {
-	// 	d.d.errorf("decIntAny: Integer out of range for signed int64: %v", ui)
-	//		return
-	// }
-	return
-}
-
-func (d *simpleDecDriver) DecodeInt64() (i int64) {
-	ui, neg := d.decCheckInteger()
-	i = chkOvf.SignedIntV(ui)
-	if neg {
-		i = -i
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *simpleDecDriver) DecodeUint64() (ui uint64) {
-	ui, neg := d.decCheckInteger()
-	if neg {
-		d.d.errorf("assigning negative signed value to unsigned type")
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *simpleDecDriver) DecodeFloat64() (f float64) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == simpleVdFloat32 {
-		f = float64(math.Float32frombits(bigen.Uint32(d.r.readx(4))))
-	} else if d.bd == simpleVdFloat64 {
-		f = math.Float64frombits(bigen.Uint64(d.r.readx(8)))
-	} else {
-		if d.bd >= simpleVdPosInt && d.bd <= simpleVdNegInt+3 {
-			f = float64(d.DecodeInt64())
-		} else {
-			d.d.errorf("float only valid from float32/64: Invalid descriptor: %v", d.bd)
-			return
-		}
-	}
-	d.bdRead = false
-	return
-}
-
-// bool can be decoded from bool only (single byte).
-func (d *simpleDecDriver) DecodeBool() (b bool) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == simpleVdTrue {
-		b = true
-	} else if d.bd == simpleVdFalse {
-	} else {
-		d.d.errorf("cannot decode bool - %s: %x", msgBadDesc, d.bd)
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *simpleDecDriver) ReadMapStart() (length int) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	d.bdRead = false
-	d.c = containerMapStart
-	return d.decLen()
-}
-
-func (d *simpleDecDriver) ReadArrayStart() (length int) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	d.bdRead = false
-	d.c = containerArrayStart
-	return d.decLen()
-}
-
-func (d *simpleDecDriver) ReadArrayElem() {
-	d.c = containerArrayElem
-}
-
-func (d *simpleDecDriver) ReadArrayEnd() {
-	d.c = containerArrayEnd
-}
-
-func (d *simpleDecDriver) ReadMapElemKey() {
-	d.c = containerMapKey
-}
-
-func (d *simpleDecDriver) ReadMapElemValue() {
-	d.c = containerMapValue
-}
-
-func (d *simpleDecDriver) ReadMapEnd() {
-	d.c = containerMapEnd
-}
-
-func (d *simpleDecDriver) decLen() int {
-	switch d.bd % 8 {
-	case 0:
-		return 0
-	case 1:
-		return int(d.r.readn1())
-	case 2:
-		return int(bigen.Uint16(d.r.readx(2)))
-	case 3:
-		ui := uint64(bigen.Uint32(d.r.readx(4)))
-		if chkOvf.Uint(ui, intBitsize) {
-			d.d.errorf("overflow integer: %v", ui)
-			return 0
-		}
-		return int(ui)
-	case 4:
-		ui := bigen.Uint64(d.r.readx(8))
-		if chkOvf.Uint(ui, intBitsize) {
-			d.d.errorf("overflow integer: %v", ui)
-			return 0
-		}
-		return int(ui)
-	}
-	d.d.errorf("cannot read length: bd%%8 must be in range 0..4. Got: %d", d.bd%8)
-	return -1
-}
-
-func (d *simpleDecDriver) DecodeString() (s string) {
-	return string(d.DecodeBytes(d.d.b[:], true))
-}
-
-func (d *simpleDecDriver) DecodeStringAsBytes() (s []byte) {
-	return d.DecodeBytes(d.d.b[:], true)
-}
-
-func (d *simpleDecDriver) DecodeBytes(bs []byte, zerocopy bool) (bsOut []byte) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == simpleVdNil {
-		d.bdRead = false
-		return
-	}
-	// check if an "array" of uint8's (see ContainerType for how to infer if an array)
-	if d.bd >= simpleVdArray && d.bd <= simpleVdMap+4 {
-		if len(bs) == 0 && zerocopy {
-			bs = d.d.b[:]
-		}
-		bsOut, _ = fastpathTV.DecSliceUint8V(bs, true, d.d)
-		return
-	}
-
-	clen := d.decLen()
-	d.bdRead = false
-	if zerocopy {
-		if d.br {
-			return d.r.readx(clen)
-		} else if len(bs) == 0 {
-			bs = d.d.b[:]
-		}
-	}
-	return decByteSlice(d.r, clen, d.d.h.MaxInitLen, bs)
-}
-
-func (d *simpleDecDriver) DecodeTime() (t time.Time) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	if d.bd == simpleVdNil {
-		d.bdRead = false
-		return
-	}
-	if d.bd != simpleVdTime {
-		d.d.errorf("invalid descriptor for time.Time - expect 0x%x, received 0x%x", simpleVdTime, d.bd)
-		return
-	}
-	d.bdRead = false
-	clen := int(d.r.readn1())
-	b := d.r.readx(clen)
-	if err := (&t).UnmarshalBinary(b); err != nil {
-		d.d.errorv(err)
-	}
-	return
-}
-
-func (d *simpleDecDriver) DecodeExt(rv interface{}, xtag uint64, ext Ext) (realxtag uint64) {
-	if xtag > 0xff {
-		d.d.errorf("ext: tag must be <= 0xff; got: %v", xtag)
-		return
-	}
-	realxtag1, xbs := d.decodeExtV(ext != nil, uint8(xtag))
-	realxtag = uint64(realxtag1)
-	if ext == nil {
-		re := rv.(*RawExt)
-		re.Tag = realxtag
-		re.Data = detachZeroCopyBytes(d.br, re.Data, xbs)
-	} else {
-		ext.ReadExt(rv, xbs)
-	}
-	return
-}
-
-func (d *simpleDecDriver) decodeExtV(verifyTag bool, tag byte) (xtag byte, xbs []byte) {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-	switch d.bd {
-	case simpleVdExt, simpleVdExt + 1, simpleVdExt + 2, simpleVdExt + 3, simpleVdExt + 4:
-		l := d.decLen()
-		xtag = d.r.readn1()
-		if verifyTag && xtag != tag {
-			d.d.errorf("wrong extension tag. Got %b. Expecting: %v", xtag, tag)
-			return
-		}
-		xbs = d.r.readx(l)
-	case simpleVdByteArray, simpleVdByteArray + 1,
-		simpleVdByteArray + 2, simpleVdByteArray + 3, simpleVdByteArray + 4:
-		xbs = d.DecodeBytes(nil, true)
-	default:
-		d.d.errorf("ext - %s - expecting extensions/bytearray, got: 0x%x", msgBadDesc, d.bd)
-		return
-	}
-	d.bdRead = false
-	return
-}
-
-func (d *simpleDecDriver) DecodeNaked() {
-	if !d.bdRead {
-		d.readNextBd()
-	}
-
-	n := d.d.n
-	var decodeFurther bool
-
-	switch d.bd {
-	case simpleVdNil:
-		n.v = valueTypeNil
-	case simpleVdFalse:
-		n.v = valueTypeBool
-		n.b = false
-	case simpleVdTrue:
-		n.v = valueTypeBool
-		n.b = true
-	case simpleVdPosInt, simpleVdPosInt + 1, simpleVdPosInt + 2, simpleVdPosInt + 3:
-		if d.h.SignedInteger {
-			n.v = valueTypeInt
-			n.i = d.DecodeInt64()
-		} else {
-			n.v = valueTypeUint
-			n.u = d.DecodeUint64()
-		}
-	case simpleVdNegInt, simpleVdNegInt + 1, simpleVdNegInt + 2, simpleVdNegInt + 3:
-		n.v = valueTypeInt
-		n.i = d.DecodeInt64()
-	case simpleVdFloat32:
-		n.v = valueTypeFloat
-		n.f = d.DecodeFloat64()
-	case simpleVdFloat64:
-		n.v = valueTypeFloat
-		n.f = d.DecodeFloat64()
-	case simpleVdTime:
-		n.v = valueTypeTime
-		n.t = d.DecodeTime()
-	case simpleVdString, simpleVdString + 1,
-		simpleVdString + 2, simpleVdString + 3, simpleVdString + 4:
-		n.v = valueTypeString
-		n.s = d.DecodeString()
-	case simpleVdByteArray, simpleVdByteArray + 1,
-		simpleVdByteArray + 2, simpleVdByteArray + 3, simpleVdByteArray + 4:
-		n.v = valueTypeBytes
-		n.l = d.DecodeBytes(nil, false)
-	case simpleVdExt, simpleVdExt + 1, simpleVdExt + 2, simpleVdExt + 3, simpleVdExt + 4:
-		n.v = valueTypeExt
-		l := d.decLen()
-		n.u = uint64(d.r.readn1())
-		n.l = d.r.readx(l)
-	case simpleVdArray, simpleVdArray + 1, simpleVdArray + 2,
-		simpleVdArray + 3, simpleVdArray + 4:
-		n.v = valueTypeArray
-		decodeFurther = true
-	case simpleVdMap, simpleVdMap + 1, simpleVdMap + 2, simpleVdMap + 3, simpleVdMap + 4:
-		n.v = valueTypeMap
-		decodeFurther = true
-	default:
-		d.d.errorf("cannot infer value - %s 0x%x", msgBadDesc, d.bd)
-	}
-
-	if !decodeFurther {
-		d.bdRead = false
-	}
-	return
-}
-
-//------------------------------------
-
-// SimpleHandle is a Handle for a very simple encoding format.
-//
-// simple is a simplistic codec similar to binc, but not as compact.
-//   - Encoding of a value is always preceded by the descriptor byte (bd)
-//   - True, false, nil are encoded fully in 1 byte (the descriptor)
-//   - Integers (intXXX, uintXXX) are encoded in 1, 2, 4 or 8 bytes (plus a descriptor byte).
-//     There are positive (uintXXX and intXXX >= 0) and negative (intXXX < 0) integers.
-//   - Floats are encoded in 4 or 8 bytes (plus a descriptor byte)
-//   - Length of containers (strings, bytes, array, map, extensions)
-//     are encoded in 0, 1, 2, 4 or 8 bytes.
-//     Zero-length containers have no length encoded.
-//     For others, the number of bytes is given by pow(2, bd%3)
-//   - maps are encoded as [bd] [length] [[key][value]]...
-//   - arrays are encoded as [bd] [length] [value]...
-//   - extensions are encoded as [bd] [length] [tag] [byte]...
-//   - strings/bytearrays are encoded as [bd] [length] [byte]...
-//   - time.Time are encoded as [bd] [length] [byte]...
-//
-// The full spec will be published soon.
-type SimpleHandle struct {
-	BasicHandle
-	binaryEncodingType
-	noElemSeparators
-	// EncZeroValuesAsNil says to encode zero values for numbers, bool, string, etc as nil
-	EncZeroValuesAsNil bool
-
-	// _ [1]uint64 // padding
-}
-
-// Name returns the name of the handle: simple
-func (h *SimpleHandle) Name() string { return "simple" }
-
-// SetBytesExt sets an extension
-func (h *SimpleHandle) SetBytesExt(rt reflect.Type, tag uint64, ext BytesExt) (err error) {
-	return h.SetExt(rt, tag, &extWrapper{ext, interfaceExtFailer{}})
-}
-
-func (h *SimpleHandle) hasElemSeparators() bool { return true } // as it implements Write(Map|Array)XXX
-
-func (h *SimpleHandle) newEncDriver(e *Encoder) encDriver {
-	return &simpleEncDriver{e: e, w: e.w, h: h}
-}
-
-func (h *SimpleHandle) newDecDriver(d *Decoder) decDriver {
-	return &simpleDecDriver{d: d, h: h, r: d.r, br: d.bytes}
-}
-
-func (e *simpleEncDriver) reset() {
-	e.c = 0
-	e.w = e.e.w
-}
-
-func (d *simpleDecDriver) reset() {
-	d.c = 0
-	d.r, d.br = d.d.r, d.d.bytes
-	d.bd, d.bdRead = 0, false
-}
-
-var _ decDriver = (*simpleDecDriver)(nil)
-var _ encDriver = (*simpleEncDriver)(nil)
diff --git a/vendor/github.com/vbatts/tar-split/go.mod b/vendor/github.com/vbatts/tar-split/go.mod
new file mode 100644
index 0000000000000..4e934b5c3ada4
--- /dev/null
+++ b/vendor/github.com/vbatts/tar-split/go.mod
@@ -0,0 +1,8 @@
+module github.com/vbatts/tar-split
+
+go 1.15
+
+require (
+	github.com/sirupsen/logrus v1.7.0
+	github.com/urfave/cli v1.22.4
+)
diff --git a/vendor/github.com/vbatts/tar-split/tar/storage/getter.go b/vendor/github.com/vbatts/tar-split/tar/storage/getter.go
index ae11f8ffd4e8f..9fed24aa8983b 100644
--- a/vendor/github.com/vbatts/tar-split/tar/storage/getter.go
+++ b/vendor/github.com/vbatts/tar-split/tar/storage/getter.go
@@ -92,11 +92,12 @@ func NewDiscardFilePutter() FilePutter {
 }
 
 type bitBucketFilePutter struct {
+	buffer [32 * 1024]byte // 32 kB is the buffer size currently used by io.Copy, as of August 2021.
 }
 
 func (bbfp *bitBucketFilePutter) Put(name string, r io.Reader) (int64, []byte, error) {
 	c := crc64.New(CRCTable)
-	i, err := io.Copy(c, r)
+	i, err := io.CopyBuffer(c, r, bbfp.buffer[:])
 	return i, c.Sum(nil), err
 }
 
diff --git a/vendor/github.com/vdemeester/shakers/LICENSE b/vendor/github.com/vdemeester/shakers/LICENSE
deleted file mode 100644
index e9e9e8458794f..0000000000000
--- a/vendor/github.com/vdemeester/shakers/LICENSE
+++ /dev/null
@@ -1,191 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   Copyright 2015-2016 Vincent Demeester
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/vdemeester/shakers/README.md b/vendor/github.com/vdemeester/shakers/README.md
deleted file mode 100644
index 165bc967acc23..0000000000000
--- a/vendor/github.com/vdemeester/shakers/README.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# Shakers
-🐹 + 🐙 = 😽 [![Circle CI](https://circleci.com/gh/vdemeester/shakers.svg?style=svg)](https://circleci.com/gh/vdemeester/shakers)
-
-A collection of `go-check` Checkers to ease the use of it.
-
-## Building and testing it
-
-You need either [docker](https://github.com/docker/docker), or `go`
-and `glide` in order to build and test shakers.
-
-### Using Docker and Makefile
-
-You need to run the ``test-unit`` target. 
-```bash
-$ make test-unit
-docker build -t "shakers-dev:master" .
-# […]
-docker run --rm -it   "shakers-dev:master" ./script/make.sh test-unit
----> Making bundle: test-unit (in .)
-+ go test -cover -coverprofile=cover.out .
-ok      github.com/vdemeester/shakers   0.015s  coverage: 96.0% of statements
-
-Test success
-```
-
-### Using glide and `GO15VENDOREXPERIMENT`
-
-- Get the dependencies with `glide up` (or use `go get` but you have no garantuees over the version of the dependencies)
-- If you're using glide (and not standard `go get`) export `GO15VENDOREXPERIMENT` with `export GO15VENDOREXPERIMENT=1`
-- Run tests with `go test .`
diff --git a/vendor/github.com/vdemeester/shakers/bool.go b/vendor/github.com/vdemeester/shakers/bool.go
deleted file mode 100644
index ab2a993c3dc79..0000000000000
--- a/vendor/github.com/vdemeester/shakers/bool.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package shakers
-
-import (
-	"github.com/go-check/check"
-)
-
-// True checker verifies the obtained value is true
-//
-//    c.Assert(myBool, True)
-//
-var True check.Checker = &boolChecker{
-	&check.CheckerInfo{
-		Name:   "True",
-		Params: []string{"obtained"},
-	},
-	true,
-}
-
-// False checker verifies the obtained value is false
-//
-//    c.Assert(myBool, False)
-//
-var False check.Checker = &boolChecker{
-	&check.CheckerInfo{
-		Name:   "False",
-		Params: []string{"obtained"},
-	},
-	false,
-}
-
-type boolChecker struct {
-	*check.CheckerInfo
-	expected bool
-}
-
-func (checker *boolChecker) Check(params []interface{}, names []string) (bool, string) {
-	return is(checker.expected, params[0])
-}
-
-func is(expected bool, obtained interface{}) (bool, string) {
-	obtainedBool, ok := obtained.(bool)
-	if !ok {
-		return false, "obtained value must be a bool."
-	}
-	return obtainedBool == expected, ""
-}
diff --git a/vendor/github.com/vdemeester/shakers/common.go b/vendor/github.com/vdemeester/shakers/common.go
deleted file mode 100644
index a2245c682afaa..0000000000000
--- a/vendor/github.com/vdemeester/shakers/common.go
+++ /dev/null
@@ -1,310 +0,0 @@
-package shakers
-
-import (
-	"reflect"
-	"time"
-
-	"github.com/go-check/check"
-)
-
-// As a commodity, we bring all check.Checker variables into the current namespace to avoid having
-// to think about check.X versus checker.X.
-var (
-	DeepEquals   = check.DeepEquals
-	ErrorMatches = check.ErrorMatches
-	FitsTypeOf   = check.FitsTypeOf
-	HasLen       = check.HasLen
-	Implements   = check.Implements
-	IsNil        = check.IsNil
-	Matches      = check.Matches
-	Not          = check.Not
-	NotNil       = check.NotNil
-	PanicMatches = check.PanicMatches
-	Panics       = check.Panics
-)
-
-// Equaler is an interface implemented if the type has a Equal method.
-// This is used to compare struct using shakers.Equals.
-type Equaler interface {
-	Equal(Equaler) bool
-}
-
-// Equals checker verifies the obtained value is equal to the specified one.
-// It's is smart in a wait that it supports several *types* (built-in, Equaler,
-// time.Time)
-//
-//    c.Assert(myStruct, Equals, aStruct, check.Commentf("bouuuhh"))
-//    c.Assert(myTime, Equals, aTime, check.Commentf("bouuuhh"))
-//
-var Equals check.Checker = &equalChecker{
-	&check.CheckerInfo{
-		Name:   "Equals",
-		Params: []string{"obtained", "expected"},
-	},
-}
-
-type equalChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *equalChecker) Check(params []interface{}, names []string) (bool, string) {
-	return isEqual(params[0], params[1])
-}
-
-func isEqual(obtained, expected interface{}) (bool, string) {
-	switch obtained.(type) {
-	case time.Time:
-		return timeEquals(obtained, expected)
-	case Equaler:
-		return equalerEquals(obtained, expected)
-	default:
-		if reflect.TypeOf(obtained) != reflect.TypeOf(expected) {
-			return false, "obtained value and expected value have not the same type."
-		}
-		return obtained == expected, ""
-	}
-}
-
-func equalerEquals(obtained, expected interface{}) (bool, string) {
-	expectedEqualer, ok := expected.(Equaler)
-	if !ok {
-		return false, "expected value must be an Equaler - implementing Equal(Equaler)."
-	}
-	obtainedEqualer, ok := obtained.(Equaler)
-	if !ok {
-		return false, "obtained value must be an Equaler - implementing Equal(Equaler)."
-	}
-	return obtainedEqualer.Equal(expectedEqualer), ""
-}
-
-// GreaterThan checker verifies the obtained value is greater than the specified one.
-// It's is smart in a wait that it supports several *types* (built-in, time.Time)
-//
-//    c.Assert(myTime, GreaterThan, aTime, check.Commentf("bouuuhh"))
-//    c.Assert(myInt, GreaterThan, 2, check.Commentf("bouuuhh"))
-//
-var GreaterThan check.Checker = &greaterThanChecker{
-	&check.CheckerInfo{
-		Name:   "GreaterThan",
-		Params: []string{"obtained", "expected"},
-	},
-}
-
-type greaterThanChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *greaterThanChecker) Check(params []interface{}, names []string) (bool, string) {
-	return greaterThan(params[0], params[1])
-}
-
-func greaterThan(obtained, expected interface{}) (bool, string) {
-	if _, ok := obtained.(time.Time); ok {
-		return isAfter(obtained, expected)
-	}
-	if reflect.TypeOf(obtained) != reflect.TypeOf(expected) {
-		return false, "obtained value and expected value have not the same type."
-	}
-	switch v := obtained.(type) {
-	case float32:
-		return v > expected.(float32), ""
-	case float64:
-		return v > expected.(float64), ""
-	case int:
-		return v > expected.(int), ""
-	case int8:
-		return v > expected.(int8), ""
-	case int16:
-		return v > expected.(int16), ""
-	case int32:
-		return v > expected.(int32), ""
-	case int64:
-		return v > expected.(int64), ""
-	case uint:
-		return v > expected.(uint), ""
-	case uint8:
-		return v > expected.(uint8), ""
-	case uint16:
-		return v > expected.(uint16), ""
-	case uint32:
-		return v > expected.(uint32), ""
-	case uint64:
-		return v > expected.(uint64), ""
-	default:
-		return false, "obtained value type not supported."
-	}
-}
-
-// GreaterOrEqualThan checker verifies the obtained value is greater or equal than the specified one.
-// It's is smart in a wait that it supports several *types* (built-in, time.Time)
-//
-//    c.Assert(myTime, GreaterOrEqualThan, aTime, check.Commentf("bouuuhh"))
-//    c.Assert(myInt, GreaterOrEqualThan, 2, check.Commentf("bouuuhh"))
-//
-var GreaterOrEqualThan check.Checker = &greaterOrEqualThanChecker{
-	&check.CheckerInfo{
-		Name:   "GreaterOrEqualThan",
-		Params: []string{"obtained", "expected"},
-	},
-}
-
-type greaterOrEqualThanChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *greaterOrEqualThanChecker) Check(params []interface{}, names []string) (bool, string) {
-	return greaterOrEqualThan(params[0], params[1])
-}
-
-func greaterOrEqualThan(obtained, expected interface{}) (bool, string) {
-	if _, ok := obtained.(time.Time); ok {
-		return isAfter(obtained, expected)
-	}
-	if reflect.TypeOf(obtained) != reflect.TypeOf(expected) {
-		return false, "obtained value and expected value have not the same type."
-	}
-	switch v := obtained.(type) {
-	case float32:
-		return v >= expected.(float32), ""
-	case float64:
-		return v >= expected.(float64), ""
-	case int:
-		return v >= expected.(int), ""
-	case int8:
-		return v >= expected.(int8), ""
-	case int16:
-		return v >= expected.(int16), ""
-	case int32:
-		return v >= expected.(int32), ""
-	case int64:
-		return v >= expected.(int64), ""
-	case uint:
-		return v >= expected.(uint), ""
-	case uint8:
-		return v >= expected.(uint8), ""
-	case uint16:
-		return v >= expected.(uint16), ""
-	case uint32:
-		return v >= expected.(uint32), ""
-	case uint64:
-		return v >= expected.(uint64), ""
-	default:
-		return false, "obtained value type not supported."
-	}
-}
-
-// LessThan checker verifies the obtained value is less than the specified one.
-// It's is smart in a wait that it supports several *types* (built-in, time.Time)
-//
-//    c.Assert(myTime, LessThan, aTime, check.Commentf("bouuuhh"))
-//    c.Assert(myInt, LessThan, 2, check.Commentf("bouuuhh"))
-//
-var LessThan check.Checker = &lessThanChecker{
-	&check.CheckerInfo{
-		Name:   "LessThan",
-		Params: []string{"obtained", "expected"},
-	},
-}
-
-type lessThanChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *lessThanChecker) Check(params []interface{}, names []string) (bool, string) {
-	return lessThan(params[0], params[1])
-}
-
-func lessThan(obtained, expected interface{}) (bool, string) {
-	if _, ok := obtained.(time.Time); ok {
-		return isBefore(obtained, expected)
-	}
-	if reflect.TypeOf(obtained) != reflect.TypeOf(expected) {
-		return false, "obtained value and expected value have not the same type."
-	}
-	switch v := obtained.(type) {
-	case float32:
-		return v < expected.(float32), ""
-	case float64:
-		return v < expected.(float64), ""
-	case int:
-		return v < expected.(int), ""
-	case int8:
-		return v < expected.(int8), ""
-	case int16:
-		return v < expected.(int16), ""
-	case int32:
-		return v < expected.(int32), ""
-	case int64:
-		return v < expected.(int64), ""
-	case uint:
-		return v < expected.(uint), ""
-	case uint8:
-		return v < expected.(uint8), ""
-	case uint16:
-		return v < expected.(uint16), ""
-	case uint32:
-		return v < expected.(uint32), ""
-	case uint64:
-		return v < expected.(uint64), ""
-	default:
-		return false, "obtained value type not supported."
-	}
-}
-
-// LessOrEqualThan checker verifies the obtained value is less or equal than the specified one.
-// It's is smart in a wait that it supports several *types* (built-in, time.Time)
-//
-//    c.Assert(myTime, LessThan, aTime, check.Commentf("bouuuhh"))
-//    c.Assert(myInt, LessThan, 2, check.Commentf("bouuuhh"))
-//
-var LessOrEqualThan check.Checker = &lessOrEqualThanChecker{
-	&check.CheckerInfo{
-		Name:   "LessOrEqualThan",
-		Params: []string{"obtained", "expected"},
-	},
-}
-
-type lessOrEqualThanChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *lessOrEqualThanChecker) Check(params []interface{}, names []string) (bool, string) {
-	return lessOrEqualThan(params[0], params[1])
-}
-
-func lessOrEqualThan(obtained, expected interface{}) (bool, string) {
-	if _, ok := obtained.(time.Time); ok {
-		return isBefore(obtained, expected)
-	}
-	if reflect.TypeOf(obtained) != reflect.TypeOf(expected) {
-		return false, "obtained value and expected value have not the same type."
-	}
-	switch v := obtained.(type) {
-	case float32:
-		return v <= expected.(float32), ""
-	case float64:
-		return v <= expected.(float64), ""
-	case int:
-		return v <= expected.(int), ""
-	case int8:
-		return v <= expected.(int8), ""
-	case int16:
-		return v <= expected.(int16), ""
-	case int32:
-		return v <= expected.(int32), ""
-	case int64:
-		return v <= expected.(int64), ""
-	case uint:
-		return v <= expected.(uint), ""
-	case uint8:
-		return v <= expected.(uint8), ""
-	case uint16:
-		return v <= expected.(uint16), ""
-	case uint32:
-		return v <= expected.(uint32), ""
-	case uint64:
-		return v <= expected.(uint64), ""
-	default:
-		return false, "obtained value type not supported."
-	}
-}
diff --git a/vendor/github.com/vdemeester/shakers/string.go b/vendor/github.com/vdemeester/shakers/string.go
deleted file mode 100644
index 75ecb10d509b1..0000000000000
--- a/vendor/github.com/vdemeester/shakers/string.go
+++ /dev/null
@@ -1,168 +0,0 @@
-// Package shakers provide some checker implementation the go-check.Checker interface.
-package shakers
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/go-check/check"
-)
-
-// Contains checker verifies that obtained value contains a substring.
-var Contains check.Checker = &substringChecker{
-	&check.CheckerInfo{
-		Name:   "Contains",
-		Params: []string{"obtained", "substring"},
-	},
-	strings.Contains,
-}
-
-// ContainsAny checker verifies that any Unicode code points in chars
-// are in the obtained string.
-var ContainsAny check.Checker = &substringChecker{
-	&check.CheckerInfo{
-		Name:   "ContainsAny",
-		Params: []string{"obtained", "chars"},
-	},
-	strings.ContainsAny,
-}
-
-// HasPrefix checker verifies that obtained value has the specified substring as prefix
-var HasPrefix check.Checker = &substringChecker{
-	&check.CheckerInfo{
-		Name:   "HasPrefix",
-		Params: []string{"obtained", "prefix"},
-	},
-	strings.HasPrefix,
-}
-
-// HasSuffix checker verifies that obtained value has the specified substring as prefix
-var HasSuffix check.Checker = &substringChecker{
-	&check.CheckerInfo{
-		Name:   "HasSuffix",
-		Params: []string{"obtained", "suffix"},
-	},
-	strings.HasSuffix,
-}
-
-// EqualFold checker verifies that obtained value is, interpreted as UTF-8 strings, are equal under Unicode case-folding.
-var EqualFold check.Checker = &substringChecker{
-	&check.CheckerInfo{
-		Name:   "EqualFold",
-		Params: []string{"obtained", "expected"},
-	},
-	strings.EqualFold,
-}
-
-type substringChecker struct {
-	*check.CheckerInfo
-	substringFunction func(string, string) bool
-}
-
-func (checker *substringChecker) Check(params []interface{}, names []string) (bool, string) {
-	obtained := params[0]
-	substring := params[1]
-	substringStr, ok := substring.(string)
-	if !ok {
-		return false, fmt.Sprintf("%s value must be a string.", names[1])
-	}
-	obtainedString, obtainedIsStr := obtained.(string)
-	if !obtainedIsStr {
-		if obtainedWithStringer, obtainedHasStringer := obtained.(fmt.Stringer); obtainedHasStringer {
-			obtainedString, obtainedIsStr = obtainedWithStringer.String(), true
-		}
-	}
-	if obtainedIsStr {
-		return checker.substringFunction(obtainedString, substringStr), ""
-	}
-	return false, "obtained value is not a string and has no .String()."
-}
-
-// IndexAny checker verifies that the index of the first instance of any Unicode code point from chars in the obtained value is equal to expected
-var IndexAny check.Checker = &substringCountChecker{
-	&check.CheckerInfo{
-		Name:   "IndexAny",
-		Params: []string{"obtained", "chars", "expected"},
-	},
-	strings.IndexAny,
-}
-
-// Index checker verifies that the index of the first instance of sep in the obtained value is equal to expected
-var Index check.Checker = &substringCountChecker{
-	&check.CheckerInfo{
-		Name:   "Index",
-		Params: []string{"obtained", "sep", "expected"},
-	},
-	strings.Index,
-}
-
-// Count checker verifies that obtained value has the specified number of non-overlapping instances of sep
-var Count check.Checker = &substringCountChecker{
-	&check.CheckerInfo{
-		Name:   "Count",
-		Params: []string{"obtained", "sep", "expected"},
-	},
-	strings.Count,
-}
-
-type substringCountChecker struct {
-	*check.CheckerInfo
-	substringFunction func(string, string) int
-}
-
-func (checker *substringCountChecker) Check(params []interface{}, names []string) (bool, string) {
-	obtained := params[0]
-	substring := params[1]
-	expected := params[2]
-	substringStr, ok := substring.(string)
-	if !ok {
-		return false, fmt.Sprintf("%s value must be a string.", names[1])
-	}
-	obtainedString, obtainedIsStr := obtained.(string)
-	if !obtainedIsStr {
-		if obtainedWithStringer, obtainedHasStringer := obtained.(fmt.Stringer); obtainedHasStringer {
-			obtainedString, obtainedIsStr = obtainedWithStringer.String(), true
-		}
-	}
-	if obtainedIsStr {
-		return checker.substringFunction(obtainedString, substringStr) == expected, ""
-	}
-	return false, "obtained value is not a string and has no .String()."
-}
-
-// IsLower checker verifies that the obtained value is in lower case
-var IsLower check.Checker = &stringTransformChecker{
-	&check.CheckerInfo{
-		Name:   "IsLower",
-		Params: []string{"obtained"},
-	},
-	strings.ToLower,
-}
-
-// IsUpper checker verifies that the obtained value is in lower case
-var IsUpper check.Checker = &stringTransformChecker{
-	&check.CheckerInfo{
-		Name:   "IsUpper",
-		Params: []string{"obtained"},
-	},
-	strings.ToUpper,
-}
-
-type stringTransformChecker struct {
-	*check.CheckerInfo
-	stringFunction func(string) string
-}
-
-func (checker *stringTransformChecker) Check(params []interface{}, names []string) (bool, string) {
-	obtained := params[0]
-	obtainedString, obtainedIsStr := obtained.(string)
-	if !obtainedIsStr {
-		if obtainedWithStringer, obtainedHasStringer := obtained.(fmt.Stringer); obtainedHasStringer {
-			obtainedString, obtainedIsStr = obtainedWithStringer.String(), true
-		}
-	}
-	if obtainedIsStr {
-		return checker.stringFunction(obtainedString) == obtainedString, ""
-	}
-	return false, "obtained value is not a string and has no .String()."
-}
diff --git a/vendor/github.com/vdemeester/shakers/time.go b/vendor/github.com/vdemeester/shakers/time.go
deleted file mode 100644
index 0da8d005980c7..0000000000000
--- a/vendor/github.com/vdemeester/shakers/time.go
+++ /dev/null
@@ -1,234 +0,0 @@
-package shakers
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/go-check/check"
-)
-
-// Default format when parsing (in addition to RFC and default time formats..)
-const shortForm = "2006-01-02"
-
-// IsBefore checker verifies the specified value is before the specified time.
-// It is exclusive.
-//
-//    c.Assert(myTime, IsBefore, theTime, check.Commentf("bouuuhhh"))
-//
-var IsBefore check.Checker = &isBeforeChecker{
-	&check.CheckerInfo{
-		Name:   "IsBefore",
-		Params: []string{"obtained", "expected"},
-	},
-}
-
-type isBeforeChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *isBeforeChecker) Check(params []interface{}, names []string) (bool, string) {
-	return isBefore(params[0], params[1])
-}
-
-func isBefore(value, t interface{}) (bool, string) {
-	tTime, ok := parseTime(t)
-	if !ok {
-		return false, "expected must be a Time struct, or parseable."
-	}
-	valueTime, valueIsTime := parseTime(value)
-	if valueIsTime {
-		return valueTime.Before(tTime), ""
-	}
-	return false, "obtained value is not a time.Time struct or parseable as a time."
-}
-
-// IsAfter checker verifies the specified value is before the specified time.
-// It is exclusive.
-//
-//    c.Assert(myTime, IsAfter, theTime, check.Commentf("bouuuhhh"))
-//
-var IsAfter check.Checker = &isAfterChecker{
-	&check.CheckerInfo{
-		Name:   "IsAfter",
-		Params: []string{"obtained", "expected"},
-	},
-}
-
-type isAfterChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *isAfterChecker) Check(params []interface{}, names []string) (bool, string) {
-	return isAfter(params[0], params[1])
-}
-
-func isAfter(value, t interface{}) (bool, string) {
-	tTime, ok := parseTime(t)
-	if !ok {
-		return false, "expected must be a Time struct, or parseable."
-	}
-	valueTime, valueIsTime := parseTime(value)
-	if valueIsTime {
-		return valueTime.After(tTime), ""
-	}
-	return false, "obtained value is not a time.Time struct or parseable as a time."
-}
-
-// IsBetween checker verifies the specified time is between the specified start
-// and end. It's exclusive so if the specified time is at the tip of the interval.
-//
-//    c.Assert(myTime, IsBetween, startTime, endTime, check.Commentf("bouuuhhh"))
-//
-var IsBetween check.Checker = &isBetweenChecker{
-	&check.CheckerInfo{
-		Name:   "IsBetween",
-		Params: []string{"obtained", "start", "end"},
-	},
-}
-
-type isBetweenChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *isBetweenChecker) Check(params []interface{}, names []string) (bool, string) {
-	return isBetween(params[0], params[1], params[2])
-}
-
-func isBetween(value, start, end interface{}) (bool, string) {
-	startTime, ok := parseTime(start)
-	if !ok {
-		return false, "start must be a Time struct, or parseable."
-	}
-	endTime, ok := parseTime(end)
-	if !ok {
-		return false, "end must be a Time struct, or parseable."
-	}
-	valueTime, valueIsTime := parseTime(value)
-	if valueIsTime {
-		return valueTime.After(startTime) && valueTime.Before(endTime), ""
-	}
-	return false, "obtained value is not a time.Time struct or parseable as a time."
-}
-
-// TimeEquals checker verifies the specified time is the equal to the expected
-// time.
-//
-//    c.Assert(myTime, TimeEquals, expected, check.Commentf("bouhhh"))
-//
-// It's possible to ignore some part of the time (like hours, minutes, etc..) using
-// the TimeIgnore checker with it.
-//
-//    c.Assert(myTime, TimeIgnore(TimeEquals, time.Hour), expected, check.Commentf("... bouh.."))
-//
-var TimeEquals check.Checker = &timeEqualsChecker{
-	&check.CheckerInfo{
-		Name:   "TimeEquals",
-		Params: []string{"obtained", "expected"},
-	},
-}
-
-type timeEqualsChecker struct {
-	*check.CheckerInfo
-}
-
-func (checker *timeEqualsChecker) Check(params []interface{}, names []string) (bool, string) {
-	return timeEquals(params[0], params[1])
-}
-
-func timeEquals(obtained, expected interface{}) (bool, string) {
-	expectedTime, ok := parseTime(expected)
-	if !ok {
-		return false, "expected must be a Time struct, or parseable."
-	}
-	valueTime, valueIsTime := parseTime(obtained)
-	if valueIsTime {
-		return valueTime.Equal(expectedTime), ""
-	}
-	return false, "obtained value is not a time.Time struct or parseable as a time."
-}
-
-// TimeIgnore checker will ignore some part of the time on the encapsulated checker.
-//
-//    c.Assert(myTime, TimeIgnore(IsBetween, time.Second), start, end)
-//
-// FIXME use interface{} for ignore (to enable "Month", ..
-func TimeIgnore(checker check.Checker, ignore time.Duration) check.Checker {
-	return &timeIgnoreChecker{
-		sub:    checker,
-		ignore: ignore,
-	}
-}
-
-type timeIgnoreChecker struct {
-	sub    check.Checker
-	ignore time.Duration
-}
-
-func (checker *timeIgnoreChecker) Info() *check.CheckerInfo {
-	info := *checker.sub.Info()
-	info.Name = fmt.Sprintf("TimeIgnore(%s, %v)", info.Name, checker.ignore)
-	return &info
-}
-
-func (checker *timeIgnoreChecker) Check(params []interface{}, names []string) (bool, string) {
-	// Naive implementation : all params are supposed to be date
-	mParams := make([]interface{}, len(params))
-	for index, param := range params {
-		paramTime, ok := parseTime(param)
-		if !ok {
-			return false, fmt.Sprintf("%s must be a Time struct, or parseable.", names[index])
-		}
-		year := paramTime.Year()
-		month := paramTime.Month()
-		day := paramTime.Day()
-		hour := paramTime.Hour()
-		min := paramTime.Minute()
-		sec := paramTime.Second()
-		nsec := paramTime.Nanosecond()
-		location := paramTime.Location()
-		switch checker.ignore {
-		case time.Hour:
-			hour = 0
-			fallthrough
-		case time.Minute:
-			min = 0
-			fallthrough
-		case time.Second:
-			sec = 0
-			fallthrough
-		case time.Millisecond:
-			fallthrough
-		case time.Microsecond:
-			fallthrough
-		case time.Nanosecond:
-			nsec = 0
-		}
-		mParams[index] = time.Date(year, month, day, hour, min, sec, nsec, location)
-	}
-	return checker.sub.Check(mParams, names)
-}
-
-func parseTime(datetime interface{}) (time.Time, bool) {
-	switch datetime.(type) {
-	case time.Time:
-		return datetime.(time.Time), true
-	case string:
-		return parseTimeAsString(datetime.(string))
-	default:
-		if datetimeWithStr, ok := datetime.(fmt.Stringer); ok {
-			return parseTimeAsString(datetimeWithStr.String())
-		}
-		return time.Time{}, false
-	}
-}
-
-func parseTimeAsString(timeAsStr string) (time.Time, bool) {
-	forms := []string{shortForm, time.RFC3339, time.RFC3339Nano, time.RFC822, time.RFC822Z}
-	for _, form := range forms {
-		datetime, err := time.Parse(form, timeAsStr)
-		if err == nil {
-			return datetime, true
-		}
-	}
-	return time.Time{}, false
-}
diff --git a/vendor/github.com/vishvananda/netlink/README.md b/vendor/github.com/vishvananda/netlink/README.md
index 0b61be217e0be..a88e2f418409b 100644
--- a/vendor/github.com/vishvananda/netlink/README.md
+++ b/vendor/github.com/vishvananda/netlink/README.md
@@ -89,3 +89,4 @@ There are also a few pieces of low level netlink functionality that still
 need to be implemented. Routing rules are not in place and some of the
 more advanced link types. Hopefully there is decent structure and testing
 in place to make these fairly straightforward to add.
+
diff --git a/vendor/github.com/vishvananda/netlink/addr_linux.go b/vendor/github.com/vishvananda/netlink/addr_linux.go
index 8808b42d9b660..28746d5afecda 100644
--- a/vendor/github.com/vishvananda/netlink/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/addr_linux.go
@@ -8,47 +8,71 @@ import (
 
 	"github.com/vishvananda/netlink/nl"
 	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 // IFA_FLAGS is a u32 attribute.
 const IFA_FLAGS = 0x8
 
 // AddrAdd will add an IP address to a link device.
+//
 // Equivalent to: `ip addr add $addr dev $link`
+//
+// If `addr` is an IPv4 address and the broadcast address is not given, it
+// will be automatically computed based on the IP mask if /30 or larger.
 func AddrAdd(link Link, addr *Addr) error {
 	return pkgHandle.AddrAdd(link, addr)
 }
 
 // AddrAdd will add an IP address to a link device.
+//
 // Equivalent to: `ip addr add $addr dev $link`
+//
+// If `addr` is an IPv4 address and the broadcast address is not given, it
+// will be automatically computed based on the IP mask if /30 or larger.
 func (h *Handle) AddrAdd(link Link, addr *Addr) error {
-	req := h.newNetlinkRequest(syscall.RTM_NEWADDR, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_NEWADDR, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
 	return h.addrHandle(link, addr, req)
 }
 
 // AddrReplace will replace (or, if not present, add) an IP address on a link device.
+//
 // Equivalent to: `ip addr replace $addr dev $link`
+//
+// If `addr` is an IPv4 address and the broadcast address is not given, it
+// will be automatically computed based on the IP mask if /30 or larger.
 func AddrReplace(link Link, addr *Addr) error {
 	return pkgHandle.AddrReplace(link, addr)
 }
 
 // AddrReplace will replace (or, if not present, add) an IP address on a link device.
+//
 // Equivalent to: `ip addr replace $addr dev $link`
+//
+// If `addr` is an IPv4 address and the broadcast address is not given, it
+// will be automatically computed based on the IP mask if /30 or larger.
 func (h *Handle) AddrReplace(link Link, addr *Addr) error {
-	req := h.newNetlinkRequest(syscall.RTM_NEWADDR, syscall.NLM_F_CREATE|syscall.NLM_F_REPLACE|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_NEWADDR, unix.NLM_F_CREATE|unix.NLM_F_REPLACE|unix.NLM_F_ACK)
 	return h.addrHandle(link, addr, req)
 }
 
 // AddrDel will delete an IP address from a link device.
+//
 // Equivalent to: `ip addr del $addr dev $link`
+//
+// If `addr` is an IPv4 address and the broadcast address is not given, it
+// will be automatically computed based on the IP mask if /30 or larger.
 func AddrDel(link Link, addr *Addr) error {
 	return pkgHandle.AddrDel(link, addr)
 }
 
 // AddrDel will delete an IP address from a link device.
 // Equivalent to: `ip addr del $addr dev $link`
+//
+// If `addr` is an IPv4 address and the broadcast address is not given, it
+// will be automatically computed based on the IP mask if /30 or larger.
 func (h *Handle) AddrDel(link Link, addr *Addr) error {
-	req := h.newNetlinkRequest(syscall.RTM_DELADDR, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_DELADDR, unix.NLM_F_ACK)
 	return h.addrHandle(link, addr, req)
 }
 
@@ -64,7 +88,11 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
 	msg := nl.NewIfAddrmsg(family)
 	msg.Index = uint32(base.Index)
 	msg.Scope = uint8(addr.Scope)
-	prefixlen, masklen := addr.Mask.Size()
+	mask := addr.Mask
+	if addr.Peer != nil {
+		mask = addr.Peer.Mask
+	}
+	prefixlen, masklen := mask.Size()
 	msg.Prefixlen = uint8(prefixlen)
 	req.AddData(msg)
 
@@ -75,7 +103,7 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
 		localAddrData = addr.IP.To16()
 	}
 
-	localData := nl.NewRtAttr(syscall.IFA_LOCAL, localAddrData)
+	localData := nl.NewRtAttr(unix.IFA_LOCAL, localAddrData)
 	req.AddData(localData)
 	var peerAddrData []byte
 	if addr.Peer != nil {
@@ -88,7 +116,7 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
 		peerAddrData = localAddrData
 	}
 
-	addressData := nl.NewRtAttr(syscall.IFA_ADDRESS, peerAddrData)
+	addressData := nl.NewRtAttr(unix.IFA_ADDRESS, peerAddrData)
 	req.AddData(addressData)
 
 	if addr.Flags != 0 {
@@ -102,21 +130,40 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
 		}
 	}
 
-	if addr.Broadcast == nil {
-		calcBroadcast := make(net.IP, masklen/8)
-		for i := range localAddrData {
-			calcBroadcast[i] = localAddrData[i] | ^addr.Mask[i]
+	if family == FAMILY_V4 {
+		// Automatically set the broadcast address if it is unset and the
+		// subnet is large enough to sensibly have one (/30 or larger).
+		// See: RFC 3021
+		if addr.Broadcast == nil && prefixlen < 31 {
+			calcBroadcast := make(net.IP, masklen/8)
+			for i := range localAddrData {
+				calcBroadcast[i] = localAddrData[i] | ^mask[i]
+			}
+			addr.Broadcast = calcBroadcast
+		}
+
+		if addr.Broadcast != nil {
+			req.AddData(nl.NewRtAttr(unix.IFA_BROADCAST, addr.Broadcast))
+		}
+
+		if addr.Label != "" {
+			labelData := nl.NewRtAttr(unix.IFA_LABEL, nl.ZeroTerminated(addr.Label))
+			req.AddData(labelData)
 		}
-		addr.Broadcast = calcBroadcast
 	}
-	req.AddData(nl.NewRtAttr(syscall.IFA_BROADCAST, addr.Broadcast))
 
-	if addr.Label != "" {
-		labelData := nl.NewRtAttr(syscall.IFA_LABEL, nl.ZeroTerminated(addr.Label))
-		req.AddData(labelData)
+	// 0 is the default value for these attributes. However, 0 means "expired", while the least-surprising default
+	// value should be "forever". To compensate for that, only add the attributes if at least one of the values is
+	// non-zero, which means the caller has explicitly set them
+	if addr.ValidLft > 0 || addr.PreferedLft > 0 {
+		cachedata := nl.IfaCacheInfo{
+			IfaValid:    uint32(addr.ValidLft),
+			IfaPrefered: uint32(addr.PreferedLft),
+		}
+		req.AddData(nl.NewRtAttr(unix.IFA_CACHEINFO, cachedata.Serialize()))
 	}
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -131,11 +178,11 @@ func AddrList(link Link, family int) ([]Addr, error) {
 // Equivalent to: `ip addr show`.
 // The list can be filtered by link and ip family.
 func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETADDR, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(unix.RTM_GETADDR, unix.NLM_F_DUMP)
 	msg := nl.NewIfInfomsg(family)
 	req.AddData(msg)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWADDR)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWADDR)
 	if err != nil {
 		return nil, err
 	}
@@ -187,21 +234,25 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) {
 	var local, dst *net.IPNet
 	for _, attr := range attrs {
 		switch attr.Attr.Type {
-		case syscall.IFA_ADDRESS:
+		case unix.IFA_ADDRESS:
 			dst = &net.IPNet{
 				IP:   attr.Value,
 				Mask: net.CIDRMask(int(msg.Prefixlen), 8*len(attr.Value)),
 			}
-			addr.Peer = dst
-		case syscall.IFA_LOCAL:
+		case unix.IFA_LOCAL:
+			// iproute2 manual:
+			// If a peer address is specified, the local address
+			// cannot have a prefix length. The network prefix is
+			// associated with the peer rather than with the local
+			// address.
+			n := 8 * len(attr.Value)
 			local = &net.IPNet{
 				IP:   attr.Value,
-				Mask: net.CIDRMask(int(msg.Prefixlen), 8*len(attr.Value)),
+				Mask: net.CIDRMask(n, n),
 			}
-			addr.IPNet = local
-		case syscall.IFA_BROADCAST:
+		case unix.IFA_BROADCAST:
 			addr.Broadcast = attr.Value
-		case syscall.IFA_LABEL:
+		case unix.IFA_LABEL:
 			addr.Label = string(attr.Value[:len(attr.Value)-1])
 		case IFA_FLAGS:
 			addr.Flags = int(native.Uint32(attr.Value[0:4]))
@@ -212,12 +263,24 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) {
 		}
 	}
 
-	// IFA_LOCAL should be there but if not, fall back to IFA_ADDRESS
+	// libnl addr.c comment:
+	// IPv6 sends the local address as IFA_ADDRESS with no
+	// IFA_LOCAL, IPv4 sends both IFA_LOCAL and IFA_ADDRESS
+	// with IFA_ADDRESS being the peer address if they differ
+	//
+	// But obviously, as there are IPv6 PtP addresses, too,
+	// IFA_LOCAL should also be handled for IPv6.
 	if local != nil {
-		addr.IPNet = local
+		if family == FAMILY_V4 && local.IP.Equal(dst.IP) {
+			addr.IPNet = dst
+		} else {
+			addr.IPNet = local
+			addr.Peer = dst
+		}
 	} else {
 		addr.IPNet = dst
 	}
+
 	addr.Scope = int(msg.Scope)
 
 	return
@@ -236,20 +299,22 @@ type AddrUpdate struct {
 // AddrSubscribe takes a chan down which notifications will be sent
 // when addresses change.  Close the 'done' chan to stop subscription.
 func AddrSubscribe(ch chan<- AddrUpdate, done <-chan struct{}) error {
-	return addrSubscribeAt(netns.None(), netns.None(), ch, done, nil)
+	return addrSubscribeAt(netns.None(), netns.None(), ch, done, nil, false, 0)
 }
 
 // AddrSubscribeAt works like AddrSubscribe plus it allows the caller
 // to choose the network namespace in which to subscribe (ns).
 func AddrSubscribeAt(ns netns.NsHandle, ch chan<- AddrUpdate, done <-chan struct{}) error {
-	return addrSubscribeAt(ns, netns.None(), ch, done, nil)
+	return addrSubscribeAt(ns, netns.None(), ch, done, nil, false, 0)
 }
 
 // AddrSubscribeOptions contains a set of options to use with
 // AddrSubscribeWithOptions.
 type AddrSubscribeOptions struct {
-	Namespace     *netns.NsHandle
-	ErrorCallback func(error)
+	Namespace         *netns.NsHandle
+	ErrorCallback     func(error)
+	ListExisting      bool
+	ReceiveBufferSize int
 }
 
 // AddrSubscribeWithOptions work like AddrSubscribe but enable to
@@ -260,11 +325,11 @@ func AddrSubscribeWithOptions(ch chan<- AddrUpdate, done <-chan struct{}, option
 		none := netns.None()
 		options.Namespace = &none
 	}
-	return addrSubscribeAt(*options.Namespace, netns.None(), ch, done, options.ErrorCallback)
+	return addrSubscribeAt(*options.Namespace, netns.None(), ch, done, options.ErrorCallback, options.ListExisting, options.ReceiveBufferSize)
 }
 
-func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-chan struct{}, cberr func(error)) error {
-	s, err := nl.SubscribeAt(newNs, curNs, syscall.NETLINK_ROUTE, syscall.RTNLGRP_IPV4_IFADDR, syscall.RTNLGRP_IPV6_IFADDR)
+func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-chan struct{}, cberr func(error), listExisting bool, rcvbuf int) error {
+	s, err := nl.SubscribeAt(newNs, curNs, unix.NETLINK_ROUTE, unix.RTNLGRP_IPV4_IFADDR, unix.RTNLGRP_IPV6_IFADDR)
 	if err != nil {
 		return err
 	}
@@ -274,23 +339,59 @@ func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-c
 			s.Close()
 		}()
 	}
+	if rcvbuf != 0 {
+		err = pkgHandle.SetSocketReceiveBufferSize(rcvbuf, false)
+		if err != nil {
+			return err
+		}
+	}
+	if listExisting {
+		req := pkgHandle.newNetlinkRequest(unix.RTM_GETADDR,
+			unix.NLM_F_DUMP)
+		infmsg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+		req.AddData(infmsg)
+		if err := s.Send(req); err != nil {
+			return err
+		}
+	}
 	go func() {
 		defer close(ch)
 		for {
-			msgs, err := s.Receive()
+			msgs, from, err := s.Receive()
 			if err != nil {
 				if cberr != nil {
 					cberr(err)
 				}
 				return
 			}
+			if from.Pid != nl.PidKernel {
+				if cberr != nil {
+					cberr(fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel))
+				}
+				continue
+			}
 			for _, m := range msgs {
+				if m.Header.Type == unix.NLMSG_DONE {
+					continue
+				}
+				if m.Header.Type == unix.NLMSG_ERROR {
+					native := nl.NativeEndian()
+					error := int32(native.Uint32(m.Data[0:4]))
+					if error == 0 {
+						continue
+					}
+					if cberr != nil {
+						cberr(fmt.Errorf("error message: %v",
+							syscall.Errno(-error)))
+					}
+					continue
+				}
 				msgType := m.Header.Type
-				if msgType != syscall.RTM_NEWADDR && msgType != syscall.RTM_DELADDR {
+				if msgType != unix.RTM_NEWADDR && msgType != unix.RTM_DELADDR {
 					if cberr != nil {
 						cberr(fmt.Errorf("bad message type: %d", msgType))
 					}
-					return
+					continue
 				}
 
 				addr, _, ifindex, err := parseAddr(m.Data)
@@ -298,12 +399,12 @@ func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-c
 					if cberr != nil {
 						cberr(fmt.Errorf("could not parse address: %v", err))
 					}
-					return
+					continue
 				}
 
 				ch <- AddrUpdate{LinkAddress: *addr.IPNet,
 					LinkIndex:   ifindex,
-					NewAddr:     msgType == syscall.RTM_NEWADDR,
+					NewAddr:     msgType == unix.RTM_NEWADDR,
 					Flags:       addr.Flags,
 					Scope:       addr.Scope,
 					PreferedLft: addr.PreferedLft,
diff --git a/vendor/github.com/vishvananda/netlink/bpf_linux.go b/vendor/github.com/vishvananda/netlink/bpf_linux.go
index 533743987a90d..6631626bfc06a 100644
--- a/vendor/github.com/vishvananda/netlink/bpf_linux.go
+++ b/vendor/github.com/vishvananda/netlink/bpf_linux.go
@@ -1,49 +1,12 @@
 package netlink
 
-/*
-#include <asm/types.h>
-#include <asm/unistd.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdint.h>
-#include <unistd.h>
+import (
+	"unsafe"
 
-static int load_simple_bpf(int prog_type, int ret) {
-#ifdef __NR_bpf
-	// { return ret; }
-	__u64 __attribute__((aligned(8))) insns[] = {
-		0x00000000000000b7ull | ((__u64)ret<<32),
-		0x0000000000000095ull,
-	};
-	__u8 __attribute__((aligned(8))) license[] = "ASL2";
-	// Copied from a header file since libc is notoriously slow to update.
-	// The call will succeed or fail and that will be our indication on
-	// whether or not it is supported.
-	struct {
-		__u32 prog_type;
-		__u32 insn_cnt;
-		__u64 insns;
-		__u64 license;
-		__u32 log_level;
-		__u32 log_size;
-		__u64 log_buf;
-		__u32 kern_version;
-	} __attribute__((aligned(8))) attr = {
-		.prog_type = prog_type,
-		.insn_cnt = 2,
-		.insns = (uintptr_t)&insns,
-		.license = (uintptr_t)&license,
-	};
-	return syscall(__NR_bpf, 5, &attr, sizeof(attr));
-#else
-	errno = EINVAL;
-	return -1;
-#endif
-}
-*/
-import "C"
+	"golang.org/x/sys/unix"
+)
 
-type BpfProgType C.int
+type BpfProgType uint32
 
 const (
 	BPF_PROG_TYPE_UNSPEC BpfProgType = iota
@@ -55,8 +18,36 @@ const (
 	BPF_PROG_TYPE_XDP
 )
 
-// loadSimpleBpf loads a trivial bpf program for testing purposes
-func loadSimpleBpf(progType BpfProgType, ret int) (int, error) {
-	fd, err := C.load_simple_bpf(C.int(progType), C.int(ret))
-	return int(fd), err
+type BPFAttr struct {
+	ProgType    uint32
+	InsnCnt     uint32
+	Insns       uintptr
+	License     uintptr
+	LogLevel    uint32
+	LogSize     uint32
+	LogBuf      uintptr
+	KernVersion uint32
+}
+
+// loadSimpleBpf loads a trivial bpf program for testing purposes.
+func loadSimpleBpf(progType BpfProgType, ret uint32) (int, error) {
+	insns := []uint64{
+		0x00000000000000b7 | (uint64(ret) << 32),
+		0x0000000000000095,
+	}
+	license := []byte{'A', 'S', 'L', '2', '\x00'}
+	attr := BPFAttr{
+		ProgType: uint32(progType),
+		InsnCnt:  uint32(len(insns)),
+		Insns:    uintptr(unsafe.Pointer(&insns[0])),
+		License:  uintptr(unsafe.Pointer(&license[0])),
+	}
+	fd, _, errno := unix.Syscall(unix.SYS_BPF,
+		5, /* bpf cmd */
+		uintptr(unsafe.Pointer(&attr)),
+		unsafe.Sizeof(attr))
+	if errno != 0 {
+		return 0, errno
+	}
+	return int(fd), nil
 }
diff --git a/vendor/github.com/vishvananda/netlink/bridge_linux.go b/vendor/github.com/vishvananda/netlink/bridge_linux.go
index a65d6a1319a5b..6e1224c47b8f1 100644
--- a/vendor/github.com/vishvananda/netlink/bridge_linux.go
+++ b/vendor/github.com/vishvananda/netlink/bridge_linux.go
@@ -2,9 +2,9 @@ package netlink
 
 import (
 	"fmt"
-	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 // BridgeVlanList gets a map of device id to bridge vlan infos.
@@ -16,12 +16,12 @@ func BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
 // BridgeVlanList gets a map of device id to bridge vlan infos.
 // Equivalent to: `bridge vlan show`
 func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETLINK, syscall.NLM_F_DUMP)
-	msg := nl.NewIfInfomsg(syscall.AF_BRIDGE)
+	req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP)
+	msg := nl.NewIfInfomsg(unix.AF_BRIDGE)
 	req.AddData(msg)
-	req.AddData(nl.NewRtAttr(nl.IFLA_EXT_MASK, nl.Uint32Attr(uint32(nl.RTEXT_FILTER_BRVLAN))))
+	req.AddData(nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(uint32(nl.RTEXT_FILTER_BRVLAN))))
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWLINK)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
 	if err != nil {
 		return nil, err
 	}
@@ -35,7 +35,7 @@ func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
 		}
 		for _, attr := range attrs {
 			switch attr.Attr.Type {
-			case nl.IFLA_AF_SPEC:
+			case unix.IFLA_AF_SPEC:
 				//nested attr
 				nestAttrs, err := nl.ParseRouteAttr(attr.Value)
 				if err != nil {
@@ -63,7 +63,7 @@ func BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) err
 // BridgeVlanAdd adds a new vlan filter entry
 // Equivalent to: `bridge vlan add dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`
 func (h *Handle) BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) error {
-	return h.bridgeVlanModify(syscall.RTM_SETLINK, link, vid, pvid, untagged, self, master)
+	return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, pvid, untagged, self, master)
 }
 
 // BridgeVlanDel adds a new vlan filter entry
@@ -75,19 +75,19 @@ func BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) err
 // BridgeVlanDel adds a new vlan filter entry
 // Equivalent to: `bridge vlan del dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`
 func (h *Handle) BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) error {
-	return h.bridgeVlanModify(syscall.RTM_DELLINK, link, vid, pvid, untagged, self, master)
+	return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, pvid, untagged, self, master)
 }
 
 func (h *Handle) bridgeVlanModify(cmd int, link Link, vid uint16, pvid, untagged, self, master bool) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(cmd, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(cmd, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_BRIDGE)
+	msg := nl.NewIfInfomsg(unix.AF_BRIDGE)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	br := nl.NewRtAttr(nl.IFLA_AF_SPEC, nil)
+	br := nl.NewRtAttr(unix.IFLA_AF_SPEC, nil)
 	var flags uint16
 	if self {
 		flags |= nl.BRIDGE_FLAGS_SELF
@@ -96,7 +96,7 @@ func (h *Handle) bridgeVlanModify(cmd int, link Link, vid uint16, pvid, untagged
 		flags |= nl.BRIDGE_FLAGS_MASTER
 	}
 	if flags > 0 {
-		nl.NewRtAttrChild(br, nl.IFLA_BRIDGE_FLAGS, nl.Uint16Attr(flags))
+		br.AddRtAttr(nl.IFLA_BRIDGE_FLAGS, nl.Uint16Attr(flags))
 	}
 	vlanInfo := &nl.BridgeVlanInfo{Vid: vid}
 	if pvid {
@@ -105,11 +105,8 @@ func (h *Handle) bridgeVlanModify(cmd int, link Link, vid uint16, pvid, untagged
 	if untagged {
 		vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_UNTAGGED
 	}
-	nl.NewRtAttrChild(br, nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize())
+	br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize())
 	req.AddData(br)
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
-	if err != nil {
-		return err
-	}
-	return nil
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
 }
diff --git a/vendor/github.com/vishvananda/netlink/class.go b/vendor/github.com/vishvananda/netlink/class.go
index 8ee13af48eb98..dcc22d9e97efd 100644
--- a/vendor/github.com/vishvananda/netlink/class.go
+++ b/vendor/github.com/vishvananda/netlink/class.go
@@ -4,25 +4,76 @@ import (
 	"fmt"
 )
 
+// Class interfaces for all classes
 type Class interface {
 	Attrs() *ClassAttrs
 	Type() string
 }
 
+// Generic networking statistics for netlink users.
+// This file contains "gnet_" prefixed structs and relevant functions.
+// See Documentation/networking/getn_stats.txt in Linux source code for more details.
+
+// GnetStatsBasic Ref: struct gnet_stats_basic { ... }
+type GnetStatsBasic struct {
+	Bytes   uint64 // number of seen bytes
+	Packets uint32 // number of seen packets
+}
+
+// GnetStatsRateEst Ref: struct gnet_stats_rate_est { ... }
+type GnetStatsRateEst struct {
+	Bps uint32 // current byte rate
+	Pps uint32 // current packet rate
+}
+
+// GnetStatsRateEst64 Ref: struct gnet_stats_rate_est64 { ... }
+type GnetStatsRateEst64 struct {
+	Bps uint64 // current byte rate
+	Pps uint64 // current packet rate
+}
+
+// GnetStatsQueue Ref: struct gnet_stats_queue { ... }
+type GnetStatsQueue struct {
+	Qlen       uint32 // queue length
+	Backlog    uint32 // backlog size of queue
+	Drops      uint32 // number of dropped packets
+	Requeues   uint32 // number of requues
+	Overlimits uint32 // number of enqueues over the limit
+}
+
+// ClassStatistics representation based on generic networking statistics for netlink.
+// See Documentation/networking/gen_stats.txt in Linux source code for more details.
+type ClassStatistics struct {
+	Basic   *GnetStatsBasic
+	Queue   *GnetStatsQueue
+	RateEst *GnetStatsRateEst
+}
+
+// NewClassStatistics Construct a ClassStatistics struct which fields are all initialized by 0.
+func NewClassStatistics() *ClassStatistics {
+	return &ClassStatistics{
+		Basic:   &GnetStatsBasic{},
+		Queue:   &GnetStatsQueue{},
+		RateEst: &GnetStatsRateEst{},
+	}
+}
+
 // ClassAttrs represents a netlink class. A filter is associated with a link,
 // has a handle and a parent. The root filter of a device should have a
 // parent == HANDLE_ROOT.
 type ClassAttrs struct {
-	LinkIndex int
-	Handle    uint32
-	Parent    uint32
-	Leaf      uint32
+	LinkIndex  int
+	Handle     uint32
+	Parent     uint32
+	Leaf       uint32
+	Statistics *ClassStatistics
 }
 
 func (q ClassAttrs) String() string {
 	return fmt.Sprintf("{LinkIndex: %d, Handle: %s, Parent: %s, Leaf: %d}", q.LinkIndex, HandleStr(q.Handle), HandleStr(q.Parent), q.Leaf)
 }
 
+// HtbClassAttrs stores the attributes of HTB class
 type HtbClassAttrs struct {
 	// TODO handle all attributes
 	Rate    uint64
@@ -54,10 +105,12 @@ func (q HtbClass) String() string {
 	return fmt.Sprintf("{Rate: %d, Ceil: %d, Buffer: %d, Cbuffer: %d}", q.Rate, q.Ceil, q.Buffer, q.Cbuffer)
 }
 
+// Attrs returns the class attributes
 func (q *HtbClass) Attrs() *ClassAttrs {
 	return &q.ClassAttrs
 }
 
+// Type return the class type
 func (q *HtbClass) Type() string {
 	return "htb"
 }
@@ -69,10 +122,90 @@ type GenericClass struct {
 	ClassType string
 }
 
+// Attrs return the class attributes
 func (class *GenericClass) Attrs() *ClassAttrs {
 	return &class.ClassAttrs
 }
 
+// Type return the class type
 func (class *GenericClass) Type() string {
 	return class.ClassType
 }
+
+// ServiceCurve is the way the HFSC curve are represented
+type ServiceCurve struct {
+	m1 uint32
+	d  uint32
+	m2 uint32
+}
+
+// Attrs return the parameters of the service curve
+func (c *ServiceCurve) Attrs() (uint32, uint32, uint32) {
+	return c.m1, c.d, c.m2
+}
+
+// HfscClass is a representation of the HFSC class
+type HfscClass struct {
+	ClassAttrs
+	Rsc ServiceCurve
+	Fsc ServiceCurve
+	Usc ServiceCurve
+}
+
+// SetUsc sets the Usc curve
+func (hfsc *HfscClass) SetUsc(m1 uint32, d uint32, m2 uint32) {
+	hfsc.Usc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+}
+
+// SetFsc sets the Fsc curve
+func (hfsc *HfscClass) SetFsc(m1 uint32, d uint32, m2 uint32) {
+	hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+}
+
+// SetRsc sets the Rsc curve
+func (hfsc *HfscClass) SetRsc(m1 uint32, d uint32, m2 uint32) {
+	hfsc.Rsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+}
+
+// SetSC implements the SC from the tc CLI
+func (hfsc *HfscClass) SetSC(m1 uint32, d uint32, m2 uint32) {
+	hfsc.Rsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+	hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+}
+
+// SetUL implements the UL from the tc CLI
+func (hfsc *HfscClass) SetUL(m1 uint32, d uint32, m2 uint32) {
+	hfsc.Usc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+}
+
+// SetLS implements the LS from the tc CLI
+func (hfsc *HfscClass) SetLS(m1 uint32, d uint32, m2 uint32) {
+	hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+}
+
+// NewHfscClass returns a new HFSC struct with the set parameters
+func NewHfscClass(attrs ClassAttrs) *HfscClass {
+	return &HfscClass{
+		ClassAttrs: attrs,
+		Rsc:        ServiceCurve{},
+		Fsc:        ServiceCurve{},
+		Usc:        ServiceCurve{},
+	}
+}
+
+func (hfsc *HfscClass) String() string {
+	return fmt.Sprintf(
+		"{%s -- {RSC: {m1=%d d=%d m2=%d}} {FSC: {m1=%d d=%d m2=%d}} {USC: {m1=%d d=%d m2=%d}}}",
+		hfsc.Attrs(), hfsc.Rsc.m1*8, hfsc.Rsc.d, hfsc.Rsc.m2*8, hfsc.Fsc.m1*8, hfsc.Fsc.d, hfsc.Fsc.m2*8, hfsc.Usc.m1*8, hfsc.Usc.d, hfsc.Usc.m2*8,
+	)
+}
+
+// Attrs return the Hfsc parameters
+func (hfsc *HfscClass) Attrs() *ClassAttrs {
+	return &hfsc.ClassAttrs
+}
+
+// Type return the type of the class
+func (hfsc *HfscClass) Type() string {
+	return "hfsc"
+}
diff --git a/vendor/github.com/vishvananda/netlink/class_linux.go b/vendor/github.com/vishvananda/netlink/class_linux.go
index 91cd3883de908..31091e5010a3a 100644
--- a/vendor/github.com/vishvananda/netlink/class_linux.go
+++ b/vendor/github.com/vishvananda/netlink/class_linux.go
@@ -1,13 +1,34 @@
 package netlink
 
 import (
+	"bytes"
+	"encoding/binary"
+	"encoding/hex"
 	"errors"
+	"fmt"
 	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
-// NOTE: function is in here because it uses other linux functions
+// Internal tc_stats representation in Go struct.
+// This is for internal uses only to deserialize the payload of rtattr.
+// After the deserialization, this should be converted into the canonical stats
+// struct, ClassStatistics, in case of statistics of a class.
+// Ref: struct tc_stats { ... }
+type tcStats struct {
+	Bytes      uint64 // Number of enqueued bytes
+	Packets    uint32 // Number of enqueued packets
+	Drops      uint32 // Packets dropped because of lack of resources
+	Overlimits uint32 // Number of throttle events when this flow goes out of allocated bandwidth
+	Bps        uint32 // Current flow byte rate
+	Pps        uint32 // Current flow packet rate
+	Qlen       uint32
+	Backlog    uint32
+}
+
+// NewHtbClass NOTE: function is in here because it uses other linux functions
 func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass {
 	mtu := 1600
 	rate := cattrs.Rate / 8
@@ -50,7 +71,7 @@ func ClassDel(class Class) error {
 // ClassDel will delete a class from the system.
 // Equivalent to: `tc class del $class`
 func (h *Handle) ClassDel(class Class) error {
-	return h.classModify(syscall.RTM_DELTCLASS, 0, class)
+	return h.classModify(unix.RTM_DELTCLASS, 0, class)
 }
 
 // ClassChange will change a class in place
@@ -64,7 +85,7 @@ func ClassChange(class Class) error {
 // Equivalent to: `tc class change $class`
 // The parent and handle MUST NOT be changed.
 func (h *Handle) ClassChange(class Class) error {
-	return h.classModify(syscall.RTM_NEWTCLASS, 0, class)
+	return h.classModify(unix.RTM_NEWTCLASS, 0, class)
 }
 
 // ClassReplace will replace a class to the system.
@@ -82,7 +103,7 @@ func ClassReplace(class Class) error {
 // If a class already exist with this parent/handle pair, the class is changed.
 // If a class does not already exist with this parent/handle, a new class is created.
 func (h *Handle) ClassReplace(class Class) error {
-	return h.classModify(syscall.RTM_NEWTCLASS, syscall.NLM_F_CREATE, class)
+	return h.classModify(unix.RTM_NEWTCLASS, unix.NLM_F_CREATE, class)
 }
 
 // ClassAdd will add a class to the system.
@@ -95,14 +116,14 @@ func ClassAdd(class Class) error {
 // Equivalent to: `tc class add $class`
 func (h *Handle) ClassAdd(class Class) error {
 	return h.classModify(
-		syscall.RTM_NEWTCLASS,
-		syscall.NLM_F_CREATE|syscall.NLM_F_EXCL,
+		unix.RTM_NEWTCLASS,
+		unix.NLM_F_CREATE|unix.NLM_F_EXCL,
 		class,
 	)
 }
 
 func (h *Handle) classModify(cmd, flags int, class Class) error {
-	req := h.newNetlinkRequest(cmd, flags|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(cmd, flags|unix.NLM_F_ACK)
 	base := class.Attrs()
 	msg := &nl.TcMsg{
 		Family:  nl.FAMILY_ALL,
@@ -112,12 +133,12 @@ func (h *Handle) classModify(cmd, flags int, class Class) error {
 	}
 	req.AddData(msg)
 
-	if cmd != syscall.RTM_DELTCLASS {
+	if cmd != unix.RTM_DELTCLASS {
 		if err := classPayload(req, class); err != nil {
 			return err
 		}
 	}
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -125,7 +146,9 @@ func classPayload(req *nl.NetlinkRequest, class Class) error {
 	req.AddData(nl.NewRtAttr(nl.TCA_KIND, nl.ZeroTerminated(class.Type())))
 
 	options := nl.NewRtAttr(nl.TCA_OPTIONS, nil)
-	if htb, ok := class.(*HtbClass); ok {
+	switch class.Type() {
+	case "htb":
+		htb := class.(*HtbClass)
 		opt := nl.TcHtbCopt{}
 		opt.Buffer = htb.Buffer
 		opt.Cbuffer = htb.Cbuffer
@@ -141,18 +164,27 @@ func classPayload(req *nl.NetlinkRequest, class Class) error {
 		var rtab [256]uint32
 		var ctab [256]uint32
 		tcrate := nl.TcRateSpec{Rate: uint32(htb.Rate)}
-		if CalcRtable(&tcrate, rtab, cellLog, uint32(mtu), linklayer) < 0 {
+		if CalcRtable(&tcrate, rtab[:], cellLog, uint32(mtu), linklayer) < 0 {
 			return errors.New("HTB: failed to calculate rate table")
 		}
 		opt.Rate = tcrate
 		tcceil := nl.TcRateSpec{Rate: uint32(htb.Ceil)}
-		if CalcRtable(&tcceil, ctab, ccellLog, uint32(mtu), linklayer) < 0 {
+		if CalcRtable(&tcceil, ctab[:], ccellLog, uint32(mtu), linklayer) < 0 {
 			return errors.New("HTB: failed to calculate ceil rate table")
 		}
 		opt.Ceil = tcceil
-		nl.NewRtAttrChild(options, nl.TCA_HTB_PARMS, opt.Serialize())
-		nl.NewRtAttrChild(options, nl.TCA_HTB_RTAB, SerializeRtab(rtab))
-		nl.NewRtAttrChild(options, nl.TCA_HTB_CTAB, SerializeRtab(ctab))
+		options.AddRtAttr(nl.TCA_HTB_PARMS, opt.Serialize())
+		options.AddRtAttr(nl.TCA_HTB_RTAB, SerializeRtab(rtab))
+		options.AddRtAttr(nl.TCA_HTB_CTAB, SerializeRtab(ctab))
+	case "hfsc":
+		hfsc := class.(*HfscClass)
+		opt := nl.HfscCopt{}
+		opt.Rsc.Set(hfsc.Rsc.Attrs())
+		opt.Fsc.Set(hfsc.Fsc.Attrs())
+		opt.Usc.Set(hfsc.Usc.Attrs())
+		options.AddRtAttr(nl.TCA_HFSC_RSC, nl.SerializeHfscCurve(&opt.Rsc))
+		options.AddRtAttr(nl.TCA_HFSC_FSC, nl.SerializeHfscCurve(&opt.Fsc))
+		options.AddRtAttr(nl.TCA_HFSC_USC, nl.SerializeHfscCurve(&opt.Usc))
 	}
 	req.AddData(options)
 	return nil
@@ -169,7 +201,7 @@ func ClassList(link Link, parent uint32) ([]Class, error) {
 // Equivalent to: `tc class show`.
 // Generally returns nothing if link and parent are not specified.
 func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETTCLASS, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(unix.RTM_GETTCLASS, unix.NLM_F_DUMP)
 	msg := &nl.TcMsg{
 		Family: nl.FAMILY_ALL,
 		Parent: parent,
@@ -181,7 +213,7 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
 	}
 	req.AddData(msg)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWTCLASS)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTCLASS)
 	if err != nil {
 		return nil, err
 	}
@@ -196,9 +228,10 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
 		}
 
 		base := ClassAttrs{
-			LinkIndex: int(msg.Ifindex),
-			Handle:    msg.Handle,
-			Parent:    msg.Parent,
+			LinkIndex:  int(msg.Ifindex),
+			Handle:     msg.Handle,
+			Parent:     msg.Parent,
+			Statistics: nil,
 		}
 
 		var class Class
@@ -210,6 +243,8 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
 				switch classType {
 				case "htb":
 					class = &HtbClass{}
+				case "hfsc":
+					class = &HfscClass{}
 				default:
 					class = &GenericClass{ClassType: classType}
 				}
@@ -224,6 +259,26 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
 					if err != nil {
 						return nil, err
 					}
+				case "hfsc":
+					data, err := nl.ParseRouteAttr(attr.Value)
+					if err != nil {
+						return nil, err
+					}
+					_, err = parseHfscClassData(class, data)
+					if err != nil {
+						return nil, err
+					}
+				}
+			// For backward compatibility.
+			case nl.TCA_STATS:
+				base.Statistics, err = parseTcStats(attr.Value)
+				if err != nil {
+					return nil, err
+				}
+			case nl.TCA_STATS2:
+				base.Statistics, err = parseTcStats2(attr.Value)
+				if err != nil {
+					return nil, err
 				}
 			}
 		}
@@ -252,3 +307,78 @@ func parseHtbClassData(class Class, data []syscall.NetlinkRouteAttr) (bool, erro
 	}
 	return detailed, nil
 }
+
+func parseHfscClassData(class Class, data []syscall.NetlinkRouteAttr) (bool, error) {
+	hfsc := class.(*HfscClass)
+	detailed := false
+	for _, datum := range data {
+		m1, d, m2 := nl.DeserializeHfscCurve(datum.Value).Attrs()
+		switch datum.Attr.Type {
+		case nl.TCA_HFSC_RSC:
+			hfsc.Rsc = ServiceCurve{m1: m1, d: d, m2: m2}
+		case nl.TCA_HFSC_FSC:
+			hfsc.Fsc = ServiceCurve{m1: m1, d: d, m2: m2}
+		case nl.TCA_HFSC_USC:
+			hfsc.Usc = ServiceCurve{m1: m1, d: d, m2: m2}
+		}
+	}
+	return detailed, nil
+}
+
+func parseTcStats(data []byte) (*ClassStatistics, error) {
+	buf := &bytes.Buffer{}
+	buf.Write(data)
+	native := nl.NativeEndian()
+	tcStats := &tcStats{}
+	if err := binary.Read(buf, native, tcStats); err != nil {
+		return nil, err
+	}
+
+	stats := NewClassStatistics()
+	stats.Basic.Bytes = tcStats.Bytes
+	stats.Basic.Packets = tcStats.Packets
+	stats.Queue.Qlen = tcStats.Qlen
+	stats.Queue.Backlog = tcStats.Backlog
+	stats.Queue.Drops = tcStats.Drops
+	stats.Queue.Overlimits = tcStats.Overlimits
+	stats.RateEst.Bps = tcStats.Bps
+	stats.RateEst.Pps = tcStats.Pps
+
+	return stats, nil
+}
+
+func parseGnetStats(data []byte, gnetStats interface{}) error {
+	buf := &bytes.Buffer{}
+	buf.Write(data)
+	native := nl.NativeEndian()
+	return binary.Read(buf, native, gnetStats)
+}
+
+func parseTcStats2(data []byte) (*ClassStatistics, error) {
+	rtAttrs, err := nl.ParseRouteAttr(data)
+	if err != nil {
+		return nil, err
+	}
+	stats := NewClassStatistics()
+	for _, datum := range rtAttrs {
+		switch datum.Attr.Type {
+		case nl.TCA_STATS_BASIC:
+			if err := parseGnetStats(datum.Value, stats.Basic); err != nil {
+				return nil, fmt.Errorf("Failed to parse ClassStatistics.Basic with: %v\n%s",
+					err, hex.Dump(datum.Value))
+			}
+		case nl.TCA_STATS_QUEUE:
+			if err := parseGnetStats(datum.Value, stats.Queue); err != nil {
+				return nil, fmt.Errorf("Failed to parse ClassStatistics.Queue with: %v\n%s",
+					err, hex.Dump(datum.Value))
+			}
+		case nl.TCA_STATS_RATE_EST:
+			if err := parseGnetStats(datum.Value, stats.RateEst); err != nil {
+				return nil, fmt.Errorf("Failed to parse ClassStatistics.RateEst with: %v\n%s",
+					err, hex.Dump(datum.Value))
+			}
+		}
+	}
+
+	return stats, nil
+}
diff --git a/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
index ecf0445659091..4bff0dcbab03c 100644
--- a/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
@@ -6,9 +6,9 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 // ConntrackTableType Conntrack table for the netlink operation
@@ -22,11 +22,7 @@ const (
 	// https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter/nfnetlink.h -> #define NFNL_SUBSYS_CTNETLINK_EXP 2
 	ConntrackExpectTable = 2
 )
-const (
-	// For Parsing Mark
-	TCP_PROTO = 6
-	UDP_PROTO = 17
-)
+
 const (
 	// backward compatibility with golang 1.6 which does not have io.SeekCurrent
 	seekCurrent = 1
@@ -85,8 +81,8 @@ func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily)
 // conntrack -F [table]            Flush table
 // The flush operation applies to all the family types
 func (h *Handle) ConntrackTableFlush(table ConntrackTableType) error {
-	req := h.newConntrackRequest(table, syscall.AF_INET, nl.IPCTNL_MSG_CT_DELETE, syscall.NLM_F_ACK)
-	_, err := req.Execute(syscall.NETLINK_NETFILTER, 0)
+	req := h.newConntrackRequest(table, unix.AF_INET, nl.IPCTNL_MSG_CT_DELETE, unix.NLM_F_ACK)
+	_, err := req.Execute(unix.NETLINK_NETFILTER, 0)
 	return err
 }
 
@@ -102,10 +98,10 @@ func (h *Handle) ConntrackDeleteFilter(table ConntrackTableType, family InetFami
 	for _, dataRaw := range res {
 		flow := parseRawData(dataRaw)
 		if match := filter.MatchConntrackFlow(flow); match {
-			req2 := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_DELETE, syscall.NLM_F_ACK)
+			req2 := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_DELETE, unix.NLM_F_ACK)
 			// skip the first 4 byte that are the netfilter header, the newConntrackRequest is adding it already
 			req2.AddRawData(dataRaw[4:])
-			req2.Execute(syscall.NETLINK_NETFILTER, 0)
+			req2.Execute(unix.NETLINK_NETFILTER, 0)
 			matched++
 		}
 	}
@@ -127,19 +123,21 @@ func (h *Handle) newConntrackRequest(table ConntrackTableType, family InetFamily
 }
 
 func (h *Handle) dumpConntrackTable(table ConntrackTableType, family InetFamily) ([][]byte, error) {
-	req := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_GET, syscall.NLM_F_DUMP)
-	return req.Execute(syscall.NETLINK_NETFILTER, 0)
+	req := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_GET, unix.NLM_F_DUMP)
+	return req.Execute(unix.NETLINK_NETFILTER, 0)
 }
 
 // The full conntrack flow structure is very complicated and can be found in the file:
 // http://git.netfilter.org/libnetfilter_conntrack/tree/include/internal/object.h
 // For the time being, the structure below allows to parse and extract the base information of a flow
 type ipTuple struct {
-	SrcIP    net.IP
+	Bytes    uint64
 	DstIP    net.IP
+	DstPort  uint16
+	Packets  uint64
 	Protocol uint8
+	SrcIP    net.IP
 	SrcPort  uint16
-	DstPort  uint16
 }
 
 type ConntrackFlow struct {
@@ -151,11 +149,12 @@ type ConntrackFlow struct {
 
 func (s *ConntrackFlow) String() string {
 	// conntrack cmd output:
-	// udp      17 src=127.0.0.1 dst=127.0.0.1 sport=4001 dport=1234 [UNREPLIED] src=127.0.0.1 dst=127.0.0.1 sport=1234 dport=4001 mark=0
-	return fmt.Sprintf("%s\t%d src=%s dst=%s sport=%d dport=%d\tsrc=%s dst=%s sport=%d dport=%d mark=%d",
+	// udp      17 src=127.0.0.1 dst=127.0.0.1 sport=4001 dport=1234 packets=5 bytes=532 [UNREPLIED] src=127.0.0.1 dst=127.0.0.1 sport=1234 dport=4001 packets=10 bytes=1078 mark=0
+	return fmt.Sprintf("%s\t%d src=%s dst=%s sport=%d dport=%d packets=%d bytes=%d\tsrc=%s dst=%s sport=%d dport=%d packets=%d bytes=%d mark=%d",
 		nl.L4ProtoMap[s.Forward.Protocol], s.Forward.Protocol,
-		s.Forward.SrcIP.String(), s.Forward.DstIP.String(), s.Forward.SrcPort, s.Forward.DstPort,
-		s.Reverse.SrcIP.String(), s.Reverse.DstIP.String(), s.Reverse.SrcPort, s.Reverse.DstPort, s.Mark)
+		s.Forward.SrcIP.String(), s.Forward.DstIP.String(), s.Forward.SrcPort, s.Forward.DstPort, s.Forward.Packets, s.Forward.Bytes,
+		s.Reverse.SrcIP.String(), s.Reverse.DstIP.String(), s.Reverse.SrcPort, s.Reverse.DstPort, s.Reverse.Packets, s.Reverse.Bytes,
+		s.Mark)
 }
 
 // This method parse the ip tuple structure
@@ -220,9 +219,35 @@ func parseBERaw16(r *bytes.Reader, v *uint16) {
 	binary.Read(r, binary.BigEndian, v)
 }
 
+func parseBERaw32(r *bytes.Reader, v *uint32) {
+	binary.Read(r, binary.BigEndian, v)
+}
+
+func parseBERaw64(r *bytes.Reader, v *uint64) {
+	binary.Read(r, binary.BigEndian, v)
+}
+
+func parseByteAndPacketCounters(r *bytes.Reader) (bytes, packets uint64) {
+	for i := 0; i < 2; i++ {
+		switch _, t, _ := parseNfAttrTL(r); t {
+		case nl.CTA_COUNTERS_BYTES:
+			parseBERaw64(r, &bytes)
+		case nl.CTA_COUNTERS_PACKETS:
+			parseBERaw64(r, &packets)
+		default:
+			return
+		}
+	}
+	return
+}
+
+func parseConnectionMark(r *bytes.Reader) (mark uint32) {
+	parseBERaw32(r, &mark)
+	return
+}
+
 func parseRawData(data []byte) *ConntrackFlow {
 	s := &ConntrackFlow{}
-	var proto uint8
 	// First there is the Nfgenmsg header
 	// consume only the family field
 	reader := bytes.NewReader(data)
@@ -238,36 +263,31 @@ func parseRawData(data []byte) *ConntrackFlow {
 	// <len, NLA_F_NESTED|CTA_TUPLE_IP> 4 bytes
 	// flow information of the reverse flow
 	for reader.Len() > 0 {
-		nested, t, l := parseNfAttrTL(reader)
-		if nested && t == nl.CTA_TUPLE_ORIG {
-			if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
-				proto = parseIpTuple(reader, &s.Forward)
+		if nested, t, l := parseNfAttrTL(reader); nested {
+			switch t {
+			case nl.CTA_TUPLE_ORIG:
+				if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
+					parseIpTuple(reader, &s.Forward)
+				}
+			case nl.CTA_TUPLE_REPLY:
+				if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
+					parseIpTuple(reader, &s.Reverse)
+				} else {
+					// Header not recognized skip it
+					reader.Seek(int64(l), seekCurrent)
+				}
+			case nl.CTA_COUNTERS_ORIG:
+				s.Forward.Bytes, s.Forward.Packets = parseByteAndPacketCounters(reader)
+			case nl.CTA_COUNTERS_REPLY:
+				s.Reverse.Bytes, s.Reverse.Packets = parseByteAndPacketCounters(reader)
 			}
-		} else if nested && t == nl.CTA_TUPLE_REPLY {
-			if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
-				parseIpTuple(reader, &s.Reverse)
-
-				// Got all the useful information stop parsing
-				break
-			} else {
-				// Header not recognized skip it
-				reader.Seek(int64(l), seekCurrent)
+		} else {
+			switch t {
+			case nl.CTA_MARK:
+				s.Mark = parseConnectionMark(reader)
 			}
 		}
 	}
-	if proto == TCP_PROTO {
-		reader.Seek(64, seekCurrent)
-		_, t, _, v := parseNfAttrTLV(reader)
-		if t == nl.CTA_MARK {
-			s.Mark = uint32(v[3])
-		}
-	} else if proto == UDP_PROTO {
-		reader.Seek(16, seekCurrent)
-		_, t, _, v := parseNfAttrTLV(reader)
-		if t == nl.CTA_MARK {
-			s.Mark = uint32(v[3])
-		}
-	}
 	return s
 }
 
@@ -285,7 +305,7 @@ func parseRawData(data []byte) *ConntrackFlow {
 // Common parameters and options:
 //   -s, --src, --orig-src ip              Source address from original direction
 //   -d, --dst, --orig-dst ip              Destination address from original direction
-//   -r, --reply-src ip            Source addres from reply direction
+//   -r, --reply-src ip            Source address from reply direction
 //   -q, --reply-dst ip            Destination address from reply direction
 //   -p, --protonum proto          Layer 4 Protocol, eg. 'tcp'
 //   -f, --family proto            Layer 3 Protocol, eg. 'ipv6'
@@ -302,11 +322,14 @@ func parseRawData(data []byte) *ConntrackFlow {
 type ConntrackFilterType uint8
 
 const (
-	ConntrackOrigSrcIP = iota // -orig-src ip   Source address from original direction
-	ConntrackOrigDstIP        // -orig-dst ip   Destination address from original direction
-	ConntrackNatSrcIP         // -src-nat ip    Source NAT ip
-	ConntrackNatDstIP         // -dst-nat ip    Destination NAT ip
-	ConntrackNatAnyIP         // -any-nat ip    Source or destination NAT ip
+	ConntrackOrigSrcIP  = iota                // -orig-src ip    Source address from original direction
+	ConntrackOrigDstIP                        // -orig-dst ip    Destination address from original direction
+	ConntrackReplySrcIP                       // --reply-src ip  Reply Source IP
+	ConntrackReplyDstIP                       // --reply-dst ip  Reply Destination IP
+	ConntrackReplyAnyIP                       // Match source or destination reply IP
+	ConntrackNatSrcIP   = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP
+	ConntrackNatDstIP   = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP
+	ConntrackNatAnyIP   = ConntrackReplyAnyIP // deprecated use instaed ConntrackReplyAnyIP
 )
 
 type CustomConntrackFilter interface {
@@ -351,17 +374,17 @@ func (f *ConntrackFilter) MatchConntrackFlow(flow *ConntrackFlow) bool {
 	}
 
 	// -src-nat ip    Source NAT ip
-	if elem, found := f.ipFilter[ConntrackNatSrcIP]; match && found {
+	if elem, found := f.ipFilter[ConntrackReplySrcIP]; match && found {
 		match = match && elem.Equal(flow.Reverse.SrcIP)
 	}
 
 	// -dst-nat ip    Destination NAT ip
-	if elem, found := f.ipFilter[ConntrackNatDstIP]; match && found {
+	if elem, found := f.ipFilter[ConntrackReplyDstIP]; match && found {
 		match = match && elem.Equal(flow.Reverse.DstIP)
 	}
 
-	// -any-nat ip    Source or destination NAT ip
-	if elem, found := f.ipFilter[ConntrackNatAnyIP]; match && found {
+	// Match source or destination reply IP
+	if elem, found := f.ipFilter[ConntrackReplyAnyIP]; match && found {
 		match = match && (elem.Equal(flow.Reverse.SrcIP) || elem.Equal(flow.Reverse.DstIP))
 	}
 
diff --git a/vendor/github.com/vishvananda/netlink/devlink_linux.go b/vendor/github.com/vishvananda/netlink/devlink_linux.go
new file mode 100644
index 0000000000000..29b3f8ec1d2e2
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/devlink_linux.go
@@ -0,0 +1,272 @@
+package netlink
+
+import (
+	"syscall"
+
+	"fmt"
+	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
+)
+
+// DevlinkDevEswitchAttr represents device's eswitch attributes
+type DevlinkDevEswitchAttr struct {
+	Mode       string
+	InlineMode string
+	EncapMode  string
+}
+
+// DevlinkDevAttrs represents device attributes
+type DevlinkDevAttrs struct {
+	Eswitch DevlinkDevEswitchAttr
+}
+
+// DevlinkDevice represents device and its attributes
+type DevlinkDevice struct {
+	BusName    string
+	DeviceName string
+	Attrs      DevlinkDevAttrs
+}
+
+func parseDevLinkDeviceList(msgs [][]byte) ([]*DevlinkDevice, error) {
+	devices := make([]*DevlinkDevice, 0, len(msgs))
+	for _, m := range msgs {
+		attrs, err := nl.ParseRouteAttr(m[nl.SizeofGenlmsg:])
+		if err != nil {
+			return nil, err
+		}
+		dev := &DevlinkDevice{}
+		if err = dev.parseAttributes(attrs); err != nil {
+			return nil, err
+		}
+		devices = append(devices, dev)
+	}
+	return devices, nil
+}
+
+func eswitchStringToMode(modeName string) (uint16, error) {
+	if modeName == "legacy" {
+		return nl.DEVLINK_ESWITCH_MODE_LEGACY, nil
+	} else if modeName == "switchdev" {
+		return nl.DEVLINK_ESWITCH_MODE_SWITCHDEV, nil
+	} else {
+		return 0xffff, fmt.Errorf("invalid switchdev mode")
+	}
+}
+
+func parseEswitchMode(mode uint16) string {
+	var eswitchMode = map[uint16]string{
+		nl.DEVLINK_ESWITCH_MODE_LEGACY:    "legacy",
+		nl.DEVLINK_ESWITCH_MODE_SWITCHDEV: "switchdev",
+	}
+	if eswitchMode[mode] == "" {
+		return "unknown"
+	} else {
+		return eswitchMode[mode]
+	}
+}
+
+func parseEswitchInlineMode(inlinemode uint8) string {
+	var eswitchInlineMode = map[uint8]string{
+		nl.DEVLINK_ESWITCH_INLINE_MODE_NONE:      "none",
+		nl.DEVLINK_ESWITCH_INLINE_MODE_LINK:      "link",
+		nl.DEVLINK_ESWITCH_INLINE_MODE_NETWORK:   "network",
+		nl.DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT: "transport",
+	}
+	if eswitchInlineMode[inlinemode] == "" {
+		return "unknown"
+	} else {
+		return eswitchInlineMode[inlinemode]
+	}
+}
+
+func parseEswitchEncapMode(encapmode uint8) string {
+	var eswitchEncapMode = map[uint8]string{
+		nl.DEVLINK_ESWITCH_ENCAP_MODE_NONE:  "disable",
+		nl.DEVLINK_ESWITCH_ENCAP_MODE_BASIC: "enable",
+	}
+	if eswitchEncapMode[encapmode] == "" {
+		return "unknown"
+	} else {
+		return eswitchEncapMode[encapmode]
+	}
+}
+
+func (d *DevlinkDevice) parseAttributes(attrs []syscall.NetlinkRouteAttr) error {
+	for _, a := range attrs {
+		switch a.Attr.Type {
+		case nl.DEVLINK_ATTR_BUS_NAME:
+			d.BusName = string(a.Value)
+		case nl.DEVLINK_ATTR_DEV_NAME:
+			d.DeviceName = string(a.Value)
+		case nl.DEVLINK_ATTR_ESWITCH_MODE:
+			d.Attrs.Eswitch.Mode = parseEswitchMode(native.Uint16(a.Value))
+		case nl.DEVLINK_ATTR_ESWITCH_INLINE_MODE:
+			d.Attrs.Eswitch.InlineMode = parseEswitchInlineMode(uint8(a.Value[0]))
+		case nl.DEVLINK_ATTR_ESWITCH_ENCAP_MODE:
+			d.Attrs.Eswitch.EncapMode = parseEswitchEncapMode(uint8(a.Value[0]))
+		}
+	}
+	return nil
+}
+
+func (dev *DevlinkDevice) parseEswitchAttrs(msgs [][]byte) {
+	m := msgs[0]
+	attrs, err := nl.ParseRouteAttr(m[nl.SizeofGenlmsg:])
+	if err != nil {
+		return
+	}
+	dev.parseAttributes(attrs)
+}
+
+func (h *Handle) getEswitchAttrs(family *GenlFamily, dev *DevlinkDevice) {
+	msg := &nl.Genlmsg{
+		Command: nl.DEVLINK_CMD_ESWITCH_GET,
+		Version: nl.GENL_DEVLINK_VERSION,
+	}
+	req := h.newNetlinkRequest(int(family.ID), unix.NLM_F_REQUEST|unix.NLM_F_ACK)
+	req.AddData(msg)
+
+	b := make([]byte, len(dev.BusName))
+	copy(b, dev.BusName)
+	data := nl.NewRtAttr(nl.DEVLINK_ATTR_BUS_NAME, b)
+	req.AddData(data)
+
+	b = make([]byte, len(dev.DeviceName))
+	copy(b, dev.DeviceName)
+	data = nl.NewRtAttr(nl.DEVLINK_ATTR_DEV_NAME, b)
+	req.AddData(data)
+
+	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
+	if err != nil {
+		return
+	}
+	dev.parseEswitchAttrs(msgs)
+}
+
+// DevLinkGetDeviceList provides a pointer to devlink devices and nil error,
+// otherwise returns an error code.
+func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
+	f, err := h.GenlFamilyGet(nl.GENL_DEVLINK_NAME)
+	if err != nil {
+		return nil, err
+	}
+	msg := &nl.Genlmsg{
+		Command: nl.DEVLINK_CMD_GET,
+		Version: nl.GENL_DEVLINK_VERSION,
+	}
+	req := h.newNetlinkRequest(int(f.ID),
+		unix.NLM_F_REQUEST|unix.NLM_F_ACK|unix.NLM_F_DUMP)
+	req.AddData(msg)
+	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
+	if err != nil {
+		return nil, err
+	}
+	devices, err := parseDevLinkDeviceList(msgs)
+	if err != nil {
+		return nil, err
+	}
+	for _, d := range devices {
+		h.getEswitchAttrs(f, d)
+	}
+	return devices, nil
+}
+
+// DevLinkGetDeviceList provides a pointer to devlink devices and nil error,
+// otherwise returns an error code.
+func DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
+	return pkgHandle.DevLinkGetDeviceList()
+}
+
+func parseDevlinkDevice(msgs [][]byte) (*DevlinkDevice, error) {
+	m := msgs[0]
+	attrs, err := nl.ParseRouteAttr(m[nl.SizeofGenlmsg:])
+	if err != nil {
+		return nil, err
+	}
+	dev := &DevlinkDevice{}
+	if err = dev.parseAttributes(attrs); err != nil {
+		return nil, err
+	}
+	return dev, nil
+}
+
+func (h *Handle) createCmdReq(cmd uint8, bus string, device string) (*GenlFamily, *nl.NetlinkRequest, error) {
+	f, err := h.GenlFamilyGet(nl.GENL_DEVLINK_NAME)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	msg := &nl.Genlmsg{
+		Command: cmd,
+		Version: nl.GENL_DEVLINK_VERSION,
+	}
+	req := h.newNetlinkRequest(int(f.ID),
+		unix.NLM_F_REQUEST|unix.NLM_F_ACK)
+	req.AddData(msg)
+
+	b := make([]byte, len(bus)+1)
+	copy(b, bus)
+	data := nl.NewRtAttr(nl.DEVLINK_ATTR_BUS_NAME, b)
+	req.AddData(data)
+
+	b = make([]byte, len(device)+1)
+	copy(b, device)
+	data = nl.NewRtAttr(nl.DEVLINK_ATTR_DEV_NAME, b)
+	req.AddData(data)
+
+	return f, req, nil
+}
+
+// DevlinkGetDeviceByName provides a pointer to devlink device and nil error,
+// otherwise returns an error code.
+func (h *Handle) DevLinkGetDeviceByName(Bus string, Device string) (*DevlinkDevice, error) {
+	f, req, err := h.createCmdReq(nl.DEVLINK_CMD_GET, Bus, Device)
+	if err != nil {
+		return nil, err
+	}
+
+	respmsg, err := req.Execute(unix.NETLINK_GENERIC, 0)
+	if err != nil {
+		return nil, err
+	}
+	dev, err := parseDevlinkDevice(respmsg)
+	if err == nil {
+		h.getEswitchAttrs(f, dev)
+	}
+	return dev, err
+}
+
+// DevlinkGetDeviceByName provides a pointer to devlink device and nil error,
+// otherwise returns an error code.
+func DevLinkGetDeviceByName(Bus string, Device string) (*DevlinkDevice, error) {
+	return pkgHandle.DevLinkGetDeviceByName(Bus, Device)
+}
+
+// DevLinkSetEswitchMode sets eswitch mode if able to set successfully or
+// returns an error code.
+// Equivalent to: `devlink dev eswitch set $dev mode switchdev`
+// Equivalent to: `devlink dev eswitch set $dev mode legacy`
+func (h *Handle) DevLinkSetEswitchMode(Dev *DevlinkDevice, NewMode string) error {
+	mode, err := eswitchStringToMode(NewMode)
+	if err != nil {
+		return err
+	}
+
+	_, req, err := h.createCmdReq(nl.DEVLINK_CMD_ESWITCH_SET, Dev.BusName, Dev.DeviceName)
+	if err != nil {
+		return err
+	}
+
+	req.AddData(nl.NewRtAttr(nl.DEVLINK_ATTR_ESWITCH_MODE, nl.Uint16Attr(mode)))
+
+	_, err = req.Execute(unix.NETLINK_GENERIC, 0)
+	return err
+}
+
+// DevLinkSetEswitchMode sets eswitch mode if able to set successfully or
+// returns an error code.
+// Equivalent to: `devlink dev eswitch set $dev mode switchdev`
+// Equivalent to: `devlink dev eswitch set $dev mode legacy`
+func DevLinkSetEswitchMode(Dev *DevlinkDevice, NewMode string) error {
+	return pkgHandle.DevLinkSetEswitchMode(Dev, NewMode)
+}
diff --git a/vendor/github.com/vishvananda/netlink/filter.go b/vendor/github.com/vishvananda/netlink/filter.go
index 1120c79d6a9bd..88792eab0ee7a 100644
--- a/vendor/github.com/vishvananda/netlink/filter.go
+++ b/vendor/github.com/vishvananda/netlink/filter.go
@@ -2,6 +2,7 @@ package netlink
 
 import (
 	"fmt"
+	"net"
 )
 
 type Filter interface {
@@ -17,7 +18,7 @@ type FilterAttrs struct {
 	Handle    uint32
 	Parent    uint32
 	Priority  uint16 // lower is higher priority
-	Protocol  uint16 // syscall.ETH_P_*
+	Protocol  uint16 // unix.ETH_P_*
 }
 
 func (q FilterAttrs) String() string {
@@ -135,6 +136,27 @@ func (action *BpfAction) Attrs() *ActionAttrs {
 	return &action.ActionAttrs
 }
 
+type ConnmarkAction struct {
+	ActionAttrs
+	Zone uint16
+}
+
+func (action *ConnmarkAction) Type() string {
+	return "connmark"
+}
+
+func (action *ConnmarkAction) Attrs() *ActionAttrs {
+	return &action.ActionAttrs
+}
+
+func NewConnmarkAction() *ConnmarkAction {
+	return &ConnmarkAction{
+		ActionAttrs: ActionAttrs{
+			Action: TC_ACT_PIPE,
+		},
+	}
+}
+
 type MirredAct uint8
 
 func (a MirredAct) String() string {
@@ -182,47 +204,74 @@ func NewMirredAction(redirIndex int) *MirredAction {
 	}
 }
 
-// Sel of the U32 filters that contains multiple TcU32Key. This is the copy
-// and the frontend representation of nl.TcU32Sel. It is serialized into canonical
-// nl.TcU32Sel with the appropriate endianness.
-type TcU32Sel struct {
-	Flags    uint8
-	Offshift uint8
-	Nkeys    uint8
-	Pad      uint8
-	Offmask  uint16
-	Off      uint16
-	Offoff   int16
-	Hoff     int16
-	Hmask    uint32
-	Keys     []TcU32Key
-}
-
-// TcU32Key contained of Sel in the U32 filters. This is the copy and the frontend
-// representation of nl.TcU32Key. It is serialized into chanonical nl.TcU32Sel
-// with the appropriate endianness.
-type TcU32Key struct {
-	Mask    uint32
-	Val     uint32
-	Off     int32
-	OffMask int32
-}
-
-// U32 filters on many packet related properties
-type U32 struct {
+type TunnelKeyAct int8
+
+const (
+	TCA_TUNNEL_KEY_SET   TunnelKeyAct = 1 // set tunnel key
+	TCA_TUNNEL_KEY_UNSET TunnelKeyAct = 2 // unset tunnel key
+)
+
+type TunnelKeyAction struct {
+	ActionAttrs
+	Action  TunnelKeyAct
+	SrcAddr net.IP
+	DstAddr net.IP
+	KeyID   uint32
+}
+
+func (action *TunnelKeyAction) Type() string {
+	return "tunnel_key"
+}
+
+func (action *TunnelKeyAction) Attrs() *ActionAttrs {
+	return &action.ActionAttrs
+}
+
+func NewTunnelKeyAction() *TunnelKeyAction {
+	return &TunnelKeyAction{
+		ActionAttrs: ActionAttrs{
+			Action: TC_ACT_PIPE,
+		},
+	}
+}
+
+type SkbEditAction struct {
+	ActionAttrs
+	QueueMapping *uint16
+	PType        *uint16
+	Priority     *uint32
+	Mark         *uint32
+}
+
+func (action *SkbEditAction) Type() string {
+	return "skbedit"
+}
+
+func (action *SkbEditAction) Attrs() *ActionAttrs {
+	return &action.ActionAttrs
+}
+
+func NewSkbEditAction() *SkbEditAction {
+	return &SkbEditAction{
+		ActionAttrs: ActionAttrs{
+			Action: TC_ACT_PIPE,
+		},
+	}
+}
+
+// MatchAll filters match all packets
+type MatchAll struct {
 	FilterAttrs
-	ClassId    uint32
-	RedirIndex int
-	Sel        *TcU32Sel
-	Actions    []Action
+	ClassId uint32
+	Actions []Action
 }
 
-func (filter *U32) Attrs() *FilterAttrs {
+func (filter *MatchAll) Attrs() *FilterAttrs {
 	return &filter.FilterAttrs
 }
 
-func (filter *U32) Type() string {
-	return "u32"
+func (filter *MatchAll) Type() string {
+	return "matchall"
 }
 
 type FilterFwAttrs struct {
@@ -247,6 +296,8 @@ type BpfFilter struct {
 	Fd           int
 	Name         string
 	DirectAction bool
+	Id           int
+	Tag          string
 }
 
 func (filter *BpfFilter) Type() string {
diff --git a/vendor/github.com/vishvananda/netlink/filter_linux.go b/vendor/github.com/vishvananda/netlink/filter_linux.go
index 5025bd56c1b31..c56f314cd3ffb 100644
--- a/vendor/github.com/vishvananda/netlink/filter_linux.go
+++ b/vendor/github.com/vishvananda/netlink/filter_linux.go
@@ -3,12 +3,14 @@ package netlink
 import (
 	"bytes"
 	"encoding/binary"
+	"encoding/hex"
 	"errors"
 	"fmt"
+	"net"
 	"syscall"
-	"unsafe"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 // Constants used in TcU32Sel.Flags.
@@ -19,6 +21,35 @@ const (
 	TC_U32_EAT       = nl.TC_U32_EAT
 )
 
+// Sel of the U32 filters that contains multiple TcU32Key. This is the type
+// alias and the frontend representation of nl.TcU32Sel. It is serialized into
+// canonical nl.TcU32Sel with the appropriate endianness.
+type TcU32Sel = nl.TcU32Sel
+
+// TcU32Key contained of Sel in the U32 filters. This is the type alias and the
+// frontend representation of nl.TcU32Key. It is serialized into chanonical
+// nl.TcU32Sel with the appropriate endianness.
+type TcU32Key = nl.TcU32Key
+
+// U32 filters on many packet related properties
+type U32 struct {
+	FilterAttrs
+	ClassId    uint32
+	Divisor    uint32 // Divisor MUST be power of 2.
+	Hash       uint32
+	RedirIndex int
+	Sel        *TcU32Sel
+	Actions    []Action
+}
+
+func (filter *U32) Attrs() *FilterAttrs {
+	return &filter.FilterAttrs
+}
+
+func (filter *U32) Type() string {
+	return "u32"
+}
+
 // Fw filter filters on firewall marks
 // NOTE: this is in filter_linux because it refers to nl.TcPolice which
 //       is defined in nl/tc_linux.go
@@ -55,7 +86,7 @@ func NewFw(attrs FilterAttrs, fattrs FilterFwAttrs) (*Fw, error) {
 	if police.Rate.Rate != 0 {
 		police.Rate.Mpu = fattrs.Mpu
 		police.Rate.Overhead = fattrs.Overhead
-		if CalcRtable(&police.Rate, rtab, rcellLog, fattrs.Mtu, linklayer) < 0 {
+		if CalcRtable(&police.Rate, rtab[:], rcellLog, fattrs.Mtu, linklayer) < 0 {
 			return nil, errors.New("TBF: failed to calculate rate table")
 		}
 		police.Burst = uint32(Xmittime(uint64(police.Rate.Rate), uint32(buffer)))
@@ -64,7 +95,7 @@ func NewFw(attrs FilterAttrs, fattrs FilterFwAttrs) (*Fw, error) {
 	if police.PeakRate.Rate != 0 {
 		police.PeakRate.Mpu = fattrs.Mpu
 		police.PeakRate.Overhead = fattrs.Overhead
-		if CalcRtable(&police.PeakRate, ptab, pcellLog, fattrs.Mtu, linklayer) < 0 {
+		if CalcRtable(&police.PeakRate, ptab[:], pcellLog, fattrs.Mtu, linklayer) < 0 {
 			return nil, errors.New("POLICE: failed to calculate peak rate table")
 		}
 	}
@@ -98,7 +129,7 @@ func FilterDel(filter Filter) error {
 // FilterDel will delete a filter from the system.
 // Equivalent to: `tc filter del $filter`
 func (h *Handle) FilterDel(filter Filter) error {
-	req := h.newNetlinkRequest(syscall.RTM_DELTFILTER, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_DELTFILTER, unix.NLM_F_ACK)
 	base := filter.Attrs()
 	msg := &nl.TcMsg{
 		Family:  nl.FAMILY_ALL,
@@ -109,7 +140,7 @@ func (h *Handle) FilterDel(filter Filter) error {
 	}
 	req.AddData(msg)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -122,8 +153,24 @@ func FilterAdd(filter Filter) error {
 // FilterAdd will add a filter to the system.
 // Equivalent to: `tc filter add $filter`
 func (h *Handle) FilterAdd(filter Filter) error {
+	return h.filterModify(filter, unix.NLM_F_CREATE|unix.NLM_F_EXCL)
+}
+
+// FilterReplace will replace a filter.
+// Equivalent to: `tc filter replace $filter`
+func FilterReplace(filter Filter) error {
+	return pkgHandle.FilterReplace(filter)
+}
+
+// FilterReplace will replace a filter.
+// Equivalent to: `tc filter replace $filter`
+func (h *Handle) FilterReplace(filter Filter) error {
+	return h.filterModify(filter, unix.NLM_F_CREATE)
+}
+
+func (h *Handle) filterModify(filter Filter, flags int) error {
 	native = nl.NativeEndian()
-	req := h.newNetlinkRequest(syscall.RTM_NEWTFILTER, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_NEWTFILTER, flags|unix.NLM_F_ACK)
 	base := filter.Attrs()
 	msg := &nl.TcMsg{
 		Family:  nl.FAMILY_ALL,
@@ -139,8 +186,7 @@ func (h *Handle) FilterAdd(filter Filter) error {
 
 	switch filter := filter.(type) {
 	case *U32:
-		// Convert TcU32Sel into nl.TcU32Sel as it is without copy.
-		sel := (*nl.TcU32Sel)(unsafe.Pointer(filter.Sel))
+		sel := filter.Sel
 		if sel == nil {
 			// match all
 			sel = &nl.TcU32Sel{
@@ -167,11 +213,20 @@ func (h *Handle) FilterAdd(filter Filter) error {
 			}
 		}
 		sel.Nkeys = uint8(len(sel.Keys))
-		nl.NewRtAttrChild(options, nl.TCA_U32_SEL, sel.Serialize())
+		options.AddRtAttr(nl.TCA_U32_SEL, sel.Serialize())
 		if filter.ClassId != 0 {
-			nl.NewRtAttrChild(options, nl.TCA_U32_CLASSID, nl.Uint32Attr(filter.ClassId))
+			options.AddRtAttr(nl.TCA_U32_CLASSID, nl.Uint32Attr(filter.ClassId))
 		}
-		actionsAttr := nl.NewRtAttrChild(options, nl.TCA_U32_ACT, nil)
+		if filter.Divisor != 0 {
+			if (filter.Divisor-1)&filter.Divisor != 0 {
+				return fmt.Errorf("illegal divisor %d. Must be a power of 2", filter.Divisor)
+			}
+			options.AddRtAttr(nl.TCA_U32_DIVISOR, nl.Uint32Attr(filter.Divisor))
+		}
+		if filter.Hash != 0 {
+			options.AddRtAttr(nl.TCA_U32_HASH, nl.Uint32Attr(filter.Hash))
+		}
+		actionsAttr := options.AddRtAttr(nl.TCA_U32_ACT, nil)
 		// backwards compatibility
 		if filter.RedirIndex != 0 {
 			filter.Actions = append([]Action{NewMirredAction(filter.RedirIndex)}, filter.Actions...)
@@ -183,48 +238,56 @@ func (h *Handle) FilterAdd(filter Filter) error {
 		if filter.Mask != 0 {
 			b := make([]byte, 4)
 			native.PutUint32(b, filter.Mask)
-			nl.NewRtAttrChild(options, nl.TCA_FW_MASK, b)
+			options.AddRtAttr(nl.TCA_FW_MASK, b)
 		}
 		if filter.InDev != "" {
-			nl.NewRtAttrChild(options, nl.TCA_FW_INDEV, nl.ZeroTerminated(filter.InDev))
+			options.AddRtAttr(nl.TCA_FW_INDEV, nl.ZeroTerminated(filter.InDev))
 		}
 		if (filter.Police != nl.TcPolice{}) {
 
-			police := nl.NewRtAttrChild(options, nl.TCA_FW_POLICE, nil)
-			nl.NewRtAttrChild(police, nl.TCA_POLICE_TBF, filter.Police.Serialize())
+			police := options.AddRtAttr(nl.TCA_FW_POLICE, nil)
+			police.AddRtAttr(nl.TCA_POLICE_TBF, filter.Police.Serialize())
 			if (filter.Police.Rate != nl.TcRateSpec{}) {
 				payload := SerializeRtab(filter.Rtab)
-				nl.NewRtAttrChild(police, nl.TCA_POLICE_RATE, payload)
+				police.AddRtAttr(nl.TCA_POLICE_RATE, payload)
 			}
 			if (filter.Police.PeakRate != nl.TcRateSpec{}) {
 				payload := SerializeRtab(filter.Ptab)
-				nl.NewRtAttrChild(police, nl.TCA_POLICE_PEAKRATE, payload)
+				police.AddRtAttr(nl.TCA_POLICE_PEAKRATE, payload)
 			}
 		}
 		if filter.ClassId != 0 {
 			b := make([]byte, 4)
 			native.PutUint32(b, filter.ClassId)
-			nl.NewRtAttrChild(options, nl.TCA_FW_CLASSID, b)
+			options.AddRtAttr(nl.TCA_FW_CLASSID, b)
 		}
 	case *BpfFilter:
 		var bpfFlags uint32
 		if filter.ClassId != 0 {
-			nl.NewRtAttrChild(options, nl.TCA_BPF_CLASSID, nl.Uint32Attr(filter.ClassId))
+			options.AddRtAttr(nl.TCA_BPF_CLASSID, nl.Uint32Attr(filter.ClassId))
 		}
 		if filter.Fd >= 0 {
-			nl.NewRtAttrChild(options, nl.TCA_BPF_FD, nl.Uint32Attr((uint32(filter.Fd))))
+			options.AddRtAttr(nl.TCA_BPF_FD, nl.Uint32Attr((uint32(filter.Fd))))
 		}
 		if filter.Name != "" {
-			nl.NewRtAttrChild(options, nl.TCA_BPF_NAME, nl.ZeroTerminated(filter.Name))
+			options.AddRtAttr(nl.TCA_BPF_NAME, nl.ZeroTerminated(filter.Name))
 		}
 		if filter.DirectAction {
 			bpfFlags |= nl.TCA_BPF_FLAG_ACT_DIRECT
 		}
-		nl.NewRtAttrChild(options, nl.TCA_BPF_FLAGS, nl.Uint32Attr(bpfFlags))
+		options.AddRtAttr(nl.TCA_BPF_FLAGS, nl.Uint32Attr(bpfFlags))
+	case *MatchAll:
+		actionsAttr := options.AddRtAttr(nl.TCA_MATCHALL_ACT, nil)
+		if err := EncodeActions(actionsAttr, filter.Actions); err != nil {
+			return err
+		}
+		if filter.ClassId != 0 {
+			options.AddRtAttr(nl.TCA_MATCHALL_CLASSID, nl.Uint32Attr(filter.ClassId))
+		}
 	}
 
 	req.AddData(options)
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -239,7 +302,7 @@ func FilterList(link Link, parent uint32) ([]Filter, error) {
 // Equivalent to: `tc filter show`.
 // Generally returns nothing if link and parent are not specified.
 func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETTFILTER, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(unix.RTM_GETTFILTER, unix.NLM_F_DUMP)
 	msg := &nl.TcMsg{
 		Family: nl.FAMILY_ALL,
 		Parent: parent,
@@ -251,7 +314,7 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
 	}
 	req.AddData(msg)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWTFILTER)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTFILTER)
 	if err != nil {
 		return nil, err
 	}
@@ -287,6 +350,8 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
 					filter = &Fw{}
 				case "bpf":
 					filter = &BpfFilter{}
+				case "matchall":
+					filter = &MatchAll{}
 				default:
 					filter = &GenericFilter{FilterType: filterType}
 				}
@@ -311,6 +376,11 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
 					if err != nil {
 						return nil, err
 					}
+				case "matchall":
+					detailed, err = parseMatchAllData(filter, data)
+					if err != nil {
+						return nil, err
+					}
 				default:
 					detailed = true
 				}
@@ -350,34 +420,91 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error {
 		default:
 			return fmt.Errorf("unknown action type %s", action.Type())
 		case *MirredAction:
-			table := nl.NewRtAttrChild(attr, tabIndex, nil)
+			table := attr.AddRtAttr(tabIndex, nil)
 			tabIndex++
-			nl.NewRtAttrChild(table, nl.TCA_ACT_KIND, nl.ZeroTerminated("mirred"))
-			aopts := nl.NewRtAttrChild(table, nl.TCA_ACT_OPTIONS, nil)
+			table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("mirred"))
+			aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil)
 			mirred := nl.TcMirred{
 				Eaction: int32(action.MirredAction),
 				Ifindex: uint32(action.Ifindex),
 			}
 			toTcGen(action.Attrs(), &mirred.TcGen)
-			nl.NewRtAttrChild(aopts, nl.TCA_MIRRED_PARMS, mirred.Serialize())
+			aopts.AddRtAttr(nl.TCA_MIRRED_PARMS, mirred.Serialize())
+		case *TunnelKeyAction:
+			table := attr.AddRtAttr(tabIndex, nil)
+			tabIndex++
+			table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("tunnel_key"))
+			aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil)
+			tun := nl.TcTunnelKey{
+				Action: int32(action.Action),
+			}
+			toTcGen(action.Attrs(), &tun.TcGen)
+			aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_PARMS, tun.Serialize())
+			if action.Action == TCA_TUNNEL_KEY_SET {
+				aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_ENC_KEY_ID, htonl(action.KeyID))
+				if v4 := action.SrcAddr.To4(); v4 != nil {
+					aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_ENC_IPV4_SRC, v4[:])
+				} else if v6 := action.SrcAddr.To16(); v6 != nil {
+					aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_ENC_IPV6_SRC, v6[:])
+				} else {
+					return fmt.Errorf("invalid src addr %s for tunnel_key action", action.SrcAddr)
+				}
+				if v4 := action.DstAddr.To4(); v4 != nil {
+					aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_ENC_IPV4_DST, v4[:])
+				} else if v6 := action.DstAddr.To16(); v6 != nil {
+					aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_ENC_IPV6_DST, v6[:])
+				} else {
+					return fmt.Errorf("invalid dst addr %s for tunnel_key action", action.DstAddr)
+				}
+			}
+		case *SkbEditAction:
+			table := attr.AddRtAttr(tabIndex, nil)
+			tabIndex++
+			table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("skbedit"))
+			aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil)
+			skbedit := nl.TcSkbEdit{}
+			toTcGen(action.Attrs(), &skbedit.TcGen)
+			aopts.AddRtAttr(nl.TCA_SKBEDIT_PARMS, skbedit.Serialize())
+			if action.QueueMapping != nil {
+				aopts.AddRtAttr(nl.TCA_SKBEDIT_QUEUE_MAPPING, nl.Uint16Attr(*action.QueueMapping))
+			}
+			if action.Priority != nil {
+				aopts.AddRtAttr(nl.TCA_SKBEDIT_PRIORITY, nl.Uint32Attr(*action.Priority))
+			}
+			if action.PType != nil {
+				aopts.AddRtAttr(nl.TCA_SKBEDIT_PTYPE, nl.Uint16Attr(*action.PType))
+			}
+			if action.Mark != nil {
+				aopts.AddRtAttr(nl.TCA_SKBEDIT_MARK, nl.Uint32Attr(*action.Mark))
+			}
+		case *ConnmarkAction:
+			table := attr.AddRtAttr(tabIndex, nil)
+			tabIndex++
+			table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("connmark"))
+			aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil)
+			connmark := nl.TcConnmark{
+				Zone: action.Zone,
+			}
+			toTcGen(action.Attrs(), &connmark.TcGen)
+			aopts.AddRtAttr(nl.TCA_CONNMARK_PARMS, connmark.Serialize())
 		case *BpfAction:
-			table := nl.NewRtAttrChild(attr, tabIndex, nil)
+			table := attr.AddRtAttr(tabIndex, nil)
 			tabIndex++
-			nl.NewRtAttrChild(table, nl.TCA_ACT_KIND, nl.ZeroTerminated("bpf"))
-			aopts := nl.NewRtAttrChild(table, nl.TCA_ACT_OPTIONS, nil)
+			table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("bpf"))
+			aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil)
 			gen := nl.TcGen{}
 			toTcGen(action.Attrs(), &gen)
-			nl.NewRtAttrChild(aopts, nl.TCA_ACT_BPF_PARMS, gen.Serialize())
-			nl.NewRtAttrChild(aopts, nl.TCA_ACT_BPF_FD, nl.Uint32Attr(uint32(action.Fd)))
-			nl.NewRtAttrChild(aopts, nl.TCA_ACT_BPF_NAME, nl.ZeroTerminated(action.Name))
+			aopts.AddRtAttr(nl.TCA_ACT_BPF_PARMS, gen.Serialize())
+			aopts.AddRtAttr(nl.TCA_ACT_BPF_FD, nl.Uint32Attr(uint32(action.Fd)))
+			aopts.AddRtAttr(nl.TCA_ACT_BPF_NAME, nl.ZeroTerminated(action.Name))
 		case *GenericAction:
-			table := nl.NewRtAttrChild(attr, tabIndex, nil)
+			table := attr.AddRtAttr(tabIndex, nil)
 			tabIndex++
-			nl.NewRtAttrChild(table, nl.TCA_ACT_KIND, nl.ZeroTerminated("gact"))
-			aopts := nl.NewRtAttrChild(table, nl.TCA_ACT_OPTIONS, nil)
+			table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("gact"))
+			aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil)
 			gen := nl.TcGen{}
 			toTcGen(action.Attrs(), &gen)
-			nl.NewRtAttrChild(aopts, nl.TCA_GACT_PARMS, gen.Serialize())
+			aopts.AddRtAttr(nl.TCA_GACT_PARMS, gen.Serialize())
 		}
 	}
 	return nil
@@ -403,8 +530,14 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
 					action = &MirredAction{}
 				case "bpf":
 					action = &BpfAction{}
+				case "connmark":
+					action = &ConnmarkAction{}
 				case "gact":
 					action = &GenericAction{}
+				case "tunnel_key":
+					action = &TunnelKeyAction{}
+				case "skbedit":
+					action = &SkbEditAction{}
 				default:
 					break nextattr
 				}
@@ -419,11 +552,46 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
 						switch adatum.Attr.Type {
 						case nl.TCA_MIRRED_PARMS:
 							mirred := *nl.DeserializeTcMirred(adatum.Value)
-							toAttrs(&mirred.TcGen, action.Attrs())
 							action.(*MirredAction).ActionAttrs = ActionAttrs{}
+							toAttrs(&mirred.TcGen, action.Attrs())
 							action.(*MirredAction).Ifindex = int(mirred.Ifindex)
 							action.(*MirredAction).MirredAction = MirredAct(mirred.Eaction)
 						}
+					case "tunnel_key":
+						switch adatum.Attr.Type {
+						case nl.TCA_TUNNEL_KEY_PARMS:
+							tun := *nl.DeserializeTunnelKey(adatum.Value)
+							action.(*TunnelKeyAction).ActionAttrs = ActionAttrs{}
+							toAttrs(&tun.TcGen, action.Attrs())
+							action.(*TunnelKeyAction).Action = TunnelKeyAct(tun.Action)
+						case nl.TCA_TUNNEL_KEY_ENC_KEY_ID:
+							action.(*TunnelKeyAction).KeyID = networkOrder.Uint32(adatum.Value[0:4])
+						case nl.TCA_TUNNEL_KEY_ENC_IPV6_SRC:
+						case nl.TCA_TUNNEL_KEY_ENC_IPV4_SRC:
+							action.(*TunnelKeyAction).SrcAddr = net.IP(adatum.Value[:])
+						case nl.TCA_TUNNEL_KEY_ENC_IPV6_DST:
+						case nl.TCA_TUNNEL_KEY_ENC_IPV4_DST:
+							action.(*TunnelKeyAction).DstAddr = net.IP(adatum.Value[:])
+						}
+					case "skbedit":
+						switch adatum.Attr.Type {
+						case nl.TCA_SKBEDIT_PARMS:
+							skbedit := *nl.DeserializeSkbEdit(adatum.Value)
+							action.(*SkbEditAction).ActionAttrs = ActionAttrs{}
+							toAttrs(&skbedit.TcGen, action.Attrs())
+						case nl.TCA_SKBEDIT_MARK:
+							mark := native.Uint32(adatum.Value[0:4])
+							action.(*SkbEditAction).Mark = &mark
+						case nl.TCA_SKBEDIT_PRIORITY:
+							priority := native.Uint32(adatum.Value[0:4])
+							action.(*SkbEditAction).Priority = &priority
+						case nl.TCA_SKBEDIT_PTYPE:
+							ptype := native.Uint16(adatum.Value[0:2])
+							action.(*SkbEditAction).PType = &ptype
+						case nl.TCA_SKBEDIT_QUEUE_MAPPING:
+							mapping := native.Uint16(adatum.Value[0:2])
+							action.(*SkbEditAction).QueueMapping = &mapping
+						}
 					case "bpf":
 						switch adatum.Attr.Type {
 						case nl.TCA_ACT_BPF_PARMS:
@@ -434,6 +602,14 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
 						case nl.TCA_ACT_BPF_NAME:
 							action.(*BpfAction).Name = string(adatum.Value[:len(adatum.Value)-1])
 						}
+					case "connmark":
+						switch adatum.Attr.Type {
+						case nl.TCA_CONNMARK_PARMS:
+							connmark := *nl.DeserializeTcConnmark(adatum.Value)
+							action.(*ConnmarkAction).ActionAttrs = ActionAttrs{}
+							toAttrs(&connmark.TcGen, action.Attrs())
+							action.(*ConnmarkAction).Zone = connmark.Zone
+						}
 					case "gact":
 						switch adatum.Attr.Type {
 						case nl.TCA_GACT_PARMS:
@@ -458,7 +634,7 @@ func parseU32Data(filter Filter, data []syscall.NetlinkRouteAttr) (bool, error)
 		case nl.TCA_U32_SEL:
 			detailed = true
 			sel := nl.DeserializeTcU32Sel(datum.Value)
-			u32.Sel = (*TcU32Sel)(unsafe.Pointer(sel))
+			u32.Sel = sel
 			if native != networkOrder {
 				// Handle the endianness of attributes
 				u32.Sel.Offmask = native.Uint16(htons(sel.Offmask))
@@ -484,6 +660,10 @@ func parseU32Data(filter Filter, data []syscall.NetlinkRouteAttr) (bool, error)
 			}
 		case nl.TCA_U32_CLASSID:
 			u32.ClassId = native.Uint32(datum.Value)
+		case nl.TCA_U32_DIVISOR:
+			u32.Divisor = native.Uint32(datum.Value)
+		case nl.TCA_U32_HASH:
+			u32.Hash = native.Uint32(datum.Value)
 		}
 	}
 	return detailed, nil
@@ -535,6 +715,32 @@ func parseBpfData(filter Filter, data []syscall.NetlinkRouteAttr) (bool, error)
 			if (flags & nl.TCA_BPF_FLAG_ACT_DIRECT) != 0 {
 				bpf.DirectAction = true
 			}
+		case nl.TCA_BPF_ID:
+			bpf.Id = int(native.Uint32(datum.Value[0:4]))
+		case nl.TCA_BPF_TAG:
+			bpf.Tag = hex.EncodeToString(datum.Value[:len(datum.Value)-1])
+		}
+	}
+	return detailed, nil
+}
+
+func parseMatchAllData(filter Filter, data []syscall.NetlinkRouteAttr) (bool, error) {
+	native = nl.NativeEndian()
+	matchall := filter.(*MatchAll)
+	detailed := true
+	for _, datum := range data {
+		switch datum.Attr.Type {
+		case nl.TCA_MATCHALL_CLASSID:
+			matchall.ClassId = native.Uint32(datum.Value[0:4])
+		case nl.TCA_MATCHALL_ACT:
+			tables, err := nl.ParseRouteAttr(datum.Value)
+			if err != nil {
+				return detailed, err
+			}
+			matchall.Actions, err = parseActions(tables)
+			if err != nil {
+				return detailed, err
+			}
 		}
 	}
 	return detailed, nil
@@ -562,7 +768,7 @@ func AdjustSize(sz uint, mpu uint, linklayer int) uint {
 	}
 }
 
-func CalcRtable(rate *nl.TcRateSpec, rtab [256]uint32, cellLog int, mtu uint32, linklayer int) int {
+func CalcRtable(rate *nl.TcRateSpec, rtab []uint32, cellLog int, mtu uint32, linklayer int) int {
 	bps := rate.Rate
 	mpu := rate.Mpu
 	var sz uint
diff --git a/vendor/github.com/vishvananda/netlink/fou.go b/vendor/github.com/vishvananda/netlink/fou.go
new file mode 100644
index 0000000000000..71e73c37a0a33
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/fou.go
@@ -0,0 +1,21 @@
+package netlink
+
+import (
+	"errors"
+)
+
+var (
+	// ErrAttrHeaderTruncated is returned when a netlink attribute's header is
+	// truncated.
+	ErrAttrHeaderTruncated = errors.New("attribute header truncated")
+	// ErrAttrBodyTruncated is returned when a netlink attribute's body is
+	// truncated.
+	ErrAttrBodyTruncated = errors.New("attribute body truncated")
+)
+
+type Fou struct {
+	Family    int
+	Port      int
+	Protocol  int
+	EncapType int
+}
diff --git a/vendor/github.com/vishvananda/netlink/fou_linux.go b/vendor/github.com/vishvananda/netlink/fou_linux.go
new file mode 100644
index 0000000000000..ed55b2b790d47
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/fou_linux.go
@@ -0,0 +1,211 @@
+// +build linux
+
+package netlink
+
+import (
+	"encoding/binary"
+	"errors"
+
+	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	FOU_GENL_NAME = "fou"
+)
+
+const (
+	FOU_CMD_UNSPEC uint8 = iota
+	FOU_CMD_ADD
+	FOU_CMD_DEL
+	FOU_CMD_GET
+	FOU_CMD_MAX = FOU_CMD_GET
+)
+
+const (
+	FOU_ATTR_UNSPEC = iota
+	FOU_ATTR_PORT
+	FOU_ATTR_AF
+	FOU_ATTR_IPPROTO
+	FOU_ATTR_TYPE
+	FOU_ATTR_REMCSUM_NOPARTIAL
+	FOU_ATTR_MAX = FOU_ATTR_REMCSUM_NOPARTIAL
+)
+
+const (
+	FOU_ENCAP_UNSPEC = iota
+	FOU_ENCAP_DIRECT
+	FOU_ENCAP_GUE
+	FOU_ENCAP_MAX = FOU_ENCAP_GUE
+)
+
+var fouFamilyId int
+
+func FouFamilyId() (int, error) {
+	if fouFamilyId != 0 {
+		return fouFamilyId, nil
+	}
+
+	fam, err := GenlFamilyGet(FOU_GENL_NAME)
+	if err != nil {
+		return -1, err
+	}
+
+	fouFamilyId = int(fam.ID)
+	return fouFamilyId, nil
+}
+
+func FouAdd(f Fou) error {
+	return pkgHandle.FouAdd(f)
+}
+
+func (h *Handle) FouAdd(f Fou) error {
+	fam_id, err := FouFamilyId()
+	if err != nil {
+		return err
+	}
+
+	// setting ip protocol conflicts with encapsulation type GUE
+	if f.EncapType == FOU_ENCAP_GUE && f.Protocol != 0 {
+		return errors.New("GUE encapsulation doesn't specify an IP protocol")
+	}
+
+	req := h.newNetlinkRequest(fam_id, unix.NLM_F_ACK)
+
+	// int to byte for port
+	bp := make([]byte, 2)
+	binary.BigEndian.PutUint16(bp[0:2], uint16(f.Port))
+
+	attrs := []*nl.RtAttr{
+		nl.NewRtAttr(FOU_ATTR_PORT, bp),
+		nl.NewRtAttr(FOU_ATTR_TYPE, []byte{uint8(f.EncapType)}),
+		nl.NewRtAttr(FOU_ATTR_AF, []byte{uint8(f.Family)}),
+		nl.NewRtAttr(FOU_ATTR_IPPROTO, []byte{uint8(f.Protocol)}),
+	}
+	raw := []byte{FOU_CMD_ADD, 1, 0, 0}
+	for _, a := range attrs {
+		raw = append(raw, a.Serialize()...)
+	}
+
+	req.AddRawData(raw)
+
+	_, err = req.Execute(unix.NETLINK_GENERIC, 0)
+	return err
+}
+
+func FouDel(f Fou) error {
+	return pkgHandle.FouDel(f)
+}
+
+func (h *Handle) FouDel(f Fou) error {
+	fam_id, err := FouFamilyId()
+	if err != nil {
+		return err
+	}
+
+	req := h.newNetlinkRequest(fam_id, unix.NLM_F_ACK)
+
+	// int to byte for port
+	bp := make([]byte, 2)
+	binary.BigEndian.PutUint16(bp[0:2], uint16(f.Port))
+
+	attrs := []*nl.RtAttr{
+		nl.NewRtAttr(FOU_ATTR_PORT, bp),
+		nl.NewRtAttr(FOU_ATTR_AF, []byte{uint8(f.Family)}),
+	}
+	raw := []byte{FOU_CMD_DEL, 1, 0, 0}
+	for _, a := range attrs {
+		raw = append(raw, a.Serialize()...)
+	}
+
+	req.AddRawData(raw)
+
+	_, err = req.Execute(unix.NETLINK_GENERIC, 0)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func FouList(fam int) ([]Fou, error) {
+	return pkgHandle.FouList(fam)
+}
+
+func (h *Handle) FouList(fam int) ([]Fou, error) {
+	fam_id, err := FouFamilyId()
+	if err != nil {
+		return nil, err
+	}
+
+	req := h.newNetlinkRequest(fam_id, unix.NLM_F_DUMP)
+
+	attrs := []*nl.RtAttr{
+		nl.NewRtAttr(FOU_ATTR_AF, []byte{uint8(fam)}),
+	}
+	raw := []byte{FOU_CMD_GET, 1, 0, 0}
+	for _, a := range attrs {
+		raw = append(raw, a.Serialize()...)
+	}
+
+	req.AddRawData(raw)
+
+	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	fous := make([]Fou, 0, len(msgs))
+	for _, m := range msgs {
+		f, err := deserializeFouMsg(m)
+		if err != nil {
+			return fous, err
+		}
+
+		fous = append(fous, f)
+	}
+
+	return fous, nil
+}
+
+func deserializeFouMsg(msg []byte) (Fou, error) {
+	// we'll skip to byte 4 to first attribute
+	msg = msg[3:]
+	var shift int
+	fou := Fou{}
+
+	for {
+		// attribute header is at least 16 bits
+		if len(msg) < 4 {
+			return fou, ErrAttrHeaderTruncated
+		}
+
+		lgt := int(binary.BigEndian.Uint16(msg[0:2]))
+		if len(msg) < lgt+4 {
+			return fou, ErrAttrBodyTruncated
+		}
+		attr := binary.BigEndian.Uint16(msg[2:4])
+
+		shift = lgt + 3
+		switch attr {
+		case FOU_ATTR_AF:
+			fou.Family = int(msg[5])
+		case FOU_ATTR_PORT:
+			fou.Port = int(binary.BigEndian.Uint16(msg[5:7]))
+			// port is 2 bytes
+			shift = lgt + 2
+		case FOU_ATTR_IPPROTO:
+			fou.Protocol = int(msg[5])
+		case FOU_ATTR_TYPE:
+			fou.EncapType = int(msg[5])
+		}
+
+		msg = msg[shift:]
+
+		if len(msg) < 4 {
+			break
+		}
+	}
+
+	return fou, nil
+}
diff --git a/vendor/github.com/vishvananda/netlink/fou_unspecified.go b/vendor/github.com/vishvananda/netlink/fou_unspecified.go
new file mode 100644
index 0000000000000..3a8365bfe6232
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/fou_unspecified.go
@@ -0,0 +1,15 @@
+// +build !linux
+
+package netlink
+
+func FouAdd(f Fou) error {
+	return ErrNotImplemented
+}
+
+func FouDel(f Fou) error {
+	return ErrNotImplemented
+}
+
+func FouList(fam int) ([]Fou, error) {
+	return nil, ErrNotImplemented
+}
diff --git a/vendor/github.com/vishvananda/netlink/genetlink_linux.go b/vendor/github.com/vishvananda/netlink/genetlink_linux.go
index a388a87001ce3..772e5834a26a7 100644
--- a/vendor/github.com/vishvananda/netlink/genetlink_linux.go
+++ b/vendor/github.com/vishvananda/netlink/genetlink_linux.go
@@ -5,6 +5,7 @@ import (
 	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 type GenlOp struct {
@@ -130,9 +131,9 @@ func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) {
 		Command: nl.GENL_CTRL_CMD_GETFAMILY,
 		Version: nl.GENL_CTRL_VERSION,
 	}
-	req := h.newNetlinkRequest(nl.GENL_ID_CTRL, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(nl.GENL_ID_CTRL, unix.NLM_F_DUMP)
 	req.AddData(msg)
-	msgs, err := req.Execute(syscall.NETLINK_GENERIC, 0)
+	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -151,11 +152,14 @@ func (h *Handle) GenlFamilyGet(name string) (*GenlFamily, error) {
 	req := h.newNetlinkRequest(nl.GENL_ID_CTRL, 0)
 	req.AddData(msg)
 	req.AddData(nl.NewRtAttr(nl.GENL_CTRL_ATTR_FAMILY_NAME, nl.ZeroTerminated(name)))
-	msgs, err := req.Execute(syscall.NETLINK_GENERIC, 0)
+	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
 	if err != nil {
 		return nil, err
 	}
 	families, err := parseFamilies(msgs)
+	if err != nil {
+		return nil, err
+	}
 	if len(families) != 1 {
 		return nil, fmt.Errorf("invalid response for GENL_CTRL_CMD_GETFAMILY")
 	}
diff --git a/vendor/github.com/vishvananda/netlink/go.mod b/vendor/github.com/vishvananda/netlink/go.mod
new file mode 100644
index 0000000000000..09ee60e7784d8
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/go.mod
@@ -0,0 +1,8 @@
+module github.com/vishvananda/netlink
+
+go 1.12
+
+require (
+	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
+	golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444
+)
diff --git a/vendor/github.com/vishvananda/netlink/gtp_linux.go b/vendor/github.com/vishvananda/netlink/gtp_linux.go
index 7331303ecbe17..f5e160ba5c065 100644
--- a/vendor/github.com/vishvananda/netlink/gtp_linux.go
+++ b/vendor/github.com/vishvananda/netlink/gtp_linux.go
@@ -7,6 +7,7 @@ import (
 	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 type PDP struct {
@@ -82,9 +83,9 @@ func (h *Handle) GTPPDPList() ([]*PDP, error) {
 		Command: nl.GENL_GTP_CMD_GETPDP,
 		Version: nl.GENL_GTP_VERSION,
 	}
-	req := h.newNetlinkRequest(int(f.ID), syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_DUMP)
 	req.AddData(msg)
-	msgs, err := req.Execute(syscall.NETLINK_GENERIC, 0)
+	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -96,7 +97,7 @@ func GTPPDPList() ([]*PDP, error) {
 }
 
 func gtpPDPGet(req *nl.NetlinkRequest) (*PDP, error) {
-	msgs, err := req.Execute(syscall.NETLINK_GENERIC, 0)
+	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -182,7 +183,7 @@ func (h *Handle) GTPPDPAdd(link Link, pdp *PDP) error {
 		Command: nl.GENL_GTP_CMD_NEWPDP,
 		Version: nl.GENL_GTP_VERSION,
 	}
-	req := h.newNetlinkRequest(int(f.ID), syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_EXCL|unix.NLM_F_ACK)
 	req.AddData(msg)
 	req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_VERSION, nl.Uint32Attr(pdp.Version)))
 	req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_LINK, nl.Uint32Attr(uint32(link.Attrs().Index))))
@@ -199,7 +200,7 @@ func (h *Handle) GTPPDPAdd(link Link, pdp *PDP) error {
 	default:
 		return fmt.Errorf("unsupported GTP version: %d", pdp.Version)
 	}
-	_, err = req.Execute(syscall.NETLINK_GENERIC, 0)
+	_, err = req.Execute(unix.NETLINK_GENERIC, 0)
 	return err
 }
 
@@ -216,7 +217,7 @@ func (h *Handle) GTPPDPDel(link Link, pdp *PDP) error {
 		Command: nl.GENL_GTP_CMD_DELPDP,
 		Version: nl.GENL_GTP_VERSION,
 	}
-	req := h.newNetlinkRequest(int(f.ID), syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_EXCL|unix.NLM_F_ACK)
 	req.AddData(msg)
 	req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_VERSION, nl.Uint32Attr(pdp.Version)))
 	req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_LINK, nl.Uint32Attr(uint32(link.Attrs().Index))))
@@ -229,7 +230,7 @@ func (h *Handle) GTPPDPDel(link Link, pdp *PDP) error {
 	default:
 		return fmt.Errorf("unsupported GTP version: %d", pdp.Version)
 	}
-	_, err = req.Execute(syscall.NETLINK_GENERIC, 0)
+	_, err = req.Execute(unix.NETLINK_GENERIC, 0)
 	return err
 }
 
diff --git a/vendor/github.com/vishvananda/netlink/handle_linux.go b/vendor/github.com/vishvananda/netlink/handle_linux.go
index d37b087c33e3f..26887b7596123 100644
--- a/vendor/github.com/vishvananda/netlink/handle_linux.go
+++ b/vendor/github.com/vishvananda/netlink/handle_linux.go
@@ -2,11 +2,11 @@ package netlink
 
 import (
 	"fmt"
-	"syscall"
 	"time"
 
 	"github.com/vishvananda/netlink/nl"
 	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 // Empty handle used by the netlink package methods
@@ -43,7 +43,7 @@ func (h *Handle) SetSocketTimeout(to time.Duration) error {
 	if to < time.Microsecond {
 		return fmt.Errorf("invalid timeout, minimul value is %s", time.Microsecond)
 	}
-	tv := syscall.NsecToTimeval(to.Nanoseconds())
+	tv := unix.NsecToTimeval(to.Nanoseconds())
 	for _, sh := range h.sockets {
 		if err := sh.Socket.SetSendTimeout(&tv); err != nil {
 			return err
@@ -59,13 +59,13 @@ func (h *Handle) SetSocketTimeout(to time.Duration) error {
 // socket in the netlink handle. The maximum value is capped by
 // /proc/sys/net/core/rmem_max.
 func (h *Handle) SetSocketReceiveBufferSize(size int, force bool) error {
-	opt := syscall.SO_RCVBUF
+	opt := unix.SO_RCVBUF
 	if force {
-		opt = syscall.SO_RCVBUFFORCE
+		opt = unix.SO_RCVBUFFORCE
 	}
 	for _, sh := range h.sockets {
 		fd := sh.Socket.GetFd()
-		err := syscall.SetsockoptInt(fd, syscall.SOL_SOCKET, opt, size)
+		err := unix.SetsockoptInt(fd, unix.SOL_SOCKET, opt, size)
 		if err != nil {
 			return err
 		}
@@ -81,7 +81,7 @@ func (h *Handle) GetSocketReceiveBufferSize() ([]int, error) {
 	i := 0
 	for _, sh := range h.sockets {
 		fd := sh.Socket.GetFd()
-		size, err := syscall.GetsockoptInt(fd, syscall.SOL_SOCKET, syscall.SO_RCVBUF)
+		size, err := unix.GetsockoptInt(fd, unix.SOL_SOCKET, unix.SO_RCVBUF)
 		if err != nil {
 			return nil, err
 		}
@@ -91,7 +91,7 @@ func (h *Handle) GetSocketReceiveBufferSize() ([]int, error) {
 	return results, nil
 }
 
-// NewHandle returns a netlink handle on the network namespace
+// NewHandleAt returns a netlink handle on the network namespace
 // specified by ns. If ns=netns.None(), current network namespace
 // will be assumed
 func NewHandleAt(ns netns.NsHandle, nlFamilies ...int) (*Handle, error) {
@@ -134,10 +134,10 @@ func (h *Handle) newNetlinkRequest(proto, flags int) *nl.NetlinkRequest {
 		return nl.NewNetlinkRequest(proto, flags)
 	}
 	return &nl.NetlinkRequest{
-		NlMsghdr: syscall.NlMsghdr{
-			Len:   uint32(syscall.SizeofNlMsghdr),
+		NlMsghdr: unix.NlMsghdr{
+			Len:   uint32(unix.SizeofNlMsghdr),
 			Type:  uint16(proto),
-			Flags: syscall.NLM_F_REQUEST | uint16(flags),
+			Flags: unix.NLM_F_REQUEST | uint16(flags),
 		},
 		Sockets: h.sockets,
 	}
diff --git a/vendor/github.com/vishvananda/netlink/handle_unspecified.go b/vendor/github.com/vishvananda/netlink/handle_unspecified.go
index 7da21a6a18477..ef914dcb8cc5b 100644
--- a/vendor/github.com/vishvananda/netlink/handle_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/handle_unspecified.go
@@ -73,10 +73,18 @@ func (h *Handle) LinkSetVfVlan(link Link, vf, vlan int) error {
 	return ErrNotImplemented
 }
 
+func (h *Handle) LinkSetVfVlanQos(link Link, vf, vlan, qos int) error {
+	return ErrNotImplemented
+}
+
 func (h *Handle) LinkSetVfTxRate(link Link, vf, rate int) error {
 	return ErrNotImplemented
 }
 
+func (h *Handle) LinkSetVfRate(link Link, vf, minRate, maxRate int) error {
+	return ErrNotImplemented
+}
+
 func (h *Handle) LinkSetMaster(link Link, master *Bridge) error {
 	return ErrNotImplemented
 }
@@ -149,6 +157,10 @@ func (h *Handle) LinkSetTxQLen(link Link, qlen int) error {
 	return ErrNotImplemented
 }
 
+func (h *Handle) LinkSetGroup(link Link, group int) error {
+	return ErrNotImplemented
+}
+
 func (h *Handle) setProtinfoAttr(link Link, mode bool, attr int) error {
 	return ErrNotImplemented
 }
@@ -220,3 +232,39 @@ func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) {
 func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) {
 	return nil, ErrNotImplemented
 }
+
+func (h *Handle) RouteAdd(route *Route) error {
+	return ErrNotImplemented
+}
+
+func (h *Handle) RouteDel(route *Route) error {
+	return ErrNotImplemented
+}
+
+func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
+	return nil, ErrNotImplemented
+}
+
+func (h *Handle) RouteList(link Link, family int) ([]Route, error) {
+	return nil, ErrNotImplemented
+}
+
+func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, error) {
+	return nil, ErrNotImplemented
+}
+
+func (h *Handle) RouteReplace(route *Route) error {
+	return ErrNotImplemented
+}
+
+func (h *Handle) RuleAdd(rule *Rule) error {
+	return ErrNotImplemented
+}
+
+func (h *Handle) RuleDel(rule *Rule) error {
+	return ErrNotImplemented
+}
+
+func (h *Handle) RuleList(family int) ([]Rule, error) {
+	return nil, ErrNotImplemented
+}
diff --git a/vendor/github.com/vishvananda/netlink/ioctl_linux.go b/vendor/github.com/vishvananda/netlink/ioctl_linux.go
new file mode 100644
index 0000000000000..4d33db5da5137
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/ioctl_linux.go
@@ -0,0 +1,90 @@
+package netlink
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// ioctl for statistics.
+const (
+	// ETHTOOL_GSSET_INFO gets string set info
+	ETHTOOL_GSSET_INFO = 0x00000037
+	// SIOCETHTOOL is Ethtool interface
+	SIOCETHTOOL = 0x8946
+	// ETHTOOL_GSTRINGS gets specified string set
+	ETHTOOL_GSTRINGS = 0x0000001b
+	// ETHTOOL_GSTATS gets NIC-specific statistics
+	ETHTOOL_GSTATS = 0x0000001d
+)
+
+// string set id.
+const (
+	// ETH_SS_TEST is self-test result names, for use with %ETHTOOL_TEST
+	ETH_SS_TEST = iota
+	// ETH_SS_STATS statistic names, for use with %ETHTOOL_GSTATS
+	ETH_SS_STATS
+	// ETH_SS_PRIV_FLAGS are driver private flag names
+	ETH_SS_PRIV_FLAGS
+	// _ETH_SS_NTUPLE_FILTERS is deprecated
+	_ETH_SS_NTUPLE_FILTERS
+	// ETH_SS_FEATURES are device feature names
+	ETH_SS_FEATURES
+	// ETH_SS_RSS_HASH_FUNCS is RSS hush function names
+	ETH_SS_RSS_HASH_FUNCS
+)
+
+// IfreqSlave is a struct for ioctl bond manipulation syscalls.
+// It is used to assign slave to bond interface with Name.
+type IfreqSlave struct {
+	Name  [unix.IFNAMSIZ]byte
+	Slave [unix.IFNAMSIZ]byte
+}
+
+// Ifreq is a struct for ioctl ethernet manipulation syscalls.
+type Ifreq struct {
+	Name [unix.IFNAMSIZ]byte
+	Data uintptr
+}
+
+// ethtoolSset is a string set information
+type ethtoolSset struct {
+	cmd      uint32
+	reserved uint32
+	mask     uint64
+	data     [1]uint32
+}
+
+type ethtoolStats struct {
+	cmd    uint32
+	nStats uint32
+	// Followed by nStats * []uint64.
+}
+
+// newIocltSlaveReq returns filled IfreqSlave with proper interface names
+// It is used by ioctl to assign slave to bond master
+func newIocltSlaveReq(slave, master string) *IfreqSlave {
+	ifreq := &IfreqSlave{}
+	copy(ifreq.Name[:unix.IFNAMSIZ-1], master)
+	copy(ifreq.Slave[:unix.IFNAMSIZ-1], slave)
+	return ifreq
+}
+
+// newIocltStringSetReq creates request to get interface string set
+func newIocltStringSetReq(linkName string) (*Ifreq, *ethtoolSset) {
+	e := &ethtoolSset{
+		cmd:  ETHTOOL_GSSET_INFO,
+		mask: 1 << ETH_SS_STATS,
+	}
+
+	ifreq := &Ifreq{Data: uintptr(unsafe.Pointer(e))}
+	copy(ifreq.Name[:unix.IFNAMSIZ-1], linkName)
+	return ifreq, e
+}
+
+// getSocketUDP returns file descriptor to new UDP socket
+// It is used for communication with ioctl interface.
+func getSocketUDP() (int, error) {
+	return syscall.Socket(unix.AF_INET, unix.SOCK_DGRAM, 0)
+}
diff --git a/vendor/github.com/vishvananda/netlink/link.go b/vendor/github.com/vishvananda/netlink/link.go
index 5aa3a1790ab5a..886d88d1b2f58 100644
--- a/vendor/github.com/vishvananda/netlink/link.go
+++ b/vendor/github.com/vishvananda/netlink/link.go
@@ -3,6 +3,8 @@ package netlink
 import (
 	"fmt"
 	"net"
+	"os"
+	"strconv"
 )
 
 // Link represents a link device from netlink. Shared link attributes
@@ -38,6 +40,31 @@ type LinkAttrs struct {
 	Protinfo     *Protinfo
 	OperState    LinkOperState
 	NetNsID      int
+	NumTxQueues  int
+	NumRxQueues  int
+	GSOMaxSize   uint32
+	GSOMaxSegs   uint32
+	Vfs          []VfInfo // virtual functions available on link
+	Group        uint32
+	Slave        LinkSlave
+}
+
+// LinkSlave represents a slave device.
+type LinkSlave interface {
+	SlaveType() string
+}
+
+// VfInfo represents configuration of virtual function
+type VfInfo struct {
+	ID        int
+	Mac       net.HardwareAddr
+	Vlan      int
+	Qos       int
+	TxRate    int // IFLA_VF_TX_RATE  Max TxRate
+	Spoofchk  bool
+	LinkState uint32
+	MaxTxRate uint32 // IFLA_VF_RATE Max TxRate
+	MinTxRate uint32 // IFLA_VF_RATE Min TxRate
 }
 
 // LinkOperState represents the values of the IFLA_OPERSTATE link
@@ -220,6 +247,7 @@ type Bridge struct {
 	LinkAttrs
 	MulticastSnooping *bool
 	HelloTime         *uint32
+	VlanFiltering     *bool
 }
 
 func (bridge *Bridge) Attrs() *LinkAttrs {
@@ -233,7 +261,8 @@ func (bridge *Bridge) Type() string {
 // Vlan links have ParentIndex set in their Attrs()
 type Vlan struct {
 	LinkAttrs
-	VlanId int
+	VlanId       int
+	VlanProtocol VlanProtocol
 }
 
 func (vlan *Vlan) Attrs() *LinkAttrs {
@@ -259,6 +288,9 @@ const (
 type Macvlan struct {
 	LinkAttrs
 	Mode MacvlanMode
+
+	// MACAddrs is only populated for Macvlan SOURCE links
+	MACAddrs []net.HardwareAddr
 }
 
 func (macvlan *Macvlan) Attrs() *LinkAttrs {
@@ -284,8 +316,13 @@ type TuntapFlag uint16
 // Tuntap links created via /dev/tun/tap, but can be destroyed via netlink
 type Tuntap struct {
 	LinkAttrs
-	Mode  TuntapMode
-	Flags TuntapFlag
+	Mode       TuntapMode
+	Flags      TuntapFlag
+	NonPersist bool
+	Queues     int
+	Fds        []*os.File
+	Owner      uint32
+	Group      uint32
 }
 
 func (tuntap *Tuntap) Attrs() *LinkAttrs {
@@ -299,7 +336,8 @@ func (tuntap *Tuntap) Type() string {
 // Veth devices must specify PeerName on create
 type Veth struct {
 	LinkAttrs
-	PeerName string // veth on create only
+	PeerName         string // veth on create only
+	PeerHardwareAddr net.HardwareAddr
 }
 
 func (veth *Veth) Attrs() *LinkAttrs {
@@ -327,26 +365,28 @@ func (generic *GenericLink) Type() string {
 
 type Vxlan struct {
 	LinkAttrs
-	VxlanId      int
-	VtepDevIndex int
-	SrcAddr      net.IP
-	Group        net.IP
-	TTL          int
-	TOS          int
-	Learning     bool
-	Proxy        bool
-	RSC          bool
-	L2miss       bool
-	L3miss       bool
-	UDPCSum      bool
-	NoAge        bool
-	GBP          bool
-	FlowBased    bool
-	Age          int
-	Limit        int
-	Port         int
-	PortLow      int
-	PortHigh     int
+	VxlanId        int
+	VtepDevIndex   int
+	SrcAddr        net.IP
+	Group          net.IP
+	TTL            int
+	TOS            int
+	Learning       bool
+	Proxy          bool
+	RSC            bool
+	L2miss         bool
+	L3miss         bool
+	UDPCSum        bool
+	UDP6ZeroCSumTx bool
+	UDP6ZeroCSumRx bool
+	NoAge          bool
+	GBP            bool
+	FlowBased      bool
+	Age            int
+	Limit          int
+	Port           int
+	PortLow        int
+	PortHigh       int
 }
 
 func (vxlan *Vxlan) Attrs() *LinkAttrs {
@@ -366,9 +406,18 @@ const (
 	IPVLAN_MODE_MAX
 )
 
+type IPVlanFlag uint16
+
+const (
+	IPVLAN_FLAG_BRIDGE IPVlanFlag = iota
+	IPVLAN_FLAG_PRIVATE
+	IPVLAN_FLAG_VEPA
+)
+
 type IPVlan struct {
 	LinkAttrs
 	Mode IPVlanMode
+	Flag IPVlanFlag
 }
 
 func (ipvlan *IPVlan) Attrs() *LinkAttrs {
@@ -379,6 +428,43 @@ func (ipvlan *IPVlan) Type() string {
 	return "ipvlan"
 }
 
+// VlanProtocol type
+type VlanProtocol int
+
+func (p VlanProtocol) String() string {
+	s, ok := VlanProtocolToString[p]
+	if !ok {
+		return fmt.Sprintf("VlanProtocol(%d)", p)
+	}
+	return s
+}
+
+// StringToVlanProtocol returns vlan protocol, or unknown is the s is invalid.
+func StringToVlanProtocol(s string) VlanProtocol {
+	mode, ok := StringToVlanProtocolMap[s]
+	if !ok {
+		return VLAN_PROTOCOL_UNKNOWN
+	}
+	return mode
+}
+
+// VlanProtocol possible values
+const (
+	VLAN_PROTOCOL_UNKNOWN VlanProtocol = 0
+	VLAN_PROTOCOL_8021Q   VlanProtocol = 0x8100
+	VLAN_PROTOCOL_8021AD  VlanProtocol = 0x88A8
+)
+
+var VlanProtocolToString = map[VlanProtocol]string{
+	VLAN_PROTOCOL_8021Q:  "802.1q",
+	VLAN_PROTOCOL_8021AD: "802.1ad",
+}
+
+var StringToVlanProtocolMap = map[string]VlanProtocol{
+	"802.1q":  VLAN_PROTOCOL_8021Q,
+	"802.1ad": VLAN_PROTOCOL_8021AD,
+}
+
 // BondMode type
 type BondMode int
 
@@ -390,7 +476,7 @@ func (b BondMode) String() string {
 	return s
 }
 
-// StringToBondMode returns bond mode, or uknonw is the s is invalid.
+// StringToBondMode returns bond mode, or unknown is the s is invalid.
 func StringToBondMode(s string) BondMode {
 	mode, ok := StringToBondModeMap[s]
 	if !ok {
@@ -481,7 +567,7 @@ func (b BondXmitHashPolicy) String() string {
 	return s
 }
 
-// StringToBondXmitHashPolicy returns bond lacp arte, or uknonw is the s is invalid.
+// StringToBondXmitHashPolicy returns bond lacp arte, or unknown is the s is invalid.
 func StringToBondXmitHashPolicy(s string) BondXmitHashPolicy {
 	lacp, ok := StringToBondXmitHashPolicyMap[s]
 	if !ok {
@@ -526,7 +612,7 @@ func (b BondLacpRate) String() string {
 	return s
 }
 
-// StringToBondLacpRate returns bond lacp arte, or uknonw is the s is invalid.
+// StringToBondLacpRate returns bond lacp arte, or unknown is the s is invalid.
 func StringToBondLacpRate(s string) BondLacpRate {
 	lacp, ok := StringToBondLacpRateMap[s]
 	if !ok {
@@ -670,6 +756,67 @@ func (bond *Bond) Type() string {
 	return "bond"
 }
 
+// BondSlaveState represents the values of the IFLA_BOND_SLAVE_STATE bond slave
+// attribute, which contains the state of the bond slave.
+type BondSlaveState uint8
+
+const (
+	BondStateActive = iota // Link is active.
+	BondStateBackup        // Link is backup.
+)
+
+func (s BondSlaveState) String() string {
+	switch s {
+	case BondStateActive:
+		return "ACTIVE"
+	case BondStateBackup:
+		return "BACKUP"
+	default:
+		return strconv.Itoa(int(s))
+	}
+}
+
+// BondSlaveState represents the values of the IFLA_BOND_SLAVE_MII_STATUS bond slave
+// attribute, which contains the status of MII link monitoring
+type BondSlaveMiiStatus uint8
+
+const (
+	BondLinkUp   = iota // link is up and running.
+	BondLinkFail        // link has just gone down.
+	BondLinkDown        // link has been down for too long time.
+	BondLinkBack        // link is going back.
+)
+
+func (s BondSlaveMiiStatus) String() string {
+	switch s {
+	case BondLinkUp:
+		return "UP"
+	case BondLinkFail:
+		return "GOING_DOWN"
+	case BondLinkDown:
+		return "DOWN"
+	case BondLinkBack:
+		return "GOING_BACK"
+	default:
+		return strconv.Itoa(int(s))
+	}
+}
+
+type BondSlave struct {
+	State                  BondSlaveState
+	MiiStatus              BondSlaveMiiStatus
+	LinkFailureCount       uint32
+	PermHardwareAddr       net.HardwareAddr
+	QueueId                uint16
+	AggregatorId           uint16
+	AdActorOperPortState   uint8
+	AdPartnerOperPortState uint16
+}
+
+func (b *BondSlave) SlaveType() string {
+	return "bond"
+}
+
 // Gretap devices must specify LocalIP and RemoteIP on create
 type Gretap struct {
 	LinkAttrs
@@ -695,17 +842,25 @@ func (gretap *Gretap) Attrs() *LinkAttrs {
 }
 
 func (gretap *Gretap) Type() string {
+	if gretap.Local.To4() == nil {
+		return "ip6gretap"
+	}
 	return "gretap"
 }
 
 type Iptun struct {
 	LinkAttrs
-	Ttl      uint8
-	Tos      uint8
-	PMtuDisc uint8
-	Link     uint32
-	Local    net.IP
-	Remote   net.IP
+	Ttl        uint8
+	Tos        uint8
+	PMtuDisc   uint8
+	Link       uint32
+	Local      net.IP
+	Remote     net.IP
+	EncapSport uint16
+	EncapDport uint16
+	EncapType  uint16
+	EncapFlags uint16
+	FlowBased  bool
 }
 
 func (iptun *Iptun) Attrs() *LinkAttrs {
@@ -716,6 +871,49 @@ func (iptun *Iptun) Type() string {
 	return "ipip"
 }
 
+type Ip6tnl struct {
+	LinkAttrs
+	Link       uint32
+	Local      net.IP
+	Remote     net.IP
+	Ttl        uint8
+	Tos        uint8
+	EncapLimit uint8
+	Flags      uint32
+	Proto      uint8
+	FlowInfo   uint32
+}
+
+func (ip6tnl *Ip6tnl) Attrs() *LinkAttrs {
+	return &ip6tnl.LinkAttrs
+}
+
+func (ip6tnl *Ip6tnl) Type() string {
+	return "ip6tnl"
+}
+
+type Sittun struct {
+	LinkAttrs
+	Link       uint32
+	Local      net.IP
+	Remote     net.IP
+	Ttl        uint8
+	Tos        uint8
+	PMtuDisc   uint8
+	EncapType  uint16
+	EncapFlags uint16
+	EncapSport uint16
+	EncapDport uint16
+}
+
+func (sittun *Sittun) Attrs() *LinkAttrs {
+	return &sittun.LinkAttrs
+}
+
+func (sittun *Sittun) Type() string {
+	return "sit"
+}
+
 type Vti struct {
 	LinkAttrs
 	IKey   uint32
@@ -729,22 +927,29 @@ func (vti *Vti) Attrs() *LinkAttrs {
 	return &vti.LinkAttrs
 }
 
-func (iptun *Vti) Type() string {
+func (vti *Vti) Type() string {
+	if vti.Local.To4() == nil {
+		return "vti6"
+	}
 	return "vti"
 }
 
 type Gretun struct {
 	LinkAttrs
-	Link     uint32
-	IFlags   uint16
-	OFlags   uint16
-	IKey     uint32
-	OKey     uint32
-	Local    net.IP
-	Remote   net.IP
-	Ttl      uint8
-	Tos      uint8
-	PMtuDisc uint8
+	Link       uint32
+	IFlags     uint16
+	OFlags     uint16
+	IKey       uint32
+	OKey       uint32
+	Local      net.IP
+	Remote     net.IP
+	Ttl        uint8
+	Tos        uint8
+	PMtuDisc   uint8
+	EncapType  uint16
+	EncapFlags uint16
+	EncapSport uint16
+	EncapDport uint16
 }
 
 func (gretun *Gretun) Attrs() *LinkAttrs {
@@ -752,6 +957,9 @@ func (gretun *Gretun) Attrs() *LinkAttrs {
 }
 
 func (gretun *Gretun) Type() string {
+	if gretun.Local.To4() == nil {
+		return "ip6gre"
+	}
 	return "gre"
 }
 
@@ -784,11 +992,68 @@ func (gtp *GTP) Type() string {
 	return "gtp"
 }
 
+// Virtual XFRM Interfaces
+//	Named "xfrmi" to prevent confusion with XFRM objects
+type Xfrmi struct {
+	LinkAttrs
+	Ifid uint32
+}
+
+func (xfrm *Xfrmi) Attrs() *LinkAttrs {
+	return &xfrm.LinkAttrs
+}
+
+func (xfrm *Xfrmi) Type() string {
+	return "xfrm"
+}
+
+// IPoIB interface
+
+type IPoIBMode uint16
+
+func (m *IPoIBMode) String() string {
+	str, ok := iPoIBModeToString[*m]
+	if !ok {
+		return fmt.Sprintf("mode(%d)", *m)
+	}
+	return str
+}
+
+const (
+	IPOIB_MODE_DATAGRAM = iota
+	IPOIB_MODE_CONNECTED
+)
+
+var iPoIBModeToString = map[IPoIBMode]string{
+	IPOIB_MODE_DATAGRAM:  "datagram",
+	IPOIB_MODE_CONNECTED: "connected",
+}
+
+var StringToIPoIBMode = map[string]IPoIBMode{
+	"datagram":  IPOIB_MODE_DATAGRAM,
+	"connected": IPOIB_MODE_CONNECTED,
+}
+
+type IPoIB struct {
+	LinkAttrs
+	Pkey   uint16
+	Mode   IPoIBMode
+	Umcast uint16
+}
+
+func (ipoib *IPoIB) Attrs() *LinkAttrs {
+	return &ipoib.LinkAttrs
+}
+
+func (ipoib *IPoIB) Type() string {
+	return "ipoib"
+}
+
 // iproute2 supported devices;
 // vlan | veth | vcan | dummy | ifb | macvlan | macvtap |
 // bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |
-// gre | gretap | ip6gre | ip6gretap | vti | nlmon |
-// bond_slave | ipvlan
+// gre | gretap | ip6gre | ip6gretap | vti | vti6 | nlmon |
+// bond_slave | ipvlan | xfrm
 
 // LinkNotFoundError wraps the various not found errors when
 // getting/reading links. This is intended for better error
diff --git a/vendor/github.com/vishvananda/netlink/link_linux.go b/vendor/github.com/vishvananda/netlink/link_linux.go
index e94fd9766cd7e..ec915a0b9790f 100644
--- a/vendor/github.com/vishvananda/netlink/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/link_linux.go
@@ -4,29 +4,40 @@ import (
 	"bytes"
 	"encoding/binary"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"os"
+	"strconv"
+	"strings"
 	"syscall"
 	"unsafe"
 
 	"github.com/vishvananda/netlink/nl"
 	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 const (
 	SizeofLinkStats32 = 0x5c
-	SizeofLinkStats64 = 0xd8
-	IFLA_STATS64      = 0x17 // syscall pkg does not contain this one
+	SizeofLinkStats64 = 0xb8
 )
 
 const (
-	TUNTAP_MODE_TUN  TuntapMode = syscall.IFF_TUN
-	TUNTAP_MODE_TAP  TuntapMode = syscall.IFF_TAP
-	TUNTAP_DEFAULTS  TuntapFlag = syscall.IFF_TUN_EXCL | syscall.IFF_ONE_QUEUE
-	TUNTAP_VNET_HDR  TuntapFlag = syscall.IFF_VNET_HDR
-	TUNTAP_TUN_EXCL  TuntapFlag = syscall.IFF_TUN_EXCL
-	TUNTAP_NO_PI     TuntapFlag = syscall.IFF_NO_PI
-	TUNTAP_ONE_QUEUE TuntapFlag = syscall.IFF_ONE_QUEUE
+	TUNTAP_MODE_TUN             TuntapMode = unix.IFF_TUN
+	TUNTAP_MODE_TAP             TuntapMode = unix.IFF_TAP
+	TUNTAP_DEFAULTS             TuntapFlag = unix.IFF_TUN_EXCL | unix.IFF_ONE_QUEUE
+	TUNTAP_VNET_HDR             TuntapFlag = unix.IFF_VNET_HDR
+	TUNTAP_TUN_EXCL             TuntapFlag = unix.IFF_TUN_EXCL
+	TUNTAP_NO_PI                TuntapFlag = unix.IFF_NO_PI
+	TUNTAP_ONE_QUEUE            TuntapFlag = unix.IFF_ONE_QUEUE
+	TUNTAP_MULTI_QUEUE          TuntapFlag = unix.IFF_MULTI_QUEUE
+	TUNTAP_MULTI_QUEUE_DEFAULTS TuntapFlag = TUNTAP_MULTI_QUEUE | TUNTAP_NO_PI
+)
+
+const (
+	VF_LINK_STATE_AUTO    uint32 = 0
+	VF_LINK_STATE_ENABLE  uint32 = 1
+	VF_LINK_STATE_DISABLE uint32 = 2
 )
 
 var lookupByDump = false
@@ -61,15 +72,15 @@ func (h *Handle) ensureIndex(link *LinkAttrs) {
 func (h *Handle) LinkSetARPOff(link Link) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
-	msg.Change |= syscall.IFF_NOARP
-	msg.Flags |= syscall.IFF_NOARP
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change |= unix.IFF_NOARP
+	msg.Flags |= unix.IFF_NOARP
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -80,15 +91,15 @@ func LinkSetARPOff(link Link) error {
 func (h *Handle) LinkSetARPOn(link Link) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
-	msg.Change |= syscall.IFF_NOARP
-	msg.Flags &= ^uint32(syscall.IFF_NOARP)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change |= unix.IFF_NOARP
+	msg.Flags &= ^uint32(unix.IFF_NOARP)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -99,15 +110,130 @@ func LinkSetARPOn(link Link) error {
 func (h *Handle) SetPromiscOn(link Link) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change = unix.IFF_PROMISC
+	msg.Flags = unix.IFF_PROMISC
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+// LinkSetAllmulticastOn enables the reception of all hardware multicast packets for the link device.
+// Equivalent to: `ip link set $link allmulticast on`
+func LinkSetAllmulticastOn(link Link) error {
+	return pkgHandle.LinkSetAllmulticastOn(link)
+}
+
+// LinkSetAllmulticastOn enables the reception of all hardware multicast packets for the link device.
+// Equivalent to: `ip link set $link allmulticast on`
+func (h *Handle) LinkSetAllmulticastOn(link Link) error {
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
-	msg.Change = syscall.IFF_PROMISC
-	msg.Flags = syscall.IFF_PROMISC
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change = unix.IFF_ALLMULTI
+	msg.Flags = unix.IFF_ALLMULTI
+
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+// LinkSetAllmulticastOff disables the reception of all hardware multicast packets for the link device.
+// Equivalent to: `ip link set $link allmulticast off`
+func LinkSetAllmulticastOff(link Link) error {
+	return pkgHandle.LinkSetAllmulticastOff(link)
+}
+
+// LinkSetAllmulticastOff disables the reception of all hardware multicast packets for the link device.
+// Equivalent to: `ip link set $link allmulticast off`
+func (h *Handle) LinkSetAllmulticastOff(link Link) error {
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change = unix.IFF_ALLMULTI
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+func MacvlanMACAddrAdd(link Link, addr net.HardwareAddr) error {
+	return pkgHandle.MacvlanMACAddrAdd(link, addr)
+}
+
+func (h *Handle) MacvlanMACAddrAdd(link Link, addr net.HardwareAddr) error {
+	return h.macvlanMACAddrChange(link, []net.HardwareAddr{addr}, nl.MACVLAN_MACADDR_ADD)
+}
+
+func MacvlanMACAddrDel(link Link, addr net.HardwareAddr) error {
+	return pkgHandle.MacvlanMACAddrDel(link, addr)
+}
+
+func (h *Handle) MacvlanMACAddrDel(link Link, addr net.HardwareAddr) error {
+	return h.macvlanMACAddrChange(link, []net.HardwareAddr{addr}, nl.MACVLAN_MACADDR_DEL)
+}
+
+func MacvlanMACAddrFlush(link Link) error {
+	return pkgHandle.MacvlanMACAddrFlush(link)
+}
+
+func (h *Handle) MacvlanMACAddrFlush(link Link) error {
+	return h.macvlanMACAddrChange(link, nil, nl.MACVLAN_MACADDR_FLUSH)
+}
+
+func MacvlanMACAddrSet(link Link, addrs []net.HardwareAddr) error {
+	return pkgHandle.MacvlanMACAddrSet(link, addrs)
+}
+
+func (h *Handle) MacvlanMACAddrSet(link Link, addrs []net.HardwareAddr) error {
+	return h.macvlanMACAddrChange(link, addrs, nl.MACVLAN_MACADDR_SET)
+}
+
+func (h *Handle) macvlanMACAddrChange(link Link, addrs []net.HardwareAddr, mode uint32) error {
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	linkInfo := nl.NewRtAttr(unix.IFLA_LINKINFO, nil)
+	linkInfo.AddRtAttr(nl.IFLA_INFO_KIND, nl.NonZeroTerminated(link.Type()))
+	inner := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+
+	// IFLA_MACVLAN_MACADDR_MODE = mode
+	b := make([]byte, 4)
+	native.PutUint32(b, mode)
+	inner.AddRtAttr(nl.IFLA_MACVLAN_MACADDR_MODE, b)
+
+	// populate message with MAC addrs, if necessary
+	switch mode {
+	case nl.MACVLAN_MACADDR_ADD, nl.MACVLAN_MACADDR_DEL:
+		if len(addrs) == 1 {
+			inner.AddRtAttr(nl.IFLA_MACVLAN_MACADDR, []byte(addrs[0]))
+		}
+	case nl.MACVLAN_MACADDR_SET:
+		mad := inner.AddRtAttr(nl.IFLA_MACVLAN_MACADDR_DATA, nil)
+		for _, addr := range addrs {
+			mad.AddRtAttr(nl.IFLA_MACVLAN_MACADDR, []byte(addr))
+		}
+	}
+
+	req.AddData(linkInfo)
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -118,7 +244,7 @@ func BridgeSetMcastSnoop(link Link, on bool) error {
 func (h *Handle) BridgeSetMcastSnoop(link Link, on bool) error {
 	bridge := link.(*Bridge)
 	bridge.MulticastSnooping = &on
-	return h.linkModify(bridge, syscall.NLM_F_ACK)
+	return h.linkModify(bridge, unix.NLM_F_ACK)
 }
 
 func SetPromiscOn(link Link) error {
@@ -128,15 +254,14 @@ func SetPromiscOn(link Link) error {
 func (h *Handle) SetPromiscOff(link Link) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
-	msg.Change = syscall.IFF_PROMISC
-	msg.Flags = 0 & ^syscall.IFF_PROMISC
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change = unix.IFF_PROMISC
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -155,15 +280,15 @@ func LinkSetUp(link Link) error {
 func (h *Handle) LinkSetUp(link Link) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_NEWLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
-	msg.Change = syscall.IFF_UP
-	msg.Flags = syscall.IFF_UP
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change = unix.IFF_UP
+	msg.Flags = unix.IFF_UP
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -178,15 +303,14 @@ func LinkSetDown(link Link) error {
 func (h *Handle) LinkSetDown(link Link) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_NEWLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
-	msg.Change = syscall.IFF_UP
-	msg.Flags = 0 & ^syscall.IFF_UP
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change = unix.IFF_UP
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -201,19 +325,19 @@ func LinkSetMTU(link Link, mtu int) error {
 func (h *Handle) LinkSetMTU(link Link, mtu int) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
 	b := make([]byte, 4)
 	native.PutUint32(b, uint32(mtu))
 
-	data := nl.NewRtAttr(syscall.IFLA_MTU, b)
+	data := nl.NewRtAttr(unix.IFLA_MTU, b)
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -228,16 +352,16 @@ func LinkSetName(link Link, name string) error {
 func (h *Handle) LinkSetName(link Link, name string) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	data := nl.NewRtAttr(syscall.IFLA_IFNAME, []byte(name))
+	data := nl.NewRtAttr(unix.IFLA_IFNAME, []byte(name))
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -252,16 +376,16 @@ func LinkSetAlias(link Link, name string) error {
 func (h *Handle) LinkSetAlias(link Link, name string) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	data := nl.NewRtAttr(syscall.IFLA_IFALIAS, []byte(name))
+	data := nl.NewRtAttr(unix.IFLA_IFALIAS, []byte(name))
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -276,16 +400,16 @@ func LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error {
 func (h *Handle) LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	data := nl.NewRtAttr(syscall.IFLA_ADDRESS, []byte(hwaddr))
+	data := nl.NewRtAttr(unix.IFLA_ADDRESS, []byte(hwaddr))
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -300,22 +424,22 @@ func LinkSetVfHardwareAddr(link Link, vf int, hwaddr net.HardwareAddr) error {
 func (h *Handle) LinkSetVfHardwareAddr(link Link, vf int, hwaddr net.HardwareAddr) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	data := nl.NewRtAttr(nl.IFLA_VFINFO_LIST, nil)
-	info := nl.NewRtAttrChild(data, nl.IFLA_VF_INFO, nil)
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
+	info := data.AddRtAttr(nl.IFLA_VF_INFO, nil)
 	vfmsg := nl.VfMac{
 		Vf: uint32(vf),
 	}
 	copy(vfmsg.Mac[:], []byte(hwaddr))
-	nl.NewRtAttrChild(info, nl.IFLA_VF_MAC, vfmsg.Serialize())
+	info.AddRtAttr(nl.IFLA_VF_MAC, vfmsg.Serialize())
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -330,22 +454,53 @@ func LinkSetVfVlan(link Link, vf, vlan int) error {
 func (h *Handle) LinkSetVfVlan(link Link, vf, vlan int) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
+	info := data.AddRtAttr(nl.IFLA_VF_INFO, nil)
+	vfmsg := nl.VfVlan{
+		Vf:   uint32(vf),
+		Vlan: uint32(vlan),
+	}
+	info.AddRtAttr(nl.IFLA_VF_VLAN, vfmsg.Serialize())
+	req.AddData(data)
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+// LinkSetVfVlanQos sets the vlan and qos priority of a vf for the link.
+// Equivalent to: `ip link set $link vf $vf vlan $vlan qos $qos`
+func LinkSetVfVlanQos(link Link, vf, vlan, qos int) error {
+	return pkgHandle.LinkSetVfVlanQos(link, vf, vlan, qos)
+}
+
+// LinkSetVfVlanQos sets the vlan and qos priority of a vf for the link.
+// Equivalent to: `ip link set $link vf $vf vlan $vlan qos $qos`
+func (h *Handle) LinkSetVfVlanQos(link Link, vf, vlan, qos int) error {
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	data := nl.NewRtAttr(nl.IFLA_VFINFO_LIST, nil)
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
 	info := nl.NewRtAttrChild(data, nl.IFLA_VF_INFO, nil)
 	vfmsg := nl.VfVlan{
 		Vf:   uint32(vf),
 		Vlan: uint32(vlan),
+		Qos:  uint32(qos),
 	}
 	nl.NewRtAttrChild(info, nl.IFLA_VF_VLAN, vfmsg.Serialize())
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -360,22 +515,83 @@ func LinkSetVfTxRate(link Link, vf, rate int) error {
 func (h *Handle) LinkSetVfTxRate(link Link, vf, rate int) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	data := nl.NewRtAttr(nl.IFLA_VFINFO_LIST, nil)
-	info := nl.NewRtAttrChild(data, nl.IFLA_VF_INFO, nil)
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
+	info := data.AddRtAttr(nl.IFLA_VF_INFO, nil)
 	vfmsg := nl.VfTxRate{
 		Vf:   uint32(vf),
 		Rate: uint32(rate),
 	}
-	nl.NewRtAttrChild(info, nl.IFLA_VF_TX_RATE, vfmsg.Serialize())
+	info.AddRtAttr(nl.IFLA_VF_TX_RATE, vfmsg.Serialize())
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+// LinkSetVfRate sets the min and max tx rate of a vf for the link.
+// Equivalent to: `ip link set $link vf $vf min_tx_rate $min_rate max_tx_rate $max_rate`
+func LinkSetVfRate(link Link, vf, minRate, maxRate int) error {
+	return pkgHandle.LinkSetVfRate(link, vf, minRate, maxRate)
+}
+
+// LinkSetVfRate sets the min and max tx rate of a vf for the link.
+// Equivalent to: `ip link set $link vf $vf min_tx_rate $min_rate max_tx_rate $max_rate`
+func (h *Handle) LinkSetVfRate(link Link, vf, minRate, maxRate int) error {
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
+	info := data.AddRtAttr(nl.IFLA_VF_INFO, nil)
+	vfmsg := nl.VfRate{
+		Vf:        uint32(vf),
+		MinTxRate: uint32(minRate),
+		MaxTxRate: uint32(maxRate),
+	}
+	info.AddRtAttr(nl.IFLA_VF_RATE, vfmsg.Serialize())
+	req.AddData(data)
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+// LinkSetVfState enables/disables virtual link state on a vf.
+// Equivalent to: `ip link set $link vf $vf state $state`
+func LinkSetVfState(link Link, vf int, state uint32) error {
+	return pkgHandle.LinkSetVfState(link, vf, state)
+}
+
+// LinkSetVfState enables/disables virtual link state on a vf.
+// Equivalent to: `ip link set $link vf $vf state $state`
+func (h *Handle) LinkSetVfState(link Link, vf int, state uint32) error {
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
+	info := data.AddRtAttr(nl.IFLA_VF_INFO, nil)
+	vfmsg := nl.VfLinkState{
+		Vf:        uint32(vf),
+		LinkState: state,
+	}
+	info.AddRtAttr(nl.IFLA_VF_LINK_STATE, vfmsg.Serialize())
+	req.AddData(data)
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -385,20 +601,20 @@ func LinkSetVfSpoofchk(link Link, vf int, check bool) error {
 	return pkgHandle.LinkSetVfSpoofchk(link, vf, check)
 }
 
-// LinkSetVfSpookfchk enables/disables spoof check on a vf for the link.
+// LinkSetVfSpoofchk enables/disables spoof check on a vf for the link.
 // Equivalent to: `ip link set $link vf $vf spoofchk $check`
 func (h *Handle) LinkSetVfSpoofchk(link Link, vf int, check bool) error {
 	var setting uint32
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	data := nl.NewRtAttr(nl.IFLA_VFINFO_LIST, nil)
-	info := nl.NewRtAttrChild(data, nl.IFLA_VF_INFO, nil)
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
+	info := data.AddRtAttr(nl.IFLA_VF_INFO, nil)
 	if check {
 		setting = 1
 	}
@@ -406,10 +622,10 @@ func (h *Handle) LinkSetVfSpoofchk(link Link, vf int, check bool) error {
 		Vf:      uint32(vf),
 		Setting: setting,
 	}
-	nl.NewRtAttrChild(info, nl.IFLA_VF_SPOOFCHK, vfmsg.Serialize())
+	info.AddRtAttr(nl.IFLA_VF_SPOOFCHK, vfmsg.Serialize())
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -425,14 +641,14 @@ func (h *Handle) LinkSetVfTrust(link Link, vf int, state bool) error {
 	var setting uint32
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	data := nl.NewRtAttr(nl.IFLA_VFINFO_LIST, nil)
-	info := nl.NewRtAttrChild(data, nl.IFLA_VF_INFO, nil)
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
+	info := data.AddRtAttr(nl.IFLA_VF_INFO, nil)
 	if state {
 		setting = 1
 	}
@@ -440,22 +656,66 @@ func (h *Handle) LinkSetVfTrust(link Link, vf int, state bool) error {
 		Vf:      uint32(vf),
 		Setting: setting,
 	}
-	nl.NewRtAttrChild(info, nl.IFLA_VF_TRUST, vfmsg.Serialize())
+	info.AddRtAttr(nl.IFLA_VF_TRUST, vfmsg.Serialize())
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+// LinkSetVfNodeGUID sets the node GUID of a vf for the link.
+// Equivalent to: `ip link set dev $link vf $vf node_guid $nodeguid`
+func LinkSetVfNodeGUID(link Link, vf int, nodeguid net.HardwareAddr) error {
+	return pkgHandle.LinkSetVfGUID(link, vf, nodeguid, nl.IFLA_VF_IB_NODE_GUID)
+}
+
+// LinkSetVfPortGUID sets the port GUID of a vf for the link.
+// Equivalent to: `ip link set dev $link vf $vf port_guid $portguid`
+func LinkSetVfPortGUID(link Link, vf int, portguid net.HardwareAddr) error {
+	return pkgHandle.LinkSetVfGUID(link, vf, portguid, nl.IFLA_VF_IB_PORT_GUID)
+}
+
+// LinkSetVfGUID sets the node or port GUID of a vf for the link.
+func (h *Handle) LinkSetVfGUID(link Link, vf int, vfGuid net.HardwareAddr, guidType int) error {
+	var err error
+	var guid uint64
+
+	buf := bytes.NewBuffer(vfGuid)
+	err = binary.Read(buf, binary.BigEndian, &guid)
+	if err != nil {
+		return err
+	}
+
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	data := nl.NewRtAttr(unix.IFLA_VFINFO_LIST, nil)
+	info := data.AddRtAttr(nl.IFLA_VF_INFO, nil)
+	vfmsg := nl.VfGUID{
+		Vf:   uint32(vf),
+		GUID: guid,
+	}
+	info.AddRtAttr(guidType, vfmsg.Serialize())
+	req.AddData(data)
+
+	_, err = req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
 // LinkSetMaster sets the master of the link device.
 // Equivalent to: `ip link set $link master $master`
-func LinkSetMaster(link Link, master *Bridge) error {
+func LinkSetMaster(link Link, master Link) error {
 	return pkgHandle.LinkSetMaster(link, master)
 }
 
 // LinkSetMaster sets the master of the link device.
 // Equivalent to: `ip link set $link master $master`
-func (h *Handle) LinkSetMaster(link Link, master *Bridge) error {
+func (h *Handle) LinkSetMaster(link Link, master Link) error {
 	index := 0
 	if master != nil {
 		masterBase := master.Attrs()
@@ -491,19 +751,19 @@ func LinkSetMasterByIndex(link Link, masterIndex int) error {
 func (h *Handle) LinkSetMasterByIndex(link Link, masterIndex int) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
 	b := make([]byte, 4)
 	native.PutUint32(b, uint32(masterIndex))
 
-	data := nl.NewRtAttr(syscall.IFLA_MASTER, b)
+	data := nl.NewRtAttr(unix.IFLA_MASTER, b)
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -520,19 +780,19 @@ func LinkSetNsPid(link Link, nspid int) error {
 func (h *Handle) LinkSetNsPid(link Link, nspid int) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
 	b := make([]byte, 4)
 	native.PutUint32(b, uint32(nspid))
 
-	data := nl.NewRtAttr(syscall.IFLA_NET_NS_PID, b)
+	data := nl.NewRtAttr(unix.IFLA_NET_NS_PID, b)
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -549,19 +809,19 @@ func LinkSetNsFd(link Link, fd int) error {
 func (h *Handle) LinkSetNsFd(link Link, fd int) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
 	b := make([]byte, 4)
 	native.PutUint32(b, uint32(fd))
 
-	data := nl.NewRtAttr(nl.IFLA_NET_NS_FD, b)
+	data := nl.NewRtAttr(unix.IFLA_NET_NS_FD, b)
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -576,15 +836,15 @@ func LinkSetXdpFd(link Link, fd int) error {
 func LinkSetXdpFdWithFlags(link Link, fd, flags int) error {
 	base := link.Attrs()
 	ensureIndex(base)
-	req := nl.NewNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := nl.NewNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
 	addXdpAttrs(&LinkXdp{Fd: fd, Flags: uint32(flags)}, req)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -601,67 +861,69 @@ type vxlanPortRange struct {
 }
 
 func addVxlanAttrs(vxlan *Vxlan, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
 
 	if vxlan.FlowBased {
 		vxlan.VxlanId = 0
 	}
 
-	nl.NewRtAttrChild(data, nl.IFLA_VXLAN_ID, nl.Uint32Attr(uint32(vxlan.VxlanId)))
+	data.AddRtAttr(nl.IFLA_VXLAN_ID, nl.Uint32Attr(uint32(vxlan.VxlanId)))
 
 	if vxlan.VtepDevIndex != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_LINK, nl.Uint32Attr(uint32(vxlan.VtepDevIndex)))
+		data.AddRtAttr(nl.IFLA_VXLAN_LINK, nl.Uint32Attr(uint32(vxlan.VtepDevIndex)))
 	}
 	if vxlan.SrcAddr != nil {
 		ip := vxlan.SrcAddr.To4()
 		if ip != nil {
-			nl.NewRtAttrChild(data, nl.IFLA_VXLAN_LOCAL, []byte(ip))
+			data.AddRtAttr(nl.IFLA_VXLAN_LOCAL, []byte(ip))
 		} else {
 			ip = vxlan.SrcAddr.To16()
 			if ip != nil {
-				nl.NewRtAttrChild(data, nl.IFLA_VXLAN_LOCAL6, []byte(ip))
+				data.AddRtAttr(nl.IFLA_VXLAN_LOCAL6, []byte(ip))
 			}
 		}
 	}
 	if vxlan.Group != nil {
 		group := vxlan.Group.To4()
 		if group != nil {
-			nl.NewRtAttrChild(data, nl.IFLA_VXLAN_GROUP, []byte(group))
+			data.AddRtAttr(nl.IFLA_VXLAN_GROUP, []byte(group))
 		} else {
 			group = vxlan.Group.To16()
 			if group != nil {
-				nl.NewRtAttrChild(data, nl.IFLA_VXLAN_GROUP6, []byte(group))
+				data.AddRtAttr(nl.IFLA_VXLAN_GROUP6, []byte(group))
 			}
 		}
 	}
 
-	nl.NewRtAttrChild(data, nl.IFLA_VXLAN_TTL, nl.Uint8Attr(uint8(vxlan.TTL)))
-	nl.NewRtAttrChild(data, nl.IFLA_VXLAN_TOS, nl.Uint8Attr(uint8(vxlan.TOS)))
-	nl.NewRtAttrChild(data, nl.IFLA_VXLAN_LEARNING, boolAttr(vxlan.Learning))
-	nl.NewRtAttrChild(data, nl.IFLA_VXLAN_PROXY, boolAttr(vxlan.Proxy))
-	nl.NewRtAttrChild(data, nl.IFLA_VXLAN_RSC, boolAttr(vxlan.RSC))
-	nl.NewRtAttrChild(data, nl.IFLA_VXLAN_L2MISS, boolAttr(vxlan.L2miss))
-	nl.NewRtAttrChild(data, nl.IFLA_VXLAN_L3MISS, boolAttr(vxlan.L3miss))
+	data.AddRtAttr(nl.IFLA_VXLAN_TTL, nl.Uint8Attr(uint8(vxlan.TTL)))
+	data.AddRtAttr(nl.IFLA_VXLAN_TOS, nl.Uint8Attr(uint8(vxlan.TOS)))
+	data.AddRtAttr(nl.IFLA_VXLAN_LEARNING, boolAttr(vxlan.Learning))
+	data.AddRtAttr(nl.IFLA_VXLAN_PROXY, boolAttr(vxlan.Proxy))
+	data.AddRtAttr(nl.IFLA_VXLAN_RSC, boolAttr(vxlan.RSC))
+	data.AddRtAttr(nl.IFLA_VXLAN_L2MISS, boolAttr(vxlan.L2miss))
+	data.AddRtAttr(nl.IFLA_VXLAN_L3MISS, boolAttr(vxlan.L3miss))
+	data.AddRtAttr(nl.IFLA_VXLAN_UDP_ZERO_CSUM6_TX, boolAttr(vxlan.UDP6ZeroCSumTx))
+	data.AddRtAttr(nl.IFLA_VXLAN_UDP_ZERO_CSUM6_RX, boolAttr(vxlan.UDP6ZeroCSumRx))
 
 	if vxlan.UDPCSum {
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_UDP_CSUM, boolAttr(vxlan.UDPCSum))
+		data.AddRtAttr(nl.IFLA_VXLAN_UDP_CSUM, boolAttr(vxlan.UDPCSum))
 	}
 	if vxlan.GBP {
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_GBP, []byte{})
+		data.AddRtAttr(nl.IFLA_VXLAN_GBP, []byte{})
 	}
 	if vxlan.FlowBased {
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_FLOWBASED, boolAttr(vxlan.FlowBased))
+		data.AddRtAttr(nl.IFLA_VXLAN_FLOWBASED, boolAttr(vxlan.FlowBased))
 	}
 	if vxlan.NoAge {
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_AGEING, nl.Uint32Attr(0))
+		data.AddRtAttr(nl.IFLA_VXLAN_AGEING, nl.Uint32Attr(0))
 	} else if vxlan.Age > 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_AGEING, nl.Uint32Attr(uint32(vxlan.Age)))
+		data.AddRtAttr(nl.IFLA_VXLAN_AGEING, nl.Uint32Attr(uint32(vxlan.Age)))
 	}
 	if vxlan.Limit > 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_LIMIT, nl.Uint32Attr(uint32(vxlan.Limit)))
+		data.AddRtAttr(nl.IFLA_VXLAN_LIMIT, nl.Uint32Attr(uint32(vxlan.Limit)))
 	}
 	if vxlan.Port > 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_PORT, htons(uint16(vxlan.Port)))
+		data.AddRtAttr(nl.IFLA_VXLAN_PORT, htons(uint16(vxlan.Port)))
 	}
 	if vxlan.PortLow > 0 || vxlan.PortHigh > 0 {
 		pr := vxlanPortRange{uint16(vxlan.PortLow), uint16(vxlan.PortHigh)}
@@ -669,100 +931,106 @@ func addVxlanAttrs(vxlan *Vxlan, linkInfo *nl.RtAttr) {
 		buf := new(bytes.Buffer)
 		binary.Write(buf, binary.BigEndian, &pr)
 
-		nl.NewRtAttrChild(data, nl.IFLA_VXLAN_PORT_RANGE, buf.Bytes())
+		data.AddRtAttr(nl.IFLA_VXLAN_PORT_RANGE, buf.Bytes())
 	}
 }
 
 func addBondAttrs(bond *Bond, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
 	if bond.Mode >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_MODE, nl.Uint8Attr(uint8(bond.Mode)))
+		data.AddRtAttr(nl.IFLA_BOND_MODE, nl.Uint8Attr(uint8(bond.Mode)))
 	}
 	if bond.ActiveSlave >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_ACTIVE_SLAVE, nl.Uint32Attr(uint32(bond.ActiveSlave)))
+		data.AddRtAttr(nl.IFLA_BOND_ACTIVE_SLAVE, nl.Uint32Attr(uint32(bond.ActiveSlave)))
 	}
 	if bond.Miimon >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_MIIMON, nl.Uint32Attr(uint32(bond.Miimon)))
+		data.AddRtAttr(nl.IFLA_BOND_MIIMON, nl.Uint32Attr(uint32(bond.Miimon)))
 	}
 	if bond.UpDelay >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_UPDELAY, nl.Uint32Attr(uint32(bond.UpDelay)))
+		data.AddRtAttr(nl.IFLA_BOND_UPDELAY, nl.Uint32Attr(uint32(bond.UpDelay)))
 	}
 	if bond.DownDelay >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_DOWNDELAY, nl.Uint32Attr(uint32(bond.DownDelay)))
+		data.AddRtAttr(nl.IFLA_BOND_DOWNDELAY, nl.Uint32Attr(uint32(bond.DownDelay)))
 	}
 	if bond.UseCarrier >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_USE_CARRIER, nl.Uint8Attr(uint8(bond.UseCarrier)))
+		data.AddRtAttr(nl.IFLA_BOND_USE_CARRIER, nl.Uint8Attr(uint8(bond.UseCarrier)))
 	}
 	if bond.ArpInterval >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_ARP_INTERVAL, nl.Uint32Attr(uint32(bond.ArpInterval)))
+		data.AddRtAttr(nl.IFLA_BOND_ARP_INTERVAL, nl.Uint32Attr(uint32(bond.ArpInterval)))
 	}
 	if bond.ArpIpTargets != nil {
-		msg := nl.NewRtAttrChild(data, nl.IFLA_BOND_ARP_IP_TARGET, nil)
+		msg := data.AddRtAttr(nl.IFLA_BOND_ARP_IP_TARGET, nil)
 		for i := range bond.ArpIpTargets {
 			ip := bond.ArpIpTargets[i].To4()
 			if ip != nil {
-				nl.NewRtAttrChild(msg, i, []byte(ip))
+				msg.AddRtAttr(i, []byte(ip))
 				continue
 			}
 			ip = bond.ArpIpTargets[i].To16()
 			if ip != nil {
-				nl.NewRtAttrChild(msg, i, []byte(ip))
+				msg.AddRtAttr(i, []byte(ip))
 			}
 		}
 	}
 	if bond.ArpValidate >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_ARP_VALIDATE, nl.Uint32Attr(uint32(bond.ArpValidate)))
+		data.AddRtAttr(nl.IFLA_BOND_ARP_VALIDATE, nl.Uint32Attr(uint32(bond.ArpValidate)))
 	}
 	if bond.ArpAllTargets >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_ARP_ALL_TARGETS, nl.Uint32Attr(uint32(bond.ArpAllTargets)))
+		data.AddRtAttr(nl.IFLA_BOND_ARP_ALL_TARGETS, nl.Uint32Attr(uint32(bond.ArpAllTargets)))
 	}
 	if bond.Primary >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_PRIMARY, nl.Uint32Attr(uint32(bond.Primary)))
+		data.AddRtAttr(nl.IFLA_BOND_PRIMARY, nl.Uint32Attr(uint32(bond.Primary)))
 	}
 	if bond.PrimaryReselect >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_PRIMARY_RESELECT, nl.Uint8Attr(uint8(bond.PrimaryReselect)))
+		data.AddRtAttr(nl.IFLA_BOND_PRIMARY_RESELECT, nl.Uint8Attr(uint8(bond.PrimaryReselect)))
 	}
 	if bond.FailOverMac >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_FAIL_OVER_MAC, nl.Uint8Attr(uint8(bond.FailOverMac)))
+		data.AddRtAttr(nl.IFLA_BOND_FAIL_OVER_MAC, nl.Uint8Attr(uint8(bond.FailOverMac)))
 	}
 	if bond.XmitHashPolicy >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_XMIT_HASH_POLICY, nl.Uint8Attr(uint8(bond.XmitHashPolicy)))
+		data.AddRtAttr(nl.IFLA_BOND_XMIT_HASH_POLICY, nl.Uint8Attr(uint8(bond.XmitHashPolicy)))
 	}
 	if bond.ResendIgmp >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_RESEND_IGMP, nl.Uint32Attr(uint32(bond.ResendIgmp)))
+		data.AddRtAttr(nl.IFLA_BOND_RESEND_IGMP, nl.Uint32Attr(uint32(bond.ResendIgmp)))
 	}
 	if bond.NumPeerNotif >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_NUM_PEER_NOTIF, nl.Uint8Attr(uint8(bond.NumPeerNotif)))
+		data.AddRtAttr(nl.IFLA_BOND_NUM_PEER_NOTIF, nl.Uint8Attr(uint8(bond.NumPeerNotif)))
 	}
 	if bond.AllSlavesActive >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_ALL_SLAVES_ACTIVE, nl.Uint8Attr(uint8(bond.AllSlavesActive)))
+		data.AddRtAttr(nl.IFLA_BOND_ALL_SLAVES_ACTIVE, nl.Uint8Attr(uint8(bond.AllSlavesActive)))
 	}
 	if bond.MinLinks >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_MIN_LINKS, nl.Uint32Attr(uint32(bond.MinLinks)))
+		data.AddRtAttr(nl.IFLA_BOND_MIN_LINKS, nl.Uint32Attr(uint32(bond.MinLinks)))
 	}
 	if bond.LpInterval >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_LP_INTERVAL, nl.Uint32Attr(uint32(bond.LpInterval)))
+		data.AddRtAttr(nl.IFLA_BOND_LP_INTERVAL, nl.Uint32Attr(uint32(bond.LpInterval)))
 	}
 	if bond.PackersPerSlave >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_PACKETS_PER_SLAVE, nl.Uint32Attr(uint32(bond.PackersPerSlave)))
+		data.AddRtAttr(nl.IFLA_BOND_PACKETS_PER_SLAVE, nl.Uint32Attr(uint32(bond.PackersPerSlave)))
 	}
 	if bond.LacpRate >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_LACP_RATE, nl.Uint8Attr(uint8(bond.LacpRate)))
+		data.AddRtAttr(nl.IFLA_BOND_AD_LACP_RATE, nl.Uint8Attr(uint8(bond.LacpRate)))
 	}
 	if bond.AdSelect >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_SELECT, nl.Uint8Attr(uint8(bond.AdSelect)))
+		data.AddRtAttr(nl.IFLA_BOND_AD_SELECT, nl.Uint8Attr(uint8(bond.AdSelect)))
 	}
 	if bond.AdActorSysPrio >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_ACTOR_SYS_PRIO, nl.Uint16Attr(uint16(bond.AdActorSysPrio)))
+		data.AddRtAttr(nl.IFLA_BOND_AD_ACTOR_SYS_PRIO, nl.Uint16Attr(uint16(bond.AdActorSysPrio)))
 	}
 	if bond.AdUserPortKey >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_USER_PORT_KEY, nl.Uint16Attr(uint16(bond.AdUserPortKey)))
+		data.AddRtAttr(nl.IFLA_BOND_AD_USER_PORT_KEY, nl.Uint16Attr(uint16(bond.AdUserPortKey)))
 	}
 	if bond.AdActorSystem != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_ACTOR_SYSTEM, []byte(bond.AdActorSystem))
+		data.AddRtAttr(nl.IFLA_BOND_AD_ACTOR_SYSTEM, []byte(bond.AdActorSystem))
 	}
 	if bond.TlbDynamicLb >= 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_BOND_TLB_DYNAMIC_LB, nl.Uint8Attr(uint8(bond.TlbDynamicLb)))
+		data.AddRtAttr(nl.IFLA_BOND_TLB_DYNAMIC_LB, nl.Uint8Attr(uint8(bond.TlbDynamicLb)))
+	}
+}
+
+func cleanupFds(fds []*os.File) {
+	for _, f := range fds {
+		f.Close()
 	}
 }
 
@@ -774,121 +1042,206 @@ func LinkAdd(link Link) error {
 }
 
 // LinkAdd adds a new link device. The type and features of the device
-// are taken fromt the parameters in the link object.
+// are taken from the parameters in the link object.
 // Equivalent to: `ip link add $link`
 func (h *Handle) LinkAdd(link Link) error {
-	return h.linkModify(link, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	return h.linkModify(link, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
 }
 
 func (h *Handle) linkModify(link Link, flags int) error {
 	// TODO: support extra data for macvlan
 	base := link.Attrs()
 
-	if base.Name == "" {
-		return fmt.Errorf("LinkAttrs.Name cannot be empty!")
+	// if tuntap, then the name can be empty, OS will provide a name
+	tuntap, isTuntap := link.(*Tuntap)
+
+	if base.Name == "" && !isTuntap {
+		return fmt.Errorf("LinkAttrs.Name cannot be empty")
 	}
 
-	if tuntap, ok := link.(*Tuntap); ok {
+	if isTuntap {
 		// TODO: support user
 		// TODO: support group
-		// TODO: multi_queue
-		// TODO: support non- persistent
-		if tuntap.Mode < syscall.IFF_TUN || tuntap.Mode > syscall.IFF_TAP {
-			return fmt.Errorf("Tuntap.Mode %v unknown!", tuntap.Mode)
+		if tuntap.Mode < unix.IFF_TUN || tuntap.Mode > unix.IFF_TAP {
+			return fmt.Errorf("Tuntap.Mode %v unknown", tuntap.Mode)
 		}
-		file, err := os.OpenFile("/dev/net/tun", os.O_RDWR, 0)
-		if err != nil {
-			return err
-		}
-		defer file.Close()
+
+		queues := tuntap.Queues
+
+		var fds []*os.File
 		var req ifReq
-		if tuntap.Flags == 0 {
-			req.Flags = uint16(TUNTAP_DEFAULTS)
+		copy(req.Name[:15], base.Name)
+
+		req.Flags = uint16(tuntap.Flags)
+
+		if queues == 0 { //Legacy compatibility
+			queues = 1
+			if tuntap.Flags == 0 {
+				req.Flags = uint16(TUNTAP_DEFAULTS)
+			}
 		} else {
-			req.Flags = uint16(tuntap.Flags)
+			// For best peformance set Flags to TUNTAP_MULTI_QUEUE_DEFAULTS | TUNTAP_VNET_HDR
+			// when a) KVM has support for this ABI and
+			//      b) the value of the flag is queryable using the TUNGETIFF ioctl
+			if tuntap.Flags == 0 {
+				req.Flags = uint16(TUNTAP_MULTI_QUEUE_DEFAULTS)
+			}
 		}
+
 		req.Flags |= uint16(tuntap.Mode)
-		copy(req.Name[:15], base.Name)
-		_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TUNSETIFF), uintptr(unsafe.Pointer(&req)))
-		if errno != 0 {
-			return fmt.Errorf("Tuntap IOCTL TUNSETIFF failed, errno %v", errno)
+
+		for i := 0; i < queues; i++ {
+			localReq := req
+			file, err := os.OpenFile("/dev/net/tun", os.O_RDWR, 0)
+			if err != nil {
+				cleanupFds(fds)
+				return err
+			}
+
+			fds = append(fds, file)
+			_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), uintptr(unix.TUNSETIFF), uintptr(unsafe.Pointer(&localReq)))
+			if errno != 0 {
+				cleanupFds(fds)
+				return fmt.Errorf("Tuntap IOCTL TUNSETIFF failed [%d], errno %v", i, errno)
+			}
+			// 1) we only care for the name of the first tap in the multi queue set
+			// 2) if the original name was empty, the localReq has now the actual name
+			//
+			// In addition:
+			// This ensures that the link name is always identical to what the kernel returns.
+			// Not only in case of an empty name, but also when using name templates.
+			// e.g. when the provided name is "tap%d", the kernel replaces %d with the next available number.
+			if i == 0 {
+				link.Attrs().Name = strings.Trim(string(localReq.Name[:]), "\x00")
+			}
 		}
-		_, _, errno = syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TUNSETPERSIST), 1)
-		if errno != 0 {
-			return fmt.Errorf("Tuntap IOCTL TUNSETPERSIST failed, errno %v", errno)
+
+		// only persist interface if NonPersist is NOT set
+		if !tuntap.NonPersist {
+			_, _, errno := unix.Syscall(unix.SYS_IOCTL, fds[0].Fd(), uintptr(unix.TUNSETPERSIST), 1)
+			if errno != 0 {
+				cleanupFds(fds)
+				return fmt.Errorf("Tuntap IOCTL TUNSETPERSIST failed, errno %v", errno)
+			}
 		}
+
 		h.ensureIndex(base)
 
 		// can't set master during create, so set it afterwards
 		if base.MasterIndex != 0 {
 			// TODO: verify MasterIndex is actually a bridge?
-			return h.LinkSetMasterByIndex(link, base.MasterIndex)
+			err := h.LinkSetMasterByIndex(link, base.MasterIndex)
+			if err != nil {
+				// un-persist (e.g. allow the interface to be removed) the tuntap
+				// should not hurt if not set prior, condition might be not needed
+				if !tuntap.NonPersist {
+					_, _, _ = unix.Syscall(unix.SYS_IOCTL, fds[0].Fd(), uintptr(unix.TUNSETPERSIST), 0)
+				}
+				cleanupFds(fds)
+				return err
+			}
+		}
+
+		if tuntap.Queues == 0 {
+			cleanupFds(fds)
+		} else {
+			tuntap.Fds = fds
 		}
+
 		return nil
 	}
 
-	req := h.newNetlinkRequest(syscall.RTM_NEWLINK, flags)
+	req := h.newNetlinkRequest(unix.RTM_NEWLINK, flags)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	// TODO: make it shorter
 	if base.Flags&net.FlagUp != 0 {
-		msg.Change = syscall.IFF_UP
-		msg.Flags = syscall.IFF_UP
+		msg.Change = unix.IFF_UP
+		msg.Flags = unix.IFF_UP
 	}
 	if base.Flags&net.FlagBroadcast != 0 {
-		msg.Change |= syscall.IFF_BROADCAST
-		msg.Flags |= syscall.IFF_BROADCAST
+		msg.Change |= unix.IFF_BROADCAST
+		msg.Flags |= unix.IFF_BROADCAST
 	}
 	if base.Flags&net.FlagLoopback != 0 {
-		msg.Change |= syscall.IFF_LOOPBACK
-		msg.Flags |= syscall.IFF_LOOPBACK
+		msg.Change |= unix.IFF_LOOPBACK
+		msg.Flags |= unix.IFF_LOOPBACK
 	}
 	if base.Flags&net.FlagPointToPoint != 0 {
-		msg.Change |= syscall.IFF_POINTOPOINT
-		msg.Flags |= syscall.IFF_POINTOPOINT
+		msg.Change |= unix.IFF_POINTOPOINT
+		msg.Flags |= unix.IFF_POINTOPOINT
 	}
 	if base.Flags&net.FlagMulticast != 0 {
-		msg.Change |= syscall.IFF_MULTICAST
-		msg.Flags |= syscall.IFF_MULTICAST
+		msg.Change |= unix.IFF_MULTICAST
+		msg.Flags |= unix.IFF_MULTICAST
+	}
+	if base.Index != 0 {
+		msg.Index = int32(base.Index)
 	}
+
 	req.AddData(msg)
 
 	if base.ParentIndex != 0 {
 		b := make([]byte, 4)
 		native.PutUint32(b, uint32(base.ParentIndex))
-		data := nl.NewRtAttr(syscall.IFLA_LINK, b)
+		data := nl.NewRtAttr(unix.IFLA_LINK, b)
 		req.AddData(data)
-	} else if link.Type() == "ipvlan" {
-		return fmt.Errorf("Can't create ipvlan link without ParentIndex")
+	} else if link.Type() == "ipvlan" || link.Type() == "ipoib" {
+		return fmt.Errorf("Can't create %s link without ParentIndex", link.Type())
 	}
 
-	nameData := nl.NewRtAttr(syscall.IFLA_IFNAME, nl.ZeroTerminated(base.Name))
+	nameData := nl.NewRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(base.Name))
 	req.AddData(nameData)
 
 	if base.MTU > 0 {
-		mtu := nl.NewRtAttr(syscall.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
+		mtu := nl.NewRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
 		req.AddData(mtu)
 	}
 
 	if base.TxQLen >= 0 {
-		qlen := nl.NewRtAttr(syscall.IFLA_TXQLEN, nl.Uint32Attr(uint32(base.TxQLen)))
+		qlen := nl.NewRtAttr(unix.IFLA_TXQLEN, nl.Uint32Attr(uint32(base.TxQLen)))
 		req.AddData(qlen)
 	}
 
 	if base.HardwareAddr != nil {
-		hwaddr := nl.NewRtAttr(syscall.IFLA_ADDRESS, []byte(base.HardwareAddr))
+		hwaddr := nl.NewRtAttr(unix.IFLA_ADDRESS, []byte(base.HardwareAddr))
 		req.AddData(hwaddr)
 	}
 
+	if base.NumTxQueues > 0 {
+		txqueues := nl.NewRtAttr(unix.IFLA_NUM_TX_QUEUES, nl.Uint32Attr(uint32(base.NumTxQueues)))
+		req.AddData(txqueues)
+	}
+
+	if base.NumRxQueues > 0 {
+		rxqueues := nl.NewRtAttr(unix.IFLA_NUM_RX_QUEUES, nl.Uint32Attr(uint32(base.NumRxQueues)))
+		req.AddData(rxqueues)
+	}
+
+	if base.GSOMaxSegs > 0 {
+		gsoAttr := nl.NewRtAttr(unix.IFLA_GSO_MAX_SEGS, nl.Uint32Attr(base.GSOMaxSegs))
+		req.AddData(gsoAttr)
+	}
+
+	if base.GSOMaxSize > 0 {
+		gsoAttr := nl.NewRtAttr(unix.IFLA_GSO_MAX_SIZE, nl.Uint32Attr(base.GSOMaxSize))
+		req.AddData(gsoAttr)
+	}
+
+	if base.Group > 0 {
+		groupAttr := nl.NewRtAttr(unix.IFLA_GROUP, nl.Uint32Attr(base.Group))
+		req.AddData(groupAttr)
+	}
+
 	if base.Namespace != nil {
 		var attr *nl.RtAttr
-		switch base.Namespace.(type) {
+		switch ns := base.Namespace.(type) {
 		case NsPid:
-			val := nl.Uint32Attr(uint32(base.Namespace.(NsPid)))
-			attr = nl.NewRtAttr(syscall.IFLA_NET_NS_PID, val)
+			val := nl.Uint32Attr(uint32(ns))
+			attr = nl.NewRtAttr(unix.IFLA_NET_NS_PID, val)
 		case NsFd:
-			val := nl.Uint32Attr(uint32(base.Namespace.(NsFd)))
-			attr = nl.NewRtAttr(nl.IFLA_NET_NS_FD, val)
+			val := nl.Uint32Attr(uint32(ns))
+			attr = nl.NewRtAttr(unix.IFLA_NET_NS_FD, val)
 		}
 
 		req.AddData(attr)
@@ -898,48 +1251,59 @@ func (h *Handle) linkModify(link Link, flags int) error {
 		addXdpAttrs(base.Xdp, req)
 	}
 
-	linkInfo := nl.NewRtAttr(syscall.IFLA_LINKINFO, nil)
-	nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_KIND, nl.NonZeroTerminated(link.Type()))
+	linkInfo := nl.NewRtAttr(unix.IFLA_LINKINFO, nil)
+	linkInfo.AddRtAttr(nl.IFLA_INFO_KIND, nl.NonZeroTerminated(link.Type()))
 
 	switch link := link.(type) {
 	case *Vlan:
 		b := make([]byte, 2)
 		native.PutUint16(b, uint16(link.VlanId))
-		data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
-		nl.NewRtAttrChild(data, nl.IFLA_VLAN_ID, b)
+		data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+		data.AddRtAttr(nl.IFLA_VLAN_ID, b)
+
+		if link.VlanProtocol != VLAN_PROTOCOL_UNKNOWN {
+			data.AddRtAttr(nl.IFLA_VLAN_PROTOCOL, htons(uint16(link.VlanProtocol)))
+		}
 	case *Veth:
-		data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
-		peer := nl.NewRtAttrChild(data, nl.VETH_INFO_PEER, nil)
-		nl.NewIfInfomsgChild(peer, syscall.AF_UNSPEC)
-		nl.NewRtAttrChild(peer, syscall.IFLA_IFNAME, nl.ZeroTerminated(link.PeerName))
+		data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+		peer := data.AddRtAttr(nl.VETH_INFO_PEER, nil)
+		nl.NewIfInfomsgChild(peer, unix.AF_UNSPEC)
+		peer.AddRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(link.PeerName))
 		if base.TxQLen >= 0 {
-			nl.NewRtAttrChild(peer, syscall.IFLA_TXQLEN, nl.Uint32Attr(uint32(base.TxQLen)))
+			peer.AddRtAttr(unix.IFLA_TXQLEN, nl.Uint32Attr(uint32(base.TxQLen)))
 		}
 		if base.MTU > 0 {
-			nl.NewRtAttrChild(peer, syscall.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
+			peer.AddRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
+		}
+		if link.PeerHardwareAddr != nil {
+			peer.AddRtAttr(unix.IFLA_ADDRESS, []byte(link.PeerHardwareAddr))
 		}
-
 	case *Vxlan:
 		addVxlanAttrs(link, linkInfo)
 	case *Bond:
 		addBondAttrs(link, linkInfo)
 	case *IPVlan:
-		data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
-		nl.NewRtAttrChild(data, nl.IFLA_IPVLAN_MODE, nl.Uint16Attr(uint16(link.Mode)))
+		data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+		data.AddRtAttr(nl.IFLA_IPVLAN_MODE, nl.Uint16Attr(uint16(link.Mode)))
+		data.AddRtAttr(nl.IFLA_IPVLAN_FLAG, nl.Uint16Attr(uint16(link.Flag)))
 	case *Macvlan:
 		if link.Mode != MACVLAN_MODE_DEFAULT {
-			data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
-			nl.NewRtAttrChild(data, nl.IFLA_MACVLAN_MODE, nl.Uint32Attr(macvlanModes[link.Mode]))
+			data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+			data.AddRtAttr(nl.IFLA_MACVLAN_MODE, nl.Uint32Attr(macvlanModes[link.Mode]))
 		}
 	case *Macvtap:
 		if link.Mode != MACVLAN_MODE_DEFAULT {
-			data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
-			nl.NewRtAttrChild(data, nl.IFLA_MACVLAN_MODE, nl.Uint32Attr(macvlanModes[link.Mode]))
+			data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+			data.AddRtAttr(nl.IFLA_MACVLAN_MODE, nl.Uint32Attr(macvlanModes[link.Mode]))
 		}
 	case *Gretap:
 		addGretapAttrs(link, linkInfo)
 	case *Iptun:
 		addIptunAttrs(link, linkInfo)
+	case *Ip6tnl:
+		addIp6tnlAttrs(link, linkInfo)
+	case *Sittun:
+		addSittunAttrs(link, linkInfo)
 	case *Gretun:
 		addGretunAttrs(link, linkInfo)
 	case *Vti:
@@ -950,11 +1314,15 @@ func (h *Handle) linkModify(link Link, flags int) error {
 		addBridgeAttrs(link, linkInfo)
 	case *GTP:
 		addGTPAttrs(link, linkInfo)
+	case *Xfrmi:
+		addXfrmiAttrs(link, linkInfo)
+	case *IPoIB:
+		addIPoIBAttrs(link, linkInfo)
 	}
 
 	req.AddData(linkInfo)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	if err != nil {
 		return err
 	}
@@ -984,13 +1352,13 @@ func (h *Handle) LinkDel(link Link) error {
 
 	h.ensureIndex(base)
 
-	req := h.newNetlinkRequest(syscall.RTM_DELLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_DELLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -1033,16 +1401,19 @@ func (h *Handle) LinkByName(name string) (Link, error) {
 		return h.linkByNameDump(name)
 	}
 
-	req := h.newNetlinkRequest(syscall.RTM_GETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	req.AddData(msg)
 
-	nameData := nl.NewRtAttr(syscall.IFLA_IFNAME, nl.ZeroTerminated(name))
+	attr := nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(nl.RTEXT_FILTER_VF))
+	req.AddData(attr)
+
+	nameData := nl.NewRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(name))
 	req.AddData(nameData)
 
 	link, err := execGetLink(req)
-	if err == syscall.EINVAL {
+	if err == unix.EINVAL {
 		// older kernels don't support looking up via IFLA_IFNAME
 		// so fall back to dumping all links
 		h.lookupByDump = true
@@ -1065,16 +1436,19 @@ func (h *Handle) LinkByAlias(alias string) (Link, error) {
 		return h.linkByAliasDump(alias)
 	}
 
-	req := h.newNetlinkRequest(syscall.RTM_GETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	req.AddData(msg)
 
-	nameData := nl.NewRtAttr(syscall.IFLA_IFALIAS, nl.ZeroTerminated(alias))
+	attr := nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(nl.RTEXT_FILTER_VF))
+	req.AddData(attr)
+
+	nameData := nl.NewRtAttr(unix.IFLA_IFALIAS, nl.ZeroTerminated(alias))
 	req.AddData(nameData)
 
 	link, err := execGetLink(req)
-	if err == syscall.EINVAL {
+	if err == unix.EINVAL {
 		// older kernels don't support looking up via IFLA_IFALIAS
 		// so fall back to dumping all links
 		h.lookupByDump = true
@@ -1091,20 +1465,22 @@ func LinkByIndex(index int) (Link, error) {
 
 // LinkByIndex finds a link by index and returns a pointer to the object.
 func (h *Handle) LinkByIndex(index int) (Link, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(index)
 	req.AddData(msg)
+	attr := nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(nl.RTEXT_FILTER_VF))
+	req.AddData(attr)
 
 	return execGetLink(req)
 }
 
 func execGetLink(req *nl.NetlinkRequest) (Link, error) {
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	if err != nil {
 		if errno, ok := err.(syscall.Errno); ok {
-			if errno == syscall.ENODEV {
+			if errno == unix.ENODEV {
 				return nil, LinkNotFoundError{fmt.Errorf("Link not found")}
 			}
 		}
@@ -1125,7 +1501,7 @@ func execGetLink(req *nl.NetlinkRequest) (Link, error) {
 
 // linkDeserialize deserializes a raw message received from netlink into
 // a link object.
-func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) {
+func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) {
 	msg := nl.DeserializeIfInfomsg(m)
 
 	attrs, err := nl.ParseRouteAttr(m[msg.Len():])
@@ -1134,18 +1510,20 @@ func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) {
 	}
 
 	base := LinkAttrs{Index: int(msg.Index), RawFlags: msg.Flags, Flags: linkFlags(msg.Flags), EncapType: msg.EncapType()}
-	if msg.Flags&syscall.IFF_PROMISC != 0 {
+	if msg.Flags&unix.IFF_PROMISC != 0 {
 		base.Promisc = 1
 	}
 	var (
-		link     Link
-		stats32  []byte
-		stats64  []byte
-		linkType string
+		link      Link
+		stats32   *LinkStatistics32
+		stats64   *LinkStatistics64
+		linkType  string
+		linkSlave LinkSlave
+		slaveType string
 	)
 	for _, attr := range attrs {
 		switch attr.Attr.Type {
-		case syscall.IFLA_LINKINFO:
+		case unix.IFLA_LINKINFO:
 			infos, err := nl.ParseRouteAttr(attr.Value)
 			if err != nil {
 				return nil, err
@@ -1177,16 +1555,30 @@ func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) {
 						link = &Macvtap{}
 					case "gretap":
 						link = &Gretap{}
+					case "ip6gretap":
+						link = &Gretap{}
 					case "ipip":
 						link = &Iptun{}
+					case "ip6tnl":
+						link = &Ip6tnl{}
+					case "sit":
+						link = &Sittun{}
 					case "gre":
 						link = &Gretun{}
-					case "vti":
+					case "ip6gre":
+						link = &Gretun{}
+					case "vti", "vti6":
 						link = &Vti{}
 					case "vrf":
 						link = &Vrf{}
 					case "gtp":
 						link = &GTP{}
+					case "xfrm":
+						link = &Xfrmi{}
+					case "tun":
+						link = &Tuntap{}
+					case "ipoib":
+						link = &IPoIB{}
 					default:
 						link = &GenericLink{LinkType: linkType}
 					}
@@ -1210,11 +1602,19 @@ func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) {
 						parseMacvtapData(link, data)
 					case "gretap":
 						parseGretapData(link, data)
+					case "ip6gretap":
+						parseGretapData(link, data)
 					case "ipip":
 						parseIptunData(link, data)
+					case "ip6tnl":
+						parseIp6tnlData(link, data)
+					case "sit":
+						parseSittunData(link, data)
 					case "gre":
 						parseGretunData(link, data)
-					case "vti":
+					case "ip6gre":
+						parseGretunData(link, data)
+					case "vti", "vti6":
 						parseVtiData(link, data)
 					case "vrf":
 						parseVrfData(link, data)
@@ -1222,10 +1622,31 @@ func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) {
 						parseBridgeData(link, data)
 					case "gtp":
 						parseGTPData(link, data)
+					case "xfrm":
+						parseXfrmiData(link, data)
+					case "tun":
+						parseTuntapData(link, data)
+					case "ipoib":
+						parseIPoIBData(link, data)
+					}
+				case nl.IFLA_INFO_SLAVE_KIND:
+					slaveType = string(info.Value[:len(info.Value)-1])
+					switch slaveType {
+					case "bond":
+						linkSlave = &BondSlave{}
+					}
+				case nl.IFLA_INFO_SLAVE_DATA:
+					switch slaveType {
+					case "bond":
+						data, err := nl.ParseRouteAttr(info.Value)
+						if err != nil {
+							return nil, err
+						}
+						parseBondSlaveData(linkSlave, data)
 					}
 				}
 			}
-		case syscall.IFLA_ADDRESS:
+		case unix.IFLA_ADDRESS:
 			var nonzero bool
 			for _, b := range attr.Value {
 				if b != 0 {
@@ -1235,48 +1656,75 @@ func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) {
 			if nonzero {
 				base.HardwareAddr = attr.Value[:]
 			}
-		case syscall.IFLA_IFNAME:
+		case unix.IFLA_IFNAME:
 			base.Name = string(attr.Value[:len(attr.Value)-1])
-		case syscall.IFLA_MTU:
+		case unix.IFLA_MTU:
 			base.MTU = int(native.Uint32(attr.Value[0:4]))
-		case syscall.IFLA_LINK:
+		case unix.IFLA_LINK:
 			base.ParentIndex = int(native.Uint32(attr.Value[0:4]))
-		case syscall.IFLA_MASTER:
+		case unix.IFLA_MASTER:
 			base.MasterIndex = int(native.Uint32(attr.Value[0:4]))
-		case syscall.IFLA_TXQLEN:
+		case unix.IFLA_TXQLEN:
 			base.TxQLen = int(native.Uint32(attr.Value[0:4]))
-		case syscall.IFLA_IFALIAS:
+		case unix.IFLA_IFALIAS:
 			base.Alias = string(attr.Value[:len(attr.Value)-1])
-		case syscall.IFLA_STATS:
-			stats32 = attr.Value[:]
-		case IFLA_STATS64:
-			stats64 = attr.Value[:]
-		case nl.IFLA_XDP:
+		case unix.IFLA_STATS:
+			stats32 = new(LinkStatistics32)
+			if err := binary.Read(bytes.NewBuffer(attr.Value[:]), nl.NativeEndian(), stats32); err != nil {
+				return nil, err
+			}
+		case unix.IFLA_STATS64:
+			stats64 = new(LinkStatistics64)
+			if err := binary.Read(bytes.NewBuffer(attr.Value[:]), nl.NativeEndian(), stats64); err != nil {
+				return nil, err
+			}
+		case unix.IFLA_XDP:
 			xdp, err := parseLinkXdp(attr.Value[:])
 			if err != nil {
 				return nil, err
 			}
 			base.Xdp = xdp
-		case syscall.IFLA_PROTINFO | syscall.NLA_F_NESTED:
-			if hdr != nil && hdr.Type == syscall.RTM_NEWLINK &&
-				msg.Family == syscall.AF_BRIDGE {
+		case unix.IFLA_PROTINFO | unix.NLA_F_NESTED:
+			if hdr != nil && hdr.Type == unix.RTM_NEWLINK &&
+				msg.Family == unix.AF_BRIDGE {
 				attrs, err := nl.ParseRouteAttr(attr.Value[:])
 				if err != nil {
 					return nil, err
 				}
-				base.Protinfo = parseProtinfo(attrs)
+				protinfo := parseProtinfo(attrs)
+				base.Protinfo = &protinfo
 			}
-		case syscall.IFLA_OPERSTATE:
+		case unix.IFLA_OPERSTATE:
 			base.OperState = LinkOperState(uint8(attr.Value[0]))
-		case nl.IFLA_LINK_NETNSID:
+		case unix.IFLA_LINK_NETNSID:
 			base.NetNsID = int(native.Uint32(attr.Value[0:4]))
+		case unix.IFLA_GSO_MAX_SIZE:
+			base.GSOMaxSize = native.Uint32(attr.Value[0:4])
+		case unix.IFLA_GSO_MAX_SEGS:
+			base.GSOMaxSegs = native.Uint32(attr.Value[0:4])
+		case unix.IFLA_VFINFO_LIST:
+			data, err := nl.ParseRouteAttr(attr.Value)
+			if err != nil {
+				return nil, err
+			}
+			vfs, err := parseVfInfoList(data)
+			if err != nil {
+				return nil, err
+			}
+			base.Vfs = vfs
+		case unix.IFLA_NUM_TX_QUEUES:
+			base.NumTxQueues = int(native.Uint32(attr.Value[0:4]))
+		case unix.IFLA_NUM_RX_QUEUES:
+			base.NumRxQueues = int(native.Uint32(attr.Value[0:4]))
+		case unix.IFLA_GROUP:
+			base.Group = native.Uint32(attr.Value[0:4])
 		}
 	}
 
 	if stats64 != nil {
-		base.Statistics = parseLinkStats64(stats64)
+		base.Statistics = (*LinkStatistics)(stats64)
 	} else if stats32 != nil {
-		base.Statistics = parseLinkStats32(stats32)
+		base.Statistics = (*LinkStatistics)(stats32.to64())
 	}
 
 	// Links that don't have IFLA_INFO_KIND are hardware devices
@@ -1284,10 +1732,59 @@ func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) {
 		link = &Device{}
 	}
 	*link.Attrs() = base
+	link.Attrs().Slave = linkSlave
+
+	// If the tuntap attributes are not updated by netlink due to
+	// an older driver, use sysfs
+	if link != nil && linkType == "tun" {
+		tuntap := link.(*Tuntap)
+
+		if tuntap.Mode == 0 {
+			ifname := tuntap.Attrs().Name
+			if flags, err := readSysPropAsInt64(ifname, "tun_flags"); err == nil {
+
+				if flags&unix.IFF_TUN != 0 {
+					tuntap.Mode = unix.IFF_TUN
+				} else if flags&unix.IFF_TAP != 0 {
+					tuntap.Mode = unix.IFF_TAP
+				}
+
+				tuntap.NonPersist = false
+				if flags&unix.IFF_PERSIST == 0 {
+					tuntap.NonPersist = true
+				}
+			}
+
+			// The sysfs interface for owner/group returns -1 for root user, instead of returning 0.
+			// So explicitly check for negative value, before assigning the owner uid/gid.
+			if owner, err := readSysPropAsInt64(ifname, "owner"); err == nil && owner > 0 {
+				tuntap.Owner = uint32(owner)
+			}
+
+			if group, err := readSysPropAsInt64(ifname, "group"); err == nil && group > 0 {
+				tuntap.Group = uint32(group)
+			}
+		}
+	}
 
 	return link, nil
 }
 
+func readSysPropAsInt64(ifname, prop string) (int64, error) {
+	fname := fmt.Sprintf("/sys/class/net/%s/%s", ifname, prop)
+	contents, err := ioutil.ReadFile(fname)
+	if err != nil {
+		return 0, err
+	}
+
+	num, err := strconv.ParseInt(strings.TrimSpace(string(contents)), 0, 64)
+	if err == nil {
+		return num, nil
+	}
+
+	return 0, err
+}
+
 // LinkList gets a list of link devices.
 // Equivalent to: `ip link show`
 func LinkList() ([]Link, error) {
@@ -1299,12 +1796,14 @@ func LinkList() ([]Link, error) {
 func (h *Handle) LinkList() ([]Link, error) {
 	// NOTE(vish): This duplicates functionality in net/iface_linux.go, but we need
 	//             to get the message ourselves to parse link type.
-	req := h.newNetlinkRequest(syscall.RTM_GETLINK, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	req.AddData(msg)
+	attr := nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(nl.RTEXT_FILTER_VF))
+	req.AddData(attr)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWLINK)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
 	if err != nil {
 		return nil, err
 	}
@@ -1324,20 +1823,20 @@ func (h *Handle) LinkList() ([]Link, error) {
 // LinkUpdate is used to pass information back from LinkSubscribe()
 type LinkUpdate struct {
 	nl.IfInfomsg
-	Header syscall.NlMsghdr
+	Header unix.NlMsghdr
 	Link
 }
 
 // LinkSubscribe takes a chan down which notifications will be sent
 // when links change.  Close the 'done' chan to stop subscription.
 func LinkSubscribe(ch chan<- LinkUpdate, done <-chan struct{}) error {
-	return linkSubscribeAt(netns.None(), netns.None(), ch, done, nil)
+	return linkSubscribeAt(netns.None(), netns.None(), ch, done, nil, false)
 }
 
 // LinkSubscribeAt works like LinkSubscribe plus it allows the caller
 // to choose the network namespace in which to subscribe (ns).
 func LinkSubscribeAt(ns netns.NsHandle, ch chan<- LinkUpdate, done <-chan struct{}) error {
-	return linkSubscribeAt(ns, netns.None(), ch, done, nil)
+	return linkSubscribeAt(ns, netns.None(), ch, done, nil, false)
 }
 
 // LinkSubscribeOptions contains a set of options to use with
@@ -1345,6 +1844,7 @@ func LinkSubscribeAt(ns netns.NsHandle, ch chan<- LinkUpdate, done <-chan struct
 type LinkSubscribeOptions struct {
 	Namespace     *netns.NsHandle
 	ErrorCallback func(error)
+	ListExisting  bool
 }
 
 // LinkSubscribeWithOptions work like LinkSubscribe but enable to
@@ -1355,11 +1855,11 @@ func LinkSubscribeWithOptions(ch chan<- LinkUpdate, done <-chan struct{}, option
 		none := netns.None()
 		options.Namespace = &none
 	}
-	return linkSubscribeAt(*options.Namespace, netns.None(), ch, done, options.ErrorCallback)
+	return linkSubscribeAt(*options.Namespace, netns.None(), ch, done, options.ErrorCallback, options.ListExisting)
 }
 
-func linkSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- LinkUpdate, done <-chan struct{}, cberr func(error)) error {
-	s, err := nl.SubscribeAt(newNs, curNs, syscall.NETLINK_ROUTE, syscall.RTNLGRP_LINK)
+func linkSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- LinkUpdate, done <-chan struct{}, cberr func(error), listExisting bool) error {
+	s, err := nl.SubscribeAt(newNs, curNs, unix.NETLINK_ROUTE, unix.RTNLGRP_LINK)
 	if err != nil {
 		return err
 	}
@@ -1369,26 +1869,56 @@ func linkSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- LinkUpdate, done <-c
 			s.Close()
 		}()
 	}
+	if listExisting {
+		req := pkgHandle.newNetlinkRequest(unix.RTM_GETLINK,
+			unix.NLM_F_DUMP)
+		msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+		req.AddData(msg)
+		if err := s.Send(req); err != nil {
+			return err
+		}
+	}
 	go func() {
 		defer close(ch)
 		for {
-			msgs, err := s.Receive()
+			msgs, from, err := s.Receive()
 			if err != nil {
 				if cberr != nil {
 					cberr(err)
 				}
 				return
 			}
+			if from.Pid != nl.PidKernel {
+				if cberr != nil {
+					cberr(fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel))
+				}
+				continue
+			}
 			for _, m := range msgs {
+				if m.Header.Type == unix.NLMSG_DONE {
+					continue
+				}
+				if m.Header.Type == unix.NLMSG_ERROR {
+					native := nl.NativeEndian()
+					error := int32(native.Uint32(m.Data[0:4]))
+					if error == 0 {
+						continue
+					}
+					if cberr != nil {
+						cberr(syscall.Errno(-error))
+					}
+					return
+				}
 				ifmsg := nl.DeserializeIfInfomsg(m.Data)
-				link, err := LinkDeserialize(&m.Header, m.Data)
+				header := unix.NlMsghdr(m.Header)
+				link, err := LinkDeserialize(&header, m.Data)
 				if err != nil {
 					if cberr != nil {
 						cberr(err)
 					}
 					return
 				}
-				ch <- LinkUpdate{IfInfomsg: *ifmsg, Header: m.Header, Link: link}
+				ch <- LinkUpdate{IfInfomsg: *ifmsg, Header: header, Link: link}
 			}
 		}
 	}()
@@ -1463,16 +1993,16 @@ func (h *Handle) LinkSetBrProxyArpWiFi(link Link, mode bool) error {
 func (h *Handle) setProtinfoAttr(link Link, mode bool, attr int) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_BRIDGE)
+	msg := nl.NewIfInfomsg(unix.AF_BRIDGE)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
-	br := nl.NewRtAttr(syscall.IFLA_PROTINFO|syscall.NLA_F_NESTED, nil)
-	nl.NewRtAttrChild(br, attr, boolToByte(mode))
+	br := nl.NewRtAttr(unix.IFLA_PROTINFO|unix.NLA_F_NESTED, nil)
+	br.AddRtAttr(attr, boolToByte(mode))
 	req.AddData(br)
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	if err != nil {
 		return err
 	}
@@ -1490,19 +2020,48 @@ func LinkSetTxQLen(link Link, qlen int) error {
 func (h *Handle) LinkSetTxQLen(link Link, qlen int) error {
 	base := link.Attrs()
 	h.ensureIndex(base)
-	req := h.newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
 
-	msg := nl.NewIfInfomsg(syscall.AF_UNSPEC)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
 	msg.Index = int32(base.Index)
 	req.AddData(msg)
 
 	b := make([]byte, 4)
 	native.PutUint32(b, uint32(qlen))
 
-	data := nl.NewRtAttr(syscall.IFLA_TXQLEN, b)
+	data := nl.NewRtAttr(unix.IFLA_TXQLEN, b)
 	req.AddData(data)
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+// LinkSetGroup sets the link group id which can be used to perform mass actions
+// with iproute2 as well use it as a reference in nft filters.
+// Equivalent to: `ip link set $link group $id`
+func LinkSetGroup(link Link, group int) error {
+	return pkgHandle.LinkSetGroup(link, group)
+}
+
+// LinkSetGroup sets the link group id which can be used to perform mass actions
+// with iproute2 as well use it as a reference in nft filters.
+// Equivalent to: `ip link set $link group $id`
+func (h *Handle) LinkSetGroup(link Link, group int) error {
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	b := make([]byte, 4)
+	native.PutUint32(b, uint32(group))
+
+	data := nl.NewRtAttr(unix.IFLA_GROUP, b)
+	req.AddData(data)
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -1512,6 +2071,8 @@ func parseVlanData(link Link, data []syscall.NetlinkRouteAttr) {
 		switch datum.Attr.Type {
 		case nl.IFLA_VLAN_ID:
 			vlan.VlanId = int(native.Uint16(datum.Value[0:2]))
+		case nl.IFLA_VLAN_PROTOCOL:
+			vlan.VlanProtocol = VlanProtocol(int(ntohs(datum.Value[0:2])))
 		}
 	}
 }
@@ -1548,6 +2109,10 @@ func parseVxlanData(link Link, data []syscall.NetlinkRouteAttr) {
 			vxlan.L3miss = int8(datum.Value[0]) != 0
 		case nl.IFLA_VXLAN_UDP_CSUM:
 			vxlan.UDPCSum = int8(datum.Value[0]) != 0
+		case nl.IFLA_VXLAN_UDP_ZERO_CSUM6_TX:
+			vxlan.UDP6ZeroCSumTx = int8(datum.Value[0]) != 0
+		case nl.IFLA_VXLAN_UDP_ZERO_CSUM6_RX:
+			vxlan.UDP6ZeroCSumRx = int8(datum.Value[0]) != 0
 		case nl.IFLA_VXLAN_GBP:
 			vxlan.GBP = true
 		case nl.IFLA_VXLAN_FLOWBASED:
@@ -1589,7 +2154,7 @@ func parseBondData(link Link, data []syscall.NetlinkRouteAttr) {
 		case nl.IFLA_BOND_ARP_INTERVAL:
 			bond.ArpInterval = int(native.Uint32(data[i].Value[0:4]))
 		case nl.IFLA_BOND_ARP_IP_TARGET:
-			// TODO: implement
+			bond.ArpIpTargets = parseBondArpIpTargets(data[i].Value)
 		case nl.IFLA_BOND_ARP_VALIDATE:
 			bond.ArpValidate = BondArpValidate(native.Uint32(data[i].Value[0:4]))
 		case nl.IFLA_BOND_ARP_ALL_TARGETS:
@@ -1632,12 +2197,75 @@ func parseBondData(link Link, data []syscall.NetlinkRouteAttr) {
 	}
 }
 
+func parseBondArpIpTargets(value []byte) []net.IP {
+	data, err := nl.ParseRouteAttr(value)
+	if err != nil {
+		return nil
+	}
+
+	targets := []net.IP{}
+	for i := range data {
+		target := net.IP(data[i].Value)
+		if ip := target.To4(); ip != nil {
+			targets = append(targets, ip)
+			continue
+		}
+		if ip := target.To16(); ip != nil {
+			targets = append(targets, ip)
+		}
+	}
+
+	return targets
+}
+
+func addBondSlaveAttrs(bondSlave *BondSlave, linkInfo *nl.RtAttr) {
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_SLAVE_DATA, nil)
+
+	data.AddRtAttr(nl.IFLA_BOND_SLAVE_STATE, nl.Uint8Attr(uint8(bondSlave.State)))
+	data.AddRtAttr(nl.IFLA_BOND_SLAVE_MII_STATUS, nl.Uint8Attr(uint8(bondSlave.MiiStatus)))
+	data.AddRtAttr(nl.IFLA_BOND_SLAVE_LINK_FAILURE_COUNT, nl.Uint32Attr(bondSlave.LinkFailureCount))
+	data.AddRtAttr(nl.IFLA_BOND_SLAVE_QUEUE_ID, nl.Uint16Attr(bondSlave.QueueId))
+	data.AddRtAttr(nl.IFLA_BOND_SLAVE_AD_AGGREGATOR_ID, nl.Uint16Attr(bondSlave.AggregatorId))
+	data.AddRtAttr(nl.IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE, nl.Uint8Attr(bondSlave.AdActorOperPortState))
+	data.AddRtAttr(nl.IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE, nl.Uint16Attr(bondSlave.AdPartnerOperPortState))
+
+	if mac := bondSlave.PermHardwareAddr; mac != nil {
+		data.AddRtAttr(nl.IFLA_BOND_SLAVE_PERM_HWADDR, []byte(mac))
+	}
+}
+
+func parseBondSlaveData(slave LinkSlave, data []syscall.NetlinkRouteAttr) {
+	bondSlave := slave.(*BondSlave)
+	for i := range data {
+		switch data[i].Attr.Type {
+		case nl.IFLA_BOND_SLAVE_STATE:
+			bondSlave.State = BondSlaveState(data[i].Value[0])
+		case nl.IFLA_BOND_SLAVE_MII_STATUS:
+			bondSlave.MiiStatus = BondSlaveMiiStatus(data[i].Value[0])
+		case nl.IFLA_BOND_SLAVE_LINK_FAILURE_COUNT:
+			bondSlave.LinkFailureCount = native.Uint32(data[i].Value[0:4])
+		case nl.IFLA_BOND_SLAVE_PERM_HWADDR:
+			bondSlave.PermHardwareAddr = net.HardwareAddr(data[i].Value[0:6])
+		case nl.IFLA_BOND_SLAVE_QUEUE_ID:
+			bondSlave.QueueId = native.Uint16(data[i].Value[0:2])
+		case nl.IFLA_BOND_SLAVE_AD_AGGREGATOR_ID:
+			bondSlave.AggregatorId = native.Uint16(data[i].Value[0:2])
+		case nl.IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE:
+			bondSlave.AdActorOperPortState = uint8(data[i].Value[0])
+		case nl.IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE:
+			bondSlave.AdPartnerOperPortState = native.Uint16(data[i].Value[0:2])
+		}
+	}
+}
+
 func parseIPVlanData(link Link, data []syscall.NetlinkRouteAttr) {
 	ipv := link.(*IPVlan)
 	for _, datum := range data {
-		if datum.Attr.Type == nl.IFLA_IPVLAN_MODE {
+		switch datum.Attr.Type {
+		case nl.IFLA_IPVLAN_MODE:
 			ipv.Mode = IPVlanMode(native.Uint32(datum.Value[0:4]))
-			return
+		case nl.IFLA_IPVLAN_FLAG:
+			ipv.Flag = IPVlanFlag(native.Uint32(datum.Value[0:4]))
 		}
 	}
 }
@@ -1650,7 +2278,8 @@ func parseMacvtapData(link Link, data []syscall.NetlinkRouteAttr) {
 func parseMacvlanData(link Link, data []syscall.NetlinkRouteAttr) {
 	macv := link.(*Macvlan)
 	for _, datum := range data {
-		if datum.Attr.Type == nl.IFLA_MACVLAN_MODE {
+		switch datum.Attr.Type {
+		case nl.IFLA_MACVLAN_MODE:
 			switch native.Uint32(datum.Value[0:4]) {
 			case nl.MACVLAN_MODE_PRIVATE:
 				macv.Mode = MACVLAN_MODE_PRIVATE
@@ -1663,7 +2292,16 @@ func parseMacvlanData(link Link, data []syscall.NetlinkRouteAttr) {
 			case nl.MACVLAN_MODE_SOURCE:
 				macv.Mode = MACVLAN_MODE_SOURCE
 			}
-			return
+		case nl.IFLA_MACVLAN_MACADDR_COUNT:
+			macv.MACAddrs = make([]net.HardwareAddr, 0, int(native.Uint32(datum.Value[0:4])))
+		case nl.IFLA_MACVLAN_MACADDR_DATA:
+			macs, err := nl.ParseRouteAttr(datum.Value[:])
+			if err != nil {
+				panic(fmt.Sprintf("failed to ParseRouteAttr for IFLA_MACVLAN_MACADDR_DATA: %v", err))
+			}
+			for _, macDatum := range macs {
+				macv.MACAddrs = append(macv.MACAddrs, net.HardwareAddr(macDatum.Value[0:6]))
+			}
 		}
 	}
 }
@@ -1671,66 +2309,71 @@ func parseMacvlanData(link Link, data []syscall.NetlinkRouteAttr) {
 // copied from pkg/net_linux.go
 func linkFlags(rawFlags uint32) net.Flags {
 	var f net.Flags
-	if rawFlags&syscall.IFF_UP != 0 {
+	if rawFlags&unix.IFF_UP != 0 {
 		f |= net.FlagUp
 	}
-	if rawFlags&syscall.IFF_BROADCAST != 0 {
+	if rawFlags&unix.IFF_BROADCAST != 0 {
 		f |= net.FlagBroadcast
 	}
-	if rawFlags&syscall.IFF_LOOPBACK != 0 {
+	if rawFlags&unix.IFF_LOOPBACK != 0 {
 		f |= net.FlagLoopback
 	}
-	if rawFlags&syscall.IFF_POINTOPOINT != 0 {
+	if rawFlags&unix.IFF_POINTOPOINT != 0 {
 		f |= net.FlagPointToPoint
 	}
-	if rawFlags&syscall.IFF_MULTICAST != 0 {
+	if rawFlags&unix.IFF_MULTICAST != 0 {
 		f |= net.FlagMulticast
 	}
 	return f
 }
 
 func addGretapAttrs(gretap *Gretap, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
 
 	if gretap.FlowBased {
 		// In flow based mode, no other attributes need to be configured
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_COLLECT_METADATA, boolAttr(gretap.FlowBased))
+		data.AddRtAttr(nl.IFLA_GRE_COLLECT_METADATA, boolAttr(gretap.FlowBased))
 		return
 	}
 
-	ip := gretap.Local.To4()
-	if ip != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_LOCAL, []byte(ip))
+	if ip := gretap.Local; ip != nil {
+		if ip.To4() != nil {
+			ip = ip.To4()
+		}
+		data.AddRtAttr(nl.IFLA_GRE_LOCAL, []byte(ip))
 	}
-	ip = gretap.Remote.To4()
-	if ip != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_REMOTE, []byte(ip))
+
+	if ip := gretap.Remote; ip != nil {
+		if ip.To4() != nil {
+			ip = ip.To4()
+		}
+		data.AddRtAttr(nl.IFLA_GRE_REMOTE, []byte(ip))
 	}
 
 	if gretap.IKey != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_IKEY, htonl(gretap.IKey))
+		data.AddRtAttr(nl.IFLA_GRE_IKEY, htonl(gretap.IKey))
 		gretap.IFlags |= uint16(nl.GRE_KEY)
 	}
 
 	if gretap.OKey != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_OKEY, htonl(gretap.OKey))
+		data.AddRtAttr(nl.IFLA_GRE_OKEY, htonl(gretap.OKey))
 		gretap.OFlags |= uint16(nl.GRE_KEY)
 	}
 
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_IFLAGS, htons(gretap.IFlags))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_OFLAGS, htons(gretap.OFlags))
+	data.AddRtAttr(nl.IFLA_GRE_IFLAGS, htons(gretap.IFlags))
+	data.AddRtAttr(nl.IFLA_GRE_OFLAGS, htons(gretap.OFlags))
 
 	if gretap.Link != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_LINK, nl.Uint32Attr(gretap.Link))
+		data.AddRtAttr(nl.IFLA_GRE_LINK, nl.Uint32Attr(gretap.Link))
 	}
 
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_PMTUDISC, nl.Uint8Attr(gretap.PMtuDisc))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_TTL, nl.Uint8Attr(gretap.Ttl))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_TOS, nl.Uint8Attr(gretap.Tos))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_ENCAP_TYPE, nl.Uint16Attr(gretap.EncapType))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_ENCAP_FLAGS, nl.Uint16Attr(gretap.EncapFlags))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_ENCAP_SPORT, htons(gretap.EncapSport))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_ENCAP_DPORT, htons(gretap.EncapDport))
+	data.AddRtAttr(nl.IFLA_GRE_PMTUDISC, nl.Uint8Attr(gretap.PMtuDisc))
+	data.AddRtAttr(nl.IFLA_GRE_TTL, nl.Uint8Attr(gretap.Ttl))
+	data.AddRtAttr(nl.IFLA_GRE_TOS, nl.Uint8Attr(gretap.Tos))
+	data.AddRtAttr(nl.IFLA_GRE_ENCAP_TYPE, nl.Uint16Attr(gretap.EncapType))
+	data.AddRtAttr(nl.IFLA_GRE_ENCAP_FLAGS, nl.Uint16Attr(gretap.EncapFlags))
+	data.AddRtAttr(nl.IFLA_GRE_ENCAP_SPORT, htons(gretap.EncapSport))
+	data.AddRtAttr(nl.IFLA_GRE_ENCAP_DPORT, htons(gretap.EncapDport))
 }
 
 func parseGretapData(link Link, data []syscall.NetlinkRouteAttr) {
@@ -1742,9 +2385,9 @@ func parseGretapData(link Link, data []syscall.NetlinkRouteAttr) {
 		case nl.IFLA_GRE_IKEY:
 			gre.OKey = ntohl(datum.Value[0:4])
 		case nl.IFLA_GRE_LOCAL:
-			gre.Local = net.IP(datum.Value[0:4])
+			gre.Local = net.IP(datum.Value)
 		case nl.IFLA_GRE_REMOTE:
-			gre.Remote = net.IP(datum.Value[0:4])
+			gre.Remote = net.IP(datum.Value)
 		case nl.IFLA_GRE_ENCAP_SPORT:
 			gre.EncapSport = ntohs(datum.Value[0:2])
 		case nl.IFLA_GRE_ENCAP_DPORT:
@@ -1753,7 +2396,6 @@ func parseGretapData(link Link, data []syscall.NetlinkRouteAttr) {
 			gre.IFlags = ntohs(datum.Value[0:2])
 		case nl.IFLA_GRE_OFLAGS:
 			gre.OFlags = ntohs(datum.Value[0:2])
-
 		case nl.IFLA_GRE_TTL:
 			gre.Ttl = uint8(datum.Value[0])
 		case nl.IFLA_GRE_TOS:
@@ -1765,88 +2407,97 @@ func parseGretapData(link Link, data []syscall.NetlinkRouteAttr) {
 		case nl.IFLA_GRE_ENCAP_FLAGS:
 			gre.EncapFlags = native.Uint16(datum.Value[0:2])
 		case nl.IFLA_GRE_COLLECT_METADATA:
-			gre.FlowBased = int8(datum.Value[0]) != 0
+			gre.FlowBased = true
 		}
 	}
 }
 
 func addGretunAttrs(gre *Gretun, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
 
-	ip := gre.Local.To4()
-	if ip != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_LOCAL, []byte(ip))
+	if ip := gre.Local; ip != nil {
+		if ip.To4() != nil {
+			ip = ip.To4()
+		}
+		data.AddRtAttr(nl.IFLA_GRE_LOCAL, []byte(ip))
 	}
-	ip = gre.Remote.To4()
-	if ip != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_REMOTE, []byte(ip))
+
+	if ip := gre.Remote; ip != nil {
+		if ip.To4() != nil {
+			ip = ip.To4()
+		}
+		data.AddRtAttr(nl.IFLA_GRE_REMOTE, []byte(ip))
 	}
 
 	if gre.IKey != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_IKEY, htonl(gre.IKey))
+		data.AddRtAttr(nl.IFLA_GRE_IKEY, htonl(gre.IKey))
 		gre.IFlags |= uint16(nl.GRE_KEY)
 	}
 
 	if gre.OKey != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_OKEY, htonl(gre.OKey))
+		data.AddRtAttr(nl.IFLA_GRE_OKEY, htonl(gre.OKey))
 		gre.OFlags |= uint16(nl.GRE_KEY)
 	}
 
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_IFLAGS, htons(gre.IFlags))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_OFLAGS, htons(gre.OFlags))
+	data.AddRtAttr(nl.IFLA_GRE_IFLAGS, htons(gre.IFlags))
+	data.AddRtAttr(nl.IFLA_GRE_OFLAGS, htons(gre.OFlags))
 
 	if gre.Link != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_GRE_LINK, nl.Uint32Attr(gre.Link))
+		data.AddRtAttr(nl.IFLA_GRE_LINK, nl.Uint32Attr(gre.Link))
 	}
 
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_PMTUDISC, nl.Uint8Attr(gre.PMtuDisc))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_TTL, nl.Uint8Attr(gre.Ttl))
-	nl.NewRtAttrChild(data, nl.IFLA_GRE_TOS, nl.Uint8Attr(gre.Tos))
+	data.AddRtAttr(nl.IFLA_GRE_PMTUDISC, nl.Uint8Attr(gre.PMtuDisc))
+	data.AddRtAttr(nl.IFLA_GRE_TTL, nl.Uint8Attr(gre.Ttl))
+	data.AddRtAttr(nl.IFLA_GRE_TOS, nl.Uint8Attr(gre.Tos))
+	data.AddRtAttr(nl.IFLA_GRE_ENCAP_TYPE, nl.Uint16Attr(gre.EncapType))
+	data.AddRtAttr(nl.IFLA_GRE_ENCAP_FLAGS, nl.Uint16Attr(gre.EncapFlags))
+	data.AddRtAttr(nl.IFLA_GRE_ENCAP_SPORT, htons(gre.EncapSport))
+	data.AddRtAttr(nl.IFLA_GRE_ENCAP_DPORT, htons(gre.EncapDport))
 }
 
 func parseGretunData(link Link, data []syscall.NetlinkRouteAttr) {
 	gre := link.(*Gretun)
 	for _, datum := range data {
 		switch datum.Attr.Type {
-		case nl.IFLA_GRE_OKEY:
-			gre.IKey = ntohl(datum.Value[0:4])
 		case nl.IFLA_GRE_IKEY:
+			gre.IKey = ntohl(datum.Value[0:4])
+		case nl.IFLA_GRE_OKEY:
 			gre.OKey = ntohl(datum.Value[0:4])
 		case nl.IFLA_GRE_LOCAL:
-			gre.Local = net.IP(datum.Value[0:4])
+			gre.Local = net.IP(datum.Value)
 		case nl.IFLA_GRE_REMOTE:
-			gre.Remote = net.IP(datum.Value[0:4])
+			gre.Remote = net.IP(datum.Value)
 		case nl.IFLA_GRE_IFLAGS:
 			gre.IFlags = ntohs(datum.Value[0:2])
 		case nl.IFLA_GRE_OFLAGS:
 			gre.OFlags = ntohs(datum.Value[0:2])
-
 		case nl.IFLA_GRE_TTL:
 			gre.Ttl = uint8(datum.Value[0])
 		case nl.IFLA_GRE_TOS:
 			gre.Tos = uint8(datum.Value[0])
 		case nl.IFLA_GRE_PMTUDISC:
 			gre.PMtuDisc = uint8(datum.Value[0])
+		case nl.IFLA_GRE_ENCAP_TYPE:
+			gre.EncapType = native.Uint16(datum.Value[0:2])
+		case nl.IFLA_GRE_ENCAP_FLAGS:
+			gre.EncapFlags = native.Uint16(datum.Value[0:2])
+		case nl.IFLA_GRE_ENCAP_SPORT:
+			gre.EncapSport = ntohs(datum.Value[0:2])
+		case nl.IFLA_GRE_ENCAP_DPORT:
+			gre.EncapDport = ntohs(datum.Value[0:2])
 		}
 	}
 }
 
-func parseLinkStats32(data []byte) *LinkStatistics {
-	return (*LinkStatistics)((*LinkStatistics32)(unsafe.Pointer(&data[0:SizeofLinkStats32][0])).to64())
-}
-
-func parseLinkStats64(data []byte) *LinkStatistics {
-	return (*LinkStatistics)((*LinkStatistics64)(unsafe.Pointer(&data[0:SizeofLinkStats64][0])))
-}
-
 func addXdpAttrs(xdp *LinkXdp, req *nl.NetlinkRequest) {
-	attrs := nl.NewRtAttr(nl.IFLA_XDP|syscall.NLA_F_NESTED, nil)
+	attrs := nl.NewRtAttr(unix.IFLA_XDP|unix.NLA_F_NESTED, nil)
 	b := make([]byte, 4)
 	native.PutUint32(b, uint32(xdp.Fd))
-	nl.NewRtAttrChild(attrs, nl.IFLA_XDP_FD, b)
+	attrs.AddRtAttr(nl.IFLA_XDP_FD, b)
 	if xdp.Flags != 0 {
+		b := make([]byte, 4)
 		native.PutUint32(b, xdp.Flags)
-		nl.NewRtAttrChild(attrs, nl.IFLA_XDP_FLAGS, b)
+		attrs.AddRtAttr(nl.IFLA_XDP_FLAGS, b)
 	}
 	req.AddData(attrs)
 }
@@ -1873,24 +2524,34 @@ func parseLinkXdp(data []byte) (*LinkXdp, error) {
 }
 
 func addIptunAttrs(iptun *Iptun, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
+	if iptun.FlowBased {
+		// In flow based mode, no other attributes need to be configured
+		linkInfo.AddRtAttr(nl.IFLA_IPTUN_COLLECT_METADATA, boolAttr(iptun.FlowBased))
+		return
+	}
+
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
 
 	ip := iptun.Local.To4()
 	if ip != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_IPTUN_LOCAL, []byte(ip))
+		data.AddRtAttr(nl.IFLA_IPTUN_LOCAL, []byte(ip))
 	}
 
 	ip = iptun.Remote.To4()
 	if ip != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_IPTUN_REMOTE, []byte(ip))
+		data.AddRtAttr(nl.IFLA_IPTUN_REMOTE, []byte(ip))
 	}
 
 	if iptun.Link != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_IPTUN_LINK, nl.Uint32Attr(iptun.Link))
+		data.AddRtAttr(nl.IFLA_IPTUN_LINK, nl.Uint32Attr(iptun.Link))
 	}
-	nl.NewRtAttrChild(data, nl.IFLA_IPTUN_PMTUDISC, nl.Uint8Attr(iptun.PMtuDisc))
-	nl.NewRtAttrChild(data, nl.IFLA_IPTUN_TTL, nl.Uint8Attr(iptun.Ttl))
-	nl.NewRtAttrChild(data, nl.IFLA_IPTUN_TOS, nl.Uint8Attr(iptun.Tos))
+	data.AddRtAttr(nl.IFLA_IPTUN_PMTUDISC, nl.Uint8Attr(iptun.PMtuDisc))
+	data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(iptun.Ttl))
+	data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(iptun.Tos))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_TYPE, nl.Uint16Attr(iptun.EncapType))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_FLAGS, nl.Uint16Attr(iptun.EncapFlags))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_SPORT, htons(iptun.EncapSport))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_DPORT, htons(iptun.EncapDport))
 }
 
 func parseIptunData(link Link, data []syscall.NetlinkRouteAttr) {
@@ -1907,29 +2568,159 @@ func parseIptunData(link Link, data []syscall.NetlinkRouteAttr) {
 			iptun.Tos = uint8(datum.Value[0])
 		case nl.IFLA_IPTUN_PMTUDISC:
 			iptun.PMtuDisc = uint8(datum.Value[0])
+		case nl.IFLA_IPTUN_ENCAP_SPORT:
+			iptun.EncapSport = ntohs(datum.Value[0:2])
+		case nl.IFLA_IPTUN_ENCAP_DPORT:
+			iptun.EncapDport = ntohs(datum.Value[0:2])
+		case nl.IFLA_IPTUN_ENCAP_TYPE:
+			iptun.EncapType = native.Uint16(datum.Value[0:2])
+		case nl.IFLA_IPTUN_ENCAP_FLAGS:
+			iptun.EncapFlags = native.Uint16(datum.Value[0:2])
+		case nl.IFLA_IPTUN_COLLECT_METADATA:
+			iptun.FlowBased = int8(datum.Value[0]) != 0
+		}
+	}
+}
+
+func addIp6tnlAttrs(ip6tnl *Ip6tnl, linkInfo *nl.RtAttr) {
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+
+	if ip6tnl.Link != 0 {
+		data.AddRtAttr(nl.IFLA_IPTUN_LINK, nl.Uint32Attr(ip6tnl.Link))
+	}
+
+	ip := ip6tnl.Local.To16()
+	if ip != nil {
+		data.AddRtAttr(nl.IFLA_IPTUN_LOCAL, []byte(ip))
+	}
+
+	ip = ip6tnl.Remote.To16()
+	if ip != nil {
+		data.AddRtAttr(nl.IFLA_IPTUN_REMOTE, []byte(ip))
+	}
+
+	data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(ip6tnl.Ttl))
+	data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(ip6tnl.Tos))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(ip6tnl.EncapLimit))
+	data.AddRtAttr(nl.IFLA_IPTUN_FLAGS, nl.Uint32Attr(ip6tnl.Flags))
+	data.AddRtAttr(nl.IFLA_IPTUN_PROTO, nl.Uint8Attr(ip6tnl.Proto))
+	data.AddRtAttr(nl.IFLA_IPTUN_FLOWINFO, nl.Uint32Attr(ip6tnl.FlowInfo))
+}
+
+func parseIp6tnlData(link Link, data []syscall.NetlinkRouteAttr) {
+	ip6tnl := link.(*Ip6tnl)
+	for _, datum := range data {
+		switch datum.Attr.Type {
+		case nl.IFLA_IPTUN_LOCAL:
+			ip6tnl.Local = net.IP(datum.Value[:16])
+		case nl.IFLA_IPTUN_REMOTE:
+			ip6tnl.Remote = net.IP(datum.Value[:16])
+		case nl.IFLA_IPTUN_TTL:
+			ip6tnl.Ttl = uint8(datum.Value[0])
+		case nl.IFLA_IPTUN_TOS:
+			ip6tnl.Tos = uint8(datum.Value[0])
+		case nl.IFLA_IPTUN_ENCAP_LIMIT:
+			ip6tnl.EncapLimit = uint8(datum.Value[0])
+		case nl.IFLA_IPTUN_FLAGS:
+			ip6tnl.Flags = native.Uint32(datum.Value[:4])
+		case nl.IFLA_IPTUN_PROTO:
+			ip6tnl.Proto = uint8(datum.Value[0])
+		case nl.IFLA_IPTUN_FLOWINFO:
+			ip6tnl.FlowInfo = native.Uint32(datum.Value[:4])
+		}
+	}
+}
+
+func addSittunAttrs(sittun *Sittun, linkInfo *nl.RtAttr) {
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+
+	if sittun.Link != 0 {
+		data.AddRtAttr(nl.IFLA_IPTUN_LINK, nl.Uint32Attr(sittun.Link))
+	}
+
+	ip := sittun.Local.To4()
+	if ip != nil {
+		data.AddRtAttr(nl.IFLA_IPTUN_LOCAL, []byte(ip))
+	}
+
+	ip = sittun.Remote.To4()
+	if ip != nil {
+		data.AddRtAttr(nl.IFLA_IPTUN_REMOTE, []byte(ip))
+	}
+
+	if sittun.Ttl > 0 {
+		// Would otherwise fail on 3.10 kernel
+		data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(sittun.Ttl))
+	}
+
+	data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(sittun.Tos))
+	data.AddRtAttr(nl.IFLA_IPTUN_PMTUDISC, nl.Uint8Attr(sittun.PMtuDisc))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_TYPE, nl.Uint16Attr(sittun.EncapType))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_FLAGS, nl.Uint16Attr(sittun.EncapFlags))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_SPORT, htons(sittun.EncapSport))
+	data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_DPORT, htons(sittun.EncapDport))
+}
+
+func parseSittunData(link Link, data []syscall.NetlinkRouteAttr) {
+	sittun := link.(*Sittun)
+	for _, datum := range data {
+		switch datum.Attr.Type {
+		case nl.IFLA_IPTUN_LOCAL:
+			sittun.Local = net.IP(datum.Value[0:4])
+		case nl.IFLA_IPTUN_REMOTE:
+			sittun.Remote = net.IP(datum.Value[0:4])
+		case nl.IFLA_IPTUN_TTL:
+			sittun.Ttl = uint8(datum.Value[0])
+		case nl.IFLA_IPTUN_TOS:
+			sittun.Tos = uint8(datum.Value[0])
+		case nl.IFLA_IPTUN_PMTUDISC:
+			sittun.PMtuDisc = uint8(datum.Value[0])
+		case nl.IFLA_IPTUN_ENCAP_TYPE:
+			sittun.EncapType = native.Uint16(datum.Value[0:2])
+		case nl.IFLA_IPTUN_ENCAP_FLAGS:
+			sittun.EncapFlags = native.Uint16(datum.Value[0:2])
+		case nl.IFLA_IPTUN_ENCAP_SPORT:
+			sittun.EncapSport = ntohs(datum.Value[0:2])
+		case nl.IFLA_IPTUN_ENCAP_DPORT:
+			sittun.EncapDport = ntohs(datum.Value[0:2])
 		}
 	}
 }
 
 func addVtiAttrs(vti *Vti, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+
+	family := FAMILY_V4
+	if vti.Local.To4() == nil {
+		family = FAMILY_V6
+	}
+
+	var ip net.IP
 
-	ip := vti.Local.To4()
+	if family == FAMILY_V4 {
+		ip = vti.Local.To4()
+	} else {
+		ip = vti.Local
+	}
 	if ip != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_VTI_LOCAL, []byte(ip))
+		data.AddRtAttr(nl.IFLA_VTI_LOCAL, []byte(ip))
 	}
 
-	ip = vti.Remote.To4()
+	if family == FAMILY_V4 {
+		ip = vti.Remote.To4()
+	} else {
+		ip = vti.Remote
+	}
 	if ip != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_VTI_REMOTE, []byte(ip))
+		data.AddRtAttr(nl.IFLA_VTI_REMOTE, []byte(ip))
 	}
 
 	if vti.Link != 0 {
-		nl.NewRtAttrChild(data, nl.IFLA_VTI_LINK, nl.Uint32Attr(vti.Link))
+		data.AddRtAttr(nl.IFLA_VTI_LINK, nl.Uint32Attr(vti.Link))
 	}
 
-	nl.NewRtAttrChild(data, nl.IFLA_VTI_IKEY, htonl(vti.IKey))
-	nl.NewRtAttrChild(data, nl.IFLA_VTI_OKEY, htonl(vti.OKey))
+	data.AddRtAttr(nl.IFLA_VTI_IKEY, htonl(vti.IKey))
+	data.AddRtAttr(nl.IFLA_VTI_OKEY, htonl(vti.OKey))
 }
 
 func parseVtiData(link Link, data []syscall.NetlinkRouteAttr) {
@@ -1937,9 +2728,9 @@ func parseVtiData(link Link, data []syscall.NetlinkRouteAttr) {
 	for _, datum := range data {
 		switch datum.Attr.Type {
 		case nl.IFLA_VTI_LOCAL:
-			vti.Local = net.IP(datum.Value[0:4])
+			vti.Local = net.IP(datum.Value)
 		case nl.IFLA_VTI_REMOTE:
-			vti.Remote = net.IP(datum.Value[0:4])
+			vti.Remote = net.IP(datum.Value)
 		case nl.IFLA_VTI_IKEY:
 			vti.IKey = ntohl(datum.Value[0:4])
 		case nl.IFLA_VTI_OKEY:
@@ -1949,10 +2740,10 @@ func parseVtiData(link Link, data []syscall.NetlinkRouteAttr) {
 }
 
 func addVrfAttrs(vrf *Vrf, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
 	b := make([]byte, 4)
 	native.PutUint32(b, uint32(vrf.Table))
-	nl.NewRtAttrChild(data, nl.IFLA_VRF_TABLE, b)
+	data.AddRtAttr(nl.IFLA_VRF_TABLE, b)
 }
 
 func parseVrfData(link Link, data []syscall.NetlinkRouteAttr) {
@@ -1966,12 +2757,15 @@ func parseVrfData(link Link, data []syscall.NetlinkRouteAttr) {
 }
 
 func addBridgeAttrs(bridge *Bridge, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
 	if bridge.MulticastSnooping != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_BR_MCAST_SNOOPING, boolToByte(*bridge.MulticastSnooping))
+		data.AddRtAttr(nl.IFLA_BR_MCAST_SNOOPING, boolToByte(*bridge.MulticastSnooping))
 	}
 	if bridge.HelloTime != nil {
-		nl.NewRtAttrChild(data, nl.IFLA_BR_HELLO_TIME, nl.Uint32Attr(*bridge.HelloTime))
+		data.AddRtAttr(nl.IFLA_BR_HELLO_TIME, nl.Uint32Attr(*bridge.HelloTime))
+	}
+	if bridge.VlanFiltering != nil {
+		data.AddRtAttr(nl.IFLA_BR_VLAN_FILTERING, boolToByte(*bridge.VlanFiltering))
 	}
 }
 
@@ -1985,17 +2779,20 @@ func parseBridgeData(bridge Link, data []syscall.NetlinkRouteAttr) {
 		case nl.IFLA_BR_MCAST_SNOOPING:
 			mcastSnooping := datum.Value[0] == 1
 			br.MulticastSnooping = &mcastSnooping
+		case nl.IFLA_BR_VLAN_FILTERING:
+			vlanFiltering := datum.Value[0] == 1
+			br.VlanFiltering = &vlanFiltering
 		}
 	}
 }
 
 func addGTPAttrs(gtp *GTP, linkInfo *nl.RtAttr) {
-	data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil)
-	nl.NewRtAttrChild(data, nl.IFLA_GTP_FD0, nl.Uint32Attr(uint32(gtp.FD0)))
-	nl.NewRtAttrChild(data, nl.IFLA_GTP_FD1, nl.Uint32Attr(uint32(gtp.FD1)))
-	nl.NewRtAttrChild(data, nl.IFLA_GTP_PDP_HASHSIZE, nl.Uint32Attr(131072))
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+	data.AddRtAttr(nl.IFLA_GTP_FD0, nl.Uint32Attr(uint32(gtp.FD0)))
+	data.AddRtAttr(nl.IFLA_GTP_FD1, nl.Uint32Attr(uint32(gtp.FD1)))
+	data.AddRtAttr(nl.IFLA_GTP_PDP_HASHSIZE, nl.Uint32Attr(131072))
 	if gtp.Role != nl.GTP_ROLE_GGSN {
-		nl.NewRtAttrChild(data, nl.IFLA_GTP_ROLE, nl.Uint32Attr(uint32(gtp.Role)))
+		data.AddRtAttr(nl.IFLA_GTP_ROLE, nl.Uint32Attr(uint32(gtp.Role)))
 	}
 }
 
@@ -2014,3 +2811,208 @@ func parseGTPData(link Link, data []syscall.NetlinkRouteAttr) {
 		}
 	}
 }
+
+func parseVfInfoList(data []syscall.NetlinkRouteAttr) ([]VfInfo, error) {
+	var vfs []VfInfo
+
+	for i, element := range data {
+		if element.Attr.Type != nl.IFLA_VF_INFO {
+			return nil, fmt.Errorf("Incorrect element type in vf info list: %d", element.Attr.Type)
+		}
+		vfAttrs, err := nl.ParseRouteAttr(element.Value)
+		if err != nil {
+			return nil, err
+		}
+		vfs = append(vfs, parseVfInfo(vfAttrs, i))
+	}
+	return vfs, nil
+}
+
+func parseVfInfo(data []syscall.NetlinkRouteAttr, id int) VfInfo {
+	vf := VfInfo{ID: id}
+	for _, element := range data {
+		switch element.Attr.Type {
+		case nl.IFLA_VF_MAC:
+			mac := nl.DeserializeVfMac(element.Value[:])
+			vf.Mac = mac.Mac[:6]
+		case nl.IFLA_VF_VLAN:
+			vl := nl.DeserializeVfVlan(element.Value[:])
+			vf.Vlan = int(vl.Vlan)
+			vf.Qos = int(vl.Qos)
+		case nl.IFLA_VF_TX_RATE:
+			txr := nl.DeserializeVfTxRate(element.Value[:])
+			vf.TxRate = int(txr.Rate)
+		case nl.IFLA_VF_SPOOFCHK:
+			sp := nl.DeserializeVfSpoofchk(element.Value[:])
+			vf.Spoofchk = sp.Setting != 0
+		case nl.IFLA_VF_LINK_STATE:
+			ls := nl.DeserializeVfLinkState(element.Value[:])
+			vf.LinkState = ls.LinkState
+		case nl.IFLA_VF_RATE:
+			vfr := nl.DeserializeVfRate(element.Value[:])
+			vf.MaxTxRate = vfr.MaxTxRate
+			vf.MinTxRate = vfr.MinTxRate
+		}
+	}
+	return vf
+}
+
+func addXfrmiAttrs(xfrmi *Xfrmi, linkInfo *nl.RtAttr) {
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+	data.AddRtAttr(nl.IFLA_XFRM_LINK, nl.Uint32Attr(uint32(xfrmi.ParentIndex)))
+	data.AddRtAttr(nl.IFLA_XFRM_IF_ID, nl.Uint32Attr(xfrmi.Ifid))
+
+}
+
+func parseXfrmiData(link Link, data []syscall.NetlinkRouteAttr) {
+	xfrmi := link.(*Xfrmi)
+	for _, datum := range data {
+		switch datum.Attr.Type {
+		case nl.IFLA_XFRM_LINK:
+			xfrmi.ParentIndex = int(native.Uint32(datum.Value))
+		case nl.IFLA_XFRM_IF_ID:
+			xfrmi.Ifid = native.Uint32(datum.Value)
+		}
+	}
+}
+
+// LinkSetBondSlave add slave to bond link via ioctl interface.
+func LinkSetBondSlave(link Link, master *Bond) error {
+	fd, err := getSocketUDP()
+	if err != nil {
+		return err
+	}
+	defer syscall.Close(fd)
+
+	ifreq := newIocltSlaveReq(link.Attrs().Name, master.Attrs().Name)
+
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), unix.SIOCBONDENSLAVE, uintptr(unsafe.Pointer(ifreq)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to enslave %q to %q, errno=%v", link.Attrs().Name, master.Attrs().Name, errno)
+	}
+	return nil
+}
+
+// LinkSetBondSlaveQueueId modify bond slave queue-id.
+func (h *Handle) LinkSetBondSlaveQueueId(link Link, queueId uint16) error {
+	base := link.Attrs()
+	h.ensureIndex(base)
+	req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK)
+
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Index = int32(base.Index)
+	req.AddData(msg)
+
+	linkInfo := nl.NewRtAttr(unix.IFLA_LINKINFO, nil)
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_SLAVE_DATA, nil)
+	data.AddRtAttr(nl.IFLA_BOND_SLAVE_QUEUE_ID, nl.Uint16Attr(queueId))
+
+	req.AddData(linkInfo)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	return err
+}
+
+// LinkSetBondSlaveQueueId modify bond slave queue-id.
+func LinkSetBondSlaveQueueId(link Link, queueId uint16) error {
+	return pkgHandle.LinkSetBondSlaveQueueId(link, queueId)
+}
+
+func vethStatsSerialize(stats ethtoolStats) ([]byte, error) {
+	statsSize := int(unsafe.Sizeof(stats)) + int(stats.nStats)*int(unsafe.Sizeof(uint64(0)))
+	b := make([]byte, 0, statsSize)
+	buf := bytes.NewBuffer(b)
+	err := binary.Write(buf, nl.NativeEndian(), stats)
+	return buf.Bytes()[:statsSize], err
+}
+
+type vethEthtoolStats struct {
+	Cmd    uint32
+	NStats uint32
+	Peer   uint64
+	// Newer kernels have XDP stats in here, but we only care
+	// to extract the peer ifindex here.
+}
+
+func vethStatsDeserialize(b []byte) (vethEthtoolStats, error) {
+	var stats = vethEthtoolStats{}
+	err := binary.Read(bytes.NewReader(b), nl.NativeEndian(), &stats)
+	return stats, err
+}
+
+// VethPeerIndex get veth peer index.
+func VethPeerIndex(link *Veth) (int, error) {
+	fd, err := getSocketUDP()
+	if err != nil {
+		return -1, err
+	}
+	defer syscall.Close(fd)
+
+	ifreq, sSet := newIocltStringSetReq(link.Name)
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), SIOCETHTOOL, uintptr(unsafe.Pointer(ifreq)))
+	if errno != 0 {
+		return -1, fmt.Errorf("SIOCETHTOOL request for %q failed, errno=%v", link.Attrs().Name, errno)
+	}
+
+	stats := ethtoolStats{
+		cmd:    ETHTOOL_GSTATS,
+		nStats: sSet.data[0],
+	}
+
+	buffer, err := vethStatsSerialize(stats)
+	if err != nil {
+		return -1, err
+	}
+
+	ifreq.Data = uintptr(unsafe.Pointer(&buffer[0]))
+	_, _, errno = syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), SIOCETHTOOL, uintptr(unsafe.Pointer(ifreq)))
+	if errno != 0 {
+		return -1, fmt.Errorf("SIOCETHTOOL request for %q failed, errno=%v", link.Attrs().Name, errno)
+	}
+
+	vstats, err := vethStatsDeserialize(buffer)
+	if err != nil {
+		return -1, err
+	}
+
+	return int(vstats.Peer), nil
+}
+
+func parseTuntapData(link Link, data []syscall.NetlinkRouteAttr) {
+	tuntap := link.(*Tuntap)
+	for _, datum := range data {
+		switch datum.Attr.Type {
+		case nl.IFLA_TUN_OWNER:
+			tuntap.Owner = native.Uint32(datum.Value)
+		case nl.IFLA_TUN_GROUP:
+			tuntap.Group = native.Uint32(datum.Value)
+		case nl.IFLA_TUN_TYPE:
+			tuntap.Mode = TuntapMode(uint8(datum.Value[0]))
+		case nl.IFLA_TUN_PERSIST:
+			tuntap.NonPersist = false
+			if uint8(datum.Value[0]) == 0 {
+				tuntap.NonPersist = true
+			}
+		}
+	}
+}
+
+func parseIPoIBData(link Link, data []syscall.NetlinkRouteAttr) {
+	ipoib := link.(*IPoIB)
+	for _, datum := range data {
+		switch datum.Attr.Type {
+		case nl.IFLA_IPOIB_PKEY:
+			ipoib.Pkey = uint16(native.Uint16(datum.Value))
+		case nl.IFLA_IPOIB_MODE:
+			ipoib.Mode = IPoIBMode(native.Uint16(datum.Value))
+		case nl.IFLA_IPOIB_UMCAST:
+			ipoib.Umcast = uint16(native.Uint16(datum.Value))
+		}
+	}
+}
+
+func addIPoIBAttrs(ipoib *IPoIB, linkInfo *nl.RtAttr) {
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+	data.AddRtAttr(nl.IFLA_IPOIB_PKEY, nl.Uint16Attr(uint16(ipoib.Pkey)))
+	data.AddRtAttr(nl.IFLA_IPOIB_MODE, nl.Uint16Attr(uint16(ipoib.Mode)))
+	data.AddRtAttr(nl.IFLA_IPOIB_UMCAST, nl.Uint16Attr(uint16(ipoib.Umcast)))
+}
diff --git a/vendor/github.com/vishvananda/netlink/neigh.go b/vendor/github.com/vishvananda/netlink/neigh.go
index 6a6f71ce866d5..379e5655f730f 100644
--- a/vendor/github.com/vishvananda/netlink/neigh.go
+++ b/vendor/github.com/vishvananda/netlink/neigh.go
@@ -15,9 +15,18 @@ type Neigh struct {
 	IP           net.IP
 	HardwareAddr net.HardwareAddr
 	LLIPAddr     net.IP //Used in the case of NHRP
+	Vlan         int
+	VNI          int
+	MasterIndex  int
 }
 
 // String returns $ip/$hwaddr $label
 func (neigh *Neigh) String() string {
 	return fmt.Sprintf("%s %s", neigh.IP, neigh.HardwareAddr)
 }
+
+// NeighUpdate is sent when a neighbor changes - type is RTM_NEWNEIGH or RTM_DELNEIGH.
+type NeighUpdate struct {
+	Type uint16
+	Neigh
+}
diff --git a/vendor/github.com/vishvananda/netlink/neigh_linux.go b/vendor/github.com/vishvananda/netlink/neigh_linux.go
index 5edc8b41259c9..cb3b55d3508de 100644
--- a/vendor/github.com/vishvananda/netlink/neigh_linux.go
+++ b/vendor/github.com/vishvananda/netlink/neigh_linux.go
@@ -1,11 +1,14 @@
 package netlink
 
 import (
+	"fmt"
 	"net"
 	"syscall"
 	"unsafe"
 
 	"github.com/vishvananda/netlink/nl"
+	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -18,7 +21,10 @@ const (
 	NDA_PORT
 	NDA_VNI
 	NDA_IFINDEX
-	NDA_MAX = NDA_IFINDEX
+	NDA_MASTER
+	NDA_LINK_NETNSID
+	NDA_SRC_VNI
+	NDA_MAX = NDA_SRC_VNI
 )
 
 // Neighbor Cache Entry States.
@@ -43,6 +49,7 @@ const (
 	NTF_ROUTER = 0x80
 )
 
+// Ndmsg is for adding, removing or receiving information about a neighbor table entry
 type Ndmsg struct {
 	Family uint8
 	Index  uint32
@@ -73,7 +80,7 @@ func NeighAdd(neigh *Neigh) error {
 // NeighAdd will add an IP to MAC mapping to the ARP table
 // Equivalent to: `ip neigh add ....`
 func (h *Handle) NeighAdd(neigh *Neigh) error {
-	return h.neighAdd(neigh, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL)
+	return h.neighAdd(neigh, unix.NLM_F_CREATE|unix.NLM_F_EXCL)
 }
 
 // NeighSet will add or replace an IP to MAC mapping to the ARP table
@@ -85,7 +92,7 @@ func NeighSet(neigh *Neigh) error {
 // NeighSet will add or replace an IP to MAC mapping to the ARP table
 // Equivalent to: `ip neigh replace....`
 func (h *Handle) NeighSet(neigh *Neigh) error {
-	return h.neighAdd(neigh, syscall.NLM_F_CREATE|syscall.NLM_F_REPLACE)
+	return h.neighAdd(neigh, unix.NLM_F_CREATE|unix.NLM_F_REPLACE)
 }
 
 // NeighAppend will append an entry to FDB
@@ -97,7 +104,7 @@ func NeighAppend(neigh *Neigh) error {
 // NeighAppend will append an entry to FDB
 // Equivalent to: `bridge fdb append...`
 func (h *Handle) NeighAppend(neigh *Neigh) error {
-	return h.neighAdd(neigh, syscall.NLM_F_CREATE|syscall.NLM_F_APPEND)
+	return h.neighAdd(neigh, unix.NLM_F_CREATE|unix.NLM_F_APPEND)
 }
 
 // NeighAppend will append an entry to FDB
@@ -109,7 +116,7 @@ func neighAdd(neigh *Neigh, mode int) error {
 // NeighAppend will append an entry to FDB
 // Equivalent to: `bridge fdb append...`
 func (h *Handle) neighAdd(neigh *Neigh, mode int) error {
-	req := h.newNetlinkRequest(syscall.RTM_NEWNEIGH, mode|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_NEWNEIGH, mode|unix.NLM_F_ACK)
 	return neighHandle(neigh, req)
 }
 
@@ -122,7 +129,7 @@ func NeighDel(neigh *Neigh) error {
 // NeighDel will delete an IP address from a link device.
 // Equivalent to: `ip addr del $addr dev $link`
 func (h *Handle) NeighDel(neigh *Neigh) error {
-	req := h.newNetlinkRequest(syscall.RTM_DELNEIGH, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_DELNEIGH, unix.NLM_F_ACK)
 	return neighHandle(neigh, req)
 }
 
@@ -160,48 +167,71 @@ func neighHandle(neigh *Neigh, req *nl.NetlinkRequest) error {
 		req.AddData(hwData)
 	}
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	if neigh.Vlan != 0 {
+		vlanData := nl.NewRtAttr(NDA_VLAN, nl.Uint16Attr(uint16(neigh.Vlan)))
+		req.AddData(vlanData)
+	}
+
+	if neigh.VNI != 0 {
+		vniData := nl.NewRtAttr(NDA_VNI, nl.Uint32Attr(uint32(neigh.VNI)))
+		req.AddData(vniData)
+	}
+
+	if neigh.MasterIndex != 0 {
+		masterData := nl.NewRtAttr(NDA_MASTER, nl.Uint32Attr(uint32(neigh.MasterIndex)))
+		req.AddData(masterData)
+	}
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
-// NeighList gets a list of IP-MAC mappings in the system (ARP table).
+// NeighList returns a list of IP-MAC mappings in the system (ARP table).
 // Equivalent to: `ip neighbor show`.
 // The list can be filtered by link and ip family.
 func NeighList(linkIndex, family int) ([]Neigh, error) {
 	return pkgHandle.NeighList(linkIndex, family)
 }
 
-// NeighProxyList gets a list of neighbor proxies in the system.
+// NeighProxyList returns a list of neighbor proxies in the system.
 // Equivalent to: `ip neighbor show proxy`.
 // The list can be filtered by link and ip family.
 func NeighProxyList(linkIndex, family int) ([]Neigh, error) {
 	return pkgHandle.NeighProxyList(linkIndex, family)
 }
 
-// NeighList gets a list of IP-MAC mappings in the system (ARP table).
+// NeighList returns a list of IP-MAC mappings in the system (ARP table).
 // Equivalent to: `ip neighbor show`.
 // The list can be filtered by link and ip family.
 func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) {
-	return h.neighList(linkIndex, family, 0)
+	return h.NeighListExecute(Ndmsg{
+		Family: uint8(family),
+		Index:  uint32(linkIndex),
+	})
 }
 
-// NeighProxyList gets a list of neighbor proxies in the system.
+// NeighProxyList returns a list of neighbor proxies in the system.
 // Equivalent to: `ip neighbor show proxy`.
 // The list can be filtered by link, ip family.
 func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) {
-	return h.neighList(linkIndex, family, NTF_PROXY)
-}
-
-func (h *Handle) neighList(linkIndex, family, flags int) ([]Neigh, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETNEIGH, syscall.NLM_F_DUMP)
-	msg := Ndmsg{
+	return h.NeighListExecute(Ndmsg{
 		Family: uint8(family),
 		Index:  uint32(linkIndex),
-		Flags:  uint8(flags),
-	}
+		Flags:  NTF_PROXY,
+	})
+}
+
+// NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state.
+func NeighListExecute(msg Ndmsg) ([]Neigh, error) {
+	return pkgHandle.NeighListExecute(msg)
+}
+
+// NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state.
+func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
+	req := h.newNetlinkRequest(unix.RTM_GETNEIGH, unix.NLM_F_DUMP)
 	req.AddData(&msg)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWNEIGH)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNEIGH)
 	if err != nil {
 		return nil, err
 	}
@@ -209,7 +239,7 @@ func (h *Handle) neighList(linkIndex, family, flags int) ([]Neigh, error) {
 	var res []Neigh
 	for _, m := range msgs {
 		ndm := deserializeNdmsg(m)
-		if linkIndex != 0 && int(ndm.Index) != linkIndex {
+		if msg.Index != 0 && ndm.Index != msg.Index {
 			// Ignore messages from other interfaces
 			continue
 		}
@@ -241,14 +271,6 @@ func NeighDeserialize(m []byte) (*Neigh, error) {
 		return nil, err
 	}
 
-	// This should be cached for perfomance
-	// once per table dump
-	link, err := LinkByIndex(neigh.LinkIndex)
-	if err != nil {
-		return nil, err
-	}
-	encapType := link.Attrs().EncapType
-
 	for _, attr := range attrs {
 		switch attr.Attr.Type {
 		case NDA_DST:
@@ -257,19 +279,144 @@ func NeighDeserialize(m []byte) (*Neigh, error) {
 			// BUG: Is this a bug in the netlink library?
 			// #define RTA_LENGTH(len) (RTA_ALIGN(sizeof(struct rtattr)) + (len))
 			// #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
-			attrLen := attr.Attr.Len - syscall.SizeofRtAttr
-			if attrLen == 4 && (encapType == "ipip" ||
-				encapType == "sit" ||
-				encapType == "gre") {
+			attrLen := attr.Attr.Len - unix.SizeofRtAttr
+			if attrLen == 4 {
 				neigh.LLIPAddr = net.IP(attr.Value)
-			} else if attrLen == 16 &&
-				encapType == "tunnel6" {
-				neigh.IP = net.IP(attr.Value)
+			} else if attrLen == 16 {
+				// Can be IPv6 or FireWire HWAddr
+				link, err := LinkByIndex(neigh.LinkIndex)
+				if err == nil && link.Attrs().EncapType == "tunnel6" {
+					neigh.IP = net.IP(attr.Value)
+				} else {
+					neigh.HardwareAddr = net.HardwareAddr(attr.Value)
+				}
 			} else {
 				neigh.HardwareAddr = net.HardwareAddr(attr.Value)
 			}
+		case NDA_VLAN:
+			neigh.Vlan = int(native.Uint16(attr.Value[0:2]))
+		case NDA_VNI:
+			neigh.VNI = int(native.Uint32(attr.Value[0:4]))
+		case NDA_MASTER:
+			neigh.MasterIndex = int(native.Uint32(attr.Value[0:4]))
 		}
 	}
 
 	return &neigh, nil
 }
+
+// NeighSubscribe takes a chan down which notifications will be sent
+// when neighbors are added or deleted. Close the 'done' chan to stop subscription.
+func NeighSubscribe(ch chan<- NeighUpdate, done <-chan struct{}) error {
+	return neighSubscribeAt(netns.None(), netns.None(), ch, done, nil, false)
+}
+
+// NeighSubscribeAt works like NeighSubscribe plus it allows the caller
+// to choose the network namespace in which to subscribe (ns).
+func NeighSubscribeAt(ns netns.NsHandle, ch chan<- NeighUpdate, done <-chan struct{}) error {
+	return neighSubscribeAt(ns, netns.None(), ch, done, nil, false)
+}
+
+// NeighSubscribeOptions contains a set of options to use with
+// NeighSubscribeWithOptions.
+type NeighSubscribeOptions struct {
+	Namespace     *netns.NsHandle
+	ErrorCallback func(error)
+	ListExisting  bool
+}
+
+// NeighSubscribeWithOptions work like NeighSubscribe but enable to
+// provide additional options to modify the behavior. Currently, the
+// namespace can be provided as well as an error callback.
+func NeighSubscribeWithOptions(ch chan<- NeighUpdate, done <-chan struct{}, options NeighSubscribeOptions) error {
+	if options.Namespace == nil {
+		none := netns.None()
+		options.Namespace = &none
+	}
+	return neighSubscribeAt(*options.Namespace, netns.None(), ch, done, options.ErrorCallback, options.ListExisting)
+}
+
+func neighSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- NeighUpdate, done <-chan struct{}, cberr func(error), listExisting bool) error {
+	s, err := nl.SubscribeAt(newNs, curNs, unix.NETLINK_ROUTE, unix.RTNLGRP_NEIGH)
+	makeRequest := func(family int) error {
+		req := pkgHandle.newNetlinkRequest(unix.RTM_GETNEIGH,
+			unix.NLM_F_DUMP)
+		infmsg := nl.NewIfInfomsg(family)
+		req.AddData(infmsg)
+		if err := s.Send(req); err != nil {
+			return err
+		}
+		return nil
+	}
+	if err != nil {
+		return err
+	}
+	if done != nil {
+		go func() {
+			<-done
+			s.Close()
+		}()
+	}
+	if listExisting {
+		if err := makeRequest(unix.AF_UNSPEC); err != nil {
+			return err
+		}
+		// We have to wait for NLMSG_DONE before making AF_BRIDGE request
+	}
+	go func() {
+		defer close(ch)
+		for {
+			msgs, from, err := s.Receive()
+			if err != nil {
+				if cberr != nil {
+					cberr(err)
+				}
+				return
+			}
+			if from.Pid != nl.PidKernel {
+				if cberr != nil {
+					cberr(fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel))
+				}
+				continue
+			}
+			for _, m := range msgs {
+				if m.Header.Type == unix.NLMSG_DONE {
+					if listExisting {
+						// This will be called after handling AF_UNSPEC
+						// list request, we have to wait for NLMSG_DONE
+						// before making another request
+						if err := makeRequest(unix.AF_BRIDGE); err != nil {
+							if cberr != nil {
+								cberr(err)
+							}
+							return
+						}
+						listExisting = false
+					}
+					continue
+				}
+				if m.Header.Type == unix.NLMSG_ERROR {
+					native := nl.NativeEndian()
+					error := int32(native.Uint32(m.Data[0:4]))
+					if error == 0 {
+						continue
+					}
+					if cberr != nil {
+						cberr(syscall.Errno(-error))
+					}
+					return
+				}
+				neigh, err := NeighDeserialize(m.Data)
+				if err != nil {
+					if cberr != nil {
+						cberr(err)
+					}
+					return
+				}
+				ch <- NeighUpdate{Type: m.Header.Type, Neigh: *neigh}
+			}
+		}
+	}()
+
+	return nil
+}
diff --git a/vendor/github.com/vishvananda/netlink/netlink.go b/vendor/github.com/vishvananda/netlink/netlink.go
index fb159526e316f..9cb685dc818fa 100644
--- a/vendor/github.com/vishvananda/netlink/netlink.go
+++ b/vendor/github.com/vishvananda/netlink/netlink.go
@@ -27,7 +27,8 @@ func ParseIPNet(s string) (*net.IPNet, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &net.IPNet{IP: ip, Mask: ipNet.Mask}, nil
+	ipNet.IP = ip
+	return ipNet, nil
 }
 
 // NewIPNet generates an IPNet from an ip address using a netmask of 32 or 128.
diff --git a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
index 86111b92ce167..42d3acf9180ac 100644
--- a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
@@ -48,10 +48,18 @@ func LinkSetVfVlan(link Link, vf, vlan int) error {
 	return ErrNotImplemented
 }
 
+func LinkSetVfVlanQos(link Link, vf, vlan, qos int) error {
+	return ErrNotImplemented
+}
+
 func LinkSetVfTxRate(link Link, vf, rate int) error {
 	return ErrNotImplemented
 }
 
+func LinkSetVfRate(link Link, vf, minRate, maxRate int) error {
+	return ErrNotImplemented
+}
+
 func LinkSetNoMaster(link Link) error {
 	return ErrNotImplemented
 }
@@ -152,6 +160,10 @@ func AddrAdd(link Link, addr *Addr) error {
 	return ErrNotImplemented
 }
 
+func AddrReplace(link Link, addr *Addr) error {
+	return ErrNotImplemented
+}
+
 func AddrDel(link Link, addr *Addr) error {
 	return ErrNotImplemented
 }
diff --git a/vendor/github.com/vishvananda/netlink/netns_linux.go b/vendor/github.com/vishvananda/netlink/netns_linux.go
new file mode 100644
index 0000000000000..77cf6f46901be
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/netns_linux.go
@@ -0,0 +1,141 @@
+package netlink
+
+// Network namespace ID functions
+//
+// The kernel has a weird concept called the network namespace ID.
+// This is different from the file reference in proc (and any bind-mounted
+// namespaces, etc.)
+//
+// Instead, namespaces can be assigned a numeric ID at any time. Once set,
+// the ID is fixed. The ID can either be set manually by the user, or
+// automatically, triggered by certain kernel actions. The most common kernel
+// action that triggers namespace ID creation is moving one end of a veth pair
+// in to that namespace.
+
+import (
+	"fmt"
+
+	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
+)
+
+// These can be replaced by the values from sys/unix when it is next released.
+const (
+	_ = iota
+	NETNSA_NSID
+	NETNSA_PID
+	NETNSA_FD
+)
+
+// GetNetNsIdByPid looks up the network namespace ID for a given pid (really thread id).
+// Returns -1 if the namespace does not have an ID set.
+func (h *Handle) GetNetNsIdByPid(pid int) (int, error) {
+	return h.getNetNsId(NETNSA_PID, uint32(pid))
+}
+
+// GetNetNsIdByPid looks up the network namespace ID for a given pid (really thread id).
+// Returns -1 if the namespace does not have an ID set.
+func GetNetNsIdByPid(pid int) (int, error) {
+	return pkgHandle.GetNetNsIdByPid(pid)
+}
+
+// SetNetNSIdByPid sets the ID of the network namespace for a given pid (really thread id).
+// The ID can only be set for namespaces without an ID already set.
+func (h *Handle) SetNetNsIdByPid(pid, nsid int) error {
+	return h.setNetNsId(NETNSA_PID, uint32(pid), uint32(nsid))
+}
+
+// SetNetNSIdByPid sets the ID of the network namespace for a given pid (really thread id).
+// The ID can only be set for namespaces without an ID already set.
+func SetNetNsIdByPid(pid, nsid int) error {
+	return pkgHandle.SetNetNsIdByPid(pid, nsid)
+}
+
+// GetNetNsIdByFd looks up the network namespace ID for a given fd.
+// fd must be an open file descriptor to a namespace file.
+// Returns -1 if the namespace does not have an ID set.
+func (h *Handle) GetNetNsIdByFd(fd int) (int, error) {
+	return h.getNetNsId(NETNSA_FD, uint32(fd))
+}
+
+// GetNetNsIdByFd looks up the network namespace ID for a given fd.
+// fd must be an open file descriptor to a namespace file.
+// Returns -1 if the namespace does not have an ID set.
+func GetNetNsIdByFd(fd int) (int, error) {
+	return pkgHandle.GetNetNsIdByFd(fd)
+}
+
+// SetNetNSIdByFd sets the ID of the network namespace for a given fd.
+// fd must be an open file descriptor to a namespace file.
+// The ID can only be set for namespaces without an ID already set.
+func (h *Handle) SetNetNsIdByFd(fd, nsid int) error {
+	return h.setNetNsId(NETNSA_FD, uint32(fd), uint32(nsid))
+}
+
+// SetNetNSIdByFd sets the ID of the network namespace for a given fd.
+// fd must be an open file descriptor to a namespace file.
+// The ID can only be set for namespaces without an ID already set.
+func SetNetNsIdByFd(fd, nsid int) error {
+	return pkgHandle.SetNetNsIdByFd(fd, nsid)
+}
+
+// getNetNsId requests the netnsid for a given type-val pair
+// type should be either NETNSA_PID or NETNSA_FD
+func (h *Handle) getNetNsId(attrType int, val uint32) (int, error) {
+	req := h.newNetlinkRequest(unix.RTM_GETNSID, unix.NLM_F_REQUEST)
+
+	rtgen := nl.NewRtGenMsg()
+	req.AddData(rtgen)
+
+	b := make([]byte, 4, 4)
+	native.PutUint32(b, val)
+	attr := nl.NewRtAttr(attrType, b)
+	req.AddData(attr)
+
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNSID)
+
+	if err != nil {
+		return 0, err
+	}
+
+	for _, m := range msgs {
+		msg := nl.DeserializeRtGenMsg(m)
+
+		attrs, err := nl.ParseRouteAttr(m[msg.Len():])
+		if err != nil {
+			return 0, err
+		}
+
+		for _, attr := range attrs {
+			switch attr.Attr.Type {
+			case NETNSA_NSID:
+				return int(int32(native.Uint32(attr.Value))), nil
+			}
+		}
+	}
+
+	return 0, fmt.Errorf("unexpected empty result")
+}
+
+// setNetNsId sets the netnsid for a given type-val pair
+// type should be either NETNSA_PID or NETNSA_FD
+// The ID can only be set for namespaces without an ID already set
+func (h *Handle) setNetNsId(attrType int, val uint32, newnsid uint32) error {
+	req := h.newNetlinkRequest(unix.RTM_NEWNSID, unix.NLM_F_REQUEST|unix.NLM_F_ACK)
+
+	rtgen := nl.NewRtGenMsg()
+	req.AddData(rtgen)
+
+	b := make([]byte, 4, 4)
+	native.PutUint32(b, val)
+	attr := nl.NewRtAttr(attrType, b)
+	req.AddData(attr)
+
+	b1 := make([]byte, 4, 4)
+	native.PutUint32(b1, newnsid)
+	attr1 := nl.NewRtAttr(NETNSA_NSID, b1)
+	req.AddData(attr1)
+
+	_, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNSID)
+	return err
+}
diff --git a/vendor/github.com/vishvananda/netlink/netns_unspecified.go b/vendor/github.com/vishvananda/netlink/netns_unspecified.go
new file mode 100644
index 0000000000000..5c5899e3628f6
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/netns_unspecified.go
@@ -0,0 +1,19 @@
+// +build !linux
+
+package netlink
+
+func GetNetNsIdByPid(pid int) (int, error) {
+	return 0, ErrNotImplemented
+}
+
+func SetNetNsIdByPid(pid, nsid int) error {
+	return ErrNotImplemented
+}
+
+func GetNetNsIdByFd(fd int) (int, error) {
+	return 0, ErrNotImplemented
+}
+
+func SetNetNsIdByFd(fd, nsid int) error {
+	return ErrNotImplemented
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/addr_linux.go b/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
index fe362e9fa7c31..50db3b4cdd87f 100644
--- a/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
@@ -1,17 +1,18 @@
 package nl
 
 import (
-	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 type IfAddrmsg struct {
-	syscall.IfAddrmsg
+	unix.IfAddrmsg
 }
 
 func NewIfAddrmsg(family int) *IfAddrmsg {
 	return &IfAddrmsg{
-		IfAddrmsg: syscall.IfAddrmsg{
+		IfAddrmsg: unix.IfAddrmsg{
 			Family: uint8(family),
 		},
 	}
@@ -35,15 +36,15 @@ func NewIfAddrmsg(family int) *IfAddrmsg {
 // SizeofIfAddrmsg     = 0x8
 
 func DeserializeIfAddrmsg(b []byte) *IfAddrmsg {
-	return (*IfAddrmsg)(unsafe.Pointer(&b[0:syscall.SizeofIfAddrmsg][0]))
+	return (*IfAddrmsg)(unsafe.Pointer(&b[0:unix.SizeofIfAddrmsg][0]))
 }
 
 func (msg *IfAddrmsg) Serialize() []byte {
-	return (*(*[syscall.SizeofIfAddrmsg]byte)(unsafe.Pointer(msg)))[:]
+	return (*(*[unix.SizeofIfAddrmsg]byte)(unsafe.Pointer(msg)))[:]
 }
 
 func (msg *IfAddrmsg) Len() int {
-	return syscall.SizeofIfAddrmsg
+	return unix.SizeofIfAddrmsg
 }
 
 // struct ifa_cacheinfo {
diff --git a/vendor/github.com/vishvananda/netlink/nl/bridge_linux.go b/vendor/github.com/vishvananda/netlink/nl/bridge_linux.go
index 6c0d333387d67..34e78ba8dafc9 100644
--- a/vendor/github.com/vishvananda/netlink/nl/bridge_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/bridge_linux.go
@@ -11,8 +11,8 @@ const (
 
 /* Bridge Flags */
 const (
-	BRIDGE_FLAGS_MASTER = iota /* Bridge command to/from master */
-	BRIDGE_FLAGS_SELF          /* Bridge command to/from lowerdev */
+	BRIDGE_FLAGS_MASTER = iota + 1 /* Bridge command to/from master */
+	BRIDGE_FLAGS_SELF              /* Bridge command to/from lowerdev */
 )
 
 /* Bridge management nested attributes
diff --git a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
index 380cc5967bfa9..79d2b6b8909f0 100644
--- a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
@@ -76,12 +76,17 @@ const (
 // 	__CTA_MAX
 // };
 const (
-	CTA_TUPLE_ORIG  = 1
-	CTA_TUPLE_REPLY = 2
-	CTA_STATUS      = 3
-	CTA_TIMEOUT     = 7
-	CTA_MARK        = 8
-	CTA_PROTOINFO   = 4
+	CTA_TUPLE_ORIG     = 1
+	CTA_TUPLE_REPLY    = 2
+	CTA_STATUS         = 3
+	CTA_PROTOINFO      = 4
+	CTA_TIMEOUT        = 7
+	CTA_MARK           = 8
+	CTA_COUNTERS_ORIG  = 9
+	CTA_COUNTERS_REPLY = 10
+	CTA_USE            = 11
+	CTA_ID             = 12
+	CTA_TIMESTAMP      = 20
 )
 
 // enum ctattr_tuple {
@@ -163,6 +168,29 @@ const (
 	CTA_PROTOINFO_TCP_FLAGS_REPLY     = 5
 )
 
+// enum ctattr_counters {
+// 	CTA_COUNTERS_UNSPEC,
+// 	CTA_COUNTERS_PACKETS,		/* 64bit counters */
+// 	CTA_COUNTERS_BYTES,		/* 64bit counters */
+// 	CTA_COUNTERS32_PACKETS,		/* old 32bit counters, unused */
+// 	CTA_COUNTERS32_BYTES,		/* old 32bit counters, unused */
+// 	CTA_COUNTERS_PAD,
+// 	__CTA_COUNTERS_M
+// };
+// #define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
+const (
+	CTA_COUNTERS_PACKETS = 1
+	CTA_COUNTERS_BYTES   = 2
+)
+
+// enum CTA TIMESTAMP TLVs
+// CTA_TIMESTAMP_START       /* 64bit value */
+// CTA_TIMESTAMP_STOP        /* 64bit value */
+const (
+	CTA_TIMESTAMP_START = 1
+	CTA_TIMESTAMP_STOP  = 2
+)
+
 // /* General form of address family dependent message.
 //  */
 // struct nfgenmsg {
diff --git a/vendor/github.com/vishvananda/netlink/nl/devlink_linux.go b/vendor/github.com/vishvananda/netlink/nl/devlink_linux.go
new file mode 100644
index 0000000000000..db66faaad30c0
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/devlink_linux.go
@@ -0,0 +1,40 @@
+package nl
+
+// All the following constants are coming from:
+// https://github.com/torvalds/linux/blob/master/include/uapi/linux/devlink.h
+
+const (
+	GENL_DEVLINK_VERSION = 1
+	GENL_DEVLINK_NAME    = "devlink"
+)
+
+const (
+	DEVLINK_CMD_GET         = 1
+	DEVLINK_CMD_ESWITCH_GET = 29
+	DEVLINK_CMD_ESWITCH_SET = 30
+)
+
+const (
+	DEVLINK_ATTR_BUS_NAME            = 1
+	DEVLINK_ATTR_DEV_NAME            = 2
+	DEVLINK_ATTR_ESWITCH_MODE        = 25
+	DEVLINK_ATTR_ESWITCH_INLINE_MODE = 26
+	DEVLINK_ATTR_ESWITCH_ENCAP_MODE  = 62
+)
+
+const (
+	DEVLINK_ESWITCH_MODE_LEGACY    = 0
+	DEVLINK_ESWITCH_MODE_SWITCHDEV = 1
+)
+
+const (
+	DEVLINK_ESWITCH_INLINE_MODE_NONE      = 0
+	DEVLINK_ESWITCH_INLINE_MODE_LINK      = 1
+	DEVLINK_ESWITCH_INLINE_MODE_NETWORK   = 2
+	DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT = 3
+)
+
+const (
+	DEVLINK_ESWITCH_ENCAP_MODE_NONE  = 0
+	DEVLINK_ESWITCH_ENCAP_MODE_BASIC = 1
+)
diff --git a/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
index 9ae65a12c2af9..afb16a9c18d2e 100644
--- a/vendor/github.com/vishvananda/netlink/nl/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
@@ -1,35 +1,11 @@
 package nl
 
 import (
-	"syscall"
 	"unsafe"
 )
 
 const (
 	DEFAULT_CHANGE = 0xFFFFFFFF
-	// doesn't exist in syscall
-	IFLA_VFINFO_LIST = syscall.IFLA_IFALIAS + 1 + iota
-	IFLA_STATS64
-	IFLA_VF_PORTS
-	IFLA_PORT_SELF
-	IFLA_AF_SPEC
-	IFLA_GROUP
-	IFLA_NET_NS_FD
-	IFLA_EXT_MASK
-	IFLA_PROMISCUITY
-	IFLA_NUM_TX_QUEUES
-	IFLA_NUM_RX_QUEUES
-	IFLA_CARRIER
-	IFLA_PHYS_PORT_ID
-	IFLA_CARRIER_CHANGES
-	IFLA_PHYS_SWITCH_ID
-	IFLA_LINK_NETNSID
-	IFLA_PHYS_PORT_NAME
-	IFLA_PROTO_DOWN
-	IFLA_GSO_MAX_SEGS
-	IFLA_GSO_MAX_SIZE
-	IFLA_PAD
-	IFLA_XDP
 )
 
 const (
@@ -37,7 +13,9 @@ const (
 	IFLA_INFO_KIND
 	IFLA_INFO_DATA
 	IFLA_INFO_XSTATS
-	IFLA_INFO_MAX = IFLA_INFO_XSTATS
+	IFLA_INFO_SLAVE_KIND
+	IFLA_INFO_SLAVE_DATA
+	IFLA_INFO_MAX = IFLA_INFO_SLAVE_DATA
 )
 
 const (
@@ -111,13 +89,18 @@ const (
 const (
 	IFLA_IPVLAN_UNSPEC = iota
 	IFLA_IPVLAN_MODE
-	IFLA_IPVLAN_MAX = IFLA_IPVLAN_MODE
+	IFLA_IPVLAN_FLAG
+	IFLA_IPVLAN_MAX = IFLA_IPVLAN_FLAG
 )
 
 const (
 	IFLA_MACVLAN_UNSPEC = iota
 	IFLA_MACVLAN_MODE
 	IFLA_MACVLAN_FLAGS
+	IFLA_MACVLAN_MACADDR_MODE
+	IFLA_MACVLAN_MACADDR
+	IFLA_MACVLAN_MACADDR_DATA
+	IFLA_MACVLAN_MACADDR_COUNT
 	IFLA_MACVLAN_MAX = IFLA_MACVLAN_FLAGS
 )
 
@@ -129,6 +112,13 @@ const (
 	MACVLAN_MODE_SOURCE   = 16
 )
 
+const (
+	MACVLAN_MACADDR_ADD = iota
+	MACVLAN_MACADDR_DEL
+	MACVLAN_MACADDR_FLUSH
+	MACVLAN_MACADDR_SET
+)
+
 const (
 	IFLA_BOND_UNSPEC = iota
 	IFLA_BOND_MODE
@@ -177,6 +167,8 @@ const (
 	IFLA_BOND_SLAVE_PERM_HWADDR
 	IFLA_BOND_SLAVE_QUEUE_ID
 	IFLA_BOND_SLAVE_AD_AGGREGATOR_ID
+	IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE
+	IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE
 )
 
 const (
@@ -230,9 +222,11 @@ const (
 	IFLA_VF_RSS_QUERY_EN /* RSS Redirection Table and Hash Key query
 	 * on/off switch
 	 */
-	IFLA_VF_STATS /* network device statistics */
-	IFLA_VF_TRUST /* Trust state of VF */
-	IFLA_VF_MAX   = IFLA_VF_TRUST
+	IFLA_VF_STATS        /* network device statistics */
+	IFLA_VF_TRUST        /* Trust state of VF */
+	IFLA_VF_IB_NODE_GUID /* VF Infiniband node GUID */
+	IFLA_VF_IB_PORT_GUID /* VF Infiniband port GUID */
+	IFLA_VF_MAX          = IFLA_VF_IB_PORT_GUID
 )
 
 const (
@@ -261,6 +255,7 @@ const (
 	SizeofVfLinkState  = 0x08
 	SizeofVfRssQueryEn = 0x08
 	SizeofVfTrust      = 0x08
+	SizeofVfGUID       = 0x10
 )
 
 // struct ifla_vf_mac {
@@ -443,6 +438,30 @@ func (msg *VfTrust) Serialize() []byte {
 	return (*(*[SizeofVfTrust]byte)(unsafe.Pointer(msg)))[:]
 }
 
+// struct ifla_vf_guid {
+//   __u32 vf;
+//   __u32 rsvd;
+//   __u64 guid;
+// };
+
+type VfGUID struct {
+	Vf   uint32
+	Rsvd uint32
+	GUID uint64
+}
+
+func (msg *VfGUID) Len() int {
+	return SizeofVfGUID
+}
+
+func DeserializeVfGUID(b []byte) *VfGUID {
+	return (*VfGUID)(unsafe.Pointer(&b[0:SizeofVfGUID][0]))
+}
+
+func (msg *VfGUID) Serialize() []byte {
+	return (*(*[SizeofVfGUID]byte)(unsafe.Pointer(msg)))[:]
+}
+
 const (
 	XDP_FLAGS_UPDATE_IF_NOEXIST = 1 << iota
 	XDP_FLAGS_SKB_MODE
@@ -475,7 +494,12 @@ const (
 	IFLA_IPTUN_6RD_RELAY_PREFIX
 	IFLA_IPTUN_6RD_PREFIXLEN
 	IFLA_IPTUN_6RD_RELAY_PREFIXLEN
-	IFLA_IPTUN_MAX = IFLA_IPTUN_6RD_RELAY_PREFIXLEN
+	IFLA_IPTUN_ENCAP_TYPE
+	IFLA_IPTUN_ENCAP_FLAGS
+	IFLA_IPTUN_ENCAP_SPORT
+	IFLA_IPTUN_ENCAP_DPORT
+	IFLA_IPTUN_COLLECT_METADATA
+	IFLA_IPTUN_MAX = IFLA_IPTUN_COLLECT_METADATA
 )
 
 const (
@@ -554,3 +578,33 @@ const (
 	GTP_ROLE_GGSN = iota
 	GTP_ROLE_SGSN
 )
+
+const (
+	IFLA_XFRM_UNSPEC = iota
+	IFLA_XFRM_LINK
+	IFLA_XFRM_IF_ID
+
+	IFLA_XFRM_MAX = iota - 1
+)
+
+const (
+	IFLA_TUN_UNSPEC = iota
+	IFLA_TUN_OWNER
+	IFLA_TUN_GROUP
+	IFLA_TUN_TYPE
+	IFLA_TUN_PI
+	IFLA_TUN_VNET_HDR
+	IFLA_TUN_PERSIST
+	IFLA_TUN_MULTI_QUEUE
+	IFLA_TUN_NUM_QUEUES
+	IFLA_TUN_NUM_DISABLED_QUEUES
+	IFLA_TUN_MAX = IFLA_TUN_NUM_DISABLED_QUEUES
+)
+
+const (
+	IFLA_IPOIB_UNSPEC = iota
+	IFLA_IPOIB_PKEY
+	IFLA_IPOIB_MODE
+	IFLA_IPOIB_UMCAST
+	IFLA_IPOIB_MAX = IFLA_IPOIB_UMCAST
+)
diff --git a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
index 72f7f6af3c813..aaf56c6715ff5 100644
--- a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
@@ -13,18 +13,25 @@ import (
 	"unsafe"
 
 	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 const (
 	// Family type definitions
-	FAMILY_ALL  = syscall.AF_UNSPEC
-	FAMILY_V4   = syscall.AF_INET
-	FAMILY_V6   = syscall.AF_INET6
-	FAMILY_MPLS = AF_MPLS
+	FAMILY_ALL  = unix.AF_UNSPEC
+	FAMILY_V4   = unix.AF_INET
+	FAMILY_V6   = unix.AF_INET6
+	FAMILY_MPLS = unix.AF_MPLS
+	// Arbitrary set value (greater than default 4k) to allow receiving
+	// from kernel more verbose messages e.g. for statistics,
+	// tc rules or filters, or other more memory requiring data.
+	RECEIVE_BUFFER_SIZE = 65536
+	// Kernel netlink pid
+	PidKernel uint32 = 0
 )
 
 // SupportedNlFamilies contains the list of netlink families this netlink package supports
-var SupportedNlFamilies = []int{syscall.NETLINK_ROUTE, syscall.NETLINK_XFRM, syscall.NETLINK_NETFILTER}
+var SupportedNlFamilies = []int{unix.NETLINK_ROUTE, unix.NETLINK_XFRM, unix.NETLINK_NETFILTER}
 
 var nextSeqNr uint32
 
@@ -41,7 +48,7 @@ func GetIPFamily(ip net.IP) int {
 
 var nativeEndian binary.ByteOrder
 
-// Get native endianness for the system
+// NativeEndian gets native endianness for the system
 func NativeEndian() binary.ByteOrder {
 	if nativeEndian == nil {
 		var x uint32 = 0x01020304
@@ -77,161 +84,161 @@ type NetlinkRequestData interface {
 
 // IfInfomsg is related to links, but it is used for list requests as well
 type IfInfomsg struct {
-	syscall.IfInfomsg
+	unix.IfInfomsg
 }
 
 // Create an IfInfomsg with family specified
 func NewIfInfomsg(family int) *IfInfomsg {
 	return &IfInfomsg{
-		IfInfomsg: syscall.IfInfomsg{
+		IfInfomsg: unix.IfInfomsg{
 			Family: uint8(family),
 		},
 	}
 }
 
 func DeserializeIfInfomsg(b []byte) *IfInfomsg {
-	return (*IfInfomsg)(unsafe.Pointer(&b[0:syscall.SizeofIfInfomsg][0]))
+	return (*IfInfomsg)(unsafe.Pointer(&b[0:unix.SizeofIfInfomsg][0]))
 }
 
 func (msg *IfInfomsg) Serialize() []byte {
-	return (*(*[syscall.SizeofIfInfomsg]byte)(unsafe.Pointer(msg)))[:]
+	return (*(*[unix.SizeofIfInfomsg]byte)(unsafe.Pointer(msg)))[:]
 }
 
 func (msg *IfInfomsg) Len() int {
-	return syscall.SizeofIfInfomsg
+	return unix.SizeofIfInfomsg
 }
 
 func (msg *IfInfomsg) EncapType() string {
 	switch msg.Type {
 	case 0:
 		return "generic"
-	case syscall.ARPHRD_ETHER:
+	case unix.ARPHRD_ETHER:
 		return "ether"
-	case syscall.ARPHRD_EETHER:
+	case unix.ARPHRD_EETHER:
 		return "eether"
-	case syscall.ARPHRD_AX25:
+	case unix.ARPHRD_AX25:
 		return "ax25"
-	case syscall.ARPHRD_PRONET:
+	case unix.ARPHRD_PRONET:
 		return "pronet"
-	case syscall.ARPHRD_CHAOS:
+	case unix.ARPHRD_CHAOS:
 		return "chaos"
-	case syscall.ARPHRD_IEEE802:
+	case unix.ARPHRD_IEEE802:
 		return "ieee802"
-	case syscall.ARPHRD_ARCNET:
+	case unix.ARPHRD_ARCNET:
 		return "arcnet"
-	case syscall.ARPHRD_APPLETLK:
+	case unix.ARPHRD_APPLETLK:
 		return "atalk"
-	case syscall.ARPHRD_DLCI:
+	case unix.ARPHRD_DLCI:
 		return "dlci"
-	case syscall.ARPHRD_ATM:
+	case unix.ARPHRD_ATM:
 		return "atm"
-	case syscall.ARPHRD_METRICOM:
+	case unix.ARPHRD_METRICOM:
 		return "metricom"
-	case syscall.ARPHRD_IEEE1394:
+	case unix.ARPHRD_IEEE1394:
 		return "ieee1394"
-	case syscall.ARPHRD_INFINIBAND:
+	case unix.ARPHRD_INFINIBAND:
 		return "infiniband"
-	case syscall.ARPHRD_SLIP:
+	case unix.ARPHRD_SLIP:
 		return "slip"
-	case syscall.ARPHRD_CSLIP:
+	case unix.ARPHRD_CSLIP:
 		return "cslip"
-	case syscall.ARPHRD_SLIP6:
+	case unix.ARPHRD_SLIP6:
 		return "slip6"
-	case syscall.ARPHRD_CSLIP6:
+	case unix.ARPHRD_CSLIP6:
 		return "cslip6"
-	case syscall.ARPHRD_RSRVD:
+	case unix.ARPHRD_RSRVD:
 		return "rsrvd"
-	case syscall.ARPHRD_ADAPT:
+	case unix.ARPHRD_ADAPT:
 		return "adapt"
-	case syscall.ARPHRD_ROSE:
+	case unix.ARPHRD_ROSE:
 		return "rose"
-	case syscall.ARPHRD_X25:
+	case unix.ARPHRD_X25:
 		return "x25"
-	case syscall.ARPHRD_HWX25:
+	case unix.ARPHRD_HWX25:
 		return "hwx25"
-	case syscall.ARPHRD_PPP:
+	case unix.ARPHRD_PPP:
 		return "ppp"
-	case syscall.ARPHRD_HDLC:
+	case unix.ARPHRD_HDLC:
 		return "hdlc"
-	case syscall.ARPHRD_LAPB:
+	case unix.ARPHRD_LAPB:
 		return "lapb"
-	case syscall.ARPHRD_DDCMP:
+	case unix.ARPHRD_DDCMP:
 		return "ddcmp"
-	case syscall.ARPHRD_RAWHDLC:
+	case unix.ARPHRD_RAWHDLC:
 		return "rawhdlc"
-	case syscall.ARPHRD_TUNNEL:
+	case unix.ARPHRD_TUNNEL:
 		return "ipip"
-	case syscall.ARPHRD_TUNNEL6:
+	case unix.ARPHRD_TUNNEL6:
 		return "tunnel6"
-	case syscall.ARPHRD_FRAD:
+	case unix.ARPHRD_FRAD:
 		return "frad"
-	case syscall.ARPHRD_SKIP:
+	case unix.ARPHRD_SKIP:
 		return "skip"
-	case syscall.ARPHRD_LOOPBACK:
+	case unix.ARPHRD_LOOPBACK:
 		return "loopback"
-	case syscall.ARPHRD_LOCALTLK:
+	case unix.ARPHRD_LOCALTLK:
 		return "ltalk"
-	case syscall.ARPHRD_FDDI:
+	case unix.ARPHRD_FDDI:
 		return "fddi"
-	case syscall.ARPHRD_BIF:
+	case unix.ARPHRD_BIF:
 		return "bif"
-	case syscall.ARPHRD_SIT:
+	case unix.ARPHRD_SIT:
 		return "sit"
-	case syscall.ARPHRD_IPDDP:
+	case unix.ARPHRD_IPDDP:
 		return "ip/ddp"
-	case syscall.ARPHRD_IPGRE:
+	case unix.ARPHRD_IPGRE:
 		return "gre"
-	case syscall.ARPHRD_PIMREG:
+	case unix.ARPHRD_PIMREG:
 		return "pimreg"
-	case syscall.ARPHRD_HIPPI:
+	case unix.ARPHRD_HIPPI:
 		return "hippi"
-	case syscall.ARPHRD_ASH:
+	case unix.ARPHRD_ASH:
 		return "ash"
-	case syscall.ARPHRD_ECONET:
+	case unix.ARPHRD_ECONET:
 		return "econet"
-	case syscall.ARPHRD_IRDA:
+	case unix.ARPHRD_IRDA:
 		return "irda"
-	case syscall.ARPHRD_FCPP:
+	case unix.ARPHRD_FCPP:
 		return "fcpp"
-	case syscall.ARPHRD_FCAL:
+	case unix.ARPHRD_FCAL:
 		return "fcal"
-	case syscall.ARPHRD_FCPL:
+	case unix.ARPHRD_FCPL:
 		return "fcpl"
-	case syscall.ARPHRD_FCFABRIC:
+	case unix.ARPHRD_FCFABRIC:
 		return "fcfb0"
-	case syscall.ARPHRD_FCFABRIC + 1:
+	case unix.ARPHRD_FCFABRIC + 1:
 		return "fcfb1"
-	case syscall.ARPHRD_FCFABRIC + 2:
+	case unix.ARPHRD_FCFABRIC + 2:
 		return "fcfb2"
-	case syscall.ARPHRD_FCFABRIC + 3:
+	case unix.ARPHRD_FCFABRIC + 3:
 		return "fcfb3"
-	case syscall.ARPHRD_FCFABRIC + 4:
+	case unix.ARPHRD_FCFABRIC + 4:
 		return "fcfb4"
-	case syscall.ARPHRD_FCFABRIC + 5:
+	case unix.ARPHRD_FCFABRIC + 5:
 		return "fcfb5"
-	case syscall.ARPHRD_FCFABRIC + 6:
+	case unix.ARPHRD_FCFABRIC + 6:
 		return "fcfb6"
-	case syscall.ARPHRD_FCFABRIC + 7:
+	case unix.ARPHRD_FCFABRIC + 7:
 		return "fcfb7"
-	case syscall.ARPHRD_FCFABRIC + 8:
+	case unix.ARPHRD_FCFABRIC + 8:
 		return "fcfb8"
-	case syscall.ARPHRD_FCFABRIC + 9:
+	case unix.ARPHRD_FCFABRIC + 9:
 		return "fcfb9"
-	case syscall.ARPHRD_FCFABRIC + 10:
+	case unix.ARPHRD_FCFABRIC + 10:
 		return "fcfb10"
-	case syscall.ARPHRD_FCFABRIC + 11:
+	case unix.ARPHRD_FCFABRIC + 11:
 		return "fcfb11"
-	case syscall.ARPHRD_FCFABRIC + 12:
+	case unix.ARPHRD_FCFABRIC + 12:
 		return "fcfb12"
-	case syscall.ARPHRD_IEEE802_TR:
+	case unix.ARPHRD_IEEE802_TR:
 		return "tr"
-	case syscall.ARPHRD_IEEE80211:
+	case unix.ARPHRD_IEEE80211:
 		return "ieee802.11"
-	case syscall.ARPHRD_IEEE80211_PRISM:
+	case unix.ARPHRD_IEEE80211_PRISM:
 		return "ieee802.11/prism"
-	case syscall.ARPHRD_IEEE80211_RADIOTAP:
+	case unix.ARPHRD_IEEE80211_RADIOTAP:
 		return "ieee802.11/radiotap"
-	case syscall.ARPHRD_IEEE802154:
+	case unix.ARPHRD_IEEE802154:
 		return "ieee802.15.4"
 
 	case 65534:
@@ -243,7 +250,7 @@ func (msg *IfInfomsg) EncapType() string {
 }
 
 func rtaAlignOf(attrlen int) int {
-	return (attrlen + syscall.RTA_ALIGNTO - 1) & ^(syscall.RTA_ALIGNTO - 1)
+	return (attrlen + unix.RTA_ALIGNTO - 1) & ^(unix.RTA_ALIGNTO - 1)
 }
 
 func NewIfInfomsgChild(parent *RtAttr, family int) *IfInfomsg {
@@ -254,7 +261,7 @@ func NewIfInfomsgChild(parent *RtAttr, family int) *IfInfomsg {
 
 // Extend RtAttr to handle data and children
 type RtAttr struct {
-	syscall.RtAttr
+	unix.RtAttr
 	Data     []byte
 	children []NetlinkRequestData
 }
@@ -262,7 +269,7 @@ type RtAttr struct {
 // Create a new Extended RtAttr object
 func NewRtAttr(attrType int, data []byte) *RtAttr {
 	return &RtAttr{
-		RtAttr: syscall.RtAttr{
+		RtAttr: unix.RtAttr{
 			Type: uint16(attrType),
 		},
 		children: []NetlinkRequestData{},
@@ -270,23 +277,35 @@ func NewRtAttr(attrType int, data []byte) *RtAttr {
 	}
 }
 
-// Create a new RtAttr obj anc add it as a child of an existing object
+// NewRtAttrChild adds an RtAttr as a child to the parent and returns the new attribute
+//
+// Deprecated: Use AddRtAttr() on the parent object
 func NewRtAttrChild(parent *RtAttr, attrType int, data []byte) *RtAttr {
+	return parent.AddRtAttr(attrType, data)
+}
+
+// AddRtAttr adds an RtAttr as a child and returns the new attribute
+func (a *RtAttr) AddRtAttr(attrType int, data []byte) *RtAttr {
 	attr := NewRtAttr(attrType, data)
-	parent.children = append(parent.children, attr)
+	a.children = append(a.children, attr)
 	return attr
 }
 
+// AddChild adds an existing NetlinkRequestData as a child.
+func (a *RtAttr) AddChild(attr NetlinkRequestData) {
+	a.children = append(a.children, attr)
+}
+
 func (a *RtAttr) Len() int {
 	if len(a.children) == 0 {
-		return (syscall.SizeofRtAttr + len(a.Data))
+		return (unix.SizeofRtAttr + len(a.Data))
 	}
 
 	l := 0
 	for _, child := range a.children {
 		l += rtaAlignOf(child.Len())
 	}
-	l += syscall.SizeofRtAttr
+	l += unix.SizeofRtAttr
 	return rtaAlignOf(l + len(a.Data))
 }
 
@@ -319,7 +338,7 @@ func (a *RtAttr) Serialize() []byte {
 }
 
 type NetlinkRequest struct {
-	syscall.NlMsghdr
+	unix.NlMsghdr
 	Data    []NetlinkRequestData
 	RawData []byte
 	Sockets map[int]*SocketHandle
@@ -327,7 +346,7 @@ type NetlinkRequest struct {
 
 // Serialize the Netlink Request into a byte array
 func (req *NetlinkRequest) Serialize() []byte {
-	length := syscall.SizeofNlMsghdr
+	length := unix.SizeofNlMsghdr
 	dataBytes := make([][]byte, len(req.Data))
 	for i, data := range req.Data {
 		dataBytes[i] = data.Serialize()
@@ -337,8 +356,8 @@ func (req *NetlinkRequest) Serialize() []byte {
 
 	req.Len = uint32(length)
 	b := make([]byte, length)
-	hdr := (*(*[syscall.SizeofNlMsghdr]byte)(unsafe.Pointer(req)))[:]
-	next := syscall.SizeofNlMsghdr
+	hdr := (*(*[unix.SizeofNlMsghdr]byte)(unsafe.Pointer(req)))[:]
+	next := unix.SizeofNlMsghdr
 	copy(b[0:next], hdr)
 	for _, data := range dataBytes {
 		for _, dataByte := range data {
@@ -354,16 +373,12 @@ func (req *NetlinkRequest) Serialize() []byte {
 }
 
 func (req *NetlinkRequest) AddData(data NetlinkRequestData) {
-	if data != nil {
-		req.Data = append(req.Data, data)
-	}
+	req.Data = append(req.Data, data)
 }
 
 // AddRawData adds raw bytes to the end of the NetlinkRequest object during serialization
 func (req *NetlinkRequest) AddRawData(data []byte) {
-	if data != nil {
-		req.RawData = append(req.RawData, data...)
-	}
+	req.RawData = append(req.RawData, data...)
 }
 
 // Execute the request against a the given sockType.
@@ -407,10 +422,13 @@ func (req *NetlinkRequest) Execute(sockType int, resType uint16) ([][]byte, erro
 
 done:
 	for {
-		msgs, err := s.Receive()
+		msgs, from, err := s.Receive()
 		if err != nil {
 			return nil, err
 		}
+		if from.Pid != PidKernel {
+			return nil, fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, PidKernel)
+		}
 		for _, m := range msgs {
 			if m.Header.Seq != req.Seq {
 				if sharedSocket {
@@ -419,12 +437,12 @@ done:
 				return nil, fmt.Errorf("Wrong Seq nr %d, expected %d", m.Header.Seq, req.Seq)
 			}
 			if m.Header.Pid != pid {
-				return nil, fmt.Errorf("Wrong pid %d, expected %d", m.Header.Pid, pid)
+				continue
 			}
-			if m.Header.Type == syscall.NLMSG_DONE {
+			if m.Header.Type == unix.NLMSG_DONE {
 				break done
 			}
-			if m.Header.Type == syscall.NLMSG_ERROR {
+			if m.Header.Type == unix.NLMSG_ERROR {
 				native := NativeEndian()
 				error := int32(native.Uint32(m.Data[0:4]))
 				if error == 0 {
@@ -436,7 +454,7 @@ done:
 				continue
 			}
 			res = append(res, m.Data)
-			if m.Header.Flags&syscall.NLM_F_MULTI == 0 {
+			if m.Header.Flags&unix.NLM_F_MULTI == 0 {
 				break done
 			}
 		}
@@ -449,10 +467,10 @@ done:
 // the message is serialized
 func NewNetlinkRequest(proto, flags int) *NetlinkRequest {
 	return &NetlinkRequest{
-		NlMsghdr: syscall.NlMsghdr{
-			Len:   uint32(syscall.SizeofNlMsghdr),
+		NlMsghdr: unix.NlMsghdr{
+			Len:   uint32(unix.SizeofNlMsghdr),
 			Type:  uint16(proto),
-			Flags: syscall.NLM_F_REQUEST | uint16(flags),
+			Flags: unix.NLM_F_REQUEST | uint16(flags),
 			Seq:   atomic.AddUint32(&nextSeqNr, 1),
 		},
 	}
@@ -460,21 +478,21 @@ func NewNetlinkRequest(proto, flags int) *NetlinkRequest {
 
 type NetlinkSocket struct {
 	fd  int32
-	lsa syscall.SockaddrNetlink
+	lsa unix.SockaddrNetlink
 	sync.Mutex
 }
 
 func getNetlinkSocket(protocol int) (*NetlinkSocket, error) {
-	fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW|syscall.SOCK_CLOEXEC, protocol)
+	fd, err := unix.Socket(unix.AF_NETLINK, unix.SOCK_RAW|unix.SOCK_CLOEXEC, protocol)
 	if err != nil {
 		return nil, err
 	}
 	s := &NetlinkSocket{
 		fd: int32(fd),
 	}
-	s.lsa.Family = syscall.AF_NETLINK
-	if err := syscall.Bind(fd, &s.lsa); err != nil {
-		syscall.Close(fd)
+	s.lsa.Family = unix.AF_NETLINK
+	if err := unix.Bind(fd, &s.lsa); err != nil {
+		unix.Close(fd)
 		return nil, err
 	}
 
@@ -551,21 +569,21 @@ func executeInNetns(newNs, curNs netns.NsHandle) (func(), error) {
 // Returns the netlink socket on which Receive() method can be called
 // to retrieve the messages from the kernel.
 func Subscribe(protocol int, groups ...uint) (*NetlinkSocket, error) {
-	fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, protocol)
+	fd, err := unix.Socket(unix.AF_NETLINK, unix.SOCK_RAW, protocol)
 	if err != nil {
 		return nil, err
 	}
 	s := &NetlinkSocket{
 		fd: int32(fd),
 	}
-	s.lsa.Family = syscall.AF_NETLINK
+	s.lsa.Family = unix.AF_NETLINK
 
 	for _, g := range groups {
 		s.lsa.Groups |= (1 << (g - 1))
 	}
 
-	if err := syscall.Bind(fd, &s.lsa); err != nil {
-		syscall.Close(fd)
+	if err := unix.Bind(fd, &s.lsa); err != nil {
+		unix.Close(fd)
 		return nil, err
 	}
 
@@ -586,7 +604,7 @@ func SubscribeAt(newNs, curNs netns.NsHandle, protocol int, groups ...uint) (*Ne
 
 func (s *NetlinkSocket) Close() {
 	fd := int(atomic.SwapInt32(&s.fd, -1))
-	syscall.Close(fd)
+	unix.Close(fd)
 }
 
 func (s *NetlinkSocket) GetFd() int {
@@ -598,51 +616,61 @@ func (s *NetlinkSocket) Send(request *NetlinkRequest) error {
 	if fd < 0 {
 		return fmt.Errorf("Send called on a closed socket")
 	}
-	if err := syscall.Sendto(fd, request.Serialize(), 0, &s.lsa); err != nil {
+	if err := unix.Sendto(fd, request.Serialize(), 0, &s.lsa); err != nil {
 		return err
 	}
 	return nil
 }
 
-func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, error) {
+func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetlink, error) {
 	fd := int(atomic.LoadInt32(&s.fd))
 	if fd < 0 {
-		return nil, fmt.Errorf("Receive called on a closed socket")
+		return nil, nil, fmt.Errorf("Receive called on a closed socket")
 	}
-	rb := make([]byte, syscall.Getpagesize())
-	nr, _, err := syscall.Recvfrom(fd, rb, 0)
+	var fromAddr *unix.SockaddrNetlink
+	var rb [RECEIVE_BUFFER_SIZE]byte
+	nr, from, err := unix.Recvfrom(fd, rb[:], 0)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-	if nr < syscall.NLMSG_HDRLEN {
-		return nil, fmt.Errorf("Got short response from netlink")
+	fromAddr, ok := from.(*unix.SockaddrNetlink)
+	if !ok {
+		return nil, nil, fmt.Errorf("Error converting to netlink sockaddr")
+	}
+	if nr < unix.NLMSG_HDRLEN {
+		return nil, nil, fmt.Errorf("Got short response from netlink")
+	}
+	rb2 := make([]byte, nr)
+	copy(rb2, rb[:nr])
+	nl, err := syscall.ParseNetlinkMessage(rb2)
+	if err != nil {
+		return nil, nil, err
 	}
-	rb = rb[:nr]
-	return syscall.ParseNetlinkMessage(rb)
+	return nl, fromAddr, nil
 }
 
 // SetSendTimeout allows to set a send timeout on the socket
-func (s *NetlinkSocket) SetSendTimeout(timeout *syscall.Timeval) error {
+func (s *NetlinkSocket) SetSendTimeout(timeout *unix.Timeval) error {
 	// Set a send timeout of SOCKET_SEND_TIMEOUT, this will allow the Send to periodically unblock and avoid that a routine
 	// remains stuck on a send on a closed fd
-	return syscall.SetsockoptTimeval(int(s.fd), syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, timeout)
+	return unix.SetsockoptTimeval(int(s.fd), unix.SOL_SOCKET, unix.SO_SNDTIMEO, timeout)
 }
 
 // SetReceiveTimeout allows to set a receive timeout on the socket
-func (s *NetlinkSocket) SetReceiveTimeout(timeout *syscall.Timeval) error {
+func (s *NetlinkSocket) SetReceiveTimeout(timeout *unix.Timeval) error {
 	// Set a read timeout of SOCKET_READ_TIMEOUT, this will allow the Read to periodically unblock and avoid that a routine
 	// remains stuck on a recvmsg on a closed fd
-	return syscall.SetsockoptTimeval(int(s.fd), syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, timeout)
+	return unix.SetsockoptTimeval(int(s.fd), unix.SOL_SOCKET, unix.SO_RCVTIMEO, timeout)
 }
 
 func (s *NetlinkSocket) GetPid() (uint32, error) {
 	fd := int(atomic.LoadInt32(&s.fd))
-	lsa, err := syscall.Getsockname(fd)
+	lsa, err := unix.Getsockname(fd)
 	if err != nil {
 		return 0, err
 	}
 	switch v := lsa.(type) {
-	case *syscall.SockaddrNetlink:
+	case *unix.SockaddrNetlink:
 		return v.Pid, nil
 	}
 	return 0, fmt.Errorf("Wrong socket type")
@@ -697,24 +725,24 @@ func Uint64Attr(v uint64) []byte {
 
 func ParseRouteAttr(b []byte) ([]syscall.NetlinkRouteAttr, error) {
 	var attrs []syscall.NetlinkRouteAttr
-	for len(b) >= syscall.SizeofRtAttr {
+	for len(b) >= unix.SizeofRtAttr {
 		a, vbuf, alen, err := netlinkRouteAttrAndValue(b)
 		if err != nil {
 			return nil, err
 		}
-		ra := syscall.NetlinkRouteAttr{Attr: *a, Value: vbuf[:int(a.Len)-syscall.SizeofRtAttr]}
+		ra := syscall.NetlinkRouteAttr{Attr: syscall.RtAttr(*a), Value: vbuf[:int(a.Len)-unix.SizeofRtAttr]}
 		attrs = append(attrs, ra)
 		b = b[alen:]
 	}
 	return attrs, nil
 }
 
-func netlinkRouteAttrAndValue(b []byte) (*syscall.RtAttr, []byte, int, error) {
-	a := (*syscall.RtAttr)(unsafe.Pointer(&b[0]))
-	if int(a.Len) < syscall.SizeofRtAttr || int(a.Len) > len(b) {
-		return nil, nil, 0, syscall.EINVAL
+func netlinkRouteAttrAndValue(b []byte) (*unix.RtAttr, []byte, int, error) {
+	a := (*unix.RtAttr)(unsafe.Pointer(&b[0]))
+	if int(a.Len) < unix.SizeofRtAttr || int(a.Len) > len(b) {
+		return nil, nil, 0, unix.EINVAL
 	}
-	return a, b[syscall.SizeofRtAttr:], rtaAlignOf(int(a.Len)), nil
+	return a, b[unix.SizeofRtAttr:], rtaAlignOf(int(a.Len)), nil
 }
 
 // SocketHandle contains the netlink socket and the associated
diff --git a/vendor/github.com/vishvananda/netlink/nl/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/nl/rdma_link_linux.go
new file mode 100644
index 0000000000000..1224b747def44
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/rdma_link_linux.go
@@ -0,0 +1,35 @@
+package nl
+
+const (
+	RDMA_NL_GET_CLIENT_SHIFT = 10
+)
+
+const (
+	RDMA_NL_NLDEV = 5
+)
+
+const (
+	RDMA_NLDEV_CMD_GET     = 1
+	RDMA_NLDEV_CMD_SET     = 2
+	RDMA_NLDEV_CMD_SYS_GET = 6
+	RDMA_NLDEV_CMD_SYS_SET = 7
+)
+
+const (
+	RDMA_NLDEV_ATTR_DEV_INDEX       = 1
+	RDMA_NLDEV_ATTR_DEV_NAME        = 2
+	RDMA_NLDEV_ATTR_PORT_INDEX      = 3
+	RDMA_NLDEV_ATTR_CAP_FLAGS       = 4
+	RDMA_NLDEV_ATTR_FW_VERSION      = 5
+	RDMA_NLDEV_ATTR_NODE_GUID       = 6
+	RDMA_NLDEV_ATTR_SYS_IMAGE_GUID  = 7
+	RDMA_NLDEV_ATTR_SUBNET_PREFIX   = 8
+	RDMA_NLDEV_ATTR_LID             = 9
+	RDMA_NLDEV_ATTR_SM_LID          = 10
+	RDMA_NLDEV_ATTR_LMC             = 11
+	RDMA_NLDEV_ATTR_PORT_STATE      = 12
+	RDMA_NLDEV_ATTR_PORT_PHYS_STATE = 13
+	RDMA_NLDEV_ATTR_DEV_NODE_TYPE   = 14
+	RDMA_NLDEV_SYS_ATTR_NETNS_MODE  = 66
+	RDMA_NLDEV_NET_NS_FD            = 68
+)
diff --git a/vendor/github.com/vishvananda/netlink/nl/route_linux.go b/vendor/github.com/vishvananda/netlink/nl/route_linux.go
index 1a064d65d2fb2..03c1900ffa89f 100644
--- a/vendor/github.com/vishvananda/netlink/nl/route_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/route_linux.go
@@ -1,65 +1,66 @@
 package nl
 
 import (
-	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 type RtMsg struct {
-	syscall.RtMsg
+	unix.RtMsg
 }
 
 func NewRtMsg() *RtMsg {
 	return &RtMsg{
-		RtMsg: syscall.RtMsg{
-			Table:    syscall.RT_TABLE_MAIN,
-			Scope:    syscall.RT_SCOPE_UNIVERSE,
-			Protocol: syscall.RTPROT_BOOT,
-			Type:     syscall.RTN_UNICAST,
+		RtMsg: unix.RtMsg{
+			Table:    unix.RT_TABLE_MAIN,
+			Scope:    unix.RT_SCOPE_UNIVERSE,
+			Protocol: unix.RTPROT_BOOT,
+			Type:     unix.RTN_UNICAST,
 		},
 	}
 }
 
 func NewRtDelMsg() *RtMsg {
 	return &RtMsg{
-		RtMsg: syscall.RtMsg{
-			Table: syscall.RT_TABLE_MAIN,
-			Scope: syscall.RT_SCOPE_NOWHERE,
+		RtMsg: unix.RtMsg{
+			Table: unix.RT_TABLE_MAIN,
+			Scope: unix.RT_SCOPE_NOWHERE,
 		},
 	}
 }
 
 func (msg *RtMsg) Len() int {
-	return syscall.SizeofRtMsg
+	return unix.SizeofRtMsg
 }
 
 func DeserializeRtMsg(b []byte) *RtMsg {
-	return (*RtMsg)(unsafe.Pointer(&b[0:syscall.SizeofRtMsg][0]))
+	return (*RtMsg)(unsafe.Pointer(&b[0:unix.SizeofRtMsg][0]))
 }
 
 func (msg *RtMsg) Serialize() []byte {
-	return (*(*[syscall.SizeofRtMsg]byte)(unsafe.Pointer(msg)))[:]
+	return (*(*[unix.SizeofRtMsg]byte)(unsafe.Pointer(msg)))[:]
 }
 
 type RtNexthop struct {
-	syscall.RtNexthop
+	unix.RtNexthop
 	Children []NetlinkRequestData
 }
 
 func DeserializeRtNexthop(b []byte) *RtNexthop {
-	return (*RtNexthop)(unsafe.Pointer(&b[0:syscall.SizeofRtNexthop][0]))
+	return (*RtNexthop)(unsafe.Pointer(&b[0:unix.SizeofRtNexthop][0]))
 }
 
 func (msg *RtNexthop) Len() int {
 	if len(msg.Children) == 0 {
-		return syscall.SizeofRtNexthop
+		return unix.SizeofRtNexthop
 	}
 
 	l := 0
 	for _, child := range msg.Children {
 		l += rtaAlignOf(child.Len())
 	}
-	l += syscall.SizeofRtNexthop
+	l += unix.SizeofRtNexthop
 	return rtaAlignOf(l)
 }
 
@@ -67,8 +68,8 @@ func (msg *RtNexthop) Serialize() []byte {
 	length := msg.Len()
 	msg.RtNexthop.Len = uint16(length)
 	buf := make([]byte, length)
-	copy(buf, (*(*[syscall.SizeofRtNexthop]byte)(unsafe.Pointer(msg)))[:])
-	next := rtaAlignOf(syscall.SizeofRtNexthop)
+	copy(buf, (*(*[unix.SizeofRtNexthop]byte)(unsafe.Pointer(msg)))[:])
+	next := rtaAlignOf(unix.SizeofRtNexthop)
 	if len(msg.Children) > 0 {
 		for _, child := range msg.Children {
 			childBuf := child.Serialize()
@@ -78,3 +79,29 @@ func (msg *RtNexthop) Serialize() []byte {
 	}
 	return buf
 }
+
+type RtGenMsg struct {
+	unix.RtGenmsg
+}
+
+func NewRtGenMsg() *RtGenMsg {
+	return &RtGenMsg{
+		RtGenmsg: unix.RtGenmsg{
+			Family: unix.AF_UNSPEC,
+		},
+	}
+}
+
+func (msg *RtGenMsg) Len() int {
+	return rtaAlignOf(unix.SizeofRtGenmsg)
+}
+
+func DeserializeRtGenMsg(b []byte) *RtGenMsg {
+	return &RtGenMsg{RtGenmsg: unix.RtGenmsg{Family: b[0]}}
+}
+
+func (msg *RtGenMsg) Serialize() []byte {
+	out := make([]byte, msg.Len())
+	out[0] = msg.Family
+	return out
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/seg6_linux.go b/vendor/github.com/vishvananda/netlink/nl/seg6_linux.go
new file mode 100644
index 0000000000000..5774cbb15aef7
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/seg6_linux.go
@@ -0,0 +1,154 @@
+package nl
+
+import (
+	"errors"
+	"fmt"
+	"net"
+)
+
+type IPv6SrHdr struct {
+	nextHdr      uint8
+	hdrLen       uint8
+	routingType  uint8
+	segmentsLeft uint8
+	firstSegment uint8
+	flags        uint8
+	reserved     uint16
+
+	Segments []net.IP
+}
+
+func (s1 *IPv6SrHdr) Equal(s2 IPv6SrHdr) bool {
+	if len(s1.Segments) != len(s2.Segments) {
+		return false
+	}
+	for i := range s1.Segments {
+		if s1.Segments[i].Equal(s2.Segments[i]) != true {
+			return false
+		}
+	}
+	return s1.nextHdr == s2.nextHdr &&
+		s1.hdrLen == s2.hdrLen &&
+		s1.routingType == s2.routingType &&
+		s1.segmentsLeft == s2.segmentsLeft &&
+		s1.firstSegment == s2.firstSegment &&
+		s1.flags == s2.flags
+	// reserved doesn't need to be identical.
+}
+
+// seg6 encap mode
+const (
+	SEG6_IPTUN_MODE_INLINE = iota
+	SEG6_IPTUN_MODE_ENCAP
+)
+
+// number of nested RTATTR
+// from include/uapi/linux/seg6_iptunnel.h
+const (
+	SEG6_IPTUNNEL_UNSPEC = iota
+	SEG6_IPTUNNEL_SRH
+	__SEG6_IPTUNNEL_MAX
+)
+const (
+	SEG6_IPTUNNEL_MAX = __SEG6_IPTUNNEL_MAX - 1
+)
+
+func EncodeSEG6Encap(mode int, segments []net.IP) ([]byte, error) {
+	nsegs := len(segments) // nsegs: number of segments
+	if nsegs == 0 {
+		return nil, errors.New("EncodeSEG6Encap: No Segment in srh")
+	}
+	b := make([]byte, 12, 12+len(segments)*16)
+	native := NativeEndian()
+	native.PutUint32(b, uint32(mode))
+	b[4] = 0                      // srh.nextHdr (0 when calling netlink)
+	b[5] = uint8(16 * nsegs >> 3) // srh.hdrLen (in 8-octets unit)
+	b[6] = IPV6_SRCRT_TYPE_4      // srh.routingType (assigned by IANA)
+	b[7] = uint8(nsegs - 1)       // srh.segmentsLeft
+	b[8] = uint8(nsegs - 1)       // srh.firstSegment
+	b[9] = 0                      // srh.flags (SR6_FLAG1_HMAC for srh_hmac)
+	// srh.reserved: Defined as "Tag" in draft-ietf-6man-segment-routing-header-07
+	native.PutUint16(b[10:], 0) // srh.reserved
+	for _, netIP := range segments {
+		b = append(b, netIP...) // srh.Segments
+	}
+	return b, nil
+}
+
+func DecodeSEG6Encap(buf []byte) (int, []net.IP, error) {
+	native := NativeEndian()
+	mode := int(native.Uint32(buf))
+	srh := IPv6SrHdr{
+		nextHdr:      buf[4],
+		hdrLen:       buf[5],
+		routingType:  buf[6],
+		segmentsLeft: buf[7],
+		firstSegment: buf[8],
+		flags:        buf[9],
+		reserved:     native.Uint16(buf[10:12]),
+	}
+	buf = buf[12:]
+	if len(buf)%16 != 0 {
+		err := fmt.Errorf("DecodeSEG6Encap: error parsing Segment List (buf len: %d)\n", len(buf))
+		return mode, nil, err
+	}
+	for len(buf) > 0 {
+		srh.Segments = append(srh.Segments, net.IP(buf[:16]))
+		buf = buf[16:]
+	}
+	return mode, srh.Segments, nil
+}
+
+func DecodeSEG6Srh(buf []byte) ([]net.IP, error) {
+	native := NativeEndian()
+	srh := IPv6SrHdr{
+		nextHdr:      buf[0],
+		hdrLen:       buf[1],
+		routingType:  buf[2],
+		segmentsLeft: buf[3],
+		firstSegment: buf[4],
+		flags:        buf[5],
+		reserved:     native.Uint16(buf[6:8]),
+	}
+	buf = buf[8:]
+	if len(buf)%16 != 0 {
+		err := fmt.Errorf("DecodeSEG6Srh: error parsing Segment List (buf len: %d)", len(buf))
+		return nil, err
+	}
+	for len(buf) > 0 {
+		srh.Segments = append(srh.Segments, net.IP(buf[:16]))
+		buf = buf[16:]
+	}
+	return srh.Segments, nil
+}
+func EncodeSEG6Srh(segments []net.IP) ([]byte, error) {
+	nsegs := len(segments) // nsegs: number of segments
+	if nsegs == 0 {
+		return nil, errors.New("EncodeSEG6Srh: No Segments")
+	}
+	b := make([]byte, 8, 8+len(segments)*16)
+	native := NativeEndian()
+	b[0] = 0                      // srh.nextHdr (0 when calling netlink)
+	b[1] = uint8(16 * nsegs >> 3) // srh.hdrLen (in 8-octets unit)
+	b[2] = IPV6_SRCRT_TYPE_4      // srh.routingType (assigned by IANA)
+	b[3] = uint8(nsegs - 1)       // srh.segmentsLeft
+	b[4] = uint8(nsegs - 1)       // srh.firstSegment
+	b[5] = 0                      // srh.flags (SR6_FLAG1_HMAC for srh_hmac)
+	// srh.reserved: Defined as "Tag" in draft-ietf-6man-segment-routing-header-07
+	native.PutUint16(b[6:], 0) // srh.reserved
+	for _, netIP := range segments {
+		b = append(b, netIP...) // srh.Segments
+	}
+	return b, nil
+}
+
+// Helper functions
+func SEG6EncapModeString(mode int) string {
+	switch mode {
+	case SEG6_IPTUN_MODE_INLINE:
+		return "inline"
+	case SEG6_IPTUN_MODE_ENCAP:
+		return "encap"
+	}
+	return "unknown"
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/seg6local_linux.go b/vendor/github.com/vishvananda/netlink/nl/seg6local_linux.go
new file mode 100644
index 0000000000000..1500177267af7
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/seg6local_linux.go
@@ -0,0 +1,76 @@
+package nl
+
+import ()
+
+// seg6local parameters
+const (
+	SEG6_LOCAL_UNSPEC = iota
+	SEG6_LOCAL_ACTION
+	SEG6_LOCAL_SRH
+	SEG6_LOCAL_TABLE
+	SEG6_LOCAL_NH4
+	SEG6_LOCAL_NH6
+	SEG6_LOCAL_IIF
+	SEG6_LOCAL_OIF
+	__SEG6_LOCAL_MAX
+)
+const (
+	SEG6_LOCAL_MAX = __SEG6_LOCAL_MAX
+)
+
+// seg6local actions
+const (
+	SEG6_LOCAL_ACTION_END           = iota + 1 // 1
+	SEG6_LOCAL_ACTION_END_X                    // 2
+	SEG6_LOCAL_ACTION_END_T                    // 3
+	SEG6_LOCAL_ACTION_END_DX2                  // 4
+	SEG6_LOCAL_ACTION_END_DX6                  // 5
+	SEG6_LOCAL_ACTION_END_DX4                  // 6
+	SEG6_LOCAL_ACTION_END_DT6                  // 7
+	SEG6_LOCAL_ACTION_END_DT4                  // 8
+	SEG6_LOCAL_ACTION_END_B6                   // 9
+	SEG6_LOCAL_ACTION_END_B6_ENCAPS            // 10
+	SEG6_LOCAL_ACTION_END_BM                   // 11
+	SEG6_LOCAL_ACTION_END_S                    // 12
+	SEG6_LOCAL_ACTION_END_AS                   // 13
+	SEG6_LOCAL_ACTION_END_AM                   // 14
+	__SEG6_LOCAL_ACTION_MAX
+)
+const (
+	SEG6_LOCAL_ACTION_MAX = __SEG6_LOCAL_ACTION_MAX - 1
+)
+
+// Helper functions
+func SEG6LocalActionString(action int) string {
+	switch action {
+	case SEG6_LOCAL_ACTION_END:
+		return "End"
+	case SEG6_LOCAL_ACTION_END_X:
+		return "End.X"
+	case SEG6_LOCAL_ACTION_END_T:
+		return "End.T"
+	case SEG6_LOCAL_ACTION_END_DX2:
+		return "End.DX2"
+	case SEG6_LOCAL_ACTION_END_DX6:
+		return "End.DX6"
+	case SEG6_LOCAL_ACTION_END_DX4:
+		return "End.DX4"
+	case SEG6_LOCAL_ACTION_END_DT6:
+		return "End.DT6"
+	case SEG6_LOCAL_ACTION_END_DT4:
+		return "End.DT4"
+	case SEG6_LOCAL_ACTION_END_B6:
+		return "End.B6"
+	case SEG6_LOCAL_ACTION_END_B6_ENCAPS:
+		return "End.B6.Encaps"
+	case SEG6_LOCAL_ACTION_END_BM:
+		return "End.BM"
+	case SEG6_LOCAL_ACTION_END_S:
+		return "End.S"
+	case SEG6_LOCAL_ACTION_END_AS:
+		return "End.AS"
+	case SEG6_LOCAL_ACTION_END_AM:
+		return "End.AM"
+	}
+	return "unknown"
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/syscall.go b/vendor/github.com/vishvananda/netlink/nl/syscall.go
index 3473e536384df..f7f7f92e6fa12 100644
--- a/vendor/github.com/vishvananda/netlink/nl/syscall.go
+++ b/vendor/github.com/vishvananda/netlink/nl/syscall.go
@@ -42,16 +42,6 @@ const (
 	TCPDIAG_NOCOOKIE    = 0xFFFFFFFF /* TCPDIAG_NOCOOKIE in net/ipv4/tcp_diag.h*/
 )
 
-const (
-	AF_MPLS = 28
-)
-
-const (
-	RTA_NEWDST     = 0x13
-	RTA_ENCAP_TYPE = 0x15
-	RTA_ENCAP      = 0x16
-)
-
 // RTA_ENCAP subtype
 const (
 	MPLS_IPTUNNEL_UNSPEC = iota
@@ -65,4 +55,15 @@ const (
 	LWTUNNEL_ENCAP_IP
 	LWTUNNEL_ENCAP_ILA
 	LWTUNNEL_ENCAP_IP6
+	LWTUNNEL_ENCAP_SEG6
+	LWTUNNEL_ENCAP_BPF
+	LWTUNNEL_ENCAP_SEG6_LOCAL
+)
+
+// routing header types
+const (
+	IPV6_SRCRT_STRICT = 0x01 // Deprecated; will be removed
+	IPV6_SRCRT_TYPE_0 = 0    // Deprecated; will be removed
+	IPV6_SRCRT_TYPE_2 = 2    // IPv6 type 2 Routing Header
+	IPV6_SRCRT_TYPE_4 = 4    // Segment Routing with IPv6
 )
diff --git a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
index e91fb21c55869..501f554b216c9 100644
--- a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
@@ -1,6 +1,7 @@
 package nl
 
 import (
+	"encoding/binary"
 	"unsafe"
 )
 
@@ -64,6 +65,15 @@ const (
 	TCA_PRIO_MAX = TCA_PRIO_MQ
 )
 
+const (
+	TCA_STATS_UNSPEC = iota
+	TCA_STATS_BASIC
+	TCA_STATS_RATE_EST
+	TCA_STATS_QUEUE
+	TCA_STATS_APP
+	TCA_STATS_MAX = TCA_STATS_APP
+)
+
 const (
 	SizeofTcMsg          = 0x14
 	SizeofTcActionMsg    = 0x04
@@ -79,7 +89,10 @@ const (
 	SizeofTcU32Key       = 0x10
 	SizeofTcU32Sel       = 0x10 // without keys
 	SizeofTcGen          = 0x14
+	SizeofTcConnmark     = SizeofTcGen + 0x04
 	SizeofTcMirred       = SizeofTcGen + 0x08
+	SizeofTcTunnelKey    = SizeofTcGen + 0x04
+	SizeofTcSkbEdit      = SizeofTcGen
 	SizeofTcPolice       = 2*SizeofTcRateSpec + 0x20
 )
 
@@ -412,6 +425,57 @@ func (x *TcHtbGlob) Serialize() []byte {
 	return (*(*[SizeofTcHtbGlob]byte)(unsafe.Pointer(x)))[:]
 }
 
+// HFSC
+
+type Curve struct {
+	m1 uint32
+	d  uint32
+	m2 uint32
+}
+
+type HfscCopt struct {
+	Rsc Curve
+	Fsc Curve
+	Usc Curve
+}
+
+func (c *Curve) Attrs() (uint32, uint32, uint32) {
+	return c.m1, c.d, c.m2
+}
+
+func (c *Curve) Set(m1 uint32, d uint32, m2 uint32) {
+	c.m1 = m1
+	c.d = d
+	c.m2 = m2
+}
+
+func DeserializeHfscCurve(b []byte) *Curve {
+	return &Curve{
+		m1: binary.LittleEndian.Uint32(b[0:4]),
+		d:  binary.LittleEndian.Uint32(b[4:8]),
+		m2: binary.LittleEndian.Uint32(b[8:12]),
+	}
+}
+
+func SerializeHfscCurve(c *Curve) (b []byte) {
+	t := make([]byte, binary.MaxVarintLen32)
+	binary.LittleEndian.PutUint32(t, c.m1)
+	b = append(b, t[:4]...)
+	binary.LittleEndian.PutUint32(t, c.d)
+	b = append(b, t[:4]...)
+	binary.LittleEndian.PutUint32(t, c.m2)
+	b = append(b, t[:4]...)
+	return b
+}
+
+type TcHfscOpt struct {
+	Defcls uint16
+}
+
+func (x *TcHfscOpt) Serialize() []byte {
+	return (*(*[2]byte)(unsafe.Pointer(x)))[:]
+}
+
 const (
 	TCA_U32_UNSPEC = iota
 	TCA_U32_CLASSID
@@ -586,11 +650,47 @@ const (
 	TCA_BPF_FD
 	TCA_BPF_NAME
 	TCA_BPF_FLAGS
-	TCA_BPF_MAX = TCA_BPF_FLAGS
+	TCA_BPF_FLAGS_GEN
+	TCA_BPF_TAG
+	TCA_BPF_ID
+	TCA_BPF_MAX = TCA_BPF_ID
 )
 
 type TcBpf TcGen
 
+const (
+	TCA_ACT_CONNMARK = 14
+)
+
+const (
+	TCA_CONNMARK_UNSPEC = iota
+	TCA_CONNMARK_PARMS
+	TCA_CONNMARK_TM
+	TCA_CONNMARK_MAX = TCA_CONNMARK_TM
+)
+
+// struct tc_connmark {
+//   tc_gen;
+//   __u16 zone;
+// };
+
+type TcConnmark struct {
+	TcGen
+	Zone uint16
+}
+
+func (msg *TcConnmark) Len() int {
+	return SizeofTcConnmark
+}
+
+func DeserializeTcConnmark(b []byte) *TcConnmark {
+	return (*TcConnmark)(unsafe.Pointer(&b[0:SizeofTcConnmark][0]))
+}
+
+func (x *TcConnmark) Serialize() []byte {
+	return (*(*[SizeofTcConnmark]byte)(unsafe.Pointer(x)))[:]
+}
+
 const (
 	TCA_ACT_MIRRED = 8
 )
@@ -626,6 +726,63 @@ func (x *TcMirred) Serialize() []byte {
 	return (*(*[SizeofTcMirred]byte)(unsafe.Pointer(x)))[:]
 }
 
+const (
+	TCA_TUNNEL_KEY_UNSPEC = iota
+	TCA_TUNNEL_KEY_TM
+	TCA_TUNNEL_KEY_PARMS
+	TCA_TUNNEL_KEY_ENC_IPV4_SRC
+	TCA_TUNNEL_KEY_ENC_IPV4_DST
+	TCA_TUNNEL_KEY_ENC_IPV6_SRC
+	TCA_TUNNEL_KEY_ENC_IPV6_DST
+	TCA_TUNNEL_KEY_ENC_KEY_ID
+	TCA_TUNNEL_KEY_MAX = TCA_TUNNEL_KEY_ENC_KEY_ID
+)
+
+type TcTunnelKey struct {
+	TcGen
+	Action int32
+}
+
+func (x *TcTunnelKey) Len() int {
+	return SizeofTcTunnelKey
+}
+
+func DeserializeTunnelKey(b []byte) *TcTunnelKey {
+	return (*TcTunnelKey)(unsafe.Pointer(&b[0:SizeofTcTunnelKey][0]))
+}
+
+func (x *TcTunnelKey) Serialize() []byte {
+	return (*(*[SizeofTcTunnelKey]byte)(unsafe.Pointer(x)))[:]
+}
+
+const (
+	TCA_SKBEDIT_UNSPEC = iota
+	TCA_SKBEDIT_TM
+	TCA_SKBEDIT_PARMS
+	TCA_SKBEDIT_PRIORITY
+	TCA_SKBEDIT_QUEUE_MAPPING
+	TCA_SKBEDIT_MARK
+	TCA_SKBEDIT_PAD
+	TCA_SKBEDIT_PTYPE
+	TCA_SKBEDIT_MAX = TCA_SKBEDIT_MARK
+)
+
+type TcSkbEdit struct {
+	TcGen
+}
+
+func (x *TcSkbEdit) Len() int {
+	return SizeofTcSkbEdit
+}
+
+func DeserializeSkbEdit(b []byte) *TcSkbEdit {
+	return (*TcSkbEdit)(unsafe.Pointer(&b[0:SizeofTcSkbEdit][0]))
+}
+
+func (x *TcSkbEdit) Serialize() []byte {
+	return (*(*[SizeofTcSkbEdit]byte)(unsafe.Pointer(x)))[:]
+}
+
 // struct tc_police {
 // 	__u32			index;
 // 	int			action;
@@ -673,3 +830,45 @@ const (
 	TCA_FW_MASK
 	TCA_FW_MAX = TCA_FW_MASK
 )
+
+const (
+	TCA_MATCHALL_UNSPEC = iota
+	TCA_MATCHALL_CLASSID
+	TCA_MATCHALL_ACT
+	TCA_MATCHALL_FLAGS
+)
+
+const (
+	TCA_FQ_UNSPEC             = iota
+	TCA_FQ_PLIMIT             // limit of total number of packets in queue
+	TCA_FQ_FLOW_PLIMIT        // limit of packets per flow
+	TCA_FQ_QUANTUM            // RR quantum
+	TCA_FQ_INITIAL_QUANTUM    // RR quantum for new flow
+	TCA_FQ_RATE_ENABLE        // enable/disable rate limiting
+	TCA_FQ_FLOW_DEFAULT_RATE  // obsolete do not use
+	TCA_FQ_FLOW_MAX_RATE      // per flow max rate
+	TCA_FQ_BUCKETS_LOG        // log2(number of buckets)
+	TCA_FQ_FLOW_REFILL_DELAY  // flow credit refill delay in usec
+	TCA_FQ_ORPHAN_MASK        // mask applied to orphaned skb hashes
+	TCA_FQ_LOW_RATE_THRESHOLD // per packet delay under this rate
+)
+
+const (
+	TCA_FQ_CODEL_UNSPEC = iota
+	TCA_FQ_CODEL_TARGET
+	TCA_FQ_CODEL_LIMIT
+	TCA_FQ_CODEL_INTERVAL
+	TCA_FQ_CODEL_ECN
+	TCA_FQ_CODEL_FLOWS
+	TCA_FQ_CODEL_QUANTUM
+	TCA_FQ_CODEL_CE_THRESHOLD
+	TCA_FQ_CODEL_DROP_BATCH_SIZE
+	TCA_FQ_CODEL_MEMORY_LIMIT
+)
+
+const (
+	TCA_HFSC_UNSPEC = iota
+	TCA_HFSC_RSC
+	TCA_HFSC_FSC
+	TCA_HFSC_USC
+)
diff --git a/vendor/github.com/vishvananda/netlink/nl/xfrm_linux.go b/vendor/github.com/vishvananda/netlink/nl/xfrm_linux.go
index 09a2ffa10ef79..dce9073f7b587 100644
--- a/vendor/github.com/vishvananda/netlink/nl/xfrm_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/xfrm_linux.go
@@ -50,34 +50,44 @@ const (
 // Attribute types
 const (
 	/* Netlink message attributes.  */
-	XFRMA_UNSPEC         = 0x00
-	XFRMA_ALG_AUTH       = 0x01 /* struct xfrm_algo */
-	XFRMA_ALG_CRYPT      = 0x02 /* struct xfrm_algo */
-	XFRMA_ALG_COMP       = 0x03 /* struct xfrm_algo */
-	XFRMA_ENCAP          = 0x04 /* struct xfrm_algo + struct xfrm_encap_tmpl */
-	XFRMA_TMPL           = 0x05 /* 1 or more struct xfrm_user_tmpl */
-	XFRMA_SA             = 0x06 /* struct xfrm_usersa_info  */
-	XFRMA_POLICY         = 0x07 /* struct xfrm_userpolicy_info */
-	XFRMA_SEC_CTX        = 0x08 /* struct xfrm_sec_ctx */
-	XFRMA_LTIME_VAL      = 0x09
-	XFRMA_REPLAY_VAL     = 0x0a
-	XFRMA_REPLAY_THRESH  = 0x0b
-	XFRMA_ETIMER_THRESH  = 0x0c
-	XFRMA_SRCADDR        = 0x0d /* xfrm_address_t */
-	XFRMA_COADDR         = 0x0e /* xfrm_address_t */
-	XFRMA_LASTUSED       = 0x0f /* unsigned long  */
-	XFRMA_POLICY_TYPE    = 0x10 /* struct xfrm_userpolicy_type */
-	XFRMA_MIGRATE        = 0x11
-	XFRMA_ALG_AEAD       = 0x12 /* struct xfrm_algo_aead */
-	XFRMA_KMADDRESS      = 0x13 /* struct xfrm_user_kmaddress */
-	XFRMA_ALG_AUTH_TRUNC = 0x14 /* struct xfrm_algo_auth */
-	XFRMA_MARK           = 0x15 /* struct xfrm_mark */
-	XFRMA_TFCPAD         = 0x16 /* __u32 */
-	XFRMA_REPLAY_ESN_VAL = 0x17 /* struct xfrm_replay_esn */
-	XFRMA_SA_EXTRA_FLAGS = 0x18 /* __u32 */
-	XFRMA_MAX            = 0x18
+	XFRMA_UNSPEC    = iota
+	XFRMA_ALG_AUTH  /* struct xfrm_algo */
+	XFRMA_ALG_CRYPT /* struct xfrm_algo */
+	XFRMA_ALG_COMP  /* struct xfrm_algo */
+	XFRMA_ENCAP     /* struct xfrm_algo + struct xfrm_encap_tmpl */
+	XFRMA_TMPL      /* 1 or more struct xfrm_user_tmpl */
+	XFRMA_SA        /* struct xfrm_usersa_info  */
+	XFRMA_POLICY    /* struct xfrm_userpolicy_info */
+	XFRMA_SEC_CTX   /* struct xfrm_sec_ctx */
+	XFRMA_LTIME_VAL
+	XFRMA_REPLAY_VAL
+	XFRMA_REPLAY_THRESH
+	XFRMA_ETIMER_THRESH
+	XFRMA_SRCADDR     /* xfrm_address_t */
+	XFRMA_COADDR      /* xfrm_address_t */
+	XFRMA_LASTUSED    /* unsigned long  */
+	XFRMA_POLICY_TYPE /* struct xfrm_userpolicy_type */
+	XFRMA_MIGRATE
+	XFRMA_ALG_AEAD       /* struct xfrm_algo_aead */
+	XFRMA_KMADDRESS      /* struct xfrm_user_kmaddress */
+	XFRMA_ALG_AUTH_TRUNC /* struct xfrm_algo_auth */
+	XFRMA_MARK           /* struct xfrm_mark */
+	XFRMA_TFCPAD         /* __u32 */
+	XFRMA_REPLAY_ESN_VAL /* struct xfrm_replay_esn */
+	XFRMA_SA_EXTRA_FLAGS /* __u32 */
+	XFRMA_PROTO          /* __u8 */
+	XFRMA_ADDRESS_FILTER /* struct xfrm_address_filter */
+	XFRMA_PAD
+	XFRMA_OFFLOAD_DEV   /* struct xfrm_state_offload */
+	XFRMA_SET_MARK      /* __u32 */
+	XFRMA_SET_MARK_MASK /* __u32 */
+	XFRMA_IF_ID         /* __u32 */
+
+	XFRMA_MAX = iota - 1
 )
 
+const XFRMA_OUTPUT_MARK = XFRMA_SET_MARK
+
 const (
 	SizeofXfrmAddress     = 0x10
 	SizeofXfrmSelector    = 0x38
diff --git a/vendor/github.com/vishvananda/netlink/protinfo.go b/vendor/github.com/vishvananda/netlink/protinfo.go
index 0087c4438bc26..60b23b3742c9d 100644
--- a/vendor/github.com/vishvananda/netlink/protinfo.go
+++ b/vendor/github.com/vishvananda/netlink/protinfo.go
@@ -18,6 +18,10 @@ type Protinfo struct {
 
 // String returns a list of enabled flags
 func (prot *Protinfo) String() string {
+	if prot == nil {
+		return "<nil>"
+	}
+
 	var boolStrings []string
 	if prot.Hairpin {
 		boolStrings = append(boolStrings, "Hairpin")
diff --git a/vendor/github.com/vishvananda/netlink/protinfo_linux.go b/vendor/github.com/vishvananda/netlink/protinfo_linux.go
index 10dd0d53357c5..15b65123cef7b 100644
--- a/vendor/github.com/vishvananda/netlink/protinfo_linux.go
+++ b/vendor/github.com/vishvananda/netlink/protinfo_linux.go
@@ -5,6 +5,7 @@ import (
 	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 func LinkGetProtinfo(link Link) (Protinfo, error) {
@@ -15,10 +16,10 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
 	base := link.Attrs()
 	h.ensureIndex(base)
 	var pi Protinfo
-	req := h.newNetlinkRequest(syscall.RTM_GETLINK, syscall.NLM_F_DUMP)
-	msg := nl.NewIfInfomsg(syscall.AF_BRIDGE)
+	req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP)
+	msg := nl.NewIfInfomsg(unix.AF_BRIDGE)
 	req.AddData(msg)
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	if err != nil {
 		return pi, err
 	}
@@ -33,14 +34,14 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
 			return pi, err
 		}
 		for _, attr := range attrs {
-			if attr.Attr.Type != syscall.IFLA_PROTINFO|syscall.NLA_F_NESTED {
+			if attr.Attr.Type != unix.IFLA_PROTINFO|unix.NLA_F_NESTED {
 				continue
 			}
 			infos, err := nl.ParseRouteAttr(attr.Value)
 			if err != nil {
 				return pi, err
 			}
-			pi = *parseProtinfo(infos)
+			pi = parseProtinfo(infos)
 
 			return pi, nil
 		}
@@ -48,8 +49,7 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
 	return pi, fmt.Errorf("Device with index %d not found", base.Index)
 }
 
-func parseProtinfo(infos []syscall.NetlinkRouteAttr) *Protinfo {
-	var pi Protinfo
+func parseProtinfo(infos []syscall.NetlinkRouteAttr) (pi Protinfo) {
 	for _, info := range infos {
 		switch info.Attr.Type {
 		case nl.IFLA_BRPORT_MODE:
@@ -70,5 +70,5 @@ func parseProtinfo(infos []syscall.NetlinkRouteAttr) *Protinfo {
 			pi.ProxyArpWiFi = byteToBool(info.Value[0])
 		}
 	}
-	return &pi
+	return
 }
diff --git a/vendor/github.com/vishvananda/netlink/qdisc.go b/vendor/github.com/vishvananda/netlink/qdisc.go
index 0ca86ebe89ff5..af78305ac26a5 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc.go
@@ -176,6 +176,13 @@ type Netem struct {
 	CorruptCorr   uint32
 }
 
+func (netem *Netem) String() string {
+	return fmt.Sprintf(
+		"{Latency: %v, Limit: %v, Loss: %v, Gap: %v, Duplicate: %v, Jitter: %v}",
+		netem.Latency, netem.Limit, netem.Loss, netem.Gap, netem.Duplicate, netem.Jitter,
+	)
+}
+
 func (qdisc *Netem) Attrs() *QdiscAttrs {
 	return &qdisc.QdiscAttrs
 }
@@ -230,3 +237,104 @@ func (qdisc *GenericQdisc) Attrs() *QdiscAttrs {
 func (qdisc *GenericQdisc) Type() string {
 	return qdisc.QdiscType
 }
+
+type Hfsc struct {
+	QdiscAttrs
+	Defcls uint16
+}
+
+func NewHfsc(attrs QdiscAttrs) *Hfsc {
+	return &Hfsc{
+		QdiscAttrs: attrs,
+		Defcls:     1,
+	}
+}
+
+func (hfsc *Hfsc) Attrs() *QdiscAttrs {
+	return &hfsc.QdiscAttrs
+}
+
+func (hfsc *Hfsc) Type() string {
+	return "hfsc"
+}
+
+func (hfsc *Hfsc) String() string {
+	return fmt.Sprintf(
+		"{%v -- default: %d}",
+		hfsc.Attrs(), hfsc.Defcls,
+	)
+}
+
+// Fq is a classless packet scheduler meant to be mostly used for locally generated traffic.
+type Fq struct {
+	QdiscAttrs
+	PacketLimit     uint32
+	FlowPacketLimit uint32
+	// In bytes
+	Quantum        uint32
+	InitialQuantum uint32
+	// called RateEnable under the hood
+	Pacing          uint32
+	FlowDefaultRate uint32
+	FlowMaxRate     uint32
+	// called BucketsLog under the hood
+	Buckets          uint32
+	FlowRefillDelay  uint32
+	LowRateThreshold uint32
+}
+
+func (fq *Fq) String() string {
+	return fmt.Sprintf(
+		"{PacketLimit: %v, FlowPacketLimit: %v, Quantum: %v, InitialQuantum: %v, Pacing: %v, FlowDefaultRate: %v, FlowMaxRate: %v, Buckets: %v, FlowRefillDelay: %v,  LowRateThreshold: %v}",
+		fq.PacketLimit, fq.FlowPacketLimit, fq.Quantum, fq.InitialQuantum, fq.Pacing, fq.FlowDefaultRate, fq.FlowMaxRate, fq.Buckets, fq.FlowRefillDelay, fq.LowRateThreshold,
+	)
+}
+
+func NewFq(attrs QdiscAttrs) *Fq {
+	return &Fq{
+		QdiscAttrs: attrs,
+		Pacing:     1,
+	}
+}
+
+func (qdisc *Fq) Attrs() *QdiscAttrs {
+	return &qdisc.QdiscAttrs
+}
+
+func (qdisc *Fq) Type() string {
+	return "fq"
+}
+
+// FQ_Codel (Fair Queuing Controlled Delay) is queuing discipline that combines Fair Queuing with the CoDel AQM scheme.
+type FqCodel struct {
+	QdiscAttrs
+	Target   uint32
+	Limit    uint32
+	Interval uint32
+	ECN      uint32
+	Flows    uint32
+	Quantum  uint32
+	// There are some more attributes here, but support for them seems not ubiquitous
+}
+
+func (fqcodel *FqCodel) String() string {
+	return fmt.Sprintf(
+		"{%v -- Target: %v, Limit: %v, Interval: %v, ECM: %v, Flows: %v, Quantum: %v}",
+		fqcodel.Attrs(), fqcodel.Target, fqcodel.Limit, fqcodel.Interval, fqcodel.ECN, fqcodel.Flows, fqcodel.Quantum,
+	)
+}
+
+func NewFqCodel(attrs QdiscAttrs) *FqCodel {
+	return &FqCodel{
+		QdiscAttrs: attrs,
+		ECN:        1,
+	}
+}
+
+func (qdisc *FqCodel) Attrs() *QdiscAttrs {
+	return &qdisc.QdiscAttrs
+}
+
+func (qdisc *FqCodel) Type() string {
+	return "fq_codel"
+}
diff --git a/vendor/github.com/vishvananda/netlink/qdisc_linux.go b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
index 1123396e47dd8..e9eee59084fa7 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
@@ -8,6 +8,7 @@ import (
 	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 // NOTE function is here because it uses other linux functions
@@ -84,7 +85,7 @@ func QdiscDel(qdisc Qdisc) error {
 // QdiscDel will delete a qdisc from the system.
 // Equivalent to: `tc qdisc del $qdisc`
 func (h *Handle) QdiscDel(qdisc Qdisc) error {
-	return h.qdiscModify(syscall.RTM_DELQDISC, 0, qdisc)
+	return h.qdiscModify(unix.RTM_DELQDISC, 0, qdisc)
 }
 
 // QdiscChange will change a qdisc in place
@@ -98,7 +99,7 @@ func QdiscChange(qdisc Qdisc) error {
 // Equivalent to: `tc qdisc change $qdisc`
 // The parent and handle MUST NOT be changed.
 func (h *Handle) QdiscChange(qdisc Qdisc) error {
-	return h.qdiscModify(syscall.RTM_NEWQDISC, 0, qdisc)
+	return h.qdiscModify(unix.RTM_NEWQDISC, 0, qdisc)
 }
 
 // QdiscReplace will replace a qdisc to the system.
@@ -113,8 +114,8 @@ func QdiscReplace(qdisc Qdisc) error {
 // The handle MUST change.
 func (h *Handle) QdiscReplace(qdisc Qdisc) error {
 	return h.qdiscModify(
-		syscall.RTM_NEWQDISC,
-		syscall.NLM_F_CREATE|syscall.NLM_F_REPLACE,
+		unix.RTM_NEWQDISC,
+		unix.NLM_F_CREATE|unix.NLM_F_REPLACE,
 		qdisc)
 }
 
@@ -128,13 +129,13 @@ func QdiscAdd(qdisc Qdisc) error {
 // Equivalent to: `tc qdisc add $qdisc`
 func (h *Handle) QdiscAdd(qdisc Qdisc) error {
 	return h.qdiscModify(
-		syscall.RTM_NEWQDISC,
-		syscall.NLM_F_CREATE|syscall.NLM_F_EXCL,
+		unix.RTM_NEWQDISC,
+		unix.NLM_F_CREATE|unix.NLM_F_EXCL,
 		qdisc)
 }
 
 func (h *Handle) qdiscModify(cmd, flags int, qdisc Qdisc) error {
-	req := h.newNetlinkRequest(cmd, flags|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(cmd, flags|unix.NLM_F_ACK)
 	base := qdisc.Attrs()
 	msg := &nl.TcMsg{
 		Family:  nl.FAMILY_ALL,
@@ -145,13 +146,13 @@ func (h *Handle) qdiscModify(cmd, flags int, qdisc Qdisc) error {
 	req.AddData(msg)
 
 	// When deleting don't bother building the rest of the netlink payload
-	if cmd != syscall.RTM_DELQDISC {
+	if cmd != unix.RTM_DELQDISC {
 		if err := qdiscPayload(req, qdisc); err != nil {
 			return err
 		}
 	}
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -174,15 +175,15 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error {
 		opt.Peakrate.Rate = uint32(qdisc.Peakrate)
 		opt.Limit = qdisc.Limit
 		opt.Buffer = qdisc.Buffer
-		nl.NewRtAttrChild(options, nl.TCA_TBF_PARMS, opt.Serialize())
+		options.AddRtAttr(nl.TCA_TBF_PARMS, opt.Serialize())
 		if qdisc.Rate >= uint64(1<<32) {
-			nl.NewRtAttrChild(options, nl.TCA_TBF_RATE64, nl.Uint64Attr(qdisc.Rate))
+			options.AddRtAttr(nl.TCA_TBF_RATE64, nl.Uint64Attr(qdisc.Rate))
 		}
 		if qdisc.Peakrate >= uint64(1<<32) {
-			nl.NewRtAttrChild(options, nl.TCA_TBF_PRATE64, nl.Uint64Attr(qdisc.Peakrate))
+			options.AddRtAttr(nl.TCA_TBF_PRATE64, nl.Uint64Attr(qdisc.Peakrate))
 		}
 		if qdisc.Peakrate > 0 {
-			nl.NewRtAttrChild(options, nl.TCA_TBF_PBURST, nl.Uint32Attr(qdisc.Minburst))
+			options.AddRtAttr(nl.TCA_TBF_PBURST, nl.Uint32Attr(qdisc.Minburst))
 		}
 	case *Htb:
 		opt := nl.TcHtbGlob{}
@@ -192,8 +193,12 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error {
 		// TODO: Handle Debug properly. For now default to 0
 		opt.Debug = qdisc.Debug
 		opt.DirectPkts = qdisc.DirectPkts
-		nl.NewRtAttrChild(options, nl.TCA_HTB_INIT, opt.Serialize())
-		// nl.NewRtAttrChild(options, nl.TCA_HTB_DIRECT_QLEN, opt.Serialize())
+		options.AddRtAttr(nl.TCA_HTB_INIT, opt.Serialize())
+		// options.AddRtAttr(nl.TCA_HTB_DIRECT_QLEN, opt.Serialize())
+	case *Hfsc:
+		opt := nl.TcHfscOpt{}
+		opt.Defcls = qdisc.Defcls
+		options = nl.NewRtAttr(nl.TCA_OPTIONS, opt.Serialize())
 	case *Netem:
 		opt := nl.TcNetemQopt{}
 		opt.Latency = qdisc.Latency
@@ -210,30 +215,76 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error {
 		corr.DupCorr = qdisc.DuplicateCorr
 
 		if corr.DelayCorr > 0 || corr.LossCorr > 0 || corr.DupCorr > 0 {
-			nl.NewRtAttrChild(options, nl.TCA_NETEM_CORR, corr.Serialize())
+			options.AddRtAttr(nl.TCA_NETEM_CORR, corr.Serialize())
 		}
 		// Corruption
 		corruption := nl.TcNetemCorrupt{}
 		corruption.Probability = qdisc.CorruptProb
 		corruption.Correlation = qdisc.CorruptCorr
 		if corruption.Probability > 0 {
-			nl.NewRtAttrChild(options, nl.TCA_NETEM_CORRUPT, corruption.Serialize())
+			options.AddRtAttr(nl.TCA_NETEM_CORRUPT, corruption.Serialize())
 		}
 		// Reorder
 		reorder := nl.TcNetemReorder{}
 		reorder.Probability = qdisc.ReorderProb
 		reorder.Correlation = qdisc.ReorderCorr
 		if reorder.Probability > 0 {
-			nl.NewRtAttrChild(options, nl.TCA_NETEM_REORDER, reorder.Serialize())
+			options.AddRtAttr(nl.TCA_NETEM_REORDER, reorder.Serialize())
 		}
 	case *Ingress:
 		// ingress filters must use the proper handle
 		if qdisc.Attrs().Parent != HANDLE_INGRESS {
 			return fmt.Errorf("Ingress filters must set Parent to HANDLE_INGRESS")
 		}
+	case *FqCodel:
+		options.AddRtAttr(nl.TCA_FQ_CODEL_ECN, nl.Uint32Attr((uint32(qdisc.ECN))))
+		if qdisc.Limit > 0 {
+			options.AddRtAttr(nl.TCA_FQ_CODEL_LIMIT, nl.Uint32Attr((uint32(qdisc.Limit))))
+		}
+		if qdisc.Interval > 0 {
+			options.AddRtAttr(nl.TCA_FQ_CODEL_INTERVAL, nl.Uint32Attr((uint32(qdisc.Interval))))
+		}
+		if qdisc.Flows > 0 {
+			options.AddRtAttr(nl.TCA_FQ_CODEL_FLOWS, nl.Uint32Attr((uint32(qdisc.Flows))))
+		}
+		if qdisc.Quantum > 0 {
+			options.AddRtAttr(nl.TCA_FQ_CODEL_QUANTUM, nl.Uint32Attr((uint32(qdisc.Quantum))))
+		}
+
+	case *Fq:
+		options.AddRtAttr(nl.TCA_FQ_RATE_ENABLE, nl.Uint32Attr((uint32(qdisc.Pacing))))
+
+		if qdisc.Buckets > 0 {
+			options.AddRtAttr(nl.TCA_FQ_BUCKETS_LOG, nl.Uint32Attr((uint32(qdisc.Buckets))))
+		}
+		if qdisc.LowRateThreshold > 0 {
+			options.AddRtAttr(nl.TCA_FQ_LOW_RATE_THRESHOLD, nl.Uint32Attr((uint32(qdisc.LowRateThreshold))))
+		}
+		if qdisc.Quantum > 0 {
+			options.AddRtAttr(nl.TCA_FQ_QUANTUM, nl.Uint32Attr((uint32(qdisc.Quantum))))
+		}
+		if qdisc.InitialQuantum > 0 {
+			options.AddRtAttr(nl.TCA_FQ_INITIAL_QUANTUM, nl.Uint32Attr((uint32(qdisc.InitialQuantum))))
+		}
+		if qdisc.FlowRefillDelay > 0 {
+			options.AddRtAttr(nl.TCA_FQ_FLOW_REFILL_DELAY, nl.Uint32Attr((uint32(qdisc.FlowRefillDelay))))
+		}
+		if qdisc.FlowPacketLimit > 0 {
+			options.AddRtAttr(nl.TCA_FQ_FLOW_PLIMIT, nl.Uint32Attr((uint32(qdisc.FlowPacketLimit))))
+		}
+		if qdisc.FlowMaxRate > 0 {
+			options.AddRtAttr(nl.TCA_FQ_FLOW_MAX_RATE, nl.Uint32Attr((uint32(qdisc.FlowMaxRate))))
+		}
+		if qdisc.FlowDefaultRate > 0 {
+			options.AddRtAttr(nl.TCA_FQ_FLOW_DEFAULT_RATE, nl.Uint32Attr((uint32(qdisc.FlowDefaultRate))))
+		}
+	default:
+		options = nil
 	}
 
-	req.AddData(options)
+	if options != nil {
+		req.AddData(options)
+	}
 	return nil
 }
 
@@ -248,7 +299,7 @@ func QdiscList(link Link) ([]Qdisc, error) {
 // Equivalent to: `tc qdisc show`.
 // The list can be filtered by link.
 func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETQDISC, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(unix.RTM_GETQDISC, unix.NLM_F_DUMP)
 	index := int32(0)
 	if link != nil {
 		base := link.Attrs()
@@ -261,7 +312,7 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
 	}
 	req.AddData(msg)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWQDISC)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWQDISC)
 	if err != nil {
 		return nil, err
 	}
@@ -303,6 +354,12 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
 					qdisc = &Ingress{}
 				case "htb":
 					qdisc = &Htb{}
+				case "fq":
+					qdisc = &Fq{}
+				case "hfsc":
+					qdisc = &Hfsc{}
+				case "fq_codel":
+					qdisc = &FqCodel{}
 				case "netem":
 					qdisc = &Netem{}
 				default:
@@ -328,6 +385,10 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
 					if err := parseTbfData(qdisc, data); err != nil {
 						return nil, err
 					}
+				case "hfsc":
+					if err := parseHfscData(qdisc, attr.Value); err != nil {
+						return nil, err
+					}
 				case "htb":
 					data, err := nl.ParseRouteAttr(attr.Value)
 					if err != nil {
@@ -336,6 +397,22 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
 					if err := parseHtbData(qdisc, data); err != nil {
 						return nil, err
 					}
+				case "fq":
+					data, err := nl.ParseRouteAttr(attr.Value)
+					if err != nil {
+						return nil, err
+					}
+					if err := parseFqData(qdisc, data); err != nil {
+						return nil, err
+					}
+				case "fq_codel":
+					data, err := nl.ParseRouteAttr(attr.Value)
+					if err != nil {
+						return nil, err
+					}
+					if err := parseFqCodelData(qdisc, data); err != nil {
+						return nil, err
+					}
 				case "netem":
 					if err := parseNetemData(qdisc, attr.Value); err != nil {
 						return nil, err
@@ -388,6 +465,68 @@ func parseHtbData(qdisc Qdisc, data []syscall.NetlinkRouteAttr) error {
 	return nil
 }
 
+func parseFqCodelData(qdisc Qdisc, data []syscall.NetlinkRouteAttr) error {
+	native = nl.NativeEndian()
+	fqCodel := qdisc.(*FqCodel)
+	for _, datum := range data {
+
+		switch datum.Attr.Type {
+		case nl.TCA_FQ_CODEL_TARGET:
+			fqCodel.Target = native.Uint32(datum.Value)
+		case nl.TCA_FQ_CODEL_LIMIT:
+			fqCodel.Limit = native.Uint32(datum.Value)
+		case nl.TCA_FQ_CODEL_INTERVAL:
+			fqCodel.Interval = native.Uint32(datum.Value)
+		case nl.TCA_FQ_CODEL_ECN:
+			fqCodel.ECN = native.Uint32(datum.Value)
+		case nl.TCA_FQ_CODEL_FLOWS:
+			fqCodel.Flows = native.Uint32(datum.Value)
+		case nl.TCA_FQ_CODEL_QUANTUM:
+			fqCodel.Quantum = native.Uint32(datum.Value)
+		}
+	}
+	return nil
+}
+
+func parseHfscData(qdisc Qdisc, data []byte) error {
+	Hfsc := qdisc.(*Hfsc)
+	native = nl.NativeEndian()
+	Hfsc.Defcls = native.Uint16(data)
+	return nil
+}
+
+func parseFqData(qdisc Qdisc, data []syscall.NetlinkRouteAttr) error {
+	native = nl.NativeEndian()
+	fq := qdisc.(*Fq)
+	for _, datum := range data {
+		switch datum.Attr.Type {
+		case nl.TCA_FQ_BUCKETS_LOG:
+			fq.Buckets = native.Uint32(datum.Value)
+		case nl.TCA_FQ_LOW_RATE_THRESHOLD:
+			fq.LowRateThreshold = native.Uint32(datum.Value)
+		case nl.TCA_FQ_QUANTUM:
+			fq.Quantum = native.Uint32(datum.Value)
+		case nl.TCA_FQ_RATE_ENABLE:
+			fq.Pacing = native.Uint32(datum.Value)
+		case nl.TCA_FQ_INITIAL_QUANTUM:
+			fq.InitialQuantum = native.Uint32(datum.Value)
+		case nl.TCA_FQ_ORPHAN_MASK:
+			// TODO
+		case nl.TCA_FQ_FLOW_REFILL_DELAY:
+			fq.FlowRefillDelay = native.Uint32(datum.Value)
+		case nl.TCA_FQ_FLOW_PLIMIT:
+			fq.FlowPacketLimit = native.Uint32(datum.Value)
+		case nl.TCA_FQ_PLIMIT:
+			fq.PacketLimit = native.Uint32(datum.Value)
+		case nl.TCA_FQ_FLOW_MAX_RATE:
+			fq.FlowMaxRate = native.Uint32(datum.Value)
+		case nl.TCA_FQ_FLOW_DEFAULT_RATE:
+			fq.FlowDefaultRate = native.Uint32(datum.Value)
+		}
+	}
+	return nil
+}
+
 func parseNetemData(qdisc Qdisc, value []byte) error {
 	netem := qdisc.(*Netem)
 	opt := nl.DeserializeTcNetemQopt(value)
diff --git a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
new file mode 100644
index 0000000000000..2d0bdc8c36f5b
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
@@ -0,0 +1,264 @@
+package netlink
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"net"
+
+	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
+)
+
+// LinkAttrs represents data shared by most link types
+type RdmaLinkAttrs struct {
+	Index           uint32
+	Name            string
+	FirmwareVersion string
+	NodeGuid        string
+	SysImageGuid    string
+}
+
+// Link represents a rdma device from netlink.
+type RdmaLink struct {
+	Attrs RdmaLinkAttrs
+}
+
+func getProtoField(clientType int, op int) int {
+	return ((clientType << nl.RDMA_NL_GET_CLIENT_SHIFT) | op)
+}
+
+func uint64ToGuidString(guid uint64) string {
+	//Convert to byte array
+	sysGuidBytes := new(bytes.Buffer)
+	binary.Write(sysGuidBytes, binary.LittleEndian, guid)
+
+	//Convert to HardwareAddr
+	sysGuidNet := net.HardwareAddr(sysGuidBytes.Bytes())
+
+	//Get the String
+	return sysGuidNet.String()
+}
+
+func executeOneGetRdmaLink(data []byte) (*RdmaLink, error) {
+
+	link := RdmaLink{}
+
+	reader := bytes.NewReader(data)
+	for reader.Len() >= 4 {
+		_, attrType, len, value := parseNfAttrTLV(reader)
+
+		switch attrType {
+		case nl.RDMA_NLDEV_ATTR_DEV_INDEX:
+			var Index uint32
+			r := bytes.NewReader(value)
+			binary.Read(r, nl.NativeEndian(), &Index)
+			link.Attrs.Index = Index
+		case nl.RDMA_NLDEV_ATTR_DEV_NAME:
+			link.Attrs.Name = string(value[0 : len-1])
+		case nl.RDMA_NLDEV_ATTR_FW_VERSION:
+			link.Attrs.FirmwareVersion = string(value[0 : len-1])
+		case nl.RDMA_NLDEV_ATTR_NODE_GUID:
+			var guid uint64
+			r := bytes.NewReader(value)
+			binary.Read(r, nl.NativeEndian(), &guid)
+			link.Attrs.NodeGuid = uint64ToGuidString(guid)
+		case nl.RDMA_NLDEV_ATTR_SYS_IMAGE_GUID:
+			var sysGuid uint64
+			r := bytes.NewReader(value)
+			binary.Read(r, nl.NativeEndian(), &sysGuid)
+			link.Attrs.SysImageGuid = uint64ToGuidString(sysGuid)
+		}
+		if (len % 4) != 0 {
+			// Skip pad bytes
+			reader.Seek(int64(4-(len%4)), seekCurrent)
+		}
+	}
+	return &link, nil
+}
+
+func execRdmaGetLink(req *nl.NetlinkRequest, name string) (*RdmaLink, error) {
+
+	msgs, err := req.Execute(unix.NETLINK_RDMA, 0)
+	if err != nil {
+		return nil, err
+	}
+	for _, m := range msgs {
+		link, err := executeOneGetRdmaLink(m)
+		if err != nil {
+			return nil, err
+		}
+		if link.Attrs.Name == name {
+			return link, nil
+		}
+	}
+	return nil, fmt.Errorf("Rdma device %v not found", name)
+}
+
+func execRdmaSetLink(req *nl.NetlinkRequest) error {
+
+	_, err := req.Execute(unix.NETLINK_RDMA, 0)
+	return err
+}
+
+// RdmaLinkByName finds a link by name and returns a pointer to the object if
+// found and nil error, otherwise returns error code.
+func RdmaLinkByName(name string) (*RdmaLink, error) {
+	return pkgHandle.RdmaLinkByName(name)
+}
+
+// RdmaLinkByName finds a link by name and returns a pointer to the object if
+// found and nil error, otherwise returns error code.
+func (h *Handle) RdmaLinkByName(name string) (*RdmaLink, error) {
+
+	proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
+	req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
+
+	return execRdmaGetLink(req, name)
+}
+
+// RdmaLinkSetName sets the name of the rdma link device. Return nil on success
+// or error otherwise.
+// Equivalent to: `rdma dev set $old_devname name $name`
+func RdmaLinkSetName(link *RdmaLink, name string) error {
+	return pkgHandle.RdmaLinkSetName(link, name)
+}
+
+// RdmaLinkSetName sets the name of the rdma link device. Return nil on success
+// or error otherwise.
+// Equivalent to: `rdma dev set $old_devname name $name`
+func (h *Handle) RdmaLinkSetName(link *RdmaLink, name string) error {
+	proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_SET)
+	req := h.newNetlinkRequest(proto, unix.NLM_F_ACK)
+
+	b := make([]byte, 4)
+	native.PutUint32(b, uint32(link.Attrs.Index))
+	data := nl.NewRtAttr(nl.RDMA_NLDEV_ATTR_DEV_INDEX, b)
+	req.AddData(data)
+
+	b = make([]byte, len(name)+1)
+	copy(b, name)
+	data = nl.NewRtAttr(nl.RDMA_NLDEV_ATTR_DEV_NAME, b)
+	req.AddData(data)
+
+	return execRdmaSetLink(req)
+}
+
+func netnsModeToString(mode uint8) string {
+	switch mode {
+	case 0:
+		return "exclusive"
+	case 1:
+		return "shared"
+	default:
+		return "unknown"
+	}
+}
+
+func executeOneGetRdmaNetnsMode(data []byte) (string, error) {
+	reader := bytes.NewReader(data)
+	for reader.Len() >= 4 {
+		_, attrType, len, value := parseNfAttrTLV(reader)
+
+		switch attrType {
+		case nl.RDMA_NLDEV_SYS_ATTR_NETNS_MODE:
+			var mode uint8
+			r := bytes.NewReader(value)
+			binary.Read(r, nl.NativeEndian(), &mode)
+			return netnsModeToString(mode), nil
+		}
+		if (len % 4) != 0 {
+			// Skip pad bytes
+			reader.Seek(int64(4-(len%4)), seekCurrent)
+		}
+	}
+	return "", fmt.Errorf("Invalid netns mode")
+}
+
+// RdmaSystemGetNetnsMode gets the net namespace mode for RDMA subsystem
+// Returns mode string and error status as nil on success or returns error
+// otherwise.
+// Equivalent to: `rdma system show netns'
+func RdmaSystemGetNetnsMode() (string, error) {
+	return pkgHandle.RdmaSystemGetNetnsMode()
+}
+
+// RdmaSystemGetNetnsMode gets the net namespace mode for RDMA subsystem
+// Returns mode string and error status as nil on success or returns error
+// otherwise.
+// Equivalent to: `rdma system show netns'
+func (h *Handle) RdmaSystemGetNetnsMode() (string, error) {
+
+	proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_SYS_GET)
+	req := h.newNetlinkRequest(proto, unix.NLM_F_ACK)
+
+	msgs, err := req.Execute(unix.NETLINK_RDMA, 0)
+	if err != nil {
+		return "", err
+	}
+	if len(msgs) == 0 {
+		return "", fmt.Errorf("No valid response from kernel")
+	}
+	return executeOneGetRdmaNetnsMode(msgs[0])
+}
+
+func netnsModeStringToUint8(mode string) (uint8, error) {
+	switch mode {
+	case "exclusive":
+		return 0, nil
+	case "shared":
+		return 1, nil
+	default:
+		return 0, fmt.Errorf("Invalid mode; %q", mode)
+	}
+}
+
+// RdmaSystemSetNetnsMode sets the net namespace mode for RDMA subsystem
+// Returns nil on success or appropriate error code.
+// Equivalent to: `rdma system set netns { shared | exclusive }'
+func RdmaSystemSetNetnsMode(NewMode string) error {
+	return pkgHandle.RdmaSystemSetNetnsMode(NewMode)
+}
+
+// RdmaSystemSetNetnsMode sets the net namespace mode for RDMA subsystem
+// Returns nil on success or appropriate error code.
+// Equivalent to: `rdma system set netns { shared | exclusive }'
+func (h *Handle) RdmaSystemSetNetnsMode(NewMode string) error {
+	value, err := netnsModeStringToUint8(NewMode)
+	if err != nil {
+		return err
+	}
+
+	proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_SYS_SET)
+	req := h.newNetlinkRequest(proto, unix.NLM_F_ACK)
+
+	data := nl.NewRtAttr(nl.RDMA_NLDEV_SYS_ATTR_NETNS_MODE, []byte{value})
+	req.AddData(data)
+
+	_, err = req.Execute(unix.NETLINK_RDMA, 0)
+	return err
+}
+
+// RdmaLinkSetNsFd puts the RDMA device into a new network namespace. The
+// fd must be an open file descriptor to a network namespace.
+// Similar to: `rdma dev set $dev netns $ns`
+func RdmaLinkSetNsFd(link *RdmaLink, fd uint32) error {
+	return pkgHandle.RdmaLinkSetNsFd(link, fd)
+}
+
+// RdmaLinkSetNsFd puts the RDMA device into a new network namespace. The
+// fd must be an open file descriptor to a network namespace.
+// Similar to: `rdma dev set $dev netns $ns`
+func (h *Handle) RdmaLinkSetNsFd(link *RdmaLink, fd uint32) error {
+	proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_SET)
+	req := h.newNetlinkRequest(proto, unix.NLM_F_ACK)
+
+	data := nl.NewRtAttr(nl.RDMA_NLDEV_ATTR_DEV_INDEX,
+		nl.Uint32Attr(link.Attrs.Index))
+	req.AddData(data)
+
+	data = nl.NewRtAttr(nl.RDMA_NLDEV_NET_NS_FD, nl.Uint32Attr(fd))
+	req.AddData(data)
+
+	return execRdmaSetLink(req)
+}
diff --git a/vendor/github.com/vishvananda/netlink/route.go b/vendor/github.com/vishvananda/netlink/route.go
index 68c6a2230d25d..58ff1af600fb3 100644
--- a/vendor/github.com/vishvananda/netlink/route.go
+++ b/vendor/github.com/vishvananda/netlink/route.go
@@ -45,6 +45,9 @@ type Route struct {
 	MPLSDst    *int
 	NewDst     Destination
 	Encap      Encap
+	MTU        int
+	AdvMSS     int
+	Hoplimit   int
 }
 
 func (r Route) String() string {
@@ -87,6 +90,7 @@ func (r Route) Equal(x Route) bool {
 		r.Table == x.Table &&
 		r.Type == x.Type &&
 		r.Tos == x.Tos &&
+		r.Hoplimit == x.Hoplimit &&
 		r.Flags == x.Flags &&
 		(r.MPLSDst == x.MPLSDst || (r.MPLSDst != nil && x.MPLSDst != nil && *r.MPLSDst == *x.MPLSDst)) &&
 		(r.NewDst == x.NewDst || (r.NewDst != nil && r.NewDst.Equal(x.NewDst))) &&
diff --git a/vendor/github.com/vishvananda/netlink/route_linux.go b/vendor/github.com/vishvananda/netlink/route_linux.go
index 9234c6986da2e..c69c595ed3c88 100644
--- a/vendor/github.com/vishvananda/netlink/route_linux.go
+++ b/vendor/github.com/vishvananda/netlink/route_linux.go
@@ -8,16 +8,17 @@ import (
 
 	"github.com/vishvananda/netlink/nl"
 	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 // RtAttr is shared so it is in netlink_linux.go
 
 const (
-	SCOPE_UNIVERSE Scope = syscall.RT_SCOPE_UNIVERSE
-	SCOPE_SITE     Scope = syscall.RT_SCOPE_SITE
-	SCOPE_LINK     Scope = syscall.RT_SCOPE_LINK
-	SCOPE_HOST     Scope = syscall.RT_SCOPE_HOST
-	SCOPE_NOWHERE  Scope = syscall.RT_SCOPE_NOWHERE
+	SCOPE_UNIVERSE Scope = unix.RT_SCOPE_UNIVERSE
+	SCOPE_SITE     Scope = unix.RT_SCOPE_SITE
+	SCOPE_LINK     Scope = unix.RT_SCOPE_LINK
+	SCOPE_HOST     Scope = unix.RT_SCOPE_HOST
+	SCOPE_NOWHERE  Scope = unix.RT_SCOPE_NOWHERE
 )
 
 const (
@@ -31,11 +32,12 @@ const (
 	RT_FILTER_SRC
 	RT_FILTER_GW
 	RT_FILTER_TABLE
+	RT_FILTER_HOPLIMIT
 )
 
 const (
-	FLAG_ONLINK    NextHopFlag = syscall.RTNH_F_ONLINK
-	FLAG_PERVASIVE NextHopFlag = syscall.RTNH_F_PERVASIVE
+	FLAG_ONLINK    NextHopFlag = unix.RTNH_F_ONLINK
+	FLAG_PERVASIVE NextHopFlag = unix.RTNH_F_PERVASIVE
 )
 
 var testFlags = []flagString{
@@ -124,17 +126,17 @@ func (e *MPLSEncap) Type() int {
 
 func (e *MPLSEncap) Decode(buf []byte) error {
 	if len(buf) < 4 {
-		return fmt.Errorf("Lack of bytes")
+		return fmt.Errorf("lack of bytes")
 	}
 	native := nl.NativeEndian()
 	l := native.Uint16(buf)
 	if len(buf) < int(l) {
-		return fmt.Errorf("Lack of bytes")
+		return fmt.Errorf("lack of bytes")
 	}
 	buf = buf[:l]
 	typ := native.Uint16(buf[2:])
 	if typ != nl.MPLS_IPTUNNEL_DST {
-		return fmt.Errorf("Unknown MPLS Encap Type: %d", typ)
+		return fmt.Errorf("unknown MPLS Encap Type: %d", typ)
 	}
 	e.Labels = nl.DecodeMPLSStack(buf[4:])
 	return nil
@@ -185,6 +187,262 @@ func (e *MPLSEncap) Equal(x Encap) bool {
 	return true
 }
 
+// SEG6 definitions
+type SEG6Encap struct {
+	Mode     int
+	Segments []net.IP
+}
+
+func (e *SEG6Encap) Type() int {
+	return nl.LWTUNNEL_ENCAP_SEG6
+}
+func (e *SEG6Encap) Decode(buf []byte) error {
+	if len(buf) < 4 {
+		return fmt.Errorf("lack of bytes")
+	}
+	native := nl.NativeEndian()
+	// Get Length(l) & Type(typ) : 2 + 2 bytes
+	l := native.Uint16(buf)
+	if len(buf) < int(l) {
+		return fmt.Errorf("lack of bytes")
+	}
+	buf = buf[:l] // make sure buf size upper limit is Length
+	typ := native.Uint16(buf[2:])
+	// LWTUNNEL_ENCAP_SEG6 has only one attr type SEG6_IPTUNNEL_SRH
+	if typ != nl.SEG6_IPTUNNEL_SRH {
+		return fmt.Errorf("unknown SEG6 Type: %d", typ)
+	}
+
+	var err error
+	e.Mode, e.Segments, err = nl.DecodeSEG6Encap(buf[4:])
+
+	return err
+}
+func (e *SEG6Encap) Encode() ([]byte, error) {
+	s, err := nl.EncodeSEG6Encap(e.Mode, e.Segments)
+	native := nl.NativeEndian()
+	hdr := make([]byte, 4)
+	native.PutUint16(hdr, uint16(len(s)+4))
+	native.PutUint16(hdr[2:], nl.SEG6_IPTUNNEL_SRH)
+	return append(hdr, s...), err
+}
+func (e *SEG6Encap) String() string {
+	segs := make([]string, 0, len(e.Segments))
+	// append segment backwards (from n to 0) since seg#0 is the last segment.
+	for i := len(e.Segments); i > 0; i-- {
+		segs = append(segs, fmt.Sprintf("%s", e.Segments[i-1]))
+	}
+	str := fmt.Sprintf("mode %s segs %d [ %s ]", nl.SEG6EncapModeString(e.Mode),
+		len(e.Segments), strings.Join(segs, " "))
+	return str
+}
+func (e *SEG6Encap) Equal(x Encap) bool {
+	o, ok := x.(*SEG6Encap)
+	if !ok {
+		return false
+	}
+	if e == o {
+		return true
+	}
+	if e == nil || o == nil {
+		return false
+	}
+	if e.Mode != o.Mode {
+		return false
+	}
+	if len(e.Segments) != len(o.Segments) {
+		return false
+	}
+	for i := range e.Segments {
+		if !e.Segments[i].Equal(o.Segments[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+// SEG6LocalEncap definitions
+type SEG6LocalEncap struct {
+	Flags    [nl.SEG6_LOCAL_MAX]bool
+	Action   int
+	Segments []net.IP // from SRH in seg6_local_lwt
+	Table    int      // table id for End.T and End.DT6
+	InAddr   net.IP
+	In6Addr  net.IP
+	Iif      int
+	Oif      int
+}
+
+func (e *SEG6LocalEncap) Type() int {
+	return nl.LWTUNNEL_ENCAP_SEG6_LOCAL
+}
+func (e *SEG6LocalEncap) Decode(buf []byte) error {
+	attrs, err := nl.ParseRouteAttr(buf)
+	if err != nil {
+		return err
+	}
+	native := nl.NativeEndian()
+	for _, attr := range attrs {
+		switch attr.Attr.Type {
+		case nl.SEG6_LOCAL_ACTION:
+			e.Action = int(native.Uint32(attr.Value[0:4]))
+			e.Flags[nl.SEG6_LOCAL_ACTION] = true
+		case nl.SEG6_LOCAL_SRH:
+			e.Segments, err = nl.DecodeSEG6Srh(attr.Value[:])
+			e.Flags[nl.SEG6_LOCAL_SRH] = true
+		case nl.SEG6_LOCAL_TABLE:
+			e.Table = int(native.Uint32(attr.Value[0:4]))
+			e.Flags[nl.SEG6_LOCAL_TABLE] = true
+		case nl.SEG6_LOCAL_NH4:
+			e.InAddr = net.IP(attr.Value[0:4])
+			e.Flags[nl.SEG6_LOCAL_NH4] = true
+		case nl.SEG6_LOCAL_NH6:
+			e.In6Addr = net.IP(attr.Value[0:16])
+			e.Flags[nl.SEG6_LOCAL_NH6] = true
+		case nl.SEG6_LOCAL_IIF:
+			e.Iif = int(native.Uint32(attr.Value[0:4]))
+			e.Flags[nl.SEG6_LOCAL_IIF] = true
+		case nl.SEG6_LOCAL_OIF:
+			e.Oif = int(native.Uint32(attr.Value[0:4]))
+			e.Flags[nl.SEG6_LOCAL_OIF] = true
+		}
+	}
+	return err
+}
+func (e *SEG6LocalEncap) Encode() ([]byte, error) {
+	var err error
+	native := nl.NativeEndian()
+	res := make([]byte, 8)
+	native.PutUint16(res, 8) // length
+	native.PutUint16(res[2:], nl.SEG6_LOCAL_ACTION)
+	native.PutUint32(res[4:], uint32(e.Action))
+	if e.Flags[nl.SEG6_LOCAL_SRH] {
+		srh, err := nl.EncodeSEG6Srh(e.Segments)
+		if err != nil {
+			return nil, err
+		}
+		attr := make([]byte, 4)
+		native.PutUint16(attr, uint16(len(srh)+4))
+		native.PutUint16(attr[2:], nl.SEG6_LOCAL_SRH)
+		attr = append(attr, srh...)
+		res = append(res, attr...)
+	}
+	if e.Flags[nl.SEG6_LOCAL_TABLE] {
+		attr := make([]byte, 8)
+		native.PutUint16(attr, 8)
+		native.PutUint16(attr[2:], nl.SEG6_LOCAL_TABLE)
+		native.PutUint32(attr[4:], uint32(e.Table))
+		res = append(res, attr...)
+	}
+	if e.Flags[nl.SEG6_LOCAL_NH4] {
+		attr := make([]byte, 4)
+		native.PutUint16(attr, 8)
+		native.PutUint16(attr[2:], nl.SEG6_LOCAL_NH4)
+		ipv4 := e.InAddr.To4()
+		if ipv4 == nil {
+			err = fmt.Errorf("SEG6_LOCAL_NH4 has invalid IPv4 address")
+			return nil, err
+		}
+		attr = append(attr, ipv4...)
+		res = append(res, attr...)
+	}
+	if e.Flags[nl.SEG6_LOCAL_NH6] {
+		attr := make([]byte, 4)
+		native.PutUint16(attr, 20)
+		native.PutUint16(attr[2:], nl.SEG6_LOCAL_NH6)
+		attr = append(attr, e.In6Addr...)
+		res = append(res, attr...)
+	}
+	if e.Flags[nl.SEG6_LOCAL_IIF] {
+		attr := make([]byte, 8)
+		native.PutUint16(attr, 8)
+		native.PutUint16(attr[2:], nl.SEG6_LOCAL_IIF)
+		native.PutUint32(attr[4:], uint32(e.Iif))
+		res = append(res, attr...)
+	}
+	if e.Flags[nl.SEG6_LOCAL_OIF] {
+		attr := make([]byte, 8)
+		native.PutUint16(attr, 8)
+		native.PutUint16(attr[2:], nl.SEG6_LOCAL_OIF)
+		native.PutUint32(attr[4:], uint32(e.Oif))
+		res = append(res, attr...)
+	}
+	return res, err
+}
+func (e *SEG6LocalEncap) String() string {
+	strs := make([]string, 0, nl.SEG6_LOCAL_MAX)
+	strs = append(strs, fmt.Sprintf("action %s", nl.SEG6LocalActionString(e.Action)))
+
+	if e.Flags[nl.SEG6_LOCAL_TABLE] {
+		strs = append(strs, fmt.Sprintf("table %d", e.Table))
+	}
+	if e.Flags[nl.SEG6_LOCAL_NH4] {
+		strs = append(strs, fmt.Sprintf("nh4 %s", e.InAddr))
+	}
+	if e.Flags[nl.SEG6_LOCAL_NH6] {
+		strs = append(strs, fmt.Sprintf("nh6 %s", e.In6Addr))
+	}
+	if e.Flags[nl.SEG6_LOCAL_IIF] {
+		link, err := LinkByIndex(e.Iif)
+		if err != nil {
+			strs = append(strs, fmt.Sprintf("iif %d", e.Iif))
+		} else {
+			strs = append(strs, fmt.Sprintf("iif %s", link.Attrs().Name))
+		}
+	}
+	if e.Flags[nl.SEG6_LOCAL_OIF] {
+		link, err := LinkByIndex(e.Oif)
+		if err != nil {
+			strs = append(strs, fmt.Sprintf("oif %d", e.Oif))
+		} else {
+			strs = append(strs, fmt.Sprintf("oif %s", link.Attrs().Name))
+		}
+	}
+	if e.Flags[nl.SEG6_LOCAL_SRH] {
+		segs := make([]string, 0, len(e.Segments))
+		//append segment backwards (from n to 0) since seg#0 is the last segment.
+		for i := len(e.Segments); i > 0; i-- {
+			segs = append(segs, fmt.Sprintf("%s", e.Segments[i-1]))
+		}
+		strs = append(strs, fmt.Sprintf("segs %d [ %s ]", len(e.Segments), strings.Join(segs, " ")))
+	}
+	return strings.Join(strs, " ")
+}
+func (e *SEG6LocalEncap) Equal(x Encap) bool {
+	o, ok := x.(*SEG6LocalEncap)
+	if !ok {
+		return false
+	}
+	if e == o {
+		return true
+	}
+	if e == nil || o == nil {
+		return false
+	}
+	// compare all arrays first
+	for i := range e.Flags {
+		if e.Flags[i] != o.Flags[i] {
+			return false
+		}
+	}
+	if len(e.Segments) != len(o.Segments) {
+		return false
+	}
+	for i := range e.Segments {
+		if !e.Segments[i].Equal(o.Segments[i]) {
+			return false
+		}
+	}
+	// compare values
+	if !e.InAddr.Equal(o.InAddr) || !e.In6Addr.Equal(o.In6Addr) {
+		return false
+	}
+	if e.Action != o.Action || e.Table != o.Table || e.Iif != o.Iif || e.Oif != o.Oif {
+		return false
+	}
+	return true
+}
+
 // RouteAdd will add a route to the system.
 // Equivalent to: `ip route add $route`
 func RouteAdd(route *Route) error {
@@ -194,8 +452,8 @@ func RouteAdd(route *Route) error {
 // RouteAdd will add a route to the system.
 // Equivalent to: `ip route add $route`
 func (h *Handle) RouteAdd(route *Route) error {
-	flags := syscall.NLM_F_CREATE | syscall.NLM_F_EXCL | syscall.NLM_F_ACK
-	req := h.newNetlinkRequest(syscall.RTM_NEWROUTE, flags)
+	flags := unix.NLM_F_CREATE | unix.NLM_F_EXCL | unix.NLM_F_ACK
+	req := h.newNetlinkRequest(unix.RTM_NEWROUTE, flags)
 	return h.routeHandle(route, req, nl.NewRtMsg())
 }
 
@@ -208,8 +466,8 @@ func RouteReplace(route *Route) error {
 // RouteReplace will add a route to the system.
 // Equivalent to: `ip route replace $route`
 func (h *Handle) RouteReplace(route *Route) error {
-	flags := syscall.NLM_F_CREATE | syscall.NLM_F_REPLACE | syscall.NLM_F_ACK
-	req := h.newNetlinkRequest(syscall.RTM_NEWROUTE, flags)
+	flags := unix.NLM_F_CREATE | unix.NLM_F_REPLACE | unix.NLM_F_ACK
+	req := h.newNetlinkRequest(unix.RTM_NEWROUTE, flags)
 	return h.routeHandle(route, req, nl.NewRtMsg())
 }
 
@@ -222,7 +480,7 @@ func RouteDel(route *Route) error {
 // RouteDel will delete a route from the system.
 // Equivalent to: `ip route del $route`
 func (h *Handle) RouteDel(route *Route) error {
-	req := h.newNetlinkRequest(syscall.RTM_DELROUTE, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_DELROUTE, unix.NLM_F_ACK)
 	return h.routeHandle(route, req, nl.NewRtDelMsg())
 }
 
@@ -245,12 +503,12 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 		} else {
 			dstData = route.Dst.IP.To16()
 		}
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_DST, dstData))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_DST, dstData))
 	} else if route.MPLSDst != nil {
 		family = nl.FAMILY_MPLS
 		msg.Dst_len = uint8(20)
-		msg.Type = syscall.RTN_UNICAST
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_DST, nl.EncodeMPLSStack(*route.MPLSDst)))
+		msg.Type = unix.RTN_UNICAST
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_DST, nl.EncodeMPLSStack(*route.MPLSDst)))
 	}
 
 	if route.NewDst != nil {
@@ -261,18 +519,18 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 		if err != nil {
 			return err
 		}
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(nl.RTA_NEWDST, buf))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_NEWDST, buf))
 	}
 
 	if route.Encap != nil {
 		buf := make([]byte, 2)
 		native.PutUint16(buf, uint16(route.Encap.Type()))
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(nl.RTA_ENCAP_TYPE, buf))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_ENCAP_TYPE, buf))
 		buf, err := route.Encap.Encode()
 		if err != nil {
 			return err
 		}
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(nl.RTA_ENCAP, buf))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_ENCAP, buf))
 	}
 
 	if route.Src != nil {
@@ -288,7 +546,7 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 			srcData = route.Src.To16()
 		}
 		// The commonly used src ip for routes is actually PREFSRC
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_PREFSRC, srcData))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_PREFSRC, srcData))
 	}
 
 	if route.Gw != nil {
@@ -303,14 +561,14 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 		} else {
 			gwData = route.Gw.To16()
 		}
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_GATEWAY, gwData))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_GATEWAY, gwData))
 	}
 
 	if len(route.MultiPath) > 0 {
 		buf := []byte{}
 		for _, nh := range route.MultiPath {
 			rtnh := &nl.RtNexthop{
-				RtNexthop: syscall.RtNexthop{
+				RtNexthop: unix.RtNexthop{
 					Hops:    uint8(nh.Hops),
 					Ifindex: int32(nh.LinkIndex),
 					Flags:   uint8(nh.Flags),
@@ -323,9 +581,9 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 					return fmt.Errorf("gateway, source, and destination ip are not the same IP family")
 				}
 				if gwFamily == FAMILY_V4 {
-					children = append(children, nl.NewRtAttr(syscall.RTA_GATEWAY, []byte(nh.Gw.To4())))
+					children = append(children, nl.NewRtAttr(unix.RTA_GATEWAY, []byte(nh.Gw.To4())))
 				} else {
-					children = append(children, nl.NewRtAttr(syscall.RTA_GATEWAY, []byte(nh.Gw.To16())))
+					children = append(children, nl.NewRtAttr(unix.RTA_GATEWAY, []byte(nh.Gw.To16())))
 				}
 			}
 			if nh.NewDst != nil {
@@ -336,30 +594,30 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 				if err != nil {
 					return err
 				}
-				children = append(children, nl.NewRtAttr(nl.RTA_NEWDST, buf))
+				children = append(children, nl.NewRtAttr(unix.RTA_NEWDST, buf))
 			}
 			if nh.Encap != nil {
 				buf := make([]byte, 2)
 				native.PutUint16(buf, uint16(nh.Encap.Type()))
-				rtAttrs = append(rtAttrs, nl.NewRtAttr(nl.RTA_ENCAP_TYPE, buf))
+				children = append(children, nl.NewRtAttr(unix.RTA_ENCAP_TYPE, buf))
 				buf, err := nh.Encap.Encode()
 				if err != nil {
 					return err
 				}
-				children = append(children, nl.NewRtAttr(nl.RTA_ENCAP, buf))
+				children = append(children, nl.NewRtAttr(unix.RTA_ENCAP, buf))
 			}
 			rtnh.Children = children
 			buf = append(buf, rtnh.Serialize()...)
 		}
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_MULTIPATH, buf))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_MULTIPATH, buf))
 	}
 
 	if route.Table > 0 {
 		if route.Table >= 256 {
-			msg.Table = syscall.RT_TABLE_UNSPEC
+			msg.Table = unix.RT_TABLE_UNSPEC
 			b := make([]byte, 4)
 			native.PutUint32(b, uint32(route.Table))
-			rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_TABLE, b))
+			rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_TABLE, b))
 		} else {
 			msg.Table = uint8(route.Table)
 		}
@@ -368,7 +626,7 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 	if route.Priority > 0 {
 		b := make([]byte, 4)
 		native.PutUint32(b, uint32(route.Priority))
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_PRIORITY, b))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_PRIORITY, b))
 	}
 	if route.Tos > 0 {
 		msg.Tos = uint8(route.Tos)
@@ -380,6 +638,29 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 		msg.Type = uint8(route.Type)
 	}
 
+	var metrics []*nl.RtAttr
+	// TODO: support other rta_metric values
+	if route.MTU > 0 {
+		b := nl.Uint32Attr(uint32(route.MTU))
+		metrics = append(metrics, nl.NewRtAttr(unix.RTAX_MTU, b))
+	}
+	if route.AdvMSS > 0 {
+		b := nl.Uint32Attr(uint32(route.AdvMSS))
+		metrics = append(metrics, nl.NewRtAttr(unix.RTAX_ADVMSS, b))
+	}
+	if route.Hoplimit > 0 {
+		b := nl.Uint32Attr(uint32(route.Hoplimit))
+		metrics = append(metrics, nl.NewRtAttr(unix.RTAX_HOPLIMIT, b))
+	}
+
+	if metrics != nil {
+		attr := nl.NewRtAttr(unix.RTA_METRICS, nil)
+		for _, metric := range metrics {
+			attr.AddChild(metric)
+		}
+		rtAttrs = append(rtAttrs, attr)
+	}
+
 	msg.Flags = uint32(route.Flags)
 	msg.Scope = uint8(route.Scope)
 	msg.Family = uint8(family)
@@ -394,9 +675,9 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
 	)
 	native.PutUint32(b, uint32(route.LinkIndex))
 
-	req.AddData(nl.NewRtAttr(syscall.RTA_OIF, b))
+	req.AddData(nl.NewRtAttr(unix.RTA_OIF, b))
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -429,11 +710,11 @@ func RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, e
 // RouteListFiltered gets a list of routes in the system filtered with specified rules.
 // All rules must be defined in RouteFilter struct
 func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETROUTE, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(unix.RTM_GETROUTE, unix.NLM_F_DUMP)
 	infmsg := nl.NewIfInfomsg(family)
 	req.AddData(infmsg)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWROUTE)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWROUTE)
 	if err != nil {
 		return nil, err
 	}
@@ -441,11 +722,11 @@ func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64)
 	var res []Route
 	for _, m := range msgs {
 		msg := nl.DeserializeRtMsg(m)
-		if msg.Flags&syscall.RTM_F_CLONED != 0 {
+		if msg.Flags&unix.RTM_F_CLONED != 0 {
 			// Ignore cloned routes
 			continue
 		}
-		if msg.Table != syscall.RT_TABLE_MAIN {
+		if msg.Table != unix.RT_TABLE_MAIN {
 			if filter == nil || filter != nil && filterMask&RT_FILTER_TABLE == 0 {
 				// Ignore non-main tables
 				continue
@@ -457,7 +738,7 @@ func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64)
 		}
 		if filter != nil {
 			switch {
-			case filterMask&RT_FILTER_TABLE != 0 && filter.Table != syscall.RT_TABLE_UNSPEC && route.Table != filter.Table:
+			case filterMask&RT_FILTER_TABLE != 0 && filter.Table != unix.RT_TABLE_UNSPEC && route.Table != filter.Table:
 				continue
 			case filterMask&RT_FILTER_PROTOCOL != 0 && route.Protocol != filter.Protocol:
 				continue
@@ -481,6 +762,8 @@ func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64)
 						continue
 					}
 				}
+			case filterMask&RT_FILTER_HOPLIMIT != 0 && route.Hoplimit != filter.Hoplimit:
+				continue
 			}
 		}
 		res = append(res, route)
@@ -508,11 +791,11 @@ func deserializeRoute(m []byte) (Route, error) {
 	var encap, encapType syscall.NetlinkRouteAttr
 	for _, attr := range attrs {
 		switch attr.Attr.Type {
-		case syscall.RTA_GATEWAY:
+		case unix.RTA_GATEWAY:
 			route.Gw = net.IP(attr.Value)
-		case syscall.RTA_PREFSRC:
+		case unix.RTA_PREFSRC:
 			route.Src = net.IP(attr.Value)
-		case syscall.RTA_DST:
+		case unix.RTA_DST:
 			if msg.Family == nl.FAMILY_MPLS {
 				stack := nl.DecodeMPLSStack(attr.Value)
 				if len(stack) == 0 || len(stack) > 1 {
@@ -525,38 +808,38 @@ func deserializeRoute(m []byte) (Route, error) {
 					Mask: net.CIDRMask(int(msg.Dst_len), 8*len(attr.Value)),
 				}
 			}
-		case syscall.RTA_OIF:
+		case unix.RTA_OIF:
 			route.LinkIndex = int(native.Uint32(attr.Value[0:4]))
-		case syscall.RTA_IIF:
+		case unix.RTA_IIF:
 			route.ILinkIndex = int(native.Uint32(attr.Value[0:4]))
-		case syscall.RTA_PRIORITY:
+		case unix.RTA_PRIORITY:
 			route.Priority = int(native.Uint32(attr.Value[0:4]))
-		case syscall.RTA_TABLE:
+		case unix.RTA_TABLE:
 			route.Table = int(native.Uint32(attr.Value[0:4]))
-		case syscall.RTA_MULTIPATH:
+		case unix.RTA_MULTIPATH:
 			parseRtNexthop := func(value []byte) (*NexthopInfo, []byte, error) {
-				if len(value) < syscall.SizeofRtNexthop {
-					return nil, nil, fmt.Errorf("Lack of bytes")
+				if len(value) < unix.SizeofRtNexthop {
+					return nil, nil, fmt.Errorf("lack of bytes")
 				}
 				nh := nl.DeserializeRtNexthop(value)
 				if len(value) < int(nh.RtNexthop.Len) {
-					return nil, nil, fmt.Errorf("Lack of bytes")
+					return nil, nil, fmt.Errorf("lack of bytes")
 				}
 				info := &NexthopInfo{
 					LinkIndex: int(nh.RtNexthop.Ifindex),
 					Hops:      int(nh.RtNexthop.Hops),
 					Flags:     int(nh.RtNexthop.Flags),
 				}
-				attrs, err := nl.ParseRouteAttr(value[syscall.SizeofRtNexthop:int(nh.RtNexthop.Len)])
+				attrs, err := nl.ParseRouteAttr(value[unix.SizeofRtNexthop:int(nh.RtNexthop.Len)])
 				if err != nil {
 					return nil, nil, err
 				}
 				var encap, encapType syscall.NetlinkRouteAttr
 				for _, attr := range attrs {
 					switch attr.Attr.Type {
-					case syscall.RTA_GATEWAY:
+					case unix.RTA_GATEWAY:
 						info.Gw = net.IP(attr.Value)
-					case nl.RTA_NEWDST:
+					case unix.RTA_NEWDST:
 						var d Destination
 						switch msg.Family {
 						case nl.FAMILY_MPLS:
@@ -566,9 +849,9 @@ func deserializeRoute(m []byte) (Route, error) {
 							return nil, nil, err
 						}
 						info.NewDst = d
-					case nl.RTA_ENCAP_TYPE:
+					case unix.RTA_ENCAP_TYPE:
 						encapType = attr
-					case nl.RTA_ENCAP:
+					case unix.RTA_ENCAP:
 						encap = attr
 					}
 				}
@@ -597,7 +880,7 @@ func deserializeRoute(m []byte) (Route, error) {
 				route.MultiPath = append(route.MultiPath, info)
 				rest = buf
 			}
-		case nl.RTA_NEWDST:
+		case unix.RTA_NEWDST:
 			var d Destination
 			switch msg.Family {
 			case nl.FAMILY_MPLS:
@@ -607,10 +890,25 @@ func deserializeRoute(m []byte) (Route, error) {
 				return route, err
 			}
 			route.NewDst = d
-		case nl.RTA_ENCAP_TYPE:
+		case unix.RTA_ENCAP_TYPE:
 			encapType = attr
-		case nl.RTA_ENCAP:
+		case unix.RTA_ENCAP:
 			encap = attr
+		case unix.RTA_METRICS:
+			metrics, err := nl.ParseRouteAttr(attr.Value)
+			if err != nil {
+				return route, err
+			}
+			for _, metric := range metrics {
+				switch metric.Attr.Type {
+				case unix.RTAX_MTU:
+					route.MTU = int(native.Uint32(metric.Value[0:4]))
+				case unix.RTAX_ADVMSS:
+					route.AdvMSS = int(native.Uint32(metric.Value[0:4]))
+				case unix.RTAX_HOPLIMIT:
+					route.Hoplimit = int(native.Uint32(metric.Value[0:4]))
+				}
+			}
 		}
 	}
 
@@ -623,6 +921,16 @@ func deserializeRoute(m []byte) (Route, error) {
 			if err := e.Decode(encap.Value); err != nil {
 				return route, err
 			}
+		case nl.LWTUNNEL_ENCAP_SEG6:
+			e = &SEG6Encap{}
+			if err := e.Decode(encap.Value); err != nil {
+				return route, err
+			}
+		case nl.LWTUNNEL_ENCAP_SEG6_LOCAL:
+			e = &SEG6LocalEncap{}
+			if err := e.Decode(encap.Value); err != nil {
+				return route, err
+			}
 		}
 		route.Encap = e
 	}
@@ -639,7 +947,7 @@ func RouteGet(destination net.IP) ([]Route, error) {
 // RouteGet gets a route to a specific destination from the host system.
 // Equivalent to: 'ip route get'.
 func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETROUTE, syscall.NLM_F_REQUEST)
+	req := h.newNetlinkRequest(unix.RTM_GETROUTE, unix.NLM_F_REQUEST)
 	family := nl.GetIPFamily(destination)
 	var destinationData []byte
 	var bitlen uint8
@@ -655,10 +963,10 @@ func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
 	msg.Dst_len = bitlen
 	req.AddData(msg)
 
-	rtaDst := nl.NewRtAttr(syscall.RTA_DST, destinationData)
+	rtaDst := nl.NewRtAttr(unix.RTA_DST, destinationData)
 	req.AddData(rtaDst)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWROUTE)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWROUTE)
 	if err != nil {
 		return nil, err
 	}
@@ -678,13 +986,13 @@ func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
 // RouteSubscribe takes a chan down which notifications will be sent
 // when routes are added or deleted. Close the 'done' chan to stop subscription.
 func RouteSubscribe(ch chan<- RouteUpdate, done <-chan struct{}) error {
-	return routeSubscribeAt(netns.None(), netns.None(), ch, done, nil)
+	return routeSubscribeAt(netns.None(), netns.None(), ch, done, nil, false)
 }
 
 // RouteSubscribeAt works like RouteSubscribe plus it allows the caller
 // to choose the network namespace in which to subscribe (ns).
 func RouteSubscribeAt(ns netns.NsHandle, ch chan<- RouteUpdate, done <-chan struct{}) error {
-	return routeSubscribeAt(ns, netns.None(), ch, done, nil)
+	return routeSubscribeAt(ns, netns.None(), ch, done, nil, false)
 }
 
 // RouteSubscribeOptions contains a set of options to use with
@@ -692,6 +1000,7 @@ func RouteSubscribeAt(ns netns.NsHandle, ch chan<- RouteUpdate, done <-chan stru
 type RouteSubscribeOptions struct {
 	Namespace     *netns.NsHandle
 	ErrorCallback func(error)
+	ListExisting  bool
 }
 
 // RouteSubscribeWithOptions work like RouteSubscribe but enable to
@@ -702,11 +1011,11 @@ func RouteSubscribeWithOptions(ch chan<- RouteUpdate, done <-chan struct{}, opti
 		none := netns.None()
 		options.Namespace = &none
 	}
-	return routeSubscribeAt(*options.Namespace, netns.None(), ch, done, options.ErrorCallback)
+	return routeSubscribeAt(*options.Namespace, netns.None(), ch, done, options.ErrorCallback, options.ListExisting)
 }
 
-func routeSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- RouteUpdate, done <-chan struct{}, cberr func(error)) error {
-	s, err := nl.SubscribeAt(newNs, curNs, syscall.NETLINK_ROUTE, syscall.RTNLGRP_IPV4_ROUTE, syscall.RTNLGRP_IPV6_ROUTE)
+func routeSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- RouteUpdate, done <-chan struct{}, cberr func(error), listExisting bool) error {
+	s, err := nl.SubscribeAt(newNs, curNs, unix.NETLINK_ROUTE, unix.RTNLGRP_IPV4_ROUTE, unix.RTNLGRP_IPV6_ROUTE)
 	if err != nil {
 		return err
 	}
@@ -716,17 +1025,46 @@ func routeSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- RouteUpdate, done <
 			s.Close()
 		}()
 	}
+	if listExisting {
+		req := pkgHandle.newNetlinkRequest(unix.RTM_GETROUTE,
+			unix.NLM_F_DUMP)
+		infmsg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+		req.AddData(infmsg)
+		if err := s.Send(req); err != nil {
+			return err
+		}
+	}
 	go func() {
 		defer close(ch)
 		for {
-			msgs, err := s.Receive()
+			msgs, from, err := s.Receive()
 			if err != nil {
 				if cberr != nil {
 					cberr(err)
 				}
 				return
 			}
+			if from.Pid != nl.PidKernel {
+				if cberr != nil {
+					cberr(fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel))
+				}
+				continue
+			}
 			for _, m := range msgs {
+				if m.Header.Type == unix.NLMSG_DONE {
+					continue
+				}
+				if m.Header.Type == unix.NLMSG_ERROR {
+					native := nl.NativeEndian()
+					error := int32(native.Uint32(m.Data[0:4]))
+					if error == 0 {
+						continue
+					}
+					if cberr != nil {
+						cberr(syscall.Errno(-error))
+					}
+					return
+				}
 				route, err := deserializeRoute(m.Data)
 				if err != nil {
 					if cberr != nil {
diff --git a/vendor/github.com/vishvananda/netlink/rule.go b/vendor/github.com/vishvananda/netlink/rule.go
index e4d9168d6c0a8..7fc8ae5df15e9 100644
--- a/vendor/github.com/vishvananda/netlink/rule.go
+++ b/vendor/github.com/vishvananda/netlink/rule.go
@@ -21,6 +21,7 @@ type Rule struct {
 	OifName           string
 	SuppressIfgroup   int
 	SuppressPrefixlen int
+	Invert            bool
 }
 
 func (r Rule) String() string {
diff --git a/vendor/github.com/vishvananda/netlink/rule_linux.go b/vendor/github.com/vishvananda/netlink/rule_linux.go
index cbd91a56bb33f..e12569fe45c17 100644
--- a/vendor/github.com/vishvananda/netlink/rule_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rule_linux.go
@@ -3,11 +3,13 @@ package netlink
 import (
 	"fmt"
 	"net"
-	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
+const FibRuleInvert = 0x2
+
 // RuleAdd adds a rule to the system.
 // Equivalent to: ip rule add
 func RuleAdd(rule *Rule) error {
@@ -17,7 +19,7 @@ func RuleAdd(rule *Rule) error {
 // RuleAdd adds a rule to the system.
 // Equivalent to: ip rule add
 func (h *Handle) RuleAdd(rule *Rule) error {
-	req := h.newNetlinkRequest(syscall.RTM_NEWRULE, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_NEWRULE, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
 	return ruleHandle(rule, req)
 }
 
@@ -30,18 +32,31 @@ func RuleDel(rule *Rule) error {
 // RuleDel deletes a rule from the system.
 // Equivalent to: ip rule del
 func (h *Handle) RuleDel(rule *Rule) error {
-	req := h.newNetlinkRequest(syscall.RTM_DELRULE, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(unix.RTM_DELRULE, unix.NLM_F_ACK)
 	return ruleHandle(rule, req)
 }
 
 func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
 	msg := nl.NewRtMsg()
-	msg.Family = syscall.AF_INET
+	msg.Family = unix.AF_INET
+	msg.Protocol = unix.RTPROT_BOOT
+	msg.Scope = unix.RT_SCOPE_UNIVERSE
+	msg.Table = unix.RT_TABLE_UNSPEC
+	msg.Type = unix.RTN_UNSPEC
+	if req.NlMsghdr.Flags&unix.NLM_F_CREATE > 0 {
+		msg.Type = unix.RTN_UNICAST
+	}
+	if rule.Invert {
+		msg.Flags |= FibRuleInvert
+	}
 	if rule.Family != 0 {
 		msg.Family = uint8(rule.Family)
 	}
-	var dstFamily uint8
+	if rule.Table >= 0 && rule.Table < 256 {
+		msg.Table = uint8(rule.Table)
+	}
 
+	var dstFamily uint8
 	var rtAttrs []*nl.RtAttr
 	if rule.Dst != nil && rule.Dst.IP != nil {
 		dstLen, _ := rule.Dst.Mask.Size()
@@ -49,12 +64,12 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
 		msg.Family = uint8(nl.GetIPFamily(rule.Dst.IP))
 		dstFamily = msg.Family
 		var dstData []byte
-		if msg.Family == syscall.AF_INET {
+		if msg.Family == unix.AF_INET {
 			dstData = rule.Dst.IP.To4()
 		} else {
 			dstData = rule.Dst.IP.To16()
 		}
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_DST, dstData))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_DST, dstData))
 	}
 
 	if rule.Src != nil && rule.Src.IP != nil {
@@ -65,19 +80,12 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
 		srcLen, _ := rule.Src.Mask.Size()
 		msg.Src_len = uint8(srcLen)
 		var srcData []byte
-		if msg.Family == syscall.AF_INET {
+		if msg.Family == unix.AF_INET {
 			srcData = rule.Src.IP.To4()
 		} else {
 			srcData = rule.Src.IP.To16()
 		}
-		rtAttrs = append(rtAttrs, nl.NewRtAttr(syscall.RTA_SRC, srcData))
-	}
-
-	if rule.Table >= 0 {
-		msg.Table = uint8(rule.Table)
-		if rule.Table >= 256 {
-			msg.Table = syscall.RT_TABLE_UNSPEC
-		}
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_SRC, srcData))
 	}
 
 	req.AddData(msg)
@@ -136,13 +144,13 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
 		req.AddData(nl.NewRtAttr(nl.FRA_OIFNAME, []byte(rule.OifName)))
 	}
 	if rule.Goto >= 0 {
-		msg.Type = nl.FR_ACT_NOP
+		msg.Type = nl.FR_ACT_GOTO
 		b := make([]byte, 4)
 		native.PutUint32(b, uint32(rule.Goto))
 		req.AddData(nl.NewRtAttr(nl.FRA_GOTO, b))
 	}
 
-	_, err := req.Execute(syscall.NETLINK_ROUTE, 0)
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
 	return err
 }
 
@@ -155,11 +163,11 @@ func RuleList(family int) ([]Rule, error) {
 // RuleList lists rules in the system.
 // Equivalent to: ip rule list
 func (h *Handle) RuleList(family int) ([]Rule, error) {
-	req := h.newNetlinkRequest(syscall.RTM_GETRULE, syscall.NLM_F_DUMP|syscall.NLM_F_REQUEST)
+	req := h.newNetlinkRequest(unix.RTM_GETRULE, unix.NLM_F_DUMP|unix.NLM_F_REQUEST)
 	msg := nl.NewIfInfomsg(family)
 	req.AddData(msg)
 
-	msgs, err := req.Execute(syscall.NETLINK_ROUTE, syscall.RTM_NEWRULE)
+	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWRULE)
 	if err != nil {
 		return nil, err
 	}
@@ -175,9 +183,11 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
 
 		rule := NewRule()
 
+		rule.Invert = msg.Flags&FibRuleInvert > 0
+
 		for j := range attrs {
 			switch attrs[j].Attr.Type {
-			case syscall.RTA_TABLE:
+			case unix.RTA_TABLE:
 				rule.Table = int(native.Uint32(attrs[j].Value[0:4]))
 			case nl.FRA_SRC:
 				rule.Src = &net.IPNet{
diff --git a/vendor/github.com/vishvananda/netlink/socket_linux.go b/vendor/github.com/vishvananda/netlink/socket_linux.go
index b42b84f0cfe41..c4d89c17ed5a5 100644
--- a/vendor/github.com/vishvananda/netlink/socket_linux.go
+++ b/vendor/github.com/vishvananda/netlink/socket_linux.go
@@ -4,9 +4,9 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"syscall"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -123,15 +123,15 @@ func SocketGet(local, remote net.Addr) (*Socket, error) {
 		return nil, ErrNotImplemented
 	}
 
-	s, err := nl.Subscribe(syscall.NETLINK_INET_DIAG)
+	s, err := nl.Subscribe(unix.NETLINK_INET_DIAG)
 	if err != nil {
 		return nil, err
 	}
 	defer s.Close()
 	req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, 0)
 	req.AddData(&socketRequest{
-		Family:   syscall.AF_INET,
-		Protocol: syscall.IPPROTO_TCP,
+		Family:   unix.AF_INET,
+		Protocol: unix.IPPROTO_TCP,
 		ID: SocketID{
 			SourcePort:      uint16(localTCP.Port),
 			DestinationPort: uint16(remoteTCP.Port),
@@ -141,10 +141,13 @@ func SocketGet(local, remote net.Addr) (*Socket, error) {
 		},
 	})
 	s.Send(req)
-	msgs, err := s.Receive()
+	msgs, from, err := s.Receive()
 	if err != nil {
 		return nil, err
 	}
+	if from.Pid != nl.PidKernel {
+		return nil, fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel)
+	}
 	if len(msgs) == 0 {
 		return nil, errors.New("no message nor error from netlink")
 	}
diff --git a/vendor/github.com/vishvananda/netlink/xfrm.go b/vendor/github.com/vishvananda/netlink/xfrm.go
index 9962dcf7006df..02b41842e1022 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm.go
@@ -2,19 +2,20 @@ package netlink
 
 import (
 	"fmt"
-	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
 // Proto is an enum representing an ipsec protocol.
 type Proto uint8
 
 const (
-	XFRM_PROTO_ROUTE2    Proto = syscall.IPPROTO_ROUTING
-	XFRM_PROTO_ESP       Proto = syscall.IPPROTO_ESP
-	XFRM_PROTO_AH        Proto = syscall.IPPROTO_AH
-	XFRM_PROTO_HAO       Proto = syscall.IPPROTO_DSTOPTS
+	XFRM_PROTO_ROUTE2    Proto = unix.IPPROTO_ROUTING
+	XFRM_PROTO_ESP       Proto = unix.IPPROTO_ESP
+	XFRM_PROTO_AH        Proto = unix.IPPROTO_AH
+	XFRM_PROTO_HAO       Proto = unix.IPPROTO_DSTOPTS
 	XFRM_PROTO_COMP      Proto = 0x6c // NOTE not defined on darwin
-	XFRM_PROTO_IPSEC_ANY Proto = syscall.IPPROTO_RAW
+	XFRM_PROTO_IPSEC_ANY Proto = unix.IPPROTO_RAW
 )
 
 func (p Proto) String() string {
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_monitor_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_monitor_linux.go
index 7b98c9cb6d3b2..985d3a915f27f 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_monitor_linux.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_monitor_linux.go
@@ -2,11 +2,10 @@ package netlink
 
 import (
 	"fmt"
-	"syscall"
-
-	"github.com/vishvananda/netns"
 
 	"github.com/vishvananda/netlink/nl"
+	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
 )
 
 type XfrmMsg interface {
@@ -39,7 +38,7 @@ func XfrmMonitor(ch chan<- XfrmMsg, done <-chan struct{}, errorChan chan<- error
 	if err != nil {
 		return nil
 	}
-	s, err := nl.SubscribeAt(netns.None(), netns.None(), syscall.NETLINK_XFRM, groups...)
+	s, err := nl.SubscribeAt(netns.None(), netns.None(), unix.NETLINK_XFRM, groups...)
 	if err != nil {
 		return err
 	}
@@ -55,11 +54,15 @@ func XfrmMonitor(ch chan<- XfrmMsg, done <-chan struct{}, errorChan chan<- error
 	go func() {
 		defer close(ch)
 		for {
-			msgs, err := s.Receive()
+			msgs, from, err := s.Receive()
 			if err != nil {
 				errorChan <- err
 				return
 			}
+			if from.Pid != nl.PidKernel {
+				errorChan <- fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel)
+				return
+			}
 			for _, m := range msgs {
 				switch m.Header.Type {
 				case nl.XFRM_MSG_EXPIRE:
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_policy.go b/vendor/github.com/vishvananda/netlink/xfrm_policy.go
index c97ec43a25309..6219d277258ad 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_policy.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_policy.go
@@ -35,6 +35,25 @@ func (d Dir) String() string {
 	return fmt.Sprintf("socket %d", d-XFRM_SOCKET_IN)
 }
 
+// PolicyAction is an enum representing an ipsec policy action.
+type PolicyAction uint8
+
+const (
+	XFRM_POLICY_ALLOW PolicyAction = 0
+	XFRM_POLICY_BLOCK PolicyAction = 1
+)
+
+func (a PolicyAction) String() string {
+	switch a {
+	case XFRM_POLICY_ALLOW:
+		return "allow"
+	case XFRM_POLICY_BLOCK:
+		return "block"
+	default:
+		return fmt.Sprintf("action %d", a)
+	}
+}
+
 // XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec
 // policy. These rules are matched with XfrmState to determine encryption
 // and authentication algorithms.
@@ -64,11 +83,14 @@ type XfrmPolicy struct {
 	Dir      Dir
 	Priority int
 	Index    int
+	Action   PolicyAction
+	Ifindex  int
+	Ifid     int
 	Mark     *XfrmMark
 	Tmpls    []XfrmPolicyTmpl
 }
 
 func (p XfrmPolicy) String() string {
-	return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, DstPort: %d, SrcPort: %d, Dir: %s, Priority: %d, Index: %d, Mark: %s, Tmpls: %s}",
-		p.Dst, p.Src, p.Proto, p.DstPort, p.SrcPort, p.Dir, p.Priority, p.Index, p.Mark, p.Tmpls)
+	return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, DstPort: %d, SrcPort: %d, Dir: %s, Priority: %d, Index: %d, Action: %s, Ifindex: %d, Ifid: %d, Mark: %s, Tmpls: %s}",
+		p.Dst, p.Src, p.Proto, p.DstPort, p.SrcPort, p.Dir, p.Priority, p.Index, p.Action, p.Ifindex, p.Ifid, p.Mark, p.Tmpls)
 }
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
index c3d4e4222724d..a4e132ef55f2d 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
@@ -1,9 +1,8 @@
 package netlink
 
 import (
-	"syscall"
-
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 func selFromPolicy(sel *nl.XfrmSelector, policy *XfrmPolicy) {
@@ -28,6 +27,7 @@ func selFromPolicy(sel *nl.XfrmSelector, policy *XfrmPolicy) {
 	if sel.Sport != 0 {
 		sel.SportMask = ^uint16(0)
 	}
+	sel.Ifindex = int32(policy.Ifindex)
 }
 
 // XfrmPolicyAdd will add an xfrm policy to the system.
@@ -55,13 +55,14 @@ func (h *Handle) XfrmPolicyUpdate(policy *XfrmPolicy) error {
 }
 
 func (h *Handle) xfrmPolicyAddOrUpdate(policy *XfrmPolicy, nlProto int) error {
-	req := h.newNetlinkRequest(nlProto, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(nlProto, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
 
 	msg := &nl.XfrmUserpolicyInfo{}
 	selFromPolicy(&msg.Sel, policy)
 	msg.Priority = uint32(policy.Priority)
 	msg.Index = uint32(policy.Index)
 	msg.Dir = uint8(policy.Dir)
+	msg.Action = uint8(policy.Action)
 	msg.Lft.SoftByteLimit = nl.XFRM_INF
 	msg.Lft.HardByteLimit = nl.XFRM_INF
 	msg.Lft.SoftPacketLimit = nl.XFRM_INF
@@ -91,7 +92,10 @@ func (h *Handle) xfrmPolicyAddOrUpdate(policy *XfrmPolicy, nlProto int) error {
 		req.AddData(out)
 	}
 
-	_, err := req.Execute(syscall.NETLINK_XFRM, 0)
+	ifId := nl.NewRtAttr(nl.XFRMA_IF_ID, nl.Uint32Attr(uint32(policy.Ifid)))
+	req.AddData(ifId)
+
+	_, err := req.Execute(unix.NETLINK_XFRM, 0)
 	return err
 }
 
@@ -121,12 +125,12 @@ func XfrmPolicyList(family int) ([]XfrmPolicy, error) {
 // Equivalent to: `ip xfrm policy show`.
 // The list can be filtered by ip family.
 func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error) {
-	req := h.newNetlinkRequest(nl.XFRM_MSG_GETPOLICY, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(nl.XFRM_MSG_GETPOLICY, unix.NLM_F_DUMP)
 
 	msg := nl.NewIfInfomsg(family)
 	req.AddData(msg)
 
-	msgs, err := req.Execute(syscall.NETLINK_XFRM, nl.XFRM_MSG_NEWPOLICY)
+	msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWPOLICY)
 	if err != nil {
 		return nil, err
 	}
@@ -165,13 +169,13 @@ func XfrmPolicyFlush() error {
 // XfrmPolicyFlush will flush the policies on the system.
 // Equivalent to: `ip xfrm policy flush`
 func (h *Handle) XfrmPolicyFlush() error {
-	req := h.newNetlinkRequest(nl.XFRM_MSG_FLUSHPOLICY, syscall.NLM_F_ACK)
-	_, err := req.Execute(syscall.NETLINK_XFRM, 0)
+	req := h.newNetlinkRequest(nl.XFRM_MSG_FLUSHPOLICY, unix.NLM_F_ACK)
+	_, err := req.Execute(unix.NETLINK_XFRM, 0)
 	return err
 }
 
 func (h *Handle) xfrmPolicyGetOrDelete(policy *XfrmPolicy, nlProto int) (*XfrmPolicy, error) {
-	req := h.newNetlinkRequest(nlProto, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(nlProto, unix.NLM_F_ACK)
 
 	msg := &nl.XfrmUserpolicyId{}
 	selFromPolicy(&msg.Sel, policy)
@@ -184,12 +188,15 @@ func (h *Handle) xfrmPolicyGetOrDelete(policy *XfrmPolicy, nlProto int) (*XfrmPo
 		req.AddData(out)
 	}
 
+	ifId := nl.NewRtAttr(nl.XFRMA_IF_ID, nl.Uint32Attr(uint32(policy.Ifid)))
+	req.AddData(ifId)
+
 	resType := nl.XFRM_MSG_NEWPOLICY
 	if nlProto == nl.XFRM_MSG_DELPOLICY {
 		resType = 0
 	}
 
-	msgs, err := req.Execute(syscall.NETLINK_XFRM, uint16(resType))
+	msgs, err := req.Execute(unix.NETLINK_XFRM, uint16(resType))
 	if err != nil {
 		return nil, err
 	}
@@ -198,12 +205,7 @@ func (h *Handle) xfrmPolicyGetOrDelete(policy *XfrmPolicy, nlProto int) (*XfrmPo
 		return nil, err
 	}
 
-	p, err := parseXfrmPolicy(msgs[0], FAMILY_ALL)
-	if err != nil {
-		return nil, err
-	}
-
-	return p, nil
+	return parseXfrmPolicy(msgs[0], FAMILY_ALL)
 }
 
 func parseXfrmPolicy(m []byte, family int) (*XfrmPolicy, error) {
@@ -221,9 +223,11 @@ func parseXfrmPolicy(m []byte, family int) (*XfrmPolicy, error) {
 	policy.Proto = Proto(msg.Sel.Proto)
 	policy.DstPort = int(nl.Swap16(msg.Sel.Dport))
 	policy.SrcPort = int(nl.Swap16(msg.Sel.Sport))
+	policy.Ifindex = int(msg.Sel.Ifindex)
 	policy.Priority = int(msg.Priority)
 	policy.Index = int(msg.Index)
 	policy.Dir = Dir(msg.Dir)
+	policy.Action = PolicyAction(msg.Action)
 
 	attrs, err := nl.ParseRouteAttr(m[msg.Len():])
 	if err != nil {
@@ -250,6 +254,8 @@ func parseXfrmPolicy(m []byte, family int) (*XfrmPolicy, error) {
 			policy.Mark = new(XfrmMark)
 			policy.Mark.Value = mark.Value
 			policy.Mark.Mask = mark.Mask
+		case nl.XFRMA_IF_ID:
+			policy.Ifid = int(native.Uint32(attr.Value))
 		}
 	}
 
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_state.go b/vendor/github.com/vishvananda/netlink/xfrm_state.go
index 368a9b986d61e..483d8934a8fb7 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_state.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_state.go
@@ -3,6 +3,7 @@ package netlink
 import (
 	"fmt"
 	"net"
+	"time"
 )
 
 // XfrmStateAlgo represents the algorithm to use for the ipsec encryption.
@@ -67,6 +68,19 @@ type XfrmStateLimits struct {
 	TimeUseHard uint64
 }
 
+// XfrmStateStats represents the current number of bytes/packets
+// processed by this State, the State's installation and first use
+// time and the replay window counters.
+type XfrmStateStats struct {
+	ReplayWindow uint32
+	Replay       uint32
+	Failed       uint32
+	Bytes        uint64
+	Packets      uint64
+	AddTime      uint64
+	UseTime      uint64
+}
+
 // XfrmState represents the state of an ipsec policy. It optionally
 // contains an XfrmStateAlgo for encryption and one for authentication.
 type XfrmState struct {
@@ -78,7 +92,10 @@ type XfrmState struct {
 	Reqid        int
 	ReplayWindow int
 	Limits       XfrmStateLimits
+	Statistics   XfrmStateStats
 	Mark         *XfrmMark
+	OutputMark   int
+	Ifid         int
 	Auth         *XfrmStateAlgo
 	Crypt        *XfrmStateAlgo
 	Aead         *XfrmStateAlgo
@@ -87,17 +104,23 @@ type XfrmState struct {
 }
 
 func (sa XfrmState) String() string {
-	return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t",
-		sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN)
+	return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, OutputMark: %d, Ifid: %d, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t",
+		sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.OutputMark, sa.Ifid, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN)
 }
 func (sa XfrmState) Print(stats bool) string {
 	if !stats {
 		return sa.String()
 	}
-
-	return fmt.Sprintf("%s, ByteSoft: %s, ByteHard: %s, PacketSoft: %s, PacketHard: %s, TimeSoft: %d, TimeHard: %d, TimeUseSoft: %d, TimeUseHard: %d",
+	at := time.Unix(int64(sa.Statistics.AddTime), 0).Format(time.UnixDate)
+	ut := "-"
+	if sa.Statistics.UseTime > 0 {
+		ut = time.Unix(int64(sa.Statistics.UseTime), 0).Format(time.UnixDate)
+	}
+	return fmt.Sprintf("%s, ByteSoft: %s, ByteHard: %s, PacketSoft: %s, PacketHard: %s, TimeSoft: %d, TimeHard: %d, TimeUseSoft: %d, TimeUseHard: %d, Bytes: %d, Packets: %d, "+
+		"AddTime: %s, UseTime: %s, ReplayWindow: %d, Replay: %d, Failed: %d",
 		sa.String(), printLimit(sa.Limits.ByteSoft), printLimit(sa.Limits.ByteHard), printLimit(sa.Limits.PacketSoft), printLimit(sa.Limits.PacketHard),
-		sa.Limits.TimeSoft, sa.Limits.TimeHard, sa.Limits.TimeUseSoft, sa.Limits.TimeUseHard)
+		sa.Limits.TimeSoft, sa.Limits.TimeHard, sa.Limits.TimeUseSoft, sa.Limits.TimeUseHard, sa.Statistics.Bytes, sa.Statistics.Packets, at, ut,
+		sa.Statistics.ReplayWindow, sa.Statistics.Replay, sa.Statistics.Failed)
 }
 
 func printLimit(lmt uint64) string {
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
index 6a7bc0deca240..66c99423c471c 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
@@ -2,10 +2,10 @@ package netlink
 
 import (
 	"fmt"
-	"syscall"
 	"unsafe"
 
 	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
 )
 
 func writeStateAlgo(a *XfrmStateAlgo) []byte {
@@ -69,8 +69,10 @@ func writeReplayEsn(replayWindow int) []byte {
 		ReplayWindow: uint32(replayWindow),
 	}
 
-	// taken from iproute2/ip/xfrm_state.c:
-	replayEsn.BmpLen = uint32((replayWindow + (4 * 8) - 1) / (4 * 8))
+	// Linux stores the bitmap to identify the already received sequence packets in blocks of uint32 elements.
+	// Therefore bitmap length is the minimum number of uint32 elements needed. The following is a ceiling operation.
+	bytesPerElem := int(unsafe.Sizeof(replayEsn.BmpLen)) // Any uint32 variable is good for this
+	replayEsn.BmpLen = uint32((replayWindow + (bytesPerElem * 8) - 1) / (bytesPerElem * 8))
 
 	return replayEsn.Serialize()
 }
@@ -111,7 +113,7 @@ func (h *Handle) xfrmStateAddOrUpdate(state *XfrmState, nlProto int) error {
 	if state.Spi == 0 {
 		return fmt.Errorf("Spi must be set when adding xfrm state.")
 	}
-	req := h.newNetlinkRequest(nlProto, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(nlProto, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
 
 	msg := xfrmUsersaInfoFromXfrmState(state)
 
@@ -156,14 +158,21 @@ func (h *Handle) xfrmStateAddOrUpdate(state *XfrmState, nlProto int) error {
 		out := nl.NewRtAttr(nl.XFRMA_REPLAY_ESN_VAL, writeReplayEsn(state.ReplayWindow))
 		req.AddData(out)
 	}
+	if state.OutputMark != 0 {
+		out := nl.NewRtAttr(nl.XFRMA_OUTPUT_MARK, nl.Uint32Attr(uint32(state.OutputMark)))
+		req.AddData(out)
+	}
 
-	_, err := req.Execute(syscall.NETLINK_XFRM, 0)
+	ifId := nl.NewRtAttr(nl.XFRMA_IF_ID, nl.Uint32Attr(uint32(state.Ifid)))
+	req.AddData(ifId)
+
+	_, err := req.Execute(unix.NETLINK_XFRM, 0)
 	return err
 }
 
 func (h *Handle) xfrmStateAllocSpi(state *XfrmState) (*XfrmState, error) {
 	req := h.newNetlinkRequest(nl.XFRM_MSG_ALLOCSPI,
-		syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+		unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
 
 	msg := &nl.XfrmUserSpiInfo{}
 	msg.XfrmUsersaInfo = *(xfrmUsersaInfoFromXfrmState(state))
@@ -177,17 +186,12 @@ func (h *Handle) xfrmStateAllocSpi(state *XfrmState) (*XfrmState, error) {
 		req.AddData(out)
 	}
 
-	msgs, err := req.Execute(syscall.NETLINK_XFRM, 0)
-	if err != nil {
-		return nil, err
-	}
-
-	s, err := parseXfrmState(msgs[0], FAMILY_ALL)
+	msgs, err := req.Execute(unix.NETLINK_XFRM, 0)
 	if err != nil {
 		return nil, err
 	}
 
-	return s, err
+	return parseXfrmState(msgs[0], FAMILY_ALL)
 }
 
 // XfrmStateDel will delete an xfrm state from the system. Note that
@@ -216,9 +220,9 @@ func XfrmStateList(family int) ([]XfrmState, error) {
 // Equivalent to: `ip xfrm state show`.
 // The list can be filtered by ip family.
 func (h *Handle) XfrmStateList(family int) ([]XfrmState, error) {
-	req := h.newNetlinkRequest(nl.XFRM_MSG_GETSA, syscall.NLM_F_DUMP)
+	req := h.newNetlinkRequest(nl.XFRM_MSG_GETSA, unix.NLM_F_DUMP)
 
-	msgs, err := req.Execute(syscall.NETLINK_XFRM, nl.XFRM_MSG_NEWSA)
+	msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWSA)
 	if err != nil {
 		return nil, err
 	}
@@ -255,7 +259,7 @@ func (h *Handle) XfrmStateGet(state *XfrmState) (*XfrmState, error) {
 }
 
 func (h *Handle) xfrmStateGetOrDelete(state *XfrmState, nlProto int) (*XfrmState, error) {
-	req := h.newNetlinkRequest(nlProto, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(nlProto, unix.NLM_F_ACK)
 
 	msg := &nl.XfrmUsersaId{}
 	msg.Family = uint16(nl.GetIPFamily(state.Dst))
@@ -273,12 +277,15 @@ func (h *Handle) xfrmStateGetOrDelete(state *XfrmState, nlProto int) (*XfrmState
 		req.AddData(out)
 	}
 
+	ifId := nl.NewRtAttr(nl.XFRMA_IF_ID, nl.Uint32Attr(uint32(state.Ifid)))
+	req.AddData(ifId)
+
 	resType := nl.XFRM_MSG_NEWSA
 	if nlProto == nl.XFRM_MSG_DELSA {
 		resType = 0
 	}
 
-	msgs, err := req.Execute(syscall.NETLINK_XFRM, uint16(resType))
+	msgs, err := req.Execute(unix.NETLINK_XFRM, uint16(resType))
 	if err != nil {
 		return nil, err
 	}
@@ -308,6 +315,7 @@ func xfrmStateFromXfrmUsersaInfo(msg *nl.XfrmUsersaInfo) *XfrmState {
 	state.Reqid = int(msg.Reqid)
 	state.ReplayWindow = int(msg.ReplayWindow)
 	lftToLimits(&msg.Lft, &state.Limits)
+	curToStats(&msg.Curlft, &msg.Stats, &state.Statistics)
 
 	return &state
 }
@@ -369,6 +377,10 @@ func parseXfrmState(m []byte, family int) (*XfrmState, error) {
 			state.Mark = new(XfrmMark)
 			state.Mark.Value = mark.Value
 			state.Mark.Mask = mark.Mask
+		case nl.XFRMA_OUTPUT_MARK:
+			state.OutputMark = int(native.Uint32(attr.Value))
+		case nl.XFRMA_IF_ID:
+			state.Ifid = int(native.Uint32(attr.Value))
 		}
 	}
 
@@ -386,16 +398,12 @@ func XfrmStateFlush(proto Proto) error {
 // proto = 0 means any transformation protocols
 // Equivalent to: `ip xfrm state flush [ proto XFRM-PROTO ]`
 func (h *Handle) XfrmStateFlush(proto Proto) error {
-	req := h.newNetlinkRequest(nl.XFRM_MSG_FLUSHSA, syscall.NLM_F_ACK)
+	req := h.newNetlinkRequest(nl.XFRM_MSG_FLUSHSA, unix.NLM_F_ACK)
 
 	req.AddData(&nl.XfrmUsersaFlush{Proto: uint8(proto)})
 
-	_, err := req.Execute(syscall.NETLINK_XFRM, 0)
-	if err != nil {
-		return err
-	}
-
-	return nil
+	_, err := req.Execute(unix.NETLINK_XFRM, 0)
+	return err
 }
 
 func limitsToLft(lmts XfrmStateLimits, lft *nl.XfrmLifetimeCfg) {
@@ -429,6 +437,16 @@ func lftToLimits(lft *nl.XfrmLifetimeCfg, lmts *XfrmStateLimits) {
 	*lmts = *(*XfrmStateLimits)(unsafe.Pointer(lft))
 }
 
+func curToStats(cur *nl.XfrmLifetimeCur, wstats *nl.XfrmStats, stats *XfrmStateStats) {
+	stats.Bytes = cur.Bytes
+	stats.Packets = cur.Packets
+	stats.AddTime = cur.AddTime
+	stats.UseTime = cur.UseTime
+	stats.ReplayWindow = wstats.ReplayWindow
+	stats.Replay = wstats.Replay
+	stats.Failed = wstats.IntegrityFailed
+}
+
 func xfrmUsersaInfoFromXfrmState(state *XfrmState) *nl.XfrmUsersaInfo {
 	msg := &nl.XfrmUsersaInfo{}
 	msg.Family = uint16(nl.GetIPFamily(state.Dst))
diff --git a/vendor/github.com/vishvananda/netns/README.md b/vendor/github.com/vishvananda/netns/README.md
index 24a4003ae6cb4..6b45cfb892e5f 100644
--- a/vendor/github.com/vishvananda/netns/README.md
+++ b/vendor/github.com/vishvananda/netns/README.md
@@ -20,9 +20,10 @@ Testing (requires root):
 package main
 
 import (
+    "fmt"
     "net"
     "runtime"
-    "github.com/vishvananada/netns"
+    "github.com/vishvananda/netns"
 )
 
 func main() {
@@ -38,7 +39,7 @@ func main() {
     newns, _ := netns.New()
     defer newns.Close()
 
-    // Do something with tne network namespace
+    // Do something with the network namespace
     ifaces, _ := net.Interfaces()
     fmt.Printf("Interfaces: %v\n", ifaces)
 
diff --git a/vendor/github.com/vishvananda/netns/go.mod b/vendor/github.com/vishvananda/netns/go.mod
new file mode 100644
index 0000000000000..9cdf577ad4485
--- /dev/null
+++ b/vendor/github.com/vishvananda/netns/go.mod
@@ -0,0 +1,5 @@
+module github.com/vishvananda/netns
+
+go 1.12
+
+require golang.org/x/sys v0.0.0-20200217220822-9197077df867
diff --git a/vendor/github.com/vishvananda/netns/netns.go b/vendor/github.com/vishvananda/netns/netns.go
index 2ca0feedd5c86..116befd548c47 100644
--- a/vendor/github.com/vishvananda/netns/netns.go
+++ b/vendor/github.com/vishvananda/netns/netns.go
@@ -10,7 +10,8 @@ package netns
 
 import (
 	"fmt"
-	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
 // NsHandle is a handle to a network namespace. It can be cast directly
@@ -19,16 +20,16 @@ type NsHandle int
 
 // Equal determines if two network handles refer to the same network
 // namespace. This is done by comparing the device and inode that the
-// file descripors point to.
+// file descriptors point to.
 func (ns NsHandle) Equal(other NsHandle) bool {
 	if ns == other {
 		return true
 	}
-	var s1, s2 syscall.Stat_t
-	if err := syscall.Fstat(int(ns), &s1); err != nil {
+	var s1, s2 unix.Stat_t
+	if err := unix.Fstat(int(ns), &s1); err != nil {
 		return false
 	}
-	if err := syscall.Fstat(int(other), &s2); err != nil {
+	if err := unix.Fstat(int(other), &s2); err != nil {
 		return false
 	}
 	return (s1.Dev == s2.Dev) && (s1.Ino == s2.Ino)
@@ -36,16 +37,29 @@ func (ns NsHandle) Equal(other NsHandle) bool {
 
 // String shows the file descriptor number and its dev and inode.
 func (ns NsHandle) String() string {
-	var s syscall.Stat_t
 	if ns == -1 {
 		return "NS(None)"
 	}
-	if err := syscall.Fstat(int(ns), &s); err != nil {
+	var s unix.Stat_t
+	if err := unix.Fstat(int(ns), &s); err != nil {
 		return fmt.Sprintf("NS(%d: unknown)", ns)
 	}
 	return fmt.Sprintf("NS(%d: %d, %d)", ns, s.Dev, s.Ino)
 }
 
+// UniqueId returns a string which uniquely identifies the namespace
+// associated with the network handle.
+func (ns NsHandle) UniqueId() string {
+	if ns == -1 {
+		return "NS(none)"
+	}
+	var s unix.Stat_t
+	if err := unix.Fstat(int(ns), &s); err != nil {
+		return "NS(unknown)"
+	}
+	return fmt.Sprintf("NS(%d:%d)", s.Dev, s.Ino)
+}
+
 // IsOpen returns true if Close() has not been called.
 func (ns NsHandle) IsOpen() bool {
 	return ns != -1
@@ -54,14 +68,14 @@ func (ns NsHandle) IsOpen() bool {
 // Close closes the NsHandle and resets its file descriptor to -1.
 // It is not safe to use an NsHandle after Close() is called.
 func (ns *NsHandle) Close() error {
-	if err := syscall.Close(int(*ns)); err != nil {
+	if err := unix.Close(int(*ns)); err != nil {
 		return err
 	}
 	(*ns) = -1
 	return nil
 }
 
-// Get an empty (closed) NsHandle
+// None gets an empty (closed) NsHandle.
 func None() NsHandle {
 	return NsHandle(-1)
 }
diff --git a/vendor/github.com/vishvananda/netns/netns_linux.go b/vendor/github.com/vishvananda/netns/netns_linux.go
index abdc3082904cc..c76acd087020c 100644
--- a/vendor/github.com/vishvananda/netns/netns_linux.go
+++ b/vendor/github.com/vishvananda/netns/netns_linux.go
@@ -6,31 +6,30 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
+// Deprecated: use syscall pkg instead (go >= 1.5 needed).
 const (
-	// These constants belong in the syscall library but have not been
-	// added yet.
-	CLONE_NEWUTS  = 0x04000000 /* New utsname group? */
-	CLONE_NEWIPC  = 0x08000000 /* New ipcs */
-	CLONE_NEWUSER = 0x10000000 /* New user namespace */
-	CLONE_NEWPID  = 0x20000000 /* New pid namespace */
-	CLONE_NEWNET  = 0x40000000 /* New network namespace */
-	CLONE_IO      = 0x80000000 /* Get io context */
+	CLONE_NEWUTS  = 0x04000000   /* New utsname group? */
+	CLONE_NEWIPC  = 0x08000000   /* New ipcs */
+	CLONE_NEWUSER = 0x10000000   /* New user namespace */
+	CLONE_NEWPID  = 0x20000000   /* New pid namespace */
+	CLONE_NEWNET  = 0x40000000   /* New network namespace */
+	CLONE_IO      = 0x80000000   /* Get io context */
+	bindMountPath = "/run/netns" /* Bind mount path for named netns */
 )
 
 // Setns sets namespace using syscall. Note that this should be a method
 // in syscall but it has not been added.
 func Setns(ns NsHandle, nstype int) (err error) {
-	_, _, e1 := syscall.Syscall(SYS_SETNS, uintptr(ns), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
+	return unix.Setns(int(ns), nstype)
 }
 
 // Set sets the current network namespace to the namespace represented
@@ -39,23 +38,67 @@ func Set(ns NsHandle) (err error) {
 	return Setns(ns, CLONE_NEWNET)
 }
 
-// New creates a new network namespace and returns a handle to it.
+// New creates a new network namespace, sets it as current and returns
+// a handle to it.
 func New() (ns NsHandle, err error) {
-	if err := syscall.Unshare(CLONE_NEWNET); err != nil {
+	if err := unix.Unshare(CLONE_NEWNET); err != nil {
 		return -1, err
 	}
 	return Get()
 }
 
+// NewNamed creates a new named network namespace and returns a handle to it
+func NewNamed(name string) (NsHandle, error) {
+	if _, err := os.Stat(bindMountPath); os.IsNotExist(err) {
+		err = os.MkdirAll(bindMountPath, 0755)
+		if err != nil {
+			return None(), err
+		}
+	}
+
+	newNs, err := New()
+	if err != nil {
+		return None(), err
+	}
+
+	namedPath := path.Join(bindMountPath, name)
+
+	f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0444)
+	if err != nil {
+		return None(), err
+	}
+	f.Close()
+
+	nsPath := fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), syscall.Gettid())
+	err = syscall.Mount(nsPath, namedPath, "bind", syscall.MS_BIND, "")
+	if err != nil {
+		return None(), err
+	}
+
+	return newNs, nil
+}
+
+// DeleteNamed deletes a named network namespace
+func DeleteNamed(name string) error {
+	namedPath := path.Join(bindMountPath, name)
+
+	err := syscall.Unmount(namedPath, syscall.MNT_DETACH)
+	if err != nil {
+		return err
+	}
+
+	return os.Remove(namedPath)
+}
+
 // Get gets a handle to the current threads network namespace.
 func Get() (NsHandle, error) {
-	return GetFromThread(os.Getpid(), syscall.Gettid())
+	return GetFromThread(os.Getpid(), unix.Gettid())
 }
 
 // GetFromPath gets a handle to a network namespace
 // identified by the path
 func GetFromPath(path string) (NsHandle, error) {
-	fd, err := syscall.Open(path, syscall.O_RDONLY, 0)
+	fd, err := unix.Open(path, unix.O_RDONLY|unix.O_CLOEXEC, 0)
 	if err != nil {
 		return -1, err
 	}
@@ -125,7 +168,9 @@ func getThisCgroup(cgroupType string) (string, error) {
 		return "", fmt.Errorf("docker pid not found in /var/run/docker.pid")
 	}
 	pid, err := strconv.Atoi(result[0])
-
+	if err != nil {
+		return "", err
+	}
 	output, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/cgroup", pid))
 	if err != nil {
 		return "", err
@@ -167,8 +212,18 @@ func getPidForContainer(id string) (int, error) {
 		filepath.Join(cgroupRoot, cgroupThis, id, "tasks"),
 		// With more recent lxc versions use, cgroup will be in lxc/
 		filepath.Join(cgroupRoot, cgroupThis, "lxc", id, "tasks"),
-		// With more recent dockee, cgroup will be in docker/
+		// With more recent docker, cgroup will be in docker/
 		filepath.Join(cgroupRoot, cgroupThis, "docker", id, "tasks"),
+		// Even more recent docker versions under systemd use docker-<id>.scope/
+		filepath.Join(cgroupRoot, "system.slice", "docker-"+id+".scope", "tasks"),
+		// Even more recent docker versions under cgroup/systemd/docker/<id>/
+		filepath.Join(cgroupRoot, "..", "systemd", "docker", id, "tasks"),
+		// Kubernetes with docker and CNI is even more different
+		filepath.Join(cgroupRoot, "..", "systemd", "kubepods", "*", "pod*", id, "tasks"),
+		// Another flavor of containers location in recent kubernetes 1.11+
+		filepath.Join(cgroupRoot, cgroupThis, "kubepods.slice", "kubepods-besteffort.slice", "*", "docker-"+id+".scope", "tasks"),
+		// When runs inside of a container with recent kubernetes 1.11+
+		filepath.Join(cgroupRoot, "kubepods.slice", "kubepods-besteffort.slice", "*", "docker-"+id+".scope", "tasks"),
 	}
 
 	var filename string
diff --git a/vendor/github.com/vishvananda/netns/netns_linux_386.go b/vendor/github.com/vishvananda/netns/netns_linux_386.go
deleted file mode 100644
index 1d769bb15141c..0000000000000
--- a/vendor/github.com/vishvananda/netns/netns_linux_386.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build linux,386
-
-package netns
-
-const (
-	SYS_SETNS = 346
-)
diff --git a/vendor/github.com/vishvananda/netns/netns_linux_amd64.go b/vendor/github.com/vishvananda/netns/netns_linux_amd64.go
deleted file mode 100644
index b124666f18a57..0000000000000
--- a/vendor/github.com/vishvananda/netns/netns_linux_amd64.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build linux,amd64
-
-package netns
-
-const (
-	SYS_SETNS = 308
-)
diff --git a/vendor/github.com/vishvananda/netns/netns_linux_arm.go b/vendor/github.com/vishvananda/netns/netns_linux_arm.go
deleted file mode 100644
index 9c74eb55322ea..0000000000000
--- a/vendor/github.com/vishvananda/netns/netns_linux_arm.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build linux,arm
-
-package netns
-
-const (
-	SYS_SETNS = 375
-)
diff --git a/vendor/github.com/vishvananda/netns/netns_linux_arm64.go b/vendor/github.com/vishvananda/netns/netns_linux_arm64.go
deleted file mode 100644
index 741a30207ad8b..0000000000000
--- a/vendor/github.com/vishvananda/netns/netns_linux_arm64.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build linux,arm64
-
-package netns
-
-const (
-	SYS_SETNS = 268
-)
diff --git a/vendor/github.com/vishvananda/netns/netns_linux_ppc64le.go b/vendor/github.com/vishvananda/netns/netns_linux_ppc64le.go
deleted file mode 100644
index c49eba5ee5bec..0000000000000
--- a/vendor/github.com/vishvananda/netns/netns_linux_ppc64le.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build linux,ppc64le
-
-package netns
-
-const (
-	SYS_SETNS = 350
-)
diff --git a/vendor/github.com/vishvananda/netns/netns_linux_s390x.go b/vendor/github.com/vishvananda/netns/netns_linux_s390x.go
deleted file mode 100644
index cc13e62665f80..0000000000000
--- a/vendor/github.com/vishvananda/netns/netns_linux_s390x.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build linux,s390x
-
-package netns
-
-const (
-	SYS_SETNS = 339
-)
diff --git a/vendor/github.com/vishvananda/netns/netns_unspecified.go b/vendor/github.com/vishvananda/netns/netns_unspecified.go
index b2edc565bdee9..d06af62b68ad2 100644
--- a/vendor/github.com/vishvananda/netns/netns_unspecified.go
+++ b/vendor/github.com/vishvananda/netns/netns_unspecified.go
@@ -22,6 +22,10 @@ func Get() (NsHandle, error) {
 	return -1, ErrNotImplemented
 }
 
+func GetFromPath(path string) (NsHandle, error) {
+	return -1, ErrNotImplemented
+}
+
 func GetFromName(name string) (NsHandle, error) {
 	return -1, ErrNotImplemented
 }
@@ -30,6 +34,10 @@ func GetFromPid(pid int) (NsHandle, error) {
 	return -1, ErrNotImplemented
 }
 
+func GetFromThread(pid, tid int) (NsHandle, error) {
+	return -1, ErrNotImplemented
+}
+
 func GetFromDocker(id string) (NsHandle, error) {
 	return -1, ErrNotImplemented
 }
diff --git a/vendor/go.etcd.io/bbolt/README.md b/vendor/go.etcd.io/bbolt/README.md
index 6546fc01ac5ad..c9e64b1a6150b 100644
--- a/vendor/go.etcd.io/bbolt/README.md
+++ b/vendor/go.etcd.io/bbolt/README.md
@@ -152,11 +152,12 @@ are not thread safe. To work with data in multiple goroutines you must start
 a transaction for each one or use locking to ensure only one goroutine accesses
 a transaction at a time. Creating transaction from the `DB` is thread safe.
 
-Read-only transactions and read-write transactions should not depend on one
-another and generally shouldn't be opened simultaneously in the same goroutine.
-This can cause a deadlock as the read-write transaction needs to periodically
-re-map the data file but it cannot do so while a read-only transaction is open.
-
+Transactions should not depend on one another and generally shouldn't be opened
+simultaneously in the same goroutine. This can cause a deadlock as the read-write
+transaction needs to periodically re-map the data file but it cannot do so while
+any read-only transaction is open. Even a nested read-only transaction can cause
+a deadlock, as the child transaction can block the parent transaction from releasing
+its resources.
 
 #### Read-write transactions
 
@@ -275,7 +276,7 @@ should be writable.
 ### Using buckets
 
 Buckets are collections of key/value pairs within the database. All keys in a
-bucket must be unique. You can create a bucket using the `DB.CreateBucket()`
+bucket must be unique. You can create a bucket using the `Tx.CreateBucket()`
 function:
 
 ```go
@@ -923,17 +924,20 @@ Below is a list of public, open source projects that use Bolt:
 * [GoWebApp](https://github.com/josephspurrier/gowebapp) - A basic MVC web application in Go using BoltDB.
 * [GoShort](https://github.com/pankajkhairnar/goShort) - GoShort is a URL shortener written in Golang and BoltDB for persistent key/value storage and for routing it's using high performent HTTPRouter.
 * [gopherpit](https://github.com/gopherpit/gopherpit) - A web service to manage Go remote import paths with custom domains
+* [gokv](https://github.com/philippgille/gokv) - Simple key-value store abstraction and implementations for Go (Redis, Consul, etcd, bbolt, BadgerDB, LevelDB, Memcached, DynamoDB, S3, PostgreSQL, MongoDB, CockroachDB and many more)
 * [Gitchain](https://github.com/gitchain/gitchain) - Decentralized, peer-to-peer Git repositories aka "Git meets Bitcoin".
 * [InfluxDB](https://influxdata.com) - Scalable datastore for metrics, events, and real-time analytics.
 * [ipLocator](https://github.com/AndreasBriese/ipLocator) - A fast ip-geo-location-server using bolt with bloom filters.
 * [ipxed](https://github.com/kelseyhightower/ipxed) - Web interface and api for ipxed.
 * [Ironsmith](https://github.com/timshannon/ironsmith) - A simple, script-driven continuous integration (build - > test -> release) tool, with no external dependencies
 * [Kala](https://github.com/ajvb/kala) - Kala is a modern job scheduler optimized to run on a single node. It is persistent, JSON over HTTP API, ISO 8601 duration notation, and dependent jobs.
+* [Key Value Access Langusge (KVAL)](https://github.com/kval-access-language) - A proposed grammar for key-value datastores offering a bbolt binding.
 * [LedisDB](https://github.com/siddontang/ledisdb) - A high performance NoSQL, using Bolt as optional storage.
 * [lru](https://github.com/crowdriff/lru) - Easy to use Bolt-backed Least-Recently-Used (LRU) read-through cache with chainable remote stores.
 * [mbuckets](https://github.com/abhigupta912/mbuckets) - A Bolt wrapper that allows easy operations on multi level (nested) buckets.
 * [MetricBase](https://github.com/msiebuhr/MetricBase) - Single-binary version of Graphite.
 * [MuLiFS](https://github.com/dankomiocevic/mulifs) - Music Library Filesystem creates a filesystem to organise your music files.
+* [NATS](https://github.com/nats-io/nats-streaming-server) - NATS Streaming uses bbolt for message and metadata storage.
 * [Operation Go: A Routine Mission](http://gocode.io) - An online programming game for Golang using Bolt for user accounts and a leaderboard.
 * [photosite/session](https://godoc.org/bitbucket.org/kardianos/photosite/session) - Sessions for a photo viewing site.
 * [Prometheus Annotation Server](https://github.com/oliver006/prom_annotation_server) - Annotation server for PromDash & Prometheus service monitoring system.
diff --git a/vendor/go.etcd.io/bbolt/bolt_386.go b/vendor/go.etcd.io/bbolt/bolt_386.go
index 4d35ee7cf3d25..aee25960ff97c 100644
--- a/vendor/go.etcd.io/bbolt/bolt_386.go
+++ b/vendor/go.etcd.io/bbolt/bolt_386.go
@@ -5,6 +5,3 @@ const maxMapSize = 0x7FFFFFFF // 2GB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0xFFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_amd64.go b/vendor/go.etcd.io/bbolt/bolt_amd64.go
index 60a52dad56b2d..5dd8f3f2aeb9e 100644
--- a/vendor/go.etcd.io/bbolt/bolt_amd64.go
+++ b/vendor/go.etcd.io/bbolt/bolt_amd64.go
@@ -5,6 +5,3 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256TB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0x7FFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_arm.go b/vendor/go.etcd.io/bbolt/bolt_arm.go
index 105d27ddb7ddb..aee25960ff97c 100644
--- a/vendor/go.etcd.io/bbolt/bolt_arm.go
+++ b/vendor/go.etcd.io/bbolt/bolt_arm.go
@@ -1,28 +1,7 @@
 package bbolt
 
-import "unsafe"
-
 // maxMapSize represents the largest mmap size supported by Bolt.
 const maxMapSize = 0x7FFFFFFF // 2GB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0xFFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned bool
-
-func init() {
-	// Simple check to see whether this arch handles unaligned load/stores
-	// correctly.
-
-	// ARM9 and older devices require load/stores to be from/to aligned
-	// addresses. If not, the lower 2 bits are cleared and that address is
-	// read in a jumbled up order.
-
-	// See http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka15414.html
-
-	raw := [6]byte{0xfe, 0xef, 0x11, 0x22, 0x22, 0x11}
-	val := *(*uint32)(unsafe.Pointer(uintptr(unsafe.Pointer(&raw)) + 2))
-
-	brokenUnaligned = val != 0x11222211
-}
diff --git a/vendor/go.etcd.io/bbolt/bolt_arm64.go b/vendor/go.etcd.io/bbolt/bolt_arm64.go
index f5aa2a5ee248e..810dfd55c53b2 100644
--- a/vendor/go.etcd.io/bbolt/bolt_arm64.go
+++ b/vendor/go.etcd.io/bbolt/bolt_arm64.go
@@ -7,6 +7,3 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256TB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0x7FFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_mips64x.go b/vendor/go.etcd.io/bbolt/bolt_mips64x.go
index baeb289fd94b8..dd8ffe1239353 100644
--- a/vendor/go.etcd.io/bbolt/bolt_mips64x.go
+++ b/vendor/go.etcd.io/bbolt/bolt_mips64x.go
@@ -7,6 +7,3 @@ const maxMapSize = 0x8000000000 // 512GB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0x7FFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_mipsx.go b/vendor/go.etcd.io/bbolt/bolt_mipsx.go
index 2d9b1a91f3642..a669703a4e335 100644
--- a/vendor/go.etcd.io/bbolt/bolt_mipsx.go
+++ b/vendor/go.etcd.io/bbolt/bolt_mipsx.go
@@ -7,6 +7,3 @@ const maxMapSize = 0x40000000 // 1GB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0xFFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_ppc.go b/vendor/go.etcd.io/bbolt/bolt_ppc.go
index 69804714aaef3..84e545ef3e777 100644
--- a/vendor/go.etcd.io/bbolt/bolt_ppc.go
+++ b/vendor/go.etcd.io/bbolt/bolt_ppc.go
@@ -7,6 +7,3 @@ const maxMapSize = 0x7FFFFFFF // 2GB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0xFFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_ppc64.go b/vendor/go.etcd.io/bbolt/bolt_ppc64.go
index 356590857607a..a76120908cb66 100644
--- a/vendor/go.etcd.io/bbolt/bolt_ppc64.go
+++ b/vendor/go.etcd.io/bbolt/bolt_ppc64.go
@@ -7,6 +7,3 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256TB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0x7FFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_ppc64le.go b/vendor/go.etcd.io/bbolt/bolt_ppc64le.go
index 422c7c69d667a..c830f2fc77ad0 100644
--- a/vendor/go.etcd.io/bbolt/bolt_ppc64le.go
+++ b/vendor/go.etcd.io/bbolt/bolt_ppc64le.go
@@ -7,6 +7,3 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256TB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0x7FFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_riscv64.go b/vendor/go.etcd.io/bbolt/bolt_riscv64.go
new file mode 100644
index 0000000000000..c967613b0063f
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/bolt_riscv64.go
@@ -0,0 +1,9 @@
+// +build riscv64
+
+package bbolt
+
+// maxMapSize represents the largest mmap size supported by Bolt.
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
+
+// maxAllocSize is the size used when creating array pointers.
+const maxAllocSize = 0x7FFFFFFF
diff --git a/vendor/go.etcd.io/bbolt/bolt_s390x.go b/vendor/go.etcd.io/bbolt/bolt_s390x.go
index 6d3fcb825d344..ff2a56097079b 100644
--- a/vendor/go.etcd.io/bbolt/bolt_s390x.go
+++ b/vendor/go.etcd.io/bbolt/bolt_s390x.go
@@ -7,6 +7,3 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256TB
 
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0x7FFFFFFF
-
-// Are unaligned load/stores broken on this arch?
-var brokenUnaligned = false
diff --git a/vendor/go.etcd.io/bbolt/bolt_unix.go b/vendor/go.etcd.io/bbolt/bolt_unix.go
index 5f2bb51451990..2938fed58457d 100644
--- a/vendor/go.etcd.io/bbolt/bolt_unix.go
+++ b/vendor/go.etcd.io/bbolt/bolt_unix.go
@@ -1,4 +1,4 @@
-// +build !windows,!plan9,!solaris
+// +build !windows,!plan9,!solaris,!aix
 
 package bbolt
 
diff --git a/vendor/go.etcd.io/bbolt/bolt_unix_aix.go b/vendor/go.etcd.io/bbolt/bolt_unix_aix.go
new file mode 100644
index 0000000000000..a64c16f51297b
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/bolt_unix_aix.go
@@ -0,0 +1,90 @@
+// +build aix
+
+package bbolt
+
+import (
+	"fmt"
+	"syscall"
+	"time"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// flock acquires an advisory lock on a file descriptor.
+func flock(db *DB, exclusive bool, timeout time.Duration) error {
+	var t time.Time
+	if timeout != 0 {
+		t = time.Now()
+	}
+	fd := db.file.Fd()
+	var lockType int16
+	if exclusive {
+		lockType = syscall.F_WRLCK
+	} else {
+		lockType = syscall.F_RDLCK
+	}
+	for {
+		// Attempt to obtain an exclusive lock.
+		lock := syscall.Flock_t{Type: lockType}
+		err := syscall.FcntlFlock(fd, syscall.F_SETLK, &lock)
+		if err == nil {
+			return nil
+		} else if err != syscall.EAGAIN {
+			return err
+		}
+
+		// If we timed out then return an error.
+		if timeout != 0 && time.Since(t) > timeout-flockRetryTimeout {
+			return ErrTimeout
+		}
+
+		// Wait for a bit and try again.
+		time.Sleep(flockRetryTimeout)
+	}
+}
+
+// funlock releases an advisory lock on a file descriptor.
+func funlock(db *DB) error {
+	var lock syscall.Flock_t
+	lock.Start = 0
+	lock.Len = 0
+	lock.Type = syscall.F_UNLCK
+	lock.Whence = 0
+	return syscall.FcntlFlock(uintptr(db.file.Fd()), syscall.F_SETLK, &lock)
+}
+
+// mmap memory maps a DB's data file.
+func mmap(db *DB, sz int) error {
+	// Map the data file to memory.
+	b, err := unix.Mmap(int(db.file.Fd()), 0, sz, syscall.PROT_READ, syscall.MAP_SHARED|db.MmapFlags)
+	if err != nil {
+		return err
+	}
+
+	// Advise the kernel that the mmap is accessed randomly.
+	if err := unix.Madvise(b, syscall.MADV_RANDOM); err != nil {
+		return fmt.Errorf("madvise: %s", err)
+	}
+
+	// Save the original byte slice and convert to a byte array pointer.
+	db.dataref = b
+	db.data = (*[maxMapSize]byte)(unsafe.Pointer(&b[0]))
+	db.datasz = sz
+	return nil
+}
+
+// munmap unmaps a DB's data file from memory.
+func munmap(db *DB) error {
+	// Ignore the unmap if we have no mapped data.
+	if db.dataref == nil {
+		return nil
+	}
+
+	// Unmap using the original byte slice.
+	err := unix.Munmap(db.dataref)
+	db.dataref = nil
+	db.data = nil
+	db.datasz = 0
+	return err
+}
diff --git a/vendor/go.etcd.io/bbolt/bucket.go b/vendor/go.etcd.io/bbolt/bucket.go
index 84bfd4d6a283e..d8750b14871f9 100644
--- a/vendor/go.etcd.io/bbolt/bucket.go
+++ b/vendor/go.etcd.io/bbolt/bucket.go
@@ -123,10 +123,12 @@ func (b *Bucket) Bucket(name []byte) *Bucket {
 func (b *Bucket) openBucket(value []byte) *Bucket {
 	var child = newBucket(b.tx)
 
-	// If unaligned load/stores are broken on this arch and value is
-	// unaligned simply clone to an aligned byte array.
-	unaligned := brokenUnaligned && uintptr(unsafe.Pointer(&value[0]))&3 != 0
-
+	// Unaligned access requires a copy to be made.
+	const unalignedMask = unsafe.Alignof(struct {
+		bucket
+		page
+	}{}) - 1
+	unaligned := uintptr(unsafe.Pointer(&value[0]))&unalignedMask != 0
 	if unaligned {
 		value = cloneBytes(value)
 	}
@@ -206,7 +208,7 @@ func (b *Bucket) CreateBucketIfNotExists(key []byte) (*Bucket, error) {
 }
 
 // DeleteBucket deletes a bucket at the given key.
-// Returns an error if the bucket does not exists, or if the key represents a non-bucket value.
+// Returns an error if the bucket does not exist, or if the key represents a non-bucket value.
 func (b *Bucket) DeleteBucket(key []byte) error {
 	if b.tx.db == nil {
 		return ErrTxClosed
@@ -228,7 +230,7 @@ func (b *Bucket) DeleteBucket(key []byte) error {
 	// Recursively delete all child buckets.
 	child := b.Bucket(key)
 	err := child.ForEach(func(k, v []byte) error {
-		if v == nil {
+		if _, _, childFlags := child.Cursor().seek(k); (childFlags & bucketLeafFlag) != 0 {
 			if err := child.DeleteBucket(k); err != nil {
 				return fmt.Errorf("delete bucket: %s", err)
 			}
@@ -409,7 +411,7 @@ func (b *Bucket) Stats() BucketStats {
 
 			if p.count != 0 {
 				// If page has any elements, add all element headers.
-				used += leafPageElementSize * int(p.count-1)
+				used += leafPageElementSize * uintptr(p.count-1)
 
 				// Add all element key, value sizes.
 				// The computation takes advantage of the fact that the position
@@ -417,16 +419,16 @@ func (b *Bucket) Stats() BucketStats {
 				// of all previous elements' keys and values.
 				// It also includes the last element's header.
 				lastElement := p.leafPageElement(p.count - 1)
-				used += int(lastElement.pos + lastElement.ksize + lastElement.vsize)
+				used += uintptr(lastElement.pos + lastElement.ksize + lastElement.vsize)
 			}
 
 			if b.root == 0 {
 				// For inlined bucket just update the inline stats
-				s.InlineBucketInuse += used
+				s.InlineBucketInuse += int(used)
 			} else {
 				// For non-inlined bucket update all the leaf stats
 				s.LeafPageN++
-				s.LeafInuse += used
+				s.LeafInuse += int(used)
 				s.LeafOverflowN += int(p.overflow)
 
 				// Collect stats from sub-buckets.
@@ -447,13 +449,13 @@ func (b *Bucket) Stats() BucketStats {
 
 			// used totals the used bytes for the page
 			// Add header and all element headers.
-			used := pageHeaderSize + (branchPageElementSize * int(p.count-1))
+			used := pageHeaderSize + (branchPageElementSize * uintptr(p.count-1))
 
 			// Add size of all keys and values.
 			// Again, use the fact that last element's position equals to
 			// the total of key, value sizes of all previous elements.
-			used += int(lastElement.pos + lastElement.ksize)
-			s.BranchInuse += used
+			used += uintptr(lastElement.pos + lastElement.ksize)
+			s.BranchInuse += int(used)
 			s.BranchOverflowN += int(p.overflow)
 		}
 
@@ -593,7 +595,7 @@ func (b *Bucket) inlineable() bool {
 	// our threshold for inline bucket size.
 	var size = pageHeaderSize
 	for _, inode := range n.inodes {
-		size += leafPageElementSize + len(inode.key) + len(inode.value)
+		size += leafPageElementSize + uintptr(len(inode.key)) + uintptr(len(inode.value))
 
 		if inode.flags&bucketLeafFlag != 0 {
 			return false
@@ -606,8 +608,8 @@ func (b *Bucket) inlineable() bool {
 }
 
 // Returns the maximum total size of a bucket to make it a candidate for inlining.
-func (b *Bucket) maxInlineBucketSize() int {
-	return b.tx.db.pageSize / 4
+func (b *Bucket) maxInlineBucketSize() uintptr {
+	return uintptr(b.tx.db.pageSize / 4)
 }
 
 // write allocates and writes a bucket to a byte slice.
diff --git a/vendor/go.etcd.io/bbolt/cursor.go b/vendor/go.etcd.io/bbolt/cursor.go
index 3000aced6c4c1..98aeb449a4ca1 100644
--- a/vendor/go.etcd.io/bbolt/cursor.go
+++ b/vendor/go.etcd.io/bbolt/cursor.go
@@ -366,7 +366,7 @@ func (c *Cursor) node() *node {
 	}
 	for _, ref := range c.stack[:len(c.stack)-1] {
 		_assert(!n.isLeaf, "expected branch node")
-		n = n.childAt(int(ref.index))
+		n = n.childAt(ref.index)
 	}
 	_assert(n.isLeaf, "expected leaf node")
 	return n
diff --git a/vendor/go.etcd.io/bbolt/db.go b/vendor/go.etcd.io/bbolt/db.go
index d91dcf813a14f..80b0095cc348e 100644
--- a/vendor/go.etcd.io/bbolt/db.go
+++ b/vendor/go.etcd.io/bbolt/db.go
@@ -43,6 +43,16 @@ var defaultPageSize = os.Getpagesize()
 // The time elapsed between consecutive file locking attempts.
 const flockRetryTimeout = 50 * time.Millisecond
 
+// FreelistType is the type of the freelist backend
+type FreelistType string
+
+const (
+	// FreelistArrayType indicates backend freelist type is array
+	FreelistArrayType = FreelistType("array")
+	// FreelistMapType indicates backend freelist type is hashmap
+	FreelistMapType = FreelistType("hashmap")
+)
+
 // DB represents a collection of buckets persisted to a file on disk.
 // All data access is performed through transactions which can be obtained through the DB.
 // All the functions on DB will return a ErrDatabaseNotOpen if accessed before Open() is called.
@@ -70,6 +80,13 @@ type DB struct {
 	// re-sync during recovery.
 	NoFreelistSync bool
 
+	// FreelistType sets the backend freelist type. There are two options. Array which is simple but endures
+	// dramatic performance degradation if database is large and framentation in freelist is common.
+	// The alternative one is using hashmap, it is faster in almost all circumstances
+	// but it doesn't guarantee that it offers the smallest page id available. In normal case it is safe.
+	// The default type is array
+	FreelistType FreelistType
+
 	// When true, skips the truncate call when growing the database.
 	// Setting this to true is only safe on non-ext3/ext4 systems.
 	// Skipping truncation avoids preallocation of hard drive space and
@@ -104,6 +121,7 @@ type DB struct {
 	AllocSize int
 
 	path     string
+	openFile func(string, int, os.FileMode) (*os.File, error)
 	file     *os.File
 	dataref  []byte // mmap'ed readonly, write throws SEGV
 	data     *[maxMapSize]byte
@@ -169,6 +187,7 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
 	db.NoGrowSync = options.NoGrowSync
 	db.MmapFlags = options.MmapFlags
 	db.NoFreelistSync = options.NoFreelistSync
+	db.FreelistType = options.FreelistType
 
 	// Set default values for later DB operations.
 	db.MaxBatchSize = DefaultMaxBatchSize
@@ -181,13 +200,18 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
 		db.readOnly = true
 	}
 
+	db.openFile = options.OpenFile
+	if db.openFile == nil {
+		db.openFile = os.OpenFile
+	}
+
 	// Open data file and separate sync handler for metadata writes.
-	db.path = path
 	var err error
-	if db.file, err = os.OpenFile(db.path, flag|os.O_CREATE, mode); err != nil {
+	if db.file, err = db.openFile(path, flag|os.O_CREATE, mode); err != nil {
 		_ = db.close()
 		return nil, err
 	}
+	db.path = db.file.Name()
 
 	// Lock file so that other processes using Bolt in read-write mode cannot
 	// use the database  at the same time. This would cause corruption since
@@ -283,7 +307,7 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
 // concurrent accesses being made to the freelist.
 func (db *DB) loadFreelist() {
 	db.freelistLoad.Do(func() {
-		db.freelist = newFreelist()
+		db.freelist = newFreelist(db.FreelistType)
 		if !db.hasSyncedFreelist() {
 			// Reconstruct free list by scanning the DB.
 			db.freelist.readIDs(db.freepages())
@@ -291,7 +315,7 @@ func (db *DB) loadFreelist() {
 			// Read free list from freelist page.
 			db.freelist.read(db.page(db.meta().freelist))
 		}
-		db.stats.FreePageN = len(db.freelist.ids)
+		db.stats.FreePageN = db.freelist.free_count()
 	})
 }
 
@@ -1005,6 +1029,13 @@ type Options struct {
 	// under normal operation, but requires a full database re-sync during recovery.
 	NoFreelistSync bool
 
+	// FreelistType sets the backend freelist type. There are two options. Array which is simple but endures
+	// dramatic performance degradation if database is large and framentation in freelist is common.
+	// The alternative one is using hashmap, it is faster in almost all circumstances
+	// but it doesn't guarantee that it offers the smallest page id available. In normal case it is safe.
+	// The default type is array
+	FreelistType FreelistType
+
 	// Open database in read-only mode. Uses flock(..., LOCK_SH |LOCK_NB) to
 	// grab a shared lock (UNIX).
 	ReadOnly bool
@@ -1029,13 +1060,18 @@ type Options struct {
 	// set directly on the DB itself when returned from Open(), but this option
 	// is useful in APIs which expose Options but not the underlying DB.
 	NoSync bool
+
+	// OpenFile is used to open files. It defaults to os.OpenFile. This option
+	// is useful for writing hermetic tests.
+	OpenFile func(string, int, os.FileMode) (*os.File, error)
 }
 
 // DefaultOptions represent the options used if nil options are passed into Open().
 // No timeout is used which will cause Bolt to wait indefinitely for a lock.
 var DefaultOptions = &Options{
-	Timeout:    0,
-	NoGrowSync: false,
+	Timeout:      0,
+	NoGrowSync:   false,
+	FreelistType: FreelistArrayType,
 }
 
 // Stats represents statistics about the database.
diff --git a/vendor/go.etcd.io/bbolt/freelist.go b/vendor/go.etcd.io/bbolt/freelist.go
index e4bcb2dcf9590..697a46968bacf 100644
--- a/vendor/go.etcd.io/bbolt/freelist.go
+++ b/vendor/go.etcd.io/bbolt/freelist.go
@@ -14,22 +14,54 @@ type txPending struct {
 	lastReleaseBegin txid   // beginning txid of last matching releaseRange
 }
 
+// pidSet holds the set of starting pgids which have the same span size
+type pidSet map[pgid]struct{}
+
 // freelist represents a list of all pages that are available for allocation.
 // It also tracks pages that have been freed but are still in use by open transactions.
 type freelist struct {
-	ids     []pgid              // all free and available free page ids.
-	allocs  map[pgid]txid       // mapping of txid that allocated a pgid.
-	pending map[txid]*txPending // mapping of soon-to-be free page ids by tx.
-	cache   map[pgid]bool       // fast lookup of all free and pending page ids.
+	freelistType   FreelistType                // freelist type
+	ids            []pgid                      // all free and available free page ids.
+	allocs         map[pgid]txid               // mapping of txid that allocated a pgid.
+	pending        map[txid]*txPending         // mapping of soon-to-be free page ids by tx.
+	cache          map[pgid]bool               // fast lookup of all free and pending page ids.
+	freemaps       map[uint64]pidSet           // key is the size of continuous pages(span), value is a set which contains the starting pgids of same size
+	forwardMap     map[pgid]uint64             // key is start pgid, value is its span size
+	backwardMap    map[pgid]uint64             // key is end pgid, value is its span size
+	allocate       func(txid txid, n int) pgid // the freelist allocate func
+	free_count     func() int                  // the function which gives you free page number
+	mergeSpans     func(ids pgids)             // the mergeSpan func
+	getFreePageIDs func() []pgid               // get free pgids func
+	readIDs        func(pgids []pgid)          // readIDs func reads list of pages and init the freelist
 }
 
 // newFreelist returns an empty, initialized freelist.
-func newFreelist() *freelist {
-	return &freelist{
-		allocs:  make(map[pgid]txid),
-		pending: make(map[txid]*txPending),
-		cache:   make(map[pgid]bool),
+func newFreelist(freelistType FreelistType) *freelist {
+	f := &freelist{
+		freelistType: freelistType,
+		allocs:       make(map[pgid]txid),
+		pending:      make(map[txid]*txPending),
+		cache:        make(map[pgid]bool),
+		freemaps:     make(map[uint64]pidSet),
+		forwardMap:   make(map[pgid]uint64),
+		backwardMap:  make(map[pgid]uint64),
 	}
+
+	if freelistType == FreelistMapType {
+		f.allocate = f.hashmapAllocate
+		f.free_count = f.hashmapFreeCount
+		f.mergeSpans = f.hashmapMergeSpans
+		f.getFreePageIDs = f.hashmapGetFreePageIDs
+		f.readIDs = f.hashmapReadIDs
+	} else {
+		f.allocate = f.arrayAllocate
+		f.free_count = f.arrayFreeCount
+		f.mergeSpans = f.arrayMergeSpans
+		f.getFreePageIDs = f.arrayGetFreePageIDs
+		f.readIDs = f.arrayReadIDs
+	}
+
+	return f
 }
 
 // size returns the size of the page after serialization.
@@ -39,7 +71,7 @@ func (f *freelist) size() int {
 		// The first element will be used to store the count. See freelist.write.
 		n++
 	}
-	return pageHeaderSize + (int(unsafe.Sizeof(pgid(0))) * n)
+	return int(pageHeaderSize) + (int(unsafe.Sizeof(pgid(0))) * n)
 }
 
 // count returns count of pages on the freelist
@@ -47,8 +79,8 @@ func (f *freelist) count() int {
 	return f.free_count() + f.pending_count()
 }
 
-// free_count returns count of free pages
-func (f *freelist) free_count() int {
+// arrayFreeCount returns count of free pages(array version)
+func (f *freelist) arrayFreeCount() int {
 	return len(f.ids)
 }
 
@@ -61,7 +93,7 @@ func (f *freelist) pending_count() int {
 	return count
 }
 
-// copyall copies into dst a list of all free ids and all pending ids in one sorted list.
+// copyall copies a list of all free ids and all pending ids in one sorted list.
 // f.count returns the minimum length required for dst.
 func (f *freelist) copyall(dst []pgid) {
 	m := make(pgids, 0, f.pending_count())
@@ -69,12 +101,12 @@ func (f *freelist) copyall(dst []pgid) {
 		m = append(m, txp.ids...)
 	}
 	sort.Sort(m)
-	mergepgids(dst, f.ids, m)
+	mergepgids(dst, f.getFreePageIDs(), m)
 }
 
-// allocate returns the starting page id of a contiguous list of pages of a given size.
+// arrayAllocate returns the starting page id of a contiguous list of pages of a given size.
 // If a contiguous block cannot be found then 0 is returned.
-func (f *freelist) allocate(txid txid, n int) pgid {
+func (f *freelist) arrayAllocate(txid txid, n int) pgid {
 	if len(f.ids) == 0 {
 		return 0
 	}
@@ -160,8 +192,7 @@ func (f *freelist) release(txid txid) {
 			delete(f.pending, tid)
 		}
 	}
-	sort.Sort(m)
-	f.ids = pgids(f.ids).merge(m)
+	f.mergeSpans(m)
 }
 
 // releaseRange moves pending pages allocated within an extent [begin,end] to the free list.
@@ -194,8 +225,7 @@ func (f *freelist) releaseRange(begin, end txid) {
 			delete(f.pending, tid)
 		}
 	}
-	sort.Sort(m)
-	f.ids = pgids(f.ids).merge(m)
+	f.mergeSpans(m)
 }
 
 // rollback removes the pages from a given pending tx.
@@ -222,8 +252,7 @@ func (f *freelist) rollback(txid txid) {
 	}
 	// Remove pages from pending list and mark as free if allocated by txid.
 	delete(f.pending, txid)
-	sort.Sort(m)
-	f.ids = pgids(f.ids).merge(m)
+	f.mergeSpans(m)
 }
 
 // freed returns whether a given page is in the free list.
@@ -238,34 +267,44 @@ func (f *freelist) read(p *page) {
 	}
 	// If the page.count is at the max uint16 value (64k) then it's considered
 	// an overflow and the size of the freelist is stored as the first element.
-	idx, count := 0, int(p.count)
+	var idx, count = 0, int(p.count)
 	if count == 0xFFFF {
 		idx = 1
-		count = int(((*[maxAllocSize]pgid)(unsafe.Pointer(&p.ptr)))[0])
+		c := *(*pgid)(unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p)))
+		count = int(c)
+		if count < 0 {
+			panic(fmt.Sprintf("leading element count %d overflows int", c))
+		}
 	}
 
 	// Copy the list of page ids from the freelist.
 	if count == 0 {
 		f.ids = nil
 	} else {
-		ids := ((*[maxAllocSize]pgid)(unsafe.Pointer(&p.ptr)))[idx : idx+count]
-		f.ids = make([]pgid, len(ids))
-		copy(f.ids, ids)
+		var ids []pgid
+		data := unsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p), unsafe.Sizeof(ids[0]), idx)
+		unsafeSlice(unsafe.Pointer(&ids), data, count)
 
+		// copy the ids, so we don't modify on the freelist page directly
+		idsCopy := make([]pgid, count)
+		copy(idsCopy, ids)
 		// Make sure they're sorted.
-		sort.Sort(pgids(f.ids))
-	}
+		sort.Sort(pgids(idsCopy))
 
-	// Rebuild the page cache.
-	f.reindex()
+		f.readIDs(idsCopy)
+	}
 }
 
-// read initializes the freelist from a given list of ids.
-func (f *freelist) readIDs(ids []pgid) {
+// arrayReadIDs initializes the freelist from a given list of ids.
+func (f *freelist) arrayReadIDs(ids []pgid) {
 	f.ids = ids
 	f.reindex()
 }
 
+func (f *freelist) arrayGetFreePageIDs() []pgid {
+	return f.ids
+}
+
 // write writes the page ids onto a freelist page. All free and pending ids are
 // saved to disk since in the event of a program crash, all pending ids will
 // become free.
@@ -277,16 +316,22 @@ func (f *freelist) write(p *page) error {
 
 	// The page.count can only hold up to 64k elements so if we overflow that
 	// number then we handle it by putting the size in the first element.
-	lenids := f.count()
-	if lenids == 0 {
-		p.count = uint16(lenids)
-	} else if lenids < 0xFFFF {
-		p.count = uint16(lenids)
-		f.copyall(((*[maxAllocSize]pgid)(unsafe.Pointer(&p.ptr)))[:])
+	l := f.count()
+	if l == 0 {
+		p.count = uint16(l)
+	} else if l < 0xFFFF {
+		p.count = uint16(l)
+		var ids []pgid
+		data := unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
+		unsafeSlice(unsafe.Pointer(&ids), data, l)
+		f.copyall(ids)
 	} else {
 		p.count = 0xFFFF
-		((*[maxAllocSize]pgid)(unsafe.Pointer(&p.ptr)))[0] = pgid(lenids)
-		f.copyall(((*[maxAllocSize]pgid)(unsafe.Pointer(&p.ptr)))[1:])
+		var ids []pgid
+		data := unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
+		unsafeSlice(unsafe.Pointer(&ids), data, l+1)
+		ids[0] = pgid(l)
+		f.copyall(ids[1:])
 	}
 
 	return nil
@@ -307,22 +352,42 @@ func (f *freelist) reload(p *page) {
 	// Check each page in the freelist and build a new available freelist
 	// with any pages not in the pending lists.
 	var a []pgid
-	for _, id := range f.ids {
+	for _, id := range f.getFreePageIDs() {
 		if !pcache[id] {
 			a = append(a, id)
 		}
 	}
-	f.ids = a
 
-	// Once the available list is rebuilt then rebuild the free cache so that
-	// it includes the available and pending free pages.
-	f.reindex()
+	f.readIDs(a)
+}
+
+// noSyncReload reads the freelist from pgids and filters out pending items.
+func (f *freelist) noSyncReload(pgids []pgid) {
+	// Build a cache of only pending pages.
+	pcache := make(map[pgid]bool)
+	for _, txp := range f.pending {
+		for _, pendingID := range txp.ids {
+			pcache[pendingID] = true
+		}
+	}
+
+	// Check each page in the freelist and build a new available freelist
+	// with any pages not in the pending lists.
+	var a []pgid
+	for _, id := range pgids {
+		if !pcache[id] {
+			a = append(a, id)
+		}
+	}
+
+	f.readIDs(a)
 }
 
 // reindex rebuilds the free cache based on available and pending free lists.
 func (f *freelist) reindex() {
-	f.cache = make(map[pgid]bool, len(f.ids))
-	for _, id := range f.ids {
+	ids := f.getFreePageIDs()
+	f.cache = make(map[pgid]bool, len(ids))
+	for _, id := range ids {
 		f.cache[id] = true
 	}
 	for _, txp := range f.pending {
@@ -331,3 +396,9 @@ func (f *freelist) reindex() {
 		}
 	}
 }
+
+// arrayMergeSpans try to merge list of pages(represented by pgids) with existing spans but using array
+func (f *freelist) arrayMergeSpans(ids pgids) {
+	sort.Sort(ids)
+	f.ids = pgids(f.ids).merge(ids)
+}
diff --git a/vendor/go.etcd.io/bbolt/freelist_hmap.go b/vendor/go.etcd.io/bbolt/freelist_hmap.go
new file mode 100644
index 0000000000000..02ef2be044179
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/freelist_hmap.go
@@ -0,0 +1,178 @@
+package bbolt
+
+import "sort"
+
+// hashmapFreeCount returns count of free pages(hashmap version)
+func (f *freelist) hashmapFreeCount() int {
+	// use the forwardmap to get the total count
+	count := 0
+	for _, size := range f.forwardMap {
+		count += int(size)
+	}
+	return count
+}
+
+// hashmapAllocate serves the same purpose as arrayAllocate, but use hashmap as backend
+func (f *freelist) hashmapAllocate(txid txid, n int) pgid {
+	if n == 0 {
+		return 0
+	}
+
+	// if we have a exact size match just return short path
+	if bm, ok := f.freemaps[uint64(n)]; ok {
+		for pid := range bm {
+			// remove the span
+			f.delSpan(pid, uint64(n))
+
+			f.allocs[pid] = txid
+
+			for i := pgid(0); i < pgid(n); i++ {
+				delete(f.cache, pid+i)
+			}
+			return pid
+		}
+	}
+
+	// lookup the map to find larger span
+	for size, bm := range f.freemaps {
+		if size < uint64(n) {
+			continue
+		}
+
+		for pid := range bm {
+			// remove the initial
+			f.delSpan(pid, uint64(size))
+
+			f.allocs[pid] = txid
+
+			remain := size - uint64(n)
+
+			// add remain span
+			f.addSpan(pid+pgid(n), remain)
+
+			for i := pgid(0); i < pgid(n); i++ {
+				delete(f.cache, pid+pgid(i))
+			}
+			return pid
+		}
+	}
+
+	return 0
+}
+
+// hashmapReadIDs reads pgids as input an initial the freelist(hashmap version)
+func (f *freelist) hashmapReadIDs(pgids []pgid) {
+	f.init(pgids)
+
+	// Rebuild the page cache.
+	f.reindex()
+}
+
+// hashmapGetFreePageIDs returns the sorted free page ids
+func (f *freelist) hashmapGetFreePageIDs() []pgid {
+	count := f.free_count()
+	if count == 0 {
+		return nil
+	}
+
+	m := make([]pgid, 0, count)
+	for start, size := range f.forwardMap {
+		for i := 0; i < int(size); i++ {
+			m = append(m, start+pgid(i))
+		}
+	}
+	sort.Sort(pgids(m))
+
+	return m
+}
+
+// hashmapMergeSpans try to merge list of pages(represented by pgids) with existing spans
+func (f *freelist) hashmapMergeSpans(ids pgids) {
+	for _, id := range ids {
+		// try to see if we can merge and update
+		f.mergeWithExistingSpan(id)
+	}
+}
+
+// mergeWithExistingSpan merges pid to the existing free spans, try to merge it backward and forward
+func (f *freelist) mergeWithExistingSpan(pid pgid) {
+	prev := pid - 1
+	next := pid + 1
+
+	preSize, mergeWithPrev := f.backwardMap[prev]
+	nextSize, mergeWithNext := f.forwardMap[next]
+	newStart := pid
+	newSize := uint64(1)
+
+	if mergeWithPrev {
+		//merge with previous span
+		start := prev + 1 - pgid(preSize)
+		f.delSpan(start, preSize)
+
+		newStart -= pgid(preSize)
+		newSize += preSize
+	}
+
+	if mergeWithNext {
+		// merge with next span
+		f.delSpan(next, nextSize)
+		newSize += nextSize
+	}
+
+	f.addSpan(newStart, newSize)
+}
+
+func (f *freelist) addSpan(start pgid, size uint64) {
+	f.backwardMap[start-1+pgid(size)] = size
+	f.forwardMap[start] = size
+	if _, ok := f.freemaps[size]; !ok {
+		f.freemaps[size] = make(map[pgid]struct{})
+	}
+
+	f.freemaps[size][start] = struct{}{}
+}
+
+func (f *freelist) delSpan(start pgid, size uint64) {
+	delete(f.forwardMap, start)
+	delete(f.backwardMap, start+pgid(size-1))
+	delete(f.freemaps[size], start)
+	if len(f.freemaps[size]) == 0 {
+		delete(f.freemaps, size)
+	}
+}
+
+// initial from pgids using when use hashmap version
+// pgids must be sorted
+func (f *freelist) init(pgids []pgid) {
+	if len(pgids) == 0 {
+		return
+	}
+
+	size := uint64(1)
+	start := pgids[0]
+
+	if !sort.SliceIsSorted([]pgid(pgids), func(i, j int) bool { return pgids[i] < pgids[j] }) {
+		panic("pgids not sorted")
+	}
+
+	f.freemaps = make(map[uint64]pidSet)
+	f.forwardMap = make(map[pgid]uint64)
+	f.backwardMap = make(map[pgid]uint64)
+
+	for i := 1; i < len(pgids); i++ {
+		// continuous page
+		if pgids[i] == pgids[i-1]+1 {
+			size++
+		} else {
+			f.addSpan(start, size)
+
+			size = 1
+			start = pgids[i]
+		}
+	}
+
+	// init the tail
+	if size != 0 && start != 0 {
+		f.addSpan(start, size)
+	}
+}
diff --git a/vendor/go.etcd.io/bbolt/go.mod b/vendor/go.etcd.io/bbolt/go.mod
new file mode 100644
index 0000000000000..c2366daef6b89
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/go.mod
@@ -0,0 +1,5 @@
+module go.etcd.io/bbolt
+
+go 1.12
+
+require golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5
diff --git a/vendor/go.etcd.io/bbolt/node.go b/vendor/go.etcd.io/bbolt/node.go
index 6c3fa553ea68d..73988b5c4c0ac 100644
--- a/vendor/go.etcd.io/bbolt/node.go
+++ b/vendor/go.etcd.io/bbolt/node.go
@@ -41,19 +41,19 @@ func (n *node) size() int {
 	sz, elsz := pageHeaderSize, n.pageElementSize()
 	for i := 0; i < len(n.inodes); i++ {
 		item := &n.inodes[i]
-		sz += elsz + len(item.key) + len(item.value)
+		sz += elsz + uintptr(len(item.key)) + uintptr(len(item.value))
 	}
-	return sz
+	return int(sz)
 }
 
 // sizeLessThan returns true if the node is less than a given size.
 // This is an optimization to avoid calculating a large node when we only need
 // to know if it fits inside a certain page size.
-func (n *node) sizeLessThan(v int) bool {
+func (n *node) sizeLessThan(v uintptr) bool {
 	sz, elsz := pageHeaderSize, n.pageElementSize()
 	for i := 0; i < len(n.inodes); i++ {
 		item := &n.inodes[i]
-		sz += elsz + len(item.key) + len(item.value)
+		sz += elsz + uintptr(len(item.key)) + uintptr(len(item.value))
 		if sz >= v {
 			return false
 		}
@@ -62,7 +62,7 @@ func (n *node) sizeLessThan(v int) bool {
 }
 
 // pageElementSize returns the size of each page element based on the type of node.
-func (n *node) pageElementSize() int {
+func (n *node) pageElementSize() uintptr {
 	if n.isLeaf {
 		return leafPageElementSize
 	}
@@ -207,10 +207,17 @@ func (n *node) write(p *page) {
 	}
 
 	// Loop over each item and write it to the page.
-	b := (*[maxAllocSize]byte)(unsafe.Pointer(&p.ptr))[n.pageElementSize()*len(n.inodes):]
+	// off tracks the offset into p of the start of the next data.
+	off := unsafe.Sizeof(*p) + n.pageElementSize()*uintptr(len(n.inodes))
 	for i, item := range n.inodes {
 		_assert(len(item.key) > 0, "write: zero-length inode key")
 
+		// Create a slice to write into of needed size and advance
+		// byte pointer for next iteration.
+		sz := len(item.key) + len(item.value)
+		b := unsafeByteSlice(unsafe.Pointer(p), off, 0, sz)
+		off += uintptr(sz)
+
 		// Write the page element.
 		if n.isLeaf {
 			elem := p.leafPageElement(uint16(i))
@@ -226,20 +233,9 @@ func (n *node) write(p *page) {
 			_assert(elem.pgid != p.id, "write: circular dependency occurred")
 		}
 
-		// If the length of key+value is larger than the max allocation size
-		// then we need to reallocate the byte array pointer.
-		//
-		// See: https://github.com/boltdb/bolt/pull/335
-		klen, vlen := len(item.key), len(item.value)
-		if len(b) < klen+vlen {
-			b = (*[maxAllocSize]byte)(unsafe.Pointer(&b[0]))[:]
-		}
-
 		// Write data for the element to the end of the page.
-		copy(b[0:], item.key)
-		b = b[klen:]
-		copy(b[0:], item.value)
-		b = b[vlen:]
+		l := copy(b, item.key)
+		copy(b[l:], item.value)
 	}
 
 	// DEBUG ONLY: n.dump()
@@ -247,7 +243,7 @@ func (n *node) write(p *page) {
 
 // split breaks up a node into multiple smaller nodes, if appropriate.
 // This should only be called from the spill() function.
-func (n *node) split(pageSize int) []*node {
+func (n *node) split(pageSize uintptr) []*node {
 	var nodes []*node
 
 	node := n
@@ -270,7 +266,7 @@ func (n *node) split(pageSize int) []*node {
 
 // splitTwo breaks up a node into two smaller nodes, if appropriate.
 // This should only be called from the split() function.
-func (n *node) splitTwo(pageSize int) (*node, *node) {
+func (n *node) splitTwo(pageSize uintptr) (*node, *node) {
 	// Ignore the split if the page doesn't have at least enough nodes for
 	// two pages or if the nodes can fit in a single page.
 	if len(n.inodes) <= (minKeysPerPage*2) || n.sizeLessThan(pageSize) {
@@ -312,18 +308,18 @@ func (n *node) splitTwo(pageSize int) (*node, *node) {
 // splitIndex finds the position where a page will fill a given threshold.
 // It returns the index as well as the size of the first page.
 // This is only be called from split().
-func (n *node) splitIndex(threshold int) (index, sz int) {
+func (n *node) splitIndex(threshold int) (index, sz uintptr) {
 	sz = pageHeaderSize
 
 	// Loop until we only have the minimum number of keys required for the second page.
 	for i := 0; i < len(n.inodes)-minKeysPerPage; i++ {
-		index = i
+		index = uintptr(i)
 		inode := n.inodes[i]
-		elsize := n.pageElementSize() + len(inode.key) + len(inode.value)
+		elsize := n.pageElementSize() + uintptr(len(inode.key)) + uintptr(len(inode.value))
 
 		// If we have at least the minimum number of keys and adding another
 		// node would put us over the threshold then exit and return.
-		if i >= minKeysPerPage && sz+elsize > threshold {
+		if index >= minKeysPerPage && sz+elsize > uintptr(threshold) {
 			break
 		}
 
@@ -356,7 +352,7 @@ func (n *node) spill() error {
 	n.children = nil
 
 	// Split nodes into appropriate sizes. The first node will always be n.
-	var nodes = n.split(tx.db.pageSize)
+	var nodes = n.split(uintptr(tx.db.pageSize))
 	for _, node := range nodes {
 		// Add node's page to the freelist if it's not new.
 		if node.pgid > 0 {
@@ -587,9 +583,11 @@ func (n *node) dump() {
 
 type nodes []*node
 
-func (s nodes) Len() int           { return len(s) }
-func (s nodes) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
-func (s nodes) Less(i, j int) bool { return bytes.Compare(s[i].inodes[0].key, s[j].inodes[0].key) == -1 }
+func (s nodes) Len() int      { return len(s) }
+func (s nodes) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+func (s nodes) Less(i, j int) bool {
+	return bytes.Compare(s[i].inodes[0].key, s[j].inodes[0].key) == -1
+}
 
 // inode represents an internal node inside of a node.
 // It can be used to point to elements in a page or point
diff --git a/vendor/go.etcd.io/bbolt/page.go b/vendor/go.etcd.io/bbolt/page.go
index bca9615f0fd64..c9a158fb066c0 100644
--- a/vendor/go.etcd.io/bbolt/page.go
+++ b/vendor/go.etcd.io/bbolt/page.go
@@ -7,12 +7,12 @@ import (
 	"unsafe"
 )
 
-const pageHeaderSize = int(unsafe.Offsetof(((*page)(nil)).ptr))
+const pageHeaderSize = unsafe.Sizeof(page{})
 
 const minKeysPerPage = 2
 
-const branchPageElementSize = int(unsafe.Sizeof(branchPageElement{}))
-const leafPageElementSize = int(unsafe.Sizeof(leafPageElement{}))
+const branchPageElementSize = unsafe.Sizeof(branchPageElement{})
+const leafPageElementSize = unsafe.Sizeof(leafPageElement{})
 
 const (
 	branchPageFlag   = 0x01
@@ -32,7 +32,6 @@ type page struct {
 	flags    uint16
 	count    uint16
 	overflow uint32
-	ptr      uintptr
 }
 
 // typ returns a human readable page type string used for debugging.
@@ -51,13 +50,13 @@ func (p *page) typ() string {
 
 // meta returns a pointer to the metadata section of the page.
 func (p *page) meta() *meta {
-	return (*meta)(unsafe.Pointer(&p.ptr))
+	return (*meta)(unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p)))
 }
 
 // leafPageElement retrieves the leaf node by index
 func (p *page) leafPageElement(index uint16) *leafPageElement {
-	n := &((*[0x7FFFFFF]leafPageElement)(unsafe.Pointer(&p.ptr)))[index]
-	return n
+	return (*leafPageElement)(unsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p),
+		leafPageElementSize, int(index)))
 }
 
 // leafPageElements retrieves a list of leaf nodes.
@@ -65,12 +64,16 @@ func (p *page) leafPageElements() []leafPageElement {
 	if p.count == 0 {
 		return nil
 	}
-	return ((*[0x7FFFFFF]leafPageElement)(unsafe.Pointer(&p.ptr)))[:]
+	var elems []leafPageElement
+	data := unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
+	unsafeSlice(unsafe.Pointer(&elems), data, int(p.count))
+	return elems
 }
 
 // branchPageElement retrieves the branch node by index
 func (p *page) branchPageElement(index uint16) *branchPageElement {
-	return &((*[0x7FFFFFF]branchPageElement)(unsafe.Pointer(&p.ptr)))[index]
+	return (*branchPageElement)(unsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p),
+		unsafe.Sizeof(branchPageElement{}), int(index)))
 }
 
 // branchPageElements retrieves a list of branch nodes.
@@ -78,12 +81,15 @@ func (p *page) branchPageElements() []branchPageElement {
 	if p.count == 0 {
 		return nil
 	}
-	return ((*[0x7FFFFFF]branchPageElement)(unsafe.Pointer(&p.ptr)))[:]
+	var elems []branchPageElement
+	data := unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
+	unsafeSlice(unsafe.Pointer(&elems), data, int(p.count))
+	return elems
 }
 
 // dump writes n bytes of the page to STDERR as hex output.
 func (p *page) hexdump(n int) {
-	buf := (*[maxAllocSize]byte)(unsafe.Pointer(p))[:n]
+	buf := unsafeByteSlice(unsafe.Pointer(p), 0, 0, n)
 	fmt.Fprintf(os.Stderr, "%x\n", buf)
 }
 
@@ -102,8 +108,7 @@ type branchPageElement struct {
 
 // key returns a byte slice of the node key.
 func (n *branchPageElement) key() []byte {
-	buf := (*[maxAllocSize]byte)(unsafe.Pointer(n))
-	return (*[maxAllocSize]byte)(unsafe.Pointer(&buf[n.pos]))[:n.ksize]
+	return unsafeByteSlice(unsafe.Pointer(n), 0, int(n.pos), int(n.pos)+int(n.ksize))
 }
 
 // leafPageElement represents a node on a leaf page.
@@ -116,14 +121,16 @@ type leafPageElement struct {
 
 // key returns a byte slice of the node key.
 func (n *leafPageElement) key() []byte {
-	buf := (*[maxAllocSize]byte)(unsafe.Pointer(n))
-	return (*[maxAllocSize]byte)(unsafe.Pointer(&buf[n.pos]))[:n.ksize:n.ksize]
+	i := int(n.pos)
+	j := i + int(n.ksize)
+	return unsafeByteSlice(unsafe.Pointer(n), 0, i, j)
 }
 
 // value returns a byte slice of the node value.
 func (n *leafPageElement) value() []byte {
-	buf := (*[maxAllocSize]byte)(unsafe.Pointer(n))
-	return (*[maxAllocSize]byte)(unsafe.Pointer(&buf[n.pos+n.ksize]))[:n.vsize:n.vsize]
+	i := int(n.pos) + int(n.ksize)
+	j := i + int(n.vsize)
+	return unsafeByteSlice(unsafe.Pointer(n), 0, i, j)
 }
 
 // PageInfo represents human readable information about a page.
diff --git a/vendor/go.etcd.io/bbolt/tx.go b/vendor/go.etcd.io/bbolt/tx.go
index f50864142762c..4b1a64a8b8aa6 100644
--- a/vendor/go.etcd.io/bbolt/tx.go
+++ b/vendor/go.etcd.io/bbolt/tx.go
@@ -254,17 +254,36 @@ func (tx *Tx) Rollback() error {
 	if tx.db == nil {
 		return ErrTxClosed
 	}
-	tx.rollback()
+	tx.nonPhysicalRollback()
 	return nil
 }
 
+// nonPhysicalRollback is called when user calls Rollback directly, in this case we do not need to reload the free pages from disk.
+func (tx *Tx) nonPhysicalRollback() {
+	if tx.db == nil {
+		return
+	}
+	if tx.writable {
+		tx.db.freelist.rollback(tx.meta.txid)
+	}
+	tx.close()
+}
+
+// rollback needs to reload the free pages from disk in case some system error happens like fsync error.
 func (tx *Tx) rollback() {
 	if tx.db == nil {
 		return
 	}
 	if tx.writable {
 		tx.db.freelist.rollback(tx.meta.txid)
-		tx.db.freelist.reload(tx.db.page(tx.db.meta().freelist))
+		if !tx.db.hasSyncedFreelist() {
+			// Reconstruct free page list by scanning the DB to get the whole free page list.
+			// Note: scaning the whole db is heavy if your db size is large in NoSyncFreeList mode.
+			tx.db.freelist.noSyncReload(tx.db.freepages())
+		} else {
+			// Read free page list from freelist page.
+			tx.db.freelist.reload(tx.db.page(tx.db.meta().freelist))
+		}
 	}
 	tx.close()
 }
@@ -315,7 +334,7 @@ func (tx *Tx) Copy(w io.Writer) error {
 // If err == nil then exactly tx.Size() bytes will be written into the writer.
 func (tx *Tx) WriteTo(w io.Writer) (n int64, err error) {
 	// Attempt to open reader with WriteFlag
-	f, err := os.OpenFile(tx.db.path, os.O_RDONLY|tx.WriteFlag, 0)
+	f, err := tx.db.openFile(tx.db.path, os.O_RDONLY|tx.WriteFlag, 0)
 	if err != nil {
 		return 0, err
 	}
@@ -369,7 +388,7 @@ func (tx *Tx) WriteTo(w io.Writer) (n int64, err error) {
 // A reader transaction is maintained during the copy so it is safe to continue
 // using the database while a copy is in progress.
 func (tx *Tx) CopyFile(path string, mode os.FileMode) error {
-	f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode)
+	f, err := tx.db.openFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode)
 	if err != nil {
 		return err
 	}
@@ -504,20 +523,18 @@ func (tx *Tx) write() error {
 
 	// Write pages to disk in order.
 	for _, p := range pages {
-		size := (int(p.overflow) + 1) * tx.db.pageSize
+		rem := (uint64(p.overflow) + 1) * uint64(tx.db.pageSize)
 		offset := int64(p.id) * int64(tx.db.pageSize)
+		var written uintptr
 
 		// Write out page in "max allocation" sized chunks.
-		ptr := (*[maxAllocSize]byte)(unsafe.Pointer(p))
 		for {
-			// Limit our write to our max allocation size.
-			sz := size
+			sz := rem
 			if sz > maxAllocSize-1 {
 				sz = maxAllocSize - 1
 			}
+			buf := unsafeByteSlice(unsafe.Pointer(p), written, 0, int(sz))
 
-			// Write chunk to disk.
-			buf := ptr[:sz]
 			if _, err := tx.db.ops.writeAt(buf, offset); err != nil {
 				return err
 			}
@@ -526,14 +543,14 @@ func (tx *Tx) write() error {
 			tx.stats.Write++
 
 			// Exit inner for loop if we've written all the chunks.
-			size -= sz
-			if size == 0 {
+			rem -= sz
+			if rem == 0 {
 				break
 			}
 
 			// Otherwise move offset forward and move pointer to next chunk.
 			offset += int64(sz)
-			ptr = (*[maxAllocSize]byte)(unsafe.Pointer(&ptr[sz]))
+			written += uintptr(sz)
 		}
 	}
 
@@ -552,7 +569,7 @@ func (tx *Tx) write() error {
 			continue
 		}
 
-		buf := (*[maxAllocSize]byte)(unsafe.Pointer(p))[:tx.db.pageSize]
+		buf := unsafeByteSlice(unsafe.Pointer(p), 0, 0, tx.db.pageSize)
 
 		// See https://go.googlesource.com/go/+/f03c9202c43e0abb130669852082117ca50aa9b1
 		for i := range buf {
diff --git a/vendor/go.etcd.io/bbolt/unsafe.go b/vendor/go.etcd.io/bbolt/unsafe.go
new file mode 100644
index 0000000000000..c0e50375007fa
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/unsafe.go
@@ -0,0 +1,39 @@
+package bbolt
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+func unsafeAdd(base unsafe.Pointer, offset uintptr) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(base) + offset)
+}
+
+func unsafeIndex(base unsafe.Pointer, offset uintptr, elemsz uintptr, n int) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(base) + offset + uintptr(n)*elemsz)
+}
+
+func unsafeByteSlice(base unsafe.Pointer, offset uintptr, i, j int) []byte {
+	// See: https://github.com/golang/go/wiki/cgo#turning-c-arrays-into-go-slices
+	//
+	// This memory is not allocated from C, but it is unmanaged by Go's
+	// garbage collector and should behave similarly, and the compiler
+	// should produce similar code.  Note that this conversion allows a
+	// subslice to begin after the base address, with an optional offset,
+	// while the URL above does not cover this case and only slices from
+	// index 0.  However, the wiki never says that the address must be to
+	// the beginning of a C allocation (or even that malloc was used at
+	// all), so this is believed to be correct.
+	return (*[maxAllocSize]byte)(unsafeAdd(base, offset))[i:j:j]
+}
+
+// unsafeSlice modifies the data, len, and cap of a slice variable pointed to by
+// the slice parameter.  This helper should be used over other direct
+// manipulation of reflect.SliceHeader to prevent misuse, namely, converting
+// from reflect.SliceHeader to a Go slice type.
+func unsafeSlice(slice, data unsafe.Pointer, len int) {
+	s := (*reflect.SliceHeader)(slice)
+	s.Data = uintptr(data)
+	s.Cap = len
+	s.Len = len
+}
diff --git a/vendor/go.opencensus.io/README.md b/vendor/go.opencensus.io/README.md
index 6bafca50703de..1d7e837116f0e 100644
--- a/vendor/go.opencensus.io/README.md
+++ b/vendor/go.opencensus.io/README.md
@@ -7,7 +7,9 @@
 
 OpenCensus Go is a Go implementation of OpenCensus, a toolkit for
 collecting application performance and behavior monitoring data.
-Currently it consists of three major components: tags, stats, and tracing.
+Currently it consists of three major components: tags, stats and tracing.
+
+#### OpenCensus and OpenTracing have merged to form OpenTelemetry, which serves as the next major version of OpenCensus and OpenTracing. OpenTelemetry will offer backwards compatibility with existing OpenCensus integrations, and we will continue to make security patches to existing OpenCensus libraries for two years. Read more about the merger [here](https://medium.com/opentracing/a-roadmap-to-convergence-b074e5815289).
 
 ## Installation
 
@@ -22,17 +24,42 @@ The use of vendoring or a dependency management tool is recommended.
 
 OpenCensus Go libraries require Go 1.8 or later.
 
+## Getting Started
+
+The easiest way to get started using OpenCensus in your application is to use an existing
+integration with your RPC framework:
+
+* [net/http](https://godoc.org/go.opencensus.io/plugin/ochttp)
+* [gRPC](https://godoc.org/go.opencensus.io/plugin/ocgrpc)
+* [database/sql](https://godoc.org/github.com/opencensus-integrations/ocsql)
+* [Go kit](https://godoc.org/github.com/go-kit/kit/tracing/opencensus)
+* [Groupcache](https://godoc.org/github.com/orijtech/groupcache)
+* [Caddy webserver](https://godoc.org/github.com/orijtech/caddy)
+* [MongoDB](https://godoc.org/github.com/orijtech/mongo-go-driver)
+* [Redis gomodule/redigo](https://godoc.org/github.com/orijtech/redigo)
+* [Redis goredis/redis](https://godoc.org/github.com/orijtech/redis)
+* [Memcache](https://godoc.org/github.com/orijtech/gomemcache)
+
+If you're using a framework not listed here, you could either implement your own middleware for your
+framework or use [custom stats](#stats) and [spans](#spans) directly in your application.
+
 ## Exporters
 
-OpenCensus can export instrumentation data to various backends. 
-Currently, OpenCensus supports:
+OpenCensus can export instrumentation data to various backends.
+OpenCensus has exporter implementations for the following, users
+can implement their own exporters by implementing the exporter interfaces
+([stats](https://godoc.org/go.opencensus.io/stats/view#Exporter),
+[trace](https://godoc.org/go.opencensus.io/trace#Exporter)):
 
 * [Prometheus][exporter-prom] for stats
 * [OpenZipkin][exporter-zipkin] for traces
-* Stackdriver [Monitoring][exporter-stackdriver] and [Trace][exporter-stackdriver]
+* [Stackdriver][exporter-stackdriver] Monitoring for stats and Trace for traces
 * [Jaeger][exporter-jaeger] for traces
 * [AWS X-Ray][exporter-xray] for traces
-
+* [Datadog][exporter-datadog] for stats and traces
+* [Graphite][exporter-graphite] for stats
+* [Honeycomb][exporter-honeycomb] for traces
+* [New Relic][exporter-newrelic] for stats and traces
 
 ## Overview
 
@@ -43,13 +70,6 @@ multiple services until there is a response. OpenCensus allows
 you to instrument your services and collect diagnostics data all
 through your services end-to-end.
 
-Start with instrumenting HTTP and gRPC clients and servers,
-then add additional custom instrumentation if needed.
-
-* [HTTP guide](https://github.com/census-instrumentation/opencensus-go/tree/master/examples/http)
-* [gRPC guide](https://github.com/census-instrumentation/opencensus-go/tree/master/examples/grpc)
-
-
 ## Tags
 
 Tags represent propagated key-value pairs. They are propagated using `context.Context`
@@ -57,11 +77,11 @@ in the same process or can be encoded to be transmitted on the wire. Usually, th
 be handled by an integration plugin, e.g. `ocgrpc.ServerHandler` and `ocgrpc.ClientHandler`
 for gRPC.
 
-Package tag allows adding or modifying tags in the current context.
+Package `tag` allows adding or modifying tags in the current context.
 
 [embedmd]:# (internal/readme/tags.go new)
 ```go
-ctx, err = tag.New(ctx,
+ctx, err := tag.New(ctx,
 	tag.Insert(osKey, "macOS-10.12.5"),
 	tag.Upsert(userIDKey, "cde36753ed"),
 )
@@ -106,7 +126,7 @@ Currently three types of aggregations are supported:
 
 [embedmd]:# (internal/readme/stats.go aggs)
 ```go
-distAgg := view.Distribution(0, 1<<32, 2<<32, 3<<32)
+distAgg := view.Distribution(1<<32, 2<<32, 3<<32)
 countAgg := view.Count()
 sumAgg := view.Sum()
 ```
@@ -116,26 +136,79 @@ Here we create a view with the DistributionAggregation over our measure.
 [embedmd]:# (internal/readme/stats.go view)
 ```go
 if err := view.Register(&view.View{
-	Name:        "my.org/video_size_distribution",
+	Name:        "example.com/video_size_distribution",
 	Description: "distribution of processed video size over time",
 	Measure:     videoSize,
-	Aggregation: view.Distribution(0, 1<<32, 2<<32, 3<<32),
+	Aggregation: view.Distribution(1<<32, 2<<32, 3<<32),
 }); err != nil {
-	log.Fatalf("Failed to subscribe to view: %v", err)
+	log.Fatalf("Failed to register view: %v", err)
 }
 ```
 
-Subscribe begins collecting data for the view. Subscribed views' data will be
+Register begins collecting data for the view. Registered views' data will be
 exported via the registered exporters.
 
 ## Traces
 
+A distributed trace tracks the progression of a single user request as
+it is handled by the services and processes that make up an application.
+Each step is called a span in the trace. Spans include metadata about the step,
+including especially the time spent in the step, called the span’s latency.
+
+Below you see a trace and several spans underneath it.
+
+![Traces and spans](https://i.imgur.com/7hZwRVj.png)
+
+### Spans
+
+Span is the unit step in a trace. Each span has a name, latency, status and
+additional metadata.
+
+Below we are starting a span for a cache read and ending it
+when we are done:
+
 [embedmd]:# (internal/readme/trace.go startend)
 ```go
-ctx, span := trace.StartSpan(ctx, "your choice of name")
+ctx, span := trace.StartSpan(ctx, "cache.Get")
 defer span.End()
+
+// Do work to get from cache.
 ```
 
+### Propagation
+
+Spans can have parents or can be root spans if they don't have any parents.
+The current span is propagated in-process and across the network to allow associating
+new child spans with the parent.
+
+In the same process, `context.Context` is used to propagate spans.
+`trace.StartSpan` creates a new span as a root if the current context
+doesn't contain a span. Or, it creates a child of the span that is
+already in current context. The returned context can be used to keep
+propagating the newly created span in the current context.
+
+[embedmd]:# (internal/readme/trace.go startend)
+```go
+ctx, span := trace.StartSpan(ctx, "cache.Get")
+defer span.End()
+
+// Do work to get from cache.
+```
+
+Across the network, OpenCensus provides different propagation
+methods for different protocols.
+
+* gRPC integrations use the OpenCensus' [binary propagation format](https://godoc.org/go.opencensus.io/trace/propagation).
+* HTTP integrations use Zipkin's [B3](https://github.com/openzipkin/b3-propagation)
+  by default but can be configured to use a custom propagation method by setting another
+  [propagation.HTTPFormat](https://godoc.org/go.opencensus.io/trace/propagation#HTTPFormat).
+
+## Execution Tracer
+
+With Go 1.11, OpenCensus Go will support integration with the Go execution tracer.
+See [Debugging Latency in Go](https://medium.com/observability/debugging-latency-in-go-1-11-9f97a7910d68)
+for an example of their mutual use.
+
 ## Profiles
 
 OpenCensus tags can be applied as profiler labels
@@ -167,7 +240,7 @@ Before version 1.0.0, the following deprecation policy will be observed:
 
 No backwards-incompatible changes will be made except for the removal of symbols that have
 been marked as *Deprecated* for at least one minor release (e.g. 0.9.0 to 0.10.0). A release
-removing the *Deprecated* functionality will be made no sooner than 28 days after the first 
+removing the *Deprecated* functionality will be made no sooner than 28 days after the first
 release in which the functionality was marked *Deprecated*.
 
 [travis-image]: https://travis-ci.org/census-instrumentation/opencensus-go.svg?branch=master
@@ -183,8 +256,12 @@ release in which the functionality was marked *Deprecated*.
 [new-ex]: https://godoc.org/go.opencensus.io/tag#example-NewMap
 [new-replace-ex]: https://godoc.org/go.opencensus.io/tag#example-NewMap--Replace
 
-[exporter-prom]: https://godoc.org/go.opencensus.io/exporter/prometheus
+[exporter-prom]: https://godoc.org/contrib.go.opencensus.io/exporter/prometheus
 [exporter-stackdriver]: https://godoc.org/contrib.go.opencensus.io/exporter/stackdriver
-[exporter-zipkin]: https://godoc.org/go.opencensus.io/exporter/zipkin
-[exporter-jaeger]: https://godoc.org/go.opencensus.io/exporter/jaeger
-[exporter-xray]: https://github.com/census-instrumentation/opencensus-go-exporter-aws
+[exporter-zipkin]: https://godoc.org/contrib.go.opencensus.io/exporter/zipkin
+[exporter-jaeger]: https://godoc.org/contrib.go.opencensus.io/exporter/jaeger
+[exporter-xray]: https://github.com/census-ecosystem/opencensus-go-exporter-aws
+[exporter-datadog]: https://github.com/DataDog/opencensus-go-exporter-datadog
+[exporter-graphite]: https://github.com/census-ecosystem/opencensus-go-exporter-graphite
+[exporter-honeycomb]: https://github.com/honeycombio/opencensus-exporter
+[exporter-newrelic]: https://github.com/newrelic/newrelic-opencensus-exporter-go
diff --git a/vendor/go.opencensus.io/exporter/stackdriver/propagation/http.go b/vendor/go.opencensus.io/exporter/stackdriver/propagation/http.go
deleted file mode 100644
index 7cc02a1104b16..0000000000000
--- a/vendor/go.opencensus.io/exporter/stackdriver/propagation/http.go
+++ /dev/null
@@ -1,94 +0,0 @@
-// Copyright 2018, OpenCensus Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package propagation implement X-Cloud-Trace-Context header propagation used
-// by Google Cloud products.
-package propagation // import "go.opencensus.io/exporter/stackdriver/propagation"
-
-import (
-	"encoding/binary"
-	"encoding/hex"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"go.opencensus.io/trace"
-	"go.opencensus.io/trace/propagation"
-)
-
-const (
-	httpHeaderMaxSize = 200
-	httpHeader        = `X-Cloud-Trace-Context`
-)
-
-var _ propagation.HTTPFormat = (*HTTPFormat)(nil)
-
-// HTTPFormat implements propagation.HTTPFormat to propagate
-// traces in HTTP headers for Google Cloud Platform and Stackdriver Trace.
-type HTTPFormat struct{}
-
-// SpanContextFromRequest extracts a Stackdriver Trace span context from incoming requests.
-func (f *HTTPFormat) SpanContextFromRequest(req *http.Request) (sc trace.SpanContext, ok bool) {
-	h := req.Header.Get(httpHeader)
-	// See https://cloud.google.com/trace/docs/faq for the header HTTPFormat.
-	// Return if the header is empty or missing, or if the header is unreasonably
-	// large, to avoid making unnecessary copies of a large string.
-	if h == "" || len(h) > httpHeaderMaxSize {
-		return trace.SpanContext{}, false
-	}
-
-	// Parse the trace id field.
-	slash := strings.Index(h, `/`)
-	if slash == -1 {
-		return trace.SpanContext{}, false
-	}
-	tid, h := h[:slash], h[slash+1:]
-
-	buf, err := hex.DecodeString(tid)
-	if err != nil {
-		return trace.SpanContext{}, false
-	}
-	copy(sc.TraceID[:], buf)
-
-	// Parse the span id field.
-	spanstr := h
-	semicolon := strings.Index(h, `;`)
-	if semicolon != -1 {
-		spanstr, h = h[:semicolon], h[semicolon+1:]
-	}
-	sid, err := strconv.ParseUint(spanstr, 10, 64)
-	if err != nil {
-		return trace.SpanContext{}, false
-	}
-	binary.BigEndian.PutUint64(sc.SpanID[:], sid)
-
-	// Parse the options field, options field is optional.
-	if !strings.HasPrefix(h, "o=") {
-		return sc, true
-	}
-	o, err := strconv.ParseUint(h[2:], 10, 64)
-	if err != nil {
-		return trace.SpanContext{}, false
-	}
-	sc.TraceOptions = trace.TraceOptions(o)
-	return sc, true
-}
-
-// SpanContextToRequest modifies the given request to include a Stackdriver Trace header.
-func (f *HTTPFormat) SpanContextToRequest(sc trace.SpanContext, req *http.Request) {
-	sid := binary.BigEndian.Uint64(sc.SpanID[:])
-	header := fmt.Sprintf("%s/%d;o=%d", hex.EncodeToString(sc.TraceID[:]), sid, int64(sc.TraceOptions))
-	req.Header.Set(httpHeader, header)
-}
diff --git a/vendor/go.opencensus.io/go.mod b/vendor/go.opencensus.io/go.mod
new file mode 100644
index 0000000000000..c867df5f5c463
--- /dev/null
+++ b/vendor/go.opencensus.io/go.mod
@@ -0,0 +1,15 @@
+module go.opencensus.io
+
+require (
+	github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6
+	github.com/golang/protobuf v1.3.1
+	github.com/google/go-cmp v0.3.0
+	github.com/stretchr/testify v1.4.0
+	golang.org/x/net v0.0.0-20190620200207-3b0461eec859
+	golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd // indirect
+	golang.org/x/text v0.3.2 // indirect
+	google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb // indirect
+	google.golang.org/grpc v1.20.1
+)
+
+go 1.13
diff --git a/vendor/go.opencensus.io/internal/internal.go b/vendor/go.opencensus.io/internal/internal.go
index 97abf756c241c..81dc7183ec39f 100644
--- a/vendor/go.opencensus.io/internal/internal.go
+++ b/vendor/go.opencensus.io/internal/internal.go
@@ -14,11 +14,16 @@
 
 package internal // import "go.opencensus.io/internal"
 
-import "time"
+import (
+	"fmt"
+	"time"
+
+	opencensus "go.opencensus.io"
+)
 
 // UserAgent is the user agent to be added to the outgoing
 // requests from the exporters.
-const UserAgent = "opencensus-go [0.11.0]"
+var UserAgent = fmt.Sprintf("opencensus-go/%s", opencensus.Version())
 
 // MonotonicEndTime returns the end time at present
 // but offset from start, monotonically.
@@ -28,5 +33,5 @@ const UserAgent = "opencensus-go [0.11.0]"
 // end as a monotonic time.
 // See https://golang.org/pkg/time/#hdr-Monotonic_Clocks
 func MonotonicEndTime(start time.Time) time.Time {
-	return start.Add(time.Now().Sub(start))
+	return start.Add(time.Since(start))
 }
diff --git a/vendor/go.opencensus.io/internal/tagencoding/tagencoding.go b/vendor/go.opencensus.io/internal/tagencoding/tagencoding.go
index 3b1af8b4b8b2a..41b2c3fc0387a 100644
--- a/vendor/go.opencensus.io/internal/tagencoding/tagencoding.go
+++ b/vendor/go.opencensus.io/internal/tagencoding/tagencoding.go
@@ -17,6 +17,7 @@
 // used interally by the stats collector.
 package tagencoding // import "go.opencensus.io/internal/tagencoding"
 
+// Values represent the encoded buffer for the values.
 type Values struct {
 	Buffer     []byte
 	WriteIndex int
@@ -31,6 +32,7 @@ func (vb *Values) growIfRequired(expected int) {
 	}
 }
 
+// WriteValue is the helper method to encode Values from map[Key][]byte.
 func (vb *Values) WriteValue(v []byte) {
 	length := len(v) & 0xff
 	vb.growIfRequired(1 + length)
@@ -49,7 +51,7 @@ func (vb *Values) WriteValue(v []byte) {
 	vb.WriteIndex += length
 }
 
-// ReadValue is the helper method to read the values when decoding valuesBytes to a map[Key][]byte.
+// ReadValue is the helper method to decode Values to a map[Key][]byte.
 func (vb *Values) ReadValue() []byte {
 	// read length of v
 	length := int(vb.Buffer[vb.ReadIndex])
@@ -67,6 +69,7 @@ func (vb *Values) ReadValue() []byte {
 	return v
 }
 
+// Bytes returns a reference to already written bytes in the Buffer.
 func (vb *Values) Bytes() []byte {
 	return vb.Buffer[:vb.WriteIndex]
 }
diff --git a/vendor/go.opencensus.io/internal/traceinternals.go b/vendor/go.opencensus.io/internal/traceinternals.go
index 553ca68dc4b49..073af7b473a63 100644
--- a/vendor/go.opencensus.io/internal/traceinternals.go
+++ b/vendor/go.opencensus.io/internal/traceinternals.go
@@ -22,6 +22,7 @@ import (
 // TODO(#412): remove this
 var Trace interface{}
 
+// LocalSpanStoreEnabled true if the local span store is enabled.
 var LocalSpanStoreEnabled bool
 
 // BucketConfiguration stores the number of samples to store for span buckets
diff --git a/vendor/go.opencensus.io/metric/metricdata/doc.go b/vendor/go.opencensus.io/metric/metricdata/doc.go
new file mode 100644
index 0000000000000..52a7b3bf8509d
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricdata/doc.go
@@ -0,0 +1,19 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package metricdata contains the metrics data model.
+//
+// This is an EXPERIMENTAL package, and may change in arbitrary ways without
+// notice.
+package metricdata // import "go.opencensus.io/metric/metricdata"
diff --git a/vendor/go.opencensus.io/metric/metricdata/exemplar.go b/vendor/go.opencensus.io/metric/metricdata/exemplar.go
new file mode 100644
index 0000000000000..12695ce2dc741
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricdata/exemplar.go
@@ -0,0 +1,38 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metricdata
+
+import (
+	"time"
+)
+
+// Exemplars keys.
+const (
+	AttachmentKeySpanContext = "SpanContext"
+)
+
+// Exemplar is an example data point associated with each bucket of a
+// distribution type aggregation.
+//
+// Their purpose is to provide an example of the kind of thing
+// (request, RPC, trace span, etc.) that resulted in that measurement.
+type Exemplar struct {
+	Value       float64     // the value that was recorded
+	Timestamp   time.Time   // the time the value was recorded
+	Attachments Attachments // attachments (if any)
+}
+
+// Attachments is a map of extra values associated with a recorded data point.
+type Attachments map[string]interface{}
diff --git a/vendor/go.opencensus.io/metric/metricdata/label.go b/vendor/go.opencensus.io/metric/metricdata/label.go
new file mode 100644
index 0000000000000..aadae41e6a218
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricdata/label.go
@@ -0,0 +1,35 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metricdata
+
+// LabelKey represents key of a label. It has optional
+// description attribute.
+type LabelKey struct {
+	Key         string
+	Description string
+}
+
+// LabelValue represents the value of a label.
+// The zero value represents a missing label value, which may be treated
+// differently to an empty string value by some back ends.
+type LabelValue struct {
+	Value   string // string value of the label
+	Present bool   // flag that indicated whether a value is present or not
+}
+
+// NewLabelValue creates a new non-nil LabelValue that represents the given string.
+func NewLabelValue(val string) LabelValue {
+	return LabelValue{Value: val, Present: true}
+}
diff --git a/vendor/go.opencensus.io/metric/metricdata/metric.go b/vendor/go.opencensus.io/metric/metricdata/metric.go
new file mode 100644
index 0000000000000..8293712c77f00
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricdata/metric.go
@@ -0,0 +1,46 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metricdata
+
+import (
+	"time"
+
+	"go.opencensus.io/resource"
+)
+
+// Descriptor holds metadata about a metric.
+type Descriptor struct {
+	Name        string     // full name of the metric
+	Description string     // human-readable description
+	Unit        Unit       // units for the measure
+	Type        Type       // type of measure
+	LabelKeys   []LabelKey // label keys
+}
+
+// Metric represents a quantity measured against a resource with different
+// label value combinations.
+type Metric struct {
+	Descriptor Descriptor         // metric descriptor
+	Resource   *resource.Resource // resource against which this was measured
+	TimeSeries []*TimeSeries      // one time series for each combination of label values
+}
+
+// TimeSeries is a sequence of points associated with a combination of label
+// values.
+type TimeSeries struct {
+	LabelValues []LabelValue // label values, same order as keys in the metric descriptor
+	Points      []Point      // points sequence
+	StartTime   time.Time    // time we started recording this time series
+}
diff --git a/vendor/go.opencensus.io/metric/metricdata/point.go b/vendor/go.opencensus.io/metric/metricdata/point.go
new file mode 100644
index 0000000000000..7fe057b19cf7b
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricdata/point.go
@@ -0,0 +1,193 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metricdata
+
+import (
+	"time"
+)
+
+// Point is a single data point of a time series.
+type Point struct {
+	// Time is the point in time that this point represents in a time series.
+	Time time.Time
+	// Value is the value of this point. Prefer using ReadValue to switching on
+	// the value type, since new value types might be added.
+	Value interface{}
+}
+
+//go:generate stringer -type ValueType
+
+// NewFloat64Point creates a new Point holding a float64 value.
+func NewFloat64Point(t time.Time, val float64) Point {
+	return Point{
+		Value: val,
+		Time:  t,
+	}
+}
+
+// NewInt64Point creates a new Point holding an int64 value.
+func NewInt64Point(t time.Time, val int64) Point {
+	return Point{
+		Value: val,
+		Time:  t,
+	}
+}
+
+// NewDistributionPoint creates a new Point holding a Distribution value.
+func NewDistributionPoint(t time.Time, val *Distribution) Point {
+	return Point{
+		Value: val,
+		Time:  t,
+	}
+}
+
+// NewSummaryPoint creates a new Point holding a Summary value.
+func NewSummaryPoint(t time.Time, val *Summary) Point {
+	return Point{
+		Value: val,
+		Time:  t,
+	}
+}
+
+// ValueVisitor allows reading the value of a point.
+type ValueVisitor interface {
+	VisitFloat64Value(float64)
+	VisitInt64Value(int64)
+	VisitDistributionValue(*Distribution)
+	VisitSummaryValue(*Summary)
+}
+
+// ReadValue accepts a ValueVisitor and calls the appropriate method with the
+// value of this point.
+// Consumers of Point should use this in preference to switching on the type
+// of the value directly, since new value types may be added.
+func (p Point) ReadValue(vv ValueVisitor) {
+	switch v := p.Value.(type) {
+	case int64:
+		vv.VisitInt64Value(v)
+	case float64:
+		vv.VisitFloat64Value(v)
+	case *Distribution:
+		vv.VisitDistributionValue(v)
+	case *Summary:
+		vv.VisitSummaryValue(v)
+	default:
+		panic("unexpected value type")
+	}
+}
+
+// Distribution contains summary statistics for a population of values. It
+// optionally contains a histogram representing the distribution of those
+// values across a set of buckets.
+type Distribution struct {
+	// Count is the number of values in the population. Must be non-negative. This value
+	// must equal the sum of the values in bucket_counts if a histogram is
+	// provided.
+	Count int64
+	// Sum is the sum of the values in the population. If count is zero then this field
+	// must be zero.
+	Sum float64
+	// SumOfSquaredDeviation is the sum of squared deviations from the mean of the values in the
+	// population. For values x_i this is:
+	//
+	//     Sum[i=1..n]((x_i - mean)^2)
+	//
+	// Knuth, "The Art of Computer Programming", Vol. 2, page 323, 3rd edition
+	// describes Welford's method for accumulating this sum in one pass.
+	//
+	// If count is zero then this field must be zero.
+	SumOfSquaredDeviation float64
+	// BucketOptions describes the bounds of the histogram buckets in this
+	// distribution.
+	//
+	// A Distribution may optionally contain a histogram of the values in the
+	// population.
+	//
+	// If nil, there is no associated histogram.
+	BucketOptions *BucketOptions
+	// Bucket If the distribution does not have a histogram, then omit this field.
+	// If there is a histogram, then the sum of the values in the Bucket counts
+	// must equal the value in the count field of the distribution.
+	Buckets []Bucket
+}
+
+// BucketOptions describes the bounds of the histogram buckets in this
+// distribution.
+type BucketOptions struct {
+	// Bounds specifies a set of bucket upper bounds.
+	// This defines len(bounds) + 1 (= N) buckets. The boundaries for bucket
+	// index i are:
+	//
+	// [0, Bounds[i]) for i == 0
+	// [Bounds[i-1], Bounds[i]) for 0 < i < N-1
+	// [Bounds[i-1], +infinity) for i == N-1
+	Bounds []float64
+}
+
+// Bucket represents a single bucket (value range) in a distribution.
+type Bucket struct {
+	// Count is the number of values in each bucket of the histogram, as described in
+	// bucket_bounds.
+	Count int64
+	// Exemplar associated with this bucket (if any).
+	Exemplar *Exemplar
+}
+
+// Summary is a representation of percentiles.
+type Summary struct {
+	// Count is the cumulative count (if available).
+	Count int64
+	// Sum is the cumulative sum of values  (if available).
+	Sum float64
+	// HasCountAndSum is true if Count and Sum are available.
+	HasCountAndSum bool
+	// Snapshot represents percentiles calculated over an arbitrary time window.
+	// The values in this struct can be reset at arbitrary unknown times, with
+	// the requirement that all of them are reset at the same time.
+	Snapshot Snapshot
+}
+
+// Snapshot represents percentiles over an arbitrary time.
+// The values in this struct can be reset at arbitrary unknown times, with
+// the requirement that all of them are reset at the same time.
+type Snapshot struct {
+	// Count is the number of values in the snapshot. Optional since some systems don't
+	// expose this. Set to 0 if not available.
+	Count int64
+	// Sum is the sum of values in the snapshot. Optional since some systems don't
+	// expose this. If count is 0 then this field must be zero.
+	Sum float64
+	// Percentiles is a map from percentile (range (0-100.0]) to the value of
+	// the percentile.
+	Percentiles map[float64]float64
+}
+
+//go:generate stringer -type Type
+
+// Type is the overall type of metric, including its value type and whether it
+// represents a cumulative total (since the start time) or if it represents a
+// gauge value.
+type Type int
+
+// Metric types.
+const (
+	TypeGaugeInt64 Type = iota
+	TypeGaugeFloat64
+	TypeGaugeDistribution
+	TypeCumulativeInt64
+	TypeCumulativeFloat64
+	TypeCumulativeDistribution
+	TypeSummary
+)
diff --git a/vendor/go.opencensus.io/metric/metricdata/type_string.go b/vendor/go.opencensus.io/metric/metricdata/type_string.go
new file mode 100644
index 0000000000000..c3f8ec27b53c8
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricdata/type_string.go
@@ -0,0 +1,16 @@
+// Code generated by "stringer -type Type"; DO NOT EDIT.
+
+package metricdata
+
+import "strconv"
+
+const _Type_name = "TypeGaugeInt64TypeGaugeFloat64TypeGaugeDistributionTypeCumulativeInt64TypeCumulativeFloat64TypeCumulativeDistributionTypeSummary"
+
+var _Type_index = [...]uint8{0, 14, 30, 51, 70, 91, 117, 128}
+
+func (i Type) String() string {
+	if i < 0 || i >= Type(len(_Type_index)-1) {
+		return "Type(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _Type_name[_Type_index[i]:_Type_index[i+1]]
+}
diff --git a/vendor/go.opencensus.io/metric/metricdata/unit.go b/vendor/go.opencensus.io/metric/metricdata/unit.go
new file mode 100644
index 0000000000000..b483a1371b09f
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricdata/unit.go
@@ -0,0 +1,27 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metricdata
+
+// Unit is a string encoded according to the case-sensitive abbreviations from the
+// Unified Code for Units of Measure: http://unitsofmeasure.org/ucum.html
+type Unit string
+
+// Predefined units. To record against a unit not represented here, create your
+// own Unit type constant from a string.
+const (
+	UnitDimensionless Unit = "1"
+	UnitBytes         Unit = "By"
+	UnitMilliseconds  Unit = "ms"
+)
diff --git a/vendor/go.opencensus.io/metric/metricproducer/manager.go b/vendor/go.opencensus.io/metric/metricproducer/manager.go
new file mode 100644
index 0000000000000..ca1f390493857
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricproducer/manager.go
@@ -0,0 +1,78 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metricproducer
+
+import (
+	"sync"
+)
+
+// Manager maintains a list of active producers. Producers can register
+// with the manager to allow readers to read all metrics provided by them.
+// Readers can retrieve all producers registered with the manager,
+// read metrics from the producers and export them.
+type Manager struct {
+	mu        sync.RWMutex
+	producers map[Producer]struct{}
+}
+
+var prodMgr *Manager
+var once sync.Once
+
+// GlobalManager is a single instance of producer manager
+// that is used by all producers and all readers.
+func GlobalManager() *Manager {
+	once.Do(func() {
+		prodMgr = &Manager{}
+		prodMgr.producers = make(map[Producer]struct{})
+	})
+	return prodMgr
+}
+
+// AddProducer adds the producer to the Manager if it is not already present.
+func (pm *Manager) AddProducer(producer Producer) {
+	if producer == nil {
+		return
+	}
+	pm.mu.Lock()
+	defer pm.mu.Unlock()
+	pm.producers[producer] = struct{}{}
+}
+
+// DeleteProducer deletes the producer from the Manager if it is present.
+func (pm *Manager) DeleteProducer(producer Producer) {
+	if producer == nil {
+		return
+	}
+	pm.mu.Lock()
+	defer pm.mu.Unlock()
+	delete(pm.producers, producer)
+}
+
+// GetAll returns a slice of all producer currently registered with
+// the Manager. For each call it generates a new slice. The slice
+// should not be cached as registration may change at any time. It is
+// typically called periodically by exporter to read metrics from
+// the producers.
+func (pm *Manager) GetAll() []Producer {
+	pm.mu.Lock()
+	defer pm.mu.Unlock()
+	producers := make([]Producer, len(pm.producers))
+	i := 0
+	for producer := range pm.producers {
+		producers[i] = producer
+		i++
+	}
+	return producers
+}
diff --git a/vendor/go.opencensus.io/metric/metricproducer/producer.go b/vendor/go.opencensus.io/metric/metricproducer/producer.go
new file mode 100644
index 0000000000000..6cee9ed178335
--- /dev/null
+++ b/vendor/go.opencensus.io/metric/metricproducer/producer.go
@@ -0,0 +1,28 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metricproducer
+
+import (
+	"go.opencensus.io/metric/metricdata"
+)
+
+// Producer is a source of metrics.
+type Producer interface {
+	// Read should return the current values of all metrics supported by this
+	// metric provider.
+	// The returned metrics should be unique for each combination of name and
+	// resource.
+	Read() []*metricdata.Metric
+}
diff --git a/vendor/go.opencensus.io/opencensus.go b/vendor/go.opencensus.io/opencensus.go
new file mode 100644
index 0000000000000..e5e4b4368c1a3
--- /dev/null
+++ b/vendor/go.opencensus.io/opencensus.go
@@ -0,0 +1,21 @@
+// Copyright 2017, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package opencensus contains Go support for OpenCensus.
+package opencensus // import "go.opencensus.io"
+
+// Version is the current release version of OpenCensus in use.
+func Version() string {
+	return "0.23.0"
+}
diff --git a/vendor/go.opencensus.io/plugin/ocgrpc/client.go b/vendor/go.opencensus.io/plugin/ocgrpc/client.go
index 37d238f149910..28fddb84407ec 100644
--- a/vendor/go.opencensus.io/plugin/ocgrpc/client.go
+++ b/vendor/go.opencensus.io/plugin/ocgrpc/client.go
@@ -15,8 +15,8 @@
 package ocgrpc
 
 import (
+	"context"
 	"go.opencensus.io/trace"
-	"golang.org/x/net/context"
 
 	"google.golang.org/grpc/stats"
 )
@@ -31,6 +31,7 @@ type ClientHandler struct {
 	StartOptions trace.StartOptions
 }
 
+// HandleConn exists to satisfy gRPC stats.Handler.
 func (c *ClientHandler) HandleConn(ctx context.Context, cs stats.ConnStats) {
 	// no-op
 }
diff --git a/vendor/go.opencensus.io/plugin/ocgrpc/client_metrics.go b/vendor/go.opencensus.io/plugin/ocgrpc/client_metrics.go
index b8efacfb3fdef..abe978b67b83b 100644
--- a/vendor/go.opencensus.io/plugin/ocgrpc/client_metrics.go
+++ b/vendor/go.opencensus.io/plugin/ocgrpc/client_metrics.go
@@ -31,9 +31,9 @@ var (
 	ClientServerLatency          = stats.Float64("grpc.io/client/server_latency", `Propagated from the server and should have the same value as "grpc.io/server/latency".`, stats.UnitMilliseconds)
 )
 
-// Predefined views may be subscribed to collect data for the above measures.
+// Predefined views may be registered to collect data for the above measures.
 // As always, you may also define your own custom views over measures collected by this
-// package. These are declared as a convenience only; none are subscribed by
+// package. These are declared as a convenience only; none are registered by
 // default.
 var (
 	ClientSentBytesPerRPCView = &view.View{
@@ -91,15 +91,6 @@ var (
 		TagKeys:     []tag.Key{KeyClientMethod},
 		Aggregation: DefaultMillisecondsDistribution,
 	}
-
-	// Deprecated: This view is going to be removed, if you need it please define it
-	// yourself.
-	ClientRequestCountView = &view.View{
-		Name:        "Count of request messages per client RPC",
-		TagKeys:     []tag.Key{KeyClientMethod},
-		Measure:     ClientRoundtripLatency,
-		Aggregation: view.Count(),
-	}
 )
 
 // DefaultClientViews are the default client views provided by this package.
diff --git a/vendor/go.opencensus.io/plugin/ocgrpc/client_stats_handler.go b/vendor/go.opencensus.io/plugin/ocgrpc/client_stats_handler.go
index 303c607f632f6..b36349820d935 100644
--- a/vendor/go.opencensus.io/plugin/ocgrpc/client_stats_handler.go
+++ b/vendor/go.opencensus.io/plugin/ocgrpc/client_stats_handler.go
@@ -16,10 +16,10 @@
 package ocgrpc
 
 import (
+	"context"
 	"time"
 
 	"go.opencensus.io/tag"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/stats"
 )
@@ -30,7 +30,7 @@ func (h *ClientHandler) statsTagRPC(ctx context.Context, info *stats.RPCTagInfo)
 	startTime := time.Now()
 	if info == nil {
 		if grpclog.V(2) {
-			grpclog.Infof("clientHandler.TagRPC called with nil info.", info.FullMethodName)
+			grpclog.Info("clientHandler.TagRPC called with nil info.")
 		}
 		return ctx
 	}
diff --git a/vendor/go.opencensus.io/plugin/ocgrpc/server.go b/vendor/go.opencensus.io/plugin/ocgrpc/server.go
index b67b3e2be2a2f..15ada839d6f16 100644
--- a/vendor/go.opencensus.io/plugin/ocgrpc/server.go
+++ b/vendor/go.opencensus.io/plugin/ocgrpc/server.go
@@ -15,8 +15,8 @@
 package ocgrpc
 
 import (
+	"context"
 	"go.opencensus.io/trace"
-	"golang.org/x/net/context"
 
 	"google.golang.org/grpc/stats"
 )
diff --git a/vendor/go.opencensus.io/plugin/ocgrpc/server_metrics.go b/vendor/go.opencensus.io/plugin/ocgrpc/server_metrics.go
index 02323f8712e85..609d9ed248baa 100644
--- a/vendor/go.opencensus.io/plugin/ocgrpc/server_metrics.go
+++ b/vendor/go.opencensus.io/plugin/ocgrpc/server_metrics.go
@@ -34,9 +34,9 @@ var (
 // mechanism to load these defaults from a common repository/config shared by
 // all supported languages. Likely a serialized protobuf of these defaults.
 
-// Predefined views may be subscribed to collect data for the above measures.
+// Predefined views may be registered to collect data for the above measures.
 // As always, you may also define your own custom views over measures collected by this
-// package. These are declared as a convenience only; none are subscribed by
+// package. These are declared as a convenience only; none are registered by
 // default.
 var (
 	ServerReceivedBytesPerRPCView = &view.View{
diff --git a/vendor/go.opencensus.io/plugin/ocgrpc/server_stats_handler.go b/vendor/go.opencensus.io/plugin/ocgrpc/server_stats_handler.go
index 7847c1a912e1c..afcef023afb71 100644
--- a/vendor/go.opencensus.io/plugin/ocgrpc/server_stats_handler.go
+++ b/vendor/go.opencensus.io/plugin/ocgrpc/server_stats_handler.go
@@ -18,7 +18,7 @@ package ocgrpc
 import (
 	"time"
 
-	"golang.org/x/net/context"
+	"context"
 
 	"go.opencensus.io/tag"
 	"google.golang.org/grpc/grpclog"
diff --git a/vendor/go.opencensus.io/plugin/ocgrpc/stats_common.go b/vendor/go.opencensus.io/plugin/ocgrpc/stats_common.go
index acb626e126c44..89cac9c4ec0bb 100644
--- a/vendor/go.opencensus.io/plugin/ocgrpc/stats_common.go
+++ b/vendor/go.opencensus.io/plugin/ocgrpc/stats_common.go
@@ -22,9 +22,11 @@ import (
 	"sync/atomic"
 	"time"
 
+	"go.opencensus.io/metric/metricdata"
 	ocstats "go.opencensus.io/stats"
 	"go.opencensus.io/stats/view"
 	"go.opencensus.io/tag"
+	"go.opencensus.io/trace"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/stats"
@@ -51,16 +53,22 @@ type rpcData struct {
 // The following variables define the default hard-coded auxiliary data used by
 // both the default GRPC client and GRPC server metrics.
 var (
-	DefaultBytesDistribution        = view.Distribution(0, 1024, 2048, 4096, 16384, 65536, 262144, 1048576, 4194304, 16777216, 67108864, 268435456, 1073741824, 4294967296)
-	DefaultMillisecondsDistribution = view.Distribution(0, 0.01, 0.05, 0.1, 0.3, 0.6, 0.8, 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1000, 2000, 5000, 10000, 20000, 50000, 100000)
-	DefaultMessageCountDistribution = view.Distribution(0, 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536)
+	DefaultBytesDistribution        = view.Distribution(1024, 2048, 4096, 16384, 65536, 262144, 1048576, 4194304, 16777216, 67108864, 268435456, 1073741824, 4294967296)
+	DefaultMillisecondsDistribution = view.Distribution(0.01, 0.05, 0.1, 0.3, 0.6, 0.8, 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1000, 2000, 5000, 10000, 20000, 50000, 100000)
+	DefaultMessageCountDistribution = view.Distribution(1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536)
 )
 
+// Server tags are applied to the context used to process each RPC, as well as
+// the measures at the end of each RPC.
 var (
-	KeyServerMethod, _ = tag.NewKey("grpc_server_method")
-	KeyClientMethod, _ = tag.NewKey("grpc_client_method")
-	KeyServerStatus, _ = tag.NewKey("grpc_server_status")
-	KeyClientStatus, _ = tag.NewKey("grpc_client_status")
+	KeyServerMethod = tag.MustNewKey("grpc_server_method")
+	KeyServerStatus = tag.MustNewKey("grpc_server_status")
+)
+
+// Client tags are applied to measures at the end of each RPC.
+var (
+	KeyClientMethod = tag.MustNewKey("grpc_client_method")
+	KeyClientStatus = tag.MustNewKey("grpc_client_status")
 )
 
 var (
@@ -135,24 +143,31 @@ func handleRPCEnd(ctx context.Context, s *stats.End) {
 	}
 
 	latencyMillis := float64(elapsedTime) / float64(time.Millisecond)
+	attachments := getSpanCtxAttachment(ctx)
 	if s.Client {
-		ctx, _ = tag.New(ctx,
-			tag.Upsert(KeyClientMethod, methodName(d.method)),
-			tag.Upsert(KeyClientStatus, st))
-		ocstats.Record(ctx,
-			ClientSentBytesPerRPC.M(atomic.LoadInt64(&d.sentBytes)),
-			ClientSentMessagesPerRPC.M(atomic.LoadInt64(&d.sentCount)),
-			ClientReceivedMessagesPerRPC.M(atomic.LoadInt64(&d.recvCount)),
-			ClientReceivedBytesPerRPC.M(atomic.LoadInt64(&d.recvBytes)),
-			ClientRoundtripLatency.M(latencyMillis))
+		ocstats.RecordWithOptions(ctx,
+			ocstats.WithTags(
+				tag.Upsert(KeyClientMethod, methodName(d.method)),
+				tag.Upsert(KeyClientStatus, st)),
+			ocstats.WithAttachments(attachments),
+			ocstats.WithMeasurements(
+				ClientSentBytesPerRPC.M(atomic.LoadInt64(&d.sentBytes)),
+				ClientSentMessagesPerRPC.M(atomic.LoadInt64(&d.sentCount)),
+				ClientReceivedMessagesPerRPC.M(atomic.LoadInt64(&d.recvCount)),
+				ClientReceivedBytesPerRPC.M(atomic.LoadInt64(&d.recvBytes)),
+				ClientRoundtripLatency.M(latencyMillis)))
 	} else {
-		ctx, _ = tag.New(ctx, tag.Upsert(KeyServerStatus, st))
-		ocstats.Record(ctx,
-			ServerSentBytesPerRPC.M(atomic.LoadInt64(&d.sentBytes)),
-			ServerSentMessagesPerRPC.M(atomic.LoadInt64(&d.sentCount)),
-			ServerReceivedMessagesPerRPC.M(atomic.LoadInt64(&d.recvCount)),
-			ServerReceivedBytesPerRPC.M(atomic.LoadInt64(&d.recvBytes)),
-			ServerLatency.M(latencyMillis))
+		ocstats.RecordWithOptions(ctx,
+			ocstats.WithTags(
+				tag.Upsert(KeyServerStatus, st),
+			),
+			ocstats.WithAttachments(attachments),
+			ocstats.WithMeasurements(
+				ServerSentBytesPerRPC.M(atomic.LoadInt64(&d.sentBytes)),
+				ServerSentMessagesPerRPC.M(atomic.LoadInt64(&d.sentCount)),
+				ServerReceivedMessagesPerRPC.M(atomic.LoadInt64(&d.recvCount)),
+				ServerReceivedBytesPerRPC.M(atomic.LoadInt64(&d.recvBytes)),
+				ServerLatency.M(latencyMillis)))
 	}
 }
 
@@ -197,3 +212,16 @@ func statusCodeToString(s *status.Status) string {
 		return "CODE_" + strconv.FormatInt(int64(c), 10)
 	}
 }
+
+func getSpanCtxAttachment(ctx context.Context) metricdata.Attachments {
+	attachments := map[string]interface{}{}
+	span := trace.FromContext(ctx)
+	if span == nil {
+		return attachments
+	}
+	spanCtx := span.SpanContext()
+	if spanCtx.IsSampled() {
+		attachments[metricdata.AttachmentKeySpanContext] = spanCtx
+	}
+	return attachments
+}
diff --git a/vendor/go.opencensus.io/plugin/ocgrpc/trace_common.go b/vendor/go.opencensus.io/plugin/ocgrpc/trace_common.go
index 720f381c27514..fef5827566283 100644
--- a/vendor/go.opencensus.io/plugin/ocgrpc/trace_common.go
+++ b/vendor/go.opencensus.io/plugin/ocgrpc/trace_common.go
@@ -19,9 +19,9 @@ import (
 
 	"google.golang.org/grpc/codes"
 
+	"context"
 	"go.opencensus.io/trace"
 	"go.opencensus.io/trace/propagation"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/stats"
 	"google.golang.org/grpc/status"
diff --git a/vendor/go.opencensus.io/plugin/ochttp/client.go b/vendor/go.opencensus.io/plugin/ochttp/client.go
index 37f42b3b1771b..da815b2a73451 100644
--- a/vendor/go.opencensus.io/plugin/ochttp/client.go
+++ b/vendor/go.opencensus.io/plugin/ochttp/client.go
@@ -16,14 +16,18 @@ package ochttp
 
 import (
 	"net/http"
+	"net/http/httptrace"
 
 	"go.opencensus.io/trace"
 	"go.opencensus.io/trace/propagation"
 )
 
 // Transport is an http.RoundTripper that instruments all outgoing requests with
-// stats and tracing. The zero value is intended to be a useful default, but for
-// now it's recommended that you explicitly set Propagation.
+// OpenCensus stats and tracing.
+//
+// The zero value is intended to be a useful default, but for
+// now it's recommended that you explicitly set Propagation, since the default
+// for this may change.
 type Transport struct {
 	// Base may be set to wrap another http.RoundTripper that does the actual
 	// requests. By default http.DefaultTransport is used.
@@ -43,24 +47,53 @@ type Transport struct {
 	// for spans started by this transport.
 	StartOptions trace.StartOptions
 
+	// GetStartOptions allows to set start options per request. If set,
+	// StartOptions is going to be ignored.
+	GetStartOptions func(*http.Request) trace.StartOptions
+
+	// NameFromRequest holds the function to use for generating the span name
+	// from the information found in the outgoing HTTP Request. By default the
+	// name equals the URL Path.
+	FormatSpanName func(*http.Request) string
+
+	// NewClientTrace may be set to a function allowing the current *trace.Span
+	// to be annotated with HTTP request event information emitted by the
+	// httptrace package.
+	NewClientTrace func(*http.Request, *trace.Span) *httptrace.ClientTrace
+
 	// TODO: Implement tag propagation for HTTP.
 }
 
 // RoundTrip implements http.RoundTripper, delegating to Base and recording stats and traces for the request.
 func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 	rt := t.base()
+	if isHealthEndpoint(req.URL.Path) {
+		return rt.RoundTrip(req)
+	}
 	// TODO: remove excessive nesting of http.RoundTrippers here.
 	format := t.Propagation
 	if format == nil {
 		format = defaultFormat
 	}
+	spanNameFormatter := t.FormatSpanName
+	if spanNameFormatter == nil {
+		spanNameFormatter = spanNameFromURL
+	}
+
+	startOpts := t.StartOptions
+	if t.GetStartOptions != nil {
+		startOpts = t.GetStartOptions(req)
+	}
+
 	rt = &traceTransport{
 		base:   rt,
 		format: format,
 		startOptions: trace.StartOptions{
-			Sampler:  t.StartOptions.Sampler,
+			Sampler:  startOpts.Sampler,
 			SpanKind: trace.SpanKindClient,
 		},
+		formatSpanName: spanNameFormatter,
+		newClientTrace: t.NewClientTrace,
 	}
 	rt = statsTransport{base: rt}
 	return rt.RoundTrip(req)
diff --git a/vendor/go.opencensus.io/plugin/ochttp/client_stats.go b/vendor/go.opencensus.io/plugin/ochttp/client_stats.go
index 9b286b929be79..17142aabe002a 100644
--- a/vendor/go.opencensus.io/plugin/ochttp/client_stats.go
+++ b/vendor/go.opencensus.io/plugin/ochttp/client_stats.go
@@ -34,8 +34,11 @@ type statsTransport struct {
 // RoundTrip implements http.RoundTripper, delegating to Base and recording stats for the request.
 func (t statsTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	ctx, _ := tag.New(req.Context(),
-		tag.Upsert(Host, req.URL.Host),
+		tag.Upsert(KeyClientHost, req.Host),
+		tag.Upsert(Host, req.Host),
+		tag.Upsert(KeyClientPath, req.URL.Path),
 		tag.Upsert(Path, req.URL.Path),
+		tag.Upsert(KeyClientMethod, req.Method),
 		tag.Upsert(Method, req.Method))
 	req = req.WithContext(ctx)
 	track := &tracker{
@@ -58,11 +61,14 @@ func (t statsTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 		track.end()
 	} else {
 		track.statusCode = resp.StatusCode
+		if req.Method != "HEAD" {
+			track.respContentLength = resp.ContentLength
+		}
 		if resp.Body == nil {
 			track.end()
 		} else {
 			track.body = resp.Body
-			resp.Body = track
+			resp.Body = wrappedBody(track, resp.Body)
 		}
 	}
 	return resp, err
@@ -79,36 +85,48 @@ func (t statsTransport) CancelRequest(req *http.Request) {
 }
 
 type tracker struct {
-	ctx        context.Context
-	respSize   int64
-	reqSize    int64
-	start      time.Time
-	body       io.ReadCloser
-	statusCode int
-	endOnce    sync.Once
+	ctx               context.Context
+	respSize          int64
+	respContentLength int64
+	reqSize           int64
+	start             time.Time
+	body              io.ReadCloser
+	statusCode        int
+	endOnce           sync.Once
 }
 
 var _ io.ReadCloser = (*tracker)(nil)
 
 func (t *tracker) end() {
 	t.endOnce.Do(func() {
+		latencyMs := float64(time.Since(t.start)) / float64(time.Millisecond)
+		respSize := t.respSize
+		if t.respSize == 0 && t.respContentLength > 0 {
+			respSize = t.respContentLength
+		}
 		m := []stats.Measurement{
-			ClientLatency.M(float64(time.Since(t.start)) / float64(time.Millisecond)),
+			ClientSentBytes.M(t.reqSize),
+			ClientReceivedBytes.M(respSize),
+			ClientRoundtripLatency.M(latencyMs),
+			ClientLatency.M(latencyMs),
 			ClientResponseBytes.M(t.respSize),
 		}
 		if t.reqSize >= 0 {
 			m = append(m, ClientRequestBytes.M(t.reqSize))
 		}
-		ctx, _ := tag.New(t.ctx, tag.Upsert(StatusCode, strconv.Itoa(t.statusCode)))
-		stats.Record(ctx, m...)
+
+		stats.RecordWithTags(t.ctx, []tag.Mutator{
+			tag.Upsert(StatusCode, strconv.Itoa(t.statusCode)),
+			tag.Upsert(KeyClientStatus, strconv.Itoa(t.statusCode)),
+		}, m...)
 	})
 }
 
 func (t *tracker) Read(b []byte) (int, error) {
 	n, err := t.body.Read(b)
+	t.respSize += int64(n)
 	switch err {
 	case nil:
-		t.respSize += int64(n)
 		return n, nil
 	case io.EOF:
 		t.end()
diff --git a/vendor/go.opencensus.io/plugin/ochttp/propagation/b3/b3.go b/vendor/go.opencensus.io/plugin/ochttp/propagation/b3/b3.go
index f777772ec938e..2f1c7f0063ea8 100644
--- a/vendor/go.opencensus.io/plugin/ochttp/propagation/b3/b3.go
+++ b/vendor/go.opencensus.io/plugin/ochttp/propagation/b3/b3.go
@@ -38,7 +38,7 @@ const (
 // because there are additional fields not represented in the
 // OpenCensus span context. Spans created from the incoming
 // header will be the direct children of the client-side span.
-// Similarly, reciever of the outgoing spans should use client-side
+// Similarly, receiver of the outgoing spans should use client-side
 // span created by OpenCensus as the parent.
 type HTTPFormat struct{}
 
diff --git a/vendor/go.opencensus.io/plugin/ochttp/route.go b/vendor/go.opencensus.io/plugin/ochttp/route.go
new file mode 100644
index 0000000000000..5e6a3430760b6
--- /dev/null
+++ b/vendor/go.opencensus.io/plugin/ochttp/route.go
@@ -0,0 +1,61 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ochttp
+
+import (
+	"context"
+	"net/http"
+
+	"go.opencensus.io/tag"
+)
+
+// SetRoute sets the http_server_route tag to the given value.
+// It's useful when an HTTP framework does not support the http.Handler interface
+// and using WithRouteTag is not an option, but provides a way to hook into the request flow.
+func SetRoute(ctx context.Context, route string) {
+	if a, ok := ctx.Value(addedTagsKey{}).(*addedTags); ok {
+		a.t = append(a.t, tag.Upsert(KeyServerRoute, route))
+	}
+}
+
+// WithRouteTag returns an http.Handler that records stats with the
+// http_server_route tag set to the given value.
+func WithRouteTag(handler http.Handler, route string) http.Handler {
+	return taggedHandlerFunc(func(w http.ResponseWriter, r *http.Request) []tag.Mutator {
+		addRoute := []tag.Mutator{tag.Upsert(KeyServerRoute, route)}
+		ctx, _ := tag.New(r.Context(), addRoute...)
+		r = r.WithContext(ctx)
+		handler.ServeHTTP(w, r)
+		return addRoute
+	})
+}
+
+// taggedHandlerFunc is a http.Handler that returns tags describing the
+// processing of the request. These tags will be recorded along with the
+// measures in this package at the end of the request.
+type taggedHandlerFunc func(w http.ResponseWriter, r *http.Request) []tag.Mutator
+
+func (h taggedHandlerFunc) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	tags := h(w, r)
+	if a, ok := r.Context().Value(addedTagsKey{}).(*addedTags); ok {
+		a.t = append(a.t, tags...)
+	}
+}
+
+type addedTagsKey struct{}
+
+type addedTags struct {
+	t []tag.Mutator
+}
diff --git a/vendor/go.opencensus.io/plugin/ochttp/server.go b/vendor/go.opencensus.io/plugin/ochttp/server.go
index 4b3c855e5bd30..c7ea642357265 100644
--- a/vendor/go.opencensus.io/plugin/ochttp/server.go
+++ b/vendor/go.opencensus.io/plugin/ochttp/server.go
@@ -15,10 +15,8 @@
 package ochttp
 
 import (
-	"bufio"
 	"context"
-	"errors"
-	"net"
+	"io"
 	"net/http"
 	"strconv"
 	"sync"
@@ -30,16 +28,19 @@ import (
 	"go.opencensus.io/trace/propagation"
 )
 
-// Handler is a http.Handler that is aware of the incoming request's span.
+// Handler is an http.Handler wrapper to instrument your HTTP server with
+// OpenCensus. It supports both stats and tracing.
 //
+// Tracing
+//
+// This handler is aware of the incoming request's span, reading it from request
+// headers as configured using the Propagation field.
 // The extracted span can be accessed from the incoming request's
 // context.
 //
 //    span := trace.FromContext(r.Context())
 //
 // The server span will be automatically ended at the end of ServeHTTP.
-//
-// Incoming propagation mechanism is determined by the given HTTP propagators.
 type Handler struct {
 	// Propagation defines how traces are propagated. If unspecified,
 	// B3 propagation will be used.
@@ -55,50 +56,86 @@ type Handler struct {
 	// for spans started by this transport.
 	StartOptions trace.StartOptions
 
+	// GetStartOptions allows to set start options per request. If set,
+	// StartOptions is going to be ignored.
+	GetStartOptions func(*http.Request) trace.StartOptions
+
 	// IsPublicEndpoint should be set to true for publicly accessible HTTP(S)
 	// servers. If true, any trace metadata set on the incoming request will
 	// be added as a linked trace instead of being added as a parent of the
 	// current trace.
 	IsPublicEndpoint bool
+
+	// FormatSpanName holds the function to use for generating the span name
+	// from the information found in the incoming HTTP Request. By default the
+	// name equals the URL Path.
+	FormatSpanName func(*http.Request) string
+
+	// IsHealthEndpoint holds the function to use for determining if the
+	// incoming HTTP request should be considered a health check. This is in
+	// addition to the private isHealthEndpoint func which may also indicate
+	// tracing should be skipped.
+	IsHealthEndpoint func(*http.Request) bool
 }
 
 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	var traceEnd, statsEnd func()
-	r, traceEnd = h.startTrace(w, r)
+	var tags addedTags
+	r, traceEnd := h.startTrace(w, r)
 	defer traceEnd()
-	w, statsEnd = h.startStats(w, r)
-	defer statsEnd()
+	w, statsEnd := h.startStats(w, r)
+	defer statsEnd(&tags)
 	handler := h.Handler
 	if handler == nil {
 		handler = http.DefaultServeMux
 	}
+	r = r.WithContext(context.WithValue(r.Context(), addedTagsKey{}, &tags))
 	handler.ServeHTTP(w, r)
 }
 
 func (h *Handler) startTrace(w http.ResponseWriter, r *http.Request) (*http.Request, func()) {
-	name := spanNameFromURL(r.URL)
+	if h.IsHealthEndpoint != nil && h.IsHealthEndpoint(r) || isHealthEndpoint(r.URL.Path) {
+		return r, func() {}
+	}
+	var name string
+	if h.FormatSpanName == nil {
+		name = spanNameFromURL(r)
+	} else {
+		name = h.FormatSpanName(r)
+	}
 	ctx := r.Context()
+
+	startOpts := h.StartOptions
+	if h.GetStartOptions != nil {
+		startOpts = h.GetStartOptions(r)
+	}
+
 	var span *trace.Span
 	sc, ok := h.extractSpanContext(r)
 	if ok && !h.IsPublicEndpoint {
 		ctx, span = trace.StartSpanWithRemoteParent(ctx, name, sc,
-			trace.WithSampler(h.StartOptions.Sampler),
+			trace.WithSampler(startOpts.Sampler),
 			trace.WithSpanKind(trace.SpanKindServer))
 	} else {
 		ctx, span = trace.StartSpan(ctx, name,
-			trace.WithSampler(h.StartOptions.Sampler),
+			trace.WithSampler(startOpts.Sampler),
 			trace.WithSpanKind(trace.SpanKindServer),
 		)
 		if ok {
 			span.AddLink(trace.Link{
 				TraceID:    sc.TraceID,
 				SpanID:     sc.SpanID,
-				Type:       trace.LinkTypeChild,
+				Type:       trace.LinkTypeParent,
 				Attributes: nil,
 			})
 		}
 	}
 	span.AddAttributes(requestAttrs(r)...)
+	if r.Body == nil {
+		// TODO: Handle cases where ContentLength is not set.
+	} else if r.ContentLength > 0 {
+		span.AddMessageReceiveEvent(0, /* TODO: messageID */
+			r.ContentLength, -1)
+	}
 	return r.WithContext(ctx), span.End
 }
 
@@ -109,9 +146,9 @@ func (h *Handler) extractSpanContext(r *http.Request) (trace.SpanContext, bool)
 	return h.Propagation.SpanContextFromRequest(r)
 }
 
-func (h *Handler) startStats(w http.ResponseWriter, r *http.Request) (http.ResponseWriter, func()) {
+func (h *Handler) startStats(w http.ResponseWriter, r *http.Request) (http.ResponseWriter, func(tags *addedTags)) {
 	ctx, _ := tag.New(r.Context(),
-		tag.Upsert(Host, r.URL.Host),
+		tag.Upsert(Host, r.Host),
 		tag.Upsert(Path, r.URL.Path),
 		tag.Upsert(Method, r.Method))
 	track := &trackingResponseWriter{
@@ -126,7 +163,7 @@ func (h *Handler) startStats(w http.ResponseWriter, r *http.Request) (http.Respo
 		track.reqSize = r.ContentLength
 	}
 	stats.Record(ctx, ServerRequestCount.M(1))
-	return track, track.end
+	return track.wrappedResponseWriter(), track.end
 }
 
 type trackingResponseWriter struct {
@@ -140,40 +177,10 @@ type trackingResponseWriter struct {
 	writer     http.ResponseWriter
 }
 
-// Compile time assertions for widely used net/http interfaces
-var _ http.CloseNotifier = (*trackingResponseWriter)(nil)
-var _ http.Flusher = (*trackingResponseWriter)(nil)
-var _ http.Hijacker = (*trackingResponseWriter)(nil)
-var _ http.Pusher = (*trackingResponseWriter)(nil)
+// Compile time assertion for ResponseWriter interface
 var _ http.ResponseWriter = (*trackingResponseWriter)(nil)
 
-var errHijackerUnimplemented = errors.New("ResponseWriter does not implement http.Hijacker")
-
-func (t *trackingResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	hj, ok := t.writer.(http.Hijacker)
-	if !ok {
-		return nil, nil, errHijackerUnimplemented
-	}
-	return hj.Hijack()
-}
-
-func (t *trackingResponseWriter) CloseNotify() <-chan bool {
-	cn, ok := t.writer.(http.CloseNotifier)
-	if !ok {
-		return nil
-	}
-	return cn.CloseNotify()
-}
-
-func (t *trackingResponseWriter) Push(target string, opts *http.PushOptions) error {
-	pusher, ok := t.writer.(http.Pusher)
-	if !ok {
-		return http.ErrNotSupported
-	}
-	return pusher.Push(target, opts)
-}
-
-func (t *trackingResponseWriter) end() {
+func (t *trackingResponseWriter) end(tags *addedTags) {
 	t.endOnce.Do(func() {
 		if t.statusCode == 0 {
 			t.statusCode = 200
@@ -181,6 +188,7 @@ func (t *trackingResponseWriter) end() {
 
 		span := trace.FromContext(t.ctx)
 		span.SetStatus(TraceStatus(t.statusCode, t.statusLine))
+		span.AddAttributes(trace.Int64Attribute(StatusCodeAttribute, int64(t.statusCode)))
 
 		m := []stats.Measurement{
 			ServerLatency.M(float64(time.Since(t.start)) / float64(time.Millisecond)),
@@ -189,8 +197,10 @@ func (t *trackingResponseWriter) end() {
 		if t.reqSize >= 0 {
 			m = append(m, ServerRequestBytes.M(t.reqSize))
 		}
-		ctx, _ := tag.New(t.ctx, tag.Upsert(StatusCode, strconv.Itoa(t.statusCode)))
-		stats.Record(ctx, m...)
+		allTags := make([]tag.Mutator, len(tags.t)+1)
+		allTags[0] = tag.Upsert(StatusCode, strconv.Itoa(t.statusCode))
+		copy(allTags[1:], tags.t)
+		stats.RecordWithTags(t.ctx, allTags, m...)
 	})
 }
 
@@ -201,6 +211,9 @@ func (t *trackingResponseWriter) Header() http.Header {
 func (t *trackingResponseWriter) Write(data []byte) (int, error) {
 	n, err := t.writer.Write(data)
 	t.respSize += int64(n)
+	// Add message event for request bytes sent.
+	span := trace.FromContext(t.ctx)
+	span.AddMessageSendEvent(0 /* TODO: messageID */, int64(n), -1)
 	return n, err
 }
 
@@ -210,8 +223,231 @@ func (t *trackingResponseWriter) WriteHeader(statusCode int) {
 	t.statusLine = http.StatusText(t.statusCode)
 }
 
-func (t *trackingResponseWriter) Flush() {
-	if flusher, ok := t.writer.(http.Flusher); ok {
-		flusher.Flush()
+// wrappedResponseWriter returns a wrapped version of the original
+//  ResponseWriter and only implements the same combination of additional
+// interfaces as the original.
+// This implementation is based on https://github.com/felixge/httpsnoop.
+func (t *trackingResponseWriter) wrappedResponseWriter() http.ResponseWriter {
+	var (
+		hj, i0 = t.writer.(http.Hijacker)
+		cn, i1 = t.writer.(http.CloseNotifier)
+		pu, i2 = t.writer.(http.Pusher)
+		fl, i3 = t.writer.(http.Flusher)
+		rf, i4 = t.writer.(io.ReaderFrom)
+	)
+
+	switch {
+	case !i0 && !i1 && !i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+		}{t}
+	case !i0 && !i1 && !i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			io.ReaderFrom
+		}{t, rf}
+	case !i0 && !i1 && !i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Flusher
+		}{t, fl}
+	case !i0 && !i1 && !i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Flusher
+			io.ReaderFrom
+		}{t, fl, rf}
+	case !i0 && !i1 && i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Pusher
+		}{t, pu}
+	case !i0 && !i1 && i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Pusher
+			io.ReaderFrom
+		}{t, pu, rf}
+	case !i0 && !i1 && i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Pusher
+			http.Flusher
+		}{t, pu, fl}
+	case !i0 && !i1 && i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Pusher
+			http.Flusher
+			io.ReaderFrom
+		}{t, pu, fl, rf}
+	case !i0 && i1 && !i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+		}{t, cn}
+	case !i0 && i1 && !i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			io.ReaderFrom
+		}{t, cn, rf}
+	case !i0 && i1 && !i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Flusher
+		}{t, cn, fl}
+	case !i0 && i1 && !i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Flusher
+			io.ReaderFrom
+		}{t, cn, fl, rf}
+	case !i0 && i1 && i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+		}{t, cn, pu}
+	case !i0 && i1 && i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+			io.ReaderFrom
+		}{t, cn, pu, rf}
+	case !i0 && i1 && i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+			http.Flusher
+		}{t, cn, pu, fl}
+	case !i0 && i1 && i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+			http.Flusher
+			io.ReaderFrom
+		}{t, cn, pu, fl, rf}
+	case i0 && !i1 && !i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+		}{t, hj}
+	case i0 && !i1 && !i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			io.ReaderFrom
+		}{t, hj, rf}
+	case i0 && !i1 && !i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Flusher
+		}{t, hj, fl}
+	case i0 && !i1 && !i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Flusher
+			io.ReaderFrom
+		}{t, hj, fl, rf}
+	case i0 && !i1 && i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+		}{t, hj, pu}
+	case i0 && !i1 && i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+			io.ReaderFrom
+		}{t, hj, pu, rf}
+	case i0 && !i1 && i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+			http.Flusher
+		}{t, hj, pu, fl}
+	case i0 && !i1 && i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+			http.Flusher
+			io.ReaderFrom
+		}{t, hj, pu, fl, rf}
+	case i0 && i1 && !i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+		}{t, hj, cn}
+	case i0 && i1 && !i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			io.ReaderFrom
+		}{t, hj, cn, rf}
+	case i0 && i1 && !i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Flusher
+		}{t, hj, cn, fl}
+	case i0 && i1 && !i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Flusher
+			io.ReaderFrom
+		}{t, hj, cn, fl, rf}
+	case i0 && i1 && i2 && !i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Pusher
+		}{t, hj, cn, pu}
+	case i0 && i1 && i2 && !i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Pusher
+			io.ReaderFrom
+		}{t, hj, cn, pu, rf}
+	case i0 && i1 && i2 && i3 && !i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Pusher
+			http.Flusher
+		}{t, hj, cn, pu, fl}
+	case i0 && i1 && i2 && i3 && i4:
+		return struct {
+			http.ResponseWriter
+			http.Hijacker
+			http.CloseNotifier
+			http.Pusher
+			http.Flusher
+			io.ReaderFrom
+		}{t, hj, cn, pu, fl, rf}
+	default:
+		return struct {
+			http.ResponseWriter
+		}{t}
 	}
 }
diff --git a/vendor/go.opencensus.io/plugin/ochttp/span_annotating_client_trace.go b/vendor/go.opencensus.io/plugin/ochttp/span_annotating_client_trace.go
new file mode 100644
index 0000000000000..05c6c56cc790f
--- /dev/null
+++ b/vendor/go.opencensus.io/plugin/ochttp/span_annotating_client_trace.go
@@ -0,0 +1,169 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ochttp
+
+import (
+	"crypto/tls"
+	"net/http"
+	"net/http/httptrace"
+	"strings"
+
+	"go.opencensus.io/trace"
+)
+
+type spanAnnotator struct {
+	sp *trace.Span
+}
+
+// TODO: Remove NewSpanAnnotator at the next release.
+
+// NewSpanAnnotator returns a httptrace.ClientTrace which annotates
+// all emitted httptrace events on the provided Span.
+// Deprecated: Use NewSpanAnnotatingClientTrace instead
+func NewSpanAnnotator(r *http.Request, s *trace.Span) *httptrace.ClientTrace {
+	return NewSpanAnnotatingClientTrace(r, s)
+}
+
+// NewSpanAnnotatingClientTrace returns a httptrace.ClientTrace which annotates
+// all emitted httptrace events on the provided Span.
+func NewSpanAnnotatingClientTrace(_ *http.Request, s *trace.Span) *httptrace.ClientTrace {
+	sa := spanAnnotator{sp: s}
+
+	return &httptrace.ClientTrace{
+		GetConn:              sa.getConn,
+		GotConn:              sa.gotConn,
+		PutIdleConn:          sa.putIdleConn,
+		GotFirstResponseByte: sa.gotFirstResponseByte,
+		Got100Continue:       sa.got100Continue,
+		DNSStart:             sa.dnsStart,
+		DNSDone:              sa.dnsDone,
+		ConnectStart:         sa.connectStart,
+		ConnectDone:          sa.connectDone,
+		TLSHandshakeStart:    sa.tlsHandshakeStart,
+		TLSHandshakeDone:     sa.tlsHandshakeDone,
+		WroteHeaders:         sa.wroteHeaders,
+		Wait100Continue:      sa.wait100Continue,
+		WroteRequest:         sa.wroteRequest,
+	}
+}
+
+func (s spanAnnotator) getConn(hostPort string) {
+	attrs := []trace.Attribute{
+		trace.StringAttribute("httptrace.get_connection.host_port", hostPort),
+	}
+	s.sp.Annotate(attrs, "GetConn")
+}
+
+func (s spanAnnotator) gotConn(info httptrace.GotConnInfo) {
+	attrs := []trace.Attribute{
+		trace.BoolAttribute("httptrace.got_connection.reused", info.Reused),
+		trace.BoolAttribute("httptrace.got_connection.was_idle", info.WasIdle),
+	}
+	if info.WasIdle {
+		attrs = append(attrs,
+			trace.StringAttribute("httptrace.got_connection.idle_time", info.IdleTime.String()))
+	}
+	s.sp.Annotate(attrs, "GotConn")
+}
+
+// PutIdleConn implements a httptrace.ClientTrace hook
+func (s spanAnnotator) putIdleConn(err error) {
+	var attrs []trace.Attribute
+	if err != nil {
+		attrs = append(attrs,
+			trace.StringAttribute("httptrace.put_idle_connection.error", err.Error()))
+	}
+	s.sp.Annotate(attrs, "PutIdleConn")
+}
+
+func (s spanAnnotator) gotFirstResponseByte() {
+	s.sp.Annotate(nil, "GotFirstResponseByte")
+}
+
+func (s spanAnnotator) got100Continue() {
+	s.sp.Annotate(nil, "Got100Continue")
+}
+
+func (s spanAnnotator) dnsStart(info httptrace.DNSStartInfo) {
+	attrs := []trace.Attribute{
+		trace.StringAttribute("httptrace.dns_start.host", info.Host),
+	}
+	s.sp.Annotate(attrs, "DNSStart")
+}
+
+func (s spanAnnotator) dnsDone(info httptrace.DNSDoneInfo) {
+	var addrs []string
+	for _, addr := range info.Addrs {
+		addrs = append(addrs, addr.String())
+	}
+	attrs := []trace.Attribute{
+		trace.StringAttribute("httptrace.dns_done.addrs", strings.Join(addrs, " , ")),
+	}
+	if info.Err != nil {
+		attrs = append(attrs,
+			trace.StringAttribute("httptrace.dns_done.error", info.Err.Error()))
+	}
+	s.sp.Annotate(attrs, "DNSDone")
+}
+
+func (s spanAnnotator) connectStart(network, addr string) {
+	attrs := []trace.Attribute{
+		trace.StringAttribute("httptrace.connect_start.network", network),
+		trace.StringAttribute("httptrace.connect_start.addr", addr),
+	}
+	s.sp.Annotate(attrs, "ConnectStart")
+}
+
+func (s spanAnnotator) connectDone(network, addr string, err error) {
+	attrs := []trace.Attribute{
+		trace.StringAttribute("httptrace.connect_done.network", network),
+		trace.StringAttribute("httptrace.connect_done.addr", addr),
+	}
+	if err != nil {
+		attrs = append(attrs,
+			trace.StringAttribute("httptrace.connect_done.error", err.Error()))
+	}
+	s.sp.Annotate(attrs, "ConnectDone")
+}
+
+func (s spanAnnotator) tlsHandshakeStart() {
+	s.sp.Annotate(nil, "TLSHandshakeStart")
+}
+
+func (s spanAnnotator) tlsHandshakeDone(_ tls.ConnectionState, err error) {
+	var attrs []trace.Attribute
+	if err != nil {
+		attrs = append(attrs,
+			trace.StringAttribute("httptrace.tls_handshake_done.error", err.Error()))
+	}
+	s.sp.Annotate(attrs, "TLSHandshakeDone")
+}
+
+func (s spanAnnotator) wroteHeaders() {
+	s.sp.Annotate(nil, "WroteHeaders")
+}
+
+func (s spanAnnotator) wait100Continue() {
+	s.sp.Annotate(nil, "Wait100Continue")
+}
+
+func (s spanAnnotator) wroteRequest(info httptrace.WroteRequestInfo) {
+	var attrs []trace.Attribute
+	if info.Err != nil {
+		attrs = append(attrs,
+			trace.StringAttribute("httptrace.wrote_request.error", info.Err.Error()))
+	}
+	s.sp.Annotate(attrs, "WroteRequest")
+}
diff --git a/vendor/go.opencensus.io/plugin/ochttp/stats.go b/vendor/go.opencensus.io/plugin/ochttp/stats.go
index 2bd11f6ddc370..ee3729040ddd5 100644
--- a/vendor/go.opencensus.io/plugin/ochttp/stats.go
+++ b/vendor/go.opencensus.io/plugin/ochttp/stats.go
@@ -20,20 +20,67 @@ import (
 	"go.opencensus.io/tag"
 )
 
+// Deprecated: client HTTP measures.
+var (
+	// Deprecated: Use a Count aggregation over one of the other client measures to achieve the same effect.
+	ClientRequestCount = stats.Int64(
+		"opencensus.io/http/client/request_count",
+		"Number of HTTP requests started",
+		stats.UnitDimensionless)
+	// Deprecated: Use ClientSentBytes.
+	ClientRequestBytes = stats.Int64(
+		"opencensus.io/http/client/request_bytes",
+		"HTTP request body size if set as ContentLength (uncompressed)",
+		stats.UnitBytes)
+	// Deprecated: Use ClientReceivedBytes.
+	ClientResponseBytes = stats.Int64(
+		"opencensus.io/http/client/response_bytes",
+		"HTTP response body size (uncompressed)",
+		stats.UnitBytes)
+	// Deprecated: Use ClientRoundtripLatency.
+	ClientLatency = stats.Float64(
+		"opencensus.io/http/client/latency",
+		"End-to-end latency",
+		stats.UnitMilliseconds)
+)
+
 // The following client HTTP measures are supported for use in custom views.
 var (
-	ClientRequestCount  = stats.Int64("opencensus.io/http/client/request_count", "Number of HTTP requests started", stats.UnitDimensionless)
-	ClientRequestBytes  = stats.Int64("opencensus.io/http/client/request_bytes", "HTTP request body size if set as ContentLength (uncompressed)", stats.UnitBytes)
-	ClientResponseBytes = stats.Int64("opencensus.io/http/client/response_bytes", "HTTP response body size (uncompressed)", stats.UnitBytes)
-	ClientLatency       = stats.Float64("opencensus.io/http/client/latency", "End-to-end latency", stats.UnitMilliseconds)
+	ClientSentBytes = stats.Int64(
+		"opencensus.io/http/client/sent_bytes",
+		"Total bytes sent in request body (not including headers)",
+		stats.UnitBytes,
+	)
+	ClientReceivedBytes = stats.Int64(
+		"opencensus.io/http/client/received_bytes",
+		"Total bytes received in response bodies (not including headers but including error responses with bodies)",
+		stats.UnitBytes,
+	)
+	ClientRoundtripLatency = stats.Float64(
+		"opencensus.io/http/client/roundtrip_latency",
+		"Time between first byte of request headers sent to last byte of response received, or terminal error",
+		stats.UnitMilliseconds,
+	)
 )
 
 // The following server HTTP measures are supported for use in custom views:
 var (
-	ServerRequestCount  = stats.Int64("opencensus.io/http/server/request_count", "Number of HTTP requests started", stats.UnitDimensionless)
-	ServerRequestBytes  = stats.Int64("opencensus.io/http/server/request_bytes", "HTTP request body size if set as ContentLength (uncompressed)", stats.UnitBytes)
-	ServerResponseBytes = stats.Int64("opencensus.io/http/server/response_bytes", "HTTP response body size (uncompressed)", stats.UnitBytes)
-	ServerLatency       = stats.Float64("opencensus.io/http/server/latency", "End-to-end latency", stats.UnitMilliseconds)
+	ServerRequestCount = stats.Int64(
+		"opencensus.io/http/server/request_count",
+		"Number of HTTP requests started",
+		stats.UnitDimensionless)
+	ServerRequestBytes = stats.Int64(
+		"opencensus.io/http/server/request_bytes",
+		"HTTP request body size if set as ContentLength (uncompressed)",
+		stats.UnitBytes)
+	ServerResponseBytes = stats.Int64(
+		"opencensus.io/http/server/response_bytes",
+		"HTTP response body size (uncompressed)",
+		stats.UnitBytes)
+	ServerLatency = stats.Float64(
+		"opencensus.io/http/server/latency",
+		"End-to-end latency",
+		stats.UnitMilliseconds)
 )
 
 // The following tags are applied to stats recorded by this package. Host, Path
@@ -41,28 +88,89 @@ var (
 // ClientRequestCount or ServerRequestCount, since it is recorded before the status is known.
 var (
 	// Host is the value of the HTTP Host header.
-	Host, _ = tag.NewKey("http.host")
+	//
+	// The value of this tag can be controlled by the HTTP client, so you need
+	// to watch out for potentially generating high-cardinality labels in your
+	// metrics backend if you use this tag in views.
+	Host = tag.MustNewKey("http.host")
 
 	// StatusCode is the numeric HTTP response status code,
 	// or "error" if a transport error occurred and no status code was read.
-	StatusCode, _ = tag.NewKey("http.status")
+	StatusCode = tag.MustNewKey("http.status")
 
 	// Path is the URL path (not including query string) in the request.
-	Path, _ = tag.NewKey("http.path")
+	//
+	// The value of this tag can be controlled by the HTTP client, so you need
+	// to watch out for potentially generating high-cardinality labels in your
+	// metrics backend if you use this tag in views.
+	Path = tag.MustNewKey("http.path")
 
 	// Method is the HTTP method of the request, capitalized (GET, POST, etc.).
-	Method, _ = tag.NewKey("http.method")
+	Method = tag.MustNewKey("http.method")
+
+	// KeyServerRoute is a low cardinality string representing the logical
+	// handler of the request. This is usually the pattern registered on the a
+	// ServeMux (or similar string).
+	KeyServerRoute = tag.MustNewKey("http_server_route")
+)
+
+// Client tag keys.
+var (
+	// KeyClientMethod is the HTTP method, capitalized (i.e. GET, POST, PUT, DELETE, etc.).
+	KeyClientMethod = tag.MustNewKey("http_client_method")
+	// KeyClientPath is the URL path (not including query string).
+	KeyClientPath = tag.MustNewKey("http_client_path")
+	// KeyClientStatus is the HTTP status code as an integer (e.g. 200, 404, 500.), or "error" if no response status line was received.
+	KeyClientStatus = tag.MustNewKey("http_client_status")
+	// KeyClientHost is the value of the request Host header.
+	KeyClientHost = tag.MustNewKey("http_client_host")
 )
 
 // Default distributions used by views in this package.
 var (
-	DefaultSizeDistribution    = view.Distribution(0, 1024, 2048, 4096, 16384, 65536, 262144, 1048576, 4194304, 16777216, 67108864, 268435456, 1073741824, 4294967296)
-	DefaultLatencyDistribution = view.Distribution(0, 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1000, 2000, 5000, 10000, 20000, 50000, 100000)
+	DefaultSizeDistribution    = view.Distribution(1024, 2048, 4096, 16384, 65536, 262144, 1048576, 4194304, 16777216, 67108864, 268435456, 1073741824, 4294967296)
+	DefaultLatencyDistribution = view.Distribution(1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1000, 2000, 5000, 10000, 20000, 50000, 100000)
+)
+
+// Package ochttp provides some convenience views for client measures.
+// You still need to register these views for data to actually be collected.
+var (
+	ClientSentBytesDistribution = &view.View{
+		Name:        "opencensus.io/http/client/sent_bytes",
+		Measure:     ClientSentBytes,
+		Aggregation: DefaultSizeDistribution,
+		Description: "Total bytes sent in request body (not including headers), by HTTP method and response status",
+		TagKeys:     []tag.Key{KeyClientMethod, KeyClientStatus},
+	}
+
+	ClientReceivedBytesDistribution = &view.View{
+		Name:        "opencensus.io/http/client/received_bytes",
+		Measure:     ClientReceivedBytes,
+		Aggregation: DefaultSizeDistribution,
+		Description: "Total bytes received in response bodies (not including headers but including error responses with bodies), by HTTP method and response status",
+		TagKeys:     []tag.Key{KeyClientMethod, KeyClientStatus},
+	}
+
+	ClientRoundtripLatencyDistribution = &view.View{
+		Name:        "opencensus.io/http/client/roundtrip_latency",
+		Measure:     ClientRoundtripLatency,
+		Aggregation: DefaultLatencyDistribution,
+		Description: "End-to-end latency, by HTTP method and response status",
+		TagKeys:     []tag.Key{KeyClientMethod, KeyClientStatus},
+	}
+
+	ClientCompletedCount = &view.View{
+		Name:        "opencensus.io/http/client/completed_count",
+		Measure:     ClientRoundtripLatency,
+		Aggregation: view.Count(),
+		Description: "Count of completed requests, by HTTP method and response status",
+		TagKeys:     []tag.Key{KeyClientMethod, KeyClientStatus},
+	}
 )
 
-// Package ochttp provides some convenience views.
-// You need to subscribe to the views for data to actually be collected.
+// Deprecated: Old client Views.
 var (
+	// Deprecated: No direct replacement, but see ClientCompletedCount.
 	ClientRequestCountView = &view.View{
 		Name:        "opencensus.io/http/client/request_count",
 		Description: "Count of HTTP requests started",
@@ -70,43 +178,52 @@ var (
 		Aggregation: view.Count(),
 	}
 
+	// Deprecated: Use ClientSentBytesDistribution.
 	ClientRequestBytesView = &view.View{
 		Name:        "opencensus.io/http/client/request_bytes",
 		Description: "Size distribution of HTTP request body",
-		Measure:     ClientRequestBytes,
+		Measure:     ClientSentBytes,
 		Aggregation: DefaultSizeDistribution,
 	}
 
+	// Deprecated: Use ClientReceivedBytesDistribution instead.
 	ClientResponseBytesView = &view.View{
 		Name:        "opencensus.io/http/client/response_bytes",
 		Description: "Size distribution of HTTP response body",
-		Measure:     ClientResponseBytes,
+		Measure:     ClientReceivedBytes,
 		Aggregation: DefaultSizeDistribution,
 	}
 
+	// Deprecated: Use ClientRoundtripLatencyDistribution instead.
 	ClientLatencyView = &view.View{
 		Name:        "opencensus.io/http/client/latency",
 		Description: "Latency distribution of HTTP requests",
-		Measure:     ClientLatency,
+		Measure:     ClientRoundtripLatency,
 		Aggregation: DefaultLatencyDistribution,
 	}
 
+	// Deprecated: Use ClientCompletedCount instead.
 	ClientRequestCountByMethod = &view.View{
 		Name:        "opencensus.io/http/client/request_count_by_method",
 		Description: "Client request count by HTTP method",
 		TagKeys:     []tag.Key{Method},
-		Measure:     ClientRequestCount,
+		Measure:     ClientSentBytes,
 		Aggregation: view.Count(),
 	}
 
+	// Deprecated: Use ClientCompletedCount instead.
 	ClientResponseCountByStatusCode = &view.View{
 		Name:        "opencensus.io/http/client/response_count_by_status_code",
 		Description: "Client response count by status code",
 		TagKeys:     []tag.Key{StatusCode},
-		Measure:     ClientLatency,
+		Measure:     ClientRoundtripLatency,
 		Aggregation: view.Count(),
 	}
+)
 
+// Package ochttp provides some convenience views for server measures.
+// You still need to register these views for data to actually be collected.
+var (
 	ServerRequestCountView = &view.View{
 		Name:        "opencensus.io/http/server/request_count",
 		Description: "Count of HTTP requests started",
@@ -153,6 +270,7 @@ var (
 )
 
 // DefaultClientViews are the default client views provided by this package.
+// Deprecated: No replacement. Register the views you would like individually.
 var DefaultClientViews = []*view.View{
 	ClientRequestCountView,
 	ClientRequestBytesView,
@@ -163,6 +281,7 @@ var DefaultClientViews = []*view.View{
 }
 
 // DefaultServerViews are the default server views provided by this package.
+// Deprecated: No replacement. Register the views you would like individually.
 var DefaultServerViews = []*view.View{
 	ServerRequestCountView,
 	ServerRequestBytesView,
diff --git a/vendor/go.opencensus.io/plugin/ochttp/trace.go b/vendor/go.opencensus.io/plugin/ochttp/trace.go
index 80ee86c7a15a4..ed3a5db561134 100644
--- a/vendor/go.opencensus.io/plugin/ochttp/trace.go
+++ b/vendor/go.opencensus.io/plugin/ochttp/trace.go
@@ -17,7 +17,7 @@ package ochttp
 import (
 	"io"
 	"net/http"
-	"net/url"
+	"net/http/httptrace"
 
 	"go.opencensus.io/plugin/ochttp/propagation/b3"
 	"go.opencensus.io/trace"
@@ -34,14 +34,17 @@ const (
 	HostAttribute       = "http.host"
 	MethodAttribute     = "http.method"
 	PathAttribute       = "http.path"
+	URLAttribute        = "http.url"
 	UserAgentAttribute  = "http.user_agent"
 	StatusCodeAttribute = "http.status_code"
 )
 
 type traceTransport struct {
-	base         http.RoundTripper
-	startOptions trace.StartOptions
-	format       propagation.HTTPFormat
+	base           http.RoundTripper
+	startOptions   trace.StartOptions
+	format         propagation.HTTPFormat
+	formatSpanName func(*http.Request) string
+	newClientTrace func(*http.Request, *trace.Span) *httptrace.ClientTrace
 }
 
 // TODO(jbd): Add message events for request and response size.
@@ -50,15 +53,30 @@ type traceTransport struct {
 // The created span can follow a parent span, if a parent is presented in
 // the request's context.
 func (t *traceTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	name := spanNameFromURL(req.URL)
+	name := t.formatSpanName(req)
 	// TODO(jbd): Discuss whether we want to prefix
 	// outgoing requests with Sent.
-	_, span := trace.StartSpan(req.Context(), name,
+	ctx, span := trace.StartSpan(req.Context(), name,
 		trace.WithSampler(t.startOptions.Sampler),
 		trace.WithSpanKind(trace.SpanKindClient))
 
-	req = req.WithContext(trace.WithSpan(req.Context(), span))
+	if t.newClientTrace != nil {
+		req = req.WithContext(httptrace.WithClientTrace(ctx, t.newClientTrace(req, span)))
+	} else {
+		req = req.WithContext(ctx)
+	}
+
 	if t.format != nil {
+		// SpanContextToRequest will modify its Request argument, which is
+		// contrary to the contract for http.RoundTripper, so we need to
+		// pass it a copy of the Request.
+		// However, the Request struct itself was already copied by
+		// the WithContext calls above and so we just need to copy the header.
+		header := make(http.Header)
+		for k, v := range req.Header {
+			header[k] = v
+		}
+		req.Header = header
 		t.format.SpanContextToRequest(span.SpanContext(), req)
 	}
 
@@ -76,7 +94,8 @@ func (t *traceTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	// span.End() will be invoked after
 	// a read from resp.Body returns io.EOF or when
 	// resp.Body.Close() is invoked.
-	resp.Body = &bodyTracker{rc: resp.Body, span: span}
+	bt := &bodyTracker{rc: resp.Body, span: span}
+	resp.Body = wrappedBody(bt, resp.Body)
 	return resp, err
 }
 
@@ -127,17 +146,26 @@ func (t *traceTransport) CancelRequest(req *http.Request) {
 	}
 }
 
-func spanNameFromURL(u *url.URL) string {
-	return u.Path
+func spanNameFromURL(req *http.Request) string {
+	return req.URL.Path
 }
 
 func requestAttrs(r *http.Request) []trace.Attribute {
-	return []trace.Attribute{
+	userAgent := r.UserAgent()
+
+	attrs := make([]trace.Attribute, 0, 5)
+	attrs = append(attrs,
 		trace.StringAttribute(PathAttribute, r.URL.Path),
-		trace.StringAttribute(HostAttribute, r.URL.Host),
+		trace.StringAttribute(URLAttribute, r.URL.String()),
+		trace.StringAttribute(HostAttribute, r.Host),
 		trace.StringAttribute(MethodAttribute, r.Method),
-		trace.StringAttribute(UserAgentAttribute, r.UserAgent()),
+	)
+
+	if userAgent != "" {
+		attrs = append(attrs, trace.StringAttribute(UserAgentAttribute, userAgent))
 	}
+
+	return attrs
 }
 
 func responseAttrs(resp *http.Response) []trace.Attribute {
@@ -146,7 +174,7 @@ func responseAttrs(resp *http.Response) []trace.Attribute {
 	}
 }
 
-// HTTPStatusToTraceStatus converts the HTTP status code to a trace.Status that
+// TraceStatus is a utility to convert the HTTP status code to a trace.Status that
 // represents the outcome as closely as possible.
 func TraceStatus(httpStatusCode int, statusLine string) trace.Status {
 	var code int32
@@ -158,6 +186,8 @@ func TraceStatus(httpStatusCode int, statusLine string) trace.Status {
 		code = trace.StatusCodeCancelled
 	case http.StatusBadRequest:
 		code = trace.StatusCodeInvalidArgument
+	case http.StatusUnprocessableEntity:
+		code = trace.StatusCodeInvalidArgument
 	case http.StatusGatewayTimeout:
 		code = trace.StatusCodeDeadlineExceeded
 	case http.StatusNotFound:
@@ -174,26 +204,41 @@ func TraceStatus(httpStatusCode int, statusLine string) trace.Status {
 		code = trace.StatusCodeUnavailable
 	case http.StatusOK:
 		code = trace.StatusCodeOK
+	case http.StatusConflict:
+		code = trace.StatusCodeAlreadyExists
 	}
+
 	return trace.Status{Code: code, Message: codeToStr[code]}
 }
 
 var codeToStr = map[int32]string{
-	trace.StatusCodeOK:                 `"OK"`,
-	trace.StatusCodeCancelled:          `"CANCELLED"`,
-	trace.StatusCodeUnknown:            `"UNKNOWN"`,
-	trace.StatusCodeInvalidArgument:    `"INVALID_ARGUMENT"`,
-	trace.StatusCodeDeadlineExceeded:   `"DEADLINE_EXCEEDED"`,
-	trace.StatusCodeNotFound:           `"NOT_FOUND"`,
-	trace.StatusCodeAlreadyExists:      `"ALREADY_EXISTS"`,
-	trace.StatusCodePermissionDenied:   `"PERMISSION_DENIED"`,
-	trace.StatusCodeResourceExhausted:  `"RESOURCE_EXHAUSTED"`,
-	trace.StatusCodeFailedPrecondition: `"FAILED_PRECONDITION"`,
-	trace.StatusCodeAborted:            `"ABORTED"`,
-	trace.StatusCodeOutOfRange:         `"OUT_OF_RANGE"`,
-	trace.StatusCodeUnimplemented:      `"UNIMPLEMENTED"`,
-	trace.StatusCodeInternal:           `"INTERNAL"`,
-	trace.StatusCodeUnavailable:        `"UNAVAILABLE"`,
-	trace.StatusCodeDataLoss:           `"DATA_LOSS"`,
-	trace.StatusCodeUnauthenticated:    `"UNAUTHENTICATED"`,
+	trace.StatusCodeOK:                 `OK`,
+	trace.StatusCodeCancelled:          `CANCELLED`,
+	trace.StatusCodeUnknown:            `UNKNOWN`,
+	trace.StatusCodeInvalidArgument:    `INVALID_ARGUMENT`,
+	trace.StatusCodeDeadlineExceeded:   `DEADLINE_EXCEEDED`,
+	trace.StatusCodeNotFound:           `NOT_FOUND`,
+	trace.StatusCodeAlreadyExists:      `ALREADY_EXISTS`,
+	trace.StatusCodePermissionDenied:   `PERMISSION_DENIED`,
+	trace.StatusCodeResourceExhausted:  `RESOURCE_EXHAUSTED`,
+	trace.StatusCodeFailedPrecondition: `FAILED_PRECONDITION`,
+	trace.StatusCodeAborted:            `ABORTED`,
+	trace.StatusCodeOutOfRange:         `OUT_OF_RANGE`,
+	trace.StatusCodeUnimplemented:      `UNIMPLEMENTED`,
+	trace.StatusCodeInternal:           `INTERNAL`,
+	trace.StatusCodeUnavailable:        `UNAVAILABLE`,
+	trace.StatusCodeDataLoss:           `DATA_LOSS`,
+	trace.StatusCodeUnauthenticated:    `UNAUTHENTICATED`,
+}
+
+func isHealthEndpoint(path string) bool {
+	// Health checking is pretty frequent and
+	// traces collected for health endpoints
+	// can be extremely noisy and expensive.
+	// Disable canonical health checking endpoints
+	// like /healthz and /_ah/health for now.
+	if path == "/healthz" || path == "/_ah/health" {
+		return true
+	}
+	return false
 }
diff --git a/vendor/go.opencensus.io/plugin/ochttp/wrapped_body.go b/vendor/go.opencensus.io/plugin/ochttp/wrapped_body.go
new file mode 100644
index 0000000000000..7d75cae2b1853
--- /dev/null
+++ b/vendor/go.opencensus.io/plugin/ochttp/wrapped_body.go
@@ -0,0 +1,44 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ochttp
+
+import (
+	"io"
+)
+
+// wrappedBody returns a wrapped version of the original
+// Body and only implements the same combination of additional
+// interfaces as the original.
+func wrappedBody(wrapper io.ReadCloser, body io.ReadCloser) io.ReadCloser {
+	var (
+		wr, i0 = body.(io.Writer)
+	)
+	switch {
+	case !i0:
+		return struct {
+			io.ReadCloser
+		}{wrapper}
+
+	case i0:
+		return struct {
+			io.ReadCloser
+			io.Writer
+		}{wrapper, wr}
+	default:
+		return struct {
+			io.ReadCloser
+		}{wrapper}
+	}
+}
diff --git a/vendor/go.opencensus.io/resource/resource.go b/vendor/go.opencensus.io/resource/resource.go
new file mode 100644
index 0000000000000..b1764e1d3b942
--- /dev/null
+++ b/vendor/go.opencensus.io/resource/resource.go
@@ -0,0 +1,164 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package resource provides functionality for resource, which capture
+// identifying information about the entities for which signals are exported.
+package resource
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+)
+
+// Environment variables used by FromEnv to decode a resource.
+const (
+	EnvVarType   = "OC_RESOURCE_TYPE"
+	EnvVarLabels = "OC_RESOURCE_LABELS"
+)
+
+// Resource describes an entity about which identifying information and metadata is exposed.
+// For example, a type "k8s.io/container" may hold labels describing the pod name and namespace.
+type Resource struct {
+	Type   string
+	Labels map[string]string
+}
+
+// EncodeLabels encodes a labels map to a string as provided via the OC_RESOURCE_LABELS environment variable.
+func EncodeLabels(labels map[string]string) string {
+	sortedKeys := make([]string, 0, len(labels))
+	for k := range labels {
+		sortedKeys = append(sortedKeys, k)
+	}
+	sort.Strings(sortedKeys)
+
+	s := ""
+	for i, k := range sortedKeys {
+		if i > 0 {
+			s += ","
+		}
+		s += k + "=" + strconv.Quote(labels[k])
+	}
+	return s
+}
+
+var labelRegex = regexp.MustCompile(`^\s*([[:ascii:]]{1,256}?)=("[[:ascii:]]{0,256}?")\s*,`)
+
+// DecodeLabels decodes a serialized label map as used in the OC_RESOURCE_LABELS variable.
+// A list of labels of the form `<key1>="<value1>",<key2>="<value2>",...` is accepted.
+// Domain names and paths are accepted as label keys.
+// Most users will want to use FromEnv instead.
+func DecodeLabels(s string) (map[string]string, error) {
+	m := map[string]string{}
+	// Ensure a trailing comma, which allows us to keep the regex simpler
+	s = strings.TrimRight(strings.TrimSpace(s), ",") + ","
+
+	for len(s) > 0 {
+		match := labelRegex.FindStringSubmatch(s)
+		if len(match) == 0 {
+			return nil, fmt.Errorf("invalid label formatting, remainder: %s", s)
+		}
+		v := match[2]
+		if v == "" {
+			v = match[3]
+		} else {
+			var err error
+			if v, err = strconv.Unquote(v); err != nil {
+				return nil, fmt.Errorf("invalid label formatting, remainder: %s, err: %s", s, err)
+			}
+		}
+		m[match[1]] = v
+
+		s = s[len(match[0]):]
+	}
+	return m, nil
+}
+
+// FromEnv is a detector that loads resource information from the OC_RESOURCE_TYPE
+// and OC_RESOURCE_labelS environment variables.
+func FromEnv(context.Context) (*Resource, error) {
+	res := &Resource{
+		Type: strings.TrimSpace(os.Getenv(EnvVarType)),
+	}
+	labels := strings.TrimSpace(os.Getenv(EnvVarLabels))
+	if labels == "" {
+		return res, nil
+	}
+	var err error
+	if res.Labels, err = DecodeLabels(labels); err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
+var _ Detector = FromEnv
+
+// merge resource information from b into a. In case of a collision, a takes precedence.
+func merge(a, b *Resource) *Resource {
+	if a == nil {
+		return b
+	}
+	if b == nil {
+		return a
+	}
+	res := &Resource{
+		Type:   a.Type,
+		Labels: map[string]string{},
+	}
+	if res.Type == "" {
+		res.Type = b.Type
+	}
+	for k, v := range b.Labels {
+		res.Labels[k] = v
+	}
+	// Labels from resource a overwrite labels from resource b.
+	for k, v := range a.Labels {
+		res.Labels[k] = v
+	}
+	return res
+}
+
+// Detector attempts to detect resource information.
+// If the detector cannot find resource information, the returned resource is nil but no
+// error is returned.
+// An error is only returned on unexpected failures.
+type Detector func(context.Context) (*Resource, error)
+
+// MultiDetector returns a Detector that calls all input detectors in order and
+// merges each result with the previous one. In case a type of label key is already set,
+// the first set value is takes precedence.
+// It returns on the first error that a sub-detector encounters.
+func MultiDetector(detectors ...Detector) Detector {
+	return func(ctx context.Context) (*Resource, error) {
+		return detectAll(ctx, detectors...)
+	}
+}
+
+// detectall calls all input detectors sequentially an merges each result with the previous one.
+// It returns on the first error that a sub-detector encounters.
+func detectAll(ctx context.Context, detectors ...Detector) (*Resource, error) {
+	var res *Resource
+	for _, d := range detectors {
+		r, err := d(ctx)
+		if err != nil {
+			return nil, err
+		}
+		res = merge(res, r)
+	}
+	return res, nil
+}
diff --git a/vendor/go.opencensus.io/stats/doc.go b/vendor/go.opencensus.io/stats/doc.go
index 7a8a62c1436cc..00d473ee02989 100644
--- a/vendor/go.opencensus.io/stats/doc.go
+++ b/vendor/go.opencensus.io/stats/doc.go
@@ -21,35 +21,49 @@ aggregate the collected data, and export the aggregated data.
 
 Measures
 
-A measure represents a type of metric to be tracked and recorded.
+A measure represents a type of data point to be tracked and recorded.
 For example, latency, request Mb/s, and response Mb/s are measures
 to collect from a server.
 
-Each measure needs to be registered before being used. Measure
-constructors such as Int64 and Float64 automatically
+Measure constructors such as Int64 and Float64 automatically
 register the measure by the given name. Each registered measure needs
 to be unique by name. Measures also have a description and a unit.
 
-Libraries can define and export measures for their end users to
-create views and collect instrumentation data.
+Libraries can define and export measures. Application authors can then
+create views and collect and break down measures by the tags they are
+interested in.
 
 Recording measurements
 
 Measurement is a data point to be collected for a measure. For example,
 for a latency (ms) measure, 100 is a measurement that represents a 100ms
-latency event. Users collect data points on the existing measures with
+latency event. Measurements are created from measures with
 the current context. Tags from the current context are recorded with the
 measurements if they are any.
 
-Recorded measurements are dropped immediately if user is not aggregating
-them via views. Users don't necessarily need to conditionally enable/disable
+Recorded measurements are dropped immediately if no views are registered for them.
+There is usually no need to conditionally enable and disable
 recording to reduce cost. Recording of measurements is cheap.
 
-Libraries can always record measurements, and end-users can later decide
+Libraries can always record measurements, and applications can later decide
 on which measurements they want to collect by registering views. This allows
 libraries to turn on the instrumentation by default.
+
+Exemplars
+
+For a given recorded measurement, the associated exemplar is a diagnostic map
+that gives more information about the measurement.
+
+When aggregated using a Distribution aggregation, an exemplar is kept for each
+bucket in the Distribution. This allows you to easily find an example of a
+measurement that fell into each bucket.
+
+For example, if you also use the OpenCensus trace package and you
+record a measurement with a context that contains a sampled trace span,
+then the trace span will be added to the exemplar associated with the measurement.
+
+When exported to a supporting back end, you should be able to easily navigate
+to example traces that fell into each bucket in the Distribution.
+
 */
 package stats // import "go.opencensus.io/stats"
-
-// TODO(acetechnologist): Add a link to the language independent OpenCensus
-// spec when it is available.
diff --git a/vendor/go.opencensus.io/stats/internal/record.go b/vendor/go.opencensus.io/stats/internal/record.go
index 6341eb2ad7ae2..36935e629b66c 100644
--- a/vendor/go.opencensus.io/stats/internal/record.go
+++ b/vendor/go.opencensus.io/stats/internal/record.go
@@ -19,7 +19,7 @@ import (
 )
 
 // DefaultRecorder will be called for each Record call.
-var DefaultRecorder func(*tag.Map, interface{})
+var DefaultRecorder func(tags *tag.Map, measurement interface{}, attachments map[string]interface{})
 
 // SubscriptionReporter reports when a view subscribed with a measure.
 var SubscriptionReporter func(measure string)
diff --git a/vendor/go.opencensus.io/stats/internal/validation.go b/vendor/go.opencensus.io/stats/internal/validation.go
deleted file mode 100644
index b946667f961d2..0000000000000
--- a/vendor/go.opencensus.io/stats/internal/validation.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2018, OpenCensus Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package internal // import "go.opencensus.io/stats/internal"
-
-const (
-	MaxNameLength = 255
-)
-
-func IsPrintable(str string) bool {
-	for _, r := range str {
-		if !(r >= ' ' && r <= '~') {
-			return false
-		}
-	}
-	return true
-}
diff --git a/vendor/go.opencensus.io/stats/measure.go b/vendor/go.opencensus.io/stats/measure.go
index aa555c209ce77..1ffd3cefc730c 100644
--- a/vendor/go.opencensus.io/stats/measure.go
+++ b/vendor/go.opencensus.io/stats/measure.go
@@ -20,19 +20,31 @@ import (
 	"sync/atomic"
 )
 
-// Measure represents a type of metric to be tracked and recorded.
-// For example, latency, request Mb/s, and response Mb/s are measures
+// Measure represents a single numeric value to be tracked and recorded.
+// For example, latency, request bytes, and response bytes could be measures
 // to collect from a server.
 //
-// Each measure needs to be registered before being used.
-// Measure constructors such as Int64 and
-// Float64 automatically registers the measure
-// by the given name.
-// Each registered measure needs to be unique by name.
-// Measures also have a description and a unit.
+// Measures by themselves have no outside effects. In order to be exported,
+// the measure needs to be used in a View. If no Views are defined over a
+// measure, there is very little cost in recording it.
 type Measure interface {
+	// Name returns the name of this measure.
+	//
+	// Measure names are globally unique (among all libraries linked into your program).
+	// We recommend prefixing the measure name with a domain name relevant to your
+	// project or application.
+	//
+	// Measure names are never sent over the wire or exported to backends.
+	// They are only used to create Views.
 	Name() string
+
+	// Description returns the human-readable description of this measure.
 	Description() string
+
+	// Unit returns the units for the values this measure takes on.
+	//
+	// Units are encoded according to the case-sensitive abbreviations from the
+	// Unified Code for Units of Measure: http://unitsofmeasure.org/ucum.html
 	Unit() string
 }
 
@@ -81,8 +93,9 @@ func registerMeasureHandle(name, desc, unit string) *measureDescriptor {
 // provides methods to create measurements of their kind. For example, Int64Measure
 // provides M to convert an int64 into a measurement.
 type Measurement struct {
-	v float64
-	m Measure
+	v    float64
+	m    Measure
+	desc *measureDescriptor
 }
 
 // Value returns the value of the Measurement as a float64.
diff --git a/vendor/go.opencensus.io/stats/measure_float64.go b/vendor/go.opencensus.io/stats/measure_float64.go
index 8de6b52218d46..f02c1eda845d2 100644
--- a/vendor/go.opencensus.io/stats/measure_float64.go
+++ b/vendor/go.opencensus.io/stats/measure_float64.go
@@ -15,38 +15,41 @@
 
 package stats
 
-// Float64Measure is a measure of type float64.
+// Float64Measure is a measure for float64 values.
 type Float64Measure struct {
-	md *measureDescriptor
+	desc *measureDescriptor
+}
+
+// M creates a new float64 measurement.
+// Use Record to record measurements.
+func (m *Float64Measure) M(v float64) Measurement {
+	return Measurement{
+		m:    m,
+		desc: m.desc,
+		v:    v,
+	}
+}
+
+// Float64 creates a new measure for float64 values.
+//
+// See the documentation for interface Measure for more guidance on the
+// parameters of this function.
+func Float64(name, description, unit string) *Float64Measure {
+	mi := registerMeasureHandle(name, description, unit)
+	return &Float64Measure{mi}
 }
 
 // Name returns the name of the measure.
 func (m *Float64Measure) Name() string {
-	return m.md.name
+	return m.desc.name
 }
 
 // Description returns the description of the measure.
 func (m *Float64Measure) Description() string {
-	return m.md.description
+	return m.desc.description
 }
 
 // Unit returns the unit of the measure.
 func (m *Float64Measure) Unit() string {
-	return m.md.unit
-}
-
-// M creates a new float64 measurement.
-// Use Record to record measurements.
-func (m *Float64Measure) M(v float64) Measurement {
-	if !m.md.subscribed() {
-		return Measurement{}
-	}
-	return Measurement{m: m, v: v}
-}
-
-// Float64 creates a new measure of type Float64Measure.
-// It never returns an error.
-func Float64(name, description, unit string) *Float64Measure {
-	mi := registerMeasureHandle(name, description, unit)
-	return &Float64Measure{mi}
+	return m.desc.unit
 }
diff --git a/vendor/go.opencensus.io/stats/measure_int64.go b/vendor/go.opencensus.io/stats/measure_int64.go
index b6fd25f0d3af1..d101d79735813 100644
--- a/vendor/go.opencensus.io/stats/measure_int64.go
+++ b/vendor/go.opencensus.io/stats/measure_int64.go
@@ -15,38 +15,41 @@
 
 package stats
 
-// Int64Measure is a measure of type int64.
+// Int64Measure is a measure for int64 values.
 type Int64Measure struct {
-	md *measureDescriptor
+	desc *measureDescriptor
+}
+
+// M creates a new int64 measurement.
+// Use Record to record measurements.
+func (m *Int64Measure) M(v int64) Measurement {
+	return Measurement{
+		m:    m,
+		desc: m.desc,
+		v:    float64(v),
+	}
+}
+
+// Int64 creates a new measure for int64 values.
+//
+// See the documentation for interface Measure for more guidance on the
+// parameters of this function.
+func Int64(name, description, unit string) *Int64Measure {
+	mi := registerMeasureHandle(name, description, unit)
+	return &Int64Measure{mi}
 }
 
 // Name returns the name of the measure.
 func (m *Int64Measure) Name() string {
-	return m.md.name
+	return m.desc.name
 }
 
 // Description returns the description of the measure.
 func (m *Int64Measure) Description() string {
-	return m.md.description
+	return m.desc.description
 }
 
 // Unit returns the unit of the measure.
 func (m *Int64Measure) Unit() string {
-	return m.md.unit
-}
-
-// M creates a new int64 measurement.
-// Use Record to record measurements.
-func (m *Int64Measure) M(v int64) Measurement {
-	if !m.md.subscribed() {
-		return Measurement{}
-	}
-	return Measurement{m: m, v: float64(v)}
-}
-
-// Int64 creates a new measure of type Int64Measure.
-// It never returns an error.
-func Int64(name, description, unit string) *Int64Measure {
-	mi := registerMeasureHandle(name, description, unit)
-	return &Int64Measure{mi}
+	return m.desc.unit
 }
diff --git a/vendor/go.opencensus.io/stats/record.go b/vendor/go.opencensus.io/stats/record.go
index 98865ff69723b..ad4691184dfc5 100644
--- a/vendor/go.opencensus.io/stats/record.go
+++ b/vendor/go.opencensus.io/stats/record.go
@@ -18,6 +18,7 @@ package stats
 import (
 	"context"
 
+	"go.opencensus.io/metric/metricdata"
 	"go.opencensus.io/stats/internal"
 	"go.opencensus.io/tag"
 )
@@ -30,23 +31,87 @@ func init() {
 	}
 }
 
-// Record records one or multiple measurements with the same tags at once.
+type recordOptions struct {
+	attachments  metricdata.Attachments
+	mutators     []tag.Mutator
+	measurements []Measurement
+}
+
+// WithAttachments applies provided exemplar attachments.
+func WithAttachments(attachments metricdata.Attachments) Options {
+	return func(ro *recordOptions) {
+		ro.attachments = attachments
+	}
+}
+
+// WithTags applies provided tag mutators.
+func WithTags(mutators ...tag.Mutator) Options {
+	return func(ro *recordOptions) {
+		ro.mutators = mutators
+	}
+}
+
+// WithMeasurements applies provided measurements.
+func WithMeasurements(measurements ...Measurement) Options {
+	return func(ro *recordOptions) {
+		ro.measurements = measurements
+	}
+}
+
+// Options apply changes to recordOptions.
+type Options func(*recordOptions)
+
+func createRecordOption(ros ...Options) *recordOptions {
+	o := &recordOptions{}
+	for _, ro := range ros {
+		ro(o)
+	}
+	return o
+}
+
+// Record records one or multiple measurements with the same context at once.
 // If there are any tags in the context, measurements will be tagged with them.
 func Record(ctx context.Context, ms ...Measurement) {
-	if len(ms) == 0 {
-		return
+	RecordWithOptions(ctx, WithMeasurements(ms...))
+}
+
+// RecordWithTags records one or multiple measurements at once.
+//
+// Measurements will be tagged with the tags in the context mutated by the mutators.
+// RecordWithTags is useful if you want to record with tag mutations but don't want
+// to propagate the mutations in the context.
+func RecordWithTags(ctx context.Context, mutators []tag.Mutator, ms ...Measurement) error {
+	return RecordWithOptions(ctx, WithTags(mutators...), WithMeasurements(ms...))
+}
+
+// RecordWithOptions records measurements from the given options (if any) against context
+// and tags and attachments in the options (if any).
+// If there are any tags in the context, measurements will be tagged with them.
+func RecordWithOptions(ctx context.Context, ros ...Options) error {
+	o := createRecordOption(ros...)
+	if len(o.measurements) == 0 {
+		return nil
 	}
-	var record bool
-	for _, m := range ms {
-		if (m != Measurement{}) {
+	recorder := internal.DefaultRecorder
+	if recorder == nil {
+		return nil
+	}
+	record := false
+	for _, m := range o.measurements {
+		if m.desc.subscribed() {
 			record = true
 			break
 		}
 	}
 	if !record {
-		return
+		return nil
 	}
-	if internal.DefaultRecorder != nil {
-		internal.DefaultRecorder(tag.FromContext(ctx), ms)
+	if len(o.mutators) > 0 {
+		var err error
+		if ctx, err = tag.New(ctx, o.mutators...); err != nil {
+			return err
+		}
 	}
+	recorder(tag.FromContext(ctx), o.measurements, o.attachments)
+	return nil
 }
diff --git a/vendor/go.opencensus.io/stats/units.go b/vendor/go.opencensus.io/stats/units.go
index 6931a5f296616..736399652cc80 100644
--- a/vendor/go.opencensus.io/stats/units.go
+++ b/vendor/go.opencensus.io/stats/units.go
@@ -22,4 +22,5 @@ const (
 	UnitDimensionless = "1"
 	UnitBytes         = "By"
 	UnitMilliseconds  = "ms"
+	UnitSeconds       = "s"
 )
diff --git a/vendor/go.opencensus.io/stats/view/aggregation.go b/vendor/go.opencensus.io/stats/view/aggregation.go
index b7f169b4a5f0d..9d7093728ed87 100644
--- a/vendor/go.opencensus.io/stats/view/aggregation.go
+++ b/vendor/go.opencensus.io/stats/view/aggregation.go
@@ -82,7 +82,7 @@ func Sum() *Aggregation {
 // Distribution indicates that the desired aggregation is
 // a histogram distribution.
 //
-// An distribution aggregation may contain a histogram of the values in the
+// A distribution aggregation may contain a histogram of the values in the
 // population. The bucket boundaries for that histogram are described
 // by the bounds. This defines len(bounds)+1 buckets.
 //
@@ -99,13 +99,14 @@ func Sum() *Aggregation {
 // If len(bounds) is 1 then there is no finite buckets, and that single
 // element is the common boundary of the overflow and underflow buckets.
 func Distribution(bounds ...float64) *Aggregation {
-	return &Aggregation{
+	agg := &Aggregation{
 		Type:    AggTypeDistribution,
 		Buckets: bounds,
-		newData: func() AggregationData {
-			return newDistributionData(bounds)
-		},
 	}
+	agg.newData = func() AggregationData {
+		return newDistributionData(agg)
+	}
+	return agg
 }
 
 // LastValue only reports the last value recorded using this
diff --git a/vendor/go.opencensus.io/stats/view/aggregation_data.go b/vendor/go.opencensus.io/stats/view/aggregation_data.go
index 88c500bff9eaa..f331d456e9bb1 100644
--- a/vendor/go.opencensus.io/stats/view/aggregation_data.go
+++ b/vendor/go.opencensus.io/stats/view/aggregation_data.go
@@ -17,6 +17,9 @@ package view
 
 import (
 	"math"
+	"time"
+
+	"go.opencensus.io/metric/metricdata"
 )
 
 // AggregationData represents an aggregated value from a collection.
@@ -24,9 +27,10 @@ import (
 // Mosts users won't directly access aggregration data.
 type AggregationData interface {
 	isAggregationData() bool
-	addSample(v float64)
+	addSample(v float64, attachments map[string]interface{}, t time.Time)
 	clone() AggregationData
 	equal(other AggregationData) bool
+	toPoint(t metricdata.Type, time time.Time) metricdata.Point
 }
 
 const epsilon = 1e-9
@@ -41,7 +45,7 @@ type CountData struct {
 
 func (a *CountData) isAggregationData() bool { return true }
 
-func (a *CountData) addSample(v float64) {
+func (a *CountData) addSample(_ float64, _ map[string]interface{}, _ time.Time) {
 	a.Value = a.Value + 1
 }
 
@@ -58,6 +62,15 @@ func (a *CountData) equal(other AggregationData) bool {
 	return a.Value == a2.Value
 }
 
+func (a *CountData) toPoint(metricType metricdata.Type, t time.Time) metricdata.Point {
+	switch metricType {
+	case metricdata.TypeCumulativeInt64:
+		return metricdata.NewInt64Point(t, a.Value)
+	default:
+		panic("unsupported metricdata.Type")
+	}
+}
+
 // SumData is the aggregated data for the Sum aggregation.
 // A sum aggregation processes data and sums up the recordings.
 //
@@ -68,8 +81,8 @@ type SumData struct {
 
 func (a *SumData) isAggregationData() bool { return true }
 
-func (a *SumData) addSample(f float64) {
-	a.Value += f
+func (a *SumData) addSample(v float64, _ map[string]interface{}, _ time.Time) {
+	a.Value += v
 }
 
 func (a *SumData) clone() AggregationData {
@@ -84,26 +97,45 @@ func (a *SumData) equal(other AggregationData) bool {
 	return math.Pow(a.Value-a2.Value, 2) < epsilon
 }
 
+func (a *SumData) toPoint(metricType metricdata.Type, t time.Time) metricdata.Point {
+	switch metricType {
+	case metricdata.TypeCumulativeInt64:
+		return metricdata.NewInt64Point(t, int64(a.Value))
+	case metricdata.TypeCumulativeFloat64:
+		return metricdata.NewFloat64Point(t, a.Value)
+	default:
+		panic("unsupported metricdata.Type")
+	}
+}
+
 // DistributionData is the aggregated data for the
 // Distribution aggregation.
 //
 // Most users won't directly access distribution data.
+//
+// For a distribution with N bounds, the associated DistributionData will have
+// N+1 buckets.
 type DistributionData struct {
-	Count           int64     // number of data points aggregated
-	Min             float64   // minimum value in the distribution
-	Max             float64   // max value in the distribution
-	Mean            float64   // mean of the distribution
-	SumOfSquaredDev float64   // sum of the squared deviation from the mean
-	CountPerBucket  []int64   // number of occurrences per bucket
-	bounds          []float64 // histogram distribution of the values
+	Count           int64   // number of data points aggregated
+	Min             float64 // minimum value in the distribution
+	Max             float64 // max value in the distribution
+	Mean            float64 // mean of the distribution
+	SumOfSquaredDev float64 // sum of the squared deviation from the mean
+	CountPerBucket  []int64 // number of occurrences per bucket
+	// ExemplarsPerBucket is slice the same length as CountPerBucket containing
+	// an exemplar for the associated bucket, or nil.
+	ExemplarsPerBucket []*metricdata.Exemplar
+	bounds             []float64 // histogram distribution of the values
 }
 
-func newDistributionData(bounds []float64) *DistributionData {
+func newDistributionData(agg *Aggregation) *DistributionData {
+	bucketCount := len(agg.Buckets) + 1
 	return &DistributionData{
-		CountPerBucket: make([]int64, len(bounds)+1),
-		bounds:         bounds,
-		Min:            math.MaxFloat64,
-		Max:            math.SmallestNonzeroFloat64,
+		CountPerBucket:     make([]int64, bucketCount),
+		ExemplarsPerBucket: make([]*metricdata.Exemplar, bucketCount),
+		bounds:             agg.Buckets,
+		Min:                math.MaxFloat64,
+		Max:                math.SmallestNonzeroFloat64,
 	}
 }
 
@@ -119,46 +151,62 @@ func (a *DistributionData) variance() float64 {
 
 func (a *DistributionData) isAggregationData() bool { return true }
 
-func (a *DistributionData) addSample(f float64) {
-	if f < a.Min {
-		a.Min = f
+// TODO(songy23): support exemplar attachments.
+func (a *DistributionData) addSample(v float64, attachments map[string]interface{}, t time.Time) {
+	if v < a.Min {
+		a.Min = v
 	}
-	if f > a.Max {
-		a.Max = f
+	if v > a.Max {
+		a.Max = v
 	}
 	a.Count++
-	a.incrementBucketCount(f)
+	a.addToBucket(v, attachments, t)
 
 	if a.Count == 1 {
-		a.Mean = f
+		a.Mean = v
 		return
 	}
 
 	oldMean := a.Mean
-	a.Mean = a.Mean + (f-a.Mean)/float64(a.Count)
-	a.SumOfSquaredDev = a.SumOfSquaredDev + (f-oldMean)*(f-a.Mean)
+	a.Mean = a.Mean + (v-a.Mean)/float64(a.Count)
+	a.SumOfSquaredDev = a.SumOfSquaredDev + (v-oldMean)*(v-a.Mean)
 }
 
-func (a *DistributionData) incrementBucketCount(f float64) {
-	if len(a.bounds) == 0 {
-		a.CountPerBucket[0]++
-		return
+func (a *DistributionData) addToBucket(v float64, attachments map[string]interface{}, t time.Time) {
+	var count *int64
+	var i int
+	var b float64
+	for i, b = range a.bounds {
+		if v < b {
+			count = &a.CountPerBucket[i]
+			break
+		}
+	}
+	if count == nil { // Last bucket.
+		i = len(a.bounds)
+		count = &a.CountPerBucket[i]
+	}
+	*count++
+	if exemplar := getExemplar(v, attachments, t); exemplar != nil {
+		a.ExemplarsPerBucket[i] = exemplar
 	}
+}
 
-	for i, b := range a.bounds {
-		if f < b {
-			a.CountPerBucket[i]++
-			return
-		}
+func getExemplar(v float64, attachments map[string]interface{}, t time.Time) *metricdata.Exemplar {
+	if len(attachments) == 0 {
+		return nil
+	}
+	return &metricdata.Exemplar{
+		Value:       v,
+		Timestamp:   t,
+		Attachments: attachments,
 	}
-	a.CountPerBucket[len(a.bounds)]++
 }
 
 func (a *DistributionData) clone() AggregationData {
-	counts := make([]int64, len(a.CountPerBucket))
-	copy(counts, a.CountPerBucket)
 	c := *a
-	c.CountPerBucket = counts
+	c.CountPerBucket = append([]int64(nil), a.CountPerBucket...)
+	c.ExemplarsPerBucket = append([]*metricdata.Exemplar(nil), a.ExemplarsPerBucket...)
 	return &c
 }
 
@@ -181,6 +229,33 @@ func (a *DistributionData) equal(other AggregationData) bool {
 	return a.Count == a2.Count && a.Min == a2.Min && a.Max == a2.Max && math.Pow(a.Mean-a2.Mean, 2) < epsilon && math.Pow(a.variance()-a2.variance(), 2) < epsilon
 }
 
+func (a *DistributionData) toPoint(metricType metricdata.Type, t time.Time) metricdata.Point {
+	switch metricType {
+	case metricdata.TypeCumulativeDistribution:
+		buckets := []metricdata.Bucket{}
+		for i := 0; i < len(a.CountPerBucket); i++ {
+			buckets = append(buckets, metricdata.Bucket{
+				Count:    a.CountPerBucket[i],
+				Exemplar: a.ExemplarsPerBucket[i],
+			})
+		}
+		bucketOptions := &metricdata.BucketOptions{Bounds: a.bounds}
+
+		val := &metricdata.Distribution{
+			Count:                 a.Count,
+			Sum:                   a.Sum(),
+			SumOfSquaredDeviation: a.SumOfSquaredDev,
+			BucketOptions:         bucketOptions,
+			Buckets:               buckets,
+		}
+		return metricdata.NewDistributionPoint(t, val)
+
+	default:
+		// TODO: [rghetia] when we have a use case for TypeGaugeDistribution.
+		panic("unsupported metricdata.Type")
+	}
+}
+
 // LastValueData returns the last value recorded for LastValue aggregation.
 type LastValueData struct {
 	Value float64
@@ -190,7 +265,7 @@ func (l *LastValueData) isAggregationData() bool {
 	return true
 }
 
-func (l *LastValueData) addSample(v float64) {
+func (l *LastValueData) addSample(v float64, _ map[string]interface{}, _ time.Time) {
 	l.Value = v
 }
 
@@ -205,3 +280,14 @@ func (l *LastValueData) equal(other AggregationData) bool {
 	}
 	return l.Value == a2.Value
 }
+
+func (l *LastValueData) toPoint(metricType metricdata.Type, t time.Time) metricdata.Point {
+	switch metricType {
+	case metricdata.TypeGaugeInt64:
+		return metricdata.NewInt64Point(t, int64(l.Value))
+	case metricdata.TypeGaugeFloat64:
+		return metricdata.NewFloat64Point(t, l.Value)
+	default:
+		panic("unsupported metricdata.Type")
+	}
+}
diff --git a/vendor/go.opencensus.io/stats/view/collector.go b/vendor/go.opencensus.io/stats/view/collector.go
index 863a5b62a1c73..8a6a2c0fdc9fb 100644
--- a/vendor/go.opencensus.io/stats/view/collector.go
+++ b/vendor/go.opencensus.io/stats/view/collector.go
@@ -17,6 +17,7 @@ package view
 
 import (
 	"sort"
+	"time"
 
 	"go.opencensus.io/internal/tagencoding"
 	"go.opencensus.io/tag"
@@ -31,20 +32,21 @@ type collector struct {
 	a *Aggregation
 }
 
-func (c *collector) addSample(s string, v float64) {
+func (c *collector) addSample(s string, v float64, attachments map[string]interface{}, t time.Time) {
 	aggregator, ok := c.signatures[s]
 	if !ok {
 		aggregator = c.a.newData()
 		c.signatures[s] = aggregator
 	}
-	aggregator.addSample(v)
+	aggregator.addSample(v, attachments, t)
 }
 
+// collectRows returns a snapshot of the collected Row values.
 func (c *collector) collectedRows(keys []tag.Key) []*Row {
-	var rows []*Row
+	rows := make([]*Row, 0, len(c.signatures))
 	for sig, aggregator := range c.signatures {
 		tags := decodeTags([]byte(sig), keys)
-		row := &Row{tags, aggregator}
+		row := &Row{Tags: tags, Data: aggregator.clone()}
 		rows = append(rows, row)
 	}
 	return rows
diff --git a/vendor/go.opencensus.io/stats/view/doc.go b/vendor/go.opencensus.io/stats/view/doc.go
index 856fb4e153442..7bbedfe1ff23a 100644
--- a/vendor/go.opencensus.io/stats/view/doc.go
+++ b/vendor/go.opencensus.io/stats/view/doc.go
@@ -13,33 +13,34 @@
 // limitations under the License.
 //
 
-/*
-Package view contains support for collecting and exposing aggregates over stats.
-
-In order to collect measurements, views need to be defined and registered.
-A view allows recorded measurements to be filtered and aggregated over a time window.
-
-All recorded measurements can be filtered by a list of tags.
-
-OpenCensus provides several aggregation methods: count, distribution and sum.
-Count aggregation only counts the number of measurement points. Distribution
-aggregation provides statistical summary of the aggregated data. Sum distribution
-sums up the measurement points. Aggregations are cumulative.
-
-Users can dynamically create and delete views.
-
-Libraries can export their own views and claim the view names
-by registering them themselves.
-
-Exporting
-
-Collected and aggregated data can be exported to a metric collection
-backend by registering its exporter.
-
-Multiple exporters can be registered to upload the data to various
-different backends. Users need to unregister the exporters once they
-no longer are needed.
-*/
+// Package view contains support for collecting and exposing aggregates over stats.
+//
+// In order to collect measurements, views need to be defined and registered.
+// A view allows recorded measurements to be filtered and aggregated.
+//
+// All recorded measurements can be grouped by a list of tags.
+//
+// OpenCensus provides several aggregation methods: Count, Distribution and Sum.
+//
+// Count only counts the number of measurement points recorded.
+// Distribution provides statistical summary of the aggregated data by counting
+// how many recorded measurements fall into each bucket.
+// Sum adds up the measurement values.
+// LastValue just keeps track of the most recently recorded measurement value.
+// All aggregations are cumulative.
+//
+// Views can be registered and unregistered at any time during program execution.
+//
+// Libraries can define views but it is recommended that in most cases registering
+// views be left up to applications.
+//
+// Exporting
+//
+// Collected and aggregated data can be exported to a metric collection
+// backend by registering its exporter.
+//
+// Multiple exporters can be registered to upload the data to various
+// different back ends.
 package view // import "go.opencensus.io/stats/view"
 
 // TODO(acetechnologist): Add a link to the language independent OpenCensus
diff --git a/vendor/go.opencensus.io/stats/view/export.go b/vendor/go.opencensus.io/stats/view/export.go
index ffd0d1ac70655..7cb59718f5fea 100644
--- a/vendor/go.opencensus.io/stats/view/export.go
+++ b/vendor/go.opencensus.io/stats/view/export.go
@@ -27,6 +27,9 @@ var (
 // Exporter takes a significant amount of time to
 // process a Data, that work should be done on another goroutine.
 //
+// It is safe to assume that ExportView will not be called concurrently from
+// multiple goroutines.
+//
 // The Data should not be modified.
 type Exporter interface {
 	ExportView(viewData *Data)
diff --git a/vendor/go.opencensus.io/stats/view/view.go b/vendor/go.opencensus.io/stats/view/view.go
index 87bf5d4669abc..293b54ecbedc2 100644
--- a/vendor/go.opencensus.io/stats/view/view.go
+++ b/vendor/go.opencensus.io/stats/view/view.go
@@ -17,19 +17,20 @@ package view
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"reflect"
 	"sort"
 	"sync/atomic"
 	"time"
 
+	"go.opencensus.io/metric/metricdata"
 	"go.opencensus.io/stats"
-	"go.opencensus.io/stats/internal"
 	"go.opencensus.io/tag"
 )
 
 // View allows users to aggregate the recorded stats.Measurements.
-// Views need to be passed to the Subscribe function to be before data will be
+// Views need to be passed to the Register function before data will be
 // collected and sent to Exporters.
 type View struct {
 	Name        string // Name of View. Must be unique. If unset, will default to the name of the Measure.
@@ -42,7 +43,7 @@ type View struct {
 	// Measure is a stats.Measure to aggregate in this view.
 	Measure stats.Measure
 
-	// Aggregation is the aggregation function tp apply to the set of Measurements.
+	// Aggregation is the aggregation function to apply to the set of Measurements.
 	Aggregation *Aggregation
 }
 
@@ -67,14 +68,19 @@ func (v *View) same(other *View) bool {
 		v.Measure.Name() == other.Measure.Name()
 }
 
+// ErrNegativeBucketBounds error returned if histogram contains negative bounds.
+//
+// Deprecated: this should not be public.
+var ErrNegativeBucketBounds = errors.New("negative bucket bounds not supported")
+
 // canonicalize canonicalizes v by setting explicit
 // defaults for Name and Description and sorting the TagKeys
 func (v *View) canonicalize() error {
 	if v.Measure == nil {
-		return fmt.Errorf("cannot subscribe view %q: measure not set", v.Name)
+		return fmt.Errorf("cannot register view %q: measure not set", v.Name)
 	}
 	if v.Aggregation == nil {
-		return fmt.Errorf("cannot subscribe view %q: aggregation not set", v.Name)
+		return fmt.Errorf("cannot register view %q: aggregation not set", v.Name)
 	}
 	if v.Name == "" {
 		v.Name = v.Measure.Name()
@@ -88,20 +94,40 @@ func (v *View) canonicalize() error {
 	sort.Slice(v.TagKeys, func(i, j int) bool {
 		return v.TagKeys[i].Name() < v.TagKeys[j].Name()
 	})
+	sort.Float64s(v.Aggregation.Buckets)
+	for _, b := range v.Aggregation.Buckets {
+		if b < 0 {
+			return ErrNegativeBucketBounds
+		}
+	}
+	// drop 0 bucket silently.
+	v.Aggregation.Buckets = dropZeroBounds(v.Aggregation.Buckets...)
+
 	return nil
 }
 
+func dropZeroBounds(bounds ...float64) []float64 {
+	for i, bound := range bounds {
+		if bound > 0 {
+			return bounds[i:]
+		}
+	}
+	return []float64{}
+}
+
 // viewInternal is the internal representation of a View.
 type viewInternal struct {
-	view       *View  // view is the canonicalized View definition associated with this view.
-	subscribed uint32 // 1 if someone is subscribed and data need to be exported, use atomic to access
-	collector  *collector
+	view             *View  // view is the canonicalized View definition associated with this view.
+	subscribed       uint32 // 1 if someone is subscribed and data need to be exported, use atomic to access
+	collector        *collector
+	metricDescriptor *metricdata.Descriptor
 }
 
 func newViewInternal(v *View) (*viewInternal, error) {
 	return &viewInternal{
-		view:      v,
-		collector: &collector{make(map[string]AggregationData), v.Aggregation},
+		view:             v,
+		collector:        &collector{make(map[string]AggregationData), v.Aggregation},
+		metricDescriptor: viewToMetricDescriptor(v),
 	}, nil
 }
 
@@ -127,12 +153,12 @@ func (v *viewInternal) collectedRows() []*Row {
 	return v.collector.collectedRows(v.view.TagKeys)
 }
 
-func (v *viewInternal) addSample(m *tag.Map, val float64) {
+func (v *viewInternal) addSample(m *tag.Map, val float64, attachments map[string]interface{}, t time.Time) {
 	if !v.isSubscribed() {
 		return
 	}
 	sig := string(encodeWithKeys(m, v.view.TagKeys))
-	v.collector.addSample(sig, val)
+	v.collector.addSample(sig, val, attachments, t)
 }
 
 // A Data is a set of rows about usage of the single measure associated
@@ -163,7 +189,7 @@ func (r *Row) String() string {
 }
 
 // Equal returns true if both rows are equal. Tags are expected to be ordered
-// by the key name. Even both rows have the same tags but the tags appear in
+// by the key name. Even if both rows have the same tags but the tags appear in
 // different orders it will return false.
 func (r *Row) Equal(other *Row) bool {
 	if r == other {
@@ -172,11 +198,23 @@ func (r *Row) Equal(other *Row) bool {
 	return reflect.DeepEqual(r.Tags, other.Tags) && r.Data.equal(other.Data)
 }
 
+const maxNameLength = 255
+
+// Returns true if the given string contains only printable characters.
+func isPrintable(str string) bool {
+	for _, r := range str {
+		if !(r >= ' ' && r <= '~') {
+			return false
+		}
+	}
+	return true
+}
+
 func checkViewName(name string) error {
-	if len(name) > internal.MaxNameLength {
-		return fmt.Errorf("view name cannot be larger than %v", internal.MaxNameLength)
+	if len(name) > maxNameLength {
+		return fmt.Errorf("view name cannot be larger than %v", maxNameLength)
 	}
-	if !internal.IsPrintable(name) {
+	if !isPrintable(name) {
 		return fmt.Errorf("view name needs to be an ASCII string")
 	}
 	return nil
diff --git a/vendor/go.opencensus.io/stats/view/view_to_metric.go b/vendor/go.opencensus.io/stats/view/view_to_metric.go
new file mode 100644
index 0000000000000..293c1646df213
--- /dev/null
+++ b/vendor/go.opencensus.io/stats/view/view_to_metric.go
@@ -0,0 +1,149 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package view
+
+import (
+	"time"
+
+	"go.opencensus.io/metric/metricdata"
+	"go.opencensus.io/stats"
+)
+
+func getUnit(unit string) metricdata.Unit {
+	switch unit {
+	case "1":
+		return metricdata.UnitDimensionless
+	case "ms":
+		return metricdata.UnitMilliseconds
+	case "By":
+		return metricdata.UnitBytes
+	}
+	return metricdata.UnitDimensionless
+}
+
+func getType(v *View) metricdata.Type {
+	m := v.Measure
+	agg := v.Aggregation
+
+	switch agg.Type {
+	case AggTypeSum:
+		switch m.(type) {
+		case *stats.Int64Measure:
+			return metricdata.TypeCumulativeInt64
+		case *stats.Float64Measure:
+			return metricdata.TypeCumulativeFloat64
+		default:
+			panic("unexpected measure type")
+		}
+	case AggTypeDistribution:
+		return metricdata.TypeCumulativeDistribution
+	case AggTypeLastValue:
+		switch m.(type) {
+		case *stats.Int64Measure:
+			return metricdata.TypeGaugeInt64
+		case *stats.Float64Measure:
+			return metricdata.TypeGaugeFloat64
+		default:
+			panic("unexpected measure type")
+		}
+	case AggTypeCount:
+		switch m.(type) {
+		case *stats.Int64Measure:
+			return metricdata.TypeCumulativeInt64
+		case *stats.Float64Measure:
+			return metricdata.TypeCumulativeInt64
+		default:
+			panic("unexpected measure type")
+		}
+	default:
+		panic("unexpected aggregation type")
+	}
+}
+
+func getLabelKeys(v *View) []metricdata.LabelKey {
+	labelKeys := []metricdata.LabelKey{}
+	for _, k := range v.TagKeys {
+		labelKeys = append(labelKeys, metricdata.LabelKey{Key: k.Name()})
+	}
+	return labelKeys
+}
+
+func viewToMetricDescriptor(v *View) *metricdata.Descriptor {
+	return &metricdata.Descriptor{
+		Name:        v.Name,
+		Description: v.Description,
+		Unit:        convertUnit(v),
+		Type:        getType(v),
+		LabelKeys:   getLabelKeys(v),
+	}
+}
+
+func convertUnit(v *View) metricdata.Unit {
+	switch v.Aggregation.Type {
+	case AggTypeCount:
+		return metricdata.UnitDimensionless
+	default:
+		return getUnit(v.Measure.Unit())
+	}
+}
+
+func toLabelValues(row *Row, expectedKeys []metricdata.LabelKey) []metricdata.LabelValue {
+	labelValues := []metricdata.LabelValue{}
+	tagMap := make(map[string]string)
+	for _, tag := range row.Tags {
+		tagMap[tag.Key.Name()] = tag.Value
+	}
+
+	for _, key := range expectedKeys {
+		if val, ok := tagMap[key.Key]; ok {
+			labelValues = append(labelValues, metricdata.NewLabelValue(val))
+		} else {
+			labelValues = append(labelValues, metricdata.LabelValue{})
+		}
+	}
+	return labelValues
+}
+
+func rowToTimeseries(v *viewInternal, row *Row, now time.Time, startTime time.Time) *metricdata.TimeSeries {
+	return &metricdata.TimeSeries{
+		Points:      []metricdata.Point{row.Data.toPoint(v.metricDescriptor.Type, now)},
+		LabelValues: toLabelValues(row, v.metricDescriptor.LabelKeys),
+		StartTime:   startTime,
+	}
+}
+
+func viewToMetric(v *viewInternal, now time.Time, startTime time.Time) *metricdata.Metric {
+	if v.metricDescriptor.Type == metricdata.TypeGaugeInt64 ||
+		v.metricDescriptor.Type == metricdata.TypeGaugeFloat64 {
+		startTime = time.Time{}
+	}
+
+	rows := v.collectedRows()
+	if len(rows) == 0 {
+		return nil
+	}
+
+	ts := []*metricdata.TimeSeries{}
+	for _, row := range rows {
+		ts = append(ts, rowToTimeseries(v, row, now, startTime))
+	}
+
+	m := &metricdata.Metric{
+		Descriptor: *v.metricDescriptor,
+		TimeSeries: ts,
+	}
+	return m
+}
diff --git a/vendor/go.opencensus.io/stats/view/worker.go b/vendor/go.opencensus.io/stats/view/worker.go
index 2d1e8059c28f3..2f3c018af0e18 100644
--- a/vendor/go.opencensus.io/stats/view/worker.go
+++ b/vendor/go.opencensus.io/stats/view/worker.go
@@ -17,8 +17,11 @@ package view
 
 import (
 	"fmt"
+	"sync"
 	"time"
 
+	"go.opencensus.io/metric/metricdata"
+	"go.opencensus.io/metric/metricproducer"
 	"go.opencensus.io/stats"
 	"go.opencensus.io/stats/internal"
 	"go.opencensus.io/tag"
@@ -43,14 +46,15 @@ type worker struct {
 	timer      *time.Ticker
 	c          chan command
 	quit, done chan bool
+	mu         sync.RWMutex
 }
 
 var defaultWorker *worker
 
 var defaultReportingDuration = 10 * time.Second
 
-// Find returns a subscribed view associated with this name.
-// If no subscribed view is found, nil is returned.
+// Find returns a registered view associated with this name.
+// If no registered view is found, nil is returned.
 func Find(name string) (v *View) {
 	req := &getViewByNameReq{
 		name: name,
@@ -62,13 +66,8 @@ func Find(name string) (v *View) {
 }
 
 // Register begins collecting data for the given views.
-// Once a view is subscribed, it reports data to the registered exporters.
+// Once a view is registered, it reports data to the registered exporters.
 func Register(views ...*View) error {
-	for _, v := range views {
-		if err := v.canonicalize(); err != nil {
-			return err
-		}
-	}
 	req := &registerViewReq{
 		views: views,
 		err:   make(chan error),
@@ -94,6 +93,8 @@ func Unregister(views ...*View) {
 	<-req.done
 }
 
+// RetrieveData gets a snapshot of the data collected for the the view registered
+// with the given name. It is intended for testing only.
 func RetrieveData(viewName string) ([]*Row, error) {
 	req := &retrieveDataReq{
 		now: time.Now(),
@@ -105,17 +106,23 @@ func RetrieveData(viewName string) ([]*Row, error) {
 	return resp.rows, resp.err
 }
 
-func record(tags *tag.Map, ms interface{}) {
+func record(tags *tag.Map, ms interface{}, attachments map[string]interface{}) {
 	req := &recordReq{
-		tm: tags,
-		ms: ms.([]stats.Measurement),
+		tm:          tags,
+		ms:          ms.([]stats.Measurement),
+		attachments: attachments,
+		t:           time.Now(),
 	}
 	defaultWorker.c <- req
 }
 
 // SetReportingPeriod sets the interval between reporting aggregated views in
-// the program. If duration is less than or
-// equal to zero, it enables the default behavior.
+// the program. If duration is less than or equal to zero, it enables the
+// default behavior.
+//
+// Note: each exporter makes different promises about what the lowest supported
+// duration is. For example, the Stackdriver exporter recommends a value no
+// lower than 1 minute. Consult each exporter per your needs.
 func SetReportingPeriod(d time.Duration) {
 	// TODO(acetechnologist): ensure that the duration d is more than a certain
 	// value. e.g. 1s
@@ -140,6 +147,9 @@ func newWorker() *worker {
 }
 
 func (w *worker) start() {
+	prodMgr := metricproducer.GlobalManager()
+	prodMgr.AddProducer(w)
+
 	for {
 		select {
 		case cmd := <-w.c:
@@ -156,6 +166,9 @@ func (w *worker) start() {
 }
 
 func (w *worker) stop() {
+	prodMgr := metricproducer.GlobalManager()
+	prodMgr.DeleteProducer(w)
+
 	w.quit <- true
 	<-w.done
 }
@@ -173,13 +186,15 @@ func (w *worker) getMeasureRef(name string) *measureRef {
 }
 
 func (w *worker) tryRegisterView(v *View) (*viewInternal, error) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
 	vi, err := newViewInternal(v)
 	if err != nil {
 		return nil, err
 	}
 	if x, ok := w.views[vi.view.Name]; ok {
 		if !x.view.same(vi.view) {
-			return nil, fmt.Errorf("cannot subscribe view %q; a different view with the same name is already subscribed", v.Name)
+			return nil, fmt.Errorf("cannot register view %q; a different view with the same name is already registered", v.Name)
 		}
 
 		// the view is already registered so there is nothing to do and the
@@ -192,40 +207,75 @@ func (w *worker) tryRegisterView(v *View) (*viewInternal, error) {
 	return vi, nil
 }
 
+func (w *worker) unregisterView(viewName string) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	delete(w.views, viewName)
+}
+
+func (w *worker) reportView(v *viewInternal, now time.Time) {
+	if !v.isSubscribed() {
+		return
+	}
+	rows := v.collectedRows()
+	_, ok := w.startTimes[v]
+	if !ok {
+		w.startTimes[v] = now
+	}
+	viewData := &Data{
+		View:  v.view,
+		Start: w.startTimes[v],
+		End:   time.Now(),
+		Rows:  rows,
+	}
+	exportersMu.Lock()
+	for e := range exporters {
+		e.ExportView(viewData)
+	}
+	exportersMu.Unlock()
+}
+
 func (w *worker) reportUsage(now time.Time) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
 	for _, v := range w.views {
-		if !v.isSubscribed() {
-			continue
-		}
-		rows := v.collectedRows()
-		_, ok := w.startTimes[v]
-		if !ok {
-			w.startTimes[v] = now
-		}
-		// Make sure collector is never going
-		// to mutate the exported data.
-		rows = deepCopyRowData(rows)
-		viewData := &Data{
-			View:  v.view,
-			Start: w.startTimes[v],
-			End:   time.Now(),
-			Rows:  rows,
-		}
-		exportersMu.Lock()
-		for e := range exporters {
-			e.ExportView(viewData)
-		}
-		exportersMu.Unlock()
+		w.reportView(v, now)
 	}
 }
 
-func deepCopyRowData(rows []*Row) []*Row {
-	newRows := make([]*Row, 0, len(rows))
-	for _, r := range rows {
-		newRows = append(newRows, &Row{
-			Data: r.Data.clone(),
-			Tags: r.Tags,
-		})
+func (w *worker) toMetric(v *viewInternal, now time.Time) *metricdata.Metric {
+	if !v.isSubscribed() {
+		return nil
+	}
+
+	_, ok := w.startTimes[v]
+	if !ok {
+		w.startTimes[v] = now
+	}
+
+	var startTime time.Time
+	if v.metricDescriptor.Type == metricdata.TypeGaugeInt64 ||
+		v.metricDescriptor.Type == metricdata.TypeGaugeFloat64 {
+		startTime = time.Time{}
+	} else {
+		startTime = w.startTimes[v]
+	}
+
+	return viewToMetric(v, now, startTime)
+}
+
+// Read reads all view data and returns them as metrics.
+// It is typically invoked by metric reader to export stats in metric format.
+func (w *worker) Read() []*metricdata.Metric {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	now := time.Now()
+	metrics := make([]*metricdata.Metric, 0, len(w.views))
+	for _, v := range w.views {
+		metric := w.toMetric(v, now)
+		if metric != nil {
+			metrics = append(metrics, metric)
+		}
 	}
-	return newRows
+	return metrics
 }
diff --git a/vendor/go.opencensus.io/stats/view/worker_commands.go b/vendor/go.opencensus.io/stats/view/worker_commands.go
index ef79ec383c150..0267e179aed4e 100644
--- a/vendor/go.opencensus.io/stats/view/worker_commands.go
+++ b/vendor/go.opencensus.io/stats/view/worker_commands.go
@@ -56,6 +56,12 @@ type registerViewReq struct {
 }
 
 func (cmd *registerViewReq) handleCommand(w *worker) {
+	for _, v := range cmd.views {
+		if err := v.canonicalize(); err != nil {
+			cmd.err <- err
+			return
+		}
+	}
 	var errstr []string
 	for _, view := range cmd.views {
 		vi, err := w.tryRegisterView(view)
@@ -73,7 +79,7 @@ func (cmd *registerViewReq) handleCommand(w *worker) {
 	}
 }
 
-// unregisterFromViewReq is the command to unsubscribe to a view. Has no
+// unregisterFromViewReq is the command to unregister to a view. Has no
 // impact on the data collection for client that are pulling data from the
 // library.
 type unregisterFromViewReq struct {
@@ -88,13 +94,16 @@ func (cmd *unregisterFromViewReq) handleCommand(w *worker) {
 			continue
 		}
 
+		// Report pending data for this view before removing it.
+		w.reportView(vi, time.Now())
+
 		vi.unsubscribe()
 		if !vi.isSubscribed() {
 			// this was the last subscription and view is not collecting anymore.
 			// The collected data can be cleared.
 			vi.clearRows()
 		}
-		delete(w.views, name)
+		w.unregisterView(name)
 	}
 	cmd.done <- struct{}{}
 }
@@ -112,6 +121,8 @@ type retrieveDataResp struct {
 }
 
 func (cmd *retrieveDataReq) handleCommand(w *worker) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
 	vi, ok := w.views[cmd.v]
 	if !ok {
 		cmd.c <- &retrieveDataResp{
@@ -137,24 +148,28 @@ func (cmd *retrieveDataReq) handleCommand(w *worker) {
 // recordReq is the command to record data related to multiple measures
 // at once.
 type recordReq struct {
-	tm *tag.Map
-	ms []stats.Measurement
+	tm          *tag.Map
+	ms          []stats.Measurement
+	attachments map[string]interface{}
+	t           time.Time
 }
 
 func (cmd *recordReq) handleCommand(w *worker) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
 	for _, m := range cmd.ms {
-		if (m == stats.Measurement{}) { // not subscribed
+		if (m == stats.Measurement{}) { // not registered
 			continue
 		}
 		ref := w.getMeasureRef(m.Measure().Name())
 		for v := range ref.views {
-			v.addSample(cmd.tm, m.Value())
+			v.addSample(cmd.tm, m.Value(), cmd.attachments, time.Now())
 		}
 	}
 }
 
 // setReportingPeriodReq is the command to modify the duration between
-// reporting the collected data to the subscribed clients.
+// reporting the collected data to the registered clients.
 type setReportingPeriodReq struct {
 	d time.Duration
 	c chan bool
diff --git a/vendor/go.opencensus.io/tag/context.go b/vendor/go.opencensus.io/tag/context.go
index ed528bcb3c24e..b27d1b26b1323 100644
--- a/vendor/go.opencensus.io/tag/context.go
+++ b/vendor/go.opencensus.io/tag/context.go
@@ -15,7 +15,9 @@
 
 package tag
 
-import "context"
+import (
+	"context"
+)
 
 // FromContext returns the tag map stored in the context.
 func FromContext(ctx context.Context) *Map {
diff --git a/vendor/go.opencensus.io/tag/key.go b/vendor/go.opencensus.io/tag/key.go
index ebbed95000625..71ec913657b74 100644
--- a/vendor/go.opencensus.io/tag/key.go
+++ b/vendor/go.opencensus.io/tag/key.go
@@ -21,7 +21,7 @@ type Key struct {
 }
 
 // NewKey creates or retrieves a string key identified by name.
-// Calling NewKey consequently with the same name returns the same key.
+// Calling NewKey more than once with the same name returns the same key.
 func NewKey(name string) (Key, error) {
 	if !checkKeyName(name) {
 		return Key{}, errInvalidKeyName
@@ -29,6 +29,15 @@ func NewKey(name string) (Key, error) {
 	return Key{name: name}, nil
 }
 
+// MustNewKey returns a key with the given name, and panics if name is an invalid key name.
+func MustNewKey(name string) Key {
+	k, err := NewKey(name)
+	if err != nil {
+		panic(err)
+	}
+	return k
+}
+
 // Name returns the name of the key.
 func (k Key) Name() string {
 	return k.name
diff --git a/vendor/go.opencensus.io/tag/map.go b/vendor/go.opencensus.io/tag/map.go
index 5b72ba6ad3e92..0272ef85a4ccf 100644
--- a/vendor/go.opencensus.io/tag/map.go
+++ b/vendor/go.opencensus.io/tag/map.go
@@ -28,10 +28,15 @@ type Tag struct {
 	Value string
 }
 
+type tagContent struct {
+	value string
+	m     metadatas
+}
+
 // Map is a map of tags. Use New to create a context containing
 // a new Map.
 type Map struct {
-	m map[Key]string
+	m map[Key]tagContent
 }
 
 // Value returns the value for the key if a value for the key exists.
@@ -40,7 +45,7 @@ func (m *Map) Value(k Key) (string, bool) {
 		return "", false
 	}
 	v, ok := m.m[k]
-	return v, ok
+	return v.value, ok
 }
 
 func (m *Map) String() string {
@@ -62,21 +67,21 @@ func (m *Map) String() string {
 	return buffer.String()
 }
 
-func (m *Map) insert(k Key, v string) {
+func (m *Map) insert(k Key, v string, md metadatas) {
 	if _, ok := m.m[k]; ok {
 		return
 	}
-	m.m[k] = v
+	m.m[k] = tagContent{value: v, m: md}
 }
 
-func (m *Map) update(k Key, v string) {
+func (m *Map) update(k Key, v string, md metadatas) {
 	if _, ok := m.m[k]; ok {
-		m.m[k] = v
+		m.m[k] = tagContent{value: v, m: md}
 	}
 }
 
-func (m *Map) upsert(k Key, v string) {
-	m.m[k] = v
+func (m *Map) upsert(k Key, v string, md metadatas) {
+	m.m[k] = tagContent{value: v, m: md}
 }
 
 func (m *Map) delete(k Key) {
@@ -84,7 +89,7 @@ func (m *Map) delete(k Key) {
 }
 
 func newMap() *Map {
-	return &Map{m: make(map[Key]string)}
+	return &Map{m: make(map[Key]tagContent)}
 }
 
 // Mutator modifies a tag map.
@@ -95,13 +100,17 @@ type Mutator interface {
 // Insert returns a mutator that inserts a
 // value associated with k. If k already exists in the tag map,
 // mutator doesn't update the value.
-func Insert(k Key, v string) Mutator {
+// Metadata applies metadata to the tag. It is optional.
+// Metadatas are applied in the order in which it is provided.
+// If more than one metadata updates the same attribute then
+// the update from the last metadata prevails.
+func Insert(k Key, v string, mds ...Metadata) Mutator {
 	return &mutator{
 		fn: func(m *Map) (*Map, error) {
 			if !checkValue(v) {
 				return nil, errInvalidValue
 			}
-			m.insert(k, v)
+			m.insert(k, v, createMetadatas(mds...))
 			return m, nil
 		},
 	}
@@ -110,13 +119,17 @@ func Insert(k Key, v string) Mutator {
 // Update returns a mutator that updates the
 // value of the tag associated with k with v. If k doesn't
 // exists in the tag map, the mutator doesn't insert the value.
-func Update(k Key, v string) Mutator {
+// Metadata applies metadata to the tag. It is optional.
+// Metadatas are applied in the order in which it is provided.
+// If more than one metadata updates the same attribute then
+// the update from the last metadata prevails.
+func Update(k Key, v string, mds ...Metadata) Mutator {
 	return &mutator{
 		fn: func(m *Map) (*Map, error) {
 			if !checkValue(v) {
 				return nil, errInvalidValue
 			}
-			m.update(k, v)
+			m.update(k, v, createMetadatas(mds...))
 			return m, nil
 		},
 	}
@@ -126,18 +139,37 @@ func Update(k Key, v string) Mutator {
 // value of the tag associated with k with v. It inserts the
 // value if k doesn't exist already. It mutates the value
 // if k already exists.
-func Upsert(k Key, v string) Mutator {
+// Metadata applies metadata to the tag. It is optional.
+// Metadatas are applied in the order in which it is provided.
+// If more than one metadata updates the same attribute then
+// the update from the last metadata prevails.
+func Upsert(k Key, v string, mds ...Metadata) Mutator {
 	return &mutator{
 		fn: func(m *Map) (*Map, error) {
 			if !checkValue(v) {
 				return nil, errInvalidValue
 			}
-			m.upsert(k, v)
+			m.upsert(k, v, createMetadatas(mds...))
 			return m, nil
 		},
 	}
 }
 
+func createMetadatas(mds ...Metadata) metadatas {
+	var metas metadatas
+	if len(mds) > 0 {
+		for _, md := range mds {
+			if md != nil {
+				md(&metas)
+			}
+		}
+	} else {
+		WithTTL(TTLUnlimitedPropagation)(&metas)
+	}
+	return metas
+
+}
+
 // Delete returns a mutator that deletes
 // the value associated with k.
 func Delete(k Key) Mutator {
@@ -160,10 +192,10 @@ func New(ctx context.Context, mutator ...Mutator) (context.Context, error) {
 			if !checkKeyName(k.Name()) {
 				return ctx, fmt.Errorf("key:%q: %v", k, errInvalidKeyName)
 			}
-			if !checkValue(v) {
+			if !checkValue(v.value) {
 				return ctx, fmt.Errorf("key:%q value:%q: %v", k.Name(), v, errInvalidValue)
 			}
-			m.insert(k, v)
+			m.insert(k, v.value, v.m)
 		}
 	}
 	var err error
diff --git a/vendor/go.opencensus.io/tag/map_codec.go b/vendor/go.opencensus.io/tag/map_codec.go
index 33be1f0d46a2d..c242e695c8c78 100644
--- a/vendor/go.opencensus.io/tag/map_codec.go
+++ b/vendor/go.opencensus.io/tag/map_codec.go
@@ -162,14 +162,19 @@ func (eg *encoderGRPC) bytes() []byte {
 // Encode encodes the tag map into a []byte. It is useful to propagate
 // the tag maps on wire in binary format.
 func Encode(m *Map) []byte {
+	if m == nil {
+		return nil
+	}
 	eg := &encoderGRPC{
 		buf: make([]byte, len(m.m)),
 	}
-	eg.writeByte(byte(tagsVersionID))
+	eg.writeByte(tagsVersionID)
 	for k, v := range m.m {
-		eg.writeByte(byte(keyTypeString))
-		eg.writeStringWithVarintLen(k.name)
-		eg.writeBytesWithVarintLen([]byte(v))
+		if v.m.ttl.ttl == valueTTLUnlimitedPropagation {
+			eg.writeByte(byte(keyTypeString))
+			eg.writeStringWithVarintLen(k.name)
+			eg.writeBytesWithVarintLen([]byte(v.value))
+		}
 	}
 	return eg.bytes()
 }
@@ -177,45 +182,58 @@ func Encode(m *Map) []byte {
 // Decode decodes the given []byte into a tag map.
 func Decode(bytes []byte) (*Map, error) {
 	ts := newMap()
+	err := DecodeEach(bytes, ts.upsert)
+	if err != nil {
+		// no partial failures
+		return nil, err
+	}
+	return ts, nil
+}
 
+// DecodeEach decodes the given serialized tag map, calling handler for each
+// tag key and value decoded.
+func DecodeEach(bytes []byte, fn func(key Key, val string, md metadatas)) error {
 	eg := &encoderGRPC{
 		buf: bytes,
 	}
 	if len(eg.buf) == 0 {
-		return ts, nil
+		return nil
 	}
 
 	version := eg.readByte()
 	if version > tagsVersionID {
-		return nil, fmt.Errorf("cannot decode: unsupported version: %q; supports only up to: %q", version, tagsVersionID)
+		return fmt.Errorf("cannot decode: unsupported version: %q; supports only up to: %q", version, tagsVersionID)
 	}
 
 	for !eg.readEnded() {
 		typ := keyType(eg.readByte())
 
 		if typ != keyTypeString {
-			return nil, fmt.Errorf("cannot decode: invalid key type: %q", typ)
+			return fmt.Errorf("cannot decode: invalid key type: %q", typ)
 		}
 
 		k, err := eg.readBytesWithVarintLen()
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		v, err := eg.readBytesWithVarintLen()
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		key, err := NewKey(string(k))
 		if err != nil {
-			return nil, err // no partial failures
+			return err
 		}
 		val := string(v)
 		if !checkValue(val) {
-			return nil, errInvalidValue // no partial failures
+			return errInvalidValue
+		}
+		fn(key, val, createMetadatas(WithTTL(TTLUnlimitedPropagation)))
+		if err != nil {
+			return err
 		}
-		ts.upsert(key, val)
 	}
-	return ts, nil
+	return nil
 }
diff --git a/vendor/go.opencensus.io/tag/metadata.go b/vendor/go.opencensus.io/tag/metadata.go
new file mode 100644
index 0000000000000..6571a583ea6c7
--- /dev/null
+++ b/vendor/go.opencensus.io/tag/metadata.go
@@ -0,0 +1,52 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package tag
+
+const (
+	// valueTTLNoPropagation prevents tag from propagating.
+	valueTTLNoPropagation = 0
+
+	// valueTTLUnlimitedPropagation allows tag to propagate without any limits on number of hops.
+	valueTTLUnlimitedPropagation = -1
+)
+
+// TTL is metadata that specifies number of hops a tag can propagate.
+// Details about TTL metadata is specified at https://github.com/census-instrumentation/opencensus-specs/blob/master/tags/TagMap.md#tagmetadata
+type TTL struct {
+	ttl int
+}
+
+var (
+	// TTLUnlimitedPropagation is TTL metadata that allows tag to propagate without any limits on number of hops.
+	TTLUnlimitedPropagation = TTL{ttl: valueTTLUnlimitedPropagation}
+
+	// TTLNoPropagation is TTL metadata that prevents tag from propagating.
+	TTLNoPropagation = TTL{ttl: valueTTLNoPropagation}
+)
+
+type metadatas struct {
+	ttl TTL
+}
+
+// Metadata applies metadatas specified by the function.
+type Metadata func(*metadatas)
+
+// WithTTL applies metadata with provided ttl.
+func WithTTL(ttl TTL) Metadata {
+	return func(m *metadatas) {
+		m.ttl = ttl
+	}
+}
diff --git a/vendor/go.opencensus.io/tag/profile_19.go b/vendor/go.opencensus.io/tag/profile_19.go
index f81cd0b4a78e3..b34d95e34a2cf 100644
--- a/vendor/go.opencensus.io/tag/profile_19.go
+++ b/vendor/go.opencensus.io/tag/profile_19.go
@@ -25,7 +25,7 @@ func do(ctx context.Context, f func(ctx context.Context)) {
 	m := FromContext(ctx)
 	keyvals := make([]string, 0, 2*len(m.m))
 	for k, v := range m.m {
-		keyvals = append(keyvals, k.Name(), v)
+		keyvals = append(keyvals, k.Name(), v.value)
 	}
 	pprof.Do(ctx, pprof.Labels(keyvals...), f)
 }
diff --git a/vendor/go.opencensus.io/trace/basetypes.go b/vendor/go.opencensus.io/trace/basetypes.go
index 01f0f9083191b..0c54492a2b1d0 100644
--- a/vendor/go.opencensus.io/trace/basetypes.go
+++ b/vendor/go.opencensus.io/trace/basetypes.go
@@ -59,6 +59,11 @@ func Int64Attribute(key string, value int64) Attribute {
 	return Attribute{key: key, value: value}
 }
 
+// Float64Attribute returns a float64-valued attribute.
+func Float64Attribute(key string, value float64) Attribute {
+	return Attribute{key: key, value: value}
+}
+
 // StringAttribute returns a string-valued attribute.
 func StringAttribute(key string, value string) Attribute {
 	return Attribute{key: key, value: value}
@@ -71,8 +76,8 @@ type LinkType int32
 // LinkType values.
 const (
 	LinkTypeUnspecified LinkType = iota // The relationship of the two spans is unknown.
-	LinkTypeChild                       // The current span is a child of the linked span.
-	LinkTypeParent                      // The current span is the parent of the linked span.
+	LinkTypeChild                       // The linked span is a child of the current span.
+	LinkTypeParent                      // The linked span is the parent of the current span.
 )
 
 // Link represents a reference from one span to another span.
diff --git a/vendor/go.opencensus.io/trace/config.go b/vendor/go.opencensus.io/trace/config.go
index d5473a798c64d..775f8274faae2 100644
--- a/vendor/go.opencensus.io/trace/config.go
+++ b/vendor/go.opencensus.io/trace/config.go
@@ -14,7 +14,11 @@
 
 package trace
 
-import "go.opencensus.io/trace/internal"
+import (
+	"sync"
+
+	"go.opencensus.io/trace/internal"
+)
 
 // Config represents the global tracing configuration.
 type Config struct {
@@ -23,12 +27,42 @@ type Config struct {
 
 	// IDGenerator is for internal use only.
 	IDGenerator internal.IDGenerator
+
+	// MaxAnnotationEventsPerSpan is max number of annotation events per span
+	MaxAnnotationEventsPerSpan int
+
+	// MaxMessageEventsPerSpan is max number of message events per span
+	MaxMessageEventsPerSpan int
+
+	// MaxAnnotationEventsPerSpan is max number of attributes per span
+	MaxAttributesPerSpan int
+
+	// MaxLinksPerSpan is max number of links per span
+	MaxLinksPerSpan int
 }
 
+var configWriteMu sync.Mutex
+
+const (
+	// DefaultMaxAnnotationEventsPerSpan is default max number of annotation events per span
+	DefaultMaxAnnotationEventsPerSpan = 32
+
+	// DefaultMaxMessageEventsPerSpan is default max number of message events per span
+	DefaultMaxMessageEventsPerSpan = 128
+
+	// DefaultMaxAttributesPerSpan is default max number of attributes per span
+	DefaultMaxAttributesPerSpan = 32
+
+	// DefaultMaxLinksPerSpan is default max number of links per span
+	DefaultMaxLinksPerSpan = 32
+)
+
 // ApplyConfig applies changes to the global tracing configuration.
 //
 // Fields not provided in the given config are going to be preserved.
 func ApplyConfig(cfg Config) {
+	configWriteMu.Lock()
+	defer configWriteMu.Unlock()
 	c := *config.Load().(*Config)
 	if cfg.DefaultSampler != nil {
 		c.DefaultSampler = cfg.DefaultSampler
@@ -36,5 +70,17 @@ func ApplyConfig(cfg Config) {
 	if cfg.IDGenerator != nil {
 		c.IDGenerator = cfg.IDGenerator
 	}
+	if cfg.MaxAnnotationEventsPerSpan > 0 {
+		c.MaxAnnotationEventsPerSpan = cfg.MaxAnnotationEventsPerSpan
+	}
+	if cfg.MaxMessageEventsPerSpan > 0 {
+		c.MaxMessageEventsPerSpan = cfg.MaxMessageEventsPerSpan
+	}
+	if cfg.MaxAttributesPerSpan > 0 {
+		c.MaxAttributesPerSpan = cfg.MaxAttributesPerSpan
+	}
+	if cfg.MaxLinksPerSpan > 0 {
+		c.MaxLinksPerSpan = cfg.MaxLinksPerSpan
+	}
 	config.Store(&c)
 }
diff --git a/vendor/go.opencensus.io/trace/doc.go b/vendor/go.opencensus.io/trace/doc.go
index a2b54e58ca653..04b1ee4f38eab 100644
--- a/vendor/go.opencensus.io/trace/doc.go
+++ b/vendor/go.opencensus.io/trace/doc.go
@@ -32,6 +32,8 @@ to sample a subset of traces, or use AlwaysSample to collect a trace on every ru
 
     trace.ApplyConfig(trace.Config{DefaultSampler: trace.AlwaysSample()})
 
+Be careful about using trace.AlwaysSample in a production application with
+significant traffic: a new trace will be started and exported for every request.
 
 Adding Spans to a Trace
 
@@ -42,7 +44,7 @@ It is common to want to capture all the activity of a function call in a span. F
 this to work, the function must take a context.Context as a parameter. Add these two
 lines to the top of the function:
 
-    ctx, span := trace.StartSpan(ctx, "my.org/Run")
+    ctx, span := trace.StartSpan(ctx, "example.com/Run")
     defer span.End()
 
 StartSpan will create a new top-level span if the context
diff --git a/vendor/go.opencensus.io/trace/evictedqueue.go b/vendor/go.opencensus.io/trace/evictedqueue.go
new file mode 100644
index 0000000000000..ffc264f23d2dd
--- /dev/null
+++ b/vendor/go.opencensus.io/trace/evictedqueue.go
@@ -0,0 +1,38 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package trace
+
+type evictedQueue struct {
+	queue        []interface{}
+	capacity     int
+	droppedCount int
+}
+
+func newEvictedQueue(capacity int) *evictedQueue {
+	eq := &evictedQueue{
+		capacity: capacity,
+		queue:    make([]interface{}, 0),
+	}
+
+	return eq
+}
+
+func (eq *evictedQueue) add(value interface{}) {
+	if len(eq.queue) == eq.capacity {
+		eq.queue = eq.queue[1:]
+		eq.droppedCount++
+	}
+	eq.queue = append(eq.queue, value)
+}
diff --git a/vendor/go.opencensus.io/trace/export.go b/vendor/go.opencensus.io/trace/export.go
index c522550fa1080..e0d9a4b99e96f 100644
--- a/vendor/go.opencensus.io/trace/export.go
+++ b/vendor/go.opencensus.io/trace/export.go
@@ -16,6 +16,7 @@ package trace
 
 import (
 	"sync"
+	"sync/atomic"
 	"time"
 )
 
@@ -30,9 +31,11 @@ type Exporter interface {
 	ExportSpan(s *SpanData)
 }
 
+type exportersMap map[Exporter]struct{}
+
 var (
-	exportersMu sync.Mutex
-	exporters   map[Exporter]struct{}
+	exporterMu sync.Mutex
+	exporters  atomic.Value
 )
 
 // RegisterExporter adds to the list of Exporters that will receive sampled
@@ -40,20 +43,31 @@ var (
 //
 // Binaries can register exporters, libraries shouldn't register exporters.
 func RegisterExporter(e Exporter) {
-	exportersMu.Lock()
-	if exporters == nil {
-		exporters = make(map[Exporter]struct{})
+	exporterMu.Lock()
+	new := make(exportersMap)
+	if old, ok := exporters.Load().(exportersMap); ok {
+		for k, v := range old {
+			new[k] = v
+		}
 	}
-	exporters[e] = struct{}{}
-	exportersMu.Unlock()
+	new[e] = struct{}{}
+	exporters.Store(new)
+	exporterMu.Unlock()
 }
 
 // UnregisterExporter removes from the list of Exporters the Exporter that was
 // registered with the given name.
 func UnregisterExporter(e Exporter) {
-	exportersMu.Lock()
-	delete(exporters, e)
-	exportersMu.Unlock()
+	exporterMu.Lock()
+	new := make(exportersMap)
+	if old, ok := exporters.Load().(exportersMap); ok {
+		for k, v := range old {
+			new[k] = v
+		}
+	}
+	delete(new, e)
+	exporters.Store(new)
+	exporterMu.Unlock()
 }
 
 // SpanData contains all the information collected by a Span.
@@ -71,6 +85,13 @@ type SpanData struct {
 	Annotations   []Annotation
 	MessageEvents []MessageEvent
 	Status
-	Links           []Link
-	HasRemoteParent bool
+	Links                    []Link
+	HasRemoteParent          bool
+	DroppedAttributeCount    int
+	DroppedAnnotationCount   int
+	DroppedMessageEventCount int
+	DroppedLinkCount         int
+
+	// ChildSpanCount holds the number of child span created for this span.
+	ChildSpanCount int
 }
diff --git a/vendor/go.opencensus.io/trace/internal/internal.go b/vendor/go.opencensus.io/trace/internal/internal.go
index 1c8b9b34b2ad0..7e808d8f30e60 100644
--- a/vendor/go.opencensus.io/trace/internal/internal.go
+++ b/vendor/go.opencensus.io/trace/internal/internal.go
@@ -15,6 +15,7 @@
 // Package internal provides trace internals.
 package internal
 
+// IDGenerator allows custom generators for TraceId and SpanId.
 type IDGenerator interface {
 	NewTraceID() [16]byte
 	NewSpanID() [8]byte
diff --git a/vendor/go.opencensus.io/trace/lrumap.go b/vendor/go.opencensus.io/trace/lrumap.go
new file mode 100644
index 0000000000000..dc7a295c773bf
--- /dev/null
+++ b/vendor/go.opencensus.io/trace/lrumap.go
@@ -0,0 +1,61 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package trace
+
+import (
+	"github.com/golang/groupcache/lru"
+)
+
+// A simple lru.Cache wrapper that tracks the keys of the current contents and
+// the cumulative number of evicted items.
+type lruMap struct {
+	cacheKeys    map[lru.Key]bool
+	cache        *lru.Cache
+	droppedCount int
+}
+
+func newLruMap(size int) *lruMap {
+	lm := &lruMap{
+		cacheKeys:    make(map[lru.Key]bool),
+		cache:        lru.New(size),
+		droppedCount: 0,
+	}
+	lm.cache.OnEvicted = func(key lru.Key, value interface{}) {
+		delete(lm.cacheKeys, key)
+		lm.droppedCount++
+	}
+	return lm
+}
+
+func (lm lruMap) len() int {
+	return lm.cache.Len()
+}
+
+func (lm lruMap) keys() []interface{} {
+	keys := []interface{}{}
+	for k := range lm.cacheKeys {
+		keys = append(keys, k)
+	}
+	return keys
+}
+
+func (lm *lruMap) add(key, value interface{}) {
+	lm.cacheKeys[lru.Key(key)] = true
+	lm.cache.Add(lru.Key(key), value)
+}
+
+func (lm *lruMap) get(key interface{}) (interface{}, bool) {
+	return lm.cache.Get(key)
+}
diff --git a/vendor/go.opencensus.io/trace/sampling.go b/vendor/go.opencensus.io/trace/sampling.go
index 313f8b68e282f..71c10f9e3b424 100644
--- a/vendor/go.opencensus.io/trace/sampling.go
+++ b/vendor/go.opencensus.io/trace/sampling.go
@@ -20,10 +20,6 @@ import (
 
 const defaultSamplingProbability = 1e-4
 
-func newDefaultSampler() Sampler {
-	return ProbabilitySampler(defaultSamplingProbability)
-}
-
 // Sampler decides whether a trace should be sampled and exported.
 type Sampler func(SamplingParameters) SamplingDecision
 
@@ -62,6 +58,9 @@ func ProbabilitySampler(fraction float64) Sampler {
 }
 
 // AlwaysSample returns a Sampler that samples every trace.
+// Be careful about using this sampler in a production application with
+// significant traffic: a new trace will be started and exported for every
+// request.
 func AlwaysSample() Sampler {
 	return func(p SamplingParameters) SamplingDecision {
 		return SamplingDecision{Sample: true}
diff --git a/vendor/go.opencensus.io/trace/trace.go b/vendor/go.opencensus.io/trace/trace.go
index 19c6930efaf33..3f8977b41b4b4 100644
--- a/vendor/go.opencensus.io/trace/trace.go
+++ b/vendor/go.opencensus.io/trace/trace.go
@@ -25,6 +25,7 @@ import (
 	"time"
 
 	"go.opencensus.io/internal"
+	"go.opencensus.io/trace/tracestate"
 )
 
 // Span represents a span of a trace.  It has an associated SpanContext, and
@@ -41,6 +42,20 @@ type Span struct {
 	data        *SpanData
 	mu          sync.Mutex // protects the contents of *data (but not the pointer value.)
 	spanContext SpanContext
+
+	// lruAttributes are capped at configured limit. When the capacity is reached an oldest entry
+	// is removed to create room for a new entry.
+	lruAttributes *lruMap
+
+	// annotations are stored in FIFO queue capped by configured limit.
+	annotations *evictedQueue
+
+	// messageEvents are stored in FIFO queue capped by configured limit.
+	messageEvents *evictedQueue
+
+	// links are stored in FIFO queue capped by configured limit.
+	links *evictedQueue
+
 	// spanStore is the spanStore this span belongs to, if any, otherwise it is nil.
 	*spanStore
 	endOnce sync.Once
@@ -88,6 +103,7 @@ type SpanContext struct {
 	TraceID      TraceID
 	SpanID       SpanID
 	TraceOptions TraceOptions
+	Tracestate   *tracestate.Tracestate
 }
 
 type contextKey struct{}
@@ -98,13 +114,6 @@ func FromContext(ctx context.Context) *Span {
 	return s
 }
 
-// WithSpan returns a new context with the given Span attached.
-//
-// Deprecated: Use NewContext.
-func WithSpan(parent context.Context, s *Span) context.Context {
-	return NewContext(parent, s)
-}
-
 // NewContext returns a new context with the given Span attached.
 func NewContext(parent context.Context, s *Span) context.Context {
 	return context.WithValue(parent, contextKey{}, s)
@@ -154,10 +163,14 @@ func WithSampler(sampler Sampler) StartOption {
 
 // StartSpan starts a new child span of the current span in the context. If
 // there is no span in the context, creates a new trace and span.
+//
+// Returned context contains the newly created span. You can use it to
+// propagate the returned span in process.
 func StartSpan(ctx context.Context, name string, o ...StartOption) (context.Context, *Span) {
 	var opts StartOptions
 	var parent SpanContext
 	if p := FromContext(ctx); p != nil {
+		p.addChild()
 		parent = p.spanContext
 	}
 	for _, op := range o {
@@ -174,6 +187,9 @@ func StartSpan(ctx context.Context, name string, o ...StartOption) (context.Cont
 //
 // If the incoming context contains a parent, it ignores. StartSpanWithRemoteParent is
 // preferred for cases where the parent is propagated via an incoming request.
+//
+// Returned context contains the newly created span. You can use it to
+// propagate the returned span in process.
 func StartSpanWithRemoteParent(ctx context.Context, name string, parent SpanContext, o ...StartOption) (context.Context, *Span) {
 	var opts StartOptions
 	for _, op := range o {
@@ -185,26 +201,6 @@ func StartSpanWithRemoteParent(ctx context.Context, name string, parent SpanCont
 	return NewContext(ctx, span), span
 }
 
-// NewSpan returns a new span.
-//
-// If parent is not nil, created span will be a child of the parent.
-//
-// Deprecated: Use StartSpan.
-func NewSpan(name string, parent *Span, o StartOptions) *Span {
-	var parentSpanContext SpanContext
-	if parent != nil {
-		parentSpanContext = parent.SpanContext()
-	}
-	return startSpanInternal(name, parent != nil, parentSpanContext, false, o)
-}
-
-// NewSpanWithRemoteParent returns a new span with the given parent SpanContext.
-//
-// Deprecated: Use StartSpanWithRemoteParent.
-func NewSpanWithRemoteParent(name string, parent SpanContext, o StartOptions) *Span {
-	return startSpanInternal(name, true, parent, true, o)
-}
-
 func startSpanInternal(name string, hasParent bool, parent SpanContext, remoteParent bool, o StartOptions) *Span {
 	span := &Span{}
 	span.spanContext = parent
@@ -245,6 +241,11 @@ func startSpanInternal(name string, hasParent bool, parent SpanContext, remotePa
 		Name:            name,
 		HasRemoteParent: remoteParent,
 	}
+	span.lruAttributes = newLruMap(cfg.MaxAttributesPerSpan)
+	span.annotations = newEvictedQueue(cfg.MaxAnnotationEventsPerSpan)
+	span.messageEvents = newEvictedQueue(cfg.MaxMessageEventsPerSpan)
+	span.links = newEvictedQueue(cfg.MaxLinksPerSpan)
+
 	if hasParent {
 		span.data.ParentSpanID = parent.SpanID
 	}
@@ -262,26 +263,29 @@ func startSpanInternal(name string, hasParent bool, parent SpanContext, remotePa
 
 // End ends the span.
 func (s *Span) End() {
+	if s == nil {
+		return
+	}
+	if s.executionTracerTaskEnd != nil {
+		s.executionTracerTaskEnd()
+	}
 	if !s.IsRecordingEvents() {
 		return
 	}
 	s.endOnce.Do(func() {
-		if s.executionTracerTaskEnd != nil {
-			s.executionTracerTaskEnd()
-		}
-		// TODO: optimize to avoid this call if sd won't be used.
-		sd := s.makeSpanData()
-		sd.EndTime = internal.MonotonicEndTime(sd.StartTime)
-		if s.spanStore != nil {
-			s.spanStore.finished(s, sd)
-		}
-		if s.spanContext.IsSampled() {
-			// TODO: consider holding exportersMu for less time.
-			exportersMu.Lock()
-			for e := range exporters {
-				e.ExportSpan(sd)
+		exp, _ := exporters.Load().(exportersMap)
+		mustExport := s.spanContext.IsSampled() && len(exp) > 0
+		if s.spanStore != nil || mustExport {
+			sd := s.makeSpanData()
+			sd.EndTime = internal.MonotonicEndTime(sd.StartTime)
+			if s.spanStore != nil {
+				s.spanStore.finished(s, sd)
+			}
+			if mustExport {
+				for e := range exp {
+					e.ExportSpan(sd)
+				}
 			}
-			exportersMu.Unlock()
 		}
 	})
 }
@@ -292,11 +296,21 @@ func (s *Span) makeSpanData() *SpanData {
 	var sd SpanData
 	s.mu.Lock()
 	sd = *s.data
-	if s.data.Attributes != nil {
-		sd.Attributes = make(map[string]interface{})
-		for k, v := range s.data.Attributes {
-			sd.Attributes[k] = v
-		}
+	if s.lruAttributes.len() > 0 {
+		sd.Attributes = s.lruAttributesToAttributeMap()
+		sd.DroppedAttributeCount = s.lruAttributes.droppedCount
+	}
+	if len(s.annotations.queue) > 0 {
+		sd.Annotations = s.interfaceArrayToAnnotationArray()
+		sd.DroppedAnnotationCount = s.annotations.droppedCount
+	}
+	if len(s.messageEvents.queue) > 0 {
+		sd.MessageEvents = s.interfaceArrayToMessageEventArray()
+		sd.DroppedMessageEventCount = s.messageEvents.droppedCount
+	}
+	if len(s.links.queue) > 0 {
+		sd.Links = s.interfaceArrayToLinksArray()
+		sd.DroppedLinkCount = s.links.droppedCount
 	}
 	s.mu.Unlock()
 	return &sd
@@ -310,6 +324,16 @@ func (s *Span) SpanContext() SpanContext {
 	return s.spanContext
 }
 
+// SetName sets the name of the span, if it is recording events.
+func (s *Span) SetName(name string) {
+	if !s.IsRecordingEvents() {
+		return
+	}
+	s.mu.Lock()
+	s.data.Name = name
+	s.mu.Unlock()
+}
+
 // SetStatus sets the status of the span, if it is recording events.
 func (s *Span) SetStatus(status Status) {
 	if !s.IsRecordingEvents() {
@@ -320,6 +344,57 @@ func (s *Span) SetStatus(status Status) {
 	s.mu.Unlock()
 }
 
+func (s *Span) interfaceArrayToLinksArray() []Link {
+	linksArr := make([]Link, 0)
+	for _, value := range s.links.queue {
+		linksArr = append(linksArr, value.(Link))
+	}
+	return linksArr
+}
+
+func (s *Span) interfaceArrayToMessageEventArray() []MessageEvent {
+	messageEventArr := make([]MessageEvent, 0)
+	for _, value := range s.messageEvents.queue {
+		messageEventArr = append(messageEventArr, value.(MessageEvent))
+	}
+	return messageEventArr
+}
+
+func (s *Span) interfaceArrayToAnnotationArray() []Annotation {
+	annotationArr := make([]Annotation, 0)
+	for _, value := range s.annotations.queue {
+		annotationArr = append(annotationArr, value.(Annotation))
+	}
+	return annotationArr
+}
+
+func (s *Span) lruAttributesToAttributeMap() map[string]interface{} {
+	attributes := make(map[string]interface{})
+	for _, key := range s.lruAttributes.keys() {
+		value, ok := s.lruAttributes.get(key)
+		if ok {
+			keyStr := key.(string)
+			attributes[keyStr] = value
+		}
+	}
+	return attributes
+}
+
+func (s *Span) copyToCappedAttributes(attributes []Attribute) {
+	for _, a := range attributes {
+		s.lruAttributes.add(a.key, a.value)
+	}
+}
+
+func (s *Span) addChild() {
+	if !s.IsRecordingEvents() {
+		return
+	}
+	s.mu.Lock()
+	s.data.ChildSpanCount++
+	s.mu.Unlock()
+}
+
 // AddAttributes sets attributes in the span.
 //
 // Existing attributes whose keys appear in the attributes parameter are overwritten.
@@ -328,10 +403,7 @@ func (s *Span) AddAttributes(attributes ...Attribute) {
 		return
 	}
 	s.mu.Lock()
-	if s.data.Attributes == nil {
-		s.data.Attributes = make(map[string]interface{})
-	}
-	copyAttributes(s.data.Attributes, attributes)
+	s.copyToCappedAttributes(attributes)
 	s.mu.Unlock()
 }
 
@@ -351,7 +423,7 @@ func (s *Span) lazyPrintfInternal(attributes []Attribute, format string, a ...in
 		m = make(map[string]interface{})
 		copyAttributes(m, attributes)
 	}
-	s.data.Annotations = append(s.data.Annotations, Annotation{
+	s.annotations.add(Annotation{
 		Time:       now,
 		Message:    msg,
 		Attributes: m,
@@ -367,7 +439,7 @@ func (s *Span) printStringInternal(attributes []Attribute, str string) {
 		a = make(map[string]interface{})
 		copyAttributes(a, attributes)
 	}
-	s.data.Annotations = append(s.data.Annotations, Annotation{
+	s.annotations.add(Annotation{
 		Time:       now,
 		Message:    str,
 		Attributes: a,
@@ -404,7 +476,7 @@ func (s *Span) AddMessageSendEvent(messageID, uncompressedByteSize, compressedBy
 	}
 	now := time.Now()
 	s.mu.Lock()
-	s.data.MessageEvents = append(s.data.MessageEvents, MessageEvent{
+	s.messageEvents.add(MessageEvent{
 		Time:                 now,
 		EventType:            MessageEventTypeSent,
 		MessageID:            messageID,
@@ -426,7 +498,7 @@ func (s *Span) AddMessageReceiveEvent(messageID, uncompressedByteSize, compresse
 	}
 	now := time.Now()
 	s.mu.Lock()
-	s.data.MessageEvents = append(s.data.MessageEvents, MessageEvent{
+	s.messageEvents.add(MessageEvent{
 		Time:                 now,
 		EventType:            MessageEventTypeRecv,
 		MessageID:            messageID,
@@ -442,7 +514,7 @@ func (s *Span) AddLink(l Link) {
 		return
 	}
 	s.mu.Lock()
-	s.data.Links = append(s.data.Links, l)
+	s.links.add(l)
 	s.mu.Unlock()
 }
 
@@ -474,29 +546,39 @@ func init() {
 	gen.spanIDInc |= 1
 
 	config.Store(&Config{
-		DefaultSampler: ProbabilitySampler(defaultSamplingProbability),
-		IDGenerator:    gen,
+		DefaultSampler:             ProbabilitySampler(defaultSamplingProbability),
+		IDGenerator:                gen,
+		MaxAttributesPerSpan:       DefaultMaxAttributesPerSpan,
+		MaxAnnotationEventsPerSpan: DefaultMaxAnnotationEventsPerSpan,
+		MaxMessageEventsPerSpan:    DefaultMaxMessageEventsPerSpan,
+		MaxLinksPerSpan:            DefaultMaxLinksPerSpan,
 	})
 }
 
 type defaultIDGenerator struct {
 	sync.Mutex
-	traceIDRand *rand.Rand
+
+	// Please keep these as the first fields
+	// so that these 8 byte fields will be aligned on addresses
+	// divisible by 8, on both 32-bit and 64-bit machines when
+	// performing atomic increments and accesses.
+	// See:
+	// * https://github.com/census-instrumentation/opencensus-go/issues/587
+	// * https://github.com/census-instrumentation/opencensus-go/issues/865
+	// * https://golang.org/pkg/sync/atomic/#pkg-note-BUG
+	nextSpanID uint64
+	spanIDInc  uint64
+
 	traceIDAdd  [2]uint64
-	nextSpanID  uint64
-	spanIDInc   uint64
+	traceIDRand *rand.Rand
 }
 
 // NewSpanID returns a non-zero span ID from a randomly-chosen sequence.
-// mu should be held while this function is called.
 func (gen *defaultIDGenerator) NewSpanID() [8]byte {
-	gen.Lock()
-	id := gen.nextSpanID
-	gen.nextSpanID += gen.spanIDInc
-	if gen.nextSpanID == 0 {
-		gen.nextSpanID += gen.spanIDInc
+	var id uint64
+	for id == 0 {
+		id = atomic.AddUint64(&gen.nextSpanID, gen.spanIDInc)
 	}
-	gen.Unlock()
 	var sid [8]byte
 	binary.LittleEndian.PutUint64(sid[:], id)
 	return sid
diff --git a/vendor/go.opencensus.io/trace/tracestate/tracestate.go b/vendor/go.opencensus.io/trace/tracestate/tracestate.go
new file mode 100644
index 0000000000000..2d6c713eb3a19
--- /dev/null
+++ b/vendor/go.opencensus.io/trace/tracestate/tracestate.go
@@ -0,0 +1,147 @@
+// Copyright 2018, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package tracestate implements support for the Tracestate header of the
+// W3C TraceContext propagation format.
+package tracestate
+
+import (
+	"fmt"
+	"regexp"
+)
+
+const (
+	keyMaxSize       = 256
+	valueMaxSize     = 256
+	maxKeyValuePairs = 32
+)
+
+const (
+	keyWithoutVendorFormat = `[a-z][_0-9a-z\-\*\/]{0,255}`
+	keyWithVendorFormat    = `[a-z][_0-9a-z\-\*\/]{0,240}@[a-z][_0-9a-z\-\*\/]{0,13}`
+	keyFormat              = `(` + keyWithoutVendorFormat + `)|(` + keyWithVendorFormat + `)`
+	valueFormat            = `[\x20-\x2b\x2d-\x3c\x3e-\x7e]{0,255}[\x21-\x2b\x2d-\x3c\x3e-\x7e]`
+)
+
+var keyValidationRegExp = regexp.MustCompile(`^(` + keyFormat + `)$`)
+var valueValidationRegExp = regexp.MustCompile(`^(` + valueFormat + `)$`)
+
+// Tracestate represents tracing-system specific context in a list of key-value pairs. Tracestate allows different
+// vendors propagate additional information and inter-operate with their legacy Id formats.
+type Tracestate struct {
+	entries []Entry
+}
+
+// Entry represents one key-value pair in a list of key-value pair of Tracestate.
+type Entry struct {
+	// Key is an opaque string up to 256 characters printable. It MUST begin with a lowercase letter,
+	// and can only contain lowercase letters a-z, digits 0-9, underscores _, dashes -, asterisks *, and
+	// forward slashes /.
+	Key string
+
+	// Value is an opaque string up to 256 characters printable ASCII RFC0020 characters (i.e., the
+	// range 0x20 to 0x7E) except comma , and =.
+	Value string
+}
+
+// Entries returns a slice of Entry.
+func (ts *Tracestate) Entries() []Entry {
+	if ts == nil {
+		return nil
+	}
+	return ts.entries
+}
+
+func (ts *Tracestate) remove(key string) *Entry {
+	for index, entry := range ts.entries {
+		if entry.Key == key {
+			ts.entries = append(ts.entries[:index], ts.entries[index+1:]...)
+			return &entry
+		}
+	}
+	return nil
+}
+
+func (ts *Tracestate) add(entries []Entry) error {
+	for _, entry := range entries {
+		ts.remove(entry.Key)
+	}
+	if len(ts.entries)+len(entries) > maxKeyValuePairs {
+		return fmt.Errorf("adding %d key-value pairs to current %d pairs exceeds the limit of %d",
+			len(entries), len(ts.entries), maxKeyValuePairs)
+	}
+	ts.entries = append(entries, ts.entries...)
+	return nil
+}
+
+func isValid(entry Entry) bool {
+	return keyValidationRegExp.MatchString(entry.Key) &&
+		valueValidationRegExp.MatchString(entry.Value)
+}
+
+func containsDuplicateKey(entries ...Entry) (string, bool) {
+	keyMap := make(map[string]int)
+	for _, entry := range entries {
+		if _, ok := keyMap[entry.Key]; ok {
+			return entry.Key, true
+		}
+		keyMap[entry.Key] = 1
+	}
+	return "", false
+}
+
+func areEntriesValid(entries ...Entry) (*Entry, bool) {
+	for _, entry := range entries {
+		if !isValid(entry) {
+			return &entry, false
+		}
+	}
+	return nil, true
+}
+
+// New creates a Tracestate object from a parent and/or entries (key-value pair).
+// Entries from the parent are copied if present. The entries passed to this function
+// are inserted in front of those copied from the parent. If an entry copied from the
+// parent contains the same key as one of the entry in entries then the entry copied
+// from the parent is removed. See add func.
+//
+// An error is returned with nil Tracestate if
+//  1. one or more entry in entries is invalid.
+//  2. two or more entries in the input entries have the same key.
+//  3. the number of entries combined from the parent and the input entries exceeds maxKeyValuePairs.
+//     (duplicate entry is counted only once).
+func New(parent *Tracestate, entries ...Entry) (*Tracestate, error) {
+	if parent == nil && len(entries) == 0 {
+		return nil, nil
+	}
+	if entry, ok := areEntriesValid(entries...); !ok {
+		return nil, fmt.Errorf("key-value pair {%s, %s} is invalid", entry.Key, entry.Value)
+	}
+
+	if key, duplicate := containsDuplicateKey(entries...); duplicate {
+		return nil, fmt.Errorf("contains duplicate keys (%s)", key)
+	}
+
+	tracestate := Tracestate{}
+
+	if parent != nil && len(parent.entries) > 0 {
+		tracestate.entries = append([]Entry{}, parent.entries...)
+	}
+
+	err := tracestate.add(entries)
+	if err != nil {
+		return nil, err
+	}
+	return &tracestate, nil
+}
diff --git a/vendor/golang.org/x/crypto/README.md b/vendor/golang.org/x/crypto/README.md
index c9d6fecd1e5f3..92f73cdfbfeeb 100644
--- a/vendor/golang.org/x/crypto/README.md
+++ b/vendor/golang.org/x/crypto/README.md
@@ -1,5 +1,7 @@
 # Go Cryptography
 
+[![Go Reference](https://pkg.go.dev/badge/golang.org/x/crypto.svg)](https://pkg.go.dev/golang.org/x/crypto)
+
 This repository holds supplementary Go cryptography libraries.
 
 ## Download/Install
diff --git a/vendor/golang.org/x/crypto/blowfish/block.go b/vendor/golang.org/x/crypto/blowfish/block.go
new file mode 100644
index 0000000000000..9d80f19521b46
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/block.go
@@ -0,0 +1,159 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blowfish
+
+// getNextWord returns the next big-endian uint32 value from the byte slice
+// at the given position in a circular manner, updating the position.
+func getNextWord(b []byte, pos *int) uint32 {
+	var w uint32
+	j := *pos
+	for i := 0; i < 4; i++ {
+		w = w<<8 | uint32(b[j])
+		j++
+		if j >= len(b) {
+			j = 0
+		}
+	}
+	*pos = j
+	return w
+}
+
+// ExpandKey performs a key expansion on the given *Cipher. Specifically, it
+// performs the Blowfish algorithm's key schedule which sets up the *Cipher's
+// pi and substitution tables for calls to Encrypt. This is used, primarily,
+// by the bcrypt package to reuse the Blowfish key schedule during its
+// set up. It's unlikely that you need to use this directly.
+func ExpandKey(key []byte, c *Cipher) {
+	j := 0
+	for i := 0; i < 18; i++ {
+		// Using inlined getNextWord for performance.
+		var d uint32
+		for k := 0; k < 4; k++ {
+			d = d<<8 | uint32(key[j])
+			j++
+			if j >= len(key) {
+				j = 0
+			}
+		}
+		c.p[i] ^= d
+	}
+
+	var l, r uint32
+	for i := 0; i < 18; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.p[i], c.p[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.s0[i], c.s0[i+1] = l, r
+	}
+	for i := 0; i < 256; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.s1[i], c.s1[i+1] = l, r
+	}
+	for i := 0; i < 256; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.s2[i], c.s2[i+1] = l, r
+	}
+	for i := 0; i < 256; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.s3[i], c.s3[i+1] = l, r
+	}
+}
+
+// This is similar to ExpandKey, but folds the salt during the key
+// schedule. While ExpandKey is essentially expandKeyWithSalt with an all-zero
+// salt passed in, reusing ExpandKey turns out to be a place of inefficiency
+// and specializing it here is useful.
+func expandKeyWithSalt(key []byte, salt []byte, c *Cipher) {
+	j := 0
+	for i := 0; i < 18; i++ {
+		c.p[i] ^= getNextWord(key, &j)
+	}
+
+	j = 0
+	var l, r uint32
+	for i := 0; i < 18; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.p[i], c.p[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.s0[i], c.s0[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.s1[i], c.s1[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.s2[i], c.s2[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.s3[i], c.s3[i+1] = l, r
+	}
+}
+
+func encryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
+	xl, xr := l, r
+	xl ^= c.p[0]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[1]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[2]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[3]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[4]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[5]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[6]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[7]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[8]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[9]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[10]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[11]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[12]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[13]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[14]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[15]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[16]
+	xr ^= c.p[17]
+	return xr, xl
+}
+
+func decryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
+	xl, xr := l, r
+	xl ^= c.p[17]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[16]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[15]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[14]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[13]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[12]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[11]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[10]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[9]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[8]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[7]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[6]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[5]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[4]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[3]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[2]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[1]
+	xr ^= c.p[0]
+	return xr, xl
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/cipher.go b/vendor/golang.org/x/crypto/blowfish/cipher.go
new file mode 100644
index 0000000000000..213bf204afea5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/cipher.go
@@ -0,0 +1,99 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
+//
+// Blowfish is a legacy cipher and its short block size makes it vulnerable to
+// birthday bound attacks (see https://sweet32.info). It should only be used
+// where compatibility with legacy systems, not security, is the goal.
+//
+// Deprecated: any new system should use AES (from crypto/aes, if necessary in
+// an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
+// golang.org/x/crypto/chacha20poly1305).
+package blowfish // import "golang.org/x/crypto/blowfish"
+
+// The code is a port of Bruce Schneier's C implementation.
+// See https://www.schneier.com/blowfish.html.
+
+import "strconv"
+
+// The Blowfish block size in bytes.
+const BlockSize = 8
+
+// A Cipher is an instance of Blowfish encryption using a particular key.
+type Cipher struct {
+	p              [18]uint32
+	s0, s1, s2, s3 [256]uint32
+}
+
+type KeySizeError int
+
+func (k KeySizeError) Error() string {
+	return "crypto/blowfish: invalid key size " + strconv.Itoa(int(k))
+}
+
+// NewCipher creates and returns a Cipher.
+// The key argument should be the Blowfish key, from 1 to 56 bytes.
+func NewCipher(key []byte) (*Cipher, error) {
+	var result Cipher
+	if k := len(key); k < 1 || k > 56 {
+		return nil, KeySizeError(k)
+	}
+	initCipher(&result)
+	ExpandKey(key, &result)
+	return &result, nil
+}
+
+// NewSaltedCipher creates a returns a Cipher that folds a salt into its key
+// schedule. For most purposes, NewCipher, instead of NewSaltedCipher, is
+// sufficient and desirable. For bcrypt compatibility, the key can be over 56
+// bytes.
+func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
+	if len(salt) == 0 {
+		return NewCipher(key)
+	}
+	var result Cipher
+	if k := len(key); k < 1 {
+		return nil, KeySizeError(k)
+	}
+	initCipher(&result)
+	expandKeyWithSalt(key, salt, &result)
+	return &result, nil
+}
+
+// BlockSize returns the Blowfish block size, 8 bytes.
+// It is necessary to satisfy the Block interface in the
+// package "crypto/cipher".
+func (c *Cipher) BlockSize() int { return BlockSize }
+
+// Encrypt encrypts the 8-byte buffer src using the key k
+// and stores the result in dst.
+// Note that for amounts of data larger than a block,
+// it is not safe to just call Encrypt on successive blocks;
+// instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
+func (c *Cipher) Encrypt(dst, src []byte) {
+	l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+	r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+	l, r = encryptBlock(l, r, c)
+	dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
+	dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
+}
+
+// Decrypt decrypts the 8-byte buffer src using the key k
+// and stores the result in dst.
+func (c *Cipher) Decrypt(dst, src []byte) {
+	l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+	r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+	l, r = decryptBlock(l, r, c)
+	dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
+	dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
+}
+
+func initCipher(c *Cipher) {
+	copy(c.p[0:], p[0:])
+	copy(c.s0[0:], s0[0:])
+	copy(c.s1[0:], s1[0:])
+	copy(c.s2[0:], s2[0:])
+	copy(c.s3[0:], s3[0:])
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/const.go b/vendor/golang.org/x/crypto/blowfish/const.go
new file mode 100644
index 0000000000000..d04077595abc4
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/const.go
@@ -0,0 +1,199 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// The startup permutation array and substitution boxes.
+// They are the hexadecimal digits of PI; see:
+// https://www.schneier.com/code/constants.txt.
+
+package blowfish
+
+var s0 = [256]uint32{
+	0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
+	0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+	0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,
+	0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+	0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,
+	0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+	0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,
+	0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+	0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,
+	0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+	0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,
+	0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+	0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,
+	0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+	0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,
+	0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+	0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,
+	0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+	0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,
+	0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+	0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,
+	0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+	0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,
+	0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+	0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,
+	0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+	0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,
+	0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+	0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,
+	0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+	0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,
+	0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+	0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,
+	0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+	0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,
+	0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+	0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,
+	0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+	0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,
+	0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+	0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,
+	0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+	0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
+}
+
+var s1 = [256]uint32{
+	0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,
+	0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+	0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,
+	0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+	0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,
+	0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+	0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,
+	0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+	0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,
+	0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+	0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,
+	0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+	0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,
+	0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+	0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,
+	0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+	0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,
+	0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+	0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,
+	0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+	0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,
+	0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+	0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,
+	0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+	0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,
+	0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+	0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,
+	0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+	0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,
+	0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+	0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,
+	0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+	0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,
+	0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+	0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,
+	0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+	0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,
+	0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+	0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,
+	0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+	0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,
+	0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+	0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
+}
+
+var s2 = [256]uint32{
+	0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,
+	0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+	0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,
+	0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+	0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,
+	0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+	0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,
+	0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+	0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,
+	0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+	0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,
+	0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+	0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,
+	0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+	0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,
+	0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+	0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,
+	0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+	0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,
+	0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+	0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,
+	0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+	0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,
+	0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+	0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,
+	0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+	0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,
+	0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+	0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,
+	0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+	0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,
+	0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+	0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,
+	0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+	0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,
+	0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+	0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,
+	0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+	0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,
+	0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+	0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,
+	0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+	0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
+}
+
+var s3 = [256]uint32{
+	0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,
+	0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+	0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,
+	0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+	0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,
+	0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+	0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,
+	0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+	0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,
+	0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+	0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,
+	0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+	0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,
+	0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+	0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,
+	0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+	0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,
+	0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+	0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,
+	0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+	0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,
+	0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+	0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,
+	0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+	0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,
+	0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+	0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,
+	0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+	0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,
+	0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+	0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,
+	0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+	0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,
+	0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+	0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,
+	0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+	0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,
+	0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+	0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,
+	0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+	0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,
+	0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+	0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6,
+}
+
+var p = [18]uint32{
+	0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,
+	0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+	0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b,
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
new file mode 100644
index 0000000000000..94c71ac1ac863
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.11 && gc && !purego
+// +build go1.11,gc,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
new file mode 100644
index 0000000000000..8fb49a13e3bf2
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
@@ -0,0 +1,307 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.11,gc,!purego
+
+#include "textflag.h"
+
+#define NUM_ROUNDS 10
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+	MOVD	dst+0(FP), R1
+	MOVD	src+24(FP), R2
+	MOVD	src_len+32(FP), R3
+	MOVD	key+48(FP), R4
+	MOVD	nonce+56(FP), R6
+	MOVD	counter+64(FP), R7
+
+	MOVD	$·constants(SB), R10
+	MOVD	$·incRotMatrix(SB), R11
+
+	MOVW	(R7), R20
+
+	AND	$~255, R3, R13
+	ADD	R2, R13, R12 // R12 for block end
+	AND	$255, R3, R13
+loop:
+	MOVD	$NUM_ROUNDS, R21
+	VLD1	(R11), [V30.S4, V31.S4]
+
+	// load contants
+	// VLD4R (R10), [V0.S4, V1.S4, V2.S4, V3.S4]
+	WORD	$0x4D60E940
+
+	// load keys
+	// VLD4R 16(R4), [V4.S4, V5.S4, V6.S4, V7.S4]
+	WORD	$0x4DFFE884
+	// VLD4R 16(R4), [V8.S4, V9.S4, V10.S4, V11.S4]
+	WORD	$0x4DFFE888
+	SUB	$32, R4
+
+	// load counter + nonce
+	// VLD1R (R7), [V12.S4]
+	WORD	$0x4D40C8EC
+
+	// VLD3R (R6), [V13.S4, V14.S4, V15.S4]
+	WORD	$0x4D40E8CD
+
+	// update counter
+	VADD	V30.S4, V12.S4, V12.S4
+
+chacha:
+	// V0..V3 += V4..V7
+	// V12..V15 <<<= ((V12..V15 XOR V0..V3), 16)
+	VADD	V0.S4, V4.S4, V0.S4
+	VADD	V1.S4, V5.S4, V1.S4
+	VADD	V2.S4, V6.S4, V2.S4
+	VADD	V3.S4, V7.S4, V3.S4
+	VEOR	V12.B16, V0.B16, V12.B16
+	VEOR	V13.B16, V1.B16, V13.B16
+	VEOR	V14.B16, V2.B16, V14.B16
+	VEOR	V15.B16, V3.B16, V15.B16
+	VREV32	V12.H8, V12.H8
+	VREV32	V13.H8, V13.H8
+	VREV32	V14.H8, V14.H8
+	VREV32	V15.H8, V15.H8
+	// V8..V11 += V12..V15
+	// V4..V7 <<<= ((V4..V7 XOR V8..V11), 12)
+	VADD	V8.S4, V12.S4, V8.S4
+	VADD	V9.S4, V13.S4, V9.S4
+	VADD	V10.S4, V14.S4, V10.S4
+	VADD	V11.S4, V15.S4, V11.S4
+	VEOR	V8.B16, V4.B16, V16.B16
+	VEOR	V9.B16, V5.B16, V17.B16
+	VEOR	V10.B16, V6.B16, V18.B16
+	VEOR	V11.B16, V7.B16, V19.B16
+	VSHL	$12, V16.S4, V4.S4
+	VSHL	$12, V17.S4, V5.S4
+	VSHL	$12, V18.S4, V6.S4
+	VSHL	$12, V19.S4, V7.S4
+	VSRI	$20, V16.S4, V4.S4
+	VSRI	$20, V17.S4, V5.S4
+	VSRI	$20, V18.S4, V6.S4
+	VSRI	$20, V19.S4, V7.S4
+
+	// V0..V3 += V4..V7
+	// V12..V15 <<<= ((V12..V15 XOR V0..V3), 8)
+	VADD	V0.S4, V4.S4, V0.S4
+	VADD	V1.S4, V5.S4, V1.S4
+	VADD	V2.S4, V6.S4, V2.S4
+	VADD	V3.S4, V7.S4, V3.S4
+	VEOR	V12.B16, V0.B16, V12.B16
+	VEOR	V13.B16, V1.B16, V13.B16
+	VEOR	V14.B16, V2.B16, V14.B16
+	VEOR	V15.B16, V3.B16, V15.B16
+	VTBL	V31.B16, [V12.B16], V12.B16
+	VTBL	V31.B16, [V13.B16], V13.B16
+	VTBL	V31.B16, [V14.B16], V14.B16
+	VTBL	V31.B16, [V15.B16], V15.B16
+
+	// V8..V11 += V12..V15
+	// V4..V7 <<<= ((V4..V7 XOR V8..V11), 7)
+	VADD	V12.S4, V8.S4, V8.S4
+	VADD	V13.S4, V9.S4, V9.S4
+	VADD	V14.S4, V10.S4, V10.S4
+	VADD	V15.S4, V11.S4, V11.S4
+	VEOR	V8.B16, V4.B16, V16.B16
+	VEOR	V9.B16, V5.B16, V17.B16
+	VEOR	V10.B16, V6.B16, V18.B16
+	VEOR	V11.B16, V7.B16, V19.B16
+	VSHL	$7, V16.S4, V4.S4
+	VSHL	$7, V17.S4, V5.S4
+	VSHL	$7, V18.S4, V6.S4
+	VSHL	$7, V19.S4, V7.S4
+	VSRI	$25, V16.S4, V4.S4
+	VSRI	$25, V17.S4, V5.S4
+	VSRI	$25, V18.S4, V6.S4
+	VSRI	$25, V19.S4, V7.S4
+
+	// V0..V3 += V5..V7, V4
+	// V15,V12-V14 <<<= ((V15,V12-V14 XOR V0..V3), 16)
+	VADD	V0.S4, V5.S4, V0.S4
+	VADD	V1.S4, V6.S4, V1.S4
+	VADD	V2.S4, V7.S4, V2.S4
+	VADD	V3.S4, V4.S4, V3.S4
+	VEOR	V15.B16, V0.B16, V15.B16
+	VEOR	V12.B16, V1.B16, V12.B16
+	VEOR	V13.B16, V2.B16, V13.B16
+	VEOR	V14.B16, V3.B16, V14.B16
+	VREV32	V12.H8, V12.H8
+	VREV32	V13.H8, V13.H8
+	VREV32	V14.H8, V14.H8
+	VREV32	V15.H8, V15.H8
+
+	// V10 += V15; V5 <<<= ((V10 XOR V5), 12)
+	// ...
+	VADD	V15.S4, V10.S4, V10.S4
+	VADD	V12.S4, V11.S4, V11.S4
+	VADD	V13.S4, V8.S4, V8.S4
+	VADD	V14.S4, V9.S4, V9.S4
+	VEOR	V10.B16, V5.B16, V16.B16
+	VEOR	V11.B16, V6.B16, V17.B16
+	VEOR	V8.B16, V7.B16, V18.B16
+	VEOR	V9.B16, V4.B16, V19.B16
+	VSHL	$12, V16.S4, V5.S4
+	VSHL	$12, V17.S4, V6.S4
+	VSHL	$12, V18.S4, V7.S4
+	VSHL	$12, V19.S4, V4.S4
+	VSRI	$20, V16.S4, V5.S4
+	VSRI	$20, V17.S4, V6.S4
+	VSRI	$20, V18.S4, V7.S4
+	VSRI	$20, V19.S4, V4.S4
+
+	// V0 += V5; V15 <<<= ((V0 XOR V15), 8)
+	// ...
+	VADD	V5.S4, V0.S4, V0.S4
+	VADD	V6.S4, V1.S4, V1.S4
+	VADD	V7.S4, V2.S4, V2.S4
+	VADD	V4.S4, V3.S4, V3.S4
+	VEOR	V0.B16, V15.B16, V15.B16
+	VEOR	V1.B16, V12.B16, V12.B16
+	VEOR	V2.B16, V13.B16, V13.B16
+	VEOR	V3.B16, V14.B16, V14.B16
+	VTBL	V31.B16, [V12.B16], V12.B16
+	VTBL	V31.B16, [V13.B16], V13.B16
+	VTBL	V31.B16, [V14.B16], V14.B16
+	VTBL	V31.B16, [V15.B16], V15.B16
+
+	// V10 += V15; V5 <<<= ((V10 XOR V5), 7)
+	// ...
+	VADD	V15.S4, V10.S4, V10.S4
+	VADD	V12.S4, V11.S4, V11.S4
+	VADD	V13.S4, V8.S4, V8.S4
+	VADD	V14.S4, V9.S4, V9.S4
+	VEOR	V10.B16, V5.B16, V16.B16
+	VEOR	V11.B16, V6.B16, V17.B16
+	VEOR	V8.B16, V7.B16, V18.B16
+	VEOR	V9.B16, V4.B16, V19.B16
+	VSHL	$7, V16.S4, V5.S4
+	VSHL	$7, V17.S4, V6.S4
+	VSHL	$7, V18.S4, V7.S4
+	VSHL	$7, V19.S4, V4.S4
+	VSRI	$25, V16.S4, V5.S4
+	VSRI	$25, V17.S4, V6.S4
+	VSRI	$25, V18.S4, V7.S4
+	VSRI	$25, V19.S4, V4.S4
+
+	SUB	$1, R21
+	CBNZ	R21, chacha
+
+	// VLD4R (R10), [V16.S4, V17.S4, V18.S4, V19.S4]
+	WORD	$0x4D60E950
+
+	// VLD4R 16(R4), [V20.S4, V21.S4, V22.S4, V23.S4]
+	WORD	$0x4DFFE894
+	VADD	V30.S4, V12.S4, V12.S4
+	VADD	V16.S4, V0.S4, V0.S4
+	VADD	V17.S4, V1.S4, V1.S4
+	VADD	V18.S4, V2.S4, V2.S4
+	VADD	V19.S4, V3.S4, V3.S4
+	// VLD4R 16(R4), [V24.S4, V25.S4, V26.S4, V27.S4]
+	WORD	$0x4DFFE898
+	// restore R4
+	SUB	$32, R4
+
+	// load counter + nonce
+	// VLD1R (R7), [V28.S4]
+	WORD	$0x4D40C8FC
+	// VLD3R (R6), [V29.S4, V30.S4, V31.S4]
+	WORD	$0x4D40E8DD
+
+	VADD	V20.S4, V4.S4, V4.S4
+	VADD	V21.S4, V5.S4, V5.S4
+	VADD	V22.S4, V6.S4, V6.S4
+	VADD	V23.S4, V7.S4, V7.S4
+	VADD	V24.S4, V8.S4, V8.S4
+	VADD	V25.S4, V9.S4, V9.S4
+	VADD	V26.S4, V10.S4, V10.S4
+	VADD	V27.S4, V11.S4, V11.S4
+	VADD	V28.S4, V12.S4, V12.S4
+	VADD	V29.S4, V13.S4, V13.S4
+	VADD	V30.S4, V14.S4, V14.S4
+	VADD	V31.S4, V15.S4, V15.S4
+
+	VZIP1	V1.S4, V0.S4, V16.S4
+	VZIP2	V1.S4, V0.S4, V17.S4
+	VZIP1	V3.S4, V2.S4, V18.S4
+	VZIP2	V3.S4, V2.S4, V19.S4
+	VZIP1	V5.S4, V4.S4, V20.S4
+	VZIP2	V5.S4, V4.S4, V21.S4
+	VZIP1	V7.S4, V6.S4, V22.S4
+	VZIP2	V7.S4, V6.S4, V23.S4
+	VZIP1	V9.S4, V8.S4, V24.S4
+	VZIP2	V9.S4, V8.S4, V25.S4
+	VZIP1	V11.S4, V10.S4, V26.S4
+	VZIP2	V11.S4, V10.S4, V27.S4
+	VZIP1	V13.S4, V12.S4, V28.S4
+	VZIP2	V13.S4, V12.S4, V29.S4
+	VZIP1	V15.S4, V14.S4, V30.S4
+	VZIP2	V15.S4, V14.S4, V31.S4
+	VZIP1	V18.D2, V16.D2, V0.D2
+	VZIP2	V18.D2, V16.D2, V4.D2
+	VZIP1	V19.D2, V17.D2, V8.D2
+	VZIP2	V19.D2, V17.D2, V12.D2
+	VLD1.P	64(R2), [V16.B16, V17.B16, V18.B16, V19.B16]
+
+	VZIP1	V22.D2, V20.D2, V1.D2
+	VZIP2	V22.D2, V20.D2, V5.D2
+	VZIP1	V23.D2, V21.D2, V9.D2
+	VZIP2	V23.D2, V21.D2, V13.D2
+	VLD1.P	64(R2), [V20.B16, V21.B16, V22.B16, V23.B16]
+	VZIP1	V26.D2, V24.D2, V2.D2
+	VZIP2	V26.D2, V24.D2, V6.D2
+	VZIP1	V27.D2, V25.D2, V10.D2
+	VZIP2	V27.D2, V25.D2, V14.D2
+	VLD1.P	64(R2), [V24.B16, V25.B16, V26.B16, V27.B16]
+	VZIP1	V30.D2, V28.D2, V3.D2
+	VZIP2	V30.D2, V28.D2, V7.D2
+	VZIP1	V31.D2, V29.D2, V11.D2
+	VZIP2	V31.D2, V29.D2, V15.D2
+	VLD1.P	64(R2), [V28.B16, V29.B16, V30.B16, V31.B16]
+	VEOR	V0.B16, V16.B16, V16.B16
+	VEOR	V1.B16, V17.B16, V17.B16
+	VEOR	V2.B16, V18.B16, V18.B16
+	VEOR	V3.B16, V19.B16, V19.B16
+	VST1.P	[V16.B16, V17.B16, V18.B16, V19.B16], 64(R1)
+	VEOR	V4.B16, V20.B16, V20.B16
+	VEOR	V5.B16, V21.B16, V21.B16
+	VEOR	V6.B16, V22.B16, V22.B16
+	VEOR	V7.B16, V23.B16, V23.B16
+	VST1.P	[V20.B16, V21.B16, V22.B16, V23.B16], 64(R1)
+	VEOR	V8.B16, V24.B16, V24.B16
+	VEOR	V9.B16, V25.B16, V25.B16
+	VEOR	V10.B16, V26.B16, V26.B16
+	VEOR	V11.B16, V27.B16, V27.B16
+	VST1.P	[V24.B16, V25.B16, V26.B16, V27.B16], 64(R1)
+	VEOR	V12.B16, V28.B16, V28.B16
+	VEOR	V13.B16, V29.B16, V29.B16
+	VEOR	V14.B16, V30.B16, V30.B16
+	VEOR	V15.B16, V31.B16, V31.B16
+	VST1.P	[V28.B16, V29.B16, V30.B16, V31.B16], 64(R1)
+
+	ADD	$4, R20
+	MOVW	R20, (R7) // update counter
+
+	CMP	R2, R12
+	BGT	loop
+
+	RET
+
+
+DATA	·constants+0x00(SB)/4, $0x61707865
+DATA	·constants+0x04(SB)/4, $0x3320646e
+DATA	·constants+0x08(SB)/4, $0x79622d32
+DATA	·constants+0x0c(SB)/4, $0x6b206574
+GLOBL	·constants(SB), NOPTR|RODATA, $32
+
+DATA	·incRotMatrix+0x00(SB)/4, $0x00000000
+DATA	·incRotMatrix+0x04(SB)/4, $0x00000001
+DATA	·incRotMatrix+0x08(SB)/4, $0x00000002
+DATA	·incRotMatrix+0x0c(SB)/4, $0x00000003
+DATA	·incRotMatrix+0x10(SB)/4, $0x02010003
+DATA	·incRotMatrix+0x14(SB)/4, $0x06050407
+DATA	·incRotMatrix+0x18(SB)/4, $0x0A09080B
+DATA	·incRotMatrix+0x1c(SB)/4, $0x0E0D0C0F
+GLOBL	·incRotMatrix(SB), NOPTR|RODATA, $32
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
new file mode 100644
index 0000000000000..a2ecf5c325b91
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
@@ -0,0 +1,398 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms
+// as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
+package chacha20
+
+import (
+	"crypto/cipher"
+	"encoding/binary"
+	"errors"
+	"math/bits"
+
+	"golang.org/x/crypto/internal/subtle"
+)
+
+const (
+	// KeySize is the size of the key used by this cipher, in bytes.
+	KeySize = 32
+
+	// NonceSize is the size of the nonce used with the standard variant of this
+	// cipher, in bytes.
+	//
+	// Note that this is too short to be safely generated at random if the same
+	// key is reused more than 2³² times.
+	NonceSize = 12
+
+	// NonceSizeX is the size of the nonce used with the XChaCha20 variant of
+	// this cipher, in bytes.
+	NonceSizeX = 24
+)
+
+// Cipher is a stateful instance of ChaCha20 or XChaCha20 using a particular key
+// and nonce. A *Cipher implements the cipher.Stream interface.
+type Cipher struct {
+	// The ChaCha20 state is 16 words: 4 constant, 8 of key, 1 of counter
+	// (incremented after each block), and 3 of nonce.
+	key     [8]uint32
+	counter uint32
+	nonce   [3]uint32
+
+	// The last len bytes of buf are leftover key stream bytes from the previous
+	// XORKeyStream invocation. The size of buf depends on how many blocks are
+	// computed at a time by xorKeyStreamBlocks.
+	buf [bufSize]byte
+	len int
+
+	// overflow is set when the counter overflowed, no more blocks can be
+	// generated, and the next XORKeyStream call should panic.
+	overflow bool
+
+	// The counter-independent results of the first round are cached after they
+	// are computed the first time.
+	precompDone      bool
+	p1, p5, p9, p13  uint32
+	p2, p6, p10, p14 uint32
+	p3, p7, p11, p15 uint32
+}
+
+var _ cipher.Stream = (*Cipher)(nil)
+
+// NewUnauthenticatedCipher creates a new ChaCha20 stream cipher with the given
+// 32 bytes key and a 12 or 24 bytes nonce. If a nonce of 24 bytes is provided,
+// the XChaCha20 construction will be used. It returns an error if key or nonce
+// have any other length.
+//
+// Note that ChaCha20, like all stream ciphers, is not authenticated and allows
+// attackers to silently tamper with the plaintext. For this reason, it is more
+// appropriate as a building block than as a standalone encryption mechanism.
+// Instead, consider using package golang.org/x/crypto/chacha20poly1305.
+func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error) {
+	// This function is split into a wrapper so that the Cipher allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	c := &Cipher{}
+	return newUnauthenticatedCipher(c, key, nonce)
+}
+
+func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong key size")
+	}
+	if len(nonce) == NonceSizeX {
+		// XChaCha20 uses the ChaCha20 core to mix 16 bytes of the nonce into a
+		// derived key, allowing it to operate on a nonce of 24 bytes. See
+		// draft-irtf-cfrg-xchacha-01, Section 2.3.
+		key, _ = HChaCha20(key, nonce[0:16])
+		cNonce := make([]byte, NonceSize)
+		copy(cNonce[4:12], nonce[16:24])
+		nonce = cNonce
+	} else if len(nonce) != NonceSize {
+		return nil, errors.New("chacha20: wrong nonce size")
+	}
+
+	key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint
+	c.key = [8]uint32{
+		binary.LittleEndian.Uint32(key[0:4]),
+		binary.LittleEndian.Uint32(key[4:8]),
+		binary.LittleEndian.Uint32(key[8:12]),
+		binary.LittleEndian.Uint32(key[12:16]),
+		binary.LittleEndian.Uint32(key[16:20]),
+		binary.LittleEndian.Uint32(key[20:24]),
+		binary.LittleEndian.Uint32(key[24:28]),
+		binary.LittleEndian.Uint32(key[28:32]),
+	}
+	c.nonce = [3]uint32{
+		binary.LittleEndian.Uint32(nonce[0:4]),
+		binary.LittleEndian.Uint32(nonce[4:8]),
+		binary.LittleEndian.Uint32(nonce[8:12]),
+	}
+	return c, nil
+}
+
+// The constant first 4 words of the ChaCha20 state.
+const (
+	j0 uint32 = 0x61707865 // expa
+	j1 uint32 = 0x3320646e // nd 3
+	j2 uint32 = 0x79622d32 // 2-by
+	j3 uint32 = 0x6b206574 // te k
+)
+
+const blockSize = 64
+
+// quarterRound is the core of ChaCha20. It shuffles the bits of 4 state words.
+// It's executed 4 times for each of the 20 ChaCha20 rounds, operating on all 16
+// words each round, in columnar or diagonal groups of 4 at a time.
+func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 16)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 12)
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 8)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 7)
+	return a, b, c, d
+}
+
+// SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
+// behave as if (64 * counter) bytes had been encrypted so far.
+//
+// To prevent accidental counter reuse, SetCounter panics if counter is less
+// than the current value.
+//
+// Note that the execution time of XORKeyStream is not independent of the
+// counter value.
+func (s *Cipher) SetCounter(counter uint32) {
+	// Internally, s may buffer multiple blocks, which complicates this
+	// implementation slightly. When checking whether the counter has rolled
+	// back, we must use both s.counter and s.len to determine how many blocks
+	// we have already output.
+	outputCounter := s.counter - uint32(s.len)/blockSize
+	if s.overflow || counter < outputCounter {
+		panic("chacha20: SetCounter attempted to rollback counter")
+	}
+
+	// In the general case, we set the new counter value and reset s.len to 0,
+	// causing the next call to XORKeyStream to refill the buffer. However, if
+	// we're advancing within the existing buffer, we can save work by simply
+	// setting s.len.
+	if counter < s.counter {
+		s.len = int(s.counter-counter) * blockSize
+	} else {
+		s.counter = counter
+		s.len = 0
+	}
+}
+
+// XORKeyStream XORs each byte in the given slice with a byte from the
+// cipher's key stream. Dst and src must overlap entirely or not at all.
+//
+// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
+// to pass a dst bigger than src, and in that case, XORKeyStream will
+// only update dst[:len(src)] and will not touch the rest of dst.
+//
+// Multiple calls to XORKeyStream behave as if the concatenation of
+// the src buffers was passed in a single run. That is, Cipher
+// maintains state and does not reset at each XORKeyStream call.
+func (s *Cipher) XORKeyStream(dst, src []byte) {
+	if len(src) == 0 {
+		return
+	}
+	if len(dst) < len(src) {
+		panic("chacha20: output smaller than input")
+	}
+	dst = dst[:len(src)]
+	if subtle.InexactOverlap(dst, src) {
+		panic("chacha20: invalid buffer overlap")
+	}
+
+	// First, drain any remaining key stream from a previous XORKeyStream.
+	if s.len != 0 {
+		keyStream := s.buf[bufSize-s.len:]
+		if len(src) < len(keyStream) {
+			keyStream = keyStream[:len(src)]
+		}
+		_ = src[len(keyStream)-1] // bounds check elimination hint
+		for i, b := range keyStream {
+			dst[i] = src[i] ^ b
+		}
+		s.len -= len(keyStream)
+		dst, src = dst[len(keyStream):], src[len(keyStream):]
+	}
+	if len(src) == 0 {
+		return
+	}
+
+	// If we'd need to let the counter overflow and keep generating output,
+	// panic immediately. If instead we'd only reach the last block, remember
+	// not to generate any more output after the buffer is drained.
+	numBlocks := (uint64(len(src)) + blockSize - 1) / blockSize
+	if s.overflow || uint64(s.counter)+numBlocks > 1<<32 {
+		panic("chacha20: counter overflow")
+	} else if uint64(s.counter)+numBlocks == 1<<32 {
+		s.overflow = true
+	}
+
+	// xorKeyStreamBlocks implementations expect input lengths that are a
+	// multiple of bufSize. Platform-specific ones process multiple blocks at a
+	// time, so have bufSizes that are a multiple of blockSize.
+
+	full := len(src) - len(src)%bufSize
+	if full > 0 {
+		s.xorKeyStreamBlocks(dst[:full], src[:full])
+	}
+	dst, src = dst[full:], src[full:]
+
+	// If using a multi-block xorKeyStreamBlocks would overflow, use the generic
+	// one that does one block at a time.
+	const blocksPerBuf = bufSize / blockSize
+	if uint64(s.counter)+blocksPerBuf > 1<<32 {
+		s.buf = [bufSize]byte{}
+		numBlocks := (len(src) + blockSize - 1) / blockSize
+		buf := s.buf[bufSize-numBlocks*blockSize:]
+		copy(buf, src)
+		s.xorKeyStreamBlocksGeneric(buf, buf)
+		s.len = len(buf) - copy(dst, buf)
+		return
+	}
+
+	// If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and
+	// keep the leftover keystream for the next XORKeyStream invocation.
+	if len(src) > 0 {
+		s.buf = [bufSize]byte{}
+		copy(s.buf[:], src)
+		s.xorKeyStreamBlocks(s.buf[:], s.buf[:])
+		s.len = bufSize - copy(dst, s.buf[:])
+	}
+}
+
+func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
+	if len(dst) != len(src) || len(dst)%blockSize != 0 {
+		panic("chacha20: internal error: wrong dst and/or src length")
+	}
+
+	// To generate each block of key stream, the initial cipher state
+	// (represented below) is passed through 20 rounds of shuffling,
+	// alternatively applying quarterRounds by columns (like 1, 5, 9, 13)
+	// or by diagonals (like 1, 6, 11, 12).
+	//
+	//      0:cccccccc   1:cccccccc   2:cccccccc   3:cccccccc
+	//      4:kkkkkkkk   5:kkkkkkkk   6:kkkkkkkk   7:kkkkkkkk
+	//      8:kkkkkkkk   9:kkkkkkkk  10:kkkkkkkk  11:kkkkkkkk
+	//     12:bbbbbbbb  13:nnnnnnnn  14:nnnnnnnn  15:nnnnnnnn
+	//
+	//            c=constant k=key b=blockcount n=nonce
+	var (
+		c0, c1, c2, c3   = j0, j1, j2, j3
+		c4, c5, c6, c7   = s.key[0], s.key[1], s.key[2], s.key[3]
+		c8, c9, c10, c11 = s.key[4], s.key[5], s.key[6], s.key[7]
+		_, c13, c14, c15 = s.counter, s.nonce[0], s.nonce[1], s.nonce[2]
+	)
+
+	// Three quarters of the first round don't depend on the counter, so we can
+	// calculate them here, and reuse them for multiple blocks in the loop, and
+	// for future XORKeyStream invocations.
+	if !s.precompDone {
+		s.p1, s.p5, s.p9, s.p13 = quarterRound(c1, c5, c9, c13)
+		s.p2, s.p6, s.p10, s.p14 = quarterRound(c2, c6, c10, c14)
+		s.p3, s.p7, s.p11, s.p15 = quarterRound(c3, c7, c11, c15)
+		s.precompDone = true
+	}
+
+	// A condition of len(src) > 0 would be sufficient, but this also
+	// acts as a bounds check elimination hint.
+	for len(src) >= 64 && len(dst) >= 64 {
+		// The remainder of the first column round.
+		fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)
+
+		// The second diagonal round.
+		x0, x5, x10, x15 := quarterRound(fcr0, s.p5, s.p10, s.p15)
+		x1, x6, x11, x12 := quarterRound(s.p1, s.p6, s.p11, fcr12)
+		x2, x7, x8, x13 := quarterRound(s.p2, s.p7, fcr8, s.p13)
+		x3, x4, x9, x14 := quarterRound(s.p3, fcr4, s.p9, s.p14)
+
+		// The remaining 18 rounds.
+		for i := 0; i < 9; i++ {
+			// Column round.
+			x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+			x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+			x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+			x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+			// Diagonal round.
+			x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+			x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+			x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+			x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+		}
+
+		// Add back the initial state to generate the key stream, then
+		// XOR the key stream with the source and write out the result.
+		addXor(dst[0:4], src[0:4], x0, c0)
+		addXor(dst[4:8], src[4:8], x1, c1)
+		addXor(dst[8:12], src[8:12], x2, c2)
+		addXor(dst[12:16], src[12:16], x3, c3)
+		addXor(dst[16:20], src[16:20], x4, c4)
+		addXor(dst[20:24], src[20:24], x5, c5)
+		addXor(dst[24:28], src[24:28], x6, c6)
+		addXor(dst[28:32], src[28:32], x7, c7)
+		addXor(dst[32:36], src[32:36], x8, c8)
+		addXor(dst[36:40], src[36:40], x9, c9)
+		addXor(dst[40:44], src[40:44], x10, c10)
+		addXor(dst[44:48], src[44:48], x11, c11)
+		addXor(dst[48:52], src[48:52], x12, s.counter)
+		addXor(dst[52:56], src[52:56], x13, c13)
+		addXor(dst[56:60], src[56:60], x14, c14)
+		addXor(dst[60:64], src[60:64], x15, c15)
+
+		s.counter += 1
+
+		src, dst = src[blockSize:], dst[blockSize:]
+	}
+}
+
+// HChaCha20 uses the ChaCha20 core to generate a derived key from a 32 bytes
+// key and a 16 bytes nonce. It returns an error if key or nonce have any other
+// length. It is used as part of the XChaCha20 construction.
+func HChaCha20(key, nonce []byte) ([]byte, error) {
+	// This function is split into a wrapper so that the slice allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	out := make([]byte, 32)
+	return hChaCha20(out, key, nonce)
+}
+
+func hChaCha20(out, key, nonce []byte) ([]byte, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong HChaCha20 key size")
+	}
+	if len(nonce) != 16 {
+		return nil, errors.New("chacha20: wrong HChaCha20 nonce size")
+	}
+
+	x0, x1, x2, x3 := j0, j1, j2, j3
+	x4 := binary.LittleEndian.Uint32(key[0:4])
+	x5 := binary.LittleEndian.Uint32(key[4:8])
+	x6 := binary.LittleEndian.Uint32(key[8:12])
+	x7 := binary.LittleEndian.Uint32(key[12:16])
+	x8 := binary.LittleEndian.Uint32(key[16:20])
+	x9 := binary.LittleEndian.Uint32(key[20:24])
+	x10 := binary.LittleEndian.Uint32(key[24:28])
+	x11 := binary.LittleEndian.Uint32(key[28:32])
+	x12 := binary.LittleEndian.Uint32(nonce[0:4])
+	x13 := binary.LittleEndian.Uint32(nonce[4:8])
+	x14 := binary.LittleEndian.Uint32(nonce[8:12])
+	x15 := binary.LittleEndian.Uint32(nonce[12:16])
+
+	for i := 0; i < 10; i++ {
+		// Diagonal round.
+		x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+		x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+		x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+		x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+		// Column round.
+		x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+		x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+		x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+		x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+	}
+
+	_ = out[31] // bounds check elimination hint
+	binary.LittleEndian.PutUint32(out[0:4], x0)
+	binary.LittleEndian.PutUint32(out[4:8], x1)
+	binary.LittleEndian.PutUint32(out[8:12], x2)
+	binary.LittleEndian.PutUint32(out[12:16], x3)
+	binary.LittleEndian.PutUint32(out[16:20], x12)
+	binary.LittleEndian.PutUint32(out[20:24], x13)
+	binary.LittleEndian.PutUint32(out[24:28], x14)
+	binary.LittleEndian.PutUint32(out[28:32], x15)
+	return out, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
new file mode 100644
index 0000000000000..025b49897e32b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!arm64 && !s390x && !ppc64le) || (arm64 && !go1.11) || !gc || purego
+// +build !arm64,!s390x,!ppc64le arm64,!go1.11 !gc purego
+
+package chacha20
+
+const bufSize = blockSize
+
+func (s *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	s.xorKeyStreamBlocksGeneric(dst, src)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
new file mode 100644
index 0000000000000..da420b2e97b03
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
@@ -0,0 +1,17 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	chaCha20_ctr32_vsx(&dst[0], &src[0], len(src), &c.key, &c.counter)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
new file mode 100644
index 0000000000000..3dad4b2fa27b6
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
@@ -0,0 +1,449 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on CRYPTOGAMS code with the following comment:
+// # ====================================================================
+// # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// # project. The module is, however, dual licensed under OpenSSL and
+// # CRYPTOGAMS licenses depending on where you obtain it. For further
+// # details see http://www.openssl.org/~appro/cryptogams/.
+// # ====================================================================
+
+// Code for the perl script that generates the ppc64 assembler
+// can be found in the cryptogams repository at the link below. It is based on
+// the original from openssl.
+
+// https://github.com/dot-asm/cryptogams/commit/a60f5b50ed908e91
+
+// The differences in this and the original implementation are
+// due to the calling conventions and initialization of constants.
+
+// +build gc,!purego
+
+#include "textflag.h"
+
+#define OUT  R3
+#define INP  R4
+#define LEN  R5
+#define KEY  R6
+#define CNT  R7
+#define TMP  R15
+
+#define CONSTBASE  R16
+#define BLOCKS R17
+
+DATA consts<>+0x00(SB)/8, $0x3320646e61707865
+DATA consts<>+0x08(SB)/8, $0x6b20657479622d32
+DATA consts<>+0x10(SB)/8, $0x0000000000000001
+DATA consts<>+0x18(SB)/8, $0x0000000000000000
+DATA consts<>+0x20(SB)/8, $0x0000000000000004
+DATA consts<>+0x28(SB)/8, $0x0000000000000000
+DATA consts<>+0x30(SB)/8, $0x0a0b08090e0f0c0d
+DATA consts<>+0x38(SB)/8, $0x0203000106070405
+DATA consts<>+0x40(SB)/8, $0x090a0b080d0e0f0c
+DATA consts<>+0x48(SB)/8, $0x0102030005060704
+DATA consts<>+0x50(SB)/8, $0x6170786561707865
+DATA consts<>+0x58(SB)/8, $0x6170786561707865
+DATA consts<>+0x60(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x68(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x70(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x78(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x80(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x88(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x90(SB)/8, $0x0000000100000000
+DATA consts<>+0x98(SB)/8, $0x0000000300000002
+GLOBL consts<>(SB), RODATA, $0xa0
+
+//func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40
+	MOVD out+0(FP), OUT
+	MOVD inp+8(FP), INP
+	MOVD len+16(FP), LEN
+	MOVD key+24(FP), KEY
+	MOVD counter+32(FP), CNT
+
+	// Addressing for constants
+	MOVD $consts<>+0x00(SB), CONSTBASE
+	MOVD $16, R8
+	MOVD $32, R9
+	MOVD $48, R10
+	MOVD $64, R11
+	SRD $6, LEN, BLOCKS
+	// V16
+	LXVW4X (CONSTBASE)(R0), VS48
+	ADD $80,CONSTBASE
+
+	// Load key into V17,V18
+	LXVW4X (KEY)(R0), VS49
+	LXVW4X (KEY)(R8), VS50
+
+	// Load CNT, NONCE into V19
+	LXVW4X (CNT)(R0), VS51
+
+	// Clear V27
+	VXOR V27, V27, V27
+
+	// V28
+	LXVW4X (CONSTBASE)(R11), VS60
+
+	// splat slot from V19 -> V26
+	VSPLTW $0, V19, V26
+
+	VSLDOI $4, V19, V27, V19
+	VSLDOI $12, V27, V19, V19
+
+	VADDUWM V26, V28, V26
+
+	MOVD $10, R14
+	MOVD R14, CTR
+
+loop_outer_vsx:
+	// V0, V1, V2, V3
+	LXVW4X (R0)(CONSTBASE), VS32
+	LXVW4X (R8)(CONSTBASE), VS33
+	LXVW4X (R9)(CONSTBASE), VS34
+	LXVW4X (R10)(CONSTBASE), VS35
+
+	// splat values from V17, V18 into V4-V11
+	VSPLTW $0, V17, V4
+	VSPLTW $1, V17, V5
+	VSPLTW $2, V17, V6
+	VSPLTW $3, V17, V7
+	VSPLTW $0, V18, V8
+	VSPLTW $1, V18, V9
+	VSPLTW $2, V18, V10
+	VSPLTW $3, V18, V11
+
+	// VOR
+	VOR V26, V26, V12
+
+	// splat values from V19 -> V13, V14, V15
+	VSPLTW $1, V19, V13
+	VSPLTW $2, V19, V14
+	VSPLTW $3, V19, V15
+
+	// splat   const values
+	VSPLTISW $-16, V27
+	VSPLTISW $12, V28
+	VSPLTISW $8, V29
+	VSPLTISW $7, V30
+
+loop_vsx:
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
+
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
+
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+	VRLW V15, V27, V15
+
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
+
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
+
+	VRLW V4, V28, V4
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
+
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
+
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+	VRLW V15, V29, V15
+
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
+
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
+
+	VRLW V4, V30, V4
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
+
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
+
+	VRLW V15, V27, V15
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
+
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
+
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+	VRLW V4, V28, V4
+
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
+
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
+
+	VRLW V15, V29, V15
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
+
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
+
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+	VRLW V4, V30, V4
+	BC   16, LT, loop_vsx
+
+	VADDUWM V12, V26, V12
+
+	WORD $0x13600F8C		// VMRGEW V0, V1, V27
+	WORD $0x13821F8C		// VMRGEW V2, V3, V28
+
+	WORD $0x10000E8C		// VMRGOW V0, V1, V0
+	WORD $0x10421E8C		// VMRGOW V2, V3, V2
+
+	WORD $0x13A42F8C		// VMRGEW V4, V5, V29
+	WORD $0x13C63F8C		// VMRGEW V6, V7, V30
+
+	XXPERMDI VS32, VS34, $0, VS33
+	XXPERMDI VS32, VS34, $3, VS35
+	XXPERMDI VS59, VS60, $0, VS32
+	XXPERMDI VS59, VS60, $3, VS34
+
+	WORD $0x10842E8C		// VMRGOW V4, V5, V4
+	WORD $0x10C63E8C		// VMRGOW V6, V7, V6
+
+	WORD $0x13684F8C		// VMRGEW V8, V9, V27
+	WORD $0x138A5F8C		// VMRGEW V10, V11, V28
+
+	XXPERMDI VS36, VS38, $0, VS37
+	XXPERMDI VS36, VS38, $3, VS39
+	XXPERMDI VS61, VS62, $0, VS36
+	XXPERMDI VS61, VS62, $3, VS38
+
+	WORD $0x11084E8C		// VMRGOW V8, V9, V8
+	WORD $0x114A5E8C		// VMRGOW V10, V11, V10
+
+	WORD $0x13AC6F8C		// VMRGEW V12, V13, V29
+	WORD $0x13CE7F8C		// VMRGEW V14, V15, V30
+
+	XXPERMDI VS40, VS42, $0, VS41
+	XXPERMDI VS40, VS42, $3, VS43
+	XXPERMDI VS59, VS60, $0, VS40
+	XXPERMDI VS59, VS60, $3, VS42
+
+	WORD $0x118C6E8C		// VMRGOW V12, V13, V12
+	WORD $0x11CE7E8C		// VMRGOW V14, V15, V14
+
+	VSPLTISW $4, V27
+	VADDUWM V26, V27, V26
+
+	XXPERMDI VS44, VS46, $0, VS45
+	XXPERMDI VS44, VS46, $3, VS47
+	XXPERMDI VS61, VS62, $0, VS44
+	XXPERMDI VS61, VS62, $3, VS46
+
+	VADDUWM V0, V16, V0
+	VADDUWM V4, V17, V4
+	VADDUWM V8, V18, V8
+	VADDUWM V12, V19, V12
+
+	CMPU LEN, $64
+	BLT tail_vsx
+
+	// Bottom of loop
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V1, V16, V0
+	VADDUWM V5, V17, V4
+	VADDUWM V9, V18, V8
+	VADDUWM V13, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+	VXOR   V27, V0, V27
+
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(V10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V2, V16, V0
+	VADDUWM V6, V17, V4
+	VADDUWM V10, V18, V8
+	VADDUWM V14, V19, V12
+
+	CMPU LEN, $64
+	BLT  tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V3, V16, V0
+	VADDUWM V7, V17, V4
+	VADDUWM V11, V18, V8
+	VADDUWM V15, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+
+	MOVD $10, R14
+	MOVD R14, CTR
+	BNE  loop_outer_vsx
+
+done_vsx:
+	// Increment counter by number of 64 byte blocks
+	MOVD (CNT), R14
+	ADD  BLOCKS, R14
+	MOVD R14, (CNT)
+	RET
+
+tail_vsx:
+	ADD  $32, R1, R11
+	MOVD LEN, CTR
+
+	// Save values on stack to copy from
+	STXVW4X VS32, (R11)(R0)
+	STXVW4X VS36, (R11)(R8)
+	STXVW4X VS40, (R11)(R9)
+	STXVW4X VS44, (R11)(R10)
+	ADD $-1, R11, R12
+	ADD $-1, INP
+	ADD $-1, OUT
+
+looptail_vsx:
+	// Copying the result to OUT
+	// in bytes.
+	MOVBZU 1(R12), KEY
+	MOVBZU 1(INP), TMP
+	XOR    KEY, TMP, KEY
+	MOVBU  KEY, 1(OUT)
+	BC     16, LT, looptail_vsx
+
+	// Clear the stack values
+	STXVW4X VS48, (R11)(R0)
+	STXVW4X VS48, (R11)(R8)
+	STXVW4X VS48, (R11)(R9)
+	STXVW4X VS48, (R11)(R10)
+	BR      done_vsx
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
new file mode 100644
index 0000000000000..c5898db465845
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+import "golang.org/x/sys/cpu"
+
+var haveAsm = cpu.S390X.HasVX
+
+const bufSize = 256
+
+// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
+// be called when the vector facility is available. Implementation in asm_s390x.s.
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	if cpu.S390X.HasVX {
+		xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+	} else {
+		c.xorKeyStreamBlocksGeneric(dst, src)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
new file mode 100644
index 0000000000000..818161189bc4b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
@@ -0,0 +1,224 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build gc,!purego
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// This is an implementation of the ChaCha20 encryption algorithm as
+// specified in RFC 7539. It uses vector instructions to compute
+// 4 keystream blocks in parallel (256 bytes) which are then XORed
+// with the bytes in the input slice.
+
+GLOBL ·constants<>(SB), RODATA|NOPTR, $32
+// BSWAP: swap bytes in each 4-byte element
+DATA ·constants<>+0x00(SB)/4, $0x03020100
+DATA ·constants<>+0x04(SB)/4, $0x07060504
+DATA ·constants<>+0x08(SB)/4, $0x0b0a0908
+DATA ·constants<>+0x0c(SB)/4, $0x0f0e0d0c
+// J0: [j0, j1, j2, j3]
+DATA ·constants<>+0x10(SB)/4, $0x61707865
+DATA ·constants<>+0x14(SB)/4, $0x3320646e
+DATA ·constants<>+0x18(SB)/4, $0x79622d32
+DATA ·constants<>+0x1c(SB)/4, $0x6b206574
+
+#define BSWAP V5
+#define J0    V6
+#define KEY0  V7
+#define KEY1  V8
+#define NONCE V9
+#define CTR   V10
+#define M0    V11
+#define M1    V12
+#define M2    V13
+#define M3    V14
+#define INC   V15
+#define X0    V16
+#define X1    V17
+#define X2    V18
+#define X3    V19
+#define X4    V20
+#define X5    V21
+#define X6    V22
+#define X7    V23
+#define X8    V24
+#define X9    V25
+#define X10   V26
+#define X11   V27
+#define X12   V28
+#define X13   V29
+#define X14   V30
+#define X15   V31
+
+#define NUM_ROUNDS 20
+
+#define ROUND4(a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3) \
+	VAF    a1, a0, a0  \
+	VAF    b1, b0, b0  \
+	VAF    c1, c0, c0  \
+	VAF    d1, d0, d0  \
+	VX     a0, a2, a2  \
+	VX     b0, b2, b2  \
+	VX     c0, c2, c2  \
+	VX     d0, d2, d2  \
+	VERLLF $16, a2, a2 \
+	VERLLF $16, b2, b2 \
+	VERLLF $16, c2, c2 \
+	VERLLF $16, d2, d2 \
+	VAF    a2, a3, a3  \
+	VAF    b2, b3, b3  \
+	VAF    c2, c3, c3  \
+	VAF    d2, d3, d3  \
+	VX     a3, a1, a1  \
+	VX     b3, b1, b1  \
+	VX     c3, c1, c1  \
+	VX     d3, d1, d1  \
+	VERLLF $12, a1, a1 \
+	VERLLF $12, b1, b1 \
+	VERLLF $12, c1, c1 \
+	VERLLF $12, d1, d1 \
+	VAF    a1, a0, a0  \
+	VAF    b1, b0, b0  \
+	VAF    c1, c0, c0  \
+	VAF    d1, d0, d0  \
+	VX     a0, a2, a2  \
+	VX     b0, b2, b2  \
+	VX     c0, c2, c2  \
+	VX     d0, d2, d2  \
+	VERLLF $8, a2, a2  \
+	VERLLF $8, b2, b2  \
+	VERLLF $8, c2, c2  \
+	VERLLF $8, d2, d2  \
+	VAF    a2, a3, a3  \
+	VAF    b2, b3, b3  \
+	VAF    c2, c3, c3  \
+	VAF    d2, d3, d3  \
+	VX     a3, a1, a1  \
+	VX     b3, b1, b1  \
+	VX     c3, c1, c1  \
+	VX     d3, d1, d1  \
+	VERLLF $7, a1, a1  \
+	VERLLF $7, b1, b1  \
+	VERLLF $7, c1, c1  \
+	VERLLF $7, d1, d1
+
+#define PERMUTE(mask, v0, v1, v2, v3) \
+	VPERM v0, v0, mask, v0 \
+	VPERM v1, v1, mask, v1 \
+	VPERM v2, v2, mask, v2 \
+	VPERM v3, v3, mask, v3
+
+#define ADDV(x, v0, v1, v2, v3) \
+	VAF x, v0, v0 \
+	VAF x, v1, v1 \
+	VAF x, v2, v2 \
+	VAF x, v3, v3
+
+#define XORV(off, dst, src, v0, v1, v2, v3) \
+	VLM  off(src), M0, M3          \
+	PERMUTE(BSWAP, v0, v1, v2, v3) \
+	VX   v0, M0, M0                \
+	VX   v1, M1, M1                \
+	VX   v2, M2, M2                \
+	VX   v3, M3, M3                \
+	VSTM M0, M3, off(dst)
+
+#define SHUFFLE(a, b, c, d, t, u, v, w) \
+	VMRHF a, c, t \ // t = {a[0], c[0], a[1], c[1]}
+	VMRHF b, d, u \ // u = {b[0], d[0], b[1], d[1]}
+	VMRLF a, c, v \ // v = {a[2], c[2], a[3], c[3]}
+	VMRLF b, d, w \ // w = {b[2], d[2], b[3], d[3]}
+	VMRHF t, u, a \ // a = {a[0], b[0], c[0], d[0]}
+	VMRLF t, u, b \ // b = {a[1], b[1], c[1], d[1]}
+	VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
+	VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+	MOVD $·constants<>(SB), R1
+	MOVD dst+0(FP), R2         // R2=&dst[0]
+	LMG  src+24(FP), R3, R4    // R3=&src[0] R4=len(src)
+	MOVD key+48(FP), R5        // R5=key
+	MOVD nonce+56(FP), R6      // R6=nonce
+	MOVD counter+64(FP), R7    // R7=counter
+
+	// load BSWAP and J0
+	VLM (R1), BSWAP, J0
+
+	// setup
+	MOVD  $95, R0
+	VLM   (R5), KEY0, KEY1
+	VLL   R0, (R6), NONCE
+	VZERO M0
+	VLEIB $7, $32, M0
+	VSRLB M0, NONCE, NONCE
+
+	// initialize counter values
+	VLREPF (R7), CTR
+	VZERO  INC
+	VLEIF  $1, $1, INC
+	VLEIF  $2, $2, INC
+	VLEIF  $3, $3, INC
+	VAF    INC, CTR, CTR
+	VREPIF $4, INC
+
+chacha:
+	VREPF $0, J0, X0
+	VREPF $1, J0, X1
+	VREPF $2, J0, X2
+	VREPF $3, J0, X3
+	VREPF $0, KEY0, X4
+	VREPF $1, KEY0, X5
+	VREPF $2, KEY0, X6
+	VREPF $3, KEY0, X7
+	VREPF $0, KEY1, X8
+	VREPF $1, KEY1, X9
+	VREPF $2, KEY1, X10
+	VREPF $3, KEY1, X11
+	VLR   CTR, X12
+	VREPF $1, NONCE, X13
+	VREPF $2, NONCE, X14
+	VREPF $3, NONCE, X15
+
+	MOVD $(NUM_ROUNDS/2), R1
+
+loop:
+	ROUND4(X0, X4, X12,  X8, X1, X5, X13,  X9, X2, X6, X14, X10, X3, X7, X15, X11)
+	ROUND4(X0, X5, X15, X10, X1, X6, X12, X11, X2, X7, X13, X8,  X3, X4, X14, X9)
+
+	ADD $-1, R1
+	BNE loop
+
+	// decrement length
+	ADD $-256, R4
+
+	// rearrange vectors
+	SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
+	ADDV(J0, X0, X1, X2, X3)
+	SHUFFLE(X4, X5, X6, X7, M0, M1, M2, M3)
+	ADDV(KEY0, X4, X5, X6, X7)
+	SHUFFLE(X8, X9, X10, X11, M0, M1, M2, M3)
+	ADDV(KEY1, X8, X9, X10, X11)
+	VAF CTR, X12, X12
+	SHUFFLE(X12, X13, X14, X15, M0, M1, M2, M3)
+	ADDV(NONCE, X12, X13, X14, X15)
+
+	// increment counters
+	VAF INC, CTR, CTR
+
+	// xor keystream with plaintext
+	XORV(0*64, R2, R3, X0, X4,  X8, X12)
+	XORV(1*64, R2, R3, X1, X5,  X9, X13)
+	XORV(2*64, R2, R3, X2, X6, X10, X14)
+	XORV(3*64, R2, R3, X3, X7, X11, X15)
+
+	// increment pointers
+	MOVD $256(R2), R2
+	MOVD $256(R3), R3
+
+	CMPBNE  R4, $0, chacha
+
+	VSTEF $0, CTR, (R7)
+	RET
diff --git a/vendor/golang.org/x/crypto/chacha20/xor.go b/vendor/golang.org/x/crypto/chacha20/xor.go
new file mode 100644
index 0000000000000..c2d04851e0d13
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/xor.go
@@ -0,0 +1,42 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found src the LICENSE file.
+
+package chacha20
+
+import "runtime"
+
+// Platforms that have fast unaligned 32-bit little endian accesses.
+const unaligned = runtime.GOARCH == "386" ||
+	runtime.GOARCH == "amd64" ||
+	runtime.GOARCH == "arm64" ||
+	runtime.GOARCH == "ppc64le" ||
+	runtime.GOARCH == "s390x"
+
+// addXor reads a little endian uint32 from src, XORs it with (a + b) and
+// places the result in little endian byte order in dst.
+func addXor(dst, src []byte, a, b uint32) {
+	_, _ = src[3], dst[3] // bounds check elimination hint
+	if unaligned {
+		// The compiler should optimize this code into
+		// 32-bit unaligned little endian loads and stores.
+		// TODO: delete once the compiler does a reliably
+		// good job with the generic code below.
+		// See issue #25111 for more details.
+		v := uint32(src[0])
+		v |= uint32(src[1]) << 8
+		v |= uint32(src[2]) << 16
+		v |= uint32(src[3]) << 24
+		v ^= a + b
+		dst[0] = byte(v)
+		dst[1] = byte(v >> 8)
+		dst[2] = byte(v >> 16)
+		dst[3] = byte(v >> 24)
+	} else {
+		a += b
+		dst[0] = src[0] ^ byte(a)
+		dst[1] = src[1] ^ byte(a>>8)
+		dst[2] = src[2] ^ byte(a>>16)
+		dst[3] = src[3] ^ byte(a>>24)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
index 528b9bff671e5..d3596ee66fdb2 100644
--- a/vendor/golang.org/x/crypto/cryptobyte/asn1.go
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
@@ -81,7 +81,7 @@ func (b *Builder) AddASN1BigInt(n *big.Int) {
 			for i := range bytes {
 				bytes[i] ^= 0xff
 			}
-			if bytes[0]&0x80 == 0 {
+			if len(bytes) == 0 || bytes[0]&0x80 == 0 {
 				c.add(0xff)
 			}
 			c.add(bytes...)
@@ -230,12 +230,12 @@ func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) {
 
 // String
 
-// ReadASN1Boolean decodes an ASN.1 INTEGER and converts it to a boolean
+// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean
 // representation into out and advances. It reports whether the read
 // was successful.
 func (s *String) ReadASN1Boolean(out *bool) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.INTEGER) || len(bytes) != 1 {
+	if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 {
 		return false
 	}
 
@@ -470,7 +470,8 @@ func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
 // It reports whether the read was successful.
 func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
+		len(bytes)*8/8 != len(bytes) {
 		return false
 	}
 
@@ -740,7 +741,7 @@ func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
 		length = headerLen + len32
 	}
 
-	if uint32(int(length)) != length || !s.ReadBytes((*[]byte)(out), int(length)) {
+	if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
 		return false
 	}
 	if skipHeader && !out.Skip(int(headerLen)) {
diff --git a/vendor/golang.org/x/crypto/cryptobyte/builder.go b/vendor/golang.org/x/crypto/cryptobyte/builder.go
index 29b4c7641279c..ca7b1db5ce9d1 100644
--- a/vendor/golang.org/x/crypto/cryptobyte/builder.go
+++ b/vendor/golang.org/x/crypto/cryptobyte/builder.go
@@ -50,8 +50,14 @@ func NewFixedBuilder(buffer []byte) *Builder {
 	}
 }
 
+// SetError sets the value to be returned as the error from Bytes. Writes
+// performed after calling SetError are ignored.
+func (b *Builder) SetError(err error) {
+	b.err = err
+}
+
 // Bytes returns the bytes written by the builder or an error if one has
-// occurred during during building.
+// occurred during building.
 func (b *Builder) Bytes() ([]byte, error) {
 	if b.err != nil {
 		return nil, b.err
@@ -94,7 +100,7 @@ func (b *Builder) AddBytes(v []byte) {
 	b.add(v...)
 }
 
-// BuilderContinuation is continuation-passing interface for building
+// BuilderContinuation is a continuation-passing interface for building
 // length-prefixed byte sequences. Builder methods for length-prefixed
 // sequences (AddUint8LengthPrefixed etc) will invoke the BuilderContinuation
 // supplied to them. The child builder passed to the continuation can be used
@@ -268,9 +274,11 @@ func (b *Builder) flushChild() {
 		return
 	}
 
-	if !b.fixedSize {
-		b.result = child.result // In case child reallocated result.
+	if b.fixedSize && &b.result[0] != &child.result[0] {
+		panic("cryptobyte: BuilderContinuation reallocated a fixed-size buffer")
 	}
+
+	b.result = child.result
 }
 
 func (b *Builder) add(bytes ...byte) {
@@ -278,7 +286,7 @@ func (b *Builder) add(bytes ...byte) {
 		return
 	}
 	if b.child != nil {
-		panic("attempted write while child is pending")
+		panic("cryptobyte: attempted write while child is pending")
 	}
 	if len(b.result)+len(bytes) < len(bytes) {
 		b.err = errors.New("cryptobyte: length overflow")
@@ -290,6 +298,26 @@ func (b *Builder) add(bytes ...byte) {
 	b.result = append(b.result, bytes...)
 }
 
+// Unwrite rolls back n bytes written directly to the Builder. An attempt by a
+// child builder passed to a continuation to unwrite bytes from its parent will
+// panic.
+func (b *Builder) Unwrite(n int) {
+	if b.err != nil {
+		return
+	}
+	if b.child != nil {
+		panic("cryptobyte: attempted unwrite while child is pending")
+	}
+	length := len(b.result) - b.pendingLenLen - b.offset
+	if length < 0 {
+		panic("cryptobyte: internal error")
+	}
+	if n > length {
+		panic("cryptobyte: attempted to unwrite more than was written")
+	}
+	b.result = b.result[:len(b.result)-n]
+}
+
 // A MarshalingValue marshals itself into a Builder.
 type MarshalingValue interface {
 	// Marshal is called by Builder.AddValue. It receives a pointer to a builder
diff --git a/vendor/golang.org/x/crypto/cryptobyte/string.go b/vendor/golang.org/x/crypto/cryptobyte/string.go
index 39bf98aeead81..589d297e6be8f 100644
--- a/vendor/golang.org/x/crypto/cryptobyte/string.go
+++ b/vendor/golang.org/x/crypto/cryptobyte/string.go
@@ -24,7 +24,7 @@ type String []byte
 // read advances a String by n bytes and returns them. If less than n bytes
 // remain, it returns nil.
 func (s *String) read(n int) []byte {
-	if len(*s) < n {
+	if len(*s) < n || n < 0 {
 		return nil
 	}
 	v := (*s)[:n]
@@ -105,11 +105,6 @@ func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
 		length = length << 8
 		length = length | uint32(b)
 	}
-	if int(length) < 0 {
-		// This currently cannot overflow because we read uint24 at most, but check
-		// anyway in case that changes in the future.
-		return false
-	}
 	v := s.read(int(length))
 	if v == nil {
 		return false
diff --git a/vendor/golang.org/x/crypto/curve25519/const_amd64.h b/vendor/golang.org/x/crypto/curve25519/const_amd64.h
deleted file mode 100644
index b3f74162f6092..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/const_amd64.h
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-#define REDMASK51     0x0007FFFFFFFFFFFF
diff --git a/vendor/golang.org/x/crypto/curve25519/const_amd64.s b/vendor/golang.org/x/crypto/curve25519/const_amd64.s
deleted file mode 100644
index ee7b4bd5f8e33..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/const_amd64.s
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-// These constants cannot be encoded in non-MOVQ immediates.
-// We access them directly from memory instead.
-
-DATA ·_121666_213(SB)/8, $996687872
-GLOBL ·_121666_213(SB), 8, $8
-
-DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
-GLOBL ·_2P0(SB), 8, $8
-
-DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
-GLOBL ·_2P1234(SB), 8, $8
diff --git a/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s b/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
deleted file mode 100644
index cd793a5b5f2eb..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-// func cswap(inout *[4][5]uint64, v uint64)
-TEXT ·cswap(SB),7,$0
-	MOVQ inout+0(FP),DI
-	MOVQ v+8(FP),SI
-
-	SUBQ $1, SI
-	NOTQ SI
-	MOVQ SI, X15
-	PSHUFD $0x44, X15, X15
-
-	MOVOU 0(DI), X0
-	MOVOU 16(DI), X2
-	MOVOU 32(DI), X4
-	MOVOU 48(DI), X6
-	MOVOU 64(DI), X8
-	MOVOU 80(DI), X1
-	MOVOU 96(DI), X3
-	MOVOU 112(DI), X5
-	MOVOU 128(DI), X7
-	MOVOU 144(DI), X9
-
-	MOVO X1, X10
-	MOVO X3, X11
-	MOVO X5, X12
-	MOVO X7, X13
-	MOVO X9, X14
-
-	PXOR X0, X10
-	PXOR X2, X11
-	PXOR X4, X12
-	PXOR X6, X13
-	PXOR X8, X14
-	PAND X15, X10
-	PAND X15, X11
-	PAND X15, X12
-	PAND X15, X13
-	PAND X15, X14
-	PXOR X10, X0
-	PXOR X10, X1
-	PXOR X11, X2
-	PXOR X11, X3
-	PXOR X12, X4
-	PXOR X12, X5
-	PXOR X13, X6
-	PXOR X13, X7
-	PXOR X14, X8
-	PXOR X14, X9
-
-	MOVOU X0, 0(DI)
-	MOVOU X2, 16(DI)
-	MOVOU X4, 32(DI)
-	MOVOU X6, 48(DI)
-	MOVOU X8, 64(DI)
-	MOVOU X1, 80(DI)
-	MOVOU X3, 96(DI)
-	MOVOU X5, 112(DI)
-	MOVOU X7, 128(DI)
-	MOVOU X9, 144(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519.go b/vendor/golang.org/x/crypto/curve25519/curve25519.go
index cb8fbc57b97a6..4b9a655d1b562 100644
--- a/vendor/golang.org/x/crypto/curve25519/curve25519.go
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519.go
@@ -1,834 +1,95 @@
-// Copyright 2013 The Go Authors. All rights reserved.
+// Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// We have an implementation in amd64 assembly so this code is only run on
-// non-amd64 platforms. The amd64 assembly does not support gccgo.
-// +build !amd64 gccgo appengine
-
-package curve25519
+// Package curve25519 provides an implementation of the X25519 function, which
+// performs scalar multiplication on the elliptic curve known as Curve25519.
+// See RFC 7748.
+package curve25519 // import "golang.org/x/crypto/curve25519"
 
 import (
-	"encoding/binary"
+	"crypto/subtle"
+	"fmt"
 )
 
-// This code is a port of the public domain, "ref10" implementation of
-// curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
-
-// fieldElement represents an element of the field GF(2^255 - 19). An element
-// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
-// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
-// context.
-type fieldElement [10]int32
-
-func feZero(fe *fieldElement) {
-	for i := range fe {
-		fe[i] = 0
-	}
-}
-
-func feOne(fe *fieldElement) {
-	feZero(fe)
-	fe[0] = 1
-}
-
-func feAdd(dst, a, b *fieldElement) {
-	for i := range dst {
-		dst[i] = a[i] + b[i]
-	}
-}
-
-func feSub(dst, a, b *fieldElement) {
-	for i := range dst {
-		dst[i] = a[i] - b[i]
-	}
-}
-
-func feCopy(dst, src *fieldElement) {
-	for i := range dst {
-		dst[i] = src[i]
-	}
-}
-
-// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
-//
-// Preconditions: b in {0,1}.
-func feCSwap(f, g *fieldElement, b int32) {
-	b = -b
-	for i := range f {
-		t := b & (f[i] ^ g[i])
-		f[i] ^= t
-		g[i] ^= t
-	}
-}
-
-// load3 reads a 24-bit, little-endian value from in.
-func load3(in []byte) int64 {
-	var r int64
-	r = int64(in[0])
-	r |= int64(in[1]) << 8
-	r |= int64(in[2]) << 16
-	return r
-}
-
-// load4 reads a 32-bit, little-endian value from in.
-func load4(in []byte) int64 {
-	return int64(binary.LittleEndian.Uint32(in))
-}
-
-func feFromBytes(dst *fieldElement, src *[32]byte) {
-	h0 := load4(src[:])
-	h1 := load3(src[4:]) << 6
-	h2 := load3(src[7:]) << 5
-	h3 := load3(src[10:]) << 3
-	h4 := load3(src[13:]) << 2
-	h5 := load4(src[16:])
-	h6 := load3(src[20:]) << 7
-	h7 := load3(src[23:]) << 5
-	h8 := load3(src[26:]) << 4
-	h9 := load3(src[29:]) << 2
-
-	var carry [10]int64
-	carry[9] = (h9 + 1<<24) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	carry[1] = (h1 + 1<<24) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[3] = (h3 + 1<<24) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[5] = (h5 + 1<<24) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	carry[7] = (h7 + 1<<24) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-
-	carry[0] = (h0 + 1<<25) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[2] = (h2 + 1<<25) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[4] = (h4 + 1<<25) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[6] = (h6 + 1<<25) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	carry[8] = (h8 + 1<<25) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-
-	dst[0] = int32(h0)
-	dst[1] = int32(h1)
-	dst[2] = int32(h2)
-	dst[3] = int32(h3)
-	dst[4] = int32(h4)
-	dst[5] = int32(h5)
-	dst[6] = int32(h6)
-	dst[7] = int32(h7)
-	dst[8] = int32(h8)
-	dst[9] = int32(h9)
-}
-
-// feToBytes marshals h to s.
-// Preconditions:
-//   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-//
-// Write p=2^255-19; q=floor(h/p).
-// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-//
-// Proof:
-//   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
-//   Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
-//
-//   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
-//   Then 0<y<1.
+// ScalarMult sets dst to the product scalar * point.
 //
-//   Write r=h-pq.
-//   Have 0<=r<=p-1=2^255-20.
-//   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-//
-//   Write x=r+19(2^-255)r+y.
-//   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-//
-//   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
-//   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-func feToBytes(s *[32]byte, h *fieldElement) {
-	var carry [10]int32
-
-	q := (19*h[9] + (1 << 24)) >> 25
-	q = (h[0] + q) >> 26
-	q = (h[1] + q) >> 25
-	q = (h[2] + q) >> 26
-	q = (h[3] + q) >> 25
-	q = (h[4] + q) >> 26
-	q = (h[5] + q) >> 25
-	q = (h[6] + q) >> 26
-	q = (h[7] + q) >> 25
-	q = (h[8] + q) >> 26
-	q = (h[9] + q) >> 25
-
-	// Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
-	h[0] += 19 * q
-	// Goal: Output h-2^255 q, which is between 0 and 2^255-20.
-
-	carry[0] = h[0] >> 26
-	h[1] += carry[0]
-	h[0] -= carry[0] << 26
-	carry[1] = h[1] >> 25
-	h[2] += carry[1]
-	h[1] -= carry[1] << 25
-	carry[2] = h[2] >> 26
-	h[3] += carry[2]
-	h[2] -= carry[2] << 26
-	carry[3] = h[3] >> 25
-	h[4] += carry[3]
-	h[3] -= carry[3] << 25
-	carry[4] = h[4] >> 26
-	h[5] += carry[4]
-	h[4] -= carry[4] << 26
-	carry[5] = h[5] >> 25
-	h[6] += carry[5]
-	h[5] -= carry[5] << 25
-	carry[6] = h[6] >> 26
-	h[7] += carry[6]
-	h[6] -= carry[6] << 26
-	carry[7] = h[7] >> 25
-	h[8] += carry[7]
-	h[7] -= carry[7] << 25
-	carry[8] = h[8] >> 26
-	h[9] += carry[8]
-	h[8] -= carry[8] << 26
-	carry[9] = h[9] >> 25
-	h[9] -= carry[9] << 25
-	// h10 = carry9
-
-	// Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
-	// Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
-	// evidently 2^255 h10-2^255 q = 0.
-	// Goal: Output h[0]+...+2^230 h[9].
-
-	s[0] = byte(h[0] >> 0)
-	s[1] = byte(h[0] >> 8)
-	s[2] = byte(h[0] >> 16)
-	s[3] = byte((h[0] >> 24) | (h[1] << 2))
-	s[4] = byte(h[1] >> 6)
-	s[5] = byte(h[1] >> 14)
-	s[6] = byte((h[1] >> 22) | (h[2] << 3))
-	s[7] = byte(h[2] >> 5)
-	s[8] = byte(h[2] >> 13)
-	s[9] = byte((h[2] >> 21) | (h[3] << 5))
-	s[10] = byte(h[3] >> 3)
-	s[11] = byte(h[3] >> 11)
-	s[12] = byte((h[3] >> 19) | (h[4] << 6))
-	s[13] = byte(h[4] >> 2)
-	s[14] = byte(h[4] >> 10)
-	s[15] = byte(h[4] >> 18)
-	s[16] = byte(h[5] >> 0)
-	s[17] = byte(h[5] >> 8)
-	s[18] = byte(h[5] >> 16)
-	s[19] = byte((h[5] >> 24) | (h[6] << 1))
-	s[20] = byte(h[6] >> 7)
-	s[21] = byte(h[6] >> 15)
-	s[22] = byte((h[6] >> 23) | (h[7] << 3))
-	s[23] = byte(h[7] >> 5)
-	s[24] = byte(h[7] >> 13)
-	s[25] = byte((h[7] >> 21) | (h[8] << 4))
-	s[26] = byte(h[8] >> 4)
-	s[27] = byte(h[8] >> 12)
-	s[28] = byte((h[8] >> 20) | (h[9] << 6))
-	s[29] = byte(h[9] >> 2)
-	s[30] = byte(h[9] >> 10)
-	s[31] = byte(h[9] >> 18)
+// Deprecated: when provided a low-order point, ScalarMult will set dst to all
+// zeroes, irrespective of the scalar. Instead, use the X25519 function, which
+// will return an error.
+func ScalarMult(dst, scalar, point *[32]byte) {
+	scalarMult(dst, scalar, point)
 }
 
-// feMul calculates h = f * g
-// Can overlap h with f or g.
-//
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//    |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-//
-// Notes on implementation strategy:
-//
-// Using schoolbook multiplication.
-// Karatsuba would save a little in some cost models.
+// ScalarBaseMult sets dst to the product scalar * base where base is the
+// standard generator.
 //
-// Most multiplications by 2 and 19 are 32-bit precomputations;
-// cheaper than 64-bit postcomputations.
-//
-// There is one remaining multiplication by 19 in the carry chain;
-// one *19 precomputation can be merged into this,
-// but the resulting data flow is considerably less clean.
-//
-// There are 12 carries below.
-// 10 of them are 2-way parallelizable and vectorizable.
-// Can get away with 11 carries, but then data flow is much deeper.
-//
-// With tighter constraints on inputs can squeeze carries into int32.
-func feMul(h, f, g *fieldElement) {
-	f0 := f[0]
-	f1 := f[1]
-	f2 := f[2]
-	f3 := f[3]
-	f4 := f[4]
-	f5 := f[5]
-	f6 := f[6]
-	f7 := f[7]
-	f8 := f[8]
-	f9 := f[9]
-	g0 := g[0]
-	g1 := g[1]
-	g2 := g[2]
-	g3 := g[3]
-	g4 := g[4]
-	g5 := g[5]
-	g6 := g[6]
-	g7 := g[7]
-	g8 := g[8]
-	g9 := g[9]
-	g1_19 := 19 * g1 // 1.4*2^29
-	g2_19 := 19 * g2 // 1.4*2^30; still ok
-	g3_19 := 19 * g3
-	g4_19 := 19 * g4
-	g5_19 := 19 * g5
-	g6_19 := 19 * g6
-	g7_19 := 19 * g7
-	g8_19 := 19 * g8
-	g9_19 := 19 * g9
-	f1_2 := 2 * f1
-	f3_2 := 2 * f3
-	f5_2 := 2 * f5
-	f7_2 := 2 * f7
-	f9_2 := 2 * f9
-	f0g0 := int64(f0) * int64(g0)
-	f0g1 := int64(f0) * int64(g1)
-	f0g2 := int64(f0) * int64(g2)
-	f0g3 := int64(f0) * int64(g3)
-	f0g4 := int64(f0) * int64(g4)
-	f0g5 := int64(f0) * int64(g5)
-	f0g6 := int64(f0) * int64(g6)
-	f0g7 := int64(f0) * int64(g7)
-	f0g8 := int64(f0) * int64(g8)
-	f0g9 := int64(f0) * int64(g9)
-	f1g0 := int64(f1) * int64(g0)
-	f1g1_2 := int64(f1_2) * int64(g1)
-	f1g2 := int64(f1) * int64(g2)
-	f1g3_2 := int64(f1_2) * int64(g3)
-	f1g4 := int64(f1) * int64(g4)
-	f1g5_2 := int64(f1_2) * int64(g5)
-	f1g6 := int64(f1) * int64(g6)
-	f1g7_2 := int64(f1_2) * int64(g7)
-	f1g8 := int64(f1) * int64(g8)
-	f1g9_38 := int64(f1_2) * int64(g9_19)
-	f2g0 := int64(f2) * int64(g0)
-	f2g1 := int64(f2) * int64(g1)
-	f2g2 := int64(f2) * int64(g2)
-	f2g3 := int64(f2) * int64(g3)
-	f2g4 := int64(f2) * int64(g4)
-	f2g5 := int64(f2) * int64(g5)
-	f2g6 := int64(f2) * int64(g6)
-	f2g7 := int64(f2) * int64(g7)
-	f2g8_19 := int64(f2) * int64(g8_19)
-	f2g9_19 := int64(f2) * int64(g9_19)
-	f3g0 := int64(f3) * int64(g0)
-	f3g1_2 := int64(f3_2) * int64(g1)
-	f3g2 := int64(f3) * int64(g2)
-	f3g3_2 := int64(f3_2) * int64(g3)
-	f3g4 := int64(f3) * int64(g4)
-	f3g5_2 := int64(f3_2) * int64(g5)
-	f3g6 := int64(f3) * int64(g6)
-	f3g7_38 := int64(f3_2) * int64(g7_19)
-	f3g8_19 := int64(f3) * int64(g8_19)
-	f3g9_38 := int64(f3_2) * int64(g9_19)
-	f4g0 := int64(f4) * int64(g0)
-	f4g1 := int64(f4) * int64(g1)
-	f4g2 := int64(f4) * int64(g2)
-	f4g3 := int64(f4) * int64(g3)
-	f4g4 := int64(f4) * int64(g4)
-	f4g5 := int64(f4) * int64(g5)
-	f4g6_19 := int64(f4) * int64(g6_19)
-	f4g7_19 := int64(f4) * int64(g7_19)
-	f4g8_19 := int64(f4) * int64(g8_19)
-	f4g9_19 := int64(f4) * int64(g9_19)
-	f5g0 := int64(f5) * int64(g0)
-	f5g1_2 := int64(f5_2) * int64(g1)
-	f5g2 := int64(f5) * int64(g2)
-	f5g3_2 := int64(f5_2) * int64(g3)
-	f5g4 := int64(f5) * int64(g4)
-	f5g5_38 := int64(f5_2) * int64(g5_19)
-	f5g6_19 := int64(f5) * int64(g6_19)
-	f5g7_38 := int64(f5_2) * int64(g7_19)
-	f5g8_19 := int64(f5) * int64(g8_19)
-	f5g9_38 := int64(f5_2) * int64(g9_19)
-	f6g0 := int64(f6) * int64(g0)
-	f6g1 := int64(f6) * int64(g1)
-	f6g2 := int64(f6) * int64(g2)
-	f6g3 := int64(f6) * int64(g3)
-	f6g4_19 := int64(f6) * int64(g4_19)
-	f6g5_19 := int64(f6) * int64(g5_19)
-	f6g6_19 := int64(f6) * int64(g6_19)
-	f6g7_19 := int64(f6) * int64(g7_19)
-	f6g8_19 := int64(f6) * int64(g8_19)
-	f6g9_19 := int64(f6) * int64(g9_19)
-	f7g0 := int64(f7) * int64(g0)
-	f7g1_2 := int64(f7_2) * int64(g1)
-	f7g2 := int64(f7) * int64(g2)
-	f7g3_38 := int64(f7_2) * int64(g3_19)
-	f7g4_19 := int64(f7) * int64(g4_19)
-	f7g5_38 := int64(f7_2) * int64(g5_19)
-	f7g6_19 := int64(f7) * int64(g6_19)
-	f7g7_38 := int64(f7_2) * int64(g7_19)
-	f7g8_19 := int64(f7) * int64(g8_19)
-	f7g9_38 := int64(f7_2) * int64(g9_19)
-	f8g0 := int64(f8) * int64(g0)
-	f8g1 := int64(f8) * int64(g1)
-	f8g2_19 := int64(f8) * int64(g2_19)
-	f8g3_19 := int64(f8) * int64(g3_19)
-	f8g4_19 := int64(f8) * int64(g4_19)
-	f8g5_19 := int64(f8) * int64(g5_19)
-	f8g6_19 := int64(f8) * int64(g6_19)
-	f8g7_19 := int64(f8) * int64(g7_19)
-	f8g8_19 := int64(f8) * int64(g8_19)
-	f8g9_19 := int64(f8) * int64(g9_19)
-	f9g0 := int64(f9) * int64(g0)
-	f9g1_38 := int64(f9_2) * int64(g1_19)
-	f9g2_19 := int64(f9) * int64(g2_19)
-	f9g3_38 := int64(f9_2) * int64(g3_19)
-	f9g4_19 := int64(f9) * int64(g4_19)
-	f9g5_38 := int64(f9_2) * int64(g5_19)
-	f9g6_19 := int64(f9) * int64(g6_19)
-	f9g7_38 := int64(f9_2) * int64(g7_19)
-	f9g8_19 := int64(f9) * int64(g8_19)
-	f9g9_38 := int64(f9_2) * int64(g9_19)
-	h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
-	h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
-	h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
-	h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
-	h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
-	h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
-	h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
-	h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
-	h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
-	h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
-	var carry [10]int64
-
-	// |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
-	//   i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
-	// |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
-	//   i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	// |h0| <= 2^25
-	// |h4| <= 2^25
-	// |h1| <= 1.51*2^58
-	// |h5| <= 1.51*2^58
-
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	// |h1| <= 2^24; from now on fits into int32
-	// |h5| <= 2^24; from now on fits into int32
-	// |h2| <= 1.21*2^59
-	// |h6| <= 1.21*2^59
-
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	// |h2| <= 2^25; from now on fits into int32 unchanged
-	// |h6| <= 2^25; from now on fits into int32 unchanged
-	// |h3| <= 1.51*2^58
-	// |h7| <= 1.51*2^58
-
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-	// |h3| <= 2^24; from now on fits into int32 unchanged
-	// |h7| <= 2^24; from now on fits into int32 unchanged
-	// |h4| <= 1.52*2^33
-	// |h8| <= 1.52*2^33
-
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-	// |h4| <= 2^25; from now on fits into int32 unchanged
-	// |h8| <= 2^25; from now on fits into int32 unchanged
-	// |h5| <= 1.01*2^24
-	// |h9| <= 1.51*2^58
-
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	// |h9| <= 2^24; from now on fits into int32 unchanged
-	// |h0| <= 1.8*2^37
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	// |h0| <= 2^25; from now on fits into int32 unchanged
-	// |h1| <= 1.01*2^24
-
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
+// It is recommended to use the X25519 function with Basepoint instead, as
+// copying into fixed size arrays can lead to unexpected bugs.
+func ScalarBaseMult(dst, scalar *[32]byte) {
+	ScalarMult(dst, scalar, &basePoint)
 }
 
-// feSquare calculates h = f*f. Can overlap h with f.
-//
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-func feSquare(h, f *fieldElement) {
-	f0 := f[0]
-	f1 := f[1]
-	f2 := f[2]
-	f3 := f[3]
-	f4 := f[4]
-	f5 := f[5]
-	f6 := f[6]
-	f7 := f[7]
-	f8 := f[8]
-	f9 := f[9]
-	f0_2 := 2 * f0
-	f1_2 := 2 * f1
-	f2_2 := 2 * f2
-	f3_2 := 2 * f3
-	f4_2 := 2 * f4
-	f5_2 := 2 * f5
-	f6_2 := 2 * f6
-	f7_2 := 2 * f7
-	f5_38 := 38 * f5 // 1.31*2^30
-	f6_19 := 19 * f6 // 1.31*2^30
-	f7_38 := 38 * f7 // 1.31*2^30
-	f8_19 := 19 * f8 // 1.31*2^30
-	f9_38 := 38 * f9 // 1.31*2^30
-	f0f0 := int64(f0) * int64(f0)
-	f0f1_2 := int64(f0_2) * int64(f1)
-	f0f2_2 := int64(f0_2) * int64(f2)
-	f0f3_2 := int64(f0_2) * int64(f3)
-	f0f4_2 := int64(f0_2) * int64(f4)
-	f0f5_2 := int64(f0_2) * int64(f5)
-	f0f6_2 := int64(f0_2) * int64(f6)
-	f0f7_2 := int64(f0_2) * int64(f7)
-	f0f8_2 := int64(f0_2) * int64(f8)
-	f0f9_2 := int64(f0_2) * int64(f9)
-	f1f1_2 := int64(f1_2) * int64(f1)
-	f1f2_2 := int64(f1_2) * int64(f2)
-	f1f3_4 := int64(f1_2) * int64(f3_2)
-	f1f4_2 := int64(f1_2) * int64(f4)
-	f1f5_4 := int64(f1_2) * int64(f5_2)
-	f1f6_2 := int64(f1_2) * int64(f6)
-	f1f7_4 := int64(f1_2) * int64(f7_2)
-	f1f8_2 := int64(f1_2) * int64(f8)
-	f1f9_76 := int64(f1_2) * int64(f9_38)
-	f2f2 := int64(f2) * int64(f2)
-	f2f3_2 := int64(f2_2) * int64(f3)
-	f2f4_2 := int64(f2_2) * int64(f4)
-	f2f5_2 := int64(f2_2) * int64(f5)
-	f2f6_2 := int64(f2_2) * int64(f6)
-	f2f7_2 := int64(f2_2) * int64(f7)
-	f2f8_38 := int64(f2_2) * int64(f8_19)
-	f2f9_38 := int64(f2) * int64(f9_38)
-	f3f3_2 := int64(f3_2) * int64(f3)
-	f3f4_2 := int64(f3_2) * int64(f4)
-	f3f5_4 := int64(f3_2) * int64(f5_2)
-	f3f6_2 := int64(f3_2) * int64(f6)
-	f3f7_76 := int64(f3_2) * int64(f7_38)
-	f3f8_38 := int64(f3_2) * int64(f8_19)
-	f3f9_76 := int64(f3_2) * int64(f9_38)
-	f4f4 := int64(f4) * int64(f4)
-	f4f5_2 := int64(f4_2) * int64(f5)
-	f4f6_38 := int64(f4_2) * int64(f6_19)
-	f4f7_38 := int64(f4) * int64(f7_38)
-	f4f8_38 := int64(f4_2) * int64(f8_19)
-	f4f9_38 := int64(f4) * int64(f9_38)
-	f5f5_38 := int64(f5) * int64(f5_38)
-	f5f6_38 := int64(f5_2) * int64(f6_19)
-	f5f7_76 := int64(f5_2) * int64(f7_38)
-	f5f8_38 := int64(f5_2) * int64(f8_19)
-	f5f9_76 := int64(f5_2) * int64(f9_38)
-	f6f6_19 := int64(f6) * int64(f6_19)
-	f6f7_38 := int64(f6) * int64(f7_38)
-	f6f8_38 := int64(f6_2) * int64(f8_19)
-	f6f9_38 := int64(f6) * int64(f9_38)
-	f7f7_38 := int64(f7) * int64(f7_38)
-	f7f8_38 := int64(f7_2) * int64(f8_19)
-	f7f9_76 := int64(f7_2) * int64(f9_38)
-	f8f8_19 := int64(f8) * int64(f8_19)
-	f8f9_38 := int64(f8) * int64(f9_38)
-	f9f9_38 := int64(f9) * int64(f9_38)
-	h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
-	h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
-	h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
-	h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
-	h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
-	h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
-	h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
-	h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
-	h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
-	h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
-	var carry [10]int64
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
+const (
+	// ScalarSize is the size of the scalar input to X25519.
+	ScalarSize = 32
+	// PointSize is the size of the point input to X25519.
+	PointSize = 32
+)
 
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
+// Basepoint is the canonical Curve25519 generator.
+var Basepoint []byte
 
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
+var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
 
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
+func init() { Basepoint = basePoint[:] }
 
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
+func checkBasepoint() {
+	if subtle.ConstantTimeCompare(Basepoint, []byte{
+		0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	}) != 1 {
+		panic("curve25519: global Basepoint value was modified")
+	}
 }
 
-// feMul121666 calculates h = f * 121666. Can overlap h with f.
+// X25519 returns the result of the scalar multiplication (scalar * point),
+// according to RFC 7748, Section 5. scalar, point and the return value are
+// slices of 32 bytes.
 //
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+// scalar can be generated at random, for example with crypto/rand. point should
+// be either Basepoint or the output of another X25519 call.
 //
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-func feMul121666(h, f *fieldElement) {
-	h0 := int64(f[0]) * 121666
-	h1 := int64(f[1]) * 121666
-	h2 := int64(f[2]) * 121666
-	h3 := int64(f[3]) * 121666
-	h4 := int64(f[4]) * 121666
-	h5 := int64(f[5]) * 121666
-	h6 := int64(f[6]) * 121666
-	h7 := int64(f[7]) * 121666
-	h8 := int64(f[8]) * 121666
-	h9 := int64(f[9]) * 121666
-	var carry [10]int64
-
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
-}
-
-// feInvert sets out = z^-1.
-func feInvert(out, z *fieldElement) {
-	var t0, t1, t2, t3 fieldElement
-	var i int
-
-	feSquare(&t0, z)
-	for i = 1; i < 1; i++ {
-		feSquare(&t0, &t0)
-	}
-	feSquare(&t1, &t0)
-	for i = 1; i < 2; i++ {
-		feSquare(&t1, &t1)
-	}
-	feMul(&t1, z, &t1)
-	feMul(&t0, &t0, &t1)
-	feSquare(&t2, &t0)
-	for i = 1; i < 1; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t1, &t2)
-	feSquare(&t2, &t1)
-	for i = 1; i < 5; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t2, &t1)
-	for i = 1; i < 10; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t2, &t2, &t1)
-	feSquare(&t3, &t2)
-	for i = 1; i < 20; i++ {
-		feSquare(&t3, &t3)
-	}
-	feMul(&t2, &t3, &t2)
-	feSquare(&t2, &t2)
-	for i = 1; i < 10; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t2, &t1)
-	for i = 1; i < 50; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t2, &t2, &t1)
-	feSquare(&t3, &t2)
-	for i = 1; i < 100; i++ {
-		feSquare(&t3, &t3)
-	}
-	feMul(&t2, &t3, &t2)
-	feSquare(&t2, &t2)
-	for i = 1; i < 50; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t1, &t1)
-	for i = 1; i < 5; i++ {
-		feSquare(&t1, &t1)
-	}
-	feMul(out, &t1, &t0)
+// If point is Basepoint (but not if it's a different slice with the same
+// contents) a precomputed implementation might be used for performance.
+func X25519(scalar, point []byte) ([]byte, error) {
+	// Outline the body of function, to let the allocation be inlined in the
+	// caller, and possibly avoid escaping to the heap.
+	var dst [32]byte
+	return x25519(&dst, scalar, point)
 }
 
-func scalarMult(out, in, base *[32]byte) {
-	var e [32]byte
-
-	copy(e[:], in[:])
-	e[0] &= 248
-	e[31] &= 127
-	e[31] |= 64
-
-	var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
-	feFromBytes(&x1, base)
-	feOne(&x2)
-	feCopy(&x3, &x1)
-	feOne(&z3)
-
-	swap := int32(0)
-	for pos := 254; pos >= 0; pos-- {
-		b := e[pos/8] >> uint(pos&7)
-		b &= 1
-		swap ^= int32(b)
-		feCSwap(&x2, &x3, swap)
-		feCSwap(&z2, &z3, swap)
-		swap = int32(b)
-
-		feSub(&tmp0, &x3, &z3)
-		feSub(&tmp1, &x2, &z2)
-		feAdd(&x2, &x2, &z2)
-		feAdd(&z2, &x3, &z3)
-		feMul(&z3, &tmp0, &x2)
-		feMul(&z2, &z2, &tmp1)
-		feSquare(&tmp0, &tmp1)
-		feSquare(&tmp1, &x2)
-		feAdd(&x3, &z3, &z2)
-		feSub(&z2, &z3, &z2)
-		feMul(&x2, &tmp1, &tmp0)
-		feSub(&tmp1, &tmp1, &tmp0)
-		feSquare(&z2, &z2)
-		feMul121666(&z3, &tmp1)
-		feSquare(&x3, &x3)
-		feAdd(&tmp0, &tmp0, &z3)
-		feMul(&z3, &x1, &z2)
-		feMul(&z2, &tmp1, &tmp0)
-	}
-
-	feCSwap(&x2, &x3, swap)
-	feCSwap(&z2, &z3, swap)
-
-	feInvert(&z2, &z2)
-	feMul(&x2, &x2, &z2)
-	feToBytes(out, &x2)
+func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
+	var in [32]byte
+	if l := len(scalar); l != 32 {
+		return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
+	}
+	if l := len(point); l != 32 {
+		return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
+	}
+	copy(in[:], scalar)
+	if &point[0] == &Basepoint[0] {
+		checkBasepoint()
+		ScalarBaseMult(dst, &in)
+	} else {
+		var base, zero [32]byte
+		copy(base[:], point)
+		ScalarMult(dst, &in, &base)
+		if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
+			return nil, fmt.Errorf("bad input point: low order point")
+		}
+	}
+	return dst[:], nil
 }
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
new file mode 100644
index 0000000000000..84858480dff5f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
@@ -0,0 +1,241 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build amd64 && gc && !purego
+// +build amd64,gc,!purego
+
+package curve25519
+
+// These functions are implemented in the .s files. The names of the functions
+// in the rest of the file are also taken from the SUPERCOP sources to help
+// people following along.
+
+//go:noescape
+
+func cswap(inout *[5]uint64, v uint64)
+
+//go:noescape
+
+func ladderstep(inout *[5][5]uint64)
+
+//go:noescape
+
+func freeze(inout *[5]uint64)
+
+//go:noescape
+
+func mul(dest, a, b *[5]uint64)
+
+//go:noescape
+
+func square(out, in *[5]uint64)
+
+// mladder uses a Montgomery ladder to calculate (xr/zr) *= s.
+func mladder(xr, zr *[5]uint64, s *[32]byte) {
+	var work [5][5]uint64
+
+	work[0] = *xr
+	setint(&work[1], 1)
+	setint(&work[2], 0)
+	work[3] = *xr
+	setint(&work[4], 1)
+
+	j := uint(6)
+	var prevbit byte
+
+	for i := 31; i >= 0; i-- {
+		for j < 8 {
+			bit := ((*s)[i] >> j) & 1
+			swap := bit ^ prevbit
+			prevbit = bit
+			cswap(&work[1], uint64(swap))
+			ladderstep(&work)
+			j--
+		}
+		j = 7
+	}
+
+	*xr = work[1]
+	*zr = work[2]
+}
+
+func scalarMult(out, in, base *[32]byte) {
+	var e [32]byte
+	copy(e[:], (*in)[:])
+	e[0] &= 248
+	e[31] &= 127
+	e[31] |= 64
+
+	var t, z [5]uint64
+	unpack(&t, base)
+	mladder(&t, &z, &e)
+	invert(&z, &z)
+	mul(&t, &t, &z)
+	pack(out, &t)
+}
+
+func setint(r *[5]uint64, v uint64) {
+	r[0] = v
+	r[1] = 0
+	r[2] = 0
+	r[3] = 0
+	r[4] = 0
+}
+
+// unpack sets r = x where r consists of 5, 51-bit limbs in little-endian
+// order.
+func unpack(r *[5]uint64, x *[32]byte) {
+	r[0] = uint64(x[0]) |
+		uint64(x[1])<<8 |
+		uint64(x[2])<<16 |
+		uint64(x[3])<<24 |
+		uint64(x[4])<<32 |
+		uint64(x[5])<<40 |
+		uint64(x[6]&7)<<48
+
+	r[1] = uint64(x[6])>>3 |
+		uint64(x[7])<<5 |
+		uint64(x[8])<<13 |
+		uint64(x[9])<<21 |
+		uint64(x[10])<<29 |
+		uint64(x[11])<<37 |
+		uint64(x[12]&63)<<45
+
+	r[2] = uint64(x[12])>>6 |
+		uint64(x[13])<<2 |
+		uint64(x[14])<<10 |
+		uint64(x[15])<<18 |
+		uint64(x[16])<<26 |
+		uint64(x[17])<<34 |
+		uint64(x[18])<<42 |
+		uint64(x[19]&1)<<50
+
+	r[3] = uint64(x[19])>>1 |
+		uint64(x[20])<<7 |
+		uint64(x[21])<<15 |
+		uint64(x[22])<<23 |
+		uint64(x[23])<<31 |
+		uint64(x[24])<<39 |
+		uint64(x[25]&15)<<47
+
+	r[4] = uint64(x[25])>>4 |
+		uint64(x[26])<<4 |
+		uint64(x[27])<<12 |
+		uint64(x[28])<<20 |
+		uint64(x[29])<<28 |
+		uint64(x[30])<<36 |
+		uint64(x[31]&127)<<44
+}
+
+// pack sets out = x where out is the usual, little-endian form of the 5,
+// 51-bit limbs in x.
+func pack(out *[32]byte, x *[5]uint64) {
+	t := *x
+	freeze(&t)
+
+	out[0] = byte(t[0])
+	out[1] = byte(t[0] >> 8)
+	out[2] = byte(t[0] >> 16)
+	out[3] = byte(t[0] >> 24)
+	out[4] = byte(t[0] >> 32)
+	out[5] = byte(t[0] >> 40)
+	out[6] = byte(t[0] >> 48)
+
+	out[6] ^= byte(t[1]<<3) & 0xf8
+	out[7] = byte(t[1] >> 5)
+	out[8] = byte(t[1] >> 13)
+	out[9] = byte(t[1] >> 21)
+	out[10] = byte(t[1] >> 29)
+	out[11] = byte(t[1] >> 37)
+	out[12] = byte(t[1] >> 45)
+
+	out[12] ^= byte(t[2]<<6) & 0xc0
+	out[13] = byte(t[2] >> 2)
+	out[14] = byte(t[2] >> 10)
+	out[15] = byte(t[2] >> 18)
+	out[16] = byte(t[2] >> 26)
+	out[17] = byte(t[2] >> 34)
+	out[18] = byte(t[2] >> 42)
+	out[19] = byte(t[2] >> 50)
+
+	out[19] ^= byte(t[3]<<1) & 0xfe
+	out[20] = byte(t[3] >> 7)
+	out[21] = byte(t[3] >> 15)
+	out[22] = byte(t[3] >> 23)
+	out[23] = byte(t[3] >> 31)
+	out[24] = byte(t[3] >> 39)
+	out[25] = byte(t[3] >> 47)
+
+	out[25] ^= byte(t[4]<<4) & 0xf0
+	out[26] = byte(t[4] >> 4)
+	out[27] = byte(t[4] >> 12)
+	out[28] = byte(t[4] >> 20)
+	out[29] = byte(t[4] >> 28)
+	out[30] = byte(t[4] >> 36)
+	out[31] = byte(t[4] >> 44)
+}
+
+// invert calculates r = x^-1 mod p using Fermat's little theorem.
+func invert(r *[5]uint64, x *[5]uint64) {
+	var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t [5]uint64
+
+	square(&z2, x)        /* 2 */
+	square(&t, &z2)       /* 4 */
+	square(&t, &t)        /* 8 */
+	mul(&z9, &t, x)       /* 9 */
+	mul(&z11, &z9, &z2)   /* 11 */
+	square(&t, &z11)      /* 22 */
+	mul(&z2_5_0, &t, &z9) /* 2^5 - 2^0 = 31 */
+
+	square(&t, &z2_5_0)      /* 2^6 - 2^1 */
+	for i := 1; i < 5; i++ { /* 2^20 - 2^10 */
+		square(&t, &t)
+	}
+	mul(&z2_10_0, &t, &z2_5_0) /* 2^10 - 2^0 */
+
+	square(&t, &z2_10_0)      /* 2^11 - 2^1 */
+	for i := 1; i < 10; i++ { /* 2^20 - 2^10 */
+		square(&t, &t)
+	}
+	mul(&z2_20_0, &t, &z2_10_0) /* 2^20 - 2^0 */
+
+	square(&t, &z2_20_0)      /* 2^21 - 2^1 */
+	for i := 1; i < 20; i++ { /* 2^40 - 2^20 */
+		square(&t, &t)
+	}
+	mul(&t, &t, &z2_20_0) /* 2^40 - 2^0 */
+
+	square(&t, &t)            /* 2^41 - 2^1 */
+	for i := 1; i < 10; i++ { /* 2^50 - 2^10 */
+		square(&t, &t)
+	}
+	mul(&z2_50_0, &t, &z2_10_0) /* 2^50 - 2^0 */
+
+	square(&t, &z2_50_0)      /* 2^51 - 2^1 */
+	for i := 1; i < 50; i++ { /* 2^100 - 2^50 */
+		square(&t, &t)
+	}
+	mul(&z2_100_0, &t, &z2_50_0) /* 2^100 - 2^0 */
+
+	square(&t, &z2_100_0)      /* 2^101 - 2^1 */
+	for i := 1; i < 100; i++ { /* 2^200 - 2^100 */
+		square(&t, &t)
+	}
+	mul(&t, &t, &z2_100_0) /* 2^200 - 2^0 */
+
+	square(&t, &t)            /* 2^201 - 2^1 */
+	for i := 1; i < 50; i++ { /* 2^250 - 2^50 */
+		square(&t, &t)
+	}
+	mul(&t, &t, &z2_50_0) /* 2^250 - 2^0 */
+
+	square(&t, &t) /* 2^251 - 2^1 */
+	square(&t, &t) /* 2^252 - 2^2 */
+	square(&t, &t) /* 2^253 - 2^3 */
+
+	square(&t, &t) /* 2^254 - 2^4 */
+
+	square(&t, &t)   /* 2^255 - 2^5 */
+	mul(r, &t, &z11) /* 2^255 - 21 */
+}
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
new file mode 100644
index 0000000000000..6c533809266b1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
@@ -0,0 +1,1793 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This code was translated into a form compatible with 6a from the public
+// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
+
+// +build amd64,gc,!purego
+
+#define REDMASK51     0x0007FFFFFFFFFFFF
+
+// These constants cannot be encoded in non-MOVQ immediates.
+// We access them directly from memory instead.
+
+DATA ·_121666_213(SB)/8, $996687872
+GLOBL ·_121666_213(SB), 8, $8
+
+DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
+GLOBL ·_2P0(SB), 8, $8
+
+DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
+GLOBL ·_2P1234(SB), 8, $8
+
+// func freeze(inout *[5]uint64)
+TEXT ·freeze(SB),7,$0-8
+	MOVQ inout+0(FP), DI
+
+	MOVQ 0(DI),SI
+	MOVQ 8(DI),DX
+	MOVQ 16(DI),CX
+	MOVQ 24(DI),R8
+	MOVQ 32(DI),R9
+	MOVQ $REDMASK51,AX
+	MOVQ AX,R10
+	SUBQ $18,R10
+	MOVQ $3,R11
+REDUCELOOP:
+	MOVQ SI,R12
+	SHRQ $51,R12
+	ANDQ AX,SI
+	ADDQ R12,DX
+	MOVQ DX,R12
+	SHRQ $51,R12
+	ANDQ AX,DX
+	ADDQ R12,CX
+	MOVQ CX,R12
+	SHRQ $51,R12
+	ANDQ AX,CX
+	ADDQ R12,R8
+	MOVQ R8,R12
+	SHRQ $51,R12
+	ANDQ AX,R8
+	ADDQ R12,R9
+	MOVQ R9,R12
+	SHRQ $51,R12
+	ANDQ AX,R9
+	IMUL3Q $19,R12,R12
+	ADDQ R12,SI
+	SUBQ $1,R11
+	JA REDUCELOOP
+	MOVQ $1,R12
+	CMPQ R10,SI
+	CMOVQLT R11,R12
+	CMPQ AX,DX
+	CMOVQNE R11,R12
+	CMPQ AX,CX
+	CMOVQNE R11,R12
+	CMPQ AX,R8
+	CMOVQNE R11,R12
+	CMPQ AX,R9
+	CMOVQNE R11,R12
+	NEGQ R12
+	ANDQ R12,AX
+	ANDQ R12,R10
+	SUBQ R10,SI
+	SUBQ AX,DX
+	SUBQ AX,CX
+	SUBQ AX,R8
+	SUBQ AX,R9
+	MOVQ SI,0(DI)
+	MOVQ DX,8(DI)
+	MOVQ CX,16(DI)
+	MOVQ R8,24(DI)
+	MOVQ R9,32(DI)
+	RET
+
+// func ladderstep(inout *[5][5]uint64)
+TEXT ·ladderstep(SB),0,$296-8
+	MOVQ inout+0(FP),DI
+
+	MOVQ 40(DI),SI
+	MOVQ 48(DI),DX
+	MOVQ 56(DI),CX
+	MOVQ 64(DI),R8
+	MOVQ 72(DI),R9
+	MOVQ SI,AX
+	MOVQ DX,R10
+	MOVQ CX,R11
+	MOVQ R8,R12
+	MOVQ R9,R13
+	ADDQ ·_2P0(SB),AX
+	ADDQ ·_2P1234(SB),R10
+	ADDQ ·_2P1234(SB),R11
+	ADDQ ·_2P1234(SB),R12
+	ADDQ ·_2P1234(SB),R13
+	ADDQ 80(DI),SI
+	ADDQ 88(DI),DX
+	ADDQ 96(DI),CX
+	ADDQ 104(DI),R8
+	ADDQ 112(DI),R9
+	SUBQ 80(DI),AX
+	SUBQ 88(DI),R10
+	SUBQ 96(DI),R11
+	SUBQ 104(DI),R12
+	SUBQ 112(DI),R13
+	MOVQ SI,0(SP)
+	MOVQ DX,8(SP)
+	MOVQ CX,16(SP)
+	MOVQ R8,24(SP)
+	MOVQ R9,32(SP)
+	MOVQ AX,40(SP)
+	MOVQ R10,48(SP)
+	MOVQ R11,56(SP)
+	MOVQ R12,64(SP)
+	MOVQ R13,72(SP)
+	MOVQ 40(SP),AX
+	MULQ 40(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 40(SP),AX
+	SHLQ $1,AX
+	MULQ 48(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 40(SP),AX
+	SHLQ $1,AX
+	MULQ 56(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 40(SP),AX
+	SHLQ $1,AX
+	MULQ 64(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 40(SP),AX
+	SHLQ $1,AX
+	MULQ 72(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 48(SP),AX
+	MULQ 48(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 48(SP),AX
+	SHLQ $1,AX
+	MULQ 56(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 48(SP),AX
+	SHLQ $1,AX
+	MULQ 64(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 48(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 56(SP),AX
+	MULQ 56(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 56(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 64(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 56(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 64(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 64(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 64(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 72(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	ANDQ DX,SI
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ADDQ R10,CX
+	ANDQ DX,R8
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ADDQ R12,CX
+	ANDQ DX,R9
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ADDQ R14,CX
+	ANDQ DX,AX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,80(SP)
+	MOVQ R8,88(SP)
+	MOVQ R9,96(SP)
+	MOVQ AX,104(SP)
+	MOVQ R10,112(SP)
+	MOVQ 0(SP),AX
+	MULQ 0(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 0(SP),AX
+	SHLQ $1,AX
+	MULQ 8(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 0(SP),AX
+	SHLQ $1,AX
+	MULQ 16(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 0(SP),AX
+	SHLQ $1,AX
+	MULQ 24(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 0(SP),AX
+	SHLQ $1,AX
+	MULQ 32(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 8(SP),AX
+	MULQ 8(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	SHLQ $1,AX
+	MULQ 16(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 8(SP),AX
+	SHLQ $1,AX
+	MULQ 24(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 16(SP),AX
+	MULQ 16(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 16(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 24(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 16(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 24(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 24(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 32(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	ANDQ DX,SI
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ADDQ R10,CX
+	ANDQ DX,R8
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ADDQ R12,CX
+	ANDQ DX,R9
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ADDQ R14,CX
+	ANDQ DX,AX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,120(SP)
+	MOVQ R8,128(SP)
+	MOVQ R9,136(SP)
+	MOVQ AX,144(SP)
+	MOVQ R10,152(SP)
+	MOVQ SI,SI
+	MOVQ R8,DX
+	MOVQ R9,CX
+	MOVQ AX,R8
+	MOVQ R10,R9
+	ADDQ ·_2P0(SB),SI
+	ADDQ ·_2P1234(SB),DX
+	ADDQ ·_2P1234(SB),CX
+	ADDQ ·_2P1234(SB),R8
+	ADDQ ·_2P1234(SB),R9
+	SUBQ 80(SP),SI
+	SUBQ 88(SP),DX
+	SUBQ 96(SP),CX
+	SUBQ 104(SP),R8
+	SUBQ 112(SP),R9
+	MOVQ SI,160(SP)
+	MOVQ DX,168(SP)
+	MOVQ CX,176(SP)
+	MOVQ R8,184(SP)
+	MOVQ R9,192(SP)
+	MOVQ 120(DI),SI
+	MOVQ 128(DI),DX
+	MOVQ 136(DI),CX
+	MOVQ 144(DI),R8
+	MOVQ 152(DI),R9
+	MOVQ SI,AX
+	MOVQ DX,R10
+	MOVQ CX,R11
+	MOVQ R8,R12
+	MOVQ R9,R13
+	ADDQ ·_2P0(SB),AX
+	ADDQ ·_2P1234(SB),R10
+	ADDQ ·_2P1234(SB),R11
+	ADDQ ·_2P1234(SB),R12
+	ADDQ ·_2P1234(SB),R13
+	ADDQ 160(DI),SI
+	ADDQ 168(DI),DX
+	ADDQ 176(DI),CX
+	ADDQ 184(DI),R8
+	ADDQ 192(DI),R9
+	SUBQ 160(DI),AX
+	SUBQ 168(DI),R10
+	SUBQ 176(DI),R11
+	SUBQ 184(DI),R12
+	SUBQ 192(DI),R13
+	MOVQ SI,200(SP)
+	MOVQ DX,208(SP)
+	MOVQ CX,216(SP)
+	MOVQ R8,224(SP)
+	MOVQ R9,232(SP)
+	MOVQ AX,240(SP)
+	MOVQ R10,248(SP)
+	MOVQ R11,256(SP)
+	MOVQ R12,264(SP)
+	MOVQ R13,272(SP)
+	MOVQ 224(SP),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,280(SP)
+	MULQ 56(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 232(SP),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,288(SP)
+	MULQ 48(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 200(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 200(SP),AX
+	MULQ 48(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 200(SP),AX
+	MULQ 56(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 200(SP),AX
+	MULQ 64(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 200(SP),AX
+	MULQ 72(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 208(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 208(SP),AX
+	MULQ 48(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 208(SP),AX
+	MULQ 56(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 208(SP),AX
+	MULQ 64(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 208(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 216(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 216(SP),AX
+	MULQ 48(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 216(SP),AX
+	MULQ 56(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 216(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 64(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 216(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 224(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 224(SP),AX
+	MULQ 48(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 280(SP),AX
+	MULQ 64(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 280(SP),AX
+	MULQ 72(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 232(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 288(SP),AX
+	MULQ 56(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 288(SP),AX
+	MULQ 64(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 288(SP),AX
+	MULQ 72(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,40(SP)
+	MOVQ R8,48(SP)
+	MOVQ R9,56(SP)
+	MOVQ AX,64(SP)
+	MOVQ R10,72(SP)
+	MOVQ 264(SP),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,200(SP)
+	MULQ 16(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 272(SP),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,208(SP)
+	MULQ 8(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 240(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 240(SP),AX
+	MULQ 8(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 240(SP),AX
+	MULQ 16(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 240(SP),AX
+	MULQ 24(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 240(SP),AX
+	MULQ 32(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 248(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 248(SP),AX
+	MULQ 8(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 248(SP),AX
+	MULQ 16(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 248(SP),AX
+	MULQ 24(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 248(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 256(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 256(SP),AX
+	MULQ 8(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 256(SP),AX
+	MULQ 16(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 256(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 256(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 264(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 264(SP),AX
+	MULQ 8(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 200(SP),AX
+	MULQ 24(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 200(SP),AX
+	MULQ 32(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 272(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 208(SP),AX
+	MULQ 16(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 208(SP),AX
+	MULQ 24(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 208(SP),AX
+	MULQ 32(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,DX
+	MOVQ R8,CX
+	MOVQ R9,R11
+	MOVQ AX,R12
+	MOVQ R10,R13
+	ADDQ ·_2P0(SB),DX
+	ADDQ ·_2P1234(SB),CX
+	ADDQ ·_2P1234(SB),R11
+	ADDQ ·_2P1234(SB),R12
+	ADDQ ·_2P1234(SB),R13
+	ADDQ 40(SP),SI
+	ADDQ 48(SP),R8
+	ADDQ 56(SP),R9
+	ADDQ 64(SP),AX
+	ADDQ 72(SP),R10
+	SUBQ 40(SP),DX
+	SUBQ 48(SP),CX
+	SUBQ 56(SP),R11
+	SUBQ 64(SP),R12
+	SUBQ 72(SP),R13
+	MOVQ SI,120(DI)
+	MOVQ R8,128(DI)
+	MOVQ R9,136(DI)
+	MOVQ AX,144(DI)
+	MOVQ R10,152(DI)
+	MOVQ DX,160(DI)
+	MOVQ CX,168(DI)
+	MOVQ R11,176(DI)
+	MOVQ R12,184(DI)
+	MOVQ R13,192(DI)
+	MOVQ 120(DI),AX
+	MULQ 120(DI)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 120(DI),AX
+	SHLQ $1,AX
+	MULQ 128(DI)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 120(DI),AX
+	SHLQ $1,AX
+	MULQ 136(DI)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 120(DI),AX
+	SHLQ $1,AX
+	MULQ 144(DI)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 120(DI),AX
+	SHLQ $1,AX
+	MULQ 152(DI)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 128(DI),AX
+	MULQ 128(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 128(DI),AX
+	SHLQ $1,AX
+	MULQ 136(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 128(DI),AX
+	SHLQ $1,AX
+	MULQ 144(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 128(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 152(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 136(DI),AX
+	MULQ 136(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 136(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 144(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 136(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 152(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 144(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 144(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 144(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 152(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 152(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 152(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	ANDQ DX,SI
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ADDQ R10,CX
+	ANDQ DX,R8
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ADDQ R12,CX
+	ANDQ DX,R9
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ADDQ R14,CX
+	ANDQ DX,AX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,120(DI)
+	MOVQ R8,128(DI)
+	MOVQ R9,136(DI)
+	MOVQ AX,144(DI)
+	MOVQ R10,152(DI)
+	MOVQ 160(DI),AX
+	MULQ 160(DI)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 160(DI),AX
+	SHLQ $1,AX
+	MULQ 168(DI)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 160(DI),AX
+	SHLQ $1,AX
+	MULQ 176(DI)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 160(DI),AX
+	SHLQ $1,AX
+	MULQ 184(DI)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 160(DI),AX
+	SHLQ $1,AX
+	MULQ 192(DI)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 168(DI),AX
+	MULQ 168(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 168(DI),AX
+	SHLQ $1,AX
+	MULQ 176(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 168(DI),AX
+	SHLQ $1,AX
+	MULQ 184(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 168(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 192(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 176(DI),AX
+	MULQ 176(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 176(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 184(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 176(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 192(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 184(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 184(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 184(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 192(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 192(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 192(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	ANDQ DX,SI
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ADDQ R10,CX
+	ANDQ DX,R8
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ADDQ R12,CX
+	ANDQ DX,R9
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ADDQ R14,CX
+	ANDQ DX,AX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,160(DI)
+	MOVQ R8,168(DI)
+	MOVQ R9,176(DI)
+	MOVQ AX,184(DI)
+	MOVQ R10,192(DI)
+	MOVQ 184(DI),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,0(SP)
+	MULQ 16(DI)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 192(DI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 8(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 160(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 160(DI),AX
+	MULQ 8(DI)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 160(DI),AX
+	MULQ 16(DI)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 160(DI),AX
+	MULQ 24(DI)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 160(DI),AX
+	MULQ 32(DI)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 168(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 168(DI),AX
+	MULQ 8(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 168(DI),AX
+	MULQ 16(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 168(DI),AX
+	MULQ 24(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 168(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 176(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 176(DI),AX
+	MULQ 8(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 176(DI),AX
+	MULQ 16(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 176(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 176(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 184(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 184(DI),AX
+	MULQ 8(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 0(SP),AX
+	MULQ 24(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SP),AX
+	MULQ 32(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 192(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SP),AX
+	MULQ 16(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 8(SP),AX
+	MULQ 24(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 32(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,160(DI)
+	MOVQ R8,168(DI)
+	MOVQ R9,176(DI)
+	MOVQ AX,184(DI)
+	MOVQ R10,192(DI)
+	MOVQ 144(SP),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,0(SP)
+	MULQ 96(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 152(SP),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 88(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 120(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 120(SP),AX
+	MULQ 88(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 120(SP),AX
+	MULQ 96(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 120(SP),AX
+	MULQ 104(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 120(SP),AX
+	MULQ 112(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 128(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 128(SP),AX
+	MULQ 88(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 128(SP),AX
+	MULQ 96(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 128(SP),AX
+	MULQ 104(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 128(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 112(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 136(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 136(SP),AX
+	MULQ 88(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 136(SP),AX
+	MULQ 96(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 136(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 104(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 136(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 112(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 144(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 144(SP),AX
+	MULQ 88(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 0(SP),AX
+	MULQ 104(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SP),AX
+	MULQ 112(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 152(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SP),AX
+	MULQ 96(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 8(SP),AX
+	MULQ 104(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 112(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,40(DI)
+	MOVQ R8,48(DI)
+	MOVQ R9,56(DI)
+	MOVQ AX,64(DI)
+	MOVQ R10,72(DI)
+	MOVQ 160(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 168(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	ADDQ AX,CX
+	MOVQ DX,R8
+	MOVQ 176(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	ADDQ AX,R8
+	MOVQ DX,R9
+	MOVQ 184(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	ADDQ AX,R9
+	MOVQ DX,R10
+	MOVQ 192(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	ADDQ AX,R10
+	IMUL3Q $19,DX,DX
+	ADDQ DX,SI
+	ADDQ 80(SP),SI
+	ADDQ 88(SP),CX
+	ADDQ 96(SP),R8
+	ADDQ 104(SP),R9
+	ADDQ 112(SP),R10
+	MOVQ SI,80(DI)
+	MOVQ CX,88(DI)
+	MOVQ R8,96(DI)
+	MOVQ R9,104(DI)
+	MOVQ R10,112(DI)
+	MOVQ 104(DI),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,0(SP)
+	MULQ 176(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 112(DI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 168(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 80(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 80(DI),AX
+	MULQ 168(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 80(DI),AX
+	MULQ 176(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 80(DI),AX
+	MULQ 184(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 80(DI),AX
+	MULQ 192(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 88(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 88(DI),AX
+	MULQ 168(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 88(DI),AX
+	MULQ 176(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 88(DI),AX
+	MULQ 184(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 88(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 192(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 96(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 96(DI),AX
+	MULQ 168(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 96(DI),AX
+	MULQ 176(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 96(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 184(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 96(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 192(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 104(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 104(DI),AX
+	MULQ 168(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 0(SP),AX
+	MULQ 184(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SP),AX
+	MULQ 192(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 112(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SP),AX
+	MULQ 176(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 8(SP),AX
+	MULQ 184(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 192(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,80(DI)
+	MOVQ R8,88(DI)
+	MOVQ R9,96(DI)
+	MOVQ AX,104(DI)
+	MOVQ R10,112(DI)
+	RET
+
+// func cswap(inout *[4][5]uint64, v uint64)
+TEXT ·cswap(SB),7,$0
+	MOVQ inout+0(FP),DI
+	MOVQ v+8(FP),SI
+
+	SUBQ $1, SI
+	NOTQ SI
+	MOVQ SI, X15
+	PSHUFD $0x44, X15, X15
+
+	MOVOU 0(DI), X0
+	MOVOU 16(DI), X2
+	MOVOU 32(DI), X4
+	MOVOU 48(DI), X6
+	MOVOU 64(DI), X8
+	MOVOU 80(DI), X1
+	MOVOU 96(DI), X3
+	MOVOU 112(DI), X5
+	MOVOU 128(DI), X7
+	MOVOU 144(DI), X9
+
+	MOVO X1, X10
+	MOVO X3, X11
+	MOVO X5, X12
+	MOVO X7, X13
+	MOVO X9, X14
+
+	PXOR X0, X10
+	PXOR X2, X11
+	PXOR X4, X12
+	PXOR X6, X13
+	PXOR X8, X14
+	PAND X15, X10
+	PAND X15, X11
+	PAND X15, X12
+	PAND X15, X13
+	PAND X15, X14
+	PXOR X10, X0
+	PXOR X10, X1
+	PXOR X11, X2
+	PXOR X11, X3
+	PXOR X12, X4
+	PXOR X12, X5
+	PXOR X13, X6
+	PXOR X13, X7
+	PXOR X14, X8
+	PXOR X14, X9
+
+	MOVOU X0, 0(DI)
+	MOVOU X2, 16(DI)
+	MOVOU X4, 32(DI)
+	MOVOU X6, 48(DI)
+	MOVOU X8, 64(DI)
+	MOVOU X1, 80(DI)
+	MOVOU X3, 96(DI)
+	MOVOU X5, 112(DI)
+	MOVOU X7, 128(DI)
+	MOVOU X9, 144(DI)
+	RET
+
+// func mul(dest, a, b *[5]uint64)
+TEXT ·mul(SB),0,$16-24
+	MOVQ dest+0(FP), DI
+	MOVQ a+8(FP), SI
+	MOVQ b+16(FP), DX
+
+	MOVQ DX,CX
+	MOVQ 24(SI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,0(SP)
+	MULQ 16(CX)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 32(SI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 8(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SI),AX
+	MULQ 8(CX)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 0(SI),AX
+	MULQ 16(CX)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 0(SI),AX
+	MULQ 24(CX)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 0(SI),AX
+	MULQ 32(CX)
+	MOVQ AX,BX
+	MOVQ DX,BP
+	MOVQ 8(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 8(SI),AX
+	MULQ 16(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SI),AX
+	MULQ 24(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 8(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 16(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 16(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 16(SI),AX
+	MULQ 16(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 16(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 16(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 24(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 24(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 0(SP),AX
+	MULQ 24(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 0(SP),AX
+	MULQ 32(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 32(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 8(SP),AX
+	MULQ 16(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 24(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 8(SP),AX
+	MULQ 32(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ $REDMASK51,SI
+	SHLQ $13,R8,R9
+	ANDQ SI,R8
+	SHLQ $13,R10,R11
+	ANDQ SI,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ SI,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ SI,R14
+	ADDQ R13,R14
+	SHLQ $13,BX,BP
+	ANDQ SI,BX
+	ADDQ R15,BX
+	IMUL3Q $19,BP,DX
+	ADDQ DX,R8
+	MOVQ R8,DX
+	SHRQ $51,DX
+	ADDQ R10,DX
+	MOVQ DX,CX
+	SHRQ $51,DX
+	ANDQ SI,R8
+	ADDQ R12,DX
+	MOVQ DX,R9
+	SHRQ $51,DX
+	ANDQ SI,CX
+	ADDQ R14,DX
+	MOVQ DX,AX
+	SHRQ $51,DX
+	ANDQ SI,R9
+	ADDQ BX,DX
+	MOVQ DX,R10
+	SHRQ $51,DX
+	ANDQ SI,AX
+	IMUL3Q $19,DX,DX
+	ADDQ DX,R8
+	ANDQ SI,R10
+	MOVQ R8,0(DI)
+	MOVQ CX,8(DI)
+	MOVQ R9,16(DI)
+	MOVQ AX,24(DI)
+	MOVQ R10,32(DI)
+	RET
+
+// func square(out, in *[5]uint64)
+TEXT ·square(SB),7,$0-16
+	MOVQ out+0(FP), DI
+	MOVQ in+8(FP), SI
+
+	MOVQ 0(SI),AX
+	MULQ 0(SI)
+	MOVQ AX,CX
+	MOVQ DX,R8
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 8(SI)
+	MOVQ AX,R9
+	MOVQ DX,R10
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 16(SI)
+	MOVQ AX,R11
+	MOVQ DX,R12
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 24(SI)
+	MOVQ AX,R13
+	MOVQ DX,R14
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 32(SI)
+	MOVQ AX,R15
+	MOVQ DX,BX
+	MOVQ 8(SI),AX
+	MULQ 8(SI)
+	ADDQ AX,R11
+	ADCQ DX,R12
+	MOVQ 8(SI),AX
+	SHLQ $1,AX
+	MULQ 16(SI)
+	ADDQ AX,R13
+	ADCQ DX,R14
+	MOVQ 8(SI),AX
+	SHLQ $1,AX
+	MULQ 24(SI)
+	ADDQ AX,R15
+	ADCQ DX,BX
+	MOVQ 8(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,CX
+	ADCQ DX,R8
+	MOVQ 16(SI),AX
+	MULQ 16(SI)
+	ADDQ AX,R15
+	ADCQ DX,BX
+	MOVQ 16(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 24(SI)
+	ADDQ AX,CX
+	ADCQ DX,R8
+	MOVQ 16(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R9
+	ADCQ DX,R10
+	MOVQ 24(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(SI)
+	ADDQ AX,R9
+	ADCQ DX,R10
+	MOVQ 24(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R11
+	ADCQ DX,R12
+	MOVQ 32(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R13
+	ADCQ DX,R14
+	MOVQ $REDMASK51,SI
+	SHLQ $13,CX,R8
+	ANDQ SI,CX
+	SHLQ $13,R9,R10
+	ANDQ SI,R9
+	ADDQ R8,R9
+	SHLQ $13,R11,R12
+	ANDQ SI,R11
+	ADDQ R10,R11
+	SHLQ $13,R13,R14
+	ANDQ SI,R13
+	ADDQ R12,R13
+	SHLQ $13,R15,BX
+	ANDQ SI,R15
+	ADDQ R14,R15
+	IMUL3Q $19,BX,DX
+	ADDQ DX,CX
+	MOVQ CX,DX
+	SHRQ $51,DX
+	ADDQ R9,DX
+	ANDQ SI,CX
+	MOVQ DX,R8
+	SHRQ $51,DX
+	ADDQ R11,DX
+	ANDQ SI,R8
+	MOVQ DX,R9
+	SHRQ $51,DX
+	ADDQ R13,DX
+	ANDQ SI,R9
+	MOVQ DX,AX
+	SHRQ $51,DX
+	ADDQ R15,DX
+	ANDQ SI,AX
+	MOVQ DX,R10
+	SHRQ $51,DX
+	IMUL3Q $19,DX,DX
+	ADDQ DX,CX
+	ANDQ SI,R10
+	MOVQ CX,0(DI)
+	MOVQ R8,8(DI)
+	MOVQ R9,16(DI)
+	MOVQ AX,24(DI)
+	MOVQ R10,32(DI)
+	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go b/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
new file mode 100644
index 0000000000000..c43b13fc83e70
--- /dev/null
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
@@ -0,0 +1,828 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package curve25519
+
+import "encoding/binary"
+
+// This code is a port of the public domain, "ref10" implementation of
+// curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
+
+// fieldElement represents an element of the field GF(2^255 - 19). An element
+// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
+// context.
+type fieldElement [10]int32
+
+func feZero(fe *fieldElement) {
+	for i := range fe {
+		fe[i] = 0
+	}
+}
+
+func feOne(fe *fieldElement) {
+	feZero(fe)
+	fe[0] = 1
+}
+
+func feAdd(dst, a, b *fieldElement) {
+	for i := range dst {
+		dst[i] = a[i] + b[i]
+	}
+}
+
+func feSub(dst, a, b *fieldElement) {
+	for i := range dst {
+		dst[i] = a[i] - b[i]
+	}
+}
+
+func feCopy(dst, src *fieldElement) {
+	for i := range dst {
+		dst[i] = src[i]
+	}
+}
+
+// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
+//
+// Preconditions: b in {0,1}.
+func feCSwap(f, g *fieldElement, b int32) {
+	b = -b
+	for i := range f {
+		t := b & (f[i] ^ g[i])
+		f[i] ^= t
+		g[i] ^= t
+	}
+}
+
+// load3 reads a 24-bit, little-endian value from in.
+func load3(in []byte) int64 {
+	var r int64
+	r = int64(in[0])
+	r |= int64(in[1]) << 8
+	r |= int64(in[2]) << 16
+	return r
+}
+
+// load4 reads a 32-bit, little-endian value from in.
+func load4(in []byte) int64 {
+	return int64(binary.LittleEndian.Uint32(in))
+}
+
+func feFromBytes(dst *fieldElement, src *[32]byte) {
+	h0 := load4(src[:])
+	h1 := load3(src[4:]) << 6
+	h2 := load3(src[7:]) << 5
+	h3 := load3(src[10:]) << 3
+	h4 := load3(src[13:]) << 2
+	h5 := load4(src[16:])
+	h6 := load3(src[20:]) << 7
+	h7 := load3(src[23:]) << 5
+	h8 := load3(src[26:]) << 4
+	h9 := (load3(src[29:]) & 0x7fffff) << 2
+
+	var carry [10]int64
+	carry[9] = (h9 + 1<<24) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	carry[1] = (h1 + 1<<24) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[3] = (h3 + 1<<24) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[5] = (h5 + 1<<24) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	carry[7] = (h7 + 1<<24) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[0] = (h0 + 1<<25) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[2] = (h2 + 1<<25) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[4] = (h4 + 1<<25) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[6] = (h6 + 1<<25) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	carry[8] = (h8 + 1<<25) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	dst[0] = int32(h0)
+	dst[1] = int32(h1)
+	dst[2] = int32(h2)
+	dst[3] = int32(h3)
+	dst[4] = int32(h4)
+	dst[5] = int32(h5)
+	dst[6] = int32(h6)
+	dst[7] = int32(h7)
+	dst[8] = int32(h8)
+	dst[9] = int32(h9)
+}
+
+// feToBytes marshals h to s.
+// Preconditions:
+//   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+//
+// Write p=2^255-19; q=floor(h/p).
+// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+//
+// Proof:
+//   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+//   Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
+//
+//   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+//   Then 0<y<1.
+//
+//   Write r=h-pq.
+//   Have 0<=r<=p-1=2^255-20.
+//   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+//
+//   Write x=r+19(2^-255)r+y.
+//   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+//
+//   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+//   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+func feToBytes(s *[32]byte, h *fieldElement) {
+	var carry [10]int32
+
+	q := (19*h[9] + (1 << 24)) >> 25
+	q = (h[0] + q) >> 26
+	q = (h[1] + q) >> 25
+	q = (h[2] + q) >> 26
+	q = (h[3] + q) >> 25
+	q = (h[4] + q) >> 26
+	q = (h[5] + q) >> 25
+	q = (h[6] + q) >> 26
+	q = (h[7] + q) >> 25
+	q = (h[8] + q) >> 26
+	q = (h[9] + q) >> 25
+
+	// Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
+	h[0] += 19 * q
+	// Goal: Output h-2^255 q, which is between 0 and 2^255-20.
+
+	carry[0] = h[0] >> 26
+	h[1] += carry[0]
+	h[0] -= carry[0] << 26
+	carry[1] = h[1] >> 25
+	h[2] += carry[1]
+	h[1] -= carry[1] << 25
+	carry[2] = h[2] >> 26
+	h[3] += carry[2]
+	h[2] -= carry[2] << 26
+	carry[3] = h[3] >> 25
+	h[4] += carry[3]
+	h[3] -= carry[3] << 25
+	carry[4] = h[4] >> 26
+	h[5] += carry[4]
+	h[4] -= carry[4] << 26
+	carry[5] = h[5] >> 25
+	h[6] += carry[5]
+	h[5] -= carry[5] << 25
+	carry[6] = h[6] >> 26
+	h[7] += carry[6]
+	h[6] -= carry[6] << 26
+	carry[7] = h[7] >> 25
+	h[8] += carry[7]
+	h[7] -= carry[7] << 25
+	carry[8] = h[8] >> 26
+	h[9] += carry[8]
+	h[8] -= carry[8] << 26
+	carry[9] = h[9] >> 25
+	h[9] -= carry[9] << 25
+	// h10 = carry9
+
+	// Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+	// Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
+	// evidently 2^255 h10-2^255 q = 0.
+	// Goal: Output h[0]+...+2^230 h[9].
+
+	s[0] = byte(h[0] >> 0)
+	s[1] = byte(h[0] >> 8)
+	s[2] = byte(h[0] >> 16)
+	s[3] = byte((h[0] >> 24) | (h[1] << 2))
+	s[4] = byte(h[1] >> 6)
+	s[5] = byte(h[1] >> 14)
+	s[6] = byte((h[1] >> 22) | (h[2] << 3))
+	s[7] = byte(h[2] >> 5)
+	s[8] = byte(h[2] >> 13)
+	s[9] = byte((h[2] >> 21) | (h[3] << 5))
+	s[10] = byte(h[3] >> 3)
+	s[11] = byte(h[3] >> 11)
+	s[12] = byte((h[3] >> 19) | (h[4] << 6))
+	s[13] = byte(h[4] >> 2)
+	s[14] = byte(h[4] >> 10)
+	s[15] = byte(h[4] >> 18)
+	s[16] = byte(h[5] >> 0)
+	s[17] = byte(h[5] >> 8)
+	s[18] = byte(h[5] >> 16)
+	s[19] = byte((h[5] >> 24) | (h[6] << 1))
+	s[20] = byte(h[6] >> 7)
+	s[21] = byte(h[6] >> 15)
+	s[22] = byte((h[6] >> 23) | (h[7] << 3))
+	s[23] = byte(h[7] >> 5)
+	s[24] = byte(h[7] >> 13)
+	s[25] = byte((h[7] >> 21) | (h[8] << 4))
+	s[26] = byte(h[8] >> 4)
+	s[27] = byte(h[8] >> 12)
+	s[28] = byte((h[8] >> 20) | (h[9] << 6))
+	s[29] = byte(h[9] >> 2)
+	s[30] = byte(h[9] >> 10)
+	s[31] = byte(h[9] >> 18)
+}
+
+// feMul calculates h = f * g
+// Can overlap h with f or g.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//    |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+//
+// Notes on implementation strategy:
+//
+// Using schoolbook multiplication.
+// Karatsuba would save a little in some cost models.
+//
+// Most multiplications by 2 and 19 are 32-bit precomputations;
+// cheaper than 64-bit postcomputations.
+//
+// There is one remaining multiplication by 19 in the carry chain;
+// one *19 precomputation can be merged into this,
+// but the resulting data flow is considerably less clean.
+//
+// There are 12 carries below.
+// 10 of them are 2-way parallelizable and vectorizable.
+// Can get away with 11 carries, but then data flow is much deeper.
+//
+// With tighter constraints on inputs can squeeze carries into int32.
+func feMul(h, f, g *fieldElement) {
+	f0 := f[0]
+	f1 := f[1]
+	f2 := f[2]
+	f3 := f[3]
+	f4 := f[4]
+	f5 := f[5]
+	f6 := f[6]
+	f7 := f[7]
+	f8 := f[8]
+	f9 := f[9]
+	g0 := g[0]
+	g1 := g[1]
+	g2 := g[2]
+	g3 := g[3]
+	g4 := g[4]
+	g5 := g[5]
+	g6 := g[6]
+	g7 := g[7]
+	g8 := g[8]
+	g9 := g[9]
+	g1_19 := 19 * g1 // 1.4*2^29
+	g2_19 := 19 * g2 // 1.4*2^30; still ok
+	g3_19 := 19 * g3
+	g4_19 := 19 * g4
+	g5_19 := 19 * g5
+	g6_19 := 19 * g6
+	g7_19 := 19 * g7
+	g8_19 := 19 * g8
+	g9_19 := 19 * g9
+	f1_2 := 2 * f1
+	f3_2 := 2 * f3
+	f5_2 := 2 * f5
+	f7_2 := 2 * f7
+	f9_2 := 2 * f9
+	f0g0 := int64(f0) * int64(g0)
+	f0g1 := int64(f0) * int64(g1)
+	f0g2 := int64(f0) * int64(g2)
+	f0g3 := int64(f0) * int64(g3)
+	f0g4 := int64(f0) * int64(g4)
+	f0g5 := int64(f0) * int64(g5)
+	f0g6 := int64(f0) * int64(g6)
+	f0g7 := int64(f0) * int64(g7)
+	f0g8 := int64(f0) * int64(g8)
+	f0g9 := int64(f0) * int64(g9)
+	f1g0 := int64(f1) * int64(g0)
+	f1g1_2 := int64(f1_2) * int64(g1)
+	f1g2 := int64(f1) * int64(g2)
+	f1g3_2 := int64(f1_2) * int64(g3)
+	f1g4 := int64(f1) * int64(g4)
+	f1g5_2 := int64(f1_2) * int64(g5)
+	f1g6 := int64(f1) * int64(g6)
+	f1g7_2 := int64(f1_2) * int64(g7)
+	f1g8 := int64(f1) * int64(g8)
+	f1g9_38 := int64(f1_2) * int64(g9_19)
+	f2g0 := int64(f2) * int64(g0)
+	f2g1 := int64(f2) * int64(g1)
+	f2g2 := int64(f2) * int64(g2)
+	f2g3 := int64(f2) * int64(g3)
+	f2g4 := int64(f2) * int64(g4)
+	f2g5 := int64(f2) * int64(g5)
+	f2g6 := int64(f2) * int64(g6)
+	f2g7 := int64(f2) * int64(g7)
+	f2g8_19 := int64(f2) * int64(g8_19)
+	f2g9_19 := int64(f2) * int64(g9_19)
+	f3g0 := int64(f3) * int64(g0)
+	f3g1_2 := int64(f3_2) * int64(g1)
+	f3g2 := int64(f3) * int64(g2)
+	f3g3_2 := int64(f3_2) * int64(g3)
+	f3g4 := int64(f3) * int64(g4)
+	f3g5_2 := int64(f3_2) * int64(g5)
+	f3g6 := int64(f3) * int64(g6)
+	f3g7_38 := int64(f3_2) * int64(g7_19)
+	f3g8_19 := int64(f3) * int64(g8_19)
+	f3g9_38 := int64(f3_2) * int64(g9_19)
+	f4g0 := int64(f4) * int64(g0)
+	f4g1 := int64(f4) * int64(g1)
+	f4g2 := int64(f4) * int64(g2)
+	f4g3 := int64(f4) * int64(g3)
+	f4g4 := int64(f4) * int64(g4)
+	f4g5 := int64(f4) * int64(g5)
+	f4g6_19 := int64(f4) * int64(g6_19)
+	f4g7_19 := int64(f4) * int64(g7_19)
+	f4g8_19 := int64(f4) * int64(g8_19)
+	f4g9_19 := int64(f4) * int64(g9_19)
+	f5g0 := int64(f5) * int64(g0)
+	f5g1_2 := int64(f5_2) * int64(g1)
+	f5g2 := int64(f5) * int64(g2)
+	f5g3_2 := int64(f5_2) * int64(g3)
+	f5g4 := int64(f5) * int64(g4)
+	f5g5_38 := int64(f5_2) * int64(g5_19)
+	f5g6_19 := int64(f5) * int64(g6_19)
+	f5g7_38 := int64(f5_2) * int64(g7_19)
+	f5g8_19 := int64(f5) * int64(g8_19)
+	f5g9_38 := int64(f5_2) * int64(g9_19)
+	f6g0 := int64(f6) * int64(g0)
+	f6g1 := int64(f6) * int64(g1)
+	f6g2 := int64(f6) * int64(g2)
+	f6g3 := int64(f6) * int64(g3)
+	f6g4_19 := int64(f6) * int64(g4_19)
+	f6g5_19 := int64(f6) * int64(g5_19)
+	f6g6_19 := int64(f6) * int64(g6_19)
+	f6g7_19 := int64(f6) * int64(g7_19)
+	f6g8_19 := int64(f6) * int64(g8_19)
+	f6g9_19 := int64(f6) * int64(g9_19)
+	f7g0 := int64(f7) * int64(g0)
+	f7g1_2 := int64(f7_2) * int64(g1)
+	f7g2 := int64(f7) * int64(g2)
+	f7g3_38 := int64(f7_2) * int64(g3_19)
+	f7g4_19 := int64(f7) * int64(g4_19)
+	f7g5_38 := int64(f7_2) * int64(g5_19)
+	f7g6_19 := int64(f7) * int64(g6_19)
+	f7g7_38 := int64(f7_2) * int64(g7_19)
+	f7g8_19 := int64(f7) * int64(g8_19)
+	f7g9_38 := int64(f7_2) * int64(g9_19)
+	f8g0 := int64(f8) * int64(g0)
+	f8g1 := int64(f8) * int64(g1)
+	f8g2_19 := int64(f8) * int64(g2_19)
+	f8g3_19 := int64(f8) * int64(g3_19)
+	f8g4_19 := int64(f8) * int64(g4_19)
+	f8g5_19 := int64(f8) * int64(g5_19)
+	f8g6_19 := int64(f8) * int64(g6_19)
+	f8g7_19 := int64(f8) * int64(g7_19)
+	f8g8_19 := int64(f8) * int64(g8_19)
+	f8g9_19 := int64(f8) * int64(g9_19)
+	f9g0 := int64(f9) * int64(g0)
+	f9g1_38 := int64(f9_2) * int64(g1_19)
+	f9g2_19 := int64(f9) * int64(g2_19)
+	f9g3_38 := int64(f9_2) * int64(g3_19)
+	f9g4_19 := int64(f9) * int64(g4_19)
+	f9g5_38 := int64(f9_2) * int64(g5_19)
+	f9g6_19 := int64(f9) * int64(g6_19)
+	f9g7_38 := int64(f9_2) * int64(g7_19)
+	f9g8_19 := int64(f9) * int64(g8_19)
+	f9g9_38 := int64(f9_2) * int64(g9_19)
+	h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
+	h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
+	h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
+	h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
+	h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
+	h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
+	h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
+	h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
+	h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
+	h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
+	var carry [10]int64
+
+	// |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
+	//   i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
+	// |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
+	//   i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	// |h0| <= 2^25
+	// |h4| <= 2^25
+	// |h1| <= 1.51*2^58
+	// |h5| <= 1.51*2^58
+
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	// |h1| <= 2^24; from now on fits into int32
+	// |h5| <= 2^24; from now on fits into int32
+	// |h2| <= 1.21*2^59
+	// |h6| <= 1.21*2^59
+
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	// |h2| <= 2^25; from now on fits into int32 unchanged
+	// |h6| <= 2^25; from now on fits into int32 unchanged
+	// |h3| <= 1.51*2^58
+	// |h7| <= 1.51*2^58
+
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+	// |h3| <= 2^24; from now on fits into int32 unchanged
+	// |h7| <= 2^24; from now on fits into int32 unchanged
+	// |h4| <= 1.52*2^33
+	// |h8| <= 1.52*2^33
+
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+	// |h4| <= 2^25; from now on fits into int32 unchanged
+	// |h8| <= 2^25; from now on fits into int32 unchanged
+	// |h5| <= 1.01*2^24
+	// |h9| <= 1.51*2^58
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	// |h9| <= 2^24; from now on fits into int32 unchanged
+	// |h0| <= 1.8*2^37
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	// |h0| <= 2^25; from now on fits into int32 unchanged
+	// |h1| <= 1.01*2^24
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feSquare calculates h = f*f. Can overlap h with f.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+func feSquare(h, f *fieldElement) {
+	f0 := f[0]
+	f1 := f[1]
+	f2 := f[2]
+	f3 := f[3]
+	f4 := f[4]
+	f5 := f[5]
+	f6 := f[6]
+	f7 := f[7]
+	f8 := f[8]
+	f9 := f[9]
+	f0_2 := 2 * f0
+	f1_2 := 2 * f1
+	f2_2 := 2 * f2
+	f3_2 := 2 * f3
+	f4_2 := 2 * f4
+	f5_2 := 2 * f5
+	f6_2 := 2 * f6
+	f7_2 := 2 * f7
+	f5_38 := 38 * f5 // 1.31*2^30
+	f6_19 := 19 * f6 // 1.31*2^30
+	f7_38 := 38 * f7 // 1.31*2^30
+	f8_19 := 19 * f8 // 1.31*2^30
+	f9_38 := 38 * f9 // 1.31*2^30
+	f0f0 := int64(f0) * int64(f0)
+	f0f1_2 := int64(f0_2) * int64(f1)
+	f0f2_2 := int64(f0_2) * int64(f2)
+	f0f3_2 := int64(f0_2) * int64(f3)
+	f0f4_2 := int64(f0_2) * int64(f4)
+	f0f5_2 := int64(f0_2) * int64(f5)
+	f0f6_2 := int64(f0_2) * int64(f6)
+	f0f7_2 := int64(f0_2) * int64(f7)
+	f0f8_2 := int64(f0_2) * int64(f8)
+	f0f9_2 := int64(f0_2) * int64(f9)
+	f1f1_2 := int64(f1_2) * int64(f1)
+	f1f2_2 := int64(f1_2) * int64(f2)
+	f1f3_4 := int64(f1_2) * int64(f3_2)
+	f1f4_2 := int64(f1_2) * int64(f4)
+	f1f5_4 := int64(f1_2) * int64(f5_2)
+	f1f6_2 := int64(f1_2) * int64(f6)
+	f1f7_4 := int64(f1_2) * int64(f7_2)
+	f1f8_2 := int64(f1_2) * int64(f8)
+	f1f9_76 := int64(f1_2) * int64(f9_38)
+	f2f2 := int64(f2) * int64(f2)
+	f2f3_2 := int64(f2_2) * int64(f3)
+	f2f4_2 := int64(f2_2) * int64(f4)
+	f2f5_2 := int64(f2_2) * int64(f5)
+	f2f6_2 := int64(f2_2) * int64(f6)
+	f2f7_2 := int64(f2_2) * int64(f7)
+	f2f8_38 := int64(f2_2) * int64(f8_19)
+	f2f9_38 := int64(f2) * int64(f9_38)
+	f3f3_2 := int64(f3_2) * int64(f3)
+	f3f4_2 := int64(f3_2) * int64(f4)
+	f3f5_4 := int64(f3_2) * int64(f5_2)
+	f3f6_2 := int64(f3_2) * int64(f6)
+	f3f7_76 := int64(f3_2) * int64(f7_38)
+	f3f8_38 := int64(f3_2) * int64(f8_19)
+	f3f9_76 := int64(f3_2) * int64(f9_38)
+	f4f4 := int64(f4) * int64(f4)
+	f4f5_2 := int64(f4_2) * int64(f5)
+	f4f6_38 := int64(f4_2) * int64(f6_19)
+	f4f7_38 := int64(f4) * int64(f7_38)
+	f4f8_38 := int64(f4_2) * int64(f8_19)
+	f4f9_38 := int64(f4) * int64(f9_38)
+	f5f5_38 := int64(f5) * int64(f5_38)
+	f5f6_38 := int64(f5_2) * int64(f6_19)
+	f5f7_76 := int64(f5_2) * int64(f7_38)
+	f5f8_38 := int64(f5_2) * int64(f8_19)
+	f5f9_76 := int64(f5_2) * int64(f9_38)
+	f6f6_19 := int64(f6) * int64(f6_19)
+	f6f7_38 := int64(f6) * int64(f7_38)
+	f6f8_38 := int64(f6_2) * int64(f8_19)
+	f6f9_38 := int64(f6) * int64(f9_38)
+	f7f7_38 := int64(f7) * int64(f7_38)
+	f7f8_38 := int64(f7_2) * int64(f8_19)
+	f7f9_76 := int64(f7_2) * int64(f9_38)
+	f8f8_19 := int64(f8) * int64(f8_19)
+	f8f9_38 := int64(f8) * int64(f9_38)
+	f9f9_38 := int64(f9) * int64(f9_38)
+	h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
+	h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
+	h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
+	h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
+	h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
+	h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
+	h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
+	h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
+	h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
+	h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
+	var carry [10]int64
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feMul121666 calculates h = f * 121666. Can overlap h with f.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+func feMul121666(h, f *fieldElement) {
+	h0 := int64(f[0]) * 121666
+	h1 := int64(f[1]) * 121666
+	h2 := int64(f[2]) * 121666
+	h3 := int64(f[3]) * 121666
+	h4 := int64(f[4]) * 121666
+	h5 := int64(f[5]) * 121666
+	h6 := int64(f[6]) * 121666
+	h7 := int64(f[7]) * 121666
+	h8 := int64(f[8]) * 121666
+	h9 := int64(f[9]) * 121666
+	var carry [10]int64
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feInvert sets out = z^-1.
+func feInvert(out, z *fieldElement) {
+	var t0, t1, t2, t3 fieldElement
+	var i int
+
+	feSquare(&t0, z)
+	for i = 1; i < 1; i++ {
+		feSquare(&t0, &t0)
+	}
+	feSquare(&t1, &t0)
+	for i = 1; i < 2; i++ {
+		feSquare(&t1, &t1)
+	}
+	feMul(&t1, z, &t1)
+	feMul(&t0, &t0, &t1)
+	feSquare(&t2, &t0)
+	for i = 1; i < 1; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t1, &t2)
+	feSquare(&t2, &t1)
+	for i = 1; i < 5; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t2, &t1)
+	for i = 1; i < 10; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t2, &t2, &t1)
+	feSquare(&t3, &t2)
+	for i = 1; i < 20; i++ {
+		feSquare(&t3, &t3)
+	}
+	feMul(&t2, &t3, &t2)
+	feSquare(&t2, &t2)
+	for i = 1; i < 10; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t2, &t1)
+	for i = 1; i < 50; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t2, &t2, &t1)
+	feSquare(&t3, &t2)
+	for i = 1; i < 100; i++ {
+		feSquare(&t3, &t3)
+	}
+	feMul(&t2, &t3, &t2)
+	feSquare(&t2, &t2)
+	for i = 1; i < 50; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t1, &t1)
+	for i = 1; i < 5; i++ {
+		feSquare(&t1, &t1)
+	}
+	feMul(out, &t1, &t0)
+}
+
+func scalarMultGeneric(out, in, base *[32]byte) {
+	var e [32]byte
+
+	copy(e[:], in[:])
+	e[0] &= 248
+	e[31] &= 127
+	e[31] |= 64
+
+	var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
+	feFromBytes(&x1, base)
+	feOne(&x2)
+	feCopy(&x3, &x1)
+	feOne(&z3)
+
+	swap := int32(0)
+	for pos := 254; pos >= 0; pos-- {
+		b := e[pos/8] >> uint(pos&7)
+		b &= 1
+		swap ^= int32(b)
+		feCSwap(&x2, &x3, swap)
+		feCSwap(&z2, &z3, swap)
+		swap = int32(b)
+
+		feSub(&tmp0, &x3, &z3)
+		feSub(&tmp1, &x2, &z2)
+		feAdd(&x2, &x2, &z2)
+		feAdd(&z2, &x3, &z3)
+		feMul(&z3, &tmp0, &x2)
+		feMul(&z2, &z2, &tmp1)
+		feSquare(&tmp0, &tmp1)
+		feSquare(&tmp1, &x2)
+		feAdd(&x3, &z3, &z2)
+		feSub(&z2, &z3, &z2)
+		feMul(&x2, &tmp1, &tmp0)
+		feSub(&tmp1, &tmp1, &tmp0)
+		feSquare(&z2, &z2)
+		feMul121666(&z3, &tmp1)
+		feSquare(&x3, &x3)
+		feAdd(&tmp0, &tmp0, &z3)
+		feMul(&z3, &x1, &z2)
+		feMul(&z2, &tmp1, &tmp0)
+	}
+
+	feCSwap(&x2, &x3, swap)
+	feCSwap(&z2, &z3, swap)
+
+	feInvert(&z2, &z2)
+	feMul(&x2, &x2, &z2)
+	feToBytes(out, &x2)
+}
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go b/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
new file mode 100644
index 0000000000000..259728af7dad7
--- /dev/null
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || !gc || purego
+// +build !amd64 !gc purego
+
+package curve25519
+
+func scalarMult(out, in, base *[32]byte) {
+	scalarMultGeneric(out, in, base)
+}
diff --git a/vendor/golang.org/x/crypto/curve25519/doc.go b/vendor/golang.org/x/crypto/curve25519/doc.go
deleted file mode 100644
index da9b10d9c1ffd..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/doc.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package curve25519 provides an implementation of scalar multiplication on
-// the elliptic curve known as curve25519. See https://cr.yp.to/ecdh.html
-package curve25519 // import "golang.org/x/crypto/curve25519"
-
-// basePoint is the x coordinate of the generator of the curve.
-var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-
-// ScalarMult sets dst to the product in*base where dst and base are the x
-// coordinates of group points and all values are in little-endian form.
-func ScalarMult(dst, in, base *[32]byte) {
-	scalarMult(dst, in, base)
-}
-
-// ScalarBaseMult sets dst to the product in*base where dst and base are the x
-// coordinates of group points, base is the standard generator and all values
-// are in little-endian form.
-func ScalarBaseMult(dst, in *[32]byte) {
-	ScalarMult(dst, in, &basePoint)
-}
diff --git a/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s b/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
deleted file mode 100644
index 390816106ee99..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func freeze(inout *[5]uint64)
-TEXT ·freeze(SB),7,$0-8
-	MOVQ inout+0(FP), DI
-
-	MOVQ 0(DI),SI
-	MOVQ 8(DI),DX
-	MOVQ 16(DI),CX
-	MOVQ 24(DI),R8
-	MOVQ 32(DI),R9
-	MOVQ $REDMASK51,AX
-	MOVQ AX,R10
-	SUBQ $18,R10
-	MOVQ $3,R11
-REDUCELOOP:
-	MOVQ SI,R12
-	SHRQ $51,R12
-	ANDQ AX,SI
-	ADDQ R12,DX
-	MOVQ DX,R12
-	SHRQ $51,R12
-	ANDQ AX,DX
-	ADDQ R12,CX
-	MOVQ CX,R12
-	SHRQ $51,R12
-	ANDQ AX,CX
-	ADDQ R12,R8
-	MOVQ R8,R12
-	SHRQ $51,R12
-	ANDQ AX,R8
-	ADDQ R12,R9
-	MOVQ R9,R12
-	SHRQ $51,R12
-	ANDQ AX,R9
-	IMUL3Q $19,R12,R12
-	ADDQ R12,SI
-	SUBQ $1,R11
-	JA REDUCELOOP
-	MOVQ $1,R12
-	CMPQ R10,SI
-	CMOVQLT R11,R12
-	CMPQ AX,DX
-	CMOVQNE R11,R12
-	CMPQ AX,CX
-	CMOVQNE R11,R12
-	CMPQ AX,R8
-	CMOVQNE R11,R12
-	CMPQ AX,R9
-	CMOVQNE R11,R12
-	NEGQ R12
-	ANDQ R12,AX
-	ANDQ R12,R10
-	SUBQ R10,SI
-	SUBQ AX,DX
-	SUBQ AX,CX
-	SUBQ AX,R8
-	SUBQ AX,R9
-	MOVQ SI,0(DI)
-	MOVQ DX,8(DI)
-	MOVQ CX,16(DI)
-	MOVQ R8,24(DI)
-	MOVQ R9,32(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s b/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s
deleted file mode 100644
index 9e9040b2502f8..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s
+++ /dev/null
@@ -1,1377 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func ladderstep(inout *[5][5]uint64)
-TEXT ·ladderstep(SB),0,$296-8
-	MOVQ inout+0(FP),DI
-
-	MOVQ 40(DI),SI
-	MOVQ 48(DI),DX
-	MOVQ 56(DI),CX
-	MOVQ 64(DI),R8
-	MOVQ 72(DI),R9
-	MOVQ SI,AX
-	MOVQ DX,R10
-	MOVQ CX,R11
-	MOVQ R8,R12
-	MOVQ R9,R13
-	ADDQ ·_2P0(SB),AX
-	ADDQ ·_2P1234(SB),R10
-	ADDQ ·_2P1234(SB),R11
-	ADDQ ·_2P1234(SB),R12
-	ADDQ ·_2P1234(SB),R13
-	ADDQ 80(DI),SI
-	ADDQ 88(DI),DX
-	ADDQ 96(DI),CX
-	ADDQ 104(DI),R8
-	ADDQ 112(DI),R9
-	SUBQ 80(DI),AX
-	SUBQ 88(DI),R10
-	SUBQ 96(DI),R11
-	SUBQ 104(DI),R12
-	SUBQ 112(DI),R13
-	MOVQ SI,0(SP)
-	MOVQ DX,8(SP)
-	MOVQ CX,16(SP)
-	MOVQ R8,24(SP)
-	MOVQ R9,32(SP)
-	MOVQ AX,40(SP)
-	MOVQ R10,48(SP)
-	MOVQ R11,56(SP)
-	MOVQ R12,64(SP)
-	MOVQ R13,72(SP)
-	MOVQ 40(SP),AX
-	MULQ 40(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 40(SP),AX
-	SHLQ $1,AX
-	MULQ 48(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 40(SP),AX
-	SHLQ $1,AX
-	MULQ 56(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 40(SP),AX
-	SHLQ $1,AX
-	MULQ 64(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 40(SP),AX
-	SHLQ $1,AX
-	MULQ 72(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 48(SP),AX
-	MULQ 48(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 48(SP),AX
-	SHLQ $1,AX
-	MULQ 56(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 48(SP),AX
-	SHLQ $1,AX
-	MULQ 64(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 48(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 56(SP),AX
-	MULQ 56(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 56(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 64(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 56(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 64(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 64(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 64(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 72(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	ANDQ DX,SI
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ADDQ R10,CX
-	ANDQ DX,R8
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ADDQ R12,CX
-	ANDQ DX,R9
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ADDQ R14,CX
-	ANDQ DX,AX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,80(SP)
-	MOVQ R8,88(SP)
-	MOVQ R9,96(SP)
-	MOVQ AX,104(SP)
-	MOVQ R10,112(SP)
-	MOVQ 0(SP),AX
-	MULQ 0(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 0(SP),AX
-	SHLQ $1,AX
-	MULQ 8(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 0(SP),AX
-	SHLQ $1,AX
-	MULQ 16(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 0(SP),AX
-	SHLQ $1,AX
-	MULQ 24(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 0(SP),AX
-	SHLQ $1,AX
-	MULQ 32(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 8(SP),AX
-	MULQ 8(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	SHLQ $1,AX
-	MULQ 16(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 8(SP),AX
-	SHLQ $1,AX
-	MULQ 24(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 16(SP),AX
-	MULQ 16(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 16(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 24(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 16(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 24(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 24(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 32(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	ANDQ DX,SI
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ADDQ R10,CX
-	ANDQ DX,R8
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ADDQ R12,CX
-	ANDQ DX,R9
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ADDQ R14,CX
-	ANDQ DX,AX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,120(SP)
-	MOVQ R8,128(SP)
-	MOVQ R9,136(SP)
-	MOVQ AX,144(SP)
-	MOVQ R10,152(SP)
-	MOVQ SI,SI
-	MOVQ R8,DX
-	MOVQ R9,CX
-	MOVQ AX,R8
-	MOVQ R10,R9
-	ADDQ ·_2P0(SB),SI
-	ADDQ ·_2P1234(SB),DX
-	ADDQ ·_2P1234(SB),CX
-	ADDQ ·_2P1234(SB),R8
-	ADDQ ·_2P1234(SB),R9
-	SUBQ 80(SP),SI
-	SUBQ 88(SP),DX
-	SUBQ 96(SP),CX
-	SUBQ 104(SP),R8
-	SUBQ 112(SP),R9
-	MOVQ SI,160(SP)
-	MOVQ DX,168(SP)
-	MOVQ CX,176(SP)
-	MOVQ R8,184(SP)
-	MOVQ R9,192(SP)
-	MOVQ 120(DI),SI
-	MOVQ 128(DI),DX
-	MOVQ 136(DI),CX
-	MOVQ 144(DI),R8
-	MOVQ 152(DI),R9
-	MOVQ SI,AX
-	MOVQ DX,R10
-	MOVQ CX,R11
-	MOVQ R8,R12
-	MOVQ R9,R13
-	ADDQ ·_2P0(SB),AX
-	ADDQ ·_2P1234(SB),R10
-	ADDQ ·_2P1234(SB),R11
-	ADDQ ·_2P1234(SB),R12
-	ADDQ ·_2P1234(SB),R13
-	ADDQ 160(DI),SI
-	ADDQ 168(DI),DX
-	ADDQ 176(DI),CX
-	ADDQ 184(DI),R8
-	ADDQ 192(DI),R9
-	SUBQ 160(DI),AX
-	SUBQ 168(DI),R10
-	SUBQ 176(DI),R11
-	SUBQ 184(DI),R12
-	SUBQ 192(DI),R13
-	MOVQ SI,200(SP)
-	MOVQ DX,208(SP)
-	MOVQ CX,216(SP)
-	MOVQ R8,224(SP)
-	MOVQ R9,232(SP)
-	MOVQ AX,240(SP)
-	MOVQ R10,248(SP)
-	MOVQ R11,256(SP)
-	MOVQ R12,264(SP)
-	MOVQ R13,272(SP)
-	MOVQ 224(SP),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,280(SP)
-	MULQ 56(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 232(SP),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,288(SP)
-	MULQ 48(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 200(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 200(SP),AX
-	MULQ 48(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 200(SP),AX
-	MULQ 56(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 200(SP),AX
-	MULQ 64(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 200(SP),AX
-	MULQ 72(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 208(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 208(SP),AX
-	MULQ 48(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 208(SP),AX
-	MULQ 56(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 208(SP),AX
-	MULQ 64(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 208(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 216(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 216(SP),AX
-	MULQ 48(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 216(SP),AX
-	MULQ 56(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 216(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 64(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 216(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 224(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 224(SP),AX
-	MULQ 48(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 280(SP),AX
-	MULQ 64(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 280(SP),AX
-	MULQ 72(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 232(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 288(SP),AX
-	MULQ 56(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 288(SP),AX
-	MULQ 64(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 288(SP),AX
-	MULQ 72(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,40(SP)
-	MOVQ R8,48(SP)
-	MOVQ R9,56(SP)
-	MOVQ AX,64(SP)
-	MOVQ R10,72(SP)
-	MOVQ 264(SP),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,200(SP)
-	MULQ 16(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 272(SP),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,208(SP)
-	MULQ 8(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 240(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 240(SP),AX
-	MULQ 8(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 240(SP),AX
-	MULQ 16(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 240(SP),AX
-	MULQ 24(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 240(SP),AX
-	MULQ 32(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 248(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 248(SP),AX
-	MULQ 8(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 248(SP),AX
-	MULQ 16(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 248(SP),AX
-	MULQ 24(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 248(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 256(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 256(SP),AX
-	MULQ 8(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 256(SP),AX
-	MULQ 16(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 256(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 256(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 264(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 264(SP),AX
-	MULQ 8(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 200(SP),AX
-	MULQ 24(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 200(SP),AX
-	MULQ 32(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 272(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 208(SP),AX
-	MULQ 16(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 208(SP),AX
-	MULQ 24(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 208(SP),AX
-	MULQ 32(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,DX
-	MOVQ R8,CX
-	MOVQ R9,R11
-	MOVQ AX,R12
-	MOVQ R10,R13
-	ADDQ ·_2P0(SB),DX
-	ADDQ ·_2P1234(SB),CX
-	ADDQ ·_2P1234(SB),R11
-	ADDQ ·_2P1234(SB),R12
-	ADDQ ·_2P1234(SB),R13
-	ADDQ 40(SP),SI
-	ADDQ 48(SP),R8
-	ADDQ 56(SP),R9
-	ADDQ 64(SP),AX
-	ADDQ 72(SP),R10
-	SUBQ 40(SP),DX
-	SUBQ 48(SP),CX
-	SUBQ 56(SP),R11
-	SUBQ 64(SP),R12
-	SUBQ 72(SP),R13
-	MOVQ SI,120(DI)
-	MOVQ R8,128(DI)
-	MOVQ R9,136(DI)
-	MOVQ AX,144(DI)
-	MOVQ R10,152(DI)
-	MOVQ DX,160(DI)
-	MOVQ CX,168(DI)
-	MOVQ R11,176(DI)
-	MOVQ R12,184(DI)
-	MOVQ R13,192(DI)
-	MOVQ 120(DI),AX
-	MULQ 120(DI)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 120(DI),AX
-	SHLQ $1,AX
-	MULQ 128(DI)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 120(DI),AX
-	SHLQ $1,AX
-	MULQ 136(DI)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 120(DI),AX
-	SHLQ $1,AX
-	MULQ 144(DI)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 120(DI),AX
-	SHLQ $1,AX
-	MULQ 152(DI)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 128(DI),AX
-	MULQ 128(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 128(DI),AX
-	SHLQ $1,AX
-	MULQ 136(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 128(DI),AX
-	SHLQ $1,AX
-	MULQ 144(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 128(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 152(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 136(DI),AX
-	MULQ 136(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 136(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 144(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 136(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 152(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 144(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 144(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 144(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 152(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 152(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 152(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	ANDQ DX,SI
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ADDQ R10,CX
-	ANDQ DX,R8
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ADDQ R12,CX
-	ANDQ DX,R9
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ADDQ R14,CX
-	ANDQ DX,AX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,120(DI)
-	MOVQ R8,128(DI)
-	MOVQ R9,136(DI)
-	MOVQ AX,144(DI)
-	MOVQ R10,152(DI)
-	MOVQ 160(DI),AX
-	MULQ 160(DI)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 160(DI),AX
-	SHLQ $1,AX
-	MULQ 168(DI)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 160(DI),AX
-	SHLQ $1,AX
-	MULQ 176(DI)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 160(DI),AX
-	SHLQ $1,AX
-	MULQ 184(DI)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 160(DI),AX
-	SHLQ $1,AX
-	MULQ 192(DI)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 168(DI),AX
-	MULQ 168(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 168(DI),AX
-	SHLQ $1,AX
-	MULQ 176(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 168(DI),AX
-	SHLQ $1,AX
-	MULQ 184(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 168(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 192(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 176(DI),AX
-	MULQ 176(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 176(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 184(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 176(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 192(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 184(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 184(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 184(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 192(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 192(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 192(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	ANDQ DX,SI
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ADDQ R10,CX
-	ANDQ DX,R8
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ADDQ R12,CX
-	ANDQ DX,R9
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ADDQ R14,CX
-	ANDQ DX,AX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,160(DI)
-	MOVQ R8,168(DI)
-	MOVQ R9,176(DI)
-	MOVQ AX,184(DI)
-	MOVQ R10,192(DI)
-	MOVQ 184(DI),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,0(SP)
-	MULQ 16(DI)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 192(DI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 8(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 160(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 160(DI),AX
-	MULQ 8(DI)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 160(DI),AX
-	MULQ 16(DI)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 160(DI),AX
-	MULQ 24(DI)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 160(DI),AX
-	MULQ 32(DI)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 168(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 168(DI),AX
-	MULQ 8(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 168(DI),AX
-	MULQ 16(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 168(DI),AX
-	MULQ 24(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 168(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 176(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 176(DI),AX
-	MULQ 8(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 176(DI),AX
-	MULQ 16(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 176(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 176(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 184(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 184(DI),AX
-	MULQ 8(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 0(SP),AX
-	MULQ 24(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SP),AX
-	MULQ 32(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 192(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SP),AX
-	MULQ 16(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 8(SP),AX
-	MULQ 24(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 32(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,160(DI)
-	MOVQ R8,168(DI)
-	MOVQ R9,176(DI)
-	MOVQ AX,184(DI)
-	MOVQ R10,192(DI)
-	MOVQ 144(SP),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,0(SP)
-	MULQ 96(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 152(SP),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 88(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 120(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 120(SP),AX
-	MULQ 88(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 120(SP),AX
-	MULQ 96(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 120(SP),AX
-	MULQ 104(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 120(SP),AX
-	MULQ 112(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 128(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 128(SP),AX
-	MULQ 88(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 128(SP),AX
-	MULQ 96(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 128(SP),AX
-	MULQ 104(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 128(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 112(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 136(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 136(SP),AX
-	MULQ 88(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 136(SP),AX
-	MULQ 96(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 136(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 104(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 136(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 112(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 144(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 144(SP),AX
-	MULQ 88(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 0(SP),AX
-	MULQ 104(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SP),AX
-	MULQ 112(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 152(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SP),AX
-	MULQ 96(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 8(SP),AX
-	MULQ 104(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 112(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,40(DI)
-	MOVQ R8,48(DI)
-	MOVQ R9,56(DI)
-	MOVQ AX,64(DI)
-	MOVQ R10,72(DI)
-	MOVQ 160(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 168(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	ADDQ AX,CX
-	MOVQ DX,R8
-	MOVQ 176(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	ADDQ AX,R8
-	MOVQ DX,R9
-	MOVQ 184(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	ADDQ AX,R9
-	MOVQ DX,R10
-	MOVQ 192(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	ADDQ AX,R10
-	IMUL3Q $19,DX,DX
-	ADDQ DX,SI
-	ADDQ 80(SP),SI
-	ADDQ 88(SP),CX
-	ADDQ 96(SP),R8
-	ADDQ 104(SP),R9
-	ADDQ 112(SP),R10
-	MOVQ SI,80(DI)
-	MOVQ CX,88(DI)
-	MOVQ R8,96(DI)
-	MOVQ R9,104(DI)
-	MOVQ R10,112(DI)
-	MOVQ 104(DI),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,0(SP)
-	MULQ 176(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 112(DI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 168(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 80(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 80(DI),AX
-	MULQ 168(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 80(DI),AX
-	MULQ 176(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 80(DI),AX
-	MULQ 184(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 80(DI),AX
-	MULQ 192(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 88(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 88(DI),AX
-	MULQ 168(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 88(DI),AX
-	MULQ 176(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 88(DI),AX
-	MULQ 184(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 88(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 192(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 96(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 96(DI),AX
-	MULQ 168(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 96(DI),AX
-	MULQ 176(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 96(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 184(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 96(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 192(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 104(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 104(DI),AX
-	MULQ 168(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 0(SP),AX
-	MULQ 184(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SP),AX
-	MULQ 192(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 112(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SP),AX
-	MULQ 176(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 8(SP),AX
-	MULQ 184(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 192(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,80(DI)
-	MOVQ R8,88(DI)
-	MOVQ R9,96(DI)
-	MOVQ AX,104(DI)
-	MOVQ R10,112(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go b/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go
deleted file mode 100644
index 5822bd5338349..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go
+++ /dev/null
@@ -1,240 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-package curve25519
-
-// These functions are implemented in the .s files. The names of the functions
-// in the rest of the file are also taken from the SUPERCOP sources to help
-// people following along.
-
-//go:noescape
-
-func cswap(inout *[5]uint64, v uint64)
-
-//go:noescape
-
-func ladderstep(inout *[5][5]uint64)
-
-//go:noescape
-
-func freeze(inout *[5]uint64)
-
-//go:noescape
-
-func mul(dest, a, b *[5]uint64)
-
-//go:noescape
-
-func square(out, in *[5]uint64)
-
-// mladder uses a Montgomery ladder to calculate (xr/zr) *= s.
-func mladder(xr, zr *[5]uint64, s *[32]byte) {
-	var work [5][5]uint64
-
-	work[0] = *xr
-	setint(&work[1], 1)
-	setint(&work[2], 0)
-	work[3] = *xr
-	setint(&work[4], 1)
-
-	j := uint(6)
-	var prevbit byte
-
-	for i := 31; i >= 0; i-- {
-		for j < 8 {
-			bit := ((*s)[i] >> j) & 1
-			swap := bit ^ prevbit
-			prevbit = bit
-			cswap(&work[1], uint64(swap))
-			ladderstep(&work)
-			j--
-		}
-		j = 7
-	}
-
-	*xr = work[1]
-	*zr = work[2]
-}
-
-func scalarMult(out, in, base *[32]byte) {
-	var e [32]byte
-	copy(e[:], (*in)[:])
-	e[0] &= 248
-	e[31] &= 127
-	e[31] |= 64
-
-	var t, z [5]uint64
-	unpack(&t, base)
-	mladder(&t, &z, &e)
-	invert(&z, &z)
-	mul(&t, &t, &z)
-	pack(out, &t)
-}
-
-func setint(r *[5]uint64, v uint64) {
-	r[0] = v
-	r[1] = 0
-	r[2] = 0
-	r[3] = 0
-	r[4] = 0
-}
-
-// unpack sets r = x where r consists of 5, 51-bit limbs in little-endian
-// order.
-func unpack(r *[5]uint64, x *[32]byte) {
-	r[0] = uint64(x[0]) |
-		uint64(x[1])<<8 |
-		uint64(x[2])<<16 |
-		uint64(x[3])<<24 |
-		uint64(x[4])<<32 |
-		uint64(x[5])<<40 |
-		uint64(x[6]&7)<<48
-
-	r[1] = uint64(x[6])>>3 |
-		uint64(x[7])<<5 |
-		uint64(x[8])<<13 |
-		uint64(x[9])<<21 |
-		uint64(x[10])<<29 |
-		uint64(x[11])<<37 |
-		uint64(x[12]&63)<<45
-
-	r[2] = uint64(x[12])>>6 |
-		uint64(x[13])<<2 |
-		uint64(x[14])<<10 |
-		uint64(x[15])<<18 |
-		uint64(x[16])<<26 |
-		uint64(x[17])<<34 |
-		uint64(x[18])<<42 |
-		uint64(x[19]&1)<<50
-
-	r[3] = uint64(x[19])>>1 |
-		uint64(x[20])<<7 |
-		uint64(x[21])<<15 |
-		uint64(x[22])<<23 |
-		uint64(x[23])<<31 |
-		uint64(x[24])<<39 |
-		uint64(x[25]&15)<<47
-
-	r[4] = uint64(x[25])>>4 |
-		uint64(x[26])<<4 |
-		uint64(x[27])<<12 |
-		uint64(x[28])<<20 |
-		uint64(x[29])<<28 |
-		uint64(x[30])<<36 |
-		uint64(x[31]&127)<<44
-}
-
-// pack sets out = x where out is the usual, little-endian form of the 5,
-// 51-bit limbs in x.
-func pack(out *[32]byte, x *[5]uint64) {
-	t := *x
-	freeze(&t)
-
-	out[0] = byte(t[0])
-	out[1] = byte(t[0] >> 8)
-	out[2] = byte(t[0] >> 16)
-	out[3] = byte(t[0] >> 24)
-	out[4] = byte(t[0] >> 32)
-	out[5] = byte(t[0] >> 40)
-	out[6] = byte(t[0] >> 48)
-
-	out[6] ^= byte(t[1]<<3) & 0xf8
-	out[7] = byte(t[1] >> 5)
-	out[8] = byte(t[1] >> 13)
-	out[9] = byte(t[1] >> 21)
-	out[10] = byte(t[1] >> 29)
-	out[11] = byte(t[1] >> 37)
-	out[12] = byte(t[1] >> 45)
-
-	out[12] ^= byte(t[2]<<6) & 0xc0
-	out[13] = byte(t[2] >> 2)
-	out[14] = byte(t[2] >> 10)
-	out[15] = byte(t[2] >> 18)
-	out[16] = byte(t[2] >> 26)
-	out[17] = byte(t[2] >> 34)
-	out[18] = byte(t[2] >> 42)
-	out[19] = byte(t[2] >> 50)
-
-	out[19] ^= byte(t[3]<<1) & 0xfe
-	out[20] = byte(t[3] >> 7)
-	out[21] = byte(t[3] >> 15)
-	out[22] = byte(t[3] >> 23)
-	out[23] = byte(t[3] >> 31)
-	out[24] = byte(t[3] >> 39)
-	out[25] = byte(t[3] >> 47)
-
-	out[25] ^= byte(t[4]<<4) & 0xf0
-	out[26] = byte(t[4] >> 4)
-	out[27] = byte(t[4] >> 12)
-	out[28] = byte(t[4] >> 20)
-	out[29] = byte(t[4] >> 28)
-	out[30] = byte(t[4] >> 36)
-	out[31] = byte(t[4] >> 44)
-}
-
-// invert calculates r = x^-1 mod p using Fermat's little theorem.
-func invert(r *[5]uint64, x *[5]uint64) {
-	var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t [5]uint64
-
-	square(&z2, x)        /* 2 */
-	square(&t, &z2)       /* 4 */
-	square(&t, &t)        /* 8 */
-	mul(&z9, &t, x)       /* 9 */
-	mul(&z11, &z9, &z2)   /* 11 */
-	square(&t, &z11)      /* 22 */
-	mul(&z2_5_0, &t, &z9) /* 2^5 - 2^0 = 31 */
-
-	square(&t, &z2_5_0)      /* 2^6 - 2^1 */
-	for i := 1; i < 5; i++ { /* 2^20 - 2^10 */
-		square(&t, &t)
-	}
-	mul(&z2_10_0, &t, &z2_5_0) /* 2^10 - 2^0 */
-
-	square(&t, &z2_10_0)      /* 2^11 - 2^1 */
-	for i := 1; i < 10; i++ { /* 2^20 - 2^10 */
-		square(&t, &t)
-	}
-	mul(&z2_20_0, &t, &z2_10_0) /* 2^20 - 2^0 */
-
-	square(&t, &z2_20_0)      /* 2^21 - 2^1 */
-	for i := 1; i < 20; i++ { /* 2^40 - 2^20 */
-		square(&t, &t)
-	}
-	mul(&t, &t, &z2_20_0) /* 2^40 - 2^0 */
-
-	square(&t, &t)            /* 2^41 - 2^1 */
-	for i := 1; i < 10; i++ { /* 2^50 - 2^10 */
-		square(&t, &t)
-	}
-	mul(&z2_50_0, &t, &z2_10_0) /* 2^50 - 2^0 */
-
-	square(&t, &z2_50_0)      /* 2^51 - 2^1 */
-	for i := 1; i < 50; i++ { /* 2^100 - 2^50 */
-		square(&t, &t)
-	}
-	mul(&z2_100_0, &t, &z2_50_0) /* 2^100 - 2^0 */
-
-	square(&t, &z2_100_0)      /* 2^101 - 2^1 */
-	for i := 1; i < 100; i++ { /* 2^200 - 2^100 */
-		square(&t, &t)
-	}
-	mul(&t, &t, &z2_100_0) /* 2^200 - 2^0 */
-
-	square(&t, &t)            /* 2^201 - 2^1 */
-	for i := 1; i < 50; i++ { /* 2^250 - 2^50 */
-		square(&t, &t)
-	}
-	mul(&t, &t, &z2_50_0) /* 2^250 - 2^0 */
-
-	square(&t, &t) /* 2^251 - 2^1 */
-	square(&t, &t) /* 2^252 - 2^2 */
-	square(&t, &t) /* 2^253 - 2^3 */
-
-	square(&t, &t) /* 2^254 - 2^4 */
-
-	square(&t, &t)   /* 2^255 - 2^5 */
-	mul(r, &t, &z11) /* 2^255 - 21 */
-}
diff --git a/vendor/golang.org/x/crypto/curve25519/mul_amd64.s b/vendor/golang.org/x/crypto/curve25519/mul_amd64.s
deleted file mode 100644
index 5ce80a2e56b97..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/mul_amd64.s
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func mul(dest, a, b *[5]uint64)
-TEXT ·mul(SB),0,$16-24
-	MOVQ dest+0(FP), DI
-	MOVQ a+8(FP), SI
-	MOVQ b+16(FP), DX
-
-	MOVQ DX,CX
-	MOVQ 24(SI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,0(SP)
-	MULQ 16(CX)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 32(SI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 8(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SI),AX
-	MULQ 8(CX)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 0(SI),AX
-	MULQ 16(CX)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 0(SI),AX
-	MULQ 24(CX)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 0(SI),AX
-	MULQ 32(CX)
-	MOVQ AX,BX
-	MOVQ DX,BP
-	MOVQ 8(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 8(SI),AX
-	MULQ 16(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SI),AX
-	MULQ 24(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 8(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 16(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 16(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 16(SI),AX
-	MULQ 16(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 16(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 16(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 24(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 24(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 0(SP),AX
-	MULQ 24(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 0(SP),AX
-	MULQ 32(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 32(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 8(SP),AX
-	MULQ 16(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 24(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 8(SP),AX
-	MULQ 32(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ $REDMASK51,SI
-	SHLQ $13,R9:R8
-	ANDQ SI,R8
-	SHLQ $13,R11:R10
-	ANDQ SI,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ SI,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ SI,R14
-	ADDQ R13,R14
-	SHLQ $13,BP:BX
-	ANDQ SI,BX
-	ADDQ R15,BX
-	IMUL3Q $19,BP,DX
-	ADDQ DX,R8
-	MOVQ R8,DX
-	SHRQ $51,DX
-	ADDQ R10,DX
-	MOVQ DX,CX
-	SHRQ $51,DX
-	ANDQ SI,R8
-	ADDQ R12,DX
-	MOVQ DX,R9
-	SHRQ $51,DX
-	ANDQ SI,CX
-	ADDQ R14,DX
-	MOVQ DX,AX
-	SHRQ $51,DX
-	ANDQ SI,R9
-	ADDQ BX,DX
-	MOVQ DX,R10
-	SHRQ $51,DX
-	ANDQ SI,AX
-	IMUL3Q $19,DX,DX
-	ADDQ DX,R8
-	ANDQ SI,R10
-	MOVQ R8,0(DI)
-	MOVQ CX,8(DI)
-	MOVQ R9,16(DI)
-	MOVQ AX,24(DI)
-	MOVQ R10,32(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/square_amd64.s b/vendor/golang.org/x/crypto/curve25519/square_amd64.s
deleted file mode 100644
index 12f73734ff5ae..0000000000000
--- a/vendor/golang.org/x/crypto/curve25519/square_amd64.s
+++ /dev/null
@@ -1,132 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func square(out, in *[5]uint64)
-TEXT ·square(SB),7,$0-16
-	MOVQ out+0(FP), DI
-	MOVQ in+8(FP), SI
-
-	MOVQ 0(SI),AX
-	MULQ 0(SI)
-	MOVQ AX,CX
-	MOVQ DX,R8
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 8(SI)
-	MOVQ AX,R9
-	MOVQ DX,R10
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 16(SI)
-	MOVQ AX,R11
-	MOVQ DX,R12
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 24(SI)
-	MOVQ AX,R13
-	MOVQ DX,R14
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 32(SI)
-	MOVQ AX,R15
-	MOVQ DX,BX
-	MOVQ 8(SI),AX
-	MULQ 8(SI)
-	ADDQ AX,R11
-	ADCQ DX,R12
-	MOVQ 8(SI),AX
-	SHLQ $1,AX
-	MULQ 16(SI)
-	ADDQ AX,R13
-	ADCQ DX,R14
-	MOVQ 8(SI),AX
-	SHLQ $1,AX
-	MULQ 24(SI)
-	ADDQ AX,R15
-	ADCQ DX,BX
-	MOVQ 8(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,CX
-	ADCQ DX,R8
-	MOVQ 16(SI),AX
-	MULQ 16(SI)
-	ADDQ AX,R15
-	ADCQ DX,BX
-	MOVQ 16(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 24(SI)
-	ADDQ AX,CX
-	ADCQ DX,R8
-	MOVQ 16(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R9
-	ADCQ DX,R10
-	MOVQ 24(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(SI)
-	ADDQ AX,R9
-	ADCQ DX,R10
-	MOVQ 24(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R11
-	ADCQ DX,R12
-	MOVQ 32(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R13
-	ADCQ DX,R14
-	MOVQ $REDMASK51,SI
-	SHLQ $13,R8:CX
-	ANDQ SI,CX
-	SHLQ $13,R10:R9
-	ANDQ SI,R9
-	ADDQ R8,R9
-	SHLQ $13,R12:R11
-	ANDQ SI,R11
-	ADDQ R10,R11
-	SHLQ $13,R14:R13
-	ANDQ SI,R13
-	ADDQ R12,R13
-	SHLQ $13,BX:R15
-	ANDQ SI,R15
-	ADDQ R14,R15
-	IMUL3Q $19,BX,DX
-	ADDQ DX,CX
-	MOVQ CX,DX
-	SHRQ $51,DX
-	ADDQ R9,DX
-	ANDQ SI,CX
-	MOVQ DX,R8
-	SHRQ $51,DX
-	ADDQ R11,DX
-	ANDQ SI,R8
-	MOVQ DX,R9
-	SHRQ $51,DX
-	ADDQ R13,DX
-	ANDQ SI,R9
-	MOVQ DX,AX
-	SHRQ $51,DX
-	ADDQ R15,DX
-	ANDQ SI,AX
-	MOVQ DX,R10
-	SHRQ $51,DX
-	IMUL3Q $19,DX,DX
-	ADDQ DX,CX
-	ANDQ SI,R10
-	MOVQ CX,0(DI)
-	MOVQ R8,8(DI)
-	MOVQ R9,16(DI)
-	MOVQ AX,24(DI)
-	MOVQ R10,32(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/ed25519/ed25519.go b/vendor/golang.org/x/crypto/ed25519/ed25519.go
index d6f683ba3f788..71ad917dadd8d 100644
--- a/vendor/golang.org/x/crypto/ed25519/ed25519.go
+++ b/vendor/golang.org/x/crypto/ed25519/ed25519.go
@@ -2,6 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// In Go 1.13, the ed25519 package was promoted to the standard library as
+// crypto/ed25519, and this package became a wrapper for the standard library one.
+//
+//go:build !go1.13
+// +build !go1.13
+
 // Package ed25519 implements the Ed25519 signature algorithm. See
 // https://ed25519.cr.yp.to/.
 //
diff --git a/vendor/golang.org/x/crypto/ed25519/ed25519_go113.go b/vendor/golang.org/x/crypto/ed25519/ed25519_go113.go
new file mode 100644
index 0000000000000..b5974dc8b27bb
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ed25519/ed25519_go113.go
@@ -0,0 +1,74 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.13
+// +build go1.13
+
+// Package ed25519 implements the Ed25519 signature algorithm. See
+// https://ed25519.cr.yp.to/.
+//
+// These functions are also compatible with the “Ed25519” function defined in
+// RFC 8032. However, unlike RFC 8032's formulation, this package's private key
+// representation includes a public key suffix to make multiple signing
+// operations with the same key more efficient. This package refers to the RFC
+// 8032 private key as the “seed”.
+//
+// Beginning with Go 1.13, the functionality of this package was moved to the
+// standard library as crypto/ed25519. This package only acts as a compatibility
+// wrapper.
+package ed25519
+
+import (
+	"crypto/ed25519"
+	"io"
+)
+
+const (
+	// PublicKeySize is the size, in bytes, of public keys as used in this package.
+	PublicKeySize = 32
+	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
+	PrivateKeySize = 64
+	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
+	SignatureSize = 64
+	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
+	SeedSize = 32
+)
+
+// PublicKey is the type of Ed25519 public keys.
+//
+// This type is an alias for crypto/ed25519's PublicKey type.
+// See the crypto/ed25519 package for the methods on this type.
+type PublicKey = ed25519.PublicKey
+
+// PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
+//
+// This type is an alias for crypto/ed25519's PrivateKey type.
+// See the crypto/ed25519 package for the methods on this type.
+type PrivateKey = ed25519.PrivateKey
+
+// GenerateKey generates a public/private key pair using entropy from rand.
+// If rand is nil, crypto/rand.Reader will be used.
+func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
+	return ed25519.GenerateKey(rand)
+}
+
+// NewKeyFromSeed calculates a private key from a seed. It will panic if
+// len(seed) is not SeedSize. This function is provided for interoperability
+// with RFC 8032. RFC 8032's private keys correspond to seeds in this
+// package.
+func NewKeyFromSeed(seed []byte) PrivateKey {
+	return ed25519.NewKeyFromSeed(seed)
+}
+
+// Sign signs the message with privateKey and returns a signature. It will
+// panic if len(privateKey) is not PrivateKeySize.
+func Sign(privateKey PrivateKey, message []byte) []byte {
+	return ed25519.Sign(privateKey, message)
+}
+
+// Verify reports whether sig is a valid signature of message by publicKey. It
+// will panic if len(publicKey) is not PublicKeySize.
+func Verify(publicKey PublicKey, message, sig []byte) bool {
+	return ed25519.Verify(publicKey, message, sig)
+}
diff --git a/vendor/golang.org/x/crypto/go.mod b/vendor/golang.org/x/crypto/go.mod
new file mode 100644
index 0000000000000..f6f852525b577
--- /dev/null
+++ b/vendor/golang.org/x/crypto/go.mod
@@ -0,0 +1,9 @@
+module golang.org/x/crypto
+
+go 1.11
+
+require (
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+	golang.org/x/sys v0.0.0-20201119102817-f84b799fce68
+	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
+)
diff --git a/vendor/golang.org/x/crypto/internal/subtle/aliasing.go b/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
index f38797bfa1bfb..4fad24f8dcde8 100644
--- a/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
+++ b/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !appengine
+//go:build !purego
+// +build !purego
 
 // Package subtle implements functions that are often useful in cryptographic
 // code but require careful thought to use correctly.
diff --git a/vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go b/vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go
deleted file mode 100644
index 0cc4a8a642c91..0000000000000
--- a/vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build appengine
-
-// Package subtle implements functions that are often useful in cryptographic
-// code but require careful thought to use correctly.
-package subtle // import "golang.org/x/crypto/internal/subtle"
-
-// This is the Google App Engine standard variant based on reflect
-// because the unsafe package and cgo are disallowed.
-
-import "reflect"
-
-// AnyOverlap reports whether x and y share memory at any (not necessarily
-// corresponding) index. The memory beyond the slice length is ignored.
-func AnyOverlap(x, y []byte) bool {
-	return len(x) > 0 && len(y) > 0 &&
-		reflect.ValueOf(&x[0]).Pointer() <= reflect.ValueOf(&y[len(y)-1]).Pointer() &&
-		reflect.ValueOf(&y[0]).Pointer() <= reflect.ValueOf(&x[len(x)-1]).Pointer()
-}
-
-// InexactOverlap reports whether x and y share memory at any non-corresponding
-// index. The memory beyond the slice length is ignored. Note that x and y can
-// have different lengths and still not have any inexact overlap.
-//
-// InexactOverlap can be used to implement the requirements of the crypto/cipher
-// AEAD, Block, BlockMode and Stream interfaces.
-func InexactOverlap(x, y []byte) bool {
-	if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
-		return false
-	}
-	return AnyOverlap(x, y)
-}
diff --git a/vendor/golang.org/x/crypto/internal/subtle/aliasing_purego.go b/vendor/golang.org/x/crypto/internal/subtle/aliasing_purego.go
new file mode 100644
index 0000000000000..80ccbed2c0de2
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/subtle/aliasing_purego.go
@@ -0,0 +1,36 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build purego
+// +build purego
+
+// Package subtle implements functions that are often useful in cryptographic
+// code but require careful thought to use correctly.
+package subtle // import "golang.org/x/crypto/internal/subtle"
+
+// This is the Google App Engine standard variant based on reflect
+// because the unsafe package and cgo are disallowed.
+
+import "reflect"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+	return len(x) > 0 && len(y) > 0 &&
+		reflect.ValueOf(&x[0]).Pointer() <= reflect.ValueOf(&y[len(y)-1]).Pointer() &&
+		reflect.ValueOf(&y[0]).Pointer() <= reflect.ValueOf(&x[len(x)-1]).Pointer()
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+	if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+		return false
+	}
+	return AnyOverlap(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/nacl/sign/sign.go b/vendor/golang.org/x/crypto/nacl/sign/sign.go
new file mode 100644
index 0000000000000..d07627019ef5a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/nacl/sign/sign.go
@@ -0,0 +1,90 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package sign signs small messages using public-key cryptography.
+//
+// Sign uses Ed25519 to sign messages. The length of messages is not hidden.
+// Messages should be small because:
+// 1. The whole message needs to be held in memory to be processed.
+// 2. Using large messages pressures implementations on small machines to process
+// plaintext without verifying the signature. This is very dangerous, and this API
+// discourages it, but a protocol that uses excessive message sizes might present
+// some implementations with no other choice.
+// 3. Performance may be improved by working with messages that fit into data caches.
+// Thus large amounts of data should be chunked so that each message is small.
+//
+// This package is not interoperable with the current release of NaCl
+// (https://nacl.cr.yp.to/sign.html), which does not support Ed25519 yet. However,
+// it is compatible with the NaCl fork libsodium (https://www.libsodium.org), as well
+// as TweetNaCl (https://tweetnacl.cr.yp.to/).
+package sign
+
+import (
+	"io"
+
+	"golang.org/x/crypto/ed25519"
+	"golang.org/x/crypto/internal/subtle"
+)
+
+// Overhead is the number of bytes of overhead when signing a message.
+const Overhead = 64
+
+// GenerateKey generates a new public/private key pair suitable for use with
+// Sign and Open.
+func GenerateKey(rand io.Reader) (publicKey *[32]byte, privateKey *[64]byte, err error) {
+	pub, priv, err := ed25519.GenerateKey(rand)
+	if err != nil {
+		return nil, nil, err
+	}
+	publicKey, privateKey = new([32]byte), new([64]byte)
+	copy((*publicKey)[:], pub)
+	copy((*privateKey)[:], priv)
+	return publicKey, privateKey, nil
+}
+
+// Sign appends a signed copy of message to out, which will be Overhead bytes
+// longer than the original and must not overlap it.
+func Sign(out, message []byte, privateKey *[64]byte) []byte {
+	sig := ed25519.Sign(ed25519.PrivateKey((*privateKey)[:]), message)
+	ret, out := sliceForAppend(out, Overhead+len(message))
+	if subtle.AnyOverlap(out, message) {
+		panic("nacl: invalid buffer overlap")
+	}
+	copy(out, sig)
+	copy(out[Overhead:], message)
+	return ret
+}
+
+// Open verifies a signed message produced by Sign and appends the message to
+// out, which must not overlap the signed message. The output will be Overhead
+// bytes smaller than the signed message.
+func Open(out, signedMessage []byte, publicKey *[32]byte) ([]byte, bool) {
+	if len(signedMessage) < Overhead {
+		return nil, false
+	}
+	if !ed25519.Verify(ed25519.PublicKey((*publicKey)[:]), signedMessage[Overhead:], signedMessage[:Overhead]) {
+		return nil, false
+	}
+	ret, out := sliceForAppend(out, len(signedMessage)-Overhead)
+	if subtle.AnyOverlap(out, signedMessage) {
+		panic("nacl: invalid buffer overlap")
+	}
+	copy(out, signedMessage[Overhead:])
+	return ret, true
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return
+}
diff --git a/vendor/golang.org/x/crypto/ocsp/ocsp.go b/vendor/golang.org/x/crypto/ocsp/ocsp.go
index 5edc9c97c2034..9d3fffa8fedd0 100644
--- a/vendor/golang.org/x/crypto/ocsp/ocsp.go
+++ b/vendor/golang.org/x/crypto/ocsp/ocsp.go
@@ -63,7 +63,7 @@ func (r ResponseStatus) String() string {
 }
 
 // ResponseError is an error that may be returned by ParseResponse to indicate
-// that the response itself is an error, not just that its indicating that a
+// that the response itself is an error, not just that it's indicating that a
 // certificate is revoked, unknown, etc.
 type ResponseError struct {
 	Status ResponseStatus
@@ -445,10 +445,18 @@ func ParseRequest(bytes []byte) (*Request, error) {
 	}, nil
 }
 
-// ParseResponse parses an OCSP response in DER form. It only supports
-// responses for a single certificate. If the response contains a certificate
-// then the signature over the response is checked. If issuer is not nil then
-// it will be used to validate the signature or embedded certificate.
+// ParseResponse parses an OCSP response in DER form. The response must contain
+// only one certificate status. To parse the status of a specific certificate
+// from a response which may contain multiple statuses, use ParseResponseForCert
+// instead.
+//
+// If the response contains an embedded certificate, then that certificate will
+// be used to verify the response signature. If the response contains an
+// embedded certificate and issuer is not nil, then issuer will be used to verify
+// the signature on the embedded certificate.
+//
+// If the response does not contain an embedded certificate and issuer is not
+// nil, then issuer will be used to verify the response signature.
 //
 // Invalid responses and parse failures will result in a ParseError.
 // Error responses will result in a ResponseError.
@@ -456,14 +464,11 @@ func ParseResponse(bytes []byte, issuer *x509.Certificate) (*Response, error) {
 	return ParseResponseForCert(bytes, nil, issuer)
 }
 
-// ParseResponseForCert parses an OCSP response in DER form and searches for a
-// Response relating to cert. If such a Response is found and the OCSP response
-// contains a certificate then the signature over the response is checked. If
-// issuer is not nil then it will be used to validate the signature or embedded
-// certificate.
-//
-// Invalid responses and parse failures will result in a ParseError.
-// Error responses will result in a ResponseError.
+// ParseResponseForCert acts identically to ParseResponse, except it supports
+// parsing responses that contain multiple statuses. If the response contains
+// multiple statuses and cert is not nil, then ParseResponseForCert will return
+// the first status which contains a matching serial, otherwise it will return an
+// error. If cert is nil, then the first status in the response will be returned.
 func ParseResponseForCert(bytes []byte, cert, issuer *x509.Certificate) (*Response, error) {
 	var resp responseASN1
 	rest, err := asn1.Unmarshal(bytes, &resp)
@@ -487,6 +492,9 @@ func ParseResponseForCert(bytes []byte, cert, issuer *x509.Certificate) (*Respon
 	if err != nil {
 		return nil, err
 	}
+	if len(rest) > 0 {
+		return nil, ParseError("trailing data in OCSP response")
+	}
 
 	if n := len(basicResp.TBSResponseData.Responses); n == 0 || cert == nil && n > 1 {
 		return nil, ParseError("OCSP response contains bad number of responses")
diff --git a/vendor/golang.org/x/crypto/otr/otr.go b/vendor/golang.org/x/crypto/otr/otr.go
index 173b753dbd34f..29121e9bb653a 100644
--- a/vendor/golang.org/x/crypto/otr/otr.go
+++ b/vendor/golang.org/x/crypto/otr/otr.go
@@ -4,6 +4,10 @@
 
 // Package otr implements the Off The Record protocol as specified in
 // http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
+//
+// The version of OTR implemented by this package has been deprecated
+// (https://bugs.otr.im/lib/libotr/issues/140). An implementation of OTRv3 is
+// available at https://github.com/coyim/otr3.
 package otr // import "golang.org/x/crypto/otr"
 
 import (
@@ -637,7 +641,7 @@ func (c *Conversation) serializeDHKey() []byte {
 }
 
 func (c *Conversation) processDHKey(in []byte) (isSame bool, err error) {
-	gy, in, ok := getMPI(in)
+	gy, _, ok := getMPI(in)
 	if !ok {
 		err = errors.New("otr: corrupt DH key message")
 		return
diff --git a/vendor/golang.org/x/crypto/pkcs12/pkcs12.go b/vendor/golang.org/x/crypto/pkcs12/pkcs12.go
index eff9ad3a98f84..3a89bdb3e393b 100644
--- a/vendor/golang.org/x/crypto/pkcs12/pkcs12.go
+++ b/vendor/golang.org/x/crypto/pkcs12/pkcs12.go
@@ -7,6 +7,9 @@
 // This implementation is distilled from https://tools.ietf.org/html/rfc7292
 // and referenced documents. It is intended for decoding P12/PFX-stored
 // certificates and keys for use with the crypto/tls package.
+//
+// This package is frozen. If it's missing functionality you need, consider
+// an alternative like software.sslmate.com/src/go-pkcs12.
 package pkcs12
 
 import (
@@ -27,6 +30,8 @@ var (
 	oidFriendlyName     = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 20})
 	oidLocalKeyID       = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 21})
 	oidMicrosoftCSPName = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 311, 17, 1})
+
+	errUnknownAttributeOID = errors.New("pkcs12: unknown attribute OID")
 )
 
 type pfxPdu struct {
@@ -100,7 +105,12 @@ func unmarshal(in []byte, out interface{}) error {
 	return nil
 }
 
-// ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.
+// ToPEM converts all "safe bags" contained in pfxData to PEM blocks.
+// Unknown attributes are discarded.
+//
+// Note that although the returned PEM blocks for private keys have type
+// "PRIVATE KEY", the bytes are not encoded according to PKCS #8, but according
+// to PKCS #1 for RSA keys and SEC 1 for ECDSA keys.
 func ToPEM(pfxData []byte, password string) ([]*pem.Block, error) {
 	encodedPassword, err := bmpString(password)
 	if err != nil {
@@ -132,6 +142,9 @@ func convertBag(bag *safeBag, password []byte) (*pem.Block, error) {
 
 	for _, attribute := range bag.Attributes {
 		k, v, err := convertAttribute(&attribute)
+		if err == errUnknownAttributeOID {
+			continue
+		}
 		if err != nil {
 			return nil, err
 		}
@@ -185,7 +198,7 @@ func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error)
 		key = "Microsoft CSP Name"
 		isString = true
 	default:
-		return "", "", errors.New("pkcs12: unknown attribute with OID " + attribute.Id.String())
+		return "", "", errUnknownAttributeOID
 	}
 
 	if isString {
@@ -208,7 +221,7 @@ func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error)
 
 // Decode extracts a certificate and private key from pfxData. This function
 // assumes that there is only one certificate and only one private key in the
-// pfxData.
+// pfxData; if there are more use ToPEM instead.
 func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error) {
 	encodedPassword, err := bmpString(password)
 	if err != nil {
@@ -249,6 +262,7 @@ func Decode(pfxData []byte, password string) (privateKey interface{}, certificat
 		case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
 			if privateKey != nil {
 				err = errors.New("pkcs12: expected exactly one key bag")
+				return nil, nil, err
 			}
 
 			if privateKey, err = decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword); err != nil {
diff --git a/vendor/golang.org/x/crypto/poly1305/bits_compat.go b/vendor/golang.org/x/crypto/poly1305/bits_compat.go
new file mode 100644
index 0000000000000..45b5c966b2be3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/bits_compat.go
@@ -0,0 +1,40 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.13
+// +build !go1.13
+
+package poly1305
+
+// Generic fallbacks for the math/bits intrinsics, copied from
+// src/math/bits/bits.go. They were added in Go 1.12, but Add64 and Sum64 had
+// variable time fallbacks until Go 1.13.
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	sum = x + y + carry
+	carryOut = ((x & y) | ((x | y) &^ sum)) >> 63
+	return
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	diff = x - y - borrow
+	borrowOut = ((^x & y) | (^(x ^ y) & diff)) >> 63
+	return
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	const mask32 = 1<<32 - 1
+	x0 := x & mask32
+	x1 := x >> 32
+	y0 := y & mask32
+	y1 := y >> 32
+	w0 := x0 * y0
+	t := x1*y0 + w0>>32
+	w1 := t & mask32
+	w2 := t >> 32
+	w1 += x0 * y1
+	hi = x1*y1 + w2 + w1>>32
+	lo = x * y
+	return
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go b/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go
new file mode 100644
index 0000000000000..ed52b3418ab53
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.13
+// +build go1.13
+
+package poly1305
+
+import "math/bits"
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	return bits.Add64(x, y, carry)
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	return bits.Sub64(x, y, borrow)
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	return bits.Mul64(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
new file mode 100644
index 0000000000000..f184b67d98db2
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
@@ -0,0 +1,10 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!amd64 && !ppc64le && !s390x) || !gc || purego
+// +build !amd64,!ppc64le,!s390x !gc purego
+
+package poly1305
+
+type mac struct{ macGeneric }
diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go
index f562fa5712ba0..9d7a6af09feb4 100644
--- a/vendor/golang.org/x/crypto/poly1305/poly1305.go
+++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go
@@ -2,21 +2,19 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-/*
-Package poly1305 implements Poly1305 one-time message authentication code as
-specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
-
-Poly1305 is a fast, one-time authentication function. It is infeasible for an
-attacker to generate an authenticator for a message without the key. However, a
-key must only be used for a single message. Authenticating two different
-messages with the same key allows an attacker to forge authenticators for other
-messages with the same key.
-
-Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
-used with a fixed key in order to generate one-time keys from an nonce.
-However, in this package AES isn't used and the one-time key is specified
-directly.
-*/
+// Package poly1305 implements Poly1305 one-time message authentication code as
+// specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
+//
+// Poly1305 is a fast, one-time authentication function. It is infeasible for an
+// attacker to generate an authenticator for a message without the key. However, a
+// key must only be used for a single message. Authenticating two different
+// messages with the same key allows an attacker to forge authenticators for other
+// messages with the same key.
+//
+// Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
+// used with a fixed key in order to generate one-time keys from an nonce.
+// However, in this package AES isn't used and the one-time key is specified
+// directly.
 package poly1305 // import "golang.org/x/crypto/poly1305"
 
 import "crypto/subtle"
@@ -24,10 +22,78 @@ import "crypto/subtle"
 // TagSize is the size, in bytes, of a poly1305 authenticator.
 const TagSize = 16
 
-// Verify returns true if mac is a valid authenticator for m with the given
-// key.
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+	h := New(key)
+	h.Write(m)
+	h.Sum(out[:0])
+}
+
+// Verify returns true if mac is a valid authenticator for m with the given key.
 func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
 	var tmp [16]byte
 	Sum(&tmp, m, key)
 	return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
 }
+
+// New returns a new MAC computing an authentication
+// tag of all data written to it with the given key.
+// This allows writing the message progressively instead
+// of passing it as a single slice. Common users should use
+// the Sum function instead.
+//
+// The key must be unique for each message, as authenticating
+// two different messages with the same key allows an attacker
+// to forge messages at will.
+func New(key *[32]byte) *MAC {
+	m := &MAC{}
+	initialize(key, &m.macState)
+	return m
+}
+
+// MAC is an io.Writer computing an authentication tag
+// of the data written to it.
+//
+// MAC cannot be used like common hash.Hash implementations,
+// because using a poly1305 key twice breaks its security.
+// Therefore writing data to a running MAC after calling
+// Sum or Verify causes it to panic.
+type MAC struct {
+	mac // platform-dependent implementation
+
+	finalized bool
+}
+
+// Size returns the number of bytes Sum will return.
+func (h *MAC) Size() int { return TagSize }
+
+// Write adds more data to the running message authentication code.
+// It never returns an error.
+//
+// It must not be called after the first call of Sum or Verify.
+func (h *MAC) Write(p []byte) (n int, err error) {
+	if h.finalized {
+		panic("poly1305: write to MAC after Sum or Verify")
+	}
+	return h.mac.Write(p)
+}
+
+// Sum computes the authenticator of all data written to the
+// message authentication code.
+func (h *MAC) Sum(b []byte) []byte {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return append(b, mac[:]...)
+}
+
+// Verify returns whether the authenticator of all data written to
+// the message authentication code matches the expected value.
+func (h *MAC) Verify(expected []byte) bool {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return subtle.ConstantTimeCompare(expected, mac[:]) == 1
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
index 4dd72fe799b2d..6d522333f29e8 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
@@ -2,21 +2,47 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+//go:build gc && !purego
+// +build gc,!purego
 
 package poly1305
 
-// This function is implemented in sum_amd64.s
 //go:noescape
-func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+func update(state *macState, msg []byte)
 
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	var mPtr *byte
-	if len(m) > 0 {
-		mPtr = &m[0]
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		update(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[16]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		update(&state, h.buffer[:h.offset])
 	}
-	poly1305(out, mPtr, uint64(len(m)), key)
+	finalize(out, &state.h, &state.s)
 }
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
index 2edae63828a5f..2cb03731408c9 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+// +build gc,!purego
 
 #include "textflag.h"
 
@@ -54,24 +54,17 @@
 	ADCQ  t3, h1;                  \
 	ADCQ  $0, h2
 
-DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
-DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
-GLOBL ·poly1305Mask<>(SB), RODATA, $16
+// func update(state *[7]uint64, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVQ state+0(FP), DI
+	MOVQ msg_base+8(FP), SI
+	MOVQ msg_len+16(FP), R15
 
-// func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305(SB), $0-32
-	MOVQ out+0(FP), DI
-	MOVQ m+8(FP), SI
-	MOVQ mlen+16(FP), R15
-	MOVQ key+24(FP), AX
-
-	MOVQ 0(AX), R11
-	MOVQ 8(AX), R12
-	ANDQ ·poly1305Mask<>(SB), R11   // r0
-	ANDQ ·poly1305Mask<>+8(SB), R12 // r1
-	XORQ R8, R8                    // h0
-	XORQ R9, R9                    // h1
-	XORQ R10, R10                  // h2
+	MOVQ 0(DI), R8   // h0
+	MOVQ 8(DI), R9   // h1
+	MOVQ 16(DI), R10 // h2
+	MOVQ 24(DI), R11 // r0
+	MOVQ 32(DI), R12 // r1
 
 	CMPQ R15, $16
 	JB   bytes_between_0_and_15
@@ -109,17 +102,7 @@ flush_buffer:
 	JMP  multiply
 
 done:
-	MOVQ    R8, AX
-	MOVQ    R9, BX
-	SUBQ    $0xFFFFFFFFFFFFFFFB, AX
-	SBBQ    $0xFFFFFFFFFFFFFFFF, BX
-	SBBQ    $3, R10
-	CMOVQCS R8, AX
-	CMOVQCS R9, BX
-	MOVQ    key+24(FP), R8
-	ADDQ    16(R8), AX
-	ADCQ    24(R8), BX
-
-	MOVQ AX, 0(DI)
-	MOVQ BX, 8(DI)
+	MOVQ R8, 0(DI)
+	MOVQ R9, 8(DI)
+	MOVQ R10, 16(DI)
 	RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.go b/vendor/golang.org/x/crypto/poly1305/sum_arm.go
deleted file mode 100644
index 5dc321c2f39e6..0000000000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_arm.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build arm,!gccgo,!appengine,!nacl
-
-package poly1305
-
-// This function is implemented in sum_arm.s
-//go:noescape
-func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	var mPtr *byte
-	if len(m) > 0 {
-		mPtr = &m[0]
-	}
-	poly1305_auth_armv6(out, mPtr, uint32(len(m)), key)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.s b/vendor/golang.org/x/crypto/poly1305/sum_arm.s
deleted file mode 100644
index f70b4ac484518..0000000000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_arm.s
+++ /dev/null
@@ -1,427 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build arm,!gccgo,!appengine,!nacl
-
-#include "textflag.h"
-
-// This code was translated into a form compatible with 5a from the public
-// domain source by Andrew Moon: github.com/floodyberry/poly1305-opt/blob/master/app/extensions/poly1305.
-
-DATA ·poly1305_init_constants_armv6<>+0x00(SB)/4, $0x3ffffff
-DATA ·poly1305_init_constants_armv6<>+0x04(SB)/4, $0x3ffff03
-DATA ·poly1305_init_constants_armv6<>+0x08(SB)/4, $0x3ffc0ff
-DATA ·poly1305_init_constants_armv6<>+0x0c(SB)/4, $0x3f03fff
-DATA ·poly1305_init_constants_armv6<>+0x10(SB)/4, $0x00fffff
-GLOBL ·poly1305_init_constants_armv6<>(SB), 8, $20
-
-// Warning: the linker may use R11 to synthesize certain instructions. Please
-// take care and verify that no synthetic instructions use it.
-
-TEXT poly1305_init_ext_armv6<>(SB), NOSPLIT, $0
-	// Needs 16 bytes of stack and 64 bytes of space pointed to by R0.  (It
-	// might look like it's only 60 bytes of space but the final four bytes
-	// will be written by another function.) We need to skip over four
-	// bytes of stack because that's saving the value of 'g'.
-	ADD       $4, R13, R8
-	MOVM.IB   [R4-R7], (R8)
-	MOVM.IA.W (R1), [R2-R5]
-	MOVW      $·poly1305_init_constants_armv6<>(SB), R7
-	MOVW      R2, R8
-	MOVW      R2>>26, R9
-	MOVW      R3>>20, g
-	MOVW      R4>>14, R11
-	MOVW      R5>>8, R12
-	ORR       R3<<6, R9, R9
-	ORR       R4<<12, g, g
-	ORR       R5<<18, R11, R11
-	MOVM.IA   (R7), [R2-R6]
-	AND       R8, R2, R2
-	AND       R9, R3, R3
-	AND       g, R4, R4
-	AND       R11, R5, R5
-	AND       R12, R6, R6
-	MOVM.IA.W [R2-R6], (R0)
-	EOR       R2, R2, R2
-	EOR       R3, R3, R3
-	EOR       R4, R4, R4
-	EOR       R5, R5, R5
-	EOR       R6, R6, R6
-	MOVM.IA.W [R2-R6], (R0)
-	MOVM.IA.W (R1), [R2-R5]
-	MOVM.IA   [R2-R6], (R0)
-	ADD       $20, R13, R0
-	MOVM.DA   (R0), [R4-R7]
-	RET
-
-#define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \
-	MOVBU (offset+0)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+0)(Rdst); \
-	MOVBU (offset+1)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+1)(Rdst); \
-	MOVBU (offset+2)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+2)(Rdst); \
-	MOVBU (offset+3)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+3)(Rdst)
-
-TEXT poly1305_blocks_armv6<>(SB), NOSPLIT, $0
-	// Needs 24 bytes of stack for saved registers and then 88 bytes of
-	// scratch space after that. We assume that 24 bytes at (R13) have
-	// already been used: four bytes for the link register saved in the
-	// prelude of poly1305_auth_armv6, four bytes for saving the value of g
-	// in that function and 16 bytes of scratch space used around
-	// poly1305_finish_ext_armv6_skip1.
-	ADD     $24, R13, R12
-	MOVM.IB [R4-R8, R14], (R12)
-	MOVW    R0, 88(R13)
-	MOVW    R1, 92(R13)
-	MOVW    R2, 96(R13)
-	MOVW    R1, R14
-	MOVW    R2, R12
-	MOVW    56(R0), R8
-	WORD    $0xe1180008                // TST R8, R8 not working see issue 5921
-	EOR     R6, R6, R6
-	MOVW.EQ $(1<<24), R6
-	MOVW    R6, 84(R13)
-	ADD     $116, R13, g
-	MOVM.IA (R0), [R0-R9]
-	MOVM.IA [R0-R4], (g)
-	CMP     $16, R12
-	BLO     poly1305_blocks_armv6_done
-
-poly1305_blocks_armv6_mainloop:
-	WORD    $0xe31e0003                            // TST R14, #3 not working see issue 5921
-	BEQ     poly1305_blocks_armv6_mainloop_aligned
-	ADD     $100, R13, g
-	MOVW_UNALIGNED(R14, g, R0, 0)
-	MOVW_UNALIGNED(R14, g, R0, 4)
-	MOVW_UNALIGNED(R14, g, R0, 8)
-	MOVW_UNALIGNED(R14, g, R0, 12)
-	MOVM.IA (g), [R0-R3]
-	ADD     $16, R14
-	B       poly1305_blocks_armv6_mainloop_loaded
-
-poly1305_blocks_armv6_mainloop_aligned:
-	MOVM.IA.W (R14), [R0-R3]
-
-poly1305_blocks_armv6_mainloop_loaded:
-	MOVW    R0>>26, g
-	MOVW    R1>>20, R11
-	MOVW    R2>>14, R12
-	MOVW    R14, 92(R13)
-	MOVW    R3>>8, R4
-	ORR     R1<<6, g, g
-	ORR     R2<<12, R11, R11
-	ORR     R3<<18, R12, R12
-	BIC     $0xfc000000, R0, R0
-	BIC     $0xfc000000, g, g
-	MOVW    84(R13), R3
-	BIC     $0xfc000000, R11, R11
-	BIC     $0xfc000000, R12, R12
-	ADD     R0, R5, R5
-	ADD     g, R6, R6
-	ORR     R3, R4, R4
-	ADD     R11, R7, R7
-	ADD     $116, R13, R14
-	ADD     R12, R8, R8
-	ADD     R4, R9, R9
-	MOVM.IA (R14), [R0-R4]
-	MULLU   R4, R5, (R11, g)
-	MULLU   R3, R5, (R14, R12)
-	MULALU  R3, R6, (R11, g)
-	MULALU  R2, R6, (R14, R12)
-	MULALU  R2, R7, (R11, g)
-	MULALU  R1, R7, (R14, R12)
-	ADD     R4<<2, R4, R4
-	ADD     R3<<2, R3, R3
-	MULALU  R1, R8, (R11, g)
-	MULALU  R0, R8, (R14, R12)
-	MULALU  R0, R9, (R11, g)
-	MULALU  R4, R9, (R14, R12)
-	MOVW    g, 76(R13)
-	MOVW    R11, 80(R13)
-	MOVW    R12, 68(R13)
-	MOVW    R14, 72(R13)
-	MULLU   R2, R5, (R11, g)
-	MULLU   R1, R5, (R14, R12)
-	MULALU  R1, R6, (R11, g)
-	MULALU  R0, R6, (R14, R12)
-	MULALU  R0, R7, (R11, g)
-	MULALU  R4, R7, (R14, R12)
-	ADD     R2<<2, R2, R2
-	ADD     R1<<2, R1, R1
-	MULALU  R4, R8, (R11, g)
-	MULALU  R3, R8, (R14, R12)
-	MULALU  R3, R9, (R11, g)
-	MULALU  R2, R9, (R14, R12)
-	MOVW    g, 60(R13)
-	MOVW    R11, 64(R13)
-	MOVW    R12, 52(R13)
-	MOVW    R14, 56(R13)
-	MULLU   R0, R5, (R11, g)
-	MULALU  R4, R6, (R11, g)
-	MULALU  R3, R7, (R11, g)
-	MULALU  R2, R8, (R11, g)
-	MULALU  R1, R9, (R11, g)
-	ADD     $52, R13, R0
-	MOVM.IA (R0), [R0-R7]
-	MOVW    g>>26, R12
-	MOVW    R4>>26, R14
-	ORR     R11<<6, R12, R12
-	ORR     R5<<6, R14, R14
-	BIC     $0xfc000000, g, g
-	BIC     $0xfc000000, R4, R4
-	ADD.S   R12, R0, R0
-	ADC     $0, R1, R1
-	ADD.S   R14, R6, R6
-	ADC     $0, R7, R7
-	MOVW    R0>>26, R12
-	MOVW    R6>>26, R14
-	ORR     R1<<6, R12, R12
-	ORR     R7<<6, R14, R14
-	BIC     $0xfc000000, R0, R0
-	BIC     $0xfc000000, R6, R6
-	ADD     R14<<2, R14, R14
-	ADD.S   R12, R2, R2
-	ADC     $0, R3, R3
-	ADD     R14, g, g
-	MOVW    R2>>26, R12
-	MOVW    g>>26, R14
-	ORR     R3<<6, R12, R12
-	BIC     $0xfc000000, g, R5
-	BIC     $0xfc000000, R2, R7
-	ADD     R12, R4, R4
-	ADD     R14, R0, R0
-	MOVW    R4>>26, R12
-	BIC     $0xfc000000, R4, R8
-	ADD     R12, R6, R9
-	MOVW    96(R13), R12
-	MOVW    92(R13), R14
-	MOVW    R0, R6
-	CMP     $32, R12
-	SUB     $16, R12, R12
-	MOVW    R12, 96(R13)
-	BHS     poly1305_blocks_armv6_mainloop
-
-poly1305_blocks_armv6_done:
-	MOVW    88(R13), R12
-	MOVW    R5, 20(R12)
-	MOVW    R6, 24(R12)
-	MOVW    R7, 28(R12)
-	MOVW    R8, 32(R12)
-	MOVW    R9, 36(R12)
-	ADD     $48, R13, R0
-	MOVM.DA (R0), [R4-R8, R14]
-	RET
-
-#define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \
-	MOVBU.P 1(Rsrc), Rtmp; \
-	MOVBU.P Rtmp, 1(Rdst); \
-	MOVBU.P 1(Rsrc), Rtmp; \
-	MOVBU.P Rtmp, 1(Rdst)
-
-#define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \
-	MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \
-	MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp)
-
-// func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]key)
-TEXT ·poly1305_auth_armv6(SB), $196-16
-	// The value 196, just above, is the sum of 64 (the size of the context
-	// structure) and 132 (the amount of stack needed).
-	//
-	// At this point, the stack pointer (R13) has been moved down. It
-	// points to the saved link register and there's 196 bytes of free
-	// space above it.
-	//
-	// The stack for this function looks like:
-	//
-	// +---------------------
-	// |
-	// | 64 bytes of context structure
-	// |
-	// +---------------------
-	// |
-	// | 112 bytes for poly1305_blocks_armv6
-	// |
-	// +---------------------
-	// | 16 bytes of final block, constructed at
-	// | poly1305_finish_ext_armv6_skip8
-	// +---------------------
-	// | four bytes of saved 'g'
-	// +---------------------
-	// | lr, saved by prelude    <- R13 points here
-	// +---------------------
-	MOVW g, 4(R13)
-
-	MOVW out+0(FP), R4
-	MOVW m+4(FP), R5
-	MOVW mlen+8(FP), R6
-	MOVW key+12(FP), R7
-
-	ADD  $136, R13, R0 // 136 = 4 + 4 + 16 + 112
-	MOVW R7, R1
-
-	// poly1305_init_ext_armv6 will write to the stack from R13+4, but
-	// that's ok because none of the other values have been written yet.
-	BL    poly1305_init_ext_armv6<>(SB)
-	BIC.S $15, R6, R2
-	BEQ   poly1305_auth_armv6_noblocks
-	ADD   $136, R13, R0
-	MOVW  R5, R1
-	ADD   R2, R5, R5
-	SUB   R2, R6, R6
-	BL    poly1305_blocks_armv6<>(SB)
-
-poly1305_auth_armv6_noblocks:
-	ADD  $136, R13, R0
-	MOVW R5, R1
-	MOVW R6, R2
-	MOVW R4, R3
-
-	MOVW  R0, R5
-	MOVW  R1, R6
-	MOVW  R2, R7
-	MOVW  R3, R8
-	AND.S R2, R2, R2
-	BEQ   poly1305_finish_ext_armv6_noremaining
-	EOR   R0, R0
-	ADD   $8, R13, R9                           // 8 = offset to 16 byte scratch space
-	MOVW  R0, (R9)
-	MOVW  R0, 4(R9)
-	MOVW  R0, 8(R9)
-	MOVW  R0, 12(R9)
-	WORD  $0xe3110003                           // TST R1, #3 not working see issue 5921
-	BEQ   poly1305_finish_ext_armv6_aligned
-	WORD  $0xe3120008                           // TST R2, #8 not working see issue 5921
-	BEQ   poly1305_finish_ext_armv6_skip8
-	MOVWP_UNALIGNED(R1, R9, g)
-	MOVWP_UNALIGNED(R1, R9, g)
-
-poly1305_finish_ext_armv6_skip8:
-	WORD $0xe3120004                     // TST $4, R2 not working see issue 5921
-	BEQ  poly1305_finish_ext_armv6_skip4
-	MOVWP_UNALIGNED(R1, R9, g)
-
-poly1305_finish_ext_armv6_skip4:
-	WORD $0xe3120002                     // TST $2, R2 not working see issue 5921
-	BEQ  poly1305_finish_ext_armv6_skip2
-	MOVHUP_UNALIGNED(R1, R9, g)
-	B    poly1305_finish_ext_armv6_skip2
-
-poly1305_finish_ext_armv6_aligned:
-	WORD      $0xe3120008                             // TST R2, #8 not working see issue 5921
-	BEQ       poly1305_finish_ext_armv6_skip8_aligned
-	MOVM.IA.W (R1), [g-R11]
-	MOVM.IA.W [g-R11], (R9)
-
-poly1305_finish_ext_armv6_skip8_aligned:
-	WORD   $0xe3120004                             // TST $4, R2 not working see issue 5921
-	BEQ    poly1305_finish_ext_armv6_skip4_aligned
-	MOVW.P 4(R1), g
-	MOVW.P g, 4(R9)
-
-poly1305_finish_ext_armv6_skip4_aligned:
-	WORD    $0xe3120002                     // TST $2, R2 not working see issue 5921
-	BEQ     poly1305_finish_ext_armv6_skip2
-	MOVHU.P 2(R1), g
-	MOVH.P  g, 2(R9)
-
-poly1305_finish_ext_armv6_skip2:
-	WORD    $0xe3120001                     // TST $1, R2 not working see issue 5921
-	BEQ     poly1305_finish_ext_armv6_skip1
-	MOVBU.P 1(R1), g
-	MOVBU.P g, 1(R9)
-
-poly1305_finish_ext_armv6_skip1:
-	MOVW  $1, R11
-	MOVBU R11, 0(R9)
-	MOVW  R11, 56(R5)
-	MOVW  R5, R0
-	ADD   $8, R13, R1
-	MOVW  $16, R2
-	BL    poly1305_blocks_armv6<>(SB)
-
-poly1305_finish_ext_armv6_noremaining:
-	MOVW      20(R5), R0
-	MOVW      24(R5), R1
-	MOVW      28(R5), R2
-	MOVW      32(R5), R3
-	MOVW      36(R5), R4
-	MOVW      R4>>26, R12
-	BIC       $0xfc000000, R4, R4
-	ADD       R12<<2, R12, R12
-	ADD       R12, R0, R0
-	MOVW      R0>>26, R12
-	BIC       $0xfc000000, R0, R0
-	ADD       R12, R1, R1
-	MOVW      R1>>26, R12
-	BIC       $0xfc000000, R1, R1
-	ADD       R12, R2, R2
-	MOVW      R2>>26, R12
-	BIC       $0xfc000000, R2, R2
-	ADD       R12, R3, R3
-	MOVW      R3>>26, R12
-	BIC       $0xfc000000, R3, R3
-	ADD       R12, R4, R4
-	ADD       $5, R0, R6
-	MOVW      R6>>26, R12
-	BIC       $0xfc000000, R6, R6
-	ADD       R12, R1, R7
-	MOVW      R7>>26, R12
-	BIC       $0xfc000000, R7, R7
-	ADD       R12, R2, g
-	MOVW      g>>26, R12
-	BIC       $0xfc000000, g, g
-	ADD       R12, R3, R11
-	MOVW      $-(1<<26), R12
-	ADD       R11>>26, R12, R12
-	BIC       $0xfc000000, R11, R11
-	ADD       R12, R4, R9
-	MOVW      R9>>31, R12
-	SUB       $1, R12
-	AND       R12, R6, R6
-	AND       R12, R7, R7
-	AND       R12, g, g
-	AND       R12, R11, R11
-	AND       R12, R9, R9
-	MVN       R12, R12
-	AND       R12, R0, R0
-	AND       R12, R1, R1
-	AND       R12, R2, R2
-	AND       R12, R3, R3
-	AND       R12, R4, R4
-	ORR       R6, R0, R0
-	ORR       R7, R1, R1
-	ORR       g, R2, R2
-	ORR       R11, R3, R3
-	ORR       R9, R4, R4
-	ORR       R1<<26, R0, R0
-	MOVW      R1>>6, R1
-	ORR       R2<<20, R1, R1
-	MOVW      R2>>12, R2
-	ORR       R3<<14, R2, R2
-	MOVW      R3>>18, R3
-	ORR       R4<<8, R3, R3
-	MOVW      40(R5), R6
-	MOVW      44(R5), R7
-	MOVW      48(R5), g
-	MOVW      52(R5), R11
-	ADD.S     R6, R0, R0
-	ADC.S     R7, R1, R1
-	ADC.S     g, R2, R2
-	ADC.S     R11, R3, R3
-	MOVM.IA   [R0-R3], (R8)
-	MOVW      R5, R12
-	EOR       R0, R0, R0
-	EOR       R1, R1, R1
-	EOR       R2, R2, R2
-	EOR       R3, R3, R3
-	EOR       R4, R4, R4
-	EOR       R5, R5, R5
-	EOR       R6, R6, R6
-	EOR       R7, R7, R7
-	MOVM.IA.W [R0-R7], (R12)
-	MOVM.IA   [R0-R7], (R12)
-	MOVW      4(R13), g
-	RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_generic.go b/vendor/golang.org/x/crypto/poly1305/sum_generic.go
new file mode 100644
index 0000000000000..c942a65904fa9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_generic.go
@@ -0,0 +1,310 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file provides the generic implementation of Sum and MAC. Other files
+// might provide optimized assembly implementations of some of this code.
+
+package poly1305
+
+import "encoding/binary"
+
+// Poly1305 [RFC 7539] is a relatively simple algorithm: the authentication tag
+// for a 64 bytes message is approximately
+//
+//     s + m[0:16] * r⁴ + m[16:32] * r³ + m[32:48] * r² + m[48:64] * r  mod  2¹³⁰ - 5
+//
+// for some secret r and s. It can be computed sequentially like
+//
+//     for len(msg) > 0:
+//         h += read(msg, 16)
+//         h *= r
+//         h %= 2¹³⁰ - 5
+//     return h + s
+//
+// All the complexity is about doing performant constant-time math on numbers
+// larger than any available numeric type.
+
+func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
+	h := newMACGeneric(key)
+	h.Write(msg)
+	h.Sum(out)
+}
+
+func newMACGeneric(key *[32]byte) macGeneric {
+	m := macGeneric{}
+	initialize(key, &m.macState)
+	return m
+}
+
+// macState holds numbers in saturated 64-bit little-endian limbs. That is,
+// the value of [x0, x1, x2] is x[0] + x[1] * 2⁶⁴ + x[2] * 2¹²⁸.
+type macState struct {
+	// h is the main accumulator. It is to be interpreted modulo 2¹³⁰ - 5, but
+	// can grow larger during and after rounds. It must, however, remain below
+	// 2 * (2¹³⁰ - 5).
+	h [3]uint64
+	// r and s are the private key components.
+	r [2]uint64
+	s [2]uint64
+}
+
+type macGeneric struct {
+	macState
+
+	buffer [TagSize]byte
+	offset int
+}
+
+// Write splits the incoming message into TagSize chunks, and passes them to
+// update. It buffers incomplete chunks.
+func (h *macGeneric) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		updateGeneric(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		updateGeneric(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+// Sum flushes the last incomplete chunk from the buffer, if any, and generates
+// the MAC output. It does not modify its state, in order to allow for multiple
+// calls to Sum, even if no Write is allowed after Sum.
+func (h *macGeneric) Sum(out *[TagSize]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		updateGeneric(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
+
+// [rMask0, rMask1] is the specified Poly1305 clamping mask in little-endian. It
+// clears some bits of the secret coefficient to make it possible to implement
+// multiplication more efficiently.
+const (
+	rMask0 = 0x0FFFFFFC0FFFFFFF
+	rMask1 = 0x0FFFFFFC0FFFFFFC
+)
+
+// initialize loads the 256-bit key into the two 128-bit secret values r and s.
+func initialize(key *[32]byte, m *macState) {
+	m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
+	m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
+	m.s[0] = binary.LittleEndian.Uint64(key[16:24])
+	m.s[1] = binary.LittleEndian.Uint64(key[24:32])
+}
+
+// uint128 holds a 128-bit number as two 64-bit limbs, for use with the
+// bits.Mul64 and bits.Add64 intrinsics.
+type uint128 struct {
+	lo, hi uint64
+}
+
+func mul64(a, b uint64) uint128 {
+	hi, lo := bitsMul64(a, b)
+	return uint128{lo, hi}
+}
+
+func add128(a, b uint128) uint128 {
+	lo, c := bitsAdd64(a.lo, b.lo, 0)
+	hi, c := bitsAdd64(a.hi, b.hi, c)
+	if c != 0 {
+		panic("poly1305: unexpected overflow")
+	}
+	return uint128{lo, hi}
+}
+
+func shiftRightBy2(a uint128) uint128 {
+	a.lo = a.lo>>2 | (a.hi&3)<<62
+	a.hi = a.hi >> 2
+	return a
+}
+
+// updateGeneric absorbs msg into the state.h accumulator. For each chunk m of
+// 128 bits of message, it computes
+//
+//     h₊ = (h + m) * r  mod  2¹³⁰ - 5
+//
+// If the msg length is not a multiple of TagSize, it assumes the last
+// incomplete chunk is the final one.
+func updateGeneric(state *macState, msg []byte) {
+	h0, h1, h2 := state.h[0], state.h[1], state.h[2]
+	r0, r1 := state.r[0], state.r[1]
+
+	for len(msg) > 0 {
+		var c uint64
+
+		// For the first step, h + m, we use a chain of bits.Add64 intrinsics.
+		// The resulting value of h might exceed 2¹³⁰ - 5, but will be partially
+		// reduced at the end of the multiplication below.
+		//
+		// The spec requires us to set a bit just above the message size, not to
+		// hide leading zeroes. For full chunks, that's 1 << 128, so we can just
+		// add 1 to the most significant (2¹²⁸) limb, h2.
+		if len(msg) >= TagSize {
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(msg[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(msg[8:16]), c)
+			h2 += c + 1
+
+			msg = msg[TagSize:]
+		} else {
+			var buf [TagSize]byte
+			copy(buf[:], msg)
+			buf[len(msg)] = 1
+
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(buf[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(buf[8:16]), c)
+			h2 += c
+
+			msg = nil
+		}
+
+		// Multiplication of big number limbs is similar to elementary school
+		// columnar multiplication. Instead of digits, there are 64-bit limbs.
+		//
+		// We are multiplying a 3 limbs number, h, by a 2 limbs number, r.
+		//
+		//                        h2    h1    h0  x
+		//                              r1    r0  =
+		//                       ----------------
+		//                      h2r0  h1r0  h0r0     <-- individual 128-bit products
+		//            +   h2r1  h1r1  h0r1
+		//               ------------------------
+		//                 m3    m2    m1    m0      <-- result in 128-bit overlapping limbs
+		//               ------------------------
+		//         m3.hi m2.hi m1.hi m0.hi           <-- carry propagation
+		//     +         m3.lo m2.lo m1.lo m0.lo
+		//        -------------------------------
+		//           t4    t3    t2    t1    t0      <-- final result in 64-bit limbs
+		//
+		// The main difference from pen-and-paper multiplication is that we do
+		// carry propagation in a separate step, as if we wrote two digit sums
+		// at first (the 128-bit limbs), and then carried the tens all at once.
+
+		h0r0 := mul64(h0, r0)
+		h1r0 := mul64(h1, r0)
+		h2r0 := mul64(h2, r0)
+		h0r1 := mul64(h0, r1)
+		h1r1 := mul64(h1, r1)
+		h2r1 := mul64(h2, r1)
+
+		// Since h2 is known to be at most 7 (5 + 1 + 1), and r0 and r1 have their
+		// top 4 bits cleared by rMask{0,1}, we know that their product is not going
+		// to overflow 64 bits, so we can ignore the high part of the products.
+		//
+		// This also means that the product doesn't have a fifth limb (t4).
+		if h2r0.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+		if h2r1.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+
+		m0 := h0r0
+		m1 := add128(h1r0, h0r1) // These two additions don't overflow thanks again
+		m2 := add128(h2r0, h1r1) // to the 4 masked bits at the top of r0 and r1.
+		m3 := h2r1
+
+		t0 := m0.lo
+		t1, c := bitsAdd64(m1.lo, m0.hi, 0)
+		t2, c := bitsAdd64(m2.lo, m1.hi, c)
+		t3, _ := bitsAdd64(m3.lo, m2.hi, c)
+
+		// Now we have the result as 4 64-bit limbs, and we need to reduce it
+		// modulo 2¹³⁰ - 5. The special shape of this Crandall prime lets us do
+		// a cheap partial reduction according to the reduction identity
+		//
+		//     c * 2¹³⁰ + n  =  c * 5 + n  mod  2¹³⁰ - 5
+		//
+		// because 2¹³⁰ = 5 mod 2¹³⁰ - 5. Partial reduction since the result is
+		// likely to be larger than 2¹³⁰ - 5, but still small enough to fit the
+		// assumptions we make about h in the rest of the code.
+		//
+		// See also https://speakerdeck.com/gtank/engineering-prime-numbers?slide=23
+
+		// We split the final result at the 2¹³⁰ mark into h and cc, the carry.
+		// Note that the carry bits are effectively shifted left by 2, in other
+		// words, cc = c * 4 for the c in the reduction identity.
+		h0, h1, h2 = t0, t1, t2&maskLow2Bits
+		cc := uint128{t2 & maskNotLow2Bits, t3}
+
+		// To add c * 5 to h, we first add cc = c * 4, and then add (cc >> 2) = c.
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		cc = shiftRightBy2(cc)
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		// h2 is at most 3 + 1 + 1 = 5, making the whole of h at most
+		//
+		//     5 * 2¹²⁸ + (2¹²⁸ - 1) = 6 * 2¹²⁸ - 1
+	}
+
+	state.h[0], state.h[1], state.h[2] = h0, h1, h2
+}
+
+const (
+	maskLow2Bits    uint64 = 0x0000000000000003
+	maskNotLow2Bits uint64 = ^maskLow2Bits
+)
+
+// select64 returns x if v == 1 and y if v == 0, in constant time.
+func select64(v, x, y uint64) uint64 { return ^(v-1)&x | (v-1)&y }
+
+// [p0, p1, p2] is 2¹³⁰ - 5 in little endian order.
+const (
+	p0 = 0xFFFFFFFFFFFFFFFB
+	p1 = 0xFFFFFFFFFFFFFFFF
+	p2 = 0x0000000000000003
+)
+
+// finalize completes the modular reduction of h and computes
+//
+//     out = h + s  mod  2¹²⁸
+//
+func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
+	h0, h1, h2 := h[0], h[1], h[2]
+
+	// After the partial reduction in updateGeneric, h might be more than
+	// 2¹³⁰ - 5, but will be less than 2 * (2¹³⁰ - 5). To complete the reduction
+	// in constant time, we compute t = h - (2¹³⁰ - 5), and select h as the
+	// result if the subtraction underflows, and t otherwise.
+
+	hMinusP0, b := bitsSub64(h0, p0, 0)
+	hMinusP1, b := bitsSub64(h1, p1, b)
+	_, b = bitsSub64(h2, p2, b)
+
+	// h = h if h < p else h - p
+	h0 = select64(b, h0, hMinusP0)
+	h1 = select64(b, h1, hMinusP1)
+
+	// Finally, we compute the last Poly1305 step
+	//
+	//     tag = h + s  mod  2¹²⁸
+	//
+	// by just doing a wide addition with the 128 low bits of h and discarding
+	// the overflow.
+	h0, c := bitsAdd64(h0, s[0], 0)
+	h1, _ = bitsAdd64(h1, s[1], c)
+
+	binary.LittleEndian.PutUint64(out[0:8], h0)
+	binary.LittleEndian.PutUint64(out[8:16], h1)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
deleted file mode 100644
index 751eec52743ce..0000000000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,!go1.11 !arm,!amd64,!s390x gccgo appengine nacl
-
-package poly1305
-
-// Sum generates an authenticator for msg using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
-	sumGeneric(out, msg, key)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
new file mode 100644
index 0000000000000..4a069941a6ef9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
@@ -0,0 +1,48 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+//go:noescape
+func update(state *macState, msg []byte)
+
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		update(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[16]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		update(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
new file mode 100644
index 0000000000000..5cd7494b21a77
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
@@ -0,0 +1,181 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build gc,!purego
+
+#include "textflag.h"
+
+// This was ported from the amd64 implementation.
+
+#define POLY1305_ADD(msg, h0, h1, h2, t0, t1, t2) \
+	MOVD (msg), t0;  \
+	MOVD 8(msg), t1; \
+	MOVD $1, t2;     \
+	ADDC t0, h0, h0; \
+	ADDE t1, h1, h1; \
+	ADDE t2, h2;     \
+	ADD  $16, msg
+
+#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3, t4, t5) \
+	MULLD  r0, h0, t0;  \
+	MULLD  r0, h1, t4;  \
+	MULHDU r0, h0, t1;  \
+	MULHDU r0, h1, t5;  \
+	ADDC   t4, t1, t1;  \
+	MULLD  r0, h2, t2;  \
+	ADDZE  t5;          \
+	MULHDU r1, h0, t4;  \
+	MULLD  r1, h0, h0;  \
+	ADD    t5, t2, t2;  \
+	ADDC   h0, t1, t1;  \
+	MULLD  h2, r1, t3;  \
+	ADDZE  t4, h0;      \
+	MULHDU r1, h1, t5;  \
+	MULLD  r1, h1, t4;  \
+	ADDC   t4, t2, t2;  \
+	ADDE   t5, t3, t3;  \
+	ADDC   h0, t2, t2;  \
+	MOVD   $-4, t4;     \
+	MOVD   t0, h0;      \
+	MOVD   t1, h1;      \
+	ADDZE  t3;          \
+	ANDCC  $3, t2, h2;  \
+	AND    t2, t4, t0;  \
+	ADDC   t0, h0, h0;  \
+	ADDE   t3, h1, h1;  \
+	SLD    $62, t3, t4; \
+	SRD    $2, t2;      \
+	ADDZE  h2;          \
+	OR     t4, t2, t2;  \
+	SRD    $2, t3;      \
+	ADDC   t2, h0, h0;  \
+	ADDE   t3, h1, h1;  \
+	ADDZE  h2
+
+DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+GLOBL ·poly1305Mask<>(SB), RODATA, $16
+
+// func update(state *[7]uint64, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVD state+0(FP), R3
+	MOVD msg_base+8(FP), R4
+	MOVD msg_len+16(FP), R5
+
+	MOVD 0(R3), R8   // h0
+	MOVD 8(R3), R9   // h1
+	MOVD 16(R3), R10 // h2
+	MOVD 24(R3), R11 // r0
+	MOVD 32(R3), R12 // r1
+
+	CMP R5, $16
+	BLT bytes_between_0_and_15
+
+loop:
+	POLY1305_ADD(R4, R8, R9, R10, R20, R21, R22)
+
+multiply:
+	POLY1305_MUL(R8, R9, R10, R11, R12, R16, R17, R18, R14, R20, R21)
+	ADD $-16, R5
+	CMP R5, $16
+	BGE loop
+
+bytes_between_0_and_15:
+	CMP  $0, R5
+	BEQ  done
+	MOVD $0, R16 // h0
+	MOVD $0, R17 // h1
+
+flush_buffer:
+	CMP R5, $8
+	BLE just1
+
+	MOVD $8, R21
+	SUB  R21, R5, R21
+
+	// Greater than 8 -- load the rightmost remaining bytes in msg
+	// and put into R17 (h1)
+	MOVD (R4)(R21), R17
+	MOVD $16, R22
+
+	// Find the offset to those bytes
+	SUB R5, R22, R22
+	SLD $3, R22
+
+	// Shift to get only the bytes in msg
+	SRD R22, R17, R17
+
+	// Put 1 at high end
+	MOVD $1, R23
+	SLD  $3, R21
+	SLD  R21, R23, R23
+	OR   R23, R17, R17
+
+	// Remainder is 8
+	MOVD $8, R5
+
+just1:
+	CMP R5, $8
+	BLT less8
+
+	// Exactly 8
+	MOVD (R4), R16
+
+	CMP $0, R17
+
+	// Check if we've already set R17; if not
+	// set 1 to indicate end of msg.
+	BNE  carry
+	MOVD $1, R17
+	BR   carry
+
+less8:
+	MOVD  $0, R16   // h0
+	MOVD  $0, R22   // shift count
+	CMP   R5, $4
+	BLT   less4
+	MOVWZ (R4), R16
+	ADD   $4, R4
+	ADD   $-4, R5
+	MOVD  $32, R22
+
+less4:
+	CMP   R5, $2
+	BLT   less2
+	MOVHZ (R4), R21
+	SLD   R22, R21, R21
+	OR    R16, R21, R16
+	ADD   $16, R22
+	ADD   $-2, R5
+	ADD   $2, R4
+
+less2:
+	CMP   $0, R5
+	BEQ   insert1
+	MOVBZ (R4), R21
+	SLD   R22, R21, R21
+	OR    R16, R21, R16
+	ADD   $8, R22
+
+insert1:
+	// Insert 1 at end of msg
+	MOVD $1, R21
+	SLD  R22, R21, R21
+	OR   R16, R21, R16
+
+carry:
+	// Add new values to h0, h1, h2
+	ADDC R16, R8
+	ADDE R17, R9
+	ADDE $0, R10
+	MOVD $16, R5
+	ADD  R5, R4
+	BR   multiply
+
+done:
+	// Save h0, h1, h2 in state
+	MOVD R8, 0(R3)
+	MOVD R9, 8(R3)
+	MOVD R10, 16(R3)
+	RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ref.go b/vendor/golang.org/x/crypto/poly1305/sum_ref.go
deleted file mode 100644
index c4d59bd09874c..0000000000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_ref.go
+++ /dev/null
@@ -1,139 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package poly1305
-
-import "encoding/binary"
-
-// sumGeneric generates an authenticator for msg using a one-time key and
-// puts the 16-byte result into out. This is the generic implementation of
-// Sum and should be called if no assembly implementation is available.
-func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
-	var (
-		h0, h1, h2, h3, h4 uint32 // the hash accumulators
-		r0, r1, r2, r3, r4 uint64 // the r part of the key
-	)
-
-	r0 = uint64(binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff)
-	r1 = uint64((binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03)
-	r2 = uint64((binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff)
-	r3 = uint64((binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff)
-	r4 = uint64((binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff)
-
-	R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5
-
-	for len(msg) >= TagSize {
-		// h += msg
-		h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff
-		h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff
-		h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff
-		h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff
-		h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | (1 << 24)
-
-		// h *= r
-		d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
-		d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
-		d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
-		d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
-		d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
-
-		// h %= p
-		h0 = uint32(d0) & 0x3ffffff
-		h1 = uint32(d1) & 0x3ffffff
-		h2 = uint32(d2) & 0x3ffffff
-		h3 = uint32(d3) & 0x3ffffff
-		h4 = uint32(d4) & 0x3ffffff
-
-		h0 += uint32(d4>>26) * 5
-		h1 += h0 >> 26
-		h0 = h0 & 0x3ffffff
-
-		msg = msg[TagSize:]
-	}
-
-	if len(msg) > 0 {
-		var block [TagSize]byte
-		off := copy(block[:], msg)
-		block[off] = 0x01
-
-		// h += msg
-		h0 += binary.LittleEndian.Uint32(block[0:]) & 0x3ffffff
-		h1 += (binary.LittleEndian.Uint32(block[3:]) >> 2) & 0x3ffffff
-		h2 += (binary.LittleEndian.Uint32(block[6:]) >> 4) & 0x3ffffff
-		h3 += (binary.LittleEndian.Uint32(block[9:]) >> 6) & 0x3ffffff
-		h4 += (binary.LittleEndian.Uint32(block[12:]) >> 8)
-
-		// h *= r
-		d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
-		d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
-		d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
-		d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
-		d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
-
-		// h %= p
-		h0 = uint32(d0) & 0x3ffffff
-		h1 = uint32(d1) & 0x3ffffff
-		h2 = uint32(d2) & 0x3ffffff
-		h3 = uint32(d3) & 0x3ffffff
-		h4 = uint32(d4) & 0x3ffffff
-
-		h0 += uint32(d4>>26) * 5
-		h1 += h0 >> 26
-		h0 = h0 & 0x3ffffff
-	}
-
-	// h %= p reduction
-	h2 += h1 >> 26
-	h1 &= 0x3ffffff
-	h3 += h2 >> 26
-	h2 &= 0x3ffffff
-	h4 += h3 >> 26
-	h3 &= 0x3ffffff
-	h0 += 5 * (h4 >> 26)
-	h4 &= 0x3ffffff
-	h1 += h0 >> 26
-	h0 &= 0x3ffffff
-
-	// h - p
-	t0 := h0 + 5
-	t1 := h1 + (t0 >> 26)
-	t2 := h2 + (t1 >> 26)
-	t3 := h3 + (t2 >> 26)
-	t4 := h4 + (t3 >> 26) - (1 << 26)
-	t0 &= 0x3ffffff
-	t1 &= 0x3ffffff
-	t2 &= 0x3ffffff
-	t3 &= 0x3ffffff
-
-	// select h if h < p else h - p
-	t_mask := (t4 >> 31) - 1
-	h_mask := ^t_mask
-	h0 = (h0 & h_mask) | (t0 & t_mask)
-	h1 = (h1 & h_mask) | (t1 & t_mask)
-	h2 = (h2 & h_mask) | (t2 & t_mask)
-	h3 = (h3 & h_mask) | (t3 & t_mask)
-	h4 = (h4 & h_mask) | (t4 & t_mask)
-
-	// h %= 2^128
-	h0 |= h1 << 26
-	h1 = ((h1 >> 6) | (h2 << 20))
-	h2 = ((h2 >> 12) | (h3 << 14))
-	h3 = ((h3 >> 18) | (h4 << 8))
-
-	// s: the s part of the key
-	// tag = (h + s) % (2^128)
-	t := uint64(h0) + uint64(binary.LittleEndian.Uint32(key[16:]))
-	h0 = uint32(t)
-	t = uint64(h1) + uint64(binary.LittleEndian.Uint32(key[20:])) + (t >> 32)
-	h1 = uint32(t)
-	t = uint64(h2) + uint64(binary.LittleEndian.Uint32(key[24:])) + (t >> 32)
-	h2 = uint32(t)
-	t = uint64(h3) + uint64(binary.LittleEndian.Uint32(key[28:])) + (t >> 32)
-	h3 = uint32(t)
-
-	binary.LittleEndian.PutUint32(out[0:], h0)
-	binary.LittleEndian.PutUint32(out[4:], h1)
-	binary.LittleEndian.PutUint32(out[8:], h2)
-	binary.LittleEndian.PutUint32(out[12:], h3)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
index 7a266cece46ad..62cc9f84709e3 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
@@ -2,48 +2,75 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build s390x,go1.11,!gccgo,!appengine
+//go:build gc && !purego
+// +build gc,!purego
 
 package poly1305
 
-// hasVectorFacility reports whether the machine supports
-// the vector facility (vx).
-func hasVectorFacility() bool
+import (
+	"golang.org/x/sys/cpu"
+)
 
-// hasVMSLFacility reports whether the machine supports
-// Vector Multiply Sum Logical (VMSL).
-func hasVMSLFacility() bool
-
-var hasVX = hasVectorFacility()
-var hasVMSL = hasVMSLFacility()
-
-// poly1305vx is an assembly implementation of Poly1305 that uses vector
+// updateVX is an assembly implementation of Poly1305 that uses vector
 // instructions. It must only be called if the vector facility (vx) is
 // available.
 //go:noescape
-func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+func updateVX(state *macState, msg []byte)
 
-// poly1305vmsl is an assembly implementation of Poly1305 that uses vector
-// instructions, including VMSL. It must only be called if the vector facility (vx) is
-// available and if VMSL is supported.
-//go:noescape
-func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	if hasVX {
-		var mPtr *byte
-		if len(m) > 0 {
-			mPtr = &m[0]
+// mac is a replacement for macGeneric that uses a larger buffer and redirects
+// calls that would have gone to updateGeneric to updateVX if the vector
+// facility is installed.
+//
+// A larger buffer is required for good performance because the vector
+// implementation has a higher fixed cost per call than the generic
+// implementation.
+type mac struct {
+	macState
+
+	buffer [16 * TagSize]byte // size must be a multiple of block size (16)
+	offset int
+}
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < len(h.buffer) {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, h.buffer[:])
+		} else {
+			updateGeneric(&h.macState, h.buffer[:])
 		}
-		if hasVMSL && len(m) > 256 {
-			poly1305vmsl(out, mPtr, uint64(len(m)), key)
+	}
+
+	tail := len(p) % len(h.buffer) // number of bytes to copy into buffer
+	body := len(p) - tail          // number of bytes to process now
+	if body > 0 {
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, p[:body])
 		} else {
-			poly1305vx(out, mPtr, uint64(len(m)), key)
+			updateGeneric(&h.macState, p[:body])
 		}
-	} else {
-		sumGeneric(out, m, key)
 	}
+	h.offset = copy(h.buffer[:], p[body:]) // copy tail bytes - can be 0
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[TagSize]byte) {
+	state := h.macState
+	remainder := h.buffer[:h.offset]
+
+	// Use the generic implementation if we have 2 or fewer blocks left
+	// to sum. The vector implementation has a higher startup time.
+	if cpu.S390X.HasVX && len(remainder) > 2*TagSize {
+		updateVX(&state, remainder)
+	} else if len(remainder) > 0 {
+		updateGeneric(&state, remainder)
+	}
+	finalize(out, &state.h, &state.s)
 }
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
index 356c07a6c2b12..bdd882c606def 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
@@ -2,115 +2,187 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build s390x,go1.11,!gccgo,!appengine
+// +build gc,!purego
 
 #include "textflag.h"
 
-// Implementation of Poly1305 using the vector facility (vx).
-
-// constants
-#define MOD26 V0
-#define EX0   V1
-#define EX1   V2
-#define EX2   V3
-
-// temporaries
-#define T_0 V4
-#define T_1 V5
-#define T_2 V6
-#define T_3 V7
-#define T_4 V8
-
-// key (r)
-#define R_0  V9
-#define R_1  V10
-#define R_2  V11
-#define R_3  V12
-#define R_4  V13
-#define R5_1 V14
-#define R5_2 V15
-#define R5_3 V16
-#define R5_4 V17
-#define RSAVE_0 R5
-#define RSAVE_1 R6
-#define RSAVE_2 R7
-#define RSAVE_3 R8
-#define RSAVE_4 R9
-#define R5SAVE_1 V28
-#define R5SAVE_2 V29
-#define R5SAVE_3 V30
-#define R5SAVE_4 V31
-
-// message block
-#define F_0 V18
-#define F_1 V19
-#define F_2 V20
-#define F_3 V21
-#define F_4 V22
-
-// accumulator
-#define H_0 V23
-#define H_1 V24
-#define H_2 V25
-#define H_3 V26
-#define H_4 V27
-
-GLOBL ·keyMask<>(SB), RODATA, $16
-DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
-DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
-
-GLOBL ·bswapMask<>(SB), RODATA, $16
-DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
-DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
-
-GLOBL ·constants<>(SB), RODATA, $64
-// MOD26
-DATA ·constants<>+0(SB)/8, $0x3ffffff
-DATA ·constants<>+8(SB)/8, $0x3ffffff
+// This implementation of Poly1305 uses the vector facility (vx)
+// to process up to 2 blocks (32 bytes) per iteration using an
+// algorithm based on the one described in:
+//
+// NEON crypto, Daniel J. Bernstein & Peter Schwabe
+// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+//
+// This algorithm uses 5 26-bit limbs to represent a 130-bit
+// value. These limbs are, for the most part, zero extended and
+// placed into 64-bit vector register elements. Each vector
+// register is 128-bits wide and so holds 2 of these elements.
+// Using 26-bit limbs allows us plenty of headroom to accomodate
+// accumulations before and after multiplication without
+// overflowing either 32-bits (before multiplication) or 64-bits
+// (after multiplication).
+//
+// In order to parallelise the operations required to calculate
+// the sum we use two separate accumulators and then sum those
+// in an extra final step. For compatibility with the generic
+// implementation we perform this summation at the end of every
+// updateVX call.
+//
+// To use two accumulators we must multiply the message blocks
+// by r² rather than r. Only the final message block should be
+// multiplied by r.
+//
+// Example:
+//
+// We want to calculate the sum (h) for a 64 byte message (m):
+//
+//   h = m[0:16]r⁴ + m[16:32]r³ + m[32:48]r² + m[48:64]r
+//
+// To do this we split the calculation into the even indices
+// and odd indices of the message. These form our SIMD 'lanes':
+//
+//   h = m[ 0:16]r⁴ + m[32:48]r² +   <- lane 0
+//       m[16:32]r³ + m[48:64]r      <- lane 1
+//
+// To calculate this iteratively we refactor so that both lanes
+// are written in terms of r² and r:
+//
+//   h = (m[ 0:16]r² + m[32:48])r² + <- lane 0
+//       (m[16:32]r² + m[48:64])r    <- lane 1
+//                ^             ^
+//                |             coefficients for second iteration
+//                coefficients for first iteration
+//
+// So in this case we would have two iterations. In the first
+// both lanes are multiplied by r². In the second only the
+// first lane is multiplied by r² and the second lane is
+// instead multiplied by r. This gives use the odd and even
+// powers of r that we need from the original equation.
+//
+// Notation:
+//
+//   h - accumulator
+//   r - key
+//   m - message
+//
+//   [a, b]       - SIMD register holding two 64-bit values
+//   [a, b, c, d] - SIMD register holding four 32-bit values
+//   xᵢ[n]        - limb n of variable x with bit width i
+//
+// Limbs are expressed in little endian order, so for 26-bit
+// limbs x₂₆[4] will be the most significant limb and x₂₆[0]
+// will be the least significant limb.
+
+// masking constants
+#define MOD24 V0 // [0x0000000000ffffff, 0x0000000000ffffff] - mask low 24-bits
+#define MOD26 V1 // [0x0000000003ffffff, 0x0000000003ffffff] - mask low 26-bits
+
+// expansion constants (see EXPAND macro)
+#define EX0 V2
+#define EX1 V3
+#define EX2 V4
+
+// key (r², r or 1 depending on context)
+#define R_0 V5
+#define R_1 V6
+#define R_2 V7
+#define R_3 V8
+#define R_4 V9
+
+// precalculated coefficients (5r², 5r or 0 depending on context)
+#define R5_1 V10
+#define R5_2 V11
+#define R5_3 V12
+#define R5_4 V13
+
+// message block (m)
+#define M_0 V14
+#define M_1 V15
+#define M_2 V16
+#define M_3 V17
+#define M_4 V18
+
+// accumulator (h)
+#define H_0 V19
+#define H_1 V20
+#define H_2 V21
+#define H_3 V22
+#define H_4 V23
+
+// temporary registers (for short-lived values)
+#define T_0 V24
+#define T_1 V25
+#define T_2 V26
+#define T_3 V27
+#define T_4 V28
+
+GLOBL ·constants<>(SB), RODATA, $0x30
 // EX0
-DATA ·constants<>+16(SB)/8, $0x0006050403020100
-DATA ·constants<>+24(SB)/8, $0x1016151413121110
+DATA ·constants<>+0x00(SB)/8, $0x0006050403020100
+DATA ·constants<>+0x08(SB)/8, $0x1016151413121110
 // EX1
-DATA ·constants<>+32(SB)/8, $0x060c0b0a09080706
-DATA ·constants<>+40(SB)/8, $0x161c1b1a19181716
+DATA ·constants<>+0x10(SB)/8, $0x060c0b0a09080706
+DATA ·constants<>+0x18(SB)/8, $0x161c1b1a19181716
 // EX2
-DATA ·constants<>+48(SB)/8, $0x0d0d0d0d0d0f0e0d
-DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d
-
-// h = (f*g) % (2**130-5) [partial reduction]
+DATA ·constants<>+0x20(SB)/8, $0x0d0d0d0d0d0f0e0d
+DATA ·constants<>+0x28(SB)/8, $0x1d1d1d1d1d1f1e1d
+
+// MULTIPLY multiplies each lane of f and g, partially reduced
+// modulo 2¹³⁰ - 5. The result, h, consists of partial products
+// in each lane that need to be reduced further to produce the
+// final result.
+//
+//   h₁₃₀ = (f₁₃₀g₁₃₀) % 2¹³⁰ + (5f₁₃₀g₁₃₀) / 2¹³⁰
+//
+// Note that the multiplication by 5 of the high bits is
+// achieved by precalculating the multiplication of four of the
+// g coefficients by 5. These are g51-g54.
 #define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \
 	VMLOF  f0, g0, h0        \
-	VMLOF  f0, g1, h1        \
-	VMLOF  f0, g2, h2        \
 	VMLOF  f0, g3, h3        \
+	VMLOF  f0, g1, h1        \
 	VMLOF  f0, g4, h4        \
+	VMLOF  f0, g2, h2        \
 	VMLOF  f1, g54, T_0      \
-	VMLOF  f1, g0, T_1       \
-	VMLOF  f1, g1, T_2       \
 	VMLOF  f1, g2, T_3       \
+	VMLOF  f1, g0, T_1       \
 	VMLOF  f1, g3, T_4       \
+	VMLOF  f1, g1, T_2       \
 	VMALOF f2, g53, h0, h0   \
-	VMALOF f2, g54, h1, h1   \
-	VMALOF f2, g0, h2, h2    \
 	VMALOF f2, g1, h3, h3    \
+	VMALOF f2, g54, h1, h1   \
 	VMALOF f2, g2, h4, h4    \
+	VMALOF f2, g0, h2, h2    \
 	VMALOF f3, g52, T_0, T_0 \
-	VMALOF f3, g53, T_1, T_1 \
-	VMALOF f3, g54, T_2, T_2 \
 	VMALOF f3, g0, T_3, T_3  \
+	VMALOF f3, g53, T_1, T_1 \
 	VMALOF f3, g1, T_4, T_4  \
+	VMALOF f3, g54, T_2, T_2 \
 	VMALOF f4, g51, h0, h0   \
-	VMALOF f4, g52, h1, h1   \
-	VMALOF f4, g53, h2, h2   \
 	VMALOF f4, g54, h3, h3   \
+	VMALOF f4, g52, h1, h1   \
 	VMALOF f4, g0, h4, h4    \
+	VMALOF f4, g53, h2, h2   \
 	VAG    T_0, h0, h0       \
-	VAG    T_1, h1, h1       \
-	VAG    T_2, h2, h2       \
 	VAG    T_3, h3, h3       \
-	VAG    T_4, h4, h4
-
-// carry h0->h1 h3->h4, h1->h2 h4->h0, h0->h1 h2->h3, h3->h4
+	VAG    T_1, h1, h1       \
+	VAG    T_4, h4, h4       \
+	VAG    T_2, h2, h2
+
+// REDUCE performs the following carry operations in four
+// stages, as specified in Bernstein & Schwabe:
+//
+//   1: h₂₆[0]->h₂₆[1] h₂₆[3]->h₂₆[4]
+//   2: h₂₆[1]->h₂₆[2] h₂₆[4]->h₂₆[0]
+//   3: h₂₆[0]->h₂₆[1] h₂₆[2]->h₂₆[3]
+//   4: h₂₆[3]->h₂₆[4]
+//
+// The result is that all of the limbs are limited to 26-bits
+// except for h₂₆[1] and h₂₆[4] which are limited to 27-bits.
+//
+// Note that although each limb is aligned at 26-bit intervals
+// they may contain values that exceed 2²⁶ - 1, hence the need
+// to carry the excess bits in each limb.
 #define REDUCE(h0, h1, h2, h3, h4) \
 	VESRLG $26, h0, T_0  \
 	VESRLG $26, h3, T_1  \
@@ -136,144 +208,155 @@ DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d
 	VN     MOD26, h3, h3 \
 	VAG    T_2, h4, h4
 
-// expand in0 into d[0] and in1 into d[1]
+// EXPAND splits the 128-bit little-endian values in0 and in1
+// into 26-bit big-endian limbs and places the results into
+// the first and second lane of d₂₆[0:4] respectively.
+//
+// The EX0, EX1 and EX2 constants are arrays of byte indices
+// for permutation. The permutation both reverses the bytes
+// in the input and ensures the bytes are copied into the
+// destination limb ready to be shifted into their final
+// position.
 #define EXPAND(in0, in1, d0, d1, d2, d3, d4) \
-	VGBM   $0x0707, d1       \ // d1=tmp
-	VPERM  in0, in1, EX2, d4 \
 	VPERM  in0, in1, EX0, d0 \
 	VPERM  in0, in1, EX1, d2 \
-	VN     d1, d4, d4        \
+	VPERM  in0, in1, EX2, d4 \
 	VESRLG $26, d0, d1       \
 	VESRLG $30, d2, d3       \
 	VESRLG $4, d2, d2        \
-	VN     MOD26, d0, d0     \
-	VN     MOD26, d1, d1     \
-	VN     MOD26, d2, d2     \
-	VN     MOD26, d3, d3
-
-// pack h4:h0 into h1:h0 (no carry)
-#define PACK(h0, h1, h2, h3, h4) \
-	VESLG $26, h1, h1  \
-	VESLG $26, h3, h3  \
-	VO    h0, h1, h0   \
-	VO    h2, h3, h2   \
-	VESLG $4, h2, h2   \
-	VLEIB $7, $48, h1  \
-	VSLB  h1, h2, h2   \
-	VO    h0, h2, h0   \
-	VLEIB $7, $104, h1 \
-	VSLB  h1, h4, h3   \
-	VO    h3, h0, h0   \
-	VLEIB $7, $24, h1  \
-	VSRLB h1, h4, h1
-
-// if h > 2**130-5 then h -= 2**130-5
-#define MOD(h0, h1, t0, t1, t2) \
-	VZERO t0          \
-	VLEIG $1, $5, t0  \
-	VACCQ h0, t0, t1  \
-	VAQ   h0, t0, t0  \
-	VONE  t2          \
-	VLEIG $1, $-4, t2 \
-	VAQ   t2, t1, t1  \
-	VACCQ h1, t1, t1  \
-	VONE  t2          \
-	VAQ   t2, t1, t1  \
-	VN    h0, t1, t2  \
-	VNC   t0, t1, t1  \
-	VO    t1, t2, h0
-
-// func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305vx(SB), $0-32
-	// This code processes up to 2 blocks (32 bytes) per iteration
-	// using the algorithm described in:
-	// NEON crypto, Daniel J. Bernstein & Peter Schwabe
-	// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
-	LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
-
-	// load MOD26, EX0, EX1 and EX2
+	VN     MOD26, d0, d0     \ // [in0₂₆[0], in1₂₆[0]]
+	VN     MOD26, d3, d3     \ // [in0₂₆[3], in1₂₆[3]]
+	VN     MOD26, d1, d1     \ // [in0₂₆[1], in1₂₆[1]]
+	VN     MOD24, d4, d4     \ // [in0₂₆[4], in1₂₆[4]]
+	VN     MOD26, d2, d2     // [in0₂₆[2], in1₂₆[2]]
+
+// func updateVX(state *macState, msg []byte)
+TEXT ·updateVX(SB), NOSPLIT, $0
+	MOVD state+0(FP), R1
+	LMG  msg+8(FP), R2, R3 // R2=msg_base, R3=msg_len
+
+	// load EX0, EX1 and EX2
 	MOVD $·constants<>(SB), R5
-	VLM  (R5), MOD26, EX2
-
-	// setup r
-	VL   (R4), T_0
-	MOVD $·keyMask<>(SB), R6
-	VL   (R6), T_1
-	VN   T_0, T_1, T_0
-	EXPAND(T_0, T_0, R_0, R_1, R_2, R_3, R_4)
-
-	// setup r*5
-	VLEIG $0, $5, T_0
-	VLEIG $1, $5, T_0
-
-	// store r (for final block)
-	VMLOF T_0, R_1, R5SAVE_1
-	VMLOF T_0, R_2, R5SAVE_2
-	VMLOF T_0, R_3, R5SAVE_3
-	VMLOF T_0, R_4, R5SAVE_4
-	VLGVG $0, R_0, RSAVE_0
-	VLGVG $0, R_1, RSAVE_1
-	VLGVG $0, R_2, RSAVE_2
-	VLGVG $0, R_3, RSAVE_3
-	VLGVG $0, R_4, RSAVE_4
-
-	// skip r**2 calculation
+	VLM  (R5), EX0, EX2
+
+	// generate masks
+	VGMG $(64-24), $63, MOD24 // [0x00ffffff, 0x00ffffff]
+	VGMG $(64-26), $63, MOD26 // [0x03ffffff, 0x03ffffff]
+
+	// load h (accumulator) and r (key) from state
+	VZERO T_1               // [0, 0]
+	VL    0(R1), T_0        // [h₆₄[0], h₆₄[1]]
+	VLEG  $0, 16(R1), T_1   // [h₆₄[2], 0]
+	VL    24(R1), T_2       // [r₆₄[0], r₆₄[1]]
+	VPDI  $0, T_0, T_2, T_3 // [h₆₄[0], r₆₄[0]]
+	VPDI  $5, T_0, T_2, T_4 // [h₆₄[1], r₆₄[1]]
+
+	// unpack h and r into 26-bit limbs
+	// note: h₆₄[2] may have the low 3 bits set, so h₂₆[4] is a 27-bit value
+	VN     MOD26, T_3, H_0            // [h₂₆[0], r₂₆[0]]
+	VZERO  H_1                        // [0, 0]
+	VZERO  H_3                        // [0, 0]
+	VGMG   $(64-12-14), $(63-12), T_0 // [0x03fff000, 0x03fff000] - 26-bit mask with low 12 bits masked out
+	VESLG  $24, T_1, T_1              // [h₆₄[2]<<24, 0]
+	VERIMG $-26&63, T_3, MOD26, H_1   // [h₂₆[1], r₂₆[1]]
+	VESRLG $+52&63, T_3, H_2          // [h₂₆[2], r₂₆[2]] - low 12 bits only
+	VERIMG $-14&63, T_4, MOD26, H_3   // [h₂₆[1], r₂₆[1]]
+	VESRLG $40, T_4, H_4              // [h₂₆[4], r₂₆[4]] - low 24 bits only
+	VERIMG $+12&63, T_4, T_0, H_2     // [h₂₆[2], r₂₆[2]] - complete
+	VO     T_1, H_4, H_4              // [h₂₆[4], r₂₆[4]] - complete
+
+	// replicate r across all 4 vector elements
+	VREPF $3, H_0, R_0 // [r₂₆[0], r₂₆[0], r₂₆[0], r₂₆[0]]
+	VREPF $3, H_1, R_1 // [r₂₆[1], r₂₆[1], r₂₆[1], r₂₆[1]]
+	VREPF $3, H_2, R_2 // [r₂₆[2], r₂₆[2], r₂₆[2], r₂₆[2]]
+	VREPF $3, H_3, R_3 // [r₂₆[3], r₂₆[3], r₂₆[3], r₂₆[3]]
+	VREPF $3, H_4, R_4 // [r₂₆[4], r₂₆[4], r₂₆[4], r₂₆[4]]
+
+	// zero out lane 1 of h
+	VLEIG $1, $0, H_0 // [h₂₆[0], 0]
+	VLEIG $1, $0, H_1 // [h₂₆[1], 0]
+	VLEIG $1, $0, H_2 // [h₂₆[2], 0]
+	VLEIG $1, $0, H_3 // [h₂₆[3], 0]
+	VLEIG $1, $0, H_4 // [h₂₆[4], 0]
+
+	// calculate 5r (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r₂₆[1], 5r₂₆[1], 5r₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r₂₆[2], 5r₂₆[2], 5r₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r₂₆[3], 5r₂₆[3], 5r₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r₂₆[4], 5r₂₆[4], 5r₂₆[4]]
+
+	// skip r² calculation if we are only calculating one block
 	CMPBLE R3, $16, skip
 
-	// calculate r**2
-	MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5SAVE_1, R5SAVE_2, R5SAVE_3, R5SAVE_4, H_0, H_1, H_2, H_3, H_4)
-	REDUCE(H_0, H_1, H_2, H_3, H_4)
-	VLEIG $0, $5, T_0
-	VLEIG $1, $5, T_0
-	VMLOF T_0, H_1, R5_1
-	VMLOF T_0, H_2, R5_2
-	VMLOF T_0, H_3, R5_3
-	VMLOF T_0, H_4, R5_4
-	VLR   H_0, R_0
-	VLR   H_1, R_1
-	VLR   H_2, R_2
-	VLR   H_3, R_3
-	VLR   H_4, R_4
-
-	// initialize h
-	VZERO H_0
-	VZERO H_1
-	VZERO H_2
-	VZERO H_3
-	VZERO H_4
+	// calculate r²
+	MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, M_0, M_1, M_2, M_3, M_4)
+	REDUCE(M_0, M_1, M_2, M_3, M_4)
+	VGBM   $0x0f0f, T_0
+	VERIMG $0, M_0, T_0, R_0 // [r₂₆[0], r²₂₆[0], r₂₆[0], r²₂₆[0]]
+	VERIMG $0, M_1, T_0, R_1 // [r₂₆[1], r²₂₆[1], r₂₆[1], r²₂₆[1]]
+	VERIMG $0, M_2, T_0, R_2 // [r₂₆[2], r²₂₆[2], r₂₆[2], r²₂₆[2]]
+	VERIMG $0, M_3, T_0, R_3 // [r₂₆[3], r²₂₆[3], r₂₆[3], r²₂₆[3]]
+	VERIMG $0, M_4, T_0, R_4 // [r₂₆[4], r²₂₆[4], r₂₆[4], r²₂₆[4]]
+
+	// calculate 5r² (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r²₂₆[1], 5r₂₆[1], 5r²₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r²₂₆[2], 5r₂₆[2], 5r²₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r²₂₆[3], 5r₂₆[3], 5r²₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r²₂₆[4], 5r₂₆[4], 5r²₂₆[4]]
 
 loop:
-	CMPBLE R3, $32, b2
-	VLM    (R2), T_0, T_1
-	SUB    $32, R3
-	MOVD   $32(R2), R2
-	EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
-	VLEIB  $4, $1, F_4
-	VLEIB  $12, $1, F_4
+	CMPBLE R3, $32, b2 // 2 or fewer blocks remaining, need to change key coefficients
+
+	// load next 2 blocks from message
+	VLM (R2), T_0, T_1
+
+	// update message slice
+	SUB  $32, R3
+	MOVD $32(R2), R2
+
+	// unpack message blocks into 26-bit big-endian limbs
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// add 2¹²⁸ to each message block value
+	VLEIB $4, $1, M_4
+	VLEIB $12, $1, M_4
 
 multiply:
-	VAG    H_0, F_0, F_0
-	VAG    H_1, F_1, F_1
-	VAG    H_2, F_2, F_2
-	VAG    H_3, F_3, F_3
-	VAG    H_4, F_4, F_4
-	MULTIPLY(F_0, F_1, F_2, F_3, F_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+	// accumulate the incoming message
+	VAG H_0, M_0, M_0
+	VAG H_3, M_3, M_3
+	VAG H_1, M_1, M_1
+	VAG H_4, M_4, M_4
+	VAG H_2, M_2, M_2
+
+	// multiply the accumulator by the key coefficient
+	MULTIPLY(M_0, M_1, M_2, M_3, M_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+
+	// carry and partially reduce the partial products
 	REDUCE(H_0, H_1, H_2, H_3, H_4)
+
 	CMPBNE R3, $0, loop
 
 finish:
-	// sum vectors
+	// sum lane 0 and lane 1 and put the result in lane 1
 	VZERO  T_0
 	VSUMQG H_0, T_0, H_0
-	VSUMQG H_1, T_0, H_1
-	VSUMQG H_2, T_0, H_2
 	VSUMQG H_3, T_0, H_3
+	VSUMQG H_1, T_0, H_1
 	VSUMQG H_4, T_0, H_4
+	VSUMQG H_2, T_0, H_2
 
-	// h may be >= 2*(2**130-5) so we need to reduce it again
+	// reduce again after summation
+	// TODO(mundaym): there might be a more efficient way to do this
+	// now that we only have 1 active lane. For example, we could
+	// simultaneously pack the values as we reduce them.
 	REDUCE(H_0, H_1, H_2, H_3, H_4)
 
-	// carry h1->h4
+	// carry h[1] through to h[4] so that only h[4] can exceed 2²⁶ - 1
+	// TODO(mundaym): in testing this final carry was unnecessary.
+	// Needs a proof before it can be removed though.
 	VESRLG $26, H_1, T_1
 	VN     MOD26, H_1, H_1
 	VAQ    T_1, H_2, H_2
@@ -284,117 +367,137 @@ finish:
 	VN     MOD26, H_3, H_3
 	VAQ    T_3, H_4, H_4
 
-	// h is now < 2*(2**130-5)
-	// pack h into h1 (hi) and h0 (lo)
-	PACK(H_0, H_1, H_2, H_3, H_4)
-
-	// if h > 2**130-5 then h -= 2**130-5
-	MOD(H_0, H_1, T_0, T_1, T_2)
-
-	// h += s
-	MOVD  $·bswapMask<>(SB), R5
-	VL    (R5), T_1
-	VL    16(R4), T_0
-	VPERM T_0, T_0, T_1, T_0    // reverse bytes (to big)
-	VAQ   T_0, H_0, H_0
-	VPERM H_0, H_0, T_1, H_0    // reverse bytes (to little)
-	VST   H_0, (R1)
-
+	// h is now < 2(2¹³⁰ - 5)
+	// Pack each lane in h₂₆[0:4] into h₁₂₈[0:1].
+	VESLG $26, H_1, H_1
+	VESLG $26, H_3, H_3
+	VO    H_0, H_1, H_0
+	VO    H_2, H_3, H_2
+	VESLG $4, H_2, H_2
+	VLEIB $7, $48, H_1
+	VSLB  H_1, H_2, H_2
+	VO    H_0, H_2, H_0
+	VLEIB $7, $104, H_1
+	VSLB  H_1, H_4, H_3
+	VO    H_3, H_0, H_0
+	VLEIB $7, $24, H_1
+	VSRLB H_1, H_4, H_1
+
+	// update state
+	VSTEG $1, H_0, 0(R1)
+	VSTEG $0, H_0, 8(R1)
+	VSTEG $1, H_1, 16(R1)
 	RET
 
-b2:
+b2:  // 2 or fewer blocks remaining
 	CMPBLE R3, $16, b1
 
-	// 2 blocks remaining
-	SUB    $17, R3
-	VL     (R2), T_0
-	VLL    R3, 16(R2), T_1
-	ADD    $1, R3
+	// Load the 2 remaining blocks (17-32 bytes remaining).
+	MOVD $-17(R3), R0    // index of final byte to load modulo 16
+	VL   (R2), T_0       // load full 16 byte block
+	VLL  R0, 16(R2), T_1 // load final (possibly partial) block and pad with zeros to 16 bytes
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
 	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, T_1
-	EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
+	MOVD   $-16(R3), R3   // index of byte in last block to insert 1 at (could be 16)
+	CMPBEQ R3, $16, 2(PC) // skip the insertion if the final block is 16 bytes long
+	VLVGB  R3, R0, T_1    // insert 1 into the byte at index R3
+
+	// Split both blocks into 26-bit limbs in the appropriate lanes.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the second to last block.
+	VLEIB $4, $1, M_4
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
 	CMPBNE R3, $16, 2(PC)
-	VLEIB  $12, $1, F_4
-	VLEIB  $4, $1, F_4
-
-	// setup [r²,r]
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, RSAVE_3, R_3
-	VLVGG $1, RSAVE_4, R_4
-	VPDI  $0, R5_1, R5SAVE_1, R5_1
-	VPDI  $0, R5_2, R5SAVE_2, R5_2
-	VPDI  $0, R5_3, R5SAVE_3, R5_3
-	VPDI  $0, R5_4, R5SAVE_4, R5_4
+	VLEIB  $12, $1, M_4
+
+	// Finally, set up the coefficients for the final multiplication.
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r² so that can be kept the
+	// same. We want lane 1 to be multiplied by r so we need to move
+	// the saved r value into the 32-bit odd index in lane 1 by
+	// rotating the 64-bit lane by 32.
+	VGBM   $0x00ff, T_0         // [0, 0xffffffffffffffff] - mask lane 1 only
+	VERIMG $32, R_0, T_0, R_0   // [_,  r²₂₆[0], _,  r₂₆[0]]
+	VERIMG $32, R_1, T_0, R_1   // [_,  r²₂₆[1], _,  r₂₆[1]]
+	VERIMG $32, R_2, T_0, R_2   // [_,  r²₂₆[2], _,  r₂₆[2]]
+	VERIMG $32, R_3, T_0, R_3   // [_,  r²₂₆[3], _,  r₂₆[3]]
+	VERIMG $32, R_4, T_0, R_4   // [_,  r²₂₆[4], _,  r₂₆[4]]
+	VERIMG $32, R5_1, T_0, R5_1 // [_, 5r²₂₆[1], _, 5r₂₆[1]]
+	VERIMG $32, R5_2, T_0, R5_2 // [_, 5r²₂₆[2], _, 5r₂₆[2]]
+	VERIMG $32, R5_3, T_0, R5_3 // [_, 5r²₂₆[3], _, 5r₂₆[3]]
+	VERIMG $32, R5_4, T_0, R5_4 // [_, 5r²₂₆[4], _, 5r₂₆[4]]
 
 	MOVD $0, R3
 	BR   multiply
 
 skip:
-	VZERO H_0
-	VZERO H_1
-	VZERO H_2
-	VZERO H_3
-	VZERO H_4
-
 	CMPBEQ R3, $0, finish
 
-b1:
-	// 1 block remaining
-	SUB    $1, R3
-	VLL    R3, (R2), T_0
-	ADD    $1, R3
+b1:  // 1 block remaining
+
+	// Load the final block (1-16 bytes). This will be placed into
+	// lane 0.
+	MOVD $-1(R3), R0
+	VLL  R0, (R2), T_0 // pad to 16 bytes with zeros
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
 	MOVBZ  $1, R0
 	CMPBEQ R3, $16, 2(PC)
 	VLVGB  R3, R0, T_0
-	VZERO  T_1
-	EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
+
+	// Set the message block in lane 1 to the value 0 so that it
+	// can be accumulated without affecting the final result.
+	VZERO T_1
+
+	// Split the final message block into 26-bit limbs in lane 0.
+	// Lane 1 will be contain 0.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
 	CMPBNE R3, $16, 2(PC)
-	VLEIB  $4, $1, F_4
-	VLEIG  $1, $1, R_0
-	VZERO  R_1
-	VZERO  R_2
-	VZERO  R_3
-	VZERO  R_4
-	VZERO  R5_1
-	VZERO  R5_2
-	VZERO  R5_3
-	VZERO  R5_4
-
-	// setup [r, 1]
-	VLVGG $0, RSAVE_0, R_0
-	VLVGG $0, RSAVE_1, R_1
-	VLVGG $0, RSAVE_2, R_2
-	VLVGG $0, RSAVE_3, R_3
-	VLVGG $0, RSAVE_4, R_4
-	VPDI  $0, R5SAVE_1, R5_1, R5_1
-	VPDI  $0, R5SAVE_2, R5_2, R5_2
-	VPDI  $0, R5SAVE_3, R5_3, R5_3
-	VPDI  $0, R5SAVE_4, R5_4, R5_4
+	VLEIB  $4, $1, M_4
+
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r so we need to move the
+	// saved r value into the 32-bit odd index in lane 0. We want
+	// lane 1 to be set to the value 1. This makes multiplication
+	// a no-op. We do this by setting lane 1 in every register to 0
+	// and then just setting the 32-bit index 3 in R_0 to 1.
+	VZERO T_0
+	MOVD  $0, R0
+	MOVD  $0x10111213, R12
+	VLVGP R12, R0, T_1         // [_, 0x10111213, _, 0x00000000]
+	VPERM T_0, R_0, T_1, R_0   // [_,  r₂₆[0], _, 0]
+	VPERM T_0, R_1, T_1, R_1   // [_,  r₂₆[1], _, 0]
+	VPERM T_0, R_2, T_1, R_2   // [_,  r₂₆[2], _, 0]
+	VPERM T_0, R_3, T_1, R_3   // [_,  r₂₆[3], _, 0]
+	VPERM T_0, R_4, T_1, R_4   // [_,  r₂₆[4], _, 0]
+	VPERM T_0, R5_1, T_1, R5_1 // [_, 5r₂₆[1], _, 0]
+	VPERM T_0, R5_2, T_1, R5_2 // [_, 5r₂₆[2], _, 0]
+	VPERM T_0, R5_3, T_1, R5_3 // [_, 5r₂₆[3], _, 0]
+	VPERM T_0, R5_4, T_1, R5_4 // [_, 5r₂₆[4], _, 0]
+
+	// Set the value of lane 1 to be 1.
+	VLEIF $3, $1, R_0 // [_,  r₂₆[0], _, 1]
 
 	MOVD $0, R3
 	BR   multiply
-
-TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1
-	MOVD  $x-24(SP), R1
-	XC    $24, 0(R1), 0(R1) // clear the storage
-	MOVD  $2, R0            // R0 is the number of double words stored -1
-	WORD  $0xB2B01000       // STFLE 0(R1)
-	XOR   R0, R0            // reset the value of R0
-	MOVBZ z-8(SP), R1
-	AND   $0x40, R1
-	BEQ   novector
-
-vectorinstalled:
-	// check if the vector instruction has been enabled
-	VLEIB  $0, $0xF, V16
-	VLGVB  $0, V16, R1
-	CMPBNE R1, $0xF, novector
-	MOVB   $1, ret+0(FP)      // have vx
-	RET
-
-novector:
-	MOVB $0, ret+0(FP) // no vx
-	RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
deleted file mode 100644
index e548020b14e19..0000000000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
+++ /dev/null
@@ -1,931 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,go1.11,!gccgo,!appengine
-
-#include "textflag.h"
-
-// Implementation of Poly1305 using the vector facility (vx) and the VMSL instruction.
-
-// constants
-#define EX0   V1
-#define EX1   V2
-#define EX2   V3
-
-// temporaries
-#define T_0 V4
-#define T_1 V5
-#define T_2 V6
-#define T_3 V7
-#define T_4 V8
-#define T_5 V9
-#define T_6 V10
-#define T_7 V11
-#define T_8 V12
-#define T_9 V13
-#define T_10 V14
-
-// r**2 & r**4
-#define R_0  V15
-#define R_1  V16
-#define R_2  V17
-#define R5_1 V18
-#define R5_2 V19
-// key (r)
-#define RSAVE_0 R7
-#define RSAVE_1 R8
-#define RSAVE_2 R9
-#define R5SAVE_1 R10
-#define R5SAVE_2 R11
-
-// message block
-#define M0 V20
-#define M1 V21
-#define M2 V22
-#define M3 V23
-#define M4 V24
-#define M5 V25
-
-// accumulator
-#define H0_0 V26
-#define H1_0 V27
-#define H2_0 V28
-#define H0_1 V29
-#define H1_1 V30
-#define H2_1 V31
-
-GLOBL ·keyMask<>(SB), RODATA, $16
-DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
-DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
-
-GLOBL ·bswapMask<>(SB), RODATA, $16
-DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
-DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
-
-GLOBL ·constants<>(SB), RODATA, $48
-// EX0
-DATA ·constants<>+0(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+8(SB)/8, $0x0000050403020100
-// EX1
-DATA ·constants<>+16(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+24(SB)/8, $0x00000a0908070605
-// EX2
-DATA ·constants<>+32(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+40(SB)/8, $0x0000000f0e0d0c0b
-
-GLOBL ·c<>(SB), RODATA, $48
-// EX0
-DATA ·c<>+0(SB)/8, $0x0000050403020100
-DATA ·c<>+8(SB)/8, $0x0000151413121110
-// EX1
-DATA ·c<>+16(SB)/8, $0x00000a0908070605
-DATA ·c<>+24(SB)/8, $0x00001a1918171615
-// EX2
-DATA ·c<>+32(SB)/8, $0x0000000f0e0d0c0b
-DATA ·c<>+40(SB)/8, $0x0000001f1e1d1c1b
-
-GLOBL ·reduce<>(SB), RODATA, $32
-// 44 bit
-DATA ·reduce<>+0(SB)/8, $0x0
-DATA ·reduce<>+8(SB)/8, $0xfffffffffff
-// 42 bit
-DATA ·reduce<>+16(SB)/8, $0x0
-DATA ·reduce<>+24(SB)/8, $0x3ffffffffff
-
-// h = (f*g) % (2**130-5) [partial reduction]
-// uses T_0...T_9 temporary registers
-// input: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9
-// output: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2
-#define MULTIPLY(m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9) \
-	\ // Eliminate the dependency for the last 2 VMSLs
-	VMSLG m02_0, r_2, m4_2, m4_2                       \
-	VMSLG m13_0, r_2, m5_2, m5_2                       \ // 8 VMSLs pipelined
-	VMSLG m02_0, r_0, m4_0, m4_0                       \
-	VMSLG m02_1, r5_2, V0, T_0                         \
-	VMSLG m02_0, r_1, m4_1, m4_1                       \
-	VMSLG m02_1, r_0, V0, T_1                          \
-	VMSLG m02_1, r_1, V0, T_2                          \
-	VMSLG m02_2, r5_1, V0, T_3                         \
-	VMSLG m02_2, r5_2, V0, T_4                         \
-	VMSLG m13_0, r_0, m5_0, m5_0                       \
-	VMSLG m13_1, r5_2, V0, T_5                         \
-	VMSLG m13_0, r_1, m5_1, m5_1                       \
-	VMSLG m13_1, r_0, V0, T_6                          \
-	VMSLG m13_1, r_1, V0, T_7                          \
-	VMSLG m13_2, r5_1, V0, T_8                         \
-	VMSLG m13_2, r5_2, V0, T_9                         \
-	VMSLG m02_2, r_0, m4_2, m4_2                       \
-	VMSLG m13_2, r_0, m5_2, m5_2                       \
-	VAQ   m4_0, T_0, m02_0                             \
-	VAQ   m4_1, T_1, m02_1                             \
-	VAQ   m5_0, T_5, m13_0                             \
-	VAQ   m5_1, T_6, m13_1                             \
-	VAQ   m02_0, T_3, m02_0                            \
-	VAQ   m02_1, T_4, m02_1                            \
-	VAQ   m13_0, T_8, m13_0                            \
-	VAQ   m13_1, T_9, m13_1                            \
-	VAQ   m4_2, T_2, m02_2                             \
-	VAQ   m5_2, T_7, m13_2                             \
-
-// SQUARE uses three limbs of r and r_2*5 to output square of r
-// uses T_1, T_5 and T_7 temporary registers
-// input: r_0, r_1, r_2, r5_2
-// temp: TEMP0, TEMP1, TEMP2
-// output: p0, p1, p2
-#define SQUARE(r_0, r_1, r_2, r5_2, p0, p1, p2, TEMP0, TEMP1, TEMP2) \
-	VMSLG r_0, r_0, p0, p0     \
-	VMSLG r_1, r5_2, V0, TEMP0 \
-	VMSLG r_2, r5_2, p1, p1    \
-	VMSLG r_0, r_1, V0, TEMP1  \
-	VMSLG r_1, r_1, p2, p2     \
-	VMSLG r_0, r_2, V0, TEMP2  \
-	VAQ   TEMP0, p0, p0        \
-	VAQ   TEMP1, p1, p1        \
-	VAQ   TEMP2, p2, p2        \
-	VAQ   TEMP0, p0, p0        \
-	VAQ   TEMP1, p1, p1        \
-	VAQ   TEMP2, p2, p2        \
-
-// carry h0->h1->h2->h0 || h3->h4->h5->h3
-// uses T_2, T_4, T_5, T_7, T_8, T_9
-//       t6,  t7,  t8,  t9, t10, t11
-// input: h0, h1, h2, h3, h4, h5
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11
-// output: h0, h1, h2, h3, h4, h5
-#define REDUCE(h0, h1, h2, h3, h4, h5, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11) \
-	VLM    (R12), t6, t7  \ // 44 and 42 bit clear mask
-	VLEIB  $7, $0x28, t10 \ // 5 byte shift mask
-	VREPIB $4, t8         \ // 4 bit shift mask
-	VREPIB $2, t11        \ // 2 bit shift mask
-	VSRLB  t10, h0, t0    \ // h0 byte shift
-	VSRLB  t10, h1, t1    \ // h1 byte shift
-	VSRLB  t10, h2, t2    \ // h2 byte shift
-	VSRLB  t10, h3, t3    \ // h3 byte shift
-	VSRLB  t10, h4, t4    \ // h4 byte shift
-	VSRLB  t10, h5, t5    \ // h5 byte shift
-	VSRL   t8, t0, t0     \ // h0 bit shift
-	VSRL   t8, t1, t1     \ // h2 bit shift
-	VSRL   t11, t2, t2    \ // h2 bit shift
-	VSRL   t8, t3, t3     \ // h3 bit shift
-	VSRL   t8, t4, t4     \ // h4 bit shift
-	VESLG  $2, t2, t9     \ // h2 carry x5
-	VSRL   t11, t5, t5    \ // h5 bit shift
-	VN     t6, h0, h0     \ // h0 clear carry
-	VAQ    t2, t9, t2     \ // h2 carry x5
-	VESLG  $2, t5, t9     \ // h5 carry x5
-	VN     t6, h1, h1     \ // h1 clear carry
-	VN     t7, h2, h2     \ // h2 clear carry
-	VAQ    t5, t9, t5     \ // h5 carry x5
-	VN     t6, h3, h3     \ // h3 clear carry
-	VN     t6, h4, h4     \ // h4 clear carry
-	VN     t7, h5, h5     \ // h5 clear carry
-	VAQ    t0, h1, h1     \ // h0->h1
-	VAQ    t3, h4, h4     \ // h3->h4
-	VAQ    t1, h2, h2     \ // h1->h2
-	VAQ    t4, h5, h5     \ // h4->h5
-	VAQ    t2, h0, h0     \ // h2->h0
-	VAQ    t5, h3, h3     \ // h5->h3
-	VREPG  $1, t6, t6     \ // 44 and 42 bit masks across both halves
-	VREPG  $1, t7, t7     \
-	VSLDB  $8, h0, h0, h0 \ // set up [h0/1/2, h3/4/5]
-	VSLDB  $8, h1, h1, h1 \
-	VSLDB  $8, h2, h2, h2 \
-	VO     h0, h3, h3     \
-	VO     h1, h4, h4     \
-	VO     h2, h5, h5     \
-	VESRLG $44, h3, t0    \ // 44 bit shift right
-	VESRLG $44, h4, t1    \
-	VESRLG $42, h5, t2    \
-	VN     t6, h3, h3     \ // clear carry bits
-	VN     t6, h4, h4     \
-	VN     t7, h5, h5     \
-	VESLG  $2, t2, t9     \ // multiply carry by 5
-	VAQ    t9, t2, t2     \
-	VAQ    t0, h4, h4     \
-	VAQ    t1, h5, h5     \
-	VAQ    t2, h3, h3     \
-
-// carry h0->h1->h2->h0
-// input: h0, h1, h2
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8
-// output: h0, h1, h2
-#define REDUCE2(h0, h1, h2, t0, t1, t2, t3, t4, t5, t6, t7, t8) \
-	VLEIB  $7, $0x28, t3 \ // 5 byte shift mask
-	VREPIB $4, t4        \ // 4 bit shift mask
-	VREPIB $2, t7        \ // 2 bit shift mask
-	VGBM   $0x003F, t5   \ // mask to clear carry bits
-	VSRLB  t3, h0, t0    \
-	VSRLB  t3, h1, t1    \
-	VSRLB  t3, h2, t2    \
-	VESRLG $4, t5, t5    \ // 44 bit clear mask
-	VSRL   t4, t0, t0    \
-	VSRL   t4, t1, t1    \
-	VSRL   t7, t2, t2    \
-	VESRLG $2, t5, t6    \ // 42 bit clear mask
-	VESLG  $2, t2, t8    \
-	VAQ    t8, t2, t2    \
-	VN     t5, h0, h0    \
-	VN     t5, h1, h1    \
-	VN     t6, h2, h2    \
-	VAQ    t0, h1, h1    \
-	VAQ    t1, h2, h2    \
-	VAQ    t2, h0, h0    \
-	VSRLB  t3, h0, t0    \
-	VSRLB  t3, h1, t1    \
-	VSRLB  t3, h2, t2    \
-	VSRL   t4, t0, t0    \
-	VSRL   t4, t1, t1    \
-	VSRL   t7, t2, t2    \
-	VN     t5, h0, h0    \
-	VN     t5, h1, h1    \
-	VESLG  $2, t2, t8    \
-	VN     t6, h2, h2    \
-	VAQ    t0, h1, h1    \
-	VAQ    t8, t2, t2    \
-	VAQ    t1, h2, h2    \
-	VAQ    t2, h0, h0    \
-
-// expands two message blocks into the lower halfs of the d registers
-// moves the contents of the d registers into upper halfs
-// input: in1, in2, d0, d1, d2, d3, d4, d5
-// temp: TEMP0, TEMP1, TEMP2, TEMP3
-// output: d0, d1, d2, d3, d4, d5
-#define EXPACC(in1, in2, d0, d1, d2, d3, d4, d5, TEMP0, TEMP1, TEMP2, TEMP3) \
-	VGBM   $0xff3f, TEMP0      \
-	VGBM   $0xff1f, TEMP1      \
-	VESLG  $4, d1, TEMP2       \
-	VESLG  $4, d4, TEMP3       \
-	VESRLG $4, TEMP0, TEMP0    \
-	VPERM  in1, d0, EX0, d0    \
-	VPERM  in2, d3, EX0, d3    \
-	VPERM  in1, d2, EX2, d2    \
-	VPERM  in2, d5, EX2, d5    \
-	VPERM  in1, TEMP2, EX1, d1 \
-	VPERM  in2, TEMP3, EX1, d4 \
-	VN     TEMP0, d0, d0       \
-	VN     TEMP0, d3, d3       \
-	VESRLG $4, d1, d1          \
-	VESRLG $4, d4, d4          \
-	VN     TEMP1, d2, d2       \
-	VN     TEMP1, d5, d5       \
-	VN     TEMP0, d1, d1       \
-	VN     TEMP0, d4, d4       \
-
-// expands one message block into the lower halfs of the d registers
-// moves the contents of the d registers into upper halfs
-// input: in, d0, d1, d2
-// temp: TEMP0, TEMP1, TEMP2
-// output: d0, d1, d2
-#define EXPACC2(in, d0, d1, d2, TEMP0, TEMP1, TEMP2) \
-	VGBM   $0xff3f, TEMP0     \
-	VESLG  $4, d1, TEMP2      \
-	VGBM   $0xff1f, TEMP1     \
-	VPERM  in, d0, EX0, d0    \
-	VESRLG $4, TEMP0, TEMP0   \
-	VPERM  in, d2, EX2, d2    \
-	VPERM  in, TEMP2, EX1, d1 \
-	VN     TEMP0, d0, d0      \
-	VN     TEMP1, d2, d2      \
-	VESRLG $4, d1, d1         \
-	VN     TEMP0, d1, d1      \
-
-// pack h2:h0 into h1:h0 (no carry)
-// input: h0, h1, h2
-// output: h0, h1, h2
-#define PACK(h0, h1, h2) \
-	VMRLG  h1, h2, h2  \ // copy h1 to upper half h2
-	VESLG  $44, h1, h1 \ // shift limb 1 44 bits, leaving 20
-	VO     h0, h1, h0  \ // combine h0 with 20 bits from limb 1
-	VESRLG $20, h2, h1 \ // put top 24 bits of limb 1 into h1
-	VLEIG  $1, $0, h1  \ // clear h2 stuff from lower half of h1
-	VO     h0, h1, h0  \ // h0 now has 88 bits (limb 0 and 1)
-	VLEIG  $0, $0, h2  \ // clear upper half of h2
-	VESRLG $40, h2, h1 \ // h1 now has upper two bits of result
-	VLEIB  $7, $88, h1 \ // for byte shift (11 bytes)
-	VSLB   h1, h2, h2  \ // shift h2 11 bytes to the left
-	VO     h0, h2, h0  \ // combine h0 with 20 bits from limb 1
-	VLEIG  $0, $0, h1  \ // clear upper half of h1
-
-// if h > 2**130-5 then h -= 2**130-5
-// input: h0, h1
-// temp: t0, t1, t2
-// output: h0
-#define MOD(h0, h1, t0, t1, t2) \
-	VZERO t0          \
-	VLEIG $1, $5, t0  \
-	VACCQ h0, t0, t1  \
-	VAQ   h0, t0, t0  \
-	VONE  t2          \
-	VLEIG $1, $-4, t2 \
-	VAQ   t2, t1, t1  \
-	VACCQ h1, t1, t1  \
-	VONE  t2          \
-	VAQ   t2, t1, t1  \
-	VN    h0, t1, t2  \
-	VNC   t0, t1, t1  \
-	VO    t1, t2, h0  \
-
-// func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305vmsl(SB), $0-32
-	// This code processes 6 + up to 4 blocks (32 bytes) per iteration
-	// using the algorithm described in:
-	// NEON crypto, Daniel J. Bernstein & Peter Schwabe
-	// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
-	// And as moddified for VMSL as described in
-	// Accelerating Poly1305 Cryptographic Message Authentication on the z14
-	// O'Farrell et al, CASCON 2017, p48-55
-	// https://ibm.ent.box.com/s/jf9gedj0e9d2vjctfyh186shaztavnht
-
-	LMG   out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
-	VZERO V0                // c
-
-	// load EX0, EX1 and EX2
-	MOVD $·constants<>(SB), R5
-	VLM  (R5), EX0, EX2        // c
-
-	// setup r
-	VL    (R4), T_0
-	MOVD  $·keyMask<>(SB), R6
-	VL    (R6), T_1
-	VN    T_0, T_1, T_0
-	VZERO T_2                 // limbs for r
-	VZERO T_3
-	VZERO T_4
-	EXPACC2(T_0, T_2, T_3, T_4, T_1, T_5, T_7)
-
-	// T_2, T_3, T_4: [0, r]
-
-	// setup r*20
-	VLEIG $0, $0, T_0
-	VLEIG $1, $20, T_0       // T_0: [0, 20]
-	VZERO T_5
-	VZERO T_6
-	VMSLG T_0, T_3, T_5, T_5
-	VMSLG T_0, T_4, T_6, T_6
-
-	// store r for final block in GR
-	VLGVG $1, T_2, RSAVE_0  // c
-	VLGVG $1, T_3, RSAVE_1  // c
-	VLGVG $1, T_4, RSAVE_2  // c
-	VLGVG $1, T_5, R5SAVE_1 // c
-	VLGVG $1, T_6, R5SAVE_2 // c
-
-	// initialize h
-	VZERO H0_0
-	VZERO H1_0
-	VZERO H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	// initialize pointer for reduce constants
-	MOVD $·reduce<>(SB), R12
-
-	// calculate r**2 and 20*(r**2)
-	VZERO R_0
-	VZERO R_1
-	VZERO R_2
-	SQUARE(T_2, T_3, T_4, T_6, R_0, R_1, R_2, T_1, T_5, T_7)
-	REDUCE2(R_0, R_1, R_2, M0, M1, M2, M3, M4, R5_1, R5_2, M5, T_1)
-	VZERO R5_1
-	VZERO R5_2
-	VMSLG T_0, R_1, R5_1, R5_1
-	VMSLG T_0, R_2, R5_2, R5_2
-
-	// skip r**4 calculation if 3 blocks or less
-	CMPBLE R3, $48, b4
-
-	// calculate r**4 and 20*(r**4)
-	VZERO T_8
-	VZERO T_9
-	VZERO T_10
-	SQUARE(R_0, R_1, R_2, R5_2, T_8, T_9, T_10, T_1, T_5, T_7)
-	REDUCE2(T_8, T_9, T_10, M0, M1, M2, M3, M4, T_2, T_3, M5, T_1)
-	VZERO T_2
-	VZERO T_3
-	VMSLG T_0, T_9, T_2, T_2
-	VMSLG T_0, T_10, T_3, T_3
-
-	// put r**2 to the right and r**4 to the left of R_0, R_1, R_2
-	VSLDB $8, T_8, T_8, T_8
-	VSLDB $8, T_9, T_9, T_9
-	VSLDB $8, T_10, T_10, T_10
-	VSLDB $8, T_2, T_2, T_2
-	VSLDB $8, T_3, T_3, T_3
-
-	VO T_8, R_0, R_0
-	VO T_9, R_1, R_1
-	VO T_10, R_2, R_2
-	VO T_2, R5_1, R5_1
-	VO T_3, R5_2, R5_2
-
-	CMPBLE R3, $80, load // less than or equal to 5 blocks in message
-
-	// 6(or 5+1) blocks
-	SUB    $81, R3
-	VLM    (R2), M0, M4
-	VLL    R3, 80(R2), M5
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBGE R3, $16, 2(PC)
-	VLVGB  R3, R0, M5
-	MOVD   $96(R2), R2
-	EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
-	EXPACC(M2, M3, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
-	VLEIB  $2, $1, H2_0
-	VLEIB  $2, $1, H2_1
-	VLEIB  $10, $1, H2_0
-	VLEIB  $10, $1, H2_1
-
-	VZERO  M0
-	VZERO  M1
-	VZERO  M2
-	VZERO  M3
-	VZERO  T_4
-	VZERO  T_10
-	EXPACC(M4, M5, M0, M1, M2, M3, T_4, T_10, T_0, T_1, T_2, T_3)
-	VLR    T_4, M4
-	VLEIB  $10, $1, M2
-	CMPBLT R3, $16, 2(PC)
-	VLEIB  $10, $1, T_10
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG  V0, H0_1, H0_0
-	VMRHG  V0, H1_1, H1_0
-	VMRHG  V0, H2_1, H2_0
-	VMRLG  V0, H0_1, H0_1
-	VMRLG  V0, H1_1, H1_1
-	VMRLG  V0, H2_1, H2_1
-
-	SUB    $16, R3
-	CMPBLE R3, $0, square
-
-load:
-	// load EX0, EX1 and EX2
-	MOVD $·c<>(SB), R5
-	VLM  (R5), EX0, EX2
-
-loop:
-	CMPBLE R3, $64, add // b4	// last 4 or less blocks left
-
-	// next 4 full blocks
-	VLM  (R2), M2, M5
-	SUB  $64, R3
-	MOVD $64(R2), R2
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, T_0, T_1, T_3, T_4, T_5, T_2, T_7, T_8, T_9)
-
-	// expacc in-lined to create [m2, m3] limbs
-	VGBM   $0x3f3f, T_0     // 44 bit clear mask
-	VGBM   $0x1f1f, T_1     // 40 bit clear mask
-	VPERM  M2, M3, EX0, T_3
-	VESRLG $4, T_0, T_0     // 44 bit clear mask ready
-	VPERM  M2, M3, EX1, T_4
-	VPERM  M2, M3, EX2, T_5
-	VN     T_0, T_3, T_3
-	VESRLG $4, T_4, T_4
-	VN     T_1, T_5, T_5
-	VN     T_0, T_4, T_4
-	VMRHG  H0_1, T_3, H0_0
-	VMRHG  H1_1, T_4, H1_0
-	VMRHG  H2_1, T_5, H2_0
-	VMRLG  H0_1, T_3, H0_1
-	VMRLG  H1_1, T_4, H1_1
-	VMRLG  H2_1, T_5, H2_1
-	VLEIB  $10, $1, H2_0
-	VLEIB  $10, $1, H2_1
-	VPERM  M4, M5, EX0, T_3
-	VPERM  M4, M5, EX1, T_4
-	VPERM  M4, M5, EX2, T_5
-	VN     T_0, T_3, T_3
-	VESRLG $4, T_4, T_4
-	VN     T_1, T_5, T_5
-	VN     T_0, T_4, T_4
-	VMRHG  V0, T_3, M0
-	VMRHG  V0, T_4, M1
-	VMRHG  V0, T_5, M2
-	VMRLG  V0, T_3, M3
-	VMRLG  V0, T_4, M4
-	VMRLG  V0, T_5, M5
-	VLEIB  $10, $1, M2
-	VLEIB  $10, $1, M5
-
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	CMPBNE R3, $0, loop
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG  V0, H0_1, H0_0
-	VMRHG  V0, H1_1, H1_0
-	VMRHG  V0, H2_1, H2_0
-	VMRLG  V0, H0_1, H0_1
-	VMRLG  V0, H1_1, H1_1
-	VMRLG  V0, H2_1, H2_1
-
-	// load EX0, EX1, EX2
-	MOVD $·constants<>(SB), R5
-	VLM  (R5), EX0, EX2
-
-	// sum vectors
-	VAQ H0_0, H0_1, H0_0
-	VAQ H1_0, H1_1, H1_0
-	VAQ H2_0, H2_1, H2_0
-
-	// h may be >= 2*(2**130-5) so we need to reduce it again
-	// M0...M4 are used as temps here
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
-next:  // carry h1->h2
-	VLEIB  $7, $0x28, T_1
-	VREPIB $4, T_2
-	VGBM   $0x003F, T_3
-	VESRLG $4, T_3
-
-	// byte shift
-	VSRLB T_1, H1_0, T_4
-
-	// bit shift
-	VSRL T_2, T_4, T_4
-
-	// clear h1 carry bits
-	VN T_3, H1_0, H1_0
-
-	// add carry
-	VAQ T_4, H2_0, H2_0
-
-	// h is now < 2*(2**130-5)
-	// pack h into h1 (hi) and h0 (lo)
-	PACK(H0_0, H1_0, H2_0)
-
-	// if h > 2**130-5 then h -= 2**130-5
-	MOD(H0_0, H1_0, T_0, T_1, T_2)
-
-	// h += s
-	MOVD  $·bswapMask<>(SB), R5
-	VL    (R5), T_1
-	VL    16(R4), T_0
-	VPERM T_0, T_0, T_1, T_0    // reverse bytes (to big)
-	VAQ   T_0, H0_0, H0_0
-	VPERM H0_0, H0_0, T_1, H0_0 // reverse bytes (to little)
-	VST   H0_0, (R1)
-	RET
-
-add:
-	// load EX0, EX1, EX2
-	MOVD $·constants<>(SB), R5
-	VLM  (R5), EX0, EX2
-
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG  V0, H0_1, H0_0
-	VMRHG  V0, H1_1, H1_0
-	VMRHG  V0, H2_1, H2_0
-	VMRLG  V0, H0_1, H0_1
-	VMRLG  V0, H1_1, H1_1
-	VMRLG  V0, H2_1, H2_1
-	CMPBLE R3, $64, b4
-
-b4:
-	CMPBLE R3, $48, b3 // 3 blocks or less
-
-	// 4(3+1) blocks remaining
-	SUB    $49, R3
-	VLM    (R2), M0, M2
-	VLL    R3, 48(R2), M3
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, M3
-	MOVD   $64(R2), R2
-	EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
-	VLEIB  $10, $1, H2_0
-	VLEIB  $10, $1, H2_1
-	VZERO  M0
-	VZERO  M1
-	VZERO  M4
-	VZERO  M5
-	VZERO  T_4
-	VZERO  T_10
-	EXPACC(M2, M3, M0, M1, M4, M5, T_4, T_10, T_0, T_1, T_2, T_3)
-	VLR    T_4, M2
-	VLEIB  $10, $1, M4
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $10, $1, T_10
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M4, M5, M2, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG  V0, H0_1, H0_0
-	VMRHG  V0, H1_1, H1_0
-	VMRHG  V0, H2_1, H2_0
-	VMRLG  V0, H0_1, H0_1
-	VMRLG  V0, H1_1, H1_1
-	VMRLG  V0, H2_1, H2_1
-	SUB    $16, R3
-	CMPBLE R3, $0, square // this condition must always hold true!
-
-b3:
-	CMPBLE R3, $32, b2
-
-	// 3 blocks remaining
-
-	// setup [r²,r]
-	VSLDB $8, R_0, R_0, R_0
-	VSLDB $8, R_1, R_1, R_1
-	VSLDB $8, R_2, R_2, R_2
-	VSLDB $8, R5_1, R5_1, R5_1
-	VSLDB $8, R5_2, R5_2, R5_2
-
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, R5SAVE_1, R5_1
-	VLVGG $1, R5SAVE_2, R5_2
-
-	// setup [h0, h1]
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-	VO    H0_1, H0_0, H0_0
-	VO    H1_1, H1_0, H1_0
-	VO    H2_1, H2_0, H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-
-	// H*[r**2, r]
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, T_10, M5)
-
-	SUB    $33, R3
-	VLM    (R2), M0, M1
-	VLL    R3, 32(R2), M2
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, M2
-
-	// H += m0
-	VZERO T_1
-	VZERO T_2
-	VZERO T_3
-	EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)
-	VLEIB $10, $1, T_3
-	VAG   H0_0, T_1, H0_0
-	VAG   H1_0, T_2, H1_0
-	VAG   H2_0, T_3, H2_0
-
-	VZERO M0
-	VZERO M3
-	VZERO M4
-	VZERO M5
-	VZERO T_10
-
-	// (H+m0)*r
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M3, M4, M5, V0, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_10, H0_1, H1_1, H2_1, T_9)
-
-	// H += m1
-	VZERO V0
-	VZERO T_1
-	VZERO T_2
-	VZERO T_3
-	EXPACC2(M1, T_1, T_2, T_3, T_4, T_5, T_6)
-	VLEIB $10, $1, T_3
-	VAQ   H0_0, T_1, H0_0
-	VAQ   H1_0, T_2, H1_0
-	VAQ   H2_0, T_3, H2_0
-	REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
-
-	// [H, m2] * [r**2, r]
-	EXPACC2(M2, H0_0, H1_0, H2_0, T_1, T_2, T_3)
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $10, $1, H2_0
-	VZERO  M0
-	VZERO  M1
-	VZERO  M2
-	VZERO  M3
-	VZERO  M4
-	VZERO  M5
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, M5, T_10)
-	SUB    $16, R3
-	CMPBLE R3, $0, next   // this condition must always hold true!
-
-b2:
-	CMPBLE R3, $16, b1
-
-	// 2 blocks remaining
-
-	// setup [r²,r]
-	VSLDB $8, R_0, R_0, R_0
-	VSLDB $8, R_1, R_1, R_1
-	VSLDB $8, R_2, R_2, R_2
-	VSLDB $8, R5_1, R5_1, R5_1
-	VSLDB $8, R5_2, R5_2, R5_2
-
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, R5SAVE_1, R5_1
-	VLVGG $1, R5SAVE_2, R5_2
-
-	// setup [h0, h1]
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-	VO    H0_1, H0_0, H0_0
-	VO    H1_1, H1_0, H1_0
-	VO    H2_1, H2_0, H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-
-	// H*[r**2, r]
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG V0, H0_1, H0_0
-	VMRHG V0, H1_1, H1_0
-	VMRHG V0, H2_1, H2_0
-	VMRLG V0, H0_1, H0_1
-	VMRLG V0, H1_1, H1_1
-	VMRLG V0, H2_1, H2_1
-
-	// move h to the left and 0s at the right
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-
-	// get message blocks and append 1 to start
-	SUB    $17, R3
-	VL     (R2), M0
-	VLL    R3, 16(R2), M1
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, M1
-	VZERO  T_6
-	VZERO  T_7
-	VZERO  T_8
-	EXPACC2(M0, T_6, T_7, T_8, T_1, T_2, T_3)
-	EXPACC2(M1, T_6, T_7, T_8, T_1, T_2, T_3)
-	VLEIB  $2, $1, T_8
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $10, $1, T_8
-
-	// add [m0, m1] to h
-	VAG H0_0, T_6, H0_0
-	VAG H1_0, T_7, H1_0
-	VAG H2_0, T_8, H2_0
-
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-	VZERO T_10
-	VZERO M0
-
-	// at this point R_0 .. R5_2 look like [r**2, r]
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M2, M3, M4, M5, T_10, M0, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M2, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
-	SUB    $16, R3, R3
-	CMPBLE R3, $0, next
-
-b1:
-	CMPBLE R3, $0, next
-
-	// 1 block remaining
-
-	// setup [r²,r]
-	VSLDB $8, R_0, R_0, R_0
-	VSLDB $8, R_1, R_1, R_1
-	VSLDB $8, R_2, R_2, R_2
-	VSLDB $8, R5_1, R5_1, R5_1
-	VSLDB $8, R5_2, R5_2, R5_2
-
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, R5SAVE_1, R5_1
-	VLVGG $1, R5SAVE_2, R5_2
-
-	// setup [h0, h1]
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-	VO    H0_1, H0_0, H0_0
-	VO    H1_1, H1_0, H1_0
-	VO    H2_1, H2_0, H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-
-	// H*[r**2, r]
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
-	// set up [0, m0] limbs
-	SUB    $1, R3
-	VLL    R3, (R2), M0
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, M0
-	VZERO  T_1
-	VZERO  T_2
-	VZERO  T_3
-	EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)// limbs: [0, m]
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $10, $1, T_3
-
-	// h+m0
-	VAQ H0_0, T_1, H0_0
-	VAQ H1_0, T_2, H1_0
-	VAQ H2_0, T_3, H2_0
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
-	BR next
-
-square:
-	// setup [r²,r]
-	VSLDB $8, R_0, R_0, R_0
-	VSLDB $8, R_1, R_1, R_1
-	VSLDB $8, R_2, R_2, R_2
-	VSLDB $8, R5_1, R5_1, R5_1
-	VSLDB $8, R5_2, R5_2, R5_2
-
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, R5SAVE_1, R5_1
-	VLVGG $1, R5SAVE_2, R5_2
-
-	// setup [h0, h1]
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-	VO    H0_1, H0_0, H0_0
-	VO    H1_1, H1_0, H1_0
-	VO    H2_1, H2_0, H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-
-	// (h0*r**2) + (h1*r)
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-	BR next
-
-TEXT ·hasVMSLFacility(SB), NOSPLIT, $24-1
-	MOVD  $x-24(SP), R1
-	XC    $24, 0(R1), 0(R1) // clear the storage
-	MOVD  $2, R0            // R0 is the number of double words stored -1
-	WORD  $0xB2B01000       // STFLE 0(R1)
-	XOR   R0, R0            // reset the value of R0
-	MOVBZ z-8(SP), R1
-	AND   $0x01, R1
-	BEQ   novmsl
-
-vectorinstalled:
-	// check if the vector instruction has been enabled
-	VLEIB  $0, $0xF, V16
-	VLGVB  $0, V16, R1
-	CMPBNE R1, $0xF, novmsl
-	MOVB   $1, ret+0(FP)    // have vx
-	RET
-
-novmsl:
-	MOVB $0, ret+0(FP) // no vx
-	RET
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s b/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
deleted file mode 100644
index 22afbdcadcfa9..0000000000000
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa2020_amd64.s
+++ /dev/null
@@ -1,889 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!appengine,!gccgo
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
-// This needs up to 64 bytes at 360(SP); hence the non-obvious frame size.
-TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
-	MOVQ out+0(FP),DI
-	MOVQ in+8(FP),SI
-	MOVQ n+16(FP),DX
-	MOVQ nonce+24(FP),CX
-	MOVQ key+32(FP),R8
-
-	MOVQ SP,R12
-	MOVQ SP,R9
-	ADDQ $31, R9
-	ANDQ $~31, R9
-	MOVQ R9, SP
-
-	MOVQ DX,R9
-	MOVQ CX,DX
-	MOVQ R8,R10
-	CMPQ R9,$0
-	JBE DONE
-	START:
-	MOVL 20(R10),CX
-	MOVL 0(R10),R8
-	MOVL 0(DX),AX
-	MOVL 16(R10),R11
-	MOVL CX,0(SP)
-	MOVL R8, 4 (SP)
-	MOVL AX, 8 (SP)
-	MOVL R11, 12 (SP)
-	MOVL 8(DX),CX
-	MOVL 24(R10),R8
-	MOVL 4(R10),AX
-	MOVL 4(DX),R11
-	MOVL CX,16(SP)
-	MOVL R8, 20 (SP)
-	MOVL AX, 24 (SP)
-	MOVL R11, 28 (SP)
-	MOVL 12(DX),CX
-	MOVL 12(R10),DX
-	MOVL 28(R10),R8
-	MOVL 8(R10),AX
-	MOVL DX,32(SP)
-	MOVL CX, 36 (SP)
-	MOVL R8, 40 (SP)
-	MOVL AX, 44 (SP)
-	MOVQ $1634760805,DX
-	MOVQ $857760878,CX
-	MOVQ $2036477234,R8
-	MOVQ $1797285236,AX
-	MOVL DX,48(SP)
-	MOVL CX, 52 (SP)
-	MOVL R8, 56 (SP)
-	MOVL AX, 60 (SP)
-	CMPQ R9,$256
-	JB BYTESBETWEEN1AND255
-	MOVOA 48(SP),X0
-	PSHUFL $0X55,X0,X1
-	PSHUFL $0XAA,X0,X2
-	PSHUFL $0XFF,X0,X3
-	PSHUFL $0X00,X0,X0
-	MOVOA X1,64(SP)
-	MOVOA X2,80(SP)
-	MOVOA X3,96(SP)
-	MOVOA X0,112(SP)
-	MOVOA 0(SP),X0
-	PSHUFL $0XAA,X0,X1
-	PSHUFL $0XFF,X0,X2
-	PSHUFL $0X00,X0,X3
-	PSHUFL $0X55,X0,X0
-	MOVOA X1,128(SP)
-	MOVOA X2,144(SP)
-	MOVOA X3,160(SP)
-	MOVOA X0,176(SP)
-	MOVOA 16(SP),X0
-	PSHUFL $0XFF,X0,X1
-	PSHUFL $0X55,X0,X2
-	PSHUFL $0XAA,X0,X0
-	MOVOA X1,192(SP)
-	MOVOA X2,208(SP)
-	MOVOA X0,224(SP)
-	MOVOA 32(SP),X0
-	PSHUFL $0X00,X0,X1
-	PSHUFL $0XAA,X0,X2
-	PSHUFL $0XFF,X0,X0
-	MOVOA X1,240(SP)
-	MOVOA X2,256(SP)
-	MOVOA X0,272(SP)
-	BYTESATLEAST256:
-	MOVL 16(SP),DX
-	MOVL  36 (SP),CX
-	MOVL DX,288(SP)
-	MOVL CX,304(SP)
-	ADDQ $1,DX
-	SHLQ $32,CX
-	ADDQ CX,DX
-	MOVQ DX,CX
-	SHRQ $32,CX
-	MOVL DX, 292 (SP)
-	MOVL CX, 308 (SP)
-	ADDQ $1,DX
-	SHLQ $32,CX
-	ADDQ CX,DX
-	MOVQ DX,CX
-	SHRQ $32,CX
-	MOVL DX, 296 (SP)
-	MOVL CX, 312 (SP)
-	ADDQ $1,DX
-	SHLQ $32,CX
-	ADDQ CX,DX
-	MOVQ DX,CX
-	SHRQ $32,CX
-	MOVL DX, 300 (SP)
-	MOVL CX, 316 (SP)
-	ADDQ $1,DX
-	SHLQ $32,CX
-	ADDQ CX,DX
-	MOVQ DX,CX
-	SHRQ $32,CX
-	MOVL DX,16(SP)
-	MOVL CX, 36 (SP)
-	MOVQ R9,352(SP)
-	MOVQ $20,DX
-	MOVOA 64(SP),X0
-	MOVOA 80(SP),X1
-	MOVOA 96(SP),X2
-	MOVOA 256(SP),X3
-	MOVOA 272(SP),X4
-	MOVOA 128(SP),X5
-	MOVOA 144(SP),X6
-	MOVOA 176(SP),X7
-	MOVOA 192(SP),X8
-	MOVOA 208(SP),X9
-	MOVOA 224(SP),X10
-	MOVOA 304(SP),X11
-	MOVOA 112(SP),X12
-	MOVOA 160(SP),X13
-	MOVOA 240(SP),X14
-	MOVOA 288(SP),X15
-	MAINLOOP1:
-	MOVOA X1,320(SP)
-	MOVOA X2,336(SP)
-	MOVOA X13,X1
-	PADDL X12,X1
-	MOVOA X1,X2
-	PSLLL $7,X1
-	PXOR X1,X14
-	PSRLL $25,X2
-	PXOR X2,X14
-	MOVOA X7,X1
-	PADDL X0,X1
-	MOVOA X1,X2
-	PSLLL $7,X1
-	PXOR X1,X11
-	PSRLL $25,X2
-	PXOR X2,X11
-	MOVOA X12,X1
-	PADDL X14,X1
-	MOVOA X1,X2
-	PSLLL $9,X1
-	PXOR X1,X15
-	PSRLL $23,X2
-	PXOR X2,X15
-	MOVOA X0,X1
-	PADDL X11,X1
-	MOVOA X1,X2
-	PSLLL $9,X1
-	PXOR X1,X9
-	PSRLL $23,X2
-	PXOR X2,X9
-	MOVOA X14,X1
-	PADDL X15,X1
-	MOVOA X1,X2
-	PSLLL $13,X1
-	PXOR X1,X13
-	PSRLL $19,X2
-	PXOR X2,X13
-	MOVOA X11,X1
-	PADDL X9,X1
-	MOVOA X1,X2
-	PSLLL $13,X1
-	PXOR X1,X7
-	PSRLL $19,X2
-	PXOR X2,X7
-	MOVOA X15,X1
-	PADDL X13,X1
-	MOVOA X1,X2
-	PSLLL $18,X1
-	PXOR X1,X12
-	PSRLL $14,X2
-	PXOR X2,X12
-	MOVOA 320(SP),X1
-	MOVOA X12,320(SP)
-	MOVOA X9,X2
-	PADDL X7,X2
-	MOVOA X2,X12
-	PSLLL $18,X2
-	PXOR X2,X0
-	PSRLL $14,X12
-	PXOR X12,X0
-	MOVOA X5,X2
-	PADDL X1,X2
-	MOVOA X2,X12
-	PSLLL $7,X2
-	PXOR X2,X3
-	PSRLL $25,X12
-	PXOR X12,X3
-	MOVOA 336(SP),X2
-	MOVOA X0,336(SP)
-	MOVOA X6,X0
-	PADDL X2,X0
-	MOVOA X0,X12
-	PSLLL $7,X0
-	PXOR X0,X4
-	PSRLL $25,X12
-	PXOR X12,X4
-	MOVOA X1,X0
-	PADDL X3,X0
-	MOVOA X0,X12
-	PSLLL $9,X0
-	PXOR X0,X10
-	PSRLL $23,X12
-	PXOR X12,X10
-	MOVOA X2,X0
-	PADDL X4,X0
-	MOVOA X0,X12
-	PSLLL $9,X0
-	PXOR X0,X8
-	PSRLL $23,X12
-	PXOR X12,X8
-	MOVOA X3,X0
-	PADDL X10,X0
-	MOVOA X0,X12
-	PSLLL $13,X0
-	PXOR X0,X5
-	PSRLL $19,X12
-	PXOR X12,X5
-	MOVOA X4,X0
-	PADDL X8,X0
-	MOVOA X0,X12
-	PSLLL $13,X0
-	PXOR X0,X6
-	PSRLL $19,X12
-	PXOR X12,X6
-	MOVOA X10,X0
-	PADDL X5,X0
-	MOVOA X0,X12
-	PSLLL $18,X0
-	PXOR X0,X1
-	PSRLL $14,X12
-	PXOR X12,X1
-	MOVOA 320(SP),X0
-	MOVOA X1,320(SP)
-	MOVOA X4,X1
-	PADDL X0,X1
-	MOVOA X1,X12
-	PSLLL $7,X1
-	PXOR X1,X7
-	PSRLL $25,X12
-	PXOR X12,X7
-	MOVOA X8,X1
-	PADDL X6,X1
-	MOVOA X1,X12
-	PSLLL $18,X1
-	PXOR X1,X2
-	PSRLL $14,X12
-	PXOR X12,X2
-	MOVOA 336(SP),X12
-	MOVOA X2,336(SP)
-	MOVOA X14,X1
-	PADDL X12,X1
-	MOVOA X1,X2
-	PSLLL $7,X1
-	PXOR X1,X5
-	PSRLL $25,X2
-	PXOR X2,X5
-	MOVOA X0,X1
-	PADDL X7,X1
-	MOVOA X1,X2
-	PSLLL $9,X1
-	PXOR X1,X10
-	PSRLL $23,X2
-	PXOR X2,X10
-	MOVOA X12,X1
-	PADDL X5,X1
-	MOVOA X1,X2
-	PSLLL $9,X1
-	PXOR X1,X8
-	PSRLL $23,X2
-	PXOR X2,X8
-	MOVOA X7,X1
-	PADDL X10,X1
-	MOVOA X1,X2
-	PSLLL $13,X1
-	PXOR X1,X4
-	PSRLL $19,X2
-	PXOR X2,X4
-	MOVOA X5,X1
-	PADDL X8,X1
-	MOVOA X1,X2
-	PSLLL $13,X1
-	PXOR X1,X14
-	PSRLL $19,X2
-	PXOR X2,X14
-	MOVOA X10,X1
-	PADDL X4,X1
-	MOVOA X1,X2
-	PSLLL $18,X1
-	PXOR X1,X0
-	PSRLL $14,X2
-	PXOR X2,X0
-	MOVOA 320(SP),X1
-	MOVOA X0,320(SP)
-	MOVOA X8,X0
-	PADDL X14,X0
-	MOVOA X0,X2
-	PSLLL $18,X0
-	PXOR X0,X12
-	PSRLL $14,X2
-	PXOR X2,X12
-	MOVOA X11,X0
-	PADDL X1,X0
-	MOVOA X0,X2
-	PSLLL $7,X0
-	PXOR X0,X6
-	PSRLL $25,X2
-	PXOR X2,X6
-	MOVOA 336(SP),X2
-	MOVOA X12,336(SP)
-	MOVOA X3,X0
-	PADDL X2,X0
-	MOVOA X0,X12
-	PSLLL $7,X0
-	PXOR X0,X13
-	PSRLL $25,X12
-	PXOR X12,X13
-	MOVOA X1,X0
-	PADDL X6,X0
-	MOVOA X0,X12
-	PSLLL $9,X0
-	PXOR X0,X15
-	PSRLL $23,X12
-	PXOR X12,X15
-	MOVOA X2,X0
-	PADDL X13,X0
-	MOVOA X0,X12
-	PSLLL $9,X0
-	PXOR X0,X9
-	PSRLL $23,X12
-	PXOR X12,X9
-	MOVOA X6,X0
-	PADDL X15,X0
-	MOVOA X0,X12
-	PSLLL $13,X0
-	PXOR X0,X11
-	PSRLL $19,X12
-	PXOR X12,X11
-	MOVOA X13,X0
-	PADDL X9,X0
-	MOVOA X0,X12
-	PSLLL $13,X0
-	PXOR X0,X3
-	PSRLL $19,X12
-	PXOR X12,X3
-	MOVOA X15,X0
-	PADDL X11,X0
-	MOVOA X0,X12
-	PSLLL $18,X0
-	PXOR X0,X1
-	PSRLL $14,X12
-	PXOR X12,X1
-	MOVOA X9,X0
-	PADDL X3,X0
-	MOVOA X0,X12
-	PSLLL $18,X0
-	PXOR X0,X2
-	PSRLL $14,X12
-	PXOR X12,X2
-	MOVOA 320(SP),X12
-	MOVOA 336(SP),X0
-	SUBQ $2,DX
-	JA MAINLOOP1
-	PADDL 112(SP),X12
-	PADDL 176(SP),X7
-	PADDL 224(SP),X10
-	PADDL 272(SP),X4
-	MOVD X12,DX
-	MOVD X7,CX
-	MOVD X10,R8
-	MOVD X4,R9
-	PSHUFL $0X39,X12,X12
-	PSHUFL $0X39,X7,X7
-	PSHUFL $0X39,X10,X10
-	PSHUFL $0X39,X4,X4
-	XORL 0(SI),DX
-	XORL 4(SI),CX
-	XORL 8(SI),R8
-	XORL 12(SI),R9
-	MOVL DX,0(DI)
-	MOVL CX,4(DI)
-	MOVL R8,8(DI)
-	MOVL R9,12(DI)
-	MOVD X12,DX
-	MOVD X7,CX
-	MOVD X10,R8
-	MOVD X4,R9
-	PSHUFL $0X39,X12,X12
-	PSHUFL $0X39,X7,X7
-	PSHUFL $0X39,X10,X10
-	PSHUFL $0X39,X4,X4
-	XORL 64(SI),DX
-	XORL 68(SI),CX
-	XORL 72(SI),R8
-	XORL 76(SI),R9
-	MOVL DX,64(DI)
-	MOVL CX,68(DI)
-	MOVL R8,72(DI)
-	MOVL R9,76(DI)
-	MOVD X12,DX
-	MOVD X7,CX
-	MOVD X10,R8
-	MOVD X4,R9
-	PSHUFL $0X39,X12,X12
-	PSHUFL $0X39,X7,X7
-	PSHUFL $0X39,X10,X10
-	PSHUFL $0X39,X4,X4
-	XORL 128(SI),DX
-	XORL 132(SI),CX
-	XORL 136(SI),R8
-	XORL 140(SI),R9
-	MOVL DX,128(DI)
-	MOVL CX,132(DI)
-	MOVL R8,136(DI)
-	MOVL R9,140(DI)
-	MOVD X12,DX
-	MOVD X7,CX
-	MOVD X10,R8
-	MOVD X4,R9
-	XORL 192(SI),DX
-	XORL 196(SI),CX
-	XORL 200(SI),R8
-	XORL 204(SI),R9
-	MOVL DX,192(DI)
-	MOVL CX,196(DI)
-	MOVL R8,200(DI)
-	MOVL R9,204(DI)
-	PADDL 240(SP),X14
-	PADDL 64(SP),X0
-	PADDL 128(SP),X5
-	PADDL 192(SP),X8
-	MOVD X14,DX
-	MOVD X0,CX
-	MOVD X5,R8
-	MOVD X8,R9
-	PSHUFL $0X39,X14,X14
-	PSHUFL $0X39,X0,X0
-	PSHUFL $0X39,X5,X5
-	PSHUFL $0X39,X8,X8
-	XORL 16(SI),DX
-	XORL 20(SI),CX
-	XORL 24(SI),R8
-	XORL 28(SI),R9
-	MOVL DX,16(DI)
-	MOVL CX,20(DI)
-	MOVL R8,24(DI)
-	MOVL R9,28(DI)
-	MOVD X14,DX
-	MOVD X0,CX
-	MOVD X5,R8
-	MOVD X8,R9
-	PSHUFL $0X39,X14,X14
-	PSHUFL $0X39,X0,X0
-	PSHUFL $0X39,X5,X5
-	PSHUFL $0X39,X8,X8
-	XORL 80(SI),DX
-	XORL 84(SI),CX
-	XORL 88(SI),R8
-	XORL 92(SI),R9
-	MOVL DX,80(DI)
-	MOVL CX,84(DI)
-	MOVL R8,88(DI)
-	MOVL R9,92(DI)
-	MOVD X14,DX
-	MOVD X0,CX
-	MOVD X5,R8
-	MOVD X8,R9
-	PSHUFL $0X39,X14,X14
-	PSHUFL $0X39,X0,X0
-	PSHUFL $0X39,X5,X5
-	PSHUFL $0X39,X8,X8
-	XORL 144(SI),DX
-	XORL 148(SI),CX
-	XORL 152(SI),R8
-	XORL 156(SI),R9
-	MOVL DX,144(DI)
-	MOVL CX,148(DI)
-	MOVL R8,152(DI)
-	MOVL R9,156(DI)
-	MOVD X14,DX
-	MOVD X0,CX
-	MOVD X5,R8
-	MOVD X8,R9
-	XORL 208(SI),DX
-	XORL 212(SI),CX
-	XORL 216(SI),R8
-	XORL 220(SI),R9
-	MOVL DX,208(DI)
-	MOVL CX,212(DI)
-	MOVL R8,216(DI)
-	MOVL R9,220(DI)
-	PADDL 288(SP),X15
-	PADDL 304(SP),X11
-	PADDL 80(SP),X1
-	PADDL 144(SP),X6
-	MOVD X15,DX
-	MOVD X11,CX
-	MOVD X1,R8
-	MOVD X6,R9
-	PSHUFL $0X39,X15,X15
-	PSHUFL $0X39,X11,X11
-	PSHUFL $0X39,X1,X1
-	PSHUFL $0X39,X6,X6
-	XORL 32(SI),DX
-	XORL 36(SI),CX
-	XORL 40(SI),R8
-	XORL 44(SI),R9
-	MOVL DX,32(DI)
-	MOVL CX,36(DI)
-	MOVL R8,40(DI)
-	MOVL R9,44(DI)
-	MOVD X15,DX
-	MOVD X11,CX
-	MOVD X1,R8
-	MOVD X6,R9
-	PSHUFL $0X39,X15,X15
-	PSHUFL $0X39,X11,X11
-	PSHUFL $0X39,X1,X1
-	PSHUFL $0X39,X6,X6
-	XORL 96(SI),DX
-	XORL 100(SI),CX
-	XORL 104(SI),R8
-	XORL 108(SI),R9
-	MOVL DX,96(DI)
-	MOVL CX,100(DI)
-	MOVL R8,104(DI)
-	MOVL R9,108(DI)
-	MOVD X15,DX
-	MOVD X11,CX
-	MOVD X1,R8
-	MOVD X6,R9
-	PSHUFL $0X39,X15,X15
-	PSHUFL $0X39,X11,X11
-	PSHUFL $0X39,X1,X1
-	PSHUFL $0X39,X6,X6
-	XORL 160(SI),DX
-	XORL 164(SI),CX
-	XORL 168(SI),R8
-	XORL 172(SI),R9
-	MOVL DX,160(DI)
-	MOVL CX,164(DI)
-	MOVL R8,168(DI)
-	MOVL R9,172(DI)
-	MOVD X15,DX
-	MOVD X11,CX
-	MOVD X1,R8
-	MOVD X6,R9
-	XORL 224(SI),DX
-	XORL 228(SI),CX
-	XORL 232(SI),R8
-	XORL 236(SI),R9
-	MOVL DX,224(DI)
-	MOVL CX,228(DI)
-	MOVL R8,232(DI)
-	MOVL R9,236(DI)
-	PADDL 160(SP),X13
-	PADDL 208(SP),X9
-	PADDL 256(SP),X3
-	PADDL 96(SP),X2
-	MOVD X13,DX
-	MOVD X9,CX
-	MOVD X3,R8
-	MOVD X2,R9
-	PSHUFL $0X39,X13,X13
-	PSHUFL $0X39,X9,X9
-	PSHUFL $0X39,X3,X3
-	PSHUFL $0X39,X2,X2
-	XORL 48(SI),DX
-	XORL 52(SI),CX
-	XORL 56(SI),R8
-	XORL 60(SI),R9
-	MOVL DX,48(DI)
-	MOVL CX,52(DI)
-	MOVL R8,56(DI)
-	MOVL R9,60(DI)
-	MOVD X13,DX
-	MOVD X9,CX
-	MOVD X3,R8
-	MOVD X2,R9
-	PSHUFL $0X39,X13,X13
-	PSHUFL $0X39,X9,X9
-	PSHUFL $0X39,X3,X3
-	PSHUFL $0X39,X2,X2
-	XORL 112(SI),DX
-	XORL 116(SI),CX
-	XORL 120(SI),R8
-	XORL 124(SI),R9
-	MOVL DX,112(DI)
-	MOVL CX,116(DI)
-	MOVL R8,120(DI)
-	MOVL R9,124(DI)
-	MOVD X13,DX
-	MOVD X9,CX
-	MOVD X3,R8
-	MOVD X2,R9
-	PSHUFL $0X39,X13,X13
-	PSHUFL $0X39,X9,X9
-	PSHUFL $0X39,X3,X3
-	PSHUFL $0X39,X2,X2
-	XORL 176(SI),DX
-	XORL 180(SI),CX
-	XORL 184(SI),R8
-	XORL 188(SI),R9
-	MOVL DX,176(DI)
-	MOVL CX,180(DI)
-	MOVL R8,184(DI)
-	MOVL R9,188(DI)
-	MOVD X13,DX
-	MOVD X9,CX
-	MOVD X3,R8
-	MOVD X2,R9
-	XORL 240(SI),DX
-	XORL 244(SI),CX
-	XORL 248(SI),R8
-	XORL 252(SI),R9
-	MOVL DX,240(DI)
-	MOVL CX,244(DI)
-	MOVL R8,248(DI)
-	MOVL R9,252(DI)
-	MOVQ 352(SP),R9
-	SUBQ $256,R9
-	ADDQ $256,SI
-	ADDQ $256,DI
-	CMPQ R9,$256
-	JAE BYTESATLEAST256
-	CMPQ R9,$0
-	JBE DONE
-	BYTESBETWEEN1AND255:
-	CMPQ R9,$64
-	JAE NOCOPY
-	MOVQ DI,DX
-	LEAQ 360(SP),DI
-	MOVQ R9,CX
-	REP; MOVSB
-	LEAQ 360(SP),DI
-	LEAQ 360(SP),SI
-	NOCOPY:
-	MOVQ R9,352(SP)
-	MOVOA 48(SP),X0
-	MOVOA 0(SP),X1
-	MOVOA 16(SP),X2
-	MOVOA 32(SP),X3
-	MOVOA X1,X4
-	MOVQ $20,CX
-	MAINLOOP2:
-	PADDL X0,X4
-	MOVOA X0,X5
-	MOVOA X4,X6
-	PSLLL $7,X4
-	PSRLL $25,X6
-	PXOR X4,X3
-	PXOR X6,X3
-	PADDL X3,X5
-	MOVOA X3,X4
-	MOVOA X5,X6
-	PSLLL $9,X5
-	PSRLL $23,X6
-	PXOR X5,X2
-	PSHUFL $0X93,X3,X3
-	PXOR X6,X2
-	PADDL X2,X4
-	MOVOA X2,X5
-	MOVOA X4,X6
-	PSLLL $13,X4
-	PSRLL $19,X6
-	PXOR X4,X1
-	PSHUFL $0X4E,X2,X2
-	PXOR X6,X1
-	PADDL X1,X5
-	MOVOA X3,X4
-	MOVOA X5,X6
-	PSLLL $18,X5
-	PSRLL $14,X6
-	PXOR X5,X0
-	PSHUFL $0X39,X1,X1
-	PXOR X6,X0
-	PADDL X0,X4
-	MOVOA X0,X5
-	MOVOA X4,X6
-	PSLLL $7,X4
-	PSRLL $25,X6
-	PXOR X4,X1
-	PXOR X6,X1
-	PADDL X1,X5
-	MOVOA X1,X4
-	MOVOA X5,X6
-	PSLLL $9,X5
-	PSRLL $23,X6
-	PXOR X5,X2
-	PSHUFL $0X93,X1,X1
-	PXOR X6,X2
-	PADDL X2,X4
-	MOVOA X2,X5
-	MOVOA X4,X6
-	PSLLL $13,X4
-	PSRLL $19,X6
-	PXOR X4,X3
-	PSHUFL $0X4E,X2,X2
-	PXOR X6,X3
-	PADDL X3,X5
-	MOVOA X1,X4
-	MOVOA X5,X6
-	PSLLL $18,X5
-	PSRLL $14,X6
-	PXOR X5,X0
-	PSHUFL $0X39,X3,X3
-	PXOR X6,X0
-	PADDL X0,X4
-	MOVOA X0,X5
-	MOVOA X4,X6
-	PSLLL $7,X4
-	PSRLL $25,X6
-	PXOR X4,X3
-	PXOR X6,X3
-	PADDL X3,X5
-	MOVOA X3,X4
-	MOVOA X5,X6
-	PSLLL $9,X5
-	PSRLL $23,X6
-	PXOR X5,X2
-	PSHUFL $0X93,X3,X3
-	PXOR X6,X2
-	PADDL X2,X4
-	MOVOA X2,X5
-	MOVOA X4,X6
-	PSLLL $13,X4
-	PSRLL $19,X6
-	PXOR X4,X1
-	PSHUFL $0X4E,X2,X2
-	PXOR X6,X1
-	PADDL X1,X5
-	MOVOA X3,X4
-	MOVOA X5,X6
-	PSLLL $18,X5
-	PSRLL $14,X6
-	PXOR X5,X0
-	PSHUFL $0X39,X1,X1
-	PXOR X6,X0
-	PADDL X0,X4
-	MOVOA X0,X5
-	MOVOA X4,X6
-	PSLLL $7,X4
-	PSRLL $25,X6
-	PXOR X4,X1
-	PXOR X6,X1
-	PADDL X1,X5
-	MOVOA X1,X4
-	MOVOA X5,X6
-	PSLLL $9,X5
-	PSRLL $23,X6
-	PXOR X5,X2
-	PSHUFL $0X93,X1,X1
-	PXOR X6,X2
-	PADDL X2,X4
-	MOVOA X2,X5
-	MOVOA X4,X6
-	PSLLL $13,X4
-	PSRLL $19,X6
-	PXOR X4,X3
-	PSHUFL $0X4E,X2,X2
-	PXOR X6,X3
-	SUBQ $4,CX
-	PADDL X3,X5
-	MOVOA X1,X4
-	MOVOA X5,X6
-	PSLLL $18,X5
-	PXOR X7,X7
-	PSRLL $14,X6
-	PXOR X5,X0
-	PSHUFL $0X39,X3,X3
-	PXOR X6,X0
-	JA MAINLOOP2
-	PADDL 48(SP),X0
-	PADDL 0(SP),X1
-	PADDL 16(SP),X2
-	PADDL 32(SP),X3
-	MOVD X0,CX
-	MOVD X1,R8
-	MOVD X2,R9
-	MOVD X3,AX
-	PSHUFL $0X39,X0,X0
-	PSHUFL $0X39,X1,X1
-	PSHUFL $0X39,X2,X2
-	PSHUFL $0X39,X3,X3
-	XORL 0(SI),CX
-	XORL 48(SI),R8
-	XORL 32(SI),R9
-	XORL 16(SI),AX
-	MOVL CX,0(DI)
-	MOVL R8,48(DI)
-	MOVL R9,32(DI)
-	MOVL AX,16(DI)
-	MOVD X0,CX
-	MOVD X1,R8
-	MOVD X2,R9
-	MOVD X3,AX
-	PSHUFL $0X39,X0,X0
-	PSHUFL $0X39,X1,X1
-	PSHUFL $0X39,X2,X2
-	PSHUFL $0X39,X3,X3
-	XORL 20(SI),CX
-	XORL 4(SI),R8
-	XORL 52(SI),R9
-	XORL 36(SI),AX
-	MOVL CX,20(DI)
-	MOVL R8,4(DI)
-	MOVL R9,52(DI)
-	MOVL AX,36(DI)
-	MOVD X0,CX
-	MOVD X1,R8
-	MOVD X2,R9
-	MOVD X3,AX
-	PSHUFL $0X39,X0,X0
-	PSHUFL $0X39,X1,X1
-	PSHUFL $0X39,X2,X2
-	PSHUFL $0X39,X3,X3
-	XORL 40(SI),CX
-	XORL 24(SI),R8
-	XORL 8(SI),R9
-	XORL 56(SI),AX
-	MOVL CX,40(DI)
-	MOVL R8,24(DI)
-	MOVL R9,8(DI)
-	MOVL AX,56(DI)
-	MOVD X0,CX
-	MOVD X1,R8
-	MOVD X2,R9
-	MOVD X3,AX
-	XORL 60(SI),CX
-	XORL 44(SI),R8
-	XORL 28(SI),R9
-	XORL 12(SI),AX
-	MOVL CX,60(DI)
-	MOVL R8,44(DI)
-	MOVL R9,28(DI)
-	MOVL AX,12(DI)
-	MOVQ 352(SP),R9
-	MOVL 16(SP),CX
-	MOVL  36 (SP),R8
-	ADDQ $1,CX
-	SHLQ $32,R8
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $32,R8
-	MOVL CX,16(SP)
-	MOVL R8, 36 (SP)
-	CMPQ R9,$64
-	JA BYTESATLEAST65
-	JAE BYTESATLEAST64
-	MOVQ DI,SI
-	MOVQ DX,DI
-	MOVQ R9,CX
-	REP; MOVSB
-	BYTESATLEAST64:
-	DONE:
-	MOVQ R12,SP
-	RET
-	BYTESATLEAST65:
-	SUBQ $64,R9
-	ADDQ $64,DI
-	ADDQ $64,SI
-	JMP BYTESBETWEEN1AND255
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
index f9269c38484db..c400dfcf7bce5 100644
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
@@ -2,14 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!appengine,!gccgo
+//go:build amd64 && !purego && gc
+// +build amd64,!purego,gc
 
 package salsa
 
-// This function is implemented in salsa2020_amd64.s.
-
 //go:noescape
 
+// salsa2020XORKeyStream is implemented in salsa20_amd64.s.
 func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
 
 // XORKeyStream crypts bytes from in to out using the given key and counters.
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s
new file mode 100644
index 0000000000000..f97efc67648de
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s
@@ -0,0 +1,880 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!purego,gc
+
+// This code was translated into a form compatible with 6a from the public
+// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
+
+// func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
+// This needs up to 64 bytes at 360(R12); hence the non-obvious frame size.
+TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
+	MOVQ out+0(FP),DI
+	MOVQ in+8(FP),SI
+	MOVQ n+16(FP),DX
+	MOVQ nonce+24(FP),CX
+	MOVQ key+32(FP),R8
+
+	MOVQ SP,R12
+	ADDQ $31, R12
+	ANDQ $~31, R12
+
+	MOVQ DX,R9
+	MOVQ CX,DX
+	MOVQ R8,R10
+	CMPQ R9,$0
+	JBE DONE
+	START:
+	MOVL 20(R10),CX
+	MOVL 0(R10),R8
+	MOVL 0(DX),AX
+	MOVL 16(R10),R11
+	MOVL CX,0(R12)
+	MOVL R8, 4 (R12)
+	MOVL AX, 8 (R12)
+	MOVL R11, 12 (R12)
+	MOVL 8(DX),CX
+	MOVL 24(R10),R8
+	MOVL 4(R10),AX
+	MOVL 4(DX),R11
+	MOVL CX,16(R12)
+	MOVL R8, 20 (R12)
+	MOVL AX, 24 (R12)
+	MOVL R11, 28 (R12)
+	MOVL 12(DX),CX
+	MOVL 12(R10),DX
+	MOVL 28(R10),R8
+	MOVL 8(R10),AX
+	MOVL DX,32(R12)
+	MOVL CX, 36 (R12)
+	MOVL R8, 40 (R12)
+	MOVL AX, 44 (R12)
+	MOVQ $1634760805,DX
+	MOVQ $857760878,CX
+	MOVQ $2036477234,R8
+	MOVQ $1797285236,AX
+	MOVL DX,48(R12)
+	MOVL CX, 52 (R12)
+	MOVL R8, 56 (R12)
+	MOVL AX, 60 (R12)
+	CMPQ R9,$256
+	JB BYTESBETWEEN1AND255
+	MOVOA 48(R12),X0
+	PSHUFL $0X55,X0,X1
+	PSHUFL $0XAA,X0,X2
+	PSHUFL $0XFF,X0,X3
+	PSHUFL $0X00,X0,X0
+	MOVOA X1,64(R12)
+	MOVOA X2,80(R12)
+	MOVOA X3,96(R12)
+	MOVOA X0,112(R12)
+	MOVOA 0(R12),X0
+	PSHUFL $0XAA,X0,X1
+	PSHUFL $0XFF,X0,X2
+	PSHUFL $0X00,X0,X3
+	PSHUFL $0X55,X0,X0
+	MOVOA X1,128(R12)
+	MOVOA X2,144(R12)
+	MOVOA X3,160(R12)
+	MOVOA X0,176(R12)
+	MOVOA 16(R12),X0
+	PSHUFL $0XFF,X0,X1
+	PSHUFL $0X55,X0,X2
+	PSHUFL $0XAA,X0,X0
+	MOVOA X1,192(R12)
+	MOVOA X2,208(R12)
+	MOVOA X0,224(R12)
+	MOVOA 32(R12),X0
+	PSHUFL $0X00,X0,X1
+	PSHUFL $0XAA,X0,X2
+	PSHUFL $0XFF,X0,X0
+	MOVOA X1,240(R12)
+	MOVOA X2,256(R12)
+	MOVOA X0,272(R12)
+	BYTESATLEAST256:
+	MOVL 16(R12),DX
+	MOVL  36 (R12),CX
+	MOVL DX,288(R12)
+	MOVL CX,304(R12)
+	SHLQ $32,CX
+	ADDQ CX,DX
+	ADDQ $1,DX
+	MOVQ DX,CX
+	SHRQ $32,CX
+	MOVL DX, 292 (R12)
+	MOVL CX, 308 (R12)
+	ADDQ $1,DX
+	MOVQ DX,CX
+	SHRQ $32,CX
+	MOVL DX, 296 (R12)
+	MOVL CX, 312 (R12)
+	ADDQ $1,DX
+	MOVQ DX,CX
+	SHRQ $32,CX
+	MOVL DX, 300 (R12)
+	MOVL CX, 316 (R12)
+	ADDQ $1,DX
+	MOVQ DX,CX
+	SHRQ $32,CX
+	MOVL DX,16(R12)
+	MOVL CX, 36 (R12)
+	MOVQ R9,352(R12)
+	MOVQ $20,DX
+	MOVOA 64(R12),X0
+	MOVOA 80(R12),X1
+	MOVOA 96(R12),X2
+	MOVOA 256(R12),X3
+	MOVOA 272(R12),X4
+	MOVOA 128(R12),X5
+	MOVOA 144(R12),X6
+	MOVOA 176(R12),X7
+	MOVOA 192(R12),X8
+	MOVOA 208(R12),X9
+	MOVOA 224(R12),X10
+	MOVOA 304(R12),X11
+	MOVOA 112(R12),X12
+	MOVOA 160(R12),X13
+	MOVOA 240(R12),X14
+	MOVOA 288(R12),X15
+	MAINLOOP1:
+	MOVOA X1,320(R12)
+	MOVOA X2,336(R12)
+	MOVOA X13,X1
+	PADDL X12,X1
+	MOVOA X1,X2
+	PSLLL $7,X1
+	PXOR X1,X14
+	PSRLL $25,X2
+	PXOR X2,X14
+	MOVOA X7,X1
+	PADDL X0,X1
+	MOVOA X1,X2
+	PSLLL $7,X1
+	PXOR X1,X11
+	PSRLL $25,X2
+	PXOR X2,X11
+	MOVOA X12,X1
+	PADDL X14,X1
+	MOVOA X1,X2
+	PSLLL $9,X1
+	PXOR X1,X15
+	PSRLL $23,X2
+	PXOR X2,X15
+	MOVOA X0,X1
+	PADDL X11,X1
+	MOVOA X1,X2
+	PSLLL $9,X1
+	PXOR X1,X9
+	PSRLL $23,X2
+	PXOR X2,X9
+	MOVOA X14,X1
+	PADDL X15,X1
+	MOVOA X1,X2
+	PSLLL $13,X1
+	PXOR X1,X13
+	PSRLL $19,X2
+	PXOR X2,X13
+	MOVOA X11,X1
+	PADDL X9,X1
+	MOVOA X1,X2
+	PSLLL $13,X1
+	PXOR X1,X7
+	PSRLL $19,X2
+	PXOR X2,X7
+	MOVOA X15,X1
+	PADDL X13,X1
+	MOVOA X1,X2
+	PSLLL $18,X1
+	PXOR X1,X12
+	PSRLL $14,X2
+	PXOR X2,X12
+	MOVOA 320(R12),X1
+	MOVOA X12,320(R12)
+	MOVOA X9,X2
+	PADDL X7,X2
+	MOVOA X2,X12
+	PSLLL $18,X2
+	PXOR X2,X0
+	PSRLL $14,X12
+	PXOR X12,X0
+	MOVOA X5,X2
+	PADDL X1,X2
+	MOVOA X2,X12
+	PSLLL $7,X2
+	PXOR X2,X3
+	PSRLL $25,X12
+	PXOR X12,X3
+	MOVOA 336(R12),X2
+	MOVOA X0,336(R12)
+	MOVOA X6,X0
+	PADDL X2,X0
+	MOVOA X0,X12
+	PSLLL $7,X0
+	PXOR X0,X4
+	PSRLL $25,X12
+	PXOR X12,X4
+	MOVOA X1,X0
+	PADDL X3,X0
+	MOVOA X0,X12
+	PSLLL $9,X0
+	PXOR X0,X10
+	PSRLL $23,X12
+	PXOR X12,X10
+	MOVOA X2,X0
+	PADDL X4,X0
+	MOVOA X0,X12
+	PSLLL $9,X0
+	PXOR X0,X8
+	PSRLL $23,X12
+	PXOR X12,X8
+	MOVOA X3,X0
+	PADDL X10,X0
+	MOVOA X0,X12
+	PSLLL $13,X0
+	PXOR X0,X5
+	PSRLL $19,X12
+	PXOR X12,X5
+	MOVOA X4,X0
+	PADDL X8,X0
+	MOVOA X0,X12
+	PSLLL $13,X0
+	PXOR X0,X6
+	PSRLL $19,X12
+	PXOR X12,X6
+	MOVOA X10,X0
+	PADDL X5,X0
+	MOVOA X0,X12
+	PSLLL $18,X0
+	PXOR X0,X1
+	PSRLL $14,X12
+	PXOR X12,X1
+	MOVOA 320(R12),X0
+	MOVOA X1,320(R12)
+	MOVOA X4,X1
+	PADDL X0,X1
+	MOVOA X1,X12
+	PSLLL $7,X1
+	PXOR X1,X7
+	PSRLL $25,X12
+	PXOR X12,X7
+	MOVOA X8,X1
+	PADDL X6,X1
+	MOVOA X1,X12
+	PSLLL $18,X1
+	PXOR X1,X2
+	PSRLL $14,X12
+	PXOR X12,X2
+	MOVOA 336(R12),X12
+	MOVOA X2,336(R12)
+	MOVOA X14,X1
+	PADDL X12,X1
+	MOVOA X1,X2
+	PSLLL $7,X1
+	PXOR X1,X5
+	PSRLL $25,X2
+	PXOR X2,X5
+	MOVOA X0,X1
+	PADDL X7,X1
+	MOVOA X1,X2
+	PSLLL $9,X1
+	PXOR X1,X10
+	PSRLL $23,X2
+	PXOR X2,X10
+	MOVOA X12,X1
+	PADDL X5,X1
+	MOVOA X1,X2
+	PSLLL $9,X1
+	PXOR X1,X8
+	PSRLL $23,X2
+	PXOR X2,X8
+	MOVOA X7,X1
+	PADDL X10,X1
+	MOVOA X1,X2
+	PSLLL $13,X1
+	PXOR X1,X4
+	PSRLL $19,X2
+	PXOR X2,X4
+	MOVOA X5,X1
+	PADDL X8,X1
+	MOVOA X1,X2
+	PSLLL $13,X1
+	PXOR X1,X14
+	PSRLL $19,X2
+	PXOR X2,X14
+	MOVOA X10,X1
+	PADDL X4,X1
+	MOVOA X1,X2
+	PSLLL $18,X1
+	PXOR X1,X0
+	PSRLL $14,X2
+	PXOR X2,X0
+	MOVOA 320(R12),X1
+	MOVOA X0,320(R12)
+	MOVOA X8,X0
+	PADDL X14,X0
+	MOVOA X0,X2
+	PSLLL $18,X0
+	PXOR X0,X12
+	PSRLL $14,X2
+	PXOR X2,X12
+	MOVOA X11,X0
+	PADDL X1,X0
+	MOVOA X0,X2
+	PSLLL $7,X0
+	PXOR X0,X6
+	PSRLL $25,X2
+	PXOR X2,X6
+	MOVOA 336(R12),X2
+	MOVOA X12,336(R12)
+	MOVOA X3,X0
+	PADDL X2,X0
+	MOVOA X0,X12
+	PSLLL $7,X0
+	PXOR X0,X13
+	PSRLL $25,X12
+	PXOR X12,X13
+	MOVOA X1,X0
+	PADDL X6,X0
+	MOVOA X0,X12
+	PSLLL $9,X0
+	PXOR X0,X15
+	PSRLL $23,X12
+	PXOR X12,X15
+	MOVOA X2,X0
+	PADDL X13,X0
+	MOVOA X0,X12
+	PSLLL $9,X0
+	PXOR X0,X9
+	PSRLL $23,X12
+	PXOR X12,X9
+	MOVOA X6,X0
+	PADDL X15,X0
+	MOVOA X0,X12
+	PSLLL $13,X0
+	PXOR X0,X11
+	PSRLL $19,X12
+	PXOR X12,X11
+	MOVOA X13,X0
+	PADDL X9,X0
+	MOVOA X0,X12
+	PSLLL $13,X0
+	PXOR X0,X3
+	PSRLL $19,X12
+	PXOR X12,X3
+	MOVOA X15,X0
+	PADDL X11,X0
+	MOVOA X0,X12
+	PSLLL $18,X0
+	PXOR X0,X1
+	PSRLL $14,X12
+	PXOR X12,X1
+	MOVOA X9,X0
+	PADDL X3,X0
+	MOVOA X0,X12
+	PSLLL $18,X0
+	PXOR X0,X2
+	PSRLL $14,X12
+	PXOR X12,X2
+	MOVOA 320(R12),X12
+	MOVOA 336(R12),X0
+	SUBQ $2,DX
+	JA MAINLOOP1
+	PADDL 112(R12),X12
+	PADDL 176(R12),X7
+	PADDL 224(R12),X10
+	PADDL 272(R12),X4
+	MOVD X12,DX
+	MOVD X7,CX
+	MOVD X10,R8
+	MOVD X4,R9
+	PSHUFL $0X39,X12,X12
+	PSHUFL $0X39,X7,X7
+	PSHUFL $0X39,X10,X10
+	PSHUFL $0X39,X4,X4
+	XORL 0(SI),DX
+	XORL 4(SI),CX
+	XORL 8(SI),R8
+	XORL 12(SI),R9
+	MOVL DX,0(DI)
+	MOVL CX,4(DI)
+	MOVL R8,8(DI)
+	MOVL R9,12(DI)
+	MOVD X12,DX
+	MOVD X7,CX
+	MOVD X10,R8
+	MOVD X4,R9
+	PSHUFL $0X39,X12,X12
+	PSHUFL $0X39,X7,X7
+	PSHUFL $0X39,X10,X10
+	PSHUFL $0X39,X4,X4
+	XORL 64(SI),DX
+	XORL 68(SI),CX
+	XORL 72(SI),R8
+	XORL 76(SI),R9
+	MOVL DX,64(DI)
+	MOVL CX,68(DI)
+	MOVL R8,72(DI)
+	MOVL R9,76(DI)
+	MOVD X12,DX
+	MOVD X7,CX
+	MOVD X10,R8
+	MOVD X4,R9
+	PSHUFL $0X39,X12,X12
+	PSHUFL $0X39,X7,X7
+	PSHUFL $0X39,X10,X10
+	PSHUFL $0X39,X4,X4
+	XORL 128(SI),DX
+	XORL 132(SI),CX
+	XORL 136(SI),R8
+	XORL 140(SI),R9
+	MOVL DX,128(DI)
+	MOVL CX,132(DI)
+	MOVL R8,136(DI)
+	MOVL R9,140(DI)
+	MOVD X12,DX
+	MOVD X7,CX
+	MOVD X10,R8
+	MOVD X4,R9
+	XORL 192(SI),DX
+	XORL 196(SI),CX
+	XORL 200(SI),R8
+	XORL 204(SI),R9
+	MOVL DX,192(DI)
+	MOVL CX,196(DI)
+	MOVL R8,200(DI)
+	MOVL R9,204(DI)
+	PADDL 240(R12),X14
+	PADDL 64(R12),X0
+	PADDL 128(R12),X5
+	PADDL 192(R12),X8
+	MOVD X14,DX
+	MOVD X0,CX
+	MOVD X5,R8
+	MOVD X8,R9
+	PSHUFL $0X39,X14,X14
+	PSHUFL $0X39,X0,X0
+	PSHUFL $0X39,X5,X5
+	PSHUFL $0X39,X8,X8
+	XORL 16(SI),DX
+	XORL 20(SI),CX
+	XORL 24(SI),R8
+	XORL 28(SI),R9
+	MOVL DX,16(DI)
+	MOVL CX,20(DI)
+	MOVL R8,24(DI)
+	MOVL R9,28(DI)
+	MOVD X14,DX
+	MOVD X0,CX
+	MOVD X5,R8
+	MOVD X8,R9
+	PSHUFL $0X39,X14,X14
+	PSHUFL $0X39,X0,X0
+	PSHUFL $0X39,X5,X5
+	PSHUFL $0X39,X8,X8
+	XORL 80(SI),DX
+	XORL 84(SI),CX
+	XORL 88(SI),R8
+	XORL 92(SI),R9
+	MOVL DX,80(DI)
+	MOVL CX,84(DI)
+	MOVL R8,88(DI)
+	MOVL R9,92(DI)
+	MOVD X14,DX
+	MOVD X0,CX
+	MOVD X5,R8
+	MOVD X8,R9
+	PSHUFL $0X39,X14,X14
+	PSHUFL $0X39,X0,X0
+	PSHUFL $0X39,X5,X5
+	PSHUFL $0X39,X8,X8
+	XORL 144(SI),DX
+	XORL 148(SI),CX
+	XORL 152(SI),R8
+	XORL 156(SI),R9
+	MOVL DX,144(DI)
+	MOVL CX,148(DI)
+	MOVL R8,152(DI)
+	MOVL R9,156(DI)
+	MOVD X14,DX
+	MOVD X0,CX
+	MOVD X5,R8
+	MOVD X8,R9
+	XORL 208(SI),DX
+	XORL 212(SI),CX
+	XORL 216(SI),R8
+	XORL 220(SI),R9
+	MOVL DX,208(DI)
+	MOVL CX,212(DI)
+	MOVL R8,216(DI)
+	MOVL R9,220(DI)
+	PADDL 288(R12),X15
+	PADDL 304(R12),X11
+	PADDL 80(R12),X1
+	PADDL 144(R12),X6
+	MOVD X15,DX
+	MOVD X11,CX
+	MOVD X1,R8
+	MOVD X6,R9
+	PSHUFL $0X39,X15,X15
+	PSHUFL $0X39,X11,X11
+	PSHUFL $0X39,X1,X1
+	PSHUFL $0X39,X6,X6
+	XORL 32(SI),DX
+	XORL 36(SI),CX
+	XORL 40(SI),R8
+	XORL 44(SI),R9
+	MOVL DX,32(DI)
+	MOVL CX,36(DI)
+	MOVL R8,40(DI)
+	MOVL R9,44(DI)
+	MOVD X15,DX
+	MOVD X11,CX
+	MOVD X1,R8
+	MOVD X6,R9
+	PSHUFL $0X39,X15,X15
+	PSHUFL $0X39,X11,X11
+	PSHUFL $0X39,X1,X1
+	PSHUFL $0X39,X6,X6
+	XORL 96(SI),DX
+	XORL 100(SI),CX
+	XORL 104(SI),R8
+	XORL 108(SI),R9
+	MOVL DX,96(DI)
+	MOVL CX,100(DI)
+	MOVL R8,104(DI)
+	MOVL R9,108(DI)
+	MOVD X15,DX
+	MOVD X11,CX
+	MOVD X1,R8
+	MOVD X6,R9
+	PSHUFL $0X39,X15,X15
+	PSHUFL $0X39,X11,X11
+	PSHUFL $0X39,X1,X1
+	PSHUFL $0X39,X6,X6
+	XORL 160(SI),DX
+	XORL 164(SI),CX
+	XORL 168(SI),R8
+	XORL 172(SI),R9
+	MOVL DX,160(DI)
+	MOVL CX,164(DI)
+	MOVL R8,168(DI)
+	MOVL R9,172(DI)
+	MOVD X15,DX
+	MOVD X11,CX
+	MOVD X1,R8
+	MOVD X6,R9
+	XORL 224(SI),DX
+	XORL 228(SI),CX
+	XORL 232(SI),R8
+	XORL 236(SI),R9
+	MOVL DX,224(DI)
+	MOVL CX,228(DI)
+	MOVL R8,232(DI)
+	MOVL R9,236(DI)
+	PADDL 160(R12),X13
+	PADDL 208(R12),X9
+	PADDL 256(R12),X3
+	PADDL 96(R12),X2
+	MOVD X13,DX
+	MOVD X9,CX
+	MOVD X3,R8
+	MOVD X2,R9
+	PSHUFL $0X39,X13,X13
+	PSHUFL $0X39,X9,X9
+	PSHUFL $0X39,X3,X3
+	PSHUFL $0X39,X2,X2
+	XORL 48(SI),DX
+	XORL 52(SI),CX
+	XORL 56(SI),R8
+	XORL 60(SI),R9
+	MOVL DX,48(DI)
+	MOVL CX,52(DI)
+	MOVL R8,56(DI)
+	MOVL R9,60(DI)
+	MOVD X13,DX
+	MOVD X9,CX
+	MOVD X3,R8
+	MOVD X2,R9
+	PSHUFL $0X39,X13,X13
+	PSHUFL $0X39,X9,X9
+	PSHUFL $0X39,X3,X3
+	PSHUFL $0X39,X2,X2
+	XORL 112(SI),DX
+	XORL 116(SI),CX
+	XORL 120(SI),R8
+	XORL 124(SI),R9
+	MOVL DX,112(DI)
+	MOVL CX,116(DI)
+	MOVL R8,120(DI)
+	MOVL R9,124(DI)
+	MOVD X13,DX
+	MOVD X9,CX
+	MOVD X3,R8
+	MOVD X2,R9
+	PSHUFL $0X39,X13,X13
+	PSHUFL $0X39,X9,X9
+	PSHUFL $0X39,X3,X3
+	PSHUFL $0X39,X2,X2
+	XORL 176(SI),DX
+	XORL 180(SI),CX
+	XORL 184(SI),R8
+	XORL 188(SI),R9
+	MOVL DX,176(DI)
+	MOVL CX,180(DI)
+	MOVL R8,184(DI)
+	MOVL R9,188(DI)
+	MOVD X13,DX
+	MOVD X9,CX
+	MOVD X3,R8
+	MOVD X2,R9
+	XORL 240(SI),DX
+	XORL 244(SI),CX
+	XORL 248(SI),R8
+	XORL 252(SI),R9
+	MOVL DX,240(DI)
+	MOVL CX,244(DI)
+	MOVL R8,248(DI)
+	MOVL R9,252(DI)
+	MOVQ 352(R12),R9
+	SUBQ $256,R9
+	ADDQ $256,SI
+	ADDQ $256,DI
+	CMPQ R9,$256
+	JAE BYTESATLEAST256
+	CMPQ R9,$0
+	JBE DONE
+	BYTESBETWEEN1AND255:
+	CMPQ R9,$64
+	JAE NOCOPY
+	MOVQ DI,DX
+	LEAQ 360(R12),DI
+	MOVQ R9,CX
+	REP; MOVSB
+	LEAQ 360(R12),DI
+	LEAQ 360(R12),SI
+	NOCOPY:
+	MOVQ R9,352(R12)
+	MOVOA 48(R12),X0
+	MOVOA 0(R12),X1
+	MOVOA 16(R12),X2
+	MOVOA 32(R12),X3
+	MOVOA X1,X4
+	MOVQ $20,CX
+	MAINLOOP2:
+	PADDL X0,X4
+	MOVOA X0,X5
+	MOVOA X4,X6
+	PSLLL $7,X4
+	PSRLL $25,X6
+	PXOR X4,X3
+	PXOR X6,X3
+	PADDL X3,X5
+	MOVOA X3,X4
+	MOVOA X5,X6
+	PSLLL $9,X5
+	PSRLL $23,X6
+	PXOR X5,X2
+	PSHUFL $0X93,X3,X3
+	PXOR X6,X2
+	PADDL X2,X4
+	MOVOA X2,X5
+	MOVOA X4,X6
+	PSLLL $13,X4
+	PSRLL $19,X6
+	PXOR X4,X1
+	PSHUFL $0X4E,X2,X2
+	PXOR X6,X1
+	PADDL X1,X5
+	MOVOA X3,X4
+	MOVOA X5,X6
+	PSLLL $18,X5
+	PSRLL $14,X6
+	PXOR X5,X0
+	PSHUFL $0X39,X1,X1
+	PXOR X6,X0
+	PADDL X0,X4
+	MOVOA X0,X5
+	MOVOA X4,X6
+	PSLLL $7,X4
+	PSRLL $25,X6
+	PXOR X4,X1
+	PXOR X6,X1
+	PADDL X1,X5
+	MOVOA X1,X4
+	MOVOA X5,X6
+	PSLLL $9,X5
+	PSRLL $23,X6
+	PXOR X5,X2
+	PSHUFL $0X93,X1,X1
+	PXOR X6,X2
+	PADDL X2,X4
+	MOVOA X2,X5
+	MOVOA X4,X6
+	PSLLL $13,X4
+	PSRLL $19,X6
+	PXOR X4,X3
+	PSHUFL $0X4E,X2,X2
+	PXOR X6,X3
+	PADDL X3,X5
+	MOVOA X1,X4
+	MOVOA X5,X6
+	PSLLL $18,X5
+	PSRLL $14,X6
+	PXOR X5,X0
+	PSHUFL $0X39,X3,X3
+	PXOR X6,X0
+	PADDL X0,X4
+	MOVOA X0,X5
+	MOVOA X4,X6
+	PSLLL $7,X4
+	PSRLL $25,X6
+	PXOR X4,X3
+	PXOR X6,X3
+	PADDL X3,X5
+	MOVOA X3,X4
+	MOVOA X5,X6
+	PSLLL $9,X5
+	PSRLL $23,X6
+	PXOR X5,X2
+	PSHUFL $0X93,X3,X3
+	PXOR X6,X2
+	PADDL X2,X4
+	MOVOA X2,X5
+	MOVOA X4,X6
+	PSLLL $13,X4
+	PSRLL $19,X6
+	PXOR X4,X1
+	PSHUFL $0X4E,X2,X2
+	PXOR X6,X1
+	PADDL X1,X5
+	MOVOA X3,X4
+	MOVOA X5,X6
+	PSLLL $18,X5
+	PSRLL $14,X6
+	PXOR X5,X0
+	PSHUFL $0X39,X1,X1
+	PXOR X6,X0
+	PADDL X0,X4
+	MOVOA X0,X5
+	MOVOA X4,X6
+	PSLLL $7,X4
+	PSRLL $25,X6
+	PXOR X4,X1
+	PXOR X6,X1
+	PADDL X1,X5
+	MOVOA X1,X4
+	MOVOA X5,X6
+	PSLLL $9,X5
+	PSRLL $23,X6
+	PXOR X5,X2
+	PSHUFL $0X93,X1,X1
+	PXOR X6,X2
+	PADDL X2,X4
+	MOVOA X2,X5
+	MOVOA X4,X6
+	PSLLL $13,X4
+	PSRLL $19,X6
+	PXOR X4,X3
+	PSHUFL $0X4E,X2,X2
+	PXOR X6,X3
+	SUBQ $4,CX
+	PADDL X3,X5
+	MOVOA X1,X4
+	MOVOA X5,X6
+	PSLLL $18,X5
+	PXOR X7,X7
+	PSRLL $14,X6
+	PXOR X5,X0
+	PSHUFL $0X39,X3,X3
+	PXOR X6,X0
+	JA MAINLOOP2
+	PADDL 48(R12),X0
+	PADDL 0(R12),X1
+	PADDL 16(R12),X2
+	PADDL 32(R12),X3
+	MOVD X0,CX
+	MOVD X1,R8
+	MOVD X2,R9
+	MOVD X3,AX
+	PSHUFL $0X39,X0,X0
+	PSHUFL $0X39,X1,X1
+	PSHUFL $0X39,X2,X2
+	PSHUFL $0X39,X3,X3
+	XORL 0(SI),CX
+	XORL 48(SI),R8
+	XORL 32(SI),R9
+	XORL 16(SI),AX
+	MOVL CX,0(DI)
+	MOVL R8,48(DI)
+	MOVL R9,32(DI)
+	MOVL AX,16(DI)
+	MOVD X0,CX
+	MOVD X1,R8
+	MOVD X2,R9
+	MOVD X3,AX
+	PSHUFL $0X39,X0,X0
+	PSHUFL $0X39,X1,X1
+	PSHUFL $0X39,X2,X2
+	PSHUFL $0X39,X3,X3
+	XORL 20(SI),CX
+	XORL 4(SI),R8
+	XORL 52(SI),R9
+	XORL 36(SI),AX
+	MOVL CX,20(DI)
+	MOVL R8,4(DI)
+	MOVL R9,52(DI)
+	MOVL AX,36(DI)
+	MOVD X0,CX
+	MOVD X1,R8
+	MOVD X2,R9
+	MOVD X3,AX
+	PSHUFL $0X39,X0,X0
+	PSHUFL $0X39,X1,X1
+	PSHUFL $0X39,X2,X2
+	PSHUFL $0X39,X3,X3
+	XORL 40(SI),CX
+	XORL 24(SI),R8
+	XORL 8(SI),R9
+	XORL 56(SI),AX
+	MOVL CX,40(DI)
+	MOVL R8,24(DI)
+	MOVL R9,8(DI)
+	MOVL AX,56(DI)
+	MOVD X0,CX
+	MOVD X1,R8
+	MOVD X2,R9
+	MOVD X3,AX
+	XORL 60(SI),CX
+	XORL 44(SI),R8
+	XORL 28(SI),R9
+	XORL 12(SI),AX
+	MOVL CX,60(DI)
+	MOVL R8,44(DI)
+	MOVL R9,28(DI)
+	MOVL AX,12(DI)
+	MOVQ 352(R12),R9
+	MOVL 16(R12),CX
+	MOVL  36 (R12),R8
+	ADDQ $1,CX
+	SHLQ $32,R8
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $32,R8
+	MOVL CX,16(R12)
+	MOVL R8, 36 (R12)
+	CMPQ R9,$64
+	JA BYTESATLEAST65
+	JAE BYTESATLEAST64
+	MOVQ DI,SI
+	MOVQ DX,DI
+	MOVQ R9,CX
+	REP; MOVSB
+	BYTESATLEAST64:
+	DONE:
+	RET
+	BYTESATLEAST65:
+	SUBQ $64,R9
+	ADDQ $64,DI
+	ADDQ $64,SI
+	JMP BYTESBETWEEN1AND255
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go
new file mode 100644
index 0000000000000..4392cc1ac7402
--- /dev/null
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go
@@ -0,0 +1,15 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || purego || !gc
+// +build !amd64 purego !gc
+
+package salsa
+
+// XORKeyStream crypts bytes from in to out using the given key and counters.
+// In and out must overlap entirely or not at all. Counter
+// contains the raw salsa20 counter bytes (both nonce and block counter).
+func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+	genericXORKeyStream(out, in, counter, key)
+}
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
index 22126d17c4e60..68169c6d6819c 100644
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
@@ -2,8 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !amd64 appengine gccgo
-
 package salsa
 
 const rounds = 20
@@ -202,10 +200,9 @@ func core(out *[64]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
 	out[63] = byte(x15 >> 24)
 }
 
-// XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out must overlap entirely or not at all. Counter
-// contains the raw salsa20 counter bytes (both nonce and block counter).
-func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+// genericXORKeyStream is the generic implementation of XORKeyStream to be used
+// when no assembly implementation is available.
+func genericXORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
 	var block [64]byte
 	var counterCopy [16]byte
 	copy(counterCopy[:], counter[:])
diff --git a/vendor/golang.org/x/crypto/ssh/buffer.go b/vendor/golang.org/x/crypto/ssh/buffer.go
new file mode 100644
index 0000000000000..1ab07d078db16
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/buffer.go
@@ -0,0 +1,97 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"io"
+	"sync"
+)
+
+// buffer provides a linked list buffer for data exchange
+// between producer and consumer. Theoretically the buffer is
+// of unlimited capacity as it does no allocation of its own.
+type buffer struct {
+	// protects concurrent access to head, tail and closed
+	*sync.Cond
+
+	head *element // the buffer that will be read first
+	tail *element // the buffer that will be read last
+
+	closed bool
+}
+
+// An element represents a single link in a linked list.
+type element struct {
+	buf  []byte
+	next *element
+}
+
+// newBuffer returns an empty buffer that is not closed.
+func newBuffer() *buffer {
+	e := new(element)
+	b := &buffer{
+		Cond: newCond(),
+		head: e,
+		tail: e,
+	}
+	return b
+}
+
+// write makes buf available for Read to receive.
+// buf must not be modified after the call to write.
+func (b *buffer) write(buf []byte) {
+	b.Cond.L.Lock()
+	e := &element{buf: buf}
+	b.tail.next = e
+	b.tail = e
+	b.Cond.Signal()
+	b.Cond.L.Unlock()
+}
+
+// eof closes the buffer. Reads from the buffer once all
+// the data has been consumed will receive io.EOF.
+func (b *buffer) eof() {
+	b.Cond.L.Lock()
+	b.closed = true
+	b.Cond.Signal()
+	b.Cond.L.Unlock()
+}
+
+// Read reads data from the internal buffer in buf.  Reads will block
+// if no data is available, or until the buffer is closed.
+func (b *buffer) Read(buf []byte) (n int, err error) {
+	b.Cond.L.Lock()
+	defer b.Cond.L.Unlock()
+
+	for len(buf) > 0 {
+		// if there is data in b.head, copy it
+		if len(b.head.buf) > 0 {
+			r := copy(buf, b.head.buf)
+			buf, b.head.buf = buf[r:], b.head.buf[r:]
+			n += r
+			continue
+		}
+		// if there is a next buffer, make it the head
+		if len(b.head.buf) == 0 && b.head != b.tail {
+			b.head = b.head.next
+			continue
+		}
+
+		// if at least one byte has been copied, return
+		if n > 0 {
+			break
+		}
+
+		// if nothing was read, and there is nothing outstanding
+		// check to see if the buffer is closed.
+		if b.closed {
+			err = io.EOF
+			break
+		}
+		// out of buffers, wait for producer
+		b.Cond.Wait()
+	}
+	return
+}
diff --git a/vendor/golang.org/x/crypto/ssh/certs.go b/vendor/golang.org/x/crypto/ssh/certs.go
new file mode 100644
index 0000000000000..916c840b6988d
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/certs.go
@@ -0,0 +1,546 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sort"
+	"time"
+)
+
+// These constants from [PROTOCOL.certkeys] represent the algorithm names
+// for certificate types supported by this package.
+const (
+	CertAlgoRSAv01        = "ssh-rsa-cert-v01@openssh.com"
+	CertAlgoDSAv01        = "ssh-dss-cert-v01@openssh.com"
+	CertAlgoECDSA256v01   = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+	CertAlgoECDSA384v01   = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+	CertAlgoECDSA521v01   = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+	CertAlgoSKECDSA256v01 = "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+	CertAlgoED25519v01    = "ssh-ed25519-cert-v01@openssh.com"
+	CertAlgoSKED25519v01  = "sk-ssh-ed25519-cert-v01@openssh.com"
+)
+
+// Certificate types distinguish between host and user
+// certificates. The values can be set in the CertType field of
+// Certificate.
+const (
+	UserCert = 1
+	HostCert = 2
+)
+
+// Signature represents a cryptographic signature.
+type Signature struct {
+	Format string
+	Blob   []byte
+	Rest   []byte `ssh:"rest"`
+}
+
+// CertTimeInfinity can be used for OpenSSHCertV01.ValidBefore to indicate that
+// a certificate does not expire.
+const CertTimeInfinity = 1<<64 - 1
+
+// An Certificate represents an OpenSSH certificate as defined in
+// [PROTOCOL.certkeys]?rev=1.8. The Certificate type implements the
+// PublicKey interface, so it can be unmarshaled using
+// ParsePublicKey.
+type Certificate struct {
+	Nonce           []byte
+	Key             PublicKey
+	Serial          uint64
+	CertType        uint32
+	KeyId           string
+	ValidPrincipals []string
+	ValidAfter      uint64
+	ValidBefore     uint64
+	Permissions
+	Reserved     []byte
+	SignatureKey PublicKey
+	Signature    *Signature
+}
+
+// genericCertData holds the key-independent part of the certificate data.
+// Overall, certificates contain an nonce, public key fields and
+// key-independent fields.
+type genericCertData struct {
+	Serial          uint64
+	CertType        uint32
+	KeyId           string
+	ValidPrincipals []byte
+	ValidAfter      uint64
+	ValidBefore     uint64
+	CriticalOptions []byte
+	Extensions      []byte
+	Reserved        []byte
+	SignatureKey    []byte
+	Signature       []byte
+}
+
+func marshalStringList(namelist []string) []byte {
+	var to []byte
+	for _, name := range namelist {
+		s := struct{ N string }{name}
+		to = append(to, Marshal(&s)...)
+	}
+	return to
+}
+
+type optionsTuple struct {
+	Key   string
+	Value []byte
+}
+
+type optionsTupleValue struct {
+	Value string
+}
+
+// serialize a map of critical options or extensions
+// issue #10569 - per [PROTOCOL.certkeys] and SSH implementation,
+// we need two length prefixes for a non-empty string value
+func marshalTuples(tups map[string]string) []byte {
+	keys := make([]string, 0, len(tups))
+	for key := range tups {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+
+	var ret []byte
+	for _, key := range keys {
+		s := optionsTuple{Key: key}
+		if value := tups[key]; len(value) > 0 {
+			s.Value = Marshal(&optionsTupleValue{value})
+		}
+		ret = append(ret, Marshal(&s)...)
+	}
+	return ret
+}
+
+// issue #10569 - per [PROTOCOL.certkeys] and SSH implementation,
+// we need two length prefixes for a non-empty option value
+func parseTuples(in []byte) (map[string]string, error) {
+	tups := map[string]string{}
+	var lastKey string
+	var haveLastKey bool
+
+	for len(in) > 0 {
+		var key, val, extra []byte
+		var ok bool
+
+		if key, in, ok = parseString(in); !ok {
+			return nil, errShortRead
+		}
+		keyStr := string(key)
+		// according to [PROTOCOL.certkeys], the names must be in
+		// lexical order.
+		if haveLastKey && keyStr <= lastKey {
+			return nil, fmt.Errorf("ssh: certificate options are not in lexical order")
+		}
+		lastKey, haveLastKey = keyStr, true
+		// the next field is a data field, which if non-empty has a string embedded
+		if val, in, ok = parseString(in); !ok {
+			return nil, errShortRead
+		}
+		if len(val) > 0 {
+			val, extra, ok = parseString(val)
+			if !ok {
+				return nil, errShortRead
+			}
+			if len(extra) > 0 {
+				return nil, fmt.Errorf("ssh: unexpected trailing data after certificate option value")
+			}
+			tups[keyStr] = string(val)
+		} else {
+			tups[keyStr] = ""
+		}
+	}
+	return tups, nil
+}
+
+func parseCert(in []byte, privAlgo string) (*Certificate, error) {
+	nonce, rest, ok := parseString(in)
+	if !ok {
+		return nil, errShortRead
+	}
+
+	key, rest, err := parsePubKey(rest, privAlgo)
+	if err != nil {
+		return nil, err
+	}
+
+	var g genericCertData
+	if err := Unmarshal(rest, &g); err != nil {
+		return nil, err
+	}
+
+	c := &Certificate{
+		Nonce:       nonce,
+		Key:         key,
+		Serial:      g.Serial,
+		CertType:    g.CertType,
+		KeyId:       g.KeyId,
+		ValidAfter:  g.ValidAfter,
+		ValidBefore: g.ValidBefore,
+	}
+
+	for principals := g.ValidPrincipals; len(principals) > 0; {
+		principal, rest, ok := parseString(principals)
+		if !ok {
+			return nil, errShortRead
+		}
+		c.ValidPrincipals = append(c.ValidPrincipals, string(principal))
+		principals = rest
+	}
+
+	c.CriticalOptions, err = parseTuples(g.CriticalOptions)
+	if err != nil {
+		return nil, err
+	}
+	c.Extensions, err = parseTuples(g.Extensions)
+	if err != nil {
+		return nil, err
+	}
+	c.Reserved = g.Reserved
+	k, err := ParsePublicKey(g.SignatureKey)
+	if err != nil {
+		return nil, err
+	}
+
+	c.SignatureKey = k
+	c.Signature, rest, ok = parseSignatureBody(g.Signature)
+	if !ok || len(rest) > 0 {
+		return nil, errors.New("ssh: signature parse error")
+	}
+
+	return c, nil
+}
+
+type openSSHCertSigner struct {
+	pub    *Certificate
+	signer Signer
+}
+
+type algorithmOpenSSHCertSigner struct {
+	*openSSHCertSigner
+	algorithmSigner AlgorithmSigner
+}
+
+// NewCertSigner returns a Signer that signs with the given Certificate, whose
+// private key is held by signer. It returns an error if the public key in cert
+// doesn't match the key used by signer.
+func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
+	if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
+		return nil, errors.New("ssh: signer and cert have different public key")
+	}
+
+	if algorithmSigner, ok := signer.(AlgorithmSigner); ok {
+		return &algorithmOpenSSHCertSigner{
+			&openSSHCertSigner{cert, signer}, algorithmSigner}, nil
+	} else {
+		return &openSSHCertSigner{cert, signer}, nil
+	}
+}
+
+func (s *openSSHCertSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
+	return s.signer.Sign(rand, data)
+}
+
+func (s *openSSHCertSigner) PublicKey() PublicKey {
+	return s.pub
+}
+
+func (s *algorithmOpenSSHCertSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
+	return s.algorithmSigner.SignWithAlgorithm(rand, data, algorithm)
+}
+
+const sourceAddressCriticalOption = "source-address"
+
+// CertChecker does the work of verifying a certificate. Its methods
+// can be plugged into ClientConfig.HostKeyCallback and
+// ServerConfig.PublicKeyCallback. For the CertChecker to work,
+// minimally, the IsAuthority callback should be set.
+type CertChecker struct {
+	// SupportedCriticalOptions lists the CriticalOptions that the
+	// server application layer understands. These are only used
+	// for user certificates.
+	SupportedCriticalOptions []string
+
+	// IsUserAuthority should return true if the key is recognized as an
+	// authority for the given user certificate. This allows for
+	// certificates to be signed by other certificates. This must be set
+	// if this CertChecker will be checking user certificates.
+	IsUserAuthority func(auth PublicKey) bool
+
+	// IsHostAuthority should report whether the key is recognized as
+	// an authority for this host. This allows for certificates to be
+	// signed by other keys, and for those other keys to only be valid
+	// signers for particular hostnames. This must be set if this
+	// CertChecker will be checking host certificates.
+	IsHostAuthority func(auth PublicKey, address string) bool
+
+	// Clock is used for verifying time stamps. If nil, time.Now
+	// is used.
+	Clock func() time.Time
+
+	// UserKeyFallback is called when CertChecker.Authenticate encounters a
+	// public key that is not a certificate. It must implement validation
+	// of user keys or else, if nil, all such keys are rejected.
+	UserKeyFallback func(conn ConnMetadata, key PublicKey) (*Permissions, error)
+
+	// HostKeyFallback is called when CertChecker.CheckHostKey encounters a
+	// public key that is not a certificate. It must implement host key
+	// validation or else, if nil, all such keys are rejected.
+	HostKeyFallback HostKeyCallback
+
+	// IsRevoked is called for each certificate so that revocation checking
+	// can be implemented. It should return true if the given certificate
+	// is revoked and false otherwise. If nil, no certificates are
+	// considered to have been revoked.
+	IsRevoked func(cert *Certificate) bool
+}
+
+// CheckHostKey checks a host key certificate. This method can be
+// plugged into ClientConfig.HostKeyCallback.
+func (c *CertChecker) CheckHostKey(addr string, remote net.Addr, key PublicKey) error {
+	cert, ok := key.(*Certificate)
+	if !ok {
+		if c.HostKeyFallback != nil {
+			return c.HostKeyFallback(addr, remote, key)
+		}
+		return errors.New("ssh: non-certificate host key")
+	}
+	if cert.CertType != HostCert {
+		return fmt.Errorf("ssh: certificate presented as a host key has type %d", cert.CertType)
+	}
+	if !c.IsHostAuthority(cert.SignatureKey, addr) {
+		return fmt.Errorf("ssh: no authorities for hostname: %v", addr)
+	}
+
+	hostname, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return err
+	}
+
+	// Pass hostname only as principal for host certificates (consistent with OpenSSH)
+	return c.CheckCert(hostname, cert)
+}
+
+// Authenticate checks a user certificate. Authenticate can be used as
+// a value for ServerConfig.PublicKeyCallback.
+func (c *CertChecker) Authenticate(conn ConnMetadata, pubKey PublicKey) (*Permissions, error) {
+	cert, ok := pubKey.(*Certificate)
+	if !ok {
+		if c.UserKeyFallback != nil {
+			return c.UserKeyFallback(conn, pubKey)
+		}
+		return nil, errors.New("ssh: normal key pairs not accepted")
+	}
+
+	if cert.CertType != UserCert {
+		return nil, fmt.Errorf("ssh: cert has type %d", cert.CertType)
+	}
+	if !c.IsUserAuthority(cert.SignatureKey) {
+		return nil, fmt.Errorf("ssh: certificate signed by unrecognized authority")
+	}
+
+	if err := c.CheckCert(conn.User(), cert); err != nil {
+		return nil, err
+	}
+
+	return &cert.Permissions, nil
+}
+
+// CheckCert checks CriticalOptions, ValidPrincipals, revocation, timestamp and
+// the signature of the certificate.
+func (c *CertChecker) CheckCert(principal string, cert *Certificate) error {
+	if c.IsRevoked != nil && c.IsRevoked(cert) {
+		return fmt.Errorf("ssh: certificate serial %d revoked", cert.Serial)
+	}
+
+	for opt := range cert.CriticalOptions {
+		// sourceAddressCriticalOption will be enforced by
+		// serverAuthenticate
+		if opt == sourceAddressCriticalOption {
+			continue
+		}
+
+		found := false
+		for _, supp := range c.SupportedCriticalOptions {
+			if supp == opt {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return fmt.Errorf("ssh: unsupported critical option %q in certificate", opt)
+		}
+	}
+
+	if len(cert.ValidPrincipals) > 0 {
+		// By default, certs are valid for all users/hosts.
+		found := false
+		for _, p := range cert.ValidPrincipals {
+			if p == principal {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return fmt.Errorf("ssh: principal %q not in the set of valid principals for given certificate: %q", principal, cert.ValidPrincipals)
+		}
+	}
+
+	clock := c.Clock
+	if clock == nil {
+		clock = time.Now
+	}
+
+	unixNow := clock().Unix()
+	if after := int64(cert.ValidAfter); after < 0 || unixNow < int64(cert.ValidAfter) {
+		return fmt.Errorf("ssh: cert is not yet valid")
+	}
+	if before := int64(cert.ValidBefore); cert.ValidBefore != uint64(CertTimeInfinity) && (unixNow >= before || before < 0) {
+		return fmt.Errorf("ssh: cert has expired")
+	}
+	if err := cert.SignatureKey.Verify(cert.bytesForSigning(), cert.Signature); err != nil {
+		return fmt.Errorf("ssh: certificate signature does not verify")
+	}
+
+	return nil
+}
+
+// SignCert signs the certificate with an authority, setting the Nonce,
+// SignatureKey, and Signature fields.
+func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
+	c.Nonce = make([]byte, 32)
+	if _, err := io.ReadFull(rand, c.Nonce); err != nil {
+		return err
+	}
+	c.SignatureKey = authority.PublicKey()
+
+	sig, err := authority.Sign(rand, c.bytesForSigning())
+	if err != nil {
+		return err
+	}
+	c.Signature = sig
+	return nil
+}
+
+var certAlgoNames = map[string]string{
+	KeyAlgoRSA:        CertAlgoRSAv01,
+	KeyAlgoDSA:        CertAlgoDSAv01,
+	KeyAlgoECDSA256:   CertAlgoECDSA256v01,
+	KeyAlgoECDSA384:   CertAlgoECDSA384v01,
+	KeyAlgoECDSA521:   CertAlgoECDSA521v01,
+	KeyAlgoSKECDSA256: CertAlgoSKECDSA256v01,
+	KeyAlgoED25519:    CertAlgoED25519v01,
+	KeyAlgoSKED25519:  CertAlgoSKED25519v01,
+}
+
+// certToPrivAlgo returns the underlying algorithm for a certificate algorithm.
+// Panics if a non-certificate algorithm is passed.
+func certToPrivAlgo(algo string) string {
+	for privAlgo, pubAlgo := range certAlgoNames {
+		if pubAlgo == algo {
+			return privAlgo
+		}
+	}
+	panic("unknown cert algorithm")
+}
+
+func (cert *Certificate) bytesForSigning() []byte {
+	c2 := *cert
+	c2.Signature = nil
+	out := c2.Marshal()
+	// Drop trailing signature length.
+	return out[:len(out)-4]
+}
+
+// Marshal serializes c into OpenSSH's wire format. It is part of the
+// PublicKey interface.
+func (c *Certificate) Marshal() []byte {
+	generic := genericCertData{
+		Serial:          c.Serial,
+		CertType:        c.CertType,
+		KeyId:           c.KeyId,
+		ValidPrincipals: marshalStringList(c.ValidPrincipals),
+		ValidAfter:      uint64(c.ValidAfter),
+		ValidBefore:     uint64(c.ValidBefore),
+		CriticalOptions: marshalTuples(c.CriticalOptions),
+		Extensions:      marshalTuples(c.Extensions),
+		Reserved:        c.Reserved,
+		SignatureKey:    c.SignatureKey.Marshal(),
+	}
+	if c.Signature != nil {
+		generic.Signature = Marshal(c.Signature)
+	}
+	genericBytes := Marshal(&generic)
+	keyBytes := c.Key.Marshal()
+	_, keyBytes, _ = parseString(keyBytes)
+	prefix := Marshal(&struct {
+		Name  string
+		Nonce []byte
+		Key   []byte `ssh:"rest"`
+	}{c.Type(), c.Nonce, keyBytes})
+
+	result := make([]byte, 0, len(prefix)+len(genericBytes))
+	result = append(result, prefix...)
+	result = append(result, genericBytes...)
+	return result
+}
+
+// Type returns the key name. It is part of the PublicKey interface.
+func (c *Certificate) Type() string {
+	algo, ok := certAlgoNames[c.Key.Type()]
+	if !ok {
+		panic("unknown cert key type " + c.Key.Type())
+	}
+	return algo
+}
+
+// Verify verifies a signature against the certificate's public
+// key. It is part of the PublicKey interface.
+func (c *Certificate) Verify(data []byte, sig *Signature) error {
+	return c.Key.Verify(data, sig)
+}
+
+func parseSignatureBody(in []byte) (out *Signature, rest []byte, ok bool) {
+	format, in, ok := parseString(in)
+	if !ok {
+		return
+	}
+
+	out = &Signature{
+		Format: string(format),
+	}
+
+	if out.Blob, in, ok = parseString(in); !ok {
+		return
+	}
+
+	switch out.Format {
+	case KeyAlgoSKECDSA256, CertAlgoSKECDSA256v01, KeyAlgoSKED25519, CertAlgoSKED25519v01:
+		out.Rest = in
+		return out, nil, ok
+	}
+
+	return out, in, ok
+}
+
+func parseSignature(in []byte) (out *Signature, rest []byte, ok bool) {
+	sigBytes, rest, ok := parseString(in)
+	if !ok {
+		return
+	}
+
+	out, trailing, ok := parseSignatureBody(sigBytes)
+	if !ok || len(trailing) > 0 {
+		return nil, nil, false
+	}
+	return
+}
diff --git a/vendor/golang.org/x/crypto/ssh/channel.go b/vendor/golang.org/x/crypto/ssh/channel.go
new file mode 100644
index 0000000000000..c0834c00dfee9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/channel.go
@@ -0,0 +1,633 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"sync"
+)
+
+const (
+	minPacketLength = 9
+	// channelMaxPacket contains the maximum number of bytes that will be
+	// sent in a single packet. As per RFC 4253, section 6.1, 32k is also
+	// the minimum.
+	channelMaxPacket = 1 << 15
+	// We follow OpenSSH here.
+	channelWindowSize = 64 * channelMaxPacket
+)
+
+// NewChannel represents an incoming request to a channel. It must either be
+// accepted for use by calling Accept, or rejected by calling Reject.
+type NewChannel interface {
+	// Accept accepts the channel creation request. It returns the Channel
+	// and a Go channel containing SSH requests. The Go channel must be
+	// serviced otherwise the Channel will hang.
+	Accept() (Channel, <-chan *Request, error)
+
+	// Reject rejects the channel creation request. After calling
+	// this, no other methods on the Channel may be called.
+	Reject(reason RejectionReason, message string) error
+
+	// ChannelType returns the type of the channel, as supplied by the
+	// client.
+	ChannelType() string
+
+	// ExtraData returns the arbitrary payload for this channel, as supplied
+	// by the client. This data is specific to the channel type.
+	ExtraData() []byte
+}
+
+// A Channel is an ordered, reliable, flow-controlled, duplex stream
+// that is multiplexed over an SSH connection.
+type Channel interface {
+	// Read reads up to len(data) bytes from the channel.
+	Read(data []byte) (int, error)
+
+	// Write writes len(data) bytes to the channel.
+	Write(data []byte) (int, error)
+
+	// Close signals end of channel use. No data may be sent after this
+	// call.
+	Close() error
+
+	// CloseWrite signals the end of sending in-band
+	// data. Requests may still be sent, and the other side may
+	// still send data
+	CloseWrite() error
+
+	// SendRequest sends a channel request.  If wantReply is true,
+	// it will wait for a reply and return the result as a
+	// boolean, otherwise the return value will be false. Channel
+	// requests are out-of-band messages so they may be sent even
+	// if the data stream is closed or blocked by flow control.
+	// If the channel is closed before a reply is returned, io.EOF
+	// is returned.
+	SendRequest(name string, wantReply bool, payload []byte) (bool, error)
+
+	// Stderr returns an io.ReadWriter that writes to this channel
+	// with the extended data type set to stderr. Stderr may
+	// safely be read and written from a different goroutine than
+	// Read and Write respectively.
+	Stderr() io.ReadWriter
+}
+
+// Request is a request sent outside of the normal stream of
+// data. Requests can either be specific to an SSH channel, or they
+// can be global.
+type Request struct {
+	Type      string
+	WantReply bool
+	Payload   []byte
+
+	ch  *channel
+	mux *mux
+}
+
+// Reply sends a response to a request. It must be called for all requests
+// where WantReply is true and is a no-op otherwise. The payload argument is
+// ignored for replies to channel-specific requests.
+func (r *Request) Reply(ok bool, payload []byte) error {
+	if !r.WantReply {
+		return nil
+	}
+
+	if r.ch == nil {
+		return r.mux.ackRequest(ok, payload)
+	}
+
+	return r.ch.ackRequest(ok)
+}
+
+// RejectionReason is an enumeration used when rejecting channel creation
+// requests. See RFC 4254, section 5.1.
+type RejectionReason uint32
+
+const (
+	Prohibited RejectionReason = iota + 1
+	ConnectionFailed
+	UnknownChannelType
+	ResourceShortage
+)
+
+// String converts the rejection reason to human readable form.
+func (r RejectionReason) String() string {
+	switch r {
+	case Prohibited:
+		return "administratively prohibited"
+	case ConnectionFailed:
+		return "connect failed"
+	case UnknownChannelType:
+		return "unknown channel type"
+	case ResourceShortage:
+		return "resource shortage"
+	}
+	return fmt.Sprintf("unknown reason %d", int(r))
+}
+
+func min(a uint32, b int) uint32 {
+	if a < uint32(b) {
+		return a
+	}
+	return uint32(b)
+}
+
+type channelDirection uint8
+
+const (
+	channelInbound channelDirection = iota
+	channelOutbound
+)
+
+// channel is an implementation of the Channel interface that works
+// with the mux class.
+type channel struct {
+	// R/O after creation
+	chanType          string
+	extraData         []byte
+	localId, remoteId uint32
+
+	// maxIncomingPayload and maxRemotePayload are the maximum
+	// payload sizes of normal and extended data packets for
+	// receiving and sending, respectively. The wire packet will
+	// be 9 or 13 bytes larger (excluding encryption overhead).
+	maxIncomingPayload uint32
+	maxRemotePayload   uint32
+
+	mux *mux
+
+	// decided is set to true if an accept or reject message has been sent
+	// (for outbound channels) or received (for inbound channels).
+	decided bool
+
+	// direction contains either channelOutbound, for channels created
+	// locally, or channelInbound, for channels created by the peer.
+	direction channelDirection
+
+	// Pending internal channel messages.
+	msg chan interface{}
+
+	// Since requests have no ID, there can be only one request
+	// with WantReply=true outstanding.  This lock is held by a
+	// goroutine that has such an outgoing request pending.
+	sentRequestMu sync.Mutex
+
+	incomingRequests chan *Request
+
+	sentEOF bool
+
+	// thread-safe data
+	remoteWin  window
+	pending    *buffer
+	extPending *buffer
+
+	// windowMu protects myWindow, the flow-control window.
+	windowMu sync.Mutex
+	myWindow uint32
+
+	// writeMu serializes calls to mux.conn.writePacket() and
+	// protects sentClose and packetPool. This mutex must be
+	// different from windowMu, as writePacket can block if there
+	// is a key exchange pending.
+	writeMu   sync.Mutex
+	sentClose bool
+
+	// packetPool has a buffer for each extended channel ID to
+	// save allocations during writes.
+	packetPool map[uint32][]byte
+}
+
+// writePacket sends a packet. If the packet is a channel close, it updates
+// sentClose. This method takes the lock c.writeMu.
+func (ch *channel) writePacket(packet []byte) error {
+	ch.writeMu.Lock()
+	if ch.sentClose {
+		ch.writeMu.Unlock()
+		return io.EOF
+	}
+	ch.sentClose = (packet[0] == msgChannelClose)
+	err := ch.mux.conn.writePacket(packet)
+	ch.writeMu.Unlock()
+	return err
+}
+
+func (ch *channel) sendMessage(msg interface{}) error {
+	if debugMux {
+		log.Printf("send(%d): %#v", ch.mux.chanList.offset, msg)
+	}
+
+	p := Marshal(msg)
+	binary.BigEndian.PutUint32(p[1:], ch.remoteId)
+	return ch.writePacket(p)
+}
+
+// WriteExtended writes data to a specific extended stream. These streams are
+// used, for example, for stderr.
+func (ch *channel) WriteExtended(data []byte, extendedCode uint32) (n int, err error) {
+	if ch.sentEOF {
+		return 0, io.EOF
+	}
+	// 1 byte message type, 4 bytes remoteId, 4 bytes data length
+	opCode := byte(msgChannelData)
+	headerLength := uint32(9)
+	if extendedCode > 0 {
+		headerLength += 4
+		opCode = msgChannelExtendedData
+	}
+
+	ch.writeMu.Lock()
+	packet := ch.packetPool[extendedCode]
+	// We don't remove the buffer from packetPool, so
+	// WriteExtended calls from different goroutines will be
+	// flagged as errors by the race detector.
+	ch.writeMu.Unlock()
+
+	for len(data) > 0 {
+		space := min(ch.maxRemotePayload, len(data))
+		if space, err = ch.remoteWin.reserve(space); err != nil {
+			return n, err
+		}
+		if want := headerLength + space; uint32(cap(packet)) < want {
+			packet = make([]byte, want)
+		} else {
+			packet = packet[:want]
+		}
+
+		todo := data[:space]
+
+		packet[0] = opCode
+		binary.BigEndian.PutUint32(packet[1:], ch.remoteId)
+		if extendedCode > 0 {
+			binary.BigEndian.PutUint32(packet[5:], uint32(extendedCode))
+		}
+		binary.BigEndian.PutUint32(packet[headerLength-4:], uint32(len(todo)))
+		copy(packet[headerLength:], todo)
+		if err = ch.writePacket(packet); err != nil {
+			return n, err
+		}
+
+		n += len(todo)
+		data = data[len(todo):]
+	}
+
+	ch.writeMu.Lock()
+	ch.packetPool[extendedCode] = packet
+	ch.writeMu.Unlock()
+
+	return n, err
+}
+
+func (ch *channel) handleData(packet []byte) error {
+	headerLen := 9
+	isExtendedData := packet[0] == msgChannelExtendedData
+	if isExtendedData {
+		headerLen = 13
+	}
+	if len(packet) < headerLen {
+		// malformed data packet
+		return parseError(packet[0])
+	}
+
+	var extended uint32
+	if isExtendedData {
+		extended = binary.BigEndian.Uint32(packet[5:])
+	}
+
+	length := binary.BigEndian.Uint32(packet[headerLen-4 : headerLen])
+	if length == 0 {
+		return nil
+	}
+	if length > ch.maxIncomingPayload {
+		// TODO(hanwen): should send Disconnect?
+		return errors.New("ssh: incoming packet exceeds maximum payload size")
+	}
+
+	data := packet[headerLen:]
+	if length != uint32(len(data)) {
+		return errors.New("ssh: wrong packet length")
+	}
+
+	ch.windowMu.Lock()
+	if ch.myWindow < length {
+		ch.windowMu.Unlock()
+		// TODO(hanwen): should send Disconnect with reason?
+		return errors.New("ssh: remote side wrote too much")
+	}
+	ch.myWindow -= length
+	ch.windowMu.Unlock()
+
+	if extended == 1 {
+		ch.extPending.write(data)
+	} else if extended > 0 {
+		// discard other extended data.
+	} else {
+		ch.pending.write(data)
+	}
+	return nil
+}
+
+func (c *channel) adjustWindow(n uint32) error {
+	c.windowMu.Lock()
+	// Since myWindow is managed on our side, and can never exceed
+	// the initial window setting, we don't worry about overflow.
+	c.myWindow += uint32(n)
+	c.windowMu.Unlock()
+	return c.sendMessage(windowAdjustMsg{
+		AdditionalBytes: uint32(n),
+	})
+}
+
+func (c *channel) ReadExtended(data []byte, extended uint32) (n int, err error) {
+	switch extended {
+	case 1:
+		n, err = c.extPending.Read(data)
+	case 0:
+		n, err = c.pending.Read(data)
+	default:
+		return 0, fmt.Errorf("ssh: extended code %d unimplemented", extended)
+	}
+
+	if n > 0 {
+		err = c.adjustWindow(uint32(n))
+		// sendWindowAdjust can return io.EOF if the remote
+		// peer has closed the connection, however we want to
+		// defer forwarding io.EOF to the caller of Read until
+		// the buffer has been drained.
+		if n > 0 && err == io.EOF {
+			err = nil
+		}
+	}
+
+	return n, err
+}
+
+func (c *channel) close() {
+	c.pending.eof()
+	c.extPending.eof()
+	close(c.msg)
+	close(c.incomingRequests)
+	c.writeMu.Lock()
+	// This is not necessary for a normal channel teardown, but if
+	// there was another error, it is.
+	c.sentClose = true
+	c.writeMu.Unlock()
+	// Unblock writers.
+	c.remoteWin.close()
+}
+
+// responseMessageReceived is called when a success or failure message is
+// received on a channel to check that such a message is reasonable for the
+// given channel.
+func (ch *channel) responseMessageReceived() error {
+	if ch.direction == channelInbound {
+		return errors.New("ssh: channel response message received on inbound channel")
+	}
+	if ch.decided {
+		return errors.New("ssh: duplicate response received for channel")
+	}
+	ch.decided = true
+	return nil
+}
+
+func (ch *channel) handlePacket(packet []byte) error {
+	switch packet[0] {
+	case msgChannelData, msgChannelExtendedData:
+		return ch.handleData(packet)
+	case msgChannelClose:
+		ch.sendMessage(channelCloseMsg{PeersID: ch.remoteId})
+		ch.mux.chanList.remove(ch.localId)
+		ch.close()
+		return nil
+	case msgChannelEOF:
+		// RFC 4254 is mute on how EOF affects dataExt messages but
+		// it is logical to signal EOF at the same time.
+		ch.extPending.eof()
+		ch.pending.eof()
+		return nil
+	}
+
+	decoded, err := decode(packet)
+	if err != nil {
+		return err
+	}
+
+	switch msg := decoded.(type) {
+	case *channelOpenFailureMsg:
+		if err := ch.responseMessageReceived(); err != nil {
+			return err
+		}
+		ch.mux.chanList.remove(msg.PeersID)
+		ch.msg <- msg
+	case *channelOpenConfirmMsg:
+		if err := ch.responseMessageReceived(); err != nil {
+			return err
+		}
+		if msg.MaxPacketSize < minPacketLength || msg.MaxPacketSize > 1<<31 {
+			return fmt.Errorf("ssh: invalid MaxPacketSize %d from peer", msg.MaxPacketSize)
+		}
+		ch.remoteId = msg.MyID
+		ch.maxRemotePayload = msg.MaxPacketSize
+		ch.remoteWin.add(msg.MyWindow)
+		ch.msg <- msg
+	case *windowAdjustMsg:
+		if !ch.remoteWin.add(msg.AdditionalBytes) {
+			return fmt.Errorf("ssh: invalid window update for %d bytes", msg.AdditionalBytes)
+		}
+	case *channelRequestMsg:
+		req := Request{
+			Type:      msg.Request,
+			WantReply: msg.WantReply,
+			Payload:   msg.RequestSpecificData,
+			ch:        ch,
+		}
+
+		ch.incomingRequests <- &req
+	default:
+		ch.msg <- msg
+	}
+	return nil
+}
+
+func (m *mux) newChannel(chanType string, direction channelDirection, extraData []byte) *channel {
+	ch := &channel{
+		remoteWin:        window{Cond: newCond()},
+		myWindow:         channelWindowSize,
+		pending:          newBuffer(),
+		extPending:       newBuffer(),
+		direction:        direction,
+		incomingRequests: make(chan *Request, chanSize),
+		msg:              make(chan interface{}, chanSize),
+		chanType:         chanType,
+		extraData:        extraData,
+		mux:              m,
+		packetPool:       make(map[uint32][]byte),
+	}
+	ch.localId = m.chanList.add(ch)
+	return ch
+}
+
+var errUndecided = errors.New("ssh: must Accept or Reject channel")
+var errDecidedAlready = errors.New("ssh: can call Accept or Reject only once")
+
+type extChannel struct {
+	code uint32
+	ch   *channel
+}
+
+func (e *extChannel) Write(data []byte) (n int, err error) {
+	return e.ch.WriteExtended(data, e.code)
+}
+
+func (e *extChannel) Read(data []byte) (n int, err error) {
+	return e.ch.ReadExtended(data, e.code)
+}
+
+func (ch *channel) Accept() (Channel, <-chan *Request, error) {
+	if ch.decided {
+		return nil, nil, errDecidedAlready
+	}
+	ch.maxIncomingPayload = channelMaxPacket
+	confirm := channelOpenConfirmMsg{
+		PeersID:       ch.remoteId,
+		MyID:          ch.localId,
+		MyWindow:      ch.myWindow,
+		MaxPacketSize: ch.maxIncomingPayload,
+	}
+	ch.decided = true
+	if err := ch.sendMessage(confirm); err != nil {
+		return nil, nil, err
+	}
+
+	return ch, ch.incomingRequests, nil
+}
+
+func (ch *channel) Reject(reason RejectionReason, message string) error {
+	if ch.decided {
+		return errDecidedAlready
+	}
+	reject := channelOpenFailureMsg{
+		PeersID:  ch.remoteId,
+		Reason:   reason,
+		Message:  message,
+		Language: "en",
+	}
+	ch.decided = true
+	return ch.sendMessage(reject)
+}
+
+func (ch *channel) Read(data []byte) (int, error) {
+	if !ch.decided {
+		return 0, errUndecided
+	}
+	return ch.ReadExtended(data, 0)
+}
+
+func (ch *channel) Write(data []byte) (int, error) {
+	if !ch.decided {
+		return 0, errUndecided
+	}
+	return ch.WriteExtended(data, 0)
+}
+
+func (ch *channel) CloseWrite() error {
+	if !ch.decided {
+		return errUndecided
+	}
+	ch.sentEOF = true
+	return ch.sendMessage(channelEOFMsg{
+		PeersID: ch.remoteId})
+}
+
+func (ch *channel) Close() error {
+	if !ch.decided {
+		return errUndecided
+	}
+
+	return ch.sendMessage(channelCloseMsg{
+		PeersID: ch.remoteId})
+}
+
+// Extended returns an io.ReadWriter that sends and receives data on the given,
+// SSH extended stream. Such streams are used, for example, for stderr.
+func (ch *channel) Extended(code uint32) io.ReadWriter {
+	if !ch.decided {
+		return nil
+	}
+	return &extChannel{code, ch}
+}
+
+func (ch *channel) Stderr() io.ReadWriter {
+	return ch.Extended(1)
+}
+
+func (ch *channel) SendRequest(name string, wantReply bool, payload []byte) (bool, error) {
+	if !ch.decided {
+		return false, errUndecided
+	}
+
+	if wantReply {
+		ch.sentRequestMu.Lock()
+		defer ch.sentRequestMu.Unlock()
+	}
+
+	msg := channelRequestMsg{
+		PeersID:             ch.remoteId,
+		Request:             name,
+		WantReply:           wantReply,
+		RequestSpecificData: payload,
+	}
+
+	if err := ch.sendMessage(msg); err != nil {
+		return false, err
+	}
+
+	if wantReply {
+		m, ok := (<-ch.msg)
+		if !ok {
+			return false, io.EOF
+		}
+		switch m.(type) {
+		case *channelRequestFailureMsg:
+			return false, nil
+		case *channelRequestSuccessMsg:
+			return true, nil
+		default:
+			return false, fmt.Errorf("ssh: unexpected response to channel request: %#v", m)
+		}
+	}
+
+	return false, nil
+}
+
+// ackRequest either sends an ack or nack to the channel request.
+func (ch *channel) ackRequest(ok bool) error {
+	if !ch.decided {
+		return errUndecided
+	}
+
+	var msg interface{}
+	if !ok {
+		msg = channelRequestFailureMsg{
+			PeersID: ch.remoteId,
+		}
+	} else {
+		msg = channelRequestSuccessMsg{
+			PeersID: ch.remoteId,
+		}
+	}
+	return ch.sendMessage(msg)
+}
+
+func (ch *channel) ChannelType() string {
+	return ch.chanType
+}
+
+func (ch *channel) ExtraData() []byte {
+	return ch.extraData
+}
diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go
new file mode 100644
index 0000000000000..8bd6b3daff524
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/cipher.go
@@ -0,0 +1,781 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/des"
+	"crypto/rc4"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"hash"
+	"io"
+	"io/ioutil"
+
+	"golang.org/x/crypto/chacha20"
+	"golang.org/x/crypto/poly1305"
+)
+
+const (
+	packetSizeMultiple = 16 // TODO(huin) this should be determined by the cipher.
+
+	// RFC 4253 section 6.1 defines a minimum packet size of 32768 that implementations
+	// MUST be able to process (plus a few more kilobytes for padding and mac). The RFC
+	// indicates implementations SHOULD be able to handle larger packet sizes, but then
+	// waffles on about reasonable limits.
+	//
+	// OpenSSH caps their maxPacket at 256kB so we choose to do
+	// the same. maxPacket is also used to ensure that uint32
+	// length fields do not overflow, so it should remain well
+	// below 4G.
+	maxPacket = 256 * 1024
+)
+
+// noneCipher implements cipher.Stream and provides no encryption. It is used
+// by the transport before the first key-exchange.
+type noneCipher struct{}
+
+func (c noneCipher) XORKeyStream(dst, src []byte) {
+	copy(dst, src)
+}
+
+func newAESCTR(key, iv []byte) (cipher.Stream, error) {
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	return cipher.NewCTR(c, iv), nil
+}
+
+func newRC4(key, iv []byte) (cipher.Stream, error) {
+	return rc4.NewCipher(key)
+}
+
+type cipherMode struct {
+	keySize int
+	ivSize  int
+	create  func(key, iv []byte, macKey []byte, algs directionAlgorithms) (packetCipher, error)
+}
+
+func streamCipherMode(skip int, createFunc func(key, iv []byte) (cipher.Stream, error)) func(key, iv []byte, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+	return func(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+		stream, err := createFunc(key, iv)
+		if err != nil {
+			return nil, err
+		}
+
+		var streamDump []byte
+		if skip > 0 {
+			streamDump = make([]byte, 512)
+		}
+
+		for remainingToDump := skip; remainingToDump > 0; {
+			dumpThisTime := remainingToDump
+			if dumpThisTime > len(streamDump) {
+				dumpThisTime = len(streamDump)
+			}
+			stream.XORKeyStream(streamDump[:dumpThisTime], streamDump[:dumpThisTime])
+			remainingToDump -= dumpThisTime
+		}
+
+		mac := macModes[algs.MAC].new(macKey)
+		return &streamPacketCipher{
+			mac:       mac,
+			etm:       macModes[algs.MAC].etm,
+			macResult: make([]byte, mac.Size()),
+			cipher:    stream,
+		}, nil
+	}
+}
+
+// cipherModes documents properties of supported ciphers. Ciphers not included
+// are not supported and will not be negotiated, even if explicitly requested in
+// ClientConfig.Crypto.Ciphers.
+var cipherModes = map[string]*cipherMode{
+	// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
+	// are defined in the order specified in the RFC.
+	"aes128-ctr": {16, aes.BlockSize, streamCipherMode(0, newAESCTR)},
+	"aes192-ctr": {24, aes.BlockSize, streamCipherMode(0, newAESCTR)},
+	"aes256-ctr": {32, aes.BlockSize, streamCipherMode(0, newAESCTR)},
+
+	// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
+	// They are defined in the order specified in the RFC.
+	"arcfour128": {16, 0, streamCipherMode(1536, newRC4)},
+	"arcfour256": {32, 0, streamCipherMode(1536, newRC4)},
+
+	// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
+	// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
+	// RC4) has problems with weak keys, and should be used with caution."
+	// RFC4345 introduces improved versions of Arcfour.
+	"arcfour": {16, 0, streamCipherMode(0, newRC4)},
+
+	// AEAD ciphers
+	gcmCipherID:        {16, 12, newGCMCipher},
+	chacha20Poly1305ID: {64, 0, newChaCha20Cipher},
+
+	// CBC mode is insecure and so is not included in the default config.
+	// (See https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf). If absolutely
+	// needed, it's possible to specify a custom Config to enable it.
+	// You should expect that an active attacker can recover plaintext if
+	// you do.
+	aes128cbcID: {16, aes.BlockSize, newAESCBCCipher},
+
+	// 3des-cbc is insecure and is not included in the default
+	// config.
+	tripledescbcID: {24, des.BlockSize, newTripleDESCBCCipher},
+}
+
+// prefixLen is the length of the packet prefix that contains the packet length
+// and number of padding bytes.
+const prefixLen = 5
+
+// streamPacketCipher is a packetCipher using a stream cipher.
+type streamPacketCipher struct {
+	mac    hash.Hash
+	cipher cipher.Stream
+	etm    bool
+
+	// The following members are to avoid per-packet allocations.
+	prefix      [prefixLen]byte
+	seqNumBytes [4]byte
+	padding     [2 * packetSizeMultiple]byte
+	packetData  []byte
+	macResult   []byte
+}
+
+// readCipherPacket reads and decrypt a single packet from the reader argument.
+func (s *streamPacketCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+	if _, err := io.ReadFull(r, s.prefix[:]); err != nil {
+		return nil, err
+	}
+
+	var encryptedPaddingLength [1]byte
+	if s.mac != nil && s.etm {
+		copy(encryptedPaddingLength[:], s.prefix[4:5])
+		s.cipher.XORKeyStream(s.prefix[4:5], s.prefix[4:5])
+	} else {
+		s.cipher.XORKeyStream(s.prefix[:], s.prefix[:])
+	}
+
+	length := binary.BigEndian.Uint32(s.prefix[0:4])
+	paddingLength := uint32(s.prefix[4])
+
+	var macSize uint32
+	if s.mac != nil {
+		s.mac.Reset()
+		binary.BigEndian.PutUint32(s.seqNumBytes[:], seqNum)
+		s.mac.Write(s.seqNumBytes[:])
+		if s.etm {
+			s.mac.Write(s.prefix[:4])
+			s.mac.Write(encryptedPaddingLength[:])
+		} else {
+			s.mac.Write(s.prefix[:])
+		}
+		macSize = uint32(s.mac.Size())
+	}
+
+	if length <= paddingLength+1 {
+		return nil, errors.New("ssh: invalid packet length, packet too small")
+	}
+
+	if length > maxPacket {
+		return nil, errors.New("ssh: invalid packet length, packet too large")
+	}
+
+	// the maxPacket check above ensures that length-1+macSize
+	// does not overflow.
+	if uint32(cap(s.packetData)) < length-1+macSize {
+		s.packetData = make([]byte, length-1+macSize)
+	} else {
+		s.packetData = s.packetData[:length-1+macSize]
+	}
+
+	if _, err := io.ReadFull(r, s.packetData); err != nil {
+		return nil, err
+	}
+	mac := s.packetData[length-1:]
+	data := s.packetData[:length-1]
+
+	if s.mac != nil && s.etm {
+		s.mac.Write(data)
+	}
+
+	s.cipher.XORKeyStream(data, data)
+
+	if s.mac != nil {
+		if !s.etm {
+			s.mac.Write(data)
+		}
+		s.macResult = s.mac.Sum(s.macResult[:0])
+		if subtle.ConstantTimeCompare(s.macResult, mac) != 1 {
+			return nil, errors.New("ssh: MAC failure")
+		}
+	}
+
+	return s.packetData[:length-paddingLength-1], nil
+}
+
+// writeCipherPacket encrypts and sends a packet of data to the writer argument
+func (s *streamPacketCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+	if len(packet) > maxPacket {
+		return errors.New("ssh: packet too large")
+	}
+
+	aadlen := 0
+	if s.mac != nil && s.etm {
+		// packet length is not encrypted for EtM modes
+		aadlen = 4
+	}
+
+	paddingLength := packetSizeMultiple - (prefixLen+len(packet)-aadlen)%packetSizeMultiple
+	if paddingLength < 4 {
+		paddingLength += packetSizeMultiple
+	}
+
+	length := len(packet) + 1 + paddingLength
+	binary.BigEndian.PutUint32(s.prefix[:], uint32(length))
+	s.prefix[4] = byte(paddingLength)
+	padding := s.padding[:paddingLength]
+	if _, err := io.ReadFull(rand, padding); err != nil {
+		return err
+	}
+
+	if s.mac != nil {
+		s.mac.Reset()
+		binary.BigEndian.PutUint32(s.seqNumBytes[:], seqNum)
+		s.mac.Write(s.seqNumBytes[:])
+
+		if s.etm {
+			// For EtM algorithms, the packet length must stay unencrypted,
+			// but the following data (padding length) must be encrypted
+			s.cipher.XORKeyStream(s.prefix[4:5], s.prefix[4:5])
+		}
+
+		s.mac.Write(s.prefix[:])
+
+		if !s.etm {
+			// For non-EtM algorithms, the algorithm is applied on unencrypted data
+			s.mac.Write(packet)
+			s.mac.Write(padding)
+		}
+	}
+
+	if !(s.mac != nil && s.etm) {
+		// For EtM algorithms, the padding length has already been encrypted
+		// and the packet length must remain unencrypted
+		s.cipher.XORKeyStream(s.prefix[:], s.prefix[:])
+	}
+
+	s.cipher.XORKeyStream(packet, packet)
+	s.cipher.XORKeyStream(padding, padding)
+
+	if s.mac != nil && s.etm {
+		// For EtM algorithms, packet and padding must be encrypted
+		s.mac.Write(packet)
+		s.mac.Write(padding)
+	}
+
+	if _, err := w.Write(s.prefix[:]); err != nil {
+		return err
+	}
+	if _, err := w.Write(packet); err != nil {
+		return err
+	}
+	if _, err := w.Write(padding); err != nil {
+		return err
+	}
+
+	if s.mac != nil {
+		s.macResult = s.mac.Sum(s.macResult[:0])
+		if _, err := w.Write(s.macResult); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+type gcmCipher struct {
+	aead   cipher.AEAD
+	prefix [4]byte
+	iv     []byte
+	buf    []byte
+}
+
+func newGCMCipher(key, iv, unusedMacKey []byte, unusedAlgs directionAlgorithms) (packetCipher, error) {
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	aead, err := cipher.NewGCM(c)
+	if err != nil {
+		return nil, err
+	}
+
+	return &gcmCipher{
+		aead: aead,
+		iv:   iv,
+	}, nil
+}
+
+const gcmTagSize = 16
+
+func (c *gcmCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+	// Pad out to multiple of 16 bytes. This is different from the
+	// stream cipher because that encrypts the length too.
+	padding := byte(packetSizeMultiple - (1+len(packet))%packetSizeMultiple)
+	if padding < 4 {
+		padding += packetSizeMultiple
+	}
+
+	length := uint32(len(packet) + int(padding) + 1)
+	binary.BigEndian.PutUint32(c.prefix[:], length)
+	if _, err := w.Write(c.prefix[:]); err != nil {
+		return err
+	}
+
+	if cap(c.buf) < int(length) {
+		c.buf = make([]byte, length)
+	} else {
+		c.buf = c.buf[:length]
+	}
+
+	c.buf[0] = padding
+	copy(c.buf[1:], packet)
+	if _, err := io.ReadFull(rand, c.buf[1+len(packet):]); err != nil {
+		return err
+	}
+	c.buf = c.aead.Seal(c.buf[:0], c.iv, c.buf, c.prefix[:])
+	if _, err := w.Write(c.buf); err != nil {
+		return err
+	}
+	c.incIV()
+
+	return nil
+}
+
+func (c *gcmCipher) incIV() {
+	for i := 4 + 7; i >= 4; i-- {
+		c.iv[i]++
+		if c.iv[i] != 0 {
+			break
+		}
+	}
+}
+
+func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+	if _, err := io.ReadFull(r, c.prefix[:]); err != nil {
+		return nil, err
+	}
+	length := binary.BigEndian.Uint32(c.prefix[:])
+	if length > maxPacket {
+		return nil, errors.New("ssh: max packet length exceeded")
+	}
+
+	if cap(c.buf) < int(length+gcmTagSize) {
+		c.buf = make([]byte, length+gcmTagSize)
+	} else {
+		c.buf = c.buf[:length+gcmTagSize]
+	}
+
+	if _, err := io.ReadFull(r, c.buf); err != nil {
+		return nil, err
+	}
+
+	plain, err := c.aead.Open(c.buf[:0], c.iv, c.buf, c.prefix[:])
+	if err != nil {
+		return nil, err
+	}
+	c.incIV()
+
+	padding := plain[0]
+	if padding < 4 {
+		// padding is a byte, so it automatically satisfies
+		// the maximum size, which is 255.
+		return nil, fmt.Errorf("ssh: illegal padding %d", padding)
+	}
+
+	if int(padding+1) >= len(plain) {
+		return nil, fmt.Errorf("ssh: padding %d too large", padding)
+	}
+	plain = plain[1 : length-uint32(padding)]
+	return plain, nil
+}
+
+// cbcCipher implements aes128-cbc cipher defined in RFC 4253 section 6.1
+type cbcCipher struct {
+	mac       hash.Hash
+	macSize   uint32
+	decrypter cipher.BlockMode
+	encrypter cipher.BlockMode
+
+	// The following members are to avoid per-packet allocations.
+	seqNumBytes [4]byte
+	packetData  []byte
+	macResult   []byte
+
+	// Amount of data we should still read to hide which
+	// verification error triggered.
+	oracleCamouflage uint32
+}
+
+func newCBCCipher(c cipher.Block, key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+	cbc := &cbcCipher{
+		mac:        macModes[algs.MAC].new(macKey),
+		decrypter:  cipher.NewCBCDecrypter(c, iv),
+		encrypter:  cipher.NewCBCEncrypter(c, iv),
+		packetData: make([]byte, 1024),
+	}
+	if cbc.mac != nil {
+		cbc.macSize = uint32(cbc.mac.Size())
+	}
+
+	return cbc, nil
+}
+
+func newAESCBCCipher(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	cbc, err := newCBCCipher(c, key, iv, macKey, algs)
+	if err != nil {
+		return nil, err
+	}
+
+	return cbc, nil
+}
+
+func newTripleDESCBCCipher(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+	c, err := des.NewTripleDESCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	cbc, err := newCBCCipher(c, key, iv, macKey, algs)
+	if err != nil {
+		return nil, err
+	}
+
+	return cbc, nil
+}
+
+func maxUInt32(a, b int) uint32 {
+	if a > b {
+		return uint32(a)
+	}
+	return uint32(b)
+}
+
+const (
+	cbcMinPacketSizeMultiple = 8
+	cbcMinPacketSize         = 16
+	cbcMinPaddingSize        = 4
+)
+
+// cbcError represents a verification error that may leak information.
+type cbcError string
+
+func (e cbcError) Error() string { return string(e) }
+
+func (c *cbcCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+	p, err := c.readCipherPacketLeaky(seqNum, r)
+	if err != nil {
+		if _, ok := err.(cbcError); ok {
+			// Verification error: read a fixed amount of
+			// data, to make distinguishing between
+			// failing MAC and failing length check more
+			// difficult.
+			io.CopyN(ioutil.Discard, r, int64(c.oracleCamouflage))
+		}
+	}
+	return p, err
+}
+
+func (c *cbcCipher) readCipherPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error) {
+	blockSize := c.decrypter.BlockSize()
+
+	// Read the header, which will include some of the subsequent data in the
+	// case of block ciphers - this is copied back to the payload later.
+	// How many bytes of payload/padding will be read with this first read.
+	firstBlockLength := uint32((prefixLen + blockSize - 1) / blockSize * blockSize)
+	firstBlock := c.packetData[:firstBlockLength]
+	if _, err := io.ReadFull(r, firstBlock); err != nil {
+		return nil, err
+	}
+
+	c.oracleCamouflage = maxPacket + 4 + c.macSize - firstBlockLength
+
+	c.decrypter.CryptBlocks(firstBlock, firstBlock)
+	length := binary.BigEndian.Uint32(firstBlock[:4])
+	if length > maxPacket {
+		return nil, cbcError("ssh: packet too large")
+	}
+	if length+4 < maxUInt32(cbcMinPacketSize, blockSize) {
+		// The minimum size of a packet is 16 (or the cipher block size, whichever
+		// is larger) bytes.
+		return nil, cbcError("ssh: packet too small")
+	}
+	// The length of the packet (including the length field but not the MAC) must
+	// be a multiple of the block size or 8, whichever is larger.
+	if (length+4)%maxUInt32(cbcMinPacketSizeMultiple, blockSize) != 0 {
+		return nil, cbcError("ssh: invalid packet length multiple")
+	}
+
+	paddingLength := uint32(firstBlock[4])
+	if paddingLength < cbcMinPaddingSize || length <= paddingLength+1 {
+		return nil, cbcError("ssh: invalid packet length")
+	}
+
+	// Positions within the c.packetData buffer:
+	macStart := 4 + length
+	paddingStart := macStart - paddingLength
+
+	// Entire packet size, starting before length, ending at end of mac.
+	entirePacketSize := macStart + c.macSize
+
+	// Ensure c.packetData is large enough for the entire packet data.
+	if uint32(cap(c.packetData)) < entirePacketSize {
+		// Still need to upsize and copy, but this should be rare at runtime, only
+		// on upsizing the packetData buffer.
+		c.packetData = make([]byte, entirePacketSize)
+		copy(c.packetData, firstBlock)
+	} else {
+		c.packetData = c.packetData[:entirePacketSize]
+	}
+
+	n, err := io.ReadFull(r, c.packetData[firstBlockLength:])
+	if err != nil {
+		return nil, err
+	}
+	c.oracleCamouflage -= uint32(n)
+
+	remainingCrypted := c.packetData[firstBlockLength:macStart]
+	c.decrypter.CryptBlocks(remainingCrypted, remainingCrypted)
+
+	mac := c.packetData[macStart:]
+	if c.mac != nil {
+		c.mac.Reset()
+		binary.BigEndian.PutUint32(c.seqNumBytes[:], seqNum)
+		c.mac.Write(c.seqNumBytes[:])
+		c.mac.Write(c.packetData[:macStart])
+		c.macResult = c.mac.Sum(c.macResult[:0])
+		if subtle.ConstantTimeCompare(c.macResult, mac) != 1 {
+			return nil, cbcError("ssh: MAC failure")
+		}
+	}
+
+	return c.packetData[prefixLen:paddingStart], nil
+}
+
+func (c *cbcCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+	effectiveBlockSize := maxUInt32(cbcMinPacketSizeMultiple, c.encrypter.BlockSize())
+
+	// Length of encrypted portion of the packet (header, payload, padding).
+	// Enforce minimum padding and packet size.
+	encLength := maxUInt32(prefixLen+len(packet)+cbcMinPaddingSize, cbcMinPaddingSize)
+	// Enforce block size.
+	encLength = (encLength + effectiveBlockSize - 1) / effectiveBlockSize * effectiveBlockSize
+
+	length := encLength - 4
+	paddingLength := int(length) - (1 + len(packet))
+
+	// Overall buffer contains: header, payload, padding, mac.
+	// Space for the MAC is reserved in the capacity but not the slice length.
+	bufferSize := encLength + c.macSize
+	if uint32(cap(c.packetData)) < bufferSize {
+		c.packetData = make([]byte, encLength, bufferSize)
+	} else {
+		c.packetData = c.packetData[:encLength]
+	}
+
+	p := c.packetData
+
+	// Packet header.
+	binary.BigEndian.PutUint32(p, length)
+	p = p[4:]
+	p[0] = byte(paddingLength)
+
+	// Payload.
+	p = p[1:]
+	copy(p, packet)
+
+	// Padding.
+	p = p[len(packet):]
+	if _, err := io.ReadFull(rand, p); err != nil {
+		return err
+	}
+
+	if c.mac != nil {
+		c.mac.Reset()
+		binary.BigEndian.PutUint32(c.seqNumBytes[:], seqNum)
+		c.mac.Write(c.seqNumBytes[:])
+		c.mac.Write(c.packetData)
+		// The MAC is now appended into the capacity reserved for it earlier.
+		c.packetData = c.mac.Sum(c.packetData)
+	}
+
+	c.encrypter.CryptBlocks(c.packetData[:encLength], c.packetData[:encLength])
+
+	if _, err := w.Write(c.packetData); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+const chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
+
+// chacha20Poly1305Cipher implements the chacha20-poly1305@openssh.com
+// AEAD, which is described here:
+//
+//   https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
+//
+// the methods here also implement padding, which RFC4253 Section 6
+// also requires of stream ciphers.
+type chacha20Poly1305Cipher struct {
+	lengthKey  [32]byte
+	contentKey [32]byte
+	buf        []byte
+}
+
+func newChaCha20Cipher(key, unusedIV, unusedMACKey []byte, unusedAlgs directionAlgorithms) (packetCipher, error) {
+	if len(key) != 64 {
+		panic(len(key))
+	}
+
+	c := &chacha20Poly1305Cipher{
+		buf: make([]byte, 256),
+	}
+
+	copy(c.contentKey[:], key[:32])
+	copy(c.lengthKey[:], key[32:])
+	return c, nil
+}
+
+func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+	nonce := make([]byte, 12)
+	binary.BigEndian.PutUint32(nonce[8:], seqNum)
+	s, err := chacha20.NewUnauthenticatedCipher(c.contentKey[:], nonce)
+	if err != nil {
+		return nil, err
+	}
+	var polyKey, discardBuf [32]byte
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
+
+	encryptedLength := c.buf[:4]
+	if _, err := io.ReadFull(r, encryptedLength); err != nil {
+		return nil, err
+	}
+
+	var lenBytes [4]byte
+	ls, err := chacha20.NewUnauthenticatedCipher(c.lengthKey[:], nonce)
+	if err != nil {
+		return nil, err
+	}
+	ls.XORKeyStream(lenBytes[:], encryptedLength)
+
+	length := binary.BigEndian.Uint32(lenBytes[:])
+	if length > maxPacket {
+		return nil, errors.New("ssh: invalid packet length, packet too large")
+	}
+
+	contentEnd := 4 + length
+	packetEnd := contentEnd + poly1305.TagSize
+	if uint32(cap(c.buf)) < packetEnd {
+		c.buf = make([]byte, packetEnd)
+		copy(c.buf[:], encryptedLength)
+	} else {
+		c.buf = c.buf[:packetEnd]
+	}
+
+	if _, err := io.ReadFull(r, c.buf[4:packetEnd]); err != nil {
+		return nil, err
+	}
+
+	var mac [poly1305.TagSize]byte
+	copy(mac[:], c.buf[contentEnd:packetEnd])
+	if !poly1305.Verify(&mac, c.buf[:contentEnd], &polyKey) {
+		return nil, errors.New("ssh: MAC failure")
+	}
+
+	plain := c.buf[4:contentEnd]
+	s.XORKeyStream(plain, plain)
+
+	padding := plain[0]
+	if padding < 4 {
+		// padding is a byte, so it automatically satisfies
+		// the maximum size, which is 255.
+		return nil, fmt.Errorf("ssh: illegal padding %d", padding)
+	}
+
+	if int(padding)+1 >= len(plain) {
+		return nil, fmt.Errorf("ssh: padding %d too large", padding)
+	}
+
+	plain = plain[1 : len(plain)-int(padding)]
+
+	return plain, nil
+}
+
+func (c *chacha20Poly1305Cipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
+	nonce := make([]byte, 12)
+	binary.BigEndian.PutUint32(nonce[8:], seqNum)
+	s, err := chacha20.NewUnauthenticatedCipher(c.contentKey[:], nonce)
+	if err != nil {
+		return err
+	}
+	var polyKey, discardBuf [32]byte
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
+
+	// There is no blocksize, so fall back to multiple of 8 byte
+	// padding, as described in RFC 4253, Sec 6.
+	const packetSizeMultiple = 8
+
+	padding := packetSizeMultiple - (1+len(payload))%packetSizeMultiple
+	if padding < 4 {
+		padding += packetSizeMultiple
+	}
+
+	// size (4 bytes), padding (1), payload, padding, tag.
+	totalLength := 4 + 1 + len(payload) + padding + poly1305.TagSize
+	if cap(c.buf) < totalLength {
+		c.buf = make([]byte, totalLength)
+	} else {
+		c.buf = c.buf[:totalLength]
+	}
+
+	binary.BigEndian.PutUint32(c.buf, uint32(1+len(payload)+padding))
+	ls, err := chacha20.NewUnauthenticatedCipher(c.lengthKey[:], nonce)
+	if err != nil {
+		return err
+	}
+	ls.XORKeyStream(c.buf, c.buf[:4])
+	c.buf[4] = byte(padding)
+	copy(c.buf[5:], payload)
+	packetEnd := 5 + len(payload) + padding
+	if _, err := io.ReadFull(rand, c.buf[5+len(payload):packetEnd]); err != nil {
+		return err
+	}
+
+	s.XORKeyStream(c.buf[4:], c.buf[4:packetEnd])
+
+	var mac [poly1305.TagSize]byte
+	poly1305.Sum(&mac, c.buf[:packetEnd], &polyKey)
+
+	copy(c.buf[packetEnd:], mac[:])
+
+	if _, err := w.Write(c.buf); err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/golang.org/x/crypto/ssh/client.go b/vendor/golang.org/x/crypto/ssh/client.go
new file mode 100644
index 0000000000000..7b00bff1caa5e
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/client.go
@@ -0,0 +1,278 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"sync"
+	"time"
+)
+
+// Client implements a traditional SSH client that supports shells,
+// subprocesses, TCP port/streamlocal forwarding and tunneled dialing.
+type Client struct {
+	Conn
+
+	handleForwardsOnce sync.Once // guards calling (*Client).handleForwards
+
+	forwards        forwardList // forwarded tcpip connections from the remote side
+	mu              sync.Mutex
+	channelHandlers map[string]chan NewChannel
+}
+
+// HandleChannelOpen returns a channel on which NewChannel requests
+// for the given type are sent. If the type already is being handled,
+// nil is returned. The channel is closed when the connection is closed.
+func (c *Client) HandleChannelOpen(channelType string) <-chan NewChannel {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.channelHandlers == nil {
+		// The SSH channel has been closed.
+		c := make(chan NewChannel)
+		close(c)
+		return c
+	}
+
+	ch := c.channelHandlers[channelType]
+	if ch != nil {
+		return nil
+	}
+
+	ch = make(chan NewChannel, chanSize)
+	c.channelHandlers[channelType] = ch
+	return ch
+}
+
+// NewClient creates a Client on top of the given connection.
+func NewClient(c Conn, chans <-chan NewChannel, reqs <-chan *Request) *Client {
+	conn := &Client{
+		Conn:            c,
+		channelHandlers: make(map[string]chan NewChannel, 1),
+	}
+
+	go conn.handleGlobalRequests(reqs)
+	go conn.handleChannelOpens(chans)
+	go func() {
+		conn.Wait()
+		conn.forwards.closeAll()
+	}()
+	return conn
+}
+
+// NewClientConn establishes an authenticated SSH connection using c
+// as the underlying transport.  The Request and NewChannel channels
+// must be serviced or the connection will hang.
+func NewClientConn(c net.Conn, addr string, config *ClientConfig) (Conn, <-chan NewChannel, <-chan *Request, error) {
+	fullConf := *config
+	fullConf.SetDefaults()
+	if fullConf.HostKeyCallback == nil {
+		c.Close()
+		return nil, nil, nil, errors.New("ssh: must specify HostKeyCallback")
+	}
+
+	conn := &connection{
+		sshConn: sshConn{conn: c},
+	}
+
+	if err := conn.clientHandshake(addr, &fullConf); err != nil {
+		c.Close()
+		return nil, nil, nil, fmt.Errorf("ssh: handshake failed: %v", err)
+	}
+	conn.mux = newMux(conn.transport)
+	return conn, conn.mux.incomingChannels, conn.mux.incomingRequests, nil
+}
+
+// clientHandshake performs the client side key exchange. See RFC 4253 Section
+// 7.
+func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) error {
+	if config.ClientVersion != "" {
+		c.clientVersion = []byte(config.ClientVersion)
+	} else {
+		c.clientVersion = []byte(packageVersion)
+	}
+	var err error
+	c.serverVersion, err = exchangeVersions(c.sshConn.conn, c.clientVersion)
+	if err != nil {
+		return err
+	}
+
+	c.transport = newClientTransport(
+		newTransport(c.sshConn.conn, config.Rand, true /* is client */),
+		c.clientVersion, c.serverVersion, config, dialAddress, c.sshConn.RemoteAddr())
+	if err := c.transport.waitSession(); err != nil {
+		return err
+	}
+
+	c.sessionID = c.transport.getSessionID()
+	return c.clientAuthenticate(config)
+}
+
+// verifyHostKeySignature verifies the host key obtained in the key
+// exchange.
+func verifyHostKeySignature(hostKey PublicKey, result *kexResult) error {
+	sig, rest, ok := parseSignatureBody(result.Signature)
+	if len(rest) > 0 || !ok {
+		return errors.New("ssh: signature parse error")
+	}
+
+	return hostKey.Verify(result.H, sig)
+}
+
+// NewSession opens a new Session for this client. (A session is a remote
+// execution of a program.)
+func (c *Client) NewSession() (*Session, error) {
+	ch, in, err := c.OpenChannel("session", nil)
+	if err != nil {
+		return nil, err
+	}
+	return newSession(ch, in)
+}
+
+func (c *Client) handleGlobalRequests(incoming <-chan *Request) {
+	for r := range incoming {
+		// This handles keepalive messages and matches
+		// the behaviour of OpenSSH.
+		r.Reply(false, nil)
+	}
+}
+
+// handleChannelOpens channel open messages from the remote side.
+func (c *Client) handleChannelOpens(in <-chan NewChannel) {
+	for ch := range in {
+		c.mu.Lock()
+		handler := c.channelHandlers[ch.ChannelType()]
+		c.mu.Unlock()
+
+		if handler != nil {
+			handler <- ch
+		} else {
+			ch.Reject(UnknownChannelType, fmt.Sprintf("unknown channel type: %v", ch.ChannelType()))
+		}
+	}
+
+	c.mu.Lock()
+	for _, ch := range c.channelHandlers {
+		close(ch)
+	}
+	c.channelHandlers = nil
+	c.mu.Unlock()
+}
+
+// Dial starts a client connection to the given SSH server. It is a
+// convenience function that connects to the given network address,
+// initiates the SSH handshake, and then sets up a Client.  For access
+// to incoming channels and requests, use net.Dial with NewClientConn
+// instead.
+func Dial(network, addr string, config *ClientConfig) (*Client, error) {
+	conn, err := net.DialTimeout(network, addr, config.Timeout)
+	if err != nil {
+		return nil, err
+	}
+	c, chans, reqs, err := NewClientConn(conn, addr, config)
+	if err != nil {
+		return nil, err
+	}
+	return NewClient(c, chans, reqs), nil
+}
+
+// HostKeyCallback is the function type used for verifying server
+// keys.  A HostKeyCallback must return nil if the host key is OK, or
+// an error to reject it. It receives the hostname as passed to Dial
+// or NewClientConn. The remote address is the RemoteAddr of the
+// net.Conn underlying the SSH connection.
+type HostKeyCallback func(hostname string, remote net.Addr, key PublicKey) error
+
+// BannerCallback is the function type used for treat the banner sent by
+// the server. A BannerCallback receives the message sent by the remote server.
+type BannerCallback func(message string) error
+
+// A ClientConfig structure is used to configure a Client. It must not be
+// modified after having been passed to an SSH function.
+type ClientConfig struct {
+	// Config contains configuration that is shared between clients and
+	// servers.
+	Config
+
+	// User contains the username to authenticate as.
+	User string
+
+	// Auth contains possible authentication methods to use with the
+	// server. Only the first instance of a particular RFC 4252 method will
+	// be used during authentication.
+	Auth []AuthMethod
+
+	// HostKeyCallback is called during the cryptographic
+	// handshake to validate the server's host key. The client
+	// configuration must supply this callback for the connection
+	// to succeed. The functions InsecureIgnoreHostKey or
+	// FixedHostKey can be used for simplistic host key checks.
+	HostKeyCallback HostKeyCallback
+
+	// BannerCallback is called during the SSH dance to display a custom
+	// server's message. The client configuration can supply this callback to
+	// handle it as wished. The function BannerDisplayStderr can be used for
+	// simplistic display on Stderr.
+	BannerCallback BannerCallback
+
+	// ClientVersion contains the version identification string that will
+	// be used for the connection. If empty, a reasonable default is used.
+	ClientVersion string
+
+	// HostKeyAlgorithms lists the key types that the client will
+	// accept from the server as host key, in order of
+	// preference. If empty, a reasonable default is used. Any
+	// string returned from PublicKey.Type method may be used, or
+	// any of the CertAlgoXxxx and KeyAlgoXxxx constants.
+	HostKeyAlgorithms []string
+
+	// Timeout is the maximum amount of time for the TCP connection to establish.
+	//
+	// A Timeout of zero means no timeout.
+	Timeout time.Duration
+}
+
+// InsecureIgnoreHostKey returns a function that can be used for
+// ClientConfig.HostKeyCallback to accept any host key. It should
+// not be used for production code.
+func InsecureIgnoreHostKey() HostKeyCallback {
+	return func(hostname string, remote net.Addr, key PublicKey) error {
+		return nil
+	}
+}
+
+type fixedHostKey struct {
+	key PublicKey
+}
+
+func (f *fixedHostKey) check(hostname string, remote net.Addr, key PublicKey) error {
+	if f.key == nil {
+		return fmt.Errorf("ssh: required host key was nil")
+	}
+	if !bytes.Equal(key.Marshal(), f.key.Marshal()) {
+		return fmt.Errorf("ssh: host key mismatch")
+	}
+	return nil
+}
+
+// FixedHostKey returns a function for use in
+// ClientConfig.HostKeyCallback to accept only a specific host key.
+func FixedHostKey(key PublicKey) HostKeyCallback {
+	hk := &fixedHostKey{key}
+	return hk.check
+}
+
+// BannerDisplayStderr returns a function that can be used for
+// ClientConfig.BannerCallback to display banners on os.Stderr.
+func BannerDisplayStderr() BannerCallback {
+	return func(banner string) error {
+		_, err := os.Stderr.WriteString(banner)
+
+		return err
+	}
+}
diff --git a/vendor/golang.org/x/crypto/ssh/client_auth.go b/vendor/golang.org/x/crypto/ssh/client_auth.go
new file mode 100644
index 0000000000000..c611aeb684673
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/client_auth.go
@@ -0,0 +1,641 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+)
+
+type authResult int
+
+const (
+	authFailure authResult = iota
+	authPartialSuccess
+	authSuccess
+)
+
+// clientAuthenticate authenticates with the remote server. See RFC 4252.
+func (c *connection) clientAuthenticate(config *ClientConfig) error {
+	// initiate user auth session
+	if err := c.transport.writePacket(Marshal(&serviceRequestMsg{serviceUserAuth})); err != nil {
+		return err
+	}
+	packet, err := c.transport.readPacket()
+	if err != nil {
+		return err
+	}
+	var serviceAccept serviceAcceptMsg
+	if err := Unmarshal(packet, &serviceAccept); err != nil {
+		return err
+	}
+
+	// during the authentication phase the client first attempts the "none" method
+	// then any untried methods suggested by the server.
+	var tried []string
+	var lastMethods []string
+
+	sessionID := c.transport.getSessionID()
+	for auth := AuthMethod(new(noneAuth)); auth != nil; {
+		ok, methods, err := auth.auth(sessionID, config.User, c.transport, config.Rand)
+		if err != nil {
+			return err
+		}
+		if ok == authSuccess {
+			// success
+			return nil
+		} else if ok == authFailure {
+			if m := auth.method(); !contains(tried, m) {
+				tried = append(tried, m)
+			}
+		}
+		if methods == nil {
+			methods = lastMethods
+		}
+		lastMethods = methods
+
+		auth = nil
+
+	findNext:
+		for _, a := range config.Auth {
+			candidateMethod := a.method()
+			if contains(tried, candidateMethod) {
+				continue
+			}
+			for _, meth := range methods {
+				if meth == candidateMethod {
+					auth = a
+					break findNext
+				}
+			}
+		}
+	}
+	return fmt.Errorf("ssh: unable to authenticate, attempted methods %v, no supported methods remain", tried)
+}
+
+func contains(list []string, e string) bool {
+	for _, s := range list {
+		if s == e {
+			return true
+		}
+	}
+	return false
+}
+
+// An AuthMethod represents an instance of an RFC 4252 authentication method.
+type AuthMethod interface {
+	// auth authenticates user over transport t.
+	// Returns true if authentication is successful.
+	// If authentication is not successful, a []string of alternative
+	// method names is returned. If the slice is nil, it will be ignored
+	// and the previous set of possible methods will be reused.
+	auth(session []byte, user string, p packetConn, rand io.Reader) (authResult, []string, error)
+
+	// method returns the RFC 4252 method name.
+	method() string
+}
+
+// "none" authentication, RFC 4252 section 5.2.
+type noneAuth int
+
+func (n *noneAuth) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
+	if err := c.writePacket(Marshal(&userAuthRequestMsg{
+		User:    user,
+		Service: serviceSSH,
+		Method:  "none",
+	})); err != nil {
+		return authFailure, nil, err
+	}
+
+	return handleAuthResponse(c)
+}
+
+func (n *noneAuth) method() string {
+	return "none"
+}
+
+// passwordCallback is an AuthMethod that fetches the password through
+// a function call, e.g. by prompting the user.
+type passwordCallback func() (password string, err error)
+
+func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
+	type passwordAuthMsg struct {
+		User     string `sshtype:"50"`
+		Service  string
+		Method   string
+		Reply    bool
+		Password string
+	}
+
+	pw, err := cb()
+	// REVIEW NOTE: is there a need to support skipping a password attempt?
+	// The program may only find out that the user doesn't have a password
+	// when prompting.
+	if err != nil {
+		return authFailure, nil, err
+	}
+
+	if err := c.writePacket(Marshal(&passwordAuthMsg{
+		User:     user,
+		Service:  serviceSSH,
+		Method:   cb.method(),
+		Reply:    false,
+		Password: pw,
+	})); err != nil {
+		return authFailure, nil, err
+	}
+
+	return handleAuthResponse(c)
+}
+
+func (cb passwordCallback) method() string {
+	return "password"
+}
+
+// Password returns an AuthMethod using the given password.
+func Password(secret string) AuthMethod {
+	return passwordCallback(func() (string, error) { return secret, nil })
+}
+
+// PasswordCallback returns an AuthMethod that uses a callback for
+// fetching a password.
+func PasswordCallback(prompt func() (secret string, err error)) AuthMethod {
+	return passwordCallback(prompt)
+}
+
+type publickeyAuthMsg struct {
+	User    string `sshtype:"50"`
+	Service string
+	Method  string
+	// HasSig indicates to the receiver packet that the auth request is signed and
+	// should be used for authentication of the request.
+	HasSig   bool
+	Algoname string
+	PubKey   []byte
+	// Sig is tagged with "rest" so Marshal will exclude it during
+	// validateKey
+	Sig []byte `ssh:"rest"`
+}
+
+// publicKeyCallback is an AuthMethod that uses a set of key
+// pairs for authentication.
+type publicKeyCallback func() ([]Signer, error)
+
+func (cb publicKeyCallback) method() string {
+	return "publickey"
+}
+
+func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
+	// Authentication is performed by sending an enquiry to test if a key is
+	// acceptable to the remote. If the key is acceptable, the client will
+	// attempt to authenticate with the valid key.  If not the client will repeat
+	// the process with the remaining keys.
+
+	signers, err := cb()
+	if err != nil {
+		return authFailure, nil, err
+	}
+	var methods []string
+	for _, signer := range signers {
+		ok, err := validateKey(signer.PublicKey(), user, c)
+		if err != nil {
+			return authFailure, nil, err
+		}
+		if !ok {
+			continue
+		}
+
+		pub := signer.PublicKey()
+		pubKey := pub.Marshal()
+		sign, err := signer.Sign(rand, buildDataSignedForAuth(session, userAuthRequestMsg{
+			User:    user,
+			Service: serviceSSH,
+			Method:  cb.method(),
+		}, []byte(pub.Type()), pubKey))
+		if err != nil {
+			return authFailure, nil, err
+		}
+
+		// manually wrap the serialized signature in a string
+		s := Marshal(sign)
+		sig := make([]byte, stringLength(len(s)))
+		marshalString(sig, s)
+		msg := publickeyAuthMsg{
+			User:     user,
+			Service:  serviceSSH,
+			Method:   cb.method(),
+			HasSig:   true,
+			Algoname: pub.Type(),
+			PubKey:   pubKey,
+			Sig:      sig,
+		}
+		p := Marshal(&msg)
+		if err := c.writePacket(p); err != nil {
+			return authFailure, nil, err
+		}
+		var success authResult
+		success, methods, err = handleAuthResponse(c)
+		if err != nil {
+			return authFailure, nil, err
+		}
+
+		// If authentication succeeds or the list of available methods does not
+		// contain the "publickey" method, do not attempt to authenticate with any
+		// other keys.  According to RFC 4252 Section 7, the latter can occur when
+		// additional authentication methods are required.
+		if success == authSuccess || !containsMethod(methods, cb.method()) {
+			return success, methods, err
+		}
+	}
+
+	return authFailure, methods, nil
+}
+
+func containsMethod(methods []string, method string) bool {
+	for _, m := range methods {
+		if m == method {
+			return true
+		}
+	}
+
+	return false
+}
+
+// validateKey validates the key provided is acceptable to the server.
+func validateKey(key PublicKey, user string, c packetConn) (bool, error) {
+	pubKey := key.Marshal()
+	msg := publickeyAuthMsg{
+		User:     user,
+		Service:  serviceSSH,
+		Method:   "publickey",
+		HasSig:   false,
+		Algoname: key.Type(),
+		PubKey:   pubKey,
+	}
+	if err := c.writePacket(Marshal(&msg)); err != nil {
+		return false, err
+	}
+
+	return confirmKeyAck(key, c)
+}
+
+func confirmKeyAck(key PublicKey, c packetConn) (bool, error) {
+	pubKey := key.Marshal()
+	algoname := key.Type()
+
+	for {
+		packet, err := c.readPacket()
+		if err != nil {
+			return false, err
+		}
+		switch packet[0] {
+		case msgUserAuthBanner:
+			if err := handleBannerResponse(c, packet); err != nil {
+				return false, err
+			}
+		case msgUserAuthPubKeyOk:
+			var msg userAuthPubKeyOkMsg
+			if err := Unmarshal(packet, &msg); err != nil {
+				return false, err
+			}
+			if msg.Algo != algoname || !bytes.Equal(msg.PubKey, pubKey) {
+				return false, nil
+			}
+			return true, nil
+		case msgUserAuthFailure:
+			return false, nil
+		default:
+			return false, unexpectedMessageError(msgUserAuthSuccess, packet[0])
+		}
+	}
+}
+
+// PublicKeys returns an AuthMethod that uses the given key
+// pairs.
+func PublicKeys(signers ...Signer) AuthMethod {
+	return publicKeyCallback(func() ([]Signer, error) { return signers, nil })
+}
+
+// PublicKeysCallback returns an AuthMethod that runs the given
+// function to obtain a list of key pairs.
+func PublicKeysCallback(getSigners func() (signers []Signer, err error)) AuthMethod {
+	return publicKeyCallback(getSigners)
+}
+
+// handleAuthResponse returns whether the preceding authentication request succeeded
+// along with a list of remaining authentication methods to try next and
+// an error if an unexpected response was received.
+func handleAuthResponse(c packetConn) (authResult, []string, error) {
+	for {
+		packet, err := c.readPacket()
+		if err != nil {
+			return authFailure, nil, err
+		}
+
+		switch packet[0] {
+		case msgUserAuthBanner:
+			if err := handleBannerResponse(c, packet); err != nil {
+				return authFailure, nil, err
+			}
+		case msgUserAuthFailure:
+			var msg userAuthFailureMsg
+			if err := Unmarshal(packet, &msg); err != nil {
+				return authFailure, nil, err
+			}
+			if msg.PartialSuccess {
+				return authPartialSuccess, msg.Methods, nil
+			}
+			return authFailure, msg.Methods, nil
+		case msgUserAuthSuccess:
+			return authSuccess, nil, nil
+		default:
+			return authFailure, nil, unexpectedMessageError(msgUserAuthSuccess, packet[0])
+		}
+	}
+}
+
+func handleBannerResponse(c packetConn, packet []byte) error {
+	var msg userAuthBannerMsg
+	if err := Unmarshal(packet, &msg); err != nil {
+		return err
+	}
+
+	transport, ok := c.(*handshakeTransport)
+	if !ok {
+		return nil
+	}
+
+	if transport.bannerCallback != nil {
+		return transport.bannerCallback(msg.Message)
+	}
+
+	return nil
+}
+
+// KeyboardInteractiveChallenge should print questions, optionally
+// disabling echoing (e.g. for passwords), and return all the answers.
+// Challenge may be called multiple times in a single session. After
+// successful authentication, the server may send a challenge with no
+// questions, for which the user and instruction messages should be
+// printed.  RFC 4256 section 3.3 details how the UI should behave for
+// both CLI and GUI environments.
+type KeyboardInteractiveChallenge func(user, instruction string, questions []string, echos []bool) (answers []string, err error)
+
+// KeyboardInteractive returns an AuthMethod using a prompt/response
+// sequence controlled by the server.
+func KeyboardInteractive(challenge KeyboardInteractiveChallenge) AuthMethod {
+	return challenge
+}
+
+func (cb KeyboardInteractiveChallenge) method() string {
+	return "keyboard-interactive"
+}
+
+func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
+	type initiateMsg struct {
+		User       string `sshtype:"50"`
+		Service    string
+		Method     string
+		Language   string
+		Submethods string
+	}
+
+	if err := c.writePacket(Marshal(&initiateMsg{
+		User:    user,
+		Service: serviceSSH,
+		Method:  "keyboard-interactive",
+	})); err != nil {
+		return authFailure, nil, err
+	}
+
+	for {
+		packet, err := c.readPacket()
+		if err != nil {
+			return authFailure, nil, err
+		}
+
+		// like handleAuthResponse, but with less options.
+		switch packet[0] {
+		case msgUserAuthBanner:
+			if err := handleBannerResponse(c, packet); err != nil {
+				return authFailure, nil, err
+			}
+			continue
+		case msgUserAuthInfoRequest:
+			// OK
+		case msgUserAuthFailure:
+			var msg userAuthFailureMsg
+			if err := Unmarshal(packet, &msg); err != nil {
+				return authFailure, nil, err
+			}
+			if msg.PartialSuccess {
+				return authPartialSuccess, msg.Methods, nil
+			}
+			return authFailure, msg.Methods, nil
+		case msgUserAuthSuccess:
+			return authSuccess, nil, nil
+		default:
+			return authFailure, nil, unexpectedMessageError(msgUserAuthInfoRequest, packet[0])
+		}
+
+		var msg userAuthInfoRequestMsg
+		if err := Unmarshal(packet, &msg); err != nil {
+			return authFailure, nil, err
+		}
+
+		// Manually unpack the prompt/echo pairs.
+		rest := msg.Prompts
+		var prompts []string
+		var echos []bool
+		for i := 0; i < int(msg.NumPrompts); i++ {
+			prompt, r, ok := parseString(rest)
+			if !ok || len(r) == 0 {
+				return authFailure, nil, errors.New("ssh: prompt format error")
+			}
+			prompts = append(prompts, string(prompt))
+			echos = append(echos, r[0] != 0)
+			rest = r[1:]
+		}
+
+		if len(rest) != 0 {
+			return authFailure, nil, errors.New("ssh: extra data following keyboard-interactive pairs")
+		}
+
+		answers, err := cb(msg.User, msg.Instruction, prompts, echos)
+		if err != nil {
+			return authFailure, nil, err
+		}
+
+		if len(answers) != len(prompts) {
+			return authFailure, nil, fmt.Errorf("ssh: incorrect number of answers from keyboard-interactive callback %d (expected %d)", len(answers), len(prompts))
+		}
+		responseLength := 1 + 4
+		for _, a := range answers {
+			responseLength += stringLength(len(a))
+		}
+		serialized := make([]byte, responseLength)
+		p := serialized
+		p[0] = msgUserAuthInfoResponse
+		p = p[1:]
+		p = marshalUint32(p, uint32(len(answers)))
+		for _, a := range answers {
+			p = marshalString(p, []byte(a))
+		}
+
+		if err := c.writePacket(serialized); err != nil {
+			return authFailure, nil, err
+		}
+	}
+}
+
+type retryableAuthMethod struct {
+	authMethod AuthMethod
+	maxTries   int
+}
+
+func (r *retryableAuthMethod) auth(session []byte, user string, c packetConn, rand io.Reader) (ok authResult, methods []string, err error) {
+	for i := 0; r.maxTries <= 0 || i < r.maxTries; i++ {
+		ok, methods, err = r.authMethod.auth(session, user, c, rand)
+		if ok != authFailure || err != nil { // either success, partial success or error terminate
+			return ok, methods, err
+		}
+	}
+	return ok, methods, err
+}
+
+func (r *retryableAuthMethod) method() string {
+	return r.authMethod.method()
+}
+
+// RetryableAuthMethod is a decorator for other auth methods enabling them to
+// be retried up to maxTries before considering that AuthMethod itself failed.
+// If maxTries is <= 0, will retry indefinitely
+//
+// This is useful for interactive clients using challenge/response type
+// authentication (e.g. Keyboard-Interactive, Password, etc) where the user
+// could mistype their response resulting in the server issuing a
+// SSH_MSG_USERAUTH_FAILURE (rfc4252 #8 [password] and rfc4256 #3.4
+// [keyboard-interactive]); Without this decorator, the non-retryable
+// AuthMethod would be removed from future consideration, and never tried again
+// (and so the user would never be able to retry their entry).
+func RetryableAuthMethod(auth AuthMethod, maxTries int) AuthMethod {
+	return &retryableAuthMethod{authMethod: auth, maxTries: maxTries}
+}
+
+// GSSAPIWithMICAuthMethod is an AuthMethod with "gssapi-with-mic" authentication.
+// See RFC 4462 section 3
+// gssAPIClient is implementation of the GSSAPIClient interface, see the definition of the interface for details.
+// target is the server host you want to log in to.
+func GSSAPIWithMICAuthMethod(gssAPIClient GSSAPIClient, target string) AuthMethod {
+	if gssAPIClient == nil {
+		panic("gss-api client must be not nil with enable gssapi-with-mic")
+	}
+	return &gssAPIWithMICCallback{gssAPIClient: gssAPIClient, target: target}
+}
+
+type gssAPIWithMICCallback struct {
+	gssAPIClient GSSAPIClient
+	target       string
+}
+
+func (g *gssAPIWithMICCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
+	m := &userAuthRequestMsg{
+		User:    user,
+		Service: serviceSSH,
+		Method:  g.method(),
+	}
+	// The GSS-API authentication method is initiated when the client sends an SSH_MSG_USERAUTH_REQUEST.
+	// See RFC 4462 section 3.2.
+	m.Payload = appendU32(m.Payload, 1)
+	m.Payload = appendString(m.Payload, string(krb5OID))
+	if err := c.writePacket(Marshal(m)); err != nil {
+		return authFailure, nil, err
+	}
+	// The server responds to the SSH_MSG_USERAUTH_REQUEST with either an
+	// SSH_MSG_USERAUTH_FAILURE if none of the mechanisms are supported or
+	// with an SSH_MSG_USERAUTH_GSSAPI_RESPONSE.
+	// See RFC 4462 section 3.3.
+	// OpenSSH supports Kerberos V5 mechanism only for GSS-API authentication,so I don't want to check
+	// selected mech if it is valid.
+	packet, err := c.readPacket()
+	if err != nil {
+		return authFailure, nil, err
+	}
+	userAuthGSSAPIResp := &userAuthGSSAPIResponse{}
+	if err := Unmarshal(packet, userAuthGSSAPIResp); err != nil {
+		return authFailure, nil, err
+	}
+	// Start the loop into the exchange token.
+	// See RFC 4462 section 3.4.
+	var token []byte
+	defer g.gssAPIClient.DeleteSecContext()
+	for {
+		// Initiates the establishment of a security context between the application and a remote peer.
+		nextToken, needContinue, err := g.gssAPIClient.InitSecContext("host@"+g.target, token, false)
+		if err != nil {
+			return authFailure, nil, err
+		}
+		if len(nextToken) > 0 {
+			if err := c.writePacket(Marshal(&userAuthGSSAPIToken{
+				Token: nextToken,
+			})); err != nil {
+				return authFailure, nil, err
+			}
+		}
+		if !needContinue {
+			break
+		}
+		packet, err = c.readPacket()
+		if err != nil {
+			return authFailure, nil, err
+		}
+		switch packet[0] {
+		case msgUserAuthFailure:
+			var msg userAuthFailureMsg
+			if err := Unmarshal(packet, &msg); err != nil {
+				return authFailure, nil, err
+			}
+			if msg.PartialSuccess {
+				return authPartialSuccess, msg.Methods, nil
+			}
+			return authFailure, msg.Methods, nil
+		case msgUserAuthGSSAPIError:
+			userAuthGSSAPIErrorResp := &userAuthGSSAPIError{}
+			if err := Unmarshal(packet, userAuthGSSAPIErrorResp); err != nil {
+				return authFailure, nil, err
+			}
+			return authFailure, nil, fmt.Errorf("GSS-API Error:\n"+
+				"Major Status: %d\n"+
+				"Minor Status: %d\n"+
+				"Error Message: %s\n", userAuthGSSAPIErrorResp.MajorStatus, userAuthGSSAPIErrorResp.MinorStatus,
+				userAuthGSSAPIErrorResp.Message)
+		case msgUserAuthGSSAPIToken:
+			userAuthGSSAPITokenReq := &userAuthGSSAPIToken{}
+			if err := Unmarshal(packet, userAuthGSSAPITokenReq); err != nil {
+				return authFailure, nil, err
+			}
+			token = userAuthGSSAPITokenReq.Token
+		}
+	}
+	// Binding Encryption Keys.
+	// See RFC 4462 section 3.5.
+	micField := buildMIC(string(session), user, "ssh-connection", "gssapi-with-mic")
+	micToken, err := g.gssAPIClient.GetMIC(micField)
+	if err != nil {
+		return authFailure, nil, err
+	}
+	if err := c.writePacket(Marshal(&userAuthGSSAPIMIC{
+		MIC: micToken,
+	})); err != nil {
+		return authFailure, nil, err
+	}
+	return handleAuthResponse(c)
+}
+
+func (g *gssAPIWithMICCallback) method() string {
+	return "gssapi-with-mic"
+}
diff --git a/vendor/golang.org/x/crypto/ssh/common.go b/vendor/golang.org/x/crypto/ssh/common.go
new file mode 100644
index 0000000000000..290382d059eff
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/common.go
@@ -0,0 +1,404 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"crypto"
+	"crypto/rand"
+	"fmt"
+	"io"
+	"math"
+	"sync"
+
+	_ "crypto/sha1"
+	_ "crypto/sha256"
+	_ "crypto/sha512"
+)
+
+// These are string constants in the SSH protocol.
+const (
+	compressionNone = "none"
+	serviceUserAuth = "ssh-userauth"
+	serviceSSH      = "ssh-connection"
+)
+
+// supportedCiphers lists ciphers we support but might not recommend.
+var supportedCiphers = []string{
+	"aes128-ctr", "aes192-ctr", "aes256-ctr",
+	"aes128-gcm@openssh.com",
+	chacha20Poly1305ID,
+	"arcfour256", "arcfour128", "arcfour",
+	aes128cbcID,
+	tripledescbcID,
+}
+
+// preferredCiphers specifies the default preference for ciphers.
+var preferredCiphers = []string{
+	"aes128-gcm@openssh.com",
+	chacha20Poly1305ID,
+	"aes128-ctr", "aes192-ctr", "aes256-ctr",
+}
+
+// supportedKexAlgos specifies the supported key-exchange algorithms in
+// preference order.
+var supportedKexAlgos = []string{
+	kexAlgoCurve25519SHA256,
+	// P384 and P521 are not constant-time yet, but since we don't
+	// reuse ephemeral keys, using them for ECDH should be OK.
+	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
+	kexAlgoDH14SHA1, kexAlgoDH1SHA1,
+}
+
+// serverForbiddenKexAlgos contains key exchange algorithms, that are forbidden
+// for the server half.
+var serverForbiddenKexAlgos = map[string]struct{}{
+	kexAlgoDHGEXSHA1:   {}, // server half implementation is only minimal to satisfy the automated tests
+	kexAlgoDHGEXSHA256: {}, // server half implementation is only minimal to satisfy the automated tests
+}
+
+// preferredKexAlgos specifies the default preference for key-exchange algorithms
+// in preference order.
+var preferredKexAlgos = []string{
+	kexAlgoCurve25519SHA256,
+	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
+	kexAlgoDH14SHA1,
+}
+
+// supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods
+// of authenticating servers) in preference order.
+var supportedHostKeyAlgos = []string{
+	CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01,
+	CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01,
+
+	KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
+	KeyAlgoRSA, KeyAlgoDSA,
+
+	KeyAlgoED25519,
+}
+
+// supportedMACs specifies a default set of MAC algorithms in preference order.
+// This is based on RFC 4253, section 6.4, but with hmac-md5 variants removed
+// because they have reached the end of their useful life.
+var supportedMACs = []string{
+	"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1", "hmac-sha1-96",
+}
+
+var supportedCompressions = []string{compressionNone}
+
+// hashFuncs keeps the mapping of supported algorithms to their respective
+// hashes needed for signature verification.
+var hashFuncs = map[string]crypto.Hash{
+	KeyAlgoRSA:          crypto.SHA1,
+	KeyAlgoDSA:          crypto.SHA1,
+	KeyAlgoECDSA256:     crypto.SHA256,
+	KeyAlgoECDSA384:     crypto.SHA384,
+	KeyAlgoECDSA521:     crypto.SHA512,
+	CertAlgoRSAv01:      crypto.SHA1,
+	CertAlgoDSAv01:      crypto.SHA1,
+	CertAlgoECDSA256v01: crypto.SHA256,
+	CertAlgoECDSA384v01: crypto.SHA384,
+	CertAlgoECDSA521v01: crypto.SHA512,
+}
+
+// unexpectedMessageError results when the SSH message that we received didn't
+// match what we wanted.
+func unexpectedMessageError(expected, got uint8) error {
+	return fmt.Errorf("ssh: unexpected message type %d (expected %d)", got, expected)
+}
+
+// parseError results from a malformed SSH message.
+func parseError(tag uint8) error {
+	return fmt.Errorf("ssh: parse error in message type %d", tag)
+}
+
+func findCommon(what string, client []string, server []string) (common string, err error) {
+	for _, c := range client {
+		for _, s := range server {
+			if c == s {
+				return c, nil
+			}
+		}
+	}
+	return "", fmt.Errorf("ssh: no common algorithm for %s; client offered: %v, server offered: %v", what, client, server)
+}
+
+// directionAlgorithms records algorithm choices in one direction (either read or write)
+type directionAlgorithms struct {
+	Cipher      string
+	MAC         string
+	Compression string
+}
+
+// rekeyBytes returns a rekeying intervals in bytes.
+func (a *directionAlgorithms) rekeyBytes() int64 {
+	// According to RFC4344 block ciphers should rekey after
+	// 2^(BLOCKSIZE/4) blocks. For all AES flavors BLOCKSIZE is
+	// 128.
+	switch a.Cipher {
+	case "aes128-ctr", "aes192-ctr", "aes256-ctr", gcmCipherID, aes128cbcID:
+		return 16 * (1 << 32)
+
+	}
+
+	// For others, stick with RFC4253 recommendation to rekey after 1 Gb of data.
+	return 1 << 30
+}
+
+type algorithms struct {
+	kex     string
+	hostKey string
+	w       directionAlgorithms
+	r       directionAlgorithms
+}
+
+func findAgreedAlgorithms(isClient bool, clientKexInit, serverKexInit *kexInitMsg) (algs *algorithms, err error) {
+	result := &algorithms{}
+
+	result.kex, err = findCommon("key exchange", clientKexInit.KexAlgos, serverKexInit.KexAlgos)
+	if err != nil {
+		return
+	}
+
+	result.hostKey, err = findCommon("host key", clientKexInit.ServerHostKeyAlgos, serverKexInit.ServerHostKeyAlgos)
+	if err != nil {
+		return
+	}
+
+	stoc, ctos := &result.w, &result.r
+	if isClient {
+		ctos, stoc = stoc, ctos
+	}
+
+	ctos.Cipher, err = findCommon("client to server cipher", clientKexInit.CiphersClientServer, serverKexInit.CiphersClientServer)
+	if err != nil {
+		return
+	}
+
+	stoc.Cipher, err = findCommon("server to client cipher", clientKexInit.CiphersServerClient, serverKexInit.CiphersServerClient)
+	if err != nil {
+		return
+	}
+
+	ctos.MAC, err = findCommon("client to server MAC", clientKexInit.MACsClientServer, serverKexInit.MACsClientServer)
+	if err != nil {
+		return
+	}
+
+	stoc.MAC, err = findCommon("server to client MAC", clientKexInit.MACsServerClient, serverKexInit.MACsServerClient)
+	if err != nil {
+		return
+	}
+
+	ctos.Compression, err = findCommon("client to server compression", clientKexInit.CompressionClientServer, serverKexInit.CompressionClientServer)
+	if err != nil {
+		return
+	}
+
+	stoc.Compression, err = findCommon("server to client compression", clientKexInit.CompressionServerClient, serverKexInit.CompressionServerClient)
+	if err != nil {
+		return
+	}
+
+	return result, nil
+}
+
+// If rekeythreshold is too small, we can't make any progress sending
+// stuff.
+const minRekeyThreshold uint64 = 256
+
+// Config contains configuration data common to both ServerConfig and
+// ClientConfig.
+type Config struct {
+	// Rand provides the source of entropy for cryptographic
+	// primitives. If Rand is nil, the cryptographic random reader
+	// in package crypto/rand will be used.
+	Rand io.Reader
+
+	// The maximum number of bytes sent or received after which a
+	// new key is negotiated. It must be at least 256. If
+	// unspecified, a size suitable for the chosen cipher is used.
+	RekeyThreshold uint64
+
+	// The allowed key exchanges algorithms. If unspecified then a
+	// default set of algorithms is used.
+	KeyExchanges []string
+
+	// The allowed cipher algorithms. If unspecified then a sensible
+	// default is used.
+	Ciphers []string
+
+	// The allowed MAC algorithms. If unspecified then a sensible default
+	// is used.
+	MACs []string
+}
+
+// SetDefaults sets sensible values for unset fields in config. This is
+// exported for testing: Configs passed to SSH functions are copied and have
+// default values set automatically.
+func (c *Config) SetDefaults() {
+	if c.Rand == nil {
+		c.Rand = rand.Reader
+	}
+	if c.Ciphers == nil {
+		c.Ciphers = preferredCiphers
+	}
+	var ciphers []string
+	for _, c := range c.Ciphers {
+		if cipherModes[c] != nil {
+			// reject the cipher if we have no cipherModes definition
+			ciphers = append(ciphers, c)
+		}
+	}
+	c.Ciphers = ciphers
+
+	if c.KeyExchanges == nil {
+		c.KeyExchanges = preferredKexAlgos
+	}
+
+	if c.MACs == nil {
+		c.MACs = supportedMACs
+	}
+
+	if c.RekeyThreshold == 0 {
+		// cipher specific default
+	} else if c.RekeyThreshold < minRekeyThreshold {
+		c.RekeyThreshold = minRekeyThreshold
+	} else if c.RekeyThreshold >= math.MaxInt64 {
+		// Avoid weirdness if somebody uses -1 as a threshold.
+		c.RekeyThreshold = math.MaxInt64
+	}
+}
+
+// buildDataSignedForAuth returns the data that is signed in order to prove
+// possession of a private key. See RFC 4252, section 7.
+func buildDataSignedForAuth(sessionID []byte, req userAuthRequestMsg, algo, pubKey []byte) []byte {
+	data := struct {
+		Session []byte
+		Type    byte
+		User    string
+		Service string
+		Method  string
+		Sign    bool
+		Algo    []byte
+		PubKey  []byte
+	}{
+		sessionID,
+		msgUserAuthRequest,
+		req.User,
+		req.Service,
+		req.Method,
+		true,
+		algo,
+		pubKey,
+	}
+	return Marshal(data)
+}
+
+func appendU16(buf []byte, n uint16) []byte {
+	return append(buf, byte(n>>8), byte(n))
+}
+
+func appendU32(buf []byte, n uint32) []byte {
+	return append(buf, byte(n>>24), byte(n>>16), byte(n>>8), byte(n))
+}
+
+func appendU64(buf []byte, n uint64) []byte {
+	return append(buf,
+		byte(n>>56), byte(n>>48), byte(n>>40), byte(n>>32),
+		byte(n>>24), byte(n>>16), byte(n>>8), byte(n))
+}
+
+func appendInt(buf []byte, n int) []byte {
+	return appendU32(buf, uint32(n))
+}
+
+func appendString(buf []byte, s string) []byte {
+	buf = appendU32(buf, uint32(len(s)))
+	buf = append(buf, s...)
+	return buf
+}
+
+func appendBool(buf []byte, b bool) []byte {
+	if b {
+		return append(buf, 1)
+	}
+	return append(buf, 0)
+}
+
+// newCond is a helper to hide the fact that there is no usable zero
+// value for sync.Cond.
+func newCond() *sync.Cond { return sync.NewCond(new(sync.Mutex)) }
+
+// window represents the buffer available to clients
+// wishing to write to a channel.
+type window struct {
+	*sync.Cond
+	win          uint32 // RFC 4254 5.2 says the window size can grow to 2^32-1
+	writeWaiters int
+	closed       bool
+}
+
+// add adds win to the amount of window available
+// for consumers.
+func (w *window) add(win uint32) bool {
+	// a zero sized window adjust is a noop.
+	if win == 0 {
+		return true
+	}
+	w.L.Lock()
+	if w.win+win < win {
+		w.L.Unlock()
+		return false
+	}
+	w.win += win
+	// It is unusual that multiple goroutines would be attempting to reserve
+	// window space, but not guaranteed. Use broadcast to notify all waiters
+	// that additional window is available.
+	w.Broadcast()
+	w.L.Unlock()
+	return true
+}
+
+// close sets the window to closed, so all reservations fail
+// immediately.
+func (w *window) close() {
+	w.L.Lock()
+	w.closed = true
+	w.Broadcast()
+	w.L.Unlock()
+}
+
+// reserve reserves win from the available window capacity.
+// If no capacity remains, reserve will block. reserve may
+// return less than requested.
+func (w *window) reserve(win uint32) (uint32, error) {
+	var err error
+	w.L.Lock()
+	w.writeWaiters++
+	w.Broadcast()
+	for w.win == 0 && !w.closed {
+		w.Wait()
+	}
+	w.writeWaiters--
+	if w.win < win {
+		win = w.win
+	}
+	w.win -= win
+	if w.closed {
+		err = io.EOF
+	}
+	w.L.Unlock()
+	return win, err
+}
+
+// waitWriterBlocked waits until some goroutine is blocked for further
+// writes. It is used in tests only.
+func (w *window) waitWriterBlocked() {
+	w.Cond.L.Lock()
+	for w.writeWaiters == 0 {
+		w.Cond.Wait()
+	}
+	w.Cond.L.Unlock()
+}
diff --git a/vendor/golang.org/x/crypto/ssh/connection.go b/vendor/golang.org/x/crypto/ssh/connection.go
new file mode 100644
index 0000000000000..fd6b0681b5121
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/connection.go
@@ -0,0 +1,143 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"fmt"
+	"net"
+)
+
+// OpenChannelError is returned if the other side rejects an
+// OpenChannel request.
+type OpenChannelError struct {
+	Reason  RejectionReason
+	Message string
+}
+
+func (e *OpenChannelError) Error() string {
+	return fmt.Sprintf("ssh: rejected: %s (%s)", e.Reason, e.Message)
+}
+
+// ConnMetadata holds metadata for the connection.
+type ConnMetadata interface {
+	// User returns the user ID for this connection.
+	User() string
+
+	// SessionID returns the session hash, also denoted by H.
+	SessionID() []byte
+
+	// ClientVersion returns the client's version string as hashed
+	// into the session ID.
+	ClientVersion() []byte
+
+	// ServerVersion returns the server's version string as hashed
+	// into the session ID.
+	ServerVersion() []byte
+
+	// RemoteAddr returns the remote address for this connection.
+	RemoteAddr() net.Addr
+
+	// LocalAddr returns the local address for this connection.
+	LocalAddr() net.Addr
+}
+
+// Conn represents an SSH connection for both server and client roles.
+// Conn is the basis for implementing an application layer, such
+// as ClientConn, which implements the traditional shell access for
+// clients.
+type Conn interface {
+	ConnMetadata
+
+	// SendRequest sends a global request, and returns the
+	// reply. If wantReply is true, it returns the response status
+	// and payload. See also RFC4254, section 4.
+	SendRequest(name string, wantReply bool, payload []byte) (bool, []byte, error)
+
+	// OpenChannel tries to open an channel. If the request is
+	// rejected, it returns *OpenChannelError. On success it returns
+	// the SSH Channel and a Go channel for incoming, out-of-band
+	// requests. The Go channel must be serviced, or the
+	// connection will hang.
+	OpenChannel(name string, data []byte) (Channel, <-chan *Request, error)
+
+	// Close closes the underlying network connection
+	Close() error
+
+	// Wait blocks until the connection has shut down, and returns the
+	// error causing the shutdown.
+	Wait() error
+
+	// TODO(hanwen): consider exposing:
+	//   RequestKeyChange
+	//   Disconnect
+}
+
+// DiscardRequests consumes and rejects all requests from the
+// passed-in channel.
+func DiscardRequests(in <-chan *Request) {
+	for req := range in {
+		if req.WantReply {
+			req.Reply(false, nil)
+		}
+	}
+}
+
+// A connection represents an incoming connection.
+type connection struct {
+	transport *handshakeTransport
+	sshConn
+
+	// The connection protocol.
+	*mux
+}
+
+func (c *connection) Close() error {
+	return c.sshConn.conn.Close()
+}
+
+// sshconn provides net.Conn metadata, but disallows direct reads and
+// writes.
+type sshConn struct {
+	conn net.Conn
+
+	user          string
+	sessionID     []byte
+	clientVersion []byte
+	serverVersion []byte
+}
+
+func dup(src []byte) []byte {
+	dst := make([]byte, len(src))
+	copy(dst, src)
+	return dst
+}
+
+func (c *sshConn) User() string {
+	return c.user
+}
+
+func (c *sshConn) RemoteAddr() net.Addr {
+	return c.conn.RemoteAddr()
+}
+
+func (c *sshConn) Close() error {
+	return c.conn.Close()
+}
+
+func (c *sshConn) LocalAddr() net.Addr {
+	return c.conn.LocalAddr()
+}
+
+func (c *sshConn) SessionID() []byte {
+	return dup(c.sessionID)
+}
+
+func (c *sshConn) ClientVersion() []byte {
+	return dup(c.clientVersion)
+}
+
+func (c *sshConn) ServerVersion() []byte {
+	return dup(c.serverVersion)
+}
diff --git a/vendor/golang.org/x/crypto/ssh/doc.go b/vendor/golang.org/x/crypto/ssh/doc.go
new file mode 100644
index 0000000000000..67b7322c05805
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/doc.go
@@ -0,0 +1,21 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package ssh implements an SSH client and server.
+
+SSH is a transport security protocol, an authentication protocol and a
+family of application protocols. The most typical application level
+protocol is a remote shell and this is specifically implemented.  However,
+the multiplexed nature of SSH is exposed to users that wish to support
+others.
+
+References:
+  [PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
+  [SSH-PARAMETERS]:    http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
+
+This package does not fall under the stability promise of the Go language itself,
+so its API may be changed when pressing needs arise.
+*/
+package ssh // import "golang.org/x/crypto/ssh"
diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go
new file mode 100644
index 0000000000000..2b10b05a498c1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/handshake.go
@@ -0,0 +1,647 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"crypto/rand"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"sync"
+)
+
+// debugHandshake, if set, prints messages sent and received.  Key
+// exchange messages are printed as if DH were used, so the debug
+// messages are wrong when using ECDH.
+const debugHandshake = false
+
+// chanSize sets the amount of buffering SSH connections. This is
+// primarily for testing: setting chanSize=0 uncovers deadlocks more
+// quickly.
+const chanSize = 16
+
+// keyingTransport is a packet based transport that supports key
+// changes. It need not be thread-safe. It should pass through
+// msgNewKeys in both directions.
+type keyingTransport interface {
+	packetConn
+
+	// prepareKeyChange sets up a key change. The key change for a
+	// direction will be effected if a msgNewKeys message is sent
+	// or received.
+	prepareKeyChange(*algorithms, *kexResult) error
+}
+
+// handshakeTransport implements rekeying on top of a keyingTransport
+// and offers a thread-safe writePacket() interface.
+type handshakeTransport struct {
+	conn   keyingTransport
+	config *Config
+
+	serverVersion []byte
+	clientVersion []byte
+
+	// hostKeys is non-empty if we are the server. In that case,
+	// it contains all host keys that can be used to sign the
+	// connection.
+	hostKeys []Signer
+
+	// hostKeyAlgorithms is non-empty if we are the client. In that case,
+	// we accept these key types from the server as host key.
+	hostKeyAlgorithms []string
+
+	// On read error, incoming is closed, and readError is set.
+	incoming  chan []byte
+	readError error
+
+	mu             sync.Mutex
+	writeError     error
+	sentInitPacket []byte
+	sentInitMsg    *kexInitMsg
+	pendingPackets [][]byte // Used when a key exchange is in progress.
+
+	// If the read loop wants to schedule a kex, it pings this
+	// channel, and the write loop will send out a kex
+	// message.
+	requestKex chan struct{}
+
+	// If the other side requests or confirms a kex, its kexInit
+	// packet is sent here for the write loop to find it.
+	startKex chan *pendingKex
+
+	// data for host key checking
+	hostKeyCallback HostKeyCallback
+	dialAddress     string
+	remoteAddr      net.Addr
+
+	// bannerCallback is non-empty if we are the client and it has been set in
+	// ClientConfig. In that case it is called during the user authentication
+	// dance to handle a custom server's message.
+	bannerCallback BannerCallback
+
+	// Algorithms agreed in the last key exchange.
+	algorithms *algorithms
+
+	readPacketsLeft uint32
+	readBytesLeft   int64
+
+	writePacketsLeft uint32
+	writeBytesLeft   int64
+
+	// The session ID or nil if first kex did not complete yet.
+	sessionID []byte
+}
+
+type pendingKex struct {
+	otherInit []byte
+	done      chan error
+}
+
+func newHandshakeTransport(conn keyingTransport, config *Config, clientVersion, serverVersion []byte) *handshakeTransport {
+	t := &handshakeTransport{
+		conn:          conn,
+		serverVersion: serverVersion,
+		clientVersion: clientVersion,
+		incoming:      make(chan []byte, chanSize),
+		requestKex:    make(chan struct{}, 1),
+		startKex:      make(chan *pendingKex, 1),
+
+		config: config,
+	}
+	t.resetReadThresholds()
+	t.resetWriteThresholds()
+
+	// We always start with a mandatory key exchange.
+	t.requestKex <- struct{}{}
+	return t
+}
+
+func newClientTransport(conn keyingTransport, clientVersion, serverVersion []byte, config *ClientConfig, dialAddr string, addr net.Addr) *handshakeTransport {
+	t := newHandshakeTransport(conn, &config.Config, clientVersion, serverVersion)
+	t.dialAddress = dialAddr
+	t.remoteAddr = addr
+	t.hostKeyCallback = config.HostKeyCallback
+	t.bannerCallback = config.BannerCallback
+	if config.HostKeyAlgorithms != nil {
+		t.hostKeyAlgorithms = config.HostKeyAlgorithms
+	} else {
+		t.hostKeyAlgorithms = supportedHostKeyAlgos
+	}
+	go t.readLoop()
+	go t.kexLoop()
+	return t
+}
+
+func newServerTransport(conn keyingTransport, clientVersion, serverVersion []byte, config *ServerConfig) *handshakeTransport {
+	t := newHandshakeTransport(conn, &config.Config, clientVersion, serverVersion)
+	t.hostKeys = config.hostKeys
+	go t.readLoop()
+	go t.kexLoop()
+	return t
+}
+
+func (t *handshakeTransport) getSessionID() []byte {
+	return t.sessionID
+}
+
+// waitSession waits for the session to be established. This should be
+// the first thing to call after instantiating handshakeTransport.
+func (t *handshakeTransport) waitSession() error {
+	p, err := t.readPacket()
+	if err != nil {
+		return err
+	}
+	if p[0] != msgNewKeys {
+		return fmt.Errorf("ssh: first packet should be msgNewKeys")
+	}
+
+	return nil
+}
+
+func (t *handshakeTransport) id() string {
+	if len(t.hostKeys) > 0 {
+		return "server"
+	}
+	return "client"
+}
+
+func (t *handshakeTransport) printPacket(p []byte, write bool) {
+	action := "got"
+	if write {
+		action = "sent"
+	}
+
+	if p[0] == msgChannelData || p[0] == msgChannelExtendedData {
+		log.Printf("%s %s data (packet %d bytes)", t.id(), action, len(p))
+	} else {
+		msg, err := decode(p)
+		log.Printf("%s %s %T %v (%v)", t.id(), action, msg, msg, err)
+	}
+}
+
+func (t *handshakeTransport) readPacket() ([]byte, error) {
+	p, ok := <-t.incoming
+	if !ok {
+		return nil, t.readError
+	}
+	return p, nil
+}
+
+func (t *handshakeTransport) readLoop() {
+	first := true
+	for {
+		p, err := t.readOnePacket(first)
+		first = false
+		if err != nil {
+			t.readError = err
+			close(t.incoming)
+			break
+		}
+		if p[0] == msgIgnore || p[0] == msgDebug {
+			continue
+		}
+		t.incoming <- p
+	}
+
+	// Stop writers too.
+	t.recordWriteError(t.readError)
+
+	// Unblock the writer should it wait for this.
+	close(t.startKex)
+
+	// Don't close t.requestKex; it's also written to from writePacket.
+}
+
+func (t *handshakeTransport) pushPacket(p []byte) error {
+	if debugHandshake {
+		t.printPacket(p, true)
+	}
+	return t.conn.writePacket(p)
+}
+
+func (t *handshakeTransport) getWriteError() error {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	return t.writeError
+}
+
+func (t *handshakeTransport) recordWriteError(err error) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	if t.writeError == nil && err != nil {
+		t.writeError = err
+	}
+}
+
+func (t *handshakeTransport) requestKeyExchange() {
+	select {
+	case t.requestKex <- struct{}{}:
+	default:
+		// something already requested a kex, so do nothing.
+	}
+}
+
+func (t *handshakeTransport) resetWriteThresholds() {
+	t.writePacketsLeft = packetRekeyThreshold
+	if t.config.RekeyThreshold > 0 {
+		t.writeBytesLeft = int64(t.config.RekeyThreshold)
+	} else if t.algorithms != nil {
+		t.writeBytesLeft = t.algorithms.w.rekeyBytes()
+	} else {
+		t.writeBytesLeft = 1 << 30
+	}
+}
+
+func (t *handshakeTransport) kexLoop() {
+
+write:
+	for t.getWriteError() == nil {
+		var request *pendingKex
+		var sent bool
+
+		for request == nil || !sent {
+			var ok bool
+			select {
+			case request, ok = <-t.startKex:
+				if !ok {
+					break write
+				}
+			case <-t.requestKex:
+				break
+			}
+
+			if !sent {
+				if err := t.sendKexInit(); err != nil {
+					t.recordWriteError(err)
+					break
+				}
+				sent = true
+			}
+		}
+
+		if err := t.getWriteError(); err != nil {
+			if request != nil {
+				request.done <- err
+			}
+			break
+		}
+
+		// We're not servicing t.requestKex, but that is OK:
+		// we never block on sending to t.requestKex.
+
+		// We're not servicing t.startKex, but the remote end
+		// has just sent us a kexInitMsg, so it can't send
+		// another key change request, until we close the done
+		// channel on the pendingKex request.
+
+		err := t.enterKeyExchange(request.otherInit)
+
+		t.mu.Lock()
+		t.writeError = err
+		t.sentInitPacket = nil
+		t.sentInitMsg = nil
+
+		t.resetWriteThresholds()
+
+		// we have completed the key exchange. Since the
+		// reader is still blocked, it is safe to clear out
+		// the requestKex channel. This avoids the situation
+		// where: 1) we consumed our own request for the
+		// initial kex, and 2) the kex from the remote side
+		// caused another send on the requestKex channel,
+	clear:
+		for {
+			select {
+			case <-t.requestKex:
+				//
+			default:
+				break clear
+			}
+		}
+
+		request.done <- t.writeError
+
+		// kex finished. Push packets that we received while
+		// the kex was in progress. Don't look at t.startKex
+		// and don't increment writtenSinceKex: if we trigger
+		// another kex while we are still busy with the last
+		// one, things will become very confusing.
+		for _, p := range t.pendingPackets {
+			t.writeError = t.pushPacket(p)
+			if t.writeError != nil {
+				break
+			}
+		}
+		t.pendingPackets = t.pendingPackets[:0]
+		t.mu.Unlock()
+	}
+
+	// drain startKex channel. We don't service t.requestKex
+	// because nobody does blocking sends there.
+	go func() {
+		for init := range t.startKex {
+			init.done <- t.writeError
+		}
+	}()
+
+	// Unblock reader.
+	t.conn.Close()
+}
+
+// The protocol uses uint32 for packet counters, so we can't let them
+// reach 1<<32.  We will actually read and write more packets than
+// this, though: the other side may send more packets, and after we
+// hit this limit on writing we will send a few more packets for the
+// key exchange itself.
+const packetRekeyThreshold = (1 << 31)
+
+func (t *handshakeTransport) resetReadThresholds() {
+	t.readPacketsLeft = packetRekeyThreshold
+	if t.config.RekeyThreshold > 0 {
+		t.readBytesLeft = int64(t.config.RekeyThreshold)
+	} else if t.algorithms != nil {
+		t.readBytesLeft = t.algorithms.r.rekeyBytes()
+	} else {
+		t.readBytesLeft = 1 << 30
+	}
+}
+
+func (t *handshakeTransport) readOnePacket(first bool) ([]byte, error) {
+	p, err := t.conn.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	if t.readPacketsLeft > 0 {
+		t.readPacketsLeft--
+	} else {
+		t.requestKeyExchange()
+	}
+
+	if t.readBytesLeft > 0 {
+		t.readBytesLeft -= int64(len(p))
+	} else {
+		t.requestKeyExchange()
+	}
+
+	if debugHandshake {
+		t.printPacket(p, false)
+	}
+
+	if first && p[0] != msgKexInit {
+		return nil, fmt.Errorf("ssh: first packet should be msgKexInit")
+	}
+
+	if p[0] != msgKexInit {
+		return p, nil
+	}
+
+	firstKex := t.sessionID == nil
+
+	kex := pendingKex{
+		done:      make(chan error, 1),
+		otherInit: p,
+	}
+	t.startKex <- &kex
+	err = <-kex.done
+
+	if debugHandshake {
+		log.Printf("%s exited key exchange (first %v), err %v", t.id(), firstKex, err)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	t.resetReadThresholds()
+
+	// By default, a key exchange is hidden from higher layers by
+	// translating it into msgIgnore.
+	successPacket := []byte{msgIgnore}
+	if firstKex {
+		// sendKexInit() for the first kex waits for
+		// msgNewKeys so the authentication process is
+		// guaranteed to happen over an encrypted transport.
+		successPacket = []byte{msgNewKeys}
+	}
+
+	return successPacket, nil
+}
+
+// sendKexInit sends a key change message.
+func (t *handshakeTransport) sendKexInit() error {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	if t.sentInitMsg != nil {
+		// kexInits may be sent either in response to the other side,
+		// or because our side wants to initiate a key change, so we
+		// may have already sent a kexInit. In that case, don't send a
+		// second kexInit.
+		return nil
+	}
+
+	msg := &kexInitMsg{
+		KexAlgos:                t.config.KeyExchanges,
+		CiphersClientServer:     t.config.Ciphers,
+		CiphersServerClient:     t.config.Ciphers,
+		MACsClientServer:        t.config.MACs,
+		MACsServerClient:        t.config.MACs,
+		CompressionClientServer: supportedCompressions,
+		CompressionServerClient: supportedCompressions,
+	}
+	io.ReadFull(rand.Reader, msg.Cookie[:])
+
+	if len(t.hostKeys) > 0 {
+		for _, k := range t.hostKeys {
+			msg.ServerHostKeyAlgos = append(
+				msg.ServerHostKeyAlgos, k.PublicKey().Type())
+		}
+	} else {
+		msg.ServerHostKeyAlgos = t.hostKeyAlgorithms
+	}
+	packet := Marshal(msg)
+
+	// writePacket destroys the contents, so save a copy.
+	packetCopy := make([]byte, len(packet))
+	copy(packetCopy, packet)
+
+	if err := t.pushPacket(packetCopy); err != nil {
+		return err
+	}
+
+	t.sentInitMsg = msg
+	t.sentInitPacket = packet
+
+	return nil
+}
+
+func (t *handshakeTransport) writePacket(p []byte) error {
+	switch p[0] {
+	case msgKexInit:
+		return errors.New("ssh: only handshakeTransport can send kexInit")
+	case msgNewKeys:
+		return errors.New("ssh: only handshakeTransport can send newKeys")
+	}
+
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	if t.writeError != nil {
+		return t.writeError
+	}
+
+	if t.sentInitMsg != nil {
+		// Copy the packet so the writer can reuse the buffer.
+		cp := make([]byte, len(p))
+		copy(cp, p)
+		t.pendingPackets = append(t.pendingPackets, cp)
+		return nil
+	}
+
+	if t.writeBytesLeft > 0 {
+		t.writeBytesLeft -= int64(len(p))
+	} else {
+		t.requestKeyExchange()
+	}
+
+	if t.writePacketsLeft > 0 {
+		t.writePacketsLeft--
+	} else {
+		t.requestKeyExchange()
+	}
+
+	if err := t.pushPacket(p); err != nil {
+		t.writeError = err
+	}
+
+	return nil
+}
+
+func (t *handshakeTransport) Close() error {
+	return t.conn.Close()
+}
+
+func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
+	if debugHandshake {
+		log.Printf("%s entered key exchange", t.id())
+	}
+
+	otherInit := &kexInitMsg{}
+	if err := Unmarshal(otherInitPacket, otherInit); err != nil {
+		return err
+	}
+
+	magics := handshakeMagics{
+		clientVersion: t.clientVersion,
+		serverVersion: t.serverVersion,
+		clientKexInit: otherInitPacket,
+		serverKexInit: t.sentInitPacket,
+	}
+
+	clientInit := otherInit
+	serverInit := t.sentInitMsg
+	isClient := len(t.hostKeys) == 0
+	if isClient {
+		clientInit, serverInit = serverInit, clientInit
+
+		magics.clientKexInit = t.sentInitPacket
+		magics.serverKexInit = otherInitPacket
+	}
+
+	var err error
+	t.algorithms, err = findAgreedAlgorithms(isClient, clientInit, serverInit)
+	if err != nil {
+		return err
+	}
+
+	// We don't send FirstKexFollows, but we handle receiving it.
+	//
+	// RFC 4253 section 7 defines the kex and the agreement method for
+	// first_kex_packet_follows. It states that the guessed packet
+	// should be ignored if the "kex algorithm and/or the host
+	// key algorithm is guessed wrong (server and client have
+	// different preferred algorithm), or if any of the other
+	// algorithms cannot be agreed upon". The other algorithms have
+	// already been checked above so the kex algorithm and host key
+	// algorithm are checked here.
+	if otherInit.FirstKexFollows && (clientInit.KexAlgos[0] != serverInit.KexAlgos[0] || clientInit.ServerHostKeyAlgos[0] != serverInit.ServerHostKeyAlgos[0]) {
+		// other side sent a kex message for the wrong algorithm,
+		// which we have to ignore.
+		if _, err := t.conn.readPacket(); err != nil {
+			return err
+		}
+	}
+
+	kex, ok := kexAlgoMap[t.algorithms.kex]
+	if !ok {
+		return fmt.Errorf("ssh: unexpected key exchange algorithm %v", t.algorithms.kex)
+	}
+
+	var result *kexResult
+	if len(t.hostKeys) > 0 {
+		result, err = t.server(kex, t.algorithms, &magics)
+	} else {
+		result, err = t.client(kex, t.algorithms, &magics)
+	}
+
+	if err != nil {
+		return err
+	}
+
+	if t.sessionID == nil {
+		t.sessionID = result.H
+	}
+	result.SessionID = t.sessionID
+
+	if err := t.conn.prepareKeyChange(t.algorithms, result); err != nil {
+		return err
+	}
+	if err = t.conn.writePacket([]byte{msgNewKeys}); err != nil {
+		return err
+	}
+	if packet, err := t.conn.readPacket(); err != nil {
+		return err
+	} else if packet[0] != msgNewKeys {
+		return unexpectedMessageError(msgNewKeys, packet[0])
+	}
+
+	return nil
+}
+
+func (t *handshakeTransport) server(kex kexAlgorithm, algs *algorithms, magics *handshakeMagics) (*kexResult, error) {
+	var hostKey Signer
+	for _, k := range t.hostKeys {
+		if algs.hostKey == k.PublicKey().Type() {
+			hostKey = k
+		}
+	}
+
+	r, err := kex.Server(t.conn, t.config.Rand, magics, hostKey)
+	return r, err
+}
+
+func (t *handshakeTransport) client(kex kexAlgorithm, algs *algorithms, magics *handshakeMagics) (*kexResult, error) {
+	result, err := kex.Client(t.conn, t.config.Rand, magics)
+	if err != nil {
+		return nil, err
+	}
+
+	hostKey, err := ParsePublicKey(result.HostKey)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := verifyHostKeySignature(hostKey, result); err != nil {
+		return nil, err
+	}
+
+	err = t.hostKeyCallback(t.dialAddress, t.remoteAddr, hostKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
diff --git a/vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go b/vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
new file mode 100644
index 0000000000000..af81d266546ea
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
@@ -0,0 +1,93 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD.
+//
+// See https://flak.tedunangst.com/post/bcrypt-pbkdf and
+// https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libutil/bcrypt_pbkdf.c.
+package bcrypt_pbkdf
+
+import (
+	"crypto/sha512"
+	"errors"
+	"golang.org/x/crypto/blowfish"
+)
+
+const blockSize = 32
+
+// Key derives a key from the password, salt and rounds count, returning a
+// []byte of length keyLen that can be used as cryptographic key.
+func Key(password, salt []byte, rounds, keyLen int) ([]byte, error) {
+	if rounds < 1 {
+		return nil, errors.New("bcrypt_pbkdf: number of rounds is too small")
+	}
+	if len(password) == 0 {
+		return nil, errors.New("bcrypt_pbkdf: empty password")
+	}
+	if len(salt) == 0 || len(salt) > 1<<20 {
+		return nil, errors.New("bcrypt_pbkdf: bad salt length")
+	}
+	if keyLen > 1024 {
+		return nil, errors.New("bcrypt_pbkdf: keyLen is too large")
+	}
+
+	numBlocks := (keyLen + blockSize - 1) / blockSize
+	key := make([]byte, numBlocks*blockSize)
+
+	h := sha512.New()
+	h.Write(password)
+	shapass := h.Sum(nil)
+
+	shasalt := make([]byte, 0, sha512.Size)
+	cnt, tmp := make([]byte, 4), make([]byte, blockSize)
+	for block := 1; block <= numBlocks; block++ {
+		h.Reset()
+		h.Write(salt)
+		cnt[0] = byte(block >> 24)
+		cnt[1] = byte(block >> 16)
+		cnt[2] = byte(block >> 8)
+		cnt[3] = byte(block)
+		h.Write(cnt)
+		bcryptHash(tmp, shapass, h.Sum(shasalt))
+
+		out := make([]byte, blockSize)
+		copy(out, tmp)
+		for i := 2; i <= rounds; i++ {
+			h.Reset()
+			h.Write(tmp)
+			bcryptHash(tmp, shapass, h.Sum(shasalt))
+			for j := 0; j < len(out); j++ {
+				out[j] ^= tmp[j]
+			}
+		}
+
+		for i, v := range out {
+			key[i*numBlocks+(block-1)] = v
+		}
+	}
+	return key[:keyLen], nil
+}
+
+var magic = []byte("OxychromaticBlowfishSwatDynamite")
+
+func bcryptHash(out, shapass, shasalt []byte) {
+	c, err := blowfish.NewSaltedCipher(shapass, shasalt)
+	if err != nil {
+		panic(err)
+	}
+	for i := 0; i < 64; i++ {
+		blowfish.ExpandKey(shasalt, c)
+		blowfish.ExpandKey(shapass, c)
+	}
+	copy(out, magic)
+	for i := 0; i < 32; i += 8 {
+		for j := 0; j < 64; j++ {
+			c.Encrypt(out[i:i+8], out[i:i+8])
+		}
+	}
+	// Swap bytes due to different endianness.
+	for i := 0; i < 32; i += 4 {
+		out[i+3], out[i+2], out[i+1], out[i] = out[i], out[i+1], out[i+2], out[i+3]
+	}
+}
diff --git a/vendor/golang.org/x/crypto/ssh/kex.go b/vendor/golang.org/x/crypto/ssh/kex.go
new file mode 100644
index 0000000000000..766e9293975e3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/kex.go
@@ -0,0 +1,782 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"math/big"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+const (
+	kexAlgoDH1SHA1          = "diffie-hellman-group1-sha1"
+	kexAlgoDH14SHA1         = "diffie-hellman-group14-sha1"
+	kexAlgoECDH256          = "ecdh-sha2-nistp256"
+	kexAlgoECDH384          = "ecdh-sha2-nistp384"
+	kexAlgoECDH521          = "ecdh-sha2-nistp521"
+	kexAlgoCurve25519SHA256 = "curve25519-sha256@libssh.org"
+
+	// For the following kex only the client half contains a production
+	// ready implementation. The server half only consists of a minimal
+	// implementation to satisfy the automated tests.
+	kexAlgoDHGEXSHA1   = "diffie-hellman-group-exchange-sha1"
+	kexAlgoDHGEXSHA256 = "diffie-hellman-group-exchange-sha256"
+)
+
+// kexResult captures the outcome of a key exchange.
+type kexResult struct {
+	// Session hash. See also RFC 4253, section 8.
+	H []byte
+
+	// Shared secret. See also RFC 4253, section 8.
+	K []byte
+
+	// Host key as hashed into H.
+	HostKey []byte
+
+	// Signature of H.
+	Signature []byte
+
+	// A cryptographic hash function that matches the security
+	// level of the key exchange algorithm. It is used for
+	// calculating H, and for deriving keys from H and K.
+	Hash crypto.Hash
+
+	// The session ID, which is the first H computed. This is used
+	// to derive key material inside the transport.
+	SessionID []byte
+}
+
+// handshakeMagics contains data that is always included in the
+// session hash.
+type handshakeMagics struct {
+	clientVersion, serverVersion []byte
+	clientKexInit, serverKexInit []byte
+}
+
+func (m *handshakeMagics) write(w io.Writer) {
+	writeString(w, m.clientVersion)
+	writeString(w, m.serverVersion)
+	writeString(w, m.clientKexInit)
+	writeString(w, m.serverKexInit)
+}
+
+// kexAlgorithm abstracts different key exchange algorithms.
+type kexAlgorithm interface {
+	// Server runs server-side key agreement, signing the result
+	// with a hostkey.
+	Server(p packetConn, rand io.Reader, magics *handshakeMagics, s Signer) (*kexResult, error)
+
+	// Client runs the client-side key agreement. Caller is
+	// responsible for verifying the host key signature.
+	Client(p packetConn, rand io.Reader, magics *handshakeMagics) (*kexResult, error)
+}
+
+// dhGroup is a multiplicative group suitable for implementing Diffie-Hellman key agreement.
+type dhGroup struct {
+	g, p, pMinus1 *big.Int
+}
+
+func (group *dhGroup) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, error) {
+	if theirPublic.Cmp(bigOne) <= 0 || theirPublic.Cmp(group.pMinus1) >= 0 {
+		return nil, errors.New("ssh: DH parameter out of bounds")
+	}
+	return new(big.Int).Exp(theirPublic, myPrivate, group.p), nil
+}
+
+func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
+	hashFunc := crypto.SHA1
+
+	var x *big.Int
+	for {
+		var err error
+		if x, err = rand.Int(randSource, group.pMinus1); err != nil {
+			return nil, err
+		}
+		if x.Sign() > 0 {
+			break
+		}
+	}
+
+	X := new(big.Int).Exp(group.g, x, group.p)
+	kexDHInit := kexDHInitMsg{
+		X: X,
+	}
+	if err := c.writePacket(Marshal(&kexDHInit)); err != nil {
+		return nil, err
+	}
+
+	packet, err := c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var kexDHReply kexDHReplyMsg
+	if err = Unmarshal(packet, &kexDHReply); err != nil {
+		return nil, err
+	}
+
+	ki, err := group.diffieHellman(kexDHReply.Y, x)
+	if err != nil {
+		return nil, err
+	}
+
+	h := hashFunc.New()
+	magics.write(h)
+	writeString(h, kexDHReply.HostKey)
+	writeInt(h, X)
+	writeInt(h, kexDHReply.Y)
+	K := make([]byte, intLength(ki))
+	marshalInt(K, ki)
+	h.Write(K)
+
+	return &kexResult{
+		H:         h.Sum(nil),
+		K:         K,
+		HostKey:   kexDHReply.HostKey,
+		Signature: kexDHReply.Signature,
+		Hash:      crypto.SHA1,
+	}, nil
+}
+
+func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
+	hashFunc := crypto.SHA1
+	packet, err := c.readPacket()
+	if err != nil {
+		return
+	}
+	var kexDHInit kexDHInitMsg
+	if err = Unmarshal(packet, &kexDHInit); err != nil {
+		return
+	}
+
+	var y *big.Int
+	for {
+		if y, err = rand.Int(randSource, group.pMinus1); err != nil {
+			return
+		}
+		if y.Sign() > 0 {
+			break
+		}
+	}
+
+	Y := new(big.Int).Exp(group.g, y, group.p)
+	ki, err := group.diffieHellman(kexDHInit.X, y)
+	if err != nil {
+		return nil, err
+	}
+
+	hostKeyBytes := priv.PublicKey().Marshal()
+
+	h := hashFunc.New()
+	magics.write(h)
+	writeString(h, hostKeyBytes)
+	writeInt(h, kexDHInit.X)
+	writeInt(h, Y)
+
+	K := make([]byte, intLength(ki))
+	marshalInt(K, ki)
+	h.Write(K)
+
+	H := h.Sum(nil)
+
+	// H is already a hash, but the hostkey signing will apply its
+	// own key-specific hash algorithm.
+	sig, err := signAndMarshal(priv, randSource, H)
+	if err != nil {
+		return nil, err
+	}
+
+	kexDHReply := kexDHReplyMsg{
+		HostKey:   hostKeyBytes,
+		Y:         Y,
+		Signature: sig,
+	}
+	packet = Marshal(&kexDHReply)
+
+	err = c.writePacket(packet)
+	return &kexResult{
+		H:         H,
+		K:         K,
+		HostKey:   hostKeyBytes,
+		Signature: sig,
+		Hash:      crypto.SHA1,
+	}, err
+}
+
+// ecdh performs Elliptic Curve Diffie-Hellman key exchange as
+// described in RFC 5656, section 4.
+type ecdh struct {
+	curve elliptic.Curve
+}
+
+func (kex *ecdh) Client(c packetConn, rand io.Reader, magics *handshakeMagics) (*kexResult, error) {
+	ephKey, err := ecdsa.GenerateKey(kex.curve, rand)
+	if err != nil {
+		return nil, err
+	}
+
+	kexInit := kexECDHInitMsg{
+		ClientPubKey: elliptic.Marshal(kex.curve, ephKey.PublicKey.X, ephKey.PublicKey.Y),
+	}
+
+	serialized := Marshal(&kexInit)
+	if err := c.writePacket(serialized); err != nil {
+		return nil, err
+	}
+
+	packet, err := c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var reply kexECDHReplyMsg
+	if err = Unmarshal(packet, &reply); err != nil {
+		return nil, err
+	}
+
+	x, y, err := unmarshalECKey(kex.curve, reply.EphemeralPubKey)
+	if err != nil {
+		return nil, err
+	}
+
+	// generate shared secret
+	secret, _ := kex.curve.ScalarMult(x, y, ephKey.D.Bytes())
+
+	h := ecHash(kex.curve).New()
+	magics.write(h)
+	writeString(h, reply.HostKey)
+	writeString(h, kexInit.ClientPubKey)
+	writeString(h, reply.EphemeralPubKey)
+	K := make([]byte, intLength(secret))
+	marshalInt(K, secret)
+	h.Write(K)
+
+	return &kexResult{
+		H:         h.Sum(nil),
+		K:         K,
+		HostKey:   reply.HostKey,
+		Signature: reply.Signature,
+		Hash:      ecHash(kex.curve),
+	}, nil
+}
+
+// unmarshalECKey parses and checks an EC key.
+func unmarshalECKey(curve elliptic.Curve, pubkey []byte) (x, y *big.Int, err error) {
+	x, y = elliptic.Unmarshal(curve, pubkey)
+	if x == nil {
+		return nil, nil, errors.New("ssh: elliptic.Unmarshal failure")
+	}
+	if !validateECPublicKey(curve, x, y) {
+		return nil, nil, errors.New("ssh: public key not on curve")
+	}
+	return x, y, nil
+}
+
+// validateECPublicKey checks that the point is a valid public key for
+// the given curve. See [SEC1], 3.2.2
+func validateECPublicKey(curve elliptic.Curve, x, y *big.Int) bool {
+	if x.Sign() == 0 && y.Sign() == 0 {
+		return false
+	}
+
+	if x.Cmp(curve.Params().P) >= 0 {
+		return false
+	}
+
+	if y.Cmp(curve.Params().P) >= 0 {
+		return false
+	}
+
+	if !curve.IsOnCurve(x, y) {
+		return false
+	}
+
+	// We don't check if N * PubKey == 0, since
+	//
+	// - the NIST curves have cofactor = 1, so this is implicit.
+	// (We don't foresee an implementation that supports non NIST
+	// curves)
+	//
+	// - for ephemeral keys, we don't need to worry about small
+	// subgroup attacks.
+	return true
+}
+
+func (kex *ecdh) Server(c packetConn, rand io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
+	packet, err := c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var kexECDHInit kexECDHInitMsg
+	if err = Unmarshal(packet, &kexECDHInit); err != nil {
+		return nil, err
+	}
+
+	clientX, clientY, err := unmarshalECKey(kex.curve, kexECDHInit.ClientPubKey)
+	if err != nil {
+		return nil, err
+	}
+
+	// We could cache this key across multiple users/multiple
+	// connection attempts, but the benefit is small. OpenSSH
+	// generates a new key for each incoming connection.
+	ephKey, err := ecdsa.GenerateKey(kex.curve, rand)
+	if err != nil {
+		return nil, err
+	}
+
+	hostKeyBytes := priv.PublicKey().Marshal()
+
+	serializedEphKey := elliptic.Marshal(kex.curve, ephKey.PublicKey.X, ephKey.PublicKey.Y)
+
+	// generate shared secret
+	secret, _ := kex.curve.ScalarMult(clientX, clientY, ephKey.D.Bytes())
+
+	h := ecHash(kex.curve).New()
+	magics.write(h)
+	writeString(h, hostKeyBytes)
+	writeString(h, kexECDHInit.ClientPubKey)
+	writeString(h, serializedEphKey)
+
+	K := make([]byte, intLength(secret))
+	marshalInt(K, secret)
+	h.Write(K)
+
+	H := h.Sum(nil)
+
+	// H is already a hash, but the hostkey signing will apply its
+	// own key-specific hash algorithm.
+	sig, err := signAndMarshal(priv, rand, H)
+	if err != nil {
+		return nil, err
+	}
+
+	reply := kexECDHReplyMsg{
+		EphemeralPubKey: serializedEphKey,
+		HostKey:         hostKeyBytes,
+		Signature:       sig,
+	}
+
+	serialized := Marshal(&reply)
+	if err := c.writePacket(serialized); err != nil {
+		return nil, err
+	}
+
+	return &kexResult{
+		H:         H,
+		K:         K,
+		HostKey:   reply.HostKey,
+		Signature: sig,
+		Hash:      ecHash(kex.curve),
+	}, nil
+}
+
+var kexAlgoMap = map[string]kexAlgorithm{}
+
+func init() {
+	// This is the group called diffie-hellman-group1-sha1 in RFC
+	// 4253 and Oakley Group 2 in RFC 2409.
+	p, _ := new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF", 16)
+	kexAlgoMap[kexAlgoDH1SHA1] = &dhGroup{
+		g:       new(big.Int).SetInt64(2),
+		p:       p,
+		pMinus1: new(big.Int).Sub(p, bigOne),
+	}
+
+	// This is the group called diffie-hellman-group14-sha1 in RFC
+	// 4253 and Oakley Group 14 in RFC 3526.
+	p, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", 16)
+
+	kexAlgoMap[kexAlgoDH14SHA1] = &dhGroup{
+		g:       new(big.Int).SetInt64(2),
+		p:       p,
+		pMinus1: new(big.Int).Sub(p, bigOne),
+	}
+
+	kexAlgoMap[kexAlgoECDH521] = &ecdh{elliptic.P521()}
+	kexAlgoMap[kexAlgoECDH384] = &ecdh{elliptic.P384()}
+	kexAlgoMap[kexAlgoECDH256] = &ecdh{elliptic.P256()}
+	kexAlgoMap[kexAlgoCurve25519SHA256] = &curve25519sha256{}
+	kexAlgoMap[kexAlgoDHGEXSHA1] = &dhGEXSHA{hashFunc: crypto.SHA1}
+	kexAlgoMap[kexAlgoDHGEXSHA256] = &dhGEXSHA{hashFunc: crypto.SHA256}
+}
+
+// curve25519sha256 implements the curve25519-sha256@libssh.org key
+// agreement protocol, as described in
+// https://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256@libssh.org.txt
+type curve25519sha256 struct{}
+
+type curve25519KeyPair struct {
+	priv [32]byte
+	pub  [32]byte
+}
+
+func (kp *curve25519KeyPair) generate(rand io.Reader) error {
+	if _, err := io.ReadFull(rand, kp.priv[:]); err != nil {
+		return err
+	}
+	curve25519.ScalarBaseMult(&kp.pub, &kp.priv)
+	return nil
+}
+
+// curve25519Zeros is just an array of 32 zero bytes so that we have something
+// convenient to compare against in order to reject curve25519 points with the
+// wrong order.
+var curve25519Zeros [32]byte
+
+func (kex *curve25519sha256) Client(c packetConn, rand io.Reader, magics *handshakeMagics) (*kexResult, error) {
+	var kp curve25519KeyPair
+	if err := kp.generate(rand); err != nil {
+		return nil, err
+	}
+	if err := c.writePacket(Marshal(&kexECDHInitMsg{kp.pub[:]})); err != nil {
+		return nil, err
+	}
+
+	packet, err := c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var reply kexECDHReplyMsg
+	if err = Unmarshal(packet, &reply); err != nil {
+		return nil, err
+	}
+	if len(reply.EphemeralPubKey) != 32 {
+		return nil, errors.New("ssh: peer's curve25519 public value has wrong length")
+	}
+
+	var servPub, secret [32]byte
+	copy(servPub[:], reply.EphemeralPubKey)
+	curve25519.ScalarMult(&secret, &kp.priv, &servPub)
+	if subtle.ConstantTimeCompare(secret[:], curve25519Zeros[:]) == 1 {
+		return nil, errors.New("ssh: peer's curve25519 public value has wrong order")
+	}
+
+	h := crypto.SHA256.New()
+	magics.write(h)
+	writeString(h, reply.HostKey)
+	writeString(h, kp.pub[:])
+	writeString(h, reply.EphemeralPubKey)
+
+	ki := new(big.Int).SetBytes(secret[:])
+	K := make([]byte, intLength(ki))
+	marshalInt(K, ki)
+	h.Write(K)
+
+	return &kexResult{
+		H:         h.Sum(nil),
+		K:         K,
+		HostKey:   reply.HostKey,
+		Signature: reply.Signature,
+		Hash:      crypto.SHA256,
+	}, nil
+}
+
+func (kex *curve25519sha256) Server(c packetConn, rand io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
+	packet, err := c.readPacket()
+	if err != nil {
+		return
+	}
+	var kexInit kexECDHInitMsg
+	if err = Unmarshal(packet, &kexInit); err != nil {
+		return
+	}
+
+	if len(kexInit.ClientPubKey) != 32 {
+		return nil, errors.New("ssh: peer's curve25519 public value has wrong length")
+	}
+
+	var kp curve25519KeyPair
+	if err := kp.generate(rand); err != nil {
+		return nil, err
+	}
+
+	var clientPub, secret [32]byte
+	copy(clientPub[:], kexInit.ClientPubKey)
+	curve25519.ScalarMult(&secret, &kp.priv, &clientPub)
+	if subtle.ConstantTimeCompare(secret[:], curve25519Zeros[:]) == 1 {
+		return nil, errors.New("ssh: peer's curve25519 public value has wrong order")
+	}
+
+	hostKeyBytes := priv.PublicKey().Marshal()
+
+	h := crypto.SHA256.New()
+	magics.write(h)
+	writeString(h, hostKeyBytes)
+	writeString(h, kexInit.ClientPubKey)
+	writeString(h, kp.pub[:])
+
+	ki := new(big.Int).SetBytes(secret[:])
+	K := make([]byte, intLength(ki))
+	marshalInt(K, ki)
+	h.Write(K)
+
+	H := h.Sum(nil)
+
+	sig, err := signAndMarshal(priv, rand, H)
+	if err != nil {
+		return nil, err
+	}
+
+	reply := kexECDHReplyMsg{
+		EphemeralPubKey: kp.pub[:],
+		HostKey:         hostKeyBytes,
+		Signature:       sig,
+	}
+	if err := c.writePacket(Marshal(&reply)); err != nil {
+		return nil, err
+	}
+	return &kexResult{
+		H:         H,
+		K:         K,
+		HostKey:   hostKeyBytes,
+		Signature: sig,
+		Hash:      crypto.SHA256,
+	}, nil
+}
+
+// dhGEXSHA implements the diffie-hellman-group-exchange-sha1 and
+// diffie-hellman-group-exchange-sha256 key agreement protocols,
+// as described in RFC 4419
+type dhGEXSHA struct {
+	g, p     *big.Int
+	hashFunc crypto.Hash
+}
+
+const (
+	dhGroupExchangeMinimumBits   = 2048
+	dhGroupExchangePreferredBits = 2048
+	dhGroupExchangeMaximumBits   = 8192
+)
+
+func (gex *dhGEXSHA) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, error) {
+	if theirPublic.Sign() <= 0 || theirPublic.Cmp(gex.p) >= 0 {
+		return nil, fmt.Errorf("ssh: DH parameter out of bounds")
+	}
+	return new(big.Int).Exp(theirPublic, myPrivate, gex.p), nil
+}
+
+func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
+	// Send GexRequest
+	kexDHGexRequest := kexDHGexRequestMsg{
+		MinBits:      dhGroupExchangeMinimumBits,
+		PreferedBits: dhGroupExchangePreferredBits,
+		MaxBits:      dhGroupExchangeMaximumBits,
+	}
+	if err := c.writePacket(Marshal(&kexDHGexRequest)); err != nil {
+		return nil, err
+	}
+
+	// Receive GexGroup
+	packet, err := c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var kexDHGexGroup kexDHGexGroupMsg
+	if err = Unmarshal(packet, &kexDHGexGroup); err != nil {
+		return nil, err
+	}
+
+	// reject if p's bit length < dhGroupExchangeMinimumBits or > dhGroupExchangeMaximumBits
+	if kexDHGexGroup.P.BitLen() < dhGroupExchangeMinimumBits || kexDHGexGroup.P.BitLen() > dhGroupExchangeMaximumBits {
+		return nil, fmt.Errorf("ssh: server-generated gex p is out of range (%d bits)", kexDHGexGroup.P.BitLen())
+	}
+
+	gex.p = kexDHGexGroup.P
+	gex.g = kexDHGexGroup.G
+
+	// Check if g is safe by verifing that g > 1 and g < p - 1
+	one := big.NewInt(1)
+	var pMinusOne = &big.Int{}
+	pMinusOne.Sub(gex.p, one)
+	if gex.g.Cmp(one) != 1 && gex.g.Cmp(pMinusOne) != -1 {
+		return nil, fmt.Errorf("ssh: server provided gex g is not safe")
+	}
+
+	// Send GexInit
+	var pHalf = &big.Int{}
+	pHalf.Rsh(gex.p, 1)
+	x, err := rand.Int(randSource, pHalf)
+	if err != nil {
+		return nil, err
+	}
+	X := new(big.Int).Exp(gex.g, x, gex.p)
+	kexDHGexInit := kexDHGexInitMsg{
+		X: X,
+	}
+	if err := c.writePacket(Marshal(&kexDHGexInit)); err != nil {
+		return nil, err
+	}
+
+	// Receive GexReply
+	packet, err = c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var kexDHGexReply kexDHGexReplyMsg
+	if err = Unmarshal(packet, &kexDHGexReply); err != nil {
+		return nil, err
+	}
+
+	kInt, err := gex.diffieHellman(kexDHGexReply.Y, x)
+	if err != nil {
+		return nil, err
+	}
+
+	// Check if k is safe by verifing that k > 1 and k < p - 1
+	if kInt.Cmp(one) != 1 && kInt.Cmp(pMinusOne) != -1 {
+		return nil, fmt.Errorf("ssh: derived k is not safe")
+	}
+
+	h := gex.hashFunc.New()
+	magics.write(h)
+	writeString(h, kexDHGexReply.HostKey)
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangeMinimumBits))
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangePreferredBits))
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangeMaximumBits))
+	writeInt(h, gex.p)
+	writeInt(h, gex.g)
+	writeInt(h, X)
+	writeInt(h, kexDHGexReply.Y)
+	K := make([]byte, intLength(kInt))
+	marshalInt(K, kInt)
+	h.Write(K)
+
+	return &kexResult{
+		H:         h.Sum(nil),
+		K:         K,
+		HostKey:   kexDHGexReply.HostKey,
+		Signature: kexDHGexReply.Signature,
+		Hash:      gex.hashFunc,
+	}, nil
+}
+
+// Server half implementation of the Diffie Hellman Key Exchange with SHA1 and SHA256.
+//
+// This is a minimal implementation to satisfy the automated tests.
+func (gex dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
+	// Receive GexRequest
+	packet, err := c.readPacket()
+	if err != nil {
+		return
+	}
+	var kexDHGexRequest kexDHGexRequestMsg
+	if err = Unmarshal(packet, &kexDHGexRequest); err != nil {
+		return
+	}
+
+	// smoosh the user's preferred size into our own limits
+	if kexDHGexRequest.PreferedBits > dhGroupExchangeMaximumBits {
+		kexDHGexRequest.PreferedBits = dhGroupExchangeMaximumBits
+	}
+	if kexDHGexRequest.PreferedBits < dhGroupExchangeMinimumBits {
+		kexDHGexRequest.PreferedBits = dhGroupExchangeMinimumBits
+	}
+	// fix min/max if they're inconsistent.  technically, we could just pout
+	// and hang up, but there's no harm in giving them the benefit of the
+	// doubt and just picking a bitsize for them.
+	if kexDHGexRequest.MinBits > kexDHGexRequest.PreferedBits {
+		kexDHGexRequest.MinBits = kexDHGexRequest.PreferedBits
+	}
+	if kexDHGexRequest.MaxBits < kexDHGexRequest.PreferedBits {
+		kexDHGexRequest.MaxBits = kexDHGexRequest.PreferedBits
+	}
+
+	// Send GexGroup
+	// This is the group called diffie-hellman-group14-sha1 in RFC
+	// 4253 and Oakley Group 14 in RFC 3526.
+	p, _ := new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", 16)
+	gex.p = p
+	gex.g = big.NewInt(2)
+
+	kexDHGexGroup := kexDHGexGroupMsg{
+		P: gex.p,
+		G: gex.g,
+	}
+	if err := c.writePacket(Marshal(&kexDHGexGroup)); err != nil {
+		return nil, err
+	}
+
+	// Receive GexInit
+	packet, err = c.readPacket()
+	if err != nil {
+		return
+	}
+	var kexDHGexInit kexDHGexInitMsg
+	if err = Unmarshal(packet, &kexDHGexInit); err != nil {
+		return
+	}
+
+	var pHalf = &big.Int{}
+	pHalf.Rsh(gex.p, 1)
+
+	y, err := rand.Int(randSource, pHalf)
+	if err != nil {
+		return
+	}
+
+	Y := new(big.Int).Exp(gex.g, y, gex.p)
+	kInt, err := gex.diffieHellman(kexDHGexInit.X, y)
+	if err != nil {
+		return nil, err
+	}
+
+	hostKeyBytes := priv.PublicKey().Marshal()
+
+	h := gex.hashFunc.New()
+	magics.write(h)
+	writeString(h, hostKeyBytes)
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangeMinimumBits))
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangePreferredBits))
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangeMaximumBits))
+	writeInt(h, gex.p)
+	writeInt(h, gex.g)
+	writeInt(h, kexDHGexInit.X)
+	writeInt(h, Y)
+
+	K := make([]byte, intLength(kInt))
+	marshalInt(K, kInt)
+	h.Write(K)
+
+	H := h.Sum(nil)
+
+	// H is already a hash, but the hostkey signing will apply its
+	// own key-specific hash algorithm.
+	sig, err := signAndMarshal(priv, randSource, H)
+	if err != nil {
+		return nil, err
+	}
+
+	kexDHGexReply := kexDHGexReplyMsg{
+		HostKey:   hostKeyBytes,
+		Y:         Y,
+		Signature: sig,
+	}
+	packet = Marshal(&kexDHGexReply)
+
+	err = c.writePacket(packet)
+
+	return &kexResult{
+		H:         H,
+		K:         K,
+		HostKey:   hostKeyBytes,
+		Signature: sig,
+		Hash:      gex.hashFunc,
+	}, err
+}
diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go
new file mode 100644
index 0000000000000..31f26349a05ff
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/keys.go
@@ -0,0 +1,1474 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/dsa"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/md5"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/asn1"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+	"math/big"
+	"strings"
+
+	"golang.org/x/crypto/ed25519"
+	"golang.org/x/crypto/ssh/internal/bcrypt_pbkdf"
+)
+
+// These constants represent the algorithm names for key types supported by this
+// package.
+const (
+	KeyAlgoRSA        = "ssh-rsa"
+	KeyAlgoDSA        = "ssh-dss"
+	KeyAlgoECDSA256   = "ecdsa-sha2-nistp256"
+	KeyAlgoSKECDSA256 = "sk-ecdsa-sha2-nistp256@openssh.com"
+	KeyAlgoECDSA384   = "ecdsa-sha2-nistp384"
+	KeyAlgoECDSA521   = "ecdsa-sha2-nistp521"
+	KeyAlgoED25519    = "ssh-ed25519"
+	KeyAlgoSKED25519  = "sk-ssh-ed25519@openssh.com"
+)
+
+// These constants represent non-default signature algorithms that are supported
+// as algorithm parameters to AlgorithmSigner.SignWithAlgorithm methods. See
+// [PROTOCOL.agent] section 4.5.1 and
+// https://tools.ietf.org/html/draft-ietf-curdle-rsa-sha2-10
+const (
+	SigAlgoRSA        = "ssh-rsa"
+	SigAlgoRSASHA2256 = "rsa-sha2-256"
+	SigAlgoRSASHA2512 = "rsa-sha2-512"
+)
+
+// parsePubKey parses a public key of the given algorithm.
+// Use ParsePublicKey for keys with prepended algorithm.
+func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err error) {
+	switch algo {
+	case KeyAlgoRSA:
+		return parseRSA(in)
+	case KeyAlgoDSA:
+		return parseDSA(in)
+	case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
+		return parseECDSA(in)
+	case KeyAlgoSKECDSA256:
+		return parseSKECDSA(in)
+	case KeyAlgoED25519:
+		return parseED25519(in)
+	case KeyAlgoSKED25519:
+		return parseSKEd25519(in)
+	case CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
+		cert, err := parseCert(in, certToPrivAlgo(algo))
+		if err != nil {
+			return nil, nil, err
+		}
+		return cert, nil, nil
+	}
+	return nil, nil, fmt.Errorf("ssh: unknown key algorithm: %v", algo)
+}
+
+// parseAuthorizedKey parses a public key in OpenSSH authorized_keys format
+// (see sshd(8) manual page) once the options and key type fields have been
+// removed.
+func parseAuthorizedKey(in []byte) (out PublicKey, comment string, err error) {
+	in = bytes.TrimSpace(in)
+
+	i := bytes.IndexAny(in, " \t")
+	if i == -1 {
+		i = len(in)
+	}
+	base64Key := in[:i]
+
+	key := make([]byte, base64.StdEncoding.DecodedLen(len(base64Key)))
+	n, err := base64.StdEncoding.Decode(key, base64Key)
+	if err != nil {
+		return nil, "", err
+	}
+	key = key[:n]
+	out, err = ParsePublicKey(key)
+	if err != nil {
+		return nil, "", err
+	}
+	comment = string(bytes.TrimSpace(in[i:]))
+	return out, comment, nil
+}
+
+// ParseKnownHosts parses an entry in the format of the known_hosts file.
+//
+// The known_hosts format is documented in the sshd(8) manual page. This
+// function will parse a single entry from in. On successful return, marker
+// will contain the optional marker value (i.e. "cert-authority" or "revoked")
+// or else be empty, hosts will contain the hosts that this entry matches,
+// pubKey will contain the public key and comment will contain any trailing
+// comment at the end of the line. See the sshd(8) manual page for the various
+// forms that a host string can take.
+//
+// The unparsed remainder of the input will be returned in rest. This function
+// can be called repeatedly to parse multiple entries.
+//
+// If no entries were found in the input then err will be io.EOF. Otherwise a
+// non-nil err value indicates a parse error.
+func ParseKnownHosts(in []byte) (marker string, hosts []string, pubKey PublicKey, comment string, rest []byte, err error) {
+	for len(in) > 0 {
+		end := bytes.IndexByte(in, '\n')
+		if end != -1 {
+			rest = in[end+1:]
+			in = in[:end]
+		} else {
+			rest = nil
+		}
+
+		end = bytes.IndexByte(in, '\r')
+		if end != -1 {
+			in = in[:end]
+		}
+
+		in = bytes.TrimSpace(in)
+		if len(in) == 0 || in[0] == '#' {
+			in = rest
+			continue
+		}
+
+		i := bytes.IndexAny(in, " \t")
+		if i == -1 {
+			in = rest
+			continue
+		}
+
+		// Strip out the beginning of the known_host key.
+		// This is either an optional marker or a (set of) hostname(s).
+		keyFields := bytes.Fields(in)
+		if len(keyFields) < 3 || len(keyFields) > 5 {
+			return "", nil, nil, "", nil, errors.New("ssh: invalid entry in known_hosts data")
+		}
+
+		// keyFields[0] is either "@cert-authority", "@revoked" or a comma separated
+		// list of hosts
+		marker := ""
+		if keyFields[0][0] == '@' {
+			marker = string(keyFields[0][1:])
+			keyFields = keyFields[1:]
+		}
+
+		hosts := string(keyFields[0])
+		// keyFields[1] contains the key type (e.g. “ssh-rsa”).
+		// However, that information is duplicated inside the
+		// base64-encoded key and so is ignored here.
+
+		key := bytes.Join(keyFields[2:], []byte(" "))
+		if pubKey, comment, err = parseAuthorizedKey(key); err != nil {
+			return "", nil, nil, "", nil, err
+		}
+
+		return marker, strings.Split(hosts, ","), pubKey, comment, rest, nil
+	}
+
+	return "", nil, nil, "", nil, io.EOF
+}
+
+// ParseAuthorizedKeys parses a public key from an authorized_keys
+// file used in OpenSSH according to the sshd(8) manual page.
+func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, err error) {
+	for len(in) > 0 {
+		end := bytes.IndexByte(in, '\n')
+		if end != -1 {
+			rest = in[end+1:]
+			in = in[:end]
+		} else {
+			rest = nil
+		}
+
+		end = bytes.IndexByte(in, '\r')
+		if end != -1 {
+			in = in[:end]
+		}
+
+		in = bytes.TrimSpace(in)
+		if len(in) == 0 || in[0] == '#' {
+			in = rest
+			continue
+		}
+
+		i := bytes.IndexAny(in, " \t")
+		if i == -1 {
+			in = rest
+			continue
+		}
+
+		if out, comment, err = parseAuthorizedKey(in[i:]); err == nil {
+			return out, comment, options, rest, nil
+		}
+
+		// No key type recognised. Maybe there's an options field at
+		// the beginning.
+		var b byte
+		inQuote := false
+		var candidateOptions []string
+		optionStart := 0
+		for i, b = range in {
+			isEnd := !inQuote && (b == ' ' || b == '\t')
+			if (b == ',' && !inQuote) || isEnd {
+				if i-optionStart > 0 {
+					candidateOptions = append(candidateOptions, string(in[optionStart:i]))
+				}
+				optionStart = i + 1
+			}
+			if isEnd {
+				break
+			}
+			if b == '"' && (i == 0 || (i > 0 && in[i-1] != '\\')) {
+				inQuote = !inQuote
+			}
+		}
+		for i < len(in) && (in[i] == ' ' || in[i] == '\t') {
+			i++
+		}
+		if i == len(in) {
+			// Invalid line: unmatched quote
+			in = rest
+			continue
+		}
+
+		in = in[i:]
+		i = bytes.IndexAny(in, " \t")
+		if i == -1 {
+			in = rest
+			continue
+		}
+
+		if out, comment, err = parseAuthorizedKey(in[i:]); err == nil {
+			options = candidateOptions
+			return out, comment, options, rest, nil
+		}
+
+		in = rest
+		continue
+	}
+
+	return nil, "", nil, nil, errors.New("ssh: no key found")
+}
+
+// ParsePublicKey parses an SSH public key formatted for use in
+// the SSH wire protocol according to RFC 4253, section 6.6.
+func ParsePublicKey(in []byte) (out PublicKey, err error) {
+	algo, in, ok := parseString(in)
+	if !ok {
+		return nil, errShortRead
+	}
+	var rest []byte
+	out, rest, err = parsePubKey(in, string(algo))
+	if len(rest) > 0 {
+		return nil, errors.New("ssh: trailing junk in public key")
+	}
+
+	return out, err
+}
+
+// MarshalAuthorizedKey serializes key for inclusion in an OpenSSH
+// authorized_keys file. The return value ends with newline.
+func MarshalAuthorizedKey(key PublicKey) []byte {
+	b := &bytes.Buffer{}
+	b.WriteString(key.Type())
+	b.WriteByte(' ')
+	e := base64.NewEncoder(base64.StdEncoding, b)
+	e.Write(key.Marshal())
+	e.Close()
+	b.WriteByte('\n')
+	return b.Bytes()
+}
+
+// PublicKey is an abstraction of different types of public keys.
+type PublicKey interface {
+	// Type returns the key's type, e.g. "ssh-rsa".
+	Type() string
+
+	// Marshal returns the serialized key data in SSH wire format,
+	// with the name prefix. To unmarshal the returned data, use
+	// the ParsePublicKey function.
+	Marshal() []byte
+
+	// Verify that sig is a signature on the given data using this
+	// key. This function will hash the data appropriately first.
+	Verify(data []byte, sig *Signature) error
+}
+
+// CryptoPublicKey, if implemented by a PublicKey,
+// returns the underlying crypto.PublicKey form of the key.
+type CryptoPublicKey interface {
+	CryptoPublicKey() crypto.PublicKey
+}
+
+// A Signer can create signatures that verify against a public key.
+type Signer interface {
+	// PublicKey returns an associated PublicKey instance.
+	PublicKey() PublicKey
+
+	// Sign returns raw signature for the given data. This method
+	// will apply the hash specified for the keytype to the data.
+	Sign(rand io.Reader, data []byte) (*Signature, error)
+}
+
+// A AlgorithmSigner is a Signer that also supports specifying a specific
+// algorithm to use for signing.
+type AlgorithmSigner interface {
+	Signer
+
+	// SignWithAlgorithm is like Signer.Sign, but allows specification of a
+	// non-default signing algorithm. See the SigAlgo* constants in this
+	// package for signature algorithms supported by this package. Callers may
+	// pass an empty string for the algorithm in which case the AlgorithmSigner
+	// will use its default algorithm.
+	SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error)
+}
+
+type rsaPublicKey rsa.PublicKey
+
+func (r *rsaPublicKey) Type() string {
+	return "ssh-rsa"
+}
+
+// parseRSA parses an RSA key according to RFC 4253, section 6.6.
+func parseRSA(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		E    *big.Int
+		N    *big.Int
+		Rest []byte `ssh:"rest"`
+	}
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	if w.E.BitLen() > 24 {
+		return nil, nil, errors.New("ssh: exponent too large")
+	}
+	e := w.E.Int64()
+	if e < 3 || e&1 == 0 {
+		return nil, nil, errors.New("ssh: incorrect exponent")
+	}
+
+	var key rsa.PublicKey
+	key.E = int(e)
+	key.N = w.N
+	return (*rsaPublicKey)(&key), w.Rest, nil
+}
+
+func (r *rsaPublicKey) Marshal() []byte {
+	e := new(big.Int).SetInt64(int64(r.E))
+	// RSA publickey struct layout should match the struct used by
+	// parseRSACert in the x/crypto/ssh/agent package.
+	wirekey := struct {
+		Name string
+		E    *big.Int
+		N    *big.Int
+	}{
+		KeyAlgoRSA,
+		e,
+		r.N,
+	}
+	return Marshal(&wirekey)
+}
+
+func (r *rsaPublicKey) Verify(data []byte, sig *Signature) error {
+	var hash crypto.Hash
+	switch sig.Format {
+	case SigAlgoRSA:
+		hash = crypto.SHA1
+	case SigAlgoRSASHA2256:
+		hash = crypto.SHA256
+	case SigAlgoRSASHA2512:
+		hash = crypto.SHA512
+	default:
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, r.Type())
+	}
+	h := hash.New()
+	h.Write(data)
+	digest := h.Sum(nil)
+	return rsa.VerifyPKCS1v15((*rsa.PublicKey)(r), hash, digest, sig.Blob)
+}
+
+func (r *rsaPublicKey) CryptoPublicKey() crypto.PublicKey {
+	return (*rsa.PublicKey)(r)
+}
+
+type dsaPublicKey dsa.PublicKey
+
+func (k *dsaPublicKey) Type() string {
+	return "ssh-dss"
+}
+
+func checkDSAParams(param *dsa.Parameters) error {
+	// SSH specifies FIPS 186-2, which only provided a single size
+	// (1024 bits) DSA key. FIPS 186-3 allows for larger key
+	// sizes, which would confuse SSH.
+	if l := param.P.BitLen(); l != 1024 {
+		return fmt.Errorf("ssh: unsupported DSA key size %d", l)
+	}
+
+	return nil
+}
+
+// parseDSA parses an DSA key according to RFC 4253, section 6.6.
+func parseDSA(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		P, Q, G, Y *big.Int
+		Rest       []byte `ssh:"rest"`
+	}
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	param := dsa.Parameters{
+		P: w.P,
+		Q: w.Q,
+		G: w.G,
+	}
+	if err := checkDSAParams(&param); err != nil {
+		return nil, nil, err
+	}
+
+	key := &dsaPublicKey{
+		Parameters: param,
+		Y:          w.Y,
+	}
+	return key, w.Rest, nil
+}
+
+func (k *dsaPublicKey) Marshal() []byte {
+	// DSA publickey struct layout should match the struct used by
+	// parseDSACert in the x/crypto/ssh/agent package.
+	w := struct {
+		Name       string
+		P, Q, G, Y *big.Int
+	}{
+		k.Type(),
+		k.P,
+		k.Q,
+		k.G,
+		k.Y,
+	}
+
+	return Marshal(&w)
+}
+
+func (k *dsaPublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+	h := crypto.SHA1.New()
+	h.Write(data)
+	digest := h.Sum(nil)
+
+	// Per RFC 4253, section 6.6,
+	// The value for 'dss_signature_blob' is encoded as a string containing
+	// r, followed by s (which are 160-bit integers, without lengths or
+	// padding, unsigned, and in network byte order).
+	// For DSS purposes, sig.Blob should be exactly 40 bytes in length.
+	if len(sig.Blob) != 40 {
+		return errors.New("ssh: DSA signature parse error")
+	}
+	r := new(big.Int).SetBytes(sig.Blob[:20])
+	s := new(big.Int).SetBytes(sig.Blob[20:])
+	if dsa.Verify((*dsa.PublicKey)(k), digest, r, s) {
+		return nil
+	}
+	return errors.New("ssh: signature did not verify")
+}
+
+func (k *dsaPublicKey) CryptoPublicKey() crypto.PublicKey {
+	return (*dsa.PublicKey)(k)
+}
+
+type dsaPrivateKey struct {
+	*dsa.PrivateKey
+}
+
+func (k *dsaPrivateKey) PublicKey() PublicKey {
+	return (*dsaPublicKey)(&k.PrivateKey.PublicKey)
+}
+
+func (k *dsaPrivateKey) Sign(rand io.Reader, data []byte) (*Signature, error) {
+	return k.SignWithAlgorithm(rand, data, "")
+}
+
+func (k *dsaPrivateKey) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
+	if algorithm != "" && algorithm != k.PublicKey().Type() {
+		return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
+	}
+
+	h := crypto.SHA1.New()
+	h.Write(data)
+	digest := h.Sum(nil)
+	r, s, err := dsa.Sign(rand, k.PrivateKey, digest)
+	if err != nil {
+		return nil, err
+	}
+
+	sig := make([]byte, 40)
+	rb := r.Bytes()
+	sb := s.Bytes()
+
+	copy(sig[20-len(rb):20], rb)
+	copy(sig[40-len(sb):], sb)
+
+	return &Signature{
+		Format: k.PublicKey().Type(),
+		Blob:   sig,
+	}, nil
+}
+
+type ecdsaPublicKey ecdsa.PublicKey
+
+func (k *ecdsaPublicKey) Type() string {
+	return "ecdsa-sha2-" + k.nistID()
+}
+
+func (k *ecdsaPublicKey) nistID() string {
+	switch k.Params().BitSize {
+	case 256:
+		return "nistp256"
+	case 384:
+		return "nistp384"
+	case 521:
+		return "nistp521"
+	}
+	panic("ssh: unsupported ecdsa key size")
+}
+
+type ed25519PublicKey ed25519.PublicKey
+
+func (k ed25519PublicKey) Type() string {
+	return KeyAlgoED25519
+}
+
+func parseED25519(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		KeyBytes []byte
+		Rest     []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
+		return nil, nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
+
+	return ed25519PublicKey(w.KeyBytes), w.Rest, nil
+}
+
+func (k ed25519PublicKey) Marshal() []byte {
+	w := struct {
+		Name     string
+		KeyBytes []byte
+	}{
+		KeyAlgoED25519,
+		[]byte(k),
+	}
+	return Marshal(&w)
+}
+
+func (k ed25519PublicKey) Verify(b []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+	if l := len(k); l != ed25519.PublicKeySize {
+		return fmt.Errorf("ssh: invalid size %d for Ed25519 public key", l)
+	}
+
+	if ok := ed25519.Verify(ed25519.PublicKey(k), b, sig.Blob); !ok {
+		return errors.New("ssh: signature did not verify")
+	}
+
+	return nil
+}
+
+func (k ed25519PublicKey) CryptoPublicKey() crypto.PublicKey {
+	return ed25519.PublicKey(k)
+}
+
+func supportedEllipticCurve(curve elliptic.Curve) bool {
+	return curve == elliptic.P256() || curve == elliptic.P384() || curve == elliptic.P521()
+}
+
+// ecHash returns the hash to match the given elliptic curve, see RFC
+// 5656, section 6.2.1
+func ecHash(curve elliptic.Curve) crypto.Hash {
+	bitSize := curve.Params().BitSize
+	switch {
+	case bitSize <= 256:
+		return crypto.SHA256
+	case bitSize <= 384:
+		return crypto.SHA384
+	}
+	return crypto.SHA512
+}
+
+// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
+func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		Curve    string
+		KeyBytes []byte
+		Rest     []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	key := new(ecdsa.PublicKey)
+
+	switch w.Curve {
+	case "nistp256":
+		key.Curve = elliptic.P256()
+	case "nistp384":
+		key.Curve = elliptic.P384()
+	case "nistp521":
+		key.Curve = elliptic.P521()
+	default:
+		return nil, nil, errors.New("ssh: unsupported curve")
+	}
+
+	key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
+	if key.X == nil || key.Y == nil {
+		return nil, nil, errors.New("ssh: invalid curve point")
+	}
+	return (*ecdsaPublicKey)(key), w.Rest, nil
+}
+
+func (k *ecdsaPublicKey) Marshal() []byte {
+	// See RFC 5656, section 3.1.
+	keyBytes := elliptic.Marshal(k.Curve, k.X, k.Y)
+	// ECDSA publickey struct layout should match the struct used by
+	// parseECDSACert in the x/crypto/ssh/agent package.
+	w := struct {
+		Name string
+		ID   string
+		Key  []byte
+	}{
+		k.Type(),
+		k.nistID(),
+		keyBytes,
+	}
+
+	return Marshal(&w)
+}
+
+func (k *ecdsaPublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+
+	h := ecHash(k.Curve).New()
+	h.Write(data)
+	digest := h.Sum(nil)
+
+	// Per RFC 5656, section 3.1.2,
+	// The ecdsa_signature_blob value has the following specific encoding:
+	//    mpint    r
+	//    mpint    s
+	var ecSig struct {
+		R *big.Int
+		S *big.Int
+	}
+
+	if err := Unmarshal(sig.Blob, &ecSig); err != nil {
+		return err
+	}
+
+	if ecdsa.Verify((*ecdsa.PublicKey)(k), digest, ecSig.R, ecSig.S) {
+		return nil
+	}
+	return errors.New("ssh: signature did not verify")
+}
+
+func (k *ecdsaPublicKey) CryptoPublicKey() crypto.PublicKey {
+	return (*ecdsa.PublicKey)(k)
+}
+
+// skFields holds the additional fields present in U2F/FIDO2 signatures.
+// See openssh/PROTOCOL.u2f 'SSH U2F Signatures' for details.
+type skFields struct {
+	// Flags contains U2F/FIDO2 flags such as 'user present'
+	Flags byte
+	// Counter is a monotonic signature counter which can be
+	// used to detect concurrent use of a private key, should
+	// it be extracted from hardware.
+	Counter uint32
+}
+
+type skECDSAPublicKey struct {
+	// application is a URL-like string, typically "ssh:" for SSH.
+	// see openssh/PROTOCOL.u2f for details.
+	application string
+	ecdsa.PublicKey
+}
+
+func (k *skECDSAPublicKey) Type() string {
+	return KeyAlgoSKECDSA256
+}
+
+func (k *skECDSAPublicKey) nistID() string {
+	return "nistp256"
+}
+
+func parseSKECDSA(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		Curve       string
+		KeyBytes    []byte
+		Application string
+		Rest        []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	key := new(skECDSAPublicKey)
+	key.application = w.Application
+
+	if w.Curve != "nistp256" {
+		return nil, nil, errors.New("ssh: unsupported curve")
+	}
+	key.Curve = elliptic.P256()
+
+	key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
+	if key.X == nil || key.Y == nil {
+		return nil, nil, errors.New("ssh: invalid curve point")
+	}
+
+	return key, w.Rest, nil
+}
+
+func (k *skECDSAPublicKey) Marshal() []byte {
+	// See RFC 5656, section 3.1.
+	keyBytes := elliptic.Marshal(k.Curve, k.X, k.Y)
+	w := struct {
+		Name        string
+		ID          string
+		Key         []byte
+		Application string
+	}{
+		k.Type(),
+		k.nistID(),
+		keyBytes,
+		k.application,
+	}
+
+	return Marshal(&w)
+}
+
+func (k *skECDSAPublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+
+	h := ecHash(k.Curve).New()
+	h.Write([]byte(k.application))
+	appDigest := h.Sum(nil)
+
+	h.Reset()
+	h.Write(data)
+	dataDigest := h.Sum(nil)
+
+	var ecSig struct {
+		R *big.Int
+		S *big.Int
+	}
+	if err := Unmarshal(sig.Blob, &ecSig); err != nil {
+		return err
+	}
+
+	var skf skFields
+	if err := Unmarshal(sig.Rest, &skf); err != nil {
+		return err
+	}
+
+	blob := struct {
+		ApplicationDigest []byte `ssh:"rest"`
+		Flags             byte
+		Counter           uint32
+		MessageDigest     []byte `ssh:"rest"`
+	}{
+		appDigest,
+		skf.Flags,
+		skf.Counter,
+		dataDigest,
+	}
+
+	original := Marshal(blob)
+
+	h.Reset()
+	h.Write(original)
+	digest := h.Sum(nil)
+
+	if ecdsa.Verify((*ecdsa.PublicKey)(&k.PublicKey), digest, ecSig.R, ecSig.S) {
+		return nil
+	}
+	return errors.New("ssh: signature did not verify")
+}
+
+type skEd25519PublicKey struct {
+	// application is a URL-like string, typically "ssh:" for SSH.
+	// see openssh/PROTOCOL.u2f for details.
+	application string
+	ed25519.PublicKey
+}
+
+func (k *skEd25519PublicKey) Type() string {
+	return KeyAlgoSKED25519
+}
+
+func parseSKEd25519(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		KeyBytes    []byte
+		Application string
+		Rest        []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
+		return nil, nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
+
+	key := new(skEd25519PublicKey)
+	key.application = w.Application
+	key.PublicKey = ed25519.PublicKey(w.KeyBytes)
+
+	return key, w.Rest, nil
+}
+
+func (k *skEd25519PublicKey) Marshal() []byte {
+	w := struct {
+		Name        string
+		KeyBytes    []byte
+		Application string
+	}{
+		KeyAlgoSKED25519,
+		[]byte(k.PublicKey),
+		k.application,
+	}
+	return Marshal(&w)
+}
+
+func (k *skEd25519PublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+	if l := len(k.PublicKey); l != ed25519.PublicKeySize {
+		return fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
+
+	h := sha256.New()
+	h.Write([]byte(k.application))
+	appDigest := h.Sum(nil)
+
+	h.Reset()
+	h.Write(data)
+	dataDigest := h.Sum(nil)
+
+	var edSig struct {
+		Signature []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(sig.Blob, &edSig); err != nil {
+		return err
+	}
+
+	var skf skFields
+	if err := Unmarshal(sig.Rest, &skf); err != nil {
+		return err
+	}
+
+	blob := struct {
+		ApplicationDigest []byte `ssh:"rest"`
+		Flags             byte
+		Counter           uint32
+		MessageDigest     []byte `ssh:"rest"`
+	}{
+		appDigest,
+		skf.Flags,
+		skf.Counter,
+		dataDigest,
+	}
+
+	original := Marshal(blob)
+
+	if ok := ed25519.Verify(k.PublicKey, original, edSig.Signature); !ok {
+		return errors.New("ssh: signature did not verify")
+	}
+
+	return nil
+}
+
+// NewSignerFromKey takes an *rsa.PrivateKey, *dsa.PrivateKey,
+// *ecdsa.PrivateKey or any other crypto.Signer and returns a
+// corresponding Signer instance. ECDSA keys must use P-256, P-384 or
+// P-521. DSA keys must use parameter size L1024N160.
+func NewSignerFromKey(key interface{}) (Signer, error) {
+	switch key := key.(type) {
+	case crypto.Signer:
+		return NewSignerFromSigner(key)
+	case *dsa.PrivateKey:
+		return newDSAPrivateKey(key)
+	default:
+		return nil, fmt.Errorf("ssh: unsupported key type %T", key)
+	}
+}
+
+func newDSAPrivateKey(key *dsa.PrivateKey) (Signer, error) {
+	if err := checkDSAParams(&key.PublicKey.Parameters); err != nil {
+		return nil, err
+	}
+
+	return &dsaPrivateKey{key}, nil
+}
+
+type wrappedSigner struct {
+	signer crypto.Signer
+	pubKey PublicKey
+}
+
+// NewSignerFromSigner takes any crypto.Signer implementation and
+// returns a corresponding Signer interface. This can be used, for
+// example, with keys kept in hardware modules.
+func NewSignerFromSigner(signer crypto.Signer) (Signer, error) {
+	pubKey, err := NewPublicKey(signer.Public())
+	if err != nil {
+		return nil, err
+	}
+
+	return &wrappedSigner{signer, pubKey}, nil
+}
+
+func (s *wrappedSigner) PublicKey() PublicKey {
+	return s.pubKey
+}
+
+func (s *wrappedSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
+	return s.SignWithAlgorithm(rand, data, "")
+}
+
+func (s *wrappedSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
+	var hashFunc crypto.Hash
+
+	if _, ok := s.pubKey.(*rsaPublicKey); ok {
+		// RSA keys support a few hash functions determined by the requested signature algorithm
+		switch algorithm {
+		case "", SigAlgoRSA:
+			algorithm = SigAlgoRSA
+			hashFunc = crypto.SHA1
+		case SigAlgoRSASHA2256:
+			hashFunc = crypto.SHA256
+		case SigAlgoRSASHA2512:
+			hashFunc = crypto.SHA512
+		default:
+			return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
+		}
+	} else {
+		// The only supported algorithm for all other key types is the same as the type of the key
+		if algorithm == "" {
+			algorithm = s.pubKey.Type()
+		} else if algorithm != s.pubKey.Type() {
+			return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
+		}
+
+		switch key := s.pubKey.(type) {
+		case *dsaPublicKey:
+			hashFunc = crypto.SHA1
+		case *ecdsaPublicKey:
+			hashFunc = ecHash(key.Curve)
+		case ed25519PublicKey:
+		default:
+			return nil, fmt.Errorf("ssh: unsupported key type %T", key)
+		}
+	}
+
+	var digest []byte
+	if hashFunc != 0 {
+		h := hashFunc.New()
+		h.Write(data)
+		digest = h.Sum(nil)
+	} else {
+		digest = data
+	}
+
+	signature, err := s.signer.Sign(rand, digest, hashFunc)
+	if err != nil {
+		return nil, err
+	}
+
+	// crypto.Signer.Sign is expected to return an ASN.1-encoded signature
+	// for ECDSA and DSA, but that's not the encoding expected by SSH, so
+	// re-encode.
+	switch s.pubKey.(type) {
+	case *ecdsaPublicKey, *dsaPublicKey:
+		type asn1Signature struct {
+			R, S *big.Int
+		}
+		asn1Sig := new(asn1Signature)
+		_, err := asn1.Unmarshal(signature, asn1Sig)
+		if err != nil {
+			return nil, err
+		}
+
+		switch s.pubKey.(type) {
+		case *ecdsaPublicKey:
+			signature = Marshal(asn1Sig)
+
+		case *dsaPublicKey:
+			signature = make([]byte, 40)
+			r := asn1Sig.R.Bytes()
+			s := asn1Sig.S.Bytes()
+			copy(signature[20-len(r):20], r)
+			copy(signature[40-len(s):40], s)
+		}
+	}
+
+	return &Signature{
+		Format: algorithm,
+		Blob:   signature,
+	}, nil
+}
+
+// NewPublicKey takes an *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey,
+// or ed25519.PublicKey returns a corresponding PublicKey instance.
+// ECDSA keys must use P-256, P-384 or P-521.
+func NewPublicKey(key interface{}) (PublicKey, error) {
+	switch key := key.(type) {
+	case *rsa.PublicKey:
+		return (*rsaPublicKey)(key), nil
+	case *ecdsa.PublicKey:
+		if !supportedEllipticCurve(key.Curve) {
+			return nil, errors.New("ssh: only P-256, P-384 and P-521 EC keys are supported")
+		}
+		return (*ecdsaPublicKey)(key), nil
+	case *dsa.PublicKey:
+		return (*dsaPublicKey)(key), nil
+	case ed25519.PublicKey:
+		if l := len(key); l != ed25519.PublicKeySize {
+			return nil, fmt.Errorf("ssh: invalid size %d for Ed25519 public key", l)
+		}
+		return ed25519PublicKey(key), nil
+	default:
+		return nil, fmt.Errorf("ssh: unsupported key type %T", key)
+	}
+}
+
+// ParsePrivateKey returns a Signer from a PEM encoded private key. It supports
+// the same keys as ParseRawPrivateKey. If the private key is encrypted, it
+// will return a PassphraseMissingError.
+func ParsePrivateKey(pemBytes []byte) (Signer, error) {
+	key, err := ParseRawPrivateKey(pemBytes)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewSignerFromKey(key)
+}
+
+// ParsePrivateKeyWithPassphrase returns a Signer from a PEM encoded private
+// key and passphrase. It supports the same keys as
+// ParseRawPrivateKeyWithPassphrase.
+func ParsePrivateKeyWithPassphrase(pemBytes, passphrase []byte) (Signer, error) {
+	key, err := ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewSignerFromKey(key)
+}
+
+// encryptedBlock tells whether a private key is
+// encrypted by examining its Proc-Type header
+// for a mention of ENCRYPTED
+// according to RFC 1421 Section 4.6.1.1.
+func encryptedBlock(block *pem.Block) bool {
+	return strings.Contains(block.Headers["Proc-Type"], "ENCRYPTED")
+}
+
+// A PassphraseMissingError indicates that parsing this private key requires a
+// passphrase. Use ParsePrivateKeyWithPassphrase.
+type PassphraseMissingError struct {
+	// PublicKey will be set if the private key format includes an unencrypted
+	// public key along with the encrypted private key.
+	PublicKey PublicKey
+}
+
+func (*PassphraseMissingError) Error() string {
+	return "ssh: this private key is passphrase protected"
+}
+
+// ParseRawPrivateKey returns a private key from a PEM encoded private key. It
+// supports RSA (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys. If the
+// private key is encrypted, it will return a PassphraseMissingError.
+func ParseRawPrivateKey(pemBytes []byte) (interface{}, error) {
+	block, _ := pem.Decode(pemBytes)
+	if block == nil {
+		return nil, errors.New("ssh: no key found")
+	}
+
+	if encryptedBlock(block) {
+		return nil, &PassphraseMissingError{}
+	}
+
+	switch block.Type {
+	case "RSA PRIVATE KEY":
+		return x509.ParsePKCS1PrivateKey(block.Bytes)
+	// RFC5208 - https://tools.ietf.org/html/rfc5208
+	case "PRIVATE KEY":
+		return x509.ParsePKCS8PrivateKey(block.Bytes)
+	case "EC PRIVATE KEY":
+		return x509.ParseECPrivateKey(block.Bytes)
+	case "DSA PRIVATE KEY":
+		return ParseDSAPrivateKey(block.Bytes)
+	case "OPENSSH PRIVATE KEY":
+		return parseOpenSSHPrivateKey(block.Bytes, unencryptedOpenSSHKey)
+	default:
+		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
+	}
+}
+
+// ParseRawPrivateKeyWithPassphrase returns a private key decrypted with
+// passphrase from a PEM encoded private key. If the passphrase is wrong, it
+// will return x509.IncorrectPasswordError.
+func ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase []byte) (interface{}, error) {
+	block, _ := pem.Decode(pemBytes)
+	if block == nil {
+		return nil, errors.New("ssh: no key found")
+	}
+
+	if block.Type == "OPENSSH PRIVATE KEY" {
+		return parseOpenSSHPrivateKey(block.Bytes, passphraseProtectedOpenSSHKey(passphrase))
+	}
+
+	if !encryptedBlock(block) || !x509.IsEncryptedPEMBlock(block) {
+		return nil, errors.New("ssh: not an encrypted key")
+	}
+
+	buf, err := x509.DecryptPEMBlock(block, passphrase)
+	if err != nil {
+		if err == x509.IncorrectPasswordError {
+			return nil, err
+		}
+		return nil, fmt.Errorf("ssh: cannot decode encrypted private keys: %v", err)
+	}
+
+	switch block.Type {
+	case "RSA PRIVATE KEY":
+		return x509.ParsePKCS1PrivateKey(buf)
+	case "EC PRIVATE KEY":
+		return x509.ParseECPrivateKey(buf)
+	case "DSA PRIVATE KEY":
+		return ParseDSAPrivateKey(buf)
+	default:
+		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
+	}
+}
+
+// ParseDSAPrivateKey returns a DSA private key from its ASN.1 DER encoding, as
+// specified by the OpenSSL DSA man page.
+func ParseDSAPrivateKey(der []byte) (*dsa.PrivateKey, error) {
+	var k struct {
+		Version int
+		P       *big.Int
+		Q       *big.Int
+		G       *big.Int
+		Pub     *big.Int
+		Priv    *big.Int
+	}
+	rest, err := asn1.Unmarshal(der, &k)
+	if err != nil {
+		return nil, errors.New("ssh: failed to parse DSA key: " + err.Error())
+	}
+	if len(rest) > 0 {
+		return nil, errors.New("ssh: garbage after DSA key")
+	}
+
+	return &dsa.PrivateKey{
+		PublicKey: dsa.PublicKey{
+			Parameters: dsa.Parameters{
+				P: k.P,
+				Q: k.Q,
+				G: k.G,
+			},
+			Y: k.Pub,
+		},
+		X: k.Priv,
+	}, nil
+}
+
+func unencryptedOpenSSHKey(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {
+	if kdfName != "none" || cipherName != "none" {
+		return nil, &PassphraseMissingError{}
+	}
+	if kdfOpts != "" {
+		return nil, errors.New("ssh: invalid openssh private key")
+	}
+	return privKeyBlock, nil
+}
+
+func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc {
+	return func(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {
+		if kdfName == "none" || cipherName == "none" {
+			return nil, errors.New("ssh: key is not password protected")
+		}
+		if kdfName != "bcrypt" {
+			return nil, fmt.Errorf("ssh: unknown KDF %q, only supports %q", kdfName, "bcrypt")
+		}
+
+		var opts struct {
+			Salt   string
+			Rounds uint32
+		}
+		if err := Unmarshal([]byte(kdfOpts), &opts); err != nil {
+			return nil, err
+		}
+
+		k, err := bcrypt_pbkdf.Key(passphrase, []byte(opts.Salt), int(opts.Rounds), 32+16)
+		if err != nil {
+			return nil, err
+		}
+		key, iv := k[:32], k[32:]
+
+		c, err := aes.NewCipher(key)
+		if err != nil {
+			return nil, err
+		}
+		switch cipherName {
+		case "aes256-ctr":
+			ctr := cipher.NewCTR(c, iv)
+			ctr.XORKeyStream(privKeyBlock, privKeyBlock)
+		case "aes256-cbc":
+			if len(privKeyBlock)%c.BlockSize() != 0 {
+				return nil, fmt.Errorf("ssh: invalid encrypted private key length, not a multiple of the block size")
+			}
+			cbc := cipher.NewCBCDecrypter(c, iv)
+			cbc.CryptBlocks(privKeyBlock, privKeyBlock)
+		default:
+			return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q or %q", cipherName, "aes256-ctr", "aes256-cbc")
+		}
+
+		return privKeyBlock, nil
+	}
+}
+
+type openSSHDecryptFunc func(CipherName, KdfName, KdfOpts string, PrivKeyBlock []byte) ([]byte, error)
+
+// parseOpenSSHPrivateKey parses an OpenSSH private key, using the decrypt
+// function to unwrap the encrypted portion. unencryptedOpenSSHKey can be used
+// as the decrypt function to parse an unencrypted private key. See
+// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key.
+func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.PrivateKey, error) {
+	const magic = "openssh-key-v1\x00"
+	if len(key) < len(magic) || string(key[:len(magic)]) != magic {
+		return nil, errors.New("ssh: invalid openssh private key format")
+	}
+	remaining := key[len(magic):]
+
+	var w struct {
+		CipherName   string
+		KdfName      string
+		KdfOpts      string
+		NumKeys      uint32
+		PubKey       []byte
+		PrivKeyBlock []byte
+	}
+
+	if err := Unmarshal(remaining, &w); err != nil {
+		return nil, err
+	}
+	if w.NumKeys != 1 {
+		// We only support single key files, and so does OpenSSH.
+		// https://github.com/openssh/openssh-portable/blob/4103a3ec7/sshkey.c#L4171
+		return nil, errors.New("ssh: multi-key files are not supported")
+	}
+
+	privKeyBlock, err := decrypt(w.CipherName, w.KdfName, w.KdfOpts, w.PrivKeyBlock)
+	if err != nil {
+		if err, ok := err.(*PassphraseMissingError); ok {
+			pub, errPub := ParsePublicKey(w.PubKey)
+			if errPub != nil {
+				return nil, fmt.Errorf("ssh: failed to parse embedded public key: %v", errPub)
+			}
+			err.PublicKey = pub
+		}
+		return nil, err
+	}
+
+	pk1 := struct {
+		Check1  uint32
+		Check2  uint32
+		Keytype string
+		Rest    []byte `ssh:"rest"`
+	}{}
+
+	if err := Unmarshal(privKeyBlock, &pk1); err != nil || pk1.Check1 != pk1.Check2 {
+		if w.CipherName != "none" {
+			return nil, x509.IncorrectPasswordError
+		}
+		return nil, errors.New("ssh: malformed OpenSSH key")
+	}
+
+	switch pk1.Keytype {
+	case KeyAlgoRSA:
+		// https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L2760-L2773
+		key := struct {
+			N       *big.Int
+			E       *big.Int
+			D       *big.Int
+			Iqmp    *big.Int
+			P       *big.Int
+			Q       *big.Int
+			Comment string
+			Pad     []byte `ssh:"rest"`
+		}{}
+
+		if err := Unmarshal(pk1.Rest, &key); err != nil {
+			return nil, err
+		}
+
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
+		}
+
+		pk := &rsa.PrivateKey{
+			PublicKey: rsa.PublicKey{
+				N: key.N,
+				E: int(key.E.Int64()),
+			},
+			D:      key.D,
+			Primes: []*big.Int{key.P, key.Q},
+		}
+
+		if err := pk.Validate(); err != nil {
+			return nil, err
+		}
+
+		pk.Precompute()
+
+		return pk, nil
+	case KeyAlgoED25519:
+		key := struct {
+			Pub     []byte
+			Priv    []byte
+			Comment string
+			Pad     []byte `ssh:"rest"`
+		}{}
+
+		if err := Unmarshal(pk1.Rest, &key); err != nil {
+			return nil, err
+		}
+
+		if len(key.Priv) != ed25519.PrivateKeySize {
+			return nil, errors.New("ssh: private key unexpected length")
+		}
+
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
+		}
+
+		pk := ed25519.PrivateKey(make([]byte, ed25519.PrivateKeySize))
+		copy(pk, key.Priv)
+		return &pk, nil
+	case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
+		key := struct {
+			Curve   string
+			Pub     []byte
+			D       *big.Int
+			Comment string
+			Pad     []byte `ssh:"rest"`
+		}{}
+
+		if err := Unmarshal(pk1.Rest, &key); err != nil {
+			return nil, err
+		}
+
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
+		}
+
+		var curve elliptic.Curve
+		switch key.Curve {
+		case "nistp256":
+			curve = elliptic.P256()
+		case "nistp384":
+			curve = elliptic.P384()
+		case "nistp521":
+			curve = elliptic.P521()
+		default:
+			return nil, errors.New("ssh: unhandled elliptic curve: " + key.Curve)
+		}
+
+		X, Y := elliptic.Unmarshal(curve, key.Pub)
+		if X == nil || Y == nil {
+			return nil, errors.New("ssh: failed to unmarshal public key")
+		}
+
+		if key.D.Cmp(curve.Params().N) >= 0 {
+			return nil, errors.New("ssh: scalar is out of range")
+		}
+
+		x, y := curve.ScalarBaseMult(key.D.Bytes())
+		if x.Cmp(X) != 0 || y.Cmp(Y) != 0 {
+			return nil, errors.New("ssh: public key does not match private key")
+		}
+
+		return &ecdsa.PrivateKey{
+			PublicKey: ecdsa.PublicKey{
+				Curve: curve,
+				X:     X,
+				Y:     Y,
+			},
+			D: key.D,
+		}, nil
+	default:
+		return nil, errors.New("ssh: unhandled key type")
+	}
+}
+
+func checkOpenSSHKeyPadding(pad []byte) error {
+	for i, b := range pad {
+		if int(b) != i+1 {
+			return errors.New("ssh: padding not as expected")
+		}
+	}
+	return nil
+}
+
+// FingerprintLegacyMD5 returns the user presentation of the key's
+// fingerprint as described by RFC 4716 section 4.
+func FingerprintLegacyMD5(pubKey PublicKey) string {
+	md5sum := md5.Sum(pubKey.Marshal())
+	hexarray := make([]string, len(md5sum))
+	for i, c := range md5sum {
+		hexarray[i] = hex.EncodeToString([]byte{c})
+	}
+	return strings.Join(hexarray, ":")
+}
+
+// FingerprintSHA256 returns the user presentation of the key's
+// fingerprint as unpadded base64 encoded sha256 hash.
+// This format was introduced from OpenSSH 6.8.
+// https://www.openssh.com/txt/release-6.8
+// https://tools.ietf.org/html/rfc4648#section-3.2 (unpadded base64 encoding)
+func FingerprintSHA256(pubKey PublicKey) string {
+	sha256sum := sha256.Sum256(pubKey.Marshal())
+	hash := base64.RawStdEncoding.EncodeToString(sha256sum[:])
+	return "SHA256:" + hash
+}
diff --git a/vendor/golang.org/x/crypto/ssh/mac.go b/vendor/golang.org/x/crypto/ssh/mac.go
new file mode 100644
index 0000000000000..c07a06285e666
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/mac.go
@@ -0,0 +1,61 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+// Message authentication support
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"crypto/sha256"
+	"hash"
+)
+
+type macMode struct {
+	keySize int
+	etm     bool
+	new     func(key []byte) hash.Hash
+}
+
+// truncatingMAC wraps around a hash.Hash and truncates the output digest to
+// a given size.
+type truncatingMAC struct {
+	length int
+	hmac   hash.Hash
+}
+
+func (t truncatingMAC) Write(data []byte) (int, error) {
+	return t.hmac.Write(data)
+}
+
+func (t truncatingMAC) Sum(in []byte) []byte {
+	out := t.hmac.Sum(in)
+	return out[:len(in)+t.length]
+}
+
+func (t truncatingMAC) Reset() {
+	t.hmac.Reset()
+}
+
+func (t truncatingMAC) Size() int {
+	return t.length
+}
+
+func (t truncatingMAC) BlockSize() int { return t.hmac.BlockSize() }
+
+var macModes = map[string]*macMode{
+	"hmac-sha2-256-etm@openssh.com": {32, true, func(key []byte) hash.Hash {
+		return hmac.New(sha256.New, key)
+	}},
+	"hmac-sha2-256": {32, false, func(key []byte) hash.Hash {
+		return hmac.New(sha256.New, key)
+	}},
+	"hmac-sha1": {20, false, func(key []byte) hash.Hash {
+		return hmac.New(sha1.New, key)
+	}},
+	"hmac-sha1-96": {20, false, func(key []byte) hash.Hash {
+		return truncatingMAC{12, hmac.New(sha1.New, key)}
+	}},
+}
diff --git a/vendor/golang.org/x/crypto/ssh/messages.go b/vendor/golang.org/x/crypto/ssh/messages.go
new file mode 100644
index 0000000000000..ac41a4168bfe3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/messages.go
@@ -0,0 +1,866 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"math/big"
+	"reflect"
+	"strconv"
+	"strings"
+)
+
+// These are SSH message type numbers. They are scattered around several
+// documents but many were taken from [SSH-PARAMETERS].
+const (
+	msgIgnore        = 2
+	msgUnimplemented = 3
+	msgDebug         = 4
+	msgNewKeys       = 21
+)
+
+// SSH messages:
+//
+// These structures mirror the wire format of the corresponding SSH messages.
+// They are marshaled using reflection with the marshal and unmarshal functions
+// in this file. The only wrinkle is that a final member of type []byte with a
+// ssh tag of "rest" receives the remainder of a packet when unmarshaling.
+
+// See RFC 4253, section 11.1.
+const msgDisconnect = 1
+
+// disconnectMsg is the message that signals a disconnect. It is also
+// the error type returned from mux.Wait()
+type disconnectMsg struct {
+	Reason   uint32 `sshtype:"1"`
+	Message  string
+	Language string
+}
+
+func (d *disconnectMsg) Error() string {
+	return fmt.Sprintf("ssh: disconnect, reason %d: %s", d.Reason, d.Message)
+}
+
+// See RFC 4253, section 7.1.
+const msgKexInit = 20
+
+type kexInitMsg struct {
+	Cookie                  [16]byte `sshtype:"20"`
+	KexAlgos                []string
+	ServerHostKeyAlgos      []string
+	CiphersClientServer     []string
+	CiphersServerClient     []string
+	MACsClientServer        []string
+	MACsServerClient        []string
+	CompressionClientServer []string
+	CompressionServerClient []string
+	LanguagesClientServer   []string
+	LanguagesServerClient   []string
+	FirstKexFollows         bool
+	Reserved                uint32
+}
+
+// See RFC 4253, section 8.
+
+// Diffie-Helman
+const msgKexDHInit = 30
+
+type kexDHInitMsg struct {
+	X *big.Int `sshtype:"30"`
+}
+
+const msgKexECDHInit = 30
+
+type kexECDHInitMsg struct {
+	ClientPubKey []byte `sshtype:"30"`
+}
+
+const msgKexECDHReply = 31
+
+type kexECDHReplyMsg struct {
+	HostKey         []byte `sshtype:"31"`
+	EphemeralPubKey []byte
+	Signature       []byte
+}
+
+const msgKexDHReply = 31
+
+type kexDHReplyMsg struct {
+	HostKey   []byte `sshtype:"31"`
+	Y         *big.Int
+	Signature []byte
+}
+
+// See RFC 4419, section 5.
+const msgKexDHGexGroup = 31
+
+type kexDHGexGroupMsg struct {
+	P *big.Int `sshtype:"31"`
+	G *big.Int
+}
+
+const msgKexDHGexInit = 32
+
+type kexDHGexInitMsg struct {
+	X *big.Int `sshtype:"32"`
+}
+
+const msgKexDHGexReply = 33
+
+type kexDHGexReplyMsg struct {
+	HostKey   []byte `sshtype:"33"`
+	Y         *big.Int
+	Signature []byte
+}
+
+const msgKexDHGexRequest = 34
+
+type kexDHGexRequestMsg struct {
+	MinBits      uint32 `sshtype:"34"`
+	PreferedBits uint32
+	MaxBits      uint32
+}
+
+// See RFC 4253, section 10.
+const msgServiceRequest = 5
+
+type serviceRequestMsg struct {
+	Service string `sshtype:"5"`
+}
+
+// See RFC 4253, section 10.
+const msgServiceAccept = 6
+
+type serviceAcceptMsg struct {
+	Service string `sshtype:"6"`
+}
+
+// See RFC 4252, section 5.
+const msgUserAuthRequest = 50
+
+type userAuthRequestMsg struct {
+	User    string `sshtype:"50"`
+	Service string
+	Method  string
+	Payload []byte `ssh:"rest"`
+}
+
+// Used for debug printouts of packets.
+type userAuthSuccessMsg struct {
+}
+
+// See RFC 4252, section 5.1
+const msgUserAuthFailure = 51
+
+type userAuthFailureMsg struct {
+	Methods        []string `sshtype:"51"`
+	PartialSuccess bool
+}
+
+// See RFC 4252, section 5.1
+const msgUserAuthSuccess = 52
+
+// See RFC 4252, section 5.4
+const msgUserAuthBanner = 53
+
+type userAuthBannerMsg struct {
+	Message string `sshtype:"53"`
+	// unused, but required to allow message parsing
+	Language string
+}
+
+// See RFC 4256, section 3.2
+const msgUserAuthInfoRequest = 60
+const msgUserAuthInfoResponse = 61
+
+type userAuthInfoRequestMsg struct {
+	User               string `sshtype:"60"`
+	Instruction        string
+	DeprecatedLanguage string
+	NumPrompts         uint32
+	Prompts            []byte `ssh:"rest"`
+}
+
+// See RFC 4254, section 5.1.
+const msgChannelOpen = 90
+
+type channelOpenMsg struct {
+	ChanType         string `sshtype:"90"`
+	PeersID          uint32
+	PeersWindow      uint32
+	MaxPacketSize    uint32
+	TypeSpecificData []byte `ssh:"rest"`
+}
+
+const msgChannelExtendedData = 95
+const msgChannelData = 94
+
+// Used for debug print outs of packets.
+type channelDataMsg struct {
+	PeersID uint32 `sshtype:"94"`
+	Length  uint32
+	Rest    []byte `ssh:"rest"`
+}
+
+// See RFC 4254, section 5.1.
+const msgChannelOpenConfirm = 91
+
+type channelOpenConfirmMsg struct {
+	PeersID          uint32 `sshtype:"91"`
+	MyID             uint32
+	MyWindow         uint32
+	MaxPacketSize    uint32
+	TypeSpecificData []byte `ssh:"rest"`
+}
+
+// See RFC 4254, section 5.1.
+const msgChannelOpenFailure = 92
+
+type channelOpenFailureMsg struct {
+	PeersID  uint32 `sshtype:"92"`
+	Reason   RejectionReason
+	Message  string
+	Language string
+}
+
+const msgChannelRequest = 98
+
+type channelRequestMsg struct {
+	PeersID             uint32 `sshtype:"98"`
+	Request             string
+	WantReply           bool
+	RequestSpecificData []byte `ssh:"rest"`
+}
+
+// See RFC 4254, section 5.4.
+const msgChannelSuccess = 99
+
+type channelRequestSuccessMsg struct {
+	PeersID uint32 `sshtype:"99"`
+}
+
+// See RFC 4254, section 5.4.
+const msgChannelFailure = 100
+
+type channelRequestFailureMsg struct {
+	PeersID uint32 `sshtype:"100"`
+}
+
+// See RFC 4254, section 5.3
+const msgChannelClose = 97
+
+type channelCloseMsg struct {
+	PeersID uint32 `sshtype:"97"`
+}
+
+// See RFC 4254, section 5.3
+const msgChannelEOF = 96
+
+type channelEOFMsg struct {
+	PeersID uint32 `sshtype:"96"`
+}
+
+// See RFC 4254, section 4
+const msgGlobalRequest = 80
+
+type globalRequestMsg struct {
+	Type      string `sshtype:"80"`
+	WantReply bool
+	Data      []byte `ssh:"rest"`
+}
+
+// See RFC 4254, section 4
+const msgRequestSuccess = 81
+
+type globalRequestSuccessMsg struct {
+	Data []byte `ssh:"rest" sshtype:"81"`
+}
+
+// See RFC 4254, section 4
+const msgRequestFailure = 82
+
+type globalRequestFailureMsg struct {
+	Data []byte `ssh:"rest" sshtype:"82"`
+}
+
+// See RFC 4254, section 5.2
+const msgChannelWindowAdjust = 93
+
+type windowAdjustMsg struct {
+	PeersID         uint32 `sshtype:"93"`
+	AdditionalBytes uint32
+}
+
+// See RFC 4252, section 7
+const msgUserAuthPubKeyOk = 60
+
+type userAuthPubKeyOkMsg struct {
+	Algo   string `sshtype:"60"`
+	PubKey []byte
+}
+
+// See RFC 4462, section 3
+const msgUserAuthGSSAPIResponse = 60
+
+type userAuthGSSAPIResponse struct {
+	SupportMech []byte `sshtype:"60"`
+}
+
+const msgUserAuthGSSAPIToken = 61
+
+type userAuthGSSAPIToken struct {
+	Token []byte `sshtype:"61"`
+}
+
+const msgUserAuthGSSAPIMIC = 66
+
+type userAuthGSSAPIMIC struct {
+	MIC []byte `sshtype:"66"`
+}
+
+// See RFC 4462, section 3.9
+const msgUserAuthGSSAPIErrTok = 64
+
+type userAuthGSSAPIErrTok struct {
+	ErrorToken []byte `sshtype:"64"`
+}
+
+// See RFC 4462, section 3.8
+const msgUserAuthGSSAPIError = 65
+
+type userAuthGSSAPIError struct {
+	MajorStatus uint32 `sshtype:"65"`
+	MinorStatus uint32
+	Message     string
+	LanguageTag string
+}
+
+// typeTags returns the possible type bytes for the given reflect.Type, which
+// should be a struct. The possible values are separated by a '|' character.
+func typeTags(structType reflect.Type) (tags []byte) {
+	tagStr := structType.Field(0).Tag.Get("sshtype")
+
+	for _, tag := range strings.Split(tagStr, "|") {
+		i, err := strconv.Atoi(tag)
+		if err == nil {
+			tags = append(tags, byte(i))
+		}
+	}
+
+	return tags
+}
+
+func fieldError(t reflect.Type, field int, problem string) error {
+	if problem != "" {
+		problem = ": " + problem
+	}
+	return fmt.Errorf("ssh: unmarshal error for field %s of type %s%s", t.Field(field).Name, t.Name(), problem)
+}
+
+var errShortRead = errors.New("ssh: short read")
+
+// Unmarshal parses data in SSH wire format into a structure. The out
+// argument should be a pointer to struct. If the first member of the
+// struct has the "sshtype" tag set to a '|'-separated set of numbers
+// in decimal, the packet must start with one of those numbers. In
+// case of error, Unmarshal returns a ParseError or
+// UnexpectedMessageError.
+func Unmarshal(data []byte, out interface{}) error {
+	v := reflect.ValueOf(out).Elem()
+	structType := v.Type()
+	expectedTypes := typeTags(structType)
+
+	var expectedType byte
+	if len(expectedTypes) > 0 {
+		expectedType = expectedTypes[0]
+	}
+
+	if len(data) == 0 {
+		return parseError(expectedType)
+	}
+
+	if len(expectedTypes) > 0 {
+		goodType := false
+		for _, e := range expectedTypes {
+			if e > 0 && data[0] == e {
+				goodType = true
+				break
+			}
+		}
+		if !goodType {
+			return fmt.Errorf("ssh: unexpected message type %d (expected one of %v)", data[0], expectedTypes)
+		}
+		data = data[1:]
+	}
+
+	var ok bool
+	for i := 0; i < v.NumField(); i++ {
+		field := v.Field(i)
+		t := field.Type()
+		switch t.Kind() {
+		case reflect.Bool:
+			if len(data) < 1 {
+				return errShortRead
+			}
+			field.SetBool(data[0] != 0)
+			data = data[1:]
+		case reflect.Array:
+			if t.Elem().Kind() != reflect.Uint8 {
+				return fieldError(structType, i, "array of unsupported type")
+			}
+			if len(data) < t.Len() {
+				return errShortRead
+			}
+			for j, n := 0, t.Len(); j < n; j++ {
+				field.Index(j).Set(reflect.ValueOf(data[j]))
+			}
+			data = data[t.Len():]
+		case reflect.Uint64:
+			var u64 uint64
+			if u64, data, ok = parseUint64(data); !ok {
+				return errShortRead
+			}
+			field.SetUint(u64)
+		case reflect.Uint32:
+			var u32 uint32
+			if u32, data, ok = parseUint32(data); !ok {
+				return errShortRead
+			}
+			field.SetUint(uint64(u32))
+		case reflect.Uint8:
+			if len(data) < 1 {
+				return errShortRead
+			}
+			field.SetUint(uint64(data[0]))
+			data = data[1:]
+		case reflect.String:
+			var s []byte
+			if s, data, ok = parseString(data); !ok {
+				return fieldError(structType, i, "")
+			}
+			field.SetString(string(s))
+		case reflect.Slice:
+			switch t.Elem().Kind() {
+			case reflect.Uint8:
+				if structType.Field(i).Tag.Get("ssh") == "rest" {
+					field.Set(reflect.ValueOf(data))
+					data = nil
+				} else {
+					var s []byte
+					if s, data, ok = parseString(data); !ok {
+						return errShortRead
+					}
+					field.Set(reflect.ValueOf(s))
+				}
+			case reflect.String:
+				var nl []string
+				if nl, data, ok = parseNameList(data); !ok {
+					return errShortRead
+				}
+				field.Set(reflect.ValueOf(nl))
+			default:
+				return fieldError(structType, i, "slice of unsupported type")
+			}
+		case reflect.Ptr:
+			if t == bigIntType {
+				var n *big.Int
+				if n, data, ok = parseInt(data); !ok {
+					return errShortRead
+				}
+				field.Set(reflect.ValueOf(n))
+			} else {
+				return fieldError(structType, i, "pointer to unsupported type")
+			}
+		default:
+			return fieldError(structType, i, fmt.Sprintf("unsupported type: %v", t))
+		}
+	}
+
+	if len(data) != 0 {
+		return parseError(expectedType)
+	}
+
+	return nil
+}
+
+// Marshal serializes the message in msg to SSH wire format.  The msg
+// argument should be a struct or pointer to struct. If the first
+// member has the "sshtype" tag set to a number in decimal, that
+// number is prepended to the result. If the last of member has the
+// "ssh" tag set to "rest", its contents are appended to the output.
+func Marshal(msg interface{}) []byte {
+	out := make([]byte, 0, 64)
+	return marshalStruct(out, msg)
+}
+
+func marshalStruct(out []byte, msg interface{}) []byte {
+	v := reflect.Indirect(reflect.ValueOf(msg))
+	msgTypes := typeTags(v.Type())
+	if len(msgTypes) > 0 {
+		out = append(out, msgTypes[0])
+	}
+
+	for i, n := 0, v.NumField(); i < n; i++ {
+		field := v.Field(i)
+		switch t := field.Type(); t.Kind() {
+		case reflect.Bool:
+			var v uint8
+			if field.Bool() {
+				v = 1
+			}
+			out = append(out, v)
+		case reflect.Array:
+			if t.Elem().Kind() != reflect.Uint8 {
+				panic(fmt.Sprintf("array of non-uint8 in field %d: %T", i, field.Interface()))
+			}
+			for j, l := 0, t.Len(); j < l; j++ {
+				out = append(out, uint8(field.Index(j).Uint()))
+			}
+		case reflect.Uint32:
+			out = appendU32(out, uint32(field.Uint()))
+		case reflect.Uint64:
+			out = appendU64(out, uint64(field.Uint()))
+		case reflect.Uint8:
+			out = append(out, uint8(field.Uint()))
+		case reflect.String:
+			s := field.String()
+			out = appendInt(out, len(s))
+			out = append(out, s...)
+		case reflect.Slice:
+			switch t.Elem().Kind() {
+			case reflect.Uint8:
+				if v.Type().Field(i).Tag.Get("ssh") != "rest" {
+					out = appendInt(out, field.Len())
+				}
+				out = append(out, field.Bytes()...)
+			case reflect.String:
+				offset := len(out)
+				out = appendU32(out, 0)
+				if n := field.Len(); n > 0 {
+					for j := 0; j < n; j++ {
+						f := field.Index(j)
+						if j != 0 {
+							out = append(out, ',')
+						}
+						out = append(out, f.String()...)
+					}
+					// overwrite length value
+					binary.BigEndian.PutUint32(out[offset:], uint32(len(out)-offset-4))
+				}
+			default:
+				panic(fmt.Sprintf("slice of unknown type in field %d: %T", i, field.Interface()))
+			}
+		case reflect.Ptr:
+			if t == bigIntType {
+				var n *big.Int
+				nValue := reflect.ValueOf(&n)
+				nValue.Elem().Set(field)
+				needed := intLength(n)
+				oldLength := len(out)
+
+				if cap(out)-len(out) < needed {
+					newOut := make([]byte, len(out), 2*(len(out)+needed))
+					copy(newOut, out)
+					out = newOut
+				}
+				out = out[:oldLength+needed]
+				marshalInt(out[oldLength:], n)
+			} else {
+				panic(fmt.Sprintf("pointer to unknown type in field %d: %T", i, field.Interface()))
+			}
+		}
+	}
+
+	return out
+}
+
+var bigOne = big.NewInt(1)
+
+func parseString(in []byte) (out, rest []byte, ok bool) {
+	if len(in) < 4 {
+		return
+	}
+	length := binary.BigEndian.Uint32(in)
+	in = in[4:]
+	if uint32(len(in)) < length {
+		return
+	}
+	out = in[:length]
+	rest = in[length:]
+	ok = true
+	return
+}
+
+var (
+	comma         = []byte{','}
+	emptyNameList = []string{}
+)
+
+func parseNameList(in []byte) (out []string, rest []byte, ok bool) {
+	contents, rest, ok := parseString(in)
+	if !ok {
+		return
+	}
+	if len(contents) == 0 {
+		out = emptyNameList
+		return
+	}
+	parts := bytes.Split(contents, comma)
+	out = make([]string, len(parts))
+	for i, part := range parts {
+		out[i] = string(part)
+	}
+	return
+}
+
+func parseInt(in []byte) (out *big.Int, rest []byte, ok bool) {
+	contents, rest, ok := parseString(in)
+	if !ok {
+		return
+	}
+	out = new(big.Int)
+
+	if len(contents) > 0 && contents[0]&0x80 == 0x80 {
+		// This is a negative number
+		notBytes := make([]byte, len(contents))
+		for i := range notBytes {
+			notBytes[i] = ^contents[i]
+		}
+		out.SetBytes(notBytes)
+		out.Add(out, bigOne)
+		out.Neg(out)
+	} else {
+		// Positive number
+		out.SetBytes(contents)
+	}
+	ok = true
+	return
+}
+
+func parseUint32(in []byte) (uint32, []byte, bool) {
+	if len(in) < 4 {
+		return 0, nil, false
+	}
+	return binary.BigEndian.Uint32(in), in[4:], true
+}
+
+func parseUint64(in []byte) (uint64, []byte, bool) {
+	if len(in) < 8 {
+		return 0, nil, false
+	}
+	return binary.BigEndian.Uint64(in), in[8:], true
+}
+
+func intLength(n *big.Int) int {
+	length := 4 /* length bytes */
+	if n.Sign() < 0 {
+		nMinus1 := new(big.Int).Neg(n)
+		nMinus1.Sub(nMinus1, bigOne)
+		bitLen := nMinus1.BitLen()
+		if bitLen%8 == 0 {
+			// The number will need 0xff padding
+			length++
+		}
+		length += (bitLen + 7) / 8
+	} else if n.Sign() == 0 {
+		// A zero is the zero length string
+	} else {
+		bitLen := n.BitLen()
+		if bitLen%8 == 0 {
+			// The number will need 0x00 padding
+			length++
+		}
+		length += (bitLen + 7) / 8
+	}
+
+	return length
+}
+
+func marshalUint32(to []byte, n uint32) []byte {
+	binary.BigEndian.PutUint32(to, n)
+	return to[4:]
+}
+
+func marshalUint64(to []byte, n uint64) []byte {
+	binary.BigEndian.PutUint64(to, n)
+	return to[8:]
+}
+
+func marshalInt(to []byte, n *big.Int) []byte {
+	lengthBytes := to
+	to = to[4:]
+	length := 0
+
+	if n.Sign() < 0 {
+		// A negative number has to be converted to two's-complement
+		// form. So we'll subtract 1 and invert. If the
+		// most-significant-bit isn't set then we'll need to pad the
+		// beginning with 0xff in order to keep the number negative.
+		nMinus1 := new(big.Int).Neg(n)
+		nMinus1.Sub(nMinus1, bigOne)
+		bytes := nMinus1.Bytes()
+		for i := range bytes {
+			bytes[i] ^= 0xff
+		}
+		if len(bytes) == 0 || bytes[0]&0x80 == 0 {
+			to[0] = 0xff
+			to = to[1:]
+			length++
+		}
+		nBytes := copy(to, bytes)
+		to = to[nBytes:]
+		length += nBytes
+	} else if n.Sign() == 0 {
+		// A zero is the zero length string
+	} else {
+		bytes := n.Bytes()
+		if len(bytes) > 0 && bytes[0]&0x80 != 0 {
+			// We'll have to pad this with a 0x00 in order to
+			// stop it looking like a negative number.
+			to[0] = 0
+			to = to[1:]
+			length++
+		}
+		nBytes := copy(to, bytes)
+		to = to[nBytes:]
+		length += nBytes
+	}
+
+	lengthBytes[0] = byte(length >> 24)
+	lengthBytes[1] = byte(length >> 16)
+	lengthBytes[2] = byte(length >> 8)
+	lengthBytes[3] = byte(length)
+	return to
+}
+
+func writeInt(w io.Writer, n *big.Int) {
+	length := intLength(n)
+	buf := make([]byte, length)
+	marshalInt(buf, n)
+	w.Write(buf)
+}
+
+func writeString(w io.Writer, s []byte) {
+	var lengthBytes [4]byte
+	lengthBytes[0] = byte(len(s) >> 24)
+	lengthBytes[1] = byte(len(s) >> 16)
+	lengthBytes[2] = byte(len(s) >> 8)
+	lengthBytes[3] = byte(len(s))
+	w.Write(lengthBytes[:])
+	w.Write(s)
+}
+
+func stringLength(n int) int {
+	return 4 + n
+}
+
+func marshalString(to []byte, s []byte) []byte {
+	to[0] = byte(len(s) >> 24)
+	to[1] = byte(len(s) >> 16)
+	to[2] = byte(len(s) >> 8)
+	to[3] = byte(len(s))
+	to = to[4:]
+	copy(to, s)
+	return to[len(s):]
+}
+
+var bigIntType = reflect.TypeOf((*big.Int)(nil))
+
+// Decode a packet into its corresponding message.
+func decode(packet []byte) (interface{}, error) {
+	var msg interface{}
+	switch packet[0] {
+	case msgDisconnect:
+		msg = new(disconnectMsg)
+	case msgServiceRequest:
+		msg = new(serviceRequestMsg)
+	case msgServiceAccept:
+		msg = new(serviceAcceptMsg)
+	case msgKexInit:
+		msg = new(kexInitMsg)
+	case msgKexDHInit:
+		msg = new(kexDHInitMsg)
+	case msgKexDHReply:
+		msg = new(kexDHReplyMsg)
+	case msgUserAuthRequest:
+		msg = new(userAuthRequestMsg)
+	case msgUserAuthSuccess:
+		return new(userAuthSuccessMsg), nil
+	case msgUserAuthFailure:
+		msg = new(userAuthFailureMsg)
+	case msgUserAuthPubKeyOk:
+		msg = new(userAuthPubKeyOkMsg)
+	case msgGlobalRequest:
+		msg = new(globalRequestMsg)
+	case msgRequestSuccess:
+		msg = new(globalRequestSuccessMsg)
+	case msgRequestFailure:
+		msg = new(globalRequestFailureMsg)
+	case msgChannelOpen:
+		msg = new(channelOpenMsg)
+	case msgChannelData:
+		msg = new(channelDataMsg)
+	case msgChannelOpenConfirm:
+		msg = new(channelOpenConfirmMsg)
+	case msgChannelOpenFailure:
+		msg = new(channelOpenFailureMsg)
+	case msgChannelWindowAdjust:
+		msg = new(windowAdjustMsg)
+	case msgChannelEOF:
+		msg = new(channelEOFMsg)
+	case msgChannelClose:
+		msg = new(channelCloseMsg)
+	case msgChannelRequest:
+		msg = new(channelRequestMsg)
+	case msgChannelSuccess:
+		msg = new(channelRequestSuccessMsg)
+	case msgChannelFailure:
+		msg = new(channelRequestFailureMsg)
+	case msgUserAuthGSSAPIToken:
+		msg = new(userAuthGSSAPIToken)
+	case msgUserAuthGSSAPIMIC:
+		msg = new(userAuthGSSAPIMIC)
+	case msgUserAuthGSSAPIErrTok:
+		msg = new(userAuthGSSAPIErrTok)
+	case msgUserAuthGSSAPIError:
+		msg = new(userAuthGSSAPIError)
+	default:
+		return nil, unexpectedMessageError(0, packet[0])
+	}
+	if err := Unmarshal(packet, msg); err != nil {
+		return nil, err
+	}
+	return msg, nil
+}
+
+var packetTypeNames = map[byte]string{
+	msgDisconnect:          "disconnectMsg",
+	msgServiceRequest:      "serviceRequestMsg",
+	msgServiceAccept:       "serviceAcceptMsg",
+	msgKexInit:             "kexInitMsg",
+	msgKexDHInit:           "kexDHInitMsg",
+	msgKexDHReply:          "kexDHReplyMsg",
+	msgUserAuthRequest:     "userAuthRequestMsg",
+	msgUserAuthSuccess:     "userAuthSuccessMsg",
+	msgUserAuthFailure:     "userAuthFailureMsg",
+	msgUserAuthPubKeyOk:    "userAuthPubKeyOkMsg",
+	msgGlobalRequest:       "globalRequestMsg",
+	msgRequestSuccess:      "globalRequestSuccessMsg",
+	msgRequestFailure:      "globalRequestFailureMsg",
+	msgChannelOpen:         "channelOpenMsg",
+	msgChannelData:         "channelDataMsg",
+	msgChannelOpenConfirm:  "channelOpenConfirmMsg",
+	msgChannelOpenFailure:  "channelOpenFailureMsg",
+	msgChannelWindowAdjust: "windowAdjustMsg",
+	msgChannelEOF:          "channelEOFMsg",
+	msgChannelClose:        "channelCloseMsg",
+	msgChannelRequest:      "channelRequestMsg",
+	msgChannelSuccess:      "channelRequestSuccessMsg",
+	msgChannelFailure:      "channelRequestFailureMsg",
+}
diff --git a/vendor/golang.org/x/crypto/ssh/mux.go b/vendor/golang.org/x/crypto/ssh/mux.go
new file mode 100644
index 0000000000000..9654c01869ad1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/mux.go
@@ -0,0 +1,351 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"encoding/binary"
+	"fmt"
+	"io"
+	"log"
+	"sync"
+	"sync/atomic"
+)
+
+// debugMux, if set, causes messages in the connection protocol to be
+// logged.
+const debugMux = false
+
+// chanList is a thread safe channel list.
+type chanList struct {
+	// protects concurrent access to chans
+	sync.Mutex
+
+	// chans are indexed by the local id of the channel, which the
+	// other side should send in the PeersId field.
+	chans []*channel
+
+	// This is a debugging aid: it offsets all IDs by this
+	// amount. This helps distinguish otherwise identical
+	// server/client muxes
+	offset uint32
+}
+
+// Assigns a channel ID to the given channel.
+func (c *chanList) add(ch *channel) uint32 {
+	c.Lock()
+	defer c.Unlock()
+	for i := range c.chans {
+		if c.chans[i] == nil {
+			c.chans[i] = ch
+			return uint32(i) + c.offset
+		}
+	}
+	c.chans = append(c.chans, ch)
+	return uint32(len(c.chans)-1) + c.offset
+}
+
+// getChan returns the channel for the given ID.
+func (c *chanList) getChan(id uint32) *channel {
+	id -= c.offset
+
+	c.Lock()
+	defer c.Unlock()
+	if id < uint32(len(c.chans)) {
+		return c.chans[id]
+	}
+	return nil
+}
+
+func (c *chanList) remove(id uint32) {
+	id -= c.offset
+	c.Lock()
+	if id < uint32(len(c.chans)) {
+		c.chans[id] = nil
+	}
+	c.Unlock()
+}
+
+// dropAll forgets all channels it knows, returning them in a slice.
+func (c *chanList) dropAll() []*channel {
+	c.Lock()
+	defer c.Unlock()
+	var r []*channel
+
+	for _, ch := range c.chans {
+		if ch == nil {
+			continue
+		}
+		r = append(r, ch)
+	}
+	c.chans = nil
+	return r
+}
+
+// mux represents the state for the SSH connection protocol, which
+// multiplexes many channels onto a single packet transport.
+type mux struct {
+	conn     packetConn
+	chanList chanList
+
+	incomingChannels chan NewChannel
+
+	globalSentMu     sync.Mutex
+	globalResponses  chan interface{}
+	incomingRequests chan *Request
+
+	errCond *sync.Cond
+	err     error
+}
+
+// When debugging, each new chanList instantiation has a different
+// offset.
+var globalOff uint32
+
+func (m *mux) Wait() error {
+	m.errCond.L.Lock()
+	defer m.errCond.L.Unlock()
+	for m.err == nil {
+		m.errCond.Wait()
+	}
+	return m.err
+}
+
+// newMux returns a mux that runs over the given connection.
+func newMux(p packetConn) *mux {
+	m := &mux{
+		conn:             p,
+		incomingChannels: make(chan NewChannel, chanSize),
+		globalResponses:  make(chan interface{}, 1),
+		incomingRequests: make(chan *Request, chanSize),
+		errCond:          newCond(),
+	}
+	if debugMux {
+		m.chanList.offset = atomic.AddUint32(&globalOff, 1)
+	}
+
+	go m.loop()
+	return m
+}
+
+func (m *mux) sendMessage(msg interface{}) error {
+	p := Marshal(msg)
+	if debugMux {
+		log.Printf("send global(%d): %#v", m.chanList.offset, msg)
+	}
+	return m.conn.writePacket(p)
+}
+
+func (m *mux) SendRequest(name string, wantReply bool, payload []byte) (bool, []byte, error) {
+	if wantReply {
+		m.globalSentMu.Lock()
+		defer m.globalSentMu.Unlock()
+	}
+
+	if err := m.sendMessage(globalRequestMsg{
+		Type:      name,
+		WantReply: wantReply,
+		Data:      payload,
+	}); err != nil {
+		return false, nil, err
+	}
+
+	if !wantReply {
+		return false, nil, nil
+	}
+
+	msg, ok := <-m.globalResponses
+	if !ok {
+		return false, nil, io.EOF
+	}
+	switch msg := msg.(type) {
+	case *globalRequestFailureMsg:
+		return false, msg.Data, nil
+	case *globalRequestSuccessMsg:
+		return true, msg.Data, nil
+	default:
+		return false, nil, fmt.Errorf("ssh: unexpected response to request: %#v", msg)
+	}
+}
+
+// ackRequest must be called after processing a global request that
+// has WantReply set.
+func (m *mux) ackRequest(ok bool, data []byte) error {
+	if ok {
+		return m.sendMessage(globalRequestSuccessMsg{Data: data})
+	}
+	return m.sendMessage(globalRequestFailureMsg{Data: data})
+}
+
+func (m *mux) Close() error {
+	return m.conn.Close()
+}
+
+// loop runs the connection machine. It will process packets until an
+// error is encountered. To synchronize on loop exit, use mux.Wait.
+func (m *mux) loop() {
+	var err error
+	for err == nil {
+		err = m.onePacket()
+	}
+
+	for _, ch := range m.chanList.dropAll() {
+		ch.close()
+	}
+
+	close(m.incomingChannels)
+	close(m.incomingRequests)
+	close(m.globalResponses)
+
+	m.conn.Close()
+
+	m.errCond.L.Lock()
+	m.err = err
+	m.errCond.Broadcast()
+	m.errCond.L.Unlock()
+
+	if debugMux {
+		log.Println("loop exit", err)
+	}
+}
+
+// onePacket reads and processes one packet.
+func (m *mux) onePacket() error {
+	packet, err := m.conn.readPacket()
+	if err != nil {
+		return err
+	}
+
+	if debugMux {
+		if packet[0] == msgChannelData || packet[0] == msgChannelExtendedData {
+			log.Printf("decoding(%d): data packet - %d bytes", m.chanList.offset, len(packet))
+		} else {
+			p, _ := decode(packet)
+			log.Printf("decoding(%d): %d %#v - %d bytes", m.chanList.offset, packet[0], p, len(packet))
+		}
+	}
+
+	switch packet[0] {
+	case msgChannelOpen:
+		return m.handleChannelOpen(packet)
+	case msgGlobalRequest, msgRequestSuccess, msgRequestFailure:
+		return m.handleGlobalPacket(packet)
+	}
+
+	// assume a channel packet.
+	if len(packet) < 5 {
+		return parseError(packet[0])
+	}
+	id := binary.BigEndian.Uint32(packet[1:])
+	ch := m.chanList.getChan(id)
+	if ch == nil {
+		return m.handleUnknownChannelPacket(id, packet)
+	}
+
+	return ch.handlePacket(packet)
+}
+
+func (m *mux) handleGlobalPacket(packet []byte) error {
+	msg, err := decode(packet)
+	if err != nil {
+		return err
+	}
+
+	switch msg := msg.(type) {
+	case *globalRequestMsg:
+		m.incomingRequests <- &Request{
+			Type:      msg.Type,
+			WantReply: msg.WantReply,
+			Payload:   msg.Data,
+			mux:       m,
+		}
+	case *globalRequestSuccessMsg, *globalRequestFailureMsg:
+		m.globalResponses <- msg
+	default:
+		panic(fmt.Sprintf("not a global message %#v", msg))
+	}
+
+	return nil
+}
+
+// handleChannelOpen schedules a channel to be Accept()ed.
+func (m *mux) handleChannelOpen(packet []byte) error {
+	var msg channelOpenMsg
+	if err := Unmarshal(packet, &msg); err != nil {
+		return err
+	}
+
+	if msg.MaxPacketSize < minPacketLength || msg.MaxPacketSize > 1<<31 {
+		failMsg := channelOpenFailureMsg{
+			PeersID:  msg.PeersID,
+			Reason:   ConnectionFailed,
+			Message:  "invalid request",
+			Language: "en_US.UTF-8",
+		}
+		return m.sendMessage(failMsg)
+	}
+
+	c := m.newChannel(msg.ChanType, channelInbound, msg.TypeSpecificData)
+	c.remoteId = msg.PeersID
+	c.maxRemotePayload = msg.MaxPacketSize
+	c.remoteWin.add(msg.PeersWindow)
+	m.incomingChannels <- c
+	return nil
+}
+
+func (m *mux) OpenChannel(chanType string, extra []byte) (Channel, <-chan *Request, error) {
+	ch, err := m.openChannel(chanType, extra)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return ch, ch.incomingRequests, nil
+}
+
+func (m *mux) openChannel(chanType string, extra []byte) (*channel, error) {
+	ch := m.newChannel(chanType, channelOutbound, extra)
+
+	ch.maxIncomingPayload = channelMaxPacket
+
+	open := channelOpenMsg{
+		ChanType:         chanType,
+		PeersWindow:      ch.myWindow,
+		MaxPacketSize:    ch.maxIncomingPayload,
+		TypeSpecificData: extra,
+		PeersID:          ch.localId,
+	}
+	if err := m.sendMessage(open); err != nil {
+		return nil, err
+	}
+
+	switch msg := (<-ch.msg).(type) {
+	case *channelOpenConfirmMsg:
+		return ch, nil
+	case *channelOpenFailureMsg:
+		return nil, &OpenChannelError{msg.Reason, msg.Message}
+	default:
+		return nil, fmt.Errorf("ssh: unexpected packet in response to channel open: %T", msg)
+	}
+}
+
+func (m *mux) handleUnknownChannelPacket(id uint32, packet []byte) error {
+	msg, err := decode(packet)
+	if err != nil {
+		return err
+	}
+
+	switch msg := msg.(type) {
+	// RFC 4254 section 5.4 says unrecognized channel requests should
+	// receive a failure response.
+	case *channelRequestMsg:
+		if msg.WantReply {
+			return m.sendMessage(channelRequestFailureMsg{
+				PeersID: msg.PeersID,
+			})
+		}
+		return nil
+	default:
+		return fmt.Errorf("ssh: invalid channel %d", id)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go
new file mode 100644
index 0000000000000..b6911e8306d67
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@@ -0,0 +1,720 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"strings"
+)
+
+// The Permissions type holds fine-grained permissions that are
+// specific to a user or a specific authentication method for a user.
+// The Permissions value for a successful authentication attempt is
+// available in ServerConn, so it can be used to pass information from
+// the user-authentication phase to the application layer.
+type Permissions struct {
+	// CriticalOptions indicate restrictions to the default
+	// permissions, and are typically used in conjunction with
+	// user certificates. The standard for SSH certificates
+	// defines "force-command" (only allow the given command to
+	// execute) and "source-address" (only allow connections from
+	// the given address). The SSH package currently only enforces
+	// the "source-address" critical option. It is up to server
+	// implementations to enforce other critical options, such as
+	// "force-command", by checking them after the SSH handshake
+	// is successful. In general, SSH servers should reject
+	// connections that specify critical options that are unknown
+	// or not supported.
+	CriticalOptions map[string]string
+
+	// Extensions are extra functionality that the server may
+	// offer on authenticated connections. Lack of support for an
+	// extension does not preclude authenticating a user. Common
+	// extensions are "permit-agent-forwarding",
+	// "permit-X11-forwarding". The Go SSH library currently does
+	// not act on any extension, and it is up to server
+	// implementations to honor them. Extensions can be used to
+	// pass data from the authentication callbacks to the server
+	// application layer.
+	Extensions map[string]string
+}
+
+type GSSAPIWithMICConfig struct {
+	// AllowLogin, must be set, is called when gssapi-with-mic
+	// authentication is selected (RFC 4462 section 3). The srcName is from the
+	// results of the GSS-API authentication. The format is username@DOMAIN.
+	// GSSAPI just guarantees to the server who the user is, but not if they can log in, and with what permissions.
+	// This callback is called after the user identity is established with GSSAPI to decide if the user can login with
+	// which permissions. If the user is allowed to login, it should return a nil error.
+	AllowLogin func(conn ConnMetadata, srcName string) (*Permissions, error)
+
+	// Server must be set. It's the implementation
+	// of the GSSAPIServer interface. See GSSAPIServer interface for details.
+	Server GSSAPIServer
+}
+
+// ServerConfig holds server specific configuration data.
+type ServerConfig struct {
+	// Config contains configuration shared between client and server.
+	Config
+
+	hostKeys []Signer
+
+	// NoClientAuth is true if clients are allowed to connect without
+	// authenticating.
+	NoClientAuth bool
+
+	// MaxAuthTries specifies the maximum number of authentication attempts
+	// permitted per connection. If set to a negative number, the number of
+	// attempts are unlimited. If set to zero, the number of attempts are limited
+	// to 6.
+	MaxAuthTries int
+
+	// PasswordCallback, if non-nil, is called when a user
+	// attempts to authenticate using a password.
+	PasswordCallback func(conn ConnMetadata, password []byte) (*Permissions, error)
+
+	// PublicKeyCallback, if non-nil, is called when a client
+	// offers a public key for authentication. It must return a nil error
+	// if the given public key can be used to authenticate the
+	// given user. For example, see CertChecker.Authenticate. A
+	// call to this function does not guarantee that the key
+	// offered is in fact used to authenticate. To record any data
+	// depending on the public key, store it inside a
+	// Permissions.Extensions entry.
+	PublicKeyCallback func(conn ConnMetadata, key PublicKey) (*Permissions, error)
+
+	// KeyboardInteractiveCallback, if non-nil, is called when
+	// keyboard-interactive authentication is selected (RFC
+	// 4256). The client object's Challenge function should be
+	// used to query the user. The callback may offer multiple
+	// Challenge rounds. To avoid information leaks, the client
+	// should be presented a challenge even if the user is
+	// unknown.
+	KeyboardInteractiveCallback func(conn ConnMetadata, client KeyboardInteractiveChallenge) (*Permissions, error)
+
+	// AuthLogCallback, if non-nil, is called to log all authentication
+	// attempts.
+	AuthLogCallback func(conn ConnMetadata, method string, err error)
+
+	// ServerVersion is the version identification string to announce in
+	// the public handshake.
+	// If empty, a reasonable default is used.
+	// Note that RFC 4253 section 4.2 requires that this string start with
+	// "SSH-2.0-".
+	ServerVersion string
+
+	// BannerCallback, if present, is called and the return string is sent to
+	// the client after key exchange completed but before authentication.
+	BannerCallback func(conn ConnMetadata) string
+
+	// GSSAPIWithMICConfig includes gssapi server and callback, which if both non-nil, is used
+	// when gssapi-with-mic authentication is selected (RFC 4462 section 3).
+	GSSAPIWithMICConfig *GSSAPIWithMICConfig
+}
+
+// AddHostKey adds a private key as a host key. If an existing host
+// key exists with the same algorithm, it is overwritten. Each server
+// config must have at least one host key.
+func (s *ServerConfig) AddHostKey(key Signer) {
+	for i, k := range s.hostKeys {
+		if k.PublicKey().Type() == key.PublicKey().Type() {
+			s.hostKeys[i] = key
+			return
+		}
+	}
+
+	s.hostKeys = append(s.hostKeys, key)
+}
+
+// cachedPubKey contains the results of querying whether a public key is
+// acceptable for a user.
+type cachedPubKey struct {
+	user       string
+	pubKeyData []byte
+	result     error
+	perms      *Permissions
+}
+
+const maxCachedPubKeys = 16
+
+// pubKeyCache caches tests for public keys.  Since SSH clients
+// will query whether a public key is acceptable before attempting to
+// authenticate with it, we end up with duplicate queries for public
+// key validity.  The cache only applies to a single ServerConn.
+type pubKeyCache struct {
+	keys []cachedPubKey
+}
+
+// get returns the result for a given user/algo/key tuple.
+func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) {
+	for _, k := range c.keys {
+		if k.user == user && bytes.Equal(k.pubKeyData, pubKeyData) {
+			return k, true
+		}
+	}
+	return cachedPubKey{}, false
+}
+
+// add adds the given tuple to the cache.
+func (c *pubKeyCache) add(candidate cachedPubKey) {
+	if len(c.keys) < maxCachedPubKeys {
+		c.keys = append(c.keys, candidate)
+	}
+}
+
+// ServerConn is an authenticated SSH connection, as seen from the
+// server
+type ServerConn struct {
+	Conn
+
+	// If the succeeding authentication callback returned a
+	// non-nil Permissions pointer, it is stored here.
+	Permissions *Permissions
+}
+
+// NewServerConn starts a new SSH server with c as the underlying
+// transport.  It starts with a handshake and, if the handshake is
+// unsuccessful, it closes the connection and returns an error.  The
+// Request and NewChannel channels must be serviced, or the connection
+// will hang.
+//
+// The returned error may be of type *ServerAuthError for
+// authentication errors.
+func NewServerConn(c net.Conn, config *ServerConfig) (*ServerConn, <-chan NewChannel, <-chan *Request, error) {
+	fullConf := *config
+	fullConf.SetDefaults()
+	if fullConf.MaxAuthTries == 0 {
+		fullConf.MaxAuthTries = 6
+	}
+	// Check if the config contains any unsupported key exchanges
+	for _, kex := range fullConf.KeyExchanges {
+		if _, ok := serverForbiddenKexAlgos[kex]; ok {
+			return nil, nil, nil, fmt.Errorf("ssh: unsupported key exchange %s for server", kex)
+		}
+	}
+
+	s := &connection{
+		sshConn: sshConn{conn: c},
+	}
+	perms, err := s.serverHandshake(&fullConf)
+	if err != nil {
+		c.Close()
+		return nil, nil, nil, err
+	}
+	return &ServerConn{s, perms}, s.mux.incomingChannels, s.mux.incomingRequests, nil
+}
+
+// signAndMarshal signs the data with the appropriate algorithm,
+// and serializes the result in SSH wire format.
+func signAndMarshal(k Signer, rand io.Reader, data []byte) ([]byte, error) {
+	sig, err := k.Sign(rand, data)
+	if err != nil {
+		return nil, err
+	}
+
+	return Marshal(sig), nil
+}
+
+// handshake performs key exchange and user authentication.
+func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error) {
+	if len(config.hostKeys) == 0 {
+		return nil, errors.New("ssh: server has no host keys")
+	}
+
+	if !config.NoClientAuth && config.PasswordCallback == nil && config.PublicKeyCallback == nil &&
+		config.KeyboardInteractiveCallback == nil && (config.GSSAPIWithMICConfig == nil ||
+		config.GSSAPIWithMICConfig.AllowLogin == nil || config.GSSAPIWithMICConfig.Server == nil) {
+		return nil, errors.New("ssh: no authentication methods configured but NoClientAuth is also false")
+	}
+
+	if config.ServerVersion != "" {
+		s.serverVersion = []byte(config.ServerVersion)
+	} else {
+		s.serverVersion = []byte(packageVersion)
+	}
+	var err error
+	s.clientVersion, err = exchangeVersions(s.sshConn.conn, s.serverVersion)
+	if err != nil {
+		return nil, err
+	}
+
+	tr := newTransport(s.sshConn.conn, config.Rand, false /* not client */)
+	s.transport = newServerTransport(tr, s.clientVersion, s.serverVersion, config)
+
+	if err := s.transport.waitSession(); err != nil {
+		return nil, err
+	}
+
+	// We just did the key change, so the session ID is established.
+	s.sessionID = s.transport.getSessionID()
+
+	var packet []byte
+	if packet, err = s.transport.readPacket(); err != nil {
+		return nil, err
+	}
+
+	var serviceRequest serviceRequestMsg
+	if err = Unmarshal(packet, &serviceRequest); err != nil {
+		return nil, err
+	}
+	if serviceRequest.Service != serviceUserAuth {
+		return nil, errors.New("ssh: requested service '" + serviceRequest.Service + "' before authenticating")
+	}
+	serviceAccept := serviceAcceptMsg{
+		Service: serviceUserAuth,
+	}
+	if err := s.transport.writePacket(Marshal(&serviceAccept)); err != nil {
+		return nil, err
+	}
+
+	perms, err := s.serverAuthenticate(config)
+	if err != nil {
+		return nil, err
+	}
+	s.mux = newMux(s.transport)
+	return perms, err
+}
+
+func isAcceptableAlgo(algo string) bool {
+	switch algo {
+	case KeyAlgoRSA, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoSKECDSA256, KeyAlgoED25519, KeyAlgoSKED25519,
+		CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
+		return true
+	}
+	return false
+}
+
+func checkSourceAddress(addr net.Addr, sourceAddrs string) error {
+	if addr == nil {
+		return errors.New("ssh: no address known for client, but source-address match required")
+	}
+
+	tcpAddr, ok := addr.(*net.TCPAddr)
+	if !ok {
+		return fmt.Errorf("ssh: remote address %v is not an TCP address when checking source-address match", addr)
+	}
+
+	for _, sourceAddr := range strings.Split(sourceAddrs, ",") {
+		if allowedIP := net.ParseIP(sourceAddr); allowedIP != nil {
+			if allowedIP.Equal(tcpAddr.IP) {
+				return nil
+			}
+		} else {
+			_, ipNet, err := net.ParseCIDR(sourceAddr)
+			if err != nil {
+				return fmt.Errorf("ssh: error parsing source-address restriction %q: %v", sourceAddr, err)
+			}
+
+			if ipNet.Contains(tcpAddr.IP) {
+				return nil
+			}
+		}
+	}
+
+	return fmt.Errorf("ssh: remote address %v is not allowed because of source-address restriction", addr)
+}
+
+func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, firstToken []byte, s *connection,
+	sessionID []byte, userAuthReq userAuthRequestMsg) (authErr error, perms *Permissions, err error) {
+	gssAPIServer := gssapiConfig.Server
+	defer gssAPIServer.DeleteSecContext()
+	var srcName string
+	for {
+		var (
+			outToken     []byte
+			needContinue bool
+		)
+		outToken, srcName, needContinue, err = gssAPIServer.AcceptSecContext(firstToken)
+		if err != nil {
+			return err, nil, nil
+		}
+		if len(outToken) != 0 {
+			if err := s.transport.writePacket(Marshal(&userAuthGSSAPIToken{
+				Token: outToken,
+			})); err != nil {
+				return nil, nil, err
+			}
+		}
+		if !needContinue {
+			break
+		}
+		packet, err := s.transport.readPacket()
+		if err != nil {
+			return nil, nil, err
+		}
+		userAuthGSSAPITokenReq := &userAuthGSSAPIToken{}
+		if err := Unmarshal(packet, userAuthGSSAPITokenReq); err != nil {
+			return nil, nil, err
+		}
+	}
+	packet, err := s.transport.readPacket()
+	if err != nil {
+		return nil, nil, err
+	}
+	userAuthGSSAPIMICReq := &userAuthGSSAPIMIC{}
+	if err := Unmarshal(packet, userAuthGSSAPIMICReq); err != nil {
+		return nil, nil, err
+	}
+	mic := buildMIC(string(sessionID), userAuthReq.User, userAuthReq.Service, userAuthReq.Method)
+	if err := gssAPIServer.VerifyMIC(mic, userAuthGSSAPIMICReq.MIC); err != nil {
+		return err, nil, nil
+	}
+	perms, authErr = gssapiConfig.AllowLogin(s, srcName)
+	return authErr, perms, nil
+}
+
+// ServerAuthError represents server authentication errors and is
+// sometimes returned by NewServerConn. It appends any authentication
+// errors that may occur, and is returned if all of the authentication
+// methods provided by the user failed to authenticate.
+type ServerAuthError struct {
+	// Errors contains authentication errors returned by the authentication
+	// callback methods. The first entry is typically ErrNoAuth.
+	Errors []error
+}
+
+func (l ServerAuthError) Error() string {
+	var errs []string
+	for _, err := range l.Errors {
+		errs = append(errs, err.Error())
+	}
+	return "[" + strings.Join(errs, ", ") + "]"
+}
+
+// ErrNoAuth is the error value returned if no
+// authentication method has been passed yet. This happens as a normal
+// part of the authentication loop, since the client first tries
+// 'none' authentication to discover available methods.
+// It is returned in ServerAuthError.Errors from NewServerConn.
+var ErrNoAuth = errors.New("ssh: no auth passed yet")
+
+func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, error) {
+	sessionID := s.transport.getSessionID()
+	var cache pubKeyCache
+	var perms *Permissions
+
+	authFailures := 0
+	var authErrs []error
+	var displayedBanner bool
+
+userAuthLoop:
+	for {
+		if authFailures >= config.MaxAuthTries && config.MaxAuthTries > 0 {
+			discMsg := &disconnectMsg{
+				Reason:  2,
+				Message: "too many authentication failures",
+			}
+
+			if err := s.transport.writePacket(Marshal(discMsg)); err != nil {
+				return nil, err
+			}
+
+			return nil, discMsg
+		}
+
+		var userAuthReq userAuthRequestMsg
+		if packet, err := s.transport.readPacket(); err != nil {
+			if err == io.EOF {
+				return nil, &ServerAuthError{Errors: authErrs}
+			}
+			return nil, err
+		} else if err = Unmarshal(packet, &userAuthReq); err != nil {
+			return nil, err
+		}
+
+		if userAuthReq.Service != serviceSSH {
+			return nil, errors.New("ssh: client attempted to negotiate for unknown service: " + userAuthReq.Service)
+		}
+
+		s.user = userAuthReq.User
+
+		if !displayedBanner && config.BannerCallback != nil {
+			displayedBanner = true
+			msg := config.BannerCallback(s)
+			if msg != "" {
+				bannerMsg := &userAuthBannerMsg{
+					Message: msg,
+				}
+				if err := s.transport.writePacket(Marshal(bannerMsg)); err != nil {
+					return nil, err
+				}
+			}
+		}
+
+		perms = nil
+		authErr := ErrNoAuth
+
+		switch userAuthReq.Method {
+		case "none":
+			if config.NoClientAuth {
+				authErr = nil
+			}
+
+			// allow initial attempt of 'none' without penalty
+			if authFailures == 0 {
+				authFailures--
+			}
+		case "password":
+			if config.PasswordCallback == nil {
+				authErr = errors.New("ssh: password auth not configured")
+				break
+			}
+			payload := userAuthReq.Payload
+			if len(payload) < 1 || payload[0] != 0 {
+				return nil, parseError(msgUserAuthRequest)
+			}
+			payload = payload[1:]
+			password, payload, ok := parseString(payload)
+			if !ok || len(payload) > 0 {
+				return nil, parseError(msgUserAuthRequest)
+			}
+
+			perms, authErr = config.PasswordCallback(s, password)
+		case "keyboard-interactive":
+			if config.KeyboardInteractiveCallback == nil {
+				authErr = errors.New("ssh: keyboard-interactive auth not configured")
+				break
+			}
+
+			prompter := &sshClientKeyboardInteractive{s}
+			perms, authErr = config.KeyboardInteractiveCallback(s, prompter.Challenge)
+		case "publickey":
+			if config.PublicKeyCallback == nil {
+				authErr = errors.New("ssh: publickey auth not configured")
+				break
+			}
+			payload := userAuthReq.Payload
+			if len(payload) < 1 {
+				return nil, parseError(msgUserAuthRequest)
+			}
+			isQuery := payload[0] == 0
+			payload = payload[1:]
+			algoBytes, payload, ok := parseString(payload)
+			if !ok {
+				return nil, parseError(msgUserAuthRequest)
+			}
+			algo := string(algoBytes)
+			if !isAcceptableAlgo(algo) {
+				authErr = fmt.Errorf("ssh: algorithm %q not accepted", algo)
+				break
+			}
+
+			pubKeyData, payload, ok := parseString(payload)
+			if !ok {
+				return nil, parseError(msgUserAuthRequest)
+			}
+
+			pubKey, err := ParsePublicKey(pubKeyData)
+			if err != nil {
+				return nil, err
+			}
+
+			candidate, ok := cache.get(s.user, pubKeyData)
+			if !ok {
+				candidate.user = s.user
+				candidate.pubKeyData = pubKeyData
+				candidate.perms, candidate.result = config.PublicKeyCallback(s, pubKey)
+				if candidate.result == nil && candidate.perms != nil && candidate.perms.CriticalOptions != nil && candidate.perms.CriticalOptions[sourceAddressCriticalOption] != "" {
+					candidate.result = checkSourceAddress(
+						s.RemoteAddr(),
+						candidate.perms.CriticalOptions[sourceAddressCriticalOption])
+				}
+				cache.add(candidate)
+			}
+
+			if isQuery {
+				// The client can query if the given public key
+				// would be okay.
+
+				if len(payload) > 0 {
+					return nil, parseError(msgUserAuthRequest)
+				}
+
+				if candidate.result == nil {
+					okMsg := userAuthPubKeyOkMsg{
+						Algo:   algo,
+						PubKey: pubKeyData,
+					}
+					if err = s.transport.writePacket(Marshal(&okMsg)); err != nil {
+						return nil, err
+					}
+					continue userAuthLoop
+				}
+				authErr = candidate.result
+			} else {
+				sig, payload, ok := parseSignature(payload)
+				if !ok || len(payload) > 0 {
+					return nil, parseError(msgUserAuthRequest)
+				}
+				// Ensure the public key algo and signature algo
+				// are supported.  Compare the private key
+				// algorithm name that corresponds to algo with
+				// sig.Format.  This is usually the same, but
+				// for certs, the names differ.
+				if !isAcceptableAlgo(sig.Format) {
+					authErr = fmt.Errorf("ssh: algorithm %q not accepted", sig.Format)
+					break
+				}
+				signedData := buildDataSignedForAuth(sessionID, userAuthReq, algoBytes, pubKeyData)
+
+				if err := pubKey.Verify(signedData, sig); err != nil {
+					return nil, err
+				}
+
+				authErr = candidate.result
+				perms = candidate.perms
+			}
+		case "gssapi-with-mic":
+			if config.GSSAPIWithMICConfig == nil {
+				authErr = errors.New("ssh: gssapi-with-mic auth not configured")
+				break
+			}
+			gssapiConfig := config.GSSAPIWithMICConfig
+			userAuthRequestGSSAPI, err := parseGSSAPIPayload(userAuthReq.Payload)
+			if err != nil {
+				return nil, parseError(msgUserAuthRequest)
+			}
+			// OpenSSH supports Kerberos V5 mechanism only for GSS-API authentication.
+			if userAuthRequestGSSAPI.N == 0 {
+				authErr = fmt.Errorf("ssh: Mechanism negotiation is not supported")
+				break
+			}
+			var i uint32
+			present := false
+			for i = 0; i < userAuthRequestGSSAPI.N; i++ {
+				if userAuthRequestGSSAPI.OIDS[i].Equal(krb5Mesh) {
+					present = true
+					break
+				}
+			}
+			if !present {
+				authErr = fmt.Errorf("ssh: GSSAPI authentication must use the Kerberos V5 mechanism")
+				break
+			}
+			// Initial server response, see RFC 4462 section 3.3.
+			if err := s.transport.writePacket(Marshal(&userAuthGSSAPIResponse{
+				SupportMech: krb5OID,
+			})); err != nil {
+				return nil, err
+			}
+			// Exchange token, see RFC 4462 section 3.4.
+			packet, err := s.transport.readPacket()
+			if err != nil {
+				return nil, err
+			}
+			userAuthGSSAPITokenReq := &userAuthGSSAPIToken{}
+			if err := Unmarshal(packet, userAuthGSSAPITokenReq); err != nil {
+				return nil, err
+			}
+			authErr, perms, err = gssExchangeToken(gssapiConfig, userAuthGSSAPITokenReq.Token, s, sessionID,
+				userAuthReq)
+			if err != nil {
+				return nil, err
+			}
+		default:
+			authErr = fmt.Errorf("ssh: unknown method %q", userAuthReq.Method)
+		}
+
+		authErrs = append(authErrs, authErr)
+
+		if config.AuthLogCallback != nil {
+			config.AuthLogCallback(s, userAuthReq.Method, authErr)
+		}
+
+		if authErr == nil {
+			break userAuthLoop
+		}
+
+		authFailures++
+
+		var failureMsg userAuthFailureMsg
+		if config.PasswordCallback != nil {
+			failureMsg.Methods = append(failureMsg.Methods, "password")
+		}
+		if config.PublicKeyCallback != nil {
+			failureMsg.Methods = append(failureMsg.Methods, "publickey")
+		}
+		if config.KeyboardInteractiveCallback != nil {
+			failureMsg.Methods = append(failureMsg.Methods, "keyboard-interactive")
+		}
+		if config.GSSAPIWithMICConfig != nil && config.GSSAPIWithMICConfig.Server != nil &&
+			config.GSSAPIWithMICConfig.AllowLogin != nil {
+			failureMsg.Methods = append(failureMsg.Methods, "gssapi-with-mic")
+		}
+
+		if len(failureMsg.Methods) == 0 {
+			return nil, errors.New("ssh: no authentication methods configured but NoClientAuth is also false")
+		}
+
+		if err := s.transport.writePacket(Marshal(&failureMsg)); err != nil {
+			return nil, err
+		}
+	}
+
+	if err := s.transport.writePacket([]byte{msgUserAuthSuccess}); err != nil {
+		return nil, err
+	}
+	return perms, nil
+}
+
+// sshClientKeyboardInteractive implements a ClientKeyboardInteractive by
+// asking the client on the other side of a ServerConn.
+type sshClientKeyboardInteractive struct {
+	*connection
+}
+
+func (c *sshClientKeyboardInteractive) Challenge(user, instruction string, questions []string, echos []bool) (answers []string, err error) {
+	if len(questions) != len(echos) {
+		return nil, errors.New("ssh: echos and questions must have equal length")
+	}
+
+	var prompts []byte
+	for i := range questions {
+		prompts = appendString(prompts, questions[i])
+		prompts = appendBool(prompts, echos[i])
+	}
+
+	if err := c.transport.writePacket(Marshal(&userAuthInfoRequestMsg{
+		Instruction: instruction,
+		NumPrompts:  uint32(len(questions)),
+		Prompts:     prompts,
+	})); err != nil {
+		return nil, err
+	}
+
+	packet, err := c.transport.readPacket()
+	if err != nil {
+		return nil, err
+	}
+	if packet[0] != msgUserAuthInfoResponse {
+		return nil, unexpectedMessageError(msgUserAuthInfoResponse, packet[0])
+	}
+	packet = packet[1:]
+
+	n, packet, ok := parseUint32(packet)
+	if !ok || int(n) != len(questions) {
+		return nil, parseError(msgUserAuthInfoResponse)
+	}
+
+	for i := uint32(0); i < n; i++ {
+		ans, rest, ok := parseString(packet)
+		if !ok {
+			return nil, parseError(msgUserAuthInfoResponse)
+		}
+
+		answers = append(answers, string(ans))
+		packet = rest
+	}
+	if len(packet) != 0 {
+		return nil, errors.New("ssh: junk at end of message")
+	}
+
+	return answers, nil
+}
diff --git a/vendor/golang.org/x/crypto/ssh/session.go b/vendor/golang.org/x/crypto/ssh/session.go
new file mode 100644
index 0000000000000..d3321f6b784b5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/session.go
@@ -0,0 +1,647 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+// Session implements an interactive session described in
+// "RFC 4254, section 6".
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"sync"
+)
+
+type Signal string
+
+// POSIX signals as listed in RFC 4254 Section 6.10.
+const (
+	SIGABRT Signal = "ABRT"
+	SIGALRM Signal = "ALRM"
+	SIGFPE  Signal = "FPE"
+	SIGHUP  Signal = "HUP"
+	SIGILL  Signal = "ILL"
+	SIGINT  Signal = "INT"
+	SIGKILL Signal = "KILL"
+	SIGPIPE Signal = "PIPE"
+	SIGQUIT Signal = "QUIT"
+	SIGSEGV Signal = "SEGV"
+	SIGTERM Signal = "TERM"
+	SIGUSR1 Signal = "USR1"
+	SIGUSR2 Signal = "USR2"
+)
+
+var signals = map[Signal]int{
+	SIGABRT: 6,
+	SIGALRM: 14,
+	SIGFPE:  8,
+	SIGHUP:  1,
+	SIGILL:  4,
+	SIGINT:  2,
+	SIGKILL: 9,
+	SIGPIPE: 13,
+	SIGQUIT: 3,
+	SIGSEGV: 11,
+	SIGTERM: 15,
+}
+
+type TerminalModes map[uint8]uint32
+
+// POSIX terminal mode flags as listed in RFC 4254 Section 8.
+const (
+	tty_OP_END    = 0
+	VINTR         = 1
+	VQUIT         = 2
+	VERASE        = 3
+	VKILL         = 4
+	VEOF          = 5
+	VEOL          = 6
+	VEOL2         = 7
+	VSTART        = 8
+	VSTOP         = 9
+	VSUSP         = 10
+	VDSUSP        = 11
+	VREPRINT      = 12
+	VWERASE       = 13
+	VLNEXT        = 14
+	VFLUSH        = 15
+	VSWTCH        = 16
+	VSTATUS       = 17
+	VDISCARD      = 18
+	IGNPAR        = 30
+	PARMRK        = 31
+	INPCK         = 32
+	ISTRIP        = 33
+	INLCR         = 34
+	IGNCR         = 35
+	ICRNL         = 36
+	IUCLC         = 37
+	IXON          = 38
+	IXANY         = 39
+	IXOFF         = 40
+	IMAXBEL       = 41
+	ISIG          = 50
+	ICANON        = 51
+	XCASE         = 52
+	ECHO          = 53
+	ECHOE         = 54
+	ECHOK         = 55
+	ECHONL        = 56
+	NOFLSH        = 57
+	TOSTOP        = 58
+	IEXTEN        = 59
+	ECHOCTL       = 60
+	ECHOKE        = 61
+	PENDIN        = 62
+	OPOST         = 70
+	OLCUC         = 71
+	ONLCR         = 72
+	OCRNL         = 73
+	ONOCR         = 74
+	ONLRET        = 75
+	CS7           = 90
+	CS8           = 91
+	PARENB        = 92
+	PARODD        = 93
+	TTY_OP_ISPEED = 128
+	TTY_OP_OSPEED = 129
+)
+
+// A Session represents a connection to a remote command or shell.
+type Session struct {
+	// Stdin specifies the remote process's standard input.
+	// If Stdin is nil, the remote process reads from an empty
+	// bytes.Buffer.
+	Stdin io.Reader
+
+	// Stdout and Stderr specify the remote process's standard
+	// output and error.
+	//
+	// If either is nil, Run connects the corresponding file
+	// descriptor to an instance of ioutil.Discard. There is a
+	// fixed amount of buffering that is shared for the two streams.
+	// If either blocks it may eventually cause the remote
+	// command to block.
+	Stdout io.Writer
+	Stderr io.Writer
+
+	ch        Channel // the channel backing this session
+	started   bool    // true once Start, Run or Shell is invoked.
+	copyFuncs []func() error
+	errors    chan error // one send per copyFunc
+
+	// true if pipe method is active
+	stdinpipe, stdoutpipe, stderrpipe bool
+
+	// stdinPipeWriter is non-nil if StdinPipe has not been called
+	// and Stdin was specified by the user; it is the write end of
+	// a pipe connecting Session.Stdin to the stdin channel.
+	stdinPipeWriter io.WriteCloser
+
+	exitStatus chan error
+}
+
+// SendRequest sends an out-of-band channel request on the SSH channel
+// underlying the session.
+func (s *Session) SendRequest(name string, wantReply bool, payload []byte) (bool, error) {
+	return s.ch.SendRequest(name, wantReply, payload)
+}
+
+func (s *Session) Close() error {
+	return s.ch.Close()
+}
+
+// RFC 4254 Section 6.4.
+type setenvRequest struct {
+	Name  string
+	Value string
+}
+
+// Setenv sets an environment variable that will be applied to any
+// command executed by Shell or Run.
+func (s *Session) Setenv(name, value string) error {
+	msg := setenvRequest{
+		Name:  name,
+		Value: value,
+	}
+	ok, err := s.ch.SendRequest("env", true, Marshal(&msg))
+	if err == nil && !ok {
+		err = errors.New("ssh: setenv failed")
+	}
+	return err
+}
+
+// RFC 4254 Section 6.2.
+type ptyRequestMsg struct {
+	Term     string
+	Columns  uint32
+	Rows     uint32
+	Width    uint32
+	Height   uint32
+	Modelist string
+}
+
+// RequestPty requests the association of a pty with the session on the remote host.
+func (s *Session) RequestPty(term string, h, w int, termmodes TerminalModes) error {
+	var tm []byte
+	for k, v := range termmodes {
+		kv := struct {
+			Key byte
+			Val uint32
+		}{k, v}
+
+		tm = append(tm, Marshal(&kv)...)
+	}
+	tm = append(tm, tty_OP_END)
+	req := ptyRequestMsg{
+		Term:     term,
+		Columns:  uint32(w),
+		Rows:     uint32(h),
+		Width:    uint32(w * 8),
+		Height:   uint32(h * 8),
+		Modelist: string(tm),
+	}
+	ok, err := s.ch.SendRequest("pty-req", true, Marshal(&req))
+	if err == nil && !ok {
+		err = errors.New("ssh: pty-req failed")
+	}
+	return err
+}
+
+// RFC 4254 Section 6.5.
+type subsystemRequestMsg struct {
+	Subsystem string
+}
+
+// RequestSubsystem requests the association of a subsystem with the session on the remote host.
+// A subsystem is a predefined command that runs in the background when the ssh session is initiated
+func (s *Session) RequestSubsystem(subsystem string) error {
+	msg := subsystemRequestMsg{
+		Subsystem: subsystem,
+	}
+	ok, err := s.ch.SendRequest("subsystem", true, Marshal(&msg))
+	if err == nil && !ok {
+		err = errors.New("ssh: subsystem request failed")
+	}
+	return err
+}
+
+// RFC 4254 Section 6.7.
+type ptyWindowChangeMsg struct {
+	Columns uint32
+	Rows    uint32
+	Width   uint32
+	Height  uint32
+}
+
+// WindowChange informs the remote host about a terminal window dimension change to h rows and w columns.
+func (s *Session) WindowChange(h, w int) error {
+	req := ptyWindowChangeMsg{
+		Columns: uint32(w),
+		Rows:    uint32(h),
+		Width:   uint32(w * 8),
+		Height:  uint32(h * 8),
+	}
+	_, err := s.ch.SendRequest("window-change", false, Marshal(&req))
+	return err
+}
+
+// RFC 4254 Section 6.9.
+type signalMsg struct {
+	Signal string
+}
+
+// Signal sends the given signal to the remote process.
+// sig is one of the SIG* constants.
+func (s *Session) Signal(sig Signal) error {
+	msg := signalMsg{
+		Signal: string(sig),
+	}
+
+	_, err := s.ch.SendRequest("signal", false, Marshal(&msg))
+	return err
+}
+
+// RFC 4254 Section 6.5.
+type execMsg struct {
+	Command string
+}
+
+// Start runs cmd on the remote host. Typically, the remote
+// server passes cmd to the shell for interpretation.
+// A Session only accepts one call to Run, Start or Shell.
+func (s *Session) Start(cmd string) error {
+	if s.started {
+		return errors.New("ssh: session already started")
+	}
+	req := execMsg{
+		Command: cmd,
+	}
+
+	ok, err := s.ch.SendRequest("exec", true, Marshal(&req))
+	if err == nil && !ok {
+		err = fmt.Errorf("ssh: command %v failed", cmd)
+	}
+	if err != nil {
+		return err
+	}
+	return s.start()
+}
+
+// Run runs cmd on the remote host. Typically, the remote
+// server passes cmd to the shell for interpretation.
+// A Session only accepts one call to Run, Start, Shell, Output,
+// or CombinedOutput.
+//
+// The returned error is nil if the command runs, has no problems
+// copying stdin, stdout, and stderr, and exits with a zero exit
+// status.
+//
+// If the remote server does not send an exit status, an error of type
+// *ExitMissingError is returned. If the command completes
+// unsuccessfully or is interrupted by a signal, the error is of type
+// *ExitError. Other error types may be returned for I/O problems.
+func (s *Session) Run(cmd string) error {
+	err := s.Start(cmd)
+	if err != nil {
+		return err
+	}
+	return s.Wait()
+}
+
+// Output runs cmd on the remote host and returns its standard output.
+func (s *Session) Output(cmd string) ([]byte, error) {
+	if s.Stdout != nil {
+		return nil, errors.New("ssh: Stdout already set")
+	}
+	var b bytes.Buffer
+	s.Stdout = &b
+	err := s.Run(cmd)
+	return b.Bytes(), err
+}
+
+type singleWriter struct {
+	b  bytes.Buffer
+	mu sync.Mutex
+}
+
+func (w *singleWriter) Write(p []byte) (int, error) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	return w.b.Write(p)
+}
+
+// CombinedOutput runs cmd on the remote host and returns its combined
+// standard output and standard error.
+func (s *Session) CombinedOutput(cmd string) ([]byte, error) {
+	if s.Stdout != nil {
+		return nil, errors.New("ssh: Stdout already set")
+	}
+	if s.Stderr != nil {
+		return nil, errors.New("ssh: Stderr already set")
+	}
+	var b singleWriter
+	s.Stdout = &b
+	s.Stderr = &b
+	err := s.Run(cmd)
+	return b.b.Bytes(), err
+}
+
+// Shell starts a login shell on the remote host. A Session only
+// accepts one call to Run, Start, Shell, Output, or CombinedOutput.
+func (s *Session) Shell() error {
+	if s.started {
+		return errors.New("ssh: session already started")
+	}
+
+	ok, err := s.ch.SendRequest("shell", true, nil)
+	if err == nil && !ok {
+		return errors.New("ssh: could not start shell")
+	}
+	if err != nil {
+		return err
+	}
+	return s.start()
+}
+
+func (s *Session) start() error {
+	s.started = true
+
+	type F func(*Session)
+	for _, setupFd := range []F{(*Session).stdin, (*Session).stdout, (*Session).stderr} {
+		setupFd(s)
+	}
+
+	s.errors = make(chan error, len(s.copyFuncs))
+	for _, fn := range s.copyFuncs {
+		go func(fn func() error) {
+			s.errors <- fn()
+		}(fn)
+	}
+	return nil
+}
+
+// Wait waits for the remote command to exit.
+//
+// The returned error is nil if the command runs, has no problems
+// copying stdin, stdout, and stderr, and exits with a zero exit
+// status.
+//
+// If the remote server does not send an exit status, an error of type
+// *ExitMissingError is returned. If the command completes
+// unsuccessfully or is interrupted by a signal, the error is of type
+// *ExitError. Other error types may be returned for I/O problems.
+func (s *Session) Wait() error {
+	if !s.started {
+		return errors.New("ssh: session not started")
+	}
+	waitErr := <-s.exitStatus
+
+	if s.stdinPipeWriter != nil {
+		s.stdinPipeWriter.Close()
+	}
+	var copyError error
+	for range s.copyFuncs {
+		if err := <-s.errors; err != nil && copyError == nil {
+			copyError = err
+		}
+	}
+	if waitErr != nil {
+		return waitErr
+	}
+	return copyError
+}
+
+func (s *Session) wait(reqs <-chan *Request) error {
+	wm := Waitmsg{status: -1}
+	// Wait for msg channel to be closed before returning.
+	for msg := range reqs {
+		switch msg.Type {
+		case "exit-status":
+			wm.status = int(binary.BigEndian.Uint32(msg.Payload))
+		case "exit-signal":
+			var sigval struct {
+				Signal     string
+				CoreDumped bool
+				Error      string
+				Lang       string
+			}
+			if err := Unmarshal(msg.Payload, &sigval); err != nil {
+				return err
+			}
+
+			// Must sanitize strings?
+			wm.signal = sigval.Signal
+			wm.msg = sigval.Error
+			wm.lang = sigval.Lang
+		default:
+			// This handles keepalives and matches
+			// OpenSSH's behaviour.
+			if msg.WantReply {
+				msg.Reply(false, nil)
+			}
+		}
+	}
+	if wm.status == 0 {
+		return nil
+	}
+	if wm.status == -1 {
+		// exit-status was never sent from server
+		if wm.signal == "" {
+			// signal was not sent either.  RFC 4254
+			// section 6.10 recommends against this
+			// behavior, but it is allowed, so we let
+			// clients handle it.
+			return &ExitMissingError{}
+		}
+		wm.status = 128
+		if _, ok := signals[Signal(wm.signal)]; ok {
+			wm.status += signals[Signal(wm.signal)]
+		}
+	}
+
+	return &ExitError{wm}
+}
+
+// ExitMissingError is returned if a session is torn down cleanly, but
+// the server sends no confirmation of the exit status.
+type ExitMissingError struct{}
+
+func (e *ExitMissingError) Error() string {
+	return "wait: remote command exited without exit status or exit signal"
+}
+
+func (s *Session) stdin() {
+	if s.stdinpipe {
+		return
+	}
+	var stdin io.Reader
+	if s.Stdin == nil {
+		stdin = new(bytes.Buffer)
+	} else {
+		r, w := io.Pipe()
+		go func() {
+			_, err := io.Copy(w, s.Stdin)
+			w.CloseWithError(err)
+		}()
+		stdin, s.stdinPipeWriter = r, w
+	}
+	s.copyFuncs = append(s.copyFuncs, func() error {
+		_, err := io.Copy(s.ch, stdin)
+		if err1 := s.ch.CloseWrite(); err == nil && err1 != io.EOF {
+			err = err1
+		}
+		return err
+	})
+}
+
+func (s *Session) stdout() {
+	if s.stdoutpipe {
+		return
+	}
+	if s.Stdout == nil {
+		s.Stdout = ioutil.Discard
+	}
+	s.copyFuncs = append(s.copyFuncs, func() error {
+		_, err := io.Copy(s.Stdout, s.ch)
+		return err
+	})
+}
+
+func (s *Session) stderr() {
+	if s.stderrpipe {
+		return
+	}
+	if s.Stderr == nil {
+		s.Stderr = ioutil.Discard
+	}
+	s.copyFuncs = append(s.copyFuncs, func() error {
+		_, err := io.Copy(s.Stderr, s.ch.Stderr())
+		return err
+	})
+}
+
+// sessionStdin reroutes Close to CloseWrite.
+type sessionStdin struct {
+	io.Writer
+	ch Channel
+}
+
+func (s *sessionStdin) Close() error {
+	return s.ch.CloseWrite()
+}
+
+// StdinPipe returns a pipe that will be connected to the
+// remote command's standard input when the command starts.
+func (s *Session) StdinPipe() (io.WriteCloser, error) {
+	if s.Stdin != nil {
+		return nil, errors.New("ssh: Stdin already set")
+	}
+	if s.started {
+		return nil, errors.New("ssh: StdinPipe after process started")
+	}
+	s.stdinpipe = true
+	return &sessionStdin{s.ch, s.ch}, nil
+}
+
+// StdoutPipe returns a pipe that will be connected to the
+// remote command's standard output when the command starts.
+// There is a fixed amount of buffering that is shared between
+// stdout and stderr streams. If the StdoutPipe reader is
+// not serviced fast enough it may eventually cause the
+// remote command to block.
+func (s *Session) StdoutPipe() (io.Reader, error) {
+	if s.Stdout != nil {
+		return nil, errors.New("ssh: Stdout already set")
+	}
+	if s.started {
+		return nil, errors.New("ssh: StdoutPipe after process started")
+	}
+	s.stdoutpipe = true
+	return s.ch, nil
+}
+
+// StderrPipe returns a pipe that will be connected to the
+// remote command's standard error when the command starts.
+// There is a fixed amount of buffering that is shared between
+// stdout and stderr streams. If the StderrPipe reader is
+// not serviced fast enough it may eventually cause the
+// remote command to block.
+func (s *Session) StderrPipe() (io.Reader, error) {
+	if s.Stderr != nil {
+		return nil, errors.New("ssh: Stderr already set")
+	}
+	if s.started {
+		return nil, errors.New("ssh: StderrPipe after process started")
+	}
+	s.stderrpipe = true
+	return s.ch.Stderr(), nil
+}
+
+// newSession returns a new interactive session on the remote host.
+func newSession(ch Channel, reqs <-chan *Request) (*Session, error) {
+	s := &Session{
+		ch: ch,
+	}
+	s.exitStatus = make(chan error, 1)
+	go func() {
+		s.exitStatus <- s.wait(reqs)
+	}()
+
+	return s, nil
+}
+
+// An ExitError reports unsuccessful completion of a remote command.
+type ExitError struct {
+	Waitmsg
+}
+
+func (e *ExitError) Error() string {
+	return e.Waitmsg.String()
+}
+
+// Waitmsg stores the information about an exited remote command
+// as reported by Wait.
+type Waitmsg struct {
+	status int
+	signal string
+	msg    string
+	lang   string
+}
+
+// ExitStatus returns the exit status of the remote command.
+func (w Waitmsg) ExitStatus() int {
+	return w.status
+}
+
+// Signal returns the exit signal of the remote command if
+// it was terminated violently.
+func (w Waitmsg) Signal() string {
+	return w.signal
+}
+
+// Msg returns the exit message given by the remote command
+func (w Waitmsg) Msg() string {
+	return w.msg
+}
+
+// Lang returns the language tag. See RFC 3066
+func (w Waitmsg) Lang() string {
+	return w.lang
+}
+
+func (w Waitmsg) String() string {
+	str := fmt.Sprintf("Process exited with status %v", w.status)
+	if w.signal != "" {
+		str += fmt.Sprintf(" from signal %v", w.signal)
+	}
+	if w.msg != "" {
+		str += fmt.Sprintf(". Reason was: %v", w.msg)
+	}
+	return str
+}
diff --git a/vendor/golang.org/x/crypto/ssh/ssh_gss.go b/vendor/golang.org/x/crypto/ssh/ssh_gss.go
new file mode 100644
index 0000000000000..24bd7c8e83048
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/ssh_gss.go
@@ -0,0 +1,139 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"encoding/asn1"
+	"errors"
+)
+
+var krb5OID []byte
+
+func init() {
+	krb5OID, _ = asn1.Marshal(krb5Mesh)
+}
+
+// GSSAPIClient provides the API to plug-in GSSAPI authentication for client logins.
+type GSSAPIClient interface {
+	// InitSecContext initiates the establishment of a security context for GSS-API between the
+	// ssh client and ssh server. Initially the token parameter should be specified as nil.
+	// The routine may return a outputToken which should be transferred to
+	// the ssh server, where the ssh server will present it to
+	// AcceptSecContext. If no token need be sent, InitSecContext will indicate this by setting
+	// needContinue to false. To complete the context
+	// establishment, one or more reply tokens may be required from the ssh
+	// server;if so, InitSecContext will return a needContinue which is true.
+	// In this case, InitSecContext should be called again when the
+	// reply token is received from the ssh server, passing the reply
+	// token to InitSecContext via the token parameters.
+	// See RFC 2743 section 2.2.1 and RFC 4462 section 3.4.
+	InitSecContext(target string, token []byte, isGSSDelegCreds bool) (outputToken []byte, needContinue bool, err error)
+	// GetMIC generates a cryptographic MIC for the SSH2 message, and places
+	// the MIC in a token for transfer to the ssh server.
+	// The contents of the MIC field are obtained by calling GSS_GetMIC()
+	// over the following, using the GSS-API context that was just
+	// established:
+	//  string    session identifier
+	//  byte      SSH_MSG_USERAUTH_REQUEST
+	//  string    user name
+	//  string    service
+	//  string    "gssapi-with-mic"
+	// See RFC 2743 section 2.3.1 and RFC 4462 3.5.
+	GetMIC(micFiled []byte) ([]byte, error)
+	// Whenever possible, it should be possible for
+	// DeleteSecContext() calls to be successfully processed even
+	// if other calls cannot succeed, thereby enabling context-related
+	// resources to be released.
+	// In addition to deleting established security contexts,
+	// gss_delete_sec_context must also be able to delete "half-built"
+	// security contexts resulting from an incomplete sequence of
+	// InitSecContext()/AcceptSecContext() calls.
+	// See RFC 2743 section 2.2.3.
+	DeleteSecContext() error
+}
+
+// GSSAPIServer provides the API to plug in GSSAPI authentication for server logins.
+type GSSAPIServer interface {
+	// AcceptSecContext allows a remotely initiated security context between the application
+	// and a remote peer to be established by the ssh client. The routine may return a
+	// outputToken which should be transferred to the ssh client,
+	// where the ssh client will present it to InitSecContext.
+	// If no token need be sent, AcceptSecContext will indicate this
+	// by setting the needContinue to false. To
+	// complete the context establishment, one or more reply tokens may be
+	// required from the ssh client. if so, AcceptSecContext
+	// will return a needContinue which is true, in which case it
+	// should be called again when the reply token is received from the ssh
+	// client, passing the token to AcceptSecContext via the
+	// token parameters.
+	// The srcName return value is the authenticated username.
+	// See RFC 2743 section 2.2.2 and RFC 4462 section 3.4.
+	AcceptSecContext(token []byte) (outputToken []byte, srcName string, needContinue bool, err error)
+	// VerifyMIC verifies that a cryptographic MIC, contained in the token parameter,
+	// fits the supplied message is received from the ssh client.
+	// See RFC 2743 section 2.3.2.
+	VerifyMIC(micField []byte, micToken []byte) error
+	// Whenever possible, it should be possible for
+	// DeleteSecContext() calls to be successfully processed even
+	// if other calls cannot succeed, thereby enabling context-related
+	// resources to be released.
+	// In addition to deleting established security contexts,
+	// gss_delete_sec_context must also be able to delete "half-built"
+	// security contexts resulting from an incomplete sequence of
+	// InitSecContext()/AcceptSecContext() calls.
+	// See RFC 2743 section 2.2.3.
+	DeleteSecContext() error
+}
+
+var (
+	// OpenSSH supports Kerberos V5 mechanism only for GSS-API authentication,
+	// so we also support the krb5 mechanism only.
+	// See RFC 1964 section 1.
+	krb5Mesh = asn1.ObjectIdentifier{1, 2, 840, 113554, 1, 2, 2}
+)
+
+// The GSS-API authentication method is initiated when the client sends an SSH_MSG_USERAUTH_REQUEST
+// See RFC 4462 section 3.2.
+type userAuthRequestGSSAPI struct {
+	N    uint32
+	OIDS []asn1.ObjectIdentifier
+}
+
+func parseGSSAPIPayload(payload []byte) (*userAuthRequestGSSAPI, error) {
+	n, rest, ok := parseUint32(payload)
+	if !ok {
+		return nil, errors.New("parse uint32 failed")
+	}
+	s := &userAuthRequestGSSAPI{
+		N:    n,
+		OIDS: make([]asn1.ObjectIdentifier, n),
+	}
+	for i := 0; i < int(n); i++ {
+		var (
+			desiredMech []byte
+			err         error
+		)
+		desiredMech, rest, ok = parseString(rest)
+		if !ok {
+			return nil, errors.New("parse string failed")
+		}
+		if rest, err = asn1.Unmarshal(desiredMech, &s.OIDS[i]); err != nil {
+			return nil, err
+		}
+
+	}
+	return s, nil
+}
+
+// See RFC 4462 section 3.6.
+func buildMIC(sessionID string, username string, service string, authMethod string) []byte {
+	out := make([]byte, 0, 0)
+	out = appendString(out, sessionID)
+	out = append(out, msgUserAuthRequest)
+	out = appendString(out, username)
+	out = appendString(out, service)
+	out = appendString(out, authMethod)
+	return out
+}
diff --git a/vendor/golang.org/x/crypto/ssh/streamlocal.go b/vendor/golang.org/x/crypto/ssh/streamlocal.go
new file mode 100644
index 0000000000000..b171b330bc380
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/streamlocal.go
@@ -0,0 +1,116 @@
+package ssh
+
+import (
+	"errors"
+	"io"
+	"net"
+)
+
+// streamLocalChannelOpenDirectMsg is a struct used for SSH_MSG_CHANNEL_OPEN message
+// with "direct-streamlocal@openssh.com" string.
+//
+// See openssh-portable/PROTOCOL, section 2.4. connection: Unix domain socket forwarding
+// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL#L235
+type streamLocalChannelOpenDirectMsg struct {
+	socketPath string
+	reserved0  string
+	reserved1  uint32
+}
+
+// forwardedStreamLocalPayload is a struct used for SSH_MSG_CHANNEL_OPEN message
+// with "forwarded-streamlocal@openssh.com" string.
+type forwardedStreamLocalPayload struct {
+	SocketPath string
+	Reserved0  string
+}
+
+// streamLocalChannelForwardMsg is a struct used for SSH2_MSG_GLOBAL_REQUEST message
+// with "streamlocal-forward@openssh.com"/"cancel-streamlocal-forward@openssh.com" string.
+type streamLocalChannelForwardMsg struct {
+	socketPath string
+}
+
+// ListenUnix is similar to ListenTCP but uses a Unix domain socket.
+func (c *Client) ListenUnix(socketPath string) (net.Listener, error) {
+	c.handleForwardsOnce.Do(c.handleForwards)
+	m := streamLocalChannelForwardMsg{
+		socketPath,
+	}
+	// send message
+	ok, _, err := c.SendRequest("streamlocal-forward@openssh.com", true, Marshal(&m))
+	if err != nil {
+		return nil, err
+	}
+	if !ok {
+		return nil, errors.New("ssh: streamlocal-forward@openssh.com request denied by peer")
+	}
+	ch := c.forwards.add(&net.UnixAddr{Name: socketPath, Net: "unix"})
+
+	return &unixListener{socketPath, c, ch}, nil
+}
+
+func (c *Client) dialStreamLocal(socketPath string) (Channel, error) {
+	msg := streamLocalChannelOpenDirectMsg{
+		socketPath: socketPath,
+	}
+	ch, in, err := c.OpenChannel("direct-streamlocal@openssh.com", Marshal(&msg))
+	if err != nil {
+		return nil, err
+	}
+	go DiscardRequests(in)
+	return ch, err
+}
+
+type unixListener struct {
+	socketPath string
+
+	conn *Client
+	in   <-chan forward
+}
+
+// Accept waits for and returns the next connection to the listener.
+func (l *unixListener) Accept() (net.Conn, error) {
+	s, ok := <-l.in
+	if !ok {
+		return nil, io.EOF
+	}
+	ch, incoming, err := s.newCh.Accept()
+	if err != nil {
+		return nil, err
+	}
+	go DiscardRequests(incoming)
+
+	return &chanConn{
+		Channel: ch,
+		laddr: &net.UnixAddr{
+			Name: l.socketPath,
+			Net:  "unix",
+		},
+		raddr: &net.UnixAddr{
+			Name: "@",
+			Net:  "unix",
+		},
+	}, nil
+}
+
+// Close closes the listener.
+func (l *unixListener) Close() error {
+	// this also closes the listener.
+	l.conn.forwards.remove(&net.UnixAddr{Name: l.socketPath, Net: "unix"})
+	m := streamLocalChannelForwardMsg{
+		l.socketPath,
+	}
+	ok, _, err := l.conn.SendRequest("cancel-streamlocal-forward@openssh.com", true, Marshal(&m))
+	if err == nil && !ok {
+		err = errors.New("ssh: cancel-streamlocal-forward@openssh.com failed")
+	}
+	return err
+}
+
+// Addr returns the listener's network address.
+func (l *unixListener) Addr() net.Addr {
+	return &net.UnixAddr{
+		Name: l.socketPath,
+		Net:  "unix",
+	}
+}
diff --git a/vendor/golang.org/x/crypto/ssh/tcpip.go b/vendor/golang.org/x/crypto/ssh/tcpip.go
new file mode 100644
index 0000000000000..80d35f5ec187a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/tcpip.go
@@ -0,0 +1,474 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"math/rand"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+)
+
+// Listen requests the remote peer open a listening socket on
+// addr. Incoming connections will be available by calling Accept on
+// the returned net.Listener. The listener must be serviced, or the
+// SSH connection may hang.
+// N must be "tcp", "tcp4", "tcp6", or "unix".
+func (c *Client) Listen(n, addr string) (net.Listener, error) {
+	switch n {
+	case "tcp", "tcp4", "tcp6":
+		laddr, err := net.ResolveTCPAddr(n, addr)
+		if err != nil {
+			return nil, err
+		}
+		return c.ListenTCP(laddr)
+	case "unix":
+		return c.ListenUnix(addr)
+	default:
+		return nil, fmt.Errorf("ssh: unsupported protocol: %s", n)
+	}
+}
+
+// Automatic port allocation is broken with OpenSSH before 6.0. See
+// also https://bugzilla.mindrot.org/show_bug.cgi?id=2017.  In
+// particular, OpenSSH 5.9 sends a channelOpenMsg with port number 0,
+// rather than the actual port number. This means you can never open
+// two different listeners with auto allocated ports. We work around
+// this by trying explicit ports until we succeed.
+
+const openSSHPrefix = "OpenSSH_"
+
+var portRandomizer = rand.New(rand.NewSource(time.Now().UnixNano()))
+
+// isBrokenOpenSSHVersion returns true if the given version string
+// specifies a version of OpenSSH that is known to have a bug in port
+// forwarding.
+func isBrokenOpenSSHVersion(versionStr string) bool {
+	i := strings.Index(versionStr, openSSHPrefix)
+	if i < 0 {
+		return false
+	}
+	i += len(openSSHPrefix)
+	j := i
+	for ; j < len(versionStr); j++ {
+		if versionStr[j] < '0' || versionStr[j] > '9' {
+			break
+		}
+	}
+	version, _ := strconv.Atoi(versionStr[i:j])
+	return version < 6
+}
+
+// autoPortListenWorkaround simulates automatic port allocation by
+// trying random ports repeatedly.
+func (c *Client) autoPortListenWorkaround(laddr *net.TCPAddr) (net.Listener, error) {
+	var sshListener net.Listener
+	var err error
+	const tries = 10
+	for i := 0; i < tries; i++ {
+		addr := *laddr
+		addr.Port = 1024 + portRandomizer.Intn(60000)
+		sshListener, err = c.ListenTCP(&addr)
+		if err == nil {
+			laddr.Port = addr.Port
+			return sshListener, err
+		}
+	}
+	return nil, fmt.Errorf("ssh: listen on random port failed after %d tries: %v", tries, err)
+}
+
+// RFC 4254 7.1
+type channelForwardMsg struct {
+	addr  string
+	rport uint32
+}
+
+// handleForwards starts goroutines handling forwarded connections.
+// It's called on first use by (*Client).ListenTCP to not launch
+// goroutines until needed.
+func (c *Client) handleForwards() {
+	go c.forwards.handleChannels(c.HandleChannelOpen("forwarded-tcpip"))
+	go c.forwards.handleChannels(c.HandleChannelOpen("forwarded-streamlocal@openssh.com"))
+}
+
+// ListenTCP requests the remote peer open a listening socket
+// on laddr. Incoming connections will be available by calling
+// Accept on the returned net.Listener.
+func (c *Client) ListenTCP(laddr *net.TCPAddr) (net.Listener, error) {
+	c.handleForwardsOnce.Do(c.handleForwards)
+	if laddr.Port == 0 && isBrokenOpenSSHVersion(string(c.ServerVersion())) {
+		return c.autoPortListenWorkaround(laddr)
+	}
+
+	m := channelForwardMsg{
+		laddr.IP.String(),
+		uint32(laddr.Port),
+	}
+	// send message
+	ok, resp, err := c.SendRequest("tcpip-forward", true, Marshal(&m))
+	if err != nil {
+		return nil, err
+	}
+	if !ok {
+		return nil, errors.New("ssh: tcpip-forward request denied by peer")
+	}
+
+	// If the original port was 0, then the remote side will
+	// supply a real port number in the response.
+	if laddr.Port == 0 {
+		var p struct {
+			Port uint32
+		}
+		if err := Unmarshal(resp, &p); err != nil {
+			return nil, err
+		}
+		laddr.Port = int(p.Port)
+	}
+
+	// Register this forward, using the port number we obtained.
+	ch := c.forwards.add(laddr)
+
+	return &tcpListener{laddr, c, ch}, nil
+}
+
+// forwardList stores a mapping between remote
+// forward requests and the tcpListeners.
+type forwardList struct {
+	sync.Mutex
+	entries []forwardEntry
+}
+
+// forwardEntry represents an established mapping of a laddr on a
+// remote ssh server to a channel connected to a tcpListener.
+type forwardEntry struct {
+	laddr net.Addr
+	c     chan forward
+}
+
+// forward represents an incoming forwarded tcpip connection. The
+// arguments to add/remove/lookup should be address as specified in
+// the original forward-request.
+type forward struct {
+	newCh NewChannel // the ssh client channel underlying this forward
+	raddr net.Addr   // the raddr of the incoming connection
+}
+
+func (l *forwardList) add(addr net.Addr) chan forward {
+	l.Lock()
+	defer l.Unlock()
+	f := forwardEntry{
+		laddr: addr,
+		c:     make(chan forward, 1),
+	}
+	l.entries = append(l.entries, f)
+	return f.c
+}
+
+// See RFC 4254, section 7.2
+type forwardedTCPPayload struct {
+	Addr       string
+	Port       uint32
+	OriginAddr string
+	OriginPort uint32
+}
+
+// parseTCPAddr parses the originating address from the remote into a *net.TCPAddr.
+func parseTCPAddr(addr string, port uint32) (*net.TCPAddr, error) {
+	if port == 0 || port > 65535 {
+		return nil, fmt.Errorf("ssh: port number out of range: %d", port)
+	}
+	ip := net.ParseIP(string(addr))
+	if ip == nil {
+		return nil, fmt.Errorf("ssh: cannot parse IP address %q", addr)
+	}
+	return &net.TCPAddr{IP: ip, Port: int(port)}, nil
+}
+
+func (l *forwardList) handleChannels(in <-chan NewChannel) {
+	for ch := range in {
+		var (
+			laddr net.Addr
+			raddr net.Addr
+			err   error
+		)
+		switch channelType := ch.ChannelType(); channelType {
+		case "forwarded-tcpip":
+			var payload forwardedTCPPayload
+			if err = Unmarshal(ch.ExtraData(), &payload); err != nil {
+				ch.Reject(ConnectionFailed, "could not parse forwarded-tcpip payload: "+err.Error())
+				continue
+			}
+
+			// RFC 4254 section 7.2 specifies that incoming
+			// addresses should list the address, in string
+			// format. It is implied that this should be an IP
+			// address, as it would be impossible to connect to it
+			// otherwise.
+			laddr, err = parseTCPAddr(payload.Addr, payload.Port)
+			if err != nil {
+				ch.Reject(ConnectionFailed, err.Error())
+				continue
+			}
+			raddr, err = parseTCPAddr(payload.OriginAddr, payload.OriginPort)
+			if err != nil {
+				ch.Reject(ConnectionFailed, err.Error())
+				continue
+			}
+
+		case "forwarded-streamlocal@openssh.com":
+			var payload forwardedStreamLocalPayload
+			if err = Unmarshal(ch.ExtraData(), &payload); err != nil {
+				ch.Reject(ConnectionFailed, "could not parse forwarded-streamlocal@openssh.com payload: "+err.Error())
+				continue
+			}
+			laddr = &net.UnixAddr{
+				Name: payload.SocketPath,
+				Net:  "unix",
+			}
+			raddr = &net.UnixAddr{
+				Name: "@",
+				Net:  "unix",
+			}
+		default:
+			panic(fmt.Errorf("ssh: unknown channel type %s", channelType))
+		}
+		if ok := l.forward(laddr, raddr, ch); !ok {
+			// Section 7.2, implementations MUST reject spurious incoming
+			// connections.
+			ch.Reject(Prohibited, "no forward for address")
+			continue
+		}
+
+	}
+}
+
+// remove removes the forward entry, and the channel feeding its
+// listener.
+func (l *forwardList) remove(addr net.Addr) {
+	l.Lock()
+	defer l.Unlock()
+	for i, f := range l.entries {
+		if addr.Network() == f.laddr.Network() && addr.String() == f.laddr.String() {
+			l.entries = append(l.entries[:i], l.entries[i+1:]...)
+			close(f.c)
+			return
+		}
+	}
+}
+
+// closeAll closes and clears all forwards.
+func (l *forwardList) closeAll() {
+	l.Lock()
+	defer l.Unlock()
+	for _, f := range l.entries {
+		close(f.c)
+	}
+	l.entries = nil
+}
+
+func (l *forwardList) forward(laddr, raddr net.Addr, ch NewChannel) bool {
+	l.Lock()
+	defer l.Unlock()
+	for _, f := range l.entries {
+		if laddr.Network() == f.laddr.Network() && laddr.String() == f.laddr.String() {
+			f.c <- forward{newCh: ch, raddr: raddr}
+			return true
+		}
+	}
+	return false
+}
+
+type tcpListener struct {
+	laddr *net.TCPAddr
+
+	conn *Client
+	in   <-chan forward
+}
+
+// Accept waits for and returns the next connection to the listener.
+func (l *tcpListener) Accept() (net.Conn, error) {
+	s, ok := <-l.in
+	if !ok {
+		return nil, io.EOF
+	}
+	ch, incoming, err := s.newCh.Accept()
+	if err != nil {
+		return nil, err
+	}
+	go DiscardRequests(incoming)
+
+	return &chanConn{
+		Channel: ch,
+		laddr:   l.laddr,
+		raddr:   s.raddr,
+	}, nil
+}
+
+// Close closes the listener.
+func (l *tcpListener) Close() error {
+	m := channelForwardMsg{
+		l.laddr.IP.String(),
+		uint32(l.laddr.Port),
+	}
+
+	// this also closes the listener.
+	l.conn.forwards.remove(l.laddr)
+	ok, _, err := l.conn.SendRequest("cancel-tcpip-forward", true, Marshal(&m))
+	if err == nil && !ok {
+		err = errors.New("ssh: cancel-tcpip-forward failed")
+	}
+	return err
+}
+
+// Addr returns the listener's network address.
+func (l *tcpListener) Addr() net.Addr {
+	return l.laddr
+}
+
+// Dial initiates a connection to the addr from the remote host.
+// The resulting connection has a zero LocalAddr() and RemoteAddr().
+func (c *Client) Dial(n, addr string) (net.Conn, error) {
+	var ch Channel
+	switch n {
+	case "tcp", "tcp4", "tcp6":
+		// Parse the address into host and numeric port.
+		host, portString, err := net.SplitHostPort(addr)
+		if err != nil {
+			return nil, err
+		}
+		port, err := strconv.ParseUint(portString, 10, 16)
+		if err != nil {
+			return nil, err
+		}
+		ch, err = c.dial(net.IPv4zero.String(), 0, host, int(port))
+		if err != nil {
+			return nil, err
+		}
+		// Use a zero address for local and remote address.
+		zeroAddr := &net.TCPAddr{
+			IP:   net.IPv4zero,
+			Port: 0,
+		}
+		return &chanConn{
+			Channel: ch,
+			laddr:   zeroAddr,
+			raddr:   zeroAddr,
+		}, nil
+	case "unix":
+		var err error
+		ch, err = c.dialStreamLocal(addr)
+		if err != nil {
+			return nil, err
+		}
+		return &chanConn{
+			Channel: ch,
+			laddr: &net.UnixAddr{
+				Name: "@",
+				Net:  "unix",
+			},
+			raddr: &net.UnixAddr{
+				Name: addr,
+				Net:  "unix",
+			},
+		}, nil
+	default:
+		return nil, fmt.Errorf("ssh: unsupported protocol: %s", n)
+	}
+}
+
+// DialTCP connects to the remote address raddr on the network net,
+// which must be "tcp", "tcp4", or "tcp6".  If laddr is not nil, it is used
+// as the local address for the connection.
+func (c *Client) DialTCP(n string, laddr, raddr *net.TCPAddr) (net.Conn, error) {
+	if laddr == nil {
+		laddr = &net.TCPAddr{
+			IP:   net.IPv4zero,
+			Port: 0,
+		}
+	}
+	ch, err := c.dial(laddr.IP.String(), laddr.Port, raddr.IP.String(), raddr.Port)
+	if err != nil {
+		return nil, err
+	}
+	return &chanConn{
+		Channel: ch,
+		laddr:   laddr,
+		raddr:   raddr,
+	}, nil
+}
+
+// RFC 4254 7.2
+type channelOpenDirectMsg struct {
+	raddr string
+	rport uint32
+	laddr string
+	lport uint32
+}
+
+func (c *Client) dial(laddr string, lport int, raddr string, rport int) (Channel, error) {
+	msg := channelOpenDirectMsg{
+		raddr: raddr,
+		rport: uint32(rport),
+		laddr: laddr,
+		lport: uint32(lport),
+	}
+	ch, in, err := c.OpenChannel("direct-tcpip", Marshal(&msg))
+	if err != nil {
+		return nil, err
+	}
+	go DiscardRequests(in)
+	return ch, err
+}
+
+type tcpChan struct {
+	Channel // the backing channel
+}
+
+// chanConn fulfills the net.Conn interface without
+// the tcpChan having to hold laddr or raddr directly.
+type chanConn struct {
+	Channel
+	laddr, raddr net.Addr
+}
+
+// LocalAddr returns the local network address.
+func (t *chanConn) LocalAddr() net.Addr {
+	return t.laddr
+}
+
+// RemoteAddr returns the remote network address.
+func (t *chanConn) RemoteAddr() net.Addr {
+	return t.raddr
+}
+
+// SetDeadline sets the read and write deadlines associated
+// with the connection.
+func (t *chanConn) SetDeadline(deadline time.Time) error {
+	if err := t.SetReadDeadline(deadline); err != nil {
+		return err
+	}
+	return t.SetWriteDeadline(deadline)
+}
+
+// SetReadDeadline sets the read deadline.
+// A zero value for t means Read will not time out.
+// After the deadline, the error from Read will implement net.Error
+// with Timeout() == true.
+func (t *chanConn) SetReadDeadline(deadline time.Time) error {
+	// for compatibility with previous version,
+	// the error message contains "tcpChan"
+	return errors.New("ssh: tcpChan: deadline not supported")
+}
+
+// SetWriteDeadline exists to satisfy the net.Conn interface
+// but is not implemented by this type.  It always returns an error.
+func (t *chanConn) SetWriteDeadline(deadline time.Time) error {
+	return errors.New("ssh: tcpChan: deadline not supported")
+}
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
deleted file mode 100644
index 9a887598ff404..0000000000000
--- a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
+++ /dev/null
@@ -1,951 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package terminal
-
-import (
-	"bytes"
-	"io"
-	"sync"
-	"unicode/utf8"
-)
-
-// EscapeCodes contains escape sequences that can be written to the terminal in
-// order to achieve different styles of text.
-type EscapeCodes struct {
-	// Foreground colors
-	Black, Red, Green, Yellow, Blue, Magenta, Cyan, White []byte
-
-	// Reset all attributes
-	Reset []byte
-}
-
-var vt100EscapeCodes = EscapeCodes{
-	Black:   []byte{keyEscape, '[', '3', '0', 'm'},
-	Red:     []byte{keyEscape, '[', '3', '1', 'm'},
-	Green:   []byte{keyEscape, '[', '3', '2', 'm'},
-	Yellow:  []byte{keyEscape, '[', '3', '3', 'm'},
-	Blue:    []byte{keyEscape, '[', '3', '4', 'm'},
-	Magenta: []byte{keyEscape, '[', '3', '5', 'm'},
-	Cyan:    []byte{keyEscape, '[', '3', '6', 'm'},
-	White:   []byte{keyEscape, '[', '3', '7', 'm'},
-
-	Reset: []byte{keyEscape, '[', '0', 'm'},
-}
-
-// Terminal contains the state for running a VT100 terminal that is capable of
-// reading lines of input.
-type Terminal struct {
-	// AutoCompleteCallback, if non-null, is called for each keypress with
-	// the full input line and the current position of the cursor (in
-	// bytes, as an index into |line|). If it returns ok=false, the key
-	// press is processed normally. Otherwise it returns a replacement line
-	// and the new cursor position.
-	AutoCompleteCallback func(line string, pos int, key rune) (newLine string, newPos int, ok bool)
-
-	// Escape contains a pointer to the escape codes for this terminal.
-	// It's always a valid pointer, although the escape codes themselves
-	// may be empty if the terminal doesn't support them.
-	Escape *EscapeCodes
-
-	// lock protects the terminal and the state in this object from
-	// concurrent processing of a key press and a Write() call.
-	lock sync.Mutex
-
-	c      io.ReadWriter
-	prompt []rune
-
-	// line is the current line being entered.
-	line []rune
-	// pos is the logical position of the cursor in line
-	pos int
-	// echo is true if local echo is enabled
-	echo bool
-	// pasteActive is true iff there is a bracketed paste operation in
-	// progress.
-	pasteActive bool
-
-	// cursorX contains the current X value of the cursor where the left
-	// edge is 0. cursorY contains the row number where the first row of
-	// the current line is 0.
-	cursorX, cursorY int
-	// maxLine is the greatest value of cursorY so far.
-	maxLine int
-
-	termWidth, termHeight int
-
-	// outBuf contains the terminal data to be sent.
-	outBuf []byte
-	// remainder contains the remainder of any partial key sequences after
-	// a read. It aliases into inBuf.
-	remainder []byte
-	inBuf     [256]byte
-
-	// history contains previously entered commands so that they can be
-	// accessed with the up and down keys.
-	history stRingBuffer
-	// historyIndex stores the currently accessed history entry, where zero
-	// means the immediately previous entry.
-	historyIndex int
-	// When navigating up and down the history it's possible to return to
-	// the incomplete, initial line. That value is stored in
-	// historyPending.
-	historyPending string
-}
-
-// NewTerminal runs a VT100 terminal on the given ReadWriter. If the ReadWriter is
-// a local terminal, that terminal must first have been put into raw mode.
-// prompt is a string that is written at the start of each input line (i.e.
-// "> ").
-func NewTerminal(c io.ReadWriter, prompt string) *Terminal {
-	return &Terminal{
-		Escape:       &vt100EscapeCodes,
-		c:            c,
-		prompt:       []rune(prompt),
-		termWidth:    80,
-		termHeight:   24,
-		echo:         true,
-		historyIndex: -1,
-	}
-}
-
-const (
-	keyCtrlD     = 4
-	keyCtrlU     = 21
-	keyEnter     = '\r'
-	keyEscape    = 27
-	keyBackspace = 127
-	keyUnknown   = 0xd800 /* UTF-16 surrogate area */ + iota
-	keyUp
-	keyDown
-	keyLeft
-	keyRight
-	keyAltLeft
-	keyAltRight
-	keyHome
-	keyEnd
-	keyDeleteWord
-	keyDeleteLine
-	keyClearScreen
-	keyPasteStart
-	keyPasteEnd
-)
-
-var (
-	crlf       = []byte{'\r', '\n'}
-	pasteStart = []byte{keyEscape, '[', '2', '0', '0', '~'}
-	pasteEnd   = []byte{keyEscape, '[', '2', '0', '1', '~'}
-)
-
-// bytesToKey tries to parse a key sequence from b. If successful, it returns
-// the key and the remainder of the input. Otherwise it returns utf8.RuneError.
-func bytesToKey(b []byte, pasteActive bool) (rune, []byte) {
-	if len(b) == 0 {
-		return utf8.RuneError, nil
-	}
-
-	if !pasteActive {
-		switch b[0] {
-		case 1: // ^A
-			return keyHome, b[1:]
-		case 5: // ^E
-			return keyEnd, b[1:]
-		case 8: // ^H
-			return keyBackspace, b[1:]
-		case 11: // ^K
-			return keyDeleteLine, b[1:]
-		case 12: // ^L
-			return keyClearScreen, b[1:]
-		case 23: // ^W
-			return keyDeleteWord, b[1:]
-		}
-	}
-
-	if b[0] != keyEscape {
-		if !utf8.FullRune(b) {
-			return utf8.RuneError, b
-		}
-		r, l := utf8.DecodeRune(b)
-		return r, b[l:]
-	}
-
-	if !pasteActive && len(b) >= 3 && b[0] == keyEscape && b[1] == '[' {
-		switch b[2] {
-		case 'A':
-			return keyUp, b[3:]
-		case 'B':
-			return keyDown, b[3:]
-		case 'C':
-			return keyRight, b[3:]
-		case 'D':
-			return keyLeft, b[3:]
-		case 'H':
-			return keyHome, b[3:]
-		case 'F':
-			return keyEnd, b[3:]
-		}
-	}
-
-	if !pasteActive && len(b) >= 6 && b[0] == keyEscape && b[1] == '[' && b[2] == '1' && b[3] == ';' && b[4] == '3' {
-		switch b[5] {
-		case 'C':
-			return keyAltRight, b[6:]
-		case 'D':
-			return keyAltLeft, b[6:]
-		}
-	}
-
-	if !pasteActive && len(b) >= 6 && bytes.Equal(b[:6], pasteStart) {
-		return keyPasteStart, b[6:]
-	}
-
-	if pasteActive && len(b) >= 6 && bytes.Equal(b[:6], pasteEnd) {
-		return keyPasteEnd, b[6:]
-	}
-
-	// If we get here then we have a key that we don't recognise, or a
-	// partial sequence. It's not clear how one should find the end of a
-	// sequence without knowing them all, but it seems that [a-zA-Z~] only
-	// appears at the end of a sequence.
-	for i, c := range b[0:] {
-		if c >= 'a' && c <= 'z' || c >= 'A' && c <= 'Z' || c == '~' {
-			return keyUnknown, b[i+1:]
-		}
-	}
-
-	return utf8.RuneError, b
-}
-
-// queue appends data to the end of t.outBuf
-func (t *Terminal) queue(data []rune) {
-	t.outBuf = append(t.outBuf, []byte(string(data))...)
-}
-
-var eraseUnderCursor = []rune{' ', keyEscape, '[', 'D'}
-var space = []rune{' '}
-
-func isPrintable(key rune) bool {
-	isInSurrogateArea := key >= 0xd800 && key <= 0xdbff
-	return key >= 32 && !isInSurrogateArea
-}
-
-// moveCursorToPos appends data to t.outBuf which will move the cursor to the
-// given, logical position in the text.
-func (t *Terminal) moveCursorToPos(pos int) {
-	if !t.echo {
-		return
-	}
-
-	x := visualLength(t.prompt) + pos
-	y := x / t.termWidth
-	x = x % t.termWidth
-
-	up := 0
-	if y < t.cursorY {
-		up = t.cursorY - y
-	}
-
-	down := 0
-	if y > t.cursorY {
-		down = y - t.cursorY
-	}
-
-	left := 0
-	if x < t.cursorX {
-		left = t.cursorX - x
-	}
-
-	right := 0
-	if x > t.cursorX {
-		right = x - t.cursorX
-	}
-
-	t.cursorX = x
-	t.cursorY = y
-	t.move(up, down, left, right)
-}
-
-func (t *Terminal) move(up, down, left, right int) {
-	movement := make([]rune, 3*(up+down+left+right))
-	m := movement
-	for i := 0; i < up; i++ {
-		m[0] = keyEscape
-		m[1] = '['
-		m[2] = 'A'
-		m = m[3:]
-	}
-	for i := 0; i < down; i++ {
-		m[0] = keyEscape
-		m[1] = '['
-		m[2] = 'B'
-		m = m[3:]
-	}
-	for i := 0; i < left; i++ {
-		m[0] = keyEscape
-		m[1] = '['
-		m[2] = 'D'
-		m = m[3:]
-	}
-	for i := 0; i < right; i++ {
-		m[0] = keyEscape
-		m[1] = '['
-		m[2] = 'C'
-		m = m[3:]
-	}
-
-	t.queue(movement)
-}
-
-func (t *Terminal) clearLineToRight() {
-	op := []rune{keyEscape, '[', 'K'}
-	t.queue(op)
-}
-
-const maxLineLength = 4096
-
-func (t *Terminal) setLine(newLine []rune, newPos int) {
-	if t.echo {
-		t.moveCursorToPos(0)
-		t.writeLine(newLine)
-		for i := len(newLine); i < len(t.line); i++ {
-			t.writeLine(space)
-		}
-		t.moveCursorToPos(newPos)
-	}
-	t.line = newLine
-	t.pos = newPos
-}
-
-func (t *Terminal) advanceCursor(places int) {
-	t.cursorX += places
-	t.cursorY += t.cursorX / t.termWidth
-	if t.cursorY > t.maxLine {
-		t.maxLine = t.cursorY
-	}
-	t.cursorX = t.cursorX % t.termWidth
-
-	if places > 0 && t.cursorX == 0 {
-		// Normally terminals will advance the current position
-		// when writing a character. But that doesn't happen
-		// for the last character in a line. However, when
-		// writing a character (except a new line) that causes
-		// a line wrap, the position will be advanced two
-		// places.
-		//
-		// So, if we are stopping at the end of a line, we
-		// need to write a newline so that our cursor can be
-		// advanced to the next line.
-		t.outBuf = append(t.outBuf, '\r', '\n')
-	}
-}
-
-func (t *Terminal) eraseNPreviousChars(n int) {
-	if n == 0 {
-		return
-	}
-
-	if t.pos < n {
-		n = t.pos
-	}
-	t.pos -= n
-	t.moveCursorToPos(t.pos)
-
-	copy(t.line[t.pos:], t.line[n+t.pos:])
-	t.line = t.line[:len(t.line)-n]
-	if t.echo {
-		t.writeLine(t.line[t.pos:])
-		for i := 0; i < n; i++ {
-			t.queue(space)
-		}
-		t.advanceCursor(n)
-		t.moveCursorToPos(t.pos)
-	}
-}
-
-// countToLeftWord returns then number of characters from the cursor to the
-// start of the previous word.
-func (t *Terminal) countToLeftWord() int {
-	if t.pos == 0 {
-		return 0
-	}
-
-	pos := t.pos - 1
-	for pos > 0 {
-		if t.line[pos] != ' ' {
-			break
-		}
-		pos--
-	}
-	for pos > 0 {
-		if t.line[pos] == ' ' {
-			pos++
-			break
-		}
-		pos--
-	}
-
-	return t.pos - pos
-}
-
-// countToRightWord returns then number of characters from the cursor to the
-// start of the next word.
-func (t *Terminal) countToRightWord() int {
-	pos := t.pos
-	for pos < len(t.line) {
-		if t.line[pos] == ' ' {
-			break
-		}
-		pos++
-	}
-	for pos < len(t.line) {
-		if t.line[pos] != ' ' {
-			break
-		}
-		pos++
-	}
-	return pos - t.pos
-}
-
-// visualLength returns the number of visible glyphs in s.
-func visualLength(runes []rune) int {
-	inEscapeSeq := false
-	length := 0
-
-	for _, r := range runes {
-		switch {
-		case inEscapeSeq:
-			if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') {
-				inEscapeSeq = false
-			}
-		case r == '\x1b':
-			inEscapeSeq = true
-		default:
-			length++
-		}
-	}
-
-	return length
-}
-
-// handleKey processes the given key and, optionally, returns a line of text
-// that the user has entered.
-func (t *Terminal) handleKey(key rune) (line string, ok bool) {
-	if t.pasteActive && key != keyEnter {
-		t.addKeyToLine(key)
-		return
-	}
-
-	switch key {
-	case keyBackspace:
-		if t.pos == 0 {
-			return
-		}
-		t.eraseNPreviousChars(1)
-	case keyAltLeft:
-		// move left by a word.
-		t.pos -= t.countToLeftWord()
-		t.moveCursorToPos(t.pos)
-	case keyAltRight:
-		// move right by a word.
-		t.pos += t.countToRightWord()
-		t.moveCursorToPos(t.pos)
-	case keyLeft:
-		if t.pos == 0 {
-			return
-		}
-		t.pos--
-		t.moveCursorToPos(t.pos)
-	case keyRight:
-		if t.pos == len(t.line) {
-			return
-		}
-		t.pos++
-		t.moveCursorToPos(t.pos)
-	case keyHome:
-		if t.pos == 0 {
-			return
-		}
-		t.pos = 0
-		t.moveCursorToPos(t.pos)
-	case keyEnd:
-		if t.pos == len(t.line) {
-			return
-		}
-		t.pos = len(t.line)
-		t.moveCursorToPos(t.pos)
-	case keyUp:
-		entry, ok := t.history.NthPreviousEntry(t.historyIndex + 1)
-		if !ok {
-			return "", false
-		}
-		if t.historyIndex == -1 {
-			t.historyPending = string(t.line)
-		}
-		t.historyIndex++
-		runes := []rune(entry)
-		t.setLine(runes, len(runes))
-	case keyDown:
-		switch t.historyIndex {
-		case -1:
-			return
-		case 0:
-			runes := []rune(t.historyPending)
-			t.setLine(runes, len(runes))
-			t.historyIndex--
-		default:
-			entry, ok := t.history.NthPreviousEntry(t.historyIndex - 1)
-			if ok {
-				t.historyIndex--
-				runes := []rune(entry)
-				t.setLine(runes, len(runes))
-			}
-		}
-	case keyEnter:
-		t.moveCursorToPos(len(t.line))
-		t.queue([]rune("\r\n"))
-		line = string(t.line)
-		ok = true
-		t.line = t.line[:0]
-		t.pos = 0
-		t.cursorX = 0
-		t.cursorY = 0
-		t.maxLine = 0
-	case keyDeleteWord:
-		// Delete zero or more spaces and then one or more characters.
-		t.eraseNPreviousChars(t.countToLeftWord())
-	case keyDeleteLine:
-		// Delete everything from the current cursor position to the
-		// end of line.
-		for i := t.pos; i < len(t.line); i++ {
-			t.queue(space)
-			t.advanceCursor(1)
-		}
-		t.line = t.line[:t.pos]
-		t.moveCursorToPos(t.pos)
-	case keyCtrlD:
-		// Erase the character under the current position.
-		// The EOF case when the line is empty is handled in
-		// readLine().
-		if t.pos < len(t.line) {
-			t.pos++
-			t.eraseNPreviousChars(1)
-		}
-	case keyCtrlU:
-		t.eraseNPreviousChars(t.pos)
-	case keyClearScreen:
-		// Erases the screen and moves the cursor to the home position.
-		t.queue([]rune("\x1b[2J\x1b[H"))
-		t.queue(t.prompt)
-		t.cursorX, t.cursorY = 0, 0
-		t.advanceCursor(visualLength(t.prompt))
-		t.setLine(t.line, t.pos)
-	default:
-		if t.AutoCompleteCallback != nil {
-			prefix := string(t.line[:t.pos])
-			suffix := string(t.line[t.pos:])
-
-			t.lock.Unlock()
-			newLine, newPos, completeOk := t.AutoCompleteCallback(prefix+suffix, len(prefix), key)
-			t.lock.Lock()
-
-			if completeOk {
-				t.setLine([]rune(newLine), utf8.RuneCount([]byte(newLine)[:newPos]))
-				return
-			}
-		}
-		if !isPrintable(key) {
-			return
-		}
-		if len(t.line) == maxLineLength {
-			return
-		}
-		t.addKeyToLine(key)
-	}
-	return
-}
-
-// addKeyToLine inserts the given key at the current position in the current
-// line.
-func (t *Terminal) addKeyToLine(key rune) {
-	if len(t.line) == cap(t.line) {
-		newLine := make([]rune, len(t.line), 2*(1+len(t.line)))
-		copy(newLine, t.line)
-		t.line = newLine
-	}
-	t.line = t.line[:len(t.line)+1]
-	copy(t.line[t.pos+1:], t.line[t.pos:])
-	t.line[t.pos] = key
-	if t.echo {
-		t.writeLine(t.line[t.pos:])
-	}
-	t.pos++
-	t.moveCursorToPos(t.pos)
-}
-
-func (t *Terminal) writeLine(line []rune) {
-	for len(line) != 0 {
-		remainingOnLine := t.termWidth - t.cursorX
-		todo := len(line)
-		if todo > remainingOnLine {
-			todo = remainingOnLine
-		}
-		t.queue(line[:todo])
-		t.advanceCursor(visualLength(line[:todo]))
-		line = line[todo:]
-	}
-}
-
-// writeWithCRLF writes buf to w but replaces all occurrences of \n with \r\n.
-func writeWithCRLF(w io.Writer, buf []byte) (n int, err error) {
-	for len(buf) > 0 {
-		i := bytes.IndexByte(buf, '\n')
-		todo := len(buf)
-		if i >= 0 {
-			todo = i
-		}
-
-		var nn int
-		nn, err = w.Write(buf[:todo])
-		n += nn
-		if err != nil {
-			return n, err
-		}
-		buf = buf[todo:]
-
-		if i >= 0 {
-			if _, err = w.Write(crlf); err != nil {
-				return n, err
-			}
-			n++
-			buf = buf[1:]
-		}
-	}
-
-	return n, nil
-}
-
-func (t *Terminal) Write(buf []byte) (n int, err error) {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	if t.cursorX == 0 && t.cursorY == 0 {
-		// This is the easy case: there's nothing on the screen that we
-		// have to move out of the way.
-		return writeWithCRLF(t.c, buf)
-	}
-
-	// We have a prompt and possibly user input on the screen. We
-	// have to clear it first.
-	t.move(0 /* up */, 0 /* down */, t.cursorX /* left */, 0 /* right */)
-	t.cursorX = 0
-	t.clearLineToRight()
-
-	for t.cursorY > 0 {
-		t.move(1 /* up */, 0, 0, 0)
-		t.cursorY--
-		t.clearLineToRight()
-	}
-
-	if _, err = t.c.Write(t.outBuf); err != nil {
-		return
-	}
-	t.outBuf = t.outBuf[:0]
-
-	if n, err = writeWithCRLF(t.c, buf); err != nil {
-		return
-	}
-
-	t.writeLine(t.prompt)
-	if t.echo {
-		t.writeLine(t.line)
-	}
-
-	t.moveCursorToPos(t.pos)
-
-	if _, err = t.c.Write(t.outBuf); err != nil {
-		return
-	}
-	t.outBuf = t.outBuf[:0]
-	return
-}
-
-// ReadPassword temporarily changes the prompt and reads a password, without
-// echo, from the terminal.
-func (t *Terminal) ReadPassword(prompt string) (line string, err error) {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	oldPrompt := t.prompt
-	t.prompt = []rune(prompt)
-	t.echo = false
-
-	line, err = t.readLine()
-
-	t.prompt = oldPrompt
-	t.echo = true
-
-	return
-}
-
-// ReadLine returns a line of input from the terminal.
-func (t *Terminal) ReadLine() (line string, err error) {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	return t.readLine()
-}
-
-func (t *Terminal) readLine() (line string, err error) {
-	// t.lock must be held at this point
-
-	if t.cursorX == 0 && t.cursorY == 0 {
-		t.writeLine(t.prompt)
-		t.c.Write(t.outBuf)
-		t.outBuf = t.outBuf[:0]
-	}
-
-	lineIsPasted := t.pasteActive
-
-	for {
-		rest := t.remainder
-		lineOk := false
-		for !lineOk {
-			var key rune
-			key, rest = bytesToKey(rest, t.pasteActive)
-			if key == utf8.RuneError {
-				break
-			}
-			if !t.pasteActive {
-				if key == keyCtrlD {
-					if len(t.line) == 0 {
-						return "", io.EOF
-					}
-				}
-				if key == keyPasteStart {
-					t.pasteActive = true
-					if len(t.line) == 0 {
-						lineIsPasted = true
-					}
-					continue
-				}
-			} else if key == keyPasteEnd {
-				t.pasteActive = false
-				continue
-			}
-			if !t.pasteActive {
-				lineIsPasted = false
-			}
-			line, lineOk = t.handleKey(key)
-		}
-		if len(rest) > 0 {
-			n := copy(t.inBuf[:], rest)
-			t.remainder = t.inBuf[:n]
-		} else {
-			t.remainder = nil
-		}
-		t.c.Write(t.outBuf)
-		t.outBuf = t.outBuf[:0]
-		if lineOk {
-			if t.echo {
-				t.historyIndex = -1
-				t.history.Add(line)
-			}
-			if lineIsPasted {
-				err = ErrPasteIndicator
-			}
-			return
-		}
-
-		// t.remainder is a slice at the beginning of t.inBuf
-		// containing a partial key sequence
-		readBuf := t.inBuf[len(t.remainder):]
-		var n int
-
-		t.lock.Unlock()
-		n, err = t.c.Read(readBuf)
-		t.lock.Lock()
-
-		if err != nil {
-			return
-		}
-
-		t.remainder = t.inBuf[:n+len(t.remainder)]
-	}
-}
-
-// SetPrompt sets the prompt to be used when reading subsequent lines.
-func (t *Terminal) SetPrompt(prompt string) {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	t.prompt = []rune(prompt)
-}
-
-func (t *Terminal) clearAndRepaintLinePlusNPrevious(numPrevLines int) {
-	// Move cursor to column zero at the start of the line.
-	t.move(t.cursorY, 0, t.cursorX, 0)
-	t.cursorX, t.cursorY = 0, 0
-	t.clearLineToRight()
-	for t.cursorY < numPrevLines {
-		// Move down a line
-		t.move(0, 1, 0, 0)
-		t.cursorY++
-		t.clearLineToRight()
-	}
-	// Move back to beginning.
-	t.move(t.cursorY, 0, 0, 0)
-	t.cursorX, t.cursorY = 0, 0
-
-	t.queue(t.prompt)
-	t.advanceCursor(visualLength(t.prompt))
-	t.writeLine(t.line)
-	t.moveCursorToPos(t.pos)
-}
-
-func (t *Terminal) SetSize(width, height int) error {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	if width == 0 {
-		width = 1
-	}
-
-	oldWidth := t.termWidth
-	t.termWidth, t.termHeight = width, height
-
-	switch {
-	case width == oldWidth:
-		// If the width didn't change then nothing else needs to be
-		// done.
-		return nil
-	case len(t.line) == 0 && t.cursorX == 0 && t.cursorY == 0:
-		// If there is nothing on current line and no prompt printed,
-		// just do nothing
-		return nil
-	case width < oldWidth:
-		// Some terminals (e.g. xterm) will truncate lines that were
-		// too long when shinking. Others, (e.g. gnome-terminal) will
-		// attempt to wrap them. For the former, repainting t.maxLine
-		// works great, but that behaviour goes badly wrong in the case
-		// of the latter because they have doubled every full line.
-
-		// We assume that we are working on a terminal that wraps lines
-		// and adjust the cursor position based on every previous line
-		// wrapping and turning into two. This causes the prompt on
-		// xterms to move upwards, which isn't great, but it avoids a
-		// huge mess with gnome-terminal.
-		if t.cursorX >= t.termWidth {
-			t.cursorX = t.termWidth - 1
-		}
-		t.cursorY *= 2
-		t.clearAndRepaintLinePlusNPrevious(t.maxLine * 2)
-	case width > oldWidth:
-		// If the terminal expands then our position calculations will
-		// be wrong in the future because we think the cursor is
-		// |t.pos| chars into the string, but there will be a gap at
-		// the end of any wrapped line.
-		//
-		// But the position will actually be correct until we move, so
-		// we can move back to the beginning and repaint everything.
-		t.clearAndRepaintLinePlusNPrevious(t.maxLine)
-	}
-
-	_, err := t.c.Write(t.outBuf)
-	t.outBuf = t.outBuf[:0]
-	return err
-}
-
-type pasteIndicatorError struct{}
-
-func (pasteIndicatorError) Error() string {
-	return "terminal: ErrPasteIndicator not correctly handled"
-}
-
-// ErrPasteIndicator may be returned from ReadLine as the error, in addition
-// to valid line data. It indicates that bracketed paste mode is enabled and
-// that the returned line consists only of pasted data. Programs may wish to
-// interpret pasted data more literally than typed data.
-var ErrPasteIndicator = pasteIndicatorError{}
-
-// SetBracketedPasteMode requests that the terminal bracket paste operations
-// with markers. Not all terminals support this but, if it is supported, then
-// enabling this mode will stop any autocomplete callback from running due to
-// pastes. Additionally, any lines that are completely pasted will be returned
-// from ReadLine with the error set to ErrPasteIndicator.
-func (t *Terminal) SetBracketedPasteMode(on bool) {
-	if on {
-		io.WriteString(t.c, "\x1b[?2004h")
-	} else {
-		io.WriteString(t.c, "\x1b[?2004l")
-	}
-}
-
-// stRingBuffer is a ring buffer of strings.
-type stRingBuffer struct {
-	// entries contains max elements.
-	entries []string
-	max     int
-	// head contains the index of the element most recently added to the ring.
-	head int
-	// size contains the number of elements in the ring.
-	size int
-}
-
-func (s *stRingBuffer) Add(a string) {
-	if s.entries == nil {
-		const defaultNumEntries = 100
-		s.entries = make([]string, defaultNumEntries)
-		s.max = defaultNumEntries
-	}
-
-	s.head = (s.head + 1) % s.max
-	s.entries[s.head] = a
-	if s.size < s.max {
-		s.size++
-	}
-}
-
-// NthPreviousEntry returns the value passed to the nth previous call to Add.
-// If n is zero then the immediately prior value is returned, if one, then the
-// next most recent, and so on. If such an element doesn't exist then ok is
-// false.
-func (s *stRingBuffer) NthPreviousEntry(n int) (value string, ok bool) {
-	if n >= s.size {
-		return "", false
-	}
-	index := s.head - n
-	if index < 0 {
-		index += s.max
-	}
-	return s.entries[index], true
-}
-
-// readPasswordLine reads from reader until it finds \n or io.EOF.
-// The slice returned does not include the \n.
-// readPasswordLine also ignores any \r it finds.
-func readPasswordLine(reader io.Reader) ([]byte, error) {
-	var buf [1]byte
-	var ret []byte
-
-	for {
-		n, err := reader.Read(buf[:])
-		if n > 0 {
-			switch buf[0] {
-			case '\n':
-				return ret, nil
-			case '\r':
-				// remove \r from passwords on Windows
-			default:
-				ret = append(ret, buf[0])
-			}
-			continue
-		}
-		if err != nil {
-			if err == io.EOF && len(ret) > 0 {
-				return ret, nil
-			}
-			return ret, err
-		}
-	}
-}
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/util.go b/vendor/golang.org/x/crypto/ssh/terminal/util.go
deleted file mode 100644
index 731c89a284a29..0000000000000
--- a/vendor/golang.org/x/crypto/ssh/terminal/util.go
+++ /dev/null
@@ -1,114 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin dragonfly freebsd linux,!appengine netbsd openbsd
-
-// Package terminal provides support functions for dealing with terminals, as
-// commonly found on UNIX systems.
-//
-// Putting a terminal into raw mode is the most common requirement:
-//
-// 	oldState, err := terminal.MakeRaw(0)
-// 	if err != nil {
-// 	        panic(err)
-// 	}
-// 	defer terminal.Restore(0, oldState)
-package terminal // import "golang.org/x/crypto/ssh/terminal"
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-// State contains the state of a terminal.
-type State struct {
-	termios unix.Termios
-}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd int) bool {
-	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
-	return err == nil
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd int) (*State, error) {
-	termios, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
-	if err != nil {
-		return nil, err
-	}
-
-	oldState := State{termios: *termios}
-
-	// This attempts to replicate the behaviour documented for cfmakeraw in
-	// the termios(3) manpage.
-	termios.Iflag &^= unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON
-	termios.Oflag &^= unix.OPOST
-	termios.Lflag &^= unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN
-	termios.Cflag &^= unix.CSIZE | unix.PARENB
-	termios.Cflag |= unix.CS8
-	termios.Cc[unix.VMIN] = 1
-	termios.Cc[unix.VTIME] = 0
-	if err := unix.IoctlSetTermios(fd, ioctlWriteTermios, termios); err != nil {
-		return nil, err
-	}
-
-	return &oldState, nil
-}
-
-// GetState returns the current state of a terminal which may be useful to
-// restore the terminal after a signal.
-func GetState(fd int) (*State, error) {
-	termios, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
-	if err != nil {
-		return nil, err
-	}
-
-	return &State{termios: *termios}, nil
-}
-
-// Restore restores the terminal connected to the given file descriptor to a
-// previous state.
-func Restore(fd int, state *State) error {
-	return unix.IoctlSetTermios(fd, ioctlWriteTermios, &state.termios)
-}
-
-// GetSize returns the dimensions of the given terminal.
-func GetSize(fd int) (width, height int, err error) {
-	ws, err := unix.IoctlGetWinsize(fd, unix.TIOCGWINSZ)
-	if err != nil {
-		return -1, -1, err
-	}
-	return int(ws.Col), int(ws.Row), nil
-}
-
-// passwordReader is an io.Reader that reads from a specific file descriptor.
-type passwordReader int
-
-func (r passwordReader) Read(buf []byte) (int, error) {
-	return unix.Read(int(r), buf)
-}
-
-// ReadPassword reads a line of input from a terminal without local echo.  This
-// is commonly used for inputting passwords and other sensitive data. The slice
-// returned does not include the \n.
-func ReadPassword(fd int) ([]byte, error) {
-	termios, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
-	if err != nil {
-		return nil, err
-	}
-
-	newState := *termios
-	newState.Lflag &^= unix.ECHO
-	newState.Lflag |= unix.ICANON | unix.ISIG
-	newState.Iflag |= unix.ICRNL
-	if err := unix.IoctlSetTermios(fd, ioctlWriteTermios, &newState); err != nil {
-		return nil, err
-	}
-
-	defer unix.IoctlSetTermios(fd, ioctlWriteTermios, termios)
-
-	return readPasswordLine(passwordReader(fd))
-}
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/util_bsd.go b/vendor/golang.org/x/crypto/ssh/terminal/util_bsd.go
deleted file mode 100644
index cb23a59049401..0000000000000
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_bsd.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin dragonfly freebsd netbsd openbsd
-
-package terminal
-
-import "golang.org/x/sys/unix"
-
-const ioctlReadTermios = unix.TIOCGETA
-const ioctlWriteTermios = unix.TIOCSETA
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/util_linux.go b/vendor/golang.org/x/crypto/ssh/terminal/util_linux.go
deleted file mode 100644
index 5fadfe8a1d50b..0000000000000
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_linux.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package terminal
-
-import "golang.org/x/sys/unix"
-
-const ioctlReadTermios = unix.TCGETS
-const ioctlWriteTermios = unix.TCSETS
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/util_plan9.go b/vendor/golang.org/x/crypto/ssh/terminal/util_plan9.go
deleted file mode 100644
index 799f049f04ea0..0000000000000
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_plan9.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package terminal provides support functions for dealing with terminals, as
-// commonly found on UNIX systems.
-//
-// Putting a terminal into raw mode is the most common requirement:
-//
-// 	oldState, err := terminal.MakeRaw(0)
-// 	if err != nil {
-// 	        panic(err)
-// 	}
-// 	defer terminal.Restore(0, oldState)
-package terminal
-
-import (
-	"fmt"
-	"runtime"
-)
-
-type State struct{}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd int) bool {
-	return false
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd int) (*State, error) {
-	return nil, fmt.Errorf("terminal: MakeRaw not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// GetState returns the current state of a terminal which may be useful to
-// restore the terminal after a signal.
-func GetState(fd int) (*State, error) {
-	return nil, fmt.Errorf("terminal: GetState not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// Restore restores the terminal connected to the given file descriptor to a
-// previous state.
-func Restore(fd int, state *State) error {
-	return fmt.Errorf("terminal: Restore not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// GetSize returns the dimensions of the given terminal.
-func GetSize(fd int) (width, height int, err error) {
-	return 0, 0, fmt.Errorf("terminal: GetSize not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// ReadPassword reads a line of input from a terminal without local echo.  This
-// is commonly used for inputting passwords and other sensitive data. The slice
-// returned does not include the \n.
-func ReadPassword(fd int) ([]byte, error) {
-	return nil, fmt.Errorf("terminal: ReadPassword not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/util_solaris.go b/vendor/golang.org/x/crypto/ssh/terminal/util_solaris.go
deleted file mode 100644
index 9e41b9f43f089..0000000000000
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_solaris.go
+++ /dev/null
@@ -1,124 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build solaris
-
-package terminal // import "golang.org/x/crypto/ssh/terminal"
-
-import (
-	"golang.org/x/sys/unix"
-	"io"
-	"syscall"
-)
-
-// State contains the state of a terminal.
-type State struct {
-	termios unix.Termios
-}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd int) bool {
-	_, err := unix.IoctlGetTermio(fd, unix.TCGETA)
-	return err == nil
-}
-
-// ReadPassword reads a line of input from a terminal without local echo.  This
-// is commonly used for inputting passwords and other sensitive data. The slice
-// returned does not include the \n.
-func ReadPassword(fd int) ([]byte, error) {
-	// see also: http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
-	val, err := unix.IoctlGetTermios(fd, unix.TCGETS)
-	if err != nil {
-		return nil, err
-	}
-	oldState := *val
-
-	newState := oldState
-	newState.Lflag &^= syscall.ECHO
-	newState.Lflag |= syscall.ICANON | syscall.ISIG
-	newState.Iflag |= syscall.ICRNL
-	err = unix.IoctlSetTermios(fd, unix.TCSETS, &newState)
-	if err != nil {
-		return nil, err
-	}
-
-	defer unix.IoctlSetTermios(fd, unix.TCSETS, &oldState)
-
-	var buf [16]byte
-	var ret []byte
-	for {
-		n, err := syscall.Read(fd, buf[:])
-		if err != nil {
-			return nil, err
-		}
-		if n == 0 {
-			if len(ret) == 0 {
-				return nil, io.EOF
-			}
-			break
-		}
-		if buf[n-1] == '\n' {
-			n--
-		}
-		ret = append(ret, buf[:n]...)
-		if n < len(buf) {
-			break
-		}
-	}
-
-	return ret, nil
-}
-
-// MakeRaw puts the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-// see http://cr.illumos.org/~webrev/andy_js/1060/
-func MakeRaw(fd int) (*State, error) {
-	termios, err := unix.IoctlGetTermios(fd, unix.TCGETS)
-	if err != nil {
-		return nil, err
-	}
-
-	oldState := State{termios: *termios}
-
-	termios.Iflag &^= unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON
-	termios.Oflag &^= unix.OPOST
-	termios.Lflag &^= unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN
-	termios.Cflag &^= unix.CSIZE | unix.PARENB
-	termios.Cflag |= unix.CS8
-	termios.Cc[unix.VMIN] = 1
-	termios.Cc[unix.VTIME] = 0
-
-	if err := unix.IoctlSetTermios(fd, unix.TCSETS, termios); err != nil {
-		return nil, err
-	}
-
-	return &oldState, nil
-}
-
-// Restore restores the terminal connected to the given file descriptor to a
-// previous state.
-func Restore(fd int, oldState *State) error {
-	return unix.IoctlSetTermios(fd, unix.TCSETS, &oldState.termios)
-}
-
-// GetState returns the current state of a terminal which may be useful to
-// restore the terminal after a signal.
-func GetState(fd int) (*State, error) {
-	termios, err := unix.IoctlGetTermios(fd, unix.TCGETS)
-	if err != nil {
-		return nil, err
-	}
-
-	return &State{termios: *termios}, nil
-}
-
-// GetSize returns the dimensions of the given terminal.
-func GetSize(fd int) (width, height int, err error) {
-	ws, err := unix.IoctlGetWinsize(fd, unix.TIOCGWINSZ)
-	if err != nil {
-		return 0, 0, err
-	}
-	return int(ws.Col), int(ws.Row), nil
-}
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go b/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
deleted file mode 100644
index 8618955df7383..0000000000000
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
+++ /dev/null
@@ -1,103 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-// Package terminal provides support functions for dealing with terminals, as
-// commonly found on UNIX systems.
-//
-// Putting a terminal into raw mode is the most common requirement:
-//
-// 	oldState, err := terminal.MakeRaw(0)
-// 	if err != nil {
-// 	        panic(err)
-// 	}
-// 	defer terminal.Restore(0, oldState)
-package terminal
-
-import (
-	"os"
-
-	"golang.org/x/sys/windows"
-)
-
-type State struct {
-	mode uint32
-}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd int) bool {
-	var st uint32
-	err := windows.GetConsoleMode(windows.Handle(fd), &st)
-	return err == nil
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd int) (*State, error) {
-	var st uint32
-	if err := windows.GetConsoleMode(windows.Handle(fd), &st); err != nil {
-		return nil, err
-	}
-	raw := st &^ (windows.ENABLE_ECHO_INPUT | windows.ENABLE_PROCESSED_INPUT | windows.ENABLE_LINE_INPUT | windows.ENABLE_PROCESSED_OUTPUT)
-	if err := windows.SetConsoleMode(windows.Handle(fd), raw); err != nil {
-		return nil, err
-	}
-	return &State{st}, nil
-}
-
-// GetState returns the current state of a terminal which may be useful to
-// restore the terminal after a signal.
-func GetState(fd int) (*State, error) {
-	var st uint32
-	if err := windows.GetConsoleMode(windows.Handle(fd), &st); err != nil {
-		return nil, err
-	}
-	return &State{st}, nil
-}
-
-// Restore restores the terminal connected to the given file descriptor to a
-// previous state.
-func Restore(fd int, state *State) error {
-	return windows.SetConsoleMode(windows.Handle(fd), state.mode)
-}
-
-// GetSize returns the dimensions of the given terminal.
-func GetSize(fd int) (width, height int, err error) {
-	var info windows.ConsoleScreenBufferInfo
-	if err := windows.GetConsoleScreenBufferInfo(windows.Handle(fd), &info); err != nil {
-		return 0, 0, err
-	}
-	return int(info.Size.X), int(info.Size.Y), nil
-}
-
-// ReadPassword reads a line of input from a terminal without local echo.  This
-// is commonly used for inputting passwords and other sensitive data. The slice
-// returned does not include the \n.
-func ReadPassword(fd int) ([]byte, error) {
-	var st uint32
-	if err := windows.GetConsoleMode(windows.Handle(fd), &st); err != nil {
-		return nil, err
-	}
-	old := st
-
-	st &^= (windows.ENABLE_ECHO_INPUT)
-	st |= (windows.ENABLE_PROCESSED_INPUT | windows.ENABLE_LINE_INPUT | windows.ENABLE_PROCESSED_OUTPUT)
-	if err := windows.SetConsoleMode(windows.Handle(fd), st); err != nil {
-		return nil, err
-	}
-
-	defer windows.SetConsoleMode(windows.Handle(fd), old)
-
-	var h windows.Handle
-	p, _ := windows.GetCurrentProcess()
-	if err := windows.DuplicateHandle(p, windows.Handle(fd), p, &h, 0, false, windows.DUPLICATE_SAME_ACCESS); err != nil {
-		return nil, err
-	}
-
-	f := os.NewFile(uintptr(h), "stdin")
-	defer f.Close()
-	return readPasswordLine(f)
-}
diff --git a/vendor/golang.org/x/crypto/ssh/transport.go b/vendor/golang.org/x/crypto/ssh/transport.go
new file mode 100644
index 0000000000000..49ddc2e7de46c
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/transport.go
@@ -0,0 +1,353 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"io"
+	"log"
+)
+
+// debugTransport if set, will print packet types as they go over the
+// wire. No message decoding is done, to minimize the impact on timing.
+const debugTransport = false
+
+const (
+	gcmCipherID    = "aes128-gcm@openssh.com"
+	aes128cbcID    = "aes128-cbc"
+	tripledescbcID = "3des-cbc"
+)
+
+// packetConn represents a transport that implements packet based
+// operations.
+type packetConn interface {
+	// Encrypt and send a packet of data to the remote peer.
+	writePacket(packet []byte) error
+
+	// Read a packet from the connection. The read is blocking,
+	// i.e. if error is nil, then the returned byte slice is
+	// always non-empty.
+	readPacket() ([]byte, error)
+
+	// Close closes the write-side of the connection.
+	Close() error
+}
+
+// transport is the keyingTransport that implements the SSH packet
+// protocol.
+type transport struct {
+	reader connectionState
+	writer connectionState
+
+	bufReader *bufio.Reader
+	bufWriter *bufio.Writer
+	rand      io.Reader
+	isClient  bool
+	io.Closer
+}
+
+// packetCipher represents a combination of SSH encryption/MAC
+// protocol.  A single instance should be used for one direction only.
+type packetCipher interface {
+	// writeCipherPacket encrypts the packet and writes it to w. The
+	// contents of the packet are generally scrambled.
+	writeCipherPacket(seqnum uint32, w io.Writer, rand io.Reader, packet []byte) error
+
+	// readCipherPacket reads and decrypts a packet of data. The
+	// returned packet may be overwritten by future calls of
+	// readPacket.
+	readCipherPacket(seqnum uint32, r io.Reader) ([]byte, error)
+}
+
+// connectionState represents one side (read or write) of the
+// connection. This is necessary because each direction has its own
+// keys, and can even have its own algorithms
+type connectionState struct {
+	packetCipher
+	seqNum           uint32
+	dir              direction
+	pendingKeyChange chan packetCipher
+}
+
+// prepareKeyChange sets up key material for a keychange. The key changes in
+// both directions are triggered by reading and writing a msgNewKey packet
+// respectively.
+func (t *transport) prepareKeyChange(algs *algorithms, kexResult *kexResult) error {
+	ciph, err := newPacketCipher(t.reader.dir, algs.r, kexResult)
+	if err != nil {
+		return err
+	}
+	t.reader.pendingKeyChange <- ciph
+
+	ciph, err = newPacketCipher(t.writer.dir, algs.w, kexResult)
+	if err != nil {
+		return err
+	}
+	t.writer.pendingKeyChange <- ciph
+
+	return nil
+}
+
+func (t *transport) printPacket(p []byte, write bool) {
+	if len(p) == 0 {
+		return
+	}
+	who := "server"
+	if t.isClient {
+		who = "client"
+	}
+	what := "read"
+	if write {
+		what = "write"
+	}
+
+	log.Println(what, who, p[0])
+}
+
+// Read and decrypt next packet.
+func (t *transport) readPacket() (p []byte, err error) {
+	for {
+		p, err = t.reader.readPacket(t.bufReader)
+		if err != nil {
+			break
+		}
+		if len(p) == 0 || (p[0] != msgIgnore && p[0] != msgDebug) {
+			break
+		}
+	}
+	if debugTransport {
+		t.printPacket(p, false)
+	}
+
+	return p, err
+}
+
+func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
+	packet, err := s.packetCipher.readCipherPacket(s.seqNum, r)
+	s.seqNum++
+	if err == nil && len(packet) == 0 {
+		err = errors.New("ssh: zero length packet")
+	}
+
+	if len(packet) > 0 {
+		switch packet[0] {
+		case msgNewKeys:
+			select {
+			case cipher := <-s.pendingKeyChange:
+				s.packetCipher = cipher
+			default:
+				return nil, errors.New("ssh: got bogus newkeys message")
+			}
+
+		case msgDisconnect:
+			// Transform a disconnect message into an
+			// error. Since this is lowest level at which
+			// we interpret message types, doing it here
+			// ensures that we don't have to handle it
+			// elsewhere.
+			var msg disconnectMsg
+			if err := Unmarshal(packet, &msg); err != nil {
+				return nil, err
+			}
+			return nil, &msg
+		}
+	}
+
+	// The packet may point to an internal buffer, so copy the
+	// packet out here.
+	fresh := make([]byte, len(packet))
+	copy(fresh, packet)
+
+	return fresh, err
+}
+
+func (t *transport) writePacket(packet []byte) error {
+	if debugTransport {
+		t.printPacket(packet, true)
+	}
+	return t.writer.writePacket(t.bufWriter, t.rand, packet)
+}
+
+func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []byte) error {
+	changeKeys := len(packet) > 0 && packet[0] == msgNewKeys
+
+	err := s.packetCipher.writeCipherPacket(s.seqNum, w, rand, packet)
+	if err != nil {
+		return err
+	}
+	if err = w.Flush(); err != nil {
+		return err
+	}
+	s.seqNum++
+	if changeKeys {
+		select {
+		case cipher := <-s.pendingKeyChange:
+			s.packetCipher = cipher
+		default:
+			panic("ssh: no key material for msgNewKeys")
+		}
+	}
+	return err
+}
+
+func newTransport(rwc io.ReadWriteCloser, rand io.Reader, isClient bool) *transport {
+	t := &transport{
+		bufReader: bufio.NewReader(rwc),
+		bufWriter: bufio.NewWriter(rwc),
+		rand:      rand,
+		reader: connectionState{
+			packetCipher:     &streamPacketCipher{cipher: noneCipher{}},
+			pendingKeyChange: make(chan packetCipher, 1),
+		},
+		writer: connectionState{
+			packetCipher:     &streamPacketCipher{cipher: noneCipher{}},
+			pendingKeyChange: make(chan packetCipher, 1),
+		},
+		Closer: rwc,
+	}
+	t.isClient = isClient
+
+	if isClient {
+		t.reader.dir = serverKeys
+		t.writer.dir = clientKeys
+	} else {
+		t.reader.dir = clientKeys
+		t.writer.dir = serverKeys
+	}
+
+	return t
+}
+
+type direction struct {
+	ivTag     []byte
+	keyTag    []byte
+	macKeyTag []byte
+}
+
+var (
+	serverKeys = direction{[]byte{'B'}, []byte{'D'}, []byte{'F'}}
+	clientKeys = direction{[]byte{'A'}, []byte{'C'}, []byte{'E'}}
+)
+
+// setupKeys sets the cipher and MAC keys from kex.K, kex.H and sessionId, as
+// described in RFC 4253, section 6.4. direction should either be serverKeys
+// (to setup server->client keys) or clientKeys (for client->server keys).
+func newPacketCipher(d direction, algs directionAlgorithms, kex *kexResult) (packetCipher, error) {
+	cipherMode := cipherModes[algs.Cipher]
+	macMode := macModes[algs.MAC]
+
+	iv := make([]byte, cipherMode.ivSize)
+	key := make([]byte, cipherMode.keySize)
+	macKey := make([]byte, macMode.keySize)
+
+	generateKeyMaterial(iv, d.ivTag, kex)
+	generateKeyMaterial(key, d.keyTag, kex)
+	generateKeyMaterial(macKey, d.macKeyTag, kex)
+
+	return cipherModes[algs.Cipher].create(key, iv, macKey, algs)
+}
+
+// generateKeyMaterial fills out with key material generated from tag, K, H
+// and sessionId, as specified in RFC 4253, section 7.2.
+func generateKeyMaterial(out, tag []byte, r *kexResult) {
+	var digestsSoFar []byte
+
+	h := r.Hash.New()
+	for len(out) > 0 {
+		h.Reset()
+		h.Write(r.K)
+		h.Write(r.H)
+
+		if len(digestsSoFar) == 0 {
+			h.Write(tag)
+			h.Write(r.SessionID)
+		} else {
+			h.Write(digestsSoFar)
+		}
+
+		digest := h.Sum(nil)
+		n := copy(out, digest)
+		out = out[n:]
+		if len(out) > 0 {
+			digestsSoFar = append(digestsSoFar, digest...)
+		}
+	}
+}
+
+const packageVersion = "SSH-2.0-Go"
+
+// Sends and receives a version line.  The versionLine string should
+// be US ASCII, start with "SSH-2.0-", and should not include a
+// newline. exchangeVersions returns the other side's version line.
+func exchangeVersions(rw io.ReadWriter, versionLine []byte) (them []byte, err error) {
+	// Contrary to the RFC, we do not ignore lines that don't
+	// start with "SSH-2.0-" to make the library usable with
+	// nonconforming servers.
+	for _, c := range versionLine {
+		// The spec disallows non US-ASCII chars, and
+		// specifically forbids null chars.
+		if c < 32 {
+			return nil, errors.New("ssh: junk character in version line")
+		}
+	}
+	if _, err = rw.Write(append(versionLine, '\r', '\n')); err != nil {
+		return
+	}
+
+	them, err = readVersion(rw)
+	return them, err
+}
+
+// maxVersionStringBytes is the maximum number of bytes that we'll
+// accept as a version string. RFC 4253 section 4.2 limits this at 255
+// chars
+const maxVersionStringBytes = 255
+
+// Read version string as specified by RFC 4253, section 4.2.
+func readVersion(r io.Reader) ([]byte, error) {
+	versionString := make([]byte, 0, 64)
+	var ok bool
+	var buf [1]byte
+
+	for length := 0; length < maxVersionStringBytes; length++ {
+		_, err := io.ReadFull(r, buf[:])
+		if err != nil {
+			return nil, err
+		}
+		// The RFC says that the version should be terminated with \r\n
+		// but several SSH servers actually only send a \n.
+		if buf[0] == '\n' {
+			if !bytes.HasPrefix(versionString, []byte("SSH-")) {
+				// RFC 4253 says we need to ignore all version string lines
+				// except the one containing the SSH version (provided that
+				// all the lines do not exceed 255 bytes in total).
+				versionString = versionString[:0]
+				continue
+			}
+			ok = true
+			break
+		}
+
+		// non ASCII chars are disallowed, but we are lenient,
+		// since Go doesn't use null-terminated strings.
+
+		// The RFC allows a comment after a space, however,
+		// all of it (version and comments) goes into the
+		// session hash.
+		versionString = append(versionString, buf[0])
+	}
+
+	if !ok {
+		return nil, errors.New("ssh: overflow reading version string")
+	}
+
+	// There might be a '\r' on the end which we should remove.
+	if len(versionString) > 0 && versionString[len(versionString)-1] == '\r' {
+		versionString = versionString[:len(versionString)-1]
+	}
+	return versionString, nil
+}
diff --git a/vendor/golang.org/x/net/README.md b/vendor/golang.org/x/net/README.md
index 00a9b6eb25f87..a15f253dff6ea 100644
--- a/vendor/golang.org/x/net/README.md
+++ b/vendor/golang.org/x/net/README.md
@@ -1,5 +1,7 @@
 # Go Networking
 
+[![Go Reference](https://pkg.go.dev/badge/golang.org/x/net.svg)](https://pkg.go.dev/golang.org/x/net)
+
 This repository holds supplementary Go networking libraries.
 
 ## Download/Install
diff --git a/vendor/golang.org/x/net/bpf/constants.go b/vendor/golang.org/x/net/bpf/constants.go
index b89ca352392a6..12f3ee835af2c 100644
--- a/vendor/golang.org/x/net/bpf/constants.go
+++ b/vendor/golang.org/x/net/bpf/constants.go
@@ -38,6 +38,7 @@ const (
 type JumpTest uint16
 
 // Supported operators for conditional jumps.
+// K can be RegX for JumpIfX
 const (
 	// K == A
 	JumpEqual JumpTest = iota
@@ -134,12 +135,9 @@ const (
 	opMaskLoadDest  = 0x01
 	opMaskLoadWidth = 0x18
 	opMaskLoadMode  = 0xe0
-	// opClsALU
-	opMaskOperandSrc = 0x08
-	opMaskOperator   = 0xf0
-	// opClsJump
-	opMaskJumpConst = 0x0f
-	opMaskJumpCond  = 0xf0
+	// opClsALU & opClsJump
+	opMaskOperand  = 0x08
+	opMaskOperator = 0xf0
 )
 
 const (
@@ -192,15 +190,21 @@ const (
 	opLoadWidth1
 )
 
-// Operator defined by ALUOp*
+// Operand for ALU and Jump instructions
+type opOperand uint16
 
+// Supported operand sources.
 const (
-	opALUSrcConstant uint16 = iota << 3
-	opALUSrcX
+	opOperandConstant opOperand = iota << 3
+	opOperandX
 )
 
+// An jumpOp is a conditional jump condition.
+type jumpOp uint16
+
+// Supported jump conditions.
 const (
-	opJumpAlways = iota << 4
+	opJumpAlways jumpOp = iota << 4
 	opJumpEqual
 	opJumpGT
 	opJumpGE
diff --git a/vendor/golang.org/x/net/bpf/instructions.go b/vendor/golang.org/x/net/bpf/instructions.go
index f9dc0e8ee761d..3cffcaa014e1a 100644
--- a/vendor/golang.org/x/net/bpf/instructions.go
+++ b/vendor/golang.org/x/net/bpf/instructions.go
@@ -89,10 +89,14 @@ func (ri RawInstruction) Disassemble() Instruction {
 	case opClsALU:
 		switch op := ALUOp(ri.Op & opMaskOperator); op {
 		case ALUOpAdd, ALUOpSub, ALUOpMul, ALUOpDiv, ALUOpOr, ALUOpAnd, ALUOpShiftLeft, ALUOpShiftRight, ALUOpMod, ALUOpXor:
-			if ri.Op&opMaskOperandSrc != 0 {
+			switch operand := opOperand(ri.Op & opMaskOperand); operand {
+			case opOperandX:
 				return ALUOpX{Op: op}
+			case opOperandConstant:
+				return ALUOpConstant{Op: op, Val: ri.K}
+			default:
+				return ri
 			}
-			return ALUOpConstant{Op: op, Val: ri.K}
 		case aluOpNeg:
 			return NegateA{}
 		default:
@@ -100,63 +104,18 @@ func (ri RawInstruction) Disassemble() Instruction {
 		}
 
 	case opClsJump:
-		if ri.Op&opMaskJumpConst != opClsJump {
-			return ri
-		}
-		switch ri.Op & opMaskJumpCond {
+		switch op := jumpOp(ri.Op & opMaskOperator); op {
 		case opJumpAlways:
 			return Jump{Skip: ri.K}
-		case opJumpEqual:
-			if ri.Jt == 0 {
-				return JumpIf{
-					Cond:      JumpNotEqual,
-					Val:       ri.K,
-					SkipTrue:  ri.Jf,
-					SkipFalse: 0,
-				}
-			}
-			return JumpIf{
-				Cond:      JumpEqual,
-				Val:       ri.K,
-				SkipTrue:  ri.Jt,
-				SkipFalse: ri.Jf,
-			}
-		case opJumpGT:
-			if ri.Jt == 0 {
-				return JumpIf{
-					Cond:      JumpLessOrEqual,
-					Val:       ri.K,
-					SkipTrue:  ri.Jf,
-					SkipFalse: 0,
-				}
-			}
-			return JumpIf{
-				Cond:      JumpGreaterThan,
-				Val:       ri.K,
-				SkipTrue:  ri.Jt,
-				SkipFalse: ri.Jf,
-			}
-		case opJumpGE:
-			if ri.Jt == 0 {
-				return JumpIf{
-					Cond:      JumpLessThan,
-					Val:       ri.K,
-					SkipTrue:  ri.Jf,
-					SkipFalse: 0,
-				}
-			}
-			return JumpIf{
-				Cond:      JumpGreaterOrEqual,
-				Val:       ri.K,
-				SkipTrue:  ri.Jt,
-				SkipFalse: ri.Jf,
-			}
-		case opJumpSet:
-			return JumpIf{
-				Cond:      JumpBitsSet,
-				Val:       ri.K,
-				SkipTrue:  ri.Jt,
-				SkipFalse: ri.Jf,
+		case opJumpEqual, opJumpGT, opJumpGE, opJumpSet:
+			cond, skipTrue, skipFalse := jumpOpToTest(op, ri.Jt, ri.Jf)
+			switch operand := opOperand(ri.Op & opMaskOperand); operand {
+			case opOperandX:
+				return JumpIfX{Cond: cond, SkipTrue: skipTrue, SkipFalse: skipFalse}
+			case opOperandConstant:
+				return JumpIf{Cond: cond, Val: ri.K, SkipTrue: skipTrue, SkipFalse: skipFalse}
+			default:
+				return ri
 			}
 		default:
 			return ri
@@ -187,6 +146,41 @@ func (ri RawInstruction) Disassemble() Instruction {
 	}
 }
 
+func jumpOpToTest(op jumpOp, skipTrue uint8, skipFalse uint8) (JumpTest, uint8, uint8) {
+	var test JumpTest
+
+	// Decode "fake" jump conditions that don't appear in machine code
+	// Ensures the Assemble -> Disassemble stage recreates the same instructions
+	// See https://github.com/golang/go/issues/18470
+	if skipTrue == 0 {
+		switch op {
+		case opJumpEqual:
+			test = JumpNotEqual
+		case opJumpGT:
+			test = JumpLessOrEqual
+		case opJumpGE:
+			test = JumpLessThan
+		case opJumpSet:
+			test = JumpBitsNotSet
+		}
+
+		return test, skipFalse, 0
+	}
+
+	switch op {
+	case opJumpEqual:
+		test = JumpEqual
+	case opJumpGT:
+		test = JumpGreaterThan
+	case opJumpGE:
+		test = JumpGreaterOrEqual
+	case opJumpSet:
+		test = JumpBitsSet
+	}
+
+	return test, skipTrue, skipFalse
+}
+
 // LoadConstant loads Val into register Dst.
 type LoadConstant struct {
 	Dst Register
@@ -413,7 +407,7 @@ type ALUOpConstant struct {
 // Assemble implements the Instruction Assemble method.
 func (a ALUOpConstant) Assemble() (RawInstruction, error) {
 	return RawInstruction{
-		Op: opClsALU | opALUSrcConstant | uint16(a.Op),
+		Op: opClsALU | uint16(opOperandConstant) | uint16(a.Op),
 		K:  a.Val,
 	}, nil
 }
@@ -454,7 +448,7 @@ type ALUOpX struct {
 // Assemble implements the Instruction Assemble method.
 func (a ALUOpX) Assemble() (RawInstruction, error) {
 	return RawInstruction{
-		Op: opClsALU | opALUSrcX | uint16(a.Op),
+		Op: opClsALU | uint16(opOperandX) | uint16(a.Op),
 	}, nil
 }
 
@@ -509,7 +503,7 @@ type Jump struct {
 // Assemble implements the Instruction Assemble method.
 func (a Jump) Assemble() (RawInstruction, error) {
 	return RawInstruction{
-		Op: opClsJump | opJumpAlways,
+		Op: opClsJump | uint16(opJumpAlways),
 		K:  a.Skip,
 	}, nil
 }
@@ -530,11 +524,39 @@ type JumpIf struct {
 
 // Assemble implements the Instruction Assemble method.
 func (a JumpIf) Assemble() (RawInstruction, error) {
+	return jumpToRaw(a.Cond, opOperandConstant, a.Val, a.SkipTrue, a.SkipFalse)
+}
+
+// String returns the instruction in assembler notation.
+func (a JumpIf) String() string {
+	return jumpToString(a.Cond, fmt.Sprintf("#%d", a.Val), a.SkipTrue, a.SkipFalse)
+}
+
+// JumpIfX skips the following Skip instructions in the program if A
+// <Cond> X is true.
+type JumpIfX struct {
+	Cond      JumpTest
+	SkipTrue  uint8
+	SkipFalse uint8
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a JumpIfX) Assemble() (RawInstruction, error) {
+	return jumpToRaw(a.Cond, opOperandX, 0, a.SkipTrue, a.SkipFalse)
+}
+
+// String returns the instruction in assembler notation.
+func (a JumpIfX) String() string {
+	return jumpToString(a.Cond, "x", a.SkipTrue, a.SkipFalse)
+}
+
+// jumpToRaw assembles a jump instruction into a RawInstruction
+func jumpToRaw(test JumpTest, operand opOperand, k uint32, skipTrue, skipFalse uint8) (RawInstruction, error) {
 	var (
-		cond uint16
+		cond jumpOp
 		flip bool
 	)
-	switch a.Cond {
+	switch test {
 	case JumpEqual:
 		cond = opJumpEqual
 	case JumpNotEqual:
@@ -552,63 +574,63 @@ func (a JumpIf) Assemble() (RawInstruction, error) {
 	case JumpBitsNotSet:
 		cond, flip = opJumpSet, true
 	default:
-		return RawInstruction{}, fmt.Errorf("unknown JumpTest %v", a.Cond)
+		return RawInstruction{}, fmt.Errorf("unknown JumpTest %v", test)
 	}
-	jt, jf := a.SkipTrue, a.SkipFalse
+	jt, jf := skipTrue, skipFalse
 	if flip {
 		jt, jf = jf, jt
 	}
 	return RawInstruction{
-		Op: opClsJump | cond,
+		Op: opClsJump | uint16(cond) | uint16(operand),
 		Jt: jt,
 		Jf: jf,
-		K:  a.Val,
+		K:  k,
 	}, nil
 }
 
-// String returns the instruction in assembler notation.
-func (a JumpIf) String() string {
-	switch a.Cond {
+// jumpToString converts a jump instruction to assembler notation
+func jumpToString(cond JumpTest, operand string, skipTrue, skipFalse uint8) string {
+	switch cond {
 	// K == A
 	case JumpEqual:
-		return conditionalJump(a, "jeq", "jneq")
+		return conditionalJump(operand, skipTrue, skipFalse, "jeq", "jneq")
 	// K != A
 	case JumpNotEqual:
-		return fmt.Sprintf("jneq #%d,%d", a.Val, a.SkipTrue)
+		return fmt.Sprintf("jneq %s,%d", operand, skipTrue)
 	// K > A
 	case JumpGreaterThan:
-		return conditionalJump(a, "jgt", "jle")
+		return conditionalJump(operand, skipTrue, skipFalse, "jgt", "jle")
 	// K < A
 	case JumpLessThan:
-		return fmt.Sprintf("jlt #%d,%d", a.Val, a.SkipTrue)
+		return fmt.Sprintf("jlt %s,%d", operand, skipTrue)
 	// K >= A
 	case JumpGreaterOrEqual:
-		return conditionalJump(a, "jge", "jlt")
+		return conditionalJump(operand, skipTrue, skipFalse, "jge", "jlt")
 	// K <= A
 	case JumpLessOrEqual:
-		return fmt.Sprintf("jle #%d,%d", a.Val, a.SkipTrue)
+		return fmt.Sprintf("jle %s,%d", operand, skipTrue)
 	// K & A != 0
 	case JumpBitsSet:
-		if a.SkipFalse > 0 {
-			return fmt.Sprintf("jset #%d,%d,%d", a.Val, a.SkipTrue, a.SkipFalse)
+		if skipFalse > 0 {
+			return fmt.Sprintf("jset %s,%d,%d", operand, skipTrue, skipFalse)
 		}
-		return fmt.Sprintf("jset #%d,%d", a.Val, a.SkipTrue)
+		return fmt.Sprintf("jset %s,%d", operand, skipTrue)
 	// K & A == 0, there is no assembler instruction for JumpBitNotSet, use JumpBitSet and invert skips
 	case JumpBitsNotSet:
-		return JumpIf{Cond: JumpBitsSet, SkipTrue: a.SkipFalse, SkipFalse: a.SkipTrue, Val: a.Val}.String()
+		return jumpToString(JumpBitsSet, operand, skipFalse, skipTrue)
 	default:
-		return fmt.Sprintf("unknown instruction: %#v", a)
+		return fmt.Sprintf("unknown JumpTest %#v", cond)
 	}
 }
 
-func conditionalJump(inst JumpIf, positiveJump, negativeJump string) string {
-	if inst.SkipTrue > 0 {
-		if inst.SkipFalse > 0 {
-			return fmt.Sprintf("%s #%d,%d,%d", positiveJump, inst.Val, inst.SkipTrue, inst.SkipFalse)
+func conditionalJump(operand string, skipTrue, skipFalse uint8, positiveJump, negativeJump string) string {
+	if skipTrue > 0 {
+		if skipFalse > 0 {
+			return fmt.Sprintf("%s %s,%d,%d", positiveJump, operand, skipTrue, skipFalse)
 		}
-		return fmt.Sprintf("%s #%d,%d", positiveJump, inst.Val, inst.SkipTrue)
+		return fmt.Sprintf("%s %s,%d", positiveJump, operand, skipTrue)
 	}
-	return fmt.Sprintf("%s #%d,%d", negativeJump, inst.Val, inst.SkipFalse)
+	return fmt.Sprintf("%s %s,%d", negativeJump, operand, skipFalse)
 }
 
 // RetA exits the BPF program, returning the value of register A.
diff --git a/vendor/golang.org/x/net/bpf/vm.go b/vendor/golang.org/x/net/bpf/vm.go
index 4c656f1e12a25..73f57f1f72e79 100644
--- a/vendor/golang.org/x/net/bpf/vm.go
+++ b/vendor/golang.org/x/net/bpf/vm.go
@@ -35,6 +35,13 @@ func NewVM(filter []Instruction) (*VM, error) {
 			if check <= int(ins.SkipFalse) {
 				return nil, fmt.Errorf("cannot jump %d instructions in false case; jumping past program bounds", ins.SkipFalse)
 			}
+		case JumpIfX:
+			if check <= int(ins.SkipTrue) {
+				return nil, fmt.Errorf("cannot jump %d instructions in true case; jumping past program bounds", ins.SkipTrue)
+			}
+			if check <= int(ins.SkipFalse) {
+				return nil, fmt.Errorf("cannot jump %d instructions in false case; jumping past program bounds", ins.SkipFalse)
+			}
 		// Check for division or modulus by zero
 		case ALUOpConstant:
 			if ins.Val != 0 {
@@ -109,6 +116,9 @@ func (v *VM) Run(in []byte) (int, error) {
 		case JumpIf:
 			jump := jumpIf(ins, regA)
 			i += jump
+		case JumpIfX:
+			jump := jumpIfX(ins, regA, regX)
+			i += jump
 		case LoadAbsolute:
 			regA, ok = loadAbsolute(ins, in)
 		case LoadConstant:
diff --git a/vendor/golang.org/x/net/bpf/vm_instructions.go b/vendor/golang.org/x/net/bpf/vm_instructions.go
index 516f9462b9fbc..cf8947c33276b 100644
--- a/vendor/golang.org/x/net/bpf/vm_instructions.go
+++ b/vendor/golang.org/x/net/bpf/vm_instructions.go
@@ -55,34 +55,41 @@ func aluOpCommon(op ALUOp, regA uint32, value uint32) uint32 {
 	}
 }
 
-func jumpIf(ins JumpIf, value uint32) int {
+func jumpIf(ins JumpIf, regA uint32) int {
+	return jumpIfCommon(ins.Cond, ins.SkipTrue, ins.SkipFalse, regA, ins.Val)
+}
+
+func jumpIfX(ins JumpIfX, regA uint32, regX uint32) int {
+	return jumpIfCommon(ins.Cond, ins.SkipTrue, ins.SkipFalse, regA, regX)
+}
+
+func jumpIfCommon(cond JumpTest, skipTrue, skipFalse uint8, regA uint32, value uint32) int {
 	var ok bool
-	inV := uint32(ins.Val)
 
-	switch ins.Cond {
+	switch cond {
 	case JumpEqual:
-		ok = value == inV
+		ok = regA == value
 	case JumpNotEqual:
-		ok = value != inV
+		ok = regA != value
 	case JumpGreaterThan:
-		ok = value > inV
+		ok = regA > value
 	case JumpLessThan:
-		ok = value < inV
+		ok = regA < value
 	case JumpGreaterOrEqual:
-		ok = value >= inV
+		ok = regA >= value
 	case JumpLessOrEqual:
-		ok = value <= inV
+		ok = regA <= value
 	case JumpBitsSet:
-		ok = (value & inV) != 0
+		ok = (regA & value) != 0
 	case JumpBitsNotSet:
-		ok = (value & inV) == 0
+		ok = (regA & value) == 0
 	}
 
 	if ok {
-		return int(ins.SkipTrue)
+		return int(skipTrue)
 	}
 
-	return int(ins.SkipFalse)
+	return int(skipFalse)
 }
 
 func loadAbsolute(ins LoadAbsolute, in []byte) (uint32, bool) {
@@ -122,7 +129,8 @@ func loadIndirect(ins LoadIndirect, in []byte, regX uint32) (uint32, bool) {
 func loadMemShift(ins LoadMemShift, in []byte) (uint32, bool) {
 	offset := int(ins.Off)
 
-	if !inBounds(len(in), offset, 0) {
+	// Size of LoadMemShift is always 1 byte
+	if !inBounds(len(in), offset, 1) {
 		return 0, false
 	}
 
diff --git a/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go b/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go
index 606cf1f972621..37dc0cfdb5b0d 100644
--- a/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go
+++ b/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go
@@ -2,18 +2,15 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.7
-
 // Package ctxhttp provides helper functions for performing context-aware HTTP requests.
 package ctxhttp // import "golang.org/x/net/context/ctxhttp"
 
 import (
+	"context"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
-
-	"golang.org/x/net/context"
 )
 
 // Do sends an HTTP request with the provided http.Client and returns
diff --git a/vendor/golang.org/x/net/context/ctxhttp/ctxhttp_pre17.go b/vendor/golang.org/x/net/context/ctxhttp/ctxhttp_pre17.go
deleted file mode 100644
index 926870cc23fd6..0000000000000
--- a/vendor/golang.org/x/net/context/ctxhttp/ctxhttp_pre17.go
+++ /dev/null
@@ -1,147 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.7
-
-package ctxhttp // import "golang.org/x/net/context/ctxhttp"
-
-import (
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"golang.org/x/net/context"
-)
-
-func nop() {}
-
-var (
-	testHookContextDoneBeforeHeaders = nop
-	testHookDoReturned               = nop
-	testHookDidBodyClose             = nop
-)
-
-// Do sends an HTTP request with the provided http.Client and returns an HTTP response.
-// If the client is nil, http.DefaultClient is used.
-// If the context is canceled or times out, ctx.Err() will be returned.
-func Do(ctx context.Context, client *http.Client, req *http.Request) (*http.Response, error) {
-	if client == nil {
-		client = http.DefaultClient
-	}
-
-	// TODO(djd): Respect any existing value of req.Cancel.
-	cancel := make(chan struct{})
-	req.Cancel = cancel
-
-	type responseAndError struct {
-		resp *http.Response
-		err  error
-	}
-	result := make(chan responseAndError, 1)
-
-	// Make local copies of test hooks closed over by goroutines below.
-	// Prevents data races in tests.
-	testHookDoReturned := testHookDoReturned
-	testHookDidBodyClose := testHookDidBodyClose
-
-	go func() {
-		resp, err := client.Do(req)
-		testHookDoReturned()
-		result <- responseAndError{resp, err}
-	}()
-
-	var resp *http.Response
-
-	select {
-	case <-ctx.Done():
-		testHookContextDoneBeforeHeaders()
-		close(cancel)
-		// Clean up after the goroutine calling client.Do:
-		go func() {
-			if r := <-result; r.resp != nil {
-				testHookDidBodyClose()
-				r.resp.Body.Close()
-			}
-		}()
-		return nil, ctx.Err()
-	case r := <-result:
-		var err error
-		resp, err = r.resp, r.err
-		if err != nil {
-			return resp, err
-		}
-	}
-
-	c := make(chan struct{})
-	go func() {
-		select {
-		case <-ctx.Done():
-			close(cancel)
-		case <-c:
-			// The response's Body is closed.
-		}
-	}()
-	resp.Body = &notifyingReader{resp.Body, c}
-
-	return resp, nil
-}
-
-// Get issues a GET request via the Do function.
-func Get(ctx context.Context, client *http.Client, url string) (*http.Response, error) {
-	req, err := http.NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, err
-	}
-	return Do(ctx, client, req)
-}
-
-// Head issues a HEAD request via the Do function.
-func Head(ctx context.Context, client *http.Client, url string) (*http.Response, error) {
-	req, err := http.NewRequest("HEAD", url, nil)
-	if err != nil {
-		return nil, err
-	}
-	return Do(ctx, client, req)
-}
-
-// Post issues a POST request via the Do function.
-func Post(ctx context.Context, client *http.Client, url string, bodyType string, body io.Reader) (*http.Response, error) {
-	req, err := http.NewRequest("POST", url, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("Content-Type", bodyType)
-	return Do(ctx, client, req)
-}
-
-// PostForm issues a POST request via the Do function.
-func PostForm(ctx context.Context, client *http.Client, url string, data url.Values) (*http.Response, error) {
-	return Post(ctx, client, url, "application/x-www-form-urlencoded", strings.NewReader(data.Encode()))
-}
-
-// notifyingReader is an io.ReadCloser that closes the notify channel after
-// Close is called or a Read fails on the underlying ReadCloser.
-type notifyingReader struct {
-	io.ReadCloser
-	notify chan<- struct{}
-}
-
-func (r *notifyingReader) Read(p []byte) (int, error) {
-	n, err := r.ReadCloser.Read(p)
-	if err != nil && r.notify != nil {
-		close(r.notify)
-		r.notify = nil
-	}
-	return n, err
-}
-
-func (r *notifyingReader) Close() error {
-	err := r.ReadCloser.Close()
-	if r.notify != nil {
-		close(r.notify)
-		r.notify = nil
-	}
-	return err
-}
diff --git a/vendor/golang.org/x/net/context/go17.go b/vendor/golang.org/x/net/context/go17.go
index d20f52b7de93f..344bd14334502 100644
--- a/vendor/golang.org/x/net/context/go17.go
+++ b/vendor/golang.org/x/net/context/go17.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.7
 // +build go1.7
 
 package context
diff --git a/vendor/golang.org/x/net/context/go19.go b/vendor/golang.org/x/net/context/go19.go
index d88bd1db127dd..64d31ecc3ef43 100644
--- a/vendor/golang.org/x/net/context/go19.go
+++ b/vendor/golang.org/x/net/context/go19.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.9
 // +build go1.9
 
 package context
diff --git a/vendor/golang.org/x/net/context/pre_go17.go b/vendor/golang.org/x/net/context/pre_go17.go
index 0f35592df5188..5270db5db7db1 100644
--- a/vendor/golang.org/x/net/context/pre_go17.go
+++ b/vendor/golang.org/x/net/context/pre_go17.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !go1.7
 // +build !go1.7
 
 package context
diff --git a/vendor/golang.org/x/net/context/pre_go19.go b/vendor/golang.org/x/net/context/pre_go19.go
index b105f80be4fe2..1f9715341faac 100644
--- a/vendor/golang.org/x/net/context/pre_go19.go
+++ b/vendor/golang.org/x/net/context/pre_go19.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !go1.9
 // +build !go1.9
 
 package context
diff --git a/vendor/golang.org/x/net/go.mod b/vendor/golang.org/x/net/go.mod
new file mode 100644
index 0000000000000..66328a717a5ff
--- /dev/null
+++ b/vendor/golang.org/x/net/go.mod
@@ -0,0 +1,9 @@
+module golang.org/x/net
+
+go 1.11
+
+require (
+	golang.org/x/sys v0.0.0-20201119102817-f84b799fce68
+	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
+	golang.org/x/text v0.3.3
+)
diff --git a/vendor/golang.org/x/net/http2/client_conn_pool.go b/vendor/golang.org/x/net/http2/client_conn_pool.go
index f4d9b5ece3ef0..3a67636fe252f 100644
--- a/vendor/golang.org/x/net/http2/client_conn_pool.go
+++ b/vendor/golang.org/x/net/http2/client_conn_pool.go
@@ -107,6 +107,7 @@ func (p *clientConnPool) getClientConn(req *http.Request, addr string, dialOnMis
 
 // dialCall is an in-flight Transport dial call to a host.
 type dialCall struct {
+	_    incomparable
 	p    *clientConnPool
 	done chan struct{} // closed when done
 	res  *ClientConn   // valid after done is closed
@@ -180,6 +181,7 @@ func (p *clientConnPool) addConnIfNeeded(key string, t *Transport, c *tls.Conn)
 }
 
 type addConnCall struct {
+	_    incomparable
 	p    *clientConnPool
 	done chan struct{} // closed when done
 	err  error
@@ -200,12 +202,6 @@ func (c *addConnCall) run(t *Transport, key string, tc *tls.Conn) {
 	close(c.done)
 }
 
-func (p *clientConnPool) addConn(key string, cc *ClientConn) {
-	p.mu.Lock()
-	p.addConnLocked(key, cc)
-	p.mu.Unlock()
-}
-
 // p.mu must be held
 func (p *clientConnPool) addConnLocked(key string, cc *ClientConn) {
 	for _, v := range p.conns[key] {
diff --git a/vendor/golang.org/x/net/http2/configure_transport.go b/vendor/golang.org/x/net/http2/configure_transport.go
deleted file mode 100644
index 6356b32872a45..0000000000000
--- a/vendor/golang.org/x/net/http2/configure_transport.go
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.6
-
-package http2
-
-import (
-	"crypto/tls"
-	"fmt"
-	"net/http"
-)
-
-func configureTransport(t1 *http.Transport) (*Transport, error) {
-	connPool := new(clientConnPool)
-	t2 := &Transport{
-		ConnPool: noDialClientConnPool{connPool},
-		t1:       t1,
-	}
-	connPool.t = t2
-	if err := registerHTTPSProtocol(t1, noDialH2RoundTripper{t2}); err != nil {
-		return nil, err
-	}
-	if t1.TLSClientConfig == nil {
-		t1.TLSClientConfig = new(tls.Config)
-	}
-	if !strSliceContains(t1.TLSClientConfig.NextProtos, "h2") {
-		t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...)
-	}
-	if !strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") {
-		t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1")
-	}
-	upgradeFn := func(authority string, c *tls.Conn) http.RoundTripper {
-		addr := authorityAddr("https", authority)
-		if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil {
-			go c.Close()
-			return erringRoundTripper{err}
-		} else if !used {
-			// Turns out we don't need this c.
-			// For example, two goroutines made requests to the same host
-			// at the same time, both kicking off TCP dials. (since protocol
-			// was unknown)
-			go c.Close()
-		}
-		return t2
-	}
-	if m := t1.TLSNextProto; len(m) == 0 {
-		t1.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{
-			"h2": upgradeFn,
-		}
-	} else {
-		m["h2"] = upgradeFn
-	}
-	return t2, nil
-}
-
-// registerHTTPSProtocol calls Transport.RegisterProtocol but
-// converting panics into errors.
-func registerHTTPSProtocol(t *http.Transport, rt noDialH2RoundTripper) (err error) {
-	defer func() {
-		if e := recover(); e != nil {
-			err = fmt.Errorf("%v", e)
-		}
-	}()
-	t.RegisterProtocol("https", rt)
-	return nil
-}
-
-// noDialH2RoundTripper is a RoundTripper which only tries to complete the request
-// if there's already has a cached connection to the host.
-// (The field is exported so it can be accessed via reflect from net/http; tested
-// by TestNoDialH2RoundTripperType)
-type noDialH2RoundTripper struct{ *Transport }
-
-func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	res, err := rt.Transport.RoundTrip(req)
-	if isNoCachedConnError(err) {
-		return nil, http.ErrSkipAltProtocol
-	}
-	return res, err
-}
diff --git a/vendor/golang.org/x/net/http2/flow.go b/vendor/golang.org/x/net/http2/flow.go
index cea601fcdf474..b51f0e0cf1f53 100644
--- a/vendor/golang.org/x/net/http2/flow.go
+++ b/vendor/golang.org/x/net/http2/flow.go
@@ -8,6 +8,8 @@ package http2
 
 // flow is the flow control window's size.
 type flow struct {
+	_ incomparable
+
 	// n is the number of DATA bytes we're allowed to send.
 	// A flow is kept both on a conn and a per-stream.
 	n int32
diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go
index c85e31f264c31..514c126c5f8f2 100644
--- a/vendor/golang.org/x/net/http2/frame.go
+++ b/vendor/golang.org/x/net/http2/frame.go
@@ -643,7 +643,7 @@ func (f *Framer) WriteData(streamID uint32, endStream bool, data []byte) error {
 	return f.WriteDataPadded(streamID, endStream, data, nil)
 }
 
-// WriteData writes a DATA frame with optional padding.
+// WriteDataPadded writes a DATA frame with optional padding.
 //
 // If pad is nil, the padding bit is not sent.
 // The length of pad must not exceed 255 bytes.
@@ -1477,7 +1477,7 @@ func (fr *Framer) maxHeaderStringLen() int {
 }
 
 // readMetaFrame returns 0 or more CONTINUATION frames from fr and
-// merge them into into the provided hf and returns a MetaHeadersFrame
+// merge them into the provided hf and returns a MetaHeadersFrame
 // with the decoded hpack values.
 func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) {
 	if fr.AllowIllegalReads {
diff --git a/vendor/golang.org/x/net/http2/go111.go b/vendor/golang.org/x/net/http2/go111.go
index 9749dc0be5dfd..5bf62b032ec51 100644
--- a/vendor/golang.org/x/net/http2/go111.go
+++ b/vendor/golang.org/x/net/http2/go111.go
@@ -2,23 +2,27 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.11
 // +build go1.11
 
 package http2
 
-import "net/textproto"
+import (
+	"net/http/httptrace"
+	"net/textproto"
+)
 
-func traceHasWroteHeaderField(trace *clientTrace) bool {
+func traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool {
 	return trace != nil && trace.WroteHeaderField != nil
 }
 
-func traceWroteHeaderField(trace *clientTrace, k, v string) {
+func traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) {
 	if trace != nil && trace.WroteHeaderField != nil {
 		trace.WroteHeaderField(k, []string{v})
 	}
 }
 
-func traceGot1xxResponseFunc(trace *clientTrace) func(int, textproto.MIMEHeader) error {
+func traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error {
 	if trace != nil {
 		return trace.Got1xxResponse
 	}
diff --git a/vendor/golang.org/x/net/http2/go16.go b/vendor/golang.org/x/net/http2/go16.go
deleted file mode 100644
index 00b2e9e3cf3ae..0000000000000
--- a/vendor/golang.org/x/net/http2/go16.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.6
-
-package http2
-
-import (
-	"net/http"
-	"time"
-)
-
-func transportExpectContinueTimeout(t1 *http.Transport) time.Duration {
-	return t1.ExpectContinueTimeout
-}
diff --git a/vendor/golang.org/x/net/http2/go17.go b/vendor/golang.org/x/net/http2/go17.go
deleted file mode 100644
index d957b7bc52dd1..0000000000000
--- a/vendor/golang.org/x/net/http2/go17.go
+++ /dev/null
@@ -1,121 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.7
-
-package http2
-
-import (
-	"context"
-	"net"
-	"net/http"
-	"net/http/httptrace"
-	"time"
-)
-
-type contextContext interface {
-	context.Context
-}
-
-var errCanceled = context.Canceled
-
-func serverConnBaseContext(c net.Conn, opts *ServeConnOpts) (ctx contextContext, cancel func()) {
-	ctx, cancel = context.WithCancel(context.Background())
-	ctx = context.WithValue(ctx, http.LocalAddrContextKey, c.LocalAddr())
-	if hs := opts.baseConfig(); hs != nil {
-		ctx = context.WithValue(ctx, http.ServerContextKey, hs)
-	}
-	return
-}
-
-func contextWithCancel(ctx contextContext) (_ contextContext, cancel func()) {
-	return context.WithCancel(ctx)
-}
-
-func requestWithContext(req *http.Request, ctx contextContext) *http.Request {
-	return req.WithContext(ctx)
-}
-
-type clientTrace httptrace.ClientTrace
-
-func reqContext(r *http.Request) context.Context { return r.Context() }
-
-func (t *Transport) idleConnTimeout() time.Duration {
-	if t.t1 != nil {
-		return t.t1.IdleConnTimeout
-	}
-	return 0
-}
-
-func setResponseUncompressed(res *http.Response) { res.Uncompressed = true }
-
-func traceGetConn(req *http.Request, hostPort string) {
-	trace := httptrace.ContextClientTrace(req.Context())
-	if trace == nil || trace.GetConn == nil {
-		return
-	}
-	trace.GetConn(hostPort)
-}
-
-func traceGotConn(req *http.Request, cc *ClientConn) {
-	trace := httptrace.ContextClientTrace(req.Context())
-	if trace == nil || trace.GotConn == nil {
-		return
-	}
-	ci := httptrace.GotConnInfo{Conn: cc.tconn}
-	cc.mu.Lock()
-	ci.Reused = cc.nextStreamID > 1
-	ci.WasIdle = len(cc.streams) == 0 && ci.Reused
-	if ci.WasIdle && !cc.lastActive.IsZero() {
-		ci.IdleTime = time.Now().Sub(cc.lastActive)
-	}
-	cc.mu.Unlock()
-
-	trace.GotConn(ci)
-}
-
-func traceWroteHeaders(trace *clientTrace) {
-	if trace != nil && trace.WroteHeaders != nil {
-		trace.WroteHeaders()
-	}
-}
-
-func traceGot100Continue(trace *clientTrace) {
-	if trace != nil && trace.Got100Continue != nil {
-		trace.Got100Continue()
-	}
-}
-
-func traceWait100Continue(trace *clientTrace) {
-	if trace != nil && trace.Wait100Continue != nil {
-		trace.Wait100Continue()
-	}
-}
-
-func traceWroteRequest(trace *clientTrace, err error) {
-	if trace != nil && trace.WroteRequest != nil {
-		trace.WroteRequest(httptrace.WroteRequestInfo{Err: err})
-	}
-}
-
-func traceFirstResponseByte(trace *clientTrace) {
-	if trace != nil && trace.GotFirstResponseByte != nil {
-		trace.GotFirstResponseByte()
-	}
-}
-
-func requestTrace(req *http.Request) *clientTrace {
-	trace := httptrace.ContextClientTrace(req.Context())
-	return (*clientTrace)(trace)
-}
-
-// Ping sends a PING frame to the server and waits for the ack.
-func (cc *ClientConn) Ping(ctx context.Context) error {
-	return cc.ping(ctx)
-}
-
-// Shutdown gracefully closes the client connection, waiting for running streams to complete.
-func (cc *ClientConn) Shutdown(ctx context.Context) error {
-	return cc.shutdown(ctx)
-}
diff --git a/vendor/golang.org/x/net/http2/go17_not18.go b/vendor/golang.org/x/net/http2/go17_not18.go
deleted file mode 100644
index b4c52ecec3bef..0000000000000
--- a/vendor/golang.org/x/net/http2/go17_not18.go
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.7,!go1.8
-
-package http2
-
-import "crypto/tls"
-
-// temporary copy of Go 1.7's private tls.Config.clone:
-func cloneTLSConfig(c *tls.Config) *tls.Config {
-	return &tls.Config{
-		Rand:                        c.Rand,
-		Time:                        c.Time,
-		Certificates:                c.Certificates,
-		NameToCertificate:           c.NameToCertificate,
-		GetCertificate:              c.GetCertificate,
-		RootCAs:                     c.RootCAs,
-		NextProtos:                  c.NextProtos,
-		ServerName:                  c.ServerName,
-		ClientAuth:                  c.ClientAuth,
-		ClientCAs:                   c.ClientCAs,
-		InsecureSkipVerify:          c.InsecureSkipVerify,
-		CipherSuites:                c.CipherSuites,
-		PreferServerCipherSuites:    c.PreferServerCipherSuites,
-		SessionTicketsDisabled:      c.SessionTicketsDisabled,
-		SessionTicketKey:            c.SessionTicketKey,
-		ClientSessionCache:          c.ClientSessionCache,
-		MinVersion:                  c.MinVersion,
-		MaxVersion:                  c.MaxVersion,
-		CurvePreferences:            c.CurvePreferences,
-		DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
-		Renegotiation:               c.Renegotiation,
-	}
-}
diff --git a/vendor/golang.org/x/net/http2/go18.go b/vendor/golang.org/x/net/http2/go18.go
deleted file mode 100644
index 4f30d228a889c..0000000000000
--- a/vendor/golang.org/x/net/http2/go18.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.8
-
-package http2
-
-import (
-	"crypto/tls"
-	"io"
-	"net/http"
-)
-
-func cloneTLSConfig(c *tls.Config) *tls.Config {
-	c2 := c.Clone()
-	c2.GetClientCertificate = c.GetClientCertificate // golang.org/issue/19264
-	return c2
-}
-
-var _ http.Pusher = (*responseWriter)(nil)
-
-// Push implements http.Pusher.
-func (w *responseWriter) Push(target string, opts *http.PushOptions) error {
-	internalOpts := pushOptions{}
-	if opts != nil {
-		internalOpts.Method = opts.Method
-		internalOpts.Header = opts.Header
-	}
-	return w.push(target, internalOpts)
-}
-
-func configureServer18(h1 *http.Server, h2 *Server) error {
-	if h2.IdleTimeout == 0 {
-		if h1.IdleTimeout != 0 {
-			h2.IdleTimeout = h1.IdleTimeout
-		} else {
-			h2.IdleTimeout = h1.ReadTimeout
-		}
-	}
-	return nil
-}
-
-func shouldLogPanic(panicValue interface{}) bool {
-	return panicValue != nil && panicValue != http.ErrAbortHandler
-}
-
-func reqGetBody(req *http.Request) func() (io.ReadCloser, error) {
-	return req.GetBody
-}
-
-func reqBodyIsNoBody(body io.ReadCloser) bool {
-	return body == http.NoBody
-}
-
-func go18httpNoBody() io.ReadCloser { return http.NoBody } // for tests only
diff --git a/vendor/golang.org/x/net/http2/go19.go b/vendor/golang.org/x/net/http2/go19.go
deleted file mode 100644
index 38124ba56e259..0000000000000
--- a/vendor/golang.org/x/net/http2/go19.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.9
-
-package http2
-
-import (
-	"net/http"
-)
-
-func configureServer19(s *http.Server, conf *Server) error {
-	s.RegisterOnShutdown(conf.state.startGracefulShutdown)
-	return nil
-}
diff --git a/vendor/golang.org/x/net/http2/headermap.go b/vendor/golang.org/x/net/http2/headermap.go
index c2805f6ac4d53..c3ff3fa1c78c0 100644
--- a/vendor/golang.org/x/net/http2/headermap.go
+++ b/vendor/golang.org/x/net/http2/headermap.go
@@ -7,15 +7,21 @@ package http2
 import (
 	"net/http"
 	"strings"
+	"sync"
 )
 
 var (
-	commonLowerHeader = map[string]string{} // Go-Canonical-Case -> lower-case
-	commonCanonHeader = map[string]string{} // lower-case -> Go-Canonical-Case
+	commonBuildOnce   sync.Once
+	commonLowerHeader map[string]string // Go-Canonical-Case -> lower-case
+	commonCanonHeader map[string]string // lower-case -> Go-Canonical-Case
 )
 
-func init() {
-	for _, v := range []string{
+func buildCommonHeaderMapsOnce() {
+	commonBuildOnce.Do(buildCommonHeaderMaps)
+}
+
+func buildCommonHeaderMaps() {
+	common := []string{
 		"accept",
 		"accept-charset",
 		"accept-encoding",
@@ -63,7 +69,10 @@ func init() {
 		"vary",
 		"via",
 		"www-authenticate",
-	} {
+	}
+	commonLowerHeader = make(map[string]string, len(common))
+	commonCanonHeader = make(map[string]string, len(common))
+	for _, v := range common {
 		chk := http.CanonicalHeaderKey(v)
 		commonLowerHeader[chk] = v
 		commonCanonHeader[v] = chk
@@ -71,6 +80,7 @@ func init() {
 }
 
 func lowerHeader(v string) string {
+	buildCommonHeaderMapsOnce()
 	if s, ok := commonLowerHeader[v]; ok {
 		return s
 	}
diff --git a/vendor/golang.org/x/net/http2/hpack/encode.go b/vendor/golang.org/x/net/http2/hpack/encode.go
index 1565cf2702d27..97f17831fc55b 100644
--- a/vendor/golang.org/x/net/http2/hpack/encode.go
+++ b/vendor/golang.org/x/net/http2/hpack/encode.go
@@ -150,7 +150,7 @@ func appendIndexed(dst []byte, i uint64) []byte {
 // extended buffer.
 //
 // If f.Sensitive is true, "Never Indexed" representation is used. If
-// f.Sensitive is false and indexing is true, "Inremental Indexing"
+// f.Sensitive is false and indexing is true, "Incremental Indexing"
 // representation is used.
 func appendNewName(dst []byte, f HeaderField, indexing bool) []byte {
 	dst = append(dst, encodeTypeByte(indexing, f.Sensitive))
diff --git a/vendor/golang.org/x/net/http2/hpack/hpack.go b/vendor/golang.org/x/net/http2/hpack/hpack.go
index 166788ceec5e8..85f18a2b0a861 100644
--- a/vendor/golang.org/x/net/http2/hpack/hpack.go
+++ b/vendor/golang.org/x/net/http2/hpack/hpack.go
@@ -92,6 +92,8 @@ type Decoder struct {
 	// saveBuf is previous data passed to Write which we weren't able
 	// to fully parse before. Unlike buf, we own this data.
 	saveBuf bytes.Buffer
+
+	firstField bool // processing the first field of the header block
 }
 
 // NewDecoder returns a new decoder with the provided maximum dynamic
@@ -101,6 +103,7 @@ func NewDecoder(maxDynamicTableSize uint32, emitFunc func(f HeaderField)) *Decod
 	d := &Decoder{
 		emit:        emitFunc,
 		emitEnabled: true,
+		firstField:  true,
 	}
 	d.dynTab.table.init()
 	d.dynTab.allowedMaxSize = maxDynamicTableSize
@@ -226,11 +229,15 @@ func (d *Decoder) DecodeFull(p []byte) ([]HeaderField, error) {
 	return hf, nil
 }
 
+// Close declares that the decoding is complete and resets the Decoder
+// to be reused again for a new header block. If there is any remaining
+// data in the decoder's buffer, Close returns an error.
 func (d *Decoder) Close() error {
 	if d.saveBuf.Len() > 0 {
 		d.saveBuf.Reset()
 		return DecodingError{errors.New("truncated headers")}
 	}
+	d.firstField = true
 	return nil
 }
 
@@ -266,6 +273,7 @@ func (d *Decoder) Write(p []byte) (n int, err error) {
 			d.saveBuf.Write(d.buf)
 			return len(p), nil
 		}
+		d.firstField = false
 		if err != nil {
 			break
 		}
@@ -391,7 +399,7 @@ func (d *Decoder) callEmit(hf HeaderField) error {
 func (d *Decoder) parseDynamicTableSizeUpdate() error {
 	// RFC 7541, sec 4.2: This dynamic table size update MUST occur at the
 	// beginning of the first header block following the change to the dynamic table size.
-	if d.dynTab.size > 0 {
+	if !d.firstField && d.dynTab.size > 0 {
 		return DecodingError{errors.New("dynamic table size update MUST occur at the beginning of a header block")}
 	}
 
diff --git a/vendor/golang.org/x/net/http2/hpack/huffman.go b/vendor/golang.org/x/net/http2/hpack/huffman.go
index 8850e3946770e..a1ab2f0567948 100644
--- a/vendor/golang.org/x/net/http2/hpack/huffman.go
+++ b/vendor/golang.org/x/net/http2/hpack/huffman.go
@@ -47,6 +47,7 @@ var ErrInvalidHuffman = errors.New("hpack: invalid Huffman-encoded data")
 // If maxLen is greater than 0, attempts to write more to buf than
 // maxLen bytes will return ErrStringLength.
 func huffmanDecode(buf *bytes.Buffer, maxLen int, v []byte) error {
+	rootHuffmanNode := getRootHuffmanNode()
 	n := rootHuffmanNode
 	// cur is the bit buffer that has not been fed into n.
 	// cbits is the number of low order bits in cur that are valid.
@@ -104,9 +105,16 @@ func huffmanDecode(buf *bytes.Buffer, maxLen int, v []byte) error {
 	return nil
 }
 
+// incomparable is a zero-width, non-comparable type. Adding it to a struct
+// makes that struct also non-comparable, and generally doesn't add
+// any size (as long as it's first).
+type incomparable [0]func()
+
 type node struct {
+	_ incomparable
+
 	// children is non-nil for internal nodes
-	children []*node
+	children *[256]*node
 
 	// The following are only valid if children is nil:
 	codeLen uint8 // number of bits that led to the output of sym
@@ -114,22 +122,31 @@ type node struct {
 }
 
 func newInternalNode() *node {
-	return &node{children: make([]*node, 256)}
+	return &node{children: new([256]*node)}
 }
 
-var rootHuffmanNode = newInternalNode()
+var (
+	buildRootOnce       sync.Once
+	lazyRootHuffmanNode *node
+)
+
+func getRootHuffmanNode() *node {
+	buildRootOnce.Do(buildRootHuffmanNode)
+	return lazyRootHuffmanNode
+}
 
-func init() {
+func buildRootHuffmanNode() {
 	if len(huffmanCodes) != 256 {
 		panic("unexpected size")
 	}
+	lazyRootHuffmanNode = newInternalNode()
 	for i, code := range huffmanCodes {
 		addDecoderNode(byte(i), code, huffmanCodeLen[i])
 	}
 }
 
 func addDecoderNode(sym byte, code uint32, codeLen uint8) {
-	cur := rootHuffmanNode
+	cur := lazyRootHuffmanNode
 	for codeLen > 8 {
 		codeLen -= 8
 		i := uint8(code >> codeLen)
diff --git a/vendor/golang.org/x/net/http2/http2.go b/vendor/golang.org/x/net/http2/http2.go
index c82428254af42..5571ccfd26132 100644
--- a/vendor/golang.org/x/net/http2/http2.go
+++ b/vendor/golang.org/x/net/http2/http2.go
@@ -19,7 +19,6 @@ package http2 // import "golang.org/x/net/http2"
 import (
 	"bufio"
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -173,11 +172,6 @@ func (s SettingID) String() string {
 	return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s))
 }
 
-var (
-	errInvalidHeaderFieldName  = errors.New("http2: invalid header field name")
-	errInvalidHeaderFieldValue = errors.New("http2: invalid header field value")
-)
-
 // validWireHeaderFieldName reports whether v is a valid header field
 // name (key). See httpguts.ValidHeaderName for the base rules.
 //
@@ -201,19 +195,12 @@ func validWireHeaderFieldName(v string) bool {
 	return true
 }
 
-var httpCodeStringCommon = map[int]string{} // n -> strconv.Itoa(n)
-
-func init() {
-	for i := 100; i <= 999; i++ {
-		if v := http.StatusText(i); v != "" {
-			httpCodeStringCommon[i] = strconv.Itoa(i)
-		}
-	}
-}
-
 func httpCodeString(code int) string {
-	if s, ok := httpCodeStringCommon[code]; ok {
-		return s
+	switch code {
+	case 200:
+		return "200"
+	case 404:
+		return "404"
 	}
 	return strconv.Itoa(code)
 }
@@ -254,6 +241,7 @@ func (cw closeWaiter) Wait() {
 // Its buffered writer is lazily allocated as needed, to minimize
 // idle memory usage with many connections.
 type bufferedWriter struct {
+	_  incomparable
 	w  io.Writer     // immutable
 	bw *bufio.Writer // non-nil when data is buffered
 }
@@ -326,6 +314,7 @@ func bodyAllowedForStatus(status int) bool {
 }
 
 type httpError struct {
+	_       incomparable
 	msg     string
 	timeout bool
 }
@@ -389,3 +378,8 @@ func (s *sorter) SortStrings(ss []string) {
 func validPseudoPath(v string) bool {
 	return (len(v) > 0 && v[0] == '/') || v == "*"
 }
+
+// incomparable is a zero-width, non-comparable type. Adding it to a struct
+// makes that struct also non-comparable, and generally doesn't add
+// any size (as long as it's first).
+type incomparable [0]func()
diff --git a/vendor/golang.org/x/net/http2/not_go111.go b/vendor/golang.org/x/net/http2/not_go111.go
index 0df34e6d99203..cc0baa8197fec 100644
--- a/vendor/golang.org/x/net/http2/not_go111.go
+++ b/vendor/golang.org/x/net/http2/not_go111.go
@@ -2,16 +2,20 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !go1.11
 // +build !go1.11
 
 package http2
 
-import "net/textproto"
+import (
+	"net/http/httptrace"
+	"net/textproto"
+)
 
-func traceHasWroteHeaderField(trace *clientTrace) bool { return false }
+func traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { return false }
 
-func traceWroteHeaderField(trace *clientTrace, k, v string) {}
+func traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) {}
 
-func traceGot1xxResponseFunc(trace *clientTrace) func(int, textproto.MIMEHeader) error {
+func traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error {
 	return nil
 }
diff --git a/vendor/golang.org/x/net/http2/not_go16.go b/vendor/golang.org/x/net/http2/not_go16.go
deleted file mode 100644
index 508cebcc4db29..0000000000000
--- a/vendor/golang.org/x/net/http2/not_go16.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.6
-
-package http2
-
-import (
-	"net/http"
-	"time"
-)
-
-func configureTransport(t1 *http.Transport) (*Transport, error) {
-	return nil, errTransportVersion
-}
-
-func transportExpectContinueTimeout(t1 *http.Transport) time.Duration {
-	return 0
-
-}
diff --git a/vendor/golang.org/x/net/http2/not_go17.go b/vendor/golang.org/x/net/http2/not_go17.go
deleted file mode 100644
index 7ffb25046a05a..0000000000000
--- a/vendor/golang.org/x/net/http2/not_go17.go
+++ /dev/null
@@ -1,95 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.7
-
-package http2
-
-import (
-	"crypto/tls"
-	"errors"
-	"net"
-	"net/http"
-	"time"
-)
-
-type contextContext interface {
-	Done() <-chan struct{}
-	Err() error
-}
-
-var errCanceled = errors.New("canceled")
-
-type fakeContext struct{}
-
-func (fakeContext) Done() <-chan struct{} { return nil }
-func (fakeContext) Err() error            { panic("should not be called") }
-
-func reqContext(r *http.Request) fakeContext {
-	return fakeContext{}
-}
-
-func setResponseUncompressed(res *http.Response) {
-	// Nothing.
-}
-
-type clientTrace struct{}
-
-func requestTrace(*http.Request) *clientTrace { return nil }
-func traceGetConn(*http.Request, string)      {}
-func traceGotConn(*http.Request, *ClientConn) {}
-func traceFirstResponseByte(*clientTrace)     {}
-func traceWroteHeaders(*clientTrace)          {}
-func traceWroteRequest(*clientTrace, error)   {}
-func traceGot100Continue(trace *clientTrace)  {}
-func traceWait100Continue(trace *clientTrace) {}
-
-func nop() {}
-
-func serverConnBaseContext(c net.Conn, opts *ServeConnOpts) (ctx contextContext, cancel func()) {
-	return nil, nop
-}
-
-func contextWithCancel(ctx contextContext) (_ contextContext, cancel func()) {
-	return ctx, nop
-}
-
-func requestWithContext(req *http.Request, ctx contextContext) *http.Request {
-	return req
-}
-
-// temporary copy of Go 1.6's private tls.Config.clone:
-func cloneTLSConfig(c *tls.Config) *tls.Config {
-	return &tls.Config{
-		Rand:                     c.Rand,
-		Time:                     c.Time,
-		Certificates:             c.Certificates,
-		NameToCertificate:        c.NameToCertificate,
-		GetCertificate:           c.GetCertificate,
-		RootCAs:                  c.RootCAs,
-		NextProtos:               c.NextProtos,
-		ServerName:               c.ServerName,
-		ClientAuth:               c.ClientAuth,
-		ClientCAs:                c.ClientCAs,
-		InsecureSkipVerify:       c.InsecureSkipVerify,
-		CipherSuites:             c.CipherSuites,
-		PreferServerCipherSuites: c.PreferServerCipherSuites,
-		SessionTicketsDisabled:   c.SessionTicketsDisabled,
-		SessionTicketKey:         c.SessionTicketKey,
-		ClientSessionCache:       c.ClientSessionCache,
-		MinVersion:               c.MinVersion,
-		MaxVersion:               c.MaxVersion,
-		CurvePreferences:         c.CurvePreferences,
-	}
-}
-
-func (cc *ClientConn) Ping(ctx contextContext) error {
-	return cc.ping(ctx)
-}
-
-func (cc *ClientConn) Shutdown(ctx contextContext) error {
-	return cc.shutdown(ctx)
-}
-
-func (t *Transport) idleConnTimeout() time.Duration { return 0 }
diff --git a/vendor/golang.org/x/net/http2/not_go18.go b/vendor/golang.org/x/net/http2/not_go18.go
deleted file mode 100644
index 6f8d3f86fa83f..0000000000000
--- a/vendor/golang.org/x/net/http2/not_go18.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.8
-
-package http2
-
-import (
-	"io"
-	"net/http"
-)
-
-func configureServer18(h1 *http.Server, h2 *Server) error {
-	// No IdleTimeout to sync prior to Go 1.8.
-	return nil
-}
-
-func shouldLogPanic(panicValue interface{}) bool {
-	return panicValue != nil
-}
-
-func reqGetBody(req *http.Request) func() (io.ReadCloser, error) {
-	return nil
-}
-
-func reqBodyIsNoBody(io.ReadCloser) bool { return false }
-
-func go18httpNoBody() io.ReadCloser { return nil } // for tests only
diff --git a/vendor/golang.org/x/net/http2/not_go19.go b/vendor/golang.org/x/net/http2/not_go19.go
deleted file mode 100644
index 5ae07726b743f..0000000000000
--- a/vendor/golang.org/x/net/http2/not_go19.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.9
-
-package http2
-
-import (
-	"net/http"
-)
-
-func configureServer19(s *http.Server, conf *Server) error {
-	// not supported prior to go1.9
-	return nil
-}
diff --git a/vendor/golang.org/x/net/http2/pipe.go b/vendor/golang.org/x/net/http2/pipe.go
index a6140099cb37c..2a5399ec4a045 100644
--- a/vendor/golang.org/x/net/http2/pipe.go
+++ b/vendor/golang.org/x/net/http2/pipe.go
@@ -17,6 +17,7 @@ type pipe struct {
 	mu       sync.Mutex
 	c        sync.Cond     // c.L lazily initialized to &p.mu
 	b        pipeBuffer    // nil when done reading
+	unread   int           // bytes unread when done
 	err      error         // read error once empty. non-nil means closed.
 	breakErr error         // immediate read error (caller doesn't see rest of b)
 	donec    chan struct{} // closed on error
@@ -33,7 +34,7 @@ func (p *pipe) Len() int {
 	p.mu.Lock()
 	defer p.mu.Unlock()
 	if p.b == nil {
-		return 0
+		return p.unread
 	}
 	return p.b.Len()
 }
@@ -80,6 +81,7 @@ func (p *pipe) Write(d []byte) (n int, err error) {
 		return 0, errClosedPipeWrite
 	}
 	if p.breakErr != nil {
+		p.unread += len(d)
 		return len(d), nil // discard when there is no reader
 	}
 	return p.b.Write(d)
@@ -117,6 +119,9 @@ func (p *pipe) closeWithError(dst *error, err error, fn func()) {
 	}
 	p.readFn = fn
 	if dst == &p.breakErr {
+		if p.b != nil {
+			p.unread += p.b.Len()
+		}
 		p.b = nil
 	}
 	*dst = err
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
index 22cb18e061b59..e125bbd2a2640 100644
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@@ -28,6 +28,7 @@ package http2
 import (
 	"bufio"
 	"bytes"
+	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
@@ -51,10 +52,11 @@ import (
 )
 
 const (
-	prefaceTimeout        = 10 * time.Second
-	firstSettingsTimeout  = 2 * time.Second // should be in-flight with preface anyway
-	handlerChunkWriteSize = 4 << 10
-	defaultMaxStreams     = 250 // TODO: make this 100 as the GFE seems to?
+	prefaceTimeout         = 10 * time.Second
+	firstSettingsTimeout   = 2 * time.Second // should be in-flight with preface anyway
+	handlerChunkWriteSize  = 4 << 10
+	defaultMaxStreams      = 250 // TODO: make this 100 as the GFE seems to?
+	maxQueuedControlFrames = 10000
 )
 
 var (
@@ -162,6 +164,15 @@ func (s *Server) maxConcurrentStreams() uint32 {
 	return defaultMaxStreams
 }
 
+// maxQueuedControlFrames is the maximum number of control frames like
+// SETTINGS, PING and RST_STREAM that will be queued for writing before
+// the connection is closed to prevent memory exhaustion attacks.
+func (s *Server) maxQueuedControlFrames() int {
+	// TODO: if anybody asks, add a Server field, and remember to define the
+	// behavior of negative values.
+	return maxQueuedControlFrames
+}
+
 type serverInternalState struct {
 	mu          sync.Mutex
 	activeConns map[*serverConn]struct{}
@@ -209,12 +220,14 @@ func ConfigureServer(s *http.Server, conf *Server) error {
 		conf = new(Server)
 	}
 	conf.state = &serverInternalState{activeConns: make(map[*serverConn]struct{})}
-	if err := configureServer18(s, conf); err != nil {
-		return err
-	}
-	if err := configureServer19(s, conf); err != nil {
-		return err
+	if h1, h2 := s, conf; h2.IdleTimeout == 0 {
+		if h1.IdleTimeout != 0 {
+			h2.IdleTimeout = h1.IdleTimeout
+		} else {
+			h2.IdleTimeout = h1.ReadTimeout
+		}
 	}
+	s.RegisterOnShutdown(conf.state.startGracefulShutdown)
 
 	if s.TLSConfig == nil {
 		s.TLSConfig = new(tls.Config)
@@ -239,7 +252,7 @@ func ConfigureServer(s *http.Server, conf *Server) error {
 			}
 		}
 		if !haveRequired {
-			return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.")
+			return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher (need at least one of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256).")
 		}
 	}
 
@@ -270,7 +283,20 @@ func ConfigureServer(s *http.Server, conf *Server) error {
 		if testHookOnConn != nil {
 			testHookOnConn()
 		}
+		// The TLSNextProto interface predates contexts, so
+		// the net/http package passes down its per-connection
+		// base context via an exported but unadvertised
+		// method on the Handler. This is for internal
+		// net/http<=>http2 use only.
+		var ctx context.Context
+		type baseContexter interface {
+			BaseContext() context.Context
+		}
+		if bc, ok := h.(baseContexter); ok {
+			ctx = bc.BaseContext()
+		}
 		conf.ServeConn(c, &ServeConnOpts{
+			Context:    ctx,
 			Handler:    h,
 			BaseConfig: hs,
 		})
@@ -281,6 +307,10 @@ func ConfigureServer(s *http.Server, conf *Server) error {
 
 // ServeConnOpts are options for the Server.ServeConn method.
 type ServeConnOpts struct {
+	// Context is the base context to use.
+	// If nil, context.Background is used.
+	Context context.Context
+
 	// BaseConfig optionally sets the base configuration
 	// for values. If nil, defaults are used.
 	BaseConfig *http.Server
@@ -291,6 +321,13 @@ type ServeConnOpts struct {
 	Handler http.Handler
 }
 
+func (o *ServeConnOpts) context() context.Context {
+	if o != nil && o.Context != nil {
+		return o.Context
+	}
+	return context.Background()
+}
+
 func (o *ServeConnOpts) baseConfig() *http.Server {
 	if o != nil && o.BaseConfig != nil {
 		return o.BaseConfig
@@ -435,6 +472,15 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) {
 	sc.serve()
 }
 
+func serverConnBaseContext(c net.Conn, opts *ServeConnOpts) (ctx context.Context, cancel func()) {
+	ctx, cancel = context.WithCancel(opts.context())
+	ctx = context.WithValue(ctx, http.LocalAddrContextKey, c.LocalAddr())
+	if hs := opts.baseConfig(); hs != nil {
+		ctx = context.WithValue(ctx, http.ServerContextKey, hs)
+	}
+	return
+}
+
 func (sc *serverConn) rejectConn(err ErrCode, debug string) {
 	sc.vlogf("http2: server rejecting conn: %v, %s", err, debug)
 	// ignoring errors. hanging up anyway.
@@ -450,7 +496,7 @@ type serverConn struct {
 	conn             net.Conn
 	bw               *bufferedWriter // writing to conn
 	handler          http.Handler
-	baseCtx          contextContext
+	baseCtx          context.Context
 	framer           *Framer
 	doneServing      chan struct{}          // closed when serverConn.serve ends
 	readFrameCh      chan readFrameResult   // written by serverConn.readFrames
@@ -470,6 +516,7 @@ type serverConn struct {
 	sawFirstSettings            bool // got the initial SETTINGS frame after the preface
 	needToSendSettingsAck       bool
 	unackedSettings             int    // how many SETTINGS have we sent without ACKs?
+	queuedControlFrames         int    // control frames in the writeSched queue
 	clientMaxStreams            uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit)
 	advMaxStreams               uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client
 	curClientStreams            uint32 // number of open streams initiated by the client
@@ -530,17 +577,14 @@ type stream struct {
 	id        uint32
 	body      *pipe       // non-nil if expecting DATA frames
 	cw        closeWaiter // closed wait stream transitions to closed state
-	ctx       contextContext
+	ctx       context.Context
 	cancelCtx func()
 
 	// owned by serverConn's serve loop:
-	bodyBytes        int64   // body bytes seen so far
-	declBodyBytes    int64   // or -1 if undeclared
-	flow             flow    // limits writing from Handler to client
-	inflow           flow    // what the client is allowed to POST/etc to us
-	parent           *stream // or nil
-	numTrailerValues int64
-	weight           uint8
+	bodyBytes        int64 // body bytes seen so far
+	declBodyBytes    int64 // or -1 if undeclared
+	flow             flow  // limits writing from Handler to client
+	inflow           flow  // what the client is allowed to POST/etc to us
 	state            streamState
 	resetQueued      bool        // RST_STREAM queued for write; set by sc.resetStream
 	gotTrailerHeader bool        // HEADER frame for trailers was seen
@@ -663,6 +707,7 @@ func (sc *serverConn) condlogf(err error, format string, args ...interface{}) {
 
 func (sc *serverConn) canonicalHeader(v string) string {
 	sc.serveG.check()
+	buildCommonHeaderMapsOnce()
 	cv, ok := commonCanonHeader[v]
 	if ok {
 		return cv
@@ -716,6 +761,7 @@ func (sc *serverConn) readFrames() {
 
 // frameWriteResult is the message passed from writeFrameAsync to the serve goroutine.
 type frameWriteResult struct {
+	_   incomparable
 	wr  FrameWriteRequest // what was written (or attempted)
 	err error             // result of the writeFrame call
 }
@@ -726,7 +772,7 @@ type frameWriteResult struct {
 // serverConn.
 func (sc *serverConn) writeFrameAsync(wr FrameWriteRequest) {
 	err := wr.write.writeFrame(sc)
-	sc.wroteFrameCh <- frameWriteResult{wr, err}
+	sc.wroteFrameCh <- frameWriteResult{wr: wr, err: err}
 }
 
 func (sc *serverConn) closeAllStreamsOnConnClose() {
@@ -857,6 +903,14 @@ func (sc *serverConn) serve() {
 			}
 		}
 
+		// If the peer is causing us to generate a lot of control frames,
+		// but not reading them from us, assume they are trying to make us
+		// run out of memory.
+		if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() {
+			sc.vlogf("http2: too many control frames in send queue, closing connection")
+			return
+		}
+
 		// Start the shutdown timer after sending a GOAWAY. When sending GOAWAY
 		// with no error code (graceful shutdown), don't start the timer until
 		// all open streams have been completed.
@@ -1056,6 +1110,14 @@ func (sc *serverConn) writeFrame(wr FrameWriteRequest) {
 	}
 
 	if !ignoreWrite {
+		if wr.isControl() {
+			sc.queuedControlFrames++
+			// For extra safety, detect wraparounds, which should not happen,
+			// and pull the plug.
+			if sc.queuedControlFrames < 0 {
+				sc.conn.Close()
+			}
+		}
 		sc.writeSched.Push(wr)
 	}
 	sc.scheduleFrameWrite()
@@ -1100,7 +1162,7 @@ func (sc *serverConn) startFrameWrite(wr FrameWriteRequest) {
 	if wr.write.staysWithinBuffer(sc.bw.Available()) {
 		sc.writingFrameAsync = false
 		err := wr.write.writeFrame(sc)
-		sc.wroteFrame(frameWriteResult{wr, err})
+		sc.wroteFrame(frameWriteResult{wr: wr, err: err})
 	} else {
 		sc.writingFrameAsync = true
 		go sc.writeFrameAsync(wr)
@@ -1109,7 +1171,7 @@ func (sc *serverConn) startFrameWrite(wr FrameWriteRequest) {
 
 // errHandlerPanicked is the error given to any callers blocked in a read from
 // Request.Body when the main goroutine panics. Since most handlers read in the
-// the main ServeHTTP goroutine, this will show up rarely.
+// main ServeHTTP goroutine, this will show up rarely.
 var errHandlerPanicked = errors.New("http2: handler panicked")
 
 // wroteFrame is called on the serve goroutine with the result of
@@ -1173,10 +1235,8 @@ func (sc *serverConn) wroteFrame(res frameWriteResult) {
 // If a frame is already being written, nothing happens. This will be called again
 // when the frame is done being written.
 //
-// If a frame isn't being written we need to send one, the best frame
-// to send is selected, preferring first things that aren't
-// stream-specific (e.g. ACKing settings), and then finding the
-// highest priority stream.
+// If a frame isn't being written and we need to send one, the best frame
+// to send is selected by writeSched.
 //
 // If a frame isn't being written and there's nothing else to send, we
 // flush the write buffer.
@@ -1204,6 +1264,9 @@ func (sc *serverConn) scheduleFrameWrite() {
 		}
 		if !sc.inGoAway || sc.goAwayCode == ErrCodeNo {
 			if wr, ok := sc.writeSched.Pop(); ok {
+				if wr.isControl() {
+					sc.queuedControlFrames--
+				}
 				sc.startFrameWrite(wr)
 				continue
 			}
@@ -1230,7 +1293,9 @@ func (sc *serverConn) startGracefulShutdown() {
 	sc.shutdownOnce.Do(func() { sc.sendServeMsg(gracefulShutdownMsg) })
 }
 
-// After sending GOAWAY, the connection will close after goAwayTimeout.
+// After sending GOAWAY with an error code (non-graceful shutdown), the
+// connection will close after goAwayTimeout.
+//
 // If we close the connection immediately after sending GOAWAY, there may
 // be unsent data in our kernel receive buffer, which will cause the kernel
 // to send a TCP RST on close() instead of a FIN. This RST will abort the
@@ -1496,6 +1561,8 @@ func (sc *serverConn) processSettings(f *SettingsFrame) error {
 	if err := f.ForeachSetting(sc.processSetting); err != nil {
 		return err
 	}
+	// TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be
+	// acknowledged individually, even if multiple are received before the ACK.
 	sc.needToSendSettingsAck = true
 	sc.scheduleFrameWrite()
 	return nil
@@ -1564,29 +1631,37 @@ func (sc *serverConn) processSettingInitialWindowSize(val uint32) error {
 
 func (sc *serverConn) processData(f *DataFrame) error {
 	sc.serveG.check()
-	if sc.inGoAway && sc.goAwayCode != ErrCodeNo {
+	id := f.Header().StreamID
+	if sc.inGoAway && (sc.goAwayCode != ErrCodeNo || id > sc.maxClientStreamID) {
+		// Discard all DATA frames if the GOAWAY is due to an
+		// error, or:
+		//
+		// Section 6.8: After sending a GOAWAY frame, the sender
+		// can discard frames for streams initiated by the
+		// receiver with identifiers higher than the identified
+		// last stream.
 		return nil
 	}
-	data := f.Data()
 
-	// "If a DATA frame is received whose stream is not in "open"
-	// or "half closed (local)" state, the recipient MUST respond
-	// with a stream error (Section 5.4.2) of type STREAM_CLOSED."
-	id := f.Header().StreamID
+	data := f.Data()
 	state, st := sc.state(id)
 	if id == 0 || state == stateIdle {
+		// Section 6.1: "DATA frames MUST be associated with a
+		// stream. If a DATA frame is received whose stream
+		// identifier field is 0x0, the recipient MUST respond
+		// with a connection error (Section 5.4.1) of type
+		// PROTOCOL_ERROR."
+		//
 		// Section 5.1: "Receiving any frame other than HEADERS
 		// or PRIORITY on a stream in this state MUST be
 		// treated as a connection error (Section 5.4.1) of
 		// type PROTOCOL_ERROR."
 		return ConnectionError(ErrCodeProtocol)
 	}
-	// RFC 7540, sec 6.1: If a DATA frame is received whose stream is not in
-	// "open" or "half-closed (local)" state, the recipient MUST respond with a
-	// stream error (Section 5.4.2) of type STREAM_CLOSED.
-	if state == stateClosed {
-		return streamError(id, ErrCodeStreamClosed)
-	}
+
+	// "If a DATA frame is received whose stream is not in "open"
+	// or "half closed (local)" state, the recipient MUST respond
+	// with a stream error (Section 5.4.2) of type STREAM_CLOSED."
 	if st == nil || state != stateOpen || st.gotTrailerHeader || st.resetQueued {
 		// This includes sending a RST_STREAM if the stream is
 		// in stateHalfClosedLocal (which currently means that
@@ -1635,6 +1710,7 @@ func (sc *serverConn) processData(f *DataFrame) error {
 		if len(data) > 0 {
 			wrote, err := st.body.Write(data)
 			if err != nil {
+				sc.sendWindowUpdate(nil, int(f.Length)-wrote)
 				return streamError(id, ErrCodeStreamClosed)
 			}
 			if wrote != len(data) {
@@ -1881,7 +1957,7 @@ func (sc *serverConn) newStream(id, pusherID uint32, state streamState) *stream
 		panic("internal error: cannot create stream with id 0")
 	}
 
-	ctx, cancelCtx := contextWithCancel(sc.baseCtx)
+	ctx, cancelCtx := context.WithCancel(sc.baseCtx)
 	st := &stream{
 		sc:        sc,
 		id:        id,
@@ -1961,7 +2037,11 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res
 	}
 	if bodyOpen {
 		if vv, ok := rp.header["Content-Length"]; ok {
-			req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64)
+			if cl, err := strconv.ParseUint(vv[0], 10, 63); err == nil {
+				req.ContentLength = int64(cl)
+			} else {
+				req.ContentLength = 0
+			}
 		} else {
 			req.ContentLength = -1
 		}
@@ -1999,7 +2079,7 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r
 	var trailer http.Header
 	for _, v := range rp.header["Trailer"] {
 		for _, key := range strings.Split(v, ",") {
-			key = http.CanonicalHeaderKey(strings.TrimSpace(key))
+			key = http.CanonicalHeaderKey(textproto.TrimString(key))
 			switch key {
 			case "Transfer-Encoding", "Trailer", "Content-Length":
 				// Bogus. (copy of http1 rules)
@@ -2047,7 +2127,7 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r
 		Body:       body,
 		Trailer:    trailer,
 	}
-	req = requestWithContext(req, st.ctx)
+	req = req.WithContext(st.ctx)
 
 	rws := responseWriterStatePool.Get().(*responseWriterState)
 	bwSave := rws.bw
@@ -2075,7 +2155,7 @@ func (sc *serverConn) runHandler(rw *responseWriter, req *http.Request, handler
 				stream: rw.rws.stream,
 			})
 			// Same as net/http:
-			if shouldLogPanic(e) {
+			if e != nil && e != http.ErrAbortHandler {
 				const size = 64 << 10
 				buf := make([]byte, size)
 				buf = buf[:runtime.Stack(buf, false)]
@@ -2217,6 +2297,7 @@ func (sc *serverConn) sendWindowUpdate32(st *stream, n int32) {
 // requestBody is the Handler's Request.Body type.
 // Read and Close may be called concurrently.
 type requestBody struct {
+	_             incomparable
 	stream        *stream
 	conn          *serverConn
 	closed        bool  // for use by Close only
@@ -2300,7 +2381,16 @@ type chunkWriter struct{ rws *responseWriterState }
 
 func (cw chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) }
 
-func (rws *responseWriterState) hasTrailers() bool { return len(rws.trailers) != 0 }
+func (rws *responseWriterState) hasTrailers() bool { return len(rws.trailers) > 0 }
+
+func (rws *responseWriterState) hasNonemptyTrailers() bool {
+	for _, trailer := range rws.trailers {
+		if _, ok := rws.handlerHeader[trailer]; ok {
+			return true
+		}
+	}
+	return false
+}
 
 // declareTrailer is called for each Trailer header when the
 // response header is written. It notes that a header will need to be
@@ -2334,9 +2424,8 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 		var ctype, clen string
 		if clen = rws.snapHeader.Get("Content-Length"); clen != "" {
 			rws.snapHeader.Del("Content-Length")
-			clen64, err := strconv.ParseInt(clen, 10, 64)
-			if err == nil && clen64 >= 0 {
-				rws.sentContentLen = clen64
+			if cl, err := strconv.ParseUint(clen, 10, 63); err == nil {
+				rws.sentContentLen = int64(cl)
 			} else {
 				clen = ""
 			}
@@ -2345,16 +2434,12 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 			clen = strconv.Itoa(len(p))
 		}
 		_, hasContentType := rws.snapHeader["Content-Type"]
-		if !hasContentType && bodyAllowedForStatus(rws.status) && len(p) > 0 {
-			if cto := rws.snapHeader.Get("X-Content-Type-Options"); strings.EqualFold("nosniff", cto) {
-				// nosniff is an explicit directive not to guess a content-type.
-				// Content-sniffing is no less susceptible to polyglot attacks via
-				// hosted content when done on the server.
-				ctype = "application/octet-stream"
-				rws.conn.logf("http2: WriteHeader called with X-Content-Type-Options:nosniff but no Content-Type")
-			} else {
-				ctype = http.DetectContentType(p)
-			}
+		// If the Content-Encoding is non-blank, we shouldn't
+		// sniff the body. See Issue golang.org/issue/31753.
+		ce := rws.snapHeader.Get("Content-Encoding")
+		hasCE := len(ce) > 0
+		if !hasCE && !hasContentType && bodyAllowedForStatus(rws.status) && len(p) > 0 {
+			ctype = http.DetectContentType(p)
 		}
 		var date string
 		if _, ok := rws.snapHeader["Date"]; !ok {
@@ -2408,7 +2493,10 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 		rws.promoteUndeclaredTrailers()
 	}
 
-	endStream := rws.handlerDone && !rws.hasTrailers()
+	// only send trailers if they have actually been defined by the
+	// server handler.
+	hasNonemptyTrailers := rws.hasNonemptyTrailers()
+	endStream := rws.handlerDone && !hasNonemptyTrailers
 	if len(p) > 0 || endStream {
 		// only send a 0 byte DATA frame if we're ending the stream.
 		if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil {
@@ -2417,7 +2505,7 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 		}
 	}
 
-	if rws.handlerDone && rws.hasTrailers() {
+	if rws.handlerDone && hasNonemptyTrailers {
 		err = rws.conn.writeHeaders(rws.stream, &writeResHeaders{
 			streamID:  rws.stream.id,
 			h:         rws.handlerHeader,
@@ -2459,7 +2547,7 @@ const TrailerPrefix = "Trailer:"
 // trailers. That worked for a while, until we found the first major
 // user of Trailers in the wild: gRPC (using them only over http2),
 // and gRPC libraries permit setting trailers mid-stream without
-// predeclarnig them. So: change of plans. We still permit the old
+// predeclaring them. So: change of plans. We still permit the old
 // way, but we also permit this hack: if a Header() key begins with
 // "Trailer:", the suffix of that key is a Trailer. Because ':' is an
 // invalid token byte anyway, there is no ambiguity. (And it's already
@@ -2645,14 +2733,9 @@ var (
 	ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS")
 )
 
-// pushOptions is the internal version of http.PushOptions, which we
-// cannot include here because it's only defined in Go 1.8 and later.
-type pushOptions struct {
-	Method string
-	Header http.Header
-}
+var _ http.Pusher = (*responseWriter)(nil)
 
-func (w *responseWriter) push(target string, opts pushOptions) error {
+func (w *responseWriter) Push(target string, opts *http.PushOptions) error {
 	st := w.rws.stream
 	sc := st.sc
 	sc.serveG.checkNotOn()
@@ -2663,6 +2746,10 @@ func (w *responseWriter) push(target string, opts pushOptions) error {
 		return ErrRecursivePush
 	}
 
+	if opts == nil {
+		opts = new(http.PushOptions)
+	}
+
 	// Default options.
 	if opts.Method == "" {
 		opts.Method = "GET"
@@ -2760,7 +2847,7 @@ func (sc *serverConn) startPush(msg *startPushRequest) {
 	// PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that
 	// is in either the "open" or "half-closed (remote)" state.
 	if msg.parent.state != stateOpen && msg.parent.state != stateHalfClosedRemote {
-		// responseWriter.Push checks that the stream is peer-initiaed.
+		// responseWriter.Push checks that the stream is peer-initiated.
 		msg.done <- errStreamClosed
 		return
 	}
diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
index 9d1f2fadd3dff..7688d72c39602 100644
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@@ -10,6 +10,7 @@ import (
 	"bufio"
 	"bytes"
 	"compress/gzip"
+	"context"
 	"crypto/rand"
 	"crypto/tls"
 	"errors"
@@ -21,11 +22,13 @@ import (
 	mathrand "math/rand"
 	"net"
 	"net/http"
+	"net/http/httptrace"
 	"net/textproto"
 	"sort"
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"golang.org/x/net/http/httpguts"
@@ -90,11 +93,34 @@ type Transport struct {
 	// send in the initial settings frame. It is how many bytes
 	// of response headers are allowed. Unlike the http2 spec, zero here
 	// means to use a default limit (currently 10MB). If you actually
-	// want to advertise an ulimited value to the peer, Transport
+	// want to advertise an unlimited value to the peer, Transport
 	// interprets the highest possible value here (0xffffffff or 1<<32-1)
 	// to mean no limit.
 	MaxHeaderListSize uint32
 
+	// StrictMaxConcurrentStreams controls whether the server's
+	// SETTINGS_MAX_CONCURRENT_STREAMS should be respected
+	// globally. If false, new TCP connections are created to the
+	// server as needed to keep each under the per-connection
+	// SETTINGS_MAX_CONCURRENT_STREAMS limit. If true, the
+	// server's SETTINGS_MAX_CONCURRENT_STREAMS is interpreted as
+	// a global limit and callers of RoundTrip block when needed,
+	// waiting for their turn.
+	StrictMaxConcurrentStreams bool
+
+	// ReadIdleTimeout is the timeout after which a health check using ping
+	// frame will be carried out if no frame is received on the connection.
+	// Note that a ping response will is considered a received frame, so if
+	// there is no other traffic on the connection, the health check will
+	// be performed every ReadIdleTimeout interval.
+	// If zero, no health check is performed.
+	ReadIdleTimeout time.Duration
+
+	// PingTimeout is the timeout after which the connection will be closed
+	// if a response to Ping is not received.
+	// Defaults to 15s.
+	PingTimeout time.Duration
+
 	// t1, if non-nil, is the standard library Transport using
 	// this transport. Its settings are used (but not its
 	// RoundTrip method, etc).
@@ -118,16 +144,73 @@ func (t *Transport) disableCompression() bool {
 	return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression)
 }
 
-var errTransportVersion = errors.New("http2: ConfigureTransport is only supported starting at Go 1.6")
+func (t *Transport) pingTimeout() time.Duration {
+	if t.PingTimeout == 0 {
+		return 15 * time.Second
+	}
+	return t.PingTimeout
+
+}
 
 // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2.
-// It requires Go 1.6 or later and returns an error if the net/http package is too old
-// or if t1 has already been HTTP/2-enabled.
+// It returns an error if t1 has already been HTTP/2-enabled.
+//
+// Use ConfigureTransports instead to configure the HTTP/2 Transport.
 func ConfigureTransport(t1 *http.Transport) error {
-	_, err := configureTransport(t1) // in configure_transport.go (go1.6) or not_go16.go
+	_, err := ConfigureTransports(t1)
 	return err
 }
 
+// ConfigureTransports configures a net/http HTTP/1 Transport to use HTTP/2.
+// It returns a new HTTP/2 Transport for further configuration.
+// It returns an error if t1 has already been HTTP/2-enabled.
+func ConfigureTransports(t1 *http.Transport) (*Transport, error) {
+	return configureTransports(t1)
+}
+
+func configureTransports(t1 *http.Transport) (*Transport, error) {
+	connPool := new(clientConnPool)
+	t2 := &Transport{
+		ConnPool: noDialClientConnPool{connPool},
+		t1:       t1,
+	}
+	connPool.t = t2
+	if err := registerHTTPSProtocol(t1, noDialH2RoundTripper{t2}); err != nil {
+		return nil, err
+	}
+	if t1.TLSClientConfig == nil {
+		t1.TLSClientConfig = new(tls.Config)
+	}
+	if !strSliceContains(t1.TLSClientConfig.NextProtos, "h2") {
+		t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...)
+	}
+	if !strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") {
+		t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1")
+	}
+	upgradeFn := func(authority string, c *tls.Conn) http.RoundTripper {
+		addr := authorityAddr("https", authority)
+		if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil {
+			go c.Close()
+			return erringRoundTripper{err}
+		} else if !used {
+			// Turns out we don't need this c.
+			// For example, two goroutines made requests to the same host
+			// at the same time, both kicking off TCP dials. (since protocol
+			// was unknown)
+			go c.Close()
+		}
+		return t2
+	}
+	if m := t1.TLSNextProto; len(m) == 0 {
+		t1.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{
+			"h2": upgradeFn,
+		}
+	} else {
+		m["h2"] = upgradeFn
+	}
+	return t2, nil
+}
+
 func (t *Transport) connPool() ClientConnPool {
 	t.connPoolOnce.Do(t.initConnPool)
 	return t.connPoolOrDef
@@ -147,6 +230,7 @@ type ClientConn struct {
 	t         *Transport
 	tconn     net.Conn             // usually *tls.Conn, except specialized impls
 	tlsState  *tls.ConnectionState // nil only for specialized impls
+	reused    uint32               // whether conn is being reused; atomic
 	singleUse bool                 // whether being used for a single http.Request
 
 	// readLoop goroutine fields:
@@ -173,6 +257,7 @@ type ClientConn struct {
 	br              *bufio.Reader
 	fr              *Framer
 	lastActive      time.Time
+	lastIdle        time.Time // time last idle
 	// Settings from peer: (also guarded by mu)
 	maxFrameSize          uint32
 	maxConcurrentStreams  uint32
@@ -192,7 +277,7 @@ type ClientConn struct {
 type clientStream struct {
 	cc            *ClientConn
 	req           *http.Request
-	trace         *clientTrace // or nil
+	trace         *httptrace.ClientTrace // or nil
 	ID            uint32
 	resc          chan resAndError
 	bufPipe       pipe // buffered pipe with the flow-controlled response payload
@@ -226,7 +311,7 @@ type clientStream struct {
 // channel to be signaled. A non-nil error is returned only if the request was
 // canceled.
 func awaitRequestCancel(req *http.Request, done <-chan struct{}) error {
-	ctx := reqContext(req)
+	ctx := req.Context()
 	if req.Cancel == nil && ctx.Done() == nil {
 		return nil
 	}
@@ -388,7 +473,8 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res
 			t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err)
 			return nil, err
 		}
-		traceGotConn(req, cc)
+		reused := !atomic.CompareAndSwapUint32(&cc.reused, 0, 1)
+		traceGotConn(req, cc, reused)
 		res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req)
 		if err != nil && retry <= 6 {
 			if req, err = shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil {
@@ -401,8 +487,8 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res
 				select {
 				case <-time.After(time.Second * time.Duration(backoff)):
 					continue
-				case <-reqContext(req).Done():
-					return nil, reqContext(req).Err()
+				case <-req.Context().Done():
+					return nil, req.Context().Err()
 				}
 			}
 		}
@@ -439,16 +525,15 @@ func shouldRetryRequest(req *http.Request, err error, afterBodyWrite bool) (*htt
 	}
 	// If the Body is nil (or http.NoBody), it's safe to reuse
 	// this request and its Body.
-	if req.Body == nil || reqBodyIsNoBody(req.Body) {
+	if req.Body == nil || req.Body == http.NoBody {
 		return req, nil
 	}
 
 	// If the request body can be reset back to its original
 	// state via the optional req.GetBody, do that.
-	getBody := reqGetBody(req) // Go 1.8: getBody = req.GetBody
-	if getBody != nil {
+	if req.GetBody != nil {
 		// TODO: consider a req.Body.Close here? or audit that all caller paths do?
-		body, err := getBody()
+		body, err := req.GetBody()
 		if err != nil {
 			return nil, err
 		}
@@ -494,7 +579,7 @@ func (t *Transport) dialClientConn(addr string, singleUse bool) (*ClientConn, er
 func (t *Transport) newTLSConfig(host string) *tls.Config {
 	cfg := new(tls.Config)
 	if t.TLSClientConfig != nil {
-		*cfg = *cloneTLSConfig(t.TLSClientConfig)
+		*cfg = *t.TLSClientConfig.Clone()
 	}
 	if !strSliceContains(cfg.NextProtos, NextProtoTLS) {
 		cfg.NextProtos = append([]string{NextProtoTLS}, cfg.NextProtos...)
@@ -545,11 +630,11 @@ func (t *Transport) expectContinueTimeout() time.Duration {
 	if t.t1 == nil {
 		return 0
 	}
-	return transportExpectContinueTimeout(t.t1)
+	return t.t1.ExpectContinueTimeout
 }
 
 func (t *Transport) NewClientConn(c net.Conn) (*ClientConn, error) {
-	return t.newClientConn(c, false)
+	return t.newClientConn(c, t.disableKeepAlives())
 }
 
 func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, error) {
@@ -613,6 +698,7 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 	cc.inflow.add(transportDefaultConnFlow + initialWindowSize)
 	cc.bw.Flush()
 	if cc.werr != nil {
+		cc.Close()
 		return nil, cc.werr
 	}
 
@@ -620,6 +706,20 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 	return cc, nil
 }
 
+func (cc *ClientConn) healthCheck() {
+	pingTimeout := cc.t.pingTimeout()
+	// We don't need to periodically ping in the health check, because the readLoop of ClientConn will
+	// trigger the healthCheck again if there is no frame received.
+	ctx, cancel := context.WithTimeout(context.Background(), pingTimeout)
+	defer cancel()
+	err := cc.Ping(ctx)
+	if err != nil {
+		cc.closeForLostPing()
+		cc.t.connPool().MarkDead(cc)
+		return
+	}
+}
+
 func (cc *ClientConn) setGoAway(f *GoAwayFrame) {
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
@@ -670,8 +770,20 @@ func (cc *ClientConn) idleStateLocked() (st clientConnIdleState) {
 	if cc.singleUse && cc.nextStreamID > 1 {
 		return
 	}
-	st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing &&
-		int64(cc.nextStreamID)+int64(cc.pendingRequests) < math.MaxInt32
+	var maxConcurrentOkay bool
+	if cc.t.StrictMaxConcurrentStreams {
+		// We'll tell the caller we can take a new request to
+		// prevent the caller from dialing a new TCP
+		// connection, but then we'll block later before
+		// writing it.
+		maxConcurrentOkay = true
+	} else {
+		maxConcurrentOkay = int64(len(cc.streams)+1) < int64(cc.maxConcurrentStreams)
+	}
+
+	st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay &&
+		int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 &&
+		!cc.tooIdleLocked()
 	st.freshConn = cc.nextStreamID == 1 && st.canTakeNewRequest
 	return
 }
@@ -681,6 +793,16 @@ func (cc *ClientConn) canTakeNewRequestLocked() bool {
 	return st.canTakeNewRequest
 }
 
+// tooIdleLocked reports whether this connection has been been sitting idle
+// for too much wall time.
+func (cc *ClientConn) tooIdleLocked() bool {
+	// The Round(0) strips the monontonic clock reading so the
+	// times are compared based on their wall time. We don't want
+	// to reuse a connection that's been sitting idle during
+	// VM/laptop suspend if monotonic time was also frozen.
+	return cc.idleTimeout != 0 && !cc.lastIdle.IsZero() && time.Since(cc.lastIdle.Round(0)) > cc.idleTimeout
+}
+
 // onIdleTimeout is called from a time.AfterFunc goroutine. It will
 // only be called when we're idle, but because we're coming from a new
 // goroutine, there could be a new request coming in at the same time,
@@ -711,8 +833,7 @@ func (cc *ClientConn) closeIfIdle() {
 var shutdownEnterWaitStateHook = func() {}
 
 // Shutdown gracefully close the client connection, waiting for running streams to complete.
-// Public implementation is in go17.go and not_go17.go
-func (cc *ClientConn) shutdown(ctx contextContext) error {
+func (cc *ClientConn) Shutdown(ctx context.Context) error {
 	if err := cc.sendGoAway(); err != nil {
 		return err
 	}
@@ -770,14 +891,12 @@ func (cc *ClientConn) sendGoAway() error {
 	return nil
 }
 
-// Close closes the client connection immediately.
-//
-// In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead.
-func (cc *ClientConn) Close() error {
+// closes the client connection immediately. In-flight requests are interrupted.
+// err is sent to streams.
+func (cc *ClientConn) closeForError(err error) error {
 	cc.mu.Lock()
 	defer cc.cond.Broadcast()
 	defer cc.mu.Unlock()
-	err := errors.New("http2: client connection force closed via ClientConn.Close")
 	for id, cs := range cc.streams {
 		select {
 		case cs.resc <- resAndError{err: err}:
@@ -790,6 +909,20 @@ func (cc *ClientConn) Close() error {
 	return cc.tconn.Close()
 }
 
+// Close closes the client connection immediately.
+//
+// In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead.
+func (cc *ClientConn) Close() error {
+	err := errors.New("http2: client connection force closed via ClientConn.Close")
+	return cc.closeForError(err)
+}
+
+// closes the client connection immediately. In-flight requests are interrupted.
+func (cc *ClientConn) closeForLostPing() error {
+	err := errors.New("http2: client connection lost")
+	return cc.closeForError(err)
+}
+
 const maxAllocFrameSize = 512 << 10
 
 // frameBuffer returns a scratch buffer suitable for writing DATA frames.
@@ -840,7 +973,7 @@ func commaSeparatedTrailers(req *http.Request) (string, error) {
 		k = http.CanonicalHeaderKey(k)
 		switch k {
 		case "Transfer-Encoding", "Trailer", "Content-Length":
-			return "", &badStringError{"invalid Trailer key", k}
+			return "", fmt.Errorf("invalid Trailer key %q", k)
 		}
 		keys = append(keys, k)
 	}
@@ -882,7 +1015,7 @@ func checkConnHeaders(req *http.Request) error {
 // req.ContentLength, where 0 actually means zero (not unknown) and -1
 // means unknown.
 func actualContentLength(req *http.Request) int64 {
-	if req.Body == nil || reqBodyIsNoBody(req.Body) {
+	if req.Body == nil || req.Body == http.NoBody {
 		return 0
 	}
 	if req.ContentLength != 0 {
@@ -928,7 +1061,7 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 		req.Method != "HEAD" {
 		// Request gzip only, not deflate. Deflate is ambiguous and
 		// not as universally supported anyway.
-		// See: http://www.gzip.org/zlib/zlib_faq.html#faq38
+		// See: https://zlib.net/zlib_faq.html#faq39
 		//
 		// Note that we don't request this for HEAD requests,
 		// due to a bug in nginx:
@@ -952,11 +1085,20 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 
 	cs := cc.newStream()
 	cs.req = req
-	cs.trace = requestTrace(req)
+	cs.trace = httptrace.ContextClientTrace(req.Context())
 	cs.requestedGzip = requestedGzip
 	bodyWriter := cc.t.getBodyWriterState(cs, body)
 	cs.on100 = bodyWriter.on100
 
+	defer func() {
+		cc.wmu.Lock()
+		werr := cc.werr
+		cc.wmu.Unlock()
+		if werr != nil {
+			cc.Close()
+		}
+	}()
+
 	cc.wmu.Lock()
 	endStream := !hasBody && !hasTrailers
 	werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs)
@@ -990,7 +1132,7 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 
 	readLoopResCh := cs.resc
 	bodyWritten := false
-	ctx := reqContext(req)
+	ctx := req.Context()
 
 	handleReadLoopResponse := func(re resAndError) (*http.Response, bool, error) {
 		res := re.res
@@ -1006,6 +1148,9 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 			// we can keep it.
 			bodyWriter.cancel()
 			cs.abortRequestBodyWrite(errStopReqBodyWrite)
+			if hasBody && !bodyWritten {
+				<-bodyWriter.resc
+			}
 		}
 		if re.err != nil {
 			cc.forgetStreamID(cs.ID)
@@ -1026,6 +1171,7 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 			} else {
 				bodyWriter.cancel()
 				cs.abortRequestBodyWrite(errStopReqBodyWriteAndCancel)
+				<-bodyWriter.resc
 			}
 			cc.forgetStreamID(cs.ID)
 			return nil, cs.getStartedWrite(), errTimeout
@@ -1035,6 +1181,7 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 			} else {
 				bodyWriter.cancel()
 				cs.abortRequestBodyWrite(errStopReqBodyWriteAndCancel)
+				<-bodyWriter.resc
 			}
 			cc.forgetStreamID(cs.ID)
 			return nil, cs.getStartedWrite(), ctx.Err()
@@ -1044,6 +1191,7 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 			} else {
 				bodyWriter.cancel()
 				cs.abortRequestBodyWrite(errStopReqBodyWriteAndCancel)
+				<-bodyWriter.resc
 			}
 			cc.forgetStreamID(cs.ID)
 			return nil, cs.getStartedWrite(), errRequestCanceled
@@ -1053,6 +1201,7 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 			// forgetStreamID.
 			return nil, cs.getStartedWrite(), cs.resetErr
 		case err := <-bodyWriter.resc:
+			bodyWritten = true
 			// Prefer the read loop's response, if available. Issue 16102.
 			select {
 			case re := <-readLoopResCh:
@@ -1060,9 +1209,9 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf
 			default:
 			}
 			if err != nil {
+				cc.forgetStreamID(cs.ID)
 				return nil, cs.getStartedWrite(), err
 			}
-			bodyWritten = true
 			if d := cc.responseHeaderTimeout(); d != 0 {
 				timer := time.NewTimer(d)
 				defer timer.Stop()
@@ -1085,6 +1234,7 @@ func (cc *ClientConn) awaitOpenSlotForRequest(req *http.Request) error {
 			}
 			return errClientConnUnusable
 		}
+		cc.lastIdle = time.Time{}
 		if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) {
 			if waitingForConn != nil {
 				close(waitingForConn)
@@ -1151,6 +1301,8 @@ var (
 
 	// abort request body write, but send stream reset of cancel.
 	errStopReqBodyWriteAndCancel = errors.New("http2: canceling request")
+
+	errReqBodyTooLong = errors.New("http2: request body larger than specified content length")
 )
 
 func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) {
@@ -1173,14 +1325,37 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (
 
 	req := cs.req
 	hasTrailers := req.Trailer != nil
+	remainLen := actualContentLength(req)
+	hasContentLen := remainLen != -1
 
 	var sawEOF bool
 	for !sawEOF {
-		n, err := body.Read(buf)
+		n, err := body.Read(buf[:len(buf)-1])
+		if hasContentLen {
+			remainLen -= int64(n)
+			if remainLen == 0 && err == nil {
+				// The request body's Content-Length was predeclared and
+				// we just finished reading it all, but the underlying io.Reader
+				// returned the final chunk with a nil error (which is one of
+				// the two valid things a Reader can do at EOF). Because we'd prefer
+				// to send the END_STREAM bit early, double-check that we're actually
+				// at EOF. Subsequent reads should return (0, EOF) at this point.
+				// If either value is different, we return an error in one of two ways below.
+				var n1 int
+				n1, err = body.Read(buf[n:])
+				remainLen -= int64(n1)
+			}
+			if remainLen < 0 {
+				err = errReqBodyTooLong
+				cc.writeStreamReset(cs.ID, ErrCodeCancel, err)
+				return err
+			}
+		}
 		if err == io.EOF {
 			sawEOF = true
 			err = nil
 		} else if err != nil {
+			cc.writeStreamReset(cs.ID, ErrCodeCancel, err)
 			return err
 		}
 
@@ -1291,13 +1466,6 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error)
 	}
 }
 
-type badStringError struct {
-	what string
-	str  string
-}
-
-func (e *badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) }
-
 // requires cc.mu be held.
 func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) {
 	cc.hbuf.Reset()
@@ -1348,7 +1516,11 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 		// followed by the query production (see Sections 3.3 and 3.4 of
 		// [RFC3986]).
 		f(":authority", host)
-		f(":method", req.Method)
+		m := req.Method
+		if m == "" {
+			m = http.MethodGet
+		}
+		f(":method", m)
 		if req.Method != "CONNECT" {
 			f(":path", path)
 			f(":scheme", req.URL.Scheme)
@@ -1384,7 +1556,29 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 				if vv[0] == "" {
 					continue
 				}
-
+			} else if strings.EqualFold(k, "cookie") {
+				// Per 8.1.2.5 To allow for better compression efficiency, the
+				// Cookie header field MAY be split into separate header fields,
+				// each with one or more cookie-pairs.
+				for _, v := range vv {
+					for {
+						p := strings.IndexByte(v, ';')
+						if p < 0 {
+							break
+						}
+						f("cookie", v[:p])
+						p++
+						// strip space after semicolon if any.
+						for p+1 <= len(v) && v[p] == ' ' {
+							p++
+						}
+						v = v[p:]
+					}
+					if len(v) > 0 {
+						f("cookie", v)
+					}
+				}
+				continue
 			}
 
 			for _, v := range vv {
@@ -1416,7 +1610,7 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 		return nil, errRequestHeaderListSize
 	}
 
-	trace := requestTrace(req)
+	trace := httptrace.ContextClientTrace(req.Context())
 	traceHeaders := traceHasWroteHeaderField(trace)
 
 	// Header list size is ok. Write the headers.
@@ -1487,6 +1681,7 @@ func (cc *ClientConn) writeHeader(name, value string) {
 }
 
 type resAndError struct {
+	_   incomparable
 	res *http.Response
 	err error
 }
@@ -1522,6 +1717,7 @@ func (cc *ClientConn) streamByID(id uint32, andRemove bool) *clientStream {
 		delete(cc.streams, id)
 		if len(cc.streams) == 0 && cc.idleTimer != nil {
 			cc.idleTimer.Reset(cc.idleTimeout)
+			cc.lastIdle = time.Now()
 		}
 		close(cs.done)
 		// Wake up checkResetOrDone via clientStream.awaitFlowControl and
@@ -1533,6 +1729,7 @@ func (cc *ClientConn) streamByID(id uint32, andRemove bool) *clientStream {
 
 // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop.
 type clientConnReadLoop struct {
+	_             incomparable
 	cc            *ClientConn
 	closeWhenIdle bool
 }
@@ -1612,8 +1809,17 @@ func (rl *clientConnReadLoop) run() error {
 	rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse
 	gotReply := false // ever saw a HEADERS reply
 	gotSettings := false
+	readIdleTimeout := cc.t.ReadIdleTimeout
+	var t *time.Timer
+	if readIdleTimeout != 0 {
+		t = time.AfterFunc(readIdleTimeout, cc.healthCheck)
+		defer t.Stop()
+	}
 	for {
 		f, err := cc.fr.ReadFrame()
+		if t != nil {
+			t.Reset(readIdleTimeout)
+		}
 		if err != nil {
 			cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err)
 		}
@@ -1762,7 +1968,9 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra
 		return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header")
 	}
 
-	header := make(http.Header)
+	regularFields := f.RegularFields()
+	strs := make([]string, len(regularFields))
+	header := make(http.Header, len(regularFields))
 	res := &http.Response{
 		Proto:      "HTTP/2.0",
 		ProtoMajor: 2,
@@ -1770,7 +1978,7 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra
 		StatusCode: statusCode,
 		Status:     status + " " + http.StatusText(statusCode),
 	}
-	for _, hf := range f.RegularFields() {
+	for _, hf := range regularFields {
 		key := http.CanonicalHeaderKey(hf.Name)
 		if key == "Trailer" {
 			t := res.Trailer
@@ -1782,7 +1990,18 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra
 				t[http.CanonicalHeaderKey(v)] = nil
 			})
 		} else {
-			header[key] = append(header[key], hf.Value)
+			vv := header[key]
+			if vv == nil && len(strs) > 0 {
+				// More than likely this will be a single-element key.
+				// Most headers aren't multi-valued.
+				// Set the capacity on strs[0] to 1, so any future append
+				// won't extend the slice into the other strings.
+				vv, strs = strs[:1:1], strs[1:]
+				vv[0] = hf.Value
+				header[key] = vv
+			} else {
+				header[key] = append(vv, hf.Value)
+			}
 		}
 	}
 
@@ -1812,8 +2031,8 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra
 	if !streamEnded || isHead {
 		res.ContentLength = -1
 		if clens := res.Header["Content-Length"]; len(clens) == 1 {
-			if clen64, err := strconv.ParseInt(clens[0], 10, 64); err == nil {
-				res.ContentLength = clen64
+			if cl, err := strconv.ParseUint(clens[0], 10, 63); err == nil {
+				res.ContentLength = int64(cl)
 			} else {
 				// TODO: care? unlike http/1, it won't mess up our framing, so it's
 				// more safe smuggling-wise to ignore.
@@ -1839,7 +2058,7 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra
 		res.Header.Del("Content-Length")
 		res.ContentLength = -1
 		res.Body = &gzipReader{body: res.Body}
-		setResponseUncompressed(res)
+		res.Uncompressed = true
 	}
 	return res, nil
 }
@@ -2068,8 +2287,6 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error {
 	return nil
 }
 
-var errInvalidTrailers = errors.New("http2: invalid trailers")
-
 func (rl *clientConnReadLoop) endStream(cs *clientStream) {
 	// TODO: check that any declared content-length matches, like
 	// server.go's (*stream).endStream method.
@@ -2216,8 +2433,7 @@ func (rl *clientConnReadLoop) processResetStream(f *RSTStreamFrame) error {
 }
 
 // Ping sends a PING frame to the server and waits for the ack.
-// Public implementation is in go17.go and not_go17.go
-func (cc *ClientConn) ping(ctx contextContext) error {
+func (cc *ClientConn) Ping(ctx context.Context) error {
 	c := make(chan struct{})
 	// Generate a random payload
 	var p [8]byte
@@ -2301,7 +2517,6 @@ func (cc *ClientConn) writeStreamReset(streamID uint32, code ErrCode, err error)
 var (
 	errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit")
 	errRequestHeaderListSize  = errors.New("http2: request header list larger than peer's advertised limit")
-	errPseudoTrailers         = errors.New("http2: invalid pseudo header in trailers")
 )
 
 func (cc *ClientConn) logf(format string, args ...interface{}) {
@@ -2335,11 +2550,13 @@ func strSliceContains(ss []string, s string) bool {
 
 type erringRoundTripper struct{ err error }
 
+func (rt erringRoundTripper) RoundTripErr() error                             { return rt.err }
 func (rt erringRoundTripper) RoundTrip(*http.Request) (*http.Response, error) { return nil, rt.err }
 
 // gzipReader wraps a response body so it can lazily
 // call gzip.NewReader on the first call to Read
 type gzipReader struct {
+	_    incomparable
 	body io.ReadCloser // underlying Response.Body
 	zr   *gzip.Reader  // lazily-initialized gzip reader
 	zerr error         // sticky error
@@ -2415,7 +2632,9 @@ func (t *Transport) getBodyWriterState(cs *clientStream, body io.Reader) (s body
 
 func (s bodyWriterState) cancel() {
 	if s.timer != nil {
-		s.timer.Stop()
+		if s.timer.Stop() {
+			s.resc <- nil
+		}
 	}
 }
 
@@ -2451,3 +2670,91 @@ func (s bodyWriterState) scheduleBodyWrite() {
 func isConnectionCloseRequest(req *http.Request) bool {
 	return req.Close || httpguts.HeaderValuesContainsToken(req.Header["Connection"], "close")
 }
+
+// registerHTTPSProtocol calls Transport.RegisterProtocol but
+// converting panics into errors.
+func registerHTTPSProtocol(t *http.Transport, rt noDialH2RoundTripper) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = fmt.Errorf("%v", e)
+		}
+	}()
+	t.RegisterProtocol("https", rt)
+	return nil
+}
+
+// noDialH2RoundTripper is a RoundTripper which only tries to complete the request
+// if there's already has a cached connection to the host.
+// (The field is exported so it can be accessed via reflect from net/http; tested
+// by TestNoDialH2RoundTripperType)
+type noDialH2RoundTripper struct{ *Transport }
+
+func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	res, err := rt.Transport.RoundTrip(req)
+	if isNoCachedConnError(err) {
+		return nil, http.ErrSkipAltProtocol
+	}
+	return res, err
+}
+
+func (t *Transport) idleConnTimeout() time.Duration {
+	if t.t1 != nil {
+		return t.t1.IdleConnTimeout
+	}
+	return 0
+}
+
+func traceGetConn(req *http.Request, hostPort string) {
+	trace := httptrace.ContextClientTrace(req.Context())
+	if trace == nil || trace.GetConn == nil {
+		return
+	}
+	trace.GetConn(hostPort)
+}
+
+func traceGotConn(req *http.Request, cc *ClientConn, reused bool) {
+	trace := httptrace.ContextClientTrace(req.Context())
+	if trace == nil || trace.GotConn == nil {
+		return
+	}
+	ci := httptrace.GotConnInfo{Conn: cc.tconn}
+	ci.Reused = reused
+	cc.mu.Lock()
+	ci.WasIdle = len(cc.streams) == 0 && reused
+	if ci.WasIdle && !cc.lastActive.IsZero() {
+		ci.IdleTime = time.Now().Sub(cc.lastActive)
+	}
+	cc.mu.Unlock()
+
+	trace.GotConn(ci)
+}
+
+func traceWroteHeaders(trace *httptrace.ClientTrace) {
+	if trace != nil && trace.WroteHeaders != nil {
+		trace.WroteHeaders()
+	}
+}
+
+func traceGot100Continue(trace *httptrace.ClientTrace) {
+	if trace != nil && trace.Got100Continue != nil {
+		trace.Got100Continue()
+	}
+}
+
+func traceWait100Continue(trace *httptrace.ClientTrace) {
+	if trace != nil && trace.Wait100Continue != nil {
+		trace.Wait100Continue()
+	}
+}
+
+func traceWroteRequest(trace *httptrace.ClientTrace, err error) {
+	if trace != nil && trace.WroteRequest != nil {
+		trace.WroteRequest(httptrace.WroteRequestInfo{Err: err})
+	}
+}
+
+func traceFirstResponseByte(trace *httptrace.ClientTrace) {
+	if trace != nil && trace.GotFirstResponseByte != nil {
+		trace.GotFirstResponseByte()
+	}
+}
diff --git a/vendor/golang.org/x/net/http2/write.go b/vendor/golang.org/x/net/http2/write.go
index 8a9711f6e4a66..3849bc2632ef2 100644
--- a/vendor/golang.org/x/net/http2/write.go
+++ b/vendor/golang.org/x/net/http2/write.go
@@ -199,7 +199,7 @@ func (w *writeResHeaders) staysWithinBuffer(max int) bool {
 	// TODO: this is a common one. It'd be nice to return true
 	// here and get into the fast path if we could be clever and
 	// calculate the size fast enough, or at least a conservative
-	// uppper bound that usually fires. (Maybe if w.h and
+	// upper bound that usually fires. (Maybe if w.h and
 	// w.trailers are nil, so we don't need to enumerate it.)
 	// Otherwise I'm afraid that just calculating the length to
 	// answer this question would be slower than the ~2µs benefit.
@@ -329,7 +329,7 @@ func (wu writeWindowUpdate) writeFrame(ctx writeContext) error {
 }
 
 // encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k])
-// is encoded only only if k is in keys.
+// is encoded only if k is in keys.
 func encodeHeaders(enc *hpack.Encoder, h http.Header, keys []string) {
 	if keys == nil {
 		sorter := sorterPool.Get().(*sorter)
diff --git a/vendor/golang.org/x/net/http2/writesched.go b/vendor/golang.org/x/net/http2/writesched.go
index 4fe3073073513..f24d2b1e7d4ae 100644
--- a/vendor/golang.org/x/net/http2/writesched.go
+++ b/vendor/golang.org/x/net/http2/writesched.go
@@ -32,7 +32,7 @@ type WriteScheduler interface {
 
 	// Pop dequeues the next frame to write. Returns false if no frames can
 	// be written. Frames with a given wr.StreamID() are Pop'd in the same
-	// order they are Push'd.
+	// order they are Push'd. No frames should be discarded except by CloseStream.
 	Pop() (wr FrameWriteRequest, ok bool)
 }
 
@@ -76,6 +76,12 @@ func (wr FrameWriteRequest) StreamID() uint32 {
 	return wr.stream.id
 }
 
+// isControl reports whether wr is a control frame for MaxQueuedControlFrames
+// purposes. That includes non-stream frames and RST_STREAM frames.
+func (wr FrameWriteRequest) isControl() bool {
+	return wr.stream == nil
+}
+
 // DataSize returns the number of flow control bytes that must be consumed
 // to write this entire frame. This is 0 for non-DATA frames.
 func (wr FrameWriteRequest) DataSize() int {
diff --git a/vendor/golang.org/x/net/http2/writesched_priority.go b/vendor/golang.org/x/net/http2/writesched_priority.go
index 848fed6ec7693..2618b2c11d228 100644
--- a/vendor/golang.org/x/net/http2/writesched_priority.go
+++ b/vendor/golang.org/x/net/http2/writesched_priority.go
@@ -149,7 +149,7 @@ func (n *priorityNode) addBytes(b int64) {
 }
 
 // walkReadyInOrder iterates over the tree in priority order, calling f for each node
-// with a non-empty write queue. When f returns true, this funcion returns true and the
+// with a non-empty write queue. When f returns true, this function returns true and the
 // walk halts. tmp is used as scratch space for sorting.
 //
 // f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true
diff --git a/vendor/golang.org/x/net/http2/writesched_random.go b/vendor/golang.org/x/net/http2/writesched_random.go
index 36d7919f16ac1..9a7b9e581c1ef 100644
--- a/vendor/golang.org/x/net/http2/writesched_random.go
+++ b/vendor/golang.org/x/net/http2/writesched_random.go
@@ -19,7 +19,8 @@ type randomWriteScheduler struct {
 	zero writeQueue
 
 	// sq contains the stream-specific queues, keyed by stream ID.
-	// When a stream is idle or closed, it's deleted from the map.
+	// When a stream is idle, closed, or emptied, it's deleted
+	// from the map.
 	sq map[uint32]*writeQueue
 
 	// pool of empty queues for reuse.
@@ -63,8 +64,12 @@ func (ws *randomWriteScheduler) Pop() (FrameWriteRequest, bool) {
 		return ws.zero.shift(), true
 	}
 	// Iterate over all non-idle streams until finding one that can be consumed.
-	for _, q := range ws.sq {
+	for streamID, q := range ws.sq {
 		if wr, ok := q.consume(math.MaxInt32); ok {
+			if q.empty() {
+				delete(ws.sq, streamID)
+				ws.queuePool.put(q)
+			}
 			return wr, true
 		}
 	}
diff --git a/vendor/golang.org/x/net/idna/idna.go b/vendor/golang.org/x/net/idna/idna.go
deleted file mode 100644
index 346fe4423ed71..0000000000000
--- a/vendor/golang.org/x/net/idna/idna.go
+++ /dev/null
@@ -1,732 +0,0 @@
-// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
-
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package idna implements IDNA2008 using the compatibility processing
-// defined by UTS (Unicode Technical Standard) #46, which defines a standard to
-// deal with the transition from IDNA2003.
-//
-// IDNA2008 (Internationalized Domain Names for Applications), is defined in RFC
-// 5890, RFC 5891, RFC 5892, RFC 5893 and RFC 5894.
-// UTS #46 is defined in http://www.unicode.org/reports/tr46.
-// See http://unicode.org/cldr/utility/idna.jsp for a visualization of the
-// differences between these two standards.
-package idna // import "golang.org/x/net/idna"
-
-import (
-	"fmt"
-	"strings"
-	"unicode/utf8"
-
-	"golang.org/x/text/secure/bidirule"
-	"golang.org/x/text/unicode/bidi"
-	"golang.org/x/text/unicode/norm"
-)
-
-// NOTE: Unlike common practice in Go APIs, the functions will return a
-// sanitized domain name in case of errors. Browsers sometimes use a partially
-// evaluated string as lookup.
-// TODO: the current error handling is, in my opinion, the least opinionated.
-// Other strategies are also viable, though:
-// Option 1) Return an empty string in case of error, but allow the user to
-//    specify explicitly which errors to ignore.
-// Option 2) Return the partially evaluated string if it is itself a valid
-//    string, otherwise return the empty string in case of error.
-// Option 3) Option 1 and 2.
-// Option 4) Always return an empty string for now and implement Option 1 as
-//    needed, and document that the return string may not be empty in case of
-//    error in the future.
-// I think Option 1 is best, but it is quite opinionated.
-
-// ToASCII is a wrapper for Punycode.ToASCII.
-func ToASCII(s string) (string, error) {
-	return Punycode.process(s, true)
-}
-
-// ToUnicode is a wrapper for Punycode.ToUnicode.
-func ToUnicode(s string) (string, error) {
-	return Punycode.process(s, false)
-}
-
-// An Option configures a Profile at creation time.
-type Option func(*options)
-
-// Transitional sets a Profile to use the Transitional mapping as defined in UTS
-// #46. This will cause, for example, "ß" to be mapped to "ss". Using the
-// transitional mapping provides a compromise between IDNA2003 and IDNA2008
-// compatibility. It is used by most browsers when resolving domain names. This
-// option is only meaningful if combined with MapForLookup.
-func Transitional(transitional bool) Option {
-	return func(o *options) { o.transitional = true }
-}
-
-// VerifyDNSLength sets whether a Profile should fail if any of the IDN parts
-// are longer than allowed by the RFC.
-func VerifyDNSLength(verify bool) Option {
-	return func(o *options) { o.verifyDNSLength = verify }
-}
-
-// RemoveLeadingDots removes leading label separators. Leading runes that map to
-// dots, such as U+3002 IDEOGRAPHIC FULL STOP, are removed as well.
-//
-// This is the behavior suggested by the UTS #46 and is adopted by some
-// browsers.
-func RemoveLeadingDots(remove bool) Option {
-	return func(o *options) { o.removeLeadingDots = remove }
-}
-
-// ValidateLabels sets whether to check the mandatory label validation criteria
-// as defined in Section 5.4 of RFC 5891. This includes testing for correct use
-// of hyphens ('-'), normalization, validity of runes, and the context rules.
-func ValidateLabels(enable bool) Option {
-	return func(o *options) {
-		// Don't override existing mappings, but set one that at least checks
-		// normalization if it is not set.
-		if o.mapping == nil && enable {
-			o.mapping = normalize
-		}
-		o.trie = trie
-		o.validateLabels = enable
-		o.fromPuny = validateFromPunycode
-	}
-}
-
-// StrictDomainName limits the set of permissible ASCII characters to those
-// allowed in domain names as defined in RFC 1034 (A-Z, a-z, 0-9 and the
-// hyphen). This is set by default for MapForLookup and ValidateForRegistration.
-//
-// This option is useful, for instance, for browsers that allow characters
-// outside this range, for example a '_' (U+005F LOW LINE). See
-// http://www.rfc-editor.org/std/std3.txt for more details This option
-// corresponds to the UseSTD3ASCIIRules option in UTS #46.
-func StrictDomainName(use bool) Option {
-	return func(o *options) {
-		o.trie = trie
-		o.useSTD3Rules = use
-		o.fromPuny = validateFromPunycode
-	}
-}
-
-// NOTE: the following options pull in tables. The tables should not be linked
-// in as long as the options are not used.
-
-// BidiRule enables the Bidi rule as defined in RFC 5893. Any application
-// that relies on proper validation of labels should include this rule.
-func BidiRule() Option {
-	return func(o *options) { o.bidirule = bidirule.ValidString }
-}
-
-// ValidateForRegistration sets validation options to verify that a given IDN is
-// properly formatted for registration as defined by Section 4 of RFC 5891.
-func ValidateForRegistration() Option {
-	return func(o *options) {
-		o.mapping = validateRegistration
-		StrictDomainName(true)(o)
-		ValidateLabels(true)(o)
-		VerifyDNSLength(true)(o)
-		BidiRule()(o)
-	}
-}
-
-// MapForLookup sets validation and mapping options such that a given IDN is
-// transformed for domain name lookup according to the requirements set out in
-// Section 5 of RFC 5891. The mappings follow the recommendations of RFC 5894,
-// RFC 5895 and UTS 46. It does not add the Bidi Rule. Use the BidiRule option
-// to add this check.
-//
-// The mappings include normalization and mapping case, width and other
-// compatibility mappings.
-func MapForLookup() Option {
-	return func(o *options) {
-		o.mapping = validateAndMap
-		StrictDomainName(true)(o)
-		ValidateLabels(true)(o)
-	}
-}
-
-type options struct {
-	transitional      bool
-	useSTD3Rules      bool
-	validateLabels    bool
-	verifyDNSLength   bool
-	removeLeadingDots bool
-
-	trie *idnaTrie
-
-	// fromPuny calls validation rules when converting A-labels to U-labels.
-	fromPuny func(p *Profile, s string) error
-
-	// mapping implements a validation and mapping step as defined in RFC 5895
-	// or UTS 46, tailored to, for example, domain registration or lookup.
-	mapping func(p *Profile, s string) (mapped string, isBidi bool, err error)
-
-	// bidirule, if specified, checks whether s conforms to the Bidi Rule
-	// defined in RFC 5893.
-	bidirule func(s string) bool
-}
-
-// A Profile defines the configuration of an IDNA mapper.
-type Profile struct {
-	options
-}
-
-func apply(o *options, opts []Option) {
-	for _, f := range opts {
-		f(o)
-	}
-}
-
-// New creates a new Profile.
-//
-// With no options, the returned Profile is the most permissive and equals the
-// Punycode Profile. Options can be passed to further restrict the Profile. The
-// MapForLookup and ValidateForRegistration options set a collection of options,
-// for lookup and registration purposes respectively, which can be tailored by
-// adding more fine-grained options, where later options override earlier
-// options.
-func New(o ...Option) *Profile {
-	p := &Profile{}
-	apply(&p.options, o)
-	return p
-}
-
-// ToASCII converts a domain or domain label to its ASCII form. For example,
-// ToASCII("bücher.example.com") is "xn--bcher-kva.example.com", and
-// ToASCII("golang") is "golang". If an error is encountered it will return
-// an error and a (partially) processed result.
-func (p *Profile) ToASCII(s string) (string, error) {
-	return p.process(s, true)
-}
-
-// ToUnicode converts a domain or domain label to its Unicode form. For example,
-// ToUnicode("xn--bcher-kva.example.com") is "bücher.example.com", and
-// ToUnicode("golang") is "golang". If an error is encountered it will return
-// an error and a (partially) processed result.
-func (p *Profile) ToUnicode(s string) (string, error) {
-	pp := *p
-	pp.transitional = false
-	return pp.process(s, false)
-}
-
-// String reports a string with a description of the profile for debugging
-// purposes. The string format may change with different versions.
-func (p *Profile) String() string {
-	s := ""
-	if p.transitional {
-		s = "Transitional"
-	} else {
-		s = "NonTransitional"
-	}
-	if p.useSTD3Rules {
-		s += ":UseSTD3Rules"
-	}
-	if p.validateLabels {
-		s += ":ValidateLabels"
-	}
-	if p.verifyDNSLength {
-		s += ":VerifyDNSLength"
-	}
-	return s
-}
-
-var (
-	// Punycode is a Profile that does raw punycode processing with a minimum
-	// of validation.
-	Punycode *Profile = punycode
-
-	// Lookup is the recommended profile for looking up domain names, according
-	// to Section 5 of RFC 5891. The exact configuration of this profile may
-	// change over time.
-	Lookup *Profile = lookup
-
-	// Display is the recommended profile for displaying domain names.
-	// The configuration of this profile may change over time.
-	Display *Profile = display
-
-	// Registration is the recommended profile for checking whether a given
-	// IDN is valid for registration, according to Section 4 of RFC 5891.
-	Registration *Profile = registration
-
-	punycode = &Profile{}
-	lookup   = &Profile{options{
-		transitional:   true,
-		useSTD3Rules:   true,
-		validateLabels: true,
-		trie:           trie,
-		fromPuny:       validateFromPunycode,
-		mapping:        validateAndMap,
-		bidirule:       bidirule.ValidString,
-	}}
-	display = &Profile{options{
-		useSTD3Rules:   true,
-		validateLabels: true,
-		trie:           trie,
-		fromPuny:       validateFromPunycode,
-		mapping:        validateAndMap,
-		bidirule:       bidirule.ValidString,
-	}}
-	registration = &Profile{options{
-		useSTD3Rules:    true,
-		validateLabels:  true,
-		verifyDNSLength: true,
-		trie:            trie,
-		fromPuny:        validateFromPunycode,
-		mapping:         validateRegistration,
-		bidirule:        bidirule.ValidString,
-	}}
-
-	// TODO: profiles
-	// Register: recommended for approving domain names: don't do any mappings
-	// but rather reject on invalid input. Bundle or block deviation characters.
-)
-
-type labelError struct{ label, code_ string }
-
-func (e labelError) code() string { return e.code_ }
-func (e labelError) Error() string {
-	return fmt.Sprintf("idna: invalid label %q", e.label)
-}
-
-type runeError rune
-
-func (e runeError) code() string { return "P1" }
-func (e runeError) Error() string {
-	return fmt.Sprintf("idna: disallowed rune %U", e)
-}
-
-// process implements the algorithm described in section 4 of UTS #46,
-// see http://www.unicode.org/reports/tr46.
-func (p *Profile) process(s string, toASCII bool) (string, error) {
-	var err error
-	var isBidi bool
-	if p.mapping != nil {
-		s, isBidi, err = p.mapping(p, s)
-	}
-	// Remove leading empty labels.
-	if p.removeLeadingDots {
-		for ; len(s) > 0 && s[0] == '.'; s = s[1:] {
-		}
-	}
-	// TODO: allow for a quick check of the tables data.
-	// It seems like we should only create this error on ToASCII, but the
-	// UTS 46 conformance tests suggests we should always check this.
-	if err == nil && p.verifyDNSLength && s == "" {
-		err = &labelError{s, "A4"}
-	}
-	labels := labelIter{orig: s}
-	for ; !labels.done(); labels.next() {
-		label := labels.label()
-		if label == "" {
-			// Empty labels are not okay. The label iterator skips the last
-			// label if it is empty.
-			if err == nil && p.verifyDNSLength {
-				err = &labelError{s, "A4"}
-			}
-			continue
-		}
-		if strings.HasPrefix(label, acePrefix) {
-			u, err2 := decode(label[len(acePrefix):])
-			if err2 != nil {
-				if err == nil {
-					err = err2
-				}
-				// Spec says keep the old label.
-				continue
-			}
-			isBidi = isBidi || bidirule.DirectionString(u) != bidi.LeftToRight
-			labels.set(u)
-			if err == nil && p.validateLabels {
-				err = p.fromPuny(p, u)
-			}
-			if err == nil {
-				// This should be called on NonTransitional, according to the
-				// spec, but that currently does not have any effect. Use the
-				// original profile to preserve options.
-				err = p.validateLabel(u)
-			}
-		} else if err == nil {
-			err = p.validateLabel(label)
-		}
-	}
-	if isBidi && p.bidirule != nil && err == nil {
-		for labels.reset(); !labels.done(); labels.next() {
-			if !p.bidirule(labels.label()) {
-				err = &labelError{s, "B"}
-				break
-			}
-		}
-	}
-	if toASCII {
-		for labels.reset(); !labels.done(); labels.next() {
-			label := labels.label()
-			if !ascii(label) {
-				a, err2 := encode(acePrefix, label)
-				if err == nil {
-					err = err2
-				}
-				label = a
-				labels.set(a)
-			}
-			n := len(label)
-			if p.verifyDNSLength && err == nil && (n == 0 || n > 63) {
-				err = &labelError{label, "A4"}
-			}
-		}
-	}
-	s = labels.result()
-	if toASCII && p.verifyDNSLength && err == nil {
-		// Compute the length of the domain name minus the root label and its dot.
-		n := len(s)
-		if n > 0 && s[n-1] == '.' {
-			n--
-		}
-		if len(s) < 1 || n > 253 {
-			err = &labelError{s, "A4"}
-		}
-	}
-	return s, err
-}
-
-func normalize(p *Profile, s string) (mapped string, isBidi bool, err error) {
-	// TODO: consider first doing a quick check to see if any of these checks
-	// need to be done. This will make it slower in the general case, but
-	// faster in the common case.
-	mapped = norm.NFC.String(s)
-	isBidi = bidirule.DirectionString(mapped) == bidi.RightToLeft
-	return mapped, isBidi, nil
-}
-
-func validateRegistration(p *Profile, s string) (idem string, bidi bool, err error) {
-	// TODO: filter need for normalization in loop below.
-	if !norm.NFC.IsNormalString(s) {
-		return s, false, &labelError{s, "V1"}
-	}
-	for i := 0; i < len(s); {
-		v, sz := trie.lookupString(s[i:])
-		if sz == 0 {
-			return s, bidi, runeError(utf8.RuneError)
-		}
-		bidi = bidi || info(v).isBidi(s[i:])
-		// Copy bytes not copied so far.
-		switch p.simplify(info(v).category()) {
-		// TODO: handle the NV8 defined in the Unicode idna data set to allow
-		// for strict conformance to IDNA2008.
-		case valid, deviation:
-		case disallowed, mapped, unknown, ignored:
-			r, _ := utf8.DecodeRuneInString(s[i:])
-			return s, bidi, runeError(r)
-		}
-		i += sz
-	}
-	return s, bidi, nil
-}
-
-func (c info) isBidi(s string) bool {
-	if !c.isMapped() {
-		return c&attributesMask == rtl
-	}
-	// TODO: also store bidi info for mapped data. This is possible, but a bit
-	// cumbersome and not for the common case.
-	p, _ := bidi.LookupString(s)
-	switch p.Class() {
-	case bidi.R, bidi.AL, bidi.AN:
-		return true
-	}
-	return false
-}
-
-func validateAndMap(p *Profile, s string) (vm string, bidi bool, err error) {
-	var (
-		b []byte
-		k int
-	)
-	// combinedInfoBits contains the or-ed bits of all runes. We use this
-	// to derive the mayNeedNorm bit later. This may trigger normalization
-	// overeagerly, but it will not do so in the common case. The end result
-	// is another 10% saving on BenchmarkProfile for the common case.
-	var combinedInfoBits info
-	for i := 0; i < len(s); {
-		v, sz := trie.lookupString(s[i:])
-		if sz == 0 {
-			b = append(b, s[k:i]...)
-			b = append(b, "\ufffd"...)
-			k = len(s)
-			if err == nil {
-				err = runeError(utf8.RuneError)
-			}
-			break
-		}
-		combinedInfoBits |= info(v)
-		bidi = bidi || info(v).isBidi(s[i:])
-		start := i
-		i += sz
-		// Copy bytes not copied so far.
-		switch p.simplify(info(v).category()) {
-		case valid:
-			continue
-		case disallowed:
-			if err == nil {
-				r, _ := utf8.DecodeRuneInString(s[start:])
-				err = runeError(r)
-			}
-			continue
-		case mapped, deviation:
-			b = append(b, s[k:start]...)
-			b = info(v).appendMapping(b, s[start:i])
-		case ignored:
-			b = append(b, s[k:start]...)
-			// drop the rune
-		case unknown:
-			b = append(b, s[k:start]...)
-			b = append(b, "\ufffd"...)
-		}
-		k = i
-	}
-	if k == 0 {
-		// No changes so far.
-		if combinedInfoBits&mayNeedNorm != 0 {
-			s = norm.NFC.String(s)
-		}
-	} else {
-		b = append(b, s[k:]...)
-		if norm.NFC.QuickSpan(b) != len(b) {
-			b = norm.NFC.Bytes(b)
-		}
-		// TODO: the punycode converters require strings as input.
-		s = string(b)
-	}
-	return s, bidi, err
-}
-
-// A labelIter allows iterating over domain name labels.
-type labelIter struct {
-	orig     string
-	slice    []string
-	curStart int
-	curEnd   int
-	i        int
-}
-
-func (l *labelIter) reset() {
-	l.curStart = 0
-	l.curEnd = 0
-	l.i = 0
-}
-
-func (l *labelIter) done() bool {
-	return l.curStart >= len(l.orig)
-}
-
-func (l *labelIter) result() string {
-	if l.slice != nil {
-		return strings.Join(l.slice, ".")
-	}
-	return l.orig
-}
-
-func (l *labelIter) label() string {
-	if l.slice != nil {
-		return l.slice[l.i]
-	}
-	p := strings.IndexByte(l.orig[l.curStart:], '.')
-	l.curEnd = l.curStart + p
-	if p == -1 {
-		l.curEnd = len(l.orig)
-	}
-	return l.orig[l.curStart:l.curEnd]
-}
-
-// next sets the value to the next label. It skips the last label if it is empty.
-func (l *labelIter) next() {
-	l.i++
-	if l.slice != nil {
-		if l.i >= len(l.slice) || l.i == len(l.slice)-1 && l.slice[l.i] == "" {
-			l.curStart = len(l.orig)
-		}
-	} else {
-		l.curStart = l.curEnd + 1
-		if l.curStart == len(l.orig)-1 && l.orig[l.curStart] == '.' {
-			l.curStart = len(l.orig)
-		}
-	}
-}
-
-func (l *labelIter) set(s string) {
-	if l.slice == nil {
-		l.slice = strings.Split(l.orig, ".")
-	}
-	l.slice[l.i] = s
-}
-
-// acePrefix is the ASCII Compatible Encoding prefix.
-const acePrefix = "xn--"
-
-func (p *Profile) simplify(cat category) category {
-	switch cat {
-	case disallowedSTD3Mapped:
-		if p.useSTD3Rules {
-			cat = disallowed
-		} else {
-			cat = mapped
-		}
-	case disallowedSTD3Valid:
-		if p.useSTD3Rules {
-			cat = disallowed
-		} else {
-			cat = valid
-		}
-	case deviation:
-		if !p.transitional {
-			cat = valid
-		}
-	case validNV8, validXV8:
-		// TODO: handle V2008
-		cat = valid
-	}
-	return cat
-}
-
-func validateFromPunycode(p *Profile, s string) error {
-	if !norm.NFC.IsNormalString(s) {
-		return &labelError{s, "V1"}
-	}
-	// TODO: detect whether string may have to be normalized in the following
-	// loop.
-	for i := 0; i < len(s); {
-		v, sz := trie.lookupString(s[i:])
-		if sz == 0 {
-			return runeError(utf8.RuneError)
-		}
-		if c := p.simplify(info(v).category()); c != valid && c != deviation {
-			return &labelError{s, "V6"}
-		}
-		i += sz
-	}
-	return nil
-}
-
-const (
-	zwnj = "\u200c"
-	zwj  = "\u200d"
-)
-
-type joinState int8
-
-const (
-	stateStart joinState = iota
-	stateVirama
-	stateBefore
-	stateBeforeVirama
-	stateAfter
-	stateFAIL
-)
-
-var joinStates = [][numJoinTypes]joinState{
-	stateStart: {
-		joiningL:   stateBefore,
-		joiningD:   stateBefore,
-		joinZWNJ:   stateFAIL,
-		joinZWJ:    stateFAIL,
-		joinVirama: stateVirama,
-	},
-	stateVirama: {
-		joiningL: stateBefore,
-		joiningD: stateBefore,
-	},
-	stateBefore: {
-		joiningL:   stateBefore,
-		joiningD:   stateBefore,
-		joiningT:   stateBefore,
-		joinZWNJ:   stateAfter,
-		joinZWJ:    stateFAIL,
-		joinVirama: stateBeforeVirama,
-	},
-	stateBeforeVirama: {
-		joiningL: stateBefore,
-		joiningD: stateBefore,
-		joiningT: stateBefore,
-	},
-	stateAfter: {
-		joiningL:   stateFAIL,
-		joiningD:   stateBefore,
-		joiningT:   stateAfter,
-		joiningR:   stateStart,
-		joinZWNJ:   stateFAIL,
-		joinZWJ:    stateFAIL,
-		joinVirama: stateAfter, // no-op as we can't accept joiners here
-	},
-	stateFAIL: {
-		0:          stateFAIL,
-		joiningL:   stateFAIL,
-		joiningD:   stateFAIL,
-		joiningT:   stateFAIL,
-		joiningR:   stateFAIL,
-		joinZWNJ:   stateFAIL,
-		joinZWJ:    stateFAIL,
-		joinVirama: stateFAIL,
-	},
-}
-
-// validateLabel validates the criteria from Section 4.1. Item 1, 4, and 6 are
-// already implicitly satisfied by the overall implementation.
-func (p *Profile) validateLabel(s string) (err error) {
-	if s == "" {
-		if p.verifyDNSLength {
-			return &labelError{s, "A4"}
-		}
-		return nil
-	}
-	if !p.validateLabels {
-		return nil
-	}
-	trie := p.trie // p.validateLabels is only set if trie is set.
-	if len(s) > 4 && s[2] == '-' && s[3] == '-' {
-		return &labelError{s, "V2"}
-	}
-	if s[0] == '-' || s[len(s)-1] == '-' {
-		return &labelError{s, "V3"}
-	}
-	// TODO: merge the use of this in the trie.
-	v, sz := trie.lookupString(s)
-	x := info(v)
-	if x.isModifier() {
-		return &labelError{s, "V5"}
-	}
-	// Quickly return in the absence of zero-width (non) joiners.
-	if strings.Index(s, zwj) == -1 && strings.Index(s, zwnj) == -1 {
-		return nil
-	}
-	st := stateStart
-	for i := 0; ; {
-		jt := x.joinType()
-		if s[i:i+sz] == zwj {
-			jt = joinZWJ
-		} else if s[i:i+sz] == zwnj {
-			jt = joinZWNJ
-		}
-		st = joinStates[st][jt]
-		if x.isViramaModifier() {
-			st = joinStates[st][joinVirama]
-		}
-		if i += sz; i == len(s) {
-			break
-		}
-		v, sz = trie.lookupString(s[i:])
-		x = info(v)
-	}
-	if st == stateFAIL || st == stateAfter {
-		return &labelError{s, "C"}
-	}
-	return nil
-}
-
-func ascii(s string) bool {
-	for i := 0; i < len(s); i++ {
-		if s[i] >= utf8.RuneSelf {
-			return false
-		}
-	}
-	return true
-}
diff --git a/vendor/golang.org/x/net/idna/idna10.0.0.go b/vendor/golang.org/x/net/idna/idna10.0.0.go
new file mode 100644
index 0000000000000..7e69ee1b22edb
--- /dev/null
+++ b/vendor/golang.org/x/net/idna/idna10.0.0.go
@@ -0,0 +1,735 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.10
+// +build go1.10
+
+// Package idna implements IDNA2008 using the compatibility processing
+// defined by UTS (Unicode Technical Standard) #46, which defines a standard to
+// deal with the transition from IDNA2003.
+//
+// IDNA2008 (Internationalized Domain Names for Applications), is defined in RFC
+// 5890, RFC 5891, RFC 5892, RFC 5893 and RFC 5894.
+// UTS #46 is defined in https://www.unicode.org/reports/tr46.
+// See https://unicode.org/cldr/utility/idna.jsp for a visualization of the
+// differences between these two standards.
+package idna // import "golang.org/x/net/idna"
+
+import (
+	"fmt"
+	"strings"
+	"unicode/utf8"
+
+	"golang.org/x/text/secure/bidirule"
+	"golang.org/x/text/unicode/bidi"
+	"golang.org/x/text/unicode/norm"
+)
+
+// NOTE: Unlike common practice in Go APIs, the functions will return a
+// sanitized domain name in case of errors. Browsers sometimes use a partially
+// evaluated string as lookup.
+// TODO: the current error handling is, in my opinion, the least opinionated.
+// Other strategies are also viable, though:
+// Option 1) Return an empty string in case of error, but allow the user to
+//    specify explicitly which errors to ignore.
+// Option 2) Return the partially evaluated string if it is itself a valid
+//    string, otherwise return the empty string in case of error.
+// Option 3) Option 1 and 2.
+// Option 4) Always return an empty string for now and implement Option 1 as
+//    needed, and document that the return string may not be empty in case of
+//    error in the future.
+// I think Option 1 is best, but it is quite opinionated.
+
+// ToASCII is a wrapper for Punycode.ToASCII.
+func ToASCII(s string) (string, error) {
+	return Punycode.process(s, true)
+}
+
+// ToUnicode is a wrapper for Punycode.ToUnicode.
+func ToUnicode(s string) (string, error) {
+	return Punycode.process(s, false)
+}
+
+// An Option configures a Profile at creation time.
+type Option func(*options)
+
+// Transitional sets a Profile to use the Transitional mapping as defined in UTS
+// #46. This will cause, for example, "ß" to be mapped to "ss". Using the
+// transitional mapping provides a compromise between IDNA2003 and IDNA2008
+// compatibility. It is used by most browsers when resolving domain names. This
+// option is only meaningful if combined with MapForLookup.
+func Transitional(transitional bool) Option {
+	return func(o *options) { o.transitional = true }
+}
+
+// VerifyDNSLength sets whether a Profile should fail if any of the IDN parts
+// are longer than allowed by the RFC.
+func VerifyDNSLength(verify bool) Option {
+	return func(o *options) { o.verifyDNSLength = verify }
+}
+
+// RemoveLeadingDots removes leading label separators. Leading runes that map to
+// dots, such as U+3002 IDEOGRAPHIC FULL STOP, are removed as well.
+//
+// This is the behavior suggested by the UTS #46 and is adopted by some
+// browsers.
+func RemoveLeadingDots(remove bool) Option {
+	return func(o *options) { o.removeLeadingDots = remove }
+}
+
+// ValidateLabels sets whether to check the mandatory label validation criteria
+// as defined in Section 5.4 of RFC 5891. This includes testing for correct use
+// of hyphens ('-'), normalization, validity of runes, and the context rules.
+func ValidateLabels(enable bool) Option {
+	return func(o *options) {
+		// Don't override existing mappings, but set one that at least checks
+		// normalization if it is not set.
+		if o.mapping == nil && enable {
+			o.mapping = normalize
+		}
+		o.trie = trie
+		o.validateLabels = enable
+		o.fromPuny = validateFromPunycode
+	}
+}
+
+// StrictDomainName limits the set of permissible ASCII characters to those
+// allowed in domain names as defined in RFC 1034 (A-Z, a-z, 0-9 and the
+// hyphen). This is set by default for MapForLookup and ValidateForRegistration.
+//
+// This option is useful, for instance, for browsers that allow characters
+// outside this range, for example a '_' (U+005F LOW LINE). See
+// http://www.rfc-editor.org/std/std3.txt for more details This option
+// corresponds to the UseSTD3ASCIIRules option in UTS #46.
+func StrictDomainName(use bool) Option {
+	return func(o *options) {
+		o.trie = trie
+		o.useSTD3Rules = use
+		o.fromPuny = validateFromPunycode
+	}
+}
+
+// NOTE: the following options pull in tables. The tables should not be linked
+// in as long as the options are not used.
+
+// BidiRule enables the Bidi rule as defined in RFC 5893. Any application
+// that relies on proper validation of labels should include this rule.
+func BidiRule() Option {
+	return func(o *options) { o.bidirule = bidirule.ValidString }
+}
+
+// ValidateForRegistration sets validation options to verify that a given IDN is
+// properly formatted for registration as defined by Section 4 of RFC 5891.
+func ValidateForRegistration() Option {
+	return func(o *options) {
+		o.mapping = validateRegistration
+		StrictDomainName(true)(o)
+		ValidateLabels(true)(o)
+		VerifyDNSLength(true)(o)
+		BidiRule()(o)
+	}
+}
+
+// MapForLookup sets validation and mapping options such that a given IDN is
+// transformed for domain name lookup according to the requirements set out in
+// Section 5 of RFC 5891. The mappings follow the recommendations of RFC 5894,
+// RFC 5895 and UTS 46. It does not add the Bidi Rule. Use the BidiRule option
+// to add this check.
+//
+// The mappings include normalization and mapping case, width and other
+// compatibility mappings.
+func MapForLookup() Option {
+	return func(o *options) {
+		o.mapping = validateAndMap
+		StrictDomainName(true)(o)
+		ValidateLabels(true)(o)
+	}
+}
+
+type options struct {
+	transitional      bool
+	useSTD3Rules      bool
+	validateLabels    bool
+	verifyDNSLength   bool
+	removeLeadingDots bool
+
+	trie *idnaTrie
+
+	// fromPuny calls validation rules when converting A-labels to U-labels.
+	fromPuny func(p *Profile, s string) error
+
+	// mapping implements a validation and mapping step as defined in RFC 5895
+	// or UTS 46, tailored to, for example, domain registration or lookup.
+	mapping func(p *Profile, s string) (mapped string, isBidi bool, err error)
+
+	// bidirule, if specified, checks whether s conforms to the Bidi Rule
+	// defined in RFC 5893.
+	bidirule func(s string) bool
+}
+
+// A Profile defines the configuration of an IDNA mapper.
+type Profile struct {
+	options
+}
+
+func apply(o *options, opts []Option) {
+	for _, f := range opts {
+		f(o)
+	}
+}
+
+// New creates a new Profile.
+//
+// With no options, the returned Profile is the most permissive and equals the
+// Punycode Profile. Options can be passed to further restrict the Profile. The
+// MapForLookup and ValidateForRegistration options set a collection of options,
+// for lookup and registration purposes respectively, which can be tailored by
+// adding more fine-grained options, where later options override earlier
+// options.
+func New(o ...Option) *Profile {
+	p := &Profile{}
+	apply(&p.options, o)
+	return p
+}
+
+// ToASCII converts a domain or domain label to its ASCII form. For example,
+// ToASCII("bücher.example.com") is "xn--bcher-kva.example.com", and
+// ToASCII("golang") is "golang". If an error is encountered it will return
+// an error and a (partially) processed result.
+func (p *Profile) ToASCII(s string) (string, error) {
+	return p.process(s, true)
+}
+
+// ToUnicode converts a domain or domain label to its Unicode form. For example,
+// ToUnicode("xn--bcher-kva.example.com") is "bücher.example.com", and
+// ToUnicode("golang") is "golang". If an error is encountered it will return
+// an error and a (partially) processed result.
+func (p *Profile) ToUnicode(s string) (string, error) {
+	pp := *p
+	pp.transitional = false
+	return pp.process(s, false)
+}
+
+// String reports a string with a description of the profile for debugging
+// purposes. The string format may change with different versions.
+func (p *Profile) String() string {
+	s := ""
+	if p.transitional {
+		s = "Transitional"
+	} else {
+		s = "NonTransitional"
+	}
+	if p.useSTD3Rules {
+		s += ":UseSTD3Rules"
+	}
+	if p.validateLabels {
+		s += ":ValidateLabels"
+	}
+	if p.verifyDNSLength {
+		s += ":VerifyDNSLength"
+	}
+	return s
+}
+
+var (
+	// Punycode is a Profile that does raw punycode processing with a minimum
+	// of validation.
+	Punycode *Profile = punycode
+
+	// Lookup is the recommended profile for looking up domain names, according
+	// to Section 5 of RFC 5891. The exact configuration of this profile may
+	// change over time.
+	Lookup *Profile = lookup
+
+	// Display is the recommended profile for displaying domain names.
+	// The configuration of this profile may change over time.
+	Display *Profile = display
+
+	// Registration is the recommended profile for checking whether a given
+	// IDN is valid for registration, according to Section 4 of RFC 5891.
+	Registration *Profile = registration
+
+	punycode = &Profile{}
+	lookup   = &Profile{options{
+		transitional:   true,
+		useSTD3Rules:   true,
+		validateLabels: true,
+		trie:           trie,
+		fromPuny:       validateFromPunycode,
+		mapping:        validateAndMap,
+		bidirule:       bidirule.ValidString,
+	}}
+	display = &Profile{options{
+		useSTD3Rules:   true,
+		validateLabels: true,
+		trie:           trie,
+		fromPuny:       validateFromPunycode,
+		mapping:        validateAndMap,
+		bidirule:       bidirule.ValidString,
+	}}
+	registration = &Profile{options{
+		useSTD3Rules:    true,
+		validateLabels:  true,
+		verifyDNSLength: true,
+		trie:            trie,
+		fromPuny:        validateFromPunycode,
+		mapping:         validateRegistration,
+		bidirule:        bidirule.ValidString,
+	}}
+
+	// TODO: profiles
+	// Register: recommended for approving domain names: don't do any mappings
+	// but rather reject on invalid input. Bundle or block deviation characters.
+)
+
+type labelError struct{ label, code_ string }
+
+func (e labelError) code() string { return e.code_ }
+func (e labelError) Error() string {
+	return fmt.Sprintf("idna: invalid label %q", e.label)
+}
+
+type runeError rune
+
+func (e runeError) code() string { return "P1" }
+func (e runeError) Error() string {
+	return fmt.Sprintf("idna: disallowed rune %U", e)
+}
+
+// process implements the algorithm described in section 4 of UTS #46,
+// see https://www.unicode.org/reports/tr46.
+func (p *Profile) process(s string, toASCII bool) (string, error) {
+	var err error
+	var isBidi bool
+	if p.mapping != nil {
+		s, isBidi, err = p.mapping(p, s)
+	}
+	// Remove leading empty labels.
+	if p.removeLeadingDots {
+		for ; len(s) > 0 && s[0] == '.'; s = s[1:] {
+		}
+	}
+	// TODO: allow for a quick check of the tables data.
+	// It seems like we should only create this error on ToASCII, but the
+	// UTS 46 conformance tests suggests we should always check this.
+	if err == nil && p.verifyDNSLength && s == "" {
+		err = &labelError{s, "A4"}
+	}
+	labels := labelIter{orig: s}
+	for ; !labels.done(); labels.next() {
+		label := labels.label()
+		if label == "" {
+			// Empty labels are not okay. The label iterator skips the last
+			// label if it is empty.
+			if err == nil && p.verifyDNSLength {
+				err = &labelError{s, "A4"}
+			}
+			continue
+		}
+		if strings.HasPrefix(label, acePrefix) {
+			u, err2 := decode(label[len(acePrefix):])
+			if err2 != nil {
+				if err == nil {
+					err = err2
+				}
+				// Spec says keep the old label.
+				continue
+			}
+			isBidi = isBidi || bidirule.DirectionString(u) != bidi.LeftToRight
+			labels.set(u)
+			if err == nil && p.validateLabels {
+				err = p.fromPuny(p, u)
+			}
+			if err == nil {
+				// This should be called on NonTransitional, according to the
+				// spec, but that currently does not have any effect. Use the
+				// original profile to preserve options.
+				err = p.validateLabel(u)
+			}
+		} else if err == nil {
+			err = p.validateLabel(label)
+		}
+	}
+	if isBidi && p.bidirule != nil && err == nil {
+		for labels.reset(); !labels.done(); labels.next() {
+			if !p.bidirule(labels.label()) {
+				err = &labelError{s, "B"}
+				break
+			}
+		}
+	}
+	if toASCII {
+		for labels.reset(); !labels.done(); labels.next() {
+			label := labels.label()
+			if !ascii(label) {
+				a, err2 := encode(acePrefix, label)
+				if err == nil {
+					err = err2
+				}
+				label = a
+				labels.set(a)
+			}
+			n := len(label)
+			if p.verifyDNSLength && err == nil && (n == 0 || n > 63) {
+				err = &labelError{label, "A4"}
+			}
+		}
+	}
+	s = labels.result()
+	if toASCII && p.verifyDNSLength && err == nil {
+		// Compute the length of the domain name minus the root label and its dot.
+		n := len(s)
+		if n > 0 && s[n-1] == '.' {
+			n--
+		}
+		if len(s) < 1 || n > 253 {
+			err = &labelError{s, "A4"}
+		}
+	}
+	return s, err
+}
+
+func normalize(p *Profile, s string) (mapped string, isBidi bool, err error) {
+	// TODO: consider first doing a quick check to see if any of these checks
+	// need to be done. This will make it slower in the general case, but
+	// faster in the common case.
+	mapped = norm.NFC.String(s)
+	isBidi = bidirule.DirectionString(mapped) == bidi.RightToLeft
+	return mapped, isBidi, nil
+}
+
+func validateRegistration(p *Profile, s string) (idem string, bidi bool, err error) {
+	// TODO: filter need for normalization in loop below.
+	if !norm.NFC.IsNormalString(s) {
+		return s, false, &labelError{s, "V1"}
+	}
+	for i := 0; i < len(s); {
+		v, sz := trie.lookupString(s[i:])
+		if sz == 0 {
+			return s, bidi, runeError(utf8.RuneError)
+		}
+		bidi = bidi || info(v).isBidi(s[i:])
+		// Copy bytes not copied so far.
+		switch p.simplify(info(v).category()) {
+		// TODO: handle the NV8 defined in the Unicode idna data set to allow
+		// for strict conformance to IDNA2008.
+		case valid, deviation:
+		case disallowed, mapped, unknown, ignored:
+			r, _ := utf8.DecodeRuneInString(s[i:])
+			return s, bidi, runeError(r)
+		}
+		i += sz
+	}
+	return s, bidi, nil
+}
+
+func (c info) isBidi(s string) bool {
+	if !c.isMapped() {
+		return c&attributesMask == rtl
+	}
+	// TODO: also store bidi info for mapped data. This is possible, but a bit
+	// cumbersome and not for the common case.
+	p, _ := bidi.LookupString(s)
+	switch p.Class() {
+	case bidi.R, bidi.AL, bidi.AN:
+		return true
+	}
+	return false
+}
+
+func validateAndMap(p *Profile, s string) (vm string, bidi bool, err error) {
+	var (
+		b []byte
+		k int
+	)
+	// combinedInfoBits contains the or-ed bits of all runes. We use this
+	// to derive the mayNeedNorm bit later. This may trigger normalization
+	// overeagerly, but it will not do so in the common case. The end result
+	// is another 10% saving on BenchmarkProfile for the common case.
+	var combinedInfoBits info
+	for i := 0; i < len(s); {
+		v, sz := trie.lookupString(s[i:])
+		if sz == 0 {
+			b = append(b, s[k:i]...)
+			b = append(b, "\ufffd"...)
+			k = len(s)
+			if err == nil {
+				err = runeError(utf8.RuneError)
+			}
+			break
+		}
+		combinedInfoBits |= info(v)
+		bidi = bidi || info(v).isBidi(s[i:])
+		start := i
+		i += sz
+		// Copy bytes not copied so far.
+		switch p.simplify(info(v).category()) {
+		case valid:
+			continue
+		case disallowed:
+			if err == nil {
+				r, _ := utf8.DecodeRuneInString(s[start:])
+				err = runeError(r)
+			}
+			continue
+		case mapped, deviation:
+			b = append(b, s[k:start]...)
+			b = info(v).appendMapping(b, s[start:i])
+		case ignored:
+			b = append(b, s[k:start]...)
+			// drop the rune
+		case unknown:
+			b = append(b, s[k:start]...)
+			b = append(b, "\ufffd"...)
+		}
+		k = i
+	}
+	if k == 0 {
+		// No changes so far.
+		if combinedInfoBits&mayNeedNorm != 0 {
+			s = norm.NFC.String(s)
+		}
+	} else {
+		b = append(b, s[k:]...)
+		if norm.NFC.QuickSpan(b) != len(b) {
+			b = norm.NFC.Bytes(b)
+		}
+		// TODO: the punycode converters require strings as input.
+		s = string(b)
+	}
+	return s, bidi, err
+}
+
+// A labelIter allows iterating over domain name labels.
+type labelIter struct {
+	orig     string
+	slice    []string
+	curStart int
+	curEnd   int
+	i        int
+}
+
+func (l *labelIter) reset() {
+	l.curStart = 0
+	l.curEnd = 0
+	l.i = 0
+}
+
+func (l *labelIter) done() bool {
+	return l.curStart >= len(l.orig)
+}
+
+func (l *labelIter) result() string {
+	if l.slice != nil {
+		return strings.Join(l.slice, ".")
+	}
+	return l.orig
+}
+
+func (l *labelIter) label() string {
+	if l.slice != nil {
+		return l.slice[l.i]
+	}
+	p := strings.IndexByte(l.orig[l.curStart:], '.')
+	l.curEnd = l.curStart + p
+	if p == -1 {
+		l.curEnd = len(l.orig)
+	}
+	return l.orig[l.curStart:l.curEnd]
+}
+
+// next sets the value to the next label. It skips the last label if it is empty.
+func (l *labelIter) next() {
+	l.i++
+	if l.slice != nil {
+		if l.i >= len(l.slice) || l.i == len(l.slice)-1 && l.slice[l.i] == "" {
+			l.curStart = len(l.orig)
+		}
+	} else {
+		l.curStart = l.curEnd + 1
+		if l.curStart == len(l.orig)-1 && l.orig[l.curStart] == '.' {
+			l.curStart = len(l.orig)
+		}
+	}
+}
+
+func (l *labelIter) set(s string) {
+	if l.slice == nil {
+		l.slice = strings.Split(l.orig, ".")
+	}
+	l.slice[l.i] = s
+}
+
+// acePrefix is the ASCII Compatible Encoding prefix.
+const acePrefix = "xn--"
+
+func (p *Profile) simplify(cat category) category {
+	switch cat {
+	case disallowedSTD3Mapped:
+		if p.useSTD3Rules {
+			cat = disallowed
+		} else {
+			cat = mapped
+		}
+	case disallowedSTD3Valid:
+		if p.useSTD3Rules {
+			cat = disallowed
+		} else {
+			cat = valid
+		}
+	case deviation:
+		if !p.transitional {
+			cat = valid
+		}
+	case validNV8, validXV8:
+		// TODO: handle V2008
+		cat = valid
+	}
+	return cat
+}
+
+func validateFromPunycode(p *Profile, s string) error {
+	if !norm.NFC.IsNormalString(s) {
+		return &labelError{s, "V1"}
+	}
+	// TODO: detect whether string may have to be normalized in the following
+	// loop.
+	for i := 0; i < len(s); {
+		v, sz := trie.lookupString(s[i:])
+		if sz == 0 {
+			return runeError(utf8.RuneError)
+		}
+		if c := p.simplify(info(v).category()); c != valid && c != deviation {
+			return &labelError{s, "V6"}
+		}
+		i += sz
+	}
+	return nil
+}
+
+const (
+	zwnj = "\u200c"
+	zwj  = "\u200d"
+)
+
+type joinState int8
+
+const (
+	stateStart joinState = iota
+	stateVirama
+	stateBefore
+	stateBeforeVirama
+	stateAfter
+	stateFAIL
+)
+
+var joinStates = [][numJoinTypes]joinState{
+	stateStart: {
+		joiningL:   stateBefore,
+		joiningD:   stateBefore,
+		joinZWNJ:   stateFAIL,
+		joinZWJ:    stateFAIL,
+		joinVirama: stateVirama,
+	},
+	stateVirama: {
+		joiningL: stateBefore,
+		joiningD: stateBefore,
+	},
+	stateBefore: {
+		joiningL:   stateBefore,
+		joiningD:   stateBefore,
+		joiningT:   stateBefore,
+		joinZWNJ:   stateAfter,
+		joinZWJ:    stateFAIL,
+		joinVirama: stateBeforeVirama,
+	},
+	stateBeforeVirama: {
+		joiningL: stateBefore,
+		joiningD: stateBefore,
+		joiningT: stateBefore,
+	},
+	stateAfter: {
+		joiningL:   stateFAIL,
+		joiningD:   stateBefore,
+		joiningT:   stateAfter,
+		joiningR:   stateStart,
+		joinZWNJ:   stateFAIL,
+		joinZWJ:    stateFAIL,
+		joinVirama: stateAfter, // no-op as we can't accept joiners here
+	},
+	stateFAIL: {
+		0:          stateFAIL,
+		joiningL:   stateFAIL,
+		joiningD:   stateFAIL,
+		joiningT:   stateFAIL,
+		joiningR:   stateFAIL,
+		joinZWNJ:   stateFAIL,
+		joinZWJ:    stateFAIL,
+		joinVirama: stateFAIL,
+	},
+}
+
+// validateLabel validates the criteria from Section 4.1. Item 1, 4, and 6 are
+// already implicitly satisfied by the overall implementation.
+func (p *Profile) validateLabel(s string) (err error) {
+	if s == "" {
+		if p.verifyDNSLength {
+			return &labelError{s, "A4"}
+		}
+		return nil
+	}
+	if !p.validateLabels {
+		return nil
+	}
+	trie := p.trie // p.validateLabels is only set if trie is set.
+	if len(s) > 4 && s[2] == '-' && s[3] == '-' {
+		return &labelError{s, "V2"}
+	}
+	if s[0] == '-' || s[len(s)-1] == '-' {
+		return &labelError{s, "V3"}
+	}
+	// TODO: merge the use of this in the trie.
+	v, sz := trie.lookupString(s)
+	x := info(v)
+	if x.isModifier() {
+		return &labelError{s, "V5"}
+	}
+	// Quickly return in the absence of zero-width (non) joiners.
+	if strings.Index(s, zwj) == -1 && strings.Index(s, zwnj) == -1 {
+		return nil
+	}
+	st := stateStart
+	for i := 0; ; {
+		jt := x.joinType()
+		if s[i:i+sz] == zwj {
+			jt = joinZWJ
+		} else if s[i:i+sz] == zwnj {
+			jt = joinZWNJ
+		}
+		st = joinStates[st][jt]
+		if x.isViramaModifier() {
+			st = joinStates[st][joinVirama]
+		}
+		if i += sz; i == len(s) {
+			break
+		}
+		v, sz = trie.lookupString(s[i:])
+		x = info(v)
+	}
+	if st == stateFAIL || st == stateAfter {
+		return &labelError{s, "C"}
+	}
+	return nil
+}
+
+func ascii(s string) bool {
+	for i := 0; i < len(s); i++ {
+		if s[i] >= utf8.RuneSelf {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/golang.org/x/net/idna/idna9.0.0.go b/vendor/golang.org/x/net/idna/idna9.0.0.go
new file mode 100644
index 0000000000000..7c7456374c132
--- /dev/null
+++ b/vendor/golang.org/x/net/idna/idna9.0.0.go
@@ -0,0 +1,683 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.10
+// +build !go1.10
+
+// Package idna implements IDNA2008 using the compatibility processing
+// defined by UTS (Unicode Technical Standard) #46, which defines a standard to
+// deal with the transition from IDNA2003.
+//
+// IDNA2008 (Internationalized Domain Names for Applications), is defined in RFC
+// 5890, RFC 5891, RFC 5892, RFC 5893 and RFC 5894.
+// UTS #46 is defined in https://www.unicode.org/reports/tr46.
+// See https://unicode.org/cldr/utility/idna.jsp for a visualization of the
+// differences between these two standards.
+package idna // import "golang.org/x/net/idna"
+
+import (
+	"fmt"
+	"strings"
+	"unicode/utf8"
+
+	"golang.org/x/text/secure/bidirule"
+	"golang.org/x/text/unicode/norm"
+)
+
+// NOTE: Unlike common practice in Go APIs, the functions will return a
+// sanitized domain name in case of errors. Browsers sometimes use a partially
+// evaluated string as lookup.
+// TODO: the current error handling is, in my opinion, the least opinionated.
+// Other strategies are also viable, though:
+// Option 1) Return an empty string in case of error, but allow the user to
+//    specify explicitly which errors to ignore.
+// Option 2) Return the partially evaluated string if it is itself a valid
+//    string, otherwise return the empty string in case of error.
+// Option 3) Option 1 and 2.
+// Option 4) Always return an empty string for now and implement Option 1 as
+//    needed, and document that the return string may not be empty in case of
+//    error in the future.
+// I think Option 1 is best, but it is quite opinionated.
+
+// ToASCII is a wrapper for Punycode.ToASCII.
+func ToASCII(s string) (string, error) {
+	return Punycode.process(s, true)
+}
+
+// ToUnicode is a wrapper for Punycode.ToUnicode.
+func ToUnicode(s string) (string, error) {
+	return Punycode.process(s, false)
+}
+
+// An Option configures a Profile at creation time.
+type Option func(*options)
+
+// Transitional sets a Profile to use the Transitional mapping as defined in UTS
+// #46. This will cause, for example, "ß" to be mapped to "ss". Using the
+// transitional mapping provides a compromise between IDNA2003 and IDNA2008
+// compatibility. It is used by most browsers when resolving domain names. This
+// option is only meaningful if combined with MapForLookup.
+func Transitional(transitional bool) Option {
+	return func(o *options) { o.transitional = true }
+}
+
+// VerifyDNSLength sets whether a Profile should fail if any of the IDN parts
+// are longer than allowed by the RFC.
+func VerifyDNSLength(verify bool) Option {
+	return func(o *options) { o.verifyDNSLength = verify }
+}
+
+// RemoveLeadingDots removes leading label separators. Leading runes that map to
+// dots, such as U+3002 IDEOGRAPHIC FULL STOP, are removed as well.
+//
+// This is the behavior suggested by the UTS #46 and is adopted by some
+// browsers.
+func RemoveLeadingDots(remove bool) Option {
+	return func(o *options) { o.removeLeadingDots = remove }
+}
+
+// ValidateLabels sets whether to check the mandatory label validation criteria
+// as defined in Section 5.4 of RFC 5891. This includes testing for correct use
+// of hyphens ('-'), normalization, validity of runes, and the context rules.
+func ValidateLabels(enable bool) Option {
+	return func(o *options) {
+		// Don't override existing mappings, but set one that at least checks
+		// normalization if it is not set.
+		if o.mapping == nil && enable {
+			o.mapping = normalize
+		}
+		o.trie = trie
+		o.validateLabels = enable
+		o.fromPuny = validateFromPunycode
+	}
+}
+
+// StrictDomainName limits the set of permissable ASCII characters to those
+// allowed in domain names as defined in RFC 1034 (A-Z, a-z, 0-9 and the
+// hyphen). This is set by default for MapForLookup and ValidateForRegistration.
+//
+// This option is useful, for instance, for browsers that allow characters
+// outside this range, for example a '_' (U+005F LOW LINE). See
+// http://www.rfc-editor.org/std/std3.txt for more details This option
+// corresponds to the UseSTD3ASCIIRules option in UTS #46.
+func StrictDomainName(use bool) Option {
+	return func(o *options) {
+		o.trie = trie
+		o.useSTD3Rules = use
+		o.fromPuny = validateFromPunycode
+	}
+}
+
+// NOTE: the following options pull in tables. The tables should not be linked
+// in as long as the options are not used.
+
+// BidiRule enables the Bidi rule as defined in RFC 5893. Any application
+// that relies on proper validation of labels should include this rule.
+func BidiRule() Option {
+	return func(o *options) { o.bidirule = bidirule.ValidString }
+}
+
+// ValidateForRegistration sets validation options to verify that a given IDN is
+// properly formatted for registration as defined by Section 4 of RFC 5891.
+func ValidateForRegistration() Option {
+	return func(o *options) {
+		o.mapping = validateRegistration
+		StrictDomainName(true)(o)
+		ValidateLabels(true)(o)
+		VerifyDNSLength(true)(o)
+		BidiRule()(o)
+	}
+}
+
+// MapForLookup sets validation and mapping options such that a given IDN is
+// transformed for domain name lookup according to the requirements set out in
+// Section 5 of RFC 5891. The mappings follow the recommendations of RFC 5894,
+// RFC 5895 and UTS 46. It does not add the Bidi Rule. Use the BidiRule option
+// to add this check.
+//
+// The mappings include normalization and mapping case, width and other
+// compatibility mappings.
+func MapForLookup() Option {
+	return func(o *options) {
+		o.mapping = validateAndMap
+		StrictDomainName(true)(o)
+		ValidateLabels(true)(o)
+		RemoveLeadingDots(true)(o)
+	}
+}
+
+type options struct {
+	transitional      bool
+	useSTD3Rules      bool
+	validateLabels    bool
+	verifyDNSLength   bool
+	removeLeadingDots bool
+
+	trie *idnaTrie
+
+	// fromPuny calls validation rules when converting A-labels to U-labels.
+	fromPuny func(p *Profile, s string) error
+
+	// mapping implements a validation and mapping step as defined in RFC 5895
+	// or UTS 46, tailored to, for example, domain registration or lookup.
+	mapping func(p *Profile, s string) (string, error)
+
+	// bidirule, if specified, checks whether s conforms to the Bidi Rule
+	// defined in RFC 5893.
+	bidirule func(s string) bool
+}
+
+// A Profile defines the configuration of a IDNA mapper.
+type Profile struct {
+	options
+}
+
+func apply(o *options, opts []Option) {
+	for _, f := range opts {
+		f(o)
+	}
+}
+
+// New creates a new Profile.
+//
+// With no options, the returned Profile is the most permissive and equals the
+// Punycode Profile. Options can be passed to further restrict the Profile. The
+// MapForLookup and ValidateForRegistration options set a collection of options,
+// for lookup and registration purposes respectively, which can be tailored by
+// adding more fine-grained options, where later options override earlier
+// options.
+func New(o ...Option) *Profile {
+	p := &Profile{}
+	apply(&p.options, o)
+	return p
+}
+
+// ToASCII converts a domain or domain label to its ASCII form. For example,
+// ToASCII("bücher.example.com") is "xn--bcher-kva.example.com", and
+// ToASCII("golang") is "golang". If an error is encountered it will return
+// an error and a (partially) processed result.
+func (p *Profile) ToASCII(s string) (string, error) {
+	return p.process(s, true)
+}
+
+// ToUnicode converts a domain or domain label to its Unicode form. For example,
+// ToUnicode("xn--bcher-kva.example.com") is "bücher.example.com", and
+// ToUnicode("golang") is "golang". If an error is encountered it will return
+// an error and a (partially) processed result.
+func (p *Profile) ToUnicode(s string) (string, error) {
+	pp := *p
+	pp.transitional = false
+	return pp.process(s, false)
+}
+
+// String reports a string with a description of the profile for debugging
+// purposes. The string format may change with different versions.
+func (p *Profile) String() string {
+	s := ""
+	if p.transitional {
+		s = "Transitional"
+	} else {
+		s = "NonTransitional"
+	}
+	if p.useSTD3Rules {
+		s += ":UseSTD3Rules"
+	}
+	if p.validateLabels {
+		s += ":ValidateLabels"
+	}
+	if p.verifyDNSLength {
+		s += ":VerifyDNSLength"
+	}
+	return s
+}
+
+var (
+	// Punycode is a Profile that does raw punycode processing with a minimum
+	// of validation.
+	Punycode *Profile = punycode
+
+	// Lookup is the recommended profile for looking up domain names, according
+	// to Section 5 of RFC 5891. The exact configuration of this profile may
+	// change over time.
+	Lookup *Profile = lookup
+
+	// Display is the recommended profile for displaying domain names.
+	// The configuration of this profile may change over time.
+	Display *Profile = display
+
+	// Registration is the recommended profile for checking whether a given
+	// IDN is valid for registration, according to Section 4 of RFC 5891.
+	Registration *Profile = registration
+
+	punycode = &Profile{}
+	lookup   = &Profile{options{
+		transitional:      true,
+		useSTD3Rules:      true,
+		validateLabels:    true,
+		removeLeadingDots: true,
+		trie:              trie,
+		fromPuny:          validateFromPunycode,
+		mapping:           validateAndMap,
+		bidirule:          bidirule.ValidString,
+	}}
+	display = &Profile{options{
+		useSTD3Rules:      true,
+		validateLabels:    true,
+		removeLeadingDots: true,
+		trie:              trie,
+		fromPuny:          validateFromPunycode,
+		mapping:           validateAndMap,
+		bidirule:          bidirule.ValidString,
+	}}
+	registration = &Profile{options{
+		useSTD3Rules:    true,
+		validateLabels:  true,
+		verifyDNSLength: true,
+		trie:            trie,
+		fromPuny:        validateFromPunycode,
+		mapping:         validateRegistration,
+		bidirule:        bidirule.ValidString,
+	}}
+
+	// TODO: profiles
+	// Register: recommended for approving domain names: don't do any mappings
+	// but rather reject on invalid input. Bundle or block deviation characters.
+)
+
+type labelError struct{ label, code_ string }
+
+func (e labelError) code() string { return e.code_ }
+func (e labelError) Error() string {
+	return fmt.Sprintf("idna: invalid label %q", e.label)
+}
+
+type runeError rune
+
+func (e runeError) code() string { return "P1" }
+func (e runeError) Error() string {
+	return fmt.Sprintf("idna: disallowed rune %U", e)
+}
+
+// process implements the algorithm described in section 4 of UTS #46,
+// see https://www.unicode.org/reports/tr46.
+func (p *Profile) process(s string, toASCII bool) (string, error) {
+	var err error
+	if p.mapping != nil {
+		s, err = p.mapping(p, s)
+	}
+	// Remove leading empty labels.
+	if p.removeLeadingDots {
+		for ; len(s) > 0 && s[0] == '.'; s = s[1:] {
+		}
+	}
+	// It seems like we should only create this error on ToASCII, but the
+	// UTS 46 conformance tests suggests we should always check this.
+	if err == nil && p.verifyDNSLength && s == "" {
+		err = &labelError{s, "A4"}
+	}
+	labels := labelIter{orig: s}
+	for ; !labels.done(); labels.next() {
+		label := labels.label()
+		if label == "" {
+			// Empty labels are not okay. The label iterator skips the last
+			// label if it is empty.
+			if err == nil && p.verifyDNSLength {
+				err = &labelError{s, "A4"}
+			}
+			continue
+		}
+		if strings.HasPrefix(label, acePrefix) {
+			u, err2 := decode(label[len(acePrefix):])
+			if err2 != nil {
+				if err == nil {
+					err = err2
+				}
+				// Spec says keep the old label.
+				continue
+			}
+			labels.set(u)
+			if err == nil && p.validateLabels {
+				err = p.fromPuny(p, u)
+			}
+			if err == nil {
+				// This should be called on NonTransitional, according to the
+				// spec, but that currently does not have any effect. Use the
+				// original profile to preserve options.
+				err = p.validateLabel(u)
+			}
+		} else if err == nil {
+			err = p.validateLabel(label)
+		}
+	}
+	if toASCII {
+		for labels.reset(); !labels.done(); labels.next() {
+			label := labels.label()
+			if !ascii(label) {
+				a, err2 := encode(acePrefix, label)
+				if err == nil {
+					err = err2
+				}
+				label = a
+				labels.set(a)
+			}
+			n := len(label)
+			if p.verifyDNSLength && err == nil && (n == 0 || n > 63) {
+				err = &labelError{label, "A4"}
+			}
+		}
+	}
+	s = labels.result()
+	if toASCII && p.verifyDNSLength && err == nil {
+		// Compute the length of the domain name minus the root label and its dot.
+		n := len(s)
+		if n > 0 && s[n-1] == '.' {
+			n--
+		}
+		if len(s) < 1 || n > 253 {
+			err = &labelError{s, "A4"}
+		}
+	}
+	return s, err
+}
+
+func normalize(p *Profile, s string) (string, error) {
+	return norm.NFC.String(s), nil
+}
+
+func validateRegistration(p *Profile, s string) (string, error) {
+	if !norm.NFC.IsNormalString(s) {
+		return s, &labelError{s, "V1"}
+	}
+	for i := 0; i < len(s); {
+		v, sz := trie.lookupString(s[i:])
+		// Copy bytes not copied so far.
+		switch p.simplify(info(v).category()) {
+		// TODO: handle the NV8 defined in the Unicode idna data set to allow
+		// for strict conformance to IDNA2008.
+		case valid, deviation:
+		case disallowed, mapped, unknown, ignored:
+			r, _ := utf8.DecodeRuneInString(s[i:])
+			return s, runeError(r)
+		}
+		i += sz
+	}
+	return s, nil
+}
+
+func validateAndMap(p *Profile, s string) (string, error) {
+	var (
+		err error
+		b   []byte
+		k   int
+	)
+	for i := 0; i < len(s); {
+		v, sz := trie.lookupString(s[i:])
+		start := i
+		i += sz
+		// Copy bytes not copied so far.
+		switch p.simplify(info(v).category()) {
+		case valid:
+			continue
+		case disallowed:
+			if err == nil {
+				r, _ := utf8.DecodeRuneInString(s[start:])
+				err = runeError(r)
+			}
+			continue
+		case mapped, deviation:
+			b = append(b, s[k:start]...)
+			b = info(v).appendMapping(b, s[start:i])
+		case ignored:
+			b = append(b, s[k:start]...)
+			// drop the rune
+		case unknown:
+			b = append(b, s[k:start]...)
+			b = append(b, "\ufffd"...)
+		}
+		k = i
+	}
+	if k == 0 {
+		// No changes so far.
+		s = norm.NFC.String(s)
+	} else {
+		b = append(b, s[k:]...)
+		if norm.NFC.QuickSpan(b) != len(b) {
+			b = norm.NFC.Bytes(b)
+		}
+		// TODO: the punycode converters require strings as input.
+		s = string(b)
+	}
+	return s, err
+}
+
+// A labelIter allows iterating over domain name labels.
+type labelIter struct {
+	orig     string
+	slice    []string
+	curStart int
+	curEnd   int
+	i        int
+}
+
+func (l *labelIter) reset() {
+	l.curStart = 0
+	l.curEnd = 0
+	l.i = 0
+}
+
+func (l *labelIter) done() bool {
+	return l.curStart >= len(l.orig)
+}
+
+func (l *labelIter) result() string {
+	if l.slice != nil {
+		return strings.Join(l.slice, ".")
+	}
+	return l.orig
+}
+
+func (l *labelIter) label() string {
+	if l.slice != nil {
+		return l.slice[l.i]
+	}
+	p := strings.IndexByte(l.orig[l.curStart:], '.')
+	l.curEnd = l.curStart + p
+	if p == -1 {
+		l.curEnd = len(l.orig)
+	}
+	return l.orig[l.curStart:l.curEnd]
+}
+
+// next sets the value to the next label. It skips the last label if it is empty.
+func (l *labelIter) next() {
+	l.i++
+	if l.slice != nil {
+		if l.i >= len(l.slice) || l.i == len(l.slice)-1 && l.slice[l.i] == "" {
+			l.curStart = len(l.orig)
+		}
+	} else {
+		l.curStart = l.curEnd + 1
+		if l.curStart == len(l.orig)-1 && l.orig[l.curStart] == '.' {
+			l.curStart = len(l.orig)
+		}
+	}
+}
+
+func (l *labelIter) set(s string) {
+	if l.slice == nil {
+		l.slice = strings.Split(l.orig, ".")
+	}
+	l.slice[l.i] = s
+}
+
+// acePrefix is the ASCII Compatible Encoding prefix.
+const acePrefix = "xn--"
+
+func (p *Profile) simplify(cat category) category {
+	switch cat {
+	case disallowedSTD3Mapped:
+		if p.useSTD3Rules {
+			cat = disallowed
+		} else {
+			cat = mapped
+		}
+	case disallowedSTD3Valid:
+		if p.useSTD3Rules {
+			cat = disallowed
+		} else {
+			cat = valid
+		}
+	case deviation:
+		if !p.transitional {
+			cat = valid
+		}
+	case validNV8, validXV8:
+		// TODO: handle V2008
+		cat = valid
+	}
+	return cat
+}
+
+func validateFromPunycode(p *Profile, s string) error {
+	if !norm.NFC.IsNormalString(s) {
+		return &labelError{s, "V1"}
+	}
+	for i := 0; i < len(s); {
+		v, sz := trie.lookupString(s[i:])
+		if c := p.simplify(info(v).category()); c != valid && c != deviation {
+			return &labelError{s, "V6"}
+		}
+		i += sz
+	}
+	return nil
+}
+
+const (
+	zwnj = "\u200c"
+	zwj  = "\u200d"
+)
+
+type joinState int8
+
+const (
+	stateStart joinState = iota
+	stateVirama
+	stateBefore
+	stateBeforeVirama
+	stateAfter
+	stateFAIL
+)
+
+var joinStates = [][numJoinTypes]joinState{
+	stateStart: {
+		joiningL:   stateBefore,
+		joiningD:   stateBefore,
+		joinZWNJ:   stateFAIL,
+		joinZWJ:    stateFAIL,
+		joinVirama: stateVirama,
+	},
+	stateVirama: {
+		joiningL: stateBefore,
+		joiningD: stateBefore,
+	},
+	stateBefore: {
+		joiningL:   stateBefore,
+		joiningD:   stateBefore,
+		joiningT:   stateBefore,
+		joinZWNJ:   stateAfter,
+		joinZWJ:    stateFAIL,
+		joinVirama: stateBeforeVirama,
+	},
+	stateBeforeVirama: {
+		joiningL: stateBefore,
+		joiningD: stateBefore,
+		joiningT: stateBefore,
+	},
+	stateAfter: {
+		joiningL:   stateFAIL,
+		joiningD:   stateBefore,
+		joiningT:   stateAfter,
+		joiningR:   stateStart,
+		joinZWNJ:   stateFAIL,
+		joinZWJ:    stateFAIL,
+		joinVirama: stateAfter, // no-op as we can't accept joiners here
+	},
+	stateFAIL: {
+		0:          stateFAIL,
+		joiningL:   stateFAIL,
+		joiningD:   stateFAIL,
+		joiningT:   stateFAIL,
+		joiningR:   stateFAIL,
+		joinZWNJ:   stateFAIL,
+		joinZWJ:    stateFAIL,
+		joinVirama: stateFAIL,
+	},
+}
+
+// validateLabel validates the criteria from Section 4.1. Item 1, 4, and 6 are
+// already implicitly satisfied by the overall implementation.
+func (p *Profile) validateLabel(s string) error {
+	if s == "" {
+		if p.verifyDNSLength {
+			return &labelError{s, "A4"}
+		}
+		return nil
+	}
+	if p.bidirule != nil && !p.bidirule(s) {
+		return &labelError{s, "B"}
+	}
+	if !p.validateLabels {
+		return nil
+	}
+	trie := p.trie // p.validateLabels is only set if trie is set.
+	if len(s) > 4 && s[2] == '-' && s[3] == '-' {
+		return &labelError{s, "V2"}
+	}
+	if s[0] == '-' || s[len(s)-1] == '-' {
+		return &labelError{s, "V3"}
+	}
+	// TODO: merge the use of this in the trie.
+	v, sz := trie.lookupString(s)
+	x := info(v)
+	if x.isModifier() {
+		return &labelError{s, "V5"}
+	}
+	// Quickly return in the absence of zero-width (non) joiners.
+	if strings.Index(s, zwj) == -1 && strings.Index(s, zwnj) == -1 {
+		return nil
+	}
+	st := stateStart
+	for i := 0; ; {
+		jt := x.joinType()
+		if s[i:i+sz] == zwj {
+			jt = joinZWJ
+		} else if s[i:i+sz] == zwnj {
+			jt = joinZWNJ
+		}
+		st = joinStates[st][jt]
+		if x.isViramaModifier() {
+			st = joinStates[st][joinVirama]
+		}
+		if i += sz; i == len(s) {
+			break
+		}
+		v, sz = trie.lookupString(s[i:])
+		x = info(v)
+	}
+	if st == stateFAIL || st == stateAfter {
+		return &labelError{s, "C"}
+	}
+	return nil
+}
+
+func ascii(s string) bool {
+	for i := 0; i < len(s); i++ {
+		if s[i] >= utf8.RuneSelf {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/golang.org/x/net/idna/tables.go b/vendor/golang.org/x/net/idna/tables.go
deleted file mode 100644
index f910b26914431..0000000000000
--- a/vendor/golang.org/x/net/idna/tables.go
+++ /dev/null
@@ -1,4557 +0,0 @@
-// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
-
-package idna
-
-// UnicodeVersion is the Unicode version from which the tables in this package are derived.
-const UnicodeVersion = "10.0.0"
-
-var mappings string = "" + // Size: 8176 bytes
-	"\x00\x01 \x03 ̈\x01a\x03 ̄\x012\x013\x03 ́\x03 ̧\x011\x01o\x051⁄4\x051⁄2" +
-	"\x053⁄4\x03i̇\x03l·\x03ʼn\x01s\x03dž\x03ⱥ\x03ⱦ\x01h\x01j\x01r\x01w\x01y" +
-	"\x03 ̆\x03 ̇\x03 ̊\x03 ̨\x03 ̃\x03 ̋\x01l\x01x\x04̈́\x03 ι\x01;\x05 ̈́" +
-	"\x04եւ\x04اٴ\x04وٴ\x04ۇٴ\x04يٴ\x06क़\x06ख़\x06ग़\x06ज़\x06ड़\x06ढ़\x06फ़" +
-	"\x06य़\x06ড়\x06ঢ়\x06য়\x06ਲ਼\x06ਸ਼\x06ਖ਼\x06ਗ਼\x06ਜ਼\x06ਫ਼\x06ଡ଼\x06ଢ଼" +
-	"\x06ํา\x06ໍາ\x06ຫນ\x06ຫມ\x06གྷ\x06ཌྷ\x06དྷ\x06བྷ\x06ཛྷ\x06ཀྵ\x06ཱི\x06ཱུ" +
-	"\x06ྲྀ\x09ྲཱྀ\x06ླྀ\x09ླཱྀ\x06ཱྀ\x06ྒྷ\x06ྜྷ\x06ྡྷ\x06ྦྷ\x06ྫྷ\x06ྐྵ\x02" +
-	"в\x02д\x02о\x02с\x02т\x02ъ\x02ѣ\x02æ\x01b\x01d\x01e\x02ǝ\x01g\x01i\x01k" +
-	"\x01m\x01n\x02ȣ\x01p\x01t\x01u\x02ɐ\x02ɑ\x02ə\x02ɛ\x02ɜ\x02ŋ\x02ɔ\x02ɯ" +
-	"\x01v\x02β\x02γ\x02δ\x02φ\x02χ\x02ρ\x02н\x02ɒ\x01c\x02ɕ\x02ð\x01f\x02ɟ" +
-	"\x02ɡ\x02ɥ\x02ɨ\x02ɩ\x02ɪ\x02ʝ\x02ɭ\x02ʟ\x02ɱ\x02ɰ\x02ɲ\x02ɳ\x02ɴ\x02ɵ" +
-	"\x02ɸ\x02ʂ\x02ʃ\x02ƫ\x02ʉ\x02ʊ\x02ʋ\x02ʌ\x01z\x02ʐ\x02ʑ\x02ʒ\x02θ\x02ss" +
-	"\x02ά\x02έ\x02ή\x02ί\x02ό\x02ύ\x02ώ\x05ἀι\x05ἁι\x05ἂι\x05ἃι\x05ἄι\x05ἅι" +
-	"\x05ἆι\x05ἇι\x05ἠι\x05ἡι\x05ἢι\x05ἣι\x05ἤι\x05ἥι\x05ἦι\x05ἧι\x05ὠι\x05ὡι" +
-	"\x05ὢι\x05ὣι\x05ὤι\x05ὥι\x05ὦι\x05ὧι\x05ὰι\x04αι\x04άι\x05ᾶι\x02ι\x05 ̈͂" +
-	"\x05ὴι\x04ηι\x04ήι\x05ῆι\x05 ̓̀\x05 ̓́\x05 ̓͂\x02ΐ\x05 ̔̀\x05 ̔́\x05 ̔͂" +
-	"\x02ΰ\x05 ̈̀\x01`\x05ὼι\x04ωι\x04ώι\x05ῶι\x06′′\x09′′′\x06‵‵\x09‵‵‵\x02!" +
-	"!\x02??\x02?!\x02!?\x0c′′′′\x010\x014\x015\x016\x017\x018\x019\x01+\x01=" +
-	"\x01(\x01)\x02rs\x02ħ\x02no\x01q\x02sm\x02tm\x02ω\x02å\x02א\x02ב\x02ג" +
-	"\x02ד\x02π\x051⁄7\x051⁄9\x061⁄10\x051⁄3\x052⁄3\x051⁄5\x052⁄5\x053⁄5\x054" +
-	"⁄5\x051⁄6\x055⁄6\x051⁄8\x053⁄8\x055⁄8\x057⁄8\x041⁄\x02ii\x02iv\x02vi" +
-	"\x04viii\x02ix\x02xi\x050⁄3\x06∫∫\x09∫∫∫\x06∮∮\x09∮∮∮\x0210\x0211\x0212" +
-	"\x0213\x0214\x0215\x0216\x0217\x0218\x0219\x0220\x04(10)\x04(11)\x04(12)" +
-	"\x04(13)\x04(14)\x04(15)\x04(16)\x04(17)\x04(18)\x04(19)\x04(20)\x0c∫∫∫∫" +
-	"\x02==\x05⫝̸\x02ɫ\x02ɽ\x02ȿ\x02ɀ\x01.\x04 ゙\x04 ゚\x06より\x06コト\x05(ᄀ)\x05" +
-	"(ᄂ)\x05(ᄃ)\x05(ᄅ)\x05(ᄆ)\x05(ᄇ)\x05(ᄉ)\x05(ᄋ)\x05(ᄌ)\x05(ᄎ)\x05(ᄏ)\x05(ᄐ" +
-	")\x05(ᄑ)\x05(ᄒ)\x05(가)\x05(나)\x05(다)\x05(라)\x05(마)\x05(바)\x05(사)\x05(아)" +
-	"\x05(자)\x05(차)\x05(카)\x05(타)\x05(파)\x05(하)\x05(주)\x08(오전)\x08(오후)\x05(一)" +
-	"\x05(二)\x05(三)\x05(四)\x05(五)\x05(六)\x05(七)\x05(八)\x05(九)\x05(十)\x05(月)" +
-	"\x05(火)\x05(水)\x05(木)\x05(金)\x05(土)\x05(日)\x05(株)\x05(有)\x05(社)\x05(名)" +
-	"\x05(特)\x05(財)\x05(祝)\x05(労)\x05(代)\x05(呼)\x05(学)\x05(監)\x05(企)\x05(資)" +
-	"\x05(協)\x05(祭)\x05(休)\x05(自)\x05(至)\x0221\x0222\x0223\x0224\x0225\x0226" +
-	"\x0227\x0228\x0229\x0230\x0231\x0232\x0233\x0234\x0235\x06참고\x06주의\x0236" +
-	"\x0237\x0238\x0239\x0240\x0241\x0242\x0243\x0244\x0245\x0246\x0247\x0248" +
-	"\x0249\x0250\x041月\x042月\x043月\x044月\x045月\x046月\x047月\x048月\x049月\x0510" +
-	"月\x0511月\x0512月\x02hg\x02ev\x0cアパート\x0cアルファ\x0cアンペア\x09アール\x0cイニング\x09" +
-	"インチ\x09ウォン\x0fエスクード\x0cエーカー\x09オンス\x09オーム\x09カイリ\x0cカラット\x0cカロリー\x09ガロ" +
-	"ン\x09ガンマ\x06ギガ\x09ギニー\x0cキュリー\x0cギルダー\x06キロ\x0fキログラム\x12キロメートル\x0fキロワッ" +
-	"ト\x09グラム\x0fグラムトン\x0fクルゼイロ\x0cクローネ\x09ケース\x09コルナ\x09コーポ\x0cサイクル\x0fサンチ" +
-	"ーム\x0cシリング\x09センチ\x09セント\x09ダース\x06デシ\x06ドル\x06トン\x06ナノ\x09ノット\x09ハイツ" +
-	"\x0fパーセント\x09パーツ\x0cバーレル\x0fピアストル\x09ピクル\x06ピコ\x06ビル\x0fファラッド\x0cフィート" +
-	"\x0fブッシェル\x09フラン\x0fヘクタール\x06ペソ\x09ペニヒ\x09ヘルツ\x09ペンス\x09ページ\x09ベータ\x0cポイ" +
-	"ント\x09ボルト\x06ホン\x09ポンド\x09ホール\x09ホーン\x0cマイクロ\x09マイル\x09マッハ\x09マルク\x0fマ" +
-	"ンション\x0cミクロン\x06ミリ\x0fミリバール\x06メガ\x0cメガトン\x0cメートル\x09ヤード\x09ヤール\x09ユアン" +
-	"\x0cリットル\x06リラ\x09ルピー\x0cルーブル\x06レム\x0fレントゲン\x09ワット\x040点\x041点\x042点" +
-	"\x043点\x044点\x045点\x046点\x047点\x048点\x049点\x0510点\x0511点\x0512点\x0513点" +
-	"\x0514点\x0515点\x0516点\x0517点\x0518点\x0519点\x0520点\x0521点\x0522点\x0523点" +
-	"\x0524点\x02da\x02au\x02ov\x02pc\x02dm\x02iu\x06平成\x06昭和\x06大正\x06明治\x0c株" +
-	"式会社\x02pa\x02na\x02ma\x02ka\x02kb\x02mb\x02gb\x04kcal\x02pf\x02nf\x02m" +
-	"g\x02kg\x02hz\x02ml\x02dl\x02kl\x02fm\x02nm\x02mm\x02cm\x02km\x02m2\x02m" +
-	"3\x05m∕s\x06m∕s2\x07rad∕s\x08rad∕s2\x02ps\x02ns\x02ms\x02pv\x02nv\x02mv" +
-	"\x02kv\x02pw\x02nw\x02mw\x02kw\x02bq\x02cc\x02cd\x06c∕kg\x02db\x02gy\x02" +
-	"ha\x02hp\x02in\x02kk\x02kt\x02lm\x02ln\x02lx\x02ph\x02pr\x02sr\x02sv\x02" +
-	"wb\x05v∕m\x05a∕m\x041日\x042日\x043日\x044日\x045日\x046日\x047日\x048日\x049日" +
-	"\x0510日\x0511日\x0512日\x0513日\x0514日\x0515日\x0516日\x0517日\x0518日\x0519日" +
-	"\x0520日\x0521日\x0522日\x0523日\x0524日\x0525日\x0526日\x0527日\x0528日\x0529日" +
-	"\x0530日\x0531日\x02ь\x02ɦ\x02ɬ\x02ʞ\x02ʇ\x02œ\x04𤋮\x04𢡊\x04𢡄\x04𣏕\x04𥉉" +
-	"\x04𥳐\x04𧻓\x02ff\x02fi\x02fl\x02st\x04մն\x04մե\x04մի\x04վն\x04մխ\x04יִ" +
-	"\x04ײַ\x02ע\x02ה\x02כ\x02ל\x02ם\x02ר\x02ת\x04שׁ\x04שׂ\x06שּׁ\x06שּׂ\x04א" +
-	"ַ\x04אָ\x04אּ\x04בּ\x04גּ\x04דּ\x04הּ\x04וּ\x04זּ\x04טּ\x04יּ\x04ךּ\x04" +
-	"כּ\x04לּ\x04מּ\x04נּ\x04סּ\x04ףּ\x04פּ\x04צּ\x04קּ\x04רּ\x04שּ\x04תּ" +
-	"\x04וֹ\x04בֿ\x04כֿ\x04פֿ\x04אל\x02ٱ\x02ٻ\x02پ\x02ڀ\x02ٺ\x02ٿ\x02ٹ\x02ڤ" +
-	"\x02ڦ\x02ڄ\x02ڃ\x02چ\x02ڇ\x02ڍ\x02ڌ\x02ڎ\x02ڈ\x02ژ\x02ڑ\x02ک\x02گ\x02ڳ" +
-	"\x02ڱ\x02ں\x02ڻ\x02ۀ\x02ہ\x02ھ\x02ے\x02ۓ\x02ڭ\x02ۇ\x02ۆ\x02ۈ\x02ۋ\x02ۅ" +
-	"\x02ۉ\x02ې\x02ى\x04ئا\x04ئە\x04ئو\x04ئۇ\x04ئۆ\x04ئۈ\x04ئې\x04ئى\x02ی\x04" +
-	"ئج\x04ئح\x04ئم\x04ئي\x04بج\x04بح\x04بخ\x04بم\x04بى\x04بي\x04تج\x04تح" +
-	"\x04تخ\x04تم\x04تى\x04تي\x04ثج\x04ثم\x04ثى\x04ثي\x04جح\x04جم\x04حج\x04حم" +
-	"\x04خج\x04خح\x04خم\x04سج\x04سح\x04سخ\x04سم\x04صح\x04صم\x04ضج\x04ضح\x04ضخ" +
-	"\x04ضم\x04طح\x04طم\x04ظم\x04عج\x04عم\x04غج\x04غم\x04فج\x04فح\x04فخ\x04فم" +
-	"\x04فى\x04في\x04قح\x04قم\x04قى\x04قي\x04كا\x04كج\x04كح\x04كخ\x04كل\x04كم" +
-	"\x04كى\x04كي\x04لج\x04لح\x04لخ\x04لم\x04لى\x04لي\x04مج\x04مح\x04مخ\x04مم" +
-	"\x04مى\x04مي\x04نج\x04نح\x04نخ\x04نم\x04نى\x04ني\x04هج\x04هم\x04هى\x04هي" +
-	"\x04يج\x04يح\x04يخ\x04يم\x04يى\x04يي\x04ذٰ\x04رٰ\x04ىٰ\x05 ٌّ\x05 ٍّ\x05" +
-	" َّ\x05 ُّ\x05 ِّ\x05 ّٰ\x04ئر\x04ئز\x04ئن\x04بر\x04بز\x04بن\x04تر\x04تز" +
-	"\x04تن\x04ثر\x04ثز\x04ثن\x04ما\x04نر\x04نز\x04نن\x04ير\x04يز\x04ين\x04ئخ" +
-	"\x04ئه\x04به\x04ته\x04صخ\x04له\x04نه\x04هٰ\x04يه\x04ثه\x04سه\x04شم\x04شه" +
-	"\x06ـَّ\x06ـُّ\x06ـِّ\x04طى\x04طي\x04عى\x04عي\x04غى\x04غي\x04سى\x04سي" +
-	"\x04شى\x04شي\x04حى\x04حي\x04جى\x04جي\x04خى\x04خي\x04صى\x04صي\x04ضى\x04ضي" +
-	"\x04شج\x04شح\x04شخ\x04شر\x04سر\x04صر\x04ضر\x04اً\x06تجم\x06تحج\x06تحم" +
-	"\x06تخم\x06تمج\x06تمح\x06تمخ\x06جمح\x06حمي\x06حمى\x06سحج\x06سجح\x06سجى" +
-	"\x06سمح\x06سمج\x06سمم\x06صحح\x06صمم\x06شحم\x06شجي\x06شمخ\x06شمم\x06ضحى" +
-	"\x06ضخم\x06طمح\x06طمم\x06طمي\x06عجم\x06عمم\x06عمى\x06غمم\x06غمي\x06غمى" +
-	"\x06فخم\x06قمح\x06قمم\x06لحم\x06لحي\x06لحى\x06لجج\x06لخم\x06لمح\x06محج" +
-	"\x06محم\x06محي\x06مجح\x06مجم\x06مخج\x06مخم\x06مجخ\x06همج\x06همم\x06نحم" +
-	"\x06نحى\x06نجم\x06نجى\x06نمي\x06نمى\x06يمم\x06بخي\x06تجي\x06تجى\x06تخي" +
-	"\x06تخى\x06تمي\x06تمى\x06جمي\x06جحى\x06جمى\x06سخى\x06صحي\x06شحي\x06ضحي" +
-	"\x06لجي\x06لمي\x06يحي\x06يجي\x06يمي\x06ممي\x06قمي\x06نحي\x06عمي\x06كمي" +
-	"\x06نجح\x06مخي\x06لجم\x06كمم\x06جحي\x06حجي\x06مجي\x06فمي\x06بحي\x06سخي" +
-	"\x06نجي\x06صلے\x06قلے\x08الله\x08اكبر\x08محمد\x08صلعم\x08رسول\x08عليه" +
-	"\x08وسلم\x06صلى!صلى الله عليه وسلم\x0fجل جلاله\x08ریال\x01,\x01:\x01!" +
-	"\x01?\x01_\x01{\x01}\x01[\x01]\x01#\x01&\x01*\x01-\x01<\x01>\x01\\\x01$" +
-	"\x01%\x01@\x04ـً\x04ـَ\x04ـُ\x04ـِ\x04ـّ\x04ـْ\x02ء\x02آ\x02أ\x02ؤ\x02إ" +
-	"\x02ئ\x02ا\x02ب\x02ة\x02ت\x02ث\x02ج\x02ح\x02خ\x02د\x02ذ\x02ر\x02ز\x02س" +
-	"\x02ش\x02ص\x02ض\x02ط\x02ظ\x02ع\x02غ\x02ف\x02ق\x02ك\x02ل\x02م\x02ن\x02ه" +
-	"\x02و\x02ي\x04لآ\x04لأ\x04لإ\x04لا\x01\x22\x01'\x01/\x01^\x01|\x01~\x02¢" +
-	"\x02£\x02¬\x02¦\x02¥\x08𝅗𝅥\x08𝅘𝅥\x0c𝅘𝅥𝅮\x0c𝅘𝅥𝅯\x0c𝅘𝅥𝅰\x0c𝅘𝅥𝅱\x0c𝅘𝅥𝅲\x08𝆹" +
-	"𝅥\x08𝆺𝅥\x0c𝆹𝅥𝅮\x0c𝆺𝅥𝅮\x0c𝆹𝅥𝅯\x0c𝆺𝅥𝅯\x02ı\x02ȷ\x02α\x02ε\x02ζ\x02η\x02" +
-	"κ\x02λ\x02μ\x02ν\x02ξ\x02ο\x02σ\x02τ\x02υ\x02ψ\x03∇\x03∂\x02ϝ\x02ٮ\x02ڡ" +
-	"\x02ٯ\x020,\x021,\x022,\x023,\x024,\x025,\x026,\x027,\x028,\x029,\x03(a)" +
-	"\x03(b)\x03(c)\x03(d)\x03(e)\x03(f)\x03(g)\x03(h)\x03(i)\x03(j)\x03(k)" +
-	"\x03(l)\x03(m)\x03(n)\x03(o)\x03(p)\x03(q)\x03(r)\x03(s)\x03(t)\x03(u)" +
-	"\x03(v)\x03(w)\x03(x)\x03(y)\x03(z)\x07〔s〕\x02wz\x02hv\x02sd\x03ppv\x02w" +
-	"c\x02mc\x02md\x02dj\x06ほか\x06ココ\x03サ\x03手\x03字\x03双\x03デ\x03二\x03多\x03解" +
-	"\x03天\x03交\x03映\x03無\x03料\x03前\x03後\x03再\x03新\x03初\x03終\x03生\x03販\x03声" +
-	"\x03吹\x03演\x03投\x03捕\x03一\x03三\x03遊\x03左\x03中\x03右\x03指\x03走\x03打\x03禁" +
-	"\x03空\x03合\x03満\x03有\x03月\x03申\x03割\x03営\x03配\x09〔本〕\x09〔三〕\x09〔二〕\x09〔安" +
-	"〕\x09〔点〕\x09〔打〕\x09〔盗〕\x09〔勝〕\x09〔敗〕\x03得\x03可\x03丽\x03丸\x03乁\x03你\x03" +
-	"侮\x03侻\x03倂\x03偺\x03備\x03僧\x03像\x03㒞\x03免\x03兔\x03兤\x03具\x03㒹\x03內\x03" +
-	"冗\x03冤\x03仌\x03冬\x03况\x03凵\x03刃\x03㓟\x03刻\x03剆\x03剷\x03㔕\x03勇\x03勉\x03" +
-	"勤\x03勺\x03包\x03匆\x03北\x03卉\x03卑\x03博\x03即\x03卽\x03卿\x03灰\x03及\x03叟\x03" +
-	"叫\x03叱\x03吆\x03咞\x03吸\x03呈\x03周\x03咢\x03哶\x03唐\x03啓\x03啣\x03善\x03喙\x03" +
-	"喫\x03喳\x03嗂\x03圖\x03嘆\x03圗\x03噑\x03噴\x03切\x03壮\x03城\x03埴\x03堍\x03型\x03" +
-	"堲\x03報\x03墬\x03売\x03壷\x03夆\x03夢\x03奢\x03姬\x03娛\x03娧\x03姘\x03婦\x03㛮\x03" +
-	"嬈\x03嬾\x03寃\x03寘\x03寧\x03寳\x03寿\x03将\x03尢\x03㞁\x03屠\x03屮\x03峀\x03岍\x03" +
-	"嵃\x03嵮\x03嵫\x03嵼\x03巡\x03巢\x03㠯\x03巽\x03帨\x03帽\x03幩\x03㡢\x03㡼\x03庰\x03" +
-	"庳\x03庶\x03廊\x03廾\x03舁\x03弢\x03㣇\x03形\x03彫\x03㣣\x03徚\x03忍\x03志\x03忹\x03" +
-	"悁\x03㤺\x03㤜\x03悔\x03惇\x03慈\x03慌\x03慎\x03慺\x03憎\x03憲\x03憤\x03憯\x03懞\x03" +
-	"懲\x03懶\x03成\x03戛\x03扝\x03抱\x03拔\x03捐\x03挽\x03拼\x03捨\x03掃\x03揤\x03搢\x03" +
-	"揅\x03掩\x03㨮\x03摩\x03摾\x03撝\x03摷\x03㩬\x03敏\x03敬\x03旣\x03書\x03晉\x03㬙\x03" +
-	"暑\x03㬈\x03㫤\x03冒\x03冕\x03最\x03暜\x03肭\x03䏙\x03朗\x03望\x03朡\x03杞\x03杓\x03" +
-	"㭉\x03柺\x03枅\x03桒\x03梅\x03梎\x03栟\x03椔\x03㮝\x03楂\x03榣\x03槪\x03檨\x03櫛\x03" +
-	"㰘\x03次\x03歔\x03㱎\x03歲\x03殟\x03殺\x03殻\x03汎\x03沿\x03泍\x03汧\x03洖\x03派\x03" +
-	"海\x03流\x03浩\x03浸\x03涅\x03洴\x03港\x03湮\x03㴳\x03滋\x03滇\x03淹\x03潮\x03濆\x03" +
-	"瀹\x03瀞\x03瀛\x03㶖\x03灊\x03災\x03灷\x03炭\x03煅\x03熜\x03爨\x03爵\x03牐\x03犀\x03" +
-	"犕\x03獺\x03王\x03㺬\x03玥\x03㺸\x03瑇\x03瑜\x03瑱\x03璅\x03瓊\x03㼛\x03甤\x03甾\x03" +
-	"異\x03瘐\x03㿼\x03䀈\x03直\x03眞\x03真\x03睊\x03䀹\x03瞋\x03䁆\x03䂖\x03硎\x03碌\x03" +
-	"磌\x03䃣\x03祖\x03福\x03秫\x03䄯\x03穀\x03穊\x03穏\x03䈂\x03篆\x03築\x03䈧\x03糒\x03" +
-	"䊠\x03糨\x03糣\x03紀\x03絣\x03䌁\x03緇\x03縂\x03繅\x03䌴\x03䍙\x03罺\x03羕\x03翺\x03" +
-	"者\x03聠\x03聰\x03䏕\x03育\x03脃\x03䐋\x03脾\x03媵\x03舄\x03辞\x03䑫\x03芑\x03芋\x03" +
-	"芝\x03劳\x03花\x03芳\x03芽\x03苦\x03若\x03茝\x03荣\x03莭\x03茣\x03莽\x03菧\x03著\x03" +
-	"荓\x03菊\x03菌\x03菜\x03䔫\x03蓱\x03蓳\x03蔖\x03蕤\x03䕝\x03䕡\x03䕫\x03虐\x03虜\x03" +
-	"虧\x03虩\x03蚩\x03蚈\x03蜎\x03蛢\x03蝹\x03蜨\x03蝫\x03螆\x03蟡\x03蠁\x03䗹\x03衠\x03" +
-	"衣\x03裗\x03裞\x03䘵\x03裺\x03㒻\x03䚾\x03䛇\x03誠\x03諭\x03變\x03豕\x03貫\x03賁\x03" +
-	"贛\x03起\x03跋\x03趼\x03跰\x03軔\x03輸\x03邔\x03郱\x03鄑\x03鄛\x03鈸\x03鋗\x03鋘\x03" +
-	"鉼\x03鏹\x03鐕\x03開\x03䦕\x03閷\x03䧦\x03雃\x03嶲\x03霣\x03䩮\x03䩶\x03韠\x03䪲\x03" +
-	"頋\x03頩\x03飢\x03䬳\x03餩\x03馧\x03駂\x03駾\x03䯎\x03鬒\x03鱀\x03鳽\x03䳎\x03䳭\x03" +
-	"鵧\x03䳸\x03麻\x03䵖\x03黹\x03黾\x03鼅\x03鼏\x03鼖\x03鼻"
-
-var xorData string = "" + // Size: 4855 bytes
-	"\x02\x0c\x09\x02\xb0\xec\x02\xad\xd8\x02\xad\xd9\x02\x06\x07\x02\x0f\x12" +
-	"\x02\x0f\x1f\x02\x0f\x1d\x02\x01\x13\x02\x0f\x16\x02\x0f\x0b\x02\x0f3" +
-	"\x02\x0f7\x02\x0f?\x02\x0f/\x02\x0f*\x02\x0c&\x02\x0c*\x02\x0c;\x02\x0c9" +
-	"\x02\x0c%\x02\xab\xed\x02\xab\xe2\x02\xab\xe3\x02\xa9\xe0\x02\xa9\xe1" +
-	"\x02\xa9\xe6\x02\xa3\xcb\x02\xa3\xc8\x02\xa3\xc9\x02\x01#\x02\x01\x08" +
-	"\x02\x0e>\x02\x0e'\x02\x0f\x03\x02\x03\x0d\x02\x03\x09\x02\x03\x17\x02" +
-	"\x03\x0e\x02\x02\x03\x02\x011\x02\x01\x00\x02\x01\x10\x02\x03<\x02\x07" +
-	"\x0d\x02\x02\x0c\x02\x0c0\x02\x01\x03\x02\x01\x01\x02\x01 \x02\x01\x22" +
-	"\x02\x01)\x02\x01\x0a\x02\x01\x0c\x02\x02\x06\x02\x02\x02\x02\x03\x10" +
-	"\x03\x037 \x03\x0b+\x03\x02\x01\x04\x02\x01\x02\x02\x019\x02\x03\x1c\x02" +
-	"\x02$\x03\x80p$\x02\x03:\x02\x03\x0a\x03\xc1r.\x03\xc1r,\x03\xc1r\x02" +
-	"\x02\x02:\x02\x02>\x02\x02,\x02\x02\x10\x02\x02\x00\x03\xc1s<\x03\xc1s*" +
-	"\x03\xc2L$\x03\xc2L;\x02\x09)\x02\x0a\x19\x03\x83\xab\xe3\x03\x83\xab" +
-	"\xf2\x03 4\xe0\x03\x81\xab\xea\x03\x81\xab\xf3\x03 4\xef\x03\x96\xe1\xcd" +
-	"\x03\x84\xe5\xc3\x02\x0d\x11\x03\x8b\xec\xcb\x03\x94\xec\xcf\x03\x9a\xec" +
-	"\xc2\x03\x8b\xec\xdb\x03\x94\xec\xdf\x03\x9a\xec\xd2\x03\x01\x0c!\x03" +
-	"\x01\x0c#\x03ʠ\x9d\x03ʣ\x9c\x03ʢ\x9f\x03ʥ\x9e\x03ʤ\x91\x03ʧ\x90\x03ʦ\x93" +
-	"\x03ʩ\x92\x03ʨ\x95\x03\xca\xf3\xb5\x03\xca\xf0\xb4\x03\xca\xf1\xb7\x03" +
-	"\xca\xf6\xb6\x03\xca\xf7\x89\x03\xca\xf4\x88\x03\xca\xf5\x8b\x03\xca\xfa" +
-	"\x8a\x03\xca\xfb\x8d\x03\xca\xf8\x8c\x03\xca\xf9\x8f\x03\xca\xfe\x8e\x03" +
-	"\xca\xff\x81\x03\xca\xfc\x80\x03\xca\xfd\x83\x03\xca\xe2\x82\x03\xca\xe3" +
-	"\x85\x03\xca\xe0\x84\x03\xca\xe1\x87\x03\xca\xe6\x86\x03\xca\xe7\x99\x03" +
-	"\xca\xe4\x98\x03\xca\xe5\x9b\x03\xca\xea\x9a\x03\xca\xeb\x9d\x03\xca\xe8" +
-	"\x9c\x03ؓ\x89\x03ߔ\x8b\x02\x010\x03\x03\x04\x1e\x03\x04\x15\x12\x03\x0b" +
-	"\x05,\x03\x06\x04\x00\x03\x06\x04)\x03\x06\x044\x03\x06\x04<\x03\x06\x05" +
-	"\x1d\x03\x06\x06\x00\x03\x06\x06\x0a\x03\x06\x06'\x03\x06\x062\x03\x0786" +
-	"\x03\x079/\x03\x079 \x03\x07:\x0e\x03\x07:\x1b\x03\x07:%\x03\x07;/\x03" +
-	"\x07;%\x03\x074\x11\x03\x076\x09\x03\x077*\x03\x070\x01\x03\x070\x0f\x03" +
-	"\x070.\x03\x071\x16\x03\x071\x04\x03\x0710\x03\x072\x18\x03\x072-\x03" +
-	"\x073\x14\x03\x073>\x03\x07'\x09\x03\x07 \x00\x03\x07\x1f\x0b\x03\x07" +
-	"\x18#\x03\x07\x18(\x03\x07\x186\x03\x07\x18\x03\x03\x07\x19\x16\x03\x07" +
-	"\x116\x03\x07\x12'\x03\x07\x13\x10\x03\x07\x0c&\x03\x07\x0c\x08\x03\x07" +
-	"\x0c\x13\x03\x07\x0d\x02\x03\x07\x0d\x1c\x03\x07\x0b5\x03\x07\x0b\x0a" +
-	"\x03\x07\x0b\x01\x03\x07\x0b\x0f\x03\x07\x05\x00\x03\x07\x05\x09\x03\x07" +
-	"\x05\x0b\x03\x07\x07\x01\x03\x07\x07\x08\x03\x07\x00<\x03\x07\x00+\x03" +
-	"\x07\x01)\x03\x07\x01\x1b\x03\x07\x01\x08\x03\x07\x03?\x03\x0445\x03\x04" +
-	"4\x08\x03\x0454\x03\x04)/\x03\x04)5\x03\x04+\x05\x03\x04+\x14\x03\x04+ " +
-	"\x03\x04+<\x03\x04*&\x03\x04*\x22\x03\x04&8\x03\x04!\x01\x03\x04!\x22" +
-	"\x03\x04\x11+\x03\x04\x10.\x03\x04\x104\x03\x04\x13=\x03\x04\x12\x04\x03" +
-	"\x04\x12\x0a\x03\x04\x0d\x1d\x03\x04\x0d\x07\x03\x04\x0d \x03\x05<>\x03" +
-	"\x055<\x03\x055!\x03\x055#\x03\x055&\x03\x054\x1d\x03\x054\x02\x03\x054" +
-	"\x07\x03\x0571\x03\x053\x1a\x03\x053\x16\x03\x05.<\x03\x05.\x07\x03\x05)" +
-	":\x03\x05)<\x03\x05)\x0c\x03\x05)\x15\x03\x05+-\x03\x05+5\x03\x05$\x1e" +
-	"\x03\x05$\x14\x03\x05'\x04\x03\x05'\x14\x03\x05&\x02\x03\x05\x226\x03" +
-	"\x05\x22\x0c\x03\x05\x22\x1c\x03\x05\x19\x0a\x03\x05\x1b\x09\x03\x05\x1b" +
-	"\x0c\x03\x05\x14\x07\x03\x05\x16?\x03\x05\x16\x0c\x03\x05\x0c\x05\x03" +
-	"\x05\x0e\x0f\x03\x05\x01\x0e\x03\x05\x00(\x03\x05\x030\x03\x05\x03\x06" +
-	"\x03\x0a==\x03\x0a=1\x03\x0a=,\x03\x0a=\x0c\x03\x0a??\x03\x0a<\x08\x03" +
-	"\x0a9!\x03\x0a9)\x03\x0a97\x03\x0a99\x03\x0a6\x0a\x03\x0a6\x1c\x03\x0a6" +
-	"\x17\x03\x0a7'\x03\x0a78\x03\x0a73\x03\x0a'\x01\x03\x0a'&\x03\x0a\x1f" +
-	"\x0e\x03\x0a\x1f\x03\x03\x0a\x1f3\x03\x0a\x1b/\x03\x0a\x18\x19\x03\x0a" +
-	"\x19\x01\x03\x0a\x16\x14\x03\x0a\x0e\x22\x03\x0a\x0f\x10\x03\x0a\x0f\x02" +
-	"\x03\x0a\x0f \x03\x0a\x0c\x04\x03\x0a\x0b>\x03\x0a\x0b+\x03\x0a\x08/\x03" +
-	"\x0a\x046\x03\x0a\x05\x14\x03\x0a\x00\x04\x03\x0a\x00\x10\x03\x0a\x00" +
-	"\x14\x03\x0b<3\x03\x0b;*\x03\x0b9\x22\x03\x0b9)\x03\x0b97\x03\x0b+\x10" +
-	"\x03\x0b((\x03\x0b&5\x03\x0b$\x1c\x03\x0b$\x12\x03\x0b%\x04\x03\x0b#<" +
-	"\x03\x0b#0\x03\x0b#\x0d\x03\x0b#\x19\x03\x0b!:\x03\x0b!\x1f\x03\x0b!\x00" +
-	"\x03\x0b\x1e5\x03\x0b\x1c\x1d\x03\x0b\x1d-\x03\x0b\x1d(\x03\x0b\x18.\x03" +
-	"\x0b\x18 \x03\x0b\x18\x16\x03\x0b\x14\x13\x03\x0b\x15$\x03\x0b\x15\x22" +
-	"\x03\x0b\x12\x1b\x03\x0b\x12\x10\x03\x0b\x132\x03\x0b\x13=\x03\x0b\x12" +
-	"\x18\x03\x0b\x0c&\x03\x0b\x061\x03\x0b\x06:\x03\x0b\x05#\x03\x0b\x05<" +
-	"\x03\x0b\x04\x0b\x03\x0b\x04\x04\x03\x0b\x04\x1b\x03\x0b\x042\x03\x0b" +
-	"\x041\x03\x0b\x03\x03\x03\x0b\x03\x1d\x03\x0b\x03/\x03\x0b\x03+\x03\x0b" +
-	"\x02\x1b\x03\x0b\x02\x00\x03\x0b\x01\x1e\x03\x0b\x01\x08\x03\x0b\x015" +
-	"\x03\x06\x0d9\x03\x06\x0d=\x03\x06\x0d?\x03\x02\x001\x03\x02\x003\x03" +
-	"\x02\x02\x19\x03\x02\x006\x03\x02\x02\x1b\x03\x02\x004\x03\x02\x00<\x03" +
-	"\x02\x02\x0a\x03\x02\x02\x0e\x03\x02\x01\x1a\x03\x02\x01\x07\x03\x02\x01" +
-	"\x05\x03\x02\x01\x0b\x03\x02\x01%\x03\x02\x01\x0c\x03\x02\x01\x04\x03" +
-	"\x02\x01\x1c\x03\x02\x00.\x03\x02\x002\x03\x02\x00>\x03\x02\x00\x12\x03" +
-	"\x02\x00\x16\x03\x02\x011\x03\x02\x013\x03\x02\x02 \x03\x02\x02%\x03\x02" +
-	"\x02$\x03\x02\x028\x03\x02\x02;\x03\x02\x024\x03\x02\x012\x03\x02\x022" +
-	"\x03\x02\x02/\x03\x02\x01,\x03\x02\x01\x13\x03\x02\x01\x16\x03\x02\x01" +
-	"\x11\x03\x02\x01\x1e\x03\x02\x01\x15\x03\x02\x01\x17\x03\x02\x01\x0f\x03" +
-	"\x02\x01\x08\x03\x02\x00?\x03\x02\x03\x07\x03\x02\x03\x0d\x03\x02\x03" +
-	"\x13\x03\x02\x03\x1d\x03\x02\x03\x1f\x03\x02\x00\x03\x03\x02\x00\x0d\x03" +
-	"\x02\x00\x01\x03\x02\x00\x1b\x03\x02\x00\x19\x03\x02\x00\x18\x03\x02\x00" +
-	"\x13\x03\x02\x00/\x03\x07>\x12\x03\x07<\x1f\x03\x07>\x1d\x03\x06\x1d\x0e" +
-	"\x03\x07>\x1c\x03\x07>:\x03\x07>\x13\x03\x04\x12+\x03\x07?\x03\x03\x07>" +
-	"\x02\x03\x06\x224\x03\x06\x1a.\x03\x07<%\x03\x06\x1c\x0b\x03\x0609\x03" +
-	"\x05\x1f\x01\x03\x04'\x08\x03\x93\xfd\xf5\x03\x02\x0d \x03\x02\x0d#\x03" +
-	"\x02\x0d!\x03\x02\x0d&\x03\x02\x0d\x22\x03\x02\x0d/\x03\x02\x0d,\x03\x02" +
-	"\x0d$\x03\x02\x0d'\x03\x02\x0d%\x03\x02\x0d;\x03\x02\x0d=\x03\x02\x0d?" +
-	"\x03\x099.\x03\x08\x0b7\x03\x08\x02\x14\x03\x08\x14\x0d\x03\x08.:\x03" +
-	"\x089'\x03\x0f\x0b\x18\x03\x0f\x1c1\x03\x0f\x17&\x03\x0f9\x1f\x03\x0f0" +
-	"\x0c\x03\x0e\x0a9\x03\x0e\x056\x03\x0e\x1c#\x03\x0f\x13\x0e\x03\x072\x00" +
-	"\x03\x070\x0d\x03\x072\x0b\x03\x06\x11\x18\x03\x070\x10\x03\x06\x0f(\x03" +
-	"\x072\x05\x03\x06\x0f,\x03\x073\x15\x03\x06\x07\x08\x03\x05\x16\x02\x03" +
-	"\x04\x0b \x03\x05:8\x03\x05\x16%\x03\x0a\x0d\x1f\x03\x06\x16\x10\x03\x05" +
-	"\x1d5\x03\x05*;\x03\x05\x16\x1b\x03\x04.-\x03\x06\x1a\x19\x03\x04\x03," +
-	"\x03\x0b87\x03\x04/\x0a\x03\x06\x00,\x03\x04-\x01\x03\x04\x1e-\x03\x06/(" +
-	"\x03\x0a\x0b5\x03\x06\x0e7\x03\x06\x07.\x03\x0597\x03\x0a*%\x03\x0760" +
-	"\x03\x06\x0c;\x03\x05'\x00\x03\x072.\x03\x072\x08\x03\x06=\x01\x03\x06" +
-	"\x05\x1b\x03\x06\x06\x12\x03\x06$=\x03\x06'\x0d\x03\x04\x11\x0f\x03\x076" +
-	",\x03\x06\x07;\x03\x06.,\x03\x86\xf9\xea\x03\x8f\xff\xeb\x02\x092\x02" +
-	"\x095\x02\x094\x02\x09;\x02\x09>\x02\x098\x02\x09*\x02\x09/\x02\x09,\x02" +
-	"\x09%\x02\x09&\x02\x09#\x02\x09 \x02\x08!\x02\x08%\x02\x08$\x02\x08+\x02" +
-	"\x08.\x02\x08*\x02\x08&\x02\x088\x02\x08>\x02\x084\x02\x086\x02\x080\x02" +
-	"\x08\x10\x02\x08\x17\x02\x08\x12\x02\x08\x1d\x02\x08\x1f\x02\x08\x13\x02" +
-	"\x08\x15\x02\x08\x14\x02\x08\x0c\x03\x8b\xfd\xd0\x03\x81\xec\xc6\x03\x87" +
-	"\xe0\x8a\x03-2\xe3\x03\x80\xef\xe4\x03-2\xea\x03\x88\xe6\xeb\x03\x8e\xe6" +
-	"\xe8\x03\x84\xe6\xe9\x03\x97\xe6\xee\x03-2\xf9\x03-2\xf6\x03\x8e\xe3\xad" +
-	"\x03\x80\xe3\x92\x03\x88\xe3\x90\x03\x8e\xe3\x90\x03\x80\xe3\x97\x03\x88" +
-	"\xe3\x95\x03\x88\xfe\xcb\x03\x8e\xfe\xca\x03\x84\xfe\xcd\x03\x91\xef\xc9" +
-	"\x03-2\xc1\x03-2\xc0\x03-2\xcb\x03\x88@\x09\x03\x8e@\x08\x03\x8f\xe0\xf5" +
-	"\x03\x8e\xe6\xf9\x03\x8e\xe0\xfa\x03\x93\xff\xf4\x03\x84\xee\xd3\x03\x0b" +
-	"(\x04\x023 \x021;\x02\x01*\x03\x0b#\x10\x03\x0b 0\x03\x0b!\x10\x03\x0b!0" +
-	"\x03\x07\x15\x08\x03\x09?5\x03\x07\x1f\x08\x03\x07\x17\x0b\x03\x09\x1f" +
-	"\x15\x03\x0b\x1c7\x03\x0a+#\x03\x06\x1a\x1b\x03\x06\x1a\x14\x03\x0a\x01" +
-	"\x18\x03\x06#\x1b\x03\x0a2\x0c\x03\x0a\x01\x04\x03\x09#;\x03\x08='\x03" +
-	"\x08\x1a\x0a\x03\x07</\x03\x07:+\x03\x07\x07*\x03\x06&\x1c\x03\x09\x0c" +
-	"\x16\x03\x09\x10\x0e\x03\x08'\x0f\x03\x08+\x09\x03\x074%\x03\x06!3\x03" +
-	"\x06\x03+\x03\x0b\x1e\x19\x03\x0a))\x03\x09\x08\x19\x03\x08,\x05\x03\x07" +
-	"<2\x03\x06\x1c>\x03\x0a\x111\x03\x09\x1b\x09\x03\x073.\x03\x07\x01\x00" +
-	"\x03\x09/,\x03\x07#>\x03\x07\x048\x03\x0a\x1f\x22\x03\x098>\x03\x09\x11" +
-	"\x00\x03\x08/\x17\x03\x06'\x22\x03\x0b\x1a+\x03\x0a\x22\x19\x03\x0a/1" +
-	"\x03\x0974\x03\x09\x0f\x22\x03\x08,\x22\x03\x08?\x14\x03\x07$5\x03\x07<3" +
-	"\x03\x07=*\x03\x07\x13\x18\x03\x068\x0a\x03\x06\x09\x16\x03\x06\x13\x00" +
-	"\x03\x08\x067\x03\x08\x01\x03\x03\x08\x12\x1d\x03\x07+7\x03\x06(;\x03" +
-	"\x06\x1c?\x03\x07\x0e\x17\x03\x0a\x06\x1d\x03\x0a\x19\x07\x03\x08\x14$" +
-	"\x03\x07$;\x03\x08,$\x03\x08\x06\x0d\x03\x07\x16\x0a\x03\x06>>\x03\x0a" +
-	"\x06\x12\x03\x0a\x14)\x03\x09\x0d\x1f\x03\x09\x12\x17\x03\x09\x19\x01" +
-	"\x03\x08\x11 \x03\x08\x1d'\x03\x06<\x1a\x03\x0a.\x00\x03\x07'\x18\x03" +
-	"\x0a\x22\x08\x03\x08\x0d\x0a\x03\x08\x13)\x03\x07*)\x03\x06<,\x03\x07" +
-	"\x0b\x1a\x03\x09.\x14\x03\x09\x0d\x1e\x03\x07\x0e#\x03\x0b\x1d'\x03\x0a" +
-	"\x0a8\x03\x09%2\x03\x08+&\x03\x080\x12\x03\x0a)4\x03\x08\x06\x1f\x03\x0b" +
-	"\x1b\x1a\x03\x0a\x1b\x0f\x03\x0b\x1d*\x03\x09\x16$\x03\x090\x11\x03\x08" +
-	"\x11\x08\x03\x0a*(\x03\x0a\x042\x03\x089,\x03\x074'\x03\x07\x0f\x05\x03" +
-	"\x09\x0b\x0a\x03\x07\x1b\x01\x03\x09\x17:\x03\x09.\x0d\x03\x07.\x11\x03" +
-	"\x09+\x15\x03\x080\x13\x03\x0b\x1f\x19\x03\x0a \x11\x03\x0a\x220\x03\x09" +
-	"\x07;\x03\x08\x16\x1c\x03\x07,\x13\x03\x07\x0e/\x03\x06\x221\x03\x0a." +
-	"\x0a\x03\x0a7\x02\x03\x0a\x032\x03\x0a\x1d.\x03\x091\x06\x03\x09\x19:" +
-	"\x03\x08\x02/\x03\x060+\x03\x06\x0f-\x03\x06\x1c\x1f\x03\x06\x1d\x07\x03" +
-	"\x0a,\x11\x03\x09=\x0d\x03\x09\x0b;\x03\x07\x1b/\x03\x0a\x1f:\x03\x09 " +
-	"\x1f\x03\x09.\x10\x03\x094\x0b\x03\x09\x1a1\x03\x08#\x1a\x03\x084\x1d" +
-	"\x03\x08\x01\x1f\x03\x08\x11\x22\x03\x07'8\x03\x07\x1a>\x03\x0757\x03" +
-	"\x06&9\x03\x06+\x11\x03\x0a.\x0b\x03\x0a,>\x03\x0a4#\x03\x08%\x17\x03" +
-	"\x07\x05\x22\x03\x07\x0c\x0b\x03\x0a\x1d+\x03\x0a\x19\x16\x03\x09+\x1f" +
-	"\x03\x09\x08\x0b\x03\x08\x16\x18\x03\x08+\x12\x03\x0b\x1d\x0c\x03\x0a=" +
-	"\x10\x03\x0a\x09\x0d\x03\x0a\x10\x11\x03\x09&0\x03\x08(\x1f\x03\x087\x07" +
-	"\x03\x08\x185\x03\x07'6\x03\x06.\x05\x03\x06=\x04\x03\x06;;\x03\x06\x06," +
-	"\x03\x0b\x18>\x03\x08\x00\x18\x03\x06 \x03\x03\x06<\x00\x03\x09%\x18\x03" +
-	"\x0b\x1c<\x03\x0a%!\x03\x0a\x09\x12\x03\x0a\x16\x02\x03\x090'\x03\x09" +
-	"\x0e=\x03\x08 \x0e\x03\x08>\x03\x03\x074>\x03\x06&?\x03\x06\x19\x09\x03" +
-	"\x06?(\x03\x0a-\x0e\x03\x09:3\x03\x098:\x03\x09\x12\x0b\x03\x09\x1d\x17" +
-	"\x03\x087\x05\x03\x082\x14\x03\x08\x06%\x03\x08\x13\x1f\x03\x06\x06\x0e" +
-	"\x03\x0a\x22<\x03\x09/<\x03\x06>+\x03\x0a'?\x03\x0a\x13\x0c\x03\x09\x10<" +
-	"\x03\x07\x1b=\x03\x0a\x19\x13\x03\x09\x22\x1d\x03\x09\x07\x0d\x03\x08)" +
-	"\x1c\x03\x06=\x1a\x03\x0a/4\x03\x0a7\x11\x03\x0a\x16:\x03\x09?3\x03\x09:" +
-	"/\x03\x09\x05\x0a\x03\x09\x14\x06\x03\x087\x22\x03\x080\x07\x03\x08\x1a" +
-	"\x1f\x03\x07\x04(\x03\x07\x04\x09\x03\x06 %\x03\x06<\x08\x03\x0a+\x14" +
-	"\x03\x09\x1d\x16\x03\x0a70\x03\x08 >\x03\x0857\x03\x070\x0a\x03\x06=\x12" +
-	"\x03\x06\x16%\x03\x06\x1d,\x03\x099#\x03\x09\x10>\x03\x07 \x1e\x03\x08" +
-	"\x0c<\x03\x08\x0b\x18\x03\x08\x15+\x03\x08,:\x03\x08%\x22\x03\x07\x0a$" +
-	"\x03\x0b\x1c=\x03\x07+\x08\x03\x0a/\x05\x03\x0a \x07\x03\x0a\x12'\x03" +
-	"\x09#\x11\x03\x08\x1b\x15\x03\x0a\x06\x01\x03\x09\x1c\x1b\x03\x0922\x03" +
-	"\x07\x14<\x03\x07\x09\x04\x03\x061\x04\x03\x07\x0e\x01\x03\x0a\x13\x18" +
-	"\x03\x0a-\x0c\x03\x0a?\x0d\x03\x0a\x09\x0a\x03\x091&\x03\x0a/\x0b\x03" +
-	"\x08$<\x03\x083\x1d\x03\x08\x0c$\x03\x08\x0d\x07\x03\x08\x0d?\x03\x08" +
-	"\x0e\x14\x03\x065\x0a\x03\x08\x1a#\x03\x08\x16#\x03\x0702\x03\x07\x03" +
-	"\x1a\x03\x06(\x1d\x03\x06+\x1b\x03\x06\x0b\x05\x03\x06\x0b\x17\x03\x06" +
-	"\x0c\x04\x03\x06\x1e\x19\x03\x06+0\x03\x062\x18\x03\x0b\x16\x1e\x03\x0a+" +
-	"\x16\x03\x0a-?\x03\x0a#:\x03\x0a#\x10\x03\x0a%$\x03\x0a>+\x03\x0a01\x03" +
-	"\x0a1\x10\x03\x0a\x099\x03\x0a\x0a\x12\x03\x0a\x19\x1f\x03\x0a\x19\x12" +
-	"\x03\x09*)\x03\x09-\x16\x03\x09.1\x03\x09.2\x03\x09<\x0e\x03\x09> \x03" +
-	"\x093\x12\x03\x09\x0b\x01\x03\x09\x1c2\x03\x09\x11\x1c\x03\x09\x15%\x03" +
-	"\x08,&\x03\x08!\x22\x03\x089(\x03\x08\x0b\x1a\x03\x08\x0d2\x03\x08\x0c" +
-	"\x04\x03\x08\x0c\x06\x03\x08\x0c\x1f\x03\x08\x0c\x0c\x03\x08\x0f\x1f\x03" +
-	"\x08\x0f\x1d\x03\x08\x00\x14\x03\x08\x03\x14\x03\x08\x06\x16\x03\x08\x1e" +
-	"#\x03\x08\x11\x11\x03\x08\x10\x18\x03\x08\x14(\x03\x07)\x1e\x03\x07.1" +
-	"\x03\x07 $\x03\x07 '\x03\x078\x08\x03\x07\x0d0\x03\x07\x0f7\x03\x07\x05#" +
-	"\x03\x07\x05\x1a\x03\x07\x1a7\x03\x07\x1d-\x03\x07\x17\x10\x03\x06)\x1f" +
-	"\x03\x062\x0b\x03\x066\x16\x03\x06\x09\x11\x03\x09(\x1e\x03\x07!5\x03" +
-	"\x0b\x11\x16\x03\x0a/\x04\x03\x0a,\x1a\x03\x0b\x173\x03\x0a,1\x03\x0a/5" +
-	"\x03\x0a\x221\x03\x0a\x22\x0d\x03\x0a?%\x03\x0a<,\x03\x0a?#\x03\x0a>\x19" +
-	"\x03\x0a\x08&\x03\x0a\x0b\x0e\x03\x0a\x0c:\x03\x0a\x0c+\x03\x0a\x03\x22" +
-	"\x03\x0a\x06)\x03\x0a\x11\x10\x03\x0a\x11\x1a\x03\x0a\x17-\x03\x0a\x14(" +
-	"\x03\x09)\x1e\x03\x09/\x09\x03\x09.\x00\x03\x09,\x07\x03\x09/*\x03\x09-9" +
-	"\x03\x09\x228\x03\x09%\x09\x03\x09:\x12\x03\x09;\x1d\x03\x09?\x06\x03" +
-	"\x093%\x03\x096\x05\x03\x096\x08\x03\x097\x02\x03\x09\x07,\x03\x09\x04," +
-	"\x03\x09\x1f\x16\x03\x09\x11\x03\x03\x09\x11\x12\x03\x09\x168\x03\x08*" +
-	"\x05\x03\x08/2\x03\x084:\x03\x08\x22+\x03\x08 0\x03\x08&\x0a\x03\x08;" +
-	"\x10\x03\x08>$\x03\x08>\x18\x03\x0829\x03\x082:\x03\x081,\x03\x081<\x03" +
-	"\x081\x1c\x03\x087#\x03\x087*\x03\x08\x09'\x03\x08\x00\x1d\x03\x08\x05-" +
-	"\x03\x08\x1f4\x03\x08\x1d\x04\x03\x08\x16\x0f\x03\x07*7\x03\x07'!\x03" +
-	"\x07%\x1b\x03\x077\x0c\x03\x07\x0c1\x03\x07\x0c.\x03\x07\x00\x06\x03\x07" +
-	"\x01\x02\x03\x07\x010\x03\x07\x06=\x03\x07\x01\x03\x03\x07\x01\x13\x03" +
-	"\x07\x06\x06\x03\x07\x05\x0a\x03\x07\x1f\x09\x03\x07\x17:\x03\x06*1\x03" +
-	"\x06-\x1d\x03\x06\x223\x03\x062:\x03\x060$\x03\x066\x1e\x03\x064\x12\x03" +
-	"\x0645\x03\x06\x0b\x00\x03\x06\x0b7\x03\x06\x07\x1f\x03\x06\x15\x12\x03" +
-	"\x0c\x05\x0f\x03\x0b+\x0b\x03\x0b+-\x03\x06\x16\x1b\x03\x06\x15\x17\x03" +
-	"\x89\xca\xea\x03\x89\xca\xe8\x03\x0c8\x10\x03\x0c8\x01\x03\x0c8\x0f\x03" +
-	"\x0d8%\x03\x0d8!\x03\x0c8-\x03\x0c8/\x03\x0c8+\x03\x0c87\x03\x0c85\x03" +
-	"\x0c9\x09\x03\x0c9\x0d\x03\x0c9\x0f\x03\x0c9\x0b\x03\xcfu\x0c\x03\xcfu" +
-	"\x0f\x03\xcfu\x0e\x03\xcfu\x09\x03\x0c9\x10\x03\x0d9\x0c\x03\xcf`;\x03" +
-	"\xcf`>\x03\xcf`9\x03\xcf`8\x03\xcf`7\x03\xcf`*\x03\xcf`-\x03\xcf`,\x03" +
-	"\x0d\x1b\x1a\x03\x0d\x1b&\x03\x0c=.\x03\x0c=%\x03\x0c>\x1e\x03\x0c>\x14" +
-	"\x03\x0c?\x06\x03\x0c?\x0b\x03\x0c?\x0c\x03\x0c?\x0d\x03\x0c?\x02\x03" +
-	"\x0c>\x0f\x03\x0c>\x08\x03\x0c>\x09\x03\x0c>,\x03\x0c>\x0c\x03\x0c?\x13" +
-	"\x03\x0c?\x16\x03\x0c?\x15\x03\x0c?\x1c\x03\x0c?\x1f\x03\x0c?\x1d\x03" +
-	"\x0c?\x1a\x03\x0c?\x17\x03\x0c?\x08\x03\x0c?\x09\x03\x0c?\x0e\x03\x0c?" +
-	"\x04\x03\x0c?\x05\x03\x0c<?\x03\x0c=\x00\x03\x0c=\x06\x03\x0c=\x05\x03" +
-	"\x0c=\x0c\x03\x0c=\x0f\x03\x0c=\x0d\x03\x0c=\x0b\x03\x0c=\x07\x03\x0c=" +
-	"\x19\x03\x0c=\x15\x03\x0c=\x11\x03\x0c=1\x03\x0c=3\x03\x0c=0\x03\x0c=>" +
-	"\x03\x0c=2\x03\x0c=6\x03\x0c<\x07\x03\x0c<\x05\x03\x0e:!\x03\x0e:#\x03" +
-	"\x0e8\x09\x03\x0e:&\x03\x0e8\x0b\x03\x0e:$\x03\x0e:,\x03\x0e8\x1a\x03" +
-	"\x0e8\x1e\x03\x0e:*\x03\x0e:7\x03\x0e:5\x03\x0e:;\x03\x0e:\x15\x03\x0e:<" +
-	"\x03\x0e:4\x03\x0e:'\x03\x0e:-\x03\x0e:%\x03\x0e:?\x03\x0e:=\x03\x0e:)" +
-	"\x03\x0e:/\x03\xcfs'\x03\x0d=\x0f\x03\x0d+*\x03\x0d99\x03\x0d9;\x03\x0d9" +
-	"?\x03\x0d)\x0d\x03\x0d(%\x02\x01\x18\x02\x01(\x02\x01\x1e\x03\x0f$!\x03" +
-	"\x0f87\x03\x0f4\x0e\x03\x0f5\x1d\x03\x06'\x03\x03\x0f\x08\x18\x03\x0f" +
-	"\x0d\x1b\x03\x0e2=\x03\x0e;\x08\x03\x0e:\x0b\x03\x0e\x06$\x03\x0e\x0d)" +
-	"\x03\x0e\x16\x1f\x03\x0e\x16\x1b\x03\x0d$\x0a\x03\x05,\x1d\x03\x0d. \x03" +
-	"\x0d.#\x03\x0c(/\x03\x09%\x02\x03\x0d90\x03\x0d\x0e4\x03\x0d\x0d\x0f\x03" +
-	"\x0c#\x00\x03\x0c,\x1e\x03\x0c2\x0e\x03\x0c\x01\x17\x03\x0c\x09:\x03\x0e" +
-	"\x173\x03\x0c\x08\x03\x03\x0c\x11\x07\x03\x0c\x10\x18\x03\x0c\x1f\x1c" +
-	"\x03\x0c\x19\x0e\x03\x0c\x1a\x1f\x03\x0f0>\x03\x0b->\x03\x0b<+\x03\x0b8" +
-	"\x13\x03\x0b\x043\x03\x0b\x14\x03\x03\x0b\x16%\x03\x0d\x22&\x03\x0b\x1a" +
-	"\x1a\x03\x0b\x1a\x04\x03\x0a%9\x03\x0a&2\x03\x0a&0\x03\x0a!\x1a\x03\x0a!" +
-	"7\x03\x0a5\x10\x03\x0a=4\x03\x0a?\x0e\x03\x0a>\x10\x03\x0a\x00 \x03\x0a" +
-	"\x0f:\x03\x0a\x0f9\x03\x0a\x0b\x0a\x03\x0a\x17%\x03\x0a\x1b-\x03\x09-" +
-	"\x1a\x03\x09,4\x03\x09.,\x03\x09)\x09\x03\x096!\x03\x091\x1f\x03\x093" +
-	"\x16\x03\x0c+\x1f\x03\x098 \x03\x098=\x03\x0c(\x1a\x03\x0c(\x16\x03\x09" +
-	"\x0a+\x03\x09\x16\x12\x03\x09\x13\x0e\x03\x09\x153\x03\x08)!\x03\x09\x1a" +
-	"\x01\x03\x09\x18\x01\x03\x08%#\x03\x08>\x22\x03\x08\x05%\x03\x08\x02*" +
-	"\x03\x08\x15;\x03\x08\x1b7\x03\x0f\x07\x1d\x03\x0f\x04\x03\x03\x070\x0c" +
-	"\x03\x07;\x0b\x03\x07\x08\x17\x03\x07\x12\x06\x03\x06/-\x03\x0671\x03" +
-	"\x065+\x03\x06>7\x03\x06\x049\x03\x05+\x1e\x03\x05,\x17\x03\x05 \x1d\x03" +
-	"\x05\x22\x05\x03\x050\x1d"
-
-// lookup returns the trie value for the first UTF-8 encoding in s and
-// the width in bytes of this encoding. The size will be 0 if s does not
-// hold enough bytes to complete the encoding. len(s) must be greater than 0.
-func (t *idnaTrie) lookup(s []byte) (v uint16, sz int) {
-	c0 := s[0]
-	switch {
-	case c0 < 0x80: // is ASCII
-		return idnaValues[c0], 1
-	case c0 < 0xC2:
-		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
-	case c0 < 0xE0: // 2-byte UTF-8
-		if len(s) < 2 {
-			return 0, 0
-		}
-		i := idnaIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c1), 2
-	case c0 < 0xF0: // 3-byte UTF-8
-		if len(s) < 3 {
-			return 0, 0
-		}
-		i := idnaIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = idnaIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c2), 3
-	case c0 < 0xF8: // 4-byte UTF-8
-		if len(s) < 4 {
-			return 0, 0
-		}
-		i := idnaIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = idnaIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		o = uint32(i)<<6 + uint32(c2)
-		i = idnaIndex[o]
-		c3 := s[3]
-		if c3 < 0x80 || 0xC0 <= c3 {
-			return 0, 3 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c3), 4
-	}
-	// Illegal rune
-	return 0, 1
-}
-
-// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
-// s must start with a full and valid UTF-8 encoded rune.
-func (t *idnaTrie) lookupUnsafe(s []byte) uint16 {
-	c0 := s[0]
-	if c0 < 0x80 { // is ASCII
-		return idnaValues[c0]
-	}
-	i := idnaIndex[c0]
-	if c0 < 0xE0 { // 2-byte UTF-8
-		return t.lookupValue(uint32(i), s[1])
-	}
-	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
-	if c0 < 0xF0 { // 3-byte UTF-8
-		return t.lookupValue(uint32(i), s[2])
-	}
-	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
-	if c0 < 0xF8 { // 4-byte UTF-8
-		return t.lookupValue(uint32(i), s[3])
-	}
-	return 0
-}
-
-// lookupString returns the trie value for the first UTF-8 encoding in s and
-// the width in bytes of this encoding. The size will be 0 if s does not
-// hold enough bytes to complete the encoding. len(s) must be greater than 0.
-func (t *idnaTrie) lookupString(s string) (v uint16, sz int) {
-	c0 := s[0]
-	switch {
-	case c0 < 0x80: // is ASCII
-		return idnaValues[c0], 1
-	case c0 < 0xC2:
-		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
-	case c0 < 0xE0: // 2-byte UTF-8
-		if len(s) < 2 {
-			return 0, 0
-		}
-		i := idnaIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c1), 2
-	case c0 < 0xF0: // 3-byte UTF-8
-		if len(s) < 3 {
-			return 0, 0
-		}
-		i := idnaIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = idnaIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c2), 3
-	case c0 < 0xF8: // 4-byte UTF-8
-		if len(s) < 4 {
-			return 0, 0
-		}
-		i := idnaIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = idnaIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		o = uint32(i)<<6 + uint32(c2)
-		i = idnaIndex[o]
-		c3 := s[3]
-		if c3 < 0x80 || 0xC0 <= c3 {
-			return 0, 3 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c3), 4
-	}
-	// Illegal rune
-	return 0, 1
-}
-
-// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
-// s must start with a full and valid UTF-8 encoded rune.
-func (t *idnaTrie) lookupStringUnsafe(s string) uint16 {
-	c0 := s[0]
-	if c0 < 0x80 { // is ASCII
-		return idnaValues[c0]
-	}
-	i := idnaIndex[c0]
-	if c0 < 0xE0 { // 2-byte UTF-8
-		return t.lookupValue(uint32(i), s[1])
-	}
-	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
-	if c0 < 0xF0 { // 3-byte UTF-8
-		return t.lookupValue(uint32(i), s[2])
-	}
-	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
-	if c0 < 0xF8 { // 4-byte UTF-8
-		return t.lookupValue(uint32(i), s[3])
-	}
-	return 0
-}
-
-// idnaTrie. Total size: 29052 bytes (28.37 KiB). Checksum: ef06e7ecc26f36dd.
-type idnaTrie struct{}
-
-func newIdnaTrie(i int) *idnaTrie {
-	return &idnaTrie{}
-}
-
-// lookupValue determines the type of block n and looks up the value for b.
-func (t *idnaTrie) lookupValue(n uint32, b byte) uint16 {
-	switch {
-	case n < 125:
-		return uint16(idnaValues[n<<6+uint32(b)])
-	default:
-		n -= 125
-		return uint16(idnaSparse.lookup(n, b))
-	}
-}
-
-// idnaValues: 127 blocks, 8128 entries, 16256 bytes
-// The third block is the zero block.
-var idnaValues = [8128]uint16{
-	// Block 0x0, offset 0x0
-	0x00: 0x0080, 0x01: 0x0080, 0x02: 0x0080, 0x03: 0x0080, 0x04: 0x0080, 0x05: 0x0080,
-	0x06: 0x0080, 0x07: 0x0080, 0x08: 0x0080, 0x09: 0x0080, 0x0a: 0x0080, 0x0b: 0x0080,
-	0x0c: 0x0080, 0x0d: 0x0080, 0x0e: 0x0080, 0x0f: 0x0080, 0x10: 0x0080, 0x11: 0x0080,
-	0x12: 0x0080, 0x13: 0x0080, 0x14: 0x0080, 0x15: 0x0080, 0x16: 0x0080, 0x17: 0x0080,
-	0x18: 0x0080, 0x19: 0x0080, 0x1a: 0x0080, 0x1b: 0x0080, 0x1c: 0x0080, 0x1d: 0x0080,
-	0x1e: 0x0080, 0x1f: 0x0080, 0x20: 0x0080, 0x21: 0x0080, 0x22: 0x0080, 0x23: 0x0080,
-	0x24: 0x0080, 0x25: 0x0080, 0x26: 0x0080, 0x27: 0x0080, 0x28: 0x0080, 0x29: 0x0080,
-	0x2a: 0x0080, 0x2b: 0x0080, 0x2c: 0x0080, 0x2d: 0x0008, 0x2e: 0x0008, 0x2f: 0x0080,
-	0x30: 0x0008, 0x31: 0x0008, 0x32: 0x0008, 0x33: 0x0008, 0x34: 0x0008, 0x35: 0x0008,
-	0x36: 0x0008, 0x37: 0x0008, 0x38: 0x0008, 0x39: 0x0008, 0x3a: 0x0080, 0x3b: 0x0080,
-	0x3c: 0x0080, 0x3d: 0x0080, 0x3e: 0x0080, 0x3f: 0x0080,
-	// Block 0x1, offset 0x40
-	0x40: 0x0080, 0x41: 0xe105, 0x42: 0xe105, 0x43: 0xe105, 0x44: 0xe105, 0x45: 0xe105,
-	0x46: 0xe105, 0x47: 0xe105, 0x48: 0xe105, 0x49: 0xe105, 0x4a: 0xe105, 0x4b: 0xe105,
-	0x4c: 0xe105, 0x4d: 0xe105, 0x4e: 0xe105, 0x4f: 0xe105, 0x50: 0xe105, 0x51: 0xe105,
-	0x52: 0xe105, 0x53: 0xe105, 0x54: 0xe105, 0x55: 0xe105, 0x56: 0xe105, 0x57: 0xe105,
-	0x58: 0xe105, 0x59: 0xe105, 0x5a: 0xe105, 0x5b: 0x0080, 0x5c: 0x0080, 0x5d: 0x0080,
-	0x5e: 0x0080, 0x5f: 0x0080, 0x60: 0x0080, 0x61: 0x0008, 0x62: 0x0008, 0x63: 0x0008,
-	0x64: 0x0008, 0x65: 0x0008, 0x66: 0x0008, 0x67: 0x0008, 0x68: 0x0008, 0x69: 0x0008,
-	0x6a: 0x0008, 0x6b: 0x0008, 0x6c: 0x0008, 0x6d: 0x0008, 0x6e: 0x0008, 0x6f: 0x0008,
-	0x70: 0x0008, 0x71: 0x0008, 0x72: 0x0008, 0x73: 0x0008, 0x74: 0x0008, 0x75: 0x0008,
-	0x76: 0x0008, 0x77: 0x0008, 0x78: 0x0008, 0x79: 0x0008, 0x7a: 0x0008, 0x7b: 0x0080,
-	0x7c: 0x0080, 0x7d: 0x0080, 0x7e: 0x0080, 0x7f: 0x0080,
-	// Block 0x2, offset 0x80
-	// Block 0x3, offset 0xc0
-	0xc0: 0x0040, 0xc1: 0x0040, 0xc2: 0x0040, 0xc3: 0x0040, 0xc4: 0x0040, 0xc5: 0x0040,
-	0xc6: 0x0040, 0xc7: 0x0040, 0xc8: 0x0040, 0xc9: 0x0040, 0xca: 0x0040, 0xcb: 0x0040,
-	0xcc: 0x0040, 0xcd: 0x0040, 0xce: 0x0040, 0xcf: 0x0040, 0xd0: 0x0040, 0xd1: 0x0040,
-	0xd2: 0x0040, 0xd3: 0x0040, 0xd4: 0x0040, 0xd5: 0x0040, 0xd6: 0x0040, 0xd7: 0x0040,
-	0xd8: 0x0040, 0xd9: 0x0040, 0xda: 0x0040, 0xdb: 0x0040, 0xdc: 0x0040, 0xdd: 0x0040,
-	0xde: 0x0040, 0xdf: 0x0040, 0xe0: 0x000a, 0xe1: 0x0018, 0xe2: 0x0018, 0xe3: 0x0018,
-	0xe4: 0x0018, 0xe5: 0x0018, 0xe6: 0x0018, 0xe7: 0x0018, 0xe8: 0x001a, 0xe9: 0x0018,
-	0xea: 0x0039, 0xeb: 0x0018, 0xec: 0x0018, 0xed: 0x03c0, 0xee: 0x0018, 0xef: 0x004a,
-	0xf0: 0x0018, 0xf1: 0x0018, 0xf2: 0x0069, 0xf3: 0x0079, 0xf4: 0x008a, 0xf5: 0x0005,
-	0xf6: 0x0018, 0xf7: 0x0008, 0xf8: 0x00aa, 0xf9: 0x00c9, 0xfa: 0x00d9, 0xfb: 0x0018,
-	0xfc: 0x00e9, 0xfd: 0x0119, 0xfe: 0x0149, 0xff: 0x0018,
-	// Block 0x4, offset 0x100
-	0x100: 0xe00d, 0x101: 0x0008, 0x102: 0xe00d, 0x103: 0x0008, 0x104: 0xe00d, 0x105: 0x0008,
-	0x106: 0xe00d, 0x107: 0x0008, 0x108: 0xe00d, 0x109: 0x0008, 0x10a: 0xe00d, 0x10b: 0x0008,
-	0x10c: 0xe00d, 0x10d: 0x0008, 0x10e: 0xe00d, 0x10f: 0x0008, 0x110: 0xe00d, 0x111: 0x0008,
-	0x112: 0xe00d, 0x113: 0x0008, 0x114: 0xe00d, 0x115: 0x0008, 0x116: 0xe00d, 0x117: 0x0008,
-	0x118: 0xe00d, 0x119: 0x0008, 0x11a: 0xe00d, 0x11b: 0x0008, 0x11c: 0xe00d, 0x11d: 0x0008,
-	0x11e: 0xe00d, 0x11f: 0x0008, 0x120: 0xe00d, 0x121: 0x0008, 0x122: 0xe00d, 0x123: 0x0008,
-	0x124: 0xe00d, 0x125: 0x0008, 0x126: 0xe00d, 0x127: 0x0008, 0x128: 0xe00d, 0x129: 0x0008,
-	0x12a: 0xe00d, 0x12b: 0x0008, 0x12c: 0xe00d, 0x12d: 0x0008, 0x12e: 0xe00d, 0x12f: 0x0008,
-	0x130: 0x0179, 0x131: 0x0008, 0x132: 0x0035, 0x133: 0x004d, 0x134: 0xe00d, 0x135: 0x0008,
-	0x136: 0xe00d, 0x137: 0x0008, 0x138: 0x0008, 0x139: 0xe01d, 0x13a: 0x0008, 0x13b: 0xe03d,
-	0x13c: 0x0008, 0x13d: 0xe01d, 0x13e: 0x0008, 0x13f: 0x0199,
-	// Block 0x5, offset 0x140
-	0x140: 0x0199, 0x141: 0xe01d, 0x142: 0x0008, 0x143: 0xe03d, 0x144: 0x0008, 0x145: 0xe01d,
-	0x146: 0x0008, 0x147: 0xe07d, 0x148: 0x0008, 0x149: 0x01b9, 0x14a: 0xe00d, 0x14b: 0x0008,
-	0x14c: 0xe00d, 0x14d: 0x0008, 0x14e: 0xe00d, 0x14f: 0x0008, 0x150: 0xe00d, 0x151: 0x0008,
-	0x152: 0xe00d, 0x153: 0x0008, 0x154: 0xe00d, 0x155: 0x0008, 0x156: 0xe00d, 0x157: 0x0008,
-	0x158: 0xe00d, 0x159: 0x0008, 0x15a: 0xe00d, 0x15b: 0x0008, 0x15c: 0xe00d, 0x15d: 0x0008,
-	0x15e: 0xe00d, 0x15f: 0x0008, 0x160: 0xe00d, 0x161: 0x0008, 0x162: 0xe00d, 0x163: 0x0008,
-	0x164: 0xe00d, 0x165: 0x0008, 0x166: 0xe00d, 0x167: 0x0008, 0x168: 0xe00d, 0x169: 0x0008,
-	0x16a: 0xe00d, 0x16b: 0x0008, 0x16c: 0xe00d, 0x16d: 0x0008, 0x16e: 0xe00d, 0x16f: 0x0008,
-	0x170: 0xe00d, 0x171: 0x0008, 0x172: 0xe00d, 0x173: 0x0008, 0x174: 0xe00d, 0x175: 0x0008,
-	0x176: 0xe00d, 0x177: 0x0008, 0x178: 0x0065, 0x179: 0xe01d, 0x17a: 0x0008, 0x17b: 0xe03d,
-	0x17c: 0x0008, 0x17d: 0xe01d, 0x17e: 0x0008, 0x17f: 0x01d9,
-	// Block 0x6, offset 0x180
-	0x180: 0x0008, 0x181: 0x007d, 0x182: 0xe00d, 0x183: 0x0008, 0x184: 0xe00d, 0x185: 0x0008,
-	0x186: 0x007d, 0x187: 0xe07d, 0x188: 0x0008, 0x189: 0x0095, 0x18a: 0x00ad, 0x18b: 0xe03d,
-	0x18c: 0x0008, 0x18d: 0x0008, 0x18e: 0x00c5, 0x18f: 0x00dd, 0x190: 0x00f5, 0x191: 0xe01d,
-	0x192: 0x0008, 0x193: 0x010d, 0x194: 0x0125, 0x195: 0x0008, 0x196: 0x013d, 0x197: 0x013d,
-	0x198: 0xe00d, 0x199: 0x0008, 0x19a: 0x0008, 0x19b: 0x0008, 0x19c: 0x010d, 0x19d: 0x0155,
-	0x19e: 0x0008, 0x19f: 0x016d, 0x1a0: 0xe00d, 0x1a1: 0x0008, 0x1a2: 0xe00d, 0x1a3: 0x0008,
-	0x1a4: 0xe00d, 0x1a5: 0x0008, 0x1a6: 0x0185, 0x1a7: 0xe07d, 0x1a8: 0x0008, 0x1a9: 0x019d,
-	0x1aa: 0x0008, 0x1ab: 0x0008, 0x1ac: 0xe00d, 0x1ad: 0x0008, 0x1ae: 0x0185, 0x1af: 0xe0fd,
-	0x1b0: 0x0008, 0x1b1: 0x01b5, 0x1b2: 0x01cd, 0x1b3: 0xe03d, 0x1b4: 0x0008, 0x1b5: 0xe01d,
-	0x1b6: 0x0008, 0x1b7: 0x01e5, 0x1b8: 0xe00d, 0x1b9: 0x0008, 0x1ba: 0x0008, 0x1bb: 0x0008,
-	0x1bc: 0xe00d, 0x1bd: 0x0008, 0x1be: 0x0008, 0x1bf: 0x0008,
-	// Block 0x7, offset 0x1c0
-	0x1c0: 0x0008, 0x1c1: 0x0008, 0x1c2: 0x0008, 0x1c3: 0x0008, 0x1c4: 0x01e9, 0x1c5: 0x01e9,
-	0x1c6: 0x01e9, 0x1c7: 0x01fd, 0x1c8: 0x0215, 0x1c9: 0x022d, 0x1ca: 0x0245, 0x1cb: 0x025d,
-	0x1cc: 0x0275, 0x1cd: 0xe01d, 0x1ce: 0x0008, 0x1cf: 0xe0fd, 0x1d0: 0x0008, 0x1d1: 0xe01d,
-	0x1d2: 0x0008, 0x1d3: 0xe03d, 0x1d4: 0x0008, 0x1d5: 0xe01d, 0x1d6: 0x0008, 0x1d7: 0xe07d,
-	0x1d8: 0x0008, 0x1d9: 0xe01d, 0x1da: 0x0008, 0x1db: 0xe03d, 0x1dc: 0x0008, 0x1dd: 0x0008,
-	0x1de: 0xe00d, 0x1df: 0x0008, 0x1e0: 0xe00d, 0x1e1: 0x0008, 0x1e2: 0xe00d, 0x1e3: 0x0008,
-	0x1e4: 0xe00d, 0x1e5: 0x0008, 0x1e6: 0xe00d, 0x1e7: 0x0008, 0x1e8: 0xe00d, 0x1e9: 0x0008,
-	0x1ea: 0xe00d, 0x1eb: 0x0008, 0x1ec: 0xe00d, 0x1ed: 0x0008, 0x1ee: 0xe00d, 0x1ef: 0x0008,
-	0x1f0: 0x0008, 0x1f1: 0x028d, 0x1f2: 0x02a5, 0x1f3: 0x02bd, 0x1f4: 0xe00d, 0x1f5: 0x0008,
-	0x1f6: 0x02d5, 0x1f7: 0x02ed, 0x1f8: 0xe00d, 0x1f9: 0x0008, 0x1fa: 0xe00d, 0x1fb: 0x0008,
-	0x1fc: 0xe00d, 0x1fd: 0x0008, 0x1fe: 0xe00d, 0x1ff: 0x0008,
-	// Block 0x8, offset 0x200
-	0x200: 0xe00d, 0x201: 0x0008, 0x202: 0xe00d, 0x203: 0x0008, 0x204: 0xe00d, 0x205: 0x0008,
-	0x206: 0xe00d, 0x207: 0x0008, 0x208: 0xe00d, 0x209: 0x0008, 0x20a: 0xe00d, 0x20b: 0x0008,
-	0x20c: 0xe00d, 0x20d: 0x0008, 0x20e: 0xe00d, 0x20f: 0x0008, 0x210: 0xe00d, 0x211: 0x0008,
-	0x212: 0xe00d, 0x213: 0x0008, 0x214: 0xe00d, 0x215: 0x0008, 0x216: 0xe00d, 0x217: 0x0008,
-	0x218: 0xe00d, 0x219: 0x0008, 0x21a: 0xe00d, 0x21b: 0x0008, 0x21c: 0xe00d, 0x21d: 0x0008,
-	0x21e: 0xe00d, 0x21f: 0x0008, 0x220: 0x0305, 0x221: 0x0008, 0x222: 0xe00d, 0x223: 0x0008,
-	0x224: 0xe00d, 0x225: 0x0008, 0x226: 0xe00d, 0x227: 0x0008, 0x228: 0xe00d, 0x229: 0x0008,
-	0x22a: 0xe00d, 0x22b: 0x0008, 0x22c: 0xe00d, 0x22d: 0x0008, 0x22e: 0xe00d, 0x22f: 0x0008,
-	0x230: 0xe00d, 0x231: 0x0008, 0x232: 0xe00d, 0x233: 0x0008, 0x234: 0x0008, 0x235: 0x0008,
-	0x236: 0x0008, 0x237: 0x0008, 0x238: 0x0008, 0x239: 0x0008, 0x23a: 0x0209, 0x23b: 0xe03d,
-	0x23c: 0x0008, 0x23d: 0x031d, 0x23e: 0x0229, 0x23f: 0x0008,
-	// Block 0x9, offset 0x240
-	0x240: 0x0008, 0x241: 0x0008, 0x242: 0x0018, 0x243: 0x0018, 0x244: 0x0018, 0x245: 0x0018,
-	0x246: 0x0008, 0x247: 0x0008, 0x248: 0x0008, 0x249: 0x0008, 0x24a: 0x0008, 0x24b: 0x0008,
-	0x24c: 0x0008, 0x24d: 0x0008, 0x24e: 0x0008, 0x24f: 0x0008, 0x250: 0x0008, 0x251: 0x0008,
-	0x252: 0x0018, 0x253: 0x0018, 0x254: 0x0018, 0x255: 0x0018, 0x256: 0x0018, 0x257: 0x0018,
-	0x258: 0x029a, 0x259: 0x02ba, 0x25a: 0x02da, 0x25b: 0x02fa, 0x25c: 0x031a, 0x25d: 0x033a,
-	0x25e: 0x0018, 0x25f: 0x0018, 0x260: 0x03ad, 0x261: 0x0359, 0x262: 0x01d9, 0x263: 0x0369,
-	0x264: 0x03c5, 0x265: 0x0018, 0x266: 0x0018, 0x267: 0x0018, 0x268: 0x0018, 0x269: 0x0018,
-	0x26a: 0x0018, 0x26b: 0x0018, 0x26c: 0x0008, 0x26d: 0x0018, 0x26e: 0x0008, 0x26f: 0x0018,
-	0x270: 0x0018, 0x271: 0x0018, 0x272: 0x0018, 0x273: 0x0018, 0x274: 0x0018, 0x275: 0x0018,
-	0x276: 0x0018, 0x277: 0x0018, 0x278: 0x0018, 0x279: 0x0018, 0x27a: 0x0018, 0x27b: 0x0018,
-	0x27c: 0x0018, 0x27d: 0x0018, 0x27e: 0x0018, 0x27f: 0x0018,
-	// Block 0xa, offset 0x280
-	0x280: 0x03dd, 0x281: 0x03dd, 0x282: 0x3308, 0x283: 0x03f5, 0x284: 0x0379, 0x285: 0x040d,
-	0x286: 0x3308, 0x287: 0x3308, 0x288: 0x3308, 0x289: 0x3308, 0x28a: 0x3308, 0x28b: 0x3308,
-	0x28c: 0x3308, 0x28d: 0x3308, 0x28e: 0x3308, 0x28f: 0x33c0, 0x290: 0x3308, 0x291: 0x3308,
-	0x292: 0x3308, 0x293: 0x3308, 0x294: 0x3308, 0x295: 0x3308, 0x296: 0x3308, 0x297: 0x3308,
-	0x298: 0x3308, 0x299: 0x3308, 0x29a: 0x3308, 0x29b: 0x3308, 0x29c: 0x3308, 0x29d: 0x3308,
-	0x29e: 0x3308, 0x29f: 0x3308, 0x2a0: 0x3308, 0x2a1: 0x3308, 0x2a2: 0x3308, 0x2a3: 0x3308,
-	0x2a4: 0x3308, 0x2a5: 0x3308, 0x2a6: 0x3308, 0x2a7: 0x3308, 0x2a8: 0x3308, 0x2a9: 0x3308,
-	0x2aa: 0x3308, 0x2ab: 0x3308, 0x2ac: 0x3308, 0x2ad: 0x3308, 0x2ae: 0x3308, 0x2af: 0x3308,
-	0x2b0: 0xe00d, 0x2b1: 0x0008, 0x2b2: 0xe00d, 0x2b3: 0x0008, 0x2b4: 0x0425, 0x2b5: 0x0008,
-	0x2b6: 0xe00d, 0x2b7: 0x0008, 0x2b8: 0x0040, 0x2b9: 0x0040, 0x2ba: 0x03a2, 0x2bb: 0x0008,
-	0x2bc: 0x0008, 0x2bd: 0x0008, 0x2be: 0x03c2, 0x2bf: 0x043d,
-	// Block 0xb, offset 0x2c0
-	0x2c0: 0x0040, 0x2c1: 0x0040, 0x2c2: 0x0040, 0x2c3: 0x0040, 0x2c4: 0x008a, 0x2c5: 0x03d2,
-	0x2c6: 0xe155, 0x2c7: 0x0455, 0x2c8: 0xe12d, 0x2c9: 0xe13d, 0x2ca: 0xe12d, 0x2cb: 0x0040,
-	0x2cc: 0x03dd, 0x2cd: 0x0040, 0x2ce: 0x046d, 0x2cf: 0x0485, 0x2d0: 0x0008, 0x2d1: 0xe105,
-	0x2d2: 0xe105, 0x2d3: 0xe105, 0x2d4: 0xe105, 0x2d5: 0xe105, 0x2d6: 0xe105, 0x2d7: 0xe105,
-	0x2d8: 0xe105, 0x2d9: 0xe105, 0x2da: 0xe105, 0x2db: 0xe105, 0x2dc: 0xe105, 0x2dd: 0xe105,
-	0x2de: 0xe105, 0x2df: 0xe105, 0x2e0: 0x049d, 0x2e1: 0x049d, 0x2e2: 0x0040, 0x2e3: 0x049d,
-	0x2e4: 0x049d, 0x2e5: 0x049d, 0x2e6: 0x049d, 0x2e7: 0x049d, 0x2e8: 0x049d, 0x2e9: 0x049d,
-	0x2ea: 0x049d, 0x2eb: 0x049d, 0x2ec: 0x0008, 0x2ed: 0x0008, 0x2ee: 0x0008, 0x2ef: 0x0008,
-	0x2f0: 0x0008, 0x2f1: 0x0008, 0x2f2: 0x0008, 0x2f3: 0x0008, 0x2f4: 0x0008, 0x2f5: 0x0008,
-	0x2f6: 0x0008, 0x2f7: 0x0008, 0x2f8: 0x0008, 0x2f9: 0x0008, 0x2fa: 0x0008, 0x2fb: 0x0008,
-	0x2fc: 0x0008, 0x2fd: 0x0008, 0x2fe: 0x0008, 0x2ff: 0x0008,
-	// Block 0xc, offset 0x300
-	0x300: 0x0008, 0x301: 0x0008, 0x302: 0xe00f, 0x303: 0x0008, 0x304: 0x0008, 0x305: 0x0008,
-	0x306: 0x0008, 0x307: 0x0008, 0x308: 0x0008, 0x309: 0x0008, 0x30a: 0x0008, 0x30b: 0x0008,
-	0x30c: 0x0008, 0x30d: 0x0008, 0x30e: 0x0008, 0x30f: 0xe0c5, 0x310: 0x04b5, 0x311: 0x04cd,
-	0x312: 0xe0bd, 0x313: 0xe0f5, 0x314: 0xe0fd, 0x315: 0xe09d, 0x316: 0xe0b5, 0x317: 0x0008,
-	0x318: 0xe00d, 0x319: 0x0008, 0x31a: 0xe00d, 0x31b: 0x0008, 0x31c: 0xe00d, 0x31d: 0x0008,
-	0x31e: 0xe00d, 0x31f: 0x0008, 0x320: 0xe00d, 0x321: 0x0008, 0x322: 0xe00d, 0x323: 0x0008,
-	0x324: 0xe00d, 0x325: 0x0008, 0x326: 0xe00d, 0x327: 0x0008, 0x328: 0xe00d, 0x329: 0x0008,
-	0x32a: 0xe00d, 0x32b: 0x0008, 0x32c: 0xe00d, 0x32d: 0x0008, 0x32e: 0xe00d, 0x32f: 0x0008,
-	0x330: 0x04e5, 0x331: 0xe185, 0x332: 0xe18d, 0x333: 0x0008, 0x334: 0x04fd, 0x335: 0x03dd,
-	0x336: 0x0018, 0x337: 0xe07d, 0x338: 0x0008, 0x339: 0xe1d5, 0x33a: 0xe00d, 0x33b: 0x0008,
-	0x33c: 0x0008, 0x33d: 0x0515, 0x33e: 0x052d, 0x33f: 0x052d,
-	// Block 0xd, offset 0x340
-	0x340: 0x0008, 0x341: 0x0008, 0x342: 0x0008, 0x343: 0x0008, 0x344: 0x0008, 0x345: 0x0008,
-	0x346: 0x0008, 0x347: 0x0008, 0x348: 0x0008, 0x349: 0x0008, 0x34a: 0x0008, 0x34b: 0x0008,
-	0x34c: 0x0008, 0x34d: 0x0008, 0x34e: 0x0008, 0x34f: 0x0008, 0x350: 0x0008, 0x351: 0x0008,
-	0x352: 0x0008, 0x353: 0x0008, 0x354: 0x0008, 0x355: 0x0008, 0x356: 0x0008, 0x357: 0x0008,
-	0x358: 0x0008, 0x359: 0x0008, 0x35a: 0x0008, 0x35b: 0x0008, 0x35c: 0x0008, 0x35d: 0x0008,
-	0x35e: 0x0008, 0x35f: 0x0008, 0x360: 0xe00d, 0x361: 0x0008, 0x362: 0xe00d, 0x363: 0x0008,
-	0x364: 0xe00d, 0x365: 0x0008, 0x366: 0xe00d, 0x367: 0x0008, 0x368: 0xe00d, 0x369: 0x0008,
-	0x36a: 0xe00d, 0x36b: 0x0008, 0x36c: 0xe00d, 0x36d: 0x0008, 0x36e: 0xe00d, 0x36f: 0x0008,
-	0x370: 0xe00d, 0x371: 0x0008, 0x372: 0xe00d, 0x373: 0x0008, 0x374: 0xe00d, 0x375: 0x0008,
-	0x376: 0xe00d, 0x377: 0x0008, 0x378: 0xe00d, 0x379: 0x0008, 0x37a: 0xe00d, 0x37b: 0x0008,
-	0x37c: 0xe00d, 0x37d: 0x0008, 0x37e: 0xe00d, 0x37f: 0x0008,
-	// Block 0xe, offset 0x380
-	0x380: 0xe00d, 0x381: 0x0008, 0x382: 0x0018, 0x383: 0x3308, 0x384: 0x3308, 0x385: 0x3308,
-	0x386: 0x3308, 0x387: 0x3308, 0x388: 0x3318, 0x389: 0x3318, 0x38a: 0xe00d, 0x38b: 0x0008,
-	0x38c: 0xe00d, 0x38d: 0x0008, 0x38e: 0xe00d, 0x38f: 0x0008, 0x390: 0xe00d, 0x391: 0x0008,
-	0x392: 0xe00d, 0x393: 0x0008, 0x394: 0xe00d, 0x395: 0x0008, 0x396: 0xe00d, 0x397: 0x0008,
-	0x398: 0xe00d, 0x399: 0x0008, 0x39a: 0xe00d, 0x39b: 0x0008, 0x39c: 0xe00d, 0x39d: 0x0008,
-	0x39e: 0xe00d, 0x39f: 0x0008, 0x3a0: 0xe00d, 0x3a1: 0x0008, 0x3a2: 0xe00d, 0x3a3: 0x0008,
-	0x3a4: 0xe00d, 0x3a5: 0x0008, 0x3a6: 0xe00d, 0x3a7: 0x0008, 0x3a8: 0xe00d, 0x3a9: 0x0008,
-	0x3aa: 0xe00d, 0x3ab: 0x0008, 0x3ac: 0xe00d, 0x3ad: 0x0008, 0x3ae: 0xe00d, 0x3af: 0x0008,
-	0x3b0: 0xe00d, 0x3b1: 0x0008, 0x3b2: 0xe00d, 0x3b3: 0x0008, 0x3b4: 0xe00d, 0x3b5: 0x0008,
-	0x3b6: 0xe00d, 0x3b7: 0x0008, 0x3b8: 0xe00d, 0x3b9: 0x0008, 0x3ba: 0xe00d, 0x3bb: 0x0008,
-	0x3bc: 0xe00d, 0x3bd: 0x0008, 0x3be: 0xe00d, 0x3bf: 0x0008,
-	// Block 0xf, offset 0x3c0
-	0x3c0: 0x0040, 0x3c1: 0xe01d, 0x3c2: 0x0008, 0x3c3: 0xe03d, 0x3c4: 0x0008, 0x3c5: 0xe01d,
-	0x3c6: 0x0008, 0x3c7: 0xe07d, 0x3c8: 0x0008, 0x3c9: 0xe01d, 0x3ca: 0x0008, 0x3cb: 0xe03d,
-	0x3cc: 0x0008, 0x3cd: 0xe01d, 0x3ce: 0x0008, 0x3cf: 0x0008, 0x3d0: 0xe00d, 0x3d1: 0x0008,
-	0x3d2: 0xe00d, 0x3d3: 0x0008, 0x3d4: 0xe00d, 0x3d5: 0x0008, 0x3d6: 0xe00d, 0x3d7: 0x0008,
-	0x3d8: 0xe00d, 0x3d9: 0x0008, 0x3da: 0xe00d, 0x3db: 0x0008, 0x3dc: 0xe00d, 0x3dd: 0x0008,
-	0x3de: 0xe00d, 0x3df: 0x0008, 0x3e0: 0xe00d, 0x3e1: 0x0008, 0x3e2: 0xe00d, 0x3e3: 0x0008,
-	0x3e4: 0xe00d, 0x3e5: 0x0008, 0x3e6: 0xe00d, 0x3e7: 0x0008, 0x3e8: 0xe00d, 0x3e9: 0x0008,
-	0x3ea: 0xe00d, 0x3eb: 0x0008, 0x3ec: 0xe00d, 0x3ed: 0x0008, 0x3ee: 0xe00d, 0x3ef: 0x0008,
-	0x3f0: 0xe00d, 0x3f1: 0x0008, 0x3f2: 0xe00d, 0x3f3: 0x0008, 0x3f4: 0xe00d, 0x3f5: 0x0008,
-	0x3f6: 0xe00d, 0x3f7: 0x0008, 0x3f8: 0xe00d, 0x3f9: 0x0008, 0x3fa: 0xe00d, 0x3fb: 0x0008,
-	0x3fc: 0xe00d, 0x3fd: 0x0008, 0x3fe: 0xe00d, 0x3ff: 0x0008,
-	// Block 0x10, offset 0x400
-	0x400: 0xe00d, 0x401: 0x0008, 0x402: 0xe00d, 0x403: 0x0008, 0x404: 0xe00d, 0x405: 0x0008,
-	0x406: 0xe00d, 0x407: 0x0008, 0x408: 0xe00d, 0x409: 0x0008, 0x40a: 0xe00d, 0x40b: 0x0008,
-	0x40c: 0xe00d, 0x40d: 0x0008, 0x40e: 0xe00d, 0x40f: 0x0008, 0x410: 0xe00d, 0x411: 0x0008,
-	0x412: 0xe00d, 0x413: 0x0008, 0x414: 0xe00d, 0x415: 0x0008, 0x416: 0xe00d, 0x417: 0x0008,
-	0x418: 0xe00d, 0x419: 0x0008, 0x41a: 0xe00d, 0x41b: 0x0008, 0x41c: 0xe00d, 0x41d: 0x0008,
-	0x41e: 0xe00d, 0x41f: 0x0008, 0x420: 0xe00d, 0x421: 0x0008, 0x422: 0xe00d, 0x423: 0x0008,
-	0x424: 0xe00d, 0x425: 0x0008, 0x426: 0xe00d, 0x427: 0x0008, 0x428: 0xe00d, 0x429: 0x0008,
-	0x42a: 0xe00d, 0x42b: 0x0008, 0x42c: 0xe00d, 0x42d: 0x0008, 0x42e: 0xe00d, 0x42f: 0x0008,
-	0x430: 0x0040, 0x431: 0x03f5, 0x432: 0x03f5, 0x433: 0x03f5, 0x434: 0x03f5, 0x435: 0x03f5,
-	0x436: 0x03f5, 0x437: 0x03f5, 0x438: 0x03f5, 0x439: 0x03f5, 0x43a: 0x03f5, 0x43b: 0x03f5,
-	0x43c: 0x03f5, 0x43d: 0x03f5, 0x43e: 0x03f5, 0x43f: 0x03f5,
-	// Block 0x11, offset 0x440
-	0x440: 0x0840, 0x441: 0x0840, 0x442: 0x0840, 0x443: 0x0840, 0x444: 0x0840, 0x445: 0x0840,
-	0x446: 0x0018, 0x447: 0x0018, 0x448: 0x0818, 0x449: 0x0018, 0x44a: 0x0018, 0x44b: 0x0818,
-	0x44c: 0x0018, 0x44d: 0x0818, 0x44e: 0x0018, 0x44f: 0x0018, 0x450: 0x3308, 0x451: 0x3308,
-	0x452: 0x3308, 0x453: 0x3308, 0x454: 0x3308, 0x455: 0x3308, 0x456: 0x3308, 0x457: 0x3308,
-	0x458: 0x3308, 0x459: 0x3308, 0x45a: 0x3308, 0x45b: 0x0818, 0x45c: 0x0b40, 0x45d: 0x0040,
-	0x45e: 0x0818, 0x45f: 0x0818, 0x460: 0x0a08, 0x461: 0x0808, 0x462: 0x0c08, 0x463: 0x0c08,
-	0x464: 0x0c08, 0x465: 0x0c08, 0x466: 0x0a08, 0x467: 0x0c08, 0x468: 0x0a08, 0x469: 0x0c08,
-	0x46a: 0x0a08, 0x46b: 0x0a08, 0x46c: 0x0a08, 0x46d: 0x0a08, 0x46e: 0x0a08, 0x46f: 0x0c08,
-	0x470: 0x0c08, 0x471: 0x0c08, 0x472: 0x0c08, 0x473: 0x0a08, 0x474: 0x0a08, 0x475: 0x0a08,
-	0x476: 0x0a08, 0x477: 0x0a08, 0x478: 0x0a08, 0x479: 0x0a08, 0x47a: 0x0a08, 0x47b: 0x0a08,
-	0x47c: 0x0a08, 0x47d: 0x0a08, 0x47e: 0x0a08, 0x47f: 0x0a08,
-	// Block 0x12, offset 0x480
-	0x480: 0x0818, 0x481: 0x0a08, 0x482: 0x0a08, 0x483: 0x0a08, 0x484: 0x0a08, 0x485: 0x0a08,
-	0x486: 0x0a08, 0x487: 0x0a08, 0x488: 0x0c08, 0x489: 0x0a08, 0x48a: 0x0a08, 0x48b: 0x3308,
-	0x48c: 0x3308, 0x48d: 0x3308, 0x48e: 0x3308, 0x48f: 0x3308, 0x490: 0x3308, 0x491: 0x3308,
-	0x492: 0x3308, 0x493: 0x3308, 0x494: 0x3308, 0x495: 0x3308, 0x496: 0x3308, 0x497: 0x3308,
-	0x498: 0x3308, 0x499: 0x3308, 0x49a: 0x3308, 0x49b: 0x3308, 0x49c: 0x3308, 0x49d: 0x3308,
-	0x49e: 0x3308, 0x49f: 0x3308, 0x4a0: 0x0808, 0x4a1: 0x0808, 0x4a2: 0x0808, 0x4a3: 0x0808,
-	0x4a4: 0x0808, 0x4a5: 0x0808, 0x4a6: 0x0808, 0x4a7: 0x0808, 0x4a8: 0x0808, 0x4a9: 0x0808,
-	0x4aa: 0x0018, 0x4ab: 0x0818, 0x4ac: 0x0818, 0x4ad: 0x0818, 0x4ae: 0x0a08, 0x4af: 0x0a08,
-	0x4b0: 0x3308, 0x4b1: 0x0c08, 0x4b2: 0x0c08, 0x4b3: 0x0c08, 0x4b4: 0x0808, 0x4b5: 0x0429,
-	0x4b6: 0x0451, 0x4b7: 0x0479, 0x4b8: 0x04a1, 0x4b9: 0x0a08, 0x4ba: 0x0a08, 0x4bb: 0x0a08,
-	0x4bc: 0x0a08, 0x4bd: 0x0a08, 0x4be: 0x0a08, 0x4bf: 0x0a08,
-	// Block 0x13, offset 0x4c0
-	0x4c0: 0x0c08, 0x4c1: 0x0a08, 0x4c2: 0x0a08, 0x4c3: 0x0c08, 0x4c4: 0x0c08, 0x4c5: 0x0c08,
-	0x4c6: 0x0c08, 0x4c7: 0x0c08, 0x4c8: 0x0c08, 0x4c9: 0x0c08, 0x4ca: 0x0c08, 0x4cb: 0x0c08,
-	0x4cc: 0x0a08, 0x4cd: 0x0c08, 0x4ce: 0x0a08, 0x4cf: 0x0c08, 0x4d0: 0x0a08, 0x4d1: 0x0a08,
-	0x4d2: 0x0c08, 0x4d3: 0x0c08, 0x4d4: 0x0818, 0x4d5: 0x0c08, 0x4d6: 0x3308, 0x4d7: 0x3308,
-	0x4d8: 0x3308, 0x4d9: 0x3308, 0x4da: 0x3308, 0x4db: 0x3308, 0x4dc: 0x3308, 0x4dd: 0x0840,
-	0x4de: 0x0018, 0x4df: 0x3308, 0x4e0: 0x3308, 0x4e1: 0x3308, 0x4e2: 0x3308, 0x4e3: 0x3308,
-	0x4e4: 0x3308, 0x4e5: 0x0808, 0x4e6: 0x0808, 0x4e7: 0x3308, 0x4e8: 0x3308, 0x4e9: 0x0018,
-	0x4ea: 0x3308, 0x4eb: 0x3308, 0x4ec: 0x3308, 0x4ed: 0x3308, 0x4ee: 0x0c08, 0x4ef: 0x0c08,
-	0x4f0: 0x0008, 0x4f1: 0x0008, 0x4f2: 0x0008, 0x4f3: 0x0008, 0x4f4: 0x0008, 0x4f5: 0x0008,
-	0x4f6: 0x0008, 0x4f7: 0x0008, 0x4f8: 0x0008, 0x4f9: 0x0008, 0x4fa: 0x0a08, 0x4fb: 0x0a08,
-	0x4fc: 0x0a08, 0x4fd: 0x0808, 0x4fe: 0x0808, 0x4ff: 0x0a08,
-	// Block 0x14, offset 0x500
-	0x500: 0x0818, 0x501: 0x0818, 0x502: 0x0818, 0x503: 0x0818, 0x504: 0x0818, 0x505: 0x0818,
-	0x506: 0x0818, 0x507: 0x0818, 0x508: 0x0818, 0x509: 0x0818, 0x50a: 0x0818, 0x50b: 0x0818,
-	0x50c: 0x0818, 0x50d: 0x0818, 0x50e: 0x0040, 0x50f: 0x0b40, 0x510: 0x0c08, 0x511: 0x3308,
-	0x512: 0x0a08, 0x513: 0x0a08, 0x514: 0x0a08, 0x515: 0x0c08, 0x516: 0x0c08, 0x517: 0x0c08,
-	0x518: 0x0c08, 0x519: 0x0c08, 0x51a: 0x0a08, 0x51b: 0x0a08, 0x51c: 0x0a08, 0x51d: 0x0a08,
-	0x51e: 0x0c08, 0x51f: 0x0a08, 0x520: 0x0a08, 0x521: 0x0a08, 0x522: 0x0a08, 0x523: 0x0a08,
-	0x524: 0x0a08, 0x525: 0x0a08, 0x526: 0x0a08, 0x527: 0x0a08, 0x528: 0x0c08, 0x529: 0x0a08,
-	0x52a: 0x0c08, 0x52b: 0x0a08, 0x52c: 0x0c08, 0x52d: 0x0a08, 0x52e: 0x0a08, 0x52f: 0x0c08,
-	0x530: 0x3308, 0x531: 0x3308, 0x532: 0x3308, 0x533: 0x3308, 0x534: 0x3308, 0x535: 0x3308,
-	0x536: 0x3308, 0x537: 0x3308, 0x538: 0x3308, 0x539: 0x3308, 0x53a: 0x3308, 0x53b: 0x3308,
-	0x53c: 0x3308, 0x53d: 0x3308, 0x53e: 0x3308, 0x53f: 0x3308,
-	// Block 0x15, offset 0x540
-	0x540: 0x0c08, 0x541: 0x0a08, 0x542: 0x0a08, 0x543: 0x0a08, 0x544: 0x0a08, 0x545: 0x0a08,
-	0x546: 0x0c08, 0x547: 0x0c08, 0x548: 0x0a08, 0x549: 0x0c08, 0x54a: 0x0a08, 0x54b: 0x0a08,
-	0x54c: 0x0a08, 0x54d: 0x0a08, 0x54e: 0x0a08, 0x54f: 0x0a08, 0x550: 0x0a08, 0x551: 0x0a08,
-	0x552: 0x0a08, 0x553: 0x0a08, 0x554: 0x0c08, 0x555: 0x0a08, 0x556: 0x0808, 0x557: 0x0808,
-	0x558: 0x0808, 0x559: 0x3308, 0x55a: 0x3308, 0x55b: 0x3308, 0x55c: 0x0040, 0x55d: 0x0040,
-	0x55e: 0x0818, 0x55f: 0x0040, 0x560: 0x0a08, 0x561: 0x0808, 0x562: 0x0a08, 0x563: 0x0a08,
-	0x564: 0x0a08, 0x565: 0x0a08, 0x566: 0x0808, 0x567: 0x0c08, 0x568: 0x0a08, 0x569: 0x0c08,
-	0x56a: 0x0c08, 0x56b: 0x0040, 0x56c: 0x0040, 0x56d: 0x0040, 0x56e: 0x0040, 0x56f: 0x0040,
-	0x570: 0x0040, 0x571: 0x0040, 0x572: 0x0040, 0x573: 0x0040, 0x574: 0x0040, 0x575: 0x0040,
-	0x576: 0x0040, 0x577: 0x0040, 0x578: 0x0040, 0x579: 0x0040, 0x57a: 0x0040, 0x57b: 0x0040,
-	0x57c: 0x0040, 0x57d: 0x0040, 0x57e: 0x0040, 0x57f: 0x0040,
-	// Block 0x16, offset 0x580
-	0x580: 0x3008, 0x581: 0x3308, 0x582: 0x3308, 0x583: 0x3308, 0x584: 0x3308, 0x585: 0x3308,
-	0x586: 0x3308, 0x587: 0x3308, 0x588: 0x3308, 0x589: 0x3008, 0x58a: 0x3008, 0x58b: 0x3008,
-	0x58c: 0x3008, 0x58d: 0x3b08, 0x58e: 0x3008, 0x58f: 0x3008, 0x590: 0x0008, 0x591: 0x3308,
-	0x592: 0x3308, 0x593: 0x3308, 0x594: 0x3308, 0x595: 0x3308, 0x596: 0x3308, 0x597: 0x3308,
-	0x598: 0x04c9, 0x599: 0x0501, 0x59a: 0x0539, 0x59b: 0x0571, 0x59c: 0x05a9, 0x59d: 0x05e1,
-	0x59e: 0x0619, 0x59f: 0x0651, 0x5a0: 0x0008, 0x5a1: 0x0008, 0x5a2: 0x3308, 0x5a3: 0x3308,
-	0x5a4: 0x0018, 0x5a5: 0x0018, 0x5a6: 0x0008, 0x5a7: 0x0008, 0x5a8: 0x0008, 0x5a9: 0x0008,
-	0x5aa: 0x0008, 0x5ab: 0x0008, 0x5ac: 0x0008, 0x5ad: 0x0008, 0x5ae: 0x0008, 0x5af: 0x0008,
-	0x5b0: 0x0018, 0x5b1: 0x0008, 0x5b2: 0x0008, 0x5b3: 0x0008, 0x5b4: 0x0008, 0x5b5: 0x0008,
-	0x5b6: 0x0008, 0x5b7: 0x0008, 0x5b8: 0x0008, 0x5b9: 0x0008, 0x5ba: 0x0008, 0x5bb: 0x0008,
-	0x5bc: 0x0008, 0x5bd: 0x0008, 0x5be: 0x0008, 0x5bf: 0x0008,
-	// Block 0x17, offset 0x5c0
-	0x5c0: 0x0008, 0x5c1: 0x3308, 0x5c2: 0x3008, 0x5c3: 0x3008, 0x5c4: 0x0040, 0x5c5: 0x0008,
-	0x5c6: 0x0008, 0x5c7: 0x0008, 0x5c8: 0x0008, 0x5c9: 0x0008, 0x5ca: 0x0008, 0x5cb: 0x0008,
-	0x5cc: 0x0008, 0x5cd: 0x0040, 0x5ce: 0x0040, 0x5cf: 0x0008, 0x5d0: 0x0008, 0x5d1: 0x0040,
-	0x5d2: 0x0040, 0x5d3: 0x0008, 0x5d4: 0x0008, 0x5d5: 0x0008, 0x5d6: 0x0008, 0x5d7: 0x0008,
-	0x5d8: 0x0008, 0x5d9: 0x0008, 0x5da: 0x0008, 0x5db: 0x0008, 0x5dc: 0x0008, 0x5dd: 0x0008,
-	0x5de: 0x0008, 0x5df: 0x0008, 0x5e0: 0x0008, 0x5e1: 0x0008, 0x5e2: 0x0008, 0x5e3: 0x0008,
-	0x5e4: 0x0008, 0x5e5: 0x0008, 0x5e6: 0x0008, 0x5e7: 0x0008, 0x5e8: 0x0008, 0x5e9: 0x0040,
-	0x5ea: 0x0008, 0x5eb: 0x0008, 0x5ec: 0x0008, 0x5ed: 0x0008, 0x5ee: 0x0008, 0x5ef: 0x0008,
-	0x5f0: 0x0008, 0x5f1: 0x0040, 0x5f2: 0x0008, 0x5f3: 0x0040, 0x5f4: 0x0040, 0x5f5: 0x0040,
-	0x5f6: 0x0008, 0x5f7: 0x0008, 0x5f8: 0x0008, 0x5f9: 0x0008, 0x5fa: 0x0040, 0x5fb: 0x0040,
-	0x5fc: 0x3308, 0x5fd: 0x0008, 0x5fe: 0x3008, 0x5ff: 0x3008,
-	// Block 0x18, offset 0x600
-	0x600: 0x3008, 0x601: 0x3308, 0x602: 0x3308, 0x603: 0x3308, 0x604: 0x3308, 0x605: 0x0040,
-	0x606: 0x0040, 0x607: 0x3008, 0x608: 0x3008, 0x609: 0x0040, 0x60a: 0x0040, 0x60b: 0x3008,
-	0x60c: 0x3008, 0x60d: 0x3b08, 0x60e: 0x0008, 0x60f: 0x0040, 0x610: 0x0040, 0x611: 0x0040,
-	0x612: 0x0040, 0x613: 0x0040, 0x614: 0x0040, 0x615: 0x0040, 0x616: 0x0040, 0x617: 0x3008,
-	0x618: 0x0040, 0x619: 0x0040, 0x61a: 0x0040, 0x61b: 0x0040, 0x61c: 0x0689, 0x61d: 0x06c1,
-	0x61e: 0x0040, 0x61f: 0x06f9, 0x620: 0x0008, 0x621: 0x0008, 0x622: 0x3308, 0x623: 0x3308,
-	0x624: 0x0040, 0x625: 0x0040, 0x626: 0x0008, 0x627: 0x0008, 0x628: 0x0008, 0x629: 0x0008,
-	0x62a: 0x0008, 0x62b: 0x0008, 0x62c: 0x0008, 0x62d: 0x0008, 0x62e: 0x0008, 0x62f: 0x0008,
-	0x630: 0x0008, 0x631: 0x0008, 0x632: 0x0018, 0x633: 0x0018, 0x634: 0x0018, 0x635: 0x0018,
-	0x636: 0x0018, 0x637: 0x0018, 0x638: 0x0018, 0x639: 0x0018, 0x63a: 0x0018, 0x63b: 0x0018,
-	0x63c: 0x0008, 0x63d: 0x0018, 0x63e: 0x0040, 0x63f: 0x0040,
-	// Block 0x19, offset 0x640
-	0x640: 0x0040, 0x641: 0x3308, 0x642: 0x3308, 0x643: 0x3008, 0x644: 0x0040, 0x645: 0x0008,
-	0x646: 0x0008, 0x647: 0x0008, 0x648: 0x0008, 0x649: 0x0008, 0x64a: 0x0008, 0x64b: 0x0040,
-	0x64c: 0x0040, 0x64d: 0x0040, 0x64e: 0x0040, 0x64f: 0x0008, 0x650: 0x0008, 0x651: 0x0040,
-	0x652: 0x0040, 0x653: 0x0008, 0x654: 0x0008, 0x655: 0x0008, 0x656: 0x0008, 0x657: 0x0008,
-	0x658: 0x0008, 0x659: 0x0008, 0x65a: 0x0008, 0x65b: 0x0008, 0x65c: 0x0008, 0x65d: 0x0008,
-	0x65e: 0x0008, 0x65f: 0x0008, 0x660: 0x0008, 0x661: 0x0008, 0x662: 0x0008, 0x663: 0x0008,
-	0x664: 0x0008, 0x665: 0x0008, 0x666: 0x0008, 0x667: 0x0008, 0x668: 0x0008, 0x669: 0x0040,
-	0x66a: 0x0008, 0x66b: 0x0008, 0x66c: 0x0008, 0x66d: 0x0008, 0x66e: 0x0008, 0x66f: 0x0008,
-	0x670: 0x0008, 0x671: 0x0040, 0x672: 0x0008, 0x673: 0x0731, 0x674: 0x0040, 0x675: 0x0008,
-	0x676: 0x0769, 0x677: 0x0040, 0x678: 0x0008, 0x679: 0x0008, 0x67a: 0x0040, 0x67b: 0x0040,
-	0x67c: 0x3308, 0x67d: 0x0040, 0x67e: 0x3008, 0x67f: 0x3008,
-	// Block 0x1a, offset 0x680
-	0x680: 0x3008, 0x681: 0x3308, 0x682: 0x3308, 0x683: 0x0040, 0x684: 0x0040, 0x685: 0x0040,
-	0x686: 0x0040, 0x687: 0x3308, 0x688: 0x3308, 0x689: 0x0040, 0x68a: 0x0040, 0x68b: 0x3308,
-	0x68c: 0x3308, 0x68d: 0x3b08, 0x68e: 0x0040, 0x68f: 0x0040, 0x690: 0x0040, 0x691: 0x3308,
-	0x692: 0x0040, 0x693: 0x0040, 0x694: 0x0040, 0x695: 0x0040, 0x696: 0x0040, 0x697: 0x0040,
-	0x698: 0x0040, 0x699: 0x07a1, 0x69a: 0x07d9, 0x69b: 0x0811, 0x69c: 0x0008, 0x69d: 0x0040,
-	0x69e: 0x0849, 0x69f: 0x0040, 0x6a0: 0x0040, 0x6a1: 0x0040, 0x6a2: 0x0040, 0x6a3: 0x0040,
-	0x6a4: 0x0040, 0x6a5: 0x0040, 0x6a6: 0x0008, 0x6a7: 0x0008, 0x6a8: 0x0008, 0x6a9: 0x0008,
-	0x6aa: 0x0008, 0x6ab: 0x0008, 0x6ac: 0x0008, 0x6ad: 0x0008, 0x6ae: 0x0008, 0x6af: 0x0008,
-	0x6b0: 0x3308, 0x6b1: 0x3308, 0x6b2: 0x0008, 0x6b3: 0x0008, 0x6b4: 0x0008, 0x6b5: 0x3308,
-	0x6b6: 0x0040, 0x6b7: 0x0040, 0x6b8: 0x0040, 0x6b9: 0x0040, 0x6ba: 0x0040, 0x6bb: 0x0040,
-	0x6bc: 0x0040, 0x6bd: 0x0040, 0x6be: 0x0040, 0x6bf: 0x0040,
-	// Block 0x1b, offset 0x6c0
-	0x6c0: 0x0040, 0x6c1: 0x3308, 0x6c2: 0x3308, 0x6c3: 0x3008, 0x6c4: 0x0040, 0x6c5: 0x0008,
-	0x6c6: 0x0008, 0x6c7: 0x0008, 0x6c8: 0x0008, 0x6c9: 0x0008, 0x6ca: 0x0008, 0x6cb: 0x0008,
-	0x6cc: 0x0008, 0x6cd: 0x0008, 0x6ce: 0x0040, 0x6cf: 0x0008, 0x6d0: 0x0008, 0x6d1: 0x0008,
-	0x6d2: 0x0040, 0x6d3: 0x0008, 0x6d4: 0x0008, 0x6d5: 0x0008, 0x6d6: 0x0008, 0x6d7: 0x0008,
-	0x6d8: 0x0008, 0x6d9: 0x0008, 0x6da: 0x0008, 0x6db: 0x0008, 0x6dc: 0x0008, 0x6dd: 0x0008,
-	0x6de: 0x0008, 0x6df: 0x0008, 0x6e0: 0x0008, 0x6e1: 0x0008, 0x6e2: 0x0008, 0x6e3: 0x0008,
-	0x6e4: 0x0008, 0x6e5: 0x0008, 0x6e6: 0x0008, 0x6e7: 0x0008, 0x6e8: 0x0008, 0x6e9: 0x0040,
-	0x6ea: 0x0008, 0x6eb: 0x0008, 0x6ec: 0x0008, 0x6ed: 0x0008, 0x6ee: 0x0008, 0x6ef: 0x0008,
-	0x6f0: 0x0008, 0x6f1: 0x0040, 0x6f2: 0x0008, 0x6f3: 0x0008, 0x6f4: 0x0040, 0x6f5: 0x0008,
-	0x6f6: 0x0008, 0x6f7: 0x0008, 0x6f8: 0x0008, 0x6f9: 0x0008, 0x6fa: 0x0040, 0x6fb: 0x0040,
-	0x6fc: 0x3308, 0x6fd: 0x0008, 0x6fe: 0x3008, 0x6ff: 0x3008,
-	// Block 0x1c, offset 0x700
-	0x700: 0x3008, 0x701: 0x3308, 0x702: 0x3308, 0x703: 0x3308, 0x704: 0x3308, 0x705: 0x3308,
-	0x706: 0x0040, 0x707: 0x3308, 0x708: 0x3308, 0x709: 0x3008, 0x70a: 0x0040, 0x70b: 0x3008,
-	0x70c: 0x3008, 0x70d: 0x3b08, 0x70e: 0x0040, 0x70f: 0x0040, 0x710: 0x0008, 0x711: 0x0040,
-	0x712: 0x0040, 0x713: 0x0040, 0x714: 0x0040, 0x715: 0x0040, 0x716: 0x0040, 0x717: 0x0040,
-	0x718: 0x0040, 0x719: 0x0040, 0x71a: 0x0040, 0x71b: 0x0040, 0x71c: 0x0040, 0x71d: 0x0040,
-	0x71e: 0x0040, 0x71f: 0x0040, 0x720: 0x0008, 0x721: 0x0008, 0x722: 0x3308, 0x723: 0x3308,
-	0x724: 0x0040, 0x725: 0x0040, 0x726: 0x0008, 0x727: 0x0008, 0x728: 0x0008, 0x729: 0x0008,
-	0x72a: 0x0008, 0x72b: 0x0008, 0x72c: 0x0008, 0x72d: 0x0008, 0x72e: 0x0008, 0x72f: 0x0008,
-	0x730: 0x0018, 0x731: 0x0018, 0x732: 0x0040, 0x733: 0x0040, 0x734: 0x0040, 0x735: 0x0040,
-	0x736: 0x0040, 0x737: 0x0040, 0x738: 0x0040, 0x739: 0x0008, 0x73a: 0x3308, 0x73b: 0x3308,
-	0x73c: 0x3308, 0x73d: 0x3308, 0x73e: 0x3308, 0x73f: 0x3308,
-	// Block 0x1d, offset 0x740
-	0x740: 0x0040, 0x741: 0x3308, 0x742: 0x3008, 0x743: 0x3008, 0x744: 0x0040, 0x745: 0x0008,
-	0x746: 0x0008, 0x747: 0x0008, 0x748: 0x0008, 0x749: 0x0008, 0x74a: 0x0008, 0x74b: 0x0008,
-	0x74c: 0x0008, 0x74d: 0x0040, 0x74e: 0x0040, 0x74f: 0x0008, 0x750: 0x0008, 0x751: 0x0040,
-	0x752: 0x0040, 0x753: 0x0008, 0x754: 0x0008, 0x755: 0x0008, 0x756: 0x0008, 0x757: 0x0008,
-	0x758: 0x0008, 0x759: 0x0008, 0x75a: 0x0008, 0x75b: 0x0008, 0x75c: 0x0008, 0x75d: 0x0008,
-	0x75e: 0x0008, 0x75f: 0x0008, 0x760: 0x0008, 0x761: 0x0008, 0x762: 0x0008, 0x763: 0x0008,
-	0x764: 0x0008, 0x765: 0x0008, 0x766: 0x0008, 0x767: 0x0008, 0x768: 0x0008, 0x769: 0x0040,
-	0x76a: 0x0008, 0x76b: 0x0008, 0x76c: 0x0008, 0x76d: 0x0008, 0x76e: 0x0008, 0x76f: 0x0008,
-	0x770: 0x0008, 0x771: 0x0040, 0x772: 0x0008, 0x773: 0x0008, 0x774: 0x0040, 0x775: 0x0008,
-	0x776: 0x0008, 0x777: 0x0008, 0x778: 0x0008, 0x779: 0x0008, 0x77a: 0x0040, 0x77b: 0x0040,
-	0x77c: 0x3308, 0x77d: 0x0008, 0x77e: 0x3008, 0x77f: 0x3308,
-	// Block 0x1e, offset 0x780
-	0x780: 0x3008, 0x781: 0x3308, 0x782: 0x3308, 0x783: 0x3308, 0x784: 0x3308, 0x785: 0x0040,
-	0x786: 0x0040, 0x787: 0x3008, 0x788: 0x3008, 0x789: 0x0040, 0x78a: 0x0040, 0x78b: 0x3008,
-	0x78c: 0x3008, 0x78d: 0x3b08, 0x78e: 0x0040, 0x78f: 0x0040, 0x790: 0x0040, 0x791: 0x0040,
-	0x792: 0x0040, 0x793: 0x0040, 0x794: 0x0040, 0x795: 0x0040, 0x796: 0x3308, 0x797: 0x3008,
-	0x798: 0x0040, 0x799: 0x0040, 0x79a: 0x0040, 0x79b: 0x0040, 0x79c: 0x0881, 0x79d: 0x08b9,
-	0x79e: 0x0040, 0x79f: 0x0008, 0x7a0: 0x0008, 0x7a1: 0x0008, 0x7a2: 0x3308, 0x7a3: 0x3308,
-	0x7a4: 0x0040, 0x7a5: 0x0040, 0x7a6: 0x0008, 0x7a7: 0x0008, 0x7a8: 0x0008, 0x7a9: 0x0008,
-	0x7aa: 0x0008, 0x7ab: 0x0008, 0x7ac: 0x0008, 0x7ad: 0x0008, 0x7ae: 0x0008, 0x7af: 0x0008,
-	0x7b0: 0x0018, 0x7b1: 0x0008, 0x7b2: 0x0018, 0x7b3: 0x0018, 0x7b4: 0x0018, 0x7b5: 0x0018,
-	0x7b6: 0x0018, 0x7b7: 0x0018, 0x7b8: 0x0040, 0x7b9: 0x0040, 0x7ba: 0x0040, 0x7bb: 0x0040,
-	0x7bc: 0x0040, 0x7bd: 0x0040, 0x7be: 0x0040, 0x7bf: 0x0040,
-	// Block 0x1f, offset 0x7c0
-	0x7c0: 0x0040, 0x7c1: 0x0040, 0x7c2: 0x3308, 0x7c3: 0x0008, 0x7c4: 0x0040, 0x7c5: 0x0008,
-	0x7c6: 0x0008, 0x7c7: 0x0008, 0x7c8: 0x0008, 0x7c9: 0x0008, 0x7ca: 0x0008, 0x7cb: 0x0040,
-	0x7cc: 0x0040, 0x7cd: 0x0040, 0x7ce: 0x0008, 0x7cf: 0x0008, 0x7d0: 0x0008, 0x7d1: 0x0040,
-	0x7d2: 0x0008, 0x7d3: 0x0008, 0x7d4: 0x0008, 0x7d5: 0x0008, 0x7d6: 0x0040, 0x7d7: 0x0040,
-	0x7d8: 0x0040, 0x7d9: 0x0008, 0x7da: 0x0008, 0x7db: 0x0040, 0x7dc: 0x0008, 0x7dd: 0x0040,
-	0x7de: 0x0008, 0x7df: 0x0008, 0x7e0: 0x0040, 0x7e1: 0x0040, 0x7e2: 0x0040, 0x7e3: 0x0008,
-	0x7e4: 0x0008, 0x7e5: 0x0040, 0x7e6: 0x0040, 0x7e7: 0x0040, 0x7e8: 0x0008, 0x7e9: 0x0008,
-	0x7ea: 0x0008, 0x7eb: 0x0040, 0x7ec: 0x0040, 0x7ed: 0x0040, 0x7ee: 0x0008, 0x7ef: 0x0008,
-	0x7f0: 0x0008, 0x7f1: 0x0008, 0x7f2: 0x0008, 0x7f3: 0x0008, 0x7f4: 0x0008, 0x7f5: 0x0008,
-	0x7f6: 0x0008, 0x7f7: 0x0008, 0x7f8: 0x0008, 0x7f9: 0x0008, 0x7fa: 0x0040, 0x7fb: 0x0040,
-	0x7fc: 0x0040, 0x7fd: 0x0040, 0x7fe: 0x3008, 0x7ff: 0x3008,
-	// Block 0x20, offset 0x800
-	0x800: 0x3308, 0x801: 0x3008, 0x802: 0x3008, 0x803: 0x3008, 0x804: 0x3008, 0x805: 0x0040,
-	0x806: 0x3308, 0x807: 0x3308, 0x808: 0x3308, 0x809: 0x0040, 0x80a: 0x3308, 0x80b: 0x3308,
-	0x80c: 0x3308, 0x80d: 0x3b08, 0x80e: 0x0040, 0x80f: 0x0040, 0x810: 0x0040, 0x811: 0x0040,
-	0x812: 0x0040, 0x813: 0x0040, 0x814: 0x0040, 0x815: 0x3308, 0x816: 0x3308, 0x817: 0x0040,
-	0x818: 0x0008, 0x819: 0x0008, 0x81a: 0x0008, 0x81b: 0x0040, 0x81c: 0x0040, 0x81d: 0x0040,
-	0x81e: 0x0040, 0x81f: 0x0040, 0x820: 0x0008, 0x821: 0x0008, 0x822: 0x3308, 0x823: 0x3308,
-	0x824: 0x0040, 0x825: 0x0040, 0x826: 0x0008, 0x827: 0x0008, 0x828: 0x0008, 0x829: 0x0008,
-	0x82a: 0x0008, 0x82b: 0x0008, 0x82c: 0x0008, 0x82d: 0x0008, 0x82e: 0x0008, 0x82f: 0x0008,
-	0x830: 0x0040, 0x831: 0x0040, 0x832: 0x0040, 0x833: 0x0040, 0x834: 0x0040, 0x835: 0x0040,
-	0x836: 0x0040, 0x837: 0x0040, 0x838: 0x0018, 0x839: 0x0018, 0x83a: 0x0018, 0x83b: 0x0018,
-	0x83c: 0x0018, 0x83d: 0x0018, 0x83e: 0x0018, 0x83f: 0x0018,
-	// Block 0x21, offset 0x840
-	0x840: 0x0008, 0x841: 0x3308, 0x842: 0x3008, 0x843: 0x3008, 0x844: 0x0040, 0x845: 0x0008,
-	0x846: 0x0008, 0x847: 0x0008, 0x848: 0x0008, 0x849: 0x0008, 0x84a: 0x0008, 0x84b: 0x0008,
-	0x84c: 0x0008, 0x84d: 0x0040, 0x84e: 0x0008, 0x84f: 0x0008, 0x850: 0x0008, 0x851: 0x0040,
-	0x852: 0x0008, 0x853: 0x0008, 0x854: 0x0008, 0x855: 0x0008, 0x856: 0x0008, 0x857: 0x0008,
-	0x858: 0x0008, 0x859: 0x0008, 0x85a: 0x0008, 0x85b: 0x0008, 0x85c: 0x0008, 0x85d: 0x0008,
-	0x85e: 0x0008, 0x85f: 0x0008, 0x860: 0x0008, 0x861: 0x0008, 0x862: 0x0008, 0x863: 0x0008,
-	0x864: 0x0008, 0x865: 0x0008, 0x866: 0x0008, 0x867: 0x0008, 0x868: 0x0008, 0x869: 0x0040,
-	0x86a: 0x0008, 0x86b: 0x0008, 0x86c: 0x0008, 0x86d: 0x0008, 0x86e: 0x0008, 0x86f: 0x0008,
-	0x870: 0x0008, 0x871: 0x0008, 0x872: 0x0008, 0x873: 0x0008, 0x874: 0x0040, 0x875: 0x0008,
-	0x876: 0x0008, 0x877: 0x0008, 0x878: 0x0008, 0x879: 0x0008, 0x87a: 0x0040, 0x87b: 0x0040,
-	0x87c: 0x3308, 0x87d: 0x0008, 0x87e: 0x3008, 0x87f: 0x3308,
-	// Block 0x22, offset 0x880
-	0x880: 0x3008, 0x881: 0x3008, 0x882: 0x3008, 0x883: 0x3008, 0x884: 0x3008, 0x885: 0x0040,
-	0x886: 0x3308, 0x887: 0x3008, 0x888: 0x3008, 0x889: 0x0040, 0x88a: 0x3008, 0x88b: 0x3008,
-	0x88c: 0x3308, 0x88d: 0x3b08, 0x88e: 0x0040, 0x88f: 0x0040, 0x890: 0x0040, 0x891: 0x0040,
-	0x892: 0x0040, 0x893: 0x0040, 0x894: 0x0040, 0x895: 0x3008, 0x896: 0x3008, 0x897: 0x0040,
-	0x898: 0x0040, 0x899: 0x0040, 0x89a: 0x0040, 0x89b: 0x0040, 0x89c: 0x0040, 0x89d: 0x0040,
-	0x89e: 0x0008, 0x89f: 0x0040, 0x8a0: 0x0008, 0x8a1: 0x0008, 0x8a2: 0x3308, 0x8a3: 0x3308,
-	0x8a4: 0x0040, 0x8a5: 0x0040, 0x8a6: 0x0008, 0x8a7: 0x0008, 0x8a8: 0x0008, 0x8a9: 0x0008,
-	0x8aa: 0x0008, 0x8ab: 0x0008, 0x8ac: 0x0008, 0x8ad: 0x0008, 0x8ae: 0x0008, 0x8af: 0x0008,
-	0x8b0: 0x0040, 0x8b1: 0x0008, 0x8b2: 0x0008, 0x8b3: 0x0040, 0x8b4: 0x0040, 0x8b5: 0x0040,
-	0x8b6: 0x0040, 0x8b7: 0x0040, 0x8b8: 0x0040, 0x8b9: 0x0040, 0x8ba: 0x0040, 0x8bb: 0x0040,
-	0x8bc: 0x0040, 0x8bd: 0x0040, 0x8be: 0x0040, 0x8bf: 0x0040,
-	// Block 0x23, offset 0x8c0
-	0x8c0: 0x3008, 0x8c1: 0x3308, 0x8c2: 0x3308, 0x8c3: 0x3308, 0x8c4: 0x3308, 0x8c5: 0x0040,
-	0x8c6: 0x3008, 0x8c7: 0x3008, 0x8c8: 0x3008, 0x8c9: 0x0040, 0x8ca: 0x3008, 0x8cb: 0x3008,
-	0x8cc: 0x3008, 0x8cd: 0x3b08, 0x8ce: 0x0008, 0x8cf: 0x0018, 0x8d0: 0x0040, 0x8d1: 0x0040,
-	0x8d2: 0x0040, 0x8d3: 0x0040, 0x8d4: 0x0008, 0x8d5: 0x0008, 0x8d6: 0x0008, 0x8d7: 0x3008,
-	0x8d8: 0x0018, 0x8d9: 0x0018, 0x8da: 0x0018, 0x8db: 0x0018, 0x8dc: 0x0018, 0x8dd: 0x0018,
-	0x8de: 0x0018, 0x8df: 0x0008, 0x8e0: 0x0008, 0x8e1: 0x0008, 0x8e2: 0x3308, 0x8e3: 0x3308,
-	0x8e4: 0x0040, 0x8e5: 0x0040, 0x8e6: 0x0008, 0x8e7: 0x0008, 0x8e8: 0x0008, 0x8e9: 0x0008,
-	0x8ea: 0x0008, 0x8eb: 0x0008, 0x8ec: 0x0008, 0x8ed: 0x0008, 0x8ee: 0x0008, 0x8ef: 0x0008,
-	0x8f0: 0x0018, 0x8f1: 0x0018, 0x8f2: 0x0018, 0x8f3: 0x0018, 0x8f4: 0x0018, 0x8f5: 0x0018,
-	0x8f6: 0x0018, 0x8f7: 0x0018, 0x8f8: 0x0018, 0x8f9: 0x0018, 0x8fa: 0x0008, 0x8fb: 0x0008,
-	0x8fc: 0x0008, 0x8fd: 0x0008, 0x8fe: 0x0008, 0x8ff: 0x0008,
-	// Block 0x24, offset 0x900
-	0x900: 0x0040, 0x901: 0x0008, 0x902: 0x0008, 0x903: 0x0040, 0x904: 0x0008, 0x905: 0x0040,
-	0x906: 0x0040, 0x907: 0x0008, 0x908: 0x0008, 0x909: 0x0040, 0x90a: 0x0008, 0x90b: 0x0040,
-	0x90c: 0x0040, 0x90d: 0x0008, 0x90e: 0x0040, 0x90f: 0x0040, 0x910: 0x0040, 0x911: 0x0040,
-	0x912: 0x0040, 0x913: 0x0040, 0x914: 0x0008, 0x915: 0x0008, 0x916: 0x0008, 0x917: 0x0008,
-	0x918: 0x0040, 0x919: 0x0008, 0x91a: 0x0008, 0x91b: 0x0008, 0x91c: 0x0008, 0x91d: 0x0008,
-	0x91e: 0x0008, 0x91f: 0x0008, 0x920: 0x0040, 0x921: 0x0008, 0x922: 0x0008, 0x923: 0x0008,
-	0x924: 0x0040, 0x925: 0x0008, 0x926: 0x0040, 0x927: 0x0008, 0x928: 0x0040, 0x929: 0x0040,
-	0x92a: 0x0008, 0x92b: 0x0008, 0x92c: 0x0040, 0x92d: 0x0008, 0x92e: 0x0008, 0x92f: 0x0008,
-	0x930: 0x0008, 0x931: 0x3308, 0x932: 0x0008, 0x933: 0x0929, 0x934: 0x3308, 0x935: 0x3308,
-	0x936: 0x3308, 0x937: 0x3308, 0x938: 0x3308, 0x939: 0x3308, 0x93a: 0x0040, 0x93b: 0x3308,
-	0x93c: 0x3308, 0x93d: 0x0008, 0x93e: 0x0040, 0x93f: 0x0040,
-	// Block 0x25, offset 0x940
-	0x940: 0x0008, 0x941: 0x0008, 0x942: 0x0008, 0x943: 0x09d1, 0x944: 0x0008, 0x945: 0x0008,
-	0x946: 0x0008, 0x947: 0x0008, 0x948: 0x0040, 0x949: 0x0008, 0x94a: 0x0008, 0x94b: 0x0008,
-	0x94c: 0x0008, 0x94d: 0x0a09, 0x94e: 0x0008, 0x94f: 0x0008, 0x950: 0x0008, 0x951: 0x0008,
-	0x952: 0x0a41, 0x953: 0x0008, 0x954: 0x0008, 0x955: 0x0008, 0x956: 0x0008, 0x957: 0x0a79,
-	0x958: 0x0008, 0x959: 0x0008, 0x95a: 0x0008, 0x95b: 0x0008, 0x95c: 0x0ab1, 0x95d: 0x0008,
-	0x95e: 0x0008, 0x95f: 0x0008, 0x960: 0x0008, 0x961: 0x0008, 0x962: 0x0008, 0x963: 0x0008,
-	0x964: 0x0008, 0x965: 0x0008, 0x966: 0x0008, 0x967: 0x0008, 0x968: 0x0008, 0x969: 0x0ae9,
-	0x96a: 0x0008, 0x96b: 0x0008, 0x96c: 0x0008, 0x96d: 0x0040, 0x96e: 0x0040, 0x96f: 0x0040,
-	0x970: 0x0040, 0x971: 0x3308, 0x972: 0x3308, 0x973: 0x0b21, 0x974: 0x3308, 0x975: 0x0b59,
-	0x976: 0x0b91, 0x977: 0x0bc9, 0x978: 0x0c19, 0x979: 0x0c51, 0x97a: 0x3308, 0x97b: 0x3308,
-	0x97c: 0x3308, 0x97d: 0x3308, 0x97e: 0x3308, 0x97f: 0x3008,
-	// Block 0x26, offset 0x980
-	0x980: 0x3308, 0x981: 0x0ca1, 0x982: 0x3308, 0x983: 0x3308, 0x984: 0x3b08, 0x985: 0x0018,
-	0x986: 0x3308, 0x987: 0x3308, 0x988: 0x0008, 0x989: 0x0008, 0x98a: 0x0008, 0x98b: 0x0008,
-	0x98c: 0x0008, 0x98d: 0x3308, 0x98e: 0x3308, 0x98f: 0x3308, 0x990: 0x3308, 0x991: 0x3308,
-	0x992: 0x3308, 0x993: 0x0cd9, 0x994: 0x3308, 0x995: 0x3308, 0x996: 0x3308, 0x997: 0x3308,
-	0x998: 0x0040, 0x999: 0x3308, 0x99a: 0x3308, 0x99b: 0x3308, 0x99c: 0x3308, 0x99d: 0x0d11,
-	0x99e: 0x3308, 0x99f: 0x3308, 0x9a0: 0x3308, 0x9a1: 0x3308, 0x9a2: 0x0d49, 0x9a3: 0x3308,
-	0x9a4: 0x3308, 0x9a5: 0x3308, 0x9a6: 0x3308, 0x9a7: 0x0d81, 0x9a8: 0x3308, 0x9a9: 0x3308,
-	0x9aa: 0x3308, 0x9ab: 0x3308, 0x9ac: 0x0db9, 0x9ad: 0x3308, 0x9ae: 0x3308, 0x9af: 0x3308,
-	0x9b0: 0x3308, 0x9b1: 0x3308, 0x9b2: 0x3308, 0x9b3: 0x3308, 0x9b4: 0x3308, 0x9b5: 0x3308,
-	0x9b6: 0x3308, 0x9b7: 0x3308, 0x9b8: 0x3308, 0x9b9: 0x0df1, 0x9ba: 0x3308, 0x9bb: 0x3308,
-	0x9bc: 0x3308, 0x9bd: 0x0040, 0x9be: 0x0018, 0x9bf: 0x0018,
-	// Block 0x27, offset 0x9c0
-	0x9c0: 0x0008, 0x9c1: 0x0008, 0x9c2: 0x0008, 0x9c3: 0x0008, 0x9c4: 0x0008, 0x9c5: 0x0008,
-	0x9c6: 0x0008, 0x9c7: 0x0008, 0x9c8: 0x0008, 0x9c9: 0x0008, 0x9ca: 0x0008, 0x9cb: 0x0008,
-	0x9cc: 0x0008, 0x9cd: 0x0008, 0x9ce: 0x0008, 0x9cf: 0x0008, 0x9d0: 0x0008, 0x9d1: 0x0008,
-	0x9d2: 0x0008, 0x9d3: 0x0008, 0x9d4: 0x0008, 0x9d5: 0x0008, 0x9d6: 0x0008, 0x9d7: 0x0008,
-	0x9d8: 0x0008, 0x9d9: 0x0008, 0x9da: 0x0008, 0x9db: 0x0008, 0x9dc: 0x0008, 0x9dd: 0x0008,
-	0x9de: 0x0008, 0x9df: 0x0008, 0x9e0: 0x0008, 0x9e1: 0x0008, 0x9e2: 0x0008, 0x9e3: 0x0008,
-	0x9e4: 0x0008, 0x9e5: 0x0008, 0x9e6: 0x0008, 0x9e7: 0x0008, 0x9e8: 0x0008, 0x9e9: 0x0008,
-	0x9ea: 0x0008, 0x9eb: 0x0008, 0x9ec: 0x0039, 0x9ed: 0x0ed1, 0x9ee: 0x0ee9, 0x9ef: 0x0008,
-	0x9f0: 0x0ef9, 0x9f1: 0x0f09, 0x9f2: 0x0f19, 0x9f3: 0x0f31, 0x9f4: 0x0249, 0x9f5: 0x0f41,
-	0x9f6: 0x0259, 0x9f7: 0x0f51, 0x9f8: 0x0359, 0x9f9: 0x0f61, 0x9fa: 0x0f71, 0x9fb: 0x0008,
-	0x9fc: 0x00d9, 0x9fd: 0x0f81, 0x9fe: 0x0f99, 0x9ff: 0x0269,
-	// Block 0x28, offset 0xa00
-	0xa00: 0x0fa9, 0xa01: 0x0fb9, 0xa02: 0x0279, 0xa03: 0x0039, 0xa04: 0x0fc9, 0xa05: 0x0fe1,
-	0xa06: 0x059d, 0xa07: 0x0ee9, 0xa08: 0x0ef9, 0xa09: 0x0f09, 0xa0a: 0x0ff9, 0xa0b: 0x1011,
-	0xa0c: 0x1029, 0xa0d: 0x0f31, 0xa0e: 0x0008, 0xa0f: 0x0f51, 0xa10: 0x0f61, 0xa11: 0x1041,
-	0xa12: 0x00d9, 0xa13: 0x1059, 0xa14: 0x05b5, 0xa15: 0x05b5, 0xa16: 0x0f99, 0xa17: 0x0fa9,
-	0xa18: 0x0fb9, 0xa19: 0x059d, 0xa1a: 0x1071, 0xa1b: 0x1089, 0xa1c: 0x05cd, 0xa1d: 0x1099,
-	0xa1e: 0x10b1, 0xa1f: 0x10c9, 0xa20: 0x10e1, 0xa21: 0x10f9, 0xa22: 0x0f41, 0xa23: 0x0269,
-	0xa24: 0x0fb9, 0xa25: 0x1089, 0xa26: 0x1099, 0xa27: 0x10b1, 0xa28: 0x1111, 0xa29: 0x10e1,
-	0xa2a: 0x10f9, 0xa2b: 0x0008, 0xa2c: 0x0008, 0xa2d: 0x0008, 0xa2e: 0x0008, 0xa2f: 0x0008,
-	0xa30: 0x0008, 0xa31: 0x0008, 0xa32: 0x0008, 0xa33: 0x0008, 0xa34: 0x0008, 0xa35: 0x0008,
-	0xa36: 0x0008, 0xa37: 0x0008, 0xa38: 0x1129, 0xa39: 0x0008, 0xa3a: 0x0008, 0xa3b: 0x0008,
-	0xa3c: 0x0008, 0xa3d: 0x0008, 0xa3e: 0x0008, 0xa3f: 0x0008,
-	// Block 0x29, offset 0xa40
-	0xa40: 0x0008, 0xa41: 0x0008, 0xa42: 0x0008, 0xa43: 0x0008, 0xa44: 0x0008, 0xa45: 0x0008,
-	0xa46: 0x0008, 0xa47: 0x0008, 0xa48: 0x0008, 0xa49: 0x0008, 0xa4a: 0x0008, 0xa4b: 0x0008,
-	0xa4c: 0x0008, 0xa4d: 0x0008, 0xa4e: 0x0008, 0xa4f: 0x0008, 0xa50: 0x0008, 0xa51: 0x0008,
-	0xa52: 0x0008, 0xa53: 0x0008, 0xa54: 0x0008, 0xa55: 0x0008, 0xa56: 0x0008, 0xa57: 0x0008,
-	0xa58: 0x0008, 0xa59: 0x0008, 0xa5a: 0x0008, 0xa5b: 0x1141, 0xa5c: 0x1159, 0xa5d: 0x1169,
-	0xa5e: 0x1181, 0xa5f: 0x1029, 0xa60: 0x1199, 0xa61: 0x11a9, 0xa62: 0x11c1, 0xa63: 0x11d9,
-	0xa64: 0x11f1, 0xa65: 0x1209, 0xa66: 0x1221, 0xa67: 0x05e5, 0xa68: 0x1239, 0xa69: 0x1251,
-	0xa6a: 0xe17d, 0xa6b: 0x1269, 0xa6c: 0x1281, 0xa6d: 0x1299, 0xa6e: 0x12b1, 0xa6f: 0x12c9,
-	0xa70: 0x12e1, 0xa71: 0x12f9, 0xa72: 0x1311, 0xa73: 0x1329, 0xa74: 0x1341, 0xa75: 0x1359,
-	0xa76: 0x1371, 0xa77: 0x1389, 0xa78: 0x05fd, 0xa79: 0x13a1, 0xa7a: 0x13b9, 0xa7b: 0x13d1,
-	0xa7c: 0x13e1, 0xa7d: 0x13f9, 0xa7e: 0x1411, 0xa7f: 0x1429,
-	// Block 0x2a, offset 0xa80
-	0xa80: 0xe00d, 0xa81: 0x0008, 0xa82: 0xe00d, 0xa83: 0x0008, 0xa84: 0xe00d, 0xa85: 0x0008,
-	0xa86: 0xe00d, 0xa87: 0x0008, 0xa88: 0xe00d, 0xa89: 0x0008, 0xa8a: 0xe00d, 0xa8b: 0x0008,
-	0xa8c: 0xe00d, 0xa8d: 0x0008, 0xa8e: 0xe00d, 0xa8f: 0x0008, 0xa90: 0xe00d, 0xa91: 0x0008,
-	0xa92: 0xe00d, 0xa93: 0x0008, 0xa94: 0xe00d, 0xa95: 0x0008, 0xa96: 0xe00d, 0xa97: 0x0008,
-	0xa98: 0xe00d, 0xa99: 0x0008, 0xa9a: 0xe00d, 0xa9b: 0x0008, 0xa9c: 0xe00d, 0xa9d: 0x0008,
-	0xa9e: 0xe00d, 0xa9f: 0x0008, 0xaa0: 0xe00d, 0xaa1: 0x0008, 0xaa2: 0xe00d, 0xaa3: 0x0008,
-	0xaa4: 0xe00d, 0xaa5: 0x0008, 0xaa6: 0xe00d, 0xaa7: 0x0008, 0xaa8: 0xe00d, 0xaa9: 0x0008,
-	0xaaa: 0xe00d, 0xaab: 0x0008, 0xaac: 0xe00d, 0xaad: 0x0008, 0xaae: 0xe00d, 0xaaf: 0x0008,
-	0xab0: 0xe00d, 0xab1: 0x0008, 0xab2: 0xe00d, 0xab3: 0x0008, 0xab4: 0xe00d, 0xab5: 0x0008,
-	0xab6: 0xe00d, 0xab7: 0x0008, 0xab8: 0xe00d, 0xab9: 0x0008, 0xaba: 0xe00d, 0xabb: 0x0008,
-	0xabc: 0xe00d, 0xabd: 0x0008, 0xabe: 0xe00d, 0xabf: 0x0008,
-	// Block 0x2b, offset 0xac0
-	0xac0: 0xe00d, 0xac1: 0x0008, 0xac2: 0xe00d, 0xac3: 0x0008, 0xac4: 0xe00d, 0xac5: 0x0008,
-	0xac6: 0xe00d, 0xac7: 0x0008, 0xac8: 0xe00d, 0xac9: 0x0008, 0xaca: 0xe00d, 0xacb: 0x0008,
-	0xacc: 0xe00d, 0xacd: 0x0008, 0xace: 0xe00d, 0xacf: 0x0008, 0xad0: 0xe00d, 0xad1: 0x0008,
-	0xad2: 0xe00d, 0xad3: 0x0008, 0xad4: 0xe00d, 0xad5: 0x0008, 0xad6: 0x0008, 0xad7: 0x0008,
-	0xad8: 0x0008, 0xad9: 0x0008, 0xada: 0x0615, 0xadb: 0x0635, 0xadc: 0x0008, 0xadd: 0x0008,
-	0xade: 0x1441, 0xadf: 0x0008, 0xae0: 0xe00d, 0xae1: 0x0008, 0xae2: 0xe00d, 0xae3: 0x0008,
-	0xae4: 0xe00d, 0xae5: 0x0008, 0xae6: 0xe00d, 0xae7: 0x0008, 0xae8: 0xe00d, 0xae9: 0x0008,
-	0xaea: 0xe00d, 0xaeb: 0x0008, 0xaec: 0xe00d, 0xaed: 0x0008, 0xaee: 0xe00d, 0xaef: 0x0008,
-	0xaf0: 0xe00d, 0xaf1: 0x0008, 0xaf2: 0xe00d, 0xaf3: 0x0008, 0xaf4: 0xe00d, 0xaf5: 0x0008,
-	0xaf6: 0xe00d, 0xaf7: 0x0008, 0xaf8: 0xe00d, 0xaf9: 0x0008, 0xafa: 0xe00d, 0xafb: 0x0008,
-	0xafc: 0xe00d, 0xafd: 0x0008, 0xafe: 0xe00d, 0xaff: 0x0008,
-	// Block 0x2c, offset 0xb00
-	0xb00: 0x0008, 0xb01: 0x0008, 0xb02: 0x0008, 0xb03: 0x0008, 0xb04: 0x0008, 0xb05: 0x0008,
-	0xb06: 0x0040, 0xb07: 0x0040, 0xb08: 0xe045, 0xb09: 0xe045, 0xb0a: 0xe045, 0xb0b: 0xe045,
-	0xb0c: 0xe045, 0xb0d: 0xe045, 0xb0e: 0x0040, 0xb0f: 0x0040, 0xb10: 0x0008, 0xb11: 0x0008,
-	0xb12: 0x0008, 0xb13: 0x0008, 0xb14: 0x0008, 0xb15: 0x0008, 0xb16: 0x0008, 0xb17: 0x0008,
-	0xb18: 0x0040, 0xb19: 0xe045, 0xb1a: 0x0040, 0xb1b: 0xe045, 0xb1c: 0x0040, 0xb1d: 0xe045,
-	0xb1e: 0x0040, 0xb1f: 0xe045, 0xb20: 0x0008, 0xb21: 0x0008, 0xb22: 0x0008, 0xb23: 0x0008,
-	0xb24: 0x0008, 0xb25: 0x0008, 0xb26: 0x0008, 0xb27: 0x0008, 0xb28: 0xe045, 0xb29: 0xe045,
-	0xb2a: 0xe045, 0xb2b: 0xe045, 0xb2c: 0xe045, 0xb2d: 0xe045, 0xb2e: 0xe045, 0xb2f: 0xe045,
-	0xb30: 0x0008, 0xb31: 0x1459, 0xb32: 0x0008, 0xb33: 0x1471, 0xb34: 0x0008, 0xb35: 0x1489,
-	0xb36: 0x0008, 0xb37: 0x14a1, 0xb38: 0x0008, 0xb39: 0x14b9, 0xb3a: 0x0008, 0xb3b: 0x14d1,
-	0xb3c: 0x0008, 0xb3d: 0x14e9, 0xb3e: 0x0040, 0xb3f: 0x0040,
-	// Block 0x2d, offset 0xb40
-	0xb40: 0x1501, 0xb41: 0x1531, 0xb42: 0x1561, 0xb43: 0x1591, 0xb44: 0x15c1, 0xb45: 0x15f1,
-	0xb46: 0x1621, 0xb47: 0x1651, 0xb48: 0x1501, 0xb49: 0x1531, 0xb4a: 0x1561, 0xb4b: 0x1591,
-	0xb4c: 0x15c1, 0xb4d: 0x15f1, 0xb4e: 0x1621, 0xb4f: 0x1651, 0xb50: 0x1681, 0xb51: 0x16b1,
-	0xb52: 0x16e1, 0xb53: 0x1711, 0xb54: 0x1741, 0xb55: 0x1771, 0xb56: 0x17a1, 0xb57: 0x17d1,
-	0xb58: 0x1681, 0xb59: 0x16b1, 0xb5a: 0x16e1, 0xb5b: 0x1711, 0xb5c: 0x1741, 0xb5d: 0x1771,
-	0xb5e: 0x17a1, 0xb5f: 0x17d1, 0xb60: 0x1801, 0xb61: 0x1831, 0xb62: 0x1861, 0xb63: 0x1891,
-	0xb64: 0x18c1, 0xb65: 0x18f1, 0xb66: 0x1921, 0xb67: 0x1951, 0xb68: 0x1801, 0xb69: 0x1831,
-	0xb6a: 0x1861, 0xb6b: 0x1891, 0xb6c: 0x18c1, 0xb6d: 0x18f1, 0xb6e: 0x1921, 0xb6f: 0x1951,
-	0xb70: 0x0008, 0xb71: 0x0008, 0xb72: 0x1981, 0xb73: 0x19b1, 0xb74: 0x19d9, 0xb75: 0x0040,
-	0xb76: 0x0008, 0xb77: 0x1a01, 0xb78: 0xe045, 0xb79: 0xe045, 0xb7a: 0x064d, 0xb7b: 0x1459,
-	0xb7c: 0x19b1, 0xb7d: 0x0666, 0xb7e: 0x1a31, 0xb7f: 0x0686,
-	// Block 0x2e, offset 0xb80
-	0xb80: 0x06a6, 0xb81: 0x1a4a, 0xb82: 0x1a79, 0xb83: 0x1aa9, 0xb84: 0x1ad1, 0xb85: 0x0040,
-	0xb86: 0x0008, 0xb87: 0x1af9, 0xb88: 0x06c5, 0xb89: 0x1471, 0xb8a: 0x06dd, 0xb8b: 0x1489,
-	0xb8c: 0x1aa9, 0xb8d: 0x1b2a, 0xb8e: 0x1b5a, 0xb8f: 0x1b8a, 0xb90: 0x0008, 0xb91: 0x0008,
-	0xb92: 0x0008, 0xb93: 0x1bb9, 0xb94: 0x0040, 0xb95: 0x0040, 0xb96: 0x0008, 0xb97: 0x0008,
-	0xb98: 0xe045, 0xb99: 0xe045, 0xb9a: 0x06f5, 0xb9b: 0x14a1, 0xb9c: 0x0040, 0xb9d: 0x1bd2,
-	0xb9e: 0x1c02, 0xb9f: 0x1c32, 0xba0: 0x0008, 0xba1: 0x0008, 0xba2: 0x0008, 0xba3: 0x1c61,
-	0xba4: 0x0008, 0xba5: 0x0008, 0xba6: 0x0008, 0xba7: 0x0008, 0xba8: 0xe045, 0xba9: 0xe045,
-	0xbaa: 0x070d, 0xbab: 0x14d1, 0xbac: 0xe04d, 0xbad: 0x1c7a, 0xbae: 0x03d2, 0xbaf: 0x1caa,
-	0xbb0: 0x0040, 0xbb1: 0x0040, 0xbb2: 0x1cb9, 0xbb3: 0x1ce9, 0xbb4: 0x1d11, 0xbb5: 0x0040,
-	0xbb6: 0x0008, 0xbb7: 0x1d39, 0xbb8: 0x0725, 0xbb9: 0x14b9, 0xbba: 0x0515, 0xbbb: 0x14e9,
-	0xbbc: 0x1ce9, 0xbbd: 0x073e, 0xbbe: 0x075e, 0xbbf: 0x0040,
-	// Block 0x2f, offset 0xbc0
-	0xbc0: 0x000a, 0xbc1: 0x000a, 0xbc2: 0x000a, 0xbc3: 0x000a, 0xbc4: 0x000a, 0xbc5: 0x000a,
-	0xbc6: 0x000a, 0xbc7: 0x000a, 0xbc8: 0x000a, 0xbc9: 0x000a, 0xbca: 0x000a, 0xbcb: 0x03c0,
-	0xbcc: 0x0003, 0xbcd: 0x0003, 0xbce: 0x0340, 0xbcf: 0x0b40, 0xbd0: 0x0018, 0xbd1: 0xe00d,
-	0xbd2: 0x0018, 0xbd3: 0x0018, 0xbd4: 0x0018, 0xbd5: 0x0018, 0xbd6: 0x0018, 0xbd7: 0x077e,
-	0xbd8: 0x0018, 0xbd9: 0x0018, 0xbda: 0x0018, 0xbdb: 0x0018, 0xbdc: 0x0018, 0xbdd: 0x0018,
-	0xbde: 0x0018, 0xbdf: 0x0018, 0xbe0: 0x0018, 0xbe1: 0x0018, 0xbe2: 0x0018, 0xbe3: 0x0018,
-	0xbe4: 0x0040, 0xbe5: 0x0040, 0xbe6: 0x0040, 0xbe7: 0x0018, 0xbe8: 0x0040, 0xbe9: 0x0040,
-	0xbea: 0x0340, 0xbeb: 0x0340, 0xbec: 0x0340, 0xbed: 0x0340, 0xbee: 0x0340, 0xbef: 0x000a,
-	0xbf0: 0x0018, 0xbf1: 0x0018, 0xbf2: 0x0018, 0xbf3: 0x1d69, 0xbf4: 0x1da1, 0xbf5: 0x0018,
-	0xbf6: 0x1df1, 0xbf7: 0x1e29, 0xbf8: 0x0018, 0xbf9: 0x0018, 0xbfa: 0x0018, 0xbfb: 0x0018,
-	0xbfc: 0x1e7a, 0xbfd: 0x0018, 0xbfe: 0x079e, 0xbff: 0x0018,
-	// Block 0x30, offset 0xc00
-	0xc00: 0x0018, 0xc01: 0x0018, 0xc02: 0x0018, 0xc03: 0x0018, 0xc04: 0x0018, 0xc05: 0x0018,
-	0xc06: 0x0018, 0xc07: 0x1e92, 0xc08: 0x1eaa, 0xc09: 0x1ec2, 0xc0a: 0x0018, 0xc0b: 0x0018,
-	0xc0c: 0x0018, 0xc0d: 0x0018, 0xc0e: 0x0018, 0xc0f: 0x0018, 0xc10: 0x0018, 0xc11: 0x0018,
-	0xc12: 0x0018, 0xc13: 0x0018, 0xc14: 0x0018, 0xc15: 0x0018, 0xc16: 0x0018, 0xc17: 0x1ed9,
-	0xc18: 0x0018, 0xc19: 0x0018, 0xc1a: 0x0018, 0xc1b: 0x0018, 0xc1c: 0x0018, 0xc1d: 0x0018,
-	0xc1e: 0x0018, 0xc1f: 0x000a, 0xc20: 0x03c0, 0xc21: 0x0340, 0xc22: 0x0340, 0xc23: 0x0340,
-	0xc24: 0x03c0, 0xc25: 0x0040, 0xc26: 0x0040, 0xc27: 0x0040, 0xc28: 0x0040, 0xc29: 0x0040,
-	0xc2a: 0x0340, 0xc2b: 0x0340, 0xc2c: 0x0340, 0xc2d: 0x0340, 0xc2e: 0x0340, 0xc2f: 0x0340,
-	0xc30: 0x1f41, 0xc31: 0x0f41, 0xc32: 0x0040, 0xc33: 0x0040, 0xc34: 0x1f51, 0xc35: 0x1f61,
-	0xc36: 0x1f71, 0xc37: 0x1f81, 0xc38: 0x1f91, 0xc39: 0x1fa1, 0xc3a: 0x1fb2, 0xc3b: 0x07bd,
-	0xc3c: 0x1fc2, 0xc3d: 0x1fd2, 0xc3e: 0x1fe2, 0xc3f: 0x0f71,
-	// Block 0x31, offset 0xc40
-	0xc40: 0x1f41, 0xc41: 0x00c9, 0xc42: 0x0069, 0xc43: 0x0079, 0xc44: 0x1f51, 0xc45: 0x1f61,
-	0xc46: 0x1f71, 0xc47: 0x1f81, 0xc48: 0x1f91, 0xc49: 0x1fa1, 0xc4a: 0x1fb2, 0xc4b: 0x07d5,
-	0xc4c: 0x1fc2, 0xc4d: 0x1fd2, 0xc4e: 0x1fe2, 0xc4f: 0x0040, 0xc50: 0x0039, 0xc51: 0x0f09,
-	0xc52: 0x00d9, 0xc53: 0x0369, 0xc54: 0x0ff9, 0xc55: 0x0249, 0xc56: 0x0f51, 0xc57: 0x0359,
-	0xc58: 0x0f61, 0xc59: 0x0f71, 0xc5a: 0x0f99, 0xc5b: 0x01d9, 0xc5c: 0x0fa9, 0xc5d: 0x0040,
-	0xc5e: 0x0040, 0xc5f: 0x0040, 0xc60: 0x0018, 0xc61: 0x0018, 0xc62: 0x0018, 0xc63: 0x0018,
-	0xc64: 0x0018, 0xc65: 0x0018, 0xc66: 0x0018, 0xc67: 0x0018, 0xc68: 0x1ff1, 0xc69: 0x0018,
-	0xc6a: 0x0018, 0xc6b: 0x0018, 0xc6c: 0x0018, 0xc6d: 0x0018, 0xc6e: 0x0018, 0xc6f: 0x0018,
-	0xc70: 0x0018, 0xc71: 0x0018, 0xc72: 0x0018, 0xc73: 0x0018, 0xc74: 0x0018, 0xc75: 0x0018,
-	0xc76: 0x0018, 0xc77: 0x0018, 0xc78: 0x0018, 0xc79: 0x0018, 0xc7a: 0x0018, 0xc7b: 0x0018,
-	0xc7c: 0x0018, 0xc7d: 0x0018, 0xc7e: 0x0018, 0xc7f: 0x0018,
-	// Block 0x32, offset 0xc80
-	0xc80: 0x07ee, 0xc81: 0x080e, 0xc82: 0x1159, 0xc83: 0x082d, 0xc84: 0x0018, 0xc85: 0x084e,
-	0xc86: 0x086e, 0xc87: 0x1011, 0xc88: 0x0018, 0xc89: 0x088d, 0xc8a: 0x0f31, 0xc8b: 0x0249,
-	0xc8c: 0x0249, 0xc8d: 0x0249, 0xc8e: 0x0249, 0xc8f: 0x2009, 0xc90: 0x0f41, 0xc91: 0x0f41,
-	0xc92: 0x0359, 0xc93: 0x0359, 0xc94: 0x0018, 0xc95: 0x0f71, 0xc96: 0x2021, 0xc97: 0x0018,
-	0xc98: 0x0018, 0xc99: 0x0f99, 0xc9a: 0x2039, 0xc9b: 0x0269, 0xc9c: 0x0269, 0xc9d: 0x0269,
-	0xc9e: 0x0018, 0xc9f: 0x0018, 0xca0: 0x2049, 0xca1: 0x08ad, 0xca2: 0x2061, 0xca3: 0x0018,
-	0xca4: 0x13d1, 0xca5: 0x0018, 0xca6: 0x2079, 0xca7: 0x0018, 0xca8: 0x13d1, 0xca9: 0x0018,
-	0xcaa: 0x0f51, 0xcab: 0x2091, 0xcac: 0x0ee9, 0xcad: 0x1159, 0xcae: 0x0018, 0xcaf: 0x0f09,
-	0xcb0: 0x0f09, 0xcb1: 0x1199, 0xcb2: 0x0040, 0xcb3: 0x0f61, 0xcb4: 0x00d9, 0xcb5: 0x20a9,
-	0xcb6: 0x20c1, 0xcb7: 0x20d9, 0xcb8: 0x20f1, 0xcb9: 0x0f41, 0xcba: 0x0018, 0xcbb: 0x08cd,
-	0xcbc: 0x2109, 0xcbd: 0x10b1, 0xcbe: 0x10b1, 0xcbf: 0x2109,
-	// Block 0x33, offset 0xcc0
-	0xcc0: 0x08ed, 0xcc1: 0x0018, 0xcc2: 0x0018, 0xcc3: 0x0018, 0xcc4: 0x0018, 0xcc5: 0x0ef9,
-	0xcc6: 0x0ef9, 0xcc7: 0x0f09, 0xcc8: 0x0f41, 0xcc9: 0x0259, 0xcca: 0x0018, 0xccb: 0x0018,
-	0xccc: 0x0018, 0xccd: 0x0018, 0xcce: 0x0008, 0xccf: 0x0018, 0xcd0: 0x2121, 0xcd1: 0x2151,
-	0xcd2: 0x2181, 0xcd3: 0x21b9, 0xcd4: 0x21e9, 0xcd5: 0x2219, 0xcd6: 0x2249, 0xcd7: 0x2279,
-	0xcd8: 0x22a9, 0xcd9: 0x22d9, 0xcda: 0x2309, 0xcdb: 0x2339, 0xcdc: 0x2369, 0xcdd: 0x2399,
-	0xcde: 0x23c9, 0xcdf: 0x23f9, 0xce0: 0x0f41, 0xce1: 0x2421, 0xce2: 0x0905, 0xce3: 0x2439,
-	0xce4: 0x1089, 0xce5: 0x2451, 0xce6: 0x0925, 0xce7: 0x2469, 0xce8: 0x2491, 0xce9: 0x0369,
-	0xcea: 0x24a9, 0xceb: 0x0945, 0xcec: 0x0359, 0xced: 0x1159, 0xcee: 0x0ef9, 0xcef: 0x0f61,
-	0xcf0: 0x0f41, 0xcf1: 0x2421, 0xcf2: 0x0965, 0xcf3: 0x2439, 0xcf4: 0x1089, 0xcf5: 0x2451,
-	0xcf6: 0x0985, 0xcf7: 0x2469, 0xcf8: 0x2491, 0xcf9: 0x0369, 0xcfa: 0x24a9, 0xcfb: 0x09a5,
-	0xcfc: 0x0359, 0xcfd: 0x1159, 0xcfe: 0x0ef9, 0xcff: 0x0f61,
-	// Block 0x34, offset 0xd00
-	0xd00: 0x0018, 0xd01: 0x0018, 0xd02: 0x0018, 0xd03: 0x0018, 0xd04: 0x0018, 0xd05: 0x0018,
-	0xd06: 0x0018, 0xd07: 0x0018, 0xd08: 0x0018, 0xd09: 0x0018, 0xd0a: 0x0018, 0xd0b: 0x0040,
-	0xd0c: 0x0040, 0xd0d: 0x0040, 0xd0e: 0x0040, 0xd0f: 0x0040, 0xd10: 0x0040, 0xd11: 0x0040,
-	0xd12: 0x0040, 0xd13: 0x0040, 0xd14: 0x0040, 0xd15: 0x0040, 0xd16: 0x0040, 0xd17: 0x0040,
-	0xd18: 0x0040, 0xd19: 0x0040, 0xd1a: 0x0040, 0xd1b: 0x0040, 0xd1c: 0x0040, 0xd1d: 0x0040,
-	0xd1e: 0x0040, 0xd1f: 0x0040, 0xd20: 0x00c9, 0xd21: 0x0069, 0xd22: 0x0079, 0xd23: 0x1f51,
-	0xd24: 0x1f61, 0xd25: 0x1f71, 0xd26: 0x1f81, 0xd27: 0x1f91, 0xd28: 0x1fa1, 0xd29: 0x2601,
-	0xd2a: 0x2619, 0xd2b: 0x2631, 0xd2c: 0x2649, 0xd2d: 0x2661, 0xd2e: 0x2679, 0xd2f: 0x2691,
-	0xd30: 0x26a9, 0xd31: 0x26c1, 0xd32: 0x26d9, 0xd33: 0x26f1, 0xd34: 0x0a06, 0xd35: 0x0a26,
-	0xd36: 0x0a46, 0xd37: 0x0a66, 0xd38: 0x0a86, 0xd39: 0x0aa6, 0xd3a: 0x0ac6, 0xd3b: 0x0ae6,
-	0xd3c: 0x0b06, 0xd3d: 0x270a, 0xd3e: 0x2732, 0xd3f: 0x275a,
-	// Block 0x35, offset 0xd40
-	0xd40: 0x2782, 0xd41: 0x27aa, 0xd42: 0x27d2, 0xd43: 0x27fa, 0xd44: 0x2822, 0xd45: 0x284a,
-	0xd46: 0x2872, 0xd47: 0x289a, 0xd48: 0x0040, 0xd49: 0x0040, 0xd4a: 0x0040, 0xd4b: 0x0040,
-	0xd4c: 0x0040, 0xd4d: 0x0040, 0xd4e: 0x0040, 0xd4f: 0x0040, 0xd50: 0x0040, 0xd51: 0x0040,
-	0xd52: 0x0040, 0xd53: 0x0040, 0xd54: 0x0040, 0xd55: 0x0040, 0xd56: 0x0040, 0xd57: 0x0040,
-	0xd58: 0x0040, 0xd59: 0x0040, 0xd5a: 0x0040, 0xd5b: 0x0040, 0xd5c: 0x0b26, 0xd5d: 0x0b46,
-	0xd5e: 0x0b66, 0xd5f: 0x0b86, 0xd60: 0x0ba6, 0xd61: 0x0bc6, 0xd62: 0x0be6, 0xd63: 0x0c06,
-	0xd64: 0x0c26, 0xd65: 0x0c46, 0xd66: 0x0c66, 0xd67: 0x0c86, 0xd68: 0x0ca6, 0xd69: 0x0cc6,
-	0xd6a: 0x0ce6, 0xd6b: 0x0d06, 0xd6c: 0x0d26, 0xd6d: 0x0d46, 0xd6e: 0x0d66, 0xd6f: 0x0d86,
-	0xd70: 0x0da6, 0xd71: 0x0dc6, 0xd72: 0x0de6, 0xd73: 0x0e06, 0xd74: 0x0e26, 0xd75: 0x0e46,
-	0xd76: 0x0039, 0xd77: 0x0ee9, 0xd78: 0x1159, 0xd79: 0x0ef9, 0xd7a: 0x0f09, 0xd7b: 0x1199,
-	0xd7c: 0x0f31, 0xd7d: 0x0249, 0xd7e: 0x0f41, 0xd7f: 0x0259,
-	// Block 0x36, offset 0xd80
-	0xd80: 0x0f51, 0xd81: 0x0359, 0xd82: 0x0f61, 0xd83: 0x0f71, 0xd84: 0x00d9, 0xd85: 0x0f99,
-	0xd86: 0x2039, 0xd87: 0x0269, 0xd88: 0x01d9, 0xd89: 0x0fa9, 0xd8a: 0x0fb9, 0xd8b: 0x1089,
-	0xd8c: 0x0279, 0xd8d: 0x0369, 0xd8e: 0x0289, 0xd8f: 0x13d1, 0xd90: 0x0039, 0xd91: 0x0ee9,
-	0xd92: 0x1159, 0xd93: 0x0ef9, 0xd94: 0x0f09, 0xd95: 0x1199, 0xd96: 0x0f31, 0xd97: 0x0249,
-	0xd98: 0x0f41, 0xd99: 0x0259, 0xd9a: 0x0f51, 0xd9b: 0x0359, 0xd9c: 0x0f61, 0xd9d: 0x0f71,
-	0xd9e: 0x00d9, 0xd9f: 0x0f99, 0xda0: 0x2039, 0xda1: 0x0269, 0xda2: 0x01d9, 0xda3: 0x0fa9,
-	0xda4: 0x0fb9, 0xda5: 0x1089, 0xda6: 0x0279, 0xda7: 0x0369, 0xda8: 0x0289, 0xda9: 0x13d1,
-	0xdaa: 0x1f41, 0xdab: 0x0018, 0xdac: 0x0018, 0xdad: 0x0018, 0xdae: 0x0018, 0xdaf: 0x0018,
-	0xdb0: 0x0018, 0xdb1: 0x0018, 0xdb2: 0x0018, 0xdb3: 0x0018, 0xdb4: 0x0018, 0xdb5: 0x0018,
-	0xdb6: 0x0018, 0xdb7: 0x0018, 0xdb8: 0x0018, 0xdb9: 0x0018, 0xdba: 0x0018, 0xdbb: 0x0018,
-	0xdbc: 0x0018, 0xdbd: 0x0018, 0xdbe: 0x0018, 0xdbf: 0x0018,
-	// Block 0x37, offset 0xdc0
-	0xdc0: 0x0008, 0xdc1: 0x0008, 0xdc2: 0x0008, 0xdc3: 0x0008, 0xdc4: 0x0008, 0xdc5: 0x0008,
-	0xdc6: 0x0008, 0xdc7: 0x0008, 0xdc8: 0x0008, 0xdc9: 0x0008, 0xdca: 0x0008, 0xdcb: 0x0008,
-	0xdcc: 0x0008, 0xdcd: 0x0008, 0xdce: 0x0008, 0xdcf: 0x0008, 0xdd0: 0x0008, 0xdd1: 0x0008,
-	0xdd2: 0x0008, 0xdd3: 0x0008, 0xdd4: 0x0008, 0xdd5: 0x0008, 0xdd6: 0x0008, 0xdd7: 0x0008,
-	0xdd8: 0x0008, 0xdd9: 0x0008, 0xdda: 0x0008, 0xddb: 0x0008, 0xddc: 0x0008, 0xddd: 0x0008,
-	0xdde: 0x0008, 0xddf: 0x0040, 0xde0: 0xe00d, 0xde1: 0x0008, 0xde2: 0x2971, 0xde3: 0x0ebd,
-	0xde4: 0x2989, 0xde5: 0x0008, 0xde6: 0x0008, 0xde7: 0xe07d, 0xde8: 0x0008, 0xde9: 0xe01d,
-	0xdea: 0x0008, 0xdeb: 0xe03d, 0xdec: 0x0008, 0xded: 0x0fe1, 0xdee: 0x1281, 0xdef: 0x0fc9,
-	0xdf0: 0x1141, 0xdf1: 0x0008, 0xdf2: 0xe00d, 0xdf3: 0x0008, 0xdf4: 0x0008, 0xdf5: 0xe01d,
-	0xdf6: 0x0008, 0xdf7: 0x0008, 0xdf8: 0x0008, 0xdf9: 0x0008, 0xdfa: 0x0008, 0xdfb: 0x0008,
-	0xdfc: 0x0259, 0xdfd: 0x1089, 0xdfe: 0x29a1, 0xdff: 0x29b9,
-	// Block 0x38, offset 0xe00
-	0xe00: 0xe00d, 0xe01: 0x0008, 0xe02: 0xe00d, 0xe03: 0x0008, 0xe04: 0xe00d, 0xe05: 0x0008,
-	0xe06: 0xe00d, 0xe07: 0x0008, 0xe08: 0xe00d, 0xe09: 0x0008, 0xe0a: 0xe00d, 0xe0b: 0x0008,
-	0xe0c: 0xe00d, 0xe0d: 0x0008, 0xe0e: 0xe00d, 0xe0f: 0x0008, 0xe10: 0xe00d, 0xe11: 0x0008,
-	0xe12: 0xe00d, 0xe13: 0x0008, 0xe14: 0xe00d, 0xe15: 0x0008, 0xe16: 0xe00d, 0xe17: 0x0008,
-	0xe18: 0xe00d, 0xe19: 0x0008, 0xe1a: 0xe00d, 0xe1b: 0x0008, 0xe1c: 0xe00d, 0xe1d: 0x0008,
-	0xe1e: 0xe00d, 0xe1f: 0x0008, 0xe20: 0xe00d, 0xe21: 0x0008, 0xe22: 0xe00d, 0xe23: 0x0008,
-	0xe24: 0x0008, 0xe25: 0x0018, 0xe26: 0x0018, 0xe27: 0x0018, 0xe28: 0x0018, 0xe29: 0x0018,
-	0xe2a: 0x0018, 0xe2b: 0xe03d, 0xe2c: 0x0008, 0xe2d: 0xe01d, 0xe2e: 0x0008, 0xe2f: 0x3308,
-	0xe30: 0x3308, 0xe31: 0x3308, 0xe32: 0xe00d, 0xe33: 0x0008, 0xe34: 0x0040, 0xe35: 0x0040,
-	0xe36: 0x0040, 0xe37: 0x0040, 0xe38: 0x0040, 0xe39: 0x0018, 0xe3a: 0x0018, 0xe3b: 0x0018,
-	0xe3c: 0x0018, 0xe3d: 0x0018, 0xe3e: 0x0018, 0xe3f: 0x0018,
-	// Block 0x39, offset 0xe40
-	0xe40: 0x26fd, 0xe41: 0x271d, 0xe42: 0x273d, 0xe43: 0x275d, 0xe44: 0x277d, 0xe45: 0x279d,
-	0xe46: 0x27bd, 0xe47: 0x27dd, 0xe48: 0x27fd, 0xe49: 0x281d, 0xe4a: 0x283d, 0xe4b: 0x285d,
-	0xe4c: 0x287d, 0xe4d: 0x289d, 0xe4e: 0x28bd, 0xe4f: 0x28dd, 0xe50: 0x28fd, 0xe51: 0x291d,
-	0xe52: 0x293d, 0xe53: 0x295d, 0xe54: 0x297d, 0xe55: 0x299d, 0xe56: 0x0040, 0xe57: 0x0040,
-	0xe58: 0x0040, 0xe59: 0x0040, 0xe5a: 0x0040, 0xe5b: 0x0040, 0xe5c: 0x0040, 0xe5d: 0x0040,
-	0xe5e: 0x0040, 0xe5f: 0x0040, 0xe60: 0x0040, 0xe61: 0x0040, 0xe62: 0x0040, 0xe63: 0x0040,
-	0xe64: 0x0040, 0xe65: 0x0040, 0xe66: 0x0040, 0xe67: 0x0040, 0xe68: 0x0040, 0xe69: 0x0040,
-	0xe6a: 0x0040, 0xe6b: 0x0040, 0xe6c: 0x0040, 0xe6d: 0x0040, 0xe6e: 0x0040, 0xe6f: 0x0040,
-	0xe70: 0x0040, 0xe71: 0x0040, 0xe72: 0x0040, 0xe73: 0x0040, 0xe74: 0x0040, 0xe75: 0x0040,
-	0xe76: 0x0040, 0xe77: 0x0040, 0xe78: 0x0040, 0xe79: 0x0040, 0xe7a: 0x0040, 0xe7b: 0x0040,
-	0xe7c: 0x0040, 0xe7d: 0x0040, 0xe7e: 0x0040, 0xe7f: 0x0040,
-	// Block 0x3a, offset 0xe80
-	0xe80: 0x000a, 0xe81: 0x0018, 0xe82: 0x29d1, 0xe83: 0x0018, 0xe84: 0x0018, 0xe85: 0x0008,
-	0xe86: 0x0008, 0xe87: 0x0008, 0xe88: 0x0018, 0xe89: 0x0018, 0xe8a: 0x0018, 0xe8b: 0x0018,
-	0xe8c: 0x0018, 0xe8d: 0x0018, 0xe8e: 0x0018, 0xe8f: 0x0018, 0xe90: 0x0018, 0xe91: 0x0018,
-	0xe92: 0x0018, 0xe93: 0x0018, 0xe94: 0x0018, 0xe95: 0x0018, 0xe96: 0x0018, 0xe97: 0x0018,
-	0xe98: 0x0018, 0xe99: 0x0018, 0xe9a: 0x0018, 0xe9b: 0x0018, 0xe9c: 0x0018, 0xe9d: 0x0018,
-	0xe9e: 0x0018, 0xe9f: 0x0018, 0xea0: 0x0018, 0xea1: 0x0018, 0xea2: 0x0018, 0xea3: 0x0018,
-	0xea4: 0x0018, 0xea5: 0x0018, 0xea6: 0x0018, 0xea7: 0x0018, 0xea8: 0x0018, 0xea9: 0x0018,
-	0xeaa: 0x3308, 0xeab: 0x3308, 0xeac: 0x3308, 0xead: 0x3308, 0xeae: 0x3018, 0xeaf: 0x3018,
-	0xeb0: 0x0018, 0xeb1: 0x0018, 0xeb2: 0x0018, 0xeb3: 0x0018, 0xeb4: 0x0018, 0xeb5: 0x0018,
-	0xeb6: 0xe125, 0xeb7: 0x0018, 0xeb8: 0x29bd, 0xeb9: 0x29dd, 0xeba: 0x29fd, 0xebb: 0x0018,
-	0xebc: 0x0008, 0xebd: 0x0018, 0xebe: 0x0018, 0xebf: 0x0018,
-	// Block 0x3b, offset 0xec0
-	0xec0: 0x2b3d, 0xec1: 0x2b5d, 0xec2: 0x2b7d, 0xec3: 0x2b9d, 0xec4: 0x2bbd, 0xec5: 0x2bdd,
-	0xec6: 0x2bdd, 0xec7: 0x2bdd, 0xec8: 0x2bfd, 0xec9: 0x2bfd, 0xeca: 0x2bfd, 0xecb: 0x2bfd,
-	0xecc: 0x2c1d, 0xecd: 0x2c1d, 0xece: 0x2c1d, 0xecf: 0x2c3d, 0xed0: 0x2c5d, 0xed1: 0x2c5d,
-	0xed2: 0x2a7d, 0xed3: 0x2a7d, 0xed4: 0x2c5d, 0xed5: 0x2c5d, 0xed6: 0x2c7d, 0xed7: 0x2c7d,
-	0xed8: 0x2c5d, 0xed9: 0x2c5d, 0xeda: 0x2a7d, 0xedb: 0x2a7d, 0xedc: 0x2c5d, 0xedd: 0x2c5d,
-	0xede: 0x2c3d, 0xedf: 0x2c3d, 0xee0: 0x2c9d, 0xee1: 0x2c9d, 0xee2: 0x2cbd, 0xee3: 0x2cbd,
-	0xee4: 0x0040, 0xee5: 0x2cdd, 0xee6: 0x2cfd, 0xee7: 0x2d1d, 0xee8: 0x2d1d, 0xee9: 0x2d3d,
-	0xeea: 0x2d5d, 0xeeb: 0x2d7d, 0xeec: 0x2d9d, 0xeed: 0x2dbd, 0xeee: 0x2ddd, 0xeef: 0x2dfd,
-	0xef0: 0x2e1d, 0xef1: 0x2e3d, 0xef2: 0x2e3d, 0xef3: 0x2e5d, 0xef4: 0x2e7d, 0xef5: 0x2e7d,
-	0xef6: 0x2e9d, 0xef7: 0x2ebd, 0xef8: 0x2e5d, 0xef9: 0x2edd, 0xefa: 0x2efd, 0xefb: 0x2edd,
-	0xefc: 0x2e5d, 0xefd: 0x2f1d, 0xefe: 0x2f3d, 0xeff: 0x2f5d,
-	// Block 0x3c, offset 0xf00
-	0xf00: 0x2f7d, 0xf01: 0x2f9d, 0xf02: 0x2cfd, 0xf03: 0x2cdd, 0xf04: 0x2fbd, 0xf05: 0x2fdd,
-	0xf06: 0x2ffd, 0xf07: 0x301d, 0xf08: 0x303d, 0xf09: 0x305d, 0xf0a: 0x307d, 0xf0b: 0x309d,
-	0xf0c: 0x30bd, 0xf0d: 0x30dd, 0xf0e: 0x30fd, 0xf0f: 0x0040, 0xf10: 0x0018, 0xf11: 0x0018,
-	0xf12: 0x311d, 0xf13: 0x313d, 0xf14: 0x315d, 0xf15: 0x317d, 0xf16: 0x319d, 0xf17: 0x31bd,
-	0xf18: 0x31dd, 0xf19: 0x31fd, 0xf1a: 0x321d, 0xf1b: 0x323d, 0xf1c: 0x315d, 0xf1d: 0x325d,
-	0xf1e: 0x327d, 0xf1f: 0x329d, 0xf20: 0x0008, 0xf21: 0x0008, 0xf22: 0x0008, 0xf23: 0x0008,
-	0xf24: 0x0008, 0xf25: 0x0008, 0xf26: 0x0008, 0xf27: 0x0008, 0xf28: 0x0008, 0xf29: 0x0008,
-	0xf2a: 0x0008, 0xf2b: 0x0008, 0xf2c: 0x0008, 0xf2d: 0x0008, 0xf2e: 0x0008, 0xf2f: 0x0008,
-	0xf30: 0x0008, 0xf31: 0x0008, 0xf32: 0x0008, 0xf33: 0x0008, 0xf34: 0x0008, 0xf35: 0x0008,
-	0xf36: 0x0008, 0xf37: 0x0008, 0xf38: 0x0008, 0xf39: 0x0008, 0xf3a: 0x0008, 0xf3b: 0x0040,
-	0xf3c: 0x0040, 0xf3d: 0x0040, 0xf3e: 0x0040, 0xf3f: 0x0040,
-	// Block 0x3d, offset 0xf40
-	0xf40: 0x36a2, 0xf41: 0x36d2, 0xf42: 0x3702, 0xf43: 0x3732, 0xf44: 0x32bd, 0xf45: 0x32dd,
-	0xf46: 0x32fd, 0xf47: 0x331d, 0xf48: 0x0018, 0xf49: 0x0018, 0xf4a: 0x0018, 0xf4b: 0x0018,
-	0xf4c: 0x0018, 0xf4d: 0x0018, 0xf4e: 0x0018, 0xf4f: 0x0018, 0xf50: 0x333d, 0xf51: 0x3761,
-	0xf52: 0x3779, 0xf53: 0x3791, 0xf54: 0x37a9, 0xf55: 0x37c1, 0xf56: 0x37d9, 0xf57: 0x37f1,
-	0xf58: 0x3809, 0xf59: 0x3821, 0xf5a: 0x3839, 0xf5b: 0x3851, 0xf5c: 0x3869, 0xf5d: 0x3881,
-	0xf5e: 0x3899, 0xf5f: 0x38b1, 0xf60: 0x335d, 0xf61: 0x337d, 0xf62: 0x339d, 0xf63: 0x33bd,
-	0xf64: 0x33dd, 0xf65: 0x33dd, 0xf66: 0x33fd, 0xf67: 0x341d, 0xf68: 0x343d, 0xf69: 0x345d,
-	0xf6a: 0x347d, 0xf6b: 0x349d, 0xf6c: 0x34bd, 0xf6d: 0x34dd, 0xf6e: 0x34fd, 0xf6f: 0x351d,
-	0xf70: 0x353d, 0xf71: 0x355d, 0xf72: 0x357d, 0xf73: 0x359d, 0xf74: 0x35bd, 0xf75: 0x35dd,
-	0xf76: 0x35fd, 0xf77: 0x361d, 0xf78: 0x363d, 0xf79: 0x365d, 0xf7a: 0x367d, 0xf7b: 0x369d,
-	0xf7c: 0x38c9, 0xf7d: 0x3901, 0xf7e: 0x36bd, 0xf7f: 0x0018,
-	// Block 0x3e, offset 0xf80
-	0xf80: 0x36dd, 0xf81: 0x36fd, 0xf82: 0x371d, 0xf83: 0x373d, 0xf84: 0x375d, 0xf85: 0x377d,
-	0xf86: 0x379d, 0xf87: 0x37bd, 0xf88: 0x37dd, 0xf89: 0x37fd, 0xf8a: 0x381d, 0xf8b: 0x383d,
-	0xf8c: 0x385d, 0xf8d: 0x387d, 0xf8e: 0x389d, 0xf8f: 0x38bd, 0xf90: 0x38dd, 0xf91: 0x38fd,
-	0xf92: 0x391d, 0xf93: 0x393d, 0xf94: 0x395d, 0xf95: 0x397d, 0xf96: 0x399d, 0xf97: 0x39bd,
-	0xf98: 0x39dd, 0xf99: 0x39fd, 0xf9a: 0x3a1d, 0xf9b: 0x3a3d, 0xf9c: 0x3a5d, 0xf9d: 0x3a7d,
-	0xf9e: 0x3a9d, 0xf9f: 0x3abd, 0xfa0: 0x3add, 0xfa1: 0x3afd, 0xfa2: 0x3b1d, 0xfa3: 0x3b3d,
-	0xfa4: 0x3b5d, 0xfa5: 0x3b7d, 0xfa6: 0x127d, 0xfa7: 0x3b9d, 0xfa8: 0x3bbd, 0xfa9: 0x3bdd,
-	0xfaa: 0x3bfd, 0xfab: 0x3c1d, 0xfac: 0x3c3d, 0xfad: 0x3c5d, 0xfae: 0x239d, 0xfaf: 0x3c7d,
-	0xfb0: 0x3c9d, 0xfb1: 0x3939, 0xfb2: 0x3951, 0xfb3: 0x3969, 0xfb4: 0x3981, 0xfb5: 0x3999,
-	0xfb6: 0x39b1, 0xfb7: 0x39c9, 0xfb8: 0x39e1, 0xfb9: 0x39f9, 0xfba: 0x3a11, 0xfbb: 0x3a29,
-	0xfbc: 0x3a41, 0xfbd: 0x3a59, 0xfbe: 0x3a71, 0xfbf: 0x3a89,
-	// Block 0x3f, offset 0xfc0
-	0xfc0: 0x3aa1, 0xfc1: 0x3ac9, 0xfc2: 0x3af1, 0xfc3: 0x3b19, 0xfc4: 0x3b41, 0xfc5: 0x3b69,
-	0xfc6: 0x3b91, 0xfc7: 0x3bb9, 0xfc8: 0x3be1, 0xfc9: 0x3c09, 0xfca: 0x3c39, 0xfcb: 0x3c69,
-	0xfcc: 0x3c99, 0xfcd: 0x3cbd, 0xfce: 0x3cb1, 0xfcf: 0x3cdd, 0xfd0: 0x3cfd, 0xfd1: 0x3d15,
-	0xfd2: 0x3d2d, 0xfd3: 0x3d45, 0xfd4: 0x3d5d, 0xfd5: 0x3d5d, 0xfd6: 0x3d45, 0xfd7: 0x3d75,
-	0xfd8: 0x07bd, 0xfd9: 0x3d8d, 0xfda: 0x3da5, 0xfdb: 0x3dbd, 0xfdc: 0x3dd5, 0xfdd: 0x3ded,
-	0xfde: 0x3e05, 0xfdf: 0x3e1d, 0xfe0: 0x3e35, 0xfe1: 0x3e4d, 0xfe2: 0x3e65, 0xfe3: 0x3e7d,
-	0xfe4: 0x3e95, 0xfe5: 0x3e95, 0xfe6: 0x3ead, 0xfe7: 0x3ead, 0xfe8: 0x3ec5, 0xfe9: 0x3ec5,
-	0xfea: 0x3edd, 0xfeb: 0x3ef5, 0xfec: 0x3f0d, 0xfed: 0x3f25, 0xfee: 0x3f3d, 0xfef: 0x3f3d,
-	0xff0: 0x3f55, 0xff1: 0x3f55, 0xff2: 0x3f55, 0xff3: 0x3f6d, 0xff4: 0x3f85, 0xff5: 0x3f9d,
-	0xff6: 0x3fb5, 0xff7: 0x3f9d, 0xff8: 0x3fcd, 0xff9: 0x3fe5, 0xffa: 0x3f6d, 0xffb: 0x3ffd,
-	0xffc: 0x4015, 0xffd: 0x4015, 0xffe: 0x4015, 0xfff: 0x0040,
-	// Block 0x40, offset 0x1000
-	0x1000: 0x3cc9, 0x1001: 0x3d31, 0x1002: 0x3d99, 0x1003: 0x3e01, 0x1004: 0x3e51, 0x1005: 0x3eb9,
-	0x1006: 0x3f09, 0x1007: 0x3f59, 0x1008: 0x3fd9, 0x1009: 0x4041, 0x100a: 0x4091, 0x100b: 0x40e1,
-	0x100c: 0x4131, 0x100d: 0x4199, 0x100e: 0x4201, 0x100f: 0x4251, 0x1010: 0x42a1, 0x1011: 0x42d9,
-	0x1012: 0x4329, 0x1013: 0x4391, 0x1014: 0x43f9, 0x1015: 0x4431, 0x1016: 0x44b1, 0x1017: 0x4549,
-	0x1018: 0x45c9, 0x1019: 0x4619, 0x101a: 0x4699, 0x101b: 0x4719, 0x101c: 0x4781, 0x101d: 0x47d1,
-	0x101e: 0x4821, 0x101f: 0x4871, 0x1020: 0x48d9, 0x1021: 0x4959, 0x1022: 0x49c1, 0x1023: 0x4a11,
-	0x1024: 0x4a61, 0x1025: 0x4ab1, 0x1026: 0x4ae9, 0x1027: 0x4b21, 0x1028: 0x4b59, 0x1029: 0x4b91,
-	0x102a: 0x4be1, 0x102b: 0x4c31, 0x102c: 0x4cb1, 0x102d: 0x4d01, 0x102e: 0x4d69, 0x102f: 0x4de9,
-	0x1030: 0x4e39, 0x1031: 0x4e71, 0x1032: 0x4ea9, 0x1033: 0x4f29, 0x1034: 0x4f91, 0x1035: 0x5011,
-	0x1036: 0x5061, 0x1037: 0x50e1, 0x1038: 0x5119, 0x1039: 0x5169, 0x103a: 0x51b9, 0x103b: 0x5209,
-	0x103c: 0x5259, 0x103d: 0x52a9, 0x103e: 0x5311, 0x103f: 0x5361,
-	// Block 0x41, offset 0x1040
-	0x1040: 0x5399, 0x1041: 0x53e9, 0x1042: 0x5439, 0x1043: 0x5489, 0x1044: 0x54f1, 0x1045: 0x5541,
-	0x1046: 0x5591, 0x1047: 0x55e1, 0x1048: 0x5661, 0x1049: 0x56c9, 0x104a: 0x5701, 0x104b: 0x5781,
-	0x104c: 0x57b9, 0x104d: 0x5821, 0x104e: 0x5889, 0x104f: 0x58d9, 0x1050: 0x5929, 0x1051: 0x5979,
-	0x1052: 0x59e1, 0x1053: 0x5a19, 0x1054: 0x5a69, 0x1055: 0x5ad1, 0x1056: 0x5b09, 0x1057: 0x5b89,
-	0x1058: 0x5bd9, 0x1059: 0x5c01, 0x105a: 0x5c29, 0x105b: 0x5c51, 0x105c: 0x5c79, 0x105d: 0x5ca1,
-	0x105e: 0x5cc9, 0x105f: 0x5cf1, 0x1060: 0x5d19, 0x1061: 0x5d41, 0x1062: 0x5d69, 0x1063: 0x5d99,
-	0x1064: 0x5dc9, 0x1065: 0x5df9, 0x1066: 0x5e29, 0x1067: 0x5e59, 0x1068: 0x5e89, 0x1069: 0x5eb9,
-	0x106a: 0x5ee9, 0x106b: 0x5f19, 0x106c: 0x5f49, 0x106d: 0x5f79, 0x106e: 0x5fa9, 0x106f: 0x5fd9,
-	0x1070: 0x6009, 0x1071: 0x402d, 0x1072: 0x6039, 0x1073: 0x6051, 0x1074: 0x404d, 0x1075: 0x6069,
-	0x1076: 0x6081, 0x1077: 0x6099, 0x1078: 0x406d, 0x1079: 0x406d, 0x107a: 0x60b1, 0x107b: 0x60c9,
-	0x107c: 0x6101, 0x107d: 0x6139, 0x107e: 0x6171, 0x107f: 0x61a9,
-	// Block 0x42, offset 0x1080
-	0x1080: 0x6211, 0x1081: 0x6229, 0x1082: 0x408d, 0x1083: 0x6241, 0x1084: 0x6259, 0x1085: 0x6271,
-	0x1086: 0x6289, 0x1087: 0x62a1, 0x1088: 0x40ad, 0x1089: 0x62b9, 0x108a: 0x62e1, 0x108b: 0x62f9,
-	0x108c: 0x40cd, 0x108d: 0x40cd, 0x108e: 0x6311, 0x108f: 0x6329, 0x1090: 0x6341, 0x1091: 0x40ed,
-	0x1092: 0x410d, 0x1093: 0x412d, 0x1094: 0x414d, 0x1095: 0x416d, 0x1096: 0x6359, 0x1097: 0x6371,
-	0x1098: 0x6389, 0x1099: 0x63a1, 0x109a: 0x63b9, 0x109b: 0x418d, 0x109c: 0x63d1, 0x109d: 0x63e9,
-	0x109e: 0x6401, 0x109f: 0x41ad, 0x10a0: 0x41cd, 0x10a1: 0x6419, 0x10a2: 0x41ed, 0x10a3: 0x420d,
-	0x10a4: 0x422d, 0x10a5: 0x6431, 0x10a6: 0x424d, 0x10a7: 0x6449, 0x10a8: 0x6479, 0x10a9: 0x6211,
-	0x10aa: 0x426d, 0x10ab: 0x428d, 0x10ac: 0x42ad, 0x10ad: 0x42cd, 0x10ae: 0x64b1, 0x10af: 0x64f1,
-	0x10b0: 0x6539, 0x10b1: 0x6551, 0x10b2: 0x42ed, 0x10b3: 0x6569, 0x10b4: 0x6581, 0x10b5: 0x6599,
-	0x10b6: 0x430d, 0x10b7: 0x65b1, 0x10b8: 0x65c9, 0x10b9: 0x65b1, 0x10ba: 0x65e1, 0x10bb: 0x65f9,
-	0x10bc: 0x432d, 0x10bd: 0x6611, 0x10be: 0x6629, 0x10bf: 0x6611,
-	// Block 0x43, offset 0x10c0
-	0x10c0: 0x434d, 0x10c1: 0x436d, 0x10c2: 0x0040, 0x10c3: 0x6641, 0x10c4: 0x6659, 0x10c5: 0x6671,
-	0x10c6: 0x6689, 0x10c7: 0x0040, 0x10c8: 0x66c1, 0x10c9: 0x66d9, 0x10ca: 0x66f1, 0x10cb: 0x6709,
-	0x10cc: 0x6721, 0x10cd: 0x6739, 0x10ce: 0x6401, 0x10cf: 0x6751, 0x10d0: 0x6769, 0x10d1: 0x6781,
-	0x10d2: 0x438d, 0x10d3: 0x6799, 0x10d4: 0x6289, 0x10d5: 0x43ad, 0x10d6: 0x43cd, 0x10d7: 0x67b1,
-	0x10d8: 0x0040, 0x10d9: 0x43ed, 0x10da: 0x67c9, 0x10db: 0x67e1, 0x10dc: 0x67f9, 0x10dd: 0x6811,
-	0x10de: 0x6829, 0x10df: 0x6859, 0x10e0: 0x6889, 0x10e1: 0x68b1, 0x10e2: 0x68d9, 0x10e3: 0x6901,
-	0x10e4: 0x6929, 0x10e5: 0x6951, 0x10e6: 0x6979, 0x10e7: 0x69a1, 0x10e8: 0x69c9, 0x10e9: 0x69f1,
-	0x10ea: 0x6a21, 0x10eb: 0x6a51, 0x10ec: 0x6a81, 0x10ed: 0x6ab1, 0x10ee: 0x6ae1, 0x10ef: 0x6b11,
-	0x10f0: 0x6b41, 0x10f1: 0x6b71, 0x10f2: 0x6ba1, 0x10f3: 0x6bd1, 0x10f4: 0x6c01, 0x10f5: 0x6c31,
-	0x10f6: 0x6c61, 0x10f7: 0x6c91, 0x10f8: 0x6cc1, 0x10f9: 0x6cf1, 0x10fa: 0x6d21, 0x10fb: 0x6d51,
-	0x10fc: 0x6d81, 0x10fd: 0x6db1, 0x10fe: 0x6de1, 0x10ff: 0x440d,
-	// Block 0x44, offset 0x1100
-	0x1100: 0xe00d, 0x1101: 0x0008, 0x1102: 0xe00d, 0x1103: 0x0008, 0x1104: 0xe00d, 0x1105: 0x0008,
-	0x1106: 0xe00d, 0x1107: 0x0008, 0x1108: 0xe00d, 0x1109: 0x0008, 0x110a: 0xe00d, 0x110b: 0x0008,
-	0x110c: 0xe00d, 0x110d: 0x0008, 0x110e: 0xe00d, 0x110f: 0x0008, 0x1110: 0xe00d, 0x1111: 0x0008,
-	0x1112: 0xe00d, 0x1113: 0x0008, 0x1114: 0xe00d, 0x1115: 0x0008, 0x1116: 0xe00d, 0x1117: 0x0008,
-	0x1118: 0xe00d, 0x1119: 0x0008, 0x111a: 0xe00d, 0x111b: 0x0008, 0x111c: 0xe00d, 0x111d: 0x0008,
-	0x111e: 0xe00d, 0x111f: 0x0008, 0x1120: 0xe00d, 0x1121: 0x0008, 0x1122: 0xe00d, 0x1123: 0x0008,
-	0x1124: 0xe00d, 0x1125: 0x0008, 0x1126: 0xe00d, 0x1127: 0x0008, 0x1128: 0xe00d, 0x1129: 0x0008,
-	0x112a: 0xe00d, 0x112b: 0x0008, 0x112c: 0xe00d, 0x112d: 0x0008, 0x112e: 0x0008, 0x112f: 0x3308,
-	0x1130: 0x3318, 0x1131: 0x3318, 0x1132: 0x3318, 0x1133: 0x0018, 0x1134: 0x3308, 0x1135: 0x3308,
-	0x1136: 0x3308, 0x1137: 0x3308, 0x1138: 0x3308, 0x1139: 0x3308, 0x113a: 0x3308, 0x113b: 0x3308,
-	0x113c: 0x3308, 0x113d: 0x3308, 0x113e: 0x0018, 0x113f: 0x0008,
-	// Block 0x45, offset 0x1140
-	0x1140: 0xe00d, 0x1141: 0x0008, 0x1142: 0xe00d, 0x1143: 0x0008, 0x1144: 0xe00d, 0x1145: 0x0008,
-	0x1146: 0xe00d, 0x1147: 0x0008, 0x1148: 0xe00d, 0x1149: 0x0008, 0x114a: 0xe00d, 0x114b: 0x0008,
-	0x114c: 0xe00d, 0x114d: 0x0008, 0x114e: 0xe00d, 0x114f: 0x0008, 0x1150: 0xe00d, 0x1151: 0x0008,
-	0x1152: 0xe00d, 0x1153: 0x0008, 0x1154: 0xe00d, 0x1155: 0x0008, 0x1156: 0xe00d, 0x1157: 0x0008,
-	0x1158: 0xe00d, 0x1159: 0x0008, 0x115a: 0xe00d, 0x115b: 0x0008, 0x115c: 0x0ea1, 0x115d: 0x6e11,
-	0x115e: 0x3308, 0x115f: 0x3308, 0x1160: 0x0008, 0x1161: 0x0008, 0x1162: 0x0008, 0x1163: 0x0008,
-	0x1164: 0x0008, 0x1165: 0x0008, 0x1166: 0x0008, 0x1167: 0x0008, 0x1168: 0x0008, 0x1169: 0x0008,
-	0x116a: 0x0008, 0x116b: 0x0008, 0x116c: 0x0008, 0x116d: 0x0008, 0x116e: 0x0008, 0x116f: 0x0008,
-	0x1170: 0x0008, 0x1171: 0x0008, 0x1172: 0x0008, 0x1173: 0x0008, 0x1174: 0x0008, 0x1175: 0x0008,
-	0x1176: 0x0008, 0x1177: 0x0008, 0x1178: 0x0008, 0x1179: 0x0008, 0x117a: 0x0008, 0x117b: 0x0008,
-	0x117c: 0x0008, 0x117d: 0x0008, 0x117e: 0x0008, 0x117f: 0x0008,
-	// Block 0x46, offset 0x1180
-	0x1180: 0x0018, 0x1181: 0x0018, 0x1182: 0x0018, 0x1183: 0x0018, 0x1184: 0x0018, 0x1185: 0x0018,
-	0x1186: 0x0018, 0x1187: 0x0018, 0x1188: 0x0018, 0x1189: 0x0018, 0x118a: 0x0018, 0x118b: 0x0018,
-	0x118c: 0x0018, 0x118d: 0x0018, 0x118e: 0x0018, 0x118f: 0x0018, 0x1190: 0x0018, 0x1191: 0x0018,
-	0x1192: 0x0018, 0x1193: 0x0018, 0x1194: 0x0018, 0x1195: 0x0018, 0x1196: 0x0018, 0x1197: 0x0008,
-	0x1198: 0x0008, 0x1199: 0x0008, 0x119a: 0x0008, 0x119b: 0x0008, 0x119c: 0x0008, 0x119d: 0x0008,
-	0x119e: 0x0008, 0x119f: 0x0008, 0x11a0: 0x0018, 0x11a1: 0x0018, 0x11a2: 0xe00d, 0x11a3: 0x0008,
-	0x11a4: 0xe00d, 0x11a5: 0x0008, 0x11a6: 0xe00d, 0x11a7: 0x0008, 0x11a8: 0xe00d, 0x11a9: 0x0008,
-	0x11aa: 0xe00d, 0x11ab: 0x0008, 0x11ac: 0xe00d, 0x11ad: 0x0008, 0x11ae: 0xe00d, 0x11af: 0x0008,
-	0x11b0: 0x0008, 0x11b1: 0x0008, 0x11b2: 0xe00d, 0x11b3: 0x0008, 0x11b4: 0xe00d, 0x11b5: 0x0008,
-	0x11b6: 0xe00d, 0x11b7: 0x0008, 0x11b8: 0xe00d, 0x11b9: 0x0008, 0x11ba: 0xe00d, 0x11bb: 0x0008,
-	0x11bc: 0xe00d, 0x11bd: 0x0008, 0x11be: 0xe00d, 0x11bf: 0x0008,
-	// Block 0x47, offset 0x11c0
-	0x11c0: 0xe00d, 0x11c1: 0x0008, 0x11c2: 0xe00d, 0x11c3: 0x0008, 0x11c4: 0xe00d, 0x11c5: 0x0008,
-	0x11c6: 0xe00d, 0x11c7: 0x0008, 0x11c8: 0xe00d, 0x11c9: 0x0008, 0x11ca: 0xe00d, 0x11cb: 0x0008,
-	0x11cc: 0xe00d, 0x11cd: 0x0008, 0x11ce: 0xe00d, 0x11cf: 0x0008, 0x11d0: 0xe00d, 0x11d1: 0x0008,
-	0x11d2: 0xe00d, 0x11d3: 0x0008, 0x11d4: 0xe00d, 0x11d5: 0x0008, 0x11d6: 0xe00d, 0x11d7: 0x0008,
-	0x11d8: 0xe00d, 0x11d9: 0x0008, 0x11da: 0xe00d, 0x11db: 0x0008, 0x11dc: 0xe00d, 0x11dd: 0x0008,
-	0x11de: 0xe00d, 0x11df: 0x0008, 0x11e0: 0xe00d, 0x11e1: 0x0008, 0x11e2: 0xe00d, 0x11e3: 0x0008,
-	0x11e4: 0xe00d, 0x11e5: 0x0008, 0x11e6: 0xe00d, 0x11e7: 0x0008, 0x11e8: 0xe00d, 0x11e9: 0x0008,
-	0x11ea: 0xe00d, 0x11eb: 0x0008, 0x11ec: 0xe00d, 0x11ed: 0x0008, 0x11ee: 0xe00d, 0x11ef: 0x0008,
-	0x11f0: 0xe0fd, 0x11f1: 0x0008, 0x11f2: 0x0008, 0x11f3: 0x0008, 0x11f4: 0x0008, 0x11f5: 0x0008,
-	0x11f6: 0x0008, 0x11f7: 0x0008, 0x11f8: 0x0008, 0x11f9: 0xe01d, 0x11fa: 0x0008, 0x11fb: 0xe03d,
-	0x11fc: 0x0008, 0x11fd: 0x442d, 0x11fe: 0xe00d, 0x11ff: 0x0008,
-	// Block 0x48, offset 0x1200
-	0x1200: 0xe00d, 0x1201: 0x0008, 0x1202: 0xe00d, 0x1203: 0x0008, 0x1204: 0xe00d, 0x1205: 0x0008,
-	0x1206: 0xe00d, 0x1207: 0x0008, 0x1208: 0x0008, 0x1209: 0x0018, 0x120a: 0x0018, 0x120b: 0xe03d,
-	0x120c: 0x0008, 0x120d: 0x11d9, 0x120e: 0x0008, 0x120f: 0x0008, 0x1210: 0xe00d, 0x1211: 0x0008,
-	0x1212: 0xe00d, 0x1213: 0x0008, 0x1214: 0x0008, 0x1215: 0x0008, 0x1216: 0xe00d, 0x1217: 0x0008,
-	0x1218: 0xe00d, 0x1219: 0x0008, 0x121a: 0xe00d, 0x121b: 0x0008, 0x121c: 0xe00d, 0x121d: 0x0008,
-	0x121e: 0xe00d, 0x121f: 0x0008, 0x1220: 0xe00d, 0x1221: 0x0008, 0x1222: 0xe00d, 0x1223: 0x0008,
-	0x1224: 0xe00d, 0x1225: 0x0008, 0x1226: 0xe00d, 0x1227: 0x0008, 0x1228: 0xe00d, 0x1229: 0x0008,
-	0x122a: 0x6e29, 0x122b: 0x1029, 0x122c: 0x11c1, 0x122d: 0x6e41, 0x122e: 0x1221, 0x122f: 0x0040,
-	0x1230: 0x6e59, 0x1231: 0x6e71, 0x1232: 0x1239, 0x1233: 0x444d, 0x1234: 0xe00d, 0x1235: 0x0008,
-	0x1236: 0xe00d, 0x1237: 0x0008, 0x1238: 0x0040, 0x1239: 0x0040, 0x123a: 0x0040, 0x123b: 0x0040,
-	0x123c: 0x0040, 0x123d: 0x0040, 0x123e: 0x0040, 0x123f: 0x0040,
-	// Block 0x49, offset 0x1240
-	0x1240: 0x64d5, 0x1241: 0x64f5, 0x1242: 0x6515, 0x1243: 0x6535, 0x1244: 0x6555, 0x1245: 0x6575,
-	0x1246: 0x6595, 0x1247: 0x65b5, 0x1248: 0x65d5, 0x1249: 0x65f5, 0x124a: 0x6615, 0x124b: 0x6635,
-	0x124c: 0x6655, 0x124d: 0x6675, 0x124e: 0x0008, 0x124f: 0x0008, 0x1250: 0x6695, 0x1251: 0x0008,
-	0x1252: 0x66b5, 0x1253: 0x0008, 0x1254: 0x0008, 0x1255: 0x66d5, 0x1256: 0x66f5, 0x1257: 0x6715,
-	0x1258: 0x6735, 0x1259: 0x6755, 0x125a: 0x6775, 0x125b: 0x6795, 0x125c: 0x67b5, 0x125d: 0x67d5,
-	0x125e: 0x67f5, 0x125f: 0x0008, 0x1260: 0x6815, 0x1261: 0x0008, 0x1262: 0x6835, 0x1263: 0x0008,
-	0x1264: 0x0008, 0x1265: 0x6855, 0x1266: 0x6875, 0x1267: 0x0008, 0x1268: 0x0008, 0x1269: 0x0008,
-	0x126a: 0x6895, 0x126b: 0x68b5, 0x126c: 0x68d5, 0x126d: 0x68f5, 0x126e: 0x6915, 0x126f: 0x6935,
-	0x1270: 0x6955, 0x1271: 0x6975, 0x1272: 0x6995, 0x1273: 0x69b5, 0x1274: 0x69d5, 0x1275: 0x69f5,
-	0x1276: 0x6a15, 0x1277: 0x6a35, 0x1278: 0x6a55, 0x1279: 0x6a75, 0x127a: 0x6a95, 0x127b: 0x6ab5,
-	0x127c: 0x6ad5, 0x127d: 0x6af5, 0x127e: 0x6b15, 0x127f: 0x6b35,
-	// Block 0x4a, offset 0x1280
-	0x1280: 0x7a95, 0x1281: 0x7ab5, 0x1282: 0x7ad5, 0x1283: 0x7af5, 0x1284: 0x7b15, 0x1285: 0x7b35,
-	0x1286: 0x7b55, 0x1287: 0x7b75, 0x1288: 0x7b95, 0x1289: 0x7bb5, 0x128a: 0x7bd5, 0x128b: 0x7bf5,
-	0x128c: 0x7c15, 0x128d: 0x7c35, 0x128e: 0x7c55, 0x128f: 0x6ec9, 0x1290: 0x6ef1, 0x1291: 0x6f19,
-	0x1292: 0x7c75, 0x1293: 0x7c95, 0x1294: 0x7cb5, 0x1295: 0x6f41, 0x1296: 0x6f69, 0x1297: 0x6f91,
-	0x1298: 0x7cd5, 0x1299: 0x7cf5, 0x129a: 0x0040, 0x129b: 0x0040, 0x129c: 0x0040, 0x129d: 0x0040,
-	0x129e: 0x0040, 0x129f: 0x0040, 0x12a0: 0x0040, 0x12a1: 0x0040, 0x12a2: 0x0040, 0x12a3: 0x0040,
-	0x12a4: 0x0040, 0x12a5: 0x0040, 0x12a6: 0x0040, 0x12a7: 0x0040, 0x12a8: 0x0040, 0x12a9: 0x0040,
-	0x12aa: 0x0040, 0x12ab: 0x0040, 0x12ac: 0x0040, 0x12ad: 0x0040, 0x12ae: 0x0040, 0x12af: 0x0040,
-	0x12b0: 0x0040, 0x12b1: 0x0040, 0x12b2: 0x0040, 0x12b3: 0x0040, 0x12b4: 0x0040, 0x12b5: 0x0040,
-	0x12b6: 0x0040, 0x12b7: 0x0040, 0x12b8: 0x0040, 0x12b9: 0x0040, 0x12ba: 0x0040, 0x12bb: 0x0040,
-	0x12bc: 0x0040, 0x12bd: 0x0040, 0x12be: 0x0040, 0x12bf: 0x0040,
-	// Block 0x4b, offset 0x12c0
-	0x12c0: 0x6fb9, 0x12c1: 0x6fd1, 0x12c2: 0x6fe9, 0x12c3: 0x7d15, 0x12c4: 0x7d35, 0x12c5: 0x7001,
-	0x12c6: 0x7001, 0x12c7: 0x0040, 0x12c8: 0x0040, 0x12c9: 0x0040, 0x12ca: 0x0040, 0x12cb: 0x0040,
-	0x12cc: 0x0040, 0x12cd: 0x0040, 0x12ce: 0x0040, 0x12cf: 0x0040, 0x12d0: 0x0040, 0x12d1: 0x0040,
-	0x12d2: 0x0040, 0x12d3: 0x7019, 0x12d4: 0x7041, 0x12d5: 0x7069, 0x12d6: 0x7091, 0x12d7: 0x70b9,
-	0x12d8: 0x0040, 0x12d9: 0x0040, 0x12da: 0x0040, 0x12db: 0x0040, 0x12dc: 0x0040, 0x12dd: 0x70e1,
-	0x12de: 0x3308, 0x12df: 0x7109, 0x12e0: 0x7131, 0x12e1: 0x20a9, 0x12e2: 0x20f1, 0x12e3: 0x7149,
-	0x12e4: 0x7161, 0x12e5: 0x7179, 0x12e6: 0x7191, 0x12e7: 0x71a9, 0x12e8: 0x71c1, 0x12e9: 0x1fb2,
-	0x12ea: 0x71d9, 0x12eb: 0x7201, 0x12ec: 0x7229, 0x12ed: 0x7261, 0x12ee: 0x7299, 0x12ef: 0x72c1,
-	0x12f0: 0x72e9, 0x12f1: 0x7311, 0x12f2: 0x7339, 0x12f3: 0x7361, 0x12f4: 0x7389, 0x12f5: 0x73b1,
-	0x12f6: 0x73d9, 0x12f7: 0x0040, 0x12f8: 0x7401, 0x12f9: 0x7429, 0x12fa: 0x7451, 0x12fb: 0x7479,
-	0x12fc: 0x74a1, 0x12fd: 0x0040, 0x12fe: 0x74c9, 0x12ff: 0x0040,
-	// Block 0x4c, offset 0x1300
-	0x1300: 0x74f1, 0x1301: 0x7519, 0x1302: 0x0040, 0x1303: 0x7541, 0x1304: 0x7569, 0x1305: 0x0040,
-	0x1306: 0x7591, 0x1307: 0x75b9, 0x1308: 0x75e1, 0x1309: 0x7609, 0x130a: 0x7631, 0x130b: 0x7659,
-	0x130c: 0x7681, 0x130d: 0x76a9, 0x130e: 0x76d1, 0x130f: 0x76f9, 0x1310: 0x7721, 0x1311: 0x7721,
-	0x1312: 0x7739, 0x1313: 0x7739, 0x1314: 0x7739, 0x1315: 0x7739, 0x1316: 0x7751, 0x1317: 0x7751,
-	0x1318: 0x7751, 0x1319: 0x7751, 0x131a: 0x7769, 0x131b: 0x7769, 0x131c: 0x7769, 0x131d: 0x7769,
-	0x131e: 0x7781, 0x131f: 0x7781, 0x1320: 0x7781, 0x1321: 0x7781, 0x1322: 0x7799, 0x1323: 0x7799,
-	0x1324: 0x7799, 0x1325: 0x7799, 0x1326: 0x77b1, 0x1327: 0x77b1, 0x1328: 0x77b1, 0x1329: 0x77b1,
-	0x132a: 0x77c9, 0x132b: 0x77c9, 0x132c: 0x77c9, 0x132d: 0x77c9, 0x132e: 0x77e1, 0x132f: 0x77e1,
-	0x1330: 0x77e1, 0x1331: 0x77e1, 0x1332: 0x77f9, 0x1333: 0x77f9, 0x1334: 0x77f9, 0x1335: 0x77f9,
-	0x1336: 0x7811, 0x1337: 0x7811, 0x1338: 0x7811, 0x1339: 0x7811, 0x133a: 0x7829, 0x133b: 0x7829,
-	0x133c: 0x7829, 0x133d: 0x7829, 0x133e: 0x7841, 0x133f: 0x7841,
-	// Block 0x4d, offset 0x1340
-	0x1340: 0x7841, 0x1341: 0x7841, 0x1342: 0x7859, 0x1343: 0x7859, 0x1344: 0x7871, 0x1345: 0x7871,
-	0x1346: 0x7889, 0x1347: 0x7889, 0x1348: 0x78a1, 0x1349: 0x78a1, 0x134a: 0x78b9, 0x134b: 0x78b9,
-	0x134c: 0x78d1, 0x134d: 0x78d1, 0x134e: 0x78e9, 0x134f: 0x78e9, 0x1350: 0x78e9, 0x1351: 0x78e9,
-	0x1352: 0x7901, 0x1353: 0x7901, 0x1354: 0x7901, 0x1355: 0x7901, 0x1356: 0x7919, 0x1357: 0x7919,
-	0x1358: 0x7919, 0x1359: 0x7919, 0x135a: 0x7931, 0x135b: 0x7931, 0x135c: 0x7931, 0x135d: 0x7931,
-	0x135e: 0x7949, 0x135f: 0x7949, 0x1360: 0x7961, 0x1361: 0x7961, 0x1362: 0x7961, 0x1363: 0x7961,
-	0x1364: 0x7979, 0x1365: 0x7979, 0x1366: 0x7991, 0x1367: 0x7991, 0x1368: 0x7991, 0x1369: 0x7991,
-	0x136a: 0x79a9, 0x136b: 0x79a9, 0x136c: 0x79a9, 0x136d: 0x79a9, 0x136e: 0x79c1, 0x136f: 0x79c1,
-	0x1370: 0x79d9, 0x1371: 0x79d9, 0x1372: 0x0818, 0x1373: 0x0818, 0x1374: 0x0818, 0x1375: 0x0818,
-	0x1376: 0x0818, 0x1377: 0x0818, 0x1378: 0x0818, 0x1379: 0x0818, 0x137a: 0x0818, 0x137b: 0x0818,
-	0x137c: 0x0818, 0x137d: 0x0818, 0x137e: 0x0818, 0x137f: 0x0818,
-	// Block 0x4e, offset 0x1380
-	0x1380: 0x0818, 0x1381: 0x0818, 0x1382: 0x0040, 0x1383: 0x0040, 0x1384: 0x0040, 0x1385: 0x0040,
-	0x1386: 0x0040, 0x1387: 0x0040, 0x1388: 0x0040, 0x1389: 0x0040, 0x138a: 0x0040, 0x138b: 0x0040,
-	0x138c: 0x0040, 0x138d: 0x0040, 0x138e: 0x0040, 0x138f: 0x0040, 0x1390: 0x0040, 0x1391: 0x0040,
-	0x1392: 0x0040, 0x1393: 0x79f1, 0x1394: 0x79f1, 0x1395: 0x79f1, 0x1396: 0x79f1, 0x1397: 0x7a09,
-	0x1398: 0x7a09, 0x1399: 0x7a21, 0x139a: 0x7a21, 0x139b: 0x7a39, 0x139c: 0x7a39, 0x139d: 0x0479,
-	0x139e: 0x7a51, 0x139f: 0x7a51, 0x13a0: 0x7a69, 0x13a1: 0x7a69, 0x13a2: 0x7a81, 0x13a3: 0x7a81,
-	0x13a4: 0x7a99, 0x13a5: 0x7a99, 0x13a6: 0x7a99, 0x13a7: 0x7a99, 0x13a8: 0x7ab1, 0x13a9: 0x7ab1,
-	0x13aa: 0x7ac9, 0x13ab: 0x7ac9, 0x13ac: 0x7af1, 0x13ad: 0x7af1, 0x13ae: 0x7b19, 0x13af: 0x7b19,
-	0x13b0: 0x7b41, 0x13b1: 0x7b41, 0x13b2: 0x7b69, 0x13b3: 0x7b69, 0x13b4: 0x7b91, 0x13b5: 0x7b91,
-	0x13b6: 0x7bb9, 0x13b7: 0x7bb9, 0x13b8: 0x7bb9, 0x13b9: 0x7be1, 0x13ba: 0x7be1, 0x13bb: 0x7be1,
-	0x13bc: 0x7c09, 0x13bd: 0x7c09, 0x13be: 0x7c09, 0x13bf: 0x7c09,
-	// Block 0x4f, offset 0x13c0
-	0x13c0: 0x85f9, 0x13c1: 0x8621, 0x13c2: 0x8649, 0x13c3: 0x8671, 0x13c4: 0x8699, 0x13c5: 0x86c1,
-	0x13c6: 0x86e9, 0x13c7: 0x8711, 0x13c8: 0x8739, 0x13c9: 0x8761, 0x13ca: 0x8789, 0x13cb: 0x87b1,
-	0x13cc: 0x87d9, 0x13cd: 0x8801, 0x13ce: 0x8829, 0x13cf: 0x8851, 0x13d0: 0x8879, 0x13d1: 0x88a1,
-	0x13d2: 0x88c9, 0x13d3: 0x88f1, 0x13d4: 0x8919, 0x13d5: 0x8941, 0x13d6: 0x8969, 0x13d7: 0x8991,
-	0x13d8: 0x89b9, 0x13d9: 0x89e1, 0x13da: 0x8a09, 0x13db: 0x8a31, 0x13dc: 0x8a59, 0x13dd: 0x8a81,
-	0x13de: 0x8aaa, 0x13df: 0x8ada, 0x13e0: 0x8b0a, 0x13e1: 0x8b3a, 0x13e2: 0x8b6a, 0x13e3: 0x8b9a,
-	0x13e4: 0x8bc9, 0x13e5: 0x8bf1, 0x13e6: 0x7c71, 0x13e7: 0x8c19, 0x13e8: 0x7be1, 0x13e9: 0x7c99,
-	0x13ea: 0x8c41, 0x13eb: 0x8c69, 0x13ec: 0x7d39, 0x13ed: 0x8c91, 0x13ee: 0x7d61, 0x13ef: 0x7d89,
-	0x13f0: 0x8cb9, 0x13f1: 0x8ce1, 0x13f2: 0x7e29, 0x13f3: 0x8d09, 0x13f4: 0x7e51, 0x13f5: 0x7e79,
-	0x13f6: 0x8d31, 0x13f7: 0x8d59, 0x13f8: 0x7ec9, 0x13f9: 0x8d81, 0x13fa: 0x7ef1, 0x13fb: 0x7f19,
-	0x13fc: 0x83a1, 0x13fd: 0x83c9, 0x13fe: 0x8441, 0x13ff: 0x8469,
-	// Block 0x50, offset 0x1400
-	0x1400: 0x8491, 0x1401: 0x8531, 0x1402: 0x8559, 0x1403: 0x8581, 0x1404: 0x85a9, 0x1405: 0x8649,
-	0x1406: 0x8671, 0x1407: 0x8699, 0x1408: 0x8da9, 0x1409: 0x8739, 0x140a: 0x8dd1, 0x140b: 0x8df9,
-	0x140c: 0x8829, 0x140d: 0x8e21, 0x140e: 0x8851, 0x140f: 0x8879, 0x1410: 0x8a81, 0x1411: 0x8e49,
-	0x1412: 0x8e71, 0x1413: 0x89b9, 0x1414: 0x8e99, 0x1415: 0x89e1, 0x1416: 0x8a09, 0x1417: 0x7c21,
-	0x1418: 0x7c49, 0x1419: 0x8ec1, 0x141a: 0x7c71, 0x141b: 0x8ee9, 0x141c: 0x7cc1, 0x141d: 0x7ce9,
-	0x141e: 0x7d11, 0x141f: 0x7d39, 0x1420: 0x8f11, 0x1421: 0x7db1, 0x1422: 0x7dd9, 0x1423: 0x7e01,
-	0x1424: 0x7e29, 0x1425: 0x8f39, 0x1426: 0x7ec9, 0x1427: 0x7f41, 0x1428: 0x7f69, 0x1429: 0x7f91,
-	0x142a: 0x7fb9, 0x142b: 0x7fe1, 0x142c: 0x8031, 0x142d: 0x8059, 0x142e: 0x8081, 0x142f: 0x80a9,
-	0x1430: 0x80d1, 0x1431: 0x80f9, 0x1432: 0x8f61, 0x1433: 0x8121, 0x1434: 0x8149, 0x1435: 0x8171,
-	0x1436: 0x8199, 0x1437: 0x81c1, 0x1438: 0x81e9, 0x1439: 0x8239, 0x143a: 0x8261, 0x143b: 0x8289,
-	0x143c: 0x82b1, 0x143d: 0x82d9, 0x143e: 0x8301, 0x143f: 0x8329,
-	// Block 0x51, offset 0x1440
-	0x1440: 0x8351, 0x1441: 0x8379, 0x1442: 0x83f1, 0x1443: 0x8419, 0x1444: 0x84b9, 0x1445: 0x84e1,
-	0x1446: 0x8509, 0x1447: 0x8531, 0x1448: 0x8559, 0x1449: 0x85d1, 0x144a: 0x85f9, 0x144b: 0x8621,
-	0x144c: 0x8649, 0x144d: 0x8f89, 0x144e: 0x86c1, 0x144f: 0x86e9, 0x1450: 0x8711, 0x1451: 0x8739,
-	0x1452: 0x87b1, 0x1453: 0x87d9, 0x1454: 0x8801, 0x1455: 0x8829, 0x1456: 0x8fb1, 0x1457: 0x88a1,
-	0x1458: 0x88c9, 0x1459: 0x8fd9, 0x145a: 0x8941, 0x145b: 0x8969, 0x145c: 0x8991, 0x145d: 0x89b9,
-	0x145e: 0x9001, 0x145f: 0x7c71, 0x1460: 0x8ee9, 0x1461: 0x7d39, 0x1462: 0x8f11, 0x1463: 0x7e29,
-	0x1464: 0x8f39, 0x1465: 0x7ec9, 0x1466: 0x9029, 0x1467: 0x80d1, 0x1468: 0x9051, 0x1469: 0x9079,
-	0x146a: 0x90a1, 0x146b: 0x8531, 0x146c: 0x8559, 0x146d: 0x8649, 0x146e: 0x8829, 0x146f: 0x8fb1,
-	0x1470: 0x89b9, 0x1471: 0x9001, 0x1472: 0x90c9, 0x1473: 0x9101, 0x1474: 0x9139, 0x1475: 0x9171,
-	0x1476: 0x9199, 0x1477: 0x91c1, 0x1478: 0x91e9, 0x1479: 0x9211, 0x147a: 0x9239, 0x147b: 0x9261,
-	0x147c: 0x9289, 0x147d: 0x92b1, 0x147e: 0x92d9, 0x147f: 0x9301,
-	// Block 0x52, offset 0x1480
-	0x1480: 0x9329, 0x1481: 0x9351, 0x1482: 0x9379, 0x1483: 0x93a1, 0x1484: 0x93c9, 0x1485: 0x93f1,
-	0x1486: 0x9419, 0x1487: 0x9441, 0x1488: 0x9469, 0x1489: 0x9491, 0x148a: 0x94b9, 0x148b: 0x94e1,
-	0x148c: 0x9079, 0x148d: 0x9509, 0x148e: 0x9531, 0x148f: 0x9559, 0x1490: 0x9581, 0x1491: 0x9171,
-	0x1492: 0x9199, 0x1493: 0x91c1, 0x1494: 0x91e9, 0x1495: 0x9211, 0x1496: 0x9239, 0x1497: 0x9261,
-	0x1498: 0x9289, 0x1499: 0x92b1, 0x149a: 0x92d9, 0x149b: 0x9301, 0x149c: 0x9329, 0x149d: 0x9351,
-	0x149e: 0x9379, 0x149f: 0x93a1, 0x14a0: 0x93c9, 0x14a1: 0x93f1, 0x14a2: 0x9419, 0x14a3: 0x9441,
-	0x14a4: 0x9469, 0x14a5: 0x9491, 0x14a6: 0x94b9, 0x14a7: 0x94e1, 0x14a8: 0x9079, 0x14a9: 0x9509,
-	0x14aa: 0x9531, 0x14ab: 0x9559, 0x14ac: 0x9581, 0x14ad: 0x9491, 0x14ae: 0x94b9, 0x14af: 0x94e1,
-	0x14b0: 0x9079, 0x14b1: 0x9051, 0x14b2: 0x90a1, 0x14b3: 0x8211, 0x14b4: 0x8059, 0x14b5: 0x8081,
-	0x14b6: 0x80a9, 0x14b7: 0x9491, 0x14b8: 0x94b9, 0x14b9: 0x94e1, 0x14ba: 0x8211, 0x14bb: 0x8239,
-	0x14bc: 0x95a9, 0x14bd: 0x95a9, 0x14be: 0x0018, 0x14bf: 0x0018,
-	// Block 0x53, offset 0x14c0
-	0x14c0: 0x0040, 0x14c1: 0x0040, 0x14c2: 0x0040, 0x14c3: 0x0040, 0x14c4: 0x0040, 0x14c5: 0x0040,
-	0x14c6: 0x0040, 0x14c7: 0x0040, 0x14c8: 0x0040, 0x14c9: 0x0040, 0x14ca: 0x0040, 0x14cb: 0x0040,
-	0x14cc: 0x0040, 0x14cd: 0x0040, 0x14ce: 0x0040, 0x14cf: 0x0040, 0x14d0: 0x95d1, 0x14d1: 0x9609,
-	0x14d2: 0x9609, 0x14d3: 0x9641, 0x14d4: 0x9679, 0x14d5: 0x96b1, 0x14d6: 0x96e9, 0x14d7: 0x9721,
-	0x14d8: 0x9759, 0x14d9: 0x9759, 0x14da: 0x9791, 0x14db: 0x97c9, 0x14dc: 0x9801, 0x14dd: 0x9839,
-	0x14de: 0x9871, 0x14df: 0x98a9, 0x14e0: 0x98a9, 0x14e1: 0x98e1, 0x14e2: 0x9919, 0x14e3: 0x9919,
-	0x14e4: 0x9951, 0x14e5: 0x9951, 0x14e6: 0x9989, 0x14e7: 0x99c1, 0x14e8: 0x99c1, 0x14e9: 0x99f9,
-	0x14ea: 0x9a31, 0x14eb: 0x9a31, 0x14ec: 0x9a69, 0x14ed: 0x9a69, 0x14ee: 0x9aa1, 0x14ef: 0x9ad9,
-	0x14f0: 0x9ad9, 0x14f1: 0x9b11, 0x14f2: 0x9b11, 0x14f3: 0x9b49, 0x14f4: 0x9b81, 0x14f5: 0x9bb9,
-	0x14f6: 0x9bf1, 0x14f7: 0x9bf1, 0x14f8: 0x9c29, 0x14f9: 0x9c61, 0x14fa: 0x9c99, 0x14fb: 0x9cd1,
-	0x14fc: 0x9d09, 0x14fd: 0x9d09, 0x14fe: 0x9d41, 0x14ff: 0x9d79,
-	// Block 0x54, offset 0x1500
-	0x1500: 0xa949, 0x1501: 0xa981, 0x1502: 0xa9b9, 0x1503: 0xa8a1, 0x1504: 0x9bb9, 0x1505: 0x9989,
-	0x1506: 0xa9f1, 0x1507: 0xaa29, 0x1508: 0x0040, 0x1509: 0x0040, 0x150a: 0x0040, 0x150b: 0x0040,
-	0x150c: 0x0040, 0x150d: 0x0040, 0x150e: 0x0040, 0x150f: 0x0040, 0x1510: 0x0040, 0x1511: 0x0040,
-	0x1512: 0x0040, 0x1513: 0x0040, 0x1514: 0x0040, 0x1515: 0x0040, 0x1516: 0x0040, 0x1517: 0x0040,
-	0x1518: 0x0040, 0x1519: 0x0040, 0x151a: 0x0040, 0x151b: 0x0040, 0x151c: 0x0040, 0x151d: 0x0040,
-	0x151e: 0x0040, 0x151f: 0x0040, 0x1520: 0x0040, 0x1521: 0x0040, 0x1522: 0x0040, 0x1523: 0x0040,
-	0x1524: 0x0040, 0x1525: 0x0040, 0x1526: 0x0040, 0x1527: 0x0040, 0x1528: 0x0040, 0x1529: 0x0040,
-	0x152a: 0x0040, 0x152b: 0x0040, 0x152c: 0x0040, 0x152d: 0x0040, 0x152e: 0x0040, 0x152f: 0x0040,
-	0x1530: 0xaa61, 0x1531: 0xaa99, 0x1532: 0xaad1, 0x1533: 0xab19, 0x1534: 0xab61, 0x1535: 0xaba9,
-	0x1536: 0xabf1, 0x1537: 0xac39, 0x1538: 0xac81, 0x1539: 0xacc9, 0x153a: 0xad02, 0x153b: 0xae12,
-	0x153c: 0xae91, 0x153d: 0x0018, 0x153e: 0x0040, 0x153f: 0x0040,
-	// Block 0x55, offset 0x1540
-	0x1540: 0x33c0, 0x1541: 0x33c0, 0x1542: 0x33c0, 0x1543: 0x33c0, 0x1544: 0x33c0, 0x1545: 0x33c0,
-	0x1546: 0x33c0, 0x1547: 0x33c0, 0x1548: 0x33c0, 0x1549: 0x33c0, 0x154a: 0x33c0, 0x154b: 0x33c0,
-	0x154c: 0x33c0, 0x154d: 0x33c0, 0x154e: 0x33c0, 0x154f: 0x33c0, 0x1550: 0xaeda, 0x1551: 0x7d55,
-	0x1552: 0x0040, 0x1553: 0xaeea, 0x1554: 0x03c2, 0x1555: 0xaefa, 0x1556: 0xaf0a, 0x1557: 0x7d75,
-	0x1558: 0x7d95, 0x1559: 0x0040, 0x155a: 0x0040, 0x155b: 0x0040, 0x155c: 0x0040, 0x155d: 0x0040,
-	0x155e: 0x0040, 0x155f: 0x0040, 0x1560: 0x3308, 0x1561: 0x3308, 0x1562: 0x3308, 0x1563: 0x3308,
-	0x1564: 0x3308, 0x1565: 0x3308, 0x1566: 0x3308, 0x1567: 0x3308, 0x1568: 0x3308, 0x1569: 0x3308,
-	0x156a: 0x3308, 0x156b: 0x3308, 0x156c: 0x3308, 0x156d: 0x3308, 0x156e: 0x3308, 0x156f: 0x3308,
-	0x1570: 0x0040, 0x1571: 0x7db5, 0x1572: 0x7dd5, 0x1573: 0xaf1a, 0x1574: 0xaf1a, 0x1575: 0x1fd2,
-	0x1576: 0x1fe2, 0x1577: 0xaf2a, 0x1578: 0xaf3a, 0x1579: 0x7df5, 0x157a: 0x7e15, 0x157b: 0x7e35,
-	0x157c: 0x7df5, 0x157d: 0x7e55, 0x157e: 0x7e75, 0x157f: 0x7e55,
-	// Block 0x56, offset 0x1580
-	0x1580: 0x7e95, 0x1581: 0x7eb5, 0x1582: 0x7ed5, 0x1583: 0x7eb5, 0x1584: 0x7ef5, 0x1585: 0x0018,
-	0x1586: 0x0018, 0x1587: 0xaf4a, 0x1588: 0xaf5a, 0x1589: 0x7f16, 0x158a: 0x7f36, 0x158b: 0x7f56,
-	0x158c: 0x7f76, 0x158d: 0xaf1a, 0x158e: 0xaf1a, 0x158f: 0xaf1a, 0x1590: 0xaeda, 0x1591: 0x7f95,
-	0x1592: 0x0040, 0x1593: 0x0040, 0x1594: 0x03c2, 0x1595: 0xaeea, 0x1596: 0xaf0a, 0x1597: 0xaefa,
-	0x1598: 0x7fb5, 0x1599: 0x1fd2, 0x159a: 0x1fe2, 0x159b: 0xaf2a, 0x159c: 0xaf3a, 0x159d: 0x7e95,
-	0x159e: 0x7ef5, 0x159f: 0xaf6a, 0x15a0: 0xaf7a, 0x15a1: 0xaf8a, 0x15a2: 0x1fb2, 0x15a3: 0xaf99,
-	0x15a4: 0xafaa, 0x15a5: 0xafba, 0x15a6: 0x1fc2, 0x15a7: 0x0040, 0x15a8: 0xafca, 0x15a9: 0xafda,
-	0x15aa: 0xafea, 0x15ab: 0xaffa, 0x15ac: 0x0040, 0x15ad: 0x0040, 0x15ae: 0x0040, 0x15af: 0x0040,
-	0x15b0: 0x7fd6, 0x15b1: 0xb009, 0x15b2: 0x7ff6, 0x15b3: 0x0808, 0x15b4: 0x8016, 0x15b5: 0x0040,
-	0x15b6: 0x8036, 0x15b7: 0xb031, 0x15b8: 0x8056, 0x15b9: 0xb059, 0x15ba: 0x8076, 0x15bb: 0xb081,
-	0x15bc: 0x8096, 0x15bd: 0xb0a9, 0x15be: 0x80b6, 0x15bf: 0xb0d1,
-	// Block 0x57, offset 0x15c0
-	0x15c0: 0xb0f9, 0x15c1: 0xb111, 0x15c2: 0xb111, 0x15c3: 0xb129, 0x15c4: 0xb129, 0x15c5: 0xb141,
-	0x15c6: 0xb141, 0x15c7: 0xb159, 0x15c8: 0xb159, 0x15c9: 0xb171, 0x15ca: 0xb171, 0x15cb: 0xb171,
-	0x15cc: 0xb171, 0x15cd: 0xb189, 0x15ce: 0xb189, 0x15cf: 0xb1a1, 0x15d0: 0xb1a1, 0x15d1: 0xb1a1,
-	0x15d2: 0xb1a1, 0x15d3: 0xb1b9, 0x15d4: 0xb1b9, 0x15d5: 0xb1d1, 0x15d6: 0xb1d1, 0x15d7: 0xb1d1,
-	0x15d8: 0xb1d1, 0x15d9: 0xb1e9, 0x15da: 0xb1e9, 0x15db: 0xb1e9, 0x15dc: 0xb1e9, 0x15dd: 0xb201,
-	0x15de: 0xb201, 0x15df: 0xb201, 0x15e0: 0xb201, 0x15e1: 0xb219, 0x15e2: 0xb219, 0x15e3: 0xb219,
-	0x15e4: 0xb219, 0x15e5: 0xb231, 0x15e6: 0xb231, 0x15e7: 0xb231, 0x15e8: 0xb231, 0x15e9: 0xb249,
-	0x15ea: 0xb249, 0x15eb: 0xb261, 0x15ec: 0xb261, 0x15ed: 0xb279, 0x15ee: 0xb279, 0x15ef: 0xb291,
-	0x15f0: 0xb291, 0x15f1: 0xb2a9, 0x15f2: 0xb2a9, 0x15f3: 0xb2a9, 0x15f4: 0xb2a9, 0x15f5: 0xb2c1,
-	0x15f6: 0xb2c1, 0x15f7: 0xb2c1, 0x15f8: 0xb2c1, 0x15f9: 0xb2d9, 0x15fa: 0xb2d9, 0x15fb: 0xb2d9,
-	0x15fc: 0xb2d9, 0x15fd: 0xb2f1, 0x15fe: 0xb2f1, 0x15ff: 0xb2f1,
-	// Block 0x58, offset 0x1600
-	0x1600: 0xb2f1, 0x1601: 0xb309, 0x1602: 0xb309, 0x1603: 0xb309, 0x1604: 0xb309, 0x1605: 0xb321,
-	0x1606: 0xb321, 0x1607: 0xb321, 0x1608: 0xb321, 0x1609: 0xb339, 0x160a: 0xb339, 0x160b: 0xb339,
-	0x160c: 0xb339, 0x160d: 0xb351, 0x160e: 0xb351, 0x160f: 0xb351, 0x1610: 0xb351, 0x1611: 0xb369,
-	0x1612: 0xb369, 0x1613: 0xb369, 0x1614: 0xb369, 0x1615: 0xb381, 0x1616: 0xb381, 0x1617: 0xb381,
-	0x1618: 0xb381, 0x1619: 0xb399, 0x161a: 0xb399, 0x161b: 0xb399, 0x161c: 0xb399, 0x161d: 0xb3b1,
-	0x161e: 0xb3b1, 0x161f: 0xb3b1, 0x1620: 0xb3b1, 0x1621: 0xb3c9, 0x1622: 0xb3c9, 0x1623: 0xb3c9,
-	0x1624: 0xb3c9, 0x1625: 0xb3e1, 0x1626: 0xb3e1, 0x1627: 0xb3e1, 0x1628: 0xb3e1, 0x1629: 0xb3f9,
-	0x162a: 0xb3f9, 0x162b: 0xb3f9, 0x162c: 0xb3f9, 0x162d: 0xb411, 0x162e: 0xb411, 0x162f: 0x7ab1,
-	0x1630: 0x7ab1, 0x1631: 0xb429, 0x1632: 0xb429, 0x1633: 0xb429, 0x1634: 0xb429, 0x1635: 0xb441,
-	0x1636: 0xb441, 0x1637: 0xb469, 0x1638: 0xb469, 0x1639: 0xb491, 0x163a: 0xb491, 0x163b: 0xb4b9,
-	0x163c: 0xb4b9, 0x163d: 0x0040, 0x163e: 0x0040, 0x163f: 0x03c0,
-	// Block 0x59, offset 0x1640
-	0x1640: 0x0040, 0x1641: 0xaefa, 0x1642: 0xb4e2, 0x1643: 0xaf6a, 0x1644: 0xafda, 0x1645: 0xafea,
-	0x1646: 0xaf7a, 0x1647: 0xb4f2, 0x1648: 0x1fd2, 0x1649: 0x1fe2, 0x164a: 0xaf8a, 0x164b: 0x1fb2,
-	0x164c: 0xaeda, 0x164d: 0xaf99, 0x164e: 0x29d1, 0x164f: 0xb502, 0x1650: 0x1f41, 0x1651: 0x00c9,
-	0x1652: 0x0069, 0x1653: 0x0079, 0x1654: 0x1f51, 0x1655: 0x1f61, 0x1656: 0x1f71, 0x1657: 0x1f81,
-	0x1658: 0x1f91, 0x1659: 0x1fa1, 0x165a: 0xaeea, 0x165b: 0x03c2, 0x165c: 0xafaa, 0x165d: 0x1fc2,
-	0x165e: 0xafba, 0x165f: 0xaf0a, 0x1660: 0xaffa, 0x1661: 0x0039, 0x1662: 0x0ee9, 0x1663: 0x1159,
-	0x1664: 0x0ef9, 0x1665: 0x0f09, 0x1666: 0x1199, 0x1667: 0x0f31, 0x1668: 0x0249, 0x1669: 0x0f41,
-	0x166a: 0x0259, 0x166b: 0x0f51, 0x166c: 0x0359, 0x166d: 0x0f61, 0x166e: 0x0f71, 0x166f: 0x00d9,
-	0x1670: 0x0f99, 0x1671: 0x2039, 0x1672: 0x0269, 0x1673: 0x01d9, 0x1674: 0x0fa9, 0x1675: 0x0fb9,
-	0x1676: 0x1089, 0x1677: 0x0279, 0x1678: 0x0369, 0x1679: 0x0289, 0x167a: 0x13d1, 0x167b: 0xaf4a,
-	0x167c: 0xafca, 0x167d: 0xaf5a, 0x167e: 0xb512, 0x167f: 0xaf1a,
-	// Block 0x5a, offset 0x1680
-	0x1680: 0x1caa, 0x1681: 0x0039, 0x1682: 0x0ee9, 0x1683: 0x1159, 0x1684: 0x0ef9, 0x1685: 0x0f09,
-	0x1686: 0x1199, 0x1687: 0x0f31, 0x1688: 0x0249, 0x1689: 0x0f41, 0x168a: 0x0259, 0x168b: 0x0f51,
-	0x168c: 0x0359, 0x168d: 0x0f61, 0x168e: 0x0f71, 0x168f: 0x00d9, 0x1690: 0x0f99, 0x1691: 0x2039,
-	0x1692: 0x0269, 0x1693: 0x01d9, 0x1694: 0x0fa9, 0x1695: 0x0fb9, 0x1696: 0x1089, 0x1697: 0x0279,
-	0x1698: 0x0369, 0x1699: 0x0289, 0x169a: 0x13d1, 0x169b: 0xaf2a, 0x169c: 0xb522, 0x169d: 0xaf3a,
-	0x169e: 0xb532, 0x169f: 0x80d5, 0x16a0: 0x80f5, 0x16a1: 0x29d1, 0x16a2: 0x8115, 0x16a3: 0x8115,
-	0x16a4: 0x8135, 0x16a5: 0x8155, 0x16a6: 0x8175, 0x16a7: 0x8195, 0x16a8: 0x81b5, 0x16a9: 0x81d5,
-	0x16aa: 0x81f5, 0x16ab: 0x8215, 0x16ac: 0x8235, 0x16ad: 0x8255, 0x16ae: 0x8275, 0x16af: 0x8295,
-	0x16b0: 0x82b5, 0x16b1: 0x82d5, 0x16b2: 0x82f5, 0x16b3: 0x8315, 0x16b4: 0x8335, 0x16b5: 0x8355,
-	0x16b6: 0x8375, 0x16b7: 0x8395, 0x16b8: 0x83b5, 0x16b9: 0x83d5, 0x16ba: 0x83f5, 0x16bb: 0x8415,
-	0x16bc: 0x81b5, 0x16bd: 0x8435, 0x16be: 0x8455, 0x16bf: 0x8215,
-	// Block 0x5b, offset 0x16c0
-	0x16c0: 0x8475, 0x16c1: 0x8495, 0x16c2: 0x84b5, 0x16c3: 0x84d5, 0x16c4: 0x84f5, 0x16c5: 0x8515,
-	0x16c6: 0x8535, 0x16c7: 0x8555, 0x16c8: 0x84d5, 0x16c9: 0x8575, 0x16ca: 0x84d5, 0x16cb: 0x8595,
-	0x16cc: 0x8595, 0x16cd: 0x85b5, 0x16ce: 0x85b5, 0x16cf: 0x85d5, 0x16d0: 0x8515, 0x16d1: 0x85f5,
-	0x16d2: 0x8615, 0x16d3: 0x85f5, 0x16d4: 0x8635, 0x16d5: 0x8615, 0x16d6: 0x8655, 0x16d7: 0x8655,
-	0x16d8: 0x8675, 0x16d9: 0x8675, 0x16da: 0x8695, 0x16db: 0x8695, 0x16dc: 0x8615, 0x16dd: 0x8115,
-	0x16de: 0x86b5, 0x16df: 0x86d5, 0x16e0: 0x0040, 0x16e1: 0x86f5, 0x16e2: 0x8715, 0x16e3: 0x8735,
-	0x16e4: 0x8755, 0x16e5: 0x8735, 0x16e6: 0x8775, 0x16e7: 0x8795, 0x16e8: 0x87b5, 0x16e9: 0x87b5,
-	0x16ea: 0x87d5, 0x16eb: 0x87d5, 0x16ec: 0x87f5, 0x16ed: 0x87f5, 0x16ee: 0x87d5, 0x16ef: 0x87d5,
-	0x16f0: 0x8815, 0x16f1: 0x8835, 0x16f2: 0x8855, 0x16f3: 0x8875, 0x16f4: 0x8895, 0x16f5: 0x88b5,
-	0x16f6: 0x88b5, 0x16f7: 0x88b5, 0x16f8: 0x88d5, 0x16f9: 0x88d5, 0x16fa: 0x88d5, 0x16fb: 0x88d5,
-	0x16fc: 0x87b5, 0x16fd: 0x87b5, 0x16fe: 0x87b5, 0x16ff: 0x0040,
-	// Block 0x5c, offset 0x1700
-	0x1700: 0x0040, 0x1701: 0x0040, 0x1702: 0x8715, 0x1703: 0x86f5, 0x1704: 0x88f5, 0x1705: 0x86f5,
-	0x1706: 0x8715, 0x1707: 0x86f5, 0x1708: 0x0040, 0x1709: 0x0040, 0x170a: 0x8915, 0x170b: 0x8715,
-	0x170c: 0x8935, 0x170d: 0x88f5, 0x170e: 0x8935, 0x170f: 0x8715, 0x1710: 0x0040, 0x1711: 0x0040,
-	0x1712: 0x8955, 0x1713: 0x8975, 0x1714: 0x8875, 0x1715: 0x8935, 0x1716: 0x88f5, 0x1717: 0x8935,
-	0x1718: 0x0040, 0x1719: 0x0040, 0x171a: 0x8995, 0x171b: 0x89b5, 0x171c: 0x8995, 0x171d: 0x0040,
-	0x171e: 0x0040, 0x171f: 0x0040, 0x1720: 0xb541, 0x1721: 0xb559, 0x1722: 0xb571, 0x1723: 0x89d6,
-	0x1724: 0xb589, 0x1725: 0xb5a1, 0x1726: 0x89f5, 0x1727: 0x0040, 0x1728: 0x8a15, 0x1729: 0x8a35,
-	0x172a: 0x8a55, 0x172b: 0x8a35, 0x172c: 0x8a75, 0x172d: 0x8a95, 0x172e: 0x8ab5, 0x172f: 0x0040,
-	0x1730: 0x0040, 0x1731: 0x0040, 0x1732: 0x0040, 0x1733: 0x0040, 0x1734: 0x0040, 0x1735: 0x0040,
-	0x1736: 0x0040, 0x1737: 0x0040, 0x1738: 0x0040, 0x1739: 0x0340, 0x173a: 0x0340, 0x173b: 0x0340,
-	0x173c: 0x0040, 0x173d: 0x0040, 0x173e: 0x0040, 0x173f: 0x0040,
-	// Block 0x5d, offset 0x1740
-	0x1740: 0x0a08, 0x1741: 0x0a08, 0x1742: 0x0a08, 0x1743: 0x0a08, 0x1744: 0x0a08, 0x1745: 0x0c08,
-	0x1746: 0x0808, 0x1747: 0x0c08, 0x1748: 0x0818, 0x1749: 0x0c08, 0x174a: 0x0c08, 0x174b: 0x0808,
-	0x174c: 0x0808, 0x174d: 0x0908, 0x174e: 0x0c08, 0x174f: 0x0c08, 0x1750: 0x0c08, 0x1751: 0x0c08,
-	0x1752: 0x0c08, 0x1753: 0x0a08, 0x1754: 0x0a08, 0x1755: 0x0a08, 0x1756: 0x0a08, 0x1757: 0x0908,
-	0x1758: 0x0a08, 0x1759: 0x0a08, 0x175a: 0x0a08, 0x175b: 0x0a08, 0x175c: 0x0a08, 0x175d: 0x0c08,
-	0x175e: 0x0a08, 0x175f: 0x0a08, 0x1760: 0x0a08, 0x1761: 0x0c08, 0x1762: 0x0808, 0x1763: 0x0808,
-	0x1764: 0x0c08, 0x1765: 0x3308, 0x1766: 0x3308, 0x1767: 0x0040, 0x1768: 0x0040, 0x1769: 0x0040,
-	0x176a: 0x0040, 0x176b: 0x0a18, 0x176c: 0x0a18, 0x176d: 0x0a18, 0x176e: 0x0a18, 0x176f: 0x0c18,
-	0x1770: 0x0818, 0x1771: 0x0818, 0x1772: 0x0818, 0x1773: 0x0818, 0x1774: 0x0818, 0x1775: 0x0818,
-	0x1776: 0x0818, 0x1777: 0x0040, 0x1778: 0x0040, 0x1779: 0x0040, 0x177a: 0x0040, 0x177b: 0x0040,
-	0x177c: 0x0040, 0x177d: 0x0040, 0x177e: 0x0040, 0x177f: 0x0040,
-	// Block 0x5e, offset 0x1780
-	0x1780: 0x0a08, 0x1781: 0x0c08, 0x1782: 0x0a08, 0x1783: 0x0c08, 0x1784: 0x0c08, 0x1785: 0x0c08,
-	0x1786: 0x0a08, 0x1787: 0x0a08, 0x1788: 0x0a08, 0x1789: 0x0c08, 0x178a: 0x0a08, 0x178b: 0x0a08,
-	0x178c: 0x0c08, 0x178d: 0x0a08, 0x178e: 0x0c08, 0x178f: 0x0c08, 0x1790: 0x0a08, 0x1791: 0x0c08,
-	0x1792: 0x0040, 0x1793: 0x0040, 0x1794: 0x0040, 0x1795: 0x0040, 0x1796: 0x0040, 0x1797: 0x0040,
-	0x1798: 0x0040, 0x1799: 0x0818, 0x179a: 0x0818, 0x179b: 0x0818, 0x179c: 0x0818, 0x179d: 0x0040,
-	0x179e: 0x0040, 0x179f: 0x0040, 0x17a0: 0x0040, 0x17a1: 0x0040, 0x17a2: 0x0040, 0x17a3: 0x0040,
-	0x17a4: 0x0040, 0x17a5: 0x0040, 0x17a6: 0x0040, 0x17a7: 0x0040, 0x17a8: 0x0040, 0x17a9: 0x0c18,
-	0x17aa: 0x0c18, 0x17ab: 0x0c18, 0x17ac: 0x0c18, 0x17ad: 0x0a18, 0x17ae: 0x0a18, 0x17af: 0x0818,
-	0x17b0: 0x0040, 0x17b1: 0x0040, 0x17b2: 0x0040, 0x17b3: 0x0040, 0x17b4: 0x0040, 0x17b5: 0x0040,
-	0x17b6: 0x0040, 0x17b7: 0x0040, 0x17b8: 0x0040, 0x17b9: 0x0040, 0x17ba: 0x0040, 0x17bb: 0x0040,
-	0x17bc: 0x0040, 0x17bd: 0x0040, 0x17be: 0x0040, 0x17bf: 0x0040,
-	// Block 0x5f, offset 0x17c0
-	0x17c0: 0x3308, 0x17c1: 0x3308, 0x17c2: 0x3008, 0x17c3: 0x3008, 0x17c4: 0x0040, 0x17c5: 0x0008,
-	0x17c6: 0x0008, 0x17c7: 0x0008, 0x17c8: 0x0008, 0x17c9: 0x0008, 0x17ca: 0x0008, 0x17cb: 0x0008,
-	0x17cc: 0x0008, 0x17cd: 0x0040, 0x17ce: 0x0040, 0x17cf: 0x0008, 0x17d0: 0x0008, 0x17d1: 0x0040,
-	0x17d2: 0x0040, 0x17d3: 0x0008, 0x17d4: 0x0008, 0x17d5: 0x0008, 0x17d6: 0x0008, 0x17d7: 0x0008,
-	0x17d8: 0x0008, 0x17d9: 0x0008, 0x17da: 0x0008, 0x17db: 0x0008, 0x17dc: 0x0008, 0x17dd: 0x0008,
-	0x17de: 0x0008, 0x17df: 0x0008, 0x17e0: 0x0008, 0x17e1: 0x0008, 0x17e2: 0x0008, 0x17e3: 0x0008,
-	0x17e4: 0x0008, 0x17e5: 0x0008, 0x17e6: 0x0008, 0x17e7: 0x0008, 0x17e8: 0x0008, 0x17e9: 0x0040,
-	0x17ea: 0x0008, 0x17eb: 0x0008, 0x17ec: 0x0008, 0x17ed: 0x0008, 0x17ee: 0x0008, 0x17ef: 0x0008,
-	0x17f0: 0x0008, 0x17f1: 0x0040, 0x17f2: 0x0008, 0x17f3: 0x0008, 0x17f4: 0x0040, 0x17f5: 0x0008,
-	0x17f6: 0x0008, 0x17f7: 0x0008, 0x17f8: 0x0008, 0x17f9: 0x0008, 0x17fa: 0x0040, 0x17fb: 0x0040,
-	0x17fc: 0x3308, 0x17fd: 0x0008, 0x17fe: 0x3008, 0x17ff: 0x3008,
-	// Block 0x60, offset 0x1800
-	0x1800: 0x3308, 0x1801: 0x3008, 0x1802: 0x3008, 0x1803: 0x3008, 0x1804: 0x3008, 0x1805: 0x0040,
-	0x1806: 0x0040, 0x1807: 0x3008, 0x1808: 0x3008, 0x1809: 0x0040, 0x180a: 0x0040, 0x180b: 0x3008,
-	0x180c: 0x3008, 0x180d: 0x3808, 0x180e: 0x0040, 0x180f: 0x0040, 0x1810: 0x0008, 0x1811: 0x0040,
-	0x1812: 0x0040, 0x1813: 0x0040, 0x1814: 0x0040, 0x1815: 0x0040, 0x1816: 0x0040, 0x1817: 0x3008,
-	0x1818: 0x0040, 0x1819: 0x0040, 0x181a: 0x0040, 0x181b: 0x0040, 0x181c: 0x0040, 0x181d: 0x0008,
-	0x181e: 0x0008, 0x181f: 0x0008, 0x1820: 0x0008, 0x1821: 0x0008, 0x1822: 0x3008, 0x1823: 0x3008,
-	0x1824: 0x0040, 0x1825: 0x0040, 0x1826: 0x3308, 0x1827: 0x3308, 0x1828: 0x3308, 0x1829: 0x3308,
-	0x182a: 0x3308, 0x182b: 0x3308, 0x182c: 0x3308, 0x182d: 0x0040, 0x182e: 0x0040, 0x182f: 0x0040,
-	0x1830: 0x3308, 0x1831: 0x3308, 0x1832: 0x3308, 0x1833: 0x3308, 0x1834: 0x3308, 0x1835: 0x0040,
-	0x1836: 0x0040, 0x1837: 0x0040, 0x1838: 0x0040, 0x1839: 0x0040, 0x183a: 0x0040, 0x183b: 0x0040,
-	0x183c: 0x0040, 0x183d: 0x0040, 0x183e: 0x0040, 0x183f: 0x0040,
-	// Block 0x61, offset 0x1840
-	0x1840: 0x0039, 0x1841: 0x0ee9, 0x1842: 0x1159, 0x1843: 0x0ef9, 0x1844: 0x0f09, 0x1845: 0x1199,
-	0x1846: 0x0f31, 0x1847: 0x0249, 0x1848: 0x0f41, 0x1849: 0x0259, 0x184a: 0x0f51, 0x184b: 0x0359,
-	0x184c: 0x0f61, 0x184d: 0x0f71, 0x184e: 0x00d9, 0x184f: 0x0f99, 0x1850: 0x2039, 0x1851: 0x0269,
-	0x1852: 0x01d9, 0x1853: 0x0fa9, 0x1854: 0x0fb9, 0x1855: 0x1089, 0x1856: 0x0279, 0x1857: 0x0369,
-	0x1858: 0x0289, 0x1859: 0x13d1, 0x185a: 0x0039, 0x185b: 0x0ee9, 0x185c: 0x1159, 0x185d: 0x0ef9,
-	0x185e: 0x0f09, 0x185f: 0x1199, 0x1860: 0x0f31, 0x1861: 0x0249, 0x1862: 0x0f41, 0x1863: 0x0259,
-	0x1864: 0x0f51, 0x1865: 0x0359, 0x1866: 0x0f61, 0x1867: 0x0f71, 0x1868: 0x00d9, 0x1869: 0x0f99,
-	0x186a: 0x2039, 0x186b: 0x0269, 0x186c: 0x01d9, 0x186d: 0x0fa9, 0x186e: 0x0fb9, 0x186f: 0x1089,
-	0x1870: 0x0279, 0x1871: 0x0369, 0x1872: 0x0289, 0x1873: 0x13d1, 0x1874: 0x0039, 0x1875: 0x0ee9,
-	0x1876: 0x1159, 0x1877: 0x0ef9, 0x1878: 0x0f09, 0x1879: 0x1199, 0x187a: 0x0f31, 0x187b: 0x0249,
-	0x187c: 0x0f41, 0x187d: 0x0259, 0x187e: 0x0f51, 0x187f: 0x0359,
-	// Block 0x62, offset 0x1880
-	0x1880: 0x0f61, 0x1881: 0x0f71, 0x1882: 0x00d9, 0x1883: 0x0f99, 0x1884: 0x2039, 0x1885: 0x0269,
-	0x1886: 0x01d9, 0x1887: 0x0fa9, 0x1888: 0x0fb9, 0x1889: 0x1089, 0x188a: 0x0279, 0x188b: 0x0369,
-	0x188c: 0x0289, 0x188d: 0x13d1, 0x188e: 0x0039, 0x188f: 0x0ee9, 0x1890: 0x1159, 0x1891: 0x0ef9,
-	0x1892: 0x0f09, 0x1893: 0x1199, 0x1894: 0x0f31, 0x1895: 0x0040, 0x1896: 0x0f41, 0x1897: 0x0259,
-	0x1898: 0x0f51, 0x1899: 0x0359, 0x189a: 0x0f61, 0x189b: 0x0f71, 0x189c: 0x00d9, 0x189d: 0x0f99,
-	0x189e: 0x2039, 0x189f: 0x0269, 0x18a0: 0x01d9, 0x18a1: 0x0fa9, 0x18a2: 0x0fb9, 0x18a3: 0x1089,
-	0x18a4: 0x0279, 0x18a5: 0x0369, 0x18a6: 0x0289, 0x18a7: 0x13d1, 0x18a8: 0x0039, 0x18a9: 0x0ee9,
-	0x18aa: 0x1159, 0x18ab: 0x0ef9, 0x18ac: 0x0f09, 0x18ad: 0x1199, 0x18ae: 0x0f31, 0x18af: 0x0249,
-	0x18b0: 0x0f41, 0x18b1: 0x0259, 0x18b2: 0x0f51, 0x18b3: 0x0359, 0x18b4: 0x0f61, 0x18b5: 0x0f71,
-	0x18b6: 0x00d9, 0x18b7: 0x0f99, 0x18b8: 0x2039, 0x18b9: 0x0269, 0x18ba: 0x01d9, 0x18bb: 0x0fa9,
-	0x18bc: 0x0fb9, 0x18bd: 0x1089, 0x18be: 0x0279, 0x18bf: 0x0369,
-	// Block 0x63, offset 0x18c0
-	0x18c0: 0x0289, 0x18c1: 0x13d1, 0x18c2: 0x0039, 0x18c3: 0x0ee9, 0x18c4: 0x1159, 0x18c5: 0x0ef9,
-	0x18c6: 0x0f09, 0x18c7: 0x1199, 0x18c8: 0x0f31, 0x18c9: 0x0249, 0x18ca: 0x0f41, 0x18cb: 0x0259,
-	0x18cc: 0x0f51, 0x18cd: 0x0359, 0x18ce: 0x0f61, 0x18cf: 0x0f71, 0x18d0: 0x00d9, 0x18d1: 0x0f99,
-	0x18d2: 0x2039, 0x18d3: 0x0269, 0x18d4: 0x01d9, 0x18d5: 0x0fa9, 0x18d6: 0x0fb9, 0x18d7: 0x1089,
-	0x18d8: 0x0279, 0x18d9: 0x0369, 0x18da: 0x0289, 0x18db: 0x13d1, 0x18dc: 0x0039, 0x18dd: 0x0040,
-	0x18de: 0x1159, 0x18df: 0x0ef9, 0x18e0: 0x0040, 0x18e1: 0x0040, 0x18e2: 0x0f31, 0x18e3: 0x0040,
-	0x18e4: 0x0040, 0x18e5: 0x0259, 0x18e6: 0x0f51, 0x18e7: 0x0040, 0x18e8: 0x0040, 0x18e9: 0x0f71,
-	0x18ea: 0x00d9, 0x18eb: 0x0f99, 0x18ec: 0x2039, 0x18ed: 0x0040, 0x18ee: 0x01d9, 0x18ef: 0x0fa9,
-	0x18f0: 0x0fb9, 0x18f1: 0x1089, 0x18f2: 0x0279, 0x18f3: 0x0369, 0x18f4: 0x0289, 0x18f5: 0x13d1,
-	0x18f6: 0x0039, 0x18f7: 0x0ee9, 0x18f8: 0x1159, 0x18f9: 0x0ef9, 0x18fa: 0x0040, 0x18fb: 0x1199,
-	0x18fc: 0x0040, 0x18fd: 0x0249, 0x18fe: 0x0f41, 0x18ff: 0x0259,
-	// Block 0x64, offset 0x1900
-	0x1900: 0x0f51, 0x1901: 0x0359, 0x1902: 0x0f61, 0x1903: 0x0f71, 0x1904: 0x0040, 0x1905: 0x0f99,
-	0x1906: 0x2039, 0x1907: 0x0269, 0x1908: 0x01d9, 0x1909: 0x0fa9, 0x190a: 0x0fb9, 0x190b: 0x1089,
-	0x190c: 0x0279, 0x190d: 0x0369, 0x190e: 0x0289, 0x190f: 0x13d1, 0x1910: 0x0039, 0x1911: 0x0ee9,
-	0x1912: 0x1159, 0x1913: 0x0ef9, 0x1914: 0x0f09, 0x1915: 0x1199, 0x1916: 0x0f31, 0x1917: 0x0249,
-	0x1918: 0x0f41, 0x1919: 0x0259, 0x191a: 0x0f51, 0x191b: 0x0359, 0x191c: 0x0f61, 0x191d: 0x0f71,
-	0x191e: 0x00d9, 0x191f: 0x0f99, 0x1920: 0x2039, 0x1921: 0x0269, 0x1922: 0x01d9, 0x1923: 0x0fa9,
-	0x1924: 0x0fb9, 0x1925: 0x1089, 0x1926: 0x0279, 0x1927: 0x0369, 0x1928: 0x0289, 0x1929: 0x13d1,
-	0x192a: 0x0039, 0x192b: 0x0ee9, 0x192c: 0x1159, 0x192d: 0x0ef9, 0x192e: 0x0f09, 0x192f: 0x1199,
-	0x1930: 0x0f31, 0x1931: 0x0249, 0x1932: 0x0f41, 0x1933: 0x0259, 0x1934: 0x0f51, 0x1935: 0x0359,
-	0x1936: 0x0f61, 0x1937: 0x0f71, 0x1938: 0x00d9, 0x1939: 0x0f99, 0x193a: 0x2039, 0x193b: 0x0269,
-	0x193c: 0x01d9, 0x193d: 0x0fa9, 0x193e: 0x0fb9, 0x193f: 0x1089,
-	// Block 0x65, offset 0x1940
-	0x1940: 0x0279, 0x1941: 0x0369, 0x1942: 0x0289, 0x1943: 0x13d1, 0x1944: 0x0039, 0x1945: 0x0ee9,
-	0x1946: 0x0040, 0x1947: 0x0ef9, 0x1948: 0x0f09, 0x1949: 0x1199, 0x194a: 0x0f31, 0x194b: 0x0040,
-	0x194c: 0x0040, 0x194d: 0x0259, 0x194e: 0x0f51, 0x194f: 0x0359, 0x1950: 0x0f61, 0x1951: 0x0f71,
-	0x1952: 0x00d9, 0x1953: 0x0f99, 0x1954: 0x2039, 0x1955: 0x0040, 0x1956: 0x01d9, 0x1957: 0x0fa9,
-	0x1958: 0x0fb9, 0x1959: 0x1089, 0x195a: 0x0279, 0x195b: 0x0369, 0x195c: 0x0289, 0x195d: 0x0040,
-	0x195e: 0x0039, 0x195f: 0x0ee9, 0x1960: 0x1159, 0x1961: 0x0ef9, 0x1962: 0x0f09, 0x1963: 0x1199,
-	0x1964: 0x0f31, 0x1965: 0x0249, 0x1966: 0x0f41, 0x1967: 0x0259, 0x1968: 0x0f51, 0x1969: 0x0359,
-	0x196a: 0x0f61, 0x196b: 0x0f71, 0x196c: 0x00d9, 0x196d: 0x0f99, 0x196e: 0x2039, 0x196f: 0x0269,
-	0x1970: 0x01d9, 0x1971: 0x0fa9, 0x1972: 0x0fb9, 0x1973: 0x1089, 0x1974: 0x0279, 0x1975: 0x0369,
-	0x1976: 0x0289, 0x1977: 0x13d1, 0x1978: 0x0039, 0x1979: 0x0ee9, 0x197a: 0x0040, 0x197b: 0x0ef9,
-	0x197c: 0x0f09, 0x197d: 0x1199, 0x197e: 0x0f31, 0x197f: 0x0040,
-	// Block 0x66, offset 0x1980
-	0x1980: 0x0f41, 0x1981: 0x0259, 0x1982: 0x0f51, 0x1983: 0x0359, 0x1984: 0x0f61, 0x1985: 0x0040,
-	0x1986: 0x00d9, 0x1987: 0x0040, 0x1988: 0x0040, 0x1989: 0x0040, 0x198a: 0x01d9, 0x198b: 0x0fa9,
-	0x198c: 0x0fb9, 0x198d: 0x1089, 0x198e: 0x0279, 0x198f: 0x0369, 0x1990: 0x0289, 0x1991: 0x0040,
-	0x1992: 0x0039, 0x1993: 0x0ee9, 0x1994: 0x1159, 0x1995: 0x0ef9, 0x1996: 0x0f09, 0x1997: 0x1199,
-	0x1998: 0x0f31, 0x1999: 0x0249, 0x199a: 0x0f41, 0x199b: 0x0259, 0x199c: 0x0f51, 0x199d: 0x0359,
-	0x199e: 0x0f61, 0x199f: 0x0f71, 0x19a0: 0x00d9, 0x19a1: 0x0f99, 0x19a2: 0x2039, 0x19a3: 0x0269,
-	0x19a4: 0x01d9, 0x19a5: 0x0fa9, 0x19a6: 0x0fb9, 0x19a7: 0x1089, 0x19a8: 0x0279, 0x19a9: 0x0369,
-	0x19aa: 0x0289, 0x19ab: 0x13d1, 0x19ac: 0x0039, 0x19ad: 0x0ee9, 0x19ae: 0x1159, 0x19af: 0x0ef9,
-	0x19b0: 0x0f09, 0x19b1: 0x1199, 0x19b2: 0x0f31, 0x19b3: 0x0249, 0x19b4: 0x0f41, 0x19b5: 0x0259,
-	0x19b6: 0x0f51, 0x19b7: 0x0359, 0x19b8: 0x0f61, 0x19b9: 0x0f71, 0x19ba: 0x00d9, 0x19bb: 0x0f99,
-	0x19bc: 0x2039, 0x19bd: 0x0269, 0x19be: 0x01d9, 0x19bf: 0x0fa9,
-	// Block 0x67, offset 0x19c0
-	0x19c0: 0x0fb9, 0x19c1: 0x1089, 0x19c2: 0x0279, 0x19c3: 0x0369, 0x19c4: 0x0289, 0x19c5: 0x13d1,
-	0x19c6: 0x0039, 0x19c7: 0x0ee9, 0x19c8: 0x1159, 0x19c9: 0x0ef9, 0x19ca: 0x0f09, 0x19cb: 0x1199,
-	0x19cc: 0x0f31, 0x19cd: 0x0249, 0x19ce: 0x0f41, 0x19cf: 0x0259, 0x19d0: 0x0f51, 0x19d1: 0x0359,
-	0x19d2: 0x0f61, 0x19d3: 0x0f71, 0x19d4: 0x00d9, 0x19d5: 0x0f99, 0x19d6: 0x2039, 0x19d7: 0x0269,
-	0x19d8: 0x01d9, 0x19d9: 0x0fa9, 0x19da: 0x0fb9, 0x19db: 0x1089, 0x19dc: 0x0279, 0x19dd: 0x0369,
-	0x19de: 0x0289, 0x19df: 0x13d1, 0x19e0: 0x0039, 0x19e1: 0x0ee9, 0x19e2: 0x1159, 0x19e3: 0x0ef9,
-	0x19e4: 0x0f09, 0x19e5: 0x1199, 0x19e6: 0x0f31, 0x19e7: 0x0249, 0x19e8: 0x0f41, 0x19e9: 0x0259,
-	0x19ea: 0x0f51, 0x19eb: 0x0359, 0x19ec: 0x0f61, 0x19ed: 0x0f71, 0x19ee: 0x00d9, 0x19ef: 0x0f99,
-	0x19f0: 0x2039, 0x19f1: 0x0269, 0x19f2: 0x01d9, 0x19f3: 0x0fa9, 0x19f4: 0x0fb9, 0x19f5: 0x1089,
-	0x19f6: 0x0279, 0x19f7: 0x0369, 0x19f8: 0x0289, 0x19f9: 0x13d1, 0x19fa: 0x0039, 0x19fb: 0x0ee9,
-	0x19fc: 0x1159, 0x19fd: 0x0ef9, 0x19fe: 0x0f09, 0x19ff: 0x1199,
-	// Block 0x68, offset 0x1a00
-	0x1a00: 0x0f31, 0x1a01: 0x0249, 0x1a02: 0x0f41, 0x1a03: 0x0259, 0x1a04: 0x0f51, 0x1a05: 0x0359,
-	0x1a06: 0x0f61, 0x1a07: 0x0f71, 0x1a08: 0x00d9, 0x1a09: 0x0f99, 0x1a0a: 0x2039, 0x1a0b: 0x0269,
-	0x1a0c: 0x01d9, 0x1a0d: 0x0fa9, 0x1a0e: 0x0fb9, 0x1a0f: 0x1089, 0x1a10: 0x0279, 0x1a11: 0x0369,
-	0x1a12: 0x0289, 0x1a13: 0x13d1, 0x1a14: 0x0039, 0x1a15: 0x0ee9, 0x1a16: 0x1159, 0x1a17: 0x0ef9,
-	0x1a18: 0x0f09, 0x1a19: 0x1199, 0x1a1a: 0x0f31, 0x1a1b: 0x0249, 0x1a1c: 0x0f41, 0x1a1d: 0x0259,
-	0x1a1e: 0x0f51, 0x1a1f: 0x0359, 0x1a20: 0x0f61, 0x1a21: 0x0f71, 0x1a22: 0x00d9, 0x1a23: 0x0f99,
-	0x1a24: 0x2039, 0x1a25: 0x0269, 0x1a26: 0x01d9, 0x1a27: 0x0fa9, 0x1a28: 0x0fb9, 0x1a29: 0x1089,
-	0x1a2a: 0x0279, 0x1a2b: 0x0369, 0x1a2c: 0x0289, 0x1a2d: 0x13d1, 0x1a2e: 0x0039, 0x1a2f: 0x0ee9,
-	0x1a30: 0x1159, 0x1a31: 0x0ef9, 0x1a32: 0x0f09, 0x1a33: 0x1199, 0x1a34: 0x0f31, 0x1a35: 0x0249,
-	0x1a36: 0x0f41, 0x1a37: 0x0259, 0x1a38: 0x0f51, 0x1a39: 0x0359, 0x1a3a: 0x0f61, 0x1a3b: 0x0f71,
-	0x1a3c: 0x00d9, 0x1a3d: 0x0f99, 0x1a3e: 0x2039, 0x1a3f: 0x0269,
-	// Block 0x69, offset 0x1a40
-	0x1a40: 0x01d9, 0x1a41: 0x0fa9, 0x1a42: 0x0fb9, 0x1a43: 0x1089, 0x1a44: 0x0279, 0x1a45: 0x0369,
-	0x1a46: 0x0289, 0x1a47: 0x13d1, 0x1a48: 0x0039, 0x1a49: 0x0ee9, 0x1a4a: 0x1159, 0x1a4b: 0x0ef9,
-	0x1a4c: 0x0f09, 0x1a4d: 0x1199, 0x1a4e: 0x0f31, 0x1a4f: 0x0249, 0x1a50: 0x0f41, 0x1a51: 0x0259,
-	0x1a52: 0x0f51, 0x1a53: 0x0359, 0x1a54: 0x0f61, 0x1a55: 0x0f71, 0x1a56: 0x00d9, 0x1a57: 0x0f99,
-	0x1a58: 0x2039, 0x1a59: 0x0269, 0x1a5a: 0x01d9, 0x1a5b: 0x0fa9, 0x1a5c: 0x0fb9, 0x1a5d: 0x1089,
-	0x1a5e: 0x0279, 0x1a5f: 0x0369, 0x1a60: 0x0289, 0x1a61: 0x13d1, 0x1a62: 0x0039, 0x1a63: 0x0ee9,
-	0x1a64: 0x1159, 0x1a65: 0x0ef9, 0x1a66: 0x0f09, 0x1a67: 0x1199, 0x1a68: 0x0f31, 0x1a69: 0x0249,
-	0x1a6a: 0x0f41, 0x1a6b: 0x0259, 0x1a6c: 0x0f51, 0x1a6d: 0x0359, 0x1a6e: 0x0f61, 0x1a6f: 0x0f71,
-	0x1a70: 0x00d9, 0x1a71: 0x0f99, 0x1a72: 0x2039, 0x1a73: 0x0269, 0x1a74: 0x01d9, 0x1a75: 0x0fa9,
-	0x1a76: 0x0fb9, 0x1a77: 0x1089, 0x1a78: 0x0279, 0x1a79: 0x0369, 0x1a7a: 0x0289, 0x1a7b: 0x13d1,
-	0x1a7c: 0x0039, 0x1a7d: 0x0ee9, 0x1a7e: 0x1159, 0x1a7f: 0x0ef9,
-	// Block 0x6a, offset 0x1a80
-	0x1a80: 0x0f09, 0x1a81: 0x1199, 0x1a82: 0x0f31, 0x1a83: 0x0249, 0x1a84: 0x0f41, 0x1a85: 0x0259,
-	0x1a86: 0x0f51, 0x1a87: 0x0359, 0x1a88: 0x0f61, 0x1a89: 0x0f71, 0x1a8a: 0x00d9, 0x1a8b: 0x0f99,
-	0x1a8c: 0x2039, 0x1a8d: 0x0269, 0x1a8e: 0x01d9, 0x1a8f: 0x0fa9, 0x1a90: 0x0fb9, 0x1a91: 0x1089,
-	0x1a92: 0x0279, 0x1a93: 0x0369, 0x1a94: 0x0289, 0x1a95: 0x13d1, 0x1a96: 0x0039, 0x1a97: 0x0ee9,
-	0x1a98: 0x1159, 0x1a99: 0x0ef9, 0x1a9a: 0x0f09, 0x1a9b: 0x1199, 0x1a9c: 0x0f31, 0x1a9d: 0x0249,
-	0x1a9e: 0x0f41, 0x1a9f: 0x0259, 0x1aa0: 0x0f51, 0x1aa1: 0x0359, 0x1aa2: 0x0f61, 0x1aa3: 0x0f71,
-	0x1aa4: 0x00d9, 0x1aa5: 0x0f99, 0x1aa6: 0x2039, 0x1aa7: 0x0269, 0x1aa8: 0x01d9, 0x1aa9: 0x0fa9,
-	0x1aaa: 0x0fb9, 0x1aab: 0x1089, 0x1aac: 0x0279, 0x1aad: 0x0369, 0x1aae: 0x0289, 0x1aaf: 0x13d1,
-	0x1ab0: 0x0039, 0x1ab1: 0x0ee9, 0x1ab2: 0x1159, 0x1ab3: 0x0ef9, 0x1ab4: 0x0f09, 0x1ab5: 0x1199,
-	0x1ab6: 0x0f31, 0x1ab7: 0x0249, 0x1ab8: 0x0f41, 0x1ab9: 0x0259, 0x1aba: 0x0f51, 0x1abb: 0x0359,
-	0x1abc: 0x0f61, 0x1abd: 0x0f71, 0x1abe: 0x00d9, 0x1abf: 0x0f99,
-	// Block 0x6b, offset 0x1ac0
-	0x1ac0: 0x2039, 0x1ac1: 0x0269, 0x1ac2: 0x01d9, 0x1ac3: 0x0fa9, 0x1ac4: 0x0fb9, 0x1ac5: 0x1089,
-	0x1ac6: 0x0279, 0x1ac7: 0x0369, 0x1ac8: 0x0289, 0x1ac9: 0x13d1, 0x1aca: 0x0039, 0x1acb: 0x0ee9,
-	0x1acc: 0x1159, 0x1acd: 0x0ef9, 0x1ace: 0x0f09, 0x1acf: 0x1199, 0x1ad0: 0x0f31, 0x1ad1: 0x0249,
-	0x1ad2: 0x0f41, 0x1ad3: 0x0259, 0x1ad4: 0x0f51, 0x1ad5: 0x0359, 0x1ad6: 0x0f61, 0x1ad7: 0x0f71,
-	0x1ad8: 0x00d9, 0x1ad9: 0x0f99, 0x1ada: 0x2039, 0x1adb: 0x0269, 0x1adc: 0x01d9, 0x1add: 0x0fa9,
-	0x1ade: 0x0fb9, 0x1adf: 0x1089, 0x1ae0: 0x0279, 0x1ae1: 0x0369, 0x1ae2: 0x0289, 0x1ae3: 0x13d1,
-	0x1ae4: 0xba81, 0x1ae5: 0xba99, 0x1ae6: 0x0040, 0x1ae7: 0x0040, 0x1ae8: 0xbab1, 0x1ae9: 0x1099,
-	0x1aea: 0x10b1, 0x1aeb: 0x10c9, 0x1aec: 0xbac9, 0x1aed: 0xbae1, 0x1aee: 0xbaf9, 0x1aef: 0x1429,
-	0x1af0: 0x1a31, 0x1af1: 0xbb11, 0x1af2: 0xbb29, 0x1af3: 0xbb41, 0x1af4: 0xbb59, 0x1af5: 0xbb71,
-	0x1af6: 0xbb89, 0x1af7: 0x2109, 0x1af8: 0x1111, 0x1af9: 0x1429, 0x1afa: 0xbba1, 0x1afb: 0xbbb9,
-	0x1afc: 0xbbd1, 0x1afd: 0x10e1, 0x1afe: 0x10f9, 0x1aff: 0xbbe9,
-	// Block 0x6c, offset 0x1b00
-	0x1b00: 0x2079, 0x1b01: 0xbc01, 0x1b02: 0xbab1, 0x1b03: 0x1099, 0x1b04: 0x10b1, 0x1b05: 0x10c9,
-	0x1b06: 0xbac9, 0x1b07: 0xbae1, 0x1b08: 0xbaf9, 0x1b09: 0x1429, 0x1b0a: 0x1a31, 0x1b0b: 0xbb11,
-	0x1b0c: 0xbb29, 0x1b0d: 0xbb41, 0x1b0e: 0xbb59, 0x1b0f: 0xbb71, 0x1b10: 0xbb89, 0x1b11: 0x2109,
-	0x1b12: 0x1111, 0x1b13: 0xbba1, 0x1b14: 0xbba1, 0x1b15: 0xbbb9, 0x1b16: 0xbbd1, 0x1b17: 0x10e1,
-	0x1b18: 0x10f9, 0x1b19: 0xbbe9, 0x1b1a: 0x2079, 0x1b1b: 0xbc21, 0x1b1c: 0xbac9, 0x1b1d: 0x1429,
-	0x1b1e: 0xbb11, 0x1b1f: 0x10e1, 0x1b20: 0x1111, 0x1b21: 0x2109, 0x1b22: 0xbab1, 0x1b23: 0x1099,
-	0x1b24: 0x10b1, 0x1b25: 0x10c9, 0x1b26: 0xbac9, 0x1b27: 0xbae1, 0x1b28: 0xbaf9, 0x1b29: 0x1429,
-	0x1b2a: 0x1a31, 0x1b2b: 0xbb11, 0x1b2c: 0xbb29, 0x1b2d: 0xbb41, 0x1b2e: 0xbb59, 0x1b2f: 0xbb71,
-	0x1b30: 0xbb89, 0x1b31: 0x2109, 0x1b32: 0x1111, 0x1b33: 0x1429, 0x1b34: 0xbba1, 0x1b35: 0xbbb9,
-	0x1b36: 0xbbd1, 0x1b37: 0x10e1, 0x1b38: 0x10f9, 0x1b39: 0xbbe9, 0x1b3a: 0x2079, 0x1b3b: 0xbc01,
-	0x1b3c: 0xbab1, 0x1b3d: 0x1099, 0x1b3e: 0x10b1, 0x1b3f: 0x10c9,
-	// Block 0x6d, offset 0x1b40
-	0x1b40: 0xbac9, 0x1b41: 0xbae1, 0x1b42: 0xbaf9, 0x1b43: 0x1429, 0x1b44: 0x1a31, 0x1b45: 0xbb11,
-	0x1b46: 0xbb29, 0x1b47: 0xbb41, 0x1b48: 0xbb59, 0x1b49: 0xbb71, 0x1b4a: 0xbb89, 0x1b4b: 0x2109,
-	0x1b4c: 0x1111, 0x1b4d: 0xbba1, 0x1b4e: 0xbba1, 0x1b4f: 0xbbb9, 0x1b50: 0xbbd1, 0x1b51: 0x10e1,
-	0x1b52: 0x10f9, 0x1b53: 0xbbe9, 0x1b54: 0x2079, 0x1b55: 0xbc21, 0x1b56: 0xbac9, 0x1b57: 0x1429,
-	0x1b58: 0xbb11, 0x1b59: 0x10e1, 0x1b5a: 0x1111, 0x1b5b: 0x2109, 0x1b5c: 0xbab1, 0x1b5d: 0x1099,
-	0x1b5e: 0x10b1, 0x1b5f: 0x10c9, 0x1b60: 0xbac9, 0x1b61: 0xbae1, 0x1b62: 0xbaf9, 0x1b63: 0x1429,
-	0x1b64: 0x1a31, 0x1b65: 0xbb11, 0x1b66: 0xbb29, 0x1b67: 0xbb41, 0x1b68: 0xbb59, 0x1b69: 0xbb71,
-	0x1b6a: 0xbb89, 0x1b6b: 0x2109, 0x1b6c: 0x1111, 0x1b6d: 0x1429, 0x1b6e: 0xbba1, 0x1b6f: 0xbbb9,
-	0x1b70: 0xbbd1, 0x1b71: 0x10e1, 0x1b72: 0x10f9, 0x1b73: 0xbbe9, 0x1b74: 0x2079, 0x1b75: 0xbc01,
-	0x1b76: 0xbab1, 0x1b77: 0x1099, 0x1b78: 0x10b1, 0x1b79: 0x10c9, 0x1b7a: 0xbac9, 0x1b7b: 0xbae1,
-	0x1b7c: 0xbaf9, 0x1b7d: 0x1429, 0x1b7e: 0x1a31, 0x1b7f: 0xbb11,
-	// Block 0x6e, offset 0x1b80
-	0x1b80: 0xbb29, 0x1b81: 0xbb41, 0x1b82: 0xbb59, 0x1b83: 0xbb71, 0x1b84: 0xbb89, 0x1b85: 0x2109,
-	0x1b86: 0x1111, 0x1b87: 0xbba1, 0x1b88: 0xbba1, 0x1b89: 0xbbb9, 0x1b8a: 0xbbd1, 0x1b8b: 0x10e1,
-	0x1b8c: 0x10f9, 0x1b8d: 0xbbe9, 0x1b8e: 0x2079, 0x1b8f: 0xbc21, 0x1b90: 0xbac9, 0x1b91: 0x1429,
-	0x1b92: 0xbb11, 0x1b93: 0x10e1, 0x1b94: 0x1111, 0x1b95: 0x2109, 0x1b96: 0xbab1, 0x1b97: 0x1099,
-	0x1b98: 0x10b1, 0x1b99: 0x10c9, 0x1b9a: 0xbac9, 0x1b9b: 0xbae1, 0x1b9c: 0xbaf9, 0x1b9d: 0x1429,
-	0x1b9e: 0x1a31, 0x1b9f: 0xbb11, 0x1ba0: 0xbb29, 0x1ba1: 0xbb41, 0x1ba2: 0xbb59, 0x1ba3: 0xbb71,
-	0x1ba4: 0xbb89, 0x1ba5: 0x2109, 0x1ba6: 0x1111, 0x1ba7: 0x1429, 0x1ba8: 0xbba1, 0x1ba9: 0xbbb9,
-	0x1baa: 0xbbd1, 0x1bab: 0x10e1, 0x1bac: 0x10f9, 0x1bad: 0xbbe9, 0x1bae: 0x2079, 0x1baf: 0xbc01,
-	0x1bb0: 0xbab1, 0x1bb1: 0x1099, 0x1bb2: 0x10b1, 0x1bb3: 0x10c9, 0x1bb4: 0xbac9, 0x1bb5: 0xbae1,
-	0x1bb6: 0xbaf9, 0x1bb7: 0x1429, 0x1bb8: 0x1a31, 0x1bb9: 0xbb11, 0x1bba: 0xbb29, 0x1bbb: 0xbb41,
-	0x1bbc: 0xbb59, 0x1bbd: 0xbb71, 0x1bbe: 0xbb89, 0x1bbf: 0x2109,
-	// Block 0x6f, offset 0x1bc0
-	0x1bc0: 0x1111, 0x1bc1: 0xbba1, 0x1bc2: 0xbba1, 0x1bc3: 0xbbb9, 0x1bc4: 0xbbd1, 0x1bc5: 0x10e1,
-	0x1bc6: 0x10f9, 0x1bc7: 0xbbe9, 0x1bc8: 0x2079, 0x1bc9: 0xbc21, 0x1bca: 0xbac9, 0x1bcb: 0x1429,
-	0x1bcc: 0xbb11, 0x1bcd: 0x10e1, 0x1bce: 0x1111, 0x1bcf: 0x2109, 0x1bd0: 0xbab1, 0x1bd1: 0x1099,
-	0x1bd2: 0x10b1, 0x1bd3: 0x10c9, 0x1bd4: 0xbac9, 0x1bd5: 0xbae1, 0x1bd6: 0xbaf9, 0x1bd7: 0x1429,
-	0x1bd8: 0x1a31, 0x1bd9: 0xbb11, 0x1bda: 0xbb29, 0x1bdb: 0xbb41, 0x1bdc: 0xbb59, 0x1bdd: 0xbb71,
-	0x1bde: 0xbb89, 0x1bdf: 0x2109, 0x1be0: 0x1111, 0x1be1: 0x1429, 0x1be2: 0xbba1, 0x1be3: 0xbbb9,
-	0x1be4: 0xbbd1, 0x1be5: 0x10e1, 0x1be6: 0x10f9, 0x1be7: 0xbbe9, 0x1be8: 0x2079, 0x1be9: 0xbc01,
-	0x1bea: 0xbab1, 0x1beb: 0x1099, 0x1bec: 0x10b1, 0x1bed: 0x10c9, 0x1bee: 0xbac9, 0x1bef: 0xbae1,
-	0x1bf0: 0xbaf9, 0x1bf1: 0x1429, 0x1bf2: 0x1a31, 0x1bf3: 0xbb11, 0x1bf4: 0xbb29, 0x1bf5: 0xbb41,
-	0x1bf6: 0xbb59, 0x1bf7: 0xbb71, 0x1bf8: 0xbb89, 0x1bf9: 0x2109, 0x1bfa: 0x1111, 0x1bfb: 0xbba1,
-	0x1bfc: 0xbba1, 0x1bfd: 0xbbb9, 0x1bfe: 0xbbd1, 0x1bff: 0x10e1,
-	// Block 0x70, offset 0x1c00
-	0x1c00: 0x10f9, 0x1c01: 0xbbe9, 0x1c02: 0x2079, 0x1c03: 0xbc21, 0x1c04: 0xbac9, 0x1c05: 0x1429,
-	0x1c06: 0xbb11, 0x1c07: 0x10e1, 0x1c08: 0x1111, 0x1c09: 0x2109, 0x1c0a: 0xbc41, 0x1c0b: 0xbc41,
-	0x1c0c: 0x0040, 0x1c0d: 0x0040, 0x1c0e: 0x1f41, 0x1c0f: 0x00c9, 0x1c10: 0x0069, 0x1c11: 0x0079,
-	0x1c12: 0x1f51, 0x1c13: 0x1f61, 0x1c14: 0x1f71, 0x1c15: 0x1f81, 0x1c16: 0x1f91, 0x1c17: 0x1fa1,
-	0x1c18: 0x1f41, 0x1c19: 0x00c9, 0x1c1a: 0x0069, 0x1c1b: 0x0079, 0x1c1c: 0x1f51, 0x1c1d: 0x1f61,
-	0x1c1e: 0x1f71, 0x1c1f: 0x1f81, 0x1c20: 0x1f91, 0x1c21: 0x1fa1, 0x1c22: 0x1f41, 0x1c23: 0x00c9,
-	0x1c24: 0x0069, 0x1c25: 0x0079, 0x1c26: 0x1f51, 0x1c27: 0x1f61, 0x1c28: 0x1f71, 0x1c29: 0x1f81,
-	0x1c2a: 0x1f91, 0x1c2b: 0x1fa1, 0x1c2c: 0x1f41, 0x1c2d: 0x00c9, 0x1c2e: 0x0069, 0x1c2f: 0x0079,
-	0x1c30: 0x1f51, 0x1c31: 0x1f61, 0x1c32: 0x1f71, 0x1c33: 0x1f81, 0x1c34: 0x1f91, 0x1c35: 0x1fa1,
-	0x1c36: 0x1f41, 0x1c37: 0x00c9, 0x1c38: 0x0069, 0x1c39: 0x0079, 0x1c3a: 0x1f51, 0x1c3b: 0x1f61,
-	0x1c3c: 0x1f71, 0x1c3d: 0x1f81, 0x1c3e: 0x1f91, 0x1c3f: 0x1fa1,
-	// Block 0x71, offset 0x1c40
-	0x1c40: 0xe115, 0x1c41: 0xe115, 0x1c42: 0xe135, 0x1c43: 0xe135, 0x1c44: 0xe115, 0x1c45: 0xe115,
-	0x1c46: 0xe175, 0x1c47: 0xe175, 0x1c48: 0xe115, 0x1c49: 0xe115, 0x1c4a: 0xe135, 0x1c4b: 0xe135,
-	0x1c4c: 0xe115, 0x1c4d: 0xe115, 0x1c4e: 0xe1f5, 0x1c4f: 0xe1f5, 0x1c50: 0xe115, 0x1c51: 0xe115,
-	0x1c52: 0xe135, 0x1c53: 0xe135, 0x1c54: 0xe115, 0x1c55: 0xe115, 0x1c56: 0xe175, 0x1c57: 0xe175,
-	0x1c58: 0xe115, 0x1c59: 0xe115, 0x1c5a: 0xe135, 0x1c5b: 0xe135, 0x1c5c: 0xe115, 0x1c5d: 0xe115,
-	0x1c5e: 0x8b05, 0x1c5f: 0x8b05, 0x1c60: 0x04b5, 0x1c61: 0x04b5, 0x1c62: 0x0a08, 0x1c63: 0x0a08,
-	0x1c64: 0x0a08, 0x1c65: 0x0a08, 0x1c66: 0x0a08, 0x1c67: 0x0a08, 0x1c68: 0x0a08, 0x1c69: 0x0a08,
-	0x1c6a: 0x0a08, 0x1c6b: 0x0a08, 0x1c6c: 0x0a08, 0x1c6d: 0x0a08, 0x1c6e: 0x0a08, 0x1c6f: 0x0a08,
-	0x1c70: 0x0a08, 0x1c71: 0x0a08, 0x1c72: 0x0a08, 0x1c73: 0x0a08, 0x1c74: 0x0a08, 0x1c75: 0x0a08,
-	0x1c76: 0x0a08, 0x1c77: 0x0a08, 0x1c78: 0x0a08, 0x1c79: 0x0a08, 0x1c7a: 0x0a08, 0x1c7b: 0x0a08,
-	0x1c7c: 0x0a08, 0x1c7d: 0x0a08, 0x1c7e: 0x0a08, 0x1c7f: 0x0a08,
-	// Block 0x72, offset 0x1c80
-	0x1c80: 0xb189, 0x1c81: 0xb1a1, 0x1c82: 0xb201, 0x1c83: 0xb249, 0x1c84: 0x0040, 0x1c85: 0xb411,
-	0x1c86: 0xb291, 0x1c87: 0xb219, 0x1c88: 0xb309, 0x1c89: 0xb429, 0x1c8a: 0xb399, 0x1c8b: 0xb3b1,
-	0x1c8c: 0xb3c9, 0x1c8d: 0xb3e1, 0x1c8e: 0xb2a9, 0x1c8f: 0xb339, 0x1c90: 0xb369, 0x1c91: 0xb2d9,
-	0x1c92: 0xb381, 0x1c93: 0xb279, 0x1c94: 0xb2c1, 0x1c95: 0xb1d1, 0x1c96: 0xb1e9, 0x1c97: 0xb231,
-	0x1c98: 0xb261, 0x1c99: 0xb2f1, 0x1c9a: 0xb321, 0x1c9b: 0xb351, 0x1c9c: 0xbc59, 0x1c9d: 0x7949,
-	0x1c9e: 0xbc71, 0x1c9f: 0xbc89, 0x1ca0: 0x0040, 0x1ca1: 0xb1a1, 0x1ca2: 0xb201, 0x1ca3: 0x0040,
-	0x1ca4: 0xb3f9, 0x1ca5: 0x0040, 0x1ca6: 0x0040, 0x1ca7: 0xb219, 0x1ca8: 0x0040, 0x1ca9: 0xb429,
-	0x1caa: 0xb399, 0x1cab: 0xb3b1, 0x1cac: 0xb3c9, 0x1cad: 0xb3e1, 0x1cae: 0xb2a9, 0x1caf: 0xb339,
-	0x1cb0: 0xb369, 0x1cb1: 0xb2d9, 0x1cb2: 0xb381, 0x1cb3: 0x0040, 0x1cb4: 0xb2c1, 0x1cb5: 0xb1d1,
-	0x1cb6: 0xb1e9, 0x1cb7: 0xb231, 0x1cb8: 0x0040, 0x1cb9: 0xb2f1, 0x1cba: 0x0040, 0x1cbb: 0xb351,
-	0x1cbc: 0x0040, 0x1cbd: 0x0040, 0x1cbe: 0x0040, 0x1cbf: 0x0040,
-	// Block 0x73, offset 0x1cc0
-	0x1cc0: 0x0040, 0x1cc1: 0x0040, 0x1cc2: 0xb201, 0x1cc3: 0x0040, 0x1cc4: 0x0040, 0x1cc5: 0x0040,
-	0x1cc6: 0x0040, 0x1cc7: 0xb219, 0x1cc8: 0x0040, 0x1cc9: 0xb429, 0x1cca: 0x0040, 0x1ccb: 0xb3b1,
-	0x1ccc: 0x0040, 0x1ccd: 0xb3e1, 0x1cce: 0xb2a9, 0x1ccf: 0xb339, 0x1cd0: 0x0040, 0x1cd1: 0xb2d9,
-	0x1cd2: 0xb381, 0x1cd3: 0x0040, 0x1cd4: 0xb2c1, 0x1cd5: 0x0040, 0x1cd6: 0x0040, 0x1cd7: 0xb231,
-	0x1cd8: 0x0040, 0x1cd9: 0xb2f1, 0x1cda: 0x0040, 0x1cdb: 0xb351, 0x1cdc: 0x0040, 0x1cdd: 0x7949,
-	0x1cde: 0x0040, 0x1cdf: 0xbc89, 0x1ce0: 0x0040, 0x1ce1: 0xb1a1, 0x1ce2: 0xb201, 0x1ce3: 0x0040,
-	0x1ce4: 0xb3f9, 0x1ce5: 0x0040, 0x1ce6: 0x0040, 0x1ce7: 0xb219, 0x1ce8: 0xb309, 0x1ce9: 0xb429,
-	0x1cea: 0xb399, 0x1ceb: 0x0040, 0x1cec: 0xb3c9, 0x1ced: 0xb3e1, 0x1cee: 0xb2a9, 0x1cef: 0xb339,
-	0x1cf0: 0xb369, 0x1cf1: 0xb2d9, 0x1cf2: 0xb381, 0x1cf3: 0x0040, 0x1cf4: 0xb2c1, 0x1cf5: 0xb1d1,
-	0x1cf6: 0xb1e9, 0x1cf7: 0xb231, 0x1cf8: 0x0040, 0x1cf9: 0xb2f1, 0x1cfa: 0xb321, 0x1cfb: 0xb351,
-	0x1cfc: 0xbc59, 0x1cfd: 0x0040, 0x1cfe: 0xbc71, 0x1cff: 0x0040,
-	// Block 0x74, offset 0x1d00
-	0x1d00: 0xb189, 0x1d01: 0xb1a1, 0x1d02: 0xb201, 0x1d03: 0xb249, 0x1d04: 0xb3f9, 0x1d05: 0xb411,
-	0x1d06: 0xb291, 0x1d07: 0xb219, 0x1d08: 0xb309, 0x1d09: 0xb429, 0x1d0a: 0x0040, 0x1d0b: 0xb3b1,
-	0x1d0c: 0xb3c9, 0x1d0d: 0xb3e1, 0x1d0e: 0xb2a9, 0x1d0f: 0xb339, 0x1d10: 0xb369, 0x1d11: 0xb2d9,
-	0x1d12: 0xb381, 0x1d13: 0xb279, 0x1d14: 0xb2c1, 0x1d15: 0xb1d1, 0x1d16: 0xb1e9, 0x1d17: 0xb231,
-	0x1d18: 0xb261, 0x1d19: 0xb2f1, 0x1d1a: 0xb321, 0x1d1b: 0xb351, 0x1d1c: 0x0040, 0x1d1d: 0x0040,
-	0x1d1e: 0x0040, 0x1d1f: 0x0040, 0x1d20: 0x0040, 0x1d21: 0xb1a1, 0x1d22: 0xb201, 0x1d23: 0xb249,
-	0x1d24: 0x0040, 0x1d25: 0xb411, 0x1d26: 0xb291, 0x1d27: 0xb219, 0x1d28: 0xb309, 0x1d29: 0xb429,
-	0x1d2a: 0x0040, 0x1d2b: 0xb3b1, 0x1d2c: 0xb3c9, 0x1d2d: 0xb3e1, 0x1d2e: 0xb2a9, 0x1d2f: 0xb339,
-	0x1d30: 0xb369, 0x1d31: 0xb2d9, 0x1d32: 0xb381, 0x1d33: 0xb279, 0x1d34: 0xb2c1, 0x1d35: 0xb1d1,
-	0x1d36: 0xb1e9, 0x1d37: 0xb231, 0x1d38: 0xb261, 0x1d39: 0xb2f1, 0x1d3a: 0xb321, 0x1d3b: 0xb351,
-	0x1d3c: 0x0040, 0x1d3d: 0x0040, 0x1d3e: 0x0040, 0x1d3f: 0x0040,
-	// Block 0x75, offset 0x1d40
-	0x1d40: 0x0040, 0x1d41: 0xbca2, 0x1d42: 0xbcba, 0x1d43: 0xbcd2, 0x1d44: 0xbcea, 0x1d45: 0xbd02,
-	0x1d46: 0xbd1a, 0x1d47: 0xbd32, 0x1d48: 0xbd4a, 0x1d49: 0xbd62, 0x1d4a: 0xbd7a, 0x1d4b: 0x0018,
-	0x1d4c: 0x0018, 0x1d4d: 0x0040, 0x1d4e: 0x0040, 0x1d4f: 0x0040, 0x1d50: 0xbd92, 0x1d51: 0xbdb2,
-	0x1d52: 0xbdd2, 0x1d53: 0xbdf2, 0x1d54: 0xbe12, 0x1d55: 0xbe32, 0x1d56: 0xbe52, 0x1d57: 0xbe72,
-	0x1d58: 0xbe92, 0x1d59: 0xbeb2, 0x1d5a: 0xbed2, 0x1d5b: 0xbef2, 0x1d5c: 0xbf12, 0x1d5d: 0xbf32,
-	0x1d5e: 0xbf52, 0x1d5f: 0xbf72, 0x1d60: 0xbf92, 0x1d61: 0xbfb2, 0x1d62: 0xbfd2, 0x1d63: 0xbff2,
-	0x1d64: 0xc012, 0x1d65: 0xc032, 0x1d66: 0xc052, 0x1d67: 0xc072, 0x1d68: 0xc092, 0x1d69: 0xc0b2,
-	0x1d6a: 0xc0d1, 0x1d6b: 0x1159, 0x1d6c: 0x0269, 0x1d6d: 0x6671, 0x1d6e: 0xc111, 0x1d6f: 0x0040,
-	0x1d70: 0x0039, 0x1d71: 0x0ee9, 0x1d72: 0x1159, 0x1d73: 0x0ef9, 0x1d74: 0x0f09, 0x1d75: 0x1199,
-	0x1d76: 0x0f31, 0x1d77: 0x0249, 0x1d78: 0x0f41, 0x1d79: 0x0259, 0x1d7a: 0x0f51, 0x1d7b: 0x0359,
-	0x1d7c: 0x0f61, 0x1d7d: 0x0f71, 0x1d7e: 0x00d9, 0x1d7f: 0x0f99,
-	// Block 0x76, offset 0x1d80
-	0x1d80: 0x2039, 0x1d81: 0x0269, 0x1d82: 0x01d9, 0x1d83: 0x0fa9, 0x1d84: 0x0fb9, 0x1d85: 0x1089,
-	0x1d86: 0x0279, 0x1d87: 0x0369, 0x1d88: 0x0289, 0x1d89: 0x13d1, 0x1d8a: 0xc129, 0x1d8b: 0x65b1,
-	0x1d8c: 0xc141, 0x1d8d: 0x1441, 0x1d8e: 0xc159, 0x1d8f: 0xc179, 0x1d90: 0x0018, 0x1d91: 0x0018,
-	0x1d92: 0x0018, 0x1d93: 0x0018, 0x1d94: 0x0018, 0x1d95: 0x0018, 0x1d96: 0x0018, 0x1d97: 0x0018,
-	0x1d98: 0x0018, 0x1d99: 0x0018, 0x1d9a: 0x0018, 0x1d9b: 0x0018, 0x1d9c: 0x0018, 0x1d9d: 0x0018,
-	0x1d9e: 0x0018, 0x1d9f: 0x0018, 0x1da0: 0x0018, 0x1da1: 0x0018, 0x1da2: 0x0018, 0x1da3: 0x0018,
-	0x1da4: 0x0018, 0x1da5: 0x0018, 0x1da6: 0x0018, 0x1da7: 0x0018, 0x1da8: 0x0018, 0x1da9: 0x0018,
-	0x1daa: 0xc191, 0x1dab: 0xc1a9, 0x1dac: 0x0040, 0x1dad: 0x0040, 0x1dae: 0x0040, 0x1daf: 0x0040,
-	0x1db0: 0x0018, 0x1db1: 0x0018, 0x1db2: 0x0018, 0x1db3: 0x0018, 0x1db4: 0x0018, 0x1db5: 0x0018,
-	0x1db6: 0x0018, 0x1db7: 0x0018, 0x1db8: 0x0018, 0x1db9: 0x0018, 0x1dba: 0x0018, 0x1dbb: 0x0018,
-	0x1dbc: 0x0018, 0x1dbd: 0x0018, 0x1dbe: 0x0018, 0x1dbf: 0x0018,
-	// Block 0x77, offset 0x1dc0
-	0x1dc0: 0xc1d9, 0x1dc1: 0xc211, 0x1dc2: 0xc249, 0x1dc3: 0x0040, 0x1dc4: 0x0040, 0x1dc5: 0x0040,
-	0x1dc6: 0x0040, 0x1dc7: 0x0040, 0x1dc8: 0x0040, 0x1dc9: 0x0040, 0x1dca: 0x0040, 0x1dcb: 0x0040,
-	0x1dcc: 0x0040, 0x1dcd: 0x0040, 0x1dce: 0x0040, 0x1dcf: 0x0040, 0x1dd0: 0xc269, 0x1dd1: 0xc289,
-	0x1dd2: 0xc2a9, 0x1dd3: 0xc2c9, 0x1dd4: 0xc2e9, 0x1dd5: 0xc309, 0x1dd6: 0xc329, 0x1dd7: 0xc349,
-	0x1dd8: 0xc369, 0x1dd9: 0xc389, 0x1dda: 0xc3a9, 0x1ddb: 0xc3c9, 0x1ddc: 0xc3e9, 0x1ddd: 0xc409,
-	0x1dde: 0xc429, 0x1ddf: 0xc449, 0x1de0: 0xc469, 0x1de1: 0xc489, 0x1de2: 0xc4a9, 0x1de3: 0xc4c9,
-	0x1de4: 0xc4e9, 0x1de5: 0xc509, 0x1de6: 0xc529, 0x1de7: 0xc549, 0x1de8: 0xc569, 0x1de9: 0xc589,
-	0x1dea: 0xc5a9, 0x1deb: 0xc5c9, 0x1dec: 0xc5e9, 0x1ded: 0xc609, 0x1dee: 0xc629, 0x1def: 0xc649,
-	0x1df0: 0xc669, 0x1df1: 0xc689, 0x1df2: 0xc6a9, 0x1df3: 0xc6c9, 0x1df4: 0xc6e9, 0x1df5: 0xc709,
-	0x1df6: 0xc729, 0x1df7: 0xc749, 0x1df8: 0xc769, 0x1df9: 0xc789, 0x1dfa: 0xc7a9, 0x1dfb: 0xc7c9,
-	0x1dfc: 0x0040, 0x1dfd: 0x0040, 0x1dfe: 0x0040, 0x1dff: 0x0040,
-	// Block 0x78, offset 0x1e00
-	0x1e00: 0xcaf9, 0x1e01: 0xcb19, 0x1e02: 0xcb39, 0x1e03: 0x8b1d, 0x1e04: 0xcb59, 0x1e05: 0xcb79,
-	0x1e06: 0xcb99, 0x1e07: 0xcbb9, 0x1e08: 0xcbd9, 0x1e09: 0xcbf9, 0x1e0a: 0xcc19, 0x1e0b: 0xcc39,
-	0x1e0c: 0xcc59, 0x1e0d: 0x8b3d, 0x1e0e: 0xcc79, 0x1e0f: 0xcc99, 0x1e10: 0xccb9, 0x1e11: 0xccd9,
-	0x1e12: 0x8b5d, 0x1e13: 0xccf9, 0x1e14: 0xcd19, 0x1e15: 0xc429, 0x1e16: 0x8b7d, 0x1e17: 0xcd39,
-	0x1e18: 0xcd59, 0x1e19: 0xcd79, 0x1e1a: 0xcd99, 0x1e1b: 0xcdb9, 0x1e1c: 0x8b9d, 0x1e1d: 0xcdd9,
-	0x1e1e: 0xcdf9, 0x1e1f: 0xce19, 0x1e20: 0xce39, 0x1e21: 0xce59, 0x1e22: 0xc789, 0x1e23: 0xce79,
-	0x1e24: 0xce99, 0x1e25: 0xceb9, 0x1e26: 0xced9, 0x1e27: 0xcef9, 0x1e28: 0xcf19, 0x1e29: 0xcf39,
-	0x1e2a: 0xcf59, 0x1e2b: 0xcf79, 0x1e2c: 0xcf99, 0x1e2d: 0xcfb9, 0x1e2e: 0xcfd9, 0x1e2f: 0xcff9,
-	0x1e30: 0xd019, 0x1e31: 0xd039, 0x1e32: 0xd039, 0x1e33: 0xd039, 0x1e34: 0x8bbd, 0x1e35: 0xd059,
-	0x1e36: 0xd079, 0x1e37: 0xd099, 0x1e38: 0x8bdd, 0x1e39: 0xd0b9, 0x1e3a: 0xd0d9, 0x1e3b: 0xd0f9,
-	0x1e3c: 0xd119, 0x1e3d: 0xd139, 0x1e3e: 0xd159, 0x1e3f: 0xd179,
-	// Block 0x79, offset 0x1e40
-	0x1e40: 0xd199, 0x1e41: 0xd1b9, 0x1e42: 0xd1d9, 0x1e43: 0xd1f9, 0x1e44: 0xd219, 0x1e45: 0xd239,
-	0x1e46: 0xd239, 0x1e47: 0xd259, 0x1e48: 0xd279, 0x1e49: 0xd299, 0x1e4a: 0xd2b9, 0x1e4b: 0xd2d9,
-	0x1e4c: 0xd2f9, 0x1e4d: 0xd319, 0x1e4e: 0xd339, 0x1e4f: 0xd359, 0x1e50: 0xd379, 0x1e51: 0xd399,
-	0x1e52: 0xd3b9, 0x1e53: 0xd3d9, 0x1e54: 0xd3f9, 0x1e55: 0xd419, 0x1e56: 0xd439, 0x1e57: 0xd459,
-	0x1e58: 0xd479, 0x1e59: 0x8bfd, 0x1e5a: 0xd499, 0x1e5b: 0xd4b9, 0x1e5c: 0xd4d9, 0x1e5d: 0xc309,
-	0x1e5e: 0xd4f9, 0x1e5f: 0xd519, 0x1e60: 0x8c1d, 0x1e61: 0x8c3d, 0x1e62: 0xd539, 0x1e63: 0xd559,
-	0x1e64: 0xd579, 0x1e65: 0xd599, 0x1e66: 0xd5b9, 0x1e67: 0xd5d9, 0x1e68: 0x2040, 0x1e69: 0xd5f9,
-	0x1e6a: 0xd619, 0x1e6b: 0xd619, 0x1e6c: 0x8c5d, 0x1e6d: 0xd639, 0x1e6e: 0xd659, 0x1e6f: 0xd679,
-	0x1e70: 0xd699, 0x1e71: 0x8c7d, 0x1e72: 0xd6b9, 0x1e73: 0xd6d9, 0x1e74: 0x2040, 0x1e75: 0xd6f9,
-	0x1e76: 0xd719, 0x1e77: 0xd739, 0x1e78: 0xd759, 0x1e79: 0xd779, 0x1e7a: 0xd799, 0x1e7b: 0x8c9d,
-	0x1e7c: 0xd7b9, 0x1e7d: 0x8cbd, 0x1e7e: 0xd7d9, 0x1e7f: 0xd7f9,
-	// Block 0x7a, offset 0x1e80
-	0x1e80: 0xd819, 0x1e81: 0xd839, 0x1e82: 0xd859, 0x1e83: 0xd879, 0x1e84: 0xd899, 0x1e85: 0xd8b9,
-	0x1e86: 0xd8d9, 0x1e87: 0xd8f9, 0x1e88: 0xd919, 0x1e89: 0x8cdd, 0x1e8a: 0xd939, 0x1e8b: 0xd959,
-	0x1e8c: 0xd979, 0x1e8d: 0xd999, 0x1e8e: 0xd9b9, 0x1e8f: 0x8cfd, 0x1e90: 0xd9d9, 0x1e91: 0x8d1d,
-	0x1e92: 0x8d3d, 0x1e93: 0xd9f9, 0x1e94: 0xda19, 0x1e95: 0xda19, 0x1e96: 0xda39, 0x1e97: 0x8d5d,
-	0x1e98: 0x8d7d, 0x1e99: 0xda59, 0x1e9a: 0xda79, 0x1e9b: 0xda99, 0x1e9c: 0xdab9, 0x1e9d: 0xdad9,
-	0x1e9e: 0xdaf9, 0x1e9f: 0xdb19, 0x1ea0: 0xdb39, 0x1ea1: 0xdb59, 0x1ea2: 0xdb79, 0x1ea3: 0xdb99,
-	0x1ea4: 0x8d9d, 0x1ea5: 0xdbb9, 0x1ea6: 0xdbd9, 0x1ea7: 0xdbf9, 0x1ea8: 0xdc19, 0x1ea9: 0xdbf9,
-	0x1eaa: 0xdc39, 0x1eab: 0xdc59, 0x1eac: 0xdc79, 0x1ead: 0xdc99, 0x1eae: 0xdcb9, 0x1eaf: 0xdcd9,
-	0x1eb0: 0xdcf9, 0x1eb1: 0xdd19, 0x1eb2: 0xdd39, 0x1eb3: 0xdd59, 0x1eb4: 0xdd79, 0x1eb5: 0xdd99,
-	0x1eb6: 0xddb9, 0x1eb7: 0xddd9, 0x1eb8: 0x8dbd, 0x1eb9: 0xddf9, 0x1eba: 0xde19, 0x1ebb: 0xde39,
-	0x1ebc: 0xde59, 0x1ebd: 0xde79, 0x1ebe: 0x8ddd, 0x1ebf: 0xde99,
-	// Block 0x7b, offset 0x1ec0
-	0x1ec0: 0xe599, 0x1ec1: 0xe5b9, 0x1ec2: 0xe5d9, 0x1ec3: 0xe5f9, 0x1ec4: 0xe619, 0x1ec5: 0xe639,
-	0x1ec6: 0x8efd, 0x1ec7: 0xe659, 0x1ec8: 0xe679, 0x1ec9: 0xe699, 0x1eca: 0xe6b9, 0x1ecb: 0xe6d9,
-	0x1ecc: 0xe6f9, 0x1ecd: 0x8f1d, 0x1ece: 0xe719, 0x1ecf: 0xe739, 0x1ed0: 0x8f3d, 0x1ed1: 0x8f5d,
-	0x1ed2: 0xe759, 0x1ed3: 0xe779, 0x1ed4: 0xe799, 0x1ed5: 0xe7b9, 0x1ed6: 0xe7d9, 0x1ed7: 0xe7f9,
-	0x1ed8: 0xe819, 0x1ed9: 0xe839, 0x1eda: 0xe859, 0x1edb: 0x8f7d, 0x1edc: 0xe879, 0x1edd: 0x8f9d,
-	0x1ede: 0xe899, 0x1edf: 0x2040, 0x1ee0: 0xe8b9, 0x1ee1: 0xe8d9, 0x1ee2: 0xe8f9, 0x1ee3: 0x8fbd,
-	0x1ee4: 0xe919, 0x1ee5: 0xe939, 0x1ee6: 0x8fdd, 0x1ee7: 0x8ffd, 0x1ee8: 0xe959, 0x1ee9: 0xe979,
-	0x1eea: 0xe999, 0x1eeb: 0xe9b9, 0x1eec: 0xe9d9, 0x1eed: 0xe9d9, 0x1eee: 0xe9f9, 0x1eef: 0xea19,
-	0x1ef0: 0xea39, 0x1ef1: 0xea59, 0x1ef2: 0xea79, 0x1ef3: 0xea99, 0x1ef4: 0xeab9, 0x1ef5: 0x901d,
-	0x1ef6: 0xead9, 0x1ef7: 0x903d, 0x1ef8: 0xeaf9, 0x1ef9: 0x905d, 0x1efa: 0xeb19, 0x1efb: 0x907d,
-	0x1efc: 0x909d, 0x1efd: 0x90bd, 0x1efe: 0xeb39, 0x1eff: 0xeb59,
-	// Block 0x7c, offset 0x1f00
-	0x1f00: 0xeb79, 0x1f01: 0x90dd, 0x1f02: 0x90fd, 0x1f03: 0x911d, 0x1f04: 0x913d, 0x1f05: 0xeb99,
-	0x1f06: 0xebb9, 0x1f07: 0xebb9, 0x1f08: 0xebd9, 0x1f09: 0xebf9, 0x1f0a: 0xec19, 0x1f0b: 0xec39,
-	0x1f0c: 0xec59, 0x1f0d: 0x915d, 0x1f0e: 0xec79, 0x1f0f: 0xec99, 0x1f10: 0xecb9, 0x1f11: 0xecd9,
-	0x1f12: 0x917d, 0x1f13: 0xecf9, 0x1f14: 0x919d, 0x1f15: 0x91bd, 0x1f16: 0xed19, 0x1f17: 0xed39,
-	0x1f18: 0xed59, 0x1f19: 0xed79, 0x1f1a: 0xed99, 0x1f1b: 0xedb9, 0x1f1c: 0x91dd, 0x1f1d: 0x91fd,
-	0x1f1e: 0x921d, 0x1f1f: 0x2040, 0x1f20: 0xedd9, 0x1f21: 0x923d, 0x1f22: 0xedf9, 0x1f23: 0xee19,
-	0x1f24: 0xee39, 0x1f25: 0x925d, 0x1f26: 0xee59, 0x1f27: 0xee79, 0x1f28: 0xee99, 0x1f29: 0xeeb9,
-	0x1f2a: 0xeed9, 0x1f2b: 0x927d, 0x1f2c: 0xeef9, 0x1f2d: 0xef19, 0x1f2e: 0xef39, 0x1f2f: 0xef59,
-	0x1f30: 0xef79, 0x1f31: 0xef99, 0x1f32: 0x929d, 0x1f33: 0x92bd, 0x1f34: 0xefb9, 0x1f35: 0x92dd,
-	0x1f36: 0xefd9, 0x1f37: 0x92fd, 0x1f38: 0xeff9, 0x1f39: 0xf019, 0x1f3a: 0xf039, 0x1f3b: 0x931d,
-	0x1f3c: 0x933d, 0x1f3d: 0xf059, 0x1f3e: 0x935d, 0x1f3f: 0xf079,
-	// Block 0x7d, offset 0x1f40
-	0x1f40: 0xf6b9, 0x1f41: 0xf6d9, 0x1f42: 0xf6f9, 0x1f43: 0xf719, 0x1f44: 0xf739, 0x1f45: 0x951d,
-	0x1f46: 0xf759, 0x1f47: 0xf779, 0x1f48: 0xf799, 0x1f49: 0xf7b9, 0x1f4a: 0xf7d9, 0x1f4b: 0x953d,
-	0x1f4c: 0x955d, 0x1f4d: 0xf7f9, 0x1f4e: 0xf819, 0x1f4f: 0xf839, 0x1f50: 0xf859, 0x1f51: 0xf879,
-	0x1f52: 0xf899, 0x1f53: 0x957d, 0x1f54: 0xf8b9, 0x1f55: 0xf8d9, 0x1f56: 0xf8f9, 0x1f57: 0xf919,
-	0x1f58: 0x959d, 0x1f59: 0x95bd, 0x1f5a: 0xf939, 0x1f5b: 0xf959, 0x1f5c: 0xf979, 0x1f5d: 0x95dd,
-	0x1f5e: 0xf999, 0x1f5f: 0xf9b9, 0x1f60: 0x6815, 0x1f61: 0x95fd, 0x1f62: 0xf9d9, 0x1f63: 0xf9f9,
-	0x1f64: 0xfa19, 0x1f65: 0x961d, 0x1f66: 0xfa39, 0x1f67: 0xfa59, 0x1f68: 0xfa79, 0x1f69: 0xfa99,
-	0x1f6a: 0xfab9, 0x1f6b: 0xfad9, 0x1f6c: 0xfaf9, 0x1f6d: 0x963d, 0x1f6e: 0xfb19, 0x1f6f: 0xfb39,
-	0x1f70: 0xfb59, 0x1f71: 0x965d, 0x1f72: 0xfb79, 0x1f73: 0xfb99, 0x1f74: 0xfbb9, 0x1f75: 0xfbd9,
-	0x1f76: 0x7b35, 0x1f77: 0x967d, 0x1f78: 0xfbf9, 0x1f79: 0xfc19, 0x1f7a: 0xfc39, 0x1f7b: 0x969d,
-	0x1f7c: 0xfc59, 0x1f7d: 0x96bd, 0x1f7e: 0xfc79, 0x1f7f: 0xfc79,
-	// Block 0x7e, offset 0x1f80
-	0x1f80: 0xfc99, 0x1f81: 0x96dd, 0x1f82: 0xfcb9, 0x1f83: 0xfcd9, 0x1f84: 0xfcf9, 0x1f85: 0xfd19,
-	0x1f86: 0xfd39, 0x1f87: 0xfd59, 0x1f88: 0xfd79, 0x1f89: 0x96fd, 0x1f8a: 0xfd99, 0x1f8b: 0xfdb9,
-	0x1f8c: 0xfdd9, 0x1f8d: 0xfdf9, 0x1f8e: 0xfe19, 0x1f8f: 0xfe39, 0x1f90: 0x971d, 0x1f91: 0xfe59,
-	0x1f92: 0x973d, 0x1f93: 0x975d, 0x1f94: 0x977d, 0x1f95: 0xfe79, 0x1f96: 0xfe99, 0x1f97: 0xfeb9,
-	0x1f98: 0xfed9, 0x1f99: 0xfef9, 0x1f9a: 0xff19, 0x1f9b: 0xff39, 0x1f9c: 0xff59, 0x1f9d: 0x979d,
-	0x1f9e: 0x0040, 0x1f9f: 0x0040, 0x1fa0: 0x0040, 0x1fa1: 0x0040, 0x1fa2: 0x0040, 0x1fa3: 0x0040,
-	0x1fa4: 0x0040, 0x1fa5: 0x0040, 0x1fa6: 0x0040, 0x1fa7: 0x0040, 0x1fa8: 0x0040, 0x1fa9: 0x0040,
-	0x1faa: 0x0040, 0x1fab: 0x0040, 0x1fac: 0x0040, 0x1fad: 0x0040, 0x1fae: 0x0040, 0x1faf: 0x0040,
-	0x1fb0: 0x0040, 0x1fb1: 0x0040, 0x1fb2: 0x0040, 0x1fb3: 0x0040, 0x1fb4: 0x0040, 0x1fb5: 0x0040,
-	0x1fb6: 0x0040, 0x1fb7: 0x0040, 0x1fb8: 0x0040, 0x1fb9: 0x0040, 0x1fba: 0x0040, 0x1fbb: 0x0040,
-	0x1fbc: 0x0040, 0x1fbd: 0x0040, 0x1fbe: 0x0040, 0x1fbf: 0x0040,
-}
-
-// idnaIndex: 36 blocks, 2304 entries, 4608 bytes
-// Block 0 is the zero block.
-var idnaIndex = [2304]uint16{
-	// Block 0x0, offset 0x0
-	// Block 0x1, offset 0x40
-	// Block 0x2, offset 0x80
-	// Block 0x3, offset 0xc0
-	0xc2: 0x01, 0xc3: 0x7d, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x04, 0xc7: 0x05,
-	0xc8: 0x06, 0xc9: 0x7e, 0xca: 0x7f, 0xcb: 0x07, 0xcc: 0x80, 0xcd: 0x08, 0xce: 0x09, 0xcf: 0x0a,
-	0xd0: 0x81, 0xd1: 0x0b, 0xd2: 0x0c, 0xd3: 0x0d, 0xd4: 0x0e, 0xd5: 0x82, 0xd6: 0x83, 0xd7: 0x84,
-	0xd8: 0x0f, 0xd9: 0x10, 0xda: 0x85, 0xdb: 0x11, 0xdc: 0x12, 0xdd: 0x86, 0xde: 0x87, 0xdf: 0x88,
-	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06, 0xe5: 0x07, 0xe6: 0x07, 0xe7: 0x07,
-	0xe8: 0x07, 0xe9: 0x08, 0xea: 0x09, 0xeb: 0x07, 0xec: 0x07, 0xed: 0x0a, 0xee: 0x0b, 0xef: 0x0c,
-	0xf0: 0x1d, 0xf1: 0x1e, 0xf2: 0x1e, 0xf3: 0x20, 0xf4: 0x21,
-	// Block 0x4, offset 0x100
-	0x120: 0x89, 0x121: 0x13, 0x122: 0x8a, 0x123: 0x8b, 0x124: 0x8c, 0x125: 0x14, 0x126: 0x15, 0x127: 0x16,
-	0x128: 0x17, 0x129: 0x18, 0x12a: 0x19, 0x12b: 0x1a, 0x12c: 0x1b, 0x12d: 0x1c, 0x12e: 0x1d, 0x12f: 0x8d,
-	0x130: 0x8e, 0x131: 0x1e, 0x132: 0x1f, 0x133: 0x20, 0x134: 0x8f, 0x135: 0x21, 0x136: 0x90, 0x137: 0x91,
-	0x138: 0x92, 0x139: 0x93, 0x13a: 0x22, 0x13b: 0x94, 0x13c: 0x95, 0x13d: 0x23, 0x13e: 0x24, 0x13f: 0x96,
-	// Block 0x5, offset 0x140
-	0x140: 0x97, 0x141: 0x98, 0x142: 0x99, 0x143: 0x9a, 0x144: 0x9b, 0x145: 0x9c, 0x146: 0x9d, 0x147: 0x9e,
-	0x148: 0x9f, 0x149: 0xa0, 0x14a: 0xa1, 0x14b: 0xa2, 0x14c: 0xa3, 0x14d: 0xa4, 0x14e: 0xa5, 0x14f: 0xa6,
-	0x150: 0xa7, 0x151: 0x9f, 0x152: 0x9f, 0x153: 0x9f, 0x154: 0x9f, 0x155: 0x9f, 0x156: 0x9f, 0x157: 0x9f,
-	0x158: 0x9f, 0x159: 0xa8, 0x15a: 0xa9, 0x15b: 0xaa, 0x15c: 0xab, 0x15d: 0xac, 0x15e: 0xad, 0x15f: 0xae,
-	0x160: 0xaf, 0x161: 0xb0, 0x162: 0xb1, 0x163: 0xb2, 0x164: 0xb3, 0x165: 0xb4, 0x166: 0xb5, 0x167: 0xb6,
-	0x168: 0xb7, 0x169: 0xb8, 0x16a: 0xb9, 0x16b: 0xba, 0x16c: 0xbb, 0x16d: 0xbc, 0x16e: 0xbd, 0x16f: 0xbe,
-	0x170: 0xbf, 0x171: 0xc0, 0x172: 0xc1, 0x173: 0xc2, 0x174: 0x25, 0x175: 0x26, 0x176: 0x27, 0x177: 0xc3,
-	0x178: 0x28, 0x179: 0x28, 0x17a: 0x29, 0x17b: 0x28, 0x17c: 0xc4, 0x17d: 0x2a, 0x17e: 0x2b, 0x17f: 0x2c,
-	// Block 0x6, offset 0x180
-	0x180: 0x2d, 0x181: 0x2e, 0x182: 0x2f, 0x183: 0xc5, 0x184: 0x30, 0x185: 0x31, 0x186: 0xc6, 0x187: 0x9b,
-	0x188: 0xc7, 0x189: 0xc8, 0x18a: 0x9b, 0x18b: 0x9b, 0x18c: 0xc9, 0x18d: 0x9b, 0x18e: 0x9b, 0x18f: 0x9b,
-	0x190: 0xca, 0x191: 0x32, 0x192: 0x33, 0x193: 0x34, 0x194: 0x9b, 0x195: 0x9b, 0x196: 0x9b, 0x197: 0x9b,
-	0x198: 0x9b, 0x199: 0x9b, 0x19a: 0x9b, 0x19b: 0x9b, 0x19c: 0x9b, 0x19d: 0x9b, 0x19e: 0x9b, 0x19f: 0x9b,
-	0x1a0: 0x9b, 0x1a1: 0x9b, 0x1a2: 0x9b, 0x1a3: 0x9b, 0x1a4: 0x9b, 0x1a5: 0x9b, 0x1a6: 0x9b, 0x1a7: 0x9b,
-	0x1a8: 0xcb, 0x1a9: 0xcc, 0x1aa: 0x9b, 0x1ab: 0xcd, 0x1ac: 0x9b, 0x1ad: 0xce, 0x1ae: 0xcf, 0x1af: 0xd0,
-	0x1b0: 0xd1, 0x1b1: 0x35, 0x1b2: 0x28, 0x1b3: 0x36, 0x1b4: 0xd2, 0x1b5: 0xd3, 0x1b6: 0xd4, 0x1b7: 0xd5,
-	0x1b8: 0xd6, 0x1b9: 0xd7, 0x1ba: 0xd8, 0x1bb: 0xd9, 0x1bc: 0xda, 0x1bd: 0xdb, 0x1be: 0xdc, 0x1bf: 0x37,
-	// Block 0x7, offset 0x1c0
-	0x1c0: 0x38, 0x1c1: 0xdd, 0x1c2: 0xde, 0x1c3: 0xdf, 0x1c4: 0xe0, 0x1c5: 0x39, 0x1c6: 0x3a, 0x1c7: 0xe1,
-	0x1c8: 0xe2, 0x1c9: 0x3b, 0x1ca: 0x3c, 0x1cb: 0x3d, 0x1cc: 0x3e, 0x1cd: 0x3f, 0x1ce: 0x40, 0x1cf: 0x41,
-	0x1d0: 0x9f, 0x1d1: 0x9f, 0x1d2: 0x9f, 0x1d3: 0x9f, 0x1d4: 0x9f, 0x1d5: 0x9f, 0x1d6: 0x9f, 0x1d7: 0x9f,
-	0x1d8: 0x9f, 0x1d9: 0x9f, 0x1da: 0x9f, 0x1db: 0x9f, 0x1dc: 0x9f, 0x1dd: 0x9f, 0x1de: 0x9f, 0x1df: 0x9f,
-	0x1e0: 0x9f, 0x1e1: 0x9f, 0x1e2: 0x9f, 0x1e3: 0x9f, 0x1e4: 0x9f, 0x1e5: 0x9f, 0x1e6: 0x9f, 0x1e7: 0x9f,
-	0x1e8: 0x9f, 0x1e9: 0x9f, 0x1ea: 0x9f, 0x1eb: 0x9f, 0x1ec: 0x9f, 0x1ed: 0x9f, 0x1ee: 0x9f, 0x1ef: 0x9f,
-	0x1f0: 0x9f, 0x1f1: 0x9f, 0x1f2: 0x9f, 0x1f3: 0x9f, 0x1f4: 0x9f, 0x1f5: 0x9f, 0x1f6: 0x9f, 0x1f7: 0x9f,
-	0x1f8: 0x9f, 0x1f9: 0x9f, 0x1fa: 0x9f, 0x1fb: 0x9f, 0x1fc: 0x9f, 0x1fd: 0x9f, 0x1fe: 0x9f, 0x1ff: 0x9f,
-	// Block 0x8, offset 0x200
-	0x200: 0x9f, 0x201: 0x9f, 0x202: 0x9f, 0x203: 0x9f, 0x204: 0x9f, 0x205: 0x9f, 0x206: 0x9f, 0x207: 0x9f,
-	0x208: 0x9f, 0x209: 0x9f, 0x20a: 0x9f, 0x20b: 0x9f, 0x20c: 0x9f, 0x20d: 0x9f, 0x20e: 0x9f, 0x20f: 0x9f,
-	0x210: 0x9f, 0x211: 0x9f, 0x212: 0x9f, 0x213: 0x9f, 0x214: 0x9f, 0x215: 0x9f, 0x216: 0x9f, 0x217: 0x9f,
-	0x218: 0x9f, 0x219: 0x9f, 0x21a: 0x9f, 0x21b: 0x9f, 0x21c: 0x9f, 0x21d: 0x9f, 0x21e: 0x9f, 0x21f: 0x9f,
-	0x220: 0x9f, 0x221: 0x9f, 0x222: 0x9f, 0x223: 0x9f, 0x224: 0x9f, 0x225: 0x9f, 0x226: 0x9f, 0x227: 0x9f,
-	0x228: 0x9f, 0x229: 0x9f, 0x22a: 0x9f, 0x22b: 0x9f, 0x22c: 0x9f, 0x22d: 0x9f, 0x22e: 0x9f, 0x22f: 0x9f,
-	0x230: 0x9f, 0x231: 0x9f, 0x232: 0x9f, 0x233: 0x9f, 0x234: 0x9f, 0x235: 0x9f, 0x236: 0xb2, 0x237: 0x9b,
-	0x238: 0x9f, 0x239: 0x9f, 0x23a: 0x9f, 0x23b: 0x9f, 0x23c: 0x9f, 0x23d: 0x9f, 0x23e: 0x9f, 0x23f: 0x9f,
-	// Block 0x9, offset 0x240
-	0x240: 0x9f, 0x241: 0x9f, 0x242: 0x9f, 0x243: 0x9f, 0x244: 0x9f, 0x245: 0x9f, 0x246: 0x9f, 0x247: 0x9f,
-	0x248: 0x9f, 0x249: 0x9f, 0x24a: 0x9f, 0x24b: 0x9f, 0x24c: 0x9f, 0x24d: 0x9f, 0x24e: 0x9f, 0x24f: 0x9f,
-	0x250: 0x9f, 0x251: 0x9f, 0x252: 0x9f, 0x253: 0x9f, 0x254: 0x9f, 0x255: 0x9f, 0x256: 0x9f, 0x257: 0x9f,
-	0x258: 0x9f, 0x259: 0x9f, 0x25a: 0x9f, 0x25b: 0x9f, 0x25c: 0x9f, 0x25d: 0x9f, 0x25e: 0x9f, 0x25f: 0x9f,
-	0x260: 0x9f, 0x261: 0x9f, 0x262: 0x9f, 0x263: 0x9f, 0x264: 0x9f, 0x265: 0x9f, 0x266: 0x9f, 0x267: 0x9f,
-	0x268: 0x9f, 0x269: 0x9f, 0x26a: 0x9f, 0x26b: 0x9f, 0x26c: 0x9f, 0x26d: 0x9f, 0x26e: 0x9f, 0x26f: 0x9f,
-	0x270: 0x9f, 0x271: 0x9f, 0x272: 0x9f, 0x273: 0x9f, 0x274: 0x9f, 0x275: 0x9f, 0x276: 0x9f, 0x277: 0x9f,
-	0x278: 0x9f, 0x279: 0x9f, 0x27a: 0x9f, 0x27b: 0x9f, 0x27c: 0x9f, 0x27d: 0x9f, 0x27e: 0x9f, 0x27f: 0x9f,
-	// Block 0xa, offset 0x280
-	0x280: 0x9f, 0x281: 0x9f, 0x282: 0x9f, 0x283: 0x9f, 0x284: 0x9f, 0x285: 0x9f, 0x286: 0x9f, 0x287: 0x9f,
-	0x288: 0x9f, 0x289: 0x9f, 0x28a: 0x9f, 0x28b: 0x9f, 0x28c: 0x9f, 0x28d: 0x9f, 0x28e: 0x9f, 0x28f: 0x9f,
-	0x290: 0x9f, 0x291: 0x9f, 0x292: 0x9f, 0x293: 0x9f, 0x294: 0x9f, 0x295: 0x9f, 0x296: 0x9f, 0x297: 0x9f,
-	0x298: 0x9f, 0x299: 0x9f, 0x29a: 0x9f, 0x29b: 0x9f, 0x29c: 0x9f, 0x29d: 0x9f, 0x29e: 0x9f, 0x29f: 0x9f,
-	0x2a0: 0x9f, 0x2a1: 0x9f, 0x2a2: 0x9f, 0x2a3: 0x9f, 0x2a4: 0x9f, 0x2a5: 0x9f, 0x2a6: 0x9f, 0x2a7: 0x9f,
-	0x2a8: 0x9f, 0x2a9: 0x9f, 0x2aa: 0x9f, 0x2ab: 0x9f, 0x2ac: 0x9f, 0x2ad: 0x9f, 0x2ae: 0x9f, 0x2af: 0x9f,
-	0x2b0: 0x9f, 0x2b1: 0x9f, 0x2b2: 0x9f, 0x2b3: 0x9f, 0x2b4: 0x9f, 0x2b5: 0x9f, 0x2b6: 0x9f, 0x2b7: 0x9f,
-	0x2b8: 0x9f, 0x2b9: 0x9f, 0x2ba: 0x9f, 0x2bb: 0x9f, 0x2bc: 0x9f, 0x2bd: 0x9f, 0x2be: 0x9f, 0x2bf: 0xe3,
-	// Block 0xb, offset 0x2c0
-	0x2c0: 0x9f, 0x2c1: 0x9f, 0x2c2: 0x9f, 0x2c3: 0x9f, 0x2c4: 0x9f, 0x2c5: 0x9f, 0x2c6: 0x9f, 0x2c7: 0x9f,
-	0x2c8: 0x9f, 0x2c9: 0x9f, 0x2ca: 0x9f, 0x2cb: 0x9f, 0x2cc: 0x9f, 0x2cd: 0x9f, 0x2ce: 0x9f, 0x2cf: 0x9f,
-	0x2d0: 0x9f, 0x2d1: 0x9f, 0x2d2: 0xe4, 0x2d3: 0xe5, 0x2d4: 0x9f, 0x2d5: 0x9f, 0x2d6: 0x9f, 0x2d7: 0x9f,
-	0x2d8: 0xe6, 0x2d9: 0x42, 0x2da: 0x43, 0x2db: 0xe7, 0x2dc: 0x44, 0x2dd: 0x45, 0x2de: 0x46, 0x2df: 0xe8,
-	0x2e0: 0xe9, 0x2e1: 0xea, 0x2e2: 0xeb, 0x2e3: 0xec, 0x2e4: 0xed, 0x2e5: 0xee, 0x2e6: 0xef, 0x2e7: 0xf0,
-	0x2e8: 0xf1, 0x2e9: 0xf2, 0x2ea: 0xf3, 0x2eb: 0xf4, 0x2ec: 0xf5, 0x2ed: 0xf6, 0x2ee: 0xf7, 0x2ef: 0xf8,
-	0x2f0: 0x9f, 0x2f1: 0x9f, 0x2f2: 0x9f, 0x2f3: 0x9f, 0x2f4: 0x9f, 0x2f5: 0x9f, 0x2f6: 0x9f, 0x2f7: 0x9f,
-	0x2f8: 0x9f, 0x2f9: 0x9f, 0x2fa: 0x9f, 0x2fb: 0x9f, 0x2fc: 0x9f, 0x2fd: 0x9f, 0x2fe: 0x9f, 0x2ff: 0x9f,
-	// Block 0xc, offset 0x300
-	0x300: 0x9f, 0x301: 0x9f, 0x302: 0x9f, 0x303: 0x9f, 0x304: 0x9f, 0x305: 0x9f, 0x306: 0x9f, 0x307: 0x9f,
-	0x308: 0x9f, 0x309: 0x9f, 0x30a: 0x9f, 0x30b: 0x9f, 0x30c: 0x9f, 0x30d: 0x9f, 0x30e: 0x9f, 0x30f: 0x9f,
-	0x310: 0x9f, 0x311: 0x9f, 0x312: 0x9f, 0x313: 0x9f, 0x314: 0x9f, 0x315: 0x9f, 0x316: 0x9f, 0x317: 0x9f,
-	0x318: 0x9f, 0x319: 0x9f, 0x31a: 0x9f, 0x31b: 0x9f, 0x31c: 0x9f, 0x31d: 0x9f, 0x31e: 0xf9, 0x31f: 0xfa,
-	// Block 0xd, offset 0x340
-	0x340: 0xba, 0x341: 0xba, 0x342: 0xba, 0x343: 0xba, 0x344: 0xba, 0x345: 0xba, 0x346: 0xba, 0x347: 0xba,
-	0x348: 0xba, 0x349: 0xba, 0x34a: 0xba, 0x34b: 0xba, 0x34c: 0xba, 0x34d: 0xba, 0x34e: 0xba, 0x34f: 0xba,
-	0x350: 0xba, 0x351: 0xba, 0x352: 0xba, 0x353: 0xba, 0x354: 0xba, 0x355: 0xba, 0x356: 0xba, 0x357: 0xba,
-	0x358: 0xba, 0x359: 0xba, 0x35a: 0xba, 0x35b: 0xba, 0x35c: 0xba, 0x35d: 0xba, 0x35e: 0xba, 0x35f: 0xba,
-	0x360: 0xba, 0x361: 0xba, 0x362: 0xba, 0x363: 0xba, 0x364: 0xba, 0x365: 0xba, 0x366: 0xba, 0x367: 0xba,
-	0x368: 0xba, 0x369: 0xba, 0x36a: 0xba, 0x36b: 0xba, 0x36c: 0xba, 0x36d: 0xba, 0x36e: 0xba, 0x36f: 0xba,
-	0x370: 0xba, 0x371: 0xba, 0x372: 0xba, 0x373: 0xba, 0x374: 0xba, 0x375: 0xba, 0x376: 0xba, 0x377: 0xba,
-	0x378: 0xba, 0x379: 0xba, 0x37a: 0xba, 0x37b: 0xba, 0x37c: 0xba, 0x37d: 0xba, 0x37e: 0xba, 0x37f: 0xba,
-	// Block 0xe, offset 0x380
-	0x380: 0xba, 0x381: 0xba, 0x382: 0xba, 0x383: 0xba, 0x384: 0xba, 0x385: 0xba, 0x386: 0xba, 0x387: 0xba,
-	0x388: 0xba, 0x389: 0xba, 0x38a: 0xba, 0x38b: 0xba, 0x38c: 0xba, 0x38d: 0xba, 0x38e: 0xba, 0x38f: 0xba,
-	0x390: 0xba, 0x391: 0xba, 0x392: 0xba, 0x393: 0xba, 0x394: 0xba, 0x395: 0xba, 0x396: 0xba, 0x397: 0xba,
-	0x398: 0xba, 0x399: 0xba, 0x39a: 0xba, 0x39b: 0xba, 0x39c: 0xba, 0x39d: 0xba, 0x39e: 0xba, 0x39f: 0xba,
-	0x3a0: 0xba, 0x3a1: 0xba, 0x3a2: 0xba, 0x3a3: 0xba, 0x3a4: 0xfb, 0x3a5: 0xfc, 0x3a6: 0xfd, 0x3a7: 0xfe,
-	0x3a8: 0x47, 0x3a9: 0xff, 0x3aa: 0x100, 0x3ab: 0x48, 0x3ac: 0x49, 0x3ad: 0x4a, 0x3ae: 0x4b, 0x3af: 0x4c,
-	0x3b0: 0x101, 0x3b1: 0x4d, 0x3b2: 0x4e, 0x3b3: 0x4f, 0x3b4: 0x50, 0x3b5: 0x51, 0x3b6: 0x102, 0x3b7: 0x52,
-	0x3b8: 0x53, 0x3b9: 0x54, 0x3ba: 0x55, 0x3bb: 0x56, 0x3bc: 0x57, 0x3bd: 0x58, 0x3be: 0x59, 0x3bf: 0x5a,
-	// Block 0xf, offset 0x3c0
-	0x3c0: 0x103, 0x3c1: 0x104, 0x3c2: 0x9f, 0x3c3: 0x105, 0x3c4: 0x106, 0x3c5: 0x9b, 0x3c6: 0x107, 0x3c7: 0x108,
-	0x3c8: 0xba, 0x3c9: 0xba, 0x3ca: 0x109, 0x3cb: 0x10a, 0x3cc: 0x10b, 0x3cd: 0x10c, 0x3ce: 0x10d, 0x3cf: 0x10e,
-	0x3d0: 0x10f, 0x3d1: 0x9f, 0x3d2: 0x110, 0x3d3: 0x111, 0x3d4: 0x112, 0x3d5: 0x113, 0x3d6: 0xba, 0x3d7: 0xba,
-	0x3d8: 0x9f, 0x3d9: 0x9f, 0x3da: 0x9f, 0x3db: 0x9f, 0x3dc: 0x114, 0x3dd: 0x115, 0x3de: 0xba, 0x3df: 0xba,
-	0x3e0: 0x116, 0x3e1: 0x117, 0x3e2: 0x118, 0x3e3: 0x119, 0x3e4: 0x11a, 0x3e5: 0xba, 0x3e6: 0x11b, 0x3e7: 0x11c,
-	0x3e8: 0x11d, 0x3e9: 0x11e, 0x3ea: 0x11f, 0x3eb: 0x5b, 0x3ec: 0x120, 0x3ed: 0x121, 0x3ee: 0x5c, 0x3ef: 0xba,
-	0x3f0: 0x122, 0x3f1: 0x123, 0x3f2: 0x124, 0x3f3: 0x125, 0x3f4: 0xba, 0x3f5: 0xba, 0x3f6: 0xba, 0x3f7: 0xba,
-	0x3f8: 0xba, 0x3f9: 0x126, 0x3fa: 0xba, 0x3fb: 0xba, 0x3fc: 0xba, 0x3fd: 0xba, 0x3fe: 0xba, 0x3ff: 0xba,
-	// Block 0x10, offset 0x400
-	0x400: 0x127, 0x401: 0x128, 0x402: 0x129, 0x403: 0x12a, 0x404: 0x12b, 0x405: 0x12c, 0x406: 0x12d, 0x407: 0x12e,
-	0x408: 0x12f, 0x409: 0xba, 0x40a: 0x130, 0x40b: 0x131, 0x40c: 0x5d, 0x40d: 0x5e, 0x40e: 0xba, 0x40f: 0xba,
-	0x410: 0x132, 0x411: 0x133, 0x412: 0x134, 0x413: 0x135, 0x414: 0xba, 0x415: 0xba, 0x416: 0x136, 0x417: 0x137,
-	0x418: 0x138, 0x419: 0x139, 0x41a: 0x13a, 0x41b: 0x13b, 0x41c: 0x13c, 0x41d: 0xba, 0x41e: 0xba, 0x41f: 0xba,
-	0x420: 0xba, 0x421: 0xba, 0x422: 0x13d, 0x423: 0x13e, 0x424: 0xba, 0x425: 0xba, 0x426: 0xba, 0x427: 0xba,
-	0x428: 0x13f, 0x429: 0x140, 0x42a: 0x141, 0x42b: 0x142, 0x42c: 0xba, 0x42d: 0xba, 0x42e: 0xba, 0x42f: 0xba,
-	0x430: 0x143, 0x431: 0x144, 0x432: 0x145, 0x433: 0xba, 0x434: 0x146, 0x435: 0x147, 0x436: 0xba, 0x437: 0xba,
-	0x438: 0xba, 0x439: 0xba, 0x43a: 0xba, 0x43b: 0xba, 0x43c: 0xba, 0x43d: 0xba, 0x43e: 0xba, 0x43f: 0xba,
-	// Block 0x11, offset 0x440
-	0x440: 0x9f, 0x441: 0x9f, 0x442: 0x9f, 0x443: 0x9f, 0x444: 0x9f, 0x445: 0x9f, 0x446: 0x9f, 0x447: 0x9f,
-	0x448: 0x9f, 0x449: 0x9f, 0x44a: 0x9f, 0x44b: 0x9f, 0x44c: 0x9f, 0x44d: 0x9f, 0x44e: 0x148, 0x44f: 0xba,
-	0x450: 0x9b, 0x451: 0x149, 0x452: 0x9f, 0x453: 0x9f, 0x454: 0x9f, 0x455: 0x14a, 0x456: 0xba, 0x457: 0xba,
-	0x458: 0xba, 0x459: 0xba, 0x45a: 0xba, 0x45b: 0xba, 0x45c: 0xba, 0x45d: 0xba, 0x45e: 0xba, 0x45f: 0xba,
-	0x460: 0xba, 0x461: 0xba, 0x462: 0xba, 0x463: 0xba, 0x464: 0xba, 0x465: 0xba, 0x466: 0xba, 0x467: 0xba,
-	0x468: 0xba, 0x469: 0xba, 0x46a: 0xba, 0x46b: 0xba, 0x46c: 0xba, 0x46d: 0xba, 0x46e: 0xba, 0x46f: 0xba,
-	0x470: 0xba, 0x471: 0xba, 0x472: 0xba, 0x473: 0xba, 0x474: 0xba, 0x475: 0xba, 0x476: 0xba, 0x477: 0xba,
-	0x478: 0xba, 0x479: 0xba, 0x47a: 0xba, 0x47b: 0xba, 0x47c: 0xba, 0x47d: 0xba, 0x47e: 0xba, 0x47f: 0xba,
-	// Block 0x12, offset 0x480
-	0x480: 0x9f, 0x481: 0x9f, 0x482: 0x9f, 0x483: 0x9f, 0x484: 0x9f, 0x485: 0x9f, 0x486: 0x9f, 0x487: 0x9f,
-	0x488: 0x9f, 0x489: 0x9f, 0x48a: 0x9f, 0x48b: 0x9f, 0x48c: 0x9f, 0x48d: 0x9f, 0x48e: 0x9f, 0x48f: 0x9f,
-	0x490: 0x14b, 0x491: 0xba, 0x492: 0xba, 0x493: 0xba, 0x494: 0xba, 0x495: 0xba, 0x496: 0xba, 0x497: 0xba,
-	0x498: 0xba, 0x499: 0xba, 0x49a: 0xba, 0x49b: 0xba, 0x49c: 0xba, 0x49d: 0xba, 0x49e: 0xba, 0x49f: 0xba,
-	0x4a0: 0xba, 0x4a1: 0xba, 0x4a2: 0xba, 0x4a3: 0xba, 0x4a4: 0xba, 0x4a5: 0xba, 0x4a6: 0xba, 0x4a7: 0xba,
-	0x4a8: 0xba, 0x4a9: 0xba, 0x4aa: 0xba, 0x4ab: 0xba, 0x4ac: 0xba, 0x4ad: 0xba, 0x4ae: 0xba, 0x4af: 0xba,
-	0x4b0: 0xba, 0x4b1: 0xba, 0x4b2: 0xba, 0x4b3: 0xba, 0x4b4: 0xba, 0x4b5: 0xba, 0x4b6: 0xba, 0x4b7: 0xba,
-	0x4b8: 0xba, 0x4b9: 0xba, 0x4ba: 0xba, 0x4bb: 0xba, 0x4bc: 0xba, 0x4bd: 0xba, 0x4be: 0xba, 0x4bf: 0xba,
-	// Block 0x13, offset 0x4c0
-	0x4c0: 0xba, 0x4c1: 0xba, 0x4c2: 0xba, 0x4c3: 0xba, 0x4c4: 0xba, 0x4c5: 0xba, 0x4c6: 0xba, 0x4c7: 0xba,
-	0x4c8: 0xba, 0x4c9: 0xba, 0x4ca: 0xba, 0x4cb: 0xba, 0x4cc: 0xba, 0x4cd: 0xba, 0x4ce: 0xba, 0x4cf: 0xba,
-	0x4d0: 0x9f, 0x4d1: 0x9f, 0x4d2: 0x9f, 0x4d3: 0x9f, 0x4d4: 0x9f, 0x4d5: 0x9f, 0x4d6: 0x9f, 0x4d7: 0x9f,
-	0x4d8: 0x9f, 0x4d9: 0x14c, 0x4da: 0xba, 0x4db: 0xba, 0x4dc: 0xba, 0x4dd: 0xba, 0x4de: 0xba, 0x4df: 0xba,
-	0x4e0: 0xba, 0x4e1: 0xba, 0x4e2: 0xba, 0x4e3: 0xba, 0x4e4: 0xba, 0x4e5: 0xba, 0x4e6: 0xba, 0x4e7: 0xba,
-	0x4e8: 0xba, 0x4e9: 0xba, 0x4ea: 0xba, 0x4eb: 0xba, 0x4ec: 0xba, 0x4ed: 0xba, 0x4ee: 0xba, 0x4ef: 0xba,
-	0x4f0: 0xba, 0x4f1: 0xba, 0x4f2: 0xba, 0x4f3: 0xba, 0x4f4: 0xba, 0x4f5: 0xba, 0x4f6: 0xba, 0x4f7: 0xba,
-	0x4f8: 0xba, 0x4f9: 0xba, 0x4fa: 0xba, 0x4fb: 0xba, 0x4fc: 0xba, 0x4fd: 0xba, 0x4fe: 0xba, 0x4ff: 0xba,
-	// Block 0x14, offset 0x500
-	0x500: 0xba, 0x501: 0xba, 0x502: 0xba, 0x503: 0xba, 0x504: 0xba, 0x505: 0xba, 0x506: 0xba, 0x507: 0xba,
-	0x508: 0xba, 0x509: 0xba, 0x50a: 0xba, 0x50b: 0xba, 0x50c: 0xba, 0x50d: 0xba, 0x50e: 0xba, 0x50f: 0xba,
-	0x510: 0xba, 0x511: 0xba, 0x512: 0xba, 0x513: 0xba, 0x514: 0xba, 0x515: 0xba, 0x516: 0xba, 0x517: 0xba,
-	0x518: 0xba, 0x519: 0xba, 0x51a: 0xba, 0x51b: 0xba, 0x51c: 0xba, 0x51d: 0xba, 0x51e: 0xba, 0x51f: 0xba,
-	0x520: 0x9f, 0x521: 0x9f, 0x522: 0x9f, 0x523: 0x9f, 0x524: 0x9f, 0x525: 0x9f, 0x526: 0x9f, 0x527: 0x9f,
-	0x528: 0x142, 0x529: 0x14d, 0x52a: 0xba, 0x52b: 0x14e, 0x52c: 0x14f, 0x52d: 0x150, 0x52e: 0x151, 0x52f: 0xba,
-	0x530: 0xba, 0x531: 0xba, 0x532: 0xba, 0x533: 0xba, 0x534: 0xba, 0x535: 0xba, 0x536: 0xba, 0x537: 0xba,
-	0x538: 0xba, 0x539: 0xba, 0x53a: 0xba, 0x53b: 0xba, 0x53c: 0x9f, 0x53d: 0x152, 0x53e: 0x153, 0x53f: 0x154,
-	// Block 0x15, offset 0x540
-	0x540: 0x9f, 0x541: 0x9f, 0x542: 0x9f, 0x543: 0x9f, 0x544: 0x9f, 0x545: 0x9f, 0x546: 0x9f, 0x547: 0x9f,
-	0x548: 0x9f, 0x549: 0x9f, 0x54a: 0x9f, 0x54b: 0x9f, 0x54c: 0x9f, 0x54d: 0x9f, 0x54e: 0x9f, 0x54f: 0x9f,
-	0x550: 0x9f, 0x551: 0x9f, 0x552: 0x9f, 0x553: 0x9f, 0x554: 0x9f, 0x555: 0x9f, 0x556: 0x9f, 0x557: 0x9f,
-	0x558: 0x9f, 0x559: 0x9f, 0x55a: 0x9f, 0x55b: 0x9f, 0x55c: 0x9f, 0x55d: 0x9f, 0x55e: 0x9f, 0x55f: 0x155,
-	0x560: 0x9f, 0x561: 0x9f, 0x562: 0x9f, 0x563: 0x9f, 0x564: 0x9f, 0x565: 0x9f, 0x566: 0x9f, 0x567: 0x9f,
-	0x568: 0x9f, 0x569: 0x9f, 0x56a: 0x9f, 0x56b: 0x156, 0x56c: 0xba, 0x56d: 0xba, 0x56e: 0xba, 0x56f: 0xba,
-	0x570: 0xba, 0x571: 0xba, 0x572: 0xba, 0x573: 0xba, 0x574: 0xba, 0x575: 0xba, 0x576: 0xba, 0x577: 0xba,
-	0x578: 0xba, 0x579: 0xba, 0x57a: 0xba, 0x57b: 0xba, 0x57c: 0xba, 0x57d: 0xba, 0x57e: 0xba, 0x57f: 0xba,
-	// Block 0x16, offset 0x580
-	0x580: 0x9f, 0x581: 0x9f, 0x582: 0x9f, 0x583: 0x9f, 0x584: 0x157, 0x585: 0x158, 0x586: 0x9f, 0x587: 0x9f,
-	0x588: 0x9f, 0x589: 0x9f, 0x58a: 0x9f, 0x58b: 0x159, 0x58c: 0xba, 0x58d: 0xba, 0x58e: 0xba, 0x58f: 0xba,
-	0x590: 0xba, 0x591: 0xba, 0x592: 0xba, 0x593: 0xba, 0x594: 0xba, 0x595: 0xba, 0x596: 0xba, 0x597: 0xba,
-	0x598: 0xba, 0x599: 0xba, 0x59a: 0xba, 0x59b: 0xba, 0x59c: 0xba, 0x59d: 0xba, 0x59e: 0xba, 0x59f: 0xba,
-	0x5a0: 0xba, 0x5a1: 0xba, 0x5a2: 0xba, 0x5a3: 0xba, 0x5a4: 0xba, 0x5a5: 0xba, 0x5a6: 0xba, 0x5a7: 0xba,
-	0x5a8: 0xba, 0x5a9: 0xba, 0x5aa: 0xba, 0x5ab: 0xba, 0x5ac: 0xba, 0x5ad: 0xba, 0x5ae: 0xba, 0x5af: 0xba,
-	0x5b0: 0x9f, 0x5b1: 0x15a, 0x5b2: 0x15b, 0x5b3: 0xba, 0x5b4: 0xba, 0x5b5: 0xba, 0x5b6: 0xba, 0x5b7: 0xba,
-	0x5b8: 0xba, 0x5b9: 0xba, 0x5ba: 0xba, 0x5bb: 0xba, 0x5bc: 0xba, 0x5bd: 0xba, 0x5be: 0xba, 0x5bf: 0xba,
-	// Block 0x17, offset 0x5c0
-	0x5c0: 0x9b, 0x5c1: 0x9b, 0x5c2: 0x9b, 0x5c3: 0x15c, 0x5c4: 0x15d, 0x5c5: 0x15e, 0x5c6: 0x15f, 0x5c7: 0x160,
-	0x5c8: 0x9b, 0x5c9: 0x161, 0x5ca: 0xba, 0x5cb: 0xba, 0x5cc: 0x9b, 0x5cd: 0x162, 0x5ce: 0xba, 0x5cf: 0xba,
-	0x5d0: 0x5f, 0x5d1: 0x60, 0x5d2: 0x61, 0x5d3: 0x62, 0x5d4: 0x63, 0x5d5: 0x64, 0x5d6: 0x65, 0x5d7: 0x66,
-	0x5d8: 0x67, 0x5d9: 0x68, 0x5da: 0x69, 0x5db: 0x6a, 0x5dc: 0x6b, 0x5dd: 0x6c, 0x5de: 0x6d, 0x5df: 0x6e,
-	0x5e0: 0x9b, 0x5e1: 0x9b, 0x5e2: 0x9b, 0x5e3: 0x9b, 0x5e4: 0x9b, 0x5e5: 0x9b, 0x5e6: 0x9b, 0x5e7: 0x9b,
-	0x5e8: 0x163, 0x5e9: 0x164, 0x5ea: 0x165, 0x5eb: 0xba, 0x5ec: 0xba, 0x5ed: 0xba, 0x5ee: 0xba, 0x5ef: 0xba,
-	0x5f0: 0xba, 0x5f1: 0xba, 0x5f2: 0xba, 0x5f3: 0xba, 0x5f4: 0xba, 0x5f5: 0xba, 0x5f6: 0xba, 0x5f7: 0xba,
-	0x5f8: 0xba, 0x5f9: 0xba, 0x5fa: 0xba, 0x5fb: 0xba, 0x5fc: 0xba, 0x5fd: 0xba, 0x5fe: 0xba, 0x5ff: 0xba,
-	// Block 0x18, offset 0x600
-	0x600: 0x166, 0x601: 0xba, 0x602: 0xba, 0x603: 0xba, 0x604: 0xba, 0x605: 0xba, 0x606: 0xba, 0x607: 0xba,
-	0x608: 0xba, 0x609: 0xba, 0x60a: 0xba, 0x60b: 0xba, 0x60c: 0xba, 0x60d: 0xba, 0x60e: 0xba, 0x60f: 0xba,
-	0x610: 0xba, 0x611: 0xba, 0x612: 0xba, 0x613: 0xba, 0x614: 0xba, 0x615: 0xba, 0x616: 0xba, 0x617: 0xba,
-	0x618: 0xba, 0x619: 0xba, 0x61a: 0xba, 0x61b: 0xba, 0x61c: 0xba, 0x61d: 0xba, 0x61e: 0xba, 0x61f: 0xba,
-	0x620: 0x122, 0x621: 0x122, 0x622: 0x122, 0x623: 0x167, 0x624: 0x6f, 0x625: 0x168, 0x626: 0xba, 0x627: 0xba,
-	0x628: 0xba, 0x629: 0xba, 0x62a: 0xba, 0x62b: 0xba, 0x62c: 0xba, 0x62d: 0xba, 0x62e: 0xba, 0x62f: 0xba,
-	0x630: 0xba, 0x631: 0xba, 0x632: 0xba, 0x633: 0xba, 0x634: 0xba, 0x635: 0xba, 0x636: 0xba, 0x637: 0xba,
-	0x638: 0x70, 0x639: 0x71, 0x63a: 0x72, 0x63b: 0x169, 0x63c: 0xba, 0x63d: 0xba, 0x63e: 0xba, 0x63f: 0xba,
-	// Block 0x19, offset 0x640
-	0x640: 0x16a, 0x641: 0x9b, 0x642: 0x16b, 0x643: 0x16c, 0x644: 0x73, 0x645: 0x74, 0x646: 0x16d, 0x647: 0x16e,
-	0x648: 0x75, 0x649: 0x16f, 0x64a: 0xba, 0x64b: 0xba, 0x64c: 0x9b, 0x64d: 0x9b, 0x64e: 0x9b, 0x64f: 0x9b,
-	0x650: 0x9b, 0x651: 0x9b, 0x652: 0x9b, 0x653: 0x9b, 0x654: 0x9b, 0x655: 0x9b, 0x656: 0x9b, 0x657: 0x9b,
-	0x658: 0x9b, 0x659: 0x9b, 0x65a: 0x9b, 0x65b: 0x170, 0x65c: 0x9b, 0x65d: 0x171, 0x65e: 0x9b, 0x65f: 0x172,
-	0x660: 0x173, 0x661: 0x174, 0x662: 0x175, 0x663: 0xba, 0x664: 0x176, 0x665: 0x177, 0x666: 0x178, 0x667: 0x179,
-	0x668: 0xba, 0x669: 0xba, 0x66a: 0xba, 0x66b: 0xba, 0x66c: 0xba, 0x66d: 0xba, 0x66e: 0xba, 0x66f: 0xba,
-	0x670: 0xba, 0x671: 0xba, 0x672: 0xba, 0x673: 0xba, 0x674: 0xba, 0x675: 0xba, 0x676: 0xba, 0x677: 0xba,
-	0x678: 0xba, 0x679: 0xba, 0x67a: 0xba, 0x67b: 0xba, 0x67c: 0xba, 0x67d: 0xba, 0x67e: 0xba, 0x67f: 0xba,
-	// Block 0x1a, offset 0x680
-	0x680: 0x9f, 0x681: 0x9f, 0x682: 0x9f, 0x683: 0x9f, 0x684: 0x9f, 0x685: 0x9f, 0x686: 0x9f, 0x687: 0x9f,
-	0x688: 0x9f, 0x689: 0x9f, 0x68a: 0x9f, 0x68b: 0x9f, 0x68c: 0x9f, 0x68d: 0x9f, 0x68e: 0x9f, 0x68f: 0x9f,
-	0x690: 0x9f, 0x691: 0x9f, 0x692: 0x9f, 0x693: 0x9f, 0x694: 0x9f, 0x695: 0x9f, 0x696: 0x9f, 0x697: 0x9f,
-	0x698: 0x9f, 0x699: 0x9f, 0x69a: 0x9f, 0x69b: 0x17a, 0x69c: 0x9f, 0x69d: 0x9f, 0x69e: 0x9f, 0x69f: 0x9f,
-	0x6a0: 0x9f, 0x6a1: 0x9f, 0x6a2: 0x9f, 0x6a3: 0x9f, 0x6a4: 0x9f, 0x6a5: 0x9f, 0x6a6: 0x9f, 0x6a7: 0x9f,
-	0x6a8: 0x9f, 0x6a9: 0x9f, 0x6aa: 0x9f, 0x6ab: 0x9f, 0x6ac: 0x9f, 0x6ad: 0x9f, 0x6ae: 0x9f, 0x6af: 0x9f,
-	0x6b0: 0x9f, 0x6b1: 0x9f, 0x6b2: 0x9f, 0x6b3: 0x9f, 0x6b4: 0x9f, 0x6b5: 0x9f, 0x6b6: 0x9f, 0x6b7: 0x9f,
-	0x6b8: 0x9f, 0x6b9: 0x9f, 0x6ba: 0x9f, 0x6bb: 0x9f, 0x6bc: 0x9f, 0x6bd: 0x9f, 0x6be: 0x9f, 0x6bf: 0x9f,
-	// Block 0x1b, offset 0x6c0
-	0x6c0: 0x9f, 0x6c1: 0x9f, 0x6c2: 0x9f, 0x6c3: 0x9f, 0x6c4: 0x9f, 0x6c5: 0x9f, 0x6c6: 0x9f, 0x6c7: 0x9f,
-	0x6c8: 0x9f, 0x6c9: 0x9f, 0x6ca: 0x9f, 0x6cb: 0x9f, 0x6cc: 0x9f, 0x6cd: 0x9f, 0x6ce: 0x9f, 0x6cf: 0x9f,
-	0x6d0: 0x9f, 0x6d1: 0x9f, 0x6d2: 0x9f, 0x6d3: 0x9f, 0x6d4: 0x9f, 0x6d5: 0x9f, 0x6d6: 0x9f, 0x6d7: 0x9f,
-	0x6d8: 0x9f, 0x6d9: 0x9f, 0x6da: 0x9f, 0x6db: 0x9f, 0x6dc: 0x17b, 0x6dd: 0x9f, 0x6de: 0x9f, 0x6df: 0x9f,
-	0x6e0: 0x17c, 0x6e1: 0x9f, 0x6e2: 0x9f, 0x6e3: 0x9f, 0x6e4: 0x9f, 0x6e5: 0x9f, 0x6e6: 0x9f, 0x6e7: 0x9f,
-	0x6e8: 0x9f, 0x6e9: 0x9f, 0x6ea: 0x9f, 0x6eb: 0x9f, 0x6ec: 0x9f, 0x6ed: 0x9f, 0x6ee: 0x9f, 0x6ef: 0x9f,
-	0x6f0: 0x9f, 0x6f1: 0x9f, 0x6f2: 0x9f, 0x6f3: 0x9f, 0x6f4: 0x9f, 0x6f5: 0x9f, 0x6f6: 0x9f, 0x6f7: 0x9f,
-	0x6f8: 0x9f, 0x6f9: 0x9f, 0x6fa: 0x9f, 0x6fb: 0x9f, 0x6fc: 0x9f, 0x6fd: 0x9f, 0x6fe: 0x9f, 0x6ff: 0x9f,
-	// Block 0x1c, offset 0x700
-	0x700: 0x9f, 0x701: 0x9f, 0x702: 0x9f, 0x703: 0x9f, 0x704: 0x9f, 0x705: 0x9f, 0x706: 0x9f, 0x707: 0x9f,
-	0x708: 0x9f, 0x709: 0x9f, 0x70a: 0x9f, 0x70b: 0x9f, 0x70c: 0x9f, 0x70d: 0x9f, 0x70e: 0x9f, 0x70f: 0x9f,
-	0x710: 0x9f, 0x711: 0x9f, 0x712: 0x9f, 0x713: 0x9f, 0x714: 0x9f, 0x715: 0x9f, 0x716: 0x9f, 0x717: 0x9f,
-	0x718: 0x9f, 0x719: 0x9f, 0x71a: 0x9f, 0x71b: 0x9f, 0x71c: 0x9f, 0x71d: 0x9f, 0x71e: 0x9f, 0x71f: 0x9f,
-	0x720: 0x9f, 0x721: 0x9f, 0x722: 0x9f, 0x723: 0x9f, 0x724: 0x9f, 0x725: 0x9f, 0x726: 0x9f, 0x727: 0x9f,
-	0x728: 0x9f, 0x729: 0x9f, 0x72a: 0x9f, 0x72b: 0x9f, 0x72c: 0x9f, 0x72d: 0x9f, 0x72e: 0x9f, 0x72f: 0x9f,
-	0x730: 0x9f, 0x731: 0x9f, 0x732: 0x9f, 0x733: 0x9f, 0x734: 0x9f, 0x735: 0x9f, 0x736: 0x9f, 0x737: 0x9f,
-	0x738: 0x9f, 0x739: 0x9f, 0x73a: 0x17d, 0x73b: 0x9f, 0x73c: 0x9f, 0x73d: 0x9f, 0x73e: 0x9f, 0x73f: 0x9f,
-	// Block 0x1d, offset 0x740
-	0x740: 0x9f, 0x741: 0x9f, 0x742: 0x9f, 0x743: 0x9f, 0x744: 0x9f, 0x745: 0x9f, 0x746: 0x9f, 0x747: 0x9f,
-	0x748: 0x9f, 0x749: 0x9f, 0x74a: 0x9f, 0x74b: 0x9f, 0x74c: 0x9f, 0x74d: 0x9f, 0x74e: 0x9f, 0x74f: 0x9f,
-	0x750: 0x9f, 0x751: 0x9f, 0x752: 0x9f, 0x753: 0x9f, 0x754: 0x9f, 0x755: 0x9f, 0x756: 0x9f, 0x757: 0x9f,
-	0x758: 0x9f, 0x759: 0x9f, 0x75a: 0x9f, 0x75b: 0x9f, 0x75c: 0x9f, 0x75d: 0x9f, 0x75e: 0x9f, 0x75f: 0x9f,
-	0x760: 0x9f, 0x761: 0x9f, 0x762: 0x9f, 0x763: 0x9f, 0x764: 0x9f, 0x765: 0x9f, 0x766: 0x9f, 0x767: 0x9f,
-	0x768: 0x9f, 0x769: 0x9f, 0x76a: 0x9f, 0x76b: 0x9f, 0x76c: 0x9f, 0x76d: 0x9f, 0x76e: 0x9f, 0x76f: 0x17e,
-	0x770: 0xba, 0x771: 0xba, 0x772: 0xba, 0x773: 0xba, 0x774: 0xba, 0x775: 0xba, 0x776: 0xba, 0x777: 0xba,
-	0x778: 0xba, 0x779: 0xba, 0x77a: 0xba, 0x77b: 0xba, 0x77c: 0xba, 0x77d: 0xba, 0x77e: 0xba, 0x77f: 0xba,
-	// Block 0x1e, offset 0x780
-	0x780: 0xba, 0x781: 0xba, 0x782: 0xba, 0x783: 0xba, 0x784: 0xba, 0x785: 0xba, 0x786: 0xba, 0x787: 0xba,
-	0x788: 0xba, 0x789: 0xba, 0x78a: 0xba, 0x78b: 0xba, 0x78c: 0xba, 0x78d: 0xba, 0x78e: 0xba, 0x78f: 0xba,
-	0x790: 0xba, 0x791: 0xba, 0x792: 0xba, 0x793: 0xba, 0x794: 0xba, 0x795: 0xba, 0x796: 0xba, 0x797: 0xba,
-	0x798: 0xba, 0x799: 0xba, 0x79a: 0xba, 0x79b: 0xba, 0x79c: 0xba, 0x79d: 0xba, 0x79e: 0xba, 0x79f: 0xba,
-	0x7a0: 0x76, 0x7a1: 0x77, 0x7a2: 0x78, 0x7a3: 0x17f, 0x7a4: 0x79, 0x7a5: 0x7a, 0x7a6: 0x180, 0x7a7: 0x7b,
-	0x7a8: 0x7c, 0x7a9: 0xba, 0x7aa: 0xba, 0x7ab: 0xba, 0x7ac: 0xba, 0x7ad: 0xba, 0x7ae: 0xba, 0x7af: 0xba,
-	0x7b0: 0xba, 0x7b1: 0xba, 0x7b2: 0xba, 0x7b3: 0xba, 0x7b4: 0xba, 0x7b5: 0xba, 0x7b6: 0xba, 0x7b7: 0xba,
-	0x7b8: 0xba, 0x7b9: 0xba, 0x7ba: 0xba, 0x7bb: 0xba, 0x7bc: 0xba, 0x7bd: 0xba, 0x7be: 0xba, 0x7bf: 0xba,
-	// Block 0x1f, offset 0x7c0
-	0x7d0: 0x0d, 0x7d1: 0x0e, 0x7d2: 0x0f, 0x7d3: 0x10, 0x7d4: 0x11, 0x7d5: 0x0b, 0x7d6: 0x12, 0x7d7: 0x07,
-	0x7d8: 0x13, 0x7d9: 0x0b, 0x7da: 0x0b, 0x7db: 0x14, 0x7dc: 0x0b, 0x7dd: 0x15, 0x7de: 0x16, 0x7df: 0x17,
-	0x7e0: 0x07, 0x7e1: 0x07, 0x7e2: 0x07, 0x7e3: 0x07, 0x7e4: 0x07, 0x7e5: 0x07, 0x7e6: 0x07, 0x7e7: 0x07,
-	0x7e8: 0x07, 0x7e9: 0x07, 0x7ea: 0x18, 0x7eb: 0x19, 0x7ec: 0x1a, 0x7ed: 0x07, 0x7ee: 0x1b, 0x7ef: 0x1c,
-	0x7f0: 0x0b, 0x7f1: 0x0b, 0x7f2: 0x0b, 0x7f3: 0x0b, 0x7f4: 0x0b, 0x7f5: 0x0b, 0x7f6: 0x0b, 0x7f7: 0x0b,
-	0x7f8: 0x0b, 0x7f9: 0x0b, 0x7fa: 0x0b, 0x7fb: 0x0b, 0x7fc: 0x0b, 0x7fd: 0x0b, 0x7fe: 0x0b, 0x7ff: 0x0b,
-	// Block 0x20, offset 0x800
-	0x800: 0x0b, 0x801: 0x0b, 0x802: 0x0b, 0x803: 0x0b, 0x804: 0x0b, 0x805: 0x0b, 0x806: 0x0b, 0x807: 0x0b,
-	0x808: 0x0b, 0x809: 0x0b, 0x80a: 0x0b, 0x80b: 0x0b, 0x80c: 0x0b, 0x80d: 0x0b, 0x80e: 0x0b, 0x80f: 0x0b,
-	0x810: 0x0b, 0x811: 0x0b, 0x812: 0x0b, 0x813: 0x0b, 0x814: 0x0b, 0x815: 0x0b, 0x816: 0x0b, 0x817: 0x0b,
-	0x818: 0x0b, 0x819: 0x0b, 0x81a: 0x0b, 0x81b: 0x0b, 0x81c: 0x0b, 0x81d: 0x0b, 0x81e: 0x0b, 0x81f: 0x0b,
-	0x820: 0x0b, 0x821: 0x0b, 0x822: 0x0b, 0x823: 0x0b, 0x824: 0x0b, 0x825: 0x0b, 0x826: 0x0b, 0x827: 0x0b,
-	0x828: 0x0b, 0x829: 0x0b, 0x82a: 0x0b, 0x82b: 0x0b, 0x82c: 0x0b, 0x82d: 0x0b, 0x82e: 0x0b, 0x82f: 0x0b,
-	0x830: 0x0b, 0x831: 0x0b, 0x832: 0x0b, 0x833: 0x0b, 0x834: 0x0b, 0x835: 0x0b, 0x836: 0x0b, 0x837: 0x0b,
-	0x838: 0x0b, 0x839: 0x0b, 0x83a: 0x0b, 0x83b: 0x0b, 0x83c: 0x0b, 0x83d: 0x0b, 0x83e: 0x0b, 0x83f: 0x0b,
-	// Block 0x21, offset 0x840
-	0x840: 0x181, 0x841: 0x182, 0x842: 0xba, 0x843: 0xba, 0x844: 0x183, 0x845: 0x183, 0x846: 0x183, 0x847: 0x184,
-	0x848: 0xba, 0x849: 0xba, 0x84a: 0xba, 0x84b: 0xba, 0x84c: 0xba, 0x84d: 0xba, 0x84e: 0xba, 0x84f: 0xba,
-	0x850: 0xba, 0x851: 0xba, 0x852: 0xba, 0x853: 0xba, 0x854: 0xba, 0x855: 0xba, 0x856: 0xba, 0x857: 0xba,
-	0x858: 0xba, 0x859: 0xba, 0x85a: 0xba, 0x85b: 0xba, 0x85c: 0xba, 0x85d: 0xba, 0x85e: 0xba, 0x85f: 0xba,
-	0x860: 0xba, 0x861: 0xba, 0x862: 0xba, 0x863: 0xba, 0x864: 0xba, 0x865: 0xba, 0x866: 0xba, 0x867: 0xba,
-	0x868: 0xba, 0x869: 0xba, 0x86a: 0xba, 0x86b: 0xba, 0x86c: 0xba, 0x86d: 0xba, 0x86e: 0xba, 0x86f: 0xba,
-	0x870: 0xba, 0x871: 0xba, 0x872: 0xba, 0x873: 0xba, 0x874: 0xba, 0x875: 0xba, 0x876: 0xba, 0x877: 0xba,
-	0x878: 0xba, 0x879: 0xba, 0x87a: 0xba, 0x87b: 0xba, 0x87c: 0xba, 0x87d: 0xba, 0x87e: 0xba, 0x87f: 0xba,
-	// Block 0x22, offset 0x880
-	0x880: 0x0b, 0x881: 0x0b, 0x882: 0x0b, 0x883: 0x0b, 0x884: 0x0b, 0x885: 0x0b, 0x886: 0x0b, 0x887: 0x0b,
-	0x888: 0x0b, 0x889: 0x0b, 0x88a: 0x0b, 0x88b: 0x0b, 0x88c: 0x0b, 0x88d: 0x0b, 0x88e: 0x0b, 0x88f: 0x0b,
-	0x890: 0x0b, 0x891: 0x0b, 0x892: 0x0b, 0x893: 0x0b, 0x894: 0x0b, 0x895: 0x0b, 0x896: 0x0b, 0x897: 0x0b,
-	0x898: 0x0b, 0x899: 0x0b, 0x89a: 0x0b, 0x89b: 0x0b, 0x89c: 0x0b, 0x89d: 0x0b, 0x89e: 0x0b, 0x89f: 0x0b,
-	0x8a0: 0x1f, 0x8a1: 0x0b, 0x8a2: 0x0b, 0x8a3: 0x0b, 0x8a4: 0x0b, 0x8a5: 0x0b, 0x8a6: 0x0b, 0x8a7: 0x0b,
-	0x8a8: 0x0b, 0x8a9: 0x0b, 0x8aa: 0x0b, 0x8ab: 0x0b, 0x8ac: 0x0b, 0x8ad: 0x0b, 0x8ae: 0x0b, 0x8af: 0x0b,
-	0x8b0: 0x0b, 0x8b1: 0x0b, 0x8b2: 0x0b, 0x8b3: 0x0b, 0x8b4: 0x0b, 0x8b5: 0x0b, 0x8b6: 0x0b, 0x8b7: 0x0b,
-	0x8b8: 0x0b, 0x8b9: 0x0b, 0x8ba: 0x0b, 0x8bb: 0x0b, 0x8bc: 0x0b, 0x8bd: 0x0b, 0x8be: 0x0b, 0x8bf: 0x0b,
-	// Block 0x23, offset 0x8c0
-	0x8c0: 0x0b, 0x8c1: 0x0b, 0x8c2: 0x0b, 0x8c3: 0x0b, 0x8c4: 0x0b, 0x8c5: 0x0b, 0x8c6: 0x0b, 0x8c7: 0x0b,
-	0x8c8: 0x0b, 0x8c9: 0x0b, 0x8ca: 0x0b, 0x8cb: 0x0b, 0x8cc: 0x0b, 0x8cd: 0x0b, 0x8ce: 0x0b, 0x8cf: 0x0b,
-}
-
-// idnaSparseOffset: 264 entries, 528 bytes
-var idnaSparseOffset = []uint16{0x0, 0x8, 0x19, 0x25, 0x27, 0x2c, 0x34, 0x3f, 0x4b, 0x4f, 0x5e, 0x63, 0x6b, 0x77, 0x85, 0x8a, 0x93, 0xa3, 0xb1, 0xbd, 0xc9, 0xda, 0xe4, 0xeb, 0xf8, 0x109, 0x110, 0x11b, 0x12a, 0x138, 0x142, 0x144, 0x149, 0x14c, 0x14f, 0x151, 0x15d, 0x168, 0x170, 0x176, 0x17c, 0x181, 0x186, 0x189, 0x18d, 0x193, 0x198, 0x1a4, 0x1ae, 0x1b4, 0x1c5, 0x1cf, 0x1d2, 0x1da, 0x1dd, 0x1ea, 0x1f2, 0x1f6, 0x1fd, 0x205, 0x215, 0x221, 0x223, 0x22d, 0x239, 0x245, 0x251, 0x259, 0x25e, 0x268, 0x279, 0x27d, 0x288, 0x28c, 0x295, 0x29d, 0x2a3, 0x2a8, 0x2ab, 0x2af, 0x2b5, 0x2b9, 0x2bd, 0x2c3, 0x2ca, 0x2d0, 0x2d8, 0x2df, 0x2ea, 0x2f4, 0x2f8, 0x2fb, 0x301, 0x305, 0x307, 0x30a, 0x30c, 0x30f, 0x319, 0x31c, 0x32b, 0x32f, 0x334, 0x337, 0x33b, 0x340, 0x345, 0x34b, 0x351, 0x360, 0x366, 0x36a, 0x379, 0x37e, 0x386, 0x390, 0x39b, 0x3a3, 0x3b4, 0x3bd, 0x3cd, 0x3da, 0x3e4, 0x3e9, 0x3f6, 0x3fa, 0x3ff, 0x401, 0x405, 0x407, 0x40b, 0x414, 0x41a, 0x41e, 0x42e, 0x438, 0x43d, 0x440, 0x446, 0x44d, 0x452, 0x456, 0x45c, 0x461, 0x46a, 0x46f, 0x475, 0x47c, 0x483, 0x48a, 0x48e, 0x493, 0x496, 0x49b, 0x4a7, 0x4ad, 0x4b2, 0x4b9, 0x4c1, 0x4c6, 0x4ca, 0x4da, 0x4e1, 0x4e5, 0x4e9, 0x4f0, 0x4f2, 0x4f5, 0x4f8, 0x4fc, 0x500, 0x506, 0x50f, 0x51b, 0x522, 0x52b, 0x533, 0x53a, 0x548, 0x555, 0x562, 0x56b, 0x56f, 0x57d, 0x585, 0x590, 0x599, 0x59f, 0x5a7, 0x5b0, 0x5ba, 0x5bd, 0x5c9, 0x5cc, 0x5d1, 0x5de, 0x5e7, 0x5f3, 0x5f6, 0x600, 0x609, 0x615, 0x622, 0x62a, 0x62d, 0x632, 0x635, 0x638, 0x63b, 0x642, 0x649, 0x64d, 0x658, 0x65b, 0x661, 0x666, 0x66a, 0x66d, 0x670, 0x673, 0x676, 0x679, 0x67e, 0x688, 0x68b, 0x68f, 0x69e, 0x6aa, 0x6ae, 0x6b3, 0x6b8, 0x6bc, 0x6c1, 0x6ca, 0x6d5, 0x6db, 0x6e3, 0x6e7, 0x6eb, 0x6f1, 0x6f7, 0x6fc, 0x6ff, 0x70f, 0x716, 0x719, 0x71c, 0x720, 0x726, 0x72b, 0x730, 0x735, 0x738, 0x73d, 0x740, 0x743, 0x747, 0x74b, 0x74e, 0x75e, 0x76f, 0x774, 0x776, 0x778}
-
-// idnaSparseValues: 1915 entries, 7660 bytes
-var idnaSparseValues = [1915]valueRange{
-	// Block 0x0, offset 0x0
-	{value: 0x0000, lo: 0x07},
-	{value: 0xe105, lo: 0x80, hi: 0x96},
-	{value: 0x0018, lo: 0x97, hi: 0x97},
-	{value: 0xe105, lo: 0x98, hi: 0x9e},
-	{value: 0x001f, lo: 0x9f, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xb6},
-	{value: 0x0018, lo: 0xb7, hi: 0xb7},
-	{value: 0x0008, lo: 0xb8, hi: 0xbf},
-	// Block 0x1, offset 0x8
-	{value: 0x0000, lo: 0x10},
-	{value: 0x0008, lo: 0x80, hi: 0x80},
-	{value: 0xe01d, lo: 0x81, hi: 0x81},
-	{value: 0x0008, lo: 0x82, hi: 0x82},
-	{value: 0x0335, lo: 0x83, hi: 0x83},
-	{value: 0x034d, lo: 0x84, hi: 0x84},
-	{value: 0x0365, lo: 0x85, hi: 0x85},
-	{value: 0xe00d, lo: 0x86, hi: 0x86},
-	{value: 0x0008, lo: 0x87, hi: 0x87},
-	{value: 0xe00d, lo: 0x88, hi: 0x88},
-	{value: 0x0008, lo: 0x89, hi: 0x89},
-	{value: 0xe00d, lo: 0x8a, hi: 0x8a},
-	{value: 0x0008, lo: 0x8b, hi: 0x8b},
-	{value: 0xe00d, lo: 0x8c, hi: 0x8c},
-	{value: 0x0008, lo: 0x8d, hi: 0x8d},
-	{value: 0xe00d, lo: 0x8e, hi: 0x8e},
-	{value: 0x0008, lo: 0x8f, hi: 0xbf},
-	// Block 0x2, offset 0x19
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0008, lo: 0x80, hi: 0xaf},
-	{value: 0x0249, lo: 0xb0, hi: 0xb0},
-	{value: 0x037d, lo: 0xb1, hi: 0xb1},
-	{value: 0x0259, lo: 0xb2, hi: 0xb2},
-	{value: 0x0269, lo: 0xb3, hi: 0xb3},
-	{value: 0x034d, lo: 0xb4, hi: 0xb4},
-	{value: 0x0395, lo: 0xb5, hi: 0xb5},
-	{value: 0xe1bd, lo: 0xb6, hi: 0xb6},
-	{value: 0x0279, lo: 0xb7, hi: 0xb7},
-	{value: 0x0289, lo: 0xb8, hi: 0xb8},
-	{value: 0x0008, lo: 0xb9, hi: 0xbf},
-	// Block 0x3, offset 0x25
-	{value: 0x0000, lo: 0x01},
-	{value: 0x3308, lo: 0x80, hi: 0xbf},
-	// Block 0x4, offset 0x27
-	{value: 0x0000, lo: 0x04},
-	{value: 0x03f5, lo: 0x80, hi: 0x8f},
-	{value: 0xe105, lo: 0x90, hi: 0x9f},
-	{value: 0x049d, lo: 0xa0, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x5, offset 0x2c
-	{value: 0x0000, lo: 0x07},
-	{value: 0xe185, lo: 0x80, hi: 0x8f},
-	{value: 0x0545, lo: 0x90, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x98},
-	{value: 0x0008, lo: 0x99, hi: 0x99},
-	{value: 0x0018, lo: 0x9a, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xa0},
-	{value: 0x0008, lo: 0xa1, hi: 0xbf},
-	// Block 0x6, offset 0x34
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x0008, lo: 0x80, hi: 0x86},
-	{value: 0x0401, lo: 0x87, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x88},
-	{value: 0x0018, lo: 0x89, hi: 0x8a},
-	{value: 0x0040, lo: 0x8b, hi: 0x8c},
-	{value: 0x0018, lo: 0x8d, hi: 0x8f},
-	{value: 0x0040, lo: 0x90, hi: 0x90},
-	{value: 0x3308, lo: 0x91, hi: 0xbd},
-	{value: 0x0818, lo: 0xbe, hi: 0xbe},
-	{value: 0x3308, lo: 0xbf, hi: 0xbf},
-	// Block 0x7, offset 0x3f
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0818, lo: 0x80, hi: 0x80},
-	{value: 0x3308, lo: 0x81, hi: 0x82},
-	{value: 0x0818, lo: 0x83, hi: 0x83},
-	{value: 0x3308, lo: 0x84, hi: 0x85},
-	{value: 0x0818, lo: 0x86, hi: 0x86},
-	{value: 0x3308, lo: 0x87, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8f},
-	{value: 0x0808, lo: 0x90, hi: 0xaa},
-	{value: 0x0040, lo: 0xab, hi: 0xaf},
-	{value: 0x0808, lo: 0xb0, hi: 0xb4},
-	{value: 0x0040, lo: 0xb5, hi: 0xbf},
-	// Block 0x8, offset 0x4b
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0a08, lo: 0x80, hi: 0x87},
-	{value: 0x0c08, lo: 0x88, hi: 0x99},
-	{value: 0x0a08, lo: 0x9a, hi: 0xbf},
-	// Block 0x9, offset 0x4f
-	{value: 0x0000, lo: 0x0e},
-	{value: 0x3308, lo: 0x80, hi: 0x8a},
-	{value: 0x0040, lo: 0x8b, hi: 0x8c},
-	{value: 0x0c08, lo: 0x8d, hi: 0x8d},
-	{value: 0x0a08, lo: 0x8e, hi: 0x98},
-	{value: 0x0c08, lo: 0x99, hi: 0x9b},
-	{value: 0x0a08, lo: 0x9c, hi: 0xaa},
-	{value: 0x0c08, lo: 0xab, hi: 0xac},
-	{value: 0x0a08, lo: 0xad, hi: 0xb0},
-	{value: 0x0c08, lo: 0xb1, hi: 0xb1},
-	{value: 0x0a08, lo: 0xb2, hi: 0xb2},
-	{value: 0x0c08, lo: 0xb3, hi: 0xb4},
-	{value: 0x0a08, lo: 0xb5, hi: 0xb7},
-	{value: 0x0c08, lo: 0xb8, hi: 0xb9},
-	{value: 0x0a08, lo: 0xba, hi: 0xbf},
-	// Block 0xa, offset 0x5e
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0808, lo: 0x80, hi: 0xa5},
-	{value: 0x3308, lo: 0xa6, hi: 0xb0},
-	{value: 0x0808, lo: 0xb1, hi: 0xb1},
-	{value: 0x0040, lo: 0xb2, hi: 0xbf},
-	// Block 0xb, offset 0x63
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0808, lo: 0x80, hi: 0x89},
-	{value: 0x0a08, lo: 0x8a, hi: 0xaa},
-	{value: 0x3308, lo: 0xab, hi: 0xb3},
-	{value: 0x0808, lo: 0xb4, hi: 0xb5},
-	{value: 0x0018, lo: 0xb6, hi: 0xb9},
-	{value: 0x0818, lo: 0xba, hi: 0xba},
-	{value: 0x0040, lo: 0xbb, hi: 0xbf},
-	// Block 0xc, offset 0x6b
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0808, lo: 0x80, hi: 0x95},
-	{value: 0x3308, lo: 0x96, hi: 0x99},
-	{value: 0x0808, lo: 0x9a, hi: 0x9a},
-	{value: 0x3308, lo: 0x9b, hi: 0xa3},
-	{value: 0x0808, lo: 0xa4, hi: 0xa4},
-	{value: 0x3308, lo: 0xa5, hi: 0xa7},
-	{value: 0x0808, lo: 0xa8, hi: 0xa8},
-	{value: 0x3308, lo: 0xa9, hi: 0xad},
-	{value: 0x0040, lo: 0xae, hi: 0xaf},
-	{value: 0x0818, lo: 0xb0, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0xd, offset 0x77
-	{value: 0x0000, lo: 0x0d},
-	{value: 0x0040, lo: 0x80, hi: 0x9f},
-	{value: 0x0a08, lo: 0xa0, hi: 0xa9},
-	{value: 0x0c08, lo: 0xaa, hi: 0xac},
-	{value: 0x0808, lo: 0xad, hi: 0xad},
-	{value: 0x0c08, lo: 0xae, hi: 0xae},
-	{value: 0x0a08, lo: 0xaf, hi: 0xb0},
-	{value: 0x0c08, lo: 0xb1, hi: 0xb2},
-	{value: 0x0a08, lo: 0xb3, hi: 0xb4},
-	{value: 0x0040, lo: 0xb5, hi: 0xb5},
-	{value: 0x0a08, lo: 0xb6, hi: 0xb8},
-	{value: 0x0c08, lo: 0xb9, hi: 0xb9},
-	{value: 0x0a08, lo: 0xba, hi: 0xbd},
-	{value: 0x0040, lo: 0xbe, hi: 0xbf},
-	// Block 0xe, offset 0x85
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0040, lo: 0x80, hi: 0x93},
-	{value: 0x3308, lo: 0x94, hi: 0xa1},
-	{value: 0x0840, lo: 0xa2, hi: 0xa2},
-	{value: 0x3308, lo: 0xa3, hi: 0xbf},
-	// Block 0xf, offset 0x8a
-	{value: 0x0000, lo: 0x08},
-	{value: 0x3308, lo: 0x80, hi: 0x82},
-	{value: 0x3008, lo: 0x83, hi: 0x83},
-	{value: 0x0008, lo: 0x84, hi: 0xb9},
-	{value: 0x3308, lo: 0xba, hi: 0xba},
-	{value: 0x3008, lo: 0xbb, hi: 0xbb},
-	{value: 0x3308, lo: 0xbc, hi: 0xbc},
-	{value: 0x0008, lo: 0xbd, hi: 0xbd},
-	{value: 0x3008, lo: 0xbe, hi: 0xbf},
-	// Block 0x10, offset 0x93
-	{value: 0x0000, lo: 0x0f},
-	{value: 0x3308, lo: 0x80, hi: 0x80},
-	{value: 0x3008, lo: 0x81, hi: 0x82},
-	{value: 0x0040, lo: 0x83, hi: 0x85},
-	{value: 0x3008, lo: 0x86, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x89},
-	{value: 0x3008, lo: 0x8a, hi: 0x8c},
-	{value: 0x3b08, lo: 0x8d, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x90},
-	{value: 0x0040, lo: 0x91, hi: 0x96},
-	{value: 0x3008, lo: 0x97, hi: 0x97},
-	{value: 0x0040, lo: 0x98, hi: 0xa5},
-	{value: 0x0008, lo: 0xa6, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xba},
-	{value: 0x0040, lo: 0xbb, hi: 0xbf},
-	// Block 0x11, offset 0xa3
-	{value: 0x0000, lo: 0x0d},
-	{value: 0x3308, lo: 0x80, hi: 0x80},
-	{value: 0x3008, lo: 0x81, hi: 0x83},
-	{value: 0x0040, lo: 0x84, hi: 0x84},
-	{value: 0x0008, lo: 0x85, hi: 0x8c},
-	{value: 0x0040, lo: 0x8d, hi: 0x8d},
-	{value: 0x0008, lo: 0x8e, hi: 0x90},
-	{value: 0x0040, lo: 0x91, hi: 0x91},
-	{value: 0x0008, lo: 0x92, hi: 0xa8},
-	{value: 0x0040, lo: 0xa9, hi: 0xa9},
-	{value: 0x0008, lo: 0xaa, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbc},
-	{value: 0x0008, lo: 0xbd, hi: 0xbd},
-	{value: 0x3308, lo: 0xbe, hi: 0xbf},
-	// Block 0x12, offset 0xb1
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x3308, lo: 0x80, hi: 0x81},
-	{value: 0x3008, lo: 0x82, hi: 0x83},
-	{value: 0x0040, lo: 0x84, hi: 0x84},
-	{value: 0x0008, lo: 0x85, hi: 0x8c},
-	{value: 0x0040, lo: 0x8d, hi: 0x8d},
-	{value: 0x0008, lo: 0x8e, hi: 0x90},
-	{value: 0x0040, lo: 0x91, hi: 0x91},
-	{value: 0x0008, lo: 0x92, hi: 0xba},
-	{value: 0x3b08, lo: 0xbb, hi: 0xbc},
-	{value: 0x0008, lo: 0xbd, hi: 0xbd},
-	{value: 0x3008, lo: 0xbe, hi: 0xbf},
-	// Block 0x13, offset 0xbd
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0040, lo: 0x80, hi: 0x81},
-	{value: 0x3008, lo: 0x82, hi: 0x83},
-	{value: 0x0040, lo: 0x84, hi: 0x84},
-	{value: 0x0008, lo: 0x85, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x99},
-	{value: 0x0008, lo: 0x9a, hi: 0xb1},
-	{value: 0x0040, lo: 0xb2, hi: 0xb2},
-	{value: 0x0008, lo: 0xb3, hi: 0xbb},
-	{value: 0x0040, lo: 0xbc, hi: 0xbc},
-	{value: 0x0008, lo: 0xbd, hi: 0xbd},
-	{value: 0x0040, lo: 0xbe, hi: 0xbf},
-	// Block 0x14, offset 0xc9
-	{value: 0x0000, lo: 0x10},
-	{value: 0x0008, lo: 0x80, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x89},
-	{value: 0x3b08, lo: 0x8a, hi: 0x8a},
-	{value: 0x0040, lo: 0x8b, hi: 0x8e},
-	{value: 0x3008, lo: 0x8f, hi: 0x91},
-	{value: 0x3308, lo: 0x92, hi: 0x94},
-	{value: 0x0040, lo: 0x95, hi: 0x95},
-	{value: 0x3308, lo: 0x96, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x97},
-	{value: 0x3008, lo: 0x98, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xa5},
-	{value: 0x0008, lo: 0xa6, hi: 0xaf},
-	{value: 0x0040, lo: 0xb0, hi: 0xb1},
-	{value: 0x3008, lo: 0xb2, hi: 0xb3},
-	{value: 0x0018, lo: 0xb4, hi: 0xb4},
-	{value: 0x0040, lo: 0xb5, hi: 0xbf},
-	// Block 0x15, offset 0xda
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0040, lo: 0x80, hi: 0x80},
-	{value: 0x0008, lo: 0x81, hi: 0xb0},
-	{value: 0x3308, lo: 0xb1, hi: 0xb1},
-	{value: 0x0008, lo: 0xb2, hi: 0xb2},
-	{value: 0x08f1, lo: 0xb3, hi: 0xb3},
-	{value: 0x3308, lo: 0xb4, hi: 0xb9},
-	{value: 0x3b08, lo: 0xba, hi: 0xba},
-	{value: 0x0040, lo: 0xbb, hi: 0xbe},
-	{value: 0x0018, lo: 0xbf, hi: 0xbf},
-	// Block 0x16, offset 0xe4
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0008, lo: 0x80, hi: 0x86},
-	{value: 0x3308, lo: 0x87, hi: 0x8e},
-	{value: 0x0018, lo: 0x8f, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0018, lo: 0x9a, hi: 0x9b},
-	{value: 0x0040, lo: 0x9c, hi: 0xbf},
-	// Block 0x17, offset 0xeb
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x0008, lo: 0x80, hi: 0x84},
-	{value: 0x0040, lo: 0x85, hi: 0x85},
-	{value: 0x0008, lo: 0x86, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x87},
-	{value: 0x3308, lo: 0x88, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9b},
-	{value: 0x0961, lo: 0x9c, hi: 0x9c},
-	{value: 0x0999, lo: 0x9d, hi: 0x9d},
-	{value: 0x0008, lo: 0x9e, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xbf},
-	// Block 0x18, offset 0xf8
-	{value: 0x0000, lo: 0x10},
-	{value: 0x0008, lo: 0x80, hi: 0x80},
-	{value: 0x0018, lo: 0x81, hi: 0x8a},
-	{value: 0x0008, lo: 0x8b, hi: 0x8b},
-	{value: 0xe03d, lo: 0x8c, hi: 0x8c},
-	{value: 0x0018, lo: 0x8d, hi: 0x97},
-	{value: 0x3308, lo: 0x98, hi: 0x99},
-	{value: 0x0018, lo: 0x9a, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa9},
-	{value: 0x0018, lo: 0xaa, hi: 0xb4},
-	{value: 0x3308, lo: 0xb5, hi: 0xb5},
-	{value: 0x0018, lo: 0xb6, hi: 0xb6},
-	{value: 0x3308, lo: 0xb7, hi: 0xb7},
-	{value: 0x0018, lo: 0xb8, hi: 0xb8},
-	{value: 0x3308, lo: 0xb9, hi: 0xb9},
-	{value: 0x0018, lo: 0xba, hi: 0xbd},
-	{value: 0x3008, lo: 0xbe, hi: 0xbf},
-	// Block 0x19, offset 0x109
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0018, lo: 0x80, hi: 0x85},
-	{value: 0x3308, lo: 0x86, hi: 0x86},
-	{value: 0x0018, lo: 0x87, hi: 0x8c},
-	{value: 0x0040, lo: 0x8d, hi: 0x8d},
-	{value: 0x0018, lo: 0x8e, hi: 0x9a},
-	{value: 0x0040, lo: 0x9b, hi: 0xbf},
-	// Block 0x1a, offset 0x110
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x0008, lo: 0x80, hi: 0xaa},
-	{value: 0x3008, lo: 0xab, hi: 0xac},
-	{value: 0x3308, lo: 0xad, hi: 0xb0},
-	{value: 0x3008, lo: 0xb1, hi: 0xb1},
-	{value: 0x3308, lo: 0xb2, hi: 0xb7},
-	{value: 0x3008, lo: 0xb8, hi: 0xb8},
-	{value: 0x3b08, lo: 0xb9, hi: 0xba},
-	{value: 0x3008, lo: 0xbb, hi: 0xbc},
-	{value: 0x3308, lo: 0xbd, hi: 0xbe},
-	{value: 0x0008, lo: 0xbf, hi: 0xbf},
-	// Block 0x1b, offset 0x11b
-	{value: 0x0000, lo: 0x0e},
-	{value: 0x0008, lo: 0x80, hi: 0x89},
-	{value: 0x0018, lo: 0x8a, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x95},
-	{value: 0x3008, lo: 0x96, hi: 0x97},
-	{value: 0x3308, lo: 0x98, hi: 0x99},
-	{value: 0x0008, lo: 0x9a, hi: 0x9d},
-	{value: 0x3308, lo: 0x9e, hi: 0xa0},
-	{value: 0x0008, lo: 0xa1, hi: 0xa1},
-	{value: 0x3008, lo: 0xa2, hi: 0xa4},
-	{value: 0x0008, lo: 0xa5, hi: 0xa6},
-	{value: 0x3008, lo: 0xa7, hi: 0xad},
-	{value: 0x0008, lo: 0xae, hi: 0xb0},
-	{value: 0x3308, lo: 0xb1, hi: 0xb4},
-	{value: 0x0008, lo: 0xb5, hi: 0xbf},
-	// Block 0x1c, offset 0x12a
-	{value: 0x0000, lo: 0x0d},
-	{value: 0x0008, lo: 0x80, hi: 0x81},
-	{value: 0x3308, lo: 0x82, hi: 0x82},
-	{value: 0x3008, lo: 0x83, hi: 0x84},
-	{value: 0x3308, lo: 0x85, hi: 0x86},
-	{value: 0x3008, lo: 0x87, hi: 0x8c},
-	{value: 0x3308, lo: 0x8d, hi: 0x8d},
-	{value: 0x0008, lo: 0x8e, hi: 0x8e},
-	{value: 0x3008, lo: 0x8f, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x3008, lo: 0x9a, hi: 0x9c},
-	{value: 0x3308, lo: 0x9d, hi: 0x9d},
-	{value: 0x0018, lo: 0x9e, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xbf},
-	// Block 0x1d, offset 0x138
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0040, lo: 0x80, hi: 0x86},
-	{value: 0x055d, lo: 0x87, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8c},
-	{value: 0x055d, lo: 0x8d, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0xba},
-	{value: 0x0018, lo: 0xbb, hi: 0xbb},
-	{value: 0xe105, lo: 0xbc, hi: 0xbc},
-	{value: 0x0008, lo: 0xbd, hi: 0xbf},
-	// Block 0x1e, offset 0x142
-	{value: 0x0000, lo: 0x01},
-	{value: 0x0018, lo: 0x80, hi: 0xbf},
-	// Block 0x1f, offset 0x144
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x9e},
-	{value: 0x0040, lo: 0x9f, hi: 0xa0},
-	{value: 0x2018, lo: 0xa1, hi: 0xb5},
-	{value: 0x0018, lo: 0xb6, hi: 0xbf},
-	// Block 0x20, offset 0x149
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0018, lo: 0x80, hi: 0xa7},
-	{value: 0x2018, lo: 0xa8, hi: 0xbf},
-	// Block 0x21, offset 0x14c
-	{value: 0x0000, lo: 0x02},
-	{value: 0x2018, lo: 0x80, hi: 0x82},
-	{value: 0x0018, lo: 0x83, hi: 0xbf},
-	// Block 0x22, offset 0x14f
-	{value: 0x0000, lo: 0x01},
-	{value: 0x0008, lo: 0x80, hi: 0xbf},
-	// Block 0x23, offset 0x151
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0008, lo: 0x80, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x89},
-	{value: 0x0008, lo: 0x8a, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x97},
-	{value: 0x0008, lo: 0x98, hi: 0x98},
-	{value: 0x0040, lo: 0x99, hi: 0x99},
-	{value: 0x0008, lo: 0x9a, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xbf},
-	// Block 0x24, offset 0x15d
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x0008, lo: 0x80, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x89},
-	{value: 0x0008, lo: 0x8a, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0xb0},
-	{value: 0x0040, lo: 0xb1, hi: 0xb1},
-	{value: 0x0008, lo: 0xb2, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xb7},
-	{value: 0x0008, lo: 0xb8, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0x25, offset 0x168
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0x80},
-	{value: 0x0040, lo: 0x81, hi: 0x81},
-	{value: 0x0008, lo: 0x82, hi: 0x85},
-	{value: 0x0040, lo: 0x86, hi: 0x87},
-	{value: 0x0008, lo: 0x88, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x97},
-	{value: 0x0008, lo: 0x98, hi: 0xbf},
-	// Block 0x26, offset 0x170
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0008, lo: 0x80, hi: 0x90},
-	{value: 0x0040, lo: 0x91, hi: 0x91},
-	{value: 0x0008, lo: 0x92, hi: 0x95},
-	{value: 0x0040, lo: 0x96, hi: 0x97},
-	{value: 0x0008, lo: 0x98, hi: 0xbf},
-	// Block 0x27, offset 0x176
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0008, lo: 0x80, hi: 0x9a},
-	{value: 0x0040, lo: 0x9b, hi: 0x9c},
-	{value: 0x3308, lo: 0x9d, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xbc},
-	{value: 0x0040, lo: 0xbd, hi: 0xbf},
-	// Block 0x28, offset 0x17c
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xbf},
-	// Block 0x29, offset 0x181
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xb7},
-	{value: 0xe045, lo: 0xb8, hi: 0xbd},
-	{value: 0x0040, lo: 0xbe, hi: 0xbf},
-	// Block 0x2a, offset 0x186
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0018, lo: 0x80, hi: 0x80},
-	{value: 0x0008, lo: 0x81, hi: 0xbf},
-	// Block 0x2b, offset 0x189
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0xac},
-	{value: 0x0018, lo: 0xad, hi: 0xae},
-	{value: 0x0008, lo: 0xaf, hi: 0xbf},
-	// Block 0x2c, offset 0x18d
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0040, lo: 0x80, hi: 0x80},
-	{value: 0x0008, lo: 0x81, hi: 0x9a},
-	{value: 0x0018, lo: 0x9b, hi: 0x9c},
-	{value: 0x0040, lo: 0x9d, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xbf},
-	// Block 0x2d, offset 0x193
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0xaa},
-	{value: 0x0018, lo: 0xab, hi: 0xb0},
-	{value: 0x0008, lo: 0xb1, hi: 0xb8},
-	{value: 0x0040, lo: 0xb9, hi: 0xbf},
-	// Block 0x2e, offset 0x198
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0008, lo: 0x80, hi: 0x8c},
-	{value: 0x0040, lo: 0x8d, hi: 0x8d},
-	{value: 0x0008, lo: 0x8e, hi: 0x91},
-	{value: 0x3308, lo: 0x92, hi: 0x93},
-	{value: 0x3b08, lo: 0x94, hi: 0x94},
-	{value: 0x0040, lo: 0x95, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xb1},
-	{value: 0x3308, lo: 0xb2, hi: 0xb3},
-	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
-	{value: 0x0018, lo: 0xb5, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xbf},
-	// Block 0x2f, offset 0x1a4
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0008, lo: 0x80, hi: 0x91},
-	{value: 0x3308, lo: 0x92, hi: 0x93},
-	{value: 0x0040, lo: 0x94, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xac},
-	{value: 0x0040, lo: 0xad, hi: 0xad},
-	{value: 0x0008, lo: 0xae, hi: 0xb0},
-	{value: 0x0040, lo: 0xb1, hi: 0xb1},
-	{value: 0x3308, lo: 0xb2, hi: 0xb3},
-	{value: 0x0040, lo: 0xb4, hi: 0xbf},
-	// Block 0x30, offset 0x1ae
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0008, lo: 0x80, hi: 0xb3},
-	{value: 0x3340, lo: 0xb4, hi: 0xb5},
-	{value: 0x3008, lo: 0xb6, hi: 0xb6},
-	{value: 0x3308, lo: 0xb7, hi: 0xbd},
-	{value: 0x3008, lo: 0xbe, hi: 0xbf},
-	// Block 0x31, offset 0x1b4
-	{value: 0x0000, lo: 0x10},
-	{value: 0x3008, lo: 0x80, hi: 0x85},
-	{value: 0x3308, lo: 0x86, hi: 0x86},
-	{value: 0x3008, lo: 0x87, hi: 0x88},
-	{value: 0x3308, lo: 0x89, hi: 0x91},
-	{value: 0x3b08, lo: 0x92, hi: 0x92},
-	{value: 0x3308, lo: 0x93, hi: 0x93},
-	{value: 0x0018, lo: 0x94, hi: 0x96},
-	{value: 0x0008, lo: 0x97, hi: 0x97},
-	{value: 0x0018, lo: 0x98, hi: 0x9b},
-	{value: 0x0008, lo: 0x9c, hi: 0x9c},
-	{value: 0x3308, lo: 0x9d, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa9},
-	{value: 0x0040, lo: 0xaa, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbf},
-	// Block 0x32, offset 0x1c5
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0018, lo: 0x80, hi: 0x85},
-	{value: 0x0040, lo: 0x86, hi: 0x86},
-	{value: 0x0218, lo: 0x87, hi: 0x87},
-	{value: 0x0018, lo: 0x88, hi: 0x8a},
-	{value: 0x33c0, lo: 0x8b, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9f},
-	{value: 0x0208, lo: 0xa0, hi: 0xbf},
-	// Block 0x33, offset 0x1cf
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0208, lo: 0x80, hi: 0xb7},
-	{value: 0x0040, lo: 0xb8, hi: 0xbf},
-	// Block 0x34, offset 0x1d2
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0x84},
-	{value: 0x3308, lo: 0x85, hi: 0x86},
-	{value: 0x0208, lo: 0x87, hi: 0xa8},
-	{value: 0x3308, lo: 0xa9, hi: 0xa9},
-	{value: 0x0208, lo: 0xaa, hi: 0xaa},
-	{value: 0x0040, lo: 0xab, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x35, offset 0x1da
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xbf},
-	// Block 0x36, offset 0x1dd
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x0008, lo: 0x80, hi: 0x9e},
-	{value: 0x0040, lo: 0x9f, hi: 0x9f},
-	{value: 0x3308, lo: 0xa0, hi: 0xa2},
-	{value: 0x3008, lo: 0xa3, hi: 0xa6},
-	{value: 0x3308, lo: 0xa7, hi: 0xa8},
-	{value: 0x3008, lo: 0xa9, hi: 0xab},
-	{value: 0x0040, lo: 0xac, hi: 0xaf},
-	{value: 0x3008, lo: 0xb0, hi: 0xb1},
-	{value: 0x3308, lo: 0xb2, hi: 0xb2},
-	{value: 0x3008, lo: 0xb3, hi: 0xb8},
-	{value: 0x3308, lo: 0xb9, hi: 0xbb},
-	{value: 0x0040, lo: 0xbc, hi: 0xbf},
-	// Block 0x37, offset 0x1ea
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0018, lo: 0x80, hi: 0x80},
-	{value: 0x0040, lo: 0x81, hi: 0x83},
-	{value: 0x0018, lo: 0x84, hi: 0x85},
-	{value: 0x0008, lo: 0x86, hi: 0xad},
-	{value: 0x0040, lo: 0xae, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xb4},
-	{value: 0x0040, lo: 0xb5, hi: 0xbf},
-	// Block 0x38, offset 0x1f2
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0xab},
-	{value: 0x0040, lo: 0xac, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x39, offset 0x1f6
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0008, lo: 0x80, hi: 0x89},
-	{value: 0x0040, lo: 0x8a, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0028, lo: 0x9a, hi: 0x9a},
-	{value: 0x0040, lo: 0x9b, hi: 0x9d},
-	{value: 0x0018, lo: 0x9e, hi: 0xbf},
-	// Block 0x3a, offset 0x1fd
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0x96},
-	{value: 0x3308, lo: 0x97, hi: 0x98},
-	{value: 0x3008, lo: 0x99, hi: 0x9a},
-	{value: 0x3308, lo: 0x9b, hi: 0x9b},
-	{value: 0x0040, lo: 0x9c, hi: 0x9d},
-	{value: 0x0018, lo: 0x9e, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xbf},
-	// Block 0x3b, offset 0x205
-	{value: 0x0000, lo: 0x0f},
-	{value: 0x0008, lo: 0x80, hi: 0x94},
-	{value: 0x3008, lo: 0x95, hi: 0x95},
-	{value: 0x3308, lo: 0x96, hi: 0x96},
-	{value: 0x3008, lo: 0x97, hi: 0x97},
-	{value: 0x3308, lo: 0x98, hi: 0x9e},
-	{value: 0x0040, lo: 0x9f, hi: 0x9f},
-	{value: 0x3b08, lo: 0xa0, hi: 0xa0},
-	{value: 0x3008, lo: 0xa1, hi: 0xa1},
-	{value: 0x3308, lo: 0xa2, hi: 0xa2},
-	{value: 0x3008, lo: 0xa3, hi: 0xa4},
-	{value: 0x3308, lo: 0xa5, hi: 0xac},
-	{value: 0x3008, lo: 0xad, hi: 0xb2},
-	{value: 0x3308, lo: 0xb3, hi: 0xbc},
-	{value: 0x0040, lo: 0xbd, hi: 0xbe},
-	{value: 0x3308, lo: 0xbf, hi: 0xbf},
-	// Block 0x3c, offset 0x215
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0008, lo: 0x80, hi: 0x89},
-	{value: 0x0040, lo: 0x8a, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xa6},
-	{value: 0x0008, lo: 0xa7, hi: 0xa7},
-	{value: 0x0018, lo: 0xa8, hi: 0xad},
-	{value: 0x0040, lo: 0xae, hi: 0xaf},
-	{value: 0x3308, lo: 0xb0, hi: 0xbd},
-	{value: 0x3318, lo: 0xbe, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0x3d, offset 0x221
-	{value: 0x0000, lo: 0x01},
-	{value: 0x0040, lo: 0x80, hi: 0xbf},
-	// Block 0x3e, offset 0x223
-	{value: 0x0000, lo: 0x09},
-	{value: 0x3308, lo: 0x80, hi: 0x83},
-	{value: 0x3008, lo: 0x84, hi: 0x84},
-	{value: 0x0008, lo: 0x85, hi: 0xb3},
-	{value: 0x3308, lo: 0xb4, hi: 0xb4},
-	{value: 0x3008, lo: 0xb5, hi: 0xb5},
-	{value: 0x3308, lo: 0xb6, hi: 0xba},
-	{value: 0x3008, lo: 0xbb, hi: 0xbb},
-	{value: 0x3308, lo: 0xbc, hi: 0xbc},
-	{value: 0x3008, lo: 0xbd, hi: 0xbf},
-	// Block 0x3f, offset 0x22d
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x3008, lo: 0x80, hi: 0x81},
-	{value: 0x3308, lo: 0x82, hi: 0x82},
-	{value: 0x3008, lo: 0x83, hi: 0x83},
-	{value: 0x3808, lo: 0x84, hi: 0x84},
-	{value: 0x0008, lo: 0x85, hi: 0x8b},
-	{value: 0x0040, lo: 0x8c, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0018, lo: 0x9a, hi: 0xaa},
-	{value: 0x3308, lo: 0xab, hi: 0xb3},
-	{value: 0x0018, lo: 0xb4, hi: 0xbc},
-	{value: 0x0040, lo: 0xbd, hi: 0xbf},
-	// Block 0x40, offset 0x239
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x3308, lo: 0x80, hi: 0x81},
-	{value: 0x3008, lo: 0x82, hi: 0x82},
-	{value: 0x0008, lo: 0x83, hi: 0xa0},
-	{value: 0x3008, lo: 0xa1, hi: 0xa1},
-	{value: 0x3308, lo: 0xa2, hi: 0xa5},
-	{value: 0x3008, lo: 0xa6, hi: 0xa7},
-	{value: 0x3308, lo: 0xa8, hi: 0xa9},
-	{value: 0x3808, lo: 0xaa, hi: 0xaa},
-	{value: 0x3b08, lo: 0xab, hi: 0xab},
-	{value: 0x3308, lo: 0xac, hi: 0xad},
-	{value: 0x0008, lo: 0xae, hi: 0xbf},
-	// Block 0x41, offset 0x245
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0008, lo: 0x80, hi: 0xa5},
-	{value: 0x3308, lo: 0xa6, hi: 0xa6},
-	{value: 0x3008, lo: 0xa7, hi: 0xa7},
-	{value: 0x3308, lo: 0xa8, hi: 0xa9},
-	{value: 0x3008, lo: 0xaa, hi: 0xac},
-	{value: 0x3308, lo: 0xad, hi: 0xad},
-	{value: 0x3008, lo: 0xae, hi: 0xae},
-	{value: 0x3308, lo: 0xaf, hi: 0xb1},
-	{value: 0x3808, lo: 0xb2, hi: 0xb3},
-	{value: 0x0040, lo: 0xb4, hi: 0xbb},
-	{value: 0x0018, lo: 0xbc, hi: 0xbf},
-	// Block 0x42, offset 0x251
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0xa3},
-	{value: 0x3008, lo: 0xa4, hi: 0xab},
-	{value: 0x3308, lo: 0xac, hi: 0xb3},
-	{value: 0x3008, lo: 0xb4, hi: 0xb5},
-	{value: 0x3308, lo: 0xb6, hi: 0xb7},
-	{value: 0x0040, lo: 0xb8, hi: 0xba},
-	{value: 0x0018, lo: 0xbb, hi: 0xbf},
-	// Block 0x43, offset 0x259
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0x89},
-	{value: 0x0040, lo: 0x8a, hi: 0x8c},
-	{value: 0x0008, lo: 0x8d, hi: 0xbd},
-	{value: 0x0018, lo: 0xbe, hi: 0xbf},
-	// Block 0x44, offset 0x25e
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0e29, lo: 0x80, hi: 0x80},
-	{value: 0x0e41, lo: 0x81, hi: 0x81},
-	{value: 0x0e59, lo: 0x82, hi: 0x82},
-	{value: 0x0e71, lo: 0x83, hi: 0x83},
-	{value: 0x0e89, lo: 0x84, hi: 0x85},
-	{value: 0x0ea1, lo: 0x86, hi: 0x86},
-	{value: 0x0eb9, lo: 0x87, hi: 0x87},
-	{value: 0x057d, lo: 0x88, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0xbf},
-	// Block 0x45, offset 0x268
-	{value: 0x0000, lo: 0x10},
-	{value: 0x0018, lo: 0x80, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8f},
-	{value: 0x3308, lo: 0x90, hi: 0x92},
-	{value: 0x0018, lo: 0x93, hi: 0x93},
-	{value: 0x3308, lo: 0x94, hi: 0xa0},
-	{value: 0x3008, lo: 0xa1, hi: 0xa1},
-	{value: 0x3308, lo: 0xa2, hi: 0xa8},
-	{value: 0x0008, lo: 0xa9, hi: 0xac},
-	{value: 0x3308, lo: 0xad, hi: 0xad},
-	{value: 0x0008, lo: 0xae, hi: 0xb1},
-	{value: 0x3008, lo: 0xb2, hi: 0xb3},
-	{value: 0x3308, lo: 0xb4, hi: 0xb4},
-	{value: 0x0008, lo: 0xb5, hi: 0xb6},
-	{value: 0x3008, lo: 0xb7, hi: 0xb7},
-	{value: 0x3308, lo: 0xb8, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbf},
-	// Block 0x46, offset 0x279
-	{value: 0x0000, lo: 0x03},
-	{value: 0x3308, lo: 0x80, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xba},
-	{value: 0x3308, lo: 0xbb, hi: 0xbf},
-	// Block 0x47, offset 0x27d
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x0008, lo: 0x80, hi: 0x87},
-	{value: 0xe045, lo: 0x88, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x95},
-	{value: 0x0040, lo: 0x96, hi: 0x97},
-	{value: 0xe045, lo: 0x98, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa7},
-	{value: 0xe045, lo: 0xa8, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xb7},
-	{value: 0xe045, lo: 0xb8, hi: 0xbf},
-	// Block 0x48, offset 0x288
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0040, lo: 0x80, hi: 0x8f},
-	{value: 0x3318, lo: 0x90, hi: 0xb0},
-	{value: 0x0040, lo: 0xb1, hi: 0xbf},
-	// Block 0x49, offset 0x28c
-	{value: 0x0000, lo: 0x08},
-	{value: 0x0018, lo: 0x80, hi: 0x82},
-	{value: 0x0040, lo: 0x83, hi: 0x83},
-	{value: 0x0008, lo: 0x84, hi: 0x84},
-	{value: 0x0018, lo: 0x85, hi: 0x88},
-	{value: 0x24c1, lo: 0x89, hi: 0x89},
-	{value: 0x0018, lo: 0x8a, hi: 0x8b},
-	{value: 0x0040, lo: 0x8c, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0xbf},
-	// Block 0x4a, offset 0x295
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0018, lo: 0x80, hi: 0xab},
-	{value: 0x24f1, lo: 0xac, hi: 0xac},
-	{value: 0x2529, lo: 0xad, hi: 0xad},
-	{value: 0x0018, lo: 0xae, hi: 0xae},
-	{value: 0x2579, lo: 0xaf, hi: 0xaf},
-	{value: 0x25b1, lo: 0xb0, hi: 0xb0},
-	{value: 0x0018, lo: 0xb1, hi: 0xbf},
-	// Block 0x4b, offset 0x29d
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0018, lo: 0x80, hi: 0x9f},
-	{value: 0x0080, lo: 0xa0, hi: 0xa0},
-	{value: 0x0018, lo: 0xa1, hi: 0xad},
-	{value: 0x0080, lo: 0xae, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xbf},
-	// Block 0x4c, offset 0x2a3
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0xa8},
-	{value: 0x09c5, lo: 0xa9, hi: 0xa9},
-	{value: 0x09e5, lo: 0xaa, hi: 0xaa},
-	{value: 0x0018, lo: 0xab, hi: 0xbf},
-	// Block 0x4d, offset 0x2a8
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0018, lo: 0x80, hi: 0xa6},
-	{value: 0x0040, lo: 0xa7, hi: 0xbf},
-	// Block 0x4e, offset 0x2ab
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0x8b},
-	{value: 0x28c1, lo: 0x8c, hi: 0x8c},
-	{value: 0x0018, lo: 0x8d, hi: 0xbf},
-	// Block 0x4f, offset 0x2af
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0018, lo: 0x80, hi: 0xb3},
-	{value: 0x0e66, lo: 0xb4, hi: 0xb4},
-	{value: 0x292a, lo: 0xb5, hi: 0xb5},
-	{value: 0x0e86, lo: 0xb6, hi: 0xb6},
-	{value: 0x0018, lo: 0xb7, hi: 0xbf},
-	// Block 0x50, offset 0x2b5
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0x9b},
-	{value: 0x2941, lo: 0x9c, hi: 0x9c},
-	{value: 0x0018, lo: 0x9d, hi: 0xbf},
-	// Block 0x51, offset 0x2b9
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0xb3},
-	{value: 0x0040, lo: 0xb4, hi: 0xb5},
-	{value: 0x0018, lo: 0xb6, hi: 0xbf},
-	// Block 0x52, offset 0x2bd
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0018, lo: 0x80, hi: 0x95},
-	{value: 0x0040, lo: 0x96, hi: 0x97},
-	{value: 0x0018, lo: 0x98, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbc},
-	{value: 0x0018, lo: 0xbd, hi: 0xbf},
-	// Block 0x53, offset 0x2c3
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0018, lo: 0x80, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x89},
-	{value: 0x0018, lo: 0x8a, hi: 0x92},
-	{value: 0x0040, lo: 0x93, hi: 0xab},
-	{value: 0x0018, lo: 0xac, hi: 0xaf},
-	{value: 0x0040, lo: 0xb0, hi: 0xbf},
-	// Block 0x54, offset 0x2ca
-	{value: 0x0000, lo: 0x05},
-	{value: 0xe185, lo: 0x80, hi: 0x8f},
-	{value: 0x03f5, lo: 0x90, hi: 0x9f},
-	{value: 0x0ea5, lo: 0xa0, hi: 0xae},
-	{value: 0x0040, lo: 0xaf, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x55, offset 0x2d0
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0xa5},
-	{value: 0x0040, lo: 0xa6, hi: 0xa6},
-	{value: 0x0008, lo: 0xa7, hi: 0xa7},
-	{value: 0x0040, lo: 0xa8, hi: 0xac},
-	{value: 0x0008, lo: 0xad, hi: 0xad},
-	{value: 0x0040, lo: 0xae, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x56, offset 0x2d8
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0008, lo: 0x80, hi: 0xa7},
-	{value: 0x0040, lo: 0xa8, hi: 0xae},
-	{value: 0xe075, lo: 0xaf, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xb0},
-	{value: 0x0040, lo: 0xb1, hi: 0xbe},
-	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
-	// Block 0x57, offset 0x2df
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x0008, lo: 0x80, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa6},
-	{value: 0x0040, lo: 0xa7, hi: 0xa7},
-	{value: 0x0008, lo: 0xa8, hi: 0xae},
-	{value: 0x0040, lo: 0xaf, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xb7},
-	{value: 0x0008, lo: 0xb8, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0x58, offset 0x2ea
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0008, lo: 0x80, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x87},
-	{value: 0x0008, lo: 0x88, hi: 0x8e},
-	{value: 0x0040, lo: 0x8f, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x97},
-	{value: 0x0008, lo: 0x98, hi: 0x9e},
-	{value: 0x0040, lo: 0x9f, hi: 0x9f},
-	{value: 0x3308, lo: 0xa0, hi: 0xbf},
-	// Block 0x59, offset 0x2f4
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0xae},
-	{value: 0x0008, lo: 0xaf, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xbf},
-	// Block 0x5a, offset 0x2f8
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0018, lo: 0x80, hi: 0x89},
-	{value: 0x0040, lo: 0x8a, hi: 0xbf},
-	// Block 0x5b, offset 0x2fb
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0018, lo: 0x80, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9a},
-	{value: 0x0018, lo: 0x9b, hi: 0x9e},
-	{value: 0x0edd, lo: 0x9f, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xbf},
-	// Block 0x5c, offset 0x301
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0xb2},
-	{value: 0x0efd, lo: 0xb3, hi: 0xb3},
-	{value: 0x0040, lo: 0xb4, hi: 0xbf},
-	// Block 0x5d, offset 0x305
-	{value: 0x0020, lo: 0x01},
-	{value: 0x0f1d, lo: 0x80, hi: 0xbf},
-	// Block 0x5e, offset 0x307
-	{value: 0x0020, lo: 0x02},
-	{value: 0x171d, lo: 0x80, hi: 0x8f},
-	{value: 0x18fd, lo: 0x90, hi: 0xbf},
-	// Block 0x5f, offset 0x30a
-	{value: 0x0020, lo: 0x01},
-	{value: 0x1efd, lo: 0x80, hi: 0xbf},
-	// Block 0x60, offset 0x30c
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0040, lo: 0x80, hi: 0x80},
-	{value: 0x0008, lo: 0x81, hi: 0xbf},
-	// Block 0x61, offset 0x30f
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0008, lo: 0x80, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x98},
-	{value: 0x3308, lo: 0x99, hi: 0x9a},
-	{value: 0x29e2, lo: 0x9b, hi: 0x9b},
-	{value: 0x2a0a, lo: 0x9c, hi: 0x9c},
-	{value: 0x0008, lo: 0x9d, hi: 0x9e},
-	{value: 0x2a31, lo: 0x9f, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xa0},
-	{value: 0x0008, lo: 0xa1, hi: 0xbf},
-	// Block 0x62, offset 0x319
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xbe},
-	{value: 0x2a69, lo: 0xbf, hi: 0xbf},
-	// Block 0x63, offset 0x31c
-	{value: 0x0000, lo: 0x0e},
-	{value: 0x0040, lo: 0x80, hi: 0x84},
-	{value: 0x0008, lo: 0x85, hi: 0xae},
-	{value: 0x0040, lo: 0xaf, hi: 0xb0},
-	{value: 0x2a1d, lo: 0xb1, hi: 0xb1},
-	{value: 0x2a3d, lo: 0xb2, hi: 0xb2},
-	{value: 0x2a5d, lo: 0xb3, hi: 0xb3},
-	{value: 0x2a7d, lo: 0xb4, hi: 0xb4},
-	{value: 0x2a5d, lo: 0xb5, hi: 0xb5},
-	{value: 0x2a9d, lo: 0xb6, hi: 0xb6},
-	{value: 0x2abd, lo: 0xb7, hi: 0xb7},
-	{value: 0x2add, lo: 0xb8, hi: 0xb9},
-	{value: 0x2afd, lo: 0xba, hi: 0xbb},
-	{value: 0x2b1d, lo: 0xbc, hi: 0xbd},
-	{value: 0x2afd, lo: 0xbe, hi: 0xbf},
-	// Block 0x64, offset 0x32b
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0xa3},
-	{value: 0x0040, lo: 0xa4, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x65, offset 0x32f
-	{value: 0x0030, lo: 0x04},
-	{value: 0x2aa2, lo: 0x80, hi: 0x9d},
-	{value: 0x305a, lo: 0x9e, hi: 0x9e},
-	{value: 0x0040, lo: 0x9f, hi: 0x9f},
-	{value: 0x30a2, lo: 0xa0, hi: 0xbf},
-	// Block 0x66, offset 0x334
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xaa},
-	{value: 0x0040, lo: 0xab, hi: 0xbf},
-	// Block 0x67, offset 0x337
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0x8c},
-	{value: 0x0040, lo: 0x8d, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0xbf},
-	// Block 0x68, offset 0x33b
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0xbd},
-	{value: 0x0018, lo: 0xbe, hi: 0xbf},
-	// Block 0x69, offset 0x340
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0x8c},
-	{value: 0x0018, lo: 0x8d, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0xab},
-	{value: 0x0040, lo: 0xac, hi: 0xbf},
-	// Block 0x6a, offset 0x345
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0008, lo: 0x80, hi: 0xa5},
-	{value: 0x0018, lo: 0xa6, hi: 0xaf},
-	{value: 0x3308, lo: 0xb0, hi: 0xb1},
-	{value: 0x0018, lo: 0xb2, hi: 0xb7},
-	{value: 0x0040, lo: 0xb8, hi: 0xbf},
-	// Block 0x6b, offset 0x34b
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0040, lo: 0x80, hi: 0xb6},
-	{value: 0x0008, lo: 0xb7, hi: 0xb7},
-	{value: 0x2009, lo: 0xb8, hi: 0xb8},
-	{value: 0x6e89, lo: 0xb9, hi: 0xb9},
-	{value: 0x0008, lo: 0xba, hi: 0xbf},
-	// Block 0x6c, offset 0x351
-	{value: 0x0000, lo: 0x0e},
-	{value: 0x0008, lo: 0x80, hi: 0x81},
-	{value: 0x3308, lo: 0x82, hi: 0x82},
-	{value: 0x0008, lo: 0x83, hi: 0x85},
-	{value: 0x3b08, lo: 0x86, hi: 0x86},
-	{value: 0x0008, lo: 0x87, hi: 0x8a},
-	{value: 0x3308, lo: 0x8b, hi: 0x8b},
-	{value: 0x0008, lo: 0x8c, hi: 0xa2},
-	{value: 0x3008, lo: 0xa3, hi: 0xa4},
-	{value: 0x3308, lo: 0xa5, hi: 0xa6},
-	{value: 0x3008, lo: 0xa7, hi: 0xa7},
-	{value: 0x0018, lo: 0xa8, hi: 0xab},
-	{value: 0x0040, lo: 0xac, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbf},
-	// Block 0x6d, offset 0x360
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0208, lo: 0x80, hi: 0xb1},
-	{value: 0x0108, lo: 0xb2, hi: 0xb2},
-	{value: 0x0008, lo: 0xb3, hi: 0xb3},
-	{value: 0x0018, lo: 0xb4, hi: 0xb7},
-	{value: 0x0040, lo: 0xb8, hi: 0xbf},
-	// Block 0x6e, offset 0x366
-	{value: 0x0000, lo: 0x03},
-	{value: 0x3008, lo: 0x80, hi: 0x81},
-	{value: 0x0008, lo: 0x82, hi: 0xb3},
-	{value: 0x3008, lo: 0xb4, hi: 0xbf},
-	// Block 0x6f, offset 0x36a
-	{value: 0x0000, lo: 0x0e},
-	{value: 0x3008, lo: 0x80, hi: 0x83},
-	{value: 0x3b08, lo: 0x84, hi: 0x84},
-	{value: 0x3308, lo: 0x85, hi: 0x85},
-	{value: 0x0040, lo: 0x86, hi: 0x8d},
-	{value: 0x0018, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9f},
-	{value: 0x3308, lo: 0xa0, hi: 0xb1},
-	{value: 0x0008, lo: 0xb2, hi: 0xb7},
-	{value: 0x0018, lo: 0xb8, hi: 0xba},
-	{value: 0x0008, lo: 0xbb, hi: 0xbb},
-	{value: 0x0018, lo: 0xbc, hi: 0xbc},
-	{value: 0x0008, lo: 0xbd, hi: 0xbd},
-	{value: 0x0040, lo: 0xbe, hi: 0xbf},
-	// Block 0x70, offset 0x379
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0xa5},
-	{value: 0x3308, lo: 0xa6, hi: 0xad},
-	{value: 0x0018, lo: 0xae, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x71, offset 0x37e
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0x86},
-	{value: 0x3308, lo: 0x87, hi: 0x91},
-	{value: 0x3008, lo: 0x92, hi: 0x92},
-	{value: 0x3808, lo: 0x93, hi: 0x93},
-	{value: 0x0040, lo: 0x94, hi: 0x9e},
-	{value: 0x0018, lo: 0x9f, hi: 0xbc},
-	{value: 0x0040, lo: 0xbd, hi: 0xbf},
-	// Block 0x72, offset 0x386
-	{value: 0x0000, lo: 0x09},
-	{value: 0x3308, lo: 0x80, hi: 0x82},
-	{value: 0x3008, lo: 0x83, hi: 0x83},
-	{value: 0x0008, lo: 0x84, hi: 0xb2},
-	{value: 0x3308, lo: 0xb3, hi: 0xb3},
-	{value: 0x3008, lo: 0xb4, hi: 0xb5},
-	{value: 0x3308, lo: 0xb6, hi: 0xb9},
-	{value: 0x3008, lo: 0xba, hi: 0xbb},
-	{value: 0x3308, lo: 0xbc, hi: 0xbc},
-	{value: 0x3008, lo: 0xbd, hi: 0xbf},
-	// Block 0x73, offset 0x390
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x3808, lo: 0x80, hi: 0x80},
-	{value: 0x0018, lo: 0x81, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8e},
-	{value: 0x0008, lo: 0x8f, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9d},
-	{value: 0x0018, lo: 0x9e, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa4},
-	{value: 0x3308, lo: 0xa5, hi: 0xa5},
-	{value: 0x0008, lo: 0xa6, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0x74, offset 0x39b
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0xa8},
-	{value: 0x3308, lo: 0xa9, hi: 0xae},
-	{value: 0x3008, lo: 0xaf, hi: 0xb0},
-	{value: 0x3308, lo: 0xb1, hi: 0xb2},
-	{value: 0x3008, lo: 0xb3, hi: 0xb4},
-	{value: 0x3308, lo: 0xb5, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xbf},
-	// Block 0x75, offset 0x3a3
-	{value: 0x0000, lo: 0x10},
-	{value: 0x0008, lo: 0x80, hi: 0x82},
-	{value: 0x3308, lo: 0x83, hi: 0x83},
-	{value: 0x0008, lo: 0x84, hi: 0x8b},
-	{value: 0x3308, lo: 0x8c, hi: 0x8c},
-	{value: 0x3008, lo: 0x8d, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9b},
-	{value: 0x0018, lo: 0x9c, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xb6},
-	{value: 0x0018, lo: 0xb7, hi: 0xb9},
-	{value: 0x0008, lo: 0xba, hi: 0xba},
-	{value: 0x3008, lo: 0xbb, hi: 0xbb},
-	{value: 0x3308, lo: 0xbc, hi: 0xbc},
-	{value: 0x3008, lo: 0xbd, hi: 0xbd},
-	{value: 0x0008, lo: 0xbe, hi: 0xbf},
-	// Block 0x76, offset 0x3b4
-	{value: 0x0000, lo: 0x08},
-	{value: 0x0008, lo: 0x80, hi: 0xaf},
-	{value: 0x3308, lo: 0xb0, hi: 0xb0},
-	{value: 0x0008, lo: 0xb1, hi: 0xb1},
-	{value: 0x3308, lo: 0xb2, hi: 0xb4},
-	{value: 0x0008, lo: 0xb5, hi: 0xb6},
-	{value: 0x3308, lo: 0xb7, hi: 0xb8},
-	{value: 0x0008, lo: 0xb9, hi: 0xbd},
-	{value: 0x3308, lo: 0xbe, hi: 0xbf},
-	// Block 0x77, offset 0x3bd
-	{value: 0x0000, lo: 0x0f},
-	{value: 0x0008, lo: 0x80, hi: 0x80},
-	{value: 0x3308, lo: 0x81, hi: 0x81},
-	{value: 0x0008, lo: 0x82, hi: 0x82},
-	{value: 0x0040, lo: 0x83, hi: 0x9a},
-	{value: 0x0008, lo: 0x9b, hi: 0x9d},
-	{value: 0x0018, lo: 0x9e, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xaa},
-	{value: 0x3008, lo: 0xab, hi: 0xab},
-	{value: 0x3308, lo: 0xac, hi: 0xad},
-	{value: 0x3008, lo: 0xae, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xb1},
-	{value: 0x0008, lo: 0xb2, hi: 0xb4},
-	{value: 0x3008, lo: 0xb5, hi: 0xb5},
-	{value: 0x3b08, lo: 0xb6, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xbf},
-	// Block 0x78, offset 0x3cd
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x0040, lo: 0x80, hi: 0x80},
-	{value: 0x0008, lo: 0x81, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x88},
-	{value: 0x0008, lo: 0x89, hi: 0x8e},
-	{value: 0x0040, lo: 0x8f, hi: 0x90},
-	{value: 0x0008, lo: 0x91, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa6},
-	{value: 0x0040, lo: 0xa7, hi: 0xa7},
-	{value: 0x0008, lo: 0xa8, hi: 0xae},
-	{value: 0x0040, lo: 0xaf, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x79, offset 0x3da
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0008, lo: 0x80, hi: 0x9a},
-	{value: 0x0018, lo: 0x9b, hi: 0x9b},
-	{value: 0x4465, lo: 0x9c, hi: 0x9c},
-	{value: 0x447d, lo: 0x9d, hi: 0x9d},
-	{value: 0x2971, lo: 0x9e, hi: 0x9e},
-	{value: 0xe06d, lo: 0x9f, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa5},
-	{value: 0x0040, lo: 0xa6, hi: 0xaf},
-	{value: 0x4495, lo: 0xb0, hi: 0xbf},
-	// Block 0x7a, offset 0x3e4
-	{value: 0x0000, lo: 0x04},
-	{value: 0x44b5, lo: 0x80, hi: 0x8f},
-	{value: 0x44d5, lo: 0x90, hi: 0x9f},
-	{value: 0x44f5, lo: 0xa0, hi: 0xaf},
-	{value: 0x44d5, lo: 0xb0, hi: 0xbf},
-	// Block 0x7b, offset 0x3e9
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x0008, lo: 0x80, hi: 0xa2},
-	{value: 0x3008, lo: 0xa3, hi: 0xa4},
-	{value: 0x3308, lo: 0xa5, hi: 0xa5},
-	{value: 0x3008, lo: 0xa6, hi: 0xa7},
-	{value: 0x3308, lo: 0xa8, hi: 0xa8},
-	{value: 0x3008, lo: 0xa9, hi: 0xaa},
-	{value: 0x0018, lo: 0xab, hi: 0xab},
-	{value: 0x3008, lo: 0xac, hi: 0xac},
-	{value: 0x3b08, lo: 0xad, hi: 0xad},
-	{value: 0x0040, lo: 0xae, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbf},
-	// Block 0x7c, offset 0x3f6
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0xa3},
-	{value: 0x0040, lo: 0xa4, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xbf},
-	// Block 0x7d, offset 0x3fa
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x8a},
-	{value: 0x0018, lo: 0x8b, hi: 0xbb},
-	{value: 0x0040, lo: 0xbc, hi: 0xbf},
-	// Block 0x7e, offset 0x3ff
-	{value: 0x0020, lo: 0x01},
-	{value: 0x4515, lo: 0x80, hi: 0xbf},
-	// Block 0x7f, offset 0x401
-	{value: 0x0020, lo: 0x03},
-	{value: 0x4d15, lo: 0x80, hi: 0x94},
-	{value: 0x4ad5, lo: 0x95, hi: 0x95},
-	{value: 0x4fb5, lo: 0x96, hi: 0xbf},
-	// Block 0x80, offset 0x405
-	{value: 0x0020, lo: 0x01},
-	{value: 0x54f5, lo: 0x80, hi: 0xbf},
-	// Block 0x81, offset 0x407
-	{value: 0x0020, lo: 0x03},
-	{value: 0x5cf5, lo: 0x80, hi: 0x84},
-	{value: 0x5655, lo: 0x85, hi: 0x85},
-	{value: 0x5d95, lo: 0x86, hi: 0xbf},
-	// Block 0x82, offset 0x40b
-	{value: 0x0020, lo: 0x08},
-	{value: 0x6b55, lo: 0x80, hi: 0x8f},
-	{value: 0x6d15, lo: 0x90, hi: 0x90},
-	{value: 0x6d55, lo: 0x91, hi: 0xab},
-	{value: 0x6ea1, lo: 0xac, hi: 0xac},
-	{value: 0x70b5, lo: 0xad, hi: 0xad},
-	{value: 0x0040, lo: 0xae, hi: 0xae},
-	{value: 0x0040, lo: 0xaf, hi: 0xaf},
-	{value: 0x70d5, lo: 0xb0, hi: 0xbf},
-	// Block 0x83, offset 0x414
-	{value: 0x0020, lo: 0x05},
-	{value: 0x72d5, lo: 0x80, hi: 0xad},
-	{value: 0x6535, lo: 0xae, hi: 0xae},
-	{value: 0x7895, lo: 0xaf, hi: 0xb5},
-	{value: 0x6f55, lo: 0xb6, hi: 0xb6},
-	{value: 0x7975, lo: 0xb7, hi: 0xbf},
-	// Block 0x84, offset 0x41a
-	{value: 0x0028, lo: 0x03},
-	{value: 0x7c21, lo: 0x80, hi: 0x82},
-	{value: 0x7be1, lo: 0x83, hi: 0x83},
-	{value: 0x7c99, lo: 0x84, hi: 0xbf},
-	// Block 0x85, offset 0x41e
-	{value: 0x0038, lo: 0x0f},
-	{value: 0x9db1, lo: 0x80, hi: 0x83},
-	{value: 0x9e59, lo: 0x84, hi: 0x85},
-	{value: 0x9e91, lo: 0x86, hi: 0x87},
-	{value: 0x9ec9, lo: 0x88, hi: 0x8f},
-	{value: 0x0040, lo: 0x90, hi: 0x90},
-	{value: 0x0040, lo: 0x91, hi: 0x91},
-	{value: 0xa089, lo: 0x92, hi: 0x97},
-	{value: 0xa1a1, lo: 0x98, hi: 0x9c},
-	{value: 0xa281, lo: 0x9d, hi: 0xb3},
-	{value: 0x9d41, lo: 0xb4, hi: 0xb4},
-	{value: 0x9db1, lo: 0xb5, hi: 0xb5},
-	{value: 0xa789, lo: 0xb6, hi: 0xbb},
-	{value: 0xa869, lo: 0xbc, hi: 0xbc},
-	{value: 0xa7f9, lo: 0xbd, hi: 0xbd},
-	{value: 0xa8d9, lo: 0xbe, hi: 0xbf},
-	// Block 0x86, offset 0x42e
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0008, lo: 0x80, hi: 0x8b},
-	{value: 0x0040, lo: 0x8c, hi: 0x8c},
-	{value: 0x0008, lo: 0x8d, hi: 0xa6},
-	{value: 0x0040, lo: 0xa7, hi: 0xa7},
-	{value: 0x0008, lo: 0xa8, hi: 0xba},
-	{value: 0x0040, lo: 0xbb, hi: 0xbb},
-	{value: 0x0008, lo: 0xbc, hi: 0xbd},
-	{value: 0x0040, lo: 0xbe, hi: 0xbe},
-	{value: 0x0008, lo: 0xbf, hi: 0xbf},
-	// Block 0x87, offset 0x438
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0xbf},
-	// Block 0x88, offset 0x43d
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xba},
-	{value: 0x0040, lo: 0xbb, hi: 0xbf},
-	// Block 0x89, offset 0x440
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0018, lo: 0x80, hi: 0x82},
-	{value: 0x0040, lo: 0x83, hi: 0x86},
-	{value: 0x0018, lo: 0x87, hi: 0xb3},
-	{value: 0x0040, lo: 0xb4, hi: 0xb6},
-	{value: 0x0018, lo: 0xb7, hi: 0xbf},
-	// Block 0x8a, offset 0x446
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0018, lo: 0x80, hi: 0x8e},
-	{value: 0x0040, lo: 0x8f, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0x9b},
-	{value: 0x0040, lo: 0x9c, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xa0},
-	{value: 0x0040, lo: 0xa1, hi: 0xbf},
-	// Block 0x8b, offset 0x44d
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0040, lo: 0x80, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0xbc},
-	{value: 0x3308, lo: 0xbd, hi: 0xbd},
-	{value: 0x0040, lo: 0xbe, hi: 0xbf},
-	// Block 0x8c, offset 0x452
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0x9c},
-	{value: 0x0040, lo: 0x9d, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xbf},
-	// Block 0x8d, offset 0x456
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0008, lo: 0x80, hi: 0x90},
-	{value: 0x0040, lo: 0x91, hi: 0x9f},
-	{value: 0x3308, lo: 0xa0, hi: 0xa0},
-	{value: 0x0018, lo: 0xa1, hi: 0xbb},
-	{value: 0x0040, lo: 0xbc, hi: 0xbf},
-	// Block 0x8e, offset 0x45c
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xa3},
-	{value: 0x0040, lo: 0xa4, hi: 0xac},
-	{value: 0x0008, lo: 0xad, hi: 0xbf},
-	// Block 0x8f, offset 0x461
-	{value: 0x0000, lo: 0x08},
-	{value: 0x0008, lo: 0x80, hi: 0x80},
-	{value: 0x0018, lo: 0x81, hi: 0x81},
-	{value: 0x0008, lo: 0x82, hi: 0x89},
-	{value: 0x0018, lo: 0x8a, hi: 0x8a},
-	{value: 0x0040, lo: 0x8b, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0xb5},
-	{value: 0x3308, lo: 0xb6, hi: 0xba},
-	{value: 0x0040, lo: 0xbb, hi: 0xbf},
-	// Block 0x90, offset 0x46a
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0x9e},
-	{value: 0x0018, lo: 0x9f, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xbf},
-	// Block 0x91, offset 0x46f
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0008, lo: 0x80, hi: 0x83},
-	{value: 0x0040, lo: 0x84, hi: 0x87},
-	{value: 0x0008, lo: 0x88, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0x95},
-	{value: 0x0040, lo: 0x96, hi: 0xbf},
-	// Block 0x92, offset 0x475
-	{value: 0x0000, lo: 0x06},
-	{value: 0xe145, lo: 0x80, hi: 0x87},
-	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
-	{value: 0xe145, lo: 0x90, hi: 0x97},
-	{value: 0x8ad5, lo: 0x98, hi: 0x9f},
-	{value: 0x8aed, lo: 0xa0, hi: 0xa7},
-	{value: 0x0008, lo: 0xa8, hi: 0xbf},
-	// Block 0x93, offset 0x47c
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0008, lo: 0x80, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa9},
-	{value: 0x0040, lo: 0xaa, hi: 0xaf},
-	{value: 0x8aed, lo: 0xb0, hi: 0xb7},
-	{value: 0x8ad5, lo: 0xb8, hi: 0xbf},
-	// Block 0x94, offset 0x483
-	{value: 0x0000, lo: 0x06},
-	{value: 0xe145, lo: 0x80, hi: 0x87},
-	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
-	{value: 0xe145, lo: 0x90, hi: 0x93},
-	{value: 0x0040, lo: 0x94, hi: 0x97},
-	{value: 0x0008, lo: 0x98, hi: 0xbb},
-	{value: 0x0040, lo: 0xbc, hi: 0xbf},
-	// Block 0x95, offset 0x48a
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0xa7},
-	{value: 0x0040, lo: 0xa8, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x96, offset 0x48e
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0xa3},
-	{value: 0x0040, lo: 0xa4, hi: 0xae},
-	{value: 0x0018, lo: 0xaf, hi: 0xaf},
-	{value: 0x0040, lo: 0xb0, hi: 0xbf},
-	// Block 0x97, offset 0x493
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xbf},
-	// Block 0x98, offset 0x496
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0x95},
-	{value: 0x0040, lo: 0x96, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa7},
-	{value: 0x0040, lo: 0xa8, hi: 0xbf},
-	// Block 0x99, offset 0x49b
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0808, lo: 0x80, hi: 0x85},
-	{value: 0x0040, lo: 0x86, hi: 0x87},
-	{value: 0x0808, lo: 0x88, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x89},
-	{value: 0x0808, lo: 0x8a, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xb6},
-	{value: 0x0808, lo: 0xb7, hi: 0xb8},
-	{value: 0x0040, lo: 0xb9, hi: 0xbb},
-	{value: 0x0808, lo: 0xbc, hi: 0xbc},
-	{value: 0x0040, lo: 0xbd, hi: 0xbe},
-	{value: 0x0808, lo: 0xbf, hi: 0xbf},
-	// Block 0x9a, offset 0x4a7
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0808, lo: 0x80, hi: 0x95},
-	{value: 0x0040, lo: 0x96, hi: 0x96},
-	{value: 0x0818, lo: 0x97, hi: 0x9f},
-	{value: 0x0808, lo: 0xa0, hi: 0xb6},
-	{value: 0x0818, lo: 0xb7, hi: 0xbf},
-	// Block 0x9b, offset 0x4ad
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0808, lo: 0x80, hi: 0x9e},
-	{value: 0x0040, lo: 0x9f, hi: 0xa6},
-	{value: 0x0818, lo: 0xa7, hi: 0xaf},
-	{value: 0x0040, lo: 0xb0, hi: 0xbf},
-	// Block 0x9c, offset 0x4b2
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0040, lo: 0x80, hi: 0x9f},
-	{value: 0x0808, lo: 0xa0, hi: 0xb2},
-	{value: 0x0040, lo: 0xb3, hi: 0xb3},
-	{value: 0x0808, lo: 0xb4, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xba},
-	{value: 0x0818, lo: 0xbb, hi: 0xbf},
-	// Block 0x9d, offset 0x4b9
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0808, lo: 0x80, hi: 0x95},
-	{value: 0x0818, lo: 0x96, hi: 0x9b},
-	{value: 0x0040, lo: 0x9c, hi: 0x9e},
-	{value: 0x0018, lo: 0x9f, hi: 0x9f},
-	{value: 0x0808, lo: 0xa0, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbe},
-	{value: 0x0818, lo: 0xbf, hi: 0xbf},
-	// Block 0x9e, offset 0x4c1
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0808, lo: 0x80, hi: 0xb7},
-	{value: 0x0040, lo: 0xb8, hi: 0xbb},
-	{value: 0x0818, lo: 0xbc, hi: 0xbd},
-	{value: 0x0808, lo: 0xbe, hi: 0xbf},
-	// Block 0x9f, offset 0x4c6
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0818, lo: 0x80, hi: 0x8f},
-	{value: 0x0040, lo: 0x90, hi: 0x91},
-	{value: 0x0818, lo: 0x92, hi: 0xbf},
-	// Block 0xa0, offset 0x4ca
-	{value: 0x0000, lo: 0x0f},
-	{value: 0x0808, lo: 0x80, hi: 0x80},
-	{value: 0x3308, lo: 0x81, hi: 0x83},
-	{value: 0x0040, lo: 0x84, hi: 0x84},
-	{value: 0x3308, lo: 0x85, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x8b},
-	{value: 0x3308, lo: 0x8c, hi: 0x8f},
-	{value: 0x0808, lo: 0x90, hi: 0x93},
-	{value: 0x0040, lo: 0x94, hi: 0x94},
-	{value: 0x0808, lo: 0x95, hi: 0x97},
-	{value: 0x0040, lo: 0x98, hi: 0x98},
-	{value: 0x0808, lo: 0x99, hi: 0xb3},
-	{value: 0x0040, lo: 0xb4, hi: 0xb7},
-	{value: 0x3308, lo: 0xb8, hi: 0xba},
-	{value: 0x0040, lo: 0xbb, hi: 0xbe},
-	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
-	// Block 0xa1, offset 0x4da
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0818, lo: 0x80, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8f},
-	{value: 0x0818, lo: 0x90, hi: 0x98},
-	{value: 0x0040, lo: 0x99, hi: 0x9f},
-	{value: 0x0808, lo: 0xa0, hi: 0xbc},
-	{value: 0x0818, lo: 0xbd, hi: 0xbf},
-	// Block 0xa2, offset 0x4e1
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0808, lo: 0x80, hi: 0x9c},
-	{value: 0x0818, lo: 0x9d, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xbf},
-	// Block 0xa3, offset 0x4e5
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0808, lo: 0x80, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xb8},
-	{value: 0x0018, lo: 0xb9, hi: 0xbf},
-	// Block 0xa4, offset 0x4e9
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0808, lo: 0x80, hi: 0x95},
-	{value: 0x0040, lo: 0x96, hi: 0x97},
-	{value: 0x0818, lo: 0x98, hi: 0x9f},
-	{value: 0x0808, lo: 0xa0, hi: 0xb2},
-	{value: 0x0040, lo: 0xb3, hi: 0xb7},
-	{value: 0x0818, lo: 0xb8, hi: 0xbf},
-	// Block 0xa5, offset 0x4f0
-	{value: 0x0000, lo: 0x01},
-	{value: 0x0808, lo: 0x80, hi: 0xbf},
-	// Block 0xa6, offset 0x4f2
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0808, lo: 0x80, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0xbf},
-	// Block 0xa7, offset 0x4f5
-	{value: 0x0000, lo: 0x02},
-	{value: 0x03dd, lo: 0x80, hi: 0xb2},
-	{value: 0x0040, lo: 0xb3, hi: 0xbf},
-	// Block 0xa8, offset 0x4f8
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0808, lo: 0x80, hi: 0xb2},
-	{value: 0x0040, lo: 0xb3, hi: 0xb9},
-	{value: 0x0818, lo: 0xba, hi: 0xbf},
-	// Block 0xa9, offset 0x4fc
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0040, lo: 0x80, hi: 0x9f},
-	{value: 0x0818, lo: 0xa0, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0xaa, offset 0x500
-	{value: 0x0000, lo: 0x05},
-	{value: 0x3008, lo: 0x80, hi: 0x80},
-	{value: 0x3308, lo: 0x81, hi: 0x81},
-	{value: 0x3008, lo: 0x82, hi: 0x82},
-	{value: 0x0008, lo: 0x83, hi: 0xb7},
-	{value: 0x3308, lo: 0xb8, hi: 0xbf},
-	// Block 0xab, offset 0x506
-	{value: 0x0000, lo: 0x08},
-	{value: 0x3308, lo: 0x80, hi: 0x85},
-	{value: 0x3b08, lo: 0x86, hi: 0x86},
-	{value: 0x0018, lo: 0x87, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x91},
-	{value: 0x0018, lo: 0x92, hi: 0xa5},
-	{value: 0x0008, lo: 0xa6, hi: 0xaf},
-	{value: 0x0040, lo: 0xb0, hi: 0xbe},
-	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
-	// Block 0xac, offset 0x50f
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x3308, lo: 0x80, hi: 0x81},
-	{value: 0x3008, lo: 0x82, hi: 0x82},
-	{value: 0x0008, lo: 0x83, hi: 0xaf},
-	{value: 0x3008, lo: 0xb0, hi: 0xb2},
-	{value: 0x3308, lo: 0xb3, hi: 0xb6},
-	{value: 0x3008, lo: 0xb7, hi: 0xb8},
-	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
-	{value: 0x3308, lo: 0xba, hi: 0xba},
-	{value: 0x0018, lo: 0xbb, hi: 0xbc},
-	{value: 0x0340, lo: 0xbd, hi: 0xbd},
-	{value: 0x0018, lo: 0xbe, hi: 0xbf},
-	// Block 0xad, offset 0x51b
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0018, lo: 0x80, hi: 0x81},
-	{value: 0x0040, lo: 0x82, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0xa8},
-	{value: 0x0040, lo: 0xa9, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbf},
-	// Block 0xae, offset 0x522
-	{value: 0x0000, lo: 0x08},
-	{value: 0x3308, lo: 0x80, hi: 0x82},
-	{value: 0x0008, lo: 0x83, hi: 0xa6},
-	{value: 0x3308, lo: 0xa7, hi: 0xab},
-	{value: 0x3008, lo: 0xac, hi: 0xac},
-	{value: 0x3308, lo: 0xad, hi: 0xb2},
-	{value: 0x3b08, lo: 0xb3, hi: 0xb4},
-	{value: 0x0040, lo: 0xb5, hi: 0xb5},
-	{value: 0x0008, lo: 0xb6, hi: 0xbf},
-	// Block 0xaf, offset 0x52b
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0018, lo: 0x80, hi: 0x83},
-	{value: 0x0040, lo: 0x84, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0xb2},
-	{value: 0x3308, lo: 0xb3, hi: 0xb3},
-	{value: 0x0018, lo: 0xb4, hi: 0xb5},
-	{value: 0x0008, lo: 0xb6, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xbf},
-	// Block 0xb0, offset 0x533
-	{value: 0x0000, lo: 0x06},
-	{value: 0x3308, lo: 0x80, hi: 0x81},
-	{value: 0x3008, lo: 0x82, hi: 0x82},
-	{value: 0x0008, lo: 0x83, hi: 0xb2},
-	{value: 0x3008, lo: 0xb3, hi: 0xb5},
-	{value: 0x3308, lo: 0xb6, hi: 0xbe},
-	{value: 0x3008, lo: 0xbf, hi: 0xbf},
-	// Block 0xb1, offset 0x53a
-	{value: 0x0000, lo: 0x0d},
-	{value: 0x3808, lo: 0x80, hi: 0x80},
-	{value: 0x0008, lo: 0x81, hi: 0x84},
-	{value: 0x0018, lo: 0x85, hi: 0x89},
-	{value: 0x3308, lo: 0x8a, hi: 0x8c},
-	{value: 0x0018, lo: 0x8d, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x9a},
-	{value: 0x0018, lo: 0x9b, hi: 0x9b},
-	{value: 0x0008, lo: 0x9c, hi: 0x9c},
-	{value: 0x0018, lo: 0x9d, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xa0},
-	{value: 0x0018, lo: 0xa1, hi: 0xb4},
-	{value: 0x0040, lo: 0xb5, hi: 0xbf},
-	// Block 0xb2, offset 0x548
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x0008, lo: 0x80, hi: 0x91},
-	{value: 0x0040, lo: 0x92, hi: 0x92},
-	{value: 0x0008, lo: 0x93, hi: 0xab},
-	{value: 0x3008, lo: 0xac, hi: 0xae},
-	{value: 0x3308, lo: 0xaf, hi: 0xb1},
-	{value: 0x3008, lo: 0xb2, hi: 0xb3},
-	{value: 0x3308, lo: 0xb4, hi: 0xb4},
-	{value: 0x3808, lo: 0xb5, hi: 0xb5},
-	{value: 0x3308, lo: 0xb6, hi: 0xb7},
-	{value: 0x0018, lo: 0xb8, hi: 0xbd},
-	{value: 0x3308, lo: 0xbe, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0xb3, offset 0x555
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x0008, lo: 0x80, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x87},
-	{value: 0x0008, lo: 0x88, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x89},
-	{value: 0x0008, lo: 0x8a, hi: 0x8d},
-	{value: 0x0040, lo: 0x8e, hi: 0x8e},
-	{value: 0x0008, lo: 0x8f, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0x9e},
-	{value: 0x0008, lo: 0x9f, hi: 0xa8},
-	{value: 0x0018, lo: 0xa9, hi: 0xa9},
-	{value: 0x0040, lo: 0xaa, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0xb4, offset 0x562
-	{value: 0x0000, lo: 0x08},
-	{value: 0x0008, lo: 0x80, hi: 0x9e},
-	{value: 0x3308, lo: 0x9f, hi: 0x9f},
-	{value: 0x3008, lo: 0xa0, hi: 0xa2},
-	{value: 0x3308, lo: 0xa3, hi: 0xa9},
-	{value: 0x3b08, lo: 0xaa, hi: 0xaa},
-	{value: 0x0040, lo: 0xab, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xb9},
-	{value: 0x0040, lo: 0xba, hi: 0xbf},
-	// Block 0xb5, offset 0x56b
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0xb4},
-	{value: 0x3008, lo: 0xb5, hi: 0xb7},
-	{value: 0x3308, lo: 0xb8, hi: 0xbf},
-	// Block 0xb6, offset 0x56f
-	{value: 0x0000, lo: 0x0d},
-	{value: 0x3008, lo: 0x80, hi: 0x81},
-	{value: 0x3b08, lo: 0x82, hi: 0x82},
-	{value: 0x3308, lo: 0x83, hi: 0x84},
-	{value: 0x3008, lo: 0x85, hi: 0x85},
-	{value: 0x3308, lo: 0x86, hi: 0x86},
-	{value: 0x0008, lo: 0x87, hi: 0x8a},
-	{value: 0x0018, lo: 0x8b, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9a},
-	{value: 0x0018, lo: 0x9b, hi: 0x9b},
-	{value: 0x0040, lo: 0x9c, hi: 0x9c},
-	{value: 0x0018, lo: 0x9d, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0xbf},
-	// Block 0xb7, offset 0x57d
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0xaf},
-	{value: 0x3008, lo: 0xb0, hi: 0xb2},
-	{value: 0x3308, lo: 0xb3, hi: 0xb8},
-	{value: 0x3008, lo: 0xb9, hi: 0xb9},
-	{value: 0x3308, lo: 0xba, hi: 0xba},
-	{value: 0x3008, lo: 0xbb, hi: 0xbe},
-	{value: 0x3308, lo: 0xbf, hi: 0xbf},
-	// Block 0xb8, offset 0x585
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x3308, lo: 0x80, hi: 0x80},
-	{value: 0x3008, lo: 0x81, hi: 0x81},
-	{value: 0x3b08, lo: 0x82, hi: 0x82},
-	{value: 0x3308, lo: 0x83, hi: 0x83},
-	{value: 0x0008, lo: 0x84, hi: 0x85},
-	{value: 0x0018, lo: 0x86, hi: 0x86},
-	{value: 0x0008, lo: 0x87, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0xbf},
-	// Block 0xb9, offset 0x590
-	{value: 0x0000, lo: 0x08},
-	{value: 0x0008, lo: 0x80, hi: 0xae},
-	{value: 0x3008, lo: 0xaf, hi: 0xb1},
-	{value: 0x3308, lo: 0xb2, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xb7},
-	{value: 0x3008, lo: 0xb8, hi: 0xbb},
-	{value: 0x3308, lo: 0xbc, hi: 0xbd},
-	{value: 0x3008, lo: 0xbe, hi: 0xbe},
-	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
-	// Block 0xba, offset 0x599
-	{value: 0x0000, lo: 0x05},
-	{value: 0x3308, lo: 0x80, hi: 0x80},
-	{value: 0x0018, lo: 0x81, hi: 0x97},
-	{value: 0x0008, lo: 0x98, hi: 0x9b},
-	{value: 0x3308, lo: 0x9c, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0xbf},
-	// Block 0xbb, offset 0x59f
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0008, lo: 0x80, hi: 0xaf},
-	{value: 0x3008, lo: 0xb0, hi: 0xb2},
-	{value: 0x3308, lo: 0xb3, hi: 0xba},
-	{value: 0x3008, lo: 0xbb, hi: 0xbc},
-	{value: 0x3308, lo: 0xbd, hi: 0xbd},
-	{value: 0x3008, lo: 0xbe, hi: 0xbe},
-	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
-	// Block 0xbc, offset 0x5a7
-	{value: 0x0000, lo: 0x08},
-	{value: 0x3308, lo: 0x80, hi: 0x80},
-	{value: 0x0018, lo: 0x81, hi: 0x83},
-	{value: 0x0008, lo: 0x84, hi: 0x84},
-	{value: 0x0040, lo: 0x85, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xac},
-	{value: 0x0040, lo: 0xad, hi: 0xbf},
-	// Block 0xbd, offset 0x5b0
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0008, lo: 0x80, hi: 0xaa},
-	{value: 0x3308, lo: 0xab, hi: 0xab},
-	{value: 0x3008, lo: 0xac, hi: 0xac},
-	{value: 0x3308, lo: 0xad, hi: 0xad},
-	{value: 0x3008, lo: 0xae, hi: 0xaf},
-	{value: 0x3308, lo: 0xb0, hi: 0xb5},
-	{value: 0x3808, lo: 0xb6, hi: 0xb6},
-	{value: 0x3308, lo: 0xb7, hi: 0xb7},
-	{value: 0x0040, lo: 0xb8, hi: 0xbf},
-	// Block 0xbe, offset 0x5ba
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0x89},
-	{value: 0x0040, lo: 0x8a, hi: 0xbf},
-	// Block 0xbf, offset 0x5bd
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0008, lo: 0x80, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9c},
-	{value: 0x3308, lo: 0x9d, hi: 0x9f},
-	{value: 0x3008, lo: 0xa0, hi: 0xa1},
-	{value: 0x3308, lo: 0xa2, hi: 0xa5},
-	{value: 0x3008, lo: 0xa6, hi: 0xa6},
-	{value: 0x3308, lo: 0xa7, hi: 0xaa},
-	{value: 0x3b08, lo: 0xab, hi: 0xab},
-	{value: 0x0040, lo: 0xac, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xb9},
-	{value: 0x0018, lo: 0xba, hi: 0xbf},
-	// Block 0xc0, offset 0x5c9
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0040, lo: 0x80, hi: 0x9f},
-	{value: 0x049d, lo: 0xa0, hi: 0xbf},
-	// Block 0xc1, offset 0x5cc
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0xa9},
-	{value: 0x0018, lo: 0xaa, hi: 0xb2},
-	{value: 0x0040, lo: 0xb3, hi: 0xbe},
-	{value: 0x0008, lo: 0xbf, hi: 0xbf},
-	// Block 0xc2, offset 0x5d1
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x0008, lo: 0x80, hi: 0x80},
-	{value: 0x3308, lo: 0x81, hi: 0x86},
-	{value: 0x3008, lo: 0x87, hi: 0x88},
-	{value: 0x3308, lo: 0x89, hi: 0x8a},
-	{value: 0x0008, lo: 0x8b, hi: 0xb2},
-	{value: 0x3308, lo: 0xb3, hi: 0xb3},
-	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
-	{value: 0x3308, lo: 0xb5, hi: 0xb8},
-	{value: 0x3008, lo: 0xb9, hi: 0xb9},
-	{value: 0x0008, lo: 0xba, hi: 0xba},
-	{value: 0x3308, lo: 0xbb, hi: 0xbe},
-	{value: 0x0018, lo: 0xbf, hi: 0xbf},
-	// Block 0xc3, offset 0x5de
-	{value: 0x0000, lo: 0x08},
-	{value: 0x0018, lo: 0x80, hi: 0x86},
-	{value: 0x3b08, lo: 0x87, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x90},
-	{value: 0x3308, lo: 0x91, hi: 0x96},
-	{value: 0x3008, lo: 0x97, hi: 0x98},
-	{value: 0x3308, lo: 0x99, hi: 0x9b},
-	{value: 0x0008, lo: 0x9c, hi: 0xbf},
-	// Block 0xc4, offset 0x5e7
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0008, lo: 0x80, hi: 0x83},
-	{value: 0x0040, lo: 0x84, hi: 0x85},
-	{value: 0x0008, lo: 0x86, hi: 0x89},
-	{value: 0x3308, lo: 0x8a, hi: 0x96},
-	{value: 0x3008, lo: 0x97, hi: 0x97},
-	{value: 0x3308, lo: 0x98, hi: 0x98},
-	{value: 0x3b08, lo: 0x99, hi: 0x99},
-	{value: 0x0018, lo: 0x9a, hi: 0x9c},
-	{value: 0x0040, lo: 0x9d, hi: 0x9d},
-	{value: 0x0018, lo: 0x9e, hi: 0xa2},
-	{value: 0x0040, lo: 0xa3, hi: 0xbf},
-	// Block 0xc5, offset 0x5f3
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xb8},
-	{value: 0x0040, lo: 0xb9, hi: 0xbf},
-	// Block 0xc6, offset 0x5f6
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0008, lo: 0x80, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x89},
-	{value: 0x0008, lo: 0x8a, hi: 0xae},
-	{value: 0x3008, lo: 0xaf, hi: 0xaf},
-	{value: 0x3308, lo: 0xb0, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xb7},
-	{value: 0x3308, lo: 0xb8, hi: 0xbd},
-	{value: 0x3008, lo: 0xbe, hi: 0xbe},
-	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
-	// Block 0xc7, offset 0x600
-	{value: 0x0000, lo: 0x08},
-	{value: 0x0008, lo: 0x80, hi: 0x80},
-	{value: 0x0018, lo: 0x81, hi: 0x85},
-	{value: 0x0040, lo: 0x86, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0018, lo: 0x9a, hi: 0xac},
-	{value: 0x0040, lo: 0xad, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xb1},
-	{value: 0x0008, lo: 0xb2, hi: 0xbf},
-	// Block 0xc8, offset 0x609
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x0008, lo: 0x80, hi: 0x8f},
-	{value: 0x0040, lo: 0x90, hi: 0x91},
-	{value: 0x3308, lo: 0x92, hi: 0xa7},
-	{value: 0x0040, lo: 0xa8, hi: 0xa8},
-	{value: 0x3008, lo: 0xa9, hi: 0xa9},
-	{value: 0x3308, lo: 0xaa, hi: 0xb0},
-	{value: 0x3008, lo: 0xb1, hi: 0xb1},
-	{value: 0x3308, lo: 0xb2, hi: 0xb3},
-	{value: 0x3008, lo: 0xb4, hi: 0xb4},
-	{value: 0x3308, lo: 0xb5, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xbf},
-	// Block 0xc9, offset 0x615
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x0008, lo: 0x80, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x87},
-	{value: 0x0008, lo: 0x88, hi: 0x89},
-	{value: 0x0040, lo: 0x8a, hi: 0x8a},
-	{value: 0x0008, lo: 0x8b, hi: 0xb0},
-	{value: 0x3308, lo: 0xb1, hi: 0xb6},
-	{value: 0x0040, lo: 0xb7, hi: 0xb9},
-	{value: 0x3308, lo: 0xba, hi: 0xba},
-	{value: 0x0040, lo: 0xbb, hi: 0xbb},
-	{value: 0x3308, lo: 0xbc, hi: 0xbd},
-	{value: 0x0040, lo: 0xbe, hi: 0xbe},
-	{value: 0x3308, lo: 0xbf, hi: 0xbf},
-	// Block 0xca, offset 0x622
-	{value: 0x0000, lo: 0x07},
-	{value: 0x3308, lo: 0x80, hi: 0x83},
-	{value: 0x3b08, lo: 0x84, hi: 0x85},
-	{value: 0x0008, lo: 0x86, hi: 0x86},
-	{value: 0x3308, lo: 0x87, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0xbf},
-	// Block 0xcb, offset 0x62a
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0xbf},
-	// Block 0xcc, offset 0x62d
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0xae},
-	{value: 0x0040, lo: 0xaf, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xb4},
-	{value: 0x0040, lo: 0xb5, hi: 0xbf},
-	// Block 0xcd, offset 0x632
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0x83},
-	{value: 0x0040, lo: 0x84, hi: 0xbf},
-	// Block 0xce, offset 0x635
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xae},
-	{value: 0x0040, lo: 0xaf, hi: 0xbf},
-	// Block 0xcf, offset 0x638
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0xbf},
-	// Block 0xd0, offset 0x63b
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0008, lo: 0x80, hi: 0x9e},
-	{value: 0x0040, lo: 0x9f, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa9},
-	{value: 0x0040, lo: 0xaa, hi: 0xad},
-	{value: 0x0018, lo: 0xae, hi: 0xaf},
-	{value: 0x0040, lo: 0xb0, hi: 0xbf},
-	// Block 0xd1, offset 0x642
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0040, lo: 0x80, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0xad},
-	{value: 0x0040, lo: 0xae, hi: 0xaf},
-	{value: 0x3308, lo: 0xb0, hi: 0xb4},
-	{value: 0x0018, lo: 0xb5, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xbf},
-	// Block 0xd2, offset 0x649
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0xaf},
-	{value: 0x3308, lo: 0xb0, hi: 0xb6},
-	{value: 0x0018, lo: 0xb7, hi: 0xbf},
-	// Block 0xd3, offset 0x64d
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x0008, lo: 0x80, hi: 0x83},
-	{value: 0x0018, lo: 0x84, hi: 0x85},
-	{value: 0x0040, lo: 0x86, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9a},
-	{value: 0x0018, lo: 0x9b, hi: 0xa1},
-	{value: 0x0040, lo: 0xa2, hi: 0xa2},
-	{value: 0x0008, lo: 0xa3, hi: 0xb7},
-	{value: 0x0040, lo: 0xb8, hi: 0xbc},
-	{value: 0x0008, lo: 0xbd, hi: 0xbf},
-	// Block 0xd4, offset 0x658
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0x8f},
-	{value: 0x0040, lo: 0x90, hi: 0xbf},
-	// Block 0xd5, offset 0x65b
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0008, lo: 0x80, hi: 0x84},
-	{value: 0x0040, lo: 0x85, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x90},
-	{value: 0x3008, lo: 0x91, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0xd6, offset 0x661
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0040, lo: 0x80, hi: 0x8e},
-	{value: 0x3308, lo: 0x8f, hi: 0x92},
-	{value: 0x0008, lo: 0x93, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xbf},
-	// Block 0xd7, offset 0x666
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0040, lo: 0x80, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xa1},
-	{value: 0x0040, lo: 0xa2, hi: 0xbf},
-	// Block 0xd8, offset 0x66a
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xac},
-	{value: 0x0040, lo: 0xad, hi: 0xbf},
-	// Block 0xd9, offset 0x66d
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xb2},
-	{value: 0x0040, lo: 0xb3, hi: 0xbf},
-	// Block 0xda, offset 0x670
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0x9e},
-	{value: 0x0040, lo: 0x9f, hi: 0xbf},
-	// Block 0xdb, offset 0x673
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0040, lo: 0x80, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0xdc, offset 0x676
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xbb},
-	{value: 0x0040, lo: 0xbc, hi: 0xbf},
-	// Block 0xdd, offset 0x679
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0008, lo: 0x80, hi: 0xaa},
-	{value: 0x0040, lo: 0xab, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbc},
-	{value: 0x0040, lo: 0xbd, hi: 0xbf},
-	// Block 0xde, offset 0x67e
-	{value: 0x0000, lo: 0x09},
-	{value: 0x0008, lo: 0x80, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x8f},
-	{value: 0x0008, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9b},
-	{value: 0x0018, lo: 0x9c, hi: 0x9c},
-	{value: 0x3308, lo: 0x9d, hi: 0x9e},
-	{value: 0x0018, lo: 0x9f, hi: 0x9f},
-	{value: 0x03c0, lo: 0xa0, hi: 0xa3},
-	{value: 0x0040, lo: 0xa4, hi: 0xbf},
-	// Block 0xdf, offset 0x688
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0018, lo: 0x80, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xbf},
-	// Block 0xe0, offset 0x68b
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0xa6},
-	{value: 0x0040, lo: 0xa7, hi: 0xa8},
-	{value: 0x0018, lo: 0xa9, hi: 0xbf},
-	// Block 0xe1, offset 0x68f
-	{value: 0x0000, lo: 0x0e},
-	{value: 0x0018, lo: 0x80, hi: 0x9d},
-	{value: 0xb5b9, lo: 0x9e, hi: 0x9e},
-	{value: 0xb601, lo: 0x9f, hi: 0x9f},
-	{value: 0xb649, lo: 0xa0, hi: 0xa0},
-	{value: 0xb6b1, lo: 0xa1, hi: 0xa1},
-	{value: 0xb719, lo: 0xa2, hi: 0xa2},
-	{value: 0xb781, lo: 0xa3, hi: 0xa3},
-	{value: 0xb7e9, lo: 0xa4, hi: 0xa4},
-	{value: 0x3018, lo: 0xa5, hi: 0xa6},
-	{value: 0x3318, lo: 0xa7, hi: 0xa9},
-	{value: 0x0018, lo: 0xaa, hi: 0xac},
-	{value: 0x3018, lo: 0xad, hi: 0xb2},
-	{value: 0x0340, lo: 0xb3, hi: 0xba},
-	{value: 0x3318, lo: 0xbb, hi: 0xbf},
-	// Block 0xe2, offset 0x69e
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x3318, lo: 0x80, hi: 0x82},
-	{value: 0x0018, lo: 0x83, hi: 0x84},
-	{value: 0x3318, lo: 0x85, hi: 0x8b},
-	{value: 0x0018, lo: 0x8c, hi: 0xa9},
-	{value: 0x3318, lo: 0xaa, hi: 0xad},
-	{value: 0x0018, lo: 0xae, hi: 0xba},
-	{value: 0xb851, lo: 0xbb, hi: 0xbb},
-	{value: 0xb899, lo: 0xbc, hi: 0xbc},
-	{value: 0xb8e1, lo: 0xbd, hi: 0xbd},
-	{value: 0xb949, lo: 0xbe, hi: 0xbe},
-	{value: 0xb9b1, lo: 0xbf, hi: 0xbf},
-	// Block 0xe3, offset 0x6aa
-	{value: 0x0000, lo: 0x03},
-	{value: 0xba19, lo: 0x80, hi: 0x80},
-	{value: 0x0018, lo: 0x81, hi: 0xa8},
-	{value: 0x0040, lo: 0xa9, hi: 0xbf},
-	// Block 0xe4, offset 0x6ae
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x81},
-	{value: 0x3318, lo: 0x82, hi: 0x84},
-	{value: 0x0018, lo: 0x85, hi: 0x85},
-	{value: 0x0040, lo: 0x86, hi: 0xbf},
-	// Block 0xe5, offset 0x6b3
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xb1},
-	{value: 0x0040, lo: 0xb2, hi: 0xbf},
-	// Block 0xe6, offset 0x6b8
-	{value: 0x0000, lo: 0x03},
-	{value: 0x3308, lo: 0x80, hi: 0xb6},
-	{value: 0x0018, lo: 0xb7, hi: 0xba},
-	{value: 0x3308, lo: 0xbb, hi: 0xbf},
-	// Block 0xe7, offset 0x6bc
-	{value: 0x0000, lo: 0x04},
-	{value: 0x3308, lo: 0x80, hi: 0xac},
-	{value: 0x0018, lo: 0xad, hi: 0xb4},
-	{value: 0x3308, lo: 0xb5, hi: 0xb5},
-	{value: 0x0018, lo: 0xb6, hi: 0xbf},
-	// Block 0xe8, offset 0x6c1
-	{value: 0x0000, lo: 0x08},
-	{value: 0x0018, lo: 0x80, hi: 0x83},
-	{value: 0x3308, lo: 0x84, hi: 0x84},
-	{value: 0x0018, lo: 0x85, hi: 0x8b},
-	{value: 0x0040, lo: 0x8c, hi: 0x9a},
-	{value: 0x3308, lo: 0x9b, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xa0},
-	{value: 0x3308, lo: 0xa1, hi: 0xaf},
-	{value: 0x0040, lo: 0xb0, hi: 0xbf},
-	// Block 0xe9, offset 0x6ca
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x3308, lo: 0x80, hi: 0x86},
-	{value: 0x0040, lo: 0x87, hi: 0x87},
-	{value: 0x3308, lo: 0x88, hi: 0x98},
-	{value: 0x0040, lo: 0x99, hi: 0x9a},
-	{value: 0x3308, lo: 0x9b, hi: 0xa1},
-	{value: 0x0040, lo: 0xa2, hi: 0xa2},
-	{value: 0x3308, lo: 0xa3, hi: 0xa4},
-	{value: 0x0040, lo: 0xa5, hi: 0xa5},
-	{value: 0x3308, lo: 0xa6, hi: 0xaa},
-	{value: 0x0040, lo: 0xab, hi: 0xbf},
-	// Block 0xea, offset 0x6d5
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0808, lo: 0x80, hi: 0x84},
-	{value: 0x0040, lo: 0x85, hi: 0x86},
-	{value: 0x0818, lo: 0x87, hi: 0x8f},
-	{value: 0x3308, lo: 0x90, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0xbf},
-	// Block 0xeb, offset 0x6db
-	{value: 0x0000, lo: 0x07},
-	{value: 0x0a08, lo: 0x80, hi: 0x83},
-	{value: 0x3308, lo: 0x84, hi: 0x8a},
-	{value: 0x0040, lo: 0x8b, hi: 0x8f},
-	{value: 0x0808, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9d},
-	{value: 0x0818, lo: 0x9e, hi: 0x9f},
-	{value: 0x0040, lo: 0xa0, hi: 0xbf},
-	// Block 0xec, offset 0x6e3
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0040, lo: 0x80, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xb1},
-	{value: 0x0040, lo: 0xb2, hi: 0xbf},
-	// Block 0xed, offset 0x6e7
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0xab},
-	{value: 0x0040, lo: 0xac, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xbf},
-	// Block 0xee, offset 0x6eb
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0018, lo: 0x80, hi: 0x93},
-	{value: 0x0040, lo: 0x94, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xae},
-	{value: 0x0040, lo: 0xaf, hi: 0xb0},
-	{value: 0x0018, lo: 0xb1, hi: 0xbf},
-	// Block 0xef, offset 0x6f1
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0040, lo: 0x80, hi: 0x80},
-	{value: 0x0018, lo: 0x81, hi: 0x8f},
-	{value: 0x0040, lo: 0x90, hi: 0x90},
-	{value: 0x0018, lo: 0x91, hi: 0xb5},
-	{value: 0x0040, lo: 0xb6, hi: 0xbf},
-	// Block 0xf0, offset 0x6f7
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x8f},
-	{value: 0xc1c1, lo: 0x90, hi: 0x90},
-	{value: 0x0018, lo: 0x91, hi: 0xac},
-	{value: 0x0040, lo: 0xad, hi: 0xbf},
-	// Block 0xf1, offset 0x6fc
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0040, lo: 0x80, hi: 0xa5},
-	{value: 0x0018, lo: 0xa6, hi: 0xbf},
-	// Block 0xf2, offset 0x6ff
-	{value: 0x0000, lo: 0x0f},
-	{value: 0xc7e9, lo: 0x80, hi: 0x80},
-	{value: 0xc839, lo: 0x81, hi: 0x81},
-	{value: 0xc889, lo: 0x82, hi: 0x82},
-	{value: 0xc8d9, lo: 0x83, hi: 0x83},
-	{value: 0xc929, lo: 0x84, hi: 0x84},
-	{value: 0xc979, lo: 0x85, hi: 0x85},
-	{value: 0xc9c9, lo: 0x86, hi: 0x86},
-	{value: 0xca19, lo: 0x87, hi: 0x87},
-	{value: 0xca69, lo: 0x88, hi: 0x88},
-	{value: 0x0040, lo: 0x89, hi: 0x8f},
-	{value: 0xcab9, lo: 0x90, hi: 0x90},
-	{value: 0xcad9, lo: 0x91, hi: 0x91},
-	{value: 0x0040, lo: 0x92, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xa5},
-	{value: 0x0040, lo: 0xa6, hi: 0xbf},
-	// Block 0xf3, offset 0x70f
-	{value: 0x0000, lo: 0x06},
-	{value: 0x0018, lo: 0x80, hi: 0x94},
-	{value: 0x0040, lo: 0x95, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xac},
-	{value: 0x0040, lo: 0xad, hi: 0xaf},
-	{value: 0x0018, lo: 0xb0, hi: 0xb8},
-	{value: 0x0040, lo: 0xb9, hi: 0xbf},
-	// Block 0xf4, offset 0x716
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0018, lo: 0x80, hi: 0xb3},
-	{value: 0x0040, lo: 0xb4, hi: 0xbf},
-	// Block 0xf5, offset 0x719
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0018, lo: 0x80, hi: 0x94},
-	{value: 0x0040, lo: 0x95, hi: 0xbf},
-	// Block 0xf6, offset 0x71c
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0018, lo: 0x80, hi: 0x8b},
-	{value: 0x0040, lo: 0x8c, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0xbf},
-	// Block 0xf7, offset 0x720
-	{value: 0x0000, lo: 0x05},
-	{value: 0x0018, lo: 0x80, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0x99},
-	{value: 0x0040, lo: 0x9a, hi: 0x9f},
-	{value: 0x0018, lo: 0xa0, hi: 0xbf},
-	// Block 0xf8, offset 0x726
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x87},
-	{value: 0x0040, lo: 0x88, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0xad},
-	{value: 0x0040, lo: 0xae, hi: 0xbf},
-	// Block 0xf9, offset 0x72b
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x8b},
-	{value: 0x0040, lo: 0x8c, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0xbe},
-	{value: 0x0040, lo: 0xbf, hi: 0xbf},
-	// Block 0xfa, offset 0x730
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x8c},
-	{value: 0x0040, lo: 0x8d, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0xab},
-	{value: 0x0040, lo: 0xac, hi: 0xbf},
-	// Block 0xfb, offset 0x735
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0018, lo: 0x80, hi: 0x97},
-	{value: 0x0040, lo: 0x98, hi: 0xbf},
-	// Block 0xfc, offset 0x738
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0018, lo: 0x80, hi: 0x80},
-	{value: 0x0040, lo: 0x81, hi: 0x8f},
-	{value: 0x0018, lo: 0x90, hi: 0xa6},
-	{value: 0x0040, lo: 0xa7, hi: 0xbf},
-	// Block 0xfd, offset 0x73d
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0x96},
-	{value: 0x0040, lo: 0x97, hi: 0xbf},
-	// Block 0xfe, offset 0x740
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xb4},
-	{value: 0x0040, lo: 0xb5, hi: 0xbf},
-	// Block 0xff, offset 0x743
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0x9d},
-	{value: 0x0040, lo: 0x9e, hi: 0x9f},
-	{value: 0x0008, lo: 0xa0, hi: 0xbf},
-	// Block 0x100, offset 0x747
-	{value: 0x0000, lo: 0x03},
-	{value: 0x0008, lo: 0x80, hi: 0xa1},
-	{value: 0x0040, lo: 0xa2, hi: 0xaf},
-	{value: 0x0008, lo: 0xb0, hi: 0xbf},
-	// Block 0x101, offset 0x74b
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0008, lo: 0x80, hi: 0xa0},
-	{value: 0x0040, lo: 0xa1, hi: 0xbf},
-	// Block 0x102, offset 0x74e
-	{value: 0x0020, lo: 0x0f},
-	{value: 0xdeb9, lo: 0x80, hi: 0x89},
-	{value: 0x8dfd, lo: 0x8a, hi: 0x8a},
-	{value: 0xdff9, lo: 0x8b, hi: 0x9c},
-	{value: 0x8e1d, lo: 0x9d, hi: 0x9d},
-	{value: 0xe239, lo: 0x9e, hi: 0xa2},
-	{value: 0x8e3d, lo: 0xa3, hi: 0xa3},
-	{value: 0xe2d9, lo: 0xa4, hi: 0xab},
-	{value: 0x7ed5, lo: 0xac, hi: 0xac},
-	{value: 0xe3d9, lo: 0xad, hi: 0xaf},
-	{value: 0x8e5d, lo: 0xb0, hi: 0xb0},
-	{value: 0xe439, lo: 0xb1, hi: 0xb6},
-	{value: 0x8e7d, lo: 0xb7, hi: 0xb9},
-	{value: 0xe4f9, lo: 0xba, hi: 0xba},
-	{value: 0x8edd, lo: 0xbb, hi: 0xbb},
-	{value: 0xe519, lo: 0xbc, hi: 0xbf},
-	// Block 0x103, offset 0x75e
-	{value: 0x0020, lo: 0x10},
-	{value: 0x937d, lo: 0x80, hi: 0x80},
-	{value: 0xf099, lo: 0x81, hi: 0x86},
-	{value: 0x939d, lo: 0x87, hi: 0x8a},
-	{value: 0xd9f9, lo: 0x8b, hi: 0x8b},
-	{value: 0xf159, lo: 0x8c, hi: 0x96},
-	{value: 0x941d, lo: 0x97, hi: 0x97},
-	{value: 0xf2b9, lo: 0x98, hi: 0xa3},
-	{value: 0x943d, lo: 0xa4, hi: 0xa6},
-	{value: 0xf439, lo: 0xa7, hi: 0xaa},
-	{value: 0x949d, lo: 0xab, hi: 0xab},
-	{value: 0xf4b9, lo: 0xac, hi: 0xac},
-	{value: 0x94bd, lo: 0xad, hi: 0xad},
-	{value: 0xf4d9, lo: 0xae, hi: 0xaf},
-	{value: 0x94dd, lo: 0xb0, hi: 0xb1},
-	{value: 0xf519, lo: 0xb2, hi: 0xbe},
-	{value: 0x2040, lo: 0xbf, hi: 0xbf},
-	// Block 0x104, offset 0x76f
-	{value: 0x0000, lo: 0x04},
-	{value: 0x0040, lo: 0x80, hi: 0x80},
-	{value: 0x0340, lo: 0x81, hi: 0x81},
-	{value: 0x0040, lo: 0x82, hi: 0x9f},
-	{value: 0x0340, lo: 0xa0, hi: 0xbf},
-	// Block 0x105, offset 0x774
-	{value: 0x0000, lo: 0x01},
-	{value: 0x0340, lo: 0x80, hi: 0xbf},
-	// Block 0x106, offset 0x776
-	{value: 0x0000, lo: 0x01},
-	{value: 0x33c0, lo: 0x80, hi: 0xbf},
-	// Block 0x107, offset 0x778
-	{value: 0x0000, lo: 0x02},
-	{value: 0x33c0, lo: 0x80, hi: 0xaf},
-	{value: 0x0040, lo: 0xb0, hi: 0xbf},
-}
-
-// Total table size 42115 bytes (41KiB); checksum: F4A1FA4E
diff --git a/vendor/golang.org/x/net/idna/tables10.0.0.go b/vendor/golang.org/x/net/idna/tables10.0.0.go
new file mode 100644
index 0000000000000..d1d62ef459bb7
--- /dev/null
+++ b/vendor/golang.org/x/net/idna/tables10.0.0.go
@@ -0,0 +1,4560 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+//go:build go1.10 && !go1.13
+// +build go1.10,!go1.13
+
+package idna
+
+// UnicodeVersion is the Unicode version from which the tables in this package are derived.
+const UnicodeVersion = "10.0.0"
+
+var mappings string = "" + // Size: 8175 bytes
+	"\x00\x01 \x03 ̈\x01a\x03 ̄\x012\x013\x03 ́\x03 ̧\x011\x01o\x051⁄4\x051⁄2" +
+	"\x053⁄4\x03i̇\x03l·\x03ʼn\x01s\x03dž\x03ⱥ\x03ⱦ\x01h\x01j\x01r\x01w\x01y" +
+	"\x03 ̆\x03 ̇\x03 ̊\x03 ̨\x03 ̃\x03 ̋\x01l\x01x\x04̈́\x03 ι\x01;\x05 ̈́" +
+	"\x04եւ\x04اٴ\x04وٴ\x04ۇٴ\x04يٴ\x06क़\x06ख़\x06ग़\x06ज़\x06ड़\x06ढ़\x06फ़" +
+	"\x06य़\x06ড়\x06ঢ়\x06য়\x06ਲ਼\x06ਸ਼\x06ਖ਼\x06ਗ਼\x06ਜ਼\x06ਫ਼\x06ଡ଼\x06ଢ଼" +
+	"\x06ํา\x06ໍາ\x06ຫນ\x06ຫມ\x06གྷ\x06ཌྷ\x06དྷ\x06བྷ\x06ཛྷ\x06ཀྵ\x06ཱི\x06ཱུ" +
+	"\x06ྲྀ\x09ྲཱྀ\x06ླྀ\x09ླཱྀ\x06ཱྀ\x06ྒྷ\x06ྜྷ\x06ྡྷ\x06ྦྷ\x06ྫྷ\x06ྐྵ\x02" +
+	"в\x02д\x02о\x02с\x02т\x02ъ\x02ѣ\x02æ\x01b\x01d\x01e\x02ǝ\x01g\x01i\x01k" +
+	"\x01m\x01n\x02ȣ\x01p\x01t\x01u\x02ɐ\x02ɑ\x02ə\x02ɛ\x02ɜ\x02ŋ\x02ɔ\x02ɯ" +
+	"\x01v\x02β\x02γ\x02δ\x02φ\x02χ\x02ρ\x02н\x02ɒ\x01c\x02ɕ\x02ð\x01f\x02ɟ" +
+	"\x02ɡ\x02ɥ\x02ɨ\x02ɩ\x02ɪ\x02ʝ\x02ɭ\x02ʟ\x02ɱ\x02ɰ\x02ɲ\x02ɳ\x02ɴ\x02ɵ" +
+	"\x02ɸ\x02ʂ\x02ʃ\x02ƫ\x02ʉ\x02ʊ\x02ʋ\x02ʌ\x01z\x02ʐ\x02ʑ\x02ʒ\x02θ\x02ss" +
+	"\x02ά\x02έ\x02ή\x02ί\x02ό\x02ύ\x02ώ\x05ἀι\x05ἁι\x05ἂι\x05ἃι\x05ἄι\x05ἅι" +
+	"\x05ἆι\x05ἇι\x05ἠι\x05ἡι\x05ἢι\x05ἣι\x05ἤι\x05ἥι\x05ἦι\x05ἧι\x05ὠι\x05ὡι" +
+	"\x05ὢι\x05ὣι\x05ὤι\x05ὥι\x05ὦι\x05ὧι\x05ὰι\x04αι\x04άι\x05ᾶι\x02ι\x05 ̈͂" +
+	"\x05ὴι\x04ηι\x04ήι\x05ῆι\x05 ̓̀\x05 ̓́\x05 ̓͂\x02ΐ\x05 ̔̀\x05 ̔́\x05 ̔͂" +
+	"\x02ΰ\x05 ̈̀\x01`\x05ὼι\x04ωι\x04ώι\x05ῶι\x06′′\x09′′′\x06‵‵\x09‵‵‵\x02!" +
+	"!\x02??\x02?!\x02!?\x0c′′′′\x010\x014\x015\x016\x017\x018\x019\x01+\x01=" +
+	"\x01(\x01)\x02rs\x02ħ\x02no\x01q\x02sm\x02tm\x02ω\x02å\x02א\x02ב\x02ג" +
+	"\x02ד\x02π\x051⁄7\x051⁄9\x061⁄10\x051⁄3\x052⁄3\x051⁄5\x052⁄5\x053⁄5\x054" +
+	"⁄5\x051⁄6\x055⁄6\x051⁄8\x053⁄8\x055⁄8\x057⁄8\x041⁄\x02ii\x02iv\x02vi" +
+	"\x04viii\x02ix\x02xi\x050⁄3\x06∫∫\x09∫∫∫\x06∮∮\x09∮∮∮\x0210\x0211\x0212" +
+	"\x0213\x0214\x0215\x0216\x0217\x0218\x0219\x0220\x04(10)\x04(11)\x04(12)" +
+	"\x04(13)\x04(14)\x04(15)\x04(16)\x04(17)\x04(18)\x04(19)\x04(20)\x0c∫∫∫∫" +
+	"\x02==\x05⫝̸\x02ɫ\x02ɽ\x02ȿ\x02ɀ\x01.\x04 ゙\x04 ゚\x06より\x06コト\x05(ᄀ)\x05" +
+	"(ᄂ)\x05(ᄃ)\x05(ᄅ)\x05(ᄆ)\x05(ᄇ)\x05(ᄉ)\x05(ᄋ)\x05(ᄌ)\x05(ᄎ)\x05(ᄏ)\x05(ᄐ" +
+	")\x05(ᄑ)\x05(ᄒ)\x05(가)\x05(나)\x05(다)\x05(라)\x05(마)\x05(바)\x05(사)\x05(아)" +
+	"\x05(자)\x05(차)\x05(카)\x05(타)\x05(파)\x05(하)\x05(주)\x08(오전)\x08(오후)\x05(一)" +
+	"\x05(二)\x05(三)\x05(四)\x05(五)\x05(六)\x05(七)\x05(八)\x05(九)\x05(十)\x05(月)" +
+	"\x05(火)\x05(水)\x05(木)\x05(金)\x05(土)\x05(日)\x05(株)\x05(有)\x05(社)\x05(名)" +
+	"\x05(特)\x05(財)\x05(祝)\x05(労)\x05(代)\x05(呼)\x05(学)\x05(監)\x05(企)\x05(資)" +
+	"\x05(協)\x05(祭)\x05(休)\x05(自)\x05(至)\x0221\x0222\x0223\x0224\x0225\x0226" +
+	"\x0227\x0228\x0229\x0230\x0231\x0232\x0233\x0234\x0235\x06참고\x06주의\x0236" +
+	"\x0237\x0238\x0239\x0240\x0241\x0242\x0243\x0244\x0245\x0246\x0247\x0248" +
+	"\x0249\x0250\x041月\x042月\x043月\x044月\x045月\x046月\x047月\x048月\x049月\x0510" +
+	"月\x0511月\x0512月\x02hg\x02ev\x0cアパート\x0cアルファ\x0cアンペア\x09アール\x0cイニング\x09" +
+	"インチ\x09ウォン\x0fエスクード\x0cエーカー\x09オンス\x09オーム\x09カイリ\x0cカラット\x0cカロリー\x09ガロ" +
+	"ン\x09ガンマ\x06ギガ\x09ギニー\x0cキュリー\x0cギルダー\x06キロ\x0fキログラム\x12キロメートル\x0fキロワッ" +
+	"ト\x09グラム\x0fグラムトン\x0fクルゼイロ\x0cクローネ\x09ケース\x09コルナ\x09コーポ\x0cサイクル\x0fサンチ" +
+	"ーム\x0cシリング\x09センチ\x09セント\x09ダース\x06デシ\x06ドル\x06トン\x06ナノ\x09ノット\x09ハイツ" +
+	"\x0fパーセント\x09パーツ\x0cバーレル\x0fピアストル\x09ピクル\x06ピコ\x06ビル\x0fファラッド\x0cフィート" +
+	"\x0fブッシェル\x09フラン\x0fヘクタール\x06ペソ\x09ペニヒ\x09ヘルツ\x09ペンス\x09ページ\x09ベータ\x0cポイ" +
+	"ント\x09ボルト\x06ホン\x09ポンド\x09ホール\x09ホーン\x0cマイクロ\x09マイル\x09マッハ\x09マルク\x0fマ" +
+	"ンション\x0cミクロン\x06ミリ\x0fミリバール\x06メガ\x0cメガトン\x0cメートル\x09ヤード\x09ヤール\x09ユアン" +
+	"\x0cリットル\x06リラ\x09ルピー\x0cルーブル\x06レム\x0fレントゲン\x09ワット\x040点\x041点\x042点" +
+	"\x043点\x044点\x045点\x046点\x047点\x048点\x049点\x0510点\x0511点\x0512点\x0513点" +
+	"\x0514点\x0515点\x0516点\x0517点\x0518点\x0519点\x0520点\x0521点\x0522点\x0523点" +
+	"\x0524点\x02da\x02au\x02ov\x02pc\x02dm\x02iu\x06平成\x06昭和\x06大正\x06明治\x0c株" +
+	"式会社\x02pa\x02na\x02ma\x02ka\x02kb\x02mb\x02gb\x04kcal\x02pf\x02nf\x02m" +
+	"g\x02kg\x02hz\x02ml\x02dl\x02kl\x02fm\x02nm\x02mm\x02cm\x02km\x02m2\x02m" +
+	"3\x05m∕s\x06m∕s2\x07rad∕s\x08rad∕s2\x02ps\x02ns\x02ms\x02pv\x02nv\x02mv" +
+	"\x02kv\x02pw\x02nw\x02mw\x02kw\x02bq\x02cc\x02cd\x06c∕kg\x02db\x02gy\x02" +
+	"ha\x02hp\x02in\x02kk\x02kt\x02lm\x02ln\x02lx\x02ph\x02pr\x02sr\x02sv\x02" +
+	"wb\x05v∕m\x05a∕m\x041日\x042日\x043日\x044日\x045日\x046日\x047日\x048日\x049日" +
+	"\x0510日\x0511日\x0512日\x0513日\x0514日\x0515日\x0516日\x0517日\x0518日\x0519日" +
+	"\x0520日\x0521日\x0522日\x0523日\x0524日\x0525日\x0526日\x0527日\x0528日\x0529日" +
+	"\x0530日\x0531日\x02ь\x02ɦ\x02ɬ\x02ʞ\x02ʇ\x02œ\x04𤋮\x04𢡊\x04𢡄\x04𣏕\x04𥉉" +
+	"\x04𥳐\x04𧻓\x02ff\x02fi\x02fl\x02st\x04մն\x04մե\x04մի\x04վն\x04մխ\x04יִ" +
+	"\x04ײַ\x02ע\x02ה\x02כ\x02ל\x02ם\x02ר\x02ת\x04שׁ\x04שׂ\x06שּׁ\x06שּׂ\x04א" +
+	"ַ\x04אָ\x04אּ\x04בּ\x04גּ\x04דּ\x04הּ\x04וּ\x04זּ\x04טּ\x04יּ\x04ךּ\x04" +
+	"כּ\x04לּ\x04מּ\x04נּ\x04סּ\x04ףּ\x04פּ\x04צּ\x04קּ\x04רּ\x04שּ\x04תּ" +
+	"\x04וֹ\x04בֿ\x04כֿ\x04פֿ\x04אל\x02ٱ\x02ٻ\x02پ\x02ڀ\x02ٺ\x02ٿ\x02ٹ\x02ڤ" +
+	"\x02ڦ\x02ڄ\x02ڃ\x02چ\x02ڇ\x02ڍ\x02ڌ\x02ڎ\x02ڈ\x02ژ\x02ڑ\x02ک\x02گ\x02ڳ" +
+	"\x02ڱ\x02ں\x02ڻ\x02ۀ\x02ہ\x02ھ\x02ے\x02ۓ\x02ڭ\x02ۇ\x02ۆ\x02ۈ\x02ۋ\x02ۅ" +
+	"\x02ۉ\x02ې\x02ى\x04ئا\x04ئە\x04ئو\x04ئۇ\x04ئۆ\x04ئۈ\x04ئې\x04ئى\x02ی\x04" +
+	"ئج\x04ئح\x04ئم\x04ئي\x04بج\x04بح\x04بخ\x04بم\x04بى\x04بي\x04تج\x04تح" +
+	"\x04تخ\x04تم\x04تى\x04تي\x04ثج\x04ثم\x04ثى\x04ثي\x04جح\x04جم\x04حج\x04حم" +
+	"\x04خج\x04خح\x04خم\x04سج\x04سح\x04سخ\x04سم\x04صح\x04صم\x04ضج\x04ضح\x04ضخ" +
+	"\x04ضم\x04طح\x04طم\x04ظم\x04عج\x04عم\x04غج\x04غم\x04فج\x04فح\x04فخ\x04فم" +
+	"\x04فى\x04في\x04قح\x04قم\x04قى\x04قي\x04كا\x04كج\x04كح\x04كخ\x04كل\x04كم" +
+	"\x04كى\x04كي\x04لج\x04لح\x04لخ\x04لم\x04لى\x04لي\x04مج\x04مح\x04مخ\x04مم" +
+	"\x04مى\x04مي\x04نج\x04نح\x04نخ\x04نم\x04نى\x04ني\x04هج\x04هم\x04هى\x04هي" +
+	"\x04يج\x04يح\x04يخ\x04يم\x04يى\x04يي\x04ذٰ\x04رٰ\x04ىٰ\x05 ٌّ\x05 ٍّ\x05" +
+	" َّ\x05 ُّ\x05 ِّ\x05 ّٰ\x04ئر\x04ئز\x04ئن\x04بر\x04بز\x04بن\x04تر\x04تز" +
+	"\x04تن\x04ثر\x04ثز\x04ثن\x04ما\x04نر\x04نز\x04نن\x04ير\x04يز\x04ين\x04ئخ" +
+	"\x04ئه\x04به\x04ته\x04صخ\x04له\x04نه\x04هٰ\x04يه\x04ثه\x04سه\x04شم\x04شه" +
+	"\x06ـَّ\x06ـُّ\x06ـِّ\x04طى\x04طي\x04عى\x04عي\x04غى\x04غي\x04سى\x04سي" +
+	"\x04شى\x04شي\x04حى\x04حي\x04جى\x04جي\x04خى\x04خي\x04صى\x04صي\x04ضى\x04ضي" +
+	"\x04شج\x04شح\x04شخ\x04شر\x04سر\x04صر\x04ضر\x04اً\x06تجم\x06تحج\x06تحم" +
+	"\x06تخم\x06تمج\x06تمح\x06تمخ\x06جمح\x06حمي\x06حمى\x06سحج\x06سجح\x06سجى" +
+	"\x06سمح\x06سمج\x06سمم\x06صحح\x06صمم\x06شحم\x06شجي\x06شمخ\x06شمم\x06ضحى" +
+	"\x06ضخم\x06طمح\x06طمم\x06طمي\x06عجم\x06عمم\x06عمى\x06غمم\x06غمي\x06غمى" +
+	"\x06فخم\x06قمح\x06قمم\x06لحم\x06لحي\x06لحى\x06لجج\x06لخم\x06لمح\x06محج" +
+	"\x06محم\x06محي\x06مجح\x06مجم\x06مخج\x06مخم\x06مجخ\x06همج\x06همم\x06نحم" +
+	"\x06نحى\x06نجم\x06نجى\x06نمي\x06نمى\x06يمم\x06بخي\x06تجي\x06تجى\x06تخي" +
+	"\x06تخى\x06تمي\x06تمى\x06جمي\x06جحى\x06جمى\x06سخى\x06صحي\x06شحي\x06ضحي" +
+	"\x06لجي\x06لمي\x06يحي\x06يجي\x06يمي\x06ممي\x06قمي\x06نحي\x06عمي\x06كمي" +
+	"\x06نجح\x06مخي\x06لجم\x06كمم\x06جحي\x06حجي\x06مجي\x06فمي\x06بحي\x06سخي" +
+	"\x06نجي\x06صلے\x06قلے\x08الله\x08اكبر\x08محمد\x08صلعم\x08رسول\x08عليه" +
+	"\x08وسلم\x06صلى!صلى الله عليه وسلم\x0fجل جلاله\x08ریال\x01,\x01:\x01!" +
+	"\x01?\x01_\x01{\x01}\x01[\x01]\x01#\x01&\x01*\x01-\x01<\x01>\x01\\\x01$" +
+	"\x01%\x01@\x04ـً\x04ـَ\x04ـُ\x04ـِ\x04ـّ\x04ـْ\x02ء\x02آ\x02أ\x02ؤ\x02إ" +
+	"\x02ئ\x02ا\x02ب\x02ة\x02ت\x02ث\x02ج\x02ح\x02خ\x02د\x02ذ\x02ر\x02ز\x02س" +
+	"\x02ش\x02ص\x02ض\x02ط\x02ظ\x02ع\x02غ\x02ف\x02ق\x02ك\x02ل\x02م\x02ن\x02ه" +
+	"\x02و\x02ي\x04لآ\x04لأ\x04لإ\x04لا\x01\x22\x01'\x01/\x01^\x01|\x01~\x02¢" +
+	"\x02£\x02¬\x02¦\x02¥\x08𝅗𝅥\x08𝅘𝅥\x0c𝅘𝅥𝅮\x0c𝅘𝅥𝅯\x0c𝅘𝅥𝅰\x0c𝅘𝅥𝅱\x0c𝅘𝅥𝅲\x08𝆹" +
+	"𝅥\x08𝆺𝅥\x0c𝆹𝅥𝅮\x0c𝆺𝅥𝅮\x0c𝆹𝅥𝅯\x0c𝆺𝅥𝅯\x02ı\x02ȷ\x02α\x02ε\x02ζ\x02η\x02" +
+	"κ\x02λ\x02μ\x02ν\x02ξ\x02ο\x02σ\x02τ\x02υ\x02ψ\x03∇\x03∂\x02ϝ\x02ٮ\x02ڡ" +
+	"\x02ٯ\x020,\x021,\x022,\x023,\x024,\x025,\x026,\x027,\x028,\x029,\x03(a)" +
+	"\x03(b)\x03(c)\x03(d)\x03(e)\x03(f)\x03(g)\x03(h)\x03(i)\x03(j)\x03(k)" +
+	"\x03(l)\x03(m)\x03(n)\x03(o)\x03(p)\x03(q)\x03(r)\x03(s)\x03(t)\x03(u)" +
+	"\x03(v)\x03(w)\x03(x)\x03(y)\x03(z)\x07〔s〕\x02wz\x02hv\x02sd\x03ppv\x02w" +
+	"c\x02mc\x02md\x02dj\x06ほか\x06ココ\x03サ\x03手\x03字\x03双\x03デ\x03二\x03多\x03解" +
+	"\x03天\x03交\x03映\x03無\x03料\x03前\x03後\x03再\x03新\x03初\x03終\x03生\x03販\x03声" +
+	"\x03吹\x03演\x03投\x03捕\x03一\x03三\x03遊\x03左\x03中\x03右\x03指\x03走\x03打\x03禁" +
+	"\x03空\x03合\x03満\x03有\x03月\x03申\x03割\x03営\x03配\x09〔本〕\x09〔三〕\x09〔二〕\x09〔安" +
+	"〕\x09〔点〕\x09〔打〕\x09〔盗〕\x09〔勝〕\x09〔敗〕\x03得\x03可\x03丽\x03丸\x03乁\x03你\x03" +
+	"侮\x03侻\x03倂\x03偺\x03備\x03僧\x03像\x03㒞\x03免\x03兔\x03兤\x03具\x03㒹\x03內\x03" +
+	"冗\x03冤\x03仌\x03冬\x03况\x03凵\x03刃\x03㓟\x03刻\x03剆\x03剷\x03㔕\x03勇\x03勉\x03" +
+	"勤\x03勺\x03包\x03匆\x03北\x03卉\x03卑\x03博\x03即\x03卽\x03卿\x03灰\x03及\x03叟\x03" +
+	"叫\x03叱\x03吆\x03咞\x03吸\x03呈\x03周\x03咢\x03哶\x03唐\x03啓\x03啣\x03善\x03喙\x03" +
+	"喫\x03喳\x03嗂\x03圖\x03嘆\x03圗\x03噑\x03噴\x03切\x03壮\x03城\x03埴\x03堍\x03型\x03" +
+	"堲\x03報\x03墬\x03売\x03壷\x03夆\x03夢\x03奢\x03姬\x03娛\x03娧\x03姘\x03婦\x03㛮\x03" +
+	"嬈\x03嬾\x03寃\x03寘\x03寧\x03寳\x03寿\x03将\x03尢\x03㞁\x03屠\x03屮\x03峀\x03岍\x03" +
+	"嵃\x03嵮\x03嵫\x03嵼\x03巡\x03巢\x03㠯\x03巽\x03帨\x03帽\x03幩\x03㡢\x03㡼\x03庰\x03" +
+	"庳\x03庶\x03廊\x03廾\x03舁\x03弢\x03㣇\x03形\x03彫\x03㣣\x03徚\x03忍\x03志\x03忹\x03" +
+	"悁\x03㤺\x03㤜\x03悔\x03惇\x03慈\x03慌\x03慎\x03慺\x03憎\x03憲\x03憤\x03憯\x03懞\x03" +
+	"懲\x03懶\x03成\x03戛\x03扝\x03抱\x03拔\x03捐\x03挽\x03拼\x03捨\x03掃\x03揤\x03搢\x03" +
+	"揅\x03掩\x03㨮\x03摩\x03摾\x03撝\x03摷\x03㩬\x03敏\x03敬\x03旣\x03書\x03晉\x03㬙\x03" +
+	"暑\x03㬈\x03㫤\x03冒\x03冕\x03最\x03暜\x03肭\x03䏙\x03朗\x03望\x03朡\x03杞\x03杓\x03" +
+	"㭉\x03柺\x03枅\x03桒\x03梅\x03梎\x03栟\x03椔\x03㮝\x03楂\x03榣\x03槪\x03檨\x03櫛\x03" +
+	"㰘\x03次\x03歔\x03㱎\x03歲\x03殟\x03殺\x03殻\x03汎\x03沿\x03泍\x03汧\x03洖\x03派\x03" +
+	"海\x03流\x03浩\x03浸\x03涅\x03洴\x03港\x03湮\x03㴳\x03滋\x03滇\x03淹\x03潮\x03濆\x03" +
+	"瀹\x03瀞\x03瀛\x03㶖\x03灊\x03災\x03灷\x03炭\x03煅\x03熜\x03爨\x03爵\x03牐\x03犀\x03" +
+	"犕\x03獺\x03王\x03㺬\x03玥\x03㺸\x03瑇\x03瑜\x03瑱\x03璅\x03瓊\x03㼛\x03甤\x03甾\x03" +
+	"異\x03瘐\x03㿼\x03䀈\x03直\x03眞\x03真\x03睊\x03䀹\x03瞋\x03䁆\x03䂖\x03硎\x03碌\x03" +
+	"磌\x03䃣\x03祖\x03福\x03秫\x03䄯\x03穀\x03穊\x03穏\x03䈂\x03篆\x03築\x03䈧\x03糒\x03" +
+	"䊠\x03糨\x03糣\x03紀\x03絣\x03䌁\x03緇\x03縂\x03繅\x03䌴\x03䍙\x03罺\x03羕\x03翺\x03" +
+	"者\x03聠\x03聰\x03䏕\x03育\x03脃\x03䐋\x03脾\x03媵\x03舄\x03辞\x03䑫\x03芑\x03芋\x03" +
+	"芝\x03劳\x03花\x03芳\x03芽\x03苦\x03若\x03茝\x03荣\x03莭\x03茣\x03莽\x03菧\x03著\x03" +
+	"荓\x03菊\x03菌\x03菜\x03䔫\x03蓱\x03蓳\x03蔖\x03蕤\x03䕝\x03䕡\x03䕫\x03虐\x03虜\x03" +
+	"虧\x03虩\x03蚩\x03蚈\x03蜎\x03蛢\x03蝹\x03蜨\x03蝫\x03螆\x03蟡\x03蠁\x03䗹\x03衠\x03" +
+	"衣\x03裗\x03裞\x03䘵\x03裺\x03㒻\x03䚾\x03䛇\x03誠\x03諭\x03變\x03豕\x03貫\x03賁\x03" +
+	"贛\x03起\x03跋\x03趼\x03跰\x03軔\x03輸\x03邔\x03郱\x03鄑\x03鄛\x03鈸\x03鋗\x03鋘\x03" +
+	"鉼\x03鏹\x03鐕\x03開\x03䦕\x03閷\x03䧦\x03雃\x03嶲\x03霣\x03䩮\x03䩶\x03韠\x03䪲\x03" +
+	"頋\x03頩\x03飢\x03䬳\x03餩\x03馧\x03駂\x03駾\x03䯎\x03鬒\x03鱀\x03鳽\x03䳎\x03䳭\x03" +
+	"鵧\x03䳸\x03麻\x03䵖\x03黹\x03黾\x03鼅\x03鼏\x03鼖\x03鼻"
+
+var xorData string = "" + // Size: 4855 bytes
+	"\x02\x0c\x09\x02\xb0\xec\x02\xad\xd8\x02\xad\xd9\x02\x06\x07\x02\x0f\x12" +
+	"\x02\x0f\x1f\x02\x0f\x1d\x02\x01\x13\x02\x0f\x16\x02\x0f\x0b\x02\x0f3" +
+	"\x02\x0f7\x02\x0f?\x02\x0f/\x02\x0f*\x02\x0c&\x02\x0c*\x02\x0c;\x02\x0c9" +
+	"\x02\x0c%\x02\xab\xed\x02\xab\xe2\x02\xab\xe3\x02\xa9\xe0\x02\xa9\xe1" +
+	"\x02\xa9\xe6\x02\xa3\xcb\x02\xa3\xc8\x02\xa3\xc9\x02\x01#\x02\x01\x08" +
+	"\x02\x0e>\x02\x0e'\x02\x0f\x03\x02\x03\x0d\x02\x03\x09\x02\x03\x17\x02" +
+	"\x03\x0e\x02\x02\x03\x02\x011\x02\x01\x00\x02\x01\x10\x02\x03<\x02\x07" +
+	"\x0d\x02\x02\x0c\x02\x0c0\x02\x01\x03\x02\x01\x01\x02\x01 \x02\x01\x22" +
+	"\x02\x01)\x02\x01\x0a\x02\x01\x0c\x02\x02\x06\x02\x02\x02\x02\x03\x10" +
+	"\x03\x037 \x03\x0b+\x03\x02\x01\x04\x02\x01\x02\x02\x019\x02\x03\x1c\x02" +
+	"\x02$\x03\x80p$\x02\x03:\x02\x03\x0a\x03\xc1r.\x03\xc1r,\x03\xc1r\x02" +
+	"\x02\x02:\x02\x02>\x02\x02,\x02\x02\x10\x02\x02\x00\x03\xc1s<\x03\xc1s*" +
+	"\x03\xc2L$\x03\xc2L;\x02\x09)\x02\x0a\x19\x03\x83\xab\xe3\x03\x83\xab" +
+	"\xf2\x03 4\xe0\x03\x81\xab\xea\x03\x81\xab\xf3\x03 4\xef\x03\x96\xe1\xcd" +
+	"\x03\x84\xe5\xc3\x02\x0d\x11\x03\x8b\xec\xcb\x03\x94\xec\xcf\x03\x9a\xec" +
+	"\xc2\x03\x8b\xec\xdb\x03\x94\xec\xdf\x03\x9a\xec\xd2\x03\x01\x0c!\x03" +
+	"\x01\x0c#\x03ʠ\x9d\x03ʣ\x9c\x03ʢ\x9f\x03ʥ\x9e\x03ʤ\x91\x03ʧ\x90\x03ʦ\x93" +
+	"\x03ʩ\x92\x03ʨ\x95\x03\xca\xf3\xb5\x03\xca\xf0\xb4\x03\xca\xf1\xb7\x03" +
+	"\xca\xf6\xb6\x03\xca\xf7\x89\x03\xca\xf4\x88\x03\xca\xf5\x8b\x03\xca\xfa" +
+	"\x8a\x03\xca\xfb\x8d\x03\xca\xf8\x8c\x03\xca\xf9\x8f\x03\xca\xfe\x8e\x03" +
+	"\xca\xff\x81\x03\xca\xfc\x80\x03\xca\xfd\x83\x03\xca\xe2\x82\x03\xca\xe3" +
+	"\x85\x03\xca\xe0\x84\x03\xca\xe1\x87\x03\xca\xe6\x86\x03\xca\xe7\x99\x03" +
+	"\xca\xe4\x98\x03\xca\xe5\x9b\x03\xca\xea\x9a\x03\xca\xeb\x9d\x03\xca\xe8" +
+	"\x9c\x03ؓ\x89\x03ߔ\x8b\x02\x010\x03\x03\x04\x1e\x03\x04\x15\x12\x03\x0b" +
+	"\x05,\x03\x06\x04\x00\x03\x06\x04)\x03\x06\x044\x03\x06\x04<\x03\x06\x05" +
+	"\x1d\x03\x06\x06\x00\x03\x06\x06\x0a\x03\x06\x06'\x03\x06\x062\x03\x0786" +
+	"\x03\x079/\x03\x079 \x03\x07:\x0e\x03\x07:\x1b\x03\x07:%\x03\x07;/\x03" +
+	"\x07;%\x03\x074\x11\x03\x076\x09\x03\x077*\x03\x070\x01\x03\x070\x0f\x03" +
+	"\x070.\x03\x071\x16\x03\x071\x04\x03\x0710\x03\x072\x18\x03\x072-\x03" +
+	"\x073\x14\x03\x073>\x03\x07'\x09\x03\x07 \x00\x03\x07\x1f\x0b\x03\x07" +
+	"\x18#\x03\x07\x18(\x03\x07\x186\x03\x07\x18\x03\x03\x07\x19\x16\x03\x07" +
+	"\x116\x03\x07\x12'\x03\x07\x13\x10\x03\x07\x0c&\x03\x07\x0c\x08\x03\x07" +
+	"\x0c\x13\x03\x07\x0d\x02\x03\x07\x0d\x1c\x03\x07\x0b5\x03\x07\x0b\x0a" +
+	"\x03\x07\x0b\x01\x03\x07\x0b\x0f\x03\x07\x05\x00\x03\x07\x05\x09\x03\x07" +
+	"\x05\x0b\x03\x07\x07\x01\x03\x07\x07\x08\x03\x07\x00<\x03\x07\x00+\x03" +
+	"\x07\x01)\x03\x07\x01\x1b\x03\x07\x01\x08\x03\x07\x03?\x03\x0445\x03\x04" +
+	"4\x08\x03\x0454\x03\x04)/\x03\x04)5\x03\x04+\x05\x03\x04+\x14\x03\x04+ " +
+	"\x03\x04+<\x03\x04*&\x03\x04*\x22\x03\x04&8\x03\x04!\x01\x03\x04!\x22" +
+	"\x03\x04\x11+\x03\x04\x10.\x03\x04\x104\x03\x04\x13=\x03\x04\x12\x04\x03" +
+	"\x04\x12\x0a\x03\x04\x0d\x1d\x03\x04\x0d\x07\x03\x04\x0d \x03\x05<>\x03" +
+	"\x055<\x03\x055!\x03\x055#\x03\x055&\x03\x054\x1d\x03\x054\x02\x03\x054" +
+	"\x07\x03\x0571\x03\x053\x1a\x03\x053\x16\x03\x05.<\x03\x05.\x07\x03\x05)" +
+	":\x03\x05)<\x03\x05)\x0c\x03\x05)\x15\x03\x05+-\x03\x05+5\x03\x05$\x1e" +
+	"\x03\x05$\x14\x03\x05'\x04\x03\x05'\x14\x03\x05&\x02\x03\x05\x226\x03" +
+	"\x05\x22\x0c\x03\x05\x22\x1c\x03\x05\x19\x0a\x03\x05\x1b\x09\x03\x05\x1b" +
+	"\x0c\x03\x05\x14\x07\x03\x05\x16?\x03\x05\x16\x0c\x03\x05\x0c\x05\x03" +
+	"\x05\x0e\x0f\x03\x05\x01\x0e\x03\x05\x00(\x03\x05\x030\x03\x05\x03\x06" +
+	"\x03\x0a==\x03\x0a=1\x03\x0a=,\x03\x0a=\x0c\x03\x0a??\x03\x0a<\x08\x03" +
+	"\x0a9!\x03\x0a9)\x03\x0a97\x03\x0a99\x03\x0a6\x0a\x03\x0a6\x1c\x03\x0a6" +
+	"\x17\x03\x0a7'\x03\x0a78\x03\x0a73\x03\x0a'\x01\x03\x0a'&\x03\x0a\x1f" +
+	"\x0e\x03\x0a\x1f\x03\x03\x0a\x1f3\x03\x0a\x1b/\x03\x0a\x18\x19\x03\x0a" +
+	"\x19\x01\x03\x0a\x16\x14\x03\x0a\x0e\x22\x03\x0a\x0f\x10\x03\x0a\x0f\x02" +
+	"\x03\x0a\x0f \x03\x0a\x0c\x04\x03\x0a\x0b>\x03\x0a\x0b+\x03\x0a\x08/\x03" +
+	"\x0a\x046\x03\x0a\x05\x14\x03\x0a\x00\x04\x03\x0a\x00\x10\x03\x0a\x00" +
+	"\x14\x03\x0b<3\x03\x0b;*\x03\x0b9\x22\x03\x0b9)\x03\x0b97\x03\x0b+\x10" +
+	"\x03\x0b((\x03\x0b&5\x03\x0b$\x1c\x03\x0b$\x12\x03\x0b%\x04\x03\x0b#<" +
+	"\x03\x0b#0\x03\x0b#\x0d\x03\x0b#\x19\x03\x0b!:\x03\x0b!\x1f\x03\x0b!\x00" +
+	"\x03\x0b\x1e5\x03\x0b\x1c\x1d\x03\x0b\x1d-\x03\x0b\x1d(\x03\x0b\x18.\x03" +
+	"\x0b\x18 \x03\x0b\x18\x16\x03\x0b\x14\x13\x03\x0b\x15$\x03\x0b\x15\x22" +
+	"\x03\x0b\x12\x1b\x03\x0b\x12\x10\x03\x0b\x132\x03\x0b\x13=\x03\x0b\x12" +
+	"\x18\x03\x0b\x0c&\x03\x0b\x061\x03\x0b\x06:\x03\x0b\x05#\x03\x0b\x05<" +
+	"\x03\x0b\x04\x0b\x03\x0b\x04\x04\x03\x0b\x04\x1b\x03\x0b\x042\x03\x0b" +
+	"\x041\x03\x0b\x03\x03\x03\x0b\x03\x1d\x03\x0b\x03/\x03\x0b\x03+\x03\x0b" +
+	"\x02\x1b\x03\x0b\x02\x00\x03\x0b\x01\x1e\x03\x0b\x01\x08\x03\x0b\x015" +
+	"\x03\x06\x0d9\x03\x06\x0d=\x03\x06\x0d?\x03\x02\x001\x03\x02\x003\x03" +
+	"\x02\x02\x19\x03\x02\x006\x03\x02\x02\x1b\x03\x02\x004\x03\x02\x00<\x03" +
+	"\x02\x02\x0a\x03\x02\x02\x0e\x03\x02\x01\x1a\x03\x02\x01\x07\x03\x02\x01" +
+	"\x05\x03\x02\x01\x0b\x03\x02\x01%\x03\x02\x01\x0c\x03\x02\x01\x04\x03" +
+	"\x02\x01\x1c\x03\x02\x00.\x03\x02\x002\x03\x02\x00>\x03\x02\x00\x12\x03" +
+	"\x02\x00\x16\x03\x02\x011\x03\x02\x013\x03\x02\x02 \x03\x02\x02%\x03\x02" +
+	"\x02$\x03\x02\x028\x03\x02\x02;\x03\x02\x024\x03\x02\x012\x03\x02\x022" +
+	"\x03\x02\x02/\x03\x02\x01,\x03\x02\x01\x13\x03\x02\x01\x16\x03\x02\x01" +
+	"\x11\x03\x02\x01\x1e\x03\x02\x01\x15\x03\x02\x01\x17\x03\x02\x01\x0f\x03" +
+	"\x02\x01\x08\x03\x02\x00?\x03\x02\x03\x07\x03\x02\x03\x0d\x03\x02\x03" +
+	"\x13\x03\x02\x03\x1d\x03\x02\x03\x1f\x03\x02\x00\x03\x03\x02\x00\x0d\x03" +
+	"\x02\x00\x01\x03\x02\x00\x1b\x03\x02\x00\x19\x03\x02\x00\x18\x03\x02\x00" +
+	"\x13\x03\x02\x00/\x03\x07>\x12\x03\x07<\x1f\x03\x07>\x1d\x03\x06\x1d\x0e" +
+	"\x03\x07>\x1c\x03\x07>:\x03\x07>\x13\x03\x04\x12+\x03\x07?\x03\x03\x07>" +
+	"\x02\x03\x06\x224\x03\x06\x1a.\x03\x07<%\x03\x06\x1c\x0b\x03\x0609\x03" +
+	"\x05\x1f\x01\x03\x04'\x08\x03\x93\xfd\xf5\x03\x02\x0d \x03\x02\x0d#\x03" +
+	"\x02\x0d!\x03\x02\x0d&\x03\x02\x0d\x22\x03\x02\x0d/\x03\x02\x0d,\x03\x02" +
+	"\x0d$\x03\x02\x0d'\x03\x02\x0d%\x03\x02\x0d;\x03\x02\x0d=\x03\x02\x0d?" +
+	"\x03\x099.\x03\x08\x0b7\x03\x08\x02\x14\x03\x08\x14\x0d\x03\x08.:\x03" +
+	"\x089'\x03\x0f\x0b\x18\x03\x0f\x1c1\x03\x0f\x17&\x03\x0f9\x1f\x03\x0f0" +
+	"\x0c\x03\x0e\x0a9\x03\x0e\x056\x03\x0e\x1c#\x03\x0f\x13\x0e\x03\x072\x00" +
+	"\x03\x070\x0d\x03\x072\x0b\x03\x06\x11\x18\x03\x070\x10\x03\x06\x0f(\x03" +
+	"\x072\x05\x03\x06\x0f,\x03\x073\x15\x03\x06\x07\x08\x03\x05\x16\x02\x03" +
+	"\x04\x0b \x03\x05:8\x03\x05\x16%\x03\x0a\x0d\x1f\x03\x06\x16\x10\x03\x05" +
+	"\x1d5\x03\x05*;\x03\x05\x16\x1b\x03\x04.-\x03\x06\x1a\x19\x03\x04\x03," +
+	"\x03\x0b87\x03\x04/\x0a\x03\x06\x00,\x03\x04-\x01\x03\x04\x1e-\x03\x06/(" +
+	"\x03\x0a\x0b5\x03\x06\x0e7\x03\x06\x07.\x03\x0597\x03\x0a*%\x03\x0760" +
+	"\x03\x06\x0c;\x03\x05'\x00\x03\x072.\x03\x072\x08\x03\x06=\x01\x03\x06" +
+	"\x05\x1b\x03\x06\x06\x12\x03\x06$=\x03\x06'\x0d\x03\x04\x11\x0f\x03\x076" +
+	",\x03\x06\x07;\x03\x06.,\x03\x86\xf9\xea\x03\x8f\xff\xeb\x02\x092\x02" +
+	"\x095\x02\x094\x02\x09;\x02\x09>\x02\x098\x02\x09*\x02\x09/\x02\x09,\x02" +
+	"\x09%\x02\x09&\x02\x09#\x02\x09 \x02\x08!\x02\x08%\x02\x08$\x02\x08+\x02" +
+	"\x08.\x02\x08*\x02\x08&\x02\x088\x02\x08>\x02\x084\x02\x086\x02\x080\x02" +
+	"\x08\x10\x02\x08\x17\x02\x08\x12\x02\x08\x1d\x02\x08\x1f\x02\x08\x13\x02" +
+	"\x08\x15\x02\x08\x14\x02\x08\x0c\x03\x8b\xfd\xd0\x03\x81\xec\xc6\x03\x87" +
+	"\xe0\x8a\x03-2\xe3\x03\x80\xef\xe4\x03-2\xea\x03\x88\xe6\xeb\x03\x8e\xe6" +
+	"\xe8\x03\x84\xe6\xe9\x03\x97\xe6\xee\x03-2\xf9\x03-2\xf6\x03\x8e\xe3\xad" +
+	"\x03\x80\xe3\x92\x03\x88\xe3\x90\x03\x8e\xe3\x90\x03\x80\xe3\x97\x03\x88" +
+	"\xe3\x95\x03\x88\xfe\xcb\x03\x8e\xfe\xca\x03\x84\xfe\xcd\x03\x91\xef\xc9" +
+	"\x03-2\xc1\x03-2\xc0\x03-2\xcb\x03\x88@\x09\x03\x8e@\x08\x03\x8f\xe0\xf5" +
+	"\x03\x8e\xe6\xf9\x03\x8e\xe0\xfa\x03\x93\xff\xf4\x03\x84\xee\xd3\x03\x0b" +
+	"(\x04\x023 \x021;\x02\x01*\x03\x0b#\x10\x03\x0b 0\x03\x0b!\x10\x03\x0b!0" +
+	"\x03\x07\x15\x08\x03\x09?5\x03\x07\x1f\x08\x03\x07\x17\x0b\x03\x09\x1f" +
+	"\x15\x03\x0b\x1c7\x03\x0a+#\x03\x06\x1a\x1b\x03\x06\x1a\x14\x03\x0a\x01" +
+	"\x18\x03\x06#\x1b\x03\x0a2\x0c\x03\x0a\x01\x04\x03\x09#;\x03\x08='\x03" +
+	"\x08\x1a\x0a\x03\x07</\x03\x07:+\x03\x07\x07*\x03\x06&\x1c\x03\x09\x0c" +
+	"\x16\x03\x09\x10\x0e\x03\x08'\x0f\x03\x08+\x09\x03\x074%\x03\x06!3\x03" +
+	"\x06\x03+\x03\x0b\x1e\x19\x03\x0a))\x03\x09\x08\x19\x03\x08,\x05\x03\x07" +
+	"<2\x03\x06\x1c>\x03\x0a\x111\x03\x09\x1b\x09\x03\x073.\x03\x07\x01\x00" +
+	"\x03\x09/,\x03\x07#>\x03\x07\x048\x03\x0a\x1f\x22\x03\x098>\x03\x09\x11" +
+	"\x00\x03\x08/\x17\x03\x06'\x22\x03\x0b\x1a+\x03\x0a\x22\x19\x03\x0a/1" +
+	"\x03\x0974\x03\x09\x0f\x22\x03\x08,\x22\x03\x08?\x14\x03\x07$5\x03\x07<3" +
+	"\x03\x07=*\x03\x07\x13\x18\x03\x068\x0a\x03\x06\x09\x16\x03\x06\x13\x00" +
+	"\x03\x08\x067\x03\x08\x01\x03\x03\x08\x12\x1d\x03\x07+7\x03\x06(;\x03" +
+	"\x06\x1c?\x03\x07\x0e\x17\x03\x0a\x06\x1d\x03\x0a\x19\x07\x03\x08\x14$" +
+	"\x03\x07$;\x03\x08,$\x03\x08\x06\x0d\x03\x07\x16\x0a\x03\x06>>\x03\x0a" +
+	"\x06\x12\x03\x0a\x14)\x03\x09\x0d\x1f\x03\x09\x12\x17\x03\x09\x19\x01" +
+	"\x03\x08\x11 \x03\x08\x1d'\x03\x06<\x1a\x03\x0a.\x00\x03\x07'\x18\x03" +
+	"\x0a\x22\x08\x03\x08\x0d\x0a\x03\x08\x13)\x03\x07*)\x03\x06<,\x03\x07" +
+	"\x0b\x1a\x03\x09.\x14\x03\x09\x0d\x1e\x03\x07\x0e#\x03\x0b\x1d'\x03\x0a" +
+	"\x0a8\x03\x09%2\x03\x08+&\x03\x080\x12\x03\x0a)4\x03\x08\x06\x1f\x03\x0b" +
+	"\x1b\x1a\x03\x0a\x1b\x0f\x03\x0b\x1d*\x03\x09\x16$\x03\x090\x11\x03\x08" +
+	"\x11\x08\x03\x0a*(\x03\x0a\x042\x03\x089,\x03\x074'\x03\x07\x0f\x05\x03" +
+	"\x09\x0b\x0a\x03\x07\x1b\x01\x03\x09\x17:\x03\x09.\x0d\x03\x07.\x11\x03" +
+	"\x09+\x15\x03\x080\x13\x03\x0b\x1f\x19\x03\x0a \x11\x03\x0a\x220\x03\x09" +
+	"\x07;\x03\x08\x16\x1c\x03\x07,\x13\x03\x07\x0e/\x03\x06\x221\x03\x0a." +
+	"\x0a\x03\x0a7\x02\x03\x0a\x032\x03\x0a\x1d.\x03\x091\x06\x03\x09\x19:" +
+	"\x03\x08\x02/\x03\x060+\x03\x06\x0f-\x03\x06\x1c\x1f\x03\x06\x1d\x07\x03" +
+	"\x0a,\x11\x03\x09=\x0d\x03\x09\x0b;\x03\x07\x1b/\x03\x0a\x1f:\x03\x09 " +
+	"\x1f\x03\x09.\x10\x03\x094\x0b\x03\x09\x1a1\x03\x08#\x1a\x03\x084\x1d" +
+	"\x03\x08\x01\x1f\x03\x08\x11\x22\x03\x07'8\x03\x07\x1a>\x03\x0757\x03" +
+	"\x06&9\x03\x06+\x11\x03\x0a.\x0b\x03\x0a,>\x03\x0a4#\x03\x08%\x17\x03" +
+	"\x07\x05\x22\x03\x07\x0c\x0b\x03\x0a\x1d+\x03\x0a\x19\x16\x03\x09+\x1f" +
+	"\x03\x09\x08\x0b\x03\x08\x16\x18\x03\x08+\x12\x03\x0b\x1d\x0c\x03\x0a=" +
+	"\x10\x03\x0a\x09\x0d\x03\x0a\x10\x11\x03\x09&0\x03\x08(\x1f\x03\x087\x07" +
+	"\x03\x08\x185\x03\x07'6\x03\x06.\x05\x03\x06=\x04\x03\x06;;\x03\x06\x06," +
+	"\x03\x0b\x18>\x03\x08\x00\x18\x03\x06 \x03\x03\x06<\x00\x03\x09%\x18\x03" +
+	"\x0b\x1c<\x03\x0a%!\x03\x0a\x09\x12\x03\x0a\x16\x02\x03\x090'\x03\x09" +
+	"\x0e=\x03\x08 \x0e\x03\x08>\x03\x03\x074>\x03\x06&?\x03\x06\x19\x09\x03" +
+	"\x06?(\x03\x0a-\x0e\x03\x09:3\x03\x098:\x03\x09\x12\x0b\x03\x09\x1d\x17" +
+	"\x03\x087\x05\x03\x082\x14\x03\x08\x06%\x03\x08\x13\x1f\x03\x06\x06\x0e" +
+	"\x03\x0a\x22<\x03\x09/<\x03\x06>+\x03\x0a'?\x03\x0a\x13\x0c\x03\x09\x10<" +
+	"\x03\x07\x1b=\x03\x0a\x19\x13\x03\x09\x22\x1d\x03\x09\x07\x0d\x03\x08)" +
+	"\x1c\x03\x06=\x1a\x03\x0a/4\x03\x0a7\x11\x03\x0a\x16:\x03\x09?3\x03\x09:" +
+	"/\x03\x09\x05\x0a\x03\x09\x14\x06\x03\x087\x22\x03\x080\x07\x03\x08\x1a" +
+	"\x1f\x03\x07\x04(\x03\x07\x04\x09\x03\x06 %\x03\x06<\x08\x03\x0a+\x14" +
+	"\x03\x09\x1d\x16\x03\x0a70\x03\x08 >\x03\x0857\x03\x070\x0a\x03\x06=\x12" +
+	"\x03\x06\x16%\x03\x06\x1d,\x03\x099#\x03\x09\x10>\x03\x07 \x1e\x03\x08" +
+	"\x0c<\x03\x08\x0b\x18\x03\x08\x15+\x03\x08,:\x03\x08%\x22\x03\x07\x0a$" +
+	"\x03\x0b\x1c=\x03\x07+\x08\x03\x0a/\x05\x03\x0a \x07\x03\x0a\x12'\x03" +
+	"\x09#\x11\x03\x08\x1b\x15\x03\x0a\x06\x01\x03\x09\x1c\x1b\x03\x0922\x03" +
+	"\x07\x14<\x03\x07\x09\x04\x03\x061\x04\x03\x07\x0e\x01\x03\x0a\x13\x18" +
+	"\x03\x0a-\x0c\x03\x0a?\x0d\x03\x0a\x09\x0a\x03\x091&\x03\x0a/\x0b\x03" +
+	"\x08$<\x03\x083\x1d\x03\x08\x0c$\x03\x08\x0d\x07\x03\x08\x0d?\x03\x08" +
+	"\x0e\x14\x03\x065\x0a\x03\x08\x1a#\x03\x08\x16#\x03\x0702\x03\x07\x03" +
+	"\x1a\x03\x06(\x1d\x03\x06+\x1b\x03\x06\x0b\x05\x03\x06\x0b\x17\x03\x06" +
+	"\x0c\x04\x03\x06\x1e\x19\x03\x06+0\x03\x062\x18\x03\x0b\x16\x1e\x03\x0a+" +
+	"\x16\x03\x0a-?\x03\x0a#:\x03\x0a#\x10\x03\x0a%$\x03\x0a>+\x03\x0a01\x03" +
+	"\x0a1\x10\x03\x0a\x099\x03\x0a\x0a\x12\x03\x0a\x19\x1f\x03\x0a\x19\x12" +
+	"\x03\x09*)\x03\x09-\x16\x03\x09.1\x03\x09.2\x03\x09<\x0e\x03\x09> \x03" +
+	"\x093\x12\x03\x09\x0b\x01\x03\x09\x1c2\x03\x09\x11\x1c\x03\x09\x15%\x03" +
+	"\x08,&\x03\x08!\x22\x03\x089(\x03\x08\x0b\x1a\x03\x08\x0d2\x03\x08\x0c" +
+	"\x04\x03\x08\x0c\x06\x03\x08\x0c\x1f\x03\x08\x0c\x0c\x03\x08\x0f\x1f\x03" +
+	"\x08\x0f\x1d\x03\x08\x00\x14\x03\x08\x03\x14\x03\x08\x06\x16\x03\x08\x1e" +
+	"#\x03\x08\x11\x11\x03\x08\x10\x18\x03\x08\x14(\x03\x07)\x1e\x03\x07.1" +
+	"\x03\x07 $\x03\x07 '\x03\x078\x08\x03\x07\x0d0\x03\x07\x0f7\x03\x07\x05#" +
+	"\x03\x07\x05\x1a\x03\x07\x1a7\x03\x07\x1d-\x03\x07\x17\x10\x03\x06)\x1f" +
+	"\x03\x062\x0b\x03\x066\x16\x03\x06\x09\x11\x03\x09(\x1e\x03\x07!5\x03" +
+	"\x0b\x11\x16\x03\x0a/\x04\x03\x0a,\x1a\x03\x0b\x173\x03\x0a,1\x03\x0a/5" +
+	"\x03\x0a\x221\x03\x0a\x22\x0d\x03\x0a?%\x03\x0a<,\x03\x0a?#\x03\x0a>\x19" +
+	"\x03\x0a\x08&\x03\x0a\x0b\x0e\x03\x0a\x0c:\x03\x0a\x0c+\x03\x0a\x03\x22" +
+	"\x03\x0a\x06)\x03\x0a\x11\x10\x03\x0a\x11\x1a\x03\x0a\x17-\x03\x0a\x14(" +
+	"\x03\x09)\x1e\x03\x09/\x09\x03\x09.\x00\x03\x09,\x07\x03\x09/*\x03\x09-9" +
+	"\x03\x09\x228\x03\x09%\x09\x03\x09:\x12\x03\x09;\x1d\x03\x09?\x06\x03" +
+	"\x093%\x03\x096\x05\x03\x096\x08\x03\x097\x02\x03\x09\x07,\x03\x09\x04," +
+	"\x03\x09\x1f\x16\x03\x09\x11\x03\x03\x09\x11\x12\x03\x09\x168\x03\x08*" +
+	"\x05\x03\x08/2\x03\x084:\x03\x08\x22+\x03\x08 0\x03\x08&\x0a\x03\x08;" +
+	"\x10\x03\x08>$\x03\x08>\x18\x03\x0829\x03\x082:\x03\x081,\x03\x081<\x03" +
+	"\x081\x1c\x03\x087#\x03\x087*\x03\x08\x09'\x03\x08\x00\x1d\x03\x08\x05-" +
+	"\x03\x08\x1f4\x03\x08\x1d\x04\x03\x08\x16\x0f\x03\x07*7\x03\x07'!\x03" +
+	"\x07%\x1b\x03\x077\x0c\x03\x07\x0c1\x03\x07\x0c.\x03\x07\x00\x06\x03\x07" +
+	"\x01\x02\x03\x07\x010\x03\x07\x06=\x03\x07\x01\x03\x03\x07\x01\x13\x03" +
+	"\x07\x06\x06\x03\x07\x05\x0a\x03\x07\x1f\x09\x03\x07\x17:\x03\x06*1\x03" +
+	"\x06-\x1d\x03\x06\x223\x03\x062:\x03\x060$\x03\x066\x1e\x03\x064\x12\x03" +
+	"\x0645\x03\x06\x0b\x00\x03\x06\x0b7\x03\x06\x07\x1f\x03\x06\x15\x12\x03" +
+	"\x0c\x05\x0f\x03\x0b+\x0b\x03\x0b+-\x03\x06\x16\x1b\x03\x06\x15\x17\x03" +
+	"\x89\xca\xea\x03\x89\xca\xe8\x03\x0c8\x10\x03\x0c8\x01\x03\x0c8\x0f\x03" +
+	"\x0d8%\x03\x0d8!\x03\x0c8-\x03\x0c8/\x03\x0c8+\x03\x0c87\x03\x0c85\x03" +
+	"\x0c9\x09\x03\x0c9\x0d\x03\x0c9\x0f\x03\x0c9\x0b\x03\xcfu\x0c\x03\xcfu" +
+	"\x0f\x03\xcfu\x0e\x03\xcfu\x09\x03\x0c9\x10\x03\x0d9\x0c\x03\xcf`;\x03" +
+	"\xcf`>\x03\xcf`9\x03\xcf`8\x03\xcf`7\x03\xcf`*\x03\xcf`-\x03\xcf`,\x03" +
+	"\x0d\x1b\x1a\x03\x0d\x1b&\x03\x0c=.\x03\x0c=%\x03\x0c>\x1e\x03\x0c>\x14" +
+	"\x03\x0c?\x06\x03\x0c?\x0b\x03\x0c?\x0c\x03\x0c?\x0d\x03\x0c?\x02\x03" +
+	"\x0c>\x0f\x03\x0c>\x08\x03\x0c>\x09\x03\x0c>,\x03\x0c>\x0c\x03\x0c?\x13" +
+	"\x03\x0c?\x16\x03\x0c?\x15\x03\x0c?\x1c\x03\x0c?\x1f\x03\x0c?\x1d\x03" +
+	"\x0c?\x1a\x03\x0c?\x17\x03\x0c?\x08\x03\x0c?\x09\x03\x0c?\x0e\x03\x0c?" +
+	"\x04\x03\x0c?\x05\x03\x0c<?\x03\x0c=\x00\x03\x0c=\x06\x03\x0c=\x05\x03" +
+	"\x0c=\x0c\x03\x0c=\x0f\x03\x0c=\x0d\x03\x0c=\x0b\x03\x0c=\x07\x03\x0c=" +
+	"\x19\x03\x0c=\x15\x03\x0c=\x11\x03\x0c=1\x03\x0c=3\x03\x0c=0\x03\x0c=>" +
+	"\x03\x0c=2\x03\x0c=6\x03\x0c<\x07\x03\x0c<\x05\x03\x0e:!\x03\x0e:#\x03" +
+	"\x0e8\x09\x03\x0e:&\x03\x0e8\x0b\x03\x0e:$\x03\x0e:,\x03\x0e8\x1a\x03" +
+	"\x0e8\x1e\x03\x0e:*\x03\x0e:7\x03\x0e:5\x03\x0e:;\x03\x0e:\x15\x03\x0e:<" +
+	"\x03\x0e:4\x03\x0e:'\x03\x0e:-\x03\x0e:%\x03\x0e:?\x03\x0e:=\x03\x0e:)" +
+	"\x03\x0e:/\x03\xcfs'\x03\x0d=\x0f\x03\x0d+*\x03\x0d99\x03\x0d9;\x03\x0d9" +
+	"?\x03\x0d)\x0d\x03\x0d(%\x02\x01\x18\x02\x01(\x02\x01\x1e\x03\x0f$!\x03" +
+	"\x0f87\x03\x0f4\x0e\x03\x0f5\x1d\x03\x06'\x03\x03\x0f\x08\x18\x03\x0f" +
+	"\x0d\x1b\x03\x0e2=\x03\x0e;\x08\x03\x0e:\x0b\x03\x0e\x06$\x03\x0e\x0d)" +
+	"\x03\x0e\x16\x1f\x03\x0e\x16\x1b\x03\x0d$\x0a\x03\x05,\x1d\x03\x0d. \x03" +
+	"\x0d.#\x03\x0c(/\x03\x09%\x02\x03\x0d90\x03\x0d\x0e4\x03\x0d\x0d\x0f\x03" +
+	"\x0c#\x00\x03\x0c,\x1e\x03\x0c2\x0e\x03\x0c\x01\x17\x03\x0c\x09:\x03\x0e" +
+	"\x173\x03\x0c\x08\x03\x03\x0c\x11\x07\x03\x0c\x10\x18\x03\x0c\x1f\x1c" +
+	"\x03\x0c\x19\x0e\x03\x0c\x1a\x1f\x03\x0f0>\x03\x0b->\x03\x0b<+\x03\x0b8" +
+	"\x13\x03\x0b\x043\x03\x0b\x14\x03\x03\x0b\x16%\x03\x0d\x22&\x03\x0b\x1a" +
+	"\x1a\x03\x0b\x1a\x04\x03\x0a%9\x03\x0a&2\x03\x0a&0\x03\x0a!\x1a\x03\x0a!" +
+	"7\x03\x0a5\x10\x03\x0a=4\x03\x0a?\x0e\x03\x0a>\x10\x03\x0a\x00 \x03\x0a" +
+	"\x0f:\x03\x0a\x0f9\x03\x0a\x0b\x0a\x03\x0a\x17%\x03\x0a\x1b-\x03\x09-" +
+	"\x1a\x03\x09,4\x03\x09.,\x03\x09)\x09\x03\x096!\x03\x091\x1f\x03\x093" +
+	"\x16\x03\x0c+\x1f\x03\x098 \x03\x098=\x03\x0c(\x1a\x03\x0c(\x16\x03\x09" +
+	"\x0a+\x03\x09\x16\x12\x03\x09\x13\x0e\x03\x09\x153\x03\x08)!\x03\x09\x1a" +
+	"\x01\x03\x09\x18\x01\x03\x08%#\x03\x08>\x22\x03\x08\x05%\x03\x08\x02*" +
+	"\x03\x08\x15;\x03\x08\x1b7\x03\x0f\x07\x1d\x03\x0f\x04\x03\x03\x070\x0c" +
+	"\x03\x07;\x0b\x03\x07\x08\x17\x03\x07\x12\x06\x03\x06/-\x03\x0671\x03" +
+	"\x065+\x03\x06>7\x03\x06\x049\x03\x05+\x1e\x03\x05,\x17\x03\x05 \x1d\x03" +
+	"\x05\x22\x05\x03\x050\x1d"
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// idnaTrie. Total size: 29052 bytes (28.37 KiB). Checksum: ef06e7ecc26f36dd.
+type idnaTrie struct{}
+
+func newIdnaTrie(i int) *idnaTrie {
+	return &idnaTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *idnaTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 125:
+		return uint16(idnaValues[n<<6+uint32(b)])
+	default:
+		n -= 125
+		return uint16(idnaSparse.lookup(n, b))
+	}
+}
+
+// idnaValues: 127 blocks, 8128 entries, 16256 bytes
+// The third block is the zero block.
+var idnaValues = [8128]uint16{
+	// Block 0x0, offset 0x0
+	0x00: 0x0080, 0x01: 0x0080, 0x02: 0x0080, 0x03: 0x0080, 0x04: 0x0080, 0x05: 0x0080,
+	0x06: 0x0080, 0x07: 0x0080, 0x08: 0x0080, 0x09: 0x0080, 0x0a: 0x0080, 0x0b: 0x0080,
+	0x0c: 0x0080, 0x0d: 0x0080, 0x0e: 0x0080, 0x0f: 0x0080, 0x10: 0x0080, 0x11: 0x0080,
+	0x12: 0x0080, 0x13: 0x0080, 0x14: 0x0080, 0x15: 0x0080, 0x16: 0x0080, 0x17: 0x0080,
+	0x18: 0x0080, 0x19: 0x0080, 0x1a: 0x0080, 0x1b: 0x0080, 0x1c: 0x0080, 0x1d: 0x0080,
+	0x1e: 0x0080, 0x1f: 0x0080, 0x20: 0x0080, 0x21: 0x0080, 0x22: 0x0080, 0x23: 0x0080,
+	0x24: 0x0080, 0x25: 0x0080, 0x26: 0x0080, 0x27: 0x0080, 0x28: 0x0080, 0x29: 0x0080,
+	0x2a: 0x0080, 0x2b: 0x0080, 0x2c: 0x0080, 0x2d: 0x0008, 0x2e: 0x0008, 0x2f: 0x0080,
+	0x30: 0x0008, 0x31: 0x0008, 0x32: 0x0008, 0x33: 0x0008, 0x34: 0x0008, 0x35: 0x0008,
+	0x36: 0x0008, 0x37: 0x0008, 0x38: 0x0008, 0x39: 0x0008, 0x3a: 0x0080, 0x3b: 0x0080,
+	0x3c: 0x0080, 0x3d: 0x0080, 0x3e: 0x0080, 0x3f: 0x0080,
+	// Block 0x1, offset 0x40
+	0x40: 0x0080, 0x41: 0xe105, 0x42: 0xe105, 0x43: 0xe105, 0x44: 0xe105, 0x45: 0xe105,
+	0x46: 0xe105, 0x47: 0xe105, 0x48: 0xe105, 0x49: 0xe105, 0x4a: 0xe105, 0x4b: 0xe105,
+	0x4c: 0xe105, 0x4d: 0xe105, 0x4e: 0xe105, 0x4f: 0xe105, 0x50: 0xe105, 0x51: 0xe105,
+	0x52: 0xe105, 0x53: 0xe105, 0x54: 0xe105, 0x55: 0xe105, 0x56: 0xe105, 0x57: 0xe105,
+	0x58: 0xe105, 0x59: 0xe105, 0x5a: 0xe105, 0x5b: 0x0080, 0x5c: 0x0080, 0x5d: 0x0080,
+	0x5e: 0x0080, 0x5f: 0x0080, 0x60: 0x0080, 0x61: 0x0008, 0x62: 0x0008, 0x63: 0x0008,
+	0x64: 0x0008, 0x65: 0x0008, 0x66: 0x0008, 0x67: 0x0008, 0x68: 0x0008, 0x69: 0x0008,
+	0x6a: 0x0008, 0x6b: 0x0008, 0x6c: 0x0008, 0x6d: 0x0008, 0x6e: 0x0008, 0x6f: 0x0008,
+	0x70: 0x0008, 0x71: 0x0008, 0x72: 0x0008, 0x73: 0x0008, 0x74: 0x0008, 0x75: 0x0008,
+	0x76: 0x0008, 0x77: 0x0008, 0x78: 0x0008, 0x79: 0x0008, 0x7a: 0x0008, 0x7b: 0x0080,
+	0x7c: 0x0080, 0x7d: 0x0080, 0x7e: 0x0080, 0x7f: 0x0080,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x0040, 0xc1: 0x0040, 0xc2: 0x0040, 0xc3: 0x0040, 0xc4: 0x0040, 0xc5: 0x0040,
+	0xc6: 0x0040, 0xc7: 0x0040, 0xc8: 0x0040, 0xc9: 0x0040, 0xca: 0x0040, 0xcb: 0x0040,
+	0xcc: 0x0040, 0xcd: 0x0040, 0xce: 0x0040, 0xcf: 0x0040, 0xd0: 0x0040, 0xd1: 0x0040,
+	0xd2: 0x0040, 0xd3: 0x0040, 0xd4: 0x0040, 0xd5: 0x0040, 0xd6: 0x0040, 0xd7: 0x0040,
+	0xd8: 0x0040, 0xd9: 0x0040, 0xda: 0x0040, 0xdb: 0x0040, 0xdc: 0x0040, 0xdd: 0x0040,
+	0xde: 0x0040, 0xdf: 0x0040, 0xe0: 0x000a, 0xe1: 0x0018, 0xe2: 0x0018, 0xe3: 0x0018,
+	0xe4: 0x0018, 0xe5: 0x0018, 0xe6: 0x0018, 0xe7: 0x0018, 0xe8: 0x001a, 0xe9: 0x0018,
+	0xea: 0x0039, 0xeb: 0x0018, 0xec: 0x0018, 0xed: 0x03c0, 0xee: 0x0018, 0xef: 0x004a,
+	0xf0: 0x0018, 0xf1: 0x0018, 0xf2: 0x0069, 0xf3: 0x0079, 0xf4: 0x008a, 0xf5: 0x0005,
+	0xf6: 0x0018, 0xf7: 0x0008, 0xf8: 0x00aa, 0xf9: 0x00c9, 0xfa: 0x00d9, 0xfb: 0x0018,
+	0xfc: 0x00e9, 0xfd: 0x0119, 0xfe: 0x0149, 0xff: 0x0018,
+	// Block 0x4, offset 0x100
+	0x100: 0xe00d, 0x101: 0x0008, 0x102: 0xe00d, 0x103: 0x0008, 0x104: 0xe00d, 0x105: 0x0008,
+	0x106: 0xe00d, 0x107: 0x0008, 0x108: 0xe00d, 0x109: 0x0008, 0x10a: 0xe00d, 0x10b: 0x0008,
+	0x10c: 0xe00d, 0x10d: 0x0008, 0x10e: 0xe00d, 0x10f: 0x0008, 0x110: 0xe00d, 0x111: 0x0008,
+	0x112: 0xe00d, 0x113: 0x0008, 0x114: 0xe00d, 0x115: 0x0008, 0x116: 0xe00d, 0x117: 0x0008,
+	0x118: 0xe00d, 0x119: 0x0008, 0x11a: 0xe00d, 0x11b: 0x0008, 0x11c: 0xe00d, 0x11d: 0x0008,
+	0x11e: 0xe00d, 0x11f: 0x0008, 0x120: 0xe00d, 0x121: 0x0008, 0x122: 0xe00d, 0x123: 0x0008,
+	0x124: 0xe00d, 0x125: 0x0008, 0x126: 0xe00d, 0x127: 0x0008, 0x128: 0xe00d, 0x129: 0x0008,
+	0x12a: 0xe00d, 0x12b: 0x0008, 0x12c: 0xe00d, 0x12d: 0x0008, 0x12e: 0xe00d, 0x12f: 0x0008,
+	0x130: 0x0179, 0x131: 0x0008, 0x132: 0x0035, 0x133: 0x004d, 0x134: 0xe00d, 0x135: 0x0008,
+	0x136: 0xe00d, 0x137: 0x0008, 0x138: 0x0008, 0x139: 0xe01d, 0x13a: 0x0008, 0x13b: 0xe03d,
+	0x13c: 0x0008, 0x13d: 0xe01d, 0x13e: 0x0008, 0x13f: 0x0199,
+	// Block 0x5, offset 0x140
+	0x140: 0x0199, 0x141: 0xe01d, 0x142: 0x0008, 0x143: 0xe03d, 0x144: 0x0008, 0x145: 0xe01d,
+	0x146: 0x0008, 0x147: 0xe07d, 0x148: 0x0008, 0x149: 0x01b9, 0x14a: 0xe00d, 0x14b: 0x0008,
+	0x14c: 0xe00d, 0x14d: 0x0008, 0x14e: 0xe00d, 0x14f: 0x0008, 0x150: 0xe00d, 0x151: 0x0008,
+	0x152: 0xe00d, 0x153: 0x0008, 0x154: 0xe00d, 0x155: 0x0008, 0x156: 0xe00d, 0x157: 0x0008,
+	0x158: 0xe00d, 0x159: 0x0008, 0x15a: 0xe00d, 0x15b: 0x0008, 0x15c: 0xe00d, 0x15d: 0x0008,
+	0x15e: 0xe00d, 0x15f: 0x0008, 0x160: 0xe00d, 0x161: 0x0008, 0x162: 0xe00d, 0x163: 0x0008,
+	0x164: 0xe00d, 0x165: 0x0008, 0x166: 0xe00d, 0x167: 0x0008, 0x168: 0xe00d, 0x169: 0x0008,
+	0x16a: 0xe00d, 0x16b: 0x0008, 0x16c: 0xe00d, 0x16d: 0x0008, 0x16e: 0xe00d, 0x16f: 0x0008,
+	0x170: 0xe00d, 0x171: 0x0008, 0x172: 0xe00d, 0x173: 0x0008, 0x174: 0xe00d, 0x175: 0x0008,
+	0x176: 0xe00d, 0x177: 0x0008, 0x178: 0x0065, 0x179: 0xe01d, 0x17a: 0x0008, 0x17b: 0xe03d,
+	0x17c: 0x0008, 0x17d: 0xe01d, 0x17e: 0x0008, 0x17f: 0x01d9,
+	// Block 0x6, offset 0x180
+	0x180: 0x0008, 0x181: 0x007d, 0x182: 0xe00d, 0x183: 0x0008, 0x184: 0xe00d, 0x185: 0x0008,
+	0x186: 0x007d, 0x187: 0xe07d, 0x188: 0x0008, 0x189: 0x0095, 0x18a: 0x00ad, 0x18b: 0xe03d,
+	0x18c: 0x0008, 0x18d: 0x0008, 0x18e: 0x00c5, 0x18f: 0x00dd, 0x190: 0x00f5, 0x191: 0xe01d,
+	0x192: 0x0008, 0x193: 0x010d, 0x194: 0x0125, 0x195: 0x0008, 0x196: 0x013d, 0x197: 0x013d,
+	0x198: 0xe00d, 0x199: 0x0008, 0x19a: 0x0008, 0x19b: 0x0008, 0x19c: 0x010d, 0x19d: 0x0155,
+	0x19e: 0x0008, 0x19f: 0x016d, 0x1a0: 0xe00d, 0x1a1: 0x0008, 0x1a2: 0xe00d, 0x1a3: 0x0008,
+	0x1a4: 0xe00d, 0x1a5: 0x0008, 0x1a6: 0x0185, 0x1a7: 0xe07d, 0x1a8: 0x0008, 0x1a9: 0x019d,
+	0x1aa: 0x0008, 0x1ab: 0x0008, 0x1ac: 0xe00d, 0x1ad: 0x0008, 0x1ae: 0x0185, 0x1af: 0xe0fd,
+	0x1b0: 0x0008, 0x1b1: 0x01b5, 0x1b2: 0x01cd, 0x1b3: 0xe03d, 0x1b4: 0x0008, 0x1b5: 0xe01d,
+	0x1b6: 0x0008, 0x1b7: 0x01e5, 0x1b8: 0xe00d, 0x1b9: 0x0008, 0x1ba: 0x0008, 0x1bb: 0x0008,
+	0x1bc: 0xe00d, 0x1bd: 0x0008, 0x1be: 0x0008, 0x1bf: 0x0008,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x0008, 0x1c1: 0x0008, 0x1c2: 0x0008, 0x1c3: 0x0008, 0x1c4: 0x01e9, 0x1c5: 0x01e9,
+	0x1c6: 0x01e9, 0x1c7: 0x01fd, 0x1c8: 0x0215, 0x1c9: 0x022d, 0x1ca: 0x0245, 0x1cb: 0x025d,
+	0x1cc: 0x0275, 0x1cd: 0xe01d, 0x1ce: 0x0008, 0x1cf: 0xe0fd, 0x1d0: 0x0008, 0x1d1: 0xe01d,
+	0x1d2: 0x0008, 0x1d3: 0xe03d, 0x1d4: 0x0008, 0x1d5: 0xe01d, 0x1d6: 0x0008, 0x1d7: 0xe07d,
+	0x1d8: 0x0008, 0x1d9: 0xe01d, 0x1da: 0x0008, 0x1db: 0xe03d, 0x1dc: 0x0008, 0x1dd: 0x0008,
+	0x1de: 0xe00d, 0x1df: 0x0008, 0x1e0: 0xe00d, 0x1e1: 0x0008, 0x1e2: 0xe00d, 0x1e3: 0x0008,
+	0x1e4: 0xe00d, 0x1e5: 0x0008, 0x1e6: 0xe00d, 0x1e7: 0x0008, 0x1e8: 0xe00d, 0x1e9: 0x0008,
+	0x1ea: 0xe00d, 0x1eb: 0x0008, 0x1ec: 0xe00d, 0x1ed: 0x0008, 0x1ee: 0xe00d, 0x1ef: 0x0008,
+	0x1f0: 0x0008, 0x1f1: 0x028d, 0x1f2: 0x02a5, 0x1f3: 0x02bd, 0x1f4: 0xe00d, 0x1f5: 0x0008,
+	0x1f6: 0x02d5, 0x1f7: 0x02ed, 0x1f8: 0xe00d, 0x1f9: 0x0008, 0x1fa: 0xe00d, 0x1fb: 0x0008,
+	0x1fc: 0xe00d, 0x1fd: 0x0008, 0x1fe: 0xe00d, 0x1ff: 0x0008,
+	// Block 0x8, offset 0x200
+	0x200: 0xe00d, 0x201: 0x0008, 0x202: 0xe00d, 0x203: 0x0008, 0x204: 0xe00d, 0x205: 0x0008,
+	0x206: 0xe00d, 0x207: 0x0008, 0x208: 0xe00d, 0x209: 0x0008, 0x20a: 0xe00d, 0x20b: 0x0008,
+	0x20c: 0xe00d, 0x20d: 0x0008, 0x20e: 0xe00d, 0x20f: 0x0008, 0x210: 0xe00d, 0x211: 0x0008,
+	0x212: 0xe00d, 0x213: 0x0008, 0x214: 0xe00d, 0x215: 0x0008, 0x216: 0xe00d, 0x217: 0x0008,
+	0x218: 0xe00d, 0x219: 0x0008, 0x21a: 0xe00d, 0x21b: 0x0008, 0x21c: 0xe00d, 0x21d: 0x0008,
+	0x21e: 0xe00d, 0x21f: 0x0008, 0x220: 0x0305, 0x221: 0x0008, 0x222: 0xe00d, 0x223: 0x0008,
+	0x224: 0xe00d, 0x225: 0x0008, 0x226: 0xe00d, 0x227: 0x0008, 0x228: 0xe00d, 0x229: 0x0008,
+	0x22a: 0xe00d, 0x22b: 0x0008, 0x22c: 0xe00d, 0x22d: 0x0008, 0x22e: 0xe00d, 0x22f: 0x0008,
+	0x230: 0xe00d, 0x231: 0x0008, 0x232: 0xe00d, 0x233: 0x0008, 0x234: 0x0008, 0x235: 0x0008,
+	0x236: 0x0008, 0x237: 0x0008, 0x238: 0x0008, 0x239: 0x0008, 0x23a: 0x0209, 0x23b: 0xe03d,
+	0x23c: 0x0008, 0x23d: 0x031d, 0x23e: 0x0229, 0x23f: 0x0008,
+	// Block 0x9, offset 0x240
+	0x240: 0x0008, 0x241: 0x0008, 0x242: 0x0018, 0x243: 0x0018, 0x244: 0x0018, 0x245: 0x0018,
+	0x246: 0x0008, 0x247: 0x0008, 0x248: 0x0008, 0x249: 0x0008, 0x24a: 0x0008, 0x24b: 0x0008,
+	0x24c: 0x0008, 0x24d: 0x0008, 0x24e: 0x0008, 0x24f: 0x0008, 0x250: 0x0008, 0x251: 0x0008,
+	0x252: 0x0018, 0x253: 0x0018, 0x254: 0x0018, 0x255: 0x0018, 0x256: 0x0018, 0x257: 0x0018,
+	0x258: 0x029a, 0x259: 0x02ba, 0x25a: 0x02da, 0x25b: 0x02fa, 0x25c: 0x031a, 0x25d: 0x033a,
+	0x25e: 0x0018, 0x25f: 0x0018, 0x260: 0x03ad, 0x261: 0x0359, 0x262: 0x01d9, 0x263: 0x0369,
+	0x264: 0x03c5, 0x265: 0x0018, 0x266: 0x0018, 0x267: 0x0018, 0x268: 0x0018, 0x269: 0x0018,
+	0x26a: 0x0018, 0x26b: 0x0018, 0x26c: 0x0008, 0x26d: 0x0018, 0x26e: 0x0008, 0x26f: 0x0018,
+	0x270: 0x0018, 0x271: 0x0018, 0x272: 0x0018, 0x273: 0x0018, 0x274: 0x0018, 0x275: 0x0018,
+	0x276: 0x0018, 0x277: 0x0018, 0x278: 0x0018, 0x279: 0x0018, 0x27a: 0x0018, 0x27b: 0x0018,
+	0x27c: 0x0018, 0x27d: 0x0018, 0x27e: 0x0018, 0x27f: 0x0018,
+	// Block 0xa, offset 0x280
+	0x280: 0x03dd, 0x281: 0x03dd, 0x282: 0x3308, 0x283: 0x03f5, 0x284: 0x0379, 0x285: 0x040d,
+	0x286: 0x3308, 0x287: 0x3308, 0x288: 0x3308, 0x289: 0x3308, 0x28a: 0x3308, 0x28b: 0x3308,
+	0x28c: 0x3308, 0x28d: 0x3308, 0x28e: 0x3308, 0x28f: 0x33c0, 0x290: 0x3308, 0x291: 0x3308,
+	0x292: 0x3308, 0x293: 0x3308, 0x294: 0x3308, 0x295: 0x3308, 0x296: 0x3308, 0x297: 0x3308,
+	0x298: 0x3308, 0x299: 0x3308, 0x29a: 0x3308, 0x29b: 0x3308, 0x29c: 0x3308, 0x29d: 0x3308,
+	0x29e: 0x3308, 0x29f: 0x3308, 0x2a0: 0x3308, 0x2a1: 0x3308, 0x2a2: 0x3308, 0x2a3: 0x3308,
+	0x2a4: 0x3308, 0x2a5: 0x3308, 0x2a6: 0x3308, 0x2a7: 0x3308, 0x2a8: 0x3308, 0x2a9: 0x3308,
+	0x2aa: 0x3308, 0x2ab: 0x3308, 0x2ac: 0x3308, 0x2ad: 0x3308, 0x2ae: 0x3308, 0x2af: 0x3308,
+	0x2b0: 0xe00d, 0x2b1: 0x0008, 0x2b2: 0xe00d, 0x2b3: 0x0008, 0x2b4: 0x0425, 0x2b5: 0x0008,
+	0x2b6: 0xe00d, 0x2b7: 0x0008, 0x2b8: 0x0040, 0x2b9: 0x0040, 0x2ba: 0x03a2, 0x2bb: 0x0008,
+	0x2bc: 0x0008, 0x2bd: 0x0008, 0x2be: 0x03c2, 0x2bf: 0x043d,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x0040, 0x2c1: 0x0040, 0x2c2: 0x0040, 0x2c3: 0x0040, 0x2c4: 0x008a, 0x2c5: 0x03d2,
+	0x2c6: 0xe155, 0x2c7: 0x0455, 0x2c8: 0xe12d, 0x2c9: 0xe13d, 0x2ca: 0xe12d, 0x2cb: 0x0040,
+	0x2cc: 0x03dd, 0x2cd: 0x0040, 0x2ce: 0x046d, 0x2cf: 0x0485, 0x2d0: 0x0008, 0x2d1: 0xe105,
+	0x2d2: 0xe105, 0x2d3: 0xe105, 0x2d4: 0xe105, 0x2d5: 0xe105, 0x2d6: 0xe105, 0x2d7: 0xe105,
+	0x2d8: 0xe105, 0x2d9: 0xe105, 0x2da: 0xe105, 0x2db: 0xe105, 0x2dc: 0xe105, 0x2dd: 0xe105,
+	0x2de: 0xe105, 0x2df: 0xe105, 0x2e0: 0x049d, 0x2e1: 0x049d, 0x2e2: 0x0040, 0x2e3: 0x049d,
+	0x2e4: 0x049d, 0x2e5: 0x049d, 0x2e6: 0x049d, 0x2e7: 0x049d, 0x2e8: 0x049d, 0x2e9: 0x049d,
+	0x2ea: 0x049d, 0x2eb: 0x049d, 0x2ec: 0x0008, 0x2ed: 0x0008, 0x2ee: 0x0008, 0x2ef: 0x0008,
+	0x2f0: 0x0008, 0x2f1: 0x0008, 0x2f2: 0x0008, 0x2f3: 0x0008, 0x2f4: 0x0008, 0x2f5: 0x0008,
+	0x2f6: 0x0008, 0x2f7: 0x0008, 0x2f8: 0x0008, 0x2f9: 0x0008, 0x2fa: 0x0008, 0x2fb: 0x0008,
+	0x2fc: 0x0008, 0x2fd: 0x0008, 0x2fe: 0x0008, 0x2ff: 0x0008,
+	// Block 0xc, offset 0x300
+	0x300: 0x0008, 0x301: 0x0008, 0x302: 0xe00f, 0x303: 0x0008, 0x304: 0x0008, 0x305: 0x0008,
+	0x306: 0x0008, 0x307: 0x0008, 0x308: 0x0008, 0x309: 0x0008, 0x30a: 0x0008, 0x30b: 0x0008,
+	0x30c: 0x0008, 0x30d: 0x0008, 0x30e: 0x0008, 0x30f: 0xe0c5, 0x310: 0x04b5, 0x311: 0x04cd,
+	0x312: 0xe0bd, 0x313: 0xe0f5, 0x314: 0xe0fd, 0x315: 0xe09d, 0x316: 0xe0b5, 0x317: 0x0008,
+	0x318: 0xe00d, 0x319: 0x0008, 0x31a: 0xe00d, 0x31b: 0x0008, 0x31c: 0xe00d, 0x31d: 0x0008,
+	0x31e: 0xe00d, 0x31f: 0x0008, 0x320: 0xe00d, 0x321: 0x0008, 0x322: 0xe00d, 0x323: 0x0008,
+	0x324: 0xe00d, 0x325: 0x0008, 0x326: 0xe00d, 0x327: 0x0008, 0x328: 0xe00d, 0x329: 0x0008,
+	0x32a: 0xe00d, 0x32b: 0x0008, 0x32c: 0xe00d, 0x32d: 0x0008, 0x32e: 0xe00d, 0x32f: 0x0008,
+	0x330: 0x04e5, 0x331: 0xe185, 0x332: 0xe18d, 0x333: 0x0008, 0x334: 0x04fd, 0x335: 0x03dd,
+	0x336: 0x0018, 0x337: 0xe07d, 0x338: 0x0008, 0x339: 0xe1d5, 0x33a: 0xe00d, 0x33b: 0x0008,
+	0x33c: 0x0008, 0x33d: 0x0515, 0x33e: 0x052d, 0x33f: 0x052d,
+	// Block 0xd, offset 0x340
+	0x340: 0x0008, 0x341: 0x0008, 0x342: 0x0008, 0x343: 0x0008, 0x344: 0x0008, 0x345: 0x0008,
+	0x346: 0x0008, 0x347: 0x0008, 0x348: 0x0008, 0x349: 0x0008, 0x34a: 0x0008, 0x34b: 0x0008,
+	0x34c: 0x0008, 0x34d: 0x0008, 0x34e: 0x0008, 0x34f: 0x0008, 0x350: 0x0008, 0x351: 0x0008,
+	0x352: 0x0008, 0x353: 0x0008, 0x354: 0x0008, 0x355: 0x0008, 0x356: 0x0008, 0x357: 0x0008,
+	0x358: 0x0008, 0x359: 0x0008, 0x35a: 0x0008, 0x35b: 0x0008, 0x35c: 0x0008, 0x35d: 0x0008,
+	0x35e: 0x0008, 0x35f: 0x0008, 0x360: 0xe00d, 0x361: 0x0008, 0x362: 0xe00d, 0x363: 0x0008,
+	0x364: 0xe00d, 0x365: 0x0008, 0x366: 0xe00d, 0x367: 0x0008, 0x368: 0xe00d, 0x369: 0x0008,
+	0x36a: 0xe00d, 0x36b: 0x0008, 0x36c: 0xe00d, 0x36d: 0x0008, 0x36e: 0xe00d, 0x36f: 0x0008,
+	0x370: 0xe00d, 0x371: 0x0008, 0x372: 0xe00d, 0x373: 0x0008, 0x374: 0xe00d, 0x375: 0x0008,
+	0x376: 0xe00d, 0x377: 0x0008, 0x378: 0xe00d, 0x379: 0x0008, 0x37a: 0xe00d, 0x37b: 0x0008,
+	0x37c: 0xe00d, 0x37d: 0x0008, 0x37e: 0xe00d, 0x37f: 0x0008,
+	// Block 0xe, offset 0x380
+	0x380: 0xe00d, 0x381: 0x0008, 0x382: 0x0018, 0x383: 0x3308, 0x384: 0x3308, 0x385: 0x3308,
+	0x386: 0x3308, 0x387: 0x3308, 0x388: 0x3318, 0x389: 0x3318, 0x38a: 0xe00d, 0x38b: 0x0008,
+	0x38c: 0xe00d, 0x38d: 0x0008, 0x38e: 0xe00d, 0x38f: 0x0008, 0x390: 0xe00d, 0x391: 0x0008,
+	0x392: 0xe00d, 0x393: 0x0008, 0x394: 0xe00d, 0x395: 0x0008, 0x396: 0xe00d, 0x397: 0x0008,
+	0x398: 0xe00d, 0x399: 0x0008, 0x39a: 0xe00d, 0x39b: 0x0008, 0x39c: 0xe00d, 0x39d: 0x0008,
+	0x39e: 0xe00d, 0x39f: 0x0008, 0x3a0: 0xe00d, 0x3a1: 0x0008, 0x3a2: 0xe00d, 0x3a3: 0x0008,
+	0x3a4: 0xe00d, 0x3a5: 0x0008, 0x3a6: 0xe00d, 0x3a7: 0x0008, 0x3a8: 0xe00d, 0x3a9: 0x0008,
+	0x3aa: 0xe00d, 0x3ab: 0x0008, 0x3ac: 0xe00d, 0x3ad: 0x0008, 0x3ae: 0xe00d, 0x3af: 0x0008,
+	0x3b0: 0xe00d, 0x3b1: 0x0008, 0x3b2: 0xe00d, 0x3b3: 0x0008, 0x3b4: 0xe00d, 0x3b5: 0x0008,
+	0x3b6: 0xe00d, 0x3b7: 0x0008, 0x3b8: 0xe00d, 0x3b9: 0x0008, 0x3ba: 0xe00d, 0x3bb: 0x0008,
+	0x3bc: 0xe00d, 0x3bd: 0x0008, 0x3be: 0xe00d, 0x3bf: 0x0008,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x0040, 0x3c1: 0xe01d, 0x3c2: 0x0008, 0x3c3: 0xe03d, 0x3c4: 0x0008, 0x3c5: 0xe01d,
+	0x3c6: 0x0008, 0x3c7: 0xe07d, 0x3c8: 0x0008, 0x3c9: 0xe01d, 0x3ca: 0x0008, 0x3cb: 0xe03d,
+	0x3cc: 0x0008, 0x3cd: 0xe01d, 0x3ce: 0x0008, 0x3cf: 0x0008, 0x3d0: 0xe00d, 0x3d1: 0x0008,
+	0x3d2: 0xe00d, 0x3d3: 0x0008, 0x3d4: 0xe00d, 0x3d5: 0x0008, 0x3d6: 0xe00d, 0x3d7: 0x0008,
+	0x3d8: 0xe00d, 0x3d9: 0x0008, 0x3da: 0xe00d, 0x3db: 0x0008, 0x3dc: 0xe00d, 0x3dd: 0x0008,
+	0x3de: 0xe00d, 0x3df: 0x0008, 0x3e0: 0xe00d, 0x3e1: 0x0008, 0x3e2: 0xe00d, 0x3e3: 0x0008,
+	0x3e4: 0xe00d, 0x3e5: 0x0008, 0x3e6: 0xe00d, 0x3e7: 0x0008, 0x3e8: 0xe00d, 0x3e9: 0x0008,
+	0x3ea: 0xe00d, 0x3eb: 0x0008, 0x3ec: 0xe00d, 0x3ed: 0x0008, 0x3ee: 0xe00d, 0x3ef: 0x0008,
+	0x3f0: 0xe00d, 0x3f1: 0x0008, 0x3f2: 0xe00d, 0x3f3: 0x0008, 0x3f4: 0xe00d, 0x3f5: 0x0008,
+	0x3f6: 0xe00d, 0x3f7: 0x0008, 0x3f8: 0xe00d, 0x3f9: 0x0008, 0x3fa: 0xe00d, 0x3fb: 0x0008,
+	0x3fc: 0xe00d, 0x3fd: 0x0008, 0x3fe: 0xe00d, 0x3ff: 0x0008,
+	// Block 0x10, offset 0x400
+	0x400: 0xe00d, 0x401: 0x0008, 0x402: 0xe00d, 0x403: 0x0008, 0x404: 0xe00d, 0x405: 0x0008,
+	0x406: 0xe00d, 0x407: 0x0008, 0x408: 0xe00d, 0x409: 0x0008, 0x40a: 0xe00d, 0x40b: 0x0008,
+	0x40c: 0xe00d, 0x40d: 0x0008, 0x40e: 0xe00d, 0x40f: 0x0008, 0x410: 0xe00d, 0x411: 0x0008,
+	0x412: 0xe00d, 0x413: 0x0008, 0x414: 0xe00d, 0x415: 0x0008, 0x416: 0xe00d, 0x417: 0x0008,
+	0x418: 0xe00d, 0x419: 0x0008, 0x41a: 0xe00d, 0x41b: 0x0008, 0x41c: 0xe00d, 0x41d: 0x0008,
+	0x41e: 0xe00d, 0x41f: 0x0008, 0x420: 0xe00d, 0x421: 0x0008, 0x422: 0xe00d, 0x423: 0x0008,
+	0x424: 0xe00d, 0x425: 0x0008, 0x426: 0xe00d, 0x427: 0x0008, 0x428: 0xe00d, 0x429: 0x0008,
+	0x42a: 0xe00d, 0x42b: 0x0008, 0x42c: 0xe00d, 0x42d: 0x0008, 0x42e: 0xe00d, 0x42f: 0x0008,
+	0x430: 0x0040, 0x431: 0x03f5, 0x432: 0x03f5, 0x433: 0x03f5, 0x434: 0x03f5, 0x435: 0x03f5,
+	0x436: 0x03f5, 0x437: 0x03f5, 0x438: 0x03f5, 0x439: 0x03f5, 0x43a: 0x03f5, 0x43b: 0x03f5,
+	0x43c: 0x03f5, 0x43d: 0x03f5, 0x43e: 0x03f5, 0x43f: 0x03f5,
+	// Block 0x11, offset 0x440
+	0x440: 0x0840, 0x441: 0x0840, 0x442: 0x0840, 0x443: 0x0840, 0x444: 0x0840, 0x445: 0x0840,
+	0x446: 0x0018, 0x447: 0x0018, 0x448: 0x0818, 0x449: 0x0018, 0x44a: 0x0018, 0x44b: 0x0818,
+	0x44c: 0x0018, 0x44d: 0x0818, 0x44e: 0x0018, 0x44f: 0x0018, 0x450: 0x3308, 0x451: 0x3308,
+	0x452: 0x3308, 0x453: 0x3308, 0x454: 0x3308, 0x455: 0x3308, 0x456: 0x3308, 0x457: 0x3308,
+	0x458: 0x3308, 0x459: 0x3308, 0x45a: 0x3308, 0x45b: 0x0818, 0x45c: 0x0b40, 0x45d: 0x0040,
+	0x45e: 0x0818, 0x45f: 0x0818, 0x460: 0x0a08, 0x461: 0x0808, 0x462: 0x0c08, 0x463: 0x0c08,
+	0x464: 0x0c08, 0x465: 0x0c08, 0x466: 0x0a08, 0x467: 0x0c08, 0x468: 0x0a08, 0x469: 0x0c08,
+	0x46a: 0x0a08, 0x46b: 0x0a08, 0x46c: 0x0a08, 0x46d: 0x0a08, 0x46e: 0x0a08, 0x46f: 0x0c08,
+	0x470: 0x0c08, 0x471: 0x0c08, 0x472: 0x0c08, 0x473: 0x0a08, 0x474: 0x0a08, 0x475: 0x0a08,
+	0x476: 0x0a08, 0x477: 0x0a08, 0x478: 0x0a08, 0x479: 0x0a08, 0x47a: 0x0a08, 0x47b: 0x0a08,
+	0x47c: 0x0a08, 0x47d: 0x0a08, 0x47e: 0x0a08, 0x47f: 0x0a08,
+	// Block 0x12, offset 0x480
+	0x480: 0x0818, 0x481: 0x0a08, 0x482: 0x0a08, 0x483: 0x0a08, 0x484: 0x0a08, 0x485: 0x0a08,
+	0x486: 0x0a08, 0x487: 0x0a08, 0x488: 0x0c08, 0x489: 0x0a08, 0x48a: 0x0a08, 0x48b: 0x3308,
+	0x48c: 0x3308, 0x48d: 0x3308, 0x48e: 0x3308, 0x48f: 0x3308, 0x490: 0x3308, 0x491: 0x3308,
+	0x492: 0x3308, 0x493: 0x3308, 0x494: 0x3308, 0x495: 0x3308, 0x496: 0x3308, 0x497: 0x3308,
+	0x498: 0x3308, 0x499: 0x3308, 0x49a: 0x3308, 0x49b: 0x3308, 0x49c: 0x3308, 0x49d: 0x3308,
+	0x49e: 0x3308, 0x49f: 0x3308, 0x4a0: 0x0808, 0x4a1: 0x0808, 0x4a2: 0x0808, 0x4a3: 0x0808,
+	0x4a4: 0x0808, 0x4a5: 0x0808, 0x4a6: 0x0808, 0x4a7: 0x0808, 0x4a8: 0x0808, 0x4a9: 0x0808,
+	0x4aa: 0x0018, 0x4ab: 0x0818, 0x4ac: 0x0818, 0x4ad: 0x0818, 0x4ae: 0x0a08, 0x4af: 0x0a08,
+	0x4b0: 0x3308, 0x4b1: 0x0c08, 0x4b2: 0x0c08, 0x4b3: 0x0c08, 0x4b4: 0x0808, 0x4b5: 0x0429,
+	0x4b6: 0x0451, 0x4b7: 0x0479, 0x4b8: 0x04a1, 0x4b9: 0x0a08, 0x4ba: 0x0a08, 0x4bb: 0x0a08,
+	0x4bc: 0x0a08, 0x4bd: 0x0a08, 0x4be: 0x0a08, 0x4bf: 0x0a08,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x0c08, 0x4c1: 0x0a08, 0x4c2: 0x0a08, 0x4c3: 0x0c08, 0x4c4: 0x0c08, 0x4c5: 0x0c08,
+	0x4c6: 0x0c08, 0x4c7: 0x0c08, 0x4c8: 0x0c08, 0x4c9: 0x0c08, 0x4ca: 0x0c08, 0x4cb: 0x0c08,
+	0x4cc: 0x0a08, 0x4cd: 0x0c08, 0x4ce: 0x0a08, 0x4cf: 0x0c08, 0x4d0: 0x0a08, 0x4d1: 0x0a08,
+	0x4d2: 0x0c08, 0x4d3: 0x0c08, 0x4d4: 0x0818, 0x4d5: 0x0c08, 0x4d6: 0x3308, 0x4d7: 0x3308,
+	0x4d8: 0x3308, 0x4d9: 0x3308, 0x4da: 0x3308, 0x4db: 0x3308, 0x4dc: 0x3308, 0x4dd: 0x0840,
+	0x4de: 0x0018, 0x4df: 0x3308, 0x4e0: 0x3308, 0x4e1: 0x3308, 0x4e2: 0x3308, 0x4e3: 0x3308,
+	0x4e4: 0x3308, 0x4e5: 0x0808, 0x4e6: 0x0808, 0x4e7: 0x3308, 0x4e8: 0x3308, 0x4e9: 0x0018,
+	0x4ea: 0x3308, 0x4eb: 0x3308, 0x4ec: 0x3308, 0x4ed: 0x3308, 0x4ee: 0x0c08, 0x4ef: 0x0c08,
+	0x4f0: 0x0008, 0x4f1: 0x0008, 0x4f2: 0x0008, 0x4f3: 0x0008, 0x4f4: 0x0008, 0x4f5: 0x0008,
+	0x4f6: 0x0008, 0x4f7: 0x0008, 0x4f8: 0x0008, 0x4f9: 0x0008, 0x4fa: 0x0a08, 0x4fb: 0x0a08,
+	0x4fc: 0x0a08, 0x4fd: 0x0808, 0x4fe: 0x0808, 0x4ff: 0x0a08,
+	// Block 0x14, offset 0x500
+	0x500: 0x0818, 0x501: 0x0818, 0x502: 0x0818, 0x503: 0x0818, 0x504: 0x0818, 0x505: 0x0818,
+	0x506: 0x0818, 0x507: 0x0818, 0x508: 0x0818, 0x509: 0x0818, 0x50a: 0x0818, 0x50b: 0x0818,
+	0x50c: 0x0818, 0x50d: 0x0818, 0x50e: 0x0040, 0x50f: 0x0b40, 0x510: 0x0c08, 0x511: 0x3308,
+	0x512: 0x0a08, 0x513: 0x0a08, 0x514: 0x0a08, 0x515: 0x0c08, 0x516: 0x0c08, 0x517: 0x0c08,
+	0x518: 0x0c08, 0x519: 0x0c08, 0x51a: 0x0a08, 0x51b: 0x0a08, 0x51c: 0x0a08, 0x51d: 0x0a08,
+	0x51e: 0x0c08, 0x51f: 0x0a08, 0x520: 0x0a08, 0x521: 0x0a08, 0x522: 0x0a08, 0x523: 0x0a08,
+	0x524: 0x0a08, 0x525: 0x0a08, 0x526: 0x0a08, 0x527: 0x0a08, 0x528: 0x0c08, 0x529: 0x0a08,
+	0x52a: 0x0c08, 0x52b: 0x0a08, 0x52c: 0x0c08, 0x52d: 0x0a08, 0x52e: 0x0a08, 0x52f: 0x0c08,
+	0x530: 0x3308, 0x531: 0x3308, 0x532: 0x3308, 0x533: 0x3308, 0x534: 0x3308, 0x535: 0x3308,
+	0x536: 0x3308, 0x537: 0x3308, 0x538: 0x3308, 0x539: 0x3308, 0x53a: 0x3308, 0x53b: 0x3308,
+	0x53c: 0x3308, 0x53d: 0x3308, 0x53e: 0x3308, 0x53f: 0x3308,
+	// Block 0x15, offset 0x540
+	0x540: 0x0c08, 0x541: 0x0a08, 0x542: 0x0a08, 0x543: 0x0a08, 0x544: 0x0a08, 0x545: 0x0a08,
+	0x546: 0x0c08, 0x547: 0x0c08, 0x548: 0x0a08, 0x549: 0x0c08, 0x54a: 0x0a08, 0x54b: 0x0a08,
+	0x54c: 0x0a08, 0x54d: 0x0a08, 0x54e: 0x0a08, 0x54f: 0x0a08, 0x550: 0x0a08, 0x551: 0x0a08,
+	0x552: 0x0a08, 0x553: 0x0a08, 0x554: 0x0c08, 0x555: 0x0a08, 0x556: 0x0808, 0x557: 0x0808,
+	0x558: 0x0808, 0x559: 0x3308, 0x55a: 0x3308, 0x55b: 0x3308, 0x55c: 0x0040, 0x55d: 0x0040,
+	0x55e: 0x0818, 0x55f: 0x0040, 0x560: 0x0a08, 0x561: 0x0808, 0x562: 0x0a08, 0x563: 0x0a08,
+	0x564: 0x0a08, 0x565: 0x0a08, 0x566: 0x0808, 0x567: 0x0c08, 0x568: 0x0a08, 0x569: 0x0c08,
+	0x56a: 0x0c08, 0x56b: 0x0040, 0x56c: 0x0040, 0x56d: 0x0040, 0x56e: 0x0040, 0x56f: 0x0040,
+	0x570: 0x0040, 0x571: 0x0040, 0x572: 0x0040, 0x573: 0x0040, 0x574: 0x0040, 0x575: 0x0040,
+	0x576: 0x0040, 0x577: 0x0040, 0x578: 0x0040, 0x579: 0x0040, 0x57a: 0x0040, 0x57b: 0x0040,
+	0x57c: 0x0040, 0x57d: 0x0040, 0x57e: 0x0040, 0x57f: 0x0040,
+	// Block 0x16, offset 0x580
+	0x580: 0x3008, 0x581: 0x3308, 0x582: 0x3308, 0x583: 0x3308, 0x584: 0x3308, 0x585: 0x3308,
+	0x586: 0x3308, 0x587: 0x3308, 0x588: 0x3308, 0x589: 0x3008, 0x58a: 0x3008, 0x58b: 0x3008,
+	0x58c: 0x3008, 0x58d: 0x3b08, 0x58e: 0x3008, 0x58f: 0x3008, 0x590: 0x0008, 0x591: 0x3308,
+	0x592: 0x3308, 0x593: 0x3308, 0x594: 0x3308, 0x595: 0x3308, 0x596: 0x3308, 0x597: 0x3308,
+	0x598: 0x04c9, 0x599: 0x0501, 0x59a: 0x0539, 0x59b: 0x0571, 0x59c: 0x05a9, 0x59d: 0x05e1,
+	0x59e: 0x0619, 0x59f: 0x0651, 0x5a0: 0x0008, 0x5a1: 0x0008, 0x5a2: 0x3308, 0x5a3: 0x3308,
+	0x5a4: 0x0018, 0x5a5: 0x0018, 0x5a6: 0x0008, 0x5a7: 0x0008, 0x5a8: 0x0008, 0x5a9: 0x0008,
+	0x5aa: 0x0008, 0x5ab: 0x0008, 0x5ac: 0x0008, 0x5ad: 0x0008, 0x5ae: 0x0008, 0x5af: 0x0008,
+	0x5b0: 0x0018, 0x5b1: 0x0008, 0x5b2: 0x0008, 0x5b3: 0x0008, 0x5b4: 0x0008, 0x5b5: 0x0008,
+	0x5b6: 0x0008, 0x5b7: 0x0008, 0x5b8: 0x0008, 0x5b9: 0x0008, 0x5ba: 0x0008, 0x5bb: 0x0008,
+	0x5bc: 0x0008, 0x5bd: 0x0008, 0x5be: 0x0008, 0x5bf: 0x0008,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x0008, 0x5c1: 0x3308, 0x5c2: 0x3008, 0x5c3: 0x3008, 0x5c4: 0x0040, 0x5c5: 0x0008,
+	0x5c6: 0x0008, 0x5c7: 0x0008, 0x5c8: 0x0008, 0x5c9: 0x0008, 0x5ca: 0x0008, 0x5cb: 0x0008,
+	0x5cc: 0x0008, 0x5cd: 0x0040, 0x5ce: 0x0040, 0x5cf: 0x0008, 0x5d0: 0x0008, 0x5d1: 0x0040,
+	0x5d2: 0x0040, 0x5d3: 0x0008, 0x5d4: 0x0008, 0x5d5: 0x0008, 0x5d6: 0x0008, 0x5d7: 0x0008,
+	0x5d8: 0x0008, 0x5d9: 0x0008, 0x5da: 0x0008, 0x5db: 0x0008, 0x5dc: 0x0008, 0x5dd: 0x0008,
+	0x5de: 0x0008, 0x5df: 0x0008, 0x5e0: 0x0008, 0x5e1: 0x0008, 0x5e2: 0x0008, 0x5e3: 0x0008,
+	0x5e4: 0x0008, 0x5e5: 0x0008, 0x5e6: 0x0008, 0x5e7: 0x0008, 0x5e8: 0x0008, 0x5e9: 0x0040,
+	0x5ea: 0x0008, 0x5eb: 0x0008, 0x5ec: 0x0008, 0x5ed: 0x0008, 0x5ee: 0x0008, 0x5ef: 0x0008,
+	0x5f0: 0x0008, 0x5f1: 0x0040, 0x5f2: 0x0008, 0x5f3: 0x0040, 0x5f4: 0x0040, 0x5f5: 0x0040,
+	0x5f6: 0x0008, 0x5f7: 0x0008, 0x5f8: 0x0008, 0x5f9: 0x0008, 0x5fa: 0x0040, 0x5fb: 0x0040,
+	0x5fc: 0x3308, 0x5fd: 0x0008, 0x5fe: 0x3008, 0x5ff: 0x3008,
+	// Block 0x18, offset 0x600
+	0x600: 0x3008, 0x601: 0x3308, 0x602: 0x3308, 0x603: 0x3308, 0x604: 0x3308, 0x605: 0x0040,
+	0x606: 0x0040, 0x607: 0x3008, 0x608: 0x3008, 0x609: 0x0040, 0x60a: 0x0040, 0x60b: 0x3008,
+	0x60c: 0x3008, 0x60d: 0x3b08, 0x60e: 0x0008, 0x60f: 0x0040, 0x610: 0x0040, 0x611: 0x0040,
+	0x612: 0x0040, 0x613: 0x0040, 0x614: 0x0040, 0x615: 0x0040, 0x616: 0x0040, 0x617: 0x3008,
+	0x618: 0x0040, 0x619: 0x0040, 0x61a: 0x0040, 0x61b: 0x0040, 0x61c: 0x0689, 0x61d: 0x06c1,
+	0x61e: 0x0040, 0x61f: 0x06f9, 0x620: 0x0008, 0x621: 0x0008, 0x622: 0x3308, 0x623: 0x3308,
+	0x624: 0x0040, 0x625: 0x0040, 0x626: 0x0008, 0x627: 0x0008, 0x628: 0x0008, 0x629: 0x0008,
+	0x62a: 0x0008, 0x62b: 0x0008, 0x62c: 0x0008, 0x62d: 0x0008, 0x62e: 0x0008, 0x62f: 0x0008,
+	0x630: 0x0008, 0x631: 0x0008, 0x632: 0x0018, 0x633: 0x0018, 0x634: 0x0018, 0x635: 0x0018,
+	0x636: 0x0018, 0x637: 0x0018, 0x638: 0x0018, 0x639: 0x0018, 0x63a: 0x0018, 0x63b: 0x0018,
+	0x63c: 0x0008, 0x63d: 0x0018, 0x63e: 0x0040, 0x63f: 0x0040,
+	// Block 0x19, offset 0x640
+	0x640: 0x0040, 0x641: 0x3308, 0x642: 0x3308, 0x643: 0x3008, 0x644: 0x0040, 0x645: 0x0008,
+	0x646: 0x0008, 0x647: 0x0008, 0x648: 0x0008, 0x649: 0x0008, 0x64a: 0x0008, 0x64b: 0x0040,
+	0x64c: 0x0040, 0x64d: 0x0040, 0x64e: 0x0040, 0x64f: 0x0008, 0x650: 0x0008, 0x651: 0x0040,
+	0x652: 0x0040, 0x653: 0x0008, 0x654: 0x0008, 0x655: 0x0008, 0x656: 0x0008, 0x657: 0x0008,
+	0x658: 0x0008, 0x659: 0x0008, 0x65a: 0x0008, 0x65b: 0x0008, 0x65c: 0x0008, 0x65d: 0x0008,
+	0x65e: 0x0008, 0x65f: 0x0008, 0x660: 0x0008, 0x661: 0x0008, 0x662: 0x0008, 0x663: 0x0008,
+	0x664: 0x0008, 0x665: 0x0008, 0x666: 0x0008, 0x667: 0x0008, 0x668: 0x0008, 0x669: 0x0040,
+	0x66a: 0x0008, 0x66b: 0x0008, 0x66c: 0x0008, 0x66d: 0x0008, 0x66e: 0x0008, 0x66f: 0x0008,
+	0x670: 0x0008, 0x671: 0x0040, 0x672: 0x0008, 0x673: 0x0731, 0x674: 0x0040, 0x675: 0x0008,
+	0x676: 0x0769, 0x677: 0x0040, 0x678: 0x0008, 0x679: 0x0008, 0x67a: 0x0040, 0x67b: 0x0040,
+	0x67c: 0x3308, 0x67d: 0x0040, 0x67e: 0x3008, 0x67f: 0x3008,
+	// Block 0x1a, offset 0x680
+	0x680: 0x3008, 0x681: 0x3308, 0x682: 0x3308, 0x683: 0x0040, 0x684: 0x0040, 0x685: 0x0040,
+	0x686: 0x0040, 0x687: 0x3308, 0x688: 0x3308, 0x689: 0x0040, 0x68a: 0x0040, 0x68b: 0x3308,
+	0x68c: 0x3308, 0x68d: 0x3b08, 0x68e: 0x0040, 0x68f: 0x0040, 0x690: 0x0040, 0x691: 0x3308,
+	0x692: 0x0040, 0x693: 0x0040, 0x694: 0x0040, 0x695: 0x0040, 0x696: 0x0040, 0x697: 0x0040,
+	0x698: 0x0040, 0x699: 0x07a1, 0x69a: 0x07d9, 0x69b: 0x0811, 0x69c: 0x0008, 0x69d: 0x0040,
+	0x69e: 0x0849, 0x69f: 0x0040, 0x6a0: 0x0040, 0x6a1: 0x0040, 0x6a2: 0x0040, 0x6a3: 0x0040,
+	0x6a4: 0x0040, 0x6a5: 0x0040, 0x6a6: 0x0008, 0x6a7: 0x0008, 0x6a8: 0x0008, 0x6a9: 0x0008,
+	0x6aa: 0x0008, 0x6ab: 0x0008, 0x6ac: 0x0008, 0x6ad: 0x0008, 0x6ae: 0x0008, 0x6af: 0x0008,
+	0x6b0: 0x3308, 0x6b1: 0x3308, 0x6b2: 0x0008, 0x6b3: 0x0008, 0x6b4: 0x0008, 0x6b5: 0x3308,
+	0x6b6: 0x0040, 0x6b7: 0x0040, 0x6b8: 0x0040, 0x6b9: 0x0040, 0x6ba: 0x0040, 0x6bb: 0x0040,
+	0x6bc: 0x0040, 0x6bd: 0x0040, 0x6be: 0x0040, 0x6bf: 0x0040,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x0040, 0x6c1: 0x3308, 0x6c2: 0x3308, 0x6c3: 0x3008, 0x6c4: 0x0040, 0x6c5: 0x0008,
+	0x6c6: 0x0008, 0x6c7: 0x0008, 0x6c8: 0x0008, 0x6c9: 0x0008, 0x6ca: 0x0008, 0x6cb: 0x0008,
+	0x6cc: 0x0008, 0x6cd: 0x0008, 0x6ce: 0x0040, 0x6cf: 0x0008, 0x6d0: 0x0008, 0x6d1: 0x0008,
+	0x6d2: 0x0040, 0x6d3: 0x0008, 0x6d4: 0x0008, 0x6d5: 0x0008, 0x6d6: 0x0008, 0x6d7: 0x0008,
+	0x6d8: 0x0008, 0x6d9: 0x0008, 0x6da: 0x0008, 0x6db: 0x0008, 0x6dc: 0x0008, 0x6dd: 0x0008,
+	0x6de: 0x0008, 0x6df: 0x0008, 0x6e0: 0x0008, 0x6e1: 0x0008, 0x6e2: 0x0008, 0x6e3: 0x0008,
+	0x6e4: 0x0008, 0x6e5: 0x0008, 0x6e6: 0x0008, 0x6e7: 0x0008, 0x6e8: 0x0008, 0x6e9: 0x0040,
+	0x6ea: 0x0008, 0x6eb: 0x0008, 0x6ec: 0x0008, 0x6ed: 0x0008, 0x6ee: 0x0008, 0x6ef: 0x0008,
+	0x6f0: 0x0008, 0x6f1: 0x0040, 0x6f2: 0x0008, 0x6f3: 0x0008, 0x6f4: 0x0040, 0x6f5: 0x0008,
+	0x6f6: 0x0008, 0x6f7: 0x0008, 0x6f8: 0x0008, 0x6f9: 0x0008, 0x6fa: 0x0040, 0x6fb: 0x0040,
+	0x6fc: 0x3308, 0x6fd: 0x0008, 0x6fe: 0x3008, 0x6ff: 0x3008,
+	// Block 0x1c, offset 0x700
+	0x700: 0x3008, 0x701: 0x3308, 0x702: 0x3308, 0x703: 0x3308, 0x704: 0x3308, 0x705: 0x3308,
+	0x706: 0x0040, 0x707: 0x3308, 0x708: 0x3308, 0x709: 0x3008, 0x70a: 0x0040, 0x70b: 0x3008,
+	0x70c: 0x3008, 0x70d: 0x3b08, 0x70e: 0x0040, 0x70f: 0x0040, 0x710: 0x0008, 0x711: 0x0040,
+	0x712: 0x0040, 0x713: 0x0040, 0x714: 0x0040, 0x715: 0x0040, 0x716: 0x0040, 0x717: 0x0040,
+	0x718: 0x0040, 0x719: 0x0040, 0x71a: 0x0040, 0x71b: 0x0040, 0x71c: 0x0040, 0x71d: 0x0040,
+	0x71e: 0x0040, 0x71f: 0x0040, 0x720: 0x0008, 0x721: 0x0008, 0x722: 0x3308, 0x723: 0x3308,
+	0x724: 0x0040, 0x725: 0x0040, 0x726: 0x0008, 0x727: 0x0008, 0x728: 0x0008, 0x729: 0x0008,
+	0x72a: 0x0008, 0x72b: 0x0008, 0x72c: 0x0008, 0x72d: 0x0008, 0x72e: 0x0008, 0x72f: 0x0008,
+	0x730: 0x0018, 0x731: 0x0018, 0x732: 0x0040, 0x733: 0x0040, 0x734: 0x0040, 0x735: 0x0040,
+	0x736: 0x0040, 0x737: 0x0040, 0x738: 0x0040, 0x739: 0x0008, 0x73a: 0x3308, 0x73b: 0x3308,
+	0x73c: 0x3308, 0x73d: 0x3308, 0x73e: 0x3308, 0x73f: 0x3308,
+	// Block 0x1d, offset 0x740
+	0x740: 0x0040, 0x741: 0x3308, 0x742: 0x3008, 0x743: 0x3008, 0x744: 0x0040, 0x745: 0x0008,
+	0x746: 0x0008, 0x747: 0x0008, 0x748: 0x0008, 0x749: 0x0008, 0x74a: 0x0008, 0x74b: 0x0008,
+	0x74c: 0x0008, 0x74d: 0x0040, 0x74e: 0x0040, 0x74f: 0x0008, 0x750: 0x0008, 0x751: 0x0040,
+	0x752: 0x0040, 0x753: 0x0008, 0x754: 0x0008, 0x755: 0x0008, 0x756: 0x0008, 0x757: 0x0008,
+	0x758: 0x0008, 0x759: 0x0008, 0x75a: 0x0008, 0x75b: 0x0008, 0x75c: 0x0008, 0x75d: 0x0008,
+	0x75e: 0x0008, 0x75f: 0x0008, 0x760: 0x0008, 0x761: 0x0008, 0x762: 0x0008, 0x763: 0x0008,
+	0x764: 0x0008, 0x765: 0x0008, 0x766: 0x0008, 0x767: 0x0008, 0x768: 0x0008, 0x769: 0x0040,
+	0x76a: 0x0008, 0x76b: 0x0008, 0x76c: 0x0008, 0x76d: 0x0008, 0x76e: 0x0008, 0x76f: 0x0008,
+	0x770: 0x0008, 0x771: 0x0040, 0x772: 0x0008, 0x773: 0x0008, 0x774: 0x0040, 0x775: 0x0008,
+	0x776: 0x0008, 0x777: 0x0008, 0x778: 0x0008, 0x779: 0x0008, 0x77a: 0x0040, 0x77b: 0x0040,
+	0x77c: 0x3308, 0x77d: 0x0008, 0x77e: 0x3008, 0x77f: 0x3308,
+	// Block 0x1e, offset 0x780
+	0x780: 0x3008, 0x781: 0x3308, 0x782: 0x3308, 0x783: 0x3308, 0x784: 0x3308, 0x785: 0x0040,
+	0x786: 0x0040, 0x787: 0x3008, 0x788: 0x3008, 0x789: 0x0040, 0x78a: 0x0040, 0x78b: 0x3008,
+	0x78c: 0x3008, 0x78d: 0x3b08, 0x78e: 0x0040, 0x78f: 0x0040, 0x790: 0x0040, 0x791: 0x0040,
+	0x792: 0x0040, 0x793: 0x0040, 0x794: 0x0040, 0x795: 0x0040, 0x796: 0x3308, 0x797: 0x3008,
+	0x798: 0x0040, 0x799: 0x0040, 0x79a: 0x0040, 0x79b: 0x0040, 0x79c: 0x0881, 0x79d: 0x08b9,
+	0x79e: 0x0040, 0x79f: 0x0008, 0x7a0: 0x0008, 0x7a1: 0x0008, 0x7a2: 0x3308, 0x7a3: 0x3308,
+	0x7a4: 0x0040, 0x7a5: 0x0040, 0x7a6: 0x0008, 0x7a7: 0x0008, 0x7a8: 0x0008, 0x7a9: 0x0008,
+	0x7aa: 0x0008, 0x7ab: 0x0008, 0x7ac: 0x0008, 0x7ad: 0x0008, 0x7ae: 0x0008, 0x7af: 0x0008,
+	0x7b0: 0x0018, 0x7b1: 0x0008, 0x7b2: 0x0018, 0x7b3: 0x0018, 0x7b4: 0x0018, 0x7b5: 0x0018,
+	0x7b6: 0x0018, 0x7b7: 0x0018, 0x7b8: 0x0040, 0x7b9: 0x0040, 0x7ba: 0x0040, 0x7bb: 0x0040,
+	0x7bc: 0x0040, 0x7bd: 0x0040, 0x7be: 0x0040, 0x7bf: 0x0040,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0x0040, 0x7c1: 0x0040, 0x7c2: 0x3308, 0x7c3: 0x0008, 0x7c4: 0x0040, 0x7c5: 0x0008,
+	0x7c6: 0x0008, 0x7c7: 0x0008, 0x7c8: 0x0008, 0x7c9: 0x0008, 0x7ca: 0x0008, 0x7cb: 0x0040,
+	0x7cc: 0x0040, 0x7cd: 0x0040, 0x7ce: 0x0008, 0x7cf: 0x0008, 0x7d0: 0x0008, 0x7d1: 0x0040,
+	0x7d2: 0x0008, 0x7d3: 0x0008, 0x7d4: 0x0008, 0x7d5: 0x0008, 0x7d6: 0x0040, 0x7d7: 0x0040,
+	0x7d8: 0x0040, 0x7d9: 0x0008, 0x7da: 0x0008, 0x7db: 0x0040, 0x7dc: 0x0008, 0x7dd: 0x0040,
+	0x7de: 0x0008, 0x7df: 0x0008, 0x7e0: 0x0040, 0x7e1: 0x0040, 0x7e2: 0x0040, 0x7e3: 0x0008,
+	0x7e4: 0x0008, 0x7e5: 0x0040, 0x7e6: 0x0040, 0x7e7: 0x0040, 0x7e8: 0x0008, 0x7e9: 0x0008,
+	0x7ea: 0x0008, 0x7eb: 0x0040, 0x7ec: 0x0040, 0x7ed: 0x0040, 0x7ee: 0x0008, 0x7ef: 0x0008,
+	0x7f0: 0x0008, 0x7f1: 0x0008, 0x7f2: 0x0008, 0x7f3: 0x0008, 0x7f4: 0x0008, 0x7f5: 0x0008,
+	0x7f6: 0x0008, 0x7f7: 0x0008, 0x7f8: 0x0008, 0x7f9: 0x0008, 0x7fa: 0x0040, 0x7fb: 0x0040,
+	0x7fc: 0x0040, 0x7fd: 0x0040, 0x7fe: 0x3008, 0x7ff: 0x3008,
+	// Block 0x20, offset 0x800
+	0x800: 0x3308, 0x801: 0x3008, 0x802: 0x3008, 0x803: 0x3008, 0x804: 0x3008, 0x805: 0x0040,
+	0x806: 0x3308, 0x807: 0x3308, 0x808: 0x3308, 0x809: 0x0040, 0x80a: 0x3308, 0x80b: 0x3308,
+	0x80c: 0x3308, 0x80d: 0x3b08, 0x80e: 0x0040, 0x80f: 0x0040, 0x810: 0x0040, 0x811: 0x0040,
+	0x812: 0x0040, 0x813: 0x0040, 0x814: 0x0040, 0x815: 0x3308, 0x816: 0x3308, 0x817: 0x0040,
+	0x818: 0x0008, 0x819: 0x0008, 0x81a: 0x0008, 0x81b: 0x0040, 0x81c: 0x0040, 0x81d: 0x0040,
+	0x81e: 0x0040, 0x81f: 0x0040, 0x820: 0x0008, 0x821: 0x0008, 0x822: 0x3308, 0x823: 0x3308,
+	0x824: 0x0040, 0x825: 0x0040, 0x826: 0x0008, 0x827: 0x0008, 0x828: 0x0008, 0x829: 0x0008,
+	0x82a: 0x0008, 0x82b: 0x0008, 0x82c: 0x0008, 0x82d: 0x0008, 0x82e: 0x0008, 0x82f: 0x0008,
+	0x830: 0x0040, 0x831: 0x0040, 0x832: 0x0040, 0x833: 0x0040, 0x834: 0x0040, 0x835: 0x0040,
+	0x836: 0x0040, 0x837: 0x0040, 0x838: 0x0018, 0x839: 0x0018, 0x83a: 0x0018, 0x83b: 0x0018,
+	0x83c: 0x0018, 0x83d: 0x0018, 0x83e: 0x0018, 0x83f: 0x0018,
+	// Block 0x21, offset 0x840
+	0x840: 0x0008, 0x841: 0x3308, 0x842: 0x3008, 0x843: 0x3008, 0x844: 0x0040, 0x845: 0x0008,
+	0x846: 0x0008, 0x847: 0x0008, 0x848: 0x0008, 0x849: 0x0008, 0x84a: 0x0008, 0x84b: 0x0008,
+	0x84c: 0x0008, 0x84d: 0x0040, 0x84e: 0x0008, 0x84f: 0x0008, 0x850: 0x0008, 0x851: 0x0040,
+	0x852: 0x0008, 0x853: 0x0008, 0x854: 0x0008, 0x855: 0x0008, 0x856: 0x0008, 0x857: 0x0008,
+	0x858: 0x0008, 0x859: 0x0008, 0x85a: 0x0008, 0x85b: 0x0008, 0x85c: 0x0008, 0x85d: 0x0008,
+	0x85e: 0x0008, 0x85f: 0x0008, 0x860: 0x0008, 0x861: 0x0008, 0x862: 0x0008, 0x863: 0x0008,
+	0x864: 0x0008, 0x865: 0x0008, 0x866: 0x0008, 0x867: 0x0008, 0x868: 0x0008, 0x869: 0x0040,
+	0x86a: 0x0008, 0x86b: 0x0008, 0x86c: 0x0008, 0x86d: 0x0008, 0x86e: 0x0008, 0x86f: 0x0008,
+	0x870: 0x0008, 0x871: 0x0008, 0x872: 0x0008, 0x873: 0x0008, 0x874: 0x0040, 0x875: 0x0008,
+	0x876: 0x0008, 0x877: 0x0008, 0x878: 0x0008, 0x879: 0x0008, 0x87a: 0x0040, 0x87b: 0x0040,
+	0x87c: 0x3308, 0x87d: 0x0008, 0x87e: 0x3008, 0x87f: 0x3308,
+	// Block 0x22, offset 0x880
+	0x880: 0x3008, 0x881: 0x3008, 0x882: 0x3008, 0x883: 0x3008, 0x884: 0x3008, 0x885: 0x0040,
+	0x886: 0x3308, 0x887: 0x3008, 0x888: 0x3008, 0x889: 0x0040, 0x88a: 0x3008, 0x88b: 0x3008,
+	0x88c: 0x3308, 0x88d: 0x3b08, 0x88e: 0x0040, 0x88f: 0x0040, 0x890: 0x0040, 0x891: 0x0040,
+	0x892: 0x0040, 0x893: 0x0040, 0x894: 0x0040, 0x895: 0x3008, 0x896: 0x3008, 0x897: 0x0040,
+	0x898: 0x0040, 0x899: 0x0040, 0x89a: 0x0040, 0x89b: 0x0040, 0x89c: 0x0040, 0x89d: 0x0040,
+	0x89e: 0x0008, 0x89f: 0x0040, 0x8a0: 0x0008, 0x8a1: 0x0008, 0x8a2: 0x3308, 0x8a3: 0x3308,
+	0x8a4: 0x0040, 0x8a5: 0x0040, 0x8a6: 0x0008, 0x8a7: 0x0008, 0x8a8: 0x0008, 0x8a9: 0x0008,
+	0x8aa: 0x0008, 0x8ab: 0x0008, 0x8ac: 0x0008, 0x8ad: 0x0008, 0x8ae: 0x0008, 0x8af: 0x0008,
+	0x8b0: 0x0040, 0x8b1: 0x0008, 0x8b2: 0x0008, 0x8b3: 0x0040, 0x8b4: 0x0040, 0x8b5: 0x0040,
+	0x8b6: 0x0040, 0x8b7: 0x0040, 0x8b8: 0x0040, 0x8b9: 0x0040, 0x8ba: 0x0040, 0x8bb: 0x0040,
+	0x8bc: 0x0040, 0x8bd: 0x0040, 0x8be: 0x0040, 0x8bf: 0x0040,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x3008, 0x8c1: 0x3308, 0x8c2: 0x3308, 0x8c3: 0x3308, 0x8c4: 0x3308, 0x8c5: 0x0040,
+	0x8c6: 0x3008, 0x8c7: 0x3008, 0x8c8: 0x3008, 0x8c9: 0x0040, 0x8ca: 0x3008, 0x8cb: 0x3008,
+	0x8cc: 0x3008, 0x8cd: 0x3b08, 0x8ce: 0x0008, 0x8cf: 0x0018, 0x8d0: 0x0040, 0x8d1: 0x0040,
+	0x8d2: 0x0040, 0x8d3: 0x0040, 0x8d4: 0x0008, 0x8d5: 0x0008, 0x8d6: 0x0008, 0x8d7: 0x3008,
+	0x8d8: 0x0018, 0x8d9: 0x0018, 0x8da: 0x0018, 0x8db: 0x0018, 0x8dc: 0x0018, 0x8dd: 0x0018,
+	0x8de: 0x0018, 0x8df: 0x0008, 0x8e0: 0x0008, 0x8e1: 0x0008, 0x8e2: 0x3308, 0x8e3: 0x3308,
+	0x8e4: 0x0040, 0x8e5: 0x0040, 0x8e6: 0x0008, 0x8e7: 0x0008, 0x8e8: 0x0008, 0x8e9: 0x0008,
+	0x8ea: 0x0008, 0x8eb: 0x0008, 0x8ec: 0x0008, 0x8ed: 0x0008, 0x8ee: 0x0008, 0x8ef: 0x0008,
+	0x8f0: 0x0018, 0x8f1: 0x0018, 0x8f2: 0x0018, 0x8f3: 0x0018, 0x8f4: 0x0018, 0x8f5: 0x0018,
+	0x8f6: 0x0018, 0x8f7: 0x0018, 0x8f8: 0x0018, 0x8f9: 0x0018, 0x8fa: 0x0008, 0x8fb: 0x0008,
+	0x8fc: 0x0008, 0x8fd: 0x0008, 0x8fe: 0x0008, 0x8ff: 0x0008,
+	// Block 0x24, offset 0x900
+	0x900: 0x0040, 0x901: 0x0008, 0x902: 0x0008, 0x903: 0x0040, 0x904: 0x0008, 0x905: 0x0040,
+	0x906: 0x0040, 0x907: 0x0008, 0x908: 0x0008, 0x909: 0x0040, 0x90a: 0x0008, 0x90b: 0x0040,
+	0x90c: 0x0040, 0x90d: 0x0008, 0x90e: 0x0040, 0x90f: 0x0040, 0x910: 0x0040, 0x911: 0x0040,
+	0x912: 0x0040, 0x913: 0x0040, 0x914: 0x0008, 0x915: 0x0008, 0x916: 0x0008, 0x917: 0x0008,
+	0x918: 0x0040, 0x919: 0x0008, 0x91a: 0x0008, 0x91b: 0x0008, 0x91c: 0x0008, 0x91d: 0x0008,
+	0x91e: 0x0008, 0x91f: 0x0008, 0x920: 0x0040, 0x921: 0x0008, 0x922: 0x0008, 0x923: 0x0008,
+	0x924: 0x0040, 0x925: 0x0008, 0x926: 0x0040, 0x927: 0x0008, 0x928: 0x0040, 0x929: 0x0040,
+	0x92a: 0x0008, 0x92b: 0x0008, 0x92c: 0x0040, 0x92d: 0x0008, 0x92e: 0x0008, 0x92f: 0x0008,
+	0x930: 0x0008, 0x931: 0x3308, 0x932: 0x0008, 0x933: 0x0929, 0x934: 0x3308, 0x935: 0x3308,
+	0x936: 0x3308, 0x937: 0x3308, 0x938: 0x3308, 0x939: 0x3308, 0x93a: 0x0040, 0x93b: 0x3308,
+	0x93c: 0x3308, 0x93d: 0x0008, 0x93e: 0x0040, 0x93f: 0x0040,
+	// Block 0x25, offset 0x940
+	0x940: 0x0008, 0x941: 0x0008, 0x942: 0x0008, 0x943: 0x09d1, 0x944: 0x0008, 0x945: 0x0008,
+	0x946: 0x0008, 0x947: 0x0008, 0x948: 0x0040, 0x949: 0x0008, 0x94a: 0x0008, 0x94b: 0x0008,
+	0x94c: 0x0008, 0x94d: 0x0a09, 0x94e: 0x0008, 0x94f: 0x0008, 0x950: 0x0008, 0x951: 0x0008,
+	0x952: 0x0a41, 0x953: 0x0008, 0x954: 0x0008, 0x955: 0x0008, 0x956: 0x0008, 0x957: 0x0a79,
+	0x958: 0x0008, 0x959: 0x0008, 0x95a: 0x0008, 0x95b: 0x0008, 0x95c: 0x0ab1, 0x95d: 0x0008,
+	0x95e: 0x0008, 0x95f: 0x0008, 0x960: 0x0008, 0x961: 0x0008, 0x962: 0x0008, 0x963: 0x0008,
+	0x964: 0x0008, 0x965: 0x0008, 0x966: 0x0008, 0x967: 0x0008, 0x968: 0x0008, 0x969: 0x0ae9,
+	0x96a: 0x0008, 0x96b: 0x0008, 0x96c: 0x0008, 0x96d: 0x0040, 0x96e: 0x0040, 0x96f: 0x0040,
+	0x970: 0x0040, 0x971: 0x3308, 0x972: 0x3308, 0x973: 0x0b21, 0x974: 0x3308, 0x975: 0x0b59,
+	0x976: 0x0b91, 0x977: 0x0bc9, 0x978: 0x0c19, 0x979: 0x0c51, 0x97a: 0x3308, 0x97b: 0x3308,
+	0x97c: 0x3308, 0x97d: 0x3308, 0x97e: 0x3308, 0x97f: 0x3008,
+	// Block 0x26, offset 0x980
+	0x980: 0x3308, 0x981: 0x0ca1, 0x982: 0x3308, 0x983: 0x3308, 0x984: 0x3b08, 0x985: 0x0018,
+	0x986: 0x3308, 0x987: 0x3308, 0x988: 0x0008, 0x989: 0x0008, 0x98a: 0x0008, 0x98b: 0x0008,
+	0x98c: 0x0008, 0x98d: 0x3308, 0x98e: 0x3308, 0x98f: 0x3308, 0x990: 0x3308, 0x991: 0x3308,
+	0x992: 0x3308, 0x993: 0x0cd9, 0x994: 0x3308, 0x995: 0x3308, 0x996: 0x3308, 0x997: 0x3308,
+	0x998: 0x0040, 0x999: 0x3308, 0x99a: 0x3308, 0x99b: 0x3308, 0x99c: 0x3308, 0x99d: 0x0d11,
+	0x99e: 0x3308, 0x99f: 0x3308, 0x9a0: 0x3308, 0x9a1: 0x3308, 0x9a2: 0x0d49, 0x9a3: 0x3308,
+	0x9a4: 0x3308, 0x9a5: 0x3308, 0x9a6: 0x3308, 0x9a7: 0x0d81, 0x9a8: 0x3308, 0x9a9: 0x3308,
+	0x9aa: 0x3308, 0x9ab: 0x3308, 0x9ac: 0x0db9, 0x9ad: 0x3308, 0x9ae: 0x3308, 0x9af: 0x3308,
+	0x9b0: 0x3308, 0x9b1: 0x3308, 0x9b2: 0x3308, 0x9b3: 0x3308, 0x9b4: 0x3308, 0x9b5: 0x3308,
+	0x9b6: 0x3308, 0x9b7: 0x3308, 0x9b8: 0x3308, 0x9b9: 0x0df1, 0x9ba: 0x3308, 0x9bb: 0x3308,
+	0x9bc: 0x3308, 0x9bd: 0x0040, 0x9be: 0x0018, 0x9bf: 0x0018,
+	// Block 0x27, offset 0x9c0
+	0x9c0: 0x0008, 0x9c1: 0x0008, 0x9c2: 0x0008, 0x9c3: 0x0008, 0x9c4: 0x0008, 0x9c5: 0x0008,
+	0x9c6: 0x0008, 0x9c7: 0x0008, 0x9c8: 0x0008, 0x9c9: 0x0008, 0x9ca: 0x0008, 0x9cb: 0x0008,
+	0x9cc: 0x0008, 0x9cd: 0x0008, 0x9ce: 0x0008, 0x9cf: 0x0008, 0x9d0: 0x0008, 0x9d1: 0x0008,
+	0x9d2: 0x0008, 0x9d3: 0x0008, 0x9d4: 0x0008, 0x9d5: 0x0008, 0x9d6: 0x0008, 0x9d7: 0x0008,
+	0x9d8: 0x0008, 0x9d9: 0x0008, 0x9da: 0x0008, 0x9db: 0x0008, 0x9dc: 0x0008, 0x9dd: 0x0008,
+	0x9de: 0x0008, 0x9df: 0x0008, 0x9e0: 0x0008, 0x9e1: 0x0008, 0x9e2: 0x0008, 0x9e3: 0x0008,
+	0x9e4: 0x0008, 0x9e5: 0x0008, 0x9e6: 0x0008, 0x9e7: 0x0008, 0x9e8: 0x0008, 0x9e9: 0x0008,
+	0x9ea: 0x0008, 0x9eb: 0x0008, 0x9ec: 0x0039, 0x9ed: 0x0ed1, 0x9ee: 0x0ee9, 0x9ef: 0x0008,
+	0x9f0: 0x0ef9, 0x9f1: 0x0f09, 0x9f2: 0x0f19, 0x9f3: 0x0f31, 0x9f4: 0x0249, 0x9f5: 0x0f41,
+	0x9f6: 0x0259, 0x9f7: 0x0f51, 0x9f8: 0x0359, 0x9f9: 0x0f61, 0x9fa: 0x0f71, 0x9fb: 0x0008,
+	0x9fc: 0x00d9, 0x9fd: 0x0f81, 0x9fe: 0x0f99, 0x9ff: 0x0269,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x0fa9, 0xa01: 0x0fb9, 0xa02: 0x0279, 0xa03: 0x0039, 0xa04: 0x0fc9, 0xa05: 0x0fe1,
+	0xa06: 0x059d, 0xa07: 0x0ee9, 0xa08: 0x0ef9, 0xa09: 0x0f09, 0xa0a: 0x0ff9, 0xa0b: 0x1011,
+	0xa0c: 0x1029, 0xa0d: 0x0f31, 0xa0e: 0x0008, 0xa0f: 0x0f51, 0xa10: 0x0f61, 0xa11: 0x1041,
+	0xa12: 0x00d9, 0xa13: 0x1059, 0xa14: 0x05b5, 0xa15: 0x05b5, 0xa16: 0x0f99, 0xa17: 0x0fa9,
+	0xa18: 0x0fb9, 0xa19: 0x059d, 0xa1a: 0x1071, 0xa1b: 0x1089, 0xa1c: 0x05cd, 0xa1d: 0x1099,
+	0xa1e: 0x10b1, 0xa1f: 0x10c9, 0xa20: 0x10e1, 0xa21: 0x10f9, 0xa22: 0x0f41, 0xa23: 0x0269,
+	0xa24: 0x0fb9, 0xa25: 0x1089, 0xa26: 0x1099, 0xa27: 0x10b1, 0xa28: 0x1111, 0xa29: 0x10e1,
+	0xa2a: 0x10f9, 0xa2b: 0x0008, 0xa2c: 0x0008, 0xa2d: 0x0008, 0xa2e: 0x0008, 0xa2f: 0x0008,
+	0xa30: 0x0008, 0xa31: 0x0008, 0xa32: 0x0008, 0xa33: 0x0008, 0xa34: 0x0008, 0xa35: 0x0008,
+	0xa36: 0x0008, 0xa37: 0x0008, 0xa38: 0x1129, 0xa39: 0x0008, 0xa3a: 0x0008, 0xa3b: 0x0008,
+	0xa3c: 0x0008, 0xa3d: 0x0008, 0xa3e: 0x0008, 0xa3f: 0x0008,
+	// Block 0x29, offset 0xa40
+	0xa40: 0x0008, 0xa41: 0x0008, 0xa42: 0x0008, 0xa43: 0x0008, 0xa44: 0x0008, 0xa45: 0x0008,
+	0xa46: 0x0008, 0xa47: 0x0008, 0xa48: 0x0008, 0xa49: 0x0008, 0xa4a: 0x0008, 0xa4b: 0x0008,
+	0xa4c: 0x0008, 0xa4d: 0x0008, 0xa4e: 0x0008, 0xa4f: 0x0008, 0xa50: 0x0008, 0xa51: 0x0008,
+	0xa52: 0x0008, 0xa53: 0x0008, 0xa54: 0x0008, 0xa55: 0x0008, 0xa56: 0x0008, 0xa57: 0x0008,
+	0xa58: 0x0008, 0xa59: 0x0008, 0xa5a: 0x0008, 0xa5b: 0x1141, 0xa5c: 0x1159, 0xa5d: 0x1169,
+	0xa5e: 0x1181, 0xa5f: 0x1029, 0xa60: 0x1199, 0xa61: 0x11a9, 0xa62: 0x11c1, 0xa63: 0x11d9,
+	0xa64: 0x11f1, 0xa65: 0x1209, 0xa66: 0x1221, 0xa67: 0x05e5, 0xa68: 0x1239, 0xa69: 0x1251,
+	0xa6a: 0xe17d, 0xa6b: 0x1269, 0xa6c: 0x1281, 0xa6d: 0x1299, 0xa6e: 0x12b1, 0xa6f: 0x12c9,
+	0xa70: 0x12e1, 0xa71: 0x12f9, 0xa72: 0x1311, 0xa73: 0x1329, 0xa74: 0x1341, 0xa75: 0x1359,
+	0xa76: 0x1371, 0xa77: 0x1389, 0xa78: 0x05fd, 0xa79: 0x13a1, 0xa7a: 0x13b9, 0xa7b: 0x13d1,
+	0xa7c: 0x13e1, 0xa7d: 0x13f9, 0xa7e: 0x1411, 0xa7f: 0x1429,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0xe00d, 0xa81: 0x0008, 0xa82: 0xe00d, 0xa83: 0x0008, 0xa84: 0xe00d, 0xa85: 0x0008,
+	0xa86: 0xe00d, 0xa87: 0x0008, 0xa88: 0xe00d, 0xa89: 0x0008, 0xa8a: 0xe00d, 0xa8b: 0x0008,
+	0xa8c: 0xe00d, 0xa8d: 0x0008, 0xa8e: 0xe00d, 0xa8f: 0x0008, 0xa90: 0xe00d, 0xa91: 0x0008,
+	0xa92: 0xe00d, 0xa93: 0x0008, 0xa94: 0xe00d, 0xa95: 0x0008, 0xa96: 0xe00d, 0xa97: 0x0008,
+	0xa98: 0xe00d, 0xa99: 0x0008, 0xa9a: 0xe00d, 0xa9b: 0x0008, 0xa9c: 0xe00d, 0xa9d: 0x0008,
+	0xa9e: 0xe00d, 0xa9f: 0x0008, 0xaa0: 0xe00d, 0xaa1: 0x0008, 0xaa2: 0xe00d, 0xaa3: 0x0008,
+	0xaa4: 0xe00d, 0xaa5: 0x0008, 0xaa6: 0xe00d, 0xaa7: 0x0008, 0xaa8: 0xe00d, 0xaa9: 0x0008,
+	0xaaa: 0xe00d, 0xaab: 0x0008, 0xaac: 0xe00d, 0xaad: 0x0008, 0xaae: 0xe00d, 0xaaf: 0x0008,
+	0xab0: 0xe00d, 0xab1: 0x0008, 0xab2: 0xe00d, 0xab3: 0x0008, 0xab4: 0xe00d, 0xab5: 0x0008,
+	0xab6: 0xe00d, 0xab7: 0x0008, 0xab8: 0xe00d, 0xab9: 0x0008, 0xaba: 0xe00d, 0xabb: 0x0008,
+	0xabc: 0xe00d, 0xabd: 0x0008, 0xabe: 0xe00d, 0xabf: 0x0008,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0xe00d, 0xac1: 0x0008, 0xac2: 0xe00d, 0xac3: 0x0008, 0xac4: 0xe00d, 0xac5: 0x0008,
+	0xac6: 0xe00d, 0xac7: 0x0008, 0xac8: 0xe00d, 0xac9: 0x0008, 0xaca: 0xe00d, 0xacb: 0x0008,
+	0xacc: 0xe00d, 0xacd: 0x0008, 0xace: 0xe00d, 0xacf: 0x0008, 0xad0: 0xe00d, 0xad1: 0x0008,
+	0xad2: 0xe00d, 0xad3: 0x0008, 0xad4: 0xe00d, 0xad5: 0x0008, 0xad6: 0x0008, 0xad7: 0x0008,
+	0xad8: 0x0008, 0xad9: 0x0008, 0xada: 0x0615, 0xadb: 0x0635, 0xadc: 0x0008, 0xadd: 0x0008,
+	0xade: 0x1441, 0xadf: 0x0008, 0xae0: 0xe00d, 0xae1: 0x0008, 0xae2: 0xe00d, 0xae3: 0x0008,
+	0xae4: 0xe00d, 0xae5: 0x0008, 0xae6: 0xe00d, 0xae7: 0x0008, 0xae8: 0xe00d, 0xae9: 0x0008,
+	0xaea: 0xe00d, 0xaeb: 0x0008, 0xaec: 0xe00d, 0xaed: 0x0008, 0xaee: 0xe00d, 0xaef: 0x0008,
+	0xaf0: 0xe00d, 0xaf1: 0x0008, 0xaf2: 0xe00d, 0xaf3: 0x0008, 0xaf4: 0xe00d, 0xaf5: 0x0008,
+	0xaf6: 0xe00d, 0xaf7: 0x0008, 0xaf8: 0xe00d, 0xaf9: 0x0008, 0xafa: 0xe00d, 0xafb: 0x0008,
+	0xafc: 0xe00d, 0xafd: 0x0008, 0xafe: 0xe00d, 0xaff: 0x0008,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x0008, 0xb01: 0x0008, 0xb02: 0x0008, 0xb03: 0x0008, 0xb04: 0x0008, 0xb05: 0x0008,
+	0xb06: 0x0040, 0xb07: 0x0040, 0xb08: 0xe045, 0xb09: 0xe045, 0xb0a: 0xe045, 0xb0b: 0xe045,
+	0xb0c: 0xe045, 0xb0d: 0xe045, 0xb0e: 0x0040, 0xb0f: 0x0040, 0xb10: 0x0008, 0xb11: 0x0008,
+	0xb12: 0x0008, 0xb13: 0x0008, 0xb14: 0x0008, 0xb15: 0x0008, 0xb16: 0x0008, 0xb17: 0x0008,
+	0xb18: 0x0040, 0xb19: 0xe045, 0xb1a: 0x0040, 0xb1b: 0xe045, 0xb1c: 0x0040, 0xb1d: 0xe045,
+	0xb1e: 0x0040, 0xb1f: 0xe045, 0xb20: 0x0008, 0xb21: 0x0008, 0xb22: 0x0008, 0xb23: 0x0008,
+	0xb24: 0x0008, 0xb25: 0x0008, 0xb26: 0x0008, 0xb27: 0x0008, 0xb28: 0xe045, 0xb29: 0xe045,
+	0xb2a: 0xe045, 0xb2b: 0xe045, 0xb2c: 0xe045, 0xb2d: 0xe045, 0xb2e: 0xe045, 0xb2f: 0xe045,
+	0xb30: 0x0008, 0xb31: 0x1459, 0xb32: 0x0008, 0xb33: 0x1471, 0xb34: 0x0008, 0xb35: 0x1489,
+	0xb36: 0x0008, 0xb37: 0x14a1, 0xb38: 0x0008, 0xb39: 0x14b9, 0xb3a: 0x0008, 0xb3b: 0x14d1,
+	0xb3c: 0x0008, 0xb3d: 0x14e9, 0xb3e: 0x0040, 0xb3f: 0x0040,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x1501, 0xb41: 0x1531, 0xb42: 0x1561, 0xb43: 0x1591, 0xb44: 0x15c1, 0xb45: 0x15f1,
+	0xb46: 0x1621, 0xb47: 0x1651, 0xb48: 0x1501, 0xb49: 0x1531, 0xb4a: 0x1561, 0xb4b: 0x1591,
+	0xb4c: 0x15c1, 0xb4d: 0x15f1, 0xb4e: 0x1621, 0xb4f: 0x1651, 0xb50: 0x1681, 0xb51: 0x16b1,
+	0xb52: 0x16e1, 0xb53: 0x1711, 0xb54: 0x1741, 0xb55: 0x1771, 0xb56: 0x17a1, 0xb57: 0x17d1,
+	0xb58: 0x1681, 0xb59: 0x16b1, 0xb5a: 0x16e1, 0xb5b: 0x1711, 0xb5c: 0x1741, 0xb5d: 0x1771,
+	0xb5e: 0x17a1, 0xb5f: 0x17d1, 0xb60: 0x1801, 0xb61: 0x1831, 0xb62: 0x1861, 0xb63: 0x1891,
+	0xb64: 0x18c1, 0xb65: 0x18f1, 0xb66: 0x1921, 0xb67: 0x1951, 0xb68: 0x1801, 0xb69: 0x1831,
+	0xb6a: 0x1861, 0xb6b: 0x1891, 0xb6c: 0x18c1, 0xb6d: 0x18f1, 0xb6e: 0x1921, 0xb6f: 0x1951,
+	0xb70: 0x0008, 0xb71: 0x0008, 0xb72: 0x1981, 0xb73: 0x19b1, 0xb74: 0x19d9, 0xb75: 0x0040,
+	0xb76: 0x0008, 0xb77: 0x1a01, 0xb78: 0xe045, 0xb79: 0xe045, 0xb7a: 0x064d, 0xb7b: 0x1459,
+	0xb7c: 0x19b1, 0xb7d: 0x0666, 0xb7e: 0x1a31, 0xb7f: 0x0686,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x06a6, 0xb81: 0x1a4a, 0xb82: 0x1a79, 0xb83: 0x1aa9, 0xb84: 0x1ad1, 0xb85: 0x0040,
+	0xb86: 0x0008, 0xb87: 0x1af9, 0xb88: 0x06c5, 0xb89: 0x1471, 0xb8a: 0x06dd, 0xb8b: 0x1489,
+	0xb8c: 0x1aa9, 0xb8d: 0x1b2a, 0xb8e: 0x1b5a, 0xb8f: 0x1b8a, 0xb90: 0x0008, 0xb91: 0x0008,
+	0xb92: 0x0008, 0xb93: 0x1bb9, 0xb94: 0x0040, 0xb95: 0x0040, 0xb96: 0x0008, 0xb97: 0x0008,
+	0xb98: 0xe045, 0xb99: 0xe045, 0xb9a: 0x06f5, 0xb9b: 0x14a1, 0xb9c: 0x0040, 0xb9d: 0x1bd2,
+	0xb9e: 0x1c02, 0xb9f: 0x1c32, 0xba0: 0x0008, 0xba1: 0x0008, 0xba2: 0x0008, 0xba3: 0x1c61,
+	0xba4: 0x0008, 0xba5: 0x0008, 0xba6: 0x0008, 0xba7: 0x0008, 0xba8: 0xe045, 0xba9: 0xe045,
+	0xbaa: 0x070d, 0xbab: 0x14d1, 0xbac: 0xe04d, 0xbad: 0x1c7a, 0xbae: 0x03d2, 0xbaf: 0x1caa,
+	0xbb0: 0x0040, 0xbb1: 0x0040, 0xbb2: 0x1cb9, 0xbb3: 0x1ce9, 0xbb4: 0x1d11, 0xbb5: 0x0040,
+	0xbb6: 0x0008, 0xbb7: 0x1d39, 0xbb8: 0x0725, 0xbb9: 0x14b9, 0xbba: 0x0515, 0xbbb: 0x14e9,
+	0xbbc: 0x1ce9, 0xbbd: 0x073e, 0xbbe: 0x075e, 0xbbf: 0x0040,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x000a, 0xbc1: 0x000a, 0xbc2: 0x000a, 0xbc3: 0x000a, 0xbc4: 0x000a, 0xbc5: 0x000a,
+	0xbc6: 0x000a, 0xbc7: 0x000a, 0xbc8: 0x000a, 0xbc9: 0x000a, 0xbca: 0x000a, 0xbcb: 0x03c0,
+	0xbcc: 0x0003, 0xbcd: 0x0003, 0xbce: 0x0340, 0xbcf: 0x0b40, 0xbd0: 0x0018, 0xbd1: 0xe00d,
+	0xbd2: 0x0018, 0xbd3: 0x0018, 0xbd4: 0x0018, 0xbd5: 0x0018, 0xbd6: 0x0018, 0xbd7: 0x077e,
+	0xbd8: 0x0018, 0xbd9: 0x0018, 0xbda: 0x0018, 0xbdb: 0x0018, 0xbdc: 0x0018, 0xbdd: 0x0018,
+	0xbde: 0x0018, 0xbdf: 0x0018, 0xbe0: 0x0018, 0xbe1: 0x0018, 0xbe2: 0x0018, 0xbe3: 0x0018,
+	0xbe4: 0x0040, 0xbe5: 0x0040, 0xbe6: 0x0040, 0xbe7: 0x0018, 0xbe8: 0x0040, 0xbe9: 0x0040,
+	0xbea: 0x0340, 0xbeb: 0x0340, 0xbec: 0x0340, 0xbed: 0x0340, 0xbee: 0x0340, 0xbef: 0x000a,
+	0xbf0: 0x0018, 0xbf1: 0x0018, 0xbf2: 0x0018, 0xbf3: 0x1d69, 0xbf4: 0x1da1, 0xbf5: 0x0018,
+	0xbf6: 0x1df1, 0xbf7: 0x1e29, 0xbf8: 0x0018, 0xbf9: 0x0018, 0xbfa: 0x0018, 0xbfb: 0x0018,
+	0xbfc: 0x1e7a, 0xbfd: 0x0018, 0xbfe: 0x079e, 0xbff: 0x0018,
+	// Block 0x30, offset 0xc00
+	0xc00: 0x0018, 0xc01: 0x0018, 0xc02: 0x0018, 0xc03: 0x0018, 0xc04: 0x0018, 0xc05: 0x0018,
+	0xc06: 0x0018, 0xc07: 0x1e92, 0xc08: 0x1eaa, 0xc09: 0x1ec2, 0xc0a: 0x0018, 0xc0b: 0x0018,
+	0xc0c: 0x0018, 0xc0d: 0x0018, 0xc0e: 0x0018, 0xc0f: 0x0018, 0xc10: 0x0018, 0xc11: 0x0018,
+	0xc12: 0x0018, 0xc13: 0x0018, 0xc14: 0x0018, 0xc15: 0x0018, 0xc16: 0x0018, 0xc17: 0x1ed9,
+	0xc18: 0x0018, 0xc19: 0x0018, 0xc1a: 0x0018, 0xc1b: 0x0018, 0xc1c: 0x0018, 0xc1d: 0x0018,
+	0xc1e: 0x0018, 0xc1f: 0x000a, 0xc20: 0x03c0, 0xc21: 0x0340, 0xc22: 0x0340, 0xc23: 0x0340,
+	0xc24: 0x03c0, 0xc25: 0x0040, 0xc26: 0x0040, 0xc27: 0x0040, 0xc28: 0x0040, 0xc29: 0x0040,
+	0xc2a: 0x0340, 0xc2b: 0x0340, 0xc2c: 0x0340, 0xc2d: 0x0340, 0xc2e: 0x0340, 0xc2f: 0x0340,
+	0xc30: 0x1f41, 0xc31: 0x0f41, 0xc32: 0x0040, 0xc33: 0x0040, 0xc34: 0x1f51, 0xc35: 0x1f61,
+	0xc36: 0x1f71, 0xc37: 0x1f81, 0xc38: 0x1f91, 0xc39: 0x1fa1, 0xc3a: 0x1fb2, 0xc3b: 0x07bd,
+	0xc3c: 0x1fc2, 0xc3d: 0x1fd2, 0xc3e: 0x1fe2, 0xc3f: 0x0f71,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x1f41, 0xc41: 0x00c9, 0xc42: 0x0069, 0xc43: 0x0079, 0xc44: 0x1f51, 0xc45: 0x1f61,
+	0xc46: 0x1f71, 0xc47: 0x1f81, 0xc48: 0x1f91, 0xc49: 0x1fa1, 0xc4a: 0x1fb2, 0xc4b: 0x07d5,
+	0xc4c: 0x1fc2, 0xc4d: 0x1fd2, 0xc4e: 0x1fe2, 0xc4f: 0x0040, 0xc50: 0x0039, 0xc51: 0x0f09,
+	0xc52: 0x00d9, 0xc53: 0x0369, 0xc54: 0x0ff9, 0xc55: 0x0249, 0xc56: 0x0f51, 0xc57: 0x0359,
+	0xc58: 0x0f61, 0xc59: 0x0f71, 0xc5a: 0x0f99, 0xc5b: 0x01d9, 0xc5c: 0x0fa9, 0xc5d: 0x0040,
+	0xc5e: 0x0040, 0xc5f: 0x0040, 0xc60: 0x0018, 0xc61: 0x0018, 0xc62: 0x0018, 0xc63: 0x0018,
+	0xc64: 0x0018, 0xc65: 0x0018, 0xc66: 0x0018, 0xc67: 0x0018, 0xc68: 0x1ff1, 0xc69: 0x0018,
+	0xc6a: 0x0018, 0xc6b: 0x0018, 0xc6c: 0x0018, 0xc6d: 0x0018, 0xc6e: 0x0018, 0xc6f: 0x0018,
+	0xc70: 0x0018, 0xc71: 0x0018, 0xc72: 0x0018, 0xc73: 0x0018, 0xc74: 0x0018, 0xc75: 0x0018,
+	0xc76: 0x0018, 0xc77: 0x0018, 0xc78: 0x0018, 0xc79: 0x0018, 0xc7a: 0x0018, 0xc7b: 0x0018,
+	0xc7c: 0x0018, 0xc7d: 0x0018, 0xc7e: 0x0018, 0xc7f: 0x0018,
+	// Block 0x32, offset 0xc80
+	0xc80: 0x07ee, 0xc81: 0x080e, 0xc82: 0x1159, 0xc83: 0x082d, 0xc84: 0x0018, 0xc85: 0x084e,
+	0xc86: 0x086e, 0xc87: 0x1011, 0xc88: 0x0018, 0xc89: 0x088d, 0xc8a: 0x0f31, 0xc8b: 0x0249,
+	0xc8c: 0x0249, 0xc8d: 0x0249, 0xc8e: 0x0249, 0xc8f: 0x2009, 0xc90: 0x0f41, 0xc91: 0x0f41,
+	0xc92: 0x0359, 0xc93: 0x0359, 0xc94: 0x0018, 0xc95: 0x0f71, 0xc96: 0x2021, 0xc97: 0x0018,
+	0xc98: 0x0018, 0xc99: 0x0f99, 0xc9a: 0x2039, 0xc9b: 0x0269, 0xc9c: 0x0269, 0xc9d: 0x0269,
+	0xc9e: 0x0018, 0xc9f: 0x0018, 0xca0: 0x2049, 0xca1: 0x08ad, 0xca2: 0x2061, 0xca3: 0x0018,
+	0xca4: 0x13d1, 0xca5: 0x0018, 0xca6: 0x2079, 0xca7: 0x0018, 0xca8: 0x13d1, 0xca9: 0x0018,
+	0xcaa: 0x0f51, 0xcab: 0x2091, 0xcac: 0x0ee9, 0xcad: 0x1159, 0xcae: 0x0018, 0xcaf: 0x0f09,
+	0xcb0: 0x0f09, 0xcb1: 0x1199, 0xcb2: 0x0040, 0xcb3: 0x0f61, 0xcb4: 0x00d9, 0xcb5: 0x20a9,
+	0xcb6: 0x20c1, 0xcb7: 0x20d9, 0xcb8: 0x20f1, 0xcb9: 0x0f41, 0xcba: 0x0018, 0xcbb: 0x08cd,
+	0xcbc: 0x2109, 0xcbd: 0x10b1, 0xcbe: 0x10b1, 0xcbf: 0x2109,
+	// Block 0x33, offset 0xcc0
+	0xcc0: 0x08ed, 0xcc1: 0x0018, 0xcc2: 0x0018, 0xcc3: 0x0018, 0xcc4: 0x0018, 0xcc5: 0x0ef9,
+	0xcc6: 0x0ef9, 0xcc7: 0x0f09, 0xcc8: 0x0f41, 0xcc9: 0x0259, 0xcca: 0x0018, 0xccb: 0x0018,
+	0xccc: 0x0018, 0xccd: 0x0018, 0xcce: 0x0008, 0xccf: 0x0018, 0xcd0: 0x2121, 0xcd1: 0x2151,
+	0xcd2: 0x2181, 0xcd3: 0x21b9, 0xcd4: 0x21e9, 0xcd5: 0x2219, 0xcd6: 0x2249, 0xcd7: 0x2279,
+	0xcd8: 0x22a9, 0xcd9: 0x22d9, 0xcda: 0x2309, 0xcdb: 0x2339, 0xcdc: 0x2369, 0xcdd: 0x2399,
+	0xcde: 0x23c9, 0xcdf: 0x23f9, 0xce0: 0x0f41, 0xce1: 0x2421, 0xce2: 0x0905, 0xce3: 0x2439,
+	0xce4: 0x1089, 0xce5: 0x2451, 0xce6: 0x0925, 0xce7: 0x2469, 0xce8: 0x2491, 0xce9: 0x0369,
+	0xcea: 0x24a9, 0xceb: 0x0945, 0xcec: 0x0359, 0xced: 0x1159, 0xcee: 0x0ef9, 0xcef: 0x0f61,
+	0xcf0: 0x0f41, 0xcf1: 0x2421, 0xcf2: 0x0965, 0xcf3: 0x2439, 0xcf4: 0x1089, 0xcf5: 0x2451,
+	0xcf6: 0x0985, 0xcf7: 0x2469, 0xcf8: 0x2491, 0xcf9: 0x0369, 0xcfa: 0x24a9, 0xcfb: 0x09a5,
+	0xcfc: 0x0359, 0xcfd: 0x1159, 0xcfe: 0x0ef9, 0xcff: 0x0f61,
+	// Block 0x34, offset 0xd00
+	0xd00: 0x0018, 0xd01: 0x0018, 0xd02: 0x0018, 0xd03: 0x0018, 0xd04: 0x0018, 0xd05: 0x0018,
+	0xd06: 0x0018, 0xd07: 0x0018, 0xd08: 0x0018, 0xd09: 0x0018, 0xd0a: 0x0018, 0xd0b: 0x0040,
+	0xd0c: 0x0040, 0xd0d: 0x0040, 0xd0e: 0x0040, 0xd0f: 0x0040, 0xd10: 0x0040, 0xd11: 0x0040,
+	0xd12: 0x0040, 0xd13: 0x0040, 0xd14: 0x0040, 0xd15: 0x0040, 0xd16: 0x0040, 0xd17: 0x0040,
+	0xd18: 0x0040, 0xd19: 0x0040, 0xd1a: 0x0040, 0xd1b: 0x0040, 0xd1c: 0x0040, 0xd1d: 0x0040,
+	0xd1e: 0x0040, 0xd1f: 0x0040, 0xd20: 0x00c9, 0xd21: 0x0069, 0xd22: 0x0079, 0xd23: 0x1f51,
+	0xd24: 0x1f61, 0xd25: 0x1f71, 0xd26: 0x1f81, 0xd27: 0x1f91, 0xd28: 0x1fa1, 0xd29: 0x2601,
+	0xd2a: 0x2619, 0xd2b: 0x2631, 0xd2c: 0x2649, 0xd2d: 0x2661, 0xd2e: 0x2679, 0xd2f: 0x2691,
+	0xd30: 0x26a9, 0xd31: 0x26c1, 0xd32: 0x26d9, 0xd33: 0x26f1, 0xd34: 0x0a06, 0xd35: 0x0a26,
+	0xd36: 0x0a46, 0xd37: 0x0a66, 0xd38: 0x0a86, 0xd39: 0x0aa6, 0xd3a: 0x0ac6, 0xd3b: 0x0ae6,
+	0xd3c: 0x0b06, 0xd3d: 0x270a, 0xd3e: 0x2732, 0xd3f: 0x275a,
+	// Block 0x35, offset 0xd40
+	0xd40: 0x2782, 0xd41: 0x27aa, 0xd42: 0x27d2, 0xd43: 0x27fa, 0xd44: 0x2822, 0xd45: 0x284a,
+	0xd46: 0x2872, 0xd47: 0x289a, 0xd48: 0x0040, 0xd49: 0x0040, 0xd4a: 0x0040, 0xd4b: 0x0040,
+	0xd4c: 0x0040, 0xd4d: 0x0040, 0xd4e: 0x0040, 0xd4f: 0x0040, 0xd50: 0x0040, 0xd51: 0x0040,
+	0xd52: 0x0040, 0xd53: 0x0040, 0xd54: 0x0040, 0xd55: 0x0040, 0xd56: 0x0040, 0xd57: 0x0040,
+	0xd58: 0x0040, 0xd59: 0x0040, 0xd5a: 0x0040, 0xd5b: 0x0040, 0xd5c: 0x0b26, 0xd5d: 0x0b46,
+	0xd5e: 0x0b66, 0xd5f: 0x0b86, 0xd60: 0x0ba6, 0xd61: 0x0bc6, 0xd62: 0x0be6, 0xd63: 0x0c06,
+	0xd64: 0x0c26, 0xd65: 0x0c46, 0xd66: 0x0c66, 0xd67: 0x0c86, 0xd68: 0x0ca6, 0xd69: 0x0cc6,
+	0xd6a: 0x0ce6, 0xd6b: 0x0d06, 0xd6c: 0x0d26, 0xd6d: 0x0d46, 0xd6e: 0x0d66, 0xd6f: 0x0d86,
+	0xd70: 0x0da6, 0xd71: 0x0dc6, 0xd72: 0x0de6, 0xd73: 0x0e06, 0xd74: 0x0e26, 0xd75: 0x0e46,
+	0xd76: 0x0039, 0xd77: 0x0ee9, 0xd78: 0x1159, 0xd79: 0x0ef9, 0xd7a: 0x0f09, 0xd7b: 0x1199,
+	0xd7c: 0x0f31, 0xd7d: 0x0249, 0xd7e: 0x0f41, 0xd7f: 0x0259,
+	// Block 0x36, offset 0xd80
+	0xd80: 0x0f51, 0xd81: 0x0359, 0xd82: 0x0f61, 0xd83: 0x0f71, 0xd84: 0x00d9, 0xd85: 0x0f99,
+	0xd86: 0x2039, 0xd87: 0x0269, 0xd88: 0x01d9, 0xd89: 0x0fa9, 0xd8a: 0x0fb9, 0xd8b: 0x1089,
+	0xd8c: 0x0279, 0xd8d: 0x0369, 0xd8e: 0x0289, 0xd8f: 0x13d1, 0xd90: 0x0039, 0xd91: 0x0ee9,
+	0xd92: 0x1159, 0xd93: 0x0ef9, 0xd94: 0x0f09, 0xd95: 0x1199, 0xd96: 0x0f31, 0xd97: 0x0249,
+	0xd98: 0x0f41, 0xd99: 0x0259, 0xd9a: 0x0f51, 0xd9b: 0x0359, 0xd9c: 0x0f61, 0xd9d: 0x0f71,
+	0xd9e: 0x00d9, 0xd9f: 0x0f99, 0xda0: 0x2039, 0xda1: 0x0269, 0xda2: 0x01d9, 0xda3: 0x0fa9,
+	0xda4: 0x0fb9, 0xda5: 0x1089, 0xda6: 0x0279, 0xda7: 0x0369, 0xda8: 0x0289, 0xda9: 0x13d1,
+	0xdaa: 0x1f41, 0xdab: 0x0018, 0xdac: 0x0018, 0xdad: 0x0018, 0xdae: 0x0018, 0xdaf: 0x0018,
+	0xdb0: 0x0018, 0xdb1: 0x0018, 0xdb2: 0x0018, 0xdb3: 0x0018, 0xdb4: 0x0018, 0xdb5: 0x0018,
+	0xdb6: 0x0018, 0xdb7: 0x0018, 0xdb8: 0x0018, 0xdb9: 0x0018, 0xdba: 0x0018, 0xdbb: 0x0018,
+	0xdbc: 0x0018, 0xdbd: 0x0018, 0xdbe: 0x0018, 0xdbf: 0x0018,
+	// Block 0x37, offset 0xdc0
+	0xdc0: 0x0008, 0xdc1: 0x0008, 0xdc2: 0x0008, 0xdc3: 0x0008, 0xdc4: 0x0008, 0xdc5: 0x0008,
+	0xdc6: 0x0008, 0xdc7: 0x0008, 0xdc8: 0x0008, 0xdc9: 0x0008, 0xdca: 0x0008, 0xdcb: 0x0008,
+	0xdcc: 0x0008, 0xdcd: 0x0008, 0xdce: 0x0008, 0xdcf: 0x0008, 0xdd0: 0x0008, 0xdd1: 0x0008,
+	0xdd2: 0x0008, 0xdd3: 0x0008, 0xdd4: 0x0008, 0xdd5: 0x0008, 0xdd6: 0x0008, 0xdd7: 0x0008,
+	0xdd8: 0x0008, 0xdd9: 0x0008, 0xdda: 0x0008, 0xddb: 0x0008, 0xddc: 0x0008, 0xddd: 0x0008,
+	0xdde: 0x0008, 0xddf: 0x0040, 0xde0: 0xe00d, 0xde1: 0x0008, 0xde2: 0x2971, 0xde3: 0x0ebd,
+	0xde4: 0x2989, 0xde5: 0x0008, 0xde6: 0x0008, 0xde7: 0xe07d, 0xde8: 0x0008, 0xde9: 0xe01d,
+	0xdea: 0x0008, 0xdeb: 0xe03d, 0xdec: 0x0008, 0xded: 0x0fe1, 0xdee: 0x1281, 0xdef: 0x0fc9,
+	0xdf0: 0x1141, 0xdf1: 0x0008, 0xdf2: 0xe00d, 0xdf3: 0x0008, 0xdf4: 0x0008, 0xdf5: 0xe01d,
+	0xdf6: 0x0008, 0xdf7: 0x0008, 0xdf8: 0x0008, 0xdf9: 0x0008, 0xdfa: 0x0008, 0xdfb: 0x0008,
+	0xdfc: 0x0259, 0xdfd: 0x1089, 0xdfe: 0x29a1, 0xdff: 0x29b9,
+	// Block 0x38, offset 0xe00
+	0xe00: 0xe00d, 0xe01: 0x0008, 0xe02: 0xe00d, 0xe03: 0x0008, 0xe04: 0xe00d, 0xe05: 0x0008,
+	0xe06: 0xe00d, 0xe07: 0x0008, 0xe08: 0xe00d, 0xe09: 0x0008, 0xe0a: 0xe00d, 0xe0b: 0x0008,
+	0xe0c: 0xe00d, 0xe0d: 0x0008, 0xe0e: 0xe00d, 0xe0f: 0x0008, 0xe10: 0xe00d, 0xe11: 0x0008,
+	0xe12: 0xe00d, 0xe13: 0x0008, 0xe14: 0xe00d, 0xe15: 0x0008, 0xe16: 0xe00d, 0xe17: 0x0008,
+	0xe18: 0xe00d, 0xe19: 0x0008, 0xe1a: 0xe00d, 0xe1b: 0x0008, 0xe1c: 0xe00d, 0xe1d: 0x0008,
+	0xe1e: 0xe00d, 0xe1f: 0x0008, 0xe20: 0xe00d, 0xe21: 0x0008, 0xe22: 0xe00d, 0xe23: 0x0008,
+	0xe24: 0x0008, 0xe25: 0x0018, 0xe26: 0x0018, 0xe27: 0x0018, 0xe28: 0x0018, 0xe29: 0x0018,
+	0xe2a: 0x0018, 0xe2b: 0xe03d, 0xe2c: 0x0008, 0xe2d: 0xe01d, 0xe2e: 0x0008, 0xe2f: 0x3308,
+	0xe30: 0x3308, 0xe31: 0x3308, 0xe32: 0xe00d, 0xe33: 0x0008, 0xe34: 0x0040, 0xe35: 0x0040,
+	0xe36: 0x0040, 0xe37: 0x0040, 0xe38: 0x0040, 0xe39: 0x0018, 0xe3a: 0x0018, 0xe3b: 0x0018,
+	0xe3c: 0x0018, 0xe3d: 0x0018, 0xe3e: 0x0018, 0xe3f: 0x0018,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x26fd, 0xe41: 0x271d, 0xe42: 0x273d, 0xe43: 0x275d, 0xe44: 0x277d, 0xe45: 0x279d,
+	0xe46: 0x27bd, 0xe47: 0x27dd, 0xe48: 0x27fd, 0xe49: 0x281d, 0xe4a: 0x283d, 0xe4b: 0x285d,
+	0xe4c: 0x287d, 0xe4d: 0x289d, 0xe4e: 0x28bd, 0xe4f: 0x28dd, 0xe50: 0x28fd, 0xe51: 0x291d,
+	0xe52: 0x293d, 0xe53: 0x295d, 0xe54: 0x297d, 0xe55: 0x299d, 0xe56: 0x0040, 0xe57: 0x0040,
+	0xe58: 0x0040, 0xe59: 0x0040, 0xe5a: 0x0040, 0xe5b: 0x0040, 0xe5c: 0x0040, 0xe5d: 0x0040,
+	0xe5e: 0x0040, 0xe5f: 0x0040, 0xe60: 0x0040, 0xe61: 0x0040, 0xe62: 0x0040, 0xe63: 0x0040,
+	0xe64: 0x0040, 0xe65: 0x0040, 0xe66: 0x0040, 0xe67: 0x0040, 0xe68: 0x0040, 0xe69: 0x0040,
+	0xe6a: 0x0040, 0xe6b: 0x0040, 0xe6c: 0x0040, 0xe6d: 0x0040, 0xe6e: 0x0040, 0xe6f: 0x0040,
+	0xe70: 0x0040, 0xe71: 0x0040, 0xe72: 0x0040, 0xe73: 0x0040, 0xe74: 0x0040, 0xe75: 0x0040,
+	0xe76: 0x0040, 0xe77: 0x0040, 0xe78: 0x0040, 0xe79: 0x0040, 0xe7a: 0x0040, 0xe7b: 0x0040,
+	0xe7c: 0x0040, 0xe7d: 0x0040, 0xe7e: 0x0040, 0xe7f: 0x0040,
+	// Block 0x3a, offset 0xe80
+	0xe80: 0x000a, 0xe81: 0x0018, 0xe82: 0x29d1, 0xe83: 0x0018, 0xe84: 0x0018, 0xe85: 0x0008,
+	0xe86: 0x0008, 0xe87: 0x0008, 0xe88: 0x0018, 0xe89: 0x0018, 0xe8a: 0x0018, 0xe8b: 0x0018,
+	0xe8c: 0x0018, 0xe8d: 0x0018, 0xe8e: 0x0018, 0xe8f: 0x0018, 0xe90: 0x0018, 0xe91: 0x0018,
+	0xe92: 0x0018, 0xe93: 0x0018, 0xe94: 0x0018, 0xe95: 0x0018, 0xe96: 0x0018, 0xe97: 0x0018,
+	0xe98: 0x0018, 0xe99: 0x0018, 0xe9a: 0x0018, 0xe9b: 0x0018, 0xe9c: 0x0018, 0xe9d: 0x0018,
+	0xe9e: 0x0018, 0xe9f: 0x0018, 0xea0: 0x0018, 0xea1: 0x0018, 0xea2: 0x0018, 0xea3: 0x0018,
+	0xea4: 0x0018, 0xea5: 0x0018, 0xea6: 0x0018, 0xea7: 0x0018, 0xea8: 0x0018, 0xea9: 0x0018,
+	0xeaa: 0x3308, 0xeab: 0x3308, 0xeac: 0x3308, 0xead: 0x3308, 0xeae: 0x3018, 0xeaf: 0x3018,
+	0xeb0: 0x0018, 0xeb1: 0x0018, 0xeb2: 0x0018, 0xeb3: 0x0018, 0xeb4: 0x0018, 0xeb5: 0x0018,
+	0xeb6: 0xe125, 0xeb7: 0x0018, 0xeb8: 0x29bd, 0xeb9: 0x29dd, 0xeba: 0x29fd, 0xebb: 0x0018,
+	0xebc: 0x0008, 0xebd: 0x0018, 0xebe: 0x0018, 0xebf: 0x0018,
+	// Block 0x3b, offset 0xec0
+	0xec0: 0x2b3d, 0xec1: 0x2b5d, 0xec2: 0x2b7d, 0xec3: 0x2b9d, 0xec4: 0x2bbd, 0xec5: 0x2bdd,
+	0xec6: 0x2bdd, 0xec7: 0x2bdd, 0xec8: 0x2bfd, 0xec9: 0x2bfd, 0xeca: 0x2bfd, 0xecb: 0x2bfd,
+	0xecc: 0x2c1d, 0xecd: 0x2c1d, 0xece: 0x2c1d, 0xecf: 0x2c3d, 0xed0: 0x2c5d, 0xed1: 0x2c5d,
+	0xed2: 0x2a7d, 0xed3: 0x2a7d, 0xed4: 0x2c5d, 0xed5: 0x2c5d, 0xed6: 0x2c7d, 0xed7: 0x2c7d,
+	0xed8: 0x2c5d, 0xed9: 0x2c5d, 0xeda: 0x2a7d, 0xedb: 0x2a7d, 0xedc: 0x2c5d, 0xedd: 0x2c5d,
+	0xede: 0x2c3d, 0xedf: 0x2c3d, 0xee0: 0x2c9d, 0xee1: 0x2c9d, 0xee2: 0x2cbd, 0xee3: 0x2cbd,
+	0xee4: 0x0040, 0xee5: 0x2cdd, 0xee6: 0x2cfd, 0xee7: 0x2d1d, 0xee8: 0x2d1d, 0xee9: 0x2d3d,
+	0xeea: 0x2d5d, 0xeeb: 0x2d7d, 0xeec: 0x2d9d, 0xeed: 0x2dbd, 0xeee: 0x2ddd, 0xeef: 0x2dfd,
+	0xef0: 0x2e1d, 0xef1: 0x2e3d, 0xef2: 0x2e3d, 0xef3: 0x2e5d, 0xef4: 0x2e7d, 0xef5: 0x2e7d,
+	0xef6: 0x2e9d, 0xef7: 0x2ebd, 0xef8: 0x2e5d, 0xef9: 0x2edd, 0xefa: 0x2efd, 0xefb: 0x2edd,
+	0xefc: 0x2e5d, 0xefd: 0x2f1d, 0xefe: 0x2f3d, 0xeff: 0x2f5d,
+	// Block 0x3c, offset 0xf00
+	0xf00: 0x2f7d, 0xf01: 0x2f9d, 0xf02: 0x2cfd, 0xf03: 0x2cdd, 0xf04: 0x2fbd, 0xf05: 0x2fdd,
+	0xf06: 0x2ffd, 0xf07: 0x301d, 0xf08: 0x303d, 0xf09: 0x305d, 0xf0a: 0x307d, 0xf0b: 0x309d,
+	0xf0c: 0x30bd, 0xf0d: 0x30dd, 0xf0e: 0x30fd, 0xf0f: 0x0040, 0xf10: 0x0018, 0xf11: 0x0018,
+	0xf12: 0x311d, 0xf13: 0x313d, 0xf14: 0x315d, 0xf15: 0x317d, 0xf16: 0x319d, 0xf17: 0x31bd,
+	0xf18: 0x31dd, 0xf19: 0x31fd, 0xf1a: 0x321d, 0xf1b: 0x323d, 0xf1c: 0x315d, 0xf1d: 0x325d,
+	0xf1e: 0x327d, 0xf1f: 0x329d, 0xf20: 0x0008, 0xf21: 0x0008, 0xf22: 0x0008, 0xf23: 0x0008,
+	0xf24: 0x0008, 0xf25: 0x0008, 0xf26: 0x0008, 0xf27: 0x0008, 0xf28: 0x0008, 0xf29: 0x0008,
+	0xf2a: 0x0008, 0xf2b: 0x0008, 0xf2c: 0x0008, 0xf2d: 0x0008, 0xf2e: 0x0008, 0xf2f: 0x0008,
+	0xf30: 0x0008, 0xf31: 0x0008, 0xf32: 0x0008, 0xf33: 0x0008, 0xf34: 0x0008, 0xf35: 0x0008,
+	0xf36: 0x0008, 0xf37: 0x0008, 0xf38: 0x0008, 0xf39: 0x0008, 0xf3a: 0x0008, 0xf3b: 0x0040,
+	0xf3c: 0x0040, 0xf3d: 0x0040, 0xf3e: 0x0040, 0xf3f: 0x0040,
+	// Block 0x3d, offset 0xf40
+	0xf40: 0x36a2, 0xf41: 0x36d2, 0xf42: 0x3702, 0xf43: 0x3732, 0xf44: 0x32bd, 0xf45: 0x32dd,
+	0xf46: 0x32fd, 0xf47: 0x331d, 0xf48: 0x0018, 0xf49: 0x0018, 0xf4a: 0x0018, 0xf4b: 0x0018,
+	0xf4c: 0x0018, 0xf4d: 0x0018, 0xf4e: 0x0018, 0xf4f: 0x0018, 0xf50: 0x333d, 0xf51: 0x3761,
+	0xf52: 0x3779, 0xf53: 0x3791, 0xf54: 0x37a9, 0xf55: 0x37c1, 0xf56: 0x37d9, 0xf57: 0x37f1,
+	0xf58: 0x3809, 0xf59: 0x3821, 0xf5a: 0x3839, 0xf5b: 0x3851, 0xf5c: 0x3869, 0xf5d: 0x3881,
+	0xf5e: 0x3899, 0xf5f: 0x38b1, 0xf60: 0x335d, 0xf61: 0x337d, 0xf62: 0x339d, 0xf63: 0x33bd,
+	0xf64: 0x33dd, 0xf65: 0x33dd, 0xf66: 0x33fd, 0xf67: 0x341d, 0xf68: 0x343d, 0xf69: 0x345d,
+	0xf6a: 0x347d, 0xf6b: 0x349d, 0xf6c: 0x34bd, 0xf6d: 0x34dd, 0xf6e: 0x34fd, 0xf6f: 0x351d,
+	0xf70: 0x353d, 0xf71: 0x355d, 0xf72: 0x357d, 0xf73: 0x359d, 0xf74: 0x35bd, 0xf75: 0x35dd,
+	0xf76: 0x35fd, 0xf77: 0x361d, 0xf78: 0x363d, 0xf79: 0x365d, 0xf7a: 0x367d, 0xf7b: 0x369d,
+	0xf7c: 0x38c9, 0xf7d: 0x3901, 0xf7e: 0x36bd, 0xf7f: 0x0018,
+	// Block 0x3e, offset 0xf80
+	0xf80: 0x36dd, 0xf81: 0x36fd, 0xf82: 0x371d, 0xf83: 0x373d, 0xf84: 0x375d, 0xf85: 0x377d,
+	0xf86: 0x379d, 0xf87: 0x37bd, 0xf88: 0x37dd, 0xf89: 0x37fd, 0xf8a: 0x381d, 0xf8b: 0x383d,
+	0xf8c: 0x385d, 0xf8d: 0x387d, 0xf8e: 0x389d, 0xf8f: 0x38bd, 0xf90: 0x38dd, 0xf91: 0x38fd,
+	0xf92: 0x391d, 0xf93: 0x393d, 0xf94: 0x395d, 0xf95: 0x397d, 0xf96: 0x399d, 0xf97: 0x39bd,
+	0xf98: 0x39dd, 0xf99: 0x39fd, 0xf9a: 0x3a1d, 0xf9b: 0x3a3d, 0xf9c: 0x3a5d, 0xf9d: 0x3a7d,
+	0xf9e: 0x3a9d, 0xf9f: 0x3abd, 0xfa0: 0x3add, 0xfa1: 0x3afd, 0xfa2: 0x3b1d, 0xfa3: 0x3b3d,
+	0xfa4: 0x3b5d, 0xfa5: 0x3b7d, 0xfa6: 0x127d, 0xfa7: 0x3b9d, 0xfa8: 0x3bbd, 0xfa9: 0x3bdd,
+	0xfaa: 0x3bfd, 0xfab: 0x3c1d, 0xfac: 0x3c3d, 0xfad: 0x3c5d, 0xfae: 0x239d, 0xfaf: 0x3c7d,
+	0xfb0: 0x3c9d, 0xfb1: 0x3939, 0xfb2: 0x3951, 0xfb3: 0x3969, 0xfb4: 0x3981, 0xfb5: 0x3999,
+	0xfb6: 0x39b1, 0xfb7: 0x39c9, 0xfb8: 0x39e1, 0xfb9: 0x39f9, 0xfba: 0x3a11, 0xfbb: 0x3a29,
+	0xfbc: 0x3a41, 0xfbd: 0x3a59, 0xfbe: 0x3a71, 0xfbf: 0x3a89,
+	// Block 0x3f, offset 0xfc0
+	0xfc0: 0x3aa1, 0xfc1: 0x3ac9, 0xfc2: 0x3af1, 0xfc3: 0x3b19, 0xfc4: 0x3b41, 0xfc5: 0x3b69,
+	0xfc6: 0x3b91, 0xfc7: 0x3bb9, 0xfc8: 0x3be1, 0xfc9: 0x3c09, 0xfca: 0x3c39, 0xfcb: 0x3c69,
+	0xfcc: 0x3c99, 0xfcd: 0x3cbd, 0xfce: 0x3cb1, 0xfcf: 0x3cdd, 0xfd0: 0x3cfd, 0xfd1: 0x3d15,
+	0xfd2: 0x3d2d, 0xfd3: 0x3d45, 0xfd4: 0x3d5d, 0xfd5: 0x3d5d, 0xfd6: 0x3d45, 0xfd7: 0x3d75,
+	0xfd8: 0x07bd, 0xfd9: 0x3d8d, 0xfda: 0x3da5, 0xfdb: 0x3dbd, 0xfdc: 0x3dd5, 0xfdd: 0x3ded,
+	0xfde: 0x3e05, 0xfdf: 0x3e1d, 0xfe0: 0x3e35, 0xfe1: 0x3e4d, 0xfe2: 0x3e65, 0xfe3: 0x3e7d,
+	0xfe4: 0x3e95, 0xfe5: 0x3e95, 0xfe6: 0x3ead, 0xfe7: 0x3ead, 0xfe8: 0x3ec5, 0xfe9: 0x3ec5,
+	0xfea: 0x3edd, 0xfeb: 0x3ef5, 0xfec: 0x3f0d, 0xfed: 0x3f25, 0xfee: 0x3f3d, 0xfef: 0x3f3d,
+	0xff0: 0x3f55, 0xff1: 0x3f55, 0xff2: 0x3f55, 0xff3: 0x3f6d, 0xff4: 0x3f85, 0xff5: 0x3f9d,
+	0xff6: 0x3fb5, 0xff7: 0x3f9d, 0xff8: 0x3fcd, 0xff9: 0x3fe5, 0xffa: 0x3f6d, 0xffb: 0x3ffd,
+	0xffc: 0x4015, 0xffd: 0x4015, 0xffe: 0x4015, 0xfff: 0x0040,
+	// Block 0x40, offset 0x1000
+	0x1000: 0x3cc9, 0x1001: 0x3d31, 0x1002: 0x3d99, 0x1003: 0x3e01, 0x1004: 0x3e51, 0x1005: 0x3eb9,
+	0x1006: 0x3f09, 0x1007: 0x3f59, 0x1008: 0x3fd9, 0x1009: 0x4041, 0x100a: 0x4091, 0x100b: 0x40e1,
+	0x100c: 0x4131, 0x100d: 0x4199, 0x100e: 0x4201, 0x100f: 0x4251, 0x1010: 0x42a1, 0x1011: 0x42d9,
+	0x1012: 0x4329, 0x1013: 0x4391, 0x1014: 0x43f9, 0x1015: 0x4431, 0x1016: 0x44b1, 0x1017: 0x4549,
+	0x1018: 0x45c9, 0x1019: 0x4619, 0x101a: 0x4699, 0x101b: 0x4719, 0x101c: 0x4781, 0x101d: 0x47d1,
+	0x101e: 0x4821, 0x101f: 0x4871, 0x1020: 0x48d9, 0x1021: 0x4959, 0x1022: 0x49c1, 0x1023: 0x4a11,
+	0x1024: 0x4a61, 0x1025: 0x4ab1, 0x1026: 0x4ae9, 0x1027: 0x4b21, 0x1028: 0x4b59, 0x1029: 0x4b91,
+	0x102a: 0x4be1, 0x102b: 0x4c31, 0x102c: 0x4cb1, 0x102d: 0x4d01, 0x102e: 0x4d69, 0x102f: 0x4de9,
+	0x1030: 0x4e39, 0x1031: 0x4e71, 0x1032: 0x4ea9, 0x1033: 0x4f29, 0x1034: 0x4f91, 0x1035: 0x5011,
+	0x1036: 0x5061, 0x1037: 0x50e1, 0x1038: 0x5119, 0x1039: 0x5169, 0x103a: 0x51b9, 0x103b: 0x5209,
+	0x103c: 0x5259, 0x103d: 0x52a9, 0x103e: 0x5311, 0x103f: 0x5361,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x5399, 0x1041: 0x53e9, 0x1042: 0x5439, 0x1043: 0x5489, 0x1044: 0x54f1, 0x1045: 0x5541,
+	0x1046: 0x5591, 0x1047: 0x55e1, 0x1048: 0x5661, 0x1049: 0x56c9, 0x104a: 0x5701, 0x104b: 0x5781,
+	0x104c: 0x57b9, 0x104d: 0x5821, 0x104e: 0x5889, 0x104f: 0x58d9, 0x1050: 0x5929, 0x1051: 0x5979,
+	0x1052: 0x59e1, 0x1053: 0x5a19, 0x1054: 0x5a69, 0x1055: 0x5ad1, 0x1056: 0x5b09, 0x1057: 0x5b89,
+	0x1058: 0x5bd9, 0x1059: 0x5c01, 0x105a: 0x5c29, 0x105b: 0x5c51, 0x105c: 0x5c79, 0x105d: 0x5ca1,
+	0x105e: 0x5cc9, 0x105f: 0x5cf1, 0x1060: 0x5d19, 0x1061: 0x5d41, 0x1062: 0x5d69, 0x1063: 0x5d99,
+	0x1064: 0x5dc9, 0x1065: 0x5df9, 0x1066: 0x5e29, 0x1067: 0x5e59, 0x1068: 0x5e89, 0x1069: 0x5eb9,
+	0x106a: 0x5ee9, 0x106b: 0x5f19, 0x106c: 0x5f49, 0x106d: 0x5f79, 0x106e: 0x5fa9, 0x106f: 0x5fd9,
+	0x1070: 0x6009, 0x1071: 0x402d, 0x1072: 0x6039, 0x1073: 0x6051, 0x1074: 0x404d, 0x1075: 0x6069,
+	0x1076: 0x6081, 0x1077: 0x6099, 0x1078: 0x406d, 0x1079: 0x406d, 0x107a: 0x60b1, 0x107b: 0x60c9,
+	0x107c: 0x6101, 0x107d: 0x6139, 0x107e: 0x6171, 0x107f: 0x61a9,
+	// Block 0x42, offset 0x1080
+	0x1080: 0x6211, 0x1081: 0x6229, 0x1082: 0x408d, 0x1083: 0x6241, 0x1084: 0x6259, 0x1085: 0x6271,
+	0x1086: 0x6289, 0x1087: 0x62a1, 0x1088: 0x40ad, 0x1089: 0x62b9, 0x108a: 0x62e1, 0x108b: 0x62f9,
+	0x108c: 0x40cd, 0x108d: 0x40cd, 0x108e: 0x6311, 0x108f: 0x6329, 0x1090: 0x6341, 0x1091: 0x40ed,
+	0x1092: 0x410d, 0x1093: 0x412d, 0x1094: 0x414d, 0x1095: 0x416d, 0x1096: 0x6359, 0x1097: 0x6371,
+	0x1098: 0x6389, 0x1099: 0x63a1, 0x109a: 0x63b9, 0x109b: 0x418d, 0x109c: 0x63d1, 0x109d: 0x63e9,
+	0x109e: 0x6401, 0x109f: 0x41ad, 0x10a0: 0x41cd, 0x10a1: 0x6419, 0x10a2: 0x41ed, 0x10a3: 0x420d,
+	0x10a4: 0x422d, 0x10a5: 0x6431, 0x10a6: 0x424d, 0x10a7: 0x6449, 0x10a8: 0x6479, 0x10a9: 0x6211,
+	0x10aa: 0x426d, 0x10ab: 0x428d, 0x10ac: 0x42ad, 0x10ad: 0x42cd, 0x10ae: 0x64b1, 0x10af: 0x64f1,
+	0x10b0: 0x6539, 0x10b1: 0x6551, 0x10b2: 0x42ed, 0x10b3: 0x6569, 0x10b4: 0x6581, 0x10b5: 0x6599,
+	0x10b6: 0x430d, 0x10b7: 0x65b1, 0x10b8: 0x65c9, 0x10b9: 0x65b1, 0x10ba: 0x65e1, 0x10bb: 0x65f9,
+	0x10bc: 0x432d, 0x10bd: 0x6611, 0x10be: 0x6629, 0x10bf: 0x6611,
+	// Block 0x43, offset 0x10c0
+	0x10c0: 0x434d, 0x10c1: 0x436d, 0x10c2: 0x0040, 0x10c3: 0x6641, 0x10c4: 0x6659, 0x10c5: 0x6671,
+	0x10c6: 0x6689, 0x10c7: 0x0040, 0x10c8: 0x66c1, 0x10c9: 0x66d9, 0x10ca: 0x66f1, 0x10cb: 0x6709,
+	0x10cc: 0x6721, 0x10cd: 0x6739, 0x10ce: 0x6401, 0x10cf: 0x6751, 0x10d0: 0x6769, 0x10d1: 0x6781,
+	0x10d2: 0x438d, 0x10d3: 0x6799, 0x10d4: 0x6289, 0x10d5: 0x43ad, 0x10d6: 0x43cd, 0x10d7: 0x67b1,
+	0x10d8: 0x0040, 0x10d9: 0x43ed, 0x10da: 0x67c9, 0x10db: 0x67e1, 0x10dc: 0x67f9, 0x10dd: 0x6811,
+	0x10de: 0x6829, 0x10df: 0x6859, 0x10e0: 0x6889, 0x10e1: 0x68b1, 0x10e2: 0x68d9, 0x10e3: 0x6901,
+	0x10e4: 0x6929, 0x10e5: 0x6951, 0x10e6: 0x6979, 0x10e7: 0x69a1, 0x10e8: 0x69c9, 0x10e9: 0x69f1,
+	0x10ea: 0x6a21, 0x10eb: 0x6a51, 0x10ec: 0x6a81, 0x10ed: 0x6ab1, 0x10ee: 0x6ae1, 0x10ef: 0x6b11,
+	0x10f0: 0x6b41, 0x10f1: 0x6b71, 0x10f2: 0x6ba1, 0x10f3: 0x6bd1, 0x10f4: 0x6c01, 0x10f5: 0x6c31,
+	0x10f6: 0x6c61, 0x10f7: 0x6c91, 0x10f8: 0x6cc1, 0x10f9: 0x6cf1, 0x10fa: 0x6d21, 0x10fb: 0x6d51,
+	0x10fc: 0x6d81, 0x10fd: 0x6db1, 0x10fe: 0x6de1, 0x10ff: 0x440d,
+	// Block 0x44, offset 0x1100
+	0x1100: 0xe00d, 0x1101: 0x0008, 0x1102: 0xe00d, 0x1103: 0x0008, 0x1104: 0xe00d, 0x1105: 0x0008,
+	0x1106: 0xe00d, 0x1107: 0x0008, 0x1108: 0xe00d, 0x1109: 0x0008, 0x110a: 0xe00d, 0x110b: 0x0008,
+	0x110c: 0xe00d, 0x110d: 0x0008, 0x110e: 0xe00d, 0x110f: 0x0008, 0x1110: 0xe00d, 0x1111: 0x0008,
+	0x1112: 0xe00d, 0x1113: 0x0008, 0x1114: 0xe00d, 0x1115: 0x0008, 0x1116: 0xe00d, 0x1117: 0x0008,
+	0x1118: 0xe00d, 0x1119: 0x0008, 0x111a: 0xe00d, 0x111b: 0x0008, 0x111c: 0xe00d, 0x111d: 0x0008,
+	0x111e: 0xe00d, 0x111f: 0x0008, 0x1120: 0xe00d, 0x1121: 0x0008, 0x1122: 0xe00d, 0x1123: 0x0008,
+	0x1124: 0xe00d, 0x1125: 0x0008, 0x1126: 0xe00d, 0x1127: 0x0008, 0x1128: 0xe00d, 0x1129: 0x0008,
+	0x112a: 0xe00d, 0x112b: 0x0008, 0x112c: 0xe00d, 0x112d: 0x0008, 0x112e: 0x0008, 0x112f: 0x3308,
+	0x1130: 0x3318, 0x1131: 0x3318, 0x1132: 0x3318, 0x1133: 0x0018, 0x1134: 0x3308, 0x1135: 0x3308,
+	0x1136: 0x3308, 0x1137: 0x3308, 0x1138: 0x3308, 0x1139: 0x3308, 0x113a: 0x3308, 0x113b: 0x3308,
+	0x113c: 0x3308, 0x113d: 0x3308, 0x113e: 0x0018, 0x113f: 0x0008,
+	// Block 0x45, offset 0x1140
+	0x1140: 0xe00d, 0x1141: 0x0008, 0x1142: 0xe00d, 0x1143: 0x0008, 0x1144: 0xe00d, 0x1145: 0x0008,
+	0x1146: 0xe00d, 0x1147: 0x0008, 0x1148: 0xe00d, 0x1149: 0x0008, 0x114a: 0xe00d, 0x114b: 0x0008,
+	0x114c: 0xe00d, 0x114d: 0x0008, 0x114e: 0xe00d, 0x114f: 0x0008, 0x1150: 0xe00d, 0x1151: 0x0008,
+	0x1152: 0xe00d, 0x1153: 0x0008, 0x1154: 0xe00d, 0x1155: 0x0008, 0x1156: 0xe00d, 0x1157: 0x0008,
+	0x1158: 0xe00d, 0x1159: 0x0008, 0x115a: 0xe00d, 0x115b: 0x0008, 0x115c: 0x0ea1, 0x115d: 0x6e11,
+	0x115e: 0x3308, 0x115f: 0x3308, 0x1160: 0x0008, 0x1161: 0x0008, 0x1162: 0x0008, 0x1163: 0x0008,
+	0x1164: 0x0008, 0x1165: 0x0008, 0x1166: 0x0008, 0x1167: 0x0008, 0x1168: 0x0008, 0x1169: 0x0008,
+	0x116a: 0x0008, 0x116b: 0x0008, 0x116c: 0x0008, 0x116d: 0x0008, 0x116e: 0x0008, 0x116f: 0x0008,
+	0x1170: 0x0008, 0x1171: 0x0008, 0x1172: 0x0008, 0x1173: 0x0008, 0x1174: 0x0008, 0x1175: 0x0008,
+	0x1176: 0x0008, 0x1177: 0x0008, 0x1178: 0x0008, 0x1179: 0x0008, 0x117a: 0x0008, 0x117b: 0x0008,
+	0x117c: 0x0008, 0x117d: 0x0008, 0x117e: 0x0008, 0x117f: 0x0008,
+	// Block 0x46, offset 0x1180
+	0x1180: 0x0018, 0x1181: 0x0018, 0x1182: 0x0018, 0x1183: 0x0018, 0x1184: 0x0018, 0x1185: 0x0018,
+	0x1186: 0x0018, 0x1187: 0x0018, 0x1188: 0x0018, 0x1189: 0x0018, 0x118a: 0x0018, 0x118b: 0x0018,
+	0x118c: 0x0018, 0x118d: 0x0018, 0x118e: 0x0018, 0x118f: 0x0018, 0x1190: 0x0018, 0x1191: 0x0018,
+	0x1192: 0x0018, 0x1193: 0x0018, 0x1194: 0x0018, 0x1195: 0x0018, 0x1196: 0x0018, 0x1197: 0x0008,
+	0x1198: 0x0008, 0x1199: 0x0008, 0x119a: 0x0008, 0x119b: 0x0008, 0x119c: 0x0008, 0x119d: 0x0008,
+	0x119e: 0x0008, 0x119f: 0x0008, 0x11a0: 0x0018, 0x11a1: 0x0018, 0x11a2: 0xe00d, 0x11a3: 0x0008,
+	0x11a4: 0xe00d, 0x11a5: 0x0008, 0x11a6: 0xe00d, 0x11a7: 0x0008, 0x11a8: 0xe00d, 0x11a9: 0x0008,
+	0x11aa: 0xe00d, 0x11ab: 0x0008, 0x11ac: 0xe00d, 0x11ad: 0x0008, 0x11ae: 0xe00d, 0x11af: 0x0008,
+	0x11b0: 0x0008, 0x11b1: 0x0008, 0x11b2: 0xe00d, 0x11b3: 0x0008, 0x11b4: 0xe00d, 0x11b5: 0x0008,
+	0x11b6: 0xe00d, 0x11b7: 0x0008, 0x11b8: 0xe00d, 0x11b9: 0x0008, 0x11ba: 0xe00d, 0x11bb: 0x0008,
+	0x11bc: 0xe00d, 0x11bd: 0x0008, 0x11be: 0xe00d, 0x11bf: 0x0008,
+	// Block 0x47, offset 0x11c0
+	0x11c0: 0xe00d, 0x11c1: 0x0008, 0x11c2: 0xe00d, 0x11c3: 0x0008, 0x11c4: 0xe00d, 0x11c5: 0x0008,
+	0x11c6: 0xe00d, 0x11c7: 0x0008, 0x11c8: 0xe00d, 0x11c9: 0x0008, 0x11ca: 0xe00d, 0x11cb: 0x0008,
+	0x11cc: 0xe00d, 0x11cd: 0x0008, 0x11ce: 0xe00d, 0x11cf: 0x0008, 0x11d0: 0xe00d, 0x11d1: 0x0008,
+	0x11d2: 0xe00d, 0x11d3: 0x0008, 0x11d4: 0xe00d, 0x11d5: 0x0008, 0x11d6: 0xe00d, 0x11d7: 0x0008,
+	0x11d8: 0xe00d, 0x11d9: 0x0008, 0x11da: 0xe00d, 0x11db: 0x0008, 0x11dc: 0xe00d, 0x11dd: 0x0008,
+	0x11de: 0xe00d, 0x11df: 0x0008, 0x11e0: 0xe00d, 0x11e1: 0x0008, 0x11e2: 0xe00d, 0x11e3: 0x0008,
+	0x11e4: 0xe00d, 0x11e5: 0x0008, 0x11e6: 0xe00d, 0x11e7: 0x0008, 0x11e8: 0xe00d, 0x11e9: 0x0008,
+	0x11ea: 0xe00d, 0x11eb: 0x0008, 0x11ec: 0xe00d, 0x11ed: 0x0008, 0x11ee: 0xe00d, 0x11ef: 0x0008,
+	0x11f0: 0xe0fd, 0x11f1: 0x0008, 0x11f2: 0x0008, 0x11f3: 0x0008, 0x11f4: 0x0008, 0x11f5: 0x0008,
+	0x11f6: 0x0008, 0x11f7: 0x0008, 0x11f8: 0x0008, 0x11f9: 0xe01d, 0x11fa: 0x0008, 0x11fb: 0xe03d,
+	0x11fc: 0x0008, 0x11fd: 0x442d, 0x11fe: 0xe00d, 0x11ff: 0x0008,
+	// Block 0x48, offset 0x1200
+	0x1200: 0xe00d, 0x1201: 0x0008, 0x1202: 0xe00d, 0x1203: 0x0008, 0x1204: 0xe00d, 0x1205: 0x0008,
+	0x1206: 0xe00d, 0x1207: 0x0008, 0x1208: 0x0008, 0x1209: 0x0018, 0x120a: 0x0018, 0x120b: 0xe03d,
+	0x120c: 0x0008, 0x120d: 0x11d9, 0x120e: 0x0008, 0x120f: 0x0008, 0x1210: 0xe00d, 0x1211: 0x0008,
+	0x1212: 0xe00d, 0x1213: 0x0008, 0x1214: 0x0008, 0x1215: 0x0008, 0x1216: 0xe00d, 0x1217: 0x0008,
+	0x1218: 0xe00d, 0x1219: 0x0008, 0x121a: 0xe00d, 0x121b: 0x0008, 0x121c: 0xe00d, 0x121d: 0x0008,
+	0x121e: 0xe00d, 0x121f: 0x0008, 0x1220: 0xe00d, 0x1221: 0x0008, 0x1222: 0xe00d, 0x1223: 0x0008,
+	0x1224: 0xe00d, 0x1225: 0x0008, 0x1226: 0xe00d, 0x1227: 0x0008, 0x1228: 0xe00d, 0x1229: 0x0008,
+	0x122a: 0x6e29, 0x122b: 0x1029, 0x122c: 0x11c1, 0x122d: 0x6e41, 0x122e: 0x1221, 0x122f: 0x0040,
+	0x1230: 0x6e59, 0x1231: 0x6e71, 0x1232: 0x1239, 0x1233: 0x444d, 0x1234: 0xe00d, 0x1235: 0x0008,
+	0x1236: 0xe00d, 0x1237: 0x0008, 0x1238: 0x0040, 0x1239: 0x0040, 0x123a: 0x0040, 0x123b: 0x0040,
+	0x123c: 0x0040, 0x123d: 0x0040, 0x123e: 0x0040, 0x123f: 0x0040,
+	// Block 0x49, offset 0x1240
+	0x1240: 0x64d5, 0x1241: 0x64f5, 0x1242: 0x6515, 0x1243: 0x6535, 0x1244: 0x6555, 0x1245: 0x6575,
+	0x1246: 0x6595, 0x1247: 0x65b5, 0x1248: 0x65d5, 0x1249: 0x65f5, 0x124a: 0x6615, 0x124b: 0x6635,
+	0x124c: 0x6655, 0x124d: 0x6675, 0x124e: 0x0008, 0x124f: 0x0008, 0x1250: 0x6695, 0x1251: 0x0008,
+	0x1252: 0x66b5, 0x1253: 0x0008, 0x1254: 0x0008, 0x1255: 0x66d5, 0x1256: 0x66f5, 0x1257: 0x6715,
+	0x1258: 0x6735, 0x1259: 0x6755, 0x125a: 0x6775, 0x125b: 0x6795, 0x125c: 0x67b5, 0x125d: 0x67d5,
+	0x125e: 0x67f5, 0x125f: 0x0008, 0x1260: 0x6815, 0x1261: 0x0008, 0x1262: 0x6835, 0x1263: 0x0008,
+	0x1264: 0x0008, 0x1265: 0x6855, 0x1266: 0x6875, 0x1267: 0x0008, 0x1268: 0x0008, 0x1269: 0x0008,
+	0x126a: 0x6895, 0x126b: 0x68b5, 0x126c: 0x68d5, 0x126d: 0x68f5, 0x126e: 0x6915, 0x126f: 0x6935,
+	0x1270: 0x6955, 0x1271: 0x6975, 0x1272: 0x6995, 0x1273: 0x69b5, 0x1274: 0x69d5, 0x1275: 0x69f5,
+	0x1276: 0x6a15, 0x1277: 0x6a35, 0x1278: 0x6a55, 0x1279: 0x6a75, 0x127a: 0x6a95, 0x127b: 0x6ab5,
+	0x127c: 0x6ad5, 0x127d: 0x6af5, 0x127e: 0x6b15, 0x127f: 0x6b35,
+	// Block 0x4a, offset 0x1280
+	0x1280: 0x7a95, 0x1281: 0x7ab5, 0x1282: 0x7ad5, 0x1283: 0x7af5, 0x1284: 0x7b15, 0x1285: 0x7b35,
+	0x1286: 0x7b55, 0x1287: 0x7b75, 0x1288: 0x7b95, 0x1289: 0x7bb5, 0x128a: 0x7bd5, 0x128b: 0x7bf5,
+	0x128c: 0x7c15, 0x128d: 0x7c35, 0x128e: 0x7c55, 0x128f: 0x6ec9, 0x1290: 0x6ef1, 0x1291: 0x6f19,
+	0x1292: 0x7c75, 0x1293: 0x7c95, 0x1294: 0x7cb5, 0x1295: 0x6f41, 0x1296: 0x6f69, 0x1297: 0x6f91,
+	0x1298: 0x7cd5, 0x1299: 0x7cf5, 0x129a: 0x0040, 0x129b: 0x0040, 0x129c: 0x0040, 0x129d: 0x0040,
+	0x129e: 0x0040, 0x129f: 0x0040, 0x12a0: 0x0040, 0x12a1: 0x0040, 0x12a2: 0x0040, 0x12a3: 0x0040,
+	0x12a4: 0x0040, 0x12a5: 0x0040, 0x12a6: 0x0040, 0x12a7: 0x0040, 0x12a8: 0x0040, 0x12a9: 0x0040,
+	0x12aa: 0x0040, 0x12ab: 0x0040, 0x12ac: 0x0040, 0x12ad: 0x0040, 0x12ae: 0x0040, 0x12af: 0x0040,
+	0x12b0: 0x0040, 0x12b1: 0x0040, 0x12b2: 0x0040, 0x12b3: 0x0040, 0x12b4: 0x0040, 0x12b5: 0x0040,
+	0x12b6: 0x0040, 0x12b7: 0x0040, 0x12b8: 0x0040, 0x12b9: 0x0040, 0x12ba: 0x0040, 0x12bb: 0x0040,
+	0x12bc: 0x0040, 0x12bd: 0x0040, 0x12be: 0x0040, 0x12bf: 0x0040,
+	// Block 0x4b, offset 0x12c0
+	0x12c0: 0x6fb9, 0x12c1: 0x6fd1, 0x12c2: 0x6fe9, 0x12c3: 0x7d15, 0x12c4: 0x7d35, 0x12c5: 0x7001,
+	0x12c6: 0x7001, 0x12c7: 0x0040, 0x12c8: 0x0040, 0x12c9: 0x0040, 0x12ca: 0x0040, 0x12cb: 0x0040,
+	0x12cc: 0x0040, 0x12cd: 0x0040, 0x12ce: 0x0040, 0x12cf: 0x0040, 0x12d0: 0x0040, 0x12d1: 0x0040,
+	0x12d2: 0x0040, 0x12d3: 0x7019, 0x12d4: 0x7041, 0x12d5: 0x7069, 0x12d6: 0x7091, 0x12d7: 0x70b9,
+	0x12d8: 0x0040, 0x12d9: 0x0040, 0x12da: 0x0040, 0x12db: 0x0040, 0x12dc: 0x0040, 0x12dd: 0x70e1,
+	0x12de: 0x3308, 0x12df: 0x7109, 0x12e0: 0x7131, 0x12e1: 0x20a9, 0x12e2: 0x20f1, 0x12e3: 0x7149,
+	0x12e4: 0x7161, 0x12e5: 0x7179, 0x12e6: 0x7191, 0x12e7: 0x71a9, 0x12e8: 0x71c1, 0x12e9: 0x1fb2,
+	0x12ea: 0x71d9, 0x12eb: 0x7201, 0x12ec: 0x7229, 0x12ed: 0x7261, 0x12ee: 0x7299, 0x12ef: 0x72c1,
+	0x12f0: 0x72e9, 0x12f1: 0x7311, 0x12f2: 0x7339, 0x12f3: 0x7361, 0x12f4: 0x7389, 0x12f5: 0x73b1,
+	0x12f6: 0x73d9, 0x12f7: 0x0040, 0x12f8: 0x7401, 0x12f9: 0x7429, 0x12fa: 0x7451, 0x12fb: 0x7479,
+	0x12fc: 0x74a1, 0x12fd: 0x0040, 0x12fe: 0x74c9, 0x12ff: 0x0040,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x74f1, 0x1301: 0x7519, 0x1302: 0x0040, 0x1303: 0x7541, 0x1304: 0x7569, 0x1305: 0x0040,
+	0x1306: 0x7591, 0x1307: 0x75b9, 0x1308: 0x75e1, 0x1309: 0x7609, 0x130a: 0x7631, 0x130b: 0x7659,
+	0x130c: 0x7681, 0x130d: 0x76a9, 0x130e: 0x76d1, 0x130f: 0x76f9, 0x1310: 0x7721, 0x1311: 0x7721,
+	0x1312: 0x7739, 0x1313: 0x7739, 0x1314: 0x7739, 0x1315: 0x7739, 0x1316: 0x7751, 0x1317: 0x7751,
+	0x1318: 0x7751, 0x1319: 0x7751, 0x131a: 0x7769, 0x131b: 0x7769, 0x131c: 0x7769, 0x131d: 0x7769,
+	0x131e: 0x7781, 0x131f: 0x7781, 0x1320: 0x7781, 0x1321: 0x7781, 0x1322: 0x7799, 0x1323: 0x7799,
+	0x1324: 0x7799, 0x1325: 0x7799, 0x1326: 0x77b1, 0x1327: 0x77b1, 0x1328: 0x77b1, 0x1329: 0x77b1,
+	0x132a: 0x77c9, 0x132b: 0x77c9, 0x132c: 0x77c9, 0x132d: 0x77c9, 0x132e: 0x77e1, 0x132f: 0x77e1,
+	0x1330: 0x77e1, 0x1331: 0x77e1, 0x1332: 0x77f9, 0x1333: 0x77f9, 0x1334: 0x77f9, 0x1335: 0x77f9,
+	0x1336: 0x7811, 0x1337: 0x7811, 0x1338: 0x7811, 0x1339: 0x7811, 0x133a: 0x7829, 0x133b: 0x7829,
+	0x133c: 0x7829, 0x133d: 0x7829, 0x133e: 0x7841, 0x133f: 0x7841,
+	// Block 0x4d, offset 0x1340
+	0x1340: 0x7841, 0x1341: 0x7841, 0x1342: 0x7859, 0x1343: 0x7859, 0x1344: 0x7871, 0x1345: 0x7871,
+	0x1346: 0x7889, 0x1347: 0x7889, 0x1348: 0x78a1, 0x1349: 0x78a1, 0x134a: 0x78b9, 0x134b: 0x78b9,
+	0x134c: 0x78d1, 0x134d: 0x78d1, 0x134e: 0x78e9, 0x134f: 0x78e9, 0x1350: 0x78e9, 0x1351: 0x78e9,
+	0x1352: 0x7901, 0x1353: 0x7901, 0x1354: 0x7901, 0x1355: 0x7901, 0x1356: 0x7919, 0x1357: 0x7919,
+	0x1358: 0x7919, 0x1359: 0x7919, 0x135a: 0x7931, 0x135b: 0x7931, 0x135c: 0x7931, 0x135d: 0x7931,
+	0x135e: 0x7949, 0x135f: 0x7949, 0x1360: 0x7961, 0x1361: 0x7961, 0x1362: 0x7961, 0x1363: 0x7961,
+	0x1364: 0x7979, 0x1365: 0x7979, 0x1366: 0x7991, 0x1367: 0x7991, 0x1368: 0x7991, 0x1369: 0x7991,
+	0x136a: 0x79a9, 0x136b: 0x79a9, 0x136c: 0x79a9, 0x136d: 0x79a9, 0x136e: 0x79c1, 0x136f: 0x79c1,
+	0x1370: 0x79d9, 0x1371: 0x79d9, 0x1372: 0x0818, 0x1373: 0x0818, 0x1374: 0x0818, 0x1375: 0x0818,
+	0x1376: 0x0818, 0x1377: 0x0818, 0x1378: 0x0818, 0x1379: 0x0818, 0x137a: 0x0818, 0x137b: 0x0818,
+	0x137c: 0x0818, 0x137d: 0x0818, 0x137e: 0x0818, 0x137f: 0x0818,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x0818, 0x1381: 0x0818, 0x1382: 0x0040, 0x1383: 0x0040, 0x1384: 0x0040, 0x1385: 0x0040,
+	0x1386: 0x0040, 0x1387: 0x0040, 0x1388: 0x0040, 0x1389: 0x0040, 0x138a: 0x0040, 0x138b: 0x0040,
+	0x138c: 0x0040, 0x138d: 0x0040, 0x138e: 0x0040, 0x138f: 0x0040, 0x1390: 0x0040, 0x1391: 0x0040,
+	0x1392: 0x0040, 0x1393: 0x79f1, 0x1394: 0x79f1, 0x1395: 0x79f1, 0x1396: 0x79f1, 0x1397: 0x7a09,
+	0x1398: 0x7a09, 0x1399: 0x7a21, 0x139a: 0x7a21, 0x139b: 0x7a39, 0x139c: 0x7a39, 0x139d: 0x0479,
+	0x139e: 0x7a51, 0x139f: 0x7a51, 0x13a0: 0x7a69, 0x13a1: 0x7a69, 0x13a2: 0x7a81, 0x13a3: 0x7a81,
+	0x13a4: 0x7a99, 0x13a5: 0x7a99, 0x13a6: 0x7a99, 0x13a7: 0x7a99, 0x13a8: 0x7ab1, 0x13a9: 0x7ab1,
+	0x13aa: 0x7ac9, 0x13ab: 0x7ac9, 0x13ac: 0x7af1, 0x13ad: 0x7af1, 0x13ae: 0x7b19, 0x13af: 0x7b19,
+	0x13b0: 0x7b41, 0x13b1: 0x7b41, 0x13b2: 0x7b69, 0x13b3: 0x7b69, 0x13b4: 0x7b91, 0x13b5: 0x7b91,
+	0x13b6: 0x7bb9, 0x13b7: 0x7bb9, 0x13b8: 0x7bb9, 0x13b9: 0x7be1, 0x13ba: 0x7be1, 0x13bb: 0x7be1,
+	0x13bc: 0x7c09, 0x13bd: 0x7c09, 0x13be: 0x7c09, 0x13bf: 0x7c09,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x85f9, 0x13c1: 0x8621, 0x13c2: 0x8649, 0x13c3: 0x8671, 0x13c4: 0x8699, 0x13c5: 0x86c1,
+	0x13c6: 0x86e9, 0x13c7: 0x8711, 0x13c8: 0x8739, 0x13c9: 0x8761, 0x13ca: 0x8789, 0x13cb: 0x87b1,
+	0x13cc: 0x87d9, 0x13cd: 0x8801, 0x13ce: 0x8829, 0x13cf: 0x8851, 0x13d0: 0x8879, 0x13d1: 0x88a1,
+	0x13d2: 0x88c9, 0x13d3: 0x88f1, 0x13d4: 0x8919, 0x13d5: 0x8941, 0x13d6: 0x8969, 0x13d7: 0x8991,
+	0x13d8: 0x89b9, 0x13d9: 0x89e1, 0x13da: 0x8a09, 0x13db: 0x8a31, 0x13dc: 0x8a59, 0x13dd: 0x8a81,
+	0x13de: 0x8aaa, 0x13df: 0x8ada, 0x13e0: 0x8b0a, 0x13e1: 0x8b3a, 0x13e2: 0x8b6a, 0x13e3: 0x8b9a,
+	0x13e4: 0x8bc9, 0x13e5: 0x8bf1, 0x13e6: 0x7c71, 0x13e7: 0x8c19, 0x13e8: 0x7be1, 0x13e9: 0x7c99,
+	0x13ea: 0x8c41, 0x13eb: 0x8c69, 0x13ec: 0x7d39, 0x13ed: 0x8c91, 0x13ee: 0x7d61, 0x13ef: 0x7d89,
+	0x13f0: 0x8cb9, 0x13f1: 0x8ce1, 0x13f2: 0x7e29, 0x13f3: 0x8d09, 0x13f4: 0x7e51, 0x13f5: 0x7e79,
+	0x13f6: 0x8d31, 0x13f7: 0x8d59, 0x13f8: 0x7ec9, 0x13f9: 0x8d81, 0x13fa: 0x7ef1, 0x13fb: 0x7f19,
+	0x13fc: 0x83a1, 0x13fd: 0x83c9, 0x13fe: 0x8441, 0x13ff: 0x8469,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x8491, 0x1401: 0x8531, 0x1402: 0x8559, 0x1403: 0x8581, 0x1404: 0x85a9, 0x1405: 0x8649,
+	0x1406: 0x8671, 0x1407: 0x8699, 0x1408: 0x8da9, 0x1409: 0x8739, 0x140a: 0x8dd1, 0x140b: 0x8df9,
+	0x140c: 0x8829, 0x140d: 0x8e21, 0x140e: 0x8851, 0x140f: 0x8879, 0x1410: 0x8a81, 0x1411: 0x8e49,
+	0x1412: 0x8e71, 0x1413: 0x89b9, 0x1414: 0x8e99, 0x1415: 0x89e1, 0x1416: 0x8a09, 0x1417: 0x7c21,
+	0x1418: 0x7c49, 0x1419: 0x8ec1, 0x141a: 0x7c71, 0x141b: 0x8ee9, 0x141c: 0x7cc1, 0x141d: 0x7ce9,
+	0x141e: 0x7d11, 0x141f: 0x7d39, 0x1420: 0x8f11, 0x1421: 0x7db1, 0x1422: 0x7dd9, 0x1423: 0x7e01,
+	0x1424: 0x7e29, 0x1425: 0x8f39, 0x1426: 0x7ec9, 0x1427: 0x7f41, 0x1428: 0x7f69, 0x1429: 0x7f91,
+	0x142a: 0x7fb9, 0x142b: 0x7fe1, 0x142c: 0x8031, 0x142d: 0x8059, 0x142e: 0x8081, 0x142f: 0x80a9,
+	0x1430: 0x80d1, 0x1431: 0x80f9, 0x1432: 0x8f61, 0x1433: 0x8121, 0x1434: 0x8149, 0x1435: 0x8171,
+	0x1436: 0x8199, 0x1437: 0x81c1, 0x1438: 0x81e9, 0x1439: 0x8239, 0x143a: 0x8261, 0x143b: 0x8289,
+	0x143c: 0x82b1, 0x143d: 0x82d9, 0x143e: 0x8301, 0x143f: 0x8329,
+	// Block 0x51, offset 0x1440
+	0x1440: 0x8351, 0x1441: 0x8379, 0x1442: 0x83f1, 0x1443: 0x8419, 0x1444: 0x84b9, 0x1445: 0x84e1,
+	0x1446: 0x8509, 0x1447: 0x8531, 0x1448: 0x8559, 0x1449: 0x85d1, 0x144a: 0x85f9, 0x144b: 0x8621,
+	0x144c: 0x8649, 0x144d: 0x8f89, 0x144e: 0x86c1, 0x144f: 0x86e9, 0x1450: 0x8711, 0x1451: 0x8739,
+	0x1452: 0x87b1, 0x1453: 0x87d9, 0x1454: 0x8801, 0x1455: 0x8829, 0x1456: 0x8fb1, 0x1457: 0x88a1,
+	0x1458: 0x88c9, 0x1459: 0x8fd9, 0x145a: 0x8941, 0x145b: 0x8969, 0x145c: 0x8991, 0x145d: 0x89b9,
+	0x145e: 0x9001, 0x145f: 0x7c71, 0x1460: 0x8ee9, 0x1461: 0x7d39, 0x1462: 0x8f11, 0x1463: 0x7e29,
+	0x1464: 0x8f39, 0x1465: 0x7ec9, 0x1466: 0x9029, 0x1467: 0x80d1, 0x1468: 0x9051, 0x1469: 0x9079,
+	0x146a: 0x90a1, 0x146b: 0x8531, 0x146c: 0x8559, 0x146d: 0x8649, 0x146e: 0x8829, 0x146f: 0x8fb1,
+	0x1470: 0x89b9, 0x1471: 0x9001, 0x1472: 0x90c9, 0x1473: 0x9101, 0x1474: 0x9139, 0x1475: 0x9171,
+	0x1476: 0x9199, 0x1477: 0x91c1, 0x1478: 0x91e9, 0x1479: 0x9211, 0x147a: 0x9239, 0x147b: 0x9261,
+	0x147c: 0x9289, 0x147d: 0x92b1, 0x147e: 0x92d9, 0x147f: 0x9301,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x9329, 0x1481: 0x9351, 0x1482: 0x9379, 0x1483: 0x93a1, 0x1484: 0x93c9, 0x1485: 0x93f1,
+	0x1486: 0x9419, 0x1487: 0x9441, 0x1488: 0x9469, 0x1489: 0x9491, 0x148a: 0x94b9, 0x148b: 0x94e1,
+	0x148c: 0x9079, 0x148d: 0x9509, 0x148e: 0x9531, 0x148f: 0x9559, 0x1490: 0x9581, 0x1491: 0x9171,
+	0x1492: 0x9199, 0x1493: 0x91c1, 0x1494: 0x91e9, 0x1495: 0x9211, 0x1496: 0x9239, 0x1497: 0x9261,
+	0x1498: 0x9289, 0x1499: 0x92b1, 0x149a: 0x92d9, 0x149b: 0x9301, 0x149c: 0x9329, 0x149d: 0x9351,
+	0x149e: 0x9379, 0x149f: 0x93a1, 0x14a0: 0x93c9, 0x14a1: 0x93f1, 0x14a2: 0x9419, 0x14a3: 0x9441,
+	0x14a4: 0x9469, 0x14a5: 0x9491, 0x14a6: 0x94b9, 0x14a7: 0x94e1, 0x14a8: 0x9079, 0x14a9: 0x9509,
+	0x14aa: 0x9531, 0x14ab: 0x9559, 0x14ac: 0x9581, 0x14ad: 0x9491, 0x14ae: 0x94b9, 0x14af: 0x94e1,
+	0x14b0: 0x9079, 0x14b1: 0x9051, 0x14b2: 0x90a1, 0x14b3: 0x8211, 0x14b4: 0x8059, 0x14b5: 0x8081,
+	0x14b6: 0x80a9, 0x14b7: 0x9491, 0x14b8: 0x94b9, 0x14b9: 0x94e1, 0x14ba: 0x8211, 0x14bb: 0x8239,
+	0x14bc: 0x95a9, 0x14bd: 0x95a9, 0x14be: 0x0018, 0x14bf: 0x0018,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0x0040, 0x14c1: 0x0040, 0x14c2: 0x0040, 0x14c3: 0x0040, 0x14c4: 0x0040, 0x14c5: 0x0040,
+	0x14c6: 0x0040, 0x14c7: 0x0040, 0x14c8: 0x0040, 0x14c9: 0x0040, 0x14ca: 0x0040, 0x14cb: 0x0040,
+	0x14cc: 0x0040, 0x14cd: 0x0040, 0x14ce: 0x0040, 0x14cf: 0x0040, 0x14d0: 0x95d1, 0x14d1: 0x9609,
+	0x14d2: 0x9609, 0x14d3: 0x9641, 0x14d4: 0x9679, 0x14d5: 0x96b1, 0x14d6: 0x96e9, 0x14d7: 0x9721,
+	0x14d8: 0x9759, 0x14d9: 0x9759, 0x14da: 0x9791, 0x14db: 0x97c9, 0x14dc: 0x9801, 0x14dd: 0x9839,
+	0x14de: 0x9871, 0x14df: 0x98a9, 0x14e0: 0x98a9, 0x14e1: 0x98e1, 0x14e2: 0x9919, 0x14e3: 0x9919,
+	0x14e4: 0x9951, 0x14e5: 0x9951, 0x14e6: 0x9989, 0x14e7: 0x99c1, 0x14e8: 0x99c1, 0x14e9: 0x99f9,
+	0x14ea: 0x9a31, 0x14eb: 0x9a31, 0x14ec: 0x9a69, 0x14ed: 0x9a69, 0x14ee: 0x9aa1, 0x14ef: 0x9ad9,
+	0x14f0: 0x9ad9, 0x14f1: 0x9b11, 0x14f2: 0x9b11, 0x14f3: 0x9b49, 0x14f4: 0x9b81, 0x14f5: 0x9bb9,
+	0x14f6: 0x9bf1, 0x14f7: 0x9bf1, 0x14f8: 0x9c29, 0x14f9: 0x9c61, 0x14fa: 0x9c99, 0x14fb: 0x9cd1,
+	0x14fc: 0x9d09, 0x14fd: 0x9d09, 0x14fe: 0x9d41, 0x14ff: 0x9d79,
+	// Block 0x54, offset 0x1500
+	0x1500: 0xa949, 0x1501: 0xa981, 0x1502: 0xa9b9, 0x1503: 0xa8a1, 0x1504: 0x9bb9, 0x1505: 0x9989,
+	0x1506: 0xa9f1, 0x1507: 0xaa29, 0x1508: 0x0040, 0x1509: 0x0040, 0x150a: 0x0040, 0x150b: 0x0040,
+	0x150c: 0x0040, 0x150d: 0x0040, 0x150e: 0x0040, 0x150f: 0x0040, 0x1510: 0x0040, 0x1511: 0x0040,
+	0x1512: 0x0040, 0x1513: 0x0040, 0x1514: 0x0040, 0x1515: 0x0040, 0x1516: 0x0040, 0x1517: 0x0040,
+	0x1518: 0x0040, 0x1519: 0x0040, 0x151a: 0x0040, 0x151b: 0x0040, 0x151c: 0x0040, 0x151d: 0x0040,
+	0x151e: 0x0040, 0x151f: 0x0040, 0x1520: 0x0040, 0x1521: 0x0040, 0x1522: 0x0040, 0x1523: 0x0040,
+	0x1524: 0x0040, 0x1525: 0x0040, 0x1526: 0x0040, 0x1527: 0x0040, 0x1528: 0x0040, 0x1529: 0x0040,
+	0x152a: 0x0040, 0x152b: 0x0040, 0x152c: 0x0040, 0x152d: 0x0040, 0x152e: 0x0040, 0x152f: 0x0040,
+	0x1530: 0xaa61, 0x1531: 0xaa99, 0x1532: 0xaad1, 0x1533: 0xab19, 0x1534: 0xab61, 0x1535: 0xaba9,
+	0x1536: 0xabf1, 0x1537: 0xac39, 0x1538: 0xac81, 0x1539: 0xacc9, 0x153a: 0xad02, 0x153b: 0xae12,
+	0x153c: 0xae91, 0x153d: 0x0018, 0x153e: 0x0040, 0x153f: 0x0040,
+	// Block 0x55, offset 0x1540
+	0x1540: 0x33c0, 0x1541: 0x33c0, 0x1542: 0x33c0, 0x1543: 0x33c0, 0x1544: 0x33c0, 0x1545: 0x33c0,
+	0x1546: 0x33c0, 0x1547: 0x33c0, 0x1548: 0x33c0, 0x1549: 0x33c0, 0x154a: 0x33c0, 0x154b: 0x33c0,
+	0x154c: 0x33c0, 0x154d: 0x33c0, 0x154e: 0x33c0, 0x154f: 0x33c0, 0x1550: 0xaeda, 0x1551: 0x7d55,
+	0x1552: 0x0040, 0x1553: 0xaeea, 0x1554: 0x03c2, 0x1555: 0xaefa, 0x1556: 0xaf0a, 0x1557: 0x7d75,
+	0x1558: 0x7d95, 0x1559: 0x0040, 0x155a: 0x0040, 0x155b: 0x0040, 0x155c: 0x0040, 0x155d: 0x0040,
+	0x155e: 0x0040, 0x155f: 0x0040, 0x1560: 0x3308, 0x1561: 0x3308, 0x1562: 0x3308, 0x1563: 0x3308,
+	0x1564: 0x3308, 0x1565: 0x3308, 0x1566: 0x3308, 0x1567: 0x3308, 0x1568: 0x3308, 0x1569: 0x3308,
+	0x156a: 0x3308, 0x156b: 0x3308, 0x156c: 0x3308, 0x156d: 0x3308, 0x156e: 0x3308, 0x156f: 0x3308,
+	0x1570: 0x0040, 0x1571: 0x7db5, 0x1572: 0x7dd5, 0x1573: 0xaf1a, 0x1574: 0xaf1a, 0x1575: 0x1fd2,
+	0x1576: 0x1fe2, 0x1577: 0xaf2a, 0x1578: 0xaf3a, 0x1579: 0x7df5, 0x157a: 0x7e15, 0x157b: 0x7e35,
+	0x157c: 0x7df5, 0x157d: 0x7e55, 0x157e: 0x7e75, 0x157f: 0x7e55,
+	// Block 0x56, offset 0x1580
+	0x1580: 0x7e95, 0x1581: 0x7eb5, 0x1582: 0x7ed5, 0x1583: 0x7eb5, 0x1584: 0x7ef5, 0x1585: 0x0018,
+	0x1586: 0x0018, 0x1587: 0xaf4a, 0x1588: 0xaf5a, 0x1589: 0x7f16, 0x158a: 0x7f36, 0x158b: 0x7f56,
+	0x158c: 0x7f76, 0x158d: 0xaf1a, 0x158e: 0xaf1a, 0x158f: 0xaf1a, 0x1590: 0xaeda, 0x1591: 0x7f95,
+	0x1592: 0x0040, 0x1593: 0x0040, 0x1594: 0x03c2, 0x1595: 0xaeea, 0x1596: 0xaf0a, 0x1597: 0xaefa,
+	0x1598: 0x7fb5, 0x1599: 0x1fd2, 0x159a: 0x1fe2, 0x159b: 0xaf2a, 0x159c: 0xaf3a, 0x159d: 0x7e95,
+	0x159e: 0x7ef5, 0x159f: 0xaf6a, 0x15a0: 0xaf7a, 0x15a1: 0xaf8a, 0x15a2: 0x1fb2, 0x15a3: 0xaf99,
+	0x15a4: 0xafaa, 0x15a5: 0xafba, 0x15a6: 0x1fc2, 0x15a7: 0x0040, 0x15a8: 0xafca, 0x15a9: 0xafda,
+	0x15aa: 0xafea, 0x15ab: 0xaffa, 0x15ac: 0x0040, 0x15ad: 0x0040, 0x15ae: 0x0040, 0x15af: 0x0040,
+	0x15b0: 0x7fd6, 0x15b1: 0xb009, 0x15b2: 0x7ff6, 0x15b3: 0x0808, 0x15b4: 0x8016, 0x15b5: 0x0040,
+	0x15b6: 0x8036, 0x15b7: 0xb031, 0x15b8: 0x8056, 0x15b9: 0xb059, 0x15ba: 0x8076, 0x15bb: 0xb081,
+	0x15bc: 0x8096, 0x15bd: 0xb0a9, 0x15be: 0x80b6, 0x15bf: 0xb0d1,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0xb0f9, 0x15c1: 0xb111, 0x15c2: 0xb111, 0x15c3: 0xb129, 0x15c4: 0xb129, 0x15c5: 0xb141,
+	0x15c6: 0xb141, 0x15c7: 0xb159, 0x15c8: 0xb159, 0x15c9: 0xb171, 0x15ca: 0xb171, 0x15cb: 0xb171,
+	0x15cc: 0xb171, 0x15cd: 0xb189, 0x15ce: 0xb189, 0x15cf: 0xb1a1, 0x15d0: 0xb1a1, 0x15d1: 0xb1a1,
+	0x15d2: 0xb1a1, 0x15d3: 0xb1b9, 0x15d4: 0xb1b9, 0x15d5: 0xb1d1, 0x15d6: 0xb1d1, 0x15d7: 0xb1d1,
+	0x15d8: 0xb1d1, 0x15d9: 0xb1e9, 0x15da: 0xb1e9, 0x15db: 0xb1e9, 0x15dc: 0xb1e9, 0x15dd: 0xb201,
+	0x15de: 0xb201, 0x15df: 0xb201, 0x15e0: 0xb201, 0x15e1: 0xb219, 0x15e2: 0xb219, 0x15e3: 0xb219,
+	0x15e4: 0xb219, 0x15e5: 0xb231, 0x15e6: 0xb231, 0x15e7: 0xb231, 0x15e8: 0xb231, 0x15e9: 0xb249,
+	0x15ea: 0xb249, 0x15eb: 0xb261, 0x15ec: 0xb261, 0x15ed: 0xb279, 0x15ee: 0xb279, 0x15ef: 0xb291,
+	0x15f0: 0xb291, 0x15f1: 0xb2a9, 0x15f2: 0xb2a9, 0x15f3: 0xb2a9, 0x15f4: 0xb2a9, 0x15f5: 0xb2c1,
+	0x15f6: 0xb2c1, 0x15f7: 0xb2c1, 0x15f8: 0xb2c1, 0x15f9: 0xb2d9, 0x15fa: 0xb2d9, 0x15fb: 0xb2d9,
+	0x15fc: 0xb2d9, 0x15fd: 0xb2f1, 0x15fe: 0xb2f1, 0x15ff: 0xb2f1,
+	// Block 0x58, offset 0x1600
+	0x1600: 0xb2f1, 0x1601: 0xb309, 0x1602: 0xb309, 0x1603: 0xb309, 0x1604: 0xb309, 0x1605: 0xb321,
+	0x1606: 0xb321, 0x1607: 0xb321, 0x1608: 0xb321, 0x1609: 0xb339, 0x160a: 0xb339, 0x160b: 0xb339,
+	0x160c: 0xb339, 0x160d: 0xb351, 0x160e: 0xb351, 0x160f: 0xb351, 0x1610: 0xb351, 0x1611: 0xb369,
+	0x1612: 0xb369, 0x1613: 0xb369, 0x1614: 0xb369, 0x1615: 0xb381, 0x1616: 0xb381, 0x1617: 0xb381,
+	0x1618: 0xb381, 0x1619: 0xb399, 0x161a: 0xb399, 0x161b: 0xb399, 0x161c: 0xb399, 0x161d: 0xb3b1,
+	0x161e: 0xb3b1, 0x161f: 0xb3b1, 0x1620: 0xb3b1, 0x1621: 0xb3c9, 0x1622: 0xb3c9, 0x1623: 0xb3c9,
+	0x1624: 0xb3c9, 0x1625: 0xb3e1, 0x1626: 0xb3e1, 0x1627: 0xb3e1, 0x1628: 0xb3e1, 0x1629: 0xb3f9,
+	0x162a: 0xb3f9, 0x162b: 0xb3f9, 0x162c: 0xb3f9, 0x162d: 0xb411, 0x162e: 0xb411, 0x162f: 0x7ab1,
+	0x1630: 0x7ab1, 0x1631: 0xb429, 0x1632: 0xb429, 0x1633: 0xb429, 0x1634: 0xb429, 0x1635: 0xb441,
+	0x1636: 0xb441, 0x1637: 0xb469, 0x1638: 0xb469, 0x1639: 0xb491, 0x163a: 0xb491, 0x163b: 0xb4b9,
+	0x163c: 0xb4b9, 0x163d: 0x0040, 0x163e: 0x0040, 0x163f: 0x03c0,
+	// Block 0x59, offset 0x1640
+	0x1640: 0x0040, 0x1641: 0xaefa, 0x1642: 0xb4e2, 0x1643: 0xaf6a, 0x1644: 0xafda, 0x1645: 0xafea,
+	0x1646: 0xaf7a, 0x1647: 0xb4f2, 0x1648: 0x1fd2, 0x1649: 0x1fe2, 0x164a: 0xaf8a, 0x164b: 0x1fb2,
+	0x164c: 0xaeda, 0x164d: 0xaf99, 0x164e: 0x29d1, 0x164f: 0xb502, 0x1650: 0x1f41, 0x1651: 0x00c9,
+	0x1652: 0x0069, 0x1653: 0x0079, 0x1654: 0x1f51, 0x1655: 0x1f61, 0x1656: 0x1f71, 0x1657: 0x1f81,
+	0x1658: 0x1f91, 0x1659: 0x1fa1, 0x165a: 0xaeea, 0x165b: 0x03c2, 0x165c: 0xafaa, 0x165d: 0x1fc2,
+	0x165e: 0xafba, 0x165f: 0xaf0a, 0x1660: 0xaffa, 0x1661: 0x0039, 0x1662: 0x0ee9, 0x1663: 0x1159,
+	0x1664: 0x0ef9, 0x1665: 0x0f09, 0x1666: 0x1199, 0x1667: 0x0f31, 0x1668: 0x0249, 0x1669: 0x0f41,
+	0x166a: 0x0259, 0x166b: 0x0f51, 0x166c: 0x0359, 0x166d: 0x0f61, 0x166e: 0x0f71, 0x166f: 0x00d9,
+	0x1670: 0x0f99, 0x1671: 0x2039, 0x1672: 0x0269, 0x1673: 0x01d9, 0x1674: 0x0fa9, 0x1675: 0x0fb9,
+	0x1676: 0x1089, 0x1677: 0x0279, 0x1678: 0x0369, 0x1679: 0x0289, 0x167a: 0x13d1, 0x167b: 0xaf4a,
+	0x167c: 0xafca, 0x167d: 0xaf5a, 0x167e: 0xb512, 0x167f: 0xaf1a,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x1caa, 0x1681: 0x0039, 0x1682: 0x0ee9, 0x1683: 0x1159, 0x1684: 0x0ef9, 0x1685: 0x0f09,
+	0x1686: 0x1199, 0x1687: 0x0f31, 0x1688: 0x0249, 0x1689: 0x0f41, 0x168a: 0x0259, 0x168b: 0x0f51,
+	0x168c: 0x0359, 0x168d: 0x0f61, 0x168e: 0x0f71, 0x168f: 0x00d9, 0x1690: 0x0f99, 0x1691: 0x2039,
+	0x1692: 0x0269, 0x1693: 0x01d9, 0x1694: 0x0fa9, 0x1695: 0x0fb9, 0x1696: 0x1089, 0x1697: 0x0279,
+	0x1698: 0x0369, 0x1699: 0x0289, 0x169a: 0x13d1, 0x169b: 0xaf2a, 0x169c: 0xb522, 0x169d: 0xaf3a,
+	0x169e: 0xb532, 0x169f: 0x80d5, 0x16a0: 0x80f5, 0x16a1: 0x29d1, 0x16a2: 0x8115, 0x16a3: 0x8115,
+	0x16a4: 0x8135, 0x16a5: 0x8155, 0x16a6: 0x8175, 0x16a7: 0x8195, 0x16a8: 0x81b5, 0x16a9: 0x81d5,
+	0x16aa: 0x81f5, 0x16ab: 0x8215, 0x16ac: 0x8235, 0x16ad: 0x8255, 0x16ae: 0x8275, 0x16af: 0x8295,
+	0x16b0: 0x82b5, 0x16b1: 0x82d5, 0x16b2: 0x82f5, 0x16b3: 0x8315, 0x16b4: 0x8335, 0x16b5: 0x8355,
+	0x16b6: 0x8375, 0x16b7: 0x8395, 0x16b8: 0x83b5, 0x16b9: 0x83d5, 0x16ba: 0x83f5, 0x16bb: 0x8415,
+	0x16bc: 0x81b5, 0x16bd: 0x8435, 0x16be: 0x8455, 0x16bf: 0x8215,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x8475, 0x16c1: 0x8495, 0x16c2: 0x84b5, 0x16c3: 0x84d5, 0x16c4: 0x84f5, 0x16c5: 0x8515,
+	0x16c6: 0x8535, 0x16c7: 0x8555, 0x16c8: 0x84d5, 0x16c9: 0x8575, 0x16ca: 0x84d5, 0x16cb: 0x8595,
+	0x16cc: 0x8595, 0x16cd: 0x85b5, 0x16ce: 0x85b5, 0x16cf: 0x85d5, 0x16d0: 0x8515, 0x16d1: 0x85f5,
+	0x16d2: 0x8615, 0x16d3: 0x85f5, 0x16d4: 0x8635, 0x16d5: 0x8615, 0x16d6: 0x8655, 0x16d7: 0x8655,
+	0x16d8: 0x8675, 0x16d9: 0x8675, 0x16da: 0x8695, 0x16db: 0x8695, 0x16dc: 0x8615, 0x16dd: 0x8115,
+	0x16de: 0x86b5, 0x16df: 0x86d5, 0x16e0: 0x0040, 0x16e1: 0x86f5, 0x16e2: 0x8715, 0x16e3: 0x8735,
+	0x16e4: 0x8755, 0x16e5: 0x8735, 0x16e6: 0x8775, 0x16e7: 0x8795, 0x16e8: 0x87b5, 0x16e9: 0x87b5,
+	0x16ea: 0x87d5, 0x16eb: 0x87d5, 0x16ec: 0x87f5, 0x16ed: 0x87f5, 0x16ee: 0x87d5, 0x16ef: 0x87d5,
+	0x16f0: 0x8815, 0x16f1: 0x8835, 0x16f2: 0x8855, 0x16f3: 0x8875, 0x16f4: 0x8895, 0x16f5: 0x88b5,
+	0x16f6: 0x88b5, 0x16f7: 0x88b5, 0x16f8: 0x88d5, 0x16f9: 0x88d5, 0x16fa: 0x88d5, 0x16fb: 0x88d5,
+	0x16fc: 0x87b5, 0x16fd: 0x87b5, 0x16fe: 0x87b5, 0x16ff: 0x0040,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x0040, 0x1701: 0x0040, 0x1702: 0x8715, 0x1703: 0x86f5, 0x1704: 0x88f5, 0x1705: 0x86f5,
+	0x1706: 0x8715, 0x1707: 0x86f5, 0x1708: 0x0040, 0x1709: 0x0040, 0x170a: 0x8915, 0x170b: 0x8715,
+	0x170c: 0x8935, 0x170d: 0x88f5, 0x170e: 0x8935, 0x170f: 0x8715, 0x1710: 0x0040, 0x1711: 0x0040,
+	0x1712: 0x8955, 0x1713: 0x8975, 0x1714: 0x8875, 0x1715: 0x8935, 0x1716: 0x88f5, 0x1717: 0x8935,
+	0x1718: 0x0040, 0x1719: 0x0040, 0x171a: 0x8995, 0x171b: 0x89b5, 0x171c: 0x8995, 0x171d: 0x0040,
+	0x171e: 0x0040, 0x171f: 0x0040, 0x1720: 0xb541, 0x1721: 0xb559, 0x1722: 0xb571, 0x1723: 0x89d6,
+	0x1724: 0xb589, 0x1725: 0xb5a1, 0x1726: 0x89f5, 0x1727: 0x0040, 0x1728: 0x8a15, 0x1729: 0x8a35,
+	0x172a: 0x8a55, 0x172b: 0x8a35, 0x172c: 0x8a75, 0x172d: 0x8a95, 0x172e: 0x8ab5, 0x172f: 0x0040,
+	0x1730: 0x0040, 0x1731: 0x0040, 0x1732: 0x0040, 0x1733: 0x0040, 0x1734: 0x0040, 0x1735: 0x0040,
+	0x1736: 0x0040, 0x1737: 0x0040, 0x1738: 0x0040, 0x1739: 0x0340, 0x173a: 0x0340, 0x173b: 0x0340,
+	0x173c: 0x0040, 0x173d: 0x0040, 0x173e: 0x0040, 0x173f: 0x0040,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x0a08, 0x1741: 0x0a08, 0x1742: 0x0a08, 0x1743: 0x0a08, 0x1744: 0x0a08, 0x1745: 0x0c08,
+	0x1746: 0x0808, 0x1747: 0x0c08, 0x1748: 0x0818, 0x1749: 0x0c08, 0x174a: 0x0c08, 0x174b: 0x0808,
+	0x174c: 0x0808, 0x174d: 0x0908, 0x174e: 0x0c08, 0x174f: 0x0c08, 0x1750: 0x0c08, 0x1751: 0x0c08,
+	0x1752: 0x0c08, 0x1753: 0x0a08, 0x1754: 0x0a08, 0x1755: 0x0a08, 0x1756: 0x0a08, 0x1757: 0x0908,
+	0x1758: 0x0a08, 0x1759: 0x0a08, 0x175a: 0x0a08, 0x175b: 0x0a08, 0x175c: 0x0a08, 0x175d: 0x0c08,
+	0x175e: 0x0a08, 0x175f: 0x0a08, 0x1760: 0x0a08, 0x1761: 0x0c08, 0x1762: 0x0808, 0x1763: 0x0808,
+	0x1764: 0x0c08, 0x1765: 0x3308, 0x1766: 0x3308, 0x1767: 0x0040, 0x1768: 0x0040, 0x1769: 0x0040,
+	0x176a: 0x0040, 0x176b: 0x0a18, 0x176c: 0x0a18, 0x176d: 0x0a18, 0x176e: 0x0a18, 0x176f: 0x0c18,
+	0x1770: 0x0818, 0x1771: 0x0818, 0x1772: 0x0818, 0x1773: 0x0818, 0x1774: 0x0818, 0x1775: 0x0818,
+	0x1776: 0x0818, 0x1777: 0x0040, 0x1778: 0x0040, 0x1779: 0x0040, 0x177a: 0x0040, 0x177b: 0x0040,
+	0x177c: 0x0040, 0x177d: 0x0040, 0x177e: 0x0040, 0x177f: 0x0040,
+	// Block 0x5e, offset 0x1780
+	0x1780: 0x0a08, 0x1781: 0x0c08, 0x1782: 0x0a08, 0x1783: 0x0c08, 0x1784: 0x0c08, 0x1785: 0x0c08,
+	0x1786: 0x0a08, 0x1787: 0x0a08, 0x1788: 0x0a08, 0x1789: 0x0c08, 0x178a: 0x0a08, 0x178b: 0x0a08,
+	0x178c: 0x0c08, 0x178d: 0x0a08, 0x178e: 0x0c08, 0x178f: 0x0c08, 0x1790: 0x0a08, 0x1791: 0x0c08,
+	0x1792: 0x0040, 0x1793: 0x0040, 0x1794: 0x0040, 0x1795: 0x0040, 0x1796: 0x0040, 0x1797: 0x0040,
+	0x1798: 0x0040, 0x1799: 0x0818, 0x179a: 0x0818, 0x179b: 0x0818, 0x179c: 0x0818, 0x179d: 0x0040,
+	0x179e: 0x0040, 0x179f: 0x0040, 0x17a0: 0x0040, 0x17a1: 0x0040, 0x17a2: 0x0040, 0x17a3: 0x0040,
+	0x17a4: 0x0040, 0x17a5: 0x0040, 0x17a6: 0x0040, 0x17a7: 0x0040, 0x17a8: 0x0040, 0x17a9: 0x0c18,
+	0x17aa: 0x0c18, 0x17ab: 0x0c18, 0x17ac: 0x0c18, 0x17ad: 0x0a18, 0x17ae: 0x0a18, 0x17af: 0x0818,
+	0x17b0: 0x0040, 0x17b1: 0x0040, 0x17b2: 0x0040, 0x17b3: 0x0040, 0x17b4: 0x0040, 0x17b5: 0x0040,
+	0x17b6: 0x0040, 0x17b7: 0x0040, 0x17b8: 0x0040, 0x17b9: 0x0040, 0x17ba: 0x0040, 0x17bb: 0x0040,
+	0x17bc: 0x0040, 0x17bd: 0x0040, 0x17be: 0x0040, 0x17bf: 0x0040,
+	// Block 0x5f, offset 0x17c0
+	0x17c0: 0x3308, 0x17c1: 0x3308, 0x17c2: 0x3008, 0x17c3: 0x3008, 0x17c4: 0x0040, 0x17c5: 0x0008,
+	0x17c6: 0x0008, 0x17c7: 0x0008, 0x17c8: 0x0008, 0x17c9: 0x0008, 0x17ca: 0x0008, 0x17cb: 0x0008,
+	0x17cc: 0x0008, 0x17cd: 0x0040, 0x17ce: 0x0040, 0x17cf: 0x0008, 0x17d0: 0x0008, 0x17d1: 0x0040,
+	0x17d2: 0x0040, 0x17d3: 0x0008, 0x17d4: 0x0008, 0x17d5: 0x0008, 0x17d6: 0x0008, 0x17d7: 0x0008,
+	0x17d8: 0x0008, 0x17d9: 0x0008, 0x17da: 0x0008, 0x17db: 0x0008, 0x17dc: 0x0008, 0x17dd: 0x0008,
+	0x17de: 0x0008, 0x17df: 0x0008, 0x17e0: 0x0008, 0x17e1: 0x0008, 0x17e2: 0x0008, 0x17e3: 0x0008,
+	0x17e4: 0x0008, 0x17e5: 0x0008, 0x17e6: 0x0008, 0x17e7: 0x0008, 0x17e8: 0x0008, 0x17e9: 0x0040,
+	0x17ea: 0x0008, 0x17eb: 0x0008, 0x17ec: 0x0008, 0x17ed: 0x0008, 0x17ee: 0x0008, 0x17ef: 0x0008,
+	0x17f0: 0x0008, 0x17f1: 0x0040, 0x17f2: 0x0008, 0x17f3: 0x0008, 0x17f4: 0x0040, 0x17f5: 0x0008,
+	0x17f6: 0x0008, 0x17f7: 0x0008, 0x17f8: 0x0008, 0x17f9: 0x0008, 0x17fa: 0x0040, 0x17fb: 0x0040,
+	0x17fc: 0x3308, 0x17fd: 0x0008, 0x17fe: 0x3008, 0x17ff: 0x3008,
+	// Block 0x60, offset 0x1800
+	0x1800: 0x3308, 0x1801: 0x3008, 0x1802: 0x3008, 0x1803: 0x3008, 0x1804: 0x3008, 0x1805: 0x0040,
+	0x1806: 0x0040, 0x1807: 0x3008, 0x1808: 0x3008, 0x1809: 0x0040, 0x180a: 0x0040, 0x180b: 0x3008,
+	0x180c: 0x3008, 0x180d: 0x3808, 0x180e: 0x0040, 0x180f: 0x0040, 0x1810: 0x0008, 0x1811: 0x0040,
+	0x1812: 0x0040, 0x1813: 0x0040, 0x1814: 0x0040, 0x1815: 0x0040, 0x1816: 0x0040, 0x1817: 0x3008,
+	0x1818: 0x0040, 0x1819: 0x0040, 0x181a: 0x0040, 0x181b: 0x0040, 0x181c: 0x0040, 0x181d: 0x0008,
+	0x181e: 0x0008, 0x181f: 0x0008, 0x1820: 0x0008, 0x1821: 0x0008, 0x1822: 0x3008, 0x1823: 0x3008,
+	0x1824: 0x0040, 0x1825: 0x0040, 0x1826: 0x3308, 0x1827: 0x3308, 0x1828: 0x3308, 0x1829: 0x3308,
+	0x182a: 0x3308, 0x182b: 0x3308, 0x182c: 0x3308, 0x182d: 0x0040, 0x182e: 0x0040, 0x182f: 0x0040,
+	0x1830: 0x3308, 0x1831: 0x3308, 0x1832: 0x3308, 0x1833: 0x3308, 0x1834: 0x3308, 0x1835: 0x0040,
+	0x1836: 0x0040, 0x1837: 0x0040, 0x1838: 0x0040, 0x1839: 0x0040, 0x183a: 0x0040, 0x183b: 0x0040,
+	0x183c: 0x0040, 0x183d: 0x0040, 0x183e: 0x0040, 0x183f: 0x0040,
+	// Block 0x61, offset 0x1840
+	0x1840: 0x0039, 0x1841: 0x0ee9, 0x1842: 0x1159, 0x1843: 0x0ef9, 0x1844: 0x0f09, 0x1845: 0x1199,
+	0x1846: 0x0f31, 0x1847: 0x0249, 0x1848: 0x0f41, 0x1849: 0x0259, 0x184a: 0x0f51, 0x184b: 0x0359,
+	0x184c: 0x0f61, 0x184d: 0x0f71, 0x184e: 0x00d9, 0x184f: 0x0f99, 0x1850: 0x2039, 0x1851: 0x0269,
+	0x1852: 0x01d9, 0x1853: 0x0fa9, 0x1854: 0x0fb9, 0x1855: 0x1089, 0x1856: 0x0279, 0x1857: 0x0369,
+	0x1858: 0x0289, 0x1859: 0x13d1, 0x185a: 0x0039, 0x185b: 0x0ee9, 0x185c: 0x1159, 0x185d: 0x0ef9,
+	0x185e: 0x0f09, 0x185f: 0x1199, 0x1860: 0x0f31, 0x1861: 0x0249, 0x1862: 0x0f41, 0x1863: 0x0259,
+	0x1864: 0x0f51, 0x1865: 0x0359, 0x1866: 0x0f61, 0x1867: 0x0f71, 0x1868: 0x00d9, 0x1869: 0x0f99,
+	0x186a: 0x2039, 0x186b: 0x0269, 0x186c: 0x01d9, 0x186d: 0x0fa9, 0x186e: 0x0fb9, 0x186f: 0x1089,
+	0x1870: 0x0279, 0x1871: 0x0369, 0x1872: 0x0289, 0x1873: 0x13d1, 0x1874: 0x0039, 0x1875: 0x0ee9,
+	0x1876: 0x1159, 0x1877: 0x0ef9, 0x1878: 0x0f09, 0x1879: 0x1199, 0x187a: 0x0f31, 0x187b: 0x0249,
+	0x187c: 0x0f41, 0x187d: 0x0259, 0x187e: 0x0f51, 0x187f: 0x0359,
+	// Block 0x62, offset 0x1880
+	0x1880: 0x0f61, 0x1881: 0x0f71, 0x1882: 0x00d9, 0x1883: 0x0f99, 0x1884: 0x2039, 0x1885: 0x0269,
+	0x1886: 0x01d9, 0x1887: 0x0fa9, 0x1888: 0x0fb9, 0x1889: 0x1089, 0x188a: 0x0279, 0x188b: 0x0369,
+	0x188c: 0x0289, 0x188d: 0x13d1, 0x188e: 0x0039, 0x188f: 0x0ee9, 0x1890: 0x1159, 0x1891: 0x0ef9,
+	0x1892: 0x0f09, 0x1893: 0x1199, 0x1894: 0x0f31, 0x1895: 0x0040, 0x1896: 0x0f41, 0x1897: 0x0259,
+	0x1898: 0x0f51, 0x1899: 0x0359, 0x189a: 0x0f61, 0x189b: 0x0f71, 0x189c: 0x00d9, 0x189d: 0x0f99,
+	0x189e: 0x2039, 0x189f: 0x0269, 0x18a0: 0x01d9, 0x18a1: 0x0fa9, 0x18a2: 0x0fb9, 0x18a3: 0x1089,
+	0x18a4: 0x0279, 0x18a5: 0x0369, 0x18a6: 0x0289, 0x18a7: 0x13d1, 0x18a8: 0x0039, 0x18a9: 0x0ee9,
+	0x18aa: 0x1159, 0x18ab: 0x0ef9, 0x18ac: 0x0f09, 0x18ad: 0x1199, 0x18ae: 0x0f31, 0x18af: 0x0249,
+	0x18b0: 0x0f41, 0x18b1: 0x0259, 0x18b2: 0x0f51, 0x18b3: 0x0359, 0x18b4: 0x0f61, 0x18b5: 0x0f71,
+	0x18b6: 0x00d9, 0x18b7: 0x0f99, 0x18b8: 0x2039, 0x18b9: 0x0269, 0x18ba: 0x01d9, 0x18bb: 0x0fa9,
+	0x18bc: 0x0fb9, 0x18bd: 0x1089, 0x18be: 0x0279, 0x18bf: 0x0369,
+	// Block 0x63, offset 0x18c0
+	0x18c0: 0x0289, 0x18c1: 0x13d1, 0x18c2: 0x0039, 0x18c3: 0x0ee9, 0x18c4: 0x1159, 0x18c5: 0x0ef9,
+	0x18c6: 0x0f09, 0x18c7: 0x1199, 0x18c8: 0x0f31, 0x18c9: 0x0249, 0x18ca: 0x0f41, 0x18cb: 0x0259,
+	0x18cc: 0x0f51, 0x18cd: 0x0359, 0x18ce: 0x0f61, 0x18cf: 0x0f71, 0x18d0: 0x00d9, 0x18d1: 0x0f99,
+	0x18d2: 0x2039, 0x18d3: 0x0269, 0x18d4: 0x01d9, 0x18d5: 0x0fa9, 0x18d6: 0x0fb9, 0x18d7: 0x1089,
+	0x18d8: 0x0279, 0x18d9: 0x0369, 0x18da: 0x0289, 0x18db: 0x13d1, 0x18dc: 0x0039, 0x18dd: 0x0040,
+	0x18de: 0x1159, 0x18df: 0x0ef9, 0x18e0: 0x0040, 0x18e1: 0x0040, 0x18e2: 0x0f31, 0x18e3: 0x0040,
+	0x18e4: 0x0040, 0x18e5: 0x0259, 0x18e6: 0x0f51, 0x18e7: 0x0040, 0x18e8: 0x0040, 0x18e9: 0x0f71,
+	0x18ea: 0x00d9, 0x18eb: 0x0f99, 0x18ec: 0x2039, 0x18ed: 0x0040, 0x18ee: 0x01d9, 0x18ef: 0x0fa9,
+	0x18f0: 0x0fb9, 0x18f1: 0x1089, 0x18f2: 0x0279, 0x18f3: 0x0369, 0x18f4: 0x0289, 0x18f5: 0x13d1,
+	0x18f6: 0x0039, 0x18f7: 0x0ee9, 0x18f8: 0x1159, 0x18f9: 0x0ef9, 0x18fa: 0x0040, 0x18fb: 0x1199,
+	0x18fc: 0x0040, 0x18fd: 0x0249, 0x18fe: 0x0f41, 0x18ff: 0x0259,
+	// Block 0x64, offset 0x1900
+	0x1900: 0x0f51, 0x1901: 0x0359, 0x1902: 0x0f61, 0x1903: 0x0f71, 0x1904: 0x0040, 0x1905: 0x0f99,
+	0x1906: 0x2039, 0x1907: 0x0269, 0x1908: 0x01d9, 0x1909: 0x0fa9, 0x190a: 0x0fb9, 0x190b: 0x1089,
+	0x190c: 0x0279, 0x190d: 0x0369, 0x190e: 0x0289, 0x190f: 0x13d1, 0x1910: 0x0039, 0x1911: 0x0ee9,
+	0x1912: 0x1159, 0x1913: 0x0ef9, 0x1914: 0x0f09, 0x1915: 0x1199, 0x1916: 0x0f31, 0x1917: 0x0249,
+	0x1918: 0x0f41, 0x1919: 0x0259, 0x191a: 0x0f51, 0x191b: 0x0359, 0x191c: 0x0f61, 0x191d: 0x0f71,
+	0x191e: 0x00d9, 0x191f: 0x0f99, 0x1920: 0x2039, 0x1921: 0x0269, 0x1922: 0x01d9, 0x1923: 0x0fa9,
+	0x1924: 0x0fb9, 0x1925: 0x1089, 0x1926: 0x0279, 0x1927: 0x0369, 0x1928: 0x0289, 0x1929: 0x13d1,
+	0x192a: 0x0039, 0x192b: 0x0ee9, 0x192c: 0x1159, 0x192d: 0x0ef9, 0x192e: 0x0f09, 0x192f: 0x1199,
+	0x1930: 0x0f31, 0x1931: 0x0249, 0x1932: 0x0f41, 0x1933: 0x0259, 0x1934: 0x0f51, 0x1935: 0x0359,
+	0x1936: 0x0f61, 0x1937: 0x0f71, 0x1938: 0x00d9, 0x1939: 0x0f99, 0x193a: 0x2039, 0x193b: 0x0269,
+	0x193c: 0x01d9, 0x193d: 0x0fa9, 0x193e: 0x0fb9, 0x193f: 0x1089,
+	// Block 0x65, offset 0x1940
+	0x1940: 0x0279, 0x1941: 0x0369, 0x1942: 0x0289, 0x1943: 0x13d1, 0x1944: 0x0039, 0x1945: 0x0ee9,
+	0x1946: 0x0040, 0x1947: 0x0ef9, 0x1948: 0x0f09, 0x1949: 0x1199, 0x194a: 0x0f31, 0x194b: 0x0040,
+	0x194c: 0x0040, 0x194d: 0x0259, 0x194e: 0x0f51, 0x194f: 0x0359, 0x1950: 0x0f61, 0x1951: 0x0f71,
+	0x1952: 0x00d9, 0x1953: 0x0f99, 0x1954: 0x2039, 0x1955: 0x0040, 0x1956: 0x01d9, 0x1957: 0x0fa9,
+	0x1958: 0x0fb9, 0x1959: 0x1089, 0x195a: 0x0279, 0x195b: 0x0369, 0x195c: 0x0289, 0x195d: 0x0040,
+	0x195e: 0x0039, 0x195f: 0x0ee9, 0x1960: 0x1159, 0x1961: 0x0ef9, 0x1962: 0x0f09, 0x1963: 0x1199,
+	0x1964: 0x0f31, 0x1965: 0x0249, 0x1966: 0x0f41, 0x1967: 0x0259, 0x1968: 0x0f51, 0x1969: 0x0359,
+	0x196a: 0x0f61, 0x196b: 0x0f71, 0x196c: 0x00d9, 0x196d: 0x0f99, 0x196e: 0x2039, 0x196f: 0x0269,
+	0x1970: 0x01d9, 0x1971: 0x0fa9, 0x1972: 0x0fb9, 0x1973: 0x1089, 0x1974: 0x0279, 0x1975: 0x0369,
+	0x1976: 0x0289, 0x1977: 0x13d1, 0x1978: 0x0039, 0x1979: 0x0ee9, 0x197a: 0x0040, 0x197b: 0x0ef9,
+	0x197c: 0x0f09, 0x197d: 0x1199, 0x197e: 0x0f31, 0x197f: 0x0040,
+	// Block 0x66, offset 0x1980
+	0x1980: 0x0f41, 0x1981: 0x0259, 0x1982: 0x0f51, 0x1983: 0x0359, 0x1984: 0x0f61, 0x1985: 0x0040,
+	0x1986: 0x00d9, 0x1987: 0x0040, 0x1988: 0x0040, 0x1989: 0x0040, 0x198a: 0x01d9, 0x198b: 0x0fa9,
+	0x198c: 0x0fb9, 0x198d: 0x1089, 0x198e: 0x0279, 0x198f: 0x0369, 0x1990: 0x0289, 0x1991: 0x0040,
+	0x1992: 0x0039, 0x1993: 0x0ee9, 0x1994: 0x1159, 0x1995: 0x0ef9, 0x1996: 0x0f09, 0x1997: 0x1199,
+	0x1998: 0x0f31, 0x1999: 0x0249, 0x199a: 0x0f41, 0x199b: 0x0259, 0x199c: 0x0f51, 0x199d: 0x0359,
+	0x199e: 0x0f61, 0x199f: 0x0f71, 0x19a0: 0x00d9, 0x19a1: 0x0f99, 0x19a2: 0x2039, 0x19a3: 0x0269,
+	0x19a4: 0x01d9, 0x19a5: 0x0fa9, 0x19a6: 0x0fb9, 0x19a7: 0x1089, 0x19a8: 0x0279, 0x19a9: 0x0369,
+	0x19aa: 0x0289, 0x19ab: 0x13d1, 0x19ac: 0x0039, 0x19ad: 0x0ee9, 0x19ae: 0x1159, 0x19af: 0x0ef9,
+	0x19b0: 0x0f09, 0x19b1: 0x1199, 0x19b2: 0x0f31, 0x19b3: 0x0249, 0x19b4: 0x0f41, 0x19b5: 0x0259,
+	0x19b6: 0x0f51, 0x19b7: 0x0359, 0x19b8: 0x0f61, 0x19b9: 0x0f71, 0x19ba: 0x00d9, 0x19bb: 0x0f99,
+	0x19bc: 0x2039, 0x19bd: 0x0269, 0x19be: 0x01d9, 0x19bf: 0x0fa9,
+	// Block 0x67, offset 0x19c0
+	0x19c0: 0x0fb9, 0x19c1: 0x1089, 0x19c2: 0x0279, 0x19c3: 0x0369, 0x19c4: 0x0289, 0x19c5: 0x13d1,
+	0x19c6: 0x0039, 0x19c7: 0x0ee9, 0x19c8: 0x1159, 0x19c9: 0x0ef9, 0x19ca: 0x0f09, 0x19cb: 0x1199,
+	0x19cc: 0x0f31, 0x19cd: 0x0249, 0x19ce: 0x0f41, 0x19cf: 0x0259, 0x19d0: 0x0f51, 0x19d1: 0x0359,
+	0x19d2: 0x0f61, 0x19d3: 0x0f71, 0x19d4: 0x00d9, 0x19d5: 0x0f99, 0x19d6: 0x2039, 0x19d7: 0x0269,
+	0x19d8: 0x01d9, 0x19d9: 0x0fa9, 0x19da: 0x0fb9, 0x19db: 0x1089, 0x19dc: 0x0279, 0x19dd: 0x0369,
+	0x19de: 0x0289, 0x19df: 0x13d1, 0x19e0: 0x0039, 0x19e1: 0x0ee9, 0x19e2: 0x1159, 0x19e3: 0x0ef9,
+	0x19e4: 0x0f09, 0x19e5: 0x1199, 0x19e6: 0x0f31, 0x19e7: 0x0249, 0x19e8: 0x0f41, 0x19e9: 0x0259,
+	0x19ea: 0x0f51, 0x19eb: 0x0359, 0x19ec: 0x0f61, 0x19ed: 0x0f71, 0x19ee: 0x00d9, 0x19ef: 0x0f99,
+	0x19f0: 0x2039, 0x19f1: 0x0269, 0x19f2: 0x01d9, 0x19f3: 0x0fa9, 0x19f4: 0x0fb9, 0x19f5: 0x1089,
+	0x19f6: 0x0279, 0x19f7: 0x0369, 0x19f8: 0x0289, 0x19f9: 0x13d1, 0x19fa: 0x0039, 0x19fb: 0x0ee9,
+	0x19fc: 0x1159, 0x19fd: 0x0ef9, 0x19fe: 0x0f09, 0x19ff: 0x1199,
+	// Block 0x68, offset 0x1a00
+	0x1a00: 0x0f31, 0x1a01: 0x0249, 0x1a02: 0x0f41, 0x1a03: 0x0259, 0x1a04: 0x0f51, 0x1a05: 0x0359,
+	0x1a06: 0x0f61, 0x1a07: 0x0f71, 0x1a08: 0x00d9, 0x1a09: 0x0f99, 0x1a0a: 0x2039, 0x1a0b: 0x0269,
+	0x1a0c: 0x01d9, 0x1a0d: 0x0fa9, 0x1a0e: 0x0fb9, 0x1a0f: 0x1089, 0x1a10: 0x0279, 0x1a11: 0x0369,
+	0x1a12: 0x0289, 0x1a13: 0x13d1, 0x1a14: 0x0039, 0x1a15: 0x0ee9, 0x1a16: 0x1159, 0x1a17: 0x0ef9,
+	0x1a18: 0x0f09, 0x1a19: 0x1199, 0x1a1a: 0x0f31, 0x1a1b: 0x0249, 0x1a1c: 0x0f41, 0x1a1d: 0x0259,
+	0x1a1e: 0x0f51, 0x1a1f: 0x0359, 0x1a20: 0x0f61, 0x1a21: 0x0f71, 0x1a22: 0x00d9, 0x1a23: 0x0f99,
+	0x1a24: 0x2039, 0x1a25: 0x0269, 0x1a26: 0x01d9, 0x1a27: 0x0fa9, 0x1a28: 0x0fb9, 0x1a29: 0x1089,
+	0x1a2a: 0x0279, 0x1a2b: 0x0369, 0x1a2c: 0x0289, 0x1a2d: 0x13d1, 0x1a2e: 0x0039, 0x1a2f: 0x0ee9,
+	0x1a30: 0x1159, 0x1a31: 0x0ef9, 0x1a32: 0x0f09, 0x1a33: 0x1199, 0x1a34: 0x0f31, 0x1a35: 0x0249,
+	0x1a36: 0x0f41, 0x1a37: 0x0259, 0x1a38: 0x0f51, 0x1a39: 0x0359, 0x1a3a: 0x0f61, 0x1a3b: 0x0f71,
+	0x1a3c: 0x00d9, 0x1a3d: 0x0f99, 0x1a3e: 0x2039, 0x1a3f: 0x0269,
+	// Block 0x69, offset 0x1a40
+	0x1a40: 0x01d9, 0x1a41: 0x0fa9, 0x1a42: 0x0fb9, 0x1a43: 0x1089, 0x1a44: 0x0279, 0x1a45: 0x0369,
+	0x1a46: 0x0289, 0x1a47: 0x13d1, 0x1a48: 0x0039, 0x1a49: 0x0ee9, 0x1a4a: 0x1159, 0x1a4b: 0x0ef9,
+	0x1a4c: 0x0f09, 0x1a4d: 0x1199, 0x1a4e: 0x0f31, 0x1a4f: 0x0249, 0x1a50: 0x0f41, 0x1a51: 0x0259,
+	0x1a52: 0x0f51, 0x1a53: 0x0359, 0x1a54: 0x0f61, 0x1a55: 0x0f71, 0x1a56: 0x00d9, 0x1a57: 0x0f99,
+	0x1a58: 0x2039, 0x1a59: 0x0269, 0x1a5a: 0x01d9, 0x1a5b: 0x0fa9, 0x1a5c: 0x0fb9, 0x1a5d: 0x1089,
+	0x1a5e: 0x0279, 0x1a5f: 0x0369, 0x1a60: 0x0289, 0x1a61: 0x13d1, 0x1a62: 0x0039, 0x1a63: 0x0ee9,
+	0x1a64: 0x1159, 0x1a65: 0x0ef9, 0x1a66: 0x0f09, 0x1a67: 0x1199, 0x1a68: 0x0f31, 0x1a69: 0x0249,
+	0x1a6a: 0x0f41, 0x1a6b: 0x0259, 0x1a6c: 0x0f51, 0x1a6d: 0x0359, 0x1a6e: 0x0f61, 0x1a6f: 0x0f71,
+	0x1a70: 0x00d9, 0x1a71: 0x0f99, 0x1a72: 0x2039, 0x1a73: 0x0269, 0x1a74: 0x01d9, 0x1a75: 0x0fa9,
+	0x1a76: 0x0fb9, 0x1a77: 0x1089, 0x1a78: 0x0279, 0x1a79: 0x0369, 0x1a7a: 0x0289, 0x1a7b: 0x13d1,
+	0x1a7c: 0x0039, 0x1a7d: 0x0ee9, 0x1a7e: 0x1159, 0x1a7f: 0x0ef9,
+	// Block 0x6a, offset 0x1a80
+	0x1a80: 0x0f09, 0x1a81: 0x1199, 0x1a82: 0x0f31, 0x1a83: 0x0249, 0x1a84: 0x0f41, 0x1a85: 0x0259,
+	0x1a86: 0x0f51, 0x1a87: 0x0359, 0x1a88: 0x0f61, 0x1a89: 0x0f71, 0x1a8a: 0x00d9, 0x1a8b: 0x0f99,
+	0x1a8c: 0x2039, 0x1a8d: 0x0269, 0x1a8e: 0x01d9, 0x1a8f: 0x0fa9, 0x1a90: 0x0fb9, 0x1a91: 0x1089,
+	0x1a92: 0x0279, 0x1a93: 0x0369, 0x1a94: 0x0289, 0x1a95: 0x13d1, 0x1a96: 0x0039, 0x1a97: 0x0ee9,
+	0x1a98: 0x1159, 0x1a99: 0x0ef9, 0x1a9a: 0x0f09, 0x1a9b: 0x1199, 0x1a9c: 0x0f31, 0x1a9d: 0x0249,
+	0x1a9e: 0x0f41, 0x1a9f: 0x0259, 0x1aa0: 0x0f51, 0x1aa1: 0x0359, 0x1aa2: 0x0f61, 0x1aa3: 0x0f71,
+	0x1aa4: 0x00d9, 0x1aa5: 0x0f99, 0x1aa6: 0x2039, 0x1aa7: 0x0269, 0x1aa8: 0x01d9, 0x1aa9: 0x0fa9,
+	0x1aaa: 0x0fb9, 0x1aab: 0x1089, 0x1aac: 0x0279, 0x1aad: 0x0369, 0x1aae: 0x0289, 0x1aaf: 0x13d1,
+	0x1ab0: 0x0039, 0x1ab1: 0x0ee9, 0x1ab2: 0x1159, 0x1ab3: 0x0ef9, 0x1ab4: 0x0f09, 0x1ab5: 0x1199,
+	0x1ab6: 0x0f31, 0x1ab7: 0x0249, 0x1ab8: 0x0f41, 0x1ab9: 0x0259, 0x1aba: 0x0f51, 0x1abb: 0x0359,
+	0x1abc: 0x0f61, 0x1abd: 0x0f71, 0x1abe: 0x00d9, 0x1abf: 0x0f99,
+	// Block 0x6b, offset 0x1ac0
+	0x1ac0: 0x2039, 0x1ac1: 0x0269, 0x1ac2: 0x01d9, 0x1ac3: 0x0fa9, 0x1ac4: 0x0fb9, 0x1ac5: 0x1089,
+	0x1ac6: 0x0279, 0x1ac7: 0x0369, 0x1ac8: 0x0289, 0x1ac9: 0x13d1, 0x1aca: 0x0039, 0x1acb: 0x0ee9,
+	0x1acc: 0x1159, 0x1acd: 0x0ef9, 0x1ace: 0x0f09, 0x1acf: 0x1199, 0x1ad0: 0x0f31, 0x1ad1: 0x0249,
+	0x1ad2: 0x0f41, 0x1ad3: 0x0259, 0x1ad4: 0x0f51, 0x1ad5: 0x0359, 0x1ad6: 0x0f61, 0x1ad7: 0x0f71,
+	0x1ad8: 0x00d9, 0x1ad9: 0x0f99, 0x1ada: 0x2039, 0x1adb: 0x0269, 0x1adc: 0x01d9, 0x1add: 0x0fa9,
+	0x1ade: 0x0fb9, 0x1adf: 0x1089, 0x1ae0: 0x0279, 0x1ae1: 0x0369, 0x1ae2: 0x0289, 0x1ae3: 0x13d1,
+	0x1ae4: 0xba81, 0x1ae5: 0xba99, 0x1ae6: 0x0040, 0x1ae7: 0x0040, 0x1ae8: 0xbab1, 0x1ae9: 0x1099,
+	0x1aea: 0x10b1, 0x1aeb: 0x10c9, 0x1aec: 0xbac9, 0x1aed: 0xbae1, 0x1aee: 0xbaf9, 0x1aef: 0x1429,
+	0x1af0: 0x1a31, 0x1af1: 0xbb11, 0x1af2: 0xbb29, 0x1af3: 0xbb41, 0x1af4: 0xbb59, 0x1af5: 0xbb71,
+	0x1af6: 0xbb89, 0x1af7: 0x2109, 0x1af8: 0x1111, 0x1af9: 0x1429, 0x1afa: 0xbba1, 0x1afb: 0xbbb9,
+	0x1afc: 0xbbd1, 0x1afd: 0x10e1, 0x1afe: 0x10f9, 0x1aff: 0xbbe9,
+	// Block 0x6c, offset 0x1b00
+	0x1b00: 0x2079, 0x1b01: 0xbc01, 0x1b02: 0xbab1, 0x1b03: 0x1099, 0x1b04: 0x10b1, 0x1b05: 0x10c9,
+	0x1b06: 0xbac9, 0x1b07: 0xbae1, 0x1b08: 0xbaf9, 0x1b09: 0x1429, 0x1b0a: 0x1a31, 0x1b0b: 0xbb11,
+	0x1b0c: 0xbb29, 0x1b0d: 0xbb41, 0x1b0e: 0xbb59, 0x1b0f: 0xbb71, 0x1b10: 0xbb89, 0x1b11: 0x2109,
+	0x1b12: 0x1111, 0x1b13: 0xbba1, 0x1b14: 0xbba1, 0x1b15: 0xbbb9, 0x1b16: 0xbbd1, 0x1b17: 0x10e1,
+	0x1b18: 0x10f9, 0x1b19: 0xbbe9, 0x1b1a: 0x2079, 0x1b1b: 0xbc21, 0x1b1c: 0xbac9, 0x1b1d: 0x1429,
+	0x1b1e: 0xbb11, 0x1b1f: 0x10e1, 0x1b20: 0x1111, 0x1b21: 0x2109, 0x1b22: 0xbab1, 0x1b23: 0x1099,
+	0x1b24: 0x10b1, 0x1b25: 0x10c9, 0x1b26: 0xbac9, 0x1b27: 0xbae1, 0x1b28: 0xbaf9, 0x1b29: 0x1429,
+	0x1b2a: 0x1a31, 0x1b2b: 0xbb11, 0x1b2c: 0xbb29, 0x1b2d: 0xbb41, 0x1b2e: 0xbb59, 0x1b2f: 0xbb71,
+	0x1b30: 0xbb89, 0x1b31: 0x2109, 0x1b32: 0x1111, 0x1b33: 0x1429, 0x1b34: 0xbba1, 0x1b35: 0xbbb9,
+	0x1b36: 0xbbd1, 0x1b37: 0x10e1, 0x1b38: 0x10f9, 0x1b39: 0xbbe9, 0x1b3a: 0x2079, 0x1b3b: 0xbc01,
+	0x1b3c: 0xbab1, 0x1b3d: 0x1099, 0x1b3e: 0x10b1, 0x1b3f: 0x10c9,
+	// Block 0x6d, offset 0x1b40
+	0x1b40: 0xbac9, 0x1b41: 0xbae1, 0x1b42: 0xbaf9, 0x1b43: 0x1429, 0x1b44: 0x1a31, 0x1b45: 0xbb11,
+	0x1b46: 0xbb29, 0x1b47: 0xbb41, 0x1b48: 0xbb59, 0x1b49: 0xbb71, 0x1b4a: 0xbb89, 0x1b4b: 0x2109,
+	0x1b4c: 0x1111, 0x1b4d: 0xbba1, 0x1b4e: 0xbba1, 0x1b4f: 0xbbb9, 0x1b50: 0xbbd1, 0x1b51: 0x10e1,
+	0x1b52: 0x10f9, 0x1b53: 0xbbe9, 0x1b54: 0x2079, 0x1b55: 0xbc21, 0x1b56: 0xbac9, 0x1b57: 0x1429,
+	0x1b58: 0xbb11, 0x1b59: 0x10e1, 0x1b5a: 0x1111, 0x1b5b: 0x2109, 0x1b5c: 0xbab1, 0x1b5d: 0x1099,
+	0x1b5e: 0x10b1, 0x1b5f: 0x10c9, 0x1b60: 0xbac9, 0x1b61: 0xbae1, 0x1b62: 0xbaf9, 0x1b63: 0x1429,
+	0x1b64: 0x1a31, 0x1b65: 0xbb11, 0x1b66: 0xbb29, 0x1b67: 0xbb41, 0x1b68: 0xbb59, 0x1b69: 0xbb71,
+	0x1b6a: 0xbb89, 0x1b6b: 0x2109, 0x1b6c: 0x1111, 0x1b6d: 0x1429, 0x1b6e: 0xbba1, 0x1b6f: 0xbbb9,
+	0x1b70: 0xbbd1, 0x1b71: 0x10e1, 0x1b72: 0x10f9, 0x1b73: 0xbbe9, 0x1b74: 0x2079, 0x1b75: 0xbc01,
+	0x1b76: 0xbab1, 0x1b77: 0x1099, 0x1b78: 0x10b1, 0x1b79: 0x10c9, 0x1b7a: 0xbac9, 0x1b7b: 0xbae1,
+	0x1b7c: 0xbaf9, 0x1b7d: 0x1429, 0x1b7e: 0x1a31, 0x1b7f: 0xbb11,
+	// Block 0x6e, offset 0x1b80
+	0x1b80: 0xbb29, 0x1b81: 0xbb41, 0x1b82: 0xbb59, 0x1b83: 0xbb71, 0x1b84: 0xbb89, 0x1b85: 0x2109,
+	0x1b86: 0x1111, 0x1b87: 0xbba1, 0x1b88: 0xbba1, 0x1b89: 0xbbb9, 0x1b8a: 0xbbd1, 0x1b8b: 0x10e1,
+	0x1b8c: 0x10f9, 0x1b8d: 0xbbe9, 0x1b8e: 0x2079, 0x1b8f: 0xbc21, 0x1b90: 0xbac9, 0x1b91: 0x1429,
+	0x1b92: 0xbb11, 0x1b93: 0x10e1, 0x1b94: 0x1111, 0x1b95: 0x2109, 0x1b96: 0xbab1, 0x1b97: 0x1099,
+	0x1b98: 0x10b1, 0x1b99: 0x10c9, 0x1b9a: 0xbac9, 0x1b9b: 0xbae1, 0x1b9c: 0xbaf9, 0x1b9d: 0x1429,
+	0x1b9e: 0x1a31, 0x1b9f: 0xbb11, 0x1ba0: 0xbb29, 0x1ba1: 0xbb41, 0x1ba2: 0xbb59, 0x1ba3: 0xbb71,
+	0x1ba4: 0xbb89, 0x1ba5: 0x2109, 0x1ba6: 0x1111, 0x1ba7: 0x1429, 0x1ba8: 0xbba1, 0x1ba9: 0xbbb9,
+	0x1baa: 0xbbd1, 0x1bab: 0x10e1, 0x1bac: 0x10f9, 0x1bad: 0xbbe9, 0x1bae: 0x2079, 0x1baf: 0xbc01,
+	0x1bb0: 0xbab1, 0x1bb1: 0x1099, 0x1bb2: 0x10b1, 0x1bb3: 0x10c9, 0x1bb4: 0xbac9, 0x1bb5: 0xbae1,
+	0x1bb6: 0xbaf9, 0x1bb7: 0x1429, 0x1bb8: 0x1a31, 0x1bb9: 0xbb11, 0x1bba: 0xbb29, 0x1bbb: 0xbb41,
+	0x1bbc: 0xbb59, 0x1bbd: 0xbb71, 0x1bbe: 0xbb89, 0x1bbf: 0x2109,
+	// Block 0x6f, offset 0x1bc0
+	0x1bc0: 0x1111, 0x1bc1: 0xbba1, 0x1bc2: 0xbba1, 0x1bc3: 0xbbb9, 0x1bc4: 0xbbd1, 0x1bc5: 0x10e1,
+	0x1bc6: 0x10f9, 0x1bc7: 0xbbe9, 0x1bc8: 0x2079, 0x1bc9: 0xbc21, 0x1bca: 0xbac9, 0x1bcb: 0x1429,
+	0x1bcc: 0xbb11, 0x1bcd: 0x10e1, 0x1bce: 0x1111, 0x1bcf: 0x2109, 0x1bd0: 0xbab1, 0x1bd1: 0x1099,
+	0x1bd2: 0x10b1, 0x1bd3: 0x10c9, 0x1bd4: 0xbac9, 0x1bd5: 0xbae1, 0x1bd6: 0xbaf9, 0x1bd7: 0x1429,
+	0x1bd8: 0x1a31, 0x1bd9: 0xbb11, 0x1bda: 0xbb29, 0x1bdb: 0xbb41, 0x1bdc: 0xbb59, 0x1bdd: 0xbb71,
+	0x1bde: 0xbb89, 0x1bdf: 0x2109, 0x1be0: 0x1111, 0x1be1: 0x1429, 0x1be2: 0xbba1, 0x1be3: 0xbbb9,
+	0x1be4: 0xbbd1, 0x1be5: 0x10e1, 0x1be6: 0x10f9, 0x1be7: 0xbbe9, 0x1be8: 0x2079, 0x1be9: 0xbc01,
+	0x1bea: 0xbab1, 0x1beb: 0x1099, 0x1bec: 0x10b1, 0x1bed: 0x10c9, 0x1bee: 0xbac9, 0x1bef: 0xbae1,
+	0x1bf0: 0xbaf9, 0x1bf1: 0x1429, 0x1bf2: 0x1a31, 0x1bf3: 0xbb11, 0x1bf4: 0xbb29, 0x1bf5: 0xbb41,
+	0x1bf6: 0xbb59, 0x1bf7: 0xbb71, 0x1bf8: 0xbb89, 0x1bf9: 0x2109, 0x1bfa: 0x1111, 0x1bfb: 0xbba1,
+	0x1bfc: 0xbba1, 0x1bfd: 0xbbb9, 0x1bfe: 0xbbd1, 0x1bff: 0x10e1,
+	// Block 0x70, offset 0x1c00
+	0x1c00: 0x10f9, 0x1c01: 0xbbe9, 0x1c02: 0x2079, 0x1c03: 0xbc21, 0x1c04: 0xbac9, 0x1c05: 0x1429,
+	0x1c06: 0xbb11, 0x1c07: 0x10e1, 0x1c08: 0x1111, 0x1c09: 0x2109, 0x1c0a: 0xbc41, 0x1c0b: 0xbc41,
+	0x1c0c: 0x0040, 0x1c0d: 0x0040, 0x1c0e: 0x1f41, 0x1c0f: 0x00c9, 0x1c10: 0x0069, 0x1c11: 0x0079,
+	0x1c12: 0x1f51, 0x1c13: 0x1f61, 0x1c14: 0x1f71, 0x1c15: 0x1f81, 0x1c16: 0x1f91, 0x1c17: 0x1fa1,
+	0x1c18: 0x1f41, 0x1c19: 0x00c9, 0x1c1a: 0x0069, 0x1c1b: 0x0079, 0x1c1c: 0x1f51, 0x1c1d: 0x1f61,
+	0x1c1e: 0x1f71, 0x1c1f: 0x1f81, 0x1c20: 0x1f91, 0x1c21: 0x1fa1, 0x1c22: 0x1f41, 0x1c23: 0x00c9,
+	0x1c24: 0x0069, 0x1c25: 0x0079, 0x1c26: 0x1f51, 0x1c27: 0x1f61, 0x1c28: 0x1f71, 0x1c29: 0x1f81,
+	0x1c2a: 0x1f91, 0x1c2b: 0x1fa1, 0x1c2c: 0x1f41, 0x1c2d: 0x00c9, 0x1c2e: 0x0069, 0x1c2f: 0x0079,
+	0x1c30: 0x1f51, 0x1c31: 0x1f61, 0x1c32: 0x1f71, 0x1c33: 0x1f81, 0x1c34: 0x1f91, 0x1c35: 0x1fa1,
+	0x1c36: 0x1f41, 0x1c37: 0x00c9, 0x1c38: 0x0069, 0x1c39: 0x0079, 0x1c3a: 0x1f51, 0x1c3b: 0x1f61,
+	0x1c3c: 0x1f71, 0x1c3d: 0x1f81, 0x1c3e: 0x1f91, 0x1c3f: 0x1fa1,
+	// Block 0x71, offset 0x1c40
+	0x1c40: 0xe115, 0x1c41: 0xe115, 0x1c42: 0xe135, 0x1c43: 0xe135, 0x1c44: 0xe115, 0x1c45: 0xe115,
+	0x1c46: 0xe175, 0x1c47: 0xe175, 0x1c48: 0xe115, 0x1c49: 0xe115, 0x1c4a: 0xe135, 0x1c4b: 0xe135,
+	0x1c4c: 0xe115, 0x1c4d: 0xe115, 0x1c4e: 0xe1f5, 0x1c4f: 0xe1f5, 0x1c50: 0xe115, 0x1c51: 0xe115,
+	0x1c52: 0xe135, 0x1c53: 0xe135, 0x1c54: 0xe115, 0x1c55: 0xe115, 0x1c56: 0xe175, 0x1c57: 0xe175,
+	0x1c58: 0xe115, 0x1c59: 0xe115, 0x1c5a: 0xe135, 0x1c5b: 0xe135, 0x1c5c: 0xe115, 0x1c5d: 0xe115,
+	0x1c5e: 0x8b05, 0x1c5f: 0x8b05, 0x1c60: 0x04b5, 0x1c61: 0x04b5, 0x1c62: 0x0a08, 0x1c63: 0x0a08,
+	0x1c64: 0x0a08, 0x1c65: 0x0a08, 0x1c66: 0x0a08, 0x1c67: 0x0a08, 0x1c68: 0x0a08, 0x1c69: 0x0a08,
+	0x1c6a: 0x0a08, 0x1c6b: 0x0a08, 0x1c6c: 0x0a08, 0x1c6d: 0x0a08, 0x1c6e: 0x0a08, 0x1c6f: 0x0a08,
+	0x1c70: 0x0a08, 0x1c71: 0x0a08, 0x1c72: 0x0a08, 0x1c73: 0x0a08, 0x1c74: 0x0a08, 0x1c75: 0x0a08,
+	0x1c76: 0x0a08, 0x1c77: 0x0a08, 0x1c78: 0x0a08, 0x1c79: 0x0a08, 0x1c7a: 0x0a08, 0x1c7b: 0x0a08,
+	0x1c7c: 0x0a08, 0x1c7d: 0x0a08, 0x1c7e: 0x0a08, 0x1c7f: 0x0a08,
+	// Block 0x72, offset 0x1c80
+	0x1c80: 0xb189, 0x1c81: 0xb1a1, 0x1c82: 0xb201, 0x1c83: 0xb249, 0x1c84: 0x0040, 0x1c85: 0xb411,
+	0x1c86: 0xb291, 0x1c87: 0xb219, 0x1c88: 0xb309, 0x1c89: 0xb429, 0x1c8a: 0xb399, 0x1c8b: 0xb3b1,
+	0x1c8c: 0xb3c9, 0x1c8d: 0xb3e1, 0x1c8e: 0xb2a9, 0x1c8f: 0xb339, 0x1c90: 0xb369, 0x1c91: 0xb2d9,
+	0x1c92: 0xb381, 0x1c93: 0xb279, 0x1c94: 0xb2c1, 0x1c95: 0xb1d1, 0x1c96: 0xb1e9, 0x1c97: 0xb231,
+	0x1c98: 0xb261, 0x1c99: 0xb2f1, 0x1c9a: 0xb321, 0x1c9b: 0xb351, 0x1c9c: 0xbc59, 0x1c9d: 0x7949,
+	0x1c9e: 0xbc71, 0x1c9f: 0xbc89, 0x1ca0: 0x0040, 0x1ca1: 0xb1a1, 0x1ca2: 0xb201, 0x1ca3: 0x0040,
+	0x1ca4: 0xb3f9, 0x1ca5: 0x0040, 0x1ca6: 0x0040, 0x1ca7: 0xb219, 0x1ca8: 0x0040, 0x1ca9: 0xb429,
+	0x1caa: 0xb399, 0x1cab: 0xb3b1, 0x1cac: 0xb3c9, 0x1cad: 0xb3e1, 0x1cae: 0xb2a9, 0x1caf: 0xb339,
+	0x1cb0: 0xb369, 0x1cb1: 0xb2d9, 0x1cb2: 0xb381, 0x1cb3: 0x0040, 0x1cb4: 0xb2c1, 0x1cb5: 0xb1d1,
+	0x1cb6: 0xb1e9, 0x1cb7: 0xb231, 0x1cb8: 0x0040, 0x1cb9: 0xb2f1, 0x1cba: 0x0040, 0x1cbb: 0xb351,
+	0x1cbc: 0x0040, 0x1cbd: 0x0040, 0x1cbe: 0x0040, 0x1cbf: 0x0040,
+	// Block 0x73, offset 0x1cc0
+	0x1cc0: 0x0040, 0x1cc1: 0x0040, 0x1cc2: 0xb201, 0x1cc3: 0x0040, 0x1cc4: 0x0040, 0x1cc5: 0x0040,
+	0x1cc6: 0x0040, 0x1cc7: 0xb219, 0x1cc8: 0x0040, 0x1cc9: 0xb429, 0x1cca: 0x0040, 0x1ccb: 0xb3b1,
+	0x1ccc: 0x0040, 0x1ccd: 0xb3e1, 0x1cce: 0xb2a9, 0x1ccf: 0xb339, 0x1cd0: 0x0040, 0x1cd1: 0xb2d9,
+	0x1cd2: 0xb381, 0x1cd3: 0x0040, 0x1cd4: 0xb2c1, 0x1cd5: 0x0040, 0x1cd6: 0x0040, 0x1cd7: 0xb231,
+	0x1cd8: 0x0040, 0x1cd9: 0xb2f1, 0x1cda: 0x0040, 0x1cdb: 0xb351, 0x1cdc: 0x0040, 0x1cdd: 0x7949,
+	0x1cde: 0x0040, 0x1cdf: 0xbc89, 0x1ce0: 0x0040, 0x1ce1: 0xb1a1, 0x1ce2: 0xb201, 0x1ce3: 0x0040,
+	0x1ce4: 0xb3f9, 0x1ce5: 0x0040, 0x1ce6: 0x0040, 0x1ce7: 0xb219, 0x1ce8: 0xb309, 0x1ce9: 0xb429,
+	0x1cea: 0xb399, 0x1ceb: 0x0040, 0x1cec: 0xb3c9, 0x1ced: 0xb3e1, 0x1cee: 0xb2a9, 0x1cef: 0xb339,
+	0x1cf0: 0xb369, 0x1cf1: 0xb2d9, 0x1cf2: 0xb381, 0x1cf3: 0x0040, 0x1cf4: 0xb2c1, 0x1cf5: 0xb1d1,
+	0x1cf6: 0xb1e9, 0x1cf7: 0xb231, 0x1cf8: 0x0040, 0x1cf9: 0xb2f1, 0x1cfa: 0xb321, 0x1cfb: 0xb351,
+	0x1cfc: 0xbc59, 0x1cfd: 0x0040, 0x1cfe: 0xbc71, 0x1cff: 0x0040,
+	// Block 0x74, offset 0x1d00
+	0x1d00: 0xb189, 0x1d01: 0xb1a1, 0x1d02: 0xb201, 0x1d03: 0xb249, 0x1d04: 0xb3f9, 0x1d05: 0xb411,
+	0x1d06: 0xb291, 0x1d07: 0xb219, 0x1d08: 0xb309, 0x1d09: 0xb429, 0x1d0a: 0x0040, 0x1d0b: 0xb3b1,
+	0x1d0c: 0xb3c9, 0x1d0d: 0xb3e1, 0x1d0e: 0xb2a9, 0x1d0f: 0xb339, 0x1d10: 0xb369, 0x1d11: 0xb2d9,
+	0x1d12: 0xb381, 0x1d13: 0xb279, 0x1d14: 0xb2c1, 0x1d15: 0xb1d1, 0x1d16: 0xb1e9, 0x1d17: 0xb231,
+	0x1d18: 0xb261, 0x1d19: 0xb2f1, 0x1d1a: 0xb321, 0x1d1b: 0xb351, 0x1d1c: 0x0040, 0x1d1d: 0x0040,
+	0x1d1e: 0x0040, 0x1d1f: 0x0040, 0x1d20: 0x0040, 0x1d21: 0xb1a1, 0x1d22: 0xb201, 0x1d23: 0xb249,
+	0x1d24: 0x0040, 0x1d25: 0xb411, 0x1d26: 0xb291, 0x1d27: 0xb219, 0x1d28: 0xb309, 0x1d29: 0xb429,
+	0x1d2a: 0x0040, 0x1d2b: 0xb3b1, 0x1d2c: 0xb3c9, 0x1d2d: 0xb3e1, 0x1d2e: 0xb2a9, 0x1d2f: 0xb339,
+	0x1d30: 0xb369, 0x1d31: 0xb2d9, 0x1d32: 0xb381, 0x1d33: 0xb279, 0x1d34: 0xb2c1, 0x1d35: 0xb1d1,
+	0x1d36: 0xb1e9, 0x1d37: 0xb231, 0x1d38: 0xb261, 0x1d39: 0xb2f1, 0x1d3a: 0xb321, 0x1d3b: 0xb351,
+	0x1d3c: 0x0040, 0x1d3d: 0x0040, 0x1d3e: 0x0040, 0x1d3f: 0x0040,
+	// Block 0x75, offset 0x1d40
+	0x1d40: 0x0040, 0x1d41: 0xbca2, 0x1d42: 0xbcba, 0x1d43: 0xbcd2, 0x1d44: 0xbcea, 0x1d45: 0xbd02,
+	0x1d46: 0xbd1a, 0x1d47: 0xbd32, 0x1d48: 0xbd4a, 0x1d49: 0xbd62, 0x1d4a: 0xbd7a, 0x1d4b: 0x0018,
+	0x1d4c: 0x0018, 0x1d4d: 0x0040, 0x1d4e: 0x0040, 0x1d4f: 0x0040, 0x1d50: 0xbd92, 0x1d51: 0xbdb2,
+	0x1d52: 0xbdd2, 0x1d53: 0xbdf2, 0x1d54: 0xbe12, 0x1d55: 0xbe32, 0x1d56: 0xbe52, 0x1d57: 0xbe72,
+	0x1d58: 0xbe92, 0x1d59: 0xbeb2, 0x1d5a: 0xbed2, 0x1d5b: 0xbef2, 0x1d5c: 0xbf12, 0x1d5d: 0xbf32,
+	0x1d5e: 0xbf52, 0x1d5f: 0xbf72, 0x1d60: 0xbf92, 0x1d61: 0xbfb2, 0x1d62: 0xbfd2, 0x1d63: 0xbff2,
+	0x1d64: 0xc012, 0x1d65: 0xc032, 0x1d66: 0xc052, 0x1d67: 0xc072, 0x1d68: 0xc092, 0x1d69: 0xc0b2,
+	0x1d6a: 0xc0d1, 0x1d6b: 0x1159, 0x1d6c: 0x0269, 0x1d6d: 0x6671, 0x1d6e: 0xc111, 0x1d6f: 0x0040,
+	0x1d70: 0x0039, 0x1d71: 0x0ee9, 0x1d72: 0x1159, 0x1d73: 0x0ef9, 0x1d74: 0x0f09, 0x1d75: 0x1199,
+	0x1d76: 0x0f31, 0x1d77: 0x0249, 0x1d78: 0x0f41, 0x1d79: 0x0259, 0x1d7a: 0x0f51, 0x1d7b: 0x0359,
+	0x1d7c: 0x0f61, 0x1d7d: 0x0f71, 0x1d7e: 0x00d9, 0x1d7f: 0x0f99,
+	// Block 0x76, offset 0x1d80
+	0x1d80: 0x2039, 0x1d81: 0x0269, 0x1d82: 0x01d9, 0x1d83: 0x0fa9, 0x1d84: 0x0fb9, 0x1d85: 0x1089,
+	0x1d86: 0x0279, 0x1d87: 0x0369, 0x1d88: 0x0289, 0x1d89: 0x13d1, 0x1d8a: 0xc129, 0x1d8b: 0x65b1,
+	0x1d8c: 0xc141, 0x1d8d: 0x1441, 0x1d8e: 0xc159, 0x1d8f: 0xc179, 0x1d90: 0x0018, 0x1d91: 0x0018,
+	0x1d92: 0x0018, 0x1d93: 0x0018, 0x1d94: 0x0018, 0x1d95: 0x0018, 0x1d96: 0x0018, 0x1d97: 0x0018,
+	0x1d98: 0x0018, 0x1d99: 0x0018, 0x1d9a: 0x0018, 0x1d9b: 0x0018, 0x1d9c: 0x0018, 0x1d9d: 0x0018,
+	0x1d9e: 0x0018, 0x1d9f: 0x0018, 0x1da0: 0x0018, 0x1da1: 0x0018, 0x1da2: 0x0018, 0x1da3: 0x0018,
+	0x1da4: 0x0018, 0x1da5: 0x0018, 0x1da6: 0x0018, 0x1da7: 0x0018, 0x1da8: 0x0018, 0x1da9: 0x0018,
+	0x1daa: 0xc191, 0x1dab: 0xc1a9, 0x1dac: 0x0040, 0x1dad: 0x0040, 0x1dae: 0x0040, 0x1daf: 0x0040,
+	0x1db0: 0x0018, 0x1db1: 0x0018, 0x1db2: 0x0018, 0x1db3: 0x0018, 0x1db4: 0x0018, 0x1db5: 0x0018,
+	0x1db6: 0x0018, 0x1db7: 0x0018, 0x1db8: 0x0018, 0x1db9: 0x0018, 0x1dba: 0x0018, 0x1dbb: 0x0018,
+	0x1dbc: 0x0018, 0x1dbd: 0x0018, 0x1dbe: 0x0018, 0x1dbf: 0x0018,
+	// Block 0x77, offset 0x1dc0
+	0x1dc0: 0xc1d9, 0x1dc1: 0xc211, 0x1dc2: 0xc249, 0x1dc3: 0x0040, 0x1dc4: 0x0040, 0x1dc5: 0x0040,
+	0x1dc6: 0x0040, 0x1dc7: 0x0040, 0x1dc8: 0x0040, 0x1dc9: 0x0040, 0x1dca: 0x0040, 0x1dcb: 0x0040,
+	0x1dcc: 0x0040, 0x1dcd: 0x0040, 0x1dce: 0x0040, 0x1dcf: 0x0040, 0x1dd0: 0xc269, 0x1dd1: 0xc289,
+	0x1dd2: 0xc2a9, 0x1dd3: 0xc2c9, 0x1dd4: 0xc2e9, 0x1dd5: 0xc309, 0x1dd6: 0xc329, 0x1dd7: 0xc349,
+	0x1dd8: 0xc369, 0x1dd9: 0xc389, 0x1dda: 0xc3a9, 0x1ddb: 0xc3c9, 0x1ddc: 0xc3e9, 0x1ddd: 0xc409,
+	0x1dde: 0xc429, 0x1ddf: 0xc449, 0x1de0: 0xc469, 0x1de1: 0xc489, 0x1de2: 0xc4a9, 0x1de3: 0xc4c9,
+	0x1de4: 0xc4e9, 0x1de5: 0xc509, 0x1de6: 0xc529, 0x1de7: 0xc549, 0x1de8: 0xc569, 0x1de9: 0xc589,
+	0x1dea: 0xc5a9, 0x1deb: 0xc5c9, 0x1dec: 0xc5e9, 0x1ded: 0xc609, 0x1dee: 0xc629, 0x1def: 0xc649,
+	0x1df0: 0xc669, 0x1df1: 0xc689, 0x1df2: 0xc6a9, 0x1df3: 0xc6c9, 0x1df4: 0xc6e9, 0x1df5: 0xc709,
+	0x1df6: 0xc729, 0x1df7: 0xc749, 0x1df8: 0xc769, 0x1df9: 0xc789, 0x1dfa: 0xc7a9, 0x1dfb: 0xc7c9,
+	0x1dfc: 0x0040, 0x1dfd: 0x0040, 0x1dfe: 0x0040, 0x1dff: 0x0040,
+	// Block 0x78, offset 0x1e00
+	0x1e00: 0xcaf9, 0x1e01: 0xcb19, 0x1e02: 0xcb39, 0x1e03: 0x8b1d, 0x1e04: 0xcb59, 0x1e05: 0xcb79,
+	0x1e06: 0xcb99, 0x1e07: 0xcbb9, 0x1e08: 0xcbd9, 0x1e09: 0xcbf9, 0x1e0a: 0xcc19, 0x1e0b: 0xcc39,
+	0x1e0c: 0xcc59, 0x1e0d: 0x8b3d, 0x1e0e: 0xcc79, 0x1e0f: 0xcc99, 0x1e10: 0xccb9, 0x1e11: 0xccd9,
+	0x1e12: 0x8b5d, 0x1e13: 0xccf9, 0x1e14: 0xcd19, 0x1e15: 0xc429, 0x1e16: 0x8b7d, 0x1e17: 0xcd39,
+	0x1e18: 0xcd59, 0x1e19: 0xcd79, 0x1e1a: 0xcd99, 0x1e1b: 0xcdb9, 0x1e1c: 0x8b9d, 0x1e1d: 0xcdd9,
+	0x1e1e: 0xcdf9, 0x1e1f: 0xce19, 0x1e20: 0xce39, 0x1e21: 0xce59, 0x1e22: 0xc789, 0x1e23: 0xce79,
+	0x1e24: 0xce99, 0x1e25: 0xceb9, 0x1e26: 0xced9, 0x1e27: 0xcef9, 0x1e28: 0xcf19, 0x1e29: 0xcf39,
+	0x1e2a: 0xcf59, 0x1e2b: 0xcf79, 0x1e2c: 0xcf99, 0x1e2d: 0xcfb9, 0x1e2e: 0xcfd9, 0x1e2f: 0xcff9,
+	0x1e30: 0xd019, 0x1e31: 0xd039, 0x1e32: 0xd039, 0x1e33: 0xd039, 0x1e34: 0x8bbd, 0x1e35: 0xd059,
+	0x1e36: 0xd079, 0x1e37: 0xd099, 0x1e38: 0x8bdd, 0x1e39: 0xd0b9, 0x1e3a: 0xd0d9, 0x1e3b: 0xd0f9,
+	0x1e3c: 0xd119, 0x1e3d: 0xd139, 0x1e3e: 0xd159, 0x1e3f: 0xd179,
+	// Block 0x79, offset 0x1e40
+	0x1e40: 0xd199, 0x1e41: 0xd1b9, 0x1e42: 0xd1d9, 0x1e43: 0xd1f9, 0x1e44: 0xd219, 0x1e45: 0xd239,
+	0x1e46: 0xd239, 0x1e47: 0xd259, 0x1e48: 0xd279, 0x1e49: 0xd299, 0x1e4a: 0xd2b9, 0x1e4b: 0xd2d9,
+	0x1e4c: 0xd2f9, 0x1e4d: 0xd319, 0x1e4e: 0xd339, 0x1e4f: 0xd359, 0x1e50: 0xd379, 0x1e51: 0xd399,
+	0x1e52: 0xd3b9, 0x1e53: 0xd3d9, 0x1e54: 0xd3f9, 0x1e55: 0xd419, 0x1e56: 0xd439, 0x1e57: 0xd459,
+	0x1e58: 0xd479, 0x1e59: 0x8bfd, 0x1e5a: 0xd499, 0x1e5b: 0xd4b9, 0x1e5c: 0xd4d9, 0x1e5d: 0xc309,
+	0x1e5e: 0xd4f9, 0x1e5f: 0xd519, 0x1e60: 0x8c1d, 0x1e61: 0x8c3d, 0x1e62: 0xd539, 0x1e63: 0xd559,
+	0x1e64: 0xd579, 0x1e65: 0xd599, 0x1e66: 0xd5b9, 0x1e67: 0xd5d9, 0x1e68: 0x2040, 0x1e69: 0xd5f9,
+	0x1e6a: 0xd619, 0x1e6b: 0xd619, 0x1e6c: 0x8c5d, 0x1e6d: 0xd639, 0x1e6e: 0xd659, 0x1e6f: 0xd679,
+	0x1e70: 0xd699, 0x1e71: 0x8c7d, 0x1e72: 0xd6b9, 0x1e73: 0xd6d9, 0x1e74: 0x2040, 0x1e75: 0xd6f9,
+	0x1e76: 0xd719, 0x1e77: 0xd739, 0x1e78: 0xd759, 0x1e79: 0xd779, 0x1e7a: 0xd799, 0x1e7b: 0x8c9d,
+	0x1e7c: 0xd7b9, 0x1e7d: 0x8cbd, 0x1e7e: 0xd7d9, 0x1e7f: 0xd7f9,
+	// Block 0x7a, offset 0x1e80
+	0x1e80: 0xd819, 0x1e81: 0xd839, 0x1e82: 0xd859, 0x1e83: 0xd879, 0x1e84: 0xd899, 0x1e85: 0xd8b9,
+	0x1e86: 0xd8d9, 0x1e87: 0xd8f9, 0x1e88: 0xd919, 0x1e89: 0x8cdd, 0x1e8a: 0xd939, 0x1e8b: 0xd959,
+	0x1e8c: 0xd979, 0x1e8d: 0xd999, 0x1e8e: 0xd9b9, 0x1e8f: 0x8cfd, 0x1e90: 0xd9d9, 0x1e91: 0x8d1d,
+	0x1e92: 0x8d3d, 0x1e93: 0xd9f9, 0x1e94: 0xda19, 0x1e95: 0xda19, 0x1e96: 0xda39, 0x1e97: 0x8d5d,
+	0x1e98: 0x8d7d, 0x1e99: 0xda59, 0x1e9a: 0xda79, 0x1e9b: 0xda99, 0x1e9c: 0xdab9, 0x1e9d: 0xdad9,
+	0x1e9e: 0xdaf9, 0x1e9f: 0xdb19, 0x1ea0: 0xdb39, 0x1ea1: 0xdb59, 0x1ea2: 0xdb79, 0x1ea3: 0xdb99,
+	0x1ea4: 0x8d9d, 0x1ea5: 0xdbb9, 0x1ea6: 0xdbd9, 0x1ea7: 0xdbf9, 0x1ea8: 0xdc19, 0x1ea9: 0xdbf9,
+	0x1eaa: 0xdc39, 0x1eab: 0xdc59, 0x1eac: 0xdc79, 0x1ead: 0xdc99, 0x1eae: 0xdcb9, 0x1eaf: 0xdcd9,
+	0x1eb0: 0xdcf9, 0x1eb1: 0xdd19, 0x1eb2: 0xdd39, 0x1eb3: 0xdd59, 0x1eb4: 0xdd79, 0x1eb5: 0xdd99,
+	0x1eb6: 0xddb9, 0x1eb7: 0xddd9, 0x1eb8: 0x8dbd, 0x1eb9: 0xddf9, 0x1eba: 0xde19, 0x1ebb: 0xde39,
+	0x1ebc: 0xde59, 0x1ebd: 0xde79, 0x1ebe: 0x8ddd, 0x1ebf: 0xde99,
+	// Block 0x7b, offset 0x1ec0
+	0x1ec0: 0xe599, 0x1ec1: 0xe5b9, 0x1ec2: 0xe5d9, 0x1ec3: 0xe5f9, 0x1ec4: 0xe619, 0x1ec5: 0xe639,
+	0x1ec6: 0x8efd, 0x1ec7: 0xe659, 0x1ec8: 0xe679, 0x1ec9: 0xe699, 0x1eca: 0xe6b9, 0x1ecb: 0xe6d9,
+	0x1ecc: 0xe6f9, 0x1ecd: 0x8f1d, 0x1ece: 0xe719, 0x1ecf: 0xe739, 0x1ed0: 0x8f3d, 0x1ed1: 0x8f5d,
+	0x1ed2: 0xe759, 0x1ed3: 0xe779, 0x1ed4: 0xe799, 0x1ed5: 0xe7b9, 0x1ed6: 0xe7d9, 0x1ed7: 0xe7f9,
+	0x1ed8: 0xe819, 0x1ed9: 0xe839, 0x1eda: 0xe859, 0x1edb: 0x8f7d, 0x1edc: 0xe879, 0x1edd: 0x8f9d,
+	0x1ede: 0xe899, 0x1edf: 0x2040, 0x1ee0: 0xe8b9, 0x1ee1: 0xe8d9, 0x1ee2: 0xe8f9, 0x1ee3: 0x8fbd,
+	0x1ee4: 0xe919, 0x1ee5: 0xe939, 0x1ee6: 0x8fdd, 0x1ee7: 0x8ffd, 0x1ee8: 0xe959, 0x1ee9: 0xe979,
+	0x1eea: 0xe999, 0x1eeb: 0xe9b9, 0x1eec: 0xe9d9, 0x1eed: 0xe9d9, 0x1eee: 0xe9f9, 0x1eef: 0xea19,
+	0x1ef0: 0xea39, 0x1ef1: 0xea59, 0x1ef2: 0xea79, 0x1ef3: 0xea99, 0x1ef4: 0xeab9, 0x1ef5: 0x901d,
+	0x1ef6: 0xead9, 0x1ef7: 0x903d, 0x1ef8: 0xeaf9, 0x1ef9: 0x905d, 0x1efa: 0xeb19, 0x1efb: 0x907d,
+	0x1efc: 0x909d, 0x1efd: 0x90bd, 0x1efe: 0xeb39, 0x1eff: 0xeb59,
+	// Block 0x7c, offset 0x1f00
+	0x1f00: 0xeb79, 0x1f01: 0x90dd, 0x1f02: 0x90fd, 0x1f03: 0x911d, 0x1f04: 0x913d, 0x1f05: 0xeb99,
+	0x1f06: 0xebb9, 0x1f07: 0xebb9, 0x1f08: 0xebd9, 0x1f09: 0xebf9, 0x1f0a: 0xec19, 0x1f0b: 0xec39,
+	0x1f0c: 0xec59, 0x1f0d: 0x915d, 0x1f0e: 0xec79, 0x1f0f: 0xec99, 0x1f10: 0xecb9, 0x1f11: 0xecd9,
+	0x1f12: 0x917d, 0x1f13: 0xecf9, 0x1f14: 0x919d, 0x1f15: 0x91bd, 0x1f16: 0xed19, 0x1f17: 0xed39,
+	0x1f18: 0xed59, 0x1f19: 0xed79, 0x1f1a: 0xed99, 0x1f1b: 0xedb9, 0x1f1c: 0x91dd, 0x1f1d: 0x91fd,
+	0x1f1e: 0x921d, 0x1f1f: 0x2040, 0x1f20: 0xedd9, 0x1f21: 0x923d, 0x1f22: 0xedf9, 0x1f23: 0xee19,
+	0x1f24: 0xee39, 0x1f25: 0x925d, 0x1f26: 0xee59, 0x1f27: 0xee79, 0x1f28: 0xee99, 0x1f29: 0xeeb9,
+	0x1f2a: 0xeed9, 0x1f2b: 0x927d, 0x1f2c: 0xeef9, 0x1f2d: 0xef19, 0x1f2e: 0xef39, 0x1f2f: 0xef59,
+	0x1f30: 0xef79, 0x1f31: 0xef99, 0x1f32: 0x929d, 0x1f33: 0x92bd, 0x1f34: 0xefb9, 0x1f35: 0x92dd,
+	0x1f36: 0xefd9, 0x1f37: 0x92fd, 0x1f38: 0xeff9, 0x1f39: 0xf019, 0x1f3a: 0xf039, 0x1f3b: 0x931d,
+	0x1f3c: 0x933d, 0x1f3d: 0xf059, 0x1f3e: 0x935d, 0x1f3f: 0xf079,
+	// Block 0x7d, offset 0x1f40
+	0x1f40: 0xf6b9, 0x1f41: 0xf6d9, 0x1f42: 0xf6f9, 0x1f43: 0xf719, 0x1f44: 0xf739, 0x1f45: 0x951d,
+	0x1f46: 0xf759, 0x1f47: 0xf779, 0x1f48: 0xf799, 0x1f49: 0xf7b9, 0x1f4a: 0xf7d9, 0x1f4b: 0x953d,
+	0x1f4c: 0x955d, 0x1f4d: 0xf7f9, 0x1f4e: 0xf819, 0x1f4f: 0xf839, 0x1f50: 0xf859, 0x1f51: 0xf879,
+	0x1f52: 0xf899, 0x1f53: 0x957d, 0x1f54: 0xf8b9, 0x1f55: 0xf8d9, 0x1f56: 0xf8f9, 0x1f57: 0xf919,
+	0x1f58: 0x959d, 0x1f59: 0x95bd, 0x1f5a: 0xf939, 0x1f5b: 0xf959, 0x1f5c: 0xf979, 0x1f5d: 0x95dd,
+	0x1f5e: 0xf999, 0x1f5f: 0xf9b9, 0x1f60: 0x6815, 0x1f61: 0x95fd, 0x1f62: 0xf9d9, 0x1f63: 0xf9f9,
+	0x1f64: 0xfa19, 0x1f65: 0x961d, 0x1f66: 0xfa39, 0x1f67: 0xfa59, 0x1f68: 0xfa79, 0x1f69: 0xfa99,
+	0x1f6a: 0xfab9, 0x1f6b: 0xfad9, 0x1f6c: 0xfaf9, 0x1f6d: 0x963d, 0x1f6e: 0xfb19, 0x1f6f: 0xfb39,
+	0x1f70: 0xfb59, 0x1f71: 0x965d, 0x1f72: 0xfb79, 0x1f73: 0xfb99, 0x1f74: 0xfbb9, 0x1f75: 0xfbd9,
+	0x1f76: 0x7b35, 0x1f77: 0x967d, 0x1f78: 0xfbf9, 0x1f79: 0xfc19, 0x1f7a: 0xfc39, 0x1f7b: 0x969d,
+	0x1f7c: 0xfc59, 0x1f7d: 0x96bd, 0x1f7e: 0xfc79, 0x1f7f: 0xfc79,
+	// Block 0x7e, offset 0x1f80
+	0x1f80: 0xfc99, 0x1f81: 0x96dd, 0x1f82: 0xfcb9, 0x1f83: 0xfcd9, 0x1f84: 0xfcf9, 0x1f85: 0xfd19,
+	0x1f86: 0xfd39, 0x1f87: 0xfd59, 0x1f88: 0xfd79, 0x1f89: 0x96fd, 0x1f8a: 0xfd99, 0x1f8b: 0xfdb9,
+	0x1f8c: 0xfdd9, 0x1f8d: 0xfdf9, 0x1f8e: 0xfe19, 0x1f8f: 0xfe39, 0x1f90: 0x971d, 0x1f91: 0xfe59,
+	0x1f92: 0x973d, 0x1f93: 0x975d, 0x1f94: 0x977d, 0x1f95: 0xfe79, 0x1f96: 0xfe99, 0x1f97: 0xfeb9,
+	0x1f98: 0xfed9, 0x1f99: 0xfef9, 0x1f9a: 0xff19, 0x1f9b: 0xff39, 0x1f9c: 0xff59, 0x1f9d: 0x979d,
+	0x1f9e: 0x0040, 0x1f9f: 0x0040, 0x1fa0: 0x0040, 0x1fa1: 0x0040, 0x1fa2: 0x0040, 0x1fa3: 0x0040,
+	0x1fa4: 0x0040, 0x1fa5: 0x0040, 0x1fa6: 0x0040, 0x1fa7: 0x0040, 0x1fa8: 0x0040, 0x1fa9: 0x0040,
+	0x1faa: 0x0040, 0x1fab: 0x0040, 0x1fac: 0x0040, 0x1fad: 0x0040, 0x1fae: 0x0040, 0x1faf: 0x0040,
+	0x1fb0: 0x0040, 0x1fb1: 0x0040, 0x1fb2: 0x0040, 0x1fb3: 0x0040, 0x1fb4: 0x0040, 0x1fb5: 0x0040,
+	0x1fb6: 0x0040, 0x1fb7: 0x0040, 0x1fb8: 0x0040, 0x1fb9: 0x0040, 0x1fba: 0x0040, 0x1fbb: 0x0040,
+	0x1fbc: 0x0040, 0x1fbd: 0x0040, 0x1fbe: 0x0040, 0x1fbf: 0x0040,
+}
+
+// idnaIndex: 36 blocks, 2304 entries, 4608 bytes
+// Block 0 is the zero block.
+var idnaIndex = [2304]uint16{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x01, 0xc3: 0x7d, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x04, 0xc7: 0x05,
+	0xc8: 0x06, 0xc9: 0x7e, 0xca: 0x7f, 0xcb: 0x07, 0xcc: 0x80, 0xcd: 0x08, 0xce: 0x09, 0xcf: 0x0a,
+	0xd0: 0x81, 0xd1: 0x0b, 0xd2: 0x0c, 0xd3: 0x0d, 0xd4: 0x0e, 0xd5: 0x82, 0xd6: 0x83, 0xd7: 0x84,
+	0xd8: 0x0f, 0xd9: 0x10, 0xda: 0x85, 0xdb: 0x11, 0xdc: 0x12, 0xdd: 0x86, 0xde: 0x87, 0xdf: 0x88,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06, 0xe5: 0x07, 0xe6: 0x07, 0xe7: 0x07,
+	0xe8: 0x07, 0xe9: 0x08, 0xea: 0x09, 0xeb: 0x07, 0xec: 0x07, 0xed: 0x0a, 0xee: 0x0b, 0xef: 0x0c,
+	0xf0: 0x1d, 0xf1: 0x1e, 0xf2: 0x1e, 0xf3: 0x20, 0xf4: 0x21,
+	// Block 0x4, offset 0x100
+	0x120: 0x89, 0x121: 0x13, 0x122: 0x8a, 0x123: 0x8b, 0x124: 0x8c, 0x125: 0x14, 0x126: 0x15, 0x127: 0x16,
+	0x128: 0x17, 0x129: 0x18, 0x12a: 0x19, 0x12b: 0x1a, 0x12c: 0x1b, 0x12d: 0x1c, 0x12e: 0x1d, 0x12f: 0x8d,
+	0x130: 0x8e, 0x131: 0x1e, 0x132: 0x1f, 0x133: 0x20, 0x134: 0x8f, 0x135: 0x21, 0x136: 0x90, 0x137: 0x91,
+	0x138: 0x92, 0x139: 0x93, 0x13a: 0x22, 0x13b: 0x94, 0x13c: 0x95, 0x13d: 0x23, 0x13e: 0x24, 0x13f: 0x96,
+	// Block 0x5, offset 0x140
+	0x140: 0x97, 0x141: 0x98, 0x142: 0x99, 0x143: 0x9a, 0x144: 0x9b, 0x145: 0x9c, 0x146: 0x9d, 0x147: 0x9e,
+	0x148: 0x9f, 0x149: 0xa0, 0x14a: 0xa1, 0x14b: 0xa2, 0x14c: 0xa3, 0x14d: 0xa4, 0x14e: 0xa5, 0x14f: 0xa6,
+	0x150: 0xa7, 0x151: 0x9f, 0x152: 0x9f, 0x153: 0x9f, 0x154: 0x9f, 0x155: 0x9f, 0x156: 0x9f, 0x157: 0x9f,
+	0x158: 0x9f, 0x159: 0xa8, 0x15a: 0xa9, 0x15b: 0xaa, 0x15c: 0xab, 0x15d: 0xac, 0x15e: 0xad, 0x15f: 0xae,
+	0x160: 0xaf, 0x161: 0xb0, 0x162: 0xb1, 0x163: 0xb2, 0x164: 0xb3, 0x165: 0xb4, 0x166: 0xb5, 0x167: 0xb6,
+	0x168: 0xb7, 0x169: 0xb8, 0x16a: 0xb9, 0x16b: 0xba, 0x16c: 0xbb, 0x16d: 0xbc, 0x16e: 0xbd, 0x16f: 0xbe,
+	0x170: 0xbf, 0x171: 0xc0, 0x172: 0xc1, 0x173: 0xc2, 0x174: 0x25, 0x175: 0x26, 0x176: 0x27, 0x177: 0xc3,
+	0x178: 0x28, 0x179: 0x28, 0x17a: 0x29, 0x17b: 0x28, 0x17c: 0xc4, 0x17d: 0x2a, 0x17e: 0x2b, 0x17f: 0x2c,
+	// Block 0x6, offset 0x180
+	0x180: 0x2d, 0x181: 0x2e, 0x182: 0x2f, 0x183: 0xc5, 0x184: 0x30, 0x185: 0x31, 0x186: 0xc6, 0x187: 0x9b,
+	0x188: 0xc7, 0x189: 0xc8, 0x18a: 0x9b, 0x18b: 0x9b, 0x18c: 0xc9, 0x18d: 0x9b, 0x18e: 0x9b, 0x18f: 0x9b,
+	0x190: 0xca, 0x191: 0x32, 0x192: 0x33, 0x193: 0x34, 0x194: 0x9b, 0x195: 0x9b, 0x196: 0x9b, 0x197: 0x9b,
+	0x198: 0x9b, 0x199: 0x9b, 0x19a: 0x9b, 0x19b: 0x9b, 0x19c: 0x9b, 0x19d: 0x9b, 0x19e: 0x9b, 0x19f: 0x9b,
+	0x1a0: 0x9b, 0x1a1: 0x9b, 0x1a2: 0x9b, 0x1a3: 0x9b, 0x1a4: 0x9b, 0x1a5: 0x9b, 0x1a6: 0x9b, 0x1a7: 0x9b,
+	0x1a8: 0xcb, 0x1a9: 0xcc, 0x1aa: 0x9b, 0x1ab: 0xcd, 0x1ac: 0x9b, 0x1ad: 0xce, 0x1ae: 0xcf, 0x1af: 0xd0,
+	0x1b0: 0xd1, 0x1b1: 0x35, 0x1b2: 0x28, 0x1b3: 0x36, 0x1b4: 0xd2, 0x1b5: 0xd3, 0x1b6: 0xd4, 0x1b7: 0xd5,
+	0x1b8: 0xd6, 0x1b9: 0xd7, 0x1ba: 0xd8, 0x1bb: 0xd9, 0x1bc: 0xda, 0x1bd: 0xdb, 0x1be: 0xdc, 0x1bf: 0x37,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x38, 0x1c1: 0xdd, 0x1c2: 0xde, 0x1c3: 0xdf, 0x1c4: 0xe0, 0x1c5: 0x39, 0x1c6: 0x3a, 0x1c7: 0xe1,
+	0x1c8: 0xe2, 0x1c9: 0x3b, 0x1ca: 0x3c, 0x1cb: 0x3d, 0x1cc: 0x3e, 0x1cd: 0x3f, 0x1ce: 0x40, 0x1cf: 0x41,
+	0x1d0: 0x9f, 0x1d1: 0x9f, 0x1d2: 0x9f, 0x1d3: 0x9f, 0x1d4: 0x9f, 0x1d5: 0x9f, 0x1d6: 0x9f, 0x1d7: 0x9f,
+	0x1d8: 0x9f, 0x1d9: 0x9f, 0x1da: 0x9f, 0x1db: 0x9f, 0x1dc: 0x9f, 0x1dd: 0x9f, 0x1de: 0x9f, 0x1df: 0x9f,
+	0x1e0: 0x9f, 0x1e1: 0x9f, 0x1e2: 0x9f, 0x1e3: 0x9f, 0x1e4: 0x9f, 0x1e5: 0x9f, 0x1e6: 0x9f, 0x1e7: 0x9f,
+	0x1e8: 0x9f, 0x1e9: 0x9f, 0x1ea: 0x9f, 0x1eb: 0x9f, 0x1ec: 0x9f, 0x1ed: 0x9f, 0x1ee: 0x9f, 0x1ef: 0x9f,
+	0x1f0: 0x9f, 0x1f1: 0x9f, 0x1f2: 0x9f, 0x1f3: 0x9f, 0x1f4: 0x9f, 0x1f5: 0x9f, 0x1f6: 0x9f, 0x1f7: 0x9f,
+	0x1f8: 0x9f, 0x1f9: 0x9f, 0x1fa: 0x9f, 0x1fb: 0x9f, 0x1fc: 0x9f, 0x1fd: 0x9f, 0x1fe: 0x9f, 0x1ff: 0x9f,
+	// Block 0x8, offset 0x200
+	0x200: 0x9f, 0x201: 0x9f, 0x202: 0x9f, 0x203: 0x9f, 0x204: 0x9f, 0x205: 0x9f, 0x206: 0x9f, 0x207: 0x9f,
+	0x208: 0x9f, 0x209: 0x9f, 0x20a: 0x9f, 0x20b: 0x9f, 0x20c: 0x9f, 0x20d: 0x9f, 0x20e: 0x9f, 0x20f: 0x9f,
+	0x210: 0x9f, 0x211: 0x9f, 0x212: 0x9f, 0x213: 0x9f, 0x214: 0x9f, 0x215: 0x9f, 0x216: 0x9f, 0x217: 0x9f,
+	0x218: 0x9f, 0x219: 0x9f, 0x21a: 0x9f, 0x21b: 0x9f, 0x21c: 0x9f, 0x21d: 0x9f, 0x21e: 0x9f, 0x21f: 0x9f,
+	0x220: 0x9f, 0x221: 0x9f, 0x222: 0x9f, 0x223: 0x9f, 0x224: 0x9f, 0x225: 0x9f, 0x226: 0x9f, 0x227: 0x9f,
+	0x228: 0x9f, 0x229: 0x9f, 0x22a: 0x9f, 0x22b: 0x9f, 0x22c: 0x9f, 0x22d: 0x9f, 0x22e: 0x9f, 0x22f: 0x9f,
+	0x230: 0x9f, 0x231: 0x9f, 0x232: 0x9f, 0x233: 0x9f, 0x234: 0x9f, 0x235: 0x9f, 0x236: 0xb2, 0x237: 0x9b,
+	0x238: 0x9f, 0x239: 0x9f, 0x23a: 0x9f, 0x23b: 0x9f, 0x23c: 0x9f, 0x23d: 0x9f, 0x23e: 0x9f, 0x23f: 0x9f,
+	// Block 0x9, offset 0x240
+	0x240: 0x9f, 0x241: 0x9f, 0x242: 0x9f, 0x243: 0x9f, 0x244: 0x9f, 0x245: 0x9f, 0x246: 0x9f, 0x247: 0x9f,
+	0x248: 0x9f, 0x249: 0x9f, 0x24a: 0x9f, 0x24b: 0x9f, 0x24c: 0x9f, 0x24d: 0x9f, 0x24e: 0x9f, 0x24f: 0x9f,
+	0x250: 0x9f, 0x251: 0x9f, 0x252: 0x9f, 0x253: 0x9f, 0x254: 0x9f, 0x255: 0x9f, 0x256: 0x9f, 0x257: 0x9f,
+	0x258: 0x9f, 0x259: 0x9f, 0x25a: 0x9f, 0x25b: 0x9f, 0x25c: 0x9f, 0x25d: 0x9f, 0x25e: 0x9f, 0x25f: 0x9f,
+	0x260: 0x9f, 0x261: 0x9f, 0x262: 0x9f, 0x263: 0x9f, 0x264: 0x9f, 0x265: 0x9f, 0x266: 0x9f, 0x267: 0x9f,
+	0x268: 0x9f, 0x269: 0x9f, 0x26a: 0x9f, 0x26b: 0x9f, 0x26c: 0x9f, 0x26d: 0x9f, 0x26e: 0x9f, 0x26f: 0x9f,
+	0x270: 0x9f, 0x271: 0x9f, 0x272: 0x9f, 0x273: 0x9f, 0x274: 0x9f, 0x275: 0x9f, 0x276: 0x9f, 0x277: 0x9f,
+	0x278: 0x9f, 0x279: 0x9f, 0x27a: 0x9f, 0x27b: 0x9f, 0x27c: 0x9f, 0x27d: 0x9f, 0x27e: 0x9f, 0x27f: 0x9f,
+	// Block 0xa, offset 0x280
+	0x280: 0x9f, 0x281: 0x9f, 0x282: 0x9f, 0x283: 0x9f, 0x284: 0x9f, 0x285: 0x9f, 0x286: 0x9f, 0x287: 0x9f,
+	0x288: 0x9f, 0x289: 0x9f, 0x28a: 0x9f, 0x28b: 0x9f, 0x28c: 0x9f, 0x28d: 0x9f, 0x28e: 0x9f, 0x28f: 0x9f,
+	0x290: 0x9f, 0x291: 0x9f, 0x292: 0x9f, 0x293: 0x9f, 0x294: 0x9f, 0x295: 0x9f, 0x296: 0x9f, 0x297: 0x9f,
+	0x298: 0x9f, 0x299: 0x9f, 0x29a: 0x9f, 0x29b: 0x9f, 0x29c: 0x9f, 0x29d: 0x9f, 0x29e: 0x9f, 0x29f: 0x9f,
+	0x2a0: 0x9f, 0x2a1: 0x9f, 0x2a2: 0x9f, 0x2a3: 0x9f, 0x2a4: 0x9f, 0x2a5: 0x9f, 0x2a6: 0x9f, 0x2a7: 0x9f,
+	0x2a8: 0x9f, 0x2a9: 0x9f, 0x2aa: 0x9f, 0x2ab: 0x9f, 0x2ac: 0x9f, 0x2ad: 0x9f, 0x2ae: 0x9f, 0x2af: 0x9f,
+	0x2b0: 0x9f, 0x2b1: 0x9f, 0x2b2: 0x9f, 0x2b3: 0x9f, 0x2b4: 0x9f, 0x2b5: 0x9f, 0x2b6: 0x9f, 0x2b7: 0x9f,
+	0x2b8: 0x9f, 0x2b9: 0x9f, 0x2ba: 0x9f, 0x2bb: 0x9f, 0x2bc: 0x9f, 0x2bd: 0x9f, 0x2be: 0x9f, 0x2bf: 0xe3,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x9f, 0x2c1: 0x9f, 0x2c2: 0x9f, 0x2c3: 0x9f, 0x2c4: 0x9f, 0x2c5: 0x9f, 0x2c6: 0x9f, 0x2c7: 0x9f,
+	0x2c8: 0x9f, 0x2c9: 0x9f, 0x2ca: 0x9f, 0x2cb: 0x9f, 0x2cc: 0x9f, 0x2cd: 0x9f, 0x2ce: 0x9f, 0x2cf: 0x9f,
+	0x2d0: 0x9f, 0x2d1: 0x9f, 0x2d2: 0xe4, 0x2d3: 0xe5, 0x2d4: 0x9f, 0x2d5: 0x9f, 0x2d6: 0x9f, 0x2d7: 0x9f,
+	0x2d8: 0xe6, 0x2d9: 0x42, 0x2da: 0x43, 0x2db: 0xe7, 0x2dc: 0x44, 0x2dd: 0x45, 0x2de: 0x46, 0x2df: 0xe8,
+	0x2e0: 0xe9, 0x2e1: 0xea, 0x2e2: 0xeb, 0x2e3: 0xec, 0x2e4: 0xed, 0x2e5: 0xee, 0x2e6: 0xef, 0x2e7: 0xf0,
+	0x2e8: 0xf1, 0x2e9: 0xf2, 0x2ea: 0xf3, 0x2eb: 0xf4, 0x2ec: 0xf5, 0x2ed: 0xf6, 0x2ee: 0xf7, 0x2ef: 0xf8,
+	0x2f0: 0x9f, 0x2f1: 0x9f, 0x2f2: 0x9f, 0x2f3: 0x9f, 0x2f4: 0x9f, 0x2f5: 0x9f, 0x2f6: 0x9f, 0x2f7: 0x9f,
+	0x2f8: 0x9f, 0x2f9: 0x9f, 0x2fa: 0x9f, 0x2fb: 0x9f, 0x2fc: 0x9f, 0x2fd: 0x9f, 0x2fe: 0x9f, 0x2ff: 0x9f,
+	// Block 0xc, offset 0x300
+	0x300: 0x9f, 0x301: 0x9f, 0x302: 0x9f, 0x303: 0x9f, 0x304: 0x9f, 0x305: 0x9f, 0x306: 0x9f, 0x307: 0x9f,
+	0x308: 0x9f, 0x309: 0x9f, 0x30a: 0x9f, 0x30b: 0x9f, 0x30c: 0x9f, 0x30d: 0x9f, 0x30e: 0x9f, 0x30f: 0x9f,
+	0x310: 0x9f, 0x311: 0x9f, 0x312: 0x9f, 0x313: 0x9f, 0x314: 0x9f, 0x315: 0x9f, 0x316: 0x9f, 0x317: 0x9f,
+	0x318: 0x9f, 0x319: 0x9f, 0x31a: 0x9f, 0x31b: 0x9f, 0x31c: 0x9f, 0x31d: 0x9f, 0x31e: 0xf9, 0x31f: 0xfa,
+	// Block 0xd, offset 0x340
+	0x340: 0xba, 0x341: 0xba, 0x342: 0xba, 0x343: 0xba, 0x344: 0xba, 0x345: 0xba, 0x346: 0xba, 0x347: 0xba,
+	0x348: 0xba, 0x349: 0xba, 0x34a: 0xba, 0x34b: 0xba, 0x34c: 0xba, 0x34d: 0xba, 0x34e: 0xba, 0x34f: 0xba,
+	0x350: 0xba, 0x351: 0xba, 0x352: 0xba, 0x353: 0xba, 0x354: 0xba, 0x355: 0xba, 0x356: 0xba, 0x357: 0xba,
+	0x358: 0xba, 0x359: 0xba, 0x35a: 0xba, 0x35b: 0xba, 0x35c: 0xba, 0x35d: 0xba, 0x35e: 0xba, 0x35f: 0xba,
+	0x360: 0xba, 0x361: 0xba, 0x362: 0xba, 0x363: 0xba, 0x364: 0xba, 0x365: 0xba, 0x366: 0xba, 0x367: 0xba,
+	0x368: 0xba, 0x369: 0xba, 0x36a: 0xba, 0x36b: 0xba, 0x36c: 0xba, 0x36d: 0xba, 0x36e: 0xba, 0x36f: 0xba,
+	0x370: 0xba, 0x371: 0xba, 0x372: 0xba, 0x373: 0xba, 0x374: 0xba, 0x375: 0xba, 0x376: 0xba, 0x377: 0xba,
+	0x378: 0xba, 0x379: 0xba, 0x37a: 0xba, 0x37b: 0xba, 0x37c: 0xba, 0x37d: 0xba, 0x37e: 0xba, 0x37f: 0xba,
+	// Block 0xe, offset 0x380
+	0x380: 0xba, 0x381: 0xba, 0x382: 0xba, 0x383: 0xba, 0x384: 0xba, 0x385: 0xba, 0x386: 0xba, 0x387: 0xba,
+	0x388: 0xba, 0x389: 0xba, 0x38a: 0xba, 0x38b: 0xba, 0x38c: 0xba, 0x38d: 0xba, 0x38e: 0xba, 0x38f: 0xba,
+	0x390: 0xba, 0x391: 0xba, 0x392: 0xba, 0x393: 0xba, 0x394: 0xba, 0x395: 0xba, 0x396: 0xba, 0x397: 0xba,
+	0x398: 0xba, 0x399: 0xba, 0x39a: 0xba, 0x39b: 0xba, 0x39c: 0xba, 0x39d: 0xba, 0x39e: 0xba, 0x39f: 0xba,
+	0x3a0: 0xba, 0x3a1: 0xba, 0x3a2: 0xba, 0x3a3: 0xba, 0x3a4: 0xfb, 0x3a5: 0xfc, 0x3a6: 0xfd, 0x3a7: 0xfe,
+	0x3a8: 0x47, 0x3a9: 0xff, 0x3aa: 0x100, 0x3ab: 0x48, 0x3ac: 0x49, 0x3ad: 0x4a, 0x3ae: 0x4b, 0x3af: 0x4c,
+	0x3b0: 0x101, 0x3b1: 0x4d, 0x3b2: 0x4e, 0x3b3: 0x4f, 0x3b4: 0x50, 0x3b5: 0x51, 0x3b6: 0x102, 0x3b7: 0x52,
+	0x3b8: 0x53, 0x3b9: 0x54, 0x3ba: 0x55, 0x3bb: 0x56, 0x3bc: 0x57, 0x3bd: 0x58, 0x3be: 0x59, 0x3bf: 0x5a,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x103, 0x3c1: 0x104, 0x3c2: 0x9f, 0x3c3: 0x105, 0x3c4: 0x106, 0x3c5: 0x9b, 0x3c6: 0x107, 0x3c7: 0x108,
+	0x3c8: 0xba, 0x3c9: 0xba, 0x3ca: 0x109, 0x3cb: 0x10a, 0x3cc: 0x10b, 0x3cd: 0x10c, 0x3ce: 0x10d, 0x3cf: 0x10e,
+	0x3d0: 0x10f, 0x3d1: 0x9f, 0x3d2: 0x110, 0x3d3: 0x111, 0x3d4: 0x112, 0x3d5: 0x113, 0x3d6: 0xba, 0x3d7: 0xba,
+	0x3d8: 0x9f, 0x3d9: 0x9f, 0x3da: 0x9f, 0x3db: 0x9f, 0x3dc: 0x114, 0x3dd: 0x115, 0x3de: 0xba, 0x3df: 0xba,
+	0x3e0: 0x116, 0x3e1: 0x117, 0x3e2: 0x118, 0x3e3: 0x119, 0x3e4: 0x11a, 0x3e5: 0xba, 0x3e6: 0x11b, 0x3e7: 0x11c,
+	0x3e8: 0x11d, 0x3e9: 0x11e, 0x3ea: 0x11f, 0x3eb: 0x5b, 0x3ec: 0x120, 0x3ed: 0x121, 0x3ee: 0x5c, 0x3ef: 0xba,
+	0x3f0: 0x122, 0x3f1: 0x123, 0x3f2: 0x124, 0x3f3: 0x125, 0x3f4: 0xba, 0x3f5: 0xba, 0x3f6: 0xba, 0x3f7: 0xba,
+	0x3f8: 0xba, 0x3f9: 0x126, 0x3fa: 0xba, 0x3fb: 0xba, 0x3fc: 0xba, 0x3fd: 0xba, 0x3fe: 0xba, 0x3ff: 0xba,
+	// Block 0x10, offset 0x400
+	0x400: 0x127, 0x401: 0x128, 0x402: 0x129, 0x403: 0x12a, 0x404: 0x12b, 0x405: 0x12c, 0x406: 0x12d, 0x407: 0x12e,
+	0x408: 0x12f, 0x409: 0xba, 0x40a: 0x130, 0x40b: 0x131, 0x40c: 0x5d, 0x40d: 0x5e, 0x40e: 0xba, 0x40f: 0xba,
+	0x410: 0x132, 0x411: 0x133, 0x412: 0x134, 0x413: 0x135, 0x414: 0xba, 0x415: 0xba, 0x416: 0x136, 0x417: 0x137,
+	0x418: 0x138, 0x419: 0x139, 0x41a: 0x13a, 0x41b: 0x13b, 0x41c: 0x13c, 0x41d: 0xba, 0x41e: 0xba, 0x41f: 0xba,
+	0x420: 0xba, 0x421: 0xba, 0x422: 0x13d, 0x423: 0x13e, 0x424: 0xba, 0x425: 0xba, 0x426: 0xba, 0x427: 0xba,
+	0x428: 0x13f, 0x429: 0x140, 0x42a: 0x141, 0x42b: 0x142, 0x42c: 0xba, 0x42d: 0xba, 0x42e: 0xba, 0x42f: 0xba,
+	0x430: 0x143, 0x431: 0x144, 0x432: 0x145, 0x433: 0xba, 0x434: 0x146, 0x435: 0x147, 0x436: 0xba, 0x437: 0xba,
+	0x438: 0xba, 0x439: 0xba, 0x43a: 0xba, 0x43b: 0xba, 0x43c: 0xba, 0x43d: 0xba, 0x43e: 0xba, 0x43f: 0xba,
+	// Block 0x11, offset 0x440
+	0x440: 0x9f, 0x441: 0x9f, 0x442: 0x9f, 0x443: 0x9f, 0x444: 0x9f, 0x445: 0x9f, 0x446: 0x9f, 0x447: 0x9f,
+	0x448: 0x9f, 0x449: 0x9f, 0x44a: 0x9f, 0x44b: 0x9f, 0x44c: 0x9f, 0x44d: 0x9f, 0x44e: 0x148, 0x44f: 0xba,
+	0x450: 0x9b, 0x451: 0x149, 0x452: 0x9f, 0x453: 0x9f, 0x454: 0x9f, 0x455: 0x14a, 0x456: 0xba, 0x457: 0xba,
+	0x458: 0xba, 0x459: 0xba, 0x45a: 0xba, 0x45b: 0xba, 0x45c: 0xba, 0x45d: 0xba, 0x45e: 0xba, 0x45f: 0xba,
+	0x460: 0xba, 0x461: 0xba, 0x462: 0xba, 0x463: 0xba, 0x464: 0xba, 0x465: 0xba, 0x466: 0xba, 0x467: 0xba,
+	0x468: 0xba, 0x469: 0xba, 0x46a: 0xba, 0x46b: 0xba, 0x46c: 0xba, 0x46d: 0xba, 0x46e: 0xba, 0x46f: 0xba,
+	0x470: 0xba, 0x471: 0xba, 0x472: 0xba, 0x473: 0xba, 0x474: 0xba, 0x475: 0xba, 0x476: 0xba, 0x477: 0xba,
+	0x478: 0xba, 0x479: 0xba, 0x47a: 0xba, 0x47b: 0xba, 0x47c: 0xba, 0x47d: 0xba, 0x47e: 0xba, 0x47f: 0xba,
+	// Block 0x12, offset 0x480
+	0x480: 0x9f, 0x481: 0x9f, 0x482: 0x9f, 0x483: 0x9f, 0x484: 0x9f, 0x485: 0x9f, 0x486: 0x9f, 0x487: 0x9f,
+	0x488: 0x9f, 0x489: 0x9f, 0x48a: 0x9f, 0x48b: 0x9f, 0x48c: 0x9f, 0x48d: 0x9f, 0x48e: 0x9f, 0x48f: 0x9f,
+	0x490: 0x14b, 0x491: 0xba, 0x492: 0xba, 0x493: 0xba, 0x494: 0xba, 0x495: 0xba, 0x496: 0xba, 0x497: 0xba,
+	0x498: 0xba, 0x499: 0xba, 0x49a: 0xba, 0x49b: 0xba, 0x49c: 0xba, 0x49d: 0xba, 0x49e: 0xba, 0x49f: 0xba,
+	0x4a0: 0xba, 0x4a1: 0xba, 0x4a2: 0xba, 0x4a3: 0xba, 0x4a4: 0xba, 0x4a5: 0xba, 0x4a6: 0xba, 0x4a7: 0xba,
+	0x4a8: 0xba, 0x4a9: 0xba, 0x4aa: 0xba, 0x4ab: 0xba, 0x4ac: 0xba, 0x4ad: 0xba, 0x4ae: 0xba, 0x4af: 0xba,
+	0x4b0: 0xba, 0x4b1: 0xba, 0x4b2: 0xba, 0x4b3: 0xba, 0x4b4: 0xba, 0x4b5: 0xba, 0x4b6: 0xba, 0x4b7: 0xba,
+	0x4b8: 0xba, 0x4b9: 0xba, 0x4ba: 0xba, 0x4bb: 0xba, 0x4bc: 0xba, 0x4bd: 0xba, 0x4be: 0xba, 0x4bf: 0xba,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0xba, 0x4c1: 0xba, 0x4c2: 0xba, 0x4c3: 0xba, 0x4c4: 0xba, 0x4c5: 0xba, 0x4c6: 0xba, 0x4c7: 0xba,
+	0x4c8: 0xba, 0x4c9: 0xba, 0x4ca: 0xba, 0x4cb: 0xba, 0x4cc: 0xba, 0x4cd: 0xba, 0x4ce: 0xba, 0x4cf: 0xba,
+	0x4d0: 0x9f, 0x4d1: 0x9f, 0x4d2: 0x9f, 0x4d3: 0x9f, 0x4d4: 0x9f, 0x4d5: 0x9f, 0x4d6: 0x9f, 0x4d7: 0x9f,
+	0x4d8: 0x9f, 0x4d9: 0x14c, 0x4da: 0xba, 0x4db: 0xba, 0x4dc: 0xba, 0x4dd: 0xba, 0x4de: 0xba, 0x4df: 0xba,
+	0x4e0: 0xba, 0x4e1: 0xba, 0x4e2: 0xba, 0x4e3: 0xba, 0x4e4: 0xba, 0x4e5: 0xba, 0x4e6: 0xba, 0x4e7: 0xba,
+	0x4e8: 0xba, 0x4e9: 0xba, 0x4ea: 0xba, 0x4eb: 0xba, 0x4ec: 0xba, 0x4ed: 0xba, 0x4ee: 0xba, 0x4ef: 0xba,
+	0x4f0: 0xba, 0x4f1: 0xba, 0x4f2: 0xba, 0x4f3: 0xba, 0x4f4: 0xba, 0x4f5: 0xba, 0x4f6: 0xba, 0x4f7: 0xba,
+	0x4f8: 0xba, 0x4f9: 0xba, 0x4fa: 0xba, 0x4fb: 0xba, 0x4fc: 0xba, 0x4fd: 0xba, 0x4fe: 0xba, 0x4ff: 0xba,
+	// Block 0x14, offset 0x500
+	0x500: 0xba, 0x501: 0xba, 0x502: 0xba, 0x503: 0xba, 0x504: 0xba, 0x505: 0xba, 0x506: 0xba, 0x507: 0xba,
+	0x508: 0xba, 0x509: 0xba, 0x50a: 0xba, 0x50b: 0xba, 0x50c: 0xba, 0x50d: 0xba, 0x50e: 0xba, 0x50f: 0xba,
+	0x510: 0xba, 0x511: 0xba, 0x512: 0xba, 0x513: 0xba, 0x514: 0xba, 0x515: 0xba, 0x516: 0xba, 0x517: 0xba,
+	0x518: 0xba, 0x519: 0xba, 0x51a: 0xba, 0x51b: 0xba, 0x51c: 0xba, 0x51d: 0xba, 0x51e: 0xba, 0x51f: 0xba,
+	0x520: 0x9f, 0x521: 0x9f, 0x522: 0x9f, 0x523: 0x9f, 0x524: 0x9f, 0x525: 0x9f, 0x526: 0x9f, 0x527: 0x9f,
+	0x528: 0x142, 0x529: 0x14d, 0x52a: 0xba, 0x52b: 0x14e, 0x52c: 0x14f, 0x52d: 0x150, 0x52e: 0x151, 0x52f: 0xba,
+	0x530: 0xba, 0x531: 0xba, 0x532: 0xba, 0x533: 0xba, 0x534: 0xba, 0x535: 0xba, 0x536: 0xba, 0x537: 0xba,
+	0x538: 0xba, 0x539: 0xba, 0x53a: 0xba, 0x53b: 0xba, 0x53c: 0x9f, 0x53d: 0x152, 0x53e: 0x153, 0x53f: 0x154,
+	// Block 0x15, offset 0x540
+	0x540: 0x9f, 0x541: 0x9f, 0x542: 0x9f, 0x543: 0x9f, 0x544: 0x9f, 0x545: 0x9f, 0x546: 0x9f, 0x547: 0x9f,
+	0x548: 0x9f, 0x549: 0x9f, 0x54a: 0x9f, 0x54b: 0x9f, 0x54c: 0x9f, 0x54d: 0x9f, 0x54e: 0x9f, 0x54f: 0x9f,
+	0x550: 0x9f, 0x551: 0x9f, 0x552: 0x9f, 0x553: 0x9f, 0x554: 0x9f, 0x555: 0x9f, 0x556: 0x9f, 0x557: 0x9f,
+	0x558: 0x9f, 0x559: 0x9f, 0x55a: 0x9f, 0x55b: 0x9f, 0x55c: 0x9f, 0x55d: 0x9f, 0x55e: 0x9f, 0x55f: 0x155,
+	0x560: 0x9f, 0x561: 0x9f, 0x562: 0x9f, 0x563: 0x9f, 0x564: 0x9f, 0x565: 0x9f, 0x566: 0x9f, 0x567: 0x9f,
+	0x568: 0x9f, 0x569: 0x9f, 0x56a: 0x9f, 0x56b: 0x156, 0x56c: 0xba, 0x56d: 0xba, 0x56e: 0xba, 0x56f: 0xba,
+	0x570: 0xba, 0x571: 0xba, 0x572: 0xba, 0x573: 0xba, 0x574: 0xba, 0x575: 0xba, 0x576: 0xba, 0x577: 0xba,
+	0x578: 0xba, 0x579: 0xba, 0x57a: 0xba, 0x57b: 0xba, 0x57c: 0xba, 0x57d: 0xba, 0x57e: 0xba, 0x57f: 0xba,
+	// Block 0x16, offset 0x580
+	0x580: 0x9f, 0x581: 0x9f, 0x582: 0x9f, 0x583: 0x9f, 0x584: 0x157, 0x585: 0x158, 0x586: 0x9f, 0x587: 0x9f,
+	0x588: 0x9f, 0x589: 0x9f, 0x58a: 0x9f, 0x58b: 0x159, 0x58c: 0xba, 0x58d: 0xba, 0x58e: 0xba, 0x58f: 0xba,
+	0x590: 0xba, 0x591: 0xba, 0x592: 0xba, 0x593: 0xba, 0x594: 0xba, 0x595: 0xba, 0x596: 0xba, 0x597: 0xba,
+	0x598: 0xba, 0x599: 0xba, 0x59a: 0xba, 0x59b: 0xba, 0x59c: 0xba, 0x59d: 0xba, 0x59e: 0xba, 0x59f: 0xba,
+	0x5a0: 0xba, 0x5a1: 0xba, 0x5a2: 0xba, 0x5a3: 0xba, 0x5a4: 0xba, 0x5a5: 0xba, 0x5a6: 0xba, 0x5a7: 0xba,
+	0x5a8: 0xba, 0x5a9: 0xba, 0x5aa: 0xba, 0x5ab: 0xba, 0x5ac: 0xba, 0x5ad: 0xba, 0x5ae: 0xba, 0x5af: 0xba,
+	0x5b0: 0x9f, 0x5b1: 0x15a, 0x5b2: 0x15b, 0x5b3: 0xba, 0x5b4: 0xba, 0x5b5: 0xba, 0x5b6: 0xba, 0x5b7: 0xba,
+	0x5b8: 0xba, 0x5b9: 0xba, 0x5ba: 0xba, 0x5bb: 0xba, 0x5bc: 0xba, 0x5bd: 0xba, 0x5be: 0xba, 0x5bf: 0xba,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x9b, 0x5c1: 0x9b, 0x5c2: 0x9b, 0x5c3: 0x15c, 0x5c4: 0x15d, 0x5c5: 0x15e, 0x5c6: 0x15f, 0x5c7: 0x160,
+	0x5c8: 0x9b, 0x5c9: 0x161, 0x5ca: 0xba, 0x5cb: 0xba, 0x5cc: 0x9b, 0x5cd: 0x162, 0x5ce: 0xba, 0x5cf: 0xba,
+	0x5d0: 0x5f, 0x5d1: 0x60, 0x5d2: 0x61, 0x5d3: 0x62, 0x5d4: 0x63, 0x5d5: 0x64, 0x5d6: 0x65, 0x5d7: 0x66,
+	0x5d8: 0x67, 0x5d9: 0x68, 0x5da: 0x69, 0x5db: 0x6a, 0x5dc: 0x6b, 0x5dd: 0x6c, 0x5de: 0x6d, 0x5df: 0x6e,
+	0x5e0: 0x9b, 0x5e1: 0x9b, 0x5e2: 0x9b, 0x5e3: 0x9b, 0x5e4: 0x9b, 0x5e5: 0x9b, 0x5e6: 0x9b, 0x5e7: 0x9b,
+	0x5e8: 0x163, 0x5e9: 0x164, 0x5ea: 0x165, 0x5eb: 0xba, 0x5ec: 0xba, 0x5ed: 0xba, 0x5ee: 0xba, 0x5ef: 0xba,
+	0x5f0: 0xba, 0x5f1: 0xba, 0x5f2: 0xba, 0x5f3: 0xba, 0x5f4: 0xba, 0x5f5: 0xba, 0x5f6: 0xba, 0x5f7: 0xba,
+	0x5f8: 0xba, 0x5f9: 0xba, 0x5fa: 0xba, 0x5fb: 0xba, 0x5fc: 0xba, 0x5fd: 0xba, 0x5fe: 0xba, 0x5ff: 0xba,
+	// Block 0x18, offset 0x600
+	0x600: 0x166, 0x601: 0xba, 0x602: 0xba, 0x603: 0xba, 0x604: 0xba, 0x605: 0xba, 0x606: 0xba, 0x607: 0xba,
+	0x608: 0xba, 0x609: 0xba, 0x60a: 0xba, 0x60b: 0xba, 0x60c: 0xba, 0x60d: 0xba, 0x60e: 0xba, 0x60f: 0xba,
+	0x610: 0xba, 0x611: 0xba, 0x612: 0xba, 0x613: 0xba, 0x614: 0xba, 0x615: 0xba, 0x616: 0xba, 0x617: 0xba,
+	0x618: 0xba, 0x619: 0xba, 0x61a: 0xba, 0x61b: 0xba, 0x61c: 0xba, 0x61d: 0xba, 0x61e: 0xba, 0x61f: 0xba,
+	0x620: 0x122, 0x621: 0x122, 0x622: 0x122, 0x623: 0x167, 0x624: 0x6f, 0x625: 0x168, 0x626: 0xba, 0x627: 0xba,
+	0x628: 0xba, 0x629: 0xba, 0x62a: 0xba, 0x62b: 0xba, 0x62c: 0xba, 0x62d: 0xba, 0x62e: 0xba, 0x62f: 0xba,
+	0x630: 0xba, 0x631: 0xba, 0x632: 0xba, 0x633: 0xba, 0x634: 0xba, 0x635: 0xba, 0x636: 0xba, 0x637: 0xba,
+	0x638: 0x70, 0x639: 0x71, 0x63a: 0x72, 0x63b: 0x169, 0x63c: 0xba, 0x63d: 0xba, 0x63e: 0xba, 0x63f: 0xba,
+	// Block 0x19, offset 0x640
+	0x640: 0x16a, 0x641: 0x9b, 0x642: 0x16b, 0x643: 0x16c, 0x644: 0x73, 0x645: 0x74, 0x646: 0x16d, 0x647: 0x16e,
+	0x648: 0x75, 0x649: 0x16f, 0x64a: 0xba, 0x64b: 0xba, 0x64c: 0x9b, 0x64d: 0x9b, 0x64e: 0x9b, 0x64f: 0x9b,
+	0x650: 0x9b, 0x651: 0x9b, 0x652: 0x9b, 0x653: 0x9b, 0x654: 0x9b, 0x655: 0x9b, 0x656: 0x9b, 0x657: 0x9b,
+	0x658: 0x9b, 0x659: 0x9b, 0x65a: 0x9b, 0x65b: 0x170, 0x65c: 0x9b, 0x65d: 0x171, 0x65e: 0x9b, 0x65f: 0x172,
+	0x660: 0x173, 0x661: 0x174, 0x662: 0x175, 0x663: 0xba, 0x664: 0x176, 0x665: 0x177, 0x666: 0x178, 0x667: 0x179,
+	0x668: 0xba, 0x669: 0xba, 0x66a: 0xba, 0x66b: 0xba, 0x66c: 0xba, 0x66d: 0xba, 0x66e: 0xba, 0x66f: 0xba,
+	0x670: 0xba, 0x671: 0xba, 0x672: 0xba, 0x673: 0xba, 0x674: 0xba, 0x675: 0xba, 0x676: 0xba, 0x677: 0xba,
+	0x678: 0xba, 0x679: 0xba, 0x67a: 0xba, 0x67b: 0xba, 0x67c: 0xba, 0x67d: 0xba, 0x67e: 0xba, 0x67f: 0xba,
+	// Block 0x1a, offset 0x680
+	0x680: 0x9f, 0x681: 0x9f, 0x682: 0x9f, 0x683: 0x9f, 0x684: 0x9f, 0x685: 0x9f, 0x686: 0x9f, 0x687: 0x9f,
+	0x688: 0x9f, 0x689: 0x9f, 0x68a: 0x9f, 0x68b: 0x9f, 0x68c: 0x9f, 0x68d: 0x9f, 0x68e: 0x9f, 0x68f: 0x9f,
+	0x690: 0x9f, 0x691: 0x9f, 0x692: 0x9f, 0x693: 0x9f, 0x694: 0x9f, 0x695: 0x9f, 0x696: 0x9f, 0x697: 0x9f,
+	0x698: 0x9f, 0x699: 0x9f, 0x69a: 0x9f, 0x69b: 0x17a, 0x69c: 0x9f, 0x69d: 0x9f, 0x69e: 0x9f, 0x69f: 0x9f,
+	0x6a0: 0x9f, 0x6a1: 0x9f, 0x6a2: 0x9f, 0x6a3: 0x9f, 0x6a4: 0x9f, 0x6a5: 0x9f, 0x6a6: 0x9f, 0x6a7: 0x9f,
+	0x6a8: 0x9f, 0x6a9: 0x9f, 0x6aa: 0x9f, 0x6ab: 0x9f, 0x6ac: 0x9f, 0x6ad: 0x9f, 0x6ae: 0x9f, 0x6af: 0x9f,
+	0x6b0: 0x9f, 0x6b1: 0x9f, 0x6b2: 0x9f, 0x6b3: 0x9f, 0x6b4: 0x9f, 0x6b5: 0x9f, 0x6b6: 0x9f, 0x6b7: 0x9f,
+	0x6b8: 0x9f, 0x6b9: 0x9f, 0x6ba: 0x9f, 0x6bb: 0x9f, 0x6bc: 0x9f, 0x6bd: 0x9f, 0x6be: 0x9f, 0x6bf: 0x9f,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x9f, 0x6c1: 0x9f, 0x6c2: 0x9f, 0x6c3: 0x9f, 0x6c4: 0x9f, 0x6c5: 0x9f, 0x6c6: 0x9f, 0x6c7: 0x9f,
+	0x6c8: 0x9f, 0x6c9: 0x9f, 0x6ca: 0x9f, 0x6cb: 0x9f, 0x6cc: 0x9f, 0x6cd: 0x9f, 0x6ce: 0x9f, 0x6cf: 0x9f,
+	0x6d0: 0x9f, 0x6d1: 0x9f, 0x6d2: 0x9f, 0x6d3: 0x9f, 0x6d4: 0x9f, 0x6d5: 0x9f, 0x6d6: 0x9f, 0x6d7: 0x9f,
+	0x6d8: 0x9f, 0x6d9: 0x9f, 0x6da: 0x9f, 0x6db: 0x9f, 0x6dc: 0x17b, 0x6dd: 0x9f, 0x6de: 0x9f, 0x6df: 0x9f,
+	0x6e0: 0x17c, 0x6e1: 0x9f, 0x6e2: 0x9f, 0x6e3: 0x9f, 0x6e4: 0x9f, 0x6e5: 0x9f, 0x6e6: 0x9f, 0x6e7: 0x9f,
+	0x6e8: 0x9f, 0x6e9: 0x9f, 0x6ea: 0x9f, 0x6eb: 0x9f, 0x6ec: 0x9f, 0x6ed: 0x9f, 0x6ee: 0x9f, 0x6ef: 0x9f,
+	0x6f0: 0x9f, 0x6f1: 0x9f, 0x6f2: 0x9f, 0x6f3: 0x9f, 0x6f4: 0x9f, 0x6f5: 0x9f, 0x6f6: 0x9f, 0x6f7: 0x9f,
+	0x6f8: 0x9f, 0x6f9: 0x9f, 0x6fa: 0x9f, 0x6fb: 0x9f, 0x6fc: 0x9f, 0x6fd: 0x9f, 0x6fe: 0x9f, 0x6ff: 0x9f,
+	// Block 0x1c, offset 0x700
+	0x700: 0x9f, 0x701: 0x9f, 0x702: 0x9f, 0x703: 0x9f, 0x704: 0x9f, 0x705: 0x9f, 0x706: 0x9f, 0x707: 0x9f,
+	0x708: 0x9f, 0x709: 0x9f, 0x70a: 0x9f, 0x70b: 0x9f, 0x70c: 0x9f, 0x70d: 0x9f, 0x70e: 0x9f, 0x70f: 0x9f,
+	0x710: 0x9f, 0x711: 0x9f, 0x712: 0x9f, 0x713: 0x9f, 0x714: 0x9f, 0x715: 0x9f, 0x716: 0x9f, 0x717: 0x9f,
+	0x718: 0x9f, 0x719: 0x9f, 0x71a: 0x9f, 0x71b: 0x9f, 0x71c: 0x9f, 0x71d: 0x9f, 0x71e: 0x9f, 0x71f: 0x9f,
+	0x720: 0x9f, 0x721: 0x9f, 0x722: 0x9f, 0x723: 0x9f, 0x724: 0x9f, 0x725: 0x9f, 0x726: 0x9f, 0x727: 0x9f,
+	0x728: 0x9f, 0x729: 0x9f, 0x72a: 0x9f, 0x72b: 0x9f, 0x72c: 0x9f, 0x72d: 0x9f, 0x72e: 0x9f, 0x72f: 0x9f,
+	0x730: 0x9f, 0x731: 0x9f, 0x732: 0x9f, 0x733: 0x9f, 0x734: 0x9f, 0x735: 0x9f, 0x736: 0x9f, 0x737: 0x9f,
+	0x738: 0x9f, 0x739: 0x9f, 0x73a: 0x17d, 0x73b: 0x9f, 0x73c: 0x9f, 0x73d: 0x9f, 0x73e: 0x9f, 0x73f: 0x9f,
+	// Block 0x1d, offset 0x740
+	0x740: 0x9f, 0x741: 0x9f, 0x742: 0x9f, 0x743: 0x9f, 0x744: 0x9f, 0x745: 0x9f, 0x746: 0x9f, 0x747: 0x9f,
+	0x748: 0x9f, 0x749: 0x9f, 0x74a: 0x9f, 0x74b: 0x9f, 0x74c: 0x9f, 0x74d: 0x9f, 0x74e: 0x9f, 0x74f: 0x9f,
+	0x750: 0x9f, 0x751: 0x9f, 0x752: 0x9f, 0x753: 0x9f, 0x754: 0x9f, 0x755: 0x9f, 0x756: 0x9f, 0x757: 0x9f,
+	0x758: 0x9f, 0x759: 0x9f, 0x75a: 0x9f, 0x75b: 0x9f, 0x75c: 0x9f, 0x75d: 0x9f, 0x75e: 0x9f, 0x75f: 0x9f,
+	0x760: 0x9f, 0x761: 0x9f, 0x762: 0x9f, 0x763: 0x9f, 0x764: 0x9f, 0x765: 0x9f, 0x766: 0x9f, 0x767: 0x9f,
+	0x768: 0x9f, 0x769: 0x9f, 0x76a: 0x9f, 0x76b: 0x9f, 0x76c: 0x9f, 0x76d: 0x9f, 0x76e: 0x9f, 0x76f: 0x17e,
+	0x770: 0xba, 0x771: 0xba, 0x772: 0xba, 0x773: 0xba, 0x774: 0xba, 0x775: 0xba, 0x776: 0xba, 0x777: 0xba,
+	0x778: 0xba, 0x779: 0xba, 0x77a: 0xba, 0x77b: 0xba, 0x77c: 0xba, 0x77d: 0xba, 0x77e: 0xba, 0x77f: 0xba,
+	// Block 0x1e, offset 0x780
+	0x780: 0xba, 0x781: 0xba, 0x782: 0xba, 0x783: 0xba, 0x784: 0xba, 0x785: 0xba, 0x786: 0xba, 0x787: 0xba,
+	0x788: 0xba, 0x789: 0xba, 0x78a: 0xba, 0x78b: 0xba, 0x78c: 0xba, 0x78d: 0xba, 0x78e: 0xba, 0x78f: 0xba,
+	0x790: 0xba, 0x791: 0xba, 0x792: 0xba, 0x793: 0xba, 0x794: 0xba, 0x795: 0xba, 0x796: 0xba, 0x797: 0xba,
+	0x798: 0xba, 0x799: 0xba, 0x79a: 0xba, 0x79b: 0xba, 0x79c: 0xba, 0x79d: 0xba, 0x79e: 0xba, 0x79f: 0xba,
+	0x7a0: 0x76, 0x7a1: 0x77, 0x7a2: 0x78, 0x7a3: 0x17f, 0x7a4: 0x79, 0x7a5: 0x7a, 0x7a6: 0x180, 0x7a7: 0x7b,
+	0x7a8: 0x7c, 0x7a9: 0xba, 0x7aa: 0xba, 0x7ab: 0xba, 0x7ac: 0xba, 0x7ad: 0xba, 0x7ae: 0xba, 0x7af: 0xba,
+	0x7b0: 0xba, 0x7b1: 0xba, 0x7b2: 0xba, 0x7b3: 0xba, 0x7b4: 0xba, 0x7b5: 0xba, 0x7b6: 0xba, 0x7b7: 0xba,
+	0x7b8: 0xba, 0x7b9: 0xba, 0x7ba: 0xba, 0x7bb: 0xba, 0x7bc: 0xba, 0x7bd: 0xba, 0x7be: 0xba, 0x7bf: 0xba,
+	// Block 0x1f, offset 0x7c0
+	0x7d0: 0x0d, 0x7d1: 0x0e, 0x7d2: 0x0f, 0x7d3: 0x10, 0x7d4: 0x11, 0x7d5: 0x0b, 0x7d6: 0x12, 0x7d7: 0x07,
+	0x7d8: 0x13, 0x7d9: 0x0b, 0x7da: 0x0b, 0x7db: 0x14, 0x7dc: 0x0b, 0x7dd: 0x15, 0x7de: 0x16, 0x7df: 0x17,
+	0x7e0: 0x07, 0x7e1: 0x07, 0x7e2: 0x07, 0x7e3: 0x07, 0x7e4: 0x07, 0x7e5: 0x07, 0x7e6: 0x07, 0x7e7: 0x07,
+	0x7e8: 0x07, 0x7e9: 0x07, 0x7ea: 0x18, 0x7eb: 0x19, 0x7ec: 0x1a, 0x7ed: 0x07, 0x7ee: 0x1b, 0x7ef: 0x1c,
+	0x7f0: 0x0b, 0x7f1: 0x0b, 0x7f2: 0x0b, 0x7f3: 0x0b, 0x7f4: 0x0b, 0x7f5: 0x0b, 0x7f6: 0x0b, 0x7f7: 0x0b,
+	0x7f8: 0x0b, 0x7f9: 0x0b, 0x7fa: 0x0b, 0x7fb: 0x0b, 0x7fc: 0x0b, 0x7fd: 0x0b, 0x7fe: 0x0b, 0x7ff: 0x0b,
+	// Block 0x20, offset 0x800
+	0x800: 0x0b, 0x801: 0x0b, 0x802: 0x0b, 0x803: 0x0b, 0x804: 0x0b, 0x805: 0x0b, 0x806: 0x0b, 0x807: 0x0b,
+	0x808: 0x0b, 0x809: 0x0b, 0x80a: 0x0b, 0x80b: 0x0b, 0x80c: 0x0b, 0x80d: 0x0b, 0x80e: 0x0b, 0x80f: 0x0b,
+	0x810: 0x0b, 0x811: 0x0b, 0x812: 0x0b, 0x813: 0x0b, 0x814: 0x0b, 0x815: 0x0b, 0x816: 0x0b, 0x817: 0x0b,
+	0x818: 0x0b, 0x819: 0x0b, 0x81a: 0x0b, 0x81b: 0x0b, 0x81c: 0x0b, 0x81d: 0x0b, 0x81e: 0x0b, 0x81f: 0x0b,
+	0x820: 0x0b, 0x821: 0x0b, 0x822: 0x0b, 0x823: 0x0b, 0x824: 0x0b, 0x825: 0x0b, 0x826: 0x0b, 0x827: 0x0b,
+	0x828: 0x0b, 0x829: 0x0b, 0x82a: 0x0b, 0x82b: 0x0b, 0x82c: 0x0b, 0x82d: 0x0b, 0x82e: 0x0b, 0x82f: 0x0b,
+	0x830: 0x0b, 0x831: 0x0b, 0x832: 0x0b, 0x833: 0x0b, 0x834: 0x0b, 0x835: 0x0b, 0x836: 0x0b, 0x837: 0x0b,
+	0x838: 0x0b, 0x839: 0x0b, 0x83a: 0x0b, 0x83b: 0x0b, 0x83c: 0x0b, 0x83d: 0x0b, 0x83e: 0x0b, 0x83f: 0x0b,
+	// Block 0x21, offset 0x840
+	0x840: 0x181, 0x841: 0x182, 0x842: 0xba, 0x843: 0xba, 0x844: 0x183, 0x845: 0x183, 0x846: 0x183, 0x847: 0x184,
+	0x848: 0xba, 0x849: 0xba, 0x84a: 0xba, 0x84b: 0xba, 0x84c: 0xba, 0x84d: 0xba, 0x84e: 0xba, 0x84f: 0xba,
+	0x850: 0xba, 0x851: 0xba, 0x852: 0xba, 0x853: 0xba, 0x854: 0xba, 0x855: 0xba, 0x856: 0xba, 0x857: 0xba,
+	0x858: 0xba, 0x859: 0xba, 0x85a: 0xba, 0x85b: 0xba, 0x85c: 0xba, 0x85d: 0xba, 0x85e: 0xba, 0x85f: 0xba,
+	0x860: 0xba, 0x861: 0xba, 0x862: 0xba, 0x863: 0xba, 0x864: 0xba, 0x865: 0xba, 0x866: 0xba, 0x867: 0xba,
+	0x868: 0xba, 0x869: 0xba, 0x86a: 0xba, 0x86b: 0xba, 0x86c: 0xba, 0x86d: 0xba, 0x86e: 0xba, 0x86f: 0xba,
+	0x870: 0xba, 0x871: 0xba, 0x872: 0xba, 0x873: 0xba, 0x874: 0xba, 0x875: 0xba, 0x876: 0xba, 0x877: 0xba,
+	0x878: 0xba, 0x879: 0xba, 0x87a: 0xba, 0x87b: 0xba, 0x87c: 0xba, 0x87d: 0xba, 0x87e: 0xba, 0x87f: 0xba,
+	// Block 0x22, offset 0x880
+	0x880: 0x0b, 0x881: 0x0b, 0x882: 0x0b, 0x883: 0x0b, 0x884: 0x0b, 0x885: 0x0b, 0x886: 0x0b, 0x887: 0x0b,
+	0x888: 0x0b, 0x889: 0x0b, 0x88a: 0x0b, 0x88b: 0x0b, 0x88c: 0x0b, 0x88d: 0x0b, 0x88e: 0x0b, 0x88f: 0x0b,
+	0x890: 0x0b, 0x891: 0x0b, 0x892: 0x0b, 0x893: 0x0b, 0x894: 0x0b, 0x895: 0x0b, 0x896: 0x0b, 0x897: 0x0b,
+	0x898: 0x0b, 0x899: 0x0b, 0x89a: 0x0b, 0x89b: 0x0b, 0x89c: 0x0b, 0x89d: 0x0b, 0x89e: 0x0b, 0x89f: 0x0b,
+	0x8a0: 0x1f, 0x8a1: 0x0b, 0x8a2: 0x0b, 0x8a3: 0x0b, 0x8a4: 0x0b, 0x8a5: 0x0b, 0x8a6: 0x0b, 0x8a7: 0x0b,
+	0x8a8: 0x0b, 0x8a9: 0x0b, 0x8aa: 0x0b, 0x8ab: 0x0b, 0x8ac: 0x0b, 0x8ad: 0x0b, 0x8ae: 0x0b, 0x8af: 0x0b,
+	0x8b0: 0x0b, 0x8b1: 0x0b, 0x8b2: 0x0b, 0x8b3: 0x0b, 0x8b4: 0x0b, 0x8b5: 0x0b, 0x8b6: 0x0b, 0x8b7: 0x0b,
+	0x8b8: 0x0b, 0x8b9: 0x0b, 0x8ba: 0x0b, 0x8bb: 0x0b, 0x8bc: 0x0b, 0x8bd: 0x0b, 0x8be: 0x0b, 0x8bf: 0x0b,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x0b, 0x8c1: 0x0b, 0x8c2: 0x0b, 0x8c3: 0x0b, 0x8c4: 0x0b, 0x8c5: 0x0b, 0x8c6: 0x0b, 0x8c7: 0x0b,
+	0x8c8: 0x0b, 0x8c9: 0x0b, 0x8ca: 0x0b, 0x8cb: 0x0b, 0x8cc: 0x0b, 0x8cd: 0x0b, 0x8ce: 0x0b, 0x8cf: 0x0b,
+}
+
+// idnaSparseOffset: 264 entries, 528 bytes
+var idnaSparseOffset = []uint16{0x0, 0x8, 0x19, 0x25, 0x27, 0x2c, 0x34, 0x3f, 0x4b, 0x4f, 0x5e, 0x63, 0x6b, 0x77, 0x85, 0x8a, 0x93, 0xa3, 0xb1, 0xbd, 0xc9, 0xda, 0xe4, 0xeb, 0xf8, 0x109, 0x110, 0x11b, 0x12a, 0x138, 0x142, 0x144, 0x149, 0x14c, 0x14f, 0x151, 0x15d, 0x168, 0x170, 0x176, 0x17c, 0x181, 0x186, 0x189, 0x18d, 0x193, 0x198, 0x1a4, 0x1ae, 0x1b4, 0x1c5, 0x1cf, 0x1d2, 0x1da, 0x1dd, 0x1ea, 0x1f2, 0x1f6, 0x1fd, 0x205, 0x215, 0x221, 0x223, 0x22d, 0x239, 0x245, 0x251, 0x259, 0x25e, 0x268, 0x279, 0x27d, 0x288, 0x28c, 0x295, 0x29d, 0x2a3, 0x2a8, 0x2ab, 0x2af, 0x2b5, 0x2b9, 0x2bd, 0x2c3, 0x2ca, 0x2d0, 0x2d8, 0x2df, 0x2ea, 0x2f4, 0x2f8, 0x2fb, 0x301, 0x305, 0x307, 0x30a, 0x30c, 0x30f, 0x319, 0x31c, 0x32b, 0x32f, 0x334, 0x337, 0x33b, 0x340, 0x345, 0x34b, 0x351, 0x360, 0x366, 0x36a, 0x379, 0x37e, 0x386, 0x390, 0x39b, 0x3a3, 0x3b4, 0x3bd, 0x3cd, 0x3da, 0x3e4, 0x3e9, 0x3f6, 0x3fa, 0x3ff, 0x401, 0x405, 0x407, 0x40b, 0x414, 0x41a, 0x41e, 0x42e, 0x438, 0x43d, 0x440, 0x446, 0x44d, 0x452, 0x456, 0x45c, 0x461, 0x46a, 0x46f, 0x475, 0x47c, 0x483, 0x48a, 0x48e, 0x493, 0x496, 0x49b, 0x4a7, 0x4ad, 0x4b2, 0x4b9, 0x4c1, 0x4c6, 0x4ca, 0x4da, 0x4e1, 0x4e5, 0x4e9, 0x4f0, 0x4f2, 0x4f5, 0x4f8, 0x4fc, 0x500, 0x506, 0x50f, 0x51b, 0x522, 0x52b, 0x533, 0x53a, 0x548, 0x555, 0x562, 0x56b, 0x56f, 0x57d, 0x585, 0x590, 0x599, 0x59f, 0x5a7, 0x5b0, 0x5ba, 0x5bd, 0x5c9, 0x5cc, 0x5d1, 0x5de, 0x5e7, 0x5f3, 0x5f6, 0x600, 0x609, 0x615, 0x622, 0x62a, 0x62d, 0x632, 0x635, 0x638, 0x63b, 0x642, 0x649, 0x64d, 0x658, 0x65b, 0x661, 0x666, 0x66a, 0x66d, 0x670, 0x673, 0x676, 0x679, 0x67e, 0x688, 0x68b, 0x68f, 0x69e, 0x6aa, 0x6ae, 0x6b3, 0x6b8, 0x6bc, 0x6c1, 0x6ca, 0x6d5, 0x6db, 0x6e3, 0x6e7, 0x6eb, 0x6f1, 0x6f7, 0x6fc, 0x6ff, 0x70f, 0x716, 0x719, 0x71c, 0x720, 0x726, 0x72b, 0x730, 0x735, 0x738, 0x73d, 0x740, 0x743, 0x747, 0x74b, 0x74e, 0x75e, 0x76f, 0x774, 0x776, 0x778}
+
+// idnaSparseValues: 1915 entries, 7660 bytes
+var idnaSparseValues = [1915]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0000, lo: 0x07},
+	{value: 0xe105, lo: 0x80, hi: 0x96},
+	{value: 0x0018, lo: 0x97, hi: 0x97},
+	{value: 0xe105, lo: 0x98, hi: 0x9e},
+	{value: 0x001f, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbf},
+	// Block 0x1, offset 0x8
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0xe01d, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0335, lo: 0x83, hi: 0x83},
+	{value: 0x034d, lo: 0x84, hi: 0x84},
+	{value: 0x0365, lo: 0x85, hi: 0x85},
+	{value: 0xe00d, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0xe00d, lo: 0x88, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x89},
+	{value: 0xe00d, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe00d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0x8d},
+	{value: 0xe00d, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0xbf},
+	// Block 0x2, offset 0x19
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x0249, lo: 0xb0, hi: 0xb0},
+	{value: 0x037d, lo: 0xb1, hi: 0xb1},
+	{value: 0x0259, lo: 0xb2, hi: 0xb2},
+	{value: 0x0269, lo: 0xb3, hi: 0xb3},
+	{value: 0x034d, lo: 0xb4, hi: 0xb4},
+	{value: 0x0395, lo: 0xb5, hi: 0xb5},
+	{value: 0xe1bd, lo: 0xb6, hi: 0xb6},
+	{value: 0x0279, lo: 0xb7, hi: 0xb7},
+	{value: 0x0289, lo: 0xb8, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbf},
+	// Block 0x3, offset 0x25
+	{value: 0x0000, lo: 0x01},
+	{value: 0x3308, lo: 0x80, hi: 0xbf},
+	// Block 0x4, offset 0x27
+	{value: 0x0000, lo: 0x04},
+	{value: 0x03f5, lo: 0x80, hi: 0x8f},
+	{value: 0xe105, lo: 0x90, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x5, offset 0x2c
+	{value: 0x0000, lo: 0x07},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x0545, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x0008, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xbf},
+	// Block 0x6, offset 0x34
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0401, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x88},
+	{value: 0x0018, lo: 0x89, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0xbd},
+	{value: 0x0818, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x7, offset 0x3f
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0818, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x82},
+	{value: 0x0818, lo: 0x83, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x85},
+	{value: 0x0818, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0808, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x8, offset 0x4b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0a08, lo: 0x80, hi: 0x87},
+	{value: 0x0c08, lo: 0x88, hi: 0x99},
+	{value: 0x0a08, lo: 0x9a, hi: 0xbf},
+	// Block 0x9, offset 0x4f
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3308, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0c08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0a08, lo: 0x8e, hi: 0x98},
+	{value: 0x0c08, lo: 0x99, hi: 0x9b},
+	{value: 0x0a08, lo: 0x9c, hi: 0xaa},
+	{value: 0x0c08, lo: 0xab, hi: 0xac},
+	{value: 0x0a08, lo: 0xad, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb1},
+	{value: 0x0a08, lo: 0xb2, hi: 0xb2},
+	{value: 0x0c08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0a08, lo: 0xb5, hi: 0xb7},
+	{value: 0x0c08, lo: 0xb8, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbf},
+	// Block 0xa, offset 0x5e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xb0},
+	{value: 0x0808, lo: 0xb1, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xb, offset 0x63
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x89},
+	{value: 0x0a08, lo: 0x8a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0xc, offset 0x6b
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x99},
+	{value: 0x0808, lo: 0x9a, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa3},
+	{value: 0x0808, lo: 0xa4, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa7},
+	{value: 0x0808, lo: 0xa8, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0818, lo: 0xb0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xd, offset 0x77
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0a08, lo: 0xa0, hi: 0xa9},
+	{value: 0x0c08, lo: 0xaa, hi: 0xac},
+	{value: 0x0808, lo: 0xad, hi: 0xad},
+	{value: 0x0c08, lo: 0xae, hi: 0xae},
+	{value: 0x0a08, lo: 0xaf, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb2},
+	{value: 0x0a08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0a08, lo: 0xb6, hi: 0xb8},
+	{value: 0x0c08, lo: 0xb9, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0xe, offset 0x85
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0xa1},
+	{value: 0x0840, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xbf},
+	// Block 0xf, offset 0x8a
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x10, offset 0x93
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x85},
+	{value: 0x3008, lo: 0x86, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x3008, lo: 0x8a, hi: 0x8c},
+	{value: 0x3b08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x11, offset 0xa3
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x12, offset 0xb1
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xba},
+	{value: 0x3b08, lo: 0xbb, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x13, offset 0xbd
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0040, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x14, offset 0xc9
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x89},
+	{value: 0x3b08, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x3008, lo: 0x98, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x15, offset 0xda
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb2},
+	{value: 0x08f1, lo: 0xb3, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb9},
+	{value: 0x3b08, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0x16, offset 0xe4
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x8e},
+	{value: 0x0018, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0xbf},
+	// Block 0x17, offset 0xeb
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0961, lo: 0x9c, hi: 0x9c},
+	{value: 0x0999, lo: 0x9d, hi: 0x9d},
+	{value: 0x0008, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x18, offset 0xf8
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe03d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x19, offset 0x109
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0xbf},
+	// Block 0x1a, offset 0x110
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x1b, offset 0x11b
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x3008, lo: 0x96, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x3308, lo: 0x9e, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3008, lo: 0xa2, hi: 0xa4},
+	{value: 0x0008, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xbf},
+	// Block 0x1c, offset 0x12a
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x8c},
+	{value: 0x3308, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x3008, lo: 0x9a, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x1d, offset 0x138
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x86},
+	{value: 0x055d, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8c},
+	{value: 0x055d, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbb},
+	{value: 0xe105, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0x1e, offset 0x142
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0018, lo: 0x80, hi: 0xbf},
+	// Block 0x1f, offset 0x144
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa0},
+	{value: 0x2018, lo: 0xa1, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x20, offset 0x149
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa7},
+	{value: 0x2018, lo: 0xa8, hi: 0xbf},
+	// Block 0x21, offset 0x14c
+	{value: 0x0000, lo: 0x02},
+	{value: 0x2018, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0xbf},
+	// Block 0x22, offset 0x14f
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0008, lo: 0x80, hi: 0xbf},
+	// Block 0x23, offset 0x151
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x24, offset 0x15d
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x25, offset 0x168
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x26, offset 0x170
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x27, offset 0x176
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x28, offset 0x17c
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x29, offset 0x181
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x2a, offset 0x186
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x2b, offset 0x189
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xbf},
+	// Block 0x2c, offset 0x18d
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x2d, offset 0x193
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0x2e, offset 0x198
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x3b08, lo: 0x94, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x2f, offset 0x1a4
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x30, offset 0x1ae
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xb3},
+	{value: 0x3340, lo: 0xb4, hi: 0xb5},
+	{value: 0x3008, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x31, offset 0x1b4
+	{value: 0x0000, lo: 0x10},
+	{value: 0x3008, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x91},
+	{value: 0x3b08, lo: 0x92, hi: 0x92},
+	{value: 0x3308, lo: 0x93, hi: 0x93},
+	{value: 0x0018, lo: 0x94, hi: 0x96},
+	{value: 0x0008, lo: 0x97, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x32, offset 0x1c5
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x86},
+	{value: 0x0218, lo: 0x87, hi: 0x87},
+	{value: 0x0018, lo: 0x88, hi: 0x8a},
+	{value: 0x33c0, lo: 0x8b, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0208, lo: 0xa0, hi: 0xbf},
+	// Block 0x33, offset 0x1cf
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0208, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x34, offset 0x1d2
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0208, lo: 0x87, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xa9},
+	{value: 0x0208, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x35, offset 0x1da
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0x36, offset 0x1dd
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x37, offset 0x1ea
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x38, offset 0x1f2
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x39, offset 0x1f6
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0028, lo: 0x9a, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xbf},
+	// Block 0x3a, offset 0x1fd
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x3308, lo: 0x97, hi: 0x98},
+	{value: 0x3008, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x3b, offset 0x205
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x94},
+	{value: 0x3008, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3b08, lo: 0xa0, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xac},
+	{value: 0x3008, lo: 0xad, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x3c, offset 0x215
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xbd},
+	{value: 0x3318, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x3d, offset 0x221
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0040, lo: 0x80, hi: 0xbf},
+	// Block 0x3e, offset 0x223
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3008, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbf},
+	// Block 0x3f, offset 0x22d
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x3808, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x40, offset 0x239
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3808, lo: 0xaa, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xbf},
+	// Block 0x41, offset 0x245
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3008, lo: 0xaa, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3808, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbf},
+	// Block 0x42, offset 0x251
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x3008, lo: 0xa4, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbf},
+	// Block 0x43, offset 0x259
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x44, offset 0x25e
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0e29, lo: 0x80, hi: 0x80},
+	{value: 0x0e41, lo: 0x81, hi: 0x81},
+	{value: 0x0e59, lo: 0x82, hi: 0x82},
+	{value: 0x0e71, lo: 0x83, hi: 0x83},
+	{value: 0x0e89, lo: 0x84, hi: 0x85},
+	{value: 0x0ea1, lo: 0x86, hi: 0x86},
+	{value: 0x0eb9, lo: 0x87, hi: 0x87},
+	{value: 0x057d, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0x45, offset 0x268
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x92},
+	{value: 0x0018, lo: 0x93, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa8},
+	{value: 0x0008, lo: 0xa9, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x46, offset 0x279
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0x47, offset 0x27d
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x87},
+	{value: 0xe045, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0xe045, lo: 0x98, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0xe045, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbf},
+	// Block 0x48, offset 0x288
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x3318, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbf},
+	// Block 0x49, offset 0x28c
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x88},
+	{value: 0x24c1, lo: 0x89, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x4a, offset 0x295
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x24f1, lo: 0xac, hi: 0xac},
+	{value: 0x2529, lo: 0xad, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xae},
+	{value: 0x2579, lo: 0xaf, hi: 0xaf},
+	{value: 0x25b1, lo: 0xb0, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0x4b, offset 0x29d
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x9f},
+	{value: 0x0080, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xad},
+	{value: 0x0080, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x4c, offset 0x2a3
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xa8},
+	{value: 0x09c5, lo: 0xa9, hi: 0xa9},
+	{value: 0x09e5, lo: 0xaa, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xbf},
+	// Block 0x4d, offset 0x2a8
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xbf},
+	// Block 0x4e, offset 0x2ab
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x28c1, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0xbf},
+	// Block 0x4f, offset 0x2af
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0e66, lo: 0xb4, hi: 0xb4},
+	{value: 0x292a, lo: 0xb5, hi: 0xb5},
+	{value: 0x0e86, lo: 0xb6, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x50, offset 0x2b5
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x9b},
+	{value: 0x2941, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0xbf},
+	// Block 0x51, offset 0x2b9
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x52, offset 0x2bd
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbc},
+	{value: 0x0018, lo: 0xbd, hi: 0xbf},
+	// Block 0x53, offset 0x2c3
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x92},
+	{value: 0x0040, lo: 0x93, hi: 0xab},
+	{value: 0x0018, lo: 0xac, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x54, offset 0x2ca
+	{value: 0x0000, lo: 0x05},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x03f5, lo: 0x90, hi: 0x9f},
+	{value: 0x0ea5, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x55, offset 0x2d0
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x56, offset 0x2d8
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xae},
+	{value: 0xe075, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0x57, offset 0x2df
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x58, offset 0x2ea
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xbf},
+	// Block 0x59, offset 0x2f4
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x5a, offset 0x2f8
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0xbf},
+	// Block 0x5b, offset 0x2fb
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9e},
+	{value: 0x0edd, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0x5c, offset 0x301
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb2},
+	{value: 0x0efd, lo: 0xb3, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x5d, offset 0x305
+	{value: 0x0020, lo: 0x01},
+	{value: 0x0f1d, lo: 0x80, hi: 0xbf},
+	// Block 0x5e, offset 0x307
+	{value: 0x0020, lo: 0x02},
+	{value: 0x171d, lo: 0x80, hi: 0x8f},
+	{value: 0x18fd, lo: 0x90, hi: 0xbf},
+	// Block 0x5f, offset 0x30a
+	{value: 0x0020, lo: 0x01},
+	{value: 0x1efd, lo: 0x80, hi: 0xbf},
+	// Block 0x60, offset 0x30c
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x61, offset 0x30f
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9a},
+	{value: 0x29e2, lo: 0x9b, hi: 0x9b},
+	{value: 0x2a0a, lo: 0x9c, hi: 0x9c},
+	{value: 0x0008, lo: 0x9d, hi: 0x9e},
+	{value: 0x2a31, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xbf},
+	// Block 0x62, offset 0x319
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbe},
+	{value: 0x2a69, lo: 0xbf, hi: 0xbf},
+	// Block 0x63, offset 0x31c
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0040, lo: 0x80, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xb0},
+	{value: 0x2a1d, lo: 0xb1, hi: 0xb1},
+	{value: 0x2a3d, lo: 0xb2, hi: 0xb2},
+	{value: 0x2a5d, lo: 0xb3, hi: 0xb3},
+	{value: 0x2a7d, lo: 0xb4, hi: 0xb4},
+	{value: 0x2a5d, lo: 0xb5, hi: 0xb5},
+	{value: 0x2a9d, lo: 0xb6, hi: 0xb6},
+	{value: 0x2abd, lo: 0xb7, hi: 0xb7},
+	{value: 0x2add, lo: 0xb8, hi: 0xb9},
+	{value: 0x2afd, lo: 0xba, hi: 0xbb},
+	{value: 0x2b1d, lo: 0xbc, hi: 0xbd},
+	{value: 0x2afd, lo: 0xbe, hi: 0xbf},
+	// Block 0x64, offset 0x32b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x65, offset 0x32f
+	{value: 0x0030, lo: 0x04},
+	{value: 0x2aa2, lo: 0x80, hi: 0x9d},
+	{value: 0x305a, lo: 0x9e, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x30a2, lo: 0xa0, hi: 0xbf},
+	// Block 0x66, offset 0x334
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xbf},
+	// Block 0x67, offset 0x337
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x68, offset 0x33b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x69, offset 0x340
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xbf},
+	// Block 0x6a, offset 0x345
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb1},
+	{value: 0x0018, lo: 0xb2, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6b, offset 0x34b
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0xb6},
+	{value: 0x0008, lo: 0xb7, hi: 0xb7},
+	{value: 0x2009, lo: 0xb8, hi: 0xb8},
+	{value: 0x6e89, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xbf},
+	// Block 0x6c, offset 0x351
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x3308, lo: 0x8b, hi: 0x8b},
+	{value: 0x0008, lo: 0x8c, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x6d, offset 0x360
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0208, lo: 0x80, hi: 0xb1},
+	{value: 0x0108, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6e, offset 0x366
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xbf},
+	// Block 0x6f, offset 0x36a
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3008, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xba},
+	{value: 0x0008, lo: 0xbb, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x70, offset 0x379
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x71, offset 0x37e
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x91},
+	{value: 0x3008, lo: 0x92, hi: 0x92},
+	{value: 0x3808, lo: 0x93, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x72, offset 0x386
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb9},
+	{value: 0x3008, lo: 0xba, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbf},
+	// Block 0x73, offset 0x390
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x74, offset 0x39b
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x75, offset 0x3a3
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8c},
+	{value: 0x3008, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0008, lo: 0xbe, hi: 0xbf},
+	// Block 0x76, offset 0x3b4
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x77, offset 0x3bd
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x9a},
+	{value: 0x0008, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3b08, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x78, offset 0x3cd
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x90},
+	{value: 0x0008, lo: 0x91, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x79, offset 0x3da
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x4465, lo: 0x9c, hi: 0x9c},
+	{value: 0x447d, lo: 0x9d, hi: 0x9d},
+	{value: 0x2971, lo: 0x9e, hi: 0x9e},
+	{value: 0xe06d, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xaf},
+	{value: 0x4495, lo: 0xb0, hi: 0xbf},
+	// Block 0x7a, offset 0x3e4
+	{value: 0x0000, lo: 0x04},
+	{value: 0x44b5, lo: 0x80, hi: 0x8f},
+	{value: 0x44d5, lo: 0x90, hi: 0x9f},
+	{value: 0x44f5, lo: 0xa0, hi: 0xaf},
+	{value: 0x44d5, lo: 0xb0, hi: 0xbf},
+	// Block 0x7b, offset 0x3e9
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3b08, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x7c, offset 0x3f6
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x7d, offset 0x3fa
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x7e, offset 0x3ff
+	{value: 0x0020, lo: 0x01},
+	{value: 0x4515, lo: 0x80, hi: 0xbf},
+	// Block 0x7f, offset 0x401
+	{value: 0x0020, lo: 0x03},
+	{value: 0x4d15, lo: 0x80, hi: 0x94},
+	{value: 0x4ad5, lo: 0x95, hi: 0x95},
+	{value: 0x4fb5, lo: 0x96, hi: 0xbf},
+	// Block 0x80, offset 0x405
+	{value: 0x0020, lo: 0x01},
+	{value: 0x54f5, lo: 0x80, hi: 0xbf},
+	// Block 0x81, offset 0x407
+	{value: 0x0020, lo: 0x03},
+	{value: 0x5cf5, lo: 0x80, hi: 0x84},
+	{value: 0x5655, lo: 0x85, hi: 0x85},
+	{value: 0x5d95, lo: 0x86, hi: 0xbf},
+	// Block 0x82, offset 0x40b
+	{value: 0x0020, lo: 0x08},
+	{value: 0x6b55, lo: 0x80, hi: 0x8f},
+	{value: 0x6d15, lo: 0x90, hi: 0x90},
+	{value: 0x6d55, lo: 0x91, hi: 0xab},
+	{value: 0x6ea1, lo: 0xac, hi: 0xac},
+	{value: 0x70b5, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x70d5, lo: 0xb0, hi: 0xbf},
+	// Block 0x83, offset 0x414
+	{value: 0x0020, lo: 0x05},
+	{value: 0x72d5, lo: 0x80, hi: 0xad},
+	{value: 0x6535, lo: 0xae, hi: 0xae},
+	{value: 0x7895, lo: 0xaf, hi: 0xb5},
+	{value: 0x6f55, lo: 0xb6, hi: 0xb6},
+	{value: 0x7975, lo: 0xb7, hi: 0xbf},
+	// Block 0x84, offset 0x41a
+	{value: 0x0028, lo: 0x03},
+	{value: 0x7c21, lo: 0x80, hi: 0x82},
+	{value: 0x7be1, lo: 0x83, hi: 0x83},
+	{value: 0x7c99, lo: 0x84, hi: 0xbf},
+	// Block 0x85, offset 0x41e
+	{value: 0x0038, lo: 0x0f},
+	{value: 0x9db1, lo: 0x80, hi: 0x83},
+	{value: 0x9e59, lo: 0x84, hi: 0x85},
+	{value: 0x9e91, lo: 0x86, hi: 0x87},
+	{value: 0x9ec9, lo: 0x88, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0xa089, lo: 0x92, hi: 0x97},
+	{value: 0xa1a1, lo: 0x98, hi: 0x9c},
+	{value: 0xa281, lo: 0x9d, hi: 0xb3},
+	{value: 0x9d41, lo: 0xb4, hi: 0xb4},
+	{value: 0x9db1, lo: 0xb5, hi: 0xb5},
+	{value: 0xa789, lo: 0xb6, hi: 0xbb},
+	{value: 0xa869, lo: 0xbc, hi: 0xbc},
+	{value: 0xa7f9, lo: 0xbd, hi: 0xbd},
+	{value: 0xa8d9, lo: 0xbe, hi: 0xbf},
+	// Block 0x86, offset 0x42e
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x0008, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x87, offset 0x438
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0x88, offset 0x43d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x89, offset 0x440
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x8a, offset 0x446
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x8b, offset 0x44d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x8c, offset 0x452
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x8d, offset 0x456
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x8e, offset 0x45c
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xbf},
+	// Block 0x8f, offset 0x461
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x90, offset 0x46a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x91, offset 0x46f
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0xbf},
+	// Block 0x92, offset 0x475
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x97},
+	{value: 0x8ad5, lo: 0x98, hi: 0x9f},
+	{value: 0x8aed, lo: 0xa0, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xbf},
+	// Block 0x93, offset 0x47c
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x8aed, lo: 0xb0, hi: 0xb7},
+	{value: 0x8ad5, lo: 0xb8, hi: 0xbf},
+	// Block 0x94, offset 0x483
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x95, offset 0x48a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x96, offset 0x48e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xae},
+	{value: 0x0018, lo: 0xaf, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x97, offset 0x493
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x98, offset 0x496
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xbf},
+	// Block 0x99, offset 0x49b
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0808, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0808, lo: 0x8a, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb6},
+	{value: 0x0808, lo: 0xb7, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbb},
+	{value: 0x0808, lo: 0xbc, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x0808, lo: 0xbf, hi: 0xbf},
+	// Block 0x9a, offset 0x4a7
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x96},
+	{value: 0x0818, lo: 0x97, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb6},
+	{value: 0x0818, lo: 0xb7, hi: 0xbf},
+	// Block 0x9b, offset 0x4ad
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa6},
+	{value: 0x0818, lo: 0xa7, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x9c, offset 0x4b2
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xba},
+	{value: 0x0818, lo: 0xbb, hi: 0xbf},
+	// Block 0x9d, offset 0x4b9
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0818, lo: 0x96, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbe},
+	{value: 0x0818, lo: 0xbf, hi: 0xbf},
+	// Block 0x9e, offset 0x4c1
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbb},
+	{value: 0x0818, lo: 0xbc, hi: 0xbd},
+	{value: 0x0808, lo: 0xbe, hi: 0xbf},
+	// Block 0x9f, offset 0x4c6
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0818, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x0818, lo: 0x92, hi: 0xbf},
+	// Block 0xa0, offset 0x4ca
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0808, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x94},
+	{value: 0x0808, lo: 0x95, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0x98},
+	{value: 0x0808, lo: 0x99, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xa1, offset 0x4da
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0818, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0818, lo: 0x90, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xbc},
+	{value: 0x0818, lo: 0xbd, hi: 0xbf},
+	// Block 0xa2, offset 0x4e1
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0x9c},
+	{value: 0x0818, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xa3, offset 0x4e5
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb8},
+	{value: 0x0018, lo: 0xb9, hi: 0xbf},
+	// Block 0xa4, offset 0x4e9
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0818, lo: 0x98, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb7},
+	{value: 0x0818, lo: 0xb8, hi: 0xbf},
+	// Block 0xa5, offset 0x4f0
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0808, lo: 0x80, hi: 0xbf},
+	// Block 0xa6, offset 0x4f2
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0808, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0xa7, offset 0x4f5
+	{value: 0x0000, lo: 0x02},
+	{value: 0x03dd, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xa8, offset 0x4f8
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xbf},
+	// Block 0xa9, offset 0x4fc
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0818, lo: 0xa0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xaa, offset 0x500
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xab, offset 0x506
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x91},
+	{value: 0x0018, lo: 0x92, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xac, offset 0x50f
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbc},
+	{value: 0x0340, lo: 0xbd, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0xad, offset 0x51b
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xae, offset 0x522
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb2},
+	{value: 0x3b08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xbf},
+	// Block 0xaf, offset 0x52b
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xb0, offset 0x533
+	{value: 0x0000, lo: 0x06},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xbe},
+	{value: 0x3008, lo: 0xbf, hi: 0xbf},
+	// Block 0xb1, offset 0x53a
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x89},
+	{value: 0x3308, lo: 0x8a, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xb2, offset 0x548
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3808, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xb3, offset 0x555
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0008, lo: 0x9f, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xb4, offset 0x562
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x3308, lo: 0x9f, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa9},
+	{value: 0x3b08, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xb5, offset 0x56b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xb6, offset 0x56f
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x84},
+	{value: 0x3008, lo: 0x85, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0xb7, offset 0x57d
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xb8, offset 0x585
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x85},
+	{value: 0x0018, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xb9, offset 0x590
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xba, offset 0x599
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9b},
+	{value: 0x3308, lo: 0x9c, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0xbb, offset 0x59f
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xbc, offset 0x5a7
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xbd, offset 0x5b0
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb5},
+	{value: 0x3808, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0xbe, offset 0x5ba
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0xbf},
+	// Block 0xbf, offset 0x5bd
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbf},
+	// Block 0xc0, offset 0x5c9
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xbf},
+	// Block 0xc1, offset 0x5cc
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0xc2, offset 0x5d1
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0xc3, offset 0x5de
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x3b08, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0xbf},
+	// Block 0xc4, offset 0x5e7
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x89},
+	{value: 0x3308, lo: 0x8a, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x98},
+	{value: 0x3b08, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xa2},
+	{value: 0x0040, lo: 0xa3, hi: 0xbf},
+	// Block 0xc5, offset 0x5f3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xc6, offset 0x5f6
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xc7, offset 0x600
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xbf},
+	// Block 0xc8, offset 0x609
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xa9},
+	{value: 0x3308, lo: 0xaa, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xc9, offset 0x615
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xca, offset 0x622
+	{value: 0x0000, lo: 0x07},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xcb, offset 0x62a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xcc, offset 0x62d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xcd, offset 0x632
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0xbf},
+	// Block 0xce, offset 0x635
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xbf},
+	// Block 0xcf, offset 0x638
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0xbf},
+	// Block 0xd0, offset 0x63b
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xd1, offset 0x642
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xd2, offset 0x649
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0xd3, offset 0x64d
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0xd4, offset 0x658
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0xbf},
+	// Block 0xd5, offset 0x65b
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3008, lo: 0x91, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xd6, offset 0x661
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x8e},
+	{value: 0x3308, lo: 0x8f, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xd7, offset 0x666
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xbf},
+	// Block 0xd8, offset 0x66a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xd9, offset 0x66d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xda, offset 0x670
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xbf},
+	// Block 0xdb, offset 0x673
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xdc, offset 0x676
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0xdd, offset 0x679
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0xde, offset 0x67e
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x03c0, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xbf},
+	// Block 0xdf, offset 0x688
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xe0, offset 0x68b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xbf},
+	// Block 0xe1, offset 0x68f
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0018, lo: 0x80, hi: 0x9d},
+	{value: 0xb5b9, lo: 0x9e, hi: 0x9e},
+	{value: 0xb601, lo: 0x9f, hi: 0x9f},
+	{value: 0xb649, lo: 0xa0, hi: 0xa0},
+	{value: 0xb6b1, lo: 0xa1, hi: 0xa1},
+	{value: 0xb719, lo: 0xa2, hi: 0xa2},
+	{value: 0xb781, lo: 0xa3, hi: 0xa3},
+	{value: 0xb7e9, lo: 0xa4, hi: 0xa4},
+	{value: 0x3018, lo: 0xa5, hi: 0xa6},
+	{value: 0x3318, lo: 0xa7, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xac},
+	{value: 0x3018, lo: 0xad, hi: 0xb2},
+	{value: 0x0340, lo: 0xb3, hi: 0xba},
+	{value: 0x3318, lo: 0xbb, hi: 0xbf},
+	// Block 0xe2, offset 0x69e
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3318, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0x84},
+	{value: 0x3318, lo: 0x85, hi: 0x8b},
+	{value: 0x0018, lo: 0x8c, hi: 0xa9},
+	{value: 0x3318, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xba},
+	{value: 0xb851, lo: 0xbb, hi: 0xbb},
+	{value: 0xb899, lo: 0xbc, hi: 0xbc},
+	{value: 0xb8e1, lo: 0xbd, hi: 0xbd},
+	{value: 0xb949, lo: 0xbe, hi: 0xbe},
+	{value: 0xb9b1, lo: 0xbf, hi: 0xbf},
+	// Block 0xe3, offset 0x6aa
+	{value: 0x0000, lo: 0x03},
+	{value: 0xba19, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xbf},
+	// Block 0xe4, offset 0x6ae
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x3318, lo: 0x82, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0xbf},
+	// Block 0xe5, offset 0x6b3
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xe6, offset 0x6b8
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0xe7, offset 0x6bc
+	{value: 0x0000, lo: 0x04},
+	{value: 0x3308, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0xe8, offset 0x6c1
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x3308, lo: 0xa1, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xe9, offset 0x6ca
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa4},
+	{value: 0x0040, lo: 0xa5, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xbf},
+	// Block 0xea, offset 0x6d5
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x86},
+	{value: 0x0818, lo: 0x87, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0xeb, offset 0x6db
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0a08, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0818, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xec, offset 0x6e3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xed, offset 0x6e7
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0xee, offset 0x6eb
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0xef, offset 0x6f1
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xf0, offset 0x6f7
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8f},
+	{value: 0xc1c1, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xf1, offset 0x6fc
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xbf},
+	// Block 0xf2, offset 0x6ff
+	{value: 0x0000, lo: 0x0f},
+	{value: 0xc7e9, lo: 0x80, hi: 0x80},
+	{value: 0xc839, lo: 0x81, hi: 0x81},
+	{value: 0xc889, lo: 0x82, hi: 0x82},
+	{value: 0xc8d9, lo: 0x83, hi: 0x83},
+	{value: 0xc929, lo: 0x84, hi: 0x84},
+	{value: 0xc979, lo: 0x85, hi: 0x85},
+	{value: 0xc9c9, lo: 0x86, hi: 0x86},
+	{value: 0xca19, lo: 0x87, hi: 0x87},
+	{value: 0xca69, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0xcab9, lo: 0x90, hi: 0x90},
+	{value: 0xcad9, lo: 0x91, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xbf},
+	// Block 0xf3, offset 0x70f
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xf4, offset 0x716
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0xf5, offset 0x719
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0xbf},
+	// Block 0xf6, offset 0x71c
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0xf7, offset 0x720
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0xf8, offset 0x726
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xbf},
+	// Block 0xf9, offset 0x72b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xfa, offset 0x730
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xbf},
+	// Block 0xfb, offset 0x735
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0xbf},
+	// Block 0xfc, offset 0x738
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xbf},
+	// Block 0xfd, offset 0x73d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0xfe, offset 0x740
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xff, offset 0x743
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x100, offset 0x747
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x101, offset 0x74b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x102, offset 0x74e
+	{value: 0x0020, lo: 0x0f},
+	{value: 0xdeb9, lo: 0x80, hi: 0x89},
+	{value: 0x8dfd, lo: 0x8a, hi: 0x8a},
+	{value: 0xdff9, lo: 0x8b, hi: 0x9c},
+	{value: 0x8e1d, lo: 0x9d, hi: 0x9d},
+	{value: 0xe239, lo: 0x9e, hi: 0xa2},
+	{value: 0x8e3d, lo: 0xa3, hi: 0xa3},
+	{value: 0xe2d9, lo: 0xa4, hi: 0xab},
+	{value: 0x7ed5, lo: 0xac, hi: 0xac},
+	{value: 0xe3d9, lo: 0xad, hi: 0xaf},
+	{value: 0x8e5d, lo: 0xb0, hi: 0xb0},
+	{value: 0xe439, lo: 0xb1, hi: 0xb6},
+	{value: 0x8e7d, lo: 0xb7, hi: 0xb9},
+	{value: 0xe4f9, lo: 0xba, hi: 0xba},
+	{value: 0x8edd, lo: 0xbb, hi: 0xbb},
+	{value: 0xe519, lo: 0xbc, hi: 0xbf},
+	// Block 0x103, offset 0x75e
+	{value: 0x0020, lo: 0x10},
+	{value: 0x937d, lo: 0x80, hi: 0x80},
+	{value: 0xf099, lo: 0x81, hi: 0x86},
+	{value: 0x939d, lo: 0x87, hi: 0x8a},
+	{value: 0xd9f9, lo: 0x8b, hi: 0x8b},
+	{value: 0xf159, lo: 0x8c, hi: 0x96},
+	{value: 0x941d, lo: 0x97, hi: 0x97},
+	{value: 0xf2b9, lo: 0x98, hi: 0xa3},
+	{value: 0x943d, lo: 0xa4, hi: 0xa6},
+	{value: 0xf439, lo: 0xa7, hi: 0xaa},
+	{value: 0x949d, lo: 0xab, hi: 0xab},
+	{value: 0xf4b9, lo: 0xac, hi: 0xac},
+	{value: 0x94bd, lo: 0xad, hi: 0xad},
+	{value: 0xf4d9, lo: 0xae, hi: 0xaf},
+	{value: 0x94dd, lo: 0xb0, hi: 0xb1},
+	{value: 0xf519, lo: 0xb2, hi: 0xbe},
+	{value: 0x2040, lo: 0xbf, hi: 0xbf},
+	// Block 0x104, offset 0x76f
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0340, lo: 0x81, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x9f},
+	{value: 0x0340, lo: 0xa0, hi: 0xbf},
+	// Block 0x105, offset 0x774
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0340, lo: 0x80, hi: 0xbf},
+	// Block 0x106, offset 0x776
+	{value: 0x0000, lo: 0x01},
+	{value: 0x33c0, lo: 0x80, hi: 0xbf},
+	// Block 0x107, offset 0x778
+	{value: 0x0000, lo: 0x02},
+	{value: 0x33c0, lo: 0x80, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+}
+
+// Total table size 42114 bytes (41KiB); checksum: 355A58A4
diff --git a/vendor/golang.org/x/net/idna/tables11.0.0.go b/vendor/golang.org/x/net/idna/tables11.0.0.go
new file mode 100644
index 0000000000000..167efba71256c
--- /dev/null
+++ b/vendor/golang.org/x/net/idna/tables11.0.0.go
@@ -0,0 +1,4654 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+//go:build go1.13 && !go1.14
+// +build go1.13,!go1.14
+
+package idna
+
+// UnicodeVersion is the Unicode version from which the tables in this package are derived.
+const UnicodeVersion = "11.0.0"
+
+var mappings string = "" + // Size: 8175 bytes
+	"\x00\x01 \x03 ̈\x01a\x03 ̄\x012\x013\x03 ́\x03 ̧\x011\x01o\x051⁄4\x051⁄2" +
+	"\x053⁄4\x03i̇\x03l·\x03ʼn\x01s\x03dž\x03ⱥ\x03ⱦ\x01h\x01j\x01r\x01w\x01y" +
+	"\x03 ̆\x03 ̇\x03 ̊\x03 ̨\x03 ̃\x03 ̋\x01l\x01x\x04̈́\x03 ι\x01;\x05 ̈́" +
+	"\x04եւ\x04اٴ\x04وٴ\x04ۇٴ\x04يٴ\x06क़\x06ख़\x06ग़\x06ज़\x06ड़\x06ढ़\x06फ़" +
+	"\x06य़\x06ড়\x06ঢ়\x06য়\x06ਲ਼\x06ਸ਼\x06ਖ਼\x06ਗ਼\x06ਜ਼\x06ਫ਼\x06ଡ଼\x06ଢ଼" +
+	"\x06ํา\x06ໍາ\x06ຫນ\x06ຫມ\x06གྷ\x06ཌྷ\x06དྷ\x06བྷ\x06ཛྷ\x06ཀྵ\x06ཱི\x06ཱུ" +
+	"\x06ྲྀ\x09ྲཱྀ\x06ླྀ\x09ླཱྀ\x06ཱྀ\x06ྒྷ\x06ྜྷ\x06ྡྷ\x06ྦྷ\x06ྫྷ\x06ྐྵ\x02" +
+	"в\x02д\x02о\x02с\x02т\x02ъ\x02ѣ\x02æ\x01b\x01d\x01e\x02ǝ\x01g\x01i\x01k" +
+	"\x01m\x01n\x02ȣ\x01p\x01t\x01u\x02ɐ\x02ɑ\x02ə\x02ɛ\x02ɜ\x02ŋ\x02ɔ\x02ɯ" +
+	"\x01v\x02β\x02γ\x02δ\x02φ\x02χ\x02ρ\x02н\x02ɒ\x01c\x02ɕ\x02ð\x01f\x02ɟ" +
+	"\x02ɡ\x02ɥ\x02ɨ\x02ɩ\x02ɪ\x02ʝ\x02ɭ\x02ʟ\x02ɱ\x02ɰ\x02ɲ\x02ɳ\x02ɴ\x02ɵ" +
+	"\x02ɸ\x02ʂ\x02ʃ\x02ƫ\x02ʉ\x02ʊ\x02ʋ\x02ʌ\x01z\x02ʐ\x02ʑ\x02ʒ\x02θ\x02ss" +
+	"\x02ά\x02έ\x02ή\x02ί\x02ό\x02ύ\x02ώ\x05ἀι\x05ἁι\x05ἂι\x05ἃι\x05ἄι\x05ἅι" +
+	"\x05ἆι\x05ἇι\x05ἠι\x05ἡι\x05ἢι\x05ἣι\x05ἤι\x05ἥι\x05ἦι\x05ἧι\x05ὠι\x05ὡι" +
+	"\x05ὢι\x05ὣι\x05ὤι\x05ὥι\x05ὦι\x05ὧι\x05ὰι\x04αι\x04άι\x05ᾶι\x02ι\x05 ̈͂" +
+	"\x05ὴι\x04ηι\x04ήι\x05ῆι\x05 ̓̀\x05 ̓́\x05 ̓͂\x02ΐ\x05 ̔̀\x05 ̔́\x05 ̔͂" +
+	"\x02ΰ\x05 ̈̀\x01`\x05ὼι\x04ωι\x04ώι\x05ῶι\x06′′\x09′′′\x06‵‵\x09‵‵‵\x02!" +
+	"!\x02??\x02?!\x02!?\x0c′′′′\x010\x014\x015\x016\x017\x018\x019\x01+\x01=" +
+	"\x01(\x01)\x02rs\x02ħ\x02no\x01q\x02sm\x02tm\x02ω\x02å\x02א\x02ב\x02ג" +
+	"\x02ד\x02π\x051⁄7\x051⁄9\x061⁄10\x051⁄3\x052⁄3\x051⁄5\x052⁄5\x053⁄5\x054" +
+	"⁄5\x051⁄6\x055⁄6\x051⁄8\x053⁄8\x055⁄8\x057⁄8\x041⁄\x02ii\x02iv\x02vi" +
+	"\x04viii\x02ix\x02xi\x050⁄3\x06∫∫\x09∫∫∫\x06∮∮\x09∮∮∮\x0210\x0211\x0212" +
+	"\x0213\x0214\x0215\x0216\x0217\x0218\x0219\x0220\x04(10)\x04(11)\x04(12)" +
+	"\x04(13)\x04(14)\x04(15)\x04(16)\x04(17)\x04(18)\x04(19)\x04(20)\x0c∫∫∫∫" +
+	"\x02==\x05⫝̸\x02ɫ\x02ɽ\x02ȿ\x02ɀ\x01.\x04 ゙\x04 ゚\x06より\x06コト\x05(ᄀ)\x05" +
+	"(ᄂ)\x05(ᄃ)\x05(ᄅ)\x05(ᄆ)\x05(ᄇ)\x05(ᄉ)\x05(ᄋ)\x05(ᄌ)\x05(ᄎ)\x05(ᄏ)\x05(ᄐ" +
+	")\x05(ᄑ)\x05(ᄒ)\x05(가)\x05(나)\x05(다)\x05(라)\x05(마)\x05(바)\x05(사)\x05(아)" +
+	"\x05(자)\x05(차)\x05(카)\x05(타)\x05(파)\x05(하)\x05(주)\x08(오전)\x08(오후)\x05(一)" +
+	"\x05(二)\x05(三)\x05(四)\x05(五)\x05(六)\x05(七)\x05(八)\x05(九)\x05(十)\x05(月)" +
+	"\x05(火)\x05(水)\x05(木)\x05(金)\x05(土)\x05(日)\x05(株)\x05(有)\x05(社)\x05(名)" +
+	"\x05(特)\x05(財)\x05(祝)\x05(労)\x05(代)\x05(呼)\x05(学)\x05(監)\x05(企)\x05(資)" +
+	"\x05(協)\x05(祭)\x05(休)\x05(自)\x05(至)\x0221\x0222\x0223\x0224\x0225\x0226" +
+	"\x0227\x0228\x0229\x0230\x0231\x0232\x0233\x0234\x0235\x06참고\x06주의\x0236" +
+	"\x0237\x0238\x0239\x0240\x0241\x0242\x0243\x0244\x0245\x0246\x0247\x0248" +
+	"\x0249\x0250\x041月\x042月\x043月\x044月\x045月\x046月\x047月\x048月\x049月\x0510" +
+	"月\x0511月\x0512月\x02hg\x02ev\x0cアパート\x0cアルファ\x0cアンペア\x09アール\x0cイニング\x09" +
+	"インチ\x09ウォン\x0fエスクード\x0cエーカー\x09オンス\x09オーム\x09カイリ\x0cカラット\x0cカロリー\x09ガロ" +
+	"ン\x09ガンマ\x06ギガ\x09ギニー\x0cキュリー\x0cギルダー\x06キロ\x0fキログラム\x12キロメートル\x0fキロワッ" +
+	"ト\x09グラム\x0fグラムトン\x0fクルゼイロ\x0cクローネ\x09ケース\x09コルナ\x09コーポ\x0cサイクル\x0fサンチ" +
+	"ーム\x0cシリング\x09センチ\x09セント\x09ダース\x06デシ\x06ドル\x06トン\x06ナノ\x09ノット\x09ハイツ" +
+	"\x0fパーセント\x09パーツ\x0cバーレル\x0fピアストル\x09ピクル\x06ピコ\x06ビル\x0fファラッド\x0cフィート" +
+	"\x0fブッシェル\x09フラン\x0fヘクタール\x06ペソ\x09ペニヒ\x09ヘルツ\x09ペンス\x09ページ\x09ベータ\x0cポイ" +
+	"ント\x09ボルト\x06ホン\x09ポンド\x09ホール\x09ホーン\x0cマイクロ\x09マイル\x09マッハ\x09マルク\x0fマ" +
+	"ンション\x0cミクロン\x06ミリ\x0fミリバール\x06メガ\x0cメガトン\x0cメートル\x09ヤード\x09ヤール\x09ユアン" +
+	"\x0cリットル\x06リラ\x09ルピー\x0cルーブル\x06レム\x0fレントゲン\x09ワット\x040点\x041点\x042点" +
+	"\x043点\x044点\x045点\x046点\x047点\x048点\x049点\x0510点\x0511点\x0512点\x0513点" +
+	"\x0514点\x0515点\x0516点\x0517点\x0518点\x0519点\x0520点\x0521点\x0522点\x0523点" +
+	"\x0524点\x02da\x02au\x02ov\x02pc\x02dm\x02iu\x06平成\x06昭和\x06大正\x06明治\x0c株" +
+	"式会社\x02pa\x02na\x02ma\x02ka\x02kb\x02mb\x02gb\x04kcal\x02pf\x02nf\x02m" +
+	"g\x02kg\x02hz\x02ml\x02dl\x02kl\x02fm\x02nm\x02mm\x02cm\x02km\x02m2\x02m" +
+	"3\x05m∕s\x06m∕s2\x07rad∕s\x08rad∕s2\x02ps\x02ns\x02ms\x02pv\x02nv\x02mv" +
+	"\x02kv\x02pw\x02nw\x02mw\x02kw\x02bq\x02cc\x02cd\x06c∕kg\x02db\x02gy\x02" +
+	"ha\x02hp\x02in\x02kk\x02kt\x02lm\x02ln\x02lx\x02ph\x02pr\x02sr\x02sv\x02" +
+	"wb\x05v∕m\x05a∕m\x041日\x042日\x043日\x044日\x045日\x046日\x047日\x048日\x049日" +
+	"\x0510日\x0511日\x0512日\x0513日\x0514日\x0515日\x0516日\x0517日\x0518日\x0519日" +
+	"\x0520日\x0521日\x0522日\x0523日\x0524日\x0525日\x0526日\x0527日\x0528日\x0529日" +
+	"\x0530日\x0531日\x02ь\x02ɦ\x02ɬ\x02ʞ\x02ʇ\x02œ\x04𤋮\x04𢡊\x04𢡄\x04𣏕\x04𥉉" +
+	"\x04𥳐\x04𧻓\x02ff\x02fi\x02fl\x02st\x04մն\x04մե\x04մի\x04վն\x04մխ\x04יִ" +
+	"\x04ײַ\x02ע\x02ה\x02כ\x02ל\x02ם\x02ר\x02ת\x04שׁ\x04שׂ\x06שּׁ\x06שּׂ\x04א" +
+	"ַ\x04אָ\x04אּ\x04בּ\x04גּ\x04דּ\x04הּ\x04וּ\x04זּ\x04טּ\x04יּ\x04ךּ\x04" +
+	"כּ\x04לּ\x04מּ\x04נּ\x04סּ\x04ףּ\x04פּ\x04צּ\x04קּ\x04רּ\x04שּ\x04תּ" +
+	"\x04וֹ\x04בֿ\x04כֿ\x04פֿ\x04אל\x02ٱ\x02ٻ\x02پ\x02ڀ\x02ٺ\x02ٿ\x02ٹ\x02ڤ" +
+	"\x02ڦ\x02ڄ\x02ڃ\x02چ\x02ڇ\x02ڍ\x02ڌ\x02ڎ\x02ڈ\x02ژ\x02ڑ\x02ک\x02گ\x02ڳ" +
+	"\x02ڱ\x02ں\x02ڻ\x02ۀ\x02ہ\x02ھ\x02ے\x02ۓ\x02ڭ\x02ۇ\x02ۆ\x02ۈ\x02ۋ\x02ۅ" +
+	"\x02ۉ\x02ې\x02ى\x04ئا\x04ئە\x04ئو\x04ئۇ\x04ئۆ\x04ئۈ\x04ئې\x04ئى\x02ی\x04" +
+	"ئج\x04ئح\x04ئم\x04ئي\x04بج\x04بح\x04بخ\x04بم\x04بى\x04بي\x04تج\x04تح" +
+	"\x04تخ\x04تم\x04تى\x04تي\x04ثج\x04ثم\x04ثى\x04ثي\x04جح\x04جم\x04حج\x04حم" +
+	"\x04خج\x04خح\x04خم\x04سج\x04سح\x04سخ\x04سم\x04صح\x04صم\x04ضج\x04ضح\x04ضخ" +
+	"\x04ضم\x04طح\x04طم\x04ظم\x04عج\x04عم\x04غج\x04غم\x04فج\x04فح\x04فخ\x04فم" +
+	"\x04فى\x04في\x04قح\x04قم\x04قى\x04قي\x04كا\x04كج\x04كح\x04كخ\x04كل\x04كم" +
+	"\x04كى\x04كي\x04لج\x04لح\x04لخ\x04لم\x04لى\x04لي\x04مج\x04مح\x04مخ\x04مم" +
+	"\x04مى\x04مي\x04نج\x04نح\x04نخ\x04نم\x04نى\x04ني\x04هج\x04هم\x04هى\x04هي" +
+	"\x04يج\x04يح\x04يخ\x04يم\x04يى\x04يي\x04ذٰ\x04رٰ\x04ىٰ\x05 ٌّ\x05 ٍّ\x05" +
+	" َّ\x05 ُّ\x05 ِّ\x05 ّٰ\x04ئر\x04ئز\x04ئن\x04بر\x04بز\x04بن\x04تر\x04تز" +
+	"\x04تن\x04ثر\x04ثز\x04ثن\x04ما\x04نر\x04نز\x04نن\x04ير\x04يز\x04ين\x04ئخ" +
+	"\x04ئه\x04به\x04ته\x04صخ\x04له\x04نه\x04هٰ\x04يه\x04ثه\x04سه\x04شم\x04شه" +
+	"\x06ـَّ\x06ـُّ\x06ـِّ\x04طى\x04طي\x04عى\x04عي\x04غى\x04غي\x04سى\x04سي" +
+	"\x04شى\x04شي\x04حى\x04حي\x04جى\x04جي\x04خى\x04خي\x04صى\x04صي\x04ضى\x04ضي" +
+	"\x04شج\x04شح\x04شخ\x04شر\x04سر\x04صر\x04ضر\x04اً\x06تجم\x06تحج\x06تحم" +
+	"\x06تخم\x06تمج\x06تمح\x06تمخ\x06جمح\x06حمي\x06حمى\x06سحج\x06سجح\x06سجى" +
+	"\x06سمح\x06سمج\x06سمم\x06صحح\x06صمم\x06شحم\x06شجي\x06شمخ\x06شمم\x06ضحى" +
+	"\x06ضخم\x06طمح\x06طمم\x06طمي\x06عجم\x06عمم\x06عمى\x06غمم\x06غمي\x06غمى" +
+	"\x06فخم\x06قمح\x06قمم\x06لحم\x06لحي\x06لحى\x06لجج\x06لخم\x06لمح\x06محج" +
+	"\x06محم\x06محي\x06مجح\x06مجم\x06مخج\x06مخم\x06مجخ\x06همج\x06همم\x06نحم" +
+	"\x06نحى\x06نجم\x06نجى\x06نمي\x06نمى\x06يمم\x06بخي\x06تجي\x06تجى\x06تخي" +
+	"\x06تخى\x06تمي\x06تمى\x06جمي\x06جحى\x06جمى\x06سخى\x06صحي\x06شحي\x06ضحي" +
+	"\x06لجي\x06لمي\x06يحي\x06يجي\x06يمي\x06ممي\x06قمي\x06نحي\x06عمي\x06كمي" +
+	"\x06نجح\x06مخي\x06لجم\x06كمم\x06جحي\x06حجي\x06مجي\x06فمي\x06بحي\x06سخي" +
+	"\x06نجي\x06صلے\x06قلے\x08الله\x08اكبر\x08محمد\x08صلعم\x08رسول\x08عليه" +
+	"\x08وسلم\x06صلى!صلى الله عليه وسلم\x0fجل جلاله\x08ریال\x01,\x01:\x01!" +
+	"\x01?\x01_\x01{\x01}\x01[\x01]\x01#\x01&\x01*\x01-\x01<\x01>\x01\\\x01$" +
+	"\x01%\x01@\x04ـً\x04ـَ\x04ـُ\x04ـِ\x04ـّ\x04ـْ\x02ء\x02آ\x02أ\x02ؤ\x02إ" +
+	"\x02ئ\x02ا\x02ب\x02ة\x02ت\x02ث\x02ج\x02ح\x02خ\x02د\x02ذ\x02ر\x02ز\x02س" +
+	"\x02ش\x02ص\x02ض\x02ط\x02ظ\x02ع\x02غ\x02ف\x02ق\x02ك\x02ل\x02م\x02ن\x02ه" +
+	"\x02و\x02ي\x04لآ\x04لأ\x04لإ\x04لا\x01\x22\x01'\x01/\x01^\x01|\x01~\x02¢" +
+	"\x02£\x02¬\x02¦\x02¥\x08𝅗𝅥\x08𝅘𝅥\x0c𝅘𝅥𝅮\x0c𝅘𝅥𝅯\x0c𝅘𝅥𝅰\x0c𝅘𝅥𝅱\x0c𝅘𝅥𝅲\x08𝆹" +
+	"𝅥\x08𝆺𝅥\x0c𝆹𝅥𝅮\x0c𝆺𝅥𝅮\x0c𝆹𝅥𝅯\x0c𝆺𝅥𝅯\x02ı\x02ȷ\x02α\x02ε\x02ζ\x02η\x02" +
+	"κ\x02λ\x02μ\x02ν\x02ξ\x02ο\x02σ\x02τ\x02υ\x02ψ\x03∇\x03∂\x02ϝ\x02ٮ\x02ڡ" +
+	"\x02ٯ\x020,\x021,\x022,\x023,\x024,\x025,\x026,\x027,\x028,\x029,\x03(a)" +
+	"\x03(b)\x03(c)\x03(d)\x03(e)\x03(f)\x03(g)\x03(h)\x03(i)\x03(j)\x03(k)" +
+	"\x03(l)\x03(m)\x03(n)\x03(o)\x03(p)\x03(q)\x03(r)\x03(s)\x03(t)\x03(u)" +
+	"\x03(v)\x03(w)\x03(x)\x03(y)\x03(z)\x07〔s〕\x02wz\x02hv\x02sd\x03ppv\x02w" +
+	"c\x02mc\x02md\x02dj\x06ほか\x06ココ\x03サ\x03手\x03字\x03双\x03デ\x03二\x03多\x03解" +
+	"\x03天\x03交\x03映\x03無\x03料\x03前\x03後\x03再\x03新\x03初\x03終\x03生\x03販\x03声" +
+	"\x03吹\x03演\x03投\x03捕\x03一\x03三\x03遊\x03左\x03中\x03右\x03指\x03走\x03打\x03禁" +
+	"\x03空\x03合\x03満\x03有\x03月\x03申\x03割\x03営\x03配\x09〔本〕\x09〔三〕\x09〔二〕\x09〔安" +
+	"〕\x09〔点〕\x09〔打〕\x09〔盗〕\x09〔勝〕\x09〔敗〕\x03得\x03可\x03丽\x03丸\x03乁\x03你\x03" +
+	"侮\x03侻\x03倂\x03偺\x03備\x03僧\x03像\x03㒞\x03免\x03兔\x03兤\x03具\x03㒹\x03內\x03" +
+	"冗\x03冤\x03仌\x03冬\x03况\x03凵\x03刃\x03㓟\x03刻\x03剆\x03剷\x03㔕\x03勇\x03勉\x03" +
+	"勤\x03勺\x03包\x03匆\x03北\x03卉\x03卑\x03博\x03即\x03卽\x03卿\x03灰\x03及\x03叟\x03" +
+	"叫\x03叱\x03吆\x03咞\x03吸\x03呈\x03周\x03咢\x03哶\x03唐\x03啓\x03啣\x03善\x03喙\x03" +
+	"喫\x03喳\x03嗂\x03圖\x03嘆\x03圗\x03噑\x03噴\x03切\x03壮\x03城\x03埴\x03堍\x03型\x03" +
+	"堲\x03報\x03墬\x03売\x03壷\x03夆\x03夢\x03奢\x03姬\x03娛\x03娧\x03姘\x03婦\x03㛮\x03" +
+	"嬈\x03嬾\x03寃\x03寘\x03寧\x03寳\x03寿\x03将\x03尢\x03㞁\x03屠\x03屮\x03峀\x03岍\x03" +
+	"嵃\x03嵮\x03嵫\x03嵼\x03巡\x03巢\x03㠯\x03巽\x03帨\x03帽\x03幩\x03㡢\x03㡼\x03庰\x03" +
+	"庳\x03庶\x03廊\x03廾\x03舁\x03弢\x03㣇\x03形\x03彫\x03㣣\x03徚\x03忍\x03志\x03忹\x03" +
+	"悁\x03㤺\x03㤜\x03悔\x03惇\x03慈\x03慌\x03慎\x03慺\x03憎\x03憲\x03憤\x03憯\x03懞\x03" +
+	"懲\x03懶\x03成\x03戛\x03扝\x03抱\x03拔\x03捐\x03挽\x03拼\x03捨\x03掃\x03揤\x03搢\x03" +
+	"揅\x03掩\x03㨮\x03摩\x03摾\x03撝\x03摷\x03㩬\x03敏\x03敬\x03旣\x03書\x03晉\x03㬙\x03" +
+	"暑\x03㬈\x03㫤\x03冒\x03冕\x03最\x03暜\x03肭\x03䏙\x03朗\x03望\x03朡\x03杞\x03杓\x03" +
+	"㭉\x03柺\x03枅\x03桒\x03梅\x03梎\x03栟\x03椔\x03㮝\x03楂\x03榣\x03槪\x03檨\x03櫛\x03" +
+	"㰘\x03次\x03歔\x03㱎\x03歲\x03殟\x03殺\x03殻\x03汎\x03沿\x03泍\x03汧\x03洖\x03派\x03" +
+	"海\x03流\x03浩\x03浸\x03涅\x03洴\x03港\x03湮\x03㴳\x03滋\x03滇\x03淹\x03潮\x03濆\x03" +
+	"瀹\x03瀞\x03瀛\x03㶖\x03灊\x03災\x03灷\x03炭\x03煅\x03熜\x03爨\x03爵\x03牐\x03犀\x03" +
+	"犕\x03獺\x03王\x03㺬\x03玥\x03㺸\x03瑇\x03瑜\x03瑱\x03璅\x03瓊\x03㼛\x03甤\x03甾\x03" +
+	"異\x03瘐\x03㿼\x03䀈\x03直\x03眞\x03真\x03睊\x03䀹\x03瞋\x03䁆\x03䂖\x03硎\x03碌\x03" +
+	"磌\x03䃣\x03祖\x03福\x03秫\x03䄯\x03穀\x03穊\x03穏\x03䈂\x03篆\x03築\x03䈧\x03糒\x03" +
+	"䊠\x03糨\x03糣\x03紀\x03絣\x03䌁\x03緇\x03縂\x03繅\x03䌴\x03䍙\x03罺\x03羕\x03翺\x03" +
+	"者\x03聠\x03聰\x03䏕\x03育\x03脃\x03䐋\x03脾\x03媵\x03舄\x03辞\x03䑫\x03芑\x03芋\x03" +
+	"芝\x03劳\x03花\x03芳\x03芽\x03苦\x03若\x03茝\x03荣\x03莭\x03茣\x03莽\x03菧\x03著\x03" +
+	"荓\x03菊\x03菌\x03菜\x03䔫\x03蓱\x03蓳\x03蔖\x03蕤\x03䕝\x03䕡\x03䕫\x03虐\x03虜\x03" +
+	"虧\x03虩\x03蚩\x03蚈\x03蜎\x03蛢\x03蝹\x03蜨\x03蝫\x03螆\x03蟡\x03蠁\x03䗹\x03衠\x03" +
+	"衣\x03裗\x03裞\x03䘵\x03裺\x03㒻\x03䚾\x03䛇\x03誠\x03諭\x03變\x03豕\x03貫\x03賁\x03" +
+	"贛\x03起\x03跋\x03趼\x03跰\x03軔\x03輸\x03邔\x03郱\x03鄑\x03鄛\x03鈸\x03鋗\x03鋘\x03" +
+	"鉼\x03鏹\x03鐕\x03開\x03䦕\x03閷\x03䧦\x03雃\x03嶲\x03霣\x03䩮\x03䩶\x03韠\x03䪲\x03" +
+	"頋\x03頩\x03飢\x03䬳\x03餩\x03馧\x03駂\x03駾\x03䯎\x03鬒\x03鱀\x03鳽\x03䳎\x03䳭\x03" +
+	"鵧\x03䳸\x03麻\x03䵖\x03黹\x03黾\x03鼅\x03鼏\x03鼖\x03鼻"
+
+var xorData string = "" + // Size: 4855 bytes
+	"\x02\x0c\x09\x02\xb0\xec\x02\xad\xd8\x02\xad\xd9\x02\x06\x07\x02\x0f\x12" +
+	"\x02\x0f\x1f\x02\x0f\x1d\x02\x01\x13\x02\x0f\x16\x02\x0f\x0b\x02\x0f3" +
+	"\x02\x0f7\x02\x0f?\x02\x0f/\x02\x0f*\x02\x0c&\x02\x0c*\x02\x0c;\x02\x0c9" +
+	"\x02\x0c%\x02\xab\xed\x02\xab\xe2\x02\xab\xe3\x02\xa9\xe0\x02\xa9\xe1" +
+	"\x02\xa9\xe6\x02\xa3\xcb\x02\xa3\xc8\x02\xa3\xc9\x02\x01#\x02\x01\x08" +
+	"\x02\x0e>\x02\x0e'\x02\x0f\x03\x02\x03\x0d\x02\x03\x09\x02\x03\x17\x02" +
+	"\x03\x0e\x02\x02\x03\x02\x011\x02\x01\x00\x02\x01\x10\x02\x03<\x02\x07" +
+	"\x0d\x02\x02\x0c\x02\x0c0\x02\x01\x03\x02\x01\x01\x02\x01 \x02\x01\x22" +
+	"\x02\x01)\x02\x01\x0a\x02\x01\x0c\x02\x02\x06\x02\x02\x02\x02\x03\x10" +
+	"\x03\x037 \x03\x0b+\x03\x02\x01\x04\x02\x01\x02\x02\x019\x02\x03\x1c\x02" +
+	"\x02$\x03\x80p$\x02\x03:\x02\x03\x0a\x03\xc1r.\x03\xc1r,\x03\xc1r\x02" +
+	"\x02\x02:\x02\x02>\x02\x02,\x02\x02\x10\x02\x02\x00\x03\xc1s<\x03\xc1s*" +
+	"\x03\xc2L$\x03\xc2L;\x02\x09)\x02\x0a\x19\x03\x83\xab\xe3\x03\x83\xab" +
+	"\xf2\x03 4\xe0\x03\x81\xab\xea\x03\x81\xab\xf3\x03 4\xef\x03\x96\xe1\xcd" +
+	"\x03\x84\xe5\xc3\x02\x0d\x11\x03\x8b\xec\xcb\x03\x94\xec\xcf\x03\x9a\xec" +
+	"\xc2\x03\x8b\xec\xdb\x03\x94\xec\xdf\x03\x9a\xec\xd2\x03\x01\x0c!\x03" +
+	"\x01\x0c#\x03ʠ\x9d\x03ʣ\x9c\x03ʢ\x9f\x03ʥ\x9e\x03ʤ\x91\x03ʧ\x90\x03ʦ\x93" +
+	"\x03ʩ\x92\x03ʨ\x95\x03\xca\xf3\xb5\x03\xca\xf0\xb4\x03\xca\xf1\xb7\x03" +
+	"\xca\xf6\xb6\x03\xca\xf7\x89\x03\xca\xf4\x88\x03\xca\xf5\x8b\x03\xca\xfa" +
+	"\x8a\x03\xca\xfb\x8d\x03\xca\xf8\x8c\x03\xca\xf9\x8f\x03\xca\xfe\x8e\x03" +
+	"\xca\xff\x81\x03\xca\xfc\x80\x03\xca\xfd\x83\x03\xca\xe2\x82\x03\xca\xe3" +
+	"\x85\x03\xca\xe0\x84\x03\xca\xe1\x87\x03\xca\xe6\x86\x03\xca\xe7\x99\x03" +
+	"\xca\xe4\x98\x03\xca\xe5\x9b\x03\xca\xea\x9a\x03\xca\xeb\x9d\x03\xca\xe8" +
+	"\x9c\x03ؓ\x89\x03ߔ\x8b\x02\x010\x03\x03\x04\x1e\x03\x04\x15\x12\x03\x0b" +
+	"\x05,\x03\x06\x04\x00\x03\x06\x04)\x03\x06\x044\x03\x06\x04<\x03\x06\x05" +
+	"\x1d\x03\x06\x06\x00\x03\x06\x06\x0a\x03\x06\x06'\x03\x06\x062\x03\x0786" +
+	"\x03\x079/\x03\x079 \x03\x07:\x0e\x03\x07:\x1b\x03\x07:%\x03\x07;/\x03" +
+	"\x07;%\x03\x074\x11\x03\x076\x09\x03\x077*\x03\x070\x01\x03\x070\x0f\x03" +
+	"\x070.\x03\x071\x16\x03\x071\x04\x03\x0710\x03\x072\x18\x03\x072-\x03" +
+	"\x073\x14\x03\x073>\x03\x07'\x09\x03\x07 \x00\x03\x07\x1f\x0b\x03\x07" +
+	"\x18#\x03\x07\x18(\x03\x07\x186\x03\x07\x18\x03\x03\x07\x19\x16\x03\x07" +
+	"\x116\x03\x07\x12'\x03\x07\x13\x10\x03\x07\x0c&\x03\x07\x0c\x08\x03\x07" +
+	"\x0c\x13\x03\x07\x0d\x02\x03\x07\x0d\x1c\x03\x07\x0b5\x03\x07\x0b\x0a" +
+	"\x03\x07\x0b\x01\x03\x07\x0b\x0f\x03\x07\x05\x00\x03\x07\x05\x09\x03\x07" +
+	"\x05\x0b\x03\x07\x07\x01\x03\x07\x07\x08\x03\x07\x00<\x03\x07\x00+\x03" +
+	"\x07\x01)\x03\x07\x01\x1b\x03\x07\x01\x08\x03\x07\x03?\x03\x0445\x03\x04" +
+	"4\x08\x03\x0454\x03\x04)/\x03\x04)5\x03\x04+\x05\x03\x04+\x14\x03\x04+ " +
+	"\x03\x04+<\x03\x04*&\x03\x04*\x22\x03\x04&8\x03\x04!\x01\x03\x04!\x22" +
+	"\x03\x04\x11+\x03\x04\x10.\x03\x04\x104\x03\x04\x13=\x03\x04\x12\x04\x03" +
+	"\x04\x12\x0a\x03\x04\x0d\x1d\x03\x04\x0d\x07\x03\x04\x0d \x03\x05<>\x03" +
+	"\x055<\x03\x055!\x03\x055#\x03\x055&\x03\x054\x1d\x03\x054\x02\x03\x054" +
+	"\x07\x03\x0571\x03\x053\x1a\x03\x053\x16\x03\x05.<\x03\x05.\x07\x03\x05)" +
+	":\x03\x05)<\x03\x05)\x0c\x03\x05)\x15\x03\x05+-\x03\x05+5\x03\x05$\x1e" +
+	"\x03\x05$\x14\x03\x05'\x04\x03\x05'\x14\x03\x05&\x02\x03\x05\x226\x03" +
+	"\x05\x22\x0c\x03\x05\x22\x1c\x03\x05\x19\x0a\x03\x05\x1b\x09\x03\x05\x1b" +
+	"\x0c\x03\x05\x14\x07\x03\x05\x16?\x03\x05\x16\x0c\x03\x05\x0c\x05\x03" +
+	"\x05\x0e\x0f\x03\x05\x01\x0e\x03\x05\x00(\x03\x05\x030\x03\x05\x03\x06" +
+	"\x03\x0a==\x03\x0a=1\x03\x0a=,\x03\x0a=\x0c\x03\x0a??\x03\x0a<\x08\x03" +
+	"\x0a9!\x03\x0a9)\x03\x0a97\x03\x0a99\x03\x0a6\x0a\x03\x0a6\x1c\x03\x0a6" +
+	"\x17\x03\x0a7'\x03\x0a78\x03\x0a73\x03\x0a'\x01\x03\x0a'&\x03\x0a\x1f" +
+	"\x0e\x03\x0a\x1f\x03\x03\x0a\x1f3\x03\x0a\x1b/\x03\x0a\x18\x19\x03\x0a" +
+	"\x19\x01\x03\x0a\x16\x14\x03\x0a\x0e\x22\x03\x0a\x0f\x10\x03\x0a\x0f\x02" +
+	"\x03\x0a\x0f \x03\x0a\x0c\x04\x03\x0a\x0b>\x03\x0a\x0b+\x03\x0a\x08/\x03" +
+	"\x0a\x046\x03\x0a\x05\x14\x03\x0a\x00\x04\x03\x0a\x00\x10\x03\x0a\x00" +
+	"\x14\x03\x0b<3\x03\x0b;*\x03\x0b9\x22\x03\x0b9)\x03\x0b97\x03\x0b+\x10" +
+	"\x03\x0b((\x03\x0b&5\x03\x0b$\x1c\x03\x0b$\x12\x03\x0b%\x04\x03\x0b#<" +
+	"\x03\x0b#0\x03\x0b#\x0d\x03\x0b#\x19\x03\x0b!:\x03\x0b!\x1f\x03\x0b!\x00" +
+	"\x03\x0b\x1e5\x03\x0b\x1c\x1d\x03\x0b\x1d-\x03\x0b\x1d(\x03\x0b\x18.\x03" +
+	"\x0b\x18 \x03\x0b\x18\x16\x03\x0b\x14\x13\x03\x0b\x15$\x03\x0b\x15\x22" +
+	"\x03\x0b\x12\x1b\x03\x0b\x12\x10\x03\x0b\x132\x03\x0b\x13=\x03\x0b\x12" +
+	"\x18\x03\x0b\x0c&\x03\x0b\x061\x03\x0b\x06:\x03\x0b\x05#\x03\x0b\x05<" +
+	"\x03\x0b\x04\x0b\x03\x0b\x04\x04\x03\x0b\x04\x1b\x03\x0b\x042\x03\x0b" +
+	"\x041\x03\x0b\x03\x03\x03\x0b\x03\x1d\x03\x0b\x03/\x03\x0b\x03+\x03\x0b" +
+	"\x02\x1b\x03\x0b\x02\x00\x03\x0b\x01\x1e\x03\x0b\x01\x08\x03\x0b\x015" +
+	"\x03\x06\x0d9\x03\x06\x0d=\x03\x06\x0d?\x03\x02\x001\x03\x02\x003\x03" +
+	"\x02\x02\x19\x03\x02\x006\x03\x02\x02\x1b\x03\x02\x004\x03\x02\x00<\x03" +
+	"\x02\x02\x0a\x03\x02\x02\x0e\x03\x02\x01\x1a\x03\x02\x01\x07\x03\x02\x01" +
+	"\x05\x03\x02\x01\x0b\x03\x02\x01%\x03\x02\x01\x0c\x03\x02\x01\x04\x03" +
+	"\x02\x01\x1c\x03\x02\x00.\x03\x02\x002\x03\x02\x00>\x03\x02\x00\x12\x03" +
+	"\x02\x00\x16\x03\x02\x011\x03\x02\x013\x03\x02\x02 \x03\x02\x02%\x03\x02" +
+	"\x02$\x03\x02\x028\x03\x02\x02;\x03\x02\x024\x03\x02\x012\x03\x02\x022" +
+	"\x03\x02\x02/\x03\x02\x01,\x03\x02\x01\x13\x03\x02\x01\x16\x03\x02\x01" +
+	"\x11\x03\x02\x01\x1e\x03\x02\x01\x15\x03\x02\x01\x17\x03\x02\x01\x0f\x03" +
+	"\x02\x01\x08\x03\x02\x00?\x03\x02\x03\x07\x03\x02\x03\x0d\x03\x02\x03" +
+	"\x13\x03\x02\x03\x1d\x03\x02\x03\x1f\x03\x02\x00\x03\x03\x02\x00\x0d\x03" +
+	"\x02\x00\x01\x03\x02\x00\x1b\x03\x02\x00\x19\x03\x02\x00\x18\x03\x02\x00" +
+	"\x13\x03\x02\x00/\x03\x07>\x12\x03\x07<\x1f\x03\x07>\x1d\x03\x06\x1d\x0e" +
+	"\x03\x07>\x1c\x03\x07>:\x03\x07>\x13\x03\x04\x12+\x03\x07?\x03\x03\x07>" +
+	"\x02\x03\x06\x224\x03\x06\x1a.\x03\x07<%\x03\x06\x1c\x0b\x03\x0609\x03" +
+	"\x05\x1f\x01\x03\x04'\x08\x03\x93\xfd\xf5\x03\x02\x0d \x03\x02\x0d#\x03" +
+	"\x02\x0d!\x03\x02\x0d&\x03\x02\x0d\x22\x03\x02\x0d/\x03\x02\x0d,\x03\x02" +
+	"\x0d$\x03\x02\x0d'\x03\x02\x0d%\x03\x02\x0d;\x03\x02\x0d=\x03\x02\x0d?" +
+	"\x03\x099.\x03\x08\x0b7\x03\x08\x02\x14\x03\x08\x14\x0d\x03\x08.:\x03" +
+	"\x089'\x03\x0f\x0b\x18\x03\x0f\x1c1\x03\x0f\x17&\x03\x0f9\x1f\x03\x0f0" +
+	"\x0c\x03\x0e\x0a9\x03\x0e\x056\x03\x0e\x1c#\x03\x0f\x13\x0e\x03\x072\x00" +
+	"\x03\x070\x0d\x03\x072\x0b\x03\x06\x11\x18\x03\x070\x10\x03\x06\x0f(\x03" +
+	"\x072\x05\x03\x06\x0f,\x03\x073\x15\x03\x06\x07\x08\x03\x05\x16\x02\x03" +
+	"\x04\x0b \x03\x05:8\x03\x05\x16%\x03\x0a\x0d\x1f\x03\x06\x16\x10\x03\x05" +
+	"\x1d5\x03\x05*;\x03\x05\x16\x1b\x03\x04.-\x03\x06\x1a\x19\x03\x04\x03," +
+	"\x03\x0b87\x03\x04/\x0a\x03\x06\x00,\x03\x04-\x01\x03\x04\x1e-\x03\x06/(" +
+	"\x03\x0a\x0b5\x03\x06\x0e7\x03\x06\x07.\x03\x0597\x03\x0a*%\x03\x0760" +
+	"\x03\x06\x0c;\x03\x05'\x00\x03\x072.\x03\x072\x08\x03\x06=\x01\x03\x06" +
+	"\x05\x1b\x03\x06\x06\x12\x03\x06$=\x03\x06'\x0d\x03\x04\x11\x0f\x03\x076" +
+	",\x03\x06\x07;\x03\x06.,\x03\x86\xf9\xea\x03\x8f\xff\xeb\x02\x092\x02" +
+	"\x095\x02\x094\x02\x09;\x02\x09>\x02\x098\x02\x09*\x02\x09/\x02\x09,\x02" +
+	"\x09%\x02\x09&\x02\x09#\x02\x09 \x02\x08!\x02\x08%\x02\x08$\x02\x08+\x02" +
+	"\x08.\x02\x08*\x02\x08&\x02\x088\x02\x08>\x02\x084\x02\x086\x02\x080\x02" +
+	"\x08\x10\x02\x08\x17\x02\x08\x12\x02\x08\x1d\x02\x08\x1f\x02\x08\x13\x02" +
+	"\x08\x15\x02\x08\x14\x02\x08\x0c\x03\x8b\xfd\xd0\x03\x81\xec\xc6\x03\x87" +
+	"\xe0\x8a\x03-2\xe3\x03\x80\xef\xe4\x03-2\xea\x03\x88\xe6\xeb\x03\x8e\xe6" +
+	"\xe8\x03\x84\xe6\xe9\x03\x97\xe6\xee\x03-2\xf9\x03-2\xf6\x03\x8e\xe3\xad" +
+	"\x03\x80\xe3\x92\x03\x88\xe3\x90\x03\x8e\xe3\x90\x03\x80\xe3\x97\x03\x88" +
+	"\xe3\x95\x03\x88\xfe\xcb\x03\x8e\xfe\xca\x03\x84\xfe\xcd\x03\x91\xef\xc9" +
+	"\x03-2\xc1\x03-2\xc0\x03-2\xcb\x03\x88@\x09\x03\x8e@\x08\x03\x8f\xe0\xf5" +
+	"\x03\x8e\xe6\xf9\x03\x8e\xe0\xfa\x03\x93\xff\xf4\x03\x84\xee\xd3\x03\x0b" +
+	"(\x04\x023 \x021;\x02\x01*\x03\x0b#\x10\x03\x0b 0\x03\x0b!\x10\x03\x0b!0" +
+	"\x03\x07\x15\x08\x03\x09?5\x03\x07\x1f\x08\x03\x07\x17\x0b\x03\x09\x1f" +
+	"\x15\x03\x0b\x1c7\x03\x0a+#\x03\x06\x1a\x1b\x03\x06\x1a\x14\x03\x0a\x01" +
+	"\x18\x03\x06#\x1b\x03\x0a2\x0c\x03\x0a\x01\x04\x03\x09#;\x03\x08='\x03" +
+	"\x08\x1a\x0a\x03\x07</\x03\x07:+\x03\x07\x07*\x03\x06&\x1c\x03\x09\x0c" +
+	"\x16\x03\x09\x10\x0e\x03\x08'\x0f\x03\x08+\x09\x03\x074%\x03\x06!3\x03" +
+	"\x06\x03+\x03\x0b\x1e\x19\x03\x0a))\x03\x09\x08\x19\x03\x08,\x05\x03\x07" +
+	"<2\x03\x06\x1c>\x03\x0a\x111\x03\x09\x1b\x09\x03\x073.\x03\x07\x01\x00" +
+	"\x03\x09/,\x03\x07#>\x03\x07\x048\x03\x0a\x1f\x22\x03\x098>\x03\x09\x11" +
+	"\x00\x03\x08/\x17\x03\x06'\x22\x03\x0b\x1a+\x03\x0a\x22\x19\x03\x0a/1" +
+	"\x03\x0974\x03\x09\x0f\x22\x03\x08,\x22\x03\x08?\x14\x03\x07$5\x03\x07<3" +
+	"\x03\x07=*\x03\x07\x13\x18\x03\x068\x0a\x03\x06\x09\x16\x03\x06\x13\x00" +
+	"\x03\x08\x067\x03\x08\x01\x03\x03\x08\x12\x1d\x03\x07+7\x03\x06(;\x03" +
+	"\x06\x1c?\x03\x07\x0e\x17\x03\x0a\x06\x1d\x03\x0a\x19\x07\x03\x08\x14$" +
+	"\x03\x07$;\x03\x08,$\x03\x08\x06\x0d\x03\x07\x16\x0a\x03\x06>>\x03\x0a" +
+	"\x06\x12\x03\x0a\x14)\x03\x09\x0d\x1f\x03\x09\x12\x17\x03\x09\x19\x01" +
+	"\x03\x08\x11 \x03\x08\x1d'\x03\x06<\x1a\x03\x0a.\x00\x03\x07'\x18\x03" +
+	"\x0a\x22\x08\x03\x08\x0d\x0a\x03\x08\x13)\x03\x07*)\x03\x06<,\x03\x07" +
+	"\x0b\x1a\x03\x09.\x14\x03\x09\x0d\x1e\x03\x07\x0e#\x03\x0b\x1d'\x03\x0a" +
+	"\x0a8\x03\x09%2\x03\x08+&\x03\x080\x12\x03\x0a)4\x03\x08\x06\x1f\x03\x0b" +
+	"\x1b\x1a\x03\x0a\x1b\x0f\x03\x0b\x1d*\x03\x09\x16$\x03\x090\x11\x03\x08" +
+	"\x11\x08\x03\x0a*(\x03\x0a\x042\x03\x089,\x03\x074'\x03\x07\x0f\x05\x03" +
+	"\x09\x0b\x0a\x03\x07\x1b\x01\x03\x09\x17:\x03\x09.\x0d\x03\x07.\x11\x03" +
+	"\x09+\x15\x03\x080\x13\x03\x0b\x1f\x19\x03\x0a \x11\x03\x0a\x220\x03\x09" +
+	"\x07;\x03\x08\x16\x1c\x03\x07,\x13\x03\x07\x0e/\x03\x06\x221\x03\x0a." +
+	"\x0a\x03\x0a7\x02\x03\x0a\x032\x03\x0a\x1d.\x03\x091\x06\x03\x09\x19:" +
+	"\x03\x08\x02/\x03\x060+\x03\x06\x0f-\x03\x06\x1c\x1f\x03\x06\x1d\x07\x03" +
+	"\x0a,\x11\x03\x09=\x0d\x03\x09\x0b;\x03\x07\x1b/\x03\x0a\x1f:\x03\x09 " +
+	"\x1f\x03\x09.\x10\x03\x094\x0b\x03\x09\x1a1\x03\x08#\x1a\x03\x084\x1d" +
+	"\x03\x08\x01\x1f\x03\x08\x11\x22\x03\x07'8\x03\x07\x1a>\x03\x0757\x03" +
+	"\x06&9\x03\x06+\x11\x03\x0a.\x0b\x03\x0a,>\x03\x0a4#\x03\x08%\x17\x03" +
+	"\x07\x05\x22\x03\x07\x0c\x0b\x03\x0a\x1d+\x03\x0a\x19\x16\x03\x09+\x1f" +
+	"\x03\x09\x08\x0b\x03\x08\x16\x18\x03\x08+\x12\x03\x0b\x1d\x0c\x03\x0a=" +
+	"\x10\x03\x0a\x09\x0d\x03\x0a\x10\x11\x03\x09&0\x03\x08(\x1f\x03\x087\x07" +
+	"\x03\x08\x185\x03\x07'6\x03\x06.\x05\x03\x06=\x04\x03\x06;;\x03\x06\x06," +
+	"\x03\x0b\x18>\x03\x08\x00\x18\x03\x06 \x03\x03\x06<\x00\x03\x09%\x18\x03" +
+	"\x0b\x1c<\x03\x0a%!\x03\x0a\x09\x12\x03\x0a\x16\x02\x03\x090'\x03\x09" +
+	"\x0e=\x03\x08 \x0e\x03\x08>\x03\x03\x074>\x03\x06&?\x03\x06\x19\x09\x03" +
+	"\x06?(\x03\x0a-\x0e\x03\x09:3\x03\x098:\x03\x09\x12\x0b\x03\x09\x1d\x17" +
+	"\x03\x087\x05\x03\x082\x14\x03\x08\x06%\x03\x08\x13\x1f\x03\x06\x06\x0e" +
+	"\x03\x0a\x22<\x03\x09/<\x03\x06>+\x03\x0a'?\x03\x0a\x13\x0c\x03\x09\x10<" +
+	"\x03\x07\x1b=\x03\x0a\x19\x13\x03\x09\x22\x1d\x03\x09\x07\x0d\x03\x08)" +
+	"\x1c\x03\x06=\x1a\x03\x0a/4\x03\x0a7\x11\x03\x0a\x16:\x03\x09?3\x03\x09:" +
+	"/\x03\x09\x05\x0a\x03\x09\x14\x06\x03\x087\x22\x03\x080\x07\x03\x08\x1a" +
+	"\x1f\x03\x07\x04(\x03\x07\x04\x09\x03\x06 %\x03\x06<\x08\x03\x0a+\x14" +
+	"\x03\x09\x1d\x16\x03\x0a70\x03\x08 >\x03\x0857\x03\x070\x0a\x03\x06=\x12" +
+	"\x03\x06\x16%\x03\x06\x1d,\x03\x099#\x03\x09\x10>\x03\x07 \x1e\x03\x08" +
+	"\x0c<\x03\x08\x0b\x18\x03\x08\x15+\x03\x08,:\x03\x08%\x22\x03\x07\x0a$" +
+	"\x03\x0b\x1c=\x03\x07+\x08\x03\x0a/\x05\x03\x0a \x07\x03\x0a\x12'\x03" +
+	"\x09#\x11\x03\x08\x1b\x15\x03\x0a\x06\x01\x03\x09\x1c\x1b\x03\x0922\x03" +
+	"\x07\x14<\x03\x07\x09\x04\x03\x061\x04\x03\x07\x0e\x01\x03\x0a\x13\x18" +
+	"\x03\x0a-\x0c\x03\x0a?\x0d\x03\x0a\x09\x0a\x03\x091&\x03\x0a/\x0b\x03" +
+	"\x08$<\x03\x083\x1d\x03\x08\x0c$\x03\x08\x0d\x07\x03\x08\x0d?\x03\x08" +
+	"\x0e\x14\x03\x065\x0a\x03\x08\x1a#\x03\x08\x16#\x03\x0702\x03\x07\x03" +
+	"\x1a\x03\x06(\x1d\x03\x06+\x1b\x03\x06\x0b\x05\x03\x06\x0b\x17\x03\x06" +
+	"\x0c\x04\x03\x06\x1e\x19\x03\x06+0\x03\x062\x18\x03\x0b\x16\x1e\x03\x0a+" +
+	"\x16\x03\x0a-?\x03\x0a#:\x03\x0a#\x10\x03\x0a%$\x03\x0a>+\x03\x0a01\x03" +
+	"\x0a1\x10\x03\x0a\x099\x03\x0a\x0a\x12\x03\x0a\x19\x1f\x03\x0a\x19\x12" +
+	"\x03\x09*)\x03\x09-\x16\x03\x09.1\x03\x09.2\x03\x09<\x0e\x03\x09> \x03" +
+	"\x093\x12\x03\x09\x0b\x01\x03\x09\x1c2\x03\x09\x11\x1c\x03\x09\x15%\x03" +
+	"\x08,&\x03\x08!\x22\x03\x089(\x03\x08\x0b\x1a\x03\x08\x0d2\x03\x08\x0c" +
+	"\x04\x03\x08\x0c\x06\x03\x08\x0c\x1f\x03\x08\x0c\x0c\x03\x08\x0f\x1f\x03" +
+	"\x08\x0f\x1d\x03\x08\x00\x14\x03\x08\x03\x14\x03\x08\x06\x16\x03\x08\x1e" +
+	"#\x03\x08\x11\x11\x03\x08\x10\x18\x03\x08\x14(\x03\x07)\x1e\x03\x07.1" +
+	"\x03\x07 $\x03\x07 '\x03\x078\x08\x03\x07\x0d0\x03\x07\x0f7\x03\x07\x05#" +
+	"\x03\x07\x05\x1a\x03\x07\x1a7\x03\x07\x1d-\x03\x07\x17\x10\x03\x06)\x1f" +
+	"\x03\x062\x0b\x03\x066\x16\x03\x06\x09\x11\x03\x09(\x1e\x03\x07!5\x03" +
+	"\x0b\x11\x16\x03\x0a/\x04\x03\x0a,\x1a\x03\x0b\x173\x03\x0a,1\x03\x0a/5" +
+	"\x03\x0a\x221\x03\x0a\x22\x0d\x03\x0a?%\x03\x0a<,\x03\x0a?#\x03\x0a>\x19" +
+	"\x03\x0a\x08&\x03\x0a\x0b\x0e\x03\x0a\x0c:\x03\x0a\x0c+\x03\x0a\x03\x22" +
+	"\x03\x0a\x06)\x03\x0a\x11\x10\x03\x0a\x11\x1a\x03\x0a\x17-\x03\x0a\x14(" +
+	"\x03\x09)\x1e\x03\x09/\x09\x03\x09.\x00\x03\x09,\x07\x03\x09/*\x03\x09-9" +
+	"\x03\x09\x228\x03\x09%\x09\x03\x09:\x12\x03\x09;\x1d\x03\x09?\x06\x03" +
+	"\x093%\x03\x096\x05\x03\x096\x08\x03\x097\x02\x03\x09\x07,\x03\x09\x04," +
+	"\x03\x09\x1f\x16\x03\x09\x11\x03\x03\x09\x11\x12\x03\x09\x168\x03\x08*" +
+	"\x05\x03\x08/2\x03\x084:\x03\x08\x22+\x03\x08 0\x03\x08&\x0a\x03\x08;" +
+	"\x10\x03\x08>$\x03\x08>\x18\x03\x0829\x03\x082:\x03\x081,\x03\x081<\x03" +
+	"\x081\x1c\x03\x087#\x03\x087*\x03\x08\x09'\x03\x08\x00\x1d\x03\x08\x05-" +
+	"\x03\x08\x1f4\x03\x08\x1d\x04\x03\x08\x16\x0f\x03\x07*7\x03\x07'!\x03" +
+	"\x07%\x1b\x03\x077\x0c\x03\x07\x0c1\x03\x07\x0c.\x03\x07\x00\x06\x03\x07" +
+	"\x01\x02\x03\x07\x010\x03\x07\x06=\x03\x07\x01\x03\x03\x07\x01\x13\x03" +
+	"\x07\x06\x06\x03\x07\x05\x0a\x03\x07\x1f\x09\x03\x07\x17:\x03\x06*1\x03" +
+	"\x06-\x1d\x03\x06\x223\x03\x062:\x03\x060$\x03\x066\x1e\x03\x064\x12\x03" +
+	"\x0645\x03\x06\x0b\x00\x03\x06\x0b7\x03\x06\x07\x1f\x03\x06\x15\x12\x03" +
+	"\x0c\x05\x0f\x03\x0b+\x0b\x03\x0b+-\x03\x06\x16\x1b\x03\x06\x15\x17\x03" +
+	"\x89\xca\xea\x03\x89\xca\xe8\x03\x0c8\x10\x03\x0c8\x01\x03\x0c8\x0f\x03" +
+	"\x0d8%\x03\x0d8!\x03\x0c8-\x03\x0c8/\x03\x0c8+\x03\x0c87\x03\x0c85\x03" +
+	"\x0c9\x09\x03\x0c9\x0d\x03\x0c9\x0f\x03\x0c9\x0b\x03\xcfu\x0c\x03\xcfu" +
+	"\x0f\x03\xcfu\x0e\x03\xcfu\x09\x03\x0c9\x10\x03\x0d9\x0c\x03\xcf`;\x03" +
+	"\xcf`>\x03\xcf`9\x03\xcf`8\x03\xcf`7\x03\xcf`*\x03\xcf`-\x03\xcf`,\x03" +
+	"\x0d\x1b\x1a\x03\x0d\x1b&\x03\x0c=.\x03\x0c=%\x03\x0c>\x1e\x03\x0c>\x14" +
+	"\x03\x0c?\x06\x03\x0c?\x0b\x03\x0c?\x0c\x03\x0c?\x0d\x03\x0c?\x02\x03" +
+	"\x0c>\x0f\x03\x0c>\x08\x03\x0c>\x09\x03\x0c>,\x03\x0c>\x0c\x03\x0c?\x13" +
+	"\x03\x0c?\x16\x03\x0c?\x15\x03\x0c?\x1c\x03\x0c?\x1f\x03\x0c?\x1d\x03" +
+	"\x0c?\x1a\x03\x0c?\x17\x03\x0c?\x08\x03\x0c?\x09\x03\x0c?\x0e\x03\x0c?" +
+	"\x04\x03\x0c?\x05\x03\x0c<?\x03\x0c=\x00\x03\x0c=\x06\x03\x0c=\x05\x03" +
+	"\x0c=\x0c\x03\x0c=\x0f\x03\x0c=\x0d\x03\x0c=\x0b\x03\x0c=\x07\x03\x0c=" +
+	"\x19\x03\x0c=\x15\x03\x0c=\x11\x03\x0c=1\x03\x0c=3\x03\x0c=0\x03\x0c=>" +
+	"\x03\x0c=2\x03\x0c=6\x03\x0c<\x07\x03\x0c<\x05\x03\x0e:!\x03\x0e:#\x03" +
+	"\x0e8\x09\x03\x0e:&\x03\x0e8\x0b\x03\x0e:$\x03\x0e:,\x03\x0e8\x1a\x03" +
+	"\x0e8\x1e\x03\x0e:*\x03\x0e:7\x03\x0e:5\x03\x0e:;\x03\x0e:\x15\x03\x0e:<" +
+	"\x03\x0e:4\x03\x0e:'\x03\x0e:-\x03\x0e:%\x03\x0e:?\x03\x0e:=\x03\x0e:)" +
+	"\x03\x0e:/\x03\xcfs'\x03\x0d=\x0f\x03\x0d+*\x03\x0d99\x03\x0d9;\x03\x0d9" +
+	"?\x03\x0d)\x0d\x03\x0d(%\x02\x01\x18\x02\x01(\x02\x01\x1e\x03\x0f$!\x03" +
+	"\x0f87\x03\x0f4\x0e\x03\x0f5\x1d\x03\x06'\x03\x03\x0f\x08\x18\x03\x0f" +
+	"\x0d\x1b\x03\x0e2=\x03\x0e;\x08\x03\x0e:\x0b\x03\x0e\x06$\x03\x0e\x0d)" +
+	"\x03\x0e\x16\x1f\x03\x0e\x16\x1b\x03\x0d$\x0a\x03\x05,\x1d\x03\x0d. \x03" +
+	"\x0d.#\x03\x0c(/\x03\x09%\x02\x03\x0d90\x03\x0d\x0e4\x03\x0d\x0d\x0f\x03" +
+	"\x0c#\x00\x03\x0c,\x1e\x03\x0c2\x0e\x03\x0c\x01\x17\x03\x0c\x09:\x03\x0e" +
+	"\x173\x03\x0c\x08\x03\x03\x0c\x11\x07\x03\x0c\x10\x18\x03\x0c\x1f\x1c" +
+	"\x03\x0c\x19\x0e\x03\x0c\x1a\x1f\x03\x0f0>\x03\x0b->\x03\x0b<+\x03\x0b8" +
+	"\x13\x03\x0b\x043\x03\x0b\x14\x03\x03\x0b\x16%\x03\x0d\x22&\x03\x0b\x1a" +
+	"\x1a\x03\x0b\x1a\x04\x03\x0a%9\x03\x0a&2\x03\x0a&0\x03\x0a!\x1a\x03\x0a!" +
+	"7\x03\x0a5\x10\x03\x0a=4\x03\x0a?\x0e\x03\x0a>\x10\x03\x0a\x00 \x03\x0a" +
+	"\x0f:\x03\x0a\x0f9\x03\x0a\x0b\x0a\x03\x0a\x17%\x03\x0a\x1b-\x03\x09-" +
+	"\x1a\x03\x09,4\x03\x09.,\x03\x09)\x09\x03\x096!\x03\x091\x1f\x03\x093" +
+	"\x16\x03\x0c+\x1f\x03\x098 \x03\x098=\x03\x0c(\x1a\x03\x0c(\x16\x03\x09" +
+	"\x0a+\x03\x09\x16\x12\x03\x09\x13\x0e\x03\x09\x153\x03\x08)!\x03\x09\x1a" +
+	"\x01\x03\x09\x18\x01\x03\x08%#\x03\x08>\x22\x03\x08\x05%\x03\x08\x02*" +
+	"\x03\x08\x15;\x03\x08\x1b7\x03\x0f\x07\x1d\x03\x0f\x04\x03\x03\x070\x0c" +
+	"\x03\x07;\x0b\x03\x07\x08\x17\x03\x07\x12\x06\x03\x06/-\x03\x0671\x03" +
+	"\x065+\x03\x06>7\x03\x06\x049\x03\x05+\x1e\x03\x05,\x17\x03\x05 \x1d\x03" +
+	"\x05\x22\x05\x03\x050\x1d"
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// idnaTrie. Total size: 29404 bytes (28.71 KiB). Checksum: 848c45acb5f7991c.
+type idnaTrie struct{}
+
+func newIdnaTrie(i int) *idnaTrie {
+	return &idnaTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *idnaTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 125:
+		return uint16(idnaValues[n<<6+uint32(b)])
+	default:
+		n -= 125
+		return uint16(idnaSparse.lookup(n, b))
+	}
+}
+
+// idnaValues: 127 blocks, 8128 entries, 16256 bytes
+// The third block is the zero block.
+var idnaValues = [8128]uint16{
+	// Block 0x0, offset 0x0
+	0x00: 0x0080, 0x01: 0x0080, 0x02: 0x0080, 0x03: 0x0080, 0x04: 0x0080, 0x05: 0x0080,
+	0x06: 0x0080, 0x07: 0x0080, 0x08: 0x0080, 0x09: 0x0080, 0x0a: 0x0080, 0x0b: 0x0080,
+	0x0c: 0x0080, 0x0d: 0x0080, 0x0e: 0x0080, 0x0f: 0x0080, 0x10: 0x0080, 0x11: 0x0080,
+	0x12: 0x0080, 0x13: 0x0080, 0x14: 0x0080, 0x15: 0x0080, 0x16: 0x0080, 0x17: 0x0080,
+	0x18: 0x0080, 0x19: 0x0080, 0x1a: 0x0080, 0x1b: 0x0080, 0x1c: 0x0080, 0x1d: 0x0080,
+	0x1e: 0x0080, 0x1f: 0x0080, 0x20: 0x0080, 0x21: 0x0080, 0x22: 0x0080, 0x23: 0x0080,
+	0x24: 0x0080, 0x25: 0x0080, 0x26: 0x0080, 0x27: 0x0080, 0x28: 0x0080, 0x29: 0x0080,
+	0x2a: 0x0080, 0x2b: 0x0080, 0x2c: 0x0080, 0x2d: 0x0008, 0x2e: 0x0008, 0x2f: 0x0080,
+	0x30: 0x0008, 0x31: 0x0008, 0x32: 0x0008, 0x33: 0x0008, 0x34: 0x0008, 0x35: 0x0008,
+	0x36: 0x0008, 0x37: 0x0008, 0x38: 0x0008, 0x39: 0x0008, 0x3a: 0x0080, 0x3b: 0x0080,
+	0x3c: 0x0080, 0x3d: 0x0080, 0x3e: 0x0080, 0x3f: 0x0080,
+	// Block 0x1, offset 0x40
+	0x40: 0x0080, 0x41: 0xe105, 0x42: 0xe105, 0x43: 0xe105, 0x44: 0xe105, 0x45: 0xe105,
+	0x46: 0xe105, 0x47: 0xe105, 0x48: 0xe105, 0x49: 0xe105, 0x4a: 0xe105, 0x4b: 0xe105,
+	0x4c: 0xe105, 0x4d: 0xe105, 0x4e: 0xe105, 0x4f: 0xe105, 0x50: 0xe105, 0x51: 0xe105,
+	0x52: 0xe105, 0x53: 0xe105, 0x54: 0xe105, 0x55: 0xe105, 0x56: 0xe105, 0x57: 0xe105,
+	0x58: 0xe105, 0x59: 0xe105, 0x5a: 0xe105, 0x5b: 0x0080, 0x5c: 0x0080, 0x5d: 0x0080,
+	0x5e: 0x0080, 0x5f: 0x0080, 0x60: 0x0080, 0x61: 0x0008, 0x62: 0x0008, 0x63: 0x0008,
+	0x64: 0x0008, 0x65: 0x0008, 0x66: 0x0008, 0x67: 0x0008, 0x68: 0x0008, 0x69: 0x0008,
+	0x6a: 0x0008, 0x6b: 0x0008, 0x6c: 0x0008, 0x6d: 0x0008, 0x6e: 0x0008, 0x6f: 0x0008,
+	0x70: 0x0008, 0x71: 0x0008, 0x72: 0x0008, 0x73: 0x0008, 0x74: 0x0008, 0x75: 0x0008,
+	0x76: 0x0008, 0x77: 0x0008, 0x78: 0x0008, 0x79: 0x0008, 0x7a: 0x0008, 0x7b: 0x0080,
+	0x7c: 0x0080, 0x7d: 0x0080, 0x7e: 0x0080, 0x7f: 0x0080,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x0040, 0xc1: 0x0040, 0xc2: 0x0040, 0xc3: 0x0040, 0xc4: 0x0040, 0xc5: 0x0040,
+	0xc6: 0x0040, 0xc7: 0x0040, 0xc8: 0x0040, 0xc9: 0x0040, 0xca: 0x0040, 0xcb: 0x0040,
+	0xcc: 0x0040, 0xcd: 0x0040, 0xce: 0x0040, 0xcf: 0x0040, 0xd0: 0x0040, 0xd1: 0x0040,
+	0xd2: 0x0040, 0xd3: 0x0040, 0xd4: 0x0040, 0xd5: 0x0040, 0xd6: 0x0040, 0xd7: 0x0040,
+	0xd8: 0x0040, 0xd9: 0x0040, 0xda: 0x0040, 0xdb: 0x0040, 0xdc: 0x0040, 0xdd: 0x0040,
+	0xde: 0x0040, 0xdf: 0x0040, 0xe0: 0x000a, 0xe1: 0x0018, 0xe2: 0x0018, 0xe3: 0x0018,
+	0xe4: 0x0018, 0xe5: 0x0018, 0xe6: 0x0018, 0xe7: 0x0018, 0xe8: 0x001a, 0xe9: 0x0018,
+	0xea: 0x0039, 0xeb: 0x0018, 0xec: 0x0018, 0xed: 0x03c0, 0xee: 0x0018, 0xef: 0x004a,
+	0xf0: 0x0018, 0xf1: 0x0018, 0xf2: 0x0069, 0xf3: 0x0079, 0xf4: 0x008a, 0xf5: 0x0005,
+	0xf6: 0x0018, 0xf7: 0x0008, 0xf8: 0x00aa, 0xf9: 0x00c9, 0xfa: 0x00d9, 0xfb: 0x0018,
+	0xfc: 0x00e9, 0xfd: 0x0119, 0xfe: 0x0149, 0xff: 0x0018,
+	// Block 0x4, offset 0x100
+	0x100: 0xe00d, 0x101: 0x0008, 0x102: 0xe00d, 0x103: 0x0008, 0x104: 0xe00d, 0x105: 0x0008,
+	0x106: 0xe00d, 0x107: 0x0008, 0x108: 0xe00d, 0x109: 0x0008, 0x10a: 0xe00d, 0x10b: 0x0008,
+	0x10c: 0xe00d, 0x10d: 0x0008, 0x10e: 0xe00d, 0x10f: 0x0008, 0x110: 0xe00d, 0x111: 0x0008,
+	0x112: 0xe00d, 0x113: 0x0008, 0x114: 0xe00d, 0x115: 0x0008, 0x116: 0xe00d, 0x117: 0x0008,
+	0x118: 0xe00d, 0x119: 0x0008, 0x11a: 0xe00d, 0x11b: 0x0008, 0x11c: 0xe00d, 0x11d: 0x0008,
+	0x11e: 0xe00d, 0x11f: 0x0008, 0x120: 0xe00d, 0x121: 0x0008, 0x122: 0xe00d, 0x123: 0x0008,
+	0x124: 0xe00d, 0x125: 0x0008, 0x126: 0xe00d, 0x127: 0x0008, 0x128: 0xe00d, 0x129: 0x0008,
+	0x12a: 0xe00d, 0x12b: 0x0008, 0x12c: 0xe00d, 0x12d: 0x0008, 0x12e: 0xe00d, 0x12f: 0x0008,
+	0x130: 0x0179, 0x131: 0x0008, 0x132: 0x0035, 0x133: 0x004d, 0x134: 0xe00d, 0x135: 0x0008,
+	0x136: 0xe00d, 0x137: 0x0008, 0x138: 0x0008, 0x139: 0xe01d, 0x13a: 0x0008, 0x13b: 0xe03d,
+	0x13c: 0x0008, 0x13d: 0xe01d, 0x13e: 0x0008, 0x13f: 0x0199,
+	// Block 0x5, offset 0x140
+	0x140: 0x0199, 0x141: 0xe01d, 0x142: 0x0008, 0x143: 0xe03d, 0x144: 0x0008, 0x145: 0xe01d,
+	0x146: 0x0008, 0x147: 0xe07d, 0x148: 0x0008, 0x149: 0x01b9, 0x14a: 0xe00d, 0x14b: 0x0008,
+	0x14c: 0xe00d, 0x14d: 0x0008, 0x14e: 0xe00d, 0x14f: 0x0008, 0x150: 0xe00d, 0x151: 0x0008,
+	0x152: 0xe00d, 0x153: 0x0008, 0x154: 0xe00d, 0x155: 0x0008, 0x156: 0xe00d, 0x157: 0x0008,
+	0x158: 0xe00d, 0x159: 0x0008, 0x15a: 0xe00d, 0x15b: 0x0008, 0x15c: 0xe00d, 0x15d: 0x0008,
+	0x15e: 0xe00d, 0x15f: 0x0008, 0x160: 0xe00d, 0x161: 0x0008, 0x162: 0xe00d, 0x163: 0x0008,
+	0x164: 0xe00d, 0x165: 0x0008, 0x166: 0xe00d, 0x167: 0x0008, 0x168: 0xe00d, 0x169: 0x0008,
+	0x16a: 0xe00d, 0x16b: 0x0008, 0x16c: 0xe00d, 0x16d: 0x0008, 0x16e: 0xe00d, 0x16f: 0x0008,
+	0x170: 0xe00d, 0x171: 0x0008, 0x172: 0xe00d, 0x173: 0x0008, 0x174: 0xe00d, 0x175: 0x0008,
+	0x176: 0xe00d, 0x177: 0x0008, 0x178: 0x0065, 0x179: 0xe01d, 0x17a: 0x0008, 0x17b: 0xe03d,
+	0x17c: 0x0008, 0x17d: 0xe01d, 0x17e: 0x0008, 0x17f: 0x01d9,
+	// Block 0x6, offset 0x180
+	0x180: 0x0008, 0x181: 0x007d, 0x182: 0xe00d, 0x183: 0x0008, 0x184: 0xe00d, 0x185: 0x0008,
+	0x186: 0x007d, 0x187: 0xe07d, 0x188: 0x0008, 0x189: 0x0095, 0x18a: 0x00ad, 0x18b: 0xe03d,
+	0x18c: 0x0008, 0x18d: 0x0008, 0x18e: 0x00c5, 0x18f: 0x00dd, 0x190: 0x00f5, 0x191: 0xe01d,
+	0x192: 0x0008, 0x193: 0x010d, 0x194: 0x0125, 0x195: 0x0008, 0x196: 0x013d, 0x197: 0x013d,
+	0x198: 0xe00d, 0x199: 0x0008, 0x19a: 0x0008, 0x19b: 0x0008, 0x19c: 0x010d, 0x19d: 0x0155,
+	0x19e: 0x0008, 0x19f: 0x016d, 0x1a0: 0xe00d, 0x1a1: 0x0008, 0x1a2: 0xe00d, 0x1a3: 0x0008,
+	0x1a4: 0xe00d, 0x1a5: 0x0008, 0x1a6: 0x0185, 0x1a7: 0xe07d, 0x1a8: 0x0008, 0x1a9: 0x019d,
+	0x1aa: 0x0008, 0x1ab: 0x0008, 0x1ac: 0xe00d, 0x1ad: 0x0008, 0x1ae: 0x0185, 0x1af: 0xe0fd,
+	0x1b0: 0x0008, 0x1b1: 0x01b5, 0x1b2: 0x01cd, 0x1b3: 0xe03d, 0x1b4: 0x0008, 0x1b5: 0xe01d,
+	0x1b6: 0x0008, 0x1b7: 0x01e5, 0x1b8: 0xe00d, 0x1b9: 0x0008, 0x1ba: 0x0008, 0x1bb: 0x0008,
+	0x1bc: 0xe00d, 0x1bd: 0x0008, 0x1be: 0x0008, 0x1bf: 0x0008,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x0008, 0x1c1: 0x0008, 0x1c2: 0x0008, 0x1c3: 0x0008, 0x1c4: 0x01e9, 0x1c5: 0x01e9,
+	0x1c6: 0x01e9, 0x1c7: 0x01fd, 0x1c8: 0x0215, 0x1c9: 0x022d, 0x1ca: 0x0245, 0x1cb: 0x025d,
+	0x1cc: 0x0275, 0x1cd: 0xe01d, 0x1ce: 0x0008, 0x1cf: 0xe0fd, 0x1d0: 0x0008, 0x1d1: 0xe01d,
+	0x1d2: 0x0008, 0x1d3: 0xe03d, 0x1d4: 0x0008, 0x1d5: 0xe01d, 0x1d6: 0x0008, 0x1d7: 0xe07d,
+	0x1d8: 0x0008, 0x1d9: 0xe01d, 0x1da: 0x0008, 0x1db: 0xe03d, 0x1dc: 0x0008, 0x1dd: 0x0008,
+	0x1de: 0xe00d, 0x1df: 0x0008, 0x1e0: 0xe00d, 0x1e1: 0x0008, 0x1e2: 0xe00d, 0x1e3: 0x0008,
+	0x1e4: 0xe00d, 0x1e5: 0x0008, 0x1e6: 0xe00d, 0x1e7: 0x0008, 0x1e8: 0xe00d, 0x1e9: 0x0008,
+	0x1ea: 0xe00d, 0x1eb: 0x0008, 0x1ec: 0xe00d, 0x1ed: 0x0008, 0x1ee: 0xe00d, 0x1ef: 0x0008,
+	0x1f0: 0x0008, 0x1f1: 0x028d, 0x1f2: 0x02a5, 0x1f3: 0x02bd, 0x1f4: 0xe00d, 0x1f5: 0x0008,
+	0x1f6: 0x02d5, 0x1f7: 0x02ed, 0x1f8: 0xe00d, 0x1f9: 0x0008, 0x1fa: 0xe00d, 0x1fb: 0x0008,
+	0x1fc: 0xe00d, 0x1fd: 0x0008, 0x1fe: 0xe00d, 0x1ff: 0x0008,
+	// Block 0x8, offset 0x200
+	0x200: 0xe00d, 0x201: 0x0008, 0x202: 0xe00d, 0x203: 0x0008, 0x204: 0xe00d, 0x205: 0x0008,
+	0x206: 0xe00d, 0x207: 0x0008, 0x208: 0xe00d, 0x209: 0x0008, 0x20a: 0xe00d, 0x20b: 0x0008,
+	0x20c: 0xe00d, 0x20d: 0x0008, 0x20e: 0xe00d, 0x20f: 0x0008, 0x210: 0xe00d, 0x211: 0x0008,
+	0x212: 0xe00d, 0x213: 0x0008, 0x214: 0xe00d, 0x215: 0x0008, 0x216: 0xe00d, 0x217: 0x0008,
+	0x218: 0xe00d, 0x219: 0x0008, 0x21a: 0xe00d, 0x21b: 0x0008, 0x21c: 0xe00d, 0x21d: 0x0008,
+	0x21e: 0xe00d, 0x21f: 0x0008, 0x220: 0x0305, 0x221: 0x0008, 0x222: 0xe00d, 0x223: 0x0008,
+	0x224: 0xe00d, 0x225: 0x0008, 0x226: 0xe00d, 0x227: 0x0008, 0x228: 0xe00d, 0x229: 0x0008,
+	0x22a: 0xe00d, 0x22b: 0x0008, 0x22c: 0xe00d, 0x22d: 0x0008, 0x22e: 0xe00d, 0x22f: 0x0008,
+	0x230: 0xe00d, 0x231: 0x0008, 0x232: 0xe00d, 0x233: 0x0008, 0x234: 0x0008, 0x235: 0x0008,
+	0x236: 0x0008, 0x237: 0x0008, 0x238: 0x0008, 0x239: 0x0008, 0x23a: 0x0209, 0x23b: 0xe03d,
+	0x23c: 0x0008, 0x23d: 0x031d, 0x23e: 0x0229, 0x23f: 0x0008,
+	// Block 0x9, offset 0x240
+	0x240: 0x0008, 0x241: 0x0008, 0x242: 0x0018, 0x243: 0x0018, 0x244: 0x0018, 0x245: 0x0018,
+	0x246: 0x0008, 0x247: 0x0008, 0x248: 0x0008, 0x249: 0x0008, 0x24a: 0x0008, 0x24b: 0x0008,
+	0x24c: 0x0008, 0x24d: 0x0008, 0x24e: 0x0008, 0x24f: 0x0008, 0x250: 0x0008, 0x251: 0x0008,
+	0x252: 0x0018, 0x253: 0x0018, 0x254: 0x0018, 0x255: 0x0018, 0x256: 0x0018, 0x257: 0x0018,
+	0x258: 0x029a, 0x259: 0x02ba, 0x25a: 0x02da, 0x25b: 0x02fa, 0x25c: 0x031a, 0x25d: 0x033a,
+	0x25e: 0x0018, 0x25f: 0x0018, 0x260: 0x03ad, 0x261: 0x0359, 0x262: 0x01d9, 0x263: 0x0369,
+	0x264: 0x03c5, 0x265: 0x0018, 0x266: 0x0018, 0x267: 0x0018, 0x268: 0x0018, 0x269: 0x0018,
+	0x26a: 0x0018, 0x26b: 0x0018, 0x26c: 0x0008, 0x26d: 0x0018, 0x26e: 0x0008, 0x26f: 0x0018,
+	0x270: 0x0018, 0x271: 0x0018, 0x272: 0x0018, 0x273: 0x0018, 0x274: 0x0018, 0x275: 0x0018,
+	0x276: 0x0018, 0x277: 0x0018, 0x278: 0x0018, 0x279: 0x0018, 0x27a: 0x0018, 0x27b: 0x0018,
+	0x27c: 0x0018, 0x27d: 0x0018, 0x27e: 0x0018, 0x27f: 0x0018,
+	// Block 0xa, offset 0x280
+	0x280: 0x03dd, 0x281: 0x03dd, 0x282: 0x3308, 0x283: 0x03f5, 0x284: 0x0379, 0x285: 0x040d,
+	0x286: 0x3308, 0x287: 0x3308, 0x288: 0x3308, 0x289: 0x3308, 0x28a: 0x3308, 0x28b: 0x3308,
+	0x28c: 0x3308, 0x28d: 0x3308, 0x28e: 0x3308, 0x28f: 0x33c0, 0x290: 0x3308, 0x291: 0x3308,
+	0x292: 0x3308, 0x293: 0x3308, 0x294: 0x3308, 0x295: 0x3308, 0x296: 0x3308, 0x297: 0x3308,
+	0x298: 0x3308, 0x299: 0x3308, 0x29a: 0x3308, 0x29b: 0x3308, 0x29c: 0x3308, 0x29d: 0x3308,
+	0x29e: 0x3308, 0x29f: 0x3308, 0x2a0: 0x3308, 0x2a1: 0x3308, 0x2a2: 0x3308, 0x2a3: 0x3308,
+	0x2a4: 0x3308, 0x2a5: 0x3308, 0x2a6: 0x3308, 0x2a7: 0x3308, 0x2a8: 0x3308, 0x2a9: 0x3308,
+	0x2aa: 0x3308, 0x2ab: 0x3308, 0x2ac: 0x3308, 0x2ad: 0x3308, 0x2ae: 0x3308, 0x2af: 0x3308,
+	0x2b0: 0xe00d, 0x2b1: 0x0008, 0x2b2: 0xe00d, 0x2b3: 0x0008, 0x2b4: 0x0425, 0x2b5: 0x0008,
+	0x2b6: 0xe00d, 0x2b7: 0x0008, 0x2b8: 0x0040, 0x2b9: 0x0040, 0x2ba: 0x03a2, 0x2bb: 0x0008,
+	0x2bc: 0x0008, 0x2bd: 0x0008, 0x2be: 0x03c2, 0x2bf: 0x043d,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x0040, 0x2c1: 0x0040, 0x2c2: 0x0040, 0x2c3: 0x0040, 0x2c4: 0x008a, 0x2c5: 0x03d2,
+	0x2c6: 0xe155, 0x2c7: 0x0455, 0x2c8: 0xe12d, 0x2c9: 0xe13d, 0x2ca: 0xe12d, 0x2cb: 0x0040,
+	0x2cc: 0x03dd, 0x2cd: 0x0040, 0x2ce: 0x046d, 0x2cf: 0x0485, 0x2d0: 0x0008, 0x2d1: 0xe105,
+	0x2d2: 0xe105, 0x2d3: 0xe105, 0x2d4: 0xe105, 0x2d5: 0xe105, 0x2d6: 0xe105, 0x2d7: 0xe105,
+	0x2d8: 0xe105, 0x2d9: 0xe105, 0x2da: 0xe105, 0x2db: 0xe105, 0x2dc: 0xe105, 0x2dd: 0xe105,
+	0x2de: 0xe105, 0x2df: 0xe105, 0x2e0: 0x049d, 0x2e1: 0x049d, 0x2e2: 0x0040, 0x2e3: 0x049d,
+	0x2e4: 0x049d, 0x2e5: 0x049d, 0x2e6: 0x049d, 0x2e7: 0x049d, 0x2e8: 0x049d, 0x2e9: 0x049d,
+	0x2ea: 0x049d, 0x2eb: 0x049d, 0x2ec: 0x0008, 0x2ed: 0x0008, 0x2ee: 0x0008, 0x2ef: 0x0008,
+	0x2f0: 0x0008, 0x2f1: 0x0008, 0x2f2: 0x0008, 0x2f3: 0x0008, 0x2f4: 0x0008, 0x2f5: 0x0008,
+	0x2f6: 0x0008, 0x2f7: 0x0008, 0x2f8: 0x0008, 0x2f9: 0x0008, 0x2fa: 0x0008, 0x2fb: 0x0008,
+	0x2fc: 0x0008, 0x2fd: 0x0008, 0x2fe: 0x0008, 0x2ff: 0x0008,
+	// Block 0xc, offset 0x300
+	0x300: 0x0008, 0x301: 0x0008, 0x302: 0xe00f, 0x303: 0x0008, 0x304: 0x0008, 0x305: 0x0008,
+	0x306: 0x0008, 0x307: 0x0008, 0x308: 0x0008, 0x309: 0x0008, 0x30a: 0x0008, 0x30b: 0x0008,
+	0x30c: 0x0008, 0x30d: 0x0008, 0x30e: 0x0008, 0x30f: 0xe0c5, 0x310: 0x04b5, 0x311: 0x04cd,
+	0x312: 0xe0bd, 0x313: 0xe0f5, 0x314: 0xe0fd, 0x315: 0xe09d, 0x316: 0xe0b5, 0x317: 0x0008,
+	0x318: 0xe00d, 0x319: 0x0008, 0x31a: 0xe00d, 0x31b: 0x0008, 0x31c: 0xe00d, 0x31d: 0x0008,
+	0x31e: 0xe00d, 0x31f: 0x0008, 0x320: 0xe00d, 0x321: 0x0008, 0x322: 0xe00d, 0x323: 0x0008,
+	0x324: 0xe00d, 0x325: 0x0008, 0x326: 0xe00d, 0x327: 0x0008, 0x328: 0xe00d, 0x329: 0x0008,
+	0x32a: 0xe00d, 0x32b: 0x0008, 0x32c: 0xe00d, 0x32d: 0x0008, 0x32e: 0xe00d, 0x32f: 0x0008,
+	0x330: 0x04e5, 0x331: 0xe185, 0x332: 0xe18d, 0x333: 0x0008, 0x334: 0x04fd, 0x335: 0x03dd,
+	0x336: 0x0018, 0x337: 0xe07d, 0x338: 0x0008, 0x339: 0xe1d5, 0x33a: 0xe00d, 0x33b: 0x0008,
+	0x33c: 0x0008, 0x33d: 0x0515, 0x33e: 0x052d, 0x33f: 0x052d,
+	// Block 0xd, offset 0x340
+	0x340: 0x0008, 0x341: 0x0008, 0x342: 0x0008, 0x343: 0x0008, 0x344: 0x0008, 0x345: 0x0008,
+	0x346: 0x0008, 0x347: 0x0008, 0x348: 0x0008, 0x349: 0x0008, 0x34a: 0x0008, 0x34b: 0x0008,
+	0x34c: 0x0008, 0x34d: 0x0008, 0x34e: 0x0008, 0x34f: 0x0008, 0x350: 0x0008, 0x351: 0x0008,
+	0x352: 0x0008, 0x353: 0x0008, 0x354: 0x0008, 0x355: 0x0008, 0x356: 0x0008, 0x357: 0x0008,
+	0x358: 0x0008, 0x359: 0x0008, 0x35a: 0x0008, 0x35b: 0x0008, 0x35c: 0x0008, 0x35d: 0x0008,
+	0x35e: 0x0008, 0x35f: 0x0008, 0x360: 0xe00d, 0x361: 0x0008, 0x362: 0xe00d, 0x363: 0x0008,
+	0x364: 0xe00d, 0x365: 0x0008, 0x366: 0xe00d, 0x367: 0x0008, 0x368: 0xe00d, 0x369: 0x0008,
+	0x36a: 0xe00d, 0x36b: 0x0008, 0x36c: 0xe00d, 0x36d: 0x0008, 0x36e: 0xe00d, 0x36f: 0x0008,
+	0x370: 0xe00d, 0x371: 0x0008, 0x372: 0xe00d, 0x373: 0x0008, 0x374: 0xe00d, 0x375: 0x0008,
+	0x376: 0xe00d, 0x377: 0x0008, 0x378: 0xe00d, 0x379: 0x0008, 0x37a: 0xe00d, 0x37b: 0x0008,
+	0x37c: 0xe00d, 0x37d: 0x0008, 0x37e: 0xe00d, 0x37f: 0x0008,
+	// Block 0xe, offset 0x380
+	0x380: 0xe00d, 0x381: 0x0008, 0x382: 0x0018, 0x383: 0x3308, 0x384: 0x3308, 0x385: 0x3308,
+	0x386: 0x3308, 0x387: 0x3308, 0x388: 0x3318, 0x389: 0x3318, 0x38a: 0xe00d, 0x38b: 0x0008,
+	0x38c: 0xe00d, 0x38d: 0x0008, 0x38e: 0xe00d, 0x38f: 0x0008, 0x390: 0xe00d, 0x391: 0x0008,
+	0x392: 0xe00d, 0x393: 0x0008, 0x394: 0xe00d, 0x395: 0x0008, 0x396: 0xe00d, 0x397: 0x0008,
+	0x398: 0xe00d, 0x399: 0x0008, 0x39a: 0xe00d, 0x39b: 0x0008, 0x39c: 0xe00d, 0x39d: 0x0008,
+	0x39e: 0xe00d, 0x39f: 0x0008, 0x3a0: 0xe00d, 0x3a1: 0x0008, 0x3a2: 0xe00d, 0x3a3: 0x0008,
+	0x3a4: 0xe00d, 0x3a5: 0x0008, 0x3a6: 0xe00d, 0x3a7: 0x0008, 0x3a8: 0xe00d, 0x3a9: 0x0008,
+	0x3aa: 0xe00d, 0x3ab: 0x0008, 0x3ac: 0xe00d, 0x3ad: 0x0008, 0x3ae: 0xe00d, 0x3af: 0x0008,
+	0x3b0: 0xe00d, 0x3b1: 0x0008, 0x3b2: 0xe00d, 0x3b3: 0x0008, 0x3b4: 0xe00d, 0x3b5: 0x0008,
+	0x3b6: 0xe00d, 0x3b7: 0x0008, 0x3b8: 0xe00d, 0x3b9: 0x0008, 0x3ba: 0xe00d, 0x3bb: 0x0008,
+	0x3bc: 0xe00d, 0x3bd: 0x0008, 0x3be: 0xe00d, 0x3bf: 0x0008,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x0040, 0x3c1: 0xe01d, 0x3c2: 0x0008, 0x3c3: 0xe03d, 0x3c4: 0x0008, 0x3c5: 0xe01d,
+	0x3c6: 0x0008, 0x3c7: 0xe07d, 0x3c8: 0x0008, 0x3c9: 0xe01d, 0x3ca: 0x0008, 0x3cb: 0xe03d,
+	0x3cc: 0x0008, 0x3cd: 0xe01d, 0x3ce: 0x0008, 0x3cf: 0x0008, 0x3d0: 0xe00d, 0x3d1: 0x0008,
+	0x3d2: 0xe00d, 0x3d3: 0x0008, 0x3d4: 0xe00d, 0x3d5: 0x0008, 0x3d6: 0xe00d, 0x3d7: 0x0008,
+	0x3d8: 0xe00d, 0x3d9: 0x0008, 0x3da: 0xe00d, 0x3db: 0x0008, 0x3dc: 0xe00d, 0x3dd: 0x0008,
+	0x3de: 0xe00d, 0x3df: 0x0008, 0x3e0: 0xe00d, 0x3e1: 0x0008, 0x3e2: 0xe00d, 0x3e3: 0x0008,
+	0x3e4: 0xe00d, 0x3e5: 0x0008, 0x3e6: 0xe00d, 0x3e7: 0x0008, 0x3e8: 0xe00d, 0x3e9: 0x0008,
+	0x3ea: 0xe00d, 0x3eb: 0x0008, 0x3ec: 0xe00d, 0x3ed: 0x0008, 0x3ee: 0xe00d, 0x3ef: 0x0008,
+	0x3f0: 0xe00d, 0x3f1: 0x0008, 0x3f2: 0xe00d, 0x3f3: 0x0008, 0x3f4: 0xe00d, 0x3f5: 0x0008,
+	0x3f6: 0xe00d, 0x3f7: 0x0008, 0x3f8: 0xe00d, 0x3f9: 0x0008, 0x3fa: 0xe00d, 0x3fb: 0x0008,
+	0x3fc: 0xe00d, 0x3fd: 0x0008, 0x3fe: 0xe00d, 0x3ff: 0x0008,
+	// Block 0x10, offset 0x400
+	0x400: 0xe00d, 0x401: 0x0008, 0x402: 0xe00d, 0x403: 0x0008, 0x404: 0xe00d, 0x405: 0x0008,
+	0x406: 0xe00d, 0x407: 0x0008, 0x408: 0xe00d, 0x409: 0x0008, 0x40a: 0xe00d, 0x40b: 0x0008,
+	0x40c: 0xe00d, 0x40d: 0x0008, 0x40e: 0xe00d, 0x40f: 0x0008, 0x410: 0xe00d, 0x411: 0x0008,
+	0x412: 0xe00d, 0x413: 0x0008, 0x414: 0xe00d, 0x415: 0x0008, 0x416: 0xe00d, 0x417: 0x0008,
+	0x418: 0xe00d, 0x419: 0x0008, 0x41a: 0xe00d, 0x41b: 0x0008, 0x41c: 0xe00d, 0x41d: 0x0008,
+	0x41e: 0xe00d, 0x41f: 0x0008, 0x420: 0xe00d, 0x421: 0x0008, 0x422: 0xe00d, 0x423: 0x0008,
+	0x424: 0xe00d, 0x425: 0x0008, 0x426: 0xe00d, 0x427: 0x0008, 0x428: 0xe00d, 0x429: 0x0008,
+	0x42a: 0xe00d, 0x42b: 0x0008, 0x42c: 0xe00d, 0x42d: 0x0008, 0x42e: 0xe00d, 0x42f: 0x0008,
+	0x430: 0x0040, 0x431: 0x03f5, 0x432: 0x03f5, 0x433: 0x03f5, 0x434: 0x03f5, 0x435: 0x03f5,
+	0x436: 0x03f5, 0x437: 0x03f5, 0x438: 0x03f5, 0x439: 0x03f5, 0x43a: 0x03f5, 0x43b: 0x03f5,
+	0x43c: 0x03f5, 0x43d: 0x03f5, 0x43e: 0x03f5, 0x43f: 0x03f5,
+	// Block 0x11, offset 0x440
+	0x440: 0x0840, 0x441: 0x0840, 0x442: 0x0840, 0x443: 0x0840, 0x444: 0x0840, 0x445: 0x0840,
+	0x446: 0x0018, 0x447: 0x0018, 0x448: 0x0818, 0x449: 0x0018, 0x44a: 0x0018, 0x44b: 0x0818,
+	0x44c: 0x0018, 0x44d: 0x0818, 0x44e: 0x0018, 0x44f: 0x0018, 0x450: 0x3308, 0x451: 0x3308,
+	0x452: 0x3308, 0x453: 0x3308, 0x454: 0x3308, 0x455: 0x3308, 0x456: 0x3308, 0x457: 0x3308,
+	0x458: 0x3308, 0x459: 0x3308, 0x45a: 0x3308, 0x45b: 0x0818, 0x45c: 0x0b40, 0x45d: 0x0040,
+	0x45e: 0x0818, 0x45f: 0x0818, 0x460: 0x0a08, 0x461: 0x0808, 0x462: 0x0c08, 0x463: 0x0c08,
+	0x464: 0x0c08, 0x465: 0x0c08, 0x466: 0x0a08, 0x467: 0x0c08, 0x468: 0x0a08, 0x469: 0x0c08,
+	0x46a: 0x0a08, 0x46b: 0x0a08, 0x46c: 0x0a08, 0x46d: 0x0a08, 0x46e: 0x0a08, 0x46f: 0x0c08,
+	0x470: 0x0c08, 0x471: 0x0c08, 0x472: 0x0c08, 0x473: 0x0a08, 0x474: 0x0a08, 0x475: 0x0a08,
+	0x476: 0x0a08, 0x477: 0x0a08, 0x478: 0x0a08, 0x479: 0x0a08, 0x47a: 0x0a08, 0x47b: 0x0a08,
+	0x47c: 0x0a08, 0x47d: 0x0a08, 0x47e: 0x0a08, 0x47f: 0x0a08,
+	// Block 0x12, offset 0x480
+	0x480: 0x0818, 0x481: 0x0a08, 0x482: 0x0a08, 0x483: 0x0a08, 0x484: 0x0a08, 0x485: 0x0a08,
+	0x486: 0x0a08, 0x487: 0x0a08, 0x488: 0x0c08, 0x489: 0x0a08, 0x48a: 0x0a08, 0x48b: 0x3308,
+	0x48c: 0x3308, 0x48d: 0x3308, 0x48e: 0x3308, 0x48f: 0x3308, 0x490: 0x3308, 0x491: 0x3308,
+	0x492: 0x3308, 0x493: 0x3308, 0x494: 0x3308, 0x495: 0x3308, 0x496: 0x3308, 0x497: 0x3308,
+	0x498: 0x3308, 0x499: 0x3308, 0x49a: 0x3308, 0x49b: 0x3308, 0x49c: 0x3308, 0x49d: 0x3308,
+	0x49e: 0x3308, 0x49f: 0x3308, 0x4a0: 0x0808, 0x4a1: 0x0808, 0x4a2: 0x0808, 0x4a3: 0x0808,
+	0x4a4: 0x0808, 0x4a5: 0x0808, 0x4a6: 0x0808, 0x4a7: 0x0808, 0x4a8: 0x0808, 0x4a9: 0x0808,
+	0x4aa: 0x0018, 0x4ab: 0x0818, 0x4ac: 0x0818, 0x4ad: 0x0818, 0x4ae: 0x0a08, 0x4af: 0x0a08,
+	0x4b0: 0x3308, 0x4b1: 0x0c08, 0x4b2: 0x0c08, 0x4b3: 0x0c08, 0x4b4: 0x0808, 0x4b5: 0x0429,
+	0x4b6: 0x0451, 0x4b7: 0x0479, 0x4b8: 0x04a1, 0x4b9: 0x0a08, 0x4ba: 0x0a08, 0x4bb: 0x0a08,
+	0x4bc: 0x0a08, 0x4bd: 0x0a08, 0x4be: 0x0a08, 0x4bf: 0x0a08,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x0c08, 0x4c1: 0x0a08, 0x4c2: 0x0a08, 0x4c3: 0x0c08, 0x4c4: 0x0c08, 0x4c5: 0x0c08,
+	0x4c6: 0x0c08, 0x4c7: 0x0c08, 0x4c8: 0x0c08, 0x4c9: 0x0c08, 0x4ca: 0x0c08, 0x4cb: 0x0c08,
+	0x4cc: 0x0a08, 0x4cd: 0x0c08, 0x4ce: 0x0a08, 0x4cf: 0x0c08, 0x4d0: 0x0a08, 0x4d1: 0x0a08,
+	0x4d2: 0x0c08, 0x4d3: 0x0c08, 0x4d4: 0x0818, 0x4d5: 0x0c08, 0x4d6: 0x3308, 0x4d7: 0x3308,
+	0x4d8: 0x3308, 0x4d9: 0x3308, 0x4da: 0x3308, 0x4db: 0x3308, 0x4dc: 0x3308, 0x4dd: 0x0840,
+	0x4de: 0x0018, 0x4df: 0x3308, 0x4e0: 0x3308, 0x4e1: 0x3308, 0x4e2: 0x3308, 0x4e3: 0x3308,
+	0x4e4: 0x3308, 0x4e5: 0x0808, 0x4e6: 0x0808, 0x4e7: 0x3308, 0x4e8: 0x3308, 0x4e9: 0x0018,
+	0x4ea: 0x3308, 0x4eb: 0x3308, 0x4ec: 0x3308, 0x4ed: 0x3308, 0x4ee: 0x0c08, 0x4ef: 0x0c08,
+	0x4f0: 0x0008, 0x4f1: 0x0008, 0x4f2: 0x0008, 0x4f3: 0x0008, 0x4f4: 0x0008, 0x4f5: 0x0008,
+	0x4f6: 0x0008, 0x4f7: 0x0008, 0x4f8: 0x0008, 0x4f9: 0x0008, 0x4fa: 0x0a08, 0x4fb: 0x0a08,
+	0x4fc: 0x0a08, 0x4fd: 0x0808, 0x4fe: 0x0808, 0x4ff: 0x0a08,
+	// Block 0x14, offset 0x500
+	0x500: 0x0818, 0x501: 0x0818, 0x502: 0x0818, 0x503: 0x0818, 0x504: 0x0818, 0x505: 0x0818,
+	0x506: 0x0818, 0x507: 0x0818, 0x508: 0x0818, 0x509: 0x0818, 0x50a: 0x0818, 0x50b: 0x0818,
+	0x50c: 0x0818, 0x50d: 0x0818, 0x50e: 0x0040, 0x50f: 0x0b40, 0x510: 0x0c08, 0x511: 0x3308,
+	0x512: 0x0a08, 0x513: 0x0a08, 0x514: 0x0a08, 0x515: 0x0c08, 0x516: 0x0c08, 0x517: 0x0c08,
+	0x518: 0x0c08, 0x519: 0x0c08, 0x51a: 0x0a08, 0x51b: 0x0a08, 0x51c: 0x0a08, 0x51d: 0x0a08,
+	0x51e: 0x0c08, 0x51f: 0x0a08, 0x520: 0x0a08, 0x521: 0x0a08, 0x522: 0x0a08, 0x523: 0x0a08,
+	0x524: 0x0a08, 0x525: 0x0a08, 0x526: 0x0a08, 0x527: 0x0a08, 0x528: 0x0c08, 0x529: 0x0a08,
+	0x52a: 0x0c08, 0x52b: 0x0a08, 0x52c: 0x0c08, 0x52d: 0x0a08, 0x52e: 0x0a08, 0x52f: 0x0c08,
+	0x530: 0x3308, 0x531: 0x3308, 0x532: 0x3308, 0x533: 0x3308, 0x534: 0x3308, 0x535: 0x3308,
+	0x536: 0x3308, 0x537: 0x3308, 0x538: 0x3308, 0x539: 0x3308, 0x53a: 0x3308, 0x53b: 0x3308,
+	0x53c: 0x3308, 0x53d: 0x3308, 0x53e: 0x3308, 0x53f: 0x3308,
+	// Block 0x15, offset 0x540
+	0x540: 0x0c08, 0x541: 0x0a08, 0x542: 0x0a08, 0x543: 0x0a08, 0x544: 0x0a08, 0x545: 0x0a08,
+	0x546: 0x0c08, 0x547: 0x0c08, 0x548: 0x0a08, 0x549: 0x0c08, 0x54a: 0x0a08, 0x54b: 0x0a08,
+	0x54c: 0x0a08, 0x54d: 0x0a08, 0x54e: 0x0a08, 0x54f: 0x0a08, 0x550: 0x0a08, 0x551: 0x0a08,
+	0x552: 0x0a08, 0x553: 0x0a08, 0x554: 0x0c08, 0x555: 0x0a08, 0x556: 0x0808, 0x557: 0x0808,
+	0x558: 0x0808, 0x559: 0x3308, 0x55a: 0x3308, 0x55b: 0x3308, 0x55c: 0x0040, 0x55d: 0x0040,
+	0x55e: 0x0818, 0x55f: 0x0040, 0x560: 0x0a08, 0x561: 0x0808, 0x562: 0x0a08, 0x563: 0x0a08,
+	0x564: 0x0a08, 0x565: 0x0a08, 0x566: 0x0808, 0x567: 0x0c08, 0x568: 0x0a08, 0x569: 0x0c08,
+	0x56a: 0x0c08, 0x56b: 0x0040, 0x56c: 0x0040, 0x56d: 0x0040, 0x56e: 0x0040, 0x56f: 0x0040,
+	0x570: 0x0040, 0x571: 0x0040, 0x572: 0x0040, 0x573: 0x0040, 0x574: 0x0040, 0x575: 0x0040,
+	0x576: 0x0040, 0x577: 0x0040, 0x578: 0x0040, 0x579: 0x0040, 0x57a: 0x0040, 0x57b: 0x0040,
+	0x57c: 0x0040, 0x57d: 0x0040, 0x57e: 0x0040, 0x57f: 0x0040,
+	// Block 0x16, offset 0x580
+	0x580: 0x3008, 0x581: 0x3308, 0x582: 0x3308, 0x583: 0x3308, 0x584: 0x3308, 0x585: 0x3308,
+	0x586: 0x3308, 0x587: 0x3308, 0x588: 0x3308, 0x589: 0x3008, 0x58a: 0x3008, 0x58b: 0x3008,
+	0x58c: 0x3008, 0x58d: 0x3b08, 0x58e: 0x3008, 0x58f: 0x3008, 0x590: 0x0008, 0x591: 0x3308,
+	0x592: 0x3308, 0x593: 0x3308, 0x594: 0x3308, 0x595: 0x3308, 0x596: 0x3308, 0x597: 0x3308,
+	0x598: 0x04c9, 0x599: 0x0501, 0x59a: 0x0539, 0x59b: 0x0571, 0x59c: 0x05a9, 0x59d: 0x05e1,
+	0x59e: 0x0619, 0x59f: 0x0651, 0x5a0: 0x0008, 0x5a1: 0x0008, 0x5a2: 0x3308, 0x5a3: 0x3308,
+	0x5a4: 0x0018, 0x5a5: 0x0018, 0x5a6: 0x0008, 0x5a7: 0x0008, 0x5a8: 0x0008, 0x5a9: 0x0008,
+	0x5aa: 0x0008, 0x5ab: 0x0008, 0x5ac: 0x0008, 0x5ad: 0x0008, 0x5ae: 0x0008, 0x5af: 0x0008,
+	0x5b0: 0x0018, 0x5b1: 0x0008, 0x5b2: 0x0008, 0x5b3: 0x0008, 0x5b4: 0x0008, 0x5b5: 0x0008,
+	0x5b6: 0x0008, 0x5b7: 0x0008, 0x5b8: 0x0008, 0x5b9: 0x0008, 0x5ba: 0x0008, 0x5bb: 0x0008,
+	0x5bc: 0x0008, 0x5bd: 0x0008, 0x5be: 0x0008, 0x5bf: 0x0008,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x0008, 0x5c1: 0x3308, 0x5c2: 0x3008, 0x5c3: 0x3008, 0x5c4: 0x0040, 0x5c5: 0x0008,
+	0x5c6: 0x0008, 0x5c7: 0x0008, 0x5c8: 0x0008, 0x5c9: 0x0008, 0x5ca: 0x0008, 0x5cb: 0x0008,
+	0x5cc: 0x0008, 0x5cd: 0x0040, 0x5ce: 0x0040, 0x5cf: 0x0008, 0x5d0: 0x0008, 0x5d1: 0x0040,
+	0x5d2: 0x0040, 0x5d3: 0x0008, 0x5d4: 0x0008, 0x5d5: 0x0008, 0x5d6: 0x0008, 0x5d7: 0x0008,
+	0x5d8: 0x0008, 0x5d9: 0x0008, 0x5da: 0x0008, 0x5db: 0x0008, 0x5dc: 0x0008, 0x5dd: 0x0008,
+	0x5de: 0x0008, 0x5df: 0x0008, 0x5e0: 0x0008, 0x5e1: 0x0008, 0x5e2: 0x0008, 0x5e3: 0x0008,
+	0x5e4: 0x0008, 0x5e5: 0x0008, 0x5e6: 0x0008, 0x5e7: 0x0008, 0x5e8: 0x0008, 0x5e9: 0x0040,
+	0x5ea: 0x0008, 0x5eb: 0x0008, 0x5ec: 0x0008, 0x5ed: 0x0008, 0x5ee: 0x0008, 0x5ef: 0x0008,
+	0x5f0: 0x0008, 0x5f1: 0x0040, 0x5f2: 0x0008, 0x5f3: 0x0040, 0x5f4: 0x0040, 0x5f5: 0x0040,
+	0x5f6: 0x0008, 0x5f7: 0x0008, 0x5f8: 0x0008, 0x5f9: 0x0008, 0x5fa: 0x0040, 0x5fb: 0x0040,
+	0x5fc: 0x3308, 0x5fd: 0x0008, 0x5fe: 0x3008, 0x5ff: 0x3008,
+	// Block 0x18, offset 0x600
+	0x600: 0x3008, 0x601: 0x3308, 0x602: 0x3308, 0x603: 0x3308, 0x604: 0x3308, 0x605: 0x0040,
+	0x606: 0x0040, 0x607: 0x3008, 0x608: 0x3008, 0x609: 0x0040, 0x60a: 0x0040, 0x60b: 0x3008,
+	0x60c: 0x3008, 0x60d: 0x3b08, 0x60e: 0x0008, 0x60f: 0x0040, 0x610: 0x0040, 0x611: 0x0040,
+	0x612: 0x0040, 0x613: 0x0040, 0x614: 0x0040, 0x615: 0x0040, 0x616: 0x0040, 0x617: 0x3008,
+	0x618: 0x0040, 0x619: 0x0040, 0x61a: 0x0040, 0x61b: 0x0040, 0x61c: 0x0689, 0x61d: 0x06c1,
+	0x61e: 0x0040, 0x61f: 0x06f9, 0x620: 0x0008, 0x621: 0x0008, 0x622: 0x3308, 0x623: 0x3308,
+	0x624: 0x0040, 0x625: 0x0040, 0x626: 0x0008, 0x627: 0x0008, 0x628: 0x0008, 0x629: 0x0008,
+	0x62a: 0x0008, 0x62b: 0x0008, 0x62c: 0x0008, 0x62d: 0x0008, 0x62e: 0x0008, 0x62f: 0x0008,
+	0x630: 0x0008, 0x631: 0x0008, 0x632: 0x0018, 0x633: 0x0018, 0x634: 0x0018, 0x635: 0x0018,
+	0x636: 0x0018, 0x637: 0x0018, 0x638: 0x0018, 0x639: 0x0018, 0x63a: 0x0018, 0x63b: 0x0018,
+	0x63c: 0x0008, 0x63d: 0x0018, 0x63e: 0x3308, 0x63f: 0x0040,
+	// Block 0x19, offset 0x640
+	0x640: 0x0040, 0x641: 0x3308, 0x642: 0x3308, 0x643: 0x3008, 0x644: 0x0040, 0x645: 0x0008,
+	0x646: 0x0008, 0x647: 0x0008, 0x648: 0x0008, 0x649: 0x0008, 0x64a: 0x0008, 0x64b: 0x0040,
+	0x64c: 0x0040, 0x64d: 0x0040, 0x64e: 0x0040, 0x64f: 0x0008, 0x650: 0x0008, 0x651: 0x0040,
+	0x652: 0x0040, 0x653: 0x0008, 0x654: 0x0008, 0x655: 0x0008, 0x656: 0x0008, 0x657: 0x0008,
+	0x658: 0x0008, 0x659: 0x0008, 0x65a: 0x0008, 0x65b: 0x0008, 0x65c: 0x0008, 0x65d: 0x0008,
+	0x65e: 0x0008, 0x65f: 0x0008, 0x660: 0x0008, 0x661: 0x0008, 0x662: 0x0008, 0x663: 0x0008,
+	0x664: 0x0008, 0x665: 0x0008, 0x666: 0x0008, 0x667: 0x0008, 0x668: 0x0008, 0x669: 0x0040,
+	0x66a: 0x0008, 0x66b: 0x0008, 0x66c: 0x0008, 0x66d: 0x0008, 0x66e: 0x0008, 0x66f: 0x0008,
+	0x670: 0x0008, 0x671: 0x0040, 0x672: 0x0008, 0x673: 0x0731, 0x674: 0x0040, 0x675: 0x0008,
+	0x676: 0x0769, 0x677: 0x0040, 0x678: 0x0008, 0x679: 0x0008, 0x67a: 0x0040, 0x67b: 0x0040,
+	0x67c: 0x3308, 0x67d: 0x0040, 0x67e: 0x3008, 0x67f: 0x3008,
+	// Block 0x1a, offset 0x680
+	0x680: 0x3008, 0x681: 0x3308, 0x682: 0x3308, 0x683: 0x0040, 0x684: 0x0040, 0x685: 0x0040,
+	0x686: 0x0040, 0x687: 0x3308, 0x688: 0x3308, 0x689: 0x0040, 0x68a: 0x0040, 0x68b: 0x3308,
+	0x68c: 0x3308, 0x68d: 0x3b08, 0x68e: 0x0040, 0x68f: 0x0040, 0x690: 0x0040, 0x691: 0x3308,
+	0x692: 0x0040, 0x693: 0x0040, 0x694: 0x0040, 0x695: 0x0040, 0x696: 0x0040, 0x697: 0x0040,
+	0x698: 0x0040, 0x699: 0x07a1, 0x69a: 0x07d9, 0x69b: 0x0811, 0x69c: 0x0008, 0x69d: 0x0040,
+	0x69e: 0x0849, 0x69f: 0x0040, 0x6a0: 0x0040, 0x6a1: 0x0040, 0x6a2: 0x0040, 0x6a3: 0x0040,
+	0x6a4: 0x0040, 0x6a5: 0x0040, 0x6a6: 0x0008, 0x6a7: 0x0008, 0x6a8: 0x0008, 0x6a9: 0x0008,
+	0x6aa: 0x0008, 0x6ab: 0x0008, 0x6ac: 0x0008, 0x6ad: 0x0008, 0x6ae: 0x0008, 0x6af: 0x0008,
+	0x6b0: 0x3308, 0x6b1: 0x3308, 0x6b2: 0x0008, 0x6b3: 0x0008, 0x6b4: 0x0008, 0x6b5: 0x3308,
+	0x6b6: 0x0018, 0x6b7: 0x0040, 0x6b8: 0x0040, 0x6b9: 0x0040, 0x6ba: 0x0040, 0x6bb: 0x0040,
+	0x6bc: 0x0040, 0x6bd: 0x0040, 0x6be: 0x0040, 0x6bf: 0x0040,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x0040, 0x6c1: 0x3308, 0x6c2: 0x3308, 0x6c3: 0x3008, 0x6c4: 0x0040, 0x6c5: 0x0008,
+	0x6c6: 0x0008, 0x6c7: 0x0008, 0x6c8: 0x0008, 0x6c9: 0x0008, 0x6ca: 0x0008, 0x6cb: 0x0008,
+	0x6cc: 0x0008, 0x6cd: 0x0008, 0x6ce: 0x0040, 0x6cf: 0x0008, 0x6d0: 0x0008, 0x6d1: 0x0008,
+	0x6d2: 0x0040, 0x6d3: 0x0008, 0x6d4: 0x0008, 0x6d5: 0x0008, 0x6d6: 0x0008, 0x6d7: 0x0008,
+	0x6d8: 0x0008, 0x6d9: 0x0008, 0x6da: 0x0008, 0x6db: 0x0008, 0x6dc: 0x0008, 0x6dd: 0x0008,
+	0x6de: 0x0008, 0x6df: 0x0008, 0x6e0: 0x0008, 0x6e1: 0x0008, 0x6e2: 0x0008, 0x6e3: 0x0008,
+	0x6e4: 0x0008, 0x6e5: 0x0008, 0x6e6: 0x0008, 0x6e7: 0x0008, 0x6e8: 0x0008, 0x6e9: 0x0040,
+	0x6ea: 0x0008, 0x6eb: 0x0008, 0x6ec: 0x0008, 0x6ed: 0x0008, 0x6ee: 0x0008, 0x6ef: 0x0008,
+	0x6f0: 0x0008, 0x6f1: 0x0040, 0x6f2: 0x0008, 0x6f3: 0x0008, 0x6f4: 0x0040, 0x6f5: 0x0008,
+	0x6f6: 0x0008, 0x6f7: 0x0008, 0x6f8: 0x0008, 0x6f9: 0x0008, 0x6fa: 0x0040, 0x6fb: 0x0040,
+	0x6fc: 0x3308, 0x6fd: 0x0008, 0x6fe: 0x3008, 0x6ff: 0x3008,
+	// Block 0x1c, offset 0x700
+	0x700: 0x3008, 0x701: 0x3308, 0x702: 0x3308, 0x703: 0x3308, 0x704: 0x3308, 0x705: 0x3308,
+	0x706: 0x0040, 0x707: 0x3308, 0x708: 0x3308, 0x709: 0x3008, 0x70a: 0x0040, 0x70b: 0x3008,
+	0x70c: 0x3008, 0x70d: 0x3b08, 0x70e: 0x0040, 0x70f: 0x0040, 0x710: 0x0008, 0x711: 0x0040,
+	0x712: 0x0040, 0x713: 0x0040, 0x714: 0x0040, 0x715: 0x0040, 0x716: 0x0040, 0x717: 0x0040,
+	0x718: 0x0040, 0x719: 0x0040, 0x71a: 0x0040, 0x71b: 0x0040, 0x71c: 0x0040, 0x71d: 0x0040,
+	0x71e: 0x0040, 0x71f: 0x0040, 0x720: 0x0008, 0x721: 0x0008, 0x722: 0x3308, 0x723: 0x3308,
+	0x724: 0x0040, 0x725: 0x0040, 0x726: 0x0008, 0x727: 0x0008, 0x728: 0x0008, 0x729: 0x0008,
+	0x72a: 0x0008, 0x72b: 0x0008, 0x72c: 0x0008, 0x72d: 0x0008, 0x72e: 0x0008, 0x72f: 0x0008,
+	0x730: 0x0018, 0x731: 0x0018, 0x732: 0x0040, 0x733: 0x0040, 0x734: 0x0040, 0x735: 0x0040,
+	0x736: 0x0040, 0x737: 0x0040, 0x738: 0x0040, 0x739: 0x0008, 0x73a: 0x3308, 0x73b: 0x3308,
+	0x73c: 0x3308, 0x73d: 0x3308, 0x73e: 0x3308, 0x73f: 0x3308,
+	// Block 0x1d, offset 0x740
+	0x740: 0x0040, 0x741: 0x3308, 0x742: 0x3008, 0x743: 0x3008, 0x744: 0x0040, 0x745: 0x0008,
+	0x746: 0x0008, 0x747: 0x0008, 0x748: 0x0008, 0x749: 0x0008, 0x74a: 0x0008, 0x74b: 0x0008,
+	0x74c: 0x0008, 0x74d: 0x0040, 0x74e: 0x0040, 0x74f: 0x0008, 0x750: 0x0008, 0x751: 0x0040,
+	0x752: 0x0040, 0x753: 0x0008, 0x754: 0x0008, 0x755: 0x0008, 0x756: 0x0008, 0x757: 0x0008,
+	0x758: 0x0008, 0x759: 0x0008, 0x75a: 0x0008, 0x75b: 0x0008, 0x75c: 0x0008, 0x75d: 0x0008,
+	0x75e: 0x0008, 0x75f: 0x0008, 0x760: 0x0008, 0x761: 0x0008, 0x762: 0x0008, 0x763: 0x0008,
+	0x764: 0x0008, 0x765: 0x0008, 0x766: 0x0008, 0x767: 0x0008, 0x768: 0x0008, 0x769: 0x0040,
+	0x76a: 0x0008, 0x76b: 0x0008, 0x76c: 0x0008, 0x76d: 0x0008, 0x76e: 0x0008, 0x76f: 0x0008,
+	0x770: 0x0008, 0x771: 0x0040, 0x772: 0x0008, 0x773: 0x0008, 0x774: 0x0040, 0x775: 0x0008,
+	0x776: 0x0008, 0x777: 0x0008, 0x778: 0x0008, 0x779: 0x0008, 0x77a: 0x0040, 0x77b: 0x0040,
+	0x77c: 0x3308, 0x77d: 0x0008, 0x77e: 0x3008, 0x77f: 0x3308,
+	// Block 0x1e, offset 0x780
+	0x780: 0x3008, 0x781: 0x3308, 0x782: 0x3308, 0x783: 0x3308, 0x784: 0x3308, 0x785: 0x0040,
+	0x786: 0x0040, 0x787: 0x3008, 0x788: 0x3008, 0x789: 0x0040, 0x78a: 0x0040, 0x78b: 0x3008,
+	0x78c: 0x3008, 0x78d: 0x3b08, 0x78e: 0x0040, 0x78f: 0x0040, 0x790: 0x0040, 0x791: 0x0040,
+	0x792: 0x0040, 0x793: 0x0040, 0x794: 0x0040, 0x795: 0x0040, 0x796: 0x3308, 0x797: 0x3008,
+	0x798: 0x0040, 0x799: 0x0040, 0x79a: 0x0040, 0x79b: 0x0040, 0x79c: 0x0881, 0x79d: 0x08b9,
+	0x79e: 0x0040, 0x79f: 0x0008, 0x7a0: 0x0008, 0x7a1: 0x0008, 0x7a2: 0x3308, 0x7a3: 0x3308,
+	0x7a4: 0x0040, 0x7a5: 0x0040, 0x7a6: 0x0008, 0x7a7: 0x0008, 0x7a8: 0x0008, 0x7a9: 0x0008,
+	0x7aa: 0x0008, 0x7ab: 0x0008, 0x7ac: 0x0008, 0x7ad: 0x0008, 0x7ae: 0x0008, 0x7af: 0x0008,
+	0x7b0: 0x0018, 0x7b1: 0x0008, 0x7b2: 0x0018, 0x7b3: 0x0018, 0x7b4: 0x0018, 0x7b5: 0x0018,
+	0x7b6: 0x0018, 0x7b7: 0x0018, 0x7b8: 0x0040, 0x7b9: 0x0040, 0x7ba: 0x0040, 0x7bb: 0x0040,
+	0x7bc: 0x0040, 0x7bd: 0x0040, 0x7be: 0x0040, 0x7bf: 0x0040,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0x0040, 0x7c1: 0x0040, 0x7c2: 0x3308, 0x7c3: 0x0008, 0x7c4: 0x0040, 0x7c5: 0x0008,
+	0x7c6: 0x0008, 0x7c7: 0x0008, 0x7c8: 0x0008, 0x7c9: 0x0008, 0x7ca: 0x0008, 0x7cb: 0x0040,
+	0x7cc: 0x0040, 0x7cd: 0x0040, 0x7ce: 0x0008, 0x7cf: 0x0008, 0x7d0: 0x0008, 0x7d1: 0x0040,
+	0x7d2: 0x0008, 0x7d3: 0x0008, 0x7d4: 0x0008, 0x7d5: 0x0008, 0x7d6: 0x0040, 0x7d7: 0x0040,
+	0x7d8: 0x0040, 0x7d9: 0x0008, 0x7da: 0x0008, 0x7db: 0x0040, 0x7dc: 0x0008, 0x7dd: 0x0040,
+	0x7de: 0x0008, 0x7df: 0x0008, 0x7e0: 0x0040, 0x7e1: 0x0040, 0x7e2: 0x0040, 0x7e3: 0x0008,
+	0x7e4: 0x0008, 0x7e5: 0x0040, 0x7e6: 0x0040, 0x7e7: 0x0040, 0x7e8: 0x0008, 0x7e9: 0x0008,
+	0x7ea: 0x0008, 0x7eb: 0x0040, 0x7ec: 0x0040, 0x7ed: 0x0040, 0x7ee: 0x0008, 0x7ef: 0x0008,
+	0x7f0: 0x0008, 0x7f1: 0x0008, 0x7f2: 0x0008, 0x7f3: 0x0008, 0x7f4: 0x0008, 0x7f5: 0x0008,
+	0x7f6: 0x0008, 0x7f7: 0x0008, 0x7f8: 0x0008, 0x7f9: 0x0008, 0x7fa: 0x0040, 0x7fb: 0x0040,
+	0x7fc: 0x0040, 0x7fd: 0x0040, 0x7fe: 0x3008, 0x7ff: 0x3008,
+	// Block 0x20, offset 0x800
+	0x800: 0x3308, 0x801: 0x3008, 0x802: 0x3008, 0x803: 0x3008, 0x804: 0x3008, 0x805: 0x0040,
+	0x806: 0x3308, 0x807: 0x3308, 0x808: 0x3308, 0x809: 0x0040, 0x80a: 0x3308, 0x80b: 0x3308,
+	0x80c: 0x3308, 0x80d: 0x3b08, 0x80e: 0x0040, 0x80f: 0x0040, 0x810: 0x0040, 0x811: 0x0040,
+	0x812: 0x0040, 0x813: 0x0040, 0x814: 0x0040, 0x815: 0x3308, 0x816: 0x3308, 0x817: 0x0040,
+	0x818: 0x0008, 0x819: 0x0008, 0x81a: 0x0008, 0x81b: 0x0040, 0x81c: 0x0040, 0x81d: 0x0040,
+	0x81e: 0x0040, 0x81f: 0x0040, 0x820: 0x0008, 0x821: 0x0008, 0x822: 0x3308, 0x823: 0x3308,
+	0x824: 0x0040, 0x825: 0x0040, 0x826: 0x0008, 0x827: 0x0008, 0x828: 0x0008, 0x829: 0x0008,
+	0x82a: 0x0008, 0x82b: 0x0008, 0x82c: 0x0008, 0x82d: 0x0008, 0x82e: 0x0008, 0x82f: 0x0008,
+	0x830: 0x0040, 0x831: 0x0040, 0x832: 0x0040, 0x833: 0x0040, 0x834: 0x0040, 0x835: 0x0040,
+	0x836: 0x0040, 0x837: 0x0040, 0x838: 0x0018, 0x839: 0x0018, 0x83a: 0x0018, 0x83b: 0x0018,
+	0x83c: 0x0018, 0x83d: 0x0018, 0x83e: 0x0018, 0x83f: 0x0018,
+	// Block 0x21, offset 0x840
+	0x840: 0x0008, 0x841: 0x3308, 0x842: 0x3008, 0x843: 0x3008, 0x844: 0x0018, 0x845: 0x0008,
+	0x846: 0x0008, 0x847: 0x0008, 0x848: 0x0008, 0x849: 0x0008, 0x84a: 0x0008, 0x84b: 0x0008,
+	0x84c: 0x0008, 0x84d: 0x0040, 0x84e: 0x0008, 0x84f: 0x0008, 0x850: 0x0008, 0x851: 0x0040,
+	0x852: 0x0008, 0x853: 0x0008, 0x854: 0x0008, 0x855: 0x0008, 0x856: 0x0008, 0x857: 0x0008,
+	0x858: 0x0008, 0x859: 0x0008, 0x85a: 0x0008, 0x85b: 0x0008, 0x85c: 0x0008, 0x85d: 0x0008,
+	0x85e: 0x0008, 0x85f: 0x0008, 0x860: 0x0008, 0x861: 0x0008, 0x862: 0x0008, 0x863: 0x0008,
+	0x864: 0x0008, 0x865: 0x0008, 0x866: 0x0008, 0x867: 0x0008, 0x868: 0x0008, 0x869: 0x0040,
+	0x86a: 0x0008, 0x86b: 0x0008, 0x86c: 0x0008, 0x86d: 0x0008, 0x86e: 0x0008, 0x86f: 0x0008,
+	0x870: 0x0008, 0x871: 0x0008, 0x872: 0x0008, 0x873: 0x0008, 0x874: 0x0040, 0x875: 0x0008,
+	0x876: 0x0008, 0x877: 0x0008, 0x878: 0x0008, 0x879: 0x0008, 0x87a: 0x0040, 0x87b: 0x0040,
+	0x87c: 0x3308, 0x87d: 0x0008, 0x87e: 0x3008, 0x87f: 0x3308,
+	// Block 0x22, offset 0x880
+	0x880: 0x3008, 0x881: 0x3008, 0x882: 0x3008, 0x883: 0x3008, 0x884: 0x3008, 0x885: 0x0040,
+	0x886: 0x3308, 0x887: 0x3008, 0x888: 0x3008, 0x889: 0x0040, 0x88a: 0x3008, 0x88b: 0x3008,
+	0x88c: 0x3308, 0x88d: 0x3b08, 0x88e: 0x0040, 0x88f: 0x0040, 0x890: 0x0040, 0x891: 0x0040,
+	0x892: 0x0040, 0x893: 0x0040, 0x894: 0x0040, 0x895: 0x3008, 0x896: 0x3008, 0x897: 0x0040,
+	0x898: 0x0040, 0x899: 0x0040, 0x89a: 0x0040, 0x89b: 0x0040, 0x89c: 0x0040, 0x89d: 0x0040,
+	0x89e: 0x0008, 0x89f: 0x0040, 0x8a0: 0x0008, 0x8a1: 0x0008, 0x8a2: 0x3308, 0x8a3: 0x3308,
+	0x8a4: 0x0040, 0x8a5: 0x0040, 0x8a6: 0x0008, 0x8a7: 0x0008, 0x8a8: 0x0008, 0x8a9: 0x0008,
+	0x8aa: 0x0008, 0x8ab: 0x0008, 0x8ac: 0x0008, 0x8ad: 0x0008, 0x8ae: 0x0008, 0x8af: 0x0008,
+	0x8b0: 0x0040, 0x8b1: 0x0008, 0x8b2: 0x0008, 0x8b3: 0x0040, 0x8b4: 0x0040, 0x8b5: 0x0040,
+	0x8b6: 0x0040, 0x8b7: 0x0040, 0x8b8: 0x0040, 0x8b9: 0x0040, 0x8ba: 0x0040, 0x8bb: 0x0040,
+	0x8bc: 0x0040, 0x8bd: 0x0040, 0x8be: 0x0040, 0x8bf: 0x0040,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x3008, 0x8c1: 0x3308, 0x8c2: 0x3308, 0x8c3: 0x3308, 0x8c4: 0x3308, 0x8c5: 0x0040,
+	0x8c6: 0x3008, 0x8c7: 0x3008, 0x8c8: 0x3008, 0x8c9: 0x0040, 0x8ca: 0x3008, 0x8cb: 0x3008,
+	0x8cc: 0x3008, 0x8cd: 0x3b08, 0x8ce: 0x0008, 0x8cf: 0x0018, 0x8d0: 0x0040, 0x8d1: 0x0040,
+	0x8d2: 0x0040, 0x8d3: 0x0040, 0x8d4: 0x0008, 0x8d5: 0x0008, 0x8d6: 0x0008, 0x8d7: 0x3008,
+	0x8d8: 0x0018, 0x8d9: 0x0018, 0x8da: 0x0018, 0x8db: 0x0018, 0x8dc: 0x0018, 0x8dd: 0x0018,
+	0x8de: 0x0018, 0x8df: 0x0008, 0x8e0: 0x0008, 0x8e1: 0x0008, 0x8e2: 0x3308, 0x8e3: 0x3308,
+	0x8e4: 0x0040, 0x8e5: 0x0040, 0x8e6: 0x0008, 0x8e7: 0x0008, 0x8e8: 0x0008, 0x8e9: 0x0008,
+	0x8ea: 0x0008, 0x8eb: 0x0008, 0x8ec: 0x0008, 0x8ed: 0x0008, 0x8ee: 0x0008, 0x8ef: 0x0008,
+	0x8f0: 0x0018, 0x8f1: 0x0018, 0x8f2: 0x0018, 0x8f3: 0x0018, 0x8f4: 0x0018, 0x8f5: 0x0018,
+	0x8f6: 0x0018, 0x8f7: 0x0018, 0x8f8: 0x0018, 0x8f9: 0x0018, 0x8fa: 0x0008, 0x8fb: 0x0008,
+	0x8fc: 0x0008, 0x8fd: 0x0008, 0x8fe: 0x0008, 0x8ff: 0x0008,
+	// Block 0x24, offset 0x900
+	0x900: 0x0040, 0x901: 0x0008, 0x902: 0x0008, 0x903: 0x0040, 0x904: 0x0008, 0x905: 0x0040,
+	0x906: 0x0040, 0x907: 0x0008, 0x908: 0x0008, 0x909: 0x0040, 0x90a: 0x0008, 0x90b: 0x0040,
+	0x90c: 0x0040, 0x90d: 0x0008, 0x90e: 0x0040, 0x90f: 0x0040, 0x910: 0x0040, 0x911: 0x0040,
+	0x912: 0x0040, 0x913: 0x0040, 0x914: 0x0008, 0x915: 0x0008, 0x916: 0x0008, 0x917: 0x0008,
+	0x918: 0x0040, 0x919: 0x0008, 0x91a: 0x0008, 0x91b: 0x0008, 0x91c: 0x0008, 0x91d: 0x0008,
+	0x91e: 0x0008, 0x91f: 0x0008, 0x920: 0x0040, 0x921: 0x0008, 0x922: 0x0008, 0x923: 0x0008,
+	0x924: 0x0040, 0x925: 0x0008, 0x926: 0x0040, 0x927: 0x0008, 0x928: 0x0040, 0x929: 0x0040,
+	0x92a: 0x0008, 0x92b: 0x0008, 0x92c: 0x0040, 0x92d: 0x0008, 0x92e: 0x0008, 0x92f: 0x0008,
+	0x930: 0x0008, 0x931: 0x3308, 0x932: 0x0008, 0x933: 0x0929, 0x934: 0x3308, 0x935: 0x3308,
+	0x936: 0x3308, 0x937: 0x3308, 0x938: 0x3308, 0x939: 0x3308, 0x93a: 0x0040, 0x93b: 0x3308,
+	0x93c: 0x3308, 0x93d: 0x0008, 0x93e: 0x0040, 0x93f: 0x0040,
+	// Block 0x25, offset 0x940
+	0x940: 0x0008, 0x941: 0x0008, 0x942: 0x0008, 0x943: 0x09d1, 0x944: 0x0008, 0x945: 0x0008,
+	0x946: 0x0008, 0x947: 0x0008, 0x948: 0x0040, 0x949: 0x0008, 0x94a: 0x0008, 0x94b: 0x0008,
+	0x94c: 0x0008, 0x94d: 0x0a09, 0x94e: 0x0008, 0x94f: 0x0008, 0x950: 0x0008, 0x951: 0x0008,
+	0x952: 0x0a41, 0x953: 0x0008, 0x954: 0x0008, 0x955: 0x0008, 0x956: 0x0008, 0x957: 0x0a79,
+	0x958: 0x0008, 0x959: 0x0008, 0x95a: 0x0008, 0x95b: 0x0008, 0x95c: 0x0ab1, 0x95d: 0x0008,
+	0x95e: 0x0008, 0x95f: 0x0008, 0x960: 0x0008, 0x961: 0x0008, 0x962: 0x0008, 0x963: 0x0008,
+	0x964: 0x0008, 0x965: 0x0008, 0x966: 0x0008, 0x967: 0x0008, 0x968: 0x0008, 0x969: 0x0ae9,
+	0x96a: 0x0008, 0x96b: 0x0008, 0x96c: 0x0008, 0x96d: 0x0040, 0x96e: 0x0040, 0x96f: 0x0040,
+	0x970: 0x0040, 0x971: 0x3308, 0x972: 0x3308, 0x973: 0x0b21, 0x974: 0x3308, 0x975: 0x0b59,
+	0x976: 0x0b91, 0x977: 0x0bc9, 0x978: 0x0c19, 0x979: 0x0c51, 0x97a: 0x3308, 0x97b: 0x3308,
+	0x97c: 0x3308, 0x97d: 0x3308, 0x97e: 0x3308, 0x97f: 0x3008,
+	// Block 0x26, offset 0x980
+	0x980: 0x3308, 0x981: 0x0ca1, 0x982: 0x3308, 0x983: 0x3308, 0x984: 0x3b08, 0x985: 0x0018,
+	0x986: 0x3308, 0x987: 0x3308, 0x988: 0x0008, 0x989: 0x0008, 0x98a: 0x0008, 0x98b: 0x0008,
+	0x98c: 0x0008, 0x98d: 0x3308, 0x98e: 0x3308, 0x98f: 0x3308, 0x990: 0x3308, 0x991: 0x3308,
+	0x992: 0x3308, 0x993: 0x0cd9, 0x994: 0x3308, 0x995: 0x3308, 0x996: 0x3308, 0x997: 0x3308,
+	0x998: 0x0040, 0x999: 0x3308, 0x99a: 0x3308, 0x99b: 0x3308, 0x99c: 0x3308, 0x99d: 0x0d11,
+	0x99e: 0x3308, 0x99f: 0x3308, 0x9a0: 0x3308, 0x9a1: 0x3308, 0x9a2: 0x0d49, 0x9a3: 0x3308,
+	0x9a4: 0x3308, 0x9a5: 0x3308, 0x9a6: 0x3308, 0x9a7: 0x0d81, 0x9a8: 0x3308, 0x9a9: 0x3308,
+	0x9aa: 0x3308, 0x9ab: 0x3308, 0x9ac: 0x0db9, 0x9ad: 0x3308, 0x9ae: 0x3308, 0x9af: 0x3308,
+	0x9b0: 0x3308, 0x9b1: 0x3308, 0x9b2: 0x3308, 0x9b3: 0x3308, 0x9b4: 0x3308, 0x9b5: 0x3308,
+	0x9b6: 0x3308, 0x9b7: 0x3308, 0x9b8: 0x3308, 0x9b9: 0x0df1, 0x9ba: 0x3308, 0x9bb: 0x3308,
+	0x9bc: 0x3308, 0x9bd: 0x0040, 0x9be: 0x0018, 0x9bf: 0x0018,
+	// Block 0x27, offset 0x9c0
+	0x9c0: 0x0008, 0x9c1: 0x0008, 0x9c2: 0x0008, 0x9c3: 0x0008, 0x9c4: 0x0008, 0x9c5: 0x0008,
+	0x9c6: 0x0008, 0x9c7: 0x0008, 0x9c8: 0x0008, 0x9c9: 0x0008, 0x9ca: 0x0008, 0x9cb: 0x0008,
+	0x9cc: 0x0008, 0x9cd: 0x0008, 0x9ce: 0x0008, 0x9cf: 0x0008, 0x9d0: 0x0008, 0x9d1: 0x0008,
+	0x9d2: 0x0008, 0x9d3: 0x0008, 0x9d4: 0x0008, 0x9d5: 0x0008, 0x9d6: 0x0008, 0x9d7: 0x0008,
+	0x9d8: 0x0008, 0x9d9: 0x0008, 0x9da: 0x0008, 0x9db: 0x0008, 0x9dc: 0x0008, 0x9dd: 0x0008,
+	0x9de: 0x0008, 0x9df: 0x0008, 0x9e0: 0x0008, 0x9e1: 0x0008, 0x9e2: 0x0008, 0x9e3: 0x0008,
+	0x9e4: 0x0008, 0x9e5: 0x0008, 0x9e6: 0x0008, 0x9e7: 0x0008, 0x9e8: 0x0008, 0x9e9: 0x0008,
+	0x9ea: 0x0008, 0x9eb: 0x0008, 0x9ec: 0x0039, 0x9ed: 0x0ed1, 0x9ee: 0x0ee9, 0x9ef: 0x0008,
+	0x9f0: 0x0ef9, 0x9f1: 0x0f09, 0x9f2: 0x0f19, 0x9f3: 0x0f31, 0x9f4: 0x0249, 0x9f5: 0x0f41,
+	0x9f6: 0x0259, 0x9f7: 0x0f51, 0x9f8: 0x0359, 0x9f9: 0x0f61, 0x9fa: 0x0f71, 0x9fb: 0x0008,
+	0x9fc: 0x00d9, 0x9fd: 0x0f81, 0x9fe: 0x0f99, 0x9ff: 0x0269,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x0fa9, 0xa01: 0x0fb9, 0xa02: 0x0279, 0xa03: 0x0039, 0xa04: 0x0fc9, 0xa05: 0x0fe1,
+	0xa06: 0x059d, 0xa07: 0x0ee9, 0xa08: 0x0ef9, 0xa09: 0x0f09, 0xa0a: 0x0ff9, 0xa0b: 0x1011,
+	0xa0c: 0x1029, 0xa0d: 0x0f31, 0xa0e: 0x0008, 0xa0f: 0x0f51, 0xa10: 0x0f61, 0xa11: 0x1041,
+	0xa12: 0x00d9, 0xa13: 0x1059, 0xa14: 0x05b5, 0xa15: 0x05b5, 0xa16: 0x0f99, 0xa17: 0x0fa9,
+	0xa18: 0x0fb9, 0xa19: 0x059d, 0xa1a: 0x1071, 0xa1b: 0x1089, 0xa1c: 0x05cd, 0xa1d: 0x1099,
+	0xa1e: 0x10b1, 0xa1f: 0x10c9, 0xa20: 0x10e1, 0xa21: 0x10f9, 0xa22: 0x0f41, 0xa23: 0x0269,
+	0xa24: 0x0fb9, 0xa25: 0x1089, 0xa26: 0x1099, 0xa27: 0x10b1, 0xa28: 0x1111, 0xa29: 0x10e1,
+	0xa2a: 0x10f9, 0xa2b: 0x0008, 0xa2c: 0x0008, 0xa2d: 0x0008, 0xa2e: 0x0008, 0xa2f: 0x0008,
+	0xa30: 0x0008, 0xa31: 0x0008, 0xa32: 0x0008, 0xa33: 0x0008, 0xa34: 0x0008, 0xa35: 0x0008,
+	0xa36: 0x0008, 0xa37: 0x0008, 0xa38: 0x1129, 0xa39: 0x0008, 0xa3a: 0x0008, 0xa3b: 0x0008,
+	0xa3c: 0x0008, 0xa3d: 0x0008, 0xa3e: 0x0008, 0xa3f: 0x0008,
+	// Block 0x29, offset 0xa40
+	0xa40: 0x0008, 0xa41: 0x0008, 0xa42: 0x0008, 0xa43: 0x0008, 0xa44: 0x0008, 0xa45: 0x0008,
+	0xa46: 0x0008, 0xa47: 0x0008, 0xa48: 0x0008, 0xa49: 0x0008, 0xa4a: 0x0008, 0xa4b: 0x0008,
+	0xa4c: 0x0008, 0xa4d: 0x0008, 0xa4e: 0x0008, 0xa4f: 0x0008, 0xa50: 0x0008, 0xa51: 0x0008,
+	0xa52: 0x0008, 0xa53: 0x0008, 0xa54: 0x0008, 0xa55: 0x0008, 0xa56: 0x0008, 0xa57: 0x0008,
+	0xa58: 0x0008, 0xa59: 0x0008, 0xa5a: 0x0008, 0xa5b: 0x1141, 0xa5c: 0x1159, 0xa5d: 0x1169,
+	0xa5e: 0x1181, 0xa5f: 0x1029, 0xa60: 0x1199, 0xa61: 0x11a9, 0xa62: 0x11c1, 0xa63: 0x11d9,
+	0xa64: 0x11f1, 0xa65: 0x1209, 0xa66: 0x1221, 0xa67: 0x05e5, 0xa68: 0x1239, 0xa69: 0x1251,
+	0xa6a: 0xe17d, 0xa6b: 0x1269, 0xa6c: 0x1281, 0xa6d: 0x1299, 0xa6e: 0x12b1, 0xa6f: 0x12c9,
+	0xa70: 0x12e1, 0xa71: 0x12f9, 0xa72: 0x1311, 0xa73: 0x1329, 0xa74: 0x1341, 0xa75: 0x1359,
+	0xa76: 0x1371, 0xa77: 0x1389, 0xa78: 0x05fd, 0xa79: 0x13a1, 0xa7a: 0x13b9, 0xa7b: 0x13d1,
+	0xa7c: 0x13e1, 0xa7d: 0x13f9, 0xa7e: 0x1411, 0xa7f: 0x1429,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0xe00d, 0xa81: 0x0008, 0xa82: 0xe00d, 0xa83: 0x0008, 0xa84: 0xe00d, 0xa85: 0x0008,
+	0xa86: 0xe00d, 0xa87: 0x0008, 0xa88: 0xe00d, 0xa89: 0x0008, 0xa8a: 0xe00d, 0xa8b: 0x0008,
+	0xa8c: 0xe00d, 0xa8d: 0x0008, 0xa8e: 0xe00d, 0xa8f: 0x0008, 0xa90: 0xe00d, 0xa91: 0x0008,
+	0xa92: 0xe00d, 0xa93: 0x0008, 0xa94: 0xe00d, 0xa95: 0x0008, 0xa96: 0xe00d, 0xa97: 0x0008,
+	0xa98: 0xe00d, 0xa99: 0x0008, 0xa9a: 0xe00d, 0xa9b: 0x0008, 0xa9c: 0xe00d, 0xa9d: 0x0008,
+	0xa9e: 0xe00d, 0xa9f: 0x0008, 0xaa0: 0xe00d, 0xaa1: 0x0008, 0xaa2: 0xe00d, 0xaa3: 0x0008,
+	0xaa4: 0xe00d, 0xaa5: 0x0008, 0xaa6: 0xe00d, 0xaa7: 0x0008, 0xaa8: 0xe00d, 0xaa9: 0x0008,
+	0xaaa: 0xe00d, 0xaab: 0x0008, 0xaac: 0xe00d, 0xaad: 0x0008, 0xaae: 0xe00d, 0xaaf: 0x0008,
+	0xab0: 0xe00d, 0xab1: 0x0008, 0xab2: 0xe00d, 0xab3: 0x0008, 0xab4: 0xe00d, 0xab5: 0x0008,
+	0xab6: 0xe00d, 0xab7: 0x0008, 0xab8: 0xe00d, 0xab9: 0x0008, 0xaba: 0xe00d, 0xabb: 0x0008,
+	0xabc: 0xe00d, 0xabd: 0x0008, 0xabe: 0xe00d, 0xabf: 0x0008,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0xe00d, 0xac1: 0x0008, 0xac2: 0xe00d, 0xac3: 0x0008, 0xac4: 0xe00d, 0xac5: 0x0008,
+	0xac6: 0xe00d, 0xac7: 0x0008, 0xac8: 0xe00d, 0xac9: 0x0008, 0xaca: 0xe00d, 0xacb: 0x0008,
+	0xacc: 0xe00d, 0xacd: 0x0008, 0xace: 0xe00d, 0xacf: 0x0008, 0xad0: 0xe00d, 0xad1: 0x0008,
+	0xad2: 0xe00d, 0xad3: 0x0008, 0xad4: 0xe00d, 0xad5: 0x0008, 0xad6: 0x0008, 0xad7: 0x0008,
+	0xad8: 0x0008, 0xad9: 0x0008, 0xada: 0x0615, 0xadb: 0x0635, 0xadc: 0x0008, 0xadd: 0x0008,
+	0xade: 0x1441, 0xadf: 0x0008, 0xae0: 0xe00d, 0xae1: 0x0008, 0xae2: 0xe00d, 0xae3: 0x0008,
+	0xae4: 0xe00d, 0xae5: 0x0008, 0xae6: 0xe00d, 0xae7: 0x0008, 0xae8: 0xe00d, 0xae9: 0x0008,
+	0xaea: 0xe00d, 0xaeb: 0x0008, 0xaec: 0xe00d, 0xaed: 0x0008, 0xaee: 0xe00d, 0xaef: 0x0008,
+	0xaf0: 0xe00d, 0xaf1: 0x0008, 0xaf2: 0xe00d, 0xaf3: 0x0008, 0xaf4: 0xe00d, 0xaf5: 0x0008,
+	0xaf6: 0xe00d, 0xaf7: 0x0008, 0xaf8: 0xe00d, 0xaf9: 0x0008, 0xafa: 0xe00d, 0xafb: 0x0008,
+	0xafc: 0xe00d, 0xafd: 0x0008, 0xafe: 0xe00d, 0xaff: 0x0008,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x0008, 0xb01: 0x0008, 0xb02: 0x0008, 0xb03: 0x0008, 0xb04: 0x0008, 0xb05: 0x0008,
+	0xb06: 0x0040, 0xb07: 0x0040, 0xb08: 0xe045, 0xb09: 0xe045, 0xb0a: 0xe045, 0xb0b: 0xe045,
+	0xb0c: 0xe045, 0xb0d: 0xe045, 0xb0e: 0x0040, 0xb0f: 0x0040, 0xb10: 0x0008, 0xb11: 0x0008,
+	0xb12: 0x0008, 0xb13: 0x0008, 0xb14: 0x0008, 0xb15: 0x0008, 0xb16: 0x0008, 0xb17: 0x0008,
+	0xb18: 0x0040, 0xb19: 0xe045, 0xb1a: 0x0040, 0xb1b: 0xe045, 0xb1c: 0x0040, 0xb1d: 0xe045,
+	0xb1e: 0x0040, 0xb1f: 0xe045, 0xb20: 0x0008, 0xb21: 0x0008, 0xb22: 0x0008, 0xb23: 0x0008,
+	0xb24: 0x0008, 0xb25: 0x0008, 0xb26: 0x0008, 0xb27: 0x0008, 0xb28: 0xe045, 0xb29: 0xe045,
+	0xb2a: 0xe045, 0xb2b: 0xe045, 0xb2c: 0xe045, 0xb2d: 0xe045, 0xb2e: 0xe045, 0xb2f: 0xe045,
+	0xb30: 0x0008, 0xb31: 0x1459, 0xb32: 0x0008, 0xb33: 0x1471, 0xb34: 0x0008, 0xb35: 0x1489,
+	0xb36: 0x0008, 0xb37: 0x14a1, 0xb38: 0x0008, 0xb39: 0x14b9, 0xb3a: 0x0008, 0xb3b: 0x14d1,
+	0xb3c: 0x0008, 0xb3d: 0x14e9, 0xb3e: 0x0040, 0xb3f: 0x0040,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x1501, 0xb41: 0x1531, 0xb42: 0x1561, 0xb43: 0x1591, 0xb44: 0x15c1, 0xb45: 0x15f1,
+	0xb46: 0x1621, 0xb47: 0x1651, 0xb48: 0x1501, 0xb49: 0x1531, 0xb4a: 0x1561, 0xb4b: 0x1591,
+	0xb4c: 0x15c1, 0xb4d: 0x15f1, 0xb4e: 0x1621, 0xb4f: 0x1651, 0xb50: 0x1681, 0xb51: 0x16b1,
+	0xb52: 0x16e1, 0xb53: 0x1711, 0xb54: 0x1741, 0xb55: 0x1771, 0xb56: 0x17a1, 0xb57: 0x17d1,
+	0xb58: 0x1681, 0xb59: 0x16b1, 0xb5a: 0x16e1, 0xb5b: 0x1711, 0xb5c: 0x1741, 0xb5d: 0x1771,
+	0xb5e: 0x17a1, 0xb5f: 0x17d1, 0xb60: 0x1801, 0xb61: 0x1831, 0xb62: 0x1861, 0xb63: 0x1891,
+	0xb64: 0x18c1, 0xb65: 0x18f1, 0xb66: 0x1921, 0xb67: 0x1951, 0xb68: 0x1801, 0xb69: 0x1831,
+	0xb6a: 0x1861, 0xb6b: 0x1891, 0xb6c: 0x18c1, 0xb6d: 0x18f1, 0xb6e: 0x1921, 0xb6f: 0x1951,
+	0xb70: 0x0008, 0xb71: 0x0008, 0xb72: 0x1981, 0xb73: 0x19b1, 0xb74: 0x19d9, 0xb75: 0x0040,
+	0xb76: 0x0008, 0xb77: 0x1a01, 0xb78: 0xe045, 0xb79: 0xe045, 0xb7a: 0x064d, 0xb7b: 0x1459,
+	0xb7c: 0x19b1, 0xb7d: 0x0666, 0xb7e: 0x1a31, 0xb7f: 0x0686,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x06a6, 0xb81: 0x1a4a, 0xb82: 0x1a79, 0xb83: 0x1aa9, 0xb84: 0x1ad1, 0xb85: 0x0040,
+	0xb86: 0x0008, 0xb87: 0x1af9, 0xb88: 0x06c5, 0xb89: 0x1471, 0xb8a: 0x06dd, 0xb8b: 0x1489,
+	0xb8c: 0x1aa9, 0xb8d: 0x1b2a, 0xb8e: 0x1b5a, 0xb8f: 0x1b8a, 0xb90: 0x0008, 0xb91: 0x0008,
+	0xb92: 0x0008, 0xb93: 0x1bb9, 0xb94: 0x0040, 0xb95: 0x0040, 0xb96: 0x0008, 0xb97: 0x0008,
+	0xb98: 0xe045, 0xb99: 0xe045, 0xb9a: 0x06f5, 0xb9b: 0x14a1, 0xb9c: 0x0040, 0xb9d: 0x1bd2,
+	0xb9e: 0x1c02, 0xb9f: 0x1c32, 0xba0: 0x0008, 0xba1: 0x0008, 0xba2: 0x0008, 0xba3: 0x1c61,
+	0xba4: 0x0008, 0xba5: 0x0008, 0xba6: 0x0008, 0xba7: 0x0008, 0xba8: 0xe045, 0xba9: 0xe045,
+	0xbaa: 0x070d, 0xbab: 0x14d1, 0xbac: 0xe04d, 0xbad: 0x1c7a, 0xbae: 0x03d2, 0xbaf: 0x1caa,
+	0xbb0: 0x0040, 0xbb1: 0x0040, 0xbb2: 0x1cb9, 0xbb3: 0x1ce9, 0xbb4: 0x1d11, 0xbb5: 0x0040,
+	0xbb6: 0x0008, 0xbb7: 0x1d39, 0xbb8: 0x0725, 0xbb9: 0x14b9, 0xbba: 0x0515, 0xbbb: 0x14e9,
+	0xbbc: 0x1ce9, 0xbbd: 0x073e, 0xbbe: 0x075e, 0xbbf: 0x0040,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x000a, 0xbc1: 0x000a, 0xbc2: 0x000a, 0xbc3: 0x000a, 0xbc4: 0x000a, 0xbc5: 0x000a,
+	0xbc6: 0x000a, 0xbc7: 0x000a, 0xbc8: 0x000a, 0xbc9: 0x000a, 0xbca: 0x000a, 0xbcb: 0x03c0,
+	0xbcc: 0x0003, 0xbcd: 0x0003, 0xbce: 0x0340, 0xbcf: 0x0b40, 0xbd0: 0x0018, 0xbd1: 0xe00d,
+	0xbd2: 0x0018, 0xbd3: 0x0018, 0xbd4: 0x0018, 0xbd5: 0x0018, 0xbd6: 0x0018, 0xbd7: 0x077e,
+	0xbd8: 0x0018, 0xbd9: 0x0018, 0xbda: 0x0018, 0xbdb: 0x0018, 0xbdc: 0x0018, 0xbdd: 0x0018,
+	0xbde: 0x0018, 0xbdf: 0x0018, 0xbe0: 0x0018, 0xbe1: 0x0018, 0xbe2: 0x0018, 0xbe3: 0x0018,
+	0xbe4: 0x0040, 0xbe5: 0x0040, 0xbe6: 0x0040, 0xbe7: 0x0018, 0xbe8: 0x0040, 0xbe9: 0x0040,
+	0xbea: 0x0340, 0xbeb: 0x0340, 0xbec: 0x0340, 0xbed: 0x0340, 0xbee: 0x0340, 0xbef: 0x000a,
+	0xbf0: 0x0018, 0xbf1: 0x0018, 0xbf2: 0x0018, 0xbf3: 0x1d69, 0xbf4: 0x1da1, 0xbf5: 0x0018,
+	0xbf6: 0x1df1, 0xbf7: 0x1e29, 0xbf8: 0x0018, 0xbf9: 0x0018, 0xbfa: 0x0018, 0xbfb: 0x0018,
+	0xbfc: 0x1e7a, 0xbfd: 0x0018, 0xbfe: 0x079e, 0xbff: 0x0018,
+	// Block 0x30, offset 0xc00
+	0xc00: 0x0018, 0xc01: 0x0018, 0xc02: 0x0018, 0xc03: 0x0018, 0xc04: 0x0018, 0xc05: 0x0018,
+	0xc06: 0x0018, 0xc07: 0x1e92, 0xc08: 0x1eaa, 0xc09: 0x1ec2, 0xc0a: 0x0018, 0xc0b: 0x0018,
+	0xc0c: 0x0018, 0xc0d: 0x0018, 0xc0e: 0x0018, 0xc0f: 0x0018, 0xc10: 0x0018, 0xc11: 0x0018,
+	0xc12: 0x0018, 0xc13: 0x0018, 0xc14: 0x0018, 0xc15: 0x0018, 0xc16: 0x0018, 0xc17: 0x1ed9,
+	0xc18: 0x0018, 0xc19: 0x0018, 0xc1a: 0x0018, 0xc1b: 0x0018, 0xc1c: 0x0018, 0xc1d: 0x0018,
+	0xc1e: 0x0018, 0xc1f: 0x000a, 0xc20: 0x03c0, 0xc21: 0x0340, 0xc22: 0x0340, 0xc23: 0x0340,
+	0xc24: 0x03c0, 0xc25: 0x0040, 0xc26: 0x0040, 0xc27: 0x0040, 0xc28: 0x0040, 0xc29: 0x0040,
+	0xc2a: 0x0340, 0xc2b: 0x0340, 0xc2c: 0x0340, 0xc2d: 0x0340, 0xc2e: 0x0340, 0xc2f: 0x0340,
+	0xc30: 0x1f41, 0xc31: 0x0f41, 0xc32: 0x0040, 0xc33: 0x0040, 0xc34: 0x1f51, 0xc35: 0x1f61,
+	0xc36: 0x1f71, 0xc37: 0x1f81, 0xc38: 0x1f91, 0xc39: 0x1fa1, 0xc3a: 0x1fb2, 0xc3b: 0x07bd,
+	0xc3c: 0x1fc2, 0xc3d: 0x1fd2, 0xc3e: 0x1fe2, 0xc3f: 0x0f71,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x1f41, 0xc41: 0x00c9, 0xc42: 0x0069, 0xc43: 0x0079, 0xc44: 0x1f51, 0xc45: 0x1f61,
+	0xc46: 0x1f71, 0xc47: 0x1f81, 0xc48: 0x1f91, 0xc49: 0x1fa1, 0xc4a: 0x1fb2, 0xc4b: 0x07d5,
+	0xc4c: 0x1fc2, 0xc4d: 0x1fd2, 0xc4e: 0x1fe2, 0xc4f: 0x0040, 0xc50: 0x0039, 0xc51: 0x0f09,
+	0xc52: 0x00d9, 0xc53: 0x0369, 0xc54: 0x0ff9, 0xc55: 0x0249, 0xc56: 0x0f51, 0xc57: 0x0359,
+	0xc58: 0x0f61, 0xc59: 0x0f71, 0xc5a: 0x0f99, 0xc5b: 0x01d9, 0xc5c: 0x0fa9, 0xc5d: 0x0040,
+	0xc5e: 0x0040, 0xc5f: 0x0040, 0xc60: 0x0018, 0xc61: 0x0018, 0xc62: 0x0018, 0xc63: 0x0018,
+	0xc64: 0x0018, 0xc65: 0x0018, 0xc66: 0x0018, 0xc67: 0x0018, 0xc68: 0x1ff1, 0xc69: 0x0018,
+	0xc6a: 0x0018, 0xc6b: 0x0018, 0xc6c: 0x0018, 0xc6d: 0x0018, 0xc6e: 0x0018, 0xc6f: 0x0018,
+	0xc70: 0x0018, 0xc71: 0x0018, 0xc72: 0x0018, 0xc73: 0x0018, 0xc74: 0x0018, 0xc75: 0x0018,
+	0xc76: 0x0018, 0xc77: 0x0018, 0xc78: 0x0018, 0xc79: 0x0018, 0xc7a: 0x0018, 0xc7b: 0x0018,
+	0xc7c: 0x0018, 0xc7d: 0x0018, 0xc7e: 0x0018, 0xc7f: 0x0018,
+	// Block 0x32, offset 0xc80
+	0xc80: 0x07ee, 0xc81: 0x080e, 0xc82: 0x1159, 0xc83: 0x082d, 0xc84: 0x0018, 0xc85: 0x084e,
+	0xc86: 0x086e, 0xc87: 0x1011, 0xc88: 0x0018, 0xc89: 0x088d, 0xc8a: 0x0f31, 0xc8b: 0x0249,
+	0xc8c: 0x0249, 0xc8d: 0x0249, 0xc8e: 0x0249, 0xc8f: 0x2009, 0xc90: 0x0f41, 0xc91: 0x0f41,
+	0xc92: 0x0359, 0xc93: 0x0359, 0xc94: 0x0018, 0xc95: 0x0f71, 0xc96: 0x2021, 0xc97: 0x0018,
+	0xc98: 0x0018, 0xc99: 0x0f99, 0xc9a: 0x2039, 0xc9b: 0x0269, 0xc9c: 0x0269, 0xc9d: 0x0269,
+	0xc9e: 0x0018, 0xc9f: 0x0018, 0xca0: 0x2049, 0xca1: 0x08ad, 0xca2: 0x2061, 0xca3: 0x0018,
+	0xca4: 0x13d1, 0xca5: 0x0018, 0xca6: 0x2079, 0xca7: 0x0018, 0xca8: 0x13d1, 0xca9: 0x0018,
+	0xcaa: 0x0f51, 0xcab: 0x2091, 0xcac: 0x0ee9, 0xcad: 0x1159, 0xcae: 0x0018, 0xcaf: 0x0f09,
+	0xcb0: 0x0f09, 0xcb1: 0x1199, 0xcb2: 0x0040, 0xcb3: 0x0f61, 0xcb4: 0x00d9, 0xcb5: 0x20a9,
+	0xcb6: 0x20c1, 0xcb7: 0x20d9, 0xcb8: 0x20f1, 0xcb9: 0x0f41, 0xcba: 0x0018, 0xcbb: 0x08cd,
+	0xcbc: 0x2109, 0xcbd: 0x10b1, 0xcbe: 0x10b1, 0xcbf: 0x2109,
+	// Block 0x33, offset 0xcc0
+	0xcc0: 0x08ed, 0xcc1: 0x0018, 0xcc2: 0x0018, 0xcc3: 0x0018, 0xcc4: 0x0018, 0xcc5: 0x0ef9,
+	0xcc6: 0x0ef9, 0xcc7: 0x0f09, 0xcc8: 0x0f41, 0xcc9: 0x0259, 0xcca: 0x0018, 0xccb: 0x0018,
+	0xccc: 0x0018, 0xccd: 0x0018, 0xcce: 0x0008, 0xccf: 0x0018, 0xcd0: 0x2121, 0xcd1: 0x2151,
+	0xcd2: 0x2181, 0xcd3: 0x21b9, 0xcd4: 0x21e9, 0xcd5: 0x2219, 0xcd6: 0x2249, 0xcd7: 0x2279,
+	0xcd8: 0x22a9, 0xcd9: 0x22d9, 0xcda: 0x2309, 0xcdb: 0x2339, 0xcdc: 0x2369, 0xcdd: 0x2399,
+	0xcde: 0x23c9, 0xcdf: 0x23f9, 0xce0: 0x0f41, 0xce1: 0x2421, 0xce2: 0x0905, 0xce3: 0x2439,
+	0xce4: 0x1089, 0xce5: 0x2451, 0xce6: 0x0925, 0xce7: 0x2469, 0xce8: 0x2491, 0xce9: 0x0369,
+	0xcea: 0x24a9, 0xceb: 0x0945, 0xcec: 0x0359, 0xced: 0x1159, 0xcee: 0x0ef9, 0xcef: 0x0f61,
+	0xcf0: 0x0f41, 0xcf1: 0x2421, 0xcf2: 0x0965, 0xcf3: 0x2439, 0xcf4: 0x1089, 0xcf5: 0x2451,
+	0xcf6: 0x0985, 0xcf7: 0x2469, 0xcf8: 0x2491, 0xcf9: 0x0369, 0xcfa: 0x24a9, 0xcfb: 0x09a5,
+	0xcfc: 0x0359, 0xcfd: 0x1159, 0xcfe: 0x0ef9, 0xcff: 0x0f61,
+	// Block 0x34, offset 0xd00
+	0xd00: 0x0018, 0xd01: 0x0018, 0xd02: 0x0018, 0xd03: 0x0018, 0xd04: 0x0018, 0xd05: 0x0018,
+	0xd06: 0x0018, 0xd07: 0x0018, 0xd08: 0x0018, 0xd09: 0x0018, 0xd0a: 0x0018, 0xd0b: 0x0040,
+	0xd0c: 0x0040, 0xd0d: 0x0040, 0xd0e: 0x0040, 0xd0f: 0x0040, 0xd10: 0x0040, 0xd11: 0x0040,
+	0xd12: 0x0040, 0xd13: 0x0040, 0xd14: 0x0040, 0xd15: 0x0040, 0xd16: 0x0040, 0xd17: 0x0040,
+	0xd18: 0x0040, 0xd19: 0x0040, 0xd1a: 0x0040, 0xd1b: 0x0040, 0xd1c: 0x0040, 0xd1d: 0x0040,
+	0xd1e: 0x0040, 0xd1f: 0x0040, 0xd20: 0x00c9, 0xd21: 0x0069, 0xd22: 0x0079, 0xd23: 0x1f51,
+	0xd24: 0x1f61, 0xd25: 0x1f71, 0xd26: 0x1f81, 0xd27: 0x1f91, 0xd28: 0x1fa1, 0xd29: 0x2601,
+	0xd2a: 0x2619, 0xd2b: 0x2631, 0xd2c: 0x2649, 0xd2d: 0x2661, 0xd2e: 0x2679, 0xd2f: 0x2691,
+	0xd30: 0x26a9, 0xd31: 0x26c1, 0xd32: 0x26d9, 0xd33: 0x26f1, 0xd34: 0x0a06, 0xd35: 0x0a26,
+	0xd36: 0x0a46, 0xd37: 0x0a66, 0xd38: 0x0a86, 0xd39: 0x0aa6, 0xd3a: 0x0ac6, 0xd3b: 0x0ae6,
+	0xd3c: 0x0b06, 0xd3d: 0x270a, 0xd3e: 0x2732, 0xd3f: 0x275a,
+	// Block 0x35, offset 0xd40
+	0xd40: 0x2782, 0xd41: 0x27aa, 0xd42: 0x27d2, 0xd43: 0x27fa, 0xd44: 0x2822, 0xd45: 0x284a,
+	0xd46: 0x2872, 0xd47: 0x289a, 0xd48: 0x0040, 0xd49: 0x0040, 0xd4a: 0x0040, 0xd4b: 0x0040,
+	0xd4c: 0x0040, 0xd4d: 0x0040, 0xd4e: 0x0040, 0xd4f: 0x0040, 0xd50: 0x0040, 0xd51: 0x0040,
+	0xd52: 0x0040, 0xd53: 0x0040, 0xd54: 0x0040, 0xd55: 0x0040, 0xd56: 0x0040, 0xd57: 0x0040,
+	0xd58: 0x0040, 0xd59: 0x0040, 0xd5a: 0x0040, 0xd5b: 0x0040, 0xd5c: 0x0b26, 0xd5d: 0x0b46,
+	0xd5e: 0x0b66, 0xd5f: 0x0b86, 0xd60: 0x0ba6, 0xd61: 0x0bc6, 0xd62: 0x0be6, 0xd63: 0x0c06,
+	0xd64: 0x0c26, 0xd65: 0x0c46, 0xd66: 0x0c66, 0xd67: 0x0c86, 0xd68: 0x0ca6, 0xd69: 0x0cc6,
+	0xd6a: 0x0ce6, 0xd6b: 0x0d06, 0xd6c: 0x0d26, 0xd6d: 0x0d46, 0xd6e: 0x0d66, 0xd6f: 0x0d86,
+	0xd70: 0x0da6, 0xd71: 0x0dc6, 0xd72: 0x0de6, 0xd73: 0x0e06, 0xd74: 0x0e26, 0xd75: 0x0e46,
+	0xd76: 0x0039, 0xd77: 0x0ee9, 0xd78: 0x1159, 0xd79: 0x0ef9, 0xd7a: 0x0f09, 0xd7b: 0x1199,
+	0xd7c: 0x0f31, 0xd7d: 0x0249, 0xd7e: 0x0f41, 0xd7f: 0x0259,
+	// Block 0x36, offset 0xd80
+	0xd80: 0x0f51, 0xd81: 0x0359, 0xd82: 0x0f61, 0xd83: 0x0f71, 0xd84: 0x00d9, 0xd85: 0x0f99,
+	0xd86: 0x2039, 0xd87: 0x0269, 0xd88: 0x01d9, 0xd89: 0x0fa9, 0xd8a: 0x0fb9, 0xd8b: 0x1089,
+	0xd8c: 0x0279, 0xd8d: 0x0369, 0xd8e: 0x0289, 0xd8f: 0x13d1, 0xd90: 0x0039, 0xd91: 0x0ee9,
+	0xd92: 0x1159, 0xd93: 0x0ef9, 0xd94: 0x0f09, 0xd95: 0x1199, 0xd96: 0x0f31, 0xd97: 0x0249,
+	0xd98: 0x0f41, 0xd99: 0x0259, 0xd9a: 0x0f51, 0xd9b: 0x0359, 0xd9c: 0x0f61, 0xd9d: 0x0f71,
+	0xd9e: 0x00d9, 0xd9f: 0x0f99, 0xda0: 0x2039, 0xda1: 0x0269, 0xda2: 0x01d9, 0xda3: 0x0fa9,
+	0xda4: 0x0fb9, 0xda5: 0x1089, 0xda6: 0x0279, 0xda7: 0x0369, 0xda8: 0x0289, 0xda9: 0x13d1,
+	0xdaa: 0x1f41, 0xdab: 0x0018, 0xdac: 0x0018, 0xdad: 0x0018, 0xdae: 0x0018, 0xdaf: 0x0018,
+	0xdb0: 0x0018, 0xdb1: 0x0018, 0xdb2: 0x0018, 0xdb3: 0x0018, 0xdb4: 0x0018, 0xdb5: 0x0018,
+	0xdb6: 0x0018, 0xdb7: 0x0018, 0xdb8: 0x0018, 0xdb9: 0x0018, 0xdba: 0x0018, 0xdbb: 0x0018,
+	0xdbc: 0x0018, 0xdbd: 0x0018, 0xdbe: 0x0018, 0xdbf: 0x0018,
+	// Block 0x37, offset 0xdc0
+	0xdc0: 0x0008, 0xdc1: 0x0008, 0xdc2: 0x0008, 0xdc3: 0x0008, 0xdc4: 0x0008, 0xdc5: 0x0008,
+	0xdc6: 0x0008, 0xdc7: 0x0008, 0xdc8: 0x0008, 0xdc9: 0x0008, 0xdca: 0x0008, 0xdcb: 0x0008,
+	0xdcc: 0x0008, 0xdcd: 0x0008, 0xdce: 0x0008, 0xdcf: 0x0008, 0xdd0: 0x0008, 0xdd1: 0x0008,
+	0xdd2: 0x0008, 0xdd3: 0x0008, 0xdd4: 0x0008, 0xdd5: 0x0008, 0xdd6: 0x0008, 0xdd7: 0x0008,
+	0xdd8: 0x0008, 0xdd9: 0x0008, 0xdda: 0x0008, 0xddb: 0x0008, 0xddc: 0x0008, 0xddd: 0x0008,
+	0xdde: 0x0008, 0xddf: 0x0040, 0xde0: 0xe00d, 0xde1: 0x0008, 0xde2: 0x2971, 0xde3: 0x0ebd,
+	0xde4: 0x2989, 0xde5: 0x0008, 0xde6: 0x0008, 0xde7: 0xe07d, 0xde8: 0x0008, 0xde9: 0xe01d,
+	0xdea: 0x0008, 0xdeb: 0xe03d, 0xdec: 0x0008, 0xded: 0x0fe1, 0xdee: 0x1281, 0xdef: 0x0fc9,
+	0xdf0: 0x1141, 0xdf1: 0x0008, 0xdf2: 0xe00d, 0xdf3: 0x0008, 0xdf4: 0x0008, 0xdf5: 0xe01d,
+	0xdf6: 0x0008, 0xdf7: 0x0008, 0xdf8: 0x0008, 0xdf9: 0x0008, 0xdfa: 0x0008, 0xdfb: 0x0008,
+	0xdfc: 0x0259, 0xdfd: 0x1089, 0xdfe: 0x29a1, 0xdff: 0x29b9,
+	// Block 0x38, offset 0xe00
+	0xe00: 0xe00d, 0xe01: 0x0008, 0xe02: 0xe00d, 0xe03: 0x0008, 0xe04: 0xe00d, 0xe05: 0x0008,
+	0xe06: 0xe00d, 0xe07: 0x0008, 0xe08: 0xe00d, 0xe09: 0x0008, 0xe0a: 0xe00d, 0xe0b: 0x0008,
+	0xe0c: 0xe00d, 0xe0d: 0x0008, 0xe0e: 0xe00d, 0xe0f: 0x0008, 0xe10: 0xe00d, 0xe11: 0x0008,
+	0xe12: 0xe00d, 0xe13: 0x0008, 0xe14: 0xe00d, 0xe15: 0x0008, 0xe16: 0xe00d, 0xe17: 0x0008,
+	0xe18: 0xe00d, 0xe19: 0x0008, 0xe1a: 0xe00d, 0xe1b: 0x0008, 0xe1c: 0xe00d, 0xe1d: 0x0008,
+	0xe1e: 0xe00d, 0xe1f: 0x0008, 0xe20: 0xe00d, 0xe21: 0x0008, 0xe22: 0xe00d, 0xe23: 0x0008,
+	0xe24: 0x0008, 0xe25: 0x0018, 0xe26: 0x0018, 0xe27: 0x0018, 0xe28: 0x0018, 0xe29: 0x0018,
+	0xe2a: 0x0018, 0xe2b: 0xe03d, 0xe2c: 0x0008, 0xe2d: 0xe01d, 0xe2e: 0x0008, 0xe2f: 0x3308,
+	0xe30: 0x3308, 0xe31: 0x3308, 0xe32: 0xe00d, 0xe33: 0x0008, 0xe34: 0x0040, 0xe35: 0x0040,
+	0xe36: 0x0040, 0xe37: 0x0040, 0xe38: 0x0040, 0xe39: 0x0018, 0xe3a: 0x0018, 0xe3b: 0x0018,
+	0xe3c: 0x0018, 0xe3d: 0x0018, 0xe3e: 0x0018, 0xe3f: 0x0018,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x26fd, 0xe41: 0x271d, 0xe42: 0x273d, 0xe43: 0x275d, 0xe44: 0x277d, 0xe45: 0x279d,
+	0xe46: 0x27bd, 0xe47: 0x27dd, 0xe48: 0x27fd, 0xe49: 0x281d, 0xe4a: 0x283d, 0xe4b: 0x285d,
+	0xe4c: 0x287d, 0xe4d: 0x289d, 0xe4e: 0x28bd, 0xe4f: 0x28dd, 0xe50: 0x28fd, 0xe51: 0x291d,
+	0xe52: 0x293d, 0xe53: 0x295d, 0xe54: 0x297d, 0xe55: 0x299d, 0xe56: 0x0040, 0xe57: 0x0040,
+	0xe58: 0x0040, 0xe59: 0x0040, 0xe5a: 0x0040, 0xe5b: 0x0040, 0xe5c: 0x0040, 0xe5d: 0x0040,
+	0xe5e: 0x0040, 0xe5f: 0x0040, 0xe60: 0x0040, 0xe61: 0x0040, 0xe62: 0x0040, 0xe63: 0x0040,
+	0xe64: 0x0040, 0xe65: 0x0040, 0xe66: 0x0040, 0xe67: 0x0040, 0xe68: 0x0040, 0xe69: 0x0040,
+	0xe6a: 0x0040, 0xe6b: 0x0040, 0xe6c: 0x0040, 0xe6d: 0x0040, 0xe6e: 0x0040, 0xe6f: 0x0040,
+	0xe70: 0x0040, 0xe71: 0x0040, 0xe72: 0x0040, 0xe73: 0x0040, 0xe74: 0x0040, 0xe75: 0x0040,
+	0xe76: 0x0040, 0xe77: 0x0040, 0xe78: 0x0040, 0xe79: 0x0040, 0xe7a: 0x0040, 0xe7b: 0x0040,
+	0xe7c: 0x0040, 0xe7d: 0x0040, 0xe7e: 0x0040, 0xe7f: 0x0040,
+	// Block 0x3a, offset 0xe80
+	0xe80: 0x000a, 0xe81: 0x0018, 0xe82: 0x29d1, 0xe83: 0x0018, 0xe84: 0x0018, 0xe85: 0x0008,
+	0xe86: 0x0008, 0xe87: 0x0008, 0xe88: 0x0018, 0xe89: 0x0018, 0xe8a: 0x0018, 0xe8b: 0x0018,
+	0xe8c: 0x0018, 0xe8d: 0x0018, 0xe8e: 0x0018, 0xe8f: 0x0018, 0xe90: 0x0018, 0xe91: 0x0018,
+	0xe92: 0x0018, 0xe93: 0x0018, 0xe94: 0x0018, 0xe95: 0x0018, 0xe96: 0x0018, 0xe97: 0x0018,
+	0xe98: 0x0018, 0xe99: 0x0018, 0xe9a: 0x0018, 0xe9b: 0x0018, 0xe9c: 0x0018, 0xe9d: 0x0018,
+	0xe9e: 0x0018, 0xe9f: 0x0018, 0xea0: 0x0018, 0xea1: 0x0018, 0xea2: 0x0018, 0xea3: 0x0018,
+	0xea4: 0x0018, 0xea5: 0x0018, 0xea6: 0x0018, 0xea7: 0x0018, 0xea8: 0x0018, 0xea9: 0x0018,
+	0xeaa: 0x3308, 0xeab: 0x3308, 0xeac: 0x3308, 0xead: 0x3308, 0xeae: 0x3018, 0xeaf: 0x3018,
+	0xeb0: 0x0018, 0xeb1: 0x0018, 0xeb2: 0x0018, 0xeb3: 0x0018, 0xeb4: 0x0018, 0xeb5: 0x0018,
+	0xeb6: 0xe125, 0xeb7: 0x0018, 0xeb8: 0x29bd, 0xeb9: 0x29dd, 0xeba: 0x29fd, 0xebb: 0x0018,
+	0xebc: 0x0008, 0xebd: 0x0018, 0xebe: 0x0018, 0xebf: 0x0018,
+	// Block 0x3b, offset 0xec0
+	0xec0: 0x2b3d, 0xec1: 0x2b5d, 0xec2: 0x2b7d, 0xec3: 0x2b9d, 0xec4: 0x2bbd, 0xec5: 0x2bdd,
+	0xec6: 0x2bdd, 0xec7: 0x2bdd, 0xec8: 0x2bfd, 0xec9: 0x2bfd, 0xeca: 0x2bfd, 0xecb: 0x2bfd,
+	0xecc: 0x2c1d, 0xecd: 0x2c1d, 0xece: 0x2c1d, 0xecf: 0x2c3d, 0xed0: 0x2c5d, 0xed1: 0x2c5d,
+	0xed2: 0x2a7d, 0xed3: 0x2a7d, 0xed4: 0x2c5d, 0xed5: 0x2c5d, 0xed6: 0x2c7d, 0xed7: 0x2c7d,
+	0xed8: 0x2c5d, 0xed9: 0x2c5d, 0xeda: 0x2a7d, 0xedb: 0x2a7d, 0xedc: 0x2c5d, 0xedd: 0x2c5d,
+	0xede: 0x2c3d, 0xedf: 0x2c3d, 0xee0: 0x2c9d, 0xee1: 0x2c9d, 0xee2: 0x2cbd, 0xee3: 0x2cbd,
+	0xee4: 0x0040, 0xee5: 0x2cdd, 0xee6: 0x2cfd, 0xee7: 0x2d1d, 0xee8: 0x2d1d, 0xee9: 0x2d3d,
+	0xeea: 0x2d5d, 0xeeb: 0x2d7d, 0xeec: 0x2d9d, 0xeed: 0x2dbd, 0xeee: 0x2ddd, 0xeef: 0x2dfd,
+	0xef0: 0x2e1d, 0xef1: 0x2e3d, 0xef2: 0x2e3d, 0xef3: 0x2e5d, 0xef4: 0x2e7d, 0xef5: 0x2e7d,
+	0xef6: 0x2e9d, 0xef7: 0x2ebd, 0xef8: 0x2e5d, 0xef9: 0x2edd, 0xefa: 0x2efd, 0xefb: 0x2edd,
+	0xefc: 0x2e5d, 0xefd: 0x2f1d, 0xefe: 0x2f3d, 0xeff: 0x2f5d,
+	// Block 0x3c, offset 0xf00
+	0xf00: 0x2f7d, 0xf01: 0x2f9d, 0xf02: 0x2cfd, 0xf03: 0x2cdd, 0xf04: 0x2fbd, 0xf05: 0x2fdd,
+	0xf06: 0x2ffd, 0xf07: 0x301d, 0xf08: 0x303d, 0xf09: 0x305d, 0xf0a: 0x307d, 0xf0b: 0x309d,
+	0xf0c: 0x30bd, 0xf0d: 0x30dd, 0xf0e: 0x30fd, 0xf0f: 0x0040, 0xf10: 0x0018, 0xf11: 0x0018,
+	0xf12: 0x311d, 0xf13: 0x313d, 0xf14: 0x315d, 0xf15: 0x317d, 0xf16: 0x319d, 0xf17: 0x31bd,
+	0xf18: 0x31dd, 0xf19: 0x31fd, 0xf1a: 0x321d, 0xf1b: 0x323d, 0xf1c: 0x315d, 0xf1d: 0x325d,
+	0xf1e: 0x327d, 0xf1f: 0x329d, 0xf20: 0x0008, 0xf21: 0x0008, 0xf22: 0x0008, 0xf23: 0x0008,
+	0xf24: 0x0008, 0xf25: 0x0008, 0xf26: 0x0008, 0xf27: 0x0008, 0xf28: 0x0008, 0xf29: 0x0008,
+	0xf2a: 0x0008, 0xf2b: 0x0008, 0xf2c: 0x0008, 0xf2d: 0x0008, 0xf2e: 0x0008, 0xf2f: 0x0008,
+	0xf30: 0x0008, 0xf31: 0x0008, 0xf32: 0x0008, 0xf33: 0x0008, 0xf34: 0x0008, 0xf35: 0x0008,
+	0xf36: 0x0008, 0xf37: 0x0008, 0xf38: 0x0008, 0xf39: 0x0008, 0xf3a: 0x0008, 0xf3b: 0x0040,
+	0xf3c: 0x0040, 0xf3d: 0x0040, 0xf3e: 0x0040, 0xf3f: 0x0040,
+	// Block 0x3d, offset 0xf40
+	0xf40: 0x36a2, 0xf41: 0x36d2, 0xf42: 0x3702, 0xf43: 0x3732, 0xf44: 0x32bd, 0xf45: 0x32dd,
+	0xf46: 0x32fd, 0xf47: 0x331d, 0xf48: 0x0018, 0xf49: 0x0018, 0xf4a: 0x0018, 0xf4b: 0x0018,
+	0xf4c: 0x0018, 0xf4d: 0x0018, 0xf4e: 0x0018, 0xf4f: 0x0018, 0xf50: 0x333d, 0xf51: 0x3761,
+	0xf52: 0x3779, 0xf53: 0x3791, 0xf54: 0x37a9, 0xf55: 0x37c1, 0xf56: 0x37d9, 0xf57: 0x37f1,
+	0xf58: 0x3809, 0xf59: 0x3821, 0xf5a: 0x3839, 0xf5b: 0x3851, 0xf5c: 0x3869, 0xf5d: 0x3881,
+	0xf5e: 0x3899, 0xf5f: 0x38b1, 0xf60: 0x335d, 0xf61: 0x337d, 0xf62: 0x339d, 0xf63: 0x33bd,
+	0xf64: 0x33dd, 0xf65: 0x33dd, 0xf66: 0x33fd, 0xf67: 0x341d, 0xf68: 0x343d, 0xf69: 0x345d,
+	0xf6a: 0x347d, 0xf6b: 0x349d, 0xf6c: 0x34bd, 0xf6d: 0x34dd, 0xf6e: 0x34fd, 0xf6f: 0x351d,
+	0xf70: 0x353d, 0xf71: 0x355d, 0xf72: 0x357d, 0xf73: 0x359d, 0xf74: 0x35bd, 0xf75: 0x35dd,
+	0xf76: 0x35fd, 0xf77: 0x361d, 0xf78: 0x363d, 0xf79: 0x365d, 0xf7a: 0x367d, 0xf7b: 0x369d,
+	0xf7c: 0x38c9, 0xf7d: 0x3901, 0xf7e: 0x36bd, 0xf7f: 0x0018,
+	// Block 0x3e, offset 0xf80
+	0xf80: 0x36dd, 0xf81: 0x36fd, 0xf82: 0x371d, 0xf83: 0x373d, 0xf84: 0x375d, 0xf85: 0x377d,
+	0xf86: 0x379d, 0xf87: 0x37bd, 0xf88: 0x37dd, 0xf89: 0x37fd, 0xf8a: 0x381d, 0xf8b: 0x383d,
+	0xf8c: 0x385d, 0xf8d: 0x387d, 0xf8e: 0x389d, 0xf8f: 0x38bd, 0xf90: 0x38dd, 0xf91: 0x38fd,
+	0xf92: 0x391d, 0xf93: 0x393d, 0xf94: 0x395d, 0xf95: 0x397d, 0xf96: 0x399d, 0xf97: 0x39bd,
+	0xf98: 0x39dd, 0xf99: 0x39fd, 0xf9a: 0x3a1d, 0xf9b: 0x3a3d, 0xf9c: 0x3a5d, 0xf9d: 0x3a7d,
+	0xf9e: 0x3a9d, 0xf9f: 0x3abd, 0xfa0: 0x3add, 0xfa1: 0x3afd, 0xfa2: 0x3b1d, 0xfa3: 0x3b3d,
+	0xfa4: 0x3b5d, 0xfa5: 0x3b7d, 0xfa6: 0x127d, 0xfa7: 0x3b9d, 0xfa8: 0x3bbd, 0xfa9: 0x3bdd,
+	0xfaa: 0x3bfd, 0xfab: 0x3c1d, 0xfac: 0x3c3d, 0xfad: 0x3c5d, 0xfae: 0x239d, 0xfaf: 0x3c7d,
+	0xfb0: 0x3c9d, 0xfb1: 0x3939, 0xfb2: 0x3951, 0xfb3: 0x3969, 0xfb4: 0x3981, 0xfb5: 0x3999,
+	0xfb6: 0x39b1, 0xfb7: 0x39c9, 0xfb8: 0x39e1, 0xfb9: 0x39f9, 0xfba: 0x3a11, 0xfbb: 0x3a29,
+	0xfbc: 0x3a41, 0xfbd: 0x3a59, 0xfbe: 0x3a71, 0xfbf: 0x3a89,
+	// Block 0x3f, offset 0xfc0
+	0xfc0: 0x3aa1, 0xfc1: 0x3ac9, 0xfc2: 0x3af1, 0xfc3: 0x3b19, 0xfc4: 0x3b41, 0xfc5: 0x3b69,
+	0xfc6: 0x3b91, 0xfc7: 0x3bb9, 0xfc8: 0x3be1, 0xfc9: 0x3c09, 0xfca: 0x3c39, 0xfcb: 0x3c69,
+	0xfcc: 0x3c99, 0xfcd: 0x3cbd, 0xfce: 0x3cb1, 0xfcf: 0x3cdd, 0xfd0: 0x3cfd, 0xfd1: 0x3d15,
+	0xfd2: 0x3d2d, 0xfd3: 0x3d45, 0xfd4: 0x3d5d, 0xfd5: 0x3d5d, 0xfd6: 0x3d45, 0xfd7: 0x3d75,
+	0xfd8: 0x07bd, 0xfd9: 0x3d8d, 0xfda: 0x3da5, 0xfdb: 0x3dbd, 0xfdc: 0x3dd5, 0xfdd: 0x3ded,
+	0xfde: 0x3e05, 0xfdf: 0x3e1d, 0xfe0: 0x3e35, 0xfe1: 0x3e4d, 0xfe2: 0x3e65, 0xfe3: 0x3e7d,
+	0xfe4: 0x3e95, 0xfe5: 0x3e95, 0xfe6: 0x3ead, 0xfe7: 0x3ead, 0xfe8: 0x3ec5, 0xfe9: 0x3ec5,
+	0xfea: 0x3edd, 0xfeb: 0x3ef5, 0xfec: 0x3f0d, 0xfed: 0x3f25, 0xfee: 0x3f3d, 0xfef: 0x3f3d,
+	0xff0: 0x3f55, 0xff1: 0x3f55, 0xff2: 0x3f55, 0xff3: 0x3f6d, 0xff4: 0x3f85, 0xff5: 0x3f9d,
+	0xff6: 0x3fb5, 0xff7: 0x3f9d, 0xff8: 0x3fcd, 0xff9: 0x3fe5, 0xffa: 0x3f6d, 0xffb: 0x3ffd,
+	0xffc: 0x4015, 0xffd: 0x4015, 0xffe: 0x4015, 0xfff: 0x0040,
+	// Block 0x40, offset 0x1000
+	0x1000: 0x3cc9, 0x1001: 0x3d31, 0x1002: 0x3d99, 0x1003: 0x3e01, 0x1004: 0x3e51, 0x1005: 0x3eb9,
+	0x1006: 0x3f09, 0x1007: 0x3f59, 0x1008: 0x3fd9, 0x1009: 0x4041, 0x100a: 0x4091, 0x100b: 0x40e1,
+	0x100c: 0x4131, 0x100d: 0x4199, 0x100e: 0x4201, 0x100f: 0x4251, 0x1010: 0x42a1, 0x1011: 0x42d9,
+	0x1012: 0x4329, 0x1013: 0x4391, 0x1014: 0x43f9, 0x1015: 0x4431, 0x1016: 0x44b1, 0x1017: 0x4549,
+	0x1018: 0x45c9, 0x1019: 0x4619, 0x101a: 0x4699, 0x101b: 0x4719, 0x101c: 0x4781, 0x101d: 0x47d1,
+	0x101e: 0x4821, 0x101f: 0x4871, 0x1020: 0x48d9, 0x1021: 0x4959, 0x1022: 0x49c1, 0x1023: 0x4a11,
+	0x1024: 0x4a61, 0x1025: 0x4ab1, 0x1026: 0x4ae9, 0x1027: 0x4b21, 0x1028: 0x4b59, 0x1029: 0x4b91,
+	0x102a: 0x4be1, 0x102b: 0x4c31, 0x102c: 0x4cb1, 0x102d: 0x4d01, 0x102e: 0x4d69, 0x102f: 0x4de9,
+	0x1030: 0x4e39, 0x1031: 0x4e71, 0x1032: 0x4ea9, 0x1033: 0x4f29, 0x1034: 0x4f91, 0x1035: 0x5011,
+	0x1036: 0x5061, 0x1037: 0x50e1, 0x1038: 0x5119, 0x1039: 0x5169, 0x103a: 0x51b9, 0x103b: 0x5209,
+	0x103c: 0x5259, 0x103d: 0x52a9, 0x103e: 0x5311, 0x103f: 0x5361,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x5399, 0x1041: 0x53e9, 0x1042: 0x5439, 0x1043: 0x5489, 0x1044: 0x54f1, 0x1045: 0x5541,
+	0x1046: 0x5591, 0x1047: 0x55e1, 0x1048: 0x5661, 0x1049: 0x56c9, 0x104a: 0x5701, 0x104b: 0x5781,
+	0x104c: 0x57b9, 0x104d: 0x5821, 0x104e: 0x5889, 0x104f: 0x58d9, 0x1050: 0x5929, 0x1051: 0x5979,
+	0x1052: 0x59e1, 0x1053: 0x5a19, 0x1054: 0x5a69, 0x1055: 0x5ad1, 0x1056: 0x5b09, 0x1057: 0x5b89,
+	0x1058: 0x5bd9, 0x1059: 0x5c01, 0x105a: 0x5c29, 0x105b: 0x5c51, 0x105c: 0x5c79, 0x105d: 0x5ca1,
+	0x105e: 0x5cc9, 0x105f: 0x5cf1, 0x1060: 0x5d19, 0x1061: 0x5d41, 0x1062: 0x5d69, 0x1063: 0x5d99,
+	0x1064: 0x5dc9, 0x1065: 0x5df9, 0x1066: 0x5e29, 0x1067: 0x5e59, 0x1068: 0x5e89, 0x1069: 0x5eb9,
+	0x106a: 0x5ee9, 0x106b: 0x5f19, 0x106c: 0x5f49, 0x106d: 0x5f79, 0x106e: 0x5fa9, 0x106f: 0x5fd9,
+	0x1070: 0x6009, 0x1071: 0x402d, 0x1072: 0x6039, 0x1073: 0x6051, 0x1074: 0x404d, 0x1075: 0x6069,
+	0x1076: 0x6081, 0x1077: 0x6099, 0x1078: 0x406d, 0x1079: 0x406d, 0x107a: 0x60b1, 0x107b: 0x60c9,
+	0x107c: 0x6101, 0x107d: 0x6139, 0x107e: 0x6171, 0x107f: 0x61a9,
+	// Block 0x42, offset 0x1080
+	0x1080: 0x6211, 0x1081: 0x6229, 0x1082: 0x408d, 0x1083: 0x6241, 0x1084: 0x6259, 0x1085: 0x6271,
+	0x1086: 0x6289, 0x1087: 0x62a1, 0x1088: 0x40ad, 0x1089: 0x62b9, 0x108a: 0x62e1, 0x108b: 0x62f9,
+	0x108c: 0x40cd, 0x108d: 0x40cd, 0x108e: 0x6311, 0x108f: 0x6329, 0x1090: 0x6341, 0x1091: 0x40ed,
+	0x1092: 0x410d, 0x1093: 0x412d, 0x1094: 0x414d, 0x1095: 0x416d, 0x1096: 0x6359, 0x1097: 0x6371,
+	0x1098: 0x6389, 0x1099: 0x63a1, 0x109a: 0x63b9, 0x109b: 0x418d, 0x109c: 0x63d1, 0x109d: 0x63e9,
+	0x109e: 0x6401, 0x109f: 0x41ad, 0x10a0: 0x41cd, 0x10a1: 0x6419, 0x10a2: 0x41ed, 0x10a3: 0x420d,
+	0x10a4: 0x422d, 0x10a5: 0x6431, 0x10a6: 0x424d, 0x10a7: 0x6449, 0x10a8: 0x6479, 0x10a9: 0x6211,
+	0x10aa: 0x426d, 0x10ab: 0x428d, 0x10ac: 0x42ad, 0x10ad: 0x42cd, 0x10ae: 0x64b1, 0x10af: 0x64f1,
+	0x10b0: 0x6539, 0x10b1: 0x6551, 0x10b2: 0x42ed, 0x10b3: 0x6569, 0x10b4: 0x6581, 0x10b5: 0x6599,
+	0x10b6: 0x430d, 0x10b7: 0x65b1, 0x10b8: 0x65c9, 0x10b9: 0x65b1, 0x10ba: 0x65e1, 0x10bb: 0x65f9,
+	0x10bc: 0x432d, 0x10bd: 0x6611, 0x10be: 0x6629, 0x10bf: 0x6611,
+	// Block 0x43, offset 0x10c0
+	0x10c0: 0x434d, 0x10c1: 0x436d, 0x10c2: 0x0040, 0x10c3: 0x6641, 0x10c4: 0x6659, 0x10c5: 0x6671,
+	0x10c6: 0x6689, 0x10c7: 0x0040, 0x10c8: 0x66c1, 0x10c9: 0x66d9, 0x10ca: 0x66f1, 0x10cb: 0x6709,
+	0x10cc: 0x6721, 0x10cd: 0x6739, 0x10ce: 0x6401, 0x10cf: 0x6751, 0x10d0: 0x6769, 0x10d1: 0x6781,
+	0x10d2: 0x438d, 0x10d3: 0x6799, 0x10d4: 0x6289, 0x10d5: 0x43ad, 0x10d6: 0x43cd, 0x10d7: 0x67b1,
+	0x10d8: 0x0040, 0x10d9: 0x43ed, 0x10da: 0x67c9, 0x10db: 0x67e1, 0x10dc: 0x67f9, 0x10dd: 0x6811,
+	0x10de: 0x6829, 0x10df: 0x6859, 0x10e0: 0x6889, 0x10e1: 0x68b1, 0x10e2: 0x68d9, 0x10e3: 0x6901,
+	0x10e4: 0x6929, 0x10e5: 0x6951, 0x10e6: 0x6979, 0x10e7: 0x69a1, 0x10e8: 0x69c9, 0x10e9: 0x69f1,
+	0x10ea: 0x6a21, 0x10eb: 0x6a51, 0x10ec: 0x6a81, 0x10ed: 0x6ab1, 0x10ee: 0x6ae1, 0x10ef: 0x6b11,
+	0x10f0: 0x6b41, 0x10f1: 0x6b71, 0x10f2: 0x6ba1, 0x10f3: 0x6bd1, 0x10f4: 0x6c01, 0x10f5: 0x6c31,
+	0x10f6: 0x6c61, 0x10f7: 0x6c91, 0x10f8: 0x6cc1, 0x10f9: 0x6cf1, 0x10fa: 0x6d21, 0x10fb: 0x6d51,
+	0x10fc: 0x6d81, 0x10fd: 0x6db1, 0x10fe: 0x6de1, 0x10ff: 0x440d,
+	// Block 0x44, offset 0x1100
+	0x1100: 0xe00d, 0x1101: 0x0008, 0x1102: 0xe00d, 0x1103: 0x0008, 0x1104: 0xe00d, 0x1105: 0x0008,
+	0x1106: 0xe00d, 0x1107: 0x0008, 0x1108: 0xe00d, 0x1109: 0x0008, 0x110a: 0xe00d, 0x110b: 0x0008,
+	0x110c: 0xe00d, 0x110d: 0x0008, 0x110e: 0xe00d, 0x110f: 0x0008, 0x1110: 0xe00d, 0x1111: 0x0008,
+	0x1112: 0xe00d, 0x1113: 0x0008, 0x1114: 0xe00d, 0x1115: 0x0008, 0x1116: 0xe00d, 0x1117: 0x0008,
+	0x1118: 0xe00d, 0x1119: 0x0008, 0x111a: 0xe00d, 0x111b: 0x0008, 0x111c: 0xe00d, 0x111d: 0x0008,
+	0x111e: 0xe00d, 0x111f: 0x0008, 0x1120: 0xe00d, 0x1121: 0x0008, 0x1122: 0xe00d, 0x1123: 0x0008,
+	0x1124: 0xe00d, 0x1125: 0x0008, 0x1126: 0xe00d, 0x1127: 0x0008, 0x1128: 0xe00d, 0x1129: 0x0008,
+	0x112a: 0xe00d, 0x112b: 0x0008, 0x112c: 0xe00d, 0x112d: 0x0008, 0x112e: 0x0008, 0x112f: 0x3308,
+	0x1130: 0x3318, 0x1131: 0x3318, 0x1132: 0x3318, 0x1133: 0x0018, 0x1134: 0x3308, 0x1135: 0x3308,
+	0x1136: 0x3308, 0x1137: 0x3308, 0x1138: 0x3308, 0x1139: 0x3308, 0x113a: 0x3308, 0x113b: 0x3308,
+	0x113c: 0x3308, 0x113d: 0x3308, 0x113e: 0x0018, 0x113f: 0x0008,
+	// Block 0x45, offset 0x1140
+	0x1140: 0xe00d, 0x1141: 0x0008, 0x1142: 0xe00d, 0x1143: 0x0008, 0x1144: 0xe00d, 0x1145: 0x0008,
+	0x1146: 0xe00d, 0x1147: 0x0008, 0x1148: 0xe00d, 0x1149: 0x0008, 0x114a: 0xe00d, 0x114b: 0x0008,
+	0x114c: 0xe00d, 0x114d: 0x0008, 0x114e: 0xe00d, 0x114f: 0x0008, 0x1150: 0xe00d, 0x1151: 0x0008,
+	0x1152: 0xe00d, 0x1153: 0x0008, 0x1154: 0xe00d, 0x1155: 0x0008, 0x1156: 0xe00d, 0x1157: 0x0008,
+	0x1158: 0xe00d, 0x1159: 0x0008, 0x115a: 0xe00d, 0x115b: 0x0008, 0x115c: 0x0ea1, 0x115d: 0x6e11,
+	0x115e: 0x3308, 0x115f: 0x3308, 0x1160: 0x0008, 0x1161: 0x0008, 0x1162: 0x0008, 0x1163: 0x0008,
+	0x1164: 0x0008, 0x1165: 0x0008, 0x1166: 0x0008, 0x1167: 0x0008, 0x1168: 0x0008, 0x1169: 0x0008,
+	0x116a: 0x0008, 0x116b: 0x0008, 0x116c: 0x0008, 0x116d: 0x0008, 0x116e: 0x0008, 0x116f: 0x0008,
+	0x1170: 0x0008, 0x1171: 0x0008, 0x1172: 0x0008, 0x1173: 0x0008, 0x1174: 0x0008, 0x1175: 0x0008,
+	0x1176: 0x0008, 0x1177: 0x0008, 0x1178: 0x0008, 0x1179: 0x0008, 0x117a: 0x0008, 0x117b: 0x0008,
+	0x117c: 0x0008, 0x117d: 0x0008, 0x117e: 0x0008, 0x117f: 0x0008,
+	// Block 0x46, offset 0x1180
+	0x1180: 0x0018, 0x1181: 0x0018, 0x1182: 0x0018, 0x1183: 0x0018, 0x1184: 0x0018, 0x1185: 0x0018,
+	0x1186: 0x0018, 0x1187: 0x0018, 0x1188: 0x0018, 0x1189: 0x0018, 0x118a: 0x0018, 0x118b: 0x0018,
+	0x118c: 0x0018, 0x118d: 0x0018, 0x118e: 0x0018, 0x118f: 0x0018, 0x1190: 0x0018, 0x1191: 0x0018,
+	0x1192: 0x0018, 0x1193: 0x0018, 0x1194: 0x0018, 0x1195: 0x0018, 0x1196: 0x0018, 0x1197: 0x0008,
+	0x1198: 0x0008, 0x1199: 0x0008, 0x119a: 0x0008, 0x119b: 0x0008, 0x119c: 0x0008, 0x119d: 0x0008,
+	0x119e: 0x0008, 0x119f: 0x0008, 0x11a0: 0x0018, 0x11a1: 0x0018, 0x11a2: 0xe00d, 0x11a3: 0x0008,
+	0x11a4: 0xe00d, 0x11a5: 0x0008, 0x11a6: 0xe00d, 0x11a7: 0x0008, 0x11a8: 0xe00d, 0x11a9: 0x0008,
+	0x11aa: 0xe00d, 0x11ab: 0x0008, 0x11ac: 0xe00d, 0x11ad: 0x0008, 0x11ae: 0xe00d, 0x11af: 0x0008,
+	0x11b0: 0x0008, 0x11b1: 0x0008, 0x11b2: 0xe00d, 0x11b3: 0x0008, 0x11b4: 0xe00d, 0x11b5: 0x0008,
+	0x11b6: 0xe00d, 0x11b7: 0x0008, 0x11b8: 0xe00d, 0x11b9: 0x0008, 0x11ba: 0xe00d, 0x11bb: 0x0008,
+	0x11bc: 0xe00d, 0x11bd: 0x0008, 0x11be: 0xe00d, 0x11bf: 0x0008,
+	// Block 0x47, offset 0x11c0
+	0x11c0: 0xe00d, 0x11c1: 0x0008, 0x11c2: 0xe00d, 0x11c3: 0x0008, 0x11c4: 0xe00d, 0x11c5: 0x0008,
+	0x11c6: 0xe00d, 0x11c7: 0x0008, 0x11c8: 0xe00d, 0x11c9: 0x0008, 0x11ca: 0xe00d, 0x11cb: 0x0008,
+	0x11cc: 0xe00d, 0x11cd: 0x0008, 0x11ce: 0xe00d, 0x11cf: 0x0008, 0x11d0: 0xe00d, 0x11d1: 0x0008,
+	0x11d2: 0xe00d, 0x11d3: 0x0008, 0x11d4: 0xe00d, 0x11d5: 0x0008, 0x11d6: 0xe00d, 0x11d7: 0x0008,
+	0x11d8: 0xe00d, 0x11d9: 0x0008, 0x11da: 0xe00d, 0x11db: 0x0008, 0x11dc: 0xe00d, 0x11dd: 0x0008,
+	0x11de: 0xe00d, 0x11df: 0x0008, 0x11e0: 0xe00d, 0x11e1: 0x0008, 0x11e2: 0xe00d, 0x11e3: 0x0008,
+	0x11e4: 0xe00d, 0x11e5: 0x0008, 0x11e6: 0xe00d, 0x11e7: 0x0008, 0x11e8: 0xe00d, 0x11e9: 0x0008,
+	0x11ea: 0xe00d, 0x11eb: 0x0008, 0x11ec: 0xe00d, 0x11ed: 0x0008, 0x11ee: 0xe00d, 0x11ef: 0x0008,
+	0x11f0: 0xe0fd, 0x11f1: 0x0008, 0x11f2: 0x0008, 0x11f3: 0x0008, 0x11f4: 0x0008, 0x11f5: 0x0008,
+	0x11f6: 0x0008, 0x11f7: 0x0008, 0x11f8: 0x0008, 0x11f9: 0xe01d, 0x11fa: 0x0008, 0x11fb: 0xe03d,
+	0x11fc: 0x0008, 0x11fd: 0x442d, 0x11fe: 0xe00d, 0x11ff: 0x0008,
+	// Block 0x48, offset 0x1200
+	0x1200: 0xe00d, 0x1201: 0x0008, 0x1202: 0xe00d, 0x1203: 0x0008, 0x1204: 0xe00d, 0x1205: 0x0008,
+	0x1206: 0xe00d, 0x1207: 0x0008, 0x1208: 0x0008, 0x1209: 0x0018, 0x120a: 0x0018, 0x120b: 0xe03d,
+	0x120c: 0x0008, 0x120d: 0x11d9, 0x120e: 0x0008, 0x120f: 0x0008, 0x1210: 0xe00d, 0x1211: 0x0008,
+	0x1212: 0xe00d, 0x1213: 0x0008, 0x1214: 0x0008, 0x1215: 0x0008, 0x1216: 0xe00d, 0x1217: 0x0008,
+	0x1218: 0xe00d, 0x1219: 0x0008, 0x121a: 0xe00d, 0x121b: 0x0008, 0x121c: 0xe00d, 0x121d: 0x0008,
+	0x121e: 0xe00d, 0x121f: 0x0008, 0x1220: 0xe00d, 0x1221: 0x0008, 0x1222: 0xe00d, 0x1223: 0x0008,
+	0x1224: 0xe00d, 0x1225: 0x0008, 0x1226: 0xe00d, 0x1227: 0x0008, 0x1228: 0xe00d, 0x1229: 0x0008,
+	0x122a: 0x6e29, 0x122b: 0x1029, 0x122c: 0x11c1, 0x122d: 0x6e41, 0x122e: 0x1221, 0x122f: 0x0008,
+	0x1230: 0x6e59, 0x1231: 0x6e71, 0x1232: 0x1239, 0x1233: 0x444d, 0x1234: 0xe00d, 0x1235: 0x0008,
+	0x1236: 0xe00d, 0x1237: 0x0008, 0x1238: 0x0040, 0x1239: 0x0008, 0x123a: 0x0040, 0x123b: 0x0040,
+	0x123c: 0x0040, 0x123d: 0x0040, 0x123e: 0x0040, 0x123f: 0x0040,
+	// Block 0x49, offset 0x1240
+	0x1240: 0x64d5, 0x1241: 0x64f5, 0x1242: 0x6515, 0x1243: 0x6535, 0x1244: 0x6555, 0x1245: 0x6575,
+	0x1246: 0x6595, 0x1247: 0x65b5, 0x1248: 0x65d5, 0x1249: 0x65f5, 0x124a: 0x6615, 0x124b: 0x6635,
+	0x124c: 0x6655, 0x124d: 0x6675, 0x124e: 0x0008, 0x124f: 0x0008, 0x1250: 0x6695, 0x1251: 0x0008,
+	0x1252: 0x66b5, 0x1253: 0x0008, 0x1254: 0x0008, 0x1255: 0x66d5, 0x1256: 0x66f5, 0x1257: 0x6715,
+	0x1258: 0x6735, 0x1259: 0x6755, 0x125a: 0x6775, 0x125b: 0x6795, 0x125c: 0x67b5, 0x125d: 0x67d5,
+	0x125e: 0x67f5, 0x125f: 0x0008, 0x1260: 0x6815, 0x1261: 0x0008, 0x1262: 0x6835, 0x1263: 0x0008,
+	0x1264: 0x0008, 0x1265: 0x6855, 0x1266: 0x6875, 0x1267: 0x0008, 0x1268: 0x0008, 0x1269: 0x0008,
+	0x126a: 0x6895, 0x126b: 0x68b5, 0x126c: 0x68d5, 0x126d: 0x68f5, 0x126e: 0x6915, 0x126f: 0x6935,
+	0x1270: 0x6955, 0x1271: 0x6975, 0x1272: 0x6995, 0x1273: 0x69b5, 0x1274: 0x69d5, 0x1275: 0x69f5,
+	0x1276: 0x6a15, 0x1277: 0x6a35, 0x1278: 0x6a55, 0x1279: 0x6a75, 0x127a: 0x6a95, 0x127b: 0x6ab5,
+	0x127c: 0x6ad5, 0x127d: 0x6af5, 0x127e: 0x6b15, 0x127f: 0x6b35,
+	// Block 0x4a, offset 0x1280
+	0x1280: 0x7a95, 0x1281: 0x7ab5, 0x1282: 0x7ad5, 0x1283: 0x7af5, 0x1284: 0x7b15, 0x1285: 0x7b35,
+	0x1286: 0x7b55, 0x1287: 0x7b75, 0x1288: 0x7b95, 0x1289: 0x7bb5, 0x128a: 0x7bd5, 0x128b: 0x7bf5,
+	0x128c: 0x7c15, 0x128d: 0x7c35, 0x128e: 0x7c55, 0x128f: 0x6ec9, 0x1290: 0x6ef1, 0x1291: 0x6f19,
+	0x1292: 0x7c75, 0x1293: 0x7c95, 0x1294: 0x7cb5, 0x1295: 0x6f41, 0x1296: 0x6f69, 0x1297: 0x6f91,
+	0x1298: 0x7cd5, 0x1299: 0x7cf5, 0x129a: 0x0040, 0x129b: 0x0040, 0x129c: 0x0040, 0x129d: 0x0040,
+	0x129e: 0x0040, 0x129f: 0x0040, 0x12a0: 0x0040, 0x12a1: 0x0040, 0x12a2: 0x0040, 0x12a3: 0x0040,
+	0x12a4: 0x0040, 0x12a5: 0x0040, 0x12a6: 0x0040, 0x12a7: 0x0040, 0x12a8: 0x0040, 0x12a9: 0x0040,
+	0x12aa: 0x0040, 0x12ab: 0x0040, 0x12ac: 0x0040, 0x12ad: 0x0040, 0x12ae: 0x0040, 0x12af: 0x0040,
+	0x12b0: 0x0040, 0x12b1: 0x0040, 0x12b2: 0x0040, 0x12b3: 0x0040, 0x12b4: 0x0040, 0x12b5: 0x0040,
+	0x12b6: 0x0040, 0x12b7: 0x0040, 0x12b8: 0x0040, 0x12b9: 0x0040, 0x12ba: 0x0040, 0x12bb: 0x0040,
+	0x12bc: 0x0040, 0x12bd: 0x0040, 0x12be: 0x0040, 0x12bf: 0x0040,
+	// Block 0x4b, offset 0x12c0
+	0x12c0: 0x6fb9, 0x12c1: 0x6fd1, 0x12c2: 0x6fe9, 0x12c3: 0x7d15, 0x12c4: 0x7d35, 0x12c5: 0x7001,
+	0x12c6: 0x7001, 0x12c7: 0x0040, 0x12c8: 0x0040, 0x12c9: 0x0040, 0x12ca: 0x0040, 0x12cb: 0x0040,
+	0x12cc: 0x0040, 0x12cd: 0x0040, 0x12ce: 0x0040, 0x12cf: 0x0040, 0x12d0: 0x0040, 0x12d1: 0x0040,
+	0x12d2: 0x0040, 0x12d3: 0x7019, 0x12d4: 0x7041, 0x12d5: 0x7069, 0x12d6: 0x7091, 0x12d7: 0x70b9,
+	0x12d8: 0x0040, 0x12d9: 0x0040, 0x12da: 0x0040, 0x12db: 0x0040, 0x12dc: 0x0040, 0x12dd: 0x70e1,
+	0x12de: 0x3308, 0x12df: 0x7109, 0x12e0: 0x7131, 0x12e1: 0x20a9, 0x12e2: 0x20f1, 0x12e3: 0x7149,
+	0x12e4: 0x7161, 0x12e5: 0x7179, 0x12e6: 0x7191, 0x12e7: 0x71a9, 0x12e8: 0x71c1, 0x12e9: 0x1fb2,
+	0x12ea: 0x71d9, 0x12eb: 0x7201, 0x12ec: 0x7229, 0x12ed: 0x7261, 0x12ee: 0x7299, 0x12ef: 0x72c1,
+	0x12f0: 0x72e9, 0x12f1: 0x7311, 0x12f2: 0x7339, 0x12f3: 0x7361, 0x12f4: 0x7389, 0x12f5: 0x73b1,
+	0x12f6: 0x73d9, 0x12f7: 0x0040, 0x12f8: 0x7401, 0x12f9: 0x7429, 0x12fa: 0x7451, 0x12fb: 0x7479,
+	0x12fc: 0x74a1, 0x12fd: 0x0040, 0x12fe: 0x74c9, 0x12ff: 0x0040,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x74f1, 0x1301: 0x7519, 0x1302: 0x0040, 0x1303: 0x7541, 0x1304: 0x7569, 0x1305: 0x0040,
+	0x1306: 0x7591, 0x1307: 0x75b9, 0x1308: 0x75e1, 0x1309: 0x7609, 0x130a: 0x7631, 0x130b: 0x7659,
+	0x130c: 0x7681, 0x130d: 0x76a9, 0x130e: 0x76d1, 0x130f: 0x76f9, 0x1310: 0x7721, 0x1311: 0x7721,
+	0x1312: 0x7739, 0x1313: 0x7739, 0x1314: 0x7739, 0x1315: 0x7739, 0x1316: 0x7751, 0x1317: 0x7751,
+	0x1318: 0x7751, 0x1319: 0x7751, 0x131a: 0x7769, 0x131b: 0x7769, 0x131c: 0x7769, 0x131d: 0x7769,
+	0x131e: 0x7781, 0x131f: 0x7781, 0x1320: 0x7781, 0x1321: 0x7781, 0x1322: 0x7799, 0x1323: 0x7799,
+	0x1324: 0x7799, 0x1325: 0x7799, 0x1326: 0x77b1, 0x1327: 0x77b1, 0x1328: 0x77b1, 0x1329: 0x77b1,
+	0x132a: 0x77c9, 0x132b: 0x77c9, 0x132c: 0x77c9, 0x132d: 0x77c9, 0x132e: 0x77e1, 0x132f: 0x77e1,
+	0x1330: 0x77e1, 0x1331: 0x77e1, 0x1332: 0x77f9, 0x1333: 0x77f9, 0x1334: 0x77f9, 0x1335: 0x77f9,
+	0x1336: 0x7811, 0x1337: 0x7811, 0x1338: 0x7811, 0x1339: 0x7811, 0x133a: 0x7829, 0x133b: 0x7829,
+	0x133c: 0x7829, 0x133d: 0x7829, 0x133e: 0x7841, 0x133f: 0x7841,
+	// Block 0x4d, offset 0x1340
+	0x1340: 0x7841, 0x1341: 0x7841, 0x1342: 0x7859, 0x1343: 0x7859, 0x1344: 0x7871, 0x1345: 0x7871,
+	0x1346: 0x7889, 0x1347: 0x7889, 0x1348: 0x78a1, 0x1349: 0x78a1, 0x134a: 0x78b9, 0x134b: 0x78b9,
+	0x134c: 0x78d1, 0x134d: 0x78d1, 0x134e: 0x78e9, 0x134f: 0x78e9, 0x1350: 0x78e9, 0x1351: 0x78e9,
+	0x1352: 0x7901, 0x1353: 0x7901, 0x1354: 0x7901, 0x1355: 0x7901, 0x1356: 0x7919, 0x1357: 0x7919,
+	0x1358: 0x7919, 0x1359: 0x7919, 0x135a: 0x7931, 0x135b: 0x7931, 0x135c: 0x7931, 0x135d: 0x7931,
+	0x135e: 0x7949, 0x135f: 0x7949, 0x1360: 0x7961, 0x1361: 0x7961, 0x1362: 0x7961, 0x1363: 0x7961,
+	0x1364: 0x7979, 0x1365: 0x7979, 0x1366: 0x7991, 0x1367: 0x7991, 0x1368: 0x7991, 0x1369: 0x7991,
+	0x136a: 0x79a9, 0x136b: 0x79a9, 0x136c: 0x79a9, 0x136d: 0x79a9, 0x136e: 0x79c1, 0x136f: 0x79c1,
+	0x1370: 0x79d9, 0x1371: 0x79d9, 0x1372: 0x0818, 0x1373: 0x0818, 0x1374: 0x0818, 0x1375: 0x0818,
+	0x1376: 0x0818, 0x1377: 0x0818, 0x1378: 0x0818, 0x1379: 0x0818, 0x137a: 0x0818, 0x137b: 0x0818,
+	0x137c: 0x0818, 0x137d: 0x0818, 0x137e: 0x0818, 0x137f: 0x0818,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x0818, 0x1381: 0x0818, 0x1382: 0x0040, 0x1383: 0x0040, 0x1384: 0x0040, 0x1385: 0x0040,
+	0x1386: 0x0040, 0x1387: 0x0040, 0x1388: 0x0040, 0x1389: 0x0040, 0x138a: 0x0040, 0x138b: 0x0040,
+	0x138c: 0x0040, 0x138d: 0x0040, 0x138e: 0x0040, 0x138f: 0x0040, 0x1390: 0x0040, 0x1391: 0x0040,
+	0x1392: 0x0040, 0x1393: 0x79f1, 0x1394: 0x79f1, 0x1395: 0x79f1, 0x1396: 0x79f1, 0x1397: 0x7a09,
+	0x1398: 0x7a09, 0x1399: 0x7a21, 0x139a: 0x7a21, 0x139b: 0x7a39, 0x139c: 0x7a39, 0x139d: 0x0479,
+	0x139e: 0x7a51, 0x139f: 0x7a51, 0x13a0: 0x7a69, 0x13a1: 0x7a69, 0x13a2: 0x7a81, 0x13a3: 0x7a81,
+	0x13a4: 0x7a99, 0x13a5: 0x7a99, 0x13a6: 0x7a99, 0x13a7: 0x7a99, 0x13a8: 0x7ab1, 0x13a9: 0x7ab1,
+	0x13aa: 0x7ac9, 0x13ab: 0x7ac9, 0x13ac: 0x7af1, 0x13ad: 0x7af1, 0x13ae: 0x7b19, 0x13af: 0x7b19,
+	0x13b0: 0x7b41, 0x13b1: 0x7b41, 0x13b2: 0x7b69, 0x13b3: 0x7b69, 0x13b4: 0x7b91, 0x13b5: 0x7b91,
+	0x13b6: 0x7bb9, 0x13b7: 0x7bb9, 0x13b8: 0x7bb9, 0x13b9: 0x7be1, 0x13ba: 0x7be1, 0x13bb: 0x7be1,
+	0x13bc: 0x7c09, 0x13bd: 0x7c09, 0x13be: 0x7c09, 0x13bf: 0x7c09,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x85f9, 0x13c1: 0x8621, 0x13c2: 0x8649, 0x13c3: 0x8671, 0x13c4: 0x8699, 0x13c5: 0x86c1,
+	0x13c6: 0x86e9, 0x13c7: 0x8711, 0x13c8: 0x8739, 0x13c9: 0x8761, 0x13ca: 0x8789, 0x13cb: 0x87b1,
+	0x13cc: 0x87d9, 0x13cd: 0x8801, 0x13ce: 0x8829, 0x13cf: 0x8851, 0x13d0: 0x8879, 0x13d1: 0x88a1,
+	0x13d2: 0x88c9, 0x13d3: 0x88f1, 0x13d4: 0x8919, 0x13d5: 0x8941, 0x13d6: 0x8969, 0x13d7: 0x8991,
+	0x13d8: 0x89b9, 0x13d9: 0x89e1, 0x13da: 0x8a09, 0x13db: 0x8a31, 0x13dc: 0x8a59, 0x13dd: 0x8a81,
+	0x13de: 0x8aaa, 0x13df: 0x8ada, 0x13e0: 0x8b0a, 0x13e1: 0x8b3a, 0x13e2: 0x8b6a, 0x13e3: 0x8b9a,
+	0x13e4: 0x8bc9, 0x13e5: 0x8bf1, 0x13e6: 0x7c71, 0x13e7: 0x8c19, 0x13e8: 0x7be1, 0x13e9: 0x7c99,
+	0x13ea: 0x8c41, 0x13eb: 0x8c69, 0x13ec: 0x7d39, 0x13ed: 0x8c91, 0x13ee: 0x7d61, 0x13ef: 0x7d89,
+	0x13f0: 0x8cb9, 0x13f1: 0x8ce1, 0x13f2: 0x7e29, 0x13f3: 0x8d09, 0x13f4: 0x7e51, 0x13f5: 0x7e79,
+	0x13f6: 0x8d31, 0x13f7: 0x8d59, 0x13f8: 0x7ec9, 0x13f9: 0x8d81, 0x13fa: 0x7ef1, 0x13fb: 0x7f19,
+	0x13fc: 0x83a1, 0x13fd: 0x83c9, 0x13fe: 0x8441, 0x13ff: 0x8469,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x8491, 0x1401: 0x8531, 0x1402: 0x8559, 0x1403: 0x8581, 0x1404: 0x85a9, 0x1405: 0x8649,
+	0x1406: 0x8671, 0x1407: 0x8699, 0x1408: 0x8da9, 0x1409: 0x8739, 0x140a: 0x8dd1, 0x140b: 0x8df9,
+	0x140c: 0x8829, 0x140d: 0x8e21, 0x140e: 0x8851, 0x140f: 0x8879, 0x1410: 0x8a81, 0x1411: 0x8e49,
+	0x1412: 0x8e71, 0x1413: 0x89b9, 0x1414: 0x8e99, 0x1415: 0x89e1, 0x1416: 0x8a09, 0x1417: 0x7c21,
+	0x1418: 0x7c49, 0x1419: 0x8ec1, 0x141a: 0x7c71, 0x141b: 0x8ee9, 0x141c: 0x7cc1, 0x141d: 0x7ce9,
+	0x141e: 0x7d11, 0x141f: 0x7d39, 0x1420: 0x8f11, 0x1421: 0x7db1, 0x1422: 0x7dd9, 0x1423: 0x7e01,
+	0x1424: 0x7e29, 0x1425: 0x8f39, 0x1426: 0x7ec9, 0x1427: 0x7f41, 0x1428: 0x7f69, 0x1429: 0x7f91,
+	0x142a: 0x7fb9, 0x142b: 0x7fe1, 0x142c: 0x8031, 0x142d: 0x8059, 0x142e: 0x8081, 0x142f: 0x80a9,
+	0x1430: 0x80d1, 0x1431: 0x80f9, 0x1432: 0x8f61, 0x1433: 0x8121, 0x1434: 0x8149, 0x1435: 0x8171,
+	0x1436: 0x8199, 0x1437: 0x81c1, 0x1438: 0x81e9, 0x1439: 0x8239, 0x143a: 0x8261, 0x143b: 0x8289,
+	0x143c: 0x82b1, 0x143d: 0x82d9, 0x143e: 0x8301, 0x143f: 0x8329,
+	// Block 0x51, offset 0x1440
+	0x1440: 0x8351, 0x1441: 0x8379, 0x1442: 0x83f1, 0x1443: 0x8419, 0x1444: 0x84b9, 0x1445: 0x84e1,
+	0x1446: 0x8509, 0x1447: 0x8531, 0x1448: 0x8559, 0x1449: 0x85d1, 0x144a: 0x85f9, 0x144b: 0x8621,
+	0x144c: 0x8649, 0x144d: 0x8f89, 0x144e: 0x86c1, 0x144f: 0x86e9, 0x1450: 0x8711, 0x1451: 0x8739,
+	0x1452: 0x87b1, 0x1453: 0x87d9, 0x1454: 0x8801, 0x1455: 0x8829, 0x1456: 0x8fb1, 0x1457: 0x88a1,
+	0x1458: 0x88c9, 0x1459: 0x8fd9, 0x145a: 0x8941, 0x145b: 0x8969, 0x145c: 0x8991, 0x145d: 0x89b9,
+	0x145e: 0x9001, 0x145f: 0x7c71, 0x1460: 0x8ee9, 0x1461: 0x7d39, 0x1462: 0x8f11, 0x1463: 0x7e29,
+	0x1464: 0x8f39, 0x1465: 0x7ec9, 0x1466: 0x9029, 0x1467: 0x80d1, 0x1468: 0x9051, 0x1469: 0x9079,
+	0x146a: 0x90a1, 0x146b: 0x8531, 0x146c: 0x8559, 0x146d: 0x8649, 0x146e: 0x8829, 0x146f: 0x8fb1,
+	0x1470: 0x89b9, 0x1471: 0x9001, 0x1472: 0x90c9, 0x1473: 0x9101, 0x1474: 0x9139, 0x1475: 0x9171,
+	0x1476: 0x9199, 0x1477: 0x91c1, 0x1478: 0x91e9, 0x1479: 0x9211, 0x147a: 0x9239, 0x147b: 0x9261,
+	0x147c: 0x9289, 0x147d: 0x92b1, 0x147e: 0x92d9, 0x147f: 0x9301,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x9329, 0x1481: 0x9351, 0x1482: 0x9379, 0x1483: 0x93a1, 0x1484: 0x93c9, 0x1485: 0x93f1,
+	0x1486: 0x9419, 0x1487: 0x9441, 0x1488: 0x9469, 0x1489: 0x9491, 0x148a: 0x94b9, 0x148b: 0x94e1,
+	0x148c: 0x9079, 0x148d: 0x9509, 0x148e: 0x9531, 0x148f: 0x9559, 0x1490: 0x9581, 0x1491: 0x9171,
+	0x1492: 0x9199, 0x1493: 0x91c1, 0x1494: 0x91e9, 0x1495: 0x9211, 0x1496: 0x9239, 0x1497: 0x9261,
+	0x1498: 0x9289, 0x1499: 0x92b1, 0x149a: 0x92d9, 0x149b: 0x9301, 0x149c: 0x9329, 0x149d: 0x9351,
+	0x149e: 0x9379, 0x149f: 0x93a1, 0x14a0: 0x93c9, 0x14a1: 0x93f1, 0x14a2: 0x9419, 0x14a3: 0x9441,
+	0x14a4: 0x9469, 0x14a5: 0x9491, 0x14a6: 0x94b9, 0x14a7: 0x94e1, 0x14a8: 0x9079, 0x14a9: 0x9509,
+	0x14aa: 0x9531, 0x14ab: 0x9559, 0x14ac: 0x9581, 0x14ad: 0x9491, 0x14ae: 0x94b9, 0x14af: 0x94e1,
+	0x14b0: 0x9079, 0x14b1: 0x9051, 0x14b2: 0x90a1, 0x14b3: 0x8211, 0x14b4: 0x8059, 0x14b5: 0x8081,
+	0x14b6: 0x80a9, 0x14b7: 0x9491, 0x14b8: 0x94b9, 0x14b9: 0x94e1, 0x14ba: 0x8211, 0x14bb: 0x8239,
+	0x14bc: 0x95a9, 0x14bd: 0x95a9, 0x14be: 0x0018, 0x14bf: 0x0018,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0x0040, 0x14c1: 0x0040, 0x14c2: 0x0040, 0x14c3: 0x0040, 0x14c4: 0x0040, 0x14c5: 0x0040,
+	0x14c6: 0x0040, 0x14c7: 0x0040, 0x14c8: 0x0040, 0x14c9: 0x0040, 0x14ca: 0x0040, 0x14cb: 0x0040,
+	0x14cc: 0x0040, 0x14cd: 0x0040, 0x14ce: 0x0040, 0x14cf: 0x0040, 0x14d0: 0x95d1, 0x14d1: 0x9609,
+	0x14d2: 0x9609, 0x14d3: 0x9641, 0x14d4: 0x9679, 0x14d5: 0x96b1, 0x14d6: 0x96e9, 0x14d7: 0x9721,
+	0x14d8: 0x9759, 0x14d9: 0x9759, 0x14da: 0x9791, 0x14db: 0x97c9, 0x14dc: 0x9801, 0x14dd: 0x9839,
+	0x14de: 0x9871, 0x14df: 0x98a9, 0x14e0: 0x98a9, 0x14e1: 0x98e1, 0x14e2: 0x9919, 0x14e3: 0x9919,
+	0x14e4: 0x9951, 0x14e5: 0x9951, 0x14e6: 0x9989, 0x14e7: 0x99c1, 0x14e8: 0x99c1, 0x14e9: 0x99f9,
+	0x14ea: 0x9a31, 0x14eb: 0x9a31, 0x14ec: 0x9a69, 0x14ed: 0x9a69, 0x14ee: 0x9aa1, 0x14ef: 0x9ad9,
+	0x14f0: 0x9ad9, 0x14f1: 0x9b11, 0x14f2: 0x9b11, 0x14f3: 0x9b49, 0x14f4: 0x9b81, 0x14f5: 0x9bb9,
+	0x14f6: 0x9bf1, 0x14f7: 0x9bf1, 0x14f8: 0x9c29, 0x14f9: 0x9c61, 0x14fa: 0x9c99, 0x14fb: 0x9cd1,
+	0x14fc: 0x9d09, 0x14fd: 0x9d09, 0x14fe: 0x9d41, 0x14ff: 0x9d79,
+	// Block 0x54, offset 0x1500
+	0x1500: 0xa949, 0x1501: 0xa981, 0x1502: 0xa9b9, 0x1503: 0xa8a1, 0x1504: 0x9bb9, 0x1505: 0x9989,
+	0x1506: 0xa9f1, 0x1507: 0xaa29, 0x1508: 0x0040, 0x1509: 0x0040, 0x150a: 0x0040, 0x150b: 0x0040,
+	0x150c: 0x0040, 0x150d: 0x0040, 0x150e: 0x0040, 0x150f: 0x0040, 0x1510: 0x0040, 0x1511: 0x0040,
+	0x1512: 0x0040, 0x1513: 0x0040, 0x1514: 0x0040, 0x1515: 0x0040, 0x1516: 0x0040, 0x1517: 0x0040,
+	0x1518: 0x0040, 0x1519: 0x0040, 0x151a: 0x0040, 0x151b: 0x0040, 0x151c: 0x0040, 0x151d: 0x0040,
+	0x151e: 0x0040, 0x151f: 0x0040, 0x1520: 0x0040, 0x1521: 0x0040, 0x1522: 0x0040, 0x1523: 0x0040,
+	0x1524: 0x0040, 0x1525: 0x0040, 0x1526: 0x0040, 0x1527: 0x0040, 0x1528: 0x0040, 0x1529: 0x0040,
+	0x152a: 0x0040, 0x152b: 0x0040, 0x152c: 0x0040, 0x152d: 0x0040, 0x152e: 0x0040, 0x152f: 0x0040,
+	0x1530: 0xaa61, 0x1531: 0xaa99, 0x1532: 0xaad1, 0x1533: 0xab19, 0x1534: 0xab61, 0x1535: 0xaba9,
+	0x1536: 0xabf1, 0x1537: 0xac39, 0x1538: 0xac81, 0x1539: 0xacc9, 0x153a: 0xad02, 0x153b: 0xae12,
+	0x153c: 0xae91, 0x153d: 0x0018, 0x153e: 0x0040, 0x153f: 0x0040,
+	// Block 0x55, offset 0x1540
+	0x1540: 0x33c0, 0x1541: 0x33c0, 0x1542: 0x33c0, 0x1543: 0x33c0, 0x1544: 0x33c0, 0x1545: 0x33c0,
+	0x1546: 0x33c0, 0x1547: 0x33c0, 0x1548: 0x33c0, 0x1549: 0x33c0, 0x154a: 0x33c0, 0x154b: 0x33c0,
+	0x154c: 0x33c0, 0x154d: 0x33c0, 0x154e: 0x33c0, 0x154f: 0x33c0, 0x1550: 0xaeda, 0x1551: 0x7d55,
+	0x1552: 0x0040, 0x1553: 0xaeea, 0x1554: 0x03c2, 0x1555: 0xaefa, 0x1556: 0xaf0a, 0x1557: 0x7d75,
+	0x1558: 0x7d95, 0x1559: 0x0040, 0x155a: 0x0040, 0x155b: 0x0040, 0x155c: 0x0040, 0x155d: 0x0040,
+	0x155e: 0x0040, 0x155f: 0x0040, 0x1560: 0x3308, 0x1561: 0x3308, 0x1562: 0x3308, 0x1563: 0x3308,
+	0x1564: 0x3308, 0x1565: 0x3308, 0x1566: 0x3308, 0x1567: 0x3308, 0x1568: 0x3308, 0x1569: 0x3308,
+	0x156a: 0x3308, 0x156b: 0x3308, 0x156c: 0x3308, 0x156d: 0x3308, 0x156e: 0x3308, 0x156f: 0x3308,
+	0x1570: 0x0040, 0x1571: 0x7db5, 0x1572: 0x7dd5, 0x1573: 0xaf1a, 0x1574: 0xaf1a, 0x1575: 0x1fd2,
+	0x1576: 0x1fe2, 0x1577: 0xaf2a, 0x1578: 0xaf3a, 0x1579: 0x7df5, 0x157a: 0x7e15, 0x157b: 0x7e35,
+	0x157c: 0x7df5, 0x157d: 0x7e55, 0x157e: 0x7e75, 0x157f: 0x7e55,
+	// Block 0x56, offset 0x1580
+	0x1580: 0x7e95, 0x1581: 0x7eb5, 0x1582: 0x7ed5, 0x1583: 0x7eb5, 0x1584: 0x7ef5, 0x1585: 0x0018,
+	0x1586: 0x0018, 0x1587: 0xaf4a, 0x1588: 0xaf5a, 0x1589: 0x7f16, 0x158a: 0x7f36, 0x158b: 0x7f56,
+	0x158c: 0x7f76, 0x158d: 0xaf1a, 0x158e: 0xaf1a, 0x158f: 0xaf1a, 0x1590: 0xaeda, 0x1591: 0x7f95,
+	0x1592: 0x0040, 0x1593: 0x0040, 0x1594: 0x03c2, 0x1595: 0xaeea, 0x1596: 0xaf0a, 0x1597: 0xaefa,
+	0x1598: 0x7fb5, 0x1599: 0x1fd2, 0x159a: 0x1fe2, 0x159b: 0xaf2a, 0x159c: 0xaf3a, 0x159d: 0x7e95,
+	0x159e: 0x7ef5, 0x159f: 0xaf6a, 0x15a0: 0xaf7a, 0x15a1: 0xaf8a, 0x15a2: 0x1fb2, 0x15a3: 0xaf99,
+	0x15a4: 0xafaa, 0x15a5: 0xafba, 0x15a6: 0x1fc2, 0x15a7: 0x0040, 0x15a8: 0xafca, 0x15a9: 0xafda,
+	0x15aa: 0xafea, 0x15ab: 0xaffa, 0x15ac: 0x0040, 0x15ad: 0x0040, 0x15ae: 0x0040, 0x15af: 0x0040,
+	0x15b0: 0x7fd6, 0x15b1: 0xb009, 0x15b2: 0x7ff6, 0x15b3: 0x0808, 0x15b4: 0x8016, 0x15b5: 0x0040,
+	0x15b6: 0x8036, 0x15b7: 0xb031, 0x15b8: 0x8056, 0x15b9: 0xb059, 0x15ba: 0x8076, 0x15bb: 0xb081,
+	0x15bc: 0x8096, 0x15bd: 0xb0a9, 0x15be: 0x80b6, 0x15bf: 0xb0d1,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0xb0f9, 0x15c1: 0xb111, 0x15c2: 0xb111, 0x15c3: 0xb129, 0x15c4: 0xb129, 0x15c5: 0xb141,
+	0x15c6: 0xb141, 0x15c7: 0xb159, 0x15c8: 0xb159, 0x15c9: 0xb171, 0x15ca: 0xb171, 0x15cb: 0xb171,
+	0x15cc: 0xb171, 0x15cd: 0xb189, 0x15ce: 0xb189, 0x15cf: 0xb1a1, 0x15d0: 0xb1a1, 0x15d1: 0xb1a1,
+	0x15d2: 0xb1a1, 0x15d3: 0xb1b9, 0x15d4: 0xb1b9, 0x15d5: 0xb1d1, 0x15d6: 0xb1d1, 0x15d7: 0xb1d1,
+	0x15d8: 0xb1d1, 0x15d9: 0xb1e9, 0x15da: 0xb1e9, 0x15db: 0xb1e9, 0x15dc: 0xb1e9, 0x15dd: 0xb201,
+	0x15de: 0xb201, 0x15df: 0xb201, 0x15e0: 0xb201, 0x15e1: 0xb219, 0x15e2: 0xb219, 0x15e3: 0xb219,
+	0x15e4: 0xb219, 0x15e5: 0xb231, 0x15e6: 0xb231, 0x15e7: 0xb231, 0x15e8: 0xb231, 0x15e9: 0xb249,
+	0x15ea: 0xb249, 0x15eb: 0xb261, 0x15ec: 0xb261, 0x15ed: 0xb279, 0x15ee: 0xb279, 0x15ef: 0xb291,
+	0x15f0: 0xb291, 0x15f1: 0xb2a9, 0x15f2: 0xb2a9, 0x15f3: 0xb2a9, 0x15f4: 0xb2a9, 0x15f5: 0xb2c1,
+	0x15f6: 0xb2c1, 0x15f7: 0xb2c1, 0x15f8: 0xb2c1, 0x15f9: 0xb2d9, 0x15fa: 0xb2d9, 0x15fb: 0xb2d9,
+	0x15fc: 0xb2d9, 0x15fd: 0xb2f1, 0x15fe: 0xb2f1, 0x15ff: 0xb2f1,
+	// Block 0x58, offset 0x1600
+	0x1600: 0xb2f1, 0x1601: 0xb309, 0x1602: 0xb309, 0x1603: 0xb309, 0x1604: 0xb309, 0x1605: 0xb321,
+	0x1606: 0xb321, 0x1607: 0xb321, 0x1608: 0xb321, 0x1609: 0xb339, 0x160a: 0xb339, 0x160b: 0xb339,
+	0x160c: 0xb339, 0x160d: 0xb351, 0x160e: 0xb351, 0x160f: 0xb351, 0x1610: 0xb351, 0x1611: 0xb369,
+	0x1612: 0xb369, 0x1613: 0xb369, 0x1614: 0xb369, 0x1615: 0xb381, 0x1616: 0xb381, 0x1617: 0xb381,
+	0x1618: 0xb381, 0x1619: 0xb399, 0x161a: 0xb399, 0x161b: 0xb399, 0x161c: 0xb399, 0x161d: 0xb3b1,
+	0x161e: 0xb3b1, 0x161f: 0xb3b1, 0x1620: 0xb3b1, 0x1621: 0xb3c9, 0x1622: 0xb3c9, 0x1623: 0xb3c9,
+	0x1624: 0xb3c9, 0x1625: 0xb3e1, 0x1626: 0xb3e1, 0x1627: 0xb3e1, 0x1628: 0xb3e1, 0x1629: 0xb3f9,
+	0x162a: 0xb3f9, 0x162b: 0xb3f9, 0x162c: 0xb3f9, 0x162d: 0xb411, 0x162e: 0xb411, 0x162f: 0x7ab1,
+	0x1630: 0x7ab1, 0x1631: 0xb429, 0x1632: 0xb429, 0x1633: 0xb429, 0x1634: 0xb429, 0x1635: 0xb441,
+	0x1636: 0xb441, 0x1637: 0xb469, 0x1638: 0xb469, 0x1639: 0xb491, 0x163a: 0xb491, 0x163b: 0xb4b9,
+	0x163c: 0xb4b9, 0x163d: 0x0040, 0x163e: 0x0040, 0x163f: 0x03c0,
+	// Block 0x59, offset 0x1640
+	0x1640: 0x0040, 0x1641: 0xaefa, 0x1642: 0xb4e2, 0x1643: 0xaf6a, 0x1644: 0xafda, 0x1645: 0xafea,
+	0x1646: 0xaf7a, 0x1647: 0xb4f2, 0x1648: 0x1fd2, 0x1649: 0x1fe2, 0x164a: 0xaf8a, 0x164b: 0x1fb2,
+	0x164c: 0xaeda, 0x164d: 0xaf99, 0x164e: 0x29d1, 0x164f: 0xb502, 0x1650: 0x1f41, 0x1651: 0x00c9,
+	0x1652: 0x0069, 0x1653: 0x0079, 0x1654: 0x1f51, 0x1655: 0x1f61, 0x1656: 0x1f71, 0x1657: 0x1f81,
+	0x1658: 0x1f91, 0x1659: 0x1fa1, 0x165a: 0xaeea, 0x165b: 0x03c2, 0x165c: 0xafaa, 0x165d: 0x1fc2,
+	0x165e: 0xafba, 0x165f: 0xaf0a, 0x1660: 0xaffa, 0x1661: 0x0039, 0x1662: 0x0ee9, 0x1663: 0x1159,
+	0x1664: 0x0ef9, 0x1665: 0x0f09, 0x1666: 0x1199, 0x1667: 0x0f31, 0x1668: 0x0249, 0x1669: 0x0f41,
+	0x166a: 0x0259, 0x166b: 0x0f51, 0x166c: 0x0359, 0x166d: 0x0f61, 0x166e: 0x0f71, 0x166f: 0x00d9,
+	0x1670: 0x0f99, 0x1671: 0x2039, 0x1672: 0x0269, 0x1673: 0x01d9, 0x1674: 0x0fa9, 0x1675: 0x0fb9,
+	0x1676: 0x1089, 0x1677: 0x0279, 0x1678: 0x0369, 0x1679: 0x0289, 0x167a: 0x13d1, 0x167b: 0xaf4a,
+	0x167c: 0xafca, 0x167d: 0xaf5a, 0x167e: 0xb512, 0x167f: 0xaf1a,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x1caa, 0x1681: 0x0039, 0x1682: 0x0ee9, 0x1683: 0x1159, 0x1684: 0x0ef9, 0x1685: 0x0f09,
+	0x1686: 0x1199, 0x1687: 0x0f31, 0x1688: 0x0249, 0x1689: 0x0f41, 0x168a: 0x0259, 0x168b: 0x0f51,
+	0x168c: 0x0359, 0x168d: 0x0f61, 0x168e: 0x0f71, 0x168f: 0x00d9, 0x1690: 0x0f99, 0x1691: 0x2039,
+	0x1692: 0x0269, 0x1693: 0x01d9, 0x1694: 0x0fa9, 0x1695: 0x0fb9, 0x1696: 0x1089, 0x1697: 0x0279,
+	0x1698: 0x0369, 0x1699: 0x0289, 0x169a: 0x13d1, 0x169b: 0xaf2a, 0x169c: 0xb522, 0x169d: 0xaf3a,
+	0x169e: 0xb532, 0x169f: 0x80d5, 0x16a0: 0x80f5, 0x16a1: 0x29d1, 0x16a2: 0x8115, 0x16a3: 0x8115,
+	0x16a4: 0x8135, 0x16a5: 0x8155, 0x16a6: 0x8175, 0x16a7: 0x8195, 0x16a8: 0x81b5, 0x16a9: 0x81d5,
+	0x16aa: 0x81f5, 0x16ab: 0x8215, 0x16ac: 0x8235, 0x16ad: 0x8255, 0x16ae: 0x8275, 0x16af: 0x8295,
+	0x16b0: 0x82b5, 0x16b1: 0x82d5, 0x16b2: 0x82f5, 0x16b3: 0x8315, 0x16b4: 0x8335, 0x16b5: 0x8355,
+	0x16b6: 0x8375, 0x16b7: 0x8395, 0x16b8: 0x83b5, 0x16b9: 0x83d5, 0x16ba: 0x83f5, 0x16bb: 0x8415,
+	0x16bc: 0x81b5, 0x16bd: 0x8435, 0x16be: 0x8455, 0x16bf: 0x8215,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x8475, 0x16c1: 0x8495, 0x16c2: 0x84b5, 0x16c3: 0x84d5, 0x16c4: 0x84f5, 0x16c5: 0x8515,
+	0x16c6: 0x8535, 0x16c7: 0x8555, 0x16c8: 0x84d5, 0x16c9: 0x8575, 0x16ca: 0x84d5, 0x16cb: 0x8595,
+	0x16cc: 0x8595, 0x16cd: 0x85b5, 0x16ce: 0x85b5, 0x16cf: 0x85d5, 0x16d0: 0x8515, 0x16d1: 0x85f5,
+	0x16d2: 0x8615, 0x16d3: 0x85f5, 0x16d4: 0x8635, 0x16d5: 0x8615, 0x16d6: 0x8655, 0x16d7: 0x8655,
+	0x16d8: 0x8675, 0x16d9: 0x8675, 0x16da: 0x8695, 0x16db: 0x8695, 0x16dc: 0x8615, 0x16dd: 0x8115,
+	0x16de: 0x86b5, 0x16df: 0x86d5, 0x16e0: 0x0040, 0x16e1: 0x86f5, 0x16e2: 0x8715, 0x16e3: 0x8735,
+	0x16e4: 0x8755, 0x16e5: 0x8735, 0x16e6: 0x8775, 0x16e7: 0x8795, 0x16e8: 0x87b5, 0x16e9: 0x87b5,
+	0x16ea: 0x87d5, 0x16eb: 0x87d5, 0x16ec: 0x87f5, 0x16ed: 0x87f5, 0x16ee: 0x87d5, 0x16ef: 0x87d5,
+	0x16f0: 0x8815, 0x16f1: 0x8835, 0x16f2: 0x8855, 0x16f3: 0x8875, 0x16f4: 0x8895, 0x16f5: 0x88b5,
+	0x16f6: 0x88b5, 0x16f7: 0x88b5, 0x16f8: 0x88d5, 0x16f9: 0x88d5, 0x16fa: 0x88d5, 0x16fb: 0x88d5,
+	0x16fc: 0x87b5, 0x16fd: 0x87b5, 0x16fe: 0x87b5, 0x16ff: 0x0040,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x0040, 0x1701: 0x0040, 0x1702: 0x8715, 0x1703: 0x86f5, 0x1704: 0x88f5, 0x1705: 0x86f5,
+	0x1706: 0x8715, 0x1707: 0x86f5, 0x1708: 0x0040, 0x1709: 0x0040, 0x170a: 0x8915, 0x170b: 0x8715,
+	0x170c: 0x8935, 0x170d: 0x88f5, 0x170e: 0x8935, 0x170f: 0x8715, 0x1710: 0x0040, 0x1711: 0x0040,
+	0x1712: 0x8955, 0x1713: 0x8975, 0x1714: 0x8875, 0x1715: 0x8935, 0x1716: 0x88f5, 0x1717: 0x8935,
+	0x1718: 0x0040, 0x1719: 0x0040, 0x171a: 0x8995, 0x171b: 0x89b5, 0x171c: 0x8995, 0x171d: 0x0040,
+	0x171e: 0x0040, 0x171f: 0x0040, 0x1720: 0xb541, 0x1721: 0xb559, 0x1722: 0xb571, 0x1723: 0x89d6,
+	0x1724: 0xb589, 0x1725: 0xb5a1, 0x1726: 0x89f5, 0x1727: 0x0040, 0x1728: 0x8a15, 0x1729: 0x8a35,
+	0x172a: 0x8a55, 0x172b: 0x8a35, 0x172c: 0x8a75, 0x172d: 0x8a95, 0x172e: 0x8ab5, 0x172f: 0x0040,
+	0x1730: 0x0040, 0x1731: 0x0040, 0x1732: 0x0040, 0x1733: 0x0040, 0x1734: 0x0040, 0x1735: 0x0040,
+	0x1736: 0x0040, 0x1737: 0x0040, 0x1738: 0x0040, 0x1739: 0x0340, 0x173a: 0x0340, 0x173b: 0x0340,
+	0x173c: 0x0040, 0x173d: 0x0040, 0x173e: 0x0040, 0x173f: 0x0040,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x0a08, 0x1741: 0x0a08, 0x1742: 0x0a08, 0x1743: 0x0a08, 0x1744: 0x0a08, 0x1745: 0x0c08,
+	0x1746: 0x0808, 0x1747: 0x0c08, 0x1748: 0x0818, 0x1749: 0x0c08, 0x174a: 0x0c08, 0x174b: 0x0808,
+	0x174c: 0x0808, 0x174d: 0x0908, 0x174e: 0x0c08, 0x174f: 0x0c08, 0x1750: 0x0c08, 0x1751: 0x0c08,
+	0x1752: 0x0c08, 0x1753: 0x0a08, 0x1754: 0x0a08, 0x1755: 0x0a08, 0x1756: 0x0a08, 0x1757: 0x0908,
+	0x1758: 0x0a08, 0x1759: 0x0a08, 0x175a: 0x0a08, 0x175b: 0x0a08, 0x175c: 0x0a08, 0x175d: 0x0c08,
+	0x175e: 0x0a08, 0x175f: 0x0a08, 0x1760: 0x0a08, 0x1761: 0x0c08, 0x1762: 0x0808, 0x1763: 0x0808,
+	0x1764: 0x0c08, 0x1765: 0x3308, 0x1766: 0x3308, 0x1767: 0x0040, 0x1768: 0x0040, 0x1769: 0x0040,
+	0x176a: 0x0040, 0x176b: 0x0a18, 0x176c: 0x0a18, 0x176d: 0x0a18, 0x176e: 0x0a18, 0x176f: 0x0c18,
+	0x1770: 0x0818, 0x1771: 0x0818, 0x1772: 0x0818, 0x1773: 0x0818, 0x1774: 0x0818, 0x1775: 0x0818,
+	0x1776: 0x0818, 0x1777: 0x0040, 0x1778: 0x0040, 0x1779: 0x0040, 0x177a: 0x0040, 0x177b: 0x0040,
+	0x177c: 0x0040, 0x177d: 0x0040, 0x177e: 0x0040, 0x177f: 0x0040,
+	// Block 0x5e, offset 0x1780
+	0x1780: 0x0a08, 0x1781: 0x0c08, 0x1782: 0x0a08, 0x1783: 0x0c08, 0x1784: 0x0c08, 0x1785: 0x0c08,
+	0x1786: 0x0a08, 0x1787: 0x0a08, 0x1788: 0x0a08, 0x1789: 0x0c08, 0x178a: 0x0a08, 0x178b: 0x0a08,
+	0x178c: 0x0c08, 0x178d: 0x0a08, 0x178e: 0x0c08, 0x178f: 0x0c08, 0x1790: 0x0a08, 0x1791: 0x0c08,
+	0x1792: 0x0040, 0x1793: 0x0040, 0x1794: 0x0040, 0x1795: 0x0040, 0x1796: 0x0040, 0x1797: 0x0040,
+	0x1798: 0x0040, 0x1799: 0x0818, 0x179a: 0x0818, 0x179b: 0x0818, 0x179c: 0x0818, 0x179d: 0x0040,
+	0x179e: 0x0040, 0x179f: 0x0040, 0x17a0: 0x0040, 0x17a1: 0x0040, 0x17a2: 0x0040, 0x17a3: 0x0040,
+	0x17a4: 0x0040, 0x17a5: 0x0040, 0x17a6: 0x0040, 0x17a7: 0x0040, 0x17a8: 0x0040, 0x17a9: 0x0c18,
+	0x17aa: 0x0c18, 0x17ab: 0x0c18, 0x17ac: 0x0c18, 0x17ad: 0x0a18, 0x17ae: 0x0a18, 0x17af: 0x0818,
+	0x17b0: 0x0040, 0x17b1: 0x0040, 0x17b2: 0x0040, 0x17b3: 0x0040, 0x17b4: 0x0040, 0x17b5: 0x0040,
+	0x17b6: 0x0040, 0x17b7: 0x0040, 0x17b8: 0x0040, 0x17b9: 0x0040, 0x17ba: 0x0040, 0x17bb: 0x0040,
+	0x17bc: 0x0040, 0x17bd: 0x0040, 0x17be: 0x0040, 0x17bf: 0x0040,
+	// Block 0x5f, offset 0x17c0
+	0x17c0: 0x3308, 0x17c1: 0x3308, 0x17c2: 0x3008, 0x17c3: 0x3008, 0x17c4: 0x0040, 0x17c5: 0x0008,
+	0x17c6: 0x0008, 0x17c7: 0x0008, 0x17c8: 0x0008, 0x17c9: 0x0008, 0x17ca: 0x0008, 0x17cb: 0x0008,
+	0x17cc: 0x0008, 0x17cd: 0x0040, 0x17ce: 0x0040, 0x17cf: 0x0008, 0x17d0: 0x0008, 0x17d1: 0x0040,
+	0x17d2: 0x0040, 0x17d3: 0x0008, 0x17d4: 0x0008, 0x17d5: 0x0008, 0x17d6: 0x0008, 0x17d7: 0x0008,
+	0x17d8: 0x0008, 0x17d9: 0x0008, 0x17da: 0x0008, 0x17db: 0x0008, 0x17dc: 0x0008, 0x17dd: 0x0008,
+	0x17de: 0x0008, 0x17df: 0x0008, 0x17e0: 0x0008, 0x17e1: 0x0008, 0x17e2: 0x0008, 0x17e3: 0x0008,
+	0x17e4: 0x0008, 0x17e5: 0x0008, 0x17e6: 0x0008, 0x17e7: 0x0008, 0x17e8: 0x0008, 0x17e9: 0x0040,
+	0x17ea: 0x0008, 0x17eb: 0x0008, 0x17ec: 0x0008, 0x17ed: 0x0008, 0x17ee: 0x0008, 0x17ef: 0x0008,
+	0x17f0: 0x0008, 0x17f1: 0x0040, 0x17f2: 0x0008, 0x17f3: 0x0008, 0x17f4: 0x0040, 0x17f5: 0x0008,
+	0x17f6: 0x0008, 0x17f7: 0x0008, 0x17f8: 0x0008, 0x17f9: 0x0008, 0x17fa: 0x0040, 0x17fb: 0x3308,
+	0x17fc: 0x3308, 0x17fd: 0x0008, 0x17fe: 0x3008, 0x17ff: 0x3008,
+	// Block 0x60, offset 0x1800
+	0x1800: 0x3308, 0x1801: 0x3008, 0x1802: 0x3008, 0x1803: 0x3008, 0x1804: 0x3008, 0x1805: 0x0040,
+	0x1806: 0x0040, 0x1807: 0x3008, 0x1808: 0x3008, 0x1809: 0x0040, 0x180a: 0x0040, 0x180b: 0x3008,
+	0x180c: 0x3008, 0x180d: 0x3808, 0x180e: 0x0040, 0x180f: 0x0040, 0x1810: 0x0008, 0x1811: 0x0040,
+	0x1812: 0x0040, 0x1813: 0x0040, 0x1814: 0x0040, 0x1815: 0x0040, 0x1816: 0x0040, 0x1817: 0x3008,
+	0x1818: 0x0040, 0x1819: 0x0040, 0x181a: 0x0040, 0x181b: 0x0040, 0x181c: 0x0040, 0x181d: 0x0008,
+	0x181e: 0x0008, 0x181f: 0x0008, 0x1820: 0x0008, 0x1821: 0x0008, 0x1822: 0x3008, 0x1823: 0x3008,
+	0x1824: 0x0040, 0x1825: 0x0040, 0x1826: 0x3308, 0x1827: 0x3308, 0x1828: 0x3308, 0x1829: 0x3308,
+	0x182a: 0x3308, 0x182b: 0x3308, 0x182c: 0x3308, 0x182d: 0x0040, 0x182e: 0x0040, 0x182f: 0x0040,
+	0x1830: 0x3308, 0x1831: 0x3308, 0x1832: 0x3308, 0x1833: 0x3308, 0x1834: 0x3308, 0x1835: 0x0040,
+	0x1836: 0x0040, 0x1837: 0x0040, 0x1838: 0x0040, 0x1839: 0x0040, 0x183a: 0x0040, 0x183b: 0x0040,
+	0x183c: 0x0040, 0x183d: 0x0040, 0x183e: 0x0040, 0x183f: 0x0040,
+	// Block 0x61, offset 0x1840
+	0x1840: 0x0039, 0x1841: 0x0ee9, 0x1842: 0x1159, 0x1843: 0x0ef9, 0x1844: 0x0f09, 0x1845: 0x1199,
+	0x1846: 0x0f31, 0x1847: 0x0249, 0x1848: 0x0f41, 0x1849: 0x0259, 0x184a: 0x0f51, 0x184b: 0x0359,
+	0x184c: 0x0f61, 0x184d: 0x0f71, 0x184e: 0x00d9, 0x184f: 0x0f99, 0x1850: 0x2039, 0x1851: 0x0269,
+	0x1852: 0x01d9, 0x1853: 0x0fa9, 0x1854: 0x0fb9, 0x1855: 0x1089, 0x1856: 0x0279, 0x1857: 0x0369,
+	0x1858: 0x0289, 0x1859: 0x13d1, 0x185a: 0x0039, 0x185b: 0x0ee9, 0x185c: 0x1159, 0x185d: 0x0ef9,
+	0x185e: 0x0f09, 0x185f: 0x1199, 0x1860: 0x0f31, 0x1861: 0x0249, 0x1862: 0x0f41, 0x1863: 0x0259,
+	0x1864: 0x0f51, 0x1865: 0x0359, 0x1866: 0x0f61, 0x1867: 0x0f71, 0x1868: 0x00d9, 0x1869: 0x0f99,
+	0x186a: 0x2039, 0x186b: 0x0269, 0x186c: 0x01d9, 0x186d: 0x0fa9, 0x186e: 0x0fb9, 0x186f: 0x1089,
+	0x1870: 0x0279, 0x1871: 0x0369, 0x1872: 0x0289, 0x1873: 0x13d1, 0x1874: 0x0039, 0x1875: 0x0ee9,
+	0x1876: 0x1159, 0x1877: 0x0ef9, 0x1878: 0x0f09, 0x1879: 0x1199, 0x187a: 0x0f31, 0x187b: 0x0249,
+	0x187c: 0x0f41, 0x187d: 0x0259, 0x187e: 0x0f51, 0x187f: 0x0359,
+	// Block 0x62, offset 0x1880
+	0x1880: 0x0f61, 0x1881: 0x0f71, 0x1882: 0x00d9, 0x1883: 0x0f99, 0x1884: 0x2039, 0x1885: 0x0269,
+	0x1886: 0x01d9, 0x1887: 0x0fa9, 0x1888: 0x0fb9, 0x1889: 0x1089, 0x188a: 0x0279, 0x188b: 0x0369,
+	0x188c: 0x0289, 0x188d: 0x13d1, 0x188e: 0x0039, 0x188f: 0x0ee9, 0x1890: 0x1159, 0x1891: 0x0ef9,
+	0x1892: 0x0f09, 0x1893: 0x1199, 0x1894: 0x0f31, 0x1895: 0x0040, 0x1896: 0x0f41, 0x1897: 0x0259,
+	0x1898: 0x0f51, 0x1899: 0x0359, 0x189a: 0x0f61, 0x189b: 0x0f71, 0x189c: 0x00d9, 0x189d: 0x0f99,
+	0x189e: 0x2039, 0x189f: 0x0269, 0x18a0: 0x01d9, 0x18a1: 0x0fa9, 0x18a2: 0x0fb9, 0x18a3: 0x1089,
+	0x18a4: 0x0279, 0x18a5: 0x0369, 0x18a6: 0x0289, 0x18a7: 0x13d1, 0x18a8: 0x0039, 0x18a9: 0x0ee9,
+	0x18aa: 0x1159, 0x18ab: 0x0ef9, 0x18ac: 0x0f09, 0x18ad: 0x1199, 0x18ae: 0x0f31, 0x18af: 0x0249,
+	0x18b0: 0x0f41, 0x18b1: 0x0259, 0x18b2: 0x0f51, 0x18b3: 0x0359, 0x18b4: 0x0f61, 0x18b5: 0x0f71,
+	0x18b6: 0x00d9, 0x18b7: 0x0f99, 0x18b8: 0x2039, 0x18b9: 0x0269, 0x18ba: 0x01d9, 0x18bb: 0x0fa9,
+	0x18bc: 0x0fb9, 0x18bd: 0x1089, 0x18be: 0x0279, 0x18bf: 0x0369,
+	// Block 0x63, offset 0x18c0
+	0x18c0: 0x0289, 0x18c1: 0x13d1, 0x18c2: 0x0039, 0x18c3: 0x0ee9, 0x18c4: 0x1159, 0x18c5: 0x0ef9,
+	0x18c6: 0x0f09, 0x18c7: 0x1199, 0x18c8: 0x0f31, 0x18c9: 0x0249, 0x18ca: 0x0f41, 0x18cb: 0x0259,
+	0x18cc: 0x0f51, 0x18cd: 0x0359, 0x18ce: 0x0f61, 0x18cf: 0x0f71, 0x18d0: 0x00d9, 0x18d1: 0x0f99,
+	0x18d2: 0x2039, 0x18d3: 0x0269, 0x18d4: 0x01d9, 0x18d5: 0x0fa9, 0x18d6: 0x0fb9, 0x18d7: 0x1089,
+	0x18d8: 0x0279, 0x18d9: 0x0369, 0x18da: 0x0289, 0x18db: 0x13d1, 0x18dc: 0x0039, 0x18dd: 0x0040,
+	0x18de: 0x1159, 0x18df: 0x0ef9, 0x18e0: 0x0040, 0x18e1: 0x0040, 0x18e2: 0x0f31, 0x18e3: 0x0040,
+	0x18e4: 0x0040, 0x18e5: 0x0259, 0x18e6: 0x0f51, 0x18e7: 0x0040, 0x18e8: 0x0040, 0x18e9: 0x0f71,
+	0x18ea: 0x00d9, 0x18eb: 0x0f99, 0x18ec: 0x2039, 0x18ed: 0x0040, 0x18ee: 0x01d9, 0x18ef: 0x0fa9,
+	0x18f0: 0x0fb9, 0x18f1: 0x1089, 0x18f2: 0x0279, 0x18f3: 0x0369, 0x18f4: 0x0289, 0x18f5: 0x13d1,
+	0x18f6: 0x0039, 0x18f7: 0x0ee9, 0x18f8: 0x1159, 0x18f9: 0x0ef9, 0x18fa: 0x0040, 0x18fb: 0x1199,
+	0x18fc: 0x0040, 0x18fd: 0x0249, 0x18fe: 0x0f41, 0x18ff: 0x0259,
+	// Block 0x64, offset 0x1900
+	0x1900: 0x0f51, 0x1901: 0x0359, 0x1902: 0x0f61, 0x1903: 0x0f71, 0x1904: 0x0040, 0x1905: 0x0f99,
+	0x1906: 0x2039, 0x1907: 0x0269, 0x1908: 0x01d9, 0x1909: 0x0fa9, 0x190a: 0x0fb9, 0x190b: 0x1089,
+	0x190c: 0x0279, 0x190d: 0x0369, 0x190e: 0x0289, 0x190f: 0x13d1, 0x1910: 0x0039, 0x1911: 0x0ee9,
+	0x1912: 0x1159, 0x1913: 0x0ef9, 0x1914: 0x0f09, 0x1915: 0x1199, 0x1916: 0x0f31, 0x1917: 0x0249,
+	0x1918: 0x0f41, 0x1919: 0x0259, 0x191a: 0x0f51, 0x191b: 0x0359, 0x191c: 0x0f61, 0x191d: 0x0f71,
+	0x191e: 0x00d9, 0x191f: 0x0f99, 0x1920: 0x2039, 0x1921: 0x0269, 0x1922: 0x01d9, 0x1923: 0x0fa9,
+	0x1924: 0x0fb9, 0x1925: 0x1089, 0x1926: 0x0279, 0x1927: 0x0369, 0x1928: 0x0289, 0x1929: 0x13d1,
+	0x192a: 0x0039, 0x192b: 0x0ee9, 0x192c: 0x1159, 0x192d: 0x0ef9, 0x192e: 0x0f09, 0x192f: 0x1199,
+	0x1930: 0x0f31, 0x1931: 0x0249, 0x1932: 0x0f41, 0x1933: 0x0259, 0x1934: 0x0f51, 0x1935: 0x0359,
+	0x1936: 0x0f61, 0x1937: 0x0f71, 0x1938: 0x00d9, 0x1939: 0x0f99, 0x193a: 0x2039, 0x193b: 0x0269,
+	0x193c: 0x01d9, 0x193d: 0x0fa9, 0x193e: 0x0fb9, 0x193f: 0x1089,
+	// Block 0x65, offset 0x1940
+	0x1940: 0x0279, 0x1941: 0x0369, 0x1942: 0x0289, 0x1943: 0x13d1, 0x1944: 0x0039, 0x1945: 0x0ee9,
+	0x1946: 0x0040, 0x1947: 0x0ef9, 0x1948: 0x0f09, 0x1949: 0x1199, 0x194a: 0x0f31, 0x194b: 0x0040,
+	0x194c: 0x0040, 0x194d: 0x0259, 0x194e: 0x0f51, 0x194f: 0x0359, 0x1950: 0x0f61, 0x1951: 0x0f71,
+	0x1952: 0x00d9, 0x1953: 0x0f99, 0x1954: 0x2039, 0x1955: 0x0040, 0x1956: 0x01d9, 0x1957: 0x0fa9,
+	0x1958: 0x0fb9, 0x1959: 0x1089, 0x195a: 0x0279, 0x195b: 0x0369, 0x195c: 0x0289, 0x195d: 0x0040,
+	0x195e: 0x0039, 0x195f: 0x0ee9, 0x1960: 0x1159, 0x1961: 0x0ef9, 0x1962: 0x0f09, 0x1963: 0x1199,
+	0x1964: 0x0f31, 0x1965: 0x0249, 0x1966: 0x0f41, 0x1967: 0x0259, 0x1968: 0x0f51, 0x1969: 0x0359,
+	0x196a: 0x0f61, 0x196b: 0x0f71, 0x196c: 0x00d9, 0x196d: 0x0f99, 0x196e: 0x2039, 0x196f: 0x0269,
+	0x1970: 0x01d9, 0x1971: 0x0fa9, 0x1972: 0x0fb9, 0x1973: 0x1089, 0x1974: 0x0279, 0x1975: 0x0369,
+	0x1976: 0x0289, 0x1977: 0x13d1, 0x1978: 0x0039, 0x1979: 0x0ee9, 0x197a: 0x0040, 0x197b: 0x0ef9,
+	0x197c: 0x0f09, 0x197d: 0x1199, 0x197e: 0x0f31, 0x197f: 0x0040,
+	// Block 0x66, offset 0x1980
+	0x1980: 0x0f41, 0x1981: 0x0259, 0x1982: 0x0f51, 0x1983: 0x0359, 0x1984: 0x0f61, 0x1985: 0x0040,
+	0x1986: 0x00d9, 0x1987: 0x0040, 0x1988: 0x0040, 0x1989: 0x0040, 0x198a: 0x01d9, 0x198b: 0x0fa9,
+	0x198c: 0x0fb9, 0x198d: 0x1089, 0x198e: 0x0279, 0x198f: 0x0369, 0x1990: 0x0289, 0x1991: 0x0040,
+	0x1992: 0x0039, 0x1993: 0x0ee9, 0x1994: 0x1159, 0x1995: 0x0ef9, 0x1996: 0x0f09, 0x1997: 0x1199,
+	0x1998: 0x0f31, 0x1999: 0x0249, 0x199a: 0x0f41, 0x199b: 0x0259, 0x199c: 0x0f51, 0x199d: 0x0359,
+	0x199e: 0x0f61, 0x199f: 0x0f71, 0x19a0: 0x00d9, 0x19a1: 0x0f99, 0x19a2: 0x2039, 0x19a3: 0x0269,
+	0x19a4: 0x01d9, 0x19a5: 0x0fa9, 0x19a6: 0x0fb9, 0x19a7: 0x1089, 0x19a8: 0x0279, 0x19a9: 0x0369,
+	0x19aa: 0x0289, 0x19ab: 0x13d1, 0x19ac: 0x0039, 0x19ad: 0x0ee9, 0x19ae: 0x1159, 0x19af: 0x0ef9,
+	0x19b0: 0x0f09, 0x19b1: 0x1199, 0x19b2: 0x0f31, 0x19b3: 0x0249, 0x19b4: 0x0f41, 0x19b5: 0x0259,
+	0x19b6: 0x0f51, 0x19b7: 0x0359, 0x19b8: 0x0f61, 0x19b9: 0x0f71, 0x19ba: 0x00d9, 0x19bb: 0x0f99,
+	0x19bc: 0x2039, 0x19bd: 0x0269, 0x19be: 0x01d9, 0x19bf: 0x0fa9,
+	// Block 0x67, offset 0x19c0
+	0x19c0: 0x0fb9, 0x19c1: 0x1089, 0x19c2: 0x0279, 0x19c3: 0x0369, 0x19c4: 0x0289, 0x19c5: 0x13d1,
+	0x19c6: 0x0039, 0x19c7: 0x0ee9, 0x19c8: 0x1159, 0x19c9: 0x0ef9, 0x19ca: 0x0f09, 0x19cb: 0x1199,
+	0x19cc: 0x0f31, 0x19cd: 0x0249, 0x19ce: 0x0f41, 0x19cf: 0x0259, 0x19d0: 0x0f51, 0x19d1: 0x0359,
+	0x19d2: 0x0f61, 0x19d3: 0x0f71, 0x19d4: 0x00d9, 0x19d5: 0x0f99, 0x19d6: 0x2039, 0x19d7: 0x0269,
+	0x19d8: 0x01d9, 0x19d9: 0x0fa9, 0x19da: 0x0fb9, 0x19db: 0x1089, 0x19dc: 0x0279, 0x19dd: 0x0369,
+	0x19de: 0x0289, 0x19df: 0x13d1, 0x19e0: 0x0039, 0x19e1: 0x0ee9, 0x19e2: 0x1159, 0x19e3: 0x0ef9,
+	0x19e4: 0x0f09, 0x19e5: 0x1199, 0x19e6: 0x0f31, 0x19e7: 0x0249, 0x19e8: 0x0f41, 0x19e9: 0x0259,
+	0x19ea: 0x0f51, 0x19eb: 0x0359, 0x19ec: 0x0f61, 0x19ed: 0x0f71, 0x19ee: 0x00d9, 0x19ef: 0x0f99,
+	0x19f0: 0x2039, 0x19f1: 0x0269, 0x19f2: 0x01d9, 0x19f3: 0x0fa9, 0x19f4: 0x0fb9, 0x19f5: 0x1089,
+	0x19f6: 0x0279, 0x19f7: 0x0369, 0x19f8: 0x0289, 0x19f9: 0x13d1, 0x19fa: 0x0039, 0x19fb: 0x0ee9,
+	0x19fc: 0x1159, 0x19fd: 0x0ef9, 0x19fe: 0x0f09, 0x19ff: 0x1199,
+	// Block 0x68, offset 0x1a00
+	0x1a00: 0x0f31, 0x1a01: 0x0249, 0x1a02: 0x0f41, 0x1a03: 0x0259, 0x1a04: 0x0f51, 0x1a05: 0x0359,
+	0x1a06: 0x0f61, 0x1a07: 0x0f71, 0x1a08: 0x00d9, 0x1a09: 0x0f99, 0x1a0a: 0x2039, 0x1a0b: 0x0269,
+	0x1a0c: 0x01d9, 0x1a0d: 0x0fa9, 0x1a0e: 0x0fb9, 0x1a0f: 0x1089, 0x1a10: 0x0279, 0x1a11: 0x0369,
+	0x1a12: 0x0289, 0x1a13: 0x13d1, 0x1a14: 0x0039, 0x1a15: 0x0ee9, 0x1a16: 0x1159, 0x1a17: 0x0ef9,
+	0x1a18: 0x0f09, 0x1a19: 0x1199, 0x1a1a: 0x0f31, 0x1a1b: 0x0249, 0x1a1c: 0x0f41, 0x1a1d: 0x0259,
+	0x1a1e: 0x0f51, 0x1a1f: 0x0359, 0x1a20: 0x0f61, 0x1a21: 0x0f71, 0x1a22: 0x00d9, 0x1a23: 0x0f99,
+	0x1a24: 0x2039, 0x1a25: 0x0269, 0x1a26: 0x01d9, 0x1a27: 0x0fa9, 0x1a28: 0x0fb9, 0x1a29: 0x1089,
+	0x1a2a: 0x0279, 0x1a2b: 0x0369, 0x1a2c: 0x0289, 0x1a2d: 0x13d1, 0x1a2e: 0x0039, 0x1a2f: 0x0ee9,
+	0x1a30: 0x1159, 0x1a31: 0x0ef9, 0x1a32: 0x0f09, 0x1a33: 0x1199, 0x1a34: 0x0f31, 0x1a35: 0x0249,
+	0x1a36: 0x0f41, 0x1a37: 0x0259, 0x1a38: 0x0f51, 0x1a39: 0x0359, 0x1a3a: 0x0f61, 0x1a3b: 0x0f71,
+	0x1a3c: 0x00d9, 0x1a3d: 0x0f99, 0x1a3e: 0x2039, 0x1a3f: 0x0269,
+	// Block 0x69, offset 0x1a40
+	0x1a40: 0x01d9, 0x1a41: 0x0fa9, 0x1a42: 0x0fb9, 0x1a43: 0x1089, 0x1a44: 0x0279, 0x1a45: 0x0369,
+	0x1a46: 0x0289, 0x1a47: 0x13d1, 0x1a48: 0x0039, 0x1a49: 0x0ee9, 0x1a4a: 0x1159, 0x1a4b: 0x0ef9,
+	0x1a4c: 0x0f09, 0x1a4d: 0x1199, 0x1a4e: 0x0f31, 0x1a4f: 0x0249, 0x1a50: 0x0f41, 0x1a51: 0x0259,
+	0x1a52: 0x0f51, 0x1a53: 0x0359, 0x1a54: 0x0f61, 0x1a55: 0x0f71, 0x1a56: 0x00d9, 0x1a57: 0x0f99,
+	0x1a58: 0x2039, 0x1a59: 0x0269, 0x1a5a: 0x01d9, 0x1a5b: 0x0fa9, 0x1a5c: 0x0fb9, 0x1a5d: 0x1089,
+	0x1a5e: 0x0279, 0x1a5f: 0x0369, 0x1a60: 0x0289, 0x1a61: 0x13d1, 0x1a62: 0x0039, 0x1a63: 0x0ee9,
+	0x1a64: 0x1159, 0x1a65: 0x0ef9, 0x1a66: 0x0f09, 0x1a67: 0x1199, 0x1a68: 0x0f31, 0x1a69: 0x0249,
+	0x1a6a: 0x0f41, 0x1a6b: 0x0259, 0x1a6c: 0x0f51, 0x1a6d: 0x0359, 0x1a6e: 0x0f61, 0x1a6f: 0x0f71,
+	0x1a70: 0x00d9, 0x1a71: 0x0f99, 0x1a72: 0x2039, 0x1a73: 0x0269, 0x1a74: 0x01d9, 0x1a75: 0x0fa9,
+	0x1a76: 0x0fb9, 0x1a77: 0x1089, 0x1a78: 0x0279, 0x1a79: 0x0369, 0x1a7a: 0x0289, 0x1a7b: 0x13d1,
+	0x1a7c: 0x0039, 0x1a7d: 0x0ee9, 0x1a7e: 0x1159, 0x1a7f: 0x0ef9,
+	// Block 0x6a, offset 0x1a80
+	0x1a80: 0x0f09, 0x1a81: 0x1199, 0x1a82: 0x0f31, 0x1a83: 0x0249, 0x1a84: 0x0f41, 0x1a85: 0x0259,
+	0x1a86: 0x0f51, 0x1a87: 0x0359, 0x1a88: 0x0f61, 0x1a89: 0x0f71, 0x1a8a: 0x00d9, 0x1a8b: 0x0f99,
+	0x1a8c: 0x2039, 0x1a8d: 0x0269, 0x1a8e: 0x01d9, 0x1a8f: 0x0fa9, 0x1a90: 0x0fb9, 0x1a91: 0x1089,
+	0x1a92: 0x0279, 0x1a93: 0x0369, 0x1a94: 0x0289, 0x1a95: 0x13d1, 0x1a96: 0x0039, 0x1a97: 0x0ee9,
+	0x1a98: 0x1159, 0x1a99: 0x0ef9, 0x1a9a: 0x0f09, 0x1a9b: 0x1199, 0x1a9c: 0x0f31, 0x1a9d: 0x0249,
+	0x1a9e: 0x0f41, 0x1a9f: 0x0259, 0x1aa0: 0x0f51, 0x1aa1: 0x0359, 0x1aa2: 0x0f61, 0x1aa3: 0x0f71,
+	0x1aa4: 0x00d9, 0x1aa5: 0x0f99, 0x1aa6: 0x2039, 0x1aa7: 0x0269, 0x1aa8: 0x01d9, 0x1aa9: 0x0fa9,
+	0x1aaa: 0x0fb9, 0x1aab: 0x1089, 0x1aac: 0x0279, 0x1aad: 0x0369, 0x1aae: 0x0289, 0x1aaf: 0x13d1,
+	0x1ab0: 0x0039, 0x1ab1: 0x0ee9, 0x1ab2: 0x1159, 0x1ab3: 0x0ef9, 0x1ab4: 0x0f09, 0x1ab5: 0x1199,
+	0x1ab6: 0x0f31, 0x1ab7: 0x0249, 0x1ab8: 0x0f41, 0x1ab9: 0x0259, 0x1aba: 0x0f51, 0x1abb: 0x0359,
+	0x1abc: 0x0f61, 0x1abd: 0x0f71, 0x1abe: 0x00d9, 0x1abf: 0x0f99,
+	// Block 0x6b, offset 0x1ac0
+	0x1ac0: 0x2039, 0x1ac1: 0x0269, 0x1ac2: 0x01d9, 0x1ac3: 0x0fa9, 0x1ac4: 0x0fb9, 0x1ac5: 0x1089,
+	0x1ac6: 0x0279, 0x1ac7: 0x0369, 0x1ac8: 0x0289, 0x1ac9: 0x13d1, 0x1aca: 0x0039, 0x1acb: 0x0ee9,
+	0x1acc: 0x1159, 0x1acd: 0x0ef9, 0x1ace: 0x0f09, 0x1acf: 0x1199, 0x1ad0: 0x0f31, 0x1ad1: 0x0249,
+	0x1ad2: 0x0f41, 0x1ad3: 0x0259, 0x1ad4: 0x0f51, 0x1ad5: 0x0359, 0x1ad6: 0x0f61, 0x1ad7: 0x0f71,
+	0x1ad8: 0x00d9, 0x1ad9: 0x0f99, 0x1ada: 0x2039, 0x1adb: 0x0269, 0x1adc: 0x01d9, 0x1add: 0x0fa9,
+	0x1ade: 0x0fb9, 0x1adf: 0x1089, 0x1ae0: 0x0279, 0x1ae1: 0x0369, 0x1ae2: 0x0289, 0x1ae3: 0x13d1,
+	0x1ae4: 0xba81, 0x1ae5: 0xba99, 0x1ae6: 0x0040, 0x1ae7: 0x0040, 0x1ae8: 0xbab1, 0x1ae9: 0x1099,
+	0x1aea: 0x10b1, 0x1aeb: 0x10c9, 0x1aec: 0xbac9, 0x1aed: 0xbae1, 0x1aee: 0xbaf9, 0x1aef: 0x1429,
+	0x1af0: 0x1a31, 0x1af1: 0xbb11, 0x1af2: 0xbb29, 0x1af3: 0xbb41, 0x1af4: 0xbb59, 0x1af5: 0xbb71,
+	0x1af6: 0xbb89, 0x1af7: 0x2109, 0x1af8: 0x1111, 0x1af9: 0x1429, 0x1afa: 0xbba1, 0x1afb: 0xbbb9,
+	0x1afc: 0xbbd1, 0x1afd: 0x10e1, 0x1afe: 0x10f9, 0x1aff: 0xbbe9,
+	// Block 0x6c, offset 0x1b00
+	0x1b00: 0x2079, 0x1b01: 0xbc01, 0x1b02: 0xbab1, 0x1b03: 0x1099, 0x1b04: 0x10b1, 0x1b05: 0x10c9,
+	0x1b06: 0xbac9, 0x1b07: 0xbae1, 0x1b08: 0xbaf9, 0x1b09: 0x1429, 0x1b0a: 0x1a31, 0x1b0b: 0xbb11,
+	0x1b0c: 0xbb29, 0x1b0d: 0xbb41, 0x1b0e: 0xbb59, 0x1b0f: 0xbb71, 0x1b10: 0xbb89, 0x1b11: 0x2109,
+	0x1b12: 0x1111, 0x1b13: 0xbba1, 0x1b14: 0xbba1, 0x1b15: 0xbbb9, 0x1b16: 0xbbd1, 0x1b17: 0x10e1,
+	0x1b18: 0x10f9, 0x1b19: 0xbbe9, 0x1b1a: 0x2079, 0x1b1b: 0xbc21, 0x1b1c: 0xbac9, 0x1b1d: 0x1429,
+	0x1b1e: 0xbb11, 0x1b1f: 0x10e1, 0x1b20: 0x1111, 0x1b21: 0x2109, 0x1b22: 0xbab1, 0x1b23: 0x1099,
+	0x1b24: 0x10b1, 0x1b25: 0x10c9, 0x1b26: 0xbac9, 0x1b27: 0xbae1, 0x1b28: 0xbaf9, 0x1b29: 0x1429,
+	0x1b2a: 0x1a31, 0x1b2b: 0xbb11, 0x1b2c: 0xbb29, 0x1b2d: 0xbb41, 0x1b2e: 0xbb59, 0x1b2f: 0xbb71,
+	0x1b30: 0xbb89, 0x1b31: 0x2109, 0x1b32: 0x1111, 0x1b33: 0x1429, 0x1b34: 0xbba1, 0x1b35: 0xbbb9,
+	0x1b36: 0xbbd1, 0x1b37: 0x10e1, 0x1b38: 0x10f9, 0x1b39: 0xbbe9, 0x1b3a: 0x2079, 0x1b3b: 0xbc01,
+	0x1b3c: 0xbab1, 0x1b3d: 0x1099, 0x1b3e: 0x10b1, 0x1b3f: 0x10c9,
+	// Block 0x6d, offset 0x1b40
+	0x1b40: 0xbac9, 0x1b41: 0xbae1, 0x1b42: 0xbaf9, 0x1b43: 0x1429, 0x1b44: 0x1a31, 0x1b45: 0xbb11,
+	0x1b46: 0xbb29, 0x1b47: 0xbb41, 0x1b48: 0xbb59, 0x1b49: 0xbb71, 0x1b4a: 0xbb89, 0x1b4b: 0x2109,
+	0x1b4c: 0x1111, 0x1b4d: 0xbba1, 0x1b4e: 0xbba1, 0x1b4f: 0xbbb9, 0x1b50: 0xbbd1, 0x1b51: 0x10e1,
+	0x1b52: 0x10f9, 0x1b53: 0xbbe9, 0x1b54: 0x2079, 0x1b55: 0xbc21, 0x1b56: 0xbac9, 0x1b57: 0x1429,
+	0x1b58: 0xbb11, 0x1b59: 0x10e1, 0x1b5a: 0x1111, 0x1b5b: 0x2109, 0x1b5c: 0xbab1, 0x1b5d: 0x1099,
+	0x1b5e: 0x10b1, 0x1b5f: 0x10c9, 0x1b60: 0xbac9, 0x1b61: 0xbae1, 0x1b62: 0xbaf9, 0x1b63: 0x1429,
+	0x1b64: 0x1a31, 0x1b65: 0xbb11, 0x1b66: 0xbb29, 0x1b67: 0xbb41, 0x1b68: 0xbb59, 0x1b69: 0xbb71,
+	0x1b6a: 0xbb89, 0x1b6b: 0x2109, 0x1b6c: 0x1111, 0x1b6d: 0x1429, 0x1b6e: 0xbba1, 0x1b6f: 0xbbb9,
+	0x1b70: 0xbbd1, 0x1b71: 0x10e1, 0x1b72: 0x10f9, 0x1b73: 0xbbe9, 0x1b74: 0x2079, 0x1b75: 0xbc01,
+	0x1b76: 0xbab1, 0x1b77: 0x1099, 0x1b78: 0x10b1, 0x1b79: 0x10c9, 0x1b7a: 0xbac9, 0x1b7b: 0xbae1,
+	0x1b7c: 0xbaf9, 0x1b7d: 0x1429, 0x1b7e: 0x1a31, 0x1b7f: 0xbb11,
+	// Block 0x6e, offset 0x1b80
+	0x1b80: 0xbb29, 0x1b81: 0xbb41, 0x1b82: 0xbb59, 0x1b83: 0xbb71, 0x1b84: 0xbb89, 0x1b85: 0x2109,
+	0x1b86: 0x1111, 0x1b87: 0xbba1, 0x1b88: 0xbba1, 0x1b89: 0xbbb9, 0x1b8a: 0xbbd1, 0x1b8b: 0x10e1,
+	0x1b8c: 0x10f9, 0x1b8d: 0xbbe9, 0x1b8e: 0x2079, 0x1b8f: 0xbc21, 0x1b90: 0xbac9, 0x1b91: 0x1429,
+	0x1b92: 0xbb11, 0x1b93: 0x10e1, 0x1b94: 0x1111, 0x1b95: 0x2109, 0x1b96: 0xbab1, 0x1b97: 0x1099,
+	0x1b98: 0x10b1, 0x1b99: 0x10c9, 0x1b9a: 0xbac9, 0x1b9b: 0xbae1, 0x1b9c: 0xbaf9, 0x1b9d: 0x1429,
+	0x1b9e: 0x1a31, 0x1b9f: 0xbb11, 0x1ba0: 0xbb29, 0x1ba1: 0xbb41, 0x1ba2: 0xbb59, 0x1ba3: 0xbb71,
+	0x1ba4: 0xbb89, 0x1ba5: 0x2109, 0x1ba6: 0x1111, 0x1ba7: 0x1429, 0x1ba8: 0xbba1, 0x1ba9: 0xbbb9,
+	0x1baa: 0xbbd1, 0x1bab: 0x10e1, 0x1bac: 0x10f9, 0x1bad: 0xbbe9, 0x1bae: 0x2079, 0x1baf: 0xbc01,
+	0x1bb0: 0xbab1, 0x1bb1: 0x1099, 0x1bb2: 0x10b1, 0x1bb3: 0x10c9, 0x1bb4: 0xbac9, 0x1bb5: 0xbae1,
+	0x1bb6: 0xbaf9, 0x1bb7: 0x1429, 0x1bb8: 0x1a31, 0x1bb9: 0xbb11, 0x1bba: 0xbb29, 0x1bbb: 0xbb41,
+	0x1bbc: 0xbb59, 0x1bbd: 0xbb71, 0x1bbe: 0xbb89, 0x1bbf: 0x2109,
+	// Block 0x6f, offset 0x1bc0
+	0x1bc0: 0x1111, 0x1bc1: 0xbba1, 0x1bc2: 0xbba1, 0x1bc3: 0xbbb9, 0x1bc4: 0xbbd1, 0x1bc5: 0x10e1,
+	0x1bc6: 0x10f9, 0x1bc7: 0xbbe9, 0x1bc8: 0x2079, 0x1bc9: 0xbc21, 0x1bca: 0xbac9, 0x1bcb: 0x1429,
+	0x1bcc: 0xbb11, 0x1bcd: 0x10e1, 0x1bce: 0x1111, 0x1bcf: 0x2109, 0x1bd0: 0xbab1, 0x1bd1: 0x1099,
+	0x1bd2: 0x10b1, 0x1bd3: 0x10c9, 0x1bd4: 0xbac9, 0x1bd5: 0xbae1, 0x1bd6: 0xbaf9, 0x1bd7: 0x1429,
+	0x1bd8: 0x1a31, 0x1bd9: 0xbb11, 0x1bda: 0xbb29, 0x1bdb: 0xbb41, 0x1bdc: 0xbb59, 0x1bdd: 0xbb71,
+	0x1bde: 0xbb89, 0x1bdf: 0x2109, 0x1be0: 0x1111, 0x1be1: 0x1429, 0x1be2: 0xbba1, 0x1be3: 0xbbb9,
+	0x1be4: 0xbbd1, 0x1be5: 0x10e1, 0x1be6: 0x10f9, 0x1be7: 0xbbe9, 0x1be8: 0x2079, 0x1be9: 0xbc01,
+	0x1bea: 0xbab1, 0x1beb: 0x1099, 0x1bec: 0x10b1, 0x1bed: 0x10c9, 0x1bee: 0xbac9, 0x1bef: 0xbae1,
+	0x1bf0: 0xbaf9, 0x1bf1: 0x1429, 0x1bf2: 0x1a31, 0x1bf3: 0xbb11, 0x1bf4: 0xbb29, 0x1bf5: 0xbb41,
+	0x1bf6: 0xbb59, 0x1bf7: 0xbb71, 0x1bf8: 0xbb89, 0x1bf9: 0x2109, 0x1bfa: 0x1111, 0x1bfb: 0xbba1,
+	0x1bfc: 0xbba1, 0x1bfd: 0xbbb9, 0x1bfe: 0xbbd1, 0x1bff: 0x10e1,
+	// Block 0x70, offset 0x1c00
+	0x1c00: 0x10f9, 0x1c01: 0xbbe9, 0x1c02: 0x2079, 0x1c03: 0xbc21, 0x1c04: 0xbac9, 0x1c05: 0x1429,
+	0x1c06: 0xbb11, 0x1c07: 0x10e1, 0x1c08: 0x1111, 0x1c09: 0x2109, 0x1c0a: 0xbc41, 0x1c0b: 0xbc41,
+	0x1c0c: 0x0040, 0x1c0d: 0x0040, 0x1c0e: 0x1f41, 0x1c0f: 0x00c9, 0x1c10: 0x0069, 0x1c11: 0x0079,
+	0x1c12: 0x1f51, 0x1c13: 0x1f61, 0x1c14: 0x1f71, 0x1c15: 0x1f81, 0x1c16: 0x1f91, 0x1c17: 0x1fa1,
+	0x1c18: 0x1f41, 0x1c19: 0x00c9, 0x1c1a: 0x0069, 0x1c1b: 0x0079, 0x1c1c: 0x1f51, 0x1c1d: 0x1f61,
+	0x1c1e: 0x1f71, 0x1c1f: 0x1f81, 0x1c20: 0x1f91, 0x1c21: 0x1fa1, 0x1c22: 0x1f41, 0x1c23: 0x00c9,
+	0x1c24: 0x0069, 0x1c25: 0x0079, 0x1c26: 0x1f51, 0x1c27: 0x1f61, 0x1c28: 0x1f71, 0x1c29: 0x1f81,
+	0x1c2a: 0x1f91, 0x1c2b: 0x1fa1, 0x1c2c: 0x1f41, 0x1c2d: 0x00c9, 0x1c2e: 0x0069, 0x1c2f: 0x0079,
+	0x1c30: 0x1f51, 0x1c31: 0x1f61, 0x1c32: 0x1f71, 0x1c33: 0x1f81, 0x1c34: 0x1f91, 0x1c35: 0x1fa1,
+	0x1c36: 0x1f41, 0x1c37: 0x00c9, 0x1c38: 0x0069, 0x1c39: 0x0079, 0x1c3a: 0x1f51, 0x1c3b: 0x1f61,
+	0x1c3c: 0x1f71, 0x1c3d: 0x1f81, 0x1c3e: 0x1f91, 0x1c3f: 0x1fa1,
+	// Block 0x71, offset 0x1c40
+	0x1c40: 0xe115, 0x1c41: 0xe115, 0x1c42: 0xe135, 0x1c43: 0xe135, 0x1c44: 0xe115, 0x1c45: 0xe115,
+	0x1c46: 0xe175, 0x1c47: 0xe175, 0x1c48: 0xe115, 0x1c49: 0xe115, 0x1c4a: 0xe135, 0x1c4b: 0xe135,
+	0x1c4c: 0xe115, 0x1c4d: 0xe115, 0x1c4e: 0xe1f5, 0x1c4f: 0xe1f5, 0x1c50: 0xe115, 0x1c51: 0xe115,
+	0x1c52: 0xe135, 0x1c53: 0xe135, 0x1c54: 0xe115, 0x1c55: 0xe115, 0x1c56: 0xe175, 0x1c57: 0xe175,
+	0x1c58: 0xe115, 0x1c59: 0xe115, 0x1c5a: 0xe135, 0x1c5b: 0xe135, 0x1c5c: 0xe115, 0x1c5d: 0xe115,
+	0x1c5e: 0x8b05, 0x1c5f: 0x8b05, 0x1c60: 0x04b5, 0x1c61: 0x04b5, 0x1c62: 0x0a08, 0x1c63: 0x0a08,
+	0x1c64: 0x0a08, 0x1c65: 0x0a08, 0x1c66: 0x0a08, 0x1c67: 0x0a08, 0x1c68: 0x0a08, 0x1c69: 0x0a08,
+	0x1c6a: 0x0a08, 0x1c6b: 0x0a08, 0x1c6c: 0x0a08, 0x1c6d: 0x0a08, 0x1c6e: 0x0a08, 0x1c6f: 0x0a08,
+	0x1c70: 0x0a08, 0x1c71: 0x0a08, 0x1c72: 0x0a08, 0x1c73: 0x0a08, 0x1c74: 0x0a08, 0x1c75: 0x0a08,
+	0x1c76: 0x0a08, 0x1c77: 0x0a08, 0x1c78: 0x0a08, 0x1c79: 0x0a08, 0x1c7a: 0x0a08, 0x1c7b: 0x0a08,
+	0x1c7c: 0x0a08, 0x1c7d: 0x0a08, 0x1c7e: 0x0a08, 0x1c7f: 0x0a08,
+	// Block 0x72, offset 0x1c80
+	0x1c80: 0xb189, 0x1c81: 0xb1a1, 0x1c82: 0xb201, 0x1c83: 0xb249, 0x1c84: 0x0040, 0x1c85: 0xb411,
+	0x1c86: 0xb291, 0x1c87: 0xb219, 0x1c88: 0xb309, 0x1c89: 0xb429, 0x1c8a: 0xb399, 0x1c8b: 0xb3b1,
+	0x1c8c: 0xb3c9, 0x1c8d: 0xb3e1, 0x1c8e: 0xb2a9, 0x1c8f: 0xb339, 0x1c90: 0xb369, 0x1c91: 0xb2d9,
+	0x1c92: 0xb381, 0x1c93: 0xb279, 0x1c94: 0xb2c1, 0x1c95: 0xb1d1, 0x1c96: 0xb1e9, 0x1c97: 0xb231,
+	0x1c98: 0xb261, 0x1c99: 0xb2f1, 0x1c9a: 0xb321, 0x1c9b: 0xb351, 0x1c9c: 0xbc59, 0x1c9d: 0x7949,
+	0x1c9e: 0xbc71, 0x1c9f: 0xbc89, 0x1ca0: 0x0040, 0x1ca1: 0xb1a1, 0x1ca2: 0xb201, 0x1ca3: 0x0040,
+	0x1ca4: 0xb3f9, 0x1ca5: 0x0040, 0x1ca6: 0x0040, 0x1ca7: 0xb219, 0x1ca8: 0x0040, 0x1ca9: 0xb429,
+	0x1caa: 0xb399, 0x1cab: 0xb3b1, 0x1cac: 0xb3c9, 0x1cad: 0xb3e1, 0x1cae: 0xb2a9, 0x1caf: 0xb339,
+	0x1cb0: 0xb369, 0x1cb1: 0xb2d9, 0x1cb2: 0xb381, 0x1cb3: 0x0040, 0x1cb4: 0xb2c1, 0x1cb5: 0xb1d1,
+	0x1cb6: 0xb1e9, 0x1cb7: 0xb231, 0x1cb8: 0x0040, 0x1cb9: 0xb2f1, 0x1cba: 0x0040, 0x1cbb: 0xb351,
+	0x1cbc: 0x0040, 0x1cbd: 0x0040, 0x1cbe: 0x0040, 0x1cbf: 0x0040,
+	// Block 0x73, offset 0x1cc0
+	0x1cc0: 0x0040, 0x1cc1: 0x0040, 0x1cc2: 0xb201, 0x1cc3: 0x0040, 0x1cc4: 0x0040, 0x1cc5: 0x0040,
+	0x1cc6: 0x0040, 0x1cc7: 0xb219, 0x1cc8: 0x0040, 0x1cc9: 0xb429, 0x1cca: 0x0040, 0x1ccb: 0xb3b1,
+	0x1ccc: 0x0040, 0x1ccd: 0xb3e1, 0x1cce: 0xb2a9, 0x1ccf: 0xb339, 0x1cd0: 0x0040, 0x1cd1: 0xb2d9,
+	0x1cd2: 0xb381, 0x1cd3: 0x0040, 0x1cd4: 0xb2c1, 0x1cd5: 0x0040, 0x1cd6: 0x0040, 0x1cd7: 0xb231,
+	0x1cd8: 0x0040, 0x1cd9: 0xb2f1, 0x1cda: 0x0040, 0x1cdb: 0xb351, 0x1cdc: 0x0040, 0x1cdd: 0x7949,
+	0x1cde: 0x0040, 0x1cdf: 0xbc89, 0x1ce0: 0x0040, 0x1ce1: 0xb1a1, 0x1ce2: 0xb201, 0x1ce3: 0x0040,
+	0x1ce4: 0xb3f9, 0x1ce5: 0x0040, 0x1ce6: 0x0040, 0x1ce7: 0xb219, 0x1ce8: 0xb309, 0x1ce9: 0xb429,
+	0x1cea: 0xb399, 0x1ceb: 0x0040, 0x1cec: 0xb3c9, 0x1ced: 0xb3e1, 0x1cee: 0xb2a9, 0x1cef: 0xb339,
+	0x1cf0: 0xb369, 0x1cf1: 0xb2d9, 0x1cf2: 0xb381, 0x1cf3: 0x0040, 0x1cf4: 0xb2c1, 0x1cf5: 0xb1d1,
+	0x1cf6: 0xb1e9, 0x1cf7: 0xb231, 0x1cf8: 0x0040, 0x1cf9: 0xb2f1, 0x1cfa: 0xb321, 0x1cfb: 0xb351,
+	0x1cfc: 0xbc59, 0x1cfd: 0x0040, 0x1cfe: 0xbc71, 0x1cff: 0x0040,
+	// Block 0x74, offset 0x1d00
+	0x1d00: 0xb189, 0x1d01: 0xb1a1, 0x1d02: 0xb201, 0x1d03: 0xb249, 0x1d04: 0xb3f9, 0x1d05: 0xb411,
+	0x1d06: 0xb291, 0x1d07: 0xb219, 0x1d08: 0xb309, 0x1d09: 0xb429, 0x1d0a: 0x0040, 0x1d0b: 0xb3b1,
+	0x1d0c: 0xb3c9, 0x1d0d: 0xb3e1, 0x1d0e: 0xb2a9, 0x1d0f: 0xb339, 0x1d10: 0xb369, 0x1d11: 0xb2d9,
+	0x1d12: 0xb381, 0x1d13: 0xb279, 0x1d14: 0xb2c1, 0x1d15: 0xb1d1, 0x1d16: 0xb1e9, 0x1d17: 0xb231,
+	0x1d18: 0xb261, 0x1d19: 0xb2f1, 0x1d1a: 0xb321, 0x1d1b: 0xb351, 0x1d1c: 0x0040, 0x1d1d: 0x0040,
+	0x1d1e: 0x0040, 0x1d1f: 0x0040, 0x1d20: 0x0040, 0x1d21: 0xb1a1, 0x1d22: 0xb201, 0x1d23: 0xb249,
+	0x1d24: 0x0040, 0x1d25: 0xb411, 0x1d26: 0xb291, 0x1d27: 0xb219, 0x1d28: 0xb309, 0x1d29: 0xb429,
+	0x1d2a: 0x0040, 0x1d2b: 0xb3b1, 0x1d2c: 0xb3c9, 0x1d2d: 0xb3e1, 0x1d2e: 0xb2a9, 0x1d2f: 0xb339,
+	0x1d30: 0xb369, 0x1d31: 0xb2d9, 0x1d32: 0xb381, 0x1d33: 0xb279, 0x1d34: 0xb2c1, 0x1d35: 0xb1d1,
+	0x1d36: 0xb1e9, 0x1d37: 0xb231, 0x1d38: 0xb261, 0x1d39: 0xb2f1, 0x1d3a: 0xb321, 0x1d3b: 0xb351,
+	0x1d3c: 0x0040, 0x1d3d: 0x0040, 0x1d3e: 0x0040, 0x1d3f: 0x0040,
+	// Block 0x75, offset 0x1d40
+	0x1d40: 0x0040, 0x1d41: 0xbca2, 0x1d42: 0xbcba, 0x1d43: 0xbcd2, 0x1d44: 0xbcea, 0x1d45: 0xbd02,
+	0x1d46: 0xbd1a, 0x1d47: 0xbd32, 0x1d48: 0xbd4a, 0x1d49: 0xbd62, 0x1d4a: 0xbd7a, 0x1d4b: 0x0018,
+	0x1d4c: 0x0018, 0x1d4d: 0x0040, 0x1d4e: 0x0040, 0x1d4f: 0x0040, 0x1d50: 0xbd92, 0x1d51: 0xbdb2,
+	0x1d52: 0xbdd2, 0x1d53: 0xbdf2, 0x1d54: 0xbe12, 0x1d55: 0xbe32, 0x1d56: 0xbe52, 0x1d57: 0xbe72,
+	0x1d58: 0xbe92, 0x1d59: 0xbeb2, 0x1d5a: 0xbed2, 0x1d5b: 0xbef2, 0x1d5c: 0xbf12, 0x1d5d: 0xbf32,
+	0x1d5e: 0xbf52, 0x1d5f: 0xbf72, 0x1d60: 0xbf92, 0x1d61: 0xbfb2, 0x1d62: 0xbfd2, 0x1d63: 0xbff2,
+	0x1d64: 0xc012, 0x1d65: 0xc032, 0x1d66: 0xc052, 0x1d67: 0xc072, 0x1d68: 0xc092, 0x1d69: 0xc0b2,
+	0x1d6a: 0xc0d1, 0x1d6b: 0x1159, 0x1d6c: 0x0269, 0x1d6d: 0x6671, 0x1d6e: 0xc111, 0x1d6f: 0x0018,
+	0x1d70: 0x0039, 0x1d71: 0x0ee9, 0x1d72: 0x1159, 0x1d73: 0x0ef9, 0x1d74: 0x0f09, 0x1d75: 0x1199,
+	0x1d76: 0x0f31, 0x1d77: 0x0249, 0x1d78: 0x0f41, 0x1d79: 0x0259, 0x1d7a: 0x0f51, 0x1d7b: 0x0359,
+	0x1d7c: 0x0f61, 0x1d7d: 0x0f71, 0x1d7e: 0x00d9, 0x1d7f: 0x0f99,
+	// Block 0x76, offset 0x1d80
+	0x1d80: 0x2039, 0x1d81: 0x0269, 0x1d82: 0x01d9, 0x1d83: 0x0fa9, 0x1d84: 0x0fb9, 0x1d85: 0x1089,
+	0x1d86: 0x0279, 0x1d87: 0x0369, 0x1d88: 0x0289, 0x1d89: 0x13d1, 0x1d8a: 0xc129, 0x1d8b: 0x65b1,
+	0x1d8c: 0xc141, 0x1d8d: 0x1441, 0x1d8e: 0xc159, 0x1d8f: 0xc179, 0x1d90: 0x0018, 0x1d91: 0x0018,
+	0x1d92: 0x0018, 0x1d93: 0x0018, 0x1d94: 0x0018, 0x1d95: 0x0018, 0x1d96: 0x0018, 0x1d97: 0x0018,
+	0x1d98: 0x0018, 0x1d99: 0x0018, 0x1d9a: 0x0018, 0x1d9b: 0x0018, 0x1d9c: 0x0018, 0x1d9d: 0x0018,
+	0x1d9e: 0x0018, 0x1d9f: 0x0018, 0x1da0: 0x0018, 0x1da1: 0x0018, 0x1da2: 0x0018, 0x1da3: 0x0018,
+	0x1da4: 0x0018, 0x1da5: 0x0018, 0x1da6: 0x0018, 0x1da7: 0x0018, 0x1da8: 0x0018, 0x1da9: 0x0018,
+	0x1daa: 0xc191, 0x1dab: 0xc1a9, 0x1dac: 0x0040, 0x1dad: 0x0040, 0x1dae: 0x0040, 0x1daf: 0x0040,
+	0x1db0: 0x0018, 0x1db1: 0x0018, 0x1db2: 0x0018, 0x1db3: 0x0018, 0x1db4: 0x0018, 0x1db5: 0x0018,
+	0x1db6: 0x0018, 0x1db7: 0x0018, 0x1db8: 0x0018, 0x1db9: 0x0018, 0x1dba: 0x0018, 0x1dbb: 0x0018,
+	0x1dbc: 0x0018, 0x1dbd: 0x0018, 0x1dbe: 0x0018, 0x1dbf: 0x0018,
+	// Block 0x77, offset 0x1dc0
+	0x1dc0: 0xc1d9, 0x1dc1: 0xc211, 0x1dc2: 0xc249, 0x1dc3: 0x0040, 0x1dc4: 0x0040, 0x1dc5: 0x0040,
+	0x1dc6: 0x0040, 0x1dc7: 0x0040, 0x1dc8: 0x0040, 0x1dc9: 0x0040, 0x1dca: 0x0040, 0x1dcb: 0x0040,
+	0x1dcc: 0x0040, 0x1dcd: 0x0040, 0x1dce: 0x0040, 0x1dcf: 0x0040, 0x1dd0: 0xc269, 0x1dd1: 0xc289,
+	0x1dd2: 0xc2a9, 0x1dd3: 0xc2c9, 0x1dd4: 0xc2e9, 0x1dd5: 0xc309, 0x1dd6: 0xc329, 0x1dd7: 0xc349,
+	0x1dd8: 0xc369, 0x1dd9: 0xc389, 0x1dda: 0xc3a9, 0x1ddb: 0xc3c9, 0x1ddc: 0xc3e9, 0x1ddd: 0xc409,
+	0x1dde: 0xc429, 0x1ddf: 0xc449, 0x1de0: 0xc469, 0x1de1: 0xc489, 0x1de2: 0xc4a9, 0x1de3: 0xc4c9,
+	0x1de4: 0xc4e9, 0x1de5: 0xc509, 0x1de6: 0xc529, 0x1de7: 0xc549, 0x1de8: 0xc569, 0x1de9: 0xc589,
+	0x1dea: 0xc5a9, 0x1deb: 0xc5c9, 0x1dec: 0xc5e9, 0x1ded: 0xc609, 0x1dee: 0xc629, 0x1def: 0xc649,
+	0x1df0: 0xc669, 0x1df1: 0xc689, 0x1df2: 0xc6a9, 0x1df3: 0xc6c9, 0x1df4: 0xc6e9, 0x1df5: 0xc709,
+	0x1df6: 0xc729, 0x1df7: 0xc749, 0x1df8: 0xc769, 0x1df9: 0xc789, 0x1dfa: 0xc7a9, 0x1dfb: 0xc7c9,
+	0x1dfc: 0x0040, 0x1dfd: 0x0040, 0x1dfe: 0x0040, 0x1dff: 0x0040,
+	// Block 0x78, offset 0x1e00
+	0x1e00: 0xcaf9, 0x1e01: 0xcb19, 0x1e02: 0xcb39, 0x1e03: 0x8b1d, 0x1e04: 0xcb59, 0x1e05: 0xcb79,
+	0x1e06: 0xcb99, 0x1e07: 0xcbb9, 0x1e08: 0xcbd9, 0x1e09: 0xcbf9, 0x1e0a: 0xcc19, 0x1e0b: 0xcc39,
+	0x1e0c: 0xcc59, 0x1e0d: 0x8b3d, 0x1e0e: 0xcc79, 0x1e0f: 0xcc99, 0x1e10: 0xccb9, 0x1e11: 0xccd9,
+	0x1e12: 0x8b5d, 0x1e13: 0xccf9, 0x1e14: 0xcd19, 0x1e15: 0xc429, 0x1e16: 0x8b7d, 0x1e17: 0xcd39,
+	0x1e18: 0xcd59, 0x1e19: 0xcd79, 0x1e1a: 0xcd99, 0x1e1b: 0xcdb9, 0x1e1c: 0x8b9d, 0x1e1d: 0xcdd9,
+	0x1e1e: 0xcdf9, 0x1e1f: 0xce19, 0x1e20: 0xce39, 0x1e21: 0xce59, 0x1e22: 0xc789, 0x1e23: 0xce79,
+	0x1e24: 0xce99, 0x1e25: 0xceb9, 0x1e26: 0xced9, 0x1e27: 0xcef9, 0x1e28: 0xcf19, 0x1e29: 0xcf39,
+	0x1e2a: 0xcf59, 0x1e2b: 0xcf79, 0x1e2c: 0xcf99, 0x1e2d: 0xcfb9, 0x1e2e: 0xcfd9, 0x1e2f: 0xcff9,
+	0x1e30: 0xd019, 0x1e31: 0xd039, 0x1e32: 0xd039, 0x1e33: 0xd039, 0x1e34: 0x8bbd, 0x1e35: 0xd059,
+	0x1e36: 0xd079, 0x1e37: 0xd099, 0x1e38: 0x8bdd, 0x1e39: 0xd0b9, 0x1e3a: 0xd0d9, 0x1e3b: 0xd0f9,
+	0x1e3c: 0xd119, 0x1e3d: 0xd139, 0x1e3e: 0xd159, 0x1e3f: 0xd179,
+	// Block 0x79, offset 0x1e40
+	0x1e40: 0xd199, 0x1e41: 0xd1b9, 0x1e42: 0xd1d9, 0x1e43: 0xd1f9, 0x1e44: 0xd219, 0x1e45: 0xd239,
+	0x1e46: 0xd239, 0x1e47: 0xd259, 0x1e48: 0xd279, 0x1e49: 0xd299, 0x1e4a: 0xd2b9, 0x1e4b: 0xd2d9,
+	0x1e4c: 0xd2f9, 0x1e4d: 0xd319, 0x1e4e: 0xd339, 0x1e4f: 0xd359, 0x1e50: 0xd379, 0x1e51: 0xd399,
+	0x1e52: 0xd3b9, 0x1e53: 0xd3d9, 0x1e54: 0xd3f9, 0x1e55: 0xd419, 0x1e56: 0xd439, 0x1e57: 0xd459,
+	0x1e58: 0xd479, 0x1e59: 0x8bfd, 0x1e5a: 0xd499, 0x1e5b: 0xd4b9, 0x1e5c: 0xd4d9, 0x1e5d: 0xc309,
+	0x1e5e: 0xd4f9, 0x1e5f: 0xd519, 0x1e60: 0x8c1d, 0x1e61: 0x8c3d, 0x1e62: 0xd539, 0x1e63: 0xd559,
+	0x1e64: 0xd579, 0x1e65: 0xd599, 0x1e66: 0xd5b9, 0x1e67: 0xd5d9, 0x1e68: 0x2040, 0x1e69: 0xd5f9,
+	0x1e6a: 0xd619, 0x1e6b: 0xd619, 0x1e6c: 0x8c5d, 0x1e6d: 0xd639, 0x1e6e: 0xd659, 0x1e6f: 0xd679,
+	0x1e70: 0xd699, 0x1e71: 0x8c7d, 0x1e72: 0xd6b9, 0x1e73: 0xd6d9, 0x1e74: 0x2040, 0x1e75: 0xd6f9,
+	0x1e76: 0xd719, 0x1e77: 0xd739, 0x1e78: 0xd759, 0x1e79: 0xd779, 0x1e7a: 0xd799, 0x1e7b: 0x8c9d,
+	0x1e7c: 0xd7b9, 0x1e7d: 0x8cbd, 0x1e7e: 0xd7d9, 0x1e7f: 0xd7f9,
+	// Block 0x7a, offset 0x1e80
+	0x1e80: 0xd819, 0x1e81: 0xd839, 0x1e82: 0xd859, 0x1e83: 0xd879, 0x1e84: 0xd899, 0x1e85: 0xd8b9,
+	0x1e86: 0xd8d9, 0x1e87: 0xd8f9, 0x1e88: 0xd919, 0x1e89: 0x8cdd, 0x1e8a: 0xd939, 0x1e8b: 0xd959,
+	0x1e8c: 0xd979, 0x1e8d: 0xd999, 0x1e8e: 0xd9b9, 0x1e8f: 0x8cfd, 0x1e90: 0xd9d9, 0x1e91: 0x8d1d,
+	0x1e92: 0x8d3d, 0x1e93: 0xd9f9, 0x1e94: 0xda19, 0x1e95: 0xda19, 0x1e96: 0xda39, 0x1e97: 0x8d5d,
+	0x1e98: 0x8d7d, 0x1e99: 0xda59, 0x1e9a: 0xda79, 0x1e9b: 0xda99, 0x1e9c: 0xdab9, 0x1e9d: 0xdad9,
+	0x1e9e: 0xdaf9, 0x1e9f: 0xdb19, 0x1ea0: 0xdb39, 0x1ea1: 0xdb59, 0x1ea2: 0xdb79, 0x1ea3: 0xdb99,
+	0x1ea4: 0x8d9d, 0x1ea5: 0xdbb9, 0x1ea6: 0xdbd9, 0x1ea7: 0xdbf9, 0x1ea8: 0xdc19, 0x1ea9: 0xdbf9,
+	0x1eaa: 0xdc39, 0x1eab: 0xdc59, 0x1eac: 0xdc79, 0x1ead: 0xdc99, 0x1eae: 0xdcb9, 0x1eaf: 0xdcd9,
+	0x1eb0: 0xdcf9, 0x1eb1: 0xdd19, 0x1eb2: 0xdd39, 0x1eb3: 0xdd59, 0x1eb4: 0xdd79, 0x1eb5: 0xdd99,
+	0x1eb6: 0xddb9, 0x1eb7: 0xddd9, 0x1eb8: 0x8dbd, 0x1eb9: 0xddf9, 0x1eba: 0xde19, 0x1ebb: 0xde39,
+	0x1ebc: 0xde59, 0x1ebd: 0xde79, 0x1ebe: 0x8ddd, 0x1ebf: 0xde99,
+	// Block 0x7b, offset 0x1ec0
+	0x1ec0: 0xe599, 0x1ec1: 0xe5b9, 0x1ec2: 0xe5d9, 0x1ec3: 0xe5f9, 0x1ec4: 0xe619, 0x1ec5: 0xe639,
+	0x1ec6: 0x8efd, 0x1ec7: 0xe659, 0x1ec8: 0xe679, 0x1ec9: 0xe699, 0x1eca: 0xe6b9, 0x1ecb: 0xe6d9,
+	0x1ecc: 0xe6f9, 0x1ecd: 0x8f1d, 0x1ece: 0xe719, 0x1ecf: 0xe739, 0x1ed0: 0x8f3d, 0x1ed1: 0x8f5d,
+	0x1ed2: 0xe759, 0x1ed3: 0xe779, 0x1ed4: 0xe799, 0x1ed5: 0xe7b9, 0x1ed6: 0xe7d9, 0x1ed7: 0xe7f9,
+	0x1ed8: 0xe819, 0x1ed9: 0xe839, 0x1eda: 0xe859, 0x1edb: 0x8f7d, 0x1edc: 0xe879, 0x1edd: 0x8f9d,
+	0x1ede: 0xe899, 0x1edf: 0x2040, 0x1ee0: 0xe8b9, 0x1ee1: 0xe8d9, 0x1ee2: 0xe8f9, 0x1ee3: 0x8fbd,
+	0x1ee4: 0xe919, 0x1ee5: 0xe939, 0x1ee6: 0x8fdd, 0x1ee7: 0x8ffd, 0x1ee8: 0xe959, 0x1ee9: 0xe979,
+	0x1eea: 0xe999, 0x1eeb: 0xe9b9, 0x1eec: 0xe9d9, 0x1eed: 0xe9d9, 0x1eee: 0xe9f9, 0x1eef: 0xea19,
+	0x1ef0: 0xea39, 0x1ef1: 0xea59, 0x1ef2: 0xea79, 0x1ef3: 0xea99, 0x1ef4: 0xeab9, 0x1ef5: 0x901d,
+	0x1ef6: 0xead9, 0x1ef7: 0x903d, 0x1ef8: 0xeaf9, 0x1ef9: 0x905d, 0x1efa: 0xeb19, 0x1efb: 0x907d,
+	0x1efc: 0x909d, 0x1efd: 0x90bd, 0x1efe: 0xeb39, 0x1eff: 0xeb59,
+	// Block 0x7c, offset 0x1f00
+	0x1f00: 0xeb79, 0x1f01: 0x90dd, 0x1f02: 0x90fd, 0x1f03: 0x911d, 0x1f04: 0x913d, 0x1f05: 0xeb99,
+	0x1f06: 0xebb9, 0x1f07: 0xebb9, 0x1f08: 0xebd9, 0x1f09: 0xebf9, 0x1f0a: 0xec19, 0x1f0b: 0xec39,
+	0x1f0c: 0xec59, 0x1f0d: 0x915d, 0x1f0e: 0xec79, 0x1f0f: 0xec99, 0x1f10: 0xecb9, 0x1f11: 0xecd9,
+	0x1f12: 0x917d, 0x1f13: 0xecf9, 0x1f14: 0x919d, 0x1f15: 0x91bd, 0x1f16: 0xed19, 0x1f17: 0xed39,
+	0x1f18: 0xed59, 0x1f19: 0xed79, 0x1f1a: 0xed99, 0x1f1b: 0xedb9, 0x1f1c: 0x91dd, 0x1f1d: 0x91fd,
+	0x1f1e: 0x921d, 0x1f1f: 0x2040, 0x1f20: 0xedd9, 0x1f21: 0x923d, 0x1f22: 0xedf9, 0x1f23: 0xee19,
+	0x1f24: 0xee39, 0x1f25: 0x925d, 0x1f26: 0xee59, 0x1f27: 0xee79, 0x1f28: 0xee99, 0x1f29: 0xeeb9,
+	0x1f2a: 0xeed9, 0x1f2b: 0x927d, 0x1f2c: 0xeef9, 0x1f2d: 0xef19, 0x1f2e: 0xef39, 0x1f2f: 0xef59,
+	0x1f30: 0xef79, 0x1f31: 0xef99, 0x1f32: 0x929d, 0x1f33: 0x92bd, 0x1f34: 0xefb9, 0x1f35: 0x92dd,
+	0x1f36: 0xefd9, 0x1f37: 0x92fd, 0x1f38: 0xeff9, 0x1f39: 0xf019, 0x1f3a: 0xf039, 0x1f3b: 0x931d,
+	0x1f3c: 0x933d, 0x1f3d: 0xf059, 0x1f3e: 0x935d, 0x1f3f: 0xf079,
+	// Block 0x7d, offset 0x1f40
+	0x1f40: 0xf6b9, 0x1f41: 0xf6d9, 0x1f42: 0xf6f9, 0x1f43: 0xf719, 0x1f44: 0xf739, 0x1f45: 0x951d,
+	0x1f46: 0xf759, 0x1f47: 0xf779, 0x1f48: 0xf799, 0x1f49: 0xf7b9, 0x1f4a: 0xf7d9, 0x1f4b: 0x953d,
+	0x1f4c: 0x955d, 0x1f4d: 0xf7f9, 0x1f4e: 0xf819, 0x1f4f: 0xf839, 0x1f50: 0xf859, 0x1f51: 0xf879,
+	0x1f52: 0xf899, 0x1f53: 0x957d, 0x1f54: 0xf8b9, 0x1f55: 0xf8d9, 0x1f56: 0xf8f9, 0x1f57: 0xf919,
+	0x1f58: 0x959d, 0x1f59: 0x95bd, 0x1f5a: 0xf939, 0x1f5b: 0xf959, 0x1f5c: 0xf979, 0x1f5d: 0x95dd,
+	0x1f5e: 0xf999, 0x1f5f: 0xf9b9, 0x1f60: 0x6815, 0x1f61: 0x95fd, 0x1f62: 0xf9d9, 0x1f63: 0xf9f9,
+	0x1f64: 0xfa19, 0x1f65: 0x961d, 0x1f66: 0xfa39, 0x1f67: 0xfa59, 0x1f68: 0xfa79, 0x1f69: 0xfa99,
+	0x1f6a: 0xfab9, 0x1f6b: 0xfad9, 0x1f6c: 0xfaf9, 0x1f6d: 0x963d, 0x1f6e: 0xfb19, 0x1f6f: 0xfb39,
+	0x1f70: 0xfb59, 0x1f71: 0x965d, 0x1f72: 0xfb79, 0x1f73: 0xfb99, 0x1f74: 0xfbb9, 0x1f75: 0xfbd9,
+	0x1f76: 0x7b35, 0x1f77: 0x967d, 0x1f78: 0xfbf9, 0x1f79: 0xfc19, 0x1f7a: 0xfc39, 0x1f7b: 0x969d,
+	0x1f7c: 0xfc59, 0x1f7d: 0x96bd, 0x1f7e: 0xfc79, 0x1f7f: 0xfc79,
+	// Block 0x7e, offset 0x1f80
+	0x1f80: 0xfc99, 0x1f81: 0x96dd, 0x1f82: 0xfcb9, 0x1f83: 0xfcd9, 0x1f84: 0xfcf9, 0x1f85: 0xfd19,
+	0x1f86: 0xfd39, 0x1f87: 0xfd59, 0x1f88: 0xfd79, 0x1f89: 0x96fd, 0x1f8a: 0xfd99, 0x1f8b: 0xfdb9,
+	0x1f8c: 0xfdd9, 0x1f8d: 0xfdf9, 0x1f8e: 0xfe19, 0x1f8f: 0xfe39, 0x1f90: 0x971d, 0x1f91: 0xfe59,
+	0x1f92: 0x973d, 0x1f93: 0x975d, 0x1f94: 0x977d, 0x1f95: 0xfe79, 0x1f96: 0xfe99, 0x1f97: 0xfeb9,
+	0x1f98: 0xfed9, 0x1f99: 0xfef9, 0x1f9a: 0xff19, 0x1f9b: 0xff39, 0x1f9c: 0xff59, 0x1f9d: 0x979d,
+	0x1f9e: 0x0040, 0x1f9f: 0x0040, 0x1fa0: 0x0040, 0x1fa1: 0x0040, 0x1fa2: 0x0040, 0x1fa3: 0x0040,
+	0x1fa4: 0x0040, 0x1fa5: 0x0040, 0x1fa6: 0x0040, 0x1fa7: 0x0040, 0x1fa8: 0x0040, 0x1fa9: 0x0040,
+	0x1faa: 0x0040, 0x1fab: 0x0040, 0x1fac: 0x0040, 0x1fad: 0x0040, 0x1fae: 0x0040, 0x1faf: 0x0040,
+	0x1fb0: 0x0040, 0x1fb1: 0x0040, 0x1fb2: 0x0040, 0x1fb3: 0x0040, 0x1fb4: 0x0040, 0x1fb5: 0x0040,
+	0x1fb6: 0x0040, 0x1fb7: 0x0040, 0x1fb8: 0x0040, 0x1fb9: 0x0040, 0x1fba: 0x0040, 0x1fbb: 0x0040,
+	0x1fbc: 0x0040, 0x1fbd: 0x0040, 0x1fbe: 0x0040, 0x1fbf: 0x0040,
+}
+
+// idnaIndex: 36 blocks, 2304 entries, 4608 bytes
+// Block 0 is the zero block.
+var idnaIndex = [2304]uint16{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x01, 0xc3: 0x7d, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x04, 0xc7: 0x05,
+	0xc8: 0x06, 0xc9: 0x7e, 0xca: 0x7f, 0xcb: 0x07, 0xcc: 0x80, 0xcd: 0x08, 0xce: 0x09, 0xcf: 0x0a,
+	0xd0: 0x81, 0xd1: 0x0b, 0xd2: 0x0c, 0xd3: 0x0d, 0xd4: 0x0e, 0xd5: 0x82, 0xd6: 0x83, 0xd7: 0x84,
+	0xd8: 0x0f, 0xd9: 0x10, 0xda: 0x85, 0xdb: 0x11, 0xdc: 0x12, 0xdd: 0x86, 0xde: 0x87, 0xdf: 0x88,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06, 0xe5: 0x07, 0xe6: 0x07, 0xe7: 0x07,
+	0xe8: 0x07, 0xe9: 0x08, 0xea: 0x09, 0xeb: 0x07, 0xec: 0x07, 0xed: 0x0a, 0xee: 0x0b, 0xef: 0x0c,
+	0xf0: 0x1d, 0xf1: 0x1e, 0xf2: 0x1e, 0xf3: 0x20, 0xf4: 0x21,
+	// Block 0x4, offset 0x100
+	0x120: 0x89, 0x121: 0x13, 0x122: 0x8a, 0x123: 0x8b, 0x124: 0x8c, 0x125: 0x14, 0x126: 0x15, 0x127: 0x16,
+	0x128: 0x17, 0x129: 0x18, 0x12a: 0x19, 0x12b: 0x1a, 0x12c: 0x1b, 0x12d: 0x1c, 0x12e: 0x1d, 0x12f: 0x8d,
+	0x130: 0x8e, 0x131: 0x1e, 0x132: 0x1f, 0x133: 0x20, 0x134: 0x8f, 0x135: 0x21, 0x136: 0x90, 0x137: 0x91,
+	0x138: 0x92, 0x139: 0x93, 0x13a: 0x22, 0x13b: 0x94, 0x13c: 0x95, 0x13d: 0x23, 0x13e: 0x24, 0x13f: 0x96,
+	// Block 0x5, offset 0x140
+	0x140: 0x97, 0x141: 0x98, 0x142: 0x99, 0x143: 0x9a, 0x144: 0x9b, 0x145: 0x9c, 0x146: 0x9d, 0x147: 0x9e,
+	0x148: 0x9f, 0x149: 0xa0, 0x14a: 0xa1, 0x14b: 0xa2, 0x14c: 0xa3, 0x14d: 0xa4, 0x14e: 0xa5, 0x14f: 0xa6,
+	0x150: 0xa7, 0x151: 0x9f, 0x152: 0x9f, 0x153: 0x9f, 0x154: 0x9f, 0x155: 0x9f, 0x156: 0x9f, 0x157: 0x9f,
+	0x158: 0x9f, 0x159: 0xa8, 0x15a: 0xa9, 0x15b: 0xaa, 0x15c: 0xab, 0x15d: 0xac, 0x15e: 0xad, 0x15f: 0xae,
+	0x160: 0xaf, 0x161: 0xb0, 0x162: 0xb1, 0x163: 0xb2, 0x164: 0xb3, 0x165: 0xb4, 0x166: 0xb5, 0x167: 0xb6,
+	0x168: 0xb7, 0x169: 0xb8, 0x16a: 0xb9, 0x16b: 0xba, 0x16c: 0xbb, 0x16d: 0xbc, 0x16e: 0xbd, 0x16f: 0xbe,
+	0x170: 0xbf, 0x171: 0xc0, 0x172: 0xc1, 0x173: 0xc2, 0x174: 0x25, 0x175: 0x26, 0x176: 0x27, 0x177: 0xc3,
+	0x178: 0x28, 0x179: 0x28, 0x17a: 0x29, 0x17b: 0x28, 0x17c: 0xc4, 0x17d: 0x2a, 0x17e: 0x2b, 0x17f: 0x2c,
+	// Block 0x6, offset 0x180
+	0x180: 0x2d, 0x181: 0x2e, 0x182: 0x2f, 0x183: 0xc5, 0x184: 0x30, 0x185: 0x31, 0x186: 0xc6, 0x187: 0x9b,
+	0x188: 0xc7, 0x189: 0xc8, 0x18a: 0x9b, 0x18b: 0x9b, 0x18c: 0xc9, 0x18d: 0x9b, 0x18e: 0x9b, 0x18f: 0x9b,
+	0x190: 0xca, 0x191: 0x32, 0x192: 0x33, 0x193: 0x34, 0x194: 0x9b, 0x195: 0x9b, 0x196: 0x9b, 0x197: 0x9b,
+	0x198: 0x9b, 0x199: 0x9b, 0x19a: 0x9b, 0x19b: 0x9b, 0x19c: 0x9b, 0x19d: 0x9b, 0x19e: 0x9b, 0x19f: 0x9b,
+	0x1a0: 0x9b, 0x1a1: 0x9b, 0x1a2: 0x9b, 0x1a3: 0x9b, 0x1a4: 0x9b, 0x1a5: 0x9b, 0x1a6: 0x9b, 0x1a7: 0x9b,
+	0x1a8: 0xcb, 0x1a9: 0xcc, 0x1aa: 0x9b, 0x1ab: 0xcd, 0x1ac: 0x9b, 0x1ad: 0xce, 0x1ae: 0xcf, 0x1af: 0xd0,
+	0x1b0: 0xd1, 0x1b1: 0x35, 0x1b2: 0x28, 0x1b3: 0x36, 0x1b4: 0xd2, 0x1b5: 0xd3, 0x1b6: 0xd4, 0x1b7: 0xd5,
+	0x1b8: 0xd6, 0x1b9: 0xd7, 0x1ba: 0xd8, 0x1bb: 0xd9, 0x1bc: 0xda, 0x1bd: 0xdb, 0x1be: 0xdc, 0x1bf: 0x37,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x38, 0x1c1: 0xdd, 0x1c2: 0xde, 0x1c3: 0xdf, 0x1c4: 0xe0, 0x1c5: 0x39, 0x1c6: 0x3a, 0x1c7: 0xe1,
+	0x1c8: 0xe2, 0x1c9: 0x3b, 0x1ca: 0x3c, 0x1cb: 0x3d, 0x1cc: 0x3e, 0x1cd: 0x3f, 0x1ce: 0x40, 0x1cf: 0x41,
+	0x1d0: 0x9f, 0x1d1: 0x9f, 0x1d2: 0x9f, 0x1d3: 0x9f, 0x1d4: 0x9f, 0x1d5: 0x9f, 0x1d6: 0x9f, 0x1d7: 0x9f,
+	0x1d8: 0x9f, 0x1d9: 0x9f, 0x1da: 0x9f, 0x1db: 0x9f, 0x1dc: 0x9f, 0x1dd: 0x9f, 0x1de: 0x9f, 0x1df: 0x9f,
+	0x1e0: 0x9f, 0x1e1: 0x9f, 0x1e2: 0x9f, 0x1e3: 0x9f, 0x1e4: 0x9f, 0x1e5: 0x9f, 0x1e6: 0x9f, 0x1e7: 0x9f,
+	0x1e8: 0x9f, 0x1e9: 0x9f, 0x1ea: 0x9f, 0x1eb: 0x9f, 0x1ec: 0x9f, 0x1ed: 0x9f, 0x1ee: 0x9f, 0x1ef: 0x9f,
+	0x1f0: 0x9f, 0x1f1: 0x9f, 0x1f2: 0x9f, 0x1f3: 0x9f, 0x1f4: 0x9f, 0x1f5: 0x9f, 0x1f6: 0x9f, 0x1f7: 0x9f,
+	0x1f8: 0x9f, 0x1f9: 0x9f, 0x1fa: 0x9f, 0x1fb: 0x9f, 0x1fc: 0x9f, 0x1fd: 0x9f, 0x1fe: 0x9f, 0x1ff: 0x9f,
+	// Block 0x8, offset 0x200
+	0x200: 0x9f, 0x201: 0x9f, 0x202: 0x9f, 0x203: 0x9f, 0x204: 0x9f, 0x205: 0x9f, 0x206: 0x9f, 0x207: 0x9f,
+	0x208: 0x9f, 0x209: 0x9f, 0x20a: 0x9f, 0x20b: 0x9f, 0x20c: 0x9f, 0x20d: 0x9f, 0x20e: 0x9f, 0x20f: 0x9f,
+	0x210: 0x9f, 0x211: 0x9f, 0x212: 0x9f, 0x213: 0x9f, 0x214: 0x9f, 0x215: 0x9f, 0x216: 0x9f, 0x217: 0x9f,
+	0x218: 0x9f, 0x219: 0x9f, 0x21a: 0x9f, 0x21b: 0x9f, 0x21c: 0x9f, 0x21d: 0x9f, 0x21e: 0x9f, 0x21f: 0x9f,
+	0x220: 0x9f, 0x221: 0x9f, 0x222: 0x9f, 0x223: 0x9f, 0x224: 0x9f, 0x225: 0x9f, 0x226: 0x9f, 0x227: 0x9f,
+	0x228: 0x9f, 0x229: 0x9f, 0x22a: 0x9f, 0x22b: 0x9f, 0x22c: 0x9f, 0x22d: 0x9f, 0x22e: 0x9f, 0x22f: 0x9f,
+	0x230: 0x9f, 0x231: 0x9f, 0x232: 0x9f, 0x233: 0x9f, 0x234: 0x9f, 0x235: 0x9f, 0x236: 0xb2, 0x237: 0x9b,
+	0x238: 0x9f, 0x239: 0x9f, 0x23a: 0x9f, 0x23b: 0x9f, 0x23c: 0x9f, 0x23d: 0x9f, 0x23e: 0x9f, 0x23f: 0x9f,
+	// Block 0x9, offset 0x240
+	0x240: 0x9f, 0x241: 0x9f, 0x242: 0x9f, 0x243: 0x9f, 0x244: 0x9f, 0x245: 0x9f, 0x246: 0x9f, 0x247: 0x9f,
+	0x248: 0x9f, 0x249: 0x9f, 0x24a: 0x9f, 0x24b: 0x9f, 0x24c: 0x9f, 0x24d: 0x9f, 0x24e: 0x9f, 0x24f: 0x9f,
+	0x250: 0x9f, 0x251: 0x9f, 0x252: 0x9f, 0x253: 0x9f, 0x254: 0x9f, 0x255: 0x9f, 0x256: 0x9f, 0x257: 0x9f,
+	0x258: 0x9f, 0x259: 0x9f, 0x25a: 0x9f, 0x25b: 0x9f, 0x25c: 0x9f, 0x25d: 0x9f, 0x25e: 0x9f, 0x25f: 0x9f,
+	0x260: 0x9f, 0x261: 0x9f, 0x262: 0x9f, 0x263: 0x9f, 0x264: 0x9f, 0x265: 0x9f, 0x266: 0x9f, 0x267: 0x9f,
+	0x268: 0x9f, 0x269: 0x9f, 0x26a: 0x9f, 0x26b: 0x9f, 0x26c: 0x9f, 0x26d: 0x9f, 0x26e: 0x9f, 0x26f: 0x9f,
+	0x270: 0x9f, 0x271: 0x9f, 0x272: 0x9f, 0x273: 0x9f, 0x274: 0x9f, 0x275: 0x9f, 0x276: 0x9f, 0x277: 0x9f,
+	0x278: 0x9f, 0x279: 0x9f, 0x27a: 0x9f, 0x27b: 0x9f, 0x27c: 0x9f, 0x27d: 0x9f, 0x27e: 0x9f, 0x27f: 0x9f,
+	// Block 0xa, offset 0x280
+	0x280: 0x9f, 0x281: 0x9f, 0x282: 0x9f, 0x283: 0x9f, 0x284: 0x9f, 0x285: 0x9f, 0x286: 0x9f, 0x287: 0x9f,
+	0x288: 0x9f, 0x289: 0x9f, 0x28a: 0x9f, 0x28b: 0x9f, 0x28c: 0x9f, 0x28d: 0x9f, 0x28e: 0x9f, 0x28f: 0x9f,
+	0x290: 0x9f, 0x291: 0x9f, 0x292: 0x9f, 0x293: 0x9f, 0x294: 0x9f, 0x295: 0x9f, 0x296: 0x9f, 0x297: 0x9f,
+	0x298: 0x9f, 0x299: 0x9f, 0x29a: 0x9f, 0x29b: 0x9f, 0x29c: 0x9f, 0x29d: 0x9f, 0x29e: 0x9f, 0x29f: 0x9f,
+	0x2a0: 0x9f, 0x2a1: 0x9f, 0x2a2: 0x9f, 0x2a3: 0x9f, 0x2a4: 0x9f, 0x2a5: 0x9f, 0x2a6: 0x9f, 0x2a7: 0x9f,
+	0x2a8: 0x9f, 0x2a9: 0x9f, 0x2aa: 0x9f, 0x2ab: 0x9f, 0x2ac: 0x9f, 0x2ad: 0x9f, 0x2ae: 0x9f, 0x2af: 0x9f,
+	0x2b0: 0x9f, 0x2b1: 0x9f, 0x2b2: 0x9f, 0x2b3: 0x9f, 0x2b4: 0x9f, 0x2b5: 0x9f, 0x2b6: 0x9f, 0x2b7: 0x9f,
+	0x2b8: 0x9f, 0x2b9: 0x9f, 0x2ba: 0x9f, 0x2bb: 0x9f, 0x2bc: 0x9f, 0x2bd: 0x9f, 0x2be: 0x9f, 0x2bf: 0xe3,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x9f, 0x2c1: 0x9f, 0x2c2: 0x9f, 0x2c3: 0x9f, 0x2c4: 0x9f, 0x2c5: 0x9f, 0x2c6: 0x9f, 0x2c7: 0x9f,
+	0x2c8: 0x9f, 0x2c9: 0x9f, 0x2ca: 0x9f, 0x2cb: 0x9f, 0x2cc: 0x9f, 0x2cd: 0x9f, 0x2ce: 0x9f, 0x2cf: 0x9f,
+	0x2d0: 0x9f, 0x2d1: 0x9f, 0x2d2: 0xe4, 0x2d3: 0xe5, 0x2d4: 0x9f, 0x2d5: 0x9f, 0x2d6: 0x9f, 0x2d7: 0x9f,
+	0x2d8: 0xe6, 0x2d9: 0x42, 0x2da: 0x43, 0x2db: 0xe7, 0x2dc: 0x44, 0x2dd: 0x45, 0x2de: 0x46, 0x2df: 0xe8,
+	0x2e0: 0xe9, 0x2e1: 0xea, 0x2e2: 0xeb, 0x2e3: 0xec, 0x2e4: 0xed, 0x2e5: 0xee, 0x2e6: 0xef, 0x2e7: 0xf0,
+	0x2e8: 0xf1, 0x2e9: 0xf2, 0x2ea: 0xf3, 0x2eb: 0xf4, 0x2ec: 0xf5, 0x2ed: 0xf6, 0x2ee: 0xf7, 0x2ef: 0xf8,
+	0x2f0: 0x9f, 0x2f1: 0x9f, 0x2f2: 0x9f, 0x2f3: 0x9f, 0x2f4: 0x9f, 0x2f5: 0x9f, 0x2f6: 0x9f, 0x2f7: 0x9f,
+	0x2f8: 0x9f, 0x2f9: 0x9f, 0x2fa: 0x9f, 0x2fb: 0x9f, 0x2fc: 0x9f, 0x2fd: 0x9f, 0x2fe: 0x9f, 0x2ff: 0x9f,
+	// Block 0xc, offset 0x300
+	0x300: 0x9f, 0x301: 0x9f, 0x302: 0x9f, 0x303: 0x9f, 0x304: 0x9f, 0x305: 0x9f, 0x306: 0x9f, 0x307: 0x9f,
+	0x308: 0x9f, 0x309: 0x9f, 0x30a: 0x9f, 0x30b: 0x9f, 0x30c: 0x9f, 0x30d: 0x9f, 0x30e: 0x9f, 0x30f: 0x9f,
+	0x310: 0x9f, 0x311: 0x9f, 0x312: 0x9f, 0x313: 0x9f, 0x314: 0x9f, 0x315: 0x9f, 0x316: 0x9f, 0x317: 0x9f,
+	0x318: 0x9f, 0x319: 0x9f, 0x31a: 0x9f, 0x31b: 0x9f, 0x31c: 0x9f, 0x31d: 0x9f, 0x31e: 0xf9, 0x31f: 0xfa,
+	// Block 0xd, offset 0x340
+	0x340: 0xba, 0x341: 0xba, 0x342: 0xba, 0x343: 0xba, 0x344: 0xba, 0x345: 0xba, 0x346: 0xba, 0x347: 0xba,
+	0x348: 0xba, 0x349: 0xba, 0x34a: 0xba, 0x34b: 0xba, 0x34c: 0xba, 0x34d: 0xba, 0x34e: 0xba, 0x34f: 0xba,
+	0x350: 0xba, 0x351: 0xba, 0x352: 0xba, 0x353: 0xba, 0x354: 0xba, 0x355: 0xba, 0x356: 0xba, 0x357: 0xba,
+	0x358: 0xba, 0x359: 0xba, 0x35a: 0xba, 0x35b: 0xba, 0x35c: 0xba, 0x35d: 0xba, 0x35e: 0xba, 0x35f: 0xba,
+	0x360: 0xba, 0x361: 0xba, 0x362: 0xba, 0x363: 0xba, 0x364: 0xba, 0x365: 0xba, 0x366: 0xba, 0x367: 0xba,
+	0x368: 0xba, 0x369: 0xba, 0x36a: 0xba, 0x36b: 0xba, 0x36c: 0xba, 0x36d: 0xba, 0x36e: 0xba, 0x36f: 0xba,
+	0x370: 0xba, 0x371: 0xba, 0x372: 0xba, 0x373: 0xba, 0x374: 0xba, 0x375: 0xba, 0x376: 0xba, 0x377: 0xba,
+	0x378: 0xba, 0x379: 0xba, 0x37a: 0xba, 0x37b: 0xba, 0x37c: 0xba, 0x37d: 0xba, 0x37e: 0xba, 0x37f: 0xba,
+	// Block 0xe, offset 0x380
+	0x380: 0xba, 0x381: 0xba, 0x382: 0xba, 0x383: 0xba, 0x384: 0xba, 0x385: 0xba, 0x386: 0xba, 0x387: 0xba,
+	0x388: 0xba, 0x389: 0xba, 0x38a: 0xba, 0x38b: 0xba, 0x38c: 0xba, 0x38d: 0xba, 0x38e: 0xba, 0x38f: 0xba,
+	0x390: 0xba, 0x391: 0xba, 0x392: 0xba, 0x393: 0xba, 0x394: 0xba, 0x395: 0xba, 0x396: 0xba, 0x397: 0xba,
+	0x398: 0xba, 0x399: 0xba, 0x39a: 0xba, 0x39b: 0xba, 0x39c: 0xba, 0x39d: 0xba, 0x39e: 0xba, 0x39f: 0xba,
+	0x3a0: 0xba, 0x3a1: 0xba, 0x3a2: 0xba, 0x3a3: 0xba, 0x3a4: 0xfb, 0x3a5: 0xfc, 0x3a6: 0xfd, 0x3a7: 0xfe,
+	0x3a8: 0x47, 0x3a9: 0xff, 0x3aa: 0x100, 0x3ab: 0x48, 0x3ac: 0x49, 0x3ad: 0x4a, 0x3ae: 0x4b, 0x3af: 0x4c,
+	0x3b0: 0x101, 0x3b1: 0x4d, 0x3b2: 0x4e, 0x3b3: 0x4f, 0x3b4: 0x50, 0x3b5: 0x51, 0x3b6: 0x102, 0x3b7: 0x52,
+	0x3b8: 0x53, 0x3b9: 0x54, 0x3ba: 0x55, 0x3bb: 0x56, 0x3bc: 0x57, 0x3bd: 0x58, 0x3be: 0x59, 0x3bf: 0x5a,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x103, 0x3c1: 0x104, 0x3c2: 0x9f, 0x3c3: 0x105, 0x3c4: 0x106, 0x3c5: 0x9b, 0x3c6: 0x107, 0x3c7: 0x108,
+	0x3c8: 0xba, 0x3c9: 0xba, 0x3ca: 0x109, 0x3cb: 0x10a, 0x3cc: 0x10b, 0x3cd: 0x10c, 0x3ce: 0x10d, 0x3cf: 0x10e,
+	0x3d0: 0x10f, 0x3d1: 0x9f, 0x3d2: 0x110, 0x3d3: 0x111, 0x3d4: 0x112, 0x3d5: 0x113, 0x3d6: 0xba, 0x3d7: 0xba,
+	0x3d8: 0x9f, 0x3d9: 0x9f, 0x3da: 0x9f, 0x3db: 0x9f, 0x3dc: 0x114, 0x3dd: 0x115, 0x3de: 0xba, 0x3df: 0xba,
+	0x3e0: 0x116, 0x3e1: 0x117, 0x3e2: 0x118, 0x3e3: 0x119, 0x3e4: 0x11a, 0x3e5: 0xba, 0x3e6: 0x11b, 0x3e7: 0x11c,
+	0x3e8: 0x11d, 0x3e9: 0x11e, 0x3ea: 0x11f, 0x3eb: 0x5b, 0x3ec: 0x120, 0x3ed: 0x121, 0x3ee: 0x5c, 0x3ef: 0xba,
+	0x3f0: 0x122, 0x3f1: 0x123, 0x3f2: 0x124, 0x3f3: 0x125, 0x3f4: 0x126, 0x3f5: 0xba, 0x3f6: 0xba, 0x3f7: 0xba,
+	0x3f8: 0xba, 0x3f9: 0x127, 0x3fa: 0xba, 0x3fb: 0xba, 0x3fc: 0x128, 0x3fd: 0x129, 0x3fe: 0xba, 0x3ff: 0xba,
+	// Block 0x10, offset 0x400
+	0x400: 0x12a, 0x401: 0x12b, 0x402: 0x12c, 0x403: 0x12d, 0x404: 0x12e, 0x405: 0x12f, 0x406: 0x130, 0x407: 0x131,
+	0x408: 0x132, 0x409: 0xba, 0x40a: 0x133, 0x40b: 0x134, 0x40c: 0x5d, 0x40d: 0x5e, 0x40e: 0xba, 0x40f: 0xba,
+	0x410: 0x135, 0x411: 0x136, 0x412: 0x137, 0x413: 0x138, 0x414: 0xba, 0x415: 0xba, 0x416: 0x139, 0x417: 0x13a,
+	0x418: 0x13b, 0x419: 0x13c, 0x41a: 0x13d, 0x41b: 0x13e, 0x41c: 0x13f, 0x41d: 0xba, 0x41e: 0xba, 0x41f: 0xba,
+	0x420: 0x140, 0x421: 0xba, 0x422: 0x141, 0x423: 0x142, 0x424: 0xba, 0x425: 0xba, 0x426: 0xba, 0x427: 0xba,
+	0x428: 0x143, 0x429: 0x144, 0x42a: 0x145, 0x42b: 0x146, 0x42c: 0xba, 0x42d: 0xba, 0x42e: 0xba, 0x42f: 0xba,
+	0x430: 0x147, 0x431: 0x148, 0x432: 0x149, 0x433: 0xba, 0x434: 0x14a, 0x435: 0x14b, 0x436: 0x14c, 0x437: 0xba,
+	0x438: 0xba, 0x439: 0xba, 0x43a: 0xba, 0x43b: 0x14d, 0x43c: 0xba, 0x43d: 0xba, 0x43e: 0xba, 0x43f: 0xba,
+	// Block 0x11, offset 0x440
+	0x440: 0x9f, 0x441: 0x9f, 0x442: 0x9f, 0x443: 0x9f, 0x444: 0x9f, 0x445: 0x9f, 0x446: 0x9f, 0x447: 0x9f,
+	0x448: 0x9f, 0x449: 0x9f, 0x44a: 0x9f, 0x44b: 0x9f, 0x44c: 0x9f, 0x44d: 0x9f, 0x44e: 0x14e, 0x44f: 0xba,
+	0x450: 0x9b, 0x451: 0x14f, 0x452: 0x9f, 0x453: 0x9f, 0x454: 0x9f, 0x455: 0x150, 0x456: 0xba, 0x457: 0xba,
+	0x458: 0xba, 0x459: 0xba, 0x45a: 0xba, 0x45b: 0xba, 0x45c: 0xba, 0x45d: 0xba, 0x45e: 0xba, 0x45f: 0xba,
+	0x460: 0xba, 0x461: 0xba, 0x462: 0xba, 0x463: 0xba, 0x464: 0xba, 0x465: 0xba, 0x466: 0xba, 0x467: 0xba,
+	0x468: 0xba, 0x469: 0xba, 0x46a: 0xba, 0x46b: 0xba, 0x46c: 0xba, 0x46d: 0xba, 0x46e: 0xba, 0x46f: 0xba,
+	0x470: 0xba, 0x471: 0xba, 0x472: 0xba, 0x473: 0xba, 0x474: 0xba, 0x475: 0xba, 0x476: 0xba, 0x477: 0xba,
+	0x478: 0xba, 0x479: 0xba, 0x47a: 0xba, 0x47b: 0xba, 0x47c: 0xba, 0x47d: 0xba, 0x47e: 0xba, 0x47f: 0xba,
+	// Block 0x12, offset 0x480
+	0x480: 0x9f, 0x481: 0x9f, 0x482: 0x9f, 0x483: 0x9f, 0x484: 0x9f, 0x485: 0x9f, 0x486: 0x9f, 0x487: 0x9f,
+	0x488: 0x9f, 0x489: 0x9f, 0x48a: 0x9f, 0x48b: 0x9f, 0x48c: 0x9f, 0x48d: 0x9f, 0x48e: 0x9f, 0x48f: 0x9f,
+	0x490: 0x151, 0x491: 0xba, 0x492: 0xba, 0x493: 0xba, 0x494: 0xba, 0x495: 0xba, 0x496: 0xba, 0x497: 0xba,
+	0x498: 0xba, 0x499: 0xba, 0x49a: 0xba, 0x49b: 0xba, 0x49c: 0xba, 0x49d: 0xba, 0x49e: 0xba, 0x49f: 0xba,
+	0x4a0: 0xba, 0x4a1: 0xba, 0x4a2: 0xba, 0x4a3: 0xba, 0x4a4: 0xba, 0x4a5: 0xba, 0x4a6: 0xba, 0x4a7: 0xba,
+	0x4a8: 0xba, 0x4a9: 0xba, 0x4aa: 0xba, 0x4ab: 0xba, 0x4ac: 0xba, 0x4ad: 0xba, 0x4ae: 0xba, 0x4af: 0xba,
+	0x4b0: 0xba, 0x4b1: 0xba, 0x4b2: 0xba, 0x4b3: 0xba, 0x4b4: 0xba, 0x4b5: 0xba, 0x4b6: 0xba, 0x4b7: 0xba,
+	0x4b8: 0xba, 0x4b9: 0xba, 0x4ba: 0xba, 0x4bb: 0xba, 0x4bc: 0xba, 0x4bd: 0xba, 0x4be: 0xba, 0x4bf: 0xba,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0xba, 0x4c1: 0xba, 0x4c2: 0xba, 0x4c3: 0xba, 0x4c4: 0xba, 0x4c5: 0xba, 0x4c6: 0xba, 0x4c7: 0xba,
+	0x4c8: 0xba, 0x4c9: 0xba, 0x4ca: 0xba, 0x4cb: 0xba, 0x4cc: 0xba, 0x4cd: 0xba, 0x4ce: 0xba, 0x4cf: 0xba,
+	0x4d0: 0x9f, 0x4d1: 0x9f, 0x4d2: 0x9f, 0x4d3: 0x9f, 0x4d4: 0x9f, 0x4d5: 0x9f, 0x4d6: 0x9f, 0x4d7: 0x9f,
+	0x4d8: 0x9f, 0x4d9: 0x152, 0x4da: 0xba, 0x4db: 0xba, 0x4dc: 0xba, 0x4dd: 0xba, 0x4de: 0xba, 0x4df: 0xba,
+	0x4e0: 0xba, 0x4e1: 0xba, 0x4e2: 0xba, 0x4e3: 0xba, 0x4e4: 0xba, 0x4e5: 0xba, 0x4e6: 0xba, 0x4e7: 0xba,
+	0x4e8: 0xba, 0x4e9: 0xba, 0x4ea: 0xba, 0x4eb: 0xba, 0x4ec: 0xba, 0x4ed: 0xba, 0x4ee: 0xba, 0x4ef: 0xba,
+	0x4f0: 0xba, 0x4f1: 0xba, 0x4f2: 0xba, 0x4f3: 0xba, 0x4f4: 0xba, 0x4f5: 0xba, 0x4f6: 0xba, 0x4f7: 0xba,
+	0x4f8: 0xba, 0x4f9: 0xba, 0x4fa: 0xba, 0x4fb: 0xba, 0x4fc: 0xba, 0x4fd: 0xba, 0x4fe: 0xba, 0x4ff: 0xba,
+	// Block 0x14, offset 0x500
+	0x500: 0xba, 0x501: 0xba, 0x502: 0xba, 0x503: 0xba, 0x504: 0xba, 0x505: 0xba, 0x506: 0xba, 0x507: 0xba,
+	0x508: 0xba, 0x509: 0xba, 0x50a: 0xba, 0x50b: 0xba, 0x50c: 0xba, 0x50d: 0xba, 0x50e: 0xba, 0x50f: 0xba,
+	0x510: 0xba, 0x511: 0xba, 0x512: 0xba, 0x513: 0xba, 0x514: 0xba, 0x515: 0xba, 0x516: 0xba, 0x517: 0xba,
+	0x518: 0xba, 0x519: 0xba, 0x51a: 0xba, 0x51b: 0xba, 0x51c: 0xba, 0x51d: 0xba, 0x51e: 0xba, 0x51f: 0xba,
+	0x520: 0x9f, 0x521: 0x9f, 0x522: 0x9f, 0x523: 0x9f, 0x524: 0x9f, 0x525: 0x9f, 0x526: 0x9f, 0x527: 0x9f,
+	0x528: 0x146, 0x529: 0x153, 0x52a: 0xba, 0x52b: 0x154, 0x52c: 0x155, 0x52d: 0x156, 0x52e: 0x157, 0x52f: 0xba,
+	0x530: 0xba, 0x531: 0xba, 0x532: 0xba, 0x533: 0xba, 0x534: 0xba, 0x535: 0xba, 0x536: 0xba, 0x537: 0xba,
+	0x538: 0xba, 0x539: 0x158, 0x53a: 0x159, 0x53b: 0xba, 0x53c: 0x9f, 0x53d: 0x15a, 0x53e: 0x15b, 0x53f: 0x15c,
+	// Block 0x15, offset 0x540
+	0x540: 0x9f, 0x541: 0x9f, 0x542: 0x9f, 0x543: 0x9f, 0x544: 0x9f, 0x545: 0x9f, 0x546: 0x9f, 0x547: 0x9f,
+	0x548: 0x9f, 0x549: 0x9f, 0x54a: 0x9f, 0x54b: 0x9f, 0x54c: 0x9f, 0x54d: 0x9f, 0x54e: 0x9f, 0x54f: 0x9f,
+	0x550: 0x9f, 0x551: 0x9f, 0x552: 0x9f, 0x553: 0x9f, 0x554: 0x9f, 0x555: 0x9f, 0x556: 0x9f, 0x557: 0x9f,
+	0x558: 0x9f, 0x559: 0x9f, 0x55a: 0x9f, 0x55b: 0x9f, 0x55c: 0x9f, 0x55d: 0x9f, 0x55e: 0x9f, 0x55f: 0x15d,
+	0x560: 0x9f, 0x561: 0x9f, 0x562: 0x9f, 0x563: 0x9f, 0x564: 0x9f, 0x565: 0x9f, 0x566: 0x9f, 0x567: 0x9f,
+	0x568: 0x9f, 0x569: 0x9f, 0x56a: 0x9f, 0x56b: 0x15e, 0x56c: 0xba, 0x56d: 0xba, 0x56e: 0xba, 0x56f: 0xba,
+	0x570: 0xba, 0x571: 0xba, 0x572: 0xba, 0x573: 0xba, 0x574: 0xba, 0x575: 0xba, 0x576: 0xba, 0x577: 0xba,
+	0x578: 0xba, 0x579: 0xba, 0x57a: 0xba, 0x57b: 0xba, 0x57c: 0xba, 0x57d: 0xba, 0x57e: 0xba, 0x57f: 0xba,
+	// Block 0x16, offset 0x580
+	0x580: 0x9f, 0x581: 0x9f, 0x582: 0x9f, 0x583: 0x9f, 0x584: 0x15f, 0x585: 0x160, 0x586: 0x9f, 0x587: 0x9f,
+	0x588: 0x9f, 0x589: 0x9f, 0x58a: 0x9f, 0x58b: 0x161, 0x58c: 0xba, 0x58d: 0xba, 0x58e: 0xba, 0x58f: 0xba,
+	0x590: 0xba, 0x591: 0xba, 0x592: 0xba, 0x593: 0xba, 0x594: 0xba, 0x595: 0xba, 0x596: 0xba, 0x597: 0xba,
+	0x598: 0xba, 0x599: 0xba, 0x59a: 0xba, 0x59b: 0xba, 0x59c: 0xba, 0x59d: 0xba, 0x59e: 0xba, 0x59f: 0xba,
+	0x5a0: 0xba, 0x5a1: 0xba, 0x5a2: 0xba, 0x5a3: 0xba, 0x5a4: 0xba, 0x5a5: 0xba, 0x5a6: 0xba, 0x5a7: 0xba,
+	0x5a8: 0xba, 0x5a9: 0xba, 0x5aa: 0xba, 0x5ab: 0xba, 0x5ac: 0xba, 0x5ad: 0xba, 0x5ae: 0xba, 0x5af: 0xba,
+	0x5b0: 0x9f, 0x5b1: 0x162, 0x5b2: 0x163, 0x5b3: 0xba, 0x5b4: 0xba, 0x5b5: 0xba, 0x5b6: 0xba, 0x5b7: 0xba,
+	0x5b8: 0xba, 0x5b9: 0xba, 0x5ba: 0xba, 0x5bb: 0xba, 0x5bc: 0xba, 0x5bd: 0xba, 0x5be: 0xba, 0x5bf: 0xba,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x9b, 0x5c1: 0x9b, 0x5c2: 0x9b, 0x5c3: 0x164, 0x5c4: 0x165, 0x5c5: 0x166, 0x5c6: 0x167, 0x5c7: 0x168,
+	0x5c8: 0x9b, 0x5c9: 0x169, 0x5ca: 0xba, 0x5cb: 0x16a, 0x5cc: 0x9b, 0x5cd: 0x16b, 0x5ce: 0xba, 0x5cf: 0xba,
+	0x5d0: 0x5f, 0x5d1: 0x60, 0x5d2: 0x61, 0x5d3: 0x62, 0x5d4: 0x63, 0x5d5: 0x64, 0x5d6: 0x65, 0x5d7: 0x66,
+	0x5d8: 0x67, 0x5d9: 0x68, 0x5da: 0x69, 0x5db: 0x6a, 0x5dc: 0x6b, 0x5dd: 0x6c, 0x5de: 0x6d, 0x5df: 0x6e,
+	0x5e0: 0x9b, 0x5e1: 0x9b, 0x5e2: 0x9b, 0x5e3: 0x9b, 0x5e4: 0x9b, 0x5e5: 0x9b, 0x5e6: 0x9b, 0x5e7: 0x9b,
+	0x5e8: 0x16c, 0x5e9: 0x16d, 0x5ea: 0x16e, 0x5eb: 0xba, 0x5ec: 0xba, 0x5ed: 0xba, 0x5ee: 0xba, 0x5ef: 0xba,
+	0x5f0: 0xba, 0x5f1: 0xba, 0x5f2: 0xba, 0x5f3: 0xba, 0x5f4: 0xba, 0x5f5: 0xba, 0x5f6: 0xba, 0x5f7: 0xba,
+	0x5f8: 0xba, 0x5f9: 0xba, 0x5fa: 0xba, 0x5fb: 0xba, 0x5fc: 0xba, 0x5fd: 0xba, 0x5fe: 0xba, 0x5ff: 0xba,
+	// Block 0x18, offset 0x600
+	0x600: 0x16f, 0x601: 0xba, 0x602: 0xba, 0x603: 0xba, 0x604: 0xba, 0x605: 0xba, 0x606: 0xba, 0x607: 0xba,
+	0x608: 0xba, 0x609: 0xba, 0x60a: 0xba, 0x60b: 0xba, 0x60c: 0xba, 0x60d: 0xba, 0x60e: 0xba, 0x60f: 0xba,
+	0x610: 0xba, 0x611: 0xba, 0x612: 0xba, 0x613: 0xba, 0x614: 0xba, 0x615: 0xba, 0x616: 0xba, 0x617: 0xba,
+	0x618: 0xba, 0x619: 0xba, 0x61a: 0xba, 0x61b: 0xba, 0x61c: 0xba, 0x61d: 0xba, 0x61e: 0xba, 0x61f: 0xba,
+	0x620: 0x122, 0x621: 0x122, 0x622: 0x122, 0x623: 0x170, 0x624: 0x6f, 0x625: 0x171, 0x626: 0xba, 0x627: 0xba,
+	0x628: 0xba, 0x629: 0xba, 0x62a: 0xba, 0x62b: 0xba, 0x62c: 0xba, 0x62d: 0xba, 0x62e: 0xba, 0x62f: 0xba,
+	0x630: 0xba, 0x631: 0x172, 0x632: 0x173, 0x633: 0xba, 0x634: 0xba, 0x635: 0xba, 0x636: 0xba, 0x637: 0xba,
+	0x638: 0x70, 0x639: 0x71, 0x63a: 0x72, 0x63b: 0x174, 0x63c: 0xba, 0x63d: 0xba, 0x63e: 0xba, 0x63f: 0xba,
+	// Block 0x19, offset 0x640
+	0x640: 0x175, 0x641: 0x9b, 0x642: 0x176, 0x643: 0x177, 0x644: 0x73, 0x645: 0x74, 0x646: 0x178, 0x647: 0x179,
+	0x648: 0x75, 0x649: 0x17a, 0x64a: 0xba, 0x64b: 0xba, 0x64c: 0x9b, 0x64d: 0x9b, 0x64e: 0x9b, 0x64f: 0x9b,
+	0x650: 0x9b, 0x651: 0x9b, 0x652: 0x9b, 0x653: 0x9b, 0x654: 0x9b, 0x655: 0x9b, 0x656: 0x9b, 0x657: 0x9b,
+	0x658: 0x9b, 0x659: 0x9b, 0x65a: 0x9b, 0x65b: 0x17b, 0x65c: 0x9b, 0x65d: 0x17c, 0x65e: 0x9b, 0x65f: 0x17d,
+	0x660: 0x17e, 0x661: 0x17f, 0x662: 0x180, 0x663: 0xba, 0x664: 0x181, 0x665: 0x182, 0x666: 0x183, 0x667: 0x184,
+	0x668: 0xba, 0x669: 0x185, 0x66a: 0xba, 0x66b: 0xba, 0x66c: 0xba, 0x66d: 0xba, 0x66e: 0xba, 0x66f: 0xba,
+	0x670: 0xba, 0x671: 0xba, 0x672: 0xba, 0x673: 0xba, 0x674: 0xba, 0x675: 0xba, 0x676: 0xba, 0x677: 0xba,
+	0x678: 0xba, 0x679: 0xba, 0x67a: 0xba, 0x67b: 0xba, 0x67c: 0xba, 0x67d: 0xba, 0x67e: 0xba, 0x67f: 0xba,
+	// Block 0x1a, offset 0x680
+	0x680: 0x9f, 0x681: 0x9f, 0x682: 0x9f, 0x683: 0x9f, 0x684: 0x9f, 0x685: 0x9f, 0x686: 0x9f, 0x687: 0x9f,
+	0x688: 0x9f, 0x689: 0x9f, 0x68a: 0x9f, 0x68b: 0x9f, 0x68c: 0x9f, 0x68d: 0x9f, 0x68e: 0x9f, 0x68f: 0x9f,
+	0x690: 0x9f, 0x691: 0x9f, 0x692: 0x9f, 0x693: 0x9f, 0x694: 0x9f, 0x695: 0x9f, 0x696: 0x9f, 0x697: 0x9f,
+	0x698: 0x9f, 0x699: 0x9f, 0x69a: 0x9f, 0x69b: 0x186, 0x69c: 0x9f, 0x69d: 0x9f, 0x69e: 0x9f, 0x69f: 0x9f,
+	0x6a0: 0x9f, 0x6a1: 0x9f, 0x6a2: 0x9f, 0x6a3: 0x9f, 0x6a4: 0x9f, 0x6a5: 0x9f, 0x6a6: 0x9f, 0x6a7: 0x9f,
+	0x6a8: 0x9f, 0x6a9: 0x9f, 0x6aa: 0x9f, 0x6ab: 0x9f, 0x6ac: 0x9f, 0x6ad: 0x9f, 0x6ae: 0x9f, 0x6af: 0x9f,
+	0x6b0: 0x9f, 0x6b1: 0x9f, 0x6b2: 0x9f, 0x6b3: 0x9f, 0x6b4: 0x9f, 0x6b5: 0x9f, 0x6b6: 0x9f, 0x6b7: 0x9f,
+	0x6b8: 0x9f, 0x6b9: 0x9f, 0x6ba: 0x9f, 0x6bb: 0x9f, 0x6bc: 0x9f, 0x6bd: 0x9f, 0x6be: 0x9f, 0x6bf: 0x9f,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x9f, 0x6c1: 0x9f, 0x6c2: 0x9f, 0x6c3: 0x9f, 0x6c4: 0x9f, 0x6c5: 0x9f, 0x6c6: 0x9f, 0x6c7: 0x9f,
+	0x6c8: 0x9f, 0x6c9: 0x9f, 0x6ca: 0x9f, 0x6cb: 0x9f, 0x6cc: 0x9f, 0x6cd: 0x9f, 0x6ce: 0x9f, 0x6cf: 0x9f,
+	0x6d0: 0x9f, 0x6d1: 0x9f, 0x6d2: 0x9f, 0x6d3: 0x9f, 0x6d4: 0x9f, 0x6d5: 0x9f, 0x6d6: 0x9f, 0x6d7: 0x9f,
+	0x6d8: 0x9f, 0x6d9: 0x9f, 0x6da: 0x9f, 0x6db: 0x9f, 0x6dc: 0x187, 0x6dd: 0x9f, 0x6de: 0x9f, 0x6df: 0x9f,
+	0x6e0: 0x188, 0x6e1: 0x9f, 0x6e2: 0x9f, 0x6e3: 0x9f, 0x6e4: 0x9f, 0x6e5: 0x9f, 0x6e6: 0x9f, 0x6e7: 0x9f,
+	0x6e8: 0x9f, 0x6e9: 0x9f, 0x6ea: 0x9f, 0x6eb: 0x9f, 0x6ec: 0x9f, 0x6ed: 0x9f, 0x6ee: 0x9f, 0x6ef: 0x9f,
+	0x6f0: 0x9f, 0x6f1: 0x9f, 0x6f2: 0x9f, 0x6f3: 0x9f, 0x6f4: 0x9f, 0x6f5: 0x9f, 0x6f6: 0x9f, 0x6f7: 0x9f,
+	0x6f8: 0x9f, 0x6f9: 0x9f, 0x6fa: 0x9f, 0x6fb: 0x9f, 0x6fc: 0x9f, 0x6fd: 0x9f, 0x6fe: 0x9f, 0x6ff: 0x9f,
+	// Block 0x1c, offset 0x700
+	0x700: 0x9f, 0x701: 0x9f, 0x702: 0x9f, 0x703: 0x9f, 0x704: 0x9f, 0x705: 0x9f, 0x706: 0x9f, 0x707: 0x9f,
+	0x708: 0x9f, 0x709: 0x9f, 0x70a: 0x9f, 0x70b: 0x9f, 0x70c: 0x9f, 0x70d: 0x9f, 0x70e: 0x9f, 0x70f: 0x9f,
+	0x710: 0x9f, 0x711: 0x9f, 0x712: 0x9f, 0x713: 0x9f, 0x714: 0x9f, 0x715: 0x9f, 0x716: 0x9f, 0x717: 0x9f,
+	0x718: 0x9f, 0x719: 0x9f, 0x71a: 0x9f, 0x71b: 0x9f, 0x71c: 0x9f, 0x71d: 0x9f, 0x71e: 0x9f, 0x71f: 0x9f,
+	0x720: 0x9f, 0x721: 0x9f, 0x722: 0x9f, 0x723: 0x9f, 0x724: 0x9f, 0x725: 0x9f, 0x726: 0x9f, 0x727: 0x9f,
+	0x728: 0x9f, 0x729: 0x9f, 0x72a: 0x9f, 0x72b: 0x9f, 0x72c: 0x9f, 0x72d: 0x9f, 0x72e: 0x9f, 0x72f: 0x9f,
+	0x730: 0x9f, 0x731: 0x9f, 0x732: 0x9f, 0x733: 0x9f, 0x734: 0x9f, 0x735: 0x9f, 0x736: 0x9f, 0x737: 0x9f,
+	0x738: 0x9f, 0x739: 0x9f, 0x73a: 0x189, 0x73b: 0x9f, 0x73c: 0x9f, 0x73d: 0x9f, 0x73e: 0x9f, 0x73f: 0x9f,
+	// Block 0x1d, offset 0x740
+	0x740: 0x9f, 0x741: 0x9f, 0x742: 0x9f, 0x743: 0x9f, 0x744: 0x9f, 0x745: 0x9f, 0x746: 0x9f, 0x747: 0x9f,
+	0x748: 0x9f, 0x749: 0x9f, 0x74a: 0x9f, 0x74b: 0x9f, 0x74c: 0x9f, 0x74d: 0x9f, 0x74e: 0x9f, 0x74f: 0x9f,
+	0x750: 0x9f, 0x751: 0x9f, 0x752: 0x9f, 0x753: 0x9f, 0x754: 0x9f, 0x755: 0x9f, 0x756: 0x9f, 0x757: 0x9f,
+	0x758: 0x9f, 0x759: 0x9f, 0x75a: 0x9f, 0x75b: 0x9f, 0x75c: 0x9f, 0x75d: 0x9f, 0x75e: 0x9f, 0x75f: 0x9f,
+	0x760: 0x9f, 0x761: 0x9f, 0x762: 0x9f, 0x763: 0x9f, 0x764: 0x9f, 0x765: 0x9f, 0x766: 0x9f, 0x767: 0x9f,
+	0x768: 0x9f, 0x769: 0x9f, 0x76a: 0x9f, 0x76b: 0x9f, 0x76c: 0x9f, 0x76d: 0x9f, 0x76e: 0x9f, 0x76f: 0x18a,
+	0x770: 0xba, 0x771: 0xba, 0x772: 0xba, 0x773: 0xba, 0x774: 0xba, 0x775: 0xba, 0x776: 0xba, 0x777: 0xba,
+	0x778: 0xba, 0x779: 0xba, 0x77a: 0xba, 0x77b: 0xba, 0x77c: 0xba, 0x77d: 0xba, 0x77e: 0xba, 0x77f: 0xba,
+	// Block 0x1e, offset 0x780
+	0x780: 0xba, 0x781: 0xba, 0x782: 0xba, 0x783: 0xba, 0x784: 0xba, 0x785: 0xba, 0x786: 0xba, 0x787: 0xba,
+	0x788: 0xba, 0x789: 0xba, 0x78a: 0xba, 0x78b: 0xba, 0x78c: 0xba, 0x78d: 0xba, 0x78e: 0xba, 0x78f: 0xba,
+	0x790: 0xba, 0x791: 0xba, 0x792: 0xba, 0x793: 0xba, 0x794: 0xba, 0x795: 0xba, 0x796: 0xba, 0x797: 0xba,
+	0x798: 0xba, 0x799: 0xba, 0x79a: 0xba, 0x79b: 0xba, 0x79c: 0xba, 0x79d: 0xba, 0x79e: 0xba, 0x79f: 0xba,
+	0x7a0: 0x76, 0x7a1: 0x77, 0x7a2: 0x78, 0x7a3: 0x18b, 0x7a4: 0x79, 0x7a5: 0x7a, 0x7a6: 0x18c, 0x7a7: 0x7b,
+	0x7a8: 0x7c, 0x7a9: 0xba, 0x7aa: 0xba, 0x7ab: 0xba, 0x7ac: 0xba, 0x7ad: 0xba, 0x7ae: 0xba, 0x7af: 0xba,
+	0x7b0: 0xba, 0x7b1: 0xba, 0x7b2: 0xba, 0x7b3: 0xba, 0x7b4: 0xba, 0x7b5: 0xba, 0x7b6: 0xba, 0x7b7: 0xba,
+	0x7b8: 0xba, 0x7b9: 0xba, 0x7ba: 0xba, 0x7bb: 0xba, 0x7bc: 0xba, 0x7bd: 0xba, 0x7be: 0xba, 0x7bf: 0xba,
+	// Block 0x1f, offset 0x7c0
+	0x7d0: 0x0d, 0x7d1: 0x0e, 0x7d2: 0x0f, 0x7d3: 0x10, 0x7d4: 0x11, 0x7d5: 0x0b, 0x7d6: 0x12, 0x7d7: 0x07,
+	0x7d8: 0x13, 0x7d9: 0x0b, 0x7da: 0x0b, 0x7db: 0x14, 0x7dc: 0x0b, 0x7dd: 0x15, 0x7de: 0x16, 0x7df: 0x17,
+	0x7e0: 0x07, 0x7e1: 0x07, 0x7e2: 0x07, 0x7e3: 0x07, 0x7e4: 0x07, 0x7e5: 0x07, 0x7e6: 0x07, 0x7e7: 0x07,
+	0x7e8: 0x07, 0x7e9: 0x07, 0x7ea: 0x18, 0x7eb: 0x19, 0x7ec: 0x1a, 0x7ed: 0x07, 0x7ee: 0x1b, 0x7ef: 0x1c,
+	0x7f0: 0x0b, 0x7f1: 0x0b, 0x7f2: 0x0b, 0x7f3: 0x0b, 0x7f4: 0x0b, 0x7f5: 0x0b, 0x7f6: 0x0b, 0x7f7: 0x0b,
+	0x7f8: 0x0b, 0x7f9: 0x0b, 0x7fa: 0x0b, 0x7fb: 0x0b, 0x7fc: 0x0b, 0x7fd: 0x0b, 0x7fe: 0x0b, 0x7ff: 0x0b,
+	// Block 0x20, offset 0x800
+	0x800: 0x0b, 0x801: 0x0b, 0x802: 0x0b, 0x803: 0x0b, 0x804: 0x0b, 0x805: 0x0b, 0x806: 0x0b, 0x807: 0x0b,
+	0x808: 0x0b, 0x809: 0x0b, 0x80a: 0x0b, 0x80b: 0x0b, 0x80c: 0x0b, 0x80d: 0x0b, 0x80e: 0x0b, 0x80f: 0x0b,
+	0x810: 0x0b, 0x811: 0x0b, 0x812: 0x0b, 0x813: 0x0b, 0x814: 0x0b, 0x815: 0x0b, 0x816: 0x0b, 0x817: 0x0b,
+	0x818: 0x0b, 0x819: 0x0b, 0x81a: 0x0b, 0x81b: 0x0b, 0x81c: 0x0b, 0x81d: 0x0b, 0x81e: 0x0b, 0x81f: 0x0b,
+	0x820: 0x0b, 0x821: 0x0b, 0x822: 0x0b, 0x823: 0x0b, 0x824: 0x0b, 0x825: 0x0b, 0x826: 0x0b, 0x827: 0x0b,
+	0x828: 0x0b, 0x829: 0x0b, 0x82a: 0x0b, 0x82b: 0x0b, 0x82c: 0x0b, 0x82d: 0x0b, 0x82e: 0x0b, 0x82f: 0x0b,
+	0x830: 0x0b, 0x831: 0x0b, 0x832: 0x0b, 0x833: 0x0b, 0x834: 0x0b, 0x835: 0x0b, 0x836: 0x0b, 0x837: 0x0b,
+	0x838: 0x0b, 0x839: 0x0b, 0x83a: 0x0b, 0x83b: 0x0b, 0x83c: 0x0b, 0x83d: 0x0b, 0x83e: 0x0b, 0x83f: 0x0b,
+	// Block 0x21, offset 0x840
+	0x840: 0x18d, 0x841: 0x18e, 0x842: 0xba, 0x843: 0xba, 0x844: 0x18f, 0x845: 0x18f, 0x846: 0x18f, 0x847: 0x190,
+	0x848: 0xba, 0x849: 0xba, 0x84a: 0xba, 0x84b: 0xba, 0x84c: 0xba, 0x84d: 0xba, 0x84e: 0xba, 0x84f: 0xba,
+	0x850: 0xba, 0x851: 0xba, 0x852: 0xba, 0x853: 0xba, 0x854: 0xba, 0x855: 0xba, 0x856: 0xba, 0x857: 0xba,
+	0x858: 0xba, 0x859: 0xba, 0x85a: 0xba, 0x85b: 0xba, 0x85c: 0xba, 0x85d: 0xba, 0x85e: 0xba, 0x85f: 0xba,
+	0x860: 0xba, 0x861: 0xba, 0x862: 0xba, 0x863: 0xba, 0x864: 0xba, 0x865: 0xba, 0x866: 0xba, 0x867: 0xba,
+	0x868: 0xba, 0x869: 0xba, 0x86a: 0xba, 0x86b: 0xba, 0x86c: 0xba, 0x86d: 0xba, 0x86e: 0xba, 0x86f: 0xba,
+	0x870: 0xba, 0x871: 0xba, 0x872: 0xba, 0x873: 0xba, 0x874: 0xba, 0x875: 0xba, 0x876: 0xba, 0x877: 0xba,
+	0x878: 0xba, 0x879: 0xba, 0x87a: 0xba, 0x87b: 0xba, 0x87c: 0xba, 0x87d: 0xba, 0x87e: 0xba, 0x87f: 0xba,
+	// Block 0x22, offset 0x880
+	0x880: 0x0b, 0x881: 0x0b, 0x882: 0x0b, 0x883: 0x0b, 0x884: 0x0b, 0x885: 0x0b, 0x886: 0x0b, 0x887: 0x0b,
+	0x888: 0x0b, 0x889: 0x0b, 0x88a: 0x0b, 0x88b: 0x0b, 0x88c: 0x0b, 0x88d: 0x0b, 0x88e: 0x0b, 0x88f: 0x0b,
+	0x890: 0x0b, 0x891: 0x0b, 0x892: 0x0b, 0x893: 0x0b, 0x894: 0x0b, 0x895: 0x0b, 0x896: 0x0b, 0x897: 0x0b,
+	0x898: 0x0b, 0x899: 0x0b, 0x89a: 0x0b, 0x89b: 0x0b, 0x89c: 0x0b, 0x89d: 0x0b, 0x89e: 0x0b, 0x89f: 0x0b,
+	0x8a0: 0x1f, 0x8a1: 0x0b, 0x8a2: 0x0b, 0x8a3: 0x0b, 0x8a4: 0x0b, 0x8a5: 0x0b, 0x8a6: 0x0b, 0x8a7: 0x0b,
+	0x8a8: 0x0b, 0x8a9: 0x0b, 0x8aa: 0x0b, 0x8ab: 0x0b, 0x8ac: 0x0b, 0x8ad: 0x0b, 0x8ae: 0x0b, 0x8af: 0x0b,
+	0x8b0: 0x0b, 0x8b1: 0x0b, 0x8b2: 0x0b, 0x8b3: 0x0b, 0x8b4: 0x0b, 0x8b5: 0x0b, 0x8b6: 0x0b, 0x8b7: 0x0b,
+	0x8b8: 0x0b, 0x8b9: 0x0b, 0x8ba: 0x0b, 0x8bb: 0x0b, 0x8bc: 0x0b, 0x8bd: 0x0b, 0x8be: 0x0b, 0x8bf: 0x0b,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x0b, 0x8c1: 0x0b, 0x8c2: 0x0b, 0x8c3: 0x0b, 0x8c4: 0x0b, 0x8c5: 0x0b, 0x8c6: 0x0b, 0x8c7: 0x0b,
+	0x8c8: 0x0b, 0x8c9: 0x0b, 0x8ca: 0x0b, 0x8cb: 0x0b, 0x8cc: 0x0b, 0x8cd: 0x0b, 0x8ce: 0x0b, 0x8cf: 0x0b,
+}
+
+// idnaSparseOffset: 276 entries, 552 bytes
+var idnaSparseOffset = []uint16{0x0, 0x8, 0x19, 0x25, 0x27, 0x2c, 0x33, 0x3e, 0x4a, 0x4e, 0x5d, 0x62, 0x6c, 0x78, 0x86, 0x8b, 0x94, 0xa4, 0xb2, 0xbe, 0xca, 0xdb, 0xe5, 0xec, 0xf9, 0x10a, 0x111, 0x11c, 0x12b, 0x139, 0x143, 0x145, 0x14a, 0x14d, 0x150, 0x152, 0x15e, 0x169, 0x171, 0x177, 0x17d, 0x182, 0x187, 0x18a, 0x18e, 0x194, 0x199, 0x1a5, 0x1af, 0x1b5, 0x1c6, 0x1d0, 0x1d3, 0x1db, 0x1de, 0x1eb, 0x1f3, 0x1f7, 0x1fe, 0x206, 0x216, 0x222, 0x224, 0x22e, 0x23a, 0x246, 0x252, 0x25a, 0x25f, 0x269, 0x27a, 0x27e, 0x289, 0x28d, 0x296, 0x29e, 0x2a4, 0x2a9, 0x2ac, 0x2b0, 0x2b6, 0x2ba, 0x2be, 0x2c2, 0x2c7, 0x2cd, 0x2d5, 0x2dc, 0x2e7, 0x2f1, 0x2f5, 0x2f8, 0x2fe, 0x302, 0x304, 0x307, 0x309, 0x30c, 0x316, 0x319, 0x328, 0x32c, 0x331, 0x334, 0x338, 0x33d, 0x342, 0x348, 0x34e, 0x35d, 0x363, 0x367, 0x376, 0x37b, 0x383, 0x38d, 0x398, 0x3a0, 0x3b1, 0x3ba, 0x3ca, 0x3d7, 0x3e1, 0x3e6, 0x3f3, 0x3f7, 0x3fc, 0x3fe, 0x402, 0x404, 0x408, 0x411, 0x417, 0x41b, 0x42b, 0x435, 0x43a, 0x43d, 0x443, 0x44a, 0x44f, 0x453, 0x459, 0x45e, 0x467, 0x46c, 0x472, 0x479, 0x480, 0x487, 0x48b, 0x490, 0x493, 0x498, 0x4a4, 0x4aa, 0x4af, 0x4b6, 0x4be, 0x4c3, 0x4c7, 0x4d7, 0x4de, 0x4e2, 0x4e6, 0x4ed, 0x4ef, 0x4f2, 0x4f5, 0x4f9, 0x502, 0x506, 0x50e, 0x516, 0x51c, 0x525, 0x531, 0x538, 0x541, 0x54b, 0x552, 0x560, 0x56d, 0x57a, 0x583, 0x587, 0x596, 0x59e, 0x5a9, 0x5b2, 0x5b8, 0x5c0, 0x5c9, 0x5d3, 0x5d6, 0x5e2, 0x5eb, 0x5ee, 0x5f3, 0x5fe, 0x607, 0x613, 0x616, 0x620, 0x629, 0x635, 0x642, 0x64f, 0x65d, 0x664, 0x667, 0x66c, 0x66f, 0x672, 0x675, 0x67c, 0x683, 0x687, 0x692, 0x695, 0x698, 0x69b, 0x6a1, 0x6a6, 0x6aa, 0x6ad, 0x6b0, 0x6b3, 0x6b6, 0x6b9, 0x6be, 0x6c8, 0x6cb, 0x6cf, 0x6de, 0x6ea, 0x6ee, 0x6f3, 0x6f7, 0x6fc, 0x700, 0x705, 0x70e, 0x719, 0x71f, 0x727, 0x72a, 0x72d, 0x731, 0x735, 0x73b, 0x741, 0x746, 0x749, 0x759, 0x760, 0x763, 0x766, 0x76a, 0x770, 0x775, 0x77a, 0x782, 0x787, 0x78b, 0x78f, 0x792, 0x795, 0x799, 0x79d, 0x7a0, 0x7b0, 0x7c1, 0x7c6, 0x7c8, 0x7ca}
+
+// idnaSparseValues: 1997 entries, 7988 bytes
+var idnaSparseValues = [1997]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0000, lo: 0x07},
+	{value: 0xe105, lo: 0x80, hi: 0x96},
+	{value: 0x0018, lo: 0x97, hi: 0x97},
+	{value: 0xe105, lo: 0x98, hi: 0x9e},
+	{value: 0x001f, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbf},
+	// Block 0x1, offset 0x8
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0xe01d, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0335, lo: 0x83, hi: 0x83},
+	{value: 0x034d, lo: 0x84, hi: 0x84},
+	{value: 0x0365, lo: 0x85, hi: 0x85},
+	{value: 0xe00d, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0xe00d, lo: 0x88, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x89},
+	{value: 0xe00d, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe00d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0x8d},
+	{value: 0xe00d, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0xbf},
+	// Block 0x2, offset 0x19
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x0249, lo: 0xb0, hi: 0xb0},
+	{value: 0x037d, lo: 0xb1, hi: 0xb1},
+	{value: 0x0259, lo: 0xb2, hi: 0xb2},
+	{value: 0x0269, lo: 0xb3, hi: 0xb3},
+	{value: 0x034d, lo: 0xb4, hi: 0xb4},
+	{value: 0x0395, lo: 0xb5, hi: 0xb5},
+	{value: 0xe1bd, lo: 0xb6, hi: 0xb6},
+	{value: 0x0279, lo: 0xb7, hi: 0xb7},
+	{value: 0x0289, lo: 0xb8, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbf},
+	// Block 0x3, offset 0x25
+	{value: 0x0000, lo: 0x01},
+	{value: 0x3308, lo: 0x80, hi: 0xbf},
+	// Block 0x4, offset 0x27
+	{value: 0x0000, lo: 0x04},
+	{value: 0x03f5, lo: 0x80, hi: 0x8f},
+	{value: 0xe105, lo: 0x90, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x5, offset 0x2c
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x0545, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x0008, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x6, offset 0x33
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0401, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0x0018, lo: 0x89, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0xbd},
+	{value: 0x0818, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x7, offset 0x3e
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0818, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x82},
+	{value: 0x0818, lo: 0x83, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x85},
+	{value: 0x0818, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xae},
+	{value: 0x0808, lo: 0xaf, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x8, offset 0x4a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0a08, lo: 0x80, hi: 0x87},
+	{value: 0x0c08, lo: 0x88, hi: 0x99},
+	{value: 0x0a08, lo: 0x9a, hi: 0xbf},
+	// Block 0x9, offset 0x4e
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3308, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0c08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0a08, lo: 0x8e, hi: 0x98},
+	{value: 0x0c08, lo: 0x99, hi: 0x9b},
+	{value: 0x0a08, lo: 0x9c, hi: 0xaa},
+	{value: 0x0c08, lo: 0xab, hi: 0xac},
+	{value: 0x0a08, lo: 0xad, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb1},
+	{value: 0x0a08, lo: 0xb2, hi: 0xb2},
+	{value: 0x0c08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0a08, lo: 0xb5, hi: 0xb7},
+	{value: 0x0c08, lo: 0xb8, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbf},
+	// Block 0xa, offset 0x5d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xb0},
+	{value: 0x0808, lo: 0xb1, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xb, offset 0x62
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0808, lo: 0x80, hi: 0x89},
+	{value: 0x0a08, lo: 0x8a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x0818, lo: 0xbe, hi: 0xbf},
+	// Block 0xc, offset 0x6c
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x99},
+	{value: 0x0808, lo: 0x9a, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa3},
+	{value: 0x0808, lo: 0xa4, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa7},
+	{value: 0x0808, lo: 0xa8, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0818, lo: 0xb0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xd, offset 0x78
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0a08, lo: 0xa0, hi: 0xa9},
+	{value: 0x0c08, lo: 0xaa, hi: 0xac},
+	{value: 0x0808, lo: 0xad, hi: 0xad},
+	{value: 0x0c08, lo: 0xae, hi: 0xae},
+	{value: 0x0a08, lo: 0xaf, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb2},
+	{value: 0x0a08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0a08, lo: 0xb6, hi: 0xb8},
+	{value: 0x0c08, lo: 0xb9, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0xe, offset 0x86
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x92},
+	{value: 0x3308, lo: 0x93, hi: 0xa1},
+	{value: 0x0840, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xbf},
+	// Block 0xf, offset 0x8b
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x10, offset 0x94
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x85},
+	{value: 0x3008, lo: 0x86, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x3008, lo: 0x8a, hi: 0x8c},
+	{value: 0x3b08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x11, offset 0xa4
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x12, offset 0xb2
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xba},
+	{value: 0x3b08, lo: 0xbb, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x13, offset 0xbe
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0040, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x14, offset 0xca
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x89},
+	{value: 0x3b08, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x3008, lo: 0x98, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x15, offset 0xdb
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb2},
+	{value: 0x08f1, lo: 0xb3, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb9},
+	{value: 0x3b08, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0x16, offset 0xe5
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x8e},
+	{value: 0x0018, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0xbf},
+	// Block 0x17, offset 0xec
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0961, lo: 0x9c, hi: 0x9c},
+	{value: 0x0999, lo: 0x9d, hi: 0x9d},
+	{value: 0x0008, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x18, offset 0xf9
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe03d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x19, offset 0x10a
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0xbf},
+	// Block 0x1a, offset 0x111
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x1b, offset 0x11c
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x3008, lo: 0x96, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x3308, lo: 0x9e, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3008, lo: 0xa2, hi: 0xa4},
+	{value: 0x0008, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xbf},
+	// Block 0x1c, offset 0x12b
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x8c},
+	{value: 0x3308, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x3008, lo: 0x9a, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x1d, offset 0x139
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x86},
+	{value: 0x055d, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8c},
+	{value: 0x055d, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbb},
+	{value: 0xe105, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0x1e, offset 0x143
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0018, lo: 0x80, hi: 0xbf},
+	// Block 0x1f, offset 0x145
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa0},
+	{value: 0x2018, lo: 0xa1, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x20, offset 0x14a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa7},
+	{value: 0x2018, lo: 0xa8, hi: 0xbf},
+	// Block 0x21, offset 0x14d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x2018, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0xbf},
+	// Block 0x22, offset 0x150
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0008, lo: 0x80, hi: 0xbf},
+	// Block 0x23, offset 0x152
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x24, offset 0x15e
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x25, offset 0x169
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x26, offset 0x171
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x27, offset 0x177
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x28, offset 0x17d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x29, offset 0x182
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x2a, offset 0x187
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x2b, offset 0x18a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xbf},
+	// Block 0x2c, offset 0x18e
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x2d, offset 0x194
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0x2e, offset 0x199
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x3b08, lo: 0x94, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x2f, offset 0x1a5
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x30, offset 0x1af
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xb3},
+	{value: 0x3340, lo: 0xb4, hi: 0xb5},
+	{value: 0x3008, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x31, offset 0x1b5
+	{value: 0x0000, lo: 0x10},
+	{value: 0x3008, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x91},
+	{value: 0x3b08, lo: 0x92, hi: 0x92},
+	{value: 0x3308, lo: 0x93, hi: 0x93},
+	{value: 0x0018, lo: 0x94, hi: 0x96},
+	{value: 0x0008, lo: 0x97, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x32, offset 0x1c6
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x86},
+	{value: 0x0218, lo: 0x87, hi: 0x87},
+	{value: 0x0018, lo: 0x88, hi: 0x8a},
+	{value: 0x33c0, lo: 0x8b, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0208, lo: 0xa0, hi: 0xbf},
+	// Block 0x33, offset 0x1d0
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0208, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0x34, offset 0x1d3
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0208, lo: 0x87, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xa9},
+	{value: 0x0208, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x35, offset 0x1db
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0x36, offset 0x1de
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x37, offset 0x1eb
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x38, offset 0x1f3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x39, offset 0x1f7
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0028, lo: 0x9a, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xbf},
+	// Block 0x3a, offset 0x1fe
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x3308, lo: 0x97, hi: 0x98},
+	{value: 0x3008, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x3b, offset 0x206
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x94},
+	{value: 0x3008, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3b08, lo: 0xa0, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xac},
+	{value: 0x3008, lo: 0xad, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x3c, offset 0x216
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xbd},
+	{value: 0x3318, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x3d, offset 0x222
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0040, lo: 0x80, hi: 0xbf},
+	// Block 0x3e, offset 0x224
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3008, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbf},
+	// Block 0x3f, offset 0x22e
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x3808, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x40, offset 0x23a
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3808, lo: 0xaa, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xbf},
+	// Block 0x41, offset 0x246
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3008, lo: 0xaa, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3808, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbf},
+	// Block 0x42, offset 0x252
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x3008, lo: 0xa4, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbf},
+	// Block 0x43, offset 0x25a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x44, offset 0x25f
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0e29, lo: 0x80, hi: 0x80},
+	{value: 0x0e41, lo: 0x81, hi: 0x81},
+	{value: 0x0e59, lo: 0x82, hi: 0x82},
+	{value: 0x0e71, lo: 0x83, hi: 0x83},
+	{value: 0x0e89, lo: 0x84, hi: 0x85},
+	{value: 0x0ea1, lo: 0x86, hi: 0x86},
+	{value: 0x0eb9, lo: 0x87, hi: 0x87},
+	{value: 0x057d, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0x45, offset 0x269
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x92},
+	{value: 0x0018, lo: 0x93, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa8},
+	{value: 0x0008, lo: 0xa9, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x46, offset 0x27a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0x47, offset 0x27e
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x87},
+	{value: 0xe045, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0xe045, lo: 0x98, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0xe045, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbf},
+	// Block 0x48, offset 0x289
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x3318, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbf},
+	// Block 0x49, offset 0x28d
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x88},
+	{value: 0x24c1, lo: 0x89, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x4a, offset 0x296
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x24f1, lo: 0xac, hi: 0xac},
+	{value: 0x2529, lo: 0xad, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xae},
+	{value: 0x2579, lo: 0xaf, hi: 0xaf},
+	{value: 0x25b1, lo: 0xb0, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0x4b, offset 0x29e
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x9f},
+	{value: 0x0080, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xad},
+	{value: 0x0080, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x4c, offset 0x2a4
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xa8},
+	{value: 0x09c5, lo: 0xa9, hi: 0xa9},
+	{value: 0x09e5, lo: 0xaa, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xbf},
+	// Block 0x4d, offset 0x2a9
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xbf},
+	// Block 0x4e, offset 0x2ac
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x28c1, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0xbf},
+	// Block 0x4f, offset 0x2b0
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0e66, lo: 0xb4, hi: 0xb4},
+	{value: 0x292a, lo: 0xb5, hi: 0xb5},
+	{value: 0x0e86, lo: 0xb6, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x50, offset 0x2b6
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x9b},
+	{value: 0x2941, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0xbf},
+	// Block 0x51, offset 0x2ba
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x52, offset 0x2be
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0xbf},
+	// Block 0x53, offset 0x2c2
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x54, offset 0x2c7
+	{value: 0x0000, lo: 0x05},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x03f5, lo: 0x90, hi: 0x9f},
+	{value: 0x0ea5, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x55, offset 0x2cd
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x56, offset 0x2d5
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xae},
+	{value: 0xe075, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0x57, offset 0x2dc
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x58, offset 0x2e7
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xbf},
+	// Block 0x59, offset 0x2f1
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x5a, offset 0x2f5
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0xbf},
+	// Block 0x5b, offset 0x2f8
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9e},
+	{value: 0x0edd, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0x5c, offset 0x2fe
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb2},
+	{value: 0x0efd, lo: 0xb3, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x5d, offset 0x302
+	{value: 0x0020, lo: 0x01},
+	{value: 0x0f1d, lo: 0x80, hi: 0xbf},
+	// Block 0x5e, offset 0x304
+	{value: 0x0020, lo: 0x02},
+	{value: 0x171d, lo: 0x80, hi: 0x8f},
+	{value: 0x18fd, lo: 0x90, hi: 0xbf},
+	// Block 0x5f, offset 0x307
+	{value: 0x0020, lo: 0x01},
+	{value: 0x1efd, lo: 0x80, hi: 0xbf},
+	// Block 0x60, offset 0x309
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x61, offset 0x30c
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9a},
+	{value: 0x29e2, lo: 0x9b, hi: 0x9b},
+	{value: 0x2a0a, lo: 0x9c, hi: 0x9c},
+	{value: 0x0008, lo: 0x9d, hi: 0x9e},
+	{value: 0x2a31, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xbf},
+	// Block 0x62, offset 0x316
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbe},
+	{value: 0x2a69, lo: 0xbf, hi: 0xbf},
+	// Block 0x63, offset 0x319
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0040, lo: 0x80, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xb0},
+	{value: 0x2a1d, lo: 0xb1, hi: 0xb1},
+	{value: 0x2a3d, lo: 0xb2, hi: 0xb2},
+	{value: 0x2a5d, lo: 0xb3, hi: 0xb3},
+	{value: 0x2a7d, lo: 0xb4, hi: 0xb4},
+	{value: 0x2a5d, lo: 0xb5, hi: 0xb5},
+	{value: 0x2a9d, lo: 0xb6, hi: 0xb6},
+	{value: 0x2abd, lo: 0xb7, hi: 0xb7},
+	{value: 0x2add, lo: 0xb8, hi: 0xb9},
+	{value: 0x2afd, lo: 0xba, hi: 0xbb},
+	{value: 0x2b1d, lo: 0xbc, hi: 0xbd},
+	{value: 0x2afd, lo: 0xbe, hi: 0xbf},
+	// Block 0x64, offset 0x328
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x65, offset 0x32c
+	{value: 0x0030, lo: 0x04},
+	{value: 0x2aa2, lo: 0x80, hi: 0x9d},
+	{value: 0x305a, lo: 0x9e, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x30a2, lo: 0xa0, hi: 0xbf},
+	// Block 0x66, offset 0x331
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x67, offset 0x334
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x68, offset 0x338
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x69, offset 0x33d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xbf},
+	// Block 0x6a, offset 0x342
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb1},
+	{value: 0x0018, lo: 0xb2, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6b, offset 0x348
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0xb6},
+	{value: 0x0008, lo: 0xb7, hi: 0xb7},
+	{value: 0x2009, lo: 0xb8, hi: 0xb8},
+	{value: 0x6e89, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xbf},
+	// Block 0x6c, offset 0x34e
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x3308, lo: 0x8b, hi: 0x8b},
+	{value: 0x0008, lo: 0x8c, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x6d, offset 0x35d
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0208, lo: 0x80, hi: 0xb1},
+	{value: 0x0108, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6e, offset 0x363
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xbf},
+	// Block 0x6f, offset 0x367
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3008, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xba},
+	{value: 0x0008, lo: 0xbb, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x70, offset 0x376
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x71, offset 0x37b
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x91},
+	{value: 0x3008, lo: 0x92, hi: 0x92},
+	{value: 0x3808, lo: 0x93, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x72, offset 0x383
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb9},
+	{value: 0x3008, lo: 0xba, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbf},
+	// Block 0x73, offset 0x38d
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x74, offset 0x398
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x75, offset 0x3a0
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8c},
+	{value: 0x3008, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0008, lo: 0xbe, hi: 0xbf},
+	// Block 0x76, offset 0x3b1
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x77, offset 0x3ba
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x9a},
+	{value: 0x0008, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3b08, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x78, offset 0x3ca
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x90},
+	{value: 0x0008, lo: 0x91, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x79, offset 0x3d7
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x4465, lo: 0x9c, hi: 0x9c},
+	{value: 0x447d, lo: 0x9d, hi: 0x9d},
+	{value: 0x2971, lo: 0x9e, hi: 0x9e},
+	{value: 0xe06d, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xaf},
+	{value: 0x4495, lo: 0xb0, hi: 0xbf},
+	// Block 0x7a, offset 0x3e1
+	{value: 0x0000, lo: 0x04},
+	{value: 0x44b5, lo: 0x80, hi: 0x8f},
+	{value: 0x44d5, lo: 0x90, hi: 0x9f},
+	{value: 0x44f5, lo: 0xa0, hi: 0xaf},
+	{value: 0x44d5, lo: 0xb0, hi: 0xbf},
+	// Block 0x7b, offset 0x3e6
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3b08, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x7c, offset 0x3f3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x7d, offset 0x3f7
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x7e, offset 0x3fc
+	{value: 0x0020, lo: 0x01},
+	{value: 0x4515, lo: 0x80, hi: 0xbf},
+	// Block 0x7f, offset 0x3fe
+	{value: 0x0020, lo: 0x03},
+	{value: 0x4d15, lo: 0x80, hi: 0x94},
+	{value: 0x4ad5, lo: 0x95, hi: 0x95},
+	{value: 0x4fb5, lo: 0x96, hi: 0xbf},
+	// Block 0x80, offset 0x402
+	{value: 0x0020, lo: 0x01},
+	{value: 0x54f5, lo: 0x80, hi: 0xbf},
+	// Block 0x81, offset 0x404
+	{value: 0x0020, lo: 0x03},
+	{value: 0x5cf5, lo: 0x80, hi: 0x84},
+	{value: 0x5655, lo: 0x85, hi: 0x85},
+	{value: 0x5d95, lo: 0x86, hi: 0xbf},
+	// Block 0x82, offset 0x408
+	{value: 0x0020, lo: 0x08},
+	{value: 0x6b55, lo: 0x80, hi: 0x8f},
+	{value: 0x6d15, lo: 0x90, hi: 0x90},
+	{value: 0x6d55, lo: 0x91, hi: 0xab},
+	{value: 0x6ea1, lo: 0xac, hi: 0xac},
+	{value: 0x70b5, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x70d5, lo: 0xb0, hi: 0xbf},
+	// Block 0x83, offset 0x411
+	{value: 0x0020, lo: 0x05},
+	{value: 0x72d5, lo: 0x80, hi: 0xad},
+	{value: 0x6535, lo: 0xae, hi: 0xae},
+	{value: 0x7895, lo: 0xaf, hi: 0xb5},
+	{value: 0x6f55, lo: 0xb6, hi: 0xb6},
+	{value: 0x7975, lo: 0xb7, hi: 0xbf},
+	// Block 0x84, offset 0x417
+	{value: 0x0028, lo: 0x03},
+	{value: 0x7c21, lo: 0x80, hi: 0x82},
+	{value: 0x7be1, lo: 0x83, hi: 0x83},
+	{value: 0x7c99, lo: 0x84, hi: 0xbf},
+	// Block 0x85, offset 0x41b
+	{value: 0x0038, lo: 0x0f},
+	{value: 0x9db1, lo: 0x80, hi: 0x83},
+	{value: 0x9e59, lo: 0x84, hi: 0x85},
+	{value: 0x9e91, lo: 0x86, hi: 0x87},
+	{value: 0x9ec9, lo: 0x88, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0xa089, lo: 0x92, hi: 0x97},
+	{value: 0xa1a1, lo: 0x98, hi: 0x9c},
+	{value: 0xa281, lo: 0x9d, hi: 0xb3},
+	{value: 0x9d41, lo: 0xb4, hi: 0xb4},
+	{value: 0x9db1, lo: 0xb5, hi: 0xb5},
+	{value: 0xa789, lo: 0xb6, hi: 0xbb},
+	{value: 0xa869, lo: 0xbc, hi: 0xbc},
+	{value: 0xa7f9, lo: 0xbd, hi: 0xbd},
+	{value: 0xa8d9, lo: 0xbe, hi: 0xbf},
+	// Block 0x86, offset 0x42b
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x0008, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x87, offset 0x435
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0x88, offset 0x43a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x89, offset 0x43d
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x8a, offset 0x443
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x8b, offset 0x44a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x8c, offset 0x44f
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x8d, offset 0x453
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x8e, offset 0x459
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xbf},
+	// Block 0x8f, offset 0x45e
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x90, offset 0x467
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x91, offset 0x46c
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0xbf},
+	// Block 0x92, offset 0x472
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x97},
+	{value: 0x8ad5, lo: 0x98, hi: 0x9f},
+	{value: 0x8aed, lo: 0xa0, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xbf},
+	// Block 0x93, offset 0x479
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x8aed, lo: 0xb0, hi: 0xb7},
+	{value: 0x8ad5, lo: 0xb8, hi: 0xbf},
+	// Block 0x94, offset 0x480
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x95, offset 0x487
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x96, offset 0x48b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xae},
+	{value: 0x0018, lo: 0xaf, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x97, offset 0x490
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x98, offset 0x493
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xbf},
+	// Block 0x99, offset 0x498
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0808, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0808, lo: 0x8a, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb6},
+	{value: 0x0808, lo: 0xb7, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbb},
+	{value: 0x0808, lo: 0xbc, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x0808, lo: 0xbf, hi: 0xbf},
+	// Block 0x9a, offset 0x4a4
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x96},
+	{value: 0x0818, lo: 0x97, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb6},
+	{value: 0x0818, lo: 0xb7, hi: 0xbf},
+	// Block 0x9b, offset 0x4aa
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa6},
+	{value: 0x0818, lo: 0xa7, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x9c, offset 0x4af
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xba},
+	{value: 0x0818, lo: 0xbb, hi: 0xbf},
+	// Block 0x9d, offset 0x4b6
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0818, lo: 0x96, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbe},
+	{value: 0x0818, lo: 0xbf, hi: 0xbf},
+	// Block 0x9e, offset 0x4be
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbb},
+	{value: 0x0818, lo: 0xbc, hi: 0xbd},
+	{value: 0x0808, lo: 0xbe, hi: 0xbf},
+	// Block 0x9f, offset 0x4c3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0818, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x0818, lo: 0x92, hi: 0xbf},
+	// Block 0xa0, offset 0x4c7
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0808, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x94},
+	{value: 0x0808, lo: 0x95, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0x98},
+	{value: 0x0808, lo: 0x99, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xa1, offset 0x4d7
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0818, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x0818, lo: 0x90, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xbc},
+	{value: 0x0818, lo: 0xbd, hi: 0xbf},
+	// Block 0xa2, offset 0x4de
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0x9c},
+	{value: 0x0818, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xa3, offset 0x4e2
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb8},
+	{value: 0x0018, lo: 0xb9, hi: 0xbf},
+	// Block 0xa4, offset 0x4e6
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0818, lo: 0x98, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb7},
+	{value: 0x0818, lo: 0xb8, hi: 0xbf},
+	// Block 0xa5, offset 0x4ed
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0808, lo: 0x80, hi: 0xbf},
+	// Block 0xa6, offset 0x4ef
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0808, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0xa7, offset 0x4f2
+	{value: 0x0000, lo: 0x02},
+	{value: 0x03dd, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xa8, offset 0x4f5
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xbf},
+	// Block 0xa9, offset 0x4f9
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0908, lo: 0x80, hi: 0x80},
+	{value: 0x0a08, lo: 0x81, hi: 0xa1},
+	{value: 0x0c08, lo: 0xa2, hi: 0xa2},
+	{value: 0x0a08, lo: 0xa3, hi: 0xa3},
+	{value: 0x3308, lo: 0xa4, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0808, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xaa, offset 0x502
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0818, lo: 0xa0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xab, offset 0x506
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x9c},
+	{value: 0x0818, lo: 0x9d, hi: 0xa6},
+	{value: 0x0808, lo: 0xa7, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0a08, lo: 0xb0, hi: 0xb2},
+	{value: 0x0c08, lo: 0xb3, hi: 0xb3},
+	{value: 0x0a08, lo: 0xb4, hi: 0xbf},
+	// Block 0xac, offset 0x50e
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0a08, lo: 0x80, hi: 0x84},
+	{value: 0x0808, lo: 0x85, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x90},
+	{value: 0x0a18, lo: 0x91, hi: 0x93},
+	{value: 0x0c18, lo: 0x94, hi: 0x94},
+	{value: 0x0818, lo: 0x95, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xad, offset 0x516
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xae, offset 0x51c
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x91},
+	{value: 0x0018, lo: 0x92, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xaf, offset 0x525
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0xb0, offset 0x531
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xb1, offset 0x538
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb2},
+	{value: 0x3b08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xbf},
+	// Block 0xb2, offset 0x541
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x3008, lo: 0x85, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xb3, offset 0x54b
+	{value: 0x0000, lo: 0x06},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xbe},
+	{value: 0x3008, lo: 0xbf, hi: 0xbf},
+	// Block 0xb4, offset 0x552
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xb5, offset 0x560
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3808, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xb6, offset 0x56d
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0008, lo: 0x9f, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xb7, offset 0x57a
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x3308, lo: 0x9f, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa9},
+	{value: 0x3b08, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xb8, offset 0x583
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xb9, offset 0x587
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x84},
+	{value: 0x3008, lo: 0x85, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9d},
+	{value: 0x3308, lo: 0x9e, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xbf},
+	// Block 0xba, offset 0x596
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xbb, offset 0x59e
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x85},
+	{value: 0x0018, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xbc, offset 0x5a9
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xbd, offset 0x5b2
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9b},
+	{value: 0x3308, lo: 0x9c, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0xbe, offset 0x5b8
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xbf, offset 0x5c0
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xc0, offset 0x5c9
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb5},
+	{value: 0x3808, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0xc1, offset 0x5d3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0xbf},
+	// Block 0xc2, offset 0x5d6
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbf},
+	// Block 0xc3, offset 0x5e2
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0xc4, offset 0x5eb
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xbf},
+	// Block 0xc5, offset 0x5ee
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0xc6, offset 0x5f3
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0xc7, offset 0x5fe
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x3b08, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0xbf},
+	// Block 0xc8, offset 0x607
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x89},
+	{value: 0x3308, lo: 0x8a, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x98},
+	{value: 0x3b08, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9c},
+	{value: 0x0008, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xa2},
+	{value: 0x0040, lo: 0xa3, hi: 0xbf},
+	// Block 0xc9, offset 0x613
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xca, offset 0x616
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xcb, offset 0x620
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xbf},
+	// Block 0xcc, offset 0x629
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xa9},
+	{value: 0x3308, lo: 0xaa, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xcd, offset 0x635
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xce, offset 0x642
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xbf},
+	// Block 0xcf, offset 0x64f
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x3008, lo: 0x8a, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x92},
+	{value: 0x3008, lo: 0x93, hi: 0x94},
+	{value: 0x3308, lo: 0x95, hi: 0x95},
+	{value: 0x3008, lo: 0x96, hi: 0x96},
+	{value: 0x3b08, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xbf},
+	// Block 0xd0, offset 0x65d
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xd1, offset 0x664
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xd2, offset 0x667
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xd3, offset 0x66c
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0xbf},
+	// Block 0xd4, offset 0x66f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xbf},
+	// Block 0xd5, offset 0x672
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0xbf},
+	// Block 0xd6, offset 0x675
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xd7, offset 0x67c
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xd8, offset 0x683
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0xd9, offset 0x687
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0xda, offset 0x692
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0xbf},
+	// Block 0xdb, offset 0x695
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0xdc, offset 0x698
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0xbf},
+	// Block 0xdd, offset 0x69b
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3008, lo: 0x91, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xde, offset 0x6a1
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x8e},
+	{value: 0x3308, lo: 0x8f, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xdf, offset 0x6a6
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xbf},
+	// Block 0xe0, offset 0x6aa
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xe1, offset 0x6ad
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xe2, offset 0x6b0
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xbf},
+	// Block 0xe3, offset 0x6b3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xe4, offset 0x6b6
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0xe5, offset 0x6b9
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0xe6, offset 0x6be
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x03c0, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xbf},
+	// Block 0xe7, offset 0x6c8
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xe8, offset 0x6cb
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xbf},
+	// Block 0xe9, offset 0x6cf
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0018, lo: 0x80, hi: 0x9d},
+	{value: 0xb5b9, lo: 0x9e, hi: 0x9e},
+	{value: 0xb601, lo: 0x9f, hi: 0x9f},
+	{value: 0xb649, lo: 0xa0, hi: 0xa0},
+	{value: 0xb6b1, lo: 0xa1, hi: 0xa1},
+	{value: 0xb719, lo: 0xa2, hi: 0xa2},
+	{value: 0xb781, lo: 0xa3, hi: 0xa3},
+	{value: 0xb7e9, lo: 0xa4, hi: 0xa4},
+	{value: 0x3018, lo: 0xa5, hi: 0xa6},
+	{value: 0x3318, lo: 0xa7, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xac},
+	{value: 0x3018, lo: 0xad, hi: 0xb2},
+	{value: 0x0340, lo: 0xb3, hi: 0xba},
+	{value: 0x3318, lo: 0xbb, hi: 0xbf},
+	// Block 0xea, offset 0x6de
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3318, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0x84},
+	{value: 0x3318, lo: 0x85, hi: 0x8b},
+	{value: 0x0018, lo: 0x8c, hi: 0xa9},
+	{value: 0x3318, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xba},
+	{value: 0xb851, lo: 0xbb, hi: 0xbb},
+	{value: 0xb899, lo: 0xbc, hi: 0xbc},
+	{value: 0xb8e1, lo: 0xbd, hi: 0xbd},
+	{value: 0xb949, lo: 0xbe, hi: 0xbe},
+	{value: 0xb9b1, lo: 0xbf, hi: 0xbf},
+	// Block 0xeb, offset 0x6ea
+	{value: 0x0000, lo: 0x03},
+	{value: 0xba19, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xbf},
+	// Block 0xec, offset 0x6ee
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x3318, lo: 0x82, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0xbf},
+	// Block 0xed, offset 0x6f3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0xee, offset 0x6f7
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xef, offset 0x6fc
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0xf0, offset 0x700
+	{value: 0x0000, lo: 0x04},
+	{value: 0x3308, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0xf1, offset 0x705
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x3308, lo: 0xa1, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xf2, offset 0x70e
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa4},
+	{value: 0x0040, lo: 0xa5, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xbf},
+	// Block 0xf3, offset 0x719
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x86},
+	{value: 0x0818, lo: 0x87, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0xf4, offset 0x71f
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0a08, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0818, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xf5, offset 0x727
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xb0},
+	{value: 0x0818, lo: 0xb1, hi: 0xbf},
+	// Block 0xf6, offset 0x72a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0818, lo: 0x80, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xf7, offset 0x72d
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xf8, offset 0x731
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0xf9, offset 0x735
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0xfa, offset 0x73b
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xfb, offset 0x741
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8f},
+	{value: 0xc1c1, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xfc, offset 0x746
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xbf},
+	// Block 0xfd, offset 0x749
+	{value: 0x0000, lo: 0x0f},
+	{value: 0xc7e9, lo: 0x80, hi: 0x80},
+	{value: 0xc839, lo: 0x81, hi: 0x81},
+	{value: 0xc889, lo: 0x82, hi: 0x82},
+	{value: 0xc8d9, lo: 0x83, hi: 0x83},
+	{value: 0xc929, lo: 0x84, hi: 0x84},
+	{value: 0xc979, lo: 0x85, hi: 0x85},
+	{value: 0xc9c9, lo: 0x86, hi: 0x86},
+	{value: 0xca19, lo: 0x87, hi: 0x87},
+	{value: 0xca69, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0xcab9, lo: 0x90, hi: 0x90},
+	{value: 0xcad9, lo: 0x91, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xbf},
+	// Block 0xfe, offset 0x759
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xff, offset 0x760
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x100, offset 0x763
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0xbf},
+	// Block 0x101, offset 0x766
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x102, offset 0x76a
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0x103, offset 0x770
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xbf},
+	// Block 0x104, offset 0x775
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x105, offset 0x77a
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb2},
+	{value: 0x0018, lo: 0xb3, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbf},
+	// Block 0x106, offset 0x782
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xa2},
+	{value: 0x0040, lo: 0xa3, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x107, offset 0x787
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x108, offset 0x78b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xbf},
+	// Block 0x109, offset 0x78f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0x10a, offset 0x792
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x10b, offset 0x795
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x10c, offset 0x799
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x10d, offset 0x79d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x10e, offset 0x7a0
+	{value: 0x0020, lo: 0x0f},
+	{value: 0xdeb9, lo: 0x80, hi: 0x89},
+	{value: 0x8dfd, lo: 0x8a, hi: 0x8a},
+	{value: 0xdff9, lo: 0x8b, hi: 0x9c},
+	{value: 0x8e1d, lo: 0x9d, hi: 0x9d},
+	{value: 0xe239, lo: 0x9e, hi: 0xa2},
+	{value: 0x8e3d, lo: 0xa3, hi: 0xa3},
+	{value: 0xe2d9, lo: 0xa4, hi: 0xab},
+	{value: 0x7ed5, lo: 0xac, hi: 0xac},
+	{value: 0xe3d9, lo: 0xad, hi: 0xaf},
+	{value: 0x8e5d, lo: 0xb0, hi: 0xb0},
+	{value: 0xe439, lo: 0xb1, hi: 0xb6},
+	{value: 0x8e7d, lo: 0xb7, hi: 0xb9},
+	{value: 0xe4f9, lo: 0xba, hi: 0xba},
+	{value: 0x8edd, lo: 0xbb, hi: 0xbb},
+	{value: 0xe519, lo: 0xbc, hi: 0xbf},
+	// Block 0x10f, offset 0x7b0
+	{value: 0x0020, lo: 0x10},
+	{value: 0x937d, lo: 0x80, hi: 0x80},
+	{value: 0xf099, lo: 0x81, hi: 0x86},
+	{value: 0x939d, lo: 0x87, hi: 0x8a},
+	{value: 0xd9f9, lo: 0x8b, hi: 0x8b},
+	{value: 0xf159, lo: 0x8c, hi: 0x96},
+	{value: 0x941d, lo: 0x97, hi: 0x97},
+	{value: 0xf2b9, lo: 0x98, hi: 0xa3},
+	{value: 0x943d, lo: 0xa4, hi: 0xa6},
+	{value: 0xf439, lo: 0xa7, hi: 0xaa},
+	{value: 0x949d, lo: 0xab, hi: 0xab},
+	{value: 0xf4b9, lo: 0xac, hi: 0xac},
+	{value: 0x94bd, lo: 0xad, hi: 0xad},
+	{value: 0xf4d9, lo: 0xae, hi: 0xaf},
+	{value: 0x94dd, lo: 0xb0, hi: 0xb1},
+	{value: 0xf519, lo: 0xb2, hi: 0xbe},
+	{value: 0x2040, lo: 0xbf, hi: 0xbf},
+	// Block 0x110, offset 0x7c1
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0340, lo: 0x81, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x9f},
+	{value: 0x0340, lo: 0xa0, hi: 0xbf},
+	// Block 0x111, offset 0x7c6
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0340, lo: 0x80, hi: 0xbf},
+	// Block 0x112, offset 0x7c8
+	{value: 0x0000, lo: 0x01},
+	{value: 0x33c0, lo: 0x80, hi: 0xbf},
+	// Block 0x113, offset 0x7ca
+	{value: 0x0000, lo: 0x02},
+	{value: 0x33c0, lo: 0x80, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+}
+
+// Total table size 42466 bytes (41KiB); checksum: 355A58A4
diff --git a/vendor/golang.org/x/net/idna/tables12.0.0.go b/vendor/golang.org/x/net/idna/tables12.0.0.go
new file mode 100644
index 0000000000000..ab40f7bcc3b81
--- /dev/null
+++ b/vendor/golang.org/x/net/idna/tables12.0.0.go
@@ -0,0 +1,4734 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+//go:build go1.14 && !go1.16
+// +build go1.14,!go1.16
+
+package idna
+
+// UnicodeVersion is the Unicode version from which the tables in this package are derived.
+const UnicodeVersion = "12.0.0"
+
+var mappings string = "" + // Size: 8178 bytes
+	"\x00\x01 \x03 ̈\x01a\x03 ̄\x012\x013\x03 ́\x03 ̧\x011\x01o\x051⁄4\x051⁄2" +
+	"\x053⁄4\x03i̇\x03l·\x03ʼn\x01s\x03dž\x03ⱥ\x03ⱦ\x01h\x01j\x01r\x01w\x01y" +
+	"\x03 ̆\x03 ̇\x03 ̊\x03 ̨\x03 ̃\x03 ̋\x01l\x01x\x04̈́\x03 ι\x01;\x05 ̈́" +
+	"\x04եւ\x04اٴ\x04وٴ\x04ۇٴ\x04يٴ\x06क़\x06ख़\x06ग़\x06ज़\x06ड़\x06ढ़\x06फ़" +
+	"\x06य़\x06ড়\x06ঢ়\x06য়\x06ਲ਼\x06ਸ਼\x06ਖ਼\x06ਗ਼\x06ਜ਼\x06ਫ਼\x06ଡ଼\x06ଢ଼" +
+	"\x06ํา\x06ໍາ\x06ຫນ\x06ຫມ\x06གྷ\x06ཌྷ\x06དྷ\x06བྷ\x06ཛྷ\x06ཀྵ\x06ཱི\x06ཱུ" +
+	"\x06ྲྀ\x09ྲཱྀ\x06ླྀ\x09ླཱྀ\x06ཱྀ\x06ྒྷ\x06ྜྷ\x06ྡྷ\x06ྦྷ\x06ྫྷ\x06ྐྵ\x02" +
+	"в\x02д\x02о\x02с\x02т\x02ъ\x02ѣ\x02æ\x01b\x01d\x01e\x02ǝ\x01g\x01i\x01k" +
+	"\x01m\x01n\x02ȣ\x01p\x01t\x01u\x02ɐ\x02ɑ\x02ə\x02ɛ\x02ɜ\x02ŋ\x02ɔ\x02ɯ" +
+	"\x01v\x02β\x02γ\x02δ\x02φ\x02χ\x02ρ\x02н\x02ɒ\x01c\x02ɕ\x02ð\x01f\x02ɟ" +
+	"\x02ɡ\x02ɥ\x02ɨ\x02ɩ\x02ɪ\x02ʝ\x02ɭ\x02ʟ\x02ɱ\x02ɰ\x02ɲ\x02ɳ\x02ɴ\x02ɵ" +
+	"\x02ɸ\x02ʂ\x02ʃ\x02ƫ\x02ʉ\x02ʊ\x02ʋ\x02ʌ\x01z\x02ʐ\x02ʑ\x02ʒ\x02θ\x02ss" +
+	"\x02ά\x02έ\x02ή\x02ί\x02ό\x02ύ\x02ώ\x05ἀι\x05ἁι\x05ἂι\x05ἃι\x05ἄι\x05ἅι" +
+	"\x05ἆι\x05ἇι\x05ἠι\x05ἡι\x05ἢι\x05ἣι\x05ἤι\x05ἥι\x05ἦι\x05ἧι\x05ὠι\x05ὡι" +
+	"\x05ὢι\x05ὣι\x05ὤι\x05ὥι\x05ὦι\x05ὧι\x05ὰι\x04αι\x04άι\x05ᾶι\x02ι\x05 ̈͂" +
+	"\x05ὴι\x04ηι\x04ήι\x05ῆι\x05 ̓̀\x05 ̓́\x05 ̓͂\x02ΐ\x05 ̔̀\x05 ̔́\x05 ̔͂" +
+	"\x02ΰ\x05 ̈̀\x01`\x05ὼι\x04ωι\x04ώι\x05ῶι\x06′′\x09′′′\x06‵‵\x09‵‵‵\x02!" +
+	"!\x02??\x02?!\x02!?\x0c′′′′\x010\x014\x015\x016\x017\x018\x019\x01+\x01=" +
+	"\x01(\x01)\x02rs\x02ħ\x02no\x01q\x02sm\x02tm\x02ω\x02å\x02א\x02ב\x02ג" +
+	"\x02ד\x02π\x051⁄7\x051⁄9\x061⁄10\x051⁄3\x052⁄3\x051⁄5\x052⁄5\x053⁄5\x054" +
+	"⁄5\x051⁄6\x055⁄6\x051⁄8\x053⁄8\x055⁄8\x057⁄8\x041⁄\x02ii\x02iv\x02vi" +
+	"\x04viii\x02ix\x02xi\x050⁄3\x06∫∫\x09∫∫∫\x06∮∮\x09∮∮∮\x0210\x0211\x0212" +
+	"\x0213\x0214\x0215\x0216\x0217\x0218\x0219\x0220\x04(10)\x04(11)\x04(12)" +
+	"\x04(13)\x04(14)\x04(15)\x04(16)\x04(17)\x04(18)\x04(19)\x04(20)\x0c∫∫∫∫" +
+	"\x02==\x05⫝̸\x02ɫ\x02ɽ\x02ȿ\x02ɀ\x01.\x04 ゙\x04 ゚\x06より\x06コト\x05(ᄀ)\x05" +
+	"(ᄂ)\x05(ᄃ)\x05(ᄅ)\x05(ᄆ)\x05(ᄇ)\x05(ᄉ)\x05(ᄋ)\x05(ᄌ)\x05(ᄎ)\x05(ᄏ)\x05(ᄐ" +
+	")\x05(ᄑ)\x05(ᄒ)\x05(가)\x05(나)\x05(다)\x05(라)\x05(마)\x05(바)\x05(사)\x05(아)" +
+	"\x05(자)\x05(차)\x05(카)\x05(타)\x05(파)\x05(하)\x05(주)\x08(오전)\x08(오후)\x05(一)" +
+	"\x05(二)\x05(三)\x05(四)\x05(五)\x05(六)\x05(七)\x05(八)\x05(九)\x05(十)\x05(月)" +
+	"\x05(火)\x05(水)\x05(木)\x05(金)\x05(土)\x05(日)\x05(株)\x05(有)\x05(社)\x05(名)" +
+	"\x05(特)\x05(財)\x05(祝)\x05(労)\x05(代)\x05(呼)\x05(学)\x05(監)\x05(企)\x05(資)" +
+	"\x05(協)\x05(祭)\x05(休)\x05(自)\x05(至)\x0221\x0222\x0223\x0224\x0225\x0226" +
+	"\x0227\x0228\x0229\x0230\x0231\x0232\x0233\x0234\x0235\x06참고\x06주의\x0236" +
+	"\x0237\x0238\x0239\x0240\x0241\x0242\x0243\x0244\x0245\x0246\x0247\x0248" +
+	"\x0249\x0250\x041月\x042月\x043月\x044月\x045月\x046月\x047月\x048月\x049月\x0510" +
+	"月\x0511月\x0512月\x02hg\x02ev\x0cアパート\x0cアルファ\x0cアンペア\x09アール\x0cイニング\x09" +
+	"インチ\x09ウォン\x0fエスクード\x0cエーカー\x09オンス\x09オーム\x09カイリ\x0cカラット\x0cカロリー\x09ガロ" +
+	"ン\x09ガンマ\x06ギガ\x09ギニー\x0cキュリー\x0cギルダー\x06キロ\x0fキログラム\x12キロメートル\x0fキロワッ" +
+	"ト\x09グラム\x0fグラムトン\x0fクルゼイロ\x0cクローネ\x09ケース\x09コルナ\x09コーポ\x0cサイクル\x0fサンチ" +
+	"ーム\x0cシリング\x09センチ\x09セント\x09ダース\x06デシ\x06ドル\x06トン\x06ナノ\x09ノット\x09ハイツ" +
+	"\x0fパーセント\x09パーツ\x0cバーレル\x0fピアストル\x09ピクル\x06ピコ\x06ビル\x0fファラッド\x0cフィート" +
+	"\x0fブッシェル\x09フラン\x0fヘクタール\x06ペソ\x09ペニヒ\x09ヘルツ\x09ペンス\x09ページ\x09ベータ\x0cポイ" +
+	"ント\x09ボルト\x06ホン\x09ポンド\x09ホール\x09ホーン\x0cマイクロ\x09マイル\x09マッハ\x09マルク\x0fマ" +
+	"ンション\x0cミクロン\x06ミリ\x0fミリバール\x06メガ\x0cメガトン\x0cメートル\x09ヤード\x09ヤール\x09ユアン" +
+	"\x0cリットル\x06リラ\x09ルピー\x0cルーブル\x06レム\x0fレントゲン\x09ワット\x040点\x041点\x042点" +
+	"\x043点\x044点\x045点\x046点\x047点\x048点\x049点\x0510点\x0511点\x0512点\x0513点" +
+	"\x0514点\x0515点\x0516点\x0517点\x0518点\x0519点\x0520点\x0521点\x0522点\x0523点" +
+	"\x0524点\x02da\x02au\x02ov\x02pc\x02dm\x02iu\x06平成\x06昭和\x06大正\x06明治\x0c株" +
+	"式会社\x02pa\x02na\x02ma\x02ka\x02kb\x02mb\x02gb\x04kcal\x02pf\x02nf\x02m" +
+	"g\x02kg\x02hz\x02ml\x02dl\x02kl\x02fm\x02nm\x02mm\x02cm\x02km\x02m2\x02m" +
+	"3\x05m∕s\x06m∕s2\x07rad∕s\x08rad∕s2\x02ps\x02ns\x02ms\x02pv\x02nv\x02mv" +
+	"\x02kv\x02pw\x02nw\x02mw\x02kw\x02bq\x02cc\x02cd\x06c∕kg\x02db\x02gy\x02" +
+	"ha\x02hp\x02in\x02kk\x02kt\x02lm\x02ln\x02lx\x02ph\x02pr\x02sr\x02sv\x02" +
+	"wb\x05v∕m\x05a∕m\x041日\x042日\x043日\x044日\x045日\x046日\x047日\x048日\x049日" +
+	"\x0510日\x0511日\x0512日\x0513日\x0514日\x0515日\x0516日\x0517日\x0518日\x0519日" +
+	"\x0520日\x0521日\x0522日\x0523日\x0524日\x0525日\x0526日\x0527日\x0528日\x0529日" +
+	"\x0530日\x0531日\x02ь\x02ɦ\x02ɬ\x02ʞ\x02ʇ\x02œ\x04𤋮\x04𢡊\x04𢡄\x04𣏕\x04𥉉" +
+	"\x04𥳐\x04𧻓\x02ff\x02fi\x02fl\x02st\x04մն\x04մե\x04մի\x04վն\x04մխ\x04יִ" +
+	"\x04ײַ\x02ע\x02ה\x02כ\x02ל\x02ם\x02ר\x02ת\x04שׁ\x04שׂ\x06שּׁ\x06שּׂ\x04א" +
+	"ַ\x04אָ\x04אּ\x04בּ\x04גּ\x04דּ\x04הּ\x04וּ\x04זּ\x04טּ\x04יּ\x04ךּ\x04" +
+	"כּ\x04לּ\x04מּ\x04נּ\x04סּ\x04ףּ\x04פּ\x04צּ\x04קּ\x04רּ\x04שּ\x04תּ" +
+	"\x04וֹ\x04בֿ\x04כֿ\x04פֿ\x04אל\x02ٱ\x02ٻ\x02پ\x02ڀ\x02ٺ\x02ٿ\x02ٹ\x02ڤ" +
+	"\x02ڦ\x02ڄ\x02ڃ\x02چ\x02ڇ\x02ڍ\x02ڌ\x02ڎ\x02ڈ\x02ژ\x02ڑ\x02ک\x02گ\x02ڳ" +
+	"\x02ڱ\x02ں\x02ڻ\x02ۀ\x02ہ\x02ھ\x02ے\x02ۓ\x02ڭ\x02ۇ\x02ۆ\x02ۈ\x02ۋ\x02ۅ" +
+	"\x02ۉ\x02ې\x02ى\x04ئا\x04ئە\x04ئو\x04ئۇ\x04ئۆ\x04ئۈ\x04ئې\x04ئى\x02ی\x04" +
+	"ئج\x04ئح\x04ئم\x04ئي\x04بج\x04بح\x04بخ\x04بم\x04بى\x04بي\x04تج\x04تح" +
+	"\x04تخ\x04تم\x04تى\x04تي\x04ثج\x04ثم\x04ثى\x04ثي\x04جح\x04جم\x04حج\x04حم" +
+	"\x04خج\x04خح\x04خم\x04سج\x04سح\x04سخ\x04سم\x04صح\x04صم\x04ضج\x04ضح\x04ضخ" +
+	"\x04ضم\x04طح\x04طم\x04ظم\x04عج\x04عم\x04غج\x04غم\x04فج\x04فح\x04فخ\x04فم" +
+	"\x04فى\x04في\x04قح\x04قم\x04قى\x04قي\x04كا\x04كج\x04كح\x04كخ\x04كل\x04كم" +
+	"\x04كى\x04كي\x04لج\x04لح\x04لخ\x04لم\x04لى\x04لي\x04مج\x04مح\x04مخ\x04مم" +
+	"\x04مى\x04مي\x04نج\x04نح\x04نخ\x04نم\x04نى\x04ني\x04هج\x04هم\x04هى\x04هي" +
+	"\x04يج\x04يح\x04يخ\x04يم\x04يى\x04يي\x04ذٰ\x04رٰ\x04ىٰ\x05 ٌّ\x05 ٍّ\x05" +
+	" َّ\x05 ُّ\x05 ِّ\x05 ّٰ\x04ئر\x04ئز\x04ئن\x04بر\x04بز\x04بن\x04تر\x04تز" +
+	"\x04تن\x04ثر\x04ثز\x04ثن\x04ما\x04نر\x04نز\x04نن\x04ير\x04يز\x04ين\x04ئخ" +
+	"\x04ئه\x04به\x04ته\x04صخ\x04له\x04نه\x04هٰ\x04يه\x04ثه\x04سه\x04شم\x04شه" +
+	"\x06ـَّ\x06ـُّ\x06ـِّ\x04طى\x04طي\x04عى\x04عي\x04غى\x04غي\x04سى\x04سي" +
+	"\x04شى\x04شي\x04حى\x04حي\x04جى\x04جي\x04خى\x04خي\x04صى\x04صي\x04ضى\x04ضي" +
+	"\x04شج\x04شح\x04شخ\x04شر\x04سر\x04صر\x04ضر\x04اً\x06تجم\x06تحج\x06تحم" +
+	"\x06تخم\x06تمج\x06تمح\x06تمخ\x06جمح\x06حمي\x06حمى\x06سحج\x06سجح\x06سجى" +
+	"\x06سمح\x06سمج\x06سمم\x06صحح\x06صمم\x06شحم\x06شجي\x06شمخ\x06شمم\x06ضحى" +
+	"\x06ضخم\x06طمح\x06طمم\x06طمي\x06عجم\x06عمم\x06عمى\x06غمم\x06غمي\x06غمى" +
+	"\x06فخم\x06قمح\x06قمم\x06لحم\x06لحي\x06لحى\x06لجج\x06لخم\x06لمح\x06محج" +
+	"\x06محم\x06محي\x06مجح\x06مجم\x06مخج\x06مخم\x06مجخ\x06همج\x06همم\x06نحم" +
+	"\x06نحى\x06نجم\x06نجى\x06نمي\x06نمى\x06يمم\x06بخي\x06تجي\x06تجى\x06تخي" +
+	"\x06تخى\x06تمي\x06تمى\x06جمي\x06جحى\x06جمى\x06سخى\x06صحي\x06شحي\x06ضحي" +
+	"\x06لجي\x06لمي\x06يحي\x06يجي\x06يمي\x06ممي\x06قمي\x06نحي\x06عمي\x06كمي" +
+	"\x06نجح\x06مخي\x06لجم\x06كمم\x06جحي\x06حجي\x06مجي\x06فمي\x06بحي\x06سخي" +
+	"\x06نجي\x06صلے\x06قلے\x08الله\x08اكبر\x08محمد\x08صلعم\x08رسول\x08عليه" +
+	"\x08وسلم\x06صلى!صلى الله عليه وسلم\x0fجل جلاله\x08ریال\x01,\x01:\x01!" +
+	"\x01?\x01_\x01{\x01}\x01[\x01]\x01#\x01&\x01*\x01-\x01<\x01>\x01\\\x01$" +
+	"\x01%\x01@\x04ـً\x04ـَ\x04ـُ\x04ـِ\x04ـّ\x04ـْ\x02ء\x02آ\x02أ\x02ؤ\x02إ" +
+	"\x02ئ\x02ا\x02ب\x02ة\x02ت\x02ث\x02ج\x02ح\x02خ\x02د\x02ذ\x02ر\x02ز\x02س" +
+	"\x02ش\x02ص\x02ض\x02ط\x02ظ\x02ع\x02غ\x02ف\x02ق\x02ك\x02ل\x02م\x02ن\x02ه" +
+	"\x02و\x02ي\x04لآ\x04لأ\x04لإ\x04لا\x01\x22\x01'\x01/\x01^\x01|\x01~\x02¢" +
+	"\x02£\x02¬\x02¦\x02¥\x08𝅗𝅥\x08𝅘𝅥\x0c𝅘𝅥𝅮\x0c𝅘𝅥𝅯\x0c𝅘𝅥𝅰\x0c𝅘𝅥𝅱\x0c𝅘𝅥𝅲\x08𝆹" +
+	"𝅥\x08𝆺𝅥\x0c𝆹𝅥𝅮\x0c𝆺𝅥𝅮\x0c𝆹𝅥𝅯\x0c𝆺𝅥𝅯\x02ı\x02ȷ\x02α\x02ε\x02ζ\x02η\x02" +
+	"κ\x02λ\x02μ\x02ν\x02ξ\x02ο\x02σ\x02τ\x02υ\x02ψ\x03∇\x03∂\x02ϝ\x02ٮ\x02ڡ" +
+	"\x02ٯ\x020,\x021,\x022,\x023,\x024,\x025,\x026,\x027,\x028,\x029,\x03(a)" +
+	"\x03(b)\x03(c)\x03(d)\x03(e)\x03(f)\x03(g)\x03(h)\x03(i)\x03(j)\x03(k)" +
+	"\x03(l)\x03(m)\x03(n)\x03(o)\x03(p)\x03(q)\x03(r)\x03(s)\x03(t)\x03(u)" +
+	"\x03(v)\x03(w)\x03(x)\x03(y)\x03(z)\x07〔s〕\x02wz\x02hv\x02sd\x03ppv\x02w" +
+	"c\x02mc\x02md\x02mr\x02dj\x06ほか\x06ココ\x03サ\x03手\x03字\x03双\x03デ\x03二\x03多" +
+	"\x03解\x03天\x03交\x03映\x03無\x03料\x03前\x03後\x03再\x03新\x03初\x03終\x03生\x03販" +
+	"\x03声\x03吹\x03演\x03投\x03捕\x03一\x03三\x03遊\x03左\x03中\x03右\x03指\x03走\x03打" +
+	"\x03禁\x03空\x03合\x03満\x03有\x03月\x03申\x03割\x03営\x03配\x09〔本〕\x09〔三〕\x09〔二〕" +
+	"\x09〔安〕\x09〔点〕\x09〔打〕\x09〔盗〕\x09〔勝〕\x09〔敗〕\x03得\x03可\x03丽\x03丸\x03乁\x03你" +
+	"\x03侮\x03侻\x03倂\x03偺\x03備\x03僧\x03像\x03㒞\x03免\x03兔\x03兤\x03具\x03㒹\x03內" +
+	"\x03冗\x03冤\x03仌\x03冬\x03况\x03凵\x03刃\x03㓟\x03刻\x03剆\x03剷\x03㔕\x03勇\x03勉" +
+	"\x03勤\x03勺\x03包\x03匆\x03北\x03卉\x03卑\x03博\x03即\x03卽\x03卿\x03灰\x03及\x03叟" +
+	"\x03叫\x03叱\x03吆\x03咞\x03吸\x03呈\x03周\x03咢\x03哶\x03唐\x03啓\x03啣\x03善\x03喙" +
+	"\x03喫\x03喳\x03嗂\x03圖\x03嘆\x03圗\x03噑\x03噴\x03切\x03壮\x03城\x03埴\x03堍\x03型" +
+	"\x03堲\x03報\x03墬\x03売\x03壷\x03夆\x03夢\x03奢\x03姬\x03娛\x03娧\x03姘\x03婦\x03㛮" +
+	"\x03嬈\x03嬾\x03寃\x03寘\x03寧\x03寳\x03寿\x03将\x03尢\x03㞁\x03屠\x03屮\x03峀\x03岍" +
+	"\x03嵃\x03嵮\x03嵫\x03嵼\x03巡\x03巢\x03㠯\x03巽\x03帨\x03帽\x03幩\x03㡢\x03㡼\x03庰" +
+	"\x03庳\x03庶\x03廊\x03廾\x03舁\x03弢\x03㣇\x03形\x03彫\x03㣣\x03徚\x03忍\x03志\x03忹" +
+	"\x03悁\x03㤺\x03㤜\x03悔\x03惇\x03慈\x03慌\x03慎\x03慺\x03憎\x03憲\x03憤\x03憯\x03懞" +
+	"\x03懲\x03懶\x03成\x03戛\x03扝\x03抱\x03拔\x03捐\x03挽\x03拼\x03捨\x03掃\x03揤\x03搢" +
+	"\x03揅\x03掩\x03㨮\x03摩\x03摾\x03撝\x03摷\x03㩬\x03敏\x03敬\x03旣\x03書\x03晉\x03㬙" +
+	"\x03暑\x03㬈\x03㫤\x03冒\x03冕\x03最\x03暜\x03肭\x03䏙\x03朗\x03望\x03朡\x03杞\x03杓" +
+	"\x03㭉\x03柺\x03枅\x03桒\x03梅\x03梎\x03栟\x03椔\x03㮝\x03楂\x03榣\x03槪\x03檨\x03櫛" +
+	"\x03㰘\x03次\x03歔\x03㱎\x03歲\x03殟\x03殺\x03殻\x03汎\x03沿\x03泍\x03汧\x03洖\x03派" +
+	"\x03海\x03流\x03浩\x03浸\x03涅\x03洴\x03港\x03湮\x03㴳\x03滋\x03滇\x03淹\x03潮\x03濆" +
+	"\x03瀹\x03瀞\x03瀛\x03㶖\x03灊\x03災\x03灷\x03炭\x03煅\x03熜\x03爨\x03爵\x03牐\x03犀" +
+	"\x03犕\x03獺\x03王\x03㺬\x03玥\x03㺸\x03瑇\x03瑜\x03瑱\x03璅\x03瓊\x03㼛\x03甤\x03甾" +
+	"\x03異\x03瘐\x03㿼\x03䀈\x03直\x03眞\x03真\x03睊\x03䀹\x03瞋\x03䁆\x03䂖\x03硎\x03碌" +
+	"\x03磌\x03䃣\x03祖\x03福\x03秫\x03䄯\x03穀\x03穊\x03穏\x03䈂\x03篆\x03築\x03䈧\x03糒" +
+	"\x03䊠\x03糨\x03糣\x03紀\x03絣\x03䌁\x03緇\x03縂\x03繅\x03䌴\x03䍙\x03罺\x03羕\x03翺" +
+	"\x03者\x03聠\x03聰\x03䏕\x03育\x03脃\x03䐋\x03脾\x03媵\x03舄\x03辞\x03䑫\x03芑\x03芋" +
+	"\x03芝\x03劳\x03花\x03芳\x03芽\x03苦\x03若\x03茝\x03荣\x03莭\x03茣\x03莽\x03菧\x03著" +
+	"\x03荓\x03菊\x03菌\x03菜\x03䔫\x03蓱\x03蓳\x03蔖\x03蕤\x03䕝\x03䕡\x03䕫\x03虐\x03虜" +
+	"\x03虧\x03虩\x03蚩\x03蚈\x03蜎\x03蛢\x03蝹\x03蜨\x03蝫\x03螆\x03蟡\x03蠁\x03䗹\x03衠" +
+	"\x03衣\x03裗\x03裞\x03䘵\x03裺\x03㒻\x03䚾\x03䛇\x03誠\x03諭\x03變\x03豕\x03貫\x03賁" +
+	"\x03贛\x03起\x03跋\x03趼\x03跰\x03軔\x03輸\x03邔\x03郱\x03鄑\x03鄛\x03鈸\x03鋗\x03鋘" +
+	"\x03鉼\x03鏹\x03鐕\x03開\x03䦕\x03閷\x03䧦\x03雃\x03嶲\x03霣\x03䩮\x03䩶\x03韠\x03䪲" +
+	"\x03頋\x03頩\x03飢\x03䬳\x03餩\x03馧\x03駂\x03駾\x03䯎\x03鬒\x03鱀\x03鳽\x03䳎\x03䳭" +
+	"\x03鵧\x03䳸\x03麻\x03䵖\x03黹\x03黾\x03鼅\x03鼏\x03鼖\x03鼻"
+
+var xorData string = "" + // Size: 4862 bytes
+	"\x02\x0c\x09\x02\xb0\xec\x02\xad\xd8\x02\xad\xd9\x02\x06\x07\x02\x0f\x12" +
+	"\x02\x0f\x1f\x02\x0f\x1d\x02\x01\x13\x02\x0f\x16\x02\x0f\x0b\x02\x0f3" +
+	"\x02\x0f7\x02\x0f?\x02\x0f/\x02\x0f*\x02\x0c&\x02\x0c*\x02\x0c;\x02\x0c9" +
+	"\x02\x0c%\x02\xab\xed\x02\xab\xe2\x02\xab\xe3\x02\xa9\xe0\x02\xa9\xe1" +
+	"\x02\xa9\xe6\x02\xa3\xcb\x02\xa3\xc8\x02\xa3\xc9\x02\x01#\x02\x01\x08" +
+	"\x02\x0e>\x02\x0e'\x02\x0f\x03\x02\x03\x0d\x02\x03\x09\x02\x03\x17\x02" +
+	"\x03\x0e\x02\x02\x03\x02\x011\x02\x01\x00\x02\x01\x10\x02\x03<\x02\x07" +
+	"\x0d\x02\x02\x0c\x02\x0c0\x02\x01\x03\x02\x01\x01\x02\x01 \x02\x01\x22" +
+	"\x02\x01)\x02\x01\x0a\x02\x01\x0c\x02\x02\x06\x02\x02\x02\x02\x03\x10" +
+	"\x03\x037 \x03\x0b+\x03\x021\x00\x02\x01\x04\x02\x01\x02\x02\x019\x02" +
+	"\x03\x1c\x02\x02$\x03\x80p$\x02\x03:\x02\x03\x0a\x03\xc1r.\x03\xc1r,\x03" +
+	"\xc1r\x02\x02\x02:\x02\x02>\x02\x02,\x02\x02\x10\x02\x02\x00\x03\xc1s<" +
+	"\x03\xc1s*\x03\xc2L$\x03\xc2L;\x02\x09)\x02\x0a\x19\x03\x83\xab\xe3\x03" +
+	"\x83\xab\xf2\x03 4\xe0\x03\x81\xab\xea\x03\x81\xab\xf3\x03 4\xef\x03\x96" +
+	"\xe1\xcd\x03\x84\xe5\xc3\x02\x0d\x11\x03\x8b\xec\xcb\x03\x94\xec\xcf\x03" +
+	"\x9a\xec\xc2\x03\x8b\xec\xdb\x03\x94\xec\xdf\x03\x9a\xec\xd2\x03\x01\x0c" +
+	"!\x03\x01\x0c#\x03ʠ\x9d\x03ʣ\x9c\x03ʢ\x9f\x03ʥ\x9e\x03ʤ\x91\x03ʧ\x90\x03" +
+	"ʦ\x93\x03ʩ\x92\x03ʨ\x95\x03\xca\xf3\xb5\x03\xca\xf0\xb4\x03\xca\xf1\xb7" +
+	"\x03\xca\xf6\xb6\x03\xca\xf7\x89\x03\xca\xf4\x88\x03\xca\xf5\x8b\x03\xca" +
+	"\xfa\x8a\x03\xca\xfb\x8d\x03\xca\xf8\x8c\x03\xca\xf9\x8f\x03\xca\xfe\x8e" +
+	"\x03\xca\xff\x81\x03\xca\xfc\x80\x03\xca\xfd\x83\x03\xca\xe2\x82\x03\xca" +
+	"\xe3\x85\x03\xca\xe0\x84\x03\xca\xe1\x87\x03\xca\xe6\x86\x03\xca\xe7\x99" +
+	"\x03\xca\xe4\x98\x03\xca\xe5\x9b\x03\xca\xea\x9a\x03\xca\xeb\x9d\x03\xca" +
+	"\xe8\x9c\x03ؓ\x89\x03ߔ\x8b\x02\x010\x03\x03\x04\x1e\x03\x04\x15\x12\x03" +
+	"\x0b\x05,\x03\x06\x04\x00\x03\x06\x04)\x03\x06\x044\x03\x06\x04<\x03\x06" +
+	"\x05\x1d\x03\x06\x06\x00\x03\x06\x06\x0a\x03\x06\x06'\x03\x06\x062\x03" +
+	"\x0786\x03\x079/\x03\x079 \x03\x07:\x0e\x03\x07:\x1b\x03\x07:%\x03\x07;/" +
+	"\x03\x07;%\x03\x074\x11\x03\x076\x09\x03\x077*\x03\x070\x01\x03\x070\x0f" +
+	"\x03\x070.\x03\x071\x16\x03\x071\x04\x03\x0710\x03\x072\x18\x03\x072-" +
+	"\x03\x073\x14\x03\x073>\x03\x07'\x09\x03\x07 \x00\x03\x07\x1f\x0b\x03" +
+	"\x07\x18#\x03\x07\x18(\x03\x07\x186\x03\x07\x18\x03\x03\x07\x19\x16\x03" +
+	"\x07\x116\x03\x07\x12'\x03\x07\x13\x10\x03\x07\x0c&\x03\x07\x0c\x08\x03" +
+	"\x07\x0c\x13\x03\x07\x0d\x02\x03\x07\x0d\x1c\x03\x07\x0b5\x03\x07\x0b" +
+	"\x0a\x03\x07\x0b\x01\x03\x07\x0b\x0f\x03\x07\x05\x00\x03\x07\x05\x09\x03" +
+	"\x07\x05\x0b\x03\x07\x07\x01\x03\x07\x07\x08\x03\x07\x00<\x03\x07\x00+" +
+	"\x03\x07\x01)\x03\x07\x01\x1b\x03\x07\x01\x08\x03\x07\x03?\x03\x0445\x03" +
+	"\x044\x08\x03\x0454\x03\x04)/\x03\x04)5\x03\x04+\x05\x03\x04+\x14\x03" +
+	"\x04+ \x03\x04+<\x03\x04*&\x03\x04*\x22\x03\x04&8\x03\x04!\x01\x03\x04!" +
+	"\x22\x03\x04\x11+\x03\x04\x10.\x03\x04\x104\x03\x04\x13=\x03\x04\x12\x04" +
+	"\x03\x04\x12\x0a\x03\x04\x0d\x1d\x03\x04\x0d\x07\x03\x04\x0d \x03\x05<>" +
+	"\x03\x055<\x03\x055!\x03\x055#\x03\x055&\x03\x054\x1d\x03\x054\x02\x03" +
+	"\x054\x07\x03\x0571\x03\x053\x1a\x03\x053\x16\x03\x05.<\x03\x05.\x07\x03" +
+	"\x05):\x03\x05)<\x03\x05)\x0c\x03\x05)\x15\x03\x05+-\x03\x05+5\x03\x05$" +
+	"\x1e\x03\x05$\x14\x03\x05'\x04\x03\x05'\x14\x03\x05&\x02\x03\x05\x226" +
+	"\x03\x05\x22\x0c\x03\x05\x22\x1c\x03\x05\x19\x0a\x03\x05\x1b\x09\x03\x05" +
+	"\x1b\x0c\x03\x05\x14\x07\x03\x05\x16?\x03\x05\x16\x0c\x03\x05\x0c\x05" +
+	"\x03\x05\x0e\x0f\x03\x05\x01\x0e\x03\x05\x00(\x03\x05\x030\x03\x05\x03" +
+	"\x06\x03\x0a==\x03\x0a=1\x03\x0a=,\x03\x0a=\x0c\x03\x0a??\x03\x0a<\x08" +
+	"\x03\x0a9!\x03\x0a9)\x03\x0a97\x03\x0a99\x03\x0a6\x0a\x03\x0a6\x1c\x03" +
+	"\x0a6\x17\x03\x0a7'\x03\x0a78\x03\x0a73\x03\x0a'\x01\x03\x0a'&\x03\x0a" +
+	"\x1f\x0e\x03\x0a\x1f\x03\x03\x0a\x1f3\x03\x0a\x1b/\x03\x0a\x18\x19\x03" +
+	"\x0a\x19\x01\x03\x0a\x16\x14\x03\x0a\x0e\x22\x03\x0a\x0f\x10\x03\x0a\x0f" +
+	"\x02\x03\x0a\x0f \x03\x0a\x0c\x04\x03\x0a\x0b>\x03\x0a\x0b+\x03\x0a\x08/" +
+	"\x03\x0a\x046\x03\x0a\x05\x14\x03\x0a\x00\x04\x03\x0a\x00\x10\x03\x0a" +
+	"\x00\x14\x03\x0b<3\x03\x0b;*\x03\x0b9\x22\x03\x0b9)\x03\x0b97\x03\x0b+" +
+	"\x10\x03\x0b((\x03\x0b&5\x03\x0b$\x1c\x03\x0b$\x12\x03\x0b%\x04\x03\x0b#" +
+	"<\x03\x0b#0\x03\x0b#\x0d\x03\x0b#\x19\x03\x0b!:\x03\x0b!\x1f\x03\x0b!" +
+	"\x00\x03\x0b\x1e5\x03\x0b\x1c\x1d\x03\x0b\x1d-\x03\x0b\x1d(\x03\x0b\x18." +
+	"\x03\x0b\x18 \x03\x0b\x18\x16\x03\x0b\x14\x13\x03\x0b\x15$\x03\x0b\x15" +
+	"\x22\x03\x0b\x12\x1b\x03\x0b\x12\x10\x03\x0b\x132\x03\x0b\x13=\x03\x0b" +
+	"\x12\x18\x03\x0b\x0c&\x03\x0b\x061\x03\x0b\x06:\x03\x0b\x05#\x03\x0b\x05" +
+	"<\x03\x0b\x04\x0b\x03\x0b\x04\x04\x03\x0b\x04\x1b\x03\x0b\x042\x03\x0b" +
+	"\x041\x03\x0b\x03\x03\x03\x0b\x03\x1d\x03\x0b\x03/\x03\x0b\x03+\x03\x0b" +
+	"\x02\x1b\x03\x0b\x02\x00\x03\x0b\x01\x1e\x03\x0b\x01\x08\x03\x0b\x015" +
+	"\x03\x06\x0d9\x03\x06\x0d=\x03\x06\x0d?\x03\x02\x001\x03\x02\x003\x03" +
+	"\x02\x02\x19\x03\x02\x006\x03\x02\x02\x1b\x03\x02\x004\x03\x02\x00<\x03" +
+	"\x02\x02\x0a\x03\x02\x02\x0e\x03\x02\x01\x1a\x03\x02\x01\x07\x03\x02\x01" +
+	"\x05\x03\x02\x01\x0b\x03\x02\x01%\x03\x02\x01\x0c\x03\x02\x01\x04\x03" +
+	"\x02\x01\x1c\x03\x02\x00.\x03\x02\x002\x03\x02\x00>\x03\x02\x00\x12\x03" +
+	"\x02\x00\x16\x03\x02\x011\x03\x02\x013\x03\x02\x02 \x03\x02\x02%\x03\x02" +
+	"\x02$\x03\x02\x028\x03\x02\x02;\x03\x02\x024\x03\x02\x012\x03\x02\x022" +
+	"\x03\x02\x02/\x03\x02\x01,\x03\x02\x01\x13\x03\x02\x01\x16\x03\x02\x01" +
+	"\x11\x03\x02\x01\x1e\x03\x02\x01\x15\x03\x02\x01\x17\x03\x02\x01\x0f\x03" +
+	"\x02\x01\x08\x03\x02\x00?\x03\x02\x03\x07\x03\x02\x03\x0d\x03\x02\x03" +
+	"\x13\x03\x02\x03\x1d\x03\x02\x03\x1f\x03\x02\x00\x03\x03\x02\x00\x0d\x03" +
+	"\x02\x00\x01\x03\x02\x00\x1b\x03\x02\x00\x19\x03\x02\x00\x18\x03\x02\x00" +
+	"\x13\x03\x02\x00/\x03\x07>\x12\x03\x07<\x1f\x03\x07>\x1d\x03\x06\x1d\x0e" +
+	"\x03\x07>\x1c\x03\x07>:\x03\x07>\x13\x03\x04\x12+\x03\x07?\x03\x03\x07>" +
+	"\x02\x03\x06\x224\x03\x06\x1a.\x03\x07<%\x03\x06\x1c\x0b\x03\x0609\x03" +
+	"\x05\x1f\x01\x03\x04'\x08\x03\x93\xfd\xf5\x03\x02\x0d \x03\x02\x0d#\x03" +
+	"\x02\x0d!\x03\x02\x0d&\x03\x02\x0d\x22\x03\x02\x0d/\x03\x02\x0d,\x03\x02" +
+	"\x0d$\x03\x02\x0d'\x03\x02\x0d%\x03\x02\x0d;\x03\x02\x0d=\x03\x02\x0d?" +
+	"\x03\x099.\x03\x08\x0b7\x03\x08\x02\x14\x03\x08\x14\x0d\x03\x08.:\x03" +
+	"\x089'\x03\x0f\x0b\x18\x03\x0f\x1c1\x03\x0f\x17&\x03\x0f9\x1f\x03\x0f0" +
+	"\x0c\x03\x0e\x0a9\x03\x0e\x056\x03\x0e\x1c#\x03\x0f\x13\x0e\x03\x072\x00" +
+	"\x03\x070\x0d\x03\x072\x0b\x03\x06\x11\x18\x03\x070\x10\x03\x06\x0f(\x03" +
+	"\x072\x05\x03\x06\x0f,\x03\x073\x15\x03\x06\x07\x08\x03\x05\x16\x02\x03" +
+	"\x04\x0b \x03\x05:8\x03\x05\x16%\x03\x0a\x0d\x1f\x03\x06\x16\x10\x03\x05" +
+	"\x1d5\x03\x05*;\x03\x05\x16\x1b\x03\x04.-\x03\x06\x1a\x19\x03\x04\x03," +
+	"\x03\x0b87\x03\x04/\x0a\x03\x06\x00,\x03\x04-\x01\x03\x04\x1e-\x03\x06/(" +
+	"\x03\x0a\x0b5\x03\x06\x0e7\x03\x06\x07.\x03\x0597\x03\x0a*%\x03\x0760" +
+	"\x03\x06\x0c;\x03\x05'\x00\x03\x072.\x03\x072\x08\x03\x06=\x01\x03\x06" +
+	"\x05\x1b\x03\x06\x06\x12\x03\x06$=\x03\x06'\x0d\x03\x04\x11\x0f\x03\x076" +
+	",\x03\x06\x07;\x03\x06.,\x03\x86\xf9\xea\x03\x8f\xff\xeb\x02\x092\x02" +
+	"\x095\x02\x094\x02\x09;\x02\x09>\x02\x098\x02\x09*\x02\x09/\x02\x09,\x02" +
+	"\x09%\x02\x09&\x02\x09#\x02\x09 \x02\x08!\x02\x08%\x02\x08$\x02\x08+\x02" +
+	"\x08.\x02\x08*\x02\x08&\x02\x088\x02\x08>\x02\x084\x02\x086\x02\x080\x02" +
+	"\x08\x10\x02\x08\x17\x02\x08\x12\x02\x08\x1d\x02\x08\x1f\x02\x08\x13\x02" +
+	"\x08\x15\x02\x08\x14\x02\x08\x0c\x03\x8b\xfd\xd0\x03\x81\xec\xc6\x03\x87" +
+	"\xe0\x8a\x03-2\xe3\x03\x80\xef\xe4\x03-2\xea\x03\x88\xe6\xeb\x03\x8e\xe6" +
+	"\xe8\x03\x84\xe6\xe9\x03\x97\xe6\xee\x03-2\xf9\x03-2\xf6\x03\x8e\xe3\xad" +
+	"\x03\x80\xe3\x92\x03\x88\xe3\x90\x03\x8e\xe3\x90\x03\x80\xe3\x97\x03\x88" +
+	"\xe3\x95\x03\x88\xfe\xcb\x03\x8e\xfe\xca\x03\x84\xfe\xcd\x03\x91\xef\xc9" +
+	"\x03-2\xc1\x03-2\xc0\x03-2\xcb\x03\x88@\x09\x03\x8e@\x08\x03\x8f\xe0\xf5" +
+	"\x03\x8e\xe6\xf9\x03\x8e\xe0\xfa\x03\x93\xff\xf4\x03\x84\xee\xd3\x03\x0b" +
+	"(\x04\x023 \x03\x0b)\x08\x021;\x02\x01*\x03\x0b#\x10\x03\x0b 0\x03\x0b!" +
+	"\x10\x03\x0b!0\x03\x07\x15\x08\x03\x09?5\x03\x07\x1f\x08\x03\x07\x17\x0b" +
+	"\x03\x09\x1f\x15\x03\x0b\x1c7\x03\x0a+#\x03\x06\x1a\x1b\x03\x06\x1a\x14" +
+	"\x03\x0a\x01\x18\x03\x06#\x1b\x03\x0a2\x0c\x03\x0a\x01\x04\x03\x09#;\x03" +
+	"\x08='\x03\x08\x1a\x0a\x03\x07</\x03\x07:+\x03\x07\x07*\x03\x06&\x1c\x03" +
+	"\x09\x0c\x16\x03\x09\x10\x0e\x03\x08'\x0f\x03\x08+\x09\x03\x074%\x03\x06" +
+	"!3\x03\x06\x03+\x03\x0b\x1e\x19\x03\x0a))\x03\x09\x08\x19\x03\x08,\x05" +
+	"\x03\x07<2\x03\x06\x1c>\x03\x0a\x111\x03\x09\x1b\x09\x03\x073.\x03\x07" +
+	"\x01\x00\x03\x09/,\x03\x07#>\x03\x07\x048\x03\x0a\x1f\x22\x03\x098>\x03" +
+	"\x09\x11\x00\x03\x08/\x17\x03\x06'\x22\x03\x0b\x1a+\x03\x0a\x22\x19\x03" +
+	"\x0a/1\x03\x0974\x03\x09\x0f\x22\x03\x08,\x22\x03\x08?\x14\x03\x07$5\x03" +
+	"\x07<3\x03\x07=*\x03\x07\x13\x18\x03\x068\x0a\x03\x06\x09\x16\x03\x06" +
+	"\x13\x00\x03\x08\x067\x03\x08\x01\x03\x03\x08\x12\x1d\x03\x07+7\x03\x06(" +
+	";\x03\x06\x1c?\x03\x07\x0e\x17\x03\x0a\x06\x1d\x03\x0a\x19\x07\x03\x08" +
+	"\x14$\x03\x07$;\x03\x08,$\x03\x08\x06\x0d\x03\x07\x16\x0a\x03\x06>>\x03" +
+	"\x0a\x06\x12\x03\x0a\x14)\x03\x09\x0d\x1f\x03\x09\x12\x17\x03\x09\x19" +
+	"\x01\x03\x08\x11 \x03\x08\x1d'\x03\x06<\x1a\x03\x0a.\x00\x03\x07'\x18" +
+	"\x03\x0a\x22\x08\x03\x08\x0d\x0a\x03\x08\x13)\x03\x07*)\x03\x06<,\x03" +
+	"\x07\x0b\x1a\x03\x09.\x14\x03\x09\x0d\x1e\x03\x07\x0e#\x03\x0b\x1d'\x03" +
+	"\x0a\x0a8\x03\x09%2\x03\x08+&\x03\x080\x12\x03\x0a)4\x03\x08\x06\x1f\x03" +
+	"\x0b\x1b\x1a\x03\x0a\x1b\x0f\x03\x0b\x1d*\x03\x09\x16$\x03\x090\x11\x03" +
+	"\x08\x11\x08\x03\x0a*(\x03\x0a\x042\x03\x089,\x03\x074'\x03\x07\x0f\x05" +
+	"\x03\x09\x0b\x0a\x03\x07\x1b\x01\x03\x09\x17:\x03\x09.\x0d\x03\x07.\x11" +
+	"\x03\x09+\x15\x03\x080\x13\x03\x0b\x1f\x19\x03\x0a \x11\x03\x0a\x220\x03" +
+	"\x09\x07;\x03\x08\x16\x1c\x03\x07,\x13\x03\x07\x0e/\x03\x06\x221\x03\x0a" +
+	".\x0a\x03\x0a7\x02\x03\x0a\x032\x03\x0a\x1d.\x03\x091\x06\x03\x09\x19:" +
+	"\x03\x08\x02/\x03\x060+\x03\x06\x0f-\x03\x06\x1c\x1f\x03\x06\x1d\x07\x03" +
+	"\x0a,\x11\x03\x09=\x0d\x03\x09\x0b;\x03\x07\x1b/\x03\x0a\x1f:\x03\x09 " +
+	"\x1f\x03\x09.\x10\x03\x094\x0b\x03\x09\x1a1\x03\x08#\x1a\x03\x084\x1d" +
+	"\x03\x08\x01\x1f\x03\x08\x11\x22\x03\x07'8\x03\x07\x1a>\x03\x0757\x03" +
+	"\x06&9\x03\x06+\x11\x03\x0a.\x0b\x03\x0a,>\x03\x0a4#\x03\x08%\x17\x03" +
+	"\x07\x05\x22\x03\x07\x0c\x0b\x03\x0a\x1d+\x03\x0a\x19\x16\x03\x09+\x1f" +
+	"\x03\x09\x08\x0b\x03\x08\x16\x18\x03\x08+\x12\x03\x0b\x1d\x0c\x03\x0a=" +
+	"\x10\x03\x0a\x09\x0d\x03\x0a\x10\x11\x03\x09&0\x03\x08(\x1f\x03\x087\x07" +
+	"\x03\x08\x185\x03\x07'6\x03\x06.\x05\x03\x06=\x04\x03\x06;;\x03\x06\x06," +
+	"\x03\x0b\x18>\x03\x08\x00\x18\x03\x06 \x03\x03\x06<\x00\x03\x09%\x18\x03" +
+	"\x0b\x1c<\x03\x0a%!\x03\x0a\x09\x12\x03\x0a\x16\x02\x03\x090'\x03\x09" +
+	"\x0e=\x03\x08 \x0e\x03\x08>\x03\x03\x074>\x03\x06&?\x03\x06\x19\x09\x03" +
+	"\x06?(\x03\x0a-\x0e\x03\x09:3\x03\x098:\x03\x09\x12\x0b\x03\x09\x1d\x17" +
+	"\x03\x087\x05\x03\x082\x14\x03\x08\x06%\x03\x08\x13\x1f\x03\x06\x06\x0e" +
+	"\x03\x0a\x22<\x03\x09/<\x03\x06>+\x03\x0a'?\x03\x0a\x13\x0c\x03\x09\x10<" +
+	"\x03\x07\x1b=\x03\x0a\x19\x13\x03\x09\x22\x1d\x03\x09\x07\x0d\x03\x08)" +
+	"\x1c\x03\x06=\x1a\x03\x0a/4\x03\x0a7\x11\x03\x0a\x16:\x03\x09?3\x03\x09:" +
+	"/\x03\x09\x05\x0a\x03\x09\x14\x06\x03\x087\x22\x03\x080\x07\x03\x08\x1a" +
+	"\x1f\x03\x07\x04(\x03\x07\x04\x09\x03\x06 %\x03\x06<\x08\x03\x0a+\x14" +
+	"\x03\x09\x1d\x16\x03\x0a70\x03\x08 >\x03\x0857\x03\x070\x0a\x03\x06=\x12" +
+	"\x03\x06\x16%\x03\x06\x1d,\x03\x099#\x03\x09\x10>\x03\x07 \x1e\x03\x08" +
+	"\x0c<\x03\x08\x0b\x18\x03\x08\x15+\x03\x08,:\x03\x08%\x22\x03\x07\x0a$" +
+	"\x03\x0b\x1c=\x03\x07+\x08\x03\x0a/\x05\x03\x0a \x07\x03\x0a\x12'\x03" +
+	"\x09#\x11\x03\x08\x1b\x15\x03\x0a\x06\x01\x03\x09\x1c\x1b\x03\x0922\x03" +
+	"\x07\x14<\x03\x07\x09\x04\x03\x061\x04\x03\x07\x0e\x01\x03\x0a\x13\x18" +
+	"\x03\x0a-\x0c\x03\x0a?\x0d\x03\x0a\x09\x0a\x03\x091&\x03\x0a/\x0b\x03" +
+	"\x08$<\x03\x083\x1d\x03\x08\x0c$\x03\x08\x0d\x07\x03\x08\x0d?\x03\x08" +
+	"\x0e\x14\x03\x065\x0a\x03\x08\x1a#\x03\x08\x16#\x03\x0702\x03\x07\x03" +
+	"\x1a\x03\x06(\x1d\x03\x06+\x1b\x03\x06\x0b\x05\x03\x06\x0b\x17\x03\x06" +
+	"\x0c\x04\x03\x06\x1e\x19\x03\x06+0\x03\x062\x18\x03\x0b\x16\x1e\x03\x0a+" +
+	"\x16\x03\x0a-?\x03\x0a#:\x03\x0a#\x10\x03\x0a%$\x03\x0a>+\x03\x0a01\x03" +
+	"\x0a1\x10\x03\x0a\x099\x03\x0a\x0a\x12\x03\x0a\x19\x1f\x03\x0a\x19\x12" +
+	"\x03\x09*)\x03\x09-\x16\x03\x09.1\x03\x09.2\x03\x09<\x0e\x03\x09> \x03" +
+	"\x093\x12\x03\x09\x0b\x01\x03\x09\x1c2\x03\x09\x11\x1c\x03\x09\x15%\x03" +
+	"\x08,&\x03\x08!\x22\x03\x089(\x03\x08\x0b\x1a\x03\x08\x0d2\x03\x08\x0c" +
+	"\x04\x03\x08\x0c\x06\x03\x08\x0c\x1f\x03\x08\x0c\x0c\x03\x08\x0f\x1f\x03" +
+	"\x08\x0f\x1d\x03\x08\x00\x14\x03\x08\x03\x14\x03\x08\x06\x16\x03\x08\x1e" +
+	"#\x03\x08\x11\x11\x03\x08\x10\x18\x03\x08\x14(\x03\x07)\x1e\x03\x07.1" +
+	"\x03\x07 $\x03\x07 '\x03\x078\x08\x03\x07\x0d0\x03\x07\x0f7\x03\x07\x05#" +
+	"\x03\x07\x05\x1a\x03\x07\x1a7\x03\x07\x1d-\x03\x07\x17\x10\x03\x06)\x1f" +
+	"\x03\x062\x0b\x03\x066\x16\x03\x06\x09\x11\x03\x09(\x1e\x03\x07!5\x03" +
+	"\x0b\x11\x16\x03\x0a/\x04\x03\x0a,\x1a\x03\x0b\x173\x03\x0a,1\x03\x0a/5" +
+	"\x03\x0a\x221\x03\x0a\x22\x0d\x03\x0a?%\x03\x0a<,\x03\x0a?#\x03\x0a>\x19" +
+	"\x03\x0a\x08&\x03\x0a\x0b\x0e\x03\x0a\x0c:\x03\x0a\x0c+\x03\x0a\x03\x22" +
+	"\x03\x0a\x06)\x03\x0a\x11\x10\x03\x0a\x11\x1a\x03\x0a\x17-\x03\x0a\x14(" +
+	"\x03\x09)\x1e\x03\x09/\x09\x03\x09.\x00\x03\x09,\x07\x03\x09/*\x03\x09-9" +
+	"\x03\x09\x228\x03\x09%\x09\x03\x09:\x12\x03\x09;\x1d\x03\x09?\x06\x03" +
+	"\x093%\x03\x096\x05\x03\x096\x08\x03\x097\x02\x03\x09\x07,\x03\x09\x04," +
+	"\x03\x09\x1f\x16\x03\x09\x11\x03\x03\x09\x11\x12\x03\x09\x168\x03\x08*" +
+	"\x05\x03\x08/2\x03\x084:\x03\x08\x22+\x03\x08 0\x03\x08&\x0a\x03\x08;" +
+	"\x10\x03\x08>$\x03\x08>\x18\x03\x0829\x03\x082:\x03\x081,\x03\x081<\x03" +
+	"\x081\x1c\x03\x087#\x03\x087*\x03\x08\x09'\x03\x08\x00\x1d\x03\x08\x05-" +
+	"\x03\x08\x1f4\x03\x08\x1d\x04\x03\x08\x16\x0f\x03\x07*7\x03\x07'!\x03" +
+	"\x07%\x1b\x03\x077\x0c\x03\x07\x0c1\x03\x07\x0c.\x03\x07\x00\x06\x03\x07" +
+	"\x01\x02\x03\x07\x010\x03\x07\x06=\x03\x07\x01\x03\x03\x07\x01\x13\x03" +
+	"\x07\x06\x06\x03\x07\x05\x0a\x03\x07\x1f\x09\x03\x07\x17:\x03\x06*1\x03" +
+	"\x06-\x1d\x03\x06\x223\x03\x062:\x03\x060$\x03\x066\x1e\x03\x064\x12\x03" +
+	"\x0645\x03\x06\x0b\x00\x03\x06\x0b7\x03\x06\x07\x1f\x03\x06\x15\x12\x03" +
+	"\x0c\x05\x0f\x03\x0b+\x0b\x03\x0b+-\x03\x06\x16\x1b\x03\x06\x15\x17\x03" +
+	"\x89\xca\xea\x03\x89\xca\xe8\x03\x0c8\x10\x03\x0c8\x01\x03\x0c8\x0f\x03" +
+	"\x0d8%\x03\x0d8!\x03\x0c8-\x03\x0c8/\x03\x0c8+\x03\x0c87\x03\x0c85\x03" +
+	"\x0c9\x09\x03\x0c9\x0d\x03\x0c9\x0f\x03\x0c9\x0b\x03\xcfu\x0c\x03\xcfu" +
+	"\x0f\x03\xcfu\x0e\x03\xcfu\x09\x03\x0c9\x10\x03\x0d9\x0c\x03\xcf`;\x03" +
+	"\xcf`>\x03\xcf`9\x03\xcf`8\x03\xcf`7\x03\xcf`*\x03\xcf`-\x03\xcf`,\x03" +
+	"\x0d\x1b\x1a\x03\x0d\x1b&\x03\x0c=.\x03\x0c=%\x03\x0c>\x1e\x03\x0c>\x14" +
+	"\x03\x0c?\x06\x03\x0c?\x0b\x03\x0c?\x0c\x03\x0c?\x0d\x03\x0c?\x02\x03" +
+	"\x0c>\x0f\x03\x0c>\x08\x03\x0c>\x09\x03\x0c>,\x03\x0c>\x0c\x03\x0c?\x13" +
+	"\x03\x0c?\x16\x03\x0c?\x15\x03\x0c?\x1c\x03\x0c?\x1f\x03\x0c?\x1d\x03" +
+	"\x0c?\x1a\x03\x0c?\x17\x03\x0c?\x08\x03\x0c?\x09\x03\x0c?\x0e\x03\x0c?" +
+	"\x04\x03\x0c?\x05\x03\x0c<?\x03\x0c=\x00\x03\x0c=\x06\x03\x0c=\x05\x03" +
+	"\x0c=\x0c\x03\x0c=\x0f\x03\x0c=\x0d\x03\x0c=\x0b\x03\x0c=\x07\x03\x0c=" +
+	"\x19\x03\x0c=\x15\x03\x0c=\x11\x03\x0c=1\x03\x0c=3\x03\x0c=0\x03\x0c=>" +
+	"\x03\x0c=2\x03\x0c=6\x03\x0c<\x07\x03\x0c<\x05\x03\x0e:!\x03\x0e:#\x03" +
+	"\x0e8\x09\x03\x0e:&\x03\x0e8\x0b\x03\x0e:$\x03\x0e:,\x03\x0e8\x1a\x03" +
+	"\x0e8\x1e\x03\x0e:*\x03\x0e:7\x03\x0e:5\x03\x0e:;\x03\x0e:\x15\x03\x0e:<" +
+	"\x03\x0e:4\x03\x0e:'\x03\x0e:-\x03\x0e:%\x03\x0e:?\x03\x0e:=\x03\x0e:)" +
+	"\x03\x0e:/\x03\xcfs'\x03\x0d=\x0f\x03\x0d+*\x03\x0d99\x03\x0d9;\x03\x0d9" +
+	"?\x03\x0d)\x0d\x03\x0d(%\x02\x01\x18\x02\x01(\x02\x01\x1e\x03\x0f$!\x03" +
+	"\x0f87\x03\x0f4\x0e\x03\x0f5\x1d\x03\x06'\x03\x03\x0f\x08\x18\x03\x0f" +
+	"\x0d\x1b\x03\x0e2=\x03\x0e;\x08\x03\x0e:\x0b\x03\x0e\x06$\x03\x0e\x0d)" +
+	"\x03\x0e\x16\x1f\x03\x0e\x16\x1b\x03\x0d$\x0a\x03\x05,\x1d\x03\x0d. \x03" +
+	"\x0d.#\x03\x0c(/\x03\x09%\x02\x03\x0d90\x03\x0d\x0e4\x03\x0d\x0d\x0f\x03" +
+	"\x0c#\x00\x03\x0c,\x1e\x03\x0c2\x0e\x03\x0c\x01\x17\x03\x0c\x09:\x03\x0e" +
+	"\x173\x03\x0c\x08\x03\x03\x0c\x11\x07\x03\x0c\x10\x18\x03\x0c\x1f\x1c" +
+	"\x03\x0c\x19\x0e\x03\x0c\x1a\x1f\x03\x0f0>\x03\x0b->\x03\x0b<+\x03\x0b8" +
+	"\x13\x03\x0b\x043\x03\x0b\x14\x03\x03\x0b\x16%\x03\x0d\x22&\x03\x0b\x1a" +
+	"\x1a\x03\x0b\x1a\x04\x03\x0a%9\x03\x0a&2\x03\x0a&0\x03\x0a!\x1a\x03\x0a!" +
+	"7\x03\x0a5\x10\x03\x0a=4\x03\x0a?\x0e\x03\x0a>\x10\x03\x0a\x00 \x03\x0a" +
+	"\x0f:\x03\x0a\x0f9\x03\x0a\x0b\x0a\x03\x0a\x17%\x03\x0a\x1b-\x03\x09-" +
+	"\x1a\x03\x09,4\x03\x09.,\x03\x09)\x09\x03\x096!\x03\x091\x1f\x03\x093" +
+	"\x16\x03\x0c+\x1f\x03\x098 \x03\x098=\x03\x0c(\x1a\x03\x0c(\x16\x03\x09" +
+	"\x0a+\x03\x09\x16\x12\x03\x09\x13\x0e\x03\x09\x153\x03\x08)!\x03\x09\x1a" +
+	"\x01\x03\x09\x18\x01\x03\x08%#\x03\x08>\x22\x03\x08\x05%\x03\x08\x02*" +
+	"\x03\x08\x15;\x03\x08\x1b7\x03\x0f\x07\x1d\x03\x0f\x04\x03\x03\x070\x0c" +
+	"\x03\x07;\x0b\x03\x07\x08\x17\x03\x07\x12\x06\x03\x06/-\x03\x0671\x03" +
+	"\x065+\x03\x06>7\x03\x06\x049\x03\x05+\x1e\x03\x05,\x17\x03\x05 \x1d\x03" +
+	"\x05\x22\x05\x03\x050\x1d"
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// idnaTrie. Total size: 29708 bytes (29.01 KiB). Checksum: c3ecc76d8fffa6e6.
+type idnaTrie struct{}
+
+func newIdnaTrie(i int) *idnaTrie {
+	return &idnaTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *idnaTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 125:
+		return uint16(idnaValues[n<<6+uint32(b)])
+	default:
+		n -= 125
+		return uint16(idnaSparse.lookup(n, b))
+	}
+}
+
+// idnaValues: 127 blocks, 8128 entries, 16256 bytes
+// The third block is the zero block.
+var idnaValues = [8128]uint16{
+	// Block 0x0, offset 0x0
+	0x00: 0x0080, 0x01: 0x0080, 0x02: 0x0080, 0x03: 0x0080, 0x04: 0x0080, 0x05: 0x0080,
+	0x06: 0x0080, 0x07: 0x0080, 0x08: 0x0080, 0x09: 0x0080, 0x0a: 0x0080, 0x0b: 0x0080,
+	0x0c: 0x0080, 0x0d: 0x0080, 0x0e: 0x0080, 0x0f: 0x0080, 0x10: 0x0080, 0x11: 0x0080,
+	0x12: 0x0080, 0x13: 0x0080, 0x14: 0x0080, 0x15: 0x0080, 0x16: 0x0080, 0x17: 0x0080,
+	0x18: 0x0080, 0x19: 0x0080, 0x1a: 0x0080, 0x1b: 0x0080, 0x1c: 0x0080, 0x1d: 0x0080,
+	0x1e: 0x0080, 0x1f: 0x0080, 0x20: 0x0080, 0x21: 0x0080, 0x22: 0x0080, 0x23: 0x0080,
+	0x24: 0x0080, 0x25: 0x0080, 0x26: 0x0080, 0x27: 0x0080, 0x28: 0x0080, 0x29: 0x0080,
+	0x2a: 0x0080, 0x2b: 0x0080, 0x2c: 0x0080, 0x2d: 0x0008, 0x2e: 0x0008, 0x2f: 0x0080,
+	0x30: 0x0008, 0x31: 0x0008, 0x32: 0x0008, 0x33: 0x0008, 0x34: 0x0008, 0x35: 0x0008,
+	0x36: 0x0008, 0x37: 0x0008, 0x38: 0x0008, 0x39: 0x0008, 0x3a: 0x0080, 0x3b: 0x0080,
+	0x3c: 0x0080, 0x3d: 0x0080, 0x3e: 0x0080, 0x3f: 0x0080,
+	// Block 0x1, offset 0x40
+	0x40: 0x0080, 0x41: 0xe105, 0x42: 0xe105, 0x43: 0xe105, 0x44: 0xe105, 0x45: 0xe105,
+	0x46: 0xe105, 0x47: 0xe105, 0x48: 0xe105, 0x49: 0xe105, 0x4a: 0xe105, 0x4b: 0xe105,
+	0x4c: 0xe105, 0x4d: 0xe105, 0x4e: 0xe105, 0x4f: 0xe105, 0x50: 0xe105, 0x51: 0xe105,
+	0x52: 0xe105, 0x53: 0xe105, 0x54: 0xe105, 0x55: 0xe105, 0x56: 0xe105, 0x57: 0xe105,
+	0x58: 0xe105, 0x59: 0xe105, 0x5a: 0xe105, 0x5b: 0x0080, 0x5c: 0x0080, 0x5d: 0x0080,
+	0x5e: 0x0080, 0x5f: 0x0080, 0x60: 0x0080, 0x61: 0x0008, 0x62: 0x0008, 0x63: 0x0008,
+	0x64: 0x0008, 0x65: 0x0008, 0x66: 0x0008, 0x67: 0x0008, 0x68: 0x0008, 0x69: 0x0008,
+	0x6a: 0x0008, 0x6b: 0x0008, 0x6c: 0x0008, 0x6d: 0x0008, 0x6e: 0x0008, 0x6f: 0x0008,
+	0x70: 0x0008, 0x71: 0x0008, 0x72: 0x0008, 0x73: 0x0008, 0x74: 0x0008, 0x75: 0x0008,
+	0x76: 0x0008, 0x77: 0x0008, 0x78: 0x0008, 0x79: 0x0008, 0x7a: 0x0008, 0x7b: 0x0080,
+	0x7c: 0x0080, 0x7d: 0x0080, 0x7e: 0x0080, 0x7f: 0x0080,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x0040, 0xc1: 0x0040, 0xc2: 0x0040, 0xc3: 0x0040, 0xc4: 0x0040, 0xc5: 0x0040,
+	0xc6: 0x0040, 0xc7: 0x0040, 0xc8: 0x0040, 0xc9: 0x0040, 0xca: 0x0040, 0xcb: 0x0040,
+	0xcc: 0x0040, 0xcd: 0x0040, 0xce: 0x0040, 0xcf: 0x0040, 0xd0: 0x0040, 0xd1: 0x0040,
+	0xd2: 0x0040, 0xd3: 0x0040, 0xd4: 0x0040, 0xd5: 0x0040, 0xd6: 0x0040, 0xd7: 0x0040,
+	0xd8: 0x0040, 0xd9: 0x0040, 0xda: 0x0040, 0xdb: 0x0040, 0xdc: 0x0040, 0xdd: 0x0040,
+	0xde: 0x0040, 0xdf: 0x0040, 0xe0: 0x000a, 0xe1: 0x0018, 0xe2: 0x0018, 0xe3: 0x0018,
+	0xe4: 0x0018, 0xe5: 0x0018, 0xe6: 0x0018, 0xe7: 0x0018, 0xe8: 0x001a, 0xe9: 0x0018,
+	0xea: 0x0039, 0xeb: 0x0018, 0xec: 0x0018, 0xed: 0x03c0, 0xee: 0x0018, 0xef: 0x004a,
+	0xf0: 0x0018, 0xf1: 0x0018, 0xf2: 0x0069, 0xf3: 0x0079, 0xf4: 0x008a, 0xf5: 0x0005,
+	0xf6: 0x0018, 0xf7: 0x0008, 0xf8: 0x00aa, 0xf9: 0x00c9, 0xfa: 0x00d9, 0xfb: 0x0018,
+	0xfc: 0x00e9, 0xfd: 0x0119, 0xfe: 0x0149, 0xff: 0x0018,
+	// Block 0x4, offset 0x100
+	0x100: 0xe00d, 0x101: 0x0008, 0x102: 0xe00d, 0x103: 0x0008, 0x104: 0xe00d, 0x105: 0x0008,
+	0x106: 0xe00d, 0x107: 0x0008, 0x108: 0xe00d, 0x109: 0x0008, 0x10a: 0xe00d, 0x10b: 0x0008,
+	0x10c: 0xe00d, 0x10d: 0x0008, 0x10e: 0xe00d, 0x10f: 0x0008, 0x110: 0xe00d, 0x111: 0x0008,
+	0x112: 0xe00d, 0x113: 0x0008, 0x114: 0xe00d, 0x115: 0x0008, 0x116: 0xe00d, 0x117: 0x0008,
+	0x118: 0xe00d, 0x119: 0x0008, 0x11a: 0xe00d, 0x11b: 0x0008, 0x11c: 0xe00d, 0x11d: 0x0008,
+	0x11e: 0xe00d, 0x11f: 0x0008, 0x120: 0xe00d, 0x121: 0x0008, 0x122: 0xe00d, 0x123: 0x0008,
+	0x124: 0xe00d, 0x125: 0x0008, 0x126: 0xe00d, 0x127: 0x0008, 0x128: 0xe00d, 0x129: 0x0008,
+	0x12a: 0xe00d, 0x12b: 0x0008, 0x12c: 0xe00d, 0x12d: 0x0008, 0x12e: 0xe00d, 0x12f: 0x0008,
+	0x130: 0x0179, 0x131: 0x0008, 0x132: 0x0035, 0x133: 0x004d, 0x134: 0xe00d, 0x135: 0x0008,
+	0x136: 0xe00d, 0x137: 0x0008, 0x138: 0x0008, 0x139: 0xe01d, 0x13a: 0x0008, 0x13b: 0xe03d,
+	0x13c: 0x0008, 0x13d: 0xe01d, 0x13e: 0x0008, 0x13f: 0x0199,
+	// Block 0x5, offset 0x140
+	0x140: 0x0199, 0x141: 0xe01d, 0x142: 0x0008, 0x143: 0xe03d, 0x144: 0x0008, 0x145: 0xe01d,
+	0x146: 0x0008, 0x147: 0xe07d, 0x148: 0x0008, 0x149: 0x01b9, 0x14a: 0xe00d, 0x14b: 0x0008,
+	0x14c: 0xe00d, 0x14d: 0x0008, 0x14e: 0xe00d, 0x14f: 0x0008, 0x150: 0xe00d, 0x151: 0x0008,
+	0x152: 0xe00d, 0x153: 0x0008, 0x154: 0xe00d, 0x155: 0x0008, 0x156: 0xe00d, 0x157: 0x0008,
+	0x158: 0xe00d, 0x159: 0x0008, 0x15a: 0xe00d, 0x15b: 0x0008, 0x15c: 0xe00d, 0x15d: 0x0008,
+	0x15e: 0xe00d, 0x15f: 0x0008, 0x160: 0xe00d, 0x161: 0x0008, 0x162: 0xe00d, 0x163: 0x0008,
+	0x164: 0xe00d, 0x165: 0x0008, 0x166: 0xe00d, 0x167: 0x0008, 0x168: 0xe00d, 0x169: 0x0008,
+	0x16a: 0xe00d, 0x16b: 0x0008, 0x16c: 0xe00d, 0x16d: 0x0008, 0x16e: 0xe00d, 0x16f: 0x0008,
+	0x170: 0xe00d, 0x171: 0x0008, 0x172: 0xe00d, 0x173: 0x0008, 0x174: 0xe00d, 0x175: 0x0008,
+	0x176: 0xe00d, 0x177: 0x0008, 0x178: 0x0065, 0x179: 0xe01d, 0x17a: 0x0008, 0x17b: 0xe03d,
+	0x17c: 0x0008, 0x17d: 0xe01d, 0x17e: 0x0008, 0x17f: 0x01d9,
+	// Block 0x6, offset 0x180
+	0x180: 0x0008, 0x181: 0x007d, 0x182: 0xe00d, 0x183: 0x0008, 0x184: 0xe00d, 0x185: 0x0008,
+	0x186: 0x007d, 0x187: 0xe07d, 0x188: 0x0008, 0x189: 0x0095, 0x18a: 0x00ad, 0x18b: 0xe03d,
+	0x18c: 0x0008, 0x18d: 0x0008, 0x18e: 0x00c5, 0x18f: 0x00dd, 0x190: 0x00f5, 0x191: 0xe01d,
+	0x192: 0x0008, 0x193: 0x010d, 0x194: 0x0125, 0x195: 0x0008, 0x196: 0x013d, 0x197: 0x013d,
+	0x198: 0xe00d, 0x199: 0x0008, 0x19a: 0x0008, 0x19b: 0x0008, 0x19c: 0x010d, 0x19d: 0x0155,
+	0x19e: 0x0008, 0x19f: 0x016d, 0x1a0: 0xe00d, 0x1a1: 0x0008, 0x1a2: 0xe00d, 0x1a3: 0x0008,
+	0x1a4: 0xe00d, 0x1a5: 0x0008, 0x1a6: 0x0185, 0x1a7: 0xe07d, 0x1a8: 0x0008, 0x1a9: 0x019d,
+	0x1aa: 0x0008, 0x1ab: 0x0008, 0x1ac: 0xe00d, 0x1ad: 0x0008, 0x1ae: 0x0185, 0x1af: 0xe0fd,
+	0x1b0: 0x0008, 0x1b1: 0x01b5, 0x1b2: 0x01cd, 0x1b3: 0xe03d, 0x1b4: 0x0008, 0x1b5: 0xe01d,
+	0x1b6: 0x0008, 0x1b7: 0x01e5, 0x1b8: 0xe00d, 0x1b9: 0x0008, 0x1ba: 0x0008, 0x1bb: 0x0008,
+	0x1bc: 0xe00d, 0x1bd: 0x0008, 0x1be: 0x0008, 0x1bf: 0x0008,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x0008, 0x1c1: 0x0008, 0x1c2: 0x0008, 0x1c3: 0x0008, 0x1c4: 0x01e9, 0x1c5: 0x01e9,
+	0x1c6: 0x01e9, 0x1c7: 0x01fd, 0x1c8: 0x0215, 0x1c9: 0x022d, 0x1ca: 0x0245, 0x1cb: 0x025d,
+	0x1cc: 0x0275, 0x1cd: 0xe01d, 0x1ce: 0x0008, 0x1cf: 0xe0fd, 0x1d0: 0x0008, 0x1d1: 0xe01d,
+	0x1d2: 0x0008, 0x1d3: 0xe03d, 0x1d4: 0x0008, 0x1d5: 0xe01d, 0x1d6: 0x0008, 0x1d7: 0xe07d,
+	0x1d8: 0x0008, 0x1d9: 0xe01d, 0x1da: 0x0008, 0x1db: 0xe03d, 0x1dc: 0x0008, 0x1dd: 0x0008,
+	0x1de: 0xe00d, 0x1df: 0x0008, 0x1e0: 0xe00d, 0x1e1: 0x0008, 0x1e2: 0xe00d, 0x1e3: 0x0008,
+	0x1e4: 0xe00d, 0x1e5: 0x0008, 0x1e6: 0xe00d, 0x1e7: 0x0008, 0x1e8: 0xe00d, 0x1e9: 0x0008,
+	0x1ea: 0xe00d, 0x1eb: 0x0008, 0x1ec: 0xe00d, 0x1ed: 0x0008, 0x1ee: 0xe00d, 0x1ef: 0x0008,
+	0x1f0: 0x0008, 0x1f1: 0x028d, 0x1f2: 0x02a5, 0x1f3: 0x02bd, 0x1f4: 0xe00d, 0x1f5: 0x0008,
+	0x1f6: 0x02d5, 0x1f7: 0x02ed, 0x1f8: 0xe00d, 0x1f9: 0x0008, 0x1fa: 0xe00d, 0x1fb: 0x0008,
+	0x1fc: 0xe00d, 0x1fd: 0x0008, 0x1fe: 0xe00d, 0x1ff: 0x0008,
+	// Block 0x8, offset 0x200
+	0x200: 0xe00d, 0x201: 0x0008, 0x202: 0xe00d, 0x203: 0x0008, 0x204: 0xe00d, 0x205: 0x0008,
+	0x206: 0xe00d, 0x207: 0x0008, 0x208: 0xe00d, 0x209: 0x0008, 0x20a: 0xe00d, 0x20b: 0x0008,
+	0x20c: 0xe00d, 0x20d: 0x0008, 0x20e: 0xe00d, 0x20f: 0x0008, 0x210: 0xe00d, 0x211: 0x0008,
+	0x212: 0xe00d, 0x213: 0x0008, 0x214: 0xe00d, 0x215: 0x0008, 0x216: 0xe00d, 0x217: 0x0008,
+	0x218: 0xe00d, 0x219: 0x0008, 0x21a: 0xe00d, 0x21b: 0x0008, 0x21c: 0xe00d, 0x21d: 0x0008,
+	0x21e: 0xe00d, 0x21f: 0x0008, 0x220: 0x0305, 0x221: 0x0008, 0x222: 0xe00d, 0x223: 0x0008,
+	0x224: 0xe00d, 0x225: 0x0008, 0x226: 0xe00d, 0x227: 0x0008, 0x228: 0xe00d, 0x229: 0x0008,
+	0x22a: 0xe00d, 0x22b: 0x0008, 0x22c: 0xe00d, 0x22d: 0x0008, 0x22e: 0xe00d, 0x22f: 0x0008,
+	0x230: 0xe00d, 0x231: 0x0008, 0x232: 0xe00d, 0x233: 0x0008, 0x234: 0x0008, 0x235: 0x0008,
+	0x236: 0x0008, 0x237: 0x0008, 0x238: 0x0008, 0x239: 0x0008, 0x23a: 0x0209, 0x23b: 0xe03d,
+	0x23c: 0x0008, 0x23d: 0x031d, 0x23e: 0x0229, 0x23f: 0x0008,
+	// Block 0x9, offset 0x240
+	0x240: 0x0008, 0x241: 0x0008, 0x242: 0x0018, 0x243: 0x0018, 0x244: 0x0018, 0x245: 0x0018,
+	0x246: 0x0008, 0x247: 0x0008, 0x248: 0x0008, 0x249: 0x0008, 0x24a: 0x0008, 0x24b: 0x0008,
+	0x24c: 0x0008, 0x24d: 0x0008, 0x24e: 0x0008, 0x24f: 0x0008, 0x250: 0x0008, 0x251: 0x0008,
+	0x252: 0x0018, 0x253: 0x0018, 0x254: 0x0018, 0x255: 0x0018, 0x256: 0x0018, 0x257: 0x0018,
+	0x258: 0x029a, 0x259: 0x02ba, 0x25a: 0x02da, 0x25b: 0x02fa, 0x25c: 0x031a, 0x25d: 0x033a,
+	0x25e: 0x0018, 0x25f: 0x0018, 0x260: 0x03ad, 0x261: 0x0359, 0x262: 0x01d9, 0x263: 0x0369,
+	0x264: 0x03c5, 0x265: 0x0018, 0x266: 0x0018, 0x267: 0x0018, 0x268: 0x0018, 0x269: 0x0018,
+	0x26a: 0x0018, 0x26b: 0x0018, 0x26c: 0x0008, 0x26d: 0x0018, 0x26e: 0x0008, 0x26f: 0x0018,
+	0x270: 0x0018, 0x271: 0x0018, 0x272: 0x0018, 0x273: 0x0018, 0x274: 0x0018, 0x275: 0x0018,
+	0x276: 0x0018, 0x277: 0x0018, 0x278: 0x0018, 0x279: 0x0018, 0x27a: 0x0018, 0x27b: 0x0018,
+	0x27c: 0x0018, 0x27d: 0x0018, 0x27e: 0x0018, 0x27f: 0x0018,
+	// Block 0xa, offset 0x280
+	0x280: 0x03dd, 0x281: 0x03dd, 0x282: 0x3308, 0x283: 0x03f5, 0x284: 0x0379, 0x285: 0x040d,
+	0x286: 0x3308, 0x287: 0x3308, 0x288: 0x3308, 0x289: 0x3308, 0x28a: 0x3308, 0x28b: 0x3308,
+	0x28c: 0x3308, 0x28d: 0x3308, 0x28e: 0x3308, 0x28f: 0x33c0, 0x290: 0x3308, 0x291: 0x3308,
+	0x292: 0x3308, 0x293: 0x3308, 0x294: 0x3308, 0x295: 0x3308, 0x296: 0x3308, 0x297: 0x3308,
+	0x298: 0x3308, 0x299: 0x3308, 0x29a: 0x3308, 0x29b: 0x3308, 0x29c: 0x3308, 0x29d: 0x3308,
+	0x29e: 0x3308, 0x29f: 0x3308, 0x2a0: 0x3308, 0x2a1: 0x3308, 0x2a2: 0x3308, 0x2a3: 0x3308,
+	0x2a4: 0x3308, 0x2a5: 0x3308, 0x2a6: 0x3308, 0x2a7: 0x3308, 0x2a8: 0x3308, 0x2a9: 0x3308,
+	0x2aa: 0x3308, 0x2ab: 0x3308, 0x2ac: 0x3308, 0x2ad: 0x3308, 0x2ae: 0x3308, 0x2af: 0x3308,
+	0x2b0: 0xe00d, 0x2b1: 0x0008, 0x2b2: 0xe00d, 0x2b3: 0x0008, 0x2b4: 0x0425, 0x2b5: 0x0008,
+	0x2b6: 0xe00d, 0x2b7: 0x0008, 0x2b8: 0x0040, 0x2b9: 0x0040, 0x2ba: 0x03a2, 0x2bb: 0x0008,
+	0x2bc: 0x0008, 0x2bd: 0x0008, 0x2be: 0x03c2, 0x2bf: 0x043d,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x0040, 0x2c1: 0x0040, 0x2c2: 0x0040, 0x2c3: 0x0040, 0x2c4: 0x008a, 0x2c5: 0x03d2,
+	0x2c6: 0xe155, 0x2c7: 0x0455, 0x2c8: 0xe12d, 0x2c9: 0xe13d, 0x2ca: 0xe12d, 0x2cb: 0x0040,
+	0x2cc: 0x03dd, 0x2cd: 0x0040, 0x2ce: 0x046d, 0x2cf: 0x0485, 0x2d0: 0x0008, 0x2d1: 0xe105,
+	0x2d2: 0xe105, 0x2d3: 0xe105, 0x2d4: 0xe105, 0x2d5: 0xe105, 0x2d6: 0xe105, 0x2d7: 0xe105,
+	0x2d8: 0xe105, 0x2d9: 0xe105, 0x2da: 0xe105, 0x2db: 0xe105, 0x2dc: 0xe105, 0x2dd: 0xe105,
+	0x2de: 0xe105, 0x2df: 0xe105, 0x2e0: 0x049d, 0x2e1: 0x049d, 0x2e2: 0x0040, 0x2e3: 0x049d,
+	0x2e4: 0x049d, 0x2e5: 0x049d, 0x2e6: 0x049d, 0x2e7: 0x049d, 0x2e8: 0x049d, 0x2e9: 0x049d,
+	0x2ea: 0x049d, 0x2eb: 0x049d, 0x2ec: 0x0008, 0x2ed: 0x0008, 0x2ee: 0x0008, 0x2ef: 0x0008,
+	0x2f0: 0x0008, 0x2f1: 0x0008, 0x2f2: 0x0008, 0x2f3: 0x0008, 0x2f4: 0x0008, 0x2f5: 0x0008,
+	0x2f6: 0x0008, 0x2f7: 0x0008, 0x2f8: 0x0008, 0x2f9: 0x0008, 0x2fa: 0x0008, 0x2fb: 0x0008,
+	0x2fc: 0x0008, 0x2fd: 0x0008, 0x2fe: 0x0008, 0x2ff: 0x0008,
+	// Block 0xc, offset 0x300
+	0x300: 0x0008, 0x301: 0x0008, 0x302: 0xe00f, 0x303: 0x0008, 0x304: 0x0008, 0x305: 0x0008,
+	0x306: 0x0008, 0x307: 0x0008, 0x308: 0x0008, 0x309: 0x0008, 0x30a: 0x0008, 0x30b: 0x0008,
+	0x30c: 0x0008, 0x30d: 0x0008, 0x30e: 0x0008, 0x30f: 0xe0c5, 0x310: 0x04b5, 0x311: 0x04cd,
+	0x312: 0xe0bd, 0x313: 0xe0f5, 0x314: 0xe0fd, 0x315: 0xe09d, 0x316: 0xe0b5, 0x317: 0x0008,
+	0x318: 0xe00d, 0x319: 0x0008, 0x31a: 0xe00d, 0x31b: 0x0008, 0x31c: 0xe00d, 0x31d: 0x0008,
+	0x31e: 0xe00d, 0x31f: 0x0008, 0x320: 0xe00d, 0x321: 0x0008, 0x322: 0xe00d, 0x323: 0x0008,
+	0x324: 0xe00d, 0x325: 0x0008, 0x326: 0xe00d, 0x327: 0x0008, 0x328: 0xe00d, 0x329: 0x0008,
+	0x32a: 0xe00d, 0x32b: 0x0008, 0x32c: 0xe00d, 0x32d: 0x0008, 0x32e: 0xe00d, 0x32f: 0x0008,
+	0x330: 0x04e5, 0x331: 0xe185, 0x332: 0xe18d, 0x333: 0x0008, 0x334: 0x04fd, 0x335: 0x03dd,
+	0x336: 0x0018, 0x337: 0xe07d, 0x338: 0x0008, 0x339: 0xe1d5, 0x33a: 0xe00d, 0x33b: 0x0008,
+	0x33c: 0x0008, 0x33d: 0x0515, 0x33e: 0x052d, 0x33f: 0x052d,
+	// Block 0xd, offset 0x340
+	0x340: 0x0008, 0x341: 0x0008, 0x342: 0x0008, 0x343: 0x0008, 0x344: 0x0008, 0x345: 0x0008,
+	0x346: 0x0008, 0x347: 0x0008, 0x348: 0x0008, 0x349: 0x0008, 0x34a: 0x0008, 0x34b: 0x0008,
+	0x34c: 0x0008, 0x34d: 0x0008, 0x34e: 0x0008, 0x34f: 0x0008, 0x350: 0x0008, 0x351: 0x0008,
+	0x352: 0x0008, 0x353: 0x0008, 0x354: 0x0008, 0x355: 0x0008, 0x356: 0x0008, 0x357: 0x0008,
+	0x358: 0x0008, 0x359: 0x0008, 0x35a: 0x0008, 0x35b: 0x0008, 0x35c: 0x0008, 0x35d: 0x0008,
+	0x35e: 0x0008, 0x35f: 0x0008, 0x360: 0xe00d, 0x361: 0x0008, 0x362: 0xe00d, 0x363: 0x0008,
+	0x364: 0xe00d, 0x365: 0x0008, 0x366: 0xe00d, 0x367: 0x0008, 0x368: 0xe00d, 0x369: 0x0008,
+	0x36a: 0xe00d, 0x36b: 0x0008, 0x36c: 0xe00d, 0x36d: 0x0008, 0x36e: 0xe00d, 0x36f: 0x0008,
+	0x370: 0xe00d, 0x371: 0x0008, 0x372: 0xe00d, 0x373: 0x0008, 0x374: 0xe00d, 0x375: 0x0008,
+	0x376: 0xe00d, 0x377: 0x0008, 0x378: 0xe00d, 0x379: 0x0008, 0x37a: 0xe00d, 0x37b: 0x0008,
+	0x37c: 0xe00d, 0x37d: 0x0008, 0x37e: 0xe00d, 0x37f: 0x0008,
+	// Block 0xe, offset 0x380
+	0x380: 0xe00d, 0x381: 0x0008, 0x382: 0x0018, 0x383: 0x3308, 0x384: 0x3308, 0x385: 0x3308,
+	0x386: 0x3308, 0x387: 0x3308, 0x388: 0x3318, 0x389: 0x3318, 0x38a: 0xe00d, 0x38b: 0x0008,
+	0x38c: 0xe00d, 0x38d: 0x0008, 0x38e: 0xe00d, 0x38f: 0x0008, 0x390: 0xe00d, 0x391: 0x0008,
+	0x392: 0xe00d, 0x393: 0x0008, 0x394: 0xe00d, 0x395: 0x0008, 0x396: 0xe00d, 0x397: 0x0008,
+	0x398: 0xe00d, 0x399: 0x0008, 0x39a: 0xe00d, 0x39b: 0x0008, 0x39c: 0xe00d, 0x39d: 0x0008,
+	0x39e: 0xe00d, 0x39f: 0x0008, 0x3a0: 0xe00d, 0x3a1: 0x0008, 0x3a2: 0xe00d, 0x3a3: 0x0008,
+	0x3a4: 0xe00d, 0x3a5: 0x0008, 0x3a6: 0xe00d, 0x3a7: 0x0008, 0x3a8: 0xe00d, 0x3a9: 0x0008,
+	0x3aa: 0xe00d, 0x3ab: 0x0008, 0x3ac: 0xe00d, 0x3ad: 0x0008, 0x3ae: 0xe00d, 0x3af: 0x0008,
+	0x3b0: 0xe00d, 0x3b1: 0x0008, 0x3b2: 0xe00d, 0x3b3: 0x0008, 0x3b4: 0xe00d, 0x3b5: 0x0008,
+	0x3b6: 0xe00d, 0x3b7: 0x0008, 0x3b8: 0xe00d, 0x3b9: 0x0008, 0x3ba: 0xe00d, 0x3bb: 0x0008,
+	0x3bc: 0xe00d, 0x3bd: 0x0008, 0x3be: 0xe00d, 0x3bf: 0x0008,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x0040, 0x3c1: 0xe01d, 0x3c2: 0x0008, 0x3c3: 0xe03d, 0x3c4: 0x0008, 0x3c5: 0xe01d,
+	0x3c6: 0x0008, 0x3c7: 0xe07d, 0x3c8: 0x0008, 0x3c9: 0xe01d, 0x3ca: 0x0008, 0x3cb: 0xe03d,
+	0x3cc: 0x0008, 0x3cd: 0xe01d, 0x3ce: 0x0008, 0x3cf: 0x0008, 0x3d0: 0xe00d, 0x3d1: 0x0008,
+	0x3d2: 0xe00d, 0x3d3: 0x0008, 0x3d4: 0xe00d, 0x3d5: 0x0008, 0x3d6: 0xe00d, 0x3d7: 0x0008,
+	0x3d8: 0xe00d, 0x3d9: 0x0008, 0x3da: 0xe00d, 0x3db: 0x0008, 0x3dc: 0xe00d, 0x3dd: 0x0008,
+	0x3de: 0xe00d, 0x3df: 0x0008, 0x3e0: 0xe00d, 0x3e1: 0x0008, 0x3e2: 0xe00d, 0x3e3: 0x0008,
+	0x3e4: 0xe00d, 0x3e5: 0x0008, 0x3e6: 0xe00d, 0x3e7: 0x0008, 0x3e8: 0xe00d, 0x3e9: 0x0008,
+	0x3ea: 0xe00d, 0x3eb: 0x0008, 0x3ec: 0xe00d, 0x3ed: 0x0008, 0x3ee: 0xe00d, 0x3ef: 0x0008,
+	0x3f0: 0xe00d, 0x3f1: 0x0008, 0x3f2: 0xe00d, 0x3f3: 0x0008, 0x3f4: 0xe00d, 0x3f5: 0x0008,
+	0x3f6: 0xe00d, 0x3f7: 0x0008, 0x3f8: 0xe00d, 0x3f9: 0x0008, 0x3fa: 0xe00d, 0x3fb: 0x0008,
+	0x3fc: 0xe00d, 0x3fd: 0x0008, 0x3fe: 0xe00d, 0x3ff: 0x0008,
+	// Block 0x10, offset 0x400
+	0x400: 0xe00d, 0x401: 0x0008, 0x402: 0xe00d, 0x403: 0x0008, 0x404: 0xe00d, 0x405: 0x0008,
+	0x406: 0xe00d, 0x407: 0x0008, 0x408: 0xe00d, 0x409: 0x0008, 0x40a: 0xe00d, 0x40b: 0x0008,
+	0x40c: 0xe00d, 0x40d: 0x0008, 0x40e: 0xe00d, 0x40f: 0x0008, 0x410: 0xe00d, 0x411: 0x0008,
+	0x412: 0xe00d, 0x413: 0x0008, 0x414: 0xe00d, 0x415: 0x0008, 0x416: 0xe00d, 0x417: 0x0008,
+	0x418: 0xe00d, 0x419: 0x0008, 0x41a: 0xe00d, 0x41b: 0x0008, 0x41c: 0xe00d, 0x41d: 0x0008,
+	0x41e: 0xe00d, 0x41f: 0x0008, 0x420: 0xe00d, 0x421: 0x0008, 0x422: 0xe00d, 0x423: 0x0008,
+	0x424: 0xe00d, 0x425: 0x0008, 0x426: 0xe00d, 0x427: 0x0008, 0x428: 0xe00d, 0x429: 0x0008,
+	0x42a: 0xe00d, 0x42b: 0x0008, 0x42c: 0xe00d, 0x42d: 0x0008, 0x42e: 0xe00d, 0x42f: 0x0008,
+	0x430: 0x0040, 0x431: 0x03f5, 0x432: 0x03f5, 0x433: 0x03f5, 0x434: 0x03f5, 0x435: 0x03f5,
+	0x436: 0x03f5, 0x437: 0x03f5, 0x438: 0x03f5, 0x439: 0x03f5, 0x43a: 0x03f5, 0x43b: 0x03f5,
+	0x43c: 0x03f5, 0x43d: 0x03f5, 0x43e: 0x03f5, 0x43f: 0x03f5,
+	// Block 0x11, offset 0x440
+	0x440: 0x0840, 0x441: 0x0840, 0x442: 0x0840, 0x443: 0x0840, 0x444: 0x0840, 0x445: 0x0840,
+	0x446: 0x0018, 0x447: 0x0018, 0x448: 0x0818, 0x449: 0x0018, 0x44a: 0x0018, 0x44b: 0x0818,
+	0x44c: 0x0018, 0x44d: 0x0818, 0x44e: 0x0018, 0x44f: 0x0018, 0x450: 0x3308, 0x451: 0x3308,
+	0x452: 0x3308, 0x453: 0x3308, 0x454: 0x3308, 0x455: 0x3308, 0x456: 0x3308, 0x457: 0x3308,
+	0x458: 0x3308, 0x459: 0x3308, 0x45a: 0x3308, 0x45b: 0x0818, 0x45c: 0x0b40, 0x45d: 0x0040,
+	0x45e: 0x0818, 0x45f: 0x0818, 0x460: 0x0a08, 0x461: 0x0808, 0x462: 0x0c08, 0x463: 0x0c08,
+	0x464: 0x0c08, 0x465: 0x0c08, 0x466: 0x0a08, 0x467: 0x0c08, 0x468: 0x0a08, 0x469: 0x0c08,
+	0x46a: 0x0a08, 0x46b: 0x0a08, 0x46c: 0x0a08, 0x46d: 0x0a08, 0x46e: 0x0a08, 0x46f: 0x0c08,
+	0x470: 0x0c08, 0x471: 0x0c08, 0x472: 0x0c08, 0x473: 0x0a08, 0x474: 0x0a08, 0x475: 0x0a08,
+	0x476: 0x0a08, 0x477: 0x0a08, 0x478: 0x0a08, 0x479: 0x0a08, 0x47a: 0x0a08, 0x47b: 0x0a08,
+	0x47c: 0x0a08, 0x47d: 0x0a08, 0x47e: 0x0a08, 0x47f: 0x0a08,
+	// Block 0x12, offset 0x480
+	0x480: 0x0818, 0x481: 0x0a08, 0x482: 0x0a08, 0x483: 0x0a08, 0x484: 0x0a08, 0x485: 0x0a08,
+	0x486: 0x0a08, 0x487: 0x0a08, 0x488: 0x0c08, 0x489: 0x0a08, 0x48a: 0x0a08, 0x48b: 0x3308,
+	0x48c: 0x3308, 0x48d: 0x3308, 0x48e: 0x3308, 0x48f: 0x3308, 0x490: 0x3308, 0x491: 0x3308,
+	0x492: 0x3308, 0x493: 0x3308, 0x494: 0x3308, 0x495: 0x3308, 0x496: 0x3308, 0x497: 0x3308,
+	0x498: 0x3308, 0x499: 0x3308, 0x49a: 0x3308, 0x49b: 0x3308, 0x49c: 0x3308, 0x49d: 0x3308,
+	0x49e: 0x3308, 0x49f: 0x3308, 0x4a0: 0x0808, 0x4a1: 0x0808, 0x4a2: 0x0808, 0x4a3: 0x0808,
+	0x4a4: 0x0808, 0x4a5: 0x0808, 0x4a6: 0x0808, 0x4a7: 0x0808, 0x4a8: 0x0808, 0x4a9: 0x0808,
+	0x4aa: 0x0018, 0x4ab: 0x0818, 0x4ac: 0x0818, 0x4ad: 0x0818, 0x4ae: 0x0a08, 0x4af: 0x0a08,
+	0x4b0: 0x3308, 0x4b1: 0x0c08, 0x4b2: 0x0c08, 0x4b3: 0x0c08, 0x4b4: 0x0808, 0x4b5: 0x0429,
+	0x4b6: 0x0451, 0x4b7: 0x0479, 0x4b8: 0x04a1, 0x4b9: 0x0a08, 0x4ba: 0x0a08, 0x4bb: 0x0a08,
+	0x4bc: 0x0a08, 0x4bd: 0x0a08, 0x4be: 0x0a08, 0x4bf: 0x0a08,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x0c08, 0x4c1: 0x0a08, 0x4c2: 0x0a08, 0x4c3: 0x0c08, 0x4c4: 0x0c08, 0x4c5: 0x0c08,
+	0x4c6: 0x0c08, 0x4c7: 0x0c08, 0x4c8: 0x0c08, 0x4c9: 0x0c08, 0x4ca: 0x0c08, 0x4cb: 0x0c08,
+	0x4cc: 0x0a08, 0x4cd: 0x0c08, 0x4ce: 0x0a08, 0x4cf: 0x0c08, 0x4d0: 0x0a08, 0x4d1: 0x0a08,
+	0x4d2: 0x0c08, 0x4d3: 0x0c08, 0x4d4: 0x0818, 0x4d5: 0x0c08, 0x4d6: 0x3308, 0x4d7: 0x3308,
+	0x4d8: 0x3308, 0x4d9: 0x3308, 0x4da: 0x3308, 0x4db: 0x3308, 0x4dc: 0x3308, 0x4dd: 0x0840,
+	0x4de: 0x0018, 0x4df: 0x3308, 0x4e0: 0x3308, 0x4e1: 0x3308, 0x4e2: 0x3308, 0x4e3: 0x3308,
+	0x4e4: 0x3308, 0x4e5: 0x0808, 0x4e6: 0x0808, 0x4e7: 0x3308, 0x4e8: 0x3308, 0x4e9: 0x0018,
+	0x4ea: 0x3308, 0x4eb: 0x3308, 0x4ec: 0x3308, 0x4ed: 0x3308, 0x4ee: 0x0c08, 0x4ef: 0x0c08,
+	0x4f0: 0x0008, 0x4f1: 0x0008, 0x4f2: 0x0008, 0x4f3: 0x0008, 0x4f4: 0x0008, 0x4f5: 0x0008,
+	0x4f6: 0x0008, 0x4f7: 0x0008, 0x4f8: 0x0008, 0x4f9: 0x0008, 0x4fa: 0x0a08, 0x4fb: 0x0a08,
+	0x4fc: 0x0a08, 0x4fd: 0x0808, 0x4fe: 0x0808, 0x4ff: 0x0a08,
+	// Block 0x14, offset 0x500
+	0x500: 0x0818, 0x501: 0x0818, 0x502: 0x0818, 0x503: 0x0818, 0x504: 0x0818, 0x505: 0x0818,
+	0x506: 0x0818, 0x507: 0x0818, 0x508: 0x0818, 0x509: 0x0818, 0x50a: 0x0818, 0x50b: 0x0818,
+	0x50c: 0x0818, 0x50d: 0x0818, 0x50e: 0x0040, 0x50f: 0x0b40, 0x510: 0x0c08, 0x511: 0x3308,
+	0x512: 0x0a08, 0x513: 0x0a08, 0x514: 0x0a08, 0x515: 0x0c08, 0x516: 0x0c08, 0x517: 0x0c08,
+	0x518: 0x0c08, 0x519: 0x0c08, 0x51a: 0x0a08, 0x51b: 0x0a08, 0x51c: 0x0a08, 0x51d: 0x0a08,
+	0x51e: 0x0c08, 0x51f: 0x0a08, 0x520: 0x0a08, 0x521: 0x0a08, 0x522: 0x0a08, 0x523: 0x0a08,
+	0x524: 0x0a08, 0x525: 0x0a08, 0x526: 0x0a08, 0x527: 0x0a08, 0x528: 0x0c08, 0x529: 0x0a08,
+	0x52a: 0x0c08, 0x52b: 0x0a08, 0x52c: 0x0c08, 0x52d: 0x0a08, 0x52e: 0x0a08, 0x52f: 0x0c08,
+	0x530: 0x3308, 0x531: 0x3308, 0x532: 0x3308, 0x533: 0x3308, 0x534: 0x3308, 0x535: 0x3308,
+	0x536: 0x3308, 0x537: 0x3308, 0x538: 0x3308, 0x539: 0x3308, 0x53a: 0x3308, 0x53b: 0x3308,
+	0x53c: 0x3308, 0x53d: 0x3308, 0x53e: 0x3308, 0x53f: 0x3308,
+	// Block 0x15, offset 0x540
+	0x540: 0x0c08, 0x541: 0x0a08, 0x542: 0x0a08, 0x543: 0x0a08, 0x544: 0x0a08, 0x545: 0x0a08,
+	0x546: 0x0c08, 0x547: 0x0c08, 0x548: 0x0a08, 0x549: 0x0c08, 0x54a: 0x0a08, 0x54b: 0x0a08,
+	0x54c: 0x0a08, 0x54d: 0x0a08, 0x54e: 0x0a08, 0x54f: 0x0a08, 0x550: 0x0a08, 0x551: 0x0a08,
+	0x552: 0x0a08, 0x553: 0x0a08, 0x554: 0x0c08, 0x555: 0x0a08, 0x556: 0x0808, 0x557: 0x0808,
+	0x558: 0x0808, 0x559: 0x3308, 0x55a: 0x3308, 0x55b: 0x3308, 0x55c: 0x0040, 0x55d: 0x0040,
+	0x55e: 0x0818, 0x55f: 0x0040, 0x560: 0x0a08, 0x561: 0x0808, 0x562: 0x0a08, 0x563: 0x0a08,
+	0x564: 0x0a08, 0x565: 0x0a08, 0x566: 0x0808, 0x567: 0x0c08, 0x568: 0x0a08, 0x569: 0x0c08,
+	0x56a: 0x0c08, 0x56b: 0x0040, 0x56c: 0x0040, 0x56d: 0x0040, 0x56e: 0x0040, 0x56f: 0x0040,
+	0x570: 0x0040, 0x571: 0x0040, 0x572: 0x0040, 0x573: 0x0040, 0x574: 0x0040, 0x575: 0x0040,
+	0x576: 0x0040, 0x577: 0x0040, 0x578: 0x0040, 0x579: 0x0040, 0x57a: 0x0040, 0x57b: 0x0040,
+	0x57c: 0x0040, 0x57d: 0x0040, 0x57e: 0x0040, 0x57f: 0x0040,
+	// Block 0x16, offset 0x580
+	0x580: 0x3008, 0x581: 0x3308, 0x582: 0x3308, 0x583: 0x3308, 0x584: 0x3308, 0x585: 0x3308,
+	0x586: 0x3308, 0x587: 0x3308, 0x588: 0x3308, 0x589: 0x3008, 0x58a: 0x3008, 0x58b: 0x3008,
+	0x58c: 0x3008, 0x58d: 0x3b08, 0x58e: 0x3008, 0x58f: 0x3008, 0x590: 0x0008, 0x591: 0x3308,
+	0x592: 0x3308, 0x593: 0x3308, 0x594: 0x3308, 0x595: 0x3308, 0x596: 0x3308, 0x597: 0x3308,
+	0x598: 0x04c9, 0x599: 0x0501, 0x59a: 0x0539, 0x59b: 0x0571, 0x59c: 0x05a9, 0x59d: 0x05e1,
+	0x59e: 0x0619, 0x59f: 0x0651, 0x5a0: 0x0008, 0x5a1: 0x0008, 0x5a2: 0x3308, 0x5a3: 0x3308,
+	0x5a4: 0x0018, 0x5a5: 0x0018, 0x5a6: 0x0008, 0x5a7: 0x0008, 0x5a8: 0x0008, 0x5a9: 0x0008,
+	0x5aa: 0x0008, 0x5ab: 0x0008, 0x5ac: 0x0008, 0x5ad: 0x0008, 0x5ae: 0x0008, 0x5af: 0x0008,
+	0x5b0: 0x0018, 0x5b1: 0x0008, 0x5b2: 0x0008, 0x5b3: 0x0008, 0x5b4: 0x0008, 0x5b5: 0x0008,
+	0x5b6: 0x0008, 0x5b7: 0x0008, 0x5b8: 0x0008, 0x5b9: 0x0008, 0x5ba: 0x0008, 0x5bb: 0x0008,
+	0x5bc: 0x0008, 0x5bd: 0x0008, 0x5be: 0x0008, 0x5bf: 0x0008,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x0008, 0x5c1: 0x3308, 0x5c2: 0x3008, 0x5c3: 0x3008, 0x5c4: 0x0040, 0x5c5: 0x0008,
+	0x5c6: 0x0008, 0x5c7: 0x0008, 0x5c8: 0x0008, 0x5c9: 0x0008, 0x5ca: 0x0008, 0x5cb: 0x0008,
+	0x5cc: 0x0008, 0x5cd: 0x0040, 0x5ce: 0x0040, 0x5cf: 0x0008, 0x5d0: 0x0008, 0x5d1: 0x0040,
+	0x5d2: 0x0040, 0x5d3: 0x0008, 0x5d4: 0x0008, 0x5d5: 0x0008, 0x5d6: 0x0008, 0x5d7: 0x0008,
+	0x5d8: 0x0008, 0x5d9: 0x0008, 0x5da: 0x0008, 0x5db: 0x0008, 0x5dc: 0x0008, 0x5dd: 0x0008,
+	0x5de: 0x0008, 0x5df: 0x0008, 0x5e0: 0x0008, 0x5e1: 0x0008, 0x5e2: 0x0008, 0x5e3: 0x0008,
+	0x5e4: 0x0008, 0x5e5: 0x0008, 0x5e6: 0x0008, 0x5e7: 0x0008, 0x5e8: 0x0008, 0x5e9: 0x0040,
+	0x5ea: 0x0008, 0x5eb: 0x0008, 0x5ec: 0x0008, 0x5ed: 0x0008, 0x5ee: 0x0008, 0x5ef: 0x0008,
+	0x5f0: 0x0008, 0x5f1: 0x0040, 0x5f2: 0x0008, 0x5f3: 0x0040, 0x5f4: 0x0040, 0x5f5: 0x0040,
+	0x5f6: 0x0008, 0x5f7: 0x0008, 0x5f8: 0x0008, 0x5f9: 0x0008, 0x5fa: 0x0040, 0x5fb: 0x0040,
+	0x5fc: 0x3308, 0x5fd: 0x0008, 0x5fe: 0x3008, 0x5ff: 0x3008,
+	// Block 0x18, offset 0x600
+	0x600: 0x3008, 0x601: 0x3308, 0x602: 0x3308, 0x603: 0x3308, 0x604: 0x3308, 0x605: 0x0040,
+	0x606: 0x0040, 0x607: 0x3008, 0x608: 0x3008, 0x609: 0x0040, 0x60a: 0x0040, 0x60b: 0x3008,
+	0x60c: 0x3008, 0x60d: 0x3b08, 0x60e: 0x0008, 0x60f: 0x0040, 0x610: 0x0040, 0x611: 0x0040,
+	0x612: 0x0040, 0x613: 0x0040, 0x614: 0x0040, 0x615: 0x0040, 0x616: 0x0040, 0x617: 0x3008,
+	0x618: 0x0040, 0x619: 0x0040, 0x61a: 0x0040, 0x61b: 0x0040, 0x61c: 0x0689, 0x61d: 0x06c1,
+	0x61e: 0x0040, 0x61f: 0x06f9, 0x620: 0x0008, 0x621: 0x0008, 0x622: 0x3308, 0x623: 0x3308,
+	0x624: 0x0040, 0x625: 0x0040, 0x626: 0x0008, 0x627: 0x0008, 0x628: 0x0008, 0x629: 0x0008,
+	0x62a: 0x0008, 0x62b: 0x0008, 0x62c: 0x0008, 0x62d: 0x0008, 0x62e: 0x0008, 0x62f: 0x0008,
+	0x630: 0x0008, 0x631: 0x0008, 0x632: 0x0018, 0x633: 0x0018, 0x634: 0x0018, 0x635: 0x0018,
+	0x636: 0x0018, 0x637: 0x0018, 0x638: 0x0018, 0x639: 0x0018, 0x63a: 0x0018, 0x63b: 0x0018,
+	0x63c: 0x0008, 0x63d: 0x0018, 0x63e: 0x3308, 0x63f: 0x0040,
+	// Block 0x19, offset 0x640
+	0x640: 0x0040, 0x641: 0x3308, 0x642: 0x3308, 0x643: 0x3008, 0x644: 0x0040, 0x645: 0x0008,
+	0x646: 0x0008, 0x647: 0x0008, 0x648: 0x0008, 0x649: 0x0008, 0x64a: 0x0008, 0x64b: 0x0040,
+	0x64c: 0x0040, 0x64d: 0x0040, 0x64e: 0x0040, 0x64f: 0x0008, 0x650: 0x0008, 0x651: 0x0040,
+	0x652: 0x0040, 0x653: 0x0008, 0x654: 0x0008, 0x655: 0x0008, 0x656: 0x0008, 0x657: 0x0008,
+	0x658: 0x0008, 0x659: 0x0008, 0x65a: 0x0008, 0x65b: 0x0008, 0x65c: 0x0008, 0x65d: 0x0008,
+	0x65e: 0x0008, 0x65f: 0x0008, 0x660: 0x0008, 0x661: 0x0008, 0x662: 0x0008, 0x663: 0x0008,
+	0x664: 0x0008, 0x665: 0x0008, 0x666: 0x0008, 0x667: 0x0008, 0x668: 0x0008, 0x669: 0x0040,
+	0x66a: 0x0008, 0x66b: 0x0008, 0x66c: 0x0008, 0x66d: 0x0008, 0x66e: 0x0008, 0x66f: 0x0008,
+	0x670: 0x0008, 0x671: 0x0040, 0x672: 0x0008, 0x673: 0x0731, 0x674: 0x0040, 0x675: 0x0008,
+	0x676: 0x0769, 0x677: 0x0040, 0x678: 0x0008, 0x679: 0x0008, 0x67a: 0x0040, 0x67b: 0x0040,
+	0x67c: 0x3308, 0x67d: 0x0040, 0x67e: 0x3008, 0x67f: 0x3008,
+	// Block 0x1a, offset 0x680
+	0x680: 0x3008, 0x681: 0x3308, 0x682: 0x3308, 0x683: 0x0040, 0x684: 0x0040, 0x685: 0x0040,
+	0x686: 0x0040, 0x687: 0x3308, 0x688: 0x3308, 0x689: 0x0040, 0x68a: 0x0040, 0x68b: 0x3308,
+	0x68c: 0x3308, 0x68d: 0x3b08, 0x68e: 0x0040, 0x68f: 0x0040, 0x690: 0x0040, 0x691: 0x3308,
+	0x692: 0x0040, 0x693: 0x0040, 0x694: 0x0040, 0x695: 0x0040, 0x696: 0x0040, 0x697: 0x0040,
+	0x698: 0x0040, 0x699: 0x07a1, 0x69a: 0x07d9, 0x69b: 0x0811, 0x69c: 0x0008, 0x69d: 0x0040,
+	0x69e: 0x0849, 0x69f: 0x0040, 0x6a0: 0x0040, 0x6a1: 0x0040, 0x6a2: 0x0040, 0x6a3: 0x0040,
+	0x6a4: 0x0040, 0x6a5: 0x0040, 0x6a6: 0x0008, 0x6a7: 0x0008, 0x6a8: 0x0008, 0x6a9: 0x0008,
+	0x6aa: 0x0008, 0x6ab: 0x0008, 0x6ac: 0x0008, 0x6ad: 0x0008, 0x6ae: 0x0008, 0x6af: 0x0008,
+	0x6b0: 0x3308, 0x6b1: 0x3308, 0x6b2: 0x0008, 0x6b3: 0x0008, 0x6b4: 0x0008, 0x6b5: 0x3308,
+	0x6b6: 0x0018, 0x6b7: 0x0040, 0x6b8: 0x0040, 0x6b9: 0x0040, 0x6ba: 0x0040, 0x6bb: 0x0040,
+	0x6bc: 0x0040, 0x6bd: 0x0040, 0x6be: 0x0040, 0x6bf: 0x0040,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x0040, 0x6c1: 0x3308, 0x6c2: 0x3308, 0x6c3: 0x3008, 0x6c4: 0x0040, 0x6c5: 0x0008,
+	0x6c6: 0x0008, 0x6c7: 0x0008, 0x6c8: 0x0008, 0x6c9: 0x0008, 0x6ca: 0x0008, 0x6cb: 0x0008,
+	0x6cc: 0x0008, 0x6cd: 0x0008, 0x6ce: 0x0040, 0x6cf: 0x0008, 0x6d0: 0x0008, 0x6d1: 0x0008,
+	0x6d2: 0x0040, 0x6d3: 0x0008, 0x6d4: 0x0008, 0x6d5: 0x0008, 0x6d6: 0x0008, 0x6d7: 0x0008,
+	0x6d8: 0x0008, 0x6d9: 0x0008, 0x6da: 0x0008, 0x6db: 0x0008, 0x6dc: 0x0008, 0x6dd: 0x0008,
+	0x6de: 0x0008, 0x6df: 0x0008, 0x6e0: 0x0008, 0x6e1: 0x0008, 0x6e2: 0x0008, 0x6e3: 0x0008,
+	0x6e4: 0x0008, 0x6e5: 0x0008, 0x6e6: 0x0008, 0x6e7: 0x0008, 0x6e8: 0x0008, 0x6e9: 0x0040,
+	0x6ea: 0x0008, 0x6eb: 0x0008, 0x6ec: 0x0008, 0x6ed: 0x0008, 0x6ee: 0x0008, 0x6ef: 0x0008,
+	0x6f0: 0x0008, 0x6f1: 0x0040, 0x6f2: 0x0008, 0x6f3: 0x0008, 0x6f4: 0x0040, 0x6f5: 0x0008,
+	0x6f6: 0x0008, 0x6f7: 0x0008, 0x6f8: 0x0008, 0x6f9: 0x0008, 0x6fa: 0x0040, 0x6fb: 0x0040,
+	0x6fc: 0x3308, 0x6fd: 0x0008, 0x6fe: 0x3008, 0x6ff: 0x3008,
+	// Block 0x1c, offset 0x700
+	0x700: 0x3008, 0x701: 0x3308, 0x702: 0x3308, 0x703: 0x3308, 0x704: 0x3308, 0x705: 0x3308,
+	0x706: 0x0040, 0x707: 0x3308, 0x708: 0x3308, 0x709: 0x3008, 0x70a: 0x0040, 0x70b: 0x3008,
+	0x70c: 0x3008, 0x70d: 0x3b08, 0x70e: 0x0040, 0x70f: 0x0040, 0x710: 0x0008, 0x711: 0x0040,
+	0x712: 0x0040, 0x713: 0x0040, 0x714: 0x0040, 0x715: 0x0040, 0x716: 0x0040, 0x717: 0x0040,
+	0x718: 0x0040, 0x719: 0x0040, 0x71a: 0x0040, 0x71b: 0x0040, 0x71c: 0x0040, 0x71d: 0x0040,
+	0x71e: 0x0040, 0x71f: 0x0040, 0x720: 0x0008, 0x721: 0x0008, 0x722: 0x3308, 0x723: 0x3308,
+	0x724: 0x0040, 0x725: 0x0040, 0x726: 0x0008, 0x727: 0x0008, 0x728: 0x0008, 0x729: 0x0008,
+	0x72a: 0x0008, 0x72b: 0x0008, 0x72c: 0x0008, 0x72d: 0x0008, 0x72e: 0x0008, 0x72f: 0x0008,
+	0x730: 0x0018, 0x731: 0x0018, 0x732: 0x0040, 0x733: 0x0040, 0x734: 0x0040, 0x735: 0x0040,
+	0x736: 0x0040, 0x737: 0x0040, 0x738: 0x0040, 0x739: 0x0008, 0x73a: 0x3308, 0x73b: 0x3308,
+	0x73c: 0x3308, 0x73d: 0x3308, 0x73e: 0x3308, 0x73f: 0x3308,
+	// Block 0x1d, offset 0x740
+	0x740: 0x0040, 0x741: 0x3308, 0x742: 0x3008, 0x743: 0x3008, 0x744: 0x0040, 0x745: 0x0008,
+	0x746: 0x0008, 0x747: 0x0008, 0x748: 0x0008, 0x749: 0x0008, 0x74a: 0x0008, 0x74b: 0x0008,
+	0x74c: 0x0008, 0x74d: 0x0040, 0x74e: 0x0040, 0x74f: 0x0008, 0x750: 0x0008, 0x751: 0x0040,
+	0x752: 0x0040, 0x753: 0x0008, 0x754: 0x0008, 0x755: 0x0008, 0x756: 0x0008, 0x757: 0x0008,
+	0x758: 0x0008, 0x759: 0x0008, 0x75a: 0x0008, 0x75b: 0x0008, 0x75c: 0x0008, 0x75d: 0x0008,
+	0x75e: 0x0008, 0x75f: 0x0008, 0x760: 0x0008, 0x761: 0x0008, 0x762: 0x0008, 0x763: 0x0008,
+	0x764: 0x0008, 0x765: 0x0008, 0x766: 0x0008, 0x767: 0x0008, 0x768: 0x0008, 0x769: 0x0040,
+	0x76a: 0x0008, 0x76b: 0x0008, 0x76c: 0x0008, 0x76d: 0x0008, 0x76e: 0x0008, 0x76f: 0x0008,
+	0x770: 0x0008, 0x771: 0x0040, 0x772: 0x0008, 0x773: 0x0008, 0x774: 0x0040, 0x775: 0x0008,
+	0x776: 0x0008, 0x777: 0x0008, 0x778: 0x0008, 0x779: 0x0008, 0x77a: 0x0040, 0x77b: 0x0040,
+	0x77c: 0x3308, 0x77d: 0x0008, 0x77e: 0x3008, 0x77f: 0x3308,
+	// Block 0x1e, offset 0x780
+	0x780: 0x3008, 0x781: 0x3308, 0x782: 0x3308, 0x783: 0x3308, 0x784: 0x3308, 0x785: 0x0040,
+	0x786: 0x0040, 0x787: 0x3008, 0x788: 0x3008, 0x789: 0x0040, 0x78a: 0x0040, 0x78b: 0x3008,
+	0x78c: 0x3008, 0x78d: 0x3b08, 0x78e: 0x0040, 0x78f: 0x0040, 0x790: 0x0040, 0x791: 0x0040,
+	0x792: 0x0040, 0x793: 0x0040, 0x794: 0x0040, 0x795: 0x0040, 0x796: 0x3308, 0x797: 0x3008,
+	0x798: 0x0040, 0x799: 0x0040, 0x79a: 0x0040, 0x79b: 0x0040, 0x79c: 0x0881, 0x79d: 0x08b9,
+	0x79e: 0x0040, 0x79f: 0x0008, 0x7a0: 0x0008, 0x7a1: 0x0008, 0x7a2: 0x3308, 0x7a3: 0x3308,
+	0x7a4: 0x0040, 0x7a5: 0x0040, 0x7a6: 0x0008, 0x7a7: 0x0008, 0x7a8: 0x0008, 0x7a9: 0x0008,
+	0x7aa: 0x0008, 0x7ab: 0x0008, 0x7ac: 0x0008, 0x7ad: 0x0008, 0x7ae: 0x0008, 0x7af: 0x0008,
+	0x7b0: 0x0018, 0x7b1: 0x0008, 0x7b2: 0x0018, 0x7b3: 0x0018, 0x7b4: 0x0018, 0x7b5: 0x0018,
+	0x7b6: 0x0018, 0x7b7: 0x0018, 0x7b8: 0x0040, 0x7b9: 0x0040, 0x7ba: 0x0040, 0x7bb: 0x0040,
+	0x7bc: 0x0040, 0x7bd: 0x0040, 0x7be: 0x0040, 0x7bf: 0x0040,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0x0040, 0x7c1: 0x0040, 0x7c2: 0x3308, 0x7c3: 0x0008, 0x7c4: 0x0040, 0x7c5: 0x0008,
+	0x7c6: 0x0008, 0x7c7: 0x0008, 0x7c8: 0x0008, 0x7c9: 0x0008, 0x7ca: 0x0008, 0x7cb: 0x0040,
+	0x7cc: 0x0040, 0x7cd: 0x0040, 0x7ce: 0x0008, 0x7cf: 0x0008, 0x7d0: 0x0008, 0x7d1: 0x0040,
+	0x7d2: 0x0008, 0x7d3: 0x0008, 0x7d4: 0x0008, 0x7d5: 0x0008, 0x7d6: 0x0040, 0x7d7: 0x0040,
+	0x7d8: 0x0040, 0x7d9: 0x0008, 0x7da: 0x0008, 0x7db: 0x0040, 0x7dc: 0x0008, 0x7dd: 0x0040,
+	0x7de: 0x0008, 0x7df: 0x0008, 0x7e0: 0x0040, 0x7e1: 0x0040, 0x7e2: 0x0040, 0x7e3: 0x0008,
+	0x7e4: 0x0008, 0x7e5: 0x0040, 0x7e6: 0x0040, 0x7e7: 0x0040, 0x7e8: 0x0008, 0x7e9: 0x0008,
+	0x7ea: 0x0008, 0x7eb: 0x0040, 0x7ec: 0x0040, 0x7ed: 0x0040, 0x7ee: 0x0008, 0x7ef: 0x0008,
+	0x7f0: 0x0008, 0x7f1: 0x0008, 0x7f2: 0x0008, 0x7f3: 0x0008, 0x7f4: 0x0008, 0x7f5: 0x0008,
+	0x7f6: 0x0008, 0x7f7: 0x0008, 0x7f8: 0x0008, 0x7f9: 0x0008, 0x7fa: 0x0040, 0x7fb: 0x0040,
+	0x7fc: 0x0040, 0x7fd: 0x0040, 0x7fe: 0x3008, 0x7ff: 0x3008,
+	// Block 0x20, offset 0x800
+	0x800: 0x3308, 0x801: 0x3008, 0x802: 0x3008, 0x803: 0x3008, 0x804: 0x3008, 0x805: 0x0040,
+	0x806: 0x3308, 0x807: 0x3308, 0x808: 0x3308, 0x809: 0x0040, 0x80a: 0x3308, 0x80b: 0x3308,
+	0x80c: 0x3308, 0x80d: 0x3b08, 0x80e: 0x0040, 0x80f: 0x0040, 0x810: 0x0040, 0x811: 0x0040,
+	0x812: 0x0040, 0x813: 0x0040, 0x814: 0x0040, 0x815: 0x3308, 0x816: 0x3308, 0x817: 0x0040,
+	0x818: 0x0008, 0x819: 0x0008, 0x81a: 0x0008, 0x81b: 0x0040, 0x81c: 0x0040, 0x81d: 0x0040,
+	0x81e: 0x0040, 0x81f: 0x0040, 0x820: 0x0008, 0x821: 0x0008, 0x822: 0x3308, 0x823: 0x3308,
+	0x824: 0x0040, 0x825: 0x0040, 0x826: 0x0008, 0x827: 0x0008, 0x828: 0x0008, 0x829: 0x0008,
+	0x82a: 0x0008, 0x82b: 0x0008, 0x82c: 0x0008, 0x82d: 0x0008, 0x82e: 0x0008, 0x82f: 0x0008,
+	0x830: 0x0040, 0x831: 0x0040, 0x832: 0x0040, 0x833: 0x0040, 0x834: 0x0040, 0x835: 0x0040,
+	0x836: 0x0040, 0x837: 0x0018, 0x838: 0x0018, 0x839: 0x0018, 0x83a: 0x0018, 0x83b: 0x0018,
+	0x83c: 0x0018, 0x83d: 0x0018, 0x83e: 0x0018, 0x83f: 0x0018,
+	// Block 0x21, offset 0x840
+	0x840: 0x0008, 0x841: 0x3308, 0x842: 0x3008, 0x843: 0x3008, 0x844: 0x0018, 0x845: 0x0008,
+	0x846: 0x0008, 0x847: 0x0008, 0x848: 0x0008, 0x849: 0x0008, 0x84a: 0x0008, 0x84b: 0x0008,
+	0x84c: 0x0008, 0x84d: 0x0040, 0x84e: 0x0008, 0x84f: 0x0008, 0x850: 0x0008, 0x851: 0x0040,
+	0x852: 0x0008, 0x853: 0x0008, 0x854: 0x0008, 0x855: 0x0008, 0x856: 0x0008, 0x857: 0x0008,
+	0x858: 0x0008, 0x859: 0x0008, 0x85a: 0x0008, 0x85b: 0x0008, 0x85c: 0x0008, 0x85d: 0x0008,
+	0x85e: 0x0008, 0x85f: 0x0008, 0x860: 0x0008, 0x861: 0x0008, 0x862: 0x0008, 0x863: 0x0008,
+	0x864: 0x0008, 0x865: 0x0008, 0x866: 0x0008, 0x867: 0x0008, 0x868: 0x0008, 0x869: 0x0040,
+	0x86a: 0x0008, 0x86b: 0x0008, 0x86c: 0x0008, 0x86d: 0x0008, 0x86e: 0x0008, 0x86f: 0x0008,
+	0x870: 0x0008, 0x871: 0x0008, 0x872: 0x0008, 0x873: 0x0008, 0x874: 0x0040, 0x875: 0x0008,
+	0x876: 0x0008, 0x877: 0x0008, 0x878: 0x0008, 0x879: 0x0008, 0x87a: 0x0040, 0x87b: 0x0040,
+	0x87c: 0x3308, 0x87d: 0x0008, 0x87e: 0x3008, 0x87f: 0x3308,
+	// Block 0x22, offset 0x880
+	0x880: 0x3008, 0x881: 0x3008, 0x882: 0x3008, 0x883: 0x3008, 0x884: 0x3008, 0x885: 0x0040,
+	0x886: 0x3308, 0x887: 0x3008, 0x888: 0x3008, 0x889: 0x0040, 0x88a: 0x3008, 0x88b: 0x3008,
+	0x88c: 0x3308, 0x88d: 0x3b08, 0x88e: 0x0040, 0x88f: 0x0040, 0x890: 0x0040, 0x891: 0x0040,
+	0x892: 0x0040, 0x893: 0x0040, 0x894: 0x0040, 0x895: 0x3008, 0x896: 0x3008, 0x897: 0x0040,
+	0x898: 0x0040, 0x899: 0x0040, 0x89a: 0x0040, 0x89b: 0x0040, 0x89c: 0x0040, 0x89d: 0x0040,
+	0x89e: 0x0008, 0x89f: 0x0040, 0x8a0: 0x0008, 0x8a1: 0x0008, 0x8a2: 0x3308, 0x8a3: 0x3308,
+	0x8a4: 0x0040, 0x8a5: 0x0040, 0x8a6: 0x0008, 0x8a7: 0x0008, 0x8a8: 0x0008, 0x8a9: 0x0008,
+	0x8aa: 0x0008, 0x8ab: 0x0008, 0x8ac: 0x0008, 0x8ad: 0x0008, 0x8ae: 0x0008, 0x8af: 0x0008,
+	0x8b0: 0x0040, 0x8b1: 0x0008, 0x8b2: 0x0008, 0x8b3: 0x0040, 0x8b4: 0x0040, 0x8b5: 0x0040,
+	0x8b6: 0x0040, 0x8b7: 0x0040, 0x8b8: 0x0040, 0x8b9: 0x0040, 0x8ba: 0x0040, 0x8bb: 0x0040,
+	0x8bc: 0x0040, 0x8bd: 0x0040, 0x8be: 0x0040, 0x8bf: 0x0040,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x3008, 0x8c1: 0x3308, 0x8c2: 0x3308, 0x8c3: 0x3308, 0x8c4: 0x3308, 0x8c5: 0x0040,
+	0x8c6: 0x3008, 0x8c7: 0x3008, 0x8c8: 0x3008, 0x8c9: 0x0040, 0x8ca: 0x3008, 0x8cb: 0x3008,
+	0x8cc: 0x3008, 0x8cd: 0x3b08, 0x8ce: 0x0008, 0x8cf: 0x0018, 0x8d0: 0x0040, 0x8d1: 0x0040,
+	0x8d2: 0x0040, 0x8d3: 0x0040, 0x8d4: 0x0008, 0x8d5: 0x0008, 0x8d6: 0x0008, 0x8d7: 0x3008,
+	0x8d8: 0x0018, 0x8d9: 0x0018, 0x8da: 0x0018, 0x8db: 0x0018, 0x8dc: 0x0018, 0x8dd: 0x0018,
+	0x8de: 0x0018, 0x8df: 0x0008, 0x8e0: 0x0008, 0x8e1: 0x0008, 0x8e2: 0x3308, 0x8e3: 0x3308,
+	0x8e4: 0x0040, 0x8e5: 0x0040, 0x8e6: 0x0008, 0x8e7: 0x0008, 0x8e8: 0x0008, 0x8e9: 0x0008,
+	0x8ea: 0x0008, 0x8eb: 0x0008, 0x8ec: 0x0008, 0x8ed: 0x0008, 0x8ee: 0x0008, 0x8ef: 0x0008,
+	0x8f0: 0x0018, 0x8f1: 0x0018, 0x8f2: 0x0018, 0x8f3: 0x0018, 0x8f4: 0x0018, 0x8f5: 0x0018,
+	0x8f6: 0x0018, 0x8f7: 0x0018, 0x8f8: 0x0018, 0x8f9: 0x0018, 0x8fa: 0x0008, 0x8fb: 0x0008,
+	0x8fc: 0x0008, 0x8fd: 0x0008, 0x8fe: 0x0008, 0x8ff: 0x0008,
+	// Block 0x24, offset 0x900
+	0x900: 0x0040, 0x901: 0x0008, 0x902: 0x0008, 0x903: 0x0040, 0x904: 0x0008, 0x905: 0x0040,
+	0x906: 0x0008, 0x907: 0x0008, 0x908: 0x0008, 0x909: 0x0008, 0x90a: 0x0008, 0x90b: 0x0040,
+	0x90c: 0x0008, 0x90d: 0x0008, 0x90e: 0x0008, 0x90f: 0x0008, 0x910: 0x0008, 0x911: 0x0008,
+	0x912: 0x0008, 0x913: 0x0008, 0x914: 0x0008, 0x915: 0x0008, 0x916: 0x0008, 0x917: 0x0008,
+	0x918: 0x0008, 0x919: 0x0008, 0x91a: 0x0008, 0x91b: 0x0008, 0x91c: 0x0008, 0x91d: 0x0008,
+	0x91e: 0x0008, 0x91f: 0x0008, 0x920: 0x0008, 0x921: 0x0008, 0x922: 0x0008, 0x923: 0x0008,
+	0x924: 0x0040, 0x925: 0x0008, 0x926: 0x0040, 0x927: 0x0008, 0x928: 0x0008, 0x929: 0x0008,
+	0x92a: 0x0008, 0x92b: 0x0008, 0x92c: 0x0008, 0x92d: 0x0008, 0x92e: 0x0008, 0x92f: 0x0008,
+	0x930: 0x0008, 0x931: 0x3308, 0x932: 0x0008, 0x933: 0x0929, 0x934: 0x3308, 0x935: 0x3308,
+	0x936: 0x3308, 0x937: 0x3308, 0x938: 0x3308, 0x939: 0x3308, 0x93a: 0x3b08, 0x93b: 0x3308,
+	0x93c: 0x3308, 0x93d: 0x0008, 0x93e: 0x0040, 0x93f: 0x0040,
+	// Block 0x25, offset 0x940
+	0x940: 0x0008, 0x941: 0x0008, 0x942: 0x0008, 0x943: 0x09d1, 0x944: 0x0008, 0x945: 0x0008,
+	0x946: 0x0008, 0x947: 0x0008, 0x948: 0x0040, 0x949: 0x0008, 0x94a: 0x0008, 0x94b: 0x0008,
+	0x94c: 0x0008, 0x94d: 0x0a09, 0x94e: 0x0008, 0x94f: 0x0008, 0x950: 0x0008, 0x951: 0x0008,
+	0x952: 0x0a41, 0x953: 0x0008, 0x954: 0x0008, 0x955: 0x0008, 0x956: 0x0008, 0x957: 0x0a79,
+	0x958: 0x0008, 0x959: 0x0008, 0x95a: 0x0008, 0x95b: 0x0008, 0x95c: 0x0ab1, 0x95d: 0x0008,
+	0x95e: 0x0008, 0x95f: 0x0008, 0x960: 0x0008, 0x961: 0x0008, 0x962: 0x0008, 0x963: 0x0008,
+	0x964: 0x0008, 0x965: 0x0008, 0x966: 0x0008, 0x967: 0x0008, 0x968: 0x0008, 0x969: 0x0ae9,
+	0x96a: 0x0008, 0x96b: 0x0008, 0x96c: 0x0008, 0x96d: 0x0040, 0x96e: 0x0040, 0x96f: 0x0040,
+	0x970: 0x0040, 0x971: 0x3308, 0x972: 0x3308, 0x973: 0x0b21, 0x974: 0x3308, 0x975: 0x0b59,
+	0x976: 0x0b91, 0x977: 0x0bc9, 0x978: 0x0c19, 0x979: 0x0c51, 0x97a: 0x3308, 0x97b: 0x3308,
+	0x97c: 0x3308, 0x97d: 0x3308, 0x97e: 0x3308, 0x97f: 0x3008,
+	// Block 0x26, offset 0x980
+	0x980: 0x3308, 0x981: 0x0ca1, 0x982: 0x3308, 0x983: 0x3308, 0x984: 0x3b08, 0x985: 0x0018,
+	0x986: 0x3308, 0x987: 0x3308, 0x988: 0x0008, 0x989: 0x0008, 0x98a: 0x0008, 0x98b: 0x0008,
+	0x98c: 0x0008, 0x98d: 0x3308, 0x98e: 0x3308, 0x98f: 0x3308, 0x990: 0x3308, 0x991: 0x3308,
+	0x992: 0x3308, 0x993: 0x0cd9, 0x994: 0x3308, 0x995: 0x3308, 0x996: 0x3308, 0x997: 0x3308,
+	0x998: 0x0040, 0x999: 0x3308, 0x99a: 0x3308, 0x99b: 0x3308, 0x99c: 0x3308, 0x99d: 0x0d11,
+	0x99e: 0x3308, 0x99f: 0x3308, 0x9a0: 0x3308, 0x9a1: 0x3308, 0x9a2: 0x0d49, 0x9a3: 0x3308,
+	0x9a4: 0x3308, 0x9a5: 0x3308, 0x9a6: 0x3308, 0x9a7: 0x0d81, 0x9a8: 0x3308, 0x9a9: 0x3308,
+	0x9aa: 0x3308, 0x9ab: 0x3308, 0x9ac: 0x0db9, 0x9ad: 0x3308, 0x9ae: 0x3308, 0x9af: 0x3308,
+	0x9b0: 0x3308, 0x9b1: 0x3308, 0x9b2: 0x3308, 0x9b3: 0x3308, 0x9b4: 0x3308, 0x9b5: 0x3308,
+	0x9b6: 0x3308, 0x9b7: 0x3308, 0x9b8: 0x3308, 0x9b9: 0x0df1, 0x9ba: 0x3308, 0x9bb: 0x3308,
+	0x9bc: 0x3308, 0x9bd: 0x0040, 0x9be: 0x0018, 0x9bf: 0x0018,
+	// Block 0x27, offset 0x9c0
+	0x9c0: 0x0008, 0x9c1: 0x0008, 0x9c2: 0x0008, 0x9c3: 0x0008, 0x9c4: 0x0008, 0x9c5: 0x0008,
+	0x9c6: 0x0008, 0x9c7: 0x0008, 0x9c8: 0x0008, 0x9c9: 0x0008, 0x9ca: 0x0008, 0x9cb: 0x0008,
+	0x9cc: 0x0008, 0x9cd: 0x0008, 0x9ce: 0x0008, 0x9cf: 0x0008, 0x9d0: 0x0008, 0x9d1: 0x0008,
+	0x9d2: 0x0008, 0x9d3: 0x0008, 0x9d4: 0x0008, 0x9d5: 0x0008, 0x9d6: 0x0008, 0x9d7: 0x0008,
+	0x9d8: 0x0008, 0x9d9: 0x0008, 0x9da: 0x0008, 0x9db: 0x0008, 0x9dc: 0x0008, 0x9dd: 0x0008,
+	0x9de: 0x0008, 0x9df: 0x0008, 0x9e0: 0x0008, 0x9e1: 0x0008, 0x9e2: 0x0008, 0x9e3: 0x0008,
+	0x9e4: 0x0008, 0x9e5: 0x0008, 0x9e6: 0x0008, 0x9e7: 0x0008, 0x9e8: 0x0008, 0x9e9: 0x0008,
+	0x9ea: 0x0008, 0x9eb: 0x0008, 0x9ec: 0x0039, 0x9ed: 0x0ed1, 0x9ee: 0x0ee9, 0x9ef: 0x0008,
+	0x9f0: 0x0ef9, 0x9f1: 0x0f09, 0x9f2: 0x0f19, 0x9f3: 0x0f31, 0x9f4: 0x0249, 0x9f5: 0x0f41,
+	0x9f6: 0x0259, 0x9f7: 0x0f51, 0x9f8: 0x0359, 0x9f9: 0x0f61, 0x9fa: 0x0f71, 0x9fb: 0x0008,
+	0x9fc: 0x00d9, 0x9fd: 0x0f81, 0x9fe: 0x0f99, 0x9ff: 0x0269,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x0fa9, 0xa01: 0x0fb9, 0xa02: 0x0279, 0xa03: 0x0039, 0xa04: 0x0fc9, 0xa05: 0x0fe1,
+	0xa06: 0x05b5, 0xa07: 0x0ee9, 0xa08: 0x0ef9, 0xa09: 0x0f09, 0xa0a: 0x0ff9, 0xa0b: 0x1011,
+	0xa0c: 0x1029, 0xa0d: 0x0f31, 0xa0e: 0x0008, 0xa0f: 0x0f51, 0xa10: 0x0f61, 0xa11: 0x1041,
+	0xa12: 0x00d9, 0xa13: 0x1059, 0xa14: 0x05cd, 0xa15: 0x05cd, 0xa16: 0x0f99, 0xa17: 0x0fa9,
+	0xa18: 0x0fb9, 0xa19: 0x05b5, 0xa1a: 0x1071, 0xa1b: 0x1089, 0xa1c: 0x05e5, 0xa1d: 0x1099,
+	0xa1e: 0x10b1, 0xa1f: 0x10c9, 0xa20: 0x10e1, 0xa21: 0x10f9, 0xa22: 0x0f41, 0xa23: 0x0269,
+	0xa24: 0x0fb9, 0xa25: 0x1089, 0xa26: 0x1099, 0xa27: 0x10b1, 0xa28: 0x1111, 0xa29: 0x10e1,
+	0xa2a: 0x10f9, 0xa2b: 0x0008, 0xa2c: 0x0008, 0xa2d: 0x0008, 0xa2e: 0x0008, 0xa2f: 0x0008,
+	0xa30: 0x0008, 0xa31: 0x0008, 0xa32: 0x0008, 0xa33: 0x0008, 0xa34: 0x0008, 0xa35: 0x0008,
+	0xa36: 0x0008, 0xa37: 0x0008, 0xa38: 0x1129, 0xa39: 0x0008, 0xa3a: 0x0008, 0xa3b: 0x0008,
+	0xa3c: 0x0008, 0xa3d: 0x0008, 0xa3e: 0x0008, 0xa3f: 0x0008,
+	// Block 0x29, offset 0xa40
+	0xa40: 0x0008, 0xa41: 0x0008, 0xa42: 0x0008, 0xa43: 0x0008, 0xa44: 0x0008, 0xa45: 0x0008,
+	0xa46: 0x0008, 0xa47: 0x0008, 0xa48: 0x0008, 0xa49: 0x0008, 0xa4a: 0x0008, 0xa4b: 0x0008,
+	0xa4c: 0x0008, 0xa4d: 0x0008, 0xa4e: 0x0008, 0xa4f: 0x0008, 0xa50: 0x0008, 0xa51: 0x0008,
+	0xa52: 0x0008, 0xa53: 0x0008, 0xa54: 0x0008, 0xa55: 0x0008, 0xa56: 0x0008, 0xa57: 0x0008,
+	0xa58: 0x0008, 0xa59: 0x0008, 0xa5a: 0x0008, 0xa5b: 0x1141, 0xa5c: 0x1159, 0xa5d: 0x1169,
+	0xa5e: 0x1181, 0xa5f: 0x1029, 0xa60: 0x1199, 0xa61: 0x11a9, 0xa62: 0x11c1, 0xa63: 0x11d9,
+	0xa64: 0x11f1, 0xa65: 0x1209, 0xa66: 0x1221, 0xa67: 0x05fd, 0xa68: 0x1239, 0xa69: 0x1251,
+	0xa6a: 0xe17d, 0xa6b: 0x1269, 0xa6c: 0x1281, 0xa6d: 0x1299, 0xa6e: 0x12b1, 0xa6f: 0x12c9,
+	0xa70: 0x12e1, 0xa71: 0x12f9, 0xa72: 0x1311, 0xa73: 0x1329, 0xa74: 0x1341, 0xa75: 0x1359,
+	0xa76: 0x1371, 0xa77: 0x1389, 0xa78: 0x0615, 0xa79: 0x13a1, 0xa7a: 0x13b9, 0xa7b: 0x13d1,
+	0xa7c: 0x13e1, 0xa7d: 0x13f9, 0xa7e: 0x1411, 0xa7f: 0x1429,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0xe00d, 0xa81: 0x0008, 0xa82: 0xe00d, 0xa83: 0x0008, 0xa84: 0xe00d, 0xa85: 0x0008,
+	0xa86: 0xe00d, 0xa87: 0x0008, 0xa88: 0xe00d, 0xa89: 0x0008, 0xa8a: 0xe00d, 0xa8b: 0x0008,
+	0xa8c: 0xe00d, 0xa8d: 0x0008, 0xa8e: 0xe00d, 0xa8f: 0x0008, 0xa90: 0xe00d, 0xa91: 0x0008,
+	0xa92: 0xe00d, 0xa93: 0x0008, 0xa94: 0xe00d, 0xa95: 0x0008, 0xa96: 0xe00d, 0xa97: 0x0008,
+	0xa98: 0xe00d, 0xa99: 0x0008, 0xa9a: 0xe00d, 0xa9b: 0x0008, 0xa9c: 0xe00d, 0xa9d: 0x0008,
+	0xa9e: 0xe00d, 0xa9f: 0x0008, 0xaa0: 0xe00d, 0xaa1: 0x0008, 0xaa2: 0xe00d, 0xaa3: 0x0008,
+	0xaa4: 0xe00d, 0xaa5: 0x0008, 0xaa6: 0xe00d, 0xaa7: 0x0008, 0xaa8: 0xe00d, 0xaa9: 0x0008,
+	0xaaa: 0xe00d, 0xaab: 0x0008, 0xaac: 0xe00d, 0xaad: 0x0008, 0xaae: 0xe00d, 0xaaf: 0x0008,
+	0xab0: 0xe00d, 0xab1: 0x0008, 0xab2: 0xe00d, 0xab3: 0x0008, 0xab4: 0xe00d, 0xab5: 0x0008,
+	0xab6: 0xe00d, 0xab7: 0x0008, 0xab8: 0xe00d, 0xab9: 0x0008, 0xaba: 0xe00d, 0xabb: 0x0008,
+	0xabc: 0xe00d, 0xabd: 0x0008, 0xabe: 0xe00d, 0xabf: 0x0008,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0xe00d, 0xac1: 0x0008, 0xac2: 0xe00d, 0xac3: 0x0008, 0xac4: 0xe00d, 0xac5: 0x0008,
+	0xac6: 0xe00d, 0xac7: 0x0008, 0xac8: 0xe00d, 0xac9: 0x0008, 0xaca: 0xe00d, 0xacb: 0x0008,
+	0xacc: 0xe00d, 0xacd: 0x0008, 0xace: 0xe00d, 0xacf: 0x0008, 0xad0: 0xe00d, 0xad1: 0x0008,
+	0xad2: 0xe00d, 0xad3: 0x0008, 0xad4: 0xe00d, 0xad5: 0x0008, 0xad6: 0x0008, 0xad7: 0x0008,
+	0xad8: 0x0008, 0xad9: 0x0008, 0xada: 0x062d, 0xadb: 0x064d, 0xadc: 0x0008, 0xadd: 0x0008,
+	0xade: 0x1441, 0xadf: 0x0008, 0xae0: 0xe00d, 0xae1: 0x0008, 0xae2: 0xe00d, 0xae3: 0x0008,
+	0xae4: 0xe00d, 0xae5: 0x0008, 0xae6: 0xe00d, 0xae7: 0x0008, 0xae8: 0xe00d, 0xae9: 0x0008,
+	0xaea: 0xe00d, 0xaeb: 0x0008, 0xaec: 0xe00d, 0xaed: 0x0008, 0xaee: 0xe00d, 0xaef: 0x0008,
+	0xaf0: 0xe00d, 0xaf1: 0x0008, 0xaf2: 0xe00d, 0xaf3: 0x0008, 0xaf4: 0xe00d, 0xaf5: 0x0008,
+	0xaf6: 0xe00d, 0xaf7: 0x0008, 0xaf8: 0xe00d, 0xaf9: 0x0008, 0xafa: 0xe00d, 0xafb: 0x0008,
+	0xafc: 0xe00d, 0xafd: 0x0008, 0xafe: 0xe00d, 0xaff: 0x0008,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x0008, 0xb01: 0x0008, 0xb02: 0x0008, 0xb03: 0x0008, 0xb04: 0x0008, 0xb05: 0x0008,
+	0xb06: 0x0040, 0xb07: 0x0040, 0xb08: 0xe045, 0xb09: 0xe045, 0xb0a: 0xe045, 0xb0b: 0xe045,
+	0xb0c: 0xe045, 0xb0d: 0xe045, 0xb0e: 0x0040, 0xb0f: 0x0040, 0xb10: 0x0008, 0xb11: 0x0008,
+	0xb12: 0x0008, 0xb13: 0x0008, 0xb14: 0x0008, 0xb15: 0x0008, 0xb16: 0x0008, 0xb17: 0x0008,
+	0xb18: 0x0040, 0xb19: 0xe045, 0xb1a: 0x0040, 0xb1b: 0xe045, 0xb1c: 0x0040, 0xb1d: 0xe045,
+	0xb1e: 0x0040, 0xb1f: 0xe045, 0xb20: 0x0008, 0xb21: 0x0008, 0xb22: 0x0008, 0xb23: 0x0008,
+	0xb24: 0x0008, 0xb25: 0x0008, 0xb26: 0x0008, 0xb27: 0x0008, 0xb28: 0xe045, 0xb29: 0xe045,
+	0xb2a: 0xe045, 0xb2b: 0xe045, 0xb2c: 0xe045, 0xb2d: 0xe045, 0xb2e: 0xe045, 0xb2f: 0xe045,
+	0xb30: 0x0008, 0xb31: 0x1459, 0xb32: 0x0008, 0xb33: 0x1471, 0xb34: 0x0008, 0xb35: 0x1489,
+	0xb36: 0x0008, 0xb37: 0x14a1, 0xb38: 0x0008, 0xb39: 0x14b9, 0xb3a: 0x0008, 0xb3b: 0x14d1,
+	0xb3c: 0x0008, 0xb3d: 0x14e9, 0xb3e: 0x0040, 0xb3f: 0x0040,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x1501, 0xb41: 0x1531, 0xb42: 0x1561, 0xb43: 0x1591, 0xb44: 0x15c1, 0xb45: 0x15f1,
+	0xb46: 0x1621, 0xb47: 0x1651, 0xb48: 0x1501, 0xb49: 0x1531, 0xb4a: 0x1561, 0xb4b: 0x1591,
+	0xb4c: 0x15c1, 0xb4d: 0x15f1, 0xb4e: 0x1621, 0xb4f: 0x1651, 0xb50: 0x1681, 0xb51: 0x16b1,
+	0xb52: 0x16e1, 0xb53: 0x1711, 0xb54: 0x1741, 0xb55: 0x1771, 0xb56: 0x17a1, 0xb57: 0x17d1,
+	0xb58: 0x1681, 0xb59: 0x16b1, 0xb5a: 0x16e1, 0xb5b: 0x1711, 0xb5c: 0x1741, 0xb5d: 0x1771,
+	0xb5e: 0x17a1, 0xb5f: 0x17d1, 0xb60: 0x1801, 0xb61: 0x1831, 0xb62: 0x1861, 0xb63: 0x1891,
+	0xb64: 0x18c1, 0xb65: 0x18f1, 0xb66: 0x1921, 0xb67: 0x1951, 0xb68: 0x1801, 0xb69: 0x1831,
+	0xb6a: 0x1861, 0xb6b: 0x1891, 0xb6c: 0x18c1, 0xb6d: 0x18f1, 0xb6e: 0x1921, 0xb6f: 0x1951,
+	0xb70: 0x0008, 0xb71: 0x0008, 0xb72: 0x1981, 0xb73: 0x19b1, 0xb74: 0x19d9, 0xb75: 0x0040,
+	0xb76: 0x0008, 0xb77: 0x1a01, 0xb78: 0xe045, 0xb79: 0xe045, 0xb7a: 0x0665, 0xb7b: 0x1459,
+	0xb7c: 0x19b1, 0xb7d: 0x067e, 0xb7e: 0x1a31, 0xb7f: 0x069e,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x06be, 0xb81: 0x1a4a, 0xb82: 0x1a79, 0xb83: 0x1aa9, 0xb84: 0x1ad1, 0xb85: 0x0040,
+	0xb86: 0x0008, 0xb87: 0x1af9, 0xb88: 0x06dd, 0xb89: 0x1471, 0xb8a: 0x06f5, 0xb8b: 0x1489,
+	0xb8c: 0x1aa9, 0xb8d: 0x1b2a, 0xb8e: 0x1b5a, 0xb8f: 0x1b8a, 0xb90: 0x0008, 0xb91: 0x0008,
+	0xb92: 0x0008, 0xb93: 0x1bb9, 0xb94: 0x0040, 0xb95: 0x0040, 0xb96: 0x0008, 0xb97: 0x0008,
+	0xb98: 0xe045, 0xb99: 0xe045, 0xb9a: 0x070d, 0xb9b: 0x14a1, 0xb9c: 0x0040, 0xb9d: 0x1bd2,
+	0xb9e: 0x1c02, 0xb9f: 0x1c32, 0xba0: 0x0008, 0xba1: 0x0008, 0xba2: 0x0008, 0xba3: 0x1c61,
+	0xba4: 0x0008, 0xba5: 0x0008, 0xba6: 0x0008, 0xba7: 0x0008, 0xba8: 0xe045, 0xba9: 0xe045,
+	0xbaa: 0x0725, 0xbab: 0x14d1, 0xbac: 0xe04d, 0xbad: 0x1c7a, 0xbae: 0x03d2, 0xbaf: 0x1caa,
+	0xbb0: 0x0040, 0xbb1: 0x0040, 0xbb2: 0x1cb9, 0xbb3: 0x1ce9, 0xbb4: 0x1d11, 0xbb5: 0x0040,
+	0xbb6: 0x0008, 0xbb7: 0x1d39, 0xbb8: 0x073d, 0xbb9: 0x14b9, 0xbba: 0x0515, 0xbbb: 0x14e9,
+	0xbbc: 0x1ce9, 0xbbd: 0x0756, 0xbbe: 0x0776, 0xbbf: 0x0040,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x000a, 0xbc1: 0x000a, 0xbc2: 0x000a, 0xbc3: 0x000a, 0xbc4: 0x000a, 0xbc5: 0x000a,
+	0xbc6: 0x000a, 0xbc7: 0x000a, 0xbc8: 0x000a, 0xbc9: 0x000a, 0xbca: 0x000a, 0xbcb: 0x03c0,
+	0xbcc: 0x0003, 0xbcd: 0x0003, 0xbce: 0x0340, 0xbcf: 0x0b40, 0xbd0: 0x0018, 0xbd1: 0xe00d,
+	0xbd2: 0x0018, 0xbd3: 0x0018, 0xbd4: 0x0018, 0xbd5: 0x0018, 0xbd6: 0x0018, 0xbd7: 0x0796,
+	0xbd8: 0x0018, 0xbd9: 0x0018, 0xbda: 0x0018, 0xbdb: 0x0018, 0xbdc: 0x0018, 0xbdd: 0x0018,
+	0xbde: 0x0018, 0xbdf: 0x0018, 0xbe0: 0x0018, 0xbe1: 0x0018, 0xbe2: 0x0018, 0xbe3: 0x0018,
+	0xbe4: 0x0040, 0xbe5: 0x0040, 0xbe6: 0x0040, 0xbe7: 0x0018, 0xbe8: 0x0040, 0xbe9: 0x0040,
+	0xbea: 0x0340, 0xbeb: 0x0340, 0xbec: 0x0340, 0xbed: 0x0340, 0xbee: 0x0340, 0xbef: 0x000a,
+	0xbf0: 0x0018, 0xbf1: 0x0018, 0xbf2: 0x0018, 0xbf3: 0x1d69, 0xbf4: 0x1da1, 0xbf5: 0x0018,
+	0xbf6: 0x1df1, 0xbf7: 0x1e29, 0xbf8: 0x0018, 0xbf9: 0x0018, 0xbfa: 0x0018, 0xbfb: 0x0018,
+	0xbfc: 0x1e7a, 0xbfd: 0x0018, 0xbfe: 0x07b6, 0xbff: 0x0018,
+	// Block 0x30, offset 0xc00
+	0xc00: 0x0018, 0xc01: 0x0018, 0xc02: 0x0018, 0xc03: 0x0018, 0xc04: 0x0018, 0xc05: 0x0018,
+	0xc06: 0x0018, 0xc07: 0x1e92, 0xc08: 0x1eaa, 0xc09: 0x1ec2, 0xc0a: 0x0018, 0xc0b: 0x0018,
+	0xc0c: 0x0018, 0xc0d: 0x0018, 0xc0e: 0x0018, 0xc0f: 0x0018, 0xc10: 0x0018, 0xc11: 0x0018,
+	0xc12: 0x0018, 0xc13: 0x0018, 0xc14: 0x0018, 0xc15: 0x0018, 0xc16: 0x0018, 0xc17: 0x1ed9,
+	0xc18: 0x0018, 0xc19: 0x0018, 0xc1a: 0x0018, 0xc1b: 0x0018, 0xc1c: 0x0018, 0xc1d: 0x0018,
+	0xc1e: 0x0018, 0xc1f: 0x000a, 0xc20: 0x03c0, 0xc21: 0x0340, 0xc22: 0x0340, 0xc23: 0x0340,
+	0xc24: 0x03c0, 0xc25: 0x0040, 0xc26: 0x0040, 0xc27: 0x0040, 0xc28: 0x0040, 0xc29: 0x0040,
+	0xc2a: 0x0340, 0xc2b: 0x0340, 0xc2c: 0x0340, 0xc2d: 0x0340, 0xc2e: 0x0340, 0xc2f: 0x0340,
+	0xc30: 0x1f41, 0xc31: 0x0f41, 0xc32: 0x0040, 0xc33: 0x0040, 0xc34: 0x1f51, 0xc35: 0x1f61,
+	0xc36: 0x1f71, 0xc37: 0x1f81, 0xc38: 0x1f91, 0xc39: 0x1fa1, 0xc3a: 0x1fb2, 0xc3b: 0x07d5,
+	0xc3c: 0x1fc2, 0xc3d: 0x1fd2, 0xc3e: 0x1fe2, 0xc3f: 0x0f71,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x1f41, 0xc41: 0x00c9, 0xc42: 0x0069, 0xc43: 0x0079, 0xc44: 0x1f51, 0xc45: 0x1f61,
+	0xc46: 0x1f71, 0xc47: 0x1f81, 0xc48: 0x1f91, 0xc49: 0x1fa1, 0xc4a: 0x1fb2, 0xc4b: 0x07ed,
+	0xc4c: 0x1fc2, 0xc4d: 0x1fd2, 0xc4e: 0x1fe2, 0xc4f: 0x0040, 0xc50: 0x0039, 0xc51: 0x0f09,
+	0xc52: 0x00d9, 0xc53: 0x0369, 0xc54: 0x0ff9, 0xc55: 0x0249, 0xc56: 0x0f51, 0xc57: 0x0359,
+	0xc58: 0x0f61, 0xc59: 0x0f71, 0xc5a: 0x0f99, 0xc5b: 0x01d9, 0xc5c: 0x0fa9, 0xc5d: 0x0040,
+	0xc5e: 0x0040, 0xc5f: 0x0040, 0xc60: 0x0018, 0xc61: 0x0018, 0xc62: 0x0018, 0xc63: 0x0018,
+	0xc64: 0x0018, 0xc65: 0x0018, 0xc66: 0x0018, 0xc67: 0x0018, 0xc68: 0x1ff1, 0xc69: 0x0018,
+	0xc6a: 0x0018, 0xc6b: 0x0018, 0xc6c: 0x0018, 0xc6d: 0x0018, 0xc6e: 0x0018, 0xc6f: 0x0018,
+	0xc70: 0x0018, 0xc71: 0x0018, 0xc72: 0x0018, 0xc73: 0x0018, 0xc74: 0x0018, 0xc75: 0x0018,
+	0xc76: 0x0018, 0xc77: 0x0018, 0xc78: 0x0018, 0xc79: 0x0018, 0xc7a: 0x0018, 0xc7b: 0x0018,
+	0xc7c: 0x0018, 0xc7d: 0x0018, 0xc7e: 0x0018, 0xc7f: 0x0018,
+	// Block 0x32, offset 0xc80
+	0xc80: 0x0806, 0xc81: 0x0826, 0xc82: 0x1159, 0xc83: 0x0845, 0xc84: 0x0018, 0xc85: 0x0866,
+	0xc86: 0x0886, 0xc87: 0x1011, 0xc88: 0x0018, 0xc89: 0x08a5, 0xc8a: 0x0f31, 0xc8b: 0x0249,
+	0xc8c: 0x0249, 0xc8d: 0x0249, 0xc8e: 0x0249, 0xc8f: 0x2009, 0xc90: 0x0f41, 0xc91: 0x0f41,
+	0xc92: 0x0359, 0xc93: 0x0359, 0xc94: 0x0018, 0xc95: 0x0f71, 0xc96: 0x2021, 0xc97: 0x0018,
+	0xc98: 0x0018, 0xc99: 0x0f99, 0xc9a: 0x2039, 0xc9b: 0x0269, 0xc9c: 0x0269, 0xc9d: 0x0269,
+	0xc9e: 0x0018, 0xc9f: 0x0018, 0xca0: 0x2049, 0xca1: 0x08c5, 0xca2: 0x2061, 0xca3: 0x0018,
+	0xca4: 0x13d1, 0xca5: 0x0018, 0xca6: 0x2079, 0xca7: 0x0018, 0xca8: 0x13d1, 0xca9: 0x0018,
+	0xcaa: 0x0f51, 0xcab: 0x2091, 0xcac: 0x0ee9, 0xcad: 0x1159, 0xcae: 0x0018, 0xcaf: 0x0f09,
+	0xcb0: 0x0f09, 0xcb1: 0x1199, 0xcb2: 0x0040, 0xcb3: 0x0f61, 0xcb4: 0x00d9, 0xcb5: 0x20a9,
+	0xcb6: 0x20c1, 0xcb7: 0x20d9, 0xcb8: 0x20f1, 0xcb9: 0x0f41, 0xcba: 0x0018, 0xcbb: 0x08e5,
+	0xcbc: 0x2109, 0xcbd: 0x10b1, 0xcbe: 0x10b1, 0xcbf: 0x2109,
+	// Block 0x33, offset 0xcc0
+	0xcc0: 0x0905, 0xcc1: 0x0018, 0xcc2: 0x0018, 0xcc3: 0x0018, 0xcc4: 0x0018, 0xcc5: 0x0ef9,
+	0xcc6: 0x0ef9, 0xcc7: 0x0f09, 0xcc8: 0x0f41, 0xcc9: 0x0259, 0xcca: 0x0018, 0xccb: 0x0018,
+	0xccc: 0x0018, 0xccd: 0x0018, 0xcce: 0x0008, 0xccf: 0x0018, 0xcd0: 0x2121, 0xcd1: 0x2151,
+	0xcd2: 0x2181, 0xcd3: 0x21b9, 0xcd4: 0x21e9, 0xcd5: 0x2219, 0xcd6: 0x2249, 0xcd7: 0x2279,
+	0xcd8: 0x22a9, 0xcd9: 0x22d9, 0xcda: 0x2309, 0xcdb: 0x2339, 0xcdc: 0x2369, 0xcdd: 0x2399,
+	0xcde: 0x23c9, 0xcdf: 0x23f9, 0xce0: 0x0f41, 0xce1: 0x2421, 0xce2: 0x091d, 0xce3: 0x2439,
+	0xce4: 0x1089, 0xce5: 0x2451, 0xce6: 0x093d, 0xce7: 0x2469, 0xce8: 0x2491, 0xce9: 0x0369,
+	0xcea: 0x24a9, 0xceb: 0x095d, 0xcec: 0x0359, 0xced: 0x1159, 0xcee: 0x0ef9, 0xcef: 0x0f61,
+	0xcf0: 0x0f41, 0xcf1: 0x2421, 0xcf2: 0x097d, 0xcf3: 0x2439, 0xcf4: 0x1089, 0xcf5: 0x2451,
+	0xcf6: 0x099d, 0xcf7: 0x2469, 0xcf8: 0x2491, 0xcf9: 0x0369, 0xcfa: 0x24a9, 0xcfb: 0x09bd,
+	0xcfc: 0x0359, 0xcfd: 0x1159, 0xcfe: 0x0ef9, 0xcff: 0x0f61,
+	// Block 0x34, offset 0xd00
+	0xd00: 0x0018, 0xd01: 0x0018, 0xd02: 0x0018, 0xd03: 0x0018, 0xd04: 0x0018, 0xd05: 0x0018,
+	0xd06: 0x0018, 0xd07: 0x0018, 0xd08: 0x0018, 0xd09: 0x0018, 0xd0a: 0x0018, 0xd0b: 0x0040,
+	0xd0c: 0x0040, 0xd0d: 0x0040, 0xd0e: 0x0040, 0xd0f: 0x0040, 0xd10: 0x0040, 0xd11: 0x0040,
+	0xd12: 0x0040, 0xd13: 0x0040, 0xd14: 0x0040, 0xd15: 0x0040, 0xd16: 0x0040, 0xd17: 0x0040,
+	0xd18: 0x0040, 0xd19: 0x0040, 0xd1a: 0x0040, 0xd1b: 0x0040, 0xd1c: 0x0040, 0xd1d: 0x0040,
+	0xd1e: 0x0040, 0xd1f: 0x0040, 0xd20: 0x00c9, 0xd21: 0x0069, 0xd22: 0x0079, 0xd23: 0x1f51,
+	0xd24: 0x1f61, 0xd25: 0x1f71, 0xd26: 0x1f81, 0xd27: 0x1f91, 0xd28: 0x1fa1, 0xd29: 0x2601,
+	0xd2a: 0x2619, 0xd2b: 0x2631, 0xd2c: 0x2649, 0xd2d: 0x2661, 0xd2e: 0x2679, 0xd2f: 0x2691,
+	0xd30: 0x26a9, 0xd31: 0x26c1, 0xd32: 0x26d9, 0xd33: 0x26f1, 0xd34: 0x0a1e, 0xd35: 0x0a3e,
+	0xd36: 0x0a5e, 0xd37: 0x0a7e, 0xd38: 0x0a9e, 0xd39: 0x0abe, 0xd3a: 0x0ade, 0xd3b: 0x0afe,
+	0xd3c: 0x0b1e, 0xd3d: 0x270a, 0xd3e: 0x2732, 0xd3f: 0x275a,
+	// Block 0x35, offset 0xd40
+	0xd40: 0x2782, 0xd41: 0x27aa, 0xd42: 0x27d2, 0xd43: 0x27fa, 0xd44: 0x2822, 0xd45: 0x284a,
+	0xd46: 0x2872, 0xd47: 0x289a, 0xd48: 0x0040, 0xd49: 0x0040, 0xd4a: 0x0040, 0xd4b: 0x0040,
+	0xd4c: 0x0040, 0xd4d: 0x0040, 0xd4e: 0x0040, 0xd4f: 0x0040, 0xd50: 0x0040, 0xd51: 0x0040,
+	0xd52: 0x0040, 0xd53: 0x0040, 0xd54: 0x0040, 0xd55: 0x0040, 0xd56: 0x0040, 0xd57: 0x0040,
+	0xd58: 0x0040, 0xd59: 0x0040, 0xd5a: 0x0040, 0xd5b: 0x0040, 0xd5c: 0x0b3e, 0xd5d: 0x0b5e,
+	0xd5e: 0x0b7e, 0xd5f: 0x0b9e, 0xd60: 0x0bbe, 0xd61: 0x0bde, 0xd62: 0x0bfe, 0xd63: 0x0c1e,
+	0xd64: 0x0c3e, 0xd65: 0x0c5e, 0xd66: 0x0c7e, 0xd67: 0x0c9e, 0xd68: 0x0cbe, 0xd69: 0x0cde,
+	0xd6a: 0x0cfe, 0xd6b: 0x0d1e, 0xd6c: 0x0d3e, 0xd6d: 0x0d5e, 0xd6e: 0x0d7e, 0xd6f: 0x0d9e,
+	0xd70: 0x0dbe, 0xd71: 0x0dde, 0xd72: 0x0dfe, 0xd73: 0x0e1e, 0xd74: 0x0e3e, 0xd75: 0x0e5e,
+	0xd76: 0x0039, 0xd77: 0x0ee9, 0xd78: 0x1159, 0xd79: 0x0ef9, 0xd7a: 0x0f09, 0xd7b: 0x1199,
+	0xd7c: 0x0f31, 0xd7d: 0x0249, 0xd7e: 0x0f41, 0xd7f: 0x0259,
+	// Block 0x36, offset 0xd80
+	0xd80: 0x0f51, 0xd81: 0x0359, 0xd82: 0x0f61, 0xd83: 0x0f71, 0xd84: 0x00d9, 0xd85: 0x0f99,
+	0xd86: 0x2039, 0xd87: 0x0269, 0xd88: 0x01d9, 0xd89: 0x0fa9, 0xd8a: 0x0fb9, 0xd8b: 0x1089,
+	0xd8c: 0x0279, 0xd8d: 0x0369, 0xd8e: 0x0289, 0xd8f: 0x13d1, 0xd90: 0x0039, 0xd91: 0x0ee9,
+	0xd92: 0x1159, 0xd93: 0x0ef9, 0xd94: 0x0f09, 0xd95: 0x1199, 0xd96: 0x0f31, 0xd97: 0x0249,
+	0xd98: 0x0f41, 0xd99: 0x0259, 0xd9a: 0x0f51, 0xd9b: 0x0359, 0xd9c: 0x0f61, 0xd9d: 0x0f71,
+	0xd9e: 0x00d9, 0xd9f: 0x0f99, 0xda0: 0x2039, 0xda1: 0x0269, 0xda2: 0x01d9, 0xda3: 0x0fa9,
+	0xda4: 0x0fb9, 0xda5: 0x1089, 0xda6: 0x0279, 0xda7: 0x0369, 0xda8: 0x0289, 0xda9: 0x13d1,
+	0xdaa: 0x1f41, 0xdab: 0x0018, 0xdac: 0x0018, 0xdad: 0x0018, 0xdae: 0x0018, 0xdaf: 0x0018,
+	0xdb0: 0x0018, 0xdb1: 0x0018, 0xdb2: 0x0018, 0xdb3: 0x0018, 0xdb4: 0x0018, 0xdb5: 0x0018,
+	0xdb6: 0x0018, 0xdb7: 0x0018, 0xdb8: 0x0018, 0xdb9: 0x0018, 0xdba: 0x0018, 0xdbb: 0x0018,
+	0xdbc: 0x0018, 0xdbd: 0x0018, 0xdbe: 0x0018, 0xdbf: 0x0018,
+	// Block 0x37, offset 0xdc0
+	0xdc0: 0x0008, 0xdc1: 0x0008, 0xdc2: 0x0008, 0xdc3: 0x0008, 0xdc4: 0x0008, 0xdc5: 0x0008,
+	0xdc6: 0x0008, 0xdc7: 0x0008, 0xdc8: 0x0008, 0xdc9: 0x0008, 0xdca: 0x0008, 0xdcb: 0x0008,
+	0xdcc: 0x0008, 0xdcd: 0x0008, 0xdce: 0x0008, 0xdcf: 0x0008, 0xdd0: 0x0008, 0xdd1: 0x0008,
+	0xdd2: 0x0008, 0xdd3: 0x0008, 0xdd4: 0x0008, 0xdd5: 0x0008, 0xdd6: 0x0008, 0xdd7: 0x0008,
+	0xdd8: 0x0008, 0xdd9: 0x0008, 0xdda: 0x0008, 0xddb: 0x0008, 0xddc: 0x0008, 0xddd: 0x0008,
+	0xdde: 0x0008, 0xddf: 0x0040, 0xde0: 0xe00d, 0xde1: 0x0008, 0xde2: 0x2971, 0xde3: 0x0ed5,
+	0xde4: 0x2989, 0xde5: 0x0008, 0xde6: 0x0008, 0xde7: 0xe07d, 0xde8: 0x0008, 0xde9: 0xe01d,
+	0xdea: 0x0008, 0xdeb: 0xe03d, 0xdec: 0x0008, 0xded: 0x0fe1, 0xdee: 0x1281, 0xdef: 0x0fc9,
+	0xdf0: 0x1141, 0xdf1: 0x0008, 0xdf2: 0xe00d, 0xdf3: 0x0008, 0xdf4: 0x0008, 0xdf5: 0xe01d,
+	0xdf6: 0x0008, 0xdf7: 0x0008, 0xdf8: 0x0008, 0xdf9: 0x0008, 0xdfa: 0x0008, 0xdfb: 0x0008,
+	0xdfc: 0x0259, 0xdfd: 0x1089, 0xdfe: 0x29a1, 0xdff: 0x29b9,
+	// Block 0x38, offset 0xe00
+	0xe00: 0xe00d, 0xe01: 0x0008, 0xe02: 0xe00d, 0xe03: 0x0008, 0xe04: 0xe00d, 0xe05: 0x0008,
+	0xe06: 0xe00d, 0xe07: 0x0008, 0xe08: 0xe00d, 0xe09: 0x0008, 0xe0a: 0xe00d, 0xe0b: 0x0008,
+	0xe0c: 0xe00d, 0xe0d: 0x0008, 0xe0e: 0xe00d, 0xe0f: 0x0008, 0xe10: 0xe00d, 0xe11: 0x0008,
+	0xe12: 0xe00d, 0xe13: 0x0008, 0xe14: 0xe00d, 0xe15: 0x0008, 0xe16: 0xe00d, 0xe17: 0x0008,
+	0xe18: 0xe00d, 0xe19: 0x0008, 0xe1a: 0xe00d, 0xe1b: 0x0008, 0xe1c: 0xe00d, 0xe1d: 0x0008,
+	0xe1e: 0xe00d, 0xe1f: 0x0008, 0xe20: 0xe00d, 0xe21: 0x0008, 0xe22: 0xe00d, 0xe23: 0x0008,
+	0xe24: 0x0008, 0xe25: 0x0018, 0xe26: 0x0018, 0xe27: 0x0018, 0xe28: 0x0018, 0xe29: 0x0018,
+	0xe2a: 0x0018, 0xe2b: 0xe03d, 0xe2c: 0x0008, 0xe2d: 0xe01d, 0xe2e: 0x0008, 0xe2f: 0x3308,
+	0xe30: 0x3308, 0xe31: 0x3308, 0xe32: 0xe00d, 0xe33: 0x0008, 0xe34: 0x0040, 0xe35: 0x0040,
+	0xe36: 0x0040, 0xe37: 0x0040, 0xe38: 0x0040, 0xe39: 0x0018, 0xe3a: 0x0018, 0xe3b: 0x0018,
+	0xe3c: 0x0018, 0xe3d: 0x0018, 0xe3e: 0x0018, 0xe3f: 0x0018,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x2715, 0xe41: 0x2735, 0xe42: 0x2755, 0xe43: 0x2775, 0xe44: 0x2795, 0xe45: 0x27b5,
+	0xe46: 0x27d5, 0xe47: 0x27f5, 0xe48: 0x2815, 0xe49: 0x2835, 0xe4a: 0x2855, 0xe4b: 0x2875,
+	0xe4c: 0x2895, 0xe4d: 0x28b5, 0xe4e: 0x28d5, 0xe4f: 0x28f5, 0xe50: 0x2915, 0xe51: 0x2935,
+	0xe52: 0x2955, 0xe53: 0x2975, 0xe54: 0x2995, 0xe55: 0x29b5, 0xe56: 0x0040, 0xe57: 0x0040,
+	0xe58: 0x0040, 0xe59: 0x0040, 0xe5a: 0x0040, 0xe5b: 0x0040, 0xe5c: 0x0040, 0xe5d: 0x0040,
+	0xe5e: 0x0040, 0xe5f: 0x0040, 0xe60: 0x0040, 0xe61: 0x0040, 0xe62: 0x0040, 0xe63: 0x0040,
+	0xe64: 0x0040, 0xe65: 0x0040, 0xe66: 0x0040, 0xe67: 0x0040, 0xe68: 0x0040, 0xe69: 0x0040,
+	0xe6a: 0x0040, 0xe6b: 0x0040, 0xe6c: 0x0040, 0xe6d: 0x0040, 0xe6e: 0x0040, 0xe6f: 0x0040,
+	0xe70: 0x0040, 0xe71: 0x0040, 0xe72: 0x0040, 0xe73: 0x0040, 0xe74: 0x0040, 0xe75: 0x0040,
+	0xe76: 0x0040, 0xe77: 0x0040, 0xe78: 0x0040, 0xe79: 0x0040, 0xe7a: 0x0040, 0xe7b: 0x0040,
+	0xe7c: 0x0040, 0xe7d: 0x0040, 0xe7e: 0x0040, 0xe7f: 0x0040,
+	// Block 0x3a, offset 0xe80
+	0xe80: 0x000a, 0xe81: 0x0018, 0xe82: 0x29d1, 0xe83: 0x0018, 0xe84: 0x0018, 0xe85: 0x0008,
+	0xe86: 0x0008, 0xe87: 0x0008, 0xe88: 0x0018, 0xe89: 0x0018, 0xe8a: 0x0018, 0xe8b: 0x0018,
+	0xe8c: 0x0018, 0xe8d: 0x0018, 0xe8e: 0x0018, 0xe8f: 0x0018, 0xe90: 0x0018, 0xe91: 0x0018,
+	0xe92: 0x0018, 0xe93: 0x0018, 0xe94: 0x0018, 0xe95: 0x0018, 0xe96: 0x0018, 0xe97: 0x0018,
+	0xe98: 0x0018, 0xe99: 0x0018, 0xe9a: 0x0018, 0xe9b: 0x0018, 0xe9c: 0x0018, 0xe9d: 0x0018,
+	0xe9e: 0x0018, 0xe9f: 0x0018, 0xea0: 0x0018, 0xea1: 0x0018, 0xea2: 0x0018, 0xea3: 0x0018,
+	0xea4: 0x0018, 0xea5: 0x0018, 0xea6: 0x0018, 0xea7: 0x0018, 0xea8: 0x0018, 0xea9: 0x0018,
+	0xeaa: 0x3308, 0xeab: 0x3308, 0xeac: 0x3308, 0xead: 0x3308, 0xeae: 0x3018, 0xeaf: 0x3018,
+	0xeb0: 0x0018, 0xeb1: 0x0018, 0xeb2: 0x0018, 0xeb3: 0x0018, 0xeb4: 0x0018, 0xeb5: 0x0018,
+	0xeb6: 0xe125, 0xeb7: 0x0018, 0xeb8: 0x29d5, 0xeb9: 0x29f5, 0xeba: 0x2a15, 0xebb: 0x0018,
+	0xebc: 0x0008, 0xebd: 0x0018, 0xebe: 0x0018, 0xebf: 0x0018,
+	// Block 0x3b, offset 0xec0
+	0xec0: 0x2b55, 0xec1: 0x2b75, 0xec2: 0x2b95, 0xec3: 0x2bb5, 0xec4: 0x2bd5, 0xec5: 0x2bf5,
+	0xec6: 0x2bf5, 0xec7: 0x2bf5, 0xec8: 0x2c15, 0xec9: 0x2c15, 0xeca: 0x2c15, 0xecb: 0x2c15,
+	0xecc: 0x2c35, 0xecd: 0x2c35, 0xece: 0x2c35, 0xecf: 0x2c55, 0xed0: 0x2c75, 0xed1: 0x2c75,
+	0xed2: 0x2a95, 0xed3: 0x2a95, 0xed4: 0x2c75, 0xed5: 0x2c75, 0xed6: 0x2c95, 0xed7: 0x2c95,
+	0xed8: 0x2c75, 0xed9: 0x2c75, 0xeda: 0x2a95, 0xedb: 0x2a95, 0xedc: 0x2c75, 0xedd: 0x2c75,
+	0xede: 0x2c55, 0xedf: 0x2c55, 0xee0: 0x2cb5, 0xee1: 0x2cb5, 0xee2: 0x2cd5, 0xee3: 0x2cd5,
+	0xee4: 0x0040, 0xee5: 0x2cf5, 0xee6: 0x2d15, 0xee7: 0x2d35, 0xee8: 0x2d35, 0xee9: 0x2d55,
+	0xeea: 0x2d75, 0xeeb: 0x2d95, 0xeec: 0x2db5, 0xeed: 0x2dd5, 0xeee: 0x2df5, 0xeef: 0x2e15,
+	0xef0: 0x2e35, 0xef1: 0x2e55, 0xef2: 0x2e55, 0xef3: 0x2e75, 0xef4: 0x2e95, 0xef5: 0x2e95,
+	0xef6: 0x2eb5, 0xef7: 0x2ed5, 0xef8: 0x2e75, 0xef9: 0x2ef5, 0xefa: 0x2f15, 0xefb: 0x2ef5,
+	0xefc: 0x2e75, 0xefd: 0x2f35, 0xefe: 0x2f55, 0xeff: 0x2f75,
+	// Block 0x3c, offset 0xf00
+	0xf00: 0x2f95, 0xf01: 0x2fb5, 0xf02: 0x2d15, 0xf03: 0x2cf5, 0xf04: 0x2fd5, 0xf05: 0x2ff5,
+	0xf06: 0x3015, 0xf07: 0x3035, 0xf08: 0x3055, 0xf09: 0x3075, 0xf0a: 0x3095, 0xf0b: 0x30b5,
+	0xf0c: 0x30d5, 0xf0d: 0x30f5, 0xf0e: 0x3115, 0xf0f: 0x0040, 0xf10: 0x0018, 0xf11: 0x0018,
+	0xf12: 0x3135, 0xf13: 0x3155, 0xf14: 0x3175, 0xf15: 0x3195, 0xf16: 0x31b5, 0xf17: 0x31d5,
+	0xf18: 0x31f5, 0xf19: 0x3215, 0xf1a: 0x3235, 0xf1b: 0x3255, 0xf1c: 0x3175, 0xf1d: 0x3275,
+	0xf1e: 0x3295, 0xf1f: 0x32b5, 0xf20: 0x0008, 0xf21: 0x0008, 0xf22: 0x0008, 0xf23: 0x0008,
+	0xf24: 0x0008, 0xf25: 0x0008, 0xf26: 0x0008, 0xf27: 0x0008, 0xf28: 0x0008, 0xf29: 0x0008,
+	0xf2a: 0x0008, 0xf2b: 0x0008, 0xf2c: 0x0008, 0xf2d: 0x0008, 0xf2e: 0x0008, 0xf2f: 0x0008,
+	0xf30: 0x0008, 0xf31: 0x0008, 0xf32: 0x0008, 0xf33: 0x0008, 0xf34: 0x0008, 0xf35: 0x0008,
+	0xf36: 0x0008, 0xf37: 0x0008, 0xf38: 0x0008, 0xf39: 0x0008, 0xf3a: 0x0008, 0xf3b: 0x0040,
+	0xf3c: 0x0040, 0xf3d: 0x0040, 0xf3e: 0x0040, 0xf3f: 0x0040,
+	// Block 0x3d, offset 0xf40
+	0xf40: 0x36a2, 0xf41: 0x36d2, 0xf42: 0x3702, 0xf43: 0x3732, 0xf44: 0x32d5, 0xf45: 0x32f5,
+	0xf46: 0x3315, 0xf47: 0x3335, 0xf48: 0x0018, 0xf49: 0x0018, 0xf4a: 0x0018, 0xf4b: 0x0018,
+	0xf4c: 0x0018, 0xf4d: 0x0018, 0xf4e: 0x0018, 0xf4f: 0x0018, 0xf50: 0x3355, 0xf51: 0x3761,
+	0xf52: 0x3779, 0xf53: 0x3791, 0xf54: 0x37a9, 0xf55: 0x37c1, 0xf56: 0x37d9, 0xf57: 0x37f1,
+	0xf58: 0x3809, 0xf59: 0x3821, 0xf5a: 0x3839, 0xf5b: 0x3851, 0xf5c: 0x3869, 0xf5d: 0x3881,
+	0xf5e: 0x3899, 0xf5f: 0x38b1, 0xf60: 0x3375, 0xf61: 0x3395, 0xf62: 0x33b5, 0xf63: 0x33d5,
+	0xf64: 0x33f5, 0xf65: 0x33f5, 0xf66: 0x3415, 0xf67: 0x3435, 0xf68: 0x3455, 0xf69: 0x3475,
+	0xf6a: 0x3495, 0xf6b: 0x34b5, 0xf6c: 0x34d5, 0xf6d: 0x34f5, 0xf6e: 0x3515, 0xf6f: 0x3535,
+	0xf70: 0x3555, 0xf71: 0x3575, 0xf72: 0x3595, 0xf73: 0x35b5, 0xf74: 0x35d5, 0xf75: 0x35f5,
+	0xf76: 0x3615, 0xf77: 0x3635, 0xf78: 0x3655, 0xf79: 0x3675, 0xf7a: 0x3695, 0xf7b: 0x36b5,
+	0xf7c: 0x38c9, 0xf7d: 0x3901, 0xf7e: 0x36d5, 0xf7f: 0x0018,
+	// Block 0x3e, offset 0xf80
+	0xf80: 0x36f5, 0xf81: 0x3715, 0xf82: 0x3735, 0xf83: 0x3755, 0xf84: 0x3775, 0xf85: 0x3795,
+	0xf86: 0x37b5, 0xf87: 0x37d5, 0xf88: 0x37f5, 0xf89: 0x3815, 0xf8a: 0x3835, 0xf8b: 0x3855,
+	0xf8c: 0x3875, 0xf8d: 0x3895, 0xf8e: 0x38b5, 0xf8f: 0x38d5, 0xf90: 0x38f5, 0xf91: 0x3915,
+	0xf92: 0x3935, 0xf93: 0x3955, 0xf94: 0x3975, 0xf95: 0x3995, 0xf96: 0x39b5, 0xf97: 0x39d5,
+	0xf98: 0x39f5, 0xf99: 0x3a15, 0xf9a: 0x3a35, 0xf9b: 0x3a55, 0xf9c: 0x3a75, 0xf9d: 0x3a95,
+	0xf9e: 0x3ab5, 0xf9f: 0x3ad5, 0xfa0: 0x3af5, 0xfa1: 0x3b15, 0xfa2: 0x3b35, 0xfa3: 0x3b55,
+	0xfa4: 0x3b75, 0xfa5: 0x3b95, 0xfa6: 0x1295, 0xfa7: 0x3bb5, 0xfa8: 0x3bd5, 0xfa9: 0x3bf5,
+	0xfaa: 0x3c15, 0xfab: 0x3c35, 0xfac: 0x3c55, 0xfad: 0x3c75, 0xfae: 0x23b5, 0xfaf: 0x3c95,
+	0xfb0: 0x3cb5, 0xfb1: 0x3939, 0xfb2: 0x3951, 0xfb3: 0x3969, 0xfb4: 0x3981, 0xfb5: 0x3999,
+	0xfb6: 0x39b1, 0xfb7: 0x39c9, 0xfb8: 0x39e1, 0xfb9: 0x39f9, 0xfba: 0x3a11, 0xfbb: 0x3a29,
+	0xfbc: 0x3a41, 0xfbd: 0x3a59, 0xfbe: 0x3a71, 0xfbf: 0x3a89,
+	// Block 0x3f, offset 0xfc0
+	0xfc0: 0x3aa1, 0xfc1: 0x3ac9, 0xfc2: 0x3af1, 0xfc3: 0x3b19, 0xfc4: 0x3b41, 0xfc5: 0x3b69,
+	0xfc6: 0x3b91, 0xfc7: 0x3bb9, 0xfc8: 0x3be1, 0xfc9: 0x3c09, 0xfca: 0x3c39, 0xfcb: 0x3c69,
+	0xfcc: 0x3c99, 0xfcd: 0x3cd5, 0xfce: 0x3cb1, 0xfcf: 0x3cf5, 0xfd0: 0x3d15, 0xfd1: 0x3d2d,
+	0xfd2: 0x3d45, 0xfd3: 0x3d5d, 0xfd4: 0x3d75, 0xfd5: 0x3d75, 0xfd6: 0x3d5d, 0xfd7: 0x3d8d,
+	0xfd8: 0x07d5, 0xfd9: 0x3da5, 0xfda: 0x3dbd, 0xfdb: 0x3dd5, 0xfdc: 0x3ded, 0xfdd: 0x3e05,
+	0xfde: 0x3e1d, 0xfdf: 0x3e35, 0xfe0: 0x3e4d, 0xfe1: 0x3e65, 0xfe2: 0x3e7d, 0xfe3: 0x3e95,
+	0xfe4: 0x3ead, 0xfe5: 0x3ead, 0xfe6: 0x3ec5, 0xfe7: 0x3ec5, 0xfe8: 0x3edd, 0xfe9: 0x3edd,
+	0xfea: 0x3ef5, 0xfeb: 0x3f0d, 0xfec: 0x3f25, 0xfed: 0x3f3d, 0xfee: 0x3f55, 0xfef: 0x3f55,
+	0xff0: 0x3f6d, 0xff1: 0x3f6d, 0xff2: 0x3f6d, 0xff3: 0x3f85, 0xff4: 0x3f9d, 0xff5: 0x3fb5,
+	0xff6: 0x3fcd, 0xff7: 0x3fb5, 0xff8: 0x3fe5, 0xff9: 0x3ffd, 0xffa: 0x3f85, 0xffb: 0x4015,
+	0xffc: 0x402d, 0xffd: 0x402d, 0xffe: 0x402d, 0xfff: 0x0040,
+	// Block 0x40, offset 0x1000
+	0x1000: 0x3cc9, 0x1001: 0x3d31, 0x1002: 0x3d99, 0x1003: 0x3e01, 0x1004: 0x3e51, 0x1005: 0x3eb9,
+	0x1006: 0x3f09, 0x1007: 0x3f59, 0x1008: 0x3fd9, 0x1009: 0x4041, 0x100a: 0x4091, 0x100b: 0x40e1,
+	0x100c: 0x4131, 0x100d: 0x4199, 0x100e: 0x4201, 0x100f: 0x4251, 0x1010: 0x42a1, 0x1011: 0x42d9,
+	0x1012: 0x4329, 0x1013: 0x4391, 0x1014: 0x43f9, 0x1015: 0x4431, 0x1016: 0x44b1, 0x1017: 0x4549,
+	0x1018: 0x45c9, 0x1019: 0x4619, 0x101a: 0x4699, 0x101b: 0x4719, 0x101c: 0x4781, 0x101d: 0x47d1,
+	0x101e: 0x4821, 0x101f: 0x4871, 0x1020: 0x48d9, 0x1021: 0x4959, 0x1022: 0x49c1, 0x1023: 0x4a11,
+	0x1024: 0x4a61, 0x1025: 0x4ab1, 0x1026: 0x4ae9, 0x1027: 0x4b21, 0x1028: 0x4b59, 0x1029: 0x4b91,
+	0x102a: 0x4be1, 0x102b: 0x4c31, 0x102c: 0x4cb1, 0x102d: 0x4d01, 0x102e: 0x4d69, 0x102f: 0x4de9,
+	0x1030: 0x4e39, 0x1031: 0x4e71, 0x1032: 0x4ea9, 0x1033: 0x4f29, 0x1034: 0x4f91, 0x1035: 0x5011,
+	0x1036: 0x5061, 0x1037: 0x50e1, 0x1038: 0x5119, 0x1039: 0x5169, 0x103a: 0x51b9, 0x103b: 0x5209,
+	0x103c: 0x5259, 0x103d: 0x52a9, 0x103e: 0x5311, 0x103f: 0x5361,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x5399, 0x1041: 0x53e9, 0x1042: 0x5439, 0x1043: 0x5489, 0x1044: 0x54f1, 0x1045: 0x5541,
+	0x1046: 0x5591, 0x1047: 0x55e1, 0x1048: 0x5661, 0x1049: 0x56c9, 0x104a: 0x5701, 0x104b: 0x5781,
+	0x104c: 0x57b9, 0x104d: 0x5821, 0x104e: 0x5889, 0x104f: 0x58d9, 0x1050: 0x5929, 0x1051: 0x5979,
+	0x1052: 0x59e1, 0x1053: 0x5a19, 0x1054: 0x5a69, 0x1055: 0x5ad1, 0x1056: 0x5b09, 0x1057: 0x5b89,
+	0x1058: 0x5bd9, 0x1059: 0x5c01, 0x105a: 0x5c29, 0x105b: 0x5c51, 0x105c: 0x5c79, 0x105d: 0x5ca1,
+	0x105e: 0x5cc9, 0x105f: 0x5cf1, 0x1060: 0x5d19, 0x1061: 0x5d41, 0x1062: 0x5d69, 0x1063: 0x5d99,
+	0x1064: 0x5dc9, 0x1065: 0x5df9, 0x1066: 0x5e29, 0x1067: 0x5e59, 0x1068: 0x5e89, 0x1069: 0x5eb9,
+	0x106a: 0x5ee9, 0x106b: 0x5f19, 0x106c: 0x5f49, 0x106d: 0x5f79, 0x106e: 0x5fa9, 0x106f: 0x5fd9,
+	0x1070: 0x6009, 0x1071: 0x4045, 0x1072: 0x6039, 0x1073: 0x6051, 0x1074: 0x4065, 0x1075: 0x6069,
+	0x1076: 0x6081, 0x1077: 0x6099, 0x1078: 0x4085, 0x1079: 0x4085, 0x107a: 0x60b1, 0x107b: 0x60c9,
+	0x107c: 0x6101, 0x107d: 0x6139, 0x107e: 0x6171, 0x107f: 0x61a9,
+	// Block 0x42, offset 0x1080
+	0x1080: 0x6211, 0x1081: 0x6229, 0x1082: 0x40a5, 0x1083: 0x6241, 0x1084: 0x6259, 0x1085: 0x6271,
+	0x1086: 0x6289, 0x1087: 0x62a1, 0x1088: 0x40c5, 0x1089: 0x62b9, 0x108a: 0x62e1, 0x108b: 0x62f9,
+	0x108c: 0x40e5, 0x108d: 0x40e5, 0x108e: 0x6311, 0x108f: 0x6329, 0x1090: 0x6341, 0x1091: 0x4105,
+	0x1092: 0x4125, 0x1093: 0x4145, 0x1094: 0x4165, 0x1095: 0x4185, 0x1096: 0x6359, 0x1097: 0x6371,
+	0x1098: 0x6389, 0x1099: 0x63a1, 0x109a: 0x63b9, 0x109b: 0x41a5, 0x109c: 0x63d1, 0x109d: 0x63e9,
+	0x109e: 0x6401, 0x109f: 0x41c5, 0x10a0: 0x41e5, 0x10a1: 0x6419, 0x10a2: 0x4205, 0x10a3: 0x4225,
+	0x10a4: 0x4245, 0x10a5: 0x6431, 0x10a6: 0x4265, 0x10a7: 0x6449, 0x10a8: 0x6479, 0x10a9: 0x6211,
+	0x10aa: 0x4285, 0x10ab: 0x42a5, 0x10ac: 0x42c5, 0x10ad: 0x42e5, 0x10ae: 0x64b1, 0x10af: 0x64f1,
+	0x10b0: 0x6539, 0x10b1: 0x6551, 0x10b2: 0x4305, 0x10b3: 0x6569, 0x10b4: 0x6581, 0x10b5: 0x6599,
+	0x10b6: 0x4325, 0x10b7: 0x65b1, 0x10b8: 0x65c9, 0x10b9: 0x65b1, 0x10ba: 0x65e1, 0x10bb: 0x65f9,
+	0x10bc: 0x4345, 0x10bd: 0x6611, 0x10be: 0x6629, 0x10bf: 0x6611,
+	// Block 0x43, offset 0x10c0
+	0x10c0: 0x4365, 0x10c1: 0x4385, 0x10c2: 0x0040, 0x10c3: 0x6641, 0x10c4: 0x6659, 0x10c5: 0x6671,
+	0x10c6: 0x6689, 0x10c7: 0x0040, 0x10c8: 0x66c1, 0x10c9: 0x66d9, 0x10ca: 0x66f1, 0x10cb: 0x6709,
+	0x10cc: 0x6721, 0x10cd: 0x6739, 0x10ce: 0x6401, 0x10cf: 0x6751, 0x10d0: 0x6769, 0x10d1: 0x6781,
+	0x10d2: 0x43a5, 0x10d3: 0x6799, 0x10d4: 0x6289, 0x10d5: 0x43c5, 0x10d6: 0x43e5, 0x10d7: 0x67b1,
+	0x10d8: 0x0040, 0x10d9: 0x4405, 0x10da: 0x67c9, 0x10db: 0x67e1, 0x10dc: 0x67f9, 0x10dd: 0x6811,
+	0x10de: 0x6829, 0x10df: 0x6859, 0x10e0: 0x6889, 0x10e1: 0x68b1, 0x10e2: 0x68d9, 0x10e3: 0x6901,
+	0x10e4: 0x6929, 0x10e5: 0x6951, 0x10e6: 0x6979, 0x10e7: 0x69a1, 0x10e8: 0x69c9, 0x10e9: 0x69f1,
+	0x10ea: 0x6a21, 0x10eb: 0x6a51, 0x10ec: 0x6a81, 0x10ed: 0x6ab1, 0x10ee: 0x6ae1, 0x10ef: 0x6b11,
+	0x10f0: 0x6b41, 0x10f1: 0x6b71, 0x10f2: 0x6ba1, 0x10f3: 0x6bd1, 0x10f4: 0x6c01, 0x10f5: 0x6c31,
+	0x10f6: 0x6c61, 0x10f7: 0x6c91, 0x10f8: 0x6cc1, 0x10f9: 0x6cf1, 0x10fa: 0x6d21, 0x10fb: 0x6d51,
+	0x10fc: 0x6d81, 0x10fd: 0x6db1, 0x10fe: 0x6de1, 0x10ff: 0x4425,
+	// Block 0x44, offset 0x1100
+	0x1100: 0xe00d, 0x1101: 0x0008, 0x1102: 0xe00d, 0x1103: 0x0008, 0x1104: 0xe00d, 0x1105: 0x0008,
+	0x1106: 0xe00d, 0x1107: 0x0008, 0x1108: 0xe00d, 0x1109: 0x0008, 0x110a: 0xe00d, 0x110b: 0x0008,
+	0x110c: 0xe00d, 0x110d: 0x0008, 0x110e: 0xe00d, 0x110f: 0x0008, 0x1110: 0xe00d, 0x1111: 0x0008,
+	0x1112: 0xe00d, 0x1113: 0x0008, 0x1114: 0xe00d, 0x1115: 0x0008, 0x1116: 0xe00d, 0x1117: 0x0008,
+	0x1118: 0xe00d, 0x1119: 0x0008, 0x111a: 0xe00d, 0x111b: 0x0008, 0x111c: 0xe00d, 0x111d: 0x0008,
+	0x111e: 0xe00d, 0x111f: 0x0008, 0x1120: 0xe00d, 0x1121: 0x0008, 0x1122: 0xe00d, 0x1123: 0x0008,
+	0x1124: 0xe00d, 0x1125: 0x0008, 0x1126: 0xe00d, 0x1127: 0x0008, 0x1128: 0xe00d, 0x1129: 0x0008,
+	0x112a: 0xe00d, 0x112b: 0x0008, 0x112c: 0xe00d, 0x112d: 0x0008, 0x112e: 0x0008, 0x112f: 0x3308,
+	0x1130: 0x3318, 0x1131: 0x3318, 0x1132: 0x3318, 0x1133: 0x0018, 0x1134: 0x3308, 0x1135: 0x3308,
+	0x1136: 0x3308, 0x1137: 0x3308, 0x1138: 0x3308, 0x1139: 0x3308, 0x113a: 0x3308, 0x113b: 0x3308,
+	0x113c: 0x3308, 0x113d: 0x3308, 0x113e: 0x0018, 0x113f: 0x0008,
+	// Block 0x45, offset 0x1140
+	0x1140: 0xe00d, 0x1141: 0x0008, 0x1142: 0xe00d, 0x1143: 0x0008, 0x1144: 0xe00d, 0x1145: 0x0008,
+	0x1146: 0xe00d, 0x1147: 0x0008, 0x1148: 0xe00d, 0x1149: 0x0008, 0x114a: 0xe00d, 0x114b: 0x0008,
+	0x114c: 0xe00d, 0x114d: 0x0008, 0x114e: 0xe00d, 0x114f: 0x0008, 0x1150: 0xe00d, 0x1151: 0x0008,
+	0x1152: 0xe00d, 0x1153: 0x0008, 0x1154: 0xe00d, 0x1155: 0x0008, 0x1156: 0xe00d, 0x1157: 0x0008,
+	0x1158: 0xe00d, 0x1159: 0x0008, 0x115a: 0xe00d, 0x115b: 0x0008, 0x115c: 0x0ea1, 0x115d: 0x6e11,
+	0x115e: 0x3308, 0x115f: 0x3308, 0x1160: 0x0008, 0x1161: 0x0008, 0x1162: 0x0008, 0x1163: 0x0008,
+	0x1164: 0x0008, 0x1165: 0x0008, 0x1166: 0x0008, 0x1167: 0x0008, 0x1168: 0x0008, 0x1169: 0x0008,
+	0x116a: 0x0008, 0x116b: 0x0008, 0x116c: 0x0008, 0x116d: 0x0008, 0x116e: 0x0008, 0x116f: 0x0008,
+	0x1170: 0x0008, 0x1171: 0x0008, 0x1172: 0x0008, 0x1173: 0x0008, 0x1174: 0x0008, 0x1175: 0x0008,
+	0x1176: 0x0008, 0x1177: 0x0008, 0x1178: 0x0008, 0x1179: 0x0008, 0x117a: 0x0008, 0x117b: 0x0008,
+	0x117c: 0x0008, 0x117d: 0x0008, 0x117e: 0x0008, 0x117f: 0x0008,
+	// Block 0x46, offset 0x1180
+	0x1180: 0x0018, 0x1181: 0x0018, 0x1182: 0x0018, 0x1183: 0x0018, 0x1184: 0x0018, 0x1185: 0x0018,
+	0x1186: 0x0018, 0x1187: 0x0018, 0x1188: 0x0018, 0x1189: 0x0018, 0x118a: 0x0018, 0x118b: 0x0018,
+	0x118c: 0x0018, 0x118d: 0x0018, 0x118e: 0x0018, 0x118f: 0x0018, 0x1190: 0x0018, 0x1191: 0x0018,
+	0x1192: 0x0018, 0x1193: 0x0018, 0x1194: 0x0018, 0x1195: 0x0018, 0x1196: 0x0018, 0x1197: 0x0008,
+	0x1198: 0x0008, 0x1199: 0x0008, 0x119a: 0x0008, 0x119b: 0x0008, 0x119c: 0x0008, 0x119d: 0x0008,
+	0x119e: 0x0008, 0x119f: 0x0008, 0x11a0: 0x0018, 0x11a1: 0x0018, 0x11a2: 0xe00d, 0x11a3: 0x0008,
+	0x11a4: 0xe00d, 0x11a5: 0x0008, 0x11a6: 0xe00d, 0x11a7: 0x0008, 0x11a8: 0xe00d, 0x11a9: 0x0008,
+	0x11aa: 0xe00d, 0x11ab: 0x0008, 0x11ac: 0xe00d, 0x11ad: 0x0008, 0x11ae: 0xe00d, 0x11af: 0x0008,
+	0x11b0: 0x0008, 0x11b1: 0x0008, 0x11b2: 0xe00d, 0x11b3: 0x0008, 0x11b4: 0xe00d, 0x11b5: 0x0008,
+	0x11b6: 0xe00d, 0x11b7: 0x0008, 0x11b8: 0xe00d, 0x11b9: 0x0008, 0x11ba: 0xe00d, 0x11bb: 0x0008,
+	0x11bc: 0xe00d, 0x11bd: 0x0008, 0x11be: 0xe00d, 0x11bf: 0x0008,
+	// Block 0x47, offset 0x11c0
+	0x11c0: 0xe00d, 0x11c1: 0x0008, 0x11c2: 0xe00d, 0x11c3: 0x0008, 0x11c4: 0xe00d, 0x11c5: 0x0008,
+	0x11c6: 0xe00d, 0x11c7: 0x0008, 0x11c8: 0xe00d, 0x11c9: 0x0008, 0x11ca: 0xe00d, 0x11cb: 0x0008,
+	0x11cc: 0xe00d, 0x11cd: 0x0008, 0x11ce: 0xe00d, 0x11cf: 0x0008, 0x11d0: 0xe00d, 0x11d1: 0x0008,
+	0x11d2: 0xe00d, 0x11d3: 0x0008, 0x11d4: 0xe00d, 0x11d5: 0x0008, 0x11d6: 0xe00d, 0x11d7: 0x0008,
+	0x11d8: 0xe00d, 0x11d9: 0x0008, 0x11da: 0xe00d, 0x11db: 0x0008, 0x11dc: 0xe00d, 0x11dd: 0x0008,
+	0x11de: 0xe00d, 0x11df: 0x0008, 0x11e0: 0xe00d, 0x11e1: 0x0008, 0x11e2: 0xe00d, 0x11e3: 0x0008,
+	0x11e4: 0xe00d, 0x11e5: 0x0008, 0x11e6: 0xe00d, 0x11e7: 0x0008, 0x11e8: 0xe00d, 0x11e9: 0x0008,
+	0x11ea: 0xe00d, 0x11eb: 0x0008, 0x11ec: 0xe00d, 0x11ed: 0x0008, 0x11ee: 0xe00d, 0x11ef: 0x0008,
+	0x11f0: 0xe0fd, 0x11f1: 0x0008, 0x11f2: 0x0008, 0x11f3: 0x0008, 0x11f4: 0x0008, 0x11f5: 0x0008,
+	0x11f6: 0x0008, 0x11f7: 0x0008, 0x11f8: 0x0008, 0x11f9: 0xe01d, 0x11fa: 0x0008, 0x11fb: 0xe03d,
+	0x11fc: 0x0008, 0x11fd: 0x4445, 0x11fe: 0xe00d, 0x11ff: 0x0008,
+	// Block 0x48, offset 0x1200
+	0x1200: 0xe00d, 0x1201: 0x0008, 0x1202: 0xe00d, 0x1203: 0x0008, 0x1204: 0xe00d, 0x1205: 0x0008,
+	0x1206: 0xe00d, 0x1207: 0x0008, 0x1208: 0x0008, 0x1209: 0x0018, 0x120a: 0x0018, 0x120b: 0xe03d,
+	0x120c: 0x0008, 0x120d: 0x11d9, 0x120e: 0x0008, 0x120f: 0x0008, 0x1210: 0xe00d, 0x1211: 0x0008,
+	0x1212: 0xe00d, 0x1213: 0x0008, 0x1214: 0x0008, 0x1215: 0x0008, 0x1216: 0xe00d, 0x1217: 0x0008,
+	0x1218: 0xe00d, 0x1219: 0x0008, 0x121a: 0xe00d, 0x121b: 0x0008, 0x121c: 0xe00d, 0x121d: 0x0008,
+	0x121e: 0xe00d, 0x121f: 0x0008, 0x1220: 0xe00d, 0x1221: 0x0008, 0x1222: 0xe00d, 0x1223: 0x0008,
+	0x1224: 0xe00d, 0x1225: 0x0008, 0x1226: 0xe00d, 0x1227: 0x0008, 0x1228: 0xe00d, 0x1229: 0x0008,
+	0x122a: 0x6e29, 0x122b: 0x1029, 0x122c: 0x11c1, 0x122d: 0x6e41, 0x122e: 0x1221, 0x122f: 0x0008,
+	0x1230: 0x6e59, 0x1231: 0x6e71, 0x1232: 0x1239, 0x1233: 0x4465, 0x1234: 0xe00d, 0x1235: 0x0008,
+	0x1236: 0xe00d, 0x1237: 0x0008, 0x1238: 0xe00d, 0x1239: 0x0008, 0x123a: 0xe00d, 0x123b: 0x0008,
+	0x123c: 0xe00d, 0x123d: 0x0008, 0x123e: 0xe00d, 0x123f: 0x0008,
+	// Block 0x49, offset 0x1240
+	0x1240: 0x650d, 0x1241: 0x652d, 0x1242: 0x654d, 0x1243: 0x656d, 0x1244: 0x658d, 0x1245: 0x65ad,
+	0x1246: 0x65cd, 0x1247: 0x65ed, 0x1248: 0x660d, 0x1249: 0x662d, 0x124a: 0x664d, 0x124b: 0x666d,
+	0x124c: 0x668d, 0x124d: 0x66ad, 0x124e: 0x0008, 0x124f: 0x0008, 0x1250: 0x66cd, 0x1251: 0x0008,
+	0x1252: 0x66ed, 0x1253: 0x0008, 0x1254: 0x0008, 0x1255: 0x670d, 0x1256: 0x672d, 0x1257: 0x674d,
+	0x1258: 0x676d, 0x1259: 0x678d, 0x125a: 0x67ad, 0x125b: 0x67cd, 0x125c: 0x67ed, 0x125d: 0x680d,
+	0x125e: 0x682d, 0x125f: 0x0008, 0x1260: 0x684d, 0x1261: 0x0008, 0x1262: 0x686d, 0x1263: 0x0008,
+	0x1264: 0x0008, 0x1265: 0x688d, 0x1266: 0x68ad, 0x1267: 0x0008, 0x1268: 0x0008, 0x1269: 0x0008,
+	0x126a: 0x68cd, 0x126b: 0x68ed, 0x126c: 0x690d, 0x126d: 0x692d, 0x126e: 0x694d, 0x126f: 0x696d,
+	0x1270: 0x698d, 0x1271: 0x69ad, 0x1272: 0x69cd, 0x1273: 0x69ed, 0x1274: 0x6a0d, 0x1275: 0x6a2d,
+	0x1276: 0x6a4d, 0x1277: 0x6a6d, 0x1278: 0x6a8d, 0x1279: 0x6aad, 0x127a: 0x6acd, 0x127b: 0x6aed,
+	0x127c: 0x6b0d, 0x127d: 0x6b2d, 0x127e: 0x6b4d, 0x127f: 0x6b6d,
+	// Block 0x4a, offset 0x1280
+	0x1280: 0x7acd, 0x1281: 0x7aed, 0x1282: 0x7b0d, 0x1283: 0x7b2d, 0x1284: 0x7b4d, 0x1285: 0x7b6d,
+	0x1286: 0x7b8d, 0x1287: 0x7bad, 0x1288: 0x7bcd, 0x1289: 0x7bed, 0x128a: 0x7c0d, 0x128b: 0x7c2d,
+	0x128c: 0x7c4d, 0x128d: 0x7c6d, 0x128e: 0x7c8d, 0x128f: 0x6ec9, 0x1290: 0x6ef1, 0x1291: 0x6f19,
+	0x1292: 0x7cad, 0x1293: 0x7ccd, 0x1294: 0x7ced, 0x1295: 0x6f41, 0x1296: 0x6f69, 0x1297: 0x6f91,
+	0x1298: 0x7d0d, 0x1299: 0x7d2d, 0x129a: 0x0040, 0x129b: 0x0040, 0x129c: 0x0040, 0x129d: 0x0040,
+	0x129e: 0x0040, 0x129f: 0x0040, 0x12a0: 0x0040, 0x12a1: 0x0040, 0x12a2: 0x0040, 0x12a3: 0x0040,
+	0x12a4: 0x0040, 0x12a5: 0x0040, 0x12a6: 0x0040, 0x12a7: 0x0040, 0x12a8: 0x0040, 0x12a9: 0x0040,
+	0x12aa: 0x0040, 0x12ab: 0x0040, 0x12ac: 0x0040, 0x12ad: 0x0040, 0x12ae: 0x0040, 0x12af: 0x0040,
+	0x12b0: 0x0040, 0x12b1: 0x0040, 0x12b2: 0x0040, 0x12b3: 0x0040, 0x12b4: 0x0040, 0x12b5: 0x0040,
+	0x12b6: 0x0040, 0x12b7: 0x0040, 0x12b8: 0x0040, 0x12b9: 0x0040, 0x12ba: 0x0040, 0x12bb: 0x0040,
+	0x12bc: 0x0040, 0x12bd: 0x0040, 0x12be: 0x0040, 0x12bf: 0x0040,
+	// Block 0x4b, offset 0x12c0
+	0x12c0: 0x6fb9, 0x12c1: 0x6fd1, 0x12c2: 0x6fe9, 0x12c3: 0x7d4d, 0x12c4: 0x7d6d, 0x12c5: 0x7001,
+	0x12c6: 0x7001, 0x12c7: 0x0040, 0x12c8: 0x0040, 0x12c9: 0x0040, 0x12ca: 0x0040, 0x12cb: 0x0040,
+	0x12cc: 0x0040, 0x12cd: 0x0040, 0x12ce: 0x0040, 0x12cf: 0x0040, 0x12d0: 0x0040, 0x12d1: 0x0040,
+	0x12d2: 0x0040, 0x12d3: 0x7019, 0x12d4: 0x7041, 0x12d5: 0x7069, 0x12d6: 0x7091, 0x12d7: 0x70b9,
+	0x12d8: 0x0040, 0x12d9: 0x0040, 0x12da: 0x0040, 0x12db: 0x0040, 0x12dc: 0x0040, 0x12dd: 0x70e1,
+	0x12de: 0x3308, 0x12df: 0x7109, 0x12e0: 0x7131, 0x12e1: 0x20a9, 0x12e2: 0x20f1, 0x12e3: 0x7149,
+	0x12e4: 0x7161, 0x12e5: 0x7179, 0x12e6: 0x7191, 0x12e7: 0x71a9, 0x12e8: 0x71c1, 0x12e9: 0x1fb2,
+	0x12ea: 0x71d9, 0x12eb: 0x7201, 0x12ec: 0x7229, 0x12ed: 0x7261, 0x12ee: 0x7299, 0x12ef: 0x72c1,
+	0x12f0: 0x72e9, 0x12f1: 0x7311, 0x12f2: 0x7339, 0x12f3: 0x7361, 0x12f4: 0x7389, 0x12f5: 0x73b1,
+	0x12f6: 0x73d9, 0x12f7: 0x0040, 0x12f8: 0x7401, 0x12f9: 0x7429, 0x12fa: 0x7451, 0x12fb: 0x7479,
+	0x12fc: 0x74a1, 0x12fd: 0x0040, 0x12fe: 0x74c9, 0x12ff: 0x0040,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x74f1, 0x1301: 0x7519, 0x1302: 0x0040, 0x1303: 0x7541, 0x1304: 0x7569, 0x1305: 0x0040,
+	0x1306: 0x7591, 0x1307: 0x75b9, 0x1308: 0x75e1, 0x1309: 0x7609, 0x130a: 0x7631, 0x130b: 0x7659,
+	0x130c: 0x7681, 0x130d: 0x76a9, 0x130e: 0x76d1, 0x130f: 0x76f9, 0x1310: 0x7721, 0x1311: 0x7721,
+	0x1312: 0x7739, 0x1313: 0x7739, 0x1314: 0x7739, 0x1315: 0x7739, 0x1316: 0x7751, 0x1317: 0x7751,
+	0x1318: 0x7751, 0x1319: 0x7751, 0x131a: 0x7769, 0x131b: 0x7769, 0x131c: 0x7769, 0x131d: 0x7769,
+	0x131e: 0x7781, 0x131f: 0x7781, 0x1320: 0x7781, 0x1321: 0x7781, 0x1322: 0x7799, 0x1323: 0x7799,
+	0x1324: 0x7799, 0x1325: 0x7799, 0x1326: 0x77b1, 0x1327: 0x77b1, 0x1328: 0x77b1, 0x1329: 0x77b1,
+	0x132a: 0x77c9, 0x132b: 0x77c9, 0x132c: 0x77c9, 0x132d: 0x77c9, 0x132e: 0x77e1, 0x132f: 0x77e1,
+	0x1330: 0x77e1, 0x1331: 0x77e1, 0x1332: 0x77f9, 0x1333: 0x77f9, 0x1334: 0x77f9, 0x1335: 0x77f9,
+	0x1336: 0x7811, 0x1337: 0x7811, 0x1338: 0x7811, 0x1339: 0x7811, 0x133a: 0x7829, 0x133b: 0x7829,
+	0x133c: 0x7829, 0x133d: 0x7829, 0x133e: 0x7841, 0x133f: 0x7841,
+	// Block 0x4d, offset 0x1340
+	0x1340: 0x7841, 0x1341: 0x7841, 0x1342: 0x7859, 0x1343: 0x7859, 0x1344: 0x7871, 0x1345: 0x7871,
+	0x1346: 0x7889, 0x1347: 0x7889, 0x1348: 0x78a1, 0x1349: 0x78a1, 0x134a: 0x78b9, 0x134b: 0x78b9,
+	0x134c: 0x78d1, 0x134d: 0x78d1, 0x134e: 0x78e9, 0x134f: 0x78e9, 0x1350: 0x78e9, 0x1351: 0x78e9,
+	0x1352: 0x7901, 0x1353: 0x7901, 0x1354: 0x7901, 0x1355: 0x7901, 0x1356: 0x7919, 0x1357: 0x7919,
+	0x1358: 0x7919, 0x1359: 0x7919, 0x135a: 0x7931, 0x135b: 0x7931, 0x135c: 0x7931, 0x135d: 0x7931,
+	0x135e: 0x7949, 0x135f: 0x7949, 0x1360: 0x7961, 0x1361: 0x7961, 0x1362: 0x7961, 0x1363: 0x7961,
+	0x1364: 0x7979, 0x1365: 0x7979, 0x1366: 0x7991, 0x1367: 0x7991, 0x1368: 0x7991, 0x1369: 0x7991,
+	0x136a: 0x79a9, 0x136b: 0x79a9, 0x136c: 0x79a9, 0x136d: 0x79a9, 0x136e: 0x79c1, 0x136f: 0x79c1,
+	0x1370: 0x79d9, 0x1371: 0x79d9, 0x1372: 0x0818, 0x1373: 0x0818, 0x1374: 0x0818, 0x1375: 0x0818,
+	0x1376: 0x0818, 0x1377: 0x0818, 0x1378: 0x0818, 0x1379: 0x0818, 0x137a: 0x0818, 0x137b: 0x0818,
+	0x137c: 0x0818, 0x137d: 0x0818, 0x137e: 0x0818, 0x137f: 0x0818,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x0818, 0x1381: 0x0818, 0x1382: 0x0040, 0x1383: 0x0040, 0x1384: 0x0040, 0x1385: 0x0040,
+	0x1386: 0x0040, 0x1387: 0x0040, 0x1388: 0x0040, 0x1389: 0x0040, 0x138a: 0x0040, 0x138b: 0x0040,
+	0x138c: 0x0040, 0x138d: 0x0040, 0x138e: 0x0040, 0x138f: 0x0040, 0x1390: 0x0040, 0x1391: 0x0040,
+	0x1392: 0x0040, 0x1393: 0x79f1, 0x1394: 0x79f1, 0x1395: 0x79f1, 0x1396: 0x79f1, 0x1397: 0x7a09,
+	0x1398: 0x7a09, 0x1399: 0x7a21, 0x139a: 0x7a21, 0x139b: 0x7a39, 0x139c: 0x7a39, 0x139d: 0x0479,
+	0x139e: 0x7a51, 0x139f: 0x7a51, 0x13a0: 0x7a69, 0x13a1: 0x7a69, 0x13a2: 0x7a81, 0x13a3: 0x7a81,
+	0x13a4: 0x7a99, 0x13a5: 0x7a99, 0x13a6: 0x7a99, 0x13a7: 0x7a99, 0x13a8: 0x7ab1, 0x13a9: 0x7ab1,
+	0x13aa: 0x7ac9, 0x13ab: 0x7ac9, 0x13ac: 0x7af1, 0x13ad: 0x7af1, 0x13ae: 0x7b19, 0x13af: 0x7b19,
+	0x13b0: 0x7b41, 0x13b1: 0x7b41, 0x13b2: 0x7b69, 0x13b3: 0x7b69, 0x13b4: 0x7b91, 0x13b5: 0x7b91,
+	0x13b6: 0x7bb9, 0x13b7: 0x7bb9, 0x13b8: 0x7bb9, 0x13b9: 0x7be1, 0x13ba: 0x7be1, 0x13bb: 0x7be1,
+	0x13bc: 0x7c09, 0x13bd: 0x7c09, 0x13be: 0x7c09, 0x13bf: 0x7c09,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x85f9, 0x13c1: 0x8621, 0x13c2: 0x8649, 0x13c3: 0x8671, 0x13c4: 0x8699, 0x13c5: 0x86c1,
+	0x13c6: 0x86e9, 0x13c7: 0x8711, 0x13c8: 0x8739, 0x13c9: 0x8761, 0x13ca: 0x8789, 0x13cb: 0x87b1,
+	0x13cc: 0x87d9, 0x13cd: 0x8801, 0x13ce: 0x8829, 0x13cf: 0x8851, 0x13d0: 0x8879, 0x13d1: 0x88a1,
+	0x13d2: 0x88c9, 0x13d3: 0x88f1, 0x13d4: 0x8919, 0x13d5: 0x8941, 0x13d6: 0x8969, 0x13d7: 0x8991,
+	0x13d8: 0x89b9, 0x13d9: 0x89e1, 0x13da: 0x8a09, 0x13db: 0x8a31, 0x13dc: 0x8a59, 0x13dd: 0x8a81,
+	0x13de: 0x8aaa, 0x13df: 0x8ada, 0x13e0: 0x8b0a, 0x13e1: 0x8b3a, 0x13e2: 0x8b6a, 0x13e3: 0x8b9a,
+	0x13e4: 0x8bc9, 0x13e5: 0x8bf1, 0x13e6: 0x7c71, 0x13e7: 0x8c19, 0x13e8: 0x7be1, 0x13e9: 0x7c99,
+	0x13ea: 0x8c41, 0x13eb: 0x8c69, 0x13ec: 0x7d39, 0x13ed: 0x8c91, 0x13ee: 0x7d61, 0x13ef: 0x7d89,
+	0x13f0: 0x8cb9, 0x13f1: 0x8ce1, 0x13f2: 0x7e29, 0x13f3: 0x8d09, 0x13f4: 0x7e51, 0x13f5: 0x7e79,
+	0x13f6: 0x8d31, 0x13f7: 0x8d59, 0x13f8: 0x7ec9, 0x13f9: 0x8d81, 0x13fa: 0x7ef1, 0x13fb: 0x7f19,
+	0x13fc: 0x83a1, 0x13fd: 0x83c9, 0x13fe: 0x8441, 0x13ff: 0x8469,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x8491, 0x1401: 0x8531, 0x1402: 0x8559, 0x1403: 0x8581, 0x1404: 0x85a9, 0x1405: 0x8649,
+	0x1406: 0x8671, 0x1407: 0x8699, 0x1408: 0x8da9, 0x1409: 0x8739, 0x140a: 0x8dd1, 0x140b: 0x8df9,
+	0x140c: 0x8829, 0x140d: 0x8e21, 0x140e: 0x8851, 0x140f: 0x8879, 0x1410: 0x8a81, 0x1411: 0x8e49,
+	0x1412: 0x8e71, 0x1413: 0x89b9, 0x1414: 0x8e99, 0x1415: 0x89e1, 0x1416: 0x8a09, 0x1417: 0x7c21,
+	0x1418: 0x7c49, 0x1419: 0x8ec1, 0x141a: 0x7c71, 0x141b: 0x8ee9, 0x141c: 0x7cc1, 0x141d: 0x7ce9,
+	0x141e: 0x7d11, 0x141f: 0x7d39, 0x1420: 0x8f11, 0x1421: 0x7db1, 0x1422: 0x7dd9, 0x1423: 0x7e01,
+	0x1424: 0x7e29, 0x1425: 0x8f39, 0x1426: 0x7ec9, 0x1427: 0x7f41, 0x1428: 0x7f69, 0x1429: 0x7f91,
+	0x142a: 0x7fb9, 0x142b: 0x7fe1, 0x142c: 0x8031, 0x142d: 0x8059, 0x142e: 0x8081, 0x142f: 0x80a9,
+	0x1430: 0x80d1, 0x1431: 0x80f9, 0x1432: 0x8f61, 0x1433: 0x8121, 0x1434: 0x8149, 0x1435: 0x8171,
+	0x1436: 0x8199, 0x1437: 0x81c1, 0x1438: 0x81e9, 0x1439: 0x8239, 0x143a: 0x8261, 0x143b: 0x8289,
+	0x143c: 0x82b1, 0x143d: 0x82d9, 0x143e: 0x8301, 0x143f: 0x8329,
+	// Block 0x51, offset 0x1440
+	0x1440: 0x8351, 0x1441: 0x8379, 0x1442: 0x83f1, 0x1443: 0x8419, 0x1444: 0x84b9, 0x1445: 0x84e1,
+	0x1446: 0x8509, 0x1447: 0x8531, 0x1448: 0x8559, 0x1449: 0x85d1, 0x144a: 0x85f9, 0x144b: 0x8621,
+	0x144c: 0x8649, 0x144d: 0x8f89, 0x144e: 0x86c1, 0x144f: 0x86e9, 0x1450: 0x8711, 0x1451: 0x8739,
+	0x1452: 0x87b1, 0x1453: 0x87d9, 0x1454: 0x8801, 0x1455: 0x8829, 0x1456: 0x8fb1, 0x1457: 0x88a1,
+	0x1458: 0x88c9, 0x1459: 0x8fd9, 0x145a: 0x8941, 0x145b: 0x8969, 0x145c: 0x8991, 0x145d: 0x89b9,
+	0x145e: 0x9001, 0x145f: 0x7c71, 0x1460: 0x8ee9, 0x1461: 0x7d39, 0x1462: 0x8f11, 0x1463: 0x7e29,
+	0x1464: 0x8f39, 0x1465: 0x7ec9, 0x1466: 0x9029, 0x1467: 0x80d1, 0x1468: 0x9051, 0x1469: 0x9079,
+	0x146a: 0x90a1, 0x146b: 0x8531, 0x146c: 0x8559, 0x146d: 0x8649, 0x146e: 0x8829, 0x146f: 0x8fb1,
+	0x1470: 0x89b9, 0x1471: 0x9001, 0x1472: 0x90c9, 0x1473: 0x9101, 0x1474: 0x9139, 0x1475: 0x9171,
+	0x1476: 0x9199, 0x1477: 0x91c1, 0x1478: 0x91e9, 0x1479: 0x9211, 0x147a: 0x9239, 0x147b: 0x9261,
+	0x147c: 0x9289, 0x147d: 0x92b1, 0x147e: 0x92d9, 0x147f: 0x9301,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x9329, 0x1481: 0x9351, 0x1482: 0x9379, 0x1483: 0x93a1, 0x1484: 0x93c9, 0x1485: 0x93f1,
+	0x1486: 0x9419, 0x1487: 0x9441, 0x1488: 0x9469, 0x1489: 0x9491, 0x148a: 0x94b9, 0x148b: 0x94e1,
+	0x148c: 0x9079, 0x148d: 0x9509, 0x148e: 0x9531, 0x148f: 0x9559, 0x1490: 0x9581, 0x1491: 0x9171,
+	0x1492: 0x9199, 0x1493: 0x91c1, 0x1494: 0x91e9, 0x1495: 0x9211, 0x1496: 0x9239, 0x1497: 0x9261,
+	0x1498: 0x9289, 0x1499: 0x92b1, 0x149a: 0x92d9, 0x149b: 0x9301, 0x149c: 0x9329, 0x149d: 0x9351,
+	0x149e: 0x9379, 0x149f: 0x93a1, 0x14a0: 0x93c9, 0x14a1: 0x93f1, 0x14a2: 0x9419, 0x14a3: 0x9441,
+	0x14a4: 0x9469, 0x14a5: 0x9491, 0x14a6: 0x94b9, 0x14a7: 0x94e1, 0x14a8: 0x9079, 0x14a9: 0x9509,
+	0x14aa: 0x9531, 0x14ab: 0x9559, 0x14ac: 0x9581, 0x14ad: 0x9491, 0x14ae: 0x94b9, 0x14af: 0x94e1,
+	0x14b0: 0x9079, 0x14b1: 0x9051, 0x14b2: 0x90a1, 0x14b3: 0x8211, 0x14b4: 0x8059, 0x14b5: 0x8081,
+	0x14b6: 0x80a9, 0x14b7: 0x9491, 0x14b8: 0x94b9, 0x14b9: 0x94e1, 0x14ba: 0x8211, 0x14bb: 0x8239,
+	0x14bc: 0x95a9, 0x14bd: 0x95a9, 0x14be: 0x0018, 0x14bf: 0x0018,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0x0040, 0x14c1: 0x0040, 0x14c2: 0x0040, 0x14c3: 0x0040, 0x14c4: 0x0040, 0x14c5: 0x0040,
+	0x14c6: 0x0040, 0x14c7: 0x0040, 0x14c8: 0x0040, 0x14c9: 0x0040, 0x14ca: 0x0040, 0x14cb: 0x0040,
+	0x14cc: 0x0040, 0x14cd: 0x0040, 0x14ce: 0x0040, 0x14cf: 0x0040, 0x14d0: 0x95d1, 0x14d1: 0x9609,
+	0x14d2: 0x9609, 0x14d3: 0x9641, 0x14d4: 0x9679, 0x14d5: 0x96b1, 0x14d6: 0x96e9, 0x14d7: 0x9721,
+	0x14d8: 0x9759, 0x14d9: 0x9759, 0x14da: 0x9791, 0x14db: 0x97c9, 0x14dc: 0x9801, 0x14dd: 0x9839,
+	0x14de: 0x9871, 0x14df: 0x98a9, 0x14e0: 0x98a9, 0x14e1: 0x98e1, 0x14e2: 0x9919, 0x14e3: 0x9919,
+	0x14e4: 0x9951, 0x14e5: 0x9951, 0x14e6: 0x9989, 0x14e7: 0x99c1, 0x14e8: 0x99c1, 0x14e9: 0x99f9,
+	0x14ea: 0x9a31, 0x14eb: 0x9a31, 0x14ec: 0x9a69, 0x14ed: 0x9a69, 0x14ee: 0x9aa1, 0x14ef: 0x9ad9,
+	0x14f0: 0x9ad9, 0x14f1: 0x9b11, 0x14f2: 0x9b11, 0x14f3: 0x9b49, 0x14f4: 0x9b81, 0x14f5: 0x9bb9,
+	0x14f6: 0x9bf1, 0x14f7: 0x9bf1, 0x14f8: 0x9c29, 0x14f9: 0x9c61, 0x14fa: 0x9c99, 0x14fb: 0x9cd1,
+	0x14fc: 0x9d09, 0x14fd: 0x9d09, 0x14fe: 0x9d41, 0x14ff: 0x9d79,
+	// Block 0x54, offset 0x1500
+	0x1500: 0xa949, 0x1501: 0xa981, 0x1502: 0xa9b9, 0x1503: 0xa8a1, 0x1504: 0x9bb9, 0x1505: 0x9989,
+	0x1506: 0xa9f1, 0x1507: 0xaa29, 0x1508: 0x0040, 0x1509: 0x0040, 0x150a: 0x0040, 0x150b: 0x0040,
+	0x150c: 0x0040, 0x150d: 0x0040, 0x150e: 0x0040, 0x150f: 0x0040, 0x1510: 0x0040, 0x1511: 0x0040,
+	0x1512: 0x0040, 0x1513: 0x0040, 0x1514: 0x0040, 0x1515: 0x0040, 0x1516: 0x0040, 0x1517: 0x0040,
+	0x1518: 0x0040, 0x1519: 0x0040, 0x151a: 0x0040, 0x151b: 0x0040, 0x151c: 0x0040, 0x151d: 0x0040,
+	0x151e: 0x0040, 0x151f: 0x0040, 0x1520: 0x0040, 0x1521: 0x0040, 0x1522: 0x0040, 0x1523: 0x0040,
+	0x1524: 0x0040, 0x1525: 0x0040, 0x1526: 0x0040, 0x1527: 0x0040, 0x1528: 0x0040, 0x1529: 0x0040,
+	0x152a: 0x0040, 0x152b: 0x0040, 0x152c: 0x0040, 0x152d: 0x0040, 0x152e: 0x0040, 0x152f: 0x0040,
+	0x1530: 0xaa61, 0x1531: 0xaa99, 0x1532: 0xaad1, 0x1533: 0xab19, 0x1534: 0xab61, 0x1535: 0xaba9,
+	0x1536: 0xabf1, 0x1537: 0xac39, 0x1538: 0xac81, 0x1539: 0xacc9, 0x153a: 0xad02, 0x153b: 0xae12,
+	0x153c: 0xae91, 0x153d: 0x0018, 0x153e: 0x0040, 0x153f: 0x0040,
+	// Block 0x55, offset 0x1540
+	0x1540: 0x33c0, 0x1541: 0x33c0, 0x1542: 0x33c0, 0x1543: 0x33c0, 0x1544: 0x33c0, 0x1545: 0x33c0,
+	0x1546: 0x33c0, 0x1547: 0x33c0, 0x1548: 0x33c0, 0x1549: 0x33c0, 0x154a: 0x33c0, 0x154b: 0x33c0,
+	0x154c: 0x33c0, 0x154d: 0x33c0, 0x154e: 0x33c0, 0x154f: 0x33c0, 0x1550: 0xaeda, 0x1551: 0x7d8d,
+	0x1552: 0x0040, 0x1553: 0xaeea, 0x1554: 0x03c2, 0x1555: 0xaefa, 0x1556: 0xaf0a, 0x1557: 0x7dad,
+	0x1558: 0x7dcd, 0x1559: 0x0040, 0x155a: 0x0040, 0x155b: 0x0040, 0x155c: 0x0040, 0x155d: 0x0040,
+	0x155e: 0x0040, 0x155f: 0x0040, 0x1560: 0x3308, 0x1561: 0x3308, 0x1562: 0x3308, 0x1563: 0x3308,
+	0x1564: 0x3308, 0x1565: 0x3308, 0x1566: 0x3308, 0x1567: 0x3308, 0x1568: 0x3308, 0x1569: 0x3308,
+	0x156a: 0x3308, 0x156b: 0x3308, 0x156c: 0x3308, 0x156d: 0x3308, 0x156e: 0x3308, 0x156f: 0x3308,
+	0x1570: 0x0040, 0x1571: 0x7ded, 0x1572: 0x7e0d, 0x1573: 0xaf1a, 0x1574: 0xaf1a, 0x1575: 0x1fd2,
+	0x1576: 0x1fe2, 0x1577: 0xaf2a, 0x1578: 0xaf3a, 0x1579: 0x7e2d, 0x157a: 0x7e4d, 0x157b: 0x7e6d,
+	0x157c: 0x7e2d, 0x157d: 0x7e8d, 0x157e: 0x7ead, 0x157f: 0x7e8d,
+	// Block 0x56, offset 0x1580
+	0x1580: 0x7ecd, 0x1581: 0x7eed, 0x1582: 0x7f0d, 0x1583: 0x7eed, 0x1584: 0x7f2d, 0x1585: 0x0018,
+	0x1586: 0x0018, 0x1587: 0xaf4a, 0x1588: 0xaf5a, 0x1589: 0x7f4e, 0x158a: 0x7f6e, 0x158b: 0x7f8e,
+	0x158c: 0x7fae, 0x158d: 0xaf1a, 0x158e: 0xaf1a, 0x158f: 0xaf1a, 0x1590: 0xaeda, 0x1591: 0x7fcd,
+	0x1592: 0x0040, 0x1593: 0x0040, 0x1594: 0x03c2, 0x1595: 0xaeea, 0x1596: 0xaf0a, 0x1597: 0xaefa,
+	0x1598: 0x7fed, 0x1599: 0x1fd2, 0x159a: 0x1fe2, 0x159b: 0xaf2a, 0x159c: 0xaf3a, 0x159d: 0x7ecd,
+	0x159e: 0x7f2d, 0x159f: 0xaf6a, 0x15a0: 0xaf7a, 0x15a1: 0xaf8a, 0x15a2: 0x1fb2, 0x15a3: 0xaf99,
+	0x15a4: 0xafaa, 0x15a5: 0xafba, 0x15a6: 0x1fc2, 0x15a7: 0x0040, 0x15a8: 0xafca, 0x15a9: 0xafda,
+	0x15aa: 0xafea, 0x15ab: 0xaffa, 0x15ac: 0x0040, 0x15ad: 0x0040, 0x15ae: 0x0040, 0x15af: 0x0040,
+	0x15b0: 0x800e, 0x15b1: 0xb009, 0x15b2: 0x802e, 0x15b3: 0x0808, 0x15b4: 0x804e, 0x15b5: 0x0040,
+	0x15b6: 0x806e, 0x15b7: 0xb031, 0x15b8: 0x808e, 0x15b9: 0xb059, 0x15ba: 0x80ae, 0x15bb: 0xb081,
+	0x15bc: 0x80ce, 0x15bd: 0xb0a9, 0x15be: 0x80ee, 0x15bf: 0xb0d1,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0xb0f9, 0x15c1: 0xb111, 0x15c2: 0xb111, 0x15c3: 0xb129, 0x15c4: 0xb129, 0x15c5: 0xb141,
+	0x15c6: 0xb141, 0x15c7: 0xb159, 0x15c8: 0xb159, 0x15c9: 0xb171, 0x15ca: 0xb171, 0x15cb: 0xb171,
+	0x15cc: 0xb171, 0x15cd: 0xb189, 0x15ce: 0xb189, 0x15cf: 0xb1a1, 0x15d0: 0xb1a1, 0x15d1: 0xb1a1,
+	0x15d2: 0xb1a1, 0x15d3: 0xb1b9, 0x15d4: 0xb1b9, 0x15d5: 0xb1d1, 0x15d6: 0xb1d1, 0x15d7: 0xb1d1,
+	0x15d8: 0xb1d1, 0x15d9: 0xb1e9, 0x15da: 0xb1e9, 0x15db: 0xb1e9, 0x15dc: 0xb1e9, 0x15dd: 0xb201,
+	0x15de: 0xb201, 0x15df: 0xb201, 0x15e0: 0xb201, 0x15e1: 0xb219, 0x15e2: 0xb219, 0x15e3: 0xb219,
+	0x15e4: 0xb219, 0x15e5: 0xb231, 0x15e6: 0xb231, 0x15e7: 0xb231, 0x15e8: 0xb231, 0x15e9: 0xb249,
+	0x15ea: 0xb249, 0x15eb: 0xb261, 0x15ec: 0xb261, 0x15ed: 0xb279, 0x15ee: 0xb279, 0x15ef: 0xb291,
+	0x15f0: 0xb291, 0x15f1: 0xb2a9, 0x15f2: 0xb2a9, 0x15f3: 0xb2a9, 0x15f4: 0xb2a9, 0x15f5: 0xb2c1,
+	0x15f6: 0xb2c1, 0x15f7: 0xb2c1, 0x15f8: 0xb2c1, 0x15f9: 0xb2d9, 0x15fa: 0xb2d9, 0x15fb: 0xb2d9,
+	0x15fc: 0xb2d9, 0x15fd: 0xb2f1, 0x15fe: 0xb2f1, 0x15ff: 0xb2f1,
+	// Block 0x58, offset 0x1600
+	0x1600: 0xb2f1, 0x1601: 0xb309, 0x1602: 0xb309, 0x1603: 0xb309, 0x1604: 0xb309, 0x1605: 0xb321,
+	0x1606: 0xb321, 0x1607: 0xb321, 0x1608: 0xb321, 0x1609: 0xb339, 0x160a: 0xb339, 0x160b: 0xb339,
+	0x160c: 0xb339, 0x160d: 0xb351, 0x160e: 0xb351, 0x160f: 0xb351, 0x1610: 0xb351, 0x1611: 0xb369,
+	0x1612: 0xb369, 0x1613: 0xb369, 0x1614: 0xb369, 0x1615: 0xb381, 0x1616: 0xb381, 0x1617: 0xb381,
+	0x1618: 0xb381, 0x1619: 0xb399, 0x161a: 0xb399, 0x161b: 0xb399, 0x161c: 0xb399, 0x161d: 0xb3b1,
+	0x161e: 0xb3b1, 0x161f: 0xb3b1, 0x1620: 0xb3b1, 0x1621: 0xb3c9, 0x1622: 0xb3c9, 0x1623: 0xb3c9,
+	0x1624: 0xb3c9, 0x1625: 0xb3e1, 0x1626: 0xb3e1, 0x1627: 0xb3e1, 0x1628: 0xb3e1, 0x1629: 0xb3f9,
+	0x162a: 0xb3f9, 0x162b: 0xb3f9, 0x162c: 0xb3f9, 0x162d: 0xb411, 0x162e: 0xb411, 0x162f: 0x7ab1,
+	0x1630: 0x7ab1, 0x1631: 0xb429, 0x1632: 0xb429, 0x1633: 0xb429, 0x1634: 0xb429, 0x1635: 0xb441,
+	0x1636: 0xb441, 0x1637: 0xb469, 0x1638: 0xb469, 0x1639: 0xb491, 0x163a: 0xb491, 0x163b: 0xb4b9,
+	0x163c: 0xb4b9, 0x163d: 0x0040, 0x163e: 0x0040, 0x163f: 0x03c0,
+	// Block 0x59, offset 0x1640
+	0x1640: 0x0040, 0x1641: 0xaefa, 0x1642: 0xb4e2, 0x1643: 0xaf6a, 0x1644: 0xafda, 0x1645: 0xafea,
+	0x1646: 0xaf7a, 0x1647: 0xb4f2, 0x1648: 0x1fd2, 0x1649: 0x1fe2, 0x164a: 0xaf8a, 0x164b: 0x1fb2,
+	0x164c: 0xaeda, 0x164d: 0xaf99, 0x164e: 0x29d1, 0x164f: 0xb502, 0x1650: 0x1f41, 0x1651: 0x00c9,
+	0x1652: 0x0069, 0x1653: 0x0079, 0x1654: 0x1f51, 0x1655: 0x1f61, 0x1656: 0x1f71, 0x1657: 0x1f81,
+	0x1658: 0x1f91, 0x1659: 0x1fa1, 0x165a: 0xaeea, 0x165b: 0x03c2, 0x165c: 0xafaa, 0x165d: 0x1fc2,
+	0x165e: 0xafba, 0x165f: 0xaf0a, 0x1660: 0xaffa, 0x1661: 0x0039, 0x1662: 0x0ee9, 0x1663: 0x1159,
+	0x1664: 0x0ef9, 0x1665: 0x0f09, 0x1666: 0x1199, 0x1667: 0x0f31, 0x1668: 0x0249, 0x1669: 0x0f41,
+	0x166a: 0x0259, 0x166b: 0x0f51, 0x166c: 0x0359, 0x166d: 0x0f61, 0x166e: 0x0f71, 0x166f: 0x00d9,
+	0x1670: 0x0f99, 0x1671: 0x2039, 0x1672: 0x0269, 0x1673: 0x01d9, 0x1674: 0x0fa9, 0x1675: 0x0fb9,
+	0x1676: 0x1089, 0x1677: 0x0279, 0x1678: 0x0369, 0x1679: 0x0289, 0x167a: 0x13d1, 0x167b: 0xaf4a,
+	0x167c: 0xafca, 0x167d: 0xaf5a, 0x167e: 0xb512, 0x167f: 0xaf1a,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x1caa, 0x1681: 0x0039, 0x1682: 0x0ee9, 0x1683: 0x1159, 0x1684: 0x0ef9, 0x1685: 0x0f09,
+	0x1686: 0x1199, 0x1687: 0x0f31, 0x1688: 0x0249, 0x1689: 0x0f41, 0x168a: 0x0259, 0x168b: 0x0f51,
+	0x168c: 0x0359, 0x168d: 0x0f61, 0x168e: 0x0f71, 0x168f: 0x00d9, 0x1690: 0x0f99, 0x1691: 0x2039,
+	0x1692: 0x0269, 0x1693: 0x01d9, 0x1694: 0x0fa9, 0x1695: 0x0fb9, 0x1696: 0x1089, 0x1697: 0x0279,
+	0x1698: 0x0369, 0x1699: 0x0289, 0x169a: 0x13d1, 0x169b: 0xaf2a, 0x169c: 0xb522, 0x169d: 0xaf3a,
+	0x169e: 0xb532, 0x169f: 0x810d, 0x16a0: 0x812d, 0x16a1: 0x29d1, 0x16a2: 0x814d, 0x16a3: 0x814d,
+	0x16a4: 0x816d, 0x16a5: 0x818d, 0x16a6: 0x81ad, 0x16a7: 0x81cd, 0x16a8: 0x81ed, 0x16a9: 0x820d,
+	0x16aa: 0x822d, 0x16ab: 0x824d, 0x16ac: 0x826d, 0x16ad: 0x828d, 0x16ae: 0x82ad, 0x16af: 0x82cd,
+	0x16b0: 0x82ed, 0x16b1: 0x830d, 0x16b2: 0x832d, 0x16b3: 0x834d, 0x16b4: 0x836d, 0x16b5: 0x838d,
+	0x16b6: 0x83ad, 0x16b7: 0x83cd, 0x16b8: 0x83ed, 0x16b9: 0x840d, 0x16ba: 0x842d, 0x16bb: 0x844d,
+	0x16bc: 0x81ed, 0x16bd: 0x846d, 0x16be: 0x848d, 0x16bf: 0x824d,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x84ad, 0x16c1: 0x84cd, 0x16c2: 0x84ed, 0x16c3: 0x850d, 0x16c4: 0x852d, 0x16c5: 0x854d,
+	0x16c6: 0x856d, 0x16c7: 0x858d, 0x16c8: 0x850d, 0x16c9: 0x85ad, 0x16ca: 0x850d, 0x16cb: 0x85cd,
+	0x16cc: 0x85cd, 0x16cd: 0x85ed, 0x16ce: 0x85ed, 0x16cf: 0x860d, 0x16d0: 0x854d, 0x16d1: 0x862d,
+	0x16d2: 0x864d, 0x16d3: 0x862d, 0x16d4: 0x866d, 0x16d5: 0x864d, 0x16d6: 0x868d, 0x16d7: 0x868d,
+	0x16d8: 0x86ad, 0x16d9: 0x86ad, 0x16da: 0x86cd, 0x16db: 0x86cd, 0x16dc: 0x864d, 0x16dd: 0x814d,
+	0x16de: 0x86ed, 0x16df: 0x870d, 0x16e0: 0x0040, 0x16e1: 0x872d, 0x16e2: 0x874d, 0x16e3: 0x876d,
+	0x16e4: 0x878d, 0x16e5: 0x876d, 0x16e6: 0x87ad, 0x16e7: 0x87cd, 0x16e8: 0x87ed, 0x16e9: 0x87ed,
+	0x16ea: 0x880d, 0x16eb: 0x880d, 0x16ec: 0x882d, 0x16ed: 0x882d, 0x16ee: 0x880d, 0x16ef: 0x880d,
+	0x16f0: 0x884d, 0x16f1: 0x886d, 0x16f2: 0x888d, 0x16f3: 0x88ad, 0x16f4: 0x88cd, 0x16f5: 0x88ed,
+	0x16f6: 0x88ed, 0x16f7: 0x88ed, 0x16f8: 0x890d, 0x16f9: 0x890d, 0x16fa: 0x890d, 0x16fb: 0x890d,
+	0x16fc: 0x87ed, 0x16fd: 0x87ed, 0x16fe: 0x87ed, 0x16ff: 0x0040,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x0040, 0x1701: 0x0040, 0x1702: 0x874d, 0x1703: 0x872d, 0x1704: 0x892d, 0x1705: 0x872d,
+	0x1706: 0x874d, 0x1707: 0x872d, 0x1708: 0x0040, 0x1709: 0x0040, 0x170a: 0x894d, 0x170b: 0x874d,
+	0x170c: 0x896d, 0x170d: 0x892d, 0x170e: 0x896d, 0x170f: 0x874d, 0x1710: 0x0040, 0x1711: 0x0040,
+	0x1712: 0x898d, 0x1713: 0x89ad, 0x1714: 0x88ad, 0x1715: 0x896d, 0x1716: 0x892d, 0x1717: 0x896d,
+	0x1718: 0x0040, 0x1719: 0x0040, 0x171a: 0x89cd, 0x171b: 0x89ed, 0x171c: 0x89cd, 0x171d: 0x0040,
+	0x171e: 0x0040, 0x171f: 0x0040, 0x1720: 0xb541, 0x1721: 0xb559, 0x1722: 0xb571, 0x1723: 0x8a0e,
+	0x1724: 0xb589, 0x1725: 0xb5a1, 0x1726: 0x8a2d, 0x1727: 0x0040, 0x1728: 0x8a4d, 0x1729: 0x8a6d,
+	0x172a: 0x8a8d, 0x172b: 0x8a6d, 0x172c: 0x8aad, 0x172d: 0x8acd, 0x172e: 0x8aed, 0x172f: 0x0040,
+	0x1730: 0x0040, 0x1731: 0x0040, 0x1732: 0x0040, 0x1733: 0x0040, 0x1734: 0x0040, 0x1735: 0x0040,
+	0x1736: 0x0040, 0x1737: 0x0040, 0x1738: 0x0040, 0x1739: 0x0340, 0x173a: 0x0340, 0x173b: 0x0340,
+	0x173c: 0x0040, 0x173d: 0x0040, 0x173e: 0x0040, 0x173f: 0x0040,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x0a08, 0x1741: 0x0a08, 0x1742: 0x0a08, 0x1743: 0x0a08, 0x1744: 0x0a08, 0x1745: 0x0c08,
+	0x1746: 0x0808, 0x1747: 0x0c08, 0x1748: 0x0818, 0x1749: 0x0c08, 0x174a: 0x0c08, 0x174b: 0x0808,
+	0x174c: 0x0808, 0x174d: 0x0908, 0x174e: 0x0c08, 0x174f: 0x0c08, 0x1750: 0x0c08, 0x1751: 0x0c08,
+	0x1752: 0x0c08, 0x1753: 0x0a08, 0x1754: 0x0a08, 0x1755: 0x0a08, 0x1756: 0x0a08, 0x1757: 0x0908,
+	0x1758: 0x0a08, 0x1759: 0x0a08, 0x175a: 0x0a08, 0x175b: 0x0a08, 0x175c: 0x0a08, 0x175d: 0x0c08,
+	0x175e: 0x0a08, 0x175f: 0x0a08, 0x1760: 0x0a08, 0x1761: 0x0c08, 0x1762: 0x0808, 0x1763: 0x0808,
+	0x1764: 0x0c08, 0x1765: 0x3308, 0x1766: 0x3308, 0x1767: 0x0040, 0x1768: 0x0040, 0x1769: 0x0040,
+	0x176a: 0x0040, 0x176b: 0x0a18, 0x176c: 0x0a18, 0x176d: 0x0a18, 0x176e: 0x0a18, 0x176f: 0x0c18,
+	0x1770: 0x0818, 0x1771: 0x0818, 0x1772: 0x0818, 0x1773: 0x0818, 0x1774: 0x0818, 0x1775: 0x0818,
+	0x1776: 0x0818, 0x1777: 0x0040, 0x1778: 0x0040, 0x1779: 0x0040, 0x177a: 0x0040, 0x177b: 0x0040,
+	0x177c: 0x0040, 0x177d: 0x0040, 0x177e: 0x0040, 0x177f: 0x0040,
+	// Block 0x5e, offset 0x1780
+	0x1780: 0x0a08, 0x1781: 0x0c08, 0x1782: 0x0a08, 0x1783: 0x0c08, 0x1784: 0x0c08, 0x1785: 0x0c08,
+	0x1786: 0x0a08, 0x1787: 0x0a08, 0x1788: 0x0a08, 0x1789: 0x0c08, 0x178a: 0x0a08, 0x178b: 0x0a08,
+	0x178c: 0x0c08, 0x178d: 0x0a08, 0x178e: 0x0c08, 0x178f: 0x0c08, 0x1790: 0x0a08, 0x1791: 0x0c08,
+	0x1792: 0x0040, 0x1793: 0x0040, 0x1794: 0x0040, 0x1795: 0x0040, 0x1796: 0x0040, 0x1797: 0x0040,
+	0x1798: 0x0040, 0x1799: 0x0818, 0x179a: 0x0818, 0x179b: 0x0818, 0x179c: 0x0818, 0x179d: 0x0040,
+	0x179e: 0x0040, 0x179f: 0x0040, 0x17a0: 0x0040, 0x17a1: 0x0040, 0x17a2: 0x0040, 0x17a3: 0x0040,
+	0x17a4: 0x0040, 0x17a5: 0x0040, 0x17a6: 0x0040, 0x17a7: 0x0040, 0x17a8: 0x0040, 0x17a9: 0x0c18,
+	0x17aa: 0x0c18, 0x17ab: 0x0c18, 0x17ac: 0x0c18, 0x17ad: 0x0a18, 0x17ae: 0x0a18, 0x17af: 0x0818,
+	0x17b0: 0x0040, 0x17b1: 0x0040, 0x17b2: 0x0040, 0x17b3: 0x0040, 0x17b4: 0x0040, 0x17b5: 0x0040,
+	0x17b6: 0x0040, 0x17b7: 0x0040, 0x17b8: 0x0040, 0x17b9: 0x0040, 0x17ba: 0x0040, 0x17bb: 0x0040,
+	0x17bc: 0x0040, 0x17bd: 0x0040, 0x17be: 0x0040, 0x17bf: 0x0040,
+	// Block 0x5f, offset 0x17c0
+	0x17c0: 0x3308, 0x17c1: 0x3308, 0x17c2: 0x3008, 0x17c3: 0x3008, 0x17c4: 0x0040, 0x17c5: 0x0008,
+	0x17c6: 0x0008, 0x17c7: 0x0008, 0x17c8: 0x0008, 0x17c9: 0x0008, 0x17ca: 0x0008, 0x17cb: 0x0008,
+	0x17cc: 0x0008, 0x17cd: 0x0040, 0x17ce: 0x0040, 0x17cf: 0x0008, 0x17d0: 0x0008, 0x17d1: 0x0040,
+	0x17d2: 0x0040, 0x17d3: 0x0008, 0x17d4: 0x0008, 0x17d5: 0x0008, 0x17d6: 0x0008, 0x17d7: 0x0008,
+	0x17d8: 0x0008, 0x17d9: 0x0008, 0x17da: 0x0008, 0x17db: 0x0008, 0x17dc: 0x0008, 0x17dd: 0x0008,
+	0x17de: 0x0008, 0x17df: 0x0008, 0x17e0: 0x0008, 0x17e1: 0x0008, 0x17e2: 0x0008, 0x17e3: 0x0008,
+	0x17e4: 0x0008, 0x17e5: 0x0008, 0x17e6: 0x0008, 0x17e7: 0x0008, 0x17e8: 0x0008, 0x17e9: 0x0040,
+	0x17ea: 0x0008, 0x17eb: 0x0008, 0x17ec: 0x0008, 0x17ed: 0x0008, 0x17ee: 0x0008, 0x17ef: 0x0008,
+	0x17f0: 0x0008, 0x17f1: 0x0040, 0x17f2: 0x0008, 0x17f3: 0x0008, 0x17f4: 0x0040, 0x17f5: 0x0008,
+	0x17f6: 0x0008, 0x17f7: 0x0008, 0x17f8: 0x0008, 0x17f9: 0x0008, 0x17fa: 0x0040, 0x17fb: 0x3308,
+	0x17fc: 0x3308, 0x17fd: 0x0008, 0x17fe: 0x3008, 0x17ff: 0x3008,
+	// Block 0x60, offset 0x1800
+	0x1800: 0x3308, 0x1801: 0x3008, 0x1802: 0x3008, 0x1803: 0x3008, 0x1804: 0x3008, 0x1805: 0x0040,
+	0x1806: 0x0040, 0x1807: 0x3008, 0x1808: 0x3008, 0x1809: 0x0040, 0x180a: 0x0040, 0x180b: 0x3008,
+	0x180c: 0x3008, 0x180d: 0x3808, 0x180e: 0x0040, 0x180f: 0x0040, 0x1810: 0x0008, 0x1811: 0x0040,
+	0x1812: 0x0040, 0x1813: 0x0040, 0x1814: 0x0040, 0x1815: 0x0040, 0x1816: 0x0040, 0x1817: 0x3008,
+	0x1818: 0x0040, 0x1819: 0x0040, 0x181a: 0x0040, 0x181b: 0x0040, 0x181c: 0x0040, 0x181d: 0x0008,
+	0x181e: 0x0008, 0x181f: 0x0008, 0x1820: 0x0008, 0x1821: 0x0008, 0x1822: 0x3008, 0x1823: 0x3008,
+	0x1824: 0x0040, 0x1825: 0x0040, 0x1826: 0x3308, 0x1827: 0x3308, 0x1828: 0x3308, 0x1829: 0x3308,
+	0x182a: 0x3308, 0x182b: 0x3308, 0x182c: 0x3308, 0x182d: 0x0040, 0x182e: 0x0040, 0x182f: 0x0040,
+	0x1830: 0x3308, 0x1831: 0x3308, 0x1832: 0x3308, 0x1833: 0x3308, 0x1834: 0x3308, 0x1835: 0x0040,
+	0x1836: 0x0040, 0x1837: 0x0040, 0x1838: 0x0040, 0x1839: 0x0040, 0x183a: 0x0040, 0x183b: 0x0040,
+	0x183c: 0x0040, 0x183d: 0x0040, 0x183e: 0x0040, 0x183f: 0x0040,
+	// Block 0x61, offset 0x1840
+	0x1840: 0x0039, 0x1841: 0x0ee9, 0x1842: 0x1159, 0x1843: 0x0ef9, 0x1844: 0x0f09, 0x1845: 0x1199,
+	0x1846: 0x0f31, 0x1847: 0x0249, 0x1848: 0x0f41, 0x1849: 0x0259, 0x184a: 0x0f51, 0x184b: 0x0359,
+	0x184c: 0x0f61, 0x184d: 0x0f71, 0x184e: 0x00d9, 0x184f: 0x0f99, 0x1850: 0x2039, 0x1851: 0x0269,
+	0x1852: 0x01d9, 0x1853: 0x0fa9, 0x1854: 0x0fb9, 0x1855: 0x1089, 0x1856: 0x0279, 0x1857: 0x0369,
+	0x1858: 0x0289, 0x1859: 0x13d1, 0x185a: 0x0039, 0x185b: 0x0ee9, 0x185c: 0x1159, 0x185d: 0x0ef9,
+	0x185e: 0x0f09, 0x185f: 0x1199, 0x1860: 0x0f31, 0x1861: 0x0249, 0x1862: 0x0f41, 0x1863: 0x0259,
+	0x1864: 0x0f51, 0x1865: 0x0359, 0x1866: 0x0f61, 0x1867: 0x0f71, 0x1868: 0x00d9, 0x1869: 0x0f99,
+	0x186a: 0x2039, 0x186b: 0x0269, 0x186c: 0x01d9, 0x186d: 0x0fa9, 0x186e: 0x0fb9, 0x186f: 0x1089,
+	0x1870: 0x0279, 0x1871: 0x0369, 0x1872: 0x0289, 0x1873: 0x13d1, 0x1874: 0x0039, 0x1875: 0x0ee9,
+	0x1876: 0x1159, 0x1877: 0x0ef9, 0x1878: 0x0f09, 0x1879: 0x1199, 0x187a: 0x0f31, 0x187b: 0x0249,
+	0x187c: 0x0f41, 0x187d: 0x0259, 0x187e: 0x0f51, 0x187f: 0x0359,
+	// Block 0x62, offset 0x1880
+	0x1880: 0x0f61, 0x1881: 0x0f71, 0x1882: 0x00d9, 0x1883: 0x0f99, 0x1884: 0x2039, 0x1885: 0x0269,
+	0x1886: 0x01d9, 0x1887: 0x0fa9, 0x1888: 0x0fb9, 0x1889: 0x1089, 0x188a: 0x0279, 0x188b: 0x0369,
+	0x188c: 0x0289, 0x188d: 0x13d1, 0x188e: 0x0039, 0x188f: 0x0ee9, 0x1890: 0x1159, 0x1891: 0x0ef9,
+	0x1892: 0x0f09, 0x1893: 0x1199, 0x1894: 0x0f31, 0x1895: 0x0040, 0x1896: 0x0f41, 0x1897: 0x0259,
+	0x1898: 0x0f51, 0x1899: 0x0359, 0x189a: 0x0f61, 0x189b: 0x0f71, 0x189c: 0x00d9, 0x189d: 0x0f99,
+	0x189e: 0x2039, 0x189f: 0x0269, 0x18a0: 0x01d9, 0x18a1: 0x0fa9, 0x18a2: 0x0fb9, 0x18a3: 0x1089,
+	0x18a4: 0x0279, 0x18a5: 0x0369, 0x18a6: 0x0289, 0x18a7: 0x13d1, 0x18a8: 0x0039, 0x18a9: 0x0ee9,
+	0x18aa: 0x1159, 0x18ab: 0x0ef9, 0x18ac: 0x0f09, 0x18ad: 0x1199, 0x18ae: 0x0f31, 0x18af: 0x0249,
+	0x18b0: 0x0f41, 0x18b1: 0x0259, 0x18b2: 0x0f51, 0x18b3: 0x0359, 0x18b4: 0x0f61, 0x18b5: 0x0f71,
+	0x18b6: 0x00d9, 0x18b7: 0x0f99, 0x18b8: 0x2039, 0x18b9: 0x0269, 0x18ba: 0x01d9, 0x18bb: 0x0fa9,
+	0x18bc: 0x0fb9, 0x18bd: 0x1089, 0x18be: 0x0279, 0x18bf: 0x0369,
+	// Block 0x63, offset 0x18c0
+	0x18c0: 0x0289, 0x18c1: 0x13d1, 0x18c2: 0x0039, 0x18c3: 0x0ee9, 0x18c4: 0x1159, 0x18c5: 0x0ef9,
+	0x18c6: 0x0f09, 0x18c7: 0x1199, 0x18c8: 0x0f31, 0x18c9: 0x0249, 0x18ca: 0x0f41, 0x18cb: 0x0259,
+	0x18cc: 0x0f51, 0x18cd: 0x0359, 0x18ce: 0x0f61, 0x18cf: 0x0f71, 0x18d0: 0x00d9, 0x18d1: 0x0f99,
+	0x18d2: 0x2039, 0x18d3: 0x0269, 0x18d4: 0x01d9, 0x18d5: 0x0fa9, 0x18d6: 0x0fb9, 0x18d7: 0x1089,
+	0x18d8: 0x0279, 0x18d9: 0x0369, 0x18da: 0x0289, 0x18db: 0x13d1, 0x18dc: 0x0039, 0x18dd: 0x0040,
+	0x18de: 0x1159, 0x18df: 0x0ef9, 0x18e0: 0x0040, 0x18e1: 0x0040, 0x18e2: 0x0f31, 0x18e3: 0x0040,
+	0x18e4: 0x0040, 0x18e5: 0x0259, 0x18e6: 0x0f51, 0x18e7: 0x0040, 0x18e8: 0x0040, 0x18e9: 0x0f71,
+	0x18ea: 0x00d9, 0x18eb: 0x0f99, 0x18ec: 0x2039, 0x18ed: 0x0040, 0x18ee: 0x01d9, 0x18ef: 0x0fa9,
+	0x18f0: 0x0fb9, 0x18f1: 0x1089, 0x18f2: 0x0279, 0x18f3: 0x0369, 0x18f4: 0x0289, 0x18f5: 0x13d1,
+	0x18f6: 0x0039, 0x18f7: 0x0ee9, 0x18f8: 0x1159, 0x18f9: 0x0ef9, 0x18fa: 0x0040, 0x18fb: 0x1199,
+	0x18fc: 0x0040, 0x18fd: 0x0249, 0x18fe: 0x0f41, 0x18ff: 0x0259,
+	// Block 0x64, offset 0x1900
+	0x1900: 0x0f51, 0x1901: 0x0359, 0x1902: 0x0f61, 0x1903: 0x0f71, 0x1904: 0x0040, 0x1905: 0x0f99,
+	0x1906: 0x2039, 0x1907: 0x0269, 0x1908: 0x01d9, 0x1909: 0x0fa9, 0x190a: 0x0fb9, 0x190b: 0x1089,
+	0x190c: 0x0279, 0x190d: 0x0369, 0x190e: 0x0289, 0x190f: 0x13d1, 0x1910: 0x0039, 0x1911: 0x0ee9,
+	0x1912: 0x1159, 0x1913: 0x0ef9, 0x1914: 0x0f09, 0x1915: 0x1199, 0x1916: 0x0f31, 0x1917: 0x0249,
+	0x1918: 0x0f41, 0x1919: 0x0259, 0x191a: 0x0f51, 0x191b: 0x0359, 0x191c: 0x0f61, 0x191d: 0x0f71,
+	0x191e: 0x00d9, 0x191f: 0x0f99, 0x1920: 0x2039, 0x1921: 0x0269, 0x1922: 0x01d9, 0x1923: 0x0fa9,
+	0x1924: 0x0fb9, 0x1925: 0x1089, 0x1926: 0x0279, 0x1927: 0x0369, 0x1928: 0x0289, 0x1929: 0x13d1,
+	0x192a: 0x0039, 0x192b: 0x0ee9, 0x192c: 0x1159, 0x192d: 0x0ef9, 0x192e: 0x0f09, 0x192f: 0x1199,
+	0x1930: 0x0f31, 0x1931: 0x0249, 0x1932: 0x0f41, 0x1933: 0x0259, 0x1934: 0x0f51, 0x1935: 0x0359,
+	0x1936: 0x0f61, 0x1937: 0x0f71, 0x1938: 0x00d9, 0x1939: 0x0f99, 0x193a: 0x2039, 0x193b: 0x0269,
+	0x193c: 0x01d9, 0x193d: 0x0fa9, 0x193e: 0x0fb9, 0x193f: 0x1089,
+	// Block 0x65, offset 0x1940
+	0x1940: 0x0279, 0x1941: 0x0369, 0x1942: 0x0289, 0x1943: 0x13d1, 0x1944: 0x0039, 0x1945: 0x0ee9,
+	0x1946: 0x0040, 0x1947: 0x0ef9, 0x1948: 0x0f09, 0x1949: 0x1199, 0x194a: 0x0f31, 0x194b: 0x0040,
+	0x194c: 0x0040, 0x194d: 0x0259, 0x194e: 0x0f51, 0x194f: 0x0359, 0x1950: 0x0f61, 0x1951: 0x0f71,
+	0x1952: 0x00d9, 0x1953: 0x0f99, 0x1954: 0x2039, 0x1955: 0x0040, 0x1956: 0x01d9, 0x1957: 0x0fa9,
+	0x1958: 0x0fb9, 0x1959: 0x1089, 0x195a: 0x0279, 0x195b: 0x0369, 0x195c: 0x0289, 0x195d: 0x0040,
+	0x195e: 0x0039, 0x195f: 0x0ee9, 0x1960: 0x1159, 0x1961: 0x0ef9, 0x1962: 0x0f09, 0x1963: 0x1199,
+	0x1964: 0x0f31, 0x1965: 0x0249, 0x1966: 0x0f41, 0x1967: 0x0259, 0x1968: 0x0f51, 0x1969: 0x0359,
+	0x196a: 0x0f61, 0x196b: 0x0f71, 0x196c: 0x00d9, 0x196d: 0x0f99, 0x196e: 0x2039, 0x196f: 0x0269,
+	0x1970: 0x01d9, 0x1971: 0x0fa9, 0x1972: 0x0fb9, 0x1973: 0x1089, 0x1974: 0x0279, 0x1975: 0x0369,
+	0x1976: 0x0289, 0x1977: 0x13d1, 0x1978: 0x0039, 0x1979: 0x0ee9, 0x197a: 0x0040, 0x197b: 0x0ef9,
+	0x197c: 0x0f09, 0x197d: 0x1199, 0x197e: 0x0f31, 0x197f: 0x0040,
+	// Block 0x66, offset 0x1980
+	0x1980: 0x0f41, 0x1981: 0x0259, 0x1982: 0x0f51, 0x1983: 0x0359, 0x1984: 0x0f61, 0x1985: 0x0040,
+	0x1986: 0x00d9, 0x1987: 0x0040, 0x1988: 0x0040, 0x1989: 0x0040, 0x198a: 0x01d9, 0x198b: 0x0fa9,
+	0x198c: 0x0fb9, 0x198d: 0x1089, 0x198e: 0x0279, 0x198f: 0x0369, 0x1990: 0x0289, 0x1991: 0x0040,
+	0x1992: 0x0039, 0x1993: 0x0ee9, 0x1994: 0x1159, 0x1995: 0x0ef9, 0x1996: 0x0f09, 0x1997: 0x1199,
+	0x1998: 0x0f31, 0x1999: 0x0249, 0x199a: 0x0f41, 0x199b: 0x0259, 0x199c: 0x0f51, 0x199d: 0x0359,
+	0x199e: 0x0f61, 0x199f: 0x0f71, 0x19a0: 0x00d9, 0x19a1: 0x0f99, 0x19a2: 0x2039, 0x19a3: 0x0269,
+	0x19a4: 0x01d9, 0x19a5: 0x0fa9, 0x19a6: 0x0fb9, 0x19a7: 0x1089, 0x19a8: 0x0279, 0x19a9: 0x0369,
+	0x19aa: 0x0289, 0x19ab: 0x13d1, 0x19ac: 0x0039, 0x19ad: 0x0ee9, 0x19ae: 0x1159, 0x19af: 0x0ef9,
+	0x19b0: 0x0f09, 0x19b1: 0x1199, 0x19b2: 0x0f31, 0x19b3: 0x0249, 0x19b4: 0x0f41, 0x19b5: 0x0259,
+	0x19b6: 0x0f51, 0x19b7: 0x0359, 0x19b8: 0x0f61, 0x19b9: 0x0f71, 0x19ba: 0x00d9, 0x19bb: 0x0f99,
+	0x19bc: 0x2039, 0x19bd: 0x0269, 0x19be: 0x01d9, 0x19bf: 0x0fa9,
+	// Block 0x67, offset 0x19c0
+	0x19c0: 0x0fb9, 0x19c1: 0x1089, 0x19c2: 0x0279, 0x19c3: 0x0369, 0x19c4: 0x0289, 0x19c5: 0x13d1,
+	0x19c6: 0x0039, 0x19c7: 0x0ee9, 0x19c8: 0x1159, 0x19c9: 0x0ef9, 0x19ca: 0x0f09, 0x19cb: 0x1199,
+	0x19cc: 0x0f31, 0x19cd: 0x0249, 0x19ce: 0x0f41, 0x19cf: 0x0259, 0x19d0: 0x0f51, 0x19d1: 0x0359,
+	0x19d2: 0x0f61, 0x19d3: 0x0f71, 0x19d4: 0x00d9, 0x19d5: 0x0f99, 0x19d6: 0x2039, 0x19d7: 0x0269,
+	0x19d8: 0x01d9, 0x19d9: 0x0fa9, 0x19da: 0x0fb9, 0x19db: 0x1089, 0x19dc: 0x0279, 0x19dd: 0x0369,
+	0x19de: 0x0289, 0x19df: 0x13d1, 0x19e0: 0x0039, 0x19e1: 0x0ee9, 0x19e2: 0x1159, 0x19e3: 0x0ef9,
+	0x19e4: 0x0f09, 0x19e5: 0x1199, 0x19e6: 0x0f31, 0x19e7: 0x0249, 0x19e8: 0x0f41, 0x19e9: 0x0259,
+	0x19ea: 0x0f51, 0x19eb: 0x0359, 0x19ec: 0x0f61, 0x19ed: 0x0f71, 0x19ee: 0x00d9, 0x19ef: 0x0f99,
+	0x19f0: 0x2039, 0x19f1: 0x0269, 0x19f2: 0x01d9, 0x19f3: 0x0fa9, 0x19f4: 0x0fb9, 0x19f5: 0x1089,
+	0x19f6: 0x0279, 0x19f7: 0x0369, 0x19f8: 0x0289, 0x19f9: 0x13d1, 0x19fa: 0x0039, 0x19fb: 0x0ee9,
+	0x19fc: 0x1159, 0x19fd: 0x0ef9, 0x19fe: 0x0f09, 0x19ff: 0x1199,
+	// Block 0x68, offset 0x1a00
+	0x1a00: 0x0f31, 0x1a01: 0x0249, 0x1a02: 0x0f41, 0x1a03: 0x0259, 0x1a04: 0x0f51, 0x1a05: 0x0359,
+	0x1a06: 0x0f61, 0x1a07: 0x0f71, 0x1a08: 0x00d9, 0x1a09: 0x0f99, 0x1a0a: 0x2039, 0x1a0b: 0x0269,
+	0x1a0c: 0x01d9, 0x1a0d: 0x0fa9, 0x1a0e: 0x0fb9, 0x1a0f: 0x1089, 0x1a10: 0x0279, 0x1a11: 0x0369,
+	0x1a12: 0x0289, 0x1a13: 0x13d1, 0x1a14: 0x0039, 0x1a15: 0x0ee9, 0x1a16: 0x1159, 0x1a17: 0x0ef9,
+	0x1a18: 0x0f09, 0x1a19: 0x1199, 0x1a1a: 0x0f31, 0x1a1b: 0x0249, 0x1a1c: 0x0f41, 0x1a1d: 0x0259,
+	0x1a1e: 0x0f51, 0x1a1f: 0x0359, 0x1a20: 0x0f61, 0x1a21: 0x0f71, 0x1a22: 0x00d9, 0x1a23: 0x0f99,
+	0x1a24: 0x2039, 0x1a25: 0x0269, 0x1a26: 0x01d9, 0x1a27: 0x0fa9, 0x1a28: 0x0fb9, 0x1a29: 0x1089,
+	0x1a2a: 0x0279, 0x1a2b: 0x0369, 0x1a2c: 0x0289, 0x1a2d: 0x13d1, 0x1a2e: 0x0039, 0x1a2f: 0x0ee9,
+	0x1a30: 0x1159, 0x1a31: 0x0ef9, 0x1a32: 0x0f09, 0x1a33: 0x1199, 0x1a34: 0x0f31, 0x1a35: 0x0249,
+	0x1a36: 0x0f41, 0x1a37: 0x0259, 0x1a38: 0x0f51, 0x1a39: 0x0359, 0x1a3a: 0x0f61, 0x1a3b: 0x0f71,
+	0x1a3c: 0x00d9, 0x1a3d: 0x0f99, 0x1a3e: 0x2039, 0x1a3f: 0x0269,
+	// Block 0x69, offset 0x1a40
+	0x1a40: 0x01d9, 0x1a41: 0x0fa9, 0x1a42: 0x0fb9, 0x1a43: 0x1089, 0x1a44: 0x0279, 0x1a45: 0x0369,
+	0x1a46: 0x0289, 0x1a47: 0x13d1, 0x1a48: 0x0039, 0x1a49: 0x0ee9, 0x1a4a: 0x1159, 0x1a4b: 0x0ef9,
+	0x1a4c: 0x0f09, 0x1a4d: 0x1199, 0x1a4e: 0x0f31, 0x1a4f: 0x0249, 0x1a50: 0x0f41, 0x1a51: 0x0259,
+	0x1a52: 0x0f51, 0x1a53: 0x0359, 0x1a54: 0x0f61, 0x1a55: 0x0f71, 0x1a56: 0x00d9, 0x1a57: 0x0f99,
+	0x1a58: 0x2039, 0x1a59: 0x0269, 0x1a5a: 0x01d9, 0x1a5b: 0x0fa9, 0x1a5c: 0x0fb9, 0x1a5d: 0x1089,
+	0x1a5e: 0x0279, 0x1a5f: 0x0369, 0x1a60: 0x0289, 0x1a61: 0x13d1, 0x1a62: 0x0039, 0x1a63: 0x0ee9,
+	0x1a64: 0x1159, 0x1a65: 0x0ef9, 0x1a66: 0x0f09, 0x1a67: 0x1199, 0x1a68: 0x0f31, 0x1a69: 0x0249,
+	0x1a6a: 0x0f41, 0x1a6b: 0x0259, 0x1a6c: 0x0f51, 0x1a6d: 0x0359, 0x1a6e: 0x0f61, 0x1a6f: 0x0f71,
+	0x1a70: 0x00d9, 0x1a71: 0x0f99, 0x1a72: 0x2039, 0x1a73: 0x0269, 0x1a74: 0x01d9, 0x1a75: 0x0fa9,
+	0x1a76: 0x0fb9, 0x1a77: 0x1089, 0x1a78: 0x0279, 0x1a79: 0x0369, 0x1a7a: 0x0289, 0x1a7b: 0x13d1,
+	0x1a7c: 0x0039, 0x1a7d: 0x0ee9, 0x1a7e: 0x1159, 0x1a7f: 0x0ef9,
+	// Block 0x6a, offset 0x1a80
+	0x1a80: 0x0f09, 0x1a81: 0x1199, 0x1a82: 0x0f31, 0x1a83: 0x0249, 0x1a84: 0x0f41, 0x1a85: 0x0259,
+	0x1a86: 0x0f51, 0x1a87: 0x0359, 0x1a88: 0x0f61, 0x1a89: 0x0f71, 0x1a8a: 0x00d9, 0x1a8b: 0x0f99,
+	0x1a8c: 0x2039, 0x1a8d: 0x0269, 0x1a8e: 0x01d9, 0x1a8f: 0x0fa9, 0x1a90: 0x0fb9, 0x1a91: 0x1089,
+	0x1a92: 0x0279, 0x1a93: 0x0369, 0x1a94: 0x0289, 0x1a95: 0x13d1, 0x1a96: 0x0039, 0x1a97: 0x0ee9,
+	0x1a98: 0x1159, 0x1a99: 0x0ef9, 0x1a9a: 0x0f09, 0x1a9b: 0x1199, 0x1a9c: 0x0f31, 0x1a9d: 0x0249,
+	0x1a9e: 0x0f41, 0x1a9f: 0x0259, 0x1aa0: 0x0f51, 0x1aa1: 0x0359, 0x1aa2: 0x0f61, 0x1aa3: 0x0f71,
+	0x1aa4: 0x00d9, 0x1aa5: 0x0f99, 0x1aa6: 0x2039, 0x1aa7: 0x0269, 0x1aa8: 0x01d9, 0x1aa9: 0x0fa9,
+	0x1aaa: 0x0fb9, 0x1aab: 0x1089, 0x1aac: 0x0279, 0x1aad: 0x0369, 0x1aae: 0x0289, 0x1aaf: 0x13d1,
+	0x1ab0: 0x0039, 0x1ab1: 0x0ee9, 0x1ab2: 0x1159, 0x1ab3: 0x0ef9, 0x1ab4: 0x0f09, 0x1ab5: 0x1199,
+	0x1ab6: 0x0f31, 0x1ab7: 0x0249, 0x1ab8: 0x0f41, 0x1ab9: 0x0259, 0x1aba: 0x0f51, 0x1abb: 0x0359,
+	0x1abc: 0x0f61, 0x1abd: 0x0f71, 0x1abe: 0x00d9, 0x1abf: 0x0f99,
+	// Block 0x6b, offset 0x1ac0
+	0x1ac0: 0x2039, 0x1ac1: 0x0269, 0x1ac2: 0x01d9, 0x1ac3: 0x0fa9, 0x1ac4: 0x0fb9, 0x1ac5: 0x1089,
+	0x1ac6: 0x0279, 0x1ac7: 0x0369, 0x1ac8: 0x0289, 0x1ac9: 0x13d1, 0x1aca: 0x0039, 0x1acb: 0x0ee9,
+	0x1acc: 0x1159, 0x1acd: 0x0ef9, 0x1ace: 0x0f09, 0x1acf: 0x1199, 0x1ad0: 0x0f31, 0x1ad1: 0x0249,
+	0x1ad2: 0x0f41, 0x1ad3: 0x0259, 0x1ad4: 0x0f51, 0x1ad5: 0x0359, 0x1ad6: 0x0f61, 0x1ad7: 0x0f71,
+	0x1ad8: 0x00d9, 0x1ad9: 0x0f99, 0x1ada: 0x2039, 0x1adb: 0x0269, 0x1adc: 0x01d9, 0x1add: 0x0fa9,
+	0x1ade: 0x0fb9, 0x1adf: 0x1089, 0x1ae0: 0x0279, 0x1ae1: 0x0369, 0x1ae2: 0x0289, 0x1ae3: 0x13d1,
+	0x1ae4: 0xba81, 0x1ae5: 0xba99, 0x1ae6: 0x0040, 0x1ae7: 0x0040, 0x1ae8: 0xbab1, 0x1ae9: 0x1099,
+	0x1aea: 0x10b1, 0x1aeb: 0x10c9, 0x1aec: 0xbac9, 0x1aed: 0xbae1, 0x1aee: 0xbaf9, 0x1aef: 0x1429,
+	0x1af0: 0x1a31, 0x1af1: 0xbb11, 0x1af2: 0xbb29, 0x1af3: 0xbb41, 0x1af4: 0xbb59, 0x1af5: 0xbb71,
+	0x1af6: 0xbb89, 0x1af7: 0x2109, 0x1af8: 0x1111, 0x1af9: 0x1429, 0x1afa: 0xbba1, 0x1afb: 0xbbb9,
+	0x1afc: 0xbbd1, 0x1afd: 0x10e1, 0x1afe: 0x10f9, 0x1aff: 0xbbe9,
+	// Block 0x6c, offset 0x1b00
+	0x1b00: 0x2079, 0x1b01: 0xbc01, 0x1b02: 0xbab1, 0x1b03: 0x1099, 0x1b04: 0x10b1, 0x1b05: 0x10c9,
+	0x1b06: 0xbac9, 0x1b07: 0xbae1, 0x1b08: 0xbaf9, 0x1b09: 0x1429, 0x1b0a: 0x1a31, 0x1b0b: 0xbb11,
+	0x1b0c: 0xbb29, 0x1b0d: 0xbb41, 0x1b0e: 0xbb59, 0x1b0f: 0xbb71, 0x1b10: 0xbb89, 0x1b11: 0x2109,
+	0x1b12: 0x1111, 0x1b13: 0xbba1, 0x1b14: 0xbba1, 0x1b15: 0xbbb9, 0x1b16: 0xbbd1, 0x1b17: 0x10e1,
+	0x1b18: 0x10f9, 0x1b19: 0xbbe9, 0x1b1a: 0x2079, 0x1b1b: 0xbc21, 0x1b1c: 0xbac9, 0x1b1d: 0x1429,
+	0x1b1e: 0xbb11, 0x1b1f: 0x10e1, 0x1b20: 0x1111, 0x1b21: 0x2109, 0x1b22: 0xbab1, 0x1b23: 0x1099,
+	0x1b24: 0x10b1, 0x1b25: 0x10c9, 0x1b26: 0xbac9, 0x1b27: 0xbae1, 0x1b28: 0xbaf9, 0x1b29: 0x1429,
+	0x1b2a: 0x1a31, 0x1b2b: 0xbb11, 0x1b2c: 0xbb29, 0x1b2d: 0xbb41, 0x1b2e: 0xbb59, 0x1b2f: 0xbb71,
+	0x1b30: 0xbb89, 0x1b31: 0x2109, 0x1b32: 0x1111, 0x1b33: 0x1429, 0x1b34: 0xbba1, 0x1b35: 0xbbb9,
+	0x1b36: 0xbbd1, 0x1b37: 0x10e1, 0x1b38: 0x10f9, 0x1b39: 0xbbe9, 0x1b3a: 0x2079, 0x1b3b: 0xbc01,
+	0x1b3c: 0xbab1, 0x1b3d: 0x1099, 0x1b3e: 0x10b1, 0x1b3f: 0x10c9,
+	// Block 0x6d, offset 0x1b40
+	0x1b40: 0xbac9, 0x1b41: 0xbae1, 0x1b42: 0xbaf9, 0x1b43: 0x1429, 0x1b44: 0x1a31, 0x1b45: 0xbb11,
+	0x1b46: 0xbb29, 0x1b47: 0xbb41, 0x1b48: 0xbb59, 0x1b49: 0xbb71, 0x1b4a: 0xbb89, 0x1b4b: 0x2109,
+	0x1b4c: 0x1111, 0x1b4d: 0xbba1, 0x1b4e: 0xbba1, 0x1b4f: 0xbbb9, 0x1b50: 0xbbd1, 0x1b51: 0x10e1,
+	0x1b52: 0x10f9, 0x1b53: 0xbbe9, 0x1b54: 0x2079, 0x1b55: 0xbc21, 0x1b56: 0xbac9, 0x1b57: 0x1429,
+	0x1b58: 0xbb11, 0x1b59: 0x10e1, 0x1b5a: 0x1111, 0x1b5b: 0x2109, 0x1b5c: 0xbab1, 0x1b5d: 0x1099,
+	0x1b5e: 0x10b1, 0x1b5f: 0x10c9, 0x1b60: 0xbac9, 0x1b61: 0xbae1, 0x1b62: 0xbaf9, 0x1b63: 0x1429,
+	0x1b64: 0x1a31, 0x1b65: 0xbb11, 0x1b66: 0xbb29, 0x1b67: 0xbb41, 0x1b68: 0xbb59, 0x1b69: 0xbb71,
+	0x1b6a: 0xbb89, 0x1b6b: 0x2109, 0x1b6c: 0x1111, 0x1b6d: 0x1429, 0x1b6e: 0xbba1, 0x1b6f: 0xbbb9,
+	0x1b70: 0xbbd1, 0x1b71: 0x10e1, 0x1b72: 0x10f9, 0x1b73: 0xbbe9, 0x1b74: 0x2079, 0x1b75: 0xbc01,
+	0x1b76: 0xbab1, 0x1b77: 0x1099, 0x1b78: 0x10b1, 0x1b79: 0x10c9, 0x1b7a: 0xbac9, 0x1b7b: 0xbae1,
+	0x1b7c: 0xbaf9, 0x1b7d: 0x1429, 0x1b7e: 0x1a31, 0x1b7f: 0xbb11,
+	// Block 0x6e, offset 0x1b80
+	0x1b80: 0xbb29, 0x1b81: 0xbb41, 0x1b82: 0xbb59, 0x1b83: 0xbb71, 0x1b84: 0xbb89, 0x1b85: 0x2109,
+	0x1b86: 0x1111, 0x1b87: 0xbba1, 0x1b88: 0xbba1, 0x1b89: 0xbbb9, 0x1b8a: 0xbbd1, 0x1b8b: 0x10e1,
+	0x1b8c: 0x10f9, 0x1b8d: 0xbbe9, 0x1b8e: 0x2079, 0x1b8f: 0xbc21, 0x1b90: 0xbac9, 0x1b91: 0x1429,
+	0x1b92: 0xbb11, 0x1b93: 0x10e1, 0x1b94: 0x1111, 0x1b95: 0x2109, 0x1b96: 0xbab1, 0x1b97: 0x1099,
+	0x1b98: 0x10b1, 0x1b99: 0x10c9, 0x1b9a: 0xbac9, 0x1b9b: 0xbae1, 0x1b9c: 0xbaf9, 0x1b9d: 0x1429,
+	0x1b9e: 0x1a31, 0x1b9f: 0xbb11, 0x1ba0: 0xbb29, 0x1ba1: 0xbb41, 0x1ba2: 0xbb59, 0x1ba3: 0xbb71,
+	0x1ba4: 0xbb89, 0x1ba5: 0x2109, 0x1ba6: 0x1111, 0x1ba7: 0x1429, 0x1ba8: 0xbba1, 0x1ba9: 0xbbb9,
+	0x1baa: 0xbbd1, 0x1bab: 0x10e1, 0x1bac: 0x10f9, 0x1bad: 0xbbe9, 0x1bae: 0x2079, 0x1baf: 0xbc01,
+	0x1bb0: 0xbab1, 0x1bb1: 0x1099, 0x1bb2: 0x10b1, 0x1bb3: 0x10c9, 0x1bb4: 0xbac9, 0x1bb5: 0xbae1,
+	0x1bb6: 0xbaf9, 0x1bb7: 0x1429, 0x1bb8: 0x1a31, 0x1bb9: 0xbb11, 0x1bba: 0xbb29, 0x1bbb: 0xbb41,
+	0x1bbc: 0xbb59, 0x1bbd: 0xbb71, 0x1bbe: 0xbb89, 0x1bbf: 0x2109,
+	// Block 0x6f, offset 0x1bc0
+	0x1bc0: 0x1111, 0x1bc1: 0xbba1, 0x1bc2: 0xbba1, 0x1bc3: 0xbbb9, 0x1bc4: 0xbbd1, 0x1bc5: 0x10e1,
+	0x1bc6: 0x10f9, 0x1bc7: 0xbbe9, 0x1bc8: 0x2079, 0x1bc9: 0xbc21, 0x1bca: 0xbac9, 0x1bcb: 0x1429,
+	0x1bcc: 0xbb11, 0x1bcd: 0x10e1, 0x1bce: 0x1111, 0x1bcf: 0x2109, 0x1bd0: 0xbab1, 0x1bd1: 0x1099,
+	0x1bd2: 0x10b1, 0x1bd3: 0x10c9, 0x1bd4: 0xbac9, 0x1bd5: 0xbae1, 0x1bd6: 0xbaf9, 0x1bd7: 0x1429,
+	0x1bd8: 0x1a31, 0x1bd9: 0xbb11, 0x1bda: 0xbb29, 0x1bdb: 0xbb41, 0x1bdc: 0xbb59, 0x1bdd: 0xbb71,
+	0x1bde: 0xbb89, 0x1bdf: 0x2109, 0x1be0: 0x1111, 0x1be1: 0x1429, 0x1be2: 0xbba1, 0x1be3: 0xbbb9,
+	0x1be4: 0xbbd1, 0x1be5: 0x10e1, 0x1be6: 0x10f9, 0x1be7: 0xbbe9, 0x1be8: 0x2079, 0x1be9: 0xbc01,
+	0x1bea: 0xbab1, 0x1beb: 0x1099, 0x1bec: 0x10b1, 0x1bed: 0x10c9, 0x1bee: 0xbac9, 0x1bef: 0xbae1,
+	0x1bf0: 0xbaf9, 0x1bf1: 0x1429, 0x1bf2: 0x1a31, 0x1bf3: 0xbb11, 0x1bf4: 0xbb29, 0x1bf5: 0xbb41,
+	0x1bf6: 0xbb59, 0x1bf7: 0xbb71, 0x1bf8: 0xbb89, 0x1bf9: 0x2109, 0x1bfa: 0x1111, 0x1bfb: 0xbba1,
+	0x1bfc: 0xbba1, 0x1bfd: 0xbbb9, 0x1bfe: 0xbbd1, 0x1bff: 0x10e1,
+	// Block 0x70, offset 0x1c00
+	0x1c00: 0x10f9, 0x1c01: 0xbbe9, 0x1c02: 0x2079, 0x1c03: 0xbc21, 0x1c04: 0xbac9, 0x1c05: 0x1429,
+	0x1c06: 0xbb11, 0x1c07: 0x10e1, 0x1c08: 0x1111, 0x1c09: 0x2109, 0x1c0a: 0xbc41, 0x1c0b: 0xbc41,
+	0x1c0c: 0x0040, 0x1c0d: 0x0040, 0x1c0e: 0x1f41, 0x1c0f: 0x00c9, 0x1c10: 0x0069, 0x1c11: 0x0079,
+	0x1c12: 0x1f51, 0x1c13: 0x1f61, 0x1c14: 0x1f71, 0x1c15: 0x1f81, 0x1c16: 0x1f91, 0x1c17: 0x1fa1,
+	0x1c18: 0x1f41, 0x1c19: 0x00c9, 0x1c1a: 0x0069, 0x1c1b: 0x0079, 0x1c1c: 0x1f51, 0x1c1d: 0x1f61,
+	0x1c1e: 0x1f71, 0x1c1f: 0x1f81, 0x1c20: 0x1f91, 0x1c21: 0x1fa1, 0x1c22: 0x1f41, 0x1c23: 0x00c9,
+	0x1c24: 0x0069, 0x1c25: 0x0079, 0x1c26: 0x1f51, 0x1c27: 0x1f61, 0x1c28: 0x1f71, 0x1c29: 0x1f81,
+	0x1c2a: 0x1f91, 0x1c2b: 0x1fa1, 0x1c2c: 0x1f41, 0x1c2d: 0x00c9, 0x1c2e: 0x0069, 0x1c2f: 0x0079,
+	0x1c30: 0x1f51, 0x1c31: 0x1f61, 0x1c32: 0x1f71, 0x1c33: 0x1f81, 0x1c34: 0x1f91, 0x1c35: 0x1fa1,
+	0x1c36: 0x1f41, 0x1c37: 0x00c9, 0x1c38: 0x0069, 0x1c39: 0x0079, 0x1c3a: 0x1f51, 0x1c3b: 0x1f61,
+	0x1c3c: 0x1f71, 0x1c3d: 0x1f81, 0x1c3e: 0x1f91, 0x1c3f: 0x1fa1,
+	// Block 0x71, offset 0x1c40
+	0x1c40: 0xe115, 0x1c41: 0xe115, 0x1c42: 0xe135, 0x1c43: 0xe135, 0x1c44: 0xe115, 0x1c45: 0xe115,
+	0x1c46: 0xe175, 0x1c47: 0xe175, 0x1c48: 0xe115, 0x1c49: 0xe115, 0x1c4a: 0xe135, 0x1c4b: 0xe135,
+	0x1c4c: 0xe115, 0x1c4d: 0xe115, 0x1c4e: 0xe1f5, 0x1c4f: 0xe1f5, 0x1c50: 0xe115, 0x1c51: 0xe115,
+	0x1c52: 0xe135, 0x1c53: 0xe135, 0x1c54: 0xe115, 0x1c55: 0xe115, 0x1c56: 0xe175, 0x1c57: 0xe175,
+	0x1c58: 0xe115, 0x1c59: 0xe115, 0x1c5a: 0xe135, 0x1c5b: 0xe135, 0x1c5c: 0xe115, 0x1c5d: 0xe115,
+	0x1c5e: 0x8b3d, 0x1c5f: 0x8b3d, 0x1c60: 0x04b5, 0x1c61: 0x04b5, 0x1c62: 0x0a08, 0x1c63: 0x0a08,
+	0x1c64: 0x0a08, 0x1c65: 0x0a08, 0x1c66: 0x0a08, 0x1c67: 0x0a08, 0x1c68: 0x0a08, 0x1c69: 0x0a08,
+	0x1c6a: 0x0a08, 0x1c6b: 0x0a08, 0x1c6c: 0x0a08, 0x1c6d: 0x0a08, 0x1c6e: 0x0a08, 0x1c6f: 0x0a08,
+	0x1c70: 0x0a08, 0x1c71: 0x0a08, 0x1c72: 0x0a08, 0x1c73: 0x0a08, 0x1c74: 0x0a08, 0x1c75: 0x0a08,
+	0x1c76: 0x0a08, 0x1c77: 0x0a08, 0x1c78: 0x0a08, 0x1c79: 0x0a08, 0x1c7a: 0x0a08, 0x1c7b: 0x0a08,
+	0x1c7c: 0x0a08, 0x1c7d: 0x0a08, 0x1c7e: 0x0a08, 0x1c7f: 0x0a08,
+	// Block 0x72, offset 0x1c80
+	0x1c80: 0xb189, 0x1c81: 0xb1a1, 0x1c82: 0xb201, 0x1c83: 0xb249, 0x1c84: 0x0040, 0x1c85: 0xb411,
+	0x1c86: 0xb291, 0x1c87: 0xb219, 0x1c88: 0xb309, 0x1c89: 0xb429, 0x1c8a: 0xb399, 0x1c8b: 0xb3b1,
+	0x1c8c: 0xb3c9, 0x1c8d: 0xb3e1, 0x1c8e: 0xb2a9, 0x1c8f: 0xb339, 0x1c90: 0xb369, 0x1c91: 0xb2d9,
+	0x1c92: 0xb381, 0x1c93: 0xb279, 0x1c94: 0xb2c1, 0x1c95: 0xb1d1, 0x1c96: 0xb1e9, 0x1c97: 0xb231,
+	0x1c98: 0xb261, 0x1c99: 0xb2f1, 0x1c9a: 0xb321, 0x1c9b: 0xb351, 0x1c9c: 0xbc59, 0x1c9d: 0x7949,
+	0x1c9e: 0xbc71, 0x1c9f: 0xbc89, 0x1ca0: 0x0040, 0x1ca1: 0xb1a1, 0x1ca2: 0xb201, 0x1ca3: 0x0040,
+	0x1ca4: 0xb3f9, 0x1ca5: 0x0040, 0x1ca6: 0x0040, 0x1ca7: 0xb219, 0x1ca8: 0x0040, 0x1ca9: 0xb429,
+	0x1caa: 0xb399, 0x1cab: 0xb3b1, 0x1cac: 0xb3c9, 0x1cad: 0xb3e1, 0x1cae: 0xb2a9, 0x1caf: 0xb339,
+	0x1cb0: 0xb369, 0x1cb1: 0xb2d9, 0x1cb2: 0xb381, 0x1cb3: 0x0040, 0x1cb4: 0xb2c1, 0x1cb5: 0xb1d1,
+	0x1cb6: 0xb1e9, 0x1cb7: 0xb231, 0x1cb8: 0x0040, 0x1cb9: 0xb2f1, 0x1cba: 0x0040, 0x1cbb: 0xb351,
+	0x1cbc: 0x0040, 0x1cbd: 0x0040, 0x1cbe: 0x0040, 0x1cbf: 0x0040,
+	// Block 0x73, offset 0x1cc0
+	0x1cc0: 0x0040, 0x1cc1: 0x0040, 0x1cc2: 0xb201, 0x1cc3: 0x0040, 0x1cc4: 0x0040, 0x1cc5: 0x0040,
+	0x1cc6: 0x0040, 0x1cc7: 0xb219, 0x1cc8: 0x0040, 0x1cc9: 0xb429, 0x1cca: 0x0040, 0x1ccb: 0xb3b1,
+	0x1ccc: 0x0040, 0x1ccd: 0xb3e1, 0x1cce: 0xb2a9, 0x1ccf: 0xb339, 0x1cd0: 0x0040, 0x1cd1: 0xb2d9,
+	0x1cd2: 0xb381, 0x1cd3: 0x0040, 0x1cd4: 0xb2c1, 0x1cd5: 0x0040, 0x1cd6: 0x0040, 0x1cd7: 0xb231,
+	0x1cd8: 0x0040, 0x1cd9: 0xb2f1, 0x1cda: 0x0040, 0x1cdb: 0xb351, 0x1cdc: 0x0040, 0x1cdd: 0x7949,
+	0x1cde: 0x0040, 0x1cdf: 0xbc89, 0x1ce0: 0x0040, 0x1ce1: 0xb1a1, 0x1ce2: 0xb201, 0x1ce3: 0x0040,
+	0x1ce4: 0xb3f9, 0x1ce5: 0x0040, 0x1ce6: 0x0040, 0x1ce7: 0xb219, 0x1ce8: 0xb309, 0x1ce9: 0xb429,
+	0x1cea: 0xb399, 0x1ceb: 0x0040, 0x1cec: 0xb3c9, 0x1ced: 0xb3e1, 0x1cee: 0xb2a9, 0x1cef: 0xb339,
+	0x1cf0: 0xb369, 0x1cf1: 0xb2d9, 0x1cf2: 0xb381, 0x1cf3: 0x0040, 0x1cf4: 0xb2c1, 0x1cf5: 0xb1d1,
+	0x1cf6: 0xb1e9, 0x1cf7: 0xb231, 0x1cf8: 0x0040, 0x1cf9: 0xb2f1, 0x1cfa: 0xb321, 0x1cfb: 0xb351,
+	0x1cfc: 0xbc59, 0x1cfd: 0x0040, 0x1cfe: 0xbc71, 0x1cff: 0x0040,
+	// Block 0x74, offset 0x1d00
+	0x1d00: 0xb189, 0x1d01: 0xb1a1, 0x1d02: 0xb201, 0x1d03: 0xb249, 0x1d04: 0xb3f9, 0x1d05: 0xb411,
+	0x1d06: 0xb291, 0x1d07: 0xb219, 0x1d08: 0xb309, 0x1d09: 0xb429, 0x1d0a: 0x0040, 0x1d0b: 0xb3b1,
+	0x1d0c: 0xb3c9, 0x1d0d: 0xb3e1, 0x1d0e: 0xb2a9, 0x1d0f: 0xb339, 0x1d10: 0xb369, 0x1d11: 0xb2d9,
+	0x1d12: 0xb381, 0x1d13: 0xb279, 0x1d14: 0xb2c1, 0x1d15: 0xb1d1, 0x1d16: 0xb1e9, 0x1d17: 0xb231,
+	0x1d18: 0xb261, 0x1d19: 0xb2f1, 0x1d1a: 0xb321, 0x1d1b: 0xb351, 0x1d1c: 0x0040, 0x1d1d: 0x0040,
+	0x1d1e: 0x0040, 0x1d1f: 0x0040, 0x1d20: 0x0040, 0x1d21: 0xb1a1, 0x1d22: 0xb201, 0x1d23: 0xb249,
+	0x1d24: 0x0040, 0x1d25: 0xb411, 0x1d26: 0xb291, 0x1d27: 0xb219, 0x1d28: 0xb309, 0x1d29: 0xb429,
+	0x1d2a: 0x0040, 0x1d2b: 0xb3b1, 0x1d2c: 0xb3c9, 0x1d2d: 0xb3e1, 0x1d2e: 0xb2a9, 0x1d2f: 0xb339,
+	0x1d30: 0xb369, 0x1d31: 0xb2d9, 0x1d32: 0xb381, 0x1d33: 0xb279, 0x1d34: 0xb2c1, 0x1d35: 0xb1d1,
+	0x1d36: 0xb1e9, 0x1d37: 0xb231, 0x1d38: 0xb261, 0x1d39: 0xb2f1, 0x1d3a: 0xb321, 0x1d3b: 0xb351,
+	0x1d3c: 0x0040, 0x1d3d: 0x0040, 0x1d3e: 0x0040, 0x1d3f: 0x0040,
+	// Block 0x75, offset 0x1d40
+	0x1d40: 0x0040, 0x1d41: 0xbca2, 0x1d42: 0xbcba, 0x1d43: 0xbcd2, 0x1d44: 0xbcea, 0x1d45: 0xbd02,
+	0x1d46: 0xbd1a, 0x1d47: 0xbd32, 0x1d48: 0xbd4a, 0x1d49: 0xbd62, 0x1d4a: 0xbd7a, 0x1d4b: 0x0018,
+	0x1d4c: 0x0018, 0x1d4d: 0x0040, 0x1d4e: 0x0040, 0x1d4f: 0x0040, 0x1d50: 0xbd92, 0x1d51: 0xbdb2,
+	0x1d52: 0xbdd2, 0x1d53: 0xbdf2, 0x1d54: 0xbe12, 0x1d55: 0xbe32, 0x1d56: 0xbe52, 0x1d57: 0xbe72,
+	0x1d58: 0xbe92, 0x1d59: 0xbeb2, 0x1d5a: 0xbed2, 0x1d5b: 0xbef2, 0x1d5c: 0xbf12, 0x1d5d: 0xbf32,
+	0x1d5e: 0xbf52, 0x1d5f: 0xbf72, 0x1d60: 0xbf92, 0x1d61: 0xbfb2, 0x1d62: 0xbfd2, 0x1d63: 0xbff2,
+	0x1d64: 0xc012, 0x1d65: 0xc032, 0x1d66: 0xc052, 0x1d67: 0xc072, 0x1d68: 0xc092, 0x1d69: 0xc0b2,
+	0x1d6a: 0xc0d1, 0x1d6b: 0x1159, 0x1d6c: 0x0269, 0x1d6d: 0x6671, 0x1d6e: 0xc111, 0x1d6f: 0x0018,
+	0x1d70: 0x0039, 0x1d71: 0x0ee9, 0x1d72: 0x1159, 0x1d73: 0x0ef9, 0x1d74: 0x0f09, 0x1d75: 0x1199,
+	0x1d76: 0x0f31, 0x1d77: 0x0249, 0x1d78: 0x0f41, 0x1d79: 0x0259, 0x1d7a: 0x0f51, 0x1d7b: 0x0359,
+	0x1d7c: 0x0f61, 0x1d7d: 0x0f71, 0x1d7e: 0x00d9, 0x1d7f: 0x0f99,
+	// Block 0x76, offset 0x1d80
+	0x1d80: 0x2039, 0x1d81: 0x0269, 0x1d82: 0x01d9, 0x1d83: 0x0fa9, 0x1d84: 0x0fb9, 0x1d85: 0x1089,
+	0x1d86: 0x0279, 0x1d87: 0x0369, 0x1d88: 0x0289, 0x1d89: 0x13d1, 0x1d8a: 0xc129, 0x1d8b: 0x65b1,
+	0x1d8c: 0xc141, 0x1d8d: 0x1441, 0x1d8e: 0xc159, 0x1d8f: 0xc179, 0x1d90: 0x0018, 0x1d91: 0x0018,
+	0x1d92: 0x0018, 0x1d93: 0x0018, 0x1d94: 0x0018, 0x1d95: 0x0018, 0x1d96: 0x0018, 0x1d97: 0x0018,
+	0x1d98: 0x0018, 0x1d99: 0x0018, 0x1d9a: 0x0018, 0x1d9b: 0x0018, 0x1d9c: 0x0018, 0x1d9d: 0x0018,
+	0x1d9e: 0x0018, 0x1d9f: 0x0018, 0x1da0: 0x0018, 0x1da1: 0x0018, 0x1da2: 0x0018, 0x1da3: 0x0018,
+	0x1da4: 0x0018, 0x1da5: 0x0018, 0x1da6: 0x0018, 0x1da7: 0x0018, 0x1da8: 0x0018, 0x1da9: 0x0018,
+	0x1daa: 0xc191, 0x1dab: 0xc1a9, 0x1dac: 0xc1c1, 0x1dad: 0x0040, 0x1dae: 0x0040, 0x1daf: 0x0040,
+	0x1db0: 0x0018, 0x1db1: 0x0018, 0x1db2: 0x0018, 0x1db3: 0x0018, 0x1db4: 0x0018, 0x1db5: 0x0018,
+	0x1db6: 0x0018, 0x1db7: 0x0018, 0x1db8: 0x0018, 0x1db9: 0x0018, 0x1dba: 0x0018, 0x1dbb: 0x0018,
+	0x1dbc: 0x0018, 0x1dbd: 0x0018, 0x1dbe: 0x0018, 0x1dbf: 0x0018,
+	// Block 0x77, offset 0x1dc0
+	0x1dc0: 0xc1f1, 0x1dc1: 0xc229, 0x1dc2: 0xc261, 0x1dc3: 0x0040, 0x1dc4: 0x0040, 0x1dc5: 0x0040,
+	0x1dc6: 0x0040, 0x1dc7: 0x0040, 0x1dc8: 0x0040, 0x1dc9: 0x0040, 0x1dca: 0x0040, 0x1dcb: 0x0040,
+	0x1dcc: 0x0040, 0x1dcd: 0x0040, 0x1dce: 0x0040, 0x1dcf: 0x0040, 0x1dd0: 0xc281, 0x1dd1: 0xc2a1,
+	0x1dd2: 0xc2c1, 0x1dd3: 0xc2e1, 0x1dd4: 0xc301, 0x1dd5: 0xc321, 0x1dd6: 0xc341, 0x1dd7: 0xc361,
+	0x1dd8: 0xc381, 0x1dd9: 0xc3a1, 0x1dda: 0xc3c1, 0x1ddb: 0xc3e1, 0x1ddc: 0xc401, 0x1ddd: 0xc421,
+	0x1dde: 0xc441, 0x1ddf: 0xc461, 0x1de0: 0xc481, 0x1de1: 0xc4a1, 0x1de2: 0xc4c1, 0x1de3: 0xc4e1,
+	0x1de4: 0xc501, 0x1de5: 0xc521, 0x1de6: 0xc541, 0x1de7: 0xc561, 0x1de8: 0xc581, 0x1de9: 0xc5a1,
+	0x1dea: 0xc5c1, 0x1deb: 0xc5e1, 0x1dec: 0xc601, 0x1ded: 0xc621, 0x1dee: 0xc641, 0x1def: 0xc661,
+	0x1df0: 0xc681, 0x1df1: 0xc6a1, 0x1df2: 0xc6c1, 0x1df3: 0xc6e1, 0x1df4: 0xc701, 0x1df5: 0xc721,
+	0x1df6: 0xc741, 0x1df7: 0xc761, 0x1df8: 0xc781, 0x1df9: 0xc7a1, 0x1dfa: 0xc7c1, 0x1dfb: 0xc7e1,
+	0x1dfc: 0x0040, 0x1dfd: 0x0040, 0x1dfe: 0x0040, 0x1dff: 0x0040,
+	// Block 0x78, offset 0x1e00
+	0x1e00: 0xcb11, 0x1e01: 0xcb31, 0x1e02: 0xcb51, 0x1e03: 0x8b55, 0x1e04: 0xcb71, 0x1e05: 0xcb91,
+	0x1e06: 0xcbb1, 0x1e07: 0xcbd1, 0x1e08: 0xcbf1, 0x1e09: 0xcc11, 0x1e0a: 0xcc31, 0x1e0b: 0xcc51,
+	0x1e0c: 0xcc71, 0x1e0d: 0x8b75, 0x1e0e: 0xcc91, 0x1e0f: 0xccb1, 0x1e10: 0xccd1, 0x1e11: 0xccf1,
+	0x1e12: 0x8b95, 0x1e13: 0xcd11, 0x1e14: 0xcd31, 0x1e15: 0xc441, 0x1e16: 0x8bb5, 0x1e17: 0xcd51,
+	0x1e18: 0xcd71, 0x1e19: 0xcd91, 0x1e1a: 0xcdb1, 0x1e1b: 0xcdd1, 0x1e1c: 0x8bd5, 0x1e1d: 0xcdf1,
+	0x1e1e: 0xce11, 0x1e1f: 0xce31, 0x1e20: 0xce51, 0x1e21: 0xce71, 0x1e22: 0xc7a1, 0x1e23: 0xce91,
+	0x1e24: 0xceb1, 0x1e25: 0xced1, 0x1e26: 0xcef1, 0x1e27: 0xcf11, 0x1e28: 0xcf31, 0x1e29: 0xcf51,
+	0x1e2a: 0xcf71, 0x1e2b: 0xcf91, 0x1e2c: 0xcfb1, 0x1e2d: 0xcfd1, 0x1e2e: 0xcff1, 0x1e2f: 0xd011,
+	0x1e30: 0xd031, 0x1e31: 0xd051, 0x1e32: 0xd051, 0x1e33: 0xd051, 0x1e34: 0x8bf5, 0x1e35: 0xd071,
+	0x1e36: 0xd091, 0x1e37: 0xd0b1, 0x1e38: 0x8c15, 0x1e39: 0xd0d1, 0x1e3a: 0xd0f1, 0x1e3b: 0xd111,
+	0x1e3c: 0xd131, 0x1e3d: 0xd151, 0x1e3e: 0xd171, 0x1e3f: 0xd191,
+	// Block 0x79, offset 0x1e40
+	0x1e40: 0xd1b1, 0x1e41: 0xd1d1, 0x1e42: 0xd1f1, 0x1e43: 0xd211, 0x1e44: 0xd231, 0x1e45: 0xd251,
+	0x1e46: 0xd251, 0x1e47: 0xd271, 0x1e48: 0xd291, 0x1e49: 0xd2b1, 0x1e4a: 0xd2d1, 0x1e4b: 0xd2f1,
+	0x1e4c: 0xd311, 0x1e4d: 0xd331, 0x1e4e: 0xd351, 0x1e4f: 0xd371, 0x1e50: 0xd391, 0x1e51: 0xd3b1,
+	0x1e52: 0xd3d1, 0x1e53: 0xd3f1, 0x1e54: 0xd411, 0x1e55: 0xd431, 0x1e56: 0xd451, 0x1e57: 0xd471,
+	0x1e58: 0xd491, 0x1e59: 0x8c35, 0x1e5a: 0xd4b1, 0x1e5b: 0xd4d1, 0x1e5c: 0xd4f1, 0x1e5d: 0xc321,
+	0x1e5e: 0xd511, 0x1e5f: 0xd531, 0x1e60: 0x8c55, 0x1e61: 0x8c75, 0x1e62: 0xd551, 0x1e63: 0xd571,
+	0x1e64: 0xd591, 0x1e65: 0xd5b1, 0x1e66: 0xd5d1, 0x1e67: 0xd5f1, 0x1e68: 0x2040, 0x1e69: 0xd611,
+	0x1e6a: 0xd631, 0x1e6b: 0xd631, 0x1e6c: 0x8c95, 0x1e6d: 0xd651, 0x1e6e: 0xd671, 0x1e6f: 0xd691,
+	0x1e70: 0xd6b1, 0x1e71: 0x8cb5, 0x1e72: 0xd6d1, 0x1e73: 0xd6f1, 0x1e74: 0x2040, 0x1e75: 0xd711,
+	0x1e76: 0xd731, 0x1e77: 0xd751, 0x1e78: 0xd771, 0x1e79: 0xd791, 0x1e7a: 0xd7b1, 0x1e7b: 0x8cd5,
+	0x1e7c: 0xd7d1, 0x1e7d: 0x8cf5, 0x1e7e: 0xd7f1, 0x1e7f: 0xd811,
+	// Block 0x7a, offset 0x1e80
+	0x1e80: 0xd831, 0x1e81: 0xd851, 0x1e82: 0xd871, 0x1e83: 0xd891, 0x1e84: 0xd8b1, 0x1e85: 0xd8d1,
+	0x1e86: 0xd8f1, 0x1e87: 0xd911, 0x1e88: 0xd931, 0x1e89: 0x8d15, 0x1e8a: 0xd951, 0x1e8b: 0xd971,
+	0x1e8c: 0xd991, 0x1e8d: 0xd9b1, 0x1e8e: 0xd9d1, 0x1e8f: 0x8d35, 0x1e90: 0xd9f1, 0x1e91: 0x8d55,
+	0x1e92: 0x8d75, 0x1e93: 0xda11, 0x1e94: 0xda31, 0x1e95: 0xda31, 0x1e96: 0xda51, 0x1e97: 0x8d95,
+	0x1e98: 0x8db5, 0x1e99: 0xda71, 0x1e9a: 0xda91, 0x1e9b: 0xdab1, 0x1e9c: 0xdad1, 0x1e9d: 0xdaf1,
+	0x1e9e: 0xdb11, 0x1e9f: 0xdb31, 0x1ea0: 0xdb51, 0x1ea1: 0xdb71, 0x1ea2: 0xdb91, 0x1ea3: 0xdbb1,
+	0x1ea4: 0x8dd5, 0x1ea5: 0xdbd1, 0x1ea6: 0xdbf1, 0x1ea7: 0xdc11, 0x1ea8: 0xdc31, 0x1ea9: 0xdc11,
+	0x1eaa: 0xdc51, 0x1eab: 0xdc71, 0x1eac: 0xdc91, 0x1ead: 0xdcb1, 0x1eae: 0xdcd1, 0x1eaf: 0xdcf1,
+	0x1eb0: 0xdd11, 0x1eb1: 0xdd31, 0x1eb2: 0xdd51, 0x1eb3: 0xdd71, 0x1eb4: 0xdd91, 0x1eb5: 0xddb1,
+	0x1eb6: 0xddd1, 0x1eb7: 0xddf1, 0x1eb8: 0x8df5, 0x1eb9: 0xde11, 0x1eba: 0xde31, 0x1ebb: 0xde51,
+	0x1ebc: 0xde71, 0x1ebd: 0xde91, 0x1ebe: 0x8e15, 0x1ebf: 0xdeb1,
+	// Block 0x7b, offset 0x1ec0
+	0x1ec0: 0xe5b1, 0x1ec1: 0xe5d1, 0x1ec2: 0xe5f1, 0x1ec3: 0xe611, 0x1ec4: 0xe631, 0x1ec5: 0xe651,
+	0x1ec6: 0x8f35, 0x1ec7: 0xe671, 0x1ec8: 0xe691, 0x1ec9: 0xe6b1, 0x1eca: 0xe6d1, 0x1ecb: 0xe6f1,
+	0x1ecc: 0xe711, 0x1ecd: 0x8f55, 0x1ece: 0xe731, 0x1ecf: 0xe751, 0x1ed0: 0x8f75, 0x1ed1: 0x8f95,
+	0x1ed2: 0xe771, 0x1ed3: 0xe791, 0x1ed4: 0xe7b1, 0x1ed5: 0xe7d1, 0x1ed6: 0xe7f1, 0x1ed7: 0xe811,
+	0x1ed8: 0xe831, 0x1ed9: 0xe851, 0x1eda: 0xe871, 0x1edb: 0x8fb5, 0x1edc: 0xe891, 0x1edd: 0x8fd5,
+	0x1ede: 0xe8b1, 0x1edf: 0x2040, 0x1ee0: 0xe8d1, 0x1ee1: 0xe8f1, 0x1ee2: 0xe911, 0x1ee3: 0x8ff5,
+	0x1ee4: 0xe931, 0x1ee5: 0xe951, 0x1ee6: 0x9015, 0x1ee7: 0x9035, 0x1ee8: 0xe971, 0x1ee9: 0xe991,
+	0x1eea: 0xe9b1, 0x1eeb: 0xe9d1, 0x1eec: 0xe9f1, 0x1eed: 0xe9f1, 0x1eee: 0xea11, 0x1eef: 0xea31,
+	0x1ef0: 0xea51, 0x1ef1: 0xea71, 0x1ef2: 0xea91, 0x1ef3: 0xeab1, 0x1ef4: 0xead1, 0x1ef5: 0x9055,
+	0x1ef6: 0xeaf1, 0x1ef7: 0x9075, 0x1ef8: 0xeb11, 0x1ef9: 0x9095, 0x1efa: 0xeb31, 0x1efb: 0x90b5,
+	0x1efc: 0x90d5, 0x1efd: 0x90f5, 0x1efe: 0xeb51, 0x1eff: 0xeb71,
+	// Block 0x7c, offset 0x1f00
+	0x1f00: 0xeb91, 0x1f01: 0x9115, 0x1f02: 0x9135, 0x1f03: 0x9155, 0x1f04: 0x9175, 0x1f05: 0xebb1,
+	0x1f06: 0xebd1, 0x1f07: 0xebd1, 0x1f08: 0xebf1, 0x1f09: 0xec11, 0x1f0a: 0xec31, 0x1f0b: 0xec51,
+	0x1f0c: 0xec71, 0x1f0d: 0x9195, 0x1f0e: 0xec91, 0x1f0f: 0xecb1, 0x1f10: 0xecd1, 0x1f11: 0xecf1,
+	0x1f12: 0x91b5, 0x1f13: 0xed11, 0x1f14: 0x91d5, 0x1f15: 0x91f5, 0x1f16: 0xed31, 0x1f17: 0xed51,
+	0x1f18: 0xed71, 0x1f19: 0xed91, 0x1f1a: 0xedb1, 0x1f1b: 0xedd1, 0x1f1c: 0x9215, 0x1f1d: 0x9235,
+	0x1f1e: 0x9255, 0x1f1f: 0x2040, 0x1f20: 0xedf1, 0x1f21: 0x9275, 0x1f22: 0xee11, 0x1f23: 0xee31,
+	0x1f24: 0xee51, 0x1f25: 0x9295, 0x1f26: 0xee71, 0x1f27: 0xee91, 0x1f28: 0xeeb1, 0x1f29: 0xeed1,
+	0x1f2a: 0xeef1, 0x1f2b: 0x92b5, 0x1f2c: 0xef11, 0x1f2d: 0xef31, 0x1f2e: 0xef51, 0x1f2f: 0xef71,
+	0x1f30: 0xef91, 0x1f31: 0xefb1, 0x1f32: 0x92d5, 0x1f33: 0x92f5, 0x1f34: 0xefd1, 0x1f35: 0x9315,
+	0x1f36: 0xeff1, 0x1f37: 0x9335, 0x1f38: 0xf011, 0x1f39: 0xf031, 0x1f3a: 0xf051, 0x1f3b: 0x9355,
+	0x1f3c: 0x9375, 0x1f3d: 0xf071, 0x1f3e: 0x9395, 0x1f3f: 0xf091,
+	// Block 0x7d, offset 0x1f40
+	0x1f40: 0xf6d1, 0x1f41: 0xf6f1, 0x1f42: 0xf711, 0x1f43: 0xf731, 0x1f44: 0xf751, 0x1f45: 0x9555,
+	0x1f46: 0xf771, 0x1f47: 0xf791, 0x1f48: 0xf7b1, 0x1f49: 0xf7d1, 0x1f4a: 0xf7f1, 0x1f4b: 0x9575,
+	0x1f4c: 0x9595, 0x1f4d: 0xf811, 0x1f4e: 0xf831, 0x1f4f: 0xf851, 0x1f50: 0xf871, 0x1f51: 0xf891,
+	0x1f52: 0xf8b1, 0x1f53: 0x95b5, 0x1f54: 0xf8d1, 0x1f55: 0xf8f1, 0x1f56: 0xf911, 0x1f57: 0xf931,
+	0x1f58: 0x95d5, 0x1f59: 0x95f5, 0x1f5a: 0xf951, 0x1f5b: 0xf971, 0x1f5c: 0xf991, 0x1f5d: 0x9615,
+	0x1f5e: 0xf9b1, 0x1f5f: 0xf9d1, 0x1f60: 0x684d, 0x1f61: 0x9635, 0x1f62: 0xf9f1, 0x1f63: 0xfa11,
+	0x1f64: 0xfa31, 0x1f65: 0x9655, 0x1f66: 0xfa51, 0x1f67: 0xfa71, 0x1f68: 0xfa91, 0x1f69: 0xfab1,
+	0x1f6a: 0xfad1, 0x1f6b: 0xfaf1, 0x1f6c: 0xfb11, 0x1f6d: 0x9675, 0x1f6e: 0xfb31, 0x1f6f: 0xfb51,
+	0x1f70: 0xfb71, 0x1f71: 0x9695, 0x1f72: 0xfb91, 0x1f73: 0xfbb1, 0x1f74: 0xfbd1, 0x1f75: 0xfbf1,
+	0x1f76: 0x7b6d, 0x1f77: 0x96b5, 0x1f78: 0xfc11, 0x1f79: 0xfc31, 0x1f7a: 0xfc51, 0x1f7b: 0x96d5,
+	0x1f7c: 0xfc71, 0x1f7d: 0x96f5, 0x1f7e: 0xfc91, 0x1f7f: 0xfc91,
+	// Block 0x7e, offset 0x1f80
+	0x1f80: 0xfcb1, 0x1f81: 0x9715, 0x1f82: 0xfcd1, 0x1f83: 0xfcf1, 0x1f84: 0xfd11, 0x1f85: 0xfd31,
+	0x1f86: 0xfd51, 0x1f87: 0xfd71, 0x1f88: 0xfd91, 0x1f89: 0x9735, 0x1f8a: 0xfdb1, 0x1f8b: 0xfdd1,
+	0x1f8c: 0xfdf1, 0x1f8d: 0xfe11, 0x1f8e: 0xfe31, 0x1f8f: 0xfe51, 0x1f90: 0x9755, 0x1f91: 0xfe71,
+	0x1f92: 0x9775, 0x1f93: 0x9795, 0x1f94: 0x97b5, 0x1f95: 0xfe91, 0x1f96: 0xfeb1, 0x1f97: 0xfed1,
+	0x1f98: 0xfef1, 0x1f99: 0xff11, 0x1f9a: 0xff31, 0x1f9b: 0xff51, 0x1f9c: 0xff71, 0x1f9d: 0x97d5,
+	0x1f9e: 0x0040, 0x1f9f: 0x0040, 0x1fa0: 0x0040, 0x1fa1: 0x0040, 0x1fa2: 0x0040, 0x1fa3: 0x0040,
+	0x1fa4: 0x0040, 0x1fa5: 0x0040, 0x1fa6: 0x0040, 0x1fa7: 0x0040, 0x1fa8: 0x0040, 0x1fa9: 0x0040,
+	0x1faa: 0x0040, 0x1fab: 0x0040, 0x1fac: 0x0040, 0x1fad: 0x0040, 0x1fae: 0x0040, 0x1faf: 0x0040,
+	0x1fb0: 0x0040, 0x1fb1: 0x0040, 0x1fb2: 0x0040, 0x1fb3: 0x0040, 0x1fb4: 0x0040, 0x1fb5: 0x0040,
+	0x1fb6: 0x0040, 0x1fb7: 0x0040, 0x1fb8: 0x0040, 0x1fb9: 0x0040, 0x1fba: 0x0040, 0x1fbb: 0x0040,
+	0x1fbc: 0x0040, 0x1fbd: 0x0040, 0x1fbe: 0x0040, 0x1fbf: 0x0040,
+}
+
+// idnaIndex: 36 blocks, 2304 entries, 4608 bytes
+// Block 0 is the zero block.
+var idnaIndex = [2304]uint16{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x01, 0xc3: 0x7d, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x04, 0xc7: 0x05,
+	0xc8: 0x06, 0xc9: 0x7e, 0xca: 0x7f, 0xcb: 0x07, 0xcc: 0x80, 0xcd: 0x08, 0xce: 0x09, 0xcf: 0x0a,
+	0xd0: 0x81, 0xd1: 0x0b, 0xd2: 0x0c, 0xd3: 0x0d, 0xd4: 0x0e, 0xd5: 0x82, 0xd6: 0x83, 0xd7: 0x84,
+	0xd8: 0x0f, 0xd9: 0x10, 0xda: 0x85, 0xdb: 0x11, 0xdc: 0x12, 0xdd: 0x86, 0xde: 0x87, 0xdf: 0x88,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06, 0xe5: 0x07, 0xe6: 0x07, 0xe7: 0x07,
+	0xe8: 0x07, 0xe9: 0x08, 0xea: 0x09, 0xeb: 0x07, 0xec: 0x07, 0xed: 0x0a, 0xee: 0x0b, 0xef: 0x0c,
+	0xf0: 0x1d, 0xf1: 0x1e, 0xf2: 0x1e, 0xf3: 0x20, 0xf4: 0x21,
+	// Block 0x4, offset 0x100
+	0x120: 0x89, 0x121: 0x13, 0x122: 0x8a, 0x123: 0x8b, 0x124: 0x8c, 0x125: 0x14, 0x126: 0x15, 0x127: 0x16,
+	0x128: 0x17, 0x129: 0x18, 0x12a: 0x19, 0x12b: 0x1a, 0x12c: 0x1b, 0x12d: 0x1c, 0x12e: 0x1d, 0x12f: 0x8d,
+	0x130: 0x8e, 0x131: 0x1e, 0x132: 0x1f, 0x133: 0x20, 0x134: 0x8f, 0x135: 0x21, 0x136: 0x90, 0x137: 0x91,
+	0x138: 0x92, 0x139: 0x93, 0x13a: 0x22, 0x13b: 0x94, 0x13c: 0x95, 0x13d: 0x23, 0x13e: 0x24, 0x13f: 0x96,
+	// Block 0x5, offset 0x140
+	0x140: 0x97, 0x141: 0x98, 0x142: 0x99, 0x143: 0x9a, 0x144: 0x9b, 0x145: 0x9c, 0x146: 0x9d, 0x147: 0x9e,
+	0x148: 0x9f, 0x149: 0xa0, 0x14a: 0xa1, 0x14b: 0xa2, 0x14c: 0xa3, 0x14d: 0xa4, 0x14e: 0xa5, 0x14f: 0xa6,
+	0x150: 0xa7, 0x151: 0x9f, 0x152: 0x9f, 0x153: 0x9f, 0x154: 0x9f, 0x155: 0x9f, 0x156: 0x9f, 0x157: 0x9f,
+	0x158: 0x9f, 0x159: 0xa8, 0x15a: 0xa9, 0x15b: 0xaa, 0x15c: 0xab, 0x15d: 0xac, 0x15e: 0xad, 0x15f: 0xae,
+	0x160: 0xaf, 0x161: 0xb0, 0x162: 0xb1, 0x163: 0xb2, 0x164: 0xb3, 0x165: 0xb4, 0x166: 0xb5, 0x167: 0xb6,
+	0x168: 0xb7, 0x169: 0xb8, 0x16a: 0xb9, 0x16b: 0xba, 0x16c: 0xbb, 0x16d: 0xbc, 0x16e: 0xbd, 0x16f: 0xbe,
+	0x170: 0xbf, 0x171: 0xc0, 0x172: 0xc1, 0x173: 0xc2, 0x174: 0x25, 0x175: 0x26, 0x176: 0x27, 0x177: 0xc3,
+	0x178: 0x28, 0x179: 0x28, 0x17a: 0x29, 0x17b: 0x28, 0x17c: 0xc4, 0x17d: 0x2a, 0x17e: 0x2b, 0x17f: 0x2c,
+	// Block 0x6, offset 0x180
+	0x180: 0x2d, 0x181: 0x2e, 0x182: 0x2f, 0x183: 0xc5, 0x184: 0x30, 0x185: 0x31, 0x186: 0xc6, 0x187: 0x9b,
+	0x188: 0xc7, 0x189: 0xc8, 0x18a: 0x9b, 0x18b: 0x9b, 0x18c: 0xc9, 0x18d: 0x9b, 0x18e: 0x9b, 0x18f: 0x9b,
+	0x190: 0xca, 0x191: 0x32, 0x192: 0x33, 0x193: 0x34, 0x194: 0x9b, 0x195: 0x9b, 0x196: 0x9b, 0x197: 0x9b,
+	0x198: 0x9b, 0x199: 0x9b, 0x19a: 0x9b, 0x19b: 0x9b, 0x19c: 0x9b, 0x19d: 0x9b, 0x19e: 0x9b, 0x19f: 0x9b,
+	0x1a0: 0x9b, 0x1a1: 0x9b, 0x1a2: 0x9b, 0x1a3: 0x9b, 0x1a4: 0x9b, 0x1a5: 0x9b, 0x1a6: 0x9b, 0x1a7: 0x9b,
+	0x1a8: 0xcb, 0x1a9: 0xcc, 0x1aa: 0x9b, 0x1ab: 0xcd, 0x1ac: 0x9b, 0x1ad: 0xce, 0x1ae: 0xcf, 0x1af: 0x9b,
+	0x1b0: 0xd0, 0x1b1: 0x35, 0x1b2: 0x28, 0x1b3: 0x36, 0x1b4: 0xd1, 0x1b5: 0xd2, 0x1b6: 0xd3, 0x1b7: 0xd4,
+	0x1b8: 0xd5, 0x1b9: 0xd6, 0x1ba: 0xd7, 0x1bb: 0xd8, 0x1bc: 0xd9, 0x1bd: 0xda, 0x1be: 0xdb, 0x1bf: 0x37,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x38, 0x1c1: 0xdc, 0x1c2: 0xdd, 0x1c3: 0xde, 0x1c4: 0xdf, 0x1c5: 0x39, 0x1c6: 0x3a, 0x1c7: 0xe0,
+	0x1c8: 0xe1, 0x1c9: 0x3b, 0x1ca: 0x3c, 0x1cb: 0x3d, 0x1cc: 0x3e, 0x1cd: 0x3f, 0x1ce: 0x40, 0x1cf: 0x41,
+	0x1d0: 0x9f, 0x1d1: 0x9f, 0x1d2: 0x9f, 0x1d3: 0x9f, 0x1d4: 0x9f, 0x1d5: 0x9f, 0x1d6: 0x9f, 0x1d7: 0x9f,
+	0x1d8: 0x9f, 0x1d9: 0x9f, 0x1da: 0x9f, 0x1db: 0x9f, 0x1dc: 0x9f, 0x1dd: 0x9f, 0x1de: 0x9f, 0x1df: 0x9f,
+	0x1e0: 0x9f, 0x1e1: 0x9f, 0x1e2: 0x9f, 0x1e3: 0x9f, 0x1e4: 0x9f, 0x1e5: 0x9f, 0x1e6: 0x9f, 0x1e7: 0x9f,
+	0x1e8: 0x9f, 0x1e9: 0x9f, 0x1ea: 0x9f, 0x1eb: 0x9f, 0x1ec: 0x9f, 0x1ed: 0x9f, 0x1ee: 0x9f, 0x1ef: 0x9f,
+	0x1f0: 0x9f, 0x1f1: 0x9f, 0x1f2: 0x9f, 0x1f3: 0x9f, 0x1f4: 0x9f, 0x1f5: 0x9f, 0x1f6: 0x9f, 0x1f7: 0x9f,
+	0x1f8: 0x9f, 0x1f9: 0x9f, 0x1fa: 0x9f, 0x1fb: 0x9f, 0x1fc: 0x9f, 0x1fd: 0x9f, 0x1fe: 0x9f, 0x1ff: 0x9f,
+	// Block 0x8, offset 0x200
+	0x200: 0x9f, 0x201: 0x9f, 0x202: 0x9f, 0x203: 0x9f, 0x204: 0x9f, 0x205: 0x9f, 0x206: 0x9f, 0x207: 0x9f,
+	0x208: 0x9f, 0x209: 0x9f, 0x20a: 0x9f, 0x20b: 0x9f, 0x20c: 0x9f, 0x20d: 0x9f, 0x20e: 0x9f, 0x20f: 0x9f,
+	0x210: 0x9f, 0x211: 0x9f, 0x212: 0x9f, 0x213: 0x9f, 0x214: 0x9f, 0x215: 0x9f, 0x216: 0x9f, 0x217: 0x9f,
+	0x218: 0x9f, 0x219: 0x9f, 0x21a: 0x9f, 0x21b: 0x9f, 0x21c: 0x9f, 0x21d: 0x9f, 0x21e: 0x9f, 0x21f: 0x9f,
+	0x220: 0x9f, 0x221: 0x9f, 0x222: 0x9f, 0x223: 0x9f, 0x224: 0x9f, 0x225: 0x9f, 0x226: 0x9f, 0x227: 0x9f,
+	0x228: 0x9f, 0x229: 0x9f, 0x22a: 0x9f, 0x22b: 0x9f, 0x22c: 0x9f, 0x22d: 0x9f, 0x22e: 0x9f, 0x22f: 0x9f,
+	0x230: 0x9f, 0x231: 0x9f, 0x232: 0x9f, 0x233: 0x9f, 0x234: 0x9f, 0x235: 0x9f, 0x236: 0xb2, 0x237: 0x9b,
+	0x238: 0x9f, 0x239: 0x9f, 0x23a: 0x9f, 0x23b: 0x9f, 0x23c: 0x9f, 0x23d: 0x9f, 0x23e: 0x9f, 0x23f: 0x9f,
+	// Block 0x9, offset 0x240
+	0x240: 0x9f, 0x241: 0x9f, 0x242: 0x9f, 0x243: 0x9f, 0x244: 0x9f, 0x245: 0x9f, 0x246: 0x9f, 0x247: 0x9f,
+	0x248: 0x9f, 0x249: 0x9f, 0x24a: 0x9f, 0x24b: 0x9f, 0x24c: 0x9f, 0x24d: 0x9f, 0x24e: 0x9f, 0x24f: 0x9f,
+	0x250: 0x9f, 0x251: 0x9f, 0x252: 0x9f, 0x253: 0x9f, 0x254: 0x9f, 0x255: 0x9f, 0x256: 0x9f, 0x257: 0x9f,
+	0x258: 0x9f, 0x259: 0x9f, 0x25a: 0x9f, 0x25b: 0x9f, 0x25c: 0x9f, 0x25d: 0x9f, 0x25e: 0x9f, 0x25f: 0x9f,
+	0x260: 0x9f, 0x261: 0x9f, 0x262: 0x9f, 0x263: 0x9f, 0x264: 0x9f, 0x265: 0x9f, 0x266: 0x9f, 0x267: 0x9f,
+	0x268: 0x9f, 0x269: 0x9f, 0x26a: 0x9f, 0x26b: 0x9f, 0x26c: 0x9f, 0x26d: 0x9f, 0x26e: 0x9f, 0x26f: 0x9f,
+	0x270: 0x9f, 0x271: 0x9f, 0x272: 0x9f, 0x273: 0x9f, 0x274: 0x9f, 0x275: 0x9f, 0x276: 0x9f, 0x277: 0x9f,
+	0x278: 0x9f, 0x279: 0x9f, 0x27a: 0x9f, 0x27b: 0x9f, 0x27c: 0x9f, 0x27d: 0x9f, 0x27e: 0x9f, 0x27f: 0x9f,
+	// Block 0xa, offset 0x280
+	0x280: 0x9f, 0x281: 0x9f, 0x282: 0x9f, 0x283: 0x9f, 0x284: 0x9f, 0x285: 0x9f, 0x286: 0x9f, 0x287: 0x9f,
+	0x288: 0x9f, 0x289: 0x9f, 0x28a: 0x9f, 0x28b: 0x9f, 0x28c: 0x9f, 0x28d: 0x9f, 0x28e: 0x9f, 0x28f: 0x9f,
+	0x290: 0x9f, 0x291: 0x9f, 0x292: 0x9f, 0x293: 0x9f, 0x294: 0x9f, 0x295: 0x9f, 0x296: 0x9f, 0x297: 0x9f,
+	0x298: 0x9f, 0x299: 0x9f, 0x29a: 0x9f, 0x29b: 0x9f, 0x29c: 0x9f, 0x29d: 0x9f, 0x29e: 0x9f, 0x29f: 0x9f,
+	0x2a0: 0x9f, 0x2a1: 0x9f, 0x2a2: 0x9f, 0x2a3: 0x9f, 0x2a4: 0x9f, 0x2a5: 0x9f, 0x2a6: 0x9f, 0x2a7: 0x9f,
+	0x2a8: 0x9f, 0x2a9: 0x9f, 0x2aa: 0x9f, 0x2ab: 0x9f, 0x2ac: 0x9f, 0x2ad: 0x9f, 0x2ae: 0x9f, 0x2af: 0x9f,
+	0x2b0: 0x9f, 0x2b1: 0x9f, 0x2b2: 0x9f, 0x2b3: 0x9f, 0x2b4: 0x9f, 0x2b5: 0x9f, 0x2b6: 0x9f, 0x2b7: 0x9f,
+	0x2b8: 0x9f, 0x2b9: 0x9f, 0x2ba: 0x9f, 0x2bb: 0x9f, 0x2bc: 0x9f, 0x2bd: 0x9f, 0x2be: 0x9f, 0x2bf: 0xe2,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x9f, 0x2c1: 0x9f, 0x2c2: 0x9f, 0x2c3: 0x9f, 0x2c4: 0x9f, 0x2c5: 0x9f, 0x2c6: 0x9f, 0x2c7: 0x9f,
+	0x2c8: 0x9f, 0x2c9: 0x9f, 0x2ca: 0x9f, 0x2cb: 0x9f, 0x2cc: 0x9f, 0x2cd: 0x9f, 0x2ce: 0x9f, 0x2cf: 0x9f,
+	0x2d0: 0x9f, 0x2d1: 0x9f, 0x2d2: 0xe3, 0x2d3: 0xe4, 0x2d4: 0x9f, 0x2d5: 0x9f, 0x2d6: 0x9f, 0x2d7: 0x9f,
+	0x2d8: 0xe5, 0x2d9: 0x42, 0x2da: 0x43, 0x2db: 0xe6, 0x2dc: 0x44, 0x2dd: 0x45, 0x2de: 0x46, 0x2df: 0xe7,
+	0x2e0: 0xe8, 0x2e1: 0xe9, 0x2e2: 0xea, 0x2e3: 0xeb, 0x2e4: 0xec, 0x2e5: 0xed, 0x2e6: 0xee, 0x2e7: 0xef,
+	0x2e8: 0xf0, 0x2e9: 0xf1, 0x2ea: 0xf2, 0x2eb: 0xf3, 0x2ec: 0xf4, 0x2ed: 0xf5, 0x2ee: 0xf6, 0x2ef: 0xf7,
+	0x2f0: 0x9f, 0x2f1: 0x9f, 0x2f2: 0x9f, 0x2f3: 0x9f, 0x2f4: 0x9f, 0x2f5: 0x9f, 0x2f6: 0x9f, 0x2f7: 0x9f,
+	0x2f8: 0x9f, 0x2f9: 0x9f, 0x2fa: 0x9f, 0x2fb: 0x9f, 0x2fc: 0x9f, 0x2fd: 0x9f, 0x2fe: 0x9f, 0x2ff: 0x9f,
+	// Block 0xc, offset 0x300
+	0x300: 0x9f, 0x301: 0x9f, 0x302: 0x9f, 0x303: 0x9f, 0x304: 0x9f, 0x305: 0x9f, 0x306: 0x9f, 0x307: 0x9f,
+	0x308: 0x9f, 0x309: 0x9f, 0x30a: 0x9f, 0x30b: 0x9f, 0x30c: 0x9f, 0x30d: 0x9f, 0x30e: 0x9f, 0x30f: 0x9f,
+	0x310: 0x9f, 0x311: 0x9f, 0x312: 0x9f, 0x313: 0x9f, 0x314: 0x9f, 0x315: 0x9f, 0x316: 0x9f, 0x317: 0x9f,
+	0x318: 0x9f, 0x319: 0x9f, 0x31a: 0x9f, 0x31b: 0x9f, 0x31c: 0x9f, 0x31d: 0x9f, 0x31e: 0xf8, 0x31f: 0xf9,
+	// Block 0xd, offset 0x340
+	0x340: 0xba, 0x341: 0xba, 0x342: 0xba, 0x343: 0xba, 0x344: 0xba, 0x345: 0xba, 0x346: 0xba, 0x347: 0xba,
+	0x348: 0xba, 0x349: 0xba, 0x34a: 0xba, 0x34b: 0xba, 0x34c: 0xba, 0x34d: 0xba, 0x34e: 0xba, 0x34f: 0xba,
+	0x350: 0xba, 0x351: 0xba, 0x352: 0xba, 0x353: 0xba, 0x354: 0xba, 0x355: 0xba, 0x356: 0xba, 0x357: 0xba,
+	0x358: 0xba, 0x359: 0xba, 0x35a: 0xba, 0x35b: 0xba, 0x35c: 0xba, 0x35d: 0xba, 0x35e: 0xba, 0x35f: 0xba,
+	0x360: 0xba, 0x361: 0xba, 0x362: 0xba, 0x363: 0xba, 0x364: 0xba, 0x365: 0xba, 0x366: 0xba, 0x367: 0xba,
+	0x368: 0xba, 0x369: 0xba, 0x36a: 0xba, 0x36b: 0xba, 0x36c: 0xba, 0x36d: 0xba, 0x36e: 0xba, 0x36f: 0xba,
+	0x370: 0xba, 0x371: 0xba, 0x372: 0xba, 0x373: 0xba, 0x374: 0xba, 0x375: 0xba, 0x376: 0xba, 0x377: 0xba,
+	0x378: 0xba, 0x379: 0xba, 0x37a: 0xba, 0x37b: 0xba, 0x37c: 0xba, 0x37d: 0xba, 0x37e: 0xba, 0x37f: 0xba,
+	// Block 0xe, offset 0x380
+	0x380: 0xba, 0x381: 0xba, 0x382: 0xba, 0x383: 0xba, 0x384: 0xba, 0x385: 0xba, 0x386: 0xba, 0x387: 0xba,
+	0x388: 0xba, 0x389: 0xba, 0x38a: 0xba, 0x38b: 0xba, 0x38c: 0xba, 0x38d: 0xba, 0x38e: 0xba, 0x38f: 0xba,
+	0x390: 0xba, 0x391: 0xba, 0x392: 0xba, 0x393: 0xba, 0x394: 0xba, 0x395: 0xba, 0x396: 0xba, 0x397: 0xba,
+	0x398: 0xba, 0x399: 0xba, 0x39a: 0xba, 0x39b: 0xba, 0x39c: 0xba, 0x39d: 0xba, 0x39e: 0xba, 0x39f: 0xba,
+	0x3a0: 0xba, 0x3a1: 0xba, 0x3a2: 0xba, 0x3a3: 0xba, 0x3a4: 0xfa, 0x3a5: 0xfb, 0x3a6: 0xfc, 0x3a7: 0xfd,
+	0x3a8: 0x47, 0x3a9: 0xfe, 0x3aa: 0xff, 0x3ab: 0x48, 0x3ac: 0x49, 0x3ad: 0x4a, 0x3ae: 0x4b, 0x3af: 0x4c,
+	0x3b0: 0x100, 0x3b1: 0x4d, 0x3b2: 0x4e, 0x3b3: 0x4f, 0x3b4: 0x50, 0x3b5: 0x51, 0x3b6: 0x101, 0x3b7: 0x52,
+	0x3b8: 0x53, 0x3b9: 0x54, 0x3ba: 0x55, 0x3bb: 0x56, 0x3bc: 0x57, 0x3bd: 0x58, 0x3be: 0x59, 0x3bf: 0x5a,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x102, 0x3c1: 0x103, 0x3c2: 0x9f, 0x3c3: 0x104, 0x3c4: 0x105, 0x3c5: 0x9b, 0x3c6: 0x106, 0x3c7: 0x107,
+	0x3c8: 0xba, 0x3c9: 0xba, 0x3ca: 0x108, 0x3cb: 0x109, 0x3cc: 0x10a, 0x3cd: 0x10b, 0x3ce: 0x10c, 0x3cf: 0x10d,
+	0x3d0: 0x10e, 0x3d1: 0x9f, 0x3d2: 0x10f, 0x3d3: 0x110, 0x3d4: 0x111, 0x3d5: 0x112, 0x3d6: 0xba, 0x3d7: 0xba,
+	0x3d8: 0x9f, 0x3d9: 0x9f, 0x3da: 0x9f, 0x3db: 0x9f, 0x3dc: 0x113, 0x3dd: 0x114, 0x3de: 0xba, 0x3df: 0xba,
+	0x3e0: 0x115, 0x3e1: 0x116, 0x3e2: 0x117, 0x3e3: 0x118, 0x3e4: 0x119, 0x3e5: 0xba, 0x3e6: 0x11a, 0x3e7: 0x11b,
+	0x3e8: 0x11c, 0x3e9: 0x11d, 0x3ea: 0x11e, 0x3eb: 0x5b, 0x3ec: 0x11f, 0x3ed: 0x120, 0x3ee: 0x5c, 0x3ef: 0xba,
+	0x3f0: 0x121, 0x3f1: 0x122, 0x3f2: 0x123, 0x3f3: 0x124, 0x3f4: 0x125, 0x3f5: 0xba, 0x3f6: 0xba, 0x3f7: 0xba,
+	0x3f8: 0xba, 0x3f9: 0x126, 0x3fa: 0xba, 0x3fb: 0xba, 0x3fc: 0x127, 0x3fd: 0x128, 0x3fe: 0xba, 0x3ff: 0x129,
+	// Block 0x10, offset 0x400
+	0x400: 0x12a, 0x401: 0x12b, 0x402: 0x12c, 0x403: 0x12d, 0x404: 0x12e, 0x405: 0x12f, 0x406: 0x130, 0x407: 0x131,
+	0x408: 0x132, 0x409: 0xba, 0x40a: 0x133, 0x40b: 0x134, 0x40c: 0x5d, 0x40d: 0x5e, 0x40e: 0xba, 0x40f: 0xba,
+	0x410: 0x135, 0x411: 0x136, 0x412: 0x137, 0x413: 0x138, 0x414: 0xba, 0x415: 0xba, 0x416: 0x139, 0x417: 0x13a,
+	0x418: 0x13b, 0x419: 0x13c, 0x41a: 0x13d, 0x41b: 0x13e, 0x41c: 0x13f, 0x41d: 0xba, 0x41e: 0xba, 0x41f: 0xba,
+	0x420: 0x140, 0x421: 0xba, 0x422: 0x141, 0x423: 0x142, 0x424: 0xba, 0x425: 0xba, 0x426: 0x143, 0x427: 0x144,
+	0x428: 0x145, 0x429: 0x146, 0x42a: 0x147, 0x42b: 0x148, 0x42c: 0xba, 0x42d: 0xba, 0x42e: 0xba, 0x42f: 0xba,
+	0x430: 0x149, 0x431: 0x14a, 0x432: 0x14b, 0x433: 0xba, 0x434: 0x14c, 0x435: 0x14d, 0x436: 0x14e, 0x437: 0xba,
+	0x438: 0xba, 0x439: 0xba, 0x43a: 0xba, 0x43b: 0x14f, 0x43c: 0xba, 0x43d: 0xba, 0x43e: 0xba, 0x43f: 0x150,
+	// Block 0x11, offset 0x440
+	0x440: 0x9f, 0x441: 0x9f, 0x442: 0x9f, 0x443: 0x9f, 0x444: 0x9f, 0x445: 0x9f, 0x446: 0x9f, 0x447: 0x9f,
+	0x448: 0x9f, 0x449: 0x9f, 0x44a: 0x9f, 0x44b: 0x9f, 0x44c: 0x9f, 0x44d: 0x9f, 0x44e: 0x151, 0x44f: 0xba,
+	0x450: 0x9b, 0x451: 0x152, 0x452: 0x9f, 0x453: 0x9f, 0x454: 0x9f, 0x455: 0x153, 0x456: 0xba, 0x457: 0xba,
+	0x458: 0xba, 0x459: 0xba, 0x45a: 0xba, 0x45b: 0xba, 0x45c: 0xba, 0x45d: 0xba, 0x45e: 0xba, 0x45f: 0xba,
+	0x460: 0xba, 0x461: 0xba, 0x462: 0xba, 0x463: 0xba, 0x464: 0xba, 0x465: 0xba, 0x466: 0xba, 0x467: 0xba,
+	0x468: 0xba, 0x469: 0xba, 0x46a: 0xba, 0x46b: 0xba, 0x46c: 0xba, 0x46d: 0xba, 0x46e: 0xba, 0x46f: 0xba,
+	0x470: 0xba, 0x471: 0xba, 0x472: 0xba, 0x473: 0xba, 0x474: 0xba, 0x475: 0xba, 0x476: 0xba, 0x477: 0xba,
+	0x478: 0xba, 0x479: 0xba, 0x47a: 0xba, 0x47b: 0xba, 0x47c: 0xba, 0x47d: 0xba, 0x47e: 0xba, 0x47f: 0xba,
+	// Block 0x12, offset 0x480
+	0x480: 0x9f, 0x481: 0x9f, 0x482: 0x9f, 0x483: 0x9f, 0x484: 0x9f, 0x485: 0x9f, 0x486: 0x9f, 0x487: 0x9f,
+	0x488: 0x9f, 0x489: 0x9f, 0x48a: 0x9f, 0x48b: 0x9f, 0x48c: 0x9f, 0x48d: 0x9f, 0x48e: 0x9f, 0x48f: 0x9f,
+	0x490: 0x154, 0x491: 0xba, 0x492: 0xba, 0x493: 0xba, 0x494: 0xba, 0x495: 0xba, 0x496: 0xba, 0x497: 0xba,
+	0x498: 0xba, 0x499: 0xba, 0x49a: 0xba, 0x49b: 0xba, 0x49c: 0xba, 0x49d: 0xba, 0x49e: 0xba, 0x49f: 0xba,
+	0x4a0: 0xba, 0x4a1: 0xba, 0x4a2: 0xba, 0x4a3: 0xba, 0x4a4: 0xba, 0x4a5: 0xba, 0x4a6: 0xba, 0x4a7: 0xba,
+	0x4a8: 0xba, 0x4a9: 0xba, 0x4aa: 0xba, 0x4ab: 0xba, 0x4ac: 0xba, 0x4ad: 0xba, 0x4ae: 0xba, 0x4af: 0xba,
+	0x4b0: 0xba, 0x4b1: 0xba, 0x4b2: 0xba, 0x4b3: 0xba, 0x4b4: 0xba, 0x4b5: 0xba, 0x4b6: 0xba, 0x4b7: 0xba,
+	0x4b8: 0xba, 0x4b9: 0xba, 0x4ba: 0xba, 0x4bb: 0xba, 0x4bc: 0xba, 0x4bd: 0xba, 0x4be: 0xba, 0x4bf: 0xba,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0xba, 0x4c1: 0xba, 0x4c2: 0xba, 0x4c3: 0xba, 0x4c4: 0xba, 0x4c5: 0xba, 0x4c6: 0xba, 0x4c7: 0xba,
+	0x4c8: 0xba, 0x4c9: 0xba, 0x4ca: 0xba, 0x4cb: 0xba, 0x4cc: 0xba, 0x4cd: 0xba, 0x4ce: 0xba, 0x4cf: 0xba,
+	0x4d0: 0x9f, 0x4d1: 0x9f, 0x4d2: 0x9f, 0x4d3: 0x9f, 0x4d4: 0x9f, 0x4d5: 0x9f, 0x4d6: 0x9f, 0x4d7: 0x9f,
+	0x4d8: 0x9f, 0x4d9: 0x155, 0x4da: 0xba, 0x4db: 0xba, 0x4dc: 0xba, 0x4dd: 0xba, 0x4de: 0xba, 0x4df: 0xba,
+	0x4e0: 0xba, 0x4e1: 0xba, 0x4e2: 0xba, 0x4e3: 0xba, 0x4e4: 0xba, 0x4e5: 0xba, 0x4e6: 0xba, 0x4e7: 0xba,
+	0x4e8: 0xba, 0x4e9: 0xba, 0x4ea: 0xba, 0x4eb: 0xba, 0x4ec: 0xba, 0x4ed: 0xba, 0x4ee: 0xba, 0x4ef: 0xba,
+	0x4f0: 0xba, 0x4f1: 0xba, 0x4f2: 0xba, 0x4f3: 0xba, 0x4f4: 0xba, 0x4f5: 0xba, 0x4f6: 0xba, 0x4f7: 0xba,
+	0x4f8: 0xba, 0x4f9: 0xba, 0x4fa: 0xba, 0x4fb: 0xba, 0x4fc: 0xba, 0x4fd: 0xba, 0x4fe: 0xba, 0x4ff: 0xba,
+	// Block 0x14, offset 0x500
+	0x500: 0xba, 0x501: 0xba, 0x502: 0xba, 0x503: 0xba, 0x504: 0xba, 0x505: 0xba, 0x506: 0xba, 0x507: 0xba,
+	0x508: 0xba, 0x509: 0xba, 0x50a: 0xba, 0x50b: 0xba, 0x50c: 0xba, 0x50d: 0xba, 0x50e: 0xba, 0x50f: 0xba,
+	0x510: 0xba, 0x511: 0xba, 0x512: 0xba, 0x513: 0xba, 0x514: 0xba, 0x515: 0xba, 0x516: 0xba, 0x517: 0xba,
+	0x518: 0xba, 0x519: 0xba, 0x51a: 0xba, 0x51b: 0xba, 0x51c: 0xba, 0x51d: 0xba, 0x51e: 0xba, 0x51f: 0xba,
+	0x520: 0x9f, 0x521: 0x9f, 0x522: 0x9f, 0x523: 0x9f, 0x524: 0x9f, 0x525: 0x9f, 0x526: 0x9f, 0x527: 0x9f,
+	0x528: 0x148, 0x529: 0x156, 0x52a: 0xba, 0x52b: 0x157, 0x52c: 0x158, 0x52d: 0x159, 0x52e: 0x15a, 0x52f: 0xba,
+	0x530: 0xba, 0x531: 0xba, 0x532: 0xba, 0x533: 0xba, 0x534: 0xba, 0x535: 0xba, 0x536: 0xba, 0x537: 0xba,
+	0x538: 0xba, 0x539: 0x15b, 0x53a: 0x15c, 0x53b: 0xba, 0x53c: 0x9f, 0x53d: 0x15d, 0x53e: 0x15e, 0x53f: 0x15f,
+	// Block 0x15, offset 0x540
+	0x540: 0x9f, 0x541: 0x9f, 0x542: 0x9f, 0x543: 0x9f, 0x544: 0x9f, 0x545: 0x9f, 0x546: 0x9f, 0x547: 0x9f,
+	0x548: 0x9f, 0x549: 0x9f, 0x54a: 0x9f, 0x54b: 0x9f, 0x54c: 0x9f, 0x54d: 0x9f, 0x54e: 0x9f, 0x54f: 0x9f,
+	0x550: 0x9f, 0x551: 0x9f, 0x552: 0x9f, 0x553: 0x9f, 0x554: 0x9f, 0x555: 0x9f, 0x556: 0x9f, 0x557: 0x9f,
+	0x558: 0x9f, 0x559: 0x9f, 0x55a: 0x9f, 0x55b: 0x9f, 0x55c: 0x9f, 0x55d: 0x9f, 0x55e: 0x9f, 0x55f: 0x160,
+	0x560: 0x9f, 0x561: 0x9f, 0x562: 0x9f, 0x563: 0x9f, 0x564: 0x9f, 0x565: 0x9f, 0x566: 0x9f, 0x567: 0x9f,
+	0x568: 0x9f, 0x569: 0x9f, 0x56a: 0x9f, 0x56b: 0x161, 0x56c: 0xba, 0x56d: 0xba, 0x56e: 0xba, 0x56f: 0xba,
+	0x570: 0xba, 0x571: 0xba, 0x572: 0xba, 0x573: 0xba, 0x574: 0xba, 0x575: 0xba, 0x576: 0xba, 0x577: 0xba,
+	0x578: 0xba, 0x579: 0xba, 0x57a: 0xba, 0x57b: 0xba, 0x57c: 0xba, 0x57d: 0xba, 0x57e: 0xba, 0x57f: 0xba,
+	// Block 0x16, offset 0x580
+	0x580: 0x9f, 0x581: 0x9f, 0x582: 0x9f, 0x583: 0x9f, 0x584: 0x162, 0x585: 0x163, 0x586: 0x9f, 0x587: 0x9f,
+	0x588: 0x9f, 0x589: 0x9f, 0x58a: 0x9f, 0x58b: 0x164, 0x58c: 0xba, 0x58d: 0xba, 0x58e: 0xba, 0x58f: 0xba,
+	0x590: 0xba, 0x591: 0xba, 0x592: 0xba, 0x593: 0xba, 0x594: 0xba, 0x595: 0xba, 0x596: 0xba, 0x597: 0xba,
+	0x598: 0xba, 0x599: 0xba, 0x59a: 0xba, 0x59b: 0xba, 0x59c: 0xba, 0x59d: 0xba, 0x59e: 0xba, 0x59f: 0xba,
+	0x5a0: 0xba, 0x5a1: 0xba, 0x5a2: 0xba, 0x5a3: 0xba, 0x5a4: 0xba, 0x5a5: 0xba, 0x5a6: 0xba, 0x5a7: 0xba,
+	0x5a8: 0xba, 0x5a9: 0xba, 0x5aa: 0xba, 0x5ab: 0xba, 0x5ac: 0xba, 0x5ad: 0xba, 0x5ae: 0xba, 0x5af: 0xba,
+	0x5b0: 0x9f, 0x5b1: 0x165, 0x5b2: 0x166, 0x5b3: 0xba, 0x5b4: 0xba, 0x5b5: 0xba, 0x5b6: 0xba, 0x5b7: 0xba,
+	0x5b8: 0xba, 0x5b9: 0xba, 0x5ba: 0xba, 0x5bb: 0xba, 0x5bc: 0xba, 0x5bd: 0xba, 0x5be: 0xba, 0x5bf: 0xba,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x9b, 0x5c1: 0x9b, 0x5c2: 0x9b, 0x5c3: 0x167, 0x5c4: 0x168, 0x5c5: 0x169, 0x5c6: 0x16a, 0x5c7: 0x16b,
+	0x5c8: 0x9b, 0x5c9: 0x16c, 0x5ca: 0xba, 0x5cb: 0x16d, 0x5cc: 0x9b, 0x5cd: 0x16e, 0x5ce: 0xba, 0x5cf: 0xba,
+	0x5d0: 0x5f, 0x5d1: 0x60, 0x5d2: 0x61, 0x5d3: 0x62, 0x5d4: 0x63, 0x5d5: 0x64, 0x5d6: 0x65, 0x5d7: 0x66,
+	0x5d8: 0x67, 0x5d9: 0x68, 0x5da: 0x69, 0x5db: 0x6a, 0x5dc: 0x6b, 0x5dd: 0x6c, 0x5de: 0x6d, 0x5df: 0x6e,
+	0x5e0: 0x9b, 0x5e1: 0x9b, 0x5e2: 0x9b, 0x5e3: 0x9b, 0x5e4: 0x9b, 0x5e5: 0x9b, 0x5e6: 0x9b, 0x5e7: 0x9b,
+	0x5e8: 0x16f, 0x5e9: 0x170, 0x5ea: 0x171, 0x5eb: 0xba, 0x5ec: 0xba, 0x5ed: 0xba, 0x5ee: 0xba, 0x5ef: 0xba,
+	0x5f0: 0xba, 0x5f1: 0xba, 0x5f2: 0xba, 0x5f3: 0xba, 0x5f4: 0xba, 0x5f5: 0xba, 0x5f6: 0xba, 0x5f7: 0xba,
+	0x5f8: 0xba, 0x5f9: 0xba, 0x5fa: 0xba, 0x5fb: 0xba, 0x5fc: 0xba, 0x5fd: 0xba, 0x5fe: 0xba, 0x5ff: 0xba,
+	// Block 0x18, offset 0x600
+	0x600: 0x172, 0x601: 0xba, 0x602: 0xba, 0x603: 0xba, 0x604: 0x173, 0x605: 0x174, 0x606: 0xba, 0x607: 0xba,
+	0x608: 0xba, 0x609: 0xba, 0x60a: 0xba, 0x60b: 0x175, 0x60c: 0xba, 0x60d: 0xba, 0x60e: 0xba, 0x60f: 0xba,
+	0x610: 0xba, 0x611: 0xba, 0x612: 0xba, 0x613: 0xba, 0x614: 0xba, 0x615: 0xba, 0x616: 0xba, 0x617: 0xba,
+	0x618: 0xba, 0x619: 0xba, 0x61a: 0xba, 0x61b: 0xba, 0x61c: 0xba, 0x61d: 0xba, 0x61e: 0xba, 0x61f: 0xba,
+	0x620: 0x121, 0x621: 0x121, 0x622: 0x121, 0x623: 0x176, 0x624: 0x6f, 0x625: 0x177, 0x626: 0xba, 0x627: 0xba,
+	0x628: 0xba, 0x629: 0xba, 0x62a: 0xba, 0x62b: 0xba, 0x62c: 0xba, 0x62d: 0xba, 0x62e: 0xba, 0x62f: 0xba,
+	0x630: 0xba, 0x631: 0x178, 0x632: 0x179, 0x633: 0xba, 0x634: 0x17a, 0x635: 0xba, 0x636: 0xba, 0x637: 0xba,
+	0x638: 0x70, 0x639: 0x71, 0x63a: 0x72, 0x63b: 0x17b, 0x63c: 0xba, 0x63d: 0xba, 0x63e: 0xba, 0x63f: 0xba,
+	// Block 0x19, offset 0x640
+	0x640: 0x17c, 0x641: 0x9b, 0x642: 0x17d, 0x643: 0x17e, 0x644: 0x73, 0x645: 0x74, 0x646: 0x17f, 0x647: 0x180,
+	0x648: 0x75, 0x649: 0x181, 0x64a: 0xba, 0x64b: 0xba, 0x64c: 0x9b, 0x64d: 0x9b, 0x64e: 0x9b, 0x64f: 0x9b,
+	0x650: 0x9b, 0x651: 0x9b, 0x652: 0x9b, 0x653: 0x9b, 0x654: 0x9b, 0x655: 0x9b, 0x656: 0x9b, 0x657: 0x9b,
+	0x658: 0x9b, 0x659: 0x9b, 0x65a: 0x9b, 0x65b: 0x182, 0x65c: 0x9b, 0x65d: 0x183, 0x65e: 0x9b, 0x65f: 0x184,
+	0x660: 0x185, 0x661: 0x186, 0x662: 0x187, 0x663: 0xba, 0x664: 0x188, 0x665: 0x189, 0x666: 0x18a, 0x667: 0x18b,
+	0x668: 0x9b, 0x669: 0x18c, 0x66a: 0x18d, 0x66b: 0xba, 0x66c: 0xba, 0x66d: 0xba, 0x66e: 0xba, 0x66f: 0xba,
+	0x670: 0xba, 0x671: 0xba, 0x672: 0xba, 0x673: 0xba, 0x674: 0xba, 0x675: 0xba, 0x676: 0xba, 0x677: 0xba,
+	0x678: 0xba, 0x679: 0xba, 0x67a: 0xba, 0x67b: 0xba, 0x67c: 0xba, 0x67d: 0xba, 0x67e: 0xba, 0x67f: 0xba,
+	// Block 0x1a, offset 0x680
+	0x680: 0x9f, 0x681: 0x9f, 0x682: 0x9f, 0x683: 0x9f, 0x684: 0x9f, 0x685: 0x9f, 0x686: 0x9f, 0x687: 0x9f,
+	0x688: 0x9f, 0x689: 0x9f, 0x68a: 0x9f, 0x68b: 0x9f, 0x68c: 0x9f, 0x68d: 0x9f, 0x68e: 0x9f, 0x68f: 0x9f,
+	0x690: 0x9f, 0x691: 0x9f, 0x692: 0x9f, 0x693: 0x9f, 0x694: 0x9f, 0x695: 0x9f, 0x696: 0x9f, 0x697: 0x9f,
+	0x698: 0x9f, 0x699: 0x9f, 0x69a: 0x9f, 0x69b: 0x18e, 0x69c: 0x9f, 0x69d: 0x9f, 0x69e: 0x9f, 0x69f: 0x9f,
+	0x6a0: 0x9f, 0x6a1: 0x9f, 0x6a2: 0x9f, 0x6a3: 0x9f, 0x6a4: 0x9f, 0x6a5: 0x9f, 0x6a6: 0x9f, 0x6a7: 0x9f,
+	0x6a8: 0x9f, 0x6a9: 0x9f, 0x6aa: 0x9f, 0x6ab: 0x9f, 0x6ac: 0x9f, 0x6ad: 0x9f, 0x6ae: 0x9f, 0x6af: 0x9f,
+	0x6b0: 0x9f, 0x6b1: 0x9f, 0x6b2: 0x9f, 0x6b3: 0x9f, 0x6b4: 0x9f, 0x6b5: 0x9f, 0x6b6: 0x9f, 0x6b7: 0x9f,
+	0x6b8: 0x9f, 0x6b9: 0x9f, 0x6ba: 0x9f, 0x6bb: 0x9f, 0x6bc: 0x9f, 0x6bd: 0x9f, 0x6be: 0x9f, 0x6bf: 0x9f,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x9f, 0x6c1: 0x9f, 0x6c2: 0x9f, 0x6c3: 0x9f, 0x6c4: 0x9f, 0x6c5: 0x9f, 0x6c6: 0x9f, 0x6c7: 0x9f,
+	0x6c8: 0x9f, 0x6c9: 0x9f, 0x6ca: 0x9f, 0x6cb: 0x9f, 0x6cc: 0x9f, 0x6cd: 0x9f, 0x6ce: 0x9f, 0x6cf: 0x9f,
+	0x6d0: 0x9f, 0x6d1: 0x9f, 0x6d2: 0x9f, 0x6d3: 0x9f, 0x6d4: 0x9f, 0x6d5: 0x9f, 0x6d6: 0x9f, 0x6d7: 0x9f,
+	0x6d8: 0x9f, 0x6d9: 0x9f, 0x6da: 0x9f, 0x6db: 0x9f, 0x6dc: 0x18f, 0x6dd: 0x9f, 0x6de: 0x9f, 0x6df: 0x9f,
+	0x6e0: 0x190, 0x6e1: 0x9f, 0x6e2: 0x9f, 0x6e3: 0x9f, 0x6e4: 0x9f, 0x6e5: 0x9f, 0x6e6: 0x9f, 0x6e7: 0x9f,
+	0x6e8: 0x9f, 0x6e9: 0x9f, 0x6ea: 0x9f, 0x6eb: 0x9f, 0x6ec: 0x9f, 0x6ed: 0x9f, 0x6ee: 0x9f, 0x6ef: 0x9f,
+	0x6f0: 0x9f, 0x6f1: 0x9f, 0x6f2: 0x9f, 0x6f3: 0x9f, 0x6f4: 0x9f, 0x6f5: 0x9f, 0x6f6: 0x9f, 0x6f7: 0x9f,
+	0x6f8: 0x9f, 0x6f9: 0x9f, 0x6fa: 0x9f, 0x6fb: 0x9f, 0x6fc: 0x9f, 0x6fd: 0x9f, 0x6fe: 0x9f, 0x6ff: 0x9f,
+	// Block 0x1c, offset 0x700
+	0x700: 0x9f, 0x701: 0x9f, 0x702: 0x9f, 0x703: 0x9f, 0x704: 0x9f, 0x705: 0x9f, 0x706: 0x9f, 0x707: 0x9f,
+	0x708: 0x9f, 0x709: 0x9f, 0x70a: 0x9f, 0x70b: 0x9f, 0x70c: 0x9f, 0x70d: 0x9f, 0x70e: 0x9f, 0x70f: 0x9f,
+	0x710: 0x9f, 0x711: 0x9f, 0x712: 0x9f, 0x713: 0x9f, 0x714: 0x9f, 0x715: 0x9f, 0x716: 0x9f, 0x717: 0x9f,
+	0x718: 0x9f, 0x719: 0x9f, 0x71a: 0x9f, 0x71b: 0x9f, 0x71c: 0x9f, 0x71d: 0x9f, 0x71e: 0x9f, 0x71f: 0x9f,
+	0x720: 0x9f, 0x721: 0x9f, 0x722: 0x9f, 0x723: 0x9f, 0x724: 0x9f, 0x725: 0x9f, 0x726: 0x9f, 0x727: 0x9f,
+	0x728: 0x9f, 0x729: 0x9f, 0x72a: 0x9f, 0x72b: 0x9f, 0x72c: 0x9f, 0x72d: 0x9f, 0x72e: 0x9f, 0x72f: 0x9f,
+	0x730: 0x9f, 0x731: 0x9f, 0x732: 0x9f, 0x733: 0x9f, 0x734: 0x9f, 0x735: 0x9f, 0x736: 0x9f, 0x737: 0x9f,
+	0x738: 0x9f, 0x739: 0x9f, 0x73a: 0x191, 0x73b: 0x9f, 0x73c: 0x9f, 0x73d: 0x9f, 0x73e: 0x9f, 0x73f: 0x9f,
+	// Block 0x1d, offset 0x740
+	0x740: 0x9f, 0x741: 0x9f, 0x742: 0x9f, 0x743: 0x9f, 0x744: 0x9f, 0x745: 0x9f, 0x746: 0x9f, 0x747: 0x9f,
+	0x748: 0x9f, 0x749: 0x9f, 0x74a: 0x9f, 0x74b: 0x9f, 0x74c: 0x9f, 0x74d: 0x9f, 0x74e: 0x9f, 0x74f: 0x9f,
+	0x750: 0x9f, 0x751: 0x9f, 0x752: 0x9f, 0x753: 0x9f, 0x754: 0x9f, 0x755: 0x9f, 0x756: 0x9f, 0x757: 0x9f,
+	0x758: 0x9f, 0x759: 0x9f, 0x75a: 0x9f, 0x75b: 0x9f, 0x75c: 0x9f, 0x75d: 0x9f, 0x75e: 0x9f, 0x75f: 0x9f,
+	0x760: 0x9f, 0x761: 0x9f, 0x762: 0x9f, 0x763: 0x9f, 0x764: 0x9f, 0x765: 0x9f, 0x766: 0x9f, 0x767: 0x9f,
+	0x768: 0x9f, 0x769: 0x9f, 0x76a: 0x9f, 0x76b: 0x9f, 0x76c: 0x9f, 0x76d: 0x9f, 0x76e: 0x9f, 0x76f: 0x192,
+	0x770: 0xba, 0x771: 0xba, 0x772: 0xba, 0x773: 0xba, 0x774: 0xba, 0x775: 0xba, 0x776: 0xba, 0x777: 0xba,
+	0x778: 0xba, 0x779: 0xba, 0x77a: 0xba, 0x77b: 0xba, 0x77c: 0xba, 0x77d: 0xba, 0x77e: 0xba, 0x77f: 0xba,
+	// Block 0x1e, offset 0x780
+	0x780: 0xba, 0x781: 0xba, 0x782: 0xba, 0x783: 0xba, 0x784: 0xba, 0x785: 0xba, 0x786: 0xba, 0x787: 0xba,
+	0x788: 0xba, 0x789: 0xba, 0x78a: 0xba, 0x78b: 0xba, 0x78c: 0xba, 0x78d: 0xba, 0x78e: 0xba, 0x78f: 0xba,
+	0x790: 0xba, 0x791: 0xba, 0x792: 0xba, 0x793: 0xba, 0x794: 0xba, 0x795: 0xba, 0x796: 0xba, 0x797: 0xba,
+	0x798: 0xba, 0x799: 0xba, 0x79a: 0xba, 0x79b: 0xba, 0x79c: 0xba, 0x79d: 0xba, 0x79e: 0xba, 0x79f: 0xba,
+	0x7a0: 0x76, 0x7a1: 0x77, 0x7a2: 0x78, 0x7a3: 0x193, 0x7a4: 0x79, 0x7a5: 0x7a, 0x7a6: 0x194, 0x7a7: 0x7b,
+	0x7a8: 0x7c, 0x7a9: 0xba, 0x7aa: 0xba, 0x7ab: 0xba, 0x7ac: 0xba, 0x7ad: 0xba, 0x7ae: 0xba, 0x7af: 0xba,
+	0x7b0: 0xba, 0x7b1: 0xba, 0x7b2: 0xba, 0x7b3: 0xba, 0x7b4: 0xba, 0x7b5: 0xba, 0x7b6: 0xba, 0x7b7: 0xba,
+	0x7b8: 0xba, 0x7b9: 0xba, 0x7ba: 0xba, 0x7bb: 0xba, 0x7bc: 0xba, 0x7bd: 0xba, 0x7be: 0xba, 0x7bf: 0xba,
+	// Block 0x1f, offset 0x7c0
+	0x7d0: 0x0d, 0x7d1: 0x0e, 0x7d2: 0x0f, 0x7d3: 0x10, 0x7d4: 0x11, 0x7d5: 0x0b, 0x7d6: 0x12, 0x7d7: 0x07,
+	0x7d8: 0x13, 0x7d9: 0x0b, 0x7da: 0x0b, 0x7db: 0x14, 0x7dc: 0x0b, 0x7dd: 0x15, 0x7de: 0x16, 0x7df: 0x17,
+	0x7e0: 0x07, 0x7e1: 0x07, 0x7e2: 0x07, 0x7e3: 0x07, 0x7e4: 0x07, 0x7e5: 0x07, 0x7e6: 0x07, 0x7e7: 0x07,
+	0x7e8: 0x07, 0x7e9: 0x07, 0x7ea: 0x18, 0x7eb: 0x19, 0x7ec: 0x1a, 0x7ed: 0x07, 0x7ee: 0x1b, 0x7ef: 0x1c,
+	0x7f0: 0x0b, 0x7f1: 0x0b, 0x7f2: 0x0b, 0x7f3: 0x0b, 0x7f4: 0x0b, 0x7f5: 0x0b, 0x7f6: 0x0b, 0x7f7: 0x0b,
+	0x7f8: 0x0b, 0x7f9: 0x0b, 0x7fa: 0x0b, 0x7fb: 0x0b, 0x7fc: 0x0b, 0x7fd: 0x0b, 0x7fe: 0x0b, 0x7ff: 0x0b,
+	// Block 0x20, offset 0x800
+	0x800: 0x0b, 0x801: 0x0b, 0x802: 0x0b, 0x803: 0x0b, 0x804: 0x0b, 0x805: 0x0b, 0x806: 0x0b, 0x807: 0x0b,
+	0x808: 0x0b, 0x809: 0x0b, 0x80a: 0x0b, 0x80b: 0x0b, 0x80c: 0x0b, 0x80d: 0x0b, 0x80e: 0x0b, 0x80f: 0x0b,
+	0x810: 0x0b, 0x811: 0x0b, 0x812: 0x0b, 0x813: 0x0b, 0x814: 0x0b, 0x815: 0x0b, 0x816: 0x0b, 0x817: 0x0b,
+	0x818: 0x0b, 0x819: 0x0b, 0x81a: 0x0b, 0x81b: 0x0b, 0x81c: 0x0b, 0x81d: 0x0b, 0x81e: 0x0b, 0x81f: 0x0b,
+	0x820: 0x0b, 0x821: 0x0b, 0x822: 0x0b, 0x823: 0x0b, 0x824: 0x0b, 0x825: 0x0b, 0x826: 0x0b, 0x827: 0x0b,
+	0x828: 0x0b, 0x829: 0x0b, 0x82a: 0x0b, 0x82b: 0x0b, 0x82c: 0x0b, 0x82d: 0x0b, 0x82e: 0x0b, 0x82f: 0x0b,
+	0x830: 0x0b, 0x831: 0x0b, 0x832: 0x0b, 0x833: 0x0b, 0x834: 0x0b, 0x835: 0x0b, 0x836: 0x0b, 0x837: 0x0b,
+	0x838: 0x0b, 0x839: 0x0b, 0x83a: 0x0b, 0x83b: 0x0b, 0x83c: 0x0b, 0x83d: 0x0b, 0x83e: 0x0b, 0x83f: 0x0b,
+	// Block 0x21, offset 0x840
+	0x840: 0x195, 0x841: 0x196, 0x842: 0xba, 0x843: 0xba, 0x844: 0x197, 0x845: 0x197, 0x846: 0x197, 0x847: 0x198,
+	0x848: 0xba, 0x849: 0xba, 0x84a: 0xba, 0x84b: 0xba, 0x84c: 0xba, 0x84d: 0xba, 0x84e: 0xba, 0x84f: 0xba,
+	0x850: 0xba, 0x851: 0xba, 0x852: 0xba, 0x853: 0xba, 0x854: 0xba, 0x855: 0xba, 0x856: 0xba, 0x857: 0xba,
+	0x858: 0xba, 0x859: 0xba, 0x85a: 0xba, 0x85b: 0xba, 0x85c: 0xba, 0x85d: 0xba, 0x85e: 0xba, 0x85f: 0xba,
+	0x860: 0xba, 0x861: 0xba, 0x862: 0xba, 0x863: 0xba, 0x864: 0xba, 0x865: 0xba, 0x866: 0xba, 0x867: 0xba,
+	0x868: 0xba, 0x869: 0xba, 0x86a: 0xba, 0x86b: 0xba, 0x86c: 0xba, 0x86d: 0xba, 0x86e: 0xba, 0x86f: 0xba,
+	0x870: 0xba, 0x871: 0xba, 0x872: 0xba, 0x873: 0xba, 0x874: 0xba, 0x875: 0xba, 0x876: 0xba, 0x877: 0xba,
+	0x878: 0xba, 0x879: 0xba, 0x87a: 0xba, 0x87b: 0xba, 0x87c: 0xba, 0x87d: 0xba, 0x87e: 0xba, 0x87f: 0xba,
+	// Block 0x22, offset 0x880
+	0x880: 0x0b, 0x881: 0x0b, 0x882: 0x0b, 0x883: 0x0b, 0x884: 0x0b, 0x885: 0x0b, 0x886: 0x0b, 0x887: 0x0b,
+	0x888: 0x0b, 0x889: 0x0b, 0x88a: 0x0b, 0x88b: 0x0b, 0x88c: 0x0b, 0x88d: 0x0b, 0x88e: 0x0b, 0x88f: 0x0b,
+	0x890: 0x0b, 0x891: 0x0b, 0x892: 0x0b, 0x893: 0x0b, 0x894: 0x0b, 0x895: 0x0b, 0x896: 0x0b, 0x897: 0x0b,
+	0x898: 0x0b, 0x899: 0x0b, 0x89a: 0x0b, 0x89b: 0x0b, 0x89c: 0x0b, 0x89d: 0x0b, 0x89e: 0x0b, 0x89f: 0x0b,
+	0x8a0: 0x1f, 0x8a1: 0x0b, 0x8a2: 0x0b, 0x8a3: 0x0b, 0x8a4: 0x0b, 0x8a5: 0x0b, 0x8a6: 0x0b, 0x8a7: 0x0b,
+	0x8a8: 0x0b, 0x8a9: 0x0b, 0x8aa: 0x0b, 0x8ab: 0x0b, 0x8ac: 0x0b, 0x8ad: 0x0b, 0x8ae: 0x0b, 0x8af: 0x0b,
+	0x8b0: 0x0b, 0x8b1: 0x0b, 0x8b2: 0x0b, 0x8b3: 0x0b, 0x8b4: 0x0b, 0x8b5: 0x0b, 0x8b6: 0x0b, 0x8b7: 0x0b,
+	0x8b8: 0x0b, 0x8b9: 0x0b, 0x8ba: 0x0b, 0x8bb: 0x0b, 0x8bc: 0x0b, 0x8bd: 0x0b, 0x8be: 0x0b, 0x8bf: 0x0b,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x0b, 0x8c1: 0x0b, 0x8c2: 0x0b, 0x8c3: 0x0b, 0x8c4: 0x0b, 0x8c5: 0x0b, 0x8c6: 0x0b, 0x8c7: 0x0b,
+	0x8c8: 0x0b, 0x8c9: 0x0b, 0x8ca: 0x0b, 0x8cb: 0x0b, 0x8cc: 0x0b, 0x8cd: 0x0b, 0x8ce: 0x0b, 0x8cf: 0x0b,
+}
+
+// idnaSparseOffset: 284 entries, 568 bytes
+var idnaSparseOffset = []uint16{0x0, 0x8, 0x19, 0x25, 0x27, 0x2c, 0x33, 0x3e, 0x4a, 0x4e, 0x5d, 0x62, 0x6c, 0x78, 0x86, 0x8b, 0x94, 0xa4, 0xb2, 0xbe, 0xca, 0xdb, 0xe5, 0xec, 0xf9, 0x10a, 0x111, 0x11c, 0x12b, 0x139, 0x143, 0x145, 0x14a, 0x14d, 0x150, 0x152, 0x15e, 0x169, 0x171, 0x177, 0x17d, 0x182, 0x187, 0x18a, 0x18e, 0x194, 0x199, 0x1a5, 0x1af, 0x1b5, 0x1c6, 0x1d0, 0x1d3, 0x1db, 0x1de, 0x1eb, 0x1f3, 0x1f7, 0x1fe, 0x206, 0x216, 0x222, 0x224, 0x22e, 0x23a, 0x246, 0x252, 0x25a, 0x25f, 0x26c, 0x27d, 0x281, 0x28c, 0x290, 0x299, 0x2a1, 0x2a7, 0x2ac, 0x2af, 0x2b3, 0x2b9, 0x2bd, 0x2c1, 0x2c5, 0x2cb, 0x2d3, 0x2da, 0x2e5, 0x2ef, 0x2f3, 0x2f6, 0x2fc, 0x300, 0x302, 0x305, 0x307, 0x30a, 0x314, 0x317, 0x326, 0x32a, 0x32f, 0x332, 0x336, 0x33b, 0x340, 0x346, 0x352, 0x361, 0x367, 0x36b, 0x37a, 0x37f, 0x387, 0x391, 0x39c, 0x3a4, 0x3b5, 0x3be, 0x3ce, 0x3db, 0x3e5, 0x3ea, 0x3f7, 0x3fb, 0x400, 0x402, 0x406, 0x408, 0x40c, 0x415, 0x41b, 0x41f, 0x42f, 0x439, 0x43e, 0x441, 0x447, 0x44e, 0x453, 0x457, 0x45d, 0x462, 0x46b, 0x470, 0x476, 0x47d, 0x484, 0x48b, 0x48f, 0x494, 0x497, 0x49c, 0x4a8, 0x4ae, 0x4b3, 0x4ba, 0x4c2, 0x4c7, 0x4cb, 0x4db, 0x4e2, 0x4e6, 0x4ea, 0x4f1, 0x4f3, 0x4f6, 0x4f9, 0x4fd, 0x506, 0x50a, 0x512, 0x51a, 0x51e, 0x524, 0x52d, 0x539, 0x540, 0x549, 0x553, 0x55a, 0x568, 0x575, 0x582, 0x58b, 0x58f, 0x59f, 0x5a7, 0x5b2, 0x5bb, 0x5c1, 0x5c9, 0x5d2, 0x5dd, 0x5e0, 0x5ec, 0x5f5, 0x5f8, 0x5fd, 0x602, 0x60f, 0x61a, 0x623, 0x62d, 0x630, 0x63a, 0x643, 0x64f, 0x65c, 0x669, 0x677, 0x67e, 0x682, 0x685, 0x68a, 0x68d, 0x692, 0x695, 0x69c, 0x6a3, 0x6a7, 0x6b2, 0x6b5, 0x6b8, 0x6bb, 0x6c1, 0x6c7, 0x6cd, 0x6d0, 0x6d3, 0x6d6, 0x6dd, 0x6e0, 0x6e5, 0x6ef, 0x6f2, 0x6f6, 0x705, 0x711, 0x715, 0x71a, 0x71e, 0x723, 0x727, 0x72c, 0x735, 0x740, 0x746, 0x74c, 0x752, 0x758, 0x761, 0x764, 0x767, 0x76b, 0x76f, 0x773, 0x779, 0x77f, 0x784, 0x787, 0x797, 0x79e, 0x7a1, 0x7a6, 0x7aa, 0x7b0, 0x7b5, 0x7b9, 0x7bf, 0x7c5, 0x7c9, 0x7d2, 0x7d7, 0x7da, 0x7dd, 0x7e1, 0x7e5, 0x7e8, 0x7f8, 0x809, 0x80e, 0x810, 0x812}
+
+// idnaSparseValues: 2069 entries, 8276 bytes
+var idnaSparseValues = [2069]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0000, lo: 0x07},
+	{value: 0xe105, lo: 0x80, hi: 0x96},
+	{value: 0x0018, lo: 0x97, hi: 0x97},
+	{value: 0xe105, lo: 0x98, hi: 0x9e},
+	{value: 0x001f, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbf},
+	// Block 0x1, offset 0x8
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0xe01d, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0335, lo: 0x83, hi: 0x83},
+	{value: 0x034d, lo: 0x84, hi: 0x84},
+	{value: 0x0365, lo: 0x85, hi: 0x85},
+	{value: 0xe00d, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0xe00d, lo: 0x88, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x89},
+	{value: 0xe00d, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe00d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0x8d},
+	{value: 0xe00d, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0xbf},
+	// Block 0x2, offset 0x19
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x0249, lo: 0xb0, hi: 0xb0},
+	{value: 0x037d, lo: 0xb1, hi: 0xb1},
+	{value: 0x0259, lo: 0xb2, hi: 0xb2},
+	{value: 0x0269, lo: 0xb3, hi: 0xb3},
+	{value: 0x034d, lo: 0xb4, hi: 0xb4},
+	{value: 0x0395, lo: 0xb5, hi: 0xb5},
+	{value: 0xe1bd, lo: 0xb6, hi: 0xb6},
+	{value: 0x0279, lo: 0xb7, hi: 0xb7},
+	{value: 0x0289, lo: 0xb8, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbf},
+	// Block 0x3, offset 0x25
+	{value: 0x0000, lo: 0x01},
+	{value: 0x3308, lo: 0x80, hi: 0xbf},
+	// Block 0x4, offset 0x27
+	{value: 0x0000, lo: 0x04},
+	{value: 0x03f5, lo: 0x80, hi: 0x8f},
+	{value: 0xe105, lo: 0x90, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x5, offset 0x2c
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x0545, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x0008, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x6, offset 0x33
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0401, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0x0018, lo: 0x89, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0xbd},
+	{value: 0x0818, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x7, offset 0x3e
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0818, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x82},
+	{value: 0x0818, lo: 0x83, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x85},
+	{value: 0x0818, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xae},
+	{value: 0x0808, lo: 0xaf, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x8, offset 0x4a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0a08, lo: 0x80, hi: 0x87},
+	{value: 0x0c08, lo: 0x88, hi: 0x99},
+	{value: 0x0a08, lo: 0x9a, hi: 0xbf},
+	// Block 0x9, offset 0x4e
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3308, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0c08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0a08, lo: 0x8e, hi: 0x98},
+	{value: 0x0c08, lo: 0x99, hi: 0x9b},
+	{value: 0x0a08, lo: 0x9c, hi: 0xaa},
+	{value: 0x0c08, lo: 0xab, hi: 0xac},
+	{value: 0x0a08, lo: 0xad, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb1},
+	{value: 0x0a08, lo: 0xb2, hi: 0xb2},
+	{value: 0x0c08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0a08, lo: 0xb5, hi: 0xb7},
+	{value: 0x0c08, lo: 0xb8, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbf},
+	// Block 0xa, offset 0x5d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xb0},
+	{value: 0x0808, lo: 0xb1, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xb, offset 0x62
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0808, lo: 0x80, hi: 0x89},
+	{value: 0x0a08, lo: 0x8a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x0818, lo: 0xbe, hi: 0xbf},
+	// Block 0xc, offset 0x6c
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x99},
+	{value: 0x0808, lo: 0x9a, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa3},
+	{value: 0x0808, lo: 0xa4, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa7},
+	{value: 0x0808, lo: 0xa8, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0818, lo: 0xb0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xd, offset 0x78
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0a08, lo: 0xa0, hi: 0xa9},
+	{value: 0x0c08, lo: 0xaa, hi: 0xac},
+	{value: 0x0808, lo: 0xad, hi: 0xad},
+	{value: 0x0c08, lo: 0xae, hi: 0xae},
+	{value: 0x0a08, lo: 0xaf, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb2},
+	{value: 0x0a08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0a08, lo: 0xb6, hi: 0xb8},
+	{value: 0x0c08, lo: 0xb9, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0xe, offset 0x86
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x92},
+	{value: 0x3308, lo: 0x93, hi: 0xa1},
+	{value: 0x0840, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xbf},
+	// Block 0xf, offset 0x8b
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x10, offset 0x94
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x85},
+	{value: 0x3008, lo: 0x86, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x3008, lo: 0x8a, hi: 0x8c},
+	{value: 0x3b08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x11, offset 0xa4
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x12, offset 0xb2
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xba},
+	{value: 0x3b08, lo: 0xbb, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x13, offset 0xbe
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0040, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x14, offset 0xca
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x89},
+	{value: 0x3b08, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x3008, lo: 0x98, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x15, offset 0xdb
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb2},
+	{value: 0x08f1, lo: 0xb3, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb9},
+	{value: 0x3b08, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0x16, offset 0xe5
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x8e},
+	{value: 0x0018, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0xbf},
+	// Block 0x17, offset 0xec
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0961, lo: 0x9c, hi: 0x9c},
+	{value: 0x0999, lo: 0x9d, hi: 0x9d},
+	{value: 0x0008, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x18, offset 0xf9
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe03d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x19, offset 0x10a
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0xbf},
+	// Block 0x1a, offset 0x111
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x1b, offset 0x11c
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x3008, lo: 0x96, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x3308, lo: 0x9e, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3008, lo: 0xa2, hi: 0xa4},
+	{value: 0x0008, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xbf},
+	// Block 0x1c, offset 0x12b
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x8c},
+	{value: 0x3308, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x3008, lo: 0x9a, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x1d, offset 0x139
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x86},
+	{value: 0x055d, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8c},
+	{value: 0x055d, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbb},
+	{value: 0xe105, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0x1e, offset 0x143
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0018, lo: 0x80, hi: 0xbf},
+	// Block 0x1f, offset 0x145
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa0},
+	{value: 0x2018, lo: 0xa1, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x20, offset 0x14a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa7},
+	{value: 0x2018, lo: 0xa8, hi: 0xbf},
+	// Block 0x21, offset 0x14d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x2018, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0xbf},
+	// Block 0x22, offset 0x150
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0008, lo: 0x80, hi: 0xbf},
+	// Block 0x23, offset 0x152
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x24, offset 0x15e
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x25, offset 0x169
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x26, offset 0x171
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x27, offset 0x177
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x28, offset 0x17d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x29, offset 0x182
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x2a, offset 0x187
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x2b, offset 0x18a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xbf},
+	// Block 0x2c, offset 0x18e
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x2d, offset 0x194
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0x2e, offset 0x199
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x3b08, lo: 0x94, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x2f, offset 0x1a5
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x30, offset 0x1af
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xb3},
+	{value: 0x3340, lo: 0xb4, hi: 0xb5},
+	{value: 0x3008, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x31, offset 0x1b5
+	{value: 0x0000, lo: 0x10},
+	{value: 0x3008, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x91},
+	{value: 0x3b08, lo: 0x92, hi: 0x92},
+	{value: 0x3308, lo: 0x93, hi: 0x93},
+	{value: 0x0018, lo: 0x94, hi: 0x96},
+	{value: 0x0008, lo: 0x97, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x32, offset 0x1c6
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x86},
+	{value: 0x0218, lo: 0x87, hi: 0x87},
+	{value: 0x0018, lo: 0x88, hi: 0x8a},
+	{value: 0x33c0, lo: 0x8b, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0208, lo: 0xa0, hi: 0xbf},
+	// Block 0x33, offset 0x1d0
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0208, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0x34, offset 0x1d3
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0208, lo: 0x87, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xa9},
+	{value: 0x0208, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x35, offset 0x1db
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0x36, offset 0x1de
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x37, offset 0x1eb
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x38, offset 0x1f3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x39, offset 0x1f7
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0028, lo: 0x9a, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xbf},
+	// Block 0x3a, offset 0x1fe
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x3308, lo: 0x97, hi: 0x98},
+	{value: 0x3008, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x3b, offset 0x206
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x94},
+	{value: 0x3008, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3b08, lo: 0xa0, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xac},
+	{value: 0x3008, lo: 0xad, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x3c, offset 0x216
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xbd},
+	{value: 0x3318, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x3d, offset 0x222
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0040, lo: 0x80, hi: 0xbf},
+	// Block 0x3e, offset 0x224
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3008, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbf},
+	// Block 0x3f, offset 0x22e
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x3808, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x40, offset 0x23a
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3808, lo: 0xaa, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xbf},
+	// Block 0x41, offset 0x246
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3008, lo: 0xaa, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3808, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbf},
+	// Block 0x42, offset 0x252
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x3008, lo: 0xa4, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbf},
+	// Block 0x43, offset 0x25a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x44, offset 0x25f
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0e29, lo: 0x80, hi: 0x80},
+	{value: 0x0e41, lo: 0x81, hi: 0x81},
+	{value: 0x0e59, lo: 0x82, hi: 0x82},
+	{value: 0x0e71, lo: 0x83, hi: 0x83},
+	{value: 0x0e89, lo: 0x84, hi: 0x85},
+	{value: 0x0ea1, lo: 0x86, hi: 0x86},
+	{value: 0x0eb9, lo: 0x87, hi: 0x87},
+	{value: 0x057d, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x059d, lo: 0x90, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbc},
+	{value: 0x059d, lo: 0xbd, hi: 0xbf},
+	// Block 0x45, offset 0x26c
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x92},
+	{value: 0x0018, lo: 0x93, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa8},
+	{value: 0x0008, lo: 0xa9, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x46, offset 0x27d
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0x47, offset 0x281
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x87},
+	{value: 0xe045, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0xe045, lo: 0x98, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0xe045, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbf},
+	// Block 0x48, offset 0x28c
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x3318, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbf},
+	// Block 0x49, offset 0x290
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x88},
+	{value: 0x24c1, lo: 0x89, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x4a, offset 0x299
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x24f1, lo: 0xac, hi: 0xac},
+	{value: 0x2529, lo: 0xad, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xae},
+	{value: 0x2579, lo: 0xaf, hi: 0xaf},
+	{value: 0x25b1, lo: 0xb0, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0x4b, offset 0x2a1
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x9f},
+	{value: 0x0080, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xad},
+	{value: 0x0080, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x4c, offset 0x2a7
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xa8},
+	{value: 0x09dd, lo: 0xa9, hi: 0xa9},
+	{value: 0x09fd, lo: 0xaa, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xbf},
+	// Block 0x4d, offset 0x2ac
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xbf},
+	// Block 0x4e, offset 0x2af
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x28c1, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0xbf},
+	// Block 0x4f, offset 0x2b3
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0e7e, lo: 0xb4, hi: 0xb4},
+	{value: 0x292a, lo: 0xb5, hi: 0xb5},
+	{value: 0x0e9e, lo: 0xb6, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x50, offset 0x2b9
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x9b},
+	{value: 0x2941, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0xbf},
+	// Block 0x51, offset 0x2bd
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x52, offset 0x2c1
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0xbf},
+	// Block 0x53, offset 0x2c5
+	{value: 0x0000, lo: 0x05},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x03f5, lo: 0x90, hi: 0x9f},
+	{value: 0x0ebd, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x54, offset 0x2cb
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x55, offset 0x2d3
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xae},
+	{value: 0xe075, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0x56, offset 0x2da
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x57, offset 0x2e5
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xbf},
+	// Block 0x58, offset 0x2ef
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x59, offset 0x2f3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0xbf},
+	// Block 0x5a, offset 0x2f6
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9e},
+	{value: 0x0ef5, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0x5b, offset 0x2fc
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb2},
+	{value: 0x0f15, lo: 0xb3, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x5c, offset 0x300
+	{value: 0x0020, lo: 0x01},
+	{value: 0x0f35, lo: 0x80, hi: 0xbf},
+	// Block 0x5d, offset 0x302
+	{value: 0x0020, lo: 0x02},
+	{value: 0x1735, lo: 0x80, hi: 0x8f},
+	{value: 0x1915, lo: 0x90, hi: 0xbf},
+	// Block 0x5e, offset 0x305
+	{value: 0x0020, lo: 0x01},
+	{value: 0x1f15, lo: 0x80, hi: 0xbf},
+	// Block 0x5f, offset 0x307
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x60, offset 0x30a
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9a},
+	{value: 0x29e2, lo: 0x9b, hi: 0x9b},
+	{value: 0x2a0a, lo: 0x9c, hi: 0x9c},
+	{value: 0x0008, lo: 0x9d, hi: 0x9e},
+	{value: 0x2a31, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xbf},
+	// Block 0x61, offset 0x314
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbe},
+	{value: 0x2a69, lo: 0xbf, hi: 0xbf},
+	// Block 0x62, offset 0x317
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0040, lo: 0x80, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xb0},
+	{value: 0x2a35, lo: 0xb1, hi: 0xb1},
+	{value: 0x2a55, lo: 0xb2, hi: 0xb2},
+	{value: 0x2a75, lo: 0xb3, hi: 0xb3},
+	{value: 0x2a95, lo: 0xb4, hi: 0xb4},
+	{value: 0x2a75, lo: 0xb5, hi: 0xb5},
+	{value: 0x2ab5, lo: 0xb6, hi: 0xb6},
+	{value: 0x2ad5, lo: 0xb7, hi: 0xb7},
+	{value: 0x2af5, lo: 0xb8, hi: 0xb9},
+	{value: 0x2b15, lo: 0xba, hi: 0xbb},
+	{value: 0x2b35, lo: 0xbc, hi: 0xbd},
+	{value: 0x2b15, lo: 0xbe, hi: 0xbf},
+	// Block 0x63, offset 0x326
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x64, offset 0x32a
+	{value: 0x0030, lo: 0x04},
+	{value: 0x2aa2, lo: 0x80, hi: 0x9d},
+	{value: 0x305a, lo: 0x9e, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x30a2, lo: 0xa0, hi: 0xbf},
+	// Block 0x65, offset 0x32f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x66, offset 0x332
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x67, offset 0x336
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x68, offset 0x33b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xbf},
+	// Block 0x69, offset 0x340
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb1},
+	{value: 0x0018, lo: 0xb2, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6a, offset 0x346
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0040, lo: 0x80, hi: 0x81},
+	{value: 0xe00d, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0x83},
+	{value: 0x03f5, lo: 0x84, hi: 0x84},
+	{value: 0x1329, lo: 0x85, hi: 0x85},
+	{value: 0x447d, lo: 0x86, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0xb6},
+	{value: 0x0008, lo: 0xb7, hi: 0xb7},
+	{value: 0x2009, lo: 0xb8, hi: 0xb8},
+	{value: 0x6e89, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xbf},
+	// Block 0x6b, offset 0x352
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x3308, lo: 0x8b, hi: 0x8b},
+	{value: 0x0008, lo: 0x8c, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x6c, offset 0x361
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0208, lo: 0x80, hi: 0xb1},
+	{value: 0x0108, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6d, offset 0x367
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xbf},
+	// Block 0x6e, offset 0x36b
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3008, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xba},
+	{value: 0x0008, lo: 0xbb, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x6f, offset 0x37a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x70, offset 0x37f
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x91},
+	{value: 0x3008, lo: 0x92, hi: 0x92},
+	{value: 0x3808, lo: 0x93, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x71, offset 0x387
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb9},
+	{value: 0x3008, lo: 0xba, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x72, offset 0x391
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x73, offset 0x39c
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x74, offset 0x3a4
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8c},
+	{value: 0x3008, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0008, lo: 0xbe, hi: 0xbf},
+	// Block 0x75, offset 0x3b5
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x76, offset 0x3be
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x9a},
+	{value: 0x0008, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3b08, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x77, offset 0x3ce
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x90},
+	{value: 0x0008, lo: 0x91, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x78, offset 0x3db
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x449d, lo: 0x9c, hi: 0x9c},
+	{value: 0x44b5, lo: 0x9d, hi: 0x9d},
+	{value: 0x2971, lo: 0x9e, hi: 0x9e},
+	{value: 0xe06d, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x44cd, lo: 0xb0, hi: 0xbf},
+	// Block 0x79, offset 0x3e5
+	{value: 0x0000, lo: 0x04},
+	{value: 0x44ed, lo: 0x80, hi: 0x8f},
+	{value: 0x450d, lo: 0x90, hi: 0x9f},
+	{value: 0x452d, lo: 0xa0, hi: 0xaf},
+	{value: 0x450d, lo: 0xb0, hi: 0xbf},
+	// Block 0x7a, offset 0x3ea
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3b08, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x7b, offset 0x3f7
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x7c, offset 0x3fb
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x7d, offset 0x400
+	{value: 0x0020, lo: 0x01},
+	{value: 0x454d, lo: 0x80, hi: 0xbf},
+	// Block 0x7e, offset 0x402
+	{value: 0x0020, lo: 0x03},
+	{value: 0x4d4d, lo: 0x80, hi: 0x94},
+	{value: 0x4b0d, lo: 0x95, hi: 0x95},
+	{value: 0x4fed, lo: 0x96, hi: 0xbf},
+	// Block 0x7f, offset 0x406
+	{value: 0x0020, lo: 0x01},
+	{value: 0x552d, lo: 0x80, hi: 0xbf},
+	// Block 0x80, offset 0x408
+	{value: 0x0020, lo: 0x03},
+	{value: 0x5d2d, lo: 0x80, hi: 0x84},
+	{value: 0x568d, lo: 0x85, hi: 0x85},
+	{value: 0x5dcd, lo: 0x86, hi: 0xbf},
+	// Block 0x81, offset 0x40c
+	{value: 0x0020, lo: 0x08},
+	{value: 0x6b8d, lo: 0x80, hi: 0x8f},
+	{value: 0x6d4d, lo: 0x90, hi: 0x90},
+	{value: 0x6d8d, lo: 0x91, hi: 0xab},
+	{value: 0x6ea1, lo: 0xac, hi: 0xac},
+	{value: 0x70ed, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x710d, lo: 0xb0, hi: 0xbf},
+	// Block 0x82, offset 0x415
+	{value: 0x0020, lo: 0x05},
+	{value: 0x730d, lo: 0x80, hi: 0xad},
+	{value: 0x656d, lo: 0xae, hi: 0xae},
+	{value: 0x78cd, lo: 0xaf, hi: 0xb5},
+	{value: 0x6f8d, lo: 0xb6, hi: 0xb6},
+	{value: 0x79ad, lo: 0xb7, hi: 0xbf},
+	// Block 0x83, offset 0x41b
+	{value: 0x0028, lo: 0x03},
+	{value: 0x7c21, lo: 0x80, hi: 0x82},
+	{value: 0x7be1, lo: 0x83, hi: 0x83},
+	{value: 0x7c99, lo: 0x84, hi: 0xbf},
+	// Block 0x84, offset 0x41f
+	{value: 0x0038, lo: 0x0f},
+	{value: 0x9db1, lo: 0x80, hi: 0x83},
+	{value: 0x9e59, lo: 0x84, hi: 0x85},
+	{value: 0x9e91, lo: 0x86, hi: 0x87},
+	{value: 0x9ec9, lo: 0x88, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0xa089, lo: 0x92, hi: 0x97},
+	{value: 0xa1a1, lo: 0x98, hi: 0x9c},
+	{value: 0xa281, lo: 0x9d, hi: 0xb3},
+	{value: 0x9d41, lo: 0xb4, hi: 0xb4},
+	{value: 0x9db1, lo: 0xb5, hi: 0xb5},
+	{value: 0xa789, lo: 0xb6, hi: 0xbb},
+	{value: 0xa869, lo: 0xbc, hi: 0xbc},
+	{value: 0xa7f9, lo: 0xbd, hi: 0xbd},
+	{value: 0xa8d9, lo: 0xbe, hi: 0xbf},
+	// Block 0x85, offset 0x42f
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x0008, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x86, offset 0x439
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0x87, offset 0x43e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x88, offset 0x441
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x89, offset 0x447
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x8a, offset 0x44e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x8b, offset 0x453
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x8c, offset 0x457
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x8d, offset 0x45d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xbf},
+	// Block 0x8e, offset 0x462
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x8f, offset 0x46b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x90, offset 0x470
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0xbf},
+	// Block 0x91, offset 0x476
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x97},
+	{value: 0x8b0d, lo: 0x98, hi: 0x9f},
+	{value: 0x8b25, lo: 0xa0, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xbf},
+	// Block 0x92, offset 0x47d
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x8b25, lo: 0xb0, hi: 0xb7},
+	{value: 0x8b0d, lo: 0xb8, hi: 0xbf},
+	// Block 0x93, offset 0x484
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x94, offset 0x48b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x95, offset 0x48f
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xae},
+	{value: 0x0018, lo: 0xaf, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x96, offset 0x494
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x97, offset 0x497
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xbf},
+	// Block 0x98, offset 0x49c
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0808, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0808, lo: 0x8a, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb6},
+	{value: 0x0808, lo: 0xb7, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbb},
+	{value: 0x0808, lo: 0xbc, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x0808, lo: 0xbf, hi: 0xbf},
+	// Block 0x99, offset 0x4a8
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x96},
+	{value: 0x0818, lo: 0x97, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb6},
+	{value: 0x0818, lo: 0xb7, hi: 0xbf},
+	// Block 0x9a, offset 0x4ae
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa6},
+	{value: 0x0818, lo: 0xa7, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x9b, offset 0x4b3
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xba},
+	{value: 0x0818, lo: 0xbb, hi: 0xbf},
+	// Block 0x9c, offset 0x4ba
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0818, lo: 0x96, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbe},
+	{value: 0x0818, lo: 0xbf, hi: 0xbf},
+	// Block 0x9d, offset 0x4c2
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbb},
+	{value: 0x0818, lo: 0xbc, hi: 0xbd},
+	{value: 0x0808, lo: 0xbe, hi: 0xbf},
+	// Block 0x9e, offset 0x4c7
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0818, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x0818, lo: 0x92, hi: 0xbf},
+	// Block 0x9f, offset 0x4cb
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0808, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x94},
+	{value: 0x0808, lo: 0x95, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0x98},
+	{value: 0x0808, lo: 0x99, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xa0, offset 0x4db
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0818, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x0818, lo: 0x90, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xbc},
+	{value: 0x0818, lo: 0xbd, hi: 0xbf},
+	// Block 0xa1, offset 0x4e2
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0x9c},
+	{value: 0x0818, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xa2, offset 0x4e6
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb8},
+	{value: 0x0018, lo: 0xb9, hi: 0xbf},
+	// Block 0xa3, offset 0x4ea
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0818, lo: 0x98, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb7},
+	{value: 0x0818, lo: 0xb8, hi: 0xbf},
+	// Block 0xa4, offset 0x4f1
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0808, lo: 0x80, hi: 0xbf},
+	// Block 0xa5, offset 0x4f3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0808, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0xa6, offset 0x4f6
+	{value: 0x0000, lo: 0x02},
+	{value: 0x03dd, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xa7, offset 0x4f9
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xbf},
+	// Block 0xa8, offset 0x4fd
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0908, lo: 0x80, hi: 0x80},
+	{value: 0x0a08, lo: 0x81, hi: 0xa1},
+	{value: 0x0c08, lo: 0xa2, hi: 0xa2},
+	{value: 0x0a08, lo: 0xa3, hi: 0xa3},
+	{value: 0x3308, lo: 0xa4, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0808, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xa9, offset 0x506
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0818, lo: 0xa0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xaa, offset 0x50a
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x9c},
+	{value: 0x0818, lo: 0x9d, hi: 0xa6},
+	{value: 0x0808, lo: 0xa7, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0a08, lo: 0xb0, hi: 0xb2},
+	{value: 0x0c08, lo: 0xb3, hi: 0xb3},
+	{value: 0x0a08, lo: 0xb4, hi: 0xbf},
+	// Block 0xab, offset 0x512
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0a08, lo: 0x80, hi: 0x84},
+	{value: 0x0808, lo: 0x85, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x90},
+	{value: 0x0a18, lo: 0x91, hi: 0x93},
+	{value: 0x0c18, lo: 0x94, hi: 0x94},
+	{value: 0x0818, lo: 0x95, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xac, offset 0x51a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xad, offset 0x51e
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xae, offset 0x524
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x91},
+	{value: 0x0018, lo: 0x92, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xaf, offset 0x52d
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0xb0, offset 0x539
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xb1, offset 0x540
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb2},
+	{value: 0x3b08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xbf},
+	// Block 0xb2, offset 0x549
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x3008, lo: 0x85, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xb3, offset 0x553
+	{value: 0x0000, lo: 0x06},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xbe},
+	{value: 0x3008, lo: 0xbf, hi: 0xbf},
+	// Block 0xb4, offset 0x55a
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xb5, offset 0x568
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3808, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xb6, offset 0x575
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0008, lo: 0x9f, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xb7, offset 0x582
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x3308, lo: 0x9f, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa9},
+	{value: 0x3b08, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xb8, offset 0x58b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xb9, offset 0x58f
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x84},
+	{value: 0x3008, lo: 0x85, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9d},
+	{value: 0x3308, lo: 0x9e, hi: 0x9e},
+	{value: 0x0008, lo: 0x9f, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xba, offset 0x59f
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xbb, offset 0x5a7
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x85},
+	{value: 0x0018, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xbc, offset 0x5b2
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xbd, offset 0x5bb
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9b},
+	{value: 0x3308, lo: 0x9c, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0xbe, offset 0x5c1
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xbf, offset 0x5c9
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xc0, offset 0x5d2
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb5},
+	{value: 0x3808, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xc1, offset 0x5dd
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0xbf},
+	// Block 0xc2, offset 0x5e0
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbf},
+	// Block 0xc3, offset 0x5ec
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0xc4, offset 0x5f5
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xbf},
+	// Block 0xc5, offset 0x5f8
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0xc6, offset 0x5fd
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xbf},
+	// Block 0xc7, offset 0x602
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x3008, lo: 0x91, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0x99},
+	{value: 0x3308, lo: 0x9a, hi: 0x9b},
+	{value: 0x3008, lo: 0x9c, hi: 0x9f},
+	{value: 0x3b08, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xa1},
+	{value: 0x0018, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xa3},
+	{value: 0x3008, lo: 0xa4, hi: 0xa4},
+	{value: 0x0040, lo: 0xa5, hi: 0xbf},
+	// Block 0xc8, offset 0x60f
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0xc9, offset 0x61a
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x3b08, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0xbf},
+	// Block 0xca, offset 0x623
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x3308, lo: 0x8a, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x98},
+	{value: 0x3b08, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9c},
+	{value: 0x0008, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xa2},
+	{value: 0x0040, lo: 0xa3, hi: 0xbf},
+	// Block 0xcb, offset 0x62d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xcc, offset 0x630
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xcd, offset 0x63a
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xbf},
+	// Block 0xce, offset 0x643
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xa9},
+	{value: 0x3308, lo: 0xaa, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xcf, offset 0x64f
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xd0, offset 0x65c
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xbf},
+	// Block 0xd1, offset 0x669
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x3008, lo: 0x8a, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x92},
+	{value: 0x3008, lo: 0x93, hi: 0x94},
+	{value: 0x3308, lo: 0x95, hi: 0x95},
+	{value: 0x3008, lo: 0x96, hi: 0x96},
+	{value: 0x3b08, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xbf},
+	// Block 0xd2, offset 0x677
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xd3, offset 0x67e
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0xd4, offset 0x682
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xd5, offset 0x685
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xd6, offset 0x68a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0xbf},
+	// Block 0xd7, offset 0x68d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0340, lo: 0xb0, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xd8, offset 0x692
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0xbf},
+	// Block 0xd9, offset 0x695
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xda, offset 0x69c
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xdb, offset 0x6a3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0xdc, offset 0x6a7
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0xdd, offset 0x6b2
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0xbf},
+	// Block 0xde, offset 0x6b5
+	{value: 0x0000, lo: 0x02},
+	{value: 0xe105, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0xdf, offset 0x6b8
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0xbf},
+	// Block 0xe0, offset 0x6bb
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8e},
+	{value: 0x3308, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3008, lo: 0x91, hi: 0xbf},
+	// Block 0xe1, offset 0x6c1
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3008, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8e},
+	{value: 0x3308, lo: 0x8f, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xe2, offset 0x6c7
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa1},
+	{value: 0x0018, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xbf},
+	// Block 0xe3, offset 0x6cd
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0xe4, offset 0x6d0
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xe5, offset 0x6d3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xbf},
+	// Block 0xe6, offset 0x6d6
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x92},
+	{value: 0x0040, lo: 0x93, hi: 0xa3},
+	{value: 0x0008, lo: 0xa4, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xe7, offset 0x6dd
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0xe8, offset 0x6e0
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0xe9, offset 0x6e5
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x03c0, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xbf},
+	// Block 0xea, offset 0x6ef
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xeb, offset 0x6f2
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xbf},
+	// Block 0xec, offset 0x6f6
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0018, lo: 0x80, hi: 0x9d},
+	{value: 0xb5b9, lo: 0x9e, hi: 0x9e},
+	{value: 0xb601, lo: 0x9f, hi: 0x9f},
+	{value: 0xb649, lo: 0xa0, hi: 0xa0},
+	{value: 0xb6b1, lo: 0xa1, hi: 0xa1},
+	{value: 0xb719, lo: 0xa2, hi: 0xa2},
+	{value: 0xb781, lo: 0xa3, hi: 0xa3},
+	{value: 0xb7e9, lo: 0xa4, hi: 0xa4},
+	{value: 0x3018, lo: 0xa5, hi: 0xa6},
+	{value: 0x3318, lo: 0xa7, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xac},
+	{value: 0x3018, lo: 0xad, hi: 0xb2},
+	{value: 0x0340, lo: 0xb3, hi: 0xba},
+	{value: 0x3318, lo: 0xbb, hi: 0xbf},
+	// Block 0xed, offset 0x705
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3318, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0x84},
+	{value: 0x3318, lo: 0x85, hi: 0x8b},
+	{value: 0x0018, lo: 0x8c, hi: 0xa9},
+	{value: 0x3318, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xba},
+	{value: 0xb851, lo: 0xbb, hi: 0xbb},
+	{value: 0xb899, lo: 0xbc, hi: 0xbc},
+	{value: 0xb8e1, lo: 0xbd, hi: 0xbd},
+	{value: 0xb949, lo: 0xbe, hi: 0xbe},
+	{value: 0xb9b1, lo: 0xbf, hi: 0xbf},
+	// Block 0xee, offset 0x711
+	{value: 0x0000, lo: 0x03},
+	{value: 0xba19, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xbf},
+	// Block 0xef, offset 0x715
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x3318, lo: 0x82, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0xbf},
+	// Block 0xf0, offset 0x71a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0xf1, offset 0x71e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xf2, offset 0x723
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0xf3, offset 0x727
+	{value: 0x0000, lo: 0x04},
+	{value: 0x3308, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0xf4, offset 0x72c
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x3308, lo: 0xa1, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xf5, offset 0x735
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa4},
+	{value: 0x0040, lo: 0xa5, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xbf},
+	// Block 0xf6, offset 0x740
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0008, lo: 0xb7, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0xf7, offset 0x746
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x8e},
+	{value: 0x0018, lo: 0x8f, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0xbf},
+	// Block 0xf8, offset 0x74c
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0xf9, offset 0x752
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x86},
+	{value: 0x0818, lo: 0x87, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0xfa, offset 0x758
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0a08, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x8a},
+	{value: 0x0b08, lo: 0x8b, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0818, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xfb, offset 0x761
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xb0},
+	{value: 0x0818, lo: 0xb1, hi: 0xbf},
+	// Block 0xfc, offset 0x764
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0818, lo: 0x80, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xfd, offset 0x767
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0818, lo: 0x81, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0xfe, offset 0x76b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xff, offset 0x76f
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x100, offset 0x773
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0x101, offset 0x779
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0x102, offset 0x77f
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8f},
+	{value: 0xc1d9, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0x103, offset 0x784
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xbf},
+	// Block 0x104, offset 0x787
+	{value: 0x0000, lo: 0x0f},
+	{value: 0xc801, lo: 0x80, hi: 0x80},
+	{value: 0xc851, lo: 0x81, hi: 0x81},
+	{value: 0xc8a1, lo: 0x82, hi: 0x82},
+	{value: 0xc8f1, lo: 0x83, hi: 0x83},
+	{value: 0xc941, lo: 0x84, hi: 0x84},
+	{value: 0xc991, lo: 0x85, hi: 0x85},
+	{value: 0xc9e1, lo: 0x86, hi: 0x86},
+	{value: 0xca31, lo: 0x87, hi: 0x87},
+	{value: 0xca81, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0xcad1, lo: 0x90, hi: 0x90},
+	{value: 0xcaf1, lo: 0x91, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xbf},
+	// Block 0x105, offset 0x797
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x106, offset 0x79e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x107, offset 0x7a1
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xbf},
+	// Block 0x108, offset 0x7a6
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x109, offset 0x7aa
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0x10a, offset 0x7b0
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xbf},
+	// Block 0x10b, offset 0x7b5
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0xbf},
+	// Block 0x10c, offset 0x7b9
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xb2},
+	{value: 0x0018, lo: 0xb3, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbf},
+	// Block 0x10d, offset 0x7bf
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0xa2},
+	{value: 0x0040, lo: 0xa3, hi: 0xa4},
+	{value: 0x0018, lo: 0xa5, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xbf},
+	// Block 0x10e, offset 0x7c5
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0xbf},
+	// Block 0x10f, offset 0x7c9
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x110, offset 0x7d2
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0xbf},
+	// Block 0x111, offset 0x7d7
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0x112, offset 0x7da
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x113, offset 0x7dd
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x114, offset 0x7e1
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x115, offset 0x7e5
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x116, offset 0x7e8
+	{value: 0x0020, lo: 0x0f},
+	{value: 0xded1, lo: 0x80, hi: 0x89},
+	{value: 0x8e35, lo: 0x8a, hi: 0x8a},
+	{value: 0xe011, lo: 0x8b, hi: 0x9c},
+	{value: 0x8e55, lo: 0x9d, hi: 0x9d},
+	{value: 0xe251, lo: 0x9e, hi: 0xa2},
+	{value: 0x8e75, lo: 0xa3, hi: 0xa3},
+	{value: 0xe2f1, lo: 0xa4, hi: 0xab},
+	{value: 0x7f0d, lo: 0xac, hi: 0xac},
+	{value: 0xe3f1, lo: 0xad, hi: 0xaf},
+	{value: 0x8e95, lo: 0xb0, hi: 0xb0},
+	{value: 0xe451, lo: 0xb1, hi: 0xb6},
+	{value: 0x8eb5, lo: 0xb7, hi: 0xb9},
+	{value: 0xe511, lo: 0xba, hi: 0xba},
+	{value: 0x8f15, lo: 0xbb, hi: 0xbb},
+	{value: 0xe531, lo: 0xbc, hi: 0xbf},
+	// Block 0x117, offset 0x7f8
+	{value: 0x0020, lo: 0x10},
+	{value: 0x93b5, lo: 0x80, hi: 0x80},
+	{value: 0xf0b1, lo: 0x81, hi: 0x86},
+	{value: 0x93d5, lo: 0x87, hi: 0x8a},
+	{value: 0xda11, lo: 0x8b, hi: 0x8b},
+	{value: 0xf171, lo: 0x8c, hi: 0x96},
+	{value: 0x9455, lo: 0x97, hi: 0x97},
+	{value: 0xf2d1, lo: 0x98, hi: 0xa3},
+	{value: 0x9475, lo: 0xa4, hi: 0xa6},
+	{value: 0xf451, lo: 0xa7, hi: 0xaa},
+	{value: 0x94d5, lo: 0xab, hi: 0xab},
+	{value: 0xf4d1, lo: 0xac, hi: 0xac},
+	{value: 0x94f5, lo: 0xad, hi: 0xad},
+	{value: 0xf4f1, lo: 0xae, hi: 0xaf},
+	{value: 0x9515, lo: 0xb0, hi: 0xb1},
+	{value: 0xf531, lo: 0xb2, hi: 0xbe},
+	{value: 0x2040, lo: 0xbf, hi: 0xbf},
+	// Block 0x118, offset 0x809
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0340, lo: 0x81, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x9f},
+	{value: 0x0340, lo: 0xa0, hi: 0xbf},
+	// Block 0x119, offset 0x80e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0340, lo: 0x80, hi: 0xbf},
+	// Block 0x11a, offset 0x810
+	{value: 0x0000, lo: 0x01},
+	{value: 0x33c0, lo: 0x80, hi: 0xbf},
+	// Block 0x11b, offset 0x812
+	{value: 0x0000, lo: 0x02},
+	{value: 0x33c0, lo: 0x80, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+}
+
+// Total table size 42780 bytes (41KiB); checksum: 29936AB9
diff --git a/vendor/golang.org/x/net/idna/tables13.0.0.go b/vendor/golang.org/x/net/idna/tables13.0.0.go
new file mode 100644
index 0000000000000..390c5e56d2a4e
--- /dev/null
+++ b/vendor/golang.org/x/net/idna/tables13.0.0.go
@@ -0,0 +1,4840 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+//go:build go1.16
+// +build go1.16
+
+package idna
+
+// UnicodeVersion is the Unicode version from which the tables in this package are derived.
+const UnicodeVersion = "13.0.0"
+
+var mappings string = "" + // Size: 8188 bytes
+	"\x00\x01 \x03 ̈\x01a\x03 ̄\x012\x013\x03 ́\x03 ̧\x011\x01o\x051⁄4\x051⁄2" +
+	"\x053⁄4\x03i̇\x03l·\x03ʼn\x01s\x03dž\x03ⱥ\x03ⱦ\x01h\x01j\x01r\x01w\x01y" +
+	"\x03 ̆\x03 ̇\x03 ̊\x03 ̨\x03 ̃\x03 ̋\x01l\x01x\x04̈́\x03 ι\x01;\x05 ̈́" +
+	"\x04եւ\x04اٴ\x04وٴ\x04ۇٴ\x04يٴ\x06क़\x06ख़\x06ग़\x06ज़\x06ड़\x06ढ़\x06फ़" +
+	"\x06य़\x06ড়\x06ঢ়\x06য়\x06ਲ਼\x06ਸ਼\x06ਖ਼\x06ਗ਼\x06ਜ਼\x06ਫ਼\x06ଡ଼\x06ଢ଼" +
+	"\x06ํา\x06ໍາ\x06ຫນ\x06ຫມ\x06གྷ\x06ཌྷ\x06དྷ\x06བྷ\x06ཛྷ\x06ཀྵ\x06ཱི\x06ཱུ" +
+	"\x06ྲྀ\x09ྲཱྀ\x06ླྀ\x09ླཱྀ\x06ཱྀ\x06ྒྷ\x06ྜྷ\x06ྡྷ\x06ྦྷ\x06ྫྷ\x06ྐྵ\x02" +
+	"в\x02д\x02о\x02с\x02т\x02ъ\x02ѣ\x02æ\x01b\x01d\x01e\x02ǝ\x01g\x01i\x01k" +
+	"\x01m\x01n\x02ȣ\x01p\x01t\x01u\x02ɐ\x02ɑ\x02ə\x02ɛ\x02ɜ\x02ŋ\x02ɔ\x02ɯ" +
+	"\x01v\x02β\x02γ\x02δ\x02φ\x02χ\x02ρ\x02н\x02ɒ\x01c\x02ɕ\x02ð\x01f\x02ɟ" +
+	"\x02ɡ\x02ɥ\x02ɨ\x02ɩ\x02ɪ\x02ʝ\x02ɭ\x02ʟ\x02ɱ\x02ɰ\x02ɲ\x02ɳ\x02ɴ\x02ɵ" +
+	"\x02ɸ\x02ʂ\x02ʃ\x02ƫ\x02ʉ\x02ʊ\x02ʋ\x02ʌ\x01z\x02ʐ\x02ʑ\x02ʒ\x02θ\x02ss" +
+	"\x02ά\x02έ\x02ή\x02ί\x02ό\x02ύ\x02ώ\x05ἀι\x05ἁι\x05ἂι\x05ἃι\x05ἄι\x05ἅι" +
+	"\x05ἆι\x05ἇι\x05ἠι\x05ἡι\x05ἢι\x05ἣι\x05ἤι\x05ἥι\x05ἦι\x05ἧι\x05ὠι\x05ὡι" +
+	"\x05ὢι\x05ὣι\x05ὤι\x05ὥι\x05ὦι\x05ὧι\x05ὰι\x04αι\x04άι\x05ᾶι\x02ι\x05 ̈͂" +
+	"\x05ὴι\x04ηι\x04ήι\x05ῆι\x05 ̓̀\x05 ̓́\x05 ̓͂\x02ΐ\x05 ̔̀\x05 ̔́\x05 ̔͂" +
+	"\x02ΰ\x05 ̈̀\x01`\x05ὼι\x04ωι\x04ώι\x05ῶι\x06′′\x09′′′\x06‵‵\x09‵‵‵\x02!" +
+	"!\x02??\x02?!\x02!?\x0c′′′′\x010\x014\x015\x016\x017\x018\x019\x01+\x01=" +
+	"\x01(\x01)\x02rs\x02ħ\x02no\x01q\x02sm\x02tm\x02ω\x02å\x02א\x02ב\x02ג" +
+	"\x02ד\x02π\x051⁄7\x051⁄9\x061⁄10\x051⁄3\x052⁄3\x051⁄5\x052⁄5\x053⁄5\x054" +
+	"⁄5\x051⁄6\x055⁄6\x051⁄8\x053⁄8\x055⁄8\x057⁄8\x041⁄\x02ii\x02iv\x02vi" +
+	"\x04viii\x02ix\x02xi\x050⁄3\x06∫∫\x09∫∫∫\x06∮∮\x09∮∮∮\x0210\x0211\x0212" +
+	"\x0213\x0214\x0215\x0216\x0217\x0218\x0219\x0220\x04(10)\x04(11)\x04(12)" +
+	"\x04(13)\x04(14)\x04(15)\x04(16)\x04(17)\x04(18)\x04(19)\x04(20)\x0c∫∫∫∫" +
+	"\x02==\x05⫝̸\x02ɫ\x02ɽ\x02ȿ\x02ɀ\x01.\x04 ゙\x04 ゚\x06より\x06コト\x05(ᄀ)\x05" +
+	"(ᄂ)\x05(ᄃ)\x05(ᄅ)\x05(ᄆ)\x05(ᄇ)\x05(ᄉ)\x05(ᄋ)\x05(ᄌ)\x05(ᄎ)\x05(ᄏ)\x05(ᄐ" +
+	")\x05(ᄑ)\x05(ᄒ)\x05(가)\x05(나)\x05(다)\x05(라)\x05(마)\x05(바)\x05(사)\x05(아)" +
+	"\x05(자)\x05(차)\x05(카)\x05(타)\x05(파)\x05(하)\x05(주)\x08(오전)\x08(오후)\x05(一)" +
+	"\x05(二)\x05(三)\x05(四)\x05(五)\x05(六)\x05(七)\x05(八)\x05(九)\x05(十)\x05(月)" +
+	"\x05(火)\x05(水)\x05(木)\x05(金)\x05(土)\x05(日)\x05(株)\x05(有)\x05(社)\x05(名)" +
+	"\x05(特)\x05(財)\x05(祝)\x05(労)\x05(代)\x05(呼)\x05(学)\x05(監)\x05(企)\x05(資)" +
+	"\x05(協)\x05(祭)\x05(休)\x05(自)\x05(至)\x0221\x0222\x0223\x0224\x0225\x0226" +
+	"\x0227\x0228\x0229\x0230\x0231\x0232\x0233\x0234\x0235\x06참고\x06주의\x0236" +
+	"\x0237\x0238\x0239\x0240\x0241\x0242\x0243\x0244\x0245\x0246\x0247\x0248" +
+	"\x0249\x0250\x041月\x042月\x043月\x044月\x045月\x046月\x047月\x048月\x049月\x0510" +
+	"月\x0511月\x0512月\x02hg\x02ev\x06令和\x0cアパート\x0cアルファ\x0cアンペア\x09アール\x0cイニ" +
+	"ング\x09インチ\x09ウォン\x0fエスクード\x0cエーカー\x09オンス\x09オーム\x09カイリ\x0cカラット\x0cカロリー" +
+	"\x09ガロン\x09ガンマ\x06ギガ\x09ギニー\x0cキュリー\x0cギルダー\x06キロ\x0fキログラム\x12キロメートル\x0f" +
+	"キロワット\x09グラム\x0fグラムトン\x0fクルゼイロ\x0cクローネ\x09ケース\x09コルナ\x09コーポ\x0cサイクル" +
+	"\x0fサンチーム\x0cシリング\x09センチ\x09セント\x09ダース\x06デシ\x06ドル\x06トン\x06ナノ\x09ノット" +
+	"\x09ハイツ\x0fパーセント\x09パーツ\x0cバーレル\x0fピアストル\x09ピクル\x06ピコ\x06ビル\x0fファラッド\x0c" +
+	"フィート\x0fブッシェル\x09フラン\x0fヘクタール\x06ペソ\x09ペニヒ\x09ヘルツ\x09ペンス\x09ページ\x09ベータ" +
+	"\x0cポイント\x09ボルト\x06ホン\x09ポンド\x09ホール\x09ホーン\x0cマイクロ\x09マイル\x09マッハ\x09マルク" +
+	"\x0fマンション\x0cミクロン\x06ミリ\x0fミリバール\x06メガ\x0cメガトン\x0cメートル\x09ヤード\x09ヤール\x09" +
+	"ユアン\x0cリットル\x06リラ\x09ルピー\x0cルーブル\x06レム\x0fレントゲン\x09ワット\x040点\x041点\x04" +
+	"2点\x043点\x044点\x045点\x046点\x047点\x048点\x049点\x0510点\x0511点\x0512点\x0513点" +
+	"\x0514点\x0515点\x0516点\x0517点\x0518点\x0519点\x0520点\x0521点\x0522点\x0523点" +
+	"\x0524点\x02da\x02au\x02ov\x02pc\x02dm\x02iu\x06平成\x06昭和\x06大正\x06明治\x0c株" +
+	"式会社\x02pa\x02na\x02ma\x02ka\x02kb\x02mb\x02gb\x04kcal\x02pf\x02nf\x02m" +
+	"g\x02kg\x02hz\x02ml\x02dl\x02kl\x02fm\x02nm\x02mm\x02cm\x02km\x02m2\x02m" +
+	"3\x05m∕s\x06m∕s2\x07rad∕s\x08rad∕s2\x02ps\x02ns\x02ms\x02pv\x02nv\x02mv" +
+	"\x02kv\x02pw\x02nw\x02mw\x02kw\x02bq\x02cc\x02cd\x06c∕kg\x02db\x02gy\x02" +
+	"ha\x02hp\x02in\x02kk\x02kt\x02lm\x02ln\x02lx\x02ph\x02pr\x02sr\x02sv\x02" +
+	"wb\x05v∕m\x05a∕m\x041日\x042日\x043日\x044日\x045日\x046日\x047日\x048日\x049日" +
+	"\x0510日\x0511日\x0512日\x0513日\x0514日\x0515日\x0516日\x0517日\x0518日\x0519日" +
+	"\x0520日\x0521日\x0522日\x0523日\x0524日\x0525日\x0526日\x0527日\x0528日\x0529日" +
+	"\x0530日\x0531日\x02ь\x02ɦ\x02ɬ\x02ʞ\x02ʇ\x02œ\x02ʍ\x04𤋮\x04𢡊\x04𢡄\x04𣏕" +
+	"\x04𥉉\x04𥳐\x04𧻓\x02ff\x02fi\x02fl\x02st\x04մն\x04մե\x04մի\x04վն\x04մխ" +
+	"\x04יִ\x04ײַ\x02ע\x02ה\x02כ\x02ל\x02ם\x02ר\x02ת\x04שׁ\x04שׂ\x06שּׁ\x06שּ" +
+	"ׂ\x04אַ\x04אָ\x04אּ\x04בּ\x04גּ\x04דּ\x04הּ\x04וּ\x04זּ\x04טּ\x04יּ\x04" +
+	"ךּ\x04כּ\x04לּ\x04מּ\x04נּ\x04סּ\x04ףּ\x04פּ\x04צּ\x04קּ\x04רּ\x04שּ" +
+	"\x04תּ\x04וֹ\x04בֿ\x04כֿ\x04פֿ\x04אל\x02ٱ\x02ٻ\x02پ\x02ڀ\x02ٺ\x02ٿ\x02ٹ" +
+	"\x02ڤ\x02ڦ\x02ڄ\x02ڃ\x02چ\x02ڇ\x02ڍ\x02ڌ\x02ڎ\x02ڈ\x02ژ\x02ڑ\x02ک\x02گ" +
+	"\x02ڳ\x02ڱ\x02ں\x02ڻ\x02ۀ\x02ہ\x02ھ\x02ے\x02ۓ\x02ڭ\x02ۇ\x02ۆ\x02ۈ\x02ۋ" +
+	"\x02ۅ\x02ۉ\x02ې\x02ى\x04ئا\x04ئە\x04ئو\x04ئۇ\x04ئۆ\x04ئۈ\x04ئې\x04ئى\x02" +
+	"ی\x04ئج\x04ئح\x04ئم\x04ئي\x04بج\x04بح\x04بخ\x04بم\x04بى\x04بي\x04تج\x04" +
+	"تح\x04تخ\x04تم\x04تى\x04تي\x04ثج\x04ثم\x04ثى\x04ثي\x04جح\x04جم\x04حج" +
+	"\x04حم\x04خج\x04خح\x04خم\x04سج\x04سح\x04سخ\x04سم\x04صح\x04صم\x04ضج\x04ضح" +
+	"\x04ضخ\x04ضم\x04طح\x04طم\x04ظم\x04عج\x04عم\x04غج\x04غم\x04فج\x04فح\x04فخ" +
+	"\x04فم\x04فى\x04في\x04قح\x04قم\x04قى\x04قي\x04كا\x04كج\x04كح\x04كخ\x04كل" +
+	"\x04كم\x04كى\x04كي\x04لج\x04لح\x04لخ\x04لم\x04لى\x04لي\x04مج\x04مح\x04مخ" +
+	"\x04مم\x04مى\x04مي\x04نج\x04نح\x04نخ\x04نم\x04نى\x04ني\x04هج\x04هم\x04هى" +
+	"\x04هي\x04يج\x04يح\x04يخ\x04يم\x04يى\x04يي\x04ذٰ\x04رٰ\x04ىٰ\x05 ٌّ\x05 " +
+	"ٍّ\x05 َّ\x05 ُّ\x05 ِّ\x05 ّٰ\x04ئر\x04ئز\x04ئن\x04بر\x04بز\x04بن\x04ت" +
+	"ر\x04تز\x04تن\x04ثر\x04ثز\x04ثن\x04ما\x04نر\x04نز\x04نن\x04ير\x04يز\x04" +
+	"ين\x04ئخ\x04ئه\x04به\x04ته\x04صخ\x04له\x04نه\x04هٰ\x04يه\x04ثه\x04سه" +
+	"\x04شم\x04شه\x06ـَّ\x06ـُّ\x06ـِّ\x04طى\x04طي\x04عى\x04عي\x04غى\x04غي" +
+	"\x04سى\x04سي\x04شى\x04شي\x04حى\x04حي\x04جى\x04جي\x04خى\x04خي\x04صى\x04صي" +
+	"\x04ضى\x04ضي\x04شج\x04شح\x04شخ\x04شر\x04سر\x04صر\x04ضر\x04اً\x06تجم\x06ت" +
+	"حج\x06تحم\x06تخم\x06تمج\x06تمح\x06تمخ\x06جمح\x06حمي\x06حمى\x06سحج\x06سج" +
+	"ح\x06سجى\x06سمح\x06سمج\x06سمم\x06صحح\x06صمم\x06شحم\x06شجي\x06شمخ\x06شمم" +
+	"\x06ضحى\x06ضخم\x06طمح\x06طمم\x06طمي\x06عجم\x06عمم\x06عمى\x06غمم\x06غمي" +
+	"\x06غمى\x06فخم\x06قمح\x06قمم\x06لحم\x06لحي\x06لحى\x06لجج\x06لخم\x06لمح" +
+	"\x06محج\x06محم\x06محي\x06مجح\x06مجم\x06مخج\x06مخم\x06مجخ\x06همج\x06همم" +
+	"\x06نحم\x06نحى\x06نجم\x06نجى\x06نمي\x06نمى\x06يمم\x06بخي\x06تجي\x06تجى" +
+	"\x06تخي\x06تخى\x06تمي\x06تمى\x06جمي\x06جحى\x06جمى\x06سخى\x06صحي\x06شحي" +
+	"\x06ضحي\x06لجي\x06لمي\x06يحي\x06يجي\x06يمي\x06ممي\x06قمي\x06نحي\x06عمي" +
+	"\x06كمي\x06نجح\x06مخي\x06لجم\x06كمم\x06جحي\x06حجي\x06مجي\x06فمي\x06بحي" +
+	"\x06سخي\x06نجي\x06صلے\x06قلے\x08الله\x08اكبر\x08محمد\x08صلعم\x08رسول\x08" +
+	"عليه\x08وسلم\x06صلى!صلى الله عليه وسلم\x0fجل جلاله\x08ریال\x01,\x01:" +
+	"\x01!\x01?\x01_\x01{\x01}\x01[\x01]\x01#\x01&\x01*\x01-\x01<\x01>\x01\\" +
+	"\x01$\x01%\x01@\x04ـً\x04ـَ\x04ـُ\x04ـِ\x04ـّ\x04ـْ\x02ء\x02آ\x02أ\x02ؤ" +
+	"\x02إ\x02ئ\x02ا\x02ب\x02ة\x02ت\x02ث\x02ج\x02ح\x02خ\x02د\x02ذ\x02ر\x02ز" +
+	"\x02س\x02ش\x02ص\x02ض\x02ط\x02ظ\x02ع\x02غ\x02ف\x02ق\x02ك\x02ل\x02م\x02ن" +
+	"\x02ه\x02و\x02ي\x04لآ\x04لأ\x04لإ\x04لا\x01\x22\x01'\x01/\x01^\x01|\x01~" +
+	"\x02¢\x02£\x02¬\x02¦\x02¥\x08𝅗𝅥\x08𝅘𝅥\x0c𝅘𝅥𝅮\x0c𝅘𝅥𝅯\x0c𝅘𝅥𝅰\x0c𝅘𝅥𝅱\x0c𝅘𝅥𝅲" +
+	"\x08𝆹𝅥\x08𝆺𝅥\x0c𝆹𝅥𝅮\x0c𝆺𝅥𝅮\x0c𝆹𝅥𝅯\x0c𝆺𝅥𝅯\x02ı\x02ȷ\x02α\x02ε\x02ζ\x02η" +
+	"\x02κ\x02λ\x02μ\x02ν\x02ξ\x02ο\x02σ\x02τ\x02υ\x02ψ\x03∇\x03∂\x02ϝ\x02ٮ" +
+	"\x02ڡ\x02ٯ\x020,\x021,\x022,\x023,\x024,\x025,\x026,\x027,\x028,\x029," +
+	"\x03(a)\x03(b)\x03(c)\x03(d)\x03(e)\x03(f)\x03(g)\x03(h)\x03(i)\x03(j)" +
+	"\x03(k)\x03(l)\x03(m)\x03(n)\x03(o)\x03(p)\x03(q)\x03(r)\x03(s)\x03(t)" +
+	"\x03(u)\x03(v)\x03(w)\x03(x)\x03(y)\x03(z)\x07〔s〕\x02wz\x02hv\x02sd\x03p" +
+	"pv\x02wc\x02mc\x02md\x02mr\x02dj\x06ほか\x06ココ\x03サ\x03手\x03字\x03双\x03デ" +
+	"\x03二\x03多\x03解\x03天\x03交\x03映\x03無\x03料\x03前\x03後\x03再\x03新\x03初\x03終" +
+	"\x03生\x03販\x03声\x03吹\x03演\x03投\x03捕\x03一\x03三\x03遊\x03左\x03中\x03右\x03指" +
+	"\x03走\x03打\x03禁\x03空\x03合\x03満\x03有\x03月\x03申\x03割\x03営\x03配\x09〔本〕\x09〔" +
+	"三〕\x09〔二〕\x09〔安〕\x09〔点〕\x09〔打〕\x09〔盗〕\x09〔勝〕\x09〔敗〕\x03得\x03可\x03丽\x03" +
+	"丸\x03乁\x03你\x03侮\x03侻\x03倂\x03偺\x03備\x03僧\x03像\x03㒞\x03免\x03兔\x03兤\x03" +
+	"具\x03㒹\x03內\x03冗\x03冤\x03仌\x03冬\x03况\x03凵\x03刃\x03㓟\x03刻\x03剆\x03剷\x03" +
+	"㔕\x03勇\x03勉\x03勤\x03勺\x03包\x03匆\x03北\x03卉\x03卑\x03博\x03即\x03卽\x03卿\x03" +
+	"灰\x03及\x03叟\x03叫\x03叱\x03吆\x03咞\x03吸\x03呈\x03周\x03咢\x03哶\x03唐\x03啓\x03" +
+	"啣\x03善\x03喙\x03喫\x03喳\x03嗂\x03圖\x03嘆\x03圗\x03噑\x03噴\x03切\x03壮\x03城\x03" +
+	"埴\x03堍\x03型\x03堲\x03報\x03墬\x03売\x03壷\x03夆\x03夢\x03奢\x03姬\x03娛\x03娧\x03" +
+	"姘\x03婦\x03㛮\x03嬈\x03嬾\x03寃\x03寘\x03寧\x03寳\x03寿\x03将\x03尢\x03㞁\x03屠\x03" +
+	"屮\x03峀\x03岍\x03嵃\x03嵮\x03嵫\x03嵼\x03巡\x03巢\x03㠯\x03巽\x03帨\x03帽\x03幩\x03" +
+	"㡢\x03㡼\x03庰\x03庳\x03庶\x03廊\x03廾\x03舁\x03弢\x03㣇\x03形\x03彫\x03㣣\x03徚\x03" +
+	"忍\x03志\x03忹\x03悁\x03㤺\x03㤜\x03悔\x03惇\x03慈\x03慌\x03慎\x03慺\x03憎\x03憲\x03" +
+	"憤\x03憯\x03懞\x03懲\x03懶\x03成\x03戛\x03扝\x03抱\x03拔\x03捐\x03挽\x03拼\x03捨\x03" +
+	"掃\x03揤\x03搢\x03揅\x03掩\x03㨮\x03摩\x03摾\x03撝\x03摷\x03㩬\x03敏\x03敬\x03旣\x03" +
+	"書\x03晉\x03㬙\x03暑\x03㬈\x03㫤\x03冒\x03冕\x03最\x03暜\x03肭\x03䏙\x03朗\x03望\x03" +
+	"朡\x03杞\x03杓\x03㭉\x03柺\x03枅\x03桒\x03梅\x03梎\x03栟\x03椔\x03㮝\x03楂\x03榣\x03" +
+	"槪\x03檨\x03櫛\x03㰘\x03次\x03歔\x03㱎\x03歲\x03殟\x03殺\x03殻\x03汎\x03沿\x03泍\x03" +
+	"汧\x03洖\x03派\x03海\x03流\x03浩\x03浸\x03涅\x03洴\x03港\x03湮\x03㴳\x03滋\x03滇\x03" +
+	"淹\x03潮\x03濆\x03瀹\x03瀞\x03瀛\x03㶖\x03灊\x03災\x03灷\x03炭\x03煅\x03熜\x03爨\x03" +
+	"爵\x03牐\x03犀\x03犕\x03獺\x03王\x03㺬\x03玥\x03㺸\x03瑇\x03瑜\x03瑱\x03璅\x03瓊\x03" +
+	"㼛\x03甤\x03甾\x03異\x03瘐\x03㿼\x03䀈\x03直\x03眞\x03真\x03睊\x03䀹\x03瞋\x03䁆\x03" +
+	"䂖\x03硎\x03碌\x03磌\x03䃣\x03祖\x03福\x03秫\x03䄯\x03穀\x03穊\x03穏\x03䈂\x03篆\x03" +
+	"築\x03䈧\x03糒\x03䊠\x03糨\x03糣\x03紀\x03絣\x03䌁\x03緇\x03縂\x03繅\x03䌴\x03䍙\x03" +
+	"罺\x03羕\x03翺\x03者\x03聠\x03聰\x03䏕\x03育\x03脃\x03䐋\x03脾\x03媵\x03舄\x03辞\x03" +
+	"䑫\x03芑\x03芋\x03芝\x03劳\x03花\x03芳\x03芽\x03苦\x03若\x03茝\x03荣\x03莭\x03茣\x03" +
+	"莽\x03菧\x03著\x03荓\x03菊\x03菌\x03菜\x03䔫\x03蓱\x03蓳\x03蔖\x03蕤\x03䕝\x03䕡\x03" +
+	"䕫\x03虐\x03虜\x03虧\x03虩\x03蚩\x03蚈\x03蜎\x03蛢\x03蝹\x03蜨\x03蝫\x03螆\x03蟡\x03" +
+	"蠁\x03䗹\x03衠\x03衣\x03裗\x03裞\x03䘵\x03裺\x03㒻\x03䚾\x03䛇\x03誠\x03諭\x03變\x03" +
+	"豕\x03貫\x03賁\x03贛\x03起\x03跋\x03趼\x03跰\x03軔\x03輸\x03邔\x03郱\x03鄑\x03鄛\x03" +
+	"鈸\x03鋗\x03鋘\x03鉼\x03鏹\x03鐕\x03開\x03䦕\x03閷\x03䧦\x03雃\x03嶲\x03霣\x03䩮\x03" +
+	"䩶\x03韠\x03䪲\x03頋\x03頩\x03飢\x03䬳\x03餩\x03馧\x03駂\x03駾\x03䯎\x03鬒\x03鱀\x03" +
+	"鳽\x03䳎\x03䳭\x03鵧\x03䳸\x03麻\x03䵖\x03黹\x03黾\x03鼅\x03鼏\x03鼖\x03鼻"
+
+var xorData string = "" + // Size: 4862 bytes
+	"\x02\x0c\x09\x02\xb0\xec\x02\xad\xd8\x02\xad\xd9\x02\x06\x07\x02\x0f\x12" +
+	"\x02\x0f\x1f\x02\x0f\x1d\x02\x01\x13\x02\x0f\x16\x02\x0f\x0b\x02\x0f3" +
+	"\x02\x0f7\x02\x0f?\x02\x0f/\x02\x0f*\x02\x0c&\x02\x0c*\x02\x0c;\x02\x0c9" +
+	"\x02\x0c%\x02\xab\xed\x02\xab\xe2\x02\xab\xe3\x02\xa9\xe0\x02\xa9\xe1" +
+	"\x02\xa9\xe6\x02\xa3\xcb\x02\xa3\xc8\x02\xa3\xc9\x02\x01#\x02\x01\x08" +
+	"\x02\x0e>\x02\x0e'\x02\x0f\x03\x02\x03\x0d\x02\x03\x09\x02\x03\x17\x02" +
+	"\x03\x0e\x02\x02\x03\x02\x011\x02\x01\x00\x02\x01\x10\x02\x03<\x02\x07" +
+	"\x0d\x02\x02\x0c\x02\x0c0\x02\x01\x03\x02\x01\x01\x02\x01 \x02\x01\x22" +
+	"\x02\x01)\x02\x01\x0a\x02\x01\x0c\x02\x02\x06\x02\x02\x02\x02\x03\x10" +
+	"\x03\x037 \x03\x0b+\x03\x021\x00\x02\x01\x04\x02\x01\x02\x02\x019\x02" +
+	"\x03\x1c\x02\x02$\x03\x80p$\x02\x03:\x02\x03\x0a\x03\xc1r.\x03\xc1r,\x03" +
+	"\xc1r\x02\x02\x02:\x02\x02>\x02\x02,\x02\x02\x10\x02\x02\x00\x03\xc1s<" +
+	"\x03\xc1s*\x03\xc2L$\x03\xc2L;\x02\x09)\x02\x0a\x19\x03\x83\xab\xe3\x03" +
+	"\x83\xab\xf2\x03 4\xe0\x03\x81\xab\xea\x03\x81\xab\xf3\x03 4\xef\x03\x96" +
+	"\xe1\xcd\x03\x84\xe5\xc3\x02\x0d\x11\x03\x8b\xec\xcb\x03\x94\xec\xcf\x03" +
+	"\x9a\xec\xc2\x03\x8b\xec\xdb\x03\x94\xec\xdf\x03\x9a\xec\xd2\x03\x01\x0c" +
+	"!\x03\x01\x0c#\x03ʠ\x9d\x03ʣ\x9c\x03ʢ\x9f\x03ʥ\x9e\x03ʤ\x91\x03ʧ\x90\x03" +
+	"ʦ\x93\x03ʩ\x92\x03ʨ\x95\x03\xca\xf3\xb5\x03\xca\xf0\xb4\x03\xca\xf1\xb7" +
+	"\x03\xca\xf6\xb6\x03\xca\xf7\x89\x03\xca\xf4\x88\x03\xca\xf5\x8b\x03\xca" +
+	"\xfa\x8a\x03\xca\xfb\x8d\x03\xca\xf8\x8c\x03\xca\xf9\x8f\x03\xca\xfe\x8e" +
+	"\x03\xca\xff\x81\x03\xca\xfc\x80\x03\xca\xfd\x83\x03\xca\xe2\x82\x03\xca" +
+	"\xe3\x85\x03\xca\xe0\x84\x03\xca\xe1\x87\x03\xca\xe6\x86\x03\xca\xe7\x99" +
+	"\x03\xca\xe4\x98\x03\xca\xe5\x9b\x03\xca\xea\x9a\x03\xca\xeb\x9d\x03\xca" +
+	"\xe8\x9c\x03ؓ\x89\x03ߔ\x8b\x02\x010\x03\x03\x04\x1e\x03\x04\x15\x12\x03" +
+	"\x0b\x05,\x03\x06\x04\x00\x03\x06\x04)\x03\x06\x044\x03\x06\x04<\x03\x06" +
+	"\x05\x1d\x03\x06\x06\x00\x03\x06\x06\x0a\x03\x06\x06'\x03\x06\x062\x03" +
+	"\x0786\x03\x079/\x03\x079 \x03\x07:\x0e\x03\x07:\x1b\x03\x07:%\x03\x07;/" +
+	"\x03\x07;%\x03\x074\x11\x03\x076\x09\x03\x077*\x03\x070\x01\x03\x070\x0f" +
+	"\x03\x070.\x03\x071\x16\x03\x071\x04\x03\x0710\x03\x072\x18\x03\x072-" +
+	"\x03\x073\x14\x03\x073>\x03\x07'\x09\x03\x07 \x00\x03\x07\x1f\x0b\x03" +
+	"\x07\x18#\x03\x07\x18(\x03\x07\x186\x03\x07\x18\x03\x03\x07\x19\x16\x03" +
+	"\x07\x116\x03\x07\x12'\x03\x07\x13\x10\x03\x07\x0c&\x03\x07\x0c\x08\x03" +
+	"\x07\x0c\x13\x03\x07\x0d\x02\x03\x07\x0d\x1c\x03\x07\x0b5\x03\x07\x0b" +
+	"\x0a\x03\x07\x0b\x01\x03\x07\x0b\x0f\x03\x07\x05\x00\x03\x07\x05\x09\x03" +
+	"\x07\x05\x0b\x03\x07\x07\x01\x03\x07\x07\x08\x03\x07\x00<\x03\x07\x00+" +
+	"\x03\x07\x01)\x03\x07\x01\x1b\x03\x07\x01\x08\x03\x07\x03?\x03\x0445\x03" +
+	"\x044\x08\x03\x0454\x03\x04)/\x03\x04)5\x03\x04+\x05\x03\x04+\x14\x03" +
+	"\x04+ \x03\x04+<\x03\x04*&\x03\x04*\x22\x03\x04&8\x03\x04!\x01\x03\x04!" +
+	"\x22\x03\x04\x11+\x03\x04\x10.\x03\x04\x104\x03\x04\x13=\x03\x04\x12\x04" +
+	"\x03\x04\x12\x0a\x03\x04\x0d\x1d\x03\x04\x0d\x07\x03\x04\x0d \x03\x05<>" +
+	"\x03\x055<\x03\x055!\x03\x055#\x03\x055&\x03\x054\x1d\x03\x054\x02\x03" +
+	"\x054\x07\x03\x0571\x03\x053\x1a\x03\x053\x16\x03\x05.<\x03\x05.\x07\x03" +
+	"\x05):\x03\x05)<\x03\x05)\x0c\x03\x05)\x15\x03\x05+-\x03\x05+5\x03\x05$" +
+	"\x1e\x03\x05$\x14\x03\x05'\x04\x03\x05'\x14\x03\x05&\x02\x03\x05\x226" +
+	"\x03\x05\x22\x0c\x03\x05\x22\x1c\x03\x05\x19\x0a\x03\x05\x1b\x09\x03\x05" +
+	"\x1b\x0c\x03\x05\x14\x07\x03\x05\x16?\x03\x05\x16\x0c\x03\x05\x0c\x05" +
+	"\x03\x05\x0e\x0f\x03\x05\x01\x0e\x03\x05\x00(\x03\x05\x030\x03\x05\x03" +
+	"\x06\x03\x0a==\x03\x0a=1\x03\x0a=,\x03\x0a=\x0c\x03\x0a??\x03\x0a<\x08" +
+	"\x03\x0a9!\x03\x0a9)\x03\x0a97\x03\x0a99\x03\x0a6\x0a\x03\x0a6\x1c\x03" +
+	"\x0a6\x17\x03\x0a7'\x03\x0a78\x03\x0a73\x03\x0a'\x01\x03\x0a'&\x03\x0a" +
+	"\x1f\x0e\x03\x0a\x1f\x03\x03\x0a\x1f3\x03\x0a\x1b/\x03\x0a\x18\x19\x03" +
+	"\x0a\x19\x01\x03\x0a\x16\x14\x03\x0a\x0e\x22\x03\x0a\x0f\x10\x03\x0a\x0f" +
+	"\x02\x03\x0a\x0f \x03\x0a\x0c\x04\x03\x0a\x0b>\x03\x0a\x0b+\x03\x0a\x08/" +
+	"\x03\x0a\x046\x03\x0a\x05\x14\x03\x0a\x00\x04\x03\x0a\x00\x10\x03\x0a" +
+	"\x00\x14\x03\x0b<3\x03\x0b;*\x03\x0b9\x22\x03\x0b9)\x03\x0b97\x03\x0b+" +
+	"\x10\x03\x0b((\x03\x0b&5\x03\x0b$\x1c\x03\x0b$\x12\x03\x0b%\x04\x03\x0b#" +
+	"<\x03\x0b#0\x03\x0b#\x0d\x03\x0b#\x19\x03\x0b!:\x03\x0b!\x1f\x03\x0b!" +
+	"\x00\x03\x0b\x1e5\x03\x0b\x1c\x1d\x03\x0b\x1d-\x03\x0b\x1d(\x03\x0b\x18." +
+	"\x03\x0b\x18 \x03\x0b\x18\x16\x03\x0b\x14\x13\x03\x0b\x15$\x03\x0b\x15" +
+	"\x22\x03\x0b\x12\x1b\x03\x0b\x12\x10\x03\x0b\x132\x03\x0b\x13=\x03\x0b" +
+	"\x12\x18\x03\x0b\x0c&\x03\x0b\x061\x03\x0b\x06:\x03\x0b\x05#\x03\x0b\x05" +
+	"<\x03\x0b\x04\x0b\x03\x0b\x04\x04\x03\x0b\x04\x1b\x03\x0b\x042\x03\x0b" +
+	"\x041\x03\x0b\x03\x03\x03\x0b\x03\x1d\x03\x0b\x03/\x03\x0b\x03+\x03\x0b" +
+	"\x02\x1b\x03\x0b\x02\x00\x03\x0b\x01\x1e\x03\x0b\x01\x08\x03\x0b\x015" +
+	"\x03\x06\x0d9\x03\x06\x0d=\x03\x06\x0d?\x03\x02\x001\x03\x02\x003\x03" +
+	"\x02\x02\x19\x03\x02\x006\x03\x02\x02\x1b\x03\x02\x004\x03\x02\x00<\x03" +
+	"\x02\x02\x0a\x03\x02\x02\x0e\x03\x02\x01\x1a\x03\x02\x01\x07\x03\x02\x01" +
+	"\x05\x03\x02\x01\x0b\x03\x02\x01%\x03\x02\x01\x0c\x03\x02\x01\x04\x03" +
+	"\x02\x01\x1c\x03\x02\x00.\x03\x02\x002\x03\x02\x00>\x03\x02\x00\x12\x03" +
+	"\x02\x00\x16\x03\x02\x011\x03\x02\x013\x03\x02\x02 \x03\x02\x02%\x03\x02" +
+	"\x02$\x03\x02\x028\x03\x02\x02;\x03\x02\x024\x03\x02\x012\x03\x02\x022" +
+	"\x03\x02\x02/\x03\x02\x01,\x03\x02\x01\x13\x03\x02\x01\x16\x03\x02\x01" +
+	"\x11\x03\x02\x01\x1e\x03\x02\x01\x15\x03\x02\x01\x17\x03\x02\x01\x0f\x03" +
+	"\x02\x01\x08\x03\x02\x00?\x03\x02\x03\x07\x03\x02\x03\x0d\x03\x02\x03" +
+	"\x13\x03\x02\x03\x1d\x03\x02\x03\x1f\x03\x02\x00\x03\x03\x02\x00\x0d\x03" +
+	"\x02\x00\x01\x03\x02\x00\x1b\x03\x02\x00\x19\x03\x02\x00\x18\x03\x02\x00" +
+	"\x13\x03\x02\x00/\x03\x07>\x12\x03\x07<\x1f\x03\x07>\x1d\x03\x06\x1d\x0e" +
+	"\x03\x07>\x1c\x03\x07>:\x03\x07>\x13\x03\x04\x12+\x03\x07?\x03\x03\x07>" +
+	"\x02\x03\x06\x224\x03\x06\x1a.\x03\x07<%\x03\x06\x1c\x0b\x03\x0609\x03" +
+	"\x05\x1f\x01\x03\x04'\x08\x03\x93\xfd\xf5\x03\x02\x0d \x03\x02\x0d#\x03" +
+	"\x02\x0d!\x03\x02\x0d&\x03\x02\x0d\x22\x03\x02\x0d/\x03\x02\x0d,\x03\x02" +
+	"\x0d$\x03\x02\x0d'\x03\x02\x0d%\x03\x02\x0d;\x03\x02\x0d=\x03\x02\x0d?" +
+	"\x03\x099.\x03\x08\x0b7\x03\x08\x02\x14\x03\x08\x14\x0d\x03\x08.:\x03" +
+	"\x089'\x03\x0f\x0b\x18\x03\x0f\x1c1\x03\x0f\x17&\x03\x0f9\x1f\x03\x0f0" +
+	"\x0c\x03\x0e\x0a9\x03\x0e\x056\x03\x0e\x1c#\x03\x0f\x13\x0e\x03\x072\x00" +
+	"\x03\x070\x0d\x03\x072\x0b\x03\x06\x11\x18\x03\x070\x10\x03\x06\x0f(\x03" +
+	"\x072\x05\x03\x06\x0f,\x03\x073\x15\x03\x06\x07\x08\x03\x05\x16\x02\x03" +
+	"\x04\x0b \x03\x05:8\x03\x05\x16%\x03\x0a\x0d\x1f\x03\x06\x16\x10\x03\x05" +
+	"\x1d5\x03\x05*;\x03\x05\x16\x1b\x03\x04.-\x03\x06\x1a\x19\x03\x04\x03," +
+	"\x03\x0b87\x03\x04/\x0a\x03\x06\x00,\x03\x04-\x01\x03\x04\x1e-\x03\x06/(" +
+	"\x03\x0a\x0b5\x03\x06\x0e7\x03\x06\x07.\x03\x0597\x03\x0a*%\x03\x0760" +
+	"\x03\x06\x0c;\x03\x05'\x00\x03\x072.\x03\x072\x08\x03\x06=\x01\x03\x06" +
+	"\x05\x1b\x03\x06\x06\x12\x03\x06$=\x03\x06'\x0d\x03\x04\x11\x0f\x03\x076" +
+	",\x03\x06\x07;\x03\x06.,\x03\x86\xf9\xea\x03\x8f\xff\xeb\x02\x092\x02" +
+	"\x095\x02\x094\x02\x09;\x02\x09>\x02\x098\x02\x09*\x02\x09/\x02\x09,\x02" +
+	"\x09%\x02\x09&\x02\x09#\x02\x09 \x02\x08!\x02\x08%\x02\x08$\x02\x08+\x02" +
+	"\x08.\x02\x08*\x02\x08&\x02\x088\x02\x08>\x02\x084\x02\x086\x02\x080\x02" +
+	"\x08\x10\x02\x08\x17\x02\x08\x12\x02\x08\x1d\x02\x08\x1f\x02\x08\x13\x02" +
+	"\x08\x15\x02\x08\x14\x02\x08\x0c\x03\x8b\xfd\xd0\x03\x81\xec\xc6\x03\x87" +
+	"\xe0\x8a\x03-2\xe3\x03\x80\xef\xe4\x03-2\xea\x03\x88\xe6\xeb\x03\x8e\xe6" +
+	"\xe8\x03\x84\xe6\xe9\x03\x97\xe6\xee\x03-2\xf9\x03-2\xf6\x03\x8e\xe3\xad" +
+	"\x03\x80\xe3\x92\x03\x88\xe3\x90\x03\x8e\xe3\x90\x03\x80\xe3\x97\x03\x88" +
+	"\xe3\x95\x03\x88\xfe\xcb\x03\x8e\xfe\xca\x03\x84\xfe\xcd\x03\x91\xef\xc9" +
+	"\x03-2\xc1\x03-2\xc0\x03-2\xcb\x03\x88@\x09\x03\x8e@\x08\x03\x8f\xe0\xf5" +
+	"\x03\x8e\xe6\xf9\x03\x8e\xe0\xfa\x03\x93\xff\xf4\x03\x84\xee\xd3\x03\x0b" +
+	"(\x04\x023 \x03\x0b)\x08\x021;\x02\x01*\x03\x0b#\x10\x03\x0b 0\x03\x0b!" +
+	"\x10\x03\x0b!0\x03\x07\x15\x08\x03\x09?5\x03\x07\x1f\x08\x03\x07\x17\x0b" +
+	"\x03\x09\x1f\x15\x03\x0b\x1c7\x03\x0a+#\x03\x06\x1a\x1b\x03\x06\x1a\x14" +
+	"\x03\x0a\x01\x18\x03\x06#\x1b\x03\x0a2\x0c\x03\x0a\x01\x04\x03\x09#;\x03" +
+	"\x08='\x03\x08\x1a\x0a\x03\x07</\x03\x07:+\x03\x07\x07*\x03\x06&\x1c\x03" +
+	"\x09\x0c\x16\x03\x09\x10\x0e\x03\x08'\x0f\x03\x08+\x09\x03\x074%\x03\x06" +
+	"!3\x03\x06\x03+\x03\x0b\x1e\x19\x03\x0a))\x03\x09\x08\x19\x03\x08,\x05" +
+	"\x03\x07<2\x03\x06\x1c>\x03\x0a\x111\x03\x09\x1b\x09\x03\x073.\x03\x07" +
+	"\x01\x00\x03\x09/,\x03\x07#>\x03\x07\x048\x03\x0a\x1f\x22\x03\x098>\x03" +
+	"\x09\x11\x00\x03\x08/\x17\x03\x06'\x22\x03\x0b\x1a+\x03\x0a\x22\x19\x03" +
+	"\x0a/1\x03\x0974\x03\x09\x0f\x22\x03\x08,\x22\x03\x08?\x14\x03\x07$5\x03" +
+	"\x07<3\x03\x07=*\x03\x07\x13\x18\x03\x068\x0a\x03\x06\x09\x16\x03\x06" +
+	"\x13\x00\x03\x08\x067\x03\x08\x01\x03\x03\x08\x12\x1d\x03\x07+7\x03\x06(" +
+	";\x03\x06\x1c?\x03\x07\x0e\x17\x03\x0a\x06\x1d\x03\x0a\x19\x07\x03\x08" +
+	"\x14$\x03\x07$;\x03\x08,$\x03\x08\x06\x0d\x03\x07\x16\x0a\x03\x06>>\x03" +
+	"\x0a\x06\x12\x03\x0a\x14)\x03\x09\x0d\x1f\x03\x09\x12\x17\x03\x09\x19" +
+	"\x01\x03\x08\x11 \x03\x08\x1d'\x03\x06<\x1a\x03\x0a.\x00\x03\x07'\x18" +
+	"\x03\x0a\x22\x08\x03\x08\x0d\x0a\x03\x08\x13)\x03\x07*)\x03\x06<,\x03" +
+	"\x07\x0b\x1a\x03\x09.\x14\x03\x09\x0d\x1e\x03\x07\x0e#\x03\x0b\x1d'\x03" +
+	"\x0a\x0a8\x03\x09%2\x03\x08+&\x03\x080\x12\x03\x0a)4\x03\x08\x06\x1f\x03" +
+	"\x0b\x1b\x1a\x03\x0a\x1b\x0f\x03\x0b\x1d*\x03\x09\x16$\x03\x090\x11\x03" +
+	"\x08\x11\x08\x03\x0a*(\x03\x0a\x042\x03\x089,\x03\x074'\x03\x07\x0f\x05" +
+	"\x03\x09\x0b\x0a\x03\x07\x1b\x01\x03\x09\x17:\x03\x09.\x0d\x03\x07.\x11" +
+	"\x03\x09+\x15\x03\x080\x13\x03\x0b\x1f\x19\x03\x0a \x11\x03\x0a\x220\x03" +
+	"\x09\x07;\x03\x08\x16\x1c\x03\x07,\x13\x03\x07\x0e/\x03\x06\x221\x03\x0a" +
+	".\x0a\x03\x0a7\x02\x03\x0a\x032\x03\x0a\x1d.\x03\x091\x06\x03\x09\x19:" +
+	"\x03\x08\x02/\x03\x060+\x03\x06\x0f-\x03\x06\x1c\x1f\x03\x06\x1d\x07\x03" +
+	"\x0a,\x11\x03\x09=\x0d\x03\x09\x0b;\x03\x07\x1b/\x03\x0a\x1f:\x03\x09 " +
+	"\x1f\x03\x09.\x10\x03\x094\x0b\x03\x09\x1a1\x03\x08#\x1a\x03\x084\x1d" +
+	"\x03\x08\x01\x1f\x03\x08\x11\x22\x03\x07'8\x03\x07\x1a>\x03\x0757\x03" +
+	"\x06&9\x03\x06+\x11\x03\x0a.\x0b\x03\x0a,>\x03\x0a4#\x03\x08%\x17\x03" +
+	"\x07\x05\x22\x03\x07\x0c\x0b\x03\x0a\x1d+\x03\x0a\x19\x16\x03\x09+\x1f" +
+	"\x03\x09\x08\x0b\x03\x08\x16\x18\x03\x08+\x12\x03\x0b\x1d\x0c\x03\x0a=" +
+	"\x10\x03\x0a\x09\x0d\x03\x0a\x10\x11\x03\x09&0\x03\x08(\x1f\x03\x087\x07" +
+	"\x03\x08\x185\x03\x07'6\x03\x06.\x05\x03\x06=\x04\x03\x06;;\x03\x06\x06," +
+	"\x03\x0b\x18>\x03\x08\x00\x18\x03\x06 \x03\x03\x06<\x00\x03\x09%\x18\x03" +
+	"\x0b\x1c<\x03\x0a%!\x03\x0a\x09\x12\x03\x0a\x16\x02\x03\x090'\x03\x09" +
+	"\x0e=\x03\x08 \x0e\x03\x08>\x03\x03\x074>\x03\x06&?\x03\x06\x19\x09\x03" +
+	"\x06?(\x03\x0a-\x0e\x03\x09:3\x03\x098:\x03\x09\x12\x0b\x03\x09\x1d\x17" +
+	"\x03\x087\x05\x03\x082\x14\x03\x08\x06%\x03\x08\x13\x1f\x03\x06\x06\x0e" +
+	"\x03\x0a\x22<\x03\x09/<\x03\x06>+\x03\x0a'?\x03\x0a\x13\x0c\x03\x09\x10<" +
+	"\x03\x07\x1b=\x03\x0a\x19\x13\x03\x09\x22\x1d\x03\x09\x07\x0d\x03\x08)" +
+	"\x1c\x03\x06=\x1a\x03\x0a/4\x03\x0a7\x11\x03\x0a\x16:\x03\x09?3\x03\x09:" +
+	"/\x03\x09\x05\x0a\x03\x09\x14\x06\x03\x087\x22\x03\x080\x07\x03\x08\x1a" +
+	"\x1f\x03\x07\x04(\x03\x07\x04\x09\x03\x06 %\x03\x06<\x08\x03\x0a+\x14" +
+	"\x03\x09\x1d\x16\x03\x0a70\x03\x08 >\x03\x0857\x03\x070\x0a\x03\x06=\x12" +
+	"\x03\x06\x16%\x03\x06\x1d,\x03\x099#\x03\x09\x10>\x03\x07 \x1e\x03\x08" +
+	"\x0c<\x03\x08\x0b\x18\x03\x08\x15+\x03\x08,:\x03\x08%\x22\x03\x07\x0a$" +
+	"\x03\x0b\x1c=\x03\x07+\x08\x03\x0a/\x05\x03\x0a \x07\x03\x0a\x12'\x03" +
+	"\x09#\x11\x03\x08\x1b\x15\x03\x0a\x06\x01\x03\x09\x1c\x1b\x03\x0922\x03" +
+	"\x07\x14<\x03\x07\x09\x04\x03\x061\x04\x03\x07\x0e\x01\x03\x0a\x13\x18" +
+	"\x03\x0a-\x0c\x03\x0a?\x0d\x03\x0a\x09\x0a\x03\x091&\x03\x0a/\x0b\x03" +
+	"\x08$<\x03\x083\x1d\x03\x08\x0c$\x03\x08\x0d\x07\x03\x08\x0d?\x03\x08" +
+	"\x0e\x14\x03\x065\x0a\x03\x08\x1a#\x03\x08\x16#\x03\x0702\x03\x07\x03" +
+	"\x1a\x03\x06(\x1d\x03\x06+\x1b\x03\x06\x0b\x05\x03\x06\x0b\x17\x03\x06" +
+	"\x0c\x04\x03\x06\x1e\x19\x03\x06+0\x03\x062\x18\x03\x0b\x16\x1e\x03\x0a+" +
+	"\x16\x03\x0a-?\x03\x0a#:\x03\x0a#\x10\x03\x0a%$\x03\x0a>+\x03\x0a01\x03" +
+	"\x0a1\x10\x03\x0a\x099\x03\x0a\x0a\x12\x03\x0a\x19\x1f\x03\x0a\x19\x12" +
+	"\x03\x09*)\x03\x09-\x16\x03\x09.1\x03\x09.2\x03\x09<\x0e\x03\x09> \x03" +
+	"\x093\x12\x03\x09\x0b\x01\x03\x09\x1c2\x03\x09\x11\x1c\x03\x09\x15%\x03" +
+	"\x08,&\x03\x08!\x22\x03\x089(\x03\x08\x0b\x1a\x03\x08\x0d2\x03\x08\x0c" +
+	"\x04\x03\x08\x0c\x06\x03\x08\x0c\x1f\x03\x08\x0c\x0c\x03\x08\x0f\x1f\x03" +
+	"\x08\x0f\x1d\x03\x08\x00\x14\x03\x08\x03\x14\x03\x08\x06\x16\x03\x08\x1e" +
+	"#\x03\x08\x11\x11\x03\x08\x10\x18\x03\x08\x14(\x03\x07)\x1e\x03\x07.1" +
+	"\x03\x07 $\x03\x07 '\x03\x078\x08\x03\x07\x0d0\x03\x07\x0f7\x03\x07\x05#" +
+	"\x03\x07\x05\x1a\x03\x07\x1a7\x03\x07\x1d-\x03\x07\x17\x10\x03\x06)\x1f" +
+	"\x03\x062\x0b\x03\x066\x16\x03\x06\x09\x11\x03\x09(\x1e\x03\x07!5\x03" +
+	"\x0b\x11\x16\x03\x0a/\x04\x03\x0a,\x1a\x03\x0b\x173\x03\x0a,1\x03\x0a/5" +
+	"\x03\x0a\x221\x03\x0a\x22\x0d\x03\x0a?%\x03\x0a<,\x03\x0a?#\x03\x0a>\x19" +
+	"\x03\x0a\x08&\x03\x0a\x0b\x0e\x03\x0a\x0c:\x03\x0a\x0c+\x03\x0a\x03\x22" +
+	"\x03\x0a\x06)\x03\x0a\x11\x10\x03\x0a\x11\x1a\x03\x0a\x17-\x03\x0a\x14(" +
+	"\x03\x09)\x1e\x03\x09/\x09\x03\x09.\x00\x03\x09,\x07\x03\x09/*\x03\x09-9" +
+	"\x03\x09\x228\x03\x09%\x09\x03\x09:\x12\x03\x09;\x1d\x03\x09?\x06\x03" +
+	"\x093%\x03\x096\x05\x03\x096\x08\x03\x097\x02\x03\x09\x07,\x03\x09\x04," +
+	"\x03\x09\x1f\x16\x03\x09\x11\x03\x03\x09\x11\x12\x03\x09\x168\x03\x08*" +
+	"\x05\x03\x08/2\x03\x084:\x03\x08\x22+\x03\x08 0\x03\x08&\x0a\x03\x08;" +
+	"\x10\x03\x08>$\x03\x08>\x18\x03\x0829\x03\x082:\x03\x081,\x03\x081<\x03" +
+	"\x081\x1c\x03\x087#\x03\x087*\x03\x08\x09'\x03\x08\x00\x1d\x03\x08\x05-" +
+	"\x03\x08\x1f4\x03\x08\x1d\x04\x03\x08\x16\x0f\x03\x07*7\x03\x07'!\x03" +
+	"\x07%\x1b\x03\x077\x0c\x03\x07\x0c1\x03\x07\x0c.\x03\x07\x00\x06\x03\x07" +
+	"\x01\x02\x03\x07\x010\x03\x07\x06=\x03\x07\x01\x03\x03\x07\x01\x13\x03" +
+	"\x07\x06\x06\x03\x07\x05\x0a\x03\x07\x1f\x09\x03\x07\x17:\x03\x06*1\x03" +
+	"\x06-\x1d\x03\x06\x223\x03\x062:\x03\x060$\x03\x066\x1e\x03\x064\x12\x03" +
+	"\x0645\x03\x06\x0b\x00\x03\x06\x0b7\x03\x06\x07\x1f\x03\x06\x15\x12\x03" +
+	"\x0c\x05\x0f\x03\x0b+\x0b\x03\x0b+-\x03\x06\x16\x1b\x03\x06\x15\x17\x03" +
+	"\x89\xca\xea\x03\x89\xca\xe8\x03\x0c8\x10\x03\x0c8\x01\x03\x0c8\x0f\x03" +
+	"\x0d8%\x03\x0d8!\x03\x0c8-\x03\x0c8/\x03\x0c8+\x03\x0c87\x03\x0c85\x03" +
+	"\x0c9\x09\x03\x0c9\x0d\x03\x0c9\x0f\x03\x0c9\x0b\x03\xcfu\x0c\x03\xcfu" +
+	"\x0f\x03\xcfu\x0e\x03\xcfu\x09\x03\x0c9\x10\x03\x0d9\x0c\x03\xcf`;\x03" +
+	"\xcf`>\x03\xcf`9\x03\xcf`8\x03\xcf`7\x03\xcf`*\x03\xcf`-\x03\xcf`,\x03" +
+	"\x0d\x1b\x1a\x03\x0d\x1b&\x03\x0c=.\x03\x0c=%\x03\x0c>\x1e\x03\x0c>\x14" +
+	"\x03\x0c?\x06\x03\x0c?\x0b\x03\x0c?\x0c\x03\x0c?\x0d\x03\x0c?\x02\x03" +
+	"\x0c>\x0f\x03\x0c>\x08\x03\x0c>\x09\x03\x0c>,\x03\x0c>\x0c\x03\x0c?\x13" +
+	"\x03\x0c?\x16\x03\x0c?\x15\x03\x0c?\x1c\x03\x0c?\x1f\x03\x0c?\x1d\x03" +
+	"\x0c?\x1a\x03\x0c?\x17\x03\x0c?\x08\x03\x0c?\x09\x03\x0c?\x0e\x03\x0c?" +
+	"\x04\x03\x0c?\x05\x03\x0c<?\x03\x0c=\x00\x03\x0c=\x06\x03\x0c=\x05\x03" +
+	"\x0c=\x0c\x03\x0c=\x0f\x03\x0c=\x0d\x03\x0c=\x0b\x03\x0c=\x07\x03\x0c=" +
+	"\x19\x03\x0c=\x15\x03\x0c=\x11\x03\x0c=1\x03\x0c=3\x03\x0c=0\x03\x0c=>" +
+	"\x03\x0c=2\x03\x0c=6\x03\x0c<\x07\x03\x0c<\x05\x03\x0e:!\x03\x0e:#\x03" +
+	"\x0e8\x09\x03\x0e:&\x03\x0e8\x0b\x03\x0e:$\x03\x0e:,\x03\x0e8\x1a\x03" +
+	"\x0e8\x1e\x03\x0e:*\x03\x0e:7\x03\x0e:5\x03\x0e:;\x03\x0e:\x15\x03\x0e:<" +
+	"\x03\x0e:4\x03\x0e:'\x03\x0e:-\x03\x0e:%\x03\x0e:?\x03\x0e:=\x03\x0e:)" +
+	"\x03\x0e:/\x03\xcfs'\x03\x0d=\x0f\x03\x0d+*\x03\x0d99\x03\x0d9;\x03\x0d9" +
+	"?\x03\x0d)\x0d\x03\x0d(%\x02\x01\x18\x02\x01(\x02\x01\x1e\x03\x0f$!\x03" +
+	"\x0f87\x03\x0f4\x0e\x03\x0f5\x1d\x03\x06'\x03\x03\x0f\x08\x18\x03\x0f" +
+	"\x0d\x1b\x03\x0e2=\x03\x0e;\x08\x03\x0e:\x0b\x03\x0e\x06$\x03\x0e\x0d)" +
+	"\x03\x0e\x16\x1f\x03\x0e\x16\x1b\x03\x0d$\x0a\x03\x05,\x1d\x03\x0d. \x03" +
+	"\x0d.#\x03\x0c(/\x03\x09%\x02\x03\x0d90\x03\x0d\x0e4\x03\x0d\x0d\x0f\x03" +
+	"\x0c#\x00\x03\x0c,\x1e\x03\x0c2\x0e\x03\x0c\x01\x17\x03\x0c\x09:\x03\x0e" +
+	"\x173\x03\x0c\x08\x03\x03\x0c\x11\x07\x03\x0c\x10\x18\x03\x0c\x1f\x1c" +
+	"\x03\x0c\x19\x0e\x03\x0c\x1a\x1f\x03\x0f0>\x03\x0b->\x03\x0b<+\x03\x0b8" +
+	"\x13\x03\x0b\x043\x03\x0b\x14\x03\x03\x0b\x16%\x03\x0d\x22&\x03\x0b\x1a" +
+	"\x1a\x03\x0b\x1a\x04\x03\x0a%9\x03\x0a&2\x03\x0a&0\x03\x0a!\x1a\x03\x0a!" +
+	"7\x03\x0a5\x10\x03\x0a=4\x03\x0a?\x0e\x03\x0a>\x10\x03\x0a\x00 \x03\x0a" +
+	"\x0f:\x03\x0a\x0f9\x03\x0a\x0b\x0a\x03\x0a\x17%\x03\x0a\x1b-\x03\x09-" +
+	"\x1a\x03\x09,4\x03\x09.,\x03\x09)\x09\x03\x096!\x03\x091\x1f\x03\x093" +
+	"\x16\x03\x0c+\x1f\x03\x098 \x03\x098=\x03\x0c(\x1a\x03\x0c(\x16\x03\x09" +
+	"\x0a+\x03\x09\x16\x12\x03\x09\x13\x0e\x03\x09\x153\x03\x08)!\x03\x09\x1a" +
+	"\x01\x03\x09\x18\x01\x03\x08%#\x03\x08>\x22\x03\x08\x05%\x03\x08\x02*" +
+	"\x03\x08\x15;\x03\x08\x1b7\x03\x0f\x07\x1d\x03\x0f\x04\x03\x03\x070\x0c" +
+	"\x03\x07;\x0b\x03\x07\x08\x17\x03\x07\x12\x06\x03\x06/-\x03\x0671\x03" +
+	"\x065+\x03\x06>7\x03\x06\x049\x03\x05+\x1e\x03\x05,\x17\x03\x05 \x1d\x03" +
+	"\x05\x22\x05\x03\x050\x1d"
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// idnaTrie. Total size: 30288 bytes (29.58 KiB). Checksum: c0cd84404a2f6f19.
+type idnaTrie struct{}
+
+func newIdnaTrie(i int) *idnaTrie {
+	return &idnaTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *idnaTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 126:
+		return uint16(idnaValues[n<<6+uint32(b)])
+	default:
+		n -= 126
+		return uint16(idnaSparse.lookup(n, b))
+	}
+}
+
+// idnaValues: 128 blocks, 8192 entries, 16384 bytes
+// The third block is the zero block.
+var idnaValues = [8192]uint16{
+	// Block 0x0, offset 0x0
+	0x00: 0x0080, 0x01: 0x0080, 0x02: 0x0080, 0x03: 0x0080, 0x04: 0x0080, 0x05: 0x0080,
+	0x06: 0x0080, 0x07: 0x0080, 0x08: 0x0080, 0x09: 0x0080, 0x0a: 0x0080, 0x0b: 0x0080,
+	0x0c: 0x0080, 0x0d: 0x0080, 0x0e: 0x0080, 0x0f: 0x0080, 0x10: 0x0080, 0x11: 0x0080,
+	0x12: 0x0080, 0x13: 0x0080, 0x14: 0x0080, 0x15: 0x0080, 0x16: 0x0080, 0x17: 0x0080,
+	0x18: 0x0080, 0x19: 0x0080, 0x1a: 0x0080, 0x1b: 0x0080, 0x1c: 0x0080, 0x1d: 0x0080,
+	0x1e: 0x0080, 0x1f: 0x0080, 0x20: 0x0080, 0x21: 0x0080, 0x22: 0x0080, 0x23: 0x0080,
+	0x24: 0x0080, 0x25: 0x0080, 0x26: 0x0080, 0x27: 0x0080, 0x28: 0x0080, 0x29: 0x0080,
+	0x2a: 0x0080, 0x2b: 0x0080, 0x2c: 0x0080, 0x2d: 0x0008, 0x2e: 0x0008, 0x2f: 0x0080,
+	0x30: 0x0008, 0x31: 0x0008, 0x32: 0x0008, 0x33: 0x0008, 0x34: 0x0008, 0x35: 0x0008,
+	0x36: 0x0008, 0x37: 0x0008, 0x38: 0x0008, 0x39: 0x0008, 0x3a: 0x0080, 0x3b: 0x0080,
+	0x3c: 0x0080, 0x3d: 0x0080, 0x3e: 0x0080, 0x3f: 0x0080,
+	// Block 0x1, offset 0x40
+	0x40: 0x0080, 0x41: 0xe105, 0x42: 0xe105, 0x43: 0xe105, 0x44: 0xe105, 0x45: 0xe105,
+	0x46: 0xe105, 0x47: 0xe105, 0x48: 0xe105, 0x49: 0xe105, 0x4a: 0xe105, 0x4b: 0xe105,
+	0x4c: 0xe105, 0x4d: 0xe105, 0x4e: 0xe105, 0x4f: 0xe105, 0x50: 0xe105, 0x51: 0xe105,
+	0x52: 0xe105, 0x53: 0xe105, 0x54: 0xe105, 0x55: 0xe105, 0x56: 0xe105, 0x57: 0xe105,
+	0x58: 0xe105, 0x59: 0xe105, 0x5a: 0xe105, 0x5b: 0x0080, 0x5c: 0x0080, 0x5d: 0x0080,
+	0x5e: 0x0080, 0x5f: 0x0080, 0x60: 0x0080, 0x61: 0x0008, 0x62: 0x0008, 0x63: 0x0008,
+	0x64: 0x0008, 0x65: 0x0008, 0x66: 0x0008, 0x67: 0x0008, 0x68: 0x0008, 0x69: 0x0008,
+	0x6a: 0x0008, 0x6b: 0x0008, 0x6c: 0x0008, 0x6d: 0x0008, 0x6e: 0x0008, 0x6f: 0x0008,
+	0x70: 0x0008, 0x71: 0x0008, 0x72: 0x0008, 0x73: 0x0008, 0x74: 0x0008, 0x75: 0x0008,
+	0x76: 0x0008, 0x77: 0x0008, 0x78: 0x0008, 0x79: 0x0008, 0x7a: 0x0008, 0x7b: 0x0080,
+	0x7c: 0x0080, 0x7d: 0x0080, 0x7e: 0x0080, 0x7f: 0x0080,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x0040, 0xc1: 0x0040, 0xc2: 0x0040, 0xc3: 0x0040, 0xc4: 0x0040, 0xc5: 0x0040,
+	0xc6: 0x0040, 0xc7: 0x0040, 0xc8: 0x0040, 0xc9: 0x0040, 0xca: 0x0040, 0xcb: 0x0040,
+	0xcc: 0x0040, 0xcd: 0x0040, 0xce: 0x0040, 0xcf: 0x0040, 0xd0: 0x0040, 0xd1: 0x0040,
+	0xd2: 0x0040, 0xd3: 0x0040, 0xd4: 0x0040, 0xd5: 0x0040, 0xd6: 0x0040, 0xd7: 0x0040,
+	0xd8: 0x0040, 0xd9: 0x0040, 0xda: 0x0040, 0xdb: 0x0040, 0xdc: 0x0040, 0xdd: 0x0040,
+	0xde: 0x0040, 0xdf: 0x0040, 0xe0: 0x000a, 0xe1: 0x0018, 0xe2: 0x0018, 0xe3: 0x0018,
+	0xe4: 0x0018, 0xe5: 0x0018, 0xe6: 0x0018, 0xe7: 0x0018, 0xe8: 0x001a, 0xe9: 0x0018,
+	0xea: 0x0039, 0xeb: 0x0018, 0xec: 0x0018, 0xed: 0x03c0, 0xee: 0x0018, 0xef: 0x004a,
+	0xf0: 0x0018, 0xf1: 0x0018, 0xf2: 0x0069, 0xf3: 0x0079, 0xf4: 0x008a, 0xf5: 0x0005,
+	0xf6: 0x0018, 0xf7: 0x0008, 0xf8: 0x00aa, 0xf9: 0x00c9, 0xfa: 0x00d9, 0xfb: 0x0018,
+	0xfc: 0x00e9, 0xfd: 0x0119, 0xfe: 0x0149, 0xff: 0x0018,
+	// Block 0x4, offset 0x100
+	0x100: 0xe00d, 0x101: 0x0008, 0x102: 0xe00d, 0x103: 0x0008, 0x104: 0xe00d, 0x105: 0x0008,
+	0x106: 0xe00d, 0x107: 0x0008, 0x108: 0xe00d, 0x109: 0x0008, 0x10a: 0xe00d, 0x10b: 0x0008,
+	0x10c: 0xe00d, 0x10d: 0x0008, 0x10e: 0xe00d, 0x10f: 0x0008, 0x110: 0xe00d, 0x111: 0x0008,
+	0x112: 0xe00d, 0x113: 0x0008, 0x114: 0xe00d, 0x115: 0x0008, 0x116: 0xe00d, 0x117: 0x0008,
+	0x118: 0xe00d, 0x119: 0x0008, 0x11a: 0xe00d, 0x11b: 0x0008, 0x11c: 0xe00d, 0x11d: 0x0008,
+	0x11e: 0xe00d, 0x11f: 0x0008, 0x120: 0xe00d, 0x121: 0x0008, 0x122: 0xe00d, 0x123: 0x0008,
+	0x124: 0xe00d, 0x125: 0x0008, 0x126: 0xe00d, 0x127: 0x0008, 0x128: 0xe00d, 0x129: 0x0008,
+	0x12a: 0xe00d, 0x12b: 0x0008, 0x12c: 0xe00d, 0x12d: 0x0008, 0x12e: 0xe00d, 0x12f: 0x0008,
+	0x130: 0x0179, 0x131: 0x0008, 0x132: 0x0035, 0x133: 0x004d, 0x134: 0xe00d, 0x135: 0x0008,
+	0x136: 0xe00d, 0x137: 0x0008, 0x138: 0x0008, 0x139: 0xe01d, 0x13a: 0x0008, 0x13b: 0xe03d,
+	0x13c: 0x0008, 0x13d: 0xe01d, 0x13e: 0x0008, 0x13f: 0x0199,
+	// Block 0x5, offset 0x140
+	0x140: 0x0199, 0x141: 0xe01d, 0x142: 0x0008, 0x143: 0xe03d, 0x144: 0x0008, 0x145: 0xe01d,
+	0x146: 0x0008, 0x147: 0xe07d, 0x148: 0x0008, 0x149: 0x01b9, 0x14a: 0xe00d, 0x14b: 0x0008,
+	0x14c: 0xe00d, 0x14d: 0x0008, 0x14e: 0xe00d, 0x14f: 0x0008, 0x150: 0xe00d, 0x151: 0x0008,
+	0x152: 0xe00d, 0x153: 0x0008, 0x154: 0xe00d, 0x155: 0x0008, 0x156: 0xe00d, 0x157: 0x0008,
+	0x158: 0xe00d, 0x159: 0x0008, 0x15a: 0xe00d, 0x15b: 0x0008, 0x15c: 0xe00d, 0x15d: 0x0008,
+	0x15e: 0xe00d, 0x15f: 0x0008, 0x160: 0xe00d, 0x161: 0x0008, 0x162: 0xe00d, 0x163: 0x0008,
+	0x164: 0xe00d, 0x165: 0x0008, 0x166: 0xe00d, 0x167: 0x0008, 0x168: 0xe00d, 0x169: 0x0008,
+	0x16a: 0xe00d, 0x16b: 0x0008, 0x16c: 0xe00d, 0x16d: 0x0008, 0x16e: 0xe00d, 0x16f: 0x0008,
+	0x170: 0xe00d, 0x171: 0x0008, 0x172: 0xe00d, 0x173: 0x0008, 0x174: 0xe00d, 0x175: 0x0008,
+	0x176: 0xe00d, 0x177: 0x0008, 0x178: 0x0065, 0x179: 0xe01d, 0x17a: 0x0008, 0x17b: 0xe03d,
+	0x17c: 0x0008, 0x17d: 0xe01d, 0x17e: 0x0008, 0x17f: 0x01d9,
+	// Block 0x6, offset 0x180
+	0x180: 0x0008, 0x181: 0x007d, 0x182: 0xe00d, 0x183: 0x0008, 0x184: 0xe00d, 0x185: 0x0008,
+	0x186: 0x007d, 0x187: 0xe07d, 0x188: 0x0008, 0x189: 0x0095, 0x18a: 0x00ad, 0x18b: 0xe03d,
+	0x18c: 0x0008, 0x18d: 0x0008, 0x18e: 0x00c5, 0x18f: 0x00dd, 0x190: 0x00f5, 0x191: 0xe01d,
+	0x192: 0x0008, 0x193: 0x010d, 0x194: 0x0125, 0x195: 0x0008, 0x196: 0x013d, 0x197: 0x013d,
+	0x198: 0xe00d, 0x199: 0x0008, 0x19a: 0x0008, 0x19b: 0x0008, 0x19c: 0x010d, 0x19d: 0x0155,
+	0x19e: 0x0008, 0x19f: 0x016d, 0x1a0: 0xe00d, 0x1a1: 0x0008, 0x1a2: 0xe00d, 0x1a3: 0x0008,
+	0x1a4: 0xe00d, 0x1a5: 0x0008, 0x1a6: 0x0185, 0x1a7: 0xe07d, 0x1a8: 0x0008, 0x1a9: 0x019d,
+	0x1aa: 0x0008, 0x1ab: 0x0008, 0x1ac: 0xe00d, 0x1ad: 0x0008, 0x1ae: 0x0185, 0x1af: 0xe0fd,
+	0x1b0: 0x0008, 0x1b1: 0x01b5, 0x1b2: 0x01cd, 0x1b3: 0xe03d, 0x1b4: 0x0008, 0x1b5: 0xe01d,
+	0x1b6: 0x0008, 0x1b7: 0x01e5, 0x1b8: 0xe00d, 0x1b9: 0x0008, 0x1ba: 0x0008, 0x1bb: 0x0008,
+	0x1bc: 0xe00d, 0x1bd: 0x0008, 0x1be: 0x0008, 0x1bf: 0x0008,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x0008, 0x1c1: 0x0008, 0x1c2: 0x0008, 0x1c3: 0x0008, 0x1c4: 0x01e9, 0x1c5: 0x01e9,
+	0x1c6: 0x01e9, 0x1c7: 0x01fd, 0x1c8: 0x0215, 0x1c9: 0x022d, 0x1ca: 0x0245, 0x1cb: 0x025d,
+	0x1cc: 0x0275, 0x1cd: 0xe01d, 0x1ce: 0x0008, 0x1cf: 0xe0fd, 0x1d0: 0x0008, 0x1d1: 0xe01d,
+	0x1d2: 0x0008, 0x1d3: 0xe03d, 0x1d4: 0x0008, 0x1d5: 0xe01d, 0x1d6: 0x0008, 0x1d7: 0xe07d,
+	0x1d8: 0x0008, 0x1d9: 0xe01d, 0x1da: 0x0008, 0x1db: 0xe03d, 0x1dc: 0x0008, 0x1dd: 0x0008,
+	0x1de: 0xe00d, 0x1df: 0x0008, 0x1e0: 0xe00d, 0x1e1: 0x0008, 0x1e2: 0xe00d, 0x1e3: 0x0008,
+	0x1e4: 0xe00d, 0x1e5: 0x0008, 0x1e6: 0xe00d, 0x1e7: 0x0008, 0x1e8: 0xe00d, 0x1e9: 0x0008,
+	0x1ea: 0xe00d, 0x1eb: 0x0008, 0x1ec: 0xe00d, 0x1ed: 0x0008, 0x1ee: 0xe00d, 0x1ef: 0x0008,
+	0x1f0: 0x0008, 0x1f1: 0x028d, 0x1f2: 0x02a5, 0x1f3: 0x02bd, 0x1f4: 0xe00d, 0x1f5: 0x0008,
+	0x1f6: 0x02d5, 0x1f7: 0x02ed, 0x1f8: 0xe00d, 0x1f9: 0x0008, 0x1fa: 0xe00d, 0x1fb: 0x0008,
+	0x1fc: 0xe00d, 0x1fd: 0x0008, 0x1fe: 0xe00d, 0x1ff: 0x0008,
+	// Block 0x8, offset 0x200
+	0x200: 0xe00d, 0x201: 0x0008, 0x202: 0xe00d, 0x203: 0x0008, 0x204: 0xe00d, 0x205: 0x0008,
+	0x206: 0xe00d, 0x207: 0x0008, 0x208: 0xe00d, 0x209: 0x0008, 0x20a: 0xe00d, 0x20b: 0x0008,
+	0x20c: 0xe00d, 0x20d: 0x0008, 0x20e: 0xe00d, 0x20f: 0x0008, 0x210: 0xe00d, 0x211: 0x0008,
+	0x212: 0xe00d, 0x213: 0x0008, 0x214: 0xe00d, 0x215: 0x0008, 0x216: 0xe00d, 0x217: 0x0008,
+	0x218: 0xe00d, 0x219: 0x0008, 0x21a: 0xe00d, 0x21b: 0x0008, 0x21c: 0xe00d, 0x21d: 0x0008,
+	0x21e: 0xe00d, 0x21f: 0x0008, 0x220: 0x0305, 0x221: 0x0008, 0x222: 0xe00d, 0x223: 0x0008,
+	0x224: 0xe00d, 0x225: 0x0008, 0x226: 0xe00d, 0x227: 0x0008, 0x228: 0xe00d, 0x229: 0x0008,
+	0x22a: 0xe00d, 0x22b: 0x0008, 0x22c: 0xe00d, 0x22d: 0x0008, 0x22e: 0xe00d, 0x22f: 0x0008,
+	0x230: 0xe00d, 0x231: 0x0008, 0x232: 0xe00d, 0x233: 0x0008, 0x234: 0x0008, 0x235: 0x0008,
+	0x236: 0x0008, 0x237: 0x0008, 0x238: 0x0008, 0x239: 0x0008, 0x23a: 0x0209, 0x23b: 0xe03d,
+	0x23c: 0x0008, 0x23d: 0x031d, 0x23e: 0x0229, 0x23f: 0x0008,
+	// Block 0x9, offset 0x240
+	0x240: 0x0008, 0x241: 0x0008, 0x242: 0x0018, 0x243: 0x0018, 0x244: 0x0018, 0x245: 0x0018,
+	0x246: 0x0008, 0x247: 0x0008, 0x248: 0x0008, 0x249: 0x0008, 0x24a: 0x0008, 0x24b: 0x0008,
+	0x24c: 0x0008, 0x24d: 0x0008, 0x24e: 0x0008, 0x24f: 0x0008, 0x250: 0x0008, 0x251: 0x0008,
+	0x252: 0x0018, 0x253: 0x0018, 0x254: 0x0018, 0x255: 0x0018, 0x256: 0x0018, 0x257: 0x0018,
+	0x258: 0x029a, 0x259: 0x02ba, 0x25a: 0x02da, 0x25b: 0x02fa, 0x25c: 0x031a, 0x25d: 0x033a,
+	0x25e: 0x0018, 0x25f: 0x0018, 0x260: 0x03ad, 0x261: 0x0359, 0x262: 0x01d9, 0x263: 0x0369,
+	0x264: 0x03c5, 0x265: 0x0018, 0x266: 0x0018, 0x267: 0x0018, 0x268: 0x0018, 0x269: 0x0018,
+	0x26a: 0x0018, 0x26b: 0x0018, 0x26c: 0x0008, 0x26d: 0x0018, 0x26e: 0x0008, 0x26f: 0x0018,
+	0x270: 0x0018, 0x271: 0x0018, 0x272: 0x0018, 0x273: 0x0018, 0x274: 0x0018, 0x275: 0x0018,
+	0x276: 0x0018, 0x277: 0x0018, 0x278: 0x0018, 0x279: 0x0018, 0x27a: 0x0018, 0x27b: 0x0018,
+	0x27c: 0x0018, 0x27d: 0x0018, 0x27e: 0x0018, 0x27f: 0x0018,
+	// Block 0xa, offset 0x280
+	0x280: 0x03dd, 0x281: 0x03dd, 0x282: 0x3308, 0x283: 0x03f5, 0x284: 0x0379, 0x285: 0x040d,
+	0x286: 0x3308, 0x287: 0x3308, 0x288: 0x3308, 0x289: 0x3308, 0x28a: 0x3308, 0x28b: 0x3308,
+	0x28c: 0x3308, 0x28d: 0x3308, 0x28e: 0x3308, 0x28f: 0x33c0, 0x290: 0x3308, 0x291: 0x3308,
+	0x292: 0x3308, 0x293: 0x3308, 0x294: 0x3308, 0x295: 0x3308, 0x296: 0x3308, 0x297: 0x3308,
+	0x298: 0x3308, 0x299: 0x3308, 0x29a: 0x3308, 0x29b: 0x3308, 0x29c: 0x3308, 0x29d: 0x3308,
+	0x29e: 0x3308, 0x29f: 0x3308, 0x2a0: 0x3308, 0x2a1: 0x3308, 0x2a2: 0x3308, 0x2a3: 0x3308,
+	0x2a4: 0x3308, 0x2a5: 0x3308, 0x2a6: 0x3308, 0x2a7: 0x3308, 0x2a8: 0x3308, 0x2a9: 0x3308,
+	0x2aa: 0x3308, 0x2ab: 0x3308, 0x2ac: 0x3308, 0x2ad: 0x3308, 0x2ae: 0x3308, 0x2af: 0x3308,
+	0x2b0: 0xe00d, 0x2b1: 0x0008, 0x2b2: 0xe00d, 0x2b3: 0x0008, 0x2b4: 0x0425, 0x2b5: 0x0008,
+	0x2b6: 0xe00d, 0x2b7: 0x0008, 0x2b8: 0x0040, 0x2b9: 0x0040, 0x2ba: 0x03a2, 0x2bb: 0x0008,
+	0x2bc: 0x0008, 0x2bd: 0x0008, 0x2be: 0x03c2, 0x2bf: 0x043d,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x0040, 0x2c1: 0x0040, 0x2c2: 0x0040, 0x2c3: 0x0040, 0x2c4: 0x008a, 0x2c5: 0x03d2,
+	0x2c6: 0xe155, 0x2c7: 0x0455, 0x2c8: 0xe12d, 0x2c9: 0xe13d, 0x2ca: 0xe12d, 0x2cb: 0x0040,
+	0x2cc: 0x03dd, 0x2cd: 0x0040, 0x2ce: 0x046d, 0x2cf: 0x0485, 0x2d0: 0x0008, 0x2d1: 0xe105,
+	0x2d2: 0xe105, 0x2d3: 0xe105, 0x2d4: 0xe105, 0x2d5: 0xe105, 0x2d6: 0xe105, 0x2d7: 0xe105,
+	0x2d8: 0xe105, 0x2d9: 0xe105, 0x2da: 0xe105, 0x2db: 0xe105, 0x2dc: 0xe105, 0x2dd: 0xe105,
+	0x2de: 0xe105, 0x2df: 0xe105, 0x2e0: 0x049d, 0x2e1: 0x049d, 0x2e2: 0x0040, 0x2e3: 0x049d,
+	0x2e4: 0x049d, 0x2e5: 0x049d, 0x2e6: 0x049d, 0x2e7: 0x049d, 0x2e8: 0x049d, 0x2e9: 0x049d,
+	0x2ea: 0x049d, 0x2eb: 0x049d, 0x2ec: 0x0008, 0x2ed: 0x0008, 0x2ee: 0x0008, 0x2ef: 0x0008,
+	0x2f0: 0x0008, 0x2f1: 0x0008, 0x2f2: 0x0008, 0x2f3: 0x0008, 0x2f4: 0x0008, 0x2f5: 0x0008,
+	0x2f6: 0x0008, 0x2f7: 0x0008, 0x2f8: 0x0008, 0x2f9: 0x0008, 0x2fa: 0x0008, 0x2fb: 0x0008,
+	0x2fc: 0x0008, 0x2fd: 0x0008, 0x2fe: 0x0008, 0x2ff: 0x0008,
+	// Block 0xc, offset 0x300
+	0x300: 0x0008, 0x301: 0x0008, 0x302: 0xe00f, 0x303: 0x0008, 0x304: 0x0008, 0x305: 0x0008,
+	0x306: 0x0008, 0x307: 0x0008, 0x308: 0x0008, 0x309: 0x0008, 0x30a: 0x0008, 0x30b: 0x0008,
+	0x30c: 0x0008, 0x30d: 0x0008, 0x30e: 0x0008, 0x30f: 0xe0c5, 0x310: 0x04b5, 0x311: 0x04cd,
+	0x312: 0xe0bd, 0x313: 0xe0f5, 0x314: 0xe0fd, 0x315: 0xe09d, 0x316: 0xe0b5, 0x317: 0x0008,
+	0x318: 0xe00d, 0x319: 0x0008, 0x31a: 0xe00d, 0x31b: 0x0008, 0x31c: 0xe00d, 0x31d: 0x0008,
+	0x31e: 0xe00d, 0x31f: 0x0008, 0x320: 0xe00d, 0x321: 0x0008, 0x322: 0xe00d, 0x323: 0x0008,
+	0x324: 0xe00d, 0x325: 0x0008, 0x326: 0xe00d, 0x327: 0x0008, 0x328: 0xe00d, 0x329: 0x0008,
+	0x32a: 0xe00d, 0x32b: 0x0008, 0x32c: 0xe00d, 0x32d: 0x0008, 0x32e: 0xe00d, 0x32f: 0x0008,
+	0x330: 0x04e5, 0x331: 0xe185, 0x332: 0xe18d, 0x333: 0x0008, 0x334: 0x04fd, 0x335: 0x03dd,
+	0x336: 0x0018, 0x337: 0xe07d, 0x338: 0x0008, 0x339: 0xe1d5, 0x33a: 0xe00d, 0x33b: 0x0008,
+	0x33c: 0x0008, 0x33d: 0x0515, 0x33e: 0x052d, 0x33f: 0x052d,
+	// Block 0xd, offset 0x340
+	0x340: 0x0008, 0x341: 0x0008, 0x342: 0x0008, 0x343: 0x0008, 0x344: 0x0008, 0x345: 0x0008,
+	0x346: 0x0008, 0x347: 0x0008, 0x348: 0x0008, 0x349: 0x0008, 0x34a: 0x0008, 0x34b: 0x0008,
+	0x34c: 0x0008, 0x34d: 0x0008, 0x34e: 0x0008, 0x34f: 0x0008, 0x350: 0x0008, 0x351: 0x0008,
+	0x352: 0x0008, 0x353: 0x0008, 0x354: 0x0008, 0x355: 0x0008, 0x356: 0x0008, 0x357: 0x0008,
+	0x358: 0x0008, 0x359: 0x0008, 0x35a: 0x0008, 0x35b: 0x0008, 0x35c: 0x0008, 0x35d: 0x0008,
+	0x35e: 0x0008, 0x35f: 0x0008, 0x360: 0xe00d, 0x361: 0x0008, 0x362: 0xe00d, 0x363: 0x0008,
+	0x364: 0xe00d, 0x365: 0x0008, 0x366: 0xe00d, 0x367: 0x0008, 0x368: 0xe00d, 0x369: 0x0008,
+	0x36a: 0xe00d, 0x36b: 0x0008, 0x36c: 0xe00d, 0x36d: 0x0008, 0x36e: 0xe00d, 0x36f: 0x0008,
+	0x370: 0xe00d, 0x371: 0x0008, 0x372: 0xe00d, 0x373: 0x0008, 0x374: 0xe00d, 0x375: 0x0008,
+	0x376: 0xe00d, 0x377: 0x0008, 0x378: 0xe00d, 0x379: 0x0008, 0x37a: 0xe00d, 0x37b: 0x0008,
+	0x37c: 0xe00d, 0x37d: 0x0008, 0x37e: 0xe00d, 0x37f: 0x0008,
+	// Block 0xe, offset 0x380
+	0x380: 0xe00d, 0x381: 0x0008, 0x382: 0x0018, 0x383: 0x3308, 0x384: 0x3308, 0x385: 0x3308,
+	0x386: 0x3308, 0x387: 0x3308, 0x388: 0x3318, 0x389: 0x3318, 0x38a: 0xe00d, 0x38b: 0x0008,
+	0x38c: 0xe00d, 0x38d: 0x0008, 0x38e: 0xe00d, 0x38f: 0x0008, 0x390: 0xe00d, 0x391: 0x0008,
+	0x392: 0xe00d, 0x393: 0x0008, 0x394: 0xe00d, 0x395: 0x0008, 0x396: 0xe00d, 0x397: 0x0008,
+	0x398: 0xe00d, 0x399: 0x0008, 0x39a: 0xe00d, 0x39b: 0x0008, 0x39c: 0xe00d, 0x39d: 0x0008,
+	0x39e: 0xe00d, 0x39f: 0x0008, 0x3a0: 0xe00d, 0x3a1: 0x0008, 0x3a2: 0xe00d, 0x3a3: 0x0008,
+	0x3a4: 0xe00d, 0x3a5: 0x0008, 0x3a6: 0xe00d, 0x3a7: 0x0008, 0x3a8: 0xe00d, 0x3a9: 0x0008,
+	0x3aa: 0xe00d, 0x3ab: 0x0008, 0x3ac: 0xe00d, 0x3ad: 0x0008, 0x3ae: 0xe00d, 0x3af: 0x0008,
+	0x3b0: 0xe00d, 0x3b1: 0x0008, 0x3b2: 0xe00d, 0x3b3: 0x0008, 0x3b4: 0xe00d, 0x3b5: 0x0008,
+	0x3b6: 0xe00d, 0x3b7: 0x0008, 0x3b8: 0xe00d, 0x3b9: 0x0008, 0x3ba: 0xe00d, 0x3bb: 0x0008,
+	0x3bc: 0xe00d, 0x3bd: 0x0008, 0x3be: 0xe00d, 0x3bf: 0x0008,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x0040, 0x3c1: 0xe01d, 0x3c2: 0x0008, 0x3c3: 0xe03d, 0x3c4: 0x0008, 0x3c5: 0xe01d,
+	0x3c6: 0x0008, 0x3c7: 0xe07d, 0x3c8: 0x0008, 0x3c9: 0xe01d, 0x3ca: 0x0008, 0x3cb: 0xe03d,
+	0x3cc: 0x0008, 0x3cd: 0xe01d, 0x3ce: 0x0008, 0x3cf: 0x0008, 0x3d0: 0xe00d, 0x3d1: 0x0008,
+	0x3d2: 0xe00d, 0x3d3: 0x0008, 0x3d4: 0xe00d, 0x3d5: 0x0008, 0x3d6: 0xe00d, 0x3d7: 0x0008,
+	0x3d8: 0xe00d, 0x3d9: 0x0008, 0x3da: 0xe00d, 0x3db: 0x0008, 0x3dc: 0xe00d, 0x3dd: 0x0008,
+	0x3de: 0xe00d, 0x3df: 0x0008, 0x3e0: 0xe00d, 0x3e1: 0x0008, 0x3e2: 0xe00d, 0x3e3: 0x0008,
+	0x3e4: 0xe00d, 0x3e5: 0x0008, 0x3e6: 0xe00d, 0x3e7: 0x0008, 0x3e8: 0xe00d, 0x3e9: 0x0008,
+	0x3ea: 0xe00d, 0x3eb: 0x0008, 0x3ec: 0xe00d, 0x3ed: 0x0008, 0x3ee: 0xe00d, 0x3ef: 0x0008,
+	0x3f0: 0xe00d, 0x3f1: 0x0008, 0x3f2: 0xe00d, 0x3f3: 0x0008, 0x3f4: 0xe00d, 0x3f5: 0x0008,
+	0x3f6: 0xe00d, 0x3f7: 0x0008, 0x3f8: 0xe00d, 0x3f9: 0x0008, 0x3fa: 0xe00d, 0x3fb: 0x0008,
+	0x3fc: 0xe00d, 0x3fd: 0x0008, 0x3fe: 0xe00d, 0x3ff: 0x0008,
+	// Block 0x10, offset 0x400
+	0x400: 0xe00d, 0x401: 0x0008, 0x402: 0xe00d, 0x403: 0x0008, 0x404: 0xe00d, 0x405: 0x0008,
+	0x406: 0xe00d, 0x407: 0x0008, 0x408: 0xe00d, 0x409: 0x0008, 0x40a: 0xe00d, 0x40b: 0x0008,
+	0x40c: 0xe00d, 0x40d: 0x0008, 0x40e: 0xe00d, 0x40f: 0x0008, 0x410: 0xe00d, 0x411: 0x0008,
+	0x412: 0xe00d, 0x413: 0x0008, 0x414: 0xe00d, 0x415: 0x0008, 0x416: 0xe00d, 0x417: 0x0008,
+	0x418: 0xe00d, 0x419: 0x0008, 0x41a: 0xe00d, 0x41b: 0x0008, 0x41c: 0xe00d, 0x41d: 0x0008,
+	0x41e: 0xe00d, 0x41f: 0x0008, 0x420: 0xe00d, 0x421: 0x0008, 0x422: 0xe00d, 0x423: 0x0008,
+	0x424: 0xe00d, 0x425: 0x0008, 0x426: 0xe00d, 0x427: 0x0008, 0x428: 0xe00d, 0x429: 0x0008,
+	0x42a: 0xe00d, 0x42b: 0x0008, 0x42c: 0xe00d, 0x42d: 0x0008, 0x42e: 0xe00d, 0x42f: 0x0008,
+	0x430: 0x0040, 0x431: 0x03f5, 0x432: 0x03f5, 0x433: 0x03f5, 0x434: 0x03f5, 0x435: 0x03f5,
+	0x436: 0x03f5, 0x437: 0x03f5, 0x438: 0x03f5, 0x439: 0x03f5, 0x43a: 0x03f5, 0x43b: 0x03f5,
+	0x43c: 0x03f5, 0x43d: 0x03f5, 0x43e: 0x03f5, 0x43f: 0x03f5,
+	// Block 0x11, offset 0x440
+	0x440: 0x0840, 0x441: 0x0840, 0x442: 0x0840, 0x443: 0x0840, 0x444: 0x0840, 0x445: 0x0840,
+	0x446: 0x0018, 0x447: 0x0018, 0x448: 0x0818, 0x449: 0x0018, 0x44a: 0x0018, 0x44b: 0x0818,
+	0x44c: 0x0018, 0x44d: 0x0818, 0x44e: 0x0018, 0x44f: 0x0018, 0x450: 0x3308, 0x451: 0x3308,
+	0x452: 0x3308, 0x453: 0x3308, 0x454: 0x3308, 0x455: 0x3308, 0x456: 0x3308, 0x457: 0x3308,
+	0x458: 0x3308, 0x459: 0x3308, 0x45a: 0x3308, 0x45b: 0x0818, 0x45c: 0x0b40, 0x45d: 0x0040,
+	0x45e: 0x0818, 0x45f: 0x0818, 0x460: 0x0a08, 0x461: 0x0808, 0x462: 0x0c08, 0x463: 0x0c08,
+	0x464: 0x0c08, 0x465: 0x0c08, 0x466: 0x0a08, 0x467: 0x0c08, 0x468: 0x0a08, 0x469: 0x0c08,
+	0x46a: 0x0a08, 0x46b: 0x0a08, 0x46c: 0x0a08, 0x46d: 0x0a08, 0x46e: 0x0a08, 0x46f: 0x0c08,
+	0x470: 0x0c08, 0x471: 0x0c08, 0x472: 0x0c08, 0x473: 0x0a08, 0x474: 0x0a08, 0x475: 0x0a08,
+	0x476: 0x0a08, 0x477: 0x0a08, 0x478: 0x0a08, 0x479: 0x0a08, 0x47a: 0x0a08, 0x47b: 0x0a08,
+	0x47c: 0x0a08, 0x47d: 0x0a08, 0x47e: 0x0a08, 0x47f: 0x0a08,
+	// Block 0x12, offset 0x480
+	0x480: 0x0818, 0x481: 0x0a08, 0x482: 0x0a08, 0x483: 0x0a08, 0x484: 0x0a08, 0x485: 0x0a08,
+	0x486: 0x0a08, 0x487: 0x0a08, 0x488: 0x0c08, 0x489: 0x0a08, 0x48a: 0x0a08, 0x48b: 0x3308,
+	0x48c: 0x3308, 0x48d: 0x3308, 0x48e: 0x3308, 0x48f: 0x3308, 0x490: 0x3308, 0x491: 0x3308,
+	0x492: 0x3308, 0x493: 0x3308, 0x494: 0x3308, 0x495: 0x3308, 0x496: 0x3308, 0x497: 0x3308,
+	0x498: 0x3308, 0x499: 0x3308, 0x49a: 0x3308, 0x49b: 0x3308, 0x49c: 0x3308, 0x49d: 0x3308,
+	0x49e: 0x3308, 0x49f: 0x3308, 0x4a0: 0x0808, 0x4a1: 0x0808, 0x4a2: 0x0808, 0x4a3: 0x0808,
+	0x4a4: 0x0808, 0x4a5: 0x0808, 0x4a6: 0x0808, 0x4a7: 0x0808, 0x4a8: 0x0808, 0x4a9: 0x0808,
+	0x4aa: 0x0018, 0x4ab: 0x0818, 0x4ac: 0x0818, 0x4ad: 0x0818, 0x4ae: 0x0a08, 0x4af: 0x0a08,
+	0x4b0: 0x3308, 0x4b1: 0x0c08, 0x4b2: 0x0c08, 0x4b3: 0x0c08, 0x4b4: 0x0808, 0x4b5: 0x0429,
+	0x4b6: 0x0451, 0x4b7: 0x0479, 0x4b8: 0x04a1, 0x4b9: 0x0a08, 0x4ba: 0x0a08, 0x4bb: 0x0a08,
+	0x4bc: 0x0a08, 0x4bd: 0x0a08, 0x4be: 0x0a08, 0x4bf: 0x0a08,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x0c08, 0x4c1: 0x0a08, 0x4c2: 0x0a08, 0x4c3: 0x0c08, 0x4c4: 0x0c08, 0x4c5: 0x0c08,
+	0x4c6: 0x0c08, 0x4c7: 0x0c08, 0x4c8: 0x0c08, 0x4c9: 0x0c08, 0x4ca: 0x0c08, 0x4cb: 0x0c08,
+	0x4cc: 0x0a08, 0x4cd: 0x0c08, 0x4ce: 0x0a08, 0x4cf: 0x0c08, 0x4d0: 0x0a08, 0x4d1: 0x0a08,
+	0x4d2: 0x0c08, 0x4d3: 0x0c08, 0x4d4: 0x0818, 0x4d5: 0x0c08, 0x4d6: 0x3308, 0x4d7: 0x3308,
+	0x4d8: 0x3308, 0x4d9: 0x3308, 0x4da: 0x3308, 0x4db: 0x3308, 0x4dc: 0x3308, 0x4dd: 0x0840,
+	0x4de: 0x0018, 0x4df: 0x3308, 0x4e0: 0x3308, 0x4e1: 0x3308, 0x4e2: 0x3308, 0x4e3: 0x3308,
+	0x4e4: 0x3308, 0x4e5: 0x0808, 0x4e6: 0x0808, 0x4e7: 0x3308, 0x4e8: 0x3308, 0x4e9: 0x0018,
+	0x4ea: 0x3308, 0x4eb: 0x3308, 0x4ec: 0x3308, 0x4ed: 0x3308, 0x4ee: 0x0c08, 0x4ef: 0x0c08,
+	0x4f0: 0x0008, 0x4f1: 0x0008, 0x4f2: 0x0008, 0x4f3: 0x0008, 0x4f4: 0x0008, 0x4f5: 0x0008,
+	0x4f6: 0x0008, 0x4f7: 0x0008, 0x4f8: 0x0008, 0x4f9: 0x0008, 0x4fa: 0x0a08, 0x4fb: 0x0a08,
+	0x4fc: 0x0a08, 0x4fd: 0x0808, 0x4fe: 0x0808, 0x4ff: 0x0a08,
+	// Block 0x14, offset 0x500
+	0x500: 0x0818, 0x501: 0x0818, 0x502: 0x0818, 0x503: 0x0818, 0x504: 0x0818, 0x505: 0x0818,
+	0x506: 0x0818, 0x507: 0x0818, 0x508: 0x0818, 0x509: 0x0818, 0x50a: 0x0818, 0x50b: 0x0818,
+	0x50c: 0x0818, 0x50d: 0x0818, 0x50e: 0x0040, 0x50f: 0x0b40, 0x510: 0x0c08, 0x511: 0x3308,
+	0x512: 0x0a08, 0x513: 0x0a08, 0x514: 0x0a08, 0x515: 0x0c08, 0x516: 0x0c08, 0x517: 0x0c08,
+	0x518: 0x0c08, 0x519: 0x0c08, 0x51a: 0x0a08, 0x51b: 0x0a08, 0x51c: 0x0a08, 0x51d: 0x0a08,
+	0x51e: 0x0c08, 0x51f: 0x0a08, 0x520: 0x0a08, 0x521: 0x0a08, 0x522: 0x0a08, 0x523: 0x0a08,
+	0x524: 0x0a08, 0x525: 0x0a08, 0x526: 0x0a08, 0x527: 0x0a08, 0x528: 0x0c08, 0x529: 0x0a08,
+	0x52a: 0x0c08, 0x52b: 0x0a08, 0x52c: 0x0c08, 0x52d: 0x0a08, 0x52e: 0x0a08, 0x52f: 0x0c08,
+	0x530: 0x3308, 0x531: 0x3308, 0x532: 0x3308, 0x533: 0x3308, 0x534: 0x3308, 0x535: 0x3308,
+	0x536: 0x3308, 0x537: 0x3308, 0x538: 0x3308, 0x539: 0x3308, 0x53a: 0x3308, 0x53b: 0x3308,
+	0x53c: 0x3308, 0x53d: 0x3308, 0x53e: 0x3308, 0x53f: 0x3308,
+	// Block 0x15, offset 0x540
+	0x540: 0x0c08, 0x541: 0x0a08, 0x542: 0x0a08, 0x543: 0x0a08, 0x544: 0x0a08, 0x545: 0x0a08,
+	0x546: 0x0c08, 0x547: 0x0c08, 0x548: 0x0a08, 0x549: 0x0c08, 0x54a: 0x0a08, 0x54b: 0x0a08,
+	0x54c: 0x0a08, 0x54d: 0x0a08, 0x54e: 0x0a08, 0x54f: 0x0a08, 0x550: 0x0a08, 0x551: 0x0a08,
+	0x552: 0x0a08, 0x553: 0x0a08, 0x554: 0x0c08, 0x555: 0x0a08, 0x556: 0x0c08, 0x557: 0x0c08,
+	0x558: 0x0c08, 0x559: 0x3308, 0x55a: 0x3308, 0x55b: 0x3308, 0x55c: 0x0040, 0x55d: 0x0040,
+	0x55e: 0x0818, 0x55f: 0x0040, 0x560: 0x0a08, 0x561: 0x0808, 0x562: 0x0a08, 0x563: 0x0a08,
+	0x564: 0x0a08, 0x565: 0x0a08, 0x566: 0x0808, 0x567: 0x0c08, 0x568: 0x0a08, 0x569: 0x0c08,
+	0x56a: 0x0c08, 0x56b: 0x0040, 0x56c: 0x0040, 0x56d: 0x0040, 0x56e: 0x0040, 0x56f: 0x0040,
+	0x570: 0x0040, 0x571: 0x0040, 0x572: 0x0040, 0x573: 0x0040, 0x574: 0x0040, 0x575: 0x0040,
+	0x576: 0x0040, 0x577: 0x0040, 0x578: 0x0040, 0x579: 0x0040, 0x57a: 0x0040, 0x57b: 0x0040,
+	0x57c: 0x0040, 0x57d: 0x0040, 0x57e: 0x0040, 0x57f: 0x0040,
+	// Block 0x16, offset 0x580
+	0x580: 0x3008, 0x581: 0x3308, 0x582: 0x3308, 0x583: 0x3308, 0x584: 0x3308, 0x585: 0x3308,
+	0x586: 0x3308, 0x587: 0x3308, 0x588: 0x3308, 0x589: 0x3008, 0x58a: 0x3008, 0x58b: 0x3008,
+	0x58c: 0x3008, 0x58d: 0x3b08, 0x58e: 0x3008, 0x58f: 0x3008, 0x590: 0x0008, 0x591: 0x3308,
+	0x592: 0x3308, 0x593: 0x3308, 0x594: 0x3308, 0x595: 0x3308, 0x596: 0x3308, 0x597: 0x3308,
+	0x598: 0x04c9, 0x599: 0x0501, 0x59a: 0x0539, 0x59b: 0x0571, 0x59c: 0x05a9, 0x59d: 0x05e1,
+	0x59e: 0x0619, 0x59f: 0x0651, 0x5a0: 0x0008, 0x5a1: 0x0008, 0x5a2: 0x3308, 0x5a3: 0x3308,
+	0x5a4: 0x0018, 0x5a5: 0x0018, 0x5a6: 0x0008, 0x5a7: 0x0008, 0x5a8: 0x0008, 0x5a9: 0x0008,
+	0x5aa: 0x0008, 0x5ab: 0x0008, 0x5ac: 0x0008, 0x5ad: 0x0008, 0x5ae: 0x0008, 0x5af: 0x0008,
+	0x5b0: 0x0018, 0x5b1: 0x0008, 0x5b2: 0x0008, 0x5b3: 0x0008, 0x5b4: 0x0008, 0x5b5: 0x0008,
+	0x5b6: 0x0008, 0x5b7: 0x0008, 0x5b8: 0x0008, 0x5b9: 0x0008, 0x5ba: 0x0008, 0x5bb: 0x0008,
+	0x5bc: 0x0008, 0x5bd: 0x0008, 0x5be: 0x0008, 0x5bf: 0x0008,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x0008, 0x5c1: 0x3308, 0x5c2: 0x3008, 0x5c3: 0x3008, 0x5c4: 0x0040, 0x5c5: 0x0008,
+	0x5c6: 0x0008, 0x5c7: 0x0008, 0x5c8: 0x0008, 0x5c9: 0x0008, 0x5ca: 0x0008, 0x5cb: 0x0008,
+	0x5cc: 0x0008, 0x5cd: 0x0040, 0x5ce: 0x0040, 0x5cf: 0x0008, 0x5d0: 0x0008, 0x5d1: 0x0040,
+	0x5d2: 0x0040, 0x5d3: 0x0008, 0x5d4: 0x0008, 0x5d5: 0x0008, 0x5d6: 0x0008, 0x5d7: 0x0008,
+	0x5d8: 0x0008, 0x5d9: 0x0008, 0x5da: 0x0008, 0x5db: 0x0008, 0x5dc: 0x0008, 0x5dd: 0x0008,
+	0x5de: 0x0008, 0x5df: 0x0008, 0x5e0: 0x0008, 0x5e1: 0x0008, 0x5e2: 0x0008, 0x5e3: 0x0008,
+	0x5e4: 0x0008, 0x5e5: 0x0008, 0x5e6: 0x0008, 0x5e7: 0x0008, 0x5e8: 0x0008, 0x5e9: 0x0040,
+	0x5ea: 0x0008, 0x5eb: 0x0008, 0x5ec: 0x0008, 0x5ed: 0x0008, 0x5ee: 0x0008, 0x5ef: 0x0008,
+	0x5f0: 0x0008, 0x5f1: 0x0040, 0x5f2: 0x0008, 0x5f3: 0x0040, 0x5f4: 0x0040, 0x5f5: 0x0040,
+	0x5f6: 0x0008, 0x5f7: 0x0008, 0x5f8: 0x0008, 0x5f9: 0x0008, 0x5fa: 0x0040, 0x5fb: 0x0040,
+	0x5fc: 0x3308, 0x5fd: 0x0008, 0x5fe: 0x3008, 0x5ff: 0x3008,
+	// Block 0x18, offset 0x600
+	0x600: 0x3008, 0x601: 0x3308, 0x602: 0x3308, 0x603: 0x3308, 0x604: 0x3308, 0x605: 0x0040,
+	0x606: 0x0040, 0x607: 0x3008, 0x608: 0x3008, 0x609: 0x0040, 0x60a: 0x0040, 0x60b: 0x3008,
+	0x60c: 0x3008, 0x60d: 0x3b08, 0x60e: 0x0008, 0x60f: 0x0040, 0x610: 0x0040, 0x611: 0x0040,
+	0x612: 0x0040, 0x613: 0x0040, 0x614: 0x0040, 0x615: 0x0040, 0x616: 0x0040, 0x617: 0x3008,
+	0x618: 0x0040, 0x619: 0x0040, 0x61a: 0x0040, 0x61b: 0x0040, 0x61c: 0x0689, 0x61d: 0x06c1,
+	0x61e: 0x0040, 0x61f: 0x06f9, 0x620: 0x0008, 0x621: 0x0008, 0x622: 0x3308, 0x623: 0x3308,
+	0x624: 0x0040, 0x625: 0x0040, 0x626: 0x0008, 0x627: 0x0008, 0x628: 0x0008, 0x629: 0x0008,
+	0x62a: 0x0008, 0x62b: 0x0008, 0x62c: 0x0008, 0x62d: 0x0008, 0x62e: 0x0008, 0x62f: 0x0008,
+	0x630: 0x0008, 0x631: 0x0008, 0x632: 0x0018, 0x633: 0x0018, 0x634: 0x0018, 0x635: 0x0018,
+	0x636: 0x0018, 0x637: 0x0018, 0x638: 0x0018, 0x639: 0x0018, 0x63a: 0x0018, 0x63b: 0x0018,
+	0x63c: 0x0008, 0x63d: 0x0018, 0x63e: 0x3308, 0x63f: 0x0040,
+	// Block 0x19, offset 0x640
+	0x640: 0x0040, 0x641: 0x3308, 0x642: 0x3308, 0x643: 0x3008, 0x644: 0x0040, 0x645: 0x0008,
+	0x646: 0x0008, 0x647: 0x0008, 0x648: 0x0008, 0x649: 0x0008, 0x64a: 0x0008, 0x64b: 0x0040,
+	0x64c: 0x0040, 0x64d: 0x0040, 0x64e: 0x0040, 0x64f: 0x0008, 0x650: 0x0008, 0x651: 0x0040,
+	0x652: 0x0040, 0x653: 0x0008, 0x654: 0x0008, 0x655: 0x0008, 0x656: 0x0008, 0x657: 0x0008,
+	0x658: 0x0008, 0x659: 0x0008, 0x65a: 0x0008, 0x65b: 0x0008, 0x65c: 0x0008, 0x65d: 0x0008,
+	0x65e: 0x0008, 0x65f: 0x0008, 0x660: 0x0008, 0x661: 0x0008, 0x662: 0x0008, 0x663: 0x0008,
+	0x664: 0x0008, 0x665: 0x0008, 0x666: 0x0008, 0x667: 0x0008, 0x668: 0x0008, 0x669: 0x0040,
+	0x66a: 0x0008, 0x66b: 0x0008, 0x66c: 0x0008, 0x66d: 0x0008, 0x66e: 0x0008, 0x66f: 0x0008,
+	0x670: 0x0008, 0x671: 0x0040, 0x672: 0x0008, 0x673: 0x0731, 0x674: 0x0040, 0x675: 0x0008,
+	0x676: 0x0769, 0x677: 0x0040, 0x678: 0x0008, 0x679: 0x0008, 0x67a: 0x0040, 0x67b: 0x0040,
+	0x67c: 0x3308, 0x67d: 0x0040, 0x67e: 0x3008, 0x67f: 0x3008,
+	// Block 0x1a, offset 0x680
+	0x680: 0x3008, 0x681: 0x3308, 0x682: 0x3308, 0x683: 0x0040, 0x684: 0x0040, 0x685: 0x0040,
+	0x686: 0x0040, 0x687: 0x3308, 0x688: 0x3308, 0x689: 0x0040, 0x68a: 0x0040, 0x68b: 0x3308,
+	0x68c: 0x3308, 0x68d: 0x3b08, 0x68e: 0x0040, 0x68f: 0x0040, 0x690: 0x0040, 0x691: 0x3308,
+	0x692: 0x0040, 0x693: 0x0040, 0x694: 0x0040, 0x695: 0x0040, 0x696: 0x0040, 0x697: 0x0040,
+	0x698: 0x0040, 0x699: 0x07a1, 0x69a: 0x07d9, 0x69b: 0x0811, 0x69c: 0x0008, 0x69d: 0x0040,
+	0x69e: 0x0849, 0x69f: 0x0040, 0x6a0: 0x0040, 0x6a1: 0x0040, 0x6a2: 0x0040, 0x6a3: 0x0040,
+	0x6a4: 0x0040, 0x6a5: 0x0040, 0x6a6: 0x0008, 0x6a7: 0x0008, 0x6a8: 0x0008, 0x6a9: 0x0008,
+	0x6aa: 0x0008, 0x6ab: 0x0008, 0x6ac: 0x0008, 0x6ad: 0x0008, 0x6ae: 0x0008, 0x6af: 0x0008,
+	0x6b0: 0x3308, 0x6b1: 0x3308, 0x6b2: 0x0008, 0x6b3: 0x0008, 0x6b4: 0x0008, 0x6b5: 0x3308,
+	0x6b6: 0x0018, 0x6b7: 0x0040, 0x6b8: 0x0040, 0x6b9: 0x0040, 0x6ba: 0x0040, 0x6bb: 0x0040,
+	0x6bc: 0x0040, 0x6bd: 0x0040, 0x6be: 0x0040, 0x6bf: 0x0040,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x0040, 0x6c1: 0x3308, 0x6c2: 0x3308, 0x6c3: 0x3008, 0x6c4: 0x0040, 0x6c5: 0x0008,
+	0x6c6: 0x0008, 0x6c7: 0x0008, 0x6c8: 0x0008, 0x6c9: 0x0008, 0x6ca: 0x0008, 0x6cb: 0x0008,
+	0x6cc: 0x0008, 0x6cd: 0x0008, 0x6ce: 0x0040, 0x6cf: 0x0008, 0x6d0: 0x0008, 0x6d1: 0x0008,
+	0x6d2: 0x0040, 0x6d3: 0x0008, 0x6d4: 0x0008, 0x6d5: 0x0008, 0x6d6: 0x0008, 0x6d7: 0x0008,
+	0x6d8: 0x0008, 0x6d9: 0x0008, 0x6da: 0x0008, 0x6db: 0x0008, 0x6dc: 0x0008, 0x6dd: 0x0008,
+	0x6de: 0x0008, 0x6df: 0x0008, 0x6e0: 0x0008, 0x6e1: 0x0008, 0x6e2: 0x0008, 0x6e3: 0x0008,
+	0x6e4: 0x0008, 0x6e5: 0x0008, 0x6e6: 0x0008, 0x6e7: 0x0008, 0x6e8: 0x0008, 0x6e9: 0x0040,
+	0x6ea: 0x0008, 0x6eb: 0x0008, 0x6ec: 0x0008, 0x6ed: 0x0008, 0x6ee: 0x0008, 0x6ef: 0x0008,
+	0x6f0: 0x0008, 0x6f1: 0x0040, 0x6f2: 0x0008, 0x6f3: 0x0008, 0x6f4: 0x0040, 0x6f5: 0x0008,
+	0x6f6: 0x0008, 0x6f7: 0x0008, 0x6f8: 0x0008, 0x6f9: 0x0008, 0x6fa: 0x0040, 0x6fb: 0x0040,
+	0x6fc: 0x3308, 0x6fd: 0x0008, 0x6fe: 0x3008, 0x6ff: 0x3008,
+	// Block 0x1c, offset 0x700
+	0x700: 0x3008, 0x701: 0x3308, 0x702: 0x3308, 0x703: 0x3308, 0x704: 0x3308, 0x705: 0x3308,
+	0x706: 0x0040, 0x707: 0x3308, 0x708: 0x3308, 0x709: 0x3008, 0x70a: 0x0040, 0x70b: 0x3008,
+	0x70c: 0x3008, 0x70d: 0x3b08, 0x70e: 0x0040, 0x70f: 0x0040, 0x710: 0x0008, 0x711: 0x0040,
+	0x712: 0x0040, 0x713: 0x0040, 0x714: 0x0040, 0x715: 0x0040, 0x716: 0x0040, 0x717: 0x0040,
+	0x718: 0x0040, 0x719: 0x0040, 0x71a: 0x0040, 0x71b: 0x0040, 0x71c: 0x0040, 0x71d: 0x0040,
+	0x71e: 0x0040, 0x71f: 0x0040, 0x720: 0x0008, 0x721: 0x0008, 0x722: 0x3308, 0x723: 0x3308,
+	0x724: 0x0040, 0x725: 0x0040, 0x726: 0x0008, 0x727: 0x0008, 0x728: 0x0008, 0x729: 0x0008,
+	0x72a: 0x0008, 0x72b: 0x0008, 0x72c: 0x0008, 0x72d: 0x0008, 0x72e: 0x0008, 0x72f: 0x0008,
+	0x730: 0x0018, 0x731: 0x0018, 0x732: 0x0040, 0x733: 0x0040, 0x734: 0x0040, 0x735: 0x0040,
+	0x736: 0x0040, 0x737: 0x0040, 0x738: 0x0040, 0x739: 0x0008, 0x73a: 0x3308, 0x73b: 0x3308,
+	0x73c: 0x3308, 0x73d: 0x3308, 0x73e: 0x3308, 0x73f: 0x3308,
+	// Block 0x1d, offset 0x740
+	0x740: 0x0040, 0x741: 0x3308, 0x742: 0x3008, 0x743: 0x3008, 0x744: 0x0040, 0x745: 0x0008,
+	0x746: 0x0008, 0x747: 0x0008, 0x748: 0x0008, 0x749: 0x0008, 0x74a: 0x0008, 0x74b: 0x0008,
+	0x74c: 0x0008, 0x74d: 0x0040, 0x74e: 0x0040, 0x74f: 0x0008, 0x750: 0x0008, 0x751: 0x0040,
+	0x752: 0x0040, 0x753: 0x0008, 0x754: 0x0008, 0x755: 0x0008, 0x756: 0x0008, 0x757: 0x0008,
+	0x758: 0x0008, 0x759: 0x0008, 0x75a: 0x0008, 0x75b: 0x0008, 0x75c: 0x0008, 0x75d: 0x0008,
+	0x75e: 0x0008, 0x75f: 0x0008, 0x760: 0x0008, 0x761: 0x0008, 0x762: 0x0008, 0x763: 0x0008,
+	0x764: 0x0008, 0x765: 0x0008, 0x766: 0x0008, 0x767: 0x0008, 0x768: 0x0008, 0x769: 0x0040,
+	0x76a: 0x0008, 0x76b: 0x0008, 0x76c: 0x0008, 0x76d: 0x0008, 0x76e: 0x0008, 0x76f: 0x0008,
+	0x770: 0x0008, 0x771: 0x0040, 0x772: 0x0008, 0x773: 0x0008, 0x774: 0x0040, 0x775: 0x0008,
+	0x776: 0x0008, 0x777: 0x0008, 0x778: 0x0008, 0x779: 0x0008, 0x77a: 0x0040, 0x77b: 0x0040,
+	0x77c: 0x3308, 0x77d: 0x0008, 0x77e: 0x3008, 0x77f: 0x3308,
+	// Block 0x1e, offset 0x780
+	0x780: 0x3008, 0x781: 0x3308, 0x782: 0x3308, 0x783: 0x3308, 0x784: 0x3308, 0x785: 0x0040,
+	0x786: 0x0040, 0x787: 0x3008, 0x788: 0x3008, 0x789: 0x0040, 0x78a: 0x0040, 0x78b: 0x3008,
+	0x78c: 0x3008, 0x78d: 0x3b08, 0x78e: 0x0040, 0x78f: 0x0040, 0x790: 0x0040, 0x791: 0x0040,
+	0x792: 0x0040, 0x793: 0x0040, 0x794: 0x0040, 0x795: 0x3308, 0x796: 0x3308, 0x797: 0x3008,
+	0x798: 0x0040, 0x799: 0x0040, 0x79a: 0x0040, 0x79b: 0x0040, 0x79c: 0x0881, 0x79d: 0x08b9,
+	0x79e: 0x0040, 0x79f: 0x0008, 0x7a0: 0x0008, 0x7a1: 0x0008, 0x7a2: 0x3308, 0x7a3: 0x3308,
+	0x7a4: 0x0040, 0x7a5: 0x0040, 0x7a6: 0x0008, 0x7a7: 0x0008, 0x7a8: 0x0008, 0x7a9: 0x0008,
+	0x7aa: 0x0008, 0x7ab: 0x0008, 0x7ac: 0x0008, 0x7ad: 0x0008, 0x7ae: 0x0008, 0x7af: 0x0008,
+	0x7b0: 0x0018, 0x7b1: 0x0008, 0x7b2: 0x0018, 0x7b3: 0x0018, 0x7b4: 0x0018, 0x7b5: 0x0018,
+	0x7b6: 0x0018, 0x7b7: 0x0018, 0x7b8: 0x0040, 0x7b9: 0x0040, 0x7ba: 0x0040, 0x7bb: 0x0040,
+	0x7bc: 0x0040, 0x7bd: 0x0040, 0x7be: 0x0040, 0x7bf: 0x0040,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0x0040, 0x7c1: 0x0040, 0x7c2: 0x3308, 0x7c3: 0x0008, 0x7c4: 0x0040, 0x7c5: 0x0008,
+	0x7c6: 0x0008, 0x7c7: 0x0008, 0x7c8: 0x0008, 0x7c9: 0x0008, 0x7ca: 0x0008, 0x7cb: 0x0040,
+	0x7cc: 0x0040, 0x7cd: 0x0040, 0x7ce: 0x0008, 0x7cf: 0x0008, 0x7d0: 0x0008, 0x7d1: 0x0040,
+	0x7d2: 0x0008, 0x7d3: 0x0008, 0x7d4: 0x0008, 0x7d5: 0x0008, 0x7d6: 0x0040, 0x7d7: 0x0040,
+	0x7d8: 0x0040, 0x7d9: 0x0008, 0x7da: 0x0008, 0x7db: 0x0040, 0x7dc: 0x0008, 0x7dd: 0x0040,
+	0x7de: 0x0008, 0x7df: 0x0008, 0x7e0: 0x0040, 0x7e1: 0x0040, 0x7e2: 0x0040, 0x7e3: 0x0008,
+	0x7e4: 0x0008, 0x7e5: 0x0040, 0x7e6: 0x0040, 0x7e7: 0x0040, 0x7e8: 0x0008, 0x7e9: 0x0008,
+	0x7ea: 0x0008, 0x7eb: 0x0040, 0x7ec: 0x0040, 0x7ed: 0x0040, 0x7ee: 0x0008, 0x7ef: 0x0008,
+	0x7f0: 0x0008, 0x7f1: 0x0008, 0x7f2: 0x0008, 0x7f3: 0x0008, 0x7f4: 0x0008, 0x7f5: 0x0008,
+	0x7f6: 0x0008, 0x7f7: 0x0008, 0x7f8: 0x0008, 0x7f9: 0x0008, 0x7fa: 0x0040, 0x7fb: 0x0040,
+	0x7fc: 0x0040, 0x7fd: 0x0040, 0x7fe: 0x3008, 0x7ff: 0x3008,
+	// Block 0x20, offset 0x800
+	0x800: 0x3308, 0x801: 0x3008, 0x802: 0x3008, 0x803: 0x3008, 0x804: 0x3008, 0x805: 0x0040,
+	0x806: 0x3308, 0x807: 0x3308, 0x808: 0x3308, 0x809: 0x0040, 0x80a: 0x3308, 0x80b: 0x3308,
+	0x80c: 0x3308, 0x80d: 0x3b08, 0x80e: 0x0040, 0x80f: 0x0040, 0x810: 0x0040, 0x811: 0x0040,
+	0x812: 0x0040, 0x813: 0x0040, 0x814: 0x0040, 0x815: 0x3308, 0x816: 0x3308, 0x817: 0x0040,
+	0x818: 0x0008, 0x819: 0x0008, 0x81a: 0x0008, 0x81b: 0x0040, 0x81c: 0x0040, 0x81d: 0x0040,
+	0x81e: 0x0040, 0x81f: 0x0040, 0x820: 0x0008, 0x821: 0x0008, 0x822: 0x3308, 0x823: 0x3308,
+	0x824: 0x0040, 0x825: 0x0040, 0x826: 0x0008, 0x827: 0x0008, 0x828: 0x0008, 0x829: 0x0008,
+	0x82a: 0x0008, 0x82b: 0x0008, 0x82c: 0x0008, 0x82d: 0x0008, 0x82e: 0x0008, 0x82f: 0x0008,
+	0x830: 0x0040, 0x831: 0x0040, 0x832: 0x0040, 0x833: 0x0040, 0x834: 0x0040, 0x835: 0x0040,
+	0x836: 0x0040, 0x837: 0x0018, 0x838: 0x0018, 0x839: 0x0018, 0x83a: 0x0018, 0x83b: 0x0018,
+	0x83c: 0x0018, 0x83d: 0x0018, 0x83e: 0x0018, 0x83f: 0x0018,
+	// Block 0x21, offset 0x840
+	0x840: 0x0008, 0x841: 0x3308, 0x842: 0x3008, 0x843: 0x3008, 0x844: 0x0018, 0x845: 0x0008,
+	0x846: 0x0008, 0x847: 0x0008, 0x848: 0x0008, 0x849: 0x0008, 0x84a: 0x0008, 0x84b: 0x0008,
+	0x84c: 0x0008, 0x84d: 0x0040, 0x84e: 0x0008, 0x84f: 0x0008, 0x850: 0x0008, 0x851: 0x0040,
+	0x852: 0x0008, 0x853: 0x0008, 0x854: 0x0008, 0x855: 0x0008, 0x856: 0x0008, 0x857: 0x0008,
+	0x858: 0x0008, 0x859: 0x0008, 0x85a: 0x0008, 0x85b: 0x0008, 0x85c: 0x0008, 0x85d: 0x0008,
+	0x85e: 0x0008, 0x85f: 0x0008, 0x860: 0x0008, 0x861: 0x0008, 0x862: 0x0008, 0x863: 0x0008,
+	0x864: 0x0008, 0x865: 0x0008, 0x866: 0x0008, 0x867: 0x0008, 0x868: 0x0008, 0x869: 0x0040,
+	0x86a: 0x0008, 0x86b: 0x0008, 0x86c: 0x0008, 0x86d: 0x0008, 0x86e: 0x0008, 0x86f: 0x0008,
+	0x870: 0x0008, 0x871: 0x0008, 0x872: 0x0008, 0x873: 0x0008, 0x874: 0x0040, 0x875: 0x0008,
+	0x876: 0x0008, 0x877: 0x0008, 0x878: 0x0008, 0x879: 0x0008, 0x87a: 0x0040, 0x87b: 0x0040,
+	0x87c: 0x3308, 0x87d: 0x0008, 0x87e: 0x3008, 0x87f: 0x3308,
+	// Block 0x22, offset 0x880
+	0x880: 0x3008, 0x881: 0x3008, 0x882: 0x3008, 0x883: 0x3008, 0x884: 0x3008, 0x885: 0x0040,
+	0x886: 0x3308, 0x887: 0x3008, 0x888: 0x3008, 0x889: 0x0040, 0x88a: 0x3008, 0x88b: 0x3008,
+	0x88c: 0x3308, 0x88d: 0x3b08, 0x88e: 0x0040, 0x88f: 0x0040, 0x890: 0x0040, 0x891: 0x0040,
+	0x892: 0x0040, 0x893: 0x0040, 0x894: 0x0040, 0x895: 0x3008, 0x896: 0x3008, 0x897: 0x0040,
+	0x898: 0x0040, 0x899: 0x0040, 0x89a: 0x0040, 0x89b: 0x0040, 0x89c: 0x0040, 0x89d: 0x0040,
+	0x89e: 0x0008, 0x89f: 0x0040, 0x8a0: 0x0008, 0x8a1: 0x0008, 0x8a2: 0x3308, 0x8a3: 0x3308,
+	0x8a4: 0x0040, 0x8a5: 0x0040, 0x8a6: 0x0008, 0x8a7: 0x0008, 0x8a8: 0x0008, 0x8a9: 0x0008,
+	0x8aa: 0x0008, 0x8ab: 0x0008, 0x8ac: 0x0008, 0x8ad: 0x0008, 0x8ae: 0x0008, 0x8af: 0x0008,
+	0x8b0: 0x0040, 0x8b1: 0x0008, 0x8b2: 0x0008, 0x8b3: 0x0040, 0x8b4: 0x0040, 0x8b5: 0x0040,
+	0x8b6: 0x0040, 0x8b7: 0x0040, 0x8b8: 0x0040, 0x8b9: 0x0040, 0x8ba: 0x0040, 0x8bb: 0x0040,
+	0x8bc: 0x0040, 0x8bd: 0x0040, 0x8be: 0x0040, 0x8bf: 0x0040,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x3008, 0x8c1: 0x3308, 0x8c2: 0x3308, 0x8c3: 0x3308, 0x8c4: 0x3308, 0x8c5: 0x0040,
+	0x8c6: 0x3008, 0x8c7: 0x3008, 0x8c8: 0x3008, 0x8c9: 0x0040, 0x8ca: 0x3008, 0x8cb: 0x3008,
+	0x8cc: 0x3008, 0x8cd: 0x3b08, 0x8ce: 0x0008, 0x8cf: 0x0018, 0x8d0: 0x0040, 0x8d1: 0x0040,
+	0x8d2: 0x0040, 0x8d3: 0x0040, 0x8d4: 0x0008, 0x8d5: 0x0008, 0x8d6: 0x0008, 0x8d7: 0x3008,
+	0x8d8: 0x0018, 0x8d9: 0x0018, 0x8da: 0x0018, 0x8db: 0x0018, 0x8dc: 0x0018, 0x8dd: 0x0018,
+	0x8de: 0x0018, 0x8df: 0x0008, 0x8e0: 0x0008, 0x8e1: 0x0008, 0x8e2: 0x3308, 0x8e3: 0x3308,
+	0x8e4: 0x0040, 0x8e5: 0x0040, 0x8e6: 0x0008, 0x8e7: 0x0008, 0x8e8: 0x0008, 0x8e9: 0x0008,
+	0x8ea: 0x0008, 0x8eb: 0x0008, 0x8ec: 0x0008, 0x8ed: 0x0008, 0x8ee: 0x0008, 0x8ef: 0x0008,
+	0x8f0: 0x0018, 0x8f1: 0x0018, 0x8f2: 0x0018, 0x8f3: 0x0018, 0x8f4: 0x0018, 0x8f5: 0x0018,
+	0x8f6: 0x0018, 0x8f7: 0x0018, 0x8f8: 0x0018, 0x8f9: 0x0018, 0x8fa: 0x0008, 0x8fb: 0x0008,
+	0x8fc: 0x0008, 0x8fd: 0x0008, 0x8fe: 0x0008, 0x8ff: 0x0008,
+	// Block 0x24, offset 0x900
+	0x900: 0x0040, 0x901: 0x0008, 0x902: 0x0008, 0x903: 0x0040, 0x904: 0x0008, 0x905: 0x0040,
+	0x906: 0x0008, 0x907: 0x0008, 0x908: 0x0008, 0x909: 0x0008, 0x90a: 0x0008, 0x90b: 0x0040,
+	0x90c: 0x0008, 0x90d: 0x0008, 0x90e: 0x0008, 0x90f: 0x0008, 0x910: 0x0008, 0x911: 0x0008,
+	0x912: 0x0008, 0x913: 0x0008, 0x914: 0x0008, 0x915: 0x0008, 0x916: 0x0008, 0x917: 0x0008,
+	0x918: 0x0008, 0x919: 0x0008, 0x91a: 0x0008, 0x91b: 0x0008, 0x91c: 0x0008, 0x91d: 0x0008,
+	0x91e: 0x0008, 0x91f: 0x0008, 0x920: 0x0008, 0x921: 0x0008, 0x922: 0x0008, 0x923: 0x0008,
+	0x924: 0x0040, 0x925: 0x0008, 0x926: 0x0040, 0x927: 0x0008, 0x928: 0x0008, 0x929: 0x0008,
+	0x92a: 0x0008, 0x92b: 0x0008, 0x92c: 0x0008, 0x92d: 0x0008, 0x92e: 0x0008, 0x92f: 0x0008,
+	0x930: 0x0008, 0x931: 0x3308, 0x932: 0x0008, 0x933: 0x0929, 0x934: 0x3308, 0x935: 0x3308,
+	0x936: 0x3308, 0x937: 0x3308, 0x938: 0x3308, 0x939: 0x3308, 0x93a: 0x3b08, 0x93b: 0x3308,
+	0x93c: 0x3308, 0x93d: 0x0008, 0x93e: 0x0040, 0x93f: 0x0040,
+	// Block 0x25, offset 0x940
+	0x940: 0x0008, 0x941: 0x0008, 0x942: 0x0008, 0x943: 0x09d1, 0x944: 0x0008, 0x945: 0x0008,
+	0x946: 0x0008, 0x947: 0x0008, 0x948: 0x0040, 0x949: 0x0008, 0x94a: 0x0008, 0x94b: 0x0008,
+	0x94c: 0x0008, 0x94d: 0x0a09, 0x94e: 0x0008, 0x94f: 0x0008, 0x950: 0x0008, 0x951: 0x0008,
+	0x952: 0x0a41, 0x953: 0x0008, 0x954: 0x0008, 0x955: 0x0008, 0x956: 0x0008, 0x957: 0x0a79,
+	0x958: 0x0008, 0x959: 0x0008, 0x95a: 0x0008, 0x95b: 0x0008, 0x95c: 0x0ab1, 0x95d: 0x0008,
+	0x95e: 0x0008, 0x95f: 0x0008, 0x960: 0x0008, 0x961: 0x0008, 0x962: 0x0008, 0x963: 0x0008,
+	0x964: 0x0008, 0x965: 0x0008, 0x966: 0x0008, 0x967: 0x0008, 0x968: 0x0008, 0x969: 0x0ae9,
+	0x96a: 0x0008, 0x96b: 0x0008, 0x96c: 0x0008, 0x96d: 0x0040, 0x96e: 0x0040, 0x96f: 0x0040,
+	0x970: 0x0040, 0x971: 0x3308, 0x972: 0x3308, 0x973: 0x0b21, 0x974: 0x3308, 0x975: 0x0b59,
+	0x976: 0x0b91, 0x977: 0x0bc9, 0x978: 0x0c19, 0x979: 0x0c51, 0x97a: 0x3308, 0x97b: 0x3308,
+	0x97c: 0x3308, 0x97d: 0x3308, 0x97e: 0x3308, 0x97f: 0x3008,
+	// Block 0x26, offset 0x980
+	0x980: 0x3308, 0x981: 0x0ca1, 0x982: 0x3308, 0x983: 0x3308, 0x984: 0x3b08, 0x985: 0x0018,
+	0x986: 0x3308, 0x987: 0x3308, 0x988: 0x0008, 0x989: 0x0008, 0x98a: 0x0008, 0x98b: 0x0008,
+	0x98c: 0x0008, 0x98d: 0x3308, 0x98e: 0x3308, 0x98f: 0x3308, 0x990: 0x3308, 0x991: 0x3308,
+	0x992: 0x3308, 0x993: 0x0cd9, 0x994: 0x3308, 0x995: 0x3308, 0x996: 0x3308, 0x997: 0x3308,
+	0x998: 0x0040, 0x999: 0x3308, 0x99a: 0x3308, 0x99b: 0x3308, 0x99c: 0x3308, 0x99d: 0x0d11,
+	0x99e: 0x3308, 0x99f: 0x3308, 0x9a0: 0x3308, 0x9a1: 0x3308, 0x9a2: 0x0d49, 0x9a3: 0x3308,
+	0x9a4: 0x3308, 0x9a5: 0x3308, 0x9a6: 0x3308, 0x9a7: 0x0d81, 0x9a8: 0x3308, 0x9a9: 0x3308,
+	0x9aa: 0x3308, 0x9ab: 0x3308, 0x9ac: 0x0db9, 0x9ad: 0x3308, 0x9ae: 0x3308, 0x9af: 0x3308,
+	0x9b0: 0x3308, 0x9b1: 0x3308, 0x9b2: 0x3308, 0x9b3: 0x3308, 0x9b4: 0x3308, 0x9b5: 0x3308,
+	0x9b6: 0x3308, 0x9b7: 0x3308, 0x9b8: 0x3308, 0x9b9: 0x0df1, 0x9ba: 0x3308, 0x9bb: 0x3308,
+	0x9bc: 0x3308, 0x9bd: 0x0040, 0x9be: 0x0018, 0x9bf: 0x0018,
+	// Block 0x27, offset 0x9c0
+	0x9c0: 0x0008, 0x9c1: 0x0008, 0x9c2: 0x0008, 0x9c3: 0x0008, 0x9c4: 0x0008, 0x9c5: 0x0008,
+	0x9c6: 0x0008, 0x9c7: 0x0008, 0x9c8: 0x0008, 0x9c9: 0x0008, 0x9ca: 0x0008, 0x9cb: 0x0008,
+	0x9cc: 0x0008, 0x9cd: 0x0008, 0x9ce: 0x0008, 0x9cf: 0x0008, 0x9d0: 0x0008, 0x9d1: 0x0008,
+	0x9d2: 0x0008, 0x9d3: 0x0008, 0x9d4: 0x0008, 0x9d5: 0x0008, 0x9d6: 0x0008, 0x9d7: 0x0008,
+	0x9d8: 0x0008, 0x9d9: 0x0008, 0x9da: 0x0008, 0x9db: 0x0008, 0x9dc: 0x0008, 0x9dd: 0x0008,
+	0x9de: 0x0008, 0x9df: 0x0008, 0x9e0: 0x0008, 0x9e1: 0x0008, 0x9e2: 0x0008, 0x9e3: 0x0008,
+	0x9e4: 0x0008, 0x9e5: 0x0008, 0x9e6: 0x0008, 0x9e7: 0x0008, 0x9e8: 0x0008, 0x9e9: 0x0008,
+	0x9ea: 0x0008, 0x9eb: 0x0008, 0x9ec: 0x0039, 0x9ed: 0x0ed1, 0x9ee: 0x0ee9, 0x9ef: 0x0008,
+	0x9f0: 0x0ef9, 0x9f1: 0x0f09, 0x9f2: 0x0f19, 0x9f3: 0x0f31, 0x9f4: 0x0249, 0x9f5: 0x0f41,
+	0x9f6: 0x0259, 0x9f7: 0x0f51, 0x9f8: 0x0359, 0x9f9: 0x0f61, 0x9fa: 0x0f71, 0x9fb: 0x0008,
+	0x9fc: 0x00d9, 0x9fd: 0x0f81, 0x9fe: 0x0f99, 0x9ff: 0x0269,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x0fa9, 0xa01: 0x0fb9, 0xa02: 0x0279, 0xa03: 0x0039, 0xa04: 0x0fc9, 0xa05: 0x0fe1,
+	0xa06: 0x05b5, 0xa07: 0x0ee9, 0xa08: 0x0ef9, 0xa09: 0x0f09, 0xa0a: 0x0ff9, 0xa0b: 0x1011,
+	0xa0c: 0x1029, 0xa0d: 0x0f31, 0xa0e: 0x0008, 0xa0f: 0x0f51, 0xa10: 0x0f61, 0xa11: 0x1041,
+	0xa12: 0x00d9, 0xa13: 0x1059, 0xa14: 0x05cd, 0xa15: 0x05cd, 0xa16: 0x0f99, 0xa17: 0x0fa9,
+	0xa18: 0x0fb9, 0xa19: 0x05b5, 0xa1a: 0x1071, 0xa1b: 0x1089, 0xa1c: 0x05e5, 0xa1d: 0x1099,
+	0xa1e: 0x10b1, 0xa1f: 0x10c9, 0xa20: 0x10e1, 0xa21: 0x10f9, 0xa22: 0x0f41, 0xa23: 0x0269,
+	0xa24: 0x0fb9, 0xa25: 0x1089, 0xa26: 0x1099, 0xa27: 0x10b1, 0xa28: 0x1111, 0xa29: 0x10e1,
+	0xa2a: 0x10f9, 0xa2b: 0x0008, 0xa2c: 0x0008, 0xa2d: 0x0008, 0xa2e: 0x0008, 0xa2f: 0x0008,
+	0xa30: 0x0008, 0xa31: 0x0008, 0xa32: 0x0008, 0xa33: 0x0008, 0xa34: 0x0008, 0xa35: 0x0008,
+	0xa36: 0x0008, 0xa37: 0x0008, 0xa38: 0x1129, 0xa39: 0x0008, 0xa3a: 0x0008, 0xa3b: 0x0008,
+	0xa3c: 0x0008, 0xa3d: 0x0008, 0xa3e: 0x0008, 0xa3f: 0x0008,
+	// Block 0x29, offset 0xa40
+	0xa40: 0x0008, 0xa41: 0x0008, 0xa42: 0x0008, 0xa43: 0x0008, 0xa44: 0x0008, 0xa45: 0x0008,
+	0xa46: 0x0008, 0xa47: 0x0008, 0xa48: 0x0008, 0xa49: 0x0008, 0xa4a: 0x0008, 0xa4b: 0x0008,
+	0xa4c: 0x0008, 0xa4d: 0x0008, 0xa4e: 0x0008, 0xa4f: 0x0008, 0xa50: 0x0008, 0xa51: 0x0008,
+	0xa52: 0x0008, 0xa53: 0x0008, 0xa54: 0x0008, 0xa55: 0x0008, 0xa56: 0x0008, 0xa57: 0x0008,
+	0xa58: 0x0008, 0xa59: 0x0008, 0xa5a: 0x0008, 0xa5b: 0x1141, 0xa5c: 0x1159, 0xa5d: 0x1169,
+	0xa5e: 0x1181, 0xa5f: 0x1029, 0xa60: 0x1199, 0xa61: 0x11a9, 0xa62: 0x11c1, 0xa63: 0x11d9,
+	0xa64: 0x11f1, 0xa65: 0x1209, 0xa66: 0x1221, 0xa67: 0x05fd, 0xa68: 0x1239, 0xa69: 0x1251,
+	0xa6a: 0xe17d, 0xa6b: 0x1269, 0xa6c: 0x1281, 0xa6d: 0x1299, 0xa6e: 0x12b1, 0xa6f: 0x12c9,
+	0xa70: 0x12e1, 0xa71: 0x12f9, 0xa72: 0x1311, 0xa73: 0x1329, 0xa74: 0x1341, 0xa75: 0x1359,
+	0xa76: 0x1371, 0xa77: 0x1389, 0xa78: 0x0615, 0xa79: 0x13a1, 0xa7a: 0x13b9, 0xa7b: 0x13d1,
+	0xa7c: 0x13e1, 0xa7d: 0x13f9, 0xa7e: 0x1411, 0xa7f: 0x1429,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0xe00d, 0xa81: 0x0008, 0xa82: 0xe00d, 0xa83: 0x0008, 0xa84: 0xe00d, 0xa85: 0x0008,
+	0xa86: 0xe00d, 0xa87: 0x0008, 0xa88: 0xe00d, 0xa89: 0x0008, 0xa8a: 0xe00d, 0xa8b: 0x0008,
+	0xa8c: 0xe00d, 0xa8d: 0x0008, 0xa8e: 0xe00d, 0xa8f: 0x0008, 0xa90: 0xe00d, 0xa91: 0x0008,
+	0xa92: 0xe00d, 0xa93: 0x0008, 0xa94: 0xe00d, 0xa95: 0x0008, 0xa96: 0xe00d, 0xa97: 0x0008,
+	0xa98: 0xe00d, 0xa99: 0x0008, 0xa9a: 0xe00d, 0xa9b: 0x0008, 0xa9c: 0xe00d, 0xa9d: 0x0008,
+	0xa9e: 0xe00d, 0xa9f: 0x0008, 0xaa0: 0xe00d, 0xaa1: 0x0008, 0xaa2: 0xe00d, 0xaa3: 0x0008,
+	0xaa4: 0xe00d, 0xaa5: 0x0008, 0xaa6: 0xe00d, 0xaa7: 0x0008, 0xaa8: 0xe00d, 0xaa9: 0x0008,
+	0xaaa: 0xe00d, 0xaab: 0x0008, 0xaac: 0xe00d, 0xaad: 0x0008, 0xaae: 0xe00d, 0xaaf: 0x0008,
+	0xab0: 0xe00d, 0xab1: 0x0008, 0xab2: 0xe00d, 0xab3: 0x0008, 0xab4: 0xe00d, 0xab5: 0x0008,
+	0xab6: 0xe00d, 0xab7: 0x0008, 0xab8: 0xe00d, 0xab9: 0x0008, 0xaba: 0xe00d, 0xabb: 0x0008,
+	0xabc: 0xe00d, 0xabd: 0x0008, 0xabe: 0xe00d, 0xabf: 0x0008,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0xe00d, 0xac1: 0x0008, 0xac2: 0xe00d, 0xac3: 0x0008, 0xac4: 0xe00d, 0xac5: 0x0008,
+	0xac6: 0xe00d, 0xac7: 0x0008, 0xac8: 0xe00d, 0xac9: 0x0008, 0xaca: 0xe00d, 0xacb: 0x0008,
+	0xacc: 0xe00d, 0xacd: 0x0008, 0xace: 0xe00d, 0xacf: 0x0008, 0xad0: 0xe00d, 0xad1: 0x0008,
+	0xad2: 0xe00d, 0xad3: 0x0008, 0xad4: 0xe00d, 0xad5: 0x0008, 0xad6: 0x0008, 0xad7: 0x0008,
+	0xad8: 0x0008, 0xad9: 0x0008, 0xada: 0x062d, 0xadb: 0x064d, 0xadc: 0x0008, 0xadd: 0x0008,
+	0xade: 0x1441, 0xadf: 0x0008, 0xae0: 0xe00d, 0xae1: 0x0008, 0xae2: 0xe00d, 0xae3: 0x0008,
+	0xae4: 0xe00d, 0xae5: 0x0008, 0xae6: 0xe00d, 0xae7: 0x0008, 0xae8: 0xe00d, 0xae9: 0x0008,
+	0xaea: 0xe00d, 0xaeb: 0x0008, 0xaec: 0xe00d, 0xaed: 0x0008, 0xaee: 0xe00d, 0xaef: 0x0008,
+	0xaf0: 0xe00d, 0xaf1: 0x0008, 0xaf2: 0xe00d, 0xaf3: 0x0008, 0xaf4: 0xe00d, 0xaf5: 0x0008,
+	0xaf6: 0xe00d, 0xaf7: 0x0008, 0xaf8: 0xe00d, 0xaf9: 0x0008, 0xafa: 0xe00d, 0xafb: 0x0008,
+	0xafc: 0xe00d, 0xafd: 0x0008, 0xafe: 0xe00d, 0xaff: 0x0008,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x0008, 0xb01: 0x0008, 0xb02: 0x0008, 0xb03: 0x0008, 0xb04: 0x0008, 0xb05: 0x0008,
+	0xb06: 0x0040, 0xb07: 0x0040, 0xb08: 0xe045, 0xb09: 0xe045, 0xb0a: 0xe045, 0xb0b: 0xe045,
+	0xb0c: 0xe045, 0xb0d: 0xe045, 0xb0e: 0x0040, 0xb0f: 0x0040, 0xb10: 0x0008, 0xb11: 0x0008,
+	0xb12: 0x0008, 0xb13: 0x0008, 0xb14: 0x0008, 0xb15: 0x0008, 0xb16: 0x0008, 0xb17: 0x0008,
+	0xb18: 0x0040, 0xb19: 0xe045, 0xb1a: 0x0040, 0xb1b: 0xe045, 0xb1c: 0x0040, 0xb1d: 0xe045,
+	0xb1e: 0x0040, 0xb1f: 0xe045, 0xb20: 0x0008, 0xb21: 0x0008, 0xb22: 0x0008, 0xb23: 0x0008,
+	0xb24: 0x0008, 0xb25: 0x0008, 0xb26: 0x0008, 0xb27: 0x0008, 0xb28: 0xe045, 0xb29: 0xe045,
+	0xb2a: 0xe045, 0xb2b: 0xe045, 0xb2c: 0xe045, 0xb2d: 0xe045, 0xb2e: 0xe045, 0xb2f: 0xe045,
+	0xb30: 0x0008, 0xb31: 0x1459, 0xb32: 0x0008, 0xb33: 0x1471, 0xb34: 0x0008, 0xb35: 0x1489,
+	0xb36: 0x0008, 0xb37: 0x14a1, 0xb38: 0x0008, 0xb39: 0x14b9, 0xb3a: 0x0008, 0xb3b: 0x14d1,
+	0xb3c: 0x0008, 0xb3d: 0x14e9, 0xb3e: 0x0040, 0xb3f: 0x0040,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x1501, 0xb41: 0x1531, 0xb42: 0x1561, 0xb43: 0x1591, 0xb44: 0x15c1, 0xb45: 0x15f1,
+	0xb46: 0x1621, 0xb47: 0x1651, 0xb48: 0x1501, 0xb49: 0x1531, 0xb4a: 0x1561, 0xb4b: 0x1591,
+	0xb4c: 0x15c1, 0xb4d: 0x15f1, 0xb4e: 0x1621, 0xb4f: 0x1651, 0xb50: 0x1681, 0xb51: 0x16b1,
+	0xb52: 0x16e1, 0xb53: 0x1711, 0xb54: 0x1741, 0xb55: 0x1771, 0xb56: 0x17a1, 0xb57: 0x17d1,
+	0xb58: 0x1681, 0xb59: 0x16b1, 0xb5a: 0x16e1, 0xb5b: 0x1711, 0xb5c: 0x1741, 0xb5d: 0x1771,
+	0xb5e: 0x17a1, 0xb5f: 0x17d1, 0xb60: 0x1801, 0xb61: 0x1831, 0xb62: 0x1861, 0xb63: 0x1891,
+	0xb64: 0x18c1, 0xb65: 0x18f1, 0xb66: 0x1921, 0xb67: 0x1951, 0xb68: 0x1801, 0xb69: 0x1831,
+	0xb6a: 0x1861, 0xb6b: 0x1891, 0xb6c: 0x18c1, 0xb6d: 0x18f1, 0xb6e: 0x1921, 0xb6f: 0x1951,
+	0xb70: 0x0008, 0xb71: 0x0008, 0xb72: 0x1981, 0xb73: 0x19b1, 0xb74: 0x19d9, 0xb75: 0x0040,
+	0xb76: 0x0008, 0xb77: 0x1a01, 0xb78: 0xe045, 0xb79: 0xe045, 0xb7a: 0x0665, 0xb7b: 0x1459,
+	0xb7c: 0x19b1, 0xb7d: 0x067e, 0xb7e: 0x1a31, 0xb7f: 0x069e,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x06be, 0xb81: 0x1a4a, 0xb82: 0x1a79, 0xb83: 0x1aa9, 0xb84: 0x1ad1, 0xb85: 0x0040,
+	0xb86: 0x0008, 0xb87: 0x1af9, 0xb88: 0x06dd, 0xb89: 0x1471, 0xb8a: 0x06f5, 0xb8b: 0x1489,
+	0xb8c: 0x1aa9, 0xb8d: 0x1b2a, 0xb8e: 0x1b5a, 0xb8f: 0x1b8a, 0xb90: 0x0008, 0xb91: 0x0008,
+	0xb92: 0x0008, 0xb93: 0x1bb9, 0xb94: 0x0040, 0xb95: 0x0040, 0xb96: 0x0008, 0xb97: 0x0008,
+	0xb98: 0xe045, 0xb99: 0xe045, 0xb9a: 0x070d, 0xb9b: 0x14a1, 0xb9c: 0x0040, 0xb9d: 0x1bd2,
+	0xb9e: 0x1c02, 0xb9f: 0x1c32, 0xba0: 0x0008, 0xba1: 0x0008, 0xba2: 0x0008, 0xba3: 0x1c61,
+	0xba4: 0x0008, 0xba5: 0x0008, 0xba6: 0x0008, 0xba7: 0x0008, 0xba8: 0xe045, 0xba9: 0xe045,
+	0xbaa: 0x0725, 0xbab: 0x14d1, 0xbac: 0xe04d, 0xbad: 0x1c7a, 0xbae: 0x03d2, 0xbaf: 0x1caa,
+	0xbb0: 0x0040, 0xbb1: 0x0040, 0xbb2: 0x1cb9, 0xbb3: 0x1ce9, 0xbb4: 0x1d11, 0xbb5: 0x0040,
+	0xbb6: 0x0008, 0xbb7: 0x1d39, 0xbb8: 0x073d, 0xbb9: 0x14b9, 0xbba: 0x0515, 0xbbb: 0x14e9,
+	0xbbc: 0x1ce9, 0xbbd: 0x0756, 0xbbe: 0x0776, 0xbbf: 0x0040,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x000a, 0xbc1: 0x000a, 0xbc2: 0x000a, 0xbc3: 0x000a, 0xbc4: 0x000a, 0xbc5: 0x000a,
+	0xbc6: 0x000a, 0xbc7: 0x000a, 0xbc8: 0x000a, 0xbc9: 0x000a, 0xbca: 0x000a, 0xbcb: 0x03c0,
+	0xbcc: 0x0003, 0xbcd: 0x0003, 0xbce: 0x0340, 0xbcf: 0x0b40, 0xbd0: 0x0018, 0xbd1: 0xe00d,
+	0xbd2: 0x0018, 0xbd3: 0x0018, 0xbd4: 0x0018, 0xbd5: 0x0018, 0xbd6: 0x0018, 0xbd7: 0x0796,
+	0xbd8: 0x0018, 0xbd9: 0x0018, 0xbda: 0x0018, 0xbdb: 0x0018, 0xbdc: 0x0018, 0xbdd: 0x0018,
+	0xbde: 0x0018, 0xbdf: 0x0018, 0xbe0: 0x0018, 0xbe1: 0x0018, 0xbe2: 0x0018, 0xbe3: 0x0018,
+	0xbe4: 0x0040, 0xbe5: 0x0040, 0xbe6: 0x0040, 0xbe7: 0x0018, 0xbe8: 0x0040, 0xbe9: 0x0040,
+	0xbea: 0x0340, 0xbeb: 0x0340, 0xbec: 0x0340, 0xbed: 0x0340, 0xbee: 0x0340, 0xbef: 0x000a,
+	0xbf0: 0x0018, 0xbf1: 0x0018, 0xbf2: 0x0018, 0xbf3: 0x1d69, 0xbf4: 0x1da1, 0xbf5: 0x0018,
+	0xbf6: 0x1df1, 0xbf7: 0x1e29, 0xbf8: 0x0018, 0xbf9: 0x0018, 0xbfa: 0x0018, 0xbfb: 0x0018,
+	0xbfc: 0x1e7a, 0xbfd: 0x0018, 0xbfe: 0x07b6, 0xbff: 0x0018,
+	// Block 0x30, offset 0xc00
+	0xc00: 0x0018, 0xc01: 0x0018, 0xc02: 0x0018, 0xc03: 0x0018, 0xc04: 0x0018, 0xc05: 0x0018,
+	0xc06: 0x0018, 0xc07: 0x1e92, 0xc08: 0x1eaa, 0xc09: 0x1ec2, 0xc0a: 0x0018, 0xc0b: 0x0018,
+	0xc0c: 0x0018, 0xc0d: 0x0018, 0xc0e: 0x0018, 0xc0f: 0x0018, 0xc10: 0x0018, 0xc11: 0x0018,
+	0xc12: 0x0018, 0xc13: 0x0018, 0xc14: 0x0018, 0xc15: 0x0018, 0xc16: 0x0018, 0xc17: 0x1ed9,
+	0xc18: 0x0018, 0xc19: 0x0018, 0xc1a: 0x0018, 0xc1b: 0x0018, 0xc1c: 0x0018, 0xc1d: 0x0018,
+	0xc1e: 0x0018, 0xc1f: 0x000a, 0xc20: 0x03c0, 0xc21: 0x0340, 0xc22: 0x0340, 0xc23: 0x0340,
+	0xc24: 0x03c0, 0xc25: 0x0040, 0xc26: 0x0040, 0xc27: 0x0040, 0xc28: 0x0040, 0xc29: 0x0040,
+	0xc2a: 0x0340, 0xc2b: 0x0340, 0xc2c: 0x0340, 0xc2d: 0x0340, 0xc2e: 0x0340, 0xc2f: 0x0340,
+	0xc30: 0x1f41, 0xc31: 0x0f41, 0xc32: 0x0040, 0xc33: 0x0040, 0xc34: 0x1f51, 0xc35: 0x1f61,
+	0xc36: 0x1f71, 0xc37: 0x1f81, 0xc38: 0x1f91, 0xc39: 0x1fa1, 0xc3a: 0x1fb2, 0xc3b: 0x07d5,
+	0xc3c: 0x1fc2, 0xc3d: 0x1fd2, 0xc3e: 0x1fe2, 0xc3f: 0x0f71,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x1f41, 0xc41: 0x00c9, 0xc42: 0x0069, 0xc43: 0x0079, 0xc44: 0x1f51, 0xc45: 0x1f61,
+	0xc46: 0x1f71, 0xc47: 0x1f81, 0xc48: 0x1f91, 0xc49: 0x1fa1, 0xc4a: 0x1fb2, 0xc4b: 0x07ed,
+	0xc4c: 0x1fc2, 0xc4d: 0x1fd2, 0xc4e: 0x1fe2, 0xc4f: 0x0040, 0xc50: 0x0039, 0xc51: 0x0f09,
+	0xc52: 0x00d9, 0xc53: 0x0369, 0xc54: 0x0ff9, 0xc55: 0x0249, 0xc56: 0x0f51, 0xc57: 0x0359,
+	0xc58: 0x0f61, 0xc59: 0x0f71, 0xc5a: 0x0f99, 0xc5b: 0x01d9, 0xc5c: 0x0fa9, 0xc5d: 0x0040,
+	0xc5e: 0x0040, 0xc5f: 0x0040, 0xc60: 0x0018, 0xc61: 0x0018, 0xc62: 0x0018, 0xc63: 0x0018,
+	0xc64: 0x0018, 0xc65: 0x0018, 0xc66: 0x0018, 0xc67: 0x0018, 0xc68: 0x1ff1, 0xc69: 0x0018,
+	0xc6a: 0x0018, 0xc6b: 0x0018, 0xc6c: 0x0018, 0xc6d: 0x0018, 0xc6e: 0x0018, 0xc6f: 0x0018,
+	0xc70: 0x0018, 0xc71: 0x0018, 0xc72: 0x0018, 0xc73: 0x0018, 0xc74: 0x0018, 0xc75: 0x0018,
+	0xc76: 0x0018, 0xc77: 0x0018, 0xc78: 0x0018, 0xc79: 0x0018, 0xc7a: 0x0018, 0xc7b: 0x0018,
+	0xc7c: 0x0018, 0xc7d: 0x0018, 0xc7e: 0x0018, 0xc7f: 0x0018,
+	// Block 0x32, offset 0xc80
+	0xc80: 0x0806, 0xc81: 0x0826, 0xc82: 0x1159, 0xc83: 0x0845, 0xc84: 0x0018, 0xc85: 0x0866,
+	0xc86: 0x0886, 0xc87: 0x1011, 0xc88: 0x0018, 0xc89: 0x08a5, 0xc8a: 0x0f31, 0xc8b: 0x0249,
+	0xc8c: 0x0249, 0xc8d: 0x0249, 0xc8e: 0x0249, 0xc8f: 0x2009, 0xc90: 0x0f41, 0xc91: 0x0f41,
+	0xc92: 0x0359, 0xc93: 0x0359, 0xc94: 0x0018, 0xc95: 0x0f71, 0xc96: 0x2021, 0xc97: 0x0018,
+	0xc98: 0x0018, 0xc99: 0x0f99, 0xc9a: 0x2039, 0xc9b: 0x0269, 0xc9c: 0x0269, 0xc9d: 0x0269,
+	0xc9e: 0x0018, 0xc9f: 0x0018, 0xca0: 0x2049, 0xca1: 0x08c5, 0xca2: 0x2061, 0xca3: 0x0018,
+	0xca4: 0x13d1, 0xca5: 0x0018, 0xca6: 0x2079, 0xca7: 0x0018, 0xca8: 0x13d1, 0xca9: 0x0018,
+	0xcaa: 0x0f51, 0xcab: 0x2091, 0xcac: 0x0ee9, 0xcad: 0x1159, 0xcae: 0x0018, 0xcaf: 0x0f09,
+	0xcb0: 0x0f09, 0xcb1: 0x1199, 0xcb2: 0x0040, 0xcb3: 0x0f61, 0xcb4: 0x00d9, 0xcb5: 0x20a9,
+	0xcb6: 0x20c1, 0xcb7: 0x20d9, 0xcb8: 0x20f1, 0xcb9: 0x0f41, 0xcba: 0x0018, 0xcbb: 0x08e5,
+	0xcbc: 0x2109, 0xcbd: 0x10b1, 0xcbe: 0x10b1, 0xcbf: 0x2109,
+	// Block 0x33, offset 0xcc0
+	0xcc0: 0x0905, 0xcc1: 0x0018, 0xcc2: 0x0018, 0xcc3: 0x0018, 0xcc4: 0x0018, 0xcc5: 0x0ef9,
+	0xcc6: 0x0ef9, 0xcc7: 0x0f09, 0xcc8: 0x0f41, 0xcc9: 0x0259, 0xcca: 0x0018, 0xccb: 0x0018,
+	0xccc: 0x0018, 0xccd: 0x0018, 0xcce: 0x0008, 0xccf: 0x0018, 0xcd0: 0x2121, 0xcd1: 0x2151,
+	0xcd2: 0x2181, 0xcd3: 0x21b9, 0xcd4: 0x21e9, 0xcd5: 0x2219, 0xcd6: 0x2249, 0xcd7: 0x2279,
+	0xcd8: 0x22a9, 0xcd9: 0x22d9, 0xcda: 0x2309, 0xcdb: 0x2339, 0xcdc: 0x2369, 0xcdd: 0x2399,
+	0xcde: 0x23c9, 0xcdf: 0x23f9, 0xce0: 0x0f41, 0xce1: 0x2421, 0xce2: 0x091d, 0xce3: 0x2439,
+	0xce4: 0x1089, 0xce5: 0x2451, 0xce6: 0x093d, 0xce7: 0x2469, 0xce8: 0x2491, 0xce9: 0x0369,
+	0xcea: 0x24a9, 0xceb: 0x095d, 0xcec: 0x0359, 0xced: 0x1159, 0xcee: 0x0ef9, 0xcef: 0x0f61,
+	0xcf0: 0x0f41, 0xcf1: 0x2421, 0xcf2: 0x097d, 0xcf3: 0x2439, 0xcf4: 0x1089, 0xcf5: 0x2451,
+	0xcf6: 0x099d, 0xcf7: 0x2469, 0xcf8: 0x2491, 0xcf9: 0x0369, 0xcfa: 0x24a9, 0xcfb: 0x09bd,
+	0xcfc: 0x0359, 0xcfd: 0x1159, 0xcfe: 0x0ef9, 0xcff: 0x0f61,
+	// Block 0x34, offset 0xd00
+	0xd00: 0x0018, 0xd01: 0x0018, 0xd02: 0x0018, 0xd03: 0x0018, 0xd04: 0x0018, 0xd05: 0x0018,
+	0xd06: 0x0018, 0xd07: 0x0018, 0xd08: 0x0018, 0xd09: 0x0018, 0xd0a: 0x0018, 0xd0b: 0x0040,
+	0xd0c: 0x0040, 0xd0d: 0x0040, 0xd0e: 0x0040, 0xd0f: 0x0040, 0xd10: 0x0040, 0xd11: 0x0040,
+	0xd12: 0x0040, 0xd13: 0x0040, 0xd14: 0x0040, 0xd15: 0x0040, 0xd16: 0x0040, 0xd17: 0x0040,
+	0xd18: 0x0040, 0xd19: 0x0040, 0xd1a: 0x0040, 0xd1b: 0x0040, 0xd1c: 0x0040, 0xd1d: 0x0040,
+	0xd1e: 0x0040, 0xd1f: 0x0040, 0xd20: 0x00c9, 0xd21: 0x0069, 0xd22: 0x0079, 0xd23: 0x1f51,
+	0xd24: 0x1f61, 0xd25: 0x1f71, 0xd26: 0x1f81, 0xd27: 0x1f91, 0xd28: 0x1fa1, 0xd29: 0x2601,
+	0xd2a: 0x2619, 0xd2b: 0x2631, 0xd2c: 0x2649, 0xd2d: 0x2661, 0xd2e: 0x2679, 0xd2f: 0x2691,
+	0xd30: 0x26a9, 0xd31: 0x26c1, 0xd32: 0x26d9, 0xd33: 0x26f1, 0xd34: 0x0a1e, 0xd35: 0x0a3e,
+	0xd36: 0x0a5e, 0xd37: 0x0a7e, 0xd38: 0x0a9e, 0xd39: 0x0abe, 0xd3a: 0x0ade, 0xd3b: 0x0afe,
+	0xd3c: 0x0b1e, 0xd3d: 0x270a, 0xd3e: 0x2732, 0xd3f: 0x275a,
+	// Block 0x35, offset 0xd40
+	0xd40: 0x2782, 0xd41: 0x27aa, 0xd42: 0x27d2, 0xd43: 0x27fa, 0xd44: 0x2822, 0xd45: 0x284a,
+	0xd46: 0x2872, 0xd47: 0x289a, 0xd48: 0x0040, 0xd49: 0x0040, 0xd4a: 0x0040, 0xd4b: 0x0040,
+	0xd4c: 0x0040, 0xd4d: 0x0040, 0xd4e: 0x0040, 0xd4f: 0x0040, 0xd50: 0x0040, 0xd51: 0x0040,
+	0xd52: 0x0040, 0xd53: 0x0040, 0xd54: 0x0040, 0xd55: 0x0040, 0xd56: 0x0040, 0xd57: 0x0040,
+	0xd58: 0x0040, 0xd59: 0x0040, 0xd5a: 0x0040, 0xd5b: 0x0040, 0xd5c: 0x0b3e, 0xd5d: 0x0b5e,
+	0xd5e: 0x0b7e, 0xd5f: 0x0b9e, 0xd60: 0x0bbe, 0xd61: 0x0bde, 0xd62: 0x0bfe, 0xd63: 0x0c1e,
+	0xd64: 0x0c3e, 0xd65: 0x0c5e, 0xd66: 0x0c7e, 0xd67: 0x0c9e, 0xd68: 0x0cbe, 0xd69: 0x0cde,
+	0xd6a: 0x0cfe, 0xd6b: 0x0d1e, 0xd6c: 0x0d3e, 0xd6d: 0x0d5e, 0xd6e: 0x0d7e, 0xd6f: 0x0d9e,
+	0xd70: 0x0dbe, 0xd71: 0x0dde, 0xd72: 0x0dfe, 0xd73: 0x0e1e, 0xd74: 0x0e3e, 0xd75: 0x0e5e,
+	0xd76: 0x0039, 0xd77: 0x0ee9, 0xd78: 0x1159, 0xd79: 0x0ef9, 0xd7a: 0x0f09, 0xd7b: 0x1199,
+	0xd7c: 0x0f31, 0xd7d: 0x0249, 0xd7e: 0x0f41, 0xd7f: 0x0259,
+	// Block 0x36, offset 0xd80
+	0xd80: 0x0f51, 0xd81: 0x0359, 0xd82: 0x0f61, 0xd83: 0x0f71, 0xd84: 0x00d9, 0xd85: 0x0f99,
+	0xd86: 0x2039, 0xd87: 0x0269, 0xd88: 0x01d9, 0xd89: 0x0fa9, 0xd8a: 0x0fb9, 0xd8b: 0x1089,
+	0xd8c: 0x0279, 0xd8d: 0x0369, 0xd8e: 0x0289, 0xd8f: 0x13d1, 0xd90: 0x0039, 0xd91: 0x0ee9,
+	0xd92: 0x1159, 0xd93: 0x0ef9, 0xd94: 0x0f09, 0xd95: 0x1199, 0xd96: 0x0f31, 0xd97: 0x0249,
+	0xd98: 0x0f41, 0xd99: 0x0259, 0xd9a: 0x0f51, 0xd9b: 0x0359, 0xd9c: 0x0f61, 0xd9d: 0x0f71,
+	0xd9e: 0x00d9, 0xd9f: 0x0f99, 0xda0: 0x2039, 0xda1: 0x0269, 0xda2: 0x01d9, 0xda3: 0x0fa9,
+	0xda4: 0x0fb9, 0xda5: 0x1089, 0xda6: 0x0279, 0xda7: 0x0369, 0xda8: 0x0289, 0xda9: 0x13d1,
+	0xdaa: 0x1f41, 0xdab: 0x0018, 0xdac: 0x0018, 0xdad: 0x0018, 0xdae: 0x0018, 0xdaf: 0x0018,
+	0xdb0: 0x0018, 0xdb1: 0x0018, 0xdb2: 0x0018, 0xdb3: 0x0018, 0xdb4: 0x0018, 0xdb5: 0x0018,
+	0xdb6: 0x0018, 0xdb7: 0x0018, 0xdb8: 0x0018, 0xdb9: 0x0018, 0xdba: 0x0018, 0xdbb: 0x0018,
+	0xdbc: 0x0018, 0xdbd: 0x0018, 0xdbe: 0x0018, 0xdbf: 0x0018,
+	// Block 0x37, offset 0xdc0
+	0xdc0: 0x0008, 0xdc1: 0x0008, 0xdc2: 0x0008, 0xdc3: 0x0008, 0xdc4: 0x0008, 0xdc5: 0x0008,
+	0xdc6: 0x0008, 0xdc7: 0x0008, 0xdc8: 0x0008, 0xdc9: 0x0008, 0xdca: 0x0008, 0xdcb: 0x0008,
+	0xdcc: 0x0008, 0xdcd: 0x0008, 0xdce: 0x0008, 0xdcf: 0x0008, 0xdd0: 0x0008, 0xdd1: 0x0008,
+	0xdd2: 0x0008, 0xdd3: 0x0008, 0xdd4: 0x0008, 0xdd5: 0x0008, 0xdd6: 0x0008, 0xdd7: 0x0008,
+	0xdd8: 0x0008, 0xdd9: 0x0008, 0xdda: 0x0008, 0xddb: 0x0008, 0xddc: 0x0008, 0xddd: 0x0008,
+	0xdde: 0x0008, 0xddf: 0x0040, 0xde0: 0xe00d, 0xde1: 0x0008, 0xde2: 0x2971, 0xde3: 0x0ed5,
+	0xde4: 0x2989, 0xde5: 0x0008, 0xde6: 0x0008, 0xde7: 0xe07d, 0xde8: 0x0008, 0xde9: 0xe01d,
+	0xdea: 0x0008, 0xdeb: 0xe03d, 0xdec: 0x0008, 0xded: 0x0fe1, 0xdee: 0x1281, 0xdef: 0x0fc9,
+	0xdf0: 0x1141, 0xdf1: 0x0008, 0xdf2: 0xe00d, 0xdf3: 0x0008, 0xdf4: 0x0008, 0xdf5: 0xe01d,
+	0xdf6: 0x0008, 0xdf7: 0x0008, 0xdf8: 0x0008, 0xdf9: 0x0008, 0xdfa: 0x0008, 0xdfb: 0x0008,
+	0xdfc: 0x0259, 0xdfd: 0x1089, 0xdfe: 0x29a1, 0xdff: 0x29b9,
+	// Block 0x38, offset 0xe00
+	0xe00: 0xe00d, 0xe01: 0x0008, 0xe02: 0xe00d, 0xe03: 0x0008, 0xe04: 0xe00d, 0xe05: 0x0008,
+	0xe06: 0xe00d, 0xe07: 0x0008, 0xe08: 0xe00d, 0xe09: 0x0008, 0xe0a: 0xe00d, 0xe0b: 0x0008,
+	0xe0c: 0xe00d, 0xe0d: 0x0008, 0xe0e: 0xe00d, 0xe0f: 0x0008, 0xe10: 0xe00d, 0xe11: 0x0008,
+	0xe12: 0xe00d, 0xe13: 0x0008, 0xe14: 0xe00d, 0xe15: 0x0008, 0xe16: 0xe00d, 0xe17: 0x0008,
+	0xe18: 0xe00d, 0xe19: 0x0008, 0xe1a: 0xe00d, 0xe1b: 0x0008, 0xe1c: 0xe00d, 0xe1d: 0x0008,
+	0xe1e: 0xe00d, 0xe1f: 0x0008, 0xe20: 0xe00d, 0xe21: 0x0008, 0xe22: 0xe00d, 0xe23: 0x0008,
+	0xe24: 0x0008, 0xe25: 0x0018, 0xe26: 0x0018, 0xe27: 0x0018, 0xe28: 0x0018, 0xe29: 0x0018,
+	0xe2a: 0x0018, 0xe2b: 0xe03d, 0xe2c: 0x0008, 0xe2d: 0xe01d, 0xe2e: 0x0008, 0xe2f: 0x3308,
+	0xe30: 0x3308, 0xe31: 0x3308, 0xe32: 0xe00d, 0xe33: 0x0008, 0xe34: 0x0040, 0xe35: 0x0040,
+	0xe36: 0x0040, 0xe37: 0x0040, 0xe38: 0x0040, 0xe39: 0x0018, 0xe3a: 0x0018, 0xe3b: 0x0018,
+	0xe3c: 0x0018, 0xe3d: 0x0018, 0xe3e: 0x0018, 0xe3f: 0x0018,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x2715, 0xe41: 0x2735, 0xe42: 0x2755, 0xe43: 0x2775, 0xe44: 0x2795, 0xe45: 0x27b5,
+	0xe46: 0x27d5, 0xe47: 0x27f5, 0xe48: 0x2815, 0xe49: 0x2835, 0xe4a: 0x2855, 0xe4b: 0x2875,
+	0xe4c: 0x2895, 0xe4d: 0x28b5, 0xe4e: 0x28d5, 0xe4f: 0x28f5, 0xe50: 0x2915, 0xe51: 0x2935,
+	0xe52: 0x2955, 0xe53: 0x2975, 0xe54: 0x2995, 0xe55: 0x29b5, 0xe56: 0x0040, 0xe57: 0x0040,
+	0xe58: 0x0040, 0xe59: 0x0040, 0xe5a: 0x0040, 0xe5b: 0x0040, 0xe5c: 0x0040, 0xe5d: 0x0040,
+	0xe5e: 0x0040, 0xe5f: 0x0040, 0xe60: 0x0040, 0xe61: 0x0040, 0xe62: 0x0040, 0xe63: 0x0040,
+	0xe64: 0x0040, 0xe65: 0x0040, 0xe66: 0x0040, 0xe67: 0x0040, 0xe68: 0x0040, 0xe69: 0x0040,
+	0xe6a: 0x0040, 0xe6b: 0x0040, 0xe6c: 0x0040, 0xe6d: 0x0040, 0xe6e: 0x0040, 0xe6f: 0x0040,
+	0xe70: 0x0040, 0xe71: 0x0040, 0xe72: 0x0040, 0xe73: 0x0040, 0xe74: 0x0040, 0xe75: 0x0040,
+	0xe76: 0x0040, 0xe77: 0x0040, 0xe78: 0x0040, 0xe79: 0x0040, 0xe7a: 0x0040, 0xe7b: 0x0040,
+	0xe7c: 0x0040, 0xe7d: 0x0040, 0xe7e: 0x0040, 0xe7f: 0x0040,
+	// Block 0x3a, offset 0xe80
+	0xe80: 0x000a, 0xe81: 0x0018, 0xe82: 0x29d1, 0xe83: 0x0018, 0xe84: 0x0018, 0xe85: 0x0008,
+	0xe86: 0x0008, 0xe87: 0x0008, 0xe88: 0x0018, 0xe89: 0x0018, 0xe8a: 0x0018, 0xe8b: 0x0018,
+	0xe8c: 0x0018, 0xe8d: 0x0018, 0xe8e: 0x0018, 0xe8f: 0x0018, 0xe90: 0x0018, 0xe91: 0x0018,
+	0xe92: 0x0018, 0xe93: 0x0018, 0xe94: 0x0018, 0xe95: 0x0018, 0xe96: 0x0018, 0xe97: 0x0018,
+	0xe98: 0x0018, 0xe99: 0x0018, 0xe9a: 0x0018, 0xe9b: 0x0018, 0xe9c: 0x0018, 0xe9d: 0x0018,
+	0xe9e: 0x0018, 0xe9f: 0x0018, 0xea0: 0x0018, 0xea1: 0x0018, 0xea2: 0x0018, 0xea3: 0x0018,
+	0xea4: 0x0018, 0xea5: 0x0018, 0xea6: 0x0018, 0xea7: 0x0018, 0xea8: 0x0018, 0xea9: 0x0018,
+	0xeaa: 0x3308, 0xeab: 0x3308, 0xeac: 0x3308, 0xead: 0x3308, 0xeae: 0x3018, 0xeaf: 0x3018,
+	0xeb0: 0x0018, 0xeb1: 0x0018, 0xeb2: 0x0018, 0xeb3: 0x0018, 0xeb4: 0x0018, 0xeb5: 0x0018,
+	0xeb6: 0xe125, 0xeb7: 0x0018, 0xeb8: 0x29d5, 0xeb9: 0x29f5, 0xeba: 0x2a15, 0xebb: 0x0018,
+	0xebc: 0x0008, 0xebd: 0x0018, 0xebe: 0x0018, 0xebf: 0x0018,
+	// Block 0x3b, offset 0xec0
+	0xec0: 0x2b55, 0xec1: 0x2b75, 0xec2: 0x2b95, 0xec3: 0x2bb5, 0xec4: 0x2bd5, 0xec5: 0x2bf5,
+	0xec6: 0x2bf5, 0xec7: 0x2bf5, 0xec8: 0x2c15, 0xec9: 0x2c15, 0xeca: 0x2c15, 0xecb: 0x2c15,
+	0xecc: 0x2c35, 0xecd: 0x2c35, 0xece: 0x2c35, 0xecf: 0x2c55, 0xed0: 0x2c75, 0xed1: 0x2c75,
+	0xed2: 0x2a95, 0xed3: 0x2a95, 0xed4: 0x2c75, 0xed5: 0x2c75, 0xed6: 0x2c95, 0xed7: 0x2c95,
+	0xed8: 0x2c75, 0xed9: 0x2c75, 0xeda: 0x2a95, 0xedb: 0x2a95, 0xedc: 0x2c75, 0xedd: 0x2c75,
+	0xede: 0x2c55, 0xedf: 0x2c55, 0xee0: 0x2cb5, 0xee1: 0x2cb5, 0xee2: 0x2cd5, 0xee3: 0x2cd5,
+	0xee4: 0x0040, 0xee5: 0x2cf5, 0xee6: 0x2d15, 0xee7: 0x2d35, 0xee8: 0x2d35, 0xee9: 0x2d55,
+	0xeea: 0x2d75, 0xeeb: 0x2d95, 0xeec: 0x2db5, 0xeed: 0x2dd5, 0xeee: 0x2df5, 0xeef: 0x2e15,
+	0xef0: 0x2e35, 0xef1: 0x2e55, 0xef2: 0x2e55, 0xef3: 0x2e75, 0xef4: 0x2e95, 0xef5: 0x2e95,
+	0xef6: 0x2eb5, 0xef7: 0x2ed5, 0xef8: 0x2e75, 0xef9: 0x2ef5, 0xefa: 0x2f15, 0xefb: 0x2ef5,
+	0xefc: 0x2e75, 0xefd: 0x2f35, 0xefe: 0x2f55, 0xeff: 0x2f75,
+	// Block 0x3c, offset 0xf00
+	0xf00: 0x2f95, 0xf01: 0x2fb5, 0xf02: 0x2d15, 0xf03: 0x2cf5, 0xf04: 0x2fd5, 0xf05: 0x2ff5,
+	0xf06: 0x3015, 0xf07: 0x3035, 0xf08: 0x3055, 0xf09: 0x3075, 0xf0a: 0x3095, 0xf0b: 0x30b5,
+	0xf0c: 0x30d5, 0xf0d: 0x30f5, 0xf0e: 0x3115, 0xf0f: 0x0040, 0xf10: 0x0018, 0xf11: 0x0018,
+	0xf12: 0x3135, 0xf13: 0x3155, 0xf14: 0x3175, 0xf15: 0x3195, 0xf16: 0x31b5, 0xf17: 0x31d5,
+	0xf18: 0x31f5, 0xf19: 0x3215, 0xf1a: 0x3235, 0xf1b: 0x3255, 0xf1c: 0x3175, 0xf1d: 0x3275,
+	0xf1e: 0x3295, 0xf1f: 0x32b5, 0xf20: 0x0008, 0xf21: 0x0008, 0xf22: 0x0008, 0xf23: 0x0008,
+	0xf24: 0x0008, 0xf25: 0x0008, 0xf26: 0x0008, 0xf27: 0x0008, 0xf28: 0x0008, 0xf29: 0x0008,
+	0xf2a: 0x0008, 0xf2b: 0x0008, 0xf2c: 0x0008, 0xf2d: 0x0008, 0xf2e: 0x0008, 0xf2f: 0x0008,
+	0xf30: 0x0008, 0xf31: 0x0008, 0xf32: 0x0008, 0xf33: 0x0008, 0xf34: 0x0008, 0xf35: 0x0008,
+	0xf36: 0x0008, 0xf37: 0x0008, 0xf38: 0x0008, 0xf39: 0x0008, 0xf3a: 0x0008, 0xf3b: 0x0008,
+	0xf3c: 0x0008, 0xf3d: 0x0008, 0xf3e: 0x0008, 0xf3f: 0x0008,
+	// Block 0x3d, offset 0xf40
+	0xf40: 0x36a2, 0xf41: 0x36d2, 0xf42: 0x3702, 0xf43: 0x3732, 0xf44: 0x32d5, 0xf45: 0x32f5,
+	0xf46: 0x3315, 0xf47: 0x3335, 0xf48: 0x0018, 0xf49: 0x0018, 0xf4a: 0x0018, 0xf4b: 0x0018,
+	0xf4c: 0x0018, 0xf4d: 0x0018, 0xf4e: 0x0018, 0xf4f: 0x0018, 0xf50: 0x3355, 0xf51: 0x3761,
+	0xf52: 0x3779, 0xf53: 0x3791, 0xf54: 0x37a9, 0xf55: 0x37c1, 0xf56: 0x37d9, 0xf57: 0x37f1,
+	0xf58: 0x3809, 0xf59: 0x3821, 0xf5a: 0x3839, 0xf5b: 0x3851, 0xf5c: 0x3869, 0xf5d: 0x3881,
+	0xf5e: 0x3899, 0xf5f: 0x38b1, 0xf60: 0x3375, 0xf61: 0x3395, 0xf62: 0x33b5, 0xf63: 0x33d5,
+	0xf64: 0x33f5, 0xf65: 0x33f5, 0xf66: 0x3415, 0xf67: 0x3435, 0xf68: 0x3455, 0xf69: 0x3475,
+	0xf6a: 0x3495, 0xf6b: 0x34b5, 0xf6c: 0x34d5, 0xf6d: 0x34f5, 0xf6e: 0x3515, 0xf6f: 0x3535,
+	0xf70: 0x3555, 0xf71: 0x3575, 0xf72: 0x3595, 0xf73: 0x35b5, 0xf74: 0x35d5, 0xf75: 0x35f5,
+	0xf76: 0x3615, 0xf77: 0x3635, 0xf78: 0x3655, 0xf79: 0x3675, 0xf7a: 0x3695, 0xf7b: 0x36b5,
+	0xf7c: 0x38c9, 0xf7d: 0x3901, 0xf7e: 0x36d5, 0xf7f: 0x0018,
+	// Block 0x3e, offset 0xf80
+	0xf80: 0x36f5, 0xf81: 0x3715, 0xf82: 0x3735, 0xf83: 0x3755, 0xf84: 0x3775, 0xf85: 0x3795,
+	0xf86: 0x37b5, 0xf87: 0x37d5, 0xf88: 0x37f5, 0xf89: 0x3815, 0xf8a: 0x3835, 0xf8b: 0x3855,
+	0xf8c: 0x3875, 0xf8d: 0x3895, 0xf8e: 0x38b5, 0xf8f: 0x38d5, 0xf90: 0x38f5, 0xf91: 0x3915,
+	0xf92: 0x3935, 0xf93: 0x3955, 0xf94: 0x3975, 0xf95: 0x3995, 0xf96: 0x39b5, 0xf97: 0x39d5,
+	0xf98: 0x39f5, 0xf99: 0x3a15, 0xf9a: 0x3a35, 0xf9b: 0x3a55, 0xf9c: 0x3a75, 0xf9d: 0x3a95,
+	0xf9e: 0x3ab5, 0xf9f: 0x3ad5, 0xfa0: 0x3af5, 0xfa1: 0x3b15, 0xfa2: 0x3b35, 0xfa3: 0x3b55,
+	0xfa4: 0x3b75, 0xfa5: 0x3b95, 0xfa6: 0x1295, 0xfa7: 0x3bb5, 0xfa8: 0x3bd5, 0xfa9: 0x3bf5,
+	0xfaa: 0x3c15, 0xfab: 0x3c35, 0xfac: 0x3c55, 0xfad: 0x3c75, 0xfae: 0x23b5, 0xfaf: 0x3c95,
+	0xfb0: 0x3cb5, 0xfb1: 0x3939, 0xfb2: 0x3951, 0xfb3: 0x3969, 0xfb4: 0x3981, 0xfb5: 0x3999,
+	0xfb6: 0x39b1, 0xfb7: 0x39c9, 0xfb8: 0x39e1, 0xfb9: 0x39f9, 0xfba: 0x3a11, 0xfbb: 0x3a29,
+	0xfbc: 0x3a41, 0xfbd: 0x3a59, 0xfbe: 0x3a71, 0xfbf: 0x3a89,
+	// Block 0x3f, offset 0xfc0
+	0xfc0: 0x3aa1, 0xfc1: 0x3ac9, 0xfc2: 0x3af1, 0xfc3: 0x3b19, 0xfc4: 0x3b41, 0xfc5: 0x3b69,
+	0xfc6: 0x3b91, 0xfc7: 0x3bb9, 0xfc8: 0x3be1, 0xfc9: 0x3c09, 0xfca: 0x3c39, 0xfcb: 0x3c69,
+	0xfcc: 0x3c99, 0xfcd: 0x3cd5, 0xfce: 0x3cb1, 0xfcf: 0x3cf5, 0xfd0: 0x3d15, 0xfd1: 0x3d2d,
+	0xfd2: 0x3d45, 0xfd3: 0x3d5d, 0xfd4: 0x3d75, 0xfd5: 0x3d75, 0xfd6: 0x3d5d, 0xfd7: 0x3d8d,
+	0xfd8: 0x07d5, 0xfd9: 0x3da5, 0xfda: 0x3dbd, 0xfdb: 0x3dd5, 0xfdc: 0x3ded, 0xfdd: 0x3e05,
+	0xfde: 0x3e1d, 0xfdf: 0x3e35, 0xfe0: 0x3e4d, 0xfe1: 0x3e65, 0xfe2: 0x3e7d, 0xfe3: 0x3e95,
+	0xfe4: 0x3ead, 0xfe5: 0x3ead, 0xfe6: 0x3ec5, 0xfe7: 0x3ec5, 0xfe8: 0x3edd, 0xfe9: 0x3edd,
+	0xfea: 0x3ef5, 0xfeb: 0x3f0d, 0xfec: 0x3f25, 0xfed: 0x3f3d, 0xfee: 0x3f55, 0xfef: 0x3f55,
+	0xff0: 0x3f6d, 0xff1: 0x3f6d, 0xff2: 0x3f6d, 0xff3: 0x3f85, 0xff4: 0x3f9d, 0xff5: 0x3fb5,
+	0xff6: 0x3fcd, 0xff7: 0x3fb5, 0xff8: 0x3fe5, 0xff9: 0x3ffd, 0xffa: 0x3f85, 0xffb: 0x4015,
+	0xffc: 0x402d, 0xffd: 0x402d, 0xffe: 0x402d, 0xfff: 0x3cc9,
+	// Block 0x40, offset 0x1000
+	0x1000: 0x3d01, 0x1001: 0x3d69, 0x1002: 0x3dd1, 0x1003: 0x3e39, 0x1004: 0x3e89, 0x1005: 0x3ef1,
+	0x1006: 0x3f41, 0x1007: 0x3f91, 0x1008: 0x4011, 0x1009: 0x4079, 0x100a: 0x40c9, 0x100b: 0x4119,
+	0x100c: 0x4169, 0x100d: 0x41d1, 0x100e: 0x4239, 0x100f: 0x4289, 0x1010: 0x42d9, 0x1011: 0x4311,
+	0x1012: 0x4361, 0x1013: 0x43c9, 0x1014: 0x4431, 0x1015: 0x4469, 0x1016: 0x44e9, 0x1017: 0x4581,
+	0x1018: 0x4601, 0x1019: 0x4651, 0x101a: 0x46d1, 0x101b: 0x4751, 0x101c: 0x47b9, 0x101d: 0x4809,
+	0x101e: 0x4859, 0x101f: 0x48a9, 0x1020: 0x4911, 0x1021: 0x4991, 0x1022: 0x49f9, 0x1023: 0x4a49,
+	0x1024: 0x4a99, 0x1025: 0x4ae9, 0x1026: 0x4b21, 0x1027: 0x4b59, 0x1028: 0x4b91, 0x1029: 0x4bc9,
+	0x102a: 0x4c19, 0x102b: 0x4c69, 0x102c: 0x4ce9, 0x102d: 0x4d39, 0x102e: 0x4da1, 0x102f: 0x4e21,
+	0x1030: 0x4e71, 0x1031: 0x4ea9, 0x1032: 0x4ee1, 0x1033: 0x4f61, 0x1034: 0x4fc9, 0x1035: 0x5049,
+	0x1036: 0x5099, 0x1037: 0x5119, 0x1038: 0x5151, 0x1039: 0x51a1, 0x103a: 0x51f1, 0x103b: 0x5241,
+	0x103c: 0x5291, 0x103d: 0x52e1, 0x103e: 0x5349, 0x103f: 0x5399,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x53d1, 0x1041: 0x5421, 0x1042: 0x5471, 0x1043: 0x54c1, 0x1044: 0x5529, 0x1045: 0x5579,
+	0x1046: 0x55c9, 0x1047: 0x5619, 0x1048: 0x5699, 0x1049: 0x5701, 0x104a: 0x5739, 0x104b: 0x57b9,
+	0x104c: 0x57f1, 0x104d: 0x5859, 0x104e: 0x58c1, 0x104f: 0x5911, 0x1050: 0x5961, 0x1051: 0x59b1,
+	0x1052: 0x5a19, 0x1053: 0x5a51, 0x1054: 0x5aa1, 0x1055: 0x5b09, 0x1056: 0x5b41, 0x1057: 0x5bc1,
+	0x1058: 0x5c11, 0x1059: 0x5c39, 0x105a: 0x5c61, 0x105b: 0x5c89, 0x105c: 0x5cb1, 0x105d: 0x5cd9,
+	0x105e: 0x5d01, 0x105f: 0x5d29, 0x1060: 0x5d51, 0x1061: 0x5d79, 0x1062: 0x5da1, 0x1063: 0x5dd1,
+	0x1064: 0x5e01, 0x1065: 0x5e31, 0x1066: 0x5e61, 0x1067: 0x5e91, 0x1068: 0x5ec1, 0x1069: 0x5ef1,
+	0x106a: 0x5f21, 0x106b: 0x5f51, 0x106c: 0x5f81, 0x106d: 0x5fb1, 0x106e: 0x5fe1, 0x106f: 0x6011,
+	0x1070: 0x6041, 0x1071: 0x4045, 0x1072: 0x6071, 0x1073: 0x6089, 0x1074: 0x4065, 0x1075: 0x60a1,
+	0x1076: 0x60b9, 0x1077: 0x60d1, 0x1078: 0x4085, 0x1079: 0x4085, 0x107a: 0x60e9, 0x107b: 0x6101,
+	0x107c: 0x6139, 0x107d: 0x6171, 0x107e: 0x61a9, 0x107f: 0x61e1,
+	// Block 0x42, offset 0x1080
+	0x1080: 0x6249, 0x1081: 0x6261, 0x1082: 0x40a5, 0x1083: 0x6279, 0x1084: 0x6291, 0x1085: 0x62a9,
+	0x1086: 0x62c1, 0x1087: 0x62d9, 0x1088: 0x40c5, 0x1089: 0x62f1, 0x108a: 0x6319, 0x108b: 0x6331,
+	0x108c: 0x40e5, 0x108d: 0x40e5, 0x108e: 0x6349, 0x108f: 0x6361, 0x1090: 0x6379, 0x1091: 0x4105,
+	0x1092: 0x4125, 0x1093: 0x4145, 0x1094: 0x4165, 0x1095: 0x4185, 0x1096: 0x6391, 0x1097: 0x63a9,
+	0x1098: 0x63c1, 0x1099: 0x63d9, 0x109a: 0x63f1, 0x109b: 0x41a5, 0x109c: 0x6409, 0x109d: 0x6421,
+	0x109e: 0x6439, 0x109f: 0x41c5, 0x10a0: 0x41e5, 0x10a1: 0x6451, 0x10a2: 0x4205, 0x10a3: 0x4225,
+	0x10a4: 0x4245, 0x10a5: 0x6469, 0x10a6: 0x4265, 0x10a7: 0x6481, 0x10a8: 0x64b1, 0x10a9: 0x6249,
+	0x10aa: 0x4285, 0x10ab: 0x42a5, 0x10ac: 0x42c5, 0x10ad: 0x42e5, 0x10ae: 0x64e9, 0x10af: 0x6529,
+	0x10b0: 0x6571, 0x10b1: 0x6589, 0x10b2: 0x4305, 0x10b3: 0x65a1, 0x10b4: 0x65b9, 0x10b5: 0x65d1,
+	0x10b6: 0x4325, 0x10b7: 0x65e9, 0x10b8: 0x6601, 0x10b9: 0x65e9, 0x10ba: 0x6619, 0x10bb: 0x6631,
+	0x10bc: 0x4345, 0x10bd: 0x6649, 0x10be: 0x6661, 0x10bf: 0x6649,
+	// Block 0x43, offset 0x10c0
+	0x10c0: 0x4365, 0x10c1: 0x4385, 0x10c2: 0x0040, 0x10c3: 0x6679, 0x10c4: 0x6691, 0x10c5: 0x66a9,
+	0x10c6: 0x66c1, 0x10c7: 0x0040, 0x10c8: 0x66f9, 0x10c9: 0x6711, 0x10ca: 0x6729, 0x10cb: 0x6741,
+	0x10cc: 0x6759, 0x10cd: 0x6771, 0x10ce: 0x6439, 0x10cf: 0x6789, 0x10d0: 0x67a1, 0x10d1: 0x67b9,
+	0x10d2: 0x43a5, 0x10d3: 0x67d1, 0x10d4: 0x62c1, 0x10d5: 0x43c5, 0x10d6: 0x43e5, 0x10d7: 0x67e9,
+	0x10d8: 0x0040, 0x10d9: 0x4405, 0x10da: 0x6801, 0x10db: 0x6819, 0x10dc: 0x6831, 0x10dd: 0x6849,
+	0x10de: 0x6861, 0x10df: 0x6891, 0x10e0: 0x68c1, 0x10e1: 0x68e9, 0x10e2: 0x6911, 0x10e3: 0x6939,
+	0x10e4: 0x6961, 0x10e5: 0x6989, 0x10e6: 0x69b1, 0x10e7: 0x69d9, 0x10e8: 0x6a01, 0x10e9: 0x6a29,
+	0x10ea: 0x6a59, 0x10eb: 0x6a89, 0x10ec: 0x6ab9, 0x10ed: 0x6ae9, 0x10ee: 0x6b19, 0x10ef: 0x6b49,
+	0x10f0: 0x6b79, 0x10f1: 0x6ba9, 0x10f2: 0x6bd9, 0x10f3: 0x6c09, 0x10f4: 0x6c39, 0x10f5: 0x6c69,
+	0x10f6: 0x6c99, 0x10f7: 0x6cc9, 0x10f8: 0x6cf9, 0x10f9: 0x6d29, 0x10fa: 0x6d59, 0x10fb: 0x6d89,
+	0x10fc: 0x6db9, 0x10fd: 0x6de9, 0x10fe: 0x6e19, 0x10ff: 0x4425,
+	// Block 0x44, offset 0x1100
+	0x1100: 0xe00d, 0x1101: 0x0008, 0x1102: 0xe00d, 0x1103: 0x0008, 0x1104: 0xe00d, 0x1105: 0x0008,
+	0x1106: 0xe00d, 0x1107: 0x0008, 0x1108: 0xe00d, 0x1109: 0x0008, 0x110a: 0xe00d, 0x110b: 0x0008,
+	0x110c: 0xe00d, 0x110d: 0x0008, 0x110e: 0xe00d, 0x110f: 0x0008, 0x1110: 0xe00d, 0x1111: 0x0008,
+	0x1112: 0xe00d, 0x1113: 0x0008, 0x1114: 0xe00d, 0x1115: 0x0008, 0x1116: 0xe00d, 0x1117: 0x0008,
+	0x1118: 0xe00d, 0x1119: 0x0008, 0x111a: 0xe00d, 0x111b: 0x0008, 0x111c: 0xe00d, 0x111d: 0x0008,
+	0x111e: 0xe00d, 0x111f: 0x0008, 0x1120: 0xe00d, 0x1121: 0x0008, 0x1122: 0xe00d, 0x1123: 0x0008,
+	0x1124: 0xe00d, 0x1125: 0x0008, 0x1126: 0xe00d, 0x1127: 0x0008, 0x1128: 0xe00d, 0x1129: 0x0008,
+	0x112a: 0xe00d, 0x112b: 0x0008, 0x112c: 0xe00d, 0x112d: 0x0008, 0x112e: 0x0008, 0x112f: 0x3308,
+	0x1130: 0x3318, 0x1131: 0x3318, 0x1132: 0x3318, 0x1133: 0x0018, 0x1134: 0x3308, 0x1135: 0x3308,
+	0x1136: 0x3308, 0x1137: 0x3308, 0x1138: 0x3308, 0x1139: 0x3308, 0x113a: 0x3308, 0x113b: 0x3308,
+	0x113c: 0x3308, 0x113d: 0x3308, 0x113e: 0x0018, 0x113f: 0x0008,
+	// Block 0x45, offset 0x1140
+	0x1140: 0xe00d, 0x1141: 0x0008, 0x1142: 0xe00d, 0x1143: 0x0008, 0x1144: 0xe00d, 0x1145: 0x0008,
+	0x1146: 0xe00d, 0x1147: 0x0008, 0x1148: 0xe00d, 0x1149: 0x0008, 0x114a: 0xe00d, 0x114b: 0x0008,
+	0x114c: 0xe00d, 0x114d: 0x0008, 0x114e: 0xe00d, 0x114f: 0x0008, 0x1150: 0xe00d, 0x1151: 0x0008,
+	0x1152: 0xe00d, 0x1153: 0x0008, 0x1154: 0xe00d, 0x1155: 0x0008, 0x1156: 0xe00d, 0x1157: 0x0008,
+	0x1158: 0xe00d, 0x1159: 0x0008, 0x115a: 0xe00d, 0x115b: 0x0008, 0x115c: 0x0ea1, 0x115d: 0x6e49,
+	0x115e: 0x3308, 0x115f: 0x3308, 0x1160: 0x0008, 0x1161: 0x0008, 0x1162: 0x0008, 0x1163: 0x0008,
+	0x1164: 0x0008, 0x1165: 0x0008, 0x1166: 0x0008, 0x1167: 0x0008, 0x1168: 0x0008, 0x1169: 0x0008,
+	0x116a: 0x0008, 0x116b: 0x0008, 0x116c: 0x0008, 0x116d: 0x0008, 0x116e: 0x0008, 0x116f: 0x0008,
+	0x1170: 0x0008, 0x1171: 0x0008, 0x1172: 0x0008, 0x1173: 0x0008, 0x1174: 0x0008, 0x1175: 0x0008,
+	0x1176: 0x0008, 0x1177: 0x0008, 0x1178: 0x0008, 0x1179: 0x0008, 0x117a: 0x0008, 0x117b: 0x0008,
+	0x117c: 0x0008, 0x117d: 0x0008, 0x117e: 0x0008, 0x117f: 0x0008,
+	// Block 0x46, offset 0x1180
+	0x1180: 0x0018, 0x1181: 0x0018, 0x1182: 0x0018, 0x1183: 0x0018, 0x1184: 0x0018, 0x1185: 0x0018,
+	0x1186: 0x0018, 0x1187: 0x0018, 0x1188: 0x0018, 0x1189: 0x0018, 0x118a: 0x0018, 0x118b: 0x0018,
+	0x118c: 0x0018, 0x118d: 0x0018, 0x118e: 0x0018, 0x118f: 0x0018, 0x1190: 0x0018, 0x1191: 0x0018,
+	0x1192: 0x0018, 0x1193: 0x0018, 0x1194: 0x0018, 0x1195: 0x0018, 0x1196: 0x0018, 0x1197: 0x0008,
+	0x1198: 0x0008, 0x1199: 0x0008, 0x119a: 0x0008, 0x119b: 0x0008, 0x119c: 0x0008, 0x119d: 0x0008,
+	0x119e: 0x0008, 0x119f: 0x0008, 0x11a0: 0x0018, 0x11a1: 0x0018, 0x11a2: 0xe00d, 0x11a3: 0x0008,
+	0x11a4: 0xe00d, 0x11a5: 0x0008, 0x11a6: 0xe00d, 0x11a7: 0x0008, 0x11a8: 0xe00d, 0x11a9: 0x0008,
+	0x11aa: 0xe00d, 0x11ab: 0x0008, 0x11ac: 0xe00d, 0x11ad: 0x0008, 0x11ae: 0xe00d, 0x11af: 0x0008,
+	0x11b0: 0x0008, 0x11b1: 0x0008, 0x11b2: 0xe00d, 0x11b3: 0x0008, 0x11b4: 0xe00d, 0x11b5: 0x0008,
+	0x11b6: 0xe00d, 0x11b7: 0x0008, 0x11b8: 0xe00d, 0x11b9: 0x0008, 0x11ba: 0xe00d, 0x11bb: 0x0008,
+	0x11bc: 0xe00d, 0x11bd: 0x0008, 0x11be: 0xe00d, 0x11bf: 0x0008,
+	// Block 0x47, offset 0x11c0
+	0x11c0: 0xe00d, 0x11c1: 0x0008, 0x11c2: 0xe00d, 0x11c3: 0x0008, 0x11c4: 0xe00d, 0x11c5: 0x0008,
+	0x11c6: 0xe00d, 0x11c7: 0x0008, 0x11c8: 0xe00d, 0x11c9: 0x0008, 0x11ca: 0xe00d, 0x11cb: 0x0008,
+	0x11cc: 0xe00d, 0x11cd: 0x0008, 0x11ce: 0xe00d, 0x11cf: 0x0008, 0x11d0: 0xe00d, 0x11d1: 0x0008,
+	0x11d2: 0xe00d, 0x11d3: 0x0008, 0x11d4: 0xe00d, 0x11d5: 0x0008, 0x11d6: 0xe00d, 0x11d7: 0x0008,
+	0x11d8: 0xe00d, 0x11d9: 0x0008, 0x11da: 0xe00d, 0x11db: 0x0008, 0x11dc: 0xe00d, 0x11dd: 0x0008,
+	0x11de: 0xe00d, 0x11df: 0x0008, 0x11e0: 0xe00d, 0x11e1: 0x0008, 0x11e2: 0xe00d, 0x11e3: 0x0008,
+	0x11e4: 0xe00d, 0x11e5: 0x0008, 0x11e6: 0xe00d, 0x11e7: 0x0008, 0x11e8: 0xe00d, 0x11e9: 0x0008,
+	0x11ea: 0xe00d, 0x11eb: 0x0008, 0x11ec: 0xe00d, 0x11ed: 0x0008, 0x11ee: 0xe00d, 0x11ef: 0x0008,
+	0x11f0: 0xe0fd, 0x11f1: 0x0008, 0x11f2: 0x0008, 0x11f3: 0x0008, 0x11f4: 0x0008, 0x11f5: 0x0008,
+	0x11f6: 0x0008, 0x11f7: 0x0008, 0x11f8: 0x0008, 0x11f9: 0xe01d, 0x11fa: 0x0008, 0x11fb: 0xe03d,
+	0x11fc: 0x0008, 0x11fd: 0x4445, 0x11fe: 0xe00d, 0x11ff: 0x0008,
+	// Block 0x48, offset 0x1200
+	0x1200: 0xe00d, 0x1201: 0x0008, 0x1202: 0xe00d, 0x1203: 0x0008, 0x1204: 0xe00d, 0x1205: 0x0008,
+	0x1206: 0xe00d, 0x1207: 0x0008, 0x1208: 0x0008, 0x1209: 0x0018, 0x120a: 0x0018, 0x120b: 0xe03d,
+	0x120c: 0x0008, 0x120d: 0x11d9, 0x120e: 0x0008, 0x120f: 0x0008, 0x1210: 0xe00d, 0x1211: 0x0008,
+	0x1212: 0xe00d, 0x1213: 0x0008, 0x1214: 0x0008, 0x1215: 0x0008, 0x1216: 0xe00d, 0x1217: 0x0008,
+	0x1218: 0xe00d, 0x1219: 0x0008, 0x121a: 0xe00d, 0x121b: 0x0008, 0x121c: 0xe00d, 0x121d: 0x0008,
+	0x121e: 0xe00d, 0x121f: 0x0008, 0x1220: 0xe00d, 0x1221: 0x0008, 0x1222: 0xe00d, 0x1223: 0x0008,
+	0x1224: 0xe00d, 0x1225: 0x0008, 0x1226: 0xe00d, 0x1227: 0x0008, 0x1228: 0xe00d, 0x1229: 0x0008,
+	0x122a: 0x6e61, 0x122b: 0x1029, 0x122c: 0x11c1, 0x122d: 0x6e79, 0x122e: 0x1221, 0x122f: 0x0008,
+	0x1230: 0x6e91, 0x1231: 0x6ea9, 0x1232: 0x1239, 0x1233: 0x4465, 0x1234: 0xe00d, 0x1235: 0x0008,
+	0x1236: 0xe00d, 0x1237: 0x0008, 0x1238: 0xe00d, 0x1239: 0x0008, 0x123a: 0xe00d, 0x123b: 0x0008,
+	0x123c: 0xe00d, 0x123d: 0x0008, 0x123e: 0xe00d, 0x123f: 0x0008,
+	// Block 0x49, offset 0x1240
+	0x1240: 0x650d, 0x1241: 0x652d, 0x1242: 0x654d, 0x1243: 0x656d, 0x1244: 0x658d, 0x1245: 0x65ad,
+	0x1246: 0x65cd, 0x1247: 0x65ed, 0x1248: 0x660d, 0x1249: 0x662d, 0x124a: 0x664d, 0x124b: 0x666d,
+	0x124c: 0x668d, 0x124d: 0x66ad, 0x124e: 0x0008, 0x124f: 0x0008, 0x1250: 0x66cd, 0x1251: 0x0008,
+	0x1252: 0x66ed, 0x1253: 0x0008, 0x1254: 0x0008, 0x1255: 0x670d, 0x1256: 0x672d, 0x1257: 0x674d,
+	0x1258: 0x676d, 0x1259: 0x678d, 0x125a: 0x67ad, 0x125b: 0x67cd, 0x125c: 0x67ed, 0x125d: 0x680d,
+	0x125e: 0x682d, 0x125f: 0x0008, 0x1260: 0x684d, 0x1261: 0x0008, 0x1262: 0x686d, 0x1263: 0x0008,
+	0x1264: 0x0008, 0x1265: 0x688d, 0x1266: 0x68ad, 0x1267: 0x0008, 0x1268: 0x0008, 0x1269: 0x0008,
+	0x126a: 0x68cd, 0x126b: 0x68ed, 0x126c: 0x690d, 0x126d: 0x692d, 0x126e: 0x694d, 0x126f: 0x696d,
+	0x1270: 0x698d, 0x1271: 0x69ad, 0x1272: 0x69cd, 0x1273: 0x69ed, 0x1274: 0x6a0d, 0x1275: 0x6a2d,
+	0x1276: 0x6a4d, 0x1277: 0x6a6d, 0x1278: 0x6a8d, 0x1279: 0x6aad, 0x127a: 0x6acd, 0x127b: 0x6aed,
+	0x127c: 0x6b0d, 0x127d: 0x6b2d, 0x127e: 0x6b4d, 0x127f: 0x6b6d,
+	// Block 0x4a, offset 0x1280
+	0x1280: 0x7acd, 0x1281: 0x7aed, 0x1282: 0x7b0d, 0x1283: 0x7b2d, 0x1284: 0x7b4d, 0x1285: 0x7b6d,
+	0x1286: 0x7b8d, 0x1287: 0x7bad, 0x1288: 0x7bcd, 0x1289: 0x7bed, 0x128a: 0x7c0d, 0x128b: 0x7c2d,
+	0x128c: 0x7c4d, 0x128d: 0x7c6d, 0x128e: 0x7c8d, 0x128f: 0x6f19, 0x1290: 0x6f41, 0x1291: 0x6f69,
+	0x1292: 0x7cad, 0x1293: 0x7ccd, 0x1294: 0x7ced, 0x1295: 0x6f91, 0x1296: 0x6fb9, 0x1297: 0x6fe1,
+	0x1298: 0x7d0d, 0x1299: 0x7d2d, 0x129a: 0x0040, 0x129b: 0x0040, 0x129c: 0x0040, 0x129d: 0x0040,
+	0x129e: 0x0040, 0x129f: 0x0040, 0x12a0: 0x0040, 0x12a1: 0x0040, 0x12a2: 0x0040, 0x12a3: 0x0040,
+	0x12a4: 0x0040, 0x12a5: 0x0040, 0x12a6: 0x0040, 0x12a7: 0x0040, 0x12a8: 0x0040, 0x12a9: 0x0040,
+	0x12aa: 0x0040, 0x12ab: 0x0040, 0x12ac: 0x0040, 0x12ad: 0x0040, 0x12ae: 0x0040, 0x12af: 0x0040,
+	0x12b0: 0x0040, 0x12b1: 0x0040, 0x12b2: 0x0040, 0x12b3: 0x0040, 0x12b4: 0x0040, 0x12b5: 0x0040,
+	0x12b6: 0x0040, 0x12b7: 0x0040, 0x12b8: 0x0040, 0x12b9: 0x0040, 0x12ba: 0x0040, 0x12bb: 0x0040,
+	0x12bc: 0x0040, 0x12bd: 0x0040, 0x12be: 0x0040, 0x12bf: 0x0040,
+	// Block 0x4b, offset 0x12c0
+	0x12c0: 0x7009, 0x12c1: 0x7021, 0x12c2: 0x7039, 0x12c3: 0x7d4d, 0x12c4: 0x7d6d, 0x12c5: 0x7051,
+	0x12c6: 0x7051, 0x12c7: 0x0040, 0x12c8: 0x0040, 0x12c9: 0x0040, 0x12ca: 0x0040, 0x12cb: 0x0040,
+	0x12cc: 0x0040, 0x12cd: 0x0040, 0x12ce: 0x0040, 0x12cf: 0x0040, 0x12d0: 0x0040, 0x12d1: 0x0040,
+	0x12d2: 0x0040, 0x12d3: 0x7069, 0x12d4: 0x7091, 0x12d5: 0x70b9, 0x12d6: 0x70e1, 0x12d7: 0x7109,
+	0x12d8: 0x0040, 0x12d9: 0x0040, 0x12da: 0x0040, 0x12db: 0x0040, 0x12dc: 0x0040, 0x12dd: 0x7131,
+	0x12de: 0x3308, 0x12df: 0x7159, 0x12e0: 0x7181, 0x12e1: 0x20a9, 0x12e2: 0x20f1, 0x12e3: 0x7199,
+	0x12e4: 0x71b1, 0x12e5: 0x71c9, 0x12e6: 0x71e1, 0x12e7: 0x71f9, 0x12e8: 0x7211, 0x12e9: 0x1fb2,
+	0x12ea: 0x7229, 0x12eb: 0x7251, 0x12ec: 0x7279, 0x12ed: 0x72b1, 0x12ee: 0x72e9, 0x12ef: 0x7311,
+	0x12f0: 0x7339, 0x12f1: 0x7361, 0x12f2: 0x7389, 0x12f3: 0x73b1, 0x12f4: 0x73d9, 0x12f5: 0x7401,
+	0x12f6: 0x7429, 0x12f7: 0x0040, 0x12f8: 0x7451, 0x12f9: 0x7479, 0x12fa: 0x74a1, 0x12fb: 0x74c9,
+	0x12fc: 0x74f1, 0x12fd: 0x0040, 0x12fe: 0x7519, 0x12ff: 0x0040,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x7541, 0x1301: 0x7569, 0x1302: 0x0040, 0x1303: 0x7591, 0x1304: 0x75b9, 0x1305: 0x0040,
+	0x1306: 0x75e1, 0x1307: 0x7609, 0x1308: 0x7631, 0x1309: 0x7659, 0x130a: 0x7681, 0x130b: 0x76a9,
+	0x130c: 0x76d1, 0x130d: 0x76f9, 0x130e: 0x7721, 0x130f: 0x7749, 0x1310: 0x7771, 0x1311: 0x7771,
+	0x1312: 0x7789, 0x1313: 0x7789, 0x1314: 0x7789, 0x1315: 0x7789, 0x1316: 0x77a1, 0x1317: 0x77a1,
+	0x1318: 0x77a1, 0x1319: 0x77a1, 0x131a: 0x77b9, 0x131b: 0x77b9, 0x131c: 0x77b9, 0x131d: 0x77b9,
+	0x131e: 0x77d1, 0x131f: 0x77d1, 0x1320: 0x77d1, 0x1321: 0x77d1, 0x1322: 0x77e9, 0x1323: 0x77e9,
+	0x1324: 0x77e9, 0x1325: 0x77e9, 0x1326: 0x7801, 0x1327: 0x7801, 0x1328: 0x7801, 0x1329: 0x7801,
+	0x132a: 0x7819, 0x132b: 0x7819, 0x132c: 0x7819, 0x132d: 0x7819, 0x132e: 0x7831, 0x132f: 0x7831,
+	0x1330: 0x7831, 0x1331: 0x7831, 0x1332: 0x7849, 0x1333: 0x7849, 0x1334: 0x7849, 0x1335: 0x7849,
+	0x1336: 0x7861, 0x1337: 0x7861, 0x1338: 0x7861, 0x1339: 0x7861, 0x133a: 0x7879, 0x133b: 0x7879,
+	0x133c: 0x7879, 0x133d: 0x7879, 0x133e: 0x7891, 0x133f: 0x7891,
+	// Block 0x4d, offset 0x1340
+	0x1340: 0x7891, 0x1341: 0x7891, 0x1342: 0x78a9, 0x1343: 0x78a9, 0x1344: 0x78c1, 0x1345: 0x78c1,
+	0x1346: 0x78d9, 0x1347: 0x78d9, 0x1348: 0x78f1, 0x1349: 0x78f1, 0x134a: 0x7909, 0x134b: 0x7909,
+	0x134c: 0x7921, 0x134d: 0x7921, 0x134e: 0x7939, 0x134f: 0x7939, 0x1350: 0x7939, 0x1351: 0x7939,
+	0x1352: 0x7951, 0x1353: 0x7951, 0x1354: 0x7951, 0x1355: 0x7951, 0x1356: 0x7969, 0x1357: 0x7969,
+	0x1358: 0x7969, 0x1359: 0x7969, 0x135a: 0x7981, 0x135b: 0x7981, 0x135c: 0x7981, 0x135d: 0x7981,
+	0x135e: 0x7999, 0x135f: 0x7999, 0x1360: 0x79b1, 0x1361: 0x79b1, 0x1362: 0x79b1, 0x1363: 0x79b1,
+	0x1364: 0x79c9, 0x1365: 0x79c9, 0x1366: 0x79e1, 0x1367: 0x79e1, 0x1368: 0x79e1, 0x1369: 0x79e1,
+	0x136a: 0x79f9, 0x136b: 0x79f9, 0x136c: 0x79f9, 0x136d: 0x79f9, 0x136e: 0x7a11, 0x136f: 0x7a11,
+	0x1370: 0x7a29, 0x1371: 0x7a29, 0x1372: 0x0818, 0x1373: 0x0818, 0x1374: 0x0818, 0x1375: 0x0818,
+	0x1376: 0x0818, 0x1377: 0x0818, 0x1378: 0x0818, 0x1379: 0x0818, 0x137a: 0x0818, 0x137b: 0x0818,
+	0x137c: 0x0818, 0x137d: 0x0818, 0x137e: 0x0818, 0x137f: 0x0818,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x0818, 0x1381: 0x0818, 0x1382: 0x0040, 0x1383: 0x0040, 0x1384: 0x0040, 0x1385: 0x0040,
+	0x1386: 0x0040, 0x1387: 0x0040, 0x1388: 0x0040, 0x1389: 0x0040, 0x138a: 0x0040, 0x138b: 0x0040,
+	0x138c: 0x0040, 0x138d: 0x0040, 0x138e: 0x0040, 0x138f: 0x0040, 0x1390: 0x0040, 0x1391: 0x0040,
+	0x1392: 0x0040, 0x1393: 0x7a41, 0x1394: 0x7a41, 0x1395: 0x7a41, 0x1396: 0x7a41, 0x1397: 0x7a59,
+	0x1398: 0x7a59, 0x1399: 0x7a71, 0x139a: 0x7a71, 0x139b: 0x7a89, 0x139c: 0x7a89, 0x139d: 0x0479,
+	0x139e: 0x7aa1, 0x139f: 0x7aa1, 0x13a0: 0x7ab9, 0x13a1: 0x7ab9, 0x13a2: 0x7ad1, 0x13a3: 0x7ad1,
+	0x13a4: 0x7ae9, 0x13a5: 0x7ae9, 0x13a6: 0x7ae9, 0x13a7: 0x7ae9, 0x13a8: 0x7b01, 0x13a9: 0x7b01,
+	0x13aa: 0x7b19, 0x13ab: 0x7b19, 0x13ac: 0x7b41, 0x13ad: 0x7b41, 0x13ae: 0x7b69, 0x13af: 0x7b69,
+	0x13b0: 0x7b91, 0x13b1: 0x7b91, 0x13b2: 0x7bb9, 0x13b3: 0x7bb9, 0x13b4: 0x7be1, 0x13b5: 0x7be1,
+	0x13b6: 0x7c09, 0x13b7: 0x7c09, 0x13b8: 0x7c09, 0x13b9: 0x7c31, 0x13ba: 0x7c31, 0x13bb: 0x7c31,
+	0x13bc: 0x7c59, 0x13bd: 0x7c59, 0x13be: 0x7c59, 0x13bf: 0x7c59,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x8649, 0x13c1: 0x8671, 0x13c2: 0x8699, 0x13c3: 0x86c1, 0x13c4: 0x86e9, 0x13c5: 0x8711,
+	0x13c6: 0x8739, 0x13c7: 0x8761, 0x13c8: 0x8789, 0x13c9: 0x87b1, 0x13ca: 0x87d9, 0x13cb: 0x8801,
+	0x13cc: 0x8829, 0x13cd: 0x8851, 0x13ce: 0x8879, 0x13cf: 0x88a1, 0x13d0: 0x88c9, 0x13d1: 0x88f1,
+	0x13d2: 0x8919, 0x13d3: 0x8941, 0x13d4: 0x8969, 0x13d5: 0x8991, 0x13d6: 0x89b9, 0x13d7: 0x89e1,
+	0x13d8: 0x8a09, 0x13d9: 0x8a31, 0x13da: 0x8a59, 0x13db: 0x8a81, 0x13dc: 0x8aa9, 0x13dd: 0x8ad1,
+	0x13de: 0x8afa, 0x13df: 0x8b2a, 0x13e0: 0x8b5a, 0x13e1: 0x8b8a, 0x13e2: 0x8bba, 0x13e3: 0x8bea,
+	0x13e4: 0x8c19, 0x13e5: 0x8c41, 0x13e6: 0x7cc1, 0x13e7: 0x8c69, 0x13e8: 0x7c31, 0x13e9: 0x7ce9,
+	0x13ea: 0x8c91, 0x13eb: 0x8cb9, 0x13ec: 0x7d89, 0x13ed: 0x8ce1, 0x13ee: 0x7db1, 0x13ef: 0x7dd9,
+	0x13f0: 0x8d09, 0x13f1: 0x8d31, 0x13f2: 0x7e79, 0x13f3: 0x8d59, 0x13f4: 0x7ea1, 0x13f5: 0x7ec9,
+	0x13f6: 0x8d81, 0x13f7: 0x8da9, 0x13f8: 0x7f19, 0x13f9: 0x8dd1, 0x13fa: 0x7f41, 0x13fb: 0x7f69,
+	0x13fc: 0x83f1, 0x13fd: 0x8419, 0x13fe: 0x8491, 0x13ff: 0x84b9,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x84e1, 0x1401: 0x8581, 0x1402: 0x85a9, 0x1403: 0x85d1, 0x1404: 0x85f9, 0x1405: 0x8699,
+	0x1406: 0x86c1, 0x1407: 0x86e9, 0x1408: 0x8df9, 0x1409: 0x8789, 0x140a: 0x8e21, 0x140b: 0x8e49,
+	0x140c: 0x8879, 0x140d: 0x8e71, 0x140e: 0x88a1, 0x140f: 0x88c9, 0x1410: 0x8ad1, 0x1411: 0x8e99,
+	0x1412: 0x8ec1, 0x1413: 0x8a09, 0x1414: 0x8ee9, 0x1415: 0x8a31, 0x1416: 0x8a59, 0x1417: 0x7c71,
+	0x1418: 0x7c99, 0x1419: 0x8f11, 0x141a: 0x7cc1, 0x141b: 0x8f39, 0x141c: 0x7d11, 0x141d: 0x7d39,
+	0x141e: 0x7d61, 0x141f: 0x7d89, 0x1420: 0x8f61, 0x1421: 0x7e01, 0x1422: 0x7e29, 0x1423: 0x7e51,
+	0x1424: 0x7e79, 0x1425: 0x8f89, 0x1426: 0x7f19, 0x1427: 0x7f91, 0x1428: 0x7fb9, 0x1429: 0x7fe1,
+	0x142a: 0x8009, 0x142b: 0x8031, 0x142c: 0x8081, 0x142d: 0x80a9, 0x142e: 0x80d1, 0x142f: 0x80f9,
+	0x1430: 0x8121, 0x1431: 0x8149, 0x1432: 0x8fb1, 0x1433: 0x8171, 0x1434: 0x8199, 0x1435: 0x81c1,
+	0x1436: 0x81e9, 0x1437: 0x8211, 0x1438: 0x8239, 0x1439: 0x8289, 0x143a: 0x82b1, 0x143b: 0x82d9,
+	0x143c: 0x8301, 0x143d: 0x8329, 0x143e: 0x8351, 0x143f: 0x8379,
+	// Block 0x51, offset 0x1440
+	0x1440: 0x83a1, 0x1441: 0x83c9, 0x1442: 0x8441, 0x1443: 0x8469, 0x1444: 0x8509, 0x1445: 0x8531,
+	0x1446: 0x8559, 0x1447: 0x8581, 0x1448: 0x85a9, 0x1449: 0x8621, 0x144a: 0x8649, 0x144b: 0x8671,
+	0x144c: 0x8699, 0x144d: 0x8fd9, 0x144e: 0x8711, 0x144f: 0x8739, 0x1450: 0x8761, 0x1451: 0x8789,
+	0x1452: 0x8801, 0x1453: 0x8829, 0x1454: 0x8851, 0x1455: 0x8879, 0x1456: 0x9001, 0x1457: 0x88f1,
+	0x1458: 0x8919, 0x1459: 0x9029, 0x145a: 0x8991, 0x145b: 0x89b9, 0x145c: 0x89e1, 0x145d: 0x8a09,
+	0x145e: 0x9051, 0x145f: 0x7cc1, 0x1460: 0x8f39, 0x1461: 0x7d89, 0x1462: 0x8f61, 0x1463: 0x7e79,
+	0x1464: 0x8f89, 0x1465: 0x7f19, 0x1466: 0x9079, 0x1467: 0x8121, 0x1468: 0x90a1, 0x1469: 0x90c9,
+	0x146a: 0x90f1, 0x146b: 0x8581, 0x146c: 0x85a9, 0x146d: 0x8699, 0x146e: 0x8879, 0x146f: 0x9001,
+	0x1470: 0x8a09, 0x1471: 0x9051, 0x1472: 0x9119, 0x1473: 0x9151, 0x1474: 0x9189, 0x1475: 0x91c1,
+	0x1476: 0x91e9, 0x1477: 0x9211, 0x1478: 0x9239, 0x1479: 0x9261, 0x147a: 0x9289, 0x147b: 0x92b1,
+	0x147c: 0x92d9, 0x147d: 0x9301, 0x147e: 0x9329, 0x147f: 0x9351,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x9379, 0x1481: 0x93a1, 0x1482: 0x93c9, 0x1483: 0x93f1, 0x1484: 0x9419, 0x1485: 0x9441,
+	0x1486: 0x9469, 0x1487: 0x9491, 0x1488: 0x94b9, 0x1489: 0x94e1, 0x148a: 0x9509, 0x148b: 0x9531,
+	0x148c: 0x90c9, 0x148d: 0x9559, 0x148e: 0x9581, 0x148f: 0x95a9, 0x1490: 0x95d1, 0x1491: 0x91c1,
+	0x1492: 0x91e9, 0x1493: 0x9211, 0x1494: 0x9239, 0x1495: 0x9261, 0x1496: 0x9289, 0x1497: 0x92b1,
+	0x1498: 0x92d9, 0x1499: 0x9301, 0x149a: 0x9329, 0x149b: 0x9351, 0x149c: 0x9379, 0x149d: 0x93a1,
+	0x149e: 0x93c9, 0x149f: 0x93f1, 0x14a0: 0x9419, 0x14a1: 0x9441, 0x14a2: 0x9469, 0x14a3: 0x9491,
+	0x14a4: 0x94b9, 0x14a5: 0x94e1, 0x14a6: 0x9509, 0x14a7: 0x9531, 0x14a8: 0x90c9, 0x14a9: 0x9559,
+	0x14aa: 0x9581, 0x14ab: 0x95a9, 0x14ac: 0x95d1, 0x14ad: 0x94e1, 0x14ae: 0x9509, 0x14af: 0x9531,
+	0x14b0: 0x90c9, 0x14b1: 0x90a1, 0x14b2: 0x90f1, 0x14b3: 0x8261, 0x14b4: 0x80a9, 0x14b5: 0x80d1,
+	0x14b6: 0x80f9, 0x14b7: 0x94e1, 0x14b8: 0x9509, 0x14b9: 0x9531, 0x14ba: 0x8261, 0x14bb: 0x8289,
+	0x14bc: 0x95f9, 0x14bd: 0x95f9, 0x14be: 0x0018, 0x14bf: 0x0018,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0x0040, 0x14c1: 0x0040, 0x14c2: 0x0040, 0x14c3: 0x0040, 0x14c4: 0x0040, 0x14c5: 0x0040,
+	0x14c6: 0x0040, 0x14c7: 0x0040, 0x14c8: 0x0040, 0x14c9: 0x0040, 0x14ca: 0x0040, 0x14cb: 0x0040,
+	0x14cc: 0x0040, 0x14cd: 0x0040, 0x14ce: 0x0040, 0x14cf: 0x0040, 0x14d0: 0x9621, 0x14d1: 0x9659,
+	0x14d2: 0x9659, 0x14d3: 0x9691, 0x14d4: 0x96c9, 0x14d5: 0x9701, 0x14d6: 0x9739, 0x14d7: 0x9771,
+	0x14d8: 0x97a9, 0x14d9: 0x97a9, 0x14da: 0x97e1, 0x14db: 0x9819, 0x14dc: 0x9851, 0x14dd: 0x9889,
+	0x14de: 0x98c1, 0x14df: 0x98f9, 0x14e0: 0x98f9, 0x14e1: 0x9931, 0x14e2: 0x9969, 0x14e3: 0x9969,
+	0x14e4: 0x99a1, 0x14e5: 0x99a1, 0x14e6: 0x99d9, 0x14e7: 0x9a11, 0x14e8: 0x9a11, 0x14e9: 0x9a49,
+	0x14ea: 0x9a81, 0x14eb: 0x9a81, 0x14ec: 0x9ab9, 0x14ed: 0x9ab9, 0x14ee: 0x9af1, 0x14ef: 0x9b29,
+	0x14f0: 0x9b29, 0x14f1: 0x9b61, 0x14f2: 0x9b61, 0x14f3: 0x9b99, 0x14f4: 0x9bd1, 0x14f5: 0x9c09,
+	0x14f6: 0x9c41, 0x14f7: 0x9c41, 0x14f8: 0x9c79, 0x14f9: 0x9cb1, 0x14fa: 0x9ce9, 0x14fb: 0x9d21,
+	0x14fc: 0x9d59, 0x14fd: 0x9d59, 0x14fe: 0x9d91, 0x14ff: 0x9dc9,
+	// Block 0x54, offset 0x1500
+	0x1500: 0xa999, 0x1501: 0xa9d1, 0x1502: 0xaa09, 0x1503: 0xa8f1, 0x1504: 0x9c09, 0x1505: 0x99d9,
+	0x1506: 0xaa41, 0x1507: 0xaa79, 0x1508: 0x0040, 0x1509: 0x0040, 0x150a: 0x0040, 0x150b: 0x0040,
+	0x150c: 0x0040, 0x150d: 0x0040, 0x150e: 0x0040, 0x150f: 0x0040, 0x1510: 0x0040, 0x1511: 0x0040,
+	0x1512: 0x0040, 0x1513: 0x0040, 0x1514: 0x0040, 0x1515: 0x0040, 0x1516: 0x0040, 0x1517: 0x0040,
+	0x1518: 0x0040, 0x1519: 0x0040, 0x151a: 0x0040, 0x151b: 0x0040, 0x151c: 0x0040, 0x151d: 0x0040,
+	0x151e: 0x0040, 0x151f: 0x0040, 0x1520: 0x0040, 0x1521: 0x0040, 0x1522: 0x0040, 0x1523: 0x0040,
+	0x1524: 0x0040, 0x1525: 0x0040, 0x1526: 0x0040, 0x1527: 0x0040, 0x1528: 0x0040, 0x1529: 0x0040,
+	0x152a: 0x0040, 0x152b: 0x0040, 0x152c: 0x0040, 0x152d: 0x0040, 0x152e: 0x0040, 0x152f: 0x0040,
+	0x1530: 0xaab1, 0x1531: 0xaae9, 0x1532: 0xab21, 0x1533: 0xab69, 0x1534: 0xabb1, 0x1535: 0xabf9,
+	0x1536: 0xac41, 0x1537: 0xac89, 0x1538: 0xacd1, 0x1539: 0xad19, 0x153a: 0xad52, 0x153b: 0xae62,
+	0x153c: 0xaee1, 0x153d: 0x0018, 0x153e: 0x0040, 0x153f: 0x0040,
+	// Block 0x55, offset 0x1540
+	0x1540: 0x33c0, 0x1541: 0x33c0, 0x1542: 0x33c0, 0x1543: 0x33c0, 0x1544: 0x33c0, 0x1545: 0x33c0,
+	0x1546: 0x33c0, 0x1547: 0x33c0, 0x1548: 0x33c0, 0x1549: 0x33c0, 0x154a: 0x33c0, 0x154b: 0x33c0,
+	0x154c: 0x33c0, 0x154d: 0x33c0, 0x154e: 0x33c0, 0x154f: 0x33c0, 0x1550: 0xaf2a, 0x1551: 0x7d8d,
+	0x1552: 0x0040, 0x1553: 0xaf3a, 0x1554: 0x03c2, 0x1555: 0xaf4a, 0x1556: 0xaf5a, 0x1557: 0x7dad,
+	0x1558: 0x7dcd, 0x1559: 0x0040, 0x155a: 0x0040, 0x155b: 0x0040, 0x155c: 0x0040, 0x155d: 0x0040,
+	0x155e: 0x0040, 0x155f: 0x0040, 0x1560: 0x3308, 0x1561: 0x3308, 0x1562: 0x3308, 0x1563: 0x3308,
+	0x1564: 0x3308, 0x1565: 0x3308, 0x1566: 0x3308, 0x1567: 0x3308, 0x1568: 0x3308, 0x1569: 0x3308,
+	0x156a: 0x3308, 0x156b: 0x3308, 0x156c: 0x3308, 0x156d: 0x3308, 0x156e: 0x3308, 0x156f: 0x3308,
+	0x1570: 0x0040, 0x1571: 0x7ded, 0x1572: 0x7e0d, 0x1573: 0xaf6a, 0x1574: 0xaf6a, 0x1575: 0x1fd2,
+	0x1576: 0x1fe2, 0x1577: 0xaf7a, 0x1578: 0xaf8a, 0x1579: 0x7e2d, 0x157a: 0x7e4d, 0x157b: 0x7e6d,
+	0x157c: 0x7e2d, 0x157d: 0x7e8d, 0x157e: 0x7ead, 0x157f: 0x7e8d,
+	// Block 0x56, offset 0x1580
+	0x1580: 0x7ecd, 0x1581: 0x7eed, 0x1582: 0x7f0d, 0x1583: 0x7eed, 0x1584: 0x7f2d, 0x1585: 0x0018,
+	0x1586: 0x0018, 0x1587: 0xaf9a, 0x1588: 0xafaa, 0x1589: 0x7f4e, 0x158a: 0x7f6e, 0x158b: 0x7f8e,
+	0x158c: 0x7fae, 0x158d: 0xaf6a, 0x158e: 0xaf6a, 0x158f: 0xaf6a, 0x1590: 0xaf2a, 0x1591: 0x7fcd,
+	0x1592: 0x0040, 0x1593: 0x0040, 0x1594: 0x03c2, 0x1595: 0xaf3a, 0x1596: 0xaf5a, 0x1597: 0xaf4a,
+	0x1598: 0x7fed, 0x1599: 0x1fd2, 0x159a: 0x1fe2, 0x159b: 0xaf7a, 0x159c: 0xaf8a, 0x159d: 0x7ecd,
+	0x159e: 0x7f2d, 0x159f: 0xafba, 0x15a0: 0xafca, 0x15a1: 0xafda, 0x15a2: 0x1fb2, 0x15a3: 0xafe9,
+	0x15a4: 0xaffa, 0x15a5: 0xb00a, 0x15a6: 0x1fc2, 0x15a7: 0x0040, 0x15a8: 0xb01a, 0x15a9: 0xb02a,
+	0x15aa: 0xb03a, 0x15ab: 0xb04a, 0x15ac: 0x0040, 0x15ad: 0x0040, 0x15ae: 0x0040, 0x15af: 0x0040,
+	0x15b0: 0x800e, 0x15b1: 0xb059, 0x15b2: 0x802e, 0x15b3: 0x0808, 0x15b4: 0x804e, 0x15b5: 0x0040,
+	0x15b6: 0x806e, 0x15b7: 0xb081, 0x15b8: 0x808e, 0x15b9: 0xb0a9, 0x15ba: 0x80ae, 0x15bb: 0xb0d1,
+	0x15bc: 0x80ce, 0x15bd: 0xb0f9, 0x15be: 0x80ee, 0x15bf: 0xb121,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0xb149, 0x15c1: 0xb161, 0x15c2: 0xb161, 0x15c3: 0xb179, 0x15c4: 0xb179, 0x15c5: 0xb191,
+	0x15c6: 0xb191, 0x15c7: 0xb1a9, 0x15c8: 0xb1a9, 0x15c9: 0xb1c1, 0x15ca: 0xb1c1, 0x15cb: 0xb1c1,
+	0x15cc: 0xb1c1, 0x15cd: 0xb1d9, 0x15ce: 0xb1d9, 0x15cf: 0xb1f1, 0x15d0: 0xb1f1, 0x15d1: 0xb1f1,
+	0x15d2: 0xb1f1, 0x15d3: 0xb209, 0x15d4: 0xb209, 0x15d5: 0xb221, 0x15d6: 0xb221, 0x15d7: 0xb221,
+	0x15d8: 0xb221, 0x15d9: 0xb239, 0x15da: 0xb239, 0x15db: 0xb239, 0x15dc: 0xb239, 0x15dd: 0xb251,
+	0x15de: 0xb251, 0x15df: 0xb251, 0x15e0: 0xb251, 0x15e1: 0xb269, 0x15e2: 0xb269, 0x15e3: 0xb269,
+	0x15e4: 0xb269, 0x15e5: 0xb281, 0x15e6: 0xb281, 0x15e7: 0xb281, 0x15e8: 0xb281, 0x15e9: 0xb299,
+	0x15ea: 0xb299, 0x15eb: 0xb2b1, 0x15ec: 0xb2b1, 0x15ed: 0xb2c9, 0x15ee: 0xb2c9, 0x15ef: 0xb2e1,
+	0x15f0: 0xb2e1, 0x15f1: 0xb2f9, 0x15f2: 0xb2f9, 0x15f3: 0xb2f9, 0x15f4: 0xb2f9, 0x15f5: 0xb311,
+	0x15f6: 0xb311, 0x15f7: 0xb311, 0x15f8: 0xb311, 0x15f9: 0xb329, 0x15fa: 0xb329, 0x15fb: 0xb329,
+	0x15fc: 0xb329, 0x15fd: 0xb341, 0x15fe: 0xb341, 0x15ff: 0xb341,
+	// Block 0x58, offset 0x1600
+	0x1600: 0xb341, 0x1601: 0xb359, 0x1602: 0xb359, 0x1603: 0xb359, 0x1604: 0xb359, 0x1605: 0xb371,
+	0x1606: 0xb371, 0x1607: 0xb371, 0x1608: 0xb371, 0x1609: 0xb389, 0x160a: 0xb389, 0x160b: 0xb389,
+	0x160c: 0xb389, 0x160d: 0xb3a1, 0x160e: 0xb3a1, 0x160f: 0xb3a1, 0x1610: 0xb3a1, 0x1611: 0xb3b9,
+	0x1612: 0xb3b9, 0x1613: 0xb3b9, 0x1614: 0xb3b9, 0x1615: 0xb3d1, 0x1616: 0xb3d1, 0x1617: 0xb3d1,
+	0x1618: 0xb3d1, 0x1619: 0xb3e9, 0x161a: 0xb3e9, 0x161b: 0xb3e9, 0x161c: 0xb3e9, 0x161d: 0xb401,
+	0x161e: 0xb401, 0x161f: 0xb401, 0x1620: 0xb401, 0x1621: 0xb419, 0x1622: 0xb419, 0x1623: 0xb419,
+	0x1624: 0xb419, 0x1625: 0xb431, 0x1626: 0xb431, 0x1627: 0xb431, 0x1628: 0xb431, 0x1629: 0xb449,
+	0x162a: 0xb449, 0x162b: 0xb449, 0x162c: 0xb449, 0x162d: 0xb461, 0x162e: 0xb461, 0x162f: 0x7b01,
+	0x1630: 0x7b01, 0x1631: 0xb479, 0x1632: 0xb479, 0x1633: 0xb479, 0x1634: 0xb479, 0x1635: 0xb491,
+	0x1636: 0xb491, 0x1637: 0xb4b9, 0x1638: 0xb4b9, 0x1639: 0xb4e1, 0x163a: 0xb4e1, 0x163b: 0xb509,
+	0x163c: 0xb509, 0x163d: 0x0040, 0x163e: 0x0040, 0x163f: 0x03c0,
+	// Block 0x59, offset 0x1640
+	0x1640: 0x0040, 0x1641: 0xaf4a, 0x1642: 0xb532, 0x1643: 0xafba, 0x1644: 0xb02a, 0x1645: 0xb03a,
+	0x1646: 0xafca, 0x1647: 0xb542, 0x1648: 0x1fd2, 0x1649: 0x1fe2, 0x164a: 0xafda, 0x164b: 0x1fb2,
+	0x164c: 0xaf2a, 0x164d: 0xafe9, 0x164e: 0x29d1, 0x164f: 0xb552, 0x1650: 0x1f41, 0x1651: 0x00c9,
+	0x1652: 0x0069, 0x1653: 0x0079, 0x1654: 0x1f51, 0x1655: 0x1f61, 0x1656: 0x1f71, 0x1657: 0x1f81,
+	0x1658: 0x1f91, 0x1659: 0x1fa1, 0x165a: 0xaf3a, 0x165b: 0x03c2, 0x165c: 0xaffa, 0x165d: 0x1fc2,
+	0x165e: 0xb00a, 0x165f: 0xaf5a, 0x1660: 0xb04a, 0x1661: 0x0039, 0x1662: 0x0ee9, 0x1663: 0x1159,
+	0x1664: 0x0ef9, 0x1665: 0x0f09, 0x1666: 0x1199, 0x1667: 0x0f31, 0x1668: 0x0249, 0x1669: 0x0f41,
+	0x166a: 0x0259, 0x166b: 0x0f51, 0x166c: 0x0359, 0x166d: 0x0f61, 0x166e: 0x0f71, 0x166f: 0x00d9,
+	0x1670: 0x0f99, 0x1671: 0x2039, 0x1672: 0x0269, 0x1673: 0x01d9, 0x1674: 0x0fa9, 0x1675: 0x0fb9,
+	0x1676: 0x1089, 0x1677: 0x0279, 0x1678: 0x0369, 0x1679: 0x0289, 0x167a: 0x13d1, 0x167b: 0xaf9a,
+	0x167c: 0xb01a, 0x167d: 0xafaa, 0x167e: 0xb562, 0x167f: 0xaf6a,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x1caa, 0x1681: 0x0039, 0x1682: 0x0ee9, 0x1683: 0x1159, 0x1684: 0x0ef9, 0x1685: 0x0f09,
+	0x1686: 0x1199, 0x1687: 0x0f31, 0x1688: 0x0249, 0x1689: 0x0f41, 0x168a: 0x0259, 0x168b: 0x0f51,
+	0x168c: 0x0359, 0x168d: 0x0f61, 0x168e: 0x0f71, 0x168f: 0x00d9, 0x1690: 0x0f99, 0x1691: 0x2039,
+	0x1692: 0x0269, 0x1693: 0x01d9, 0x1694: 0x0fa9, 0x1695: 0x0fb9, 0x1696: 0x1089, 0x1697: 0x0279,
+	0x1698: 0x0369, 0x1699: 0x0289, 0x169a: 0x13d1, 0x169b: 0xaf7a, 0x169c: 0xb572, 0x169d: 0xaf8a,
+	0x169e: 0xb582, 0x169f: 0x810d, 0x16a0: 0x812d, 0x16a1: 0x29d1, 0x16a2: 0x814d, 0x16a3: 0x814d,
+	0x16a4: 0x816d, 0x16a5: 0x818d, 0x16a6: 0x81ad, 0x16a7: 0x81cd, 0x16a8: 0x81ed, 0x16a9: 0x820d,
+	0x16aa: 0x822d, 0x16ab: 0x824d, 0x16ac: 0x826d, 0x16ad: 0x828d, 0x16ae: 0x82ad, 0x16af: 0x82cd,
+	0x16b0: 0x82ed, 0x16b1: 0x830d, 0x16b2: 0x832d, 0x16b3: 0x834d, 0x16b4: 0x836d, 0x16b5: 0x838d,
+	0x16b6: 0x83ad, 0x16b7: 0x83cd, 0x16b8: 0x83ed, 0x16b9: 0x840d, 0x16ba: 0x842d, 0x16bb: 0x844d,
+	0x16bc: 0x81ed, 0x16bd: 0x846d, 0x16be: 0x848d, 0x16bf: 0x824d,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x84ad, 0x16c1: 0x84cd, 0x16c2: 0x84ed, 0x16c3: 0x850d, 0x16c4: 0x852d, 0x16c5: 0x854d,
+	0x16c6: 0x856d, 0x16c7: 0x858d, 0x16c8: 0x850d, 0x16c9: 0x85ad, 0x16ca: 0x850d, 0x16cb: 0x85cd,
+	0x16cc: 0x85cd, 0x16cd: 0x85ed, 0x16ce: 0x85ed, 0x16cf: 0x860d, 0x16d0: 0x854d, 0x16d1: 0x862d,
+	0x16d2: 0x864d, 0x16d3: 0x862d, 0x16d4: 0x866d, 0x16d5: 0x864d, 0x16d6: 0x868d, 0x16d7: 0x868d,
+	0x16d8: 0x86ad, 0x16d9: 0x86ad, 0x16da: 0x86cd, 0x16db: 0x86cd, 0x16dc: 0x864d, 0x16dd: 0x814d,
+	0x16de: 0x86ed, 0x16df: 0x870d, 0x16e0: 0x0040, 0x16e1: 0x872d, 0x16e2: 0x874d, 0x16e3: 0x876d,
+	0x16e4: 0x878d, 0x16e5: 0x876d, 0x16e6: 0x87ad, 0x16e7: 0x87cd, 0x16e8: 0x87ed, 0x16e9: 0x87ed,
+	0x16ea: 0x880d, 0x16eb: 0x880d, 0x16ec: 0x882d, 0x16ed: 0x882d, 0x16ee: 0x880d, 0x16ef: 0x880d,
+	0x16f0: 0x884d, 0x16f1: 0x886d, 0x16f2: 0x888d, 0x16f3: 0x88ad, 0x16f4: 0x88cd, 0x16f5: 0x88ed,
+	0x16f6: 0x88ed, 0x16f7: 0x88ed, 0x16f8: 0x890d, 0x16f9: 0x890d, 0x16fa: 0x890d, 0x16fb: 0x890d,
+	0x16fc: 0x87ed, 0x16fd: 0x87ed, 0x16fe: 0x87ed, 0x16ff: 0x0040,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x0040, 0x1701: 0x0040, 0x1702: 0x874d, 0x1703: 0x872d, 0x1704: 0x892d, 0x1705: 0x872d,
+	0x1706: 0x874d, 0x1707: 0x872d, 0x1708: 0x0040, 0x1709: 0x0040, 0x170a: 0x894d, 0x170b: 0x874d,
+	0x170c: 0x896d, 0x170d: 0x892d, 0x170e: 0x896d, 0x170f: 0x874d, 0x1710: 0x0040, 0x1711: 0x0040,
+	0x1712: 0x898d, 0x1713: 0x89ad, 0x1714: 0x88ad, 0x1715: 0x896d, 0x1716: 0x892d, 0x1717: 0x896d,
+	0x1718: 0x0040, 0x1719: 0x0040, 0x171a: 0x89cd, 0x171b: 0x89ed, 0x171c: 0x89cd, 0x171d: 0x0040,
+	0x171e: 0x0040, 0x171f: 0x0040, 0x1720: 0xb591, 0x1721: 0xb5a9, 0x1722: 0xb5c1, 0x1723: 0x8a0e,
+	0x1724: 0xb5d9, 0x1725: 0xb5f1, 0x1726: 0x8a2d, 0x1727: 0x0040, 0x1728: 0x8a4d, 0x1729: 0x8a6d,
+	0x172a: 0x8a8d, 0x172b: 0x8a6d, 0x172c: 0x8aad, 0x172d: 0x8acd, 0x172e: 0x8aed, 0x172f: 0x0040,
+	0x1730: 0x0040, 0x1731: 0x0040, 0x1732: 0x0040, 0x1733: 0x0040, 0x1734: 0x0040, 0x1735: 0x0040,
+	0x1736: 0x0040, 0x1737: 0x0040, 0x1738: 0x0040, 0x1739: 0x0340, 0x173a: 0x0340, 0x173b: 0x0340,
+	0x173c: 0x0040, 0x173d: 0x0040, 0x173e: 0x0040, 0x173f: 0x0040,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x0a08, 0x1741: 0x0a08, 0x1742: 0x0a08, 0x1743: 0x0a08, 0x1744: 0x0a08, 0x1745: 0x0c08,
+	0x1746: 0x0808, 0x1747: 0x0c08, 0x1748: 0x0818, 0x1749: 0x0c08, 0x174a: 0x0c08, 0x174b: 0x0808,
+	0x174c: 0x0808, 0x174d: 0x0908, 0x174e: 0x0c08, 0x174f: 0x0c08, 0x1750: 0x0c08, 0x1751: 0x0c08,
+	0x1752: 0x0c08, 0x1753: 0x0a08, 0x1754: 0x0a08, 0x1755: 0x0a08, 0x1756: 0x0a08, 0x1757: 0x0908,
+	0x1758: 0x0a08, 0x1759: 0x0a08, 0x175a: 0x0a08, 0x175b: 0x0a08, 0x175c: 0x0a08, 0x175d: 0x0c08,
+	0x175e: 0x0a08, 0x175f: 0x0a08, 0x1760: 0x0a08, 0x1761: 0x0c08, 0x1762: 0x0808, 0x1763: 0x0808,
+	0x1764: 0x0c08, 0x1765: 0x3308, 0x1766: 0x3308, 0x1767: 0x0040, 0x1768: 0x0040, 0x1769: 0x0040,
+	0x176a: 0x0040, 0x176b: 0x0a18, 0x176c: 0x0a18, 0x176d: 0x0a18, 0x176e: 0x0a18, 0x176f: 0x0c18,
+	0x1770: 0x0818, 0x1771: 0x0818, 0x1772: 0x0818, 0x1773: 0x0818, 0x1774: 0x0818, 0x1775: 0x0818,
+	0x1776: 0x0818, 0x1777: 0x0040, 0x1778: 0x0040, 0x1779: 0x0040, 0x177a: 0x0040, 0x177b: 0x0040,
+	0x177c: 0x0040, 0x177d: 0x0040, 0x177e: 0x0040, 0x177f: 0x0040,
+	// Block 0x5e, offset 0x1780
+	0x1780: 0x0a08, 0x1781: 0x0c08, 0x1782: 0x0a08, 0x1783: 0x0c08, 0x1784: 0x0c08, 0x1785: 0x0c08,
+	0x1786: 0x0a08, 0x1787: 0x0a08, 0x1788: 0x0a08, 0x1789: 0x0c08, 0x178a: 0x0a08, 0x178b: 0x0a08,
+	0x178c: 0x0c08, 0x178d: 0x0a08, 0x178e: 0x0c08, 0x178f: 0x0c08, 0x1790: 0x0a08, 0x1791: 0x0c08,
+	0x1792: 0x0040, 0x1793: 0x0040, 0x1794: 0x0040, 0x1795: 0x0040, 0x1796: 0x0040, 0x1797: 0x0040,
+	0x1798: 0x0040, 0x1799: 0x0818, 0x179a: 0x0818, 0x179b: 0x0818, 0x179c: 0x0818, 0x179d: 0x0040,
+	0x179e: 0x0040, 0x179f: 0x0040, 0x17a0: 0x0040, 0x17a1: 0x0040, 0x17a2: 0x0040, 0x17a3: 0x0040,
+	0x17a4: 0x0040, 0x17a5: 0x0040, 0x17a6: 0x0040, 0x17a7: 0x0040, 0x17a8: 0x0040, 0x17a9: 0x0c18,
+	0x17aa: 0x0c18, 0x17ab: 0x0c18, 0x17ac: 0x0c18, 0x17ad: 0x0a18, 0x17ae: 0x0a18, 0x17af: 0x0818,
+	0x17b0: 0x0040, 0x17b1: 0x0040, 0x17b2: 0x0040, 0x17b3: 0x0040, 0x17b4: 0x0040, 0x17b5: 0x0040,
+	0x17b6: 0x0040, 0x17b7: 0x0040, 0x17b8: 0x0040, 0x17b9: 0x0040, 0x17ba: 0x0040, 0x17bb: 0x0040,
+	0x17bc: 0x0040, 0x17bd: 0x0040, 0x17be: 0x0040, 0x17bf: 0x0040,
+	// Block 0x5f, offset 0x17c0
+	0x17c0: 0x3308, 0x17c1: 0x3308, 0x17c2: 0x3008, 0x17c3: 0x3008, 0x17c4: 0x0040, 0x17c5: 0x0008,
+	0x17c6: 0x0008, 0x17c7: 0x0008, 0x17c8: 0x0008, 0x17c9: 0x0008, 0x17ca: 0x0008, 0x17cb: 0x0008,
+	0x17cc: 0x0008, 0x17cd: 0x0040, 0x17ce: 0x0040, 0x17cf: 0x0008, 0x17d0: 0x0008, 0x17d1: 0x0040,
+	0x17d2: 0x0040, 0x17d3: 0x0008, 0x17d4: 0x0008, 0x17d5: 0x0008, 0x17d6: 0x0008, 0x17d7: 0x0008,
+	0x17d8: 0x0008, 0x17d9: 0x0008, 0x17da: 0x0008, 0x17db: 0x0008, 0x17dc: 0x0008, 0x17dd: 0x0008,
+	0x17de: 0x0008, 0x17df: 0x0008, 0x17e0: 0x0008, 0x17e1: 0x0008, 0x17e2: 0x0008, 0x17e3: 0x0008,
+	0x17e4: 0x0008, 0x17e5: 0x0008, 0x17e6: 0x0008, 0x17e7: 0x0008, 0x17e8: 0x0008, 0x17e9: 0x0040,
+	0x17ea: 0x0008, 0x17eb: 0x0008, 0x17ec: 0x0008, 0x17ed: 0x0008, 0x17ee: 0x0008, 0x17ef: 0x0008,
+	0x17f0: 0x0008, 0x17f1: 0x0040, 0x17f2: 0x0008, 0x17f3: 0x0008, 0x17f4: 0x0040, 0x17f5: 0x0008,
+	0x17f6: 0x0008, 0x17f7: 0x0008, 0x17f8: 0x0008, 0x17f9: 0x0008, 0x17fa: 0x0040, 0x17fb: 0x3308,
+	0x17fc: 0x3308, 0x17fd: 0x0008, 0x17fe: 0x3008, 0x17ff: 0x3008,
+	// Block 0x60, offset 0x1800
+	0x1800: 0x3308, 0x1801: 0x3008, 0x1802: 0x3008, 0x1803: 0x3008, 0x1804: 0x3008, 0x1805: 0x0040,
+	0x1806: 0x0040, 0x1807: 0x3008, 0x1808: 0x3008, 0x1809: 0x0040, 0x180a: 0x0040, 0x180b: 0x3008,
+	0x180c: 0x3008, 0x180d: 0x3808, 0x180e: 0x0040, 0x180f: 0x0040, 0x1810: 0x0008, 0x1811: 0x0040,
+	0x1812: 0x0040, 0x1813: 0x0040, 0x1814: 0x0040, 0x1815: 0x0040, 0x1816: 0x0040, 0x1817: 0x3008,
+	0x1818: 0x0040, 0x1819: 0x0040, 0x181a: 0x0040, 0x181b: 0x0040, 0x181c: 0x0040, 0x181d: 0x0008,
+	0x181e: 0x0008, 0x181f: 0x0008, 0x1820: 0x0008, 0x1821: 0x0008, 0x1822: 0x3008, 0x1823: 0x3008,
+	0x1824: 0x0040, 0x1825: 0x0040, 0x1826: 0x3308, 0x1827: 0x3308, 0x1828: 0x3308, 0x1829: 0x3308,
+	0x182a: 0x3308, 0x182b: 0x3308, 0x182c: 0x3308, 0x182d: 0x0040, 0x182e: 0x0040, 0x182f: 0x0040,
+	0x1830: 0x3308, 0x1831: 0x3308, 0x1832: 0x3308, 0x1833: 0x3308, 0x1834: 0x3308, 0x1835: 0x0040,
+	0x1836: 0x0040, 0x1837: 0x0040, 0x1838: 0x0040, 0x1839: 0x0040, 0x183a: 0x0040, 0x183b: 0x0040,
+	0x183c: 0x0040, 0x183d: 0x0040, 0x183e: 0x0040, 0x183f: 0x0040,
+	// Block 0x61, offset 0x1840
+	0x1840: 0x0008, 0x1841: 0x0008, 0x1842: 0x0008, 0x1843: 0x0008, 0x1844: 0x0008, 0x1845: 0x0008,
+	0x1846: 0x0008, 0x1847: 0x0040, 0x1848: 0x0040, 0x1849: 0x0008, 0x184a: 0x0040, 0x184b: 0x0040,
+	0x184c: 0x0008, 0x184d: 0x0008, 0x184e: 0x0008, 0x184f: 0x0008, 0x1850: 0x0008, 0x1851: 0x0008,
+	0x1852: 0x0008, 0x1853: 0x0008, 0x1854: 0x0040, 0x1855: 0x0008, 0x1856: 0x0008, 0x1857: 0x0040,
+	0x1858: 0x0008, 0x1859: 0x0008, 0x185a: 0x0008, 0x185b: 0x0008, 0x185c: 0x0008, 0x185d: 0x0008,
+	0x185e: 0x0008, 0x185f: 0x0008, 0x1860: 0x0008, 0x1861: 0x0008, 0x1862: 0x0008, 0x1863: 0x0008,
+	0x1864: 0x0008, 0x1865: 0x0008, 0x1866: 0x0008, 0x1867: 0x0008, 0x1868: 0x0008, 0x1869: 0x0008,
+	0x186a: 0x0008, 0x186b: 0x0008, 0x186c: 0x0008, 0x186d: 0x0008, 0x186e: 0x0008, 0x186f: 0x0008,
+	0x1870: 0x3008, 0x1871: 0x3008, 0x1872: 0x3008, 0x1873: 0x3008, 0x1874: 0x3008, 0x1875: 0x3008,
+	0x1876: 0x0040, 0x1877: 0x3008, 0x1878: 0x3008, 0x1879: 0x0040, 0x187a: 0x0040, 0x187b: 0x3308,
+	0x187c: 0x3308, 0x187d: 0x3808, 0x187e: 0x3b08, 0x187f: 0x0008,
+	// Block 0x62, offset 0x1880
+	0x1880: 0x0039, 0x1881: 0x0ee9, 0x1882: 0x1159, 0x1883: 0x0ef9, 0x1884: 0x0f09, 0x1885: 0x1199,
+	0x1886: 0x0f31, 0x1887: 0x0249, 0x1888: 0x0f41, 0x1889: 0x0259, 0x188a: 0x0f51, 0x188b: 0x0359,
+	0x188c: 0x0f61, 0x188d: 0x0f71, 0x188e: 0x00d9, 0x188f: 0x0f99, 0x1890: 0x2039, 0x1891: 0x0269,
+	0x1892: 0x01d9, 0x1893: 0x0fa9, 0x1894: 0x0fb9, 0x1895: 0x1089, 0x1896: 0x0279, 0x1897: 0x0369,
+	0x1898: 0x0289, 0x1899: 0x13d1, 0x189a: 0x0039, 0x189b: 0x0ee9, 0x189c: 0x1159, 0x189d: 0x0ef9,
+	0x189e: 0x0f09, 0x189f: 0x1199, 0x18a0: 0x0f31, 0x18a1: 0x0249, 0x18a2: 0x0f41, 0x18a3: 0x0259,
+	0x18a4: 0x0f51, 0x18a5: 0x0359, 0x18a6: 0x0f61, 0x18a7: 0x0f71, 0x18a8: 0x00d9, 0x18a9: 0x0f99,
+	0x18aa: 0x2039, 0x18ab: 0x0269, 0x18ac: 0x01d9, 0x18ad: 0x0fa9, 0x18ae: 0x0fb9, 0x18af: 0x1089,
+	0x18b0: 0x0279, 0x18b1: 0x0369, 0x18b2: 0x0289, 0x18b3: 0x13d1, 0x18b4: 0x0039, 0x18b5: 0x0ee9,
+	0x18b6: 0x1159, 0x18b7: 0x0ef9, 0x18b8: 0x0f09, 0x18b9: 0x1199, 0x18ba: 0x0f31, 0x18bb: 0x0249,
+	0x18bc: 0x0f41, 0x18bd: 0x0259, 0x18be: 0x0f51, 0x18bf: 0x0359,
+	// Block 0x63, offset 0x18c0
+	0x18c0: 0x0f61, 0x18c1: 0x0f71, 0x18c2: 0x00d9, 0x18c3: 0x0f99, 0x18c4: 0x2039, 0x18c5: 0x0269,
+	0x18c6: 0x01d9, 0x18c7: 0x0fa9, 0x18c8: 0x0fb9, 0x18c9: 0x1089, 0x18ca: 0x0279, 0x18cb: 0x0369,
+	0x18cc: 0x0289, 0x18cd: 0x13d1, 0x18ce: 0x0039, 0x18cf: 0x0ee9, 0x18d0: 0x1159, 0x18d1: 0x0ef9,
+	0x18d2: 0x0f09, 0x18d3: 0x1199, 0x18d4: 0x0f31, 0x18d5: 0x0040, 0x18d6: 0x0f41, 0x18d7: 0x0259,
+	0x18d8: 0x0f51, 0x18d9: 0x0359, 0x18da: 0x0f61, 0x18db: 0x0f71, 0x18dc: 0x00d9, 0x18dd: 0x0f99,
+	0x18de: 0x2039, 0x18df: 0x0269, 0x18e0: 0x01d9, 0x18e1: 0x0fa9, 0x18e2: 0x0fb9, 0x18e3: 0x1089,
+	0x18e4: 0x0279, 0x18e5: 0x0369, 0x18e6: 0x0289, 0x18e7: 0x13d1, 0x18e8: 0x0039, 0x18e9: 0x0ee9,
+	0x18ea: 0x1159, 0x18eb: 0x0ef9, 0x18ec: 0x0f09, 0x18ed: 0x1199, 0x18ee: 0x0f31, 0x18ef: 0x0249,
+	0x18f0: 0x0f41, 0x18f1: 0x0259, 0x18f2: 0x0f51, 0x18f3: 0x0359, 0x18f4: 0x0f61, 0x18f5: 0x0f71,
+	0x18f6: 0x00d9, 0x18f7: 0x0f99, 0x18f8: 0x2039, 0x18f9: 0x0269, 0x18fa: 0x01d9, 0x18fb: 0x0fa9,
+	0x18fc: 0x0fb9, 0x18fd: 0x1089, 0x18fe: 0x0279, 0x18ff: 0x0369,
+	// Block 0x64, offset 0x1900
+	0x1900: 0x0289, 0x1901: 0x13d1, 0x1902: 0x0039, 0x1903: 0x0ee9, 0x1904: 0x1159, 0x1905: 0x0ef9,
+	0x1906: 0x0f09, 0x1907: 0x1199, 0x1908: 0x0f31, 0x1909: 0x0249, 0x190a: 0x0f41, 0x190b: 0x0259,
+	0x190c: 0x0f51, 0x190d: 0x0359, 0x190e: 0x0f61, 0x190f: 0x0f71, 0x1910: 0x00d9, 0x1911: 0x0f99,
+	0x1912: 0x2039, 0x1913: 0x0269, 0x1914: 0x01d9, 0x1915: 0x0fa9, 0x1916: 0x0fb9, 0x1917: 0x1089,
+	0x1918: 0x0279, 0x1919: 0x0369, 0x191a: 0x0289, 0x191b: 0x13d1, 0x191c: 0x0039, 0x191d: 0x0040,
+	0x191e: 0x1159, 0x191f: 0x0ef9, 0x1920: 0x0040, 0x1921: 0x0040, 0x1922: 0x0f31, 0x1923: 0x0040,
+	0x1924: 0x0040, 0x1925: 0x0259, 0x1926: 0x0f51, 0x1927: 0x0040, 0x1928: 0x0040, 0x1929: 0x0f71,
+	0x192a: 0x00d9, 0x192b: 0x0f99, 0x192c: 0x2039, 0x192d: 0x0040, 0x192e: 0x01d9, 0x192f: 0x0fa9,
+	0x1930: 0x0fb9, 0x1931: 0x1089, 0x1932: 0x0279, 0x1933: 0x0369, 0x1934: 0x0289, 0x1935: 0x13d1,
+	0x1936: 0x0039, 0x1937: 0x0ee9, 0x1938: 0x1159, 0x1939: 0x0ef9, 0x193a: 0x0040, 0x193b: 0x1199,
+	0x193c: 0x0040, 0x193d: 0x0249, 0x193e: 0x0f41, 0x193f: 0x0259,
+	// Block 0x65, offset 0x1940
+	0x1940: 0x0f51, 0x1941: 0x0359, 0x1942: 0x0f61, 0x1943: 0x0f71, 0x1944: 0x0040, 0x1945: 0x0f99,
+	0x1946: 0x2039, 0x1947: 0x0269, 0x1948: 0x01d9, 0x1949: 0x0fa9, 0x194a: 0x0fb9, 0x194b: 0x1089,
+	0x194c: 0x0279, 0x194d: 0x0369, 0x194e: 0x0289, 0x194f: 0x13d1, 0x1950: 0x0039, 0x1951: 0x0ee9,
+	0x1952: 0x1159, 0x1953: 0x0ef9, 0x1954: 0x0f09, 0x1955: 0x1199, 0x1956: 0x0f31, 0x1957: 0x0249,
+	0x1958: 0x0f41, 0x1959: 0x0259, 0x195a: 0x0f51, 0x195b: 0x0359, 0x195c: 0x0f61, 0x195d: 0x0f71,
+	0x195e: 0x00d9, 0x195f: 0x0f99, 0x1960: 0x2039, 0x1961: 0x0269, 0x1962: 0x01d9, 0x1963: 0x0fa9,
+	0x1964: 0x0fb9, 0x1965: 0x1089, 0x1966: 0x0279, 0x1967: 0x0369, 0x1968: 0x0289, 0x1969: 0x13d1,
+	0x196a: 0x0039, 0x196b: 0x0ee9, 0x196c: 0x1159, 0x196d: 0x0ef9, 0x196e: 0x0f09, 0x196f: 0x1199,
+	0x1970: 0x0f31, 0x1971: 0x0249, 0x1972: 0x0f41, 0x1973: 0x0259, 0x1974: 0x0f51, 0x1975: 0x0359,
+	0x1976: 0x0f61, 0x1977: 0x0f71, 0x1978: 0x00d9, 0x1979: 0x0f99, 0x197a: 0x2039, 0x197b: 0x0269,
+	0x197c: 0x01d9, 0x197d: 0x0fa9, 0x197e: 0x0fb9, 0x197f: 0x1089,
+	// Block 0x66, offset 0x1980
+	0x1980: 0x0279, 0x1981: 0x0369, 0x1982: 0x0289, 0x1983: 0x13d1, 0x1984: 0x0039, 0x1985: 0x0ee9,
+	0x1986: 0x0040, 0x1987: 0x0ef9, 0x1988: 0x0f09, 0x1989: 0x1199, 0x198a: 0x0f31, 0x198b: 0x0040,
+	0x198c: 0x0040, 0x198d: 0x0259, 0x198e: 0x0f51, 0x198f: 0x0359, 0x1990: 0x0f61, 0x1991: 0x0f71,
+	0x1992: 0x00d9, 0x1993: 0x0f99, 0x1994: 0x2039, 0x1995: 0x0040, 0x1996: 0x01d9, 0x1997: 0x0fa9,
+	0x1998: 0x0fb9, 0x1999: 0x1089, 0x199a: 0x0279, 0x199b: 0x0369, 0x199c: 0x0289, 0x199d: 0x0040,
+	0x199e: 0x0039, 0x199f: 0x0ee9, 0x19a0: 0x1159, 0x19a1: 0x0ef9, 0x19a2: 0x0f09, 0x19a3: 0x1199,
+	0x19a4: 0x0f31, 0x19a5: 0x0249, 0x19a6: 0x0f41, 0x19a7: 0x0259, 0x19a8: 0x0f51, 0x19a9: 0x0359,
+	0x19aa: 0x0f61, 0x19ab: 0x0f71, 0x19ac: 0x00d9, 0x19ad: 0x0f99, 0x19ae: 0x2039, 0x19af: 0x0269,
+	0x19b0: 0x01d9, 0x19b1: 0x0fa9, 0x19b2: 0x0fb9, 0x19b3: 0x1089, 0x19b4: 0x0279, 0x19b5: 0x0369,
+	0x19b6: 0x0289, 0x19b7: 0x13d1, 0x19b8: 0x0039, 0x19b9: 0x0ee9, 0x19ba: 0x0040, 0x19bb: 0x0ef9,
+	0x19bc: 0x0f09, 0x19bd: 0x1199, 0x19be: 0x0f31, 0x19bf: 0x0040,
+	// Block 0x67, offset 0x19c0
+	0x19c0: 0x0f41, 0x19c1: 0x0259, 0x19c2: 0x0f51, 0x19c3: 0x0359, 0x19c4: 0x0f61, 0x19c5: 0x0040,
+	0x19c6: 0x00d9, 0x19c7: 0x0040, 0x19c8: 0x0040, 0x19c9: 0x0040, 0x19ca: 0x01d9, 0x19cb: 0x0fa9,
+	0x19cc: 0x0fb9, 0x19cd: 0x1089, 0x19ce: 0x0279, 0x19cf: 0x0369, 0x19d0: 0x0289, 0x19d1: 0x0040,
+	0x19d2: 0x0039, 0x19d3: 0x0ee9, 0x19d4: 0x1159, 0x19d5: 0x0ef9, 0x19d6: 0x0f09, 0x19d7: 0x1199,
+	0x19d8: 0x0f31, 0x19d9: 0x0249, 0x19da: 0x0f41, 0x19db: 0x0259, 0x19dc: 0x0f51, 0x19dd: 0x0359,
+	0x19de: 0x0f61, 0x19df: 0x0f71, 0x19e0: 0x00d9, 0x19e1: 0x0f99, 0x19e2: 0x2039, 0x19e3: 0x0269,
+	0x19e4: 0x01d9, 0x19e5: 0x0fa9, 0x19e6: 0x0fb9, 0x19e7: 0x1089, 0x19e8: 0x0279, 0x19e9: 0x0369,
+	0x19ea: 0x0289, 0x19eb: 0x13d1, 0x19ec: 0x0039, 0x19ed: 0x0ee9, 0x19ee: 0x1159, 0x19ef: 0x0ef9,
+	0x19f0: 0x0f09, 0x19f1: 0x1199, 0x19f2: 0x0f31, 0x19f3: 0x0249, 0x19f4: 0x0f41, 0x19f5: 0x0259,
+	0x19f6: 0x0f51, 0x19f7: 0x0359, 0x19f8: 0x0f61, 0x19f9: 0x0f71, 0x19fa: 0x00d9, 0x19fb: 0x0f99,
+	0x19fc: 0x2039, 0x19fd: 0x0269, 0x19fe: 0x01d9, 0x19ff: 0x0fa9,
+	// Block 0x68, offset 0x1a00
+	0x1a00: 0x0fb9, 0x1a01: 0x1089, 0x1a02: 0x0279, 0x1a03: 0x0369, 0x1a04: 0x0289, 0x1a05: 0x13d1,
+	0x1a06: 0x0039, 0x1a07: 0x0ee9, 0x1a08: 0x1159, 0x1a09: 0x0ef9, 0x1a0a: 0x0f09, 0x1a0b: 0x1199,
+	0x1a0c: 0x0f31, 0x1a0d: 0x0249, 0x1a0e: 0x0f41, 0x1a0f: 0x0259, 0x1a10: 0x0f51, 0x1a11: 0x0359,
+	0x1a12: 0x0f61, 0x1a13: 0x0f71, 0x1a14: 0x00d9, 0x1a15: 0x0f99, 0x1a16: 0x2039, 0x1a17: 0x0269,
+	0x1a18: 0x01d9, 0x1a19: 0x0fa9, 0x1a1a: 0x0fb9, 0x1a1b: 0x1089, 0x1a1c: 0x0279, 0x1a1d: 0x0369,
+	0x1a1e: 0x0289, 0x1a1f: 0x13d1, 0x1a20: 0x0039, 0x1a21: 0x0ee9, 0x1a22: 0x1159, 0x1a23: 0x0ef9,
+	0x1a24: 0x0f09, 0x1a25: 0x1199, 0x1a26: 0x0f31, 0x1a27: 0x0249, 0x1a28: 0x0f41, 0x1a29: 0x0259,
+	0x1a2a: 0x0f51, 0x1a2b: 0x0359, 0x1a2c: 0x0f61, 0x1a2d: 0x0f71, 0x1a2e: 0x00d9, 0x1a2f: 0x0f99,
+	0x1a30: 0x2039, 0x1a31: 0x0269, 0x1a32: 0x01d9, 0x1a33: 0x0fa9, 0x1a34: 0x0fb9, 0x1a35: 0x1089,
+	0x1a36: 0x0279, 0x1a37: 0x0369, 0x1a38: 0x0289, 0x1a39: 0x13d1, 0x1a3a: 0x0039, 0x1a3b: 0x0ee9,
+	0x1a3c: 0x1159, 0x1a3d: 0x0ef9, 0x1a3e: 0x0f09, 0x1a3f: 0x1199,
+	// Block 0x69, offset 0x1a40
+	0x1a40: 0x0f31, 0x1a41: 0x0249, 0x1a42: 0x0f41, 0x1a43: 0x0259, 0x1a44: 0x0f51, 0x1a45: 0x0359,
+	0x1a46: 0x0f61, 0x1a47: 0x0f71, 0x1a48: 0x00d9, 0x1a49: 0x0f99, 0x1a4a: 0x2039, 0x1a4b: 0x0269,
+	0x1a4c: 0x01d9, 0x1a4d: 0x0fa9, 0x1a4e: 0x0fb9, 0x1a4f: 0x1089, 0x1a50: 0x0279, 0x1a51: 0x0369,
+	0x1a52: 0x0289, 0x1a53: 0x13d1, 0x1a54: 0x0039, 0x1a55: 0x0ee9, 0x1a56: 0x1159, 0x1a57: 0x0ef9,
+	0x1a58: 0x0f09, 0x1a59: 0x1199, 0x1a5a: 0x0f31, 0x1a5b: 0x0249, 0x1a5c: 0x0f41, 0x1a5d: 0x0259,
+	0x1a5e: 0x0f51, 0x1a5f: 0x0359, 0x1a60: 0x0f61, 0x1a61: 0x0f71, 0x1a62: 0x00d9, 0x1a63: 0x0f99,
+	0x1a64: 0x2039, 0x1a65: 0x0269, 0x1a66: 0x01d9, 0x1a67: 0x0fa9, 0x1a68: 0x0fb9, 0x1a69: 0x1089,
+	0x1a6a: 0x0279, 0x1a6b: 0x0369, 0x1a6c: 0x0289, 0x1a6d: 0x13d1, 0x1a6e: 0x0039, 0x1a6f: 0x0ee9,
+	0x1a70: 0x1159, 0x1a71: 0x0ef9, 0x1a72: 0x0f09, 0x1a73: 0x1199, 0x1a74: 0x0f31, 0x1a75: 0x0249,
+	0x1a76: 0x0f41, 0x1a77: 0x0259, 0x1a78: 0x0f51, 0x1a79: 0x0359, 0x1a7a: 0x0f61, 0x1a7b: 0x0f71,
+	0x1a7c: 0x00d9, 0x1a7d: 0x0f99, 0x1a7e: 0x2039, 0x1a7f: 0x0269,
+	// Block 0x6a, offset 0x1a80
+	0x1a80: 0x01d9, 0x1a81: 0x0fa9, 0x1a82: 0x0fb9, 0x1a83: 0x1089, 0x1a84: 0x0279, 0x1a85: 0x0369,
+	0x1a86: 0x0289, 0x1a87: 0x13d1, 0x1a88: 0x0039, 0x1a89: 0x0ee9, 0x1a8a: 0x1159, 0x1a8b: 0x0ef9,
+	0x1a8c: 0x0f09, 0x1a8d: 0x1199, 0x1a8e: 0x0f31, 0x1a8f: 0x0249, 0x1a90: 0x0f41, 0x1a91: 0x0259,
+	0x1a92: 0x0f51, 0x1a93: 0x0359, 0x1a94: 0x0f61, 0x1a95: 0x0f71, 0x1a96: 0x00d9, 0x1a97: 0x0f99,
+	0x1a98: 0x2039, 0x1a99: 0x0269, 0x1a9a: 0x01d9, 0x1a9b: 0x0fa9, 0x1a9c: 0x0fb9, 0x1a9d: 0x1089,
+	0x1a9e: 0x0279, 0x1a9f: 0x0369, 0x1aa0: 0x0289, 0x1aa1: 0x13d1, 0x1aa2: 0x0039, 0x1aa3: 0x0ee9,
+	0x1aa4: 0x1159, 0x1aa5: 0x0ef9, 0x1aa6: 0x0f09, 0x1aa7: 0x1199, 0x1aa8: 0x0f31, 0x1aa9: 0x0249,
+	0x1aaa: 0x0f41, 0x1aab: 0x0259, 0x1aac: 0x0f51, 0x1aad: 0x0359, 0x1aae: 0x0f61, 0x1aaf: 0x0f71,
+	0x1ab0: 0x00d9, 0x1ab1: 0x0f99, 0x1ab2: 0x2039, 0x1ab3: 0x0269, 0x1ab4: 0x01d9, 0x1ab5: 0x0fa9,
+	0x1ab6: 0x0fb9, 0x1ab7: 0x1089, 0x1ab8: 0x0279, 0x1ab9: 0x0369, 0x1aba: 0x0289, 0x1abb: 0x13d1,
+	0x1abc: 0x0039, 0x1abd: 0x0ee9, 0x1abe: 0x1159, 0x1abf: 0x0ef9,
+	// Block 0x6b, offset 0x1ac0
+	0x1ac0: 0x0f09, 0x1ac1: 0x1199, 0x1ac2: 0x0f31, 0x1ac3: 0x0249, 0x1ac4: 0x0f41, 0x1ac5: 0x0259,
+	0x1ac6: 0x0f51, 0x1ac7: 0x0359, 0x1ac8: 0x0f61, 0x1ac9: 0x0f71, 0x1aca: 0x00d9, 0x1acb: 0x0f99,
+	0x1acc: 0x2039, 0x1acd: 0x0269, 0x1ace: 0x01d9, 0x1acf: 0x0fa9, 0x1ad0: 0x0fb9, 0x1ad1: 0x1089,
+	0x1ad2: 0x0279, 0x1ad3: 0x0369, 0x1ad4: 0x0289, 0x1ad5: 0x13d1, 0x1ad6: 0x0039, 0x1ad7: 0x0ee9,
+	0x1ad8: 0x1159, 0x1ad9: 0x0ef9, 0x1ada: 0x0f09, 0x1adb: 0x1199, 0x1adc: 0x0f31, 0x1add: 0x0249,
+	0x1ade: 0x0f41, 0x1adf: 0x0259, 0x1ae0: 0x0f51, 0x1ae1: 0x0359, 0x1ae2: 0x0f61, 0x1ae3: 0x0f71,
+	0x1ae4: 0x00d9, 0x1ae5: 0x0f99, 0x1ae6: 0x2039, 0x1ae7: 0x0269, 0x1ae8: 0x01d9, 0x1ae9: 0x0fa9,
+	0x1aea: 0x0fb9, 0x1aeb: 0x1089, 0x1aec: 0x0279, 0x1aed: 0x0369, 0x1aee: 0x0289, 0x1aef: 0x13d1,
+	0x1af0: 0x0039, 0x1af1: 0x0ee9, 0x1af2: 0x1159, 0x1af3: 0x0ef9, 0x1af4: 0x0f09, 0x1af5: 0x1199,
+	0x1af6: 0x0f31, 0x1af7: 0x0249, 0x1af8: 0x0f41, 0x1af9: 0x0259, 0x1afa: 0x0f51, 0x1afb: 0x0359,
+	0x1afc: 0x0f61, 0x1afd: 0x0f71, 0x1afe: 0x00d9, 0x1aff: 0x0f99,
+	// Block 0x6c, offset 0x1b00
+	0x1b00: 0x2039, 0x1b01: 0x0269, 0x1b02: 0x01d9, 0x1b03: 0x0fa9, 0x1b04: 0x0fb9, 0x1b05: 0x1089,
+	0x1b06: 0x0279, 0x1b07: 0x0369, 0x1b08: 0x0289, 0x1b09: 0x13d1, 0x1b0a: 0x0039, 0x1b0b: 0x0ee9,
+	0x1b0c: 0x1159, 0x1b0d: 0x0ef9, 0x1b0e: 0x0f09, 0x1b0f: 0x1199, 0x1b10: 0x0f31, 0x1b11: 0x0249,
+	0x1b12: 0x0f41, 0x1b13: 0x0259, 0x1b14: 0x0f51, 0x1b15: 0x0359, 0x1b16: 0x0f61, 0x1b17: 0x0f71,
+	0x1b18: 0x00d9, 0x1b19: 0x0f99, 0x1b1a: 0x2039, 0x1b1b: 0x0269, 0x1b1c: 0x01d9, 0x1b1d: 0x0fa9,
+	0x1b1e: 0x0fb9, 0x1b1f: 0x1089, 0x1b20: 0x0279, 0x1b21: 0x0369, 0x1b22: 0x0289, 0x1b23: 0x13d1,
+	0x1b24: 0xbad1, 0x1b25: 0xbae9, 0x1b26: 0x0040, 0x1b27: 0x0040, 0x1b28: 0xbb01, 0x1b29: 0x1099,
+	0x1b2a: 0x10b1, 0x1b2b: 0x10c9, 0x1b2c: 0xbb19, 0x1b2d: 0xbb31, 0x1b2e: 0xbb49, 0x1b2f: 0x1429,
+	0x1b30: 0x1a31, 0x1b31: 0xbb61, 0x1b32: 0xbb79, 0x1b33: 0xbb91, 0x1b34: 0xbba9, 0x1b35: 0xbbc1,
+	0x1b36: 0xbbd9, 0x1b37: 0x2109, 0x1b38: 0x1111, 0x1b39: 0x1429, 0x1b3a: 0xbbf1, 0x1b3b: 0xbc09,
+	0x1b3c: 0xbc21, 0x1b3d: 0x10e1, 0x1b3e: 0x10f9, 0x1b3f: 0xbc39,
+	// Block 0x6d, offset 0x1b40
+	0x1b40: 0x2079, 0x1b41: 0xbc51, 0x1b42: 0xbb01, 0x1b43: 0x1099, 0x1b44: 0x10b1, 0x1b45: 0x10c9,
+	0x1b46: 0xbb19, 0x1b47: 0xbb31, 0x1b48: 0xbb49, 0x1b49: 0x1429, 0x1b4a: 0x1a31, 0x1b4b: 0xbb61,
+	0x1b4c: 0xbb79, 0x1b4d: 0xbb91, 0x1b4e: 0xbba9, 0x1b4f: 0xbbc1, 0x1b50: 0xbbd9, 0x1b51: 0x2109,
+	0x1b52: 0x1111, 0x1b53: 0xbbf1, 0x1b54: 0xbbf1, 0x1b55: 0xbc09, 0x1b56: 0xbc21, 0x1b57: 0x10e1,
+	0x1b58: 0x10f9, 0x1b59: 0xbc39, 0x1b5a: 0x2079, 0x1b5b: 0xbc71, 0x1b5c: 0xbb19, 0x1b5d: 0x1429,
+	0x1b5e: 0xbb61, 0x1b5f: 0x10e1, 0x1b60: 0x1111, 0x1b61: 0x2109, 0x1b62: 0xbb01, 0x1b63: 0x1099,
+	0x1b64: 0x10b1, 0x1b65: 0x10c9, 0x1b66: 0xbb19, 0x1b67: 0xbb31, 0x1b68: 0xbb49, 0x1b69: 0x1429,
+	0x1b6a: 0x1a31, 0x1b6b: 0xbb61, 0x1b6c: 0xbb79, 0x1b6d: 0xbb91, 0x1b6e: 0xbba9, 0x1b6f: 0xbbc1,
+	0x1b70: 0xbbd9, 0x1b71: 0x2109, 0x1b72: 0x1111, 0x1b73: 0x1429, 0x1b74: 0xbbf1, 0x1b75: 0xbc09,
+	0x1b76: 0xbc21, 0x1b77: 0x10e1, 0x1b78: 0x10f9, 0x1b79: 0xbc39, 0x1b7a: 0x2079, 0x1b7b: 0xbc51,
+	0x1b7c: 0xbb01, 0x1b7d: 0x1099, 0x1b7e: 0x10b1, 0x1b7f: 0x10c9,
+	// Block 0x6e, offset 0x1b80
+	0x1b80: 0xbb19, 0x1b81: 0xbb31, 0x1b82: 0xbb49, 0x1b83: 0x1429, 0x1b84: 0x1a31, 0x1b85: 0xbb61,
+	0x1b86: 0xbb79, 0x1b87: 0xbb91, 0x1b88: 0xbba9, 0x1b89: 0xbbc1, 0x1b8a: 0xbbd9, 0x1b8b: 0x2109,
+	0x1b8c: 0x1111, 0x1b8d: 0xbbf1, 0x1b8e: 0xbbf1, 0x1b8f: 0xbc09, 0x1b90: 0xbc21, 0x1b91: 0x10e1,
+	0x1b92: 0x10f9, 0x1b93: 0xbc39, 0x1b94: 0x2079, 0x1b95: 0xbc71, 0x1b96: 0xbb19, 0x1b97: 0x1429,
+	0x1b98: 0xbb61, 0x1b99: 0x10e1, 0x1b9a: 0x1111, 0x1b9b: 0x2109, 0x1b9c: 0xbb01, 0x1b9d: 0x1099,
+	0x1b9e: 0x10b1, 0x1b9f: 0x10c9, 0x1ba0: 0xbb19, 0x1ba1: 0xbb31, 0x1ba2: 0xbb49, 0x1ba3: 0x1429,
+	0x1ba4: 0x1a31, 0x1ba5: 0xbb61, 0x1ba6: 0xbb79, 0x1ba7: 0xbb91, 0x1ba8: 0xbba9, 0x1ba9: 0xbbc1,
+	0x1baa: 0xbbd9, 0x1bab: 0x2109, 0x1bac: 0x1111, 0x1bad: 0x1429, 0x1bae: 0xbbf1, 0x1baf: 0xbc09,
+	0x1bb0: 0xbc21, 0x1bb1: 0x10e1, 0x1bb2: 0x10f9, 0x1bb3: 0xbc39, 0x1bb4: 0x2079, 0x1bb5: 0xbc51,
+	0x1bb6: 0xbb01, 0x1bb7: 0x1099, 0x1bb8: 0x10b1, 0x1bb9: 0x10c9, 0x1bba: 0xbb19, 0x1bbb: 0xbb31,
+	0x1bbc: 0xbb49, 0x1bbd: 0x1429, 0x1bbe: 0x1a31, 0x1bbf: 0xbb61,
+	// Block 0x6f, offset 0x1bc0
+	0x1bc0: 0xbb79, 0x1bc1: 0xbb91, 0x1bc2: 0xbba9, 0x1bc3: 0xbbc1, 0x1bc4: 0xbbd9, 0x1bc5: 0x2109,
+	0x1bc6: 0x1111, 0x1bc7: 0xbbf1, 0x1bc8: 0xbbf1, 0x1bc9: 0xbc09, 0x1bca: 0xbc21, 0x1bcb: 0x10e1,
+	0x1bcc: 0x10f9, 0x1bcd: 0xbc39, 0x1bce: 0x2079, 0x1bcf: 0xbc71, 0x1bd0: 0xbb19, 0x1bd1: 0x1429,
+	0x1bd2: 0xbb61, 0x1bd3: 0x10e1, 0x1bd4: 0x1111, 0x1bd5: 0x2109, 0x1bd6: 0xbb01, 0x1bd7: 0x1099,
+	0x1bd8: 0x10b1, 0x1bd9: 0x10c9, 0x1bda: 0xbb19, 0x1bdb: 0xbb31, 0x1bdc: 0xbb49, 0x1bdd: 0x1429,
+	0x1bde: 0x1a31, 0x1bdf: 0xbb61, 0x1be0: 0xbb79, 0x1be1: 0xbb91, 0x1be2: 0xbba9, 0x1be3: 0xbbc1,
+	0x1be4: 0xbbd9, 0x1be5: 0x2109, 0x1be6: 0x1111, 0x1be7: 0x1429, 0x1be8: 0xbbf1, 0x1be9: 0xbc09,
+	0x1bea: 0xbc21, 0x1beb: 0x10e1, 0x1bec: 0x10f9, 0x1bed: 0xbc39, 0x1bee: 0x2079, 0x1bef: 0xbc51,
+	0x1bf0: 0xbb01, 0x1bf1: 0x1099, 0x1bf2: 0x10b1, 0x1bf3: 0x10c9, 0x1bf4: 0xbb19, 0x1bf5: 0xbb31,
+	0x1bf6: 0xbb49, 0x1bf7: 0x1429, 0x1bf8: 0x1a31, 0x1bf9: 0xbb61, 0x1bfa: 0xbb79, 0x1bfb: 0xbb91,
+	0x1bfc: 0xbba9, 0x1bfd: 0xbbc1, 0x1bfe: 0xbbd9, 0x1bff: 0x2109,
+	// Block 0x70, offset 0x1c00
+	0x1c00: 0x1111, 0x1c01: 0xbbf1, 0x1c02: 0xbbf1, 0x1c03: 0xbc09, 0x1c04: 0xbc21, 0x1c05: 0x10e1,
+	0x1c06: 0x10f9, 0x1c07: 0xbc39, 0x1c08: 0x2079, 0x1c09: 0xbc71, 0x1c0a: 0xbb19, 0x1c0b: 0x1429,
+	0x1c0c: 0xbb61, 0x1c0d: 0x10e1, 0x1c0e: 0x1111, 0x1c0f: 0x2109, 0x1c10: 0xbb01, 0x1c11: 0x1099,
+	0x1c12: 0x10b1, 0x1c13: 0x10c9, 0x1c14: 0xbb19, 0x1c15: 0xbb31, 0x1c16: 0xbb49, 0x1c17: 0x1429,
+	0x1c18: 0x1a31, 0x1c19: 0xbb61, 0x1c1a: 0xbb79, 0x1c1b: 0xbb91, 0x1c1c: 0xbba9, 0x1c1d: 0xbbc1,
+	0x1c1e: 0xbbd9, 0x1c1f: 0x2109, 0x1c20: 0x1111, 0x1c21: 0x1429, 0x1c22: 0xbbf1, 0x1c23: 0xbc09,
+	0x1c24: 0xbc21, 0x1c25: 0x10e1, 0x1c26: 0x10f9, 0x1c27: 0xbc39, 0x1c28: 0x2079, 0x1c29: 0xbc51,
+	0x1c2a: 0xbb01, 0x1c2b: 0x1099, 0x1c2c: 0x10b1, 0x1c2d: 0x10c9, 0x1c2e: 0xbb19, 0x1c2f: 0xbb31,
+	0x1c30: 0xbb49, 0x1c31: 0x1429, 0x1c32: 0x1a31, 0x1c33: 0xbb61, 0x1c34: 0xbb79, 0x1c35: 0xbb91,
+	0x1c36: 0xbba9, 0x1c37: 0xbbc1, 0x1c38: 0xbbd9, 0x1c39: 0x2109, 0x1c3a: 0x1111, 0x1c3b: 0xbbf1,
+	0x1c3c: 0xbbf1, 0x1c3d: 0xbc09, 0x1c3e: 0xbc21, 0x1c3f: 0x10e1,
+	// Block 0x71, offset 0x1c40
+	0x1c40: 0x10f9, 0x1c41: 0xbc39, 0x1c42: 0x2079, 0x1c43: 0xbc71, 0x1c44: 0xbb19, 0x1c45: 0x1429,
+	0x1c46: 0xbb61, 0x1c47: 0x10e1, 0x1c48: 0x1111, 0x1c49: 0x2109, 0x1c4a: 0xbc91, 0x1c4b: 0xbc91,
+	0x1c4c: 0x0040, 0x1c4d: 0x0040, 0x1c4e: 0x1f41, 0x1c4f: 0x00c9, 0x1c50: 0x0069, 0x1c51: 0x0079,
+	0x1c52: 0x1f51, 0x1c53: 0x1f61, 0x1c54: 0x1f71, 0x1c55: 0x1f81, 0x1c56: 0x1f91, 0x1c57: 0x1fa1,
+	0x1c58: 0x1f41, 0x1c59: 0x00c9, 0x1c5a: 0x0069, 0x1c5b: 0x0079, 0x1c5c: 0x1f51, 0x1c5d: 0x1f61,
+	0x1c5e: 0x1f71, 0x1c5f: 0x1f81, 0x1c60: 0x1f91, 0x1c61: 0x1fa1, 0x1c62: 0x1f41, 0x1c63: 0x00c9,
+	0x1c64: 0x0069, 0x1c65: 0x0079, 0x1c66: 0x1f51, 0x1c67: 0x1f61, 0x1c68: 0x1f71, 0x1c69: 0x1f81,
+	0x1c6a: 0x1f91, 0x1c6b: 0x1fa1, 0x1c6c: 0x1f41, 0x1c6d: 0x00c9, 0x1c6e: 0x0069, 0x1c6f: 0x0079,
+	0x1c70: 0x1f51, 0x1c71: 0x1f61, 0x1c72: 0x1f71, 0x1c73: 0x1f81, 0x1c74: 0x1f91, 0x1c75: 0x1fa1,
+	0x1c76: 0x1f41, 0x1c77: 0x00c9, 0x1c78: 0x0069, 0x1c79: 0x0079, 0x1c7a: 0x1f51, 0x1c7b: 0x1f61,
+	0x1c7c: 0x1f71, 0x1c7d: 0x1f81, 0x1c7e: 0x1f91, 0x1c7f: 0x1fa1,
+	// Block 0x72, offset 0x1c80
+	0x1c80: 0xe115, 0x1c81: 0xe115, 0x1c82: 0xe135, 0x1c83: 0xe135, 0x1c84: 0xe115, 0x1c85: 0xe115,
+	0x1c86: 0xe175, 0x1c87: 0xe175, 0x1c88: 0xe115, 0x1c89: 0xe115, 0x1c8a: 0xe135, 0x1c8b: 0xe135,
+	0x1c8c: 0xe115, 0x1c8d: 0xe115, 0x1c8e: 0xe1f5, 0x1c8f: 0xe1f5, 0x1c90: 0xe115, 0x1c91: 0xe115,
+	0x1c92: 0xe135, 0x1c93: 0xe135, 0x1c94: 0xe115, 0x1c95: 0xe115, 0x1c96: 0xe175, 0x1c97: 0xe175,
+	0x1c98: 0xe115, 0x1c99: 0xe115, 0x1c9a: 0xe135, 0x1c9b: 0xe135, 0x1c9c: 0xe115, 0x1c9d: 0xe115,
+	0x1c9e: 0x8b3d, 0x1c9f: 0x8b3d, 0x1ca0: 0x04b5, 0x1ca1: 0x04b5, 0x1ca2: 0x0a08, 0x1ca3: 0x0a08,
+	0x1ca4: 0x0a08, 0x1ca5: 0x0a08, 0x1ca6: 0x0a08, 0x1ca7: 0x0a08, 0x1ca8: 0x0a08, 0x1ca9: 0x0a08,
+	0x1caa: 0x0a08, 0x1cab: 0x0a08, 0x1cac: 0x0a08, 0x1cad: 0x0a08, 0x1cae: 0x0a08, 0x1caf: 0x0a08,
+	0x1cb0: 0x0a08, 0x1cb1: 0x0a08, 0x1cb2: 0x0a08, 0x1cb3: 0x0a08, 0x1cb4: 0x0a08, 0x1cb5: 0x0a08,
+	0x1cb6: 0x0a08, 0x1cb7: 0x0a08, 0x1cb8: 0x0a08, 0x1cb9: 0x0a08, 0x1cba: 0x0a08, 0x1cbb: 0x0a08,
+	0x1cbc: 0x0a08, 0x1cbd: 0x0a08, 0x1cbe: 0x0a08, 0x1cbf: 0x0a08,
+	// Block 0x73, offset 0x1cc0
+	0x1cc0: 0xb1d9, 0x1cc1: 0xb1f1, 0x1cc2: 0xb251, 0x1cc3: 0xb299, 0x1cc4: 0x0040, 0x1cc5: 0xb461,
+	0x1cc6: 0xb2e1, 0x1cc7: 0xb269, 0x1cc8: 0xb359, 0x1cc9: 0xb479, 0x1cca: 0xb3e9, 0x1ccb: 0xb401,
+	0x1ccc: 0xb419, 0x1ccd: 0xb431, 0x1cce: 0xb2f9, 0x1ccf: 0xb389, 0x1cd0: 0xb3b9, 0x1cd1: 0xb329,
+	0x1cd2: 0xb3d1, 0x1cd3: 0xb2c9, 0x1cd4: 0xb311, 0x1cd5: 0xb221, 0x1cd6: 0xb239, 0x1cd7: 0xb281,
+	0x1cd8: 0xb2b1, 0x1cd9: 0xb341, 0x1cda: 0xb371, 0x1cdb: 0xb3a1, 0x1cdc: 0xbca9, 0x1cdd: 0x7999,
+	0x1cde: 0xbcc1, 0x1cdf: 0xbcd9, 0x1ce0: 0x0040, 0x1ce1: 0xb1f1, 0x1ce2: 0xb251, 0x1ce3: 0x0040,
+	0x1ce4: 0xb449, 0x1ce5: 0x0040, 0x1ce6: 0x0040, 0x1ce7: 0xb269, 0x1ce8: 0x0040, 0x1ce9: 0xb479,
+	0x1cea: 0xb3e9, 0x1ceb: 0xb401, 0x1cec: 0xb419, 0x1ced: 0xb431, 0x1cee: 0xb2f9, 0x1cef: 0xb389,
+	0x1cf0: 0xb3b9, 0x1cf1: 0xb329, 0x1cf2: 0xb3d1, 0x1cf3: 0x0040, 0x1cf4: 0xb311, 0x1cf5: 0xb221,
+	0x1cf6: 0xb239, 0x1cf7: 0xb281, 0x1cf8: 0x0040, 0x1cf9: 0xb341, 0x1cfa: 0x0040, 0x1cfb: 0xb3a1,
+	0x1cfc: 0x0040, 0x1cfd: 0x0040, 0x1cfe: 0x0040, 0x1cff: 0x0040,
+	// Block 0x74, offset 0x1d00
+	0x1d00: 0x0040, 0x1d01: 0x0040, 0x1d02: 0xb251, 0x1d03: 0x0040, 0x1d04: 0x0040, 0x1d05: 0x0040,
+	0x1d06: 0x0040, 0x1d07: 0xb269, 0x1d08: 0x0040, 0x1d09: 0xb479, 0x1d0a: 0x0040, 0x1d0b: 0xb401,
+	0x1d0c: 0x0040, 0x1d0d: 0xb431, 0x1d0e: 0xb2f9, 0x1d0f: 0xb389, 0x1d10: 0x0040, 0x1d11: 0xb329,
+	0x1d12: 0xb3d1, 0x1d13: 0x0040, 0x1d14: 0xb311, 0x1d15: 0x0040, 0x1d16: 0x0040, 0x1d17: 0xb281,
+	0x1d18: 0x0040, 0x1d19: 0xb341, 0x1d1a: 0x0040, 0x1d1b: 0xb3a1, 0x1d1c: 0x0040, 0x1d1d: 0x7999,
+	0x1d1e: 0x0040, 0x1d1f: 0xbcd9, 0x1d20: 0x0040, 0x1d21: 0xb1f1, 0x1d22: 0xb251, 0x1d23: 0x0040,
+	0x1d24: 0xb449, 0x1d25: 0x0040, 0x1d26: 0x0040, 0x1d27: 0xb269, 0x1d28: 0xb359, 0x1d29: 0xb479,
+	0x1d2a: 0xb3e9, 0x1d2b: 0x0040, 0x1d2c: 0xb419, 0x1d2d: 0xb431, 0x1d2e: 0xb2f9, 0x1d2f: 0xb389,
+	0x1d30: 0xb3b9, 0x1d31: 0xb329, 0x1d32: 0xb3d1, 0x1d33: 0x0040, 0x1d34: 0xb311, 0x1d35: 0xb221,
+	0x1d36: 0xb239, 0x1d37: 0xb281, 0x1d38: 0x0040, 0x1d39: 0xb341, 0x1d3a: 0xb371, 0x1d3b: 0xb3a1,
+	0x1d3c: 0xbca9, 0x1d3d: 0x0040, 0x1d3e: 0xbcc1, 0x1d3f: 0x0040,
+	// Block 0x75, offset 0x1d40
+	0x1d40: 0xb1d9, 0x1d41: 0xb1f1, 0x1d42: 0xb251, 0x1d43: 0xb299, 0x1d44: 0xb449, 0x1d45: 0xb461,
+	0x1d46: 0xb2e1, 0x1d47: 0xb269, 0x1d48: 0xb359, 0x1d49: 0xb479, 0x1d4a: 0x0040, 0x1d4b: 0xb401,
+	0x1d4c: 0xb419, 0x1d4d: 0xb431, 0x1d4e: 0xb2f9, 0x1d4f: 0xb389, 0x1d50: 0xb3b9, 0x1d51: 0xb329,
+	0x1d52: 0xb3d1, 0x1d53: 0xb2c9, 0x1d54: 0xb311, 0x1d55: 0xb221, 0x1d56: 0xb239, 0x1d57: 0xb281,
+	0x1d58: 0xb2b1, 0x1d59: 0xb341, 0x1d5a: 0xb371, 0x1d5b: 0xb3a1, 0x1d5c: 0x0040, 0x1d5d: 0x0040,
+	0x1d5e: 0x0040, 0x1d5f: 0x0040, 0x1d60: 0x0040, 0x1d61: 0xb1f1, 0x1d62: 0xb251, 0x1d63: 0xb299,
+	0x1d64: 0x0040, 0x1d65: 0xb461, 0x1d66: 0xb2e1, 0x1d67: 0xb269, 0x1d68: 0xb359, 0x1d69: 0xb479,
+	0x1d6a: 0x0040, 0x1d6b: 0xb401, 0x1d6c: 0xb419, 0x1d6d: 0xb431, 0x1d6e: 0xb2f9, 0x1d6f: 0xb389,
+	0x1d70: 0xb3b9, 0x1d71: 0xb329, 0x1d72: 0xb3d1, 0x1d73: 0xb2c9, 0x1d74: 0xb311, 0x1d75: 0xb221,
+	0x1d76: 0xb239, 0x1d77: 0xb281, 0x1d78: 0xb2b1, 0x1d79: 0xb341, 0x1d7a: 0xb371, 0x1d7b: 0xb3a1,
+	0x1d7c: 0x0040, 0x1d7d: 0x0040, 0x1d7e: 0x0040, 0x1d7f: 0x0040,
+	// Block 0x76, offset 0x1d80
+	0x1d80: 0x0040, 0x1d81: 0xbcf2, 0x1d82: 0xbd0a, 0x1d83: 0xbd22, 0x1d84: 0xbd3a, 0x1d85: 0xbd52,
+	0x1d86: 0xbd6a, 0x1d87: 0xbd82, 0x1d88: 0xbd9a, 0x1d89: 0xbdb2, 0x1d8a: 0xbdca, 0x1d8b: 0x0018,
+	0x1d8c: 0x0018, 0x1d8d: 0x0018, 0x1d8e: 0x0018, 0x1d8f: 0x0018, 0x1d90: 0xbde2, 0x1d91: 0xbe02,
+	0x1d92: 0xbe22, 0x1d93: 0xbe42, 0x1d94: 0xbe62, 0x1d95: 0xbe82, 0x1d96: 0xbea2, 0x1d97: 0xbec2,
+	0x1d98: 0xbee2, 0x1d99: 0xbf02, 0x1d9a: 0xbf22, 0x1d9b: 0xbf42, 0x1d9c: 0xbf62, 0x1d9d: 0xbf82,
+	0x1d9e: 0xbfa2, 0x1d9f: 0xbfc2, 0x1da0: 0xbfe2, 0x1da1: 0xc002, 0x1da2: 0xc022, 0x1da3: 0xc042,
+	0x1da4: 0xc062, 0x1da5: 0xc082, 0x1da6: 0xc0a2, 0x1da7: 0xc0c2, 0x1da8: 0xc0e2, 0x1da9: 0xc102,
+	0x1daa: 0xc121, 0x1dab: 0x1159, 0x1dac: 0x0269, 0x1dad: 0x66a9, 0x1dae: 0xc161, 0x1daf: 0x0018,
+	0x1db0: 0x0039, 0x1db1: 0x0ee9, 0x1db2: 0x1159, 0x1db3: 0x0ef9, 0x1db4: 0x0f09, 0x1db5: 0x1199,
+	0x1db6: 0x0f31, 0x1db7: 0x0249, 0x1db8: 0x0f41, 0x1db9: 0x0259, 0x1dba: 0x0f51, 0x1dbb: 0x0359,
+	0x1dbc: 0x0f61, 0x1dbd: 0x0f71, 0x1dbe: 0x00d9, 0x1dbf: 0x0f99,
+	// Block 0x77, offset 0x1dc0
+	0x1dc0: 0x2039, 0x1dc1: 0x0269, 0x1dc2: 0x01d9, 0x1dc3: 0x0fa9, 0x1dc4: 0x0fb9, 0x1dc5: 0x1089,
+	0x1dc6: 0x0279, 0x1dc7: 0x0369, 0x1dc8: 0x0289, 0x1dc9: 0x13d1, 0x1dca: 0xc179, 0x1dcb: 0x65e9,
+	0x1dcc: 0xc191, 0x1dcd: 0x1441, 0x1dce: 0xc1a9, 0x1dcf: 0xc1c9, 0x1dd0: 0x0018, 0x1dd1: 0x0018,
+	0x1dd2: 0x0018, 0x1dd3: 0x0018, 0x1dd4: 0x0018, 0x1dd5: 0x0018, 0x1dd6: 0x0018, 0x1dd7: 0x0018,
+	0x1dd8: 0x0018, 0x1dd9: 0x0018, 0x1dda: 0x0018, 0x1ddb: 0x0018, 0x1ddc: 0x0018, 0x1ddd: 0x0018,
+	0x1dde: 0x0018, 0x1ddf: 0x0018, 0x1de0: 0x0018, 0x1de1: 0x0018, 0x1de2: 0x0018, 0x1de3: 0x0018,
+	0x1de4: 0x0018, 0x1de5: 0x0018, 0x1de6: 0x0018, 0x1de7: 0x0018, 0x1de8: 0x0018, 0x1de9: 0x0018,
+	0x1dea: 0xc1e1, 0x1deb: 0xc1f9, 0x1dec: 0xc211, 0x1ded: 0x0018, 0x1dee: 0x0018, 0x1def: 0x0018,
+	0x1df0: 0x0018, 0x1df1: 0x0018, 0x1df2: 0x0018, 0x1df3: 0x0018, 0x1df4: 0x0018, 0x1df5: 0x0018,
+	0x1df6: 0x0018, 0x1df7: 0x0018, 0x1df8: 0x0018, 0x1df9: 0x0018, 0x1dfa: 0x0018, 0x1dfb: 0x0018,
+	0x1dfc: 0x0018, 0x1dfd: 0x0018, 0x1dfe: 0x0018, 0x1dff: 0x0018,
+	// Block 0x78, offset 0x1e00
+	0x1e00: 0xc241, 0x1e01: 0xc279, 0x1e02: 0xc2b1, 0x1e03: 0x0040, 0x1e04: 0x0040, 0x1e05: 0x0040,
+	0x1e06: 0x0040, 0x1e07: 0x0040, 0x1e08: 0x0040, 0x1e09: 0x0040, 0x1e0a: 0x0040, 0x1e0b: 0x0040,
+	0x1e0c: 0x0040, 0x1e0d: 0x0040, 0x1e0e: 0x0040, 0x1e0f: 0x0040, 0x1e10: 0xc2d1, 0x1e11: 0xc2f1,
+	0x1e12: 0xc311, 0x1e13: 0xc331, 0x1e14: 0xc351, 0x1e15: 0xc371, 0x1e16: 0xc391, 0x1e17: 0xc3b1,
+	0x1e18: 0xc3d1, 0x1e19: 0xc3f1, 0x1e1a: 0xc411, 0x1e1b: 0xc431, 0x1e1c: 0xc451, 0x1e1d: 0xc471,
+	0x1e1e: 0xc491, 0x1e1f: 0xc4b1, 0x1e20: 0xc4d1, 0x1e21: 0xc4f1, 0x1e22: 0xc511, 0x1e23: 0xc531,
+	0x1e24: 0xc551, 0x1e25: 0xc571, 0x1e26: 0xc591, 0x1e27: 0xc5b1, 0x1e28: 0xc5d1, 0x1e29: 0xc5f1,
+	0x1e2a: 0xc611, 0x1e2b: 0xc631, 0x1e2c: 0xc651, 0x1e2d: 0xc671, 0x1e2e: 0xc691, 0x1e2f: 0xc6b1,
+	0x1e30: 0xc6d1, 0x1e31: 0xc6f1, 0x1e32: 0xc711, 0x1e33: 0xc731, 0x1e34: 0xc751, 0x1e35: 0xc771,
+	0x1e36: 0xc791, 0x1e37: 0xc7b1, 0x1e38: 0xc7d1, 0x1e39: 0xc7f1, 0x1e3a: 0xc811, 0x1e3b: 0xc831,
+	0x1e3c: 0x0040, 0x1e3d: 0x0040, 0x1e3e: 0x0040, 0x1e3f: 0x0040,
+	// Block 0x79, offset 0x1e40
+	0x1e40: 0xcb61, 0x1e41: 0xcb81, 0x1e42: 0xcba1, 0x1e43: 0x8b55, 0x1e44: 0xcbc1, 0x1e45: 0xcbe1,
+	0x1e46: 0xcc01, 0x1e47: 0xcc21, 0x1e48: 0xcc41, 0x1e49: 0xcc61, 0x1e4a: 0xcc81, 0x1e4b: 0xcca1,
+	0x1e4c: 0xccc1, 0x1e4d: 0x8b75, 0x1e4e: 0xcce1, 0x1e4f: 0xcd01, 0x1e50: 0xcd21, 0x1e51: 0xcd41,
+	0x1e52: 0x8b95, 0x1e53: 0xcd61, 0x1e54: 0xcd81, 0x1e55: 0xc491, 0x1e56: 0x8bb5, 0x1e57: 0xcda1,
+	0x1e58: 0xcdc1, 0x1e59: 0xcde1, 0x1e5a: 0xce01, 0x1e5b: 0xce21, 0x1e5c: 0x8bd5, 0x1e5d: 0xce41,
+	0x1e5e: 0xce61, 0x1e5f: 0xce81, 0x1e60: 0xcea1, 0x1e61: 0xcec1, 0x1e62: 0xc7f1, 0x1e63: 0xcee1,
+	0x1e64: 0xcf01, 0x1e65: 0xcf21, 0x1e66: 0xcf41, 0x1e67: 0xcf61, 0x1e68: 0xcf81, 0x1e69: 0xcfa1,
+	0x1e6a: 0xcfc1, 0x1e6b: 0xcfe1, 0x1e6c: 0xd001, 0x1e6d: 0xd021, 0x1e6e: 0xd041, 0x1e6f: 0xd061,
+	0x1e70: 0xd081, 0x1e71: 0xd0a1, 0x1e72: 0xd0a1, 0x1e73: 0xd0a1, 0x1e74: 0x8bf5, 0x1e75: 0xd0c1,
+	0x1e76: 0xd0e1, 0x1e77: 0xd101, 0x1e78: 0x8c15, 0x1e79: 0xd121, 0x1e7a: 0xd141, 0x1e7b: 0xd161,
+	0x1e7c: 0xd181, 0x1e7d: 0xd1a1, 0x1e7e: 0xd1c1, 0x1e7f: 0xd1e1,
+	// Block 0x7a, offset 0x1e80
+	0x1e80: 0xd201, 0x1e81: 0xd221, 0x1e82: 0xd241, 0x1e83: 0xd261, 0x1e84: 0xd281, 0x1e85: 0xd2a1,
+	0x1e86: 0xd2a1, 0x1e87: 0xd2c1, 0x1e88: 0xd2e1, 0x1e89: 0xd301, 0x1e8a: 0xd321, 0x1e8b: 0xd341,
+	0x1e8c: 0xd361, 0x1e8d: 0xd381, 0x1e8e: 0xd3a1, 0x1e8f: 0xd3c1, 0x1e90: 0xd3e1, 0x1e91: 0xd401,
+	0x1e92: 0xd421, 0x1e93: 0xd441, 0x1e94: 0xd461, 0x1e95: 0xd481, 0x1e96: 0xd4a1, 0x1e97: 0xd4c1,
+	0x1e98: 0xd4e1, 0x1e99: 0x8c35, 0x1e9a: 0xd501, 0x1e9b: 0xd521, 0x1e9c: 0xd541, 0x1e9d: 0xc371,
+	0x1e9e: 0xd561, 0x1e9f: 0xd581, 0x1ea0: 0x8c55, 0x1ea1: 0x8c75, 0x1ea2: 0xd5a1, 0x1ea3: 0xd5c1,
+	0x1ea4: 0xd5e1, 0x1ea5: 0xd601, 0x1ea6: 0xd621, 0x1ea7: 0xd641, 0x1ea8: 0x2040, 0x1ea9: 0xd661,
+	0x1eaa: 0xd681, 0x1eab: 0xd681, 0x1eac: 0x8c95, 0x1ead: 0xd6a1, 0x1eae: 0xd6c1, 0x1eaf: 0xd6e1,
+	0x1eb0: 0xd701, 0x1eb1: 0x8cb5, 0x1eb2: 0xd721, 0x1eb3: 0xd741, 0x1eb4: 0x2040, 0x1eb5: 0xd761,
+	0x1eb6: 0xd781, 0x1eb7: 0xd7a1, 0x1eb8: 0xd7c1, 0x1eb9: 0xd7e1, 0x1eba: 0xd801, 0x1ebb: 0x8cd5,
+	0x1ebc: 0xd821, 0x1ebd: 0x8cf5, 0x1ebe: 0xd841, 0x1ebf: 0xd861,
+	// Block 0x7b, offset 0x1ec0
+	0x1ec0: 0xd881, 0x1ec1: 0xd8a1, 0x1ec2: 0xd8c1, 0x1ec3: 0xd8e1, 0x1ec4: 0xd901, 0x1ec5: 0xd921,
+	0x1ec6: 0xd941, 0x1ec7: 0xd961, 0x1ec8: 0xd981, 0x1ec9: 0x8d15, 0x1eca: 0xd9a1, 0x1ecb: 0xd9c1,
+	0x1ecc: 0xd9e1, 0x1ecd: 0xda01, 0x1ece: 0xda21, 0x1ecf: 0x8d35, 0x1ed0: 0xda41, 0x1ed1: 0x8d55,
+	0x1ed2: 0x8d75, 0x1ed3: 0xda61, 0x1ed4: 0xda81, 0x1ed5: 0xda81, 0x1ed6: 0xdaa1, 0x1ed7: 0x8d95,
+	0x1ed8: 0x8db5, 0x1ed9: 0xdac1, 0x1eda: 0xdae1, 0x1edb: 0xdb01, 0x1edc: 0xdb21, 0x1edd: 0xdb41,
+	0x1ede: 0xdb61, 0x1edf: 0xdb81, 0x1ee0: 0xdba1, 0x1ee1: 0xdbc1, 0x1ee2: 0xdbe1, 0x1ee3: 0xdc01,
+	0x1ee4: 0x8dd5, 0x1ee5: 0xdc21, 0x1ee6: 0xdc41, 0x1ee7: 0xdc61, 0x1ee8: 0xdc81, 0x1ee9: 0xdc61,
+	0x1eea: 0xdca1, 0x1eeb: 0xdcc1, 0x1eec: 0xdce1, 0x1eed: 0xdd01, 0x1eee: 0xdd21, 0x1eef: 0xdd41,
+	0x1ef0: 0xdd61, 0x1ef1: 0xdd81, 0x1ef2: 0xdda1, 0x1ef3: 0xddc1, 0x1ef4: 0xdde1, 0x1ef5: 0xde01,
+	0x1ef6: 0xde21, 0x1ef7: 0xde41, 0x1ef8: 0x8df5, 0x1ef9: 0xde61, 0x1efa: 0xde81, 0x1efb: 0xdea1,
+	0x1efc: 0xdec1, 0x1efd: 0xdee1, 0x1efe: 0x8e15, 0x1eff: 0xdf01,
+	// Block 0x7c, offset 0x1f00
+	0x1f00: 0xe601, 0x1f01: 0xe621, 0x1f02: 0xe641, 0x1f03: 0xe661, 0x1f04: 0xe681, 0x1f05: 0xe6a1,
+	0x1f06: 0x8f35, 0x1f07: 0xe6c1, 0x1f08: 0xe6e1, 0x1f09: 0xe701, 0x1f0a: 0xe721, 0x1f0b: 0xe741,
+	0x1f0c: 0xe761, 0x1f0d: 0x8f55, 0x1f0e: 0xe781, 0x1f0f: 0xe7a1, 0x1f10: 0x8f75, 0x1f11: 0x8f95,
+	0x1f12: 0xe7c1, 0x1f13: 0xe7e1, 0x1f14: 0xe801, 0x1f15: 0xe821, 0x1f16: 0xe841, 0x1f17: 0xe861,
+	0x1f18: 0xe881, 0x1f19: 0xe8a1, 0x1f1a: 0xe8c1, 0x1f1b: 0x8fb5, 0x1f1c: 0xe8e1, 0x1f1d: 0x8fd5,
+	0x1f1e: 0xe901, 0x1f1f: 0x2040, 0x1f20: 0xe921, 0x1f21: 0xe941, 0x1f22: 0xe961, 0x1f23: 0x8ff5,
+	0x1f24: 0xe981, 0x1f25: 0xe9a1, 0x1f26: 0x9015, 0x1f27: 0x9035, 0x1f28: 0xe9c1, 0x1f29: 0xe9e1,
+	0x1f2a: 0xea01, 0x1f2b: 0xea21, 0x1f2c: 0xea41, 0x1f2d: 0xea41, 0x1f2e: 0xea61, 0x1f2f: 0xea81,
+	0x1f30: 0xeaa1, 0x1f31: 0xeac1, 0x1f32: 0xeae1, 0x1f33: 0xeb01, 0x1f34: 0xeb21, 0x1f35: 0x9055,
+	0x1f36: 0xeb41, 0x1f37: 0x9075, 0x1f38: 0xeb61, 0x1f39: 0x9095, 0x1f3a: 0xeb81, 0x1f3b: 0x90b5,
+	0x1f3c: 0x90d5, 0x1f3d: 0x90f5, 0x1f3e: 0xeba1, 0x1f3f: 0xebc1,
+	// Block 0x7d, offset 0x1f40
+	0x1f40: 0xebe1, 0x1f41: 0x9115, 0x1f42: 0x9135, 0x1f43: 0x9155, 0x1f44: 0x9175, 0x1f45: 0xec01,
+	0x1f46: 0xec21, 0x1f47: 0xec21, 0x1f48: 0xec41, 0x1f49: 0xec61, 0x1f4a: 0xec81, 0x1f4b: 0xeca1,
+	0x1f4c: 0xecc1, 0x1f4d: 0x9195, 0x1f4e: 0xece1, 0x1f4f: 0xed01, 0x1f50: 0xed21, 0x1f51: 0xed41,
+	0x1f52: 0x91b5, 0x1f53: 0xed61, 0x1f54: 0x91d5, 0x1f55: 0x91f5, 0x1f56: 0xed81, 0x1f57: 0xeda1,
+	0x1f58: 0xedc1, 0x1f59: 0xede1, 0x1f5a: 0xee01, 0x1f5b: 0xee21, 0x1f5c: 0x9215, 0x1f5d: 0x9235,
+	0x1f5e: 0x9255, 0x1f5f: 0x2040, 0x1f60: 0xee41, 0x1f61: 0x9275, 0x1f62: 0xee61, 0x1f63: 0xee81,
+	0x1f64: 0xeea1, 0x1f65: 0x9295, 0x1f66: 0xeec1, 0x1f67: 0xeee1, 0x1f68: 0xef01, 0x1f69: 0xef21,
+	0x1f6a: 0xef41, 0x1f6b: 0x92b5, 0x1f6c: 0xef61, 0x1f6d: 0xef81, 0x1f6e: 0xefa1, 0x1f6f: 0xefc1,
+	0x1f70: 0xefe1, 0x1f71: 0xf001, 0x1f72: 0x92d5, 0x1f73: 0x92f5, 0x1f74: 0xf021, 0x1f75: 0x9315,
+	0x1f76: 0xf041, 0x1f77: 0x9335, 0x1f78: 0xf061, 0x1f79: 0xf081, 0x1f7a: 0xf0a1, 0x1f7b: 0x9355,
+	0x1f7c: 0x9375, 0x1f7d: 0xf0c1, 0x1f7e: 0x9395, 0x1f7f: 0xf0e1,
+	// Block 0x7e, offset 0x1f80
+	0x1f80: 0xf721, 0x1f81: 0xf741, 0x1f82: 0xf761, 0x1f83: 0xf781, 0x1f84: 0xf7a1, 0x1f85: 0x9555,
+	0x1f86: 0xf7c1, 0x1f87: 0xf7e1, 0x1f88: 0xf801, 0x1f89: 0xf821, 0x1f8a: 0xf841, 0x1f8b: 0x9575,
+	0x1f8c: 0x9595, 0x1f8d: 0xf861, 0x1f8e: 0xf881, 0x1f8f: 0xf8a1, 0x1f90: 0xf8c1, 0x1f91: 0xf8e1,
+	0x1f92: 0xf901, 0x1f93: 0x95b5, 0x1f94: 0xf921, 0x1f95: 0xf941, 0x1f96: 0xf961, 0x1f97: 0xf981,
+	0x1f98: 0x95d5, 0x1f99: 0x95f5, 0x1f9a: 0xf9a1, 0x1f9b: 0xf9c1, 0x1f9c: 0xf9e1, 0x1f9d: 0x9615,
+	0x1f9e: 0xfa01, 0x1f9f: 0xfa21, 0x1fa0: 0x684d, 0x1fa1: 0x9635, 0x1fa2: 0xfa41, 0x1fa3: 0xfa61,
+	0x1fa4: 0xfa81, 0x1fa5: 0x9655, 0x1fa6: 0xfaa1, 0x1fa7: 0xfac1, 0x1fa8: 0xfae1, 0x1fa9: 0xfb01,
+	0x1faa: 0xfb21, 0x1fab: 0xfb41, 0x1fac: 0xfb61, 0x1fad: 0x9675, 0x1fae: 0xfb81, 0x1faf: 0xfba1,
+	0x1fb0: 0xfbc1, 0x1fb1: 0x9695, 0x1fb2: 0xfbe1, 0x1fb3: 0xfc01, 0x1fb4: 0xfc21, 0x1fb5: 0xfc41,
+	0x1fb6: 0x7b6d, 0x1fb7: 0x96b5, 0x1fb8: 0xfc61, 0x1fb9: 0xfc81, 0x1fba: 0xfca1, 0x1fbb: 0x96d5,
+	0x1fbc: 0xfcc1, 0x1fbd: 0x96f5, 0x1fbe: 0xfce1, 0x1fbf: 0xfce1,
+	// Block 0x7f, offset 0x1fc0
+	0x1fc0: 0xfd01, 0x1fc1: 0x9715, 0x1fc2: 0xfd21, 0x1fc3: 0xfd41, 0x1fc4: 0xfd61, 0x1fc5: 0xfd81,
+	0x1fc6: 0xfda1, 0x1fc7: 0xfdc1, 0x1fc8: 0xfde1, 0x1fc9: 0x9735, 0x1fca: 0xfe01, 0x1fcb: 0xfe21,
+	0x1fcc: 0xfe41, 0x1fcd: 0xfe61, 0x1fce: 0xfe81, 0x1fcf: 0xfea1, 0x1fd0: 0x9755, 0x1fd1: 0xfec1,
+	0x1fd2: 0x9775, 0x1fd3: 0x9795, 0x1fd4: 0x97b5, 0x1fd5: 0xfee1, 0x1fd6: 0xff01, 0x1fd7: 0xff21,
+	0x1fd8: 0xff41, 0x1fd9: 0xff61, 0x1fda: 0xff81, 0x1fdb: 0xffa1, 0x1fdc: 0xffc1, 0x1fdd: 0x97d5,
+	0x1fde: 0x0040, 0x1fdf: 0x0040, 0x1fe0: 0x0040, 0x1fe1: 0x0040, 0x1fe2: 0x0040, 0x1fe3: 0x0040,
+	0x1fe4: 0x0040, 0x1fe5: 0x0040, 0x1fe6: 0x0040, 0x1fe7: 0x0040, 0x1fe8: 0x0040, 0x1fe9: 0x0040,
+	0x1fea: 0x0040, 0x1feb: 0x0040, 0x1fec: 0x0040, 0x1fed: 0x0040, 0x1fee: 0x0040, 0x1fef: 0x0040,
+	0x1ff0: 0x0040, 0x1ff1: 0x0040, 0x1ff2: 0x0040, 0x1ff3: 0x0040, 0x1ff4: 0x0040, 0x1ff5: 0x0040,
+	0x1ff6: 0x0040, 0x1ff7: 0x0040, 0x1ff8: 0x0040, 0x1ff9: 0x0040, 0x1ffa: 0x0040, 0x1ffb: 0x0040,
+	0x1ffc: 0x0040, 0x1ffd: 0x0040, 0x1ffe: 0x0040, 0x1fff: 0x0040,
+}
+
+// idnaIndex: 37 blocks, 2368 entries, 4736 bytes
+// Block 0 is the zero block.
+var idnaIndex = [2368]uint16{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x01, 0xc3: 0x7e, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x04, 0xc7: 0x05,
+	0xc8: 0x06, 0xc9: 0x7f, 0xca: 0x80, 0xcb: 0x07, 0xcc: 0x81, 0xcd: 0x08, 0xce: 0x09, 0xcf: 0x0a,
+	0xd0: 0x82, 0xd1: 0x0b, 0xd2: 0x0c, 0xd3: 0x0d, 0xd4: 0x0e, 0xd5: 0x83, 0xd6: 0x84, 0xd7: 0x85,
+	0xd8: 0x0f, 0xd9: 0x10, 0xda: 0x86, 0xdb: 0x11, 0xdc: 0x12, 0xdd: 0x87, 0xde: 0x88, 0xdf: 0x89,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06, 0xe5: 0x07, 0xe6: 0x07, 0xe7: 0x07,
+	0xe8: 0x07, 0xe9: 0x08, 0xea: 0x09, 0xeb: 0x07, 0xec: 0x07, 0xed: 0x0a, 0xee: 0x0b, 0xef: 0x0c,
+	0xf0: 0x1e, 0xf1: 0x1f, 0xf2: 0x1f, 0xf3: 0x21, 0xf4: 0x22,
+	// Block 0x4, offset 0x100
+	0x120: 0x8a, 0x121: 0x13, 0x122: 0x8b, 0x123: 0x8c, 0x124: 0x8d, 0x125: 0x14, 0x126: 0x15, 0x127: 0x16,
+	0x128: 0x17, 0x129: 0x18, 0x12a: 0x19, 0x12b: 0x1a, 0x12c: 0x1b, 0x12d: 0x1c, 0x12e: 0x1d, 0x12f: 0x8e,
+	0x130: 0x8f, 0x131: 0x1e, 0x132: 0x1f, 0x133: 0x20, 0x134: 0x90, 0x135: 0x21, 0x136: 0x91, 0x137: 0x92,
+	0x138: 0x93, 0x139: 0x94, 0x13a: 0x22, 0x13b: 0x95, 0x13c: 0x96, 0x13d: 0x23, 0x13e: 0x24, 0x13f: 0x97,
+	// Block 0x5, offset 0x140
+	0x140: 0x98, 0x141: 0x99, 0x142: 0x9a, 0x143: 0x9b, 0x144: 0x9c, 0x145: 0x9d, 0x146: 0x9e, 0x147: 0x9f,
+	0x148: 0xa0, 0x149: 0xa1, 0x14a: 0xa2, 0x14b: 0xa3, 0x14c: 0xa4, 0x14d: 0xa5, 0x14e: 0xa6, 0x14f: 0xa7,
+	0x150: 0xa8, 0x151: 0xa0, 0x152: 0xa0, 0x153: 0xa0, 0x154: 0xa0, 0x155: 0xa0, 0x156: 0xa0, 0x157: 0xa0,
+	0x158: 0xa0, 0x159: 0xa9, 0x15a: 0xaa, 0x15b: 0xab, 0x15c: 0xac, 0x15d: 0xad, 0x15e: 0xae, 0x15f: 0xaf,
+	0x160: 0xb0, 0x161: 0xb1, 0x162: 0xb2, 0x163: 0xb3, 0x164: 0xb4, 0x165: 0xb5, 0x166: 0xb6, 0x167: 0xb7,
+	0x168: 0xb8, 0x169: 0xb9, 0x16a: 0xba, 0x16b: 0xbb, 0x16c: 0xbc, 0x16d: 0xbd, 0x16e: 0xbe, 0x16f: 0xbf,
+	0x170: 0xc0, 0x171: 0xc1, 0x172: 0xc2, 0x173: 0xc3, 0x174: 0x25, 0x175: 0x26, 0x176: 0x27, 0x177: 0xc4,
+	0x178: 0x28, 0x179: 0x28, 0x17a: 0x29, 0x17b: 0x28, 0x17c: 0xc5, 0x17d: 0x2a, 0x17e: 0x2b, 0x17f: 0x2c,
+	// Block 0x6, offset 0x180
+	0x180: 0x2d, 0x181: 0x2e, 0x182: 0x2f, 0x183: 0xc6, 0x184: 0x30, 0x185: 0x31, 0x186: 0xc7, 0x187: 0x9c,
+	0x188: 0xc8, 0x189: 0xc9, 0x18a: 0x9c, 0x18b: 0x9c, 0x18c: 0xca, 0x18d: 0x9c, 0x18e: 0x9c, 0x18f: 0x9c,
+	0x190: 0xcb, 0x191: 0x32, 0x192: 0x33, 0x193: 0x34, 0x194: 0x9c, 0x195: 0x9c, 0x196: 0x9c, 0x197: 0x9c,
+	0x198: 0x9c, 0x199: 0x9c, 0x19a: 0x9c, 0x19b: 0x9c, 0x19c: 0x9c, 0x19d: 0x9c, 0x19e: 0x9c, 0x19f: 0x9c,
+	0x1a0: 0x9c, 0x1a1: 0x9c, 0x1a2: 0x9c, 0x1a3: 0x9c, 0x1a4: 0x9c, 0x1a5: 0x9c, 0x1a6: 0x9c, 0x1a7: 0x9c,
+	0x1a8: 0xcc, 0x1a9: 0xcd, 0x1aa: 0x9c, 0x1ab: 0xce, 0x1ac: 0x9c, 0x1ad: 0xcf, 0x1ae: 0xd0, 0x1af: 0x9c,
+	0x1b0: 0xd1, 0x1b1: 0x35, 0x1b2: 0x28, 0x1b3: 0x36, 0x1b4: 0xd2, 0x1b5: 0xd3, 0x1b6: 0xd4, 0x1b7: 0xd5,
+	0x1b8: 0xd6, 0x1b9: 0xd7, 0x1ba: 0xd8, 0x1bb: 0xd9, 0x1bc: 0xda, 0x1bd: 0xdb, 0x1be: 0xdc, 0x1bf: 0x37,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x38, 0x1c1: 0xdd, 0x1c2: 0xde, 0x1c3: 0xdf, 0x1c4: 0xe0, 0x1c5: 0x39, 0x1c6: 0x3a, 0x1c7: 0xe1,
+	0x1c8: 0xe2, 0x1c9: 0x3b, 0x1ca: 0x3c, 0x1cb: 0x3d, 0x1cc: 0x3e, 0x1cd: 0x3f, 0x1ce: 0x40, 0x1cf: 0x41,
+	0x1d0: 0xa0, 0x1d1: 0xa0, 0x1d2: 0xa0, 0x1d3: 0xa0, 0x1d4: 0xa0, 0x1d5: 0xa0, 0x1d6: 0xa0, 0x1d7: 0xa0,
+	0x1d8: 0xa0, 0x1d9: 0xa0, 0x1da: 0xa0, 0x1db: 0xa0, 0x1dc: 0xa0, 0x1dd: 0xa0, 0x1de: 0xa0, 0x1df: 0xa0,
+	0x1e0: 0xa0, 0x1e1: 0xa0, 0x1e2: 0xa0, 0x1e3: 0xa0, 0x1e4: 0xa0, 0x1e5: 0xa0, 0x1e6: 0xa0, 0x1e7: 0xa0,
+	0x1e8: 0xa0, 0x1e9: 0xa0, 0x1ea: 0xa0, 0x1eb: 0xa0, 0x1ec: 0xa0, 0x1ed: 0xa0, 0x1ee: 0xa0, 0x1ef: 0xa0,
+	0x1f0: 0xa0, 0x1f1: 0xa0, 0x1f2: 0xa0, 0x1f3: 0xa0, 0x1f4: 0xa0, 0x1f5: 0xa0, 0x1f6: 0xa0, 0x1f7: 0xa0,
+	0x1f8: 0xa0, 0x1f9: 0xa0, 0x1fa: 0xa0, 0x1fb: 0xa0, 0x1fc: 0xa0, 0x1fd: 0xa0, 0x1fe: 0xa0, 0x1ff: 0xa0,
+	// Block 0x8, offset 0x200
+	0x200: 0xa0, 0x201: 0xa0, 0x202: 0xa0, 0x203: 0xa0, 0x204: 0xa0, 0x205: 0xa0, 0x206: 0xa0, 0x207: 0xa0,
+	0x208: 0xa0, 0x209: 0xa0, 0x20a: 0xa0, 0x20b: 0xa0, 0x20c: 0xa0, 0x20d: 0xa0, 0x20e: 0xa0, 0x20f: 0xa0,
+	0x210: 0xa0, 0x211: 0xa0, 0x212: 0xa0, 0x213: 0xa0, 0x214: 0xa0, 0x215: 0xa0, 0x216: 0xa0, 0x217: 0xa0,
+	0x218: 0xa0, 0x219: 0xa0, 0x21a: 0xa0, 0x21b: 0xa0, 0x21c: 0xa0, 0x21d: 0xa0, 0x21e: 0xa0, 0x21f: 0xa0,
+	0x220: 0xa0, 0x221: 0xa0, 0x222: 0xa0, 0x223: 0xa0, 0x224: 0xa0, 0x225: 0xa0, 0x226: 0xa0, 0x227: 0xa0,
+	0x228: 0xa0, 0x229: 0xa0, 0x22a: 0xa0, 0x22b: 0xa0, 0x22c: 0xa0, 0x22d: 0xa0, 0x22e: 0xa0, 0x22f: 0xa0,
+	0x230: 0xa0, 0x231: 0xa0, 0x232: 0xa0, 0x233: 0xa0, 0x234: 0xa0, 0x235: 0xa0, 0x236: 0xa0, 0x237: 0x9c,
+	0x238: 0xa0, 0x239: 0xa0, 0x23a: 0xa0, 0x23b: 0xa0, 0x23c: 0xa0, 0x23d: 0xa0, 0x23e: 0xa0, 0x23f: 0xa0,
+	// Block 0x9, offset 0x240
+	0x240: 0xa0, 0x241: 0xa0, 0x242: 0xa0, 0x243: 0xa0, 0x244: 0xa0, 0x245: 0xa0, 0x246: 0xa0, 0x247: 0xa0,
+	0x248: 0xa0, 0x249: 0xa0, 0x24a: 0xa0, 0x24b: 0xa0, 0x24c: 0xa0, 0x24d: 0xa0, 0x24e: 0xa0, 0x24f: 0xa0,
+	0x250: 0xa0, 0x251: 0xa0, 0x252: 0xa0, 0x253: 0xa0, 0x254: 0xa0, 0x255: 0xa0, 0x256: 0xa0, 0x257: 0xa0,
+	0x258: 0xa0, 0x259: 0xa0, 0x25a: 0xa0, 0x25b: 0xa0, 0x25c: 0xa0, 0x25d: 0xa0, 0x25e: 0xa0, 0x25f: 0xa0,
+	0x260: 0xa0, 0x261: 0xa0, 0x262: 0xa0, 0x263: 0xa0, 0x264: 0xa0, 0x265: 0xa0, 0x266: 0xa0, 0x267: 0xa0,
+	0x268: 0xa0, 0x269: 0xa0, 0x26a: 0xa0, 0x26b: 0xa0, 0x26c: 0xa0, 0x26d: 0xa0, 0x26e: 0xa0, 0x26f: 0xa0,
+	0x270: 0xa0, 0x271: 0xa0, 0x272: 0xa0, 0x273: 0xa0, 0x274: 0xa0, 0x275: 0xa0, 0x276: 0xa0, 0x277: 0xa0,
+	0x278: 0xa0, 0x279: 0xa0, 0x27a: 0xa0, 0x27b: 0xa0, 0x27c: 0xa0, 0x27d: 0xa0, 0x27e: 0xa0, 0x27f: 0xa0,
+	// Block 0xa, offset 0x280
+	0x280: 0xa0, 0x281: 0xa0, 0x282: 0xa0, 0x283: 0xa0, 0x284: 0xa0, 0x285: 0xa0, 0x286: 0xa0, 0x287: 0xa0,
+	0x288: 0xa0, 0x289: 0xa0, 0x28a: 0xa0, 0x28b: 0xa0, 0x28c: 0xa0, 0x28d: 0xa0, 0x28e: 0xa0, 0x28f: 0xa0,
+	0x290: 0xa0, 0x291: 0xa0, 0x292: 0xa0, 0x293: 0xa0, 0x294: 0xa0, 0x295: 0xa0, 0x296: 0xa0, 0x297: 0xa0,
+	0x298: 0xa0, 0x299: 0xa0, 0x29a: 0xa0, 0x29b: 0xa0, 0x29c: 0xa0, 0x29d: 0xa0, 0x29e: 0xa0, 0x29f: 0xa0,
+	0x2a0: 0xa0, 0x2a1: 0xa0, 0x2a2: 0xa0, 0x2a3: 0xa0, 0x2a4: 0xa0, 0x2a5: 0xa0, 0x2a6: 0xa0, 0x2a7: 0xa0,
+	0x2a8: 0xa0, 0x2a9: 0xa0, 0x2aa: 0xa0, 0x2ab: 0xa0, 0x2ac: 0xa0, 0x2ad: 0xa0, 0x2ae: 0xa0, 0x2af: 0xa0,
+	0x2b0: 0xa0, 0x2b1: 0xa0, 0x2b2: 0xa0, 0x2b3: 0xa0, 0x2b4: 0xa0, 0x2b5: 0xa0, 0x2b6: 0xa0, 0x2b7: 0xa0,
+	0x2b8: 0xa0, 0x2b9: 0xa0, 0x2ba: 0xa0, 0x2bb: 0xa0, 0x2bc: 0xa0, 0x2bd: 0xa0, 0x2be: 0xa0, 0x2bf: 0xe3,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0xa0, 0x2c1: 0xa0, 0x2c2: 0xa0, 0x2c3: 0xa0, 0x2c4: 0xa0, 0x2c5: 0xa0, 0x2c6: 0xa0, 0x2c7: 0xa0,
+	0x2c8: 0xa0, 0x2c9: 0xa0, 0x2ca: 0xa0, 0x2cb: 0xa0, 0x2cc: 0xa0, 0x2cd: 0xa0, 0x2ce: 0xa0, 0x2cf: 0xa0,
+	0x2d0: 0xa0, 0x2d1: 0xa0, 0x2d2: 0xe4, 0x2d3: 0xe5, 0x2d4: 0xa0, 0x2d5: 0xa0, 0x2d6: 0xa0, 0x2d7: 0xa0,
+	0x2d8: 0xe6, 0x2d9: 0x42, 0x2da: 0x43, 0x2db: 0xe7, 0x2dc: 0x44, 0x2dd: 0x45, 0x2de: 0x46, 0x2df: 0xe8,
+	0x2e0: 0xe9, 0x2e1: 0xea, 0x2e2: 0xeb, 0x2e3: 0xec, 0x2e4: 0xed, 0x2e5: 0xee, 0x2e6: 0xef, 0x2e7: 0xf0,
+	0x2e8: 0xf1, 0x2e9: 0xf2, 0x2ea: 0xf3, 0x2eb: 0xf4, 0x2ec: 0xf5, 0x2ed: 0xf6, 0x2ee: 0xf7, 0x2ef: 0xf8,
+	0x2f0: 0xa0, 0x2f1: 0xa0, 0x2f2: 0xa0, 0x2f3: 0xa0, 0x2f4: 0xa0, 0x2f5: 0xa0, 0x2f6: 0xa0, 0x2f7: 0xa0,
+	0x2f8: 0xa0, 0x2f9: 0xa0, 0x2fa: 0xa0, 0x2fb: 0xa0, 0x2fc: 0xa0, 0x2fd: 0xa0, 0x2fe: 0xa0, 0x2ff: 0xa0,
+	// Block 0xc, offset 0x300
+	0x300: 0xa0, 0x301: 0xa0, 0x302: 0xa0, 0x303: 0xa0, 0x304: 0xa0, 0x305: 0xa0, 0x306: 0xa0, 0x307: 0xa0,
+	0x308: 0xa0, 0x309: 0xa0, 0x30a: 0xa0, 0x30b: 0xa0, 0x30c: 0xa0, 0x30d: 0xa0, 0x30e: 0xa0, 0x30f: 0xa0,
+	0x310: 0xa0, 0x311: 0xa0, 0x312: 0xa0, 0x313: 0xa0, 0x314: 0xa0, 0x315: 0xa0, 0x316: 0xa0, 0x317: 0xa0,
+	0x318: 0xa0, 0x319: 0xa0, 0x31a: 0xa0, 0x31b: 0xa0, 0x31c: 0xa0, 0x31d: 0xa0, 0x31e: 0xf9, 0x31f: 0xfa,
+	// Block 0xd, offset 0x340
+	0x340: 0xfb, 0x341: 0xfb, 0x342: 0xfb, 0x343: 0xfb, 0x344: 0xfb, 0x345: 0xfb, 0x346: 0xfb, 0x347: 0xfb,
+	0x348: 0xfb, 0x349: 0xfb, 0x34a: 0xfb, 0x34b: 0xfb, 0x34c: 0xfb, 0x34d: 0xfb, 0x34e: 0xfb, 0x34f: 0xfb,
+	0x350: 0xfb, 0x351: 0xfb, 0x352: 0xfb, 0x353: 0xfb, 0x354: 0xfb, 0x355: 0xfb, 0x356: 0xfb, 0x357: 0xfb,
+	0x358: 0xfb, 0x359: 0xfb, 0x35a: 0xfb, 0x35b: 0xfb, 0x35c: 0xfb, 0x35d: 0xfb, 0x35e: 0xfb, 0x35f: 0xfb,
+	0x360: 0xfb, 0x361: 0xfb, 0x362: 0xfb, 0x363: 0xfb, 0x364: 0xfb, 0x365: 0xfb, 0x366: 0xfb, 0x367: 0xfb,
+	0x368: 0xfb, 0x369: 0xfb, 0x36a: 0xfb, 0x36b: 0xfb, 0x36c: 0xfb, 0x36d: 0xfb, 0x36e: 0xfb, 0x36f: 0xfb,
+	0x370: 0xfb, 0x371: 0xfb, 0x372: 0xfb, 0x373: 0xfb, 0x374: 0xfb, 0x375: 0xfb, 0x376: 0xfb, 0x377: 0xfb,
+	0x378: 0xfb, 0x379: 0xfb, 0x37a: 0xfb, 0x37b: 0xfb, 0x37c: 0xfb, 0x37d: 0xfb, 0x37e: 0xfb, 0x37f: 0xfb,
+	// Block 0xe, offset 0x380
+	0x380: 0xfb, 0x381: 0xfb, 0x382: 0xfb, 0x383: 0xfb, 0x384: 0xfb, 0x385: 0xfb, 0x386: 0xfb, 0x387: 0xfb,
+	0x388: 0xfb, 0x389: 0xfb, 0x38a: 0xfb, 0x38b: 0xfb, 0x38c: 0xfb, 0x38d: 0xfb, 0x38e: 0xfb, 0x38f: 0xfb,
+	0x390: 0xfb, 0x391: 0xfb, 0x392: 0xfb, 0x393: 0xfb, 0x394: 0xfb, 0x395: 0xfb, 0x396: 0xfb, 0x397: 0xfb,
+	0x398: 0xfb, 0x399: 0xfb, 0x39a: 0xfb, 0x39b: 0xfb, 0x39c: 0xfb, 0x39d: 0xfb, 0x39e: 0xfb, 0x39f: 0xfb,
+	0x3a0: 0xfb, 0x3a1: 0xfb, 0x3a2: 0xfb, 0x3a3: 0xfb, 0x3a4: 0xfc, 0x3a5: 0xfd, 0x3a6: 0xfe, 0x3a7: 0xff,
+	0x3a8: 0x47, 0x3a9: 0x100, 0x3aa: 0x101, 0x3ab: 0x48, 0x3ac: 0x49, 0x3ad: 0x4a, 0x3ae: 0x4b, 0x3af: 0x4c,
+	0x3b0: 0x102, 0x3b1: 0x4d, 0x3b2: 0x4e, 0x3b3: 0x4f, 0x3b4: 0x50, 0x3b5: 0x51, 0x3b6: 0x103, 0x3b7: 0x52,
+	0x3b8: 0x53, 0x3b9: 0x54, 0x3ba: 0x55, 0x3bb: 0x56, 0x3bc: 0x57, 0x3bd: 0x58, 0x3be: 0x59, 0x3bf: 0x5a,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x104, 0x3c1: 0x105, 0x3c2: 0xa0, 0x3c3: 0x106, 0x3c4: 0x107, 0x3c5: 0x9c, 0x3c6: 0x108, 0x3c7: 0x109,
+	0x3c8: 0xfb, 0x3c9: 0xfb, 0x3ca: 0x10a, 0x3cb: 0x10b, 0x3cc: 0x10c, 0x3cd: 0x10d, 0x3ce: 0x10e, 0x3cf: 0x10f,
+	0x3d0: 0x110, 0x3d1: 0xa0, 0x3d2: 0x111, 0x3d3: 0x112, 0x3d4: 0x113, 0x3d5: 0x114, 0x3d6: 0xfb, 0x3d7: 0xfb,
+	0x3d8: 0xa0, 0x3d9: 0xa0, 0x3da: 0xa0, 0x3db: 0xa0, 0x3dc: 0x115, 0x3dd: 0x116, 0x3de: 0xfb, 0x3df: 0xfb,
+	0x3e0: 0x117, 0x3e1: 0x118, 0x3e2: 0x119, 0x3e3: 0x11a, 0x3e4: 0x11b, 0x3e5: 0xfb, 0x3e6: 0x11c, 0x3e7: 0x11d,
+	0x3e8: 0x11e, 0x3e9: 0x11f, 0x3ea: 0x120, 0x3eb: 0x5b, 0x3ec: 0x121, 0x3ed: 0x122, 0x3ee: 0x5c, 0x3ef: 0xfb,
+	0x3f0: 0x123, 0x3f1: 0x124, 0x3f2: 0x125, 0x3f3: 0x126, 0x3f4: 0x127, 0x3f5: 0xfb, 0x3f6: 0xfb, 0x3f7: 0xfb,
+	0x3f8: 0xfb, 0x3f9: 0x128, 0x3fa: 0x129, 0x3fb: 0xfb, 0x3fc: 0x12a, 0x3fd: 0x12b, 0x3fe: 0x12c, 0x3ff: 0x12d,
+	// Block 0x10, offset 0x400
+	0x400: 0x12e, 0x401: 0x12f, 0x402: 0x130, 0x403: 0x131, 0x404: 0x132, 0x405: 0x133, 0x406: 0x134, 0x407: 0x135,
+	0x408: 0x136, 0x409: 0xfb, 0x40a: 0x137, 0x40b: 0x138, 0x40c: 0x5d, 0x40d: 0x5e, 0x40e: 0xfb, 0x40f: 0xfb,
+	0x410: 0x139, 0x411: 0x13a, 0x412: 0x13b, 0x413: 0x13c, 0x414: 0xfb, 0x415: 0xfb, 0x416: 0x13d, 0x417: 0x13e,
+	0x418: 0x13f, 0x419: 0x140, 0x41a: 0x141, 0x41b: 0x142, 0x41c: 0x143, 0x41d: 0xfb, 0x41e: 0xfb, 0x41f: 0xfb,
+	0x420: 0x144, 0x421: 0xfb, 0x422: 0x145, 0x423: 0x146, 0x424: 0x5f, 0x425: 0x147, 0x426: 0x148, 0x427: 0x149,
+	0x428: 0x14a, 0x429: 0x14b, 0x42a: 0x14c, 0x42b: 0x14d, 0x42c: 0xfb, 0x42d: 0xfb, 0x42e: 0xfb, 0x42f: 0xfb,
+	0x430: 0x14e, 0x431: 0x14f, 0x432: 0x150, 0x433: 0xfb, 0x434: 0x151, 0x435: 0x152, 0x436: 0x153, 0x437: 0xfb,
+	0x438: 0xfb, 0x439: 0xfb, 0x43a: 0xfb, 0x43b: 0x154, 0x43c: 0xfb, 0x43d: 0xfb, 0x43e: 0x155, 0x43f: 0x156,
+	// Block 0x11, offset 0x440
+	0x440: 0xa0, 0x441: 0xa0, 0x442: 0xa0, 0x443: 0xa0, 0x444: 0xa0, 0x445: 0xa0, 0x446: 0xa0, 0x447: 0xa0,
+	0x448: 0xa0, 0x449: 0xa0, 0x44a: 0xa0, 0x44b: 0xa0, 0x44c: 0xa0, 0x44d: 0xa0, 0x44e: 0x157, 0x44f: 0xfb,
+	0x450: 0x9c, 0x451: 0x158, 0x452: 0xa0, 0x453: 0xa0, 0x454: 0xa0, 0x455: 0x159, 0x456: 0xfb, 0x457: 0xfb,
+	0x458: 0xfb, 0x459: 0xfb, 0x45a: 0xfb, 0x45b: 0xfb, 0x45c: 0xfb, 0x45d: 0xfb, 0x45e: 0xfb, 0x45f: 0xfb,
+	0x460: 0xfb, 0x461: 0xfb, 0x462: 0xfb, 0x463: 0xfb, 0x464: 0xfb, 0x465: 0xfb, 0x466: 0xfb, 0x467: 0xfb,
+	0x468: 0xfb, 0x469: 0xfb, 0x46a: 0xfb, 0x46b: 0xfb, 0x46c: 0xfb, 0x46d: 0xfb, 0x46e: 0xfb, 0x46f: 0xfb,
+	0x470: 0xfb, 0x471: 0xfb, 0x472: 0xfb, 0x473: 0xfb, 0x474: 0xfb, 0x475: 0xfb, 0x476: 0xfb, 0x477: 0xfb,
+	0x478: 0xfb, 0x479: 0xfb, 0x47a: 0xfb, 0x47b: 0xfb, 0x47c: 0xfb, 0x47d: 0xfb, 0x47e: 0xfb, 0x47f: 0xfb,
+	// Block 0x12, offset 0x480
+	0x480: 0xa0, 0x481: 0xa0, 0x482: 0xa0, 0x483: 0xa0, 0x484: 0xa0, 0x485: 0xa0, 0x486: 0xa0, 0x487: 0xa0,
+	0x488: 0xa0, 0x489: 0xa0, 0x48a: 0xa0, 0x48b: 0xa0, 0x48c: 0xa0, 0x48d: 0xa0, 0x48e: 0xa0, 0x48f: 0xa0,
+	0x490: 0x15a, 0x491: 0xfb, 0x492: 0xfb, 0x493: 0xfb, 0x494: 0xfb, 0x495: 0xfb, 0x496: 0xfb, 0x497: 0xfb,
+	0x498: 0xfb, 0x499: 0xfb, 0x49a: 0xfb, 0x49b: 0xfb, 0x49c: 0xfb, 0x49d: 0xfb, 0x49e: 0xfb, 0x49f: 0xfb,
+	0x4a0: 0xfb, 0x4a1: 0xfb, 0x4a2: 0xfb, 0x4a3: 0xfb, 0x4a4: 0xfb, 0x4a5: 0xfb, 0x4a6: 0xfb, 0x4a7: 0xfb,
+	0x4a8: 0xfb, 0x4a9: 0xfb, 0x4aa: 0xfb, 0x4ab: 0xfb, 0x4ac: 0xfb, 0x4ad: 0xfb, 0x4ae: 0xfb, 0x4af: 0xfb,
+	0x4b0: 0xfb, 0x4b1: 0xfb, 0x4b2: 0xfb, 0x4b3: 0xfb, 0x4b4: 0xfb, 0x4b5: 0xfb, 0x4b6: 0xfb, 0x4b7: 0xfb,
+	0x4b8: 0xfb, 0x4b9: 0xfb, 0x4ba: 0xfb, 0x4bb: 0xfb, 0x4bc: 0xfb, 0x4bd: 0xfb, 0x4be: 0xfb, 0x4bf: 0xfb,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0xfb, 0x4c1: 0xfb, 0x4c2: 0xfb, 0x4c3: 0xfb, 0x4c4: 0xfb, 0x4c5: 0xfb, 0x4c6: 0xfb, 0x4c7: 0xfb,
+	0x4c8: 0xfb, 0x4c9: 0xfb, 0x4ca: 0xfb, 0x4cb: 0xfb, 0x4cc: 0xfb, 0x4cd: 0xfb, 0x4ce: 0xfb, 0x4cf: 0xfb,
+	0x4d0: 0xa0, 0x4d1: 0xa0, 0x4d2: 0xa0, 0x4d3: 0xa0, 0x4d4: 0xa0, 0x4d5: 0xa0, 0x4d6: 0xa0, 0x4d7: 0xa0,
+	0x4d8: 0xa0, 0x4d9: 0x15b, 0x4da: 0xfb, 0x4db: 0xfb, 0x4dc: 0xfb, 0x4dd: 0xfb, 0x4de: 0xfb, 0x4df: 0xfb,
+	0x4e0: 0xfb, 0x4e1: 0xfb, 0x4e2: 0xfb, 0x4e3: 0xfb, 0x4e4: 0xfb, 0x4e5: 0xfb, 0x4e6: 0xfb, 0x4e7: 0xfb,
+	0x4e8: 0xfb, 0x4e9: 0xfb, 0x4ea: 0xfb, 0x4eb: 0xfb, 0x4ec: 0xfb, 0x4ed: 0xfb, 0x4ee: 0xfb, 0x4ef: 0xfb,
+	0x4f0: 0xfb, 0x4f1: 0xfb, 0x4f2: 0xfb, 0x4f3: 0xfb, 0x4f4: 0xfb, 0x4f5: 0xfb, 0x4f6: 0xfb, 0x4f7: 0xfb,
+	0x4f8: 0xfb, 0x4f9: 0xfb, 0x4fa: 0xfb, 0x4fb: 0xfb, 0x4fc: 0xfb, 0x4fd: 0xfb, 0x4fe: 0xfb, 0x4ff: 0xfb,
+	// Block 0x14, offset 0x500
+	0x500: 0xfb, 0x501: 0xfb, 0x502: 0xfb, 0x503: 0xfb, 0x504: 0xfb, 0x505: 0xfb, 0x506: 0xfb, 0x507: 0xfb,
+	0x508: 0xfb, 0x509: 0xfb, 0x50a: 0xfb, 0x50b: 0xfb, 0x50c: 0xfb, 0x50d: 0xfb, 0x50e: 0xfb, 0x50f: 0xfb,
+	0x510: 0xfb, 0x511: 0xfb, 0x512: 0xfb, 0x513: 0xfb, 0x514: 0xfb, 0x515: 0xfb, 0x516: 0xfb, 0x517: 0xfb,
+	0x518: 0xfb, 0x519: 0xfb, 0x51a: 0xfb, 0x51b: 0xfb, 0x51c: 0xfb, 0x51d: 0xfb, 0x51e: 0xfb, 0x51f: 0xfb,
+	0x520: 0xa0, 0x521: 0xa0, 0x522: 0xa0, 0x523: 0xa0, 0x524: 0xa0, 0x525: 0xa0, 0x526: 0xa0, 0x527: 0xa0,
+	0x528: 0x14d, 0x529: 0x15c, 0x52a: 0xfb, 0x52b: 0x15d, 0x52c: 0x15e, 0x52d: 0x15f, 0x52e: 0x160, 0x52f: 0xfb,
+	0x530: 0xfb, 0x531: 0xfb, 0x532: 0xfb, 0x533: 0xfb, 0x534: 0xfb, 0x535: 0xfb, 0x536: 0xfb, 0x537: 0xfb,
+	0x538: 0xfb, 0x539: 0x161, 0x53a: 0x162, 0x53b: 0xfb, 0x53c: 0xa0, 0x53d: 0x163, 0x53e: 0x164, 0x53f: 0x165,
+	// Block 0x15, offset 0x540
+	0x540: 0xa0, 0x541: 0xa0, 0x542: 0xa0, 0x543: 0xa0, 0x544: 0xa0, 0x545: 0xa0, 0x546: 0xa0, 0x547: 0xa0,
+	0x548: 0xa0, 0x549: 0xa0, 0x54a: 0xa0, 0x54b: 0xa0, 0x54c: 0xa0, 0x54d: 0xa0, 0x54e: 0xa0, 0x54f: 0xa0,
+	0x550: 0xa0, 0x551: 0xa0, 0x552: 0xa0, 0x553: 0xa0, 0x554: 0xa0, 0x555: 0xa0, 0x556: 0xa0, 0x557: 0xa0,
+	0x558: 0xa0, 0x559: 0xa0, 0x55a: 0xa0, 0x55b: 0xa0, 0x55c: 0xa0, 0x55d: 0xa0, 0x55e: 0xa0, 0x55f: 0x166,
+	0x560: 0xa0, 0x561: 0xa0, 0x562: 0xa0, 0x563: 0xa0, 0x564: 0xa0, 0x565: 0xa0, 0x566: 0xa0, 0x567: 0xa0,
+	0x568: 0xa0, 0x569: 0xa0, 0x56a: 0xa0, 0x56b: 0xa0, 0x56c: 0xa0, 0x56d: 0xa0, 0x56e: 0xa0, 0x56f: 0xa0,
+	0x570: 0xa0, 0x571: 0xa0, 0x572: 0xa0, 0x573: 0x167, 0x574: 0x168, 0x575: 0xfb, 0x576: 0xfb, 0x577: 0xfb,
+	0x578: 0xfb, 0x579: 0xfb, 0x57a: 0xfb, 0x57b: 0xfb, 0x57c: 0xfb, 0x57d: 0xfb, 0x57e: 0xfb, 0x57f: 0xfb,
+	// Block 0x16, offset 0x580
+	0x580: 0xa0, 0x581: 0xa0, 0x582: 0xa0, 0x583: 0xa0, 0x584: 0x169, 0x585: 0x16a, 0x586: 0xa0, 0x587: 0xa0,
+	0x588: 0xa0, 0x589: 0xa0, 0x58a: 0xa0, 0x58b: 0x16b, 0x58c: 0xfb, 0x58d: 0xfb, 0x58e: 0xfb, 0x58f: 0xfb,
+	0x590: 0xfb, 0x591: 0xfb, 0x592: 0xfb, 0x593: 0xfb, 0x594: 0xfb, 0x595: 0xfb, 0x596: 0xfb, 0x597: 0xfb,
+	0x598: 0xfb, 0x599: 0xfb, 0x59a: 0xfb, 0x59b: 0xfb, 0x59c: 0xfb, 0x59d: 0xfb, 0x59e: 0xfb, 0x59f: 0xfb,
+	0x5a0: 0xfb, 0x5a1: 0xfb, 0x5a2: 0xfb, 0x5a3: 0xfb, 0x5a4: 0xfb, 0x5a5: 0xfb, 0x5a6: 0xfb, 0x5a7: 0xfb,
+	0x5a8: 0xfb, 0x5a9: 0xfb, 0x5aa: 0xfb, 0x5ab: 0xfb, 0x5ac: 0xfb, 0x5ad: 0xfb, 0x5ae: 0xfb, 0x5af: 0xfb,
+	0x5b0: 0xa0, 0x5b1: 0x16c, 0x5b2: 0x16d, 0x5b3: 0xfb, 0x5b4: 0xfb, 0x5b5: 0xfb, 0x5b6: 0xfb, 0x5b7: 0xfb,
+	0x5b8: 0xfb, 0x5b9: 0xfb, 0x5ba: 0xfb, 0x5bb: 0xfb, 0x5bc: 0xfb, 0x5bd: 0xfb, 0x5be: 0xfb, 0x5bf: 0xfb,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x9c, 0x5c1: 0x9c, 0x5c2: 0x9c, 0x5c3: 0x16e, 0x5c4: 0x16f, 0x5c5: 0x170, 0x5c6: 0x171, 0x5c7: 0x172,
+	0x5c8: 0x9c, 0x5c9: 0x173, 0x5ca: 0xfb, 0x5cb: 0x174, 0x5cc: 0x9c, 0x5cd: 0x175, 0x5ce: 0xfb, 0x5cf: 0xfb,
+	0x5d0: 0x60, 0x5d1: 0x61, 0x5d2: 0x62, 0x5d3: 0x63, 0x5d4: 0x64, 0x5d5: 0x65, 0x5d6: 0x66, 0x5d7: 0x67,
+	0x5d8: 0x68, 0x5d9: 0x69, 0x5da: 0x6a, 0x5db: 0x6b, 0x5dc: 0x6c, 0x5dd: 0x6d, 0x5de: 0x6e, 0x5df: 0x6f,
+	0x5e0: 0x9c, 0x5e1: 0x9c, 0x5e2: 0x9c, 0x5e3: 0x9c, 0x5e4: 0x9c, 0x5e5: 0x9c, 0x5e6: 0x9c, 0x5e7: 0x9c,
+	0x5e8: 0x176, 0x5e9: 0x177, 0x5ea: 0x178, 0x5eb: 0xfb, 0x5ec: 0xfb, 0x5ed: 0xfb, 0x5ee: 0xfb, 0x5ef: 0xfb,
+	0x5f0: 0xfb, 0x5f1: 0xfb, 0x5f2: 0xfb, 0x5f3: 0xfb, 0x5f4: 0xfb, 0x5f5: 0xfb, 0x5f6: 0xfb, 0x5f7: 0xfb,
+	0x5f8: 0xfb, 0x5f9: 0xfb, 0x5fa: 0xfb, 0x5fb: 0xfb, 0x5fc: 0xfb, 0x5fd: 0xfb, 0x5fe: 0xfb, 0x5ff: 0xfb,
+	// Block 0x18, offset 0x600
+	0x600: 0x179, 0x601: 0xfb, 0x602: 0xfb, 0x603: 0xfb, 0x604: 0x17a, 0x605: 0x17b, 0x606: 0xfb, 0x607: 0xfb,
+	0x608: 0xfb, 0x609: 0xfb, 0x60a: 0xfb, 0x60b: 0x17c, 0x60c: 0xfb, 0x60d: 0xfb, 0x60e: 0xfb, 0x60f: 0xfb,
+	0x610: 0xfb, 0x611: 0xfb, 0x612: 0xfb, 0x613: 0xfb, 0x614: 0xfb, 0x615: 0xfb, 0x616: 0xfb, 0x617: 0xfb,
+	0x618: 0xfb, 0x619: 0xfb, 0x61a: 0xfb, 0x61b: 0xfb, 0x61c: 0xfb, 0x61d: 0xfb, 0x61e: 0xfb, 0x61f: 0xfb,
+	0x620: 0x123, 0x621: 0x123, 0x622: 0x123, 0x623: 0x17d, 0x624: 0x70, 0x625: 0x17e, 0x626: 0xfb, 0x627: 0xfb,
+	0x628: 0xfb, 0x629: 0xfb, 0x62a: 0xfb, 0x62b: 0xfb, 0x62c: 0xfb, 0x62d: 0xfb, 0x62e: 0xfb, 0x62f: 0xfb,
+	0x630: 0xfb, 0x631: 0x17f, 0x632: 0x180, 0x633: 0xfb, 0x634: 0x181, 0x635: 0xfb, 0x636: 0xfb, 0x637: 0xfb,
+	0x638: 0x71, 0x639: 0x72, 0x63a: 0x73, 0x63b: 0x182, 0x63c: 0xfb, 0x63d: 0xfb, 0x63e: 0xfb, 0x63f: 0xfb,
+	// Block 0x19, offset 0x640
+	0x640: 0x183, 0x641: 0x9c, 0x642: 0x184, 0x643: 0x185, 0x644: 0x74, 0x645: 0x75, 0x646: 0x186, 0x647: 0x187,
+	0x648: 0x76, 0x649: 0x188, 0x64a: 0xfb, 0x64b: 0xfb, 0x64c: 0x9c, 0x64d: 0x9c, 0x64e: 0x9c, 0x64f: 0x9c,
+	0x650: 0x9c, 0x651: 0x9c, 0x652: 0x9c, 0x653: 0x9c, 0x654: 0x9c, 0x655: 0x9c, 0x656: 0x9c, 0x657: 0x9c,
+	0x658: 0x9c, 0x659: 0x9c, 0x65a: 0x9c, 0x65b: 0x189, 0x65c: 0x9c, 0x65d: 0x18a, 0x65e: 0x9c, 0x65f: 0x18b,
+	0x660: 0x18c, 0x661: 0x18d, 0x662: 0x18e, 0x663: 0xfb, 0x664: 0x9c, 0x665: 0x18f, 0x666: 0x9c, 0x667: 0x190,
+	0x668: 0x9c, 0x669: 0x191, 0x66a: 0x192, 0x66b: 0x193, 0x66c: 0x9c, 0x66d: 0x9c, 0x66e: 0x194, 0x66f: 0x195,
+	0x670: 0xfb, 0x671: 0xfb, 0x672: 0xfb, 0x673: 0xfb, 0x674: 0xfb, 0x675: 0xfb, 0x676: 0xfb, 0x677: 0xfb,
+	0x678: 0xfb, 0x679: 0xfb, 0x67a: 0xfb, 0x67b: 0xfb, 0x67c: 0xfb, 0x67d: 0xfb, 0x67e: 0xfb, 0x67f: 0xfb,
+	// Block 0x1a, offset 0x680
+	0x680: 0xa0, 0x681: 0xa0, 0x682: 0xa0, 0x683: 0xa0, 0x684: 0xa0, 0x685: 0xa0, 0x686: 0xa0, 0x687: 0xa0,
+	0x688: 0xa0, 0x689: 0xa0, 0x68a: 0xa0, 0x68b: 0xa0, 0x68c: 0xa0, 0x68d: 0xa0, 0x68e: 0xa0, 0x68f: 0xa0,
+	0x690: 0xa0, 0x691: 0xa0, 0x692: 0xa0, 0x693: 0xa0, 0x694: 0xa0, 0x695: 0xa0, 0x696: 0xa0, 0x697: 0xa0,
+	0x698: 0xa0, 0x699: 0xa0, 0x69a: 0xa0, 0x69b: 0x196, 0x69c: 0xa0, 0x69d: 0xa0, 0x69e: 0xa0, 0x69f: 0xa0,
+	0x6a0: 0xa0, 0x6a1: 0xa0, 0x6a2: 0xa0, 0x6a3: 0xa0, 0x6a4: 0xa0, 0x6a5: 0xa0, 0x6a6: 0xa0, 0x6a7: 0xa0,
+	0x6a8: 0xa0, 0x6a9: 0xa0, 0x6aa: 0xa0, 0x6ab: 0xa0, 0x6ac: 0xa0, 0x6ad: 0xa0, 0x6ae: 0xa0, 0x6af: 0xa0,
+	0x6b0: 0xa0, 0x6b1: 0xa0, 0x6b2: 0xa0, 0x6b3: 0xa0, 0x6b4: 0xa0, 0x6b5: 0xa0, 0x6b6: 0xa0, 0x6b7: 0xa0,
+	0x6b8: 0xa0, 0x6b9: 0xa0, 0x6ba: 0xa0, 0x6bb: 0xa0, 0x6bc: 0xa0, 0x6bd: 0xa0, 0x6be: 0xa0, 0x6bf: 0xa0,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0xa0, 0x6c1: 0xa0, 0x6c2: 0xa0, 0x6c3: 0xa0, 0x6c4: 0xa0, 0x6c5: 0xa0, 0x6c6: 0xa0, 0x6c7: 0xa0,
+	0x6c8: 0xa0, 0x6c9: 0xa0, 0x6ca: 0xa0, 0x6cb: 0xa0, 0x6cc: 0xa0, 0x6cd: 0xa0, 0x6ce: 0xa0, 0x6cf: 0xa0,
+	0x6d0: 0xa0, 0x6d1: 0xa0, 0x6d2: 0xa0, 0x6d3: 0xa0, 0x6d4: 0xa0, 0x6d5: 0xa0, 0x6d6: 0xa0, 0x6d7: 0xa0,
+	0x6d8: 0xa0, 0x6d9: 0xa0, 0x6da: 0xa0, 0x6db: 0xa0, 0x6dc: 0x197, 0x6dd: 0xa0, 0x6de: 0xa0, 0x6df: 0xa0,
+	0x6e0: 0x198, 0x6e1: 0xa0, 0x6e2: 0xa0, 0x6e3: 0xa0, 0x6e4: 0xa0, 0x6e5: 0xa0, 0x6e6: 0xa0, 0x6e7: 0xa0,
+	0x6e8: 0xa0, 0x6e9: 0xa0, 0x6ea: 0xa0, 0x6eb: 0xa0, 0x6ec: 0xa0, 0x6ed: 0xa0, 0x6ee: 0xa0, 0x6ef: 0xa0,
+	0x6f0: 0xa0, 0x6f1: 0xa0, 0x6f2: 0xa0, 0x6f3: 0xa0, 0x6f4: 0xa0, 0x6f5: 0xa0, 0x6f6: 0xa0, 0x6f7: 0xa0,
+	0x6f8: 0xa0, 0x6f9: 0xa0, 0x6fa: 0xa0, 0x6fb: 0xa0, 0x6fc: 0xa0, 0x6fd: 0xa0, 0x6fe: 0xa0, 0x6ff: 0xa0,
+	// Block 0x1c, offset 0x700
+	0x700: 0xa0, 0x701: 0xa0, 0x702: 0xa0, 0x703: 0xa0, 0x704: 0xa0, 0x705: 0xa0, 0x706: 0xa0, 0x707: 0xa0,
+	0x708: 0xa0, 0x709: 0xa0, 0x70a: 0xa0, 0x70b: 0xa0, 0x70c: 0xa0, 0x70d: 0xa0, 0x70e: 0xa0, 0x70f: 0xa0,
+	0x710: 0xa0, 0x711: 0xa0, 0x712: 0xa0, 0x713: 0xa0, 0x714: 0xa0, 0x715: 0xa0, 0x716: 0xa0, 0x717: 0xa0,
+	0x718: 0xa0, 0x719: 0xa0, 0x71a: 0xa0, 0x71b: 0xa0, 0x71c: 0xa0, 0x71d: 0xa0, 0x71e: 0xa0, 0x71f: 0xa0,
+	0x720: 0xa0, 0x721: 0xa0, 0x722: 0xa0, 0x723: 0xa0, 0x724: 0xa0, 0x725: 0xa0, 0x726: 0xa0, 0x727: 0xa0,
+	0x728: 0xa0, 0x729: 0xa0, 0x72a: 0xa0, 0x72b: 0xa0, 0x72c: 0xa0, 0x72d: 0xa0, 0x72e: 0xa0, 0x72f: 0xa0,
+	0x730: 0xa0, 0x731: 0xa0, 0x732: 0xa0, 0x733: 0xa0, 0x734: 0xa0, 0x735: 0xa0, 0x736: 0xa0, 0x737: 0xa0,
+	0x738: 0xa0, 0x739: 0xa0, 0x73a: 0x199, 0x73b: 0xa0, 0x73c: 0xa0, 0x73d: 0xa0, 0x73e: 0xa0, 0x73f: 0xa0,
+	// Block 0x1d, offset 0x740
+	0x740: 0xa0, 0x741: 0xa0, 0x742: 0xa0, 0x743: 0xa0, 0x744: 0xa0, 0x745: 0xa0, 0x746: 0xa0, 0x747: 0xa0,
+	0x748: 0xa0, 0x749: 0xa0, 0x74a: 0xa0, 0x74b: 0xa0, 0x74c: 0xa0, 0x74d: 0xa0, 0x74e: 0xa0, 0x74f: 0xa0,
+	0x750: 0xa0, 0x751: 0xa0, 0x752: 0xa0, 0x753: 0xa0, 0x754: 0xa0, 0x755: 0xa0, 0x756: 0xa0, 0x757: 0xa0,
+	0x758: 0xa0, 0x759: 0xa0, 0x75a: 0xa0, 0x75b: 0xa0, 0x75c: 0xa0, 0x75d: 0xa0, 0x75e: 0xa0, 0x75f: 0xa0,
+	0x760: 0xa0, 0x761: 0xa0, 0x762: 0xa0, 0x763: 0xa0, 0x764: 0xa0, 0x765: 0xa0, 0x766: 0xa0, 0x767: 0xa0,
+	0x768: 0xa0, 0x769: 0xa0, 0x76a: 0xa0, 0x76b: 0xa0, 0x76c: 0xa0, 0x76d: 0xa0, 0x76e: 0xa0, 0x76f: 0x19a,
+	0x770: 0xfb, 0x771: 0xfb, 0x772: 0xfb, 0x773: 0xfb, 0x774: 0xfb, 0x775: 0xfb, 0x776: 0xfb, 0x777: 0xfb,
+	0x778: 0xfb, 0x779: 0xfb, 0x77a: 0xfb, 0x77b: 0xfb, 0x77c: 0xfb, 0x77d: 0xfb, 0x77e: 0xfb, 0x77f: 0xfb,
+	// Block 0x1e, offset 0x780
+	0x780: 0xfb, 0x781: 0xfb, 0x782: 0xfb, 0x783: 0xfb, 0x784: 0xfb, 0x785: 0xfb, 0x786: 0xfb, 0x787: 0xfb,
+	0x788: 0xfb, 0x789: 0xfb, 0x78a: 0xfb, 0x78b: 0xfb, 0x78c: 0xfb, 0x78d: 0xfb, 0x78e: 0xfb, 0x78f: 0xfb,
+	0x790: 0xfb, 0x791: 0xfb, 0x792: 0xfb, 0x793: 0xfb, 0x794: 0xfb, 0x795: 0xfb, 0x796: 0xfb, 0x797: 0xfb,
+	0x798: 0xfb, 0x799: 0xfb, 0x79a: 0xfb, 0x79b: 0xfb, 0x79c: 0xfb, 0x79d: 0xfb, 0x79e: 0xfb, 0x79f: 0xfb,
+	0x7a0: 0x77, 0x7a1: 0x78, 0x7a2: 0x79, 0x7a3: 0x19b, 0x7a4: 0x7a, 0x7a5: 0x7b, 0x7a6: 0x19c, 0x7a7: 0x7c,
+	0x7a8: 0x7d, 0x7a9: 0xfb, 0x7aa: 0xfb, 0x7ab: 0xfb, 0x7ac: 0xfb, 0x7ad: 0xfb, 0x7ae: 0xfb, 0x7af: 0xfb,
+	0x7b0: 0xfb, 0x7b1: 0xfb, 0x7b2: 0xfb, 0x7b3: 0xfb, 0x7b4: 0xfb, 0x7b5: 0xfb, 0x7b6: 0xfb, 0x7b7: 0xfb,
+	0x7b8: 0xfb, 0x7b9: 0xfb, 0x7ba: 0xfb, 0x7bb: 0xfb, 0x7bc: 0xfb, 0x7bd: 0xfb, 0x7be: 0xfb, 0x7bf: 0xfb,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0xa0, 0x7c1: 0xa0, 0x7c2: 0xa0, 0x7c3: 0xa0, 0x7c4: 0xa0, 0x7c5: 0xa0, 0x7c6: 0xa0, 0x7c7: 0xa0,
+	0x7c8: 0xa0, 0x7c9: 0xa0, 0x7ca: 0xa0, 0x7cb: 0xa0, 0x7cc: 0xa0, 0x7cd: 0x19d, 0x7ce: 0xfb, 0x7cf: 0xfb,
+	0x7d0: 0xfb, 0x7d1: 0xfb, 0x7d2: 0xfb, 0x7d3: 0xfb, 0x7d4: 0xfb, 0x7d5: 0xfb, 0x7d6: 0xfb, 0x7d7: 0xfb,
+	0x7d8: 0xfb, 0x7d9: 0xfb, 0x7da: 0xfb, 0x7db: 0xfb, 0x7dc: 0xfb, 0x7dd: 0xfb, 0x7de: 0xfb, 0x7df: 0xfb,
+	0x7e0: 0xfb, 0x7e1: 0xfb, 0x7e2: 0xfb, 0x7e3: 0xfb, 0x7e4: 0xfb, 0x7e5: 0xfb, 0x7e6: 0xfb, 0x7e7: 0xfb,
+	0x7e8: 0xfb, 0x7e9: 0xfb, 0x7ea: 0xfb, 0x7eb: 0xfb, 0x7ec: 0xfb, 0x7ed: 0xfb, 0x7ee: 0xfb, 0x7ef: 0xfb,
+	0x7f0: 0xfb, 0x7f1: 0xfb, 0x7f2: 0xfb, 0x7f3: 0xfb, 0x7f4: 0xfb, 0x7f5: 0xfb, 0x7f6: 0xfb, 0x7f7: 0xfb,
+	0x7f8: 0xfb, 0x7f9: 0xfb, 0x7fa: 0xfb, 0x7fb: 0xfb, 0x7fc: 0xfb, 0x7fd: 0xfb, 0x7fe: 0xfb, 0x7ff: 0xfb,
+	// Block 0x20, offset 0x800
+	0x810: 0x0d, 0x811: 0x0e, 0x812: 0x0f, 0x813: 0x10, 0x814: 0x11, 0x815: 0x0b, 0x816: 0x12, 0x817: 0x07,
+	0x818: 0x13, 0x819: 0x0b, 0x81a: 0x0b, 0x81b: 0x14, 0x81c: 0x0b, 0x81d: 0x15, 0x81e: 0x16, 0x81f: 0x17,
+	0x820: 0x07, 0x821: 0x07, 0x822: 0x07, 0x823: 0x07, 0x824: 0x07, 0x825: 0x07, 0x826: 0x07, 0x827: 0x07,
+	0x828: 0x07, 0x829: 0x07, 0x82a: 0x18, 0x82b: 0x19, 0x82c: 0x1a, 0x82d: 0x07, 0x82e: 0x1b, 0x82f: 0x1c,
+	0x830: 0x07, 0x831: 0x1d, 0x832: 0x0b, 0x833: 0x0b, 0x834: 0x0b, 0x835: 0x0b, 0x836: 0x0b, 0x837: 0x0b,
+	0x838: 0x0b, 0x839: 0x0b, 0x83a: 0x0b, 0x83b: 0x0b, 0x83c: 0x0b, 0x83d: 0x0b, 0x83e: 0x0b, 0x83f: 0x0b,
+	// Block 0x21, offset 0x840
+	0x840: 0x0b, 0x841: 0x0b, 0x842: 0x0b, 0x843: 0x0b, 0x844: 0x0b, 0x845: 0x0b, 0x846: 0x0b, 0x847: 0x0b,
+	0x848: 0x0b, 0x849: 0x0b, 0x84a: 0x0b, 0x84b: 0x0b, 0x84c: 0x0b, 0x84d: 0x0b, 0x84e: 0x0b, 0x84f: 0x0b,
+	0x850: 0x0b, 0x851: 0x0b, 0x852: 0x0b, 0x853: 0x0b, 0x854: 0x0b, 0x855: 0x0b, 0x856: 0x0b, 0x857: 0x0b,
+	0x858: 0x0b, 0x859: 0x0b, 0x85a: 0x0b, 0x85b: 0x0b, 0x85c: 0x0b, 0x85d: 0x0b, 0x85e: 0x0b, 0x85f: 0x0b,
+	0x860: 0x0b, 0x861: 0x0b, 0x862: 0x0b, 0x863: 0x0b, 0x864: 0x0b, 0x865: 0x0b, 0x866: 0x0b, 0x867: 0x0b,
+	0x868: 0x0b, 0x869: 0x0b, 0x86a: 0x0b, 0x86b: 0x0b, 0x86c: 0x0b, 0x86d: 0x0b, 0x86e: 0x0b, 0x86f: 0x0b,
+	0x870: 0x0b, 0x871: 0x0b, 0x872: 0x0b, 0x873: 0x0b, 0x874: 0x0b, 0x875: 0x0b, 0x876: 0x0b, 0x877: 0x0b,
+	0x878: 0x0b, 0x879: 0x0b, 0x87a: 0x0b, 0x87b: 0x0b, 0x87c: 0x0b, 0x87d: 0x0b, 0x87e: 0x0b, 0x87f: 0x0b,
+	// Block 0x22, offset 0x880
+	0x880: 0x19e, 0x881: 0x19f, 0x882: 0xfb, 0x883: 0xfb, 0x884: 0x1a0, 0x885: 0x1a0, 0x886: 0x1a0, 0x887: 0x1a1,
+	0x888: 0xfb, 0x889: 0xfb, 0x88a: 0xfb, 0x88b: 0xfb, 0x88c: 0xfb, 0x88d: 0xfb, 0x88e: 0xfb, 0x88f: 0xfb,
+	0x890: 0xfb, 0x891: 0xfb, 0x892: 0xfb, 0x893: 0xfb, 0x894: 0xfb, 0x895: 0xfb, 0x896: 0xfb, 0x897: 0xfb,
+	0x898: 0xfb, 0x899: 0xfb, 0x89a: 0xfb, 0x89b: 0xfb, 0x89c: 0xfb, 0x89d: 0xfb, 0x89e: 0xfb, 0x89f: 0xfb,
+	0x8a0: 0xfb, 0x8a1: 0xfb, 0x8a2: 0xfb, 0x8a3: 0xfb, 0x8a4: 0xfb, 0x8a5: 0xfb, 0x8a6: 0xfb, 0x8a7: 0xfb,
+	0x8a8: 0xfb, 0x8a9: 0xfb, 0x8aa: 0xfb, 0x8ab: 0xfb, 0x8ac: 0xfb, 0x8ad: 0xfb, 0x8ae: 0xfb, 0x8af: 0xfb,
+	0x8b0: 0xfb, 0x8b1: 0xfb, 0x8b2: 0xfb, 0x8b3: 0xfb, 0x8b4: 0xfb, 0x8b5: 0xfb, 0x8b6: 0xfb, 0x8b7: 0xfb,
+	0x8b8: 0xfb, 0x8b9: 0xfb, 0x8ba: 0xfb, 0x8bb: 0xfb, 0x8bc: 0xfb, 0x8bd: 0xfb, 0x8be: 0xfb, 0x8bf: 0xfb,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x0b, 0x8c1: 0x0b, 0x8c2: 0x0b, 0x8c3: 0x0b, 0x8c4: 0x0b, 0x8c5: 0x0b, 0x8c6: 0x0b, 0x8c7: 0x0b,
+	0x8c8: 0x0b, 0x8c9: 0x0b, 0x8ca: 0x0b, 0x8cb: 0x0b, 0x8cc: 0x0b, 0x8cd: 0x0b, 0x8ce: 0x0b, 0x8cf: 0x0b,
+	0x8d0: 0x0b, 0x8d1: 0x0b, 0x8d2: 0x0b, 0x8d3: 0x0b, 0x8d4: 0x0b, 0x8d5: 0x0b, 0x8d6: 0x0b, 0x8d7: 0x0b,
+	0x8d8: 0x0b, 0x8d9: 0x0b, 0x8da: 0x0b, 0x8db: 0x0b, 0x8dc: 0x0b, 0x8dd: 0x0b, 0x8de: 0x0b, 0x8df: 0x0b,
+	0x8e0: 0x20, 0x8e1: 0x0b, 0x8e2: 0x0b, 0x8e3: 0x0b, 0x8e4: 0x0b, 0x8e5: 0x0b, 0x8e6: 0x0b, 0x8e7: 0x0b,
+	0x8e8: 0x0b, 0x8e9: 0x0b, 0x8ea: 0x0b, 0x8eb: 0x0b, 0x8ec: 0x0b, 0x8ed: 0x0b, 0x8ee: 0x0b, 0x8ef: 0x0b,
+	0x8f0: 0x0b, 0x8f1: 0x0b, 0x8f2: 0x0b, 0x8f3: 0x0b, 0x8f4: 0x0b, 0x8f5: 0x0b, 0x8f6: 0x0b, 0x8f7: 0x0b,
+	0x8f8: 0x0b, 0x8f9: 0x0b, 0x8fa: 0x0b, 0x8fb: 0x0b, 0x8fc: 0x0b, 0x8fd: 0x0b, 0x8fe: 0x0b, 0x8ff: 0x0b,
+	// Block 0x24, offset 0x900
+	0x900: 0x0b, 0x901: 0x0b, 0x902: 0x0b, 0x903: 0x0b, 0x904: 0x0b, 0x905: 0x0b, 0x906: 0x0b, 0x907: 0x0b,
+	0x908: 0x0b, 0x909: 0x0b, 0x90a: 0x0b, 0x90b: 0x0b, 0x90c: 0x0b, 0x90d: 0x0b, 0x90e: 0x0b, 0x90f: 0x0b,
+}
+
+// idnaSparseOffset: 292 entries, 584 bytes
+var idnaSparseOffset = []uint16{0x0, 0x8, 0x19, 0x25, 0x27, 0x2c, 0x33, 0x3e, 0x4a, 0x4e, 0x5d, 0x62, 0x6c, 0x78, 0x85, 0x8b, 0x94, 0xa4, 0xb2, 0xbd, 0xca, 0xdb, 0xe5, 0xec, 0xf9, 0x10a, 0x111, 0x11c, 0x12b, 0x139, 0x143, 0x145, 0x14a, 0x14d, 0x150, 0x152, 0x15e, 0x169, 0x171, 0x177, 0x17d, 0x182, 0x187, 0x18a, 0x18e, 0x194, 0x199, 0x1a5, 0x1af, 0x1b5, 0x1c6, 0x1d0, 0x1d3, 0x1db, 0x1de, 0x1eb, 0x1f3, 0x1f7, 0x1fe, 0x206, 0x216, 0x222, 0x225, 0x22f, 0x23b, 0x247, 0x253, 0x25b, 0x260, 0x26d, 0x27e, 0x282, 0x28d, 0x291, 0x29a, 0x2a2, 0x2a8, 0x2ad, 0x2b0, 0x2b4, 0x2ba, 0x2be, 0x2c2, 0x2c6, 0x2cc, 0x2d4, 0x2db, 0x2e6, 0x2f0, 0x2f4, 0x2f7, 0x2fd, 0x301, 0x303, 0x306, 0x308, 0x30b, 0x315, 0x318, 0x327, 0x32b, 0x330, 0x333, 0x337, 0x33c, 0x341, 0x347, 0x358, 0x368, 0x36e, 0x372, 0x381, 0x386, 0x38e, 0x398, 0x3a3, 0x3ab, 0x3bc, 0x3c5, 0x3d5, 0x3e2, 0x3ee, 0x3f3, 0x400, 0x404, 0x409, 0x40b, 0x40d, 0x411, 0x413, 0x417, 0x420, 0x426, 0x42a, 0x43a, 0x444, 0x449, 0x44c, 0x452, 0x459, 0x45e, 0x462, 0x468, 0x46d, 0x476, 0x47b, 0x481, 0x488, 0x48f, 0x496, 0x49a, 0x49f, 0x4a2, 0x4a7, 0x4b3, 0x4b9, 0x4be, 0x4c5, 0x4cd, 0x4d2, 0x4d6, 0x4e6, 0x4ed, 0x4f1, 0x4f5, 0x4fc, 0x4fe, 0x501, 0x504, 0x508, 0x511, 0x515, 0x51d, 0x525, 0x52d, 0x539, 0x545, 0x54b, 0x554, 0x560, 0x567, 0x570, 0x57b, 0x582, 0x591, 0x59e, 0x5ab, 0x5b4, 0x5b8, 0x5c7, 0x5cf, 0x5da, 0x5e3, 0x5e9, 0x5f1, 0x5fa, 0x605, 0x608, 0x614, 0x61d, 0x620, 0x625, 0x62e, 0x633, 0x640, 0x64b, 0x654, 0x65e, 0x661, 0x66b, 0x674, 0x680, 0x68d, 0x69a, 0x6a8, 0x6af, 0x6b3, 0x6b7, 0x6ba, 0x6bf, 0x6c2, 0x6c7, 0x6ca, 0x6d1, 0x6d8, 0x6dc, 0x6e7, 0x6ea, 0x6ed, 0x6f0, 0x6f6, 0x6fc, 0x705, 0x708, 0x70b, 0x70e, 0x711, 0x718, 0x71b, 0x720, 0x72a, 0x72d, 0x731, 0x740, 0x74c, 0x750, 0x755, 0x759, 0x75e, 0x762, 0x767, 0x770, 0x77b, 0x781, 0x787, 0x78d, 0x793, 0x79c, 0x79f, 0x7a2, 0x7a6, 0x7aa, 0x7ae, 0x7b4, 0x7ba, 0x7bf, 0x7c2, 0x7d2, 0x7d9, 0x7dc, 0x7e1, 0x7e5, 0x7eb, 0x7f2, 0x7f6, 0x7fa, 0x803, 0x80a, 0x80f, 0x813, 0x821, 0x824, 0x827, 0x82b, 0x82f, 0x832, 0x842, 0x853, 0x856, 0x85b, 0x85d, 0x85f}
+
+// idnaSparseValues: 2146 entries, 8584 bytes
+var idnaSparseValues = [2146]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0000, lo: 0x07},
+	{value: 0xe105, lo: 0x80, hi: 0x96},
+	{value: 0x0018, lo: 0x97, hi: 0x97},
+	{value: 0xe105, lo: 0x98, hi: 0x9e},
+	{value: 0x001f, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbf},
+	// Block 0x1, offset 0x8
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0xe01d, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0335, lo: 0x83, hi: 0x83},
+	{value: 0x034d, lo: 0x84, hi: 0x84},
+	{value: 0x0365, lo: 0x85, hi: 0x85},
+	{value: 0xe00d, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0xe00d, lo: 0x88, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x89},
+	{value: 0xe00d, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe00d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0x8d},
+	{value: 0xe00d, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0xbf},
+	// Block 0x2, offset 0x19
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x0249, lo: 0xb0, hi: 0xb0},
+	{value: 0x037d, lo: 0xb1, hi: 0xb1},
+	{value: 0x0259, lo: 0xb2, hi: 0xb2},
+	{value: 0x0269, lo: 0xb3, hi: 0xb3},
+	{value: 0x034d, lo: 0xb4, hi: 0xb4},
+	{value: 0x0395, lo: 0xb5, hi: 0xb5},
+	{value: 0xe1bd, lo: 0xb6, hi: 0xb6},
+	{value: 0x0279, lo: 0xb7, hi: 0xb7},
+	{value: 0x0289, lo: 0xb8, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbf},
+	// Block 0x3, offset 0x25
+	{value: 0x0000, lo: 0x01},
+	{value: 0x3308, lo: 0x80, hi: 0xbf},
+	// Block 0x4, offset 0x27
+	{value: 0x0000, lo: 0x04},
+	{value: 0x03f5, lo: 0x80, hi: 0x8f},
+	{value: 0xe105, lo: 0x90, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x5, offset 0x2c
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x0545, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x0008, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x6, offset 0x33
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0401, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0x0018, lo: 0x89, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0xbd},
+	{value: 0x0818, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x7, offset 0x3e
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0818, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x82},
+	{value: 0x0818, lo: 0x83, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x85},
+	{value: 0x0818, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xae},
+	{value: 0x0808, lo: 0xaf, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x8, offset 0x4a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0a08, lo: 0x80, hi: 0x87},
+	{value: 0x0c08, lo: 0x88, hi: 0x99},
+	{value: 0x0a08, lo: 0x9a, hi: 0xbf},
+	// Block 0x9, offset 0x4e
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3308, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0c08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0a08, lo: 0x8e, hi: 0x98},
+	{value: 0x0c08, lo: 0x99, hi: 0x9b},
+	{value: 0x0a08, lo: 0x9c, hi: 0xaa},
+	{value: 0x0c08, lo: 0xab, hi: 0xac},
+	{value: 0x0a08, lo: 0xad, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb1},
+	{value: 0x0a08, lo: 0xb2, hi: 0xb2},
+	{value: 0x0c08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0a08, lo: 0xb5, hi: 0xb7},
+	{value: 0x0c08, lo: 0xb8, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbf},
+	// Block 0xa, offset 0x5d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xb0},
+	{value: 0x0808, lo: 0xb1, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xb, offset 0x62
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0808, lo: 0x80, hi: 0x89},
+	{value: 0x0a08, lo: 0x8a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x0818, lo: 0xbe, hi: 0xbf},
+	// Block 0xc, offset 0x6c
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x99},
+	{value: 0x0808, lo: 0x9a, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa3},
+	{value: 0x0808, lo: 0xa4, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa7},
+	{value: 0x0808, lo: 0xa8, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0818, lo: 0xb0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xd, offset 0x78
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0a08, lo: 0xa0, hi: 0xa9},
+	{value: 0x0c08, lo: 0xaa, hi: 0xac},
+	{value: 0x0808, lo: 0xad, hi: 0xad},
+	{value: 0x0c08, lo: 0xae, hi: 0xae},
+	{value: 0x0a08, lo: 0xaf, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb2},
+	{value: 0x0a08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0a08, lo: 0xb6, hi: 0xb8},
+	{value: 0x0c08, lo: 0xb9, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbf},
+	// Block 0xe, offset 0x85
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0a08, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x92},
+	{value: 0x3308, lo: 0x93, hi: 0xa1},
+	{value: 0x0840, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xbf},
+	// Block 0xf, offset 0x8b
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x10, offset 0x94
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x85},
+	{value: 0x3008, lo: 0x86, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x3008, lo: 0x8a, hi: 0x8c},
+	{value: 0x3b08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x11, offset 0xa4
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x12, offset 0xb2
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xba},
+	{value: 0x3b08, lo: 0xbb, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x13, offset 0xbd
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x14, offset 0xca
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x89},
+	{value: 0x3b08, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x3008, lo: 0x98, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x15, offset 0xdb
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb2},
+	{value: 0x08f1, lo: 0xb3, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb9},
+	{value: 0x3b08, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0x16, offset 0xe5
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x8e},
+	{value: 0x0018, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0xbf},
+	// Block 0x17, offset 0xec
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0961, lo: 0x9c, hi: 0x9c},
+	{value: 0x0999, lo: 0x9d, hi: 0x9d},
+	{value: 0x0008, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x18, offset 0xf9
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe03d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x19, offset 0x10a
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0xbf},
+	// Block 0x1a, offset 0x111
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x1b, offset 0x11c
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x3008, lo: 0x96, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x3308, lo: 0x9e, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3008, lo: 0xa2, hi: 0xa4},
+	{value: 0x0008, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xbf},
+	// Block 0x1c, offset 0x12b
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x8c},
+	{value: 0x3308, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x3008, lo: 0x9a, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x1d, offset 0x139
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x86},
+	{value: 0x055d, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8c},
+	{value: 0x055d, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbb},
+	{value: 0xe105, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0x1e, offset 0x143
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0018, lo: 0x80, hi: 0xbf},
+	// Block 0x1f, offset 0x145
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa0},
+	{value: 0x2018, lo: 0xa1, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x20, offset 0x14a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa7},
+	{value: 0x2018, lo: 0xa8, hi: 0xbf},
+	// Block 0x21, offset 0x14d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x2018, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0xbf},
+	// Block 0x22, offset 0x150
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0008, lo: 0x80, hi: 0xbf},
+	// Block 0x23, offset 0x152
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x24, offset 0x15e
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x25, offset 0x169
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x26, offset 0x171
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x27, offset 0x177
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x28, offset 0x17d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x29, offset 0x182
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x2a, offset 0x187
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x2b, offset 0x18a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xbf},
+	// Block 0x2c, offset 0x18e
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x2d, offset 0x194
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0x2e, offset 0x199
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x3b08, lo: 0x94, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x2f, offset 0x1a5
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x30, offset 0x1af
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xb3},
+	{value: 0x3340, lo: 0xb4, hi: 0xb5},
+	{value: 0x3008, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x31, offset 0x1b5
+	{value: 0x0000, lo: 0x10},
+	{value: 0x3008, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x91},
+	{value: 0x3b08, lo: 0x92, hi: 0x92},
+	{value: 0x3308, lo: 0x93, hi: 0x93},
+	{value: 0x0018, lo: 0x94, hi: 0x96},
+	{value: 0x0008, lo: 0x97, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x32, offset 0x1c6
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x86},
+	{value: 0x0218, lo: 0x87, hi: 0x87},
+	{value: 0x0018, lo: 0x88, hi: 0x8a},
+	{value: 0x33c0, lo: 0x8b, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0208, lo: 0xa0, hi: 0xbf},
+	// Block 0x33, offset 0x1d0
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0208, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0x34, offset 0x1d3
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0208, lo: 0x87, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xa9},
+	{value: 0x0208, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x35, offset 0x1db
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0x36, offset 0x1de
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x37, offset 0x1eb
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x38, offset 0x1f3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x39, offset 0x1f7
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0028, lo: 0x9a, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xbf},
+	// Block 0x3a, offset 0x1fe
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x3308, lo: 0x97, hi: 0x98},
+	{value: 0x3008, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x3b, offset 0x206
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x94},
+	{value: 0x3008, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3b08, lo: 0xa0, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xac},
+	{value: 0x3008, lo: 0xad, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x3c, offset 0x216
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xbd},
+	{value: 0x3318, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x3d, offset 0x222
+	{value: 0x0000, lo: 0x02},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0xbf},
+	// Block 0x3e, offset 0x225
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3008, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbf},
+	// Block 0x3f, offset 0x22f
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x3808, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x40, offset 0x23b
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3808, lo: 0xaa, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xbf},
+	// Block 0x41, offset 0x247
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3008, lo: 0xaa, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3808, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbf},
+	// Block 0x42, offset 0x253
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x3008, lo: 0xa4, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbf},
+	// Block 0x43, offset 0x25b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x44, offset 0x260
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0e29, lo: 0x80, hi: 0x80},
+	{value: 0x0e41, lo: 0x81, hi: 0x81},
+	{value: 0x0e59, lo: 0x82, hi: 0x82},
+	{value: 0x0e71, lo: 0x83, hi: 0x83},
+	{value: 0x0e89, lo: 0x84, hi: 0x85},
+	{value: 0x0ea1, lo: 0x86, hi: 0x86},
+	{value: 0x0eb9, lo: 0x87, hi: 0x87},
+	{value: 0x057d, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x059d, lo: 0x90, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbc},
+	{value: 0x059d, lo: 0xbd, hi: 0xbf},
+	// Block 0x45, offset 0x26d
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x92},
+	{value: 0x0018, lo: 0x93, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa8},
+	{value: 0x0008, lo: 0xa9, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x46, offset 0x27e
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0x47, offset 0x282
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x87},
+	{value: 0xe045, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0xe045, lo: 0x98, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0xe045, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbf},
+	// Block 0x48, offset 0x28d
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x3318, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbf},
+	// Block 0x49, offset 0x291
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x88},
+	{value: 0x24c1, lo: 0x89, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x4a, offset 0x29a
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x24f1, lo: 0xac, hi: 0xac},
+	{value: 0x2529, lo: 0xad, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xae},
+	{value: 0x2579, lo: 0xaf, hi: 0xaf},
+	{value: 0x25b1, lo: 0xb0, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0x4b, offset 0x2a2
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x9f},
+	{value: 0x0080, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xad},
+	{value: 0x0080, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x4c, offset 0x2a8
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xa8},
+	{value: 0x09dd, lo: 0xa9, hi: 0xa9},
+	{value: 0x09fd, lo: 0xaa, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xbf},
+	// Block 0x4d, offset 0x2ad
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xbf},
+	// Block 0x4e, offset 0x2b0
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x28c1, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0xbf},
+	// Block 0x4f, offset 0x2b4
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0e7e, lo: 0xb4, hi: 0xb4},
+	{value: 0x292a, lo: 0xb5, hi: 0xb5},
+	{value: 0x0e9e, lo: 0xb6, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x50, offset 0x2ba
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x9b},
+	{value: 0x2941, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0xbf},
+	// Block 0x51, offset 0x2be
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x52, offset 0x2c2
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x96},
+	{value: 0x0018, lo: 0x97, hi: 0xbf},
+	// Block 0x53, offset 0x2c6
+	{value: 0x0000, lo: 0x05},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x03f5, lo: 0x90, hi: 0x9f},
+	{value: 0x0ebd, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x54, offset 0x2cc
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x55, offset 0x2d4
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xae},
+	{value: 0xe075, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0x56, offset 0x2db
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x57, offset 0x2e6
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xbf},
+	// Block 0x58, offset 0x2f0
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x59, offset 0x2f4
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x92},
+	{value: 0x0040, lo: 0x93, hi: 0xbf},
+	// Block 0x5a, offset 0x2f7
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9e},
+	{value: 0x0ef5, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0x5b, offset 0x2fd
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb2},
+	{value: 0x0f15, lo: 0xb3, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x5c, offset 0x301
+	{value: 0x0020, lo: 0x01},
+	{value: 0x0f35, lo: 0x80, hi: 0xbf},
+	// Block 0x5d, offset 0x303
+	{value: 0x0020, lo: 0x02},
+	{value: 0x1735, lo: 0x80, hi: 0x8f},
+	{value: 0x1915, lo: 0x90, hi: 0xbf},
+	// Block 0x5e, offset 0x306
+	{value: 0x0020, lo: 0x01},
+	{value: 0x1f15, lo: 0x80, hi: 0xbf},
+	// Block 0x5f, offset 0x308
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x60, offset 0x30b
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9a},
+	{value: 0x29e2, lo: 0x9b, hi: 0x9b},
+	{value: 0x2a0a, lo: 0x9c, hi: 0x9c},
+	{value: 0x0008, lo: 0x9d, hi: 0x9e},
+	{value: 0x2a31, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xbf},
+	// Block 0x61, offset 0x315
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbe},
+	{value: 0x2a69, lo: 0xbf, hi: 0xbf},
+	// Block 0x62, offset 0x318
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0040, lo: 0x80, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xb0},
+	{value: 0x2a35, lo: 0xb1, hi: 0xb1},
+	{value: 0x2a55, lo: 0xb2, hi: 0xb2},
+	{value: 0x2a75, lo: 0xb3, hi: 0xb3},
+	{value: 0x2a95, lo: 0xb4, hi: 0xb4},
+	{value: 0x2a75, lo: 0xb5, hi: 0xb5},
+	{value: 0x2ab5, lo: 0xb6, hi: 0xb6},
+	{value: 0x2ad5, lo: 0xb7, hi: 0xb7},
+	{value: 0x2af5, lo: 0xb8, hi: 0xb9},
+	{value: 0x2b15, lo: 0xba, hi: 0xbb},
+	{value: 0x2b35, lo: 0xbc, hi: 0xbd},
+	{value: 0x2b15, lo: 0xbe, hi: 0xbf},
+	// Block 0x63, offset 0x327
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x64, offset 0x32b
+	{value: 0x0030, lo: 0x04},
+	{value: 0x2aa2, lo: 0x80, hi: 0x9d},
+	{value: 0x305a, lo: 0x9e, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x30a2, lo: 0xa0, hi: 0xbf},
+	// Block 0x65, offset 0x330
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x66, offset 0x333
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x67, offset 0x337
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x68, offset 0x33c
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xbf},
+	// Block 0x69, offset 0x341
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb1},
+	{value: 0x0018, lo: 0xb2, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6a, offset 0x347
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0040, lo: 0x80, hi: 0x81},
+	{value: 0xe00d, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0x83},
+	{value: 0x03f5, lo: 0x84, hi: 0x84},
+	{value: 0x1329, lo: 0x85, hi: 0x85},
+	{value: 0x447d, lo: 0x86, hi: 0x86},
+	{value: 0xe07d, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0xe01d, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0xb4},
+	{value: 0xe01d, lo: 0xb5, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xb7},
+	{value: 0x2009, lo: 0xb8, hi: 0xb8},
+	{value: 0x6ec1, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xbf},
+	// Block 0x6b, offset 0x358
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x3308, lo: 0x8b, hi: 0x8b},
+	{value: 0x0008, lo: 0x8c, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xab},
+	{value: 0x3b08, lo: 0xac, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x6c, offset 0x368
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0208, lo: 0x80, hi: 0xb1},
+	{value: 0x0108, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6d, offset 0x36e
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xbf},
+	// Block 0x6e, offset 0x372
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3008, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xba},
+	{value: 0x0008, lo: 0xbb, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x6f, offset 0x381
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x70, offset 0x386
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x91},
+	{value: 0x3008, lo: 0x92, hi: 0x92},
+	{value: 0x3808, lo: 0x93, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x71, offset 0x38e
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb9},
+	{value: 0x3008, lo: 0xba, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x72, offset 0x398
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x73, offset 0x3a3
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x74, offset 0x3ab
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8c},
+	{value: 0x3008, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0008, lo: 0xbe, hi: 0xbf},
+	// Block 0x75, offset 0x3bc
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x76, offset 0x3c5
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x9a},
+	{value: 0x0008, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3b08, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x77, offset 0x3d5
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x90},
+	{value: 0x0008, lo: 0x91, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x78, offset 0x3e2
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x449d, lo: 0x9c, hi: 0x9c},
+	{value: 0x44b5, lo: 0x9d, hi: 0x9d},
+	{value: 0x2971, lo: 0x9e, hi: 0x9e},
+	{value: 0xe06d, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa8},
+	{value: 0x6ed9, lo: 0xa9, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x44cd, lo: 0xb0, hi: 0xbf},
+	// Block 0x79, offset 0x3ee
+	{value: 0x0000, lo: 0x04},
+	{value: 0x44ed, lo: 0x80, hi: 0x8f},
+	{value: 0x450d, lo: 0x90, hi: 0x9f},
+	{value: 0x452d, lo: 0xa0, hi: 0xaf},
+	{value: 0x450d, lo: 0xb0, hi: 0xbf},
+	// Block 0x7a, offset 0x3f3
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3b08, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x7b, offset 0x400
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x7c, offset 0x404
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x7d, offset 0x409
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0040, lo: 0x80, hi: 0xbf},
+	// Block 0x7e, offset 0x40b
+	{value: 0x0020, lo: 0x01},
+	{value: 0x454d, lo: 0x80, hi: 0xbf},
+	// Block 0x7f, offset 0x40d
+	{value: 0x0020, lo: 0x03},
+	{value: 0x4d4d, lo: 0x80, hi: 0x94},
+	{value: 0x4b0d, lo: 0x95, hi: 0x95},
+	{value: 0x4fed, lo: 0x96, hi: 0xbf},
+	// Block 0x80, offset 0x411
+	{value: 0x0020, lo: 0x01},
+	{value: 0x552d, lo: 0x80, hi: 0xbf},
+	// Block 0x81, offset 0x413
+	{value: 0x0020, lo: 0x03},
+	{value: 0x5d2d, lo: 0x80, hi: 0x84},
+	{value: 0x568d, lo: 0x85, hi: 0x85},
+	{value: 0x5dcd, lo: 0x86, hi: 0xbf},
+	// Block 0x82, offset 0x417
+	{value: 0x0020, lo: 0x08},
+	{value: 0x6b8d, lo: 0x80, hi: 0x8f},
+	{value: 0x6d4d, lo: 0x90, hi: 0x90},
+	{value: 0x6d8d, lo: 0x91, hi: 0xab},
+	{value: 0x6ef1, lo: 0xac, hi: 0xac},
+	{value: 0x70ed, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x710d, lo: 0xb0, hi: 0xbf},
+	// Block 0x83, offset 0x420
+	{value: 0x0020, lo: 0x05},
+	{value: 0x730d, lo: 0x80, hi: 0xad},
+	{value: 0x656d, lo: 0xae, hi: 0xae},
+	{value: 0x78cd, lo: 0xaf, hi: 0xb5},
+	{value: 0x6f8d, lo: 0xb6, hi: 0xb6},
+	{value: 0x79ad, lo: 0xb7, hi: 0xbf},
+	// Block 0x84, offset 0x426
+	{value: 0x0028, lo: 0x03},
+	{value: 0x7c71, lo: 0x80, hi: 0x82},
+	{value: 0x7c31, lo: 0x83, hi: 0x83},
+	{value: 0x7ce9, lo: 0x84, hi: 0xbf},
+	// Block 0x85, offset 0x42a
+	{value: 0x0038, lo: 0x0f},
+	{value: 0x9e01, lo: 0x80, hi: 0x83},
+	{value: 0x9ea9, lo: 0x84, hi: 0x85},
+	{value: 0x9ee1, lo: 0x86, hi: 0x87},
+	{value: 0x9f19, lo: 0x88, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0xa0d9, lo: 0x92, hi: 0x97},
+	{value: 0xa1f1, lo: 0x98, hi: 0x9c},
+	{value: 0xa2d1, lo: 0x9d, hi: 0xb3},
+	{value: 0x9d91, lo: 0xb4, hi: 0xb4},
+	{value: 0x9e01, lo: 0xb5, hi: 0xb5},
+	{value: 0xa7d9, lo: 0xb6, hi: 0xbb},
+	{value: 0xa8b9, lo: 0xbc, hi: 0xbc},
+	{value: 0xa849, lo: 0xbd, hi: 0xbd},
+	{value: 0xa929, lo: 0xbe, hi: 0xbf},
+	// Block 0x86, offset 0x43a
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x0008, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x87, offset 0x444
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0x88, offset 0x449
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x89, offset 0x44c
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x8a, offset 0x452
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x8b, offset 0x459
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x8c, offset 0x45e
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x8d, offset 0x462
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x8e, offset 0x468
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xbf},
+	// Block 0x8f, offset 0x46d
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x90, offset 0x476
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x91, offset 0x47b
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0xbf},
+	// Block 0x92, offset 0x481
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x97},
+	{value: 0x8b0d, lo: 0x98, hi: 0x9f},
+	{value: 0x8b25, lo: 0xa0, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xbf},
+	// Block 0x93, offset 0x488
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x8b25, lo: 0xb0, hi: 0xb7},
+	{value: 0x8b0d, lo: 0xb8, hi: 0xbf},
+	// Block 0x94, offset 0x48f
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x95, offset 0x496
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x96, offset 0x49a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xae},
+	{value: 0x0018, lo: 0xaf, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x97, offset 0x49f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x98, offset 0x4a2
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xbf},
+	// Block 0x99, offset 0x4a7
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0808, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0808, lo: 0x8a, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb6},
+	{value: 0x0808, lo: 0xb7, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbb},
+	{value: 0x0808, lo: 0xbc, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x0808, lo: 0xbf, hi: 0xbf},
+	// Block 0x9a, offset 0x4b3
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x96},
+	{value: 0x0818, lo: 0x97, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb6},
+	{value: 0x0818, lo: 0xb7, hi: 0xbf},
+	// Block 0x9b, offset 0x4b9
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa6},
+	{value: 0x0818, lo: 0xa7, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x9c, offset 0x4be
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xba},
+	{value: 0x0818, lo: 0xbb, hi: 0xbf},
+	// Block 0x9d, offset 0x4c5
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0818, lo: 0x96, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbe},
+	{value: 0x0818, lo: 0xbf, hi: 0xbf},
+	// Block 0x9e, offset 0x4cd
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbb},
+	{value: 0x0818, lo: 0xbc, hi: 0xbd},
+	{value: 0x0808, lo: 0xbe, hi: 0xbf},
+	// Block 0x9f, offset 0x4d2
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0818, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x0818, lo: 0x92, hi: 0xbf},
+	// Block 0xa0, offset 0x4d6
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0808, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x94},
+	{value: 0x0808, lo: 0x95, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0x98},
+	{value: 0x0808, lo: 0x99, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xa1, offset 0x4e6
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0818, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x0818, lo: 0x90, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xbc},
+	{value: 0x0818, lo: 0xbd, hi: 0xbf},
+	// Block 0xa2, offset 0x4ed
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0x9c},
+	{value: 0x0818, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xa3, offset 0x4f1
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb8},
+	{value: 0x0018, lo: 0xb9, hi: 0xbf},
+	// Block 0xa4, offset 0x4f5
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0818, lo: 0x98, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb7},
+	{value: 0x0818, lo: 0xb8, hi: 0xbf},
+	// Block 0xa5, offset 0x4fc
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0808, lo: 0x80, hi: 0xbf},
+	// Block 0xa6, offset 0x4fe
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0808, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0xa7, offset 0x501
+	{value: 0x0000, lo: 0x02},
+	{value: 0x03dd, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xa8, offset 0x504
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xbf},
+	// Block 0xa9, offset 0x508
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0908, lo: 0x80, hi: 0x80},
+	{value: 0x0a08, lo: 0x81, hi: 0xa1},
+	{value: 0x0c08, lo: 0xa2, hi: 0xa2},
+	{value: 0x0a08, lo: 0xa3, hi: 0xa3},
+	{value: 0x3308, lo: 0xa4, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0808, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xaa, offset 0x511
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0818, lo: 0xa0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xab, offset 0x515
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xac},
+	{value: 0x0818, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0808, lo: 0xb0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xac, offset 0x51d
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x9c},
+	{value: 0x0818, lo: 0x9d, hi: 0xa6},
+	{value: 0x0808, lo: 0xa7, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0a08, lo: 0xb0, hi: 0xb2},
+	{value: 0x0c08, lo: 0xb3, hi: 0xb3},
+	{value: 0x0a08, lo: 0xb4, hi: 0xbf},
+	// Block 0xad, offset 0x525
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0a08, lo: 0x80, hi: 0x84},
+	{value: 0x0808, lo: 0x85, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x90},
+	{value: 0x0a18, lo: 0x91, hi: 0x93},
+	{value: 0x0c18, lo: 0x94, hi: 0x94},
+	{value: 0x0818, lo: 0x95, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xae, offset 0x52d
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0a08, lo: 0xb0, hi: 0xb0},
+	{value: 0x0808, lo: 0xb1, hi: 0xb1},
+	{value: 0x0a08, lo: 0xb2, hi: 0xb3},
+	{value: 0x0c08, lo: 0xb4, hi: 0xb6},
+	{value: 0x0808, lo: 0xb7, hi: 0xb7},
+	{value: 0x0a08, lo: 0xb8, hi: 0xb8},
+	{value: 0x0c08, lo: 0xb9, hi: 0xba},
+	{value: 0x0a08, lo: 0xbb, hi: 0xbc},
+	{value: 0x0c08, lo: 0xbd, hi: 0xbd},
+	{value: 0x0a08, lo: 0xbe, hi: 0xbf},
+	// Block 0xaf, offset 0x539
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x80},
+	{value: 0x0a08, lo: 0x81, hi: 0x81},
+	{value: 0x0c08, lo: 0x82, hi: 0x83},
+	{value: 0x0a08, lo: 0x84, hi: 0x84},
+	{value: 0x0818, lo: 0x85, hi: 0x88},
+	{value: 0x0c18, lo: 0x89, hi: 0x89},
+	{value: 0x0a18, lo: 0x8a, hi: 0x8a},
+	{value: 0x0918, lo: 0x8b, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xb0, offset 0x545
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xb1, offset 0x54b
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x91},
+	{value: 0x0018, lo: 0x92, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xb2, offset 0x554
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0xb3, offset 0x560
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xb4, offset 0x567
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb2},
+	{value: 0x3b08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xbf},
+	// Block 0xb5, offset 0x570
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x3008, lo: 0x85, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xb6, offset 0x57b
+	{value: 0x0000, lo: 0x06},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xbe},
+	{value: 0x3008, lo: 0xbf, hi: 0xbf},
+	// Block 0xb7, offset 0x582
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8d},
+	{value: 0x3008, lo: 0x8e, hi: 0x8e},
+	{value: 0x3308, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xb8, offset 0x591
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3808, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xb9, offset 0x59e
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0008, lo: 0x9f, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xba, offset 0x5ab
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x3308, lo: 0x9f, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa9},
+	{value: 0x3b08, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xbb, offset 0x5b4
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xbc, offset 0x5b8
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x84},
+	{value: 0x3008, lo: 0x85, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9d},
+	{value: 0x3308, lo: 0x9e, hi: 0x9e},
+	{value: 0x0008, lo: 0x9f, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xbf},
+	// Block 0xbd, offset 0x5c7
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xbe, offset 0x5cf
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x85},
+	{value: 0x0018, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xbf, offset 0x5da
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xc0, offset 0x5e3
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9b},
+	{value: 0x3308, lo: 0x9c, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0xc1, offset 0x5e9
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xc2, offset 0x5f1
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xc3, offset 0x5fa
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb5},
+	{value: 0x3808, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xc4, offset 0x605
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0xbf},
+	// Block 0xc5, offset 0x608
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbf},
+	// Block 0xc6, offset 0x614
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0xc7, offset 0x61d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xbf},
+	// Block 0xc8, offset 0x620
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0xc9, offset 0x625
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3008, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xca, offset 0x62e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xbf},
+	// Block 0xcb, offset 0x633
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x3008, lo: 0x91, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0x99},
+	{value: 0x3308, lo: 0x9a, hi: 0x9b},
+	{value: 0x3008, lo: 0x9c, hi: 0x9f},
+	{value: 0x3b08, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xa1},
+	{value: 0x0018, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xa3},
+	{value: 0x3008, lo: 0xa4, hi: 0xa4},
+	{value: 0x0040, lo: 0xa5, hi: 0xbf},
+	// Block 0xcc, offset 0x640
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0xcd, offset 0x64b
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x3b08, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0xbf},
+	// Block 0xce, offset 0x654
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x3308, lo: 0x8a, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x98},
+	{value: 0x3b08, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9c},
+	{value: 0x0008, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xa2},
+	{value: 0x0040, lo: 0xa3, hi: 0xbf},
+	// Block 0xcf, offset 0x65e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xd0, offset 0x661
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xd1, offset 0x66b
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xbf},
+	// Block 0xd2, offset 0x674
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xa9},
+	{value: 0x3308, lo: 0xaa, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xd3, offset 0x680
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xd4, offset 0x68d
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xbf},
+	// Block 0xd5, offset 0x69a
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x3008, lo: 0x8a, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x92},
+	{value: 0x3008, lo: 0x93, hi: 0x94},
+	{value: 0x3308, lo: 0x95, hi: 0x95},
+	{value: 0x3008, lo: 0x96, hi: 0x96},
+	{value: 0x3b08, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xbf},
+	// Block 0xd6, offset 0x6a8
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xd7, offset 0x6af
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbf},
+	// Block 0xd8, offset 0x6b3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0xd9, offset 0x6b7
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xda, offset 0x6ba
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xdb, offset 0x6bf
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0xbf},
+	// Block 0xdc, offset 0x6c2
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0340, lo: 0xb0, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xdd, offset 0x6c7
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0xbf},
+	// Block 0xde, offset 0x6ca
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xdf, offset 0x6d1
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xe0, offset 0x6d8
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0xe1, offset 0x6dc
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0xe2, offset 0x6e7
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0xbf},
+	// Block 0xe3, offset 0x6ea
+	{value: 0x0000, lo: 0x02},
+	{value: 0xe105, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0xe4, offset 0x6ed
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0xbf},
+	// Block 0xe5, offset 0x6f0
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8e},
+	{value: 0x3308, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3008, lo: 0x91, hi: 0xbf},
+	// Block 0xe6, offset 0x6f6
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3008, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8e},
+	{value: 0x3308, lo: 0x8f, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xe7, offset 0x6fc
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa1},
+	{value: 0x0018, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xa3},
+	{value: 0x3308, lo: 0xa4, hi: 0xa4},
+	{value: 0x0040, lo: 0xa5, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xe8, offset 0x705
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0xe9, offset 0x708
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0xbf},
+	// Block 0xea, offset 0x70b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0xeb, offset 0x70e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xbf},
+	// Block 0xec, offset 0x711
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x92},
+	{value: 0x0040, lo: 0x93, hi: 0xa3},
+	{value: 0x0008, lo: 0xa4, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xed, offset 0x718
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0xee, offset 0x71b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0xef, offset 0x720
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x03c0, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xbf},
+	// Block 0xf0, offset 0x72a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xf1, offset 0x72d
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xbf},
+	// Block 0xf2, offset 0x731
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0018, lo: 0x80, hi: 0x9d},
+	{value: 0xb609, lo: 0x9e, hi: 0x9e},
+	{value: 0xb651, lo: 0x9f, hi: 0x9f},
+	{value: 0xb699, lo: 0xa0, hi: 0xa0},
+	{value: 0xb701, lo: 0xa1, hi: 0xa1},
+	{value: 0xb769, lo: 0xa2, hi: 0xa2},
+	{value: 0xb7d1, lo: 0xa3, hi: 0xa3},
+	{value: 0xb839, lo: 0xa4, hi: 0xa4},
+	{value: 0x3018, lo: 0xa5, hi: 0xa6},
+	{value: 0x3318, lo: 0xa7, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xac},
+	{value: 0x3018, lo: 0xad, hi: 0xb2},
+	{value: 0x0340, lo: 0xb3, hi: 0xba},
+	{value: 0x3318, lo: 0xbb, hi: 0xbf},
+	// Block 0xf3, offset 0x740
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3318, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0x84},
+	{value: 0x3318, lo: 0x85, hi: 0x8b},
+	{value: 0x0018, lo: 0x8c, hi: 0xa9},
+	{value: 0x3318, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xba},
+	{value: 0xb8a1, lo: 0xbb, hi: 0xbb},
+	{value: 0xb8e9, lo: 0xbc, hi: 0xbc},
+	{value: 0xb931, lo: 0xbd, hi: 0xbd},
+	{value: 0xb999, lo: 0xbe, hi: 0xbe},
+	{value: 0xba01, lo: 0xbf, hi: 0xbf},
+	// Block 0xf4, offset 0x74c
+	{value: 0x0000, lo: 0x03},
+	{value: 0xba69, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xbf},
+	// Block 0xf5, offset 0x750
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x3318, lo: 0x82, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0xbf},
+	// Block 0xf6, offset 0x755
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0xf7, offset 0x759
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xf8, offset 0x75e
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0xf9, offset 0x762
+	{value: 0x0000, lo: 0x04},
+	{value: 0x3308, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0xfa, offset 0x767
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x3308, lo: 0xa1, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xfb, offset 0x770
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa4},
+	{value: 0x0040, lo: 0xa5, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xbf},
+	// Block 0xfc, offset 0x77b
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0008, lo: 0xb7, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0xfd, offset 0x781
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x8e},
+	{value: 0x0018, lo: 0x8f, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0xbf},
+	// Block 0xfe, offset 0x787
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0xff, offset 0x78d
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x86},
+	{value: 0x0818, lo: 0x87, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0x100, offset 0x793
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0a08, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x8a},
+	{value: 0x0b08, lo: 0x8b, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0818, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x101, offset 0x79c
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xb0},
+	{value: 0x0818, lo: 0xb1, hi: 0xbf},
+	// Block 0x102, offset 0x79f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0818, lo: 0x80, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x103, offset 0x7a2
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0818, lo: 0x81, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x104, offset 0x7a6
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0x105, offset 0x7aa
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x106, offset 0x7ae
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0x107, offset 0x7b4
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0x108, offset 0x7ba
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8f},
+	{value: 0xc229, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xbf},
+	// Block 0x109, offset 0x7bf
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xbf},
+	// Block 0x10a, offset 0x7c2
+	{value: 0x0000, lo: 0x0f},
+	{value: 0xc851, lo: 0x80, hi: 0x80},
+	{value: 0xc8a1, lo: 0x81, hi: 0x81},
+	{value: 0xc8f1, lo: 0x82, hi: 0x82},
+	{value: 0xc941, lo: 0x83, hi: 0x83},
+	{value: 0xc991, lo: 0x84, hi: 0x84},
+	{value: 0xc9e1, lo: 0x85, hi: 0x85},
+	{value: 0xca31, lo: 0x86, hi: 0x86},
+	{value: 0xca81, lo: 0x87, hi: 0x87},
+	{value: 0xcad1, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0xcb21, lo: 0x90, hi: 0x90},
+	{value: 0xcb41, lo: 0x91, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xbf},
+	// Block 0x10b, offset 0x7d2
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x10c, offset 0x7d9
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x10d, offset 0x7dc
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xbf},
+	// Block 0x10e, offset 0x7e1
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x10f, offset 0x7e5
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0x110, offset 0x7eb
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0x111, offset 0x7f2
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbf},
+	// Block 0x112, offset 0x7f6
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0xbf},
+	// Block 0x113, offset 0x7fa
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x114, offset 0x803
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x115, offset 0x80a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0x116, offset 0x80f
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x92},
+	{value: 0x0040, lo: 0x93, hi: 0x93},
+	{value: 0x0018, lo: 0x94, hi: 0xbf},
+	// Block 0x117, offset 0x813
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0018, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0xaf},
+	{value: 0x1f41, lo: 0xb0, hi: 0xb0},
+	{value: 0x00c9, lo: 0xb1, hi: 0xb1},
+	{value: 0x0069, lo: 0xb2, hi: 0xb2},
+	{value: 0x0079, lo: 0xb3, hi: 0xb3},
+	{value: 0x1f51, lo: 0xb4, hi: 0xb4},
+	{value: 0x1f61, lo: 0xb5, hi: 0xb5},
+	{value: 0x1f71, lo: 0xb6, hi: 0xb6},
+	{value: 0x1f81, lo: 0xb7, hi: 0xb7},
+	{value: 0x1f91, lo: 0xb8, hi: 0xb8},
+	{value: 0x1fa1, lo: 0xb9, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x118, offset 0x821
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0x119, offset 0x824
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x11a, offset 0x827
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x11b, offset 0x82b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x11c, offset 0x82f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x11d, offset 0x832
+	{value: 0x0020, lo: 0x0f},
+	{value: 0xdf21, lo: 0x80, hi: 0x89},
+	{value: 0x8e35, lo: 0x8a, hi: 0x8a},
+	{value: 0xe061, lo: 0x8b, hi: 0x9c},
+	{value: 0x8e55, lo: 0x9d, hi: 0x9d},
+	{value: 0xe2a1, lo: 0x9e, hi: 0xa2},
+	{value: 0x8e75, lo: 0xa3, hi: 0xa3},
+	{value: 0xe341, lo: 0xa4, hi: 0xab},
+	{value: 0x7f0d, lo: 0xac, hi: 0xac},
+	{value: 0xe441, lo: 0xad, hi: 0xaf},
+	{value: 0x8e95, lo: 0xb0, hi: 0xb0},
+	{value: 0xe4a1, lo: 0xb1, hi: 0xb6},
+	{value: 0x8eb5, lo: 0xb7, hi: 0xb9},
+	{value: 0xe561, lo: 0xba, hi: 0xba},
+	{value: 0x8f15, lo: 0xbb, hi: 0xbb},
+	{value: 0xe581, lo: 0xbc, hi: 0xbf},
+	// Block 0x11e, offset 0x842
+	{value: 0x0020, lo: 0x10},
+	{value: 0x93b5, lo: 0x80, hi: 0x80},
+	{value: 0xf101, lo: 0x81, hi: 0x86},
+	{value: 0x93d5, lo: 0x87, hi: 0x8a},
+	{value: 0xda61, lo: 0x8b, hi: 0x8b},
+	{value: 0xf1c1, lo: 0x8c, hi: 0x96},
+	{value: 0x9455, lo: 0x97, hi: 0x97},
+	{value: 0xf321, lo: 0x98, hi: 0xa3},
+	{value: 0x9475, lo: 0xa4, hi: 0xa6},
+	{value: 0xf4a1, lo: 0xa7, hi: 0xaa},
+	{value: 0x94d5, lo: 0xab, hi: 0xab},
+	{value: 0xf521, lo: 0xac, hi: 0xac},
+	{value: 0x94f5, lo: 0xad, hi: 0xad},
+	{value: 0xf541, lo: 0xae, hi: 0xaf},
+	{value: 0x9515, lo: 0xb0, hi: 0xb1},
+	{value: 0xf581, lo: 0xb2, hi: 0xbe},
+	{value: 0x2040, lo: 0xbf, hi: 0xbf},
+	// Block 0x11f, offset 0x853
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0xbf},
+	// Block 0x120, offset 0x856
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0340, lo: 0x81, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x9f},
+	{value: 0x0340, lo: 0xa0, hi: 0xbf},
+	// Block 0x121, offset 0x85b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0340, lo: 0x80, hi: 0xbf},
+	// Block 0x122, offset 0x85d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x33c0, lo: 0x80, hi: 0xbf},
+	// Block 0x123, offset 0x85f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x33c0, lo: 0x80, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+}
+
+// Total table size 43370 bytes (42KiB); checksum: EBD909C0
diff --git a/vendor/golang.org/x/net/idna/tables9.0.0.go b/vendor/golang.org/x/net/idna/tables9.0.0.go
new file mode 100644
index 0000000000000..4074b5332e3e3
--- /dev/null
+++ b/vendor/golang.org/x/net/idna/tables9.0.0.go
@@ -0,0 +1,4487 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+//go:build !go1.10
+// +build !go1.10
+
+package idna
+
+// UnicodeVersion is the Unicode version from which the tables in this package are derived.
+const UnicodeVersion = "9.0.0"
+
+var mappings string = "" + // Size: 8175 bytes
+	"\x00\x01 \x03 ̈\x01a\x03 ̄\x012\x013\x03 ́\x03 ̧\x011\x01o\x051⁄4\x051⁄2" +
+	"\x053⁄4\x03i̇\x03l·\x03ʼn\x01s\x03dž\x03ⱥ\x03ⱦ\x01h\x01j\x01r\x01w\x01y" +
+	"\x03 ̆\x03 ̇\x03 ̊\x03 ̨\x03 ̃\x03 ̋\x01l\x01x\x04̈́\x03 ι\x01;\x05 ̈́" +
+	"\x04եւ\x04اٴ\x04وٴ\x04ۇٴ\x04يٴ\x06क़\x06ख़\x06ग़\x06ज़\x06ड़\x06ढ़\x06फ़" +
+	"\x06य़\x06ড়\x06ঢ়\x06য়\x06ਲ਼\x06ਸ਼\x06ਖ਼\x06ਗ਼\x06ਜ਼\x06ਫ਼\x06ଡ଼\x06ଢ଼" +
+	"\x06ํา\x06ໍາ\x06ຫນ\x06ຫມ\x06གྷ\x06ཌྷ\x06དྷ\x06བྷ\x06ཛྷ\x06ཀྵ\x06ཱི\x06ཱུ" +
+	"\x06ྲྀ\x09ྲཱྀ\x06ླྀ\x09ླཱྀ\x06ཱྀ\x06ྒྷ\x06ྜྷ\x06ྡྷ\x06ྦྷ\x06ྫྷ\x06ྐྵ\x02" +
+	"в\x02д\x02о\x02с\x02т\x02ъ\x02ѣ\x02æ\x01b\x01d\x01e\x02ǝ\x01g\x01i\x01k" +
+	"\x01m\x01n\x02ȣ\x01p\x01t\x01u\x02ɐ\x02ɑ\x02ə\x02ɛ\x02ɜ\x02ŋ\x02ɔ\x02ɯ" +
+	"\x01v\x02β\x02γ\x02δ\x02φ\x02χ\x02ρ\x02н\x02ɒ\x01c\x02ɕ\x02ð\x01f\x02ɟ" +
+	"\x02ɡ\x02ɥ\x02ɨ\x02ɩ\x02ɪ\x02ʝ\x02ɭ\x02ʟ\x02ɱ\x02ɰ\x02ɲ\x02ɳ\x02ɴ\x02ɵ" +
+	"\x02ɸ\x02ʂ\x02ʃ\x02ƫ\x02ʉ\x02ʊ\x02ʋ\x02ʌ\x01z\x02ʐ\x02ʑ\x02ʒ\x02θ\x02ss" +
+	"\x02ά\x02έ\x02ή\x02ί\x02ό\x02ύ\x02ώ\x05ἀι\x05ἁι\x05ἂι\x05ἃι\x05ἄι\x05ἅι" +
+	"\x05ἆι\x05ἇι\x05ἠι\x05ἡι\x05ἢι\x05ἣι\x05ἤι\x05ἥι\x05ἦι\x05ἧι\x05ὠι\x05ὡι" +
+	"\x05ὢι\x05ὣι\x05ὤι\x05ὥι\x05ὦι\x05ὧι\x05ὰι\x04αι\x04άι\x05ᾶι\x02ι\x05 ̈͂" +
+	"\x05ὴι\x04ηι\x04ήι\x05ῆι\x05 ̓̀\x05 ̓́\x05 ̓͂\x02ΐ\x05 ̔̀\x05 ̔́\x05 ̔͂" +
+	"\x02ΰ\x05 ̈̀\x01`\x05ὼι\x04ωι\x04ώι\x05ῶι\x06′′\x09′′′\x06‵‵\x09‵‵‵\x02!" +
+	"!\x02??\x02?!\x02!?\x0c′′′′\x010\x014\x015\x016\x017\x018\x019\x01+\x01=" +
+	"\x01(\x01)\x02rs\x02ħ\x02no\x01q\x02sm\x02tm\x02ω\x02å\x02א\x02ב\x02ג" +
+	"\x02ד\x02π\x051⁄7\x051⁄9\x061⁄10\x051⁄3\x052⁄3\x051⁄5\x052⁄5\x053⁄5\x054" +
+	"⁄5\x051⁄6\x055⁄6\x051⁄8\x053⁄8\x055⁄8\x057⁄8\x041⁄\x02ii\x02iv\x02vi" +
+	"\x04viii\x02ix\x02xi\x050⁄3\x06∫∫\x09∫∫∫\x06∮∮\x09∮∮∮\x0210\x0211\x0212" +
+	"\x0213\x0214\x0215\x0216\x0217\x0218\x0219\x0220\x04(10)\x04(11)\x04(12)" +
+	"\x04(13)\x04(14)\x04(15)\x04(16)\x04(17)\x04(18)\x04(19)\x04(20)\x0c∫∫∫∫" +
+	"\x02==\x05⫝̸\x02ɫ\x02ɽ\x02ȿ\x02ɀ\x01.\x04 ゙\x04 ゚\x06より\x06コト\x05(ᄀ)\x05" +
+	"(ᄂ)\x05(ᄃ)\x05(ᄅ)\x05(ᄆ)\x05(ᄇ)\x05(ᄉ)\x05(ᄋ)\x05(ᄌ)\x05(ᄎ)\x05(ᄏ)\x05(ᄐ" +
+	")\x05(ᄑ)\x05(ᄒ)\x05(가)\x05(나)\x05(다)\x05(라)\x05(마)\x05(바)\x05(사)\x05(아)" +
+	"\x05(자)\x05(차)\x05(카)\x05(타)\x05(파)\x05(하)\x05(주)\x08(오전)\x08(오후)\x05(一)" +
+	"\x05(二)\x05(三)\x05(四)\x05(五)\x05(六)\x05(七)\x05(八)\x05(九)\x05(十)\x05(月)" +
+	"\x05(火)\x05(水)\x05(木)\x05(金)\x05(土)\x05(日)\x05(株)\x05(有)\x05(社)\x05(名)" +
+	"\x05(特)\x05(財)\x05(祝)\x05(労)\x05(代)\x05(呼)\x05(学)\x05(監)\x05(企)\x05(資)" +
+	"\x05(協)\x05(祭)\x05(休)\x05(自)\x05(至)\x0221\x0222\x0223\x0224\x0225\x0226" +
+	"\x0227\x0228\x0229\x0230\x0231\x0232\x0233\x0234\x0235\x06참고\x06주의\x0236" +
+	"\x0237\x0238\x0239\x0240\x0241\x0242\x0243\x0244\x0245\x0246\x0247\x0248" +
+	"\x0249\x0250\x041月\x042月\x043月\x044月\x045月\x046月\x047月\x048月\x049月\x0510" +
+	"月\x0511月\x0512月\x02hg\x02ev\x0cアパート\x0cアルファ\x0cアンペア\x09アール\x0cイニング\x09" +
+	"インチ\x09ウォン\x0fエスクード\x0cエーカー\x09オンス\x09オーム\x09カイリ\x0cカラット\x0cカロリー\x09ガロ" +
+	"ン\x09ガンマ\x06ギガ\x09ギニー\x0cキュリー\x0cギルダー\x06キロ\x0fキログラム\x12キロメートル\x0fキロワッ" +
+	"ト\x09グラム\x0fグラムトン\x0fクルゼイロ\x0cクローネ\x09ケース\x09コルナ\x09コーポ\x0cサイクル\x0fサンチ" +
+	"ーム\x0cシリング\x09センチ\x09セント\x09ダース\x06デシ\x06ドル\x06トン\x06ナノ\x09ノット\x09ハイツ" +
+	"\x0fパーセント\x09パーツ\x0cバーレル\x0fピアストル\x09ピクル\x06ピコ\x06ビル\x0fファラッド\x0cフィート" +
+	"\x0fブッシェル\x09フラン\x0fヘクタール\x06ペソ\x09ペニヒ\x09ヘルツ\x09ペンス\x09ページ\x09ベータ\x0cポイ" +
+	"ント\x09ボルト\x06ホン\x09ポンド\x09ホール\x09ホーン\x0cマイクロ\x09マイル\x09マッハ\x09マルク\x0fマ" +
+	"ンション\x0cミクロン\x06ミリ\x0fミリバール\x06メガ\x0cメガトン\x0cメートル\x09ヤード\x09ヤール\x09ユアン" +
+	"\x0cリットル\x06リラ\x09ルピー\x0cルーブル\x06レム\x0fレントゲン\x09ワット\x040点\x041点\x042点" +
+	"\x043点\x044点\x045点\x046点\x047点\x048点\x049点\x0510点\x0511点\x0512点\x0513点" +
+	"\x0514点\x0515点\x0516点\x0517点\x0518点\x0519点\x0520点\x0521点\x0522点\x0523点" +
+	"\x0524点\x02da\x02au\x02ov\x02pc\x02dm\x02iu\x06平成\x06昭和\x06大正\x06明治\x0c株" +
+	"式会社\x02pa\x02na\x02ma\x02ka\x02kb\x02mb\x02gb\x04kcal\x02pf\x02nf\x02m" +
+	"g\x02kg\x02hz\x02ml\x02dl\x02kl\x02fm\x02nm\x02mm\x02cm\x02km\x02m2\x02m" +
+	"3\x05m∕s\x06m∕s2\x07rad∕s\x08rad∕s2\x02ps\x02ns\x02ms\x02pv\x02nv\x02mv" +
+	"\x02kv\x02pw\x02nw\x02mw\x02kw\x02bq\x02cc\x02cd\x06c∕kg\x02db\x02gy\x02" +
+	"ha\x02hp\x02in\x02kk\x02kt\x02lm\x02ln\x02lx\x02ph\x02pr\x02sr\x02sv\x02" +
+	"wb\x05v∕m\x05a∕m\x041日\x042日\x043日\x044日\x045日\x046日\x047日\x048日\x049日" +
+	"\x0510日\x0511日\x0512日\x0513日\x0514日\x0515日\x0516日\x0517日\x0518日\x0519日" +
+	"\x0520日\x0521日\x0522日\x0523日\x0524日\x0525日\x0526日\x0527日\x0528日\x0529日" +
+	"\x0530日\x0531日\x02ь\x02ɦ\x02ɬ\x02ʞ\x02ʇ\x02œ\x04𤋮\x04𢡊\x04𢡄\x04𣏕\x04𥉉" +
+	"\x04𥳐\x04𧻓\x02ff\x02fi\x02fl\x02st\x04մն\x04մե\x04մի\x04վն\x04մխ\x04יִ" +
+	"\x04ײַ\x02ע\x02ה\x02כ\x02ל\x02ם\x02ר\x02ת\x04שׁ\x04שׂ\x06שּׁ\x06שּׂ\x04א" +
+	"ַ\x04אָ\x04אּ\x04בּ\x04גּ\x04דּ\x04הּ\x04וּ\x04זּ\x04טּ\x04יּ\x04ךּ\x04" +
+	"כּ\x04לּ\x04מּ\x04נּ\x04סּ\x04ףּ\x04פּ\x04צּ\x04קּ\x04רּ\x04שּ\x04תּ" +
+	"\x04וֹ\x04בֿ\x04כֿ\x04פֿ\x04אל\x02ٱ\x02ٻ\x02پ\x02ڀ\x02ٺ\x02ٿ\x02ٹ\x02ڤ" +
+	"\x02ڦ\x02ڄ\x02ڃ\x02چ\x02ڇ\x02ڍ\x02ڌ\x02ڎ\x02ڈ\x02ژ\x02ڑ\x02ک\x02گ\x02ڳ" +
+	"\x02ڱ\x02ں\x02ڻ\x02ۀ\x02ہ\x02ھ\x02ے\x02ۓ\x02ڭ\x02ۇ\x02ۆ\x02ۈ\x02ۋ\x02ۅ" +
+	"\x02ۉ\x02ې\x02ى\x04ئا\x04ئە\x04ئو\x04ئۇ\x04ئۆ\x04ئۈ\x04ئې\x04ئى\x02ی\x04" +
+	"ئج\x04ئح\x04ئم\x04ئي\x04بج\x04بح\x04بخ\x04بم\x04بى\x04بي\x04تج\x04تح" +
+	"\x04تخ\x04تم\x04تى\x04تي\x04ثج\x04ثم\x04ثى\x04ثي\x04جح\x04جم\x04حج\x04حم" +
+	"\x04خج\x04خح\x04خم\x04سج\x04سح\x04سخ\x04سم\x04صح\x04صم\x04ضج\x04ضح\x04ضخ" +
+	"\x04ضم\x04طح\x04طم\x04ظم\x04عج\x04عم\x04غج\x04غم\x04فج\x04فح\x04فخ\x04فم" +
+	"\x04فى\x04في\x04قح\x04قم\x04قى\x04قي\x04كا\x04كج\x04كح\x04كخ\x04كل\x04كم" +
+	"\x04كى\x04كي\x04لج\x04لح\x04لخ\x04لم\x04لى\x04لي\x04مج\x04مح\x04مخ\x04مم" +
+	"\x04مى\x04مي\x04نج\x04نح\x04نخ\x04نم\x04نى\x04ني\x04هج\x04هم\x04هى\x04هي" +
+	"\x04يج\x04يح\x04يخ\x04يم\x04يى\x04يي\x04ذٰ\x04رٰ\x04ىٰ\x05 ٌّ\x05 ٍّ\x05" +
+	" َّ\x05 ُّ\x05 ِّ\x05 ّٰ\x04ئر\x04ئز\x04ئن\x04بر\x04بز\x04بن\x04تر\x04تز" +
+	"\x04تن\x04ثر\x04ثز\x04ثن\x04ما\x04نر\x04نز\x04نن\x04ير\x04يز\x04ين\x04ئخ" +
+	"\x04ئه\x04به\x04ته\x04صخ\x04له\x04نه\x04هٰ\x04يه\x04ثه\x04سه\x04شم\x04شه" +
+	"\x06ـَّ\x06ـُّ\x06ـِّ\x04طى\x04طي\x04عى\x04عي\x04غى\x04غي\x04سى\x04سي" +
+	"\x04شى\x04شي\x04حى\x04حي\x04جى\x04جي\x04خى\x04خي\x04صى\x04صي\x04ضى\x04ضي" +
+	"\x04شج\x04شح\x04شخ\x04شر\x04سر\x04صر\x04ضر\x04اً\x06تجم\x06تحج\x06تحم" +
+	"\x06تخم\x06تمج\x06تمح\x06تمخ\x06جمح\x06حمي\x06حمى\x06سحج\x06سجح\x06سجى" +
+	"\x06سمح\x06سمج\x06سمم\x06صحح\x06صمم\x06شحم\x06شجي\x06شمخ\x06شمم\x06ضحى" +
+	"\x06ضخم\x06طمح\x06طمم\x06طمي\x06عجم\x06عمم\x06عمى\x06غمم\x06غمي\x06غمى" +
+	"\x06فخم\x06قمح\x06قمم\x06لحم\x06لحي\x06لحى\x06لجج\x06لخم\x06لمح\x06محج" +
+	"\x06محم\x06محي\x06مجح\x06مجم\x06مخج\x06مخم\x06مجخ\x06همج\x06همم\x06نحم" +
+	"\x06نحى\x06نجم\x06نجى\x06نمي\x06نمى\x06يمم\x06بخي\x06تجي\x06تجى\x06تخي" +
+	"\x06تخى\x06تمي\x06تمى\x06جمي\x06جحى\x06جمى\x06سخى\x06صحي\x06شحي\x06ضحي" +
+	"\x06لجي\x06لمي\x06يحي\x06يجي\x06يمي\x06ممي\x06قمي\x06نحي\x06عمي\x06كمي" +
+	"\x06نجح\x06مخي\x06لجم\x06كمم\x06جحي\x06حجي\x06مجي\x06فمي\x06بحي\x06سخي" +
+	"\x06نجي\x06صلے\x06قلے\x08الله\x08اكبر\x08محمد\x08صلعم\x08رسول\x08عليه" +
+	"\x08وسلم\x06صلى!صلى الله عليه وسلم\x0fجل جلاله\x08ریال\x01,\x01:\x01!" +
+	"\x01?\x01_\x01{\x01}\x01[\x01]\x01#\x01&\x01*\x01-\x01<\x01>\x01\\\x01$" +
+	"\x01%\x01@\x04ـً\x04ـَ\x04ـُ\x04ـِ\x04ـّ\x04ـْ\x02ء\x02آ\x02أ\x02ؤ\x02إ" +
+	"\x02ئ\x02ا\x02ب\x02ة\x02ت\x02ث\x02ج\x02ح\x02خ\x02د\x02ذ\x02ر\x02ز\x02س" +
+	"\x02ش\x02ص\x02ض\x02ط\x02ظ\x02ع\x02غ\x02ف\x02ق\x02ك\x02ل\x02م\x02ن\x02ه" +
+	"\x02و\x02ي\x04لآ\x04لأ\x04لإ\x04لا\x01\x22\x01'\x01/\x01^\x01|\x01~\x02¢" +
+	"\x02£\x02¬\x02¦\x02¥\x08𝅗𝅥\x08𝅘𝅥\x0c𝅘𝅥𝅮\x0c𝅘𝅥𝅯\x0c𝅘𝅥𝅰\x0c𝅘𝅥𝅱\x0c𝅘𝅥𝅲\x08𝆹" +
+	"𝅥\x08𝆺𝅥\x0c𝆹𝅥𝅮\x0c𝆺𝅥𝅮\x0c𝆹𝅥𝅯\x0c𝆺𝅥𝅯\x02ı\x02ȷ\x02α\x02ε\x02ζ\x02η\x02" +
+	"κ\x02λ\x02μ\x02ν\x02ξ\x02ο\x02σ\x02τ\x02υ\x02ψ\x03∇\x03∂\x02ϝ\x02ٮ\x02ڡ" +
+	"\x02ٯ\x020,\x021,\x022,\x023,\x024,\x025,\x026,\x027,\x028,\x029,\x03(a)" +
+	"\x03(b)\x03(c)\x03(d)\x03(e)\x03(f)\x03(g)\x03(h)\x03(i)\x03(j)\x03(k)" +
+	"\x03(l)\x03(m)\x03(n)\x03(o)\x03(p)\x03(q)\x03(r)\x03(s)\x03(t)\x03(u)" +
+	"\x03(v)\x03(w)\x03(x)\x03(y)\x03(z)\x07〔s〕\x02wz\x02hv\x02sd\x03ppv\x02w" +
+	"c\x02mc\x02md\x02dj\x06ほか\x06ココ\x03サ\x03手\x03字\x03双\x03デ\x03二\x03多\x03解" +
+	"\x03天\x03交\x03映\x03無\x03料\x03前\x03後\x03再\x03新\x03初\x03終\x03生\x03販\x03声" +
+	"\x03吹\x03演\x03投\x03捕\x03一\x03三\x03遊\x03左\x03中\x03右\x03指\x03走\x03打\x03禁" +
+	"\x03空\x03合\x03満\x03有\x03月\x03申\x03割\x03営\x03配\x09〔本〕\x09〔三〕\x09〔二〕\x09〔安" +
+	"〕\x09〔点〕\x09〔打〕\x09〔盗〕\x09〔勝〕\x09〔敗〕\x03得\x03可\x03丽\x03丸\x03乁\x03你\x03" +
+	"侮\x03侻\x03倂\x03偺\x03備\x03僧\x03像\x03㒞\x03免\x03兔\x03兤\x03具\x03㒹\x03內\x03" +
+	"冗\x03冤\x03仌\x03冬\x03况\x03凵\x03刃\x03㓟\x03刻\x03剆\x03剷\x03㔕\x03勇\x03勉\x03" +
+	"勤\x03勺\x03包\x03匆\x03北\x03卉\x03卑\x03博\x03即\x03卽\x03卿\x03灰\x03及\x03叟\x03" +
+	"叫\x03叱\x03吆\x03咞\x03吸\x03呈\x03周\x03咢\x03哶\x03唐\x03啓\x03啣\x03善\x03喙\x03" +
+	"喫\x03喳\x03嗂\x03圖\x03嘆\x03圗\x03噑\x03噴\x03切\x03壮\x03城\x03埴\x03堍\x03型\x03" +
+	"堲\x03報\x03墬\x03売\x03壷\x03夆\x03夢\x03奢\x03姬\x03娛\x03娧\x03姘\x03婦\x03㛮\x03" +
+	"嬈\x03嬾\x03寃\x03寘\x03寧\x03寳\x03寿\x03将\x03尢\x03㞁\x03屠\x03屮\x03峀\x03岍\x03" +
+	"嵃\x03嵮\x03嵫\x03嵼\x03巡\x03巢\x03㠯\x03巽\x03帨\x03帽\x03幩\x03㡢\x03㡼\x03庰\x03" +
+	"庳\x03庶\x03廊\x03廾\x03舁\x03弢\x03㣇\x03形\x03彫\x03㣣\x03徚\x03忍\x03志\x03忹\x03" +
+	"悁\x03㤺\x03㤜\x03悔\x03惇\x03慈\x03慌\x03慎\x03慺\x03憎\x03憲\x03憤\x03憯\x03懞\x03" +
+	"懲\x03懶\x03成\x03戛\x03扝\x03抱\x03拔\x03捐\x03挽\x03拼\x03捨\x03掃\x03揤\x03搢\x03" +
+	"揅\x03掩\x03㨮\x03摩\x03摾\x03撝\x03摷\x03㩬\x03敏\x03敬\x03旣\x03書\x03晉\x03㬙\x03" +
+	"暑\x03㬈\x03㫤\x03冒\x03冕\x03最\x03暜\x03肭\x03䏙\x03朗\x03望\x03朡\x03杞\x03杓\x03" +
+	"㭉\x03柺\x03枅\x03桒\x03梅\x03梎\x03栟\x03椔\x03㮝\x03楂\x03榣\x03槪\x03檨\x03櫛\x03" +
+	"㰘\x03次\x03歔\x03㱎\x03歲\x03殟\x03殺\x03殻\x03汎\x03沿\x03泍\x03汧\x03洖\x03派\x03" +
+	"海\x03流\x03浩\x03浸\x03涅\x03洴\x03港\x03湮\x03㴳\x03滋\x03滇\x03淹\x03潮\x03濆\x03" +
+	"瀹\x03瀞\x03瀛\x03㶖\x03灊\x03災\x03灷\x03炭\x03煅\x03熜\x03爨\x03爵\x03牐\x03犀\x03" +
+	"犕\x03獺\x03王\x03㺬\x03玥\x03㺸\x03瑇\x03瑜\x03瑱\x03璅\x03瓊\x03㼛\x03甤\x03甾\x03" +
+	"異\x03瘐\x03㿼\x03䀈\x03直\x03眞\x03真\x03睊\x03䀹\x03瞋\x03䁆\x03䂖\x03硎\x03碌\x03" +
+	"磌\x03䃣\x03祖\x03福\x03秫\x03䄯\x03穀\x03穊\x03穏\x03䈂\x03篆\x03築\x03䈧\x03糒\x03" +
+	"䊠\x03糨\x03糣\x03紀\x03絣\x03䌁\x03緇\x03縂\x03繅\x03䌴\x03䍙\x03罺\x03羕\x03翺\x03" +
+	"者\x03聠\x03聰\x03䏕\x03育\x03脃\x03䐋\x03脾\x03媵\x03舄\x03辞\x03䑫\x03芑\x03芋\x03" +
+	"芝\x03劳\x03花\x03芳\x03芽\x03苦\x03若\x03茝\x03荣\x03莭\x03茣\x03莽\x03菧\x03著\x03" +
+	"荓\x03菊\x03菌\x03菜\x03䔫\x03蓱\x03蓳\x03蔖\x03蕤\x03䕝\x03䕡\x03䕫\x03虐\x03虜\x03" +
+	"虧\x03虩\x03蚩\x03蚈\x03蜎\x03蛢\x03蝹\x03蜨\x03蝫\x03螆\x03蟡\x03蠁\x03䗹\x03衠\x03" +
+	"衣\x03裗\x03裞\x03䘵\x03裺\x03㒻\x03䚾\x03䛇\x03誠\x03諭\x03變\x03豕\x03貫\x03賁\x03" +
+	"贛\x03起\x03跋\x03趼\x03跰\x03軔\x03輸\x03邔\x03郱\x03鄑\x03鄛\x03鈸\x03鋗\x03鋘\x03" +
+	"鉼\x03鏹\x03鐕\x03開\x03䦕\x03閷\x03䧦\x03雃\x03嶲\x03霣\x03䩮\x03䩶\x03韠\x03䪲\x03" +
+	"頋\x03頩\x03飢\x03䬳\x03餩\x03馧\x03駂\x03駾\x03䯎\x03鬒\x03鱀\x03鳽\x03䳎\x03䳭\x03" +
+	"鵧\x03䳸\x03麻\x03䵖\x03黹\x03黾\x03鼅\x03鼏\x03鼖\x03鼻"
+
+var xorData string = "" + // Size: 4855 bytes
+	"\x02\x0c\x09\x02\xb0\xec\x02\xad\xd8\x02\xad\xd9\x02\x06\x07\x02\x0f\x12" +
+	"\x02\x0f\x1f\x02\x0f\x1d\x02\x01\x13\x02\x0f\x16\x02\x0f\x0b\x02\x0f3" +
+	"\x02\x0f7\x02\x0f?\x02\x0f/\x02\x0f*\x02\x0c&\x02\x0c*\x02\x0c;\x02\x0c9" +
+	"\x02\x0c%\x02\xab\xed\x02\xab\xe2\x02\xab\xe3\x02\xa9\xe0\x02\xa9\xe1" +
+	"\x02\xa9\xe6\x02\xa3\xcb\x02\xa3\xc8\x02\xa3\xc9\x02\x01#\x02\x01\x08" +
+	"\x02\x0e>\x02\x0e'\x02\x0f\x03\x02\x03\x0d\x02\x03\x09\x02\x03\x17\x02" +
+	"\x03\x0e\x02\x02\x03\x02\x011\x02\x01\x00\x02\x01\x10\x02\x03<\x02\x07" +
+	"\x0d\x02\x02\x0c\x02\x0c0\x02\x01\x03\x02\x01\x01\x02\x01 \x02\x01\x22" +
+	"\x02\x01)\x02\x01\x0a\x02\x01\x0c\x02\x02\x06\x02\x02\x02\x02\x03\x10" +
+	"\x03\x037 \x03\x0b+\x03\x02\x01\x04\x02\x01\x02\x02\x019\x02\x03\x1c\x02" +
+	"\x02$\x03\x80p$\x02\x03:\x02\x03\x0a\x03\xc1r.\x03\xc1r,\x03\xc1r\x02" +
+	"\x02\x02:\x02\x02>\x02\x02,\x02\x02\x10\x02\x02\x00\x03\xc1s<\x03\xc1s*" +
+	"\x03\xc2L$\x03\xc2L;\x02\x09)\x02\x0a\x19\x03\x83\xab\xe3\x03\x83\xab" +
+	"\xf2\x03 4\xe0\x03\x81\xab\xea\x03\x81\xab\xf3\x03 4\xef\x03\x96\xe1\xcd" +
+	"\x03\x84\xe5\xc3\x02\x0d\x11\x03\x8b\xec\xcb\x03\x94\xec\xcf\x03\x9a\xec" +
+	"\xc2\x03\x8b\xec\xdb\x03\x94\xec\xdf\x03\x9a\xec\xd2\x03\x01\x0c!\x03" +
+	"\x01\x0c#\x03ʠ\x9d\x03ʣ\x9c\x03ʢ\x9f\x03ʥ\x9e\x03ʤ\x91\x03ʧ\x90\x03ʦ\x93" +
+	"\x03ʩ\x92\x03ʨ\x95\x03\xca\xf3\xb5\x03\xca\xf0\xb4\x03\xca\xf1\xb7\x03" +
+	"\xca\xf6\xb6\x03\xca\xf7\x89\x03\xca\xf4\x88\x03\xca\xf5\x8b\x03\xca\xfa" +
+	"\x8a\x03\xca\xfb\x8d\x03\xca\xf8\x8c\x03\xca\xf9\x8f\x03\xca\xfe\x8e\x03" +
+	"\xca\xff\x81\x03\xca\xfc\x80\x03\xca\xfd\x83\x03\xca\xe2\x82\x03\xca\xe3" +
+	"\x85\x03\xca\xe0\x84\x03\xca\xe1\x87\x03\xca\xe6\x86\x03\xca\xe7\x99\x03" +
+	"\xca\xe4\x98\x03\xca\xe5\x9b\x03\xca\xea\x9a\x03\xca\xeb\x9d\x03\xca\xe8" +
+	"\x9c\x03ؓ\x89\x03ߔ\x8b\x02\x010\x03\x03\x04\x1e\x03\x04\x15\x12\x03\x0b" +
+	"\x05,\x03\x06\x04\x00\x03\x06\x04)\x03\x06\x044\x03\x06\x04<\x03\x06\x05" +
+	"\x1d\x03\x06\x06\x00\x03\x06\x06\x0a\x03\x06\x06'\x03\x06\x062\x03\x0786" +
+	"\x03\x079/\x03\x079 \x03\x07:\x0e\x03\x07:\x1b\x03\x07:%\x03\x07;/\x03" +
+	"\x07;%\x03\x074\x11\x03\x076\x09\x03\x077*\x03\x070\x01\x03\x070\x0f\x03" +
+	"\x070.\x03\x071\x16\x03\x071\x04\x03\x0710\x03\x072\x18\x03\x072-\x03" +
+	"\x073\x14\x03\x073>\x03\x07'\x09\x03\x07 \x00\x03\x07\x1f\x0b\x03\x07" +
+	"\x18#\x03\x07\x18(\x03\x07\x186\x03\x07\x18\x03\x03\x07\x19\x16\x03\x07" +
+	"\x116\x03\x07\x12'\x03\x07\x13\x10\x03\x07\x0c&\x03\x07\x0c\x08\x03\x07" +
+	"\x0c\x13\x03\x07\x0d\x02\x03\x07\x0d\x1c\x03\x07\x0b5\x03\x07\x0b\x0a" +
+	"\x03\x07\x0b\x01\x03\x07\x0b\x0f\x03\x07\x05\x00\x03\x07\x05\x09\x03\x07" +
+	"\x05\x0b\x03\x07\x07\x01\x03\x07\x07\x08\x03\x07\x00<\x03\x07\x00+\x03" +
+	"\x07\x01)\x03\x07\x01\x1b\x03\x07\x01\x08\x03\x07\x03?\x03\x0445\x03\x04" +
+	"4\x08\x03\x0454\x03\x04)/\x03\x04)5\x03\x04+\x05\x03\x04+\x14\x03\x04+ " +
+	"\x03\x04+<\x03\x04*&\x03\x04*\x22\x03\x04&8\x03\x04!\x01\x03\x04!\x22" +
+	"\x03\x04\x11+\x03\x04\x10.\x03\x04\x104\x03\x04\x13=\x03\x04\x12\x04\x03" +
+	"\x04\x12\x0a\x03\x04\x0d\x1d\x03\x04\x0d\x07\x03\x04\x0d \x03\x05<>\x03" +
+	"\x055<\x03\x055!\x03\x055#\x03\x055&\x03\x054\x1d\x03\x054\x02\x03\x054" +
+	"\x07\x03\x0571\x03\x053\x1a\x03\x053\x16\x03\x05.<\x03\x05.\x07\x03\x05)" +
+	":\x03\x05)<\x03\x05)\x0c\x03\x05)\x15\x03\x05+-\x03\x05+5\x03\x05$\x1e" +
+	"\x03\x05$\x14\x03\x05'\x04\x03\x05'\x14\x03\x05&\x02\x03\x05\x226\x03" +
+	"\x05\x22\x0c\x03\x05\x22\x1c\x03\x05\x19\x0a\x03\x05\x1b\x09\x03\x05\x1b" +
+	"\x0c\x03\x05\x14\x07\x03\x05\x16?\x03\x05\x16\x0c\x03\x05\x0c\x05\x03" +
+	"\x05\x0e\x0f\x03\x05\x01\x0e\x03\x05\x00(\x03\x05\x030\x03\x05\x03\x06" +
+	"\x03\x0a==\x03\x0a=1\x03\x0a=,\x03\x0a=\x0c\x03\x0a??\x03\x0a<\x08\x03" +
+	"\x0a9!\x03\x0a9)\x03\x0a97\x03\x0a99\x03\x0a6\x0a\x03\x0a6\x1c\x03\x0a6" +
+	"\x17\x03\x0a7'\x03\x0a78\x03\x0a73\x03\x0a'\x01\x03\x0a'&\x03\x0a\x1f" +
+	"\x0e\x03\x0a\x1f\x03\x03\x0a\x1f3\x03\x0a\x1b/\x03\x0a\x18\x19\x03\x0a" +
+	"\x19\x01\x03\x0a\x16\x14\x03\x0a\x0e\x22\x03\x0a\x0f\x10\x03\x0a\x0f\x02" +
+	"\x03\x0a\x0f \x03\x0a\x0c\x04\x03\x0a\x0b>\x03\x0a\x0b+\x03\x0a\x08/\x03" +
+	"\x0a\x046\x03\x0a\x05\x14\x03\x0a\x00\x04\x03\x0a\x00\x10\x03\x0a\x00" +
+	"\x14\x03\x0b<3\x03\x0b;*\x03\x0b9\x22\x03\x0b9)\x03\x0b97\x03\x0b+\x10" +
+	"\x03\x0b((\x03\x0b&5\x03\x0b$\x1c\x03\x0b$\x12\x03\x0b%\x04\x03\x0b#<" +
+	"\x03\x0b#0\x03\x0b#\x0d\x03\x0b#\x19\x03\x0b!:\x03\x0b!\x1f\x03\x0b!\x00" +
+	"\x03\x0b\x1e5\x03\x0b\x1c\x1d\x03\x0b\x1d-\x03\x0b\x1d(\x03\x0b\x18.\x03" +
+	"\x0b\x18 \x03\x0b\x18\x16\x03\x0b\x14\x13\x03\x0b\x15$\x03\x0b\x15\x22" +
+	"\x03\x0b\x12\x1b\x03\x0b\x12\x10\x03\x0b\x132\x03\x0b\x13=\x03\x0b\x12" +
+	"\x18\x03\x0b\x0c&\x03\x0b\x061\x03\x0b\x06:\x03\x0b\x05#\x03\x0b\x05<" +
+	"\x03\x0b\x04\x0b\x03\x0b\x04\x04\x03\x0b\x04\x1b\x03\x0b\x042\x03\x0b" +
+	"\x041\x03\x0b\x03\x03\x03\x0b\x03\x1d\x03\x0b\x03/\x03\x0b\x03+\x03\x0b" +
+	"\x02\x1b\x03\x0b\x02\x00\x03\x0b\x01\x1e\x03\x0b\x01\x08\x03\x0b\x015" +
+	"\x03\x06\x0d9\x03\x06\x0d=\x03\x06\x0d?\x03\x02\x001\x03\x02\x003\x03" +
+	"\x02\x02\x19\x03\x02\x006\x03\x02\x02\x1b\x03\x02\x004\x03\x02\x00<\x03" +
+	"\x02\x02\x0a\x03\x02\x02\x0e\x03\x02\x01\x1a\x03\x02\x01\x07\x03\x02\x01" +
+	"\x05\x03\x02\x01\x0b\x03\x02\x01%\x03\x02\x01\x0c\x03\x02\x01\x04\x03" +
+	"\x02\x01\x1c\x03\x02\x00.\x03\x02\x002\x03\x02\x00>\x03\x02\x00\x12\x03" +
+	"\x02\x00\x16\x03\x02\x011\x03\x02\x013\x03\x02\x02 \x03\x02\x02%\x03\x02" +
+	"\x02$\x03\x02\x028\x03\x02\x02;\x03\x02\x024\x03\x02\x012\x03\x02\x022" +
+	"\x03\x02\x02/\x03\x02\x01,\x03\x02\x01\x13\x03\x02\x01\x16\x03\x02\x01" +
+	"\x11\x03\x02\x01\x1e\x03\x02\x01\x15\x03\x02\x01\x17\x03\x02\x01\x0f\x03" +
+	"\x02\x01\x08\x03\x02\x00?\x03\x02\x03\x07\x03\x02\x03\x0d\x03\x02\x03" +
+	"\x13\x03\x02\x03\x1d\x03\x02\x03\x1f\x03\x02\x00\x03\x03\x02\x00\x0d\x03" +
+	"\x02\x00\x01\x03\x02\x00\x1b\x03\x02\x00\x19\x03\x02\x00\x18\x03\x02\x00" +
+	"\x13\x03\x02\x00/\x03\x07>\x12\x03\x07<\x1f\x03\x07>\x1d\x03\x06\x1d\x0e" +
+	"\x03\x07>\x1c\x03\x07>:\x03\x07>\x13\x03\x04\x12+\x03\x07?\x03\x03\x07>" +
+	"\x02\x03\x06\x224\x03\x06\x1a.\x03\x07<%\x03\x06\x1c\x0b\x03\x0609\x03" +
+	"\x05\x1f\x01\x03\x04'\x08\x03\x93\xfd\xf5\x03\x02\x0d \x03\x02\x0d#\x03" +
+	"\x02\x0d!\x03\x02\x0d&\x03\x02\x0d\x22\x03\x02\x0d/\x03\x02\x0d,\x03\x02" +
+	"\x0d$\x03\x02\x0d'\x03\x02\x0d%\x03\x02\x0d;\x03\x02\x0d=\x03\x02\x0d?" +
+	"\x03\x099.\x03\x08\x0b7\x03\x08\x02\x14\x03\x08\x14\x0d\x03\x08.:\x03" +
+	"\x089'\x03\x0f\x0b\x18\x03\x0f\x1c1\x03\x0f\x17&\x03\x0f9\x1f\x03\x0f0" +
+	"\x0c\x03\x0e\x0a9\x03\x0e\x056\x03\x0e\x1c#\x03\x0f\x13\x0e\x03\x072\x00" +
+	"\x03\x070\x0d\x03\x072\x0b\x03\x06\x11\x18\x03\x070\x10\x03\x06\x0f(\x03" +
+	"\x072\x05\x03\x06\x0f,\x03\x073\x15\x03\x06\x07\x08\x03\x05\x16\x02\x03" +
+	"\x04\x0b \x03\x05:8\x03\x05\x16%\x03\x0a\x0d\x1f\x03\x06\x16\x10\x03\x05" +
+	"\x1d5\x03\x05*;\x03\x05\x16\x1b\x03\x04.-\x03\x06\x1a\x19\x03\x04\x03," +
+	"\x03\x0b87\x03\x04/\x0a\x03\x06\x00,\x03\x04-\x01\x03\x04\x1e-\x03\x06/(" +
+	"\x03\x0a\x0b5\x03\x06\x0e7\x03\x06\x07.\x03\x0597\x03\x0a*%\x03\x0760" +
+	"\x03\x06\x0c;\x03\x05'\x00\x03\x072.\x03\x072\x08\x03\x06=\x01\x03\x06" +
+	"\x05\x1b\x03\x06\x06\x12\x03\x06$=\x03\x06'\x0d\x03\x04\x11\x0f\x03\x076" +
+	",\x03\x06\x07;\x03\x06.,\x03\x86\xf9\xea\x03\x8f\xff\xeb\x02\x092\x02" +
+	"\x095\x02\x094\x02\x09;\x02\x09>\x02\x098\x02\x09*\x02\x09/\x02\x09,\x02" +
+	"\x09%\x02\x09&\x02\x09#\x02\x09 \x02\x08!\x02\x08%\x02\x08$\x02\x08+\x02" +
+	"\x08.\x02\x08*\x02\x08&\x02\x088\x02\x08>\x02\x084\x02\x086\x02\x080\x02" +
+	"\x08\x10\x02\x08\x17\x02\x08\x12\x02\x08\x1d\x02\x08\x1f\x02\x08\x13\x02" +
+	"\x08\x15\x02\x08\x14\x02\x08\x0c\x03\x8b\xfd\xd0\x03\x81\xec\xc6\x03\x87" +
+	"\xe0\x8a\x03-2\xe3\x03\x80\xef\xe4\x03-2\xea\x03\x88\xe6\xeb\x03\x8e\xe6" +
+	"\xe8\x03\x84\xe6\xe9\x03\x97\xe6\xee\x03-2\xf9\x03-2\xf6\x03\x8e\xe3\xad" +
+	"\x03\x80\xe3\x92\x03\x88\xe3\x90\x03\x8e\xe3\x90\x03\x80\xe3\x97\x03\x88" +
+	"\xe3\x95\x03\x88\xfe\xcb\x03\x8e\xfe\xca\x03\x84\xfe\xcd\x03\x91\xef\xc9" +
+	"\x03-2\xc1\x03-2\xc0\x03-2\xcb\x03\x88@\x09\x03\x8e@\x08\x03\x8f\xe0\xf5" +
+	"\x03\x8e\xe6\xf9\x03\x8e\xe0\xfa\x03\x93\xff\xf4\x03\x84\xee\xd3\x03\x0b" +
+	"(\x04\x023 \x021;\x02\x01*\x03\x0b#\x10\x03\x0b 0\x03\x0b!\x10\x03\x0b!0" +
+	"\x03\x07\x15\x08\x03\x09?5\x03\x07\x1f\x08\x03\x07\x17\x0b\x03\x09\x1f" +
+	"\x15\x03\x0b\x1c7\x03\x0a+#\x03\x06\x1a\x1b\x03\x06\x1a\x14\x03\x0a\x01" +
+	"\x18\x03\x06#\x1b\x03\x0a2\x0c\x03\x0a\x01\x04\x03\x09#;\x03\x08='\x03" +
+	"\x08\x1a\x0a\x03\x07</\x03\x07:+\x03\x07\x07*\x03\x06&\x1c\x03\x09\x0c" +
+	"\x16\x03\x09\x10\x0e\x03\x08'\x0f\x03\x08+\x09\x03\x074%\x03\x06!3\x03" +
+	"\x06\x03+\x03\x0b\x1e\x19\x03\x0a))\x03\x09\x08\x19\x03\x08,\x05\x03\x07" +
+	"<2\x03\x06\x1c>\x03\x0a\x111\x03\x09\x1b\x09\x03\x073.\x03\x07\x01\x00" +
+	"\x03\x09/,\x03\x07#>\x03\x07\x048\x03\x0a\x1f\x22\x03\x098>\x03\x09\x11" +
+	"\x00\x03\x08/\x17\x03\x06'\x22\x03\x0b\x1a+\x03\x0a\x22\x19\x03\x0a/1" +
+	"\x03\x0974\x03\x09\x0f\x22\x03\x08,\x22\x03\x08?\x14\x03\x07$5\x03\x07<3" +
+	"\x03\x07=*\x03\x07\x13\x18\x03\x068\x0a\x03\x06\x09\x16\x03\x06\x13\x00" +
+	"\x03\x08\x067\x03\x08\x01\x03\x03\x08\x12\x1d\x03\x07+7\x03\x06(;\x03" +
+	"\x06\x1c?\x03\x07\x0e\x17\x03\x0a\x06\x1d\x03\x0a\x19\x07\x03\x08\x14$" +
+	"\x03\x07$;\x03\x08,$\x03\x08\x06\x0d\x03\x07\x16\x0a\x03\x06>>\x03\x0a" +
+	"\x06\x12\x03\x0a\x14)\x03\x09\x0d\x1f\x03\x09\x12\x17\x03\x09\x19\x01" +
+	"\x03\x08\x11 \x03\x08\x1d'\x03\x06<\x1a\x03\x0a.\x00\x03\x07'\x18\x03" +
+	"\x0a\x22\x08\x03\x08\x0d\x0a\x03\x08\x13)\x03\x07*)\x03\x06<,\x03\x07" +
+	"\x0b\x1a\x03\x09.\x14\x03\x09\x0d\x1e\x03\x07\x0e#\x03\x0b\x1d'\x03\x0a" +
+	"\x0a8\x03\x09%2\x03\x08+&\x03\x080\x12\x03\x0a)4\x03\x08\x06\x1f\x03\x0b" +
+	"\x1b\x1a\x03\x0a\x1b\x0f\x03\x0b\x1d*\x03\x09\x16$\x03\x090\x11\x03\x08" +
+	"\x11\x08\x03\x0a*(\x03\x0a\x042\x03\x089,\x03\x074'\x03\x07\x0f\x05\x03" +
+	"\x09\x0b\x0a\x03\x07\x1b\x01\x03\x09\x17:\x03\x09.\x0d\x03\x07.\x11\x03" +
+	"\x09+\x15\x03\x080\x13\x03\x0b\x1f\x19\x03\x0a \x11\x03\x0a\x220\x03\x09" +
+	"\x07;\x03\x08\x16\x1c\x03\x07,\x13\x03\x07\x0e/\x03\x06\x221\x03\x0a." +
+	"\x0a\x03\x0a7\x02\x03\x0a\x032\x03\x0a\x1d.\x03\x091\x06\x03\x09\x19:" +
+	"\x03\x08\x02/\x03\x060+\x03\x06\x0f-\x03\x06\x1c\x1f\x03\x06\x1d\x07\x03" +
+	"\x0a,\x11\x03\x09=\x0d\x03\x09\x0b;\x03\x07\x1b/\x03\x0a\x1f:\x03\x09 " +
+	"\x1f\x03\x09.\x10\x03\x094\x0b\x03\x09\x1a1\x03\x08#\x1a\x03\x084\x1d" +
+	"\x03\x08\x01\x1f\x03\x08\x11\x22\x03\x07'8\x03\x07\x1a>\x03\x0757\x03" +
+	"\x06&9\x03\x06+\x11\x03\x0a.\x0b\x03\x0a,>\x03\x0a4#\x03\x08%\x17\x03" +
+	"\x07\x05\x22\x03\x07\x0c\x0b\x03\x0a\x1d+\x03\x0a\x19\x16\x03\x09+\x1f" +
+	"\x03\x09\x08\x0b\x03\x08\x16\x18\x03\x08+\x12\x03\x0b\x1d\x0c\x03\x0a=" +
+	"\x10\x03\x0a\x09\x0d\x03\x0a\x10\x11\x03\x09&0\x03\x08(\x1f\x03\x087\x07" +
+	"\x03\x08\x185\x03\x07'6\x03\x06.\x05\x03\x06=\x04\x03\x06;;\x03\x06\x06," +
+	"\x03\x0b\x18>\x03\x08\x00\x18\x03\x06 \x03\x03\x06<\x00\x03\x09%\x18\x03" +
+	"\x0b\x1c<\x03\x0a%!\x03\x0a\x09\x12\x03\x0a\x16\x02\x03\x090'\x03\x09" +
+	"\x0e=\x03\x08 \x0e\x03\x08>\x03\x03\x074>\x03\x06&?\x03\x06\x19\x09\x03" +
+	"\x06?(\x03\x0a-\x0e\x03\x09:3\x03\x098:\x03\x09\x12\x0b\x03\x09\x1d\x17" +
+	"\x03\x087\x05\x03\x082\x14\x03\x08\x06%\x03\x08\x13\x1f\x03\x06\x06\x0e" +
+	"\x03\x0a\x22<\x03\x09/<\x03\x06>+\x03\x0a'?\x03\x0a\x13\x0c\x03\x09\x10<" +
+	"\x03\x07\x1b=\x03\x0a\x19\x13\x03\x09\x22\x1d\x03\x09\x07\x0d\x03\x08)" +
+	"\x1c\x03\x06=\x1a\x03\x0a/4\x03\x0a7\x11\x03\x0a\x16:\x03\x09?3\x03\x09:" +
+	"/\x03\x09\x05\x0a\x03\x09\x14\x06\x03\x087\x22\x03\x080\x07\x03\x08\x1a" +
+	"\x1f\x03\x07\x04(\x03\x07\x04\x09\x03\x06 %\x03\x06<\x08\x03\x0a+\x14" +
+	"\x03\x09\x1d\x16\x03\x0a70\x03\x08 >\x03\x0857\x03\x070\x0a\x03\x06=\x12" +
+	"\x03\x06\x16%\x03\x06\x1d,\x03\x099#\x03\x09\x10>\x03\x07 \x1e\x03\x08" +
+	"\x0c<\x03\x08\x0b\x18\x03\x08\x15+\x03\x08,:\x03\x08%\x22\x03\x07\x0a$" +
+	"\x03\x0b\x1c=\x03\x07+\x08\x03\x0a/\x05\x03\x0a \x07\x03\x0a\x12'\x03" +
+	"\x09#\x11\x03\x08\x1b\x15\x03\x0a\x06\x01\x03\x09\x1c\x1b\x03\x0922\x03" +
+	"\x07\x14<\x03\x07\x09\x04\x03\x061\x04\x03\x07\x0e\x01\x03\x0a\x13\x18" +
+	"\x03\x0a-\x0c\x03\x0a?\x0d\x03\x0a\x09\x0a\x03\x091&\x03\x0a/\x0b\x03" +
+	"\x08$<\x03\x083\x1d\x03\x08\x0c$\x03\x08\x0d\x07\x03\x08\x0d?\x03\x08" +
+	"\x0e\x14\x03\x065\x0a\x03\x08\x1a#\x03\x08\x16#\x03\x0702\x03\x07\x03" +
+	"\x1a\x03\x06(\x1d\x03\x06+\x1b\x03\x06\x0b\x05\x03\x06\x0b\x17\x03\x06" +
+	"\x0c\x04\x03\x06\x1e\x19\x03\x06+0\x03\x062\x18\x03\x0b\x16\x1e\x03\x0a+" +
+	"\x16\x03\x0a-?\x03\x0a#:\x03\x0a#\x10\x03\x0a%$\x03\x0a>+\x03\x0a01\x03" +
+	"\x0a1\x10\x03\x0a\x099\x03\x0a\x0a\x12\x03\x0a\x19\x1f\x03\x0a\x19\x12" +
+	"\x03\x09*)\x03\x09-\x16\x03\x09.1\x03\x09.2\x03\x09<\x0e\x03\x09> \x03" +
+	"\x093\x12\x03\x09\x0b\x01\x03\x09\x1c2\x03\x09\x11\x1c\x03\x09\x15%\x03" +
+	"\x08,&\x03\x08!\x22\x03\x089(\x03\x08\x0b\x1a\x03\x08\x0d2\x03\x08\x0c" +
+	"\x04\x03\x08\x0c\x06\x03\x08\x0c\x1f\x03\x08\x0c\x0c\x03\x08\x0f\x1f\x03" +
+	"\x08\x0f\x1d\x03\x08\x00\x14\x03\x08\x03\x14\x03\x08\x06\x16\x03\x08\x1e" +
+	"#\x03\x08\x11\x11\x03\x08\x10\x18\x03\x08\x14(\x03\x07)\x1e\x03\x07.1" +
+	"\x03\x07 $\x03\x07 '\x03\x078\x08\x03\x07\x0d0\x03\x07\x0f7\x03\x07\x05#" +
+	"\x03\x07\x05\x1a\x03\x07\x1a7\x03\x07\x1d-\x03\x07\x17\x10\x03\x06)\x1f" +
+	"\x03\x062\x0b\x03\x066\x16\x03\x06\x09\x11\x03\x09(\x1e\x03\x07!5\x03" +
+	"\x0b\x11\x16\x03\x0a/\x04\x03\x0a,\x1a\x03\x0b\x173\x03\x0a,1\x03\x0a/5" +
+	"\x03\x0a\x221\x03\x0a\x22\x0d\x03\x0a?%\x03\x0a<,\x03\x0a?#\x03\x0a>\x19" +
+	"\x03\x0a\x08&\x03\x0a\x0b\x0e\x03\x0a\x0c:\x03\x0a\x0c+\x03\x0a\x03\x22" +
+	"\x03\x0a\x06)\x03\x0a\x11\x10\x03\x0a\x11\x1a\x03\x0a\x17-\x03\x0a\x14(" +
+	"\x03\x09)\x1e\x03\x09/\x09\x03\x09.\x00\x03\x09,\x07\x03\x09/*\x03\x09-9" +
+	"\x03\x09\x228\x03\x09%\x09\x03\x09:\x12\x03\x09;\x1d\x03\x09?\x06\x03" +
+	"\x093%\x03\x096\x05\x03\x096\x08\x03\x097\x02\x03\x09\x07,\x03\x09\x04," +
+	"\x03\x09\x1f\x16\x03\x09\x11\x03\x03\x09\x11\x12\x03\x09\x168\x03\x08*" +
+	"\x05\x03\x08/2\x03\x084:\x03\x08\x22+\x03\x08 0\x03\x08&\x0a\x03\x08;" +
+	"\x10\x03\x08>$\x03\x08>\x18\x03\x0829\x03\x082:\x03\x081,\x03\x081<\x03" +
+	"\x081\x1c\x03\x087#\x03\x087*\x03\x08\x09'\x03\x08\x00\x1d\x03\x08\x05-" +
+	"\x03\x08\x1f4\x03\x08\x1d\x04\x03\x08\x16\x0f\x03\x07*7\x03\x07'!\x03" +
+	"\x07%\x1b\x03\x077\x0c\x03\x07\x0c1\x03\x07\x0c.\x03\x07\x00\x06\x03\x07" +
+	"\x01\x02\x03\x07\x010\x03\x07\x06=\x03\x07\x01\x03\x03\x07\x01\x13\x03" +
+	"\x07\x06\x06\x03\x07\x05\x0a\x03\x07\x1f\x09\x03\x07\x17:\x03\x06*1\x03" +
+	"\x06-\x1d\x03\x06\x223\x03\x062:\x03\x060$\x03\x066\x1e\x03\x064\x12\x03" +
+	"\x0645\x03\x06\x0b\x00\x03\x06\x0b7\x03\x06\x07\x1f\x03\x06\x15\x12\x03" +
+	"\x0c\x05\x0f\x03\x0b+\x0b\x03\x0b+-\x03\x06\x16\x1b\x03\x06\x15\x17\x03" +
+	"\x89\xca\xea\x03\x89\xca\xe8\x03\x0c8\x10\x03\x0c8\x01\x03\x0c8\x0f\x03" +
+	"\x0d8%\x03\x0d8!\x03\x0c8-\x03\x0c8/\x03\x0c8+\x03\x0c87\x03\x0c85\x03" +
+	"\x0c9\x09\x03\x0c9\x0d\x03\x0c9\x0f\x03\x0c9\x0b\x03\xcfu\x0c\x03\xcfu" +
+	"\x0f\x03\xcfu\x0e\x03\xcfu\x09\x03\x0c9\x10\x03\x0d9\x0c\x03\xcf`;\x03" +
+	"\xcf`>\x03\xcf`9\x03\xcf`8\x03\xcf`7\x03\xcf`*\x03\xcf`-\x03\xcf`,\x03" +
+	"\x0d\x1b\x1a\x03\x0d\x1b&\x03\x0c=.\x03\x0c=%\x03\x0c>\x1e\x03\x0c>\x14" +
+	"\x03\x0c?\x06\x03\x0c?\x0b\x03\x0c?\x0c\x03\x0c?\x0d\x03\x0c?\x02\x03" +
+	"\x0c>\x0f\x03\x0c>\x08\x03\x0c>\x09\x03\x0c>,\x03\x0c>\x0c\x03\x0c?\x13" +
+	"\x03\x0c?\x16\x03\x0c?\x15\x03\x0c?\x1c\x03\x0c?\x1f\x03\x0c?\x1d\x03" +
+	"\x0c?\x1a\x03\x0c?\x17\x03\x0c?\x08\x03\x0c?\x09\x03\x0c?\x0e\x03\x0c?" +
+	"\x04\x03\x0c?\x05\x03\x0c<?\x03\x0c=\x00\x03\x0c=\x06\x03\x0c=\x05\x03" +
+	"\x0c=\x0c\x03\x0c=\x0f\x03\x0c=\x0d\x03\x0c=\x0b\x03\x0c=\x07\x03\x0c=" +
+	"\x19\x03\x0c=\x15\x03\x0c=\x11\x03\x0c=1\x03\x0c=3\x03\x0c=0\x03\x0c=>" +
+	"\x03\x0c=2\x03\x0c=6\x03\x0c<\x07\x03\x0c<\x05\x03\x0e:!\x03\x0e:#\x03" +
+	"\x0e8\x09\x03\x0e:&\x03\x0e8\x0b\x03\x0e:$\x03\x0e:,\x03\x0e8\x1a\x03" +
+	"\x0e8\x1e\x03\x0e:*\x03\x0e:7\x03\x0e:5\x03\x0e:;\x03\x0e:\x15\x03\x0e:<" +
+	"\x03\x0e:4\x03\x0e:'\x03\x0e:-\x03\x0e:%\x03\x0e:?\x03\x0e:=\x03\x0e:)" +
+	"\x03\x0e:/\x03\xcfs'\x03\x0d=\x0f\x03\x0d+*\x03\x0d99\x03\x0d9;\x03\x0d9" +
+	"?\x03\x0d)\x0d\x03\x0d(%\x02\x01\x18\x02\x01(\x02\x01\x1e\x03\x0f$!\x03" +
+	"\x0f87\x03\x0f4\x0e\x03\x0f5\x1d\x03\x06'\x03\x03\x0f\x08\x18\x03\x0f" +
+	"\x0d\x1b\x03\x0e2=\x03\x0e;\x08\x03\x0e:\x0b\x03\x0e\x06$\x03\x0e\x0d)" +
+	"\x03\x0e\x16\x1f\x03\x0e\x16\x1b\x03\x0d$\x0a\x03\x05,\x1d\x03\x0d. \x03" +
+	"\x0d.#\x03\x0c(/\x03\x09%\x02\x03\x0d90\x03\x0d\x0e4\x03\x0d\x0d\x0f\x03" +
+	"\x0c#\x00\x03\x0c,\x1e\x03\x0c2\x0e\x03\x0c\x01\x17\x03\x0c\x09:\x03\x0e" +
+	"\x173\x03\x0c\x08\x03\x03\x0c\x11\x07\x03\x0c\x10\x18\x03\x0c\x1f\x1c" +
+	"\x03\x0c\x19\x0e\x03\x0c\x1a\x1f\x03\x0f0>\x03\x0b->\x03\x0b<+\x03\x0b8" +
+	"\x13\x03\x0b\x043\x03\x0b\x14\x03\x03\x0b\x16%\x03\x0d\x22&\x03\x0b\x1a" +
+	"\x1a\x03\x0b\x1a\x04\x03\x0a%9\x03\x0a&2\x03\x0a&0\x03\x0a!\x1a\x03\x0a!" +
+	"7\x03\x0a5\x10\x03\x0a=4\x03\x0a?\x0e\x03\x0a>\x10\x03\x0a\x00 \x03\x0a" +
+	"\x0f:\x03\x0a\x0f9\x03\x0a\x0b\x0a\x03\x0a\x17%\x03\x0a\x1b-\x03\x09-" +
+	"\x1a\x03\x09,4\x03\x09.,\x03\x09)\x09\x03\x096!\x03\x091\x1f\x03\x093" +
+	"\x16\x03\x0c+\x1f\x03\x098 \x03\x098=\x03\x0c(\x1a\x03\x0c(\x16\x03\x09" +
+	"\x0a+\x03\x09\x16\x12\x03\x09\x13\x0e\x03\x09\x153\x03\x08)!\x03\x09\x1a" +
+	"\x01\x03\x09\x18\x01\x03\x08%#\x03\x08>\x22\x03\x08\x05%\x03\x08\x02*" +
+	"\x03\x08\x15;\x03\x08\x1b7\x03\x0f\x07\x1d\x03\x0f\x04\x03\x03\x070\x0c" +
+	"\x03\x07;\x0b\x03\x07\x08\x17\x03\x07\x12\x06\x03\x06/-\x03\x0671\x03" +
+	"\x065+\x03\x06>7\x03\x06\x049\x03\x05+\x1e\x03\x05,\x17\x03\x05 \x1d\x03" +
+	"\x05\x22\x05\x03\x050\x1d"
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *idnaTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return idnaValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := idnaIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = idnaIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = idnaIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *idnaTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return idnaValues[c0]
+	}
+	i := idnaIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = idnaIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// idnaTrie. Total size: 28600 bytes (27.93 KiB). Checksum: 95575047b5d8fff.
+type idnaTrie struct{}
+
+func newIdnaTrie(i int) *idnaTrie {
+	return &idnaTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *idnaTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 124:
+		return uint16(idnaValues[n<<6+uint32(b)])
+	default:
+		n -= 124
+		return uint16(idnaSparse.lookup(n, b))
+	}
+}
+
+// idnaValues: 126 blocks, 8064 entries, 16128 bytes
+// The third block is the zero block.
+var idnaValues = [8064]uint16{
+	// Block 0x0, offset 0x0
+	0x00: 0x0080, 0x01: 0x0080, 0x02: 0x0080, 0x03: 0x0080, 0x04: 0x0080, 0x05: 0x0080,
+	0x06: 0x0080, 0x07: 0x0080, 0x08: 0x0080, 0x09: 0x0080, 0x0a: 0x0080, 0x0b: 0x0080,
+	0x0c: 0x0080, 0x0d: 0x0080, 0x0e: 0x0080, 0x0f: 0x0080, 0x10: 0x0080, 0x11: 0x0080,
+	0x12: 0x0080, 0x13: 0x0080, 0x14: 0x0080, 0x15: 0x0080, 0x16: 0x0080, 0x17: 0x0080,
+	0x18: 0x0080, 0x19: 0x0080, 0x1a: 0x0080, 0x1b: 0x0080, 0x1c: 0x0080, 0x1d: 0x0080,
+	0x1e: 0x0080, 0x1f: 0x0080, 0x20: 0x0080, 0x21: 0x0080, 0x22: 0x0080, 0x23: 0x0080,
+	0x24: 0x0080, 0x25: 0x0080, 0x26: 0x0080, 0x27: 0x0080, 0x28: 0x0080, 0x29: 0x0080,
+	0x2a: 0x0080, 0x2b: 0x0080, 0x2c: 0x0080, 0x2d: 0x0008, 0x2e: 0x0008, 0x2f: 0x0080,
+	0x30: 0x0008, 0x31: 0x0008, 0x32: 0x0008, 0x33: 0x0008, 0x34: 0x0008, 0x35: 0x0008,
+	0x36: 0x0008, 0x37: 0x0008, 0x38: 0x0008, 0x39: 0x0008, 0x3a: 0x0080, 0x3b: 0x0080,
+	0x3c: 0x0080, 0x3d: 0x0080, 0x3e: 0x0080, 0x3f: 0x0080,
+	// Block 0x1, offset 0x40
+	0x40: 0x0080, 0x41: 0xe105, 0x42: 0xe105, 0x43: 0xe105, 0x44: 0xe105, 0x45: 0xe105,
+	0x46: 0xe105, 0x47: 0xe105, 0x48: 0xe105, 0x49: 0xe105, 0x4a: 0xe105, 0x4b: 0xe105,
+	0x4c: 0xe105, 0x4d: 0xe105, 0x4e: 0xe105, 0x4f: 0xe105, 0x50: 0xe105, 0x51: 0xe105,
+	0x52: 0xe105, 0x53: 0xe105, 0x54: 0xe105, 0x55: 0xe105, 0x56: 0xe105, 0x57: 0xe105,
+	0x58: 0xe105, 0x59: 0xe105, 0x5a: 0xe105, 0x5b: 0x0080, 0x5c: 0x0080, 0x5d: 0x0080,
+	0x5e: 0x0080, 0x5f: 0x0080, 0x60: 0x0080, 0x61: 0x0008, 0x62: 0x0008, 0x63: 0x0008,
+	0x64: 0x0008, 0x65: 0x0008, 0x66: 0x0008, 0x67: 0x0008, 0x68: 0x0008, 0x69: 0x0008,
+	0x6a: 0x0008, 0x6b: 0x0008, 0x6c: 0x0008, 0x6d: 0x0008, 0x6e: 0x0008, 0x6f: 0x0008,
+	0x70: 0x0008, 0x71: 0x0008, 0x72: 0x0008, 0x73: 0x0008, 0x74: 0x0008, 0x75: 0x0008,
+	0x76: 0x0008, 0x77: 0x0008, 0x78: 0x0008, 0x79: 0x0008, 0x7a: 0x0008, 0x7b: 0x0080,
+	0x7c: 0x0080, 0x7d: 0x0080, 0x7e: 0x0080, 0x7f: 0x0080,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x0040, 0xc1: 0x0040, 0xc2: 0x0040, 0xc3: 0x0040, 0xc4: 0x0040, 0xc5: 0x0040,
+	0xc6: 0x0040, 0xc7: 0x0040, 0xc8: 0x0040, 0xc9: 0x0040, 0xca: 0x0040, 0xcb: 0x0040,
+	0xcc: 0x0040, 0xcd: 0x0040, 0xce: 0x0040, 0xcf: 0x0040, 0xd0: 0x0040, 0xd1: 0x0040,
+	0xd2: 0x0040, 0xd3: 0x0040, 0xd4: 0x0040, 0xd5: 0x0040, 0xd6: 0x0040, 0xd7: 0x0040,
+	0xd8: 0x0040, 0xd9: 0x0040, 0xda: 0x0040, 0xdb: 0x0040, 0xdc: 0x0040, 0xdd: 0x0040,
+	0xde: 0x0040, 0xdf: 0x0040, 0xe0: 0x000a, 0xe1: 0x0018, 0xe2: 0x0018, 0xe3: 0x0018,
+	0xe4: 0x0018, 0xe5: 0x0018, 0xe6: 0x0018, 0xe7: 0x0018, 0xe8: 0x001a, 0xe9: 0x0018,
+	0xea: 0x0039, 0xeb: 0x0018, 0xec: 0x0018, 0xed: 0x03c0, 0xee: 0x0018, 0xef: 0x004a,
+	0xf0: 0x0018, 0xf1: 0x0018, 0xf2: 0x0069, 0xf3: 0x0079, 0xf4: 0x008a, 0xf5: 0x0005,
+	0xf6: 0x0018, 0xf7: 0x0008, 0xf8: 0x00aa, 0xf9: 0x00c9, 0xfa: 0x00d9, 0xfb: 0x0018,
+	0xfc: 0x00e9, 0xfd: 0x0119, 0xfe: 0x0149, 0xff: 0x0018,
+	// Block 0x4, offset 0x100
+	0x100: 0xe00d, 0x101: 0x0008, 0x102: 0xe00d, 0x103: 0x0008, 0x104: 0xe00d, 0x105: 0x0008,
+	0x106: 0xe00d, 0x107: 0x0008, 0x108: 0xe00d, 0x109: 0x0008, 0x10a: 0xe00d, 0x10b: 0x0008,
+	0x10c: 0xe00d, 0x10d: 0x0008, 0x10e: 0xe00d, 0x10f: 0x0008, 0x110: 0xe00d, 0x111: 0x0008,
+	0x112: 0xe00d, 0x113: 0x0008, 0x114: 0xe00d, 0x115: 0x0008, 0x116: 0xe00d, 0x117: 0x0008,
+	0x118: 0xe00d, 0x119: 0x0008, 0x11a: 0xe00d, 0x11b: 0x0008, 0x11c: 0xe00d, 0x11d: 0x0008,
+	0x11e: 0xe00d, 0x11f: 0x0008, 0x120: 0xe00d, 0x121: 0x0008, 0x122: 0xe00d, 0x123: 0x0008,
+	0x124: 0xe00d, 0x125: 0x0008, 0x126: 0xe00d, 0x127: 0x0008, 0x128: 0xe00d, 0x129: 0x0008,
+	0x12a: 0xe00d, 0x12b: 0x0008, 0x12c: 0xe00d, 0x12d: 0x0008, 0x12e: 0xe00d, 0x12f: 0x0008,
+	0x130: 0x0179, 0x131: 0x0008, 0x132: 0x0035, 0x133: 0x004d, 0x134: 0xe00d, 0x135: 0x0008,
+	0x136: 0xe00d, 0x137: 0x0008, 0x138: 0x0008, 0x139: 0xe01d, 0x13a: 0x0008, 0x13b: 0xe03d,
+	0x13c: 0x0008, 0x13d: 0xe01d, 0x13e: 0x0008, 0x13f: 0x0199,
+	// Block 0x5, offset 0x140
+	0x140: 0x0199, 0x141: 0xe01d, 0x142: 0x0008, 0x143: 0xe03d, 0x144: 0x0008, 0x145: 0xe01d,
+	0x146: 0x0008, 0x147: 0xe07d, 0x148: 0x0008, 0x149: 0x01b9, 0x14a: 0xe00d, 0x14b: 0x0008,
+	0x14c: 0xe00d, 0x14d: 0x0008, 0x14e: 0xe00d, 0x14f: 0x0008, 0x150: 0xe00d, 0x151: 0x0008,
+	0x152: 0xe00d, 0x153: 0x0008, 0x154: 0xe00d, 0x155: 0x0008, 0x156: 0xe00d, 0x157: 0x0008,
+	0x158: 0xe00d, 0x159: 0x0008, 0x15a: 0xe00d, 0x15b: 0x0008, 0x15c: 0xe00d, 0x15d: 0x0008,
+	0x15e: 0xe00d, 0x15f: 0x0008, 0x160: 0xe00d, 0x161: 0x0008, 0x162: 0xe00d, 0x163: 0x0008,
+	0x164: 0xe00d, 0x165: 0x0008, 0x166: 0xe00d, 0x167: 0x0008, 0x168: 0xe00d, 0x169: 0x0008,
+	0x16a: 0xe00d, 0x16b: 0x0008, 0x16c: 0xe00d, 0x16d: 0x0008, 0x16e: 0xe00d, 0x16f: 0x0008,
+	0x170: 0xe00d, 0x171: 0x0008, 0x172: 0xe00d, 0x173: 0x0008, 0x174: 0xe00d, 0x175: 0x0008,
+	0x176: 0xe00d, 0x177: 0x0008, 0x178: 0x0065, 0x179: 0xe01d, 0x17a: 0x0008, 0x17b: 0xe03d,
+	0x17c: 0x0008, 0x17d: 0xe01d, 0x17e: 0x0008, 0x17f: 0x01d9,
+	// Block 0x6, offset 0x180
+	0x180: 0x0008, 0x181: 0x007d, 0x182: 0xe00d, 0x183: 0x0008, 0x184: 0xe00d, 0x185: 0x0008,
+	0x186: 0x007d, 0x187: 0xe07d, 0x188: 0x0008, 0x189: 0x0095, 0x18a: 0x00ad, 0x18b: 0xe03d,
+	0x18c: 0x0008, 0x18d: 0x0008, 0x18e: 0x00c5, 0x18f: 0x00dd, 0x190: 0x00f5, 0x191: 0xe01d,
+	0x192: 0x0008, 0x193: 0x010d, 0x194: 0x0125, 0x195: 0x0008, 0x196: 0x013d, 0x197: 0x013d,
+	0x198: 0xe00d, 0x199: 0x0008, 0x19a: 0x0008, 0x19b: 0x0008, 0x19c: 0x010d, 0x19d: 0x0155,
+	0x19e: 0x0008, 0x19f: 0x016d, 0x1a0: 0xe00d, 0x1a1: 0x0008, 0x1a2: 0xe00d, 0x1a3: 0x0008,
+	0x1a4: 0xe00d, 0x1a5: 0x0008, 0x1a6: 0x0185, 0x1a7: 0xe07d, 0x1a8: 0x0008, 0x1a9: 0x019d,
+	0x1aa: 0x0008, 0x1ab: 0x0008, 0x1ac: 0xe00d, 0x1ad: 0x0008, 0x1ae: 0x0185, 0x1af: 0xe0fd,
+	0x1b0: 0x0008, 0x1b1: 0x01b5, 0x1b2: 0x01cd, 0x1b3: 0xe03d, 0x1b4: 0x0008, 0x1b5: 0xe01d,
+	0x1b6: 0x0008, 0x1b7: 0x01e5, 0x1b8: 0xe00d, 0x1b9: 0x0008, 0x1ba: 0x0008, 0x1bb: 0x0008,
+	0x1bc: 0xe00d, 0x1bd: 0x0008, 0x1be: 0x0008, 0x1bf: 0x0008,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x0008, 0x1c1: 0x0008, 0x1c2: 0x0008, 0x1c3: 0x0008, 0x1c4: 0x01e9, 0x1c5: 0x01e9,
+	0x1c6: 0x01e9, 0x1c7: 0x01fd, 0x1c8: 0x0215, 0x1c9: 0x022d, 0x1ca: 0x0245, 0x1cb: 0x025d,
+	0x1cc: 0x0275, 0x1cd: 0xe01d, 0x1ce: 0x0008, 0x1cf: 0xe0fd, 0x1d0: 0x0008, 0x1d1: 0xe01d,
+	0x1d2: 0x0008, 0x1d3: 0xe03d, 0x1d4: 0x0008, 0x1d5: 0xe01d, 0x1d6: 0x0008, 0x1d7: 0xe07d,
+	0x1d8: 0x0008, 0x1d9: 0xe01d, 0x1da: 0x0008, 0x1db: 0xe03d, 0x1dc: 0x0008, 0x1dd: 0x0008,
+	0x1de: 0xe00d, 0x1df: 0x0008, 0x1e0: 0xe00d, 0x1e1: 0x0008, 0x1e2: 0xe00d, 0x1e3: 0x0008,
+	0x1e4: 0xe00d, 0x1e5: 0x0008, 0x1e6: 0xe00d, 0x1e7: 0x0008, 0x1e8: 0xe00d, 0x1e9: 0x0008,
+	0x1ea: 0xe00d, 0x1eb: 0x0008, 0x1ec: 0xe00d, 0x1ed: 0x0008, 0x1ee: 0xe00d, 0x1ef: 0x0008,
+	0x1f0: 0x0008, 0x1f1: 0x028d, 0x1f2: 0x02a5, 0x1f3: 0x02bd, 0x1f4: 0xe00d, 0x1f5: 0x0008,
+	0x1f6: 0x02d5, 0x1f7: 0x02ed, 0x1f8: 0xe00d, 0x1f9: 0x0008, 0x1fa: 0xe00d, 0x1fb: 0x0008,
+	0x1fc: 0xe00d, 0x1fd: 0x0008, 0x1fe: 0xe00d, 0x1ff: 0x0008,
+	// Block 0x8, offset 0x200
+	0x200: 0xe00d, 0x201: 0x0008, 0x202: 0xe00d, 0x203: 0x0008, 0x204: 0xe00d, 0x205: 0x0008,
+	0x206: 0xe00d, 0x207: 0x0008, 0x208: 0xe00d, 0x209: 0x0008, 0x20a: 0xe00d, 0x20b: 0x0008,
+	0x20c: 0xe00d, 0x20d: 0x0008, 0x20e: 0xe00d, 0x20f: 0x0008, 0x210: 0xe00d, 0x211: 0x0008,
+	0x212: 0xe00d, 0x213: 0x0008, 0x214: 0xe00d, 0x215: 0x0008, 0x216: 0xe00d, 0x217: 0x0008,
+	0x218: 0xe00d, 0x219: 0x0008, 0x21a: 0xe00d, 0x21b: 0x0008, 0x21c: 0xe00d, 0x21d: 0x0008,
+	0x21e: 0xe00d, 0x21f: 0x0008, 0x220: 0x0305, 0x221: 0x0008, 0x222: 0xe00d, 0x223: 0x0008,
+	0x224: 0xe00d, 0x225: 0x0008, 0x226: 0xe00d, 0x227: 0x0008, 0x228: 0xe00d, 0x229: 0x0008,
+	0x22a: 0xe00d, 0x22b: 0x0008, 0x22c: 0xe00d, 0x22d: 0x0008, 0x22e: 0xe00d, 0x22f: 0x0008,
+	0x230: 0xe00d, 0x231: 0x0008, 0x232: 0xe00d, 0x233: 0x0008, 0x234: 0x0008, 0x235: 0x0008,
+	0x236: 0x0008, 0x237: 0x0008, 0x238: 0x0008, 0x239: 0x0008, 0x23a: 0x0209, 0x23b: 0xe03d,
+	0x23c: 0x0008, 0x23d: 0x031d, 0x23e: 0x0229, 0x23f: 0x0008,
+	// Block 0x9, offset 0x240
+	0x240: 0x0008, 0x241: 0x0008, 0x242: 0x0018, 0x243: 0x0018, 0x244: 0x0018, 0x245: 0x0018,
+	0x246: 0x0008, 0x247: 0x0008, 0x248: 0x0008, 0x249: 0x0008, 0x24a: 0x0008, 0x24b: 0x0008,
+	0x24c: 0x0008, 0x24d: 0x0008, 0x24e: 0x0008, 0x24f: 0x0008, 0x250: 0x0008, 0x251: 0x0008,
+	0x252: 0x0018, 0x253: 0x0018, 0x254: 0x0018, 0x255: 0x0018, 0x256: 0x0018, 0x257: 0x0018,
+	0x258: 0x029a, 0x259: 0x02ba, 0x25a: 0x02da, 0x25b: 0x02fa, 0x25c: 0x031a, 0x25d: 0x033a,
+	0x25e: 0x0018, 0x25f: 0x0018, 0x260: 0x03ad, 0x261: 0x0359, 0x262: 0x01d9, 0x263: 0x0369,
+	0x264: 0x03c5, 0x265: 0x0018, 0x266: 0x0018, 0x267: 0x0018, 0x268: 0x0018, 0x269: 0x0018,
+	0x26a: 0x0018, 0x26b: 0x0018, 0x26c: 0x0008, 0x26d: 0x0018, 0x26e: 0x0008, 0x26f: 0x0018,
+	0x270: 0x0018, 0x271: 0x0018, 0x272: 0x0018, 0x273: 0x0018, 0x274: 0x0018, 0x275: 0x0018,
+	0x276: 0x0018, 0x277: 0x0018, 0x278: 0x0018, 0x279: 0x0018, 0x27a: 0x0018, 0x27b: 0x0018,
+	0x27c: 0x0018, 0x27d: 0x0018, 0x27e: 0x0018, 0x27f: 0x0018,
+	// Block 0xa, offset 0x280
+	0x280: 0x03dd, 0x281: 0x03dd, 0x282: 0x3308, 0x283: 0x03f5, 0x284: 0x0379, 0x285: 0x040d,
+	0x286: 0x3308, 0x287: 0x3308, 0x288: 0x3308, 0x289: 0x3308, 0x28a: 0x3308, 0x28b: 0x3308,
+	0x28c: 0x3308, 0x28d: 0x3308, 0x28e: 0x3308, 0x28f: 0x33c0, 0x290: 0x3308, 0x291: 0x3308,
+	0x292: 0x3308, 0x293: 0x3308, 0x294: 0x3308, 0x295: 0x3308, 0x296: 0x3308, 0x297: 0x3308,
+	0x298: 0x3308, 0x299: 0x3308, 0x29a: 0x3308, 0x29b: 0x3308, 0x29c: 0x3308, 0x29d: 0x3308,
+	0x29e: 0x3308, 0x29f: 0x3308, 0x2a0: 0x3308, 0x2a1: 0x3308, 0x2a2: 0x3308, 0x2a3: 0x3308,
+	0x2a4: 0x3308, 0x2a5: 0x3308, 0x2a6: 0x3308, 0x2a7: 0x3308, 0x2a8: 0x3308, 0x2a9: 0x3308,
+	0x2aa: 0x3308, 0x2ab: 0x3308, 0x2ac: 0x3308, 0x2ad: 0x3308, 0x2ae: 0x3308, 0x2af: 0x3308,
+	0x2b0: 0xe00d, 0x2b1: 0x0008, 0x2b2: 0xe00d, 0x2b3: 0x0008, 0x2b4: 0x0425, 0x2b5: 0x0008,
+	0x2b6: 0xe00d, 0x2b7: 0x0008, 0x2b8: 0x0040, 0x2b9: 0x0040, 0x2ba: 0x03a2, 0x2bb: 0x0008,
+	0x2bc: 0x0008, 0x2bd: 0x0008, 0x2be: 0x03c2, 0x2bf: 0x043d,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x0040, 0x2c1: 0x0040, 0x2c2: 0x0040, 0x2c3: 0x0040, 0x2c4: 0x008a, 0x2c5: 0x03d2,
+	0x2c6: 0xe155, 0x2c7: 0x0455, 0x2c8: 0xe12d, 0x2c9: 0xe13d, 0x2ca: 0xe12d, 0x2cb: 0x0040,
+	0x2cc: 0x03dd, 0x2cd: 0x0040, 0x2ce: 0x046d, 0x2cf: 0x0485, 0x2d0: 0x0008, 0x2d1: 0xe105,
+	0x2d2: 0xe105, 0x2d3: 0xe105, 0x2d4: 0xe105, 0x2d5: 0xe105, 0x2d6: 0xe105, 0x2d7: 0xe105,
+	0x2d8: 0xe105, 0x2d9: 0xe105, 0x2da: 0xe105, 0x2db: 0xe105, 0x2dc: 0xe105, 0x2dd: 0xe105,
+	0x2de: 0xe105, 0x2df: 0xe105, 0x2e0: 0x049d, 0x2e1: 0x049d, 0x2e2: 0x0040, 0x2e3: 0x049d,
+	0x2e4: 0x049d, 0x2e5: 0x049d, 0x2e6: 0x049d, 0x2e7: 0x049d, 0x2e8: 0x049d, 0x2e9: 0x049d,
+	0x2ea: 0x049d, 0x2eb: 0x049d, 0x2ec: 0x0008, 0x2ed: 0x0008, 0x2ee: 0x0008, 0x2ef: 0x0008,
+	0x2f0: 0x0008, 0x2f1: 0x0008, 0x2f2: 0x0008, 0x2f3: 0x0008, 0x2f4: 0x0008, 0x2f5: 0x0008,
+	0x2f6: 0x0008, 0x2f7: 0x0008, 0x2f8: 0x0008, 0x2f9: 0x0008, 0x2fa: 0x0008, 0x2fb: 0x0008,
+	0x2fc: 0x0008, 0x2fd: 0x0008, 0x2fe: 0x0008, 0x2ff: 0x0008,
+	// Block 0xc, offset 0x300
+	0x300: 0x0008, 0x301: 0x0008, 0x302: 0xe00f, 0x303: 0x0008, 0x304: 0x0008, 0x305: 0x0008,
+	0x306: 0x0008, 0x307: 0x0008, 0x308: 0x0008, 0x309: 0x0008, 0x30a: 0x0008, 0x30b: 0x0008,
+	0x30c: 0x0008, 0x30d: 0x0008, 0x30e: 0x0008, 0x30f: 0xe0c5, 0x310: 0x04b5, 0x311: 0x04cd,
+	0x312: 0xe0bd, 0x313: 0xe0f5, 0x314: 0xe0fd, 0x315: 0xe09d, 0x316: 0xe0b5, 0x317: 0x0008,
+	0x318: 0xe00d, 0x319: 0x0008, 0x31a: 0xe00d, 0x31b: 0x0008, 0x31c: 0xe00d, 0x31d: 0x0008,
+	0x31e: 0xe00d, 0x31f: 0x0008, 0x320: 0xe00d, 0x321: 0x0008, 0x322: 0xe00d, 0x323: 0x0008,
+	0x324: 0xe00d, 0x325: 0x0008, 0x326: 0xe00d, 0x327: 0x0008, 0x328: 0xe00d, 0x329: 0x0008,
+	0x32a: 0xe00d, 0x32b: 0x0008, 0x32c: 0xe00d, 0x32d: 0x0008, 0x32e: 0xe00d, 0x32f: 0x0008,
+	0x330: 0x04e5, 0x331: 0xe185, 0x332: 0xe18d, 0x333: 0x0008, 0x334: 0x04fd, 0x335: 0x03dd,
+	0x336: 0x0018, 0x337: 0xe07d, 0x338: 0x0008, 0x339: 0xe1d5, 0x33a: 0xe00d, 0x33b: 0x0008,
+	0x33c: 0x0008, 0x33d: 0x0515, 0x33e: 0x052d, 0x33f: 0x052d,
+	// Block 0xd, offset 0x340
+	0x340: 0x0008, 0x341: 0x0008, 0x342: 0x0008, 0x343: 0x0008, 0x344: 0x0008, 0x345: 0x0008,
+	0x346: 0x0008, 0x347: 0x0008, 0x348: 0x0008, 0x349: 0x0008, 0x34a: 0x0008, 0x34b: 0x0008,
+	0x34c: 0x0008, 0x34d: 0x0008, 0x34e: 0x0008, 0x34f: 0x0008, 0x350: 0x0008, 0x351: 0x0008,
+	0x352: 0x0008, 0x353: 0x0008, 0x354: 0x0008, 0x355: 0x0008, 0x356: 0x0008, 0x357: 0x0008,
+	0x358: 0x0008, 0x359: 0x0008, 0x35a: 0x0008, 0x35b: 0x0008, 0x35c: 0x0008, 0x35d: 0x0008,
+	0x35e: 0x0008, 0x35f: 0x0008, 0x360: 0xe00d, 0x361: 0x0008, 0x362: 0xe00d, 0x363: 0x0008,
+	0x364: 0xe00d, 0x365: 0x0008, 0x366: 0xe00d, 0x367: 0x0008, 0x368: 0xe00d, 0x369: 0x0008,
+	0x36a: 0xe00d, 0x36b: 0x0008, 0x36c: 0xe00d, 0x36d: 0x0008, 0x36e: 0xe00d, 0x36f: 0x0008,
+	0x370: 0xe00d, 0x371: 0x0008, 0x372: 0xe00d, 0x373: 0x0008, 0x374: 0xe00d, 0x375: 0x0008,
+	0x376: 0xe00d, 0x377: 0x0008, 0x378: 0xe00d, 0x379: 0x0008, 0x37a: 0xe00d, 0x37b: 0x0008,
+	0x37c: 0xe00d, 0x37d: 0x0008, 0x37e: 0xe00d, 0x37f: 0x0008,
+	// Block 0xe, offset 0x380
+	0x380: 0xe00d, 0x381: 0x0008, 0x382: 0x0018, 0x383: 0x3308, 0x384: 0x3308, 0x385: 0x3308,
+	0x386: 0x3308, 0x387: 0x3308, 0x388: 0x3318, 0x389: 0x3318, 0x38a: 0xe00d, 0x38b: 0x0008,
+	0x38c: 0xe00d, 0x38d: 0x0008, 0x38e: 0xe00d, 0x38f: 0x0008, 0x390: 0xe00d, 0x391: 0x0008,
+	0x392: 0xe00d, 0x393: 0x0008, 0x394: 0xe00d, 0x395: 0x0008, 0x396: 0xe00d, 0x397: 0x0008,
+	0x398: 0xe00d, 0x399: 0x0008, 0x39a: 0xe00d, 0x39b: 0x0008, 0x39c: 0xe00d, 0x39d: 0x0008,
+	0x39e: 0xe00d, 0x39f: 0x0008, 0x3a0: 0xe00d, 0x3a1: 0x0008, 0x3a2: 0xe00d, 0x3a3: 0x0008,
+	0x3a4: 0xe00d, 0x3a5: 0x0008, 0x3a6: 0xe00d, 0x3a7: 0x0008, 0x3a8: 0xe00d, 0x3a9: 0x0008,
+	0x3aa: 0xe00d, 0x3ab: 0x0008, 0x3ac: 0xe00d, 0x3ad: 0x0008, 0x3ae: 0xe00d, 0x3af: 0x0008,
+	0x3b0: 0xe00d, 0x3b1: 0x0008, 0x3b2: 0xe00d, 0x3b3: 0x0008, 0x3b4: 0xe00d, 0x3b5: 0x0008,
+	0x3b6: 0xe00d, 0x3b7: 0x0008, 0x3b8: 0xe00d, 0x3b9: 0x0008, 0x3ba: 0xe00d, 0x3bb: 0x0008,
+	0x3bc: 0xe00d, 0x3bd: 0x0008, 0x3be: 0xe00d, 0x3bf: 0x0008,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x0040, 0x3c1: 0xe01d, 0x3c2: 0x0008, 0x3c3: 0xe03d, 0x3c4: 0x0008, 0x3c5: 0xe01d,
+	0x3c6: 0x0008, 0x3c7: 0xe07d, 0x3c8: 0x0008, 0x3c9: 0xe01d, 0x3ca: 0x0008, 0x3cb: 0xe03d,
+	0x3cc: 0x0008, 0x3cd: 0xe01d, 0x3ce: 0x0008, 0x3cf: 0x0008, 0x3d0: 0xe00d, 0x3d1: 0x0008,
+	0x3d2: 0xe00d, 0x3d3: 0x0008, 0x3d4: 0xe00d, 0x3d5: 0x0008, 0x3d6: 0xe00d, 0x3d7: 0x0008,
+	0x3d8: 0xe00d, 0x3d9: 0x0008, 0x3da: 0xe00d, 0x3db: 0x0008, 0x3dc: 0xe00d, 0x3dd: 0x0008,
+	0x3de: 0xe00d, 0x3df: 0x0008, 0x3e0: 0xe00d, 0x3e1: 0x0008, 0x3e2: 0xe00d, 0x3e3: 0x0008,
+	0x3e4: 0xe00d, 0x3e5: 0x0008, 0x3e6: 0xe00d, 0x3e7: 0x0008, 0x3e8: 0xe00d, 0x3e9: 0x0008,
+	0x3ea: 0xe00d, 0x3eb: 0x0008, 0x3ec: 0xe00d, 0x3ed: 0x0008, 0x3ee: 0xe00d, 0x3ef: 0x0008,
+	0x3f0: 0xe00d, 0x3f1: 0x0008, 0x3f2: 0xe00d, 0x3f3: 0x0008, 0x3f4: 0xe00d, 0x3f5: 0x0008,
+	0x3f6: 0xe00d, 0x3f7: 0x0008, 0x3f8: 0xe00d, 0x3f9: 0x0008, 0x3fa: 0xe00d, 0x3fb: 0x0008,
+	0x3fc: 0xe00d, 0x3fd: 0x0008, 0x3fe: 0xe00d, 0x3ff: 0x0008,
+	// Block 0x10, offset 0x400
+	0x400: 0xe00d, 0x401: 0x0008, 0x402: 0xe00d, 0x403: 0x0008, 0x404: 0xe00d, 0x405: 0x0008,
+	0x406: 0xe00d, 0x407: 0x0008, 0x408: 0xe00d, 0x409: 0x0008, 0x40a: 0xe00d, 0x40b: 0x0008,
+	0x40c: 0xe00d, 0x40d: 0x0008, 0x40e: 0xe00d, 0x40f: 0x0008, 0x410: 0xe00d, 0x411: 0x0008,
+	0x412: 0xe00d, 0x413: 0x0008, 0x414: 0xe00d, 0x415: 0x0008, 0x416: 0xe00d, 0x417: 0x0008,
+	0x418: 0xe00d, 0x419: 0x0008, 0x41a: 0xe00d, 0x41b: 0x0008, 0x41c: 0xe00d, 0x41d: 0x0008,
+	0x41e: 0xe00d, 0x41f: 0x0008, 0x420: 0xe00d, 0x421: 0x0008, 0x422: 0xe00d, 0x423: 0x0008,
+	0x424: 0xe00d, 0x425: 0x0008, 0x426: 0xe00d, 0x427: 0x0008, 0x428: 0xe00d, 0x429: 0x0008,
+	0x42a: 0xe00d, 0x42b: 0x0008, 0x42c: 0xe00d, 0x42d: 0x0008, 0x42e: 0xe00d, 0x42f: 0x0008,
+	0x430: 0x0040, 0x431: 0x03f5, 0x432: 0x03f5, 0x433: 0x03f5, 0x434: 0x03f5, 0x435: 0x03f5,
+	0x436: 0x03f5, 0x437: 0x03f5, 0x438: 0x03f5, 0x439: 0x03f5, 0x43a: 0x03f5, 0x43b: 0x03f5,
+	0x43c: 0x03f5, 0x43d: 0x03f5, 0x43e: 0x03f5, 0x43f: 0x03f5,
+	// Block 0x11, offset 0x440
+	0x440: 0x0840, 0x441: 0x0840, 0x442: 0x0840, 0x443: 0x0840, 0x444: 0x0840, 0x445: 0x0840,
+	0x446: 0x0018, 0x447: 0x0018, 0x448: 0x0818, 0x449: 0x0018, 0x44a: 0x0018, 0x44b: 0x0818,
+	0x44c: 0x0018, 0x44d: 0x0818, 0x44e: 0x0018, 0x44f: 0x0018, 0x450: 0x3308, 0x451: 0x3308,
+	0x452: 0x3308, 0x453: 0x3308, 0x454: 0x3308, 0x455: 0x3308, 0x456: 0x3308, 0x457: 0x3308,
+	0x458: 0x3308, 0x459: 0x3308, 0x45a: 0x3308, 0x45b: 0x0818, 0x45c: 0x0b40, 0x45d: 0x0040,
+	0x45e: 0x0818, 0x45f: 0x0818, 0x460: 0x0a08, 0x461: 0x0808, 0x462: 0x0c08, 0x463: 0x0c08,
+	0x464: 0x0c08, 0x465: 0x0c08, 0x466: 0x0a08, 0x467: 0x0c08, 0x468: 0x0a08, 0x469: 0x0c08,
+	0x46a: 0x0a08, 0x46b: 0x0a08, 0x46c: 0x0a08, 0x46d: 0x0a08, 0x46e: 0x0a08, 0x46f: 0x0c08,
+	0x470: 0x0c08, 0x471: 0x0c08, 0x472: 0x0c08, 0x473: 0x0a08, 0x474: 0x0a08, 0x475: 0x0a08,
+	0x476: 0x0a08, 0x477: 0x0a08, 0x478: 0x0a08, 0x479: 0x0a08, 0x47a: 0x0a08, 0x47b: 0x0a08,
+	0x47c: 0x0a08, 0x47d: 0x0a08, 0x47e: 0x0a08, 0x47f: 0x0a08,
+	// Block 0x12, offset 0x480
+	0x480: 0x0818, 0x481: 0x0a08, 0x482: 0x0a08, 0x483: 0x0a08, 0x484: 0x0a08, 0x485: 0x0a08,
+	0x486: 0x0a08, 0x487: 0x0a08, 0x488: 0x0c08, 0x489: 0x0a08, 0x48a: 0x0a08, 0x48b: 0x3308,
+	0x48c: 0x3308, 0x48d: 0x3308, 0x48e: 0x3308, 0x48f: 0x3308, 0x490: 0x3308, 0x491: 0x3308,
+	0x492: 0x3308, 0x493: 0x3308, 0x494: 0x3308, 0x495: 0x3308, 0x496: 0x3308, 0x497: 0x3308,
+	0x498: 0x3308, 0x499: 0x3308, 0x49a: 0x3308, 0x49b: 0x3308, 0x49c: 0x3308, 0x49d: 0x3308,
+	0x49e: 0x3308, 0x49f: 0x3308, 0x4a0: 0x0808, 0x4a1: 0x0808, 0x4a2: 0x0808, 0x4a3: 0x0808,
+	0x4a4: 0x0808, 0x4a5: 0x0808, 0x4a6: 0x0808, 0x4a7: 0x0808, 0x4a8: 0x0808, 0x4a9: 0x0808,
+	0x4aa: 0x0018, 0x4ab: 0x0818, 0x4ac: 0x0818, 0x4ad: 0x0818, 0x4ae: 0x0a08, 0x4af: 0x0a08,
+	0x4b0: 0x3308, 0x4b1: 0x0c08, 0x4b2: 0x0c08, 0x4b3: 0x0c08, 0x4b4: 0x0808, 0x4b5: 0x0429,
+	0x4b6: 0x0451, 0x4b7: 0x0479, 0x4b8: 0x04a1, 0x4b9: 0x0a08, 0x4ba: 0x0a08, 0x4bb: 0x0a08,
+	0x4bc: 0x0a08, 0x4bd: 0x0a08, 0x4be: 0x0a08, 0x4bf: 0x0a08,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x0c08, 0x4c1: 0x0a08, 0x4c2: 0x0a08, 0x4c3: 0x0c08, 0x4c4: 0x0c08, 0x4c5: 0x0c08,
+	0x4c6: 0x0c08, 0x4c7: 0x0c08, 0x4c8: 0x0c08, 0x4c9: 0x0c08, 0x4ca: 0x0c08, 0x4cb: 0x0c08,
+	0x4cc: 0x0a08, 0x4cd: 0x0c08, 0x4ce: 0x0a08, 0x4cf: 0x0c08, 0x4d0: 0x0a08, 0x4d1: 0x0a08,
+	0x4d2: 0x0c08, 0x4d3: 0x0c08, 0x4d4: 0x0818, 0x4d5: 0x0c08, 0x4d6: 0x3308, 0x4d7: 0x3308,
+	0x4d8: 0x3308, 0x4d9: 0x3308, 0x4da: 0x3308, 0x4db: 0x3308, 0x4dc: 0x3308, 0x4dd: 0x0840,
+	0x4de: 0x0018, 0x4df: 0x3308, 0x4e0: 0x3308, 0x4e1: 0x3308, 0x4e2: 0x3308, 0x4e3: 0x3308,
+	0x4e4: 0x3308, 0x4e5: 0x0808, 0x4e6: 0x0808, 0x4e7: 0x3308, 0x4e8: 0x3308, 0x4e9: 0x0018,
+	0x4ea: 0x3308, 0x4eb: 0x3308, 0x4ec: 0x3308, 0x4ed: 0x3308, 0x4ee: 0x0c08, 0x4ef: 0x0c08,
+	0x4f0: 0x0008, 0x4f1: 0x0008, 0x4f2: 0x0008, 0x4f3: 0x0008, 0x4f4: 0x0008, 0x4f5: 0x0008,
+	0x4f6: 0x0008, 0x4f7: 0x0008, 0x4f8: 0x0008, 0x4f9: 0x0008, 0x4fa: 0x0a08, 0x4fb: 0x0a08,
+	0x4fc: 0x0a08, 0x4fd: 0x0808, 0x4fe: 0x0808, 0x4ff: 0x0a08,
+	// Block 0x14, offset 0x500
+	0x500: 0x0818, 0x501: 0x0818, 0x502: 0x0818, 0x503: 0x0818, 0x504: 0x0818, 0x505: 0x0818,
+	0x506: 0x0818, 0x507: 0x0818, 0x508: 0x0818, 0x509: 0x0818, 0x50a: 0x0818, 0x50b: 0x0818,
+	0x50c: 0x0818, 0x50d: 0x0818, 0x50e: 0x0040, 0x50f: 0x0b40, 0x510: 0x0c08, 0x511: 0x3308,
+	0x512: 0x0a08, 0x513: 0x0a08, 0x514: 0x0a08, 0x515: 0x0c08, 0x516: 0x0c08, 0x517: 0x0c08,
+	0x518: 0x0c08, 0x519: 0x0c08, 0x51a: 0x0a08, 0x51b: 0x0a08, 0x51c: 0x0a08, 0x51d: 0x0a08,
+	0x51e: 0x0c08, 0x51f: 0x0a08, 0x520: 0x0a08, 0x521: 0x0a08, 0x522: 0x0a08, 0x523: 0x0a08,
+	0x524: 0x0a08, 0x525: 0x0a08, 0x526: 0x0a08, 0x527: 0x0a08, 0x528: 0x0c08, 0x529: 0x0a08,
+	0x52a: 0x0c08, 0x52b: 0x0a08, 0x52c: 0x0c08, 0x52d: 0x0a08, 0x52e: 0x0a08, 0x52f: 0x0c08,
+	0x530: 0x3308, 0x531: 0x3308, 0x532: 0x3308, 0x533: 0x3308, 0x534: 0x3308, 0x535: 0x3308,
+	0x536: 0x3308, 0x537: 0x3308, 0x538: 0x3308, 0x539: 0x3308, 0x53a: 0x3308, 0x53b: 0x3308,
+	0x53c: 0x3308, 0x53d: 0x3308, 0x53e: 0x3308, 0x53f: 0x3308,
+	// Block 0x15, offset 0x540
+	0x540: 0x3008, 0x541: 0x3308, 0x542: 0x3308, 0x543: 0x3308, 0x544: 0x3308, 0x545: 0x3308,
+	0x546: 0x3308, 0x547: 0x3308, 0x548: 0x3308, 0x549: 0x3008, 0x54a: 0x3008, 0x54b: 0x3008,
+	0x54c: 0x3008, 0x54d: 0x3b08, 0x54e: 0x3008, 0x54f: 0x3008, 0x550: 0x0008, 0x551: 0x3308,
+	0x552: 0x3308, 0x553: 0x3308, 0x554: 0x3308, 0x555: 0x3308, 0x556: 0x3308, 0x557: 0x3308,
+	0x558: 0x04c9, 0x559: 0x0501, 0x55a: 0x0539, 0x55b: 0x0571, 0x55c: 0x05a9, 0x55d: 0x05e1,
+	0x55e: 0x0619, 0x55f: 0x0651, 0x560: 0x0008, 0x561: 0x0008, 0x562: 0x3308, 0x563: 0x3308,
+	0x564: 0x0018, 0x565: 0x0018, 0x566: 0x0008, 0x567: 0x0008, 0x568: 0x0008, 0x569: 0x0008,
+	0x56a: 0x0008, 0x56b: 0x0008, 0x56c: 0x0008, 0x56d: 0x0008, 0x56e: 0x0008, 0x56f: 0x0008,
+	0x570: 0x0018, 0x571: 0x0008, 0x572: 0x0008, 0x573: 0x0008, 0x574: 0x0008, 0x575: 0x0008,
+	0x576: 0x0008, 0x577: 0x0008, 0x578: 0x0008, 0x579: 0x0008, 0x57a: 0x0008, 0x57b: 0x0008,
+	0x57c: 0x0008, 0x57d: 0x0008, 0x57e: 0x0008, 0x57f: 0x0008,
+	// Block 0x16, offset 0x580
+	0x580: 0x0008, 0x581: 0x3308, 0x582: 0x3008, 0x583: 0x3008, 0x584: 0x0040, 0x585: 0x0008,
+	0x586: 0x0008, 0x587: 0x0008, 0x588: 0x0008, 0x589: 0x0008, 0x58a: 0x0008, 0x58b: 0x0008,
+	0x58c: 0x0008, 0x58d: 0x0040, 0x58e: 0x0040, 0x58f: 0x0008, 0x590: 0x0008, 0x591: 0x0040,
+	0x592: 0x0040, 0x593: 0x0008, 0x594: 0x0008, 0x595: 0x0008, 0x596: 0x0008, 0x597: 0x0008,
+	0x598: 0x0008, 0x599: 0x0008, 0x59a: 0x0008, 0x59b: 0x0008, 0x59c: 0x0008, 0x59d: 0x0008,
+	0x59e: 0x0008, 0x59f: 0x0008, 0x5a0: 0x0008, 0x5a1: 0x0008, 0x5a2: 0x0008, 0x5a3: 0x0008,
+	0x5a4: 0x0008, 0x5a5: 0x0008, 0x5a6: 0x0008, 0x5a7: 0x0008, 0x5a8: 0x0008, 0x5a9: 0x0040,
+	0x5aa: 0x0008, 0x5ab: 0x0008, 0x5ac: 0x0008, 0x5ad: 0x0008, 0x5ae: 0x0008, 0x5af: 0x0008,
+	0x5b0: 0x0008, 0x5b1: 0x0040, 0x5b2: 0x0008, 0x5b3: 0x0040, 0x5b4: 0x0040, 0x5b5: 0x0040,
+	0x5b6: 0x0008, 0x5b7: 0x0008, 0x5b8: 0x0008, 0x5b9: 0x0008, 0x5ba: 0x0040, 0x5bb: 0x0040,
+	0x5bc: 0x3308, 0x5bd: 0x0008, 0x5be: 0x3008, 0x5bf: 0x3008,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x3008, 0x5c1: 0x3308, 0x5c2: 0x3308, 0x5c3: 0x3308, 0x5c4: 0x3308, 0x5c5: 0x0040,
+	0x5c6: 0x0040, 0x5c7: 0x3008, 0x5c8: 0x3008, 0x5c9: 0x0040, 0x5ca: 0x0040, 0x5cb: 0x3008,
+	0x5cc: 0x3008, 0x5cd: 0x3b08, 0x5ce: 0x0008, 0x5cf: 0x0040, 0x5d0: 0x0040, 0x5d1: 0x0040,
+	0x5d2: 0x0040, 0x5d3: 0x0040, 0x5d4: 0x0040, 0x5d5: 0x0040, 0x5d6: 0x0040, 0x5d7: 0x3008,
+	0x5d8: 0x0040, 0x5d9: 0x0040, 0x5da: 0x0040, 0x5db: 0x0040, 0x5dc: 0x0689, 0x5dd: 0x06c1,
+	0x5de: 0x0040, 0x5df: 0x06f9, 0x5e0: 0x0008, 0x5e1: 0x0008, 0x5e2: 0x3308, 0x5e3: 0x3308,
+	0x5e4: 0x0040, 0x5e5: 0x0040, 0x5e6: 0x0008, 0x5e7: 0x0008, 0x5e8: 0x0008, 0x5e9: 0x0008,
+	0x5ea: 0x0008, 0x5eb: 0x0008, 0x5ec: 0x0008, 0x5ed: 0x0008, 0x5ee: 0x0008, 0x5ef: 0x0008,
+	0x5f0: 0x0008, 0x5f1: 0x0008, 0x5f2: 0x0018, 0x5f3: 0x0018, 0x5f4: 0x0018, 0x5f5: 0x0018,
+	0x5f6: 0x0018, 0x5f7: 0x0018, 0x5f8: 0x0018, 0x5f9: 0x0018, 0x5fa: 0x0018, 0x5fb: 0x0018,
+	0x5fc: 0x0040, 0x5fd: 0x0040, 0x5fe: 0x0040, 0x5ff: 0x0040,
+	// Block 0x18, offset 0x600
+	0x600: 0x0040, 0x601: 0x3308, 0x602: 0x3308, 0x603: 0x3008, 0x604: 0x0040, 0x605: 0x0008,
+	0x606: 0x0008, 0x607: 0x0008, 0x608: 0x0008, 0x609: 0x0008, 0x60a: 0x0008, 0x60b: 0x0040,
+	0x60c: 0x0040, 0x60d: 0x0040, 0x60e: 0x0040, 0x60f: 0x0008, 0x610: 0x0008, 0x611: 0x0040,
+	0x612: 0x0040, 0x613: 0x0008, 0x614: 0x0008, 0x615: 0x0008, 0x616: 0x0008, 0x617: 0x0008,
+	0x618: 0x0008, 0x619: 0x0008, 0x61a: 0x0008, 0x61b: 0x0008, 0x61c: 0x0008, 0x61d: 0x0008,
+	0x61e: 0x0008, 0x61f: 0x0008, 0x620: 0x0008, 0x621: 0x0008, 0x622: 0x0008, 0x623: 0x0008,
+	0x624: 0x0008, 0x625: 0x0008, 0x626: 0x0008, 0x627: 0x0008, 0x628: 0x0008, 0x629: 0x0040,
+	0x62a: 0x0008, 0x62b: 0x0008, 0x62c: 0x0008, 0x62d: 0x0008, 0x62e: 0x0008, 0x62f: 0x0008,
+	0x630: 0x0008, 0x631: 0x0040, 0x632: 0x0008, 0x633: 0x0731, 0x634: 0x0040, 0x635: 0x0008,
+	0x636: 0x0769, 0x637: 0x0040, 0x638: 0x0008, 0x639: 0x0008, 0x63a: 0x0040, 0x63b: 0x0040,
+	0x63c: 0x3308, 0x63d: 0x0040, 0x63e: 0x3008, 0x63f: 0x3008,
+	// Block 0x19, offset 0x640
+	0x640: 0x3008, 0x641: 0x3308, 0x642: 0x3308, 0x643: 0x0040, 0x644: 0x0040, 0x645: 0x0040,
+	0x646: 0x0040, 0x647: 0x3308, 0x648: 0x3308, 0x649: 0x0040, 0x64a: 0x0040, 0x64b: 0x3308,
+	0x64c: 0x3308, 0x64d: 0x3b08, 0x64e: 0x0040, 0x64f: 0x0040, 0x650: 0x0040, 0x651: 0x3308,
+	0x652: 0x0040, 0x653: 0x0040, 0x654: 0x0040, 0x655: 0x0040, 0x656: 0x0040, 0x657: 0x0040,
+	0x658: 0x0040, 0x659: 0x07a1, 0x65a: 0x07d9, 0x65b: 0x0811, 0x65c: 0x0008, 0x65d: 0x0040,
+	0x65e: 0x0849, 0x65f: 0x0040, 0x660: 0x0040, 0x661: 0x0040, 0x662: 0x0040, 0x663: 0x0040,
+	0x664: 0x0040, 0x665: 0x0040, 0x666: 0x0008, 0x667: 0x0008, 0x668: 0x0008, 0x669: 0x0008,
+	0x66a: 0x0008, 0x66b: 0x0008, 0x66c: 0x0008, 0x66d: 0x0008, 0x66e: 0x0008, 0x66f: 0x0008,
+	0x670: 0x3308, 0x671: 0x3308, 0x672: 0x0008, 0x673: 0x0008, 0x674: 0x0008, 0x675: 0x3308,
+	0x676: 0x0040, 0x677: 0x0040, 0x678: 0x0040, 0x679: 0x0040, 0x67a: 0x0040, 0x67b: 0x0040,
+	0x67c: 0x0040, 0x67d: 0x0040, 0x67e: 0x0040, 0x67f: 0x0040,
+	// Block 0x1a, offset 0x680
+	0x680: 0x0040, 0x681: 0x3308, 0x682: 0x3308, 0x683: 0x3008, 0x684: 0x0040, 0x685: 0x0008,
+	0x686: 0x0008, 0x687: 0x0008, 0x688: 0x0008, 0x689: 0x0008, 0x68a: 0x0008, 0x68b: 0x0008,
+	0x68c: 0x0008, 0x68d: 0x0008, 0x68e: 0x0040, 0x68f: 0x0008, 0x690: 0x0008, 0x691: 0x0008,
+	0x692: 0x0040, 0x693: 0x0008, 0x694: 0x0008, 0x695: 0x0008, 0x696: 0x0008, 0x697: 0x0008,
+	0x698: 0x0008, 0x699: 0x0008, 0x69a: 0x0008, 0x69b: 0x0008, 0x69c: 0x0008, 0x69d: 0x0008,
+	0x69e: 0x0008, 0x69f: 0x0008, 0x6a0: 0x0008, 0x6a1: 0x0008, 0x6a2: 0x0008, 0x6a3: 0x0008,
+	0x6a4: 0x0008, 0x6a5: 0x0008, 0x6a6: 0x0008, 0x6a7: 0x0008, 0x6a8: 0x0008, 0x6a9: 0x0040,
+	0x6aa: 0x0008, 0x6ab: 0x0008, 0x6ac: 0x0008, 0x6ad: 0x0008, 0x6ae: 0x0008, 0x6af: 0x0008,
+	0x6b0: 0x0008, 0x6b1: 0x0040, 0x6b2: 0x0008, 0x6b3: 0x0008, 0x6b4: 0x0040, 0x6b5: 0x0008,
+	0x6b6: 0x0008, 0x6b7: 0x0008, 0x6b8: 0x0008, 0x6b9: 0x0008, 0x6ba: 0x0040, 0x6bb: 0x0040,
+	0x6bc: 0x3308, 0x6bd: 0x0008, 0x6be: 0x3008, 0x6bf: 0x3008,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x3008, 0x6c1: 0x3308, 0x6c2: 0x3308, 0x6c3: 0x3308, 0x6c4: 0x3308, 0x6c5: 0x3308,
+	0x6c6: 0x0040, 0x6c7: 0x3308, 0x6c8: 0x3308, 0x6c9: 0x3008, 0x6ca: 0x0040, 0x6cb: 0x3008,
+	0x6cc: 0x3008, 0x6cd: 0x3b08, 0x6ce: 0x0040, 0x6cf: 0x0040, 0x6d0: 0x0008, 0x6d1: 0x0040,
+	0x6d2: 0x0040, 0x6d3: 0x0040, 0x6d4: 0x0040, 0x6d5: 0x0040, 0x6d6: 0x0040, 0x6d7: 0x0040,
+	0x6d8: 0x0040, 0x6d9: 0x0040, 0x6da: 0x0040, 0x6db: 0x0040, 0x6dc: 0x0040, 0x6dd: 0x0040,
+	0x6de: 0x0040, 0x6df: 0x0040, 0x6e0: 0x0008, 0x6e1: 0x0008, 0x6e2: 0x3308, 0x6e3: 0x3308,
+	0x6e4: 0x0040, 0x6e5: 0x0040, 0x6e6: 0x0008, 0x6e7: 0x0008, 0x6e8: 0x0008, 0x6e9: 0x0008,
+	0x6ea: 0x0008, 0x6eb: 0x0008, 0x6ec: 0x0008, 0x6ed: 0x0008, 0x6ee: 0x0008, 0x6ef: 0x0008,
+	0x6f0: 0x0018, 0x6f1: 0x0018, 0x6f2: 0x0040, 0x6f3: 0x0040, 0x6f4: 0x0040, 0x6f5: 0x0040,
+	0x6f6: 0x0040, 0x6f7: 0x0040, 0x6f8: 0x0040, 0x6f9: 0x0008, 0x6fa: 0x0040, 0x6fb: 0x0040,
+	0x6fc: 0x0040, 0x6fd: 0x0040, 0x6fe: 0x0040, 0x6ff: 0x0040,
+	// Block 0x1c, offset 0x700
+	0x700: 0x0040, 0x701: 0x3308, 0x702: 0x3008, 0x703: 0x3008, 0x704: 0x0040, 0x705: 0x0008,
+	0x706: 0x0008, 0x707: 0x0008, 0x708: 0x0008, 0x709: 0x0008, 0x70a: 0x0008, 0x70b: 0x0008,
+	0x70c: 0x0008, 0x70d: 0x0040, 0x70e: 0x0040, 0x70f: 0x0008, 0x710: 0x0008, 0x711: 0x0040,
+	0x712: 0x0040, 0x713: 0x0008, 0x714: 0x0008, 0x715: 0x0008, 0x716: 0x0008, 0x717: 0x0008,
+	0x718: 0x0008, 0x719: 0x0008, 0x71a: 0x0008, 0x71b: 0x0008, 0x71c: 0x0008, 0x71d: 0x0008,
+	0x71e: 0x0008, 0x71f: 0x0008, 0x720: 0x0008, 0x721: 0x0008, 0x722: 0x0008, 0x723: 0x0008,
+	0x724: 0x0008, 0x725: 0x0008, 0x726: 0x0008, 0x727: 0x0008, 0x728: 0x0008, 0x729: 0x0040,
+	0x72a: 0x0008, 0x72b: 0x0008, 0x72c: 0x0008, 0x72d: 0x0008, 0x72e: 0x0008, 0x72f: 0x0008,
+	0x730: 0x0008, 0x731: 0x0040, 0x732: 0x0008, 0x733: 0x0008, 0x734: 0x0040, 0x735: 0x0008,
+	0x736: 0x0008, 0x737: 0x0008, 0x738: 0x0008, 0x739: 0x0008, 0x73a: 0x0040, 0x73b: 0x0040,
+	0x73c: 0x3308, 0x73d: 0x0008, 0x73e: 0x3008, 0x73f: 0x3308,
+	// Block 0x1d, offset 0x740
+	0x740: 0x3008, 0x741: 0x3308, 0x742: 0x3308, 0x743: 0x3308, 0x744: 0x3308, 0x745: 0x0040,
+	0x746: 0x0040, 0x747: 0x3008, 0x748: 0x3008, 0x749: 0x0040, 0x74a: 0x0040, 0x74b: 0x3008,
+	0x74c: 0x3008, 0x74d: 0x3b08, 0x74e: 0x0040, 0x74f: 0x0040, 0x750: 0x0040, 0x751: 0x0040,
+	0x752: 0x0040, 0x753: 0x0040, 0x754: 0x0040, 0x755: 0x0040, 0x756: 0x3308, 0x757: 0x3008,
+	0x758: 0x0040, 0x759: 0x0040, 0x75a: 0x0040, 0x75b: 0x0040, 0x75c: 0x0881, 0x75d: 0x08b9,
+	0x75e: 0x0040, 0x75f: 0x0008, 0x760: 0x0008, 0x761: 0x0008, 0x762: 0x3308, 0x763: 0x3308,
+	0x764: 0x0040, 0x765: 0x0040, 0x766: 0x0008, 0x767: 0x0008, 0x768: 0x0008, 0x769: 0x0008,
+	0x76a: 0x0008, 0x76b: 0x0008, 0x76c: 0x0008, 0x76d: 0x0008, 0x76e: 0x0008, 0x76f: 0x0008,
+	0x770: 0x0018, 0x771: 0x0008, 0x772: 0x0018, 0x773: 0x0018, 0x774: 0x0018, 0x775: 0x0018,
+	0x776: 0x0018, 0x777: 0x0018, 0x778: 0x0040, 0x779: 0x0040, 0x77a: 0x0040, 0x77b: 0x0040,
+	0x77c: 0x0040, 0x77d: 0x0040, 0x77e: 0x0040, 0x77f: 0x0040,
+	// Block 0x1e, offset 0x780
+	0x780: 0x0040, 0x781: 0x0040, 0x782: 0x3308, 0x783: 0x0008, 0x784: 0x0040, 0x785: 0x0008,
+	0x786: 0x0008, 0x787: 0x0008, 0x788: 0x0008, 0x789: 0x0008, 0x78a: 0x0008, 0x78b: 0x0040,
+	0x78c: 0x0040, 0x78d: 0x0040, 0x78e: 0x0008, 0x78f: 0x0008, 0x790: 0x0008, 0x791: 0x0040,
+	0x792: 0x0008, 0x793: 0x0008, 0x794: 0x0008, 0x795: 0x0008, 0x796: 0x0040, 0x797: 0x0040,
+	0x798: 0x0040, 0x799: 0x0008, 0x79a: 0x0008, 0x79b: 0x0040, 0x79c: 0x0008, 0x79d: 0x0040,
+	0x79e: 0x0008, 0x79f: 0x0008, 0x7a0: 0x0040, 0x7a1: 0x0040, 0x7a2: 0x0040, 0x7a3: 0x0008,
+	0x7a4: 0x0008, 0x7a5: 0x0040, 0x7a6: 0x0040, 0x7a7: 0x0040, 0x7a8: 0x0008, 0x7a9: 0x0008,
+	0x7aa: 0x0008, 0x7ab: 0x0040, 0x7ac: 0x0040, 0x7ad: 0x0040, 0x7ae: 0x0008, 0x7af: 0x0008,
+	0x7b0: 0x0008, 0x7b1: 0x0008, 0x7b2: 0x0008, 0x7b3: 0x0008, 0x7b4: 0x0008, 0x7b5: 0x0008,
+	0x7b6: 0x0008, 0x7b7: 0x0008, 0x7b8: 0x0008, 0x7b9: 0x0008, 0x7ba: 0x0040, 0x7bb: 0x0040,
+	0x7bc: 0x0040, 0x7bd: 0x0040, 0x7be: 0x3008, 0x7bf: 0x3008,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0x3308, 0x7c1: 0x3008, 0x7c2: 0x3008, 0x7c3: 0x3008, 0x7c4: 0x3008, 0x7c5: 0x0040,
+	0x7c6: 0x3308, 0x7c7: 0x3308, 0x7c8: 0x3308, 0x7c9: 0x0040, 0x7ca: 0x3308, 0x7cb: 0x3308,
+	0x7cc: 0x3308, 0x7cd: 0x3b08, 0x7ce: 0x0040, 0x7cf: 0x0040, 0x7d0: 0x0040, 0x7d1: 0x0040,
+	0x7d2: 0x0040, 0x7d3: 0x0040, 0x7d4: 0x0040, 0x7d5: 0x3308, 0x7d6: 0x3308, 0x7d7: 0x0040,
+	0x7d8: 0x0008, 0x7d9: 0x0008, 0x7da: 0x0008, 0x7db: 0x0040, 0x7dc: 0x0040, 0x7dd: 0x0040,
+	0x7de: 0x0040, 0x7df: 0x0040, 0x7e0: 0x0008, 0x7e1: 0x0008, 0x7e2: 0x3308, 0x7e3: 0x3308,
+	0x7e4: 0x0040, 0x7e5: 0x0040, 0x7e6: 0x0008, 0x7e7: 0x0008, 0x7e8: 0x0008, 0x7e9: 0x0008,
+	0x7ea: 0x0008, 0x7eb: 0x0008, 0x7ec: 0x0008, 0x7ed: 0x0008, 0x7ee: 0x0008, 0x7ef: 0x0008,
+	0x7f0: 0x0040, 0x7f1: 0x0040, 0x7f2: 0x0040, 0x7f3: 0x0040, 0x7f4: 0x0040, 0x7f5: 0x0040,
+	0x7f6: 0x0040, 0x7f7: 0x0040, 0x7f8: 0x0018, 0x7f9: 0x0018, 0x7fa: 0x0018, 0x7fb: 0x0018,
+	0x7fc: 0x0018, 0x7fd: 0x0018, 0x7fe: 0x0018, 0x7ff: 0x0018,
+	// Block 0x20, offset 0x800
+	0x800: 0x0008, 0x801: 0x3308, 0x802: 0x3008, 0x803: 0x3008, 0x804: 0x0040, 0x805: 0x0008,
+	0x806: 0x0008, 0x807: 0x0008, 0x808: 0x0008, 0x809: 0x0008, 0x80a: 0x0008, 0x80b: 0x0008,
+	0x80c: 0x0008, 0x80d: 0x0040, 0x80e: 0x0008, 0x80f: 0x0008, 0x810: 0x0008, 0x811: 0x0040,
+	0x812: 0x0008, 0x813: 0x0008, 0x814: 0x0008, 0x815: 0x0008, 0x816: 0x0008, 0x817: 0x0008,
+	0x818: 0x0008, 0x819: 0x0008, 0x81a: 0x0008, 0x81b: 0x0008, 0x81c: 0x0008, 0x81d: 0x0008,
+	0x81e: 0x0008, 0x81f: 0x0008, 0x820: 0x0008, 0x821: 0x0008, 0x822: 0x0008, 0x823: 0x0008,
+	0x824: 0x0008, 0x825: 0x0008, 0x826: 0x0008, 0x827: 0x0008, 0x828: 0x0008, 0x829: 0x0040,
+	0x82a: 0x0008, 0x82b: 0x0008, 0x82c: 0x0008, 0x82d: 0x0008, 0x82e: 0x0008, 0x82f: 0x0008,
+	0x830: 0x0008, 0x831: 0x0008, 0x832: 0x0008, 0x833: 0x0008, 0x834: 0x0040, 0x835: 0x0008,
+	0x836: 0x0008, 0x837: 0x0008, 0x838: 0x0008, 0x839: 0x0008, 0x83a: 0x0040, 0x83b: 0x0040,
+	0x83c: 0x3308, 0x83d: 0x0008, 0x83e: 0x3008, 0x83f: 0x3308,
+	// Block 0x21, offset 0x840
+	0x840: 0x3008, 0x841: 0x3008, 0x842: 0x3008, 0x843: 0x3008, 0x844: 0x3008, 0x845: 0x0040,
+	0x846: 0x3308, 0x847: 0x3008, 0x848: 0x3008, 0x849: 0x0040, 0x84a: 0x3008, 0x84b: 0x3008,
+	0x84c: 0x3308, 0x84d: 0x3b08, 0x84e: 0x0040, 0x84f: 0x0040, 0x850: 0x0040, 0x851: 0x0040,
+	0x852: 0x0040, 0x853: 0x0040, 0x854: 0x0040, 0x855: 0x3008, 0x856: 0x3008, 0x857: 0x0040,
+	0x858: 0x0040, 0x859: 0x0040, 0x85a: 0x0040, 0x85b: 0x0040, 0x85c: 0x0040, 0x85d: 0x0040,
+	0x85e: 0x0008, 0x85f: 0x0040, 0x860: 0x0008, 0x861: 0x0008, 0x862: 0x3308, 0x863: 0x3308,
+	0x864: 0x0040, 0x865: 0x0040, 0x866: 0x0008, 0x867: 0x0008, 0x868: 0x0008, 0x869: 0x0008,
+	0x86a: 0x0008, 0x86b: 0x0008, 0x86c: 0x0008, 0x86d: 0x0008, 0x86e: 0x0008, 0x86f: 0x0008,
+	0x870: 0x0040, 0x871: 0x0008, 0x872: 0x0008, 0x873: 0x0040, 0x874: 0x0040, 0x875: 0x0040,
+	0x876: 0x0040, 0x877: 0x0040, 0x878: 0x0040, 0x879: 0x0040, 0x87a: 0x0040, 0x87b: 0x0040,
+	0x87c: 0x0040, 0x87d: 0x0040, 0x87e: 0x0040, 0x87f: 0x0040,
+	// Block 0x22, offset 0x880
+	0x880: 0x3008, 0x881: 0x3308, 0x882: 0x3308, 0x883: 0x3308, 0x884: 0x3308, 0x885: 0x0040,
+	0x886: 0x3008, 0x887: 0x3008, 0x888: 0x3008, 0x889: 0x0040, 0x88a: 0x3008, 0x88b: 0x3008,
+	0x88c: 0x3008, 0x88d: 0x3b08, 0x88e: 0x0008, 0x88f: 0x0018, 0x890: 0x0040, 0x891: 0x0040,
+	0x892: 0x0040, 0x893: 0x0040, 0x894: 0x0008, 0x895: 0x0008, 0x896: 0x0008, 0x897: 0x3008,
+	0x898: 0x0018, 0x899: 0x0018, 0x89a: 0x0018, 0x89b: 0x0018, 0x89c: 0x0018, 0x89d: 0x0018,
+	0x89e: 0x0018, 0x89f: 0x0008, 0x8a0: 0x0008, 0x8a1: 0x0008, 0x8a2: 0x3308, 0x8a3: 0x3308,
+	0x8a4: 0x0040, 0x8a5: 0x0040, 0x8a6: 0x0008, 0x8a7: 0x0008, 0x8a8: 0x0008, 0x8a9: 0x0008,
+	0x8aa: 0x0008, 0x8ab: 0x0008, 0x8ac: 0x0008, 0x8ad: 0x0008, 0x8ae: 0x0008, 0x8af: 0x0008,
+	0x8b0: 0x0018, 0x8b1: 0x0018, 0x8b2: 0x0018, 0x8b3: 0x0018, 0x8b4: 0x0018, 0x8b5: 0x0018,
+	0x8b6: 0x0018, 0x8b7: 0x0018, 0x8b8: 0x0018, 0x8b9: 0x0018, 0x8ba: 0x0008, 0x8bb: 0x0008,
+	0x8bc: 0x0008, 0x8bd: 0x0008, 0x8be: 0x0008, 0x8bf: 0x0008,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x0040, 0x8c1: 0x0008, 0x8c2: 0x0008, 0x8c3: 0x0040, 0x8c4: 0x0008, 0x8c5: 0x0040,
+	0x8c6: 0x0040, 0x8c7: 0x0008, 0x8c8: 0x0008, 0x8c9: 0x0040, 0x8ca: 0x0008, 0x8cb: 0x0040,
+	0x8cc: 0x0040, 0x8cd: 0x0008, 0x8ce: 0x0040, 0x8cf: 0x0040, 0x8d0: 0x0040, 0x8d1: 0x0040,
+	0x8d2: 0x0040, 0x8d3: 0x0040, 0x8d4: 0x0008, 0x8d5: 0x0008, 0x8d6: 0x0008, 0x8d7: 0x0008,
+	0x8d8: 0x0040, 0x8d9: 0x0008, 0x8da: 0x0008, 0x8db: 0x0008, 0x8dc: 0x0008, 0x8dd: 0x0008,
+	0x8de: 0x0008, 0x8df: 0x0008, 0x8e0: 0x0040, 0x8e1: 0x0008, 0x8e2: 0x0008, 0x8e3: 0x0008,
+	0x8e4: 0x0040, 0x8e5: 0x0008, 0x8e6: 0x0040, 0x8e7: 0x0008, 0x8e8: 0x0040, 0x8e9: 0x0040,
+	0x8ea: 0x0008, 0x8eb: 0x0008, 0x8ec: 0x0040, 0x8ed: 0x0008, 0x8ee: 0x0008, 0x8ef: 0x0008,
+	0x8f0: 0x0008, 0x8f1: 0x3308, 0x8f2: 0x0008, 0x8f3: 0x0929, 0x8f4: 0x3308, 0x8f5: 0x3308,
+	0x8f6: 0x3308, 0x8f7: 0x3308, 0x8f8: 0x3308, 0x8f9: 0x3308, 0x8fa: 0x0040, 0x8fb: 0x3308,
+	0x8fc: 0x3308, 0x8fd: 0x0008, 0x8fe: 0x0040, 0x8ff: 0x0040,
+	// Block 0x24, offset 0x900
+	0x900: 0x0008, 0x901: 0x0008, 0x902: 0x0008, 0x903: 0x09d1, 0x904: 0x0008, 0x905: 0x0008,
+	0x906: 0x0008, 0x907: 0x0008, 0x908: 0x0040, 0x909: 0x0008, 0x90a: 0x0008, 0x90b: 0x0008,
+	0x90c: 0x0008, 0x90d: 0x0a09, 0x90e: 0x0008, 0x90f: 0x0008, 0x910: 0x0008, 0x911: 0x0008,
+	0x912: 0x0a41, 0x913: 0x0008, 0x914: 0x0008, 0x915: 0x0008, 0x916: 0x0008, 0x917: 0x0a79,
+	0x918: 0x0008, 0x919: 0x0008, 0x91a: 0x0008, 0x91b: 0x0008, 0x91c: 0x0ab1, 0x91d: 0x0008,
+	0x91e: 0x0008, 0x91f: 0x0008, 0x920: 0x0008, 0x921: 0x0008, 0x922: 0x0008, 0x923: 0x0008,
+	0x924: 0x0008, 0x925: 0x0008, 0x926: 0x0008, 0x927: 0x0008, 0x928: 0x0008, 0x929: 0x0ae9,
+	0x92a: 0x0008, 0x92b: 0x0008, 0x92c: 0x0008, 0x92d: 0x0040, 0x92e: 0x0040, 0x92f: 0x0040,
+	0x930: 0x0040, 0x931: 0x3308, 0x932: 0x3308, 0x933: 0x0b21, 0x934: 0x3308, 0x935: 0x0b59,
+	0x936: 0x0b91, 0x937: 0x0bc9, 0x938: 0x0c19, 0x939: 0x0c51, 0x93a: 0x3308, 0x93b: 0x3308,
+	0x93c: 0x3308, 0x93d: 0x3308, 0x93e: 0x3308, 0x93f: 0x3008,
+	// Block 0x25, offset 0x940
+	0x940: 0x3308, 0x941: 0x0ca1, 0x942: 0x3308, 0x943: 0x3308, 0x944: 0x3b08, 0x945: 0x0018,
+	0x946: 0x3308, 0x947: 0x3308, 0x948: 0x0008, 0x949: 0x0008, 0x94a: 0x0008, 0x94b: 0x0008,
+	0x94c: 0x0008, 0x94d: 0x3308, 0x94e: 0x3308, 0x94f: 0x3308, 0x950: 0x3308, 0x951: 0x3308,
+	0x952: 0x3308, 0x953: 0x0cd9, 0x954: 0x3308, 0x955: 0x3308, 0x956: 0x3308, 0x957: 0x3308,
+	0x958: 0x0040, 0x959: 0x3308, 0x95a: 0x3308, 0x95b: 0x3308, 0x95c: 0x3308, 0x95d: 0x0d11,
+	0x95e: 0x3308, 0x95f: 0x3308, 0x960: 0x3308, 0x961: 0x3308, 0x962: 0x0d49, 0x963: 0x3308,
+	0x964: 0x3308, 0x965: 0x3308, 0x966: 0x3308, 0x967: 0x0d81, 0x968: 0x3308, 0x969: 0x3308,
+	0x96a: 0x3308, 0x96b: 0x3308, 0x96c: 0x0db9, 0x96d: 0x3308, 0x96e: 0x3308, 0x96f: 0x3308,
+	0x970: 0x3308, 0x971: 0x3308, 0x972: 0x3308, 0x973: 0x3308, 0x974: 0x3308, 0x975: 0x3308,
+	0x976: 0x3308, 0x977: 0x3308, 0x978: 0x3308, 0x979: 0x0df1, 0x97a: 0x3308, 0x97b: 0x3308,
+	0x97c: 0x3308, 0x97d: 0x0040, 0x97e: 0x0018, 0x97f: 0x0018,
+	// Block 0x26, offset 0x980
+	0x980: 0x0008, 0x981: 0x0008, 0x982: 0x0008, 0x983: 0x0008, 0x984: 0x0008, 0x985: 0x0008,
+	0x986: 0x0008, 0x987: 0x0008, 0x988: 0x0008, 0x989: 0x0008, 0x98a: 0x0008, 0x98b: 0x0008,
+	0x98c: 0x0008, 0x98d: 0x0008, 0x98e: 0x0008, 0x98f: 0x0008, 0x990: 0x0008, 0x991: 0x0008,
+	0x992: 0x0008, 0x993: 0x0008, 0x994: 0x0008, 0x995: 0x0008, 0x996: 0x0008, 0x997: 0x0008,
+	0x998: 0x0008, 0x999: 0x0008, 0x99a: 0x0008, 0x99b: 0x0008, 0x99c: 0x0008, 0x99d: 0x0008,
+	0x99e: 0x0008, 0x99f: 0x0008, 0x9a0: 0x0008, 0x9a1: 0x0008, 0x9a2: 0x0008, 0x9a3: 0x0008,
+	0x9a4: 0x0008, 0x9a5: 0x0008, 0x9a6: 0x0008, 0x9a7: 0x0008, 0x9a8: 0x0008, 0x9a9: 0x0008,
+	0x9aa: 0x0008, 0x9ab: 0x0008, 0x9ac: 0x0039, 0x9ad: 0x0ed1, 0x9ae: 0x0ee9, 0x9af: 0x0008,
+	0x9b0: 0x0ef9, 0x9b1: 0x0f09, 0x9b2: 0x0f19, 0x9b3: 0x0f31, 0x9b4: 0x0249, 0x9b5: 0x0f41,
+	0x9b6: 0x0259, 0x9b7: 0x0f51, 0x9b8: 0x0359, 0x9b9: 0x0f61, 0x9ba: 0x0f71, 0x9bb: 0x0008,
+	0x9bc: 0x00d9, 0x9bd: 0x0f81, 0x9be: 0x0f99, 0x9bf: 0x0269,
+	// Block 0x27, offset 0x9c0
+	0x9c0: 0x0fa9, 0x9c1: 0x0fb9, 0x9c2: 0x0279, 0x9c3: 0x0039, 0x9c4: 0x0fc9, 0x9c5: 0x0fe1,
+	0x9c6: 0x059d, 0x9c7: 0x0ee9, 0x9c8: 0x0ef9, 0x9c9: 0x0f09, 0x9ca: 0x0ff9, 0x9cb: 0x1011,
+	0x9cc: 0x1029, 0x9cd: 0x0f31, 0x9ce: 0x0008, 0x9cf: 0x0f51, 0x9d0: 0x0f61, 0x9d1: 0x1041,
+	0x9d2: 0x00d9, 0x9d3: 0x1059, 0x9d4: 0x05b5, 0x9d5: 0x05b5, 0x9d6: 0x0f99, 0x9d7: 0x0fa9,
+	0x9d8: 0x0fb9, 0x9d9: 0x059d, 0x9da: 0x1071, 0x9db: 0x1089, 0x9dc: 0x05cd, 0x9dd: 0x1099,
+	0x9de: 0x10b1, 0x9df: 0x10c9, 0x9e0: 0x10e1, 0x9e1: 0x10f9, 0x9e2: 0x0f41, 0x9e3: 0x0269,
+	0x9e4: 0x0fb9, 0x9e5: 0x1089, 0x9e6: 0x1099, 0x9e7: 0x10b1, 0x9e8: 0x1111, 0x9e9: 0x10e1,
+	0x9ea: 0x10f9, 0x9eb: 0x0008, 0x9ec: 0x0008, 0x9ed: 0x0008, 0x9ee: 0x0008, 0x9ef: 0x0008,
+	0x9f0: 0x0008, 0x9f1: 0x0008, 0x9f2: 0x0008, 0x9f3: 0x0008, 0x9f4: 0x0008, 0x9f5: 0x0008,
+	0x9f6: 0x0008, 0x9f7: 0x0008, 0x9f8: 0x1129, 0x9f9: 0x0008, 0x9fa: 0x0008, 0x9fb: 0x0008,
+	0x9fc: 0x0008, 0x9fd: 0x0008, 0x9fe: 0x0008, 0x9ff: 0x0008,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x0008, 0xa01: 0x0008, 0xa02: 0x0008, 0xa03: 0x0008, 0xa04: 0x0008, 0xa05: 0x0008,
+	0xa06: 0x0008, 0xa07: 0x0008, 0xa08: 0x0008, 0xa09: 0x0008, 0xa0a: 0x0008, 0xa0b: 0x0008,
+	0xa0c: 0x0008, 0xa0d: 0x0008, 0xa0e: 0x0008, 0xa0f: 0x0008, 0xa10: 0x0008, 0xa11: 0x0008,
+	0xa12: 0x0008, 0xa13: 0x0008, 0xa14: 0x0008, 0xa15: 0x0008, 0xa16: 0x0008, 0xa17: 0x0008,
+	0xa18: 0x0008, 0xa19: 0x0008, 0xa1a: 0x0008, 0xa1b: 0x1141, 0xa1c: 0x1159, 0xa1d: 0x1169,
+	0xa1e: 0x1181, 0xa1f: 0x1029, 0xa20: 0x1199, 0xa21: 0x11a9, 0xa22: 0x11c1, 0xa23: 0x11d9,
+	0xa24: 0x11f1, 0xa25: 0x1209, 0xa26: 0x1221, 0xa27: 0x05e5, 0xa28: 0x1239, 0xa29: 0x1251,
+	0xa2a: 0xe17d, 0xa2b: 0x1269, 0xa2c: 0x1281, 0xa2d: 0x1299, 0xa2e: 0x12b1, 0xa2f: 0x12c9,
+	0xa30: 0x12e1, 0xa31: 0x12f9, 0xa32: 0x1311, 0xa33: 0x1329, 0xa34: 0x1341, 0xa35: 0x1359,
+	0xa36: 0x1371, 0xa37: 0x1389, 0xa38: 0x05fd, 0xa39: 0x13a1, 0xa3a: 0x13b9, 0xa3b: 0x13d1,
+	0xa3c: 0x13e1, 0xa3d: 0x13f9, 0xa3e: 0x1411, 0xa3f: 0x1429,
+	// Block 0x29, offset 0xa40
+	0xa40: 0xe00d, 0xa41: 0x0008, 0xa42: 0xe00d, 0xa43: 0x0008, 0xa44: 0xe00d, 0xa45: 0x0008,
+	0xa46: 0xe00d, 0xa47: 0x0008, 0xa48: 0xe00d, 0xa49: 0x0008, 0xa4a: 0xe00d, 0xa4b: 0x0008,
+	0xa4c: 0xe00d, 0xa4d: 0x0008, 0xa4e: 0xe00d, 0xa4f: 0x0008, 0xa50: 0xe00d, 0xa51: 0x0008,
+	0xa52: 0xe00d, 0xa53: 0x0008, 0xa54: 0xe00d, 0xa55: 0x0008, 0xa56: 0xe00d, 0xa57: 0x0008,
+	0xa58: 0xe00d, 0xa59: 0x0008, 0xa5a: 0xe00d, 0xa5b: 0x0008, 0xa5c: 0xe00d, 0xa5d: 0x0008,
+	0xa5e: 0xe00d, 0xa5f: 0x0008, 0xa60: 0xe00d, 0xa61: 0x0008, 0xa62: 0xe00d, 0xa63: 0x0008,
+	0xa64: 0xe00d, 0xa65: 0x0008, 0xa66: 0xe00d, 0xa67: 0x0008, 0xa68: 0xe00d, 0xa69: 0x0008,
+	0xa6a: 0xe00d, 0xa6b: 0x0008, 0xa6c: 0xe00d, 0xa6d: 0x0008, 0xa6e: 0xe00d, 0xa6f: 0x0008,
+	0xa70: 0xe00d, 0xa71: 0x0008, 0xa72: 0xe00d, 0xa73: 0x0008, 0xa74: 0xe00d, 0xa75: 0x0008,
+	0xa76: 0xe00d, 0xa77: 0x0008, 0xa78: 0xe00d, 0xa79: 0x0008, 0xa7a: 0xe00d, 0xa7b: 0x0008,
+	0xa7c: 0xe00d, 0xa7d: 0x0008, 0xa7e: 0xe00d, 0xa7f: 0x0008,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0xe00d, 0xa81: 0x0008, 0xa82: 0xe00d, 0xa83: 0x0008, 0xa84: 0xe00d, 0xa85: 0x0008,
+	0xa86: 0xe00d, 0xa87: 0x0008, 0xa88: 0xe00d, 0xa89: 0x0008, 0xa8a: 0xe00d, 0xa8b: 0x0008,
+	0xa8c: 0xe00d, 0xa8d: 0x0008, 0xa8e: 0xe00d, 0xa8f: 0x0008, 0xa90: 0xe00d, 0xa91: 0x0008,
+	0xa92: 0xe00d, 0xa93: 0x0008, 0xa94: 0xe00d, 0xa95: 0x0008, 0xa96: 0x0008, 0xa97: 0x0008,
+	0xa98: 0x0008, 0xa99: 0x0008, 0xa9a: 0x0615, 0xa9b: 0x0635, 0xa9c: 0x0008, 0xa9d: 0x0008,
+	0xa9e: 0x1441, 0xa9f: 0x0008, 0xaa0: 0xe00d, 0xaa1: 0x0008, 0xaa2: 0xe00d, 0xaa3: 0x0008,
+	0xaa4: 0xe00d, 0xaa5: 0x0008, 0xaa6: 0xe00d, 0xaa7: 0x0008, 0xaa8: 0xe00d, 0xaa9: 0x0008,
+	0xaaa: 0xe00d, 0xaab: 0x0008, 0xaac: 0xe00d, 0xaad: 0x0008, 0xaae: 0xe00d, 0xaaf: 0x0008,
+	0xab0: 0xe00d, 0xab1: 0x0008, 0xab2: 0xe00d, 0xab3: 0x0008, 0xab4: 0xe00d, 0xab5: 0x0008,
+	0xab6: 0xe00d, 0xab7: 0x0008, 0xab8: 0xe00d, 0xab9: 0x0008, 0xaba: 0xe00d, 0xabb: 0x0008,
+	0xabc: 0xe00d, 0xabd: 0x0008, 0xabe: 0xe00d, 0xabf: 0x0008,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0x0008, 0xac1: 0x0008, 0xac2: 0x0008, 0xac3: 0x0008, 0xac4: 0x0008, 0xac5: 0x0008,
+	0xac6: 0x0040, 0xac7: 0x0040, 0xac8: 0xe045, 0xac9: 0xe045, 0xaca: 0xe045, 0xacb: 0xe045,
+	0xacc: 0xe045, 0xacd: 0xe045, 0xace: 0x0040, 0xacf: 0x0040, 0xad0: 0x0008, 0xad1: 0x0008,
+	0xad2: 0x0008, 0xad3: 0x0008, 0xad4: 0x0008, 0xad5: 0x0008, 0xad6: 0x0008, 0xad7: 0x0008,
+	0xad8: 0x0040, 0xad9: 0xe045, 0xada: 0x0040, 0xadb: 0xe045, 0xadc: 0x0040, 0xadd: 0xe045,
+	0xade: 0x0040, 0xadf: 0xe045, 0xae0: 0x0008, 0xae1: 0x0008, 0xae2: 0x0008, 0xae3: 0x0008,
+	0xae4: 0x0008, 0xae5: 0x0008, 0xae6: 0x0008, 0xae7: 0x0008, 0xae8: 0xe045, 0xae9: 0xe045,
+	0xaea: 0xe045, 0xaeb: 0xe045, 0xaec: 0xe045, 0xaed: 0xe045, 0xaee: 0xe045, 0xaef: 0xe045,
+	0xaf0: 0x0008, 0xaf1: 0x1459, 0xaf2: 0x0008, 0xaf3: 0x1471, 0xaf4: 0x0008, 0xaf5: 0x1489,
+	0xaf6: 0x0008, 0xaf7: 0x14a1, 0xaf8: 0x0008, 0xaf9: 0x14b9, 0xafa: 0x0008, 0xafb: 0x14d1,
+	0xafc: 0x0008, 0xafd: 0x14e9, 0xafe: 0x0040, 0xaff: 0x0040,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x1501, 0xb01: 0x1531, 0xb02: 0x1561, 0xb03: 0x1591, 0xb04: 0x15c1, 0xb05: 0x15f1,
+	0xb06: 0x1621, 0xb07: 0x1651, 0xb08: 0x1501, 0xb09: 0x1531, 0xb0a: 0x1561, 0xb0b: 0x1591,
+	0xb0c: 0x15c1, 0xb0d: 0x15f1, 0xb0e: 0x1621, 0xb0f: 0x1651, 0xb10: 0x1681, 0xb11: 0x16b1,
+	0xb12: 0x16e1, 0xb13: 0x1711, 0xb14: 0x1741, 0xb15: 0x1771, 0xb16: 0x17a1, 0xb17: 0x17d1,
+	0xb18: 0x1681, 0xb19: 0x16b1, 0xb1a: 0x16e1, 0xb1b: 0x1711, 0xb1c: 0x1741, 0xb1d: 0x1771,
+	0xb1e: 0x17a1, 0xb1f: 0x17d1, 0xb20: 0x1801, 0xb21: 0x1831, 0xb22: 0x1861, 0xb23: 0x1891,
+	0xb24: 0x18c1, 0xb25: 0x18f1, 0xb26: 0x1921, 0xb27: 0x1951, 0xb28: 0x1801, 0xb29: 0x1831,
+	0xb2a: 0x1861, 0xb2b: 0x1891, 0xb2c: 0x18c1, 0xb2d: 0x18f1, 0xb2e: 0x1921, 0xb2f: 0x1951,
+	0xb30: 0x0008, 0xb31: 0x0008, 0xb32: 0x1981, 0xb33: 0x19b1, 0xb34: 0x19d9, 0xb35: 0x0040,
+	0xb36: 0x0008, 0xb37: 0x1a01, 0xb38: 0xe045, 0xb39: 0xe045, 0xb3a: 0x064d, 0xb3b: 0x1459,
+	0xb3c: 0x19b1, 0xb3d: 0x0666, 0xb3e: 0x1a31, 0xb3f: 0x0686,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x06a6, 0xb41: 0x1a4a, 0xb42: 0x1a79, 0xb43: 0x1aa9, 0xb44: 0x1ad1, 0xb45: 0x0040,
+	0xb46: 0x0008, 0xb47: 0x1af9, 0xb48: 0x06c5, 0xb49: 0x1471, 0xb4a: 0x06dd, 0xb4b: 0x1489,
+	0xb4c: 0x1aa9, 0xb4d: 0x1b2a, 0xb4e: 0x1b5a, 0xb4f: 0x1b8a, 0xb50: 0x0008, 0xb51: 0x0008,
+	0xb52: 0x0008, 0xb53: 0x1bb9, 0xb54: 0x0040, 0xb55: 0x0040, 0xb56: 0x0008, 0xb57: 0x0008,
+	0xb58: 0xe045, 0xb59: 0xe045, 0xb5a: 0x06f5, 0xb5b: 0x14a1, 0xb5c: 0x0040, 0xb5d: 0x1bd2,
+	0xb5e: 0x1c02, 0xb5f: 0x1c32, 0xb60: 0x0008, 0xb61: 0x0008, 0xb62: 0x0008, 0xb63: 0x1c61,
+	0xb64: 0x0008, 0xb65: 0x0008, 0xb66: 0x0008, 0xb67: 0x0008, 0xb68: 0xe045, 0xb69: 0xe045,
+	0xb6a: 0x070d, 0xb6b: 0x14d1, 0xb6c: 0xe04d, 0xb6d: 0x1c7a, 0xb6e: 0x03d2, 0xb6f: 0x1caa,
+	0xb70: 0x0040, 0xb71: 0x0040, 0xb72: 0x1cb9, 0xb73: 0x1ce9, 0xb74: 0x1d11, 0xb75: 0x0040,
+	0xb76: 0x0008, 0xb77: 0x1d39, 0xb78: 0x0725, 0xb79: 0x14b9, 0xb7a: 0x0515, 0xb7b: 0x14e9,
+	0xb7c: 0x1ce9, 0xb7d: 0x073e, 0xb7e: 0x075e, 0xb7f: 0x0040,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x000a, 0xb81: 0x000a, 0xb82: 0x000a, 0xb83: 0x000a, 0xb84: 0x000a, 0xb85: 0x000a,
+	0xb86: 0x000a, 0xb87: 0x000a, 0xb88: 0x000a, 0xb89: 0x000a, 0xb8a: 0x000a, 0xb8b: 0x03c0,
+	0xb8c: 0x0003, 0xb8d: 0x0003, 0xb8e: 0x0340, 0xb8f: 0x0b40, 0xb90: 0x0018, 0xb91: 0xe00d,
+	0xb92: 0x0018, 0xb93: 0x0018, 0xb94: 0x0018, 0xb95: 0x0018, 0xb96: 0x0018, 0xb97: 0x077e,
+	0xb98: 0x0018, 0xb99: 0x0018, 0xb9a: 0x0018, 0xb9b: 0x0018, 0xb9c: 0x0018, 0xb9d: 0x0018,
+	0xb9e: 0x0018, 0xb9f: 0x0018, 0xba0: 0x0018, 0xba1: 0x0018, 0xba2: 0x0018, 0xba3: 0x0018,
+	0xba4: 0x0040, 0xba5: 0x0040, 0xba6: 0x0040, 0xba7: 0x0018, 0xba8: 0x0040, 0xba9: 0x0040,
+	0xbaa: 0x0340, 0xbab: 0x0340, 0xbac: 0x0340, 0xbad: 0x0340, 0xbae: 0x0340, 0xbaf: 0x000a,
+	0xbb0: 0x0018, 0xbb1: 0x0018, 0xbb2: 0x0018, 0xbb3: 0x1d69, 0xbb4: 0x1da1, 0xbb5: 0x0018,
+	0xbb6: 0x1df1, 0xbb7: 0x1e29, 0xbb8: 0x0018, 0xbb9: 0x0018, 0xbba: 0x0018, 0xbbb: 0x0018,
+	0xbbc: 0x1e7a, 0xbbd: 0x0018, 0xbbe: 0x079e, 0xbbf: 0x0018,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x0018, 0xbc1: 0x0018, 0xbc2: 0x0018, 0xbc3: 0x0018, 0xbc4: 0x0018, 0xbc5: 0x0018,
+	0xbc6: 0x0018, 0xbc7: 0x1e92, 0xbc8: 0x1eaa, 0xbc9: 0x1ec2, 0xbca: 0x0018, 0xbcb: 0x0018,
+	0xbcc: 0x0018, 0xbcd: 0x0018, 0xbce: 0x0018, 0xbcf: 0x0018, 0xbd0: 0x0018, 0xbd1: 0x0018,
+	0xbd2: 0x0018, 0xbd3: 0x0018, 0xbd4: 0x0018, 0xbd5: 0x0018, 0xbd6: 0x0018, 0xbd7: 0x1ed9,
+	0xbd8: 0x0018, 0xbd9: 0x0018, 0xbda: 0x0018, 0xbdb: 0x0018, 0xbdc: 0x0018, 0xbdd: 0x0018,
+	0xbde: 0x0018, 0xbdf: 0x000a, 0xbe0: 0x03c0, 0xbe1: 0x0340, 0xbe2: 0x0340, 0xbe3: 0x0340,
+	0xbe4: 0x03c0, 0xbe5: 0x0040, 0xbe6: 0x0040, 0xbe7: 0x0040, 0xbe8: 0x0040, 0xbe9: 0x0040,
+	0xbea: 0x0340, 0xbeb: 0x0340, 0xbec: 0x0340, 0xbed: 0x0340, 0xbee: 0x0340, 0xbef: 0x0340,
+	0xbf0: 0x1f41, 0xbf1: 0x0f41, 0xbf2: 0x0040, 0xbf3: 0x0040, 0xbf4: 0x1f51, 0xbf5: 0x1f61,
+	0xbf6: 0x1f71, 0xbf7: 0x1f81, 0xbf8: 0x1f91, 0xbf9: 0x1fa1, 0xbfa: 0x1fb2, 0xbfb: 0x07bd,
+	0xbfc: 0x1fc2, 0xbfd: 0x1fd2, 0xbfe: 0x1fe2, 0xbff: 0x0f71,
+	// Block 0x30, offset 0xc00
+	0xc00: 0x1f41, 0xc01: 0x00c9, 0xc02: 0x0069, 0xc03: 0x0079, 0xc04: 0x1f51, 0xc05: 0x1f61,
+	0xc06: 0x1f71, 0xc07: 0x1f81, 0xc08: 0x1f91, 0xc09: 0x1fa1, 0xc0a: 0x1fb2, 0xc0b: 0x07d5,
+	0xc0c: 0x1fc2, 0xc0d: 0x1fd2, 0xc0e: 0x1fe2, 0xc0f: 0x0040, 0xc10: 0x0039, 0xc11: 0x0f09,
+	0xc12: 0x00d9, 0xc13: 0x0369, 0xc14: 0x0ff9, 0xc15: 0x0249, 0xc16: 0x0f51, 0xc17: 0x0359,
+	0xc18: 0x0f61, 0xc19: 0x0f71, 0xc1a: 0x0f99, 0xc1b: 0x01d9, 0xc1c: 0x0fa9, 0xc1d: 0x0040,
+	0xc1e: 0x0040, 0xc1f: 0x0040, 0xc20: 0x0018, 0xc21: 0x0018, 0xc22: 0x0018, 0xc23: 0x0018,
+	0xc24: 0x0018, 0xc25: 0x0018, 0xc26: 0x0018, 0xc27: 0x0018, 0xc28: 0x1ff1, 0xc29: 0x0018,
+	0xc2a: 0x0018, 0xc2b: 0x0018, 0xc2c: 0x0018, 0xc2d: 0x0018, 0xc2e: 0x0018, 0xc2f: 0x0018,
+	0xc30: 0x0018, 0xc31: 0x0018, 0xc32: 0x0018, 0xc33: 0x0018, 0xc34: 0x0018, 0xc35: 0x0018,
+	0xc36: 0x0018, 0xc37: 0x0018, 0xc38: 0x0018, 0xc39: 0x0018, 0xc3a: 0x0018, 0xc3b: 0x0018,
+	0xc3c: 0x0018, 0xc3d: 0x0018, 0xc3e: 0x0018, 0xc3f: 0x0040,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x07ee, 0xc41: 0x080e, 0xc42: 0x1159, 0xc43: 0x082d, 0xc44: 0x0018, 0xc45: 0x084e,
+	0xc46: 0x086e, 0xc47: 0x1011, 0xc48: 0x0018, 0xc49: 0x088d, 0xc4a: 0x0f31, 0xc4b: 0x0249,
+	0xc4c: 0x0249, 0xc4d: 0x0249, 0xc4e: 0x0249, 0xc4f: 0x2009, 0xc50: 0x0f41, 0xc51: 0x0f41,
+	0xc52: 0x0359, 0xc53: 0x0359, 0xc54: 0x0018, 0xc55: 0x0f71, 0xc56: 0x2021, 0xc57: 0x0018,
+	0xc58: 0x0018, 0xc59: 0x0f99, 0xc5a: 0x2039, 0xc5b: 0x0269, 0xc5c: 0x0269, 0xc5d: 0x0269,
+	0xc5e: 0x0018, 0xc5f: 0x0018, 0xc60: 0x2049, 0xc61: 0x08ad, 0xc62: 0x2061, 0xc63: 0x0018,
+	0xc64: 0x13d1, 0xc65: 0x0018, 0xc66: 0x2079, 0xc67: 0x0018, 0xc68: 0x13d1, 0xc69: 0x0018,
+	0xc6a: 0x0f51, 0xc6b: 0x2091, 0xc6c: 0x0ee9, 0xc6d: 0x1159, 0xc6e: 0x0018, 0xc6f: 0x0f09,
+	0xc70: 0x0f09, 0xc71: 0x1199, 0xc72: 0x0040, 0xc73: 0x0f61, 0xc74: 0x00d9, 0xc75: 0x20a9,
+	0xc76: 0x20c1, 0xc77: 0x20d9, 0xc78: 0x20f1, 0xc79: 0x0f41, 0xc7a: 0x0018, 0xc7b: 0x08cd,
+	0xc7c: 0x2109, 0xc7d: 0x10b1, 0xc7e: 0x10b1, 0xc7f: 0x2109,
+	// Block 0x32, offset 0xc80
+	0xc80: 0x08ed, 0xc81: 0x0018, 0xc82: 0x0018, 0xc83: 0x0018, 0xc84: 0x0018, 0xc85: 0x0ef9,
+	0xc86: 0x0ef9, 0xc87: 0x0f09, 0xc88: 0x0f41, 0xc89: 0x0259, 0xc8a: 0x0018, 0xc8b: 0x0018,
+	0xc8c: 0x0018, 0xc8d: 0x0018, 0xc8e: 0x0008, 0xc8f: 0x0018, 0xc90: 0x2121, 0xc91: 0x2151,
+	0xc92: 0x2181, 0xc93: 0x21b9, 0xc94: 0x21e9, 0xc95: 0x2219, 0xc96: 0x2249, 0xc97: 0x2279,
+	0xc98: 0x22a9, 0xc99: 0x22d9, 0xc9a: 0x2309, 0xc9b: 0x2339, 0xc9c: 0x2369, 0xc9d: 0x2399,
+	0xc9e: 0x23c9, 0xc9f: 0x23f9, 0xca0: 0x0f41, 0xca1: 0x2421, 0xca2: 0x0905, 0xca3: 0x2439,
+	0xca4: 0x1089, 0xca5: 0x2451, 0xca6: 0x0925, 0xca7: 0x2469, 0xca8: 0x2491, 0xca9: 0x0369,
+	0xcaa: 0x24a9, 0xcab: 0x0945, 0xcac: 0x0359, 0xcad: 0x1159, 0xcae: 0x0ef9, 0xcaf: 0x0f61,
+	0xcb0: 0x0f41, 0xcb1: 0x2421, 0xcb2: 0x0965, 0xcb3: 0x2439, 0xcb4: 0x1089, 0xcb5: 0x2451,
+	0xcb6: 0x0985, 0xcb7: 0x2469, 0xcb8: 0x2491, 0xcb9: 0x0369, 0xcba: 0x24a9, 0xcbb: 0x09a5,
+	0xcbc: 0x0359, 0xcbd: 0x1159, 0xcbe: 0x0ef9, 0xcbf: 0x0f61,
+	// Block 0x33, offset 0xcc0
+	0xcc0: 0x0018, 0xcc1: 0x0018, 0xcc2: 0x0018, 0xcc3: 0x0018, 0xcc4: 0x0018, 0xcc5: 0x0018,
+	0xcc6: 0x0018, 0xcc7: 0x0018, 0xcc8: 0x0018, 0xcc9: 0x0018, 0xcca: 0x0018, 0xccb: 0x0040,
+	0xccc: 0x0040, 0xccd: 0x0040, 0xcce: 0x0040, 0xccf: 0x0040, 0xcd0: 0x0040, 0xcd1: 0x0040,
+	0xcd2: 0x0040, 0xcd3: 0x0040, 0xcd4: 0x0040, 0xcd5: 0x0040, 0xcd6: 0x0040, 0xcd7: 0x0040,
+	0xcd8: 0x0040, 0xcd9: 0x0040, 0xcda: 0x0040, 0xcdb: 0x0040, 0xcdc: 0x0040, 0xcdd: 0x0040,
+	0xcde: 0x0040, 0xcdf: 0x0040, 0xce0: 0x00c9, 0xce1: 0x0069, 0xce2: 0x0079, 0xce3: 0x1f51,
+	0xce4: 0x1f61, 0xce5: 0x1f71, 0xce6: 0x1f81, 0xce7: 0x1f91, 0xce8: 0x1fa1, 0xce9: 0x2601,
+	0xcea: 0x2619, 0xceb: 0x2631, 0xcec: 0x2649, 0xced: 0x2661, 0xcee: 0x2679, 0xcef: 0x2691,
+	0xcf0: 0x26a9, 0xcf1: 0x26c1, 0xcf2: 0x26d9, 0xcf3: 0x26f1, 0xcf4: 0x0a06, 0xcf5: 0x0a26,
+	0xcf6: 0x0a46, 0xcf7: 0x0a66, 0xcf8: 0x0a86, 0xcf9: 0x0aa6, 0xcfa: 0x0ac6, 0xcfb: 0x0ae6,
+	0xcfc: 0x0b06, 0xcfd: 0x270a, 0xcfe: 0x2732, 0xcff: 0x275a,
+	// Block 0x34, offset 0xd00
+	0xd00: 0x2782, 0xd01: 0x27aa, 0xd02: 0x27d2, 0xd03: 0x27fa, 0xd04: 0x2822, 0xd05: 0x284a,
+	0xd06: 0x2872, 0xd07: 0x289a, 0xd08: 0x0040, 0xd09: 0x0040, 0xd0a: 0x0040, 0xd0b: 0x0040,
+	0xd0c: 0x0040, 0xd0d: 0x0040, 0xd0e: 0x0040, 0xd0f: 0x0040, 0xd10: 0x0040, 0xd11: 0x0040,
+	0xd12: 0x0040, 0xd13: 0x0040, 0xd14: 0x0040, 0xd15: 0x0040, 0xd16: 0x0040, 0xd17: 0x0040,
+	0xd18: 0x0040, 0xd19: 0x0040, 0xd1a: 0x0040, 0xd1b: 0x0040, 0xd1c: 0x0b26, 0xd1d: 0x0b46,
+	0xd1e: 0x0b66, 0xd1f: 0x0b86, 0xd20: 0x0ba6, 0xd21: 0x0bc6, 0xd22: 0x0be6, 0xd23: 0x0c06,
+	0xd24: 0x0c26, 0xd25: 0x0c46, 0xd26: 0x0c66, 0xd27: 0x0c86, 0xd28: 0x0ca6, 0xd29: 0x0cc6,
+	0xd2a: 0x0ce6, 0xd2b: 0x0d06, 0xd2c: 0x0d26, 0xd2d: 0x0d46, 0xd2e: 0x0d66, 0xd2f: 0x0d86,
+	0xd30: 0x0da6, 0xd31: 0x0dc6, 0xd32: 0x0de6, 0xd33: 0x0e06, 0xd34: 0x0e26, 0xd35: 0x0e46,
+	0xd36: 0x0039, 0xd37: 0x0ee9, 0xd38: 0x1159, 0xd39: 0x0ef9, 0xd3a: 0x0f09, 0xd3b: 0x1199,
+	0xd3c: 0x0f31, 0xd3d: 0x0249, 0xd3e: 0x0f41, 0xd3f: 0x0259,
+	// Block 0x35, offset 0xd40
+	0xd40: 0x0f51, 0xd41: 0x0359, 0xd42: 0x0f61, 0xd43: 0x0f71, 0xd44: 0x00d9, 0xd45: 0x0f99,
+	0xd46: 0x2039, 0xd47: 0x0269, 0xd48: 0x01d9, 0xd49: 0x0fa9, 0xd4a: 0x0fb9, 0xd4b: 0x1089,
+	0xd4c: 0x0279, 0xd4d: 0x0369, 0xd4e: 0x0289, 0xd4f: 0x13d1, 0xd50: 0x0039, 0xd51: 0x0ee9,
+	0xd52: 0x1159, 0xd53: 0x0ef9, 0xd54: 0x0f09, 0xd55: 0x1199, 0xd56: 0x0f31, 0xd57: 0x0249,
+	0xd58: 0x0f41, 0xd59: 0x0259, 0xd5a: 0x0f51, 0xd5b: 0x0359, 0xd5c: 0x0f61, 0xd5d: 0x0f71,
+	0xd5e: 0x00d9, 0xd5f: 0x0f99, 0xd60: 0x2039, 0xd61: 0x0269, 0xd62: 0x01d9, 0xd63: 0x0fa9,
+	0xd64: 0x0fb9, 0xd65: 0x1089, 0xd66: 0x0279, 0xd67: 0x0369, 0xd68: 0x0289, 0xd69: 0x13d1,
+	0xd6a: 0x1f41, 0xd6b: 0x0018, 0xd6c: 0x0018, 0xd6d: 0x0018, 0xd6e: 0x0018, 0xd6f: 0x0018,
+	0xd70: 0x0018, 0xd71: 0x0018, 0xd72: 0x0018, 0xd73: 0x0018, 0xd74: 0x0018, 0xd75: 0x0018,
+	0xd76: 0x0018, 0xd77: 0x0018, 0xd78: 0x0018, 0xd79: 0x0018, 0xd7a: 0x0018, 0xd7b: 0x0018,
+	0xd7c: 0x0018, 0xd7d: 0x0018, 0xd7e: 0x0018, 0xd7f: 0x0018,
+	// Block 0x36, offset 0xd80
+	0xd80: 0x0008, 0xd81: 0x0008, 0xd82: 0x0008, 0xd83: 0x0008, 0xd84: 0x0008, 0xd85: 0x0008,
+	0xd86: 0x0008, 0xd87: 0x0008, 0xd88: 0x0008, 0xd89: 0x0008, 0xd8a: 0x0008, 0xd8b: 0x0008,
+	0xd8c: 0x0008, 0xd8d: 0x0008, 0xd8e: 0x0008, 0xd8f: 0x0008, 0xd90: 0x0008, 0xd91: 0x0008,
+	0xd92: 0x0008, 0xd93: 0x0008, 0xd94: 0x0008, 0xd95: 0x0008, 0xd96: 0x0008, 0xd97: 0x0008,
+	0xd98: 0x0008, 0xd99: 0x0008, 0xd9a: 0x0008, 0xd9b: 0x0008, 0xd9c: 0x0008, 0xd9d: 0x0008,
+	0xd9e: 0x0008, 0xd9f: 0x0040, 0xda0: 0xe00d, 0xda1: 0x0008, 0xda2: 0x2971, 0xda3: 0x0ebd,
+	0xda4: 0x2989, 0xda5: 0x0008, 0xda6: 0x0008, 0xda7: 0xe07d, 0xda8: 0x0008, 0xda9: 0xe01d,
+	0xdaa: 0x0008, 0xdab: 0xe03d, 0xdac: 0x0008, 0xdad: 0x0fe1, 0xdae: 0x1281, 0xdaf: 0x0fc9,
+	0xdb0: 0x1141, 0xdb1: 0x0008, 0xdb2: 0xe00d, 0xdb3: 0x0008, 0xdb4: 0x0008, 0xdb5: 0xe01d,
+	0xdb6: 0x0008, 0xdb7: 0x0008, 0xdb8: 0x0008, 0xdb9: 0x0008, 0xdba: 0x0008, 0xdbb: 0x0008,
+	0xdbc: 0x0259, 0xdbd: 0x1089, 0xdbe: 0x29a1, 0xdbf: 0x29b9,
+	// Block 0x37, offset 0xdc0
+	0xdc0: 0xe00d, 0xdc1: 0x0008, 0xdc2: 0xe00d, 0xdc3: 0x0008, 0xdc4: 0xe00d, 0xdc5: 0x0008,
+	0xdc6: 0xe00d, 0xdc7: 0x0008, 0xdc8: 0xe00d, 0xdc9: 0x0008, 0xdca: 0xe00d, 0xdcb: 0x0008,
+	0xdcc: 0xe00d, 0xdcd: 0x0008, 0xdce: 0xe00d, 0xdcf: 0x0008, 0xdd0: 0xe00d, 0xdd1: 0x0008,
+	0xdd2: 0xe00d, 0xdd3: 0x0008, 0xdd4: 0xe00d, 0xdd5: 0x0008, 0xdd6: 0xe00d, 0xdd7: 0x0008,
+	0xdd8: 0xe00d, 0xdd9: 0x0008, 0xdda: 0xe00d, 0xddb: 0x0008, 0xddc: 0xe00d, 0xddd: 0x0008,
+	0xdde: 0xe00d, 0xddf: 0x0008, 0xde0: 0xe00d, 0xde1: 0x0008, 0xde2: 0xe00d, 0xde3: 0x0008,
+	0xde4: 0x0008, 0xde5: 0x0018, 0xde6: 0x0018, 0xde7: 0x0018, 0xde8: 0x0018, 0xde9: 0x0018,
+	0xdea: 0x0018, 0xdeb: 0xe03d, 0xdec: 0x0008, 0xded: 0xe01d, 0xdee: 0x0008, 0xdef: 0x3308,
+	0xdf0: 0x3308, 0xdf1: 0x3308, 0xdf2: 0xe00d, 0xdf3: 0x0008, 0xdf4: 0x0040, 0xdf5: 0x0040,
+	0xdf6: 0x0040, 0xdf7: 0x0040, 0xdf8: 0x0040, 0xdf9: 0x0018, 0xdfa: 0x0018, 0xdfb: 0x0018,
+	0xdfc: 0x0018, 0xdfd: 0x0018, 0xdfe: 0x0018, 0xdff: 0x0018,
+	// Block 0x38, offset 0xe00
+	0xe00: 0x26fd, 0xe01: 0x271d, 0xe02: 0x273d, 0xe03: 0x275d, 0xe04: 0x277d, 0xe05: 0x279d,
+	0xe06: 0x27bd, 0xe07: 0x27dd, 0xe08: 0x27fd, 0xe09: 0x281d, 0xe0a: 0x283d, 0xe0b: 0x285d,
+	0xe0c: 0x287d, 0xe0d: 0x289d, 0xe0e: 0x28bd, 0xe0f: 0x28dd, 0xe10: 0x28fd, 0xe11: 0x291d,
+	0xe12: 0x293d, 0xe13: 0x295d, 0xe14: 0x297d, 0xe15: 0x299d, 0xe16: 0x0040, 0xe17: 0x0040,
+	0xe18: 0x0040, 0xe19: 0x0040, 0xe1a: 0x0040, 0xe1b: 0x0040, 0xe1c: 0x0040, 0xe1d: 0x0040,
+	0xe1e: 0x0040, 0xe1f: 0x0040, 0xe20: 0x0040, 0xe21: 0x0040, 0xe22: 0x0040, 0xe23: 0x0040,
+	0xe24: 0x0040, 0xe25: 0x0040, 0xe26: 0x0040, 0xe27: 0x0040, 0xe28: 0x0040, 0xe29: 0x0040,
+	0xe2a: 0x0040, 0xe2b: 0x0040, 0xe2c: 0x0040, 0xe2d: 0x0040, 0xe2e: 0x0040, 0xe2f: 0x0040,
+	0xe30: 0x0040, 0xe31: 0x0040, 0xe32: 0x0040, 0xe33: 0x0040, 0xe34: 0x0040, 0xe35: 0x0040,
+	0xe36: 0x0040, 0xe37: 0x0040, 0xe38: 0x0040, 0xe39: 0x0040, 0xe3a: 0x0040, 0xe3b: 0x0040,
+	0xe3c: 0x0040, 0xe3d: 0x0040, 0xe3e: 0x0040, 0xe3f: 0x0040,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x000a, 0xe41: 0x0018, 0xe42: 0x29d1, 0xe43: 0x0018, 0xe44: 0x0018, 0xe45: 0x0008,
+	0xe46: 0x0008, 0xe47: 0x0008, 0xe48: 0x0018, 0xe49: 0x0018, 0xe4a: 0x0018, 0xe4b: 0x0018,
+	0xe4c: 0x0018, 0xe4d: 0x0018, 0xe4e: 0x0018, 0xe4f: 0x0018, 0xe50: 0x0018, 0xe51: 0x0018,
+	0xe52: 0x0018, 0xe53: 0x0018, 0xe54: 0x0018, 0xe55: 0x0018, 0xe56: 0x0018, 0xe57: 0x0018,
+	0xe58: 0x0018, 0xe59: 0x0018, 0xe5a: 0x0018, 0xe5b: 0x0018, 0xe5c: 0x0018, 0xe5d: 0x0018,
+	0xe5e: 0x0018, 0xe5f: 0x0018, 0xe60: 0x0018, 0xe61: 0x0018, 0xe62: 0x0018, 0xe63: 0x0018,
+	0xe64: 0x0018, 0xe65: 0x0018, 0xe66: 0x0018, 0xe67: 0x0018, 0xe68: 0x0018, 0xe69: 0x0018,
+	0xe6a: 0x3308, 0xe6b: 0x3308, 0xe6c: 0x3308, 0xe6d: 0x3308, 0xe6e: 0x3018, 0xe6f: 0x3018,
+	0xe70: 0x0018, 0xe71: 0x0018, 0xe72: 0x0018, 0xe73: 0x0018, 0xe74: 0x0018, 0xe75: 0x0018,
+	0xe76: 0xe125, 0xe77: 0x0018, 0xe78: 0x29bd, 0xe79: 0x29dd, 0xe7a: 0x29fd, 0xe7b: 0x0018,
+	0xe7c: 0x0008, 0xe7d: 0x0018, 0xe7e: 0x0018, 0xe7f: 0x0018,
+	// Block 0x3a, offset 0xe80
+	0xe80: 0x2b3d, 0xe81: 0x2b5d, 0xe82: 0x2b7d, 0xe83: 0x2b9d, 0xe84: 0x2bbd, 0xe85: 0x2bdd,
+	0xe86: 0x2bdd, 0xe87: 0x2bdd, 0xe88: 0x2bfd, 0xe89: 0x2bfd, 0xe8a: 0x2bfd, 0xe8b: 0x2bfd,
+	0xe8c: 0x2c1d, 0xe8d: 0x2c1d, 0xe8e: 0x2c1d, 0xe8f: 0x2c3d, 0xe90: 0x2c5d, 0xe91: 0x2c5d,
+	0xe92: 0x2a7d, 0xe93: 0x2a7d, 0xe94: 0x2c5d, 0xe95: 0x2c5d, 0xe96: 0x2c7d, 0xe97: 0x2c7d,
+	0xe98: 0x2c5d, 0xe99: 0x2c5d, 0xe9a: 0x2a7d, 0xe9b: 0x2a7d, 0xe9c: 0x2c5d, 0xe9d: 0x2c5d,
+	0xe9e: 0x2c3d, 0xe9f: 0x2c3d, 0xea0: 0x2c9d, 0xea1: 0x2c9d, 0xea2: 0x2cbd, 0xea3: 0x2cbd,
+	0xea4: 0x0040, 0xea5: 0x2cdd, 0xea6: 0x2cfd, 0xea7: 0x2d1d, 0xea8: 0x2d1d, 0xea9: 0x2d3d,
+	0xeaa: 0x2d5d, 0xeab: 0x2d7d, 0xeac: 0x2d9d, 0xead: 0x2dbd, 0xeae: 0x2ddd, 0xeaf: 0x2dfd,
+	0xeb0: 0x2e1d, 0xeb1: 0x2e3d, 0xeb2: 0x2e3d, 0xeb3: 0x2e5d, 0xeb4: 0x2e7d, 0xeb5: 0x2e7d,
+	0xeb6: 0x2e9d, 0xeb7: 0x2ebd, 0xeb8: 0x2e5d, 0xeb9: 0x2edd, 0xeba: 0x2efd, 0xebb: 0x2edd,
+	0xebc: 0x2e5d, 0xebd: 0x2f1d, 0xebe: 0x2f3d, 0xebf: 0x2f5d,
+	// Block 0x3b, offset 0xec0
+	0xec0: 0x2f7d, 0xec1: 0x2f9d, 0xec2: 0x2cfd, 0xec3: 0x2cdd, 0xec4: 0x2fbd, 0xec5: 0x2fdd,
+	0xec6: 0x2ffd, 0xec7: 0x301d, 0xec8: 0x303d, 0xec9: 0x305d, 0xeca: 0x307d, 0xecb: 0x309d,
+	0xecc: 0x30bd, 0xecd: 0x30dd, 0xece: 0x30fd, 0xecf: 0x0040, 0xed0: 0x0018, 0xed1: 0x0018,
+	0xed2: 0x311d, 0xed3: 0x313d, 0xed4: 0x315d, 0xed5: 0x317d, 0xed6: 0x319d, 0xed7: 0x31bd,
+	0xed8: 0x31dd, 0xed9: 0x31fd, 0xeda: 0x321d, 0xedb: 0x323d, 0xedc: 0x315d, 0xedd: 0x325d,
+	0xede: 0x327d, 0xedf: 0x329d, 0xee0: 0x0008, 0xee1: 0x0008, 0xee2: 0x0008, 0xee3: 0x0008,
+	0xee4: 0x0008, 0xee5: 0x0008, 0xee6: 0x0008, 0xee7: 0x0008, 0xee8: 0x0008, 0xee9: 0x0008,
+	0xeea: 0x0008, 0xeeb: 0x0008, 0xeec: 0x0008, 0xeed: 0x0008, 0xeee: 0x0008, 0xeef: 0x0008,
+	0xef0: 0x0008, 0xef1: 0x0008, 0xef2: 0x0008, 0xef3: 0x0008, 0xef4: 0x0008, 0xef5: 0x0008,
+	0xef6: 0x0008, 0xef7: 0x0008, 0xef8: 0x0008, 0xef9: 0x0008, 0xefa: 0x0008, 0xefb: 0x0040,
+	0xefc: 0x0040, 0xefd: 0x0040, 0xefe: 0x0040, 0xeff: 0x0040,
+	// Block 0x3c, offset 0xf00
+	0xf00: 0x36a2, 0xf01: 0x36d2, 0xf02: 0x3702, 0xf03: 0x3732, 0xf04: 0x32bd, 0xf05: 0x32dd,
+	0xf06: 0x32fd, 0xf07: 0x331d, 0xf08: 0x0018, 0xf09: 0x0018, 0xf0a: 0x0018, 0xf0b: 0x0018,
+	0xf0c: 0x0018, 0xf0d: 0x0018, 0xf0e: 0x0018, 0xf0f: 0x0018, 0xf10: 0x333d, 0xf11: 0x3761,
+	0xf12: 0x3779, 0xf13: 0x3791, 0xf14: 0x37a9, 0xf15: 0x37c1, 0xf16: 0x37d9, 0xf17: 0x37f1,
+	0xf18: 0x3809, 0xf19: 0x3821, 0xf1a: 0x3839, 0xf1b: 0x3851, 0xf1c: 0x3869, 0xf1d: 0x3881,
+	0xf1e: 0x3899, 0xf1f: 0x38b1, 0xf20: 0x335d, 0xf21: 0x337d, 0xf22: 0x339d, 0xf23: 0x33bd,
+	0xf24: 0x33dd, 0xf25: 0x33dd, 0xf26: 0x33fd, 0xf27: 0x341d, 0xf28: 0x343d, 0xf29: 0x345d,
+	0xf2a: 0x347d, 0xf2b: 0x349d, 0xf2c: 0x34bd, 0xf2d: 0x34dd, 0xf2e: 0x34fd, 0xf2f: 0x351d,
+	0xf30: 0x353d, 0xf31: 0x355d, 0xf32: 0x357d, 0xf33: 0x359d, 0xf34: 0x35bd, 0xf35: 0x35dd,
+	0xf36: 0x35fd, 0xf37: 0x361d, 0xf38: 0x363d, 0xf39: 0x365d, 0xf3a: 0x367d, 0xf3b: 0x369d,
+	0xf3c: 0x38c9, 0xf3d: 0x3901, 0xf3e: 0x36bd, 0xf3f: 0x0018,
+	// Block 0x3d, offset 0xf40
+	0xf40: 0x36dd, 0xf41: 0x36fd, 0xf42: 0x371d, 0xf43: 0x373d, 0xf44: 0x375d, 0xf45: 0x377d,
+	0xf46: 0x379d, 0xf47: 0x37bd, 0xf48: 0x37dd, 0xf49: 0x37fd, 0xf4a: 0x381d, 0xf4b: 0x383d,
+	0xf4c: 0x385d, 0xf4d: 0x387d, 0xf4e: 0x389d, 0xf4f: 0x38bd, 0xf50: 0x38dd, 0xf51: 0x38fd,
+	0xf52: 0x391d, 0xf53: 0x393d, 0xf54: 0x395d, 0xf55: 0x397d, 0xf56: 0x399d, 0xf57: 0x39bd,
+	0xf58: 0x39dd, 0xf59: 0x39fd, 0xf5a: 0x3a1d, 0xf5b: 0x3a3d, 0xf5c: 0x3a5d, 0xf5d: 0x3a7d,
+	0xf5e: 0x3a9d, 0xf5f: 0x3abd, 0xf60: 0x3add, 0xf61: 0x3afd, 0xf62: 0x3b1d, 0xf63: 0x3b3d,
+	0xf64: 0x3b5d, 0xf65: 0x3b7d, 0xf66: 0x127d, 0xf67: 0x3b9d, 0xf68: 0x3bbd, 0xf69: 0x3bdd,
+	0xf6a: 0x3bfd, 0xf6b: 0x3c1d, 0xf6c: 0x3c3d, 0xf6d: 0x3c5d, 0xf6e: 0x239d, 0xf6f: 0x3c7d,
+	0xf70: 0x3c9d, 0xf71: 0x3939, 0xf72: 0x3951, 0xf73: 0x3969, 0xf74: 0x3981, 0xf75: 0x3999,
+	0xf76: 0x39b1, 0xf77: 0x39c9, 0xf78: 0x39e1, 0xf79: 0x39f9, 0xf7a: 0x3a11, 0xf7b: 0x3a29,
+	0xf7c: 0x3a41, 0xf7d: 0x3a59, 0xf7e: 0x3a71, 0xf7f: 0x3a89,
+	// Block 0x3e, offset 0xf80
+	0xf80: 0x3aa1, 0xf81: 0x3ac9, 0xf82: 0x3af1, 0xf83: 0x3b19, 0xf84: 0x3b41, 0xf85: 0x3b69,
+	0xf86: 0x3b91, 0xf87: 0x3bb9, 0xf88: 0x3be1, 0xf89: 0x3c09, 0xf8a: 0x3c39, 0xf8b: 0x3c69,
+	0xf8c: 0x3c99, 0xf8d: 0x3cbd, 0xf8e: 0x3cb1, 0xf8f: 0x3cdd, 0xf90: 0x3cfd, 0xf91: 0x3d15,
+	0xf92: 0x3d2d, 0xf93: 0x3d45, 0xf94: 0x3d5d, 0xf95: 0x3d5d, 0xf96: 0x3d45, 0xf97: 0x3d75,
+	0xf98: 0x07bd, 0xf99: 0x3d8d, 0xf9a: 0x3da5, 0xf9b: 0x3dbd, 0xf9c: 0x3dd5, 0xf9d: 0x3ded,
+	0xf9e: 0x3e05, 0xf9f: 0x3e1d, 0xfa0: 0x3e35, 0xfa1: 0x3e4d, 0xfa2: 0x3e65, 0xfa3: 0x3e7d,
+	0xfa4: 0x3e95, 0xfa5: 0x3e95, 0xfa6: 0x3ead, 0xfa7: 0x3ead, 0xfa8: 0x3ec5, 0xfa9: 0x3ec5,
+	0xfaa: 0x3edd, 0xfab: 0x3ef5, 0xfac: 0x3f0d, 0xfad: 0x3f25, 0xfae: 0x3f3d, 0xfaf: 0x3f3d,
+	0xfb0: 0x3f55, 0xfb1: 0x3f55, 0xfb2: 0x3f55, 0xfb3: 0x3f6d, 0xfb4: 0x3f85, 0xfb5: 0x3f9d,
+	0xfb6: 0x3fb5, 0xfb7: 0x3f9d, 0xfb8: 0x3fcd, 0xfb9: 0x3fe5, 0xfba: 0x3f6d, 0xfbb: 0x3ffd,
+	0xfbc: 0x4015, 0xfbd: 0x4015, 0xfbe: 0x4015, 0xfbf: 0x0040,
+	// Block 0x3f, offset 0xfc0
+	0xfc0: 0x3cc9, 0xfc1: 0x3d31, 0xfc2: 0x3d99, 0xfc3: 0x3e01, 0xfc4: 0x3e51, 0xfc5: 0x3eb9,
+	0xfc6: 0x3f09, 0xfc7: 0x3f59, 0xfc8: 0x3fd9, 0xfc9: 0x4041, 0xfca: 0x4091, 0xfcb: 0x40e1,
+	0xfcc: 0x4131, 0xfcd: 0x4199, 0xfce: 0x4201, 0xfcf: 0x4251, 0xfd0: 0x42a1, 0xfd1: 0x42d9,
+	0xfd2: 0x4329, 0xfd3: 0x4391, 0xfd4: 0x43f9, 0xfd5: 0x4431, 0xfd6: 0x44b1, 0xfd7: 0x4549,
+	0xfd8: 0x45c9, 0xfd9: 0x4619, 0xfda: 0x4699, 0xfdb: 0x4719, 0xfdc: 0x4781, 0xfdd: 0x47d1,
+	0xfde: 0x4821, 0xfdf: 0x4871, 0xfe0: 0x48d9, 0xfe1: 0x4959, 0xfe2: 0x49c1, 0xfe3: 0x4a11,
+	0xfe4: 0x4a61, 0xfe5: 0x4ab1, 0xfe6: 0x4ae9, 0xfe7: 0x4b21, 0xfe8: 0x4b59, 0xfe9: 0x4b91,
+	0xfea: 0x4be1, 0xfeb: 0x4c31, 0xfec: 0x4cb1, 0xfed: 0x4d01, 0xfee: 0x4d69, 0xfef: 0x4de9,
+	0xff0: 0x4e39, 0xff1: 0x4e71, 0xff2: 0x4ea9, 0xff3: 0x4f29, 0xff4: 0x4f91, 0xff5: 0x5011,
+	0xff6: 0x5061, 0xff7: 0x50e1, 0xff8: 0x5119, 0xff9: 0x5169, 0xffa: 0x51b9, 0xffb: 0x5209,
+	0xffc: 0x5259, 0xffd: 0x52a9, 0xffe: 0x5311, 0xfff: 0x5361,
+	// Block 0x40, offset 0x1000
+	0x1000: 0x5399, 0x1001: 0x53e9, 0x1002: 0x5439, 0x1003: 0x5489, 0x1004: 0x54f1, 0x1005: 0x5541,
+	0x1006: 0x5591, 0x1007: 0x55e1, 0x1008: 0x5661, 0x1009: 0x56c9, 0x100a: 0x5701, 0x100b: 0x5781,
+	0x100c: 0x57b9, 0x100d: 0x5821, 0x100e: 0x5889, 0x100f: 0x58d9, 0x1010: 0x5929, 0x1011: 0x5979,
+	0x1012: 0x59e1, 0x1013: 0x5a19, 0x1014: 0x5a69, 0x1015: 0x5ad1, 0x1016: 0x5b09, 0x1017: 0x5b89,
+	0x1018: 0x5bd9, 0x1019: 0x5c01, 0x101a: 0x5c29, 0x101b: 0x5c51, 0x101c: 0x5c79, 0x101d: 0x5ca1,
+	0x101e: 0x5cc9, 0x101f: 0x5cf1, 0x1020: 0x5d19, 0x1021: 0x5d41, 0x1022: 0x5d69, 0x1023: 0x5d99,
+	0x1024: 0x5dc9, 0x1025: 0x5df9, 0x1026: 0x5e29, 0x1027: 0x5e59, 0x1028: 0x5e89, 0x1029: 0x5eb9,
+	0x102a: 0x5ee9, 0x102b: 0x5f19, 0x102c: 0x5f49, 0x102d: 0x5f79, 0x102e: 0x5fa9, 0x102f: 0x5fd9,
+	0x1030: 0x6009, 0x1031: 0x402d, 0x1032: 0x6039, 0x1033: 0x6051, 0x1034: 0x404d, 0x1035: 0x6069,
+	0x1036: 0x6081, 0x1037: 0x6099, 0x1038: 0x406d, 0x1039: 0x406d, 0x103a: 0x60b1, 0x103b: 0x60c9,
+	0x103c: 0x6101, 0x103d: 0x6139, 0x103e: 0x6171, 0x103f: 0x61a9,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x6211, 0x1041: 0x6229, 0x1042: 0x408d, 0x1043: 0x6241, 0x1044: 0x6259, 0x1045: 0x6271,
+	0x1046: 0x6289, 0x1047: 0x62a1, 0x1048: 0x40ad, 0x1049: 0x62b9, 0x104a: 0x62e1, 0x104b: 0x62f9,
+	0x104c: 0x40cd, 0x104d: 0x40cd, 0x104e: 0x6311, 0x104f: 0x6329, 0x1050: 0x6341, 0x1051: 0x40ed,
+	0x1052: 0x410d, 0x1053: 0x412d, 0x1054: 0x414d, 0x1055: 0x416d, 0x1056: 0x6359, 0x1057: 0x6371,
+	0x1058: 0x6389, 0x1059: 0x63a1, 0x105a: 0x63b9, 0x105b: 0x418d, 0x105c: 0x63d1, 0x105d: 0x63e9,
+	0x105e: 0x6401, 0x105f: 0x41ad, 0x1060: 0x41cd, 0x1061: 0x6419, 0x1062: 0x41ed, 0x1063: 0x420d,
+	0x1064: 0x422d, 0x1065: 0x6431, 0x1066: 0x424d, 0x1067: 0x6449, 0x1068: 0x6479, 0x1069: 0x6211,
+	0x106a: 0x426d, 0x106b: 0x428d, 0x106c: 0x42ad, 0x106d: 0x42cd, 0x106e: 0x64b1, 0x106f: 0x64f1,
+	0x1070: 0x6539, 0x1071: 0x6551, 0x1072: 0x42ed, 0x1073: 0x6569, 0x1074: 0x6581, 0x1075: 0x6599,
+	0x1076: 0x430d, 0x1077: 0x65b1, 0x1078: 0x65c9, 0x1079: 0x65b1, 0x107a: 0x65e1, 0x107b: 0x65f9,
+	0x107c: 0x432d, 0x107d: 0x6611, 0x107e: 0x6629, 0x107f: 0x6611,
+	// Block 0x42, offset 0x1080
+	0x1080: 0x434d, 0x1081: 0x436d, 0x1082: 0x0040, 0x1083: 0x6641, 0x1084: 0x6659, 0x1085: 0x6671,
+	0x1086: 0x6689, 0x1087: 0x0040, 0x1088: 0x66c1, 0x1089: 0x66d9, 0x108a: 0x66f1, 0x108b: 0x6709,
+	0x108c: 0x6721, 0x108d: 0x6739, 0x108e: 0x6401, 0x108f: 0x6751, 0x1090: 0x6769, 0x1091: 0x6781,
+	0x1092: 0x438d, 0x1093: 0x6799, 0x1094: 0x6289, 0x1095: 0x43ad, 0x1096: 0x43cd, 0x1097: 0x67b1,
+	0x1098: 0x0040, 0x1099: 0x43ed, 0x109a: 0x67c9, 0x109b: 0x67e1, 0x109c: 0x67f9, 0x109d: 0x6811,
+	0x109e: 0x6829, 0x109f: 0x6859, 0x10a0: 0x6889, 0x10a1: 0x68b1, 0x10a2: 0x68d9, 0x10a3: 0x6901,
+	0x10a4: 0x6929, 0x10a5: 0x6951, 0x10a6: 0x6979, 0x10a7: 0x69a1, 0x10a8: 0x69c9, 0x10a9: 0x69f1,
+	0x10aa: 0x6a21, 0x10ab: 0x6a51, 0x10ac: 0x6a81, 0x10ad: 0x6ab1, 0x10ae: 0x6ae1, 0x10af: 0x6b11,
+	0x10b0: 0x6b41, 0x10b1: 0x6b71, 0x10b2: 0x6ba1, 0x10b3: 0x6bd1, 0x10b4: 0x6c01, 0x10b5: 0x6c31,
+	0x10b6: 0x6c61, 0x10b7: 0x6c91, 0x10b8: 0x6cc1, 0x10b9: 0x6cf1, 0x10ba: 0x6d21, 0x10bb: 0x6d51,
+	0x10bc: 0x6d81, 0x10bd: 0x6db1, 0x10be: 0x6de1, 0x10bf: 0x440d,
+	// Block 0x43, offset 0x10c0
+	0x10c0: 0xe00d, 0x10c1: 0x0008, 0x10c2: 0xe00d, 0x10c3: 0x0008, 0x10c4: 0xe00d, 0x10c5: 0x0008,
+	0x10c6: 0xe00d, 0x10c7: 0x0008, 0x10c8: 0xe00d, 0x10c9: 0x0008, 0x10ca: 0xe00d, 0x10cb: 0x0008,
+	0x10cc: 0xe00d, 0x10cd: 0x0008, 0x10ce: 0xe00d, 0x10cf: 0x0008, 0x10d0: 0xe00d, 0x10d1: 0x0008,
+	0x10d2: 0xe00d, 0x10d3: 0x0008, 0x10d4: 0xe00d, 0x10d5: 0x0008, 0x10d6: 0xe00d, 0x10d7: 0x0008,
+	0x10d8: 0xe00d, 0x10d9: 0x0008, 0x10da: 0xe00d, 0x10db: 0x0008, 0x10dc: 0xe00d, 0x10dd: 0x0008,
+	0x10de: 0xe00d, 0x10df: 0x0008, 0x10e0: 0xe00d, 0x10e1: 0x0008, 0x10e2: 0xe00d, 0x10e3: 0x0008,
+	0x10e4: 0xe00d, 0x10e5: 0x0008, 0x10e6: 0xe00d, 0x10e7: 0x0008, 0x10e8: 0xe00d, 0x10e9: 0x0008,
+	0x10ea: 0xe00d, 0x10eb: 0x0008, 0x10ec: 0xe00d, 0x10ed: 0x0008, 0x10ee: 0x0008, 0x10ef: 0x3308,
+	0x10f0: 0x3318, 0x10f1: 0x3318, 0x10f2: 0x3318, 0x10f3: 0x0018, 0x10f4: 0x3308, 0x10f5: 0x3308,
+	0x10f6: 0x3308, 0x10f7: 0x3308, 0x10f8: 0x3308, 0x10f9: 0x3308, 0x10fa: 0x3308, 0x10fb: 0x3308,
+	0x10fc: 0x3308, 0x10fd: 0x3308, 0x10fe: 0x0018, 0x10ff: 0x0008,
+	// Block 0x44, offset 0x1100
+	0x1100: 0xe00d, 0x1101: 0x0008, 0x1102: 0xe00d, 0x1103: 0x0008, 0x1104: 0xe00d, 0x1105: 0x0008,
+	0x1106: 0xe00d, 0x1107: 0x0008, 0x1108: 0xe00d, 0x1109: 0x0008, 0x110a: 0xe00d, 0x110b: 0x0008,
+	0x110c: 0xe00d, 0x110d: 0x0008, 0x110e: 0xe00d, 0x110f: 0x0008, 0x1110: 0xe00d, 0x1111: 0x0008,
+	0x1112: 0xe00d, 0x1113: 0x0008, 0x1114: 0xe00d, 0x1115: 0x0008, 0x1116: 0xe00d, 0x1117: 0x0008,
+	0x1118: 0xe00d, 0x1119: 0x0008, 0x111a: 0xe00d, 0x111b: 0x0008, 0x111c: 0x0ea1, 0x111d: 0x6e11,
+	0x111e: 0x3308, 0x111f: 0x3308, 0x1120: 0x0008, 0x1121: 0x0008, 0x1122: 0x0008, 0x1123: 0x0008,
+	0x1124: 0x0008, 0x1125: 0x0008, 0x1126: 0x0008, 0x1127: 0x0008, 0x1128: 0x0008, 0x1129: 0x0008,
+	0x112a: 0x0008, 0x112b: 0x0008, 0x112c: 0x0008, 0x112d: 0x0008, 0x112e: 0x0008, 0x112f: 0x0008,
+	0x1130: 0x0008, 0x1131: 0x0008, 0x1132: 0x0008, 0x1133: 0x0008, 0x1134: 0x0008, 0x1135: 0x0008,
+	0x1136: 0x0008, 0x1137: 0x0008, 0x1138: 0x0008, 0x1139: 0x0008, 0x113a: 0x0008, 0x113b: 0x0008,
+	0x113c: 0x0008, 0x113d: 0x0008, 0x113e: 0x0008, 0x113f: 0x0008,
+	// Block 0x45, offset 0x1140
+	0x1140: 0x0018, 0x1141: 0x0018, 0x1142: 0x0018, 0x1143: 0x0018, 0x1144: 0x0018, 0x1145: 0x0018,
+	0x1146: 0x0018, 0x1147: 0x0018, 0x1148: 0x0018, 0x1149: 0x0018, 0x114a: 0x0018, 0x114b: 0x0018,
+	0x114c: 0x0018, 0x114d: 0x0018, 0x114e: 0x0018, 0x114f: 0x0018, 0x1150: 0x0018, 0x1151: 0x0018,
+	0x1152: 0x0018, 0x1153: 0x0018, 0x1154: 0x0018, 0x1155: 0x0018, 0x1156: 0x0018, 0x1157: 0x0008,
+	0x1158: 0x0008, 0x1159: 0x0008, 0x115a: 0x0008, 0x115b: 0x0008, 0x115c: 0x0008, 0x115d: 0x0008,
+	0x115e: 0x0008, 0x115f: 0x0008, 0x1160: 0x0018, 0x1161: 0x0018, 0x1162: 0xe00d, 0x1163: 0x0008,
+	0x1164: 0xe00d, 0x1165: 0x0008, 0x1166: 0xe00d, 0x1167: 0x0008, 0x1168: 0xe00d, 0x1169: 0x0008,
+	0x116a: 0xe00d, 0x116b: 0x0008, 0x116c: 0xe00d, 0x116d: 0x0008, 0x116e: 0xe00d, 0x116f: 0x0008,
+	0x1170: 0x0008, 0x1171: 0x0008, 0x1172: 0xe00d, 0x1173: 0x0008, 0x1174: 0xe00d, 0x1175: 0x0008,
+	0x1176: 0xe00d, 0x1177: 0x0008, 0x1178: 0xe00d, 0x1179: 0x0008, 0x117a: 0xe00d, 0x117b: 0x0008,
+	0x117c: 0xe00d, 0x117d: 0x0008, 0x117e: 0xe00d, 0x117f: 0x0008,
+	// Block 0x46, offset 0x1180
+	0x1180: 0xe00d, 0x1181: 0x0008, 0x1182: 0xe00d, 0x1183: 0x0008, 0x1184: 0xe00d, 0x1185: 0x0008,
+	0x1186: 0xe00d, 0x1187: 0x0008, 0x1188: 0xe00d, 0x1189: 0x0008, 0x118a: 0xe00d, 0x118b: 0x0008,
+	0x118c: 0xe00d, 0x118d: 0x0008, 0x118e: 0xe00d, 0x118f: 0x0008, 0x1190: 0xe00d, 0x1191: 0x0008,
+	0x1192: 0xe00d, 0x1193: 0x0008, 0x1194: 0xe00d, 0x1195: 0x0008, 0x1196: 0xe00d, 0x1197: 0x0008,
+	0x1198: 0xe00d, 0x1199: 0x0008, 0x119a: 0xe00d, 0x119b: 0x0008, 0x119c: 0xe00d, 0x119d: 0x0008,
+	0x119e: 0xe00d, 0x119f: 0x0008, 0x11a0: 0xe00d, 0x11a1: 0x0008, 0x11a2: 0xe00d, 0x11a3: 0x0008,
+	0x11a4: 0xe00d, 0x11a5: 0x0008, 0x11a6: 0xe00d, 0x11a7: 0x0008, 0x11a8: 0xe00d, 0x11a9: 0x0008,
+	0x11aa: 0xe00d, 0x11ab: 0x0008, 0x11ac: 0xe00d, 0x11ad: 0x0008, 0x11ae: 0xe00d, 0x11af: 0x0008,
+	0x11b0: 0xe0fd, 0x11b1: 0x0008, 0x11b2: 0x0008, 0x11b3: 0x0008, 0x11b4: 0x0008, 0x11b5: 0x0008,
+	0x11b6: 0x0008, 0x11b7: 0x0008, 0x11b8: 0x0008, 0x11b9: 0xe01d, 0x11ba: 0x0008, 0x11bb: 0xe03d,
+	0x11bc: 0x0008, 0x11bd: 0x442d, 0x11be: 0xe00d, 0x11bf: 0x0008,
+	// Block 0x47, offset 0x11c0
+	0x11c0: 0xe00d, 0x11c1: 0x0008, 0x11c2: 0xe00d, 0x11c3: 0x0008, 0x11c4: 0xe00d, 0x11c5: 0x0008,
+	0x11c6: 0xe00d, 0x11c7: 0x0008, 0x11c8: 0x0008, 0x11c9: 0x0018, 0x11ca: 0x0018, 0x11cb: 0xe03d,
+	0x11cc: 0x0008, 0x11cd: 0x11d9, 0x11ce: 0x0008, 0x11cf: 0x0008, 0x11d0: 0xe00d, 0x11d1: 0x0008,
+	0x11d2: 0xe00d, 0x11d3: 0x0008, 0x11d4: 0x0008, 0x11d5: 0x0008, 0x11d6: 0xe00d, 0x11d7: 0x0008,
+	0x11d8: 0xe00d, 0x11d9: 0x0008, 0x11da: 0xe00d, 0x11db: 0x0008, 0x11dc: 0xe00d, 0x11dd: 0x0008,
+	0x11de: 0xe00d, 0x11df: 0x0008, 0x11e0: 0xe00d, 0x11e1: 0x0008, 0x11e2: 0xe00d, 0x11e3: 0x0008,
+	0x11e4: 0xe00d, 0x11e5: 0x0008, 0x11e6: 0xe00d, 0x11e7: 0x0008, 0x11e8: 0xe00d, 0x11e9: 0x0008,
+	0x11ea: 0x6e29, 0x11eb: 0x1029, 0x11ec: 0x11c1, 0x11ed: 0x6e41, 0x11ee: 0x1221, 0x11ef: 0x0040,
+	0x11f0: 0x6e59, 0x11f1: 0x6e71, 0x11f2: 0x1239, 0x11f3: 0x444d, 0x11f4: 0xe00d, 0x11f5: 0x0008,
+	0x11f6: 0xe00d, 0x11f7: 0x0008, 0x11f8: 0x0040, 0x11f9: 0x0040, 0x11fa: 0x0040, 0x11fb: 0x0040,
+	0x11fc: 0x0040, 0x11fd: 0x0040, 0x11fe: 0x0040, 0x11ff: 0x0040,
+	// Block 0x48, offset 0x1200
+	0x1200: 0x64d5, 0x1201: 0x64f5, 0x1202: 0x6515, 0x1203: 0x6535, 0x1204: 0x6555, 0x1205: 0x6575,
+	0x1206: 0x6595, 0x1207: 0x65b5, 0x1208: 0x65d5, 0x1209: 0x65f5, 0x120a: 0x6615, 0x120b: 0x6635,
+	0x120c: 0x6655, 0x120d: 0x6675, 0x120e: 0x0008, 0x120f: 0x0008, 0x1210: 0x6695, 0x1211: 0x0008,
+	0x1212: 0x66b5, 0x1213: 0x0008, 0x1214: 0x0008, 0x1215: 0x66d5, 0x1216: 0x66f5, 0x1217: 0x6715,
+	0x1218: 0x6735, 0x1219: 0x6755, 0x121a: 0x6775, 0x121b: 0x6795, 0x121c: 0x67b5, 0x121d: 0x67d5,
+	0x121e: 0x67f5, 0x121f: 0x0008, 0x1220: 0x6815, 0x1221: 0x0008, 0x1222: 0x6835, 0x1223: 0x0008,
+	0x1224: 0x0008, 0x1225: 0x6855, 0x1226: 0x6875, 0x1227: 0x0008, 0x1228: 0x0008, 0x1229: 0x0008,
+	0x122a: 0x6895, 0x122b: 0x68b5, 0x122c: 0x68d5, 0x122d: 0x68f5, 0x122e: 0x6915, 0x122f: 0x6935,
+	0x1230: 0x6955, 0x1231: 0x6975, 0x1232: 0x6995, 0x1233: 0x69b5, 0x1234: 0x69d5, 0x1235: 0x69f5,
+	0x1236: 0x6a15, 0x1237: 0x6a35, 0x1238: 0x6a55, 0x1239: 0x6a75, 0x123a: 0x6a95, 0x123b: 0x6ab5,
+	0x123c: 0x6ad5, 0x123d: 0x6af5, 0x123e: 0x6b15, 0x123f: 0x6b35,
+	// Block 0x49, offset 0x1240
+	0x1240: 0x7a95, 0x1241: 0x7ab5, 0x1242: 0x7ad5, 0x1243: 0x7af5, 0x1244: 0x7b15, 0x1245: 0x7b35,
+	0x1246: 0x7b55, 0x1247: 0x7b75, 0x1248: 0x7b95, 0x1249: 0x7bb5, 0x124a: 0x7bd5, 0x124b: 0x7bf5,
+	0x124c: 0x7c15, 0x124d: 0x7c35, 0x124e: 0x7c55, 0x124f: 0x6ec9, 0x1250: 0x6ef1, 0x1251: 0x6f19,
+	0x1252: 0x7c75, 0x1253: 0x7c95, 0x1254: 0x7cb5, 0x1255: 0x6f41, 0x1256: 0x6f69, 0x1257: 0x6f91,
+	0x1258: 0x7cd5, 0x1259: 0x7cf5, 0x125a: 0x0040, 0x125b: 0x0040, 0x125c: 0x0040, 0x125d: 0x0040,
+	0x125e: 0x0040, 0x125f: 0x0040, 0x1260: 0x0040, 0x1261: 0x0040, 0x1262: 0x0040, 0x1263: 0x0040,
+	0x1264: 0x0040, 0x1265: 0x0040, 0x1266: 0x0040, 0x1267: 0x0040, 0x1268: 0x0040, 0x1269: 0x0040,
+	0x126a: 0x0040, 0x126b: 0x0040, 0x126c: 0x0040, 0x126d: 0x0040, 0x126e: 0x0040, 0x126f: 0x0040,
+	0x1270: 0x0040, 0x1271: 0x0040, 0x1272: 0x0040, 0x1273: 0x0040, 0x1274: 0x0040, 0x1275: 0x0040,
+	0x1276: 0x0040, 0x1277: 0x0040, 0x1278: 0x0040, 0x1279: 0x0040, 0x127a: 0x0040, 0x127b: 0x0040,
+	0x127c: 0x0040, 0x127d: 0x0040, 0x127e: 0x0040, 0x127f: 0x0040,
+	// Block 0x4a, offset 0x1280
+	0x1280: 0x6fb9, 0x1281: 0x6fd1, 0x1282: 0x6fe9, 0x1283: 0x7d15, 0x1284: 0x7d35, 0x1285: 0x7001,
+	0x1286: 0x7001, 0x1287: 0x0040, 0x1288: 0x0040, 0x1289: 0x0040, 0x128a: 0x0040, 0x128b: 0x0040,
+	0x128c: 0x0040, 0x128d: 0x0040, 0x128e: 0x0040, 0x128f: 0x0040, 0x1290: 0x0040, 0x1291: 0x0040,
+	0x1292: 0x0040, 0x1293: 0x7019, 0x1294: 0x7041, 0x1295: 0x7069, 0x1296: 0x7091, 0x1297: 0x70b9,
+	0x1298: 0x0040, 0x1299: 0x0040, 0x129a: 0x0040, 0x129b: 0x0040, 0x129c: 0x0040, 0x129d: 0x70e1,
+	0x129e: 0x3308, 0x129f: 0x7109, 0x12a0: 0x7131, 0x12a1: 0x20a9, 0x12a2: 0x20f1, 0x12a3: 0x7149,
+	0x12a4: 0x7161, 0x12a5: 0x7179, 0x12a6: 0x7191, 0x12a7: 0x71a9, 0x12a8: 0x71c1, 0x12a9: 0x1fb2,
+	0x12aa: 0x71d9, 0x12ab: 0x7201, 0x12ac: 0x7229, 0x12ad: 0x7261, 0x12ae: 0x7299, 0x12af: 0x72c1,
+	0x12b0: 0x72e9, 0x12b1: 0x7311, 0x12b2: 0x7339, 0x12b3: 0x7361, 0x12b4: 0x7389, 0x12b5: 0x73b1,
+	0x12b6: 0x73d9, 0x12b7: 0x0040, 0x12b8: 0x7401, 0x12b9: 0x7429, 0x12ba: 0x7451, 0x12bb: 0x7479,
+	0x12bc: 0x74a1, 0x12bd: 0x0040, 0x12be: 0x74c9, 0x12bf: 0x0040,
+	// Block 0x4b, offset 0x12c0
+	0x12c0: 0x74f1, 0x12c1: 0x7519, 0x12c2: 0x0040, 0x12c3: 0x7541, 0x12c4: 0x7569, 0x12c5: 0x0040,
+	0x12c6: 0x7591, 0x12c7: 0x75b9, 0x12c8: 0x75e1, 0x12c9: 0x7609, 0x12ca: 0x7631, 0x12cb: 0x7659,
+	0x12cc: 0x7681, 0x12cd: 0x76a9, 0x12ce: 0x76d1, 0x12cf: 0x76f9, 0x12d0: 0x7721, 0x12d1: 0x7721,
+	0x12d2: 0x7739, 0x12d3: 0x7739, 0x12d4: 0x7739, 0x12d5: 0x7739, 0x12d6: 0x7751, 0x12d7: 0x7751,
+	0x12d8: 0x7751, 0x12d9: 0x7751, 0x12da: 0x7769, 0x12db: 0x7769, 0x12dc: 0x7769, 0x12dd: 0x7769,
+	0x12de: 0x7781, 0x12df: 0x7781, 0x12e0: 0x7781, 0x12e1: 0x7781, 0x12e2: 0x7799, 0x12e3: 0x7799,
+	0x12e4: 0x7799, 0x12e5: 0x7799, 0x12e6: 0x77b1, 0x12e7: 0x77b1, 0x12e8: 0x77b1, 0x12e9: 0x77b1,
+	0x12ea: 0x77c9, 0x12eb: 0x77c9, 0x12ec: 0x77c9, 0x12ed: 0x77c9, 0x12ee: 0x77e1, 0x12ef: 0x77e1,
+	0x12f0: 0x77e1, 0x12f1: 0x77e1, 0x12f2: 0x77f9, 0x12f3: 0x77f9, 0x12f4: 0x77f9, 0x12f5: 0x77f9,
+	0x12f6: 0x7811, 0x12f7: 0x7811, 0x12f8: 0x7811, 0x12f9: 0x7811, 0x12fa: 0x7829, 0x12fb: 0x7829,
+	0x12fc: 0x7829, 0x12fd: 0x7829, 0x12fe: 0x7841, 0x12ff: 0x7841,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x7841, 0x1301: 0x7841, 0x1302: 0x7859, 0x1303: 0x7859, 0x1304: 0x7871, 0x1305: 0x7871,
+	0x1306: 0x7889, 0x1307: 0x7889, 0x1308: 0x78a1, 0x1309: 0x78a1, 0x130a: 0x78b9, 0x130b: 0x78b9,
+	0x130c: 0x78d1, 0x130d: 0x78d1, 0x130e: 0x78e9, 0x130f: 0x78e9, 0x1310: 0x78e9, 0x1311: 0x78e9,
+	0x1312: 0x7901, 0x1313: 0x7901, 0x1314: 0x7901, 0x1315: 0x7901, 0x1316: 0x7919, 0x1317: 0x7919,
+	0x1318: 0x7919, 0x1319: 0x7919, 0x131a: 0x7931, 0x131b: 0x7931, 0x131c: 0x7931, 0x131d: 0x7931,
+	0x131e: 0x7949, 0x131f: 0x7949, 0x1320: 0x7961, 0x1321: 0x7961, 0x1322: 0x7961, 0x1323: 0x7961,
+	0x1324: 0x7979, 0x1325: 0x7979, 0x1326: 0x7991, 0x1327: 0x7991, 0x1328: 0x7991, 0x1329: 0x7991,
+	0x132a: 0x79a9, 0x132b: 0x79a9, 0x132c: 0x79a9, 0x132d: 0x79a9, 0x132e: 0x79c1, 0x132f: 0x79c1,
+	0x1330: 0x79d9, 0x1331: 0x79d9, 0x1332: 0x0818, 0x1333: 0x0818, 0x1334: 0x0818, 0x1335: 0x0818,
+	0x1336: 0x0818, 0x1337: 0x0818, 0x1338: 0x0818, 0x1339: 0x0818, 0x133a: 0x0818, 0x133b: 0x0818,
+	0x133c: 0x0818, 0x133d: 0x0818, 0x133e: 0x0818, 0x133f: 0x0818,
+	// Block 0x4d, offset 0x1340
+	0x1340: 0x0818, 0x1341: 0x0818, 0x1342: 0x0040, 0x1343: 0x0040, 0x1344: 0x0040, 0x1345: 0x0040,
+	0x1346: 0x0040, 0x1347: 0x0040, 0x1348: 0x0040, 0x1349: 0x0040, 0x134a: 0x0040, 0x134b: 0x0040,
+	0x134c: 0x0040, 0x134d: 0x0040, 0x134e: 0x0040, 0x134f: 0x0040, 0x1350: 0x0040, 0x1351: 0x0040,
+	0x1352: 0x0040, 0x1353: 0x79f1, 0x1354: 0x79f1, 0x1355: 0x79f1, 0x1356: 0x79f1, 0x1357: 0x7a09,
+	0x1358: 0x7a09, 0x1359: 0x7a21, 0x135a: 0x7a21, 0x135b: 0x7a39, 0x135c: 0x7a39, 0x135d: 0x0479,
+	0x135e: 0x7a51, 0x135f: 0x7a51, 0x1360: 0x7a69, 0x1361: 0x7a69, 0x1362: 0x7a81, 0x1363: 0x7a81,
+	0x1364: 0x7a99, 0x1365: 0x7a99, 0x1366: 0x7a99, 0x1367: 0x7a99, 0x1368: 0x7ab1, 0x1369: 0x7ab1,
+	0x136a: 0x7ac9, 0x136b: 0x7ac9, 0x136c: 0x7af1, 0x136d: 0x7af1, 0x136e: 0x7b19, 0x136f: 0x7b19,
+	0x1370: 0x7b41, 0x1371: 0x7b41, 0x1372: 0x7b69, 0x1373: 0x7b69, 0x1374: 0x7b91, 0x1375: 0x7b91,
+	0x1376: 0x7bb9, 0x1377: 0x7bb9, 0x1378: 0x7bb9, 0x1379: 0x7be1, 0x137a: 0x7be1, 0x137b: 0x7be1,
+	0x137c: 0x7c09, 0x137d: 0x7c09, 0x137e: 0x7c09, 0x137f: 0x7c09,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x85f9, 0x1381: 0x8621, 0x1382: 0x8649, 0x1383: 0x8671, 0x1384: 0x8699, 0x1385: 0x86c1,
+	0x1386: 0x86e9, 0x1387: 0x8711, 0x1388: 0x8739, 0x1389: 0x8761, 0x138a: 0x8789, 0x138b: 0x87b1,
+	0x138c: 0x87d9, 0x138d: 0x8801, 0x138e: 0x8829, 0x138f: 0x8851, 0x1390: 0x8879, 0x1391: 0x88a1,
+	0x1392: 0x88c9, 0x1393: 0x88f1, 0x1394: 0x8919, 0x1395: 0x8941, 0x1396: 0x8969, 0x1397: 0x8991,
+	0x1398: 0x89b9, 0x1399: 0x89e1, 0x139a: 0x8a09, 0x139b: 0x8a31, 0x139c: 0x8a59, 0x139d: 0x8a81,
+	0x139e: 0x8aaa, 0x139f: 0x8ada, 0x13a0: 0x8b0a, 0x13a1: 0x8b3a, 0x13a2: 0x8b6a, 0x13a3: 0x8b9a,
+	0x13a4: 0x8bc9, 0x13a5: 0x8bf1, 0x13a6: 0x7c71, 0x13a7: 0x8c19, 0x13a8: 0x7be1, 0x13a9: 0x7c99,
+	0x13aa: 0x8c41, 0x13ab: 0x8c69, 0x13ac: 0x7d39, 0x13ad: 0x8c91, 0x13ae: 0x7d61, 0x13af: 0x7d89,
+	0x13b0: 0x8cb9, 0x13b1: 0x8ce1, 0x13b2: 0x7e29, 0x13b3: 0x8d09, 0x13b4: 0x7e51, 0x13b5: 0x7e79,
+	0x13b6: 0x8d31, 0x13b7: 0x8d59, 0x13b8: 0x7ec9, 0x13b9: 0x8d81, 0x13ba: 0x7ef1, 0x13bb: 0x7f19,
+	0x13bc: 0x83a1, 0x13bd: 0x83c9, 0x13be: 0x8441, 0x13bf: 0x8469,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x8491, 0x13c1: 0x8531, 0x13c2: 0x8559, 0x13c3: 0x8581, 0x13c4: 0x85a9, 0x13c5: 0x8649,
+	0x13c6: 0x8671, 0x13c7: 0x8699, 0x13c8: 0x8da9, 0x13c9: 0x8739, 0x13ca: 0x8dd1, 0x13cb: 0x8df9,
+	0x13cc: 0x8829, 0x13cd: 0x8e21, 0x13ce: 0x8851, 0x13cf: 0x8879, 0x13d0: 0x8a81, 0x13d1: 0x8e49,
+	0x13d2: 0x8e71, 0x13d3: 0x89b9, 0x13d4: 0x8e99, 0x13d5: 0x89e1, 0x13d6: 0x8a09, 0x13d7: 0x7c21,
+	0x13d8: 0x7c49, 0x13d9: 0x8ec1, 0x13da: 0x7c71, 0x13db: 0x8ee9, 0x13dc: 0x7cc1, 0x13dd: 0x7ce9,
+	0x13de: 0x7d11, 0x13df: 0x7d39, 0x13e0: 0x8f11, 0x13e1: 0x7db1, 0x13e2: 0x7dd9, 0x13e3: 0x7e01,
+	0x13e4: 0x7e29, 0x13e5: 0x8f39, 0x13e6: 0x7ec9, 0x13e7: 0x7f41, 0x13e8: 0x7f69, 0x13e9: 0x7f91,
+	0x13ea: 0x7fb9, 0x13eb: 0x7fe1, 0x13ec: 0x8031, 0x13ed: 0x8059, 0x13ee: 0x8081, 0x13ef: 0x80a9,
+	0x13f0: 0x80d1, 0x13f1: 0x80f9, 0x13f2: 0x8f61, 0x13f3: 0x8121, 0x13f4: 0x8149, 0x13f5: 0x8171,
+	0x13f6: 0x8199, 0x13f7: 0x81c1, 0x13f8: 0x81e9, 0x13f9: 0x8239, 0x13fa: 0x8261, 0x13fb: 0x8289,
+	0x13fc: 0x82b1, 0x13fd: 0x82d9, 0x13fe: 0x8301, 0x13ff: 0x8329,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x8351, 0x1401: 0x8379, 0x1402: 0x83f1, 0x1403: 0x8419, 0x1404: 0x84b9, 0x1405: 0x84e1,
+	0x1406: 0x8509, 0x1407: 0x8531, 0x1408: 0x8559, 0x1409: 0x85d1, 0x140a: 0x85f9, 0x140b: 0x8621,
+	0x140c: 0x8649, 0x140d: 0x8f89, 0x140e: 0x86c1, 0x140f: 0x86e9, 0x1410: 0x8711, 0x1411: 0x8739,
+	0x1412: 0x87b1, 0x1413: 0x87d9, 0x1414: 0x8801, 0x1415: 0x8829, 0x1416: 0x8fb1, 0x1417: 0x88a1,
+	0x1418: 0x88c9, 0x1419: 0x8fd9, 0x141a: 0x8941, 0x141b: 0x8969, 0x141c: 0x8991, 0x141d: 0x89b9,
+	0x141e: 0x9001, 0x141f: 0x7c71, 0x1420: 0x8ee9, 0x1421: 0x7d39, 0x1422: 0x8f11, 0x1423: 0x7e29,
+	0x1424: 0x8f39, 0x1425: 0x7ec9, 0x1426: 0x9029, 0x1427: 0x80d1, 0x1428: 0x9051, 0x1429: 0x9079,
+	0x142a: 0x90a1, 0x142b: 0x8531, 0x142c: 0x8559, 0x142d: 0x8649, 0x142e: 0x8829, 0x142f: 0x8fb1,
+	0x1430: 0x89b9, 0x1431: 0x9001, 0x1432: 0x90c9, 0x1433: 0x9101, 0x1434: 0x9139, 0x1435: 0x9171,
+	0x1436: 0x9199, 0x1437: 0x91c1, 0x1438: 0x91e9, 0x1439: 0x9211, 0x143a: 0x9239, 0x143b: 0x9261,
+	0x143c: 0x9289, 0x143d: 0x92b1, 0x143e: 0x92d9, 0x143f: 0x9301,
+	// Block 0x51, offset 0x1440
+	0x1440: 0x9329, 0x1441: 0x9351, 0x1442: 0x9379, 0x1443: 0x93a1, 0x1444: 0x93c9, 0x1445: 0x93f1,
+	0x1446: 0x9419, 0x1447: 0x9441, 0x1448: 0x9469, 0x1449: 0x9491, 0x144a: 0x94b9, 0x144b: 0x94e1,
+	0x144c: 0x9079, 0x144d: 0x9509, 0x144e: 0x9531, 0x144f: 0x9559, 0x1450: 0x9581, 0x1451: 0x9171,
+	0x1452: 0x9199, 0x1453: 0x91c1, 0x1454: 0x91e9, 0x1455: 0x9211, 0x1456: 0x9239, 0x1457: 0x9261,
+	0x1458: 0x9289, 0x1459: 0x92b1, 0x145a: 0x92d9, 0x145b: 0x9301, 0x145c: 0x9329, 0x145d: 0x9351,
+	0x145e: 0x9379, 0x145f: 0x93a1, 0x1460: 0x93c9, 0x1461: 0x93f1, 0x1462: 0x9419, 0x1463: 0x9441,
+	0x1464: 0x9469, 0x1465: 0x9491, 0x1466: 0x94b9, 0x1467: 0x94e1, 0x1468: 0x9079, 0x1469: 0x9509,
+	0x146a: 0x9531, 0x146b: 0x9559, 0x146c: 0x9581, 0x146d: 0x9491, 0x146e: 0x94b9, 0x146f: 0x94e1,
+	0x1470: 0x9079, 0x1471: 0x9051, 0x1472: 0x90a1, 0x1473: 0x8211, 0x1474: 0x8059, 0x1475: 0x8081,
+	0x1476: 0x80a9, 0x1477: 0x9491, 0x1478: 0x94b9, 0x1479: 0x94e1, 0x147a: 0x8211, 0x147b: 0x8239,
+	0x147c: 0x95a9, 0x147d: 0x95a9, 0x147e: 0x0018, 0x147f: 0x0018,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x0040, 0x1481: 0x0040, 0x1482: 0x0040, 0x1483: 0x0040, 0x1484: 0x0040, 0x1485: 0x0040,
+	0x1486: 0x0040, 0x1487: 0x0040, 0x1488: 0x0040, 0x1489: 0x0040, 0x148a: 0x0040, 0x148b: 0x0040,
+	0x148c: 0x0040, 0x148d: 0x0040, 0x148e: 0x0040, 0x148f: 0x0040, 0x1490: 0x95d1, 0x1491: 0x9609,
+	0x1492: 0x9609, 0x1493: 0x9641, 0x1494: 0x9679, 0x1495: 0x96b1, 0x1496: 0x96e9, 0x1497: 0x9721,
+	0x1498: 0x9759, 0x1499: 0x9759, 0x149a: 0x9791, 0x149b: 0x97c9, 0x149c: 0x9801, 0x149d: 0x9839,
+	0x149e: 0x9871, 0x149f: 0x98a9, 0x14a0: 0x98a9, 0x14a1: 0x98e1, 0x14a2: 0x9919, 0x14a3: 0x9919,
+	0x14a4: 0x9951, 0x14a5: 0x9951, 0x14a6: 0x9989, 0x14a7: 0x99c1, 0x14a8: 0x99c1, 0x14a9: 0x99f9,
+	0x14aa: 0x9a31, 0x14ab: 0x9a31, 0x14ac: 0x9a69, 0x14ad: 0x9a69, 0x14ae: 0x9aa1, 0x14af: 0x9ad9,
+	0x14b0: 0x9ad9, 0x14b1: 0x9b11, 0x14b2: 0x9b11, 0x14b3: 0x9b49, 0x14b4: 0x9b81, 0x14b5: 0x9bb9,
+	0x14b6: 0x9bf1, 0x14b7: 0x9bf1, 0x14b8: 0x9c29, 0x14b9: 0x9c61, 0x14ba: 0x9c99, 0x14bb: 0x9cd1,
+	0x14bc: 0x9d09, 0x14bd: 0x9d09, 0x14be: 0x9d41, 0x14bf: 0x9d79,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0xa949, 0x14c1: 0xa981, 0x14c2: 0xa9b9, 0x14c3: 0xa8a1, 0x14c4: 0x9bb9, 0x14c5: 0x9989,
+	0x14c6: 0xa9f1, 0x14c7: 0xaa29, 0x14c8: 0x0040, 0x14c9: 0x0040, 0x14ca: 0x0040, 0x14cb: 0x0040,
+	0x14cc: 0x0040, 0x14cd: 0x0040, 0x14ce: 0x0040, 0x14cf: 0x0040, 0x14d0: 0x0040, 0x14d1: 0x0040,
+	0x14d2: 0x0040, 0x14d3: 0x0040, 0x14d4: 0x0040, 0x14d5: 0x0040, 0x14d6: 0x0040, 0x14d7: 0x0040,
+	0x14d8: 0x0040, 0x14d9: 0x0040, 0x14da: 0x0040, 0x14db: 0x0040, 0x14dc: 0x0040, 0x14dd: 0x0040,
+	0x14de: 0x0040, 0x14df: 0x0040, 0x14e0: 0x0040, 0x14e1: 0x0040, 0x14e2: 0x0040, 0x14e3: 0x0040,
+	0x14e4: 0x0040, 0x14e5: 0x0040, 0x14e6: 0x0040, 0x14e7: 0x0040, 0x14e8: 0x0040, 0x14e9: 0x0040,
+	0x14ea: 0x0040, 0x14eb: 0x0040, 0x14ec: 0x0040, 0x14ed: 0x0040, 0x14ee: 0x0040, 0x14ef: 0x0040,
+	0x14f0: 0xaa61, 0x14f1: 0xaa99, 0x14f2: 0xaad1, 0x14f3: 0xab19, 0x14f4: 0xab61, 0x14f5: 0xaba9,
+	0x14f6: 0xabf1, 0x14f7: 0xac39, 0x14f8: 0xac81, 0x14f9: 0xacc9, 0x14fa: 0xad02, 0x14fb: 0xae12,
+	0x14fc: 0xae91, 0x14fd: 0x0018, 0x14fe: 0x0040, 0x14ff: 0x0040,
+	// Block 0x54, offset 0x1500
+	0x1500: 0x33c0, 0x1501: 0x33c0, 0x1502: 0x33c0, 0x1503: 0x33c0, 0x1504: 0x33c0, 0x1505: 0x33c0,
+	0x1506: 0x33c0, 0x1507: 0x33c0, 0x1508: 0x33c0, 0x1509: 0x33c0, 0x150a: 0x33c0, 0x150b: 0x33c0,
+	0x150c: 0x33c0, 0x150d: 0x33c0, 0x150e: 0x33c0, 0x150f: 0x33c0, 0x1510: 0xaeda, 0x1511: 0x7d55,
+	0x1512: 0x0040, 0x1513: 0xaeea, 0x1514: 0x03c2, 0x1515: 0xaefa, 0x1516: 0xaf0a, 0x1517: 0x7d75,
+	0x1518: 0x7d95, 0x1519: 0x0040, 0x151a: 0x0040, 0x151b: 0x0040, 0x151c: 0x0040, 0x151d: 0x0040,
+	0x151e: 0x0040, 0x151f: 0x0040, 0x1520: 0x3308, 0x1521: 0x3308, 0x1522: 0x3308, 0x1523: 0x3308,
+	0x1524: 0x3308, 0x1525: 0x3308, 0x1526: 0x3308, 0x1527: 0x3308, 0x1528: 0x3308, 0x1529: 0x3308,
+	0x152a: 0x3308, 0x152b: 0x3308, 0x152c: 0x3308, 0x152d: 0x3308, 0x152e: 0x3308, 0x152f: 0x3308,
+	0x1530: 0x0040, 0x1531: 0x7db5, 0x1532: 0x7dd5, 0x1533: 0xaf1a, 0x1534: 0xaf1a, 0x1535: 0x1fd2,
+	0x1536: 0x1fe2, 0x1537: 0xaf2a, 0x1538: 0xaf3a, 0x1539: 0x7df5, 0x153a: 0x7e15, 0x153b: 0x7e35,
+	0x153c: 0x7df5, 0x153d: 0x7e55, 0x153e: 0x7e75, 0x153f: 0x7e55,
+	// Block 0x55, offset 0x1540
+	0x1540: 0x7e95, 0x1541: 0x7eb5, 0x1542: 0x7ed5, 0x1543: 0x7eb5, 0x1544: 0x7ef5, 0x1545: 0x0018,
+	0x1546: 0x0018, 0x1547: 0xaf4a, 0x1548: 0xaf5a, 0x1549: 0x7f16, 0x154a: 0x7f36, 0x154b: 0x7f56,
+	0x154c: 0x7f76, 0x154d: 0xaf1a, 0x154e: 0xaf1a, 0x154f: 0xaf1a, 0x1550: 0xaeda, 0x1551: 0x7f95,
+	0x1552: 0x0040, 0x1553: 0x0040, 0x1554: 0x03c2, 0x1555: 0xaeea, 0x1556: 0xaf0a, 0x1557: 0xaefa,
+	0x1558: 0x7fb5, 0x1559: 0x1fd2, 0x155a: 0x1fe2, 0x155b: 0xaf2a, 0x155c: 0xaf3a, 0x155d: 0x7e95,
+	0x155e: 0x7ef5, 0x155f: 0xaf6a, 0x1560: 0xaf7a, 0x1561: 0xaf8a, 0x1562: 0x1fb2, 0x1563: 0xaf99,
+	0x1564: 0xafaa, 0x1565: 0xafba, 0x1566: 0x1fc2, 0x1567: 0x0040, 0x1568: 0xafca, 0x1569: 0xafda,
+	0x156a: 0xafea, 0x156b: 0xaffa, 0x156c: 0x0040, 0x156d: 0x0040, 0x156e: 0x0040, 0x156f: 0x0040,
+	0x1570: 0x7fd6, 0x1571: 0xb009, 0x1572: 0x7ff6, 0x1573: 0x0808, 0x1574: 0x8016, 0x1575: 0x0040,
+	0x1576: 0x8036, 0x1577: 0xb031, 0x1578: 0x8056, 0x1579: 0xb059, 0x157a: 0x8076, 0x157b: 0xb081,
+	0x157c: 0x8096, 0x157d: 0xb0a9, 0x157e: 0x80b6, 0x157f: 0xb0d1,
+	// Block 0x56, offset 0x1580
+	0x1580: 0xb0f9, 0x1581: 0xb111, 0x1582: 0xb111, 0x1583: 0xb129, 0x1584: 0xb129, 0x1585: 0xb141,
+	0x1586: 0xb141, 0x1587: 0xb159, 0x1588: 0xb159, 0x1589: 0xb171, 0x158a: 0xb171, 0x158b: 0xb171,
+	0x158c: 0xb171, 0x158d: 0xb189, 0x158e: 0xb189, 0x158f: 0xb1a1, 0x1590: 0xb1a1, 0x1591: 0xb1a1,
+	0x1592: 0xb1a1, 0x1593: 0xb1b9, 0x1594: 0xb1b9, 0x1595: 0xb1d1, 0x1596: 0xb1d1, 0x1597: 0xb1d1,
+	0x1598: 0xb1d1, 0x1599: 0xb1e9, 0x159a: 0xb1e9, 0x159b: 0xb1e9, 0x159c: 0xb1e9, 0x159d: 0xb201,
+	0x159e: 0xb201, 0x159f: 0xb201, 0x15a0: 0xb201, 0x15a1: 0xb219, 0x15a2: 0xb219, 0x15a3: 0xb219,
+	0x15a4: 0xb219, 0x15a5: 0xb231, 0x15a6: 0xb231, 0x15a7: 0xb231, 0x15a8: 0xb231, 0x15a9: 0xb249,
+	0x15aa: 0xb249, 0x15ab: 0xb261, 0x15ac: 0xb261, 0x15ad: 0xb279, 0x15ae: 0xb279, 0x15af: 0xb291,
+	0x15b0: 0xb291, 0x15b1: 0xb2a9, 0x15b2: 0xb2a9, 0x15b3: 0xb2a9, 0x15b4: 0xb2a9, 0x15b5: 0xb2c1,
+	0x15b6: 0xb2c1, 0x15b7: 0xb2c1, 0x15b8: 0xb2c1, 0x15b9: 0xb2d9, 0x15ba: 0xb2d9, 0x15bb: 0xb2d9,
+	0x15bc: 0xb2d9, 0x15bd: 0xb2f1, 0x15be: 0xb2f1, 0x15bf: 0xb2f1,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0xb2f1, 0x15c1: 0xb309, 0x15c2: 0xb309, 0x15c3: 0xb309, 0x15c4: 0xb309, 0x15c5: 0xb321,
+	0x15c6: 0xb321, 0x15c7: 0xb321, 0x15c8: 0xb321, 0x15c9: 0xb339, 0x15ca: 0xb339, 0x15cb: 0xb339,
+	0x15cc: 0xb339, 0x15cd: 0xb351, 0x15ce: 0xb351, 0x15cf: 0xb351, 0x15d0: 0xb351, 0x15d1: 0xb369,
+	0x15d2: 0xb369, 0x15d3: 0xb369, 0x15d4: 0xb369, 0x15d5: 0xb381, 0x15d6: 0xb381, 0x15d7: 0xb381,
+	0x15d8: 0xb381, 0x15d9: 0xb399, 0x15da: 0xb399, 0x15db: 0xb399, 0x15dc: 0xb399, 0x15dd: 0xb3b1,
+	0x15de: 0xb3b1, 0x15df: 0xb3b1, 0x15e0: 0xb3b1, 0x15e1: 0xb3c9, 0x15e2: 0xb3c9, 0x15e3: 0xb3c9,
+	0x15e4: 0xb3c9, 0x15e5: 0xb3e1, 0x15e6: 0xb3e1, 0x15e7: 0xb3e1, 0x15e8: 0xb3e1, 0x15e9: 0xb3f9,
+	0x15ea: 0xb3f9, 0x15eb: 0xb3f9, 0x15ec: 0xb3f9, 0x15ed: 0xb411, 0x15ee: 0xb411, 0x15ef: 0x7ab1,
+	0x15f0: 0x7ab1, 0x15f1: 0xb429, 0x15f2: 0xb429, 0x15f3: 0xb429, 0x15f4: 0xb429, 0x15f5: 0xb441,
+	0x15f6: 0xb441, 0x15f7: 0xb469, 0x15f8: 0xb469, 0x15f9: 0xb491, 0x15fa: 0xb491, 0x15fb: 0xb4b9,
+	0x15fc: 0xb4b9, 0x15fd: 0x0040, 0x15fe: 0x0040, 0x15ff: 0x03c0,
+	// Block 0x58, offset 0x1600
+	0x1600: 0x0040, 0x1601: 0xaefa, 0x1602: 0xb4e2, 0x1603: 0xaf6a, 0x1604: 0xafda, 0x1605: 0xafea,
+	0x1606: 0xaf7a, 0x1607: 0xb4f2, 0x1608: 0x1fd2, 0x1609: 0x1fe2, 0x160a: 0xaf8a, 0x160b: 0x1fb2,
+	0x160c: 0xaeda, 0x160d: 0xaf99, 0x160e: 0x29d1, 0x160f: 0xb502, 0x1610: 0x1f41, 0x1611: 0x00c9,
+	0x1612: 0x0069, 0x1613: 0x0079, 0x1614: 0x1f51, 0x1615: 0x1f61, 0x1616: 0x1f71, 0x1617: 0x1f81,
+	0x1618: 0x1f91, 0x1619: 0x1fa1, 0x161a: 0xaeea, 0x161b: 0x03c2, 0x161c: 0xafaa, 0x161d: 0x1fc2,
+	0x161e: 0xafba, 0x161f: 0xaf0a, 0x1620: 0xaffa, 0x1621: 0x0039, 0x1622: 0x0ee9, 0x1623: 0x1159,
+	0x1624: 0x0ef9, 0x1625: 0x0f09, 0x1626: 0x1199, 0x1627: 0x0f31, 0x1628: 0x0249, 0x1629: 0x0f41,
+	0x162a: 0x0259, 0x162b: 0x0f51, 0x162c: 0x0359, 0x162d: 0x0f61, 0x162e: 0x0f71, 0x162f: 0x00d9,
+	0x1630: 0x0f99, 0x1631: 0x2039, 0x1632: 0x0269, 0x1633: 0x01d9, 0x1634: 0x0fa9, 0x1635: 0x0fb9,
+	0x1636: 0x1089, 0x1637: 0x0279, 0x1638: 0x0369, 0x1639: 0x0289, 0x163a: 0x13d1, 0x163b: 0xaf4a,
+	0x163c: 0xafca, 0x163d: 0xaf5a, 0x163e: 0xb512, 0x163f: 0xaf1a,
+	// Block 0x59, offset 0x1640
+	0x1640: 0x1caa, 0x1641: 0x0039, 0x1642: 0x0ee9, 0x1643: 0x1159, 0x1644: 0x0ef9, 0x1645: 0x0f09,
+	0x1646: 0x1199, 0x1647: 0x0f31, 0x1648: 0x0249, 0x1649: 0x0f41, 0x164a: 0x0259, 0x164b: 0x0f51,
+	0x164c: 0x0359, 0x164d: 0x0f61, 0x164e: 0x0f71, 0x164f: 0x00d9, 0x1650: 0x0f99, 0x1651: 0x2039,
+	0x1652: 0x0269, 0x1653: 0x01d9, 0x1654: 0x0fa9, 0x1655: 0x0fb9, 0x1656: 0x1089, 0x1657: 0x0279,
+	0x1658: 0x0369, 0x1659: 0x0289, 0x165a: 0x13d1, 0x165b: 0xaf2a, 0x165c: 0xb522, 0x165d: 0xaf3a,
+	0x165e: 0xb532, 0x165f: 0x80d5, 0x1660: 0x80f5, 0x1661: 0x29d1, 0x1662: 0x8115, 0x1663: 0x8115,
+	0x1664: 0x8135, 0x1665: 0x8155, 0x1666: 0x8175, 0x1667: 0x8195, 0x1668: 0x81b5, 0x1669: 0x81d5,
+	0x166a: 0x81f5, 0x166b: 0x8215, 0x166c: 0x8235, 0x166d: 0x8255, 0x166e: 0x8275, 0x166f: 0x8295,
+	0x1670: 0x82b5, 0x1671: 0x82d5, 0x1672: 0x82f5, 0x1673: 0x8315, 0x1674: 0x8335, 0x1675: 0x8355,
+	0x1676: 0x8375, 0x1677: 0x8395, 0x1678: 0x83b5, 0x1679: 0x83d5, 0x167a: 0x83f5, 0x167b: 0x8415,
+	0x167c: 0x81b5, 0x167d: 0x8435, 0x167e: 0x8455, 0x167f: 0x8215,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x8475, 0x1681: 0x8495, 0x1682: 0x84b5, 0x1683: 0x84d5, 0x1684: 0x84f5, 0x1685: 0x8515,
+	0x1686: 0x8535, 0x1687: 0x8555, 0x1688: 0x84d5, 0x1689: 0x8575, 0x168a: 0x84d5, 0x168b: 0x8595,
+	0x168c: 0x8595, 0x168d: 0x85b5, 0x168e: 0x85b5, 0x168f: 0x85d5, 0x1690: 0x8515, 0x1691: 0x85f5,
+	0x1692: 0x8615, 0x1693: 0x85f5, 0x1694: 0x8635, 0x1695: 0x8615, 0x1696: 0x8655, 0x1697: 0x8655,
+	0x1698: 0x8675, 0x1699: 0x8675, 0x169a: 0x8695, 0x169b: 0x8695, 0x169c: 0x8615, 0x169d: 0x8115,
+	0x169e: 0x86b5, 0x169f: 0x86d5, 0x16a0: 0x0040, 0x16a1: 0x86f5, 0x16a2: 0x8715, 0x16a3: 0x8735,
+	0x16a4: 0x8755, 0x16a5: 0x8735, 0x16a6: 0x8775, 0x16a7: 0x8795, 0x16a8: 0x87b5, 0x16a9: 0x87b5,
+	0x16aa: 0x87d5, 0x16ab: 0x87d5, 0x16ac: 0x87f5, 0x16ad: 0x87f5, 0x16ae: 0x87d5, 0x16af: 0x87d5,
+	0x16b0: 0x8815, 0x16b1: 0x8835, 0x16b2: 0x8855, 0x16b3: 0x8875, 0x16b4: 0x8895, 0x16b5: 0x88b5,
+	0x16b6: 0x88b5, 0x16b7: 0x88b5, 0x16b8: 0x88d5, 0x16b9: 0x88d5, 0x16ba: 0x88d5, 0x16bb: 0x88d5,
+	0x16bc: 0x87b5, 0x16bd: 0x87b5, 0x16be: 0x87b5, 0x16bf: 0x0040,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x0040, 0x16c1: 0x0040, 0x16c2: 0x8715, 0x16c3: 0x86f5, 0x16c4: 0x88f5, 0x16c5: 0x86f5,
+	0x16c6: 0x8715, 0x16c7: 0x86f5, 0x16c8: 0x0040, 0x16c9: 0x0040, 0x16ca: 0x8915, 0x16cb: 0x8715,
+	0x16cc: 0x8935, 0x16cd: 0x88f5, 0x16ce: 0x8935, 0x16cf: 0x8715, 0x16d0: 0x0040, 0x16d1: 0x0040,
+	0x16d2: 0x8955, 0x16d3: 0x8975, 0x16d4: 0x8875, 0x16d5: 0x8935, 0x16d6: 0x88f5, 0x16d7: 0x8935,
+	0x16d8: 0x0040, 0x16d9: 0x0040, 0x16da: 0x8995, 0x16db: 0x89b5, 0x16dc: 0x8995, 0x16dd: 0x0040,
+	0x16de: 0x0040, 0x16df: 0x0040, 0x16e0: 0xb541, 0x16e1: 0xb559, 0x16e2: 0xb571, 0x16e3: 0x89d6,
+	0x16e4: 0xb589, 0x16e5: 0xb5a1, 0x16e6: 0x89f5, 0x16e7: 0x0040, 0x16e8: 0x8a15, 0x16e9: 0x8a35,
+	0x16ea: 0x8a55, 0x16eb: 0x8a35, 0x16ec: 0x8a75, 0x16ed: 0x8a95, 0x16ee: 0x8ab5, 0x16ef: 0x0040,
+	0x16f0: 0x0040, 0x16f1: 0x0040, 0x16f2: 0x0040, 0x16f3: 0x0040, 0x16f4: 0x0040, 0x16f5: 0x0040,
+	0x16f6: 0x0040, 0x16f7: 0x0040, 0x16f8: 0x0040, 0x16f9: 0x0340, 0x16fa: 0x0340, 0x16fb: 0x0340,
+	0x16fc: 0x0040, 0x16fd: 0x0040, 0x16fe: 0x0040, 0x16ff: 0x0040,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x0a08, 0x1701: 0x0a08, 0x1702: 0x0a08, 0x1703: 0x0a08, 0x1704: 0x0a08, 0x1705: 0x0c08,
+	0x1706: 0x0808, 0x1707: 0x0c08, 0x1708: 0x0818, 0x1709: 0x0c08, 0x170a: 0x0c08, 0x170b: 0x0808,
+	0x170c: 0x0808, 0x170d: 0x0908, 0x170e: 0x0c08, 0x170f: 0x0c08, 0x1710: 0x0c08, 0x1711: 0x0c08,
+	0x1712: 0x0c08, 0x1713: 0x0a08, 0x1714: 0x0a08, 0x1715: 0x0a08, 0x1716: 0x0a08, 0x1717: 0x0908,
+	0x1718: 0x0a08, 0x1719: 0x0a08, 0x171a: 0x0a08, 0x171b: 0x0a08, 0x171c: 0x0a08, 0x171d: 0x0c08,
+	0x171e: 0x0a08, 0x171f: 0x0a08, 0x1720: 0x0a08, 0x1721: 0x0c08, 0x1722: 0x0808, 0x1723: 0x0808,
+	0x1724: 0x0c08, 0x1725: 0x3308, 0x1726: 0x3308, 0x1727: 0x0040, 0x1728: 0x0040, 0x1729: 0x0040,
+	0x172a: 0x0040, 0x172b: 0x0a18, 0x172c: 0x0a18, 0x172d: 0x0a18, 0x172e: 0x0a18, 0x172f: 0x0c18,
+	0x1730: 0x0818, 0x1731: 0x0818, 0x1732: 0x0818, 0x1733: 0x0818, 0x1734: 0x0818, 0x1735: 0x0818,
+	0x1736: 0x0818, 0x1737: 0x0040, 0x1738: 0x0040, 0x1739: 0x0040, 0x173a: 0x0040, 0x173b: 0x0040,
+	0x173c: 0x0040, 0x173d: 0x0040, 0x173e: 0x0040, 0x173f: 0x0040,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x0a08, 0x1741: 0x0c08, 0x1742: 0x0a08, 0x1743: 0x0c08, 0x1744: 0x0c08, 0x1745: 0x0c08,
+	0x1746: 0x0a08, 0x1747: 0x0a08, 0x1748: 0x0a08, 0x1749: 0x0c08, 0x174a: 0x0a08, 0x174b: 0x0a08,
+	0x174c: 0x0c08, 0x174d: 0x0a08, 0x174e: 0x0c08, 0x174f: 0x0c08, 0x1750: 0x0a08, 0x1751: 0x0c08,
+	0x1752: 0x0040, 0x1753: 0x0040, 0x1754: 0x0040, 0x1755: 0x0040, 0x1756: 0x0040, 0x1757: 0x0040,
+	0x1758: 0x0040, 0x1759: 0x0818, 0x175a: 0x0818, 0x175b: 0x0818, 0x175c: 0x0818, 0x175d: 0x0040,
+	0x175e: 0x0040, 0x175f: 0x0040, 0x1760: 0x0040, 0x1761: 0x0040, 0x1762: 0x0040, 0x1763: 0x0040,
+	0x1764: 0x0040, 0x1765: 0x0040, 0x1766: 0x0040, 0x1767: 0x0040, 0x1768: 0x0040, 0x1769: 0x0c18,
+	0x176a: 0x0c18, 0x176b: 0x0c18, 0x176c: 0x0c18, 0x176d: 0x0a18, 0x176e: 0x0a18, 0x176f: 0x0818,
+	0x1770: 0x0040, 0x1771: 0x0040, 0x1772: 0x0040, 0x1773: 0x0040, 0x1774: 0x0040, 0x1775: 0x0040,
+	0x1776: 0x0040, 0x1777: 0x0040, 0x1778: 0x0040, 0x1779: 0x0040, 0x177a: 0x0040, 0x177b: 0x0040,
+	0x177c: 0x0040, 0x177d: 0x0040, 0x177e: 0x0040, 0x177f: 0x0040,
+	// Block 0x5e, offset 0x1780
+	0x1780: 0x3308, 0x1781: 0x3308, 0x1782: 0x3008, 0x1783: 0x3008, 0x1784: 0x0040, 0x1785: 0x0008,
+	0x1786: 0x0008, 0x1787: 0x0008, 0x1788: 0x0008, 0x1789: 0x0008, 0x178a: 0x0008, 0x178b: 0x0008,
+	0x178c: 0x0008, 0x178d: 0x0040, 0x178e: 0x0040, 0x178f: 0x0008, 0x1790: 0x0008, 0x1791: 0x0040,
+	0x1792: 0x0040, 0x1793: 0x0008, 0x1794: 0x0008, 0x1795: 0x0008, 0x1796: 0x0008, 0x1797: 0x0008,
+	0x1798: 0x0008, 0x1799: 0x0008, 0x179a: 0x0008, 0x179b: 0x0008, 0x179c: 0x0008, 0x179d: 0x0008,
+	0x179e: 0x0008, 0x179f: 0x0008, 0x17a0: 0x0008, 0x17a1: 0x0008, 0x17a2: 0x0008, 0x17a3: 0x0008,
+	0x17a4: 0x0008, 0x17a5: 0x0008, 0x17a6: 0x0008, 0x17a7: 0x0008, 0x17a8: 0x0008, 0x17a9: 0x0040,
+	0x17aa: 0x0008, 0x17ab: 0x0008, 0x17ac: 0x0008, 0x17ad: 0x0008, 0x17ae: 0x0008, 0x17af: 0x0008,
+	0x17b0: 0x0008, 0x17b1: 0x0040, 0x17b2: 0x0008, 0x17b3: 0x0008, 0x17b4: 0x0040, 0x17b5: 0x0008,
+	0x17b6: 0x0008, 0x17b7: 0x0008, 0x17b8: 0x0008, 0x17b9: 0x0008, 0x17ba: 0x0040, 0x17bb: 0x0040,
+	0x17bc: 0x3308, 0x17bd: 0x0008, 0x17be: 0x3008, 0x17bf: 0x3008,
+	// Block 0x5f, offset 0x17c0
+	0x17c0: 0x3308, 0x17c1: 0x3008, 0x17c2: 0x3008, 0x17c3: 0x3008, 0x17c4: 0x3008, 0x17c5: 0x0040,
+	0x17c6: 0x0040, 0x17c7: 0x3008, 0x17c8: 0x3008, 0x17c9: 0x0040, 0x17ca: 0x0040, 0x17cb: 0x3008,
+	0x17cc: 0x3008, 0x17cd: 0x3808, 0x17ce: 0x0040, 0x17cf: 0x0040, 0x17d0: 0x0008, 0x17d1: 0x0040,
+	0x17d2: 0x0040, 0x17d3: 0x0040, 0x17d4: 0x0040, 0x17d5: 0x0040, 0x17d6: 0x0040, 0x17d7: 0x3008,
+	0x17d8: 0x0040, 0x17d9: 0x0040, 0x17da: 0x0040, 0x17db: 0x0040, 0x17dc: 0x0040, 0x17dd: 0x0008,
+	0x17de: 0x0008, 0x17df: 0x0008, 0x17e0: 0x0008, 0x17e1: 0x0008, 0x17e2: 0x3008, 0x17e3: 0x3008,
+	0x17e4: 0x0040, 0x17e5: 0x0040, 0x17e6: 0x3308, 0x17e7: 0x3308, 0x17e8: 0x3308, 0x17e9: 0x3308,
+	0x17ea: 0x3308, 0x17eb: 0x3308, 0x17ec: 0x3308, 0x17ed: 0x0040, 0x17ee: 0x0040, 0x17ef: 0x0040,
+	0x17f0: 0x3308, 0x17f1: 0x3308, 0x17f2: 0x3308, 0x17f3: 0x3308, 0x17f4: 0x3308, 0x17f5: 0x0040,
+	0x17f6: 0x0040, 0x17f7: 0x0040, 0x17f8: 0x0040, 0x17f9: 0x0040, 0x17fa: 0x0040, 0x17fb: 0x0040,
+	0x17fc: 0x0040, 0x17fd: 0x0040, 0x17fe: 0x0040, 0x17ff: 0x0040,
+	// Block 0x60, offset 0x1800
+	0x1800: 0x0039, 0x1801: 0x0ee9, 0x1802: 0x1159, 0x1803: 0x0ef9, 0x1804: 0x0f09, 0x1805: 0x1199,
+	0x1806: 0x0f31, 0x1807: 0x0249, 0x1808: 0x0f41, 0x1809: 0x0259, 0x180a: 0x0f51, 0x180b: 0x0359,
+	0x180c: 0x0f61, 0x180d: 0x0f71, 0x180e: 0x00d9, 0x180f: 0x0f99, 0x1810: 0x2039, 0x1811: 0x0269,
+	0x1812: 0x01d9, 0x1813: 0x0fa9, 0x1814: 0x0fb9, 0x1815: 0x1089, 0x1816: 0x0279, 0x1817: 0x0369,
+	0x1818: 0x0289, 0x1819: 0x13d1, 0x181a: 0x0039, 0x181b: 0x0ee9, 0x181c: 0x1159, 0x181d: 0x0ef9,
+	0x181e: 0x0f09, 0x181f: 0x1199, 0x1820: 0x0f31, 0x1821: 0x0249, 0x1822: 0x0f41, 0x1823: 0x0259,
+	0x1824: 0x0f51, 0x1825: 0x0359, 0x1826: 0x0f61, 0x1827: 0x0f71, 0x1828: 0x00d9, 0x1829: 0x0f99,
+	0x182a: 0x2039, 0x182b: 0x0269, 0x182c: 0x01d9, 0x182d: 0x0fa9, 0x182e: 0x0fb9, 0x182f: 0x1089,
+	0x1830: 0x0279, 0x1831: 0x0369, 0x1832: 0x0289, 0x1833: 0x13d1, 0x1834: 0x0039, 0x1835: 0x0ee9,
+	0x1836: 0x1159, 0x1837: 0x0ef9, 0x1838: 0x0f09, 0x1839: 0x1199, 0x183a: 0x0f31, 0x183b: 0x0249,
+	0x183c: 0x0f41, 0x183d: 0x0259, 0x183e: 0x0f51, 0x183f: 0x0359,
+	// Block 0x61, offset 0x1840
+	0x1840: 0x0f61, 0x1841: 0x0f71, 0x1842: 0x00d9, 0x1843: 0x0f99, 0x1844: 0x2039, 0x1845: 0x0269,
+	0x1846: 0x01d9, 0x1847: 0x0fa9, 0x1848: 0x0fb9, 0x1849: 0x1089, 0x184a: 0x0279, 0x184b: 0x0369,
+	0x184c: 0x0289, 0x184d: 0x13d1, 0x184e: 0x0039, 0x184f: 0x0ee9, 0x1850: 0x1159, 0x1851: 0x0ef9,
+	0x1852: 0x0f09, 0x1853: 0x1199, 0x1854: 0x0f31, 0x1855: 0x0040, 0x1856: 0x0f41, 0x1857: 0x0259,
+	0x1858: 0x0f51, 0x1859: 0x0359, 0x185a: 0x0f61, 0x185b: 0x0f71, 0x185c: 0x00d9, 0x185d: 0x0f99,
+	0x185e: 0x2039, 0x185f: 0x0269, 0x1860: 0x01d9, 0x1861: 0x0fa9, 0x1862: 0x0fb9, 0x1863: 0x1089,
+	0x1864: 0x0279, 0x1865: 0x0369, 0x1866: 0x0289, 0x1867: 0x13d1, 0x1868: 0x0039, 0x1869: 0x0ee9,
+	0x186a: 0x1159, 0x186b: 0x0ef9, 0x186c: 0x0f09, 0x186d: 0x1199, 0x186e: 0x0f31, 0x186f: 0x0249,
+	0x1870: 0x0f41, 0x1871: 0x0259, 0x1872: 0x0f51, 0x1873: 0x0359, 0x1874: 0x0f61, 0x1875: 0x0f71,
+	0x1876: 0x00d9, 0x1877: 0x0f99, 0x1878: 0x2039, 0x1879: 0x0269, 0x187a: 0x01d9, 0x187b: 0x0fa9,
+	0x187c: 0x0fb9, 0x187d: 0x1089, 0x187e: 0x0279, 0x187f: 0x0369,
+	// Block 0x62, offset 0x1880
+	0x1880: 0x0289, 0x1881: 0x13d1, 0x1882: 0x0039, 0x1883: 0x0ee9, 0x1884: 0x1159, 0x1885: 0x0ef9,
+	0x1886: 0x0f09, 0x1887: 0x1199, 0x1888: 0x0f31, 0x1889: 0x0249, 0x188a: 0x0f41, 0x188b: 0x0259,
+	0x188c: 0x0f51, 0x188d: 0x0359, 0x188e: 0x0f61, 0x188f: 0x0f71, 0x1890: 0x00d9, 0x1891: 0x0f99,
+	0x1892: 0x2039, 0x1893: 0x0269, 0x1894: 0x01d9, 0x1895: 0x0fa9, 0x1896: 0x0fb9, 0x1897: 0x1089,
+	0x1898: 0x0279, 0x1899: 0x0369, 0x189a: 0x0289, 0x189b: 0x13d1, 0x189c: 0x0039, 0x189d: 0x0040,
+	0x189e: 0x1159, 0x189f: 0x0ef9, 0x18a0: 0x0040, 0x18a1: 0x0040, 0x18a2: 0x0f31, 0x18a3: 0x0040,
+	0x18a4: 0x0040, 0x18a5: 0x0259, 0x18a6: 0x0f51, 0x18a7: 0x0040, 0x18a8: 0x0040, 0x18a9: 0x0f71,
+	0x18aa: 0x00d9, 0x18ab: 0x0f99, 0x18ac: 0x2039, 0x18ad: 0x0040, 0x18ae: 0x01d9, 0x18af: 0x0fa9,
+	0x18b0: 0x0fb9, 0x18b1: 0x1089, 0x18b2: 0x0279, 0x18b3: 0x0369, 0x18b4: 0x0289, 0x18b5: 0x13d1,
+	0x18b6: 0x0039, 0x18b7: 0x0ee9, 0x18b8: 0x1159, 0x18b9: 0x0ef9, 0x18ba: 0x0040, 0x18bb: 0x1199,
+	0x18bc: 0x0040, 0x18bd: 0x0249, 0x18be: 0x0f41, 0x18bf: 0x0259,
+	// Block 0x63, offset 0x18c0
+	0x18c0: 0x0f51, 0x18c1: 0x0359, 0x18c2: 0x0f61, 0x18c3: 0x0f71, 0x18c4: 0x0040, 0x18c5: 0x0f99,
+	0x18c6: 0x2039, 0x18c7: 0x0269, 0x18c8: 0x01d9, 0x18c9: 0x0fa9, 0x18ca: 0x0fb9, 0x18cb: 0x1089,
+	0x18cc: 0x0279, 0x18cd: 0x0369, 0x18ce: 0x0289, 0x18cf: 0x13d1, 0x18d0: 0x0039, 0x18d1: 0x0ee9,
+	0x18d2: 0x1159, 0x18d3: 0x0ef9, 0x18d4: 0x0f09, 0x18d5: 0x1199, 0x18d6: 0x0f31, 0x18d7: 0x0249,
+	0x18d8: 0x0f41, 0x18d9: 0x0259, 0x18da: 0x0f51, 0x18db: 0x0359, 0x18dc: 0x0f61, 0x18dd: 0x0f71,
+	0x18de: 0x00d9, 0x18df: 0x0f99, 0x18e0: 0x2039, 0x18e1: 0x0269, 0x18e2: 0x01d9, 0x18e3: 0x0fa9,
+	0x18e4: 0x0fb9, 0x18e5: 0x1089, 0x18e6: 0x0279, 0x18e7: 0x0369, 0x18e8: 0x0289, 0x18e9: 0x13d1,
+	0x18ea: 0x0039, 0x18eb: 0x0ee9, 0x18ec: 0x1159, 0x18ed: 0x0ef9, 0x18ee: 0x0f09, 0x18ef: 0x1199,
+	0x18f0: 0x0f31, 0x18f1: 0x0249, 0x18f2: 0x0f41, 0x18f3: 0x0259, 0x18f4: 0x0f51, 0x18f5: 0x0359,
+	0x18f6: 0x0f61, 0x18f7: 0x0f71, 0x18f8: 0x00d9, 0x18f9: 0x0f99, 0x18fa: 0x2039, 0x18fb: 0x0269,
+	0x18fc: 0x01d9, 0x18fd: 0x0fa9, 0x18fe: 0x0fb9, 0x18ff: 0x1089,
+	// Block 0x64, offset 0x1900
+	0x1900: 0x0279, 0x1901: 0x0369, 0x1902: 0x0289, 0x1903: 0x13d1, 0x1904: 0x0039, 0x1905: 0x0ee9,
+	0x1906: 0x0040, 0x1907: 0x0ef9, 0x1908: 0x0f09, 0x1909: 0x1199, 0x190a: 0x0f31, 0x190b: 0x0040,
+	0x190c: 0x0040, 0x190d: 0x0259, 0x190e: 0x0f51, 0x190f: 0x0359, 0x1910: 0x0f61, 0x1911: 0x0f71,
+	0x1912: 0x00d9, 0x1913: 0x0f99, 0x1914: 0x2039, 0x1915: 0x0040, 0x1916: 0x01d9, 0x1917: 0x0fa9,
+	0x1918: 0x0fb9, 0x1919: 0x1089, 0x191a: 0x0279, 0x191b: 0x0369, 0x191c: 0x0289, 0x191d: 0x0040,
+	0x191e: 0x0039, 0x191f: 0x0ee9, 0x1920: 0x1159, 0x1921: 0x0ef9, 0x1922: 0x0f09, 0x1923: 0x1199,
+	0x1924: 0x0f31, 0x1925: 0x0249, 0x1926: 0x0f41, 0x1927: 0x0259, 0x1928: 0x0f51, 0x1929: 0x0359,
+	0x192a: 0x0f61, 0x192b: 0x0f71, 0x192c: 0x00d9, 0x192d: 0x0f99, 0x192e: 0x2039, 0x192f: 0x0269,
+	0x1930: 0x01d9, 0x1931: 0x0fa9, 0x1932: 0x0fb9, 0x1933: 0x1089, 0x1934: 0x0279, 0x1935: 0x0369,
+	0x1936: 0x0289, 0x1937: 0x13d1, 0x1938: 0x0039, 0x1939: 0x0ee9, 0x193a: 0x0040, 0x193b: 0x0ef9,
+	0x193c: 0x0f09, 0x193d: 0x1199, 0x193e: 0x0f31, 0x193f: 0x0040,
+	// Block 0x65, offset 0x1940
+	0x1940: 0x0f41, 0x1941: 0x0259, 0x1942: 0x0f51, 0x1943: 0x0359, 0x1944: 0x0f61, 0x1945: 0x0040,
+	0x1946: 0x00d9, 0x1947: 0x0040, 0x1948: 0x0040, 0x1949: 0x0040, 0x194a: 0x01d9, 0x194b: 0x0fa9,
+	0x194c: 0x0fb9, 0x194d: 0x1089, 0x194e: 0x0279, 0x194f: 0x0369, 0x1950: 0x0289, 0x1951: 0x0040,
+	0x1952: 0x0039, 0x1953: 0x0ee9, 0x1954: 0x1159, 0x1955: 0x0ef9, 0x1956: 0x0f09, 0x1957: 0x1199,
+	0x1958: 0x0f31, 0x1959: 0x0249, 0x195a: 0x0f41, 0x195b: 0x0259, 0x195c: 0x0f51, 0x195d: 0x0359,
+	0x195e: 0x0f61, 0x195f: 0x0f71, 0x1960: 0x00d9, 0x1961: 0x0f99, 0x1962: 0x2039, 0x1963: 0x0269,
+	0x1964: 0x01d9, 0x1965: 0x0fa9, 0x1966: 0x0fb9, 0x1967: 0x1089, 0x1968: 0x0279, 0x1969: 0x0369,
+	0x196a: 0x0289, 0x196b: 0x13d1, 0x196c: 0x0039, 0x196d: 0x0ee9, 0x196e: 0x1159, 0x196f: 0x0ef9,
+	0x1970: 0x0f09, 0x1971: 0x1199, 0x1972: 0x0f31, 0x1973: 0x0249, 0x1974: 0x0f41, 0x1975: 0x0259,
+	0x1976: 0x0f51, 0x1977: 0x0359, 0x1978: 0x0f61, 0x1979: 0x0f71, 0x197a: 0x00d9, 0x197b: 0x0f99,
+	0x197c: 0x2039, 0x197d: 0x0269, 0x197e: 0x01d9, 0x197f: 0x0fa9,
+	// Block 0x66, offset 0x1980
+	0x1980: 0x0fb9, 0x1981: 0x1089, 0x1982: 0x0279, 0x1983: 0x0369, 0x1984: 0x0289, 0x1985: 0x13d1,
+	0x1986: 0x0039, 0x1987: 0x0ee9, 0x1988: 0x1159, 0x1989: 0x0ef9, 0x198a: 0x0f09, 0x198b: 0x1199,
+	0x198c: 0x0f31, 0x198d: 0x0249, 0x198e: 0x0f41, 0x198f: 0x0259, 0x1990: 0x0f51, 0x1991: 0x0359,
+	0x1992: 0x0f61, 0x1993: 0x0f71, 0x1994: 0x00d9, 0x1995: 0x0f99, 0x1996: 0x2039, 0x1997: 0x0269,
+	0x1998: 0x01d9, 0x1999: 0x0fa9, 0x199a: 0x0fb9, 0x199b: 0x1089, 0x199c: 0x0279, 0x199d: 0x0369,
+	0x199e: 0x0289, 0x199f: 0x13d1, 0x19a0: 0x0039, 0x19a1: 0x0ee9, 0x19a2: 0x1159, 0x19a3: 0x0ef9,
+	0x19a4: 0x0f09, 0x19a5: 0x1199, 0x19a6: 0x0f31, 0x19a7: 0x0249, 0x19a8: 0x0f41, 0x19a9: 0x0259,
+	0x19aa: 0x0f51, 0x19ab: 0x0359, 0x19ac: 0x0f61, 0x19ad: 0x0f71, 0x19ae: 0x00d9, 0x19af: 0x0f99,
+	0x19b0: 0x2039, 0x19b1: 0x0269, 0x19b2: 0x01d9, 0x19b3: 0x0fa9, 0x19b4: 0x0fb9, 0x19b5: 0x1089,
+	0x19b6: 0x0279, 0x19b7: 0x0369, 0x19b8: 0x0289, 0x19b9: 0x13d1, 0x19ba: 0x0039, 0x19bb: 0x0ee9,
+	0x19bc: 0x1159, 0x19bd: 0x0ef9, 0x19be: 0x0f09, 0x19bf: 0x1199,
+	// Block 0x67, offset 0x19c0
+	0x19c0: 0x0f31, 0x19c1: 0x0249, 0x19c2: 0x0f41, 0x19c3: 0x0259, 0x19c4: 0x0f51, 0x19c5: 0x0359,
+	0x19c6: 0x0f61, 0x19c7: 0x0f71, 0x19c8: 0x00d9, 0x19c9: 0x0f99, 0x19ca: 0x2039, 0x19cb: 0x0269,
+	0x19cc: 0x01d9, 0x19cd: 0x0fa9, 0x19ce: 0x0fb9, 0x19cf: 0x1089, 0x19d0: 0x0279, 0x19d1: 0x0369,
+	0x19d2: 0x0289, 0x19d3: 0x13d1, 0x19d4: 0x0039, 0x19d5: 0x0ee9, 0x19d6: 0x1159, 0x19d7: 0x0ef9,
+	0x19d8: 0x0f09, 0x19d9: 0x1199, 0x19da: 0x0f31, 0x19db: 0x0249, 0x19dc: 0x0f41, 0x19dd: 0x0259,
+	0x19de: 0x0f51, 0x19df: 0x0359, 0x19e0: 0x0f61, 0x19e1: 0x0f71, 0x19e2: 0x00d9, 0x19e3: 0x0f99,
+	0x19e4: 0x2039, 0x19e5: 0x0269, 0x19e6: 0x01d9, 0x19e7: 0x0fa9, 0x19e8: 0x0fb9, 0x19e9: 0x1089,
+	0x19ea: 0x0279, 0x19eb: 0x0369, 0x19ec: 0x0289, 0x19ed: 0x13d1, 0x19ee: 0x0039, 0x19ef: 0x0ee9,
+	0x19f0: 0x1159, 0x19f1: 0x0ef9, 0x19f2: 0x0f09, 0x19f3: 0x1199, 0x19f4: 0x0f31, 0x19f5: 0x0249,
+	0x19f6: 0x0f41, 0x19f7: 0x0259, 0x19f8: 0x0f51, 0x19f9: 0x0359, 0x19fa: 0x0f61, 0x19fb: 0x0f71,
+	0x19fc: 0x00d9, 0x19fd: 0x0f99, 0x19fe: 0x2039, 0x19ff: 0x0269,
+	// Block 0x68, offset 0x1a00
+	0x1a00: 0x01d9, 0x1a01: 0x0fa9, 0x1a02: 0x0fb9, 0x1a03: 0x1089, 0x1a04: 0x0279, 0x1a05: 0x0369,
+	0x1a06: 0x0289, 0x1a07: 0x13d1, 0x1a08: 0x0039, 0x1a09: 0x0ee9, 0x1a0a: 0x1159, 0x1a0b: 0x0ef9,
+	0x1a0c: 0x0f09, 0x1a0d: 0x1199, 0x1a0e: 0x0f31, 0x1a0f: 0x0249, 0x1a10: 0x0f41, 0x1a11: 0x0259,
+	0x1a12: 0x0f51, 0x1a13: 0x0359, 0x1a14: 0x0f61, 0x1a15: 0x0f71, 0x1a16: 0x00d9, 0x1a17: 0x0f99,
+	0x1a18: 0x2039, 0x1a19: 0x0269, 0x1a1a: 0x01d9, 0x1a1b: 0x0fa9, 0x1a1c: 0x0fb9, 0x1a1d: 0x1089,
+	0x1a1e: 0x0279, 0x1a1f: 0x0369, 0x1a20: 0x0289, 0x1a21: 0x13d1, 0x1a22: 0x0039, 0x1a23: 0x0ee9,
+	0x1a24: 0x1159, 0x1a25: 0x0ef9, 0x1a26: 0x0f09, 0x1a27: 0x1199, 0x1a28: 0x0f31, 0x1a29: 0x0249,
+	0x1a2a: 0x0f41, 0x1a2b: 0x0259, 0x1a2c: 0x0f51, 0x1a2d: 0x0359, 0x1a2e: 0x0f61, 0x1a2f: 0x0f71,
+	0x1a30: 0x00d9, 0x1a31: 0x0f99, 0x1a32: 0x2039, 0x1a33: 0x0269, 0x1a34: 0x01d9, 0x1a35: 0x0fa9,
+	0x1a36: 0x0fb9, 0x1a37: 0x1089, 0x1a38: 0x0279, 0x1a39: 0x0369, 0x1a3a: 0x0289, 0x1a3b: 0x13d1,
+	0x1a3c: 0x0039, 0x1a3d: 0x0ee9, 0x1a3e: 0x1159, 0x1a3f: 0x0ef9,
+	// Block 0x69, offset 0x1a40
+	0x1a40: 0x0f09, 0x1a41: 0x1199, 0x1a42: 0x0f31, 0x1a43: 0x0249, 0x1a44: 0x0f41, 0x1a45: 0x0259,
+	0x1a46: 0x0f51, 0x1a47: 0x0359, 0x1a48: 0x0f61, 0x1a49: 0x0f71, 0x1a4a: 0x00d9, 0x1a4b: 0x0f99,
+	0x1a4c: 0x2039, 0x1a4d: 0x0269, 0x1a4e: 0x01d9, 0x1a4f: 0x0fa9, 0x1a50: 0x0fb9, 0x1a51: 0x1089,
+	0x1a52: 0x0279, 0x1a53: 0x0369, 0x1a54: 0x0289, 0x1a55: 0x13d1, 0x1a56: 0x0039, 0x1a57: 0x0ee9,
+	0x1a58: 0x1159, 0x1a59: 0x0ef9, 0x1a5a: 0x0f09, 0x1a5b: 0x1199, 0x1a5c: 0x0f31, 0x1a5d: 0x0249,
+	0x1a5e: 0x0f41, 0x1a5f: 0x0259, 0x1a60: 0x0f51, 0x1a61: 0x0359, 0x1a62: 0x0f61, 0x1a63: 0x0f71,
+	0x1a64: 0x00d9, 0x1a65: 0x0f99, 0x1a66: 0x2039, 0x1a67: 0x0269, 0x1a68: 0x01d9, 0x1a69: 0x0fa9,
+	0x1a6a: 0x0fb9, 0x1a6b: 0x1089, 0x1a6c: 0x0279, 0x1a6d: 0x0369, 0x1a6e: 0x0289, 0x1a6f: 0x13d1,
+	0x1a70: 0x0039, 0x1a71: 0x0ee9, 0x1a72: 0x1159, 0x1a73: 0x0ef9, 0x1a74: 0x0f09, 0x1a75: 0x1199,
+	0x1a76: 0x0f31, 0x1a77: 0x0249, 0x1a78: 0x0f41, 0x1a79: 0x0259, 0x1a7a: 0x0f51, 0x1a7b: 0x0359,
+	0x1a7c: 0x0f61, 0x1a7d: 0x0f71, 0x1a7e: 0x00d9, 0x1a7f: 0x0f99,
+	// Block 0x6a, offset 0x1a80
+	0x1a80: 0x2039, 0x1a81: 0x0269, 0x1a82: 0x01d9, 0x1a83: 0x0fa9, 0x1a84: 0x0fb9, 0x1a85: 0x1089,
+	0x1a86: 0x0279, 0x1a87: 0x0369, 0x1a88: 0x0289, 0x1a89: 0x13d1, 0x1a8a: 0x0039, 0x1a8b: 0x0ee9,
+	0x1a8c: 0x1159, 0x1a8d: 0x0ef9, 0x1a8e: 0x0f09, 0x1a8f: 0x1199, 0x1a90: 0x0f31, 0x1a91: 0x0249,
+	0x1a92: 0x0f41, 0x1a93: 0x0259, 0x1a94: 0x0f51, 0x1a95: 0x0359, 0x1a96: 0x0f61, 0x1a97: 0x0f71,
+	0x1a98: 0x00d9, 0x1a99: 0x0f99, 0x1a9a: 0x2039, 0x1a9b: 0x0269, 0x1a9c: 0x01d9, 0x1a9d: 0x0fa9,
+	0x1a9e: 0x0fb9, 0x1a9f: 0x1089, 0x1aa0: 0x0279, 0x1aa1: 0x0369, 0x1aa2: 0x0289, 0x1aa3: 0x13d1,
+	0x1aa4: 0xba81, 0x1aa5: 0xba99, 0x1aa6: 0x0040, 0x1aa7: 0x0040, 0x1aa8: 0xbab1, 0x1aa9: 0x1099,
+	0x1aaa: 0x10b1, 0x1aab: 0x10c9, 0x1aac: 0xbac9, 0x1aad: 0xbae1, 0x1aae: 0xbaf9, 0x1aaf: 0x1429,
+	0x1ab0: 0x1a31, 0x1ab1: 0xbb11, 0x1ab2: 0xbb29, 0x1ab3: 0xbb41, 0x1ab4: 0xbb59, 0x1ab5: 0xbb71,
+	0x1ab6: 0xbb89, 0x1ab7: 0x2109, 0x1ab8: 0x1111, 0x1ab9: 0x1429, 0x1aba: 0xbba1, 0x1abb: 0xbbb9,
+	0x1abc: 0xbbd1, 0x1abd: 0x10e1, 0x1abe: 0x10f9, 0x1abf: 0xbbe9,
+	// Block 0x6b, offset 0x1ac0
+	0x1ac0: 0x2079, 0x1ac1: 0xbc01, 0x1ac2: 0xbab1, 0x1ac3: 0x1099, 0x1ac4: 0x10b1, 0x1ac5: 0x10c9,
+	0x1ac6: 0xbac9, 0x1ac7: 0xbae1, 0x1ac8: 0xbaf9, 0x1ac9: 0x1429, 0x1aca: 0x1a31, 0x1acb: 0xbb11,
+	0x1acc: 0xbb29, 0x1acd: 0xbb41, 0x1ace: 0xbb59, 0x1acf: 0xbb71, 0x1ad0: 0xbb89, 0x1ad1: 0x2109,
+	0x1ad2: 0x1111, 0x1ad3: 0xbba1, 0x1ad4: 0xbba1, 0x1ad5: 0xbbb9, 0x1ad6: 0xbbd1, 0x1ad7: 0x10e1,
+	0x1ad8: 0x10f9, 0x1ad9: 0xbbe9, 0x1ada: 0x2079, 0x1adb: 0xbc21, 0x1adc: 0xbac9, 0x1add: 0x1429,
+	0x1ade: 0xbb11, 0x1adf: 0x10e1, 0x1ae0: 0x1111, 0x1ae1: 0x2109, 0x1ae2: 0xbab1, 0x1ae3: 0x1099,
+	0x1ae4: 0x10b1, 0x1ae5: 0x10c9, 0x1ae6: 0xbac9, 0x1ae7: 0xbae1, 0x1ae8: 0xbaf9, 0x1ae9: 0x1429,
+	0x1aea: 0x1a31, 0x1aeb: 0xbb11, 0x1aec: 0xbb29, 0x1aed: 0xbb41, 0x1aee: 0xbb59, 0x1aef: 0xbb71,
+	0x1af0: 0xbb89, 0x1af1: 0x2109, 0x1af2: 0x1111, 0x1af3: 0x1429, 0x1af4: 0xbba1, 0x1af5: 0xbbb9,
+	0x1af6: 0xbbd1, 0x1af7: 0x10e1, 0x1af8: 0x10f9, 0x1af9: 0xbbe9, 0x1afa: 0x2079, 0x1afb: 0xbc01,
+	0x1afc: 0xbab1, 0x1afd: 0x1099, 0x1afe: 0x10b1, 0x1aff: 0x10c9,
+	// Block 0x6c, offset 0x1b00
+	0x1b00: 0xbac9, 0x1b01: 0xbae1, 0x1b02: 0xbaf9, 0x1b03: 0x1429, 0x1b04: 0x1a31, 0x1b05: 0xbb11,
+	0x1b06: 0xbb29, 0x1b07: 0xbb41, 0x1b08: 0xbb59, 0x1b09: 0xbb71, 0x1b0a: 0xbb89, 0x1b0b: 0x2109,
+	0x1b0c: 0x1111, 0x1b0d: 0xbba1, 0x1b0e: 0xbba1, 0x1b0f: 0xbbb9, 0x1b10: 0xbbd1, 0x1b11: 0x10e1,
+	0x1b12: 0x10f9, 0x1b13: 0xbbe9, 0x1b14: 0x2079, 0x1b15: 0xbc21, 0x1b16: 0xbac9, 0x1b17: 0x1429,
+	0x1b18: 0xbb11, 0x1b19: 0x10e1, 0x1b1a: 0x1111, 0x1b1b: 0x2109, 0x1b1c: 0xbab1, 0x1b1d: 0x1099,
+	0x1b1e: 0x10b1, 0x1b1f: 0x10c9, 0x1b20: 0xbac9, 0x1b21: 0xbae1, 0x1b22: 0xbaf9, 0x1b23: 0x1429,
+	0x1b24: 0x1a31, 0x1b25: 0xbb11, 0x1b26: 0xbb29, 0x1b27: 0xbb41, 0x1b28: 0xbb59, 0x1b29: 0xbb71,
+	0x1b2a: 0xbb89, 0x1b2b: 0x2109, 0x1b2c: 0x1111, 0x1b2d: 0x1429, 0x1b2e: 0xbba1, 0x1b2f: 0xbbb9,
+	0x1b30: 0xbbd1, 0x1b31: 0x10e1, 0x1b32: 0x10f9, 0x1b33: 0xbbe9, 0x1b34: 0x2079, 0x1b35: 0xbc01,
+	0x1b36: 0xbab1, 0x1b37: 0x1099, 0x1b38: 0x10b1, 0x1b39: 0x10c9, 0x1b3a: 0xbac9, 0x1b3b: 0xbae1,
+	0x1b3c: 0xbaf9, 0x1b3d: 0x1429, 0x1b3e: 0x1a31, 0x1b3f: 0xbb11,
+	// Block 0x6d, offset 0x1b40
+	0x1b40: 0xbb29, 0x1b41: 0xbb41, 0x1b42: 0xbb59, 0x1b43: 0xbb71, 0x1b44: 0xbb89, 0x1b45: 0x2109,
+	0x1b46: 0x1111, 0x1b47: 0xbba1, 0x1b48: 0xbba1, 0x1b49: 0xbbb9, 0x1b4a: 0xbbd1, 0x1b4b: 0x10e1,
+	0x1b4c: 0x10f9, 0x1b4d: 0xbbe9, 0x1b4e: 0x2079, 0x1b4f: 0xbc21, 0x1b50: 0xbac9, 0x1b51: 0x1429,
+	0x1b52: 0xbb11, 0x1b53: 0x10e1, 0x1b54: 0x1111, 0x1b55: 0x2109, 0x1b56: 0xbab1, 0x1b57: 0x1099,
+	0x1b58: 0x10b1, 0x1b59: 0x10c9, 0x1b5a: 0xbac9, 0x1b5b: 0xbae1, 0x1b5c: 0xbaf9, 0x1b5d: 0x1429,
+	0x1b5e: 0x1a31, 0x1b5f: 0xbb11, 0x1b60: 0xbb29, 0x1b61: 0xbb41, 0x1b62: 0xbb59, 0x1b63: 0xbb71,
+	0x1b64: 0xbb89, 0x1b65: 0x2109, 0x1b66: 0x1111, 0x1b67: 0x1429, 0x1b68: 0xbba1, 0x1b69: 0xbbb9,
+	0x1b6a: 0xbbd1, 0x1b6b: 0x10e1, 0x1b6c: 0x10f9, 0x1b6d: 0xbbe9, 0x1b6e: 0x2079, 0x1b6f: 0xbc01,
+	0x1b70: 0xbab1, 0x1b71: 0x1099, 0x1b72: 0x10b1, 0x1b73: 0x10c9, 0x1b74: 0xbac9, 0x1b75: 0xbae1,
+	0x1b76: 0xbaf9, 0x1b77: 0x1429, 0x1b78: 0x1a31, 0x1b79: 0xbb11, 0x1b7a: 0xbb29, 0x1b7b: 0xbb41,
+	0x1b7c: 0xbb59, 0x1b7d: 0xbb71, 0x1b7e: 0xbb89, 0x1b7f: 0x2109,
+	// Block 0x6e, offset 0x1b80
+	0x1b80: 0x1111, 0x1b81: 0xbba1, 0x1b82: 0xbba1, 0x1b83: 0xbbb9, 0x1b84: 0xbbd1, 0x1b85: 0x10e1,
+	0x1b86: 0x10f9, 0x1b87: 0xbbe9, 0x1b88: 0x2079, 0x1b89: 0xbc21, 0x1b8a: 0xbac9, 0x1b8b: 0x1429,
+	0x1b8c: 0xbb11, 0x1b8d: 0x10e1, 0x1b8e: 0x1111, 0x1b8f: 0x2109, 0x1b90: 0xbab1, 0x1b91: 0x1099,
+	0x1b92: 0x10b1, 0x1b93: 0x10c9, 0x1b94: 0xbac9, 0x1b95: 0xbae1, 0x1b96: 0xbaf9, 0x1b97: 0x1429,
+	0x1b98: 0x1a31, 0x1b99: 0xbb11, 0x1b9a: 0xbb29, 0x1b9b: 0xbb41, 0x1b9c: 0xbb59, 0x1b9d: 0xbb71,
+	0x1b9e: 0xbb89, 0x1b9f: 0x2109, 0x1ba0: 0x1111, 0x1ba1: 0x1429, 0x1ba2: 0xbba1, 0x1ba3: 0xbbb9,
+	0x1ba4: 0xbbd1, 0x1ba5: 0x10e1, 0x1ba6: 0x10f9, 0x1ba7: 0xbbe9, 0x1ba8: 0x2079, 0x1ba9: 0xbc01,
+	0x1baa: 0xbab1, 0x1bab: 0x1099, 0x1bac: 0x10b1, 0x1bad: 0x10c9, 0x1bae: 0xbac9, 0x1baf: 0xbae1,
+	0x1bb0: 0xbaf9, 0x1bb1: 0x1429, 0x1bb2: 0x1a31, 0x1bb3: 0xbb11, 0x1bb4: 0xbb29, 0x1bb5: 0xbb41,
+	0x1bb6: 0xbb59, 0x1bb7: 0xbb71, 0x1bb8: 0xbb89, 0x1bb9: 0x2109, 0x1bba: 0x1111, 0x1bbb: 0xbba1,
+	0x1bbc: 0xbba1, 0x1bbd: 0xbbb9, 0x1bbe: 0xbbd1, 0x1bbf: 0x10e1,
+	// Block 0x6f, offset 0x1bc0
+	0x1bc0: 0x10f9, 0x1bc1: 0xbbe9, 0x1bc2: 0x2079, 0x1bc3: 0xbc21, 0x1bc4: 0xbac9, 0x1bc5: 0x1429,
+	0x1bc6: 0xbb11, 0x1bc7: 0x10e1, 0x1bc8: 0x1111, 0x1bc9: 0x2109, 0x1bca: 0xbc41, 0x1bcb: 0xbc41,
+	0x1bcc: 0x0040, 0x1bcd: 0x0040, 0x1bce: 0x1f41, 0x1bcf: 0x00c9, 0x1bd0: 0x0069, 0x1bd1: 0x0079,
+	0x1bd2: 0x1f51, 0x1bd3: 0x1f61, 0x1bd4: 0x1f71, 0x1bd5: 0x1f81, 0x1bd6: 0x1f91, 0x1bd7: 0x1fa1,
+	0x1bd8: 0x1f41, 0x1bd9: 0x00c9, 0x1bda: 0x0069, 0x1bdb: 0x0079, 0x1bdc: 0x1f51, 0x1bdd: 0x1f61,
+	0x1bde: 0x1f71, 0x1bdf: 0x1f81, 0x1be0: 0x1f91, 0x1be1: 0x1fa1, 0x1be2: 0x1f41, 0x1be3: 0x00c9,
+	0x1be4: 0x0069, 0x1be5: 0x0079, 0x1be6: 0x1f51, 0x1be7: 0x1f61, 0x1be8: 0x1f71, 0x1be9: 0x1f81,
+	0x1bea: 0x1f91, 0x1beb: 0x1fa1, 0x1bec: 0x1f41, 0x1bed: 0x00c9, 0x1bee: 0x0069, 0x1bef: 0x0079,
+	0x1bf0: 0x1f51, 0x1bf1: 0x1f61, 0x1bf2: 0x1f71, 0x1bf3: 0x1f81, 0x1bf4: 0x1f91, 0x1bf5: 0x1fa1,
+	0x1bf6: 0x1f41, 0x1bf7: 0x00c9, 0x1bf8: 0x0069, 0x1bf9: 0x0079, 0x1bfa: 0x1f51, 0x1bfb: 0x1f61,
+	0x1bfc: 0x1f71, 0x1bfd: 0x1f81, 0x1bfe: 0x1f91, 0x1bff: 0x1fa1,
+	// Block 0x70, offset 0x1c00
+	0x1c00: 0xe115, 0x1c01: 0xe115, 0x1c02: 0xe135, 0x1c03: 0xe135, 0x1c04: 0xe115, 0x1c05: 0xe115,
+	0x1c06: 0xe175, 0x1c07: 0xe175, 0x1c08: 0xe115, 0x1c09: 0xe115, 0x1c0a: 0xe135, 0x1c0b: 0xe135,
+	0x1c0c: 0xe115, 0x1c0d: 0xe115, 0x1c0e: 0xe1f5, 0x1c0f: 0xe1f5, 0x1c10: 0xe115, 0x1c11: 0xe115,
+	0x1c12: 0xe135, 0x1c13: 0xe135, 0x1c14: 0xe115, 0x1c15: 0xe115, 0x1c16: 0xe175, 0x1c17: 0xe175,
+	0x1c18: 0xe115, 0x1c19: 0xe115, 0x1c1a: 0xe135, 0x1c1b: 0xe135, 0x1c1c: 0xe115, 0x1c1d: 0xe115,
+	0x1c1e: 0x8b05, 0x1c1f: 0x8b05, 0x1c20: 0x04b5, 0x1c21: 0x04b5, 0x1c22: 0x0a08, 0x1c23: 0x0a08,
+	0x1c24: 0x0a08, 0x1c25: 0x0a08, 0x1c26: 0x0a08, 0x1c27: 0x0a08, 0x1c28: 0x0a08, 0x1c29: 0x0a08,
+	0x1c2a: 0x0a08, 0x1c2b: 0x0a08, 0x1c2c: 0x0a08, 0x1c2d: 0x0a08, 0x1c2e: 0x0a08, 0x1c2f: 0x0a08,
+	0x1c30: 0x0a08, 0x1c31: 0x0a08, 0x1c32: 0x0a08, 0x1c33: 0x0a08, 0x1c34: 0x0a08, 0x1c35: 0x0a08,
+	0x1c36: 0x0a08, 0x1c37: 0x0a08, 0x1c38: 0x0a08, 0x1c39: 0x0a08, 0x1c3a: 0x0a08, 0x1c3b: 0x0a08,
+	0x1c3c: 0x0a08, 0x1c3d: 0x0a08, 0x1c3e: 0x0a08, 0x1c3f: 0x0a08,
+	// Block 0x71, offset 0x1c40
+	0x1c40: 0xb189, 0x1c41: 0xb1a1, 0x1c42: 0xb201, 0x1c43: 0xb249, 0x1c44: 0x0040, 0x1c45: 0xb411,
+	0x1c46: 0xb291, 0x1c47: 0xb219, 0x1c48: 0xb309, 0x1c49: 0xb429, 0x1c4a: 0xb399, 0x1c4b: 0xb3b1,
+	0x1c4c: 0xb3c9, 0x1c4d: 0xb3e1, 0x1c4e: 0xb2a9, 0x1c4f: 0xb339, 0x1c50: 0xb369, 0x1c51: 0xb2d9,
+	0x1c52: 0xb381, 0x1c53: 0xb279, 0x1c54: 0xb2c1, 0x1c55: 0xb1d1, 0x1c56: 0xb1e9, 0x1c57: 0xb231,
+	0x1c58: 0xb261, 0x1c59: 0xb2f1, 0x1c5a: 0xb321, 0x1c5b: 0xb351, 0x1c5c: 0xbc59, 0x1c5d: 0x7949,
+	0x1c5e: 0xbc71, 0x1c5f: 0xbc89, 0x1c60: 0x0040, 0x1c61: 0xb1a1, 0x1c62: 0xb201, 0x1c63: 0x0040,
+	0x1c64: 0xb3f9, 0x1c65: 0x0040, 0x1c66: 0x0040, 0x1c67: 0xb219, 0x1c68: 0x0040, 0x1c69: 0xb429,
+	0x1c6a: 0xb399, 0x1c6b: 0xb3b1, 0x1c6c: 0xb3c9, 0x1c6d: 0xb3e1, 0x1c6e: 0xb2a9, 0x1c6f: 0xb339,
+	0x1c70: 0xb369, 0x1c71: 0xb2d9, 0x1c72: 0xb381, 0x1c73: 0x0040, 0x1c74: 0xb2c1, 0x1c75: 0xb1d1,
+	0x1c76: 0xb1e9, 0x1c77: 0xb231, 0x1c78: 0x0040, 0x1c79: 0xb2f1, 0x1c7a: 0x0040, 0x1c7b: 0xb351,
+	0x1c7c: 0x0040, 0x1c7d: 0x0040, 0x1c7e: 0x0040, 0x1c7f: 0x0040,
+	// Block 0x72, offset 0x1c80
+	0x1c80: 0x0040, 0x1c81: 0x0040, 0x1c82: 0xb201, 0x1c83: 0x0040, 0x1c84: 0x0040, 0x1c85: 0x0040,
+	0x1c86: 0x0040, 0x1c87: 0xb219, 0x1c88: 0x0040, 0x1c89: 0xb429, 0x1c8a: 0x0040, 0x1c8b: 0xb3b1,
+	0x1c8c: 0x0040, 0x1c8d: 0xb3e1, 0x1c8e: 0xb2a9, 0x1c8f: 0xb339, 0x1c90: 0x0040, 0x1c91: 0xb2d9,
+	0x1c92: 0xb381, 0x1c93: 0x0040, 0x1c94: 0xb2c1, 0x1c95: 0x0040, 0x1c96: 0x0040, 0x1c97: 0xb231,
+	0x1c98: 0x0040, 0x1c99: 0xb2f1, 0x1c9a: 0x0040, 0x1c9b: 0xb351, 0x1c9c: 0x0040, 0x1c9d: 0x7949,
+	0x1c9e: 0x0040, 0x1c9f: 0xbc89, 0x1ca0: 0x0040, 0x1ca1: 0xb1a1, 0x1ca2: 0xb201, 0x1ca3: 0x0040,
+	0x1ca4: 0xb3f9, 0x1ca5: 0x0040, 0x1ca6: 0x0040, 0x1ca7: 0xb219, 0x1ca8: 0xb309, 0x1ca9: 0xb429,
+	0x1caa: 0xb399, 0x1cab: 0x0040, 0x1cac: 0xb3c9, 0x1cad: 0xb3e1, 0x1cae: 0xb2a9, 0x1caf: 0xb339,
+	0x1cb0: 0xb369, 0x1cb1: 0xb2d9, 0x1cb2: 0xb381, 0x1cb3: 0x0040, 0x1cb4: 0xb2c1, 0x1cb5: 0xb1d1,
+	0x1cb6: 0xb1e9, 0x1cb7: 0xb231, 0x1cb8: 0x0040, 0x1cb9: 0xb2f1, 0x1cba: 0xb321, 0x1cbb: 0xb351,
+	0x1cbc: 0xbc59, 0x1cbd: 0x0040, 0x1cbe: 0xbc71, 0x1cbf: 0x0040,
+	// Block 0x73, offset 0x1cc0
+	0x1cc0: 0xb189, 0x1cc1: 0xb1a1, 0x1cc2: 0xb201, 0x1cc3: 0xb249, 0x1cc4: 0xb3f9, 0x1cc5: 0xb411,
+	0x1cc6: 0xb291, 0x1cc7: 0xb219, 0x1cc8: 0xb309, 0x1cc9: 0xb429, 0x1cca: 0x0040, 0x1ccb: 0xb3b1,
+	0x1ccc: 0xb3c9, 0x1ccd: 0xb3e1, 0x1cce: 0xb2a9, 0x1ccf: 0xb339, 0x1cd0: 0xb369, 0x1cd1: 0xb2d9,
+	0x1cd2: 0xb381, 0x1cd3: 0xb279, 0x1cd4: 0xb2c1, 0x1cd5: 0xb1d1, 0x1cd6: 0xb1e9, 0x1cd7: 0xb231,
+	0x1cd8: 0xb261, 0x1cd9: 0xb2f1, 0x1cda: 0xb321, 0x1cdb: 0xb351, 0x1cdc: 0x0040, 0x1cdd: 0x0040,
+	0x1cde: 0x0040, 0x1cdf: 0x0040, 0x1ce0: 0x0040, 0x1ce1: 0xb1a1, 0x1ce2: 0xb201, 0x1ce3: 0xb249,
+	0x1ce4: 0x0040, 0x1ce5: 0xb411, 0x1ce6: 0xb291, 0x1ce7: 0xb219, 0x1ce8: 0xb309, 0x1ce9: 0xb429,
+	0x1cea: 0x0040, 0x1ceb: 0xb3b1, 0x1cec: 0xb3c9, 0x1ced: 0xb3e1, 0x1cee: 0xb2a9, 0x1cef: 0xb339,
+	0x1cf0: 0xb369, 0x1cf1: 0xb2d9, 0x1cf2: 0xb381, 0x1cf3: 0xb279, 0x1cf4: 0xb2c1, 0x1cf5: 0xb1d1,
+	0x1cf6: 0xb1e9, 0x1cf7: 0xb231, 0x1cf8: 0xb261, 0x1cf9: 0xb2f1, 0x1cfa: 0xb321, 0x1cfb: 0xb351,
+	0x1cfc: 0x0040, 0x1cfd: 0x0040, 0x1cfe: 0x0040, 0x1cff: 0x0040,
+	// Block 0x74, offset 0x1d00
+	0x1d00: 0x0040, 0x1d01: 0xbca2, 0x1d02: 0xbcba, 0x1d03: 0xbcd2, 0x1d04: 0xbcea, 0x1d05: 0xbd02,
+	0x1d06: 0xbd1a, 0x1d07: 0xbd32, 0x1d08: 0xbd4a, 0x1d09: 0xbd62, 0x1d0a: 0xbd7a, 0x1d0b: 0x0018,
+	0x1d0c: 0x0018, 0x1d0d: 0x0040, 0x1d0e: 0x0040, 0x1d0f: 0x0040, 0x1d10: 0xbd92, 0x1d11: 0xbdb2,
+	0x1d12: 0xbdd2, 0x1d13: 0xbdf2, 0x1d14: 0xbe12, 0x1d15: 0xbe32, 0x1d16: 0xbe52, 0x1d17: 0xbe72,
+	0x1d18: 0xbe92, 0x1d19: 0xbeb2, 0x1d1a: 0xbed2, 0x1d1b: 0xbef2, 0x1d1c: 0xbf12, 0x1d1d: 0xbf32,
+	0x1d1e: 0xbf52, 0x1d1f: 0xbf72, 0x1d20: 0xbf92, 0x1d21: 0xbfb2, 0x1d22: 0xbfd2, 0x1d23: 0xbff2,
+	0x1d24: 0xc012, 0x1d25: 0xc032, 0x1d26: 0xc052, 0x1d27: 0xc072, 0x1d28: 0xc092, 0x1d29: 0xc0b2,
+	0x1d2a: 0xc0d1, 0x1d2b: 0x1159, 0x1d2c: 0x0269, 0x1d2d: 0x6671, 0x1d2e: 0xc111, 0x1d2f: 0x0040,
+	0x1d30: 0x0039, 0x1d31: 0x0ee9, 0x1d32: 0x1159, 0x1d33: 0x0ef9, 0x1d34: 0x0f09, 0x1d35: 0x1199,
+	0x1d36: 0x0f31, 0x1d37: 0x0249, 0x1d38: 0x0f41, 0x1d39: 0x0259, 0x1d3a: 0x0f51, 0x1d3b: 0x0359,
+	0x1d3c: 0x0f61, 0x1d3d: 0x0f71, 0x1d3e: 0x00d9, 0x1d3f: 0x0f99,
+	// Block 0x75, offset 0x1d40
+	0x1d40: 0x2039, 0x1d41: 0x0269, 0x1d42: 0x01d9, 0x1d43: 0x0fa9, 0x1d44: 0x0fb9, 0x1d45: 0x1089,
+	0x1d46: 0x0279, 0x1d47: 0x0369, 0x1d48: 0x0289, 0x1d49: 0x13d1, 0x1d4a: 0xc129, 0x1d4b: 0x65b1,
+	0x1d4c: 0xc141, 0x1d4d: 0x1441, 0x1d4e: 0xc159, 0x1d4f: 0xc179, 0x1d50: 0x0018, 0x1d51: 0x0018,
+	0x1d52: 0x0018, 0x1d53: 0x0018, 0x1d54: 0x0018, 0x1d55: 0x0018, 0x1d56: 0x0018, 0x1d57: 0x0018,
+	0x1d58: 0x0018, 0x1d59: 0x0018, 0x1d5a: 0x0018, 0x1d5b: 0x0018, 0x1d5c: 0x0018, 0x1d5d: 0x0018,
+	0x1d5e: 0x0018, 0x1d5f: 0x0018, 0x1d60: 0x0018, 0x1d61: 0x0018, 0x1d62: 0x0018, 0x1d63: 0x0018,
+	0x1d64: 0x0018, 0x1d65: 0x0018, 0x1d66: 0x0018, 0x1d67: 0x0018, 0x1d68: 0x0018, 0x1d69: 0x0018,
+	0x1d6a: 0xc191, 0x1d6b: 0xc1a9, 0x1d6c: 0x0040, 0x1d6d: 0x0040, 0x1d6e: 0x0040, 0x1d6f: 0x0040,
+	0x1d70: 0x0018, 0x1d71: 0x0018, 0x1d72: 0x0018, 0x1d73: 0x0018, 0x1d74: 0x0018, 0x1d75: 0x0018,
+	0x1d76: 0x0018, 0x1d77: 0x0018, 0x1d78: 0x0018, 0x1d79: 0x0018, 0x1d7a: 0x0018, 0x1d7b: 0x0018,
+	0x1d7c: 0x0018, 0x1d7d: 0x0018, 0x1d7e: 0x0018, 0x1d7f: 0x0018,
+	// Block 0x76, offset 0x1d80
+	0x1d80: 0xc1d9, 0x1d81: 0xc211, 0x1d82: 0xc249, 0x1d83: 0x0040, 0x1d84: 0x0040, 0x1d85: 0x0040,
+	0x1d86: 0x0040, 0x1d87: 0x0040, 0x1d88: 0x0040, 0x1d89: 0x0040, 0x1d8a: 0x0040, 0x1d8b: 0x0040,
+	0x1d8c: 0x0040, 0x1d8d: 0x0040, 0x1d8e: 0x0040, 0x1d8f: 0x0040, 0x1d90: 0xc269, 0x1d91: 0xc289,
+	0x1d92: 0xc2a9, 0x1d93: 0xc2c9, 0x1d94: 0xc2e9, 0x1d95: 0xc309, 0x1d96: 0xc329, 0x1d97: 0xc349,
+	0x1d98: 0xc369, 0x1d99: 0xc389, 0x1d9a: 0xc3a9, 0x1d9b: 0xc3c9, 0x1d9c: 0xc3e9, 0x1d9d: 0xc409,
+	0x1d9e: 0xc429, 0x1d9f: 0xc449, 0x1da0: 0xc469, 0x1da1: 0xc489, 0x1da2: 0xc4a9, 0x1da3: 0xc4c9,
+	0x1da4: 0xc4e9, 0x1da5: 0xc509, 0x1da6: 0xc529, 0x1da7: 0xc549, 0x1da8: 0xc569, 0x1da9: 0xc589,
+	0x1daa: 0xc5a9, 0x1dab: 0xc5c9, 0x1dac: 0xc5e9, 0x1dad: 0xc609, 0x1dae: 0xc629, 0x1daf: 0xc649,
+	0x1db0: 0xc669, 0x1db1: 0xc689, 0x1db2: 0xc6a9, 0x1db3: 0xc6c9, 0x1db4: 0xc6e9, 0x1db5: 0xc709,
+	0x1db6: 0xc729, 0x1db7: 0xc749, 0x1db8: 0xc769, 0x1db9: 0xc789, 0x1dba: 0xc7a9, 0x1dbb: 0xc7c9,
+	0x1dbc: 0x0040, 0x1dbd: 0x0040, 0x1dbe: 0x0040, 0x1dbf: 0x0040,
+	// Block 0x77, offset 0x1dc0
+	0x1dc0: 0xcaf9, 0x1dc1: 0xcb19, 0x1dc2: 0xcb39, 0x1dc3: 0x8b1d, 0x1dc4: 0xcb59, 0x1dc5: 0xcb79,
+	0x1dc6: 0xcb99, 0x1dc7: 0xcbb9, 0x1dc8: 0xcbd9, 0x1dc9: 0xcbf9, 0x1dca: 0xcc19, 0x1dcb: 0xcc39,
+	0x1dcc: 0xcc59, 0x1dcd: 0x8b3d, 0x1dce: 0xcc79, 0x1dcf: 0xcc99, 0x1dd0: 0xccb9, 0x1dd1: 0xccd9,
+	0x1dd2: 0x8b5d, 0x1dd3: 0xccf9, 0x1dd4: 0xcd19, 0x1dd5: 0xc429, 0x1dd6: 0x8b7d, 0x1dd7: 0xcd39,
+	0x1dd8: 0xcd59, 0x1dd9: 0xcd79, 0x1dda: 0xcd99, 0x1ddb: 0xcdb9, 0x1ddc: 0x8b9d, 0x1ddd: 0xcdd9,
+	0x1dde: 0xcdf9, 0x1ddf: 0xce19, 0x1de0: 0xce39, 0x1de1: 0xce59, 0x1de2: 0xc789, 0x1de3: 0xce79,
+	0x1de4: 0xce99, 0x1de5: 0xceb9, 0x1de6: 0xced9, 0x1de7: 0xcef9, 0x1de8: 0xcf19, 0x1de9: 0xcf39,
+	0x1dea: 0xcf59, 0x1deb: 0xcf79, 0x1dec: 0xcf99, 0x1ded: 0xcfb9, 0x1dee: 0xcfd9, 0x1def: 0xcff9,
+	0x1df0: 0xd019, 0x1df1: 0xd039, 0x1df2: 0xd039, 0x1df3: 0xd039, 0x1df4: 0x8bbd, 0x1df5: 0xd059,
+	0x1df6: 0xd079, 0x1df7: 0xd099, 0x1df8: 0x8bdd, 0x1df9: 0xd0b9, 0x1dfa: 0xd0d9, 0x1dfb: 0xd0f9,
+	0x1dfc: 0xd119, 0x1dfd: 0xd139, 0x1dfe: 0xd159, 0x1dff: 0xd179,
+	// Block 0x78, offset 0x1e00
+	0x1e00: 0xd199, 0x1e01: 0xd1b9, 0x1e02: 0xd1d9, 0x1e03: 0xd1f9, 0x1e04: 0xd219, 0x1e05: 0xd239,
+	0x1e06: 0xd239, 0x1e07: 0xd259, 0x1e08: 0xd279, 0x1e09: 0xd299, 0x1e0a: 0xd2b9, 0x1e0b: 0xd2d9,
+	0x1e0c: 0xd2f9, 0x1e0d: 0xd319, 0x1e0e: 0xd339, 0x1e0f: 0xd359, 0x1e10: 0xd379, 0x1e11: 0xd399,
+	0x1e12: 0xd3b9, 0x1e13: 0xd3d9, 0x1e14: 0xd3f9, 0x1e15: 0xd419, 0x1e16: 0xd439, 0x1e17: 0xd459,
+	0x1e18: 0xd479, 0x1e19: 0x8bfd, 0x1e1a: 0xd499, 0x1e1b: 0xd4b9, 0x1e1c: 0xd4d9, 0x1e1d: 0xc309,
+	0x1e1e: 0xd4f9, 0x1e1f: 0xd519, 0x1e20: 0x8c1d, 0x1e21: 0x8c3d, 0x1e22: 0xd539, 0x1e23: 0xd559,
+	0x1e24: 0xd579, 0x1e25: 0xd599, 0x1e26: 0xd5b9, 0x1e27: 0xd5d9, 0x1e28: 0x2040, 0x1e29: 0xd5f9,
+	0x1e2a: 0xd619, 0x1e2b: 0xd619, 0x1e2c: 0x8c5d, 0x1e2d: 0xd639, 0x1e2e: 0xd659, 0x1e2f: 0xd679,
+	0x1e30: 0xd699, 0x1e31: 0x8c7d, 0x1e32: 0xd6b9, 0x1e33: 0xd6d9, 0x1e34: 0x2040, 0x1e35: 0xd6f9,
+	0x1e36: 0xd719, 0x1e37: 0xd739, 0x1e38: 0xd759, 0x1e39: 0xd779, 0x1e3a: 0xd799, 0x1e3b: 0x8c9d,
+	0x1e3c: 0xd7b9, 0x1e3d: 0x8cbd, 0x1e3e: 0xd7d9, 0x1e3f: 0xd7f9,
+	// Block 0x79, offset 0x1e40
+	0x1e40: 0xd819, 0x1e41: 0xd839, 0x1e42: 0xd859, 0x1e43: 0xd879, 0x1e44: 0xd899, 0x1e45: 0xd8b9,
+	0x1e46: 0xd8d9, 0x1e47: 0xd8f9, 0x1e48: 0xd919, 0x1e49: 0x8cdd, 0x1e4a: 0xd939, 0x1e4b: 0xd959,
+	0x1e4c: 0xd979, 0x1e4d: 0xd999, 0x1e4e: 0xd9b9, 0x1e4f: 0x8cfd, 0x1e50: 0xd9d9, 0x1e51: 0x8d1d,
+	0x1e52: 0x8d3d, 0x1e53: 0xd9f9, 0x1e54: 0xda19, 0x1e55: 0xda19, 0x1e56: 0xda39, 0x1e57: 0x8d5d,
+	0x1e58: 0x8d7d, 0x1e59: 0xda59, 0x1e5a: 0xda79, 0x1e5b: 0xda99, 0x1e5c: 0xdab9, 0x1e5d: 0xdad9,
+	0x1e5e: 0xdaf9, 0x1e5f: 0xdb19, 0x1e60: 0xdb39, 0x1e61: 0xdb59, 0x1e62: 0xdb79, 0x1e63: 0xdb99,
+	0x1e64: 0x8d9d, 0x1e65: 0xdbb9, 0x1e66: 0xdbd9, 0x1e67: 0xdbf9, 0x1e68: 0xdc19, 0x1e69: 0xdbf9,
+	0x1e6a: 0xdc39, 0x1e6b: 0xdc59, 0x1e6c: 0xdc79, 0x1e6d: 0xdc99, 0x1e6e: 0xdcb9, 0x1e6f: 0xdcd9,
+	0x1e70: 0xdcf9, 0x1e71: 0xdd19, 0x1e72: 0xdd39, 0x1e73: 0xdd59, 0x1e74: 0xdd79, 0x1e75: 0xdd99,
+	0x1e76: 0xddb9, 0x1e77: 0xddd9, 0x1e78: 0x8dbd, 0x1e79: 0xddf9, 0x1e7a: 0xde19, 0x1e7b: 0xde39,
+	0x1e7c: 0xde59, 0x1e7d: 0xde79, 0x1e7e: 0x8ddd, 0x1e7f: 0xde99,
+	// Block 0x7a, offset 0x1e80
+	0x1e80: 0xe599, 0x1e81: 0xe5b9, 0x1e82: 0xe5d9, 0x1e83: 0xe5f9, 0x1e84: 0xe619, 0x1e85: 0xe639,
+	0x1e86: 0x8efd, 0x1e87: 0xe659, 0x1e88: 0xe679, 0x1e89: 0xe699, 0x1e8a: 0xe6b9, 0x1e8b: 0xe6d9,
+	0x1e8c: 0xe6f9, 0x1e8d: 0x8f1d, 0x1e8e: 0xe719, 0x1e8f: 0xe739, 0x1e90: 0x8f3d, 0x1e91: 0x8f5d,
+	0x1e92: 0xe759, 0x1e93: 0xe779, 0x1e94: 0xe799, 0x1e95: 0xe7b9, 0x1e96: 0xe7d9, 0x1e97: 0xe7f9,
+	0x1e98: 0xe819, 0x1e99: 0xe839, 0x1e9a: 0xe859, 0x1e9b: 0x8f7d, 0x1e9c: 0xe879, 0x1e9d: 0x8f9d,
+	0x1e9e: 0xe899, 0x1e9f: 0x2040, 0x1ea0: 0xe8b9, 0x1ea1: 0xe8d9, 0x1ea2: 0xe8f9, 0x1ea3: 0x8fbd,
+	0x1ea4: 0xe919, 0x1ea5: 0xe939, 0x1ea6: 0x8fdd, 0x1ea7: 0x8ffd, 0x1ea8: 0xe959, 0x1ea9: 0xe979,
+	0x1eaa: 0xe999, 0x1eab: 0xe9b9, 0x1eac: 0xe9d9, 0x1ead: 0xe9d9, 0x1eae: 0xe9f9, 0x1eaf: 0xea19,
+	0x1eb0: 0xea39, 0x1eb1: 0xea59, 0x1eb2: 0xea79, 0x1eb3: 0xea99, 0x1eb4: 0xeab9, 0x1eb5: 0x901d,
+	0x1eb6: 0xead9, 0x1eb7: 0x903d, 0x1eb8: 0xeaf9, 0x1eb9: 0x905d, 0x1eba: 0xeb19, 0x1ebb: 0x907d,
+	0x1ebc: 0x909d, 0x1ebd: 0x90bd, 0x1ebe: 0xeb39, 0x1ebf: 0xeb59,
+	// Block 0x7b, offset 0x1ec0
+	0x1ec0: 0xeb79, 0x1ec1: 0x90dd, 0x1ec2: 0x90fd, 0x1ec3: 0x911d, 0x1ec4: 0x913d, 0x1ec5: 0xeb99,
+	0x1ec6: 0xebb9, 0x1ec7: 0xebb9, 0x1ec8: 0xebd9, 0x1ec9: 0xebf9, 0x1eca: 0xec19, 0x1ecb: 0xec39,
+	0x1ecc: 0xec59, 0x1ecd: 0x915d, 0x1ece: 0xec79, 0x1ecf: 0xec99, 0x1ed0: 0xecb9, 0x1ed1: 0xecd9,
+	0x1ed2: 0x917d, 0x1ed3: 0xecf9, 0x1ed4: 0x919d, 0x1ed5: 0x91bd, 0x1ed6: 0xed19, 0x1ed7: 0xed39,
+	0x1ed8: 0xed59, 0x1ed9: 0xed79, 0x1eda: 0xed99, 0x1edb: 0xedb9, 0x1edc: 0x91dd, 0x1edd: 0x91fd,
+	0x1ede: 0x921d, 0x1edf: 0x2040, 0x1ee0: 0xedd9, 0x1ee1: 0x923d, 0x1ee2: 0xedf9, 0x1ee3: 0xee19,
+	0x1ee4: 0xee39, 0x1ee5: 0x925d, 0x1ee6: 0xee59, 0x1ee7: 0xee79, 0x1ee8: 0xee99, 0x1ee9: 0xeeb9,
+	0x1eea: 0xeed9, 0x1eeb: 0x927d, 0x1eec: 0xeef9, 0x1eed: 0xef19, 0x1eee: 0xef39, 0x1eef: 0xef59,
+	0x1ef0: 0xef79, 0x1ef1: 0xef99, 0x1ef2: 0x929d, 0x1ef3: 0x92bd, 0x1ef4: 0xefb9, 0x1ef5: 0x92dd,
+	0x1ef6: 0xefd9, 0x1ef7: 0x92fd, 0x1ef8: 0xeff9, 0x1ef9: 0xf019, 0x1efa: 0xf039, 0x1efb: 0x931d,
+	0x1efc: 0x933d, 0x1efd: 0xf059, 0x1efe: 0x935d, 0x1eff: 0xf079,
+	// Block 0x7c, offset 0x1f00
+	0x1f00: 0xf6b9, 0x1f01: 0xf6d9, 0x1f02: 0xf6f9, 0x1f03: 0xf719, 0x1f04: 0xf739, 0x1f05: 0x951d,
+	0x1f06: 0xf759, 0x1f07: 0xf779, 0x1f08: 0xf799, 0x1f09: 0xf7b9, 0x1f0a: 0xf7d9, 0x1f0b: 0x953d,
+	0x1f0c: 0x955d, 0x1f0d: 0xf7f9, 0x1f0e: 0xf819, 0x1f0f: 0xf839, 0x1f10: 0xf859, 0x1f11: 0xf879,
+	0x1f12: 0xf899, 0x1f13: 0x957d, 0x1f14: 0xf8b9, 0x1f15: 0xf8d9, 0x1f16: 0xf8f9, 0x1f17: 0xf919,
+	0x1f18: 0x959d, 0x1f19: 0x95bd, 0x1f1a: 0xf939, 0x1f1b: 0xf959, 0x1f1c: 0xf979, 0x1f1d: 0x95dd,
+	0x1f1e: 0xf999, 0x1f1f: 0xf9b9, 0x1f20: 0x6815, 0x1f21: 0x95fd, 0x1f22: 0xf9d9, 0x1f23: 0xf9f9,
+	0x1f24: 0xfa19, 0x1f25: 0x961d, 0x1f26: 0xfa39, 0x1f27: 0xfa59, 0x1f28: 0xfa79, 0x1f29: 0xfa99,
+	0x1f2a: 0xfab9, 0x1f2b: 0xfad9, 0x1f2c: 0xfaf9, 0x1f2d: 0x963d, 0x1f2e: 0xfb19, 0x1f2f: 0xfb39,
+	0x1f30: 0xfb59, 0x1f31: 0x965d, 0x1f32: 0xfb79, 0x1f33: 0xfb99, 0x1f34: 0xfbb9, 0x1f35: 0xfbd9,
+	0x1f36: 0x7b35, 0x1f37: 0x967d, 0x1f38: 0xfbf9, 0x1f39: 0xfc19, 0x1f3a: 0xfc39, 0x1f3b: 0x969d,
+	0x1f3c: 0xfc59, 0x1f3d: 0x96bd, 0x1f3e: 0xfc79, 0x1f3f: 0xfc79,
+	// Block 0x7d, offset 0x1f40
+	0x1f40: 0xfc99, 0x1f41: 0x96dd, 0x1f42: 0xfcb9, 0x1f43: 0xfcd9, 0x1f44: 0xfcf9, 0x1f45: 0xfd19,
+	0x1f46: 0xfd39, 0x1f47: 0xfd59, 0x1f48: 0xfd79, 0x1f49: 0x96fd, 0x1f4a: 0xfd99, 0x1f4b: 0xfdb9,
+	0x1f4c: 0xfdd9, 0x1f4d: 0xfdf9, 0x1f4e: 0xfe19, 0x1f4f: 0xfe39, 0x1f50: 0x971d, 0x1f51: 0xfe59,
+	0x1f52: 0x973d, 0x1f53: 0x975d, 0x1f54: 0x977d, 0x1f55: 0xfe79, 0x1f56: 0xfe99, 0x1f57: 0xfeb9,
+	0x1f58: 0xfed9, 0x1f59: 0xfef9, 0x1f5a: 0xff19, 0x1f5b: 0xff39, 0x1f5c: 0xff59, 0x1f5d: 0x979d,
+	0x1f5e: 0x0040, 0x1f5f: 0x0040, 0x1f60: 0x0040, 0x1f61: 0x0040, 0x1f62: 0x0040, 0x1f63: 0x0040,
+	0x1f64: 0x0040, 0x1f65: 0x0040, 0x1f66: 0x0040, 0x1f67: 0x0040, 0x1f68: 0x0040, 0x1f69: 0x0040,
+	0x1f6a: 0x0040, 0x1f6b: 0x0040, 0x1f6c: 0x0040, 0x1f6d: 0x0040, 0x1f6e: 0x0040, 0x1f6f: 0x0040,
+	0x1f70: 0x0040, 0x1f71: 0x0040, 0x1f72: 0x0040, 0x1f73: 0x0040, 0x1f74: 0x0040, 0x1f75: 0x0040,
+	0x1f76: 0x0040, 0x1f77: 0x0040, 0x1f78: 0x0040, 0x1f79: 0x0040, 0x1f7a: 0x0040, 0x1f7b: 0x0040,
+	0x1f7c: 0x0040, 0x1f7d: 0x0040, 0x1f7e: 0x0040, 0x1f7f: 0x0040,
+}
+
+// idnaIndex: 35 blocks, 2240 entries, 4480 bytes
+// Block 0 is the zero block.
+var idnaIndex = [2240]uint16{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x01, 0xc3: 0x7c, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x04, 0xc7: 0x05,
+	0xc8: 0x06, 0xc9: 0x7d, 0xca: 0x7e, 0xcb: 0x07, 0xcc: 0x7f, 0xcd: 0x08, 0xce: 0x09, 0xcf: 0x0a,
+	0xd0: 0x80, 0xd1: 0x0b, 0xd2: 0x0c, 0xd3: 0x0d, 0xd4: 0x0e, 0xd5: 0x81, 0xd6: 0x82, 0xd7: 0x83,
+	0xd8: 0x0f, 0xd9: 0x10, 0xda: 0x84, 0xdb: 0x11, 0xdc: 0x12, 0xdd: 0x85, 0xde: 0x86, 0xdf: 0x87,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06, 0xe5: 0x07, 0xe6: 0x07, 0xe7: 0x07,
+	0xe8: 0x07, 0xe9: 0x08, 0xea: 0x09, 0xeb: 0x07, 0xec: 0x07, 0xed: 0x0a, 0xee: 0x0b, 0xef: 0x0c,
+	0xf0: 0x1c, 0xf1: 0x1d, 0xf2: 0x1d, 0xf3: 0x1f, 0xf4: 0x20,
+	// Block 0x4, offset 0x100
+	0x120: 0x88, 0x121: 0x89, 0x122: 0x8a, 0x123: 0x8b, 0x124: 0x8c, 0x125: 0x13, 0x126: 0x14, 0x127: 0x15,
+	0x128: 0x16, 0x129: 0x17, 0x12a: 0x18, 0x12b: 0x19, 0x12c: 0x1a, 0x12d: 0x1b, 0x12e: 0x1c, 0x12f: 0x8d,
+	0x130: 0x8e, 0x131: 0x1d, 0x132: 0x1e, 0x133: 0x1f, 0x134: 0x8f, 0x135: 0x20, 0x136: 0x90, 0x137: 0x91,
+	0x138: 0x92, 0x139: 0x93, 0x13a: 0x21, 0x13b: 0x94, 0x13c: 0x95, 0x13d: 0x22, 0x13e: 0x23, 0x13f: 0x96,
+	// Block 0x5, offset 0x140
+	0x140: 0x97, 0x141: 0x98, 0x142: 0x99, 0x143: 0x9a, 0x144: 0x9b, 0x145: 0x9c, 0x146: 0x9d, 0x147: 0x9e,
+	0x148: 0x9f, 0x149: 0xa0, 0x14a: 0xa1, 0x14b: 0xa2, 0x14c: 0xa3, 0x14d: 0xa4, 0x14e: 0xa5, 0x14f: 0xa6,
+	0x150: 0xa7, 0x151: 0x9f, 0x152: 0x9f, 0x153: 0x9f, 0x154: 0x9f, 0x155: 0x9f, 0x156: 0x9f, 0x157: 0x9f,
+	0x158: 0x9f, 0x159: 0xa8, 0x15a: 0xa9, 0x15b: 0xaa, 0x15c: 0xab, 0x15d: 0xac, 0x15e: 0xad, 0x15f: 0xae,
+	0x160: 0xaf, 0x161: 0xb0, 0x162: 0xb1, 0x163: 0xb2, 0x164: 0xb3, 0x165: 0xb4, 0x166: 0xb5, 0x167: 0xb6,
+	0x168: 0xb7, 0x169: 0xb8, 0x16a: 0xb9, 0x16b: 0xba, 0x16c: 0xbb, 0x16d: 0xbc, 0x16e: 0xbd, 0x16f: 0xbe,
+	0x170: 0xbf, 0x171: 0xc0, 0x172: 0xc1, 0x173: 0xc2, 0x174: 0x24, 0x175: 0x25, 0x176: 0x26, 0x177: 0xc3,
+	0x178: 0x27, 0x179: 0x27, 0x17a: 0x28, 0x17b: 0x27, 0x17c: 0xc4, 0x17d: 0x29, 0x17e: 0x2a, 0x17f: 0x2b,
+	// Block 0x6, offset 0x180
+	0x180: 0x2c, 0x181: 0x2d, 0x182: 0x2e, 0x183: 0xc5, 0x184: 0x2f, 0x185: 0x30, 0x186: 0xc6, 0x187: 0x9b,
+	0x188: 0xc7, 0x189: 0xc8, 0x18a: 0x9b, 0x18b: 0x9b, 0x18c: 0xc9, 0x18d: 0x9b, 0x18e: 0x9b, 0x18f: 0xca,
+	0x190: 0xcb, 0x191: 0x31, 0x192: 0x32, 0x193: 0x33, 0x194: 0x9b, 0x195: 0x9b, 0x196: 0x9b, 0x197: 0x9b,
+	0x198: 0x9b, 0x199: 0x9b, 0x19a: 0x9b, 0x19b: 0x9b, 0x19c: 0x9b, 0x19d: 0x9b, 0x19e: 0x9b, 0x19f: 0x9b,
+	0x1a0: 0x9b, 0x1a1: 0x9b, 0x1a2: 0x9b, 0x1a3: 0x9b, 0x1a4: 0x9b, 0x1a5: 0x9b, 0x1a6: 0x9b, 0x1a7: 0x9b,
+	0x1a8: 0xcc, 0x1a9: 0xcd, 0x1aa: 0x9b, 0x1ab: 0xce, 0x1ac: 0x9b, 0x1ad: 0xcf, 0x1ae: 0xd0, 0x1af: 0xd1,
+	0x1b0: 0xd2, 0x1b1: 0x34, 0x1b2: 0x27, 0x1b3: 0x35, 0x1b4: 0xd3, 0x1b5: 0xd4, 0x1b6: 0xd5, 0x1b7: 0xd6,
+	0x1b8: 0xd7, 0x1b9: 0xd8, 0x1ba: 0xd9, 0x1bb: 0xda, 0x1bc: 0xdb, 0x1bd: 0xdc, 0x1be: 0xdd, 0x1bf: 0x36,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x37, 0x1c1: 0xde, 0x1c2: 0xdf, 0x1c3: 0xe0, 0x1c4: 0xe1, 0x1c5: 0x38, 0x1c6: 0x39, 0x1c7: 0xe2,
+	0x1c8: 0xe3, 0x1c9: 0x3a, 0x1ca: 0x3b, 0x1cb: 0x3c, 0x1cc: 0x3d, 0x1cd: 0x3e, 0x1ce: 0x3f, 0x1cf: 0x40,
+	0x1d0: 0x9f, 0x1d1: 0x9f, 0x1d2: 0x9f, 0x1d3: 0x9f, 0x1d4: 0x9f, 0x1d5: 0x9f, 0x1d6: 0x9f, 0x1d7: 0x9f,
+	0x1d8: 0x9f, 0x1d9: 0x9f, 0x1da: 0x9f, 0x1db: 0x9f, 0x1dc: 0x9f, 0x1dd: 0x9f, 0x1de: 0x9f, 0x1df: 0x9f,
+	0x1e0: 0x9f, 0x1e1: 0x9f, 0x1e2: 0x9f, 0x1e3: 0x9f, 0x1e4: 0x9f, 0x1e5: 0x9f, 0x1e6: 0x9f, 0x1e7: 0x9f,
+	0x1e8: 0x9f, 0x1e9: 0x9f, 0x1ea: 0x9f, 0x1eb: 0x9f, 0x1ec: 0x9f, 0x1ed: 0x9f, 0x1ee: 0x9f, 0x1ef: 0x9f,
+	0x1f0: 0x9f, 0x1f1: 0x9f, 0x1f2: 0x9f, 0x1f3: 0x9f, 0x1f4: 0x9f, 0x1f5: 0x9f, 0x1f6: 0x9f, 0x1f7: 0x9f,
+	0x1f8: 0x9f, 0x1f9: 0x9f, 0x1fa: 0x9f, 0x1fb: 0x9f, 0x1fc: 0x9f, 0x1fd: 0x9f, 0x1fe: 0x9f, 0x1ff: 0x9f,
+	// Block 0x8, offset 0x200
+	0x200: 0x9f, 0x201: 0x9f, 0x202: 0x9f, 0x203: 0x9f, 0x204: 0x9f, 0x205: 0x9f, 0x206: 0x9f, 0x207: 0x9f,
+	0x208: 0x9f, 0x209: 0x9f, 0x20a: 0x9f, 0x20b: 0x9f, 0x20c: 0x9f, 0x20d: 0x9f, 0x20e: 0x9f, 0x20f: 0x9f,
+	0x210: 0x9f, 0x211: 0x9f, 0x212: 0x9f, 0x213: 0x9f, 0x214: 0x9f, 0x215: 0x9f, 0x216: 0x9f, 0x217: 0x9f,
+	0x218: 0x9f, 0x219: 0x9f, 0x21a: 0x9f, 0x21b: 0x9f, 0x21c: 0x9f, 0x21d: 0x9f, 0x21e: 0x9f, 0x21f: 0x9f,
+	0x220: 0x9f, 0x221: 0x9f, 0x222: 0x9f, 0x223: 0x9f, 0x224: 0x9f, 0x225: 0x9f, 0x226: 0x9f, 0x227: 0x9f,
+	0x228: 0x9f, 0x229: 0x9f, 0x22a: 0x9f, 0x22b: 0x9f, 0x22c: 0x9f, 0x22d: 0x9f, 0x22e: 0x9f, 0x22f: 0x9f,
+	0x230: 0x9f, 0x231: 0x9f, 0x232: 0x9f, 0x233: 0x9f, 0x234: 0x9f, 0x235: 0x9f, 0x236: 0xb2, 0x237: 0x9b,
+	0x238: 0x9f, 0x239: 0x9f, 0x23a: 0x9f, 0x23b: 0x9f, 0x23c: 0x9f, 0x23d: 0x9f, 0x23e: 0x9f, 0x23f: 0x9f,
+	// Block 0x9, offset 0x240
+	0x240: 0x9f, 0x241: 0x9f, 0x242: 0x9f, 0x243: 0x9f, 0x244: 0x9f, 0x245: 0x9f, 0x246: 0x9f, 0x247: 0x9f,
+	0x248: 0x9f, 0x249: 0x9f, 0x24a: 0x9f, 0x24b: 0x9f, 0x24c: 0x9f, 0x24d: 0x9f, 0x24e: 0x9f, 0x24f: 0x9f,
+	0x250: 0x9f, 0x251: 0x9f, 0x252: 0x9f, 0x253: 0x9f, 0x254: 0x9f, 0x255: 0x9f, 0x256: 0x9f, 0x257: 0x9f,
+	0x258: 0x9f, 0x259: 0x9f, 0x25a: 0x9f, 0x25b: 0x9f, 0x25c: 0x9f, 0x25d: 0x9f, 0x25e: 0x9f, 0x25f: 0x9f,
+	0x260: 0x9f, 0x261: 0x9f, 0x262: 0x9f, 0x263: 0x9f, 0x264: 0x9f, 0x265: 0x9f, 0x266: 0x9f, 0x267: 0x9f,
+	0x268: 0x9f, 0x269: 0x9f, 0x26a: 0x9f, 0x26b: 0x9f, 0x26c: 0x9f, 0x26d: 0x9f, 0x26e: 0x9f, 0x26f: 0x9f,
+	0x270: 0x9f, 0x271: 0x9f, 0x272: 0x9f, 0x273: 0x9f, 0x274: 0x9f, 0x275: 0x9f, 0x276: 0x9f, 0x277: 0x9f,
+	0x278: 0x9f, 0x279: 0x9f, 0x27a: 0x9f, 0x27b: 0x9f, 0x27c: 0x9f, 0x27d: 0x9f, 0x27e: 0x9f, 0x27f: 0x9f,
+	// Block 0xa, offset 0x280
+	0x280: 0x9f, 0x281: 0x9f, 0x282: 0x9f, 0x283: 0x9f, 0x284: 0x9f, 0x285: 0x9f, 0x286: 0x9f, 0x287: 0x9f,
+	0x288: 0x9f, 0x289: 0x9f, 0x28a: 0x9f, 0x28b: 0x9f, 0x28c: 0x9f, 0x28d: 0x9f, 0x28e: 0x9f, 0x28f: 0x9f,
+	0x290: 0x9f, 0x291: 0x9f, 0x292: 0x9f, 0x293: 0x9f, 0x294: 0x9f, 0x295: 0x9f, 0x296: 0x9f, 0x297: 0x9f,
+	0x298: 0x9f, 0x299: 0x9f, 0x29a: 0x9f, 0x29b: 0x9f, 0x29c: 0x9f, 0x29d: 0x9f, 0x29e: 0x9f, 0x29f: 0x9f,
+	0x2a0: 0x9f, 0x2a1: 0x9f, 0x2a2: 0x9f, 0x2a3: 0x9f, 0x2a4: 0x9f, 0x2a5: 0x9f, 0x2a6: 0x9f, 0x2a7: 0x9f,
+	0x2a8: 0x9f, 0x2a9: 0x9f, 0x2aa: 0x9f, 0x2ab: 0x9f, 0x2ac: 0x9f, 0x2ad: 0x9f, 0x2ae: 0x9f, 0x2af: 0x9f,
+	0x2b0: 0x9f, 0x2b1: 0x9f, 0x2b2: 0x9f, 0x2b3: 0x9f, 0x2b4: 0x9f, 0x2b5: 0x9f, 0x2b6: 0x9f, 0x2b7: 0x9f,
+	0x2b8: 0x9f, 0x2b9: 0x9f, 0x2ba: 0x9f, 0x2bb: 0x9f, 0x2bc: 0x9f, 0x2bd: 0x9f, 0x2be: 0x9f, 0x2bf: 0xe4,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x9f, 0x2c1: 0x9f, 0x2c2: 0x9f, 0x2c3: 0x9f, 0x2c4: 0x9f, 0x2c5: 0x9f, 0x2c6: 0x9f, 0x2c7: 0x9f,
+	0x2c8: 0x9f, 0x2c9: 0x9f, 0x2ca: 0x9f, 0x2cb: 0x9f, 0x2cc: 0x9f, 0x2cd: 0x9f, 0x2ce: 0x9f, 0x2cf: 0x9f,
+	0x2d0: 0x9f, 0x2d1: 0x9f, 0x2d2: 0xe5, 0x2d3: 0xe6, 0x2d4: 0x9f, 0x2d5: 0x9f, 0x2d6: 0x9f, 0x2d7: 0x9f,
+	0x2d8: 0xe7, 0x2d9: 0x41, 0x2da: 0x42, 0x2db: 0xe8, 0x2dc: 0x43, 0x2dd: 0x44, 0x2de: 0x45, 0x2df: 0xe9,
+	0x2e0: 0xea, 0x2e1: 0xeb, 0x2e2: 0xec, 0x2e3: 0xed, 0x2e4: 0xee, 0x2e5: 0xef, 0x2e6: 0xf0, 0x2e7: 0xf1,
+	0x2e8: 0xf2, 0x2e9: 0xf3, 0x2ea: 0xf4, 0x2eb: 0xf5, 0x2ec: 0xf6, 0x2ed: 0xf7, 0x2ee: 0xf8, 0x2ef: 0xf9,
+	0x2f0: 0x9f, 0x2f1: 0x9f, 0x2f2: 0x9f, 0x2f3: 0x9f, 0x2f4: 0x9f, 0x2f5: 0x9f, 0x2f6: 0x9f, 0x2f7: 0x9f,
+	0x2f8: 0x9f, 0x2f9: 0x9f, 0x2fa: 0x9f, 0x2fb: 0x9f, 0x2fc: 0x9f, 0x2fd: 0x9f, 0x2fe: 0x9f, 0x2ff: 0x9f,
+	// Block 0xc, offset 0x300
+	0x300: 0x9f, 0x301: 0x9f, 0x302: 0x9f, 0x303: 0x9f, 0x304: 0x9f, 0x305: 0x9f, 0x306: 0x9f, 0x307: 0x9f,
+	0x308: 0x9f, 0x309: 0x9f, 0x30a: 0x9f, 0x30b: 0x9f, 0x30c: 0x9f, 0x30d: 0x9f, 0x30e: 0x9f, 0x30f: 0x9f,
+	0x310: 0x9f, 0x311: 0x9f, 0x312: 0x9f, 0x313: 0x9f, 0x314: 0x9f, 0x315: 0x9f, 0x316: 0x9f, 0x317: 0x9f,
+	0x318: 0x9f, 0x319: 0x9f, 0x31a: 0x9f, 0x31b: 0x9f, 0x31c: 0x9f, 0x31d: 0x9f, 0x31e: 0xfa, 0x31f: 0xfb,
+	// Block 0xd, offset 0x340
+	0x340: 0xba, 0x341: 0xba, 0x342: 0xba, 0x343: 0xba, 0x344: 0xba, 0x345: 0xba, 0x346: 0xba, 0x347: 0xba,
+	0x348: 0xba, 0x349: 0xba, 0x34a: 0xba, 0x34b: 0xba, 0x34c: 0xba, 0x34d: 0xba, 0x34e: 0xba, 0x34f: 0xba,
+	0x350: 0xba, 0x351: 0xba, 0x352: 0xba, 0x353: 0xba, 0x354: 0xba, 0x355: 0xba, 0x356: 0xba, 0x357: 0xba,
+	0x358: 0xba, 0x359: 0xba, 0x35a: 0xba, 0x35b: 0xba, 0x35c: 0xba, 0x35d: 0xba, 0x35e: 0xba, 0x35f: 0xba,
+	0x360: 0xba, 0x361: 0xba, 0x362: 0xba, 0x363: 0xba, 0x364: 0xba, 0x365: 0xba, 0x366: 0xba, 0x367: 0xba,
+	0x368: 0xba, 0x369: 0xba, 0x36a: 0xba, 0x36b: 0xba, 0x36c: 0xba, 0x36d: 0xba, 0x36e: 0xba, 0x36f: 0xba,
+	0x370: 0xba, 0x371: 0xba, 0x372: 0xba, 0x373: 0xba, 0x374: 0xba, 0x375: 0xba, 0x376: 0xba, 0x377: 0xba,
+	0x378: 0xba, 0x379: 0xba, 0x37a: 0xba, 0x37b: 0xba, 0x37c: 0xba, 0x37d: 0xba, 0x37e: 0xba, 0x37f: 0xba,
+	// Block 0xe, offset 0x380
+	0x380: 0xba, 0x381: 0xba, 0x382: 0xba, 0x383: 0xba, 0x384: 0xba, 0x385: 0xba, 0x386: 0xba, 0x387: 0xba,
+	0x388: 0xba, 0x389: 0xba, 0x38a: 0xba, 0x38b: 0xba, 0x38c: 0xba, 0x38d: 0xba, 0x38e: 0xba, 0x38f: 0xba,
+	0x390: 0xba, 0x391: 0xba, 0x392: 0xba, 0x393: 0xba, 0x394: 0xba, 0x395: 0xba, 0x396: 0xba, 0x397: 0xba,
+	0x398: 0xba, 0x399: 0xba, 0x39a: 0xba, 0x39b: 0xba, 0x39c: 0xba, 0x39d: 0xba, 0x39e: 0xba, 0x39f: 0xba,
+	0x3a0: 0xba, 0x3a1: 0xba, 0x3a2: 0xba, 0x3a3: 0xba, 0x3a4: 0xfc, 0x3a5: 0xfd, 0x3a6: 0xfe, 0x3a7: 0xff,
+	0x3a8: 0x46, 0x3a9: 0x100, 0x3aa: 0x101, 0x3ab: 0x47, 0x3ac: 0x48, 0x3ad: 0x49, 0x3ae: 0x4a, 0x3af: 0x4b,
+	0x3b0: 0x102, 0x3b1: 0x4c, 0x3b2: 0x4d, 0x3b3: 0x4e, 0x3b4: 0x4f, 0x3b5: 0x50, 0x3b6: 0x103, 0x3b7: 0x51,
+	0x3b8: 0x52, 0x3b9: 0x53, 0x3ba: 0x54, 0x3bb: 0x55, 0x3bc: 0x56, 0x3bd: 0x57, 0x3be: 0x58, 0x3bf: 0x59,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x104, 0x3c1: 0x105, 0x3c2: 0x9f, 0x3c3: 0x106, 0x3c4: 0x107, 0x3c5: 0x9b, 0x3c6: 0x108, 0x3c7: 0x109,
+	0x3c8: 0xba, 0x3c9: 0xba, 0x3ca: 0x10a, 0x3cb: 0x10b, 0x3cc: 0x10c, 0x3cd: 0x10d, 0x3ce: 0x10e, 0x3cf: 0x10f,
+	0x3d0: 0x110, 0x3d1: 0x9f, 0x3d2: 0x111, 0x3d3: 0x112, 0x3d4: 0x113, 0x3d5: 0x114, 0x3d6: 0xba, 0x3d7: 0xba,
+	0x3d8: 0x9f, 0x3d9: 0x9f, 0x3da: 0x9f, 0x3db: 0x9f, 0x3dc: 0x115, 0x3dd: 0x116, 0x3de: 0xba, 0x3df: 0xba,
+	0x3e0: 0x117, 0x3e1: 0x118, 0x3e2: 0x119, 0x3e3: 0x11a, 0x3e4: 0x11b, 0x3e5: 0xba, 0x3e6: 0x11c, 0x3e7: 0x11d,
+	0x3e8: 0x11e, 0x3e9: 0x11f, 0x3ea: 0x120, 0x3eb: 0x5a, 0x3ec: 0x121, 0x3ed: 0x122, 0x3ee: 0x5b, 0x3ef: 0xba,
+	0x3f0: 0x123, 0x3f1: 0x124, 0x3f2: 0x125, 0x3f3: 0x126, 0x3f4: 0xba, 0x3f5: 0xba, 0x3f6: 0xba, 0x3f7: 0xba,
+	0x3f8: 0xba, 0x3f9: 0x127, 0x3fa: 0xba, 0x3fb: 0xba, 0x3fc: 0xba, 0x3fd: 0xba, 0x3fe: 0xba, 0x3ff: 0xba,
+	// Block 0x10, offset 0x400
+	0x400: 0x128, 0x401: 0x129, 0x402: 0x12a, 0x403: 0x12b, 0x404: 0x12c, 0x405: 0x12d, 0x406: 0x12e, 0x407: 0x12f,
+	0x408: 0x130, 0x409: 0xba, 0x40a: 0x131, 0x40b: 0x132, 0x40c: 0x5c, 0x40d: 0x5d, 0x40e: 0xba, 0x40f: 0xba,
+	0x410: 0x133, 0x411: 0x134, 0x412: 0x135, 0x413: 0x136, 0x414: 0xba, 0x415: 0xba, 0x416: 0x137, 0x417: 0x138,
+	0x418: 0x139, 0x419: 0x13a, 0x41a: 0x13b, 0x41b: 0x13c, 0x41c: 0x13d, 0x41d: 0xba, 0x41e: 0xba, 0x41f: 0xba,
+	0x420: 0xba, 0x421: 0xba, 0x422: 0x13e, 0x423: 0x13f, 0x424: 0xba, 0x425: 0xba, 0x426: 0xba, 0x427: 0xba,
+	0x428: 0xba, 0x429: 0xba, 0x42a: 0xba, 0x42b: 0x140, 0x42c: 0xba, 0x42d: 0xba, 0x42e: 0xba, 0x42f: 0xba,
+	0x430: 0x141, 0x431: 0x142, 0x432: 0x143, 0x433: 0xba, 0x434: 0xba, 0x435: 0xba, 0x436: 0xba, 0x437: 0xba,
+	0x438: 0xba, 0x439: 0xba, 0x43a: 0xba, 0x43b: 0xba, 0x43c: 0xba, 0x43d: 0xba, 0x43e: 0xba, 0x43f: 0xba,
+	// Block 0x11, offset 0x440
+	0x440: 0x9f, 0x441: 0x9f, 0x442: 0x9f, 0x443: 0x9f, 0x444: 0x9f, 0x445: 0x9f, 0x446: 0x9f, 0x447: 0x9f,
+	0x448: 0x9f, 0x449: 0x9f, 0x44a: 0x9f, 0x44b: 0x9f, 0x44c: 0x9f, 0x44d: 0x9f, 0x44e: 0x144, 0x44f: 0xba,
+	0x450: 0x9b, 0x451: 0x145, 0x452: 0x9f, 0x453: 0x9f, 0x454: 0x9f, 0x455: 0x146, 0x456: 0xba, 0x457: 0xba,
+	0x458: 0xba, 0x459: 0xba, 0x45a: 0xba, 0x45b: 0xba, 0x45c: 0xba, 0x45d: 0xba, 0x45e: 0xba, 0x45f: 0xba,
+	0x460: 0xba, 0x461: 0xba, 0x462: 0xba, 0x463: 0xba, 0x464: 0xba, 0x465: 0xba, 0x466: 0xba, 0x467: 0xba,
+	0x468: 0xba, 0x469: 0xba, 0x46a: 0xba, 0x46b: 0xba, 0x46c: 0xba, 0x46d: 0xba, 0x46e: 0xba, 0x46f: 0xba,
+	0x470: 0xba, 0x471: 0xba, 0x472: 0xba, 0x473: 0xba, 0x474: 0xba, 0x475: 0xba, 0x476: 0xba, 0x477: 0xba,
+	0x478: 0xba, 0x479: 0xba, 0x47a: 0xba, 0x47b: 0xba, 0x47c: 0xba, 0x47d: 0xba, 0x47e: 0xba, 0x47f: 0xba,
+	// Block 0x12, offset 0x480
+	0x480: 0x9f, 0x481: 0x9f, 0x482: 0x9f, 0x483: 0x9f, 0x484: 0x9f, 0x485: 0x9f, 0x486: 0x9f, 0x487: 0x9f,
+	0x488: 0x9f, 0x489: 0x9f, 0x48a: 0x9f, 0x48b: 0x9f, 0x48c: 0x9f, 0x48d: 0x9f, 0x48e: 0x9f, 0x48f: 0x9f,
+	0x490: 0x147, 0x491: 0xba, 0x492: 0xba, 0x493: 0xba, 0x494: 0xba, 0x495: 0xba, 0x496: 0xba, 0x497: 0xba,
+	0x498: 0xba, 0x499: 0xba, 0x49a: 0xba, 0x49b: 0xba, 0x49c: 0xba, 0x49d: 0xba, 0x49e: 0xba, 0x49f: 0xba,
+	0x4a0: 0xba, 0x4a1: 0xba, 0x4a2: 0xba, 0x4a3: 0xba, 0x4a4: 0xba, 0x4a5: 0xba, 0x4a6: 0xba, 0x4a7: 0xba,
+	0x4a8: 0xba, 0x4a9: 0xba, 0x4aa: 0xba, 0x4ab: 0xba, 0x4ac: 0xba, 0x4ad: 0xba, 0x4ae: 0xba, 0x4af: 0xba,
+	0x4b0: 0xba, 0x4b1: 0xba, 0x4b2: 0xba, 0x4b3: 0xba, 0x4b4: 0xba, 0x4b5: 0xba, 0x4b6: 0xba, 0x4b7: 0xba,
+	0x4b8: 0xba, 0x4b9: 0xba, 0x4ba: 0xba, 0x4bb: 0xba, 0x4bc: 0xba, 0x4bd: 0xba, 0x4be: 0xba, 0x4bf: 0xba,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0xba, 0x4c1: 0xba, 0x4c2: 0xba, 0x4c3: 0xba, 0x4c4: 0xba, 0x4c5: 0xba, 0x4c6: 0xba, 0x4c7: 0xba,
+	0x4c8: 0xba, 0x4c9: 0xba, 0x4ca: 0xba, 0x4cb: 0xba, 0x4cc: 0xba, 0x4cd: 0xba, 0x4ce: 0xba, 0x4cf: 0xba,
+	0x4d0: 0x9f, 0x4d1: 0x9f, 0x4d2: 0x9f, 0x4d3: 0x9f, 0x4d4: 0x9f, 0x4d5: 0x9f, 0x4d6: 0x9f, 0x4d7: 0x9f,
+	0x4d8: 0x9f, 0x4d9: 0x148, 0x4da: 0xba, 0x4db: 0xba, 0x4dc: 0xba, 0x4dd: 0xba, 0x4de: 0xba, 0x4df: 0xba,
+	0x4e0: 0xba, 0x4e1: 0xba, 0x4e2: 0xba, 0x4e3: 0xba, 0x4e4: 0xba, 0x4e5: 0xba, 0x4e6: 0xba, 0x4e7: 0xba,
+	0x4e8: 0xba, 0x4e9: 0xba, 0x4ea: 0xba, 0x4eb: 0xba, 0x4ec: 0xba, 0x4ed: 0xba, 0x4ee: 0xba, 0x4ef: 0xba,
+	0x4f0: 0xba, 0x4f1: 0xba, 0x4f2: 0xba, 0x4f3: 0xba, 0x4f4: 0xba, 0x4f5: 0xba, 0x4f6: 0xba, 0x4f7: 0xba,
+	0x4f8: 0xba, 0x4f9: 0xba, 0x4fa: 0xba, 0x4fb: 0xba, 0x4fc: 0xba, 0x4fd: 0xba, 0x4fe: 0xba, 0x4ff: 0xba,
+	// Block 0x14, offset 0x500
+	0x500: 0xba, 0x501: 0xba, 0x502: 0xba, 0x503: 0xba, 0x504: 0xba, 0x505: 0xba, 0x506: 0xba, 0x507: 0xba,
+	0x508: 0xba, 0x509: 0xba, 0x50a: 0xba, 0x50b: 0xba, 0x50c: 0xba, 0x50d: 0xba, 0x50e: 0xba, 0x50f: 0xba,
+	0x510: 0xba, 0x511: 0xba, 0x512: 0xba, 0x513: 0xba, 0x514: 0xba, 0x515: 0xba, 0x516: 0xba, 0x517: 0xba,
+	0x518: 0xba, 0x519: 0xba, 0x51a: 0xba, 0x51b: 0xba, 0x51c: 0xba, 0x51d: 0xba, 0x51e: 0xba, 0x51f: 0xba,
+	0x520: 0x9f, 0x521: 0x9f, 0x522: 0x9f, 0x523: 0x9f, 0x524: 0x9f, 0x525: 0x9f, 0x526: 0x9f, 0x527: 0x9f,
+	0x528: 0x140, 0x529: 0x149, 0x52a: 0xba, 0x52b: 0x14a, 0x52c: 0x14b, 0x52d: 0x14c, 0x52e: 0x14d, 0x52f: 0xba,
+	0x530: 0xba, 0x531: 0xba, 0x532: 0xba, 0x533: 0xba, 0x534: 0xba, 0x535: 0xba, 0x536: 0xba, 0x537: 0xba,
+	0x538: 0xba, 0x539: 0xba, 0x53a: 0xba, 0x53b: 0xba, 0x53c: 0x9f, 0x53d: 0x14e, 0x53e: 0x14f, 0x53f: 0x150,
+	// Block 0x15, offset 0x540
+	0x540: 0x9f, 0x541: 0x9f, 0x542: 0x9f, 0x543: 0x9f, 0x544: 0x9f, 0x545: 0x9f, 0x546: 0x9f, 0x547: 0x9f,
+	0x548: 0x9f, 0x549: 0x9f, 0x54a: 0x9f, 0x54b: 0x9f, 0x54c: 0x9f, 0x54d: 0x9f, 0x54e: 0x9f, 0x54f: 0x9f,
+	0x550: 0x9f, 0x551: 0x9f, 0x552: 0x9f, 0x553: 0x9f, 0x554: 0x9f, 0x555: 0x9f, 0x556: 0x9f, 0x557: 0x9f,
+	0x558: 0x9f, 0x559: 0x9f, 0x55a: 0x9f, 0x55b: 0x9f, 0x55c: 0x9f, 0x55d: 0x9f, 0x55e: 0x9f, 0x55f: 0x151,
+	0x560: 0x9f, 0x561: 0x9f, 0x562: 0x9f, 0x563: 0x9f, 0x564: 0x9f, 0x565: 0x9f, 0x566: 0x9f, 0x567: 0x9f,
+	0x568: 0x9f, 0x569: 0x9f, 0x56a: 0x9f, 0x56b: 0x152, 0x56c: 0xba, 0x56d: 0xba, 0x56e: 0xba, 0x56f: 0xba,
+	0x570: 0xba, 0x571: 0xba, 0x572: 0xba, 0x573: 0xba, 0x574: 0xba, 0x575: 0xba, 0x576: 0xba, 0x577: 0xba,
+	0x578: 0xba, 0x579: 0xba, 0x57a: 0xba, 0x57b: 0xba, 0x57c: 0xba, 0x57d: 0xba, 0x57e: 0xba, 0x57f: 0xba,
+	// Block 0x16, offset 0x580
+	0x580: 0x153, 0x581: 0xba, 0x582: 0xba, 0x583: 0xba, 0x584: 0xba, 0x585: 0xba, 0x586: 0xba, 0x587: 0xba,
+	0x588: 0xba, 0x589: 0xba, 0x58a: 0xba, 0x58b: 0xba, 0x58c: 0xba, 0x58d: 0xba, 0x58e: 0xba, 0x58f: 0xba,
+	0x590: 0xba, 0x591: 0xba, 0x592: 0xba, 0x593: 0xba, 0x594: 0xba, 0x595: 0xba, 0x596: 0xba, 0x597: 0xba,
+	0x598: 0xba, 0x599: 0xba, 0x59a: 0xba, 0x59b: 0xba, 0x59c: 0xba, 0x59d: 0xba, 0x59e: 0xba, 0x59f: 0xba,
+	0x5a0: 0xba, 0x5a1: 0xba, 0x5a2: 0xba, 0x5a3: 0xba, 0x5a4: 0xba, 0x5a5: 0xba, 0x5a6: 0xba, 0x5a7: 0xba,
+	0x5a8: 0xba, 0x5a9: 0xba, 0x5aa: 0xba, 0x5ab: 0xba, 0x5ac: 0xba, 0x5ad: 0xba, 0x5ae: 0xba, 0x5af: 0xba,
+	0x5b0: 0x9f, 0x5b1: 0x154, 0x5b2: 0x155, 0x5b3: 0xba, 0x5b4: 0xba, 0x5b5: 0xba, 0x5b6: 0xba, 0x5b7: 0xba,
+	0x5b8: 0xba, 0x5b9: 0xba, 0x5ba: 0xba, 0x5bb: 0xba, 0x5bc: 0xba, 0x5bd: 0xba, 0x5be: 0xba, 0x5bf: 0xba,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x9b, 0x5c1: 0x9b, 0x5c2: 0x9b, 0x5c3: 0x156, 0x5c4: 0x157, 0x5c5: 0x158, 0x5c6: 0x159, 0x5c7: 0x15a,
+	0x5c8: 0x9b, 0x5c9: 0x15b, 0x5ca: 0xba, 0x5cb: 0xba, 0x5cc: 0x9b, 0x5cd: 0x15c, 0x5ce: 0xba, 0x5cf: 0xba,
+	0x5d0: 0x5e, 0x5d1: 0x5f, 0x5d2: 0x60, 0x5d3: 0x61, 0x5d4: 0x62, 0x5d5: 0x63, 0x5d6: 0x64, 0x5d7: 0x65,
+	0x5d8: 0x66, 0x5d9: 0x67, 0x5da: 0x68, 0x5db: 0x69, 0x5dc: 0x6a, 0x5dd: 0x6b, 0x5de: 0x6c, 0x5df: 0x6d,
+	0x5e0: 0x9b, 0x5e1: 0x9b, 0x5e2: 0x9b, 0x5e3: 0x9b, 0x5e4: 0x9b, 0x5e5: 0x9b, 0x5e6: 0x9b, 0x5e7: 0x9b,
+	0x5e8: 0x15d, 0x5e9: 0x15e, 0x5ea: 0x15f, 0x5eb: 0xba, 0x5ec: 0xba, 0x5ed: 0xba, 0x5ee: 0xba, 0x5ef: 0xba,
+	0x5f0: 0xba, 0x5f1: 0xba, 0x5f2: 0xba, 0x5f3: 0xba, 0x5f4: 0xba, 0x5f5: 0xba, 0x5f6: 0xba, 0x5f7: 0xba,
+	0x5f8: 0xba, 0x5f9: 0xba, 0x5fa: 0xba, 0x5fb: 0xba, 0x5fc: 0xba, 0x5fd: 0xba, 0x5fe: 0xba, 0x5ff: 0xba,
+	// Block 0x18, offset 0x600
+	0x600: 0x160, 0x601: 0xba, 0x602: 0xba, 0x603: 0xba, 0x604: 0xba, 0x605: 0xba, 0x606: 0xba, 0x607: 0xba,
+	0x608: 0xba, 0x609: 0xba, 0x60a: 0xba, 0x60b: 0xba, 0x60c: 0xba, 0x60d: 0xba, 0x60e: 0xba, 0x60f: 0xba,
+	0x610: 0xba, 0x611: 0xba, 0x612: 0xba, 0x613: 0xba, 0x614: 0xba, 0x615: 0xba, 0x616: 0xba, 0x617: 0xba,
+	0x618: 0xba, 0x619: 0xba, 0x61a: 0xba, 0x61b: 0xba, 0x61c: 0xba, 0x61d: 0xba, 0x61e: 0xba, 0x61f: 0xba,
+	0x620: 0x123, 0x621: 0x123, 0x622: 0x123, 0x623: 0x161, 0x624: 0x6e, 0x625: 0x162, 0x626: 0xba, 0x627: 0xba,
+	0x628: 0xba, 0x629: 0xba, 0x62a: 0xba, 0x62b: 0xba, 0x62c: 0xba, 0x62d: 0xba, 0x62e: 0xba, 0x62f: 0xba,
+	0x630: 0xba, 0x631: 0xba, 0x632: 0xba, 0x633: 0xba, 0x634: 0xba, 0x635: 0xba, 0x636: 0xba, 0x637: 0xba,
+	0x638: 0x6f, 0x639: 0x70, 0x63a: 0x71, 0x63b: 0x163, 0x63c: 0xba, 0x63d: 0xba, 0x63e: 0xba, 0x63f: 0xba,
+	// Block 0x19, offset 0x640
+	0x640: 0x164, 0x641: 0x9b, 0x642: 0x165, 0x643: 0x166, 0x644: 0x72, 0x645: 0x73, 0x646: 0x167, 0x647: 0x168,
+	0x648: 0x74, 0x649: 0x169, 0x64a: 0xba, 0x64b: 0xba, 0x64c: 0x9b, 0x64d: 0x9b, 0x64e: 0x9b, 0x64f: 0x9b,
+	0x650: 0x9b, 0x651: 0x9b, 0x652: 0x9b, 0x653: 0x9b, 0x654: 0x9b, 0x655: 0x9b, 0x656: 0x9b, 0x657: 0x9b,
+	0x658: 0x9b, 0x659: 0x9b, 0x65a: 0x9b, 0x65b: 0x16a, 0x65c: 0x9b, 0x65d: 0x16b, 0x65e: 0x9b, 0x65f: 0x16c,
+	0x660: 0x16d, 0x661: 0x16e, 0x662: 0x16f, 0x663: 0xba, 0x664: 0x170, 0x665: 0x171, 0x666: 0x172, 0x667: 0x173,
+	0x668: 0xba, 0x669: 0xba, 0x66a: 0xba, 0x66b: 0xba, 0x66c: 0xba, 0x66d: 0xba, 0x66e: 0xba, 0x66f: 0xba,
+	0x670: 0xba, 0x671: 0xba, 0x672: 0xba, 0x673: 0xba, 0x674: 0xba, 0x675: 0xba, 0x676: 0xba, 0x677: 0xba,
+	0x678: 0xba, 0x679: 0xba, 0x67a: 0xba, 0x67b: 0xba, 0x67c: 0xba, 0x67d: 0xba, 0x67e: 0xba, 0x67f: 0xba,
+	// Block 0x1a, offset 0x680
+	0x680: 0x9f, 0x681: 0x9f, 0x682: 0x9f, 0x683: 0x9f, 0x684: 0x9f, 0x685: 0x9f, 0x686: 0x9f, 0x687: 0x9f,
+	0x688: 0x9f, 0x689: 0x9f, 0x68a: 0x9f, 0x68b: 0x9f, 0x68c: 0x9f, 0x68d: 0x9f, 0x68e: 0x9f, 0x68f: 0x9f,
+	0x690: 0x9f, 0x691: 0x9f, 0x692: 0x9f, 0x693: 0x9f, 0x694: 0x9f, 0x695: 0x9f, 0x696: 0x9f, 0x697: 0x9f,
+	0x698: 0x9f, 0x699: 0x9f, 0x69a: 0x9f, 0x69b: 0x174, 0x69c: 0x9f, 0x69d: 0x9f, 0x69e: 0x9f, 0x69f: 0x9f,
+	0x6a0: 0x9f, 0x6a1: 0x9f, 0x6a2: 0x9f, 0x6a3: 0x9f, 0x6a4: 0x9f, 0x6a5: 0x9f, 0x6a6: 0x9f, 0x6a7: 0x9f,
+	0x6a8: 0x9f, 0x6a9: 0x9f, 0x6aa: 0x9f, 0x6ab: 0x9f, 0x6ac: 0x9f, 0x6ad: 0x9f, 0x6ae: 0x9f, 0x6af: 0x9f,
+	0x6b0: 0x9f, 0x6b1: 0x9f, 0x6b2: 0x9f, 0x6b3: 0x9f, 0x6b4: 0x9f, 0x6b5: 0x9f, 0x6b6: 0x9f, 0x6b7: 0x9f,
+	0x6b8: 0x9f, 0x6b9: 0x9f, 0x6ba: 0x9f, 0x6bb: 0x9f, 0x6bc: 0x9f, 0x6bd: 0x9f, 0x6be: 0x9f, 0x6bf: 0x9f,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x9f, 0x6c1: 0x9f, 0x6c2: 0x9f, 0x6c3: 0x9f, 0x6c4: 0x9f, 0x6c5: 0x9f, 0x6c6: 0x9f, 0x6c7: 0x9f,
+	0x6c8: 0x9f, 0x6c9: 0x9f, 0x6ca: 0x9f, 0x6cb: 0x9f, 0x6cc: 0x9f, 0x6cd: 0x9f, 0x6ce: 0x9f, 0x6cf: 0x9f,
+	0x6d0: 0x9f, 0x6d1: 0x9f, 0x6d2: 0x9f, 0x6d3: 0x9f, 0x6d4: 0x9f, 0x6d5: 0x9f, 0x6d6: 0x9f, 0x6d7: 0x9f,
+	0x6d8: 0x9f, 0x6d9: 0x9f, 0x6da: 0x9f, 0x6db: 0x9f, 0x6dc: 0x175, 0x6dd: 0x9f, 0x6de: 0x9f, 0x6df: 0x9f,
+	0x6e0: 0x176, 0x6e1: 0x9f, 0x6e2: 0x9f, 0x6e3: 0x9f, 0x6e4: 0x9f, 0x6e5: 0x9f, 0x6e6: 0x9f, 0x6e7: 0x9f,
+	0x6e8: 0x9f, 0x6e9: 0x9f, 0x6ea: 0x9f, 0x6eb: 0x9f, 0x6ec: 0x9f, 0x6ed: 0x9f, 0x6ee: 0x9f, 0x6ef: 0x9f,
+	0x6f0: 0x9f, 0x6f1: 0x9f, 0x6f2: 0x9f, 0x6f3: 0x9f, 0x6f4: 0x9f, 0x6f5: 0x9f, 0x6f6: 0x9f, 0x6f7: 0x9f,
+	0x6f8: 0x9f, 0x6f9: 0x9f, 0x6fa: 0x9f, 0x6fb: 0x9f, 0x6fc: 0x9f, 0x6fd: 0x9f, 0x6fe: 0x9f, 0x6ff: 0x9f,
+	// Block 0x1c, offset 0x700
+	0x700: 0x9f, 0x701: 0x9f, 0x702: 0x9f, 0x703: 0x9f, 0x704: 0x9f, 0x705: 0x9f, 0x706: 0x9f, 0x707: 0x9f,
+	0x708: 0x9f, 0x709: 0x9f, 0x70a: 0x9f, 0x70b: 0x9f, 0x70c: 0x9f, 0x70d: 0x9f, 0x70e: 0x9f, 0x70f: 0x9f,
+	0x710: 0x9f, 0x711: 0x9f, 0x712: 0x9f, 0x713: 0x9f, 0x714: 0x9f, 0x715: 0x9f, 0x716: 0x9f, 0x717: 0x9f,
+	0x718: 0x9f, 0x719: 0x9f, 0x71a: 0x9f, 0x71b: 0x9f, 0x71c: 0x9f, 0x71d: 0x9f, 0x71e: 0x9f, 0x71f: 0x9f,
+	0x720: 0x9f, 0x721: 0x9f, 0x722: 0x9f, 0x723: 0x9f, 0x724: 0x9f, 0x725: 0x9f, 0x726: 0x9f, 0x727: 0x9f,
+	0x728: 0x9f, 0x729: 0x9f, 0x72a: 0x9f, 0x72b: 0x9f, 0x72c: 0x9f, 0x72d: 0x9f, 0x72e: 0x9f, 0x72f: 0x9f,
+	0x730: 0x9f, 0x731: 0x9f, 0x732: 0x9f, 0x733: 0x9f, 0x734: 0x9f, 0x735: 0x9f, 0x736: 0x9f, 0x737: 0x9f,
+	0x738: 0x9f, 0x739: 0x9f, 0x73a: 0x177, 0x73b: 0xba, 0x73c: 0xba, 0x73d: 0xba, 0x73e: 0xba, 0x73f: 0xba,
+	// Block 0x1d, offset 0x740
+	0x740: 0xba, 0x741: 0xba, 0x742: 0xba, 0x743: 0xba, 0x744: 0xba, 0x745: 0xba, 0x746: 0xba, 0x747: 0xba,
+	0x748: 0xba, 0x749: 0xba, 0x74a: 0xba, 0x74b: 0xba, 0x74c: 0xba, 0x74d: 0xba, 0x74e: 0xba, 0x74f: 0xba,
+	0x750: 0xba, 0x751: 0xba, 0x752: 0xba, 0x753: 0xba, 0x754: 0xba, 0x755: 0xba, 0x756: 0xba, 0x757: 0xba,
+	0x758: 0xba, 0x759: 0xba, 0x75a: 0xba, 0x75b: 0xba, 0x75c: 0xba, 0x75d: 0xba, 0x75e: 0xba, 0x75f: 0xba,
+	0x760: 0x75, 0x761: 0x76, 0x762: 0x77, 0x763: 0x178, 0x764: 0x78, 0x765: 0x79, 0x766: 0x179, 0x767: 0x7a,
+	0x768: 0x7b, 0x769: 0xba, 0x76a: 0xba, 0x76b: 0xba, 0x76c: 0xba, 0x76d: 0xba, 0x76e: 0xba, 0x76f: 0xba,
+	0x770: 0xba, 0x771: 0xba, 0x772: 0xba, 0x773: 0xba, 0x774: 0xba, 0x775: 0xba, 0x776: 0xba, 0x777: 0xba,
+	0x778: 0xba, 0x779: 0xba, 0x77a: 0xba, 0x77b: 0xba, 0x77c: 0xba, 0x77d: 0xba, 0x77e: 0xba, 0x77f: 0xba,
+	// Block 0x1e, offset 0x780
+	0x790: 0x0d, 0x791: 0x0e, 0x792: 0x0f, 0x793: 0x10, 0x794: 0x11, 0x795: 0x0b, 0x796: 0x12, 0x797: 0x07,
+	0x798: 0x13, 0x799: 0x0b, 0x79a: 0x0b, 0x79b: 0x14, 0x79c: 0x0b, 0x79d: 0x15, 0x79e: 0x16, 0x79f: 0x17,
+	0x7a0: 0x07, 0x7a1: 0x07, 0x7a2: 0x07, 0x7a3: 0x07, 0x7a4: 0x07, 0x7a5: 0x07, 0x7a6: 0x07, 0x7a7: 0x07,
+	0x7a8: 0x07, 0x7a9: 0x07, 0x7aa: 0x18, 0x7ab: 0x19, 0x7ac: 0x1a, 0x7ad: 0x0b, 0x7ae: 0x0b, 0x7af: 0x1b,
+	0x7b0: 0x0b, 0x7b1: 0x0b, 0x7b2: 0x0b, 0x7b3: 0x0b, 0x7b4: 0x0b, 0x7b5: 0x0b, 0x7b6: 0x0b, 0x7b7: 0x0b,
+	0x7b8: 0x0b, 0x7b9: 0x0b, 0x7ba: 0x0b, 0x7bb: 0x0b, 0x7bc: 0x0b, 0x7bd: 0x0b, 0x7be: 0x0b, 0x7bf: 0x0b,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0x0b, 0x7c1: 0x0b, 0x7c2: 0x0b, 0x7c3: 0x0b, 0x7c4: 0x0b, 0x7c5: 0x0b, 0x7c6: 0x0b, 0x7c7: 0x0b,
+	0x7c8: 0x0b, 0x7c9: 0x0b, 0x7ca: 0x0b, 0x7cb: 0x0b, 0x7cc: 0x0b, 0x7cd: 0x0b, 0x7ce: 0x0b, 0x7cf: 0x0b,
+	0x7d0: 0x0b, 0x7d1: 0x0b, 0x7d2: 0x0b, 0x7d3: 0x0b, 0x7d4: 0x0b, 0x7d5: 0x0b, 0x7d6: 0x0b, 0x7d7: 0x0b,
+	0x7d8: 0x0b, 0x7d9: 0x0b, 0x7da: 0x0b, 0x7db: 0x0b, 0x7dc: 0x0b, 0x7dd: 0x0b, 0x7de: 0x0b, 0x7df: 0x0b,
+	0x7e0: 0x0b, 0x7e1: 0x0b, 0x7e2: 0x0b, 0x7e3: 0x0b, 0x7e4: 0x0b, 0x7e5: 0x0b, 0x7e6: 0x0b, 0x7e7: 0x0b,
+	0x7e8: 0x0b, 0x7e9: 0x0b, 0x7ea: 0x0b, 0x7eb: 0x0b, 0x7ec: 0x0b, 0x7ed: 0x0b, 0x7ee: 0x0b, 0x7ef: 0x0b,
+	0x7f0: 0x0b, 0x7f1: 0x0b, 0x7f2: 0x0b, 0x7f3: 0x0b, 0x7f4: 0x0b, 0x7f5: 0x0b, 0x7f6: 0x0b, 0x7f7: 0x0b,
+	0x7f8: 0x0b, 0x7f9: 0x0b, 0x7fa: 0x0b, 0x7fb: 0x0b, 0x7fc: 0x0b, 0x7fd: 0x0b, 0x7fe: 0x0b, 0x7ff: 0x0b,
+	// Block 0x20, offset 0x800
+	0x800: 0x17a, 0x801: 0x17b, 0x802: 0xba, 0x803: 0xba, 0x804: 0x17c, 0x805: 0x17c, 0x806: 0x17c, 0x807: 0x17d,
+	0x808: 0xba, 0x809: 0xba, 0x80a: 0xba, 0x80b: 0xba, 0x80c: 0xba, 0x80d: 0xba, 0x80e: 0xba, 0x80f: 0xba,
+	0x810: 0xba, 0x811: 0xba, 0x812: 0xba, 0x813: 0xba, 0x814: 0xba, 0x815: 0xba, 0x816: 0xba, 0x817: 0xba,
+	0x818: 0xba, 0x819: 0xba, 0x81a: 0xba, 0x81b: 0xba, 0x81c: 0xba, 0x81d: 0xba, 0x81e: 0xba, 0x81f: 0xba,
+	0x820: 0xba, 0x821: 0xba, 0x822: 0xba, 0x823: 0xba, 0x824: 0xba, 0x825: 0xba, 0x826: 0xba, 0x827: 0xba,
+	0x828: 0xba, 0x829: 0xba, 0x82a: 0xba, 0x82b: 0xba, 0x82c: 0xba, 0x82d: 0xba, 0x82e: 0xba, 0x82f: 0xba,
+	0x830: 0xba, 0x831: 0xba, 0x832: 0xba, 0x833: 0xba, 0x834: 0xba, 0x835: 0xba, 0x836: 0xba, 0x837: 0xba,
+	0x838: 0xba, 0x839: 0xba, 0x83a: 0xba, 0x83b: 0xba, 0x83c: 0xba, 0x83d: 0xba, 0x83e: 0xba, 0x83f: 0xba,
+	// Block 0x21, offset 0x840
+	0x840: 0x0b, 0x841: 0x0b, 0x842: 0x0b, 0x843: 0x0b, 0x844: 0x0b, 0x845: 0x0b, 0x846: 0x0b, 0x847: 0x0b,
+	0x848: 0x0b, 0x849: 0x0b, 0x84a: 0x0b, 0x84b: 0x0b, 0x84c: 0x0b, 0x84d: 0x0b, 0x84e: 0x0b, 0x84f: 0x0b,
+	0x850: 0x0b, 0x851: 0x0b, 0x852: 0x0b, 0x853: 0x0b, 0x854: 0x0b, 0x855: 0x0b, 0x856: 0x0b, 0x857: 0x0b,
+	0x858: 0x0b, 0x859: 0x0b, 0x85a: 0x0b, 0x85b: 0x0b, 0x85c: 0x0b, 0x85d: 0x0b, 0x85e: 0x0b, 0x85f: 0x0b,
+	0x860: 0x1e, 0x861: 0x0b, 0x862: 0x0b, 0x863: 0x0b, 0x864: 0x0b, 0x865: 0x0b, 0x866: 0x0b, 0x867: 0x0b,
+	0x868: 0x0b, 0x869: 0x0b, 0x86a: 0x0b, 0x86b: 0x0b, 0x86c: 0x0b, 0x86d: 0x0b, 0x86e: 0x0b, 0x86f: 0x0b,
+	0x870: 0x0b, 0x871: 0x0b, 0x872: 0x0b, 0x873: 0x0b, 0x874: 0x0b, 0x875: 0x0b, 0x876: 0x0b, 0x877: 0x0b,
+	0x878: 0x0b, 0x879: 0x0b, 0x87a: 0x0b, 0x87b: 0x0b, 0x87c: 0x0b, 0x87d: 0x0b, 0x87e: 0x0b, 0x87f: 0x0b,
+	// Block 0x22, offset 0x880
+	0x880: 0x0b, 0x881: 0x0b, 0x882: 0x0b, 0x883: 0x0b, 0x884: 0x0b, 0x885: 0x0b, 0x886: 0x0b, 0x887: 0x0b,
+	0x888: 0x0b, 0x889: 0x0b, 0x88a: 0x0b, 0x88b: 0x0b, 0x88c: 0x0b, 0x88d: 0x0b, 0x88e: 0x0b, 0x88f: 0x0b,
+}
+
+// idnaSparseOffset: 258 entries, 516 bytes
+var idnaSparseOffset = []uint16{0x0, 0x8, 0x19, 0x25, 0x27, 0x2c, 0x34, 0x3f, 0x4b, 0x4f, 0x5e, 0x63, 0x6b, 0x77, 0x85, 0x93, 0x98, 0xa1, 0xb1, 0xbf, 0xcc, 0xd8, 0xe9, 0xf3, 0xfa, 0x107, 0x118, 0x11f, 0x12a, 0x139, 0x147, 0x151, 0x153, 0x158, 0x15b, 0x15e, 0x160, 0x16c, 0x177, 0x17f, 0x185, 0x18b, 0x190, 0x195, 0x198, 0x19c, 0x1a2, 0x1a7, 0x1b3, 0x1bd, 0x1c3, 0x1d4, 0x1de, 0x1e1, 0x1e9, 0x1ec, 0x1f9, 0x201, 0x205, 0x20c, 0x214, 0x224, 0x230, 0x232, 0x23c, 0x248, 0x254, 0x260, 0x268, 0x26d, 0x277, 0x288, 0x28c, 0x297, 0x29b, 0x2a4, 0x2ac, 0x2b2, 0x2b7, 0x2ba, 0x2bd, 0x2c1, 0x2c7, 0x2cb, 0x2cf, 0x2d5, 0x2dc, 0x2e2, 0x2ea, 0x2f1, 0x2fc, 0x306, 0x30a, 0x30d, 0x313, 0x317, 0x319, 0x31c, 0x31e, 0x321, 0x32b, 0x32e, 0x33d, 0x341, 0x346, 0x349, 0x34d, 0x352, 0x357, 0x35d, 0x363, 0x372, 0x378, 0x37c, 0x38b, 0x390, 0x398, 0x3a2, 0x3ad, 0x3b5, 0x3c6, 0x3cf, 0x3df, 0x3ec, 0x3f6, 0x3fb, 0x408, 0x40c, 0x411, 0x413, 0x417, 0x419, 0x41d, 0x426, 0x42c, 0x430, 0x440, 0x44a, 0x44f, 0x452, 0x458, 0x45f, 0x464, 0x468, 0x46e, 0x473, 0x47c, 0x481, 0x487, 0x48e, 0x495, 0x49c, 0x4a0, 0x4a5, 0x4a8, 0x4ad, 0x4b9, 0x4bf, 0x4c4, 0x4cb, 0x4d3, 0x4d8, 0x4dc, 0x4ec, 0x4f3, 0x4f7, 0x4fb, 0x502, 0x504, 0x507, 0x50a, 0x50e, 0x512, 0x518, 0x521, 0x52d, 0x534, 0x53d, 0x545, 0x54c, 0x55a, 0x567, 0x574, 0x57d, 0x581, 0x58f, 0x597, 0x5a2, 0x5ab, 0x5b1, 0x5b9, 0x5c2, 0x5cc, 0x5cf, 0x5db, 0x5de, 0x5e3, 0x5e6, 0x5f0, 0x5f9, 0x605, 0x608, 0x60d, 0x610, 0x613, 0x616, 0x61d, 0x624, 0x628, 0x633, 0x636, 0x63c, 0x641, 0x645, 0x648, 0x64b, 0x64e, 0x653, 0x65d, 0x660, 0x664, 0x673, 0x67f, 0x683, 0x688, 0x68d, 0x691, 0x696, 0x69f, 0x6aa, 0x6b0, 0x6b8, 0x6bc, 0x6c0, 0x6c6, 0x6cc, 0x6d1, 0x6d4, 0x6e2, 0x6e9, 0x6ec, 0x6ef, 0x6f3, 0x6f9, 0x6fe, 0x708, 0x70d, 0x710, 0x713, 0x716, 0x719, 0x71d, 0x720, 0x730, 0x741, 0x746, 0x748, 0x74a}
+
+// idnaSparseValues: 1869 entries, 7476 bytes
+var idnaSparseValues = [1869]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0000, lo: 0x07},
+	{value: 0xe105, lo: 0x80, hi: 0x96},
+	{value: 0x0018, lo: 0x97, hi: 0x97},
+	{value: 0xe105, lo: 0x98, hi: 0x9e},
+	{value: 0x001f, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbf},
+	// Block 0x1, offset 0x8
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0xe01d, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0335, lo: 0x83, hi: 0x83},
+	{value: 0x034d, lo: 0x84, hi: 0x84},
+	{value: 0x0365, lo: 0x85, hi: 0x85},
+	{value: 0xe00d, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0xe00d, lo: 0x88, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x89},
+	{value: 0xe00d, lo: 0x8a, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe00d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0x8d},
+	{value: 0xe00d, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0xbf},
+	// Block 0x2, offset 0x19
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x0249, lo: 0xb0, hi: 0xb0},
+	{value: 0x037d, lo: 0xb1, hi: 0xb1},
+	{value: 0x0259, lo: 0xb2, hi: 0xb2},
+	{value: 0x0269, lo: 0xb3, hi: 0xb3},
+	{value: 0x034d, lo: 0xb4, hi: 0xb4},
+	{value: 0x0395, lo: 0xb5, hi: 0xb5},
+	{value: 0xe1bd, lo: 0xb6, hi: 0xb6},
+	{value: 0x0279, lo: 0xb7, hi: 0xb7},
+	{value: 0x0289, lo: 0xb8, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbf},
+	// Block 0x3, offset 0x25
+	{value: 0x0000, lo: 0x01},
+	{value: 0x3308, lo: 0x80, hi: 0xbf},
+	// Block 0x4, offset 0x27
+	{value: 0x0000, lo: 0x04},
+	{value: 0x03f5, lo: 0x80, hi: 0x8f},
+	{value: 0xe105, lo: 0x90, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x5, offset 0x2c
+	{value: 0x0000, lo: 0x07},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x0545, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x0008, lo: 0x99, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xbf},
+	// Block 0x6, offset 0x34
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0401, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x88},
+	{value: 0x0018, lo: 0x89, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x3308, lo: 0x91, hi: 0xbd},
+	{value: 0x0818, lo: 0xbe, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x7, offset 0x3f
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0818, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x82},
+	{value: 0x0818, lo: 0x83, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x85},
+	{value: 0x0818, lo: 0x86, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0808, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x8, offset 0x4b
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0a08, lo: 0x80, hi: 0x87},
+	{value: 0x0c08, lo: 0x88, hi: 0x99},
+	{value: 0x0a08, lo: 0x9a, hi: 0xbf},
+	// Block 0x9, offset 0x4f
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3308, lo: 0x80, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8c},
+	{value: 0x0c08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0a08, lo: 0x8e, hi: 0x98},
+	{value: 0x0c08, lo: 0x99, hi: 0x9b},
+	{value: 0x0a08, lo: 0x9c, hi: 0xaa},
+	{value: 0x0c08, lo: 0xab, hi: 0xac},
+	{value: 0x0a08, lo: 0xad, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb1},
+	{value: 0x0a08, lo: 0xb2, hi: 0xb2},
+	{value: 0x0c08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0a08, lo: 0xb5, hi: 0xb7},
+	{value: 0x0c08, lo: 0xb8, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbf},
+	// Block 0xa, offset 0x5e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xb0},
+	{value: 0x0808, lo: 0xb1, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xb, offset 0x63
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x89},
+	{value: 0x0a08, lo: 0x8a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0xc, offset 0x6b
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x99},
+	{value: 0x0808, lo: 0x9a, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa3},
+	{value: 0x0808, lo: 0xa4, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa7},
+	{value: 0x0808, lo: 0xa8, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0818, lo: 0xb0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xd, offset 0x77
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0c08, lo: 0x80, hi: 0x80},
+	{value: 0x0a08, lo: 0x81, hi: 0x85},
+	{value: 0x0c08, lo: 0x86, hi: 0x87},
+	{value: 0x0a08, lo: 0x88, hi: 0x88},
+	{value: 0x0c08, lo: 0x89, hi: 0x89},
+	{value: 0x0a08, lo: 0x8a, hi: 0x93},
+	{value: 0x0c08, lo: 0x94, hi: 0x94},
+	{value: 0x0a08, lo: 0x95, hi: 0x95},
+	{value: 0x0808, lo: 0x96, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9d},
+	{value: 0x0818, lo: 0x9e, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xbf},
+	// Block 0xe, offset 0x85
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0a08, lo: 0xa0, hi: 0xa9},
+	{value: 0x0c08, lo: 0xaa, hi: 0xac},
+	{value: 0x0808, lo: 0xad, hi: 0xad},
+	{value: 0x0c08, lo: 0xae, hi: 0xae},
+	{value: 0x0a08, lo: 0xaf, hi: 0xb0},
+	{value: 0x0c08, lo: 0xb1, hi: 0xb2},
+	{value: 0x0a08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0a08, lo: 0xb6, hi: 0xb8},
+	{value: 0x0c08, lo: 0xb9, hi: 0xb9},
+	{value: 0x0a08, lo: 0xba, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0xf, offset 0x93
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0xa1},
+	{value: 0x0840, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xbf},
+	// Block 0x10, offset 0x98
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x11, offset 0xa1
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x85},
+	{value: 0x3008, lo: 0x86, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x3008, lo: 0x8a, hi: 0x8c},
+	{value: 0x3b08, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x12, offset 0xb1
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xa9},
+	{value: 0x0008, lo: 0xaa, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x13, offset 0xbf
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x14, offset 0xcc
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0040, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x15, offset 0xd8
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x89},
+	{value: 0x3b08, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x3008, lo: 0x98, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x16, offset 0xe9
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb2},
+	{value: 0x08f1, lo: 0xb3, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb9},
+	{value: 0x3b08, lo: 0xba, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x0018, lo: 0xbf, hi: 0xbf},
+	// Block 0x17, offset 0xf3
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x8e},
+	{value: 0x0018, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0xbf},
+	// Block 0x18, offset 0xfa
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0961, lo: 0x9c, hi: 0x9c},
+	{value: 0x0999, lo: 0x9d, hi: 0x9d},
+	{value: 0x0008, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x19, offset 0x107
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8a},
+	{value: 0x0008, lo: 0x8b, hi: 0x8b},
+	{value: 0xe03d, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x1a, offset 0x118
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0xbf},
+	// Block 0x1b, offset 0x11f
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x1c, offset 0x12a
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x3008, lo: 0x96, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x3308, lo: 0x9e, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3008, lo: 0xa2, hi: 0xa4},
+	{value: 0x0008, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xbf},
+	// Block 0x1d, offset 0x139
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x8c},
+	{value: 0x3308, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x8e},
+	{value: 0x3008, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x3008, lo: 0x9a, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0x1e, offset 0x147
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x86},
+	{value: 0x055d, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8c},
+	{value: 0x055d, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbb},
+	{value: 0xe105, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0x1f, offset 0x151
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0018, lo: 0x80, hi: 0xbf},
+	// Block 0x20, offset 0x153
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa0},
+	{value: 0x2018, lo: 0xa1, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x21, offset 0x158
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa7},
+	{value: 0x2018, lo: 0xa8, hi: 0xbf},
+	// Block 0x22, offset 0x15b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x2018, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0xbf},
+	// Block 0x23, offset 0x15e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0008, lo: 0x80, hi: 0xbf},
+	// Block 0x24, offset 0x160
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x99},
+	{value: 0x0008, lo: 0x9a, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x25, offset 0x16c
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x26, offset 0x177
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x27, offset 0x17f
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0x0008, lo: 0x92, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbf},
+	// Block 0x28, offset 0x185
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x29, offset 0x18b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x2a, offset 0x190
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x2b, offset 0x195
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x2c, offset 0x198
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xbf},
+	// Block 0x2d, offset 0x19c
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x2e, offset 0x1a2
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0x2f, offset 0x1a7
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8d},
+	{value: 0x0008, lo: 0x8e, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x3b08, lo: 0x94, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3b08, lo: 0xb4, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x30, offset 0x1b3
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x31, offset 0x1bd
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xb3},
+	{value: 0x3340, lo: 0xb4, hi: 0xb5},
+	{value: 0x3008, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbf},
+	// Block 0x32, offset 0x1c3
+	{value: 0x0000, lo: 0x10},
+	{value: 0x3008, lo: 0x80, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x3008, lo: 0x87, hi: 0x88},
+	{value: 0x3308, lo: 0x89, hi: 0x91},
+	{value: 0x3b08, lo: 0x92, hi: 0x92},
+	{value: 0x3308, lo: 0x93, hi: 0x93},
+	{value: 0x0018, lo: 0x94, hi: 0x96},
+	{value: 0x0008, lo: 0x97, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x33, offset 0x1d4
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0018, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x86},
+	{value: 0x0218, lo: 0x87, hi: 0x87},
+	{value: 0x0018, lo: 0x88, hi: 0x8a},
+	{value: 0x33c0, lo: 0x8b, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0208, lo: 0xa0, hi: 0xbf},
+	// Block 0x34, offset 0x1de
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0208, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x35, offset 0x1e1
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0208, lo: 0x87, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xa9},
+	{value: 0x0208, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x36, offset 0x1e9
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0x37, offset 0x1ec
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb8},
+	{value: 0x3308, lo: 0xb9, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x38, offset 0x1f9
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0008, lo: 0x86, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0x39, offset 0x201
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x3a, offset 0x205
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0028, lo: 0x9a, hi: 0x9a},
+	{value: 0x0040, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0xbf},
+	// Block 0x3b, offset 0x20c
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x3308, lo: 0x97, hi: 0x98},
+	{value: 0x3008, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x3c, offset 0x214
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x94},
+	{value: 0x3008, lo: 0x95, hi: 0x95},
+	{value: 0x3308, lo: 0x96, hi: 0x96},
+	{value: 0x3008, lo: 0x97, hi: 0x97},
+	{value: 0x3308, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3b08, lo: 0xa0, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xac},
+	{value: 0x3008, lo: 0xad, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0x3d, offset 0x224
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xbd},
+	{value: 0x3318, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x3e, offset 0x230
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0040, lo: 0x80, hi: 0xbf},
+	// Block 0x3f, offset 0x232
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x83},
+	{value: 0x3008, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbf},
+	// Block 0x40, offset 0x23c
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x3808, lo: 0x84, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x41, offset 0x248
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3808, lo: 0xaa, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xbf},
+	// Block 0x42, offset 0x254
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa9},
+	{value: 0x3008, lo: 0xaa, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3808, lo: 0xb2, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbf},
+	// Block 0x43, offset 0x260
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x3008, lo: 0xa4, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbf},
+	// Block 0x44, offset 0x268
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x45, offset 0x26d
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0e29, lo: 0x80, hi: 0x80},
+	{value: 0x0e41, lo: 0x81, hi: 0x81},
+	{value: 0x0e59, lo: 0x82, hi: 0x82},
+	{value: 0x0e71, lo: 0x83, hi: 0x83},
+	{value: 0x0e89, lo: 0x84, hi: 0x85},
+	{value: 0x0ea1, lo: 0x86, hi: 0x86},
+	{value: 0x0eb9, lo: 0x87, hi: 0x87},
+	{value: 0x057d, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0x46, offset 0x277
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x92},
+	{value: 0x0018, lo: 0x93, hi: 0x93},
+	{value: 0x3308, lo: 0x94, hi: 0xa0},
+	{value: 0x3008, lo: 0xa1, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa8},
+	{value: 0x0008, lo: 0xa9, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x0008, lo: 0xae, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x47, offset 0x288
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0x48, offset 0x28c
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x87},
+	{value: 0xe045, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0xe045, lo: 0x98, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0xe045, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb7},
+	{value: 0xe045, lo: 0xb8, hi: 0xbf},
+	// Block 0x49, offset 0x297
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x3318, lo: 0x90, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbf},
+	// Block 0x4a, offset 0x29b
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x88},
+	{value: 0x24c1, lo: 0x89, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x4b, offset 0x2a4
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x24f1, lo: 0xac, hi: 0xac},
+	{value: 0x2529, lo: 0xad, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xae},
+	{value: 0x2579, lo: 0xaf, hi: 0xaf},
+	{value: 0x25b1, lo: 0xb0, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0x4c, offset 0x2ac
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x9f},
+	{value: 0x0080, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xad},
+	{value: 0x0080, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x4d, offset 0x2b2
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xa8},
+	{value: 0x09c5, lo: 0xa9, hi: 0xa9},
+	{value: 0x09e5, lo: 0xaa, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xbf},
+	// Block 0x4e, offset 0x2b7
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x4f, offset 0x2ba
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xbf},
+	// Block 0x50, offset 0x2bd
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x28c1, lo: 0x8c, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0xbf},
+	// Block 0x51, offset 0x2c1
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0e66, lo: 0xb4, hi: 0xb4},
+	{value: 0x292a, lo: 0xb5, hi: 0xb5},
+	{value: 0x0e86, lo: 0xb6, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x52, offset 0x2c7
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x9b},
+	{value: 0x2941, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0xbf},
+	// Block 0x53, offset 0x2cb
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0x54, offset 0x2cf
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0018, lo: 0x98, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbc},
+	{value: 0x0018, lo: 0xbd, hi: 0xbf},
+	// Block 0x55, offset 0x2d5
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0xab},
+	{value: 0x0018, lo: 0xac, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x56, offset 0x2dc
+	{value: 0x0000, lo: 0x05},
+	{value: 0xe185, lo: 0x80, hi: 0x8f},
+	{value: 0x03f5, lo: 0x90, hi: 0x9f},
+	{value: 0x0ea5, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x57, offset 0x2e2
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xa6},
+	{value: 0x0008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xac},
+	{value: 0x0008, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x58, offset 0x2ea
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xae},
+	{value: 0xe075, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0x59, offset 0x2f1
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x0008, lo: 0xb8, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x5a, offset 0x2fc
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xbf},
+	// Block 0x5b, offset 0x306
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0008, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x5c, offset 0x30a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0xbf},
+	// Block 0x5d, offset 0x30d
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9e},
+	{value: 0x0edd, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0x5e, offset 0x313
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xb2},
+	{value: 0x0efd, lo: 0xb3, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0x5f, offset 0x317
+	{value: 0x0020, lo: 0x01},
+	{value: 0x0f1d, lo: 0x80, hi: 0xbf},
+	// Block 0x60, offset 0x319
+	{value: 0x0020, lo: 0x02},
+	{value: 0x171d, lo: 0x80, hi: 0x8f},
+	{value: 0x18fd, lo: 0x90, hi: 0xbf},
+	// Block 0x61, offset 0x31c
+	{value: 0x0020, lo: 0x01},
+	{value: 0x1efd, lo: 0x80, hi: 0xbf},
+	// Block 0x62, offset 0x31e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0xbf},
+	// Block 0x63, offset 0x321
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x98},
+	{value: 0x3308, lo: 0x99, hi: 0x9a},
+	{value: 0x29e2, lo: 0x9b, hi: 0x9b},
+	{value: 0x2a0a, lo: 0x9c, hi: 0x9c},
+	{value: 0x0008, lo: 0x9d, hi: 0x9e},
+	{value: 0x2a31, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0008, lo: 0xa1, hi: 0xbf},
+	// Block 0x64, offset 0x32b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xbe},
+	{value: 0x2a69, lo: 0xbf, hi: 0xbf},
+	// Block 0x65, offset 0x32e
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0040, lo: 0x80, hi: 0x84},
+	{value: 0x0008, lo: 0x85, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xb0},
+	{value: 0x2a1d, lo: 0xb1, hi: 0xb1},
+	{value: 0x2a3d, lo: 0xb2, hi: 0xb2},
+	{value: 0x2a5d, lo: 0xb3, hi: 0xb3},
+	{value: 0x2a7d, lo: 0xb4, hi: 0xb4},
+	{value: 0x2a5d, lo: 0xb5, hi: 0xb5},
+	{value: 0x2a9d, lo: 0xb6, hi: 0xb6},
+	{value: 0x2abd, lo: 0xb7, hi: 0xb7},
+	{value: 0x2add, lo: 0xb8, hi: 0xb9},
+	{value: 0x2afd, lo: 0xba, hi: 0xbb},
+	{value: 0x2b1d, lo: 0xbc, hi: 0xbd},
+	{value: 0x2afd, lo: 0xbe, hi: 0xbf},
+	// Block 0x66, offset 0x33d
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x67, offset 0x341
+	{value: 0x0030, lo: 0x04},
+	{value: 0x2aa2, lo: 0x80, hi: 0x9d},
+	{value: 0x305a, lo: 0x9e, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x30a2, lo: 0xa0, hi: 0xbf},
+	// Block 0x68, offset 0x346
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0xbf},
+	// Block 0x69, offset 0x349
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0040, lo: 0x8d, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0x6a, offset 0x34d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0x6b, offset 0x352
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xbf},
+	// Block 0x6c, offset 0x357
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb1},
+	{value: 0x0018, lo: 0xb2, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x6d, offset 0x35d
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0xb6},
+	{value: 0x0008, lo: 0xb7, hi: 0xb7},
+	{value: 0x2009, lo: 0xb8, hi: 0xb8},
+	{value: 0x6e89, lo: 0xb9, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xbf},
+	// Block 0x6e, offset 0x363
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x3308, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x3308, lo: 0x8b, hi: 0x8b},
+	{value: 0x0008, lo: 0x8c, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa6},
+	{value: 0x3008, lo: 0xa7, hi: 0xa7},
+	{value: 0x0018, lo: 0xa8, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x6f, offset 0x372
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0208, lo: 0x80, hi: 0xb1},
+	{value: 0x0108, lo: 0xb2, hi: 0xb2},
+	{value: 0x0008, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0x70, offset 0x378
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xbf},
+	// Block 0x71, offset 0x37c
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x3008, lo: 0x80, hi: 0x83},
+	{value: 0x3b08, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8d},
+	{value: 0x0018, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xba},
+	{value: 0x0008, lo: 0xbb, hi: 0xbb},
+	{value: 0x0018, lo: 0xbc, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x72, offset 0x38b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x73, offset 0x390
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x3308, lo: 0x87, hi: 0x91},
+	{value: 0x3008, lo: 0x92, hi: 0x92},
+	{value: 0x3808, lo: 0x93, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0x74, offset 0x398
+	{value: 0x0000, lo: 0x09},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x3008, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb9},
+	{value: 0x3008, lo: 0xba, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbf},
+	// Block 0x75, offset 0x3a2
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0x76, offset 0x3ad
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xa8},
+	{value: 0x3308, lo: 0xa9, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb0},
+	{value: 0x3308, lo: 0xb1, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x77, offset 0x3b5
+	{value: 0x0000, lo: 0x10},
+	{value: 0x0008, lo: 0x80, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8c},
+	{value: 0x3008, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xb9},
+	{value: 0x0008, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbc},
+	{value: 0x3008, lo: 0xbd, hi: 0xbd},
+	{value: 0x0008, lo: 0xbe, hi: 0xbf},
+	// Block 0x78, offset 0x3c6
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb0},
+	{value: 0x0008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb4},
+	{value: 0x0008, lo: 0xb5, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb8},
+	{value: 0x0008, lo: 0xb9, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbf},
+	// Block 0x79, offset 0x3cf
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x9a},
+	{value: 0x0008, lo: 0x9b, hi: 0x9d},
+	{value: 0x0018, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xaa},
+	{value: 0x3008, lo: 0xab, hi: 0xab},
+	{value: 0x3308, lo: 0xac, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb5},
+	{value: 0x3b08, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x7a, offset 0x3df
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x88},
+	{value: 0x0008, lo: 0x89, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x90},
+	{value: 0x0008, lo: 0x91, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x7b, offset 0x3ec
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x4465, lo: 0x9c, hi: 0x9c},
+	{value: 0x447d, lo: 0x9d, hi: 0x9d},
+	{value: 0x2971, lo: 0x9e, hi: 0x9e},
+	{value: 0xe06d, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa5},
+	{value: 0x0040, lo: 0xa6, hi: 0xaf},
+	{value: 0x4495, lo: 0xb0, hi: 0xbf},
+	// Block 0x7c, offset 0x3f6
+	{value: 0x0000, lo: 0x04},
+	{value: 0x44b5, lo: 0x80, hi: 0x8f},
+	{value: 0x44d5, lo: 0x90, hi: 0x9f},
+	{value: 0x44f5, lo: 0xa0, hi: 0xaf},
+	{value: 0x44d5, lo: 0xb0, hi: 0xbf},
+	// Block 0x7d, offset 0x3fb
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0xa2},
+	{value: 0x3008, lo: 0xa3, hi: 0xa4},
+	{value: 0x3308, lo: 0xa5, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa7},
+	{value: 0x3308, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xaa},
+	{value: 0x0018, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3b08, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0x7e, offset 0x408
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0x7f, offset 0x40c
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x80, offset 0x411
+	{value: 0x0020, lo: 0x01},
+	{value: 0x4515, lo: 0x80, hi: 0xbf},
+	// Block 0x81, offset 0x413
+	{value: 0x0020, lo: 0x03},
+	{value: 0x4d15, lo: 0x80, hi: 0x94},
+	{value: 0x4ad5, lo: 0x95, hi: 0x95},
+	{value: 0x4fb5, lo: 0x96, hi: 0xbf},
+	// Block 0x82, offset 0x417
+	{value: 0x0020, lo: 0x01},
+	{value: 0x54f5, lo: 0x80, hi: 0xbf},
+	// Block 0x83, offset 0x419
+	{value: 0x0020, lo: 0x03},
+	{value: 0x5cf5, lo: 0x80, hi: 0x84},
+	{value: 0x5655, lo: 0x85, hi: 0x85},
+	{value: 0x5d95, lo: 0x86, hi: 0xbf},
+	// Block 0x84, offset 0x41d
+	{value: 0x0020, lo: 0x08},
+	{value: 0x6b55, lo: 0x80, hi: 0x8f},
+	{value: 0x6d15, lo: 0x90, hi: 0x90},
+	{value: 0x6d55, lo: 0x91, hi: 0xab},
+	{value: 0x6ea1, lo: 0xac, hi: 0xac},
+	{value: 0x70b5, lo: 0xad, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x70d5, lo: 0xb0, hi: 0xbf},
+	// Block 0x85, offset 0x426
+	{value: 0x0020, lo: 0x05},
+	{value: 0x72d5, lo: 0x80, hi: 0xad},
+	{value: 0x6535, lo: 0xae, hi: 0xae},
+	{value: 0x7895, lo: 0xaf, hi: 0xb5},
+	{value: 0x6f55, lo: 0xb6, hi: 0xb6},
+	{value: 0x7975, lo: 0xb7, hi: 0xbf},
+	// Block 0x86, offset 0x42c
+	{value: 0x0028, lo: 0x03},
+	{value: 0x7c21, lo: 0x80, hi: 0x82},
+	{value: 0x7be1, lo: 0x83, hi: 0x83},
+	{value: 0x7c99, lo: 0x84, hi: 0xbf},
+	// Block 0x87, offset 0x430
+	{value: 0x0038, lo: 0x0f},
+	{value: 0x9db1, lo: 0x80, hi: 0x83},
+	{value: 0x9e59, lo: 0x84, hi: 0x85},
+	{value: 0x9e91, lo: 0x86, hi: 0x87},
+	{value: 0x9ec9, lo: 0x88, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x91},
+	{value: 0xa089, lo: 0x92, hi: 0x97},
+	{value: 0xa1a1, lo: 0x98, hi: 0x9c},
+	{value: 0xa281, lo: 0x9d, hi: 0xb3},
+	{value: 0x9d41, lo: 0xb4, hi: 0xb4},
+	{value: 0x9db1, lo: 0xb5, hi: 0xb5},
+	{value: 0xa789, lo: 0xb6, hi: 0xbb},
+	{value: 0xa869, lo: 0xbc, hi: 0xbc},
+	{value: 0xa7f9, lo: 0xbd, hi: 0xbd},
+	{value: 0xa8d9, lo: 0xbe, hi: 0xbf},
+	// Block 0x88, offset 0x440
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8c},
+	{value: 0x0008, lo: 0x8d, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbb},
+	{value: 0x0008, lo: 0xbc, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0x89, offset 0x44a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0x8a, offset 0x44f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x8b, offset 0x452
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x82},
+	{value: 0x0040, lo: 0x83, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0x8c, offset 0x458
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x8e},
+	{value: 0x0040, lo: 0x8f, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0x8d, offset 0x45f
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x0040, lo: 0xbe, hi: 0xbf},
+	// Block 0x8e, offset 0x464
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9c},
+	{value: 0x0040, lo: 0x9d, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x8f, offset 0x468
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x90},
+	{value: 0x0040, lo: 0x91, hi: 0x9f},
+	{value: 0x3308, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x90, offset 0x46e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x91, offset 0x473
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x81},
+	{value: 0x0008, lo: 0x82, hi: 0x89},
+	{value: 0x0018, lo: 0x8a, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbf},
+	// Block 0x92, offset 0x47c
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0x93, offset 0x481
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0xbf},
+	// Block 0x94, offset 0x487
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x97},
+	{value: 0x8ad5, lo: 0x98, hi: 0x9f},
+	{value: 0x8aed, lo: 0xa0, hi: 0xa7},
+	{value: 0x0008, lo: 0xa8, hi: 0xbf},
+	// Block 0x95, offset 0x48e
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x8aed, lo: 0xb0, hi: 0xb7},
+	{value: 0x8ad5, lo: 0xb8, hi: 0xbf},
+	// Block 0x96, offset 0x495
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe145, lo: 0x80, hi: 0x87},
+	{value: 0xe1c5, lo: 0x88, hi: 0x8f},
+	{value: 0xe145, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0xbb},
+	{value: 0x0040, lo: 0xbc, hi: 0xbf},
+	// Block 0x97, offset 0x49c
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0x98, offset 0x4a0
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xae},
+	{value: 0x0018, lo: 0xaf, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x99, offset 0x4a5
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0x9a, offset 0x4a8
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xbf},
+	// Block 0x9b, offset 0x4ad
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0808, lo: 0x80, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x87},
+	{value: 0x0808, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0808, lo: 0x8a, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb6},
+	{value: 0x0808, lo: 0xb7, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbb},
+	{value: 0x0808, lo: 0xbc, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbe},
+	{value: 0x0808, lo: 0xbf, hi: 0xbf},
+	// Block 0x9c, offset 0x4b9
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x96},
+	{value: 0x0818, lo: 0x97, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb6},
+	{value: 0x0818, lo: 0xb7, hi: 0xbf},
+	// Block 0x9d, offset 0x4bf
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xa6},
+	{value: 0x0818, lo: 0xa7, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0x9e, offset 0x4c4
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb3},
+	{value: 0x0808, lo: 0xb4, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xba},
+	{value: 0x0818, lo: 0xbb, hi: 0xbf},
+	// Block 0x9f, offset 0x4cb
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0818, lo: 0x96, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbe},
+	{value: 0x0818, lo: 0xbf, hi: 0xbf},
+	// Block 0xa0, offset 0x4d3
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0808, lo: 0x80, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbb},
+	{value: 0x0818, lo: 0xbc, hi: 0xbd},
+	{value: 0x0808, lo: 0xbe, hi: 0xbf},
+	// Block 0xa1, offset 0x4d8
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0818, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x0818, lo: 0x92, hi: 0xbf},
+	// Block 0xa2, offset 0x4dc
+	{value: 0x0000, lo: 0x0f},
+	{value: 0x0808, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x84},
+	{value: 0x3308, lo: 0x85, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x8b},
+	{value: 0x3308, lo: 0x8c, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x94},
+	{value: 0x0808, lo: 0x95, hi: 0x97},
+	{value: 0x0040, lo: 0x98, hi: 0x98},
+	{value: 0x0808, lo: 0x99, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xba},
+	{value: 0x0040, lo: 0xbb, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xa3, offset 0x4ec
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0818, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0818, lo: 0x90, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xbc},
+	{value: 0x0818, lo: 0xbd, hi: 0xbf},
+	// Block 0xa4, offset 0x4f3
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0x9c},
+	{value: 0x0818, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xa5, offset 0x4f7
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb8},
+	{value: 0x0018, lo: 0xb9, hi: 0xbf},
+	// Block 0xa6, offset 0x4fb
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0808, lo: 0x80, hi: 0x95},
+	{value: 0x0040, lo: 0x96, hi: 0x97},
+	{value: 0x0818, lo: 0x98, hi: 0x9f},
+	{value: 0x0808, lo: 0xa0, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb7},
+	{value: 0x0818, lo: 0xb8, hi: 0xbf},
+	// Block 0xa7, offset 0x502
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0808, lo: 0x80, hi: 0xbf},
+	// Block 0xa8, offset 0x504
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0808, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0xbf},
+	// Block 0xa9, offset 0x507
+	{value: 0x0000, lo: 0x02},
+	{value: 0x03dd, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xaa, offset 0x50a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0808, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xb9},
+	{value: 0x0818, lo: 0xba, hi: 0xbf},
+	// Block 0xab, offset 0x50e
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0818, lo: 0xa0, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xac, offset 0x512
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3008, lo: 0x80, hi: 0x80},
+	{value: 0x3308, lo: 0x81, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xad, offset 0x518
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x85},
+	{value: 0x3b08, lo: 0x86, hi: 0x86},
+	{value: 0x0018, lo: 0x87, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x91},
+	{value: 0x0018, lo: 0x92, hi: 0xa5},
+	{value: 0x0008, lo: 0xa6, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xae, offset 0x521
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb6},
+	{value: 0x3008, lo: 0xb7, hi: 0xb8},
+	{value: 0x3b08, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x0018, lo: 0xbb, hi: 0xbc},
+	{value: 0x0340, lo: 0xbd, hi: 0xbd},
+	{value: 0x0018, lo: 0xbe, hi: 0xbf},
+	// Block 0xaf, offset 0x52d
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xb0, offset 0x534
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xb2},
+	{value: 0x3b08, lo: 0xb3, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xbf},
+	// Block 0xb1, offset 0x53d
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb3},
+	{value: 0x0018, lo: 0xb4, hi: 0xb5},
+	{value: 0x0008, lo: 0xb6, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xb2, offset 0x545
+	{value: 0x0000, lo: 0x06},
+	{value: 0x3308, lo: 0x80, hi: 0x81},
+	{value: 0x3008, lo: 0x82, hi: 0x82},
+	{value: 0x0008, lo: 0x83, hi: 0xb2},
+	{value: 0x3008, lo: 0xb3, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xbe},
+	{value: 0x3008, lo: 0xbf, hi: 0xbf},
+	// Block 0xb3, offset 0x54c
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3808, lo: 0x80, hi: 0x80},
+	{value: 0x0008, lo: 0x81, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x89},
+	{value: 0x3308, lo: 0x8a, hi: 0x8c},
+	{value: 0x0018, lo: 0x8d, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0008, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x0018, lo: 0xa1, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xb4, offset 0x55a
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xae},
+	{value: 0x3308, lo: 0xaf, hi: 0xb1},
+	{value: 0x3008, lo: 0xb2, hi: 0xb3},
+	{value: 0x3308, lo: 0xb4, hi: 0xb4},
+	{value: 0x3808, lo: 0xb5, hi: 0xb5},
+	{value: 0x3308, lo: 0xb6, hi: 0xb7},
+	{value: 0x0018, lo: 0xb8, hi: 0xbd},
+	{value: 0x3308, lo: 0xbe, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xb5, offset 0x567
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x0008, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0x8d},
+	{value: 0x0040, lo: 0x8e, hi: 0x8e},
+	{value: 0x0008, lo: 0x8f, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9e},
+	{value: 0x0008, lo: 0x9f, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbf},
+	// Block 0xb6, offset 0x574
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x3308, lo: 0x9f, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa9},
+	{value: 0x3b08, lo: 0xaa, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0040, lo: 0xba, hi: 0xbf},
+	// Block 0xb7, offset 0x57d
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x3008, lo: 0xb5, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbf},
+	// Block 0xb8, offset 0x581
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x3008, lo: 0x80, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x84},
+	{value: 0x3008, lo: 0x85, hi: 0x85},
+	{value: 0x3308, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x8a},
+	{value: 0x0018, lo: 0x8b, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0x9b},
+	{value: 0x0040, lo: 0x9c, hi: 0x9c},
+	{value: 0x0018, lo: 0x9d, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0xb9, offset 0x58f
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xb8},
+	{value: 0x3008, lo: 0xb9, hi: 0xb9},
+	{value: 0x3308, lo: 0xba, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbe},
+	{value: 0x3308, lo: 0xbf, hi: 0xbf},
+	// Block 0xba, offset 0x597
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x3008, lo: 0x81, hi: 0x81},
+	{value: 0x3b08, lo: 0x82, hi: 0x82},
+	{value: 0x3308, lo: 0x83, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x85},
+	{value: 0x0018, lo: 0x86, hi: 0x86},
+	{value: 0x0008, lo: 0x87, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xbb, offset 0x5a2
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xb7},
+	{value: 0x3008, lo: 0xb8, hi: 0xbb},
+	{value: 0x3308, lo: 0xbc, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xbc, offset 0x5ab
+	{value: 0x0000, lo: 0x05},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x97},
+	{value: 0x0008, lo: 0x98, hi: 0x9b},
+	{value: 0x3308, lo: 0x9c, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0xbf},
+	// Block 0xbd, offset 0x5b1
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3008, lo: 0xb0, hi: 0xb2},
+	{value: 0x3308, lo: 0xb3, hi: 0xba},
+	{value: 0x3008, lo: 0xbb, hi: 0xbc},
+	{value: 0x3308, lo: 0xbd, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xbe, offset 0x5b9
+	{value: 0x0000, lo: 0x08},
+	{value: 0x3308, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x83},
+	{value: 0x0008, lo: 0x84, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xbf, offset 0x5c2
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x3308, lo: 0xab, hi: 0xab},
+	{value: 0x3008, lo: 0xac, hi: 0xac},
+	{value: 0x3308, lo: 0xad, hi: 0xad},
+	{value: 0x3008, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb5},
+	{value: 0x3808, lo: 0xb6, hi: 0xb6},
+	{value: 0x3308, lo: 0xb7, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbf},
+	// Block 0xc0, offset 0x5cc
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x89},
+	{value: 0x0040, lo: 0x8a, hi: 0xbf},
+	// Block 0xc1, offset 0x5cf
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9f},
+	{value: 0x3008, lo: 0xa0, hi: 0xa1},
+	{value: 0x3308, lo: 0xa2, hi: 0xa5},
+	{value: 0x3008, lo: 0xa6, hi: 0xa6},
+	{value: 0x3308, lo: 0xa7, hi: 0xaa},
+	{value: 0x3b08, lo: 0xab, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xb9},
+	{value: 0x0018, lo: 0xba, hi: 0xbf},
+	// Block 0xc2, offset 0x5db
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x049d, lo: 0xa0, hi: 0xbf},
+	// Block 0xc3, offset 0x5de
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbe},
+	{value: 0x0008, lo: 0xbf, hi: 0xbf},
+	// Block 0xc4, offset 0x5e3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb8},
+	{value: 0x0040, lo: 0xb9, hi: 0xbf},
+	// Block 0xc5, offset 0x5e6
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x89},
+	{value: 0x0008, lo: 0x8a, hi: 0xae},
+	{value: 0x3008, lo: 0xaf, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xb7},
+	{value: 0x3308, lo: 0xb8, hi: 0xbd},
+	{value: 0x3008, lo: 0xbe, hi: 0xbe},
+	{value: 0x3b08, lo: 0xbf, hi: 0xbf},
+	// Block 0xc6, offset 0x5f0
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0008, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0018, lo: 0x9a, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0008, lo: 0xb2, hi: 0xbf},
+	// Block 0xc7, offset 0x5f9
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x91},
+	{value: 0x3308, lo: 0x92, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xa8},
+	{value: 0x3008, lo: 0xa9, hi: 0xa9},
+	{value: 0x3308, lo: 0xaa, hi: 0xb0},
+	{value: 0x3008, lo: 0xb1, hi: 0xb1},
+	{value: 0x3308, lo: 0xb2, hi: 0xb3},
+	{value: 0x3008, lo: 0xb4, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xc8, offset 0x605
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0xbf},
+	// Block 0xc9, offset 0x608
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xca, offset 0x60d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0040, lo: 0x84, hi: 0xbf},
+	// Block 0xcb, offset 0x610
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xbf},
+	// Block 0xcc, offset 0x613
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0xbf},
+	// Block 0xcd, offset 0x616
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0008, lo: 0x80, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa9},
+	{value: 0x0040, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xce, offset 0x61d
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb4},
+	{value: 0x0018, lo: 0xb5, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xcf, offset 0x624
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0xaf},
+	{value: 0x3308, lo: 0xb0, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xbf},
+	// Block 0xd0, offset 0x628
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x0008, lo: 0x80, hi: 0x83},
+	{value: 0x0018, lo: 0x84, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9a},
+	{value: 0x0018, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x0008, lo: 0xa3, hi: 0xb7},
+	{value: 0x0040, lo: 0xb8, hi: 0xbc},
+	{value: 0x0008, lo: 0xbd, hi: 0xbf},
+	// Block 0xd1, offset 0x633
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0xbf},
+	// Block 0xd2, offset 0x636
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0008, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x90},
+	{value: 0x3008, lo: 0x91, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xd3, offset 0x63c
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x8e},
+	{value: 0x3308, lo: 0x8f, hi: 0x92},
+	{value: 0x0008, lo: 0x93, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xd4, offset 0x641
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xa0},
+	{value: 0x0040, lo: 0xa1, hi: 0xbf},
+	// Block 0xd5, offset 0x645
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xd6, offset 0x648
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb2},
+	{value: 0x0040, lo: 0xb3, hi: 0xbf},
+	// Block 0xd7, offset 0x64b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0xbf},
+	// Block 0xd8, offset 0x64e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0008, lo: 0x80, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xaf},
+	{value: 0x0008, lo: 0xb0, hi: 0xbc},
+	{value: 0x0040, lo: 0xbd, hi: 0xbf},
+	// Block 0xd9, offset 0x653
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0008, lo: 0x80, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0x0008, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9b},
+	{value: 0x0018, lo: 0x9c, hi: 0x9c},
+	{value: 0x3308, lo: 0x9d, hi: 0x9e},
+	{value: 0x0018, lo: 0x9f, hi: 0x9f},
+	{value: 0x03c0, lo: 0xa0, hi: 0xa3},
+	{value: 0x0040, lo: 0xa4, hi: 0xbf},
+	// Block 0xda, offset 0x65d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xdb, offset 0x660
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xa6},
+	{value: 0x0040, lo: 0xa7, hi: 0xa8},
+	{value: 0x0018, lo: 0xa9, hi: 0xbf},
+	// Block 0xdc, offset 0x664
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x0018, lo: 0x80, hi: 0x9d},
+	{value: 0xb5b9, lo: 0x9e, hi: 0x9e},
+	{value: 0xb601, lo: 0x9f, hi: 0x9f},
+	{value: 0xb649, lo: 0xa0, hi: 0xa0},
+	{value: 0xb6b1, lo: 0xa1, hi: 0xa1},
+	{value: 0xb719, lo: 0xa2, hi: 0xa2},
+	{value: 0xb781, lo: 0xa3, hi: 0xa3},
+	{value: 0xb7e9, lo: 0xa4, hi: 0xa4},
+	{value: 0x3018, lo: 0xa5, hi: 0xa6},
+	{value: 0x3318, lo: 0xa7, hi: 0xa9},
+	{value: 0x0018, lo: 0xaa, hi: 0xac},
+	{value: 0x3018, lo: 0xad, hi: 0xb2},
+	{value: 0x0340, lo: 0xb3, hi: 0xba},
+	{value: 0x3318, lo: 0xbb, hi: 0xbf},
+	// Block 0xdd, offset 0x673
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x3318, lo: 0x80, hi: 0x82},
+	{value: 0x0018, lo: 0x83, hi: 0x84},
+	{value: 0x3318, lo: 0x85, hi: 0x8b},
+	{value: 0x0018, lo: 0x8c, hi: 0xa9},
+	{value: 0x3318, lo: 0xaa, hi: 0xad},
+	{value: 0x0018, lo: 0xae, hi: 0xba},
+	{value: 0xb851, lo: 0xbb, hi: 0xbb},
+	{value: 0xb899, lo: 0xbc, hi: 0xbc},
+	{value: 0xb8e1, lo: 0xbd, hi: 0xbd},
+	{value: 0xb949, lo: 0xbe, hi: 0xbe},
+	{value: 0xb9b1, lo: 0xbf, hi: 0xbf},
+	// Block 0xde, offset 0x67f
+	{value: 0x0000, lo: 0x03},
+	{value: 0xba19, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0xa8},
+	{value: 0x0040, lo: 0xa9, hi: 0xbf},
+	// Block 0xdf, offset 0x683
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x81},
+	{value: 0x3318, lo: 0x82, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x85},
+	{value: 0x0040, lo: 0x86, hi: 0xbf},
+	// Block 0xe0, offset 0x688
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xe1, offset 0x68d
+	{value: 0x0000, lo: 0x03},
+	{value: 0x3308, lo: 0x80, hi: 0xb6},
+	{value: 0x0018, lo: 0xb7, hi: 0xba},
+	{value: 0x3308, lo: 0xbb, hi: 0xbf},
+	// Block 0xe2, offset 0x691
+	{value: 0x0000, lo: 0x04},
+	{value: 0x3308, lo: 0x80, hi: 0xac},
+	{value: 0x0018, lo: 0xad, hi: 0xb4},
+	{value: 0x3308, lo: 0xb5, hi: 0xb5},
+	{value: 0x0018, lo: 0xb6, hi: 0xbf},
+	// Block 0xe3, offset 0x696
+	{value: 0x0000, lo: 0x08},
+	{value: 0x0018, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x84},
+	{value: 0x0018, lo: 0x85, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xa0},
+	{value: 0x3308, lo: 0xa1, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+	// Block 0xe4, offset 0x69f
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x3308, lo: 0x80, hi: 0x86},
+	{value: 0x0040, lo: 0x87, hi: 0x87},
+	{value: 0x3308, lo: 0x88, hi: 0x98},
+	{value: 0x0040, lo: 0x99, hi: 0x9a},
+	{value: 0x3308, lo: 0x9b, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xa2},
+	{value: 0x3308, lo: 0xa3, hi: 0xa4},
+	{value: 0x0040, lo: 0xa5, hi: 0xa5},
+	{value: 0x3308, lo: 0xa6, hi: 0xaa},
+	{value: 0x0040, lo: 0xab, hi: 0xbf},
+	// Block 0xe5, offset 0x6aa
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0808, lo: 0x80, hi: 0x84},
+	{value: 0x0040, lo: 0x85, hi: 0x86},
+	{value: 0x0818, lo: 0x87, hi: 0x8f},
+	{value: 0x3308, lo: 0x90, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0xe6, offset 0x6b0
+	{value: 0x0000, lo: 0x07},
+	{value: 0x0a08, lo: 0x80, hi: 0x83},
+	{value: 0x3308, lo: 0x84, hi: 0x8a},
+	{value: 0x0040, lo: 0x8b, hi: 0x8f},
+	{value: 0x0808, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9d},
+	{value: 0x0818, lo: 0x9e, hi: 0x9f},
+	{value: 0x0040, lo: 0xa0, hi: 0xbf},
+	// Block 0xe7, offset 0x6b8
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0040, lo: 0x80, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb1},
+	{value: 0x0040, lo: 0xb2, hi: 0xbf},
+	// Block 0xe8, offset 0x6bc
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0xab},
+	{value: 0x0040, lo: 0xac, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xbf},
+	// Block 0xe9, offset 0x6c0
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x93},
+	{value: 0x0040, lo: 0x94, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xae},
+	{value: 0x0040, lo: 0xaf, hi: 0xb0},
+	{value: 0x0018, lo: 0xb1, hi: 0xbf},
+	// Block 0xea, offset 0x6c6
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0018, lo: 0x81, hi: 0x8f},
+	{value: 0x0040, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xb5},
+	{value: 0x0040, lo: 0xb6, hi: 0xbf},
+	// Block 0xeb, offset 0x6cc
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8f},
+	{value: 0xc1c1, lo: 0x90, hi: 0x90},
+	{value: 0x0018, lo: 0x91, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xbf},
+	// Block 0xec, offset 0x6d1
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0040, lo: 0x80, hi: 0xa5},
+	{value: 0x0018, lo: 0xa6, hi: 0xbf},
+	// Block 0xed, offset 0x6d4
+	{value: 0x0000, lo: 0x0d},
+	{value: 0xc7e9, lo: 0x80, hi: 0x80},
+	{value: 0xc839, lo: 0x81, hi: 0x81},
+	{value: 0xc889, lo: 0x82, hi: 0x82},
+	{value: 0xc8d9, lo: 0x83, hi: 0x83},
+	{value: 0xc929, lo: 0x84, hi: 0x84},
+	{value: 0xc979, lo: 0x85, hi: 0x85},
+	{value: 0xc9c9, lo: 0x86, hi: 0x86},
+	{value: 0xca19, lo: 0x87, hi: 0x87},
+	{value: 0xca69, lo: 0x88, hi: 0x88},
+	{value: 0x0040, lo: 0x89, hi: 0x8f},
+	{value: 0xcab9, lo: 0x90, hi: 0x90},
+	{value: 0xcad9, lo: 0x91, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0xbf},
+	// Block 0xee, offset 0x6e2
+	{value: 0x0000, lo: 0x06},
+	{value: 0x0018, lo: 0x80, hi: 0x92},
+	{value: 0x0040, lo: 0x93, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xac},
+	{value: 0x0040, lo: 0xad, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb6},
+	{value: 0x0040, lo: 0xb7, hi: 0xbf},
+	// Block 0xef, offset 0x6e9
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0xb3},
+	{value: 0x0040, lo: 0xb4, hi: 0xbf},
+	// Block 0xf0, offset 0x6ec
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x94},
+	{value: 0x0040, lo: 0x95, hi: 0xbf},
+	// Block 0xf1, offset 0x6ef
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xbf},
+	// Block 0xf2, offset 0x6f3
+	{value: 0x0000, lo: 0x05},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x99},
+	{value: 0x0040, lo: 0x9a, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xbf},
+	// Block 0xf3, offset 0x6f9
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x87},
+	{value: 0x0040, lo: 0x88, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0xad},
+	{value: 0x0040, lo: 0xae, hi: 0xbf},
+	// Block 0xf4, offset 0x6fe
+	{value: 0x0000, lo: 0x09},
+	{value: 0x0040, lo: 0x80, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0x9f},
+	{value: 0x0018, lo: 0xa0, hi: 0xa7},
+	{value: 0x0040, lo: 0xa8, hi: 0xaf},
+	{value: 0x0018, lo: 0xb0, hi: 0xb0},
+	{value: 0x0040, lo: 0xb1, hi: 0xb2},
+	{value: 0x0018, lo: 0xb3, hi: 0xbe},
+	{value: 0x0040, lo: 0xbf, hi: 0xbf},
+	// Block 0xf5, offset 0x708
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0018, lo: 0x80, hi: 0x8b},
+	{value: 0x0040, lo: 0x8c, hi: 0x8f},
+	{value: 0x0018, lo: 0x90, hi: 0x9e},
+	{value: 0x0040, lo: 0x9f, hi: 0xbf},
+	// Block 0xf6, offset 0x70d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x91},
+	{value: 0x0040, lo: 0x92, hi: 0xbf},
+	// Block 0xf7, offset 0x710
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0018, lo: 0x80, hi: 0x80},
+	{value: 0x0040, lo: 0x81, hi: 0xbf},
+	// Block 0xf8, offset 0x713
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0x96},
+	{value: 0x0040, lo: 0x97, hi: 0xbf},
+	// Block 0xf9, offset 0x716
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xb4},
+	{value: 0x0040, lo: 0xb5, hi: 0xbf},
+	// Block 0xfa, offset 0x719
+	{value: 0x0000, lo: 0x03},
+	{value: 0x0008, lo: 0x80, hi: 0x9d},
+	{value: 0x0040, lo: 0x9e, hi: 0x9f},
+	{value: 0x0008, lo: 0xa0, hi: 0xbf},
+	// Block 0xfb, offset 0x71d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0008, lo: 0x80, hi: 0xa1},
+	{value: 0x0040, lo: 0xa2, hi: 0xbf},
+	// Block 0xfc, offset 0x720
+	{value: 0x0020, lo: 0x0f},
+	{value: 0xdeb9, lo: 0x80, hi: 0x89},
+	{value: 0x8dfd, lo: 0x8a, hi: 0x8a},
+	{value: 0xdff9, lo: 0x8b, hi: 0x9c},
+	{value: 0x8e1d, lo: 0x9d, hi: 0x9d},
+	{value: 0xe239, lo: 0x9e, hi: 0xa2},
+	{value: 0x8e3d, lo: 0xa3, hi: 0xa3},
+	{value: 0xe2d9, lo: 0xa4, hi: 0xab},
+	{value: 0x7ed5, lo: 0xac, hi: 0xac},
+	{value: 0xe3d9, lo: 0xad, hi: 0xaf},
+	{value: 0x8e5d, lo: 0xb0, hi: 0xb0},
+	{value: 0xe439, lo: 0xb1, hi: 0xb6},
+	{value: 0x8e7d, lo: 0xb7, hi: 0xb9},
+	{value: 0xe4f9, lo: 0xba, hi: 0xba},
+	{value: 0x8edd, lo: 0xbb, hi: 0xbb},
+	{value: 0xe519, lo: 0xbc, hi: 0xbf},
+	// Block 0xfd, offset 0x730
+	{value: 0x0020, lo: 0x10},
+	{value: 0x937d, lo: 0x80, hi: 0x80},
+	{value: 0xf099, lo: 0x81, hi: 0x86},
+	{value: 0x939d, lo: 0x87, hi: 0x8a},
+	{value: 0xd9f9, lo: 0x8b, hi: 0x8b},
+	{value: 0xf159, lo: 0x8c, hi: 0x96},
+	{value: 0x941d, lo: 0x97, hi: 0x97},
+	{value: 0xf2b9, lo: 0x98, hi: 0xa3},
+	{value: 0x943d, lo: 0xa4, hi: 0xa6},
+	{value: 0xf439, lo: 0xa7, hi: 0xaa},
+	{value: 0x949d, lo: 0xab, hi: 0xab},
+	{value: 0xf4b9, lo: 0xac, hi: 0xac},
+	{value: 0x94bd, lo: 0xad, hi: 0xad},
+	{value: 0xf4d9, lo: 0xae, hi: 0xaf},
+	{value: 0x94dd, lo: 0xb0, hi: 0xb1},
+	{value: 0xf519, lo: 0xb2, hi: 0xbe},
+	{value: 0x2040, lo: 0xbf, hi: 0xbf},
+	// Block 0xfe, offset 0x741
+	{value: 0x0000, lo: 0x04},
+	{value: 0x0040, lo: 0x80, hi: 0x80},
+	{value: 0x0340, lo: 0x81, hi: 0x81},
+	{value: 0x0040, lo: 0x82, hi: 0x9f},
+	{value: 0x0340, lo: 0xa0, hi: 0xbf},
+	// Block 0xff, offset 0x746
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0340, lo: 0x80, hi: 0xbf},
+	// Block 0x100, offset 0x748
+	{value: 0x0000, lo: 0x01},
+	{value: 0x33c0, lo: 0x80, hi: 0xbf},
+	// Block 0x101, offset 0x74a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x33c0, lo: 0x80, hi: 0xaf},
+	{value: 0x0040, lo: 0xb0, hi: 0xbf},
+}
+
+// Total table size 41662 bytes (40KiB); checksum: 355A58A4
diff --git a/vendor/golang.org/x/net/internal/socket/cmsghdr.go b/vendor/golang.org/x/net/internal/socket/cmsghdr.go
index 1eb07d26dee6a..4bdaaaf1ad41c 100644
--- a/vendor/golang.org/x/net/internal/socket/cmsghdr.go
+++ b/vendor/golang.org/x/net/internal/socket/cmsghdr.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/cmsghdr_bsd.go b/vendor/golang.org/x/net/internal/socket/cmsghdr_bsd.go
index d1d0c2de54b9f..0d30e0a0f2eae 100644
--- a/vendor/golang.org/x/net/internal/socket/cmsghdr_bsd.go
+++ b/vendor/golang.org/x/net/internal/socket/cmsghdr_bsd.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd netbsd openbsd
+//go:build aix || darwin || dragonfly || freebsd || netbsd || openbsd
+// +build aix darwin dragonfly freebsd netbsd openbsd
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_32bit.go b/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_32bit.go
index bac66811ddd2a..623cf30f4cc22 100644
--- a/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_32bit.go
+++ b/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_32bit.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (arm || mips || mipsle || 386) && linux
 // +build arm mips mipsle 386
 // +build linux
 
diff --git a/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_64bit.go b/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_64bit.go
index 63f0534fa7673..1ba43101fc78a 100644
--- a/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_64bit.go
+++ b/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_64bit.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build arm64 amd64 ppc64 ppc64le mips64 mips64le s390x
+//go:build (arm64 || amd64 || ppc64 || ppc64le || mips64 || mips64le || riscv64 || s390x) && linux
+// +build arm64 amd64 ppc64 ppc64le mips64 mips64le riscv64 s390x
 // +build linux
 
 package socket
diff --git a/vendor/golang.org/x/net/internal/socket/cmsghdr_solaris_64bit.go b/vendor/golang.org/x/net/internal/socket/cmsghdr_solaris_64bit.go
index 7dedd430eb0a1..d3dbe1b8e015a 100644
--- a/vendor/golang.org/x/net/internal/socket/cmsghdr_solaris_64bit.go
+++ b/vendor/golang.org/x/net/internal/socket/cmsghdr_solaris_64bit.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64
-// +build solaris
+//go:build amd64 && solaris
+// +build amd64,solaris
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/cmsghdr_stub.go b/vendor/golang.org/x/net/internal/socket/cmsghdr_stub.go
index a4e71226f809e..1d9f2ed625bc6 100644
--- a/vendor/golang.org/x/net/internal/socket/cmsghdr_stub.go
+++ b/vendor/golang.org/x/net/internal/socket/cmsghdr_stub.go
@@ -2,13 +2,24 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
 
 package socket
 
-type cmsghdr struct{}
+func controlHeaderLen() int {
+	return 0
+}
+
+func controlMessageLen(dataLen int) int {
+	return 0
+}
 
-const sizeofCmsghdr = 0
+func controlMessageSpace(dataLen int) int {
+	return 0
+}
+
+type cmsghdr struct{}
 
 func (h *cmsghdr) len() int { return 0 }
 func (h *cmsghdr) lvl() int { return 0 }
diff --git a/vendor/golang.org/x/net/internal/socket/cmsghdr_unix.go b/vendor/golang.org/x/net/internal/socket/cmsghdr_unix.go
new file mode 100644
index 0000000000000..aa1b06203cf5b
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/cmsghdr_unix.go
@@ -0,0 +1,22 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package socket
+
+import "golang.org/x/sys/unix"
+
+func controlHeaderLen() int {
+	return unix.CmsgLen(0)
+}
+
+func controlMessageLen(dataLen int) int {
+	return unix.CmsgLen(dataLen)
+}
+
+func controlMessageSpace(dataLen int) int {
+	return unix.CmsgSpace(dataLen)
+}
diff --git a/vendor/golang.org/x/net/internal/socket/cmsghdr_zos_s390x.go b/vendor/golang.org/x/net/internal/socket/cmsghdr_zos_s390x.go
new file mode 100644
index 0000000000000..98be146bc51dc
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/cmsghdr_zos_s390x.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import "syscall"
+
+func (h *cmsghdr) set(l, lvl, typ int) {
+	h.Len = int32(l)
+	h.Level = int32(lvl)
+	h.Type = int32(typ)
+}
+
+func controlHeaderLen() int {
+	return syscall.CmsgLen(0)
+}
+
+func controlMessageLen(dataLen int) int {
+	return syscall.CmsgLen(dataLen)
+}
+
+func controlMessageSpace(dataLen int) int {
+	return syscall.CmsgSpace(dataLen)
+}
diff --git a/vendor/golang.org/x/net/internal/socket/empty.s b/vendor/golang.org/x/net/internal/socket/empty.s
new file mode 100644
index 0000000000000..bff0231c7d57e
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/empty.s
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,go1.12
+
+// This exists solely so we can linkname in symbols from syscall.
diff --git a/vendor/golang.org/x/net/internal/socket/error_unix.go b/vendor/golang.org/x/net/internal/socket/error_unix.go
index 93dff91802827..78f4129047e27 100644
--- a/vendor/golang.org/x/net/internal/socket/error_unix.go
+++ b/vendor/golang.org/x/net/internal/socket/error_unix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/iovec_32bit.go b/vendor/golang.org/x/net/internal/socket/iovec_32bit.go
index 05d6082d14798..1f42d034dcb8e 100644
--- a/vendor/golang.org/x/net/internal/socket/iovec_32bit.go
+++ b/vendor/golang.org/x/net/internal/socket/iovec_32bit.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (arm || mips || mipsle || 386) && (darwin || dragonfly || freebsd || linux || netbsd || openbsd)
 // +build arm mips mipsle 386
 // +build darwin dragonfly freebsd linux netbsd openbsd
 
diff --git a/vendor/golang.org/x/net/internal/socket/iovec_64bit.go b/vendor/golang.org/x/net/internal/socket/iovec_64bit.go
index afb34ad58eba8..3dc5def2bc280 100644
--- a/vendor/golang.org/x/net/internal/socket/iovec_64bit.go
+++ b/vendor/golang.org/x/net/internal/socket/iovec_64bit.go
@@ -2,8 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build arm64 amd64 ppc64 ppc64le mips64 mips64le s390x
-// +build darwin dragonfly freebsd linux netbsd openbsd
+//go:build (arm64 || amd64 || ppc64 || ppc64le || mips64 || mips64le || riscv64 || s390x) && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || zos)
+// +build arm64 amd64 ppc64 ppc64le mips64 mips64le riscv64 s390x
+// +build aix darwin dragonfly freebsd linux netbsd openbsd zos
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/iovec_solaris_64bit.go b/vendor/golang.org/x/net/internal/socket/iovec_solaris_64bit.go
index 8d17a40c40493..f7da2bc4d4bcd 100644
--- a/vendor/golang.org/x/net/internal/socket/iovec_solaris_64bit.go
+++ b/vendor/golang.org/x/net/internal/socket/iovec_solaris_64bit.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64
-// +build solaris
+//go:build amd64 && solaris
+// +build amd64,solaris
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/iovec_stub.go b/vendor/golang.org/x/net/internal/socket/iovec_stub.go
index c87d2a9339d9e..14caf52483eea 100644
--- a/vendor/golang.org/x/net/internal/socket/iovec_stub.go
+++ b/vendor/golang.org/x/net/internal/socket/iovec_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/mmsghdr_stub.go b/vendor/golang.org/x/net/internal/socket/mmsghdr_stub.go
index 2e80a9cb747c8..113e773cd531c 100644
--- a/vendor/golang.org/x/net/internal/socket/mmsghdr_stub.go
+++ b/vendor/golang.org/x/net/internal/socket/mmsghdr_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !linux,!netbsd
+//go:build !aix && !linux && !netbsd
+// +build !aix,!linux,!netbsd
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go b/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go
index 3c42ea7ad85a5..5025a0f75acdd 100644
--- a/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go
+++ b/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build linux netbsd
+//go:build aix || linux || netbsd
+// +build aix linux netbsd
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/msghdr_bsd.go b/vendor/golang.org/x/net/internal/socket/msghdr_bsd.go
index 5567afc88da40..25f6847f99a7c 100644
--- a/vendor/golang.org/x/net/internal/socket/msghdr_bsd.go
+++ b/vendor/golang.org/x/net/internal/socket/msghdr_bsd.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd netbsd openbsd
+//go:build aix || darwin || dragonfly || freebsd || netbsd || openbsd
+// +build aix darwin dragonfly freebsd netbsd openbsd
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/msghdr_bsdvar.go b/vendor/golang.org/x/net/internal/socket/msghdr_bsdvar.go
index b8c87b72b9485..5b8e00f1cd4bf 100644
--- a/vendor/golang.org/x/net/internal/socket/msghdr_bsdvar.go
+++ b/vendor/golang.org/x/net/internal/socket/msghdr_bsdvar.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd netbsd
+//go:build aix || darwin || dragonfly || freebsd || netbsd
+// +build aix darwin dragonfly freebsd netbsd
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/msghdr_linux_32bit.go b/vendor/golang.org/x/net/internal/socket/msghdr_linux_32bit.go
index a7a5987c88306..2e09e26699623 100644
--- a/vendor/golang.org/x/net/internal/socket/msghdr_linux_32bit.go
+++ b/vendor/golang.org/x/net/internal/socket/msghdr_linux_32bit.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (arm || mips || mipsle || 386) && linux
 // +build arm mips mipsle 386
 // +build linux
 
diff --git a/vendor/golang.org/x/net/internal/socket/msghdr_linux_64bit.go b/vendor/golang.org/x/net/internal/socket/msghdr_linux_64bit.go
index 610fc4f3bbaa6..c9c592ddb887b 100644
--- a/vendor/golang.org/x/net/internal/socket/msghdr_linux_64bit.go
+++ b/vendor/golang.org/x/net/internal/socket/msghdr_linux_64bit.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build arm64 amd64 ppc64 ppc64le mips64 mips64le s390x
+//go:build (arm64 || amd64 || ppc64 || ppc64le || mips64 || mips64le || riscv64 || s390x) && linux
+// +build arm64 amd64 ppc64 ppc64le mips64 mips64le riscv64 s390x
 // +build linux
 
 package socket
diff --git a/vendor/golang.org/x/net/internal/socket/msghdr_solaris_64bit.go b/vendor/golang.org/x/net/internal/socket/msghdr_solaris_64bit.go
index 6465b2073243d..3098f5d783def 100644
--- a/vendor/golang.org/x/net/internal/socket/msghdr_solaris_64bit.go
+++ b/vendor/golang.org/x/net/internal/socket/msghdr_solaris_64bit.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64
-// +build solaris
+//go:build amd64 && solaris
+// +build amd64,solaris
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/msghdr_stub.go b/vendor/golang.org/x/net/internal/socket/msghdr_stub.go
index 64e8173352a4a..eb79151f6ae13 100644
--- a/vendor/golang.org/x/net/internal/socket/msghdr_stub.go
+++ b/vendor/golang.org/x/net/internal/socket/msghdr_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/msghdr_zos_s390x.go b/vendor/golang.org/x/net/internal/socket/msghdr_zos_s390x.go
new file mode 100644
index 0000000000000..324e9ee7d1ecf
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/msghdr_zos_s390x.go
@@ -0,0 +1,36 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build s390x && zos
+// +build s390x,zos
+
+package socket
+
+import "unsafe"
+
+func (h *msghdr) pack(vs []iovec, bs [][]byte, oob []byte, sa []byte) {
+	for i := range vs {
+		vs[i].set(bs[i])
+	}
+	if len(vs) > 0 {
+		h.Iov = &vs[0]
+		h.Iovlen = int32(len(vs))
+	}
+	if len(oob) > 0 {
+		h.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		h.Controllen = uint32(len(oob))
+	}
+	if sa != nil {
+		h.Name = (*byte)(unsafe.Pointer(&sa[0]))
+		h.Namelen = uint32(len(sa))
+	}
+}
+
+func (h *msghdr) controllen() int {
+	return int(h.Controllen)
+}
+
+func (h *msghdr) flags() int {
+	return int(h.Flags)
+}
diff --git a/vendor/golang.org/x/net/internal/socket/norace.go b/vendor/golang.org/x/net/internal/socket/norace.go
new file mode 100644
index 0000000000000..de0ad420fc529
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/norace.go
@@ -0,0 +1,13 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !race
+// +build !race
+
+package socket
+
+func (m *Message) raceRead() {
+}
+func (m *Message) raceWrite() {
+}
diff --git a/vendor/golang.org/x/net/internal/socket/race.go b/vendor/golang.org/x/net/internal/socket/race.go
new file mode 100644
index 0000000000000..f0a28a625d081
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/race.go
@@ -0,0 +1,38 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build race
+// +build race
+
+package socket
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+// This package reads and writes the Message buffers using a
+// direct system call, which the race detector can't see.
+// These functions tell the race detector what is going on during the syscall.
+
+func (m *Message) raceRead() {
+	for _, b := range m.Buffers {
+		if len(b) > 0 {
+			runtime.RaceReadRange(unsafe.Pointer(&b[0]), len(b))
+		}
+	}
+	if b := m.OOB; len(b) > 0 {
+		runtime.RaceReadRange(unsafe.Pointer(&b[0]), len(b))
+	}
+}
+func (m *Message) raceWrite() {
+	for _, b := range m.Buffers {
+		if len(b) > 0 {
+			runtime.RaceWriteRange(unsafe.Pointer(&b[0]), len(b))
+		}
+	}
+	if b := m.OOB; len(b) > 0 {
+		runtime.RaceWriteRange(unsafe.Pointer(&b[0]), len(b))
+	}
+}
diff --git a/vendor/golang.org/x/net/internal/socket/rawconn.go b/vendor/golang.org/x/net/internal/socket/rawconn.go
index d6871d55f7268..b07b8900506b3 100644
--- a/vendor/golang.org/x/net/internal/socket/rawconn.go
+++ b/vendor/golang.org/x/net/internal/socket/rawconn.go
@@ -2,8 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.9
-
 package socket
 
 import (
diff --git a/vendor/golang.org/x/net/internal/socket/rawconn_mmsg.go b/vendor/golang.org/x/net/internal/socket/rawconn_mmsg.go
index 499164a3fbf1e..5d90de1183588 100644
--- a/vendor/golang.org/x/net/internal/socket/rawconn_mmsg.go
+++ b/vendor/golang.org/x/net/internal/socket/rawconn_mmsg.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.9
+//go:build linux
 // +build linux
 
 package socket
@@ -14,6 +14,9 @@ import (
 )
 
 func (c *Conn) recvMsgs(ms []Message, flags int) (int, error) {
+	for i := range ms {
+		ms[i].raceWrite()
+	}
 	hs := make(mmsghdrs, len(ms))
 	var parseFn func([]byte, string) (net.Addr, error)
 	if c.network != "tcp" {
@@ -44,6 +47,9 @@ func (c *Conn) recvMsgs(ms []Message, flags int) (int, error) {
 }
 
 func (c *Conn) sendMsgs(ms []Message, flags int) (int, error) {
+	for i := range ms {
+		ms[i].raceRead()
+	}
 	hs := make(mmsghdrs, len(ms))
 	var marshalFn func(net.Addr) []byte
 	if c.network != "tcp" {
diff --git a/vendor/golang.org/x/net/internal/socket/rawconn_msg.go b/vendor/golang.org/x/net/internal/socket/rawconn_msg.go
index b21d2e6418dfd..dfed9a8da3389 100644
--- a/vendor/golang.org/x/net/internal/socket/rawconn_msg.go
+++ b/vendor/golang.org/x/net/internal/socket/rawconn_msg.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.9
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris windows
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || windows || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris windows zos
 
 package socket
 
@@ -13,6 +13,7 @@ import (
 )
 
 func (c *Conn) recvMsg(m *Message, flags int) error {
+	m.raceWrite()
 	var h msghdr
 	vs := make([]iovec, len(m.Buffers))
 	var sa []byte
@@ -24,7 +25,7 @@ func (c *Conn) recvMsg(m *Message, flags int) error {
 	var n int
 	fn := func(s uintptr) bool {
 		n, operr = recvmsg(s, &h, flags)
-		if operr == syscall.EAGAIN {
+		if operr == syscall.EAGAIN || operr == syscall.EWOULDBLOCK {
 			return false
 		}
 		return true
@@ -49,6 +50,7 @@ func (c *Conn) recvMsg(m *Message, flags int) error {
 }
 
 func (c *Conn) sendMsg(m *Message, flags int) error {
+	m.raceRead()
 	var h msghdr
 	vs := make([]iovec, len(m.Buffers))
 	var sa []byte
@@ -60,7 +62,7 @@ func (c *Conn) sendMsg(m *Message, flags int) error {
 	var n int
 	fn := func(s uintptr) bool {
 		n, operr = sendmsg(s, &h, flags)
-		if operr == syscall.EAGAIN {
+		if operr == syscall.EAGAIN || operr == syscall.EWOULDBLOCK {
 			return false
 		}
 		return true
diff --git a/vendor/golang.org/x/net/internal/socket/rawconn_nommsg.go b/vendor/golang.org/x/net/internal/socket/rawconn_nommsg.go
index f78832aa4a760..02f32855660a1 100644
--- a/vendor/golang.org/x/net/internal/socket/rawconn_nommsg.go
+++ b/vendor/golang.org/x/net/internal/socket/rawconn_nommsg.go
@@ -2,17 +2,15 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.9
+//go:build !linux
 // +build !linux
 
 package socket
 
-import "errors"
-
 func (c *Conn) recvMsgs(ms []Message, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func (c *Conn) sendMsgs(ms []Message, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/internal/socket/rawconn_nomsg.go b/vendor/golang.org/x/net/internal/socket/rawconn_nomsg.go
index 96733cbe1b96c..dd785877b66b1 100644
--- a/vendor/golang.org/x/net/internal/socket/rawconn_nomsg.go
+++ b/vendor/golang.org/x/net/internal/socket/rawconn_nomsg.go
@@ -2,17 +2,15 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.9
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package socket
 
-import "errors"
-
 func (c *Conn) recvMsg(m *Message, flags int) error {
-	return errors.New("not implemented")
+	return errNotImplemented
 }
 
 func (c *Conn) sendMsg(m *Message, flags int) error {
-	return errors.New("not implemented")
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/internal/socket/rawconn_stub.go b/vendor/golang.org/x/net/internal/socket/rawconn_stub.go
deleted file mode 100644
index d2add1a0aa978..0000000000000
--- a/vendor/golang.org/x/net/internal/socket/rawconn_stub.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.9
-
-package socket
-
-import "errors"
-
-func (c *Conn) recvMsg(m *Message, flags int) error {
-	return errors.New("not implemented")
-}
-
-func (c *Conn) sendMsg(m *Message, flags int) error {
-	return errors.New("not implemented")
-}
-
-func (c *Conn) recvMsgs(ms []Message, flags int) (int, error) {
-	return 0, errors.New("not implemented")
-}
-
-func (c *Conn) sendMsgs(ms []Message, flags int) (int, error) {
-	return 0, errors.New("not implemented")
-}
diff --git a/vendor/golang.org/x/net/internal/socket/reflect.go b/vendor/golang.org/x/net/internal/socket/reflect.go
deleted file mode 100644
index bb179f11d8c51..0000000000000
--- a/vendor/golang.org/x/net/internal/socket/reflect.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.9
-
-package socket
-
-import (
-	"errors"
-	"net"
-	"os"
-	"reflect"
-	"runtime"
-)
-
-// A Conn represents a raw connection.
-type Conn struct {
-	c net.Conn
-}
-
-// NewConn returns a new raw connection.
-func NewConn(c net.Conn) (*Conn, error) {
-	return &Conn{c: c}, nil
-}
-
-func (o *Option) get(c *Conn, b []byte) (int, error) {
-	s, err := socketOf(c.c)
-	if err != nil {
-		return 0, err
-	}
-	n, err := getsockopt(s, o.Level, o.Name, b)
-	return n, os.NewSyscallError("getsockopt", err)
-}
-
-func (o *Option) set(c *Conn, b []byte) error {
-	s, err := socketOf(c.c)
-	if err != nil {
-		return err
-	}
-	return os.NewSyscallError("setsockopt", setsockopt(s, o.Level, o.Name, b))
-}
-
-func socketOf(c net.Conn) (uintptr, error) {
-	switch c.(type) {
-	case *net.TCPConn, *net.UDPConn, *net.IPConn:
-		v := reflect.ValueOf(c)
-		switch e := v.Elem(); e.Kind() {
-		case reflect.Struct:
-			fd := e.FieldByName("conn").FieldByName("fd")
-			switch e := fd.Elem(); e.Kind() {
-			case reflect.Struct:
-				sysfd := e.FieldByName("sysfd")
-				if runtime.GOOS == "windows" {
-					return uintptr(sysfd.Uint()), nil
-				}
-				return uintptr(sysfd.Int()), nil
-			}
-		}
-	}
-	return 0, errors.New("invalid type")
-}
diff --git a/vendor/golang.org/x/net/internal/socket/socket.go b/vendor/golang.org/x/net/internal/socket/socket.go
index 5f9730e6d97f0..dba47bf12b95d 100644
--- a/vendor/golang.org/x/net/internal/socket/socket.go
+++ b/vendor/golang.org/x/net/internal/socket/socket.go
@@ -9,9 +9,12 @@ package socket // import "golang.org/x/net/internal/socket"
 import (
 	"errors"
 	"net"
+	"runtime"
 	"unsafe"
 )
 
+var errNotImplemented = errors.New("not implemented on " + runtime.GOOS + "/" + runtime.GOARCH)
+
 // An Option represents a sticky socket option.
 type Option struct {
 	Level int // level
@@ -87,17 +90,9 @@ func (o *Option) SetInt(c *Conn, v int) error {
 	return o.set(c, b)
 }
 
-func controlHeaderLen() int {
-	return roundup(sizeofCmsghdr)
-}
-
-func controlMessageLen(dataLen int) int {
-	return roundup(sizeofCmsghdr) + dataLen
-}
-
 // ControlMessageSpace returns the whole length of control message.
 func ControlMessageSpace(dataLen int) int {
-	return roundup(sizeofCmsghdr) + roundup(dataLen)
+	return controlMessageSpace(dataLen)
 }
 
 // A ControlMessage represents the head message in a stream of control
diff --git a/vendor/golang.org/x/net/internal/socket/sys.go b/vendor/golang.org/x/net/internal/socket/sys.go
index 4f0eead138aa7..4a26af186346a 100644
--- a/vendor/golang.org/x/net/internal/socket/sys.go
+++ b/vendor/golang.org/x/net/internal/socket/sys.go
@@ -9,13 +9,8 @@ import (
 	"unsafe"
 )
 
-var (
-	// NativeEndian is the machine native endian implementation of
-	// ByteOrder.
-	NativeEndian binary.ByteOrder
-
-	kernelAlign int
-)
+// NativeEndian is the machine native endian implementation of ByteOrder.
+var NativeEndian binary.ByteOrder
 
 func init() {
 	i := uint32(1)
@@ -25,9 +20,4 @@ func init() {
 	} else {
 		NativeEndian = binary.BigEndian
 	}
-	kernelAlign = probeProtocolStack()
-}
-
-func roundup(l int) int {
-	return (l + kernelAlign - 1) & ^(kernelAlign - 1)
 }
diff --git a/vendor/golang.org/x/net/internal/socket/sys_bsd.go b/vendor/golang.org/x/net/internal/socket/sys_bsd.go
index f13e14ff36878..b6cd77088d59d 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_bsd.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_bsd.go
@@ -2,16 +2,15 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd openbsd
+//go:build aix || darwin || dragonfly || freebsd || openbsd
+// +build aix darwin dragonfly freebsd openbsd
 
 package socket
 
-import "errors"
-
 func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/internal/socket/sys_bsdvar.go b/vendor/golang.org/x/net/internal/socket/sys_bsdvar.go
deleted file mode 100644
index f723fa36aff11..0000000000000
--- a/vendor/golang.org/x/net/internal/socket/sys_bsdvar.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build freebsd netbsd openbsd
-
-package socket
-
-import "unsafe"
-
-func probeProtocolStack() int {
-	var p uintptr
-	return int(unsafe.Sizeof(p))
-}
diff --git a/vendor/golang.org/x/net/internal/socket/sys_const_unix.go b/vendor/golang.org/x/net/internal/socket/sys_const_unix.go
new file mode 100644
index 0000000000000..f077b2f11fea3
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/sys_const_unix.go
@@ -0,0 +1,18 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package socket
+
+import "golang.org/x/sys/unix"
+
+const (
+	sysAF_UNSPEC = unix.AF_UNSPEC
+	sysAF_INET   = unix.AF_INET
+	sysAF_INET6  = unix.AF_INET6
+
+	sysSOCK_RAW = unix.SOCK_RAW
+)
diff --git a/vendor/golang.org/x/net/internal/socket/sys_const_zos.go b/vendor/golang.org/x/net/internal/socket/sys_const_zos.go
new file mode 100644
index 0000000000000..3048629541b5a
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/sys_const_zos.go
@@ -0,0 +1,18 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos
+// +build zos
+
+package socket
+
+import "syscall"
+
+const (
+	sysAF_UNSPEC = syscall.AF_UNSPEC
+	sysAF_INET   = syscall.AF_INET
+	sysAF_INET6  = syscall.AF_INET6
+
+	sysSOCK_RAW = syscall.SOCK_RAW
+)
diff --git a/vendor/golang.org/x/net/internal/socket/sys_darwin.go b/vendor/golang.org/x/net/internal/socket/sys_darwin.go
deleted file mode 100644
index b17d223bff201..0000000000000
--- a/vendor/golang.org/x/net/internal/socket/sys_darwin.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package socket
-
-func probeProtocolStack() int { return 4 }
diff --git a/vendor/golang.org/x/net/internal/socket/sys_dragonfly.go b/vendor/golang.org/x/net/internal/socket/sys_dragonfly.go
deleted file mode 100644
index b17d223bff201..0000000000000
--- a/vendor/golang.org/x/net/internal/socket/sys_dragonfly.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package socket
-
-func probeProtocolStack() int { return 4 }
diff --git a/vendor/golang.org/x/net/internal/socket/sys_linkname.go b/vendor/golang.org/x/net/internal/socket/sys_linkname.go
new file mode 100644
index 0000000000000..21734af4b85da
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/sys_linkname.go
@@ -0,0 +1,43 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || (go1.12 && darwin)
+// +build aix go1.12,darwin
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//go:linkname syscall_getsockopt syscall.getsockopt
+func syscall_getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *uint32) error
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	err := syscall_getsockopt(int(s), level, name, unsafe.Pointer(&b[0]), &l)
+	return int(l), err
+}
+
+//go:linkname syscall_setsockopt syscall.setsockopt
+func syscall_setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) error
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	return syscall_setsockopt(int(s), level, name, unsafe.Pointer(&b[0]), uintptr(len(b)))
+}
+
+//go:linkname syscall_recvmsg syscall.recvmsg
+func syscall_recvmsg(s int, msg *syscall.Msghdr, flags int) (n int, err error)
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	return syscall_recvmsg(int(s), (*syscall.Msghdr)(unsafe.Pointer(h)), flags)
+}
+
+//go:linkname syscall_sendmsg syscall.sendmsg
+func syscall_sendmsg(s int, msg *syscall.Msghdr, flags int) (n int, err error)
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	return syscall_sendmsg(int(s), (*syscall.Msghdr)(unsafe.Pointer(h)), flags)
+}
diff --git a/vendor/golang.org/x/net/internal/socket/sys_linux.go b/vendor/golang.org/x/net/internal/socket/sys_linux.go
index 1559521e03820..76f5b8ae5d5de 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_linux.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_linux.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && !s390x && !386
 // +build linux,!s390x,!386
 
 package socket
@@ -11,11 +12,6 @@ import (
 	"unsafe"
 )
 
-func probeProtocolStack() int {
-	var p uintptr
-	return int(unsafe.Sizeof(p))
-}
-
 func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
 	n, _, errno := syscall.Syscall6(sysRECVMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
 	return int(n), errnoErr(errno)
diff --git a/vendor/golang.org/x/net/internal/socket/sys_linux_386.go b/vendor/golang.org/x/net/internal/socket/sys_linux_386.go
index 235b2cc08a607..651215321bc8e 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_linux_386.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_linux_386.go
@@ -9,8 +9,6 @@ import (
 	"unsafe"
 )
 
-func probeProtocolStack() int { return 4 }
-
 const (
 	sysSETSOCKOPT = 0xe
 	sysGETSOCKOPT = 0xf
diff --git a/vendor/golang.org/x/net/internal/socket/sys_linux_riscv64.go b/vendor/golang.org/x/net/internal/socket/sys_linux_riscv64.go
new file mode 100644
index 0000000000000..5b128fbb2a2c6
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/sys_linux_riscv64.go
@@ -0,0 +1,13 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build riscv64
+// +build riscv64
+
+package socket
+
+const (
+	sysRECVMMSG = 0xf3
+	sysSENDMMSG = 0x10d
+)
diff --git a/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.go b/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.go
index 327979efbb49b..651215321bc8e 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.go
@@ -9,8 +9,6 @@ import (
 	"unsafe"
 )
 
-func probeProtocolStack() int { return 8 }
-
 const (
 	sysSETSOCKOPT = 0xe
 	sysGETSOCKOPT = 0xf
diff --git a/vendor/golang.org/x/net/internal/socket/sys_posix.go b/vendor/golang.org/x/net/internal/socket/sys_posix.go
index dc130c27eb3d2..25ded21763ad4 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_posix.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_posix.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.9
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris windows
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || windows || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris windows zos
 
 package socket
 
@@ -34,7 +34,7 @@ func marshalSockaddr(ip net.IP, port int, zone string) []byte {
 	if ip4 := ip.To4(); ip4 != nil {
 		b := make([]byte, sizeofSockaddrInet)
 		switch runtime.GOOS {
-		case "android", "linux", "solaris", "windows":
+		case "android", "illumos", "linux", "solaris", "windows":
 			NativeEndian.PutUint16(b[:2], uint16(sysAF_INET))
 		default:
 			b[0] = sizeofSockaddrInet
@@ -47,7 +47,7 @@ func marshalSockaddr(ip net.IP, port int, zone string) []byte {
 	if ip6 := ip.To16(); ip6 != nil && ip.To4() == nil {
 		b := make([]byte, sizeofSockaddrInet6)
 		switch runtime.GOOS {
-		case "android", "linux", "solaris", "windows":
+		case "android", "illumos", "linux", "solaris", "windows":
 			NativeEndian.PutUint16(b[:2], uint16(sysAF_INET6))
 		default:
 			b[0] = sizeofSockaddrInet6
@@ -69,7 +69,7 @@ func parseInetAddr(b []byte, network string) (net.Addr, error) {
 	}
 	var af int
 	switch runtime.GOOS {
-	case "android", "linux", "solaris", "windows":
+	case "android", "illumos", "linux", "solaris", "windows":
 		af = int(NativeEndian.Uint16(b[:2]))
 	default:
 		af = int(b[1])
@@ -121,18 +121,21 @@ var zoneCache = ipv6ZoneCache{
 	toName:  make(map[int]string),
 }
 
-func (zc *ipv6ZoneCache) update(ift []net.Interface) {
+// update refreshes the network interface information if the cache was last
+// updated more than 1 minute ago, or if force is set. It returns whether the
+// cache was updated.
+func (zc *ipv6ZoneCache) update(ift []net.Interface, force bool) (updated bool) {
 	zc.Lock()
 	defer zc.Unlock()
 	now := time.Now()
-	if zc.lastFetched.After(now.Add(-60 * time.Second)) {
-		return
+	if !force && zc.lastFetched.After(now.Add(-60*time.Second)) {
+		return false
 	}
 	zc.lastFetched = now
 	if len(ift) == 0 {
 		var err error
 		if ift, err = net.Interfaces(); err != nil {
-			return
+			return false
 		}
 	}
 	zc.toIndex = make(map[string]int, len(ift))
@@ -143,25 +146,38 @@ func (zc *ipv6ZoneCache) update(ift []net.Interface) {
 			zc.toName[ifi.Index] = ifi.Name
 		}
 	}
+	return true
 }
 
 func (zc *ipv6ZoneCache) name(zone int) string {
-	zoneCache.update(nil)
+	updated := zoneCache.update(nil, false)
 	zoneCache.RLock()
-	defer zoneCache.RUnlock()
 	name, ok := zoneCache.toName[zone]
-	if !ok {
+	zoneCache.RUnlock()
+	if !ok && !updated {
+		zoneCache.update(nil, true)
+		zoneCache.RLock()
+		name, ok = zoneCache.toName[zone]
+		zoneCache.RUnlock()
+	}
+	if !ok { // last resort
 		name = strconv.Itoa(zone)
 	}
 	return name
 }
 
 func (zc *ipv6ZoneCache) index(zone string) int {
-	zoneCache.update(nil)
+	updated := zoneCache.update(nil, false)
 	zoneCache.RLock()
-	defer zoneCache.RUnlock()
 	index, ok := zoneCache.toIndex[zone]
-	if !ok {
+	zoneCache.RUnlock()
+	if !ok && !updated {
+		zoneCache.update(nil, true)
+		zoneCache.RLock()
+		index, ok = zoneCache.toIndex[zone]
+		zoneCache.RUnlock()
+	}
+	if !ok { // last resort
 		index, _ = strconv.Atoi(zone)
 	}
 	return index
diff --git a/vendor/golang.org/x/net/internal/socket/sys_solaris.go b/vendor/golang.org/x/net/internal/socket/sys_solaris.go
index cced74e60d588..e79ca95183abd 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_solaris.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_solaris.go
@@ -5,22 +5,10 @@
 package socket
 
 import (
-	"errors"
-	"runtime"
 	"syscall"
 	"unsafe"
 )
 
-func probeProtocolStack() int {
-	switch runtime.GOARCH {
-	case "amd64":
-		return 4
-	default:
-		var p uintptr
-		return int(unsafe.Sizeof(p))
-	}
-}
-
 //go:cgo_import_dynamic libc___xnet_getsockopt __xnet_getsockopt "libsocket.so"
 //go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so"
 //go:cgo_import_dynamic libc___xnet_recvmsg __xnet_recvmsg "libsocket.so"
@@ -63,9 +51,9 @@ func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
 }
 
 func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/internal/socket/sys_stub.go b/vendor/golang.org/x/net/internal/socket/sys_stub.go
index d9f06d00e9b8d..dc7bb389b3c31 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_stub.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_stub.go
@@ -2,16 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package socket
 
-import (
-	"errors"
-	"net"
-	"runtime"
-	"unsafe"
-)
+import "net"
 
 const (
 	sysAF_UNSPEC = 0x0
@@ -21,44 +17,34 @@ const (
 	sysSOCK_RAW = 0x3
 )
 
-func probeProtocolStack() int {
-	switch runtime.GOARCH {
-	case "amd64p32", "mips64p32":
-		return 4
-	default:
-		var p uintptr
-		return int(unsafe.Sizeof(p))
-	}
-}
-
 func marshalInetAddr(ip net.IP, port int, zone string) []byte {
 	return nil
 }
 
 func parseInetAddr(b []byte, network string) (net.Addr, error) {
-	return nil, errors.New("not implemented")
+	return nil, errNotImplemented
 }
 
 func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func setsockopt(s uintptr, level, name int, b []byte) error {
-	return errors.New("not implemented")
+	return errNotImplemented
 }
 
 func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/internal/socket/sys_unix.go b/vendor/golang.org/x/net/internal/socket/sys_unix.go
index 18eba30853f5b..c98ebae548c4c 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_unix.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_unix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux,!s390x,!386 netbsd openbsd
+//go:build dragonfly || freebsd || (linux && !s390x && !386) || netbsd || openbsd
+// +build dragonfly freebsd linux,!s390x,!386 netbsd openbsd
 
 package socket
 
diff --git a/vendor/golang.org/x/net/internal/socket/sys_windows.go b/vendor/golang.org/x/net/internal/socket/sys_windows.go
index 54a470ebe3435..d556a44615707 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_windows.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_windows.go
@@ -5,9 +5,10 @@
 package socket
 
 import (
-	"errors"
 	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/windows"
 )
 
 func probeProtocolStack() int {
@@ -16,11 +17,11 @@ func probeProtocolStack() int {
 }
 
 const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x17
+	sysAF_UNSPEC = windows.AF_UNSPEC
+	sysAF_INET   = windows.AF_INET
+	sysAF_INET6  = windows.AF_INET6
 
-	sysSOCK_RAW = 0x3
+	sysSOCK_RAW = windows.SOCK_RAW
 )
 
 type sockaddrInet struct {
@@ -54,17 +55,17 @@ func setsockopt(s uintptr, level, name int, b []byte) error {
 }
 
 func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
 
 func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
-	return 0, errors.New("not implemented")
+	return 0, errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.go b/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.go
new file mode 100644
index 0000000000000..1e38b9223281f
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.go
@@ -0,0 +1,38 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func syscall_syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno)
+func syscall_syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func probeProtocolStack() int {
+	return 4 // sizeof(int) on GOOS=zos GOARCH=s390x
+}
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	_, _, errno := syscall_syscall6(syscall.SYS_GETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(unsafe.Pointer(&l)), 0)
+	return int(l), errnoErr(errno)
+}
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	_, _, errno := syscall_syscall6(syscall.SYS_SETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)), 0)
+	return errnoErr(errno)
+}
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, _, errno := syscall_syscall(syscall.SYS___RECVMSG_A, s, uintptr(unsafe.Pointer(h)), uintptr(flags))
+	return int(n), errnoErr(errno)
+}
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, _, errno := syscall_syscall(syscall.SYS___SENDMSG_A, s, uintptr(unsafe.Pointer(h)), uintptr(flags))
+	return int(n), errnoErr(errno)
+}
diff --git a/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.s b/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.s
new file mode 100644
index 0000000000000..60d5839c25b65
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.s
@@ -0,0 +1,11 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT ·syscall_syscall(SB),NOSPLIT,$0
+        JMP     syscall·_syscall(SB)
+
+TEXT ·syscall_syscall6(SB),NOSPLIT,$0
+        JMP     syscall·_syscall6(SB)
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go b/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go
new file mode 100644
index 0000000000000..79f3bdd5b9d2a
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go
@@ -0,0 +1,60 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_aix.go
+
+// Added for go1.11 compatibility
+//go:build aix
+// +build aix
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
index 26f8feff3a198..150f980f527b2 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_darwin.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1e
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -50,9 +42,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
index e2987f7db8201..a686c952855ba 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_darwin.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1e
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -52,9 +44,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x30
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
index 26f8feff3a198..150f980f527b2 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_darwin.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1e
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -50,9 +42,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
index e2987f7db8201..a686c952855ba 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_darwin.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1e
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -52,9 +44,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x30
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
index c582abd57df8d..d45c197e26df3 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_dragonfly.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1c
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -52,9 +44,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x30
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
index 04a24886c7a22..ffec860ea8279 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1c
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -50,9 +42,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
index 35c7cb9c953da..aa701ab67677d 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1c
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -52,9 +44,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x30
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
index 04a24886c7a22..ffec860ea8279 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1c
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -50,9 +42,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go
new file mode 100644
index 0000000000000..aa701ab67677d
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
index 430206930b800..0c847bee7a46f 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -53,10 +45,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofMmsghdr = 0x20
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
index 1502f6c5529bc..15e2aecaabaec 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -56,10 +48,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x38
-	sizeofMmsghdr = 0x40
-	sizeofCmsghdr = 0x10
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
index 430206930b800..0c847bee7a46f 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -53,10 +45,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofMmsghdr = 0x20
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
index 1502f6c5529bc..15e2aecaabaec 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -56,10 +48,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x38
-	sizeofMmsghdr = 0x40
-	sizeofCmsghdr = 0x10
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
index 430206930b800..0c847bee7a46f 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -53,10 +45,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofMmsghdr = 0x20
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
index 1502f6c5529bc..15e2aecaabaec 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -56,10 +48,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x38
-	sizeofMmsghdr = 0x40
-	sizeofCmsghdr = 0x10
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
index 1502f6c5529bc..15e2aecaabaec 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -56,10 +48,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x38
-	sizeofMmsghdr = 0x40
-	sizeofCmsghdr = 0x10
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
index 430206930b800..0c847bee7a46f 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -53,10 +45,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofMmsghdr = 0x20
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
index 1502f6c5529bc..15e2aecaabaec 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -56,10 +48,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x38
-	sizeofMmsghdr = 0x40
-	sizeofCmsghdr = 0x10
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
index 1502f6c5529bc..15e2aecaabaec 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -56,10 +48,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x38
-	sizeofMmsghdr = 0x40
-	sizeofCmsghdr = 0x10
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go
new file mode 100644
index 0000000000000..12ec2e42b8808
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go
@@ -0,0 +1,58 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+//go:build riscv64
+// +build riscv64
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_0  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
index 1502f6c5529bc..15e2aecaabaec 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0xa
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -56,10 +48,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x38
-	sizeofMmsghdr = 0x40
-	sizeofCmsghdr = 0x10
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
index db60491fe37b8..6b72d24dd93ff 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_netbsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x18
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -55,10 +47,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofMmsghdr = 0x20
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
index 2a1a79985a02d..9aaa4ab1caf72 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_netbsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x18
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -58,10 +50,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x30
-	sizeofMmsghdr = 0x40
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
index db60491fe37b8..6b72d24dd93ff 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_netbsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x18
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -55,10 +47,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofMmsghdr = 0x20
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go
new file mode 100644
index 0000000000000..9aaa4ab1caf72
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go
@@ -0,0 +1,58 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_netbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
index 1c836361e8202..3ec8d42fee8e5 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_openbsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x18
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -50,9 +42,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
index a6c0bf464a18c..ea0ee008d7d4b 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_openbsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x18
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint64
@@ -52,9 +44,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x30
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
index 1c836361e8202..3ec8d42fee8e5 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_openbsd.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x18
-
-	sysSOCK_RAW = 0x3
-)
-
 type iovec struct {
 	Base *byte
 	Len  uint32
@@ -50,9 +42,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x8
-	sizeofMsghdr  = 0x1c
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x1c
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go
new file mode 100644
index 0000000000000..ea0ee008d7d4b
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_openbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_mips64.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_mips64.go
new file mode 100644
index 0000000000000..0112832400bdd
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_mips64.go
@@ -0,0 +1,50 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_openbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
index 327c63290cddb..48b2b591f67de 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
@@ -1,16 +1,8 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_solaris.go
 
 package socket
 
-const (
-	sysAF_UNSPEC = 0x0
-	sysAF_INET   = 0x2
-	sysAF_INET6  = 0x1a
-
-	sysSOCK_RAW = 0x4
-)
-
 type iovec struct {
 	Base *int8
 	Len  uint64
@@ -51,9 +43,8 @@ type sockaddrInet6 struct {
 }
 
 const (
-	sizeofIovec   = 0x10
-	sizeofMsghdr  = 0x30
-	sizeofCmsghdr = 0xc
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
 
 	sizeofSockaddrInet  = 0x10
 	sizeofSockaddrInet6 = 0x20
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go b/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go
new file mode 100644
index 0000000000000..514ca3754d4c6
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go
@@ -0,0 +1,32 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Iov        *iovec
+	Control    *byte
+	Flags      int32
+	Namelen    uint32
+	Iovlen     int32
+	Controllen uint32
+}
+
+type cmsghdr struct {
+	Len   int32
+	Level int32
+	Type  int32
+}
+
+const (
+	sizeofCmsghdr       = 12
+	sizeofSockaddrInet  = 16
+	sizeofSockaddrInet6 = 28
+)
diff --git a/vendor/golang.org/x/net/internal/socks/socks.go b/vendor/golang.org/x/net/internal/socks/socks.go
index d93e699b467bc..97db2340ec970 100644
--- a/vendor/golang.org/x/net/internal/socks/socks.go
+++ b/vendor/golang.org/x/net/internal/socks/socks.go
@@ -127,7 +127,7 @@ type Dialer struct {
 	// establishing the transport connection.
 	ProxyDial func(context.Context, string, string) (net.Conn, error)
 
-	// AuthMethods specifies the list of request authention
+	// AuthMethods specifies the list of request authentication
 	// methods.
 	// If empty, SOCKS client requests only AuthMethodNotRequired.
 	AuthMethods []AuthMethod
@@ -224,6 +224,7 @@ func (d *Dialer) Dial(network, address string) (net.Conn, error) {
 		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
 	}
 	if _, err := d.DialWithConn(context.Background(), c, network, address); err != nil {
+		c.Close()
 		return nil, err
 	}
 	return c, nil
diff --git a/vendor/golang.org/x/net/internal/timeseries/timeseries.go b/vendor/golang.org/x/net/internal/timeseries/timeseries.go
index 685f0e7ea236b..dc5225b6d474e 100644
--- a/vendor/golang.org/x/net/internal/timeseries/timeseries.go
+++ b/vendor/golang.org/x/net/internal/timeseries/timeseries.go
@@ -403,9 +403,9 @@ func (ts *timeSeries) extract(l *tsLevel, start, finish time.Time, num int, resu
 
 	// Where should scanning start?
 	if dstStart.After(srcStart) {
-		advance := dstStart.Sub(srcStart) / srcInterval
-		srcIndex += int(advance)
-		srcStart = srcStart.Add(advance * srcInterval)
+		advance := int(dstStart.Sub(srcStart) / srcInterval)
+		srcIndex += advance
+		srcStart = srcStart.Add(time.Duration(advance) * srcInterval)
 	}
 
 	// The i'th value is computed as show below.
diff --git a/vendor/golang.org/x/net/ipv4/batch.go b/vendor/golang.org/x/net/ipv4/batch.go
index 5ce9b3583cc26..1a3a4fc0c1095 100644
--- a/vendor/golang.org/x/net/ipv4/batch.go
+++ b/vendor/golang.org/x/net/ipv4/batch.go
@@ -2,8 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.9
-
 package ipv4
 
 import (
@@ -91,6 +89,9 @@ func (c *payloadHandler) ReadBatch(ms []Message, flags int) (int, error) {
 			n = 0
 			err = &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
 		}
+		if compatFreeBSD32 && ms[0].NN > 0 {
+			adjustFreeBSD32(&ms[0])
+		}
 		return n, err
 	}
 }
@@ -154,6 +155,9 @@ func (c *packetHandler) ReadBatch(ms []Message, flags int) (int, error) {
 			n = 0
 			err = &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
 		}
+		if compatFreeBSD32 && ms[0].NN > 0 {
+			adjustFreeBSD32(&ms[0])
+		}
 		return n, err
 	}
 }
diff --git a/vendor/golang.org/x/net/ipv4/control_bsd.go b/vendor/golang.org/x/net/ipv4/control_bsd.go
index 77e7ad5bed76b..6fef740f2ff68 100644
--- a/vendor/golang.org/x/net/ipv4/control_bsd.go
+++ b/vendor/golang.org/x/net/ipv4/control_bsd.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd netbsd openbsd
+//go:build aix || darwin || dragonfly || freebsd || netbsd || openbsd
+// +build aix darwin dragonfly freebsd netbsd openbsd
 
 package ipv4
 
@@ -35,6 +36,7 @@ func marshalInterface(b []byte, cm *ControlMessage) []byte {
 }
 
 func parseInterface(cm *ControlMessage, b []byte) {
-	sadl := (*syscall.SockaddrDatalink)(unsafe.Pointer(&b[0]))
+	var sadl syscall.SockaddrDatalink
+	copy((*[unsafe.Sizeof(sadl)]byte)(unsafe.Pointer(&sadl))[:], b)
 	cm.IfIndex = int(sadl.Index)
 }
diff --git a/vendor/golang.org/x/net/ipv4/control_pktinfo.go b/vendor/golang.org/x/net/ipv4/control_pktinfo.go
index 425338f35bf1b..b0a8dbe4e25e5 100644
--- a/vendor/golang.org/x/net/ipv4/control_pktinfo.go
+++ b/vendor/golang.org/x/net/ipv4/control_pktinfo.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build darwin || linux || solaris
 // +build darwin linux solaris
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/control_stub.go b/vendor/golang.org/x/net/ipv4/control_stub.go
index 5a2f7d8d3c9b7..f27322c3ed47b 100644
--- a/vendor/golang.org/x/net/ipv4/control_stub.go
+++ b/vendor/golang.org/x/net/ipv4/control_stub.go
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package ipv4
 
 import "golang.org/x/net/internal/socket"
 
 func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv4/control_unix.go b/vendor/golang.org/x/net/ipv4/control_unix.go
index e1ae8167b3a4b..edce30f12611f 100644
--- a/vendor/golang.org/x/net/ipv4/control_unix.go
+++ b/vendor/golang.org/x/net/ipv4/control_unix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package ipv4
 
diff --git a/vendor/golang.org/x/net/ipv4/control_windows.go b/vendor/golang.org/x/net/ipv4/control_windows.go
index ce55c66447d07..82c6306421b9d 100644
--- a/vendor/golang.org/x/net/ipv4/control_windows.go
+++ b/vendor/golang.org/x/net/ipv4/control_windows.go
@@ -4,13 +4,9 @@
 
 package ipv4
 
-import (
-	"syscall"
-
-	"golang.org/x/net/internal/socket"
-)
+import "golang.org/x/net/internal/socket"
 
 func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
 	// TODO(mikio): implement this
-	return syscall.EWINDOWS
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv4/control_zos.go b/vendor/golang.org/x/net/ipv4/control_zos.go
new file mode 100644
index 0000000000000..04420003e0261
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv4/control_zos.go
@@ -0,0 +1,86 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+func marshalPacketInfo(b []byte, cm *ControlMessage) []byte {
+	m := socket.ControlMessage(b)
+	m.MarshalHeader(iana.ProtocolIP, sysIP_PKTINFO, sizeofInetPktinfo)
+	if cm != nil {
+		pi := (*inetPktinfo)(unsafe.Pointer(&m.Data(sizeofInetPktinfo)[0]))
+		if ip := cm.Src.To4(); ip != nil {
+			copy(pi.Addr[:], ip)
+		}
+		if cm.IfIndex > 0 {
+			pi.setIfindex(cm.IfIndex)
+		}
+	}
+	return m.Next(sizeofInetPktinfo)
+}
+
+func parsePacketInfo(cm *ControlMessage, b []byte) {
+	pi := (*inetPktinfo)(unsafe.Pointer(&b[0]))
+	cm.IfIndex = int(pi.Ifindex)
+	if len(cm.Dst) < net.IPv4len {
+		cm.Dst = make(net.IP, net.IPv4len)
+	}
+	copy(cm.Dst, pi.Addr[:])
+}
+
+func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
+	opt.Lock()
+	defer opt.Unlock()
+	if so, ok := sockOpts[ssoReceiveTTL]; ok && cf&FlagTTL != 0 {
+		if err := so.SetInt(c, boolint(on)); err != nil {
+			return err
+		}
+		if on {
+			opt.set(FlagTTL)
+		} else {
+			opt.clear(FlagTTL)
+		}
+	}
+	if so, ok := sockOpts[ssoPacketInfo]; ok {
+		if cf&(FlagSrc|FlagDst|FlagInterface) != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(cf & (FlagSrc | FlagDst | FlagInterface))
+			} else {
+				opt.clear(cf & (FlagSrc | FlagDst | FlagInterface))
+			}
+		}
+	} else {
+		if so, ok := sockOpts[ssoReceiveDst]; ok && cf&FlagDst != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(FlagDst)
+			} else {
+				opt.clear(FlagDst)
+			}
+		}
+		if so, ok := sockOpts[ssoReceiveInterface]; ok && cf&FlagInterface != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(FlagInterface)
+			} else {
+				opt.clear(FlagInterface)
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/golang.org/x/net/ipv4/dgramopt.go b/vendor/golang.org/x/net/ipv4/dgramopt.go
index 36764492d9de9..c191c22aba4ae 100644
--- a/vendor/golang.org/x/net/ipv4/dgramopt.go
+++ b/vendor/golang.org/x/net/ipv4/dgramopt.go
@@ -18,7 +18,7 @@ func (c *dgramOpt) MulticastTTL() (int, error) {
 	}
 	so, ok := sockOpts[ssoMulticastTTL]
 	if !ok {
-		return 0, errOpNoSupport
+		return 0, errNotImplemented
 	}
 	return so.GetInt(c.Conn)
 }
@@ -31,7 +31,7 @@ func (c *dgramOpt) SetMulticastTTL(ttl int) error {
 	}
 	so, ok := sockOpts[ssoMulticastTTL]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.SetInt(c.Conn, ttl)
 }
@@ -44,7 +44,7 @@ func (c *dgramOpt) MulticastInterface() (*net.Interface, error) {
 	}
 	so, ok := sockOpts[ssoMulticastInterface]
 	if !ok {
-		return nil, errOpNoSupport
+		return nil, errNotImplemented
 	}
 	return so.getMulticastInterface(c.Conn)
 }
@@ -57,7 +57,7 @@ func (c *dgramOpt) SetMulticastInterface(ifi *net.Interface) error {
 	}
 	so, ok := sockOpts[ssoMulticastInterface]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.setMulticastInterface(c.Conn, ifi)
 }
@@ -70,7 +70,7 @@ func (c *dgramOpt) MulticastLoopback() (bool, error) {
 	}
 	so, ok := sockOpts[ssoMulticastLoopback]
 	if !ok {
-		return false, errOpNoSupport
+		return false, errNotImplemented
 	}
 	on, err := so.GetInt(c.Conn)
 	if err != nil {
@@ -87,7 +87,7 @@ func (c *dgramOpt) SetMulticastLoopback(on bool) error {
 	}
 	so, ok := sockOpts[ssoMulticastLoopback]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.SetInt(c.Conn, boolint(on))
 }
@@ -107,7 +107,7 @@ func (c *dgramOpt) JoinGroup(ifi *net.Interface, group net.Addr) error {
 	}
 	so, ok := sockOpts[ssoJoinGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP4(group)
 	if grp == nil {
@@ -125,7 +125,7 @@ func (c *dgramOpt) LeaveGroup(ifi *net.Interface, group net.Addr) error {
 	}
 	so, ok := sockOpts[ssoLeaveGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP4(group)
 	if grp == nil {
@@ -146,7 +146,7 @@ func (c *dgramOpt) JoinSourceSpecificGroup(ifi *net.Interface, group, source net
 	}
 	so, ok := sockOpts[ssoJoinSourceGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP4(group)
 	if grp == nil {
@@ -167,7 +167,7 @@ func (c *dgramOpt) LeaveSourceSpecificGroup(ifi *net.Interface, group, source ne
 	}
 	so, ok := sockOpts[ssoLeaveSourceGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP4(group)
 	if grp == nil {
@@ -189,7 +189,7 @@ func (c *dgramOpt) ExcludeSourceSpecificGroup(ifi *net.Interface, group, source
 	}
 	so, ok := sockOpts[ssoBlockSourceGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP4(group)
 	if grp == nil {
@@ -210,7 +210,7 @@ func (c *dgramOpt) IncludeSourceSpecificGroup(ifi *net.Interface, group, source
 	}
 	so, ok := sockOpts[ssoUnblockSourceGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP4(group)
 	if grp == nil {
@@ -231,7 +231,7 @@ func (c *dgramOpt) ICMPFilter() (*ICMPFilter, error) {
 	}
 	so, ok := sockOpts[ssoICMPFilter]
 	if !ok {
-		return nil, errOpNoSupport
+		return nil, errNotImplemented
 	}
 	return so.getICMPFilter(c.Conn)
 }
@@ -244,7 +244,7 @@ func (c *dgramOpt) SetICMPFilter(f *ICMPFilter) error {
 	}
 	so, ok := sockOpts[ssoICMPFilter]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.setICMPFilter(c.Conn, f)
 }
@@ -258,7 +258,7 @@ func (c *dgramOpt) SetBPF(filter []bpf.RawInstruction) error {
 	}
 	so, ok := sockOpts[ssoAttachFilter]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.setBPF(c.Conn, filter)
 }
diff --git a/vendor/golang.org/x/net/ipv4/doc.go b/vendor/golang.org/x/net/ipv4/doc.go
index d12455548f574..2458349799382 100644
--- a/vendor/golang.org/x/net/ipv4/doc.go
+++ b/vendor/golang.org/x/net/ipv4/doc.go
@@ -55,7 +55,7 @@
 // Multicasting
 //
 // The options for multicasting are available for net.UDPConn and
-// net.IPconn which are created as network connections that use the
+// net.IPConn which are created as network connections that use the
 // IPv4 transport. A few network facilities must be prepared before
 // you begin multicasting, at a minimum joining network interfaces and
 // multicast groups.
@@ -209,7 +209,7 @@
 // LeaveSourceSpecificGroup for the operation known as "include" mode,
 //
 //	ssmgroup := net.UDPAddr{IP: net.IPv4(232, 7, 8, 9)}
-//	ssmsource := net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)})
+//	ssmsource := net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
 //	if err := p.JoinSourceSpecificGroup(en0, &ssmgroup, &ssmsource); err != nil {
 //		// error handling
 //	}
diff --git a/vendor/golang.org/x/net/ipv4/endpoint.go b/vendor/golang.org/x/net/ipv4/endpoint.go
index 5009463787ef2..4a6d7a85ee67b 100644
--- a/vendor/golang.org/x/net/ipv4/endpoint.go
+++ b/vendor/golang.org/x/net/ipv4/endpoint.go
@@ -177,7 +177,7 @@ func NewRawConn(c net.PacketConn) (*RawConn, error) {
 	}
 	so, ok := sockOpts[ssoHeaderPrepend]
 	if !ok {
-		return nil, errOpNoSupport
+		return nil, errNotImplemented
 	}
 	if err := so.SetInt(r.dgramOpt.Conn, boolint(true)); err != nil {
 		return nil, err
diff --git a/vendor/golang.org/x/net/ipv4/genericopt.go b/vendor/golang.org/x/net/ipv4/genericopt.go
index 587ae4a1944dc..51c12371eb467 100644
--- a/vendor/golang.org/x/net/ipv4/genericopt.go
+++ b/vendor/golang.org/x/net/ipv4/genericopt.go
@@ -11,7 +11,7 @@ func (c *genericOpt) TOS() (int, error) {
 	}
 	so, ok := sockOpts[ssoTOS]
 	if !ok {
-		return 0, errOpNoSupport
+		return 0, errNotImplemented
 	}
 	return so.GetInt(c.Conn)
 }
@@ -24,7 +24,7 @@ func (c *genericOpt) SetTOS(tos int) error {
 	}
 	so, ok := sockOpts[ssoTOS]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.SetInt(c.Conn, tos)
 }
@@ -36,7 +36,7 @@ func (c *genericOpt) TTL() (int, error) {
 	}
 	so, ok := sockOpts[ssoTTL]
 	if !ok {
-		return 0, errOpNoSupport
+		return 0, errNotImplemented
 	}
 	return so.GetInt(c.Conn)
 }
@@ -49,7 +49,7 @@ func (c *genericOpt) SetTTL(ttl int) error {
 	}
 	so, ok := sockOpts[ssoTTL]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.SetInt(c.Conn, ttl)
 }
diff --git a/vendor/golang.org/x/net/ipv4/header.go b/vendor/golang.org/x/net/ipv4/header.go
index 358afe2f117f5..a00a3eaff9150 100644
--- a/vendor/golang.org/x/net/ipv4/header.go
+++ b/vendor/golang.org/x/net/ipv4/header.go
@@ -14,9 +14,8 @@ import (
 )
 
 const (
-	Version      = 4  // protocol version
-	HeaderLen    = 20 // header length without extension headers
-	maxHeaderLen = 60 // sensible default, revisit if later RFCs define new usage of version and header length fields
+	Version   = 4  // protocol version
+	HeaderLen = 20 // header length without extension headers
 )
 
 type HeaderFlags int
@@ -51,9 +50,13 @@ func (h *Header) String() string {
 }
 
 // Marshal returns the binary encoding of h.
+//
+// The returned slice is in the format used by a raw IP socket on the
+// local system.
+// This may differ from the wire format, depending on the system.
 func (h *Header) Marshal() ([]byte, error) {
 	if h == nil {
-		return nil, errInvalidConn
+		return nil, errNilHeader
 	}
 	if h.Len < HeaderLen {
 		return nil, errHeaderTooShort
@@ -64,7 +67,7 @@ func (h *Header) Marshal() ([]byte, error) {
 	b[1] = byte(h.TOS)
 	flagsAndFragOff := (h.FragOff & 0x1fff) | int(h.Flags<<13)
 	switch runtime.GOOS {
-	case "darwin", "dragonfly", "netbsd":
+	case "darwin", "ios", "dragonfly", "netbsd":
 		socket.NativeEndian.PutUint16(b[2:4], uint16(h.TotalLen))
 		socket.NativeEndian.PutUint16(b[6:8], uint16(flagsAndFragOff))
 	case "freebsd":
@@ -98,13 +101,20 @@ func (h *Header) Marshal() ([]byte, error) {
 }
 
 // Parse parses b as an IPv4 header and stores the result in h.
+//
+// The provided b must be in the format used by a raw IP socket on the
+// local system.
+// This may differ from the wire format, depending on the system.
 func (h *Header) Parse(b []byte) error {
-	if h == nil || len(b) < HeaderLen {
+	if h == nil || b == nil {
+		return errNilHeader
+	}
+	if len(b) < HeaderLen {
 		return errHeaderTooShort
 	}
 	hdrlen := int(b[0]&0x0f) << 2
-	if hdrlen > len(b) {
-		return errBufferTooShort
+	if len(b) < hdrlen {
+		return errExtHeaderTooShort
 	}
 	h.Version = int(b[0] >> 4)
 	h.Len = hdrlen
@@ -116,7 +126,7 @@ func (h *Header) Parse(b []byte) error {
 	h.Src = net.IPv4(b[12], b[13], b[14], b[15])
 	h.Dst = net.IPv4(b[16], b[17], b[18], b[19])
 	switch runtime.GOOS {
-	case "darwin", "dragonfly", "netbsd":
+	case "darwin", "ios", "dragonfly", "netbsd":
 		h.TotalLen = int(socket.NativeEndian.Uint16(b[2:4])) + hdrlen
 		h.FragOff = int(socket.NativeEndian.Uint16(b[6:8]))
 	case "freebsd":
@@ -149,6 +159,10 @@ func (h *Header) Parse(b []byte) error {
 }
 
 // ParseHeader parses b as an IPv4 header.
+//
+// The provided b must be in the format used by a raw IP socket on the
+// local system.
+// This may differ from the wire format, depending on the system.
 func ParseHeader(b []byte) (*Header, error) {
 	h := new(Header)
 	if err := h.Parse(b); err != nil {
diff --git a/vendor/golang.org/x/net/ipv4/helper.go b/vendor/golang.org/x/net/ipv4/helper.go
index 8d8ff98e94a6c..e845a7376ea3e 100644
--- a/vendor/golang.org/x/net/ipv4/helper.go
+++ b/vendor/golang.org/x/net/ipv4/helper.go
@@ -7,23 +7,36 @@ package ipv4
 import (
 	"errors"
 	"net"
+	"runtime"
+
+	"golang.org/x/net/internal/socket"
 )
 
 var (
-	errInvalidConn              = errors.New("invalid connection")
-	errMissingAddress           = errors.New("missing address")
-	errMissingHeader            = errors.New("missing header")
-	errHeaderTooShort           = errors.New("header too short")
-	errBufferTooShort           = errors.New("buffer too short")
-	errInvalidConnType          = errors.New("invalid conn type")
-	errOpNoSupport              = errors.New("operation not supported")
-	errNoSuchInterface          = errors.New("no such interface")
-	errNoSuchMulticastInterface = errors.New("no such multicast interface")
+	errInvalidConn       = errors.New("invalid connection")
+	errMissingAddress    = errors.New("missing address")
+	errNilHeader         = errors.New("nil header")
+	errHeaderTooShort    = errors.New("header too short")
+	errExtHeaderTooShort = errors.New("extension header too short")
+	errInvalidConnType   = errors.New("invalid conn type")
+	errNotImplemented    = errors.New("not implemented on " + runtime.GOOS + "/" + runtime.GOARCH)
 
-	// See http://www.freebsd.org/doc/en/books/porters-handbook/freebsd-versions.html.
-	freebsdVersion uint32
+	// See https://www.freebsd.org/doc/en/books/porters-handbook/versions.html.
+	freebsdVersion  uint32
+	compatFreeBSD32 bool // 386 emulation on amd64
 )
 
+// See golang.org/issue/30899.
+func adjustFreeBSD32(m *socket.Message) {
+	// FreeBSD 12.0-RELEASE is affected by https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236737
+	if 1200086 <= freebsdVersion && freebsdVersion < 1201000 {
+		l := (m.NN + 4 - 1) &^ (4 - 1)
+		if m.NN < l && l <= len(m.OOB) {
+			m.NN = l
+		}
+	}
+}
+
 func boolint(b bool) int {
 	if b {
 		return 1
diff --git a/vendor/golang.org/x/net/ipv4/icmp_stub.go b/vendor/golang.org/x/net/ipv4/icmp_stub.go
index 21bb29ab3669a..cd4ee6e1c9208 100644
--- a/vendor/golang.org/x/net/ipv4/icmp_stub.go
+++ b/vendor/golang.org/x/net/ipv4/icmp_stub.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !linux
 // +build !linux
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/packet.go b/vendor/golang.org/x/net/ipv4/packet.go
index 966bb776f5608..7d784e06dd086 100644
--- a/vendor/golang.org/x/net/ipv4/packet.go
+++ b/vendor/golang.org/x/net/ipv4/packet.go
@@ -29,7 +29,35 @@ func (c *packetHandler) ReadFrom(b []byte) (h *Header, p []byte, cm *ControlMess
 	if !c.ok() {
 		return nil, nil, nil, errInvalidConn
 	}
-	return c.readFrom(b)
+	c.rawOpt.RLock()
+	m := socket.Message{
+		Buffers: [][]byte{b},
+		OOB:     NewControlMessage(c.rawOpt.cflags),
+	}
+	c.rawOpt.RUnlock()
+	if err := c.RecvMsg(&m, 0); err != nil {
+		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+	}
+	var hs []byte
+	if hs, p, err = slicePacket(b[:m.N]); err != nil {
+		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+	}
+	if h, err = ParseHeader(hs); err != nil {
+		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+	}
+	if m.NN > 0 {
+		if compatFreeBSD32 {
+			adjustFreeBSD32(&m)
+		}
+		cm = new(ControlMessage)
+		if err := cm.Parse(m.OOB[:m.NN]); err != nil {
+			return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+		}
+	}
+	if src, ok := m.Addr.(*net.IPAddr); ok && cm != nil {
+		cm.Src = src.IP
+	}
+	return
 }
 
 func slicePacket(b []byte) (h, p []byte, err error) {
@@ -64,5 +92,26 @@ func (c *packetHandler) WriteTo(h *Header, p []byte, cm *ControlMessage) error {
 	if !c.ok() {
 		return errInvalidConn
 	}
-	return c.writeTo(h, p, cm)
+	m := socket.Message{
+		OOB: cm.Marshal(),
+	}
+	wh, err := h.Marshal()
+	if err != nil {
+		return err
+	}
+	m.Buffers = [][]byte{wh, p}
+	dst := new(net.IPAddr)
+	if cm != nil {
+		if ip := cm.Dst.To4(); ip != nil {
+			dst.IP = ip
+		}
+	}
+	if dst.IP == nil {
+		dst.IP = h.Dst
+	}
+	m.Addr = dst
+	if err := c.SendMsg(&m, 0); err != nil {
+		return &net.OpError{Op: "write", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Addr: opAddr(dst), Err: err}
+	}
+	return nil
 }
diff --git a/vendor/golang.org/x/net/ipv4/packet_go1_8.go b/vendor/golang.org/x/net/ipv4/packet_go1_8.go
deleted file mode 100644
index b47d186834d8d..0000000000000
--- a/vendor/golang.org/x/net/ipv4/packet_go1_8.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.9
-
-package ipv4
-
-import "net"
-
-func (c *packetHandler) readFrom(b []byte) (h *Header, p []byte, cm *ControlMessage, err error) {
-	c.rawOpt.RLock()
-	oob := NewControlMessage(c.rawOpt.cflags)
-	c.rawOpt.RUnlock()
-	n, nn, _, src, err := c.ReadMsgIP(b, oob)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-	var hs []byte
-	if hs, p, err = slicePacket(b[:n]); err != nil {
-		return nil, nil, nil, err
-	}
-	if h, err = ParseHeader(hs); err != nil {
-		return nil, nil, nil, err
-	}
-	if nn > 0 {
-		cm = new(ControlMessage)
-		if err := cm.Parse(oob[:nn]); err != nil {
-			return nil, nil, nil, err
-		}
-	}
-	if src != nil && cm != nil {
-		cm.Src = src.IP
-	}
-	return
-}
-
-func (c *packetHandler) writeTo(h *Header, p []byte, cm *ControlMessage) error {
-	oob := cm.Marshal()
-	wh, err := h.Marshal()
-	if err != nil {
-		return err
-	}
-	dst := new(net.IPAddr)
-	if cm != nil {
-		if ip := cm.Dst.To4(); ip != nil {
-			dst.IP = ip
-		}
-	}
-	if dst.IP == nil {
-		dst.IP = h.Dst
-	}
-	wh = append(wh, p...)
-	_, _, err = c.WriteMsgIP(wh, oob, dst)
-	return err
-}
diff --git a/vendor/golang.org/x/net/ipv4/packet_go1_9.go b/vendor/golang.org/x/net/ipv4/packet_go1_9.go
deleted file mode 100644
index 082c36d73e19b..0000000000000
--- a/vendor/golang.org/x/net/ipv4/packet_go1_9.go
+++ /dev/null
@@ -1,67 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.9
-
-package ipv4
-
-import (
-	"net"
-
-	"golang.org/x/net/internal/socket"
-)
-
-func (c *packetHandler) readFrom(b []byte) (h *Header, p []byte, cm *ControlMessage, err error) {
-	c.rawOpt.RLock()
-	m := socket.Message{
-		Buffers: [][]byte{b},
-		OOB:     NewControlMessage(c.rawOpt.cflags),
-	}
-	c.rawOpt.RUnlock()
-	if err := c.RecvMsg(&m, 0); err != nil {
-		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
-	}
-	var hs []byte
-	if hs, p, err = slicePacket(b[:m.N]); err != nil {
-		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
-	}
-	if h, err = ParseHeader(hs); err != nil {
-		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
-	}
-	if m.NN > 0 {
-		cm = new(ControlMessage)
-		if err := cm.Parse(m.OOB[:m.NN]); err != nil {
-			return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
-		}
-	}
-	if src, ok := m.Addr.(*net.IPAddr); ok && cm != nil {
-		cm.Src = src.IP
-	}
-	return
-}
-
-func (c *packetHandler) writeTo(h *Header, p []byte, cm *ControlMessage) error {
-	m := socket.Message{
-		OOB: cm.Marshal(),
-	}
-	wh, err := h.Marshal()
-	if err != nil {
-		return err
-	}
-	m.Buffers = [][]byte{wh, p}
-	dst := new(net.IPAddr)
-	if cm != nil {
-		if ip := cm.Dst.To4(); ip != nil {
-			dst.IP = ip
-		}
-	}
-	if dst.IP == nil {
-		dst.IP = h.Dst
-	}
-	m.Addr = dst
-	if err := c.SendMsg(&m, 0); err != nil {
-		return &net.OpError{Op: "write", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Addr: opAddr(dst), Err: err}
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/net/ipv4/payload_cmsg.go b/vendor/golang.org/x/net/ipv4/payload_cmsg.go
index 204a49fea7023..1bb370e25fd7d 100644
--- a/vendor/golang.org/x/net/ipv4/payload_cmsg.go
+++ b/vendor/golang.org/x/net/ipv4/payload_cmsg.go
@@ -2,11 +2,16 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !js,!nacl,!plan9,!windows
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package ipv4
 
-import "net"
+import (
+	"net"
+
+	"golang.org/x/net/internal/socket"
+)
 
 // ReadFrom reads a payload of the received IPv4 datagram, from the
 // endpoint c, copying the payload into b. It returns the number of
@@ -16,7 +21,45 @@ func (c *payloadHandler) ReadFrom(b []byte) (n int, cm *ControlMessage, src net.
 	if !c.ok() {
 		return 0, nil, nil, errInvalidConn
 	}
-	return c.readFrom(b)
+	c.rawOpt.RLock()
+	m := socket.Message{
+		OOB: NewControlMessage(c.rawOpt.cflags),
+	}
+	c.rawOpt.RUnlock()
+	switch c.PacketConn.(type) {
+	case *net.UDPConn:
+		m.Buffers = [][]byte{b}
+		if err := c.RecvMsg(&m, 0); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+	case *net.IPConn:
+		h := make([]byte, HeaderLen)
+		m.Buffers = [][]byte{h, b}
+		if err := c.RecvMsg(&m, 0); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		hdrlen := int(h[0]&0x0f) << 2
+		if hdrlen > len(h) {
+			d := hdrlen - len(h)
+			copy(b, b[d:])
+			m.N -= d
+		} else {
+			m.N -= hdrlen
+		}
+	default:
+		return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: errInvalidConnType}
+	}
+	if m.NN > 0 {
+		if compatFreeBSD32 {
+			adjustFreeBSD32(&m)
+		}
+		cm = new(ControlMessage)
+		if err := cm.Parse(m.OOB[:m.NN]); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		cm.Src = netAddrToIP4(m.Addr)
+	}
+	return m.N, cm, m.Addr, nil
 }
 
 // WriteTo writes a payload of the IPv4 datagram, to the destination
@@ -29,5 +72,14 @@ func (c *payloadHandler) WriteTo(b []byte, cm *ControlMessage, dst net.Addr) (n
 	if !c.ok() {
 		return 0, errInvalidConn
 	}
-	return c.writeTo(b, cm, dst)
+	m := socket.Message{
+		Buffers: [][]byte{b},
+		OOB:     cm.Marshal(),
+		Addr:    dst,
+	}
+	err = c.SendMsg(&m, 0)
+	if err != nil {
+		err = &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Addr: opAddr(dst), Err: err}
+	}
+	return m.N, err
 }
diff --git a/vendor/golang.org/x/net/ipv4/payload_cmsg_go1_8.go b/vendor/golang.org/x/net/ipv4/payload_cmsg_go1_8.go
deleted file mode 100644
index 8d45599f48f2f..0000000000000
--- a/vendor/golang.org/x/net/ipv4/payload_cmsg_go1_8.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.9
-// +build !js,!nacl,!plan9,!windows
-
-package ipv4
-
-import "net"
-
-func (c *payloadHandler) readFrom(b []byte) (n int, cm *ControlMessage, src net.Addr, err error) {
-	c.rawOpt.RLock()
-	oob := NewControlMessage(c.rawOpt.cflags)
-	c.rawOpt.RUnlock()
-	var nn int
-	switch c := c.PacketConn.(type) {
-	case *net.UDPConn:
-		if n, nn, _, src, err = c.ReadMsgUDP(b, oob); err != nil {
-			return 0, nil, nil, err
-		}
-	case *net.IPConn:
-		nb := make([]byte, maxHeaderLen+len(b))
-		if n, nn, _, src, err = c.ReadMsgIP(nb, oob); err != nil {
-			return 0, nil, nil, err
-		}
-		hdrlen := int(nb[0]&0x0f) << 2
-		copy(b, nb[hdrlen:])
-		n -= hdrlen
-	default:
-		return 0, nil, nil, &net.OpError{Op: "read", Net: c.LocalAddr().Network(), Source: c.LocalAddr(), Err: errInvalidConnType}
-	}
-	if nn > 0 {
-		cm = new(ControlMessage)
-		if err = cm.Parse(oob[:nn]); err != nil {
-			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
-		}
-	}
-	if cm != nil {
-		cm.Src = netAddrToIP4(src)
-	}
-	return
-}
-
-func (c *payloadHandler) writeTo(b []byte, cm *ControlMessage, dst net.Addr) (n int, err error) {
-	oob := cm.Marshal()
-	if dst == nil {
-		return 0, &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: errMissingAddress}
-	}
-	switch c := c.PacketConn.(type) {
-	case *net.UDPConn:
-		n, _, err = c.WriteMsgUDP(b, oob, dst.(*net.UDPAddr))
-	case *net.IPConn:
-		n, _, err = c.WriteMsgIP(b, oob, dst.(*net.IPAddr))
-	default:
-		return 0, &net.OpError{Op: "write", Net: c.LocalAddr().Network(), Source: c.LocalAddr(), Addr: opAddr(dst), Err: errInvalidConnType}
-	}
-	return
-}
diff --git a/vendor/golang.org/x/net/ipv4/payload_cmsg_go1_9.go b/vendor/golang.org/x/net/ipv4/payload_cmsg_go1_9.go
deleted file mode 100644
index 4081aad8bc807..0000000000000
--- a/vendor/golang.org/x/net/ipv4/payload_cmsg_go1_9.go
+++ /dev/null
@@ -1,67 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.9
-// +build !js,!nacl,!plan9,!windows
-
-package ipv4
-
-import (
-	"net"
-
-	"golang.org/x/net/internal/socket"
-)
-
-func (c *payloadHandler) readFrom(b []byte) (int, *ControlMessage, net.Addr, error) {
-	c.rawOpt.RLock()
-	m := socket.Message{
-		OOB: NewControlMessage(c.rawOpt.cflags),
-	}
-	c.rawOpt.RUnlock()
-	switch c.PacketConn.(type) {
-	case *net.UDPConn:
-		m.Buffers = [][]byte{b}
-		if err := c.RecvMsg(&m, 0); err != nil {
-			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
-		}
-	case *net.IPConn:
-		h := make([]byte, HeaderLen)
-		m.Buffers = [][]byte{h, b}
-		if err := c.RecvMsg(&m, 0); err != nil {
-			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
-		}
-		hdrlen := int(h[0]&0x0f) << 2
-		if hdrlen > len(h) {
-			d := hdrlen - len(h)
-			copy(b, b[d:])
-			m.N -= d
-		} else {
-			m.N -= hdrlen
-		}
-	default:
-		return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: errInvalidConnType}
-	}
-	var cm *ControlMessage
-	if m.NN > 0 {
-		cm = new(ControlMessage)
-		if err := cm.Parse(m.OOB[:m.NN]); err != nil {
-			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
-		}
-		cm.Src = netAddrToIP4(m.Addr)
-	}
-	return m.N, cm, m.Addr, nil
-}
-
-func (c *payloadHandler) writeTo(b []byte, cm *ControlMessage, dst net.Addr) (int, error) {
-	m := socket.Message{
-		Buffers: [][]byte{b},
-		OOB:     cm.Marshal(),
-		Addr:    dst,
-	}
-	err := c.SendMsg(&m, 0)
-	if err != nil {
-		err = &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Addr: opAddr(dst), Err: err}
-	}
-	return m.N, err
-}
diff --git a/vendor/golang.org/x/net/ipv4/payload_nocmsg.go b/vendor/golang.org/x/net/ipv4/payload_nocmsg.go
index 1d434c61ac55c..53f0794eb7643 100644
--- a/vendor/golang.org/x/net/ipv4/payload_nocmsg.go
+++ b/vendor/golang.org/x/net/ipv4/payload_nocmsg.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build js nacl plan9 windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
 
 package ipv4
 
diff --git a/vendor/golang.org/x/net/ipv4/sockopt_posix.go b/vendor/golang.org/x/net/ipv4/sockopt_posix.go
index e96955bc188b7..eb07c1c02a5cc 100644
--- a/vendor/golang.org/x/net/ipv4/sockopt_posix.go
+++ b/vendor/golang.org/x/net/ipv4/sockopt_posix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris windows
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || windows || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris windows zos
 
 package ipv4
 
@@ -39,7 +40,7 @@ func (so *sockOpt) getICMPFilter(c *socket.Conn) (*ICMPFilter, error) {
 		return nil, err
 	}
 	if n != sizeofICMPFilter {
-		return nil, errOpNoSupport
+		return nil, errNotImplemented
 	}
 	return (*ICMPFilter)(unsafe.Pointer(&b[0])), nil
 }
@@ -58,7 +59,7 @@ func (so *sockOpt) setGroup(c *socket.Conn, ifi *net.Interface, grp net.IP) erro
 	case ssoTypeGroupReq:
 		return so.setGroupReq(c, ifi, grp)
 	default:
-		return errOpNoSupport
+		return errNotImplemented
 	}
 }
 
diff --git a/vendor/golang.org/x/net/ipv4/sockopt_stub.go b/vendor/golang.org/x/net/ipv4/sockopt_stub.go
index 23249b782e335..cf036893b7d1c 100644
--- a/vendor/golang.org/x/net/ipv4/sockopt_stub.go
+++ b/vendor/golang.org/x/net/ipv4/sockopt_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package ipv4
 
@@ -14,29 +15,29 @@ import (
 )
 
 func (so *sockOpt) getMulticastInterface(c *socket.Conn) (*net.Interface, error) {
-	return nil, errOpNoSupport
+	return nil, errNotImplemented
 }
 
 func (so *sockOpt) setMulticastInterface(c *socket.Conn, ifi *net.Interface) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) getICMPFilter(c *socket.Conn) (*ICMPFilter, error) {
-	return nil, errOpNoSupport
+	return nil, errNotImplemented
 }
 
 func (so *sockOpt) setICMPFilter(c *socket.Conn, f *ICMPFilter) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) setGroup(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) setSourceGroup(c *socket.Conn, ifi *net.Interface, grp, src net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) setBPF(c *socket.Conn, f []bpf.RawInstruction) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv4/sys_aix.go b/vendor/golang.org/x/net/ipv4/sys_aix.go
new file mode 100644
index 0000000000000..b0b69d9c02cec
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv4/sys_aix.go
@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Added for go1.11 compatibility
+//go:build aix
+// +build aix
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTTL:       {sysIP_RECVTTL, 1, marshalTTL, parseTTL},
+		ctlDst:       {sysIP_RECVDSTADDR, net.IPv4len, marshalDst, parseDst},
+		ctlInterface: {sysIP_RECVIF, syscall.SizeofSockaddrDatalink, marshalInterface, parseInterface},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 1}},
+		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
+		ssoReceiveDst:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVDSTADDR, Len: 4}},
+		ssoReceiveInterface:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVIF, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_ADD_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_DROP_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+	}
+)
diff --git a/vendor/golang.org/x/net/ipv4/sys_asmreq.go b/vendor/golang.org/x/net/ipv4/sys_asmreq.go
index 0388cba00c38c..22322b387ec9d 100644
--- a/vendor/golang.org/x/net/ipv4/sys_asmreq.go
+++ b/vendor/golang.org/x/net/ipv4/sys_asmreq.go
@@ -2,17 +2,21 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd netbsd openbsd solaris windows
+//go:build aix || darwin || dragonfly || freebsd || netbsd || openbsd || solaris || windows
+// +build aix darwin dragonfly freebsd netbsd openbsd solaris windows
 
 package ipv4
 
 import (
+	"errors"
 	"net"
 	"unsafe"
 
 	"golang.org/x/net/internal/socket"
 )
 
+var errNoSuchInterface = errors.New("no such interface")
+
 func (so *sockOpt) setIPMreq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
 	mreq := ipMreq{Multiaddr: [4]byte{grp[0], grp[1], grp[2], grp[3]}}
 	if err := setIPMreqInterface(&mreq, ifi); err != nil {
diff --git a/vendor/golang.org/x/net/ipv4/sys_asmreq_stub.go b/vendor/golang.org/x/net/ipv4/sys_asmreq_stub.go
index f3919208b6eea..fde640142df59 100644
--- a/vendor/golang.org/x/net/ipv4/sys_asmreq_stub.go
+++ b/vendor/golang.org/x/net/ipv4/sys_asmreq_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !netbsd && !openbsd && !solaris && !windows
+// +build !aix,!darwin,!dragonfly,!freebsd,!netbsd,!openbsd,!solaris,!windows
 
 package ipv4
 
@@ -13,13 +14,13 @@ import (
 )
 
 func (so *sockOpt) setIPMreq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) getMulticastIf(c *socket.Conn) (*net.Interface, error) {
-	return nil, errOpNoSupport
+	return nil, errNotImplemented
 }
 
 func (so *sockOpt) setMulticastIf(c *socket.Conn, ifi *net.Interface) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv4/sys_asmreqn.go b/vendor/golang.org/x/net/ipv4/sys_asmreqn.go
index 1f24f69f3b081..fbfe4af69d2df 100644
--- a/vendor/golang.org/x/net/ipv4/sys_asmreqn.go
+++ b/vendor/golang.org/x/net/ipv4/sys_asmreqn.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build darwin || freebsd || linux
 // +build darwin freebsd linux
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/sys_asmreqn_stub.go b/vendor/golang.org/x/net/ipv4/sys_asmreqn_stub.go
index 0711d3d786aa8..dcb15f25a55c8 100644
--- a/vendor/golang.org/x/net/ipv4/sys_asmreqn_stub.go
+++ b/vendor/golang.org/x/net/ipv4/sys_asmreqn_stub.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !darwin && !freebsd && !linux
 // +build !darwin,!freebsd,!linux
 
 package ipv4
@@ -13,9 +14,9 @@ import (
 )
 
 func (so *sockOpt) getIPMreqn(c *socket.Conn) (*net.Interface, error) {
-	return nil, errOpNoSupport
+	return nil, errNotImplemented
 }
 
 func (so *sockOpt) setIPMreqn(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv4/sys_bpf.go b/vendor/golang.org/x/net/ipv4/sys_bpf.go
index 9f30b7308e3cf..fb11e324e2ca7 100644
--- a/vendor/golang.org/x/net/ipv4/sys_bpf.go
+++ b/vendor/golang.org/x/net/ipv4/sys_bpf.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux
 // +build linux
 
 package ipv4
@@ -11,13 +12,14 @@ import (
 
 	"golang.org/x/net/bpf"
 	"golang.org/x/net/internal/socket"
+	"golang.org/x/sys/unix"
 )
 
 func (so *sockOpt) setAttachFilter(c *socket.Conn, f []bpf.RawInstruction) error {
-	prog := sockFProg{
+	prog := unix.SockFprog{
 		Len:    uint16(len(f)),
-		Filter: (*sockFilter)(unsafe.Pointer(&f[0])),
+		Filter: (*unix.SockFilter)(unsafe.Pointer(&f[0])),
 	}
-	b := (*[sizeofSockFprog]byte)(unsafe.Pointer(&prog))[:sizeofSockFprog]
+	b := (*[unix.SizeofSockFprog]byte)(unsafe.Pointer(&prog))[:unix.SizeofSockFprog]
 	return so.Set(c, b)
 }
diff --git a/vendor/golang.org/x/net/ipv4/sys_bpf_stub.go b/vendor/golang.org/x/net/ipv4/sys_bpf_stub.go
index 9a2132093dace..fc53a0d33ae97 100644
--- a/vendor/golang.org/x/net/ipv4/sys_bpf_stub.go
+++ b/vendor/golang.org/x/net/ipv4/sys_bpf_stub.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !linux
 // +build !linux
 
 package ipv4
@@ -12,5 +13,5 @@ import (
 )
 
 func (so *sockOpt) setAttachFilter(c *socket.Conn, f []bpf.RawInstruction) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv4/sys_bsd.go b/vendor/golang.org/x/net/ipv4/sys_bsd.go
index 58256dd9d6fa9..8074f9898c30e 100644
--- a/vendor/golang.org/x/net/ipv4/sys_bsd.go
+++ b/vendor/golang.org/x/net/ipv4/sys_bsd.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build netbsd || openbsd
 // +build netbsd openbsd
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/sys_darwin.go b/vendor/golang.org/x/net/ipv4/sys_darwin.go
index e8fb19169205f..ac213c73509d4 100644
--- a/vendor/golang.org/x/net/ipv4/sys_darwin.go
+++ b/vendor/golang.org/x/net/ipv4/sys_darwin.go
@@ -6,8 +6,6 @@ package ipv4
 
 import (
 	"net"
-	"strconv"
-	"strings"
 	"syscall"
 	"unsafe"
 
@@ -17,59 +15,33 @@ import (
 
 var (
 	ctlOpts = [ctlMax]ctlOpt{
-		ctlTTL:       {sysIP_RECVTTL, 1, marshalTTL, parseTTL},
-		ctlDst:       {sysIP_RECVDSTADDR, net.IPv4len, marshalDst, parseDst},
-		ctlInterface: {sysIP_RECVIF, syscall.SizeofSockaddrDatalink, marshalInterface, parseInterface},
+		ctlTTL:        {sysIP_RECVTTL, 1, marshalTTL, parseTTL},
+		ctlDst:        {sysIP_RECVDSTADDR, net.IPv4len, marshalDst, parseDst},
+		ctlInterface:  {sysIP_RECVIF, syscall.SizeofSockaddrDatalink, marshalInterface, parseInterface},
+		ctlPacketInfo: {sysIP_PKTINFO, sizeofInetPktinfo, marshalPacketInfo, parsePacketInfo},
 	}
 
 	sockOpts = map[int]*sockOpt{
 		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
 		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
 		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
-		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: sizeofIPMreqn}, typ: ssoTypeIPMreqn},
 		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 4}},
 		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
 		ssoReceiveDst:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVDSTADDR, Len: 4}},
 		ssoReceiveInterface:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVIF, Len: 4}},
 		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
 		ssoStripHeader:        {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_STRIPHDR, Len: 4}},
-		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_ADD_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
-		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_DROP_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoPacketInfo:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVPKTINFO, Len: 4}},
 	}
 )
 
-func init() {
-	// Seems like kern.osreldate is veiled on latest OS X. We use
-	// kern.osrelease instead.
-	s, err := syscall.Sysctl("kern.osrelease")
-	if err != nil {
-		return
-	}
-	ss := strings.Split(s, ".")
-	if len(ss) == 0 {
-		return
-	}
-	// The IP_PKTINFO and protocol-independent multicast API were
-	// introduced in OS X 10.7 (Darwin 11). But it looks like
-	// those features require OS X 10.8 (Darwin 12) or above.
-	// See http://support.apple.com/kb/HT1633.
-	if mjver, err := strconv.Atoi(ss[0]); err != nil || mjver < 12 {
-		return
-	}
-	ctlOpts[ctlPacketInfo].name = sysIP_PKTINFO
-	ctlOpts[ctlPacketInfo].length = sizeofInetPktinfo
-	ctlOpts[ctlPacketInfo].marshal = marshalPacketInfo
-	ctlOpts[ctlPacketInfo].parse = parsePacketInfo
-	sockOpts[ssoPacketInfo] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVPKTINFO, Len: 4}}
-	sockOpts[ssoMulticastInterface] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: sizeofIPMreqn}, typ: ssoTypeIPMreqn}
-	sockOpts[ssoJoinGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq}
-	sockOpts[ssoLeaveGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq}
-	sockOpts[ssoJoinSourceGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq}
-	sockOpts[ssoLeaveSourceGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq}
-	sockOpts[ssoBlockSourceGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq}
-	sockOpts[ssoUnblockSourceGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq}
-}
-
 func (pi *inetPktinfo) setIfindex(i int) {
 	pi.Ifindex = uint32(i)
 }
diff --git a/vendor/golang.org/x/net/ipv4/sys_freebsd.go b/vendor/golang.org/x/net/ipv4/sys_freebsd.go
index b80032454a5d5..482873d9a15d0 100644
--- a/vendor/golang.org/x/net/ipv4/sys_freebsd.go
+++ b/vendor/golang.org/x/net/ipv4/sys_freebsd.go
@@ -50,7 +50,7 @@ func init() {
 		archs, _ := syscall.Sysctl("kern.supported_archs")
 		for _, s := range strings.Fields(archs) {
 			if s == "amd64" {
-				freebsd32o64 = true
+				compatFreeBSD32 = true
 				break
 			}
 		}
diff --git a/vendor/golang.org/x/net/ipv4/sys_linux.go b/vendor/golang.org/x/net/ipv4/sys_linux.go
index 60defe1326324..cf755c7fbaf7c 100644
--- a/vendor/golang.org/x/net/ipv4/sys_linux.go
+++ b/vendor/golang.org/x/net/ipv4/sys_linux.go
@@ -11,6 +11,7 @@ import (
 
 	"golang.org/x/net/internal/iana"
 	"golang.org/x/net/internal/socket"
+	"golang.org/x/sys/unix"
 )
 
 var (
@@ -35,7 +36,7 @@ var (
 		ssoLeaveSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
 		ssoBlockSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
 		ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
-		ssoAttachFilter:       {Option: socket.Option{Level: sysSOL_SOCKET, Name: sysSO_ATTACH_FILTER, Len: sizeofSockFprog}},
+		ssoAttachFilter:       {Option: socket.Option{Level: unix.SOL_SOCKET, Name: unix.SO_ATTACH_FILTER, Len: unix.SizeofSockFprog}},
 	}
 )
 
diff --git a/vendor/golang.org/x/net/ipv4/sys_ssmreq.go b/vendor/golang.org/x/net/ipv4/sys_ssmreq.go
index ae5704e77a2da..6a4e7abf9bdff 100644
--- a/vendor/golang.org/x/net/ipv4/sys_ssmreq.go
+++ b/vendor/golang.org/x/net/ipv4/sys_ssmreq.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build darwin || freebsd || linux || solaris
 // +build darwin freebsd linux solaris
 
 package ipv4
@@ -13,8 +14,6 @@ import (
 	"golang.org/x/net/internal/socket"
 )
 
-var freebsd32o64 bool
-
 func (so *sockOpt) setGroupReq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
 	var gr groupReq
 	if ifi != nil {
@@ -22,7 +21,7 @@ func (so *sockOpt) setGroupReq(c *socket.Conn, ifi *net.Interface, grp net.IP) e
 	}
 	gr.setGroup(grp)
 	var b []byte
-	if freebsd32o64 {
+	if compatFreeBSD32 {
 		var d [sizeofGroupReq + 4]byte
 		s := (*[sizeofGroupReq]byte)(unsafe.Pointer(&gr))
 		copy(d[:4], s[:4])
@@ -41,7 +40,7 @@ func (so *sockOpt) setGroupSourceReq(c *socket.Conn, ifi *net.Interface, grp, sr
 	}
 	gsr.setSourceGroup(grp, src)
 	var b []byte
-	if freebsd32o64 {
+	if compatFreeBSD32 {
 		var d [sizeofGroupSourceReq + 4]byte
 		s := (*[sizeofGroupSourceReq]byte)(unsafe.Pointer(&gsr))
 		copy(d[:4], s[:4])
diff --git a/vendor/golang.org/x/net/ipv4/sys_ssmreq_stub.go b/vendor/golang.org/x/net/ipv4/sys_ssmreq_stub.go
index e6b7623d0d553..157159fd507bd 100644
--- a/vendor/golang.org/x/net/ipv4/sys_ssmreq_stub.go
+++ b/vendor/golang.org/x/net/ipv4/sys_ssmreq_stub.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !darwin && !freebsd && !linux && !solaris
 // +build !darwin,!freebsd,!linux,!solaris
 
 package ipv4
@@ -13,9 +14,9 @@ import (
 )
 
 func (so *sockOpt) setGroupReq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) setGroupSourceReq(c *socket.Conn, ifi *net.Interface, grp, src net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv4/sys_stub.go b/vendor/golang.org/x/net/ipv4/sys_stub.go
index 4f076473bd1dc..d550851658523 100644
--- a/vendor/golang.org/x/net/ipv4/sys_stub.go
+++ b/vendor/golang.org/x/net/ipv4/sys_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package ipv4
 
diff --git a/vendor/golang.org/x/net/ipv4/sys_zos.go b/vendor/golang.org/x/net/ipv4/sys_zos.go
new file mode 100644
index 0000000000000..7426606cff3c2
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv4/sys_zos.go
@@ -0,0 +1,55 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlPacketInfo: {sysIP_PKTINFO, sizeofInetPktinfo, marshalPacketInfo, parsePacketInfo},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 1}},
+		ssoPacketInfo:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVPKTINFO, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+	}
+)
+
+func (pi *inetPktinfo) setIfindex(i int) {
+	pi.Ifindex = uint32(i)
+}
+
+func (gr *groupReq) setGroup(grp net.IP) {
+	sa := (*sockaddrInet4)(unsafe.Pointer(&gr.Group))
+	sa.Family = syscall.AF_INET
+	sa.Len = sizeofSockaddrInet4
+	copy(sa.Addr[:], grp)
+}
+
+func (gsr *groupSourceReq) setSourceGroup(grp, src net.IP) {
+	sa := (*sockaddrInet4)(unsafe.Pointer(&gsr.Group))
+	sa.Family = syscall.AF_INET
+	sa.Len = sizeofSockaddrInet4
+	copy(sa.Addr[:], grp)
+	sa = (*sockaddrInet4)(unsafe.Pointer(&gsr.Source))
+	sa.Family = syscall.AF_INET
+	sa.Len = sizeofSockaddrInet4
+	copy(sa.Addr[:], src)
+}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go b/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go
new file mode 100644
index 0000000000000..d6f24754e5a4d
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go
@@ -0,0 +1,34 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_aix.go
+
+// Added for go1.11 compatibility
+//go:build aix
+// +build aix
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x20
+	sysIP_RECVTTL     = 0x22
+
+	sysIP_MULTICAST_IF    = 0x9
+	sysIP_MULTICAST_TTL   = 0xa
+	sysIP_MULTICAST_LOOP  = 0xb
+	sysIP_ADD_MEMBERSHIP  = 0xc
+	sysIP_DROP_MEMBERSHIP = 0xd
+
+	sizeofIPMreq = 0x8
+)
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_darwin.go b/vendor/golang.org/x/net/ipv4/zsys_darwin.go
index c07cc883fc34d..e05a251ba0761 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_darwin.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_darwin.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_darwin.go
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go b/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
index c4365e9e7121e..6d65e9fcb8155 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_dragonfly.go
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go b/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
index 8c4aec94c8a0b..136e2b8f1d615 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go b/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
index 4b10b7c575fe5..4f730f19ef349 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go b/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
index 4b10b7c575fe5..4f730f19ef349 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go b/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go
new file mode 100644
index 0000000000000..ecebf3272392e
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go
@@ -0,0 +1,93 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_SENDSRCADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x14
+	sysIP_ONESBCAST   = 0x17
+	sysIP_BINDANY     = 0x18
+	sysIP_RECVTTL     = 0x41
+	sysIP_MINTTL      = 0x42
+	sysIP_DONTFRAG    = 0x43
+	sysIP_RECVTOS     = 0x44
+
+	sysIP_MULTICAST_IF           = 0x9
+	sysIP_MULTICAST_TTL          = 0xa
+	sysIP_MULTICAST_LOOP         = 0xb
+	sysIP_ADD_MEMBERSHIP         = 0xc
+	sysIP_DROP_MEMBERSHIP        = 0xd
+	sysIP_MULTICAST_VIF          = 0xe
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x46
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x47
+	sysIP_BLOCK_SOURCE           = 0x48
+	sysIP_UNBLOCK_SOURCE         = 0x49
+	sysMCAST_JOIN_GROUP          = 0x50
+	sysMCAST_LEAVE_GROUP         = 0x51
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x52
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x53
+	sysMCAST_BLOCK_SOURCE        = 0x54
+	sysMCAST_UNBLOCK_SOURCE      = 0x55
+
+	sizeofSockaddrStorage = 0x80
+	sizeofSockaddrInet    = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+)
+
+type sockaddrStorage struct {
+	Len         uint8
+	Family      uint8
+	X__ss_pad1  [6]uint8
+	X__ss_align int64
+	X__ss_pad2  [112]uint8
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  [4]byte /* in_addr */
+	Sourceaddr [4]byte /* in_addr */
+	Interface  [4]byte /* in_addr */
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_386.go b/vendor/golang.org/x/net/ipv4/zsys_linux_386.go
index c0260f0ce34f1..1c7fdfa13af9b 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_386.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_386.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -133,16 +128,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
index 9c967eaa642d5..a04e785187af5 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -135,16 +130,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go b/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
index c0260f0ce34f1..1c7fdfa13af9b 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -133,16 +128,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
index 9c967eaa642d5..a04e785187af5 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -135,16 +130,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go b/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
index c0260f0ce34f1..1c7fdfa13af9b 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -133,16 +128,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
index 9c967eaa642d5..a04e785187af5 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -135,16 +130,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go b/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
index 9c967eaa642d5..a04e785187af5 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -135,16 +130,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go b/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
index c0260f0ce34f1..1c7fdfa13af9b 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -133,16 +128,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
index f65bd9a7a68de..3c5ea54731edd 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -133,16 +128,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
index 9c967eaa642d5..a04e785187af5 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -135,16 +130,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
index 9c967eaa642d5..a04e785187af5 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -135,16 +130,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go
new file mode 100644
index 0000000000000..ec9e2dbecca9e
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go
@@ -0,0 +1,135 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+//go:build riscv64
+// +build riscv64
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go b/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
index 9c967eaa642d5..a04e785187af5 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv4
@@ -55,9 +55,6 @@ const (
 	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
 	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
@@ -70,8 +67,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPFilter = 0x4
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -135,16 +130,3 @@ type groupSourceReq struct {
 type icmpFilter struct {
 	Data uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv4/zsys_netbsd.go b/vendor/golang.org/x/net/ipv4/zsys_netbsd.go
index fd3624d93c430..8cfc648ad7e8c 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_netbsd.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_netbsd.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_netbsd.go
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/zsys_openbsd.go b/vendor/golang.org/x/net/ipv4/zsys_openbsd.go
index 12f36be759e00..37629cb0ab5f5 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_openbsd.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_openbsd.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_openbsd.go
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/zsys_solaris.go b/vendor/golang.org/x/net/ipv4/zsys_solaris.go
index 0a3875cc41a9e..cb80a308b0e64 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_solaris.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_solaris.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_solaris.go
 
 package ipv4
diff --git a/vendor/golang.org/x/net/ipv4/zsys_zos_s390x.go b/vendor/golang.org/x/net/ipv4/zsys_zos_s390x.go
new file mode 100644
index 0000000000000..4bbfda07dc3a2
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv4/zsys_zos_s390x.go
@@ -0,0 +1,80 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Hand edited based on zerrors_zos_s390x.go
+// TODO(Bill O'Farrell): auto-generate.
+
+package ipv4
+
+const (
+	sysIP_ADD_MEMBERSHIP         = 5
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 12
+	sysIP_BLOCK_SOURCE           = 10
+	sysIP_DEFAULT_MULTICAST_LOOP = 1
+	sysIP_DEFAULT_MULTICAST_TTL  = 1
+	sysIP_DROP_MEMBERSHIP        = 6
+	sysIP_DROP_SOURCE_MEMBERSHIP = 13
+	sysIP_MAX_MEMBERSHIPS        = 20
+	sysIP_MULTICAST_IF           = 7
+	sysIP_MULTICAST_LOOP         = 4
+	sysIP_MULTICAST_TTL          = 3
+	sysIP_OPTIONS                = 1
+	sysIP_PKTINFO                = 101
+	sysIP_RECVPKTINFO            = 102
+	sysIP_TOS                    = 2
+	sysIP_UNBLOCK_SOURCE         = 11
+
+	sysMCAST_JOIN_GROUP         = 40
+	sysMCAST_LEAVE_GROUP        = 41
+	sysMCAST_JOIN_SOURCE_GROUP  = 42
+	sysMCAST_LEAVE_SOURCE_GROUP = 43
+	sysMCAST_BLOCK_SOURCE       = 44
+	sysMCAST_UNBLOCK_SOURCE     = 45
+
+	sizeofIPMreq          = 8
+	sizeofSockaddrInet4   = 16
+	sizeofSockaddrStorage = 128
+	sizeofGroupReq        = 136
+	sizeofGroupSourceReq  = 264
+	sizeofInetPktinfo     = 8
+)
+
+type sockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte
+	Zero   [8]uint8
+}
+
+type inetPktinfo struct {
+	Addr    [4]byte
+	Ifindex uint32
+}
+
+type sockaddrStorage struct {
+	Len      uint8
+	Family   byte
+	ss_pad1  [6]byte
+	ss_align int64
+	ss_pad2  [112]byte
+}
+
+type groupReq struct {
+	Interface uint32
+	reserved  uint32
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	reserved  uint32
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
diff --git a/vendor/golang.org/x/net/ipv6/batch.go b/vendor/golang.org/x/net/ipv6/batch.go
index 10d6492451537..2ccb9849c7859 100644
--- a/vendor/golang.org/x/net/ipv6/batch.go
+++ b/vendor/golang.org/x/net/ipv6/batch.go
@@ -2,8 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.9
-
 package ipv6
 
 import (
diff --git a/vendor/golang.org/x/net/ipv6/control_rfc2292_unix.go b/vendor/golang.org/x/net/ipv6/control_rfc2292_unix.go
index 9fd9eb15e3bc4..dd5fdc3133cab 100644
--- a/vendor/golang.org/x/net/ipv6/control_rfc2292_unix.go
+++ b/vendor/golang.org/x/net/ipv6/control_rfc2292_unix.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build darwin
 // +build darwin
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/control_rfc3542_unix.go b/vendor/golang.org/x/net/ipv6/control_rfc3542_unix.go
index eec529c205e53..24221941950c3 100644
--- a/vendor/golang.org/x/net/ipv6/control_rfc3542_unix.go
+++ b/vendor/golang.org/x/net/ipv6/control_rfc3542_unix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package ipv6
 
diff --git a/vendor/golang.org/x/net/ipv6/control_stub.go b/vendor/golang.org/x/net/ipv6/control_stub.go
index a045f28f74c9d..b7e8643fc9c28 100644
--- a/vendor/golang.org/x/net/ipv6/control_stub.go
+++ b/vendor/golang.org/x/net/ipv6/control_stub.go
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package ipv6
 
 import "golang.org/x/net/internal/socket"
 
 func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv6/control_unix.go b/vendor/golang.org/x/net/ipv6/control_unix.go
index 66515060a88df..63e475db83186 100644
--- a/vendor/golang.org/x/net/ipv6/control_unix.go
+++ b/vendor/golang.org/x/net/ipv6/control_unix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package ipv6
 
diff --git a/vendor/golang.org/x/net/ipv6/control_windows.go b/vendor/golang.org/x/net/ipv6/control_windows.go
index ef2563b3fc602..8882d81934dd0 100644
--- a/vendor/golang.org/x/net/ipv6/control_windows.go
+++ b/vendor/golang.org/x/net/ipv6/control_windows.go
@@ -4,13 +4,9 @@
 
 package ipv6
 
-import (
-	"syscall"
-
-	"golang.org/x/net/internal/socket"
-)
+import "golang.org/x/net/internal/socket"
 
 func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
 	// TODO(mikio): implement this
-	return syscall.EWINDOWS
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv6/dgramopt.go b/vendor/golang.org/x/net/ipv6/dgramopt.go
index eea4fde25627b..1f422e71dc351 100644
--- a/vendor/golang.org/x/net/ipv6/dgramopt.go
+++ b/vendor/golang.org/x/net/ipv6/dgramopt.go
@@ -18,7 +18,7 @@ func (c *dgramOpt) MulticastHopLimit() (int, error) {
 	}
 	so, ok := sockOpts[ssoMulticastHopLimit]
 	if !ok {
-		return 0, errOpNoSupport
+		return 0, errNotImplemented
 	}
 	return so.GetInt(c.Conn)
 }
@@ -31,7 +31,7 @@ func (c *dgramOpt) SetMulticastHopLimit(hoplim int) error {
 	}
 	so, ok := sockOpts[ssoMulticastHopLimit]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.SetInt(c.Conn, hoplim)
 }
@@ -44,7 +44,7 @@ func (c *dgramOpt) MulticastInterface() (*net.Interface, error) {
 	}
 	so, ok := sockOpts[ssoMulticastInterface]
 	if !ok {
-		return nil, errOpNoSupport
+		return nil, errNotImplemented
 	}
 	return so.getMulticastInterface(c.Conn)
 }
@@ -57,7 +57,7 @@ func (c *dgramOpt) SetMulticastInterface(ifi *net.Interface) error {
 	}
 	so, ok := sockOpts[ssoMulticastInterface]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.setMulticastInterface(c.Conn, ifi)
 }
@@ -70,7 +70,7 @@ func (c *dgramOpt) MulticastLoopback() (bool, error) {
 	}
 	so, ok := sockOpts[ssoMulticastLoopback]
 	if !ok {
-		return false, errOpNoSupport
+		return false, errNotImplemented
 	}
 	on, err := so.GetInt(c.Conn)
 	if err != nil {
@@ -87,7 +87,7 @@ func (c *dgramOpt) SetMulticastLoopback(on bool) error {
 	}
 	so, ok := sockOpts[ssoMulticastLoopback]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.SetInt(c.Conn, boolint(on))
 }
@@ -107,7 +107,7 @@ func (c *dgramOpt) JoinGroup(ifi *net.Interface, group net.Addr) error {
 	}
 	so, ok := sockOpts[ssoJoinGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP16(group)
 	if grp == nil {
@@ -125,7 +125,7 @@ func (c *dgramOpt) LeaveGroup(ifi *net.Interface, group net.Addr) error {
 	}
 	so, ok := sockOpts[ssoLeaveGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP16(group)
 	if grp == nil {
@@ -146,7 +146,7 @@ func (c *dgramOpt) JoinSourceSpecificGroup(ifi *net.Interface, group, source net
 	}
 	so, ok := sockOpts[ssoJoinSourceGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP16(group)
 	if grp == nil {
@@ -167,7 +167,7 @@ func (c *dgramOpt) LeaveSourceSpecificGroup(ifi *net.Interface, group, source ne
 	}
 	so, ok := sockOpts[ssoLeaveSourceGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP16(group)
 	if grp == nil {
@@ -189,7 +189,7 @@ func (c *dgramOpt) ExcludeSourceSpecificGroup(ifi *net.Interface, group, source
 	}
 	so, ok := sockOpts[ssoBlockSourceGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP16(group)
 	if grp == nil {
@@ -210,7 +210,7 @@ func (c *dgramOpt) IncludeSourceSpecificGroup(ifi *net.Interface, group, source
 	}
 	so, ok := sockOpts[ssoUnblockSourceGroup]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	grp := netAddrToIP16(group)
 	if grp == nil {
@@ -233,7 +233,7 @@ func (c *dgramOpt) Checksum() (on bool, offset int, err error) {
 	}
 	so, ok := sockOpts[ssoChecksum]
 	if !ok {
-		return false, 0, errOpNoSupport
+		return false, 0, errNotImplemented
 	}
 	offset, err = so.GetInt(c.Conn)
 	if err != nil {
@@ -254,7 +254,7 @@ func (c *dgramOpt) SetChecksum(on bool, offset int) error {
 	}
 	so, ok := sockOpts[ssoChecksum]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	if !on {
 		offset = -1
@@ -269,7 +269,7 @@ func (c *dgramOpt) ICMPFilter() (*ICMPFilter, error) {
 	}
 	so, ok := sockOpts[ssoICMPFilter]
 	if !ok {
-		return nil, errOpNoSupport
+		return nil, errNotImplemented
 	}
 	return so.getICMPFilter(c.Conn)
 }
@@ -281,7 +281,7 @@ func (c *dgramOpt) SetICMPFilter(f *ICMPFilter) error {
 	}
 	so, ok := sockOpts[ssoICMPFilter]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.setICMPFilter(c.Conn, f)
 }
@@ -295,7 +295,7 @@ func (c *dgramOpt) SetBPF(filter []bpf.RawInstruction) error {
 	}
 	so, ok := sockOpts[ssoAttachFilter]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.setBPF(c.Conn, filter)
 }
diff --git a/vendor/golang.org/x/net/ipv6/doc.go b/vendor/golang.org/x/net/ipv6/doc.go
index cb4000623284b..e0be9d50d70d3 100644
--- a/vendor/golang.org/x/net/ipv6/doc.go
+++ b/vendor/golang.org/x/net/ipv6/doc.go
@@ -56,7 +56,7 @@
 // Multicasting
 //
 // The options for multicasting are available for net.UDPConn and
-// net.IPconn which are created as network connections that use the
+// net.IPConn which are created as network connections that use the
 // IPv6 transport. A few network facilities must be prepared before
 // you begin multicasting, at a minimum joining network interfaces and
 // multicast groups.
diff --git a/vendor/golang.org/x/net/ipv6/endpoint.go b/vendor/golang.org/x/net/ipv6/endpoint.go
index 932575639632a..f534a0bf38d3d 100644
--- a/vendor/golang.org/x/net/ipv6/endpoint.go
+++ b/vendor/golang.org/x/net/ipv6/endpoint.go
@@ -37,7 +37,7 @@ func (c *Conn) PathMTU() (int, error) {
 	}
 	so, ok := sockOpts[ssoPathMTU]
 	if !ok {
-		return 0, errOpNoSupport
+		return 0, errNotImplemented
 	}
 	_, mtu, err := so.getMTUInfo(c.Conn)
 	if err != nil {
diff --git a/vendor/golang.org/x/net/ipv6/genericopt.go b/vendor/golang.org/x/net/ipv6/genericopt.go
index 1a18f7549abe5..0326aed6def8b 100644
--- a/vendor/golang.org/x/net/ipv6/genericopt.go
+++ b/vendor/golang.org/x/net/ipv6/genericopt.go
@@ -12,7 +12,7 @@ func (c *genericOpt) TrafficClass() (int, error) {
 	}
 	so, ok := sockOpts[ssoTrafficClass]
 	if !ok {
-		return 0, errOpNoSupport
+		return 0, errNotImplemented
 	}
 	return so.GetInt(c.Conn)
 }
@@ -25,7 +25,7 @@ func (c *genericOpt) SetTrafficClass(tclass int) error {
 	}
 	so, ok := sockOpts[ssoTrafficClass]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.SetInt(c.Conn, tclass)
 }
@@ -37,7 +37,7 @@ func (c *genericOpt) HopLimit() (int, error) {
 	}
 	so, ok := sockOpts[ssoHopLimit]
 	if !ok {
-		return 0, errOpNoSupport
+		return 0, errNotImplemented
 	}
 	return so.GetInt(c.Conn)
 }
@@ -50,7 +50,7 @@ func (c *genericOpt) SetHopLimit(hoplim int) error {
 	}
 	so, ok := sockOpts[ssoHopLimit]
 	if !ok {
-		return errOpNoSupport
+		return errNotImplemented
 	}
 	return so.SetInt(c.Conn, hoplim)
 }
diff --git a/vendor/golang.org/x/net/ipv6/helper.go b/vendor/golang.org/x/net/ipv6/helper.go
index 7ac5352294bdb..c2d508f9c303c 100644
--- a/vendor/golang.org/x/net/ipv6/helper.go
+++ b/vendor/golang.org/x/net/ipv6/helper.go
@@ -7,6 +7,7 @@ package ipv6
 import (
 	"errors"
 	"net"
+	"runtime"
 )
 
 var (
@@ -14,8 +15,7 @@ var (
 	errMissingAddress  = errors.New("missing address")
 	errHeaderTooShort  = errors.New("header too short")
 	errInvalidConnType = errors.New("invalid conn type")
-	errOpNoSupport     = errors.New("operation not supported")
-	errNoSuchInterface = errors.New("no such interface")
+	errNotImplemented  = errors.New("not implemented on " + runtime.GOOS + "/" + runtime.GOARCH)
 )
 
 func boolint(b bool) int {
diff --git a/vendor/golang.org/x/net/ipv6/icmp_bsd.go b/vendor/golang.org/x/net/ipv6/icmp_bsd.go
index e1a791de46ed3..120bf8775839e 100644
--- a/vendor/golang.org/x/net/ipv6/icmp_bsd.go
+++ b/vendor/golang.org/x/net/ipv6/icmp_bsd.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd netbsd openbsd
+//go:build aix || darwin || dragonfly || freebsd || netbsd || openbsd
+// +build aix darwin dragonfly freebsd netbsd openbsd
 
 package ipv6
 
diff --git a/vendor/golang.org/x/net/ipv6/icmp_stub.go b/vendor/golang.org/x/net/ipv6/icmp_stub.go
index c4b9be6dbffb7..d60136a9016eb 100644
--- a/vendor/golang.org/x/net/ipv6/icmp_stub.go
+++ b/vendor/golang.org/x/net/ipv6/icmp_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package ipv6
 
diff --git a/vendor/golang.org/x/net/ipv6/icmp_zos.go b/vendor/golang.org/x/net/ipv6/icmp_zos.go
new file mode 100644
index 0000000000000..ddf8f093fc412
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv6/icmp_zos.go
@@ -0,0 +1,29 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv6
+
+func (f *icmpv6Filter) accept(typ ICMPType) {
+	f.Filt[typ>>5] |= 1 << (uint32(typ) & 31)
+
+}
+
+func (f *icmpv6Filter) block(typ ICMPType) {
+	f.Filt[typ>>5] &^= 1 << (uint32(typ) & 31)
+
+}
+
+func (f *icmpv6Filter) setAll(block bool) {
+	for i := range f.Filt {
+		if block {
+			f.Filt[i] = 0
+		} else {
+			f.Filt[i] = 1<<32 - 1
+		}
+	}
+}
+
+func (f *icmpv6Filter) willBlock(typ ICMPType) bool {
+	return f.Filt[typ>>5]&(1<<(uint32(typ)&31)) == 0
+}
diff --git a/vendor/golang.org/x/net/ipv6/payload_cmsg.go b/vendor/golang.org/x/net/ipv6/payload_cmsg.go
index 3f23b5d21d879..b0692e4304f50 100644
--- a/vendor/golang.org/x/net/ipv6/payload_cmsg.go
+++ b/vendor/golang.org/x/net/ipv6/payload_cmsg.go
@@ -2,11 +2,16 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !js,!nacl,!plan9,!windows
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package ipv6
 
-import "net"
+import (
+	"net"
+
+	"golang.org/x/net/internal/socket"
+)
 
 // ReadFrom reads a payload of the received IPv6 datagram, from the
 // endpoint c, copying the payload into b. It returns the number of
@@ -16,7 +21,32 @@ func (c *payloadHandler) ReadFrom(b []byte) (n int, cm *ControlMessage, src net.
 	if !c.ok() {
 		return 0, nil, nil, errInvalidConn
 	}
-	return c.readFrom(b)
+	c.rawOpt.RLock()
+	m := socket.Message{
+		Buffers: [][]byte{b},
+		OOB:     NewControlMessage(c.rawOpt.cflags),
+	}
+	c.rawOpt.RUnlock()
+	switch c.PacketConn.(type) {
+	case *net.UDPConn:
+		if err := c.RecvMsg(&m, 0); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+	case *net.IPConn:
+		if err := c.RecvMsg(&m, 0); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+	default:
+		return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: errInvalidConnType}
+	}
+	if m.NN > 0 {
+		cm = new(ControlMessage)
+		if err := cm.Parse(m.OOB[:m.NN]); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		cm.Src = netAddrToIP16(m.Addr)
+	}
+	return m.N, cm, m.Addr, nil
 }
 
 // WriteTo writes a payload of the IPv6 datagram, to the destination
@@ -28,5 +58,14 @@ func (c *payloadHandler) WriteTo(b []byte, cm *ControlMessage, dst net.Addr) (n
 	if !c.ok() {
 		return 0, errInvalidConn
 	}
-	return c.writeTo(b, cm, dst)
+	m := socket.Message{
+		Buffers: [][]byte{b},
+		OOB:     cm.Marshal(),
+		Addr:    dst,
+	}
+	err = c.SendMsg(&m, 0)
+	if err != nil {
+		err = &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Addr: opAddr(dst), Err: err}
+	}
+	return m.N, err
 }
diff --git a/vendor/golang.org/x/net/ipv6/payload_cmsg_go1_8.go b/vendor/golang.org/x/net/ipv6/payload_cmsg_go1_8.go
deleted file mode 100644
index bc4209db70f68..0000000000000
--- a/vendor/golang.org/x/net/ipv6/payload_cmsg_go1_8.go
+++ /dev/null
@@ -1,55 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.9
-// +build !js,!nacl,!plan9,!windows
-
-package ipv6
-
-import "net"
-
-func (c *payloadHandler) readFrom(b []byte) (n int, cm *ControlMessage, src net.Addr, err error) {
-	c.rawOpt.RLock()
-	oob := NewControlMessage(c.rawOpt.cflags)
-	c.rawOpt.RUnlock()
-	var nn int
-	switch c := c.PacketConn.(type) {
-	case *net.UDPConn:
-		if n, nn, _, src, err = c.ReadMsgUDP(b, oob); err != nil {
-			return 0, nil, nil, err
-		}
-	case *net.IPConn:
-		if n, nn, _, src, err = c.ReadMsgIP(b, oob); err != nil {
-			return 0, nil, nil, err
-		}
-	default:
-		return 0, nil, nil, &net.OpError{Op: "read", Net: c.LocalAddr().Network(), Source: c.LocalAddr(), Err: errInvalidConnType}
-	}
-	if nn > 0 {
-		cm = new(ControlMessage)
-		if err = cm.Parse(oob[:nn]); err != nil {
-			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
-		}
-	}
-	if cm != nil {
-		cm.Src = netAddrToIP16(src)
-	}
-	return
-}
-
-func (c *payloadHandler) writeTo(b []byte, cm *ControlMessage, dst net.Addr) (n int, err error) {
-	oob := cm.Marshal()
-	if dst == nil {
-		return 0, &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: errMissingAddress}
-	}
-	switch c := c.PacketConn.(type) {
-	case *net.UDPConn:
-		n, _, err = c.WriteMsgUDP(b, oob, dst.(*net.UDPAddr))
-	case *net.IPConn:
-		n, _, err = c.WriteMsgIP(b, oob, dst.(*net.IPAddr))
-	default:
-		return 0, &net.OpError{Op: "write", Net: c.LocalAddr().Network(), Source: c.LocalAddr(), Addr: opAddr(dst), Err: errInvalidConnType}
-	}
-	return
-}
diff --git a/vendor/golang.org/x/net/ipv6/payload_cmsg_go1_9.go b/vendor/golang.org/x/net/ipv6/payload_cmsg_go1_9.go
deleted file mode 100644
index 7dd6504802410..0000000000000
--- a/vendor/golang.org/x/net/ipv6/payload_cmsg_go1_9.go
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.9
-// +build !js,!nacl,!plan9,!windows
-
-package ipv6
-
-import (
-	"net"
-
-	"golang.org/x/net/internal/socket"
-)
-
-func (c *payloadHandler) readFrom(b []byte) (int, *ControlMessage, net.Addr, error) {
-	c.rawOpt.RLock()
-	m := socket.Message{
-		Buffers: [][]byte{b},
-		OOB:     NewControlMessage(c.rawOpt.cflags),
-	}
-	c.rawOpt.RUnlock()
-	switch c.PacketConn.(type) {
-	case *net.UDPConn:
-		if err := c.RecvMsg(&m, 0); err != nil {
-			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
-		}
-	case *net.IPConn:
-		if err := c.RecvMsg(&m, 0); err != nil {
-			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
-		}
-	default:
-		return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: errInvalidConnType}
-	}
-	var cm *ControlMessage
-	if m.NN > 0 {
-		cm = new(ControlMessage)
-		if err := cm.Parse(m.OOB[:m.NN]); err != nil {
-			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
-		}
-		cm.Src = netAddrToIP16(m.Addr)
-	}
-	return m.N, cm, m.Addr, nil
-}
-
-func (c *payloadHandler) writeTo(b []byte, cm *ControlMessage, dst net.Addr) (int, error) {
-	m := socket.Message{
-		Buffers: [][]byte{b},
-		OOB:     cm.Marshal(),
-		Addr:    dst,
-	}
-	err := c.SendMsg(&m, 0)
-	if err != nil {
-		err = &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Addr: opAddr(dst), Err: err}
-	}
-	return m.N, err
-}
diff --git a/vendor/golang.org/x/net/ipv6/payload_nocmsg.go b/vendor/golang.org/x/net/ipv6/payload_nocmsg.go
index 459142d264211..cd0ff508388d5 100644
--- a/vendor/golang.org/x/net/ipv6/payload_nocmsg.go
+++ b/vendor/golang.org/x/net/ipv6/payload_nocmsg.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build js nacl plan9 windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
 
 package ipv6
 
diff --git a/vendor/golang.org/x/net/ipv6/sockopt_posix.go b/vendor/golang.org/x/net/ipv6/sockopt_posix.go
index 0eac86eb8ccd7..37c6287130ffb 100644
--- a/vendor/golang.org/x/net/ipv6/sockopt_posix.go
+++ b/vendor/golang.org/x/net/ipv6/sockopt_posix.go
@@ -2,12 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris windows
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || windows || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris windows zos
 
 package ipv6
 
 import (
 	"net"
+	"runtime"
 	"unsafe"
 
 	"golang.org/x/net/bpf"
@@ -37,7 +39,7 @@ func (so *sockOpt) getICMPFilter(c *socket.Conn) (*ICMPFilter, error) {
 		return nil, err
 	}
 	if n != sizeofICMPv6Filter {
-		return nil, errOpNoSupport
+		return nil, errNotImplemented
 	}
 	return (*ICMPFilter)(unsafe.Pointer(&b[0])), nil
 }
@@ -54,10 +56,11 @@ func (so *sockOpt) getMTUInfo(c *socket.Conn) (*net.Interface, int, error) {
 		return nil, 0, err
 	}
 	if n != sizeofIPv6Mtuinfo {
-		return nil, 0, errOpNoSupport
+		return nil, 0, errNotImplemented
 	}
 	mi := (*ipv6Mtuinfo)(unsafe.Pointer(&b[0]))
-	if mi.Addr.Scope_id == 0 {
+	if mi.Addr.Scope_id == 0 || runtime.GOOS == "aix" {
+		// AIX kernel might return a wrong address.
 		return nil, int(mi.Mtu), nil
 	}
 	ifi, err := net.InterfaceByIndex(int(mi.Addr.Scope_id))
@@ -74,7 +77,7 @@ func (so *sockOpt) setGroup(c *socket.Conn, ifi *net.Interface, grp net.IP) erro
 	case ssoTypeGroupReq:
 		return so.setGroupReq(c, ifi, grp)
 	default:
-		return errOpNoSupport
+		return errNotImplemented
 	}
 }
 
diff --git a/vendor/golang.org/x/net/ipv6/sockopt_stub.go b/vendor/golang.org/x/net/ipv6/sockopt_stub.go
index 1f4a273e44529..32fd8664ceb88 100644
--- a/vendor/golang.org/x/net/ipv6/sockopt_stub.go
+++ b/vendor/golang.org/x/net/ipv6/sockopt_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package ipv6
 
@@ -14,33 +15,33 @@ import (
 )
 
 func (so *sockOpt) getMulticastInterface(c *socket.Conn) (*net.Interface, error) {
-	return nil, errOpNoSupport
+	return nil, errNotImplemented
 }
 
 func (so *sockOpt) setMulticastInterface(c *socket.Conn, ifi *net.Interface) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) getICMPFilter(c *socket.Conn) (*ICMPFilter, error) {
-	return nil, errOpNoSupport
+	return nil, errNotImplemented
 }
 
 func (so *sockOpt) setICMPFilter(c *socket.Conn, f *ICMPFilter) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) getMTUInfo(c *socket.Conn) (*net.Interface, int, error) {
-	return nil, 0, errOpNoSupport
+	return nil, 0, errNotImplemented
 }
 
 func (so *sockOpt) setGroup(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) setSourceGroup(c *socket.Conn, ifi *net.Interface, grp, src net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) setBPF(c *socket.Conn, f []bpf.RawInstruction) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv6/sys_aix.go b/vendor/golang.org/x/net/ipv6/sys_aix.go
new file mode 100644
index 0000000000000..29c5c0e4f9155
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv6/sys_aix.go
@@ -0,0 +1,78 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Added for go1.11 compatibility
+//go:build aix
+// +build aix
+
+package ipv6
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTrafficClass: {sysIPV6_TCLASS, 4, marshalTrafficClass, parseTrafficClass},
+		ctlHopLimit:     {sysIPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
+		ctlPacketInfo:   {sysIPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
+		ctlNextHop:      {sysIPV6_NEXTHOP, sizeofSockaddrInet6, marshalNextHop, parseNextHop},
+		ctlPathMTU:      {sysIPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTrafficClass:        {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_TCLASS, Len: 4}},
+		ssoHopLimit:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_UNICAST_HOPS, Len: 4}},
+		ssoMulticastInterface:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_IF, Len: 4}},
+		ssoMulticastHopLimit:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_HOPS, Len: 4}},
+		ssoMulticastLoopback:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_LOOP, Len: 4}},
+		ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVTCLASS, Len: 4}},
+		ssoReceiveHopLimit:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVHOPLIMIT, Len: 4}},
+		ssoReceivePacketInfo:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPKTINFO, Len: 4}},
+		ssoReceivePathMTU:      {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPATHMTU, Len: 4}},
+		ssoPathMTU:             {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_PATHMTU, Len: sizeofIPv6Mtuinfo}},
+		ssoChecksum:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_CHECKSUM, Len: 4}},
+		ssoICMPFilter:          {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: sysICMP6_FILTER, Len: sizeofICMPv6Filter}},
+		ssoJoinGroup:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_JOIN_GROUP, Len: sizeofIPv6Mreq}, typ: ssoTypeIPMreq},
+		ssoLeaveGroup:          {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_LEAVE_GROUP, Len: sizeofIPv6Mreq}, typ: ssoTypeIPMreq},
+	}
+)
+
+func (sa *sockaddrInet6) setSockaddr(ip net.IP, i int) {
+	sa.Len = sizeofSockaddrInet6
+	sa.Family = syscall.AF_INET6
+	copy(sa.Addr[:], ip)
+	sa.Scope_id = uint32(i)
+}
+
+func (pi *inet6Pktinfo) setIfindex(i int) {
+	pi.Ifindex = int32(i)
+}
+
+func (mreq *ipv6Mreq) setIfindex(i int) {
+	mreq.Interface = uint32(i)
+}
+
+func (gr *groupReq) setGroup(grp net.IP) {
+	sa := (*sockaddrInet6)(unsafe.Pointer(uintptr(unsafe.Pointer(gr)) + 4))
+	sa.Len = sizeofSockaddrInet6
+	sa.Family = syscall.AF_INET6
+	copy(sa.Addr[:], grp)
+}
+
+func (gsr *groupSourceReq) setSourceGroup(grp, src net.IP) {
+	sa := (*sockaddrInet6)(unsafe.Pointer(uintptr(unsafe.Pointer(gsr)) + 4))
+	sa.Len = sizeofSockaddrInet6
+	sa.Family = syscall.AF_INET6
+	copy(sa.Addr[:], grp)
+	sa = (*sockaddrInet6)(unsafe.Pointer(uintptr(unsafe.Pointer(gsr)) + 132))
+	sa.Len = sizeofSockaddrInet6
+	sa.Family = syscall.AF_INET6
+	copy(sa.Addr[:], src)
+}
diff --git a/vendor/golang.org/x/net/ipv6/sys_asmreq.go b/vendor/golang.org/x/net/ipv6/sys_asmreq.go
index b0510c0b5d5e0..6ff9950d13586 100644
--- a/vendor/golang.org/x/net/ipv6/sys_asmreq.go
+++ b/vendor/golang.org/x/net/ipv6/sys_asmreq.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris windows
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || windows
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris windows
 
 package ipv6
 
diff --git a/vendor/golang.org/x/net/ipv6/sys_asmreq_stub.go b/vendor/golang.org/x/net/ipv6/sys_asmreq_stub.go
index eece96187b8f5..485290cb824b4 100644
--- a/vendor/golang.org/x/net/ipv6/sys_asmreq_stub.go
+++ b/vendor/golang.org/x/net/ipv6/sys_asmreq_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
 
 package ipv6
 
@@ -13,5 +14,5 @@ import (
 )
 
 func (so *sockOpt) setIPMreq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv6/sys_bpf.go b/vendor/golang.org/x/net/ipv6/sys_bpf.go
index b2dbcb2f28651..b5661fb8f066b 100644
--- a/vendor/golang.org/x/net/ipv6/sys_bpf.go
+++ b/vendor/golang.org/x/net/ipv6/sys_bpf.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux
 // +build linux
 
 package ipv6
@@ -11,13 +12,14 @@ import (
 
 	"golang.org/x/net/bpf"
 	"golang.org/x/net/internal/socket"
+	"golang.org/x/sys/unix"
 )
 
 func (so *sockOpt) setAttachFilter(c *socket.Conn, f []bpf.RawInstruction) error {
-	prog := sockFProg{
+	prog := unix.SockFprog{
 		Len:    uint16(len(f)),
-		Filter: (*sockFilter)(unsafe.Pointer(&f[0])),
+		Filter: (*unix.SockFilter)(unsafe.Pointer(&f[0])),
 	}
-	b := (*[sizeofSockFprog]byte)(unsafe.Pointer(&prog))[:sizeofSockFprog]
+	b := (*[unix.SizeofSockFprog]byte)(unsafe.Pointer(&prog))[:unix.SizeofSockFprog]
 	return so.Set(c, b)
 }
diff --git a/vendor/golang.org/x/net/ipv6/sys_bpf_stub.go b/vendor/golang.org/x/net/ipv6/sys_bpf_stub.go
index 676bea555f0f2..cb006618720ac 100644
--- a/vendor/golang.org/x/net/ipv6/sys_bpf_stub.go
+++ b/vendor/golang.org/x/net/ipv6/sys_bpf_stub.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !linux
 // +build !linux
 
 package ipv6
@@ -12,5 +13,5 @@ import (
 )
 
 func (so *sockOpt) setAttachFilter(c *socket.Conn, f []bpf.RawInstruction) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv6/sys_bsd.go b/vendor/golang.org/x/net/ipv6/sys_bsd.go
index e416eaa1fe4a1..63e5ee2d599dd 100644
--- a/vendor/golang.org/x/net/ipv6/sys_bsd.go
+++ b/vendor/golang.org/x/net/ipv6/sys_bsd.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build dragonfly || netbsd || openbsd
 // +build dragonfly netbsd openbsd
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/sys_darwin.go b/vendor/golang.org/x/net/ipv6/sys_darwin.go
index e3d04439275d6..12cc5cb2c1e2e 100644
--- a/vendor/golang.org/x/net/ipv6/sys_darwin.go
+++ b/vendor/golang.org/x/net/ipv6/sys_darwin.go
@@ -6,8 +6,6 @@ package ipv6
 
 import (
 	"net"
-	"strconv"
-	"strings"
 	"syscall"
 	"unsafe"
 
@@ -17,61 +15,35 @@ import (
 
 var (
 	ctlOpts = [ctlMax]ctlOpt{
-		ctlHopLimit:   {sysIPV6_2292HOPLIMIT, 4, marshal2292HopLimit, parseHopLimit},
-		ctlPacketInfo: {sysIPV6_2292PKTINFO, sizeofInet6Pktinfo, marshal2292PacketInfo, parsePacketInfo},
+		ctlTrafficClass: {sysIPV6_TCLASS, 4, marshalTrafficClass, parseTrafficClass},
+		ctlHopLimit:     {sysIPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
+		ctlPacketInfo:   {sysIPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
+		ctlNextHop:      {sysIPV6_NEXTHOP, sizeofSockaddrInet6, marshalNextHop, parseNextHop},
+		ctlPathMTU:      {sysIPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
 	}
 
 	sockOpts = map[int]*sockOpt{
-		ssoHopLimit:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_UNICAST_HOPS, Len: 4}},
-		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_IF, Len: 4}},
-		ssoMulticastHopLimit:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_HOPS, Len: 4}},
-		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_LOOP, Len: 4}},
-		ssoReceiveHopLimit:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_2292HOPLIMIT, Len: 4}},
-		ssoReceivePacketInfo:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_2292PKTINFO, Len: 4}},
-		ssoChecksum:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_CHECKSUM, Len: 4}},
-		ssoICMPFilter:         {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: sysICMP6_FILTER, Len: sizeofICMPv6Filter}},
-		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_JOIN_GROUP, Len: sizeofIPv6Mreq}, typ: ssoTypeIPMreq},
-		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_LEAVE_GROUP, Len: sizeofIPv6Mreq}, typ: ssoTypeIPMreq},
+		ssoHopLimit:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_UNICAST_HOPS, Len: 4}},
+		ssoMulticastInterface:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_IF, Len: 4}},
+		ssoMulticastHopLimit:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_HOPS, Len: 4}},
+		ssoMulticastLoopback:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_LOOP, Len: 4}},
+		ssoTrafficClass:        {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_TCLASS, Len: 4}},
+		ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVTCLASS, Len: 4}},
+		ssoReceiveHopLimit:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVHOPLIMIT, Len: 4}},
+		ssoReceivePacketInfo:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPKTINFO, Len: 4}},
+		ssoReceivePathMTU:      {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPATHMTU, Len: 4}},
+		ssoPathMTU:             {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_PATHMTU, Len: sizeofIPv6Mtuinfo}},
+		ssoChecksum:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_CHECKSUM, Len: 4}},
+		ssoICMPFilter:          {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: sysICMP6_FILTER, Len: sizeofICMPv6Filter}},
+		ssoJoinGroup:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:          {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
 	}
 )
 
-func init() {
-	// Seems like kern.osreldate is veiled on latest OS X. We use
-	// kern.osrelease instead.
-	s, err := syscall.Sysctl("kern.osrelease")
-	if err != nil {
-		return
-	}
-	ss := strings.Split(s, ".")
-	if len(ss) == 0 {
-		return
-	}
-	// The IP_PKTINFO and protocol-independent multicast API were
-	// introduced in OS X 10.7 (Darwin 11). But it looks like
-	// those features require OS X 10.8 (Darwin 12) or above.
-	// See http://support.apple.com/kb/HT1633.
-	if mjver, err := strconv.Atoi(ss[0]); err != nil || mjver < 12 {
-		return
-	}
-	ctlOpts[ctlTrafficClass] = ctlOpt{sysIPV6_TCLASS, 4, marshalTrafficClass, parseTrafficClass}
-	ctlOpts[ctlHopLimit] = ctlOpt{sysIPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit}
-	ctlOpts[ctlPacketInfo] = ctlOpt{sysIPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo}
-	ctlOpts[ctlNextHop] = ctlOpt{sysIPV6_NEXTHOP, sizeofSockaddrInet6, marshalNextHop, parseNextHop}
-	ctlOpts[ctlPathMTU] = ctlOpt{sysIPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU}
-	sockOpts[ssoTrafficClass] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_TCLASS, Len: 4}}
-	sockOpts[ssoReceiveTrafficClass] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVTCLASS, Len: 4}}
-	sockOpts[ssoReceiveHopLimit] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVHOPLIMIT, Len: 4}}
-	sockOpts[ssoReceivePacketInfo] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPKTINFO, Len: 4}}
-	sockOpts[ssoReceivePathMTU] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPATHMTU, Len: 4}}
-	sockOpts[ssoPathMTU] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_PATHMTU, Len: sizeofIPv6Mtuinfo}}
-	sockOpts[ssoJoinGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq}
-	sockOpts[ssoLeaveGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq}
-	sockOpts[ssoJoinSourceGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq}
-	sockOpts[ssoLeaveSourceGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq}
-	sockOpts[ssoBlockSourceGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq}
-	sockOpts[ssoUnblockSourceGroup] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq}
-}
-
 func (sa *sockaddrInet6) setSockaddr(ip net.IP, i int) {
 	sa.Len = sizeofSockaddrInet6
 	sa.Family = syscall.AF_INET6
diff --git a/vendor/golang.org/x/net/ipv6/sys_freebsd.go b/vendor/golang.org/x/net/ipv6/sys_freebsd.go
index e9349dc2cc20d..85a9f5d07de48 100644
--- a/vendor/golang.org/x/net/ipv6/sys_freebsd.go
+++ b/vendor/golang.org/x/net/ipv6/sys_freebsd.go
@@ -51,7 +51,7 @@ func init() {
 		archs, _ := syscall.Sysctl("kern.supported_archs")
 		for _, s := range strings.Fields(archs) {
 			if s == "amd64" {
-				freebsd32o64 = true
+				compatFreeBSD32 = true
 				break
 			}
 		}
diff --git a/vendor/golang.org/x/net/ipv6/sys_linux.go b/vendor/golang.org/x/net/ipv6/sys_linux.go
index bc218103c11dd..96e8093a307d1 100644
--- a/vendor/golang.org/x/net/ipv6/sys_linux.go
+++ b/vendor/golang.org/x/net/ipv6/sys_linux.go
@@ -11,6 +11,7 @@ import (
 
 	"golang.org/x/net/internal/iana"
 	"golang.org/x/net/internal/socket"
+	"golang.org/x/sys/unix"
 )
 
 var (
@@ -40,7 +41,7 @@ var (
 		ssoLeaveSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
 		ssoBlockSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
 		ssoUnblockSourceGroup:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
-		ssoAttachFilter:        {Option: socket.Option{Level: sysSOL_SOCKET, Name: sysSO_ATTACH_FILTER, Len: sizeofSockFprog}},
+		ssoAttachFilter:        {Option: socket.Option{Level: unix.SOL_SOCKET, Name: unix.SO_ATTACH_FILTER, Len: unix.SizeofSockFprog}},
 	}
 )
 
diff --git a/vendor/golang.org/x/net/ipv6/sys_ssmreq.go b/vendor/golang.org/x/net/ipv6/sys_ssmreq.go
index add8ccc0b1b19..023488a49cde0 100644
--- a/vendor/golang.org/x/net/ipv6/sys_ssmreq.go
+++ b/vendor/golang.org/x/net/ipv6/sys_ssmreq.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin freebsd linux solaris
+//go:build aix || darwin || freebsd || linux || solaris || zos
+// +build aix darwin freebsd linux solaris zos
 
 package ipv6
 
@@ -13,7 +14,7 @@ import (
 	"golang.org/x/net/internal/socket"
 )
 
-var freebsd32o64 bool
+var compatFreeBSD32 bool // 386 emulation on amd64
 
 func (so *sockOpt) setGroupReq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
 	var gr groupReq
@@ -22,7 +23,7 @@ func (so *sockOpt) setGroupReq(c *socket.Conn, ifi *net.Interface, grp net.IP) e
 	}
 	gr.setGroup(grp)
 	var b []byte
-	if freebsd32o64 {
+	if compatFreeBSD32 {
 		var d [sizeofGroupReq + 4]byte
 		s := (*[sizeofGroupReq]byte)(unsafe.Pointer(&gr))
 		copy(d[:4], s[:4])
@@ -41,7 +42,7 @@ func (so *sockOpt) setGroupSourceReq(c *socket.Conn, ifi *net.Interface, grp, sr
 	}
 	gsr.setSourceGroup(grp, src)
 	var b []byte
-	if freebsd32o64 {
+	if compatFreeBSD32 {
 		var d [sizeofGroupSourceReq + 4]byte
 		s := (*[sizeofGroupSourceReq]byte)(unsafe.Pointer(&gsr))
 		copy(d[:4], s[:4])
diff --git a/vendor/golang.org/x/net/ipv6/sys_ssmreq_stub.go b/vendor/golang.org/x/net/ipv6/sys_ssmreq_stub.go
index 581ee490ff210..acdf2e5cf7c42 100644
--- a/vendor/golang.org/x/net/ipv6/sys_ssmreq_stub.go
+++ b/vendor/golang.org/x/net/ipv6/sys_ssmreq_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!freebsd,!linux,!solaris
+//go:build !aix && !darwin && !freebsd && !linux && !solaris && !zos
+// +build !aix,!darwin,!freebsd,!linux,!solaris,!zos
 
 package ipv6
 
@@ -13,9 +14,9 @@ import (
 )
 
 func (so *sockOpt) setGroupReq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
 
 func (so *sockOpt) setGroupSourceReq(c *socket.Conn, ifi *net.Interface, grp, src net.IP) error {
-	return errOpNoSupport
+	return errNotImplemented
 }
diff --git a/vendor/golang.org/x/net/ipv6/sys_stub.go b/vendor/golang.org/x/net/ipv6/sys_stub.go
index b845388ea4a3e..5807bba39266c 100644
--- a/vendor/golang.org/x/net/ipv6/sys_stub.go
+++ b/vendor/golang.org/x/net/ipv6/sys_stub.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
 
 package ipv6
 
diff --git a/vendor/golang.org/x/net/ipv6/sys_zos.go b/vendor/golang.org/x/net/ipv6/sys_zos.go
new file mode 100644
index 0000000000000..d4567f908fa89
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv6/sys_zos.go
@@ -0,0 +1,70 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv6
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlHopLimit:   {sysIPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
+		ctlPacketInfo: {sysIPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
+		ctlPathMTU:    {sysIPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTrafficClass:        {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_TCLASS, Len: 4}},
+		ssoHopLimit:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_UNICAST_HOPS, Len: 4}},
+		ssoMulticastInterface:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_IF, Len: 4}},
+		ssoMulticastHopLimit:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_HOPS, Len: 4}},
+		ssoMulticastLoopback:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_LOOP, Len: 4}},
+		ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVTCLASS, Len: 4}},
+		ssoReceiveHopLimit:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVHOPLIMIT, Len: 4}},
+		ssoReceivePacketInfo:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPKTINFO, Len: 4}},
+		ssoReceivePathMTU:      {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPATHMTU, Len: 4}},
+		ssoChecksum:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_CHECKSUM, Len: 4}},
+		ssoICMPFilter:          {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: sysICMP6_FILTER, Len: sizeofICMPv6Filter}},
+		ssoJoinGroup:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:          {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+	}
+)
+
+func (sa *sockaddrInet6) setSockaddr(ip net.IP, i int) {
+	sa.Family = syscall.AF_INET6
+	copy(sa.Addr[:], ip)
+	sa.Scope_id = uint32(i)
+}
+
+func (pi *inet6Pktinfo) setIfindex(i int) {
+	pi.Ifindex = uint32(i)
+}
+
+func (gr *groupReq) setGroup(grp net.IP) {
+	sa := (*sockaddrInet6)(unsafe.Pointer(&gr.Group))
+	sa.Family = syscall.AF_INET6
+	sa.Len = sizeofSockaddrInet6
+	copy(sa.Addr[:], grp)
+}
+
+func (gsr *groupSourceReq) setSourceGroup(grp, src net.IP) {
+	sa := (*sockaddrInet6)(unsafe.Pointer(&gsr.Group))
+	sa.Family = syscall.AF_INET6
+	sa.Len = sizeofSockaddrInet6
+	copy(sa.Addr[:], grp)
+	sa = (*sockaddrInet6)(unsafe.Pointer(&gsr.Source))
+	sa.Family = syscall.AF_INET6
+	sa.Len = sizeofSockaddrInet6
+	copy(sa.Addr[:], src)
+}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_aix_ppc64.go b/vendor/golang.org/x/net/ipv6/zsys_aix_ppc64.go
new file mode 100644
index 0000000000000..75e2dd99486da
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv6/zsys_aix_ppc64.go
@@ -0,0 +1,104 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_aix.go
+
+// Added for go1.11 compatibility
+//go:build aix
+// +build aix
+
+package ipv6
+
+const (
+	sysIPV6_UNICAST_HOPS   = 0x4
+	sysIPV6_MULTICAST_IF   = 0x9
+	sysIPV6_MULTICAST_HOPS = 0xa
+	sysIPV6_MULTICAST_LOOP = 0xb
+	sysIPV6_JOIN_GROUP     = 0xc
+	sysIPV6_LEAVE_GROUP    = 0xd
+	sysICMP6_FILTER        = 0x26
+
+	sysIPV6_CHECKSUM = 0x27
+	sysIPV6_V6ONLY   = 0x25
+
+	sysIPV6_RTHDRDSTOPTS = 0x37
+
+	sysIPV6_RECVPKTINFO  = 0x23
+	sysIPV6_RECVHOPLIMIT = 0x29
+	sysIPV6_RECVRTHDR    = 0x33
+	sysIPV6_RECVHOPOPTS  = 0x35
+	sysIPV6_RECVDSTOPTS  = 0x38
+
+	sysIPV6_USE_MIN_MTU = 0x2c
+	sysIPV6_RECVPATHMTU = 0x2f
+	sysIPV6_PATHMTU     = 0x2e
+
+	sysIPV6_PKTINFO  = 0x21
+	sysIPV6_HOPLIMIT = 0x28
+	sysIPV6_NEXTHOP  = 0x30
+	sysIPV6_HOPOPTS  = 0x34
+	sysIPV6_DSTOPTS  = 0x36
+	sysIPV6_RTHDR    = 0x32
+
+	sysIPV6_RECVTCLASS = 0x2a
+
+	sysIPV6_TCLASS   = 0x2b
+	sysIPV6_DONTFRAG = 0x2d
+
+	sizeofSockaddrStorage = 0x508
+	sizeofSockaddrInet6   = 0x1c
+	sizeofInet6Pktinfo    = 0x14
+	sizeofIPv6Mtuinfo     = 0x20
+
+	sizeofIPv6Mreq       = 0x14
+	sizeofGroupReq       = 0x510
+	sizeofGroupSourceReq = 0xa18
+
+	sizeofICMPv6Filter = 0x20
+)
+
+type sockaddrStorage struct {
+	X__ss_len   uint8
+	Family      uint8
+	X__ss_pad1  [6]uint8
+	X__ss_align int64
+	X__ss_pad2  [1265]uint8
+	Pad_cgo_0   [7]byte
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex int32
+}
+
+type ipv6Mtuinfo struct {
+	Addr sockaddrInet6
+	Mtu  uint32
+}
+
+type ipv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type icmpv6Filter struct {
+	Filt [8]uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_darwin.go b/vendor/golang.org/x/net/ipv6/zsys_darwin.go
index 6aab1dfab7cb4..555744afd71ad 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_darwin.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_darwin.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_darwin.go
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/zsys_dragonfly.go b/vendor/golang.org/x/net/ipv6/zsys_dragonfly.go
index d2de804d88c3b..cf3cc1024acb1 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_dragonfly.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_dragonfly.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_dragonfly.go
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/zsys_freebsd_386.go b/vendor/golang.org/x/net/ipv6/zsys_freebsd_386.go
index 919e572d4a101..73f31b260ea18 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_freebsd_386.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_freebsd_386.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/zsys_freebsd_amd64.go b/vendor/golang.org/x/net/ipv6/zsys_freebsd_amd64.go
index cb8141f9c65e3..490ce7cf1044c 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_freebsd_amd64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_freebsd_amd64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm.go b/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm.go
index cb8141f9c65e3..490ce7cf1044c 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm64.go b/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm64.go
new file mode 100644
index 0000000000000..47e99ac9d304e
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm64.go
@@ -0,0 +1,122 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package ipv6
+
+const (
+	sysIPV6_UNICAST_HOPS   = 0x4
+	sysIPV6_MULTICAST_IF   = 0x9
+	sysIPV6_MULTICAST_HOPS = 0xa
+	sysIPV6_MULTICAST_LOOP = 0xb
+	sysIPV6_JOIN_GROUP     = 0xc
+	sysIPV6_LEAVE_GROUP    = 0xd
+	sysIPV6_PORTRANGE      = 0xe
+	sysICMP6_FILTER        = 0x12
+
+	sysIPV6_CHECKSUM = 0x1a
+	sysIPV6_V6ONLY   = 0x1b
+
+	sysIPV6_IPSEC_POLICY = 0x1c
+
+	sysIPV6_RTHDRDSTOPTS = 0x23
+
+	sysIPV6_RECVPKTINFO  = 0x24
+	sysIPV6_RECVHOPLIMIT = 0x25
+	sysIPV6_RECVRTHDR    = 0x26
+	sysIPV6_RECVHOPOPTS  = 0x27
+	sysIPV6_RECVDSTOPTS  = 0x28
+
+	sysIPV6_USE_MIN_MTU = 0x2a
+	sysIPV6_RECVPATHMTU = 0x2b
+
+	sysIPV6_PATHMTU = 0x2c
+
+	sysIPV6_PKTINFO  = 0x2e
+	sysIPV6_HOPLIMIT = 0x2f
+	sysIPV6_NEXTHOP  = 0x30
+	sysIPV6_HOPOPTS  = 0x31
+	sysIPV6_DSTOPTS  = 0x32
+	sysIPV6_RTHDR    = 0x33
+
+	sysIPV6_RECVTCLASS = 0x39
+
+	sysIPV6_AUTOFLOWLABEL = 0x3b
+
+	sysIPV6_TCLASS   = 0x3d
+	sysIPV6_DONTFRAG = 0x3e
+
+	sysIPV6_PREFER_TEMPADDR = 0x3f
+
+	sysIPV6_BINDANY = 0x40
+
+	sysIPV6_MSFILTER = 0x4a
+
+	sysMCAST_JOIN_GROUP         = 0x50
+	sysMCAST_LEAVE_GROUP        = 0x51
+	sysMCAST_JOIN_SOURCE_GROUP  = 0x52
+	sysMCAST_LEAVE_SOURCE_GROUP = 0x53
+	sysMCAST_BLOCK_SOURCE       = 0x54
+	sysMCAST_UNBLOCK_SOURCE     = 0x55
+
+	sysIPV6_PORTRANGE_DEFAULT = 0x0
+	sysIPV6_PORTRANGE_HIGH    = 0x1
+	sysIPV6_PORTRANGE_LOW     = 0x2
+
+	sizeofSockaddrStorage = 0x80
+	sizeofSockaddrInet6   = 0x1c
+	sizeofInet6Pktinfo    = 0x14
+	sizeofIPv6Mtuinfo     = 0x20
+
+	sizeofIPv6Mreq       = 0x14
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPv6Filter = 0x20
+)
+
+type sockaddrStorage struct {
+	Len         uint8
+	Family      uint8
+	X__ss_pad1  [6]uint8
+	X__ss_align int64
+	X__ss_pad2  [112]uint8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type ipv6Mtuinfo struct {
+	Addr sockaddrInet6
+	Mtu  uint32
+}
+
+type ipv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
+
+type icmpv6Filter struct {
+	Filt [8]uint32
+}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_386.go b/vendor/golang.org/x/net/ipv6/zsys_linux_386.go
index 73aa8c6dfce03..bde4a8f8f5d2f 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_386.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_386.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -155,16 +150,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_amd64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_amd64.go
index b64f0157d7a45..992ac9ec5f2cd 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_amd64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_amd64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -157,16 +152,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_arm.go b/vendor/golang.org/x/net/ipv6/zsys_linux_arm.go
index 73aa8c6dfce03..bde4a8f8f5d2f 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_arm.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_arm.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -155,16 +150,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_arm64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_arm64.go
index b64f0157d7a45..992ac9ec5f2cd 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_arm64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_arm64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -157,16 +152,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_mips.go b/vendor/golang.org/x/net/ipv6/zsys_linux_mips.go
index 73aa8c6dfce03..bde4a8f8f5d2f 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_mips.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_mips.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -155,16 +150,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_mips64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_mips64.go
index b64f0157d7a45..992ac9ec5f2cd 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_mips64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_mips64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -157,16 +152,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_mips64le.go b/vendor/golang.org/x/net/ipv6/zsys_linux_mips64le.go
index b64f0157d7a45..992ac9ec5f2cd 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_mips64le.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_mips64le.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -157,16 +152,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_mipsle.go b/vendor/golang.org/x/net/ipv6/zsys_linux_mipsle.go
index 73aa8c6dfce03..bde4a8f8f5d2f 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_mipsle.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_mipsle.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -155,16 +150,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc.go b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc.go
index c9bf6a87ef737..66fd236121047 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x104
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x8
 )
 
 type kernelSockaddrStorage struct {
@@ -155,16 +150,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [2]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64.go
index b64f0157d7a45..992ac9ec5f2cd 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -157,16 +152,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64le.go b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64le.go
index b64f0157d7a45..992ac9ec5f2cd 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64le.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64le.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -157,16 +152,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_riscv64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_riscv64.go
new file mode 100644
index 0000000000000..2072c313e9c92
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_riscv64.go
@@ -0,0 +1,157 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+//go:build riscv64
+// +build riscv64
+
+package ipv6
+
+const (
+	sysIPV6_ADDRFORM       = 0x1
+	sysIPV6_2292PKTINFO    = 0x2
+	sysIPV6_2292HOPOPTS    = 0x3
+	sysIPV6_2292DSTOPTS    = 0x4
+	sysIPV6_2292RTHDR      = 0x5
+	sysIPV6_2292PKTOPTIONS = 0x6
+	sysIPV6_CHECKSUM       = 0x7
+	sysIPV6_2292HOPLIMIT   = 0x8
+	sysIPV6_NEXTHOP        = 0x9
+	sysIPV6_FLOWINFO       = 0xb
+
+	sysIPV6_UNICAST_HOPS        = 0x10
+	sysIPV6_MULTICAST_IF        = 0x11
+	sysIPV6_MULTICAST_HOPS      = 0x12
+	sysIPV6_MULTICAST_LOOP      = 0x13
+	sysIPV6_ADD_MEMBERSHIP      = 0x14
+	sysIPV6_DROP_MEMBERSHIP     = 0x15
+	sysMCAST_JOIN_GROUP         = 0x2a
+	sysMCAST_LEAVE_GROUP        = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP  = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP = 0x2f
+	sysMCAST_BLOCK_SOURCE       = 0x2b
+	sysMCAST_UNBLOCK_SOURCE     = 0x2c
+	sysMCAST_MSFILTER           = 0x30
+	sysIPV6_ROUTER_ALERT        = 0x16
+	sysIPV6_MTU_DISCOVER        = 0x17
+	sysIPV6_MTU                 = 0x18
+	sysIPV6_RECVERR             = 0x19
+	sysIPV6_V6ONLY              = 0x1a
+	sysIPV6_JOIN_ANYCAST        = 0x1b
+	sysIPV6_LEAVE_ANYCAST       = 0x1c
+
+	sysIPV6_FLOWLABEL_MGR = 0x20
+	sysIPV6_FLOWINFO_SEND = 0x21
+
+	sysIPV6_IPSEC_POLICY = 0x22
+	sysIPV6_XFRM_POLICY  = 0x23
+
+	sysIPV6_RECVPKTINFO  = 0x31
+	sysIPV6_PKTINFO      = 0x32
+	sysIPV6_RECVHOPLIMIT = 0x33
+	sysIPV6_HOPLIMIT     = 0x34
+	sysIPV6_RECVHOPOPTS  = 0x35
+	sysIPV6_HOPOPTS      = 0x36
+	sysIPV6_RTHDRDSTOPTS = 0x37
+	sysIPV6_RECVRTHDR    = 0x38
+	sysIPV6_RTHDR        = 0x39
+	sysIPV6_RECVDSTOPTS  = 0x3a
+	sysIPV6_DSTOPTS      = 0x3b
+	sysIPV6_RECVPATHMTU  = 0x3c
+	sysIPV6_PATHMTU      = 0x3d
+	sysIPV6_DONTFRAG     = 0x3e
+
+	sysIPV6_RECVTCLASS = 0x42
+	sysIPV6_TCLASS     = 0x43
+
+	sysIPV6_ADDR_PREFERENCES = 0x48
+
+	sysIPV6_PREFER_SRC_TMP            = 0x1
+	sysIPV6_PREFER_SRC_PUBLIC         = 0x2
+	sysIPV6_PREFER_SRC_PUBTMP_DEFAULT = 0x100
+	sysIPV6_PREFER_SRC_COA            = 0x4
+	sysIPV6_PREFER_SRC_HOME           = 0x400
+	sysIPV6_PREFER_SRC_CGA            = 0x8
+	sysIPV6_PREFER_SRC_NONCGA         = 0x800
+
+	sysIPV6_MINHOPCOUNT = 0x49
+
+	sysIPV6_ORIGDSTADDR     = 0x4a
+	sysIPV6_RECVORIGDSTADDR = 0x4a
+	sysIPV6_TRANSPARENT     = 0x4b
+	sysIPV6_UNICAST_IF      = 0x4c
+
+	sysICMPV6_FILTER = 0x1
+
+	sysICMPV6_FILTER_BLOCK       = 0x1
+	sysICMPV6_FILTER_PASS        = 0x2
+	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
+	sysICMPV6_FILTER_PASSONLY    = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet6         = 0x1c
+	sizeofInet6Pktinfo          = 0x14
+	sizeofIPv6Mtuinfo           = 0x20
+	sizeofIPv6FlowlabelReq      = 0x20
+
+	sizeofIPv6Mreq       = 0x14
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPv6Filter = 0x20
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex int32
+}
+
+type ipv6Mtuinfo struct {
+	Addr sockaddrInet6
+	Mtu  uint32
+}
+
+type ipv6FlowlabelReq struct {
+	Dst        [16]byte /* in6_addr */
+	Label      uint32
+	Action     uint8
+	Share      uint8
+	Flags      uint16
+	Expires    uint16
+	Linger     uint16
+	X__flr_pad uint32
+}
+
+type ipv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Ifindex   int32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpv6Filter struct {
+	Data [8]uint32
+}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_s390x.go b/vendor/golang.org/x/net/ipv6/zsys_linux_s390x.go
index b64f0157d7a45..992ac9ec5f2cd 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_s390x.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_s390x.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_linux.go
 
 package ipv6
@@ -84,9 +84,6 @@ const (
 	sysICMPV6_FILTER_BLOCKOTHERS = 0x3
 	sysICMPV6_FILTER_PASSONLY    = 0x4
 
-	sysSOL_SOCKET       = 0x1
-	sysSO_ATTACH_FILTER = 0x1a
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
@@ -98,8 +95,6 @@ const (
 	sizeofGroupSourceReq = 0x108
 
 	sizeofICMPv6Filter = 0x20
-
-	sizeofSockFprog = 0x10
 )
 
 type kernelSockaddrStorage struct {
@@ -157,16 +152,3 @@ type groupSourceReq struct {
 type icmpv6Filter struct {
 	Data [8]uint32
 }
-
-type sockFProg struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *sockFilter
-}
-
-type sockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
diff --git a/vendor/golang.org/x/net/ipv6/zsys_netbsd.go b/vendor/golang.org/x/net/ipv6/zsys_netbsd.go
index bcada13b7a7fc..e39571e072509 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_netbsd.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_netbsd.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_netbsd.go
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/zsys_openbsd.go b/vendor/golang.org/x/net/ipv6/zsys_openbsd.go
index 86cf3c63799e6..cc1899a630c2b 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_openbsd.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_openbsd.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_openbsd.go
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/zsys_solaris.go b/vendor/golang.org/x/net/ipv6/zsys_solaris.go
index cf1837dd2af63..690eef9341ac7 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_solaris.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_solaris.go
@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_solaris.go
 
 package ipv6
diff --git a/vendor/golang.org/x/net/ipv6/zsys_zos_s390x.go b/vendor/golang.org/x/net/ipv6/zsys_zos_s390x.go
new file mode 100644
index 0000000000000..3f980691f6be1
--- /dev/null
+++ b/vendor/golang.org/x/net/ipv6/zsys_zos_s390x.go
@@ -0,0 +1,106 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Hand edited based on zerrors_zos_s390x.go
+// TODO(Bill O'Farrell): auto-generate.
+
+package ipv6
+
+const (
+	sysIPV6_ADDR_PREFERENCES  = 32
+	sysIPV6_CHECKSUM          = 19
+	sysIPV6_DONTFRAG          = 29
+	sysIPV6_DSTOPTS           = 23
+	sysIPV6_HOPLIMIT          = 11
+	sysIPV6_HOPOPTS           = 22
+	sysIPV6_JOIN_GROUP        = 5
+	sysIPV6_LEAVE_GROUP       = 6
+	sysIPV6_MULTICAST_HOPS    = 9
+	sysIPV6_MULTICAST_IF      = 7
+	sysIPV6_MULTICAST_LOOP    = 4
+	sysIPV6_NEXTHOP           = 20
+	sysIPV6_PATHMTU           = 12
+	sysIPV6_PKTINFO           = 13
+	sysIPV6_PREFER_SRC_CGA    = 0x10
+	sysIPV6_PREFER_SRC_COA    = 0x02
+	sysIPV6_PREFER_SRC_HOME   = 0x01
+	sysIPV6_PREFER_SRC_NONCGA = 0x20
+	sysIPV6_PREFER_SRC_PUBLIC = 0x08
+	sysIPV6_PREFER_SRC_TMP    = 0x04
+	sysIPV6_RECVDSTOPTS       = 28
+	sysIPV6_RECVHOPLIMIT      = 14
+	sysIPV6_RECVHOPOPTS       = 26
+	sysIPV6_RECVPATHMTU       = 16
+	sysIPV6_RECVPKTINFO       = 15
+	sysIPV6_RECVRTHDR         = 25
+	sysIPV6_RECVTCLASS        = 31
+	sysIPV6_RTHDR             = 21
+	sysIPV6_RTHDRDSTOPTS      = 24
+	sysIPV6_RTHDR_TYPE_0      = 0
+	sysIPV6_TCLASS            = 30
+	sysIPV6_UNICAST_HOPS      = 3
+	sysIPV6_USE_MIN_MTU       = 18
+	sysIPV6_V6ONLY            = 10
+
+	sysMCAST_JOIN_GROUP         = 40
+	sysMCAST_LEAVE_GROUP        = 41
+	sysMCAST_JOIN_SOURCE_GROUP  = 42
+	sysMCAST_LEAVE_SOURCE_GROUP = 43
+	sysMCAST_BLOCK_SOURCE       = 44
+	sysMCAST_UNBLOCK_SOURCE     = 45
+
+	sysICMP6_FILTER = 0x1
+
+	sizeofSockaddrStorage = 128
+	sizeofICMPv6Filter    = 32
+	sizeofInet6Pktinfo    = 20
+	sizeofIPv6Mtuinfo     = 32
+	sizeofSockaddrInet6   = 28
+	sizeofGroupReq        = 136
+	sizeofGroupSourceReq  = 264
+)
+
+type sockaddrStorage struct {
+	Len      uint8
+	Family   byte
+	ss_pad1  [6]byte
+	ss_align int64
+	ss_pad2  [112]byte
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte
+	Scope_id uint32
+}
+
+type inet6Pktinfo struct {
+	Addr    [16]byte
+	Ifindex uint32
+}
+
+type ipv6Mtuinfo struct {
+	Addr sockaddrInet6
+	Mtu  uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	reserved  uint32
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	reserved  uint32
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
+
+type icmpv6Filter struct {
+	Filt [8]uint32
+}
diff --git a/vendor/golang.org/x/net/proxy/dial.go b/vendor/golang.org/x/net/proxy/dial.go
new file mode 100644
index 0000000000000..811c2e4e962ee
--- /dev/null
+++ b/vendor/golang.org/x/net/proxy/dial.go
@@ -0,0 +1,54 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+)
+
+// A ContextDialer dials using a context.
+type ContextDialer interface {
+	DialContext(ctx context.Context, network, address string) (net.Conn, error)
+}
+
+// Dial works like DialContext on net.Dialer but using a dialer returned by FromEnvironment.
+//
+// The passed ctx is only used for returning the Conn, not the lifetime of the Conn.
+//
+// Custom dialers (registered via RegisterDialerType) that do not implement ContextDialer
+// can leak a goroutine for as long as it takes the underlying Dialer implementation to timeout.
+//
+// A Conn returned from a successful Dial after the context has been cancelled will be immediately closed.
+func Dial(ctx context.Context, network, address string) (net.Conn, error) {
+	d := FromEnvironment()
+	if xd, ok := d.(ContextDialer); ok {
+		return xd.DialContext(ctx, network, address)
+	}
+	return dialContext(ctx, d, network, address)
+}
+
+// WARNING: this can leak a goroutine for as long as the underlying Dialer implementation takes to timeout
+// A Conn returned from a successful Dial after the context has been cancelled will be immediately closed.
+func dialContext(ctx context.Context, d Dialer, network, address string) (net.Conn, error) {
+	var (
+		conn net.Conn
+		done = make(chan struct{}, 1)
+		err  error
+	)
+	go func() {
+		conn, err = d.Dial(network, address)
+		close(done)
+		if conn != nil && ctx.Err() != nil {
+			conn.Close()
+		}
+	}()
+	select {
+	case <-ctx.Done():
+		err = ctx.Err()
+	case <-done:
+	}
+	return conn, err
+}
diff --git a/vendor/golang.org/x/net/proxy/direct.go b/vendor/golang.org/x/net/proxy/direct.go
index 4c5ad88b1e759..3d66bdef9d749 100644
--- a/vendor/golang.org/x/net/proxy/direct.go
+++ b/vendor/golang.org/x/net/proxy/direct.go
@@ -5,14 +5,27 @@
 package proxy
 
 import (
+	"context"
 	"net"
 )
 
 type direct struct{}
 
-// Direct is a direct proxy: one that makes network connections directly.
+// Direct implements Dialer by making network connections directly using net.Dial or net.DialContext.
 var Direct = direct{}
 
+var (
+	_ Dialer        = Direct
+	_ ContextDialer = Direct
+)
+
+// Dial directly invokes net.Dial with the supplied parameters.
 func (direct) Dial(network, addr string) (net.Conn, error) {
 	return net.Dial(network, addr)
 }
+
+// DialContext instantiates a net.Dialer and invokes its DialContext receiver with the supplied parameters.
+func (direct) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
+	var d net.Dialer
+	return d.DialContext(ctx, network, addr)
+}
diff --git a/vendor/golang.org/x/net/proxy/per_host.go b/vendor/golang.org/x/net/proxy/per_host.go
index 0689bb6a70f66..573fe79e86ec5 100644
--- a/vendor/golang.org/x/net/proxy/per_host.go
+++ b/vendor/golang.org/x/net/proxy/per_host.go
@@ -5,6 +5,7 @@
 package proxy
 
 import (
+	"context"
 	"net"
 	"strings"
 )
@@ -41,6 +42,20 @@ func (p *PerHost) Dial(network, addr string) (c net.Conn, err error) {
 	return p.dialerForRequest(host).Dial(network, addr)
 }
 
+// DialContext connects to the address addr on the given network through either
+// defaultDialer or bypass.
+func (p *PerHost) DialContext(ctx context.Context, network, addr string) (c net.Conn, err error) {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+	d := p.dialerForRequest(host)
+	if x, ok := d.(ContextDialer); ok {
+		return x.DialContext(ctx, network, addr)
+	}
+	return dialContext(ctx, d, network, addr)
+}
+
 func (p *PerHost) dialerForRequest(host string) Dialer {
 	if ip := net.ParseIP(host); ip != nil {
 		for _, net := range p.bypassNetworks {
diff --git a/vendor/golang.org/x/net/proxy/proxy.go b/vendor/golang.org/x/net/proxy/proxy.go
index 553ead7cf0ed0..9ff4b9a7767ac 100644
--- a/vendor/golang.org/x/net/proxy/proxy.go
+++ b/vendor/golang.org/x/net/proxy/proxy.go
@@ -15,6 +15,7 @@ import (
 )
 
 // A Dialer is a means to establish a connection.
+// Custom dialers should also implement ContextDialer.
 type Dialer interface {
 	// Dial connects to the given address via the proxy.
 	Dial(network, addr string) (c net.Conn, err error)
@@ -25,21 +26,30 @@ type Auth struct {
 	User, Password string
 }
 
-// FromEnvironment returns the dialer specified by the proxy related variables in
-// the environment.
+// FromEnvironment returns the dialer specified by the proxy-related
+// variables in the environment and makes underlying connections
+// directly.
 func FromEnvironment() Dialer {
+	return FromEnvironmentUsing(Direct)
+}
+
+// FromEnvironmentUsing returns the dialer specify by the proxy-related
+// variables in the environment and makes underlying connections
+// using the provided forwarding Dialer (for instance, a *net.Dialer
+// with desired configuration).
+func FromEnvironmentUsing(forward Dialer) Dialer {
 	allProxy := allProxyEnv.Get()
 	if len(allProxy) == 0 {
-		return Direct
+		return forward
 	}
 
 	proxyURL, err := url.Parse(allProxy)
 	if err != nil {
-		return Direct
+		return forward
 	}
-	proxy, err := FromURL(proxyURL, Direct)
+	proxy, err := FromURL(proxyURL, forward)
 	if err != nil {
-		return Direct
+		return forward
 	}
 
 	noProxy := noProxyEnv.Get()
@@ -47,7 +57,7 @@ func FromEnvironment() Dialer {
 		return proxy
 	}
 
-	perHost := NewPerHost(proxy, Direct)
+	perHost := NewPerHost(proxy, forward)
 	perHost.AddFromString(noProxy)
 	return perHost
 }
@@ -79,8 +89,13 @@ func FromURL(u *url.URL, forward Dialer) (Dialer, error) {
 	}
 
 	switch u.Scheme {
-	case "socks5":
-		return SOCKS5("tcp", u.Host, auth, forward)
+	case "socks5", "socks5h":
+		addr := u.Hostname()
+		port := u.Port()
+		if port == "" {
+			port = "1080"
+		}
+		return SOCKS5("tcp", net.JoinHostPort(addr, port), auth, forward)
 	}
 
 	// If the scheme doesn't match any of the built-in schemes, see if it
diff --git a/vendor/golang.org/x/net/proxy/socks5.go b/vendor/golang.org/x/net/proxy/socks5.go
index 56345ec8b6394..c91651f96db92 100644
--- a/vendor/golang.org/x/net/proxy/socks5.go
+++ b/vendor/golang.org/x/net/proxy/socks5.go
@@ -17,8 +17,14 @@ import (
 func SOCKS5(network, address string, auth *Auth, forward Dialer) (Dialer, error) {
 	d := socks.NewDialer(network, address)
 	if forward != nil {
-		d.ProxyDial = func(_ context.Context, network string, address string) (net.Conn, error) {
-			return forward.Dial(network, address)
+		if f, ok := forward.(ContextDialer); ok {
+			d.ProxyDial = func(ctx context.Context, network string, address string) (net.Conn, error) {
+				return f.DialContext(ctx, network, address)
+			}
+		} else {
+			d.ProxyDial = func(ctx context.Context, network string, address string) (net.Conn, error) {
+				return dialContext(ctx, forward, network, address)
+			}
 		}
 	}
 	if auth != nil {
diff --git a/vendor/golang.org/x/net/trace/trace.go b/vendor/golang.org/x/net/trace/trace.go
index a46ee0eaa314e..3ebf6f2daa304 100644
--- a/vendor/golang.org/x/net/trace/trace.go
+++ b/vendor/golang.org/x/net/trace/trace.go
@@ -64,12 +64,14 @@ package trace // import "golang.org/x/net/trace"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"html/template"
 	"io"
 	"log"
 	"net"
 	"net/http"
+	"net/url"
 	"runtime"
 	"sort"
 	"strconv"
@@ -84,6 +86,12 @@ import (
 // FOR DEBUGGING ONLY. This will slow down the program.
 var DebugUseAfterFinish = false
 
+// HTTP ServeMux paths.
+const (
+	debugRequestsPath = "/debug/requests"
+	debugEventsPath   = "/debug/events"
+)
+
 // AuthRequest determines whether a specific request is permitted to load the
 // /debug/requests or /debug/events pages.
 //
@@ -110,10 +118,29 @@ var AuthRequest = func(req *http.Request) (any, sensitive bool) {
 }
 
 func init() {
+	_, pat := http.DefaultServeMux.Handler(&http.Request{URL: &url.URL{Path: debugRequestsPath}})
+	if pat == debugRequestsPath {
+		panic("/debug/requests is already registered. You may have two independent copies of " +
+			"golang.org/x/net/trace in your binary, trying to maintain separate state. This may " +
+			"involve a vendored copy of golang.org/x/net/trace.")
+	}
+
 	// TODO(jbd): Serve Traces from /debug/traces in the future?
 	// There is no requirement for a request to be present to have traces.
-	http.HandleFunc("/debug/requests", Traces)
-	http.HandleFunc("/debug/events", Events)
+	http.HandleFunc(debugRequestsPath, Traces)
+	http.HandleFunc(debugEventsPath, Events)
+}
+
+// NewContext returns a copy of the parent context
+// and associates it with a Trace.
+func NewContext(ctx context.Context, tr Trace) context.Context {
+	return context.WithValue(ctx, contextKey, tr)
+}
+
+// FromContext returns the Trace bound to the context, if any.
+func FromContext(ctx context.Context) (tr Trace, ok bool) {
+	tr, ok = ctx.Value(contextKey).(Trace)
+	return
 }
 
 // Traces responds with traces from the program.
diff --git a/vendor/golang.org/x/net/trace/trace_go16.go b/vendor/golang.org/x/net/trace/trace_go16.go
deleted file mode 100644
index d6081911853f5..0000000000000
--- a/vendor/golang.org/x/net/trace/trace_go16.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.7
-
-package trace
-
-import "golang.org/x/net/context"
-
-// NewContext returns a copy of the parent context
-// and associates it with a Trace.
-func NewContext(ctx context.Context, tr Trace) context.Context {
-	return context.WithValue(ctx, contextKey, tr)
-}
-
-// FromContext returns the Trace bound to the context, if any.
-func FromContext(ctx context.Context) (tr Trace, ok bool) {
-	tr, ok = ctx.Value(contextKey).(Trace)
-	return
-}
diff --git a/vendor/golang.org/x/net/trace/trace_go17.go b/vendor/golang.org/x/net/trace/trace_go17.go
deleted file mode 100644
index df6e1fba7cafa..0000000000000
--- a/vendor/golang.org/x/net/trace/trace_go17.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.7
-
-package trace
-
-import "context"
-
-// NewContext returns a copy of the parent context
-// and associates it with a Trace.
-func NewContext(ctx context.Context, tr Trace) context.Context {
-	return context.WithValue(ctx, contextKey, tr)
-}
-
-// FromContext returns the Trace bound to the context, if any.
-func FromContext(ctx context.Context) (tr Trace, ok bool) {
-	tr, ok = ctx.Value(contextKey).(Trace)
-	return
-}
diff --git a/vendor/golang.org/x/net/websocket/websocket.go b/vendor/golang.org/x/net/websocket/websocket.go
index 1f4f7be40086d..6c45c7352961e 100644
--- a/vendor/golang.org/x/net/websocket/websocket.go
+++ b/vendor/golang.org/x/net/websocket/websocket.go
@@ -5,11 +5,11 @@
 // Package websocket implements a client and server for the WebSocket protocol
 // as specified in RFC 6455.
 //
-// This package currently lacks some features found in an alternative
-// and more actively maintained WebSocket package:
+// This package currently lacks some features found in alternative
+// and more actively maintained WebSocket packages:
 //
 //     https://godoc.org/github.com/gorilla/websocket
-//
+//     https://godoc.org/nhooyr.io/websocket
 package websocket // import "golang.org/x/net/websocket"
 
 import (
diff --git a/vendor/golang.org/x/oauth2/README.md b/vendor/golang.org/x/oauth2/README.md
index eb8dcee179eb8..8cfd6063e7299 100644
--- a/vendor/golang.org/x/oauth2/README.md
+++ b/vendor/golang.org/x/oauth2/README.md
@@ -16,57 +16,16 @@ Or you can manually git clone the repository to
 
 See godoc for further documentation and examples.
 
-* [godoc.org/golang.org/x/oauth2](http://godoc.org/golang.org/x/oauth2)
-* [godoc.org/golang.org/x/oauth2/google](http://godoc.org/golang.org/x/oauth2/google)
+* [godoc.org/golang.org/x/oauth2](https://godoc.org/golang.org/x/oauth2)
+* [godoc.org/golang.org/x/oauth2/google](https://godoc.org/golang.org/x/oauth2/google)
 
+## Policy for new packages
 
-## App Engine
-
-In change 96e89be (March 2015), we removed the `oauth2.Context2` type in favor
-of the [`context.Context`](https://golang.org/x/net/context#Context) type from
-the `golang.org/x/net/context` package
-
-This means it's no longer possible to use the "Classic App Engine"
-`appengine.Context` type with the `oauth2` package. (You're using
-Classic App Engine if you import the package `"appengine"`.)
-
-To work around this, you may use the new `"google.golang.org/appengine"`
-package. This package has almost the same API as the `"appengine"` package,
-but it can be fetched with `go get` and used on "Managed VMs" and well as
-Classic App Engine.
-
-See the [new `appengine` package's readme](https://github.com/golang/appengine#updating-a-go-app-engine-app)
-for information on updating your app.
-
-If you don't want to update your entire app to use the new App Engine packages,
-you may use both sets of packages in parallel, using only the new packages
-with the `oauth2` package.
-
-```go
-import (
-	"golang.org/x/net/context"
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/google"
-	newappengine "google.golang.org/appengine"
-	newurlfetch "google.golang.org/appengine/urlfetch"
-
-	"appengine"
-)
-
-func handler(w http.ResponseWriter, r *http.Request) {
-	var c appengine.Context = appengine.NewContext(r)
-	c.Infof("Logging a message with the old package")
-
-	var ctx context.Context = newappengine.NewContext(r)
-	client := &http.Client{
-		Transport: &oauth2.Transport{
-			Source: google.AppEngineTokenSource(ctx, "scope"),
-			Base:   &newurlfetch.Transport{Context: ctx},
-		},
-	}
-	client.Get("...")
-}
-```
+We no longer accept new provider-specific packages in this repo if all
+they do is add a single endpoint variable. If you just want to add a
+single endpoint, add it to the
+[godoc.org/golang.org/x/oauth2/endpoints](https://godoc.org/golang.org/x/oauth2/endpoints)
+package.
 
 ## Report Issues / Send Patches
 
diff --git a/vendor/golang.org/x/oauth2/go.mod b/vendor/golang.org/x/oauth2/go.mod
new file mode 100644
index 0000000000000..b3457815528f5
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/go.mod
@@ -0,0 +1,10 @@
+module golang.org/x/oauth2
+
+go 1.11
+
+require (
+	cloud.google.com/go v0.34.0
+	golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e
+	golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
+	google.golang.org/appengine v1.4.0
+)
diff --git a/vendor/golang.org/x/oauth2/google/appengine.go b/vendor/golang.org/x/oauth2/google/appengine.go
index 50d918b8788e6..feb1157b15b45 100644
--- a/vendor/golang.org/x/oauth2/google/appengine.go
+++ b/vendor/golang.org/x/oauth2/google/appengine.go
@@ -5,85 +5,34 @@
 package google
 
 import (
-	"sort"
-	"strings"
-	"sync"
+	"context"
 	"time"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 )
 
-// appengineFlex is set at init time by appengineflex_hook.go. If true, we are on App Engine Flex.
-var appengineFlex bool
-
-// Set at init time by appengine_hook.go. If nil, we're not on App Engine.
+// Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible.
 var appengineTokenFunc func(c context.Context, scopes ...string) (token string, expiry time.Time, err error)
 
-// Set at init time by appengine_hook.go. If nil, we're not on App Engine.
+// Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible.
 var appengineAppIDFunc func(c context.Context) string
 
-// AppEngineTokenSource returns a token source that fetches tokens
-// issued to the current App Engine application's service account.
-// If you are implementing a 3-legged OAuth 2.0 flow on App Engine
-// that involves user accounts, see oauth2.Config instead.
+// AppEngineTokenSource returns a token source that fetches tokens from either
+// the current application's service account or from the metadata server,
+// depending on the App Engine environment. See below for environment-specific
+// details. If you are implementing a 3-legged OAuth 2.0 flow on App Engine that
+// involves user accounts, see oauth2.Config instead.
+//
+// First generation App Engine runtimes (<= Go 1.9):
+// AppEngineTokenSource returns a token source that fetches tokens issued to the
+// current App Engine application's service account. The provided context must have
+// come from appengine.NewContext.
 //
-// The provided context must have come from appengine.NewContext.
+// Second generation App Engine runtimes (>= Go 1.11) and App Engine flexible:
+// AppEngineTokenSource is DEPRECATED on second generation runtimes and on the
+// flexible environment. It delegates to ComputeTokenSource, and the provided
+// context and scopes are not used. Please use DefaultTokenSource (or ComputeTokenSource,
+// which DefaultTokenSource will use in this case) instead.
 func AppEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
-	if appengineTokenFunc == nil {
-		panic("google: AppEngineTokenSource can only be used on App Engine.")
-	}
-	scopes := append([]string{}, scope...)
-	sort.Strings(scopes)
-	return &appEngineTokenSource{
-		ctx:    ctx,
-		scopes: scopes,
-		key:    strings.Join(scopes, " "),
-	}
-}
-
-// aeTokens helps the fetched tokens to be reused until their expiration.
-var (
-	aeTokensMu sync.Mutex
-	aeTokens   = make(map[string]*tokenLock) // key is space-separated scopes
-)
-
-type tokenLock struct {
-	mu sync.Mutex // guards t; held while fetching or updating t
-	t  *oauth2.Token
-}
-
-type appEngineTokenSource struct {
-	ctx    context.Context
-	scopes []string
-	key    string // to aeTokens map; space-separated scopes
-}
-
-func (ts *appEngineTokenSource) Token() (*oauth2.Token, error) {
-	if appengineTokenFunc == nil {
-		panic("google: AppEngineTokenSource can only be used on App Engine.")
-	}
-
-	aeTokensMu.Lock()
-	tok, ok := aeTokens[ts.key]
-	if !ok {
-		tok = &tokenLock{}
-		aeTokens[ts.key] = tok
-	}
-	aeTokensMu.Unlock()
-
-	tok.mu.Lock()
-	defer tok.mu.Unlock()
-	if tok.t.Valid() {
-		return tok.t, nil
-	}
-	access, exp, err := appengineTokenFunc(ts.ctx, ts.scopes...)
-	if err != nil {
-		return nil, err
-	}
-	tok.t = &oauth2.Token{
-		AccessToken: access,
-		Expiry:      exp,
-	}
-	return tok.t, nil
+	return appEngineTokenSource(ctx, scope...)
 }
diff --git a/vendor/golang.org/x/oauth2/google/appengine_gen1.go b/vendor/golang.org/x/oauth2/google/appengine_gen1.go
new file mode 100644
index 0000000000000..83dacac320a98
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/appengine_gen1.go
@@ -0,0 +1,77 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build appengine
+
+// This file applies to App Engine first generation runtimes (<= Go 1.9).
+
+package google
+
+import (
+	"context"
+	"sort"
+	"strings"
+	"sync"
+
+	"golang.org/x/oauth2"
+	"google.golang.org/appengine"
+)
+
+func init() {
+	appengineTokenFunc = appengine.AccessToken
+	appengineAppIDFunc = appengine.AppID
+}
+
+// See comment on AppEngineTokenSource in appengine.go.
+func appEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
+	scopes := append([]string{}, scope...)
+	sort.Strings(scopes)
+	return &gaeTokenSource{
+		ctx:    ctx,
+		scopes: scopes,
+		key:    strings.Join(scopes, " "),
+	}
+}
+
+// aeTokens helps the fetched tokens to be reused until their expiration.
+var (
+	aeTokensMu sync.Mutex
+	aeTokens   = make(map[string]*tokenLock) // key is space-separated scopes
+)
+
+type tokenLock struct {
+	mu sync.Mutex // guards t; held while fetching or updating t
+	t  *oauth2.Token
+}
+
+type gaeTokenSource struct {
+	ctx    context.Context
+	scopes []string
+	key    string // to aeTokens map; space-separated scopes
+}
+
+func (ts *gaeTokenSource) Token() (*oauth2.Token, error) {
+	aeTokensMu.Lock()
+	tok, ok := aeTokens[ts.key]
+	if !ok {
+		tok = &tokenLock{}
+		aeTokens[ts.key] = tok
+	}
+	aeTokensMu.Unlock()
+
+	tok.mu.Lock()
+	defer tok.mu.Unlock()
+	if tok.t.Valid() {
+		return tok.t, nil
+	}
+	access, exp, err := appengineTokenFunc(ts.ctx, ts.scopes...)
+	if err != nil {
+		return nil, err
+	}
+	tok.t = &oauth2.Token{
+		AccessToken: access,
+		Expiry:      exp,
+	}
+	return tok.t, nil
+}
diff --git a/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go b/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
new file mode 100644
index 0000000000000..04c2c2216af56
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine
+
+// This file applies to App Engine second generation runtimes (>= Go 1.11) and App Engine flexible.
+
+package google
+
+import (
+	"context"
+	"log"
+	"sync"
+
+	"golang.org/x/oauth2"
+)
+
+var logOnce sync.Once // only spam about deprecation once
+
+// See comment on AppEngineTokenSource in appengine.go.
+func appEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
+	logOnce.Do(func() {
+		log.Print("google: AppEngineTokenSource is deprecated on App Engine standard second generation runtimes (>= Go 1.11) and App Engine flexible. Please use DefaultTokenSource or ComputeTokenSource.")
+	})
+	return ComputeTokenSource("")
+}
diff --git a/vendor/golang.org/x/oauth2/google/appengine_hook.go b/vendor/golang.org/x/oauth2/google/appengine_hook.go
deleted file mode 100644
index 56669eaa98d2f..0000000000000
--- a/vendor/golang.org/x/oauth2/google/appengine_hook.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build appengine appenginevm
-
-package google
-
-import "google.golang.org/appengine"
-
-func init() {
-	appengineTokenFunc = appengine.AccessToken
-	appengineAppIDFunc = appengine.AppID
-}
diff --git a/vendor/golang.org/x/oauth2/google/appengineflex_hook.go b/vendor/golang.org/x/oauth2/google/appengineflex_hook.go
deleted file mode 100644
index 5d0231af2dd1c..0000000000000
--- a/vendor/golang.org/x/oauth2/google/appengineflex_hook.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build appenginevm
-
-package google
-
-func init() {
-	appengineFlex = true // Flex doesn't support appengine.AccessToken; depend on metadata server.
-}
diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go
index a31607437d30e..ad2c09236c5ab 100644
--- a/vendor/golang.org/x/oauth2/google/default.go
+++ b/vendor/golang.org/x/oauth2/google/default.go
@@ -5,6 +5,7 @@
 package google
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -14,10 +15,28 @@ import (
 	"runtime"
 
 	"cloud.google.com/go/compute/metadata"
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 )
 
+// Credentials holds Google credentials, including "Application Default Credentials".
+// For more details, see:
+// https://developers.google.com/accounts/docs/application-default-credentials
+type Credentials struct {
+	ProjectID   string // may be empty
+	TokenSource oauth2.TokenSource
+
+	// JSON contains the raw bytes from a JSON credentials file.
+	// This field may be nil if authentication is provided by the
+	// environment and not with a credentials file, e.g. when code is
+	// running on Google Cloud Platform.
+	JSON []byte
+}
+
+// DefaultCredentials is the old name of Credentials.
+//
+// Deprecated: use Credentials instead.
+type DefaultCredentials = Credentials
+
 // DefaultClient returns an HTTP Client that uses the
 // DefaultTokenSource to obtain authentication credentials.
 func DefaultClient(ctx context.Context, scope ...string) (*http.Client, error) {
@@ -39,8 +58,22 @@ func DefaultTokenSource(ctx context.Context, scope ...string) (oauth2.TokenSourc
 	return creds.TokenSource, nil
 }
 
-// Common implementation for FindDefaultCredentials.
-func findDefaultCredentials(ctx context.Context, scopes []string) (*DefaultCredentials, error) {
+// FindDefaultCredentials searches for "Application Default Credentials".
+//
+// It looks for credentials in the following places,
+// preferring the first location found:
+//
+//   1. A JSON file whose path is specified by the
+//      GOOGLE_APPLICATION_CREDENTIALS environment variable.
+//   2. A JSON file in a location known to the gcloud command-line tool.
+//      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
+//      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
+//   3. On Google App Engine standard first generation runtimes (<= Go 1.9) it uses
+//      the appengine.AccessToken function.
+//   4. On Google Compute Engine, Google App Engine standard second generation runtimes
+//      (>= Go 1.11), and Google App Engine flexible environment, it fetches
+//      credentials from the metadata server.
+func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials, error) {
 	// First, try the environment variable.
 	const envVar = "GOOGLE_APPLICATION_CREDENTIALS"
 	if filename := os.Getenv(envVar); filename != "" {
@@ -59,20 +92,23 @@ func findDefaultCredentials(ctx context.Context, scopes []string) (*DefaultCrede
 		return nil, fmt.Errorf("google: error getting credentials using well-known file (%v): %v", filename, err)
 	}
 
-	// Third, if we're on Google App Engine use those credentials.
-	if appengineTokenFunc != nil && !appengineFlex {
+	// Third, if we're on a Google App Engine standard first generation runtime (<= Go 1.9)
+	// use those credentials. App Engine standard second generation runtimes (>= Go 1.11)
+	// and App Engine flexible use ComputeTokenSource and the metadata server.
+	if appengineTokenFunc != nil {
 		return &DefaultCredentials{
 			ProjectID:   appengineAppIDFunc(ctx),
 			TokenSource: AppEngineTokenSource(ctx, scopes...),
 		}, nil
 	}
 
-	// Fourth, if we're on Google Compute Engine use the metadata server.
+	// Fourth, if we're on Google Compute Engine, an App Engine standard second generation runtime,
+	// or App Engine flexible, use the metadata server.
 	if metadata.OnGCE() {
 		id, _ := metadata.ProjectID()
 		return &DefaultCredentials{
 			ProjectID:   id,
-			TokenSource: ComputeTokenSource(""),
+			TokenSource: ComputeTokenSource("", scopes...),
 		}, nil
 	}
 
@@ -81,8 +117,11 @@ func findDefaultCredentials(ctx context.Context, scopes []string) (*DefaultCrede
 	return nil, fmt.Errorf("google: could not find default credentials. See %v for more information.", url)
 }
 
-// Common implementation for CredentialsFromJSON.
-func credentialsFromJSON(ctx context.Context, jsonData []byte, scopes []string) (*DefaultCredentials, error) {
+// CredentialsFromJSON obtains Google credentials from a JSON value. The JSON can
+// represent either a Google Developers Console client_credentials.json file (as in
+// ConfigFromJSON) or a Google Developers service account key file (as in
+// JWTConfigFromJSON).
+func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*Credentials, error) {
 	var f credentialsFile
 	if err := json.Unmarshal(jsonData, &f); err != nil {
 		return nil, err
diff --git a/vendor/golang.org/x/oauth2/google/doc.go b/vendor/golang.org/x/oauth2/google/doc.go
new file mode 100644
index 0000000000000..73be629033d35
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/doc.go
@@ -0,0 +1,40 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package google provides support for making OAuth2 authorized and authenticated
+// HTTP requests to Google APIs. It supports the Web server flow, client-side
+// credentials, service accounts, Google Compute Engine service accounts, and Google
+// App Engine service accounts.
+//
+// A brief overview of the package follows. For more information, please read
+// https://developers.google.com/accounts/docs/OAuth2
+// and
+// https://developers.google.com/accounts/docs/application-default-credentials.
+//
+// OAuth2 Configs
+//
+// Two functions in this package return golang.org/x/oauth2.Config values from Google credential
+// data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
+// the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
+// create an http.Client.
+//
+//
+// Credentials
+//
+// The Credentials type represents Google credentials, including Application Default
+// Credentials.
+//
+// Use FindDefaultCredentials to obtain Application Default Credentials.
+// FindDefaultCredentials looks in some well-known places for a credentials file, and
+// will call AppEngineTokenSource or ComputeTokenSource as needed.
+//
+// DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
+// then use the credentials to construct an http.Client or an oauth2.TokenSource.
+//
+// Use CredentialsFromJSON to obtain credentials from either of the two JSON formats
+// described in OAuth2 Configs, above. The TokenSource in the returned value is the
+// same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
+// JWTConfigFromJSON, but the Credentials may contain additional information
+// that is useful is some circumstances.
+package google // import "golang.org/x/oauth2/google"
diff --git a/vendor/golang.org/x/oauth2/google/doc_go19.go b/vendor/golang.org/x/oauth2/google/doc_go19.go
deleted file mode 100644
index 2a86325fe3b3d..0000000000000
--- a/vendor/golang.org/x/oauth2/google/doc_go19.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.9
-
-// Package google provides support for making OAuth2 authorized and authenticated
-// HTTP requests to Google APIs. It supports the Web server flow, client-side
-// credentials, service accounts, Google Compute Engine service accounts, and Google
-// App Engine service accounts.
-//
-// A brief overview of the package follows. For more information, please read
-// https://developers.google.com/accounts/docs/OAuth2
-// and
-// https://developers.google.com/accounts/docs/application-default-credentials.
-//
-// OAuth2 Configs
-//
-// Two functions in this package return golang.org/x/oauth2.Config values from Google credential
-// data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
-// the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
-// create an http.Client.
-//
-//
-// Credentials
-//
-// The Credentials type represents Google credentials, including Application Default
-// Credentials.
-//
-// Use FindDefaultCredentials to obtain Application Default Credentials.
-// FindDefaultCredentials looks in some well-known places for a credentials file, and
-// will call AppEngineTokenSource or ComputeTokenSource as needed.
-//
-// DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
-// then use the credentials to construct an http.Client or an oauth2.TokenSource.
-//
-// Use CredentialsFromJSON to obtain credentials from either of the two JSON formats
-// described in OAuth2 Configs, above. The TokenSource in the returned value is the
-// same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
-// JWTConfigFromJSON, but the Credentials may contain additional information
-// that is useful is some circumstances.
-package google // import "golang.org/x/oauth2/google"
diff --git a/vendor/golang.org/x/oauth2/google/doc_not_go19.go b/vendor/golang.org/x/oauth2/google/doc_not_go19.go
deleted file mode 100644
index 5c3c6e14812c9..0000000000000
--- a/vendor/golang.org/x/oauth2/google/doc_not_go19.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.9
-
-// Package google provides support for making OAuth2 authorized and authenticated
-// HTTP requests to Google APIs. It supports the Web server flow, client-side
-// credentials, service accounts, Google Compute Engine service accounts, and Google
-// App Engine service accounts.
-//
-// A brief overview of the package follows. For more information, please read
-// https://developers.google.com/accounts/docs/OAuth2
-// and
-// https://developers.google.com/accounts/docs/application-default-credentials.
-//
-// OAuth2 Configs
-//
-// Two functions in this package return golang.org/x/oauth2.Config values from Google credential
-// data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
-// the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
-// create an http.Client.
-//
-//
-// Credentials
-//
-// The DefaultCredentials type represents Google Application Default Credentials, as
-// well as other forms of credential.
-//
-// Use FindDefaultCredentials to obtain Application Default Credentials.
-// FindDefaultCredentials looks in some well-known places for a credentials file, and
-// will call AppEngineTokenSource or ComputeTokenSource as needed.
-//
-// DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
-// then use the credentials to construct an http.Client or an oauth2.TokenSource.
-//
-// Use CredentialsFromJSON to obtain credentials from either of the two JSON
-// formats described in OAuth2 Configs, above. (The DefaultCredentials returned may
-// not be "Application Default Credentials".) The TokenSource in the returned value
-// is the same as the one obtained from the oauth2.Config returned from
-// ConfigFromJSON or JWTConfigFromJSON, but the DefaultCredentials may contain
-// additional information that is useful is some circumstances.
-package google // import "golang.org/x/oauth2/google"
diff --git a/vendor/golang.org/x/oauth2/google/go19.go b/vendor/golang.org/x/oauth2/google/go19.go
deleted file mode 100644
index 4d0318b1e167a..0000000000000
--- a/vendor/golang.org/x/oauth2/google/go19.go
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.9
-
-package google
-
-import (
-	"golang.org/x/net/context"
-	"golang.org/x/oauth2"
-)
-
-// Credentials holds Google credentials, including "Application Default Credentials".
-// For more details, see:
-// https://developers.google.com/accounts/docs/application-default-credentials
-type Credentials struct {
-	ProjectID   string // may be empty
-	TokenSource oauth2.TokenSource
-
-	// JSON contains the raw bytes from a JSON credentials file.
-	// This field may be nil if authentication is provided by the
-	// environment and not with a credentials file, e.g. when code is
-	// running on Google Cloud Platform.
-	JSON []byte
-}
-
-// DefaultCredentials is the old name of Credentials.
-//
-// Deprecated: use Credentials instead.
-type DefaultCredentials = Credentials
-
-// FindDefaultCredentials searches for "Application Default Credentials".
-//
-// It looks for credentials in the following places,
-// preferring the first location found:
-//
-//   1. A JSON file whose path is specified by the
-//      GOOGLE_APPLICATION_CREDENTIALS environment variable.
-//   2. A JSON file in a location known to the gcloud command-line tool.
-//      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
-//      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
-//   3. On Google App Engine it uses the appengine.AccessToken function.
-//   4. On Google Compute Engine and Google App Engine Managed VMs, it fetches
-//      credentials from the metadata server.
-//      (In this final case any provided scopes are ignored.)
-func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials, error) {
-	return findDefaultCredentials(ctx, scopes)
-}
-
-// CredentialsFromJSON obtains Google credentials from a JSON value. The JSON can
-// represent either a Google Developers Console client_credentials.json file (as in
-// ConfigFromJSON) or a Google Developers service account key file (as in
-// JWTConfigFromJSON).
-func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*Credentials, error) {
-	return credentialsFromJSON(ctx, jsonData, scopes)
-}
diff --git a/vendor/golang.org/x/oauth2/google/google.go b/vendor/golang.org/x/oauth2/google/google.go
index f7481fbcc63dd..81de32b360b27 100644
--- a/vendor/golang.org/x/oauth2/google/google.go
+++ b/vendor/golang.org/x/oauth2/google/google.go
@@ -5,26 +5,28 @@
 package google
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/url"
 	"strings"
 	"time"
 
 	"cloud.google.com/go/compute/metadata"
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/jwt"
 )
 
 // Endpoint is Google's OAuth 2.0 endpoint.
 var Endpoint = oauth2.Endpoint{
-	AuthURL:  "https://accounts.google.com/o/oauth2/auth",
-	TokenURL: "https://accounts.google.com/o/oauth2/token",
+	AuthURL:   "https://accounts.google.com/o/oauth2/auth",
+	TokenURL:  "https://oauth2.googleapis.com/token",
+	AuthStyle: oauth2.AuthStyleInParams,
 }
 
 // JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.
-const JWTTokenURL = "https://accounts.google.com/o/oauth2/token"
+const JWTTokenURL = "https://oauth2.googleapis.com/token"
 
 // ConfigFromJSON uses a Google Developers Console client_credentials.json
 // file to construct a config.
@@ -150,14 +152,16 @@ func (f *credentialsFile) tokenSource(ctx context.Context, scopes []string) (oau
 // from Google Compute Engine (GCE)'s metadata server. It's only valid to use
 // this token source if your program is running on a GCE instance.
 // If no account is specified, "default" is used.
+// If no scopes are specified, a set of default scopes are automatically granted.
 // Further information about retrieving access tokens from the GCE metadata
 // server can be found at https://cloud.google.com/compute/docs/authentication.
-func ComputeTokenSource(account string) oauth2.TokenSource {
-	return oauth2.ReuseTokenSource(nil, computeSource{account: account})
+func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource {
+	return oauth2.ReuseTokenSource(nil, computeSource{account: account, scopes: scope})
 }
 
 type computeSource struct {
 	account string
+	scopes  []string
 }
 
 func (cs computeSource) Token() (*oauth2.Token, error) {
@@ -168,7 +172,13 @@ func (cs computeSource) Token() (*oauth2.Token, error) {
 	if acct == "" {
 		acct = "default"
 	}
-	tokenJSON, err := metadata.Get("instance/service-accounts/" + acct + "/token")
+	tokenURI := "instance/service-accounts/" + acct + "/token"
+	if len(cs.scopes) > 0 {
+		v := url.Values{}
+		v.Set("scopes", strings.Join(cs.scopes, ","))
+		tokenURI = tokenURI + "?" + v.Encode()
+	}
+	tokenJSON, err := metadata.Get(tokenURI)
 	if err != nil {
 		return nil, err
 	}
@@ -184,9 +194,16 @@ func (cs computeSource) Token() (*oauth2.Token, error) {
 	if res.ExpiresInSec == 0 || res.AccessToken == "" {
 		return nil, fmt.Errorf("oauth2/google: incomplete token received from metadata")
 	}
-	return &oauth2.Token{
+	tok := &oauth2.Token{
 		AccessToken: res.AccessToken,
 		TokenType:   res.TokenType,
 		Expiry:      time.Now().Add(time.Duration(res.ExpiresInSec) * time.Second),
-	}, nil
+	}
+	// NOTE(cbro): add hidden metadata about where the token is from.
+	// This is needed for detection by client libraries to know that credentials come from the metadata server.
+	// This may be removed in a future version of this library.
+	return tok.WithExtra(map[string]interface{}{
+		"oauth2.google.tokenSource":    "compute-metadata",
+		"oauth2.google.serviceAccount": acct,
+	}), nil
 }
diff --git a/vendor/golang.org/x/oauth2/google/not_go19.go b/vendor/golang.org/x/oauth2/google/not_go19.go
deleted file mode 100644
index 544e40624e1df..0000000000000
--- a/vendor/golang.org/x/oauth2/google/not_go19.go
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.9
-
-package google
-
-import (
-	"golang.org/x/net/context"
-	"golang.org/x/oauth2"
-)
-
-// DefaultCredentials holds Google credentials, including "Application Default Credentials".
-// For more details, see:
-// https://developers.google.com/accounts/docs/application-default-credentials
-type DefaultCredentials struct {
-	ProjectID   string // may be empty
-	TokenSource oauth2.TokenSource
-
-	// JSON contains the raw bytes from a JSON credentials file.
-	// This field may be nil if authentication is provided by the
-	// environment and not with a credentials file, e.g. when code is
-	// running on Google Cloud Platform.
-	JSON []byte
-}
-
-// FindDefaultCredentials searches for "Application Default Credentials".
-//
-// It looks for credentials in the following places,
-// preferring the first location found:
-//
-//   1. A JSON file whose path is specified by the
-//      GOOGLE_APPLICATION_CREDENTIALS environment variable.
-//   2. A JSON file in a location known to the gcloud command-line tool.
-//      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
-//      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
-//   3. On Google App Engine it uses the appengine.AccessToken function.
-//   4. On Google Compute Engine and Google App Engine Managed VMs, it fetches
-//      credentials from the metadata server.
-//      (In this final case any provided scopes are ignored.)
-func FindDefaultCredentials(ctx context.Context, scopes ...string) (*DefaultCredentials, error) {
-	return findDefaultCredentials(ctx, scopes)
-}
-
-// CredentialsFromJSON obtains Google credentials from a JSON value. The JSON can
-// represent either a Google Developers Console client_credentials.json file (as in
-// ConfigFromJSON) or a Google Developers service account key file (as in
-// JWTConfigFromJSON).
-//
-// Note: despite the name, the returned credentials may not be Application Default Credentials.
-func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*DefaultCredentials, error) {
-	return credentialsFromJSON(ctx, jsonData, scopes)
-}
diff --git a/vendor/golang.org/x/oauth2/google/sdk.go b/vendor/golang.org/x/oauth2/google/sdk.go
index b9660caddf047..456224bc78963 100644
--- a/vendor/golang.org/x/oauth2/google/sdk.go
+++ b/vendor/golang.org/x/oauth2/google/sdk.go
@@ -6,6 +6,7 @@ package google
 
 import (
 	"bufio"
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -18,7 +19,6 @@ import (
 	"strings"
 	"time"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 )
 
diff --git a/vendor/golang.org/x/oauth2/internal/oauth2.go b/vendor/golang.org/x/oauth2/internal/oauth2.go
index fc63fcab3ffae..c0ab196cf461c 100644
--- a/vendor/golang.org/x/oauth2/internal/oauth2.go
+++ b/vendor/golang.org/x/oauth2/internal/oauth2.go
@@ -26,7 +26,7 @@ func ParseKey(key []byte) (*rsa.PrivateKey, error) {
 	if err != nil {
 		parsedKey, err = x509.ParsePKCS1PrivateKey(key)
 		if err != nil {
-			return nil, fmt.Errorf("private key should be a PEM or plain PKSC1 or PKCS8; parse error: %v", err)
+			return nil, fmt.Errorf("private key should be a PEM or plain PKCS1 or PKCS8; parse error: %v", err)
 		}
 	}
 	parsed, ok := parsedKey.(*rsa.PrivateKey)
diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go
index 30fb315d13971..355c386961dd4 100644
--- a/vendor/golang.org/x/oauth2/internal/token.go
+++ b/vendor/golang.org/x/oauth2/internal/token.go
@@ -5,19 +5,21 @@
 package internal
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
+	"math"
 	"mime"
 	"net/http"
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
-	"golang.org/x/net/context"
 	"golang.org/x/net/context/ctxhttp"
 )
 
@@ -61,22 +63,21 @@ type tokenJSON struct {
 	TokenType    string         `json:"token_type"`
 	RefreshToken string         `json:"refresh_token"`
 	ExpiresIn    expirationTime `json:"expires_in"` // at least PayPal returns string, while most return number
-	Expires      expirationTime `json:"expires"`    // broken Facebook spelling of expires_in
 }
 
 func (e *tokenJSON) expiry() (t time.Time) {
 	if v := e.ExpiresIn; v != 0 {
 		return time.Now().Add(time.Duration(v) * time.Second)
 	}
-	if v := e.Expires; v != 0 {
-		return time.Now().Add(time.Duration(v) * time.Second)
-	}
 	return
 }
 
 type expirationTime int32
 
 func (e *expirationTime) UnmarshalJSON(b []byte) error {
+	if len(b) == 0 || string(b) == "null" {
+		return nil
+	}
 	var n json.Number
 	err := json.Unmarshal(b, &n)
 	if err != nil {
@@ -86,97 +87,78 @@ func (e *expirationTime) UnmarshalJSON(b []byte) error {
 	if err != nil {
 		return err
 	}
+	if i > math.MaxInt32 {
+		i = math.MaxInt32
+	}
 	*e = expirationTime(i)
 	return nil
 }
 
-var brokenAuthHeaderProviders = []string{
-	"https://accounts.google.com/",
-	"https://api.codeswholesale.com/oauth/token",
-	"https://api.dropbox.com/",
-	"https://api.dropboxapi.com/",
-	"https://api.instagram.com/",
-	"https://api.netatmo.net/",
-	"https://api.odnoklassniki.ru/",
-	"https://api.pushbullet.com/",
-	"https://api.soundcloud.com/",
-	"https://api.twitch.tv/",
-	"https://app.box.com/",
-	"https://connect.stripe.com/",
-	"https://login.mailchimp.com/",
-	"https://login.microsoftonline.com/",
-	"https://login.salesforce.com/",
-	"https://login.windows.net",
-	"https://login.live.com/",
-	"https://oauth.sandbox.trainingpeaks.com/",
-	"https://oauth.trainingpeaks.com/",
-	"https://oauth.vk.com/",
-	"https://openapi.baidu.com/",
-	"https://slack.com/",
-	"https://test-sandbox.auth.corp.google.com",
-	"https://test.salesforce.com/",
-	"https://user.gini.net/",
-	"https://www.douban.com/",
-	"https://www.googleapis.com/",
-	"https://www.linkedin.com/",
-	"https://www.strava.com/oauth/",
-	"https://www.wunderlist.com/oauth/",
-	"https://api.patreon.com/",
-	"https://sandbox.codeswholesale.com/oauth/token",
-	"https://api.sipgate.com/v1/authorization/oauth",
-	"https://api.medium.com/v1/tokens",
-	"https://log.finalsurge.com/oauth/token",
-	"https://multisport.todaysplan.com.au/rest/oauth/access_token",
-	"https://whats.todaysplan.com.au/rest/oauth/access_token",
-}
+// RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op.
+//
+// Deprecated: this function no longer does anything. Caller code that
+// wants to avoid potential extra HTTP requests made during
+// auto-probing of the provider's auth style should set
+// Endpoint.AuthStyle.
+func RegisterBrokenAuthHeaderProvider(tokenURL string) {}
+
+// AuthStyle is a copy of the golang.org/x/oauth2 package's AuthStyle type.
+type AuthStyle int
 
-// brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.
-var brokenAuthHeaderDomains = []string{
-	".auth0.com",
-	".force.com",
-	".myshopify.com",
-	".okta.com",
-	".oktapreview.com",
+const (
+	AuthStyleUnknown  AuthStyle = 0
+	AuthStyleInParams AuthStyle = 1
+	AuthStyleInHeader AuthStyle = 2
+)
+
+// authStyleCache is the set of tokenURLs we've successfully used via
+// RetrieveToken and which style auth we ended up using.
+// It's called a cache, but it doesn't (yet?) shrink. It's expected that
+// the set of OAuth2 servers a program contacts over time is fixed and
+// small.
+var authStyleCache struct {
+	sync.Mutex
+	m map[string]AuthStyle // keyed by tokenURL
 }
 
-func RegisterBrokenAuthHeaderProvider(tokenURL string) {
-	brokenAuthHeaderProviders = append(brokenAuthHeaderProviders, tokenURL)
+// ResetAuthCache resets the global authentication style cache used
+// for AuthStyleUnknown token requests.
+func ResetAuthCache() {
+	authStyleCache.Lock()
+	defer authStyleCache.Unlock()
+	authStyleCache.m = nil
 }
 
-// providerAuthHeaderWorks reports whether the OAuth2 server identified by the tokenURL
-// implements the OAuth2 spec correctly
-// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
-// In summary:
-// - Reddit only accepts client secret in the Authorization header
-// - Dropbox accepts either it in URL param or Auth header, but not both.
-// - Google only accepts URL param (not spec compliant?), not Auth header
-// - Stripe only accepts client secret in Auth header with Bearer method, not Basic
-func providerAuthHeaderWorks(tokenURL string) bool {
-	for _, s := range brokenAuthHeaderProviders {
-		if strings.HasPrefix(tokenURL, s) {
-			// Some sites fail to implement the OAuth2 spec fully.
-			return false
-		}
-	}
+// lookupAuthStyle reports which auth style we last used with tokenURL
+// when calling RetrieveToken and whether we have ever done so.
+func lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) {
+	authStyleCache.Lock()
+	defer authStyleCache.Unlock()
+	style, ok = authStyleCache.m[tokenURL]
+	return
+}
 
-	if u, err := url.Parse(tokenURL); err == nil {
-		for _, s := range brokenAuthHeaderDomains {
-			if strings.HasSuffix(u.Host, s) {
-				return false
-			}
-		}
+// setAuthStyle adds an entry to authStyleCache, documented above.
+func setAuthStyle(tokenURL string, v AuthStyle) {
+	authStyleCache.Lock()
+	defer authStyleCache.Unlock()
+	if authStyleCache.m == nil {
+		authStyleCache.m = make(map[string]AuthStyle)
 	}
-
-	// Assume the provider implements the spec properly
-	// otherwise. We can add more exceptions as they're
-	// discovered. We will _not_ be adding configurable hooks
-	// to this package to let users select server bugs.
-	return true
+	authStyleCache.m[tokenURL] = v
 }
 
-func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values) (*Token, error) {
-	bustedAuth := !providerAuthHeaderWorks(tokenURL)
-	if bustedAuth {
+// newTokenRequest returns a new *http.Request to retrieve a new token
+// from tokenURL using the provided clientID, clientSecret, and POST
+// body parameters.
+//
+// inParams is whether the clientID & clientSecret should be encoded
+// as the POST body. An 'inParams' value of true means to send it in
+// the POST body (along with any values in v); false means to send it
+// in the Authorization header.
+func newTokenRequest(tokenURL, clientID, clientSecret string, v url.Values, authStyle AuthStyle) (*http.Request, error) {
+	if authStyle == AuthStyleInParams {
+		v = cloneURLValues(v)
 		if clientID != "" {
 			v.Set("client_id", clientID)
 		}
@@ -189,15 +171,70 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 		return nil, err
 	}
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	if !bustedAuth {
+	if authStyle == AuthStyleInHeader {
 		req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
 	}
+	return req, nil
+}
+
+func cloneURLValues(v url.Values) url.Values {
+	v2 := make(url.Values, len(v))
+	for k, vv := range v {
+		v2[k] = append([]string(nil), vv...)
+	}
+	return v2
+}
+
+func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle) (*Token, error) {
+	needsAuthStyleProbe := authStyle == 0
+	if needsAuthStyleProbe {
+		if style, ok := lookupAuthStyle(tokenURL); ok {
+			authStyle = style
+			needsAuthStyleProbe = false
+		} else {
+			authStyle = AuthStyleInHeader // the first way we'll try
+		}
+	}
+	req, err := newTokenRequest(tokenURL, clientID, clientSecret, v, authStyle)
+	if err != nil {
+		return nil, err
+	}
+	token, err := doTokenRoundTrip(ctx, req)
+	if err != nil && needsAuthStyleProbe {
+		// If we get an error, assume the server wants the
+		// clientID & clientSecret in a different form.
+		// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
+		// In summary:
+		// - Reddit only accepts client secret in the Authorization header
+		// - Dropbox accepts either it in URL param or Auth header, but not both.
+		// - Google only accepts URL param (not spec compliant?), not Auth header
+		// - Stripe only accepts client secret in Auth header with Bearer method, not Basic
+		//
+		// We used to maintain a big table in this code of all the sites and which way
+		// they went, but maintaining it didn't scale & got annoying.
+		// So just try both ways.
+		authStyle = AuthStyleInParams // the second way we'll try
+		req, _ = newTokenRequest(tokenURL, clientID, clientSecret, v, authStyle)
+		token, err = doTokenRoundTrip(ctx, req)
+	}
+	if needsAuthStyleProbe && err == nil {
+		setAuthStyle(tokenURL, authStyle)
+	}
+	// Don't overwrite `RefreshToken` with an empty value
+	// if this was a token refreshing request.
+	if token != nil && token.RefreshToken == "" {
+		token.RefreshToken = v.Get("refresh_token")
+	}
+	return token, err
+}
+
+func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	r, err := ctxhttp.Do(ctx, ContextClient(ctx), req)
 	if err != nil {
 		return nil, err
 	}
-	defer r.Body.Close()
 	body, err := ioutil.ReadAll(io.LimitReader(r.Body, 1<<20))
+	r.Body.Close()
 	if err != nil {
 		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
 	}
@@ -223,12 +260,6 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 			Raw:          vals,
 		}
 		e := vals.Get("expires_in")
-		if e == "" {
-			// TODO(jbd): Facebook's OAuth2 implementation is broken and
-			// returns expires_in field in expires. Remove the fallback to expires,
-			// when Facebook fixes their implementation.
-			e = vals.Get("expires")
-		}
 		expires, _ := strconv.Atoi(e)
 		if expires != 0 {
 			token.Expiry = time.Now().Add(time.Duration(expires) * time.Second)
@@ -247,13 +278,8 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 		}
 		json.Unmarshal(body, &token.Raw) // no error checks for optional fields
 	}
-	// Don't overwrite `RefreshToken` with an empty value
-	// if this was a token refreshing request.
-	if token.RefreshToken == "" {
-		token.RefreshToken = v.Get("refresh_token")
-	}
 	if token.AccessToken == "" {
-		return token, errors.New("oauth2: server response missing access_token")
+		return nil, errors.New("oauth2: server response missing access_token")
 	}
 	return token, nil
 }
diff --git a/vendor/golang.org/x/oauth2/internal/transport.go b/vendor/golang.org/x/oauth2/internal/transport.go
index d16f9ae1feaed..572074a637dd6 100644
--- a/vendor/golang.org/x/oauth2/internal/transport.go
+++ b/vendor/golang.org/x/oauth2/internal/transport.go
@@ -5,9 +5,8 @@
 package internal
 
 import (
+	"context"
 	"net/http"
-
-	"golang.org/x/net/context"
 )
 
 // HTTPClient is the context key to use with golang.org/x/net/context's
diff --git a/vendor/golang.org/x/oauth2/jwt/jwt.go b/vendor/golang.org/x/oauth2/jwt/jwt.go
index e08f315959005..b2bf18298b0c9 100644
--- a/vendor/golang.org/x/oauth2/jwt/jwt.go
+++ b/vendor/golang.org/x/oauth2/jwt/jwt.go
@@ -9,6 +9,7 @@
 package jwt
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -18,7 +19,6 @@ import (
 	"strings"
 	"time"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/internal"
 	"golang.org/x/oauth2/jws"
@@ -61,6 +61,19 @@ type Config struct {
 
 	// Expires optionally specifies how long the token is valid for.
 	Expires time.Duration
+
+	// Audience optionally specifies the intended audience of the
+	// request.  If empty, the value of TokenURL is used as the
+	// intended audience.
+	Audience string
+
+	// PrivateClaims optionally specifies custom private claims in the JWT.
+	// See http://tools.ietf.org/html/draft-jones-json-web-token-10#section-4.3
+	PrivateClaims map[string]interface{}
+
+	// UseIDToken optionally specifies whether ID token should be used instead
+	// of access token when the server returns both.
+	UseIDToken bool
 }
 
 // TokenSource returns a JWT TokenSource using the configuration
@@ -92,9 +105,10 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 	}
 	hc := oauth2.NewClient(js.ctx, nil)
 	claimSet := &jws.ClaimSet{
-		Iss:   js.conf.Email,
-		Scope: strings.Join(js.conf.Scopes, " "),
-		Aud:   js.conf.TokenURL,
+		Iss:           js.conf.Email,
+		Scope:         strings.Join(js.conf.Scopes, " "),
+		Aud:           js.conf.TokenURL,
+		PrivateClaims: js.conf.PrivateClaims,
 	}
 	if subject := js.conf.Subject; subject != "" {
 		claimSet.Sub = subject
@@ -105,6 +119,9 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 	if t := js.conf.Expires; t > 0 {
 		claimSet.Exp = time.Now().Add(t).Unix()
 	}
+	if aud := js.conf.Audience; aud != "" {
+		claimSet.Aud = aud
+	}
 	h := *defaultHeader
 	h.KeyID = js.conf.PrivateKeyID
 	payload, err := jws.Encode(&h, claimSet, pk)
@@ -158,5 +175,11 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 		}
 		token.Expiry = time.Unix(claimSet.Exp, 0)
 	}
+	if js.conf.UseIDToken {
+		if tokenRes.IDToken == "" {
+			return nil, fmt.Errorf("oauth2: response doesn't have JWT token")
+		}
+		token.AccessToken = tokenRes.IDToken
+	}
 	return token, nil
 }
diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go
index a047a5f98b678..291df5c833f96 100644
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -3,19 +3,20 @@
 // license that can be found in the LICENSE file.
 
 // Package oauth2 provides support for making
-// OAuth2 authorized and authenticated HTTP requests.
+// OAuth2 authorized and authenticated HTTP requests,
+// as specified in RFC 6749.
 // It can additionally grant authorization with Bearer JWT.
 package oauth2 // import "golang.org/x/oauth2"
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"net/http"
 	"net/url"
 	"strings"
 	"sync"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2/internal"
 )
 
@@ -25,17 +26,13 @@ import (
 // Deprecated: Use context.Background() or context.TODO() instead.
 var NoContext = context.TODO()
 
-// RegisterBrokenAuthHeaderProvider registers an OAuth2 server
-// identified by the tokenURL prefix as an OAuth2 implementation
-// which doesn't support the HTTP Basic authentication
-// scheme to authenticate with the authorization server.
-// Once a server is registered, credentials (client_id and client_secret)
-// will be passed as query parameters rather than being present
-// in the Authorization header.
-// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
-func RegisterBrokenAuthHeaderProvider(tokenURL string) {
-	internal.RegisterBrokenAuthHeaderProvider(tokenURL)
-}
+// RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op.
+//
+// Deprecated: this function no longer does anything. Caller code that
+// wants to avoid potential extra HTTP requests made during
+// auto-probing of the provider's auth style should set
+// Endpoint.AuthStyle.
+func RegisterBrokenAuthHeaderProvider(tokenURL string) {}
 
 // Config describes a typical 3-legged OAuth2 flow, with both the
 // client application information and the server's endpoint URLs.
@@ -70,13 +67,38 @@ type TokenSource interface {
 	Token() (*Token, error)
 }
 
-// Endpoint contains the OAuth 2.0 provider's authorization and token
+// Endpoint represents an OAuth 2.0 provider's authorization and token
 // endpoint URLs.
 type Endpoint struct {
 	AuthURL  string
 	TokenURL string
+
+	// AuthStyle optionally specifies how the endpoint wants the
+	// client ID & client secret sent. The zero value means to
+	// auto-detect.
+	AuthStyle AuthStyle
 }
 
+// AuthStyle represents how requests for tokens are authenticated
+// to the server.
+type AuthStyle int
+
+const (
+	// AuthStyleAutoDetect means to auto-detect which authentication
+	// style the provider wants by trying both ways and caching
+	// the successful way for the future.
+	AuthStyleAutoDetect AuthStyle = 0
+
+	// AuthStyleInParams sends the "client_id" and "client_secret"
+	// in the POST body as application/x-www-form-urlencoded parameters.
+	AuthStyleInParams AuthStyle = 1
+
+	// AuthStyleInHeader sends the client_id and client_password
+	// using HTTP Basic Authorization. This is an optional style
+	// described in the OAuth2 RFC 6749 section 2.3.1.
+	AuthStyleInHeader AuthStyle = 2
+)
+
 var (
 	// AccessTypeOnline and AccessTypeOffline are options passed
 	// to the Options.AuthCodeURL method. They modify the
@@ -95,7 +117,7 @@ var (
 	// ApprovalForce forces the users to view the consent dialog
 	// and confirm the permissions request at the URL returned
 	// from AuthCodeURL, even if they've already done so.
-	ApprovalForce AuthCodeOption = SetAuthURLParam("approval_prompt", "force")
+	ApprovalForce AuthCodeOption = SetAuthURLParam("prompt", "consent")
 )
 
 // An AuthCodeOption is passed to Config.AuthCodeURL.
@@ -123,6 +145,8 @@ func SetAuthURLParam(key, value string) AuthCodeOption {
 //
 // Opts may include AccessTypeOnline or AccessTypeOffline, as well
 // as ApprovalForce.
+// It can also be used to pass the PKCE challenge.
+// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
 func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 	var buf bytes.Buffer
 	buf.WriteString(c.Endpoint.AuthURL)
@@ -161,8 +185,7 @@ func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 // and when other authorization grant types are not available."
 // See https://tools.ietf.org/html/rfc6749#section-4.3 for more info.
 //
-// The HTTP client to use is derived from the context.
-// If nil, http.DefaultClient is used.
+// The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
 func (c *Config) PasswordCredentialsToken(ctx context.Context, username, password string) (*Token, error) {
 	v := url.Values{
 		"grant_type": {"password"},
@@ -180,12 +203,14 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor
 // It is used after a resource provider redirects the user back
 // to the Redirect URI (the URL obtained from AuthCodeURL).
 //
-// The HTTP client to use is derived from the context.
-// If a client is not provided via the context, http.DefaultClient is used.
+// The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
 //
 // The code will be in the *http.Request.FormValue("code"). Before
 // calling Exchange, be sure to validate FormValue("state").
-func (c *Config) Exchange(ctx context.Context, code string) (*Token, error) {
+//
+// Opts may include the PKCE verifier code if previously used in AuthCodeURL.
+// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
+func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOption) (*Token, error) {
 	v := url.Values{
 		"grant_type": {"authorization_code"},
 		"code":       {code},
@@ -193,6 +218,9 @@ func (c *Config) Exchange(ctx context.Context, code string) (*Token, error) {
 	if c.RedirectURL != "" {
 		v.Set("redirect_uri", c.RedirectURL)
 	}
+	for _, opt := range opts {
+		opt.setValue(v)
+	}
 	return retrieveToken(ctx, c, v)
 }
 
diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go
index 34db8cdc8a35f..822720341af14 100644
--- a/vendor/golang.org/x/oauth2/token.go
+++ b/vendor/golang.org/x/oauth2/token.go
@@ -5,6 +5,7 @@
 package oauth2
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -12,7 +13,6 @@ import (
 	"strings"
 	"time"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2/internal"
 )
 
@@ -118,13 +118,16 @@ func (t *Token) Extra(key string) interface{} {
 	return v
 }
 
+// timeNow is time.Now but pulled out as a variable for tests.
+var timeNow = time.Now
+
 // expired reports whether the token is expired.
 // t must be non-nil.
 func (t *Token) expired() bool {
 	if t.Expiry.IsZero() {
 		return false
 	}
-	return t.Expiry.Round(0).Add(-expiryDelta).Before(time.Now())
+	return t.Expiry.Round(0).Add(-expiryDelta).Before(timeNow())
 }
 
 // Valid reports whether t is non-nil, has an AccessToken, and is not expired.
@@ -151,7 +154,7 @@ func tokenFromInternal(t *internal.Token) *Token {
 // This token is then mapped from *internal.Token into an *oauth2.Token which is returned along
 // with an error..
 func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error) {
-	tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v)
+	tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle))
 	if err != nil {
 		if rErr, ok := err.(*internal.RetrieveError); ok {
 			return nil, (*RetrieveError)(rErr)
diff --git a/vendor/golang.org/x/oauth2/transport.go b/vendor/golang.org/x/oauth2/transport.go
index aa0d34f1e0eaf..90657915fbcf0 100644
--- a/vendor/golang.org/x/oauth2/transport.go
+++ b/vendor/golang.org/x/oauth2/transport.go
@@ -6,7 +6,7 @@ package oauth2
 
 import (
 	"errors"
-	"io"
+	"log"
 	"net/http"
 	"sync"
 )
@@ -25,9 +25,6 @@ type Transport struct {
 	// Base is the base RoundTripper used to make HTTP requests.
 	// If nil, http.DefaultTransport is used.
 	Base http.RoundTripper
-
-	mu     sync.Mutex                      // guards modReq
-	modReq map[*http.Request]*http.Request // original -> modified
 }
 
 // RoundTrip authorizes and authenticates the request with an
@@ -52,35 +49,22 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 
 	req2 := cloneRequest(req) // per RoundTripper contract
 	token.SetAuthHeader(req2)
-	t.setModReq(req, req2)
-	res, err := t.base().RoundTrip(req2)
 
-	// req.Body is assumed to have been closed by the base RoundTripper.
+	// req.Body is assumed to be closed by the base RoundTripper.
 	reqBodyClosed = true
-
-	if err != nil {
-		t.setModReq(req, nil)
-		return nil, err
-	}
-	res.Body = &onEOFReader{
-		rc: res.Body,
-		fn: func() { t.setModReq(req, nil) },
-	}
-	return res, nil
+	return t.base().RoundTrip(req2)
 }
 
-// CancelRequest cancels an in-flight request by closing its connection.
+var cancelOnce sync.Once
+
+// CancelRequest does nothing. It used to be a legacy cancellation mechanism
+// but now only it only logs on first use to warn that it's deprecated.
+//
+// Deprecated: use contexts for cancellation instead.
 func (t *Transport) CancelRequest(req *http.Request) {
-	type canceler interface {
-		CancelRequest(*http.Request)
-	}
-	if cr, ok := t.base().(canceler); ok {
-		t.mu.Lock()
-		modReq := t.modReq[req]
-		delete(t.modReq, req)
-		t.mu.Unlock()
-		cr.CancelRequest(modReq)
-	}
+	cancelOnce.Do(func() {
+		log.Printf("deprecated: golang.org/x/oauth2: Transport.CancelRequest no longer does anything; use contexts")
+	})
 }
 
 func (t *Transport) base() http.RoundTripper {
@@ -90,19 +74,6 @@ func (t *Transport) base() http.RoundTripper {
 	return http.DefaultTransport
 }
 
-func (t *Transport) setModReq(orig, mod *http.Request) {
-	t.mu.Lock()
-	defer t.mu.Unlock()
-	if t.modReq == nil {
-		t.modReq = make(map[*http.Request]*http.Request)
-	}
-	if mod == nil {
-		delete(t.modReq, orig)
-	} else {
-		t.modReq[orig] = mod
-	}
-}
-
 // cloneRequest returns a clone of the provided *http.Request.
 // The clone is a shallow copy of the struct and its Header map.
 func cloneRequest(r *http.Request) *http.Request {
@@ -116,29 +87,3 @@ func cloneRequest(r *http.Request) *http.Request {
 	}
 	return r2
 }
-
-type onEOFReader struct {
-	rc io.ReadCloser
-	fn func()
-}
-
-func (r *onEOFReader) Read(p []byte) (n int, err error) {
-	n, err = r.rc.Read(p)
-	if err == io.EOF {
-		r.runFunc()
-	}
-	return
-}
-
-func (r *onEOFReader) Close() error {
-	err := r.rc.Close()
-	r.runFunc()
-	return err
-}
-
-func (r *onEOFReader) runFunc() {
-	if fn := r.fn; fn != nil {
-		fn()
-		r.fn = nil
-	}
-}
diff --git a/vendor/golang.org/x/sync/README.md b/vendor/golang.org/x/sync/README.md
index 1f8436cc9c868..7c1c8f6c82af4 100644
--- a/vendor/golang.org/x/sync/README.md
+++ b/vendor/golang.org/x/sync/README.md
@@ -1,5 +1,7 @@
 # Go Sync
 
+[![Go Reference](https://pkg.go.dev/badge/golang.org/x/sync.svg)](https://pkg.go.dev/golang.org/x/sync)
+
 This repository provides Go concurrency primitives in addition to the
 ones provided by the language and "sync" and "sync/atomic" packages.
 
diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go
index 533438d91c1f8..9857fe53d3c91 100644
--- a/vendor/golang.org/x/sync/errgroup/errgroup.go
+++ b/vendor/golang.org/x/sync/errgroup/errgroup.go
@@ -7,9 +7,8 @@
 package errgroup
 
 import (
+	"context"
 	"sync"
-
-	"golang.org/x/net/context"
 )
 
 // A Group is a collection of goroutines working on subtasks that are part of
diff --git a/vendor/golang.org/x/sync/go.mod b/vendor/golang.org/x/sync/go.mod
new file mode 100644
index 0000000000000..091b76ea39025
--- /dev/null
+++ b/vendor/golang.org/x/sync/go.mod
@@ -0,0 +1 @@
+module golang.org/x/sync
diff --git a/vendor/golang.org/x/sync/semaphore/semaphore.go b/vendor/golang.org/x/sync/semaphore/semaphore.go
index e9d2d79a97f63..30f632c577bd1 100644
--- a/vendor/golang.org/x/sync/semaphore/semaphore.go
+++ b/vendor/golang.org/x/sync/semaphore/semaphore.go
@@ -7,12 +7,8 @@ package semaphore // import "golang.org/x/sync/semaphore"
 
 import (
 	"container/list"
+	"context"
 	"sync"
-
-	// Use the old context because packages that depend on this one
-	// (e.g. cloud.google.com/go/...) must run on Go 1.6.
-	// TODO(jba): update to "context" when possible.
-	"golang.org/x/net/context"
 )
 
 type waiter struct {
@@ -36,9 +32,9 @@ type Weighted struct {
 	waiters list.List
 }
 
-// Acquire acquires the semaphore with a weight of n, blocking only until ctx
-// is done. On success, returns nil. On failure, returns ctx.Err() and leaves
-// the semaphore unchanged.
+// Acquire acquires the semaphore with a weight of n, blocking until resources
+// are available or ctx is done. On success, returns nil. On failure, returns
+// ctx.Err() and leaves the semaphore unchanged.
 //
 // If ctx is already done, Acquire may still succeed without blocking.
 func (s *Weighted) Acquire(ctx context.Context, n int64) error {
@@ -71,7 +67,12 @@ func (s *Weighted) Acquire(ctx context.Context, n int64) error {
 			// fix up the queue, just pretend we didn't notice the cancelation.
 			err = nil
 		default:
+			isFront := s.waiters.Front() == elem
 			s.waiters.Remove(elem)
+			// If we're at the front and there're extra tokens left, notify other waiters.
+			if isFront && s.size > s.cur {
+				s.notifyWaiters()
+			}
 		}
 		s.mu.Unlock()
 		return err
@@ -99,8 +100,13 @@ func (s *Weighted) Release(n int64) {
 	s.cur -= n
 	if s.cur < 0 {
 		s.mu.Unlock()
-		panic("semaphore: bad release")
+		panic("semaphore: released more than held")
 	}
+	s.notifyWaiters()
+	s.mu.Unlock()
+}
+
+func (s *Weighted) notifyWaiters() {
 	for {
 		next := s.waiters.Front()
 		if next == nil {
@@ -127,5 +133,4 @@ func (s *Weighted) Release(n int64) {
 		s.waiters.Remove(next)
 		close(w.ready)
 	}
-	s.mu.Unlock()
 }
diff --git a/vendor/golang.org/x/sync/singleflight/singleflight.go b/vendor/golang.org/x/sync/singleflight/singleflight.go
index 9a4f8d59e069a..690eb85013473 100644
--- a/vendor/golang.org/x/sync/singleflight/singleflight.go
+++ b/vendor/golang.org/x/sync/singleflight/singleflight.go
@@ -6,7 +6,42 @@
 // mechanism.
 package singleflight // import "golang.org/x/sync/singleflight"
 
-import "sync"
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"runtime"
+	"runtime/debug"
+	"sync"
+)
+
+// errGoexit indicates the runtime.Goexit was called in
+// the user given function.
+var errGoexit = errors.New("runtime.Goexit was called")
+
+// A panicError is an arbitrary value recovered from a panic
+// with the stack trace during the execution of given function.
+type panicError struct {
+	value interface{}
+	stack []byte
+}
+
+// Error implements error interface.
+func (p *panicError) Error() string {
+	return fmt.Sprintf("%v\n\n%s", p.value, p.stack)
+}
+
+func newPanicError(v interface{}) error {
+	stack := debug.Stack()
+
+	// The first line of the stack trace is of the form "goroutine N [status]:"
+	// but by the time the panic reaches Do the goroutine may no longer exist
+	// and its status will have changed. Trim out the misleading line.
+	if line := bytes.IndexByte(stack[:], '\n'); line >= 0 {
+		stack = stack[line+1:]
+	}
+	return &panicError{value: v, stack: stack}
+}
 
 // call is an in-flight or completed singleflight.Do call
 type call struct {
@@ -17,6 +52,10 @@ type call struct {
 	val interface{}
 	err error
 
+	// forgotten indicates whether Forget was called with this call's key
+	// while the call was still in flight.
+	forgotten bool
+
 	// These fields are read and written with the singleflight
 	// mutex held before the WaitGroup is done, and are read but
 	// not written after the WaitGroup is done.
@@ -53,6 +92,12 @@ func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, e
 		c.dups++
 		g.mu.Unlock()
 		c.wg.Wait()
+
+		if e, ok := c.err.(*panicError); ok {
+			panic(e)
+		} else if c.err == errGoexit {
+			runtime.Goexit()
+		}
 		return c.val, c.err, true
 	}
 	c := new(call)
@@ -66,6 +111,8 @@ func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, e
 
 // DoChan is like Do but returns a channel that will receive the
 // results when they are ready.
+//
+// The returned channel will not be closed.
 func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result {
 	ch := make(chan Result, 1)
 	g.mu.Lock()
@@ -90,15 +137,66 @@ func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result
 
 // doCall handles the single call for a key.
 func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
-	c.val, c.err = fn()
-	c.wg.Done()
+	normalReturn := false
+	recovered := false
 
-	g.mu.Lock()
-	delete(g.m, key)
-	for _, ch := range c.chans {
-		ch <- Result{c.val, c.err, c.dups > 0}
+	// use double-defer to distinguish panic from runtime.Goexit,
+	// more details see https://golang.org/cl/134395
+	defer func() {
+		// the given function invoked runtime.Goexit
+		if !normalReturn && !recovered {
+			c.err = errGoexit
+		}
+
+		c.wg.Done()
+		g.mu.Lock()
+		defer g.mu.Unlock()
+		if !c.forgotten {
+			delete(g.m, key)
+		}
+
+		if e, ok := c.err.(*panicError); ok {
+			// In order to prevent the waiting channels from being blocked forever,
+			// needs to ensure that this panic cannot be recovered.
+			if len(c.chans) > 0 {
+				go panic(e)
+				select {} // Keep this goroutine around so that it will appear in the crash dump.
+			} else {
+				panic(e)
+			}
+		} else if c.err == errGoexit {
+			// Already in the process of goexit, no need to call again
+		} else {
+			// Normal return
+			for _, ch := range c.chans {
+				ch <- Result{c.val, c.err, c.dups > 0}
+			}
+		}
+	}()
+
+	func() {
+		defer func() {
+			if !normalReturn {
+				// Ideally, we would wait to take a stack trace until we've determined
+				// whether this is a panic or a runtime.Goexit.
+				//
+				// Unfortunately, the only way we can distinguish the two is to see
+				// whether the recover stopped the goroutine from terminating, and by
+				// the time we know that, the part of the stack trace relevant to the
+				// panic has been discarded.
+				if r := recover(); r != nil {
+					c.err = newPanicError(r)
+				}
+			}
+		}()
+
+		c.val, c.err = fn()
+		normalReturn = true
+	}()
+
+	if !normalReturn {
+		recovered = true
 	}
-	g.mu.Unlock()
 }
 
 // Forget tells the singleflight to forget about a key.  Future calls
@@ -106,6 +204,9 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
 // an earlier call to complete.
 func (g *Group) Forget(key string) {
 	g.mu.Lock()
+	if c, ok := g.m[key]; ok {
+		c.forgotten = true
+	}
 	delete(g.m, key)
 	g.mu.Unlock()
 }
diff --git a/vendor/golang.org/x/sync/syncmap/go19.go b/vendor/golang.org/x/sync/syncmap/go19.go
new file mode 100644
index 0000000000000..fa04dba91b556
--- /dev/null
+++ b/vendor/golang.org/x/sync/syncmap/go19.go
@@ -0,0 +1,18 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.9
+// +build go1.9
+
+package syncmap
+
+import "sync" // home to the standard library's sync.map implementation as of Go 1.9
+
+// Map is a concurrent map with amortized-constant-time loads, stores, and deletes.
+// It is safe for multiple goroutines to call a Map's methods concurrently.
+//
+// The zero Map is valid and empty.
+//
+// A Map must not be copied after first use.
+type Map = sync.Map
diff --git a/vendor/golang.org/x/sync/syncmap/map.go b/vendor/golang.org/x/sync/syncmap/map.go
index 80e15847ef49b..4b638cb7a84e4 100644
--- a/vendor/golang.org/x/sync/syncmap/map.go
+++ b/vendor/golang.org/x/sync/syncmap/map.go
@@ -1,372 +1,8 @@
-// Copyright 2016 The Go Authors. All rights reserved.
+// Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
 // Package syncmap provides a concurrent map implementation.
-// It is a prototype for a proposed addition to the sync package
-// in the standard library.
-// (https://golang.org/issue/18177)
+// This was the prototype for sync.Map which was added to the standard library's
+// sync package in Go 1.9. https://golang.org/pkg/sync/#Map.
 package syncmap
-
-import (
-	"sync"
-	"sync/atomic"
-	"unsafe"
-)
-
-// Map is a concurrent map with amortized-constant-time loads, stores, and deletes.
-// It is safe for multiple goroutines to call a Map's methods concurrently.
-//
-// The zero Map is valid and empty.
-//
-// A Map must not be copied after first use.
-type Map struct {
-	mu sync.Mutex
-
-	// read contains the portion of the map's contents that are safe for
-	// concurrent access (with or without mu held).
-	//
-	// The read field itself is always safe to load, but must only be stored with
-	// mu held.
-	//
-	// Entries stored in read may be updated concurrently without mu, but updating
-	// a previously-expunged entry requires that the entry be copied to the dirty
-	// map and unexpunged with mu held.
-	read atomic.Value // readOnly
-
-	// dirty contains the portion of the map's contents that require mu to be
-	// held. To ensure that the dirty map can be promoted to the read map quickly,
-	// it also includes all of the non-expunged entries in the read map.
-	//
-	// Expunged entries are not stored in the dirty map. An expunged entry in the
-	// clean map must be unexpunged and added to the dirty map before a new value
-	// can be stored to it.
-	//
-	// If the dirty map is nil, the next write to the map will initialize it by
-	// making a shallow copy of the clean map, omitting stale entries.
-	dirty map[interface{}]*entry
-
-	// misses counts the number of loads since the read map was last updated that
-	// needed to lock mu to determine whether the key was present.
-	//
-	// Once enough misses have occurred to cover the cost of copying the dirty
-	// map, the dirty map will be promoted to the read map (in the unamended
-	// state) and the next store to the map will make a new dirty copy.
-	misses int
-}
-
-// readOnly is an immutable struct stored atomically in the Map.read field.
-type readOnly struct {
-	m       map[interface{}]*entry
-	amended bool // true if the dirty map contains some key not in m.
-}
-
-// expunged is an arbitrary pointer that marks entries which have been deleted
-// from the dirty map.
-var expunged = unsafe.Pointer(new(interface{}))
-
-// An entry is a slot in the map corresponding to a particular key.
-type entry struct {
-	// p points to the interface{} value stored for the entry.
-	//
-	// If p == nil, the entry has been deleted and m.dirty == nil.
-	//
-	// If p == expunged, the entry has been deleted, m.dirty != nil, and the entry
-	// is missing from m.dirty.
-	//
-	// Otherwise, the entry is valid and recorded in m.read.m[key] and, if m.dirty
-	// != nil, in m.dirty[key].
-	//
-	// An entry can be deleted by atomic replacement with nil: when m.dirty is
-	// next created, it will atomically replace nil with expunged and leave
-	// m.dirty[key] unset.
-	//
-	// An entry's associated value can be updated by atomic replacement, provided
-	// p != expunged. If p == expunged, an entry's associated value can be updated
-	// only after first setting m.dirty[key] = e so that lookups using the dirty
-	// map find the entry.
-	p unsafe.Pointer // *interface{}
-}
-
-func newEntry(i interface{}) *entry {
-	return &entry{p: unsafe.Pointer(&i)}
-}
-
-// Load returns the value stored in the map for a key, or nil if no
-// value is present.
-// The ok result indicates whether value was found in the map.
-func (m *Map) Load(key interface{}) (value interface{}, ok bool) {
-	read, _ := m.read.Load().(readOnly)
-	e, ok := read.m[key]
-	if !ok && read.amended {
-		m.mu.Lock()
-		// Avoid reporting a spurious miss if m.dirty got promoted while we were
-		// blocked on m.mu. (If further loads of the same key will not miss, it's
-		// not worth copying the dirty map for this key.)
-		read, _ = m.read.Load().(readOnly)
-		e, ok = read.m[key]
-		if !ok && read.amended {
-			e, ok = m.dirty[key]
-			// Regardless of whether the entry was present, record a miss: this key
-			// will take the slow path until the dirty map is promoted to the read
-			// map.
-			m.missLocked()
-		}
-		m.mu.Unlock()
-	}
-	if !ok {
-		return nil, false
-	}
-	return e.load()
-}
-
-func (e *entry) load() (value interface{}, ok bool) {
-	p := atomic.LoadPointer(&e.p)
-	if p == nil || p == expunged {
-		return nil, false
-	}
-	return *(*interface{})(p), true
-}
-
-// Store sets the value for a key.
-func (m *Map) Store(key, value interface{}) {
-	read, _ := m.read.Load().(readOnly)
-	if e, ok := read.m[key]; ok && e.tryStore(&value) {
-		return
-	}
-
-	m.mu.Lock()
-	read, _ = m.read.Load().(readOnly)
-	if e, ok := read.m[key]; ok {
-		if e.unexpungeLocked() {
-			// The entry was previously expunged, which implies that there is a
-			// non-nil dirty map and this entry is not in it.
-			m.dirty[key] = e
-		}
-		e.storeLocked(&value)
-	} else if e, ok := m.dirty[key]; ok {
-		e.storeLocked(&value)
-	} else {
-		if !read.amended {
-			// We're adding the first new key to the dirty map.
-			// Make sure it is allocated and mark the read-only map as incomplete.
-			m.dirtyLocked()
-			m.read.Store(readOnly{m: read.m, amended: true})
-		}
-		m.dirty[key] = newEntry(value)
-	}
-	m.mu.Unlock()
-}
-
-// tryStore stores a value if the entry has not been expunged.
-//
-// If the entry is expunged, tryStore returns false and leaves the entry
-// unchanged.
-func (e *entry) tryStore(i *interface{}) bool {
-	p := atomic.LoadPointer(&e.p)
-	if p == expunged {
-		return false
-	}
-	for {
-		if atomic.CompareAndSwapPointer(&e.p, p, unsafe.Pointer(i)) {
-			return true
-		}
-		p = atomic.LoadPointer(&e.p)
-		if p == expunged {
-			return false
-		}
-	}
-}
-
-// unexpungeLocked ensures that the entry is not marked as expunged.
-//
-// If the entry was previously expunged, it must be added to the dirty map
-// before m.mu is unlocked.
-func (e *entry) unexpungeLocked() (wasExpunged bool) {
-	return atomic.CompareAndSwapPointer(&e.p, expunged, nil)
-}
-
-// storeLocked unconditionally stores a value to the entry.
-//
-// The entry must be known not to be expunged.
-func (e *entry) storeLocked(i *interface{}) {
-	atomic.StorePointer(&e.p, unsafe.Pointer(i))
-}
-
-// LoadOrStore returns the existing value for the key if present.
-// Otherwise, it stores and returns the given value.
-// The loaded result is true if the value was loaded, false if stored.
-func (m *Map) LoadOrStore(key, value interface{}) (actual interface{}, loaded bool) {
-	// Avoid locking if it's a clean hit.
-	read, _ := m.read.Load().(readOnly)
-	if e, ok := read.m[key]; ok {
-		actual, loaded, ok := e.tryLoadOrStore(value)
-		if ok {
-			return actual, loaded
-		}
-	}
-
-	m.mu.Lock()
-	read, _ = m.read.Load().(readOnly)
-	if e, ok := read.m[key]; ok {
-		if e.unexpungeLocked() {
-			m.dirty[key] = e
-		}
-		actual, loaded, _ = e.tryLoadOrStore(value)
-	} else if e, ok := m.dirty[key]; ok {
-		actual, loaded, _ = e.tryLoadOrStore(value)
-		m.missLocked()
-	} else {
-		if !read.amended {
-			// We're adding the first new key to the dirty map.
-			// Make sure it is allocated and mark the read-only map as incomplete.
-			m.dirtyLocked()
-			m.read.Store(readOnly{m: read.m, amended: true})
-		}
-		m.dirty[key] = newEntry(value)
-		actual, loaded = value, false
-	}
-	m.mu.Unlock()
-
-	return actual, loaded
-}
-
-// tryLoadOrStore atomically loads or stores a value if the entry is not
-// expunged.
-//
-// If the entry is expunged, tryLoadOrStore leaves the entry unchanged and
-// returns with ok==false.
-func (e *entry) tryLoadOrStore(i interface{}) (actual interface{}, loaded, ok bool) {
-	p := atomic.LoadPointer(&e.p)
-	if p == expunged {
-		return nil, false, false
-	}
-	if p != nil {
-		return *(*interface{})(p), true, true
-	}
-
-	// Copy the interface after the first load to make this method more amenable
-	// to escape analysis: if we hit the "load" path or the entry is expunged, we
-	// shouldn't bother heap-allocating.
-	ic := i
-	for {
-		if atomic.CompareAndSwapPointer(&e.p, nil, unsafe.Pointer(&ic)) {
-			return i, false, true
-		}
-		p = atomic.LoadPointer(&e.p)
-		if p == expunged {
-			return nil, false, false
-		}
-		if p != nil {
-			return *(*interface{})(p), true, true
-		}
-	}
-}
-
-// Delete deletes the value for a key.
-func (m *Map) Delete(key interface{}) {
-	read, _ := m.read.Load().(readOnly)
-	e, ok := read.m[key]
-	if !ok && read.amended {
-		m.mu.Lock()
-		read, _ = m.read.Load().(readOnly)
-		e, ok = read.m[key]
-		if !ok && read.amended {
-			delete(m.dirty, key)
-		}
-		m.mu.Unlock()
-	}
-	if ok {
-		e.delete()
-	}
-}
-
-func (e *entry) delete() (hadValue bool) {
-	for {
-		p := atomic.LoadPointer(&e.p)
-		if p == nil || p == expunged {
-			return false
-		}
-		if atomic.CompareAndSwapPointer(&e.p, p, nil) {
-			return true
-		}
-	}
-}
-
-// Range calls f sequentially for each key and value present in the map.
-// If f returns false, range stops the iteration.
-//
-// Range does not necessarily correspond to any consistent snapshot of the Map's
-// contents: no key will be visited more than once, but if the value for any key
-// is stored or deleted concurrently, Range may reflect any mapping for that key
-// from any point during the Range call.
-//
-// Range may be O(N) with the number of elements in the map even if f returns
-// false after a constant number of calls.
-func (m *Map) Range(f func(key, value interface{}) bool) {
-	// We need to be able to iterate over all of the keys that were already
-	// present at the start of the call to Range.
-	// If read.amended is false, then read.m satisfies that property without
-	// requiring us to hold m.mu for a long time.
-	read, _ := m.read.Load().(readOnly)
-	if read.amended {
-		// m.dirty contains keys not in read.m. Fortunately, Range is already O(N)
-		// (assuming the caller does not break out early), so a call to Range
-		// amortizes an entire copy of the map: we can promote the dirty copy
-		// immediately!
-		m.mu.Lock()
-		read, _ = m.read.Load().(readOnly)
-		if read.amended {
-			read = readOnly{m: m.dirty}
-			m.read.Store(read)
-			m.dirty = nil
-			m.misses = 0
-		}
-		m.mu.Unlock()
-	}
-
-	for k, e := range read.m {
-		v, ok := e.load()
-		if !ok {
-			continue
-		}
-		if !f(k, v) {
-			break
-		}
-	}
-}
-
-func (m *Map) missLocked() {
-	m.misses++
-	if m.misses < len(m.dirty) {
-		return
-	}
-	m.read.Store(readOnly{m: m.dirty})
-	m.dirty = nil
-	m.misses = 0
-}
-
-func (m *Map) dirtyLocked() {
-	if m.dirty != nil {
-		return
-	}
-
-	read, _ := m.read.Load().(readOnly)
-	m.dirty = make(map[interface{}]*entry, len(read.m))
-	for k, e := range read.m {
-		if !e.tryExpungeLocked() {
-			m.dirty[k] = e
-		}
-	}
-}
-
-func (e *entry) tryExpungeLocked() (isExpunged bool) {
-	p := atomic.LoadPointer(&e.p)
-	for p == nil {
-		if atomic.CompareAndSwapPointer(&e.p, nil, expunged) {
-			return true
-		}
-		p = atomic.LoadPointer(&e.p)
-	}
-	return p == expunged
-}
diff --git a/vendor/golang.org/x/sync/syncmap/pre_go19.go b/vendor/golang.org/x/sync/syncmap/pre_go19.go
new file mode 100644
index 0000000000000..5bba41349c6ca
--- /dev/null
+++ b/vendor/golang.org/x/sync/syncmap/pre_go19.go
@@ -0,0 +1,371 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.9
+// +build !go1.9
+
+package syncmap
+
+import (
+	"sync"
+	"sync/atomic"
+	"unsafe"
+)
+
+// Map is a concurrent map with amortized-constant-time loads, stores, and deletes.
+// It is safe for multiple goroutines to call a Map's methods concurrently.
+//
+// The zero Map is valid and empty.
+//
+// A Map must not be copied after first use.
+type Map struct {
+	mu sync.Mutex
+
+	// read contains the portion of the map's contents that are safe for
+	// concurrent access (with or without mu held).
+	//
+	// The read field itself is always safe to load, but must only be stored with
+	// mu held.
+	//
+	// Entries stored in read may be updated concurrently without mu, but updating
+	// a previously-expunged entry requires that the entry be copied to the dirty
+	// map and unexpunged with mu held.
+	read atomic.Value // readOnly
+
+	// dirty contains the portion of the map's contents that require mu to be
+	// held. To ensure that the dirty map can be promoted to the read map quickly,
+	// it also includes all of the non-expunged entries in the read map.
+	//
+	// Expunged entries are not stored in the dirty map. An expunged entry in the
+	// clean map must be unexpunged and added to the dirty map before a new value
+	// can be stored to it.
+	//
+	// If the dirty map is nil, the next write to the map will initialize it by
+	// making a shallow copy of the clean map, omitting stale entries.
+	dirty map[interface{}]*entry
+
+	// misses counts the number of loads since the read map was last updated that
+	// needed to lock mu to determine whether the key was present.
+	//
+	// Once enough misses have occurred to cover the cost of copying the dirty
+	// map, the dirty map will be promoted to the read map (in the unamended
+	// state) and the next store to the map will make a new dirty copy.
+	misses int
+}
+
+// readOnly is an immutable struct stored atomically in the Map.read field.
+type readOnly struct {
+	m       map[interface{}]*entry
+	amended bool // true if the dirty map contains some key not in m.
+}
+
+// expunged is an arbitrary pointer that marks entries which have been deleted
+// from the dirty map.
+var expunged = unsafe.Pointer(new(interface{}))
+
+// An entry is a slot in the map corresponding to a particular key.
+type entry struct {
+	// p points to the interface{} value stored for the entry.
+	//
+	// If p == nil, the entry has been deleted and m.dirty == nil.
+	//
+	// If p == expunged, the entry has been deleted, m.dirty != nil, and the entry
+	// is missing from m.dirty.
+	//
+	// Otherwise, the entry is valid and recorded in m.read.m[key] and, if m.dirty
+	// != nil, in m.dirty[key].
+	//
+	// An entry can be deleted by atomic replacement with nil: when m.dirty is
+	// next created, it will atomically replace nil with expunged and leave
+	// m.dirty[key] unset.
+	//
+	// An entry's associated value can be updated by atomic replacement, provided
+	// p != expunged. If p == expunged, an entry's associated value can be updated
+	// only after first setting m.dirty[key] = e so that lookups using the dirty
+	// map find the entry.
+	p unsafe.Pointer // *interface{}
+}
+
+func newEntry(i interface{}) *entry {
+	return &entry{p: unsafe.Pointer(&i)}
+}
+
+// Load returns the value stored in the map for a key, or nil if no
+// value is present.
+// The ok result indicates whether value was found in the map.
+func (m *Map) Load(key interface{}) (value interface{}, ok bool) {
+	read, _ := m.read.Load().(readOnly)
+	e, ok := read.m[key]
+	if !ok && read.amended {
+		m.mu.Lock()
+		// Avoid reporting a spurious miss if m.dirty got promoted while we were
+		// blocked on m.mu. (If further loads of the same key will not miss, it's
+		// not worth copying the dirty map for this key.)
+		read, _ = m.read.Load().(readOnly)
+		e, ok = read.m[key]
+		if !ok && read.amended {
+			e, ok = m.dirty[key]
+			// Regardless of whether the entry was present, record a miss: this key
+			// will take the slow path until the dirty map is promoted to the read
+			// map.
+			m.missLocked()
+		}
+		m.mu.Unlock()
+	}
+	if !ok {
+		return nil, false
+	}
+	return e.load()
+}
+
+func (e *entry) load() (value interface{}, ok bool) {
+	p := atomic.LoadPointer(&e.p)
+	if p == nil || p == expunged {
+		return nil, false
+	}
+	return *(*interface{})(p), true
+}
+
+// Store sets the value for a key.
+func (m *Map) Store(key, value interface{}) {
+	read, _ := m.read.Load().(readOnly)
+	if e, ok := read.m[key]; ok && e.tryStore(&value) {
+		return
+	}
+
+	m.mu.Lock()
+	read, _ = m.read.Load().(readOnly)
+	if e, ok := read.m[key]; ok {
+		if e.unexpungeLocked() {
+			// The entry was previously expunged, which implies that there is a
+			// non-nil dirty map and this entry is not in it.
+			m.dirty[key] = e
+		}
+		e.storeLocked(&value)
+	} else if e, ok := m.dirty[key]; ok {
+		e.storeLocked(&value)
+	} else {
+		if !read.amended {
+			// We're adding the first new key to the dirty map.
+			// Make sure it is allocated and mark the read-only map as incomplete.
+			m.dirtyLocked()
+			m.read.Store(readOnly{m: read.m, amended: true})
+		}
+		m.dirty[key] = newEntry(value)
+	}
+	m.mu.Unlock()
+}
+
+// tryStore stores a value if the entry has not been expunged.
+//
+// If the entry is expunged, tryStore returns false and leaves the entry
+// unchanged.
+func (e *entry) tryStore(i *interface{}) bool {
+	p := atomic.LoadPointer(&e.p)
+	if p == expunged {
+		return false
+	}
+	for {
+		if atomic.CompareAndSwapPointer(&e.p, p, unsafe.Pointer(i)) {
+			return true
+		}
+		p = atomic.LoadPointer(&e.p)
+		if p == expunged {
+			return false
+		}
+	}
+}
+
+// unexpungeLocked ensures that the entry is not marked as expunged.
+//
+// If the entry was previously expunged, it must be added to the dirty map
+// before m.mu is unlocked.
+func (e *entry) unexpungeLocked() (wasExpunged bool) {
+	return atomic.CompareAndSwapPointer(&e.p, expunged, nil)
+}
+
+// storeLocked unconditionally stores a value to the entry.
+//
+// The entry must be known not to be expunged.
+func (e *entry) storeLocked(i *interface{}) {
+	atomic.StorePointer(&e.p, unsafe.Pointer(i))
+}
+
+// LoadOrStore returns the existing value for the key if present.
+// Otherwise, it stores and returns the given value.
+// The loaded result is true if the value was loaded, false if stored.
+func (m *Map) LoadOrStore(key, value interface{}) (actual interface{}, loaded bool) {
+	// Avoid locking if it's a clean hit.
+	read, _ := m.read.Load().(readOnly)
+	if e, ok := read.m[key]; ok {
+		actual, loaded, ok := e.tryLoadOrStore(value)
+		if ok {
+			return actual, loaded
+		}
+	}
+
+	m.mu.Lock()
+	read, _ = m.read.Load().(readOnly)
+	if e, ok := read.m[key]; ok {
+		if e.unexpungeLocked() {
+			m.dirty[key] = e
+		}
+		actual, loaded, _ = e.tryLoadOrStore(value)
+	} else if e, ok := m.dirty[key]; ok {
+		actual, loaded, _ = e.tryLoadOrStore(value)
+		m.missLocked()
+	} else {
+		if !read.amended {
+			// We're adding the first new key to the dirty map.
+			// Make sure it is allocated and mark the read-only map as incomplete.
+			m.dirtyLocked()
+			m.read.Store(readOnly{m: read.m, amended: true})
+		}
+		m.dirty[key] = newEntry(value)
+		actual, loaded = value, false
+	}
+	m.mu.Unlock()
+
+	return actual, loaded
+}
+
+// tryLoadOrStore atomically loads or stores a value if the entry is not
+// expunged.
+//
+// If the entry is expunged, tryLoadOrStore leaves the entry unchanged and
+// returns with ok==false.
+func (e *entry) tryLoadOrStore(i interface{}) (actual interface{}, loaded, ok bool) {
+	p := atomic.LoadPointer(&e.p)
+	if p == expunged {
+		return nil, false, false
+	}
+	if p != nil {
+		return *(*interface{})(p), true, true
+	}
+
+	// Copy the interface after the first load to make this method more amenable
+	// to escape analysis: if we hit the "load" path or the entry is expunged, we
+	// shouldn't bother heap-allocating.
+	ic := i
+	for {
+		if atomic.CompareAndSwapPointer(&e.p, nil, unsafe.Pointer(&ic)) {
+			return i, false, true
+		}
+		p = atomic.LoadPointer(&e.p)
+		if p == expunged {
+			return nil, false, false
+		}
+		if p != nil {
+			return *(*interface{})(p), true, true
+		}
+	}
+}
+
+// Delete deletes the value for a key.
+func (m *Map) Delete(key interface{}) {
+	read, _ := m.read.Load().(readOnly)
+	e, ok := read.m[key]
+	if !ok && read.amended {
+		m.mu.Lock()
+		read, _ = m.read.Load().(readOnly)
+		e, ok = read.m[key]
+		if !ok && read.amended {
+			delete(m.dirty, key)
+		}
+		m.mu.Unlock()
+	}
+	if ok {
+		e.delete()
+	}
+}
+
+func (e *entry) delete() (hadValue bool) {
+	for {
+		p := atomic.LoadPointer(&e.p)
+		if p == nil || p == expunged {
+			return false
+		}
+		if atomic.CompareAndSwapPointer(&e.p, p, nil) {
+			return true
+		}
+	}
+}
+
+// Range calls f sequentially for each key and value present in the map.
+// If f returns false, range stops the iteration.
+//
+// Range does not necessarily correspond to any consistent snapshot of the Map's
+// contents: no key will be visited more than once, but if the value for any key
+// is stored or deleted concurrently, Range may reflect any mapping for that key
+// from any point during the Range call.
+//
+// Range may be O(N) with the number of elements in the map even if f returns
+// false after a constant number of calls.
+func (m *Map) Range(f func(key, value interface{}) bool) {
+	// We need to be able to iterate over all of the keys that were already
+	// present at the start of the call to Range.
+	// If read.amended is false, then read.m satisfies that property without
+	// requiring us to hold m.mu for a long time.
+	read, _ := m.read.Load().(readOnly)
+	if read.amended {
+		// m.dirty contains keys not in read.m. Fortunately, Range is already O(N)
+		// (assuming the caller does not break out early), so a call to Range
+		// amortizes an entire copy of the map: we can promote the dirty copy
+		// immediately!
+		m.mu.Lock()
+		read, _ = m.read.Load().(readOnly)
+		if read.amended {
+			read = readOnly{m: m.dirty}
+			m.read.Store(read)
+			m.dirty = nil
+			m.misses = 0
+		}
+		m.mu.Unlock()
+	}
+
+	for k, e := range read.m {
+		v, ok := e.load()
+		if !ok {
+			continue
+		}
+		if !f(k, v) {
+			break
+		}
+	}
+}
+
+func (m *Map) missLocked() {
+	m.misses++
+	if m.misses < len(m.dirty) {
+		return
+	}
+	m.read.Store(readOnly{m: m.dirty})
+	m.dirty = nil
+	m.misses = 0
+}
+
+func (m *Map) dirtyLocked() {
+	if m.dirty != nil {
+		return
+	}
+
+	read, _ := m.read.Load().(readOnly)
+	m.dirty = make(map[interface{}]*entry, len(read.m))
+	for k, e := range read.m {
+		if !e.tryExpungeLocked() {
+			m.dirty[k] = e
+		}
+	}
+}
+
+func (e *entry) tryExpungeLocked() (isExpunged bool) {
+	p := atomic.LoadPointer(&e.p)
+	for p == nil {
+		if atomic.CompareAndSwapPointer(&e.p, nil, expunged) {
+			return true
+		}
+		p = atomic.LoadPointer(&e.p)
+	}
+	return p == expunged
+}
diff --git a/vendor/golang.org/x/sys/README.md b/vendor/golang.org/x/sys/README.md
index ef6c9e59c2610..3b7e728042fdc 100644
--- a/vendor/golang.org/x/sys/README.md
+++ b/vendor/golang.org/x/sys/README.md
@@ -1,5 +1,7 @@
 # sys
 
+[![Go Reference](https://pkg.go.dev/badge/golang.org/x/sys.svg)](https://pkg.go.dev/golang.org/x/sys)
+
 This repository holds supplemental Go packages for low-level interactions with
 the operating system.
 
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
new file mode 100644
index 0000000000000..db9171c2e4913
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -0,0 +1,18 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+//
+// System calls for ppc64, AIX are implemented in runtime/syscall_aix.go
+//
+
+TEXT ·syscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·syscall6(SB)
+
+TEXT ·rawSyscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·rawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/cpu/byteorder.go b/vendor/golang.org/x/sys/cpu/byteorder.go
new file mode 100644
index 0000000000000..dcbb14ef35a48
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/byteorder.go
@@ -0,0 +1,65 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"runtime"
+)
+
+// byteOrder is a subset of encoding/binary.ByteOrder.
+type byteOrder interface {
+	Uint32([]byte) uint32
+	Uint64([]byte) uint64
+}
+
+type littleEndian struct{}
+type bigEndian struct{}
+
+func (littleEndian) Uint32(b []byte) uint32 {
+	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+}
+
+func (littleEndian) Uint64(b []byte) uint64 {
+	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+		uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+}
+
+func (bigEndian) Uint32(b []byte) uint32 {
+	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
+}
+
+func (bigEndian) Uint64(b []byte) uint64 {
+	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
+		uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
+}
+
+// hostByteOrder returns littleEndian on little-endian machines and
+// bigEndian on big-endian machines.
+func hostByteOrder() byteOrder {
+	switch runtime.GOARCH {
+	case "386", "amd64", "amd64p32",
+		"alpha",
+		"arm", "arm64",
+		"mipsle", "mips64le", "mips64p32le",
+		"nios2",
+		"ppc64le",
+		"riscv", "riscv64",
+		"sh":
+		return littleEndian{}
+	case "armbe", "arm64be",
+		"m68k",
+		"mips", "mips64", "mips64p32",
+		"ppc", "ppc64",
+		"s390", "s390x",
+		"shbe",
+		"sparc", "sparc64":
+		return bigEndian{}
+	}
+	panic("unknown architecture")
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
index 3d88f866739e9..b56886f261631 100644
--- a/vendor/golang.org/x/sys/cpu/cpu.go
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -6,6 +6,18 @@
 // various CPU architectures.
 package cpu
 
+import (
+	"os"
+	"strings"
+)
+
+// Initialized reports whether the CPU features were initialized.
+//
+// For some GOOS/GOARCH combinations initialization of the CPU features depends
+// on reading an operating specific file, e.g. /proc/self/auxv on linux/arm
+// Initialized will report false if reading the file fails.
+var Initialized bool
+
 // CacheLinePad is used to pad structs to avoid false sharing.
 type CacheLinePad struct{ _ [cacheLineSize]byte }
 
@@ -17,22 +29,259 @@ type CacheLinePad struct{ _ [cacheLineSize]byte }
 // and HasAVX2 are only set if the OS supports XMM and YMM
 // registers in addition to the CPUID feature bit being set.
 var X86 struct {
-	_            CacheLinePad
-	HasAES       bool // AES hardware implementation (AES NI)
-	HasADX       bool // Multi-precision add-carry instruction extensions
-	HasAVX       bool // Advanced vector extension
-	HasAVX2      bool // Advanced vector extension 2
-	HasBMI1      bool // Bit manipulation instruction set 1
-	HasBMI2      bool // Bit manipulation instruction set 2
-	HasERMS      bool // Enhanced REP for MOVSB and STOSB
-	HasFMA       bool // Fused-multiply-add instructions
-	HasOSXSAVE   bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
-	HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM
-	HasPOPCNT    bool // Hamming weight instruction POPCNT.
-	HasSSE2      bool // Streaming SIMD extension 2 (always available on amd64)
-	HasSSE3      bool // Streaming SIMD extension 3
-	HasSSSE3     bool // Supplemental streaming SIMD extension 3
-	HasSSE41     bool // Streaming SIMD extension 4 and 4.1
-	HasSSE42     bool // Streaming SIMD extension 4 and 4.2
-	_            CacheLinePad
+	_                   CacheLinePad
+	HasAES              bool // AES hardware implementation (AES NI)
+	HasADX              bool // Multi-precision add-carry instruction extensions
+	HasAVX              bool // Advanced vector extension
+	HasAVX2             bool // Advanced vector extension 2
+	HasAVX512           bool // Advanced vector extension 512
+	HasAVX512F          bool // Advanced vector extension 512 Foundation Instructions
+	HasAVX512CD         bool // Advanced vector extension 512 Conflict Detection Instructions
+	HasAVX512ER         bool // Advanced vector extension 512 Exponential and Reciprocal Instructions
+	HasAVX512PF         bool // Advanced vector extension 512 Prefetch Instructions Instructions
+	HasAVX512VL         bool // Advanced vector extension 512 Vector Length Extensions
+	HasAVX512BW         bool // Advanced vector extension 512 Byte and Word Instructions
+	HasAVX512DQ         bool // Advanced vector extension 512 Doubleword and Quadword Instructions
+	HasAVX512IFMA       bool // Advanced vector extension 512 Integer Fused Multiply Add
+	HasAVX512VBMI       bool // Advanced vector extension 512 Vector Byte Manipulation Instructions
+	HasAVX5124VNNIW     bool // Advanced vector extension 512 Vector Neural Network Instructions Word variable precision
+	HasAVX5124FMAPS     bool // Advanced vector extension 512 Fused Multiply Accumulation Packed Single precision
+	HasAVX512VPOPCNTDQ  bool // Advanced vector extension 512 Double and quad word population count instructions
+	HasAVX512VPCLMULQDQ bool // Advanced vector extension 512 Vector carry-less multiply operations
+	HasAVX512VNNI       bool // Advanced vector extension 512 Vector Neural Network Instructions
+	HasAVX512GFNI       bool // Advanced vector extension 512 Galois field New Instructions
+	HasAVX512VAES       bool // Advanced vector extension 512 Vector AES instructions
+	HasAVX512VBMI2      bool // Advanced vector extension 512 Vector Byte Manipulation Instructions 2
+	HasAVX512BITALG     bool // Advanced vector extension 512 Bit Algorithms
+	HasAVX512BF16       bool // Advanced vector extension 512 BFloat16 Instructions
+	HasBMI1             bool // Bit manipulation instruction set 1
+	HasBMI2             bool // Bit manipulation instruction set 2
+	HasCX16             bool // Compare and exchange 16 Bytes
+	HasERMS             bool // Enhanced REP for MOVSB and STOSB
+	HasFMA              bool // Fused-multiply-add instructions
+	HasOSXSAVE          bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
+	HasPCLMULQDQ        bool // PCLMULQDQ instruction - most often used for AES-GCM
+	HasPOPCNT           bool // Hamming weight instruction POPCNT.
+	HasRDRAND           bool // RDRAND instruction (on-chip random number generator)
+	HasRDSEED           bool // RDSEED instruction (on-chip random number generator)
+	HasSSE2             bool // Streaming SIMD extension 2 (always available on amd64)
+	HasSSE3             bool // Streaming SIMD extension 3
+	HasSSSE3            bool // Supplemental streaming SIMD extension 3
+	HasSSE41            bool // Streaming SIMD extension 4 and 4.1
+	HasSSE42            bool // Streaming SIMD extension 4 and 4.2
+	_                   CacheLinePad
+}
+
+// ARM64 contains the supported CPU features of the
+// current ARMv8(aarch64) platform. If the current platform
+// is not arm64 then all feature flags are false.
+var ARM64 struct {
+	_           CacheLinePad
+	HasFP       bool // Floating-point instruction set (always available)
+	HasASIMD    bool // Advanced SIMD (always available)
+	HasEVTSTRM  bool // Event stream support
+	HasAES      bool // AES hardware implementation
+	HasPMULL    bool // Polynomial multiplication instruction set
+	HasSHA1     bool // SHA1 hardware implementation
+	HasSHA2     bool // SHA2 hardware implementation
+	HasCRC32    bool // CRC32 hardware implementation
+	HasATOMICS  bool // Atomic memory operation instruction set
+	HasFPHP     bool // Half precision floating-point instruction set
+	HasASIMDHP  bool // Advanced SIMD half precision instruction set
+	HasCPUID    bool // CPUID identification scheme registers
+	HasASIMDRDM bool // Rounding double multiply add/subtract instruction set
+	HasJSCVT    bool // Javascript conversion from floating-point to integer
+	HasFCMA     bool // Floating-point multiplication and addition of complex numbers
+	HasLRCPC    bool // Release Consistent processor consistent support
+	HasDCPOP    bool // Persistent memory support
+	HasSHA3     bool // SHA3 hardware implementation
+	HasSM3      bool // SM3 hardware implementation
+	HasSM4      bool // SM4 hardware implementation
+	HasASIMDDP  bool // Advanced SIMD double precision instruction set
+	HasSHA512   bool // SHA512 hardware implementation
+	HasSVE      bool // Scalable Vector Extensions
+	HasASIMDFHM bool // Advanced SIMD multiplication FP16 to FP32
+	_           CacheLinePad
+}
+
+// ARM contains the supported CPU features of the current ARM (32-bit) platform.
+// All feature flags are false if:
+//   1. the current platform is not arm, or
+//   2. the current operating system is not Linux.
+var ARM struct {
+	_           CacheLinePad
+	HasSWP      bool // SWP instruction support
+	HasHALF     bool // Half-word load and store support
+	HasTHUMB    bool // ARM Thumb instruction set
+	Has26BIT    bool // Address space limited to 26-bits
+	HasFASTMUL  bool // 32-bit operand, 64-bit result multiplication support
+	HasFPA      bool // Floating point arithmetic support
+	HasVFP      bool // Vector floating point support
+	HasEDSP     bool // DSP Extensions support
+	HasJAVA     bool // Java instruction set
+	HasIWMMXT   bool // Intel Wireless MMX technology support
+	HasCRUNCH   bool // MaverickCrunch context switching and handling
+	HasTHUMBEE  bool // Thumb EE instruction set
+	HasNEON     bool // NEON instruction set
+	HasVFPv3    bool // Vector floating point version 3 support
+	HasVFPv3D16 bool // Vector floating point version 3 D8-D15
+	HasTLS      bool // Thread local storage support
+	HasVFPv4    bool // Vector floating point version 4 support
+	HasIDIVA    bool // Integer divide instruction support in ARM mode
+	HasIDIVT    bool // Integer divide instruction support in Thumb mode
+	HasVFPD32   bool // Vector floating point version 3 D15-D31
+	HasLPAE     bool // Large Physical Address Extensions
+	HasEVTSTRM  bool // Event stream support
+	HasAES      bool // AES hardware implementation
+	HasPMULL    bool // Polynomial multiplication instruction set
+	HasSHA1     bool // SHA1 hardware implementation
+	HasSHA2     bool // SHA2 hardware implementation
+	HasCRC32    bool // CRC32 hardware implementation
+	_           CacheLinePad
+}
+
+// MIPS64X contains the supported CPU features of the current mips64/mips64le
+// platforms. If the current platform is not mips64/mips64le or the current
+// operating system is not Linux then all feature flags are false.
+var MIPS64X struct {
+	_      CacheLinePad
+	HasMSA bool // MIPS SIMD architecture
+	_      CacheLinePad
+}
+
+// PPC64 contains the supported CPU features of the current ppc64/ppc64le platforms.
+// If the current platform is not ppc64/ppc64le then all feature flags are false.
+//
+// For ppc64/ppc64le, it is safe to check only for ISA level starting on ISA v3.00,
+// since there are no optional categories. There are some exceptions that also
+// require kernel support to work (DARN, SCV), so there are feature bits for
+// those as well. The struct is padded to avoid false sharing.
+var PPC64 struct {
+	_        CacheLinePad
+	HasDARN  bool // Hardware random number generator (requires kernel enablement)
+	HasSCV   bool // Syscall vectored (requires kernel enablement)
+	IsPOWER8 bool // ISA v2.07 (POWER8)
+	IsPOWER9 bool // ISA v3.00 (POWER9), implies IsPOWER8
+	_        CacheLinePad
+}
+
+// S390X contains the supported CPU features of the current IBM Z
+// (s390x) platform. If the current platform is not IBM Z then all
+// feature flags are false.
+//
+// S390X is padded to avoid false sharing. Further HasVX is only set
+// if the OS supports vector registers in addition to the STFLE
+// feature bit being set.
+var S390X struct {
+	_         CacheLinePad
+	HasZARCH  bool // z/Architecture mode is active [mandatory]
+	HasSTFLE  bool // store facility list extended
+	HasLDISP  bool // long (20-bit) displacements
+	HasEIMM   bool // 32-bit immediates
+	HasDFP    bool // decimal floating point
+	HasETF3EH bool // ETF-3 enhanced
+	HasMSA    bool // message security assist (CPACF)
+	HasAES    bool // KM-AES{128,192,256} functions
+	HasAESCBC bool // KMC-AES{128,192,256} functions
+	HasAESCTR bool // KMCTR-AES{128,192,256} functions
+	HasAESGCM bool // KMA-GCM-AES{128,192,256} functions
+	HasGHASH  bool // KIMD-GHASH function
+	HasSHA1   bool // K{I,L}MD-SHA-1 functions
+	HasSHA256 bool // K{I,L}MD-SHA-256 functions
+	HasSHA512 bool // K{I,L}MD-SHA-512 functions
+	HasSHA3   bool // K{I,L}MD-SHA3-{224,256,384,512} and K{I,L}MD-SHAKE-{128,256} functions
+	HasVX     bool // vector facility
+	HasVXE    bool // vector-enhancements facility 1
+	_         CacheLinePad
+}
+
+func init() {
+	archInit()
+	initOptions()
+	processOptions()
+}
+
+// options contains the cpu debug options that can be used in GODEBUG.
+// Options are arch dependent and are added by the arch specific initOptions functions.
+// Features that are mandatory for the specific GOARCH should have the Required field set
+// (e.g. SSE2 on amd64).
+var options []option
+
+// Option names should be lower case. e.g. avx instead of AVX.
+type option struct {
+	Name      string
+	Feature   *bool
+	Specified bool // whether feature value was specified in GODEBUG
+	Enable    bool // whether feature should be enabled
+	Required  bool // whether feature is mandatory and can not be disabled
+}
+
+func processOptions() {
+	env := os.Getenv("GODEBUG")
+field:
+	for env != "" {
+		field := ""
+		i := strings.IndexByte(env, ',')
+		if i < 0 {
+			field, env = env, ""
+		} else {
+			field, env = env[:i], env[i+1:]
+		}
+		if len(field) < 4 || field[:4] != "cpu." {
+			continue
+		}
+		i = strings.IndexByte(field, '=')
+		if i < 0 {
+			print("GODEBUG sys/cpu: no value specified for \"", field, "\"\n")
+			continue
+		}
+		key, value := field[4:i], field[i+1:] // e.g. "SSE2", "on"
+
+		var enable bool
+		switch value {
+		case "on":
+			enable = true
+		case "off":
+			enable = false
+		default:
+			print("GODEBUG sys/cpu: value \"", value, "\" not supported for cpu option \"", key, "\"\n")
+			continue field
+		}
+
+		if key == "all" {
+			for i := range options {
+				options[i].Specified = true
+				options[i].Enable = enable || options[i].Required
+			}
+			continue field
+		}
+
+		for i := range options {
+			if options[i].Name == key {
+				options[i].Specified = true
+				options[i].Enable = enable
+				continue field
+			}
+		}
+
+		print("GODEBUG sys/cpu: unknown cpu feature \"", key, "\"\n")
+	}
+
+	for _, o := range options {
+		if !o.Specified {
+			continue
+		}
+
+		if o.Enable && !*o.Feature {
+			print("GODEBUG sys/cpu: can not enable \"", o.Name, "\", missing CPU support\n")
+			continue
+		}
+
+		if !o.Enable && o.Required {
+			print("GODEBUG sys/cpu: can not disable \"", o.Name, "\", required CPU feature\n")
+			continue
+		}
+
+		*o.Feature = o.Enable
+	}
 }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_aix.go b/vendor/golang.org/x/sys/cpu/cpu_aix.go
new file mode 100644
index 0000000000000..8aaeef545a76b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_aix.go
@@ -0,0 +1,34 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix
+// +build aix
+
+package cpu
+
+const (
+	// getsystemcfg constants
+	_SC_IMPL     = 2
+	_IMPL_POWER8 = 0x10000
+	_IMPL_POWER9 = 0x20000
+)
+
+func archInit() {
+	impl := getsystemcfg(_SC_IMPL)
+	if impl&_IMPL_POWER8 != 0 {
+		PPC64.IsPOWER8 = true
+	}
+	if impl&_IMPL_POWER9 != 0 {
+		PPC64.IsPOWER8 = true
+		PPC64.IsPOWER9 = true
+	}
+
+	Initialized = true
+}
+
+func getsystemcfg(label int) (n uint64) {
+	r0, _ := callgetsystemcfg(label)
+	n = uint64(r0)
+	return
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
index d93036f7522bf..301b752e9c53d 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm.go
@@ -5,3 +5,69 @@
 package cpu
 
 const cacheLineSize = 32
+
+// HWCAP/HWCAP2 bits.
+// These are specific to Linux.
+const (
+	hwcap_SWP       = 1 << 0
+	hwcap_HALF      = 1 << 1
+	hwcap_THUMB     = 1 << 2
+	hwcap_26BIT     = 1 << 3
+	hwcap_FAST_MULT = 1 << 4
+	hwcap_FPA       = 1 << 5
+	hwcap_VFP       = 1 << 6
+	hwcap_EDSP      = 1 << 7
+	hwcap_JAVA      = 1 << 8
+	hwcap_IWMMXT    = 1 << 9
+	hwcap_CRUNCH    = 1 << 10
+	hwcap_THUMBEE   = 1 << 11
+	hwcap_NEON      = 1 << 12
+	hwcap_VFPv3     = 1 << 13
+	hwcap_VFPv3D16  = 1 << 14
+	hwcap_TLS       = 1 << 15
+	hwcap_VFPv4     = 1 << 16
+	hwcap_IDIVA     = 1 << 17
+	hwcap_IDIVT     = 1 << 18
+	hwcap_VFPD32    = 1 << 19
+	hwcap_LPAE      = 1 << 20
+	hwcap_EVTSTRM   = 1 << 21
+
+	hwcap2_AES   = 1 << 0
+	hwcap2_PMULL = 1 << 1
+	hwcap2_SHA1  = 1 << 2
+	hwcap2_SHA2  = 1 << 3
+	hwcap2_CRC32 = 1 << 4
+)
+
+func initOptions() {
+	options = []option{
+		{Name: "pmull", Feature: &ARM.HasPMULL},
+		{Name: "sha1", Feature: &ARM.HasSHA1},
+		{Name: "sha2", Feature: &ARM.HasSHA2},
+		{Name: "swp", Feature: &ARM.HasSWP},
+		{Name: "thumb", Feature: &ARM.HasTHUMB},
+		{Name: "thumbee", Feature: &ARM.HasTHUMBEE},
+		{Name: "tls", Feature: &ARM.HasTLS},
+		{Name: "vfp", Feature: &ARM.HasVFP},
+		{Name: "vfpd32", Feature: &ARM.HasVFPD32},
+		{Name: "vfpv3", Feature: &ARM.HasVFPv3},
+		{Name: "vfpv3d16", Feature: &ARM.HasVFPv3D16},
+		{Name: "vfpv4", Feature: &ARM.HasVFPv4},
+		{Name: "half", Feature: &ARM.HasHALF},
+		{Name: "26bit", Feature: &ARM.Has26BIT},
+		{Name: "fastmul", Feature: &ARM.HasFASTMUL},
+		{Name: "fpa", Feature: &ARM.HasFPA},
+		{Name: "edsp", Feature: &ARM.HasEDSP},
+		{Name: "java", Feature: &ARM.HasJAVA},
+		{Name: "iwmmxt", Feature: &ARM.HasIWMMXT},
+		{Name: "crunch", Feature: &ARM.HasCRUNCH},
+		{Name: "neon", Feature: &ARM.HasNEON},
+		{Name: "idivt", Feature: &ARM.HasIDIVT},
+		{Name: "idiva", Feature: &ARM.HasIDIVA},
+		{Name: "lpae", Feature: &ARM.HasLPAE},
+		{Name: "evtstrm", Feature: &ARM.HasEVTSTRM},
+		{Name: "aes", Feature: &ARM.HasAES},
+		{Name: "crc32", Feature: &ARM.HasCRC32},
+	}
+
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
index 1d2ab2902a769..87dd5e30215b1 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -1,7 +1,172 @@
-// Copyright 2018 The Go Authors. All rights reserved.
+// Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
 package cpu
 
+import "runtime"
+
 const cacheLineSize = 64
+
+func initOptions() {
+	options = []option{
+		{Name: "fp", Feature: &ARM64.HasFP},
+		{Name: "asimd", Feature: &ARM64.HasASIMD},
+		{Name: "evstrm", Feature: &ARM64.HasEVTSTRM},
+		{Name: "aes", Feature: &ARM64.HasAES},
+		{Name: "fphp", Feature: &ARM64.HasFPHP},
+		{Name: "jscvt", Feature: &ARM64.HasJSCVT},
+		{Name: "lrcpc", Feature: &ARM64.HasLRCPC},
+		{Name: "pmull", Feature: &ARM64.HasPMULL},
+		{Name: "sha1", Feature: &ARM64.HasSHA1},
+		{Name: "sha2", Feature: &ARM64.HasSHA2},
+		{Name: "sha3", Feature: &ARM64.HasSHA3},
+		{Name: "sha512", Feature: &ARM64.HasSHA512},
+		{Name: "sm3", Feature: &ARM64.HasSM3},
+		{Name: "sm4", Feature: &ARM64.HasSM4},
+		{Name: "sve", Feature: &ARM64.HasSVE},
+		{Name: "crc32", Feature: &ARM64.HasCRC32},
+		{Name: "atomics", Feature: &ARM64.HasATOMICS},
+		{Name: "asimdhp", Feature: &ARM64.HasASIMDHP},
+		{Name: "cpuid", Feature: &ARM64.HasCPUID},
+		{Name: "asimrdm", Feature: &ARM64.HasASIMDRDM},
+		{Name: "fcma", Feature: &ARM64.HasFCMA},
+		{Name: "dcpop", Feature: &ARM64.HasDCPOP},
+		{Name: "asimddp", Feature: &ARM64.HasASIMDDP},
+		{Name: "asimdfhm", Feature: &ARM64.HasASIMDFHM},
+	}
+}
+
+func archInit() {
+	switch runtime.GOOS {
+	case "freebsd":
+		readARM64Registers()
+	case "linux", "netbsd":
+		doinit()
+	default:
+		// Most platforms don't seem to allow reading these registers.
+		//
+		// OpenBSD:
+		// See https://golang.org/issue/31746
+		setMinimalFeatures()
+	}
+}
+
+// setMinimalFeatures fakes the minimal ARM64 features expected by
+// TestARM64minimalFeatures.
+func setMinimalFeatures() {
+	ARM64.HasASIMD = true
+	ARM64.HasFP = true
+}
+
+func readARM64Registers() {
+	Initialized = true
+
+	parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0())
+}
+
+func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) {
+	// ID_AA64ISAR0_EL1
+	switch extractBits(isar0, 4, 7) {
+	case 1:
+		ARM64.HasAES = true
+	case 2:
+		ARM64.HasAES = true
+		ARM64.HasPMULL = true
+	}
+
+	switch extractBits(isar0, 8, 11) {
+	case 1:
+		ARM64.HasSHA1 = true
+	}
+
+	switch extractBits(isar0, 12, 15) {
+	case 1:
+		ARM64.HasSHA2 = true
+	case 2:
+		ARM64.HasSHA2 = true
+		ARM64.HasSHA512 = true
+	}
+
+	switch extractBits(isar0, 16, 19) {
+	case 1:
+		ARM64.HasCRC32 = true
+	}
+
+	switch extractBits(isar0, 20, 23) {
+	case 2:
+		ARM64.HasATOMICS = true
+	}
+
+	switch extractBits(isar0, 28, 31) {
+	case 1:
+		ARM64.HasASIMDRDM = true
+	}
+
+	switch extractBits(isar0, 32, 35) {
+	case 1:
+		ARM64.HasSHA3 = true
+	}
+
+	switch extractBits(isar0, 36, 39) {
+	case 1:
+		ARM64.HasSM3 = true
+	}
+
+	switch extractBits(isar0, 40, 43) {
+	case 1:
+		ARM64.HasSM4 = true
+	}
+
+	switch extractBits(isar0, 44, 47) {
+	case 1:
+		ARM64.HasASIMDDP = true
+	}
+
+	// ID_AA64ISAR1_EL1
+	switch extractBits(isar1, 0, 3) {
+	case 1:
+		ARM64.HasDCPOP = true
+	}
+
+	switch extractBits(isar1, 12, 15) {
+	case 1:
+		ARM64.HasJSCVT = true
+	}
+
+	switch extractBits(isar1, 16, 19) {
+	case 1:
+		ARM64.HasFCMA = true
+	}
+
+	switch extractBits(isar1, 20, 23) {
+	case 1:
+		ARM64.HasLRCPC = true
+	}
+
+	// ID_AA64PFR0_EL1
+	switch extractBits(pfr0, 16, 19) {
+	case 0:
+		ARM64.HasFP = true
+	case 1:
+		ARM64.HasFP = true
+		ARM64.HasFPHP = true
+	}
+
+	switch extractBits(pfr0, 20, 23) {
+	case 0:
+		ARM64.HasASIMD = true
+	case 1:
+		ARM64.HasASIMD = true
+		ARM64.HasASIMDHP = true
+	}
+
+	switch extractBits(pfr0, 32, 35) {
+	case 1:
+		ARM64.HasSVE = true
+	}
+}
+
+func extractBits(data uint64, start, end uint) uint {
+	return (uint)(data>>start) & ((1 << (end - start + 1)) - 1)
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
new file mode 100644
index 0000000000000..c61f95a05a73c
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -0,0 +1,32 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+// func getisar0() uint64
+TEXT ·getisar0(SB),NOSPLIT,$0-8
+	// get Instruction Set Attributes 0 into x0
+	// mrs x0, ID_AA64ISAR0_EL1 = d5380600
+	WORD	$0xd5380600
+	MOVD	R0, ret+0(FP)
+	RET
+
+// func getisar1() uint64
+TEXT ·getisar1(SB),NOSPLIT,$0-8
+	// get Instruction Set Attributes 1 into x0
+	// mrs x0, ID_AA64ISAR1_EL1 = d5380620
+	WORD	$0xd5380620
+	MOVD	R0, ret+0(FP)
+	RET
+
+// func getpfr0() uint64
+TEXT ·getpfr0(SB),NOSPLIT,$0-8
+	// get Processor Feature Register 0 into x0
+	// mrs x0, ID_AA64PFR0_EL1 = d5380400
+	WORD	$0xd5380400
+	MOVD	R0, ret+0(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
new file mode 100644
index 0000000000000..ccf542a73da87
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+package cpu
+
+func getisar0() uint64
+func getisar1() uint64
+func getpfr0() uint64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
new file mode 100644
index 0000000000000..0af2f248412d5
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+package cpu
+
+// haveAsmFunctions reports whether the other functions in this file can
+// be safely called.
+func haveAsmFunctions() bool { return true }
+
+// The following feature detection functions are defined in cpu_s390x.s.
+// They are likely to be expensive to call so the results should be cached.
+func stfle() facilityList
+func kmQuery() queryResult
+func kmcQuery() queryResult
+func kmctrQuery() queryResult
+func kmaQuery() queryResult
+func kimdQuery() queryResult
+func klmdQuery() queryResult
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
index f7cb46971cb05..3298a87e98129 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -2,8 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (386 || amd64 || amd64p32) && gc
 // +build 386 amd64 amd64p32
-// +build !gccgo
+// +build gc
 
 package cpu
 
@@ -14,3 +15,7 @@ func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
 // xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
 // and in cpu_gccgo.c for gccgo.
 func xgetbv() (eax, edx uint32)
+
+// darwinSupportsAVX512 is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo_x86.go for gccgo.
+func darwinSupportsAVX512() bool
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
deleted file mode 100644
index ba49b91bd398c..0000000000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build 386 amd64 amd64p32
-// +build gccgo
-
-package cpu
-
-//extern gccgoGetCpuidCount
-func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
-
-func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
-	var a, b, c, d uint32
-	gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
-	return a, b, c, d
-}
-
-//extern gccgoXgetbv
-func gccgoXgetbv(eax, edx *uint32)
-
-func xgetbv() (eax, edx uint32) {
-	var a, d uint32
-	gccgoXgetbv(&a, &d)
-	return a, d
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
new file mode 100644
index 0000000000000..2aff31891162e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gccgo
+// +build gccgo
+
+package cpu
+
+func getisar0() uint64 { return 0 }
+func getisar1() uint64 { return 0 }
+func getpfr0() uint64  { return 0 }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
new file mode 100644
index 0000000000000..4bfbda61993df
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
@@ -0,0 +1,23 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gccgo
+// +build gccgo
+
+package cpu
+
+// haveAsmFunctions reports whether the other functions in this file can
+// be safely called.
+func haveAsmFunctions() bool { return false }
+
+// TODO(mundaym): the following feature detection functions are currently
+// stubs. See https://golang.org/cl/162887 for how to fix this.
+// They are likely to be expensive to call so the results should be cached.
+func stfle() facilityList     { panic("not implemented for gccgo") }
+func kmQuery() queryResult    { panic("not implemented for gccgo") }
+func kmcQuery() queryResult   { panic("not implemented for gccgo") }
+func kmctrQuery() queryResult { panic("not implemented for gccgo") }
+func kmaQuery() queryResult   { panic("not implemented for gccgo") }
+func kimdQuery() queryResult  { panic("not implemented for gccgo") }
+func klmdQuery() queryResult  { panic("not implemented for gccgo") }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
similarity index 100%
rename from vendor/golang.org/x/sys/cpu/cpu_gccgo.c
rename to vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
new file mode 100644
index 0000000000000..863d415ab4987
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
@@ -0,0 +1,33 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gccgo
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+package cpu
+
+//extern gccgoGetCpuidCount
+func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
+
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
+	var a, b, c, d uint32
+	gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
+	return a, b, c, d
+}
+
+//extern gccgoXgetbv
+func gccgoXgetbv(eax, edx *uint32)
+
+func xgetbv() (eax, edx uint32) {
+	var a, d uint32
+	gccgoXgetbv(&a, &d)
+	return a, d
+}
+
+// gccgo doesn't build on Darwin, per:
+// https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gcc.rb#L76
+func darwinSupportsAVX512() bool {
+	return false
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux.go b/vendor/golang.org/x/sys/cpu/cpu_linux.go
new file mode 100644
index 0000000000000..159a686f6f7a9
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !386 && !amd64 && !amd64p32 && !arm64
+// +build !386,!amd64,!amd64p32,!arm64
+
+package cpu
+
+func archInit() {
+	if err := readHWCAP(); err != nil {
+		return
+	}
+	doinit()
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
new file mode 100644
index 0000000000000..2057006dce4c0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func doinit() {
+	ARM.HasSWP = isSet(hwCap, hwcap_SWP)
+	ARM.HasHALF = isSet(hwCap, hwcap_HALF)
+	ARM.HasTHUMB = isSet(hwCap, hwcap_THUMB)
+	ARM.Has26BIT = isSet(hwCap, hwcap_26BIT)
+	ARM.HasFASTMUL = isSet(hwCap, hwcap_FAST_MULT)
+	ARM.HasFPA = isSet(hwCap, hwcap_FPA)
+	ARM.HasVFP = isSet(hwCap, hwcap_VFP)
+	ARM.HasEDSP = isSet(hwCap, hwcap_EDSP)
+	ARM.HasJAVA = isSet(hwCap, hwcap_JAVA)
+	ARM.HasIWMMXT = isSet(hwCap, hwcap_IWMMXT)
+	ARM.HasCRUNCH = isSet(hwCap, hwcap_CRUNCH)
+	ARM.HasTHUMBEE = isSet(hwCap, hwcap_THUMBEE)
+	ARM.HasNEON = isSet(hwCap, hwcap_NEON)
+	ARM.HasVFPv3 = isSet(hwCap, hwcap_VFPv3)
+	ARM.HasVFPv3D16 = isSet(hwCap, hwcap_VFPv3D16)
+	ARM.HasTLS = isSet(hwCap, hwcap_TLS)
+	ARM.HasVFPv4 = isSet(hwCap, hwcap_VFPv4)
+	ARM.HasIDIVA = isSet(hwCap, hwcap_IDIVA)
+	ARM.HasIDIVT = isSet(hwCap, hwcap_IDIVT)
+	ARM.HasVFPD32 = isSet(hwCap, hwcap_VFPD32)
+	ARM.HasLPAE = isSet(hwCap, hwcap_LPAE)
+	ARM.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+	ARM.HasAES = isSet(hwCap2, hwcap2_AES)
+	ARM.HasPMULL = isSet(hwCap2, hwcap2_PMULL)
+	ARM.HasSHA1 = isSet(hwCap2, hwcap2_SHA1)
+	ARM.HasSHA2 = isSet(hwCap2, hwcap2_SHA2)
+	ARM.HasCRC32 = isSet(hwCap2, hwcap2_CRC32)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
new file mode 100644
index 0000000000000..79a38a0b9bccb
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
@@ -0,0 +1,71 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+// HWCAP/HWCAP2 bits. These are exposed by Linux.
+const (
+	hwcap_FP       = 1 << 0
+	hwcap_ASIMD    = 1 << 1
+	hwcap_EVTSTRM  = 1 << 2
+	hwcap_AES      = 1 << 3
+	hwcap_PMULL    = 1 << 4
+	hwcap_SHA1     = 1 << 5
+	hwcap_SHA2     = 1 << 6
+	hwcap_CRC32    = 1 << 7
+	hwcap_ATOMICS  = 1 << 8
+	hwcap_FPHP     = 1 << 9
+	hwcap_ASIMDHP  = 1 << 10
+	hwcap_CPUID    = 1 << 11
+	hwcap_ASIMDRDM = 1 << 12
+	hwcap_JSCVT    = 1 << 13
+	hwcap_FCMA     = 1 << 14
+	hwcap_LRCPC    = 1 << 15
+	hwcap_DCPOP    = 1 << 16
+	hwcap_SHA3     = 1 << 17
+	hwcap_SM3      = 1 << 18
+	hwcap_SM4      = 1 << 19
+	hwcap_ASIMDDP  = 1 << 20
+	hwcap_SHA512   = 1 << 21
+	hwcap_SVE      = 1 << 22
+	hwcap_ASIMDFHM = 1 << 23
+)
+
+func doinit() {
+	if err := readHWCAP(); err != nil {
+		// failed to read /proc/self/auxv, try reading registers directly
+		readARM64Registers()
+		return
+	}
+
+	// HWCAP feature bits
+	ARM64.HasFP = isSet(hwCap, hwcap_FP)
+	ARM64.HasASIMD = isSet(hwCap, hwcap_ASIMD)
+	ARM64.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+	ARM64.HasAES = isSet(hwCap, hwcap_AES)
+	ARM64.HasPMULL = isSet(hwCap, hwcap_PMULL)
+	ARM64.HasSHA1 = isSet(hwCap, hwcap_SHA1)
+	ARM64.HasSHA2 = isSet(hwCap, hwcap_SHA2)
+	ARM64.HasCRC32 = isSet(hwCap, hwcap_CRC32)
+	ARM64.HasATOMICS = isSet(hwCap, hwcap_ATOMICS)
+	ARM64.HasFPHP = isSet(hwCap, hwcap_FPHP)
+	ARM64.HasASIMDHP = isSet(hwCap, hwcap_ASIMDHP)
+	ARM64.HasCPUID = isSet(hwCap, hwcap_CPUID)
+	ARM64.HasASIMDRDM = isSet(hwCap, hwcap_ASIMDRDM)
+	ARM64.HasJSCVT = isSet(hwCap, hwcap_JSCVT)
+	ARM64.HasFCMA = isSet(hwCap, hwcap_FCMA)
+	ARM64.HasLRCPC = isSet(hwCap, hwcap_LRCPC)
+	ARM64.HasDCPOP = isSet(hwCap, hwcap_DCPOP)
+	ARM64.HasSHA3 = isSet(hwCap, hwcap_SHA3)
+	ARM64.HasSM3 = isSet(hwCap, hwcap_SM3)
+	ARM64.HasSM4 = isSet(hwCap, hwcap_SM4)
+	ARM64.HasASIMDDP = isSet(hwCap, hwcap_ASIMDDP)
+	ARM64.HasSHA512 = isSet(hwCap, hwcap_SHA512)
+	ARM64.HasSVE = isSet(hwCap, hwcap_SVE)
+	ARM64.HasASIMDFHM = isSet(hwCap, hwcap_ASIMDFHM)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
new file mode 100644
index 0000000000000..6000db4cdd1b3
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
@@ -0,0 +1,24 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (mips64 || mips64le)
+// +build linux
+// +build mips64 mips64le
+
+package cpu
+
+// HWCAP bits. These are exposed by the Linux kernel 5.4.
+const (
+	// CPU features
+	hwcap_MIPS_MSA = 1 << 1
+)
+
+func doinit() {
+	// HWCAP feature bits
+	MIPS64X.HasMSA = isSet(hwCap, hwcap_MIPS_MSA)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
new file mode 100644
index 0000000000000..f4992b1a59388
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -0,0 +1,10 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x
+// +build linux,!arm,!arm64,!mips64,!mips64le,!ppc64,!ppc64le,!s390x
+
+package cpu
+
+func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
new file mode 100644
index 0000000000000..021356d6deb05
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
@@ -0,0 +1,32 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (ppc64 || ppc64le)
+// +build linux
+// +build ppc64 ppc64le
+
+package cpu
+
+// HWCAP/HWCAP2 bits. These are exposed by the kernel.
+const (
+	// ISA Level
+	_PPC_FEATURE2_ARCH_2_07 = 0x80000000
+	_PPC_FEATURE2_ARCH_3_00 = 0x00800000
+
+	// CPU features
+	_PPC_FEATURE2_DARN = 0x00200000
+	_PPC_FEATURE2_SCV  = 0x00100000
+)
+
+func doinit() {
+	// HWCAP2 feature bits
+	PPC64.IsPOWER8 = isSet(hwCap2, _PPC_FEATURE2_ARCH_2_07)
+	PPC64.IsPOWER9 = isSet(hwCap2, _PPC_FEATURE2_ARCH_3_00)
+	PPC64.HasDARN = isSet(hwCap2, _PPC_FEATURE2_DARN)
+	PPC64.HasSCV = isSet(hwCap2, _PPC_FEATURE2_SCV)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
new file mode 100644
index 0000000000000..1517ac61d31b5
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
@@ -0,0 +1,40 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const (
+	// bit mask values from /usr/include/bits/hwcap.h
+	hwcap_ZARCH  = 2
+	hwcap_STFLE  = 4
+	hwcap_MSA    = 8
+	hwcap_LDISP  = 16
+	hwcap_EIMM   = 32
+	hwcap_DFP    = 64
+	hwcap_ETF3EH = 256
+	hwcap_VX     = 2048
+	hwcap_VXE    = 8192
+)
+
+func initS390Xbase() {
+	// test HWCAP bit vector
+	has := func(featureMask uint) bool {
+		return hwCap&featureMask == featureMask
+	}
+
+	// mandatory
+	S390X.HasZARCH = has(hwcap_ZARCH)
+
+	// optional
+	S390X.HasSTFLE = has(hwcap_STFLE)
+	S390X.HasLDISP = has(hwcap_LDISP)
+	S390X.HasEIMM = has(hwcap_EIMM)
+	S390X.HasETF3EH = has(hwcap_ETF3EH)
+	S390X.HasDFP = has(hwcap_DFP)
+	S390X.HasMSA = has(hwcap_MSA)
+	S390X.HasVX = has(hwcap_VX)
+	if S390X.HasVX {
+		S390X.HasVXE = has(hwcap_VXE)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
index 6165f121249ab..f4063c66423b0 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -2,8 +2,15 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build mips64 || mips64le
 // +build mips64 mips64le
 
 package cpu
 
 const cacheLineSize = 32
+
+func initOptions() {
+	options = []option{
+		{Name: "msa", Feature: &MIPS64X.HasMSA},
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
index 1269eee88d006..07c4e36d8f55d 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -2,8 +2,11 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build mips || mipsle
 // +build mips mipsle
 
 package cpu
 
 const cacheLineSize = 32
+
+func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
new file mode 100644
index 0000000000000..ebfb3fc8e76d2
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
@@ -0,0 +1,173 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Minimal copy of functionality from x/sys/unix so the cpu package can call
+// sysctl without depending on x/sys/unix.
+
+const (
+	_CTL_QUERY = -2
+
+	_SYSCTL_VERS_1 = 0x1000000
+)
+
+var _zero uintptr
+
+func sysctl(mib []int32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, errno := syscall.Syscall6(
+		syscall.SYS___SYSCTL,
+		uintptr(_p0),
+		uintptr(len(mib)),
+		uintptr(unsafe.Pointer(old)),
+		uintptr(unsafe.Pointer(oldlen)),
+		uintptr(unsafe.Pointer(new)),
+		uintptr(newlen))
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+type sysctlNode struct {
+	Flags          uint32
+	Num            int32
+	Name           [32]int8
+	Ver            uint32
+	__rsvd         uint32
+	Un             [16]byte
+	_sysctl_size   [8]byte
+	_sysctl_func   [8]byte
+	_sysctl_parent [8]byte
+	_sysctl_desc   [8]byte
+}
+
+func sysctlNodes(mib []int32) ([]sysctlNode, error) {
+	var olen uintptr
+
+	// Get a list of all sysctl nodes below the given MIB by performing
+	// a sysctl for the given MIB with CTL_QUERY appended.
+	mib = append(mib, _CTL_QUERY)
+	qnode := sysctlNode{Flags: _SYSCTL_VERS_1}
+	qp := (*byte)(unsafe.Pointer(&qnode))
+	sz := unsafe.Sizeof(qnode)
+	if err := sysctl(mib, nil, &olen, qp, sz); err != nil {
+		return nil, err
+	}
+
+	// Now that we know the size, get the actual nodes.
+	nodes := make([]sysctlNode, olen/sz)
+	np := (*byte)(unsafe.Pointer(&nodes[0]))
+	if err := sysctl(mib, np, &olen, qp, sz); err != nil {
+		return nil, err
+	}
+
+	return nodes, nil
+}
+
+func nametomib(name string) ([]int32, error) {
+	// Split name into components.
+	var parts []string
+	last := 0
+	for i := 0; i < len(name); i++ {
+		if name[i] == '.' {
+			parts = append(parts, name[last:i])
+			last = i + 1
+		}
+	}
+	parts = append(parts, name[last:])
+
+	mib := []int32{}
+	// Discover the nodes and construct the MIB OID.
+	for partno, part := range parts {
+		nodes, err := sysctlNodes(mib)
+		if err != nil {
+			return nil, err
+		}
+		for _, node := range nodes {
+			n := make([]byte, 0)
+			for i := range node.Name {
+				if node.Name[i] != 0 {
+					n = append(n, byte(node.Name[i]))
+				}
+			}
+			if string(n) == part {
+				mib = append(mib, int32(node.Num))
+				break
+			}
+		}
+		if len(mib) != partno+1 {
+			return nil, err
+		}
+	}
+
+	return mib, nil
+}
+
+// aarch64SysctlCPUID is struct aarch64_sysctl_cpu_id from NetBSD's <aarch64/armreg.h>
+type aarch64SysctlCPUID struct {
+	midr      uint64 /* Main ID Register */
+	revidr    uint64 /* Revision ID Register */
+	mpidr     uint64 /* Multiprocessor Affinity Register */
+	aa64dfr0  uint64 /* A64 Debug Feature Register 0 */
+	aa64dfr1  uint64 /* A64 Debug Feature Register 1 */
+	aa64isar0 uint64 /* A64 Instruction Set Attribute Register 0 */
+	aa64isar1 uint64 /* A64 Instruction Set Attribute Register 1 */
+	aa64mmfr0 uint64 /* A64 Memory Model Feature Register 0 */
+	aa64mmfr1 uint64 /* A64 Memory Model Feature Register 1 */
+	aa64mmfr2 uint64 /* A64 Memory Model Feature Register 2 */
+	aa64pfr0  uint64 /* A64 Processor Feature Register 0 */
+	aa64pfr1  uint64 /* A64 Processor Feature Register 1 */
+	aa64zfr0  uint64 /* A64 SVE Feature ID Register 0 */
+	mvfr0     uint32 /* Media and VFP Feature Register 0 */
+	mvfr1     uint32 /* Media and VFP Feature Register 1 */
+	mvfr2     uint32 /* Media and VFP Feature Register 2 */
+	pad       uint32
+	clidr     uint64 /* Cache Level ID Register */
+	ctr       uint64 /* Cache Type Register */
+}
+
+func sysctlCPUID(name string) (*aarch64SysctlCPUID, error) {
+	mib, err := nametomib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	out := aarch64SysctlCPUID{}
+	n := unsafe.Sizeof(out)
+	_, _, errno := syscall.Syscall6(
+		syscall.SYS___SYSCTL,
+		uintptr(unsafe.Pointer(&mib[0])),
+		uintptr(len(mib)),
+		uintptr(unsafe.Pointer(&out)),
+		uintptr(unsafe.Pointer(&n)),
+		uintptr(0),
+		uintptr(0))
+	if errno != 0 {
+		return nil, errno
+	}
+	return &out, nil
+}
+
+func doinit() {
+	cpuid, err := sysctlCPUID("machdep.cpu0.cpu_id")
+	if err != nil {
+		setMinimalFeatures()
+		return
+	}
+	parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0)
+
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
new file mode 100644
index 0000000000000..d7b4fb4ccc24f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
@@ -0,0 +1,10 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && arm
+// +build !linux,arm
+
+package cpu
+
+func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
new file mode 100644
index 0000000000000..f8c484f589f5e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -0,0 +1,10 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && !netbsd && arm64
+// +build !linux,!netbsd,arm64
+
+package cpu
+
+func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
new file mode 100644
index 0000000000000..0dafe9644a5a1
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
@@ -0,0 +1,13 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && (mips64 || mips64le)
+// +build !linux
+// +build mips64 mips64le
+
+package cpu
+
+func archInit() {
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
index d10759a524f28..4e8acd16583dd 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -1,9 +1,17 @@
-// Copyright 2018 The Go Authors. All rights reserved.
+// Copyright 2020 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build ppc64 || ppc64le
 // +build ppc64 ppc64le
 
 package cpu
 
 const cacheLineSize = 128
+
+func initOptions() {
+	options = []option{
+		{Name: "darn", Feature: &PPC64.HasDARN},
+		{Name: "scv", Feature: &PPC64.HasSCV},
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
new file mode 100644
index 0000000000000..bd6c128af9b91
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build riscv64
+// +build riscv64
+
+package cpu
+
+const cacheLineSize = 32
+
+func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
index 684c4f005d09e..5881b8833f5a5 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
@@ -1,7 +1,172 @@
-// Copyright 2018 The Go Authors. All rights reserved.
+// Copyright 2020 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
 package cpu
 
 const cacheLineSize = 256
+
+func initOptions() {
+	options = []option{
+		{Name: "zarch", Feature: &S390X.HasZARCH, Required: true},
+		{Name: "stfle", Feature: &S390X.HasSTFLE, Required: true},
+		{Name: "ldisp", Feature: &S390X.HasLDISP, Required: true},
+		{Name: "eimm", Feature: &S390X.HasEIMM, Required: true},
+		{Name: "dfp", Feature: &S390X.HasDFP},
+		{Name: "etf3eh", Feature: &S390X.HasETF3EH},
+		{Name: "msa", Feature: &S390X.HasMSA},
+		{Name: "aes", Feature: &S390X.HasAES},
+		{Name: "aescbc", Feature: &S390X.HasAESCBC},
+		{Name: "aesctr", Feature: &S390X.HasAESCTR},
+		{Name: "aesgcm", Feature: &S390X.HasAESGCM},
+		{Name: "ghash", Feature: &S390X.HasGHASH},
+		{Name: "sha1", Feature: &S390X.HasSHA1},
+		{Name: "sha256", Feature: &S390X.HasSHA256},
+		{Name: "sha3", Feature: &S390X.HasSHA3},
+		{Name: "sha512", Feature: &S390X.HasSHA512},
+		{Name: "vx", Feature: &S390X.HasVX},
+		{Name: "vxe", Feature: &S390X.HasVXE},
+	}
+}
+
+// bitIsSet reports whether the bit at index is set. The bit index
+// is in big endian order, so bit index 0 is the leftmost bit.
+func bitIsSet(bits []uint64, index uint) bool {
+	return bits[index/64]&((1<<63)>>(index%64)) != 0
+}
+
+// facility is a bit index for the named facility.
+type facility uint8
+
+const (
+	// mandatory facilities
+	zarch  facility = 1  // z architecture mode is active
+	stflef facility = 7  // store-facility-list-extended
+	ldisp  facility = 18 // long-displacement
+	eimm   facility = 21 // extended-immediate
+
+	// miscellaneous facilities
+	dfp    facility = 42 // decimal-floating-point
+	etf3eh facility = 30 // extended-translation 3 enhancement
+
+	// cryptography facilities
+	msa  facility = 17  // message-security-assist
+	msa3 facility = 76  // message-security-assist extension 3
+	msa4 facility = 77  // message-security-assist extension 4
+	msa5 facility = 57  // message-security-assist extension 5
+	msa8 facility = 146 // message-security-assist extension 8
+	msa9 facility = 155 // message-security-assist extension 9
+
+	// vector facilities
+	vx   facility = 129 // vector facility
+	vxe  facility = 135 // vector-enhancements 1
+	vxe2 facility = 148 // vector-enhancements 2
+)
+
+// facilityList contains the result of an STFLE call.
+// Bits are numbered in big endian order so the
+// leftmost bit (the MSB) is at index 0.
+type facilityList struct {
+	bits [4]uint64
+}
+
+// Has reports whether the given facilities are present.
+func (s *facilityList) Has(fs ...facility) bool {
+	if len(fs) == 0 {
+		panic("no facility bits provided")
+	}
+	for _, f := range fs {
+		if !bitIsSet(s.bits[:], uint(f)) {
+			return false
+		}
+	}
+	return true
+}
+
+// function is the code for the named cryptographic function.
+type function uint8
+
+const (
+	// KM{,A,C,CTR} function codes
+	aes128 function = 18 // AES-128
+	aes192 function = 19 // AES-192
+	aes256 function = 20 // AES-256
+
+	// K{I,L}MD function codes
+	sha1     function = 1  // SHA-1
+	sha256   function = 2  // SHA-256
+	sha512   function = 3  // SHA-512
+	sha3_224 function = 32 // SHA3-224
+	sha3_256 function = 33 // SHA3-256
+	sha3_384 function = 34 // SHA3-384
+	sha3_512 function = 35 // SHA3-512
+	shake128 function = 36 // SHAKE-128
+	shake256 function = 37 // SHAKE-256
+
+	// KLMD function codes
+	ghash function = 65 // GHASH
+)
+
+// queryResult contains the result of a Query function
+// call. Bits are numbered in big endian order so the
+// leftmost bit (the MSB) is at index 0.
+type queryResult struct {
+	bits [2]uint64
+}
+
+// Has reports whether the given functions are present.
+func (q *queryResult) Has(fns ...function) bool {
+	if len(fns) == 0 {
+		panic("no function codes provided")
+	}
+	for _, f := range fns {
+		if !bitIsSet(q.bits[:], uint(f)) {
+			return false
+		}
+	}
+	return true
+}
+
+func doinit() {
+	initS390Xbase()
+
+	// We need implementations of stfle, km and so on
+	// to detect cryptographic features.
+	if !haveAsmFunctions() {
+		return
+	}
+
+	// optional cryptographic functions
+	if S390X.HasMSA {
+		aes := []function{aes128, aes192, aes256}
+
+		// cipher message
+		km, kmc := kmQuery(), kmcQuery()
+		S390X.HasAES = km.Has(aes...)
+		S390X.HasAESCBC = kmc.Has(aes...)
+		if S390X.HasSTFLE {
+			facilities := stfle()
+			if facilities.Has(msa4) {
+				kmctr := kmctrQuery()
+				S390X.HasAESCTR = kmctr.Has(aes...)
+			}
+			if facilities.Has(msa8) {
+				kma := kmaQuery()
+				S390X.HasAESGCM = kma.Has(aes...)
+			}
+		}
+
+		// compute message digest
+		kimd := kimdQuery() // intermediate (no padding)
+		klmd := klmdQuery() // last (padding)
+		S390X.HasSHA1 = kimd.Has(sha1) && klmd.Has(sha1)
+		S390X.HasSHA256 = kimd.Has(sha256) && klmd.Has(sha256)
+		S390X.HasSHA512 = kimd.Has(sha512) && klmd.Has(sha512)
+		S390X.HasGHASH = kimd.Has(ghash) // KLMD-GHASH does not exist
+		sha3 := []function{
+			sha3_224, sha3_256, sha3_384, sha3_512,
+			shake128, shake256,
+		}
+		S390X.HasSHA3 = kimd.Has(sha3...) && klmd.Has(sha3...)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
new file mode 100644
index 0000000000000..96f81e2097170
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -0,0 +1,58 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+// func stfle() facilityList
+TEXT ·stfle(SB), NOSPLIT|NOFRAME, $0-32
+	MOVD $ret+0(FP), R1
+	MOVD $3, R0          // last doubleword index to store
+	XC   $32, (R1), (R1) // clear 4 doublewords (32 bytes)
+	WORD $0xb2b01000     // store facility list extended (STFLE)
+	RET
+
+// func kmQuery() queryResult
+TEXT ·kmQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KM-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92E0024    // cipher message (KM)
+	RET
+
+// func kmcQuery() queryResult
+TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMC-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92F0024    // cipher message with chaining (KMC)
+	RET
+
+// func kmctrQuery() queryResult
+TEXT ·kmctrQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMCTR-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92D4024    // cipher message with counter (KMCTR)
+	RET
+
+// func kmaQuery() queryResult
+TEXT ·kmaQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMA-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xb9296024    // cipher message with authentication (KMA)
+	RET
+
+// func kimdQuery() queryResult
+TEXT ·kimdQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KIMD-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB93E0024    // compute intermediate message digest (KIMD)
+	RET
+
+// func klmdQuery() queryResult
+TEXT ·klmdQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KLMD-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB93F0024    // compute last message digest (KLMD)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
new file mode 100644
index 0000000000000..7747d888a6929
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
@@ -0,0 +1,18 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build wasm
+// +build wasm
+
+package cpu
+
+// We're compiling the cpu package for an unknown (software-abstracted) CPU.
+// Make CacheLinePad an empty struct and hope that the usual struct alignment
+// rules are good enough.
+
+const cacheLineSize = 0
+
+func initOptions() {}
+
+func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
index 71e288b06223d..5ea287b7eca3a 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -2,13 +2,65 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build 386 || amd64 || amd64p32
 // +build 386 amd64 amd64p32
 
 package cpu
 
+import "runtime"
+
 const cacheLineSize = 64
 
-func init() {
+func initOptions() {
+	options = []option{
+		{Name: "adx", Feature: &X86.HasADX},
+		{Name: "aes", Feature: &X86.HasAES},
+		{Name: "avx", Feature: &X86.HasAVX},
+		{Name: "avx2", Feature: &X86.HasAVX2},
+		{Name: "avx512", Feature: &X86.HasAVX512},
+		{Name: "avx512f", Feature: &X86.HasAVX512F},
+		{Name: "avx512cd", Feature: &X86.HasAVX512CD},
+		{Name: "avx512er", Feature: &X86.HasAVX512ER},
+		{Name: "avx512pf", Feature: &X86.HasAVX512PF},
+		{Name: "avx512vl", Feature: &X86.HasAVX512VL},
+		{Name: "avx512bw", Feature: &X86.HasAVX512BW},
+		{Name: "avx512dq", Feature: &X86.HasAVX512DQ},
+		{Name: "avx512ifma", Feature: &X86.HasAVX512IFMA},
+		{Name: "avx512vbmi", Feature: &X86.HasAVX512VBMI},
+		{Name: "avx512vnniw", Feature: &X86.HasAVX5124VNNIW},
+		{Name: "avx5124fmaps", Feature: &X86.HasAVX5124FMAPS},
+		{Name: "avx512vpopcntdq", Feature: &X86.HasAVX512VPOPCNTDQ},
+		{Name: "avx512vpclmulqdq", Feature: &X86.HasAVX512VPCLMULQDQ},
+		{Name: "avx512vnni", Feature: &X86.HasAVX512VNNI},
+		{Name: "avx512gfni", Feature: &X86.HasAVX512GFNI},
+		{Name: "avx512vaes", Feature: &X86.HasAVX512VAES},
+		{Name: "avx512vbmi2", Feature: &X86.HasAVX512VBMI2},
+		{Name: "avx512bitalg", Feature: &X86.HasAVX512BITALG},
+		{Name: "avx512bf16", Feature: &X86.HasAVX512BF16},
+		{Name: "bmi1", Feature: &X86.HasBMI1},
+		{Name: "bmi2", Feature: &X86.HasBMI2},
+		{Name: "cx16", Feature: &X86.HasCX16},
+		{Name: "erms", Feature: &X86.HasERMS},
+		{Name: "fma", Feature: &X86.HasFMA},
+		{Name: "osxsave", Feature: &X86.HasOSXSAVE},
+		{Name: "pclmulqdq", Feature: &X86.HasPCLMULQDQ},
+		{Name: "popcnt", Feature: &X86.HasPOPCNT},
+		{Name: "rdrand", Feature: &X86.HasRDRAND},
+		{Name: "rdseed", Feature: &X86.HasRDSEED},
+		{Name: "sse3", Feature: &X86.HasSSE3},
+		{Name: "sse41", Feature: &X86.HasSSE41},
+		{Name: "sse42", Feature: &X86.HasSSE42},
+		{Name: "ssse3", Feature: &X86.HasSSSE3},
+
+		// These capabilities should always be enabled on amd64:
+		{Name: "sse2", Feature: &X86.HasSSE2, Required: runtime.GOARCH == "amd64"},
+	}
+}
+
+func archInit() {
+
+	Initialized = true
+
 	maxID, _, _, _ := cpuid(0, 0)
 
 	if maxID < 1 {
@@ -22,18 +74,29 @@ func init() {
 	X86.HasPCLMULQDQ = isSet(1, ecx1)
 	X86.HasSSSE3 = isSet(9, ecx1)
 	X86.HasFMA = isSet(12, ecx1)
+	X86.HasCX16 = isSet(13, ecx1)
 	X86.HasSSE41 = isSet(19, ecx1)
 	X86.HasSSE42 = isSet(20, ecx1)
 	X86.HasPOPCNT = isSet(23, ecx1)
 	X86.HasAES = isSet(25, ecx1)
 	X86.HasOSXSAVE = isSet(27, ecx1)
+	X86.HasRDRAND = isSet(30, ecx1)
 
-	osSupportsAVX := false
+	var osSupportsAVX, osSupportsAVX512 bool
 	// For XGETBV, OSXSAVE bit is required and sufficient.
 	if X86.HasOSXSAVE {
 		eax, _ := xgetbv()
 		// Check if XMM and YMM registers have OS support.
 		osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+
+		if runtime.GOOS == "darwin" {
+			// Check darwin commpage for AVX512 support. Necessary because:
+			// https://github.com/apple/darwin-xnu/blob/0a798f6738bc1db01281fc08ae024145e84df927/osfmk/i386/fpu.c#L175-L201
+			osSupportsAVX512 = osSupportsAVX && darwinSupportsAVX512()
+		} else {
+			// Check if OPMASK and ZMM registers have OS support.
+			osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax)
+		}
 	}
 
 	X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
@@ -42,12 +105,38 @@ func init() {
 		return
 	}
 
-	_, ebx7, _, _ := cpuid(7, 0)
+	_, ebx7, ecx7, edx7 := cpuid(7, 0)
 	X86.HasBMI1 = isSet(3, ebx7)
 	X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
 	X86.HasBMI2 = isSet(8, ebx7)
 	X86.HasERMS = isSet(9, ebx7)
+	X86.HasRDSEED = isSet(18, ebx7)
 	X86.HasADX = isSet(19, ebx7)
+
+	X86.HasAVX512 = isSet(16, ebx7) && osSupportsAVX512 // Because avx-512 foundation is the core required extension
+	if X86.HasAVX512 {
+		X86.HasAVX512F = true
+		X86.HasAVX512CD = isSet(28, ebx7)
+		X86.HasAVX512ER = isSet(27, ebx7)
+		X86.HasAVX512PF = isSet(26, ebx7)
+		X86.HasAVX512VL = isSet(31, ebx7)
+		X86.HasAVX512BW = isSet(30, ebx7)
+		X86.HasAVX512DQ = isSet(17, ebx7)
+		X86.HasAVX512IFMA = isSet(21, ebx7)
+		X86.HasAVX512VBMI = isSet(1, ecx7)
+		X86.HasAVX5124VNNIW = isSet(2, edx7)
+		X86.HasAVX5124FMAPS = isSet(3, edx7)
+		X86.HasAVX512VPOPCNTDQ = isSet(14, ecx7)
+		X86.HasAVX512VPCLMULQDQ = isSet(10, ecx7)
+		X86.HasAVX512VNNI = isSet(11, ecx7)
+		X86.HasAVX512GFNI = isSet(8, ecx7)
+		X86.HasAVX512VAES = isSet(9, ecx7)
+		X86.HasAVX512VBMI2 = isSet(6, ecx7)
+		X86.HasAVX512BITALG = isSet(12, ecx7)
+
+		eax71, _, _, _ := cpuid(7, 1)
+		X86.HasAVX512BF16 = isSet(5, eax71)
+	}
 }
 
 func isSet(bitpos uint, value uint32) bool {
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
index 47f084128cc3f..b748ba52f7cf5 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -2,8 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (386 || amd64 || amd64p32) && gc
 // +build 386 amd64 amd64p32
-// +build !gccgo
+// +build gc
 
 #include "textflag.h"
 
@@ -25,3 +26,27 @@ TEXT ·xgetbv(SB),NOSPLIT,$0-8
 	MOVL AX, eax+0(FP)
 	MOVL DX, edx+4(FP)
 	RET
+
+// func darwinSupportsAVX512() bool
+TEXT ·darwinSupportsAVX512(SB), NOSPLIT, $0-1
+    MOVB    $0, ret+0(FP) // default to false
+#ifdef GOOS_darwin   // return if not darwin
+#ifdef GOARCH_amd64  // return if not amd64
+// These values from:
+// https://github.com/apple/darwin-xnu/blob/xnu-4570.1.46/osfmk/i386/cpu_capabilities.h
+#define commpage64_base_address         0x00007fffffe00000
+#define commpage64_cpu_capabilities64   (commpage64_base_address+0x010)
+#define commpage64_version              (commpage64_base_address+0x01E)
+#define hasAVX512F                      0x0000004000000000
+    MOVQ    $commpage64_version, BX
+    CMPW    (BX), $13  // cpu_capabilities64 undefined in versions < 13
+    JL      no_avx512
+    MOVQ    $commpage64_cpu_capabilities64, BX
+    MOVQ    $hasAVX512F, CX
+    TESTQ   (BX), CX
+    JZ      no_avx512
+    MOVB    $1, ret+0(FP)
+no_avx512:
+#endif
+#endif
+    RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos.go b/vendor/golang.org/x/sys/cpu/cpu_zos.go
new file mode 100644
index 0000000000000..5f54683a22e3e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_zos.go
@@ -0,0 +1,10 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func archInit() {
+	doinit()
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
new file mode 100644
index 0000000000000..ccb1b708aba98
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func initS390Xbase() {
+	// get the facilities list
+	facilities := stfle()
+
+	// mandatory
+	S390X.HasZARCH = facilities.Has(zarch)
+	S390X.HasSTFLE = facilities.Has(stflef)
+	S390X.HasLDISP = facilities.Has(ldisp)
+	S390X.HasEIMM = facilities.Has(eimm)
+
+	// optional
+	S390X.HasETF3EH = facilities.Has(etf3eh)
+	S390X.HasDFP = facilities.Has(dfp)
+	S390X.HasMSA = facilities.Has(msa)
+	S390X.HasVX = facilities.Has(vx)
+	if S390X.HasVX {
+		S390X.HasVXE = facilities.Has(vxe)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
new file mode 100644
index 0000000000000..f3baa379328fe
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
@@ -0,0 +1,56 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"io/ioutil"
+)
+
+const (
+	_AT_HWCAP  = 16
+	_AT_HWCAP2 = 26
+
+	procAuxv = "/proc/self/auxv"
+
+	uintSize = int(32 << (^uint(0) >> 63))
+)
+
+// For those platforms don't have a 'cpuid' equivalent we use HWCAP/HWCAP2
+// These are initialized in cpu_$GOARCH.go
+// and should not be changed after they are initialized.
+var hwCap uint
+var hwCap2 uint
+
+func readHWCAP() error {
+	buf, err := ioutil.ReadFile(procAuxv)
+	if err != nil {
+		// e.g. on android /proc/self/auxv is not accessible, so silently
+		// ignore the error and leave Initialized = false. On some
+		// architectures (e.g. arm64) doinit() implements a fallback
+		// readout and will set Initialized = true again.
+		return err
+	}
+	bo := hostByteOrder()
+	for len(buf) >= 2*(uintSize/8) {
+		var tag, val uint
+		switch uintSize {
+		case 32:
+			tag = uint(bo.Uint32(buf[0:]))
+			val = uint(bo.Uint32(buf[4:]))
+			buf = buf[8:]
+		case 64:
+			tag = uint(bo.Uint64(buf[0:]))
+			val = uint(bo.Uint64(buf[8:]))
+			buf = buf[16:]
+		}
+		switch tag {
+		case _AT_HWCAP:
+			hwCap = val
+		case _AT_HWCAP2:
+			hwCap2 = val
+		}
+	}
+	return nil
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
new file mode 100644
index 0000000000000..a864f24d7589a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
@@ -0,0 +1,27 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Recreate a getsystemcfg syscall handler instead of
+// using the one provided by x/sys/unix to avoid having
+// the dependency between them. (See golang.org/issue/32102)
+// Morever, this file will be used during the building of
+// gccgo's libgo and thus must not used a CGo method.
+
+//go:build aix && gccgo
+// +build aix,gccgo
+
+package cpu
+
+import (
+	"syscall"
+)
+
+//extern getsystemcfg
+func gccgoGetsystemcfg(label uint32) (r uint64)
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 syscall.Errno) {
+	r1 = uintptr(gccgoGetsystemcfg(uint32(label)))
+	e1 = syscall.GetErrno()
+	return
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
new file mode 100644
index 0000000000000..904be42ffdce1
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -0,0 +1,36 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Minimal copy of x/sys/unix so the cpu package can make a
+// system call on AIX without depending on x/sys/unix.
+// (See golang.org/issue/32102)
+
+//go:build aix && ppc64 && gc
+// +build aix,ppc64,gc
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o"
+
+//go:linkname libc_getsystemcfg libc_getsystemcfg
+
+type syscallFunc uintptr
+
+var libc_getsystemcfg syscallFunc
+
+type errno = syscall.Errno
+
+// Implemented in runtime/syscall_aix.go.
+func rawSyscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
+func syscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsystemcfg)), 1, uintptr(label), 0, 0, 0, 0, 0)
+	return
+}
diff --git a/vendor/golang.org/x/sys/execabs/execabs.go b/vendor/golang.org/x/sys/execabs/execabs.go
new file mode 100644
index 0000000000000..78192498db010
--- /dev/null
+++ b/vendor/golang.org/x/sys/execabs/execabs.go
@@ -0,0 +1,102 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package execabs is a drop-in replacement for os/exec
+// that requires PATH lookups to find absolute paths.
+// That is, execabs.Command("cmd") runs the same PATH lookup
+// as exec.Command("cmd"), but if the result is a path
+// which is relative, the Run and Start methods will report
+// an error instead of running the executable.
+//
+// See https://blog.golang.org/path-security for more information
+// about when it may be necessary or appropriate to use this package.
+package execabs
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"unsafe"
+)
+
+// ErrNotFound is the error resulting if a path search failed to find an executable file.
+// It is an alias for exec.ErrNotFound.
+var ErrNotFound = exec.ErrNotFound
+
+// Cmd represents an external command being prepared or run.
+// It is an alias for exec.Cmd.
+type Cmd = exec.Cmd
+
+// Error is returned by LookPath when it fails to classify a file as an executable.
+// It is an alias for exec.Error.
+type Error = exec.Error
+
+// An ExitError reports an unsuccessful exit by a command.
+// It is an alias for exec.ExitError.
+type ExitError = exec.ExitError
+
+func relError(file, path string) error {
+	return fmt.Errorf("%s resolves to executable in current directory (.%c%s)", file, filepath.Separator, path)
+}
+
+// LookPath searches for an executable named file in the directories
+// named by the PATH environment variable. If file contains a slash,
+// it is tried directly and the PATH is not consulted. The result will be
+// an absolute path.
+//
+// LookPath differs from exec.LookPath in its handling of PATH lookups,
+// which are used for file names without slashes. If exec.LookPath's
+// PATH lookup would have returned an executable from the current directory,
+// LookPath instead returns an error.
+func LookPath(file string) (string, error) {
+	path, err := exec.LookPath(file)
+	if err != nil {
+		return "", err
+	}
+	if filepath.Base(file) == file && !filepath.IsAbs(path) {
+		return "", relError(file, path)
+	}
+	return path, nil
+}
+
+func fixCmd(name string, cmd *exec.Cmd) {
+	if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) {
+		// exec.Command was called with a bare binary name and
+		// exec.LookPath returned a path which is not absolute.
+		// Set cmd.lookPathErr and clear cmd.Path so that it
+		// cannot be run.
+		lookPathErr := (*error)(unsafe.Pointer(reflect.ValueOf(cmd).Elem().FieldByName("lookPathErr").Addr().Pointer()))
+		if *lookPathErr == nil {
+			*lookPathErr = relError(name, cmd.Path)
+		}
+		cmd.Path = ""
+	}
+}
+
+// CommandContext is like Command but includes a context.
+//
+// The provided context is used to kill the process (by calling os.Process.Kill)
+// if the context becomes done before the command completes on its own.
+func CommandContext(ctx context.Context, name string, arg ...string) *exec.Cmd {
+	cmd := exec.CommandContext(ctx, name, arg...)
+	fixCmd(name, cmd)
+	return cmd
+
+}
+
+// Command returns the Cmd struct to execute the named program with the given arguments.
+// See exec.Command for most details.
+//
+// Command differs from exec.Command in its handling of PATH lookups,
+// which are used when the program name contains no slashes.
+// If exec.Command would have returned an exec.Cmd configured to run an
+// executable from the current directory, Command instead
+// returns an exec.Cmd that will return an error from Start or Run.
+func Command(name string, arg ...string) *exec.Cmd {
+	cmd := exec.Command(name, arg...)
+	fixCmd(name, cmd)
+	return cmd
+}
diff --git a/vendor/golang.org/x/sys/go.mod b/vendor/golang.org/x/sys/go.mod
new file mode 100644
index 0000000000000..29eb4d22f8eb7
--- /dev/null
+++ b/vendor/golang.org/x/sys/go.mod
@@ -0,0 +1,3 @@
+module golang.org/x/sys
+
+go 1.17
diff --git a/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go b/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go
new file mode 100644
index 0000000000000..e07899b909bb0
--- /dev/null
+++ b/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go
@@ -0,0 +1,30 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package unsafeheader contains header declarations for the Go runtime's
+// slice and string implementations.
+//
+// This package allows x/sys to use types equivalent to
+// reflect.SliceHeader and reflect.StringHeader without introducing
+// a dependency on the (relatively heavy) "reflect" package.
+package unsafeheader
+
+import (
+	"unsafe"
+)
+
+// Slice is the runtime representation of a slice.
+// It cannot be used safely or portably and its representation may change in a later release.
+type Slice struct {
+	Data unsafe.Pointer
+	Len  int
+	Cap  int
+}
+
+// String is the runtime representation of a string.
+// It cannot be used safely or portably and its representation may change in a later release.
+type String struct {
+	Data unsafe.Pointer
+	Len  int
+}
diff --git a/vendor/golang.org/x/sys/unix/README.md b/vendor/golang.org/x/sys/unix/README.md
index bc6f6031f1b79..474efad0e03c7 100644
--- a/vendor/golang.org/x/sys/unix/README.md
+++ b/vendor/golang.org/x/sys/unix/README.md
@@ -14,7 +14,7 @@ migrating the build system to use containers so the builds are reproducible.
 This is being done on an OS-by-OS basis. Please update this documentation as
 components of the build system change.
 
-### Old Build System (currently for `GOOS != "Linux" || GOARCH == "sparc64"`)
+### Old Build System (currently for `GOOS != "linux"`)
 
 The old build system generates the Go files based on the C header files
 present on your system. This means that files
@@ -32,9 +32,9 @@ To build the files for your current OS and architecture, make sure GOOS and
 GOARCH are set correctly and run `mkall.sh`. This will generate the files for
 your specific system. Running `mkall.sh -n` shows the commands that will be run.
 
-Requirements: bash, perl, go
+Requirements: bash, go
 
-### New Build System (currently for `GOOS == "Linux" && GOARCH != "sparc64"`)
+### New Build System (currently for `GOOS == "linux"`)
 
 The new build system uses a Docker container to generate the go files directly
 from source checkouts of the kernel and various system libraries. This means
@@ -52,14 +52,14 @@ system and have your GOOS and GOARCH set accordingly. Running `mkall.sh` will
 then generate all of the files for all of the GOOS/GOARCH pairs in the new build
 system. Running `mkall.sh -n` shows the commands that will be run.
 
-Requirements: bash, perl, go, docker
+Requirements: bash, go, docker
 
 ## Component files
 
 This section describes the various files used in the code generation process.
 It also contains instructions on how to modify these files to add a new
 architecture/OS or to add additional syscalls, types, or constants. Note that
-if you are using the new build system, the scripts cannot be called normally.
+if you are using the new build system, the scripts/programs cannot be called normally.
 They must be called from within the docker container.
 
 ### asm files
@@ -76,30 +76,30 @@ arguments can be passed to the kernel. The third is for low-level use by the
 ForkExec wrapper. Unlike the first two, it does not call into the scheduler to
 let it know that a system call is running.
 
-When porting Go to an new architecture/OS, this file must be implemented for
+When porting Go to a new architecture/OS, this file must be implemented for
 each GOOS/GOARCH pair.
 
 ### mksysnum
 
-Mksysnum is a script located at `${GOOS}/mksysnum.pl` (or `mksysnum_${GOOS}.pl`
-for the old system). This script takes in a list of header files containing the
+Mksysnum is a Go program located at `${GOOS}/mksysnum.go` (or `mksysnum_${GOOS}.go`
+for the old system). This program takes in a list of header files containing the
 syscall number declarations and parses them to produce the corresponding list of
 Go numeric constants. See `zsysnum_${GOOS}_${GOARCH}.go` for the generated
 constants.
 
 Adding new syscall numbers is mostly done by running the build on a sufficiently
 new installation of the target OS (or updating the source checkouts for the
-new build system). However, depending on the OS, you make need to update the
+new build system). However, depending on the OS, you may need to update the
 parsing in mksysnum.
 
-### mksyscall.pl
+### mksyscall.go
 
 The `syscall.go`, `syscall_${GOOS}.go`, `syscall_${GOOS}_${GOARCH}.go` are
 hand-written Go files which implement system calls (for unix, the specific OS,
 or the specific OS/Architecture pair respectively) that need special handling
 and list `//sys` comments giving prototypes for ones that can be generated.
 
-The mksyscall.pl script takes the `//sys` and `//sysnb` comments and converts
+The mksyscall.go program takes the `//sys` and `//sysnb` comments and converts
 them into syscalls. This requires the name of the prototype in the comment to
 match a syscall number in the `zsysnum_${GOOS}_${GOARCH}.go` file. The function
 prototype can be exported (capitalized) or not.
@@ -107,7 +107,7 @@ prototype can be exported (capitalized) or not.
 Adding a new syscall often just requires adding a new `//sys` function prototype
 with the desired arguments and a capitalized name so it is exported. However, if
 you want the interface to the syscall to be different, often one will make an
-unexported `//sys` prototype, an then write a custom wrapper in
+unexported `//sys` prototype, and then write a custom wrapper in
 `syscall_${GOOS}.go`.
 
 ### types files
@@ -137,7 +137,7 @@ some `#if/#elif` macros in your include statements.
 
 This script is used to generate the system's various constants. This doesn't
 just include the error numbers and error strings, but also the signal numbers
-an a wide variety of miscellaneous constants. The constants come from the list
+and a wide variety of miscellaneous constants. The constants come from the list
 of include files in the `includes_${uname}` variable. A regex then picks out
 the desired `#define` statements, and generates the corresponding Go constants.
 The error numbers and strings are generated from `#include <errno.h>`, and the
@@ -149,10 +149,21 @@ To add a constant, add the header that includes it to the appropriate variable.
 Then, edit the regex (if necessary) to match the desired constant. Avoid making
 the regex too broad to avoid matching unintended constants.
 
+### mkmerge.go
+
+This program is used to extract duplicate const, func, and type declarations
+from the generated architecture-specific files listed below, and merge these
+into a common file for each OS.
+
+The merge is performed in the following steps:
+1. Construct the set of common code that is idential in all architecture-specific files.
+2. Write this common code to the merged file.
+3. Remove the common code from all architecture-specific files.
+
 
 ## Generated files
 
-### `zerror_${GOOS}_${GOARCH}.go`
+### `zerrors_${GOOS}_${GOARCH}.go`
 
 A file containing all of the system's generated error numbers, error strings,
 signal numbers, and constants. Generated by `mkerrors.sh` (see above).
@@ -160,7 +171,7 @@ signal numbers, and constants. Generated by `mkerrors.sh` (see above).
 ### `zsyscall_${GOOS}_${GOARCH}.go`
 
 A file containing all the generated syscalls for a specific GOOS and GOARCH.
-Generated by `mksyscall.pl` (see above).
+Generated by `mksyscall.go` (see above).
 
 ### `zsysnum_${GOOS}_${GOARCH}.go`
 
diff --git a/vendor/golang.org/x/sys/unix/affinity_linux.go b/vendor/golang.org/x/sys/unix/affinity_linux.go
index 72afe3338cfd7..6e5c81acd0491 100644
--- a/vendor/golang.org/x/sys/unix/affinity_linux.go
+++ b/vendor/golang.org/x/sys/unix/affinity_linux.go
@@ -7,6 +7,7 @@
 package unix
 
 import (
+	"math/bits"
 	"unsafe"
 )
 
@@ -79,46 +80,7 @@ func (s *CPUSet) IsSet(cpu int) bool {
 func (s *CPUSet) Count() int {
 	c := 0
 	for _, b := range s {
-		c += onesCount64(uint64(b))
+		c += bits.OnesCount64(uint64(b))
 	}
 	return c
 }
-
-// onesCount64 is a copy of Go 1.9's math/bits.OnesCount64.
-// Once this package can require Go 1.9, we can delete this
-// and update the caller to use bits.OnesCount64.
-func onesCount64(x uint64) int {
-	const m0 = 0x5555555555555555 // 01010101 ...
-	const m1 = 0x3333333333333333 // 00110011 ...
-	const m2 = 0x0f0f0f0f0f0f0f0f // 00001111 ...
-	const m3 = 0x00ff00ff00ff00ff // etc.
-	const m4 = 0x0000ffff0000ffff
-
-	// Implementation: Parallel summing of adjacent bits.
-	// See "Hacker's Delight", Chap. 5: Counting Bits.
-	// The following pattern shows the general approach:
-	//
-	//   x = x>>1&(m0&m) + x&(m0&m)
-	//   x = x>>2&(m1&m) + x&(m1&m)
-	//   x = x>>4&(m2&m) + x&(m2&m)
-	//   x = x>>8&(m3&m) + x&(m3&m)
-	//   x = x>>16&(m4&m) + x&(m4&m)
-	//   x = x>>32&(m5&m) + x&(m5&m)
-	//   return int(x)
-	//
-	// Masking (& operations) can be left away when there's no
-	// danger that a field's sum will carry over into the next
-	// field: Since the result cannot be > 64, 8 bits is enough
-	// and we can ignore the masks for the shifts by 8 and up.
-	// Per "Hacker's Delight", the first line can be simplified
-	// more, but it saves at best one instruction, so we leave
-	// it alone for clarity.
-	const m = 1<<64 - 1
-	x = x>>1&(m0&m) + x&(m0&m)
-	x = x>>2&(m1&m) + x&(m1&m)
-	x = (x>>4 + x) & (m2 & m)
-	x += x >> 8
-	x += x >> 16
-	x += x >> 32
-	return int(x) & (1<<7 - 1)
-}
diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go
new file mode 100644
index 0000000000000..abc89c104a8e2
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/aliases.go
@@ -0,0 +1,15 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+// +build go1.9
+
+package unix
+
+import "syscall"
+
+type Signal = syscall.Signal
+type Errno = syscall.Errno
+type SysProcAttr = syscall.SysProcAttr
diff --git a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
new file mode 100644
index 0000000000000..db9171c2e4913
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -0,0 +1,18 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+//
+// System calls for ppc64, AIX are implemented in runtime/syscall_aix.go
+//
+
+TEXT ·syscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·syscall6(SB)
+
+TEXT ·rawSyscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·rawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/vendor/golang.org/x/sys/unix/asm_bsd_386.s
new file mode 100644
index 0000000000000..e0fcd9b3deec5
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_386.s
@@ -0,0 +1,29 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (freebsd || netbsd || openbsd) && gc
+// +build freebsd netbsd openbsd
+// +build gc
+
+#include "textflag.h"
+
+// System call support for 386 BSD
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-28
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
new file mode 100644
index 0000000000000..2b99c349a2d3b
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
@@ -0,0 +1,29 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc
+// +build darwin dragonfly freebsd netbsd openbsd
+// +build gc
+
+#include "textflag.h"
+
+// System call support for AMD64 BSD
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
new file mode 100644
index 0000000000000..d702d4adc77d7
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
@@ -0,0 +1,29 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (freebsd || netbsd || openbsd) && gc
+// +build freebsd netbsd openbsd
+// +build gc
+
+#include "textflag.h"
+
+// System call support for ARM BSD
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	B	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	B	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	B	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-28
+	B	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	B	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
new file mode 100644
index 0000000000000..fe36a7391a647
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
@@ -0,0 +1,29 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (darwin || freebsd || netbsd || openbsd) && gc
+// +build darwin freebsd netbsd openbsd
+// +build gc
+
+#include "textflag.h"
+
+// System call support for ARM64 BSD
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_386.s b/vendor/golang.org/x/sys/unix/asm_darwin_386.s
deleted file mode 100644
index 8a7278319e319..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_darwin_386.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for 386, Darwin
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-28
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-40
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-52
-	JMP	syscall·Syscall9(SB)
-
-TEXT ·RawSyscall(SB),NOSPLIT,$0-28
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s b/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
deleted file mode 100644
index 6321421f27263..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for AMD64, Darwin
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-56
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-104
-	JMP	syscall·Syscall9(SB)
-
-TEXT	·RawSyscall(SB),NOSPLIT,$0-56
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_arm.s b/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
deleted file mode 100644
index 333242d506197..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-// +build arm,darwin
-
-#include "textflag.h"
-
-//
-// System call support for ARM, Darwin
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-28
-	B	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-40
-	B	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-52
-	B	syscall·Syscall9(SB)
-
-TEXT	·RawSyscall(SB),NOSPLIT,$0-28
-	B	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
-	B	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s b/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
deleted file mode 100644
index 97e0174371868..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-// +build arm64,darwin
-
-#include "textflag.h"
-
-//
-// System call support for AMD64, Darwin
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-56
-	B	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-80
-	B	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-104
-	B	syscall·Syscall9(SB)
-
-TEXT	·RawSyscall(SB),NOSPLIT,$0-56
-	B	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
-	B	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s b/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
deleted file mode 100644
index 603dd5728c4a4..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for AMD64, DragonFly
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-56
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-104
-	JMP	syscall·Syscall9(SB)
-
-TEXT ·RawSyscall(SB),NOSPLIT,$0-56
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_386.s b/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
deleted file mode 100644
index c9a0a2601562f..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for 386, FreeBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-28
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-40
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-52
-	JMP	syscall·Syscall9(SB)
-
-TEXT ·RawSyscall(SB),NOSPLIT,$0-28
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
deleted file mode 100644
index 35172477c8697..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for AMD64, FreeBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-56
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-104
-	JMP	syscall·Syscall9(SB)
-
-TEXT ·RawSyscall(SB),NOSPLIT,$0-56
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s b/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
deleted file mode 100644
index 9227c875bfebb..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for ARM, FreeBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-28
-	B	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-40
-	B	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-52
-	B	syscall·Syscall9(SB)
-
-TEXT	·RawSyscall(SB),NOSPLIT,$0-28
-	B	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
-	B	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_386.s b/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 448bebbb59af4..8fd101d0716dd 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !gccgo
+//go:build gc
+// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index c6468a9588022..7ed38e43c6735 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !gccgo
+//go:build gc
+// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index cf0f3575c1339..8ef1d51402ae9 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !gccgo
+//go:build gc
+// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index afe6fdf6b1114..98ae02760da1e 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -2,9 +2,10 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && arm64 && gc
 // +build linux
 // +build arm64
-// +build !gccgo
+// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index ab9d63831a75a..21231d2ce13f6 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -2,9 +2,10 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && (mips64 || mips64le) && gc
 // +build linux
 // +build mips64 mips64le
-// +build !gccgo
+// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index 99e5399045c29..6783b26c606a5 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -2,9 +2,10 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && (mips || mipsle) && gc
 // +build linux
 // +build mips mipsle
-// +build !gccgo
+// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 649e58714d9cb..19d4989344df7 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -2,9 +2,10 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && (ppc64 || ppc64le) && gc
 // +build linux
 // +build ppc64 ppc64le
-// +build !gccgo
+// +build gc
 
 #include "textflag.h"
 
@@ -15,12 +16,6 @@
 // Just jump to package syscall's implementation for all these functions.
 // The runtime may know about them.
 
-TEXT ·Syscall(SB),NOSPLIT,$0-56
-	BR	syscall·Syscall(SB)
-
-TEXT ·Syscall6(SB),NOSPLIT,$0-80
-	BR	syscall·Syscall6(SB)
-
 TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
 	BL	runtime·entersyscall(SB)
 	MOVD	a1+8(FP), R3
@@ -36,12 +31,6 @@ TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
 	BL	runtime·exitsyscall(SB)
 	RET
 
-TEXT ·RawSyscall(SB),NOSPLIT,$0-56
-	BR	syscall·RawSyscall(SB)
-
-TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
-	BR	syscall·RawSyscall6(SB)
-
 TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48
 	MOVD	a1+8(FP), R3
 	MOVD	a2+16(FP), R4
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
new file mode 100644
index 0000000000000..e42eb81d583d3
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -0,0 +1,49 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build riscv64 && gc
+// +build riscv64
+// +build gc
+
+#include "textflag.h"
+
+//
+// System calls for linux/riscv64.
+//
+// Where available, just jump to package syscall's implementation of
+// these functions.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
+	CALL	runtime·entersyscall(SB)
+	MOV	a1+8(FP), A0
+	MOV	a2+16(FP), A1
+	MOV	a3+24(FP), A2
+	MOV	trap+0(FP), A7	// syscall entry
+	ECALL
+	MOV	A0, r1+32(FP)	// r1
+	MOV	A1, r2+40(FP)	// r2
+	CALL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48
+	MOV	a1+8(FP), A0
+	MOV	a2+16(FP), A1
+	MOV	a3+24(FP), A2
+	MOV	trap+0(FP), A7	// syscall entry
+	ECALL
+	MOV	A0, r1+32(FP)
+	MOV	A1, r2+40(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index a5a863c6bd75c..c46aab3395940 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -2,9 +2,10 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build s390x
+//go:build linux && s390x && gc
 // +build linux
-// +build !gccgo
+// +build s390x
+// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_386.s b/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
deleted file mode 100644
index 48bdcd7632aff..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for 386, NetBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-28
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-40
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-52
-	JMP	syscall·Syscall9(SB)
-
-TEXT ·RawSyscall(SB),NOSPLIT,$0-28
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
deleted file mode 100644
index 2ede05c72f09d..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for AMD64, NetBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-56
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-104
-	JMP	syscall·Syscall9(SB)
-
-TEXT	·RawSyscall(SB),NOSPLIT,$0-56
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s b/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
deleted file mode 100644
index e8928571c450e..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for ARM, NetBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-28
-	B	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-40
-	B	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-52
-	B	syscall·Syscall9(SB)
-
-TEXT	·RawSyscall(SB),NOSPLIT,$0-28
-	B	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
-	B	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_386.s b/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
deleted file mode 100644
index 00576f3c83559..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for 386, OpenBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-28
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-40
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-52
-	JMP	syscall·Syscall9(SB)
-
-TEXT ·RawSyscall(SB),NOSPLIT,$0-28
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
deleted file mode 100644
index 790ef77f86ef7..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for AMD64, OpenBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-56
-	JMP	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-104
-	JMP	syscall·Syscall9(SB)
-
-TEXT	·RawSyscall(SB),NOSPLIT,$0-56
-	JMP	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
-	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s b/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
deleted file mode 100644
index 469bfa10039a0..0000000000000
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-//
-// System call support for ARM, OpenBSD
-//
-
-// Just jump to package syscall's implementation for all these functions.
-// The runtime may know about them.
-
-TEXT	·Syscall(SB),NOSPLIT,$0-28
-	B	syscall·Syscall(SB)
-
-TEXT	·Syscall6(SB),NOSPLIT,$0-40
-	B	syscall·Syscall6(SB)
-
-TEXT	·Syscall9(SB),NOSPLIT,$0-52
-	B	syscall·Syscall9(SB)
-
-TEXT	·RawSyscall(SB),NOSPLIT,$0-28
-	B	syscall·RawSyscall(SB)
-
-TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
-	B	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
new file mode 100644
index 0000000000000..5e7a1169c05da
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -0,0 +1,30 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+//
+// System call support for mips64, OpenBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index ded8260f3e409..f8c5394c1a720 100644
--- a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !gccgo
+//go:build gc
+// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
new file mode 100644
index 0000000000000..3b54e1858131a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -0,0 +1,426 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x && gc
+// +build zos
+// +build s390x
+// +build gc
+
+#include "textflag.h"
+
+#define PSALAA            1208(R0)
+#define GTAB64(x)           80(x)
+#define LCA64(x)            88(x)
+#define CAA(x)               8(x)
+#define EDCHPXV(x)        1016(x)       // in the CAA
+#define SAVSTACK_ASYNC(x)  336(x)       // in the LCA
+
+// SS_*, where x=SAVSTACK_ASYNC
+#define SS_LE(x)             0(x)
+#define SS_GO(x)             8(x)
+#define SS_ERRNO(x)         16(x)
+#define SS_ERRNOJR(x)       20(x)
+
+#define LE_CALL BYTE $0x0D; BYTE $0x76; // BL R7, R6
+
+TEXT ·clearErrno(SB),NOSPLIT,$0-0
+	BL	addrerrno<>(SB)
+	MOVD	$0, 0(R3)
+	RET
+
+// Returns the address of errno in R3.
+TEXT addrerrno<>(SB),NOSPLIT|NOFRAME,$0-0
+	// Get library control area (LCA).
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+
+	// Get __errno FuncDesc.
+	MOVD	CAA(R8), R9
+	MOVD	EDCHPXV(R9), R9
+	ADD	$(0x156*16), R9
+	LMG	0(R9), R5, R6
+
+	// Switch to saved LE stack.
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	0(R9), R4
+	MOVD	$0, 0(R9)
+
+	// Call __errno function.
+	LE_CALL
+	NOPH
+
+	// Switch back to Go stack.
+	XOR	R0, R0      // Restore R0 to $0.
+	MOVD	R4, 0(R9)   // Save stack pointer.
+	RET
+
+TEXT ·syscall_syscall(SB),NOSPLIT,$0-56
+	BL	runtime·entersyscall(SB)
+	MOVD	a1+8(FP), R1
+	MOVD	a2+16(FP), R2
+	MOVD	a3+24(FP), R3
+
+	// Get library control area (LCA).
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+
+	// Get function.
+	MOVD	CAA(R8), R9
+	MOVD	EDCHPXV(R9), R9
+	MOVD	trap+0(FP), R5
+	SLD	$4, R5
+	ADD	R5, R9
+	LMG	0(R9), R5, R6
+
+	// Restore LE stack.
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	0(R9), R4
+	MOVD	$0, 0(R9)
+
+	// Call function.
+	LE_CALL
+	NOPH
+	XOR	R0, R0      // Restore R0 to $0.
+	MOVD	R4, 0(R9)   // Save stack pointer.
+
+	MOVD	R3, r1+32(FP)
+	MOVD	R0, r2+40(FP)
+	MOVD	R0, err+48(FP)
+	MOVW	R3, R4
+	CMP	R4, $-1
+	BNE	done
+	BL	addrerrno<>(SB)
+	MOVWZ	0(R3), R3
+	MOVD	R3, err+48(FP)
+done:
+	BL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·syscall_rawsyscall(SB),NOSPLIT,$0-56
+	MOVD	a1+8(FP), R1
+	MOVD	a2+16(FP), R2
+	MOVD	a3+24(FP), R3
+
+	// Get library control area (LCA).
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+
+	// Get function.
+	MOVD	CAA(R8), R9
+	MOVD	EDCHPXV(R9), R9
+	MOVD	trap+0(FP), R5
+	SLD	$4, R5
+	ADD	R5, R9
+	LMG	0(R9), R5, R6
+
+	// Restore LE stack.
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	0(R9), R4
+	MOVD	$0, 0(R9)
+
+	// Call function.
+	LE_CALL
+	NOPH
+	XOR	R0, R0      // Restore R0 to $0.
+	MOVD	R4, 0(R9)   // Save stack pointer.
+
+	MOVD	R3, r1+32(FP)
+	MOVD	R0, r2+40(FP)
+	MOVD	R0, err+48(FP)
+	MOVW	R3, R4
+	CMP	R4, $-1
+	BNE	done
+	BL	addrerrno<>(SB)
+	MOVWZ	0(R3), R3
+	MOVD	R3, err+48(FP)
+done:
+	RET
+
+TEXT ·syscall_syscall6(SB),NOSPLIT,$0-80
+	BL	runtime·entersyscall(SB)
+	MOVD	a1+8(FP), R1
+	MOVD	a2+16(FP), R2
+	MOVD	a3+24(FP), R3
+
+	// Get library control area (LCA).
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+
+	// Get function.
+	MOVD	CAA(R8), R9
+	MOVD	EDCHPXV(R9), R9
+	MOVD	trap+0(FP), R5
+	SLD	$4, R5
+	ADD	R5, R9
+	LMG	0(R9), R5, R6
+
+	// Restore LE stack.
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	0(R9), R4
+	MOVD	$0, 0(R9)
+
+	// Fill in parameter list.
+	MOVD	a4+32(FP), R12
+	MOVD	R12, (2176+24)(R4)
+	MOVD	a5+40(FP), R12
+	MOVD	R12, (2176+32)(R4)
+	MOVD	a6+48(FP), R12
+	MOVD	R12, (2176+40)(R4)
+
+	// Call function.
+	LE_CALL
+	NOPH
+	XOR	R0, R0      // Restore R0 to $0.
+	MOVD	R4, 0(R9)   // Save stack pointer.
+
+	MOVD	R3, r1+56(FP)
+	MOVD	R0, r2+64(FP)
+	MOVD	R0, err+72(FP)
+	MOVW	R3, R4
+	CMP	R4, $-1
+	BNE	done
+	BL	addrerrno<>(SB)
+	MOVWZ	0(R3), R3
+	MOVD	R3, err+72(FP)
+done:
+	BL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·syscall_rawsyscall6(SB),NOSPLIT,$0-80
+	MOVD	a1+8(FP), R1
+	MOVD	a2+16(FP), R2
+	MOVD	a3+24(FP), R3
+
+	// Get library control area (LCA).
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+
+	// Get function.
+	MOVD	CAA(R8), R9
+	MOVD	EDCHPXV(R9), R9
+	MOVD	trap+0(FP), R5
+	SLD	$4, R5
+	ADD	R5, R9
+	LMG	0(R9), R5, R6
+
+	// Restore LE stack.
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	0(R9), R4
+	MOVD	$0, 0(R9)
+
+	// Fill in parameter list.
+	MOVD	a4+32(FP), R12
+	MOVD	R12, (2176+24)(R4)
+	MOVD	a5+40(FP), R12
+	MOVD	R12, (2176+32)(R4)
+	MOVD	a6+48(FP), R12
+	MOVD	R12, (2176+40)(R4)
+
+	// Call function.
+	LE_CALL
+	NOPH
+	XOR	R0, R0      // Restore R0 to $0.
+	MOVD	R4, 0(R9)   // Save stack pointer.
+
+	MOVD	R3, r1+56(FP)
+	MOVD	R0, r2+64(FP)
+	MOVD	R0, err+72(FP)
+	MOVW	R3, R4
+	CMP	R4, $-1
+	BNE	done
+	BL	·rrno<>(SB)
+	MOVWZ	0(R3), R3
+	MOVD	R3, err+72(FP)
+done:
+	RET
+
+TEXT ·syscall_syscall9(SB),NOSPLIT,$0
+	BL	runtime·entersyscall(SB)
+	MOVD	a1+8(FP), R1
+	MOVD	a2+16(FP), R2
+	MOVD	a3+24(FP), R3
+
+	// Get library control area (LCA).
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+
+	// Get function.
+	MOVD	CAA(R8), R9
+	MOVD	EDCHPXV(R9), R9
+	MOVD	trap+0(FP), R5
+	SLD	$4, R5
+	ADD	R5, R9
+	LMG	0(R9), R5, R6
+
+	// Restore LE stack.
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	0(R9), R4
+	MOVD	$0, 0(R9)
+
+	// Fill in parameter list.
+	MOVD	a4+32(FP), R12
+	MOVD	R12, (2176+24)(R4)
+	MOVD	a5+40(FP), R12
+	MOVD	R12, (2176+32)(R4)
+	MOVD	a6+48(FP), R12
+	MOVD	R12, (2176+40)(R4)
+	MOVD	a7+56(FP), R12
+	MOVD	R12, (2176+48)(R4)
+	MOVD	a8+64(FP), R12
+	MOVD	R12, (2176+56)(R4)
+	MOVD	a9+72(FP), R12
+	MOVD	R12, (2176+64)(R4)
+
+	// Call function.
+	LE_CALL
+	NOPH
+	XOR	R0, R0      // Restore R0 to $0.
+	MOVD	R4, 0(R9)   // Save stack pointer.
+
+	MOVD	R3, r1+80(FP)
+	MOVD	R0, r2+88(FP)
+	MOVD	R0, err+96(FP)
+	MOVW	R3, R4
+	CMP	R4, $-1
+	BNE	done
+	BL	addrerrno<>(SB)
+	MOVWZ	0(R3), R3
+	MOVD	R3, err+96(FP)
+done:
+        BL	runtime·exitsyscall(SB)
+        RET
+
+TEXT ·syscall_rawsyscall9(SB),NOSPLIT,$0
+	MOVD	a1+8(FP), R1
+	MOVD	a2+16(FP), R2
+	MOVD	a3+24(FP), R3
+
+	// Get library control area (LCA).
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+
+	// Get function.
+	MOVD	CAA(R8), R9
+	MOVD	EDCHPXV(R9), R9
+	MOVD	trap+0(FP), R5
+	SLD	$4, R5
+	ADD	R5, R9
+	LMG	0(R9), R5, R6
+
+	// Restore LE stack.
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	0(R9), R4
+	MOVD	$0, 0(R9)
+
+	// Fill in parameter list.
+	MOVD	a4+32(FP), R12
+	MOVD	R12, (2176+24)(R4)
+	MOVD	a5+40(FP), R12
+	MOVD	R12, (2176+32)(R4)
+	MOVD	a6+48(FP), R12
+	MOVD	R12, (2176+40)(R4)
+	MOVD	a7+56(FP), R12
+	MOVD	R12, (2176+48)(R4)
+	MOVD	a8+64(FP), R12
+	MOVD	R12, (2176+56)(R4)
+	MOVD	a9+72(FP), R12
+	MOVD	R12, (2176+64)(R4)
+
+	// Call function.
+	LE_CALL
+	NOPH
+	XOR	R0, R0      // Restore R0 to $0.
+	MOVD	R4, 0(R9)   // Save stack pointer.
+
+	MOVD	R3, r1+80(FP)
+	MOVD	R0, r2+88(FP)
+	MOVD	R0, err+96(FP)
+	MOVW	R3, R4
+	CMP	R4, $-1
+	BNE	done
+	BL	addrerrno<>(SB)
+	MOVWZ	0(R3), R3
+	MOVD	R3, err+96(FP)
+done:
+	RET
+
+// func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64)
+TEXT ·svcCall(SB),NOSPLIT,$0
+	BL	runtime·save_g(SB)   // Save g and stack pointer
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	R15, 0(R9)
+
+	MOVD	argv+8(FP), R1       // Move function arguments into registers
+	MOVD	dsa+16(FP), g
+	MOVD	fnptr+0(FP), R15
+
+	BYTE	$0x0D                // Branch to function
+	BYTE	$0xEF
+
+	BL	runtime·load_g(SB)   // Restore g and stack pointer
+	MOVW	PSALAA, R8
+	MOVD	LCA64(R8), R8
+	MOVD	SAVSTACK_ASYNC(R8), R9
+	MOVD	0(R9), R15
+
+	RET
+
+// func svcLoad(name *byte) unsafe.Pointer
+TEXT ·svcLoad(SB),NOSPLIT,$0
+	MOVD	R15, R2          // Save go stack pointer
+	MOVD	name+0(FP), R0   // Move SVC args into registers
+	MOVD	$0x80000000, R1
+	MOVD	$0, R15
+	BYTE	$0x0A            // SVC 08 LOAD
+	BYTE	$0x08
+	MOVW	R15, R3          // Save return code from SVC
+	MOVD	R2, R15          // Restore go stack pointer
+	CMP	R3, $0           // Check SVC return code
+	BNE	error
+
+	MOVD	$-2, R3          // Reset last bit of entry point to zero
+	AND	R0, R3
+	MOVD	R3, addr+8(FP)   // Return entry point returned by SVC
+	CMP	R0, R3           // Check if last bit of entry point was set
+	BNE	done
+
+	MOVD	R15, R2          // Save go stack pointer
+	MOVD	$0, R15          // Move SVC args into registers (entry point still in r0 from SVC 08)
+	BYTE	$0x0A            // SVC 09 DELETE
+	BYTE	$0x09
+	MOVD	R2, R15          // Restore go stack pointer
+
+error:
+	MOVD	$0, addr+8(FP)   // Return 0 on failure
+done:
+	XOR	R0, R0           // Reset r0 to 0
+	RET
+
+// func svcUnload(name *byte, fnptr unsafe.Pointer) int64
+TEXT ·svcUnload(SB),NOSPLIT,$0
+	MOVD	R15, R2          // Save go stack pointer
+	MOVD	name+0(FP), R0   // Move SVC args into registers
+	MOVD	addr+8(FP), R15
+	BYTE	$0x0A            // SVC 09
+	BYTE	$0x09
+	XOR	R0, R0           // Reset r0 to 0
+	MOVD	R15, R1          // Save SVC return code
+	MOVD	R2, R15          // Restore go stack pointer
+	MOVD	R1, rc+0(FP)     // Return SVC return code
+	RET
+
+// func gettid() uint64
+TEXT ·gettid(SB), NOSPLIT, $0
+	// Get library control area (LCA).
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+
+	// Get CEECAATHDID
+	MOVD CAA(R8), R9
+	MOVD 0x3D0(R9), R9
+	MOVD R9, ret+0(FP)
+
+	RET
diff --git a/vendor/golang.org/x/sys/unix/bluetooth_linux.go b/vendor/golang.org/x/sys/unix/bluetooth_linux.go
index 6e322969706ff..a178a6149bb21 100644
--- a/vendor/golang.org/x/sys/unix/bluetooth_linux.go
+++ b/vendor/golang.org/x/sys/unix/bluetooth_linux.go
@@ -23,6 +23,7 @@ const (
 	HCI_CHANNEL_USER    = 1
 	HCI_CHANNEL_MONITOR = 2
 	HCI_CHANNEL_CONTROL = 3
+	HCI_CHANNEL_LOGGING = 4
 )
 
 // Socketoption Level
diff --git a/vendor/golang.org/x/sys/unix/cap_freebsd.go b/vendor/golang.org/x/sys/unix/cap_freebsd.go
index df5204877378c..0b7c6adb86617 100644
--- a/vendor/golang.org/x/sys/unix/cap_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/cap_freebsd.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build freebsd
 // +build freebsd
 
 package unix
diff --git a/vendor/golang.org/x/sys/unix/constants.go b/vendor/golang.org/x/sys/unix/constants.go
index a96f0ebc26446..394a3965b68d5 100644
--- a/vendor/golang.org/x/sys/unix/constants.go
+++ b/vendor/golang.org/x/sys/unix/constants.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
new file mode 100644
index 0000000000000..65a998508db40
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix && ppc
+// +build aix,ppc
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used by AIX.
+
+package unix
+
+// Major returns the major component of a Linux device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev >> 16) & 0xffff)
+}
+
+// Minor returns the minor component of a Linux device number.
+func Minor(dev uint64) uint32 {
+	return uint32(dev & 0xffff)
+}
+
+// Mkdev returns a Linux device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	return uint64(((major) << 16) | (minor))
+}
diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
new file mode 100644
index 0000000000000..8fc08ad0aae26
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
@@ -0,0 +1,29 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix && ppc64
+// +build aix,ppc64
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used AIX.
+
+package unix
+
+// Major returns the major component of a Linux device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev & 0x3fffffff00000000) >> 32)
+}
+
+// Minor returns the minor component of a Linux device number.
+func Minor(dev uint64) uint32 {
+	return uint32((dev & 0x00000000ffffffff) >> 0)
+}
+
+// Mkdev returns a Linux device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	var DEVNO64 uint64
+	DEVNO64 = 0x8000000000000000
+	return ((uint64(major) << 32) | (uint64(minor) & 0x00000000FFFFFFFF) | DEVNO64)
+}
diff --git a/vendor/golang.org/x/sys/unix/dev_zos.go b/vendor/golang.org/x/sys/unix/dev_zos.go
new file mode 100644
index 0000000000000..a388e59a0e0f3
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/dev_zos.go
@@ -0,0 +1,29 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used by z/OS.
+//
+// The information below is extracted and adapted from <sys/stat.h> macros.
+
+package unix
+
+// Major returns the major component of a z/OS device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev >> 16) & 0x0000FFFF)
+}
+
+// Minor returns the minor component of a z/OS device number.
+func Minor(dev uint64) uint32 {
+	return uint32(dev & 0x0000FFFF)
+}
+
+// Mkdev returns a z/OS device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	return (uint64(major) << 16) | uint64(minor)
+}
diff --git a/vendor/golang.org/x/sys/unix/dirent.go b/vendor/golang.org/x/sys/unix/dirent.go
index 95fd353171fa8..e74e5eaa3bfea 100644
--- a/vendor/golang.org/x/sys/unix/dirent.go
+++ b/vendor/golang.org/x/sys/unix/dirent.go
@@ -2,16 +2,102 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux nacl netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package unix
 
-import "syscall"
+import "unsafe"
+
+// readInt returns the size-bytes unsigned integer in native byte order at offset off.
+func readInt(b []byte, off, size uintptr) (u uint64, ok bool) {
+	if len(b) < int(off+size) {
+		return 0, false
+	}
+	if isBigEndian {
+		return readIntBE(b[off:], size), true
+	}
+	return readIntLE(b[off:], size), true
+}
+
+func readIntBE(b []byte, size uintptr) uint64 {
+	switch size {
+	case 1:
+		return uint64(b[0])
+	case 2:
+		_ = b[1] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[1]) | uint64(b[0])<<8
+	case 4:
+		_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[3]) | uint64(b[2])<<8 | uint64(b[1])<<16 | uint64(b[0])<<24
+	case 8:
+		_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
+			uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
+	default:
+		panic("syscall: readInt with unsupported size")
+	}
+}
+
+func readIntLE(b []byte, size uintptr) uint64 {
+	switch size {
+	case 1:
+		return uint64(b[0])
+	case 2:
+		_ = b[1] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[0]) | uint64(b[1])<<8
+	case 4:
+		_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24
+	case 8:
+		_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+			uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+	default:
+		panic("syscall: readInt with unsupported size")
+	}
+}
 
 // ParseDirent parses up to max directory entries in buf,
 // appending the names to names. It returns the number of
 // bytes consumed from buf, the number of entries added
 // to names, and the new names slice.
 func ParseDirent(buf []byte, max int, names []string) (consumed int, count int, newnames []string) {
-	return syscall.ParseDirent(buf, max, names)
+	origlen := len(buf)
+	count = 0
+	for max != 0 && len(buf) > 0 {
+		reclen, ok := direntReclen(buf)
+		if !ok || reclen > uint64(len(buf)) {
+			return origlen, count, names
+		}
+		rec := buf[:reclen]
+		buf = buf[reclen:]
+		ino, ok := direntIno(rec)
+		if !ok {
+			break
+		}
+		if ino == 0 { // File absent in directory.
+			continue
+		}
+		const namoff = uint64(unsafe.Offsetof(Dirent{}.Name))
+		namlen, ok := direntNamlen(rec)
+		if !ok || namoff+namlen > uint64(len(rec)) {
+			break
+		}
+		name := rec[namoff : namoff+namlen]
+		for i, c := range name {
+			if c == 0 {
+				name = name[:i]
+				break
+			}
+		}
+		// Check for useless names before allocating a string.
+		if string(name) == "." || string(name) == ".." {
+			continue
+		}
+		max--
+		count++
+		names = append(names, string(name))
+	}
+	return origlen - len(buf), count, names
 }
diff --git a/vendor/golang.org/x/sys/unix/endian_big.go b/vendor/golang.org/x/sys/unix/endian_big.go
index 5e9269063f5b1..a520265576819 100644
--- a/vendor/golang.org/x/sys/unix/endian_big.go
+++ b/vendor/golang.org/x/sys/unix/endian_big.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //
-// +build ppc64 s390x mips mips64
+//go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
+// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/endian_little.go b/vendor/golang.org/x/sys/unix/endian_little.go
index 085df2d8dd777..4362f47e2c003 100644
--- a/vendor/golang.org/x/sys/unix/endian_little.go
+++ b/vendor/golang.org/x/sys/unix/endian_little.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //
-// +build 386 amd64 amd64p32 arm arm64 ppc64le mipsle mips64le
+//go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
+// +build 386 amd64 amd64p32 alpha arm arm64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/env_unix.go b/vendor/golang.org/x/sys/unix/env_unix.go
index 706b3cd1dd30a..29ccc4d1334c4 100644
--- a/vendor/golang.org/x/sys/unix/env_unix.go
+++ b/vendor/golang.org/x/sys/unix/env_unix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Unix environment variables.
 
diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go
new file mode 100644
index 0000000000000..cedaf7e024b46
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/epoll_zos.go
@@ -0,0 +1,221 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+package unix
+
+import (
+	"sync"
+)
+
+// This file simulates epoll on z/OS using poll.
+
+// Analogous to epoll_event on Linux.
+// TODO(neeilan): Pad is because the Linux kernel expects a 96-bit struct. We never pass this to the kernel; remove?
+type EpollEvent struct {
+	Events uint32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	EPOLLERR      = 0x8
+	EPOLLHUP      = 0x10
+	EPOLLIN       = 0x1
+	EPOLLMSG      = 0x400
+	EPOLLOUT      = 0x4
+	EPOLLPRI      = 0x2
+	EPOLLRDBAND   = 0x80
+	EPOLLRDNORM   = 0x40
+	EPOLLWRBAND   = 0x200
+	EPOLLWRNORM   = 0x100
+	EPOLL_CTL_ADD = 0x1
+	EPOLL_CTL_DEL = 0x2
+	EPOLL_CTL_MOD = 0x3
+	// The following constants are part of the epoll API, but represent
+	// currently unsupported functionality on z/OS.
+	// EPOLL_CLOEXEC  = 0x80000
+	// EPOLLET        = 0x80000000
+	// EPOLLONESHOT   = 0x40000000
+	// EPOLLRDHUP     = 0x2000     // Typically used with edge-triggered notis
+	// EPOLLEXCLUSIVE = 0x10000000 // Exclusive wake-up mode
+	// EPOLLWAKEUP    = 0x20000000 // Relies on Linux's BLOCK_SUSPEND capability
+)
+
+// TODO(neeilan): We can eliminate these epToPoll / pToEpoll calls by using identical mask values for POLL/EPOLL
+// constants where possible The lower 16 bits of epoll events (uint32) can fit any system poll event (int16).
+
+// epToPollEvt converts epoll event field to poll equivalent.
+// In epoll, Events is a 32-bit field, while poll uses 16 bits.
+func epToPollEvt(events uint32) int16 {
+	var ep2p = map[uint32]int16{
+		EPOLLIN:  POLLIN,
+		EPOLLOUT: POLLOUT,
+		EPOLLHUP: POLLHUP,
+		EPOLLPRI: POLLPRI,
+		EPOLLERR: POLLERR,
+	}
+
+	var pollEvts int16 = 0
+	for epEvt, pEvt := range ep2p {
+		if (events & epEvt) != 0 {
+			pollEvts |= pEvt
+		}
+	}
+
+	return pollEvts
+}
+
+// pToEpollEvt converts 16 bit poll event bitfields to 32-bit epoll event fields.
+func pToEpollEvt(revents int16) uint32 {
+	var p2ep = map[int16]uint32{
+		POLLIN:  EPOLLIN,
+		POLLOUT: EPOLLOUT,
+		POLLHUP: EPOLLHUP,
+		POLLPRI: EPOLLPRI,
+		POLLERR: EPOLLERR,
+	}
+
+	var epollEvts uint32 = 0
+	for pEvt, epEvt := range p2ep {
+		if (revents & pEvt) != 0 {
+			epollEvts |= epEvt
+		}
+	}
+
+	return epollEvts
+}
+
+// Per-process epoll implementation.
+type epollImpl struct {
+	mu       sync.Mutex
+	epfd2ep  map[int]*eventPoll
+	nextEpfd int
+}
+
+// eventPoll holds a set of file descriptors being watched by the process. A process can have multiple epoll instances.
+// On Linux, this is an in-kernel data structure accessed through a fd.
+type eventPoll struct {
+	mu  sync.Mutex
+	fds map[int]*EpollEvent
+}
+
+// epoll impl for this process.
+var impl epollImpl = epollImpl{
+	epfd2ep:  make(map[int]*eventPoll),
+	nextEpfd: 0,
+}
+
+func (e *epollImpl) epollcreate(size int) (epfd int, err error) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	epfd = e.nextEpfd
+	e.nextEpfd++
+
+	e.epfd2ep[epfd] = &eventPoll{
+		fds: make(map[int]*EpollEvent),
+	}
+	return epfd, nil
+}
+
+func (e *epollImpl) epollcreate1(flag int) (fd int, err error) {
+	return e.epollcreate(4)
+}
+
+func (e *epollImpl) epollctl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	ep, ok := e.epfd2ep[epfd]
+	if !ok {
+
+		return EBADF
+	}
+
+	switch op {
+	case EPOLL_CTL_ADD:
+		// TODO(neeilan): When we make epfds and fds disjoint, detect epoll
+		// loops here (instances watching each other) and return ELOOP.
+		if _, ok := ep.fds[fd]; ok {
+			return EEXIST
+		}
+		ep.fds[fd] = event
+	case EPOLL_CTL_MOD:
+		if _, ok := ep.fds[fd]; !ok {
+			return ENOENT
+		}
+		ep.fds[fd] = event
+	case EPOLL_CTL_DEL:
+		if _, ok := ep.fds[fd]; !ok {
+			return ENOENT
+		}
+		delete(ep.fds, fd)
+
+	}
+	return nil
+}
+
+// Must be called while holding ep.mu
+func (ep *eventPoll) getFds() []int {
+	fds := make([]int, len(ep.fds))
+	for fd := range ep.fds {
+		fds = append(fds, fd)
+	}
+	return fds
+}
+
+func (e *epollImpl) epollwait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	e.mu.Lock() // in [rare] case of concurrent epollcreate + epollwait
+	ep, ok := e.epfd2ep[epfd]
+
+	if !ok {
+		e.mu.Unlock()
+		return 0, EBADF
+	}
+
+	pollfds := make([]PollFd, 4)
+	for fd, epollevt := range ep.fds {
+		pollfds = append(pollfds, PollFd{Fd: int32(fd), Events: epToPollEvt(epollevt.Events)})
+	}
+	e.mu.Unlock()
+
+	n, err = Poll(pollfds, msec)
+	if err != nil {
+		return n, err
+	}
+
+	i := 0
+	for _, pFd := range pollfds {
+		if pFd.Revents != 0 {
+			events[i] = EpollEvent{Fd: pFd.Fd, Events: pToEpollEvt(pFd.Revents)}
+			i++
+		}
+
+		if i == n {
+			break
+		}
+	}
+
+	return n, nil
+}
+
+func EpollCreate(size int) (fd int, err error) {
+	return impl.epollcreate(size)
+}
+
+func EpollCreate1(flag int) (fd int, err error) {
+	return impl.epollcreate1(flag)
+}
+
+func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	return impl.epollctl(epfd, op, fd, event)
+}
+
+// Because EpollWait mutates events, the caller is expected to coordinate
+// concurrent access if calling with the same epfd from multiple goroutines.
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	return impl.epollwait(epfd, events, msec)
+}
diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_386.go b/vendor/golang.org/x/sys/unix/errors_freebsd_386.go
index c56bc8b05e075..761db66efece2 100644
--- a/vendor/golang.org/x/sys/unix/errors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/errors_freebsd_386.go
@@ -8,6 +8,7 @@
 package unix
 
 const (
+	DLT_HHDLC                         = 0x79
 	IFF_SMART                         = 0x20
 	IFT_1822                          = 0x2
 	IFT_A12MPPSWITCH                  = 0x82
@@ -210,13 +211,18 @@ const (
 	IFT_XETHER                        = 0x1a
 	IPPROTO_MAXID                     = 0x34
 	IPV6_FAITH                        = 0x1d
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
 	IP_FAITH                          = 0x16
+	IP_MAX_SOURCE_FILTER              = 0x400
+	IP_MIN_MEMBERSHIPS                = 0x1f
 	MAP_NORESERVE                     = 0x40
 	MAP_RENAME                        = 0x20
 	NET_RT_MAXID                      = 0x6
 	RTF_PRCLONING                     = 0x10000
 	RTM_OLDADD                        = 0x9
 	RTM_OLDDEL                        = 0xa
+	RT_CACHING_CONTEXT                = 0x1
+	RT_NORTREF                        = 0x2
 	SIOCADDRT                         = 0x8030720a
 	SIOCALIFADDR                      = 0x8118691b
 	SIOCDELRT                         = 0x8030720b
diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
index 3e9771175abae..070f44b651048 100644
--- a/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
@@ -8,6 +8,7 @@
 package unix
 
 const (
+	DLT_HHDLC                         = 0x79
 	IFF_SMART                         = 0x20
 	IFT_1822                          = 0x2
 	IFT_A12MPPSWITCH                  = 0x82
@@ -210,13 +211,18 @@ const (
 	IFT_XETHER                        = 0x1a
 	IPPROTO_MAXID                     = 0x34
 	IPV6_FAITH                        = 0x1d
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
 	IP_FAITH                          = 0x16
+	IP_MAX_SOURCE_FILTER              = 0x400
+	IP_MIN_MEMBERSHIPS                = 0x1f
 	MAP_NORESERVE                     = 0x40
 	MAP_RENAME                        = 0x20
 	NET_RT_MAXID                      = 0x6
 	RTF_PRCLONING                     = 0x10000
 	RTM_OLDADD                        = 0x9
 	RTM_OLDDEL                        = 0xa
+	RT_CACHING_CONTEXT                = 0x1
+	RT_NORTREF                        = 0x2
 	SIOCADDRT                         = 0x8040720a
 	SIOCALIFADDR                      = 0x8118691b
 	SIOCDELRT                         = 0x8040720b
diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go
new file mode 100644
index 0000000000000..946dcf3fc7eca
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go
@@ -0,0 +1,17 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep
+// them here for backwards compatibility.
+
+package unix
+
+const (
+	DLT_HHDLC            = 0x79
+	IPV6_MIN_MEMBERSHIPS = 0x1f
+	IP_MAX_SOURCE_FILTER = 0x400
+	IP_MIN_MEMBERSHIPS   = 0x1f
+	RT_CACHING_CONTEXT   = 0x1
+	RT_NORTREF           = 0x2
+)
diff --git a/vendor/golang.org/x/sys/unix/fcntl.go b/vendor/golang.org/x/sys/unix/fcntl.go
index 9379ba9cef77c..e9b991258c18d 100644
--- a/vendor/golang.org/x/sys/unix/fcntl.go
+++ b/vendor/golang.org/x/sys/unix/fcntl.go
@@ -2,19 +2,19 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd
+//go:build dragonfly || freebsd || linux || netbsd || openbsd
+// +build dragonfly freebsd linux netbsd openbsd
 
 package unix
 
 import "unsafe"
 
 // fcntl64Syscall is usually SYS_FCNTL, but is overridden on 32-bit Linux
-// systems by flock_linux_32bit.go to be SYS_FCNTL64.
+// systems by fcntl_linux_32bit.go to be SYS_FCNTL64.
 var fcntl64Syscall uintptr = SYS_FCNTL
 
-// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
-func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
-	valptr, _, errno := Syscall(fcntl64Syscall, fd, uintptr(cmd), uintptr(arg))
+func fcntl(fd int, cmd, arg int) (int, error) {
+	valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), uintptr(arg))
 	var err error
 	if errno != 0 {
 		err = errno
@@ -22,6 +22,11 @@ func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
 	return int(valptr), err
 }
 
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+	return fcntl(int(fd), cmd, arg)
+}
+
 // FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
 func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
 	_, _, errno := Syscall(fcntl64Syscall, fd, uintptr(cmd), uintptr(unsafe.Pointer(lk)))
diff --git a/vendor/golang.org/x/sys/unix/fcntl_darwin.go b/vendor/golang.org/x/sys/unix/fcntl_darwin.go
new file mode 100644
index 0000000000000..a9911c7c1d8ec
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/fcntl_darwin.go
@@ -0,0 +1,24 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import "unsafe"
+
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+	return fcntl(int(fd), cmd, arg)
+}
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
+	_, err := fcntl(int(fd), cmd, int(uintptr(unsafe.Pointer(lk))))
+	return err
+}
+
+// FcntlFstore performs a fcntl syscall for the F_PREALLOCATE command.
+func FcntlFstore(fd uintptr, cmd int, fstore *Fstore_t) error {
+	_, err := fcntl(int(fd), cmd, int(uintptr(unsafe.Pointer(fstore))))
+	return err
+}
diff --git a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
index fc0e50e037214..29d44808b1d02 100644
--- a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+++ b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
@@ -1,9 +1,10 @@
-// +build linux,386 linux,arm linux,mips linux,mipsle
-
 // Copyright 2014 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
+// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
+
 package unix
 
 func init() {
diff --git a/vendor/golang.org/x/sys/unix/fdset.go b/vendor/golang.org/x/sys/unix/fdset.go
new file mode 100644
index 0000000000000..a8068f94f290c
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/fdset.go
@@ -0,0 +1,30 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+package unix
+
+// Set adds fd to the set fds.
+func (fds *FdSet) Set(fd int) {
+	fds.Bits[fd/NFDBITS] |= (1 << (uintptr(fd) % NFDBITS))
+}
+
+// Clear removes fd from the set fds.
+func (fds *FdSet) Clear(fd int) {
+	fds.Bits[fd/NFDBITS] &^= (1 << (uintptr(fd) % NFDBITS))
+}
+
+// IsSet returns whether fd is in the set fds.
+func (fds *FdSet) IsSet(fd int) bool {
+	return fds.Bits[fd/NFDBITS]&(1<<(uintptr(fd)%NFDBITS)) != 0
+}
+
+// Zero clears the set fds.
+func (fds *FdSet) Zero() {
+	for i := range fds.Bits {
+		fds.Bits[i] = 0
+	}
+}
diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
new file mode 100644
index 0000000000000..e377cc9f49c30
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
@@ -0,0 +1,164 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+package unix
+
+import (
+	"unsafe"
+)
+
+// This file simulates fstatfs on z/OS using fstatvfs and w_getmntent.
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	var stat_v Statvfs_t
+	err = Fstatvfs(fd, &stat_v)
+	if err == nil {
+		// populate stat
+		stat.Type = 0
+		stat.Bsize = stat_v.Bsize
+		stat.Blocks = stat_v.Blocks
+		stat.Bfree = stat_v.Bfree
+		stat.Bavail = stat_v.Bavail
+		stat.Files = stat_v.Files
+		stat.Ffree = stat_v.Ffree
+		stat.Fsid = stat_v.Fsid
+		stat.Namelen = stat_v.Namemax
+		stat.Frsize = stat_v.Frsize
+		stat.Flags = stat_v.Flag
+		for passn := 0; passn < 5; passn++ {
+			switch passn {
+			case 0:
+				err = tryGetmntent64(stat)
+				break
+			case 1:
+				err = tryGetmntent128(stat)
+				break
+			case 2:
+				err = tryGetmntent256(stat)
+				break
+			case 3:
+				err = tryGetmntent512(stat)
+				break
+			case 4:
+				err = tryGetmntent1024(stat)
+				break
+			default:
+				break
+			}
+			//proceed to return if: err is nil (found), err is nonnil but not ERANGE (another error occurred)
+			if err == nil || err != nil && err != ERANGE {
+				break
+			}
+		}
+	}
+	return err
+}
+
+func tryGetmntent64(stat *Statfs_t) (err error) {
+	var mnt_ent_buffer struct {
+		header       W_Mnth
+		filesys_info [64]W_Mntent
+	}
+	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
+	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
+	if err != nil {
+		return err
+	}
+	err = ERANGE //return ERANGE if no match is found in this batch
+	for i := 0; i < fs_count; i++ {
+		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
+			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
+			err = nil
+			break
+		}
+	}
+	return err
+}
+
+func tryGetmntent128(stat *Statfs_t) (err error) {
+	var mnt_ent_buffer struct {
+		header       W_Mnth
+		filesys_info [128]W_Mntent
+	}
+	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
+	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
+	if err != nil {
+		return err
+	}
+	err = ERANGE //return ERANGE if no match is found in this batch
+	for i := 0; i < fs_count; i++ {
+		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
+			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
+			err = nil
+			break
+		}
+	}
+	return err
+}
+
+func tryGetmntent256(stat *Statfs_t) (err error) {
+	var mnt_ent_buffer struct {
+		header       W_Mnth
+		filesys_info [256]W_Mntent
+	}
+	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
+	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
+	if err != nil {
+		return err
+	}
+	err = ERANGE //return ERANGE if no match is found in this batch
+	for i := 0; i < fs_count; i++ {
+		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
+			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
+			err = nil
+			break
+		}
+	}
+	return err
+}
+
+func tryGetmntent512(stat *Statfs_t) (err error) {
+	var mnt_ent_buffer struct {
+		header       W_Mnth
+		filesys_info [512]W_Mntent
+	}
+	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
+	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
+	if err != nil {
+		return err
+	}
+	err = ERANGE //return ERANGE if no match is found in this batch
+	for i := 0; i < fs_count; i++ {
+		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
+			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
+			err = nil
+			break
+		}
+	}
+	return err
+}
+
+func tryGetmntent1024(stat *Statfs_t) (err error) {
+	var mnt_ent_buffer struct {
+		header       W_Mnth
+		filesys_info [1024]W_Mntent
+	}
+	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
+	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
+	if err != nil {
+		return err
+	}
+	err = ERANGE //return ERANGE if no match is found in this batch
+	for i := 0; i < fs_count; i++ {
+		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
+			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
+			err = nil
+			break
+		}
+	}
+	return err
+}
diff --git a/vendor/golang.org/x/sys/unix/gccgo.go b/vendor/golang.org/x/sys/unix/gccgo.go
index 50062e3c7430e..0dee23222ca80 100644
--- a/vendor/golang.org/x/sys/unix/gccgo.go
+++ b/vendor/golang.org/x/sys/unix/gccgo.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build gccgo
+//go:build gccgo && !aix
+// +build gccgo,!aix
 
 package unix
 
@@ -11,10 +12,8 @@ import "syscall"
 // We can't use the gc-syntax .s files for gccgo. On the plus side
 // much of the functionality can be written directly in Go.
 
-//extern gccgoRealSyscallNoError
 func realSyscallNoError(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r uintptr)
 
-//extern gccgoRealSyscall
 func realSyscall(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r, errno uintptr)
 
 func SyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr) {
diff --git a/vendor/golang.org/x/sys/unix/gccgo_c.c b/vendor/golang.org/x/sys/unix/gccgo_c.c
index 46523ced65d59..2cb1fefac6403 100644
--- a/vendor/golang.org/x/sys/unix/gccgo_c.c
+++ b/vendor/golang.org/x/sys/unix/gccgo_c.c
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.
 
 // +build gccgo
+// +build !aix
 
 #include <errno.h>
 #include <stdint.h>
@@ -20,6 +21,9 @@ struct ret {
 	uintptr_t err;
 };
 
+struct ret gccgoRealSyscall(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9)
+  __asm__(GOSYM_PREFIX GOPKGPATH ".realSyscall");
+
 struct ret
 gccgoRealSyscall(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9)
 {
@@ -31,6 +35,9 @@ gccgoRealSyscall(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintp
 	return r;
 }
 
+uintptr_t gccgoRealSyscallNoError(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9)
+  __asm__(GOSYM_PREFIX GOPKGPATH ".realSyscallNoError");
+
 uintptr_t
 gccgoRealSyscallNoError(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9)
 {
diff --git a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
index 251a977a81130..e60e49a3d9c09 100644
--- a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build gccgo && linux && amd64
 // +build gccgo,linux,amd64
 
 package unix
diff --git a/vendor/golang.org/x/sys/unix/ifreq_linux.go b/vendor/golang.org/x/sys/unix/ifreq_linux.go
new file mode 100644
index 0000000000000..934af313c3231
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ifreq_linux.go
@@ -0,0 +1,149 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux
+// +build linux
+
+package unix
+
+import (
+	"bytes"
+	"unsafe"
+)
+
+// Helpers for dealing with ifreq since it contains a union and thus requires a
+// lot of unsafe.Pointer casts to use properly.
+
+// An Ifreq is a type-safe wrapper around the raw ifreq struct. An Ifreq
+// contains an interface name and a union of arbitrary data which can be
+// accessed using the Ifreq's methods. To create an Ifreq, use the NewIfreq
+// function.
+//
+// Use the Name method to access the stored interface name. The union data
+// fields can be get and set using the following methods:
+//   - Uint16/SetUint16: flags
+//   - Uint32/SetUint32: ifindex, metric, mtu
+type Ifreq struct{ raw ifreq }
+
+// NewIfreq creates an Ifreq with the input network interface name after
+// validating the name does not exceed IFNAMSIZ-1 (trailing NULL required)
+// bytes.
+func NewIfreq(name string) (*Ifreq, error) {
+	// Leave room for terminating NULL byte.
+	if len(name) >= IFNAMSIZ {
+		return nil, EINVAL
+	}
+
+	var ifr ifreq
+	copy(ifr.Ifrn[:], name)
+
+	return &Ifreq{raw: ifr}, nil
+}
+
+// TODO(mdlayher): get/set methods for hardware address sockaddr, char array, etc.
+
+// Name returns the interface name associated with the Ifreq.
+func (ifr *Ifreq) Name() string {
+	// BytePtrToString requires a NULL terminator or the program may crash. If
+	// one is not present, just return the empty string.
+	if !bytes.Contains(ifr.raw.Ifrn[:], []byte{0x00}) {
+		return ""
+	}
+
+	return BytePtrToString(&ifr.raw.Ifrn[0])
+}
+
+// According to netdevice(7), only AF_INET addresses are returned for numerous
+// sockaddr ioctls. For convenience, we expose these as Inet4Addr since the Port
+// field and other data is always empty.
+
+// Inet4Addr returns the Ifreq union data from an embedded sockaddr as a C
+// in_addr/Go []byte (4-byte IPv4 address) value. If the sockaddr family is not
+// AF_INET, an error is returned.
+func (ifr *Ifreq) Inet4Addr() ([]byte, error) {
+	raw := *(*RawSockaddrInet4)(unsafe.Pointer(&ifr.raw.Ifru[:SizeofSockaddrInet4][0]))
+	if raw.Family != AF_INET {
+		// Cannot safely interpret raw.Addr bytes as an IPv4 address.
+		return nil, EINVAL
+	}
+
+	return raw.Addr[:], nil
+}
+
+// SetInet4Addr sets a C in_addr/Go []byte (4-byte IPv4 address) value in an
+// embedded sockaddr within the Ifreq's union data. v must be 4 bytes in length
+// or an error will be returned.
+func (ifr *Ifreq) SetInet4Addr(v []byte) error {
+	if len(v) != 4 {
+		return EINVAL
+	}
+
+	var addr [4]byte
+	copy(addr[:], v)
+
+	ifr.clear()
+	*(*RawSockaddrInet4)(
+		unsafe.Pointer(&ifr.raw.Ifru[:SizeofSockaddrInet4][0]),
+	) = RawSockaddrInet4{
+		// Always set IP family as ioctls would require it anyway.
+		Family: AF_INET,
+		Addr:   addr,
+	}
+
+	return nil
+}
+
+// Uint16 returns the Ifreq union data as a C short/Go uint16 value.
+func (ifr *Ifreq) Uint16() uint16 {
+	return *(*uint16)(unsafe.Pointer(&ifr.raw.Ifru[:2][0]))
+}
+
+// SetUint16 sets a C short/Go uint16 value as the Ifreq's union data.
+func (ifr *Ifreq) SetUint16(v uint16) {
+	ifr.clear()
+	*(*uint16)(unsafe.Pointer(&ifr.raw.Ifru[:2][0])) = v
+}
+
+// Uint32 returns the Ifreq union data as a C int/Go uint32 value.
+func (ifr *Ifreq) Uint32() uint32 {
+	return *(*uint32)(unsafe.Pointer(&ifr.raw.Ifru[:4][0]))
+}
+
+// SetUint32 sets a C int/Go uint32 value as the Ifreq's union data.
+func (ifr *Ifreq) SetUint32(v uint32) {
+	ifr.clear()
+	*(*uint32)(unsafe.Pointer(&ifr.raw.Ifru[:4][0])) = v
+}
+
+// clear zeroes the ifreq's union field to prevent trailing garbage data from
+// being sent to the kernel if an ifreq is reused.
+func (ifr *Ifreq) clear() {
+	for i := range ifr.raw.Ifru {
+		ifr.raw.Ifru[i] = 0
+	}
+}
+
+// TODO(mdlayher): export as IfreqData? For now we can provide helpers such as
+// IoctlGetEthtoolDrvinfo which use these APIs under the hood.
+
+// An ifreqData is an Ifreq which carries pointer data. To produce an ifreqData,
+// use the Ifreq.withData method.
+type ifreqData struct {
+	name [IFNAMSIZ]byte
+	// A type separate from ifreq is required in order to comply with the
+	// unsafe.Pointer rules since the "pointer-ness" of data would not be
+	// preserved if it were cast into the byte array of a raw ifreq.
+	data unsafe.Pointer
+	// Pad to the same size as ifreq.
+	_ [len(ifreq{}.Ifru) - SizeofPtr]byte
+}
+
+// withData produces an ifreqData with the pointer p set for ioctls which require
+// arbitrary pointer data.
+func (ifr Ifreq) withData(p unsafe.Pointer) ifreqData {
+	return ifreqData{
+		name: ifr.raw.Ifrn,
+		data: p,
+	}
+}
diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl.go
new file mode 100644
index 0000000000000..6c7ad052e6b36
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ioctl.go
@@ -0,0 +1,75 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package unix
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+// ioctl itself should not be exposed directly, but additional get/set
+// functions for specific types are permissible.
+
+// IoctlSetInt performs an ioctl operation which sets an integer value
+// on fd, using the specified request number.
+func IoctlSetInt(fd int, req uint, value int) error {
+	return ioctl(fd, req, uintptr(value))
+}
+
+// IoctlSetPointerInt performs an ioctl operation which sets an
+// integer value on fd, using the specified request number. The ioctl
+// argument is called with a pointer to the integer value, rather than
+// passing the integer value directly.
+func IoctlSetPointerInt(fd int, req uint, value int) error {
+	v := int32(value)
+	return ioctl(fd, req, uintptr(unsafe.Pointer(&v)))
+}
+
+// IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
+//
+// To change fd's window size, the req argument should be TIOCSWINSZ.
+func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
+	// TODO: if we get the chance, remove the req parameter and
+	// hardcode TIOCSWINSZ.
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+// IoctlSetTermios performs an ioctl on fd with a *Termios.
+//
+// The req value will usually be TCSETA or TIOCSETA.
+func IoctlSetTermios(fd int, req uint, value *Termios) error {
+	// TODO: if we get the chance, remove the req parameter.
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+// IoctlGetInt performs an ioctl operation which gets an integer value
+// from fd, using the specified request number.
+//
+// A few ioctl requests use the return value as an output parameter;
+// for those, IoctlRetInt should be used instead of this function.
+func IoctlGetInt(fd int, req uint) (int, error) {
+	var value int
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return value, err
+}
+
+func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
+	var value Winsize
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+func IoctlGetTermios(fd int, req uint) (*Termios, error) {
+	var value Termios
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go
new file mode 100644
index 0000000000000..1dadead21e6d6
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go
@@ -0,0 +1,196 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import (
+	"unsafe"
+)
+
+// IoctlRetInt performs an ioctl operation specified by req on a device
+// associated with opened file descriptor fd, and returns a non-negative
+// integer that is returned by the ioctl syscall.
+func IoctlRetInt(fd int, req uint) (int, error) {
+	ret, _, err := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(ret), nil
+}
+
+func IoctlGetUint32(fd int, req uint) (uint32, error) {
+	var value uint32
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
+	return value, err
+}
+
+func IoctlGetRTCTime(fd int) (*RTCTime, error) {
+	var value RTCTime
+	err := ioctlPtr(fd, RTC_RD_TIME, unsafe.Pointer(&value))
+	return &value, err
+}
+
+func IoctlSetRTCTime(fd int, value *RTCTime) error {
+	return ioctlPtr(fd, RTC_SET_TIME, unsafe.Pointer(value))
+}
+
+func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) {
+	var value RTCWkAlrm
+	err := ioctlPtr(fd, RTC_WKALM_RD, unsafe.Pointer(&value))
+	return &value, err
+}
+
+func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error {
+	return ioctlPtr(fd, RTC_WKALM_SET, unsafe.Pointer(value))
+}
+
+// IoctlGetEthtoolDrvinfo fetches ethtool driver information for the network
+// device specified by ifname.
+func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) {
+	ifr, err := NewIfreq(ifname)
+	if err != nil {
+		return nil, err
+	}
+
+	value := EthtoolDrvinfo{Cmd: ETHTOOL_GDRVINFO}
+	ifrd := ifr.withData(unsafe.Pointer(&value))
+
+	err = ioctlIfreqData(fd, SIOCETHTOOL, &ifrd)
+	return &value, err
+}
+
+// IoctlGetWatchdogInfo fetches information about a watchdog device from the
+// Linux watchdog API. For more information, see:
+// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
+func IoctlGetWatchdogInfo(fd int) (*WatchdogInfo, error) {
+	var value WatchdogInfo
+	err := ioctlPtr(fd, WDIOC_GETSUPPORT, unsafe.Pointer(&value))
+	return &value, err
+}
+
+// IoctlWatchdogKeepalive issues a keepalive ioctl to a watchdog device. For
+// more information, see:
+// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
+func IoctlWatchdogKeepalive(fd int) error {
+	// arg is ignored and not a pointer, so ioctl is fine instead of ioctlPtr.
+	return ioctl(fd, WDIOC_KEEPALIVE, 0)
+}
+
+// IoctlFileCloneRange performs an FICLONERANGE ioctl operation to clone the
+// range of data conveyed in value to the file associated with the file
+// descriptor destFd. See the ioctl_ficlonerange(2) man page for details.
+func IoctlFileCloneRange(destFd int, value *FileCloneRange) error {
+	return ioctlPtr(destFd, FICLONERANGE, unsafe.Pointer(value))
+}
+
+// IoctlFileClone performs an FICLONE ioctl operation to clone the entire file
+// associated with the file description srcFd to the file associated with the
+// file descriptor destFd. See the ioctl_ficlone(2) man page for details.
+func IoctlFileClone(destFd, srcFd int) error {
+	return ioctl(destFd, FICLONE, uintptr(srcFd))
+}
+
+type FileDedupeRange struct {
+	Src_offset uint64
+	Src_length uint64
+	Reserved1  uint16
+	Reserved2  uint32
+	Info       []FileDedupeRangeInfo
+}
+
+type FileDedupeRangeInfo struct {
+	Dest_fd       int64
+	Dest_offset   uint64
+	Bytes_deduped uint64
+	Status        int32
+	Reserved      uint32
+}
+
+// IoctlFileDedupeRange performs an FIDEDUPERANGE ioctl operation to share the
+// range of data conveyed in value from the file associated with the file
+// descriptor srcFd to the value.Info destinations. See the
+// ioctl_fideduperange(2) man page for details.
+func IoctlFileDedupeRange(srcFd int, value *FileDedupeRange) error {
+	buf := make([]byte, SizeofRawFileDedupeRange+
+		len(value.Info)*SizeofRawFileDedupeRangeInfo)
+	rawrange := (*RawFileDedupeRange)(unsafe.Pointer(&buf[0]))
+	rawrange.Src_offset = value.Src_offset
+	rawrange.Src_length = value.Src_length
+	rawrange.Dest_count = uint16(len(value.Info))
+	rawrange.Reserved1 = value.Reserved1
+	rawrange.Reserved2 = value.Reserved2
+
+	for i := range value.Info {
+		rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
+			uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
+				uintptr(i*SizeofRawFileDedupeRangeInfo)))
+		rawinfo.Dest_fd = value.Info[i].Dest_fd
+		rawinfo.Dest_offset = value.Info[i].Dest_offset
+		rawinfo.Bytes_deduped = value.Info[i].Bytes_deduped
+		rawinfo.Status = value.Info[i].Status
+		rawinfo.Reserved = value.Info[i].Reserved
+	}
+
+	err := ioctlPtr(srcFd, FIDEDUPERANGE, unsafe.Pointer(&buf[0]))
+
+	// Output
+	for i := range value.Info {
+		rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
+			uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
+				uintptr(i*SizeofRawFileDedupeRangeInfo)))
+		value.Info[i].Dest_fd = rawinfo.Dest_fd
+		value.Info[i].Dest_offset = rawinfo.Dest_offset
+		value.Info[i].Bytes_deduped = rawinfo.Bytes_deduped
+		value.Info[i].Status = rawinfo.Status
+		value.Info[i].Reserved = rawinfo.Reserved
+	}
+
+	return err
+}
+
+func IoctlHIDGetDesc(fd int, value *HIDRawReportDescriptor) error {
+	return ioctlPtr(fd, HIDIOCGRDESC, unsafe.Pointer(value))
+}
+
+func IoctlHIDGetRawInfo(fd int) (*HIDRawDevInfo, error) {
+	var value HIDRawDevInfo
+	err := ioctlPtr(fd, HIDIOCGRAWINFO, unsafe.Pointer(&value))
+	return &value, err
+}
+
+func IoctlHIDGetRawName(fd int) (string, error) {
+	var value [_HIDIOCGRAWNAME_LEN]byte
+	err := ioctlPtr(fd, _HIDIOCGRAWNAME, unsafe.Pointer(&value[0]))
+	return ByteSliceToString(value[:]), err
+}
+
+func IoctlHIDGetRawPhys(fd int) (string, error) {
+	var value [_HIDIOCGRAWPHYS_LEN]byte
+	err := ioctlPtr(fd, _HIDIOCGRAWPHYS, unsafe.Pointer(&value[0]))
+	return ByteSliceToString(value[:]), err
+}
+
+func IoctlHIDGetRawUniq(fd int) (string, error) {
+	var value [_HIDIOCGRAWUNIQ_LEN]byte
+	err := ioctlPtr(fd, _HIDIOCGRAWUNIQ, unsafe.Pointer(&value[0]))
+	return ByteSliceToString(value[:]), err
+}
+
+// IoctlIfreq performs an ioctl using an Ifreq structure for input and/or
+// output. See the netdevice(7) man page for details.
+func IoctlIfreq(fd int, req uint, value *Ifreq) error {
+	// It is possible we will add more fields to *Ifreq itself later to prevent
+	// misuse, so pass the raw *ifreq directly.
+	return ioctlPtr(fd, req, unsafe.Pointer(&value.raw))
+}
+
+// TODO(mdlayher): export if and when IfreqData is exported.
+
+// ioctlIfreqData performs an ioctl using an ifreqData structure for input
+// and/or output. See the netdevice(7) man page for details.
+func ioctlIfreqData(fd int, req uint, value *ifreqData) error {
+	// The memory layout of IfreqData (type-safe) and ifreq (not type-safe) are
+	// identical so pass *IfreqData directly.
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
+}
diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go
new file mode 100644
index 0000000000000..5384e7d91d798
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -0,0 +1,74 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+package unix
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+// ioctl itself should not be exposed directly, but additional get/set
+// functions for specific types are permissible.
+
+// IoctlSetInt performs an ioctl operation which sets an integer value
+// on fd, using the specified request number.
+func IoctlSetInt(fd int, req uint, value int) error {
+	return ioctl(fd, req, uintptr(value))
+}
+
+// IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
+//
+// To change fd's window size, the req argument should be TIOCSWINSZ.
+func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
+	// TODO: if we get the chance, remove the req parameter and
+	// hardcode TIOCSWINSZ.
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+// IoctlSetTermios performs an ioctl on fd with a *Termios.
+//
+// The req value is expected to be TCSETS, TCSETSW, or TCSETSF
+func IoctlSetTermios(fd int, req uint, value *Termios) error {
+	if (req != TCSETS) && (req != TCSETSW) && (req != TCSETSF) {
+		return ENOSYS
+	}
+	err := Tcsetattr(fd, int(req), value)
+	runtime.KeepAlive(value)
+	return err
+}
+
+// IoctlGetInt performs an ioctl operation which gets an integer value
+// from fd, using the specified request number.
+//
+// A few ioctl requests use the return value as an output parameter;
+// for those, IoctlRetInt should be used instead of this function.
+func IoctlGetInt(fd int, req uint) (int, error) {
+	var value int
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return value, err
+}
+
+func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
+	var value Winsize
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+// IoctlGetTermios performs an ioctl on fd with a *Termios.
+//
+// The req value is expected to be TCGETS
+func IoctlGetTermios(fd int, req uint) (*Termios, error) {
+	var value Termios
+	if req != TCGETS {
+		return &value, ENOSYS
+	}
+	err := Tcgetattr(fd, &value)
+	return &value, err
+}
diff --git a/vendor/golang.org/x/sys/unix/openbsd_pledge.go b/vendor/golang.org/x/sys/unix/openbsd_pledge.go
deleted file mode 100644
index 9b1e86a12bae6..0000000000000
--- a/vendor/golang.org/x/sys/unix/openbsd_pledge.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build openbsd
-// +build 386 amd64 arm
-
-package unix
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-const (
-	_SYS_PLEDGE = 108
-)
-
-// Pledge implements the pledge syscall. For more information see pledge(2).
-func Pledge(promises string, paths []string) error {
-	promisesPtr, err := syscall.BytePtrFromString(promises)
-	if err != nil {
-		return err
-	}
-	promisesUnsafe, pathsUnsafe := unsafe.Pointer(promisesPtr), unsafe.Pointer(nil)
-	if paths != nil {
-		var pathsPtr []*byte
-		if pathsPtr, err = syscall.SlicePtrFromStrings(paths); err != nil {
-			return err
-		}
-		pathsUnsafe = unsafe.Pointer(&pathsPtr[0])
-	}
-	_, _, e := syscall.Syscall(_SYS_PLEDGE, uintptr(promisesUnsafe), uintptr(pathsUnsafe), 0)
-	if e != 0 {
-		return e
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 83c85e0196faf..53f1b4c5b81ef 100644
--- a/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 // For Unix, get the pagesize from the runtime.
 
diff --git a/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/vendor/golang.org/x/sys/unix/pledge_openbsd.go
new file mode 100644
index 0000000000000..eb48294b2742b
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/pledge_openbsd.go
@@ -0,0 +1,163 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"syscall"
+	"unsafe"
+)
+
+// Pledge implements the pledge syscall.
+//
+// The pledge syscall does not accept execpromises on OpenBSD releases
+// before 6.3.
+//
+// execpromises must be empty when Pledge is called on OpenBSD
+// releases predating 6.3, otherwise an error will be returned.
+//
+// For more information see pledge(2).
+func Pledge(promises, execpromises string) error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	err = pledgeAvailable(maj, min, execpromises)
+	if err != nil {
+		return err
+	}
+
+	pptr, err := syscall.BytePtrFromString(promises)
+	if err != nil {
+		return err
+	}
+
+	// This variable will hold either a nil unsafe.Pointer or
+	// an unsafe.Pointer to a string (execpromises).
+	var expr unsafe.Pointer
+
+	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
+	if maj > 6 || (maj == 6 && min > 2) {
+		exptr, err := syscall.BytePtrFromString(execpromises)
+		if err != nil {
+			return err
+		}
+		expr = unsafe.Pointer(exptr)
+	}
+
+	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
+	if e != 0 {
+		return e
+	}
+
+	return nil
+}
+
+// PledgePromises implements the pledge syscall.
+//
+// This changes the promises and leaves the execpromises untouched.
+//
+// For more information see pledge(2).
+func PledgePromises(promises string) error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	err = pledgeAvailable(maj, min, "")
+	if err != nil {
+		return err
+	}
+
+	// This variable holds the execpromises and is always nil.
+	var expr unsafe.Pointer
+
+	pptr, err := syscall.BytePtrFromString(promises)
+	if err != nil {
+		return err
+	}
+
+	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
+	if e != 0 {
+		return e
+	}
+
+	return nil
+}
+
+// PledgeExecpromises implements the pledge syscall.
+//
+// This changes the execpromises and leaves the promises untouched.
+//
+// For more information see pledge(2).
+func PledgeExecpromises(execpromises string) error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	err = pledgeAvailable(maj, min, execpromises)
+	if err != nil {
+		return err
+	}
+
+	// This variable holds the promises and is always nil.
+	var pptr unsafe.Pointer
+
+	exptr, err := syscall.BytePtrFromString(execpromises)
+	if err != nil {
+		return err
+	}
+
+	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
+	if e != 0 {
+		return e
+	}
+
+	return nil
+}
+
+// majmin returns major and minor version number for an OpenBSD system.
+func majmin() (major int, minor int, err error) {
+	var v Utsname
+	err = Uname(&v)
+	if err != nil {
+		return
+	}
+
+	major, err = strconv.Atoi(string(v.Release[0]))
+	if err != nil {
+		err = errors.New("cannot parse major version number returned by uname")
+		return
+	}
+
+	minor, err = strconv.Atoi(string(v.Release[2]))
+	if err != nil {
+		err = errors.New("cannot parse minor version number returned by uname")
+		return
+	}
+
+	return
+}
+
+// pledgeAvailable checks for availability of the pledge(2) syscall
+// based on the running OpenBSD version.
+func pledgeAvailable(maj, min int, execpromises string) error {
+	// If OpenBSD <= 5.9, pledge is not available.
+	if (maj == 5 && min != 9) || maj < 5 {
+		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
+	}
+
+	// If OpenBSD <= 6.2 and execpromises is not empty,
+	// return an error - execpromises is not available before 6.3
+	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
+		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
+	}
+
+	return nil
+}
diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
new file mode 100644
index 0000000000000..463c3eff7fd27
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -0,0 +1,12 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin && !ios
+// +build darwin,!ios
+
+package unix
+
+func ptrace(request int, pid int, addr uintptr, data uintptr) error {
+	return ptrace1(request, pid, addr, data)
+}
diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go
new file mode 100644
index 0000000000000..ed0509a0117c4
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -0,0 +1,12 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ios
+// +build ios
+
+package unix
+
+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
+	return ENOTSUP
+}
diff --git a/vendor/golang.org/x/sys/unix/race.go b/vendor/golang.org/x/sys/unix/race.go
index 61712b51c9652..6f6c5fec5ae38 100644
--- a/vendor/golang.org/x/sys/unix/race.go
+++ b/vendor/golang.org/x/sys/unix/race.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (darwin && race) || (linux && race) || (freebsd && race)
 // +build darwin,race linux,race freebsd,race
 
 package unix
diff --git a/vendor/golang.org/x/sys/unix/race0.go b/vendor/golang.org/x/sys/unix/race0.go
index dd0820431e9a5..706e1322ae416 100644
--- a/vendor/golang.org/x/sys/unix/race0.go
+++ b/vendor/golang.org/x/sys/unix/race0.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly
+//go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos
+// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/vendor/golang.org/x/sys/unix/readdirent_getdents.go
new file mode 100644
index 0000000000000..4d6257569ea8d
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdents.go
@@ -0,0 +1,13 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || dragonfly || freebsd || linux || netbsd || openbsd
+// +build aix dragonfly freebsd linux netbsd openbsd
+
+package unix
+
+// ReadDirent reads directory entries from fd and writes them into buf.
+func ReadDirent(fd int, buf []byte) (n int, err error) {
+	return Getdents(fd, buf)
+}
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
new file mode 100644
index 0000000000000..2a4ba47c45b4c
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -0,0 +1,20 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin
+// +build darwin
+
+package unix
+
+import "unsafe"
+
+// ReadDirent reads directory entries from fd and writes them into buf.
+func ReadDirent(fd int, buf []byte) (n int, err error) {
+	// Final argument is (basep *uintptr) and the syscall doesn't take nil.
+	// 64 bits should be enough. (32 bits isn't even on 386). Since the
+	// actual system call is getdirentries64, 64 is a good guess.
+	// TODO(rsc): Can we use a single global basep for all calls?
+	var base = (*uintptr)(unsafe.Pointer(new(uint64)))
+	return Getdirentries(fd, buf, base)
+}
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go b/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go
new file mode 100644
index 0000000000000..5144deeccd55b
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go
@@ -0,0 +1,16 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+// Round the length of a raw sockaddr up to align it properly.
+func cmsgAlignOf(salen int) int {
+	salign := SizeofPtr
+	if SizeofPtr == 8 && !supportsABI(_dragonflyABIChangeVersion) {
+		// 64-bit Dragonfly before the September 2019 ABI changes still requires
+		// 32-bit aligned access to network subsystem.
+		salign = 4
+	}
+	return (salen + salign - 1) & ^(salign - 1)
+}
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_linux.go b/vendor/golang.org/x/sys/unix/sockcmsg_linux.go
index 6079eb4ac1e06..326fb04a52197 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_linux.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_linux.go
@@ -17,7 +17,7 @@ func UnixCredentials(ucred *Ucred) []byte {
 	h.Level = SOL_SOCKET
 	h.Type = SCM_CREDENTIALS
 	h.SetLen(CmsgLen(SizeofUcred))
-	*((*Ucred)(cmsgData(h))) = *ucred
+	*(*Ucred)(h.data(0)) = *ucred
 	return b
 }
 
@@ -34,3 +34,56 @@ func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) {
 	ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
 	return &ucred, nil
 }
+
+// PktInfo4 encodes Inet4Pktinfo into a socket control message of type IP_PKTINFO.
+func PktInfo4(info *Inet4Pktinfo) []byte {
+	b := make([]byte, CmsgSpace(SizeofInet4Pktinfo))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_IP
+	h.Type = IP_PKTINFO
+	h.SetLen(CmsgLen(SizeofInet4Pktinfo))
+	*(*Inet4Pktinfo)(h.data(0)) = *info
+	return b
+}
+
+// PktInfo6 encodes Inet6Pktinfo into a socket control message of type IPV6_PKTINFO.
+func PktInfo6(info *Inet6Pktinfo) []byte {
+	b := make([]byte, CmsgSpace(SizeofInet6Pktinfo))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_IPV6
+	h.Type = IPV6_PKTINFO
+	h.SetLen(CmsgLen(SizeofInet6Pktinfo))
+	*(*Inet6Pktinfo)(h.data(0)) = *info
+	return b
+}
+
+// ParseOrigDstAddr decodes a socket control message containing the original
+// destination address. To receive such a message the IP_RECVORIGDSTADDR or
+// IPV6_RECVORIGDSTADDR option must be enabled on the socket.
+func ParseOrigDstAddr(m *SocketControlMessage) (Sockaddr, error) {
+	switch {
+	case m.Header.Level == SOL_IP && m.Header.Type == IP_ORIGDSTADDR:
+		pp := (*RawSockaddrInet4)(unsafe.Pointer(&m.Data[0]))
+		sa := new(SockaddrInet4)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	case m.Header.Level == SOL_IPV6 && m.Header.Type == IPV6_ORIGDSTADDR:
+		pp := (*RawSockaddrInet6)(unsafe.Pointer(&m.Data[0]))
+		sa := new(SockaddrInet6)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		sa.ZoneId = pp.Scope_id
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	default:
+		return nil, EINVAL
+	}
+}
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
index bb756ece15853..453a942c5db30 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
@@ -2,25 +2,16 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Socket control messages
 
 package unix
 
-import "unsafe"
-
-// Round the length of a raw sockaddr up to align it properly.
-func cmsgAlignOf(salen int) int {
-	salign := sizeofPtr
-	// NOTE: It seems like 64-bit Darwin, DragonFly BSD and
-	// Solaris kernels still require 32-bit aligned access to
-	// network subsystem.
-	if darwin64Bit || dragonfly64Bit || solaris64Bit {
-		salign = 4
-	}
-	return (salen + salign - 1) & ^(salign - 1)
-}
+import (
+	"unsafe"
+)
 
 // CmsgLen returns the value to store in the Len field of the Cmsghdr
 // structure, taking into account any necessary alignment.
@@ -34,8 +25,8 @@ func CmsgSpace(datalen int) int {
 	return cmsgAlignOf(SizeofCmsghdr) + cmsgAlignOf(datalen)
 }
 
-func cmsgData(h *Cmsghdr) unsafe.Pointer {
-	return unsafe.Pointer(uintptr(unsafe.Pointer(h)) + uintptr(cmsgAlignOf(SizeofCmsghdr)))
+func (h *Cmsghdr) data(offset uintptr) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(unsafe.Pointer(h)) + uintptr(cmsgAlignOf(SizeofCmsghdr)) + offset)
 }
 
 // SocketControlMessage represents a socket control message.
@@ -78,10 +69,8 @@ func UnixRights(fds ...int) []byte {
 	h.Level = SOL_SOCKET
 	h.Type = SCM_RIGHTS
 	h.SetLen(CmsgLen(datalen))
-	data := cmsgData(h)
-	for _, fd := range fds {
-		*(*int32)(data) = int32(fd)
-		data = unsafe.Pointer(uintptr(data) + 4)
+	for i, fd := range fds {
+		*(*int32)(h.data(4 * uintptr(i))) = int32(fd)
 	}
 	return b
 }
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
new file mode 100644
index 0000000000000..0840fe4a57491
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
@@ -0,0 +1,47 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin freebsd linux netbsd openbsd solaris zos
+
+package unix
+
+import (
+	"runtime"
+)
+
+// Round the length of a raw sockaddr up to align it properly.
+func cmsgAlignOf(salen int) int {
+	salign := SizeofPtr
+
+	// dragonfly needs to check ABI version at runtime, see cmsgAlignOf in
+	// sockcmsg_dragonfly.go
+	switch runtime.GOOS {
+	case "aix":
+		// There is no alignment on AIX.
+		salign = 1
+	case "darwin", "ios", "illumos", "solaris":
+		// NOTE: It seems like 64-bit Darwin, Illumos and Solaris
+		// kernels still require 32-bit aligned access to network
+		// subsystem.
+		if SizeofPtr == 8 {
+			salign = 4
+		}
+	case "netbsd", "openbsd":
+		// NetBSD and OpenBSD armv7 require 64-bit alignment.
+		if runtime.GOARCH == "arm" {
+			salign = 8
+		}
+		// NetBSD aarch64 requires 128-bit alignment.
+		if runtime.GOOS == "netbsd" && runtime.GOARCH == "arm64" {
+			salign = 16
+		}
+	case "zos":
+		// z/OS socket macros use [32-bit] sizeof(int) alignment,
+		// not pointer width.
+		salign = SizeofInt
+	}
+
+	return (salen + salign - 1) & ^(salign - 1)
+}
diff --git a/vendor/golang.org/x/sys/unix/str.go b/vendor/golang.org/x/sys/unix/str.go
index 35ed6643536f4..8ba89ed8694f4 100644
--- a/vendor/golang.org/x/sys/unix/str.go
+++ b/vendor/golang.org/x/sys/unix/str.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall.go b/vendor/golang.org/x/sys/unix/syscall.go
index ef35fce8041a1..649fa87405d16 100644
--- a/vendor/golang.org/x/sys/unix/syscall.go
+++ b/vendor/golang.org/x/sys/unix/syscall.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Package unix contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
@@ -24,7 +25,13 @@
 // holds a value of type syscall.Errno.
 package unix // import "golang.org/x/sys/unix"
 
-import "strings"
+import (
+	"bytes"
+	"strings"
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
+)
 
 // ByteSliceFromString returns a NUL-terminated slice of bytes
 // containing the text of s. If s contains a NUL byte at any
@@ -49,6 +56,40 @@ func BytePtrFromString(s string) (*byte, error) {
 	return &a[0], nil
 }
 
+// ByteSliceToString returns a string form of the text represented by the slice s, with a terminating NUL and any
+// bytes after the NUL removed.
+func ByteSliceToString(s []byte) string {
+	if i := bytes.IndexByte(s, 0); i != -1 {
+		s = s[:i]
+	}
+	return string(s)
+}
+
+// BytePtrToString takes a pointer to a sequence of text and returns the corresponding string.
+// If the pointer is nil, it returns the empty string. It assumes that the text sequence is terminated
+// at a zero byte; if the zero byte is not present, the program may crash.
+func BytePtrToString(p *byte) string {
+	if p == nil {
+		return ""
+	}
+	if *p == 0 {
+		return ""
+	}
+
+	// Find NUL terminator.
+	n := 0
+	for ptr := unsafe.Pointer(p); *(*byte)(ptr) != 0; n++ {
+		ptr = unsafe.Pointer(uintptr(ptr) + 1)
+	}
+
+	var s []byte
+	h := (*unsafeheader.Slice)(unsafe.Pointer(&s))
+	h.Data = unsafe.Pointer(p)
+	h.Len = n
+	h.Cap = n
+
+	return string(s)
+}
+
 // Single-word zero for use when we need a valid pointer to 0 bytes.
-// See mkunix.pl.
 var _zero uintptr
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
new file mode 100644
index 0000000000000..d8efb715ff1dc
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -0,0 +1,553 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix
+// +build aix
+
+// Aix system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and
+// wrap it in our own nicer implementation.
+
+package unix
+
+import "unsafe"
+
+/*
+ * Wrapped
+ */
+
+func Access(path string, mode uint32) (err error) {
+	return Faccessat(AT_FDCWD, path, mode, 0)
+}
+
+func Chmod(path string, mode uint32) (err error) {
+	return Fchmodat(AT_FDCWD, path, mode, 0)
+}
+
+func Chown(path string, uid int, gid int) (err error) {
+	return Fchownat(AT_FDCWD, path, uid, gid, 0)
+}
+
+func Creat(path string, mode uint32) (fd int, err error) {
+	return Open(path, O_CREAT|O_WRONLY|O_TRUNC, mode)
+}
+
+//sys	utimes(path string, times *[2]Timeval) (err error)
+func Utimes(path string, tv []Timeval) error {
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+//sys	utimensat(dirfd int, path string, times *[2]Timespec, flag int) (err error)
+func UtimesNano(path string, ts []Timespec) error {
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) error {
+	if ts == nil {
+		return utimensat(dirfd, path, nil, flags)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags)
+}
+
+func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_INET
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrInet4, nil
+}
+
+func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_INET6
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrInet6, nil
+}
+
+func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	name := sa.Name
+	n := len(name)
+	if n > len(sa.raw.Path) {
+		return nil, 0, EINVAL
+	}
+	if n == len(sa.raw.Path) && name[0] != '@' {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_UNIX
+	for i := 0; i < n; i++ {
+		sa.raw.Path[i] = uint8(name[i])
+	}
+	// length is family (uint16), name, NUL.
+	sl := _Socklen(2)
+	if n > 0 {
+		sl += _Socklen(n) + 1
+	}
+	if sa.raw.Path[0] == '@' {
+		sa.raw.Path[0] = 0
+		// Don't count trailing NUL for abstract address.
+		sl--
+	}
+
+	return unsafe.Pointer(&sa.raw), sl, nil
+}
+
+func Getsockname(fd int) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if err = getsockname(fd, &rsa, &len); err != nil {
+		return
+	}
+	return anyToSockaddr(fd, &rsa)
+}
+
+//sys	getcwd(buf []byte) (err error)
+
+const ImplementsGetwd = true
+
+func Getwd() (ret string, err error) {
+	for len := uint64(4096); ; len *= 2 {
+		b := make([]byte, len)
+		err := getcwd(b)
+		if err == nil {
+			i := 0
+			for b[i] != 0 {
+				i++
+			}
+			return string(b[0:i]), nil
+		}
+		if err != ERANGE {
+			return "", err
+		}
+	}
+}
+
+func Getcwd(buf []byte) (n int, err error) {
+	err = getcwd(buf)
+	if err == nil {
+		i := 0
+		for buf[i] != 0 {
+			i++
+		}
+		n = i + 1
+	}
+	return
+}
+
+func Getgroups() (gids []int, err error) {
+	n, err := getgroups(0, nil)
+	if err != nil {
+		return nil, err
+	}
+	if n == 0 {
+		return nil, nil
+	}
+
+	// Sanity check group count. Max is 16 on BSD.
+	if n < 0 || n > 1000 {
+		return nil, EINVAL
+	}
+
+	a := make([]_Gid_t, n)
+	n, err = getgroups(n, &a[0])
+	if err != nil {
+		return nil, err
+	}
+	gids = make([]int, n)
+	for i, v := range a[0:n] {
+		gids[i] = int(v)
+	}
+	return
+}
+
+func Setgroups(gids []int) (err error) {
+	if len(gids) == 0 {
+		return setgroups(0, nil)
+	}
+
+	a := make([]_Gid_t, len(gids))
+	for i, v := range gids {
+		a[i] = _Gid_t(v)
+	}
+	return setgroups(len(a), &a[0])
+}
+
+/*
+ * Socket
+ */
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+
+func Accept(fd int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept(fd, &rsa, &len)
+	if nfd == -1 {
+		return
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
+	// Recvmsg not implemented on AIX
+	sa := new(SockaddrUnix)
+	return -1, -1, -1, sa, ENOSYS
+}
+
+func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) {
+	_, err = SendmsgN(fd, p, oob, to, flags)
+	return
+}
+
+func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) {
+	// SendmsgN not implemented on AIX
+	return -1, ENOSYS
+}
+
+func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	switch rsa.Addr.Family {
+
+	case AF_UNIX:
+		pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa))
+		sa := new(SockaddrUnix)
+
+		// Some versions of AIX have a bug in getsockname (see IV78655).
+		// We can't rely on sa.Len being set correctly.
+		n := SizeofSockaddrUnix - 3 // subtract leading Family, Len, terminating NUL.
+		for i := 0; i < n; i++ {
+			if pp.Path[i] == 0 {
+				n = i
+				break
+			}
+		}
+
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		sa.Name = string(bytes)
+		return sa, nil
+
+	case AF_INET:
+		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet4)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	case AF_INET6:
+		pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet6)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		sa.ZoneId = pp.Scope_id
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+	}
+	return nil, EAFNOSUPPORT
+}
+
+func Gettimeofday(tv *Timeval) (err error) {
+	err = gettimeofday(tv, nil)
+	return
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+// TODO
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	return -1, ENOSYS
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	reclen, ok := direntReclen(buf)
+	if !ok {
+		return 0, false
+	}
+	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
+}
+
+//sys	getdirent(fd int, buf []byte) (n int, err error)
+func Getdents(fd int, buf []byte) (n int, err error) {
+	return getdirent(fd, buf)
+}
+
+//sys	wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, err error)
+func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	var status _C_int
+	var r Pid_t
+	err = ERESTART
+	// AIX wait4 may return with ERESTART errno, while the processus is still
+	// active.
+	for err == ERESTART {
+		r, err = wait4(Pid_t(pid), &status, options, rusage)
+	}
+	wpid = int(r)
+	if wstatus != nil {
+		*wstatus = WaitStatus(status)
+	}
+	return
+}
+
+/*
+ * Wait
+ */
+
+type WaitStatus uint32
+
+func (w WaitStatus) Stopped() bool { return w&0x40 != 0 }
+func (w WaitStatus) StopSignal() Signal {
+	if !w.Stopped() {
+		return -1
+	}
+	return Signal(w>>8) & 0xFF
+}
+
+func (w WaitStatus) Exited() bool { return w&0xFF == 0 }
+func (w WaitStatus) ExitStatus() int {
+	if !w.Exited() {
+		return -1
+	}
+	return int((w >> 8) & 0xFF)
+}
+
+func (w WaitStatus) Signaled() bool { return w&0x40 == 0 && w&0xFF != 0 }
+func (w WaitStatus) Signal() Signal {
+	if !w.Signaled() {
+		return -1
+	}
+	return Signal(w>>16) & 0xFF
+}
+
+func (w WaitStatus) Continued() bool { return w&0x01000000 != 0 }
+
+func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 }
+
+func (w WaitStatus) TrapCause() int { return -1 }
+
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+
+// fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX
+// There is no way to create a custom fcntl and to keep //sys fcntl easily,
+// Therefore, the programmer must call dup2 instead of fcntl in this case.
+
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+//sys	FcntlInt(fd uintptr, cmd int, arg int) (r int,err error) = fcntl
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+//sys	FcntlFlock(fd uintptr, cmd int, lk *Flock_t) (err error) = fcntl
+
+//sys	fcntl(fd int, cmd int, arg int) (val int, err error)
+
+/*
+ * Direct access
+ */
+
+//sys	Acct(path string) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chroot(path string) (err error)
+//sys	Close(fd int) (err error)
+//sys	Dup(oldfd int) (fd int, err error)
+//sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Fdatasync(fd int) (err error)
+//sys	Fsync(fd int) (err error)
+// readdir_r
+//sysnb	Getpgid(pid int) (pgid int, err error)
+
+//sys	Getpgrp() (pid int)
+
+//sysnb	Getpid() (pid int)
+//sysnb	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Kill(pid int, sig Signal) (err error)
+//sys	Klogctl(typ int, buf []byte) (n int, err error) = syslog
+//sys	Mkdir(dirfd int, path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
+//sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
+//sys	Open(path string, mode int, perm uint32) (fd int, err error) = open64
+//sys	Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Setdomainname(p []byte) (err error)
+//sys	Sethostname(p []byte) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Settimeofday(tv *Timeval) (err error)
+
+//sys	Setuid(uid int) (err error)
+//sys	Setgid(uid int) (err error)
+
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sys	Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error)
+//sys	Sync()
+//sysnb	Times(tms *Tms) (ticks uintptr, err error)
+//sysnb	Umask(mask int) (oldmask int)
+//sysnb	Uname(buf *Utsname) (err error)
+//sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	write(fd int, p []byte) (n int, err error)
+//sys	readlen(fd int, p *byte, np int) (n int, err error) = read
+//sys	writelen(fd int, p *byte, np int) (n int, err error) = write
+
+//sys	Dup2(oldfd int, newfd int) (err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = posix_fadvise64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	fstat(fd int, stat *Stat_t) (err error)
+//sys	fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = fstatat
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getuid() (uid int)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+//sys	lstat(path string, stat *Stat_t) (err error)
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = pread64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = pwrite64
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sys	Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+//sys	stat(path string, statptr *Stat_t) (err error)
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	Truncate(path string, length int64) (err error)
+
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+
+// In order to use msghdr structure with Control, Controllen, nrecvmsg and nsendmsg must be used.
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = nrecvmsg
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = nsendmsg
+
+//sys	munmap(addr uintptr, length uintptr) (err error)
+
+var mapper = &mmapper{
+	active: make(map[*byte][]byte),
+	mmap:   mmap,
+	munmap: munmap,
+}
+
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+	return mapper.Munmap(b)
+}
+
+//sys	Madvise(b []byte, advice int) (err error)
+//sys	Mprotect(b []byte, prot int) (err error)
+//sys	Mlock(b []byte) (err error)
+//sys	Mlockall(flags int) (err error)
+//sys	Msync(b []byte, flags int) (err error)
+//sys	Munlock(b []byte) (err error)
+//sys	Munlockall() (err error)
+
+//sysnb	pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe(&pp)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+//sys	gettimeofday(tv *Timeval, tzp *Timezone) (err error)
+//sysnb	Time(t *Time_t) (tt Time_t, err error)
+//sys	Utime(path string, buf *Utimbuf) (err error)
+
+//sys	Getsystemcfg(label int) (n uint64)
+
+//sys	umount(target string) (err error)
+func Unmount(target string, flags int) (err error) {
+	if flags != 0 {
+		// AIX doesn't have any flags for umount.
+		return ENOSYS
+	}
+	return umount(target)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
new file mode 100644
index 0000000000000..e92a0be1630c7
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
@@ -0,0 +1,54 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix && ppc
+// +build aix,ppc
+
+package unix
+
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error) = getrlimit64
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error) = setrlimit64
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = lseek64
+
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func Fstat(fd int, stat *Stat_t) error {
+	return fstat(fd, stat)
+}
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) error {
+	return fstatat(dirfd, path, stat, flags)
+}
+
+func Lstat(path string, stat *Stat_t) error {
+	return lstat(path, stat)
+}
+
+func Stat(path string, statptr *Stat_t) error {
+	return stat(path, statptr)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
new file mode 100644
index 0000000000000..16eed17098e5f
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
@@ -0,0 +1,85 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix && ppc64
+// +build aix,ppc64
+
+package unix
+
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = lseek
+
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) = mmap64
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int64(sec), Usec: int32(usec)}
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// In order to only have Timespec structure, type of Stat_t's fields
+// Atim, Mtim and Ctim is changed from StTimespec to Timespec during
+// ztypes generation.
+// On ppc64, Timespec.Nsec is an int64 while StTimespec.Nsec is an
+// int32, so the fields' value must be modified.
+func fixStatTimFields(stat *Stat_t) {
+	stat.Atim.Nsec >>= 32
+	stat.Mtim.Nsec >>= 32
+	stat.Ctim.Nsec >>= 32
+}
+
+func Fstat(fd int, stat *Stat_t) error {
+	err := fstat(fd, stat)
+	if err != nil {
+		return err
+	}
+	fixStatTimFields(stat)
+	return nil
+}
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) error {
+	err := fstatat(dirfd, path, stat, flags)
+	if err != nil {
+		return err
+	}
+	fixStatTimFields(stat)
+	return nil
+}
+
+func Lstat(path string, stat *Stat_t) error {
+	err := lstat(path, stat)
+	if err != nil {
+		return err
+	}
+	fixStatTimFields(stat)
+	return nil
+}
+
+func Stat(path string, statptr *Stat_t) error {
+	err := stat(path, statptr)
+	if err != nil {
+		return err
+	}
+	fixStatTimFields(statptr)
+	return nil
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 33c8b5f0db728..95ac3946b5cc1 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build darwin || dragonfly || freebsd || netbsd || openbsd
 // +build darwin dragonfly freebsd netbsd openbsd
 
 // BSD system call wrappers shared by *BSD based systems
@@ -18,6 +19,21 @@ import (
 	"unsafe"
 )
 
+const ImplementsGetwd = true
+
+func Getwd() (string, error) {
+	var buf [PathMax]byte
+	_, err := Getcwd(buf[0:])
+	if err != nil {
+		return "", err
+	}
+	n := clen(buf[:])
+	if n < 1 {
+		return "", EINVAL
+	}
+	return string(buf[:n]), nil
+}
+
 /*
  * Wrapped
  */
@@ -63,15 +79,6 @@ func Setgroups(gids []int) (err error) {
 	return setgroups(len(a), &a[0])
 }
 
-func ReadDirent(fd int, buf []byte) (n int, err error) {
-	// Final argument is (basep *uintptr) and the syscall doesn't take nil.
-	// 64 bits should be enough. (32 bits isn't even on 386). Since the
-	// actual system call is getdirentries64, 64 is a good guess.
-	// TODO(rsc): Can we use a single global basep for all calls?
-	var base = (*uintptr)(unsafe.Pointer(new(uint64)))
-	return Getdirentries(fd, buf, base)
-}
-
 // Wait status is 7 bits at bottom, either 0 (exited),
 // 0x7F (stopped), or a signal number that caused an exit.
 // The 0x80 bit is whether there was a core dump.
@@ -86,6 +93,7 @@ const (
 	shift = 8
 
 	exited  = 0
+	killed  = 9
 	stopped = 0x7F
 )
 
@@ -112,6 +120,8 @@ func (w WaitStatus) CoreDump() bool { return w.Signaled() && w&core != 0 }
 
 func (w WaitStatus) Stopped() bool { return w&mask == stopped && syscall.Signal(w>>shift) != SIGSTOP }
 
+func (w WaitStatus) Killed() bool { return w&mask == killed && syscall.Signal(w>>shift) != SIGKILL }
+
 func (w WaitStatus) Continued() bool { return w&mask == stopped && syscall.Signal(w>>shift) == SIGSTOP }
 
 func (w WaitStatus) StopSignal() syscall.Signal {
@@ -243,7 +253,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				break
 			}
 		}
-		bytes := (*[10000]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
 		sa.Name = string(bytes)
 		return sa, nil
 
@@ -268,7 +278,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		}
 		return sa, nil
 	}
-	return nil, EAFNOSUPPORT
+	return anyToSockaddrGOOS(fd, rsa)
 }
 
 func Accept(fd int) (nfd int, sa Sockaddr, err error) {
@@ -278,7 +288,7 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) {
 	if err != nil {
 		return
 	}
-	if runtime.GOOS == "darwin" && len == 0 {
+	if (runtime.GOOS == "darwin" || runtime.GOOS == "ios") && len == 0 {
 		// Accepted socket has no address.
 		// This is likely due to a bug in xnu kernels,
 		// where instead of ECONNABORTED error socket
@@ -309,7 +319,7 @@ func Getsockname(fd int) (sa Sockaddr, err error) {
 	return anyToSockaddr(fd, &rsa)
 }
 
-//sysnb socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
 
 // GetsockoptString returns the string value of the socket option opt for the
 // socket associated with fd at the given socket level.
@@ -323,8 +333,8 @@ func GetsockoptString(fd, level, opt int) (string, error) {
 	return string(buf[:vallen-1]), nil
 }
 
-//sys   recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
-//sys   sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
 
 func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
@@ -419,8 +429,6 @@ func Kevent(kq int, changes, events []Kevent_t, timeout *Timespec) (n int, err e
 	return kevent(kq, change, len(changes), event, len(events), timeout)
 }
 
-//sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
-
 // sysctlmib translates name to mib number and appends any additional args.
 func sysctlmib(name string, args ...int) ([]_C_int, error) {
 	// Translate name to mib number.
@@ -518,6 +526,40 @@ func SysctlRaw(name string, args ...int) ([]byte, error) {
 	return buf[:n], nil
 }
 
+func SysctlClockinfo(name string) (*Clockinfo, error) {
+	mib, err := sysctlmib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	n := uintptr(SizeofClockinfo)
+	var ci Clockinfo
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&ci)), &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n != SizeofClockinfo {
+		return nil, EIO
+	}
+	return &ci, nil
+}
+
+func SysctlTimeval(name string) (*Timeval, error) {
+	mib, err := sysctlmib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	var tv Timeval
+	n := uintptr(unsafe.Sizeof(tv))
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&tv)), &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n != unsafe.Sizeof(tv) {
+		return nil, EIO
+	}
+	return &tv, nil
+}
+
 //sys	utimes(path string, timeval *[2]Timeval) (err error)
 
 func Utimes(path string, tv []Timeval) error {
@@ -585,9 +627,7 @@ func Futimes(fd int, tv []Timeval) error {
 	return futimes(fd, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
 }
 
-//sys	fcntl(fd int, cmd int, arg int) (val int, err error)
-
-//sys   poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
 
 func Poll(fds []PollFd, timeout int) (n int, err error) {
 	if len(fds) == 0 {
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go b/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go
new file mode 100644
index 0000000000000..b0098607c7067
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go
@@ -0,0 +1,32 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin && go1.12 && !go1.13
+// +build darwin,go1.12,!go1.13
+
+package unix
+
+import (
+	"unsafe"
+)
+
+const _SYS_GETDIRENTRIES64 = 344
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	// To implement this using libSystem we'd need syscall_syscallPtr for
+	// fdopendir. However, syscallPtr was only added in Go 1.13, so we fall
+	// back to raw syscalls for this func on Go 1.12.
+	var p unsafe.Pointer
+	if len(buf) > 0 {
+		p = unsafe.Pointer(&buf[0])
+	} else {
+		p = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(_SYS_GETDIRENTRIES64, uintptr(fd), uintptr(p), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		return n, errnoErr(e1)
+	}
+	return n, nil
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go b/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
new file mode 100644
index 0000000000000..1596426b1e2ec
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
@@ -0,0 +1,108 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin && go1.13
+// +build darwin,go1.13
+
+package unix
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
+)
+
+//sys	closedir(dir uintptr) (err error)
+//sys	readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno)
+
+func fdopendir(fd int) (dir uintptr, err error) {
+	r0, _, e1 := syscall_syscallPtr(libc_fdopendir_trampoline_addr, uintptr(fd), 0, 0)
+	dir = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fdopendir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fdopendir fdopendir "/usr/lib/libSystem.B.dylib"
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	// Simulate Getdirentries using fdopendir/readdir_r/closedir.
+	// We store the number of entries to skip in the seek
+	// offset of fd. See issue #31368.
+	// It's not the full required semantics, but should handle the case
+	// of calling Getdirentries or ReadDirent repeatedly.
+	// It won't handle assigning the results of lseek to *basep, or handle
+	// the directory being edited underfoot.
+	skip, err := Seek(fd, 0, 1 /* SEEK_CUR */)
+	if err != nil {
+		return 0, err
+	}
+
+	// We need to duplicate the incoming file descriptor
+	// because the caller expects to retain control of it, but
+	// fdopendir expects to take control of its argument.
+	// Just Dup'ing the file descriptor is not enough, as the
+	// result shares underlying state. Use Openat to make a really
+	// new file descriptor referring to the same directory.
+	fd2, err := Openat(fd, ".", O_RDONLY, 0)
+	if err != nil {
+		return 0, err
+	}
+	d, err := fdopendir(fd2)
+	if err != nil {
+		Close(fd2)
+		return 0, err
+	}
+	defer closedir(d)
+
+	var cnt int64
+	for {
+		var entry Dirent
+		var entryp *Dirent
+		e := readdir_r(d, &entry, &entryp)
+		if e != 0 {
+			return n, errnoErr(e)
+		}
+		if entryp == nil {
+			break
+		}
+		if skip > 0 {
+			skip--
+			cnt++
+			continue
+		}
+
+		reclen := int(entry.Reclen)
+		if reclen > len(buf) {
+			// Not enough room. Return for now.
+			// The counter will let us know where we should start up again.
+			// Note: this strategy for suspending in the middle and
+			// restarting is O(n^2) in the length of the directory. Oh well.
+			break
+		}
+
+		// Copy entry into return buffer.
+		var s []byte
+		hdr := (*unsafeheader.Slice)(unsafe.Pointer(&s))
+		hdr.Data = unsafe.Pointer(&entry)
+		hdr.Cap = reclen
+		hdr.Len = reclen
+		copy(buf, s)
+
+		buf = buf[reclen:]
+		n += reclen
+		cnt++
+	}
+	// Set the seek offset of the input fd to record
+	// how many files we've already returned.
+	_, err = Seek(fd, cnt, 0 /* SEEK_SET */)
+	if err != nil {
+		return n, err
+	}
+
+	return n, nil
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 79e94767deb22..a8c13317d75d5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -13,29 +13,12 @@
 package unix
 
 import (
-	"errors"
+	"fmt"
+	"runtime"
 	"syscall"
 	"unsafe"
 )
 
-const ImplementsGetwd = true
-
-func Getwd() (string, error) {
-	buf := make([]byte, 2048)
-	attrs, err := getAttrList(".", attrList{CommonAttr: attrCmnFullpath}, buf, 0)
-	if err == nil && len(attrs) == 1 && len(attrs[0]) >= 2 {
-		wd := string(attrs[0])
-		// Sanity check that it's an absolute path and ends
-		// in a null byte, which we then strip.
-		if wd[0] == '/' && wd[len(wd)-1] == 0 {
-			return wd[:len(wd)-1], nil
-		}
-	}
-	// If pkg/os/getwd.go gets ENOTSUP, it will fall back to the
-	// slow algorithm.
-	return "", ENOTSUP
-}
-
 // SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
 type SockaddrDatalink struct {
 	Len    uint8
@@ -49,6 +32,72 @@ type SockaddrDatalink struct {
 	raw    RawSockaddrDatalink
 }
 
+// SockaddrCtl implements the Sockaddr interface for AF_SYSTEM type sockets.
+type SockaddrCtl struct {
+	ID   uint32
+	Unit uint32
+	raw  RawSockaddrCtl
+}
+
+func (sa *SockaddrCtl) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Sc_len = SizeofSockaddrCtl
+	sa.raw.Sc_family = AF_SYSTEM
+	sa.raw.Ss_sysaddr = AF_SYS_CONTROL
+	sa.raw.Sc_id = sa.ID
+	sa.raw.Sc_unit = sa.Unit
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrCtl, nil
+}
+
+// SockaddrVM implements the Sockaddr interface for AF_VSOCK type sockets.
+// SockaddrVM provides access to Darwin VM sockets: a mechanism that enables
+// bidirectional communication between a hypervisor and its guest virtual
+// machines.
+type SockaddrVM struct {
+	// CID and Port specify a context ID and port address for a VM socket.
+	// Guests have a unique CID, and hosts may have a well-known CID of:
+	//  - VMADDR_CID_HYPERVISOR: refers to the hypervisor process.
+	//  - VMADDR_CID_LOCAL: refers to local communication (loopback).
+	//  - VMADDR_CID_HOST: refers to other processes on the host.
+	CID  uint32
+	Port uint32
+	raw  RawSockaddrVM
+}
+
+func (sa *SockaddrVM) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Len = SizeofSockaddrVM
+	sa.raw.Family = AF_VSOCK
+	sa.raw.Port = sa.Port
+	sa.raw.Cid = sa.CID
+
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrVM, nil
+}
+
+func anyToSockaddrGOOS(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	switch rsa.Addr.Family {
+	case AF_SYSTEM:
+		pp := (*RawSockaddrCtl)(unsafe.Pointer(rsa))
+		if pp.Ss_sysaddr == AF_SYS_CONTROL {
+			sa := new(SockaddrCtl)
+			sa.ID = pp.Sc_id
+			sa.Unit = pp.Sc_unit
+			return sa, nil
+		}
+	case AF_VSOCK:
+		pp := (*RawSockaddrVM)(unsafe.Pointer(rsa))
+		sa := &SockaddrVM{
+			CID:  pp.Cid,
+			Port: pp.Port,
+		}
+		return sa, nil
+	}
+	return nil, EAFNOSUPPORT
+}
+
+// Some external packages rely on SYS___SYSCTL being defined to implement their
+// own sysctl wrappers. Provide it here, even though direct syscalls are no
+// longer supported on darwin.
+const SYS___SYSCTL = SYS_SYSCTL
+
 // Translate "kern.hostname" to []_C_int{0,1,2,3}.
 func nametomib(name string) (mib []_C_int, err error) {
 	const siz = unsafe.Sizeof(mib[0])
@@ -77,15 +126,21 @@ func nametomib(name string) (mib []_C_int, err error) {
 	return buf[0 : n/siz], nil
 }
 
-//sys   ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
 func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) }
 func PtraceDetach(pid int) (err error) { return ptrace(PT_DETACH, pid, 0, 0) }
 
-const (
-	attrBitMapCount = 5
-	attrCmnFullpath = 0x08000000
-)
-
 type attrList struct {
 	bitmapCount uint16
 	_           uint16
@@ -96,68 +151,16 @@ type attrList struct {
 	Forkattr    uint32
 }
 
-func getAttrList(path string, attrList attrList, attrBuf []byte, options uint) (attrs [][]byte, err error) {
-	if len(attrBuf) < 4 {
-		return nil, errors.New("attrBuf too small")
-	}
-	attrList.bitmapCount = attrBitMapCount
-
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return nil, err
-	}
-
-	_, _, e1 := Syscall6(
-		SYS_GETATTRLIST,
-		uintptr(unsafe.Pointer(_p0)),
-		uintptr(unsafe.Pointer(&attrList)),
-		uintptr(unsafe.Pointer(&attrBuf[0])),
-		uintptr(len(attrBuf)),
-		uintptr(options),
-		0,
-	)
-	if e1 != 0 {
-		return nil, e1
-	}
-	size := *(*uint32)(unsafe.Pointer(&attrBuf[0]))
-
-	// dat is the section of attrBuf that contains valid data,
-	// without the 4 byte length header. All attribute offsets
-	// are relative to dat.
-	dat := attrBuf
-	if int(size) < len(attrBuf) {
-		dat = dat[:size]
-	}
-	dat = dat[4:] // remove length prefix
-
-	for i := uint32(0); int(i) < len(dat); {
-		header := dat[i:]
-		if len(header) < 8 {
-			return attrs, errors.New("truncated attribute header")
-		}
-		datOff := *(*int32)(unsafe.Pointer(&header[0]))
-		attrLen := *(*uint32)(unsafe.Pointer(&header[4]))
-		if datOff < 0 || uint32(datOff)+attrLen > uint32(len(dat)) {
-			return attrs, errors.New("truncated results; attrBuf too small")
-		}
-		end := uint32(datOff) + attrLen
-		attrs = append(attrs, dat[datOff:end])
-		i = end
-		if r := i % 4; r != 0 {
-			i += (4 - r)
-		}
-	}
-	return
-}
-
-//sysnb pipe() (r int, w int, err error)
+//sysnb	pipe(p *[2]int32) (err error)
 
 func Pipe(p []int) (err error) {
 	if len(p) != 2 {
 		return EINVAL
 	}
-	p[0], p[1], err = pipe()
+	var x [2]int32
+	err = pipe(&x)
+	p[0] = int(x[0])
+	p[1] = int(x[1])
 	return
 }
 
@@ -168,12 +171,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 		_p0 = unsafe.Pointer(&buf[0])
 		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
 	}
-	r0, _, e1 := Syscall(SYS_GETFSSTAT64, uintptr(_p0), bufsize, uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
+	return getfsstat(_p0, bufsize, flags)
 }
 
 func xattrPointer(dest []byte) *byte {
@@ -199,7 +197,13 @@ func Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
 	return getxattr(link, attr, xattrPointer(dest), len(dest), 0, XATTR_NOFOLLOW)
 }
 
-//sys  setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error)
+//sys	fgetxattr(fd int, attr string, dest *byte, size int, position uint32, options int) (sz int, err error)
+
+func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	return fgetxattr(fd, attr, xattrPointer(dest), len(dest), 0, 0)
+}
+
+//sys	setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error)
 
 func Setxattr(path string, attr string, data []byte, flags int) (err error) {
 	// The parameters for the OS X implementation vary slightly compared to the
@@ -235,7 +239,13 @@ func Lsetxattr(link string, attr string, data []byte, flags int) (err error) {
 	return setxattr(link, attr, xattrPointer(data), len(data), 0, flags|XATTR_NOFOLLOW)
 }
 
-//sys removexattr(path string, attr string, options int) (err error)
+//sys	fsetxattr(fd int, attr string, data *byte, size int, position uint32, options int) (err error)
+
+func Fsetxattr(fd int, attr string, data []byte, flags int) (err error) {
+	return fsetxattr(fd, attr, xattrPointer(data), len(data), 0, 0)
+}
+
+//sys	removexattr(path string, attr string, options int) (err error)
 
 func Removexattr(path string, attr string) (err error) {
 	// We wrap around and explicitly zero out the options provided to the OS X
@@ -248,6 +258,12 @@ func Lremovexattr(link string, attr string) (err error) {
 	return removexattr(link, attr, XATTR_NOFOLLOW)
 }
 
+//sys	fremovexattr(fd int, attr string, options int) (err error)
+
+func Fremovexattr(fd int, attr string) (err error) {
+	return fremovexattr(fd, attr, 0)
+}
+
 //sys	listxattr(path string, dest *byte, size int, options int) (sz int, err error)
 
 func Listxattr(path string, dest []byte) (sz int, err error) {
@@ -258,6 +274,12 @@ func Llistxattr(link string, dest []byte) (sz int, err error) {
 	return listxattr(link, xattrPointer(dest), len(dest), XATTR_NOFOLLOW)
 }
 
+//sys	flistxattr(fd int, dest *byte, size int, options int) (sz int, err error)
+
+func Flistxattr(fd int, dest []byte) (sz int, err error) {
+	return flistxattr(fd, xattrPointer(dest), len(dest), 0)
+}
+
 func setattrlistTimes(path string, times []Timespec, flags int) error {
 	_p0, err := BytePtrFromString(path)
 	if err != nil {
@@ -274,21 +296,16 @@ func setattrlistTimes(path string, times []Timespec, flags int) error {
 	if flags&AT_SYMLINK_NOFOLLOW != 0 {
 		options |= FSOPT_NOFOLLOW
 	}
-	_, _, e1 := Syscall6(
-		SYS_SETATTRLIST,
-		uintptr(unsafe.Pointer(_p0)),
-		uintptr(unsafe.Pointer(&attrList)),
-		uintptr(unsafe.Pointer(&attributes)),
-		uintptr(unsafe.Sizeof(attributes)),
-		uintptr(options),
-		0,
-	)
-	if e1 != 0 {
-		return e1
-	}
-	return nil
+	return setattrlist(
+		_p0,
+		unsafe.Pointer(&attrList),
+		unsafe.Pointer(&attributes),
+		unsafe.Sizeof(attributes),
+		options)
 }
 
+//sys	setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error)
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) error {
 	// Darwin doesn't support SYS_UTIMENSAT
 	return ENOSYS
@@ -298,48 +315,44 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) error {
  * Wrapped
  */
 
+//sys	fcntl(fd int, cmd int, arg int) (val int, err error)
+
 //sys	kill(pid int, signum int, posix int) (err error)
 
 func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
 
-// ioctl itself should not be exposed directly, but additional get/set
-// functions for specific types are permissible.
-
-// IoctlSetInt performs an ioctl operation which sets an integer value
-// on fd, using the specified request number.
-func IoctlSetInt(fd int, req uint, value int) error {
-	return ioctl(fd, req, uintptr(value))
+func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error {
+	err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo)))
+	runtime.KeepAlive(ctlInfo)
+	return err
 }
 
-func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+// IfreqMTU is struct ifreq used to get or set a network device's MTU.
+type IfreqMTU struct {
+	Name [IFNAMSIZ]byte
+	MTU  int32
 }
 
-func IoctlSetTermios(fd int, req uint, value *Termios) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+// IoctlGetIfreqMTU performs the SIOCGIFMTU ioctl operation on fd to get the MTU
+// of the network device specified by ifname.
+func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) {
+	var ifreq IfreqMTU
+	copy(ifreq.Name[:], ifname)
+	err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq)))
+	return &ifreq, err
 }
 
-// IoctlGetInt performs an ioctl operation which gets an integer value
-// from fd, using the specified request number.
-func IoctlGetInt(fd int, req uint) (int, error) {
-	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return value, err
+// IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU
+// of the network device specified by ifreq.Name.
+func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error {
+	err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq)))
+	runtime.KeepAlive(ifreq)
+	return err
 }
 
-func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
-	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-func IoctlGetTermios(fd int, req uint) (*Termios, error) {
-	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
+//sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL
 
 func Uname(uname *Utsname) error {
 	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
@@ -387,6 +400,75 @@ func Uname(uname *Utsname) error {
 	return nil
 }
 
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	var length = int64(count)
+	err = sendfile(infd, outfd, *offset, &length, nil, 0)
+	written = int(length)
+	return
+}
+
+func GetsockoptIPMreqn(fd, level, opt int) (*IPMreqn, error) {
+	var value IPMreqn
+	vallen := _Socklen(SizeofIPMreqn)
+	errno := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, errno
+}
+
+func SetsockoptIPMreqn(fd, level, opt int, mreq *IPMreqn) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), unsafe.Sizeof(*mreq))
+}
+
+// GetsockoptXucred is a getsockopt wrapper that returns an Xucred struct.
+// The usual level and opt are SOL_LOCAL and LOCAL_PEERCRED, respectively.
+func GetsockoptXucred(fd, level, opt int) (*Xucred, error) {
+	x := new(Xucred)
+	vallen := _Socklen(SizeofXucred)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(x), &vallen)
+	return x, err
+}
+
+func SysctlKinfoProcSlice(name string) ([]KinfoProc, error) {
+	mib, err := sysctlmib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	// Find size.
+	n := uintptr(0)
+	if err := sysctl(mib, nil, &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n == 0 {
+		return nil, nil
+	}
+	if n%SizeofKinfoProc != 0 {
+		return nil, fmt.Errorf("sysctl() returned a size of %d, which is not a multiple of %d", n, SizeofKinfoProc)
+	}
+
+	// Read into buffer of that size.
+	buf := make([]KinfoProc, n/SizeofKinfoProc)
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&buf[0])), &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n%SizeofKinfoProc != 0 {
+		return nil, fmt.Errorf("sysctl() returned a size of %d, which is not a multiple of %d", n, SizeofKinfoProc)
+	}
+
+	// The actual call may return less than the original reported required
+	// size so ensure we deal with that.
+	return buf[:n/SizeofKinfoProc], nil
+}
+
+//sys	sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error)
+
+//sys	shmat(id int, addr uintptr, flag int) (ret uintptr, err error)
+//sys	shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error)
+//sys	shmdt(addr uintptr) (err error)
+//sys	shmget(key int, size int, flag int) (id int, err error)
+
 /*
  * Exposed directly
  */
@@ -397,7 +479,10 @@ func Uname(uname *Utsname) error {
 //sys	Chmod(path string, mode uint32) (err error)
 //sys	Chown(path string, uid int, gid int) (err error)
 //sys	Chroot(path string) (err error)
+//sys	ClockGettime(clockid int32, time *Timespec) (err error)
 //sys	Close(fd int) (err error)
+//sys	Clonefile(src string, dst string, flags int) (err error)
+//sys	Clonefileat(srcDirfd int, src string, dstDirfd int, dst string, flags int) (err error)
 //sys	Dup(fd int) (nfd int, err error)
 //sys	Dup2(from int, to int) (err error)
 //sys	Exchangedata(path1 string, path2 string, options int) (err error)
@@ -409,14 +494,12 @@ func Uname(uname *Utsname) error {
 //sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
 //sys	Fchown(fd int, uid int, gid int) (err error)
 //sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Fclonefileat(srcDirfd int, dstDirfd int, dst string, flags int) (err error)
 //sys	Flock(fd int, how int) (err error)
 //sys	Fpathconf(fd int, name int) (val int, err error)
-//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
-//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
-//sys	Fstatfs(fd int, stat *Statfs_t) (err error) = SYS_FSTATFS64
 //sys	Fsync(fd int) (err error)
 //sys	Ftruncate(fd int, length int64) (err error)
-//sys	Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) = SYS_GETDIRENTRIES64
+//sys	Getcwd(buf []byte) (n int, err error)
 //sys	Getdtablesize() (size int)
 //sysnb	Getegid() (egid int)
 //sysnb	Geteuid() (uid int)
@@ -429,6 +512,7 @@ func Uname(uname *Utsname) error {
 //sysnb	Getrlimit(which int, lim *Rlimit) (err error)
 //sysnb	Getrusage(who int, rusage *Rusage) (err error)
 //sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Gettimeofday(tp *Timeval) (err error)
 //sysnb	Getuid() (uid int)
 //sysnb	Issetugid() (tainted bool)
 //sys	Kqueue() (fd int, err error)
@@ -436,7 +520,6 @@ func Uname(uname *Utsname) error {
 //sys	Link(path string, link string) (err error)
 //sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
 //sys	Listen(s int, backlog int) (err error)
-//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
 //sys	Mkdir(path string, mode uint32) (err error)
 //sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
 //sys	Mkfifo(path string, mode uint32) (err error)
@@ -454,7 +537,7 @@ func Uname(uname *Utsname) error {
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sys	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)
@@ -468,8 +551,6 @@ func Uname(uname *Utsname) error {
 //sysnb	Setsid() (pid int, err error)
 //sysnb	Settimeofday(tp *Timeval) (err error)
 //sysnb	Setuid(uid int) (err error)
-//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
-//sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64
 //sys	Symlink(path string, link string) (err error)
 //sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
 //sys	Sync() (err error)
@@ -480,8 +561,8 @@ func Uname(uname *Utsname) error {
 //sys	Unlinkat(dirfd int, path string, flags int) (err error)
 //sys	Unmount(path string, flags int) (err error)
 //sys	write(fd int, p []byte) (n int, err error)
-//sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
-//sys   munmap(addr uintptr, length uintptr) (err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys	munmap(addr uintptr, length uintptr) (err error)
 //sys	readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
 //sys	writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE
 
@@ -529,10 +610,6 @@ func Uname(uname *Utsname) error {
 // Watchevent
 // Waitevent
 // Modwatch
-// Fgetxattr
-// Fsetxattr
-// Fremovexattr
-// Flistxattr
 // Fsctl
 // Initgroups
 // Posix_spawn
@@ -549,10 +626,6 @@ func Uname(uname *Utsname) error {
 // Msgget
 // Msgsnd
 // Msgrcv
-// Shmat
-// Shmctl
-// Shmdt
-// Shmget
 // Shm_open
 // Shm_unlink
 // Sem_open
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_386.go b/vendor/golang.org/x/sys/unix/syscall_darwin_386.go
deleted file mode 100644
index b3ac109a2f42d..0000000000000
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_386.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build 386,darwin
-
-package unix
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-func setTimespec(sec, nsec int64) Timespec {
-	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
-}
-
-func setTimeval(sec, usec int64) Timeval {
-	return Timeval{Sec: int32(sec), Usec: int32(usec)}
-}
-
-//sysnb	gettimeofday(tp *Timeval) (sec int32, usec int32, err error)
-func Gettimeofday(tv *Timeval) (err error) {
-	// The tv passed to gettimeofday must be non-nil
-	// but is otherwise unused. The answers come back
-	// in the two registers.
-	sec, usec, err := gettimeofday(tv)
-	tv.Sec = int32(sec)
-	tv.Usec = int32(usec)
-	return err
-}
-
-func SetKevent(k *Kevent_t, fd, mode, flags int) {
-	k.Ident = uint32(fd)
-	k.Filter = int16(mode)
-	k.Flags = uint16(flags)
-}
-
-func (iov *Iovec) SetLen(length int) {
-	iov.Len = uint32(length)
-}
-
-func (msghdr *Msghdr) SetControllen(length int) {
-	msghdr.Controllen = uint32(length)
-}
-
-func (cmsg *Cmsghdr) SetLen(length int) {
-	cmsg.Len = uint32(length)
-}
-
-func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
-	var length = uint64(count)
-
-	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(*offset>>32), uintptr(unsafe.Pointer(&length)), 0, 0, 0, 0)
-
-	written = int(length)
-
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
-// of darwin/386 the syscall is called sysctl instead of __sysctl.
-const SYS___SYSCTL = SYS_SYSCTL
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index 75219444a8d26..b37310ce9b405 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -2,14 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build amd64 && darwin
 // +build amd64,darwin
 
 package unix
 
-import (
-	"syscall"
-	"unsafe"
-)
+import "syscall"
 
 func setTimespec(sec, nsec int64) Timespec {
 	return Timespec{Sec: sec, Nsec: nsec}
@@ -19,17 +17,6 @@ func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: sec, Usec: int32(usec)}
 }
 
-//sysnb	gettimeofday(tp *Timeval) (sec int64, usec int32, err error)
-func Gettimeofday(tv *Timeval) (err error) {
-	// The tv passed to gettimeofday must be non-nil
-	// but is otherwise unused. The answers come back
-	// in the two registers.
-	sec, usec, err := gettimeofday(tv)
-	tv.Sec = sec
-	tv.Usec = usec
-	return err
-}
-
 func SetKevent(k *Kevent_t, fd, mode, flags int) {
 	k.Ident = uint64(fd)
 	k.Filter = int16(mode)
@@ -44,25 +31,21 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
-func (cmsg *Cmsghdr) SetLen(length int) {
-	cmsg.Len = uint32(length)
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
 }
 
-func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
-	var length = uint64(count)
-
-	_, _, e1 := Syscall6(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(unsafe.Pointer(&length)), 0, 0)
-
-	written = int(length)
-
-	if e1 != 0 {
-		err = e1
-	}
-	return
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
-// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
-// of darwin/amd64 the syscall is called sysctl instead of __sysctl.
-const SYS___SYSCTL = SYS_SYSCTL
+//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys	Fstatfs(fd int, stat *Statfs_t) (err error) = SYS_FSTATFS64
+//sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
+//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys	ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+//sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm.go
deleted file mode 100644
index faae207a47803..0000000000000
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm.go
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package unix
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-func setTimespec(sec, nsec int64) Timespec {
-	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
-}
-
-func setTimeval(sec, usec int64) Timeval {
-	return Timeval{Sec: int32(sec), Usec: int32(usec)}
-}
-
-//sysnb	gettimeofday(tp *Timeval) (sec int32, usec int32, err error)
-func Gettimeofday(tv *Timeval) (err error) {
-	// The tv passed to gettimeofday must be non-nil
-	// but is otherwise unused. The answers come back
-	// in the two registers.
-	sec, usec, err := gettimeofday(tv)
-	tv.Sec = int32(sec)
-	tv.Usec = int32(usec)
-	return err
-}
-
-func SetKevent(k *Kevent_t, fd, mode, flags int) {
-	k.Ident = uint32(fd)
-	k.Filter = int16(mode)
-	k.Flags = uint16(flags)
-}
-
-func (iov *Iovec) SetLen(length int) {
-	iov.Len = uint32(length)
-}
-
-func (msghdr *Msghdr) SetControllen(length int) {
-	msghdr.Controllen = uint32(length)
-}
-
-func (cmsg *Cmsghdr) SetLen(length int) {
-	cmsg.Len = uint32(length)
-}
-
-func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
-	var length = uint64(count)
-
-	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(*offset>>32), uintptr(unsafe.Pointer(&length)), 0, 0, 0, 0)
-
-	written = int(length)
-
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) // sic
-
-// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
-// of darwin/arm the syscall is called sysctl instead of __sysctl.
-const SYS___SYSCTL = SYS_SYSCTL
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d6d962801426b..d51ec996304e7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -2,14 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build arm64 && darwin
 // +build arm64,darwin
 
 package unix
 
-import (
-	"syscall"
-	"unsafe"
-)
+import "syscall"
 
 func setTimespec(sec, nsec int64) Timespec {
 	return Timespec{Sec: sec, Nsec: nsec}
@@ -19,17 +17,6 @@ func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: sec, Usec: int32(usec)}
 }
 
-//sysnb	gettimeofday(tp *Timeval) (sec int64, usec int32, err error)
-func Gettimeofday(tv *Timeval) (err error) {
-	// The tv passed to gettimeofday must be non-nil
-	// but is otherwise unused. The answers come back
-	// in the two registers.
-	sec, usec, err := gettimeofday(tv)
-	tv.Sec = sec
-	tv.Usec = usec
-	return err
-}
-
 func SetKevent(k *Kevent_t, fd, mode, flags int) {
 	k.Ident = uint64(fd)
 	k.Filter = int16(mode)
@@ -44,25 +31,21 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
-func (cmsg *Cmsghdr) SetLen(length int) {
-	cmsg.Len = uint32(length)
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
 }
 
-func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
-	var length = uint64(count)
-
-	_, _, e1 := Syscall6(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(unsafe.Pointer(&length)), 0, 0)
-
-	written = int(length)
-
-	if e1 != 0 {
-		err = e1
-	}
-	return
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) // sic
 
-// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
-// of darwin/arm64 the syscall is called sysctl instead of __sysctl.
-const SYS___SYSCTL = SYS_SYSCTL
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatfs(fd int, stat *Statfs_t) (err error)
+//sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statfs(path string, stat *Statfs_t) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
new file mode 100644
index 0000000000000..53c96641f8130
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin && go1.12
+// +build darwin,go1.12
+
+package unix
+
+import _ "unsafe"
+
+// Implemented in the runtime package (runtime/sys_darwin.go)
+func syscall_syscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall6X(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall9(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno) // 32-bit only
+func syscall_rawSyscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_rawSyscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscallPtr(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+
+//go:linkname syscall_syscall syscall.syscall
+//go:linkname syscall_syscall6 syscall.syscall6
+//go:linkname syscall_syscall6X syscall.syscall6X
+//go:linkname syscall_syscall9 syscall.syscall9
+//go:linkname syscall_rawSyscall syscall.rawSyscall
+//go:linkname syscall_rawSyscall6 syscall.rawSyscall6
+//go:linkname syscall_syscallPtr syscall.syscallPtr
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
index e34abe29df886..5af108a50385e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -12,7 +12,25 @@
 
 package unix
 
-import "unsafe"
+import (
+	"sync"
+	"unsafe"
+)
+
+// See version list in https://github.com/DragonFlyBSD/DragonFlyBSD/blob/master/sys/sys/param.h
+var (
+	osreldateOnce sync.Once
+	osreldate     uint32
+)
+
+// First __DragonFly_version after September 2019 ABI changes
+// http://lists.dragonflybsd.org/pipermail/users/2019-September/358280.html
+const _dragonflyABIChangeVersion = 500705
+
+func supportsABI(ver uint32) bool {
+	osreldateOnce.Do(func() { osreldate, _ = SysctlUint32("kern.osreldate") })
+	return osreldate >= ver
+}
 
 // SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
 type SockaddrDatalink struct {
@@ -29,6 +47,10 @@ type SockaddrDatalink struct {
 	raw    RawSockaddrDatalink
 }
 
+func anyToSockaddrGOOS(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	return nil, EAFNOSUPPORT
+}
+
 // Translate "kern.hostname" to []_C_int{0,1,2,3}.
 func nametomib(name string) (mib []_C_int, err error) {
 	const siz = unsafe.Sizeof(mib[0])
@@ -57,7 +79,23 @@ func nametomib(name string) (mib []_C_int, err error) {
 	return buf[0 : n/siz], nil
 }
 
-//sysnb pipe() (r int, w int, err error)
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Fileno), unsafe.Sizeof(Dirent{}.Fileno))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	namlen, ok := direntNamlen(buf)
+	if !ok {
+		return 0, false
+	}
+	return (16 + namlen + 1 + 7) &^ 7, true
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
+//sysnb	pipe() (r int, w int, err error)
 
 func Pipe(p []int) (err error) {
 	if len(p) != 2 {
@@ -67,6 +105,19 @@ func Pipe(p []int) (err error) {
 	return
 }
 
+//sysnb	pipe2(p *[2]_C_int, flags int) (r int, w int, err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	// pipe2 on dragonfly takes an fds array as an argument, but still
+	// returns the file descriptors.
+	p[0], p[1], err = pipe2(&pp, flags)
+	return err
+}
+
 //sys	extpread(fd int, p []byte, flags int, offset int64) (n int, err error)
 func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	return extpread(fd, p, 0, offset)
@@ -95,23 +146,8 @@ func Accept4(fd, flags int) (nfd int, sa Sockaddr, err error) {
 	return
 }
 
-const ImplementsGetwd = true
-
 //sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
 
-func Getwd() (string, error) {
-	var buf [PathMax]byte
-	_, err := Getcwd(buf[0:])
-	if err != nil {
-		return "", err
-	}
-	n := clen(buf[:])
-	if n < 1 {
-		return "", EINVAL
-	}
-	return string(buf[:n]), nil
-}
-
 func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	var bufsize uintptr
@@ -134,42 +170,7 @@ func setattrlistTimes(path string, times []Timespec, flags int) error {
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
 
-// ioctl itself should not be exposed directly, but additional get/set
-// functions for specific types are permissible.
-
-// IoctlSetInt performs an ioctl operation which sets an integer value
-// on fd, using the specified request number.
-func IoctlSetInt(fd int, req uint, value int) error {
-	return ioctl(fd, req, uintptr(value))
-}
-
-func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-func IoctlSetTermios(fd int, req uint, value *Termios) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-// IoctlGetInt performs an ioctl operation which gets an integer value
-// from fd, using the specified request number.
-func IoctlGetInt(fd int, req uint) (int, error) {
-	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return value, err
-}
-
-func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
-	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-func IoctlGetTermios(fd int, req uint) (*Termios, error) {
-	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
+//sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
 func sysctlUname(mib []_C_int, old *byte, oldlen *uintptr) error {
 	err := sysctl(mib, old, oldlen, nil, 0)
@@ -234,6 +235,13 @@ func Uname(uname *Utsname) error {
 	return nil
 }
 
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
 /*
  * Exposed directly
  */
@@ -248,11 +256,13 @@ func Uname(uname *Utsname) error {
 //sys	Dup(fd int) (nfd int, err error)
 //sys	Dup2(from int, to int) (err error)
 //sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
 //sys	Fchdir(fd int) (err error)
 //sys	Fchflags(fd int, flags int) (err error)
 //sys	Fchmod(fd int, mode uint32) (err error)
 //sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
 //sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
 //sys	Flock(fd int, how int) (err error)
 //sys	Fpathconf(fd int, name int) (val int, err error)
 //sys	Fstat(fd int, stat *Stat_t) (err error)
@@ -260,6 +270,7 @@ func Uname(uname *Utsname) error {
 //sys	Fstatfs(fd int, stat *Statfs_t) (err error)
 //sys	Fsync(fd int) (err error)
 //sys	Ftruncate(fd int, length int64) (err error)
+//sys	Getdents(fd int, buf []byte) (n int, err error)
 //sys	Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error)
 //sys	Getdtablesize() (size int)
 //sysnb	Getegid() (egid int)
@@ -280,21 +291,26 @@ func Uname(uname *Utsname) error {
 //sys	Kqueue() (fd int, err error)
 //sys	Lchown(path string, uid int, gid int) (err error)
 //sys	Link(path string, link string) (err error)
+//sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
 //sys	Listen(s int, backlog int) (err error)
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
 //sys	Mkfifo(path string, mode uint32) (err error)
 //sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(fd int, path string, mode uint32, dev int) (err error)
 //sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
 //sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
 //sys	Pathconf(path string, name int) (val int, err error)
 //sys	read(fd int, p []byte) (n int, err error)
 //sys	Readlink(path string, buf []byte) (n int, err error)
 //sys	Rename(from string, to string) (err error)
+//sys	Renameat(fromfd int, from string, tofd int, to string) (err error)
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)
@@ -312,15 +328,17 @@ func Uname(uname *Utsname) error {
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, stat *Statfs_t) (err error)
 //sys	Symlink(path string, link string) (err error)
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
 //sys	Sync() (err error)
 //sys	Truncate(path string, length int64) (err error)
 //sys	Umask(newmask int) (oldmask int)
 //sys	Undelete(path string) (err error)
 //sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
 //sys	Unmount(path string, flags int) (err error)
 //sys	write(fd int, p []byte) (n int, err error)
-//sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
-//sys   munmap(addr uintptr, length uintptr) (err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys	munmap(addr uintptr, length uintptr) (err error)
 //sys	readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
 //sys	writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE
 //sys	accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
index 9babb31ea751c..4e2d32120a894 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build amd64 && dragonfly
 // +build amd64,dragonfly
 
 package unix
@@ -33,6 +34,10 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index 5561a3eb76472..18c392cf3692f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -13,10 +13,34 @@
 package unix
 
 import (
-	"strings"
+	"sync"
 	"unsafe"
 )
 
+const (
+	SYS_FSTAT_FREEBSD12         = 551 // { int fstat(int fd, _Out_ struct stat *sb); }
+	SYS_FSTATAT_FREEBSD12       = 552 // { int fstatat(int fd, _In_z_ char *path, \
+	SYS_GETDIRENTRIES_FREEBSD12 = 554 // { ssize_t getdirentries(int fd, \
+	SYS_STATFS_FREEBSD12        = 555 // { int statfs(_In_z_ char *path, \
+	SYS_FSTATFS_FREEBSD12       = 556 // { int fstatfs(int fd, \
+	SYS_GETFSSTAT_FREEBSD12     = 557 // { int getfsstat( \
+	SYS_MKNODAT_FREEBSD12       = 559 // { int mknodat(int fd, _In_z_ char *path, \
+)
+
+// See https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/versions.html.
+var (
+	osreldateOnce sync.Once
+	osreldate     uint32
+)
+
+// INO64_FIRST from /usr/src/lib/libc/sys/compat-ino64.h
+const _ino64First = 1200031
+
+func supportsABI(ver uint32) bool {
+	osreldateOnce.Do(func() { osreldate, _ = SysctlUint32("kern.osreldate") })
+	return osreldate >= ver
+}
+
 // SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
 type SockaddrDatalink struct {
 	Len    uint8
@@ -30,6 +54,10 @@ type SockaddrDatalink struct {
 	raw    RawSockaddrDatalink
 }
 
+func anyToSockaddrGOOS(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	return nil, EAFNOSUPPORT
+}
+
 // Translate "kern.hostname" to []_C_int{0,1,2,3}.
 func nametomib(name string) (mib []_C_int, err error) {
 	const siz = unsafe.Sizeof(mib[0])
@@ -58,14 +86,33 @@ func nametomib(name string) (mib []_C_int, err error) {
 	return buf[0 : n/siz], nil
 }
 
-//sysnb pipe() (r int, w int, err error)
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Fileno), unsafe.Sizeof(Dirent{}.Fileno))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
 
 func Pipe(p []int) (err error) {
+	return Pipe2(p, 0)
+}
+
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) error {
 	if len(p) != 2 {
 		return EINVAL
 	}
-	p[0], p[1], err = pipe()
-	return
+	var pp [2]_C_int
+	err := pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return err
 }
 
 func GetsockoptIPMreqn(fd, level, opt int) (*IPMreqn, error) {
@@ -79,6 +126,15 @@ func SetsockoptIPMreqn(fd, level, opt int, mreq *IPMreqn) (err error) {
 	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), unsafe.Sizeof(*mreq))
 }
 
+// GetsockoptXucred is a getsockopt wrapper that returns an Xucred struct.
+// The usual level and opt are SOL_LOCAL and LOCAL_PEERCRED, respectively.
+func GetsockoptXucred(fd, level, opt int) (*Xucred, error) {
+	x := new(Xucred)
+	vallen := _Socklen(SizeofXucred)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(x), &vallen)
+	return x, err
+}
+
 func Accept4(fd, flags int) (nfd int, sa Sockaddr, err error) {
 	var rsa RawSockaddrAny
 	var len _Socklen = SizeofSockaddrAny
@@ -97,35 +153,42 @@ func Accept4(fd, flags int) (nfd int, sa Sockaddr, err error) {
 	return
 }
 
-const ImplementsGetwd = true
-
 //sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
 
-func Getwd() (string, error) {
-	var buf [PathMax]byte
-	_, err := Getcwd(buf[0:])
-	if err != nil {
-		return "", err
-	}
-	n := clen(buf[:])
-	if n < 1 {
-		return "", EINVAL
-	}
-	return string(buf[:n]), nil
-}
-
 func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	var bufsize uintptr
+	var (
+		_p0          unsafe.Pointer
+		bufsize      uintptr
+		oldBuf       []statfs_freebsd11_t
+		needsConvert bool
+	)
+
 	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
+		if supportsABI(_ino64First) {
+			_p0 = unsafe.Pointer(&buf[0])
+			bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
+		} else {
+			n := len(buf)
+			oldBuf = make([]statfs_freebsd11_t, n)
+			_p0 = unsafe.Pointer(&oldBuf[0])
+			bufsize = unsafe.Sizeof(statfs_freebsd11_t{}) * uintptr(n)
+			needsConvert = true
+		}
 	}
-	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
+	var sysno uintptr = SYS_GETFSSTAT
+	if supportsABI(_ino64First) {
+		sysno = SYS_GETFSSTAT_FREEBSD12
+	}
+	r0, _, e1 := Syscall(sysno, uintptr(_p0), bufsize, uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = e1
 	}
+	if e1 == 0 && needsConvert {
+		for i := range oldBuf {
+			buf[i].convertFrom(&oldBuf[i])
+		}
+	}
 	return
 }
 
@@ -134,308 +197,362 @@ func setattrlistTimes(path string, times []Timespec, flags int) error {
 	return ENOSYS
 }
 
-// Derive extattr namespace and attribute name
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
 
-func xattrnamespace(fullattr string) (ns int, attr string, err error) {
-	s := strings.IndexByte(fullattr, '.')
-	if s == -1 {
-		return -1, "", ENOATTR
-	}
+//sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
-	namespace := fullattr[0:s]
-	attr = fullattr[s+1:]
+func Uname(uname *Utsname) error {
+	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
+	n := unsafe.Sizeof(uname.Sysname)
+	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
+		return err
+	}
 
-	switch namespace {
-	case "user":
-		return EXTATTR_NAMESPACE_USER, attr, nil
-	case "system":
-		return EXTATTR_NAMESPACE_SYSTEM, attr, nil
-	default:
-		return -1, "", ENOATTR
+	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
+	n = unsafe.Sizeof(uname.Nodename)
+	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
+		return err
 	}
-}
 
-func initxattrdest(dest []byte, idx int) (d unsafe.Pointer) {
-	if len(dest) > idx {
-		return unsafe.Pointer(&dest[idx])
-	} else {
-		return unsafe.Pointer(_zero)
+	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
+	n = unsafe.Sizeof(uname.Release)
+	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
+		return err
 	}
-}
 
-// FreeBSD implements its own syscalls to handle extended attributes
+	mib = []_C_int{CTL_KERN, KERN_VERSION}
+	n = unsafe.Sizeof(uname.Version)
+	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
+		return err
+	}
 
-func Getxattr(file string, attr string, dest []byte) (sz int, err error) {
-	d := initxattrdest(dest, 0)
-	destsize := len(dest)
+	// The version might have newlines or tabs in it, convert them to
+	// spaces.
+	for i, b := range uname.Version {
+		if b == '\n' || b == '\t' {
+			if i == len(uname.Version)-1 {
+				uname.Version[i] = 0
+			} else {
+				uname.Version[i] = ' '
+			}
+		}
+	}
 
-	nsid, a, err := xattrnamespace(attr)
-	if err != nil {
-		return -1, err
+	mib = []_C_int{CTL_HW, HW_MACHINE}
+	n = unsafe.Sizeof(uname.Machine)
+	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
+		return err
 	}
 
-	return ExtattrGetFile(file, nsid, a, uintptr(d), destsize)
+	return nil
 }
 
-func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
-	d := initxattrdest(dest, 0)
-	destsize := len(dest)
-
-	nsid, a, err := xattrnamespace(attr)
+func Stat(path string, st *Stat_t) (err error) {
+	var oldStat stat_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstatat_freebsd12(AT_FDCWD, path, st, 0)
+	}
+	err = stat(path, &oldStat)
 	if err != nil {
-		return -1, err
+		return err
 	}
 
-	return ExtattrGetFd(fd, nsid, a, uintptr(d), destsize)
+	st.convertFrom(&oldStat)
+	return nil
 }
 
-func Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
-	d := initxattrdest(dest, 0)
-	destsize := len(dest)
-
-	nsid, a, err := xattrnamespace(attr)
+func Lstat(path string, st *Stat_t) (err error) {
+	var oldStat stat_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstatat_freebsd12(AT_FDCWD, path, st, AT_SYMLINK_NOFOLLOW)
+	}
+	err = lstat(path, &oldStat)
 	if err != nil {
-		return -1, err
+		return err
 	}
 
-	return ExtattrGetLink(link, nsid, a, uintptr(d), destsize)
+	st.convertFrom(&oldStat)
+	return nil
 }
 
-// flags are unused on FreeBSD
-
-func Fsetxattr(fd int, attr string, data []byte, flags int) (err error) {
-	d := unsafe.Pointer(&data[0])
-	datasiz := len(data)
-
-	nsid, a, err := xattrnamespace(attr)
+func Fstat(fd int, st *Stat_t) (err error) {
+	var oldStat stat_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstat_freebsd12(fd, st)
+	}
+	err = fstat(fd, &oldStat)
 	if err != nil {
-		return
+		return err
 	}
 
-	_, err = ExtattrSetFd(fd, nsid, a, uintptr(d), datasiz)
-	return
+	st.convertFrom(&oldStat)
+	return nil
 }
 
-func Setxattr(file string, attr string, data []byte, flags int) (err error) {
-	d := unsafe.Pointer(&data[0])
-	datasiz := len(data)
-
-	nsid, a, err := xattrnamespace(attr)
+func Fstatat(fd int, path string, st *Stat_t, flags int) (err error) {
+	var oldStat stat_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstatat_freebsd12(fd, path, st, flags)
+	}
+	err = fstatat(fd, path, &oldStat, flags)
 	if err != nil {
-		return
+		return err
 	}
 
-	_, err = ExtattrSetFile(file, nsid, a, uintptr(d), datasiz)
-	return
+	st.convertFrom(&oldStat)
+	return nil
 }
 
-func Lsetxattr(link string, attr string, data []byte, flags int) (err error) {
-	d := unsafe.Pointer(&data[0])
-	datasiz := len(data)
-
-	nsid, a, err := xattrnamespace(attr)
+func Statfs(path string, st *Statfs_t) (err error) {
+	var oldStatfs statfs_freebsd11_t
+	if supportsABI(_ino64First) {
+		return statfs_freebsd12(path, st)
+	}
+	err = statfs(path, &oldStatfs)
 	if err != nil {
-		return
+		return err
 	}
 
-	_, err = ExtattrSetLink(link, nsid, a, uintptr(d), datasiz)
-	return
+	st.convertFrom(&oldStatfs)
+	return nil
 }
 
-func Removexattr(file string, attr string) (err error) {
-	nsid, a, err := xattrnamespace(attr)
+func Fstatfs(fd int, st *Statfs_t) (err error) {
+	var oldStatfs statfs_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstatfs_freebsd12(fd, st)
+	}
+	err = fstatfs(fd, &oldStatfs)
 	if err != nil {
-		return
+		return err
 	}
 
-	err = ExtattrDeleteFile(file, nsid, a)
-	return
+	st.convertFrom(&oldStatfs)
+	return nil
 }
 
-func Fremovexattr(fd int, attr string) (err error) {
-	nsid, a, err := xattrnamespace(attr)
-	if err != nil {
+func Getdents(fd int, buf []byte) (n int, err error) {
+	return Getdirentries(fd, buf, nil)
+}
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	if supportsABI(_ino64First) {
+		if basep == nil || unsafe.Sizeof(*basep) == 8 {
+			return getdirentries_freebsd12(fd, buf, (*uint64)(unsafe.Pointer(basep)))
+		}
+		// The freebsd12 syscall needs a 64-bit base. On 32-bit machines
+		// we can't just use the basep passed in. See #32498.
+		var base uint64 = uint64(*basep)
+		n, err = getdirentries_freebsd12(fd, buf, &base)
+		*basep = uintptr(base)
+		if base>>32 != 0 {
+			// We can't stuff the base back into a uintptr, so any
+			// future calls would be suspect. Generate an error.
+			// EIO is allowed by getdirentries.
+			err = EIO
+		}
 		return
 	}
 
-	err = ExtattrDeleteFd(fd, nsid, a)
+	// The old syscall entries are smaller than the new. Use 1/4 of the original
+	// buffer size rounded up to DIRBLKSIZ (see /usr/src/lib/libc/sys/getdirentries.c).
+	oldBufLen := roundup(len(buf)/4, _dirblksiz)
+	oldBuf := make([]byte, oldBufLen)
+	n, err = getdirentries(fd, oldBuf, basep)
+	if err == nil && n > 0 {
+		n = convertFromDirents11(buf, oldBuf[:n])
+	}
 	return
 }
 
-func Lremovexattr(link string, attr string) (err error) {
-	nsid, a, err := xattrnamespace(attr)
-	if err != nil {
-		return
+func Mknod(path string, mode uint32, dev uint64) (err error) {
+	var oldDev int
+	if supportsABI(_ino64First) {
+		return mknodat_freebsd12(AT_FDCWD, path, mode, dev)
 	}
+	oldDev = int(dev)
+	return mknod(path, mode, oldDev)
+}
 
-	err = ExtattrDeleteLink(link, nsid, a)
-	return
+func Mknodat(fd int, path string, mode uint32, dev uint64) (err error) {
+	var oldDev int
+	if supportsABI(_ino64First) {
+		return mknodat_freebsd12(fd, path, mode, dev)
+	}
+	oldDev = int(dev)
+	return mknodat(fd, path, mode, oldDev)
 }
 
-func Listxattr(file string, dest []byte) (sz int, err error) {
-	d := initxattrdest(dest, 0)
-	destsiz := len(dest)
-
-	// FreeBSD won't allow you to list xattrs from multiple namespaces
-	s := 0
-	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
-		stmp, e := ExtattrListFile(file, nsid, uintptr(d), destsiz)
-
-		/* Errors accessing system attrs are ignored so that
-		 * we can implement the Linux-like behavior of omitting errors that
-		 * we don't have read permissions on
-		 *
-		 * Linux will still error if we ask for user attributes on a file that
-		 * we don't have read permissions on, so don't ignore those errors
-		 */
-		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
-			continue
-		} else if e != nil {
-			return s, e
-		}
+// round x to the nearest multiple of y, larger or equal to x.
+//
+// from /usr/include/sys/param.h Macros for counting and rounding.
+// #define roundup(x, y)   ((((x)+((y)-1))/(y))*(y))
+func roundup(x, y int) int {
+	return ((x + y - 1) / y) * y
+}
 
-		s += stmp
-		destsiz -= s
-		if destsiz < 0 {
-			destsiz = 0
-		}
-		d = initxattrdest(dest, s)
+func (s *Stat_t) convertFrom(old *stat_freebsd11_t) {
+	*s = Stat_t{
+		Dev:     uint64(old.Dev),
+		Ino:     uint64(old.Ino),
+		Nlink:   uint64(old.Nlink),
+		Mode:    old.Mode,
+		Uid:     old.Uid,
+		Gid:     old.Gid,
+		Rdev:    uint64(old.Rdev),
+		Atim:    old.Atim,
+		Mtim:    old.Mtim,
+		Ctim:    old.Ctim,
+		Btim:    old.Btim,
+		Size:    old.Size,
+		Blocks:  old.Blocks,
+		Blksize: old.Blksize,
+		Flags:   old.Flags,
+		Gen:     uint64(old.Gen),
 	}
-
-	return s, nil
 }
 
-func Flistxattr(fd int, dest []byte) (sz int, err error) {
-	d := initxattrdest(dest, 0)
-	destsiz := len(dest)
+func (s *Statfs_t) convertFrom(old *statfs_freebsd11_t) {
+	*s = Statfs_t{
+		Version:     _statfsVersion,
+		Type:        old.Type,
+		Flags:       old.Flags,
+		Bsize:       old.Bsize,
+		Iosize:      old.Iosize,
+		Blocks:      old.Blocks,
+		Bfree:       old.Bfree,
+		Bavail:      old.Bavail,
+		Files:       old.Files,
+		Ffree:       old.Ffree,
+		Syncwrites:  old.Syncwrites,
+		Asyncwrites: old.Asyncwrites,
+		Syncreads:   old.Syncreads,
+		Asyncreads:  old.Asyncreads,
+		// Spare
+		Namemax: old.Namemax,
+		Owner:   old.Owner,
+		Fsid:    old.Fsid,
+		// Charspare
+		// Fstypename
+		// Mntfromname
+		// Mntonname
+	}
 
-	s := 0
-	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
-		stmp, e := ExtattrListFd(fd, nsid, uintptr(d), destsiz)
-		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
-			continue
-		} else if e != nil {
-			return s, e
-		}
+	sl := old.Fstypename[:]
+	n := clen(*(*[]byte)(unsafe.Pointer(&sl)))
+	copy(s.Fstypename[:], old.Fstypename[:n])
 
-		s += stmp
-		destsiz -= s
-		if destsiz < 0 {
-			destsiz = 0
-		}
-		d = initxattrdest(dest, s)
-	}
+	sl = old.Mntfromname[:]
+	n = clen(*(*[]byte)(unsafe.Pointer(&sl)))
+	copy(s.Mntfromname[:], old.Mntfromname[:n])
 
-	return s, nil
+	sl = old.Mntonname[:]
+	n = clen(*(*[]byte)(unsafe.Pointer(&sl)))
+	copy(s.Mntonname[:], old.Mntonname[:n])
 }
 
-func Llistxattr(link string, dest []byte) (sz int, err error) {
-	d := initxattrdest(dest, 0)
-	destsiz := len(dest)
-
-	s := 0
-	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
-		stmp, e := ExtattrListLink(link, nsid, uintptr(d), destsiz)
-		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
-			continue
-		} else if e != nil {
-			return s, e
+func convertFromDirents11(buf []byte, old []byte) int {
+	const (
+		fixedSize    = int(unsafe.Offsetof(Dirent{}.Name))
+		oldFixedSize = int(unsafe.Offsetof(dirent_freebsd11{}.Name))
+	)
+
+	dstPos := 0
+	srcPos := 0
+	for dstPos+fixedSize < len(buf) && srcPos+oldFixedSize < len(old) {
+		var dstDirent Dirent
+		var srcDirent dirent_freebsd11
+
+		// If multiple direntries are written, sometimes when we reach the final one,
+		// we may have cap of old less than size of dirent_freebsd11.
+		copy((*[unsafe.Sizeof(srcDirent)]byte)(unsafe.Pointer(&srcDirent))[:], old[srcPos:])
+
+		reclen := roundup(fixedSize+int(srcDirent.Namlen)+1, 8)
+		if dstPos+reclen > len(buf) {
+			break
 		}
 
-		s += stmp
-		destsiz -= s
-		if destsiz < 0 {
-			destsiz = 0
+		dstDirent.Fileno = uint64(srcDirent.Fileno)
+		dstDirent.Off = 0
+		dstDirent.Reclen = uint16(reclen)
+		dstDirent.Type = srcDirent.Type
+		dstDirent.Pad0 = 0
+		dstDirent.Namlen = uint16(srcDirent.Namlen)
+		dstDirent.Pad1 = 0
+
+		copy(dstDirent.Name[:], srcDirent.Name[:srcDirent.Namlen])
+		copy(buf[dstPos:], (*[unsafe.Sizeof(dstDirent)]byte)(unsafe.Pointer(&dstDirent))[:])
+		padding := buf[dstPos+fixedSize+int(dstDirent.Namlen) : dstPos+reclen]
+		for i := range padding {
+			padding[i] = 0
 		}
-		d = initxattrdest(dest, s)
+
+		dstPos += int(dstDirent.Reclen)
+		srcPos += int(srcDirent.Reclen)
 	}
 
-	return s, nil
+	return dstPos
 }
 
-//sys   ioctl(fd int, req uint, arg uintptr) (err error)
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
 
-// ioctl itself should not be exposed directly, but additional get/set
-// functions for specific types are permissible.
+//sys	ptrace(request int, pid int, addr uintptr, data int) (err error)
 
-// IoctlSetInt performs an ioctl operation which sets an integer value
-// on fd, using the specified request number.
-func IoctlSetInt(fd int, req uint, value int) error {
-	return ioctl(fd, req, uintptr(value))
+func PtraceAttach(pid int) (err error) {
+	return ptrace(PTRACE_ATTACH, pid, 0, 0)
 }
 
-func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+func PtraceCont(pid int, signal int) (err error) {
+	return ptrace(PTRACE_CONT, pid, 1, signal)
 }
 
-func IoctlSetTermios(fd int, req uint, value *Termios) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+func PtraceDetach(pid int) (err error) {
+	return ptrace(PTRACE_DETACH, pid, 1, 0)
 }
 
-// IoctlGetInt performs an ioctl operation which gets an integer value
-// from fd, using the specified request number.
-func IoctlGetInt(fd int, req uint) (int, error) {
-	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return value, err
+func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) {
+	return ptrace(PTRACE_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0)
 }
 
-func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
-	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
+func PtraceGetRegs(pid int, regsout *Reg) (err error) {
+	return ptrace(PTRACE_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0)
 }
 
-func IoctlGetTermios(fd int, req uint) (*Termios, error) {
-	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
+func PtraceLwpEvents(pid int, enable int) (err error) {
+	return ptrace(PTRACE_LWPEVENTS, pid, 0, enable)
 }
 
-func Uname(uname *Utsname) error {
-	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
-	n := unsafe.Sizeof(uname.Sysname)
-	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
-		return err
-	}
+func PtraceLwpInfo(pid int, info uintptr) (err error) {
+	return ptrace(PTRACE_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{})))
+}
 
-	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
-	n = unsafe.Sizeof(uname.Nodename)
-	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
-		return err
-	}
+func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) {
+	return PtraceIO(PIOD_READ_D, pid, addr, out, SizeofLong)
+}
 
-	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
-	n = unsafe.Sizeof(uname.Release)
-	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
-		return err
-	}
+func PtracePeekText(pid int, addr uintptr, out []byte) (count int, err error) {
+	return PtraceIO(PIOD_READ_I, pid, addr, out, SizeofLong)
+}
 
-	mib = []_C_int{CTL_KERN, KERN_VERSION}
-	n = unsafe.Sizeof(uname.Version)
-	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
-		return err
-	}
+func PtracePokeData(pid int, addr uintptr, data []byte) (count int, err error) {
+	return PtraceIO(PIOD_WRITE_D, pid, addr, data, SizeofLong)
+}
 
-	// The version might have newlines or tabs in it, convert them to
-	// spaces.
-	for i, b := range uname.Version {
-		if b == '\n' || b == '\t' {
-			if i == len(uname.Version)-1 {
-				uname.Version[i] = 0
-			} else {
-				uname.Version[i] = ' '
-			}
-		}
-	}
+func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) {
+	return PtraceIO(PIOD_WRITE_I, pid, addr, data, SizeofLong)
+}
 
-	mib = []_C_int{CTL_HW, HW_MACHINE}
-	n = unsafe.Sizeof(uname.Machine)
-	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
-		return err
-	}
+func PtraceSetRegs(pid int, regs *Reg) (err error) {
+	return ptrace(PTRACE_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0)
+}
 
-	return nil
+func PtraceSingleStep(pid int) (err error) {
+	return ptrace(PTRACE_SINGLESTEP, pid, 1, 0)
 }
 
 /*
@@ -477,13 +594,16 @@ func Uname(uname *Utsname) error {
 //sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
 //sys	Flock(fd int, how int) (err error)
 //sys	Fpathconf(fd int, name int) (val int, err error)
-//sys	Fstat(fd int, stat *Stat_t) (err error)
-//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
-//sys	Fstatfs(fd int, stat *Statfs_t) (err error)
+//sys	fstat(fd int, stat *stat_freebsd11_t) (err error)
+//sys	fstat_freebsd12(fd int, stat *Stat_t) (err error)
+//sys	fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error)
+//sys	fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	fstatfs(fd int, stat *statfs_freebsd11_t) (err error)
+//sys	fstatfs_freebsd12(fd int, stat *Statfs_t) (err error)
 //sys	Fsync(fd int) (err error)
 //sys	Ftruncate(fd int, length int64) (err error)
-//sys	Getdents(fd int, buf []byte) (n int, err error)
-//sys	Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error)
+//sys	getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error)
+//sys	getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error)
 //sys	Getdtablesize() (size int)
 //sysnb	Getegid() (egid int)
 //sysnb	Geteuid() (uid int)
@@ -505,11 +625,13 @@ func Uname(uname *Utsname) error {
 //sys	Link(path string, link string) (err error)
 //sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
 //sys	Listen(s int, backlog int) (err error)
-//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	lstat(path string, stat *stat_freebsd11_t) (err error)
 //sys	Mkdir(path string, mode uint32) (err error)
 //sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
 //sys	Mkfifo(path string, mode uint32) (err error)
-//sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	mknod(path string, mode uint32, dev int) (err error)
+//sys	mknodat(fd int, path string, mode uint32, dev int) (err error)
+//sys	mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error)
 //sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
 //sys	Open(path string, mode int, perm uint32) (fd int, err error)
 //sys	Openat(fdat int, path string, mode int, perm uint32) (fd int, err error)
@@ -524,7 +646,7 @@ func Uname(uname *Utsname) error {
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)
@@ -539,8 +661,9 @@ func Uname(uname *Utsname) error {
 //sysnb	Setsid() (pid int, err error)
 //sysnb	Settimeofday(tp *Timeval) (err error)
 //sysnb	Setuid(uid int) (err error)
-//sys	Stat(path string, stat *Stat_t) (err error)
-//sys	Statfs(path string, stat *Statfs_t) (err error)
+//sys	stat(path string, stat *stat_freebsd11_t) (err error)
+//sys	statfs(path string, stat *statfs_freebsd11_t) (err error)
+//sys	statfs_freebsd12(path string, stat *Statfs_t) (err error)
 //sys	Symlink(path string, link string) (err error)
 //sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
 //sys	Sync() (err error)
@@ -551,8 +674,8 @@ func Uname(uname *Utsname) error {
 //sys	Unlinkat(dirfd int, path string, flags int) (err error)
 //sys	Unmount(path string, flags int) (err error)
 //sys	write(fd int, p []byte) (n int, err error)
-//sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
-//sys   munmap(addr uintptr, length uintptr) (err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys	munmap(addr uintptr, length uintptr) (err error)
 //sys	readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
 //sys	writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE
 //sys	accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error)
@@ -595,6 +718,7 @@ func Uname(uname *Utsname) error {
 // Kqueue_portset
 // Getattrlist
 // Setattrlist
+// Getdents
 // Getdirentriesattr
 // Searchfs
 // Delete
@@ -602,14 +726,6 @@ func Uname(uname *Utsname) error {
 // Watchevent
 // Waitevent
 // Modwatch
-// Getxattr
-// Fgetxattr
-// Setxattr
-// Fsetxattr
-// Removexattr
-// Fremovexattr
-// Listxattr
-// Flistxattr
 // Fsctl
 // Initgroups
 // Posix_spawn
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index 21e03958cdc55..342fc32b1686a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build 386 && freebsd
 // +build 386,freebsd
 
 package unix
@@ -33,6 +34,10 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
@@ -50,3 +55,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
+	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
+}
+
+func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
+	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
+	return int(ioDesc.Len), err
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 9c945a657965a..a32d5aa4aed44 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build amd64 && freebsd
 // +build amd64,freebsd
 
 package unix
@@ -33,6 +34,10 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
@@ -50,3 +55,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
+	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
+}
+
+func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
+	return int(ioDesc.Len), err
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 5cd6243f2a06f..1e36d39abe018 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build arm && freebsd
 // +build arm,freebsd
 
 package unix
@@ -33,6 +34,10 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
@@ -50,3 +55,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
+	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
+	return int(ioDesc.Len), err
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
new file mode 100644
index 0000000000000..a09a1537bd6f3
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -0,0 +1,63 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build arm64 && freebsd
+// +build arm64,freebsd
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	var writtenOut uint64 = 0
+	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
+
+	written = int(writtenOut)
+
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
+	return int(ioDesc.Len), err
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go
new file mode 100644
index 0000000000000..8d5f294c42504
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -0,0 +1,186 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// illumos system calls not present on Solaris.
+
+//go:build amd64 && illumos
+// +build amd64,illumos
+
+package unix
+
+import (
+	"fmt"
+	"runtime"
+	"unsafe"
+)
+
+func bytes2iovec(bs [][]byte) []Iovec {
+	iovecs := make([]Iovec, len(bs))
+	for i, b := range bs {
+		iovecs[i].SetLen(len(b))
+		if len(b) > 0 {
+			// somehow Iovec.Base on illumos is (*int8), not (*byte)
+			iovecs[i].Base = (*int8)(unsafe.Pointer(&b[0]))
+		} else {
+			iovecs[i].Base = (*int8)(unsafe.Pointer(&_zero))
+		}
+	}
+	return iovecs
+}
+
+//sys	readv(fd int, iovs []Iovec) (n int, err error)
+
+func Readv(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = readv(fd, iovecs)
+	return n, err
+}
+
+//sys	preadv(fd int, iovs []Iovec, off int64) (n int, err error)
+
+func Preadv(fd int, iovs [][]byte, off int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = preadv(fd, iovecs, off)
+	return n, err
+}
+
+//sys	writev(fd int, iovs []Iovec) (n int, err error)
+
+func Writev(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = writev(fd, iovecs)
+	return n, err
+}
+
+//sys	pwritev(fd int, iovs []Iovec, off int64) (n int, err error)
+
+func Pwritev(fd int, iovs [][]byte, off int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = pwritev(fd, iovecs, off)
+	return n, err
+}
+
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) = libsocket.accept4
+
+func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept4(fd, &rsa, &len, flags)
+	if err != nil {
+		return
+	}
+	if len > SizeofSockaddrAny {
+		panic("RawSockaddrAny too small")
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+//sys	putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error)
+
+func Putmsg(fd int, cl []byte, data []byte, flags int) (err error) {
+	var clp, datap *strbuf
+	if len(cl) > 0 {
+		clp = &strbuf{
+			Len: int32(len(cl)),
+			Buf: (*int8)(unsafe.Pointer(&cl[0])),
+		}
+	}
+	if len(data) > 0 {
+		datap = &strbuf{
+			Len: int32(len(data)),
+			Buf: (*int8)(unsafe.Pointer(&data[0])),
+		}
+	}
+	return putmsg(fd, clp, datap, flags)
+}
+
+//sys	getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error)
+
+func Getmsg(fd int, cl []byte, data []byte) (retCl []byte, retData []byte, flags int, err error) {
+	var clp, datap *strbuf
+	if len(cl) > 0 {
+		clp = &strbuf{
+			Maxlen: int32(len(cl)),
+			Buf:    (*int8)(unsafe.Pointer(&cl[0])),
+		}
+	}
+	if len(data) > 0 {
+		datap = &strbuf{
+			Maxlen: int32(len(data)),
+			Buf:    (*int8)(unsafe.Pointer(&data[0])),
+		}
+	}
+
+	if err = getmsg(fd, clp, datap, &flags); err != nil {
+		return nil, nil, 0, err
+	}
+
+	if len(cl) > 0 {
+		retCl = cl[:clp.Len]
+	}
+	if len(data) > 0 {
+		retData = data[:datap.Len]
+	}
+	return retCl, retData, flags, nil
+}
+
+func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) {
+	return ioctlRet(fd, req, uintptr(arg))
+}
+
+func IoctlSetString(fd int, req uint, val string) error {
+	bs := make([]byte, len(val)+1)
+	copy(bs[:len(bs)-1], val)
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0])))
+	runtime.KeepAlive(&bs[0])
+	return err
+}
+
+// Lifreq Helpers
+
+func (l *Lifreq) SetName(name string) error {
+	if len(name) >= len(l.Name) {
+		return fmt.Errorf("name cannot be more than %d characters", len(l.Name)-1)
+	}
+	for i := range name {
+		l.Name[i] = int8(name[i])
+	}
+	return nil
+}
+
+func (l *Lifreq) SetLifruInt(d int) {
+	*(*int)(unsafe.Pointer(&l.Lifru[0])) = d
+}
+
+func (l *Lifreq) GetLifruInt() int {
+	return *(*int)(unsafe.Pointer(&l.Lifru[0]))
+}
+
+func (l *Lifreq) SetLifruUint(d uint) {
+	*(*uint)(unsafe.Pointer(&l.Lifru[0])) = d
+}
+
+func (l *Lifreq) GetLifruUint() uint {
+	return *(*uint)(unsafe.Pointer(&l.Lifru[0]))
+}
+
+func IoctlLifreq(fd int, req uint, l *Lifreq) error {
+	return ioctl(fd, req, uintptr(unsafe.Pointer(l)))
+}
+
+// Strioctl Helpers
+
+func (s *Strioctl) SetInt(i int) {
+	s.Len = int32(unsafe.Sizeof(i))
+	s.Dp = (*int8)(unsafe.Pointer(&i))
+}
+
+func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) {
+	return ioctlRet(fd, req, uintptr(unsafe.Pointer(s)))
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 690c2c87f0232..fff38a84c9c4d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -12,6 +12,7 @@
 package unix
 
 import (
+	"encoding/binary"
 	"syscall"
 	"unsafe"
 )
@@ -36,6 +37,27 @@ func Creat(path string, mode uint32) (fd int, err error) {
 	return Open(path, O_CREAT|O_WRONLY|O_TRUNC, mode)
 }
 
+func EpollCreate(size int) (fd int, err error) {
+	if size <= 0 {
+		return -1, EINVAL
+	}
+	return EpollCreate1(0)
+}
+
+//sys	FanotifyInit(flags uint, event_f_flags uint) (fd int, err error)
+//sys	fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error)
+
+func FanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname string) (err error) {
+	if pathname == "" {
+		return fanotifyMark(fd, flags, mask, dirFd, nil)
+	}
+	p, err := BytePtrFromString(pathname)
+	if err != nil {
+		return err
+	}
+	return fanotifyMark(fd, flags, mask, dirFd, p)
+}
+
 //sys	fchmodat(dirfd int, path string, mode uint32) (err error)
 
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -50,44 +72,22 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	return fchmodat(dirfd, path, mode)
 }
 
-//sys	ioctl(fd int, req uint, arg uintptr) (err error)
-
-// ioctl itself should not be exposed directly, but additional get/set
-// functions for specific types are permissible.
-
-// IoctlSetInt performs an ioctl operation which sets an integer value
-// on fd, using the specified request number.
-func IoctlSetInt(fd int, req uint, value int) error {
-	return ioctl(fd, req, uintptr(value))
-}
-
-func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-func IoctlSetTermios(fd int, req uint, value *Termios) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-// IoctlGetInt performs an ioctl operation which gets an integer value
-// from fd, using the specified request number.
-func IoctlGetInt(fd int, req uint) (int, error) {
-	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return value, err
+func InotifyInit() (fd int, err error) {
+	return InotifyInit1(0)
 }
 
-func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
-	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
+//sys	ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
-func IoctlGetTermios(fd int, req uint) (*Termios, error) {
-	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
+// ioctl itself should not be exposed directly, but additional get/set functions
+// for specific types are permissible. These are defined in ioctl.go and
+// ioctl_linux.go.
+//
+// The third argument to ioctl is often a pointer but sometimes an integer.
+// Callers should use ioctlPtr when the third argument is a pointer and ioctl
+// when the third argument is an integer.
+//
+// TODO: some existing code incorrectly uses ioctl when it should use ioctlPtr.
 
 //sys	Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error)
 
@@ -113,6 +113,29 @@ func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error)
 	return openat(dirfd, path, flags|O_LARGEFILE, mode)
 }
 
+//sys	openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error)
+
+func Openat2(dirfd int, path string, how *OpenHow) (fd int, err error) {
+	return openat2(dirfd, path, how, SizeofOpenHow)
+}
+
+func Pipe(p []int) error {
+	return Pipe2(p, 0)
+}
+
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) error {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err := pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return err
+}
+
 //sys	ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
 
 func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
@@ -122,6 +145,15 @@ func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error
 	return ppoll(&fds[0], len(fds), timeout, sigmask)
 }
 
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	var ts *Timespec
+	if timeout >= 0 {
+		ts = new(Timespec)
+		*ts = NsecToTimespec(int64(timeout) * 1e6)
+	}
+	return Ppoll(fds, ts, nil)
+}
+
 //sys	Readlinkat(dirfd int, path string, buf []byte) (n int, err error)
 
 func Readlink(path string, buf []byte) (n int, err error) {
@@ -172,27 +204,7 @@ func Utimes(path string, tv []Timeval) error {
 //sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
 
 func UtimesNano(path string, ts []Timespec) error {
-	if ts == nil {
-		err := utimensat(AT_FDCWD, path, nil, 0)
-		if err != ENOSYS {
-			return err
-		}
-		return utimes(path, nil)
-	}
-	if len(ts) != 2 {
-		return EINVAL
-	}
-	err := utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
-	if err != ENOSYS {
-		return err
-	}
-	// If the utimensat syscall isn't available (utimensat was added to Linux
-	// in 2.6.22, Released, 8 July 2007) then fall back to utimes
-	var tv [2]Timeval
-	for i := 0; i < 2; i++ {
-		tv[i] = NsecToTimeval(TimespecToNsec(ts[i]))
-	}
-	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+	return UtimesNanoAt(AT_FDCWD, path, ts, 0)
 }
 
 func UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) error {
@@ -571,6 +583,36 @@ func (sa *SockaddrCAN) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	return unsafe.Pointer(&sa.raw), SizeofSockaddrCAN, nil
 }
 
+// SockaddrCANJ1939 implements the Sockaddr interface for AF_CAN using J1939
+// protocol (https://en.wikipedia.org/wiki/SAE_J1939). For more information
+// on the purposes of the fields, check the official linux kernel documentation
+// available here: https://www.kernel.org/doc/Documentation/networking/j1939.rst
+type SockaddrCANJ1939 struct {
+	Ifindex int
+	Name    uint64
+	PGN     uint32
+	Addr    uint8
+	raw     RawSockaddrCAN
+}
+
+func (sa *SockaddrCANJ1939) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Ifindex < 0 || sa.Ifindex > 0x7fffffff {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_CAN
+	sa.raw.Ifindex = int32(sa.Ifindex)
+	n := (*[8]byte)(unsafe.Pointer(&sa.Name))
+	for i := 0; i < 8; i++ {
+		sa.raw.Addr[i] = n[i]
+	}
+	p := (*[4]byte)(unsafe.Pointer(&sa.PGN))
+	for i := 0; i < 4; i++ {
+		sa.raw.Addr[i+8] = p[i]
+	}
+	sa.raw.Addr[12] = sa.Addr
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrCAN, nil
+}
+
 // SockaddrALG implements the Sockaddr interface for AF_ALG type sockets.
 // SockaddrALG enables userspace access to the Linux kernel's cryptography
 // subsystem. The Type and Name fields specify which type of hash or cipher
@@ -678,20 +720,257 @@ type SockaddrVM struct {
 	// CID and Port specify a context ID and port address for a VM socket.
 	// Guests have a unique CID, and hosts may have a well-known CID of:
 	//  - VMADDR_CID_HYPERVISOR: refers to the hypervisor process.
+	//  - VMADDR_CID_LOCAL: refers to local communication (loopback).
 	//  - VMADDR_CID_HOST: refers to other processes on the host.
-	CID  uint32
-	Port uint32
-	raw  RawSockaddrVM
+	CID   uint32
+	Port  uint32
+	Flags uint8
+	raw   RawSockaddrVM
 }
 
 func (sa *SockaddrVM) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	sa.raw.Family = AF_VSOCK
 	sa.raw.Port = sa.Port
 	sa.raw.Cid = sa.CID
+	sa.raw.Flags = sa.Flags
 
 	return unsafe.Pointer(&sa.raw), SizeofSockaddrVM, nil
 }
 
+type SockaddrXDP struct {
+	Flags        uint16
+	Ifindex      uint32
+	QueueID      uint32
+	SharedUmemFD uint32
+	raw          RawSockaddrXDP
+}
+
+func (sa *SockaddrXDP) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_XDP
+	sa.raw.Flags = sa.Flags
+	sa.raw.Ifindex = sa.Ifindex
+	sa.raw.Queue_id = sa.QueueID
+	sa.raw.Shared_umem_fd = sa.SharedUmemFD
+
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrXDP, nil
+}
+
+// This constant mirrors the #define of PX_PROTO_OE in
+// linux/if_pppox.h. We're defining this by hand here instead of
+// autogenerating through mkerrors.sh because including
+// linux/if_pppox.h causes some declaration conflicts with other
+// includes (linux/if_pppox.h includes linux/in.h, which conflicts
+// with netinet/in.h). Given that we only need a single zero constant
+// out of that file, it's cleaner to just define it by hand here.
+const px_proto_oe = 0
+
+type SockaddrPPPoE struct {
+	SID    uint16
+	Remote []byte
+	Dev    string
+	raw    RawSockaddrPPPoX
+}
+
+func (sa *SockaddrPPPoE) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if len(sa.Remote) != 6 {
+		return nil, 0, EINVAL
+	}
+	if len(sa.Dev) > IFNAMSIZ-1 {
+		return nil, 0, EINVAL
+	}
+
+	*(*uint16)(unsafe.Pointer(&sa.raw[0])) = AF_PPPOX
+	// This next field is in host-endian byte order. We can't use the
+	// same unsafe pointer cast as above, because this value is not
+	// 32-bit aligned and some architectures don't allow unaligned
+	// access.
+	//
+	// However, the value of px_proto_oe is 0, so we can use
+	// encoding/binary helpers to write the bytes without worrying
+	// about the ordering.
+	binary.BigEndian.PutUint32(sa.raw[2:6], px_proto_oe)
+	// This field is deliberately big-endian, unlike the previous
+	// one. The kernel expects SID to be in network byte order.
+	binary.BigEndian.PutUint16(sa.raw[6:8], sa.SID)
+	copy(sa.raw[8:14], sa.Remote)
+	for i := 14; i < 14+IFNAMSIZ; i++ {
+		sa.raw[i] = 0
+	}
+	copy(sa.raw[14:], sa.Dev)
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrPPPoX, nil
+}
+
+// SockaddrTIPC implements the Sockaddr interface for AF_TIPC type sockets.
+// For more information on TIPC, see: http://tipc.sourceforge.net/.
+type SockaddrTIPC struct {
+	// Scope is the publication scopes when binding service/service range.
+	// Should be set to TIPC_CLUSTER_SCOPE or TIPC_NODE_SCOPE.
+	Scope int
+
+	// Addr is the type of address used to manipulate a socket. Addr must be
+	// one of:
+	//  - *TIPCSocketAddr: "id" variant in the C addr union
+	//  - *TIPCServiceRange: "nameseq" variant in the C addr union
+	//  - *TIPCServiceName: "name" variant in the C addr union
+	//
+	// If nil, EINVAL will be returned when the structure is used.
+	Addr TIPCAddr
+
+	raw RawSockaddrTIPC
+}
+
+// TIPCAddr is implemented by types that can be used as an address for
+// SockaddrTIPC. It is only implemented by *TIPCSocketAddr, *TIPCServiceRange,
+// and *TIPCServiceName.
+type TIPCAddr interface {
+	tipcAddrtype() uint8
+	tipcAddr() [12]byte
+}
+
+func (sa *TIPCSocketAddr) tipcAddr() [12]byte {
+	var out [12]byte
+	copy(out[:], (*(*[unsafe.Sizeof(TIPCSocketAddr{})]byte)(unsafe.Pointer(sa)))[:])
+	return out
+}
+
+func (sa *TIPCSocketAddr) tipcAddrtype() uint8 { return TIPC_SOCKET_ADDR }
+
+func (sa *TIPCServiceRange) tipcAddr() [12]byte {
+	var out [12]byte
+	copy(out[:], (*(*[unsafe.Sizeof(TIPCServiceRange{})]byte)(unsafe.Pointer(sa)))[:])
+	return out
+}
+
+func (sa *TIPCServiceRange) tipcAddrtype() uint8 { return TIPC_SERVICE_RANGE }
+
+func (sa *TIPCServiceName) tipcAddr() [12]byte {
+	var out [12]byte
+	copy(out[:], (*(*[unsafe.Sizeof(TIPCServiceName{})]byte)(unsafe.Pointer(sa)))[:])
+	return out
+}
+
+func (sa *TIPCServiceName) tipcAddrtype() uint8 { return TIPC_SERVICE_ADDR }
+
+func (sa *SockaddrTIPC) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Addr == nil {
+		return nil, 0, EINVAL
+	}
+
+	sa.raw.Family = AF_TIPC
+	sa.raw.Scope = int8(sa.Scope)
+	sa.raw.Addrtype = sa.Addr.tipcAddrtype()
+	sa.raw.Addr = sa.Addr.tipcAddr()
+
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrTIPC, nil
+}
+
+// SockaddrL2TPIP implements the Sockaddr interface for IPPROTO_L2TP/AF_INET sockets.
+type SockaddrL2TPIP struct {
+	Addr   [4]byte
+	ConnId uint32
+	raw    RawSockaddrL2TPIP
+}
+
+func (sa *SockaddrL2TPIP) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_INET
+	sa.raw.Conn_id = sa.ConnId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2TPIP, nil
+}
+
+// SockaddrL2TPIP6 implements the Sockaddr interface for IPPROTO_L2TP/AF_INET6 sockets.
+type SockaddrL2TPIP6 struct {
+	Addr   [16]byte
+	ZoneId uint32
+	ConnId uint32
+	raw    RawSockaddrL2TPIP6
+}
+
+func (sa *SockaddrL2TPIP6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_INET6
+	sa.raw.Conn_id = sa.ConnId
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2TPIP6, nil
+}
+
+// SockaddrIUCV implements the Sockaddr interface for AF_IUCV sockets.
+type SockaddrIUCV struct {
+	UserID string
+	Name   string
+	raw    RawSockaddrIUCV
+}
+
+func (sa *SockaddrIUCV) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_IUCV
+	// These are EBCDIC encoded by the kernel, but we still need to pad them
+	// with blanks. Initializing with blanks allows the caller to feed in either
+	// a padded or an unpadded string.
+	for i := 0; i < 8; i++ {
+		sa.raw.Nodeid[i] = ' '
+		sa.raw.User_id[i] = ' '
+		sa.raw.Name[i] = ' '
+	}
+	if len(sa.UserID) > 8 || len(sa.Name) > 8 {
+		return nil, 0, EINVAL
+	}
+	for i, b := range []byte(sa.UserID[:]) {
+		sa.raw.User_id[i] = int8(b)
+	}
+	for i, b := range []byte(sa.Name[:]) {
+		sa.raw.Name[i] = int8(b)
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrIUCV, nil
+}
+
+type SockaddrNFC struct {
+	DeviceIdx   uint32
+	TargetIdx   uint32
+	NFCProtocol uint32
+	raw         RawSockaddrNFC
+}
+
+func (sa *SockaddrNFC) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Sa_family = AF_NFC
+	sa.raw.Dev_idx = sa.DeviceIdx
+	sa.raw.Target_idx = sa.TargetIdx
+	sa.raw.Nfc_protocol = sa.NFCProtocol
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrNFC, nil
+}
+
+type SockaddrNFCLLCP struct {
+	DeviceIdx      uint32
+	TargetIdx      uint32
+	NFCProtocol    uint32
+	DestinationSAP uint8
+	SourceSAP      uint8
+	ServiceName    string
+	raw            RawSockaddrNFCLLCP
+}
+
+func (sa *SockaddrNFCLLCP) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Sa_family = AF_NFC
+	sa.raw.Dev_idx = sa.DeviceIdx
+	sa.raw.Target_idx = sa.TargetIdx
+	sa.raw.Nfc_protocol = sa.NFCProtocol
+	sa.raw.Dsap = sa.DestinationSAP
+	sa.raw.Ssap = sa.SourceSAP
+	if len(sa.ServiceName) > len(sa.raw.Service_name) {
+		return nil, 0, EINVAL
+	}
+	copy(sa.raw.Service_name[:], sa.ServiceName)
+	sa.raw.SetServiceNameLen(len(sa.ServiceName))
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrNFCLLCP, nil
+}
+
+var socketProtocol = func(fd int) (int, error) {
+	return GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+}
+
 func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 	switch rsa.Addr.Family {
 	case AF_NETLINK:
@@ -737,40 +1016,74 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[10000]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
 		sa.Name = string(bytes)
 		return sa, nil
 
 	case AF_INET:
-		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
-		sa := new(SockaddrInet4)
-		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
-		sa.Port = int(p[0])<<8 + int(p[1])
-		for i := 0; i < len(sa.Addr); i++ {
-			sa.Addr[i] = pp.Addr[i]
+		proto, err := socketProtocol(fd)
+		if err != nil {
+			return nil, err
+		}
+
+		switch proto {
+		case IPPROTO_L2TP:
+			pp := (*RawSockaddrL2TPIP)(unsafe.Pointer(rsa))
+			sa := new(SockaddrL2TPIP)
+			sa.ConnId = pp.Conn_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		default:
+			pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+			sa := new(SockaddrInet4)
+			p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+			sa.Port = int(p[0])<<8 + int(p[1])
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
 		}
-		return sa, nil
 
 	case AF_INET6:
-		pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
-		sa := new(SockaddrInet6)
-		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
-		sa.Port = int(p[0])<<8 + int(p[1])
-		sa.ZoneId = pp.Scope_id
-		for i := 0; i < len(sa.Addr); i++ {
-			sa.Addr[i] = pp.Addr[i]
+		proto, err := socketProtocol(fd)
+		if err != nil {
+			return nil, err
+		}
+
+		switch proto {
+		case IPPROTO_L2TP:
+			pp := (*RawSockaddrL2TPIP6)(unsafe.Pointer(rsa))
+			sa := new(SockaddrL2TPIP6)
+			sa.ConnId = pp.Conn_id
+			sa.ZoneId = pp.Scope_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		default:
+			pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+			sa := new(SockaddrInet6)
+			p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+			sa.Port = int(p[0])<<8 + int(p[1])
+			sa.ZoneId = pp.Scope_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
 		}
-		return sa, nil
 
 	case AF_VSOCK:
 		pp := (*RawSockaddrVM)(unsafe.Pointer(rsa))
 		sa := &SockaddrVM{
-			CID:  pp.Cid,
-			Port: pp.Port,
+			CID:   pp.Cid,
+			Port:  pp.Port,
+			Flags: pp.Flags,
 		}
 		return sa, nil
 	case AF_BLUETOOTH:
-		proto, err := GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+		proto, err := socketProtocol(fd)
 		if err != nil {
 			return nil, err
 		}
@@ -793,6 +1106,138 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 			}
 			return sa, nil
 		}
+	case AF_XDP:
+		pp := (*RawSockaddrXDP)(unsafe.Pointer(rsa))
+		sa := &SockaddrXDP{
+			Flags:        pp.Flags,
+			Ifindex:      pp.Ifindex,
+			QueueID:      pp.Queue_id,
+			SharedUmemFD: pp.Shared_umem_fd,
+		}
+		return sa, nil
+	case AF_PPPOX:
+		pp := (*RawSockaddrPPPoX)(unsafe.Pointer(rsa))
+		if binary.BigEndian.Uint32(pp[2:6]) != px_proto_oe {
+			return nil, EINVAL
+		}
+		sa := &SockaddrPPPoE{
+			SID:    binary.BigEndian.Uint16(pp[6:8]),
+			Remote: pp[8:14],
+		}
+		for i := 14; i < 14+IFNAMSIZ; i++ {
+			if pp[i] == 0 {
+				sa.Dev = string(pp[14:i])
+				break
+			}
+		}
+		return sa, nil
+	case AF_TIPC:
+		pp := (*RawSockaddrTIPC)(unsafe.Pointer(rsa))
+
+		sa := &SockaddrTIPC{
+			Scope: int(pp.Scope),
+		}
+
+		// Determine which union variant is present in pp.Addr by checking
+		// pp.Addrtype.
+		switch pp.Addrtype {
+		case TIPC_SERVICE_RANGE:
+			sa.Addr = (*TIPCServiceRange)(unsafe.Pointer(&pp.Addr))
+		case TIPC_SERVICE_ADDR:
+			sa.Addr = (*TIPCServiceName)(unsafe.Pointer(&pp.Addr))
+		case TIPC_SOCKET_ADDR:
+			sa.Addr = (*TIPCSocketAddr)(unsafe.Pointer(&pp.Addr))
+		default:
+			return nil, EINVAL
+		}
+
+		return sa, nil
+	case AF_IUCV:
+		pp := (*RawSockaddrIUCV)(unsafe.Pointer(rsa))
+
+		var user [8]byte
+		var name [8]byte
+
+		for i := 0; i < 8; i++ {
+			user[i] = byte(pp.User_id[i])
+			name[i] = byte(pp.Name[i])
+		}
+
+		sa := &SockaddrIUCV{
+			UserID: string(user[:]),
+			Name:   string(name[:]),
+		}
+		return sa, nil
+
+	case AF_CAN:
+		proto, err := socketProtocol(fd)
+		if err != nil {
+			return nil, err
+		}
+
+		pp := (*RawSockaddrCAN)(unsafe.Pointer(rsa))
+
+		switch proto {
+		case CAN_J1939:
+			sa := &SockaddrCANJ1939{
+				Ifindex: int(pp.Ifindex),
+			}
+			name := (*[8]byte)(unsafe.Pointer(&sa.Name))
+			for i := 0; i < 8; i++ {
+				name[i] = pp.Addr[i]
+			}
+			pgn := (*[4]byte)(unsafe.Pointer(&sa.PGN))
+			for i := 0; i < 4; i++ {
+				pgn[i] = pp.Addr[i+8]
+			}
+			addr := (*[1]byte)(unsafe.Pointer(&sa.Addr))
+			addr[0] = pp.Addr[12]
+			return sa, nil
+		default:
+			sa := &SockaddrCAN{
+				Ifindex: int(pp.Ifindex),
+			}
+			rx := (*[4]byte)(unsafe.Pointer(&sa.RxID))
+			for i := 0; i < 4; i++ {
+				rx[i] = pp.Addr[i]
+			}
+			tx := (*[4]byte)(unsafe.Pointer(&sa.TxID))
+			for i := 0; i < 4; i++ {
+				tx[i] = pp.Addr[i+4]
+			}
+			return sa, nil
+		}
+	case AF_NFC:
+		proto, err := socketProtocol(fd)
+		if err != nil {
+			return nil, err
+		}
+		switch proto {
+		case NFC_SOCKPROTO_RAW:
+			pp := (*RawSockaddrNFC)(unsafe.Pointer(rsa))
+			sa := &SockaddrNFC{
+				DeviceIdx:   pp.Dev_idx,
+				TargetIdx:   pp.Target_idx,
+				NFCProtocol: pp.Nfc_protocol,
+			}
+			return sa, nil
+		case NFC_SOCKPROTO_LLCP:
+			pp := (*RawSockaddrNFCLLCP)(unsafe.Pointer(rsa))
+			if uint64(pp.Service_name_len) > uint64(len(pp.Service_name)) {
+				return nil, EINVAL
+			}
+			sa := &SockaddrNFCLLCP{
+				DeviceIdx:      pp.Dev_idx,
+				TargetIdx:      pp.Target_idx,
+				NFCProtocol:    pp.Nfc_protocol,
+				DestinationSAP: pp.Dsap,
+				SourceSAP:      pp.Ssap,
+				ServiceName:    string(pp.Service_name[:pp.Service_name_len]),
+			}
+			return sa, nil
+		default:
+			return nil, EINVAL
+		}
 	}
 	return nil, EAFNOSUPPORT
 }
@@ -800,7 +1245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 func Accept(fd int) (nfd int, sa Sockaddr, err error) {
 	var rsa RawSockaddrAny
 	var len _Socklen = SizeofSockaddrAny
-	nfd, err = accept(fd, &rsa, &len)
+	nfd, err = accept4(fd, &rsa, &len, 0)
 	if err != nil {
 		return
 	}
@@ -878,10 +1323,57 @@ func GetsockoptString(fd, level, opt int) (string, error) {
 	return string(buf[:vallen-1]), nil
 }
 
+func GetsockoptTpacketStats(fd, level, opt int) (*TpacketStats, error) {
+	var value TpacketStats
+	vallen := _Socklen(SizeofTpacketStats)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptTpacketStatsV3(fd, level, opt int) (*TpacketStatsV3, error) {
+	var value TpacketStatsV3
+	vallen := _Socklen(SizeofTpacketStatsV3)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
 func SetsockoptIPMreqn(fd, level, opt int, mreq *IPMreqn) (err error) {
 	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), unsafe.Sizeof(*mreq))
 }
 
+func SetsockoptPacketMreq(fd, level, opt int, mreq *PacketMreq) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), unsafe.Sizeof(*mreq))
+}
+
+// SetsockoptSockFprog attaches a classic BPF or an extended BPF program to a
+// socket to filter incoming packets.  See 'man 7 socket' for usage information.
+func SetsockoptSockFprog(fd, level, opt int, fprog *SockFprog) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(fprog), unsafe.Sizeof(*fprog))
+}
+
+func SetsockoptCanRawFilter(fd, level, opt int, filter []CanFilter) error {
+	var p unsafe.Pointer
+	if len(filter) > 0 {
+		p = unsafe.Pointer(&filter[0])
+	}
+	return setsockopt(fd, level, opt, p, uintptr(len(filter)*SizeofCanFilter))
+}
+
+func SetsockoptTpacketReq(fd, level, opt int, tp *TpacketReq) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(tp), unsafe.Sizeof(*tp))
+}
+
+func SetsockoptTpacketReq3(fd, level, opt int, tp *TpacketReq3) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(tp), unsafe.Sizeof(*tp))
+}
+
+func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) {
+	if len(o) == 0 {
+		return EINVAL
+	}
+	return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o)))
+}
+
 // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html)
 
 // KeyctlInt calls keyctl commands in which each argument is an int.
@@ -989,6 +1481,34 @@ func KeyctlDHCompute(params *KeyctlDHParams, buffer []byte) (size int, err error
 	return keyctlDH(KEYCTL_DH_COMPUTE, params, buffer)
 }
 
+// KeyctlRestrictKeyring implements the KEYCTL_RESTRICT_KEYRING command. This
+// command limits the set of keys that can be linked to the keyring, regardless
+// of keyring permissions. The command requires the "setattr" permission.
+//
+// When called with an empty keyType the command locks the keyring, preventing
+// any further keys from being linked to the keyring.
+//
+// The "asymmetric" keyType defines restrictions requiring key payloads to be
+// DER encoded X.509 certificates signed by keys in another keyring. Restrictions
+// for "asymmetric" include "builtin_trusted", "builtin_and_secondary_trusted",
+// "key_or_keyring:<key>", and "key_or_keyring:<key>:chain".
+//
+// As of Linux 4.12, only the "asymmetric" keyType defines type-specific
+// restrictions.
+//
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_restrict_keyring.3.html
+// http://man7.org/linux/man-pages/man2/keyctl.2.html
+func KeyctlRestrictKeyring(ringid int, keyType string, restriction string) error {
+	if keyType == "" {
+		return keyctlRestrictKeyring(KEYCTL_RESTRICT_KEYRING, ringid)
+	}
+	return keyctlRestrictKeyringByType(KEYCTL_RESTRICT_KEYRING, ringid, keyType, restriction)
+}
+
+//sys	keyctlRestrictKeyringByType(cmd int, arg2 int, keyType string, restriction string) (err error) = SYS_KEYCTL
+//sys	keyctlRestrictKeyring(cmd int, arg2 int) (err error) = SYS_KEYCTL
+
 func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
 	var msg Msghdr
 	var rsa RawSockaddrAny
@@ -1095,7 +1615,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
 	// The ptrace syscall differs from glibc's ptrace.
 	// Peeks returns the word in *data, not as the return value.
 
-	var buf [sizeofPtr]byte
+	var buf [SizeofPtr]byte
 
 	// Leading edge. PEEKTEXT/PEEKDATA don't require aligned
 	// access (PEEKUSER warns that it might), but if we don't
@@ -1103,12 +1623,12 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
 	// boundary and not get the bytes leading up to the page
 	// boundary.
 	n := 0
-	if addr%sizeofPtr != 0 {
-		err = ptrace(req, pid, addr-addr%sizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+	if addr%SizeofPtr != 0 {
+		err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
 		if err != nil {
 			return 0, err
 		}
-		n += copy(out, buf[addr%sizeofPtr:])
+		n += copy(out, buf[addr%SizeofPtr:])
 		out = out[n:]
 	}
 
@@ -1146,15 +1666,15 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
 
 	// Leading edge.
 	n := 0
-	if addr%sizeofPtr != 0 {
-		var buf [sizeofPtr]byte
-		err = ptrace(peekReq, pid, addr-addr%sizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+	if addr%SizeofPtr != 0 {
+		var buf [SizeofPtr]byte
+		err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
 		if err != nil {
 			return 0, err
 		}
-		n += copy(buf[addr%sizeofPtr:], data)
+		n += copy(buf[addr%SizeofPtr:], data)
 		word := *((*uintptr)(unsafe.Pointer(&buf[0])))
-		err = ptrace(pokeReq, pid, addr-addr%sizeofPtr, word)
+		err = ptrace(pokeReq, pid, addr-addr%SizeofPtr, word)
 		if err != nil {
 			return 0, err
 		}
@@ -1162,19 +1682,19 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
 	}
 
 	// Interior.
-	for len(data) > sizeofPtr {
+	for len(data) > SizeofPtr {
 		word := *((*uintptr)(unsafe.Pointer(&data[0])))
 		err = ptrace(pokeReq, pid, addr+uintptr(n), word)
 		if err != nil {
 			return n, err
 		}
-		n += sizeofPtr
-		data = data[sizeofPtr:]
+		n += SizeofPtr
+		data = data[SizeofPtr:]
 	}
 
 	// Trailing edge.
 	if len(data) > 0 {
-		var buf [sizeofPtr]byte
+		var buf [SizeofPtr]byte
 		err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
 		if err != nil {
 			return n, err
@@ -1232,8 +1752,12 @@ func PtraceSyscall(pid int, signal int) (err error) {
 
 func PtraceSingleStep(pid int) (err error) { return ptrace(PTRACE_SINGLESTEP, pid, 0, 0) }
 
+func PtraceInterrupt(pid int) (err error) { return ptrace(PTRACE_INTERRUPT, pid, 0, 0) }
+
 func PtraceAttach(pid int) (err error) { return ptrace(PTRACE_ATTACH, pid, 0, 0) }
 
+func PtraceSeize(pid int) (err error) { return ptrace(PTRACE_SEIZE, pid, 0, 0) }
+
 func PtraceDetach(pid int) (err error) { return ptrace(PTRACE_DETACH, pid, 0, 0) }
 
 //sys	reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error)
@@ -1242,8 +1766,20 @@ func Reboot(cmd int) (err error) {
 	return reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, cmd, "")
 }
 
-func ReadDirent(fd int, buf []byte) (n int, err error) {
-	return Getdents(fd, buf)
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	reclen, ok := direntReclen(buf)
+	if !ok {
+		return 0, false
+	}
+	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
 }
 
 //sys	mount(source string, target string, fstype string, flags uintptr, data *byte) (err error)
@@ -1261,6 +1797,13 @@ func Mount(source string, target string, fstype string, flags uintptr, data stri
 	return mount(source, target, fstype, flags, datap)
 }
 
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
 // Sendto
 // Recvfrom
 // Socketpair
@@ -1271,12 +1814,23 @@ func Mount(source string, target string, fstype string, flags uintptr, data stri
 //sys	Acct(path string) (err error)
 //sys	AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error)
 //sys	Adjtimex(buf *Timex) (state int, err error)
+//sysnb	Capget(hdr *CapUserHeader, data *CapUserData) (err error)
+//sysnb	Capset(hdr *CapUserHeader, data *CapUserData) (err error)
 //sys	Chdir(path string) (err error)
 //sys	Chroot(path string) (err error)
+//sys	ClockGetres(clockid int32, res *Timespec) (err error)
 //sys	ClockGettime(clockid int32, time *Timespec) (err error)
+//sys	ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error)
 //sys	Close(fd int) (err error)
+//sys	CloseRange(first uint, last uint, flags uint) (err error)
 //sys	CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
+//sys	DeleteModule(name string, flags int) (err error)
 //sys	Dup(oldfd int) (fd int, err error)
+
+func Dup2(oldfd, newfd int) error {
+	return Dup3(oldfd, newfd, 0)
+}
+
 //sys	Dup3(oldfd int, newfd int, flags int) (err error)
 //sysnb	EpollCreate1(flag int) (fd int, err error)
 //sysnb	EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error)
@@ -1286,9 +1840,13 @@ func Mount(source string, target string, fstype string, flags uintptr, data stri
 //sys	Fchdir(fd int) (err error)
 //sys	Fchmod(fd int, mode uint32) (err error)
 //sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
-//sys	fcntl(fd int, cmd int, arg int) (val int, err error)
 //sys	Fdatasync(fd int) (err error)
+//sys	Fgetxattr(fd int, attr string, dest []byte) (sz int, err error)
+//sys	FinitModule(fd int, params string, flags int) (err error)
+//sys	Flistxattr(fd int, dest []byte) (sz int, err error)
 //sys	Flock(fd int, how int) (err error)
+//sys	Fremovexattr(fd int, attr string) (err error)
+//sys	Fsetxattr(fd int, attr string, dest []byte, flags int) (err error)
 //sys	Fsync(fd int) (err error)
 //sys	Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64
 //sysnb	Getpgid(pid int) (pgid int, err error)
@@ -1306,6 +1864,7 @@ func Getpgrp() (pid int) {
 //sysnb	Getsid(pid int) (sid int, err error)
 //sysnb	Gettid() (tid int)
 //sys	Getxattr(path string, attr string, dest []byte) (sz int, err error)
+//sys	InitModule(moduleImage []byte, params string) (err error)
 //sys	InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error)
 //sysnb	InotifyInit1(flags int) (fd int, err error)
 //sysnb	InotifyRmWatch(fd int, watchdesc uint32) (success int, err error)
@@ -1316,17 +1875,18 @@ func Getpgrp() (pid int) {
 //sys	Llistxattr(path string, dest []byte) (sz int, err error)
 //sys	Lremovexattr(path string, attr string) (err error)
 //sys	Lsetxattr(path string, attr string, data []byte, flags int) (err error)
+//sys	MemfdCreate(name string, flags int) (fd int, err error)
 //sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
 //sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
 //sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
 //sys	PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error)
 //sys	PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT
-//sysnb prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64
-//sys   Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error)
+//sysnb	Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64
+//sys	Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error)
 //sys	Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) = SYS_PSELECT6
 //sys	read(fd int, p []byte) (n int, err error)
 //sys	Removexattr(path string, attr string) (err error)
-//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error)
 //sys	RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error)
 //sys	Setdomainname(p []byte) (err error)
 //sys	Sethostname(p []byte) (err error)
@@ -1335,6 +1895,17 @@ func Getpgrp() (pid int) {
 //sysnb	Settimeofday(tv *Timeval) (err error)
 //sys	Setns(fd int, nstype int) (err error)
 
+// PrctlRetInt performs a prctl operation specified by option and further
+// optional arguments arg2 through arg5 depending on option. It returns a
+// non-negative integer that is returned by the prctl syscall.
+func PrctlRetInt(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (int, error) {
+	ret, _, err := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(ret), nil
+}
+
 // issue 1435.
 // On linux Setuid and Setgid only affects the current thread, not the process.
 // This does not match what most callers expect so we must return an error
@@ -1348,13 +1919,45 @@ func Setgid(uid int) (err error) {
 	return EOPNOTSUPP
 }
 
+// SetfsgidRetGid sets fsgid for current thread and returns previous fsgid set.
+// setfsgid(2) will return a non-nil error only if its caller lacks CAP_SETUID capability.
+// If the call fails due to other reasons, current fsgid will be returned.
+func SetfsgidRetGid(gid int) (int, error) {
+	return setfsgid(gid)
+}
+
+// SetfsuidRetUid sets fsuid for current thread and returns previous fsuid set.
+// setfsgid(2) will return a non-nil error only if its caller lacks CAP_SETUID capability
+// If the call fails due to other reasons, current fsuid will be returned.
+func SetfsuidRetUid(uid int) (int, error) {
+	return setfsuid(uid)
+}
+
+func Setfsgid(gid int) error {
+	_, err := setfsgid(gid)
+	return err
+}
+
+func Setfsuid(uid int) error {
+	_, err := setfsuid(uid)
+	return err
+}
+
+func Signalfd(fd int, sigmask *Sigset_t, flags int) (newfd int, err error) {
+	return signalfd(fd, sigmask, _C__NSIG/8, flags)
+}
+
 //sys	Setpriority(which int, who int, prio int) (err error)
 //sys	Setxattr(path string, attr string, data []byte, flags int) (err error)
+//sys	signalfd(fd int, sigmask *Sigset_t, maskSize uintptr, flags int) (newfd int, err error) = SYS_SIGNALFD4
 //sys	Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error)
 //sys	Sync()
 //sys	Syncfs(fd int) (err error)
 //sysnb	Sysinfo(info *Sysinfo_t) (err error)
 //sys	Tee(rfd int, wfd int, len int, flags int) (n int64, err error)
+//sysnb	TimerfdCreate(clockid int, flags int) (fd int, err error)
+//sysnb	TimerfdGettime(fd int, currValue *ItimerSpec) (err error)
+//sysnb	TimerfdSettime(fd int, flags int, newValue *ItimerSpec, oldValue *ItimerSpec) (err error)
 //sysnb	Tgkill(tgid int, tid int, sig syscall.Signal) (err error)
 //sysnb	Times(tms *Tms) (ticks uintptr, err error)
 //sysnb	Umask(mask int) (oldmask int)
@@ -1365,6 +1968,123 @@ func Setgid(uid int) (err error) {
 //sys	exitThread(code int) (err error) = SYS_EXIT
 //sys	readlen(fd int, p *byte, np int) (n int, err error) = SYS_READ
 //sys	writelen(fd int, p *byte, np int) (n int, err error) = SYS_WRITE
+//sys	readv(fd int, iovs []Iovec) (n int, err error) = SYS_READV
+//sys	writev(fd int, iovs []Iovec) (n int, err error) = SYS_WRITEV
+//sys	preadv(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) = SYS_PREADV
+//sys	pwritev(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) = SYS_PWRITEV
+//sys	preadv2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) = SYS_PREADV2
+//sys	pwritev2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) = SYS_PWRITEV2
+
+func bytes2iovec(bs [][]byte) []Iovec {
+	iovecs := make([]Iovec, len(bs))
+	for i, b := range bs {
+		iovecs[i].SetLen(len(b))
+		if len(b) > 0 {
+			iovecs[i].Base = &b[0]
+		} else {
+			iovecs[i].Base = (*byte)(unsafe.Pointer(&_zero))
+		}
+	}
+	return iovecs
+}
+
+// offs2lohi splits offs into its lower and upper unsigned long. On 64-bit
+// systems, hi will always be 0. On 32-bit systems, offs will be split in half.
+// preadv/pwritev chose this calling convention so they don't need to add a
+// padding-register for alignment on ARM.
+func offs2lohi(offs int64) (lo, hi uintptr) {
+	return uintptr(offs), uintptr(uint64(offs) >> SizeofLong)
+}
+
+func Readv(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = readv(fd, iovecs)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	lo, hi := offs2lohi(offset)
+	n, err = preadv(fd, iovecs, lo, hi)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func Preadv2(fd int, iovs [][]byte, offset int64, flags int) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	lo, hi := offs2lohi(offset)
+	n, err = preadv2(fd, iovecs, lo, hi, flags)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func readvRacedetect(iovecs []Iovec, n int, err error) {
+	if !raceenabled {
+		return
+	}
+	for i := 0; n > 0 && i < len(iovecs); i++ {
+		m := int(iovecs[i].Len)
+		if m > n {
+			m = n
+		}
+		n -= m
+		if m > 0 {
+			raceWriteRange(unsafe.Pointer(iovecs[i].Base), m)
+		}
+	}
+	if err == nil {
+		raceAcquire(unsafe.Pointer(&ioSync))
+	}
+}
+
+func Writev(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	n, err = writev(fd, iovecs)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func Pwritev(fd int, iovs [][]byte, offset int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	lo, hi := offs2lohi(offset)
+	n, err = pwritev(fd, iovecs, lo, hi)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func Pwritev2(fd int, iovs [][]byte, offset int64, flags int) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	lo, hi := offs2lohi(offset)
+	n, err = pwritev2(fd, iovecs, lo, hi, flags)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func writevRacedetect(iovecs []Iovec, n int) {
+	if !raceenabled {
+		return
+	}
+	for i := 0; n > 0 && i < len(iovecs); i++ {
+		m := int(iovecs[i].Len)
+		if m > n {
+			m = n
+		}
+		n -= m
+		if m > 0 {
+			raceReadRange(unsafe.Pointer(iovecs[i].Base), m)
+		}
+	}
+}
 
 // mmap varies by architecture; see syscall_linux_*.go.
 //sys	munmap(addr uintptr, length uintptr) (err error)
@@ -1394,15 +2114,12 @@ func Munmap(b []byte) (err error) {
 // Vmsplice splices user pages from a slice of Iovecs into a pipe specified by fd,
 // using the specified flags.
 func Vmsplice(fd int, iovs []Iovec, flags int) (int, error) {
-	n, _, errno := Syscall6(
-		SYS_VMSPLICE,
-		uintptr(fd),
-		uintptr(unsafe.Pointer(&iovs[0])),
-		uintptr(len(iovs)),
-		uintptr(flags),
-		0,
-		0,
-	)
+	var p unsafe.Pointer
+	if len(iovs) > 0 {
+		p = unsafe.Pointer(&iovs[0])
+	}
+
+	n, _, errno := Syscall6(SYS_VMSPLICE, uintptr(fd), uintptr(p), uintptr(len(iovs)), uintptr(flags), 0, 0)
 	if errno != 0 {
 		return 0, syscall.Errno(errno)
 	}
@@ -1410,17 +2127,203 @@ func Vmsplice(fd int, iovs []Iovec, flags int) (int, error) {
 	return int(n), nil
 }
 
+func isGroupMember(gid int) bool {
+	groups, err := Getgroups()
+	if err != nil {
+		return false
+	}
+
+	for _, g := range groups {
+		if g == gid {
+			return true
+		}
+	}
+	return false
+}
+
 //sys	faccessat(dirfd int, path string, mode uint32) (err error)
+//sys	Faccessat2(dirfd int, path string, mode uint32, flags int) (err error)
 
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	if flags == 0 {
+		return faccessat(dirfd, path, mode)
+	}
+
+	if err := Faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM {
+		return err
+	}
+
+	// The Linux kernel faccessat system call does not take any flags.
+	// The glibc faccessat implements the flags itself; see
+	// https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/faccessat.c;hb=HEAD
+	// Because people naturally expect syscall.Faccessat to act
+	// like C faccessat, we do the same.
+
 	if flags & ^(AT_SYMLINK_NOFOLLOW|AT_EACCESS) != 0 {
 		return EINVAL
-	} else if flags&(AT_SYMLINK_NOFOLLOW|AT_EACCESS) != 0 {
-		return EOPNOTSUPP
 	}
-	return faccessat(dirfd, path, mode)
+
+	var st Stat_t
+	if err := Fstatat(dirfd, path, &st, flags&AT_SYMLINK_NOFOLLOW); err != nil {
+		return err
+	}
+
+	mode &= 7
+	if mode == 0 {
+		return nil
+	}
+
+	var uid int
+	if flags&AT_EACCESS != 0 {
+		uid = Geteuid()
+	} else {
+		uid = Getuid()
+	}
+
+	if uid == 0 {
+		if mode&1 == 0 {
+			// Root can read and write any file.
+			return nil
+		}
+		if st.Mode&0111 != 0 {
+			// Root can execute any file that anybody can execute.
+			return nil
+		}
+		return EACCES
+	}
+
+	var fmode uint32
+	if uint32(uid) == st.Uid {
+		fmode = (st.Mode >> 6) & 7
+	} else {
+		var gid int
+		if flags&AT_EACCESS != 0 {
+			gid = Getegid()
+		} else {
+			gid = Getgid()
+		}
+
+		if uint32(gid) == st.Gid || isGroupMember(gid) {
+			fmode = (st.Mode >> 3) & 7
+		} else {
+			fmode = st.Mode & 7
+		}
+	}
+
+	if fmode&mode == mode {
+		return nil
+	}
+
+	return EACCES
+}
+
+//sys	nameToHandleAt(dirFD int, pathname string, fh *fileHandle, mountID *_C_int, flags int) (err error) = SYS_NAME_TO_HANDLE_AT
+//sys	openByHandleAt(mountFD int, fh *fileHandle, flags int) (fd int, err error) = SYS_OPEN_BY_HANDLE_AT
+
+// fileHandle is the argument to nameToHandleAt and openByHandleAt. We
+// originally tried to generate it via unix/linux/types.go with "type
+// fileHandle C.struct_file_handle" but that generated empty structs
+// for mips64 and mips64le. Instead, hard code it for now (it's the
+// same everywhere else) until the mips64 generator issue is fixed.
+type fileHandle struct {
+	Bytes uint32
+	Type  int32
+}
+
+// FileHandle represents the C struct file_handle used by
+// name_to_handle_at (see NameToHandleAt) and open_by_handle_at (see
+// OpenByHandleAt).
+type FileHandle struct {
+	*fileHandle
+}
+
+// NewFileHandle constructs a FileHandle.
+func NewFileHandle(handleType int32, handle []byte) FileHandle {
+	const hdrSize = unsafe.Sizeof(fileHandle{})
+	buf := make([]byte, hdrSize+uintptr(len(handle)))
+	copy(buf[hdrSize:], handle)
+	fh := (*fileHandle)(unsafe.Pointer(&buf[0]))
+	fh.Type = handleType
+	fh.Bytes = uint32(len(handle))
+	return FileHandle{fh}
+}
+
+func (fh *FileHandle) Size() int   { return int(fh.fileHandle.Bytes) }
+func (fh *FileHandle) Type() int32 { return fh.fileHandle.Type }
+func (fh *FileHandle) Bytes() []byte {
+	n := fh.Size()
+	if n == 0 {
+		return nil
+	}
+	return (*[1 << 30]byte)(unsafe.Pointer(uintptr(unsafe.Pointer(&fh.fileHandle.Type)) + 4))[:n:n]
+}
+
+// NameToHandleAt wraps the name_to_handle_at system call; it obtains
+// a handle for a path name.
+func NameToHandleAt(dirfd int, path string, flags int) (handle FileHandle, mountID int, err error) {
+	var mid _C_int
+	// Try first with a small buffer, assuming the handle will
+	// only be 32 bytes.
+	size := uint32(32 + unsafe.Sizeof(fileHandle{}))
+	didResize := false
+	for {
+		buf := make([]byte, size)
+		fh := (*fileHandle)(unsafe.Pointer(&buf[0]))
+		fh.Bytes = size - uint32(unsafe.Sizeof(fileHandle{}))
+		err = nameToHandleAt(dirfd, path, fh, &mid, flags)
+		if err == EOVERFLOW {
+			if didResize {
+				// We shouldn't need to resize more than once
+				return
+			}
+			didResize = true
+			size = fh.Bytes + uint32(unsafe.Sizeof(fileHandle{}))
+			continue
+		}
+		if err != nil {
+			return
+		}
+		return FileHandle{fh}, int(mid), nil
+	}
 }
 
+// OpenByHandleAt wraps the open_by_handle_at system call; it opens a
+// file via a handle as previously returned by NameToHandleAt.
+func OpenByHandleAt(mountFD int, handle FileHandle, flags int) (fd int, err error) {
+	return openByHandleAt(mountFD, handle.fileHandle, flags)
+}
+
+// Klogset wraps the sys_syslog system call; it sets console_loglevel to
+// the value specified by arg and passes a dummy pointer to bufp.
+func Klogset(typ int, arg int) (err error) {
+	var p unsafe.Pointer
+	_, _, errno := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(p), uintptr(arg))
+	if errno != 0 {
+		return errnoErr(errno)
+	}
+	return nil
+}
+
+// RemoteIovec is Iovec with the pointer replaced with an integer.
+// It is used for ProcessVMReadv and ProcessVMWritev, where the pointer
+// refers to a location in a different process' address space, which
+// would confuse the Go garbage collector.
+type RemoteIovec struct {
+	Base uintptr
+	Len  int
+}
+
+//sys	ProcessVMReadv(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) = SYS_PROCESS_VM_READV
+//sys	ProcessVMWritev(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) = SYS_PROCESS_VM_WRITEV
+
+//sys	PidfdOpen(pid int, flags int) (fd int, err error) = SYS_PIDFD_OPEN
+//sys	PidfdGetfd(pidfd int, targetfd int, flags int) (fd int, err error) = SYS_PIDFD_GETFD
+
+//sys	shmat(id int, addr uintptr, flag int) (ret uintptr, err error)
+//sys	shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error)
+//sys	shmdt(addr uintptr) (err error)
+//sys	shmget(key int, size int, flag int) (id int, err error)
+
 /*
  * Unimplemented
  */
@@ -1428,23 +2331,14 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 // Alarm
 // ArchPrctl
 // Brk
-// Capget
-// Capset
-// ClockGetres
 // ClockNanosleep
 // ClockSettime
 // Clone
-// CreateModule
-// DeleteModule
 // EpollCtlOld
 // EpollPwait
 // EpollWaitOld
 // Execve
-// Fgetxattr
-// Flistxattr
 // Fork
-// Fremovexattr
-// Fsetxattr
 // Futex
 // GetKernelSyms
 // GetMempolicy
@@ -1483,7 +2377,6 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 // Pselect6
 // Ptrace
 // Putpmsg
-// QueryModule
 // Quotactl
 // Readahead
 // Readv
@@ -1512,12 +2405,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 // SetRobustList
 // SetThreadArea
 // SetTidAddress
-// Shmat
-// Shmctl
-// Shmdt
-// Shmget
 // Sigaltstack
-// Signalfd
 // Swapoff
 // Swapon
 // Sysfs
@@ -1526,7 +2414,6 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 // TimerGetoverrun
 // TimerGettime
 // TimerSettime
-// Timerfd
 // Tkill (obsolete)
 // Tuxcall
 // Umount2
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
index 74bc098ce192e..5f757e8aa7706 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -2,9 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// TODO(rsc): Rewrite all nn(SP) references into name+(nn-8)(FP)
-// so that go vet can check that they are correct.
-
+//go:build 386 && linux
 // +build 386,linux
 
 package unix
@@ -21,36 +19,8 @@ func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: int32(sec), Usec: int32(usec)}
 }
 
-//sysnb	pipe(p *[2]_C_int) (err error)
-
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe(&pp)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
-
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
 // 64-bit file system and 32-bit uid calls
 // (386 default is 32-bit file system and 16-bit uid).
-//sys	Dup2(oldfd int, newfd int) (err error)
-//sysnb	EpollCreate(size int) (fd int, err error)
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64_64
 //sys	Fchown(fd int, uid int, gid int) (err error) = SYS_FCHOWN32
@@ -61,16 +31,16 @@ func Pipe2(p []int, flags int) (err error) {
 //sysnb	Geteuid() (euid int) = SYS_GETEUID32
 //sysnb	Getgid() (gid int) = SYS_GETGID32
 //sysnb	Getuid() (uid int) = SYS_GETUID32
-//sysnb	InotifyInit() (fd int, err error)
 //sys	Ioperm(from int, num int, on int) (err error)
 //sys	Iopl(level int) (err error)
 //sys	Lchown(path string, uid int, gid int) (err error) = SYS_LCHOWN32
 //sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
-//sys	Setfsgid(gid int) (err error) = SYS_SETFSGID32
-//sys	Setfsuid(uid int) (err error) = SYS_SETFSUID32
+//sys	setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32
+//sys	setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32
 //sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID32
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32
@@ -100,13 +70,13 @@ type rlimit32 struct {
 	Max uint32
 }
 
-//sysnb getrlimit(resource int, rlim *rlimit32) (err error) = SYS_GETRLIMIT
+//sysnb	getrlimit(resource int, rlim *rlimit32) (err error) = SYS_GETRLIMIT
 
 const rlimInf32 = ^uint32(0)
 const rlimInf64 = ^uint64(0)
 
 func Getrlimit(resource int, rlim *Rlimit) (err error) {
-	err = prlimit(0, resource, nil, rlim)
+	err = Prlimit(0, resource, nil, rlim)
 	if err != ENOSYS {
 		return err
 	}
@@ -131,10 +101,10 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) {
 	return
 }
 
-//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+//sysnb	setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
 
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
-	err = prlimit(0, resource, rlim, nil)
+	err = Prlimit(0, resource, rlim, nil)
 	if err != ENOSYS {
 		return err
 	}
@@ -371,15 +341,14 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
-//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
-
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	if len(fds) == 0 {
-		return poll(nil, 0, timeout)
-	}
-	return poll(&fds[0], len(fds), timeout)
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint32(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
index 5f9b2454add9b..4299125aa7cca 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -2,12 +2,11 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build amd64 && linux
 // +build amd64,linux
 
 package unix
 
-//sys	Dup2(oldfd int, newfd int) (err error)
-//sysnb	EpollCreate(size int) (fd int, err error)
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
 //sys	Fchown(fd int, uid int, gid int) (err error)
@@ -20,15 +19,19 @@ package unix
 //sysnb	Getgid() (gid int)
 //sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Getuid() (uid int)
-//sysnb	InotifyInit() (fd int, err error)
 //sys	Ioperm(from int, num int, on int) (err error)
 //sys	Iopl(level int) (err error)
 //sys	Lchown(path string, uid int, gid int) (err error)
 //sys	Listen(s int, n int) (err error)
-//sys	Lstat(path string, stat *Stat_t) (err error)
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW)
+}
+
 //sys	Pause() (err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
 
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
@@ -40,8 +43,8 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 }
 
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
-//sys	Setfsgid(gid int) (err error)
-//sys	Setfsuid(uid int) (err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
@@ -110,32 +113,6 @@ func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: sec, Usec: usec}
 }
 
-//sysnb	pipe(p *[2]_C_int) (err error)
-
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe(&pp)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
-
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
 func (r *PtraceRegs) PC() uint64 { return r.Rip }
 
 func (r *PtraceRegs) SetPC(pc uint64) { r.Rip = pc }
@@ -148,15 +125,27 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint64(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint64(length)
 }
 
-//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint64(length)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
 
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	if len(fds) == 0 {
-		return poll(nil, 0, timeout)
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
 	}
-	return poll(&fds[0], len(fds), timeout)
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
index 21a4946ba553e..8b0f0f3aa5684 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,linux
-// +build !gccgo
+//go:build amd64 && linux && gc
+// +build amd64,linux,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
index 3ec7a9329d298..79edeb9cb14a5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -2,12 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build arm && linux
 // +build arm,linux
 
 package unix
 
 import (
-	"syscall"
 	"unsafe"
 )
 
@@ -19,34 +19,6 @@ func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: int32(sec), Usec: int32(usec)}
 }
 
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, 0)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
-
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
-// Underlying system call writes to newoffset via pointer.
-// Implemented in assembly to avoid allocation.
-func seek(fd int, offset int64, whence int) (newoffset int64, err syscall.Errno)
-
 func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	newoffset, errno := seek(fd, offset, whence)
 	if errno != 0 {
@@ -74,8 +46,6 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // 64-bit file system and 32-bit uid calls
 // (16-bit uid calls are not always supported in newer kernels)
-//sys	Dup2(oldfd int, newfd int) (err error)
-//sysnb	EpollCreate(size int) (fd int, err error)
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
 //sys	Fchown(fd int, uid int, gid int) (err error) = SYS_FCHOWN32
 //sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
@@ -84,15 +54,15 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 //sysnb	Geteuid() (euid int) = SYS_GETEUID32
 //sysnb	Getgid() (gid int) = SYS_GETGID32
 //sysnb	Getuid() (uid int) = SYS_GETUID32
-//sysnb	InotifyInit() (fd int, err error)
 //sys	Lchown(path string, uid int, gid int) (err error) = SYS_LCHOWN32
 //sys	Listen(s int, n int) (err error)
 //sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
 //sys	Pause() (err error)
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
 //sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
-//sys	Setfsgid(gid int) (err error) = SYS_SETFSGID32
-//sys	Setfsuid(uid int) (err error) = SYS_SETFSUID32
+//sys	setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32
+//sys	setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32
 //sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID32
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32
@@ -127,8 +97,8 @@ func Utime(path string, buf *Utimbuf) error {
 
 //sys	utimes(path string, times *[2]Timeval) (err error)
 
-//sys   Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
-//sys   Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
 //sys	Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
 //sys	Ftruncate(fd int, length int64) (err error) = SYS_FTRUNCATE64
 
@@ -175,13 +145,13 @@ type rlimit32 struct {
 	Max uint32
 }
 
-//sysnb getrlimit(resource int, rlim *rlimit32) (err error) = SYS_UGETRLIMIT
+//sysnb	getrlimit(resource int, rlim *rlimit32) (err error) = SYS_UGETRLIMIT
 
 const rlimInf32 = ^uint32(0)
 const rlimInf64 = ^uint64(0)
 
 func Getrlimit(resource int, rlim *Rlimit) (err error) {
-	err = prlimit(0, resource, nil, rlim)
+	err = Prlimit(0, resource, nil, rlim)
 	if err != ENOSYS {
 		return err
 	}
@@ -206,10 +176,10 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) {
 	return
 }
 
-//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+//sysnb	setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
 
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
-	err = prlimit(0, resource, rlim, nil)
+	err = Prlimit(0, resource, rlim, nil)
 	if err != ENOSYS {
 		return err
 	}
@@ -245,15 +215,35 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
-//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint32(length)
+}
+
+//sys	armSyncFileRange(fd int, flags int, off int64, n int64) (err error) = SYS_ARM_SYNC_FILE_RANGE
+
+func SyncFileRange(fd int, off int64, n int64, flags int) error {
+	// The sync_file_range and arm_sync_file_range syscalls differ only in the
+	// order of their arguments.
+	return armSyncFileRange(fd, flags, off, n)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
 
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	if len(fds) == 0 {
-		return poll(nil, 0, timeout)
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
 	}
-	return poll(&fds[0], len(fds), timeout)
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index 646f295ade0cc..862890de29bf2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -2,19 +2,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build arm64 && linux
 // +build arm64,linux
 
 package unix
 
 import "unsafe"
 
-func EpollCreate(size int) (fd int, err error) {
-	if size <= 0 {
-		return -1, EINVAL
-	}
-	return EpollCreate1(0)
-}
-
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_PWAIT
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
 //sys	Fchown(fd int, uid int, gid int) (err error)
@@ -25,11 +19,12 @@ func EpollCreate(size int) (fd int, err error) {
 //sysnb	Getegid() (egid int)
 //sysnb	Geteuid() (euid int)
 //sysnb	Getgid() (gid int)
-//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	getrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Getuid() (uid int)
 //sys	Listen(s int, n int) (err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
 
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
@@ -41,12 +36,12 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 }
 
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
-//sys	Setfsgid(gid int) (err error)
-//sys	Setfsuid(uid int) (err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
-//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
@@ -143,28 +138,22 @@ func utimes(path string, tv *[2]Timeval) (err error) {
 	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
 }
 
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
+// Getrlimit prefers the prlimit64 system call. See issue 38604.
+func Getrlimit(resource int, rlim *Rlimit) error {
+	err := Prlimit(0, resource, nil, rlim)
+	if err != ENOSYS {
+		return err
 	}
-	var pp [2]_C_int
-	err = pipe2(&pp, 0)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
+	return getrlimit(resource, rlim)
 }
 
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
-
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
+// Setrlimit prefers the prlimit64 system call. See issue 38604.
+func Setrlimit(resource int, rlim *Rlimit) error {
+	err := Prlimit(0, resource, rlim, nil)
+	if err != ENOSYS {
+		return err
 	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
+	return setrlimit(resource, rlim)
 }
 
 func (r *PtraceRegs) PC() uint64 { return r.Pc }
@@ -179,34 +168,32 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint64(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint64(length)
 }
 
-func InotifyInit() (fd int, err error) {
-	return InotifyInit1(0)
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint64(length)
 }
 
-func Dup2(oldfd int, newfd int) (err error) {
-	return Dup3(oldfd, newfd, 0)
+func Pause() error {
+	_, err := ppoll(nil, 0, nil, nil)
+	return err
 }
 
-func Pause() (err error) {
-	_, _, e1 := Syscall6(SYS_PPOLL, 0, 0, 0, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
 
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	var ts *Timespec
-	if timeout >= 0 {
-		ts = new(Timespec)
-		*ts = NsecToTimespec(int64(timeout) * 1e6)
-	}
-	if len(fds) == 0 {
-		return ppoll(nil, 0, ts, nil)
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
 	}
-	return ppoll(&fds[0], len(fds), ts, nil)
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
index c26e6ec2314a8..2b1168d7d19fe 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build linux,!gccgo
+//go:build linux && gc
+// +build linux,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
index 070bd38994ecf..9843fb4896018 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build linux,!gccgo,386
+//go:build linux && gc && 386
+// +build linux,gc,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
new file mode 100644
index 0000000000000..a6008fccd59dd
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -0,0 +1,14 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build arm && gc && linux
+// +build arm,gc,linux
+
+package unix
+
+import "syscall"
+
+// Underlying system call writes to newoffset via pointer.
+// Implemented in assembly to avoid allocation.
+func seek(fd int, offset int64, whence int) (newoffset int64, err syscall.Errno)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
index 308eb7aecfa87..7740af2428be4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && gccgo && 386
 // +build linux,gccgo,386
 
 package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
index aa7fc9e19975d..e16a12299aea6 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && gccgo && arm
 // +build linux,gccgo,arm
 
 package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
index ad991031c7e07..8932e34ad2ad7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -2,17 +2,15 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && (mips64 || mips64le)
 // +build linux
 // +build mips64 mips64le
 
 package unix
 
-//sys	Dup2(oldfd int, newfd int) (err error)
-//sysnb	EpollCreate(size int) (fd int, err error)
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
 //sys	Fchown(fd int, uid int, gid int) (err error)
-//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_NEWFSTATAT
 //sys	Fstatfs(fd int, buf *Statfs_t) (err error)
 //sys	Ftruncate(fd int, length int64) (err error)
 //sysnb	Getegid() (egid int)
@@ -25,6 +23,7 @@ package unix
 //sys	Pause() (err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
 
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
@@ -36,8 +35,8 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 }
 
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
-//sys	Setfsgid(gid int) (err error)
-//sys	Setfsuid(uid int) (err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
@@ -93,30 +92,6 @@ func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: sec, Usec: usec}
 }
 
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, 0)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
-
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
 func Ioperm(from int, num int, on int) (err error) {
 	return ENOSYS
 }
@@ -148,6 +123,7 @@ type stat_t struct {
 }
 
 //sys	fstat(fd int, st *stat_t) (err error)
+//sys	fstatat(dirfd int, path string, st *stat_t, flags int) (err error) = SYS_NEWFSTATAT
 //sys	lstat(path string, st *stat_t) (err error)
 //sys	stat(path string, st *stat_t) (err error)
 
@@ -158,6 +134,13 @@ func Fstat(fd int, s *Stat_t) (err error) {
 	return
 }
 
+func Fstatat(dirfd int, path string, s *Stat_t, flags int) (err error) {
+	st := &stat_t{}
+	err = fstatat(dirfd, path, st, flags)
+	fillStat_t(s, st)
+	return
+}
+
 func Lstat(path string, s *Stat_t) (err error) {
 	st := &stat_t{}
 	err = lstat(path, st)
@@ -200,15 +183,14 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint64(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint64(length)
 }
 
-//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
-
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	if len(fds) == 0 {
-		return poll(nil, 0, timeout)
-	}
-	return poll(&fds[0], len(fds), timeout)
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint64(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
index 0e059248209ca..7821c25d9f778 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && (mips || mipsle)
 // +build linux
 // +build mips mipsle
 
@@ -14,8 +15,6 @@ import (
 
 func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
-//sys	Dup2(oldfd int, newfd int) (err error)
-//sysnb	EpollCreate(size int) (fd int, err error)
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
 //sys	Fchown(fd int, uid int, gid int) (err error)
@@ -28,10 +27,11 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	Listen(s int, n int) (err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
-//sys	Setfsgid(gid int) (err error)
-//sys	Setfsuid(uid int) (err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
@@ -58,7 +58,6 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
 //sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
 
-//sysnb	InotifyInit() (fd int, err error)
 //sys	Ioperm(from int, num int, on int) (err error)
 //sys	Iopl(level int) (err error)
 
@@ -111,30 +110,6 @@ func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: int32(sec), Usec: int32(usec)}
 }
 
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
-
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, 0)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
 //sys	mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error)
 
 func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
@@ -153,10 +128,10 @@ type rlimit32 struct {
 	Max uint32
 }
 
-//sysnb getrlimit(resource int, rlim *rlimit32) (err error) = SYS_GETRLIMIT
+//sysnb	getrlimit(resource int, rlim *rlimit32) (err error) = SYS_GETRLIMIT
 
 func Getrlimit(resource int, rlim *Rlimit) (err error) {
-	err = prlimit(0, resource, nil, rlim)
+	err = Prlimit(0, resource, nil, rlim)
 	if err != ENOSYS {
 		return err
 	}
@@ -181,10 +156,10 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) {
 	return
 }
 
-//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+//sysnb	setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
 
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
-	err = prlimit(0, resource, rlim, nil)
+	err = Prlimit(0, resource, rlim, nil)
 	if err != ENOSYS {
 		return err
 	}
@@ -220,15 +195,14 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
-//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
-
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	if len(fds) == 0 {
-		return poll(nil, 0, timeout)
-	}
-	return poll(&fds[0], len(fds), timeout)
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint32(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
new file mode 100644
index 0000000000000..c5053a0f03fdc
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -0,0 +1,237 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && ppc
+// +build linux,ppc
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys	Ftruncate(fd int, length int64) (err error) = SYS_FTRUNCATE64
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getuid() (uid int)
+//sys	Ioperm(from int, num int, on int) (err error)
+//sys	Iopl(level int) (err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
+//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+//sys	Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Time(t *Time_t) (tt Time_t, err error)
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64_64, uintptr(fd), uintptr(advice), uintptr(offset>>32), uintptr(offset), uintptr(length>>32), uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func seek(fd int, offset int64, whence int) (int64, syscall.Errno) {
+	var newoffset int64
+	offsetLow := uint32(offset & 0xffffffff)
+	offsetHigh := uint32((offset >> 32) & 0xffffffff)
+	_, _, err := Syscall6(SYS__LLSEEK, uintptr(fd), uintptr(offsetHigh), uintptr(offsetLow), uintptr(unsafe.Pointer(&newoffset)), uintptr(whence), 0)
+	return newoffset, err
+}
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	newoffset, errno := seek(fd, offset, whence)
+	if errno != 0 {
+		return 0, errno
+	}
+	return newoffset, nil
+}
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e := Syscall(SYS_FSTATFS64, uintptr(fd), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	pathp, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	_, _, e := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(pathp)), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+//sys	mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error)
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	page := uintptr(offset / 4096)
+	if offset != int64(page)*4096 {
+		return 0, EINVAL
+	}
+	return mmap2(addr, length, prot, flags, fd, page)
+}
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+type rlimit32 struct {
+	Cur uint32
+	Max uint32
+}
+
+//sysnb	getrlimit(resource int, rlim *rlimit32) (err error) = SYS_UGETRLIMIT
+
+const rlimInf32 = ^uint32(0)
+const rlimInf64 = ^uint64(0)
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	err = Prlimit(0, resource, nil, rlim)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	err = getrlimit(resource, &rl)
+	if err != nil {
+		return
+	}
+
+	if rl.Cur == rlimInf32 {
+		rlim.Cur = rlimInf64
+	} else {
+		rlim.Cur = uint64(rl.Cur)
+	}
+
+	if rl.Max == rlimInf32 {
+		rlim.Max = rlimInf64
+	} else {
+		rlim.Max = uint64(rl.Max)
+	}
+	return
+}
+
+//sysnb	setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	err = Prlimit(0, resource, rlim, nil)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	if rlim.Cur == rlimInf64 {
+		rl.Cur = rlimInf32
+	} else if rlim.Cur < uint64(rlimInf32) {
+		rl.Cur = uint32(rlim.Cur)
+	} else {
+		return EINVAL
+	}
+	if rlim.Max == rlimInf64 {
+		rl.Max = rlimInf32
+	} else if rlim.Max < uint64(rlimInf32) {
+		rl.Max = uint32(rlim.Max)
+	} else {
+		return EINVAL
+	}
+
+	return setrlimit(resource, &rl)
+}
+
+func (r *PtraceRegs) PC() uint32 { return r.Nip }
+
+func (r *PtraceRegs) SetPC(pc uint32) { r.Nip = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint32(length)
+}
+
+//sys	syncFileRange2(fd int, flags int, off int64, n int64) (err error) = SYS_SYNC_FILE_RANGE2
+
+func SyncFileRange(fd int, off int64, n int64, flags int) error {
+	// The sync_file_range and sync_file_range2 syscalls differ only in the
+	// order of their arguments.
+	return syncFileRange2(fd, flags, off, n)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
index 8c6720f7f4852..25786c4216b51 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -2,13 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build linux && (ppc64 || ppc64le)
 // +build linux
 // +build ppc64 ppc64le
 
 package unix
 
-//sys	Dup2(oldfd int, newfd int) (err error)
-//sysnb	EpollCreate(size int) (fd int, err error)
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
 //sys	Fchown(fd int, uid int, gid int) (err error)
@@ -21,7 +20,6 @@ package unix
 //sysnb	Getgid() (gid int)
 //sysnb	Getrlimit(resource int, rlim *Rlimit) (err error) = SYS_UGETRLIMIT
 //sysnb	Getuid() (uid int)
-//sysnb	InotifyInit() (fd int, err error)
 //sys	Ioperm(from int, num int, on int) (err error)
 //sys	Iopl(level int) (err error)
 //sys	Lchown(path string, uid int, gid int) (err error)
@@ -30,11 +28,12 @@ package unix
 //sys	Pause() (err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
 //sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
-//sys	Setfsgid(gid int) (err error)
-//sys	Setfsuid(uid int) (err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
@@ -44,7 +43,6 @@ package unix
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, buf *Statfs_t) (err error)
-//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error) = SYS_SYNC_FILE_RANGE2
 //sys	Truncate(path string, length int64) (err error)
 //sys	Ustat(dev int, ubuf *Ustat_t) (err error)
 //sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
@@ -91,41 +89,35 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint64(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint64(length)
 }
 
-//sysnb pipe(p *[2]_C_int) (err error)
-
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe(&pp)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint64(length)
 }
 
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+//sys	syncFileRange2(fd int, flags int, off int64, n int64) (err error) = SYS_SYNC_FILE_RANGE2
 
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
+func SyncFileRange(fd int, off int64, n int64, flags int) error {
+	// The sync_file_range and sync_file_range2 syscalls differ only in the
+	// order of their arguments.
+	return syncFileRange2(fd, flags, off, n)
 }
 
-//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
 
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	if len(fds) == 0 {
-		return poll(nil, 0, timeout)
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
 	}
-	return poll(&fds[0], len(fds), timeout)
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
new file mode 100644
index 0000000000000..6f9f710414f06
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -0,0 +1,184 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build riscv64 && linux
+// +build riscv64,linux
+
+package unix
+
+import "unsafe"
+
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_PWAIT
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Listen(s int, n int) (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	var ts *Timespec
+	if timeout != nil {
+		ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000}
+	}
+	return Pselect(nfd, r, w, e, ts, nil)
+}
+
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+
+func Stat(path string, stat *Stat_t) (err error) {
+	return Fstatat(AT_FDCWD, path, stat, 0)
+}
+
+func Lchown(path string, uid int, gid int) (err error) {
+	return Fchownat(AT_FDCWD, path, uid, gid, AT_SYMLINK_NOFOLLOW)
+}
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW)
+}
+
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error)
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	return ENOSYS
+}
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func futimesat(dirfd int, path string, tv *[2]Timeval) (err error) {
+	if tv == nil {
+		return utimensat(dirfd, path, nil, 0)
+	}
+
+	ts := []Timespec{
+		NsecToTimespec(TimevalToNsec(tv[0])),
+		NsecToTimespec(TimevalToNsec(tv[1])),
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func Time(t *Time_t) (Time_t, error) {
+	var tv Timeval
+	err := Gettimeofday(&tv)
+	if err != nil {
+		return 0, err
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+func Utime(path string, buf *Utimbuf) error {
+	tv := []Timeval{
+		{Sec: buf.Actime},
+		{Sec: buf.Modtime},
+	}
+	return Utimes(path, tv)
+}
+
+func utimes(path string, tv *[2]Timeval) (err error) {
+	if tv == nil {
+		return utimensat(AT_FDCWD, path, nil, 0)
+	}
+
+	ts := []Timespec{
+		NsecToTimespec(TimevalToNsec(tv[0])),
+		NsecToTimespec(TimevalToNsec(tv[1])),
+	}
+	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Pc }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
+}
+
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint64(length)
+}
+
+func Pause() error {
+	_, err := ppoll(nil, 0, nil, nil)
+	return err
+}
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	return Renameat2(olddirfd, oldpath, newdirfd, newpath, 0)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
index 6e4ee0cf2a175..6aa59cb270db0 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build s390x && linux
 // +build s390x,linux
 
 package unix
@@ -10,8 +11,6 @@ import (
 	"unsafe"
 )
 
-//sys	Dup2(oldfd int, newfd int) (err error)
-//sysnb	EpollCreate(size int) (fd int, err error)
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
 //sys	Fchown(fd int, uid int, gid int) (err error)
@@ -24,17 +23,17 @@ import (
 //sysnb	Getgid() (gid int)
 //sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Getuid() (uid int)
-//sysnb	InotifyInit() (fd int, err error)
 //sys	Lchown(path string, uid int, gid int) (err error)
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	Pause() (err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
 //sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
-//sys	Setfsgid(gid int) (err error)
-//sys	Setfsuid(uid int) (err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
@@ -75,30 +74,6 @@ func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: sec, Usec: usec}
 }
 
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
-
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, 0) // pipe2 is the same as pipe when flags are set to 0.
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
-}
-
 func Ioperm(from int, num int, on int) (err error) {
 	return ENOSYS
 }
@@ -119,10 +94,18 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint64(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint64(length)
 }
 
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint64(length)
+}
+
 // Linux on s390x uses the old mmap interface, which requires arguments to be passed in a struct.
 // mmap2 also requires arguments to be passed in a struct; it is currently not exposed in <asm/unistd.h>.
 func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
@@ -244,7 +227,7 @@ func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen
 }
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) error {
-	args := [4]uintptr{uintptr(s), uintptr(level), uintptr(name), uintptr(val)}
+	args := [5]uintptr{uintptr(s), uintptr(level), uintptr(name), uintptr(val), vallen}
 	_, _, err := Syscall(SYS_SOCKETCALL, netSetSockOpt, uintptr(unsafe.Pointer(&args)), 0)
 	if err != 0 {
 		return err
@@ -314,11 +297,15 @@ func Shutdown(s, how int) error {
 	return nil
 }
 
-//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
 
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	if len(fds) == 0 {
-		return poll(nil, 0, timeout)
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
 	}
-	return poll(&fds[0], len(fds), timeout)
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
index 72e64187debf0..bbe8d174f8c12 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -2,13 +2,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build sparc64 && linux
 // +build sparc64,linux
 
 package unix
 
 //sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
-//sys	Dup2(oldfd int, newfd int) (err error)
 //sys	Fchown(fd int, uid int, gid int) (err error)
 //sys	Fstat(fd int, stat *Stat_t) (err error)
 //sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
@@ -19,18 +19,18 @@ package unix
 //sysnb	Getgid() (gid int)
 //sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Getuid() (uid int)
-//sysnb	InotifyInit() (fd int, err error)
 //sys	Lchown(path string, uid int, gid int) (err error)
 //sys	Listen(s int, n int) (err error)
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	Pause() (err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
 //sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
-//sys	Setfsgid(gid int) (err error)
-//sys	Setfsuid(uid int) (err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
@@ -106,41 +106,14 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint64(length)
 }
 
-func (cmsg *Cmsghdr) SetLen(length int) {
-	cmsg.Len = uint64(length)
-}
-
-//sysnb pipe(p *[2]_C_int) (err error)
-
-func Pipe(p []int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe(&pp)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
 }
 
-//sysnb pipe2(p *[2]_C_int, flags int) (err error)
-
-func Pipe2(p []int, flags int) (err error) {
-	if len(p) != 2 {
-		return EINVAL
-	}
-	var pp [2]_C_int
-	err = pipe2(&pp, flags)
-	p[0] = int(pp[0])
-	p[1] = int(pp[1])
-	return
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
 }
 
-//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
-
-func Poll(fds []PollFd, timeout int) (n int, err error) {
-	if len(fds) == 0 {
-		return poll(nil, 0, timeout)
-	}
-	return poll(&fds[0], len(fds), timeout)
+func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) {
+	rsa.Service_name_len = uint64(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go
index 369a2be2dcbde..853d5f0f4365d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go
@@ -13,6 +13,7 @@
 package unix
 
 import (
+	"runtime"
 	"syscall"
 	"unsafe"
 )
@@ -30,6 +31,10 @@ type SockaddrDatalink struct {
 	raw    RawSockaddrDatalink
 }
 
+func anyToSockaddrGOOS(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	return nil, EAFNOSUPPORT
+}
+
 func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func sysctlNodes(mib []_C_int) (nodes []Sysctlnode, err error) {
@@ -93,7 +98,20 @@ func nametomib(name string) (mib []_C_int, err error) {
 	return mib, nil
 }
 
-//sysnb pipe() (fd1 int, fd2 int, err error)
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Fileno), unsafe.Sizeof(Dirent{}.Fileno))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
+//sysnb	pipe() (fd1 int, fd2 int, err error)
+
 func Pipe(p []int) (err error) {
 	if len(p) != 2 {
 		return EINVAL
@@ -102,28 +120,48 @@ func Pipe(p []int) (err error) {
 	return
 }
 
-//sys getdents(fd int, buf []byte) (n int, err error)
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	return getdents(fd, buf)
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) error {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err := pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return err
 }
 
-const ImplementsGetwd = true
+//sys	Getdents(fd int, buf []byte) (n int, err error)
 
-//sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	n, err = Getdents(fd, buf)
+	if err != nil || basep == nil {
+		return
+	}
 
-func Getwd() (string, error) {
-	var buf [PathMax]byte
-	_, err := Getcwd(buf[0:])
+	var off int64
+	off, err = Seek(fd, 0, 1 /* SEEK_CUR */)
 	if err != nil {
-		return "", err
+		*basep = ^uintptr(0)
+		return
+	}
+	*basep = uintptr(off)
+	if unsafe.Sizeof(*basep) == 8 {
+		return
 	}
-	n := clen(buf[:])
-	if n < 1 {
-		return "", EINVAL
+	if off>>32 != 0 {
+		// We can't stuff the offset back into a uintptr, so any
+		// future calls would be suspect. Generate an error.
+		// EIO is allowed by getdirentries.
+		err = EIO
 	}
-	return string(buf[:n]), nil
+	return
 }
 
+//sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
+
 // TODO
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	return -1, ENOSYS
@@ -136,40 +174,12 @@ func setattrlistTimes(path string, times []Timespec, flags int) error {
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
 
-// ioctl itself should not be exposed directly, but additional get/set
-// functions for specific types are permissible.
+//sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
-// IoctlSetInt performs an ioctl operation which sets an integer value
-// on fd, using the specified request number.
-func IoctlSetInt(fd int, req uint, value int) error {
-	return ioctl(fd, req, uintptr(value))
-}
-
-func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-func IoctlSetTermios(fd int, req uint, value *Termios) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-// IoctlGetInt performs an ioctl operation which gets an integer value
-// from fd, using the specified request number.
-func IoctlGetInt(fd int, req uint) (int, error) {
-	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return value, err
-}
-
-func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
-	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-func IoctlGetTermios(fd int, req uint) (*Termios, error) {
-	var value Termios
+func IoctlGetPtmget(fd int, req uint) (*Ptmget, error) {
+	var value Ptmget
 	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	runtime.KeepAlive(value)
 	return &value, err
 }
 
@@ -219,6 +229,21 @@ func Uname(uname *Utsname) error {
 	return nil
 }
 
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+func Fstatvfs(fd int, buf *Statvfs_t) (err error) {
+	return Fstatvfs1(fd, buf, ST_WAIT)
+}
+
+func Statvfs(path string, buf *Statvfs_t) (err error) {
+	return Statvfs1(path, buf, ST_WAIT)
+}
+
 /*
  * Exposed directly
  */
@@ -232,7 +257,20 @@ func Uname(uname *Utsname) error {
 //sys	Close(fd int) (err error)
 //sys	Dup(fd int) (nfd int, err error)
 //sys	Dup2(from int, to int) (err error)
+//sys	Dup3(from int, to int, flags int) (err error)
 //sys	Exit(code int)
+//sys	ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
 //sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
 //sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_POSIX_FADVISE
 //sys	Fchdir(fd int) (err error)
@@ -240,10 +278,12 @@ func Uname(uname *Utsname) error {
 //sys	Fchmod(fd int, mode uint32) (err error)
 //sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
 //sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
 //sys	Flock(fd int, how int) (err error)
 //sys	Fpathconf(fd int, name int) (val int, err error)
 //sys	Fstat(fd int, stat *Stat_t) (err error)
 //sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) = SYS_FSTATVFS1
 //sys	Fsync(fd int) (err error)
 //sys	Ftruncate(fd int, length int64) (err error)
 //sysnb	Getegid() (egid int)
@@ -264,23 +304,30 @@ func Uname(uname *Utsname) error {
 //sys	Kqueue() (fd int, err error)
 //sys	Lchown(path string, uid int, gid int) (err error)
 //sys	Link(path string, link string) (err error)
+//sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
 //sys	Listen(s int, backlog int) (err error)
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
 //sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mkfifoat(dirfd int, path string, mode uint32) (err error)
 //sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
 //sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
 //sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
 //sys	Pathconf(path string, name int) (val int, err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error)
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
 //sys	read(fd int, p []byte) (n int, err error)
 //sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Readlinkat(dirfd int, path string, buf []byte) (n int, err error)
 //sys	Rename(from string, to string) (err error)
+//sys	Renameat(fromfd int, from string, tofd int, to string) (err error)
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)
@@ -293,11 +340,14 @@ func Uname(uname *Utsname) error {
 //sysnb	Settimeofday(tp *Timeval) (err error)
 //sysnb	Setuid(uid int) (err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statvfs1(path string, buf *Statvfs_t, flags int) (err error) = SYS_STATVFS1
 //sys	Symlink(path string, link string) (err error)
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
 //sys	Sync() (err error)
 //sys	Truncate(path string, length int64) (err error)
 //sys	Umask(newmask int) (oldmask int)
 //sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
 //sys	Unmount(path string, flags int) (err error)
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
index 24f74e58ce224..5199d282fd0d2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build 386 && netbsd
 // +build 386,netbsd
 
 package unix
@@ -28,6 +29,10 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
index 6878bf7ff9028..70a9c52e98017 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build amd64 && netbsd
 // +build amd64,netbsd
 
 package unix
@@ -28,6 +29,10 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
index dbbfcf71dbd61..3eb5942f93ff4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build arm && netbsd
 // +build arm,netbsd
 
 package unix
@@ -28,6 +29,10 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
new file mode 100644
index 0000000000000..fc6ccfd810d95
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
@@ -0,0 +1,38 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build arm64 && netbsd
+// +build arm64,netbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = uint32(mode)
+	k.Flags = uint32(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 9fc9c06a08b09..22b55038501f5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -31,6 +31,10 @@ type SockaddrDatalink struct {
 	raw    RawSockaddrDatalink
 }
 
+func anyToSockaddrGOOS(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	return nil, EAFNOSUPPORT
+}
+
 func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func nametomib(name string) (mib []_C_int, err error) {
@@ -43,38 +47,84 @@ func nametomib(name string) (mib []_C_int, err error) {
 	return nil, EINVAL
 }
 
-//sysnb pipe(p *[2]_C_int) (err error)
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Fileno), unsafe.Sizeof(Dirent{}.Fileno))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
+func SysctlUvmexp(name string) (*Uvmexp, error) {
+	mib, err := sysctlmib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	n := uintptr(SizeofUvmexp)
+	var u Uvmexp
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&u)), &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n != SizeofUvmexp {
+		return nil, EIO
+	}
+	return &u, nil
+}
+
 func Pipe(p []int) (err error) {
+	return Pipe2(p, 0)
+}
+
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+func Pipe2(p []int, flags int) error {
 	if len(p) != 2 {
 		return EINVAL
 	}
 	var pp [2]_C_int
-	err = pipe(&pp)
+	err := pipe2(&pp, flags)
 	p[0] = int(pp[0])
 	p[1] = int(pp[1])
-	return
+	return err
 }
 
-//sys getdents(fd int, buf []byte) (n int, err error)
+//sys	Getdents(fd int, buf []byte) (n int, err error)
 func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	return getdents(fd, buf)
-}
+	n, err = Getdents(fd, buf)
+	if err != nil || basep == nil {
+		return
+	}
 
-const ImplementsGetwd = true
+	var off int64
+	off, err = Seek(fd, 0, 1 /* SEEK_CUR */)
+	if err != nil {
+		*basep = ^uintptr(0)
+		return
+	}
+	*basep = uintptr(off)
+	if unsafe.Sizeof(*basep) == 8 {
+		return
+	}
+	if off>>32 != 0 {
+		// We can't stuff the offset back into a uintptr, so any
+		// future calls would be suspect. Generate an error.
+		// EIO was allowed by getdirentries.
+		err = EIO
+	}
+	return
+}
 
 //sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
 
-func Getwd() (string, error) {
-	var buf [PathMax]byte
-	_, err := Getcwd(buf[0:])
-	if err != nil {
-		return "", err
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
 	}
-	n := clen(buf[:])
-	if n < 1 {
-		return "", EINVAL
-	}
-	return string(buf[:n]), nil
+	return sendfile(outfd, infd, offset, count)
 }
 
 // TODO
@@ -104,41 +154,15 @@ func setattrlistTimes(path string, times []Timespec, flags int) error {
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
 
-// ioctl itself should not be exposed directly, but additional get/set
-// functions for specific types are permissible.
+//sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
-// IoctlSetInt performs an ioctl operation which sets an integer value
-// on fd, using the specified request number.
-func IoctlSetInt(fd int, req uint, value int) error {
-	return ioctl(fd, req, uintptr(value))
-}
+//sys	ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
 
-func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-func IoctlSetTermios(fd int, req uint, value *Termios) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-// IoctlGetInt performs an ioctl operation which gets an integer value
-// from fd, using the specified request number.
-func IoctlGetInt(fd int, req uint) (int, error) {
-	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return value, err
-}
-
-func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
-	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-func IoctlGetTermios(fd int, req uint) (*Termios, error) {
-	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
+func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	if len(fds) == 0 {
+		return ppoll(nil, 0, timeout, sigmask)
+	}
+	return ppoll(&fds[0], len(fds), timeout, sigmask)
 }
 
 func Uname(uname *Utsname) error {
@@ -200,6 +224,7 @@ func Uname(uname *Utsname) error {
 //sys	Close(fd int) (err error)
 //sys	Dup(fd int) (nfd int, err error)
 //sys	Dup2(from int, to int) (err error)
+//sys	Dup3(from int, to int, flags int) (err error)
 //sys	Exit(code int)
 //sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
 //sys	Fchdir(fd int) (err error)
@@ -207,6 +232,7 @@ func Uname(uname *Utsname) error {
 //sys	Fchmod(fd int, mode uint32) (err error)
 //sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
 //sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
 //sys	Flock(fd int, how int) (err error)
 //sys	Fpathconf(fd int, name int) (val int, err error)
 //sys	Fstat(fd int, stat *Stat_t) (err error)
@@ -233,23 +259,30 @@ func Uname(uname *Utsname) error {
 //sys	Kqueue() (fd int, err error)
 //sys	Lchown(path string, uid int, gid int) (err error)
 //sys	Link(path string, link string) (err error)
+//sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
 //sys	Listen(s int, backlog int) (err error)
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
 //sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mkfifoat(dirfd int, path string, mode uint32) (err error)
 //sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
 //sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
 //sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
 //sys	Pathconf(path string, name int) (val int, err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error)
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
 //sys	read(fd int, p []byte) (n int, err error)
 //sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Readlinkat(dirfd int, path string, buf []byte) (n int, err error)
 //sys	Rename(from string, to string) (err error)
+//sys	Renameat(fromfd int, from string, tofd int, to string) (err error)
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)
@@ -268,10 +301,12 @@ func Uname(uname *Utsname) error {
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, stat *Statfs_t) (err error)
 //sys	Symlink(path string, link string) (err error)
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
 //sys	Sync() (err error)
 //sys	Truncate(path string, length int64) (err error)
 //sys	Umask(newmask int) (oldmask int)
 //sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
 //sys	Unmount(path string, flags int) (err error)
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
@@ -294,15 +329,10 @@ func Uname(uname *Utsname) error {
 // clock_settime
 // closefrom
 // execve
-// faccessat
-// fchmodat
-// fchownat
-// fcntl
 // fhopen
 // fhstat
 // fhstatfs
 // fork
-// fstatat
 // futimens
 // getfh
 // getgid
@@ -316,12 +346,8 @@ func Uname(uname *Utsname) error {
 // lfs_markv
 // lfs_segclean
 // lfs_segwait
-// linkat
 // mincore
 // minherit
-// mkdirat
-// mkfifoat
-// mknodat
 // mount
 // mquery
 // msgctl
@@ -330,12 +356,10 @@ func Uname(uname *Utsname) error {
 // msgsnd
 // nfssvc
 // nnpfspioctl
-// openat
 // preadv
 // profil
 // pwritev
 // quotactl
-// readlinkat
 // readv
 // reboot
 // renameat
@@ -356,13 +380,11 @@ func Uname(uname *Utsname) error {
 // sigprocmask
 // sigreturn
 // sigsuspend
-// symlinkat
 // sysarch
 // syscall
 // threxit
 // thrsigdivert
 // thrsleep
 // thrwakeup
-// unlinkat
 // vfork
 // writev
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
index 994964a9164d8..6baabcdcb0696 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build 386 && openbsd
 // +build 386,openbsd
 
 package unix
@@ -28,6 +29,14 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of openbsd/386 the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
index 9a35334cba436..bab25360eae33 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build amd64 && openbsd
 // +build amd64,openbsd
 
 package unix
@@ -28,6 +29,10 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
index 59844f5041104..8eed3c4d4e7c2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build arm && openbsd
 // +build arm,openbsd
 
 package unix
@@ -28,6 +29,14 @@ func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of openbsd/arm the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
new file mode 100644
index 0000000000000..483dde99d4c63
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
@@ -0,0 +1,42 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build arm64 && openbsd
+// +build arm64,openbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of openbsd/amd64 the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go
new file mode 100644
index 0000000000000..30f285343ee44
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go
@@ -0,0 +1,35 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of OpenBSD the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index a05337d540964..d2a6495c7e35e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -13,6 +13,10 @@
 package unix
 
 import (
+	"fmt"
+	"os"
+	"runtime"
+	"sync"
 	"syscall"
 	"unsafe"
 )
@@ -35,6 +39,22 @@ type SockaddrDatalink struct {
 	raw    RawSockaddrDatalink
 }
 
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	reclen, ok := direntReclen(buf)
+	if !ok {
+		return 0, false
+	}
+	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
+}
+
 //sysnb	pipe(p *[2]_C_int) (n int, err error)
 
 func Pipe(p []int) (err error) {
@@ -51,6 +71,19 @@ func Pipe(p []int) (err error) {
 	return nil
 }
 
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) error {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err := pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return err
+}
+
 func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if sa.Port < 0 || sa.Port > 0xFFFF {
 		return nil, 0, EINVAL
@@ -189,6 +222,7 @@ func Setgroups(gids []int) (err error) {
 	return setgroups(len(a), &a[0])
 }
 
+// ReadDirent reads directory entries from fd and writes them into buf.
 func ReadDirent(fd int, buf []byte) (n int, err error) {
 	// Final argument is (basep *uintptr) and the syscall doesn't take nil.
 	// TODO(rsc): Can we use a single global basep for all calls?
@@ -374,7 +408,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[10000]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
 		sa.Name = string(bytes)
 		return sa, nil
 
@@ -534,40 +568,17 @@ func Minor(dev uint64) uint32 {
  * Expose the ioctl function
  */
 
-//sys	ioctl(fd int, req uint, arg uintptr) (err error)
-
-func IoctlSetInt(fd int, req uint, value int) (err error) {
-	return ioctl(fd, req, uintptr(value))
-}
-
-func IoctlSetWinsize(fd int, req uint, value *Winsize) (err error) {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
-
-func IoctlSetTermios(fd int, req uint, value *Termios) (err error) {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-}
+//sys	ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) = libc.ioctl
 
-func IoctlSetTermio(fd int, req uint, value *Termio) (err error) {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, err = ioctlRet(fd, req, arg)
+	return err
 }
 
-func IoctlGetInt(fd int, req uint) (int, error) {
-	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return value, err
-}
-
-func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
-	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-func IoctlGetTermios(fd int, req uint) (*Termios, error) {
-	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return &value, err
+func IoctlSetTermio(fd int, req uint, value *Termio) error {
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
 }
 
 func IoctlGetTermio(fd int, req uint) (*Termio, error) {
@@ -576,7 +587,7 @@ func IoctlGetTermio(fd int, req uint) (*Termio, error) {
 	return &value, err
 }
 
-//sys   poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
 
 func Poll(fds []PollFd, timeout int) (n int, err error) {
 	if len(fds) == 0 {
@@ -585,6 +596,13 @@ func Poll(fds []PollFd, timeout int) (n int, err error) {
 	return poll(&fds[0], len(fds), timeout)
 }
 
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
 /*
  * Exposed directly
  */
@@ -655,7 +673,7 @@ func Poll(fds []PollFd, timeout int) (n int, err error) {
 //sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = lseek
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)
@@ -672,6 +690,7 @@ func Poll(fds []PollFd, timeout int) (n int, err error) {
 //sys	Statvfs(path string, vfsstat *Statvfs_t) (err error)
 //sys	Symlink(path string, link string) (err error)
 //sys	Sync() (err error)
+//sys	Sysconf(which int) (n int64, err error)
 //sysnb	Times(tms *Tms) (ticks uintptr, err error)
 //sys	Truncate(path string, length int64) (err error)
 //sys	Fsync(fd int) (err error)
@@ -728,3 +747,240 @@ func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, e
 func Munmap(b []byte) (err error) {
 	return mapper.Munmap(b)
 }
+
+// Event Ports
+
+type fileObjCookie struct {
+	fobj   *fileObj
+	cookie interface{}
+}
+
+// EventPort provides a safe abstraction on top of Solaris/illumos Event Ports.
+type EventPort struct {
+	port  int
+	mu    sync.Mutex
+	fds   map[uintptr]interface{}
+	paths map[string]*fileObjCookie
+}
+
+// PortEvent is an abstraction of the port_event C struct.
+// Compare Source against PORT_SOURCE_FILE or PORT_SOURCE_FD
+// to see if Path or Fd was the event source. The other will be
+// uninitialized.
+type PortEvent struct {
+	Cookie interface{}
+	Events int32
+	Fd     uintptr
+	Path   string
+	Source uint16
+	fobj   *fileObj
+}
+
+// NewEventPort creates a new EventPort including the
+// underlying call to port_create(3c).
+func NewEventPort() (*EventPort, error) {
+	port, err := port_create()
+	if err != nil {
+		return nil, err
+	}
+	e := &EventPort{
+		port:  port,
+		fds:   make(map[uintptr]interface{}),
+		paths: make(map[string]*fileObjCookie),
+	}
+	return e, nil
+}
+
+//sys	port_create() (n int, err error)
+//sys	port_associate(port int, source int, object uintptr, events int, user *byte) (n int, err error)
+//sys	port_dissociate(port int, source int, object uintptr) (n int, err error)
+//sys	port_get(port int, pe *portEvent, timeout *Timespec) (n int, err error)
+//sys	port_getn(port int, pe *portEvent, max uint32, nget *uint32, timeout *Timespec) (n int, err error)
+
+// Close closes the event port.
+func (e *EventPort) Close() error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	e.fds = nil
+	e.paths = nil
+	return Close(e.port)
+}
+
+// PathIsWatched checks to see if path is associated with this EventPort.
+func (e *EventPort) PathIsWatched(path string) bool {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	_, found := e.paths[path]
+	return found
+}
+
+// FdIsWatched checks to see if fd is associated with this EventPort.
+func (e *EventPort) FdIsWatched(fd uintptr) bool {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	_, found := e.fds[fd]
+	return found
+}
+
+// AssociatePath wraps port_associate(3c) for a filesystem path including
+// creating the necessary file_obj from the provided stat information.
+func (e *EventPort) AssociatePath(path string, stat os.FileInfo, events int, cookie interface{}) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	if _, found := e.paths[path]; found {
+		return fmt.Errorf("%v is already associated with this Event Port", path)
+	}
+	fobj, err := createFileObj(path, stat)
+	if err != nil {
+		return err
+	}
+	fCookie := &fileObjCookie{fobj, cookie}
+	_, err = port_associate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(fobj)), events, (*byte)(unsafe.Pointer(&fCookie.cookie)))
+	if err != nil {
+		return err
+	}
+	e.paths[path] = fCookie
+	return nil
+}
+
+// DissociatePath wraps port_dissociate(3c) for a filesystem path.
+func (e *EventPort) DissociatePath(path string) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	f, ok := e.paths[path]
+	if !ok {
+		return fmt.Errorf("%v is not associated with this Event Port", path)
+	}
+	_, err := port_dissociate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(f.fobj)))
+	if err != nil {
+		return err
+	}
+	delete(e.paths, path)
+	return nil
+}
+
+// AssociateFd wraps calls to port_associate(3c) on file descriptors.
+func (e *EventPort) AssociateFd(fd uintptr, events int, cookie interface{}) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	if _, found := e.fds[fd]; found {
+		return fmt.Errorf("%v is already associated with this Event Port", fd)
+	}
+	pcookie := &cookie
+	_, err := port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(pcookie)))
+	if err != nil {
+		return err
+	}
+	e.fds[fd] = pcookie
+	return nil
+}
+
+// DissociateFd wraps calls to port_dissociate(3c) on file descriptors.
+func (e *EventPort) DissociateFd(fd uintptr) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	_, ok := e.fds[fd]
+	if !ok {
+		return fmt.Errorf("%v is not associated with this Event Port", fd)
+	}
+	_, err := port_dissociate(e.port, PORT_SOURCE_FD, fd)
+	if err != nil {
+		return err
+	}
+	delete(e.fds, fd)
+	return nil
+}
+
+func createFileObj(name string, stat os.FileInfo) (*fileObj, error) {
+	fobj := new(fileObj)
+	bs, err := ByteSliceFromString(name)
+	if err != nil {
+		return nil, err
+	}
+	fobj.Name = (*int8)(unsafe.Pointer(&bs[0]))
+	s := stat.Sys().(*syscall.Stat_t)
+	fobj.Atim.Sec = s.Atim.Sec
+	fobj.Atim.Nsec = s.Atim.Nsec
+	fobj.Mtim.Sec = s.Mtim.Sec
+	fobj.Mtim.Nsec = s.Mtim.Nsec
+	fobj.Ctim.Sec = s.Ctim.Sec
+	fobj.Ctim.Nsec = s.Ctim.Nsec
+	return fobj, nil
+}
+
+// GetOne wraps port_get(3c) and returns a single PortEvent.
+func (e *EventPort) GetOne(t *Timespec) (*PortEvent, error) {
+	pe := new(portEvent)
+	_, err := port_get(e.port, pe, t)
+	if err != nil {
+		return nil, err
+	}
+	p := new(PortEvent)
+	p.Events = pe.Events
+	p.Source = pe.Source
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	switch pe.Source {
+	case PORT_SOURCE_FD:
+		p.Fd = uintptr(pe.Object)
+		cookie := (*interface{})(unsafe.Pointer(pe.User))
+		p.Cookie = *cookie
+		delete(e.fds, p.Fd)
+	case PORT_SOURCE_FILE:
+		p.fobj = (*fileObj)(unsafe.Pointer(uintptr(pe.Object)))
+		p.Path = BytePtrToString((*byte)(unsafe.Pointer(p.fobj.Name)))
+		cookie := (*interface{})(unsafe.Pointer(pe.User))
+		p.Cookie = *cookie
+		delete(e.paths, p.Path)
+	}
+	return p, nil
+}
+
+// Pending wraps port_getn(3c) and returns how many events are pending.
+func (e *EventPort) Pending() (int, error) {
+	var n uint32 = 0
+	_, err := port_getn(e.port, nil, 0, &n, nil)
+	return int(n), err
+}
+
+// Get wraps port_getn(3c) and fills a slice of PortEvent.
+// It will block until either min events have been received
+// or the timeout has been exceeded. It will return how many
+// events were actually received along with any error information.
+func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error) {
+	if min == 0 {
+		return 0, fmt.Errorf("need to request at least one event or use Pending() instead")
+	}
+	if len(s) < min {
+		return 0, fmt.Errorf("len(s) (%d) is less than min events requested (%d)", len(s), min)
+	}
+	got := uint32(min)
+	max := uint32(len(s))
+	var err error
+	ps := make([]portEvent, max, max)
+	_, err = port_getn(e.port, &ps[0], max, &got, timeout)
+	// got will be trustworthy with ETIME, but not any other error.
+	if err != nil && err != ETIME {
+		return 0, err
+	}
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	for i := 0; i < int(got); i++ {
+		s[i].Events = ps[i].Events
+		s[i].Source = ps[i].Source
+		switch ps[i].Source {
+		case PORT_SOURCE_FD:
+			s[i].Fd = uintptr(ps[i].Object)
+			cookie := (*interface{})(unsafe.Pointer(ps[i].User))
+			s[i].Cookie = *cookie
+			delete(e.fds, s[i].Fd)
+		case PORT_SOURCE_FILE:
+			s[i].fobj = (*fileObj)(unsafe.Pointer(uintptr(ps[i].Object)))
+			s[i].Path = BytePtrToString((*byte)(unsafe.Pointer(s[i].fobj.Name)))
+			cookie := (*interface{})(unsafe.Pointer(ps[i].User))
+			s[i].Cookie = *cookie
+			delete(e.paths, s[i].Path)
+		}
+	}
+	return int(got), err
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
index 91c32ddf02a25..0bd25ef81f202 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build amd64 && solaris
 // +build amd64,solaris
 
 package unix
@@ -18,6 +19,10 @@ func (iov *Iovec) SetLen(length int) {
 	iov.Len = uint64(length)
 }
 
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index 95b2180aebe3e..cf296a2433a93 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -2,17 +2,19 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package unix
 
 import (
 	"bytes"
-	"runtime"
 	"sort"
 	"sync"
 	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
 )
 
 var (
@@ -21,13 +23,6 @@ var (
 	Stderr = 2
 )
 
-const (
-	darwin64Bit    = runtime.GOOS == "darwin" && sizeofPtr == 8
-	dragonfly64Bit = runtime.GOOS == "dragonfly" && sizeofPtr == 8
-	netbsd32Bit    = runtime.GOOS == "netbsd" && sizeofPtr == 4
-	solaris64Bit   = runtime.GOOS == "solaris" && sizeofPtr == 8
-)
-
 // Do the interface allocations only once for common
 // Errno values.
 var (
@@ -36,6 +31,11 @@ var (
 	errENOENT error = syscall.ENOENT
 )
 
+var (
+	signalNameMapOnce sync.Once
+	signalNameMap     map[string]syscall.Signal
+)
+
 // errnoErr returns common boxed Errno values, to prevent
 // allocations at runtime.
 func errnoErr(e syscall.Errno) error {
@@ -74,6 +74,19 @@ func SignalName(s syscall.Signal) string {
 	return ""
 }
 
+// SignalNum returns the syscall.Signal for signal named s,
+// or 0 if a signal with such name is not found.
+// The signal name should start with "SIG".
+func SignalNum(s string) syscall.Signal {
+	signalNameMapOnce.Do(func() {
+		signalNameMap = make(map[string]syscall.Signal, len(signalList))
+		for _, signal := range signalList {
+			signalNameMap[signal.name] = signal.num
+		}
+	})
+	return signalNameMap[s]
+}
+
 // clen returns the index of the first NULL byte in n or len(n) if n contains no NULL byte.
 func clen(n []byte) int {
 	i := bytes.IndexByte(n, 0)
@@ -103,15 +116,12 @@ func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (d
 		return nil, errno
 	}
 
-	// Slice memory layout
-	var sl = struct {
-		addr uintptr
-		len  int
-		cap  int
-	}{addr, length, length}
-
-	// Use unsafe to turn sl into a []byte.
-	b := *(*[]byte)(unsafe.Pointer(&sl))
+	// Use unsafe to convert addr into a []byte.
+	var b []byte
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b))
+	hdr.Data = unsafe.Pointer(addr)
+	hdr.Cap = length
+	hdr.Len = length
 
 	// Register mapping in m and return it.
 	p := &b[cap(b)-1]
@@ -284,6 +294,13 @@ func GetsockoptTimeval(fd, level, opt int) (*Timeval, error) {
 	return &tv, err
 }
 
+func GetsockoptUint64(fd, level, opt int) (value uint64, err error) {
+	var n uint64
+	vallen := _Socklen(8)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&n), &vallen)
+	return n, err
+}
+
 func Recvfrom(fd int, p []byte, flags int) (n int, from Sockaddr, err error) {
 	var rsa RawSockaddrAny
 	var len _Socklen = SizeofSockaddrAny
@@ -296,6 +313,10 @@ func Recvfrom(fd int, p []byte, flags int) (n int, from Sockaddr, err error) {
 	return
 }
 
+func Send(s int, buf []byte, flags int) (err error) {
+	return sendto(s, buf, flags, nil, 0)
+}
+
 func Sendto(fd int, p []byte, flags int, to Sockaddr) (err error) {
 	ptr, n, err := to.sockaddr()
 	if err != nil {
@@ -334,13 +355,21 @@ func SetsockoptLinger(fd, level, opt int, l *Linger) (err error) {
 }
 
 func SetsockoptString(fd, level, opt int, s string) (err error) {
-	return setsockopt(fd, level, opt, unsafe.Pointer(&[]byte(s)[0]), uintptr(len(s)))
+	var p unsafe.Pointer
+	if len(s) > 0 {
+		p = unsafe.Pointer(&[]byte(s)[0])
+	}
+	return setsockopt(fd, level, opt, p, uintptr(len(s)))
 }
 
 func SetsockoptTimeval(fd, level, opt int, tv *Timeval) (err error) {
 	return setsockopt(fd, level, opt, unsafe.Pointer(tv), unsafe.Sizeof(*tv))
 }
 
+func SetsockoptUint64(fd, level, opt int, value uint64) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(&value), 8)
+}
+
 func Socket(domain, typ, proto int) (fd int, err error) {
 	if domain == AF_INET6 && SocketDisableIPv6 {
 		return -1, EAFNOSUPPORT
@@ -359,13 +388,6 @@ func Socketpair(domain, typ, proto int) (fd [2]int, err error) {
 	return
 }
 
-func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
-	if raceenabled {
-		raceReleaseMerge(unsafe.Pointer(&ioSync))
-	}
-	return sendfile(outfd, infd, offset, count)
-}
-
 var ioSync int64
 
 func CloseOnExec(fd int) { fcntl(fd, F_SETFD, FD_CLOEXEC) }
@@ -392,3 +414,22 @@ func SetNonblock(fd int, nonblocking bool) (err error) {
 func Exec(argv0 string, argv []string, envv []string) error {
 	return syscall.Exec(argv0, argv, envv)
 }
+
+// Lutimes sets the access and modification times tv on path. If path refers to
+// a symlink, it is not dereferenced and the timestamps are set on the symlink.
+// If tv is nil, the access and modification times are set to the current time.
+// Otherwise tv must contain exactly 2 elements, with access time as the first
+// element and modification time as the second element.
+func Lutimes(path string, tv []Timeval) error {
+	if tv == nil {
+		return UtimesNanoAt(AT_FDCWD, path, nil, AT_SYMLINK_NOFOLLOW)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	ts := []Timespec{
+		NsecToTimespec(TimevalToNsec(tv[0])),
+		NsecToTimespec(TimevalToNsec(tv[1])),
+	}
+	return UtimesNanoAt(AT_FDCWD, path, ts, AT_SYMLINK_NOFOLLOW)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
index 4cb8e8edf1a19..5898e9a52b752 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -2,8 +2,11 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris) && gc && !ppc64le && !ppc64
 // +build darwin dragonfly freebsd linux netbsd openbsd solaris
-// +build !gccgo
+// +build gc
+// +build !ppc64le
+// +build !ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
new file mode 100644
index 0000000000000..f6f707acf2c33
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -0,0 +1,25 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (ppc64le || ppc64) && gc
+// +build linux
+// +build ppc64le ppc64
+// +build gc
+
+package unix
+
+import "syscall"
+
+func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return syscall.Syscall(trap, a1, a2, a3)
+}
+func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return syscall.Syscall6(trap, a1, a2, a3, a4, a5, a6)
+}
+func RawSyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return syscall.RawSyscall(trap, a1, a2, a3)
+}
+func RawSyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return syscall.RawSyscall6(trap, a1, a2, a3, a4, a5, a6)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
new file mode 100644
index 0000000000000..1ffd8bfcfb90b
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -0,0 +1,1829 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+package unix
+
+import (
+	"bytes"
+	"runtime"
+	"sort"
+	"sync"
+	"syscall"
+	"unsafe"
+)
+
+const (
+	O_CLOEXEC = 0       // Dummy value (not supported).
+	AF_LOCAL  = AF_UNIX // AF_LOCAL is an alias for AF_UNIX
+)
+
+func syscall_syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_rawsyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_rawsyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_rawsyscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno)
+
+func copyStat(stat *Stat_t, statLE *Stat_LE_t) {
+	stat.Dev = uint64(statLE.Dev)
+	stat.Ino = uint64(statLE.Ino)
+	stat.Nlink = uint64(statLE.Nlink)
+	stat.Mode = uint32(statLE.Mode)
+	stat.Uid = uint32(statLE.Uid)
+	stat.Gid = uint32(statLE.Gid)
+	stat.Rdev = uint64(statLE.Rdev)
+	stat.Size = statLE.Size
+	stat.Atim.Sec = int64(statLE.Atim)
+	stat.Atim.Nsec = 0 //zos doesn't return nanoseconds
+	stat.Mtim.Sec = int64(statLE.Mtim)
+	stat.Mtim.Nsec = 0 //zos doesn't return nanoseconds
+	stat.Ctim.Sec = int64(statLE.Ctim)
+	stat.Ctim.Nsec = 0 //zos doesn't return nanoseconds
+	stat.Blksize = int64(statLE.Blksize)
+	stat.Blocks = statLE.Blocks
+}
+
+func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64)
+func svcLoad(name *byte) unsafe.Pointer
+func svcUnload(name *byte, fnptr unsafe.Pointer) int64
+
+func (d *Dirent) NameString() string {
+	if d == nil {
+		return ""
+	}
+	return string(d.Name[:d.Namlen])
+}
+
+func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Len = SizeofSockaddrInet4
+	sa.raw.Family = AF_INET
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
+}
+
+func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Len = SizeofSockaddrInet6
+	sa.raw.Family = AF_INET6
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
+}
+
+func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	name := sa.Name
+	n := len(name)
+	if n >= len(sa.raw.Path) || n == 0 {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Len = byte(3 + n) // 2 for Family, Len; 1 for NUL
+	sa.raw.Family = AF_UNIX
+	for i := 0; i < n; i++ {
+		sa.raw.Path[i] = int8(name[i])
+	}
+	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
+}
+
+func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	// TODO(neeilan): Implement use of first param (fd)
+	switch rsa.Addr.Family {
+	case AF_UNIX:
+		pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa))
+		sa := new(SockaddrUnix)
+		// For z/OS, only replace NUL with @ when the
+		// length is not zero.
+		if pp.Len != 0 && pp.Path[0] == 0 {
+			// "Abstract" Unix domain socket.
+			// Rewrite leading NUL as @ for textual display.
+			// (This is the standard convention.)
+			// Not friendly to overwrite in place,
+			// but the callers below don't care.
+			pp.Path[0] = '@'
+		}
+
+		// Assume path ends at NUL.
+		//
+		// For z/OS, the length of the name is a field
+		// in the structure. To be on the safe side, we
+		// will still scan the name for a NUL but only
+		// to the length provided in the structure.
+		//
+		// This is not technically the Linux semantics for
+		// abstract Unix domain sockets--they are supposed
+		// to be uninterpreted fixed-size binary blobs--but
+		// everyone uses this convention.
+		n := 0
+		for n < int(pp.Len) && pp.Path[n] != 0 {
+			n++
+		}
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		sa.Name = string(bytes)
+		return sa, nil
+
+	case AF_INET:
+		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet4)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	case AF_INET6:
+		pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet6)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		sa.ZoneId = pp.Scope_id
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+	}
+	return nil, EAFNOSUPPORT
+}
+
+func Accept(fd int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept(fd, &rsa, &len)
+	if err != nil {
+		return
+	}
+	// TODO(neeilan): Remove 0 in call
+	sa, err = anyToSockaddr(0, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = int32(length)
+}
+
+//sys   fcntl(fd int, cmd int, arg int) (val int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys   readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
+//sys	write(fd int, p []byte) (n int, err error)
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) = SYS___ACCEPT_A
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___BIND_A
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___CONNECT_A
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETPEERNAME_A
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETSOCKNAME_A
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) = SYS___RECVFROM_A
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) = SYS___SENDTO_A
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = SYS___RECVMSG_A
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = SYS___SENDMSG_A
+//sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) = SYS_MMAP
+//sys   munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP
+//sys   ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+
+//sys   Access(path string, mode uint32) (err error) = SYS___ACCESS_A
+//sys   Chdir(path string) (err error) = SYS___CHDIR_A
+//sys	Chown(path string, uid int, gid int) (err error) = SYS___CHOWN_A
+//sys	Chmod(path string, mode uint32) (err error) = SYS___CHMOD_A
+//sys   Creat(path string, mode uint32) (fd int, err error) = SYS___CREAT_A
+//sys	Dup(oldfd int) (fd int, err error)
+//sys	Dup2(oldfd int, newfd int) (err error)
+//sys	Errno2() (er2 int) = SYS___ERRNO2
+//sys	Err2ad() (eadd *int) = SYS___ERR2AD
+//sys	Exit(code int)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) = SYS_FCNTL
+//sys	fstat(fd int, stat *Stat_LE_t) (err error)
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	var statLE Stat_LE_t
+	err = fstat(fd, &statLE)
+	copyStat(stat, &statLE)
+	return
+}
+
+//sys	Fstatvfs(fd int, stat *Statvfs_t) (err error) = SYS_FSTATVFS
+//sys	Fsync(fd int) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sys   Getpagesize() (pgsize int) = SYS_GETPAGESIZE
+//sys   Mprotect(b []byte, prot int) (err error) = SYS_MPROTECT
+//sys   Msync(b []byte, flags int) (err error) = SYS_MSYNC
+//sys   Poll(fds []PollFd, timeout int) (n int, err error) = SYS_POLL
+//sys   Times(tms *Tms) (ticks uintptr, err error) = SYS_TIMES
+//sys   W_Getmntent(buff *byte, size int) (lastsys int, err error) = SYS_W_GETMNTENT
+//sys   W_Getmntent_A(buff *byte, size int) (lastsys int, err error) = SYS___W_GETMNTENT_A
+
+//sys   mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) = SYS___MOUNT_A
+//sys   unmount(filesystem string, mtm int) (err error) = SYS___UMOUNT_A
+//sys   Chroot(path string) (err error) = SYS___CHROOT_A
+//sys   Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) = SYS_SELECT
+//sysnb Uname(buf *Utsname) (err error) = SYS___UNAME_A
+
+func Ptsname(fd int) (name string, err error) {
+	r0, _, e1 := syscall_syscall(SYS___PTSNAME_A, uintptr(fd), 0, 0)
+	name = u2s(unsafe.Pointer(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func u2s(cstr unsafe.Pointer) string {
+	str := (*[1024]uint8)(cstr)
+	i := 0
+	for str[i] != 0 {
+		i++
+	}
+	return string(str[:i])
+}
+
+func Close(fd int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	for i := 0; e1 == EAGAIN && i < 10; i++ {
+		_, _, _ = syscall_syscall(SYS_USLEEP, uintptr(10), 0, 0)
+		_, _, e1 = syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	}
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var mapper = &mmapper{
+	active: make(map[*byte][]byte),
+	mmap:   mmap,
+	munmap: munmap,
+}
+
+// Dummy function: there are no semantics for Madvise on z/OS
+func Madvise(b []byte, advice int) (err error) {
+	return
+}
+
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+	return mapper.Munmap(b)
+}
+
+//sys   Gethostname(buf []byte) (err error) = SYS___GETHOSTNAME_A
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (uid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getpid() (pid int)
+//sysnb	Getpgid(pid int) (pgid int, err error) = SYS_GETPGID
+
+func Getpgrp() (pid int) {
+	pid, _ = Getpgid(0)
+	return
+}
+
+//sysnb	Getppid() (pid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error) = SYS_GETRLIMIT
+
+//sysnb getrusage(who int, rusage *rusage_zos) (err error) = SYS_GETRUSAGE
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	var ruz rusage_zos
+	err = getrusage(who, &ruz)
+	//Only the first two fields of Rusage are set
+	rusage.Utime.Sec = ruz.Utime.Sec
+	rusage.Utime.Usec = int64(ruz.Utime.Usec)
+	rusage.Stime.Sec = ruz.Stime.Sec
+	rusage.Stime.Usec = int64(ruz.Stime.Usec)
+	return
+}
+
+//sysnb Getsid(pid int) (sid int, err error) = SYS_GETSID
+//sysnb	Getuid() (uid int)
+//sysnb	Kill(pid int, sig Signal) (err error)
+//sys	Lchown(path string, uid int, gid int) (err error) = SYS___LCHOWN_A
+//sys	Link(path string, link string) (err error) = SYS___LINK_A
+//sys	Listen(s int, n int) (err error)
+//sys	lstat(path string, stat *Stat_LE_t) (err error) = SYS___LSTAT_A
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var statLE Stat_LE_t
+	err = lstat(path, &statLE)
+	copyStat(stat, &statLE)
+	return
+}
+
+//sys	Mkdir(path string, mode uint32) (err error) = SYS___MKDIR_A
+//sys   Mkfifo(path string, mode uint32) (err error) = SYS___MKFIFO_A
+//sys	Mknod(path string, mode uint32, dev int) (err error) = SYS___MKNOD_A
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error)
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error) = SYS___READLINK_A
+//sys	Rename(from string, to string) (err error) = SYS___RENAME_A
+//sys	Rmdir(path string) (err error) = SYS___RMDIR_A
+//sys   Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error) = SYS_SETPGID
+//sysnb	Setrlimit(resource int, lim *Rlimit) (err error)
+//sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID
+//sysnb	Setreuid(ruid int, euid int) (err error) = SYS_SETREUID
+//sysnb	Setsid() (pid int, err error) = SYS_SETSID
+//sys	Setuid(uid int) (err error) = SYS_SETUID
+//sys	Setgid(uid int) (err error) = SYS_SETGID
+//sys	Shutdown(fd int, how int) (err error)
+//sys	stat(path string, statLE *Stat_LE_t) (err error) = SYS___STAT_A
+
+func Stat(path string, sta *Stat_t) (err error) {
+	var statLE Stat_LE_t
+	err = stat(path, &statLE)
+	copyStat(sta, &statLE)
+	return
+}
+
+//sys	Symlink(path string, link string) (err error) = SYS___SYMLINK_A
+//sys	Sync() = SYS_SYNC
+//sys	Truncate(path string, length int64) (err error) = SYS___TRUNCATE_A
+//sys	Tcgetattr(fildes int, termptr *Termios) (err error) = SYS_TCGETATTR
+//sys	Tcsetattr(fildes int, when int, termptr *Termios) (err error) = SYS_TCSETATTR
+//sys	Umask(mask int) (oldmask int)
+//sys	Unlink(path string) (err error) = SYS___UNLINK_A
+//sys	Utime(path string, utim *Utimbuf) (err error) = SYS___UTIME_A
+
+//sys	open(path string, mode int, perm uint32) (fd int, err error) = SYS___OPEN_A
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	return open(path, mode, perm)
+}
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	wd, err := Getwd()
+	if err != nil {
+		return err
+	}
+
+	if err := Fchdir(dirfd); err != nil {
+		return err
+	}
+	defer Chdir(wd)
+
+	return Mkfifo(path, mode)
+}
+
+//sys	remove(path string) (err error)
+
+func Remove(path string) error {
+	return remove(path)
+}
+
+const ImplementsGetwd = true
+
+func Getcwd(buf []byte) (n int, err error) {
+	var p unsafe.Pointer
+	if len(buf) > 0 {
+		p = unsafe.Pointer(&buf[0])
+	} else {
+		p = unsafe.Pointer(&_zero)
+	}
+	_, _, e := syscall_syscall(SYS___GETCWD_A, uintptr(p), uintptr(len(buf)), 0)
+	n = clen(buf) + 1
+	if e != 0 {
+		err = errnoErr(e)
+	}
+	return
+}
+
+func Getwd() (wd string, err error) {
+	var buf [PathMax]byte
+	n, err := Getcwd(buf[0:])
+	if err != nil {
+		return "", err
+	}
+	// Getcwd returns the number of bytes written to buf, including the NUL.
+	if n < 1 || n > len(buf) || buf[n-1] != 0 {
+		return "", EINVAL
+	}
+	return string(buf[0 : n-1]), nil
+}
+
+func Getgroups() (gids []int, err error) {
+	n, err := getgroups(0, nil)
+	if err != nil {
+		return nil, err
+	}
+	if n == 0 {
+		return nil, nil
+	}
+
+	// Sanity check group count.  Max is 1<<16 on Linux.
+	if n < 0 || n > 1<<20 {
+		return nil, EINVAL
+	}
+
+	a := make([]_Gid_t, n)
+	n, err = getgroups(n, &a[0])
+	if err != nil {
+		return nil, err
+	}
+	gids = make([]int, n)
+	for i, v := range a[0:n] {
+		gids[i] = int(v)
+	}
+	return
+}
+
+func Setgroups(gids []int) (err error) {
+	if len(gids) == 0 {
+		return setgroups(0, nil)
+	}
+
+	a := make([]_Gid_t, len(gids))
+	for i, v := range gids {
+		a[i] = _Gid_t(v)
+	}
+	return setgroups(len(a), &a[0])
+}
+
+func gettid() uint64
+
+func Gettid() (tid int) {
+	return int(gettid())
+}
+
+type WaitStatus uint32
+
+// Wait status is 7 bits at bottom, either 0 (exited),
+// 0x7F (stopped), or a signal number that caused an exit.
+// The 0x80 bit is whether there was a core dump.
+// An extra number (exit code, signal causing a stop)
+// is in the high bits.  At least that's the idea.
+// There are various irregularities.  For example, the
+// "continued" status is 0xFFFF, distinguishing itself
+// from stopped via the core dump bit.
+
+const (
+	mask    = 0x7F
+	core    = 0x80
+	exited  = 0x00
+	stopped = 0x7F
+	shift   = 8
+)
+
+func (w WaitStatus) Exited() bool { return w&mask == exited }
+
+func (w WaitStatus) Signaled() bool { return w&mask != stopped && w&mask != exited }
+
+func (w WaitStatus) Stopped() bool { return w&0xFF == stopped }
+
+func (w WaitStatus) Continued() bool { return w == 0xFFFF }
+
+func (w WaitStatus) CoreDump() bool { return w.Signaled() && w&core != 0 }
+
+func (w WaitStatus) ExitStatus() int {
+	if !w.Exited() {
+		return -1
+	}
+	return int(w>>shift) & 0xFF
+}
+
+func (w WaitStatus) Signal() Signal {
+	if !w.Signaled() {
+		return -1
+	}
+	return Signal(w & mask)
+}
+
+func (w WaitStatus) StopSignal() Signal {
+	if !w.Stopped() {
+		return -1
+	}
+	return Signal(w>>shift) & 0xFF
+}
+
+func (w WaitStatus) TrapCause() int { return -1 }
+
+//sys	waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error)
+
+func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	// TODO(mundaym): z/OS doesn't have wait4. I don't think getrusage does what we want.
+	// At the moment rusage will not be touched.
+	var status _C_int
+	wpid, err = waitpid(pid, &status, options)
+	if wstatus != nil {
+		*wstatus = WaitStatus(status)
+	}
+	return
+}
+
+//sysnb	gettimeofday(tv *timeval_zos) (err error)
+
+func Gettimeofday(tv *Timeval) (err error) {
+	var tvz timeval_zos
+	err = gettimeofday(&tvz)
+	tv.Sec = tvz.Sec
+	tv.Usec = int64(tvz.Usec)
+	return
+}
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	var tv Timeval
+	err = Gettimeofday(&tv)
+	if err != nil {
+		return 0, err
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval { //fix
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+//sysnb pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe(&pp)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sys	utimes(path string, timeval *[2]Timeval) (err error) = SYS___UTIMES_A
+
+func Utimes(path string, tv []Timeval) (err error) {
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+func UtimesNano(path string, ts []Timespec) error {
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	// Not as efficient as it could be because Timespec and
+	// Timeval have different types in the different OSes
+	tv := [2]Timeval{
+		NsecToTimeval(TimespecToNsec(ts[0])),
+		NsecToTimeval(TimespecToNsec(ts[1])),
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+func Getsockname(fd int) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if err = getsockname(fd, &rsa, &len); err != nil {
+		return
+	}
+	// TODO(neeilan) : Remove this 0 ( added to get sys/unix compiling on z/OS )
+	return anyToSockaddr(0, &rsa)
+}
+
+const (
+	// identifier constants
+	nwmHeaderIdentifier    = 0xd5e6d4c8
+	nwmFilterIdentifier    = 0xd5e6d4c6
+	nwmTCPConnIdentifier   = 0xd5e6d4c3
+	nwmRecHeaderIdentifier = 0xd5e6d4d9
+	nwmIPStatsIdentifier   = 0xd5e6d4c9d7e2e340
+	nwmIPGStatsIdentifier  = 0xd5e6d4c9d7c7e2e3
+	nwmTCPStatsIdentifier  = 0xd5e6d4e3c3d7e2e3
+	nwmUDPStatsIdentifier  = 0xd5e6d4e4c4d7e2e3
+	nwmICMPGStatsEntry     = 0xd5e6d4c9c3d4d7c7
+	nwmICMPTStatsEntry     = 0xd5e6d4c9c3d4d7e3
+
+	// nwmHeader constants
+	nwmVersion1   = 1
+	nwmVersion2   = 2
+	nwmCurrentVer = 2
+
+	nwmTCPConnType     = 1
+	nwmGlobalStatsType = 14
+
+	// nwmFilter constants
+	nwmFilterLclAddrMask = 0x20000000 // Local address
+	nwmFilterSrcAddrMask = 0x20000000 // Source address
+	nwmFilterLclPortMask = 0x10000000 // Local port
+	nwmFilterSrcPortMask = 0x10000000 // Source port
+
+	// nwmConnEntry constants
+	nwmTCPStateClosed   = 1
+	nwmTCPStateListen   = 2
+	nwmTCPStateSynSent  = 3
+	nwmTCPStateSynRcvd  = 4
+	nwmTCPStateEstab    = 5
+	nwmTCPStateFinWait1 = 6
+	nwmTCPStateFinWait2 = 7
+	nwmTCPStateClosWait = 8
+	nwmTCPStateLastAck  = 9
+	nwmTCPStateClosing  = 10
+	nwmTCPStateTimeWait = 11
+	nwmTCPStateDeletTCB = 12
+
+	// Existing constants on linux
+	BPF_TCP_CLOSE        = 1
+	BPF_TCP_LISTEN       = 2
+	BPF_TCP_SYN_SENT     = 3
+	BPF_TCP_SYN_RECV     = 4
+	BPF_TCP_ESTABLISHED  = 5
+	BPF_TCP_FIN_WAIT1    = 6
+	BPF_TCP_FIN_WAIT2    = 7
+	BPF_TCP_CLOSE_WAIT   = 8
+	BPF_TCP_LAST_ACK     = 9
+	BPF_TCP_CLOSING      = 10
+	BPF_TCP_TIME_WAIT    = 11
+	BPF_TCP_NEW_SYN_RECV = -1
+	BPF_TCP_MAX_STATES   = -2
+)
+
+type nwmTriplet struct {
+	offset uint32
+	length uint32
+	number uint32
+}
+
+type nwmQuadruplet struct {
+	offset uint32
+	length uint32
+	number uint32
+	match  uint32
+}
+
+type nwmHeader struct {
+	ident       uint32
+	length      uint32
+	version     uint16
+	nwmType     uint16
+	bytesNeeded uint32
+	options     uint32
+	_           [16]byte
+	inputDesc   nwmTriplet
+	outputDesc  nwmQuadruplet
+}
+
+type nwmFilter struct {
+	ident         uint32
+	flags         uint32
+	resourceName  [8]byte
+	resourceId    uint32
+	listenerId    uint32
+	local         [28]byte // union of sockaddr4 and sockaddr6
+	remote        [28]byte // union of sockaddr4 and sockaddr6
+	_             uint16
+	_             uint16
+	asid          uint16
+	_             [2]byte
+	tnLuName      [8]byte
+	tnMonGrp      uint32
+	tnAppl        [8]byte
+	applData      [40]byte
+	nInterface    [16]byte
+	dVipa         [16]byte
+	dVipaPfx      uint16
+	dVipaPort     uint16
+	dVipaFamily   byte
+	_             [3]byte
+	destXCF       [16]byte
+	destXCFPfx    uint16
+	destXCFFamily byte
+	_             [1]byte
+	targIP        [16]byte
+	targIPPfx     uint16
+	targIPFamily  byte
+	_             [1]byte
+	_             [20]byte
+}
+
+type nwmRecHeader struct {
+	ident  uint32
+	length uint32
+	number byte
+	_      [3]byte
+}
+
+type nwmTCPStatsEntry struct {
+	ident             uint64
+	currEstab         uint32
+	activeOpened      uint32
+	passiveOpened     uint32
+	connClosed        uint32
+	estabResets       uint32
+	attemptFails      uint32
+	passiveDrops      uint32
+	timeWaitReused    uint32
+	inSegs            uint64
+	predictAck        uint32
+	predictData       uint32
+	inDupAck          uint32
+	inBadSum          uint32
+	inBadLen          uint32
+	inShort           uint32
+	inDiscOldTime     uint32
+	inAllBeforeWin    uint32
+	inSomeBeforeWin   uint32
+	inAllAfterWin     uint32
+	inSomeAfterWin    uint32
+	inOutOfOrder      uint32
+	inAfterClose      uint32
+	inWinProbes       uint32
+	inWinUpdates      uint32
+	outWinUpdates     uint32
+	outSegs           uint64
+	outDelayAcks      uint32
+	outRsts           uint32
+	retransSegs       uint32
+	retransTimeouts   uint32
+	retransDrops      uint32
+	pmtuRetrans       uint32
+	pmtuErrors        uint32
+	outWinProbes      uint32
+	probeDrops        uint32
+	keepAliveProbes   uint32
+	keepAliveDrops    uint32
+	finwait2Drops     uint32
+	acceptCount       uint64
+	inBulkQSegs       uint64
+	inDiscards        uint64
+	connFloods        uint32
+	connStalls        uint32
+	cfgEphemDef       uint16
+	ephemInUse        uint16
+	ephemHiWater      uint16
+	flags             byte
+	_                 [1]byte
+	ephemExhaust      uint32
+	smcRCurrEstabLnks uint32
+	smcRLnkActTimeOut uint32
+	smcRActLnkOpened  uint32
+	smcRPasLnkOpened  uint32
+	smcRLnksClosed    uint32
+	smcRCurrEstab     uint32
+	smcRActiveOpened  uint32
+	smcRPassiveOpened uint32
+	smcRConnClosed    uint32
+	smcRInSegs        uint64
+	smcROutSegs       uint64
+	smcRInRsts        uint32
+	smcROutRsts       uint32
+	smcDCurrEstabLnks uint32
+	smcDActLnkOpened  uint32
+	smcDPasLnkOpened  uint32
+	smcDLnksClosed    uint32
+	smcDCurrEstab     uint32
+	smcDActiveOpened  uint32
+	smcDPassiveOpened uint32
+	smcDConnClosed    uint32
+	smcDInSegs        uint64
+	smcDOutSegs       uint64
+	smcDInRsts        uint32
+	smcDOutRsts       uint32
+}
+
+type nwmConnEntry struct {
+	ident             uint32
+	local             [28]byte // union of sockaddr4 and sockaddr6
+	remote            [28]byte // union of sockaddr4 and sockaddr6
+	startTime         [8]byte  // uint64, changed to prevent padding from being inserted
+	lastActivity      [8]byte  // uint64
+	bytesIn           [8]byte  // uint64
+	bytesOut          [8]byte  // uint64
+	inSegs            [8]byte  // uint64
+	outSegs           [8]byte  // uint64
+	state             uint16
+	activeOpen        byte
+	flag01            byte
+	outBuffered       uint32
+	inBuffered        uint32
+	maxSndWnd         uint32
+	reXmtCount        uint32
+	congestionWnd     uint32
+	ssThresh          uint32
+	roundTripTime     uint32
+	roundTripVar      uint32
+	sendMSS           uint32
+	sndWnd            uint32
+	rcvBufSize        uint32
+	sndBufSize        uint32
+	outOfOrderCount   uint32
+	lcl0WindowCount   uint32
+	rmt0WindowCount   uint32
+	dupacks           uint32
+	flag02            byte
+	sockOpt6Cont      byte
+	asid              uint16
+	resourceName      [8]byte
+	resourceId        uint32
+	subtask           uint32
+	sockOpt           byte
+	sockOpt6          byte
+	clusterConnFlag   byte
+	proto             byte
+	targetAppl        [8]byte
+	luName            [8]byte
+	clientUserId      [8]byte
+	logMode           [8]byte
+	timeStamp         uint32
+	timeStampAge      uint32
+	serverResourceId  uint32
+	intfName          [16]byte
+	ttlsStatPol       byte
+	ttlsStatConn      byte
+	ttlsSSLProt       uint16
+	ttlsNegCiph       [2]byte
+	ttlsSecType       byte
+	ttlsFIPS140Mode   byte
+	ttlsUserID        [8]byte
+	applData          [40]byte
+	inOldestTime      [8]byte // uint64
+	outOldestTime     [8]byte // uint64
+	tcpTrustedPartner byte
+	_                 [3]byte
+	bulkDataIntfName  [16]byte
+	ttlsNegCiph4      [4]byte
+	smcReason         uint32
+	lclSMCLinkId      uint32
+	rmtSMCLinkId      uint32
+	smcStatus         byte
+	smcFlags          byte
+	_                 [2]byte
+	rcvWnd            uint32
+	lclSMCBufSz       uint32
+	rmtSMCBufSz       uint32
+	ttlsSessID        [32]byte
+	ttlsSessIDLen     int16
+	_                 [1]byte
+	smcDStatus        byte
+	smcDReason        uint32
+}
+
+var svcNameTable [][]byte = [][]byte{
+	[]byte("\xc5\xe9\xc2\xd5\xd4\xc9\xc6\xf4"), // svc_EZBNMIF4
+}
+
+const (
+	svc_EZBNMIF4 = 0
+)
+
+func GetsockoptTCPInfo(fd, level, opt int) (*TCPInfo, error) {
+	jobname := []byte("\x5c\x40\x40\x40\x40\x40\x40\x40") // "*"
+	responseBuffer := [4096]byte{0}
+	var bufferAlet, reasonCode uint32 = 0, 0
+	var bufferLen, returnValue, returnCode int32 = 4096, 0, 0
+
+	dsa := [18]uint64{0}
+	var argv [7]unsafe.Pointer
+	argv[0] = unsafe.Pointer(&jobname[0])
+	argv[1] = unsafe.Pointer(&responseBuffer[0])
+	argv[2] = unsafe.Pointer(&bufferAlet)
+	argv[3] = unsafe.Pointer(&bufferLen)
+	argv[4] = unsafe.Pointer(&returnValue)
+	argv[5] = unsafe.Pointer(&returnCode)
+	argv[6] = unsafe.Pointer(&reasonCode)
+
+	request := (*struct {
+		header nwmHeader
+		filter nwmFilter
+	})(unsafe.Pointer(&responseBuffer[0]))
+
+	EZBNMIF4 := svcLoad(&svcNameTable[svc_EZBNMIF4][0])
+	if EZBNMIF4 == nil {
+		return nil, errnoErr(EINVAL)
+	}
+
+	// GetGlobalStats EZBNMIF4 call
+	request.header.ident = nwmHeaderIdentifier
+	request.header.length = uint32(unsafe.Sizeof(request.header))
+	request.header.version = nwmCurrentVer
+	request.header.nwmType = nwmGlobalStatsType
+	request.header.options = 0x80000000
+
+	svcCall(EZBNMIF4, &argv[0], &dsa[0])
+
+	// outputDesc field is filled by EZBNMIF4 on success
+	if returnCode != 0 || request.header.outputDesc.offset == 0 {
+		return nil, errnoErr(EINVAL)
+	}
+
+	// Check that EZBNMIF4 returned a nwmRecHeader
+	recHeader := (*nwmRecHeader)(unsafe.Pointer(&responseBuffer[request.header.outputDesc.offset]))
+	if recHeader.ident != nwmRecHeaderIdentifier {
+		return nil, errnoErr(EINVAL)
+	}
+
+	// Parse nwmTriplets to get offsets of returned entries
+	var sections []*uint64
+	var sectionDesc *nwmTriplet = (*nwmTriplet)(unsafe.Pointer(&responseBuffer[0]))
+	for i := uint32(0); i < uint32(recHeader.number); i++ {
+		offset := request.header.outputDesc.offset + uint32(unsafe.Sizeof(*recHeader)) + i*uint32(unsafe.Sizeof(*sectionDesc))
+		sectionDesc = (*nwmTriplet)(unsafe.Pointer(&responseBuffer[offset]))
+		for j := uint32(0); j < sectionDesc.number; j++ {
+			offset = request.header.outputDesc.offset + sectionDesc.offset + j*sectionDesc.length
+			sections = append(sections, (*uint64)(unsafe.Pointer(&responseBuffer[offset])))
+		}
+	}
+
+	// Find nwmTCPStatsEntry in returned entries
+	var tcpStats *nwmTCPStatsEntry = nil
+	for _, ptr := range sections {
+		switch *ptr {
+		case nwmTCPStatsIdentifier:
+			if tcpStats != nil {
+				return nil, errnoErr(EINVAL)
+			}
+			tcpStats = (*nwmTCPStatsEntry)(unsafe.Pointer(ptr))
+		case nwmIPStatsIdentifier:
+		case nwmIPGStatsIdentifier:
+		case nwmUDPStatsIdentifier:
+		case nwmICMPGStatsEntry:
+		case nwmICMPTStatsEntry:
+		default:
+			return nil, errnoErr(EINVAL)
+		}
+	}
+	if tcpStats == nil {
+		return nil, errnoErr(EINVAL)
+	}
+
+	// GetConnectionDetail EZBNMIF4 call
+	responseBuffer = [4096]byte{0}
+	dsa = [18]uint64{0}
+	bufferAlet, reasonCode = 0, 0
+	bufferLen, returnValue, returnCode = 4096, 0, 0
+	nameptr := (*uint32)(unsafe.Pointer(uintptr(0x21c))) // Get jobname of current process
+	nameptr = (*uint32)(unsafe.Pointer(uintptr(*nameptr + 12)))
+	argv[0] = unsafe.Pointer(uintptr(*nameptr))
+
+	request.header.ident = nwmHeaderIdentifier
+	request.header.length = uint32(unsafe.Sizeof(request.header))
+	request.header.version = nwmCurrentVer
+	request.header.nwmType = nwmTCPConnType
+	request.header.options = 0x80000000
+
+	request.filter.ident = nwmFilterIdentifier
+
+	var localSockaddr RawSockaddrAny
+	socklen := _Socklen(SizeofSockaddrAny)
+	err := getsockname(fd, &localSockaddr, &socklen)
+	if err != nil {
+		return nil, errnoErr(EINVAL)
+	}
+	if localSockaddr.Addr.Family == AF_INET {
+		localSockaddr := (*RawSockaddrInet4)(unsafe.Pointer(&localSockaddr.Addr))
+		localSockFilter := (*RawSockaddrInet4)(unsafe.Pointer(&request.filter.local[0]))
+		localSockFilter.Family = AF_INET
+		var i int
+		for i = 0; i < 4; i++ {
+			if localSockaddr.Addr[i] != 0 {
+				break
+			}
+		}
+		if i != 4 {
+			request.filter.flags |= nwmFilterLclAddrMask
+			for i = 0; i < 4; i++ {
+				localSockFilter.Addr[i] = localSockaddr.Addr[i]
+			}
+		}
+		if localSockaddr.Port != 0 {
+			request.filter.flags |= nwmFilterLclPortMask
+			localSockFilter.Port = localSockaddr.Port
+		}
+	} else if localSockaddr.Addr.Family == AF_INET6 {
+		localSockaddr := (*RawSockaddrInet6)(unsafe.Pointer(&localSockaddr.Addr))
+		localSockFilter := (*RawSockaddrInet6)(unsafe.Pointer(&request.filter.local[0]))
+		localSockFilter.Family = AF_INET6
+		var i int
+		for i = 0; i < 16; i++ {
+			if localSockaddr.Addr[i] != 0 {
+				break
+			}
+		}
+		if i != 16 {
+			request.filter.flags |= nwmFilterLclAddrMask
+			for i = 0; i < 16; i++ {
+				localSockFilter.Addr[i] = localSockaddr.Addr[i]
+			}
+		}
+		if localSockaddr.Port != 0 {
+			request.filter.flags |= nwmFilterLclPortMask
+			localSockFilter.Port = localSockaddr.Port
+		}
+	}
+
+	svcCall(EZBNMIF4, &argv[0], &dsa[0])
+
+	// outputDesc field is filled by EZBNMIF4 on success
+	if returnCode != 0 || request.header.outputDesc.offset == 0 {
+		return nil, errnoErr(EINVAL)
+	}
+
+	// Check that EZBNMIF4 returned a nwmConnEntry
+	conn := (*nwmConnEntry)(unsafe.Pointer(&responseBuffer[request.header.outputDesc.offset]))
+	if conn.ident != nwmTCPConnIdentifier {
+		return nil, errnoErr(EINVAL)
+	}
+
+	// Copy data from the returned data structures into tcpInfo
+	// Stats from nwmConnEntry are specific to that connection.
+	// Stats from nwmTCPStatsEntry are global (to the interface?)
+	// Fields may not be an exact match. Some fields have no equivalent.
+	var tcpinfo TCPInfo
+	tcpinfo.State = uint8(conn.state)
+	tcpinfo.Ca_state = 0 // dummy
+	tcpinfo.Retransmits = uint8(tcpStats.retransSegs)
+	tcpinfo.Probes = uint8(tcpStats.outWinProbes)
+	tcpinfo.Backoff = 0 // dummy
+	tcpinfo.Options = 0 // dummy
+	tcpinfo.Rto = tcpStats.retransTimeouts
+	tcpinfo.Ato = tcpStats.outDelayAcks
+	tcpinfo.Snd_mss = conn.sendMSS
+	tcpinfo.Rcv_mss = conn.sendMSS // dummy
+	tcpinfo.Unacked = 0            // dummy
+	tcpinfo.Sacked = 0             // dummy
+	tcpinfo.Lost = 0               // dummy
+	tcpinfo.Retrans = conn.reXmtCount
+	tcpinfo.Fackets = 0 // dummy
+	tcpinfo.Last_data_sent = uint32(*(*uint64)(unsafe.Pointer(&conn.lastActivity[0])))
+	tcpinfo.Last_ack_sent = uint32(*(*uint64)(unsafe.Pointer(&conn.outOldestTime[0])))
+	tcpinfo.Last_data_recv = uint32(*(*uint64)(unsafe.Pointer(&conn.inOldestTime[0])))
+	tcpinfo.Last_ack_recv = uint32(*(*uint64)(unsafe.Pointer(&conn.inOldestTime[0])))
+	tcpinfo.Pmtu = conn.sendMSS // dummy, NWMIfRouteMtu is a candidate
+	tcpinfo.Rcv_ssthresh = conn.ssThresh
+	tcpinfo.Rtt = conn.roundTripTime
+	tcpinfo.Rttvar = conn.roundTripVar
+	tcpinfo.Snd_ssthresh = conn.ssThresh // dummy
+	tcpinfo.Snd_cwnd = conn.congestionWnd
+	tcpinfo.Advmss = conn.sendMSS        // dummy
+	tcpinfo.Reordering = 0               // dummy
+	tcpinfo.Rcv_rtt = conn.roundTripTime // dummy
+	tcpinfo.Rcv_space = conn.sendMSS     // dummy
+	tcpinfo.Total_retrans = conn.reXmtCount
+
+	svcUnload(&svcNameTable[svc_EZBNMIF4][0], EZBNMIF4)
+
+	return &tcpinfo, nil
+}
+
+// GetsockoptString returns the string value of the socket option opt for the
+// socket associated with fd at the given socket level.
+func GetsockoptString(fd, level, opt int) (string, error) {
+	buf := make([]byte, 256)
+	vallen := _Socklen(len(buf))
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&buf[0]), &vallen)
+	if err != nil {
+		return "", err
+	}
+
+	return string(buf[:vallen-1]), nil
+}
+
+func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
+	var msg Msghdr
+	var rsa RawSockaddrAny
+	msg.Name = (*byte)(unsafe.Pointer(&rsa))
+	msg.Namelen = SizeofSockaddrAny
+	var iov Iovec
+	if len(p) > 0 {
+		iov.Base = (*byte)(unsafe.Pointer(&p[0]))
+		iov.SetLen(len(p))
+	}
+	var dummy byte
+	if len(oob) > 0 {
+		// receive at least one normal byte
+		if len(p) == 0 {
+			iov.Base = &dummy
+			iov.SetLen(1)
+		}
+		msg.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		msg.SetControllen(len(oob))
+	}
+	msg.Iov = &iov
+	msg.Iovlen = 1
+	if n, err = recvmsg(fd, &msg, flags); err != nil {
+		return
+	}
+	oobn = int(msg.Controllen)
+	recvflags = int(msg.Flags)
+	// source address is only specified if the socket is unconnected
+	if rsa.Addr.Family != AF_UNSPEC {
+		// TODO(neeilan): Remove 0 arg added to get this compiling on z/OS
+		from, err = anyToSockaddr(0, &rsa)
+	}
+	return
+}
+
+func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) {
+	_, err = SendmsgN(fd, p, oob, to, flags)
+	return
+}
+
+func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) {
+	var ptr unsafe.Pointer
+	var salen _Socklen
+	if to != nil {
+		var err error
+		ptr, salen, err = to.sockaddr()
+		if err != nil {
+			return 0, err
+		}
+	}
+	var msg Msghdr
+	msg.Name = (*byte)(unsafe.Pointer(ptr))
+	msg.Namelen = int32(salen)
+	var iov Iovec
+	if len(p) > 0 {
+		iov.Base = (*byte)(unsafe.Pointer(&p[0]))
+		iov.SetLen(len(p))
+	}
+	var dummy byte
+	if len(oob) > 0 {
+		// send at least one normal byte
+		if len(p) == 0 {
+			iov.Base = &dummy
+			iov.SetLen(1)
+		}
+		msg.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		msg.SetControllen(len(oob))
+	}
+	msg.Iov = &iov
+	msg.Iovlen = 1
+	if n, err = sendmsg(fd, &msg, flags); err != nil {
+		return 0, err
+	}
+	if len(oob) > 0 && len(p) == 0 {
+		n = 0
+	}
+	return n, nil
+}
+
+func Opendir(name string) (uintptr, error) {
+	p, err := BytePtrFromString(name)
+	if err != nil {
+		return 0, err
+	}
+	dir, _, e := syscall_syscall(SYS___OPENDIR_A, uintptr(unsafe.Pointer(p)), 0, 0)
+	runtime.KeepAlive(unsafe.Pointer(p))
+	if e != 0 {
+		err = errnoErr(e)
+	}
+	return dir, err
+}
+
+// clearsyscall.Errno resets the errno value to 0.
+func clearErrno()
+
+func Readdir(dir uintptr) (*Dirent, error) {
+	var ent Dirent
+	var res uintptr
+	// __readdir_r_a returns errno at the end of the directory stream, rather than 0.
+	// Therefore to avoid false positives we clear errno before calling it.
+
+	// TODO(neeilan): Commented this out to get sys/unix compiling on z/OS. Uncomment and fix. Error: "undefined: clearsyscall"
+	//clearsyscall.Errno() // TODO(mundaym): check pre-emption rules.
+
+	e, _, _ := syscall_syscall(SYS___READDIR_R_A, dir, uintptr(unsafe.Pointer(&ent)), uintptr(unsafe.Pointer(&res)))
+	var err error
+	if e != 0 {
+		err = errnoErr(Errno(e))
+	}
+	if res == 0 {
+		return nil, err
+	}
+	return &ent, err
+}
+
+func Closedir(dir uintptr) error {
+	_, _, e := syscall_syscall(SYS_CLOSEDIR, dir, 0, 0)
+	if e != 0 {
+		return errnoErr(e)
+	}
+	return nil
+}
+
+func Seekdir(dir uintptr, pos int) {
+	_, _, _ = syscall_syscall(SYS_SEEKDIR, dir, uintptr(pos), 0)
+}
+
+func Telldir(dir uintptr) (int, error) {
+	p, _, e := syscall_syscall(SYS_TELLDIR, dir, 0, 0)
+	pos := int(p)
+	if pos == -1 {
+		return pos, errnoErr(e)
+	}
+	return pos, nil
+}
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
+	// struct flock is packed on z/OS. We can't emulate that in Go so
+	// instead we pack it here.
+	var flock [24]byte
+	*(*int16)(unsafe.Pointer(&flock[0])) = lk.Type
+	*(*int16)(unsafe.Pointer(&flock[2])) = lk.Whence
+	*(*int64)(unsafe.Pointer(&flock[4])) = lk.Start
+	*(*int64)(unsafe.Pointer(&flock[12])) = lk.Len
+	*(*int32)(unsafe.Pointer(&flock[20])) = lk.Pid
+	_, _, errno := syscall_syscall(SYS_FCNTL, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock)))
+	lk.Type = *(*int16)(unsafe.Pointer(&flock[0]))
+	lk.Whence = *(*int16)(unsafe.Pointer(&flock[2]))
+	lk.Start = *(*int64)(unsafe.Pointer(&flock[4]))
+	lk.Len = *(*int64)(unsafe.Pointer(&flock[12]))
+	lk.Pid = *(*int32)(unsafe.Pointer(&flock[20]))
+	if errno == 0 {
+		return nil
+	}
+	return errno
+}
+
+func Flock(fd int, how int) error {
+
+	var flock_type int16
+	var fcntl_cmd int
+
+	switch how {
+	case LOCK_SH | LOCK_NB:
+		flock_type = F_RDLCK
+		fcntl_cmd = F_SETLK
+	case LOCK_EX | LOCK_NB:
+		flock_type = F_WRLCK
+		fcntl_cmd = F_SETLK
+	case LOCK_EX:
+		flock_type = F_WRLCK
+		fcntl_cmd = F_SETLKW
+	case LOCK_UN:
+		flock_type = F_UNLCK
+		fcntl_cmd = F_SETLKW
+	default:
+	}
+
+	flock := Flock_t{
+		Type:   int16(flock_type),
+		Whence: int16(0),
+		Start:  int64(0),
+		Len:    int64(0),
+		Pid:    int32(Getppid()),
+	}
+
+	err := FcntlFlock(uintptr(fd), fcntl_cmd, &flock)
+	return err
+}
+
+func Mlock(b []byte) (err error) {
+	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Mlock2(b []byte, flags int) (err error) {
+	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Munlock(b []byte) (err error) {
+	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Munlockall() (err error) {
+	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ClockGettime(clockid int32, ts *Timespec) error {
+
+	var ticks_per_sec uint32 = 100 //TODO(kenan): value is currently hardcoded; need sysconf() call otherwise
+	var nsec_per_sec int64 = 1000000000
+
+	if ts == nil {
+		return EFAULT
+	}
+	if clockid == CLOCK_REALTIME || clockid == CLOCK_MONOTONIC {
+		var nanotime int64 = runtime.Nanotime1()
+		ts.Sec = nanotime / nsec_per_sec
+		ts.Nsec = nanotime % nsec_per_sec
+	} else if clockid == CLOCK_PROCESS_CPUTIME_ID || clockid == CLOCK_THREAD_CPUTIME_ID {
+		var tm Tms
+		_, err := Times(&tm)
+		if err != nil {
+			return EFAULT
+		}
+		ts.Sec = int64(tm.Utime / ticks_per_sec)
+		ts.Nsec = int64(tm.Utime) * nsec_per_sec / int64(ticks_per_sec)
+	} else {
+		return EINVAL
+	}
+	return nil
+}
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	fd, err := open(path, O_RDONLY, 0)
+	defer Close(fd)
+	if err != nil {
+		return err
+	}
+	return Fstatfs(fd, stat)
+}
+
+var (
+	Stdin  = 0
+	Stdout = 1
+	Stderr = 2
+)
+
+// Do the interface allocations only once for common
+// Errno values.
+var (
+	errEAGAIN error = syscall.EAGAIN
+	errEINVAL error = syscall.EINVAL
+	errENOENT error = syscall.ENOENT
+)
+
+var (
+	signalNameMapOnce sync.Once
+	signalNameMap     map[string]syscall.Signal
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case EAGAIN:
+		return errEAGAIN
+	case EINVAL:
+		return errEINVAL
+	case ENOENT:
+		return errENOENT
+	}
+	return e
+}
+
+// ErrnoName returns the error name for error number e.
+func ErrnoName(e Errno) string {
+	i := sort.Search(len(errorList), func(i int) bool {
+		return errorList[i].num >= e
+	})
+	if i < len(errorList) && errorList[i].num == e {
+		return errorList[i].name
+	}
+	return ""
+}
+
+// SignalName returns the signal name for signal number s.
+func SignalName(s syscall.Signal) string {
+	i := sort.Search(len(signalList), func(i int) bool {
+		return signalList[i].num >= s
+	})
+	if i < len(signalList) && signalList[i].num == s {
+		return signalList[i].name
+	}
+	return ""
+}
+
+// SignalNum returns the syscall.Signal for signal named s,
+// or 0 if a signal with such name is not found.
+// The signal name should start with "SIG".
+func SignalNum(s string) syscall.Signal {
+	signalNameMapOnce.Do(func() {
+		signalNameMap = make(map[string]syscall.Signal, len(signalList))
+		for _, signal := range signalList {
+			signalNameMap[signal.name] = signal.num
+		}
+	})
+	return signalNameMap[s]
+}
+
+// clen returns the index of the first NULL byte in n or len(n) if n contains no NULL byte.
+func clen(n []byte) int {
+	i := bytes.IndexByte(n, 0)
+	if i == -1 {
+		i = len(n)
+	}
+	return i
+}
+
+// Mmap manager, for use by operating system-specific implementations.
+
+type mmapper struct {
+	sync.Mutex
+	active map[*byte][]byte // active mappings; key is last byte in mapping
+	mmap   func(addr, length uintptr, prot, flags, fd int, offset int64) (uintptr, error)
+	munmap func(addr uintptr, length uintptr) error
+}
+
+func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	if length <= 0 {
+		return nil, EINVAL
+	}
+
+	// Map the requested memory.
+	addr, errno := m.mmap(0, uintptr(length), prot, flags, fd, offset)
+	if errno != nil {
+		return nil, errno
+	}
+
+	// Slice memory layout
+	var sl = struct {
+		addr uintptr
+		len  int
+		cap  int
+	}{addr, length, length}
+
+	// Use unsafe to turn sl into a []byte.
+	b := *(*[]byte)(unsafe.Pointer(&sl))
+
+	// Register mapping in m and return it.
+	p := &b[cap(b)-1]
+	m.Lock()
+	defer m.Unlock()
+	m.active[p] = b
+	return b, nil
+}
+
+func (m *mmapper) Munmap(data []byte) (err error) {
+	if len(data) == 0 || len(data) != cap(data) {
+		return EINVAL
+	}
+
+	// Find the base of the mapping.
+	p := &data[cap(data)-1]
+	m.Lock()
+	defer m.Unlock()
+	b := m.active[p]
+	if b == nil || &b[0] != &data[0] {
+		return EINVAL
+	}
+
+	// Unmap the memory and update m.
+	if errno := m.munmap(uintptr(unsafe.Pointer(&b[0])), uintptr(len(b))); errno != nil {
+		return errno
+	}
+	delete(m.active, p)
+	return nil
+}
+
+func Read(fd int, p []byte) (n int, err error) {
+	n, err = read(fd, p)
+	if raceenabled {
+		if n > 0 {
+			raceWriteRange(unsafe.Pointer(&p[0]), n)
+		}
+		if err == nil {
+			raceAcquire(unsafe.Pointer(&ioSync))
+		}
+	}
+	return
+}
+
+func Write(fd int, p []byte) (n int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	n, err = write(fd, p)
+	if raceenabled && n > 0 {
+		raceReadRange(unsafe.Pointer(&p[0]), n)
+	}
+	return
+}
+
+// For testing: clients can set this flag to force
+// creation of IPv6 sockets to return EAFNOSUPPORT.
+var SocketDisableIPv6 bool
+
+// Sockaddr represents a socket address.
+type Sockaddr interface {
+	sockaddr() (ptr unsafe.Pointer, len _Socklen, err error) // lowercase; only we can define Sockaddrs
+}
+
+// SockaddrInet4 implements the Sockaddr interface for AF_INET type sockets.
+type SockaddrInet4 struct {
+	Port int
+	Addr [4]byte
+	raw  RawSockaddrInet4
+}
+
+// SockaddrInet6 implements the Sockaddr interface for AF_INET6 type sockets.
+type SockaddrInet6 struct {
+	Port   int
+	ZoneId uint32
+	Addr   [16]byte
+	raw    RawSockaddrInet6
+}
+
+// SockaddrUnix implements the Sockaddr interface for AF_UNIX type sockets.
+type SockaddrUnix struct {
+	Name string
+	raw  RawSockaddrUnix
+}
+
+func Bind(fd int, sa Sockaddr) (err error) {
+	ptr, n, err := sa.sockaddr()
+	if err != nil {
+		return err
+	}
+	return bind(fd, ptr, n)
+}
+
+func Connect(fd int, sa Sockaddr) (err error) {
+	ptr, n, err := sa.sockaddr()
+	if err != nil {
+		return err
+	}
+	return connect(fd, ptr, n)
+}
+
+func Getpeername(fd int) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if err = getpeername(fd, &rsa, &len); err != nil {
+		return
+	}
+	return anyToSockaddr(fd, &rsa)
+}
+
+func GetsockoptByte(fd, level, opt int) (value byte, err error) {
+	var n byte
+	vallen := _Socklen(1)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&n), &vallen)
+	return n, err
+}
+
+func GetsockoptInt(fd, level, opt int) (value int, err error) {
+	var n int32
+	vallen := _Socklen(4)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&n), &vallen)
+	return int(n), err
+}
+
+func GetsockoptInet4Addr(fd, level, opt int) (value [4]byte, err error) {
+	vallen := _Socklen(4)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+	return value, err
+}
+
+func GetsockoptIPMreq(fd, level, opt int) (*IPMreq, error) {
+	var value IPMreq
+	vallen := _Socklen(SizeofIPMreq)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptIPv6Mreq(fd, level, opt int) (*IPv6Mreq, error) {
+	var value IPv6Mreq
+	vallen := _Socklen(SizeofIPv6Mreq)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptIPv6MTUInfo(fd, level, opt int) (*IPv6MTUInfo, error) {
+	var value IPv6MTUInfo
+	vallen := _Socklen(SizeofIPv6MTUInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptICMPv6Filter(fd, level, opt int) (*ICMPv6Filter, error) {
+	var value ICMPv6Filter
+	vallen := _Socklen(SizeofICMPv6Filter)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptLinger(fd, level, opt int) (*Linger, error) {
+	var linger Linger
+	vallen := _Socklen(SizeofLinger)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&linger), &vallen)
+	return &linger, err
+}
+
+func GetsockoptTimeval(fd, level, opt int) (*Timeval, error) {
+	var tv Timeval
+	vallen := _Socklen(unsafe.Sizeof(tv))
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&tv), &vallen)
+	return &tv, err
+}
+
+func GetsockoptUint64(fd, level, opt int) (value uint64, err error) {
+	var n uint64
+	vallen := _Socklen(8)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&n), &vallen)
+	return n, err
+}
+
+func Recvfrom(fd int, p []byte, flags int) (n int, from Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if n, err = recvfrom(fd, p, flags, &rsa, &len); err != nil {
+		return
+	}
+	if rsa.Addr.Family != AF_UNSPEC {
+		from, err = anyToSockaddr(fd, &rsa)
+	}
+	return
+}
+
+func Sendto(fd int, p []byte, flags int, to Sockaddr) (err error) {
+	ptr, n, err := to.sockaddr()
+	if err != nil {
+		return err
+	}
+	return sendto(fd, p, flags, ptr, n)
+}
+
+func SetsockoptByte(fd, level, opt int, value byte) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(&value), 1)
+}
+
+func SetsockoptInt(fd, level, opt int, value int) (err error) {
+	var n = int32(value)
+	return setsockopt(fd, level, opt, unsafe.Pointer(&n), 4)
+}
+
+func SetsockoptInet4Addr(fd, level, opt int, value [4]byte) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(&value[0]), 4)
+}
+
+func SetsockoptIPMreq(fd, level, opt int, mreq *IPMreq) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), SizeofIPMreq)
+}
+
+func SetsockoptIPv6Mreq(fd, level, opt int, mreq *IPv6Mreq) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), SizeofIPv6Mreq)
+}
+
+func SetsockoptICMPv6Filter(fd, level, opt int, filter *ICMPv6Filter) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(filter), SizeofICMPv6Filter)
+}
+
+func SetsockoptLinger(fd, level, opt int, l *Linger) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(l), SizeofLinger)
+}
+
+func SetsockoptString(fd, level, opt int, s string) (err error) {
+	var p unsafe.Pointer
+	if len(s) > 0 {
+		p = unsafe.Pointer(&[]byte(s)[0])
+	}
+	return setsockopt(fd, level, opt, p, uintptr(len(s)))
+}
+
+func SetsockoptTimeval(fd, level, opt int, tv *Timeval) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(tv), unsafe.Sizeof(*tv))
+}
+
+func SetsockoptUint64(fd, level, opt int, value uint64) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(&value), 8)
+}
+
+func Socket(domain, typ, proto int) (fd int, err error) {
+	if domain == AF_INET6 && SocketDisableIPv6 {
+		return -1, EAFNOSUPPORT
+	}
+	fd, err = socket(domain, typ, proto)
+	return
+}
+
+func Socketpair(domain, typ, proto int) (fd [2]int, err error) {
+	var fdx [2]int32
+	err = socketpair(domain, typ, proto, &fdx)
+	if err == nil {
+		fd[0] = int(fdx[0])
+		fd[1] = int(fdx[1])
+	}
+	return
+}
+
+var ioSync int64
+
+func CloseOnExec(fd int) { fcntl(fd, F_SETFD, FD_CLOEXEC) }
+
+func SetNonblock(fd int, nonblocking bool) (err error) {
+	flag, err := fcntl(fd, F_GETFL, 0)
+	if err != nil {
+		return err
+	}
+	if nonblocking {
+		flag |= O_NONBLOCK
+	} else {
+		flag &= ^O_NONBLOCK
+	}
+	_, err = fcntl(fd, F_SETFL, flag)
+	return err
+}
+
+// Exec calls execve(2), which replaces the calling executable in the process
+// tree. argv0 should be the full path to an executable ("/bin/ls") and the
+// executable name should also be the first argument in argv (["ls", "-l"]).
+// envv are the environment variables that should be passed to the new
+// process (["USER=go", "PWD=/tmp"]).
+func Exec(argv0 string, argv []string, envv []string) error {
+	return syscall.Exec(argv0, argv, envv)
+}
+
+func Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+	if needspace := 8 - len(fstype); needspace <= 0 {
+		fstype = fstype[:8]
+	} else {
+		fstype += "        "[:needspace]
+	}
+	return mount_LE(target, source, fstype, uint32(flags), int32(len(data)), data)
+}
+
+func Unmount(name string, mtm int) (err error) {
+	// mountpoint is always a full path and starts with a '/'
+	// check if input string is not a mountpoint but a filesystem name
+	if name[0] != '/' {
+		return unmount(name, mtm)
+	}
+	// treat name as mountpoint
+	b2s := func(arr []byte) string {
+		nulli := bytes.IndexByte(arr, 0)
+		if nulli == -1 {
+			return string(arr)
+		} else {
+			return string(arr[:nulli])
+		}
+	}
+	var buffer struct {
+		header W_Mnth
+		fsinfo [64]W_Mntent
+	}
+	fsCount, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer)))
+	if err != nil {
+		return err
+	}
+	if fsCount == 0 {
+		return EINVAL
+	}
+	for i := 0; i < fsCount; i++ {
+		if b2s(buffer.fsinfo[i].Mountpoint[:]) == name {
+			err = unmount(b2s(buffer.fsinfo[i].Fsname[:]), mtm)
+			break
+		}
+	}
+	return err
+}
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/vendor/golang.org/x/sys/unix/sysvshm_linux.go
new file mode 100644
index 0000000000000..2c3a4437f0f08
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sysvshm_linux.go
@@ -0,0 +1,21 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux
+// +build linux
+
+package unix
+
+import "runtime"
+
+// SysvShmCtl performs control operations on the shared memory segment
+// specified by id.
+func SysvShmCtl(id, cmd int, desc *SysvShmDesc) (result int, err error) {
+	if runtime.GOARCH == "arm" ||
+		runtime.GOARCH == "mips64" || runtime.GOARCH == "mips64le" {
+		cmd |= ipc_64
+	}
+
+	return shmctl(id, cmd, desc)
+}
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
new file mode 100644
index 0000000000000..0bb4c8de557b5
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -0,0 +1,61 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (darwin && !ios) || linux
+// +build darwin,!ios linux
+
+package unix
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
+)
+
+// SysvShmAttach attaches the Sysv shared memory segment associated with the
+// shared memory identifier id.
+func SysvShmAttach(id int, addr uintptr, flag int) ([]byte, error) {
+	addr, errno := shmat(id, addr, flag)
+	if errno != nil {
+		return nil, errno
+	}
+
+	// Retrieve the size of the shared memory to enable slice creation
+	var info SysvShmDesc
+
+	_, err := SysvShmCtl(id, IPC_STAT, &info)
+	if err != nil {
+		// release the shared memory if we can't find the size
+
+		// ignoring error from shmdt as there's nothing sensible to return here
+		shmdt(addr)
+		return nil, err
+	}
+
+	// Use unsafe to convert addr into a []byte.
+	// TODO: convert to unsafe.Slice once we can assume Go 1.17
+	var b []byte
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b))
+	hdr.Data = unsafe.Pointer(addr)
+	hdr.Cap = int(info.Segsz)
+	hdr.Len = int(info.Segsz)
+	return b, nil
+}
+
+// SysvShmDetach unmaps the shared memory slice returned from SysvShmAttach.
+//
+// It is not safe to use the slice after calling this function.
+func SysvShmDetach(data []byte) error {
+	if len(data) == 0 {
+		return EINVAL
+	}
+
+	return shmdt(uintptr(unsafe.Pointer(&data[0])))
+}
+
+// SysvShmGet returns the Sysv shared memory identifier associated with key.
+// If the IPC_CREAT flag is specified a new segment is created.
+func SysvShmGet(key, size, flag int) (id int, err error) {
+	return shmget(key, size, flag)
+}
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
new file mode 100644
index 0000000000000..71bddefdb87db
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -0,0 +1,14 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin && !ios
+// +build darwin,!ios
+
+package unix
+
+// SysvShmCtl performs control operations on the shared memory segment
+// specified by id.
+func SysvShmCtl(id, cmd int, desc *SysvShmDesc) (result int, err error) {
+	return shmctl(id, cmd, desc)
+}
diff --git a/vendor/golang.org/x/sys/unix/timestruct.go b/vendor/golang.org/x/sys/unix/timestruct.go
index 47b9011ee9636..3d893040553be 100644
--- a/vendor/golang.org/x/sys/unix/timestruct.go
+++ b/vendor/golang.org/x/sys/unix/timestruct.go
@@ -2,18 +2,17 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
 import "time"
 
-// TimespecToNsec converts a Timespec value into a number of
-// nanoseconds since the Unix epoch.
-func TimespecToNsec(ts Timespec) int64 { return int64(ts.Sec)*1e9 + int64(ts.Nsec) }
+// TimespecToNSec returns the time stored in ts as nanoseconds.
+func TimespecToNsec(ts Timespec) int64 { return ts.Nano() }
 
-// NsecToTimespec takes a number of nanoseconds since the Unix epoch
-// and returns the corresponding Timespec value.
+// NsecToTimespec converts a number of nanoseconds into a Timespec.
 func NsecToTimespec(nsec int64) Timespec {
 	sec := nsec / 1e9
 	nsec = nsec % 1e9
@@ -42,12 +41,10 @@ func TimeToTimespec(t time.Time) (Timespec, error) {
 	return ts, nil
 }
 
-// TimevalToNsec converts a Timeval value into a number of nanoseconds
-// since the Unix epoch.
-func TimevalToNsec(tv Timeval) int64 { return int64(tv.Sec)*1e9 + int64(tv.Usec)*1e3 }
+// TimevalToNsec returns the time stored in tv as nanoseconds.
+func TimevalToNsec(tv Timeval) int64 { return tv.Nano() }
 
-// NsecToTimeval takes a number of nanoseconds since the Unix epoch
-// and returns the corresponding Timeval value.
+// NsecToTimeval converts a number of nanoseconds into a Timeval.
 func NsecToTimeval(nsec int64) Timeval {
 	nsec += 999 // round up to microsecond
 	usec := nsec % 1e9 / 1e3
@@ -59,24 +56,22 @@ func NsecToTimeval(nsec int64) Timeval {
 	return setTimeval(sec, usec)
 }
 
-// Unix returns ts as the number of seconds and nanoseconds elapsed since the
-// Unix epoch.
+// Unix returns the time stored in ts as seconds plus nanoseconds.
 func (ts *Timespec) Unix() (sec int64, nsec int64) {
 	return int64(ts.Sec), int64(ts.Nsec)
 }
 
-// Unix returns tv as the number of seconds and nanoseconds elapsed since the
-// Unix epoch.
+// Unix returns the time stored in tv as seconds plus nanoseconds.
 func (tv *Timeval) Unix() (sec int64, nsec int64) {
 	return int64(tv.Sec), int64(tv.Usec) * 1000
 }
 
-// Nano returns ts as the number of nanoseconds elapsed since the Unix epoch.
+// Nano returns the time stored in ts as nanoseconds.
 func (ts *Timespec) Nano() int64 {
 	return int64(ts.Sec)*1e9 + int64(ts.Nsec)
 }
 
-// Nano returns tv as the number of nanoseconds elapsed since the Unix epoch.
+// Nano returns the time stored in tv as nanoseconds.
 func (tv *Timeval) Nano() int64 {
 	return int64(tv.Sec)*1e9 + int64(tv.Usec)*1000
 }
diff --git a/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
new file mode 100644
index 0000000000000..168d5ae77914b
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
@@ -0,0 +1,42 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Unveil implements the unveil syscall.
+// For more information see unveil(2).
+// Note that the special case of blocking further
+// unveil calls is handled by UnveilBlock.
+func Unveil(path string, flags string) error {
+	pathPtr, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	flagsPtr, err := syscall.BytePtrFromString(flags)
+	if err != nil {
+		return err
+	}
+	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
+	if e != 0 {
+		return e
+	}
+	return nil
+}
+
+// UnveilBlock blocks future unveil calls.
+// For more information see unveil(2).
+func UnveilBlock() error {
+	// Both pointers must be nil.
+	var pathUnsafe, flagsUnsafe unsafe.Pointer
+	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
+	if e != 0 {
+		return e
+	}
+	return nil
+}
diff --git a/vendor/golang.org/x/sys/unix/xattr_bsd.go b/vendor/golang.org/x/sys/unix/xattr_bsd.go
new file mode 100644
index 0000000000000..25df1e37801f4
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go
@@ -0,0 +1,241 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build freebsd || netbsd
+// +build freebsd netbsd
+
+package unix
+
+import (
+	"strings"
+	"unsafe"
+)
+
+// Derive extattr namespace and attribute name
+
+func xattrnamespace(fullattr string) (ns int, attr string, err error) {
+	s := strings.IndexByte(fullattr, '.')
+	if s == -1 {
+		return -1, "", ENOATTR
+	}
+
+	namespace := fullattr[0:s]
+	attr = fullattr[s+1:]
+
+	switch namespace {
+	case "user":
+		return EXTATTR_NAMESPACE_USER, attr, nil
+	case "system":
+		return EXTATTR_NAMESPACE_SYSTEM, attr, nil
+	default:
+		return -1, "", ENOATTR
+	}
+}
+
+func initxattrdest(dest []byte, idx int) (d unsafe.Pointer) {
+	if len(dest) > idx {
+		return unsafe.Pointer(&dest[idx])
+	} else {
+		return unsafe.Pointer(_zero)
+	}
+}
+
+// FreeBSD and NetBSD implement their own syscalls to handle extended attributes
+
+func Getxattr(file string, attr string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsize := len(dest)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return -1, err
+	}
+
+	return ExtattrGetFile(file, nsid, a, uintptr(d), destsize)
+}
+
+func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsize := len(dest)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return -1, err
+	}
+
+	return ExtattrGetFd(fd, nsid, a, uintptr(d), destsize)
+}
+
+func Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsize := len(dest)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return -1, err
+	}
+
+	return ExtattrGetLink(link, nsid, a, uintptr(d), destsize)
+}
+
+// flags are unused on FreeBSD
+
+func Fsetxattr(fd int, attr string, data []byte, flags int) (err error) {
+	var d unsafe.Pointer
+	if len(data) > 0 {
+		d = unsafe.Pointer(&data[0])
+	}
+	datasiz := len(data)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	_, err = ExtattrSetFd(fd, nsid, a, uintptr(d), datasiz)
+	return
+}
+
+func Setxattr(file string, attr string, data []byte, flags int) (err error) {
+	var d unsafe.Pointer
+	if len(data) > 0 {
+		d = unsafe.Pointer(&data[0])
+	}
+	datasiz := len(data)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	_, err = ExtattrSetFile(file, nsid, a, uintptr(d), datasiz)
+	return
+}
+
+func Lsetxattr(link string, attr string, data []byte, flags int) (err error) {
+	var d unsafe.Pointer
+	if len(data) > 0 {
+		d = unsafe.Pointer(&data[0])
+	}
+	datasiz := len(data)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	_, err = ExtattrSetLink(link, nsid, a, uintptr(d), datasiz)
+	return
+}
+
+func Removexattr(file string, attr string) (err error) {
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	err = ExtattrDeleteFile(file, nsid, a)
+	return
+}
+
+func Fremovexattr(fd int, attr string) (err error) {
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	err = ExtattrDeleteFd(fd, nsid, a)
+	return
+}
+
+func Lremovexattr(link string, attr string) (err error) {
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	err = ExtattrDeleteLink(link, nsid, a)
+	return
+}
+
+func Listxattr(file string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsiz := len(dest)
+
+	// FreeBSD won't allow you to list xattrs from multiple namespaces
+	s := 0
+	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
+		stmp, e := ExtattrListFile(file, nsid, uintptr(d), destsiz)
+
+		/* Errors accessing system attrs are ignored so that
+		 * we can implement the Linux-like behavior of omitting errors that
+		 * we don't have read permissions on
+		 *
+		 * Linux will still error if we ask for user attributes on a file that
+		 * we don't have read permissions on, so don't ignore those errors
+		 */
+		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+			continue
+		} else if e != nil {
+			return s, e
+		}
+
+		s += stmp
+		destsiz -= s
+		if destsiz < 0 {
+			destsiz = 0
+		}
+		d = initxattrdest(dest, s)
+	}
+
+	return s, nil
+}
+
+func Flistxattr(fd int, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsiz := len(dest)
+
+	s := 0
+	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
+		stmp, e := ExtattrListFd(fd, nsid, uintptr(d), destsiz)
+		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+			continue
+		} else if e != nil {
+			return s, e
+		}
+
+		s += stmp
+		destsiz -= s
+		if destsiz < 0 {
+			destsiz = 0
+		}
+		d = initxattrdest(dest, s)
+	}
+
+	return s, nil
+}
+
+func Llistxattr(link string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsiz := len(dest)
+
+	s := 0
+	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
+		stmp, e := ExtattrListLink(link, nsid, uintptr(d), destsiz)
+		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+			continue
+		} else if e != nil {
+			return s, e
+		}
+
+		s += stmp
+		destsiz -= s
+		if destsiz < 0 {
+			destsiz = 0
+		}
+		d = initxattrdest(dest, s)
+	}
+
+	return s, nil
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
new file mode 100644
index 0000000000000..ca9799b79ef95
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
@@ -0,0 +1,1385 @@
+// mkerrors.sh -maix32
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && aix
+// +build ppc,aix
+
+// Created by cgo -godefs - DO NOT EDIT
+// cgo -godefs -- -maix32 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                  = 0x10
+	AF_BYPASS                     = 0x19
+	AF_CCITT                      = 0xa
+	AF_CHAOS                      = 0x5
+	AF_DATAKIT                    = 0x9
+	AF_DECnet                     = 0xc
+	AF_DLI                        = 0xd
+	AF_ECMA                       = 0x8
+	AF_HYLINK                     = 0xf
+	AF_IMPLINK                    = 0x3
+	AF_INET                       = 0x2
+	AF_INET6                      = 0x18
+	AF_INTF                       = 0x14
+	AF_ISO                        = 0x7
+	AF_LAT                        = 0xe
+	AF_LINK                       = 0x12
+	AF_LOCAL                      = 0x1
+	AF_MAX                        = 0x1e
+	AF_NDD                        = 0x17
+	AF_NETWARE                    = 0x16
+	AF_NS                         = 0x6
+	AF_OSI                        = 0x7
+	AF_PUP                        = 0x4
+	AF_RIF                        = 0x15
+	AF_ROUTE                      = 0x11
+	AF_SNA                        = 0xb
+	AF_UNIX                       = 0x1
+	AF_UNSPEC                     = 0x0
+	ALTWERASE                     = 0x400000
+	ARPHRD_802_3                  = 0x6
+	ARPHRD_802_5                  = 0x6
+	ARPHRD_ETHER                  = 0x1
+	ARPHRD_FDDI                   = 0x1
+	B0                            = 0x0
+	B110                          = 0x3
+	B1200                         = 0x9
+	B134                          = 0x4
+	B150                          = 0x5
+	B1800                         = 0xa
+	B19200                        = 0xe
+	B200                          = 0x6
+	B2400                         = 0xb
+	B300                          = 0x7
+	B38400                        = 0xf
+	B4800                         = 0xc
+	B50                           = 0x1
+	B600                          = 0x8
+	B75                           = 0x2
+	B9600                         = 0xd
+	BRKINT                        = 0x2
+	BS0                           = 0x0
+	BS1                           = 0x1000
+	BSDLY                         = 0x1000
+	CAP_AACCT                     = 0x6
+	CAP_ARM_APPLICATION           = 0x5
+	CAP_BYPASS_RAC_VMM            = 0x3
+	CAP_CLEAR                     = 0x0
+	CAP_CREDENTIALS               = 0x7
+	CAP_EFFECTIVE                 = 0x1
+	CAP_EWLM_AGENT                = 0x4
+	CAP_INHERITABLE               = 0x2
+	CAP_MAXIMUM                   = 0x7
+	CAP_NUMA_ATTACH               = 0x2
+	CAP_PERMITTED                 = 0x3
+	CAP_PROPAGATE                 = 0x1
+	CAP_PROPOGATE                 = 0x1
+	CAP_SET                       = 0x1
+	CBAUD                         = 0xf
+	CFLUSH                        = 0xf
+	CIBAUD                        = 0xf0000
+	CLOCAL                        = 0x800
+	CLOCK_MONOTONIC               = 0xa
+	CLOCK_PROCESS_CPUTIME_ID      = 0xb
+	CLOCK_REALTIME                = 0x9
+	CLOCK_THREAD_CPUTIME_ID       = 0xc
+	CR0                           = 0x0
+	CR1                           = 0x100
+	CR2                           = 0x200
+	CR3                           = 0x300
+	CRDLY                         = 0x300
+	CREAD                         = 0x80
+	CS5                           = 0x0
+	CS6                           = 0x10
+	CS7                           = 0x20
+	CS8                           = 0x30
+	CSIOCGIFCONF                  = -0x3ff796dc
+	CSIZE                         = 0x30
+	CSMAP_DIR                     = "/usr/lib/nls/csmap/"
+	CSTART                        = '\021'
+	CSTOP                         = '\023'
+	CSTOPB                        = 0x40
+	CSUSP                         = 0x1a
+	ECHO                          = 0x8
+	ECHOCTL                       = 0x20000
+	ECHOE                         = 0x10
+	ECHOK                         = 0x20
+	ECHOKE                        = 0x80000
+	ECHONL                        = 0x40
+	ECHOPRT                       = 0x40000
+	ECH_ICMPID                    = 0x2
+	ETHERNET_CSMACD               = 0x6
+	EVENP                         = 0x80
+	EXCONTINUE                    = 0x0
+	EXDLOK                        = 0x3
+	EXIO                          = 0x2
+	EXPGIO                        = 0x0
+	EXRESUME                      = 0x2
+	EXRETURN                      = 0x1
+	EXSIG                         = 0x4
+	EXTA                          = 0xe
+	EXTB                          = 0xf
+	EXTRAP                        = 0x1
+	EYEC_RTENTRYA                 = 0x257274656e747241
+	EYEC_RTENTRYF                 = 0x257274656e747246
+	E_ACC                         = 0x0
+	FD_CLOEXEC                    = 0x1
+	FD_SETSIZE                    = 0xfffe
+	FF0                           = 0x0
+	FF1                           = 0x2000
+	FFDLY                         = 0x2000
+	FLUSHBAND                     = 0x40
+	FLUSHLOW                      = 0x8
+	FLUSHO                        = 0x100000
+	FLUSHR                        = 0x1
+	FLUSHRW                       = 0x3
+	FLUSHW                        = 0x2
+	F_CLOSEM                      = 0xa
+	F_DUP2FD                      = 0xe
+	F_DUPFD                       = 0x0
+	F_GETFD                       = 0x1
+	F_GETFL                       = 0x3
+	F_GETLK                       = 0x5
+	F_GETLK64                     = 0xb
+	F_GETOWN                      = 0x8
+	F_LOCK                        = 0x1
+	F_OK                          = 0x0
+	F_RDLCK                       = 0x1
+	F_SETFD                       = 0x2
+	F_SETFL                       = 0x4
+	F_SETLK                       = 0x6
+	F_SETLK64                     = 0xc
+	F_SETLKW                      = 0x7
+	F_SETLKW64                    = 0xd
+	F_SETOWN                      = 0x9
+	F_TEST                        = 0x3
+	F_TLOCK                       = 0x2
+	F_TSTLK                       = 0xf
+	F_ULOCK                       = 0x0
+	F_UNLCK                       = 0x3
+	F_WRLCK                       = 0x2
+	HUPCL                         = 0x400
+	IBSHIFT                       = 0x10
+	ICANON                        = 0x2
+	ICMP6_FILTER                  = 0x26
+	ICMP6_SEC_SEND_DEL            = 0x46
+	ICMP6_SEC_SEND_GET            = 0x47
+	ICMP6_SEC_SEND_SET            = 0x44
+	ICMP6_SEC_SEND_SET_CGA_ADDR   = 0x45
+	ICRNL                         = 0x100
+	IEXTEN                        = 0x200000
+	IFA_FIRSTALIAS                = 0x2000
+	IFA_ROUTE                     = 0x1
+	IFF_64BIT                     = 0x4000000
+	IFF_ALLCAST                   = 0x20000
+	IFF_ALLMULTI                  = 0x200
+	IFF_BPF                       = 0x8000000
+	IFF_BRIDGE                    = 0x40000
+	IFF_BROADCAST                 = 0x2
+	IFF_CANTCHANGE                = 0x80c52
+	IFF_CHECKSUM_OFFLOAD          = 0x10000000
+	IFF_D1                        = 0x8000
+	IFF_D2                        = 0x4000
+	IFF_D3                        = 0x2000
+	IFF_D4                        = 0x1000
+	IFF_DEBUG                     = 0x4
+	IFF_DEVHEALTH                 = 0x4000
+	IFF_DO_HW_LOOPBACK            = 0x10000
+	IFF_GROUP_ROUTING             = 0x2000000
+	IFF_IFBUFMGT                  = 0x800000
+	IFF_LINK0                     = 0x100000
+	IFF_LINK1                     = 0x200000
+	IFF_LINK2                     = 0x400000
+	IFF_LOOPBACK                  = 0x8
+	IFF_MULTICAST                 = 0x80000
+	IFF_NOARP                     = 0x80
+	IFF_NOECHO                    = 0x800
+	IFF_NOTRAILERS                = 0x20
+	IFF_OACTIVE                   = 0x400
+	IFF_POINTOPOINT               = 0x10
+	IFF_PROMISC                   = 0x100
+	IFF_PSEG                      = 0x40000000
+	IFF_RUNNING                   = 0x40
+	IFF_SIMPLEX                   = 0x800
+	IFF_SNAP                      = 0x8000
+	IFF_TCP_DISABLE_CKSUM         = 0x20000000
+	IFF_TCP_NOCKSUM               = 0x1000000
+	IFF_UP                        = 0x1
+	IFF_VIPA                      = 0x80000000
+	IFNAMSIZ                      = 0x10
+	IFO_FLUSH                     = 0x1
+	IFT_1822                      = 0x2
+	IFT_AAL5                      = 0x31
+	IFT_ARCNET                    = 0x23
+	IFT_ARCNETPLUS                = 0x24
+	IFT_ATM                       = 0x25
+	IFT_CEPT                      = 0x13
+	IFT_CLUSTER                   = 0x3e
+	IFT_DS3                       = 0x1e
+	IFT_EON                       = 0x19
+	IFT_ETHER                     = 0x6
+	IFT_FCS                       = 0x3a
+	IFT_FDDI                      = 0xf
+	IFT_FRELAY                    = 0x20
+	IFT_FRELAYDCE                 = 0x2c
+	IFT_GIFTUNNEL                 = 0x3c
+	IFT_HDH1822                   = 0x3
+	IFT_HF                        = 0x3d
+	IFT_HIPPI                     = 0x2f
+	IFT_HSSI                      = 0x2e
+	IFT_HY                        = 0xe
+	IFT_IB                        = 0xc7
+	IFT_ISDNBASIC                 = 0x14
+	IFT_ISDNPRIMARY               = 0x15
+	IFT_ISO88022LLC               = 0x29
+	IFT_ISO88023                  = 0x7
+	IFT_ISO88024                  = 0x8
+	IFT_ISO88025                  = 0x9
+	IFT_ISO88026                  = 0xa
+	IFT_LAPB                      = 0x10
+	IFT_LOCALTALK                 = 0x2a
+	IFT_LOOP                      = 0x18
+	IFT_MIOX25                    = 0x26
+	IFT_MODEM                     = 0x30
+	IFT_NSIP                      = 0x1b
+	IFT_OTHER                     = 0x1
+	IFT_P10                       = 0xc
+	IFT_P80                       = 0xd
+	IFT_PARA                      = 0x22
+	IFT_PPP                       = 0x17
+	IFT_PROPMUX                   = 0x36
+	IFT_PROPVIRTUAL               = 0x35
+	IFT_PTPSERIAL                 = 0x16
+	IFT_RS232                     = 0x21
+	IFT_SDLC                      = 0x11
+	IFT_SIP                       = 0x1f
+	IFT_SLIP                      = 0x1c
+	IFT_SMDSDXI                   = 0x2b
+	IFT_SMDSICIP                  = 0x34
+	IFT_SN                        = 0x38
+	IFT_SONET                     = 0x27
+	IFT_SONETPATH                 = 0x32
+	IFT_SONETVT                   = 0x33
+	IFT_SP                        = 0x39
+	IFT_STARLAN                   = 0xb
+	IFT_T1                        = 0x12
+	IFT_TUNNEL                    = 0x3b
+	IFT_ULTRA                     = 0x1d
+	IFT_V35                       = 0x2d
+	IFT_VIPA                      = 0x37
+	IFT_X25                       = 0x5
+	IFT_X25DDN                    = 0x4
+	IFT_X25PLE                    = 0x28
+	IFT_XETHER                    = 0x1a
+	IGNBRK                        = 0x1
+	IGNCR                         = 0x80
+	IGNPAR                        = 0x4
+	IMAXBEL                       = 0x10000
+	INLCR                         = 0x40
+	INPCK                         = 0x10
+	IN_CLASSA_HOST                = 0xffffff
+	IN_CLASSA_MAX                 = 0x80
+	IN_CLASSA_NET                 = 0xff000000
+	IN_CLASSA_NSHIFT              = 0x18
+	IN_CLASSB_HOST                = 0xffff
+	IN_CLASSB_MAX                 = 0x10000
+	IN_CLASSB_NET                 = 0xffff0000
+	IN_CLASSB_NSHIFT              = 0x10
+	IN_CLASSC_HOST                = 0xff
+	IN_CLASSC_NET                 = 0xffffff00
+	IN_CLASSC_NSHIFT              = 0x8
+	IN_CLASSD_HOST                = 0xfffffff
+	IN_CLASSD_NET                 = 0xf0000000
+	IN_CLASSD_NSHIFT              = 0x1c
+	IN_LOOPBACKNET                = 0x7f
+	IN_USE                        = 0x1
+	IPPROTO_AH                    = 0x33
+	IPPROTO_BIP                   = 0x53
+	IPPROTO_DSTOPTS               = 0x3c
+	IPPROTO_EGP                   = 0x8
+	IPPROTO_EON                   = 0x50
+	IPPROTO_ESP                   = 0x32
+	IPPROTO_FRAGMENT              = 0x2c
+	IPPROTO_GGP                   = 0x3
+	IPPROTO_GIF                   = 0x8c
+	IPPROTO_GRE                   = 0x2f
+	IPPROTO_HOPOPTS               = 0x0
+	IPPROTO_ICMP                  = 0x1
+	IPPROTO_ICMPV6                = 0x3a
+	IPPROTO_IDP                   = 0x16
+	IPPROTO_IGMP                  = 0x2
+	IPPROTO_IP                    = 0x0
+	IPPROTO_IPIP                  = 0x4
+	IPPROTO_IPV6                  = 0x29
+	IPPROTO_LOCAL                 = 0x3f
+	IPPROTO_MAX                   = 0x100
+	IPPROTO_MH                    = 0x87
+	IPPROTO_NONE                  = 0x3b
+	IPPROTO_PUP                   = 0xc
+	IPPROTO_QOS                   = 0x2d
+	IPPROTO_RAW                   = 0xff
+	IPPROTO_ROUTING               = 0x2b
+	IPPROTO_RSVP                  = 0x2e
+	IPPROTO_SCTP                  = 0x84
+	IPPROTO_TCP                   = 0x6
+	IPPROTO_TP                    = 0x1d
+	IPPROTO_UDP                   = 0x11
+	IPV6_ADDRFORM                 = 0x16
+	IPV6_ADDR_PREFERENCES         = 0x4a
+	IPV6_ADD_MEMBERSHIP           = 0xc
+	IPV6_AIXRAWSOCKET             = 0x39
+	IPV6_CHECKSUM                 = 0x27
+	IPV6_DONTFRAG                 = 0x2d
+	IPV6_DROP_MEMBERSHIP          = 0xd
+	IPV6_DSTOPTS                  = 0x36
+	IPV6_FLOWINFO_FLOWLABEL       = 0xffffff
+	IPV6_FLOWINFO_PRIFLOW         = 0xfffffff
+	IPV6_FLOWINFO_PRIORITY        = 0xf000000
+	IPV6_FLOWINFO_SRFLAG          = 0x10000000
+	IPV6_FLOWINFO_VERSION         = 0xf0000000
+	IPV6_HOPLIMIT                 = 0x28
+	IPV6_HOPOPTS                  = 0x34
+	IPV6_JOIN_GROUP               = 0xc
+	IPV6_LEAVE_GROUP              = 0xd
+	IPV6_MIPDSTOPTS               = 0x36
+	IPV6_MULTICAST_HOPS           = 0xa
+	IPV6_MULTICAST_IF             = 0x9
+	IPV6_MULTICAST_LOOP           = 0xb
+	IPV6_NEXTHOP                  = 0x30
+	IPV6_NOPROBE                  = 0x1c
+	IPV6_PATHMTU                  = 0x2e
+	IPV6_PKTINFO                  = 0x21
+	IPV6_PKTOPTIONS               = 0x24
+	IPV6_PRIORITY_10              = 0xa000000
+	IPV6_PRIORITY_11              = 0xb000000
+	IPV6_PRIORITY_12              = 0xc000000
+	IPV6_PRIORITY_13              = 0xd000000
+	IPV6_PRIORITY_14              = 0xe000000
+	IPV6_PRIORITY_15              = 0xf000000
+	IPV6_PRIORITY_8               = 0x8000000
+	IPV6_PRIORITY_9               = 0x9000000
+	IPV6_PRIORITY_BULK            = 0x4000000
+	IPV6_PRIORITY_CONTROL         = 0x7000000
+	IPV6_PRIORITY_FILLER          = 0x1000000
+	IPV6_PRIORITY_INTERACTIVE     = 0x6000000
+	IPV6_PRIORITY_RESERVED1       = 0x3000000
+	IPV6_PRIORITY_RESERVED2       = 0x5000000
+	IPV6_PRIORITY_UNATTENDED      = 0x2000000
+	IPV6_PRIORITY_UNCHARACTERIZED = 0x0
+	IPV6_RECVDSTOPTS              = 0x38
+	IPV6_RECVHOPLIMIT             = 0x29
+	IPV6_RECVHOPOPTS              = 0x35
+	IPV6_RECVHOPS                 = 0x22
+	IPV6_RECVIF                   = 0x1e
+	IPV6_RECVPATHMTU              = 0x2f
+	IPV6_RECVPKTINFO              = 0x23
+	IPV6_RECVRTHDR                = 0x33
+	IPV6_RECVSRCRT                = 0x1d
+	IPV6_RECVTCLASS               = 0x2a
+	IPV6_RTHDR                    = 0x32
+	IPV6_RTHDRDSTOPTS             = 0x37
+	IPV6_RTHDR_TYPE_0             = 0x0
+	IPV6_RTHDR_TYPE_2             = 0x2
+	IPV6_SENDIF                   = 0x1f
+	IPV6_SRFLAG_LOOSE             = 0x0
+	IPV6_SRFLAG_STRICT            = 0x10000000
+	IPV6_TCLASS                   = 0x2b
+	IPV6_TOKEN_LENGTH             = 0x40
+	IPV6_UNICAST_HOPS             = 0x4
+	IPV6_USE_MIN_MTU              = 0x2c
+	IPV6_V6ONLY                   = 0x25
+	IPV6_VERSION                  = 0x60000000
+	IP_ADDRFORM                   = 0x16
+	IP_ADD_MEMBERSHIP             = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP      = 0x3c
+	IP_BLOCK_SOURCE               = 0x3a
+	IP_BROADCAST_IF               = 0x10
+	IP_CACHE_LINE_SIZE            = 0x80
+	IP_DEFAULT_MULTICAST_LOOP     = 0x1
+	IP_DEFAULT_MULTICAST_TTL      = 0x1
+	IP_DF                         = 0x4000
+	IP_DHCPMODE                   = 0x11
+	IP_DONTFRAG                   = 0x19
+	IP_DROP_MEMBERSHIP            = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP     = 0x3d
+	IP_FINDPMTU                   = 0x1a
+	IP_HDRINCL                    = 0x2
+	IP_INC_MEMBERSHIPS            = 0x14
+	IP_INIT_MEMBERSHIP            = 0x14
+	IP_MAXPACKET                  = 0xffff
+	IP_MF                         = 0x2000
+	IP_MSS                        = 0x240
+	IP_MULTICAST_HOPS             = 0xa
+	IP_MULTICAST_IF               = 0x9
+	IP_MULTICAST_LOOP             = 0xb
+	IP_MULTICAST_TTL              = 0xa
+	IP_OPT                        = 0x1b
+	IP_OPTIONS                    = 0x1
+	IP_PMTUAGE                    = 0x1b
+	IP_RECVDSTADDR                = 0x7
+	IP_RECVIF                     = 0x14
+	IP_RECVIFINFO                 = 0xf
+	IP_RECVINTERFACE              = 0x20
+	IP_RECVMACHDR                 = 0xe
+	IP_RECVOPTS                   = 0x5
+	IP_RECVRETOPTS                = 0x6
+	IP_RECVTTL                    = 0x22
+	IP_RETOPTS                    = 0x8
+	IP_SOURCE_FILTER              = 0x48
+	IP_TOS                        = 0x3
+	IP_TTL                        = 0x4
+	IP_UNBLOCK_SOURCE             = 0x3b
+	IP_UNICAST_HOPS               = 0x4
+	ISIG                          = 0x1
+	ISTRIP                        = 0x20
+	IUCLC                         = 0x800
+	IXANY                         = 0x1000
+	IXOFF                         = 0x400
+	IXON                          = 0x200
+	I_FLUSH                       = 0x20005305
+	LNOFLSH                       = 0x8000
+	LOCK_EX                       = 0x2
+	LOCK_NB                       = 0x4
+	LOCK_SH                       = 0x1
+	LOCK_UN                       = 0x8
+	MADV_DONTNEED                 = 0x4
+	MADV_NORMAL                   = 0x0
+	MADV_RANDOM                   = 0x1
+	MADV_SEQUENTIAL               = 0x2
+	MADV_SPACEAVAIL               = 0x5
+	MADV_WILLNEED                 = 0x3
+	MAP_ANON                      = 0x10
+	MAP_ANONYMOUS                 = 0x10
+	MAP_FILE                      = 0x0
+	MAP_FIXED                     = 0x100
+	MAP_PRIVATE                   = 0x2
+	MAP_SHARED                    = 0x1
+	MAP_TYPE                      = 0xf0
+	MAP_VARIABLE                  = 0x0
+	MCAST_BLOCK_SOURCE            = 0x40
+	MCAST_EXCLUDE                 = 0x2
+	MCAST_INCLUDE                 = 0x1
+	MCAST_JOIN_GROUP              = 0x3e
+	MCAST_JOIN_SOURCE_GROUP       = 0x42
+	MCAST_LEAVE_GROUP             = 0x3f
+	MCAST_LEAVE_SOURCE_GROUP      = 0x43
+	MCAST_SOURCE_FILTER           = 0x49
+	MCAST_UNBLOCK_SOURCE          = 0x41
+	MCL_CURRENT                   = 0x100
+	MCL_FUTURE                    = 0x200
+	MSG_ANY                       = 0x4
+	MSG_ARGEXT                    = 0x400
+	MSG_BAND                      = 0x2
+	MSG_COMPAT                    = 0x8000
+	MSG_CTRUNC                    = 0x20
+	MSG_DONTROUTE                 = 0x4
+	MSG_EOR                       = 0x8
+	MSG_HIPRI                     = 0x1
+	MSG_MAXIOVLEN                 = 0x10
+	MSG_MPEG2                     = 0x80
+	MSG_NONBLOCK                  = 0x4000
+	MSG_NOSIGNAL                  = 0x100
+	MSG_OOB                       = 0x1
+	MSG_PEEK                      = 0x2
+	MSG_TRUNC                     = 0x10
+	MSG_WAITALL                   = 0x40
+	MSG_WAITFORONE                = 0x200
+	MS_ASYNC                      = 0x10
+	MS_EINTR                      = 0x80
+	MS_INVALIDATE                 = 0x40
+	MS_PER_SEC                    = 0x3e8
+	MS_SYNC                       = 0x20
+	NFDBITS                       = 0x20
+	NL0                           = 0x0
+	NL1                           = 0x4000
+	NL2                           = 0x8000
+	NL3                           = 0xc000
+	NLDLY                         = 0x4000
+	NOFLSH                        = 0x80
+	NOFLUSH                       = 0x80000000
+	OCRNL                         = 0x8
+	OFDEL                         = 0x80
+	OFILL                         = 0x40
+	OLCUC                         = 0x2
+	ONLCR                         = 0x4
+	ONLRET                        = 0x20
+	ONOCR                         = 0x10
+	ONOEOT                        = 0x80000
+	OPOST                         = 0x1
+	OXTABS                        = 0x40000
+	O_ACCMODE                     = 0x23
+	O_APPEND                      = 0x8
+	O_CIO                         = 0x80
+	O_CIOR                        = 0x800000000
+	O_CLOEXEC                     = 0x800000
+	O_CREAT                       = 0x100
+	O_DEFER                       = 0x2000
+	O_DELAY                       = 0x4000
+	O_DIRECT                      = 0x8000000
+	O_DIRECTORY                   = 0x80000
+	O_DSYNC                       = 0x400000
+	O_EFSOFF                      = 0x400000000
+	O_EFSON                       = 0x200000000
+	O_EXCL                        = 0x400
+	O_EXEC                        = 0x20
+	O_LARGEFILE                   = 0x4000000
+	O_NDELAY                      = 0x8000
+	O_NOCACHE                     = 0x100000
+	O_NOCTTY                      = 0x800
+	O_NOFOLLOW                    = 0x1000000
+	O_NONBLOCK                    = 0x4
+	O_NONE                        = 0x3
+	O_NSHARE                      = 0x10000
+	O_RAW                         = 0x100000000
+	O_RDONLY                      = 0x0
+	O_RDWR                        = 0x2
+	O_RSHARE                      = 0x1000
+	O_RSYNC                       = 0x200000
+	O_SEARCH                      = 0x20
+	O_SNAPSHOT                    = 0x40
+	O_SYNC                        = 0x10
+	O_TRUNC                       = 0x200
+	O_TTY_INIT                    = 0x0
+	O_WRONLY                      = 0x1
+	PARENB                        = 0x100
+	PAREXT                        = 0x100000
+	PARMRK                        = 0x8
+	PARODD                        = 0x200
+	PENDIN                        = 0x20000000
+	PRIO_PGRP                     = 0x1
+	PRIO_PROCESS                  = 0x0
+	PRIO_USER                     = 0x2
+	PROT_EXEC                     = 0x4
+	PROT_NONE                     = 0x0
+	PROT_READ                     = 0x1
+	PROT_WRITE                    = 0x2
+	PR_64BIT                      = 0x20
+	PR_ADDR                       = 0x2
+	PR_ARGEXT                     = 0x400
+	PR_ATOMIC                     = 0x1
+	PR_CONNREQUIRED               = 0x4
+	PR_FASTHZ                     = 0x5
+	PR_INP                        = 0x40
+	PR_INTRLEVEL                  = 0x8000
+	PR_MLS                        = 0x100
+	PR_MLS_1_LABEL                = 0x200
+	PR_NOEOR                      = 0x4000
+	PR_RIGHTS                     = 0x10
+	PR_SLOWHZ                     = 0x2
+	PR_WANTRCVD                   = 0x8
+	RLIMIT_AS                     = 0x6
+	RLIMIT_CORE                   = 0x4
+	RLIMIT_CPU                    = 0x0
+	RLIMIT_DATA                   = 0x2
+	RLIMIT_FSIZE                  = 0x1
+	RLIMIT_NOFILE                 = 0x7
+	RLIMIT_NPROC                  = 0x9
+	RLIMIT_RSS                    = 0x5
+	RLIMIT_STACK                  = 0x3
+	RLIM_INFINITY                 = 0x7fffffff
+	RTAX_AUTHOR                   = 0x6
+	RTAX_BRD                      = 0x7
+	RTAX_DST                      = 0x0
+	RTAX_GATEWAY                  = 0x1
+	RTAX_GENMASK                  = 0x3
+	RTAX_IFA                      = 0x5
+	RTAX_IFP                      = 0x4
+	RTAX_MAX                      = 0x8
+	RTAX_NETMASK                  = 0x2
+	RTA_AUTHOR                    = 0x40
+	RTA_BRD                       = 0x80
+	RTA_DOWNSTREAM                = 0x100
+	RTA_DST                       = 0x1
+	RTA_GATEWAY                   = 0x2
+	RTA_GENMASK                   = 0x8
+	RTA_IFA                       = 0x20
+	RTA_IFP                       = 0x10
+	RTA_NETMASK                   = 0x4
+	RTC_IA64                      = 0x3
+	RTC_POWER                     = 0x1
+	RTC_POWER_PC                  = 0x2
+	RTF_ACTIVE_DGD                = 0x1000000
+	RTF_BCE                       = 0x80000
+	RTF_BLACKHOLE                 = 0x1000
+	RTF_BROADCAST                 = 0x400000
+	RTF_BUL                       = 0x2000
+	RTF_CLONE                     = 0x10000
+	RTF_CLONED                    = 0x20000
+	RTF_CLONING                   = 0x100
+	RTF_DONE                      = 0x40
+	RTF_DYNAMIC                   = 0x10
+	RTF_FREE_IN_PROG              = 0x4000000
+	RTF_GATEWAY                   = 0x2
+	RTF_HOST                      = 0x4
+	RTF_LLINFO                    = 0x400
+	RTF_LOCAL                     = 0x200000
+	RTF_MASK                      = 0x80
+	RTF_MODIFIED                  = 0x20
+	RTF_MULTICAST                 = 0x800000
+	RTF_PERMANENT6                = 0x8000000
+	RTF_PINNED                    = 0x100000
+	RTF_PROTO1                    = 0x8000
+	RTF_PROTO2                    = 0x4000
+	RTF_PROTO3                    = 0x40000
+	RTF_REJECT                    = 0x8
+	RTF_SMALLMTU                  = 0x40000
+	RTF_STATIC                    = 0x800
+	RTF_STOPSRCH                  = 0x2000000
+	RTF_UNREACHABLE               = 0x10000000
+	RTF_UP                        = 0x1
+	RTF_XRESOLVE                  = 0x200
+	RTM_ADD                       = 0x1
+	RTM_CHANGE                    = 0x3
+	RTM_DELADDR                   = 0xd
+	RTM_DELETE                    = 0x2
+	RTM_EXPIRE                    = 0xf
+	RTM_GET                       = 0x4
+	RTM_GETNEXT                   = 0x11
+	RTM_IFINFO                    = 0xe
+	RTM_LOCK                      = 0x8
+	RTM_LOSING                    = 0x5
+	RTM_MISS                      = 0x7
+	RTM_NEWADDR                   = 0xc
+	RTM_OLDADD                    = 0x9
+	RTM_OLDDEL                    = 0xa
+	RTM_REDIRECT                  = 0x6
+	RTM_RESOLVE                   = 0xb
+	RTM_RTLOST                    = 0x10
+	RTM_RTTUNIT                   = 0xf4240
+	RTM_SAMEADDR                  = 0x12
+	RTM_SET                       = 0x13
+	RTM_VERSION                   = 0x2
+	RTM_VERSION_GR                = 0x4
+	RTM_VERSION_GR_COMPAT         = 0x3
+	RTM_VERSION_POLICY            = 0x5
+	RTM_VERSION_POLICY_EXT        = 0x6
+	RTM_VERSION_POLICY_PRFN       = 0x7
+	RTV_EXPIRE                    = 0x4
+	RTV_HOPCOUNT                  = 0x2
+	RTV_MTU                       = 0x1
+	RTV_RPIPE                     = 0x8
+	RTV_RTT                       = 0x40
+	RTV_RTTVAR                    = 0x80
+	RTV_SPIPE                     = 0x10
+	RTV_SSTHRESH                  = 0x20
+	RUSAGE_CHILDREN               = -0x1
+	RUSAGE_SELF                   = 0x0
+	RUSAGE_THREAD                 = 0x1
+	SCM_RIGHTS                    = 0x1
+	SHUT_RD                       = 0x0
+	SHUT_RDWR                     = 0x2
+	SHUT_WR                       = 0x1
+	SIGMAX64                      = 0xff
+	SIGQUEUE_MAX                  = 0x20
+	SIOCADDIFVIPA                 = 0x20006942
+	SIOCADDMTU                    = -0x7ffb9690
+	SIOCADDMULTI                  = -0x7fdf96cf
+	SIOCADDNETID                  = -0x7fd796a9
+	SIOCADDRT                     = -0x7fcf8df6
+	SIOCAIFADDR                   = -0x7fbf96e6
+	SIOCATMARK                    = 0x40047307
+	SIOCDARP                      = -0x7fb396e0
+	SIOCDELIFVIPA                 = 0x20006943
+	SIOCDELMTU                    = -0x7ffb968f
+	SIOCDELMULTI                  = -0x7fdf96ce
+	SIOCDELPMTU                   = -0x7fd78ff6
+	SIOCDELRT                     = -0x7fcf8df5
+	SIOCDIFADDR                   = -0x7fd796e7
+	SIOCDNETOPT                   = -0x3ffe9680
+	SIOCDX25XLATE                 = -0x7fd7969b
+	SIOCFIFADDR                   = -0x7fdf966d
+	SIOCGARP                      = -0x3fb396da
+	SIOCGETMTUS                   = 0x2000696f
+	SIOCGETSGCNT                  = -0x3feb8acc
+	SIOCGETVIFCNT                 = -0x3feb8acd
+	SIOCGHIWAT                    = 0x40047301
+	SIOCGIFADDR                   = -0x3fd796df
+	SIOCGIFADDRS                  = 0x2000698c
+	SIOCGIFBAUDRATE               = -0x3fdf9669
+	SIOCGIFBRDADDR                = -0x3fd796dd
+	SIOCGIFCONF                   = -0x3ff796bb
+	SIOCGIFCONFGLOB               = -0x3ff79670
+	SIOCGIFDSTADDR                = -0x3fd796de
+	SIOCGIFFLAGS                  = -0x3fd796ef
+	SIOCGIFGIDLIST                = 0x20006968
+	SIOCGIFHWADDR                 = -0x3fab966b
+	SIOCGIFMETRIC                 = -0x3fd796e9
+	SIOCGIFMTU                    = -0x3fd796aa
+	SIOCGIFNETMASK                = -0x3fd796db
+	SIOCGIFOPTIONS                = -0x3fd796d6
+	SIOCGISNO                     = -0x3fd79695
+	SIOCGLOADF                    = -0x3ffb967e
+	SIOCGLOWAT                    = 0x40047303
+	SIOCGNETOPT                   = -0x3ffe96a5
+	SIOCGNETOPT1                  = -0x3fdf967f
+	SIOCGNMTUS                    = 0x2000696e
+	SIOCGPGRP                     = 0x40047309
+	SIOCGSIZIFCONF                = 0x4004696a
+	SIOCGSRCFILTER                = -0x3fe796cb
+	SIOCGTUNEPHASE                = -0x3ffb9676
+	SIOCGX25XLATE                 = -0x3fd7969c
+	SIOCIFATTACH                  = -0x7fdf9699
+	SIOCIFDETACH                  = -0x7fdf969a
+	SIOCIFGETPKEY                 = -0x7fdf969b
+	SIOCIF_ATM_DARP               = -0x7fdf9683
+	SIOCIF_ATM_DUMPARP            = -0x7fdf9685
+	SIOCIF_ATM_GARP               = -0x7fdf9682
+	SIOCIF_ATM_IDLE               = -0x7fdf9686
+	SIOCIF_ATM_SARP               = -0x7fdf9681
+	SIOCIF_ATM_SNMPARP            = -0x7fdf9687
+	SIOCIF_ATM_SVC                = -0x7fdf9684
+	SIOCIF_ATM_UBR                = -0x7fdf9688
+	SIOCIF_DEVHEALTH              = -0x7ffb966c
+	SIOCIF_IB_ARP_INCOMP          = -0x7fdf9677
+	SIOCIF_IB_ARP_TIMER           = -0x7fdf9678
+	SIOCIF_IB_CLEAR_PINFO         = -0x3fdf966f
+	SIOCIF_IB_DEL_ARP             = -0x7fdf967f
+	SIOCIF_IB_DEL_PINFO           = -0x3fdf9670
+	SIOCIF_IB_DUMP_ARP            = -0x7fdf9680
+	SIOCIF_IB_GET_ARP             = -0x7fdf967e
+	SIOCIF_IB_GET_INFO            = -0x3f879675
+	SIOCIF_IB_GET_STATS           = -0x3f879672
+	SIOCIF_IB_NOTIFY_ADDR_REM     = -0x3f87966a
+	SIOCIF_IB_RESET_STATS         = -0x3f879671
+	SIOCIF_IB_RESIZE_CQ           = -0x7fdf9679
+	SIOCIF_IB_SET_ARP             = -0x7fdf967d
+	SIOCIF_IB_SET_PKEY            = -0x7fdf967c
+	SIOCIF_IB_SET_PORT            = -0x7fdf967b
+	SIOCIF_IB_SET_QKEY            = -0x7fdf9676
+	SIOCIF_IB_SET_QSIZE           = -0x7fdf967a
+	SIOCLISTIFVIPA                = 0x20006944
+	SIOCSARP                      = -0x7fb396e2
+	SIOCSHIWAT                    = 0x80047300
+	SIOCSIFADDR                   = -0x7fd796f4
+	SIOCSIFADDRORI                = -0x7fdb9673
+	SIOCSIFBRDADDR                = -0x7fd796ed
+	SIOCSIFDSTADDR                = -0x7fd796f2
+	SIOCSIFFLAGS                  = -0x7fd796f0
+	SIOCSIFGIDLIST                = 0x20006969
+	SIOCSIFMETRIC                 = -0x7fd796e8
+	SIOCSIFMTU                    = -0x7fd796a8
+	SIOCSIFNETDUMP                = -0x7fd796e4
+	SIOCSIFNETMASK                = -0x7fd796ea
+	SIOCSIFOPTIONS                = -0x7fd796d7
+	SIOCSIFSUBCHAN                = -0x7fd796e5
+	SIOCSISNO                     = -0x7fd79694
+	SIOCSLOADF                    = -0x3ffb967d
+	SIOCSLOWAT                    = 0x80047302
+	SIOCSNETOPT                   = -0x7ffe96a6
+	SIOCSPGRP                     = 0x80047308
+	SIOCSX25XLATE                 = -0x7fd7969d
+	SOCK_CONN_DGRAM               = 0x6
+	SOCK_DGRAM                    = 0x2
+	SOCK_RAW                      = 0x3
+	SOCK_RDM                      = 0x4
+	SOCK_SEQPACKET                = 0x5
+	SOCK_STREAM                   = 0x1
+	SOL_SOCKET                    = 0xffff
+	SOMAXCONN                     = 0x400
+	SO_ACCEPTCONN                 = 0x2
+	SO_AUDIT                      = 0x8000
+	SO_BROADCAST                  = 0x20
+	SO_CKSUMRECV                  = 0x800
+	SO_DEBUG                      = 0x1
+	SO_DONTROUTE                  = 0x10
+	SO_ERROR                      = 0x1007
+	SO_KEEPALIVE                  = 0x8
+	SO_KERNACCEPT                 = 0x2000
+	SO_LINGER                     = 0x80
+	SO_NOMULTIPATH                = 0x4000
+	SO_NOREUSEADDR                = 0x1000
+	SO_OOBINLINE                  = 0x100
+	SO_PEERID                     = 0x1009
+	SO_RCVBUF                     = 0x1002
+	SO_RCVLOWAT                   = 0x1004
+	SO_RCVTIMEO                   = 0x1006
+	SO_REUSEADDR                  = 0x4
+	SO_REUSEPORT                  = 0x200
+	SO_SNDBUF                     = 0x1001
+	SO_SNDLOWAT                   = 0x1003
+	SO_SNDTIMEO                   = 0x1005
+	SO_TIMESTAMPNS                = 0x100a
+	SO_TYPE                       = 0x1008
+	SO_USELOOPBACK                = 0x40
+	SO_USE_IFBUFS                 = 0x400
+	S_BANDURG                     = 0x400
+	S_EMODFMT                     = 0x3c000000
+	S_ENFMT                       = 0x400
+	S_ERROR                       = 0x100
+	S_HANGUP                      = 0x200
+	S_HIPRI                       = 0x2
+	S_ICRYPTO                     = 0x80000
+	S_IEXEC                       = 0x40
+	S_IFBLK                       = 0x6000
+	S_IFCHR                       = 0x2000
+	S_IFDIR                       = 0x4000
+	S_IFIFO                       = 0x1000
+	S_IFJOURNAL                   = 0x10000
+	S_IFLNK                       = 0xa000
+	S_IFMPX                       = 0x2200
+	S_IFMT                        = 0xf000
+	S_IFPDIR                      = 0x4000000
+	S_IFPSDIR                     = 0x8000000
+	S_IFPSSDIR                    = 0xc000000
+	S_IFREG                       = 0x8000
+	S_IFSOCK                      = 0xc000
+	S_IFSYSEA                     = 0x30000000
+	S_INPUT                       = 0x1
+	S_IREAD                       = 0x100
+	S_IRGRP                       = 0x20
+	S_IROTH                       = 0x4
+	S_IRUSR                       = 0x100
+	S_IRWXG                       = 0x38
+	S_IRWXO                       = 0x7
+	S_IRWXU                       = 0x1c0
+	S_ISGID                       = 0x400
+	S_ISUID                       = 0x800
+	S_ISVTX                       = 0x200
+	S_ITCB                        = 0x1000000
+	S_ITP                         = 0x800000
+	S_IWGRP                       = 0x10
+	S_IWOTH                       = 0x2
+	S_IWRITE                      = 0x80
+	S_IWUSR                       = 0x80
+	S_IXACL                       = 0x2000000
+	S_IXATTR                      = 0x40000
+	S_IXGRP                       = 0x8
+	S_IXINTERFACE                 = 0x100000
+	S_IXMOD                       = 0x40000000
+	S_IXOTH                       = 0x1
+	S_IXUSR                       = 0x40
+	S_MSG                         = 0x8
+	S_OUTPUT                      = 0x4
+	S_RDBAND                      = 0x20
+	S_RDNORM                      = 0x10
+	S_RESERVED1                   = 0x20000
+	S_RESERVED2                   = 0x200000
+	S_RESERVED3                   = 0x400000
+	S_RESERVED4                   = 0x80000000
+	S_RESFMT1                     = 0x10000000
+	S_RESFMT10                    = 0x34000000
+	S_RESFMT11                    = 0x38000000
+	S_RESFMT12                    = 0x3c000000
+	S_RESFMT2                     = 0x14000000
+	S_RESFMT3                     = 0x18000000
+	S_RESFMT4                     = 0x1c000000
+	S_RESFMT5                     = 0x20000000
+	S_RESFMT6                     = 0x24000000
+	S_RESFMT7                     = 0x28000000
+	S_RESFMT8                     = 0x2c000000
+	S_WRBAND                      = 0x80
+	S_WRNORM                      = 0x40
+	TAB0                          = 0x0
+	TAB1                          = 0x400
+	TAB2                          = 0x800
+	TAB3                          = 0xc00
+	TABDLY                        = 0xc00
+	TCFLSH                        = 0x540c
+	TCGETA                        = 0x5405
+	TCGETS                        = 0x5401
+	TCIFLUSH                      = 0x0
+	TCIOFF                        = 0x2
+	TCIOFLUSH                     = 0x2
+	TCION                         = 0x3
+	TCOFLUSH                      = 0x1
+	TCOOFF                        = 0x0
+	TCOON                         = 0x1
+	TCP_24DAYS_WORTH_OF_SLOWTICKS = 0x3f4800
+	TCP_ACLADD                    = 0x23
+	TCP_ACLBIND                   = 0x26
+	TCP_ACLCLEAR                  = 0x22
+	TCP_ACLDEL                    = 0x24
+	TCP_ACLDENY                   = 0x8
+	TCP_ACLFLUSH                  = 0x21
+	TCP_ACLGID                    = 0x1
+	TCP_ACLLS                     = 0x25
+	TCP_ACLSUBNET                 = 0x4
+	TCP_ACLUID                    = 0x2
+	TCP_CWND_DF                   = 0x16
+	TCP_CWND_IF                   = 0x15
+	TCP_DELAY_ACK_FIN             = 0x2
+	TCP_DELAY_ACK_SYN             = 0x1
+	TCP_FASTNAME                  = 0x101080a
+	TCP_KEEPCNT                   = 0x13
+	TCP_KEEPIDLE                  = 0x11
+	TCP_KEEPINTVL                 = 0x12
+	TCP_LSPRIV                    = 0x29
+	TCP_LUID                      = 0x20
+	TCP_MAXBURST                  = 0x8
+	TCP_MAXDF                     = 0x64
+	TCP_MAXIF                     = 0x64
+	TCP_MAXSEG                    = 0x2
+	TCP_MAXWIN                    = 0xffff
+	TCP_MAXWINDOWSCALE            = 0xe
+	TCP_MAX_SACK                  = 0x4
+	TCP_MSS                       = 0x5b4
+	TCP_NODELAY                   = 0x1
+	TCP_NODELAYACK                = 0x14
+	TCP_NOREDUCE_CWND_EXIT_FRXMT  = 0x19
+	TCP_NOREDUCE_CWND_IN_FRXMT    = 0x18
+	TCP_NOTENTER_SSTART           = 0x17
+	TCP_OPT                       = 0x19
+	TCP_RFC1323                   = 0x4
+	TCP_SETPRIV                   = 0x27
+	TCP_STDURG                    = 0x10
+	TCP_TIMESTAMP_OPTLEN          = 0xc
+	TCP_UNSETPRIV                 = 0x28
+	TCSAFLUSH                     = 0x2
+	TCSBRK                        = 0x5409
+	TCSETA                        = 0x5406
+	TCSETAF                       = 0x5408
+	TCSETAW                       = 0x5407
+	TCSETS                        = 0x5402
+	TCSETSF                       = 0x5404
+	TCSETSW                       = 0x5403
+	TCXONC                        = 0x540b
+	TIMER_ABSTIME                 = 0x3e7
+	TIMER_MAX                     = 0x20
+	TIOC                          = 0x5400
+	TIOCCBRK                      = 0x2000747a
+	TIOCCDTR                      = 0x20007478
+	TIOCCONS                      = 0x80047462
+	TIOCEXCL                      = 0x2000740d
+	TIOCFLUSH                     = 0x80047410
+	TIOCGETC                      = 0x40067412
+	TIOCGETD                      = 0x40047400
+	TIOCGETP                      = 0x40067408
+	TIOCGLTC                      = 0x40067474
+	TIOCGPGRP                     = 0x40047477
+	TIOCGSID                      = 0x40047448
+	TIOCGSIZE                     = 0x40087468
+	TIOCGWINSZ                    = 0x40087468
+	TIOCHPCL                      = 0x20007402
+	TIOCLBIC                      = 0x8004747e
+	TIOCLBIS                      = 0x8004747f
+	TIOCLGET                      = 0x4004747c
+	TIOCLSET                      = 0x8004747d
+	TIOCMBIC                      = 0x8004746b
+	TIOCMBIS                      = 0x8004746c
+	TIOCMGET                      = 0x4004746a
+	TIOCMIWAIT                    = 0x80047464
+	TIOCMODG                      = 0x40047403
+	TIOCMODS                      = 0x80047404
+	TIOCMSET                      = 0x8004746d
+	TIOCM_CAR                     = 0x40
+	TIOCM_CD                      = 0x40
+	TIOCM_CTS                     = 0x20
+	TIOCM_DSR                     = 0x100
+	TIOCM_DTR                     = 0x2
+	TIOCM_LE                      = 0x1
+	TIOCM_RI                      = 0x80
+	TIOCM_RNG                     = 0x80
+	TIOCM_RTS                     = 0x4
+	TIOCM_SR                      = 0x10
+	TIOCM_ST                      = 0x8
+	TIOCNOTTY                     = 0x20007471
+	TIOCNXCL                      = 0x2000740e
+	TIOCOUTQ                      = 0x40047473
+	TIOCPKT                       = 0x80047470
+	TIOCPKT_DATA                  = 0x0
+	TIOCPKT_DOSTOP                = 0x20
+	TIOCPKT_FLUSHREAD             = 0x1
+	TIOCPKT_FLUSHWRITE            = 0x2
+	TIOCPKT_NOSTOP                = 0x10
+	TIOCPKT_START                 = 0x8
+	TIOCPKT_STOP                  = 0x4
+	TIOCREMOTE                    = 0x80047469
+	TIOCSBRK                      = 0x2000747b
+	TIOCSDTR                      = 0x20007479
+	TIOCSETC                      = 0x80067411
+	TIOCSETD                      = 0x80047401
+	TIOCSETN                      = 0x8006740a
+	TIOCSETP                      = 0x80067409
+	TIOCSLTC                      = 0x80067475
+	TIOCSPGRP                     = 0x80047476
+	TIOCSSIZE                     = 0x80087467
+	TIOCSTART                     = 0x2000746e
+	TIOCSTI                       = 0x80017472
+	TIOCSTOP                      = 0x2000746f
+	TIOCSWINSZ                    = 0x80087467
+	TIOCUCNTL                     = 0x80047466
+	TOSTOP                        = 0x10000
+	UTIME_NOW                     = -0x2
+	UTIME_OMIT                    = -0x3
+	VDISCRD                       = 0xc
+	VDSUSP                        = 0xa
+	VEOF                          = 0x4
+	VEOL                          = 0x5
+	VEOL2                         = 0x6
+	VERASE                        = 0x2
+	VINTR                         = 0x0
+	VKILL                         = 0x3
+	VLNEXT                        = 0xe
+	VMIN                          = 0x4
+	VQUIT                         = 0x1
+	VREPRINT                      = 0xb
+	VSTART                        = 0x7
+	VSTOP                         = 0x8
+	VSTRT                         = 0x7
+	VSUSP                         = 0x9
+	VT0                           = 0x0
+	VT1                           = 0x8000
+	VTDELAY                       = 0x2000
+	VTDLY                         = 0x8000
+	VTIME                         = 0x5
+	VWERSE                        = 0xd
+	WPARSTART                     = 0x1
+	WPARSTOP                      = 0x2
+	WPARTTYNAME                   = "Global"
+	XCASE                         = 0x4
+	XTABS                         = 0xc00
+	_FDATAFLUSH                   = 0x2000000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x43)
+	EADDRNOTAVAIL   = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x42)
+	EAGAIN          = syscall.Errno(0xb)
+	EALREADY        = syscall.Errno(0x38)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x78)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x75)
+	ECHILD          = syscall.Errno(0xa)
+	ECHRNG          = syscall.Errno(0x25)
+	ECLONEME        = syscall.Errno(0x52)
+	ECONNABORTED    = syscall.Errno(0x48)
+	ECONNREFUSED    = syscall.Errno(0x4f)
+	ECONNRESET      = syscall.Errno(0x49)
+	ECORRUPT        = syscall.Errno(0x59)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDESTADDREQ     = syscall.Errno(0x3a)
+	EDESTADDRREQ    = syscall.Errno(0x3a)
+	EDIST           = syscall.Errno(0x35)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x58)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFORMAT         = syscall.Errno(0x30)
+	EHOSTDOWN       = syscall.Errno(0x50)
+	EHOSTUNREACH    = syscall.Errno(0x51)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x74)
+	EINPROGRESS     = syscall.Errno(0x37)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x4b)
+	EISDIR          = syscall.Errno(0x15)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOOP           = syscall.Errno(0x55)
+	EMEDIA          = syscall.Errno(0x6e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x3b)
+	EMULTIHOP       = syscall.Errno(0x7d)
+	ENAMETOOLONG    = syscall.Errno(0x56)
+	ENETDOWN        = syscall.Errno(0x45)
+	ENETRESET       = syscall.Errno(0x47)
+	ENETUNREACH     = syscall.Errno(0x46)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x70)
+	ENOBUFS         = syscall.Errno(0x4a)
+	ENOCONNECT      = syscall.Errno(0x32)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x7a)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x31)
+	ENOLINK         = syscall.Errno(0x7e)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x23)
+	ENOPROTOOPT     = syscall.Errno(0x3d)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x76)
+	ENOSTR          = syscall.Errno(0x7b)
+	ENOSYS          = syscall.Errno(0x6d)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x4c)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x11)
+	ENOTREADY       = syscall.Errno(0x2e)
+	ENOTRECOVERABLE = syscall.Errno(0x5e)
+	ENOTRUST        = syscall.Errno(0x72)
+	ENOTSOCK        = syscall.Errno(0x39)
+	ENOTSUP         = syscall.Errno(0x7c)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x40)
+	EOVERFLOW       = syscall.Errno(0x7f)
+	EOWNERDEAD      = syscall.Errno(0x5f)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x41)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x53)
+	EPROTO          = syscall.Errno(0x79)
+	EPROTONOSUPPORT = syscall.Errno(0x3e)
+	EPROTOTYPE      = syscall.Errno(0x3c)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x5d)
+	ERESTART        = syscall.Errno(0x52)
+	EROFS           = syscall.Errno(0x1e)
+	ESAD            = syscall.Errno(0x71)
+	ESHUTDOWN       = syscall.Errno(0x4d)
+	ESOCKTNOSUPPORT = syscall.Errno(0x3f)
+	ESOFT           = syscall.Errno(0x6f)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x34)
+	ESYSERROR       = syscall.Errno(0x5a)
+	ETIME           = syscall.Errno(0x77)
+	ETIMEDOUT       = syscall.Errno(0x4e)
+	ETOOMANYREFS    = syscall.Errno(0x73)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x54)
+	EWOULDBLOCK     = syscall.Errno(0xb)
+	EWRPROTECT      = syscall.Errno(0x2f)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT     = syscall.Signal(0x6)
+	SIGAIO      = syscall.Signal(0x17)
+	SIGALRM     = syscall.Signal(0xe)
+	SIGALRM1    = syscall.Signal(0x26)
+	SIGBUS      = syscall.Signal(0xa)
+	SIGCAPI     = syscall.Signal(0x31)
+	SIGCHLD     = syscall.Signal(0x14)
+	SIGCLD      = syscall.Signal(0x14)
+	SIGCONT     = syscall.Signal(0x13)
+	SIGCPUFAIL  = syscall.Signal(0x3b)
+	SIGDANGER   = syscall.Signal(0x21)
+	SIGEMT      = syscall.Signal(0x7)
+	SIGFPE      = syscall.Signal(0x8)
+	SIGGRANT    = syscall.Signal(0x3c)
+	SIGHUP      = syscall.Signal(0x1)
+	SIGILL      = syscall.Signal(0x4)
+	SIGINT      = syscall.Signal(0x2)
+	SIGIO       = syscall.Signal(0x17)
+	SIGIOINT    = syscall.Signal(0x10)
+	SIGIOT      = syscall.Signal(0x6)
+	SIGKAP      = syscall.Signal(0x3c)
+	SIGKILL     = syscall.Signal(0x9)
+	SIGLOST     = syscall.Signal(0x6)
+	SIGMAX      = syscall.Signal(0x3f)
+	SIGMAX32    = syscall.Signal(0x3f)
+	SIGMIGRATE  = syscall.Signal(0x23)
+	SIGMSG      = syscall.Signal(0x1b)
+	SIGPIPE     = syscall.Signal(0xd)
+	SIGPOLL     = syscall.Signal(0x17)
+	SIGPRE      = syscall.Signal(0x24)
+	SIGPROF     = syscall.Signal(0x20)
+	SIGPTY      = syscall.Signal(0x17)
+	SIGPWR      = syscall.Signal(0x1d)
+	SIGQUIT     = syscall.Signal(0x3)
+	SIGRECONFIG = syscall.Signal(0x3a)
+	SIGRETRACT  = syscall.Signal(0x3d)
+	SIGSAK      = syscall.Signal(0x3f)
+	SIGSEGV     = syscall.Signal(0xb)
+	SIGSOUND    = syscall.Signal(0x3e)
+	SIGSTOP     = syscall.Signal(0x11)
+	SIGSYS      = syscall.Signal(0xc)
+	SIGSYSERROR = syscall.Signal(0x30)
+	SIGTALRM    = syscall.Signal(0x26)
+	SIGTERM     = syscall.Signal(0xf)
+	SIGTRAP     = syscall.Signal(0x5)
+	SIGTSTP     = syscall.Signal(0x12)
+	SIGTTIN     = syscall.Signal(0x15)
+	SIGTTOU     = syscall.Signal(0x16)
+	SIGURG      = syscall.Signal(0x10)
+	SIGUSR1     = syscall.Signal(0x1e)
+	SIGUSR2     = syscall.Signal(0x1f)
+	SIGVIRT     = syscall.Signal(0x25)
+	SIGVTALRM   = syscall.Signal(0x22)
+	SIGWAITING  = syscall.Signal(0x27)
+	SIGWINCH    = syscall.Signal(0x1c)
+	SIGXCPU     = syscall.Signal(0x18)
+	SIGXFSZ     = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "not owner"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "I/O error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "arg list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file number"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EWOULDBLOCK", "resource temporarily unavailable"},
+	{12, "ENOMEM", "not enough space"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "ENOTEMPTY", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "file table overflow"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "not a typewriter"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "deadlock condition if locked"},
+	{46, "ENOTREADY", "device not ready"},
+	{47, "EWRPROTECT", "write-protected media"},
+	{48, "EFORMAT", "unformatted or incompatible media"},
+	{49, "ENOLCK", "no locks available"},
+	{50, "ENOCONNECT", "cannot Establish Connection"},
+	{52, "ESTALE", "missing file or filesystem"},
+	{53, "EDIST", "requests blocked by Administrator"},
+	{55, "EINPROGRESS", "operation now in progress"},
+	{56, "EALREADY", "operation already in progress"},
+	{57, "ENOTSOCK", "socket operation on non-socket"},
+	{58, "EDESTADDREQ", "destination address required"},
+	{59, "EMSGSIZE", "message too long"},
+	{60, "EPROTOTYPE", "protocol wrong type for socket"},
+	{61, "ENOPROTOOPT", "protocol not available"},
+	{62, "EPROTONOSUPPORT", "protocol not supported"},
+	{63, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{64, "EOPNOTSUPP", "operation not supported on socket"},
+	{65, "EPFNOSUPPORT", "protocol family not supported"},
+	{66, "EAFNOSUPPORT", "addr family not supported by protocol"},
+	{67, "EADDRINUSE", "address already in use"},
+	{68, "EADDRNOTAVAIL", "can't assign requested address"},
+	{69, "ENETDOWN", "network is down"},
+	{70, "ENETUNREACH", "network is unreachable"},
+	{71, "ENETRESET", "network dropped connection on reset"},
+	{72, "ECONNABORTED", "software caused connection abort"},
+	{73, "ECONNRESET", "connection reset by peer"},
+	{74, "ENOBUFS", "no buffer space available"},
+	{75, "EISCONN", "socket is already connected"},
+	{76, "ENOTCONN", "socket is not connected"},
+	{77, "ESHUTDOWN", "can't send after socket shutdown"},
+	{78, "ETIMEDOUT", "connection timed out"},
+	{79, "ECONNREFUSED", "connection refused"},
+	{80, "EHOSTDOWN", "host is down"},
+	{81, "EHOSTUNREACH", "no route to host"},
+	{82, "ERESTART", "restart the system call"},
+	{83, "EPROCLIM", "too many processes"},
+	{84, "EUSERS", "too many users"},
+	{85, "ELOOP", "too many levels of symbolic links"},
+	{86, "ENAMETOOLONG", "file name too long"},
+	{88, "EDQUOT", "disk quota exceeded"},
+	{89, "ECORRUPT", "invalid file system control data detected"},
+	{90, "ESYSERROR", "for future use "},
+	{93, "EREMOTE", "item is not local to host"},
+	{94, "ENOTRECOVERABLE", "state not recoverable "},
+	{95, "EOWNERDEAD", "previous owner died "},
+	{109, "ENOSYS", "function not implemented"},
+	{110, "EMEDIA", "media surface error"},
+	{111, "ESOFT", "I/O completed, but needs relocation"},
+	{112, "ENOATTR", "no attribute found"},
+	{113, "ESAD", "security Authentication Denied"},
+	{114, "ENOTRUST", "not a Trusted Program"},
+	{115, "ETOOMANYREFS", "too many references: can't splice"},
+	{116, "EILSEQ", "invalid wide character"},
+	{117, "ECANCELED", "asynchronous I/O cancelled"},
+	{118, "ENOSR", "out of STREAMS resources"},
+	{119, "ETIME", "system call timed out"},
+	{120, "EBADMSG", "next message has wrong type"},
+	{121, "EPROTO", "error in protocol"},
+	{122, "ENODATA", "no message on stream head read q"},
+	{123, "ENOSTR", "fd not associated with a stream"},
+	{124, "ENOTSUP", "unsupported attribute value"},
+	{125, "EMULTIHOP", "multihop is not allowed"},
+	{126, "ENOLINK", "the server link has been severed"},
+	{127, "EOVERFLOW", "value too large to be stored in data type"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "IOT/Abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible/complete"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{27, "SIGMSG", "input device data"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGPWR", "power-failure"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPROF", "profiling timer expired"},
+	{33, "SIGDANGER", "paging space low"},
+	{34, "SIGVTALRM", "virtual timer expired"},
+	{35, "SIGMIGRATE", "signal 35"},
+	{36, "SIGPRE", "signal 36"},
+	{37, "SIGVIRT", "signal 37"},
+	{38, "SIGTALRM", "signal 38"},
+	{39, "SIGWAITING", "signal 39"},
+	{48, "SIGSYSERROR", "signal 48"},
+	{49, "SIGCAPI", "signal 49"},
+	{58, "SIGRECONFIG", "signal 58"},
+	{59, "SIGCPUFAIL", "CPU Failure Predicted"},
+	{60, "SIGKAP", "monitor mode granted"},
+	{61, "SIGRETRACT", "monitor mode retracted"},
+	{62, "SIGSOUND", "sound completed"},
+	{63, "SIGSAK", "secure attention"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
new file mode 100644
index 0000000000000..200c8c26fe65b
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
@@ -0,0 +1,1386 @@
+// mkerrors.sh -maix64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc64 && aix
+// +build ppc64,aix
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -maix64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                  = 0x10
+	AF_BYPASS                     = 0x19
+	AF_CCITT                      = 0xa
+	AF_CHAOS                      = 0x5
+	AF_DATAKIT                    = 0x9
+	AF_DECnet                     = 0xc
+	AF_DLI                        = 0xd
+	AF_ECMA                       = 0x8
+	AF_HYLINK                     = 0xf
+	AF_IMPLINK                    = 0x3
+	AF_INET                       = 0x2
+	AF_INET6                      = 0x18
+	AF_INTF                       = 0x14
+	AF_ISO                        = 0x7
+	AF_LAT                        = 0xe
+	AF_LINK                       = 0x12
+	AF_LOCAL                      = 0x1
+	AF_MAX                        = 0x1e
+	AF_NDD                        = 0x17
+	AF_NETWARE                    = 0x16
+	AF_NS                         = 0x6
+	AF_OSI                        = 0x7
+	AF_PUP                        = 0x4
+	AF_RIF                        = 0x15
+	AF_ROUTE                      = 0x11
+	AF_SNA                        = 0xb
+	AF_UNIX                       = 0x1
+	AF_UNSPEC                     = 0x0
+	ALTWERASE                     = 0x400000
+	ARPHRD_802_3                  = 0x6
+	ARPHRD_802_5                  = 0x6
+	ARPHRD_ETHER                  = 0x1
+	ARPHRD_FDDI                   = 0x1
+	B0                            = 0x0
+	B110                          = 0x3
+	B1200                         = 0x9
+	B134                          = 0x4
+	B150                          = 0x5
+	B1800                         = 0xa
+	B19200                        = 0xe
+	B200                          = 0x6
+	B2400                         = 0xb
+	B300                          = 0x7
+	B38400                        = 0xf
+	B4800                         = 0xc
+	B50                           = 0x1
+	B600                          = 0x8
+	B75                           = 0x2
+	B9600                         = 0xd
+	BRKINT                        = 0x2
+	BS0                           = 0x0
+	BS1                           = 0x1000
+	BSDLY                         = 0x1000
+	CAP_AACCT                     = 0x6
+	CAP_ARM_APPLICATION           = 0x5
+	CAP_BYPASS_RAC_VMM            = 0x3
+	CAP_CLEAR                     = 0x0
+	CAP_CREDENTIALS               = 0x7
+	CAP_EFFECTIVE                 = 0x1
+	CAP_EWLM_AGENT                = 0x4
+	CAP_INHERITABLE               = 0x2
+	CAP_MAXIMUM                   = 0x7
+	CAP_NUMA_ATTACH               = 0x2
+	CAP_PERMITTED                 = 0x3
+	CAP_PROPAGATE                 = 0x1
+	CAP_PROPOGATE                 = 0x1
+	CAP_SET                       = 0x1
+	CBAUD                         = 0xf
+	CFLUSH                        = 0xf
+	CIBAUD                        = 0xf0000
+	CLOCAL                        = 0x800
+	CLOCK_MONOTONIC               = 0xa
+	CLOCK_PROCESS_CPUTIME_ID      = 0xb
+	CLOCK_REALTIME                = 0x9
+	CLOCK_THREAD_CPUTIME_ID       = 0xc
+	CR0                           = 0x0
+	CR1                           = 0x100
+	CR2                           = 0x200
+	CR3                           = 0x300
+	CRDLY                         = 0x300
+	CREAD                         = 0x80
+	CS5                           = 0x0
+	CS6                           = 0x10
+	CS7                           = 0x20
+	CS8                           = 0x30
+	CSIOCGIFCONF                  = -0x3fef96dc
+	CSIZE                         = 0x30
+	CSMAP_DIR                     = "/usr/lib/nls/csmap/"
+	CSTART                        = '\021'
+	CSTOP                         = '\023'
+	CSTOPB                        = 0x40
+	CSUSP                         = 0x1a
+	ECHO                          = 0x8
+	ECHOCTL                       = 0x20000
+	ECHOE                         = 0x10
+	ECHOK                         = 0x20
+	ECHOKE                        = 0x80000
+	ECHONL                        = 0x40
+	ECHOPRT                       = 0x40000
+	ECH_ICMPID                    = 0x2
+	ETHERNET_CSMACD               = 0x6
+	EVENP                         = 0x80
+	EXCONTINUE                    = 0x0
+	EXDLOK                        = 0x3
+	EXIO                          = 0x2
+	EXPGIO                        = 0x0
+	EXRESUME                      = 0x2
+	EXRETURN                      = 0x1
+	EXSIG                         = 0x4
+	EXTA                          = 0xe
+	EXTB                          = 0xf
+	EXTRAP                        = 0x1
+	EYEC_RTENTRYA                 = 0x257274656e747241
+	EYEC_RTENTRYF                 = 0x257274656e747246
+	E_ACC                         = 0x0
+	FD_CLOEXEC                    = 0x1
+	FD_SETSIZE                    = 0xfffe
+	FF0                           = 0x0
+	FF1                           = 0x2000
+	FFDLY                         = 0x2000
+	FLUSHBAND                     = 0x40
+	FLUSHLOW                      = 0x8
+	FLUSHO                        = 0x100000
+	FLUSHR                        = 0x1
+	FLUSHRW                       = 0x3
+	FLUSHW                        = 0x2
+	F_CLOSEM                      = 0xa
+	F_DUP2FD                      = 0xe
+	F_DUPFD                       = 0x0
+	F_GETFD                       = 0x1
+	F_GETFL                       = 0x3
+	F_GETLK                       = 0xb
+	F_GETLK64                     = 0xb
+	F_GETOWN                      = 0x8
+	F_LOCK                        = 0x1
+	F_OK                          = 0x0
+	F_RDLCK                       = 0x1
+	F_SETFD                       = 0x2
+	F_SETFL                       = 0x4
+	F_SETLK                       = 0xc
+	F_SETLK64                     = 0xc
+	F_SETLKW                      = 0xd
+	F_SETLKW64                    = 0xd
+	F_SETOWN                      = 0x9
+	F_TEST                        = 0x3
+	F_TLOCK                       = 0x2
+	F_TSTLK                       = 0xf
+	F_ULOCK                       = 0x0
+	F_UNLCK                       = 0x3
+	F_WRLCK                       = 0x2
+	HUPCL                         = 0x400
+	IBSHIFT                       = 0x10
+	ICANON                        = 0x2
+	ICMP6_FILTER                  = 0x26
+	ICMP6_SEC_SEND_DEL            = 0x46
+	ICMP6_SEC_SEND_GET            = 0x47
+	ICMP6_SEC_SEND_SET            = 0x44
+	ICMP6_SEC_SEND_SET_CGA_ADDR   = 0x45
+	ICRNL                         = 0x100
+	IEXTEN                        = 0x200000
+	IFA_FIRSTALIAS                = 0x2000
+	IFA_ROUTE                     = 0x1
+	IFF_64BIT                     = 0x4000000
+	IFF_ALLCAST                   = 0x20000
+	IFF_ALLMULTI                  = 0x200
+	IFF_BPF                       = 0x8000000
+	IFF_BRIDGE                    = 0x40000
+	IFF_BROADCAST                 = 0x2
+	IFF_CANTCHANGE                = 0x80c52
+	IFF_CHECKSUM_OFFLOAD          = 0x10000000
+	IFF_D1                        = 0x8000
+	IFF_D2                        = 0x4000
+	IFF_D3                        = 0x2000
+	IFF_D4                        = 0x1000
+	IFF_DEBUG                     = 0x4
+	IFF_DEVHEALTH                 = 0x4000
+	IFF_DO_HW_LOOPBACK            = 0x10000
+	IFF_GROUP_ROUTING             = 0x2000000
+	IFF_IFBUFMGT                  = 0x800000
+	IFF_LINK0                     = 0x100000
+	IFF_LINK1                     = 0x200000
+	IFF_LINK2                     = 0x400000
+	IFF_LOOPBACK                  = 0x8
+	IFF_MULTICAST                 = 0x80000
+	IFF_NOARP                     = 0x80
+	IFF_NOECHO                    = 0x800
+	IFF_NOTRAILERS                = 0x20
+	IFF_OACTIVE                   = 0x400
+	IFF_POINTOPOINT               = 0x10
+	IFF_PROMISC                   = 0x100
+	IFF_PSEG                      = 0x40000000
+	IFF_RUNNING                   = 0x40
+	IFF_SIMPLEX                   = 0x800
+	IFF_SNAP                      = 0x8000
+	IFF_TCP_DISABLE_CKSUM         = 0x20000000
+	IFF_TCP_NOCKSUM               = 0x1000000
+	IFF_UP                        = 0x1
+	IFF_VIPA                      = 0x80000000
+	IFNAMSIZ                      = 0x10
+	IFO_FLUSH                     = 0x1
+	IFT_1822                      = 0x2
+	IFT_AAL5                      = 0x31
+	IFT_ARCNET                    = 0x23
+	IFT_ARCNETPLUS                = 0x24
+	IFT_ATM                       = 0x25
+	IFT_CEPT                      = 0x13
+	IFT_CLUSTER                   = 0x3e
+	IFT_DS3                       = 0x1e
+	IFT_EON                       = 0x19
+	IFT_ETHER                     = 0x6
+	IFT_FCS                       = 0x3a
+	IFT_FDDI                      = 0xf
+	IFT_FRELAY                    = 0x20
+	IFT_FRELAYDCE                 = 0x2c
+	IFT_GIFTUNNEL                 = 0x3c
+	IFT_HDH1822                   = 0x3
+	IFT_HF                        = 0x3d
+	IFT_HIPPI                     = 0x2f
+	IFT_HSSI                      = 0x2e
+	IFT_HY                        = 0xe
+	IFT_IB                        = 0xc7
+	IFT_ISDNBASIC                 = 0x14
+	IFT_ISDNPRIMARY               = 0x15
+	IFT_ISO88022LLC               = 0x29
+	IFT_ISO88023                  = 0x7
+	IFT_ISO88024                  = 0x8
+	IFT_ISO88025                  = 0x9
+	IFT_ISO88026                  = 0xa
+	IFT_LAPB                      = 0x10
+	IFT_LOCALTALK                 = 0x2a
+	IFT_LOOP                      = 0x18
+	IFT_MIOX25                    = 0x26
+	IFT_MODEM                     = 0x30
+	IFT_NSIP                      = 0x1b
+	IFT_OTHER                     = 0x1
+	IFT_P10                       = 0xc
+	IFT_P80                       = 0xd
+	IFT_PARA                      = 0x22
+	IFT_PPP                       = 0x17
+	IFT_PROPMUX                   = 0x36
+	IFT_PROPVIRTUAL               = 0x35
+	IFT_PTPSERIAL                 = 0x16
+	IFT_RS232                     = 0x21
+	IFT_SDLC                      = 0x11
+	IFT_SIP                       = 0x1f
+	IFT_SLIP                      = 0x1c
+	IFT_SMDSDXI                   = 0x2b
+	IFT_SMDSICIP                  = 0x34
+	IFT_SN                        = 0x38
+	IFT_SONET                     = 0x27
+	IFT_SONETPATH                 = 0x32
+	IFT_SONETVT                   = 0x33
+	IFT_SP                        = 0x39
+	IFT_STARLAN                   = 0xb
+	IFT_T1                        = 0x12
+	IFT_TUNNEL                    = 0x3b
+	IFT_ULTRA                     = 0x1d
+	IFT_V35                       = 0x2d
+	IFT_VIPA                      = 0x37
+	IFT_X25                       = 0x5
+	IFT_X25DDN                    = 0x4
+	IFT_X25PLE                    = 0x28
+	IFT_XETHER                    = 0x1a
+	IGNBRK                        = 0x1
+	IGNCR                         = 0x80
+	IGNPAR                        = 0x4
+	IMAXBEL                       = 0x10000
+	INLCR                         = 0x40
+	INPCK                         = 0x10
+	IN_CLASSA_HOST                = 0xffffff
+	IN_CLASSA_MAX                 = 0x80
+	IN_CLASSA_NET                 = 0xff000000
+	IN_CLASSA_NSHIFT              = 0x18
+	IN_CLASSB_HOST                = 0xffff
+	IN_CLASSB_MAX                 = 0x10000
+	IN_CLASSB_NET                 = 0xffff0000
+	IN_CLASSB_NSHIFT              = 0x10
+	IN_CLASSC_HOST                = 0xff
+	IN_CLASSC_NET                 = 0xffffff00
+	IN_CLASSC_NSHIFT              = 0x8
+	IN_CLASSD_HOST                = 0xfffffff
+	IN_CLASSD_NET                 = 0xf0000000
+	IN_CLASSD_NSHIFT              = 0x1c
+	IN_LOOPBACKNET                = 0x7f
+	IN_USE                        = 0x1
+	IPPROTO_AH                    = 0x33
+	IPPROTO_BIP                   = 0x53
+	IPPROTO_DSTOPTS               = 0x3c
+	IPPROTO_EGP                   = 0x8
+	IPPROTO_EON                   = 0x50
+	IPPROTO_ESP                   = 0x32
+	IPPROTO_FRAGMENT              = 0x2c
+	IPPROTO_GGP                   = 0x3
+	IPPROTO_GIF                   = 0x8c
+	IPPROTO_GRE                   = 0x2f
+	IPPROTO_HOPOPTS               = 0x0
+	IPPROTO_ICMP                  = 0x1
+	IPPROTO_ICMPV6                = 0x3a
+	IPPROTO_IDP                   = 0x16
+	IPPROTO_IGMP                  = 0x2
+	IPPROTO_IP                    = 0x0
+	IPPROTO_IPIP                  = 0x4
+	IPPROTO_IPV6                  = 0x29
+	IPPROTO_LOCAL                 = 0x3f
+	IPPROTO_MAX                   = 0x100
+	IPPROTO_MH                    = 0x87
+	IPPROTO_NONE                  = 0x3b
+	IPPROTO_PUP                   = 0xc
+	IPPROTO_QOS                   = 0x2d
+	IPPROTO_RAW                   = 0xff
+	IPPROTO_ROUTING               = 0x2b
+	IPPROTO_RSVP                  = 0x2e
+	IPPROTO_SCTP                  = 0x84
+	IPPROTO_TCP                   = 0x6
+	IPPROTO_TP                    = 0x1d
+	IPPROTO_UDP                   = 0x11
+	IPV6_ADDRFORM                 = 0x16
+	IPV6_ADDR_PREFERENCES         = 0x4a
+	IPV6_ADD_MEMBERSHIP           = 0xc
+	IPV6_AIXRAWSOCKET             = 0x39
+	IPV6_CHECKSUM                 = 0x27
+	IPV6_DONTFRAG                 = 0x2d
+	IPV6_DROP_MEMBERSHIP          = 0xd
+	IPV6_DSTOPTS                  = 0x36
+	IPV6_FLOWINFO_FLOWLABEL       = 0xffffff
+	IPV6_FLOWINFO_PRIFLOW         = 0xfffffff
+	IPV6_FLOWINFO_PRIORITY        = 0xf000000
+	IPV6_FLOWINFO_SRFLAG          = 0x10000000
+	IPV6_FLOWINFO_VERSION         = 0xf0000000
+	IPV6_HOPLIMIT                 = 0x28
+	IPV6_HOPOPTS                  = 0x34
+	IPV6_JOIN_GROUP               = 0xc
+	IPV6_LEAVE_GROUP              = 0xd
+	IPV6_MIPDSTOPTS               = 0x36
+	IPV6_MULTICAST_HOPS           = 0xa
+	IPV6_MULTICAST_IF             = 0x9
+	IPV6_MULTICAST_LOOP           = 0xb
+	IPV6_NEXTHOP                  = 0x30
+	IPV6_NOPROBE                  = 0x1c
+	IPV6_PATHMTU                  = 0x2e
+	IPV6_PKTINFO                  = 0x21
+	IPV6_PKTOPTIONS               = 0x24
+	IPV6_PRIORITY_10              = 0xa000000
+	IPV6_PRIORITY_11              = 0xb000000
+	IPV6_PRIORITY_12              = 0xc000000
+	IPV6_PRIORITY_13              = 0xd000000
+	IPV6_PRIORITY_14              = 0xe000000
+	IPV6_PRIORITY_15              = 0xf000000
+	IPV6_PRIORITY_8               = 0x8000000
+	IPV6_PRIORITY_9               = 0x9000000
+	IPV6_PRIORITY_BULK            = 0x4000000
+	IPV6_PRIORITY_CONTROL         = 0x7000000
+	IPV6_PRIORITY_FILLER          = 0x1000000
+	IPV6_PRIORITY_INTERACTIVE     = 0x6000000
+	IPV6_PRIORITY_RESERVED1       = 0x3000000
+	IPV6_PRIORITY_RESERVED2       = 0x5000000
+	IPV6_PRIORITY_UNATTENDED      = 0x2000000
+	IPV6_PRIORITY_UNCHARACTERIZED = 0x0
+	IPV6_RECVDSTOPTS              = 0x38
+	IPV6_RECVHOPLIMIT             = 0x29
+	IPV6_RECVHOPOPTS              = 0x35
+	IPV6_RECVHOPS                 = 0x22
+	IPV6_RECVIF                   = 0x1e
+	IPV6_RECVPATHMTU              = 0x2f
+	IPV6_RECVPKTINFO              = 0x23
+	IPV6_RECVRTHDR                = 0x33
+	IPV6_RECVSRCRT                = 0x1d
+	IPV6_RECVTCLASS               = 0x2a
+	IPV6_RTHDR                    = 0x32
+	IPV6_RTHDRDSTOPTS             = 0x37
+	IPV6_RTHDR_TYPE_0             = 0x0
+	IPV6_RTHDR_TYPE_2             = 0x2
+	IPV6_SENDIF                   = 0x1f
+	IPV6_SRFLAG_LOOSE             = 0x0
+	IPV6_SRFLAG_STRICT            = 0x10000000
+	IPV6_TCLASS                   = 0x2b
+	IPV6_TOKEN_LENGTH             = 0x40
+	IPV6_UNICAST_HOPS             = 0x4
+	IPV6_USE_MIN_MTU              = 0x2c
+	IPV6_V6ONLY                   = 0x25
+	IPV6_VERSION                  = 0x60000000
+	IP_ADDRFORM                   = 0x16
+	IP_ADD_MEMBERSHIP             = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP      = 0x3c
+	IP_BLOCK_SOURCE               = 0x3a
+	IP_BROADCAST_IF               = 0x10
+	IP_CACHE_LINE_SIZE            = 0x80
+	IP_DEFAULT_MULTICAST_LOOP     = 0x1
+	IP_DEFAULT_MULTICAST_TTL      = 0x1
+	IP_DF                         = 0x4000
+	IP_DHCPMODE                   = 0x11
+	IP_DONTFRAG                   = 0x19
+	IP_DROP_MEMBERSHIP            = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP     = 0x3d
+	IP_FINDPMTU                   = 0x1a
+	IP_HDRINCL                    = 0x2
+	IP_INC_MEMBERSHIPS            = 0x14
+	IP_INIT_MEMBERSHIP            = 0x14
+	IP_MAXPACKET                  = 0xffff
+	IP_MF                         = 0x2000
+	IP_MSS                        = 0x240
+	IP_MULTICAST_HOPS             = 0xa
+	IP_MULTICAST_IF               = 0x9
+	IP_MULTICAST_LOOP             = 0xb
+	IP_MULTICAST_TTL              = 0xa
+	IP_OPT                        = 0x1b
+	IP_OPTIONS                    = 0x1
+	IP_PMTUAGE                    = 0x1b
+	IP_RECVDSTADDR                = 0x7
+	IP_RECVIF                     = 0x14
+	IP_RECVIFINFO                 = 0xf
+	IP_RECVINTERFACE              = 0x20
+	IP_RECVMACHDR                 = 0xe
+	IP_RECVOPTS                   = 0x5
+	IP_RECVRETOPTS                = 0x6
+	IP_RECVTTL                    = 0x22
+	IP_RETOPTS                    = 0x8
+	IP_SOURCE_FILTER              = 0x48
+	IP_TOS                        = 0x3
+	IP_TTL                        = 0x4
+	IP_UNBLOCK_SOURCE             = 0x3b
+	IP_UNICAST_HOPS               = 0x4
+	ISIG                          = 0x1
+	ISTRIP                        = 0x20
+	IUCLC                         = 0x800
+	IXANY                         = 0x1000
+	IXOFF                         = 0x400
+	IXON                          = 0x200
+	I_FLUSH                       = 0x20005305
+	LNOFLSH                       = 0x8000
+	LOCK_EX                       = 0x2
+	LOCK_NB                       = 0x4
+	LOCK_SH                       = 0x1
+	LOCK_UN                       = 0x8
+	MADV_DONTNEED                 = 0x4
+	MADV_NORMAL                   = 0x0
+	MADV_RANDOM                   = 0x1
+	MADV_SEQUENTIAL               = 0x2
+	MADV_SPACEAVAIL               = 0x5
+	MADV_WILLNEED                 = 0x3
+	MAP_ANON                      = 0x10
+	MAP_ANONYMOUS                 = 0x10
+	MAP_FILE                      = 0x0
+	MAP_FIXED                     = 0x100
+	MAP_PRIVATE                   = 0x2
+	MAP_SHARED                    = 0x1
+	MAP_TYPE                      = 0xf0
+	MAP_VARIABLE                  = 0x0
+	MCAST_BLOCK_SOURCE            = 0x40
+	MCAST_EXCLUDE                 = 0x2
+	MCAST_INCLUDE                 = 0x1
+	MCAST_JOIN_GROUP              = 0x3e
+	MCAST_JOIN_SOURCE_GROUP       = 0x42
+	MCAST_LEAVE_GROUP             = 0x3f
+	MCAST_LEAVE_SOURCE_GROUP      = 0x43
+	MCAST_SOURCE_FILTER           = 0x49
+	MCAST_UNBLOCK_SOURCE          = 0x41
+	MCL_CURRENT                   = 0x100
+	MCL_FUTURE                    = 0x200
+	MSG_ANY                       = 0x4
+	MSG_ARGEXT                    = 0x400
+	MSG_BAND                      = 0x2
+	MSG_COMPAT                    = 0x8000
+	MSG_CTRUNC                    = 0x20
+	MSG_DONTROUTE                 = 0x4
+	MSG_EOR                       = 0x8
+	MSG_HIPRI                     = 0x1
+	MSG_MAXIOVLEN                 = 0x10
+	MSG_MPEG2                     = 0x80
+	MSG_NONBLOCK                  = 0x4000
+	MSG_NOSIGNAL                  = 0x100
+	MSG_OOB                       = 0x1
+	MSG_PEEK                      = 0x2
+	MSG_TRUNC                     = 0x10
+	MSG_WAITALL                   = 0x40
+	MSG_WAITFORONE                = 0x200
+	MS_ASYNC                      = 0x10
+	MS_EINTR                      = 0x80
+	MS_INVALIDATE                 = 0x40
+	MS_PER_SEC                    = 0x3e8
+	MS_SYNC                       = 0x20
+	NFDBITS                       = 0x40
+	NL0                           = 0x0
+	NL1                           = 0x4000
+	NL2                           = 0x8000
+	NL3                           = 0xc000
+	NLDLY                         = 0x4000
+	NOFLSH                        = 0x80
+	NOFLUSH                       = 0x80000000
+	OCRNL                         = 0x8
+	OFDEL                         = 0x80
+	OFILL                         = 0x40
+	OLCUC                         = 0x2
+	ONLCR                         = 0x4
+	ONLRET                        = 0x20
+	ONOCR                         = 0x10
+	ONOEOT                        = 0x80000
+	OPOST                         = 0x1
+	OXTABS                        = 0x40000
+	O_ACCMODE                     = 0x23
+	O_APPEND                      = 0x8
+	O_CIO                         = 0x80
+	O_CIOR                        = 0x800000000
+	O_CLOEXEC                     = 0x800000
+	O_CREAT                       = 0x100
+	O_DEFER                       = 0x2000
+	O_DELAY                       = 0x4000
+	O_DIRECT                      = 0x8000000
+	O_DIRECTORY                   = 0x80000
+	O_DSYNC                       = 0x400000
+	O_EFSOFF                      = 0x400000000
+	O_EFSON                       = 0x200000000
+	O_EXCL                        = 0x400
+	O_EXEC                        = 0x20
+	O_LARGEFILE                   = 0x4000000
+	O_NDELAY                      = 0x8000
+	O_NOCACHE                     = 0x100000
+	O_NOCTTY                      = 0x800
+	O_NOFOLLOW                    = 0x1000000
+	O_NONBLOCK                    = 0x4
+	O_NONE                        = 0x3
+	O_NSHARE                      = 0x10000
+	O_RAW                         = 0x100000000
+	O_RDONLY                      = 0x0
+	O_RDWR                        = 0x2
+	O_RSHARE                      = 0x1000
+	O_RSYNC                       = 0x200000
+	O_SEARCH                      = 0x20
+	O_SNAPSHOT                    = 0x40
+	O_SYNC                        = 0x10
+	O_TRUNC                       = 0x200
+	O_TTY_INIT                    = 0x0
+	O_WRONLY                      = 0x1
+	PARENB                        = 0x100
+	PAREXT                        = 0x100000
+	PARMRK                        = 0x8
+	PARODD                        = 0x200
+	PENDIN                        = 0x20000000
+	PRIO_PGRP                     = 0x1
+	PRIO_PROCESS                  = 0x0
+	PRIO_USER                     = 0x2
+	PROT_EXEC                     = 0x4
+	PROT_NONE                     = 0x0
+	PROT_READ                     = 0x1
+	PROT_WRITE                    = 0x2
+	PR_64BIT                      = 0x20
+	PR_ADDR                       = 0x2
+	PR_ARGEXT                     = 0x400
+	PR_ATOMIC                     = 0x1
+	PR_CONNREQUIRED               = 0x4
+	PR_FASTHZ                     = 0x5
+	PR_INP                        = 0x40
+	PR_INTRLEVEL                  = 0x8000
+	PR_MLS                        = 0x100
+	PR_MLS_1_LABEL                = 0x200
+	PR_NOEOR                      = 0x4000
+	PR_RIGHTS                     = 0x10
+	PR_SLOWHZ                     = 0x2
+	PR_WANTRCVD                   = 0x8
+	RLIMIT_AS                     = 0x6
+	RLIMIT_CORE                   = 0x4
+	RLIMIT_CPU                    = 0x0
+	RLIMIT_DATA                   = 0x2
+	RLIMIT_FSIZE                  = 0x1
+	RLIMIT_NOFILE                 = 0x7
+	RLIMIT_NPROC                  = 0x9
+	RLIMIT_RSS                    = 0x5
+	RLIMIT_STACK                  = 0x3
+	RLIM_INFINITY                 = 0x7fffffffffffffff
+	RTAX_AUTHOR                   = 0x6
+	RTAX_BRD                      = 0x7
+	RTAX_DST                      = 0x0
+	RTAX_GATEWAY                  = 0x1
+	RTAX_GENMASK                  = 0x3
+	RTAX_IFA                      = 0x5
+	RTAX_IFP                      = 0x4
+	RTAX_MAX                      = 0x8
+	RTAX_NETMASK                  = 0x2
+	RTA_AUTHOR                    = 0x40
+	RTA_BRD                       = 0x80
+	RTA_DOWNSTREAM                = 0x100
+	RTA_DST                       = 0x1
+	RTA_GATEWAY                   = 0x2
+	RTA_GENMASK                   = 0x8
+	RTA_IFA                       = 0x20
+	RTA_IFP                       = 0x10
+	RTA_NETMASK                   = 0x4
+	RTC_IA64                      = 0x3
+	RTC_POWER                     = 0x1
+	RTC_POWER_PC                  = 0x2
+	RTF_ACTIVE_DGD                = 0x1000000
+	RTF_BCE                       = 0x80000
+	RTF_BLACKHOLE                 = 0x1000
+	RTF_BROADCAST                 = 0x400000
+	RTF_BUL                       = 0x2000
+	RTF_CLONE                     = 0x10000
+	RTF_CLONED                    = 0x20000
+	RTF_CLONING                   = 0x100
+	RTF_DONE                      = 0x40
+	RTF_DYNAMIC                   = 0x10
+	RTF_FREE_IN_PROG              = 0x4000000
+	RTF_GATEWAY                   = 0x2
+	RTF_HOST                      = 0x4
+	RTF_LLINFO                    = 0x400
+	RTF_LOCAL                     = 0x200000
+	RTF_MASK                      = 0x80
+	RTF_MODIFIED                  = 0x20
+	RTF_MULTICAST                 = 0x800000
+	RTF_PERMANENT6                = 0x8000000
+	RTF_PINNED                    = 0x100000
+	RTF_PROTO1                    = 0x8000
+	RTF_PROTO2                    = 0x4000
+	RTF_PROTO3                    = 0x40000
+	RTF_REJECT                    = 0x8
+	RTF_SMALLMTU                  = 0x40000
+	RTF_STATIC                    = 0x800
+	RTF_STOPSRCH                  = 0x2000000
+	RTF_UNREACHABLE               = 0x10000000
+	RTF_UP                        = 0x1
+	RTF_XRESOLVE                  = 0x200
+	RTM_ADD                       = 0x1
+	RTM_CHANGE                    = 0x3
+	RTM_DELADDR                   = 0xd
+	RTM_DELETE                    = 0x2
+	RTM_EXPIRE                    = 0xf
+	RTM_GET                       = 0x4
+	RTM_GETNEXT                   = 0x11
+	RTM_IFINFO                    = 0xe
+	RTM_LOCK                      = 0x8
+	RTM_LOSING                    = 0x5
+	RTM_MISS                      = 0x7
+	RTM_NEWADDR                   = 0xc
+	RTM_OLDADD                    = 0x9
+	RTM_OLDDEL                    = 0xa
+	RTM_REDIRECT                  = 0x6
+	RTM_RESOLVE                   = 0xb
+	RTM_RTLOST                    = 0x10
+	RTM_RTTUNIT                   = 0xf4240
+	RTM_SAMEADDR                  = 0x12
+	RTM_SET                       = 0x13
+	RTM_VERSION                   = 0x2
+	RTM_VERSION_GR                = 0x4
+	RTM_VERSION_GR_COMPAT         = 0x3
+	RTM_VERSION_POLICY            = 0x5
+	RTM_VERSION_POLICY_EXT        = 0x6
+	RTM_VERSION_POLICY_PRFN       = 0x7
+	RTV_EXPIRE                    = 0x4
+	RTV_HOPCOUNT                  = 0x2
+	RTV_MTU                       = 0x1
+	RTV_RPIPE                     = 0x8
+	RTV_RTT                       = 0x40
+	RTV_RTTVAR                    = 0x80
+	RTV_SPIPE                     = 0x10
+	RTV_SSTHRESH                  = 0x20
+	RUSAGE_CHILDREN               = -0x1
+	RUSAGE_SELF                   = 0x0
+	RUSAGE_THREAD                 = 0x1
+	SCM_RIGHTS                    = 0x1
+	SHUT_RD                       = 0x0
+	SHUT_RDWR                     = 0x2
+	SHUT_WR                       = 0x1
+	SIGMAX64                      = 0xff
+	SIGQUEUE_MAX                  = 0x20
+	SIOCADDIFVIPA                 = 0x20006942
+	SIOCADDMTU                    = -0x7ffb9690
+	SIOCADDMULTI                  = -0x7fdf96cf
+	SIOCADDNETID                  = -0x7fd796a9
+	SIOCADDRT                     = -0x7fc78df6
+	SIOCAIFADDR                   = -0x7fbf96e6
+	SIOCATMARK                    = 0x40047307
+	SIOCDARP                      = -0x7fb396e0
+	SIOCDELIFVIPA                 = 0x20006943
+	SIOCDELMTU                    = -0x7ffb968f
+	SIOCDELMULTI                  = -0x7fdf96ce
+	SIOCDELPMTU                   = -0x7fd78ff6
+	SIOCDELRT                     = -0x7fc78df5
+	SIOCDIFADDR                   = -0x7fd796e7
+	SIOCDNETOPT                   = -0x3ffe9680
+	SIOCDX25XLATE                 = -0x7fd7969b
+	SIOCFIFADDR                   = -0x7fdf966d
+	SIOCGARP                      = -0x3fb396da
+	SIOCGETMTUS                   = 0x2000696f
+	SIOCGETSGCNT                  = -0x3feb8acc
+	SIOCGETVIFCNT                 = -0x3feb8acd
+	SIOCGHIWAT                    = 0x40047301
+	SIOCGIFADDR                   = -0x3fd796df
+	SIOCGIFADDRS                  = 0x2000698c
+	SIOCGIFBAUDRATE               = -0x3fdf9669
+	SIOCGIFBRDADDR                = -0x3fd796dd
+	SIOCGIFCONF                   = -0x3fef96bb
+	SIOCGIFCONFGLOB               = -0x3fef9670
+	SIOCGIFDSTADDR                = -0x3fd796de
+	SIOCGIFFLAGS                  = -0x3fd796ef
+	SIOCGIFGIDLIST                = 0x20006968
+	SIOCGIFHWADDR                 = -0x3fab966b
+	SIOCGIFMETRIC                 = -0x3fd796e9
+	SIOCGIFMTU                    = -0x3fd796aa
+	SIOCGIFNETMASK                = -0x3fd796db
+	SIOCGIFOPTIONS                = -0x3fd796d6
+	SIOCGISNO                     = -0x3fd79695
+	SIOCGLOADF                    = -0x3ffb967e
+	SIOCGLOWAT                    = 0x40047303
+	SIOCGNETOPT                   = -0x3ffe96a5
+	SIOCGNETOPT1                  = -0x3fdf967f
+	SIOCGNMTUS                    = 0x2000696e
+	SIOCGPGRP                     = 0x40047309
+	SIOCGSIZIFCONF                = 0x4004696a
+	SIOCGSRCFILTER                = -0x3fe796cb
+	SIOCGTUNEPHASE                = -0x3ffb9676
+	SIOCGX25XLATE                 = -0x3fd7969c
+	SIOCIFATTACH                  = -0x7fdf9699
+	SIOCIFDETACH                  = -0x7fdf969a
+	SIOCIFGETPKEY                 = -0x7fdf969b
+	SIOCIF_ATM_DARP               = -0x7fdf9683
+	SIOCIF_ATM_DUMPARP            = -0x7fdf9685
+	SIOCIF_ATM_GARP               = -0x7fdf9682
+	SIOCIF_ATM_IDLE               = -0x7fdf9686
+	SIOCIF_ATM_SARP               = -0x7fdf9681
+	SIOCIF_ATM_SNMPARP            = -0x7fdf9687
+	SIOCIF_ATM_SVC                = -0x7fdf9684
+	SIOCIF_ATM_UBR                = -0x7fdf9688
+	SIOCIF_DEVHEALTH              = -0x7ffb966c
+	SIOCIF_IB_ARP_INCOMP          = -0x7fdf9677
+	SIOCIF_IB_ARP_TIMER           = -0x7fdf9678
+	SIOCIF_IB_CLEAR_PINFO         = -0x3fdf966f
+	SIOCIF_IB_DEL_ARP             = -0x7fdf967f
+	SIOCIF_IB_DEL_PINFO           = -0x3fdf9670
+	SIOCIF_IB_DUMP_ARP            = -0x7fdf9680
+	SIOCIF_IB_GET_ARP             = -0x7fdf967e
+	SIOCIF_IB_GET_INFO            = -0x3f879675
+	SIOCIF_IB_GET_STATS           = -0x3f879672
+	SIOCIF_IB_NOTIFY_ADDR_REM     = -0x3f87966a
+	SIOCIF_IB_RESET_STATS         = -0x3f879671
+	SIOCIF_IB_RESIZE_CQ           = -0x7fdf9679
+	SIOCIF_IB_SET_ARP             = -0x7fdf967d
+	SIOCIF_IB_SET_PKEY            = -0x7fdf967c
+	SIOCIF_IB_SET_PORT            = -0x7fdf967b
+	SIOCIF_IB_SET_QKEY            = -0x7fdf9676
+	SIOCIF_IB_SET_QSIZE           = -0x7fdf967a
+	SIOCLISTIFVIPA                = 0x20006944
+	SIOCSARP                      = -0x7fb396e2
+	SIOCSHIWAT                    = 0xffffffff80047300
+	SIOCSIFADDR                   = -0x7fd796f4
+	SIOCSIFADDRORI                = -0x7fdb9673
+	SIOCSIFBRDADDR                = -0x7fd796ed
+	SIOCSIFDSTADDR                = -0x7fd796f2
+	SIOCSIFFLAGS                  = -0x7fd796f0
+	SIOCSIFGIDLIST                = 0x20006969
+	SIOCSIFMETRIC                 = -0x7fd796e8
+	SIOCSIFMTU                    = -0x7fd796a8
+	SIOCSIFNETDUMP                = -0x7fd796e4
+	SIOCSIFNETMASK                = -0x7fd796ea
+	SIOCSIFOPTIONS                = -0x7fd796d7
+	SIOCSIFSUBCHAN                = -0x7fd796e5
+	SIOCSISNO                     = -0x7fd79694
+	SIOCSLOADF                    = -0x3ffb967d
+	SIOCSLOWAT                    = 0xffffffff80047302
+	SIOCSNETOPT                   = -0x7ffe96a6
+	SIOCSPGRP                     = 0xffffffff80047308
+	SIOCSX25XLATE                 = -0x7fd7969d
+	SOCK_CONN_DGRAM               = 0x6
+	SOCK_DGRAM                    = 0x2
+	SOCK_RAW                      = 0x3
+	SOCK_RDM                      = 0x4
+	SOCK_SEQPACKET                = 0x5
+	SOCK_STREAM                   = 0x1
+	SOL_SOCKET                    = 0xffff
+	SOMAXCONN                     = 0x400
+	SO_ACCEPTCONN                 = 0x2
+	SO_AUDIT                      = 0x8000
+	SO_BROADCAST                  = 0x20
+	SO_CKSUMRECV                  = 0x800
+	SO_DEBUG                      = 0x1
+	SO_DONTROUTE                  = 0x10
+	SO_ERROR                      = 0x1007
+	SO_KEEPALIVE                  = 0x8
+	SO_KERNACCEPT                 = 0x2000
+	SO_LINGER                     = 0x80
+	SO_NOMULTIPATH                = 0x4000
+	SO_NOREUSEADDR                = 0x1000
+	SO_OOBINLINE                  = 0x100
+	SO_PEERID                     = 0x1009
+	SO_RCVBUF                     = 0x1002
+	SO_RCVLOWAT                   = 0x1004
+	SO_RCVTIMEO                   = 0x1006
+	SO_REUSEADDR                  = 0x4
+	SO_REUSEPORT                  = 0x200
+	SO_SNDBUF                     = 0x1001
+	SO_SNDLOWAT                   = 0x1003
+	SO_SNDTIMEO                   = 0x1005
+	SO_TIMESTAMPNS                = 0x100a
+	SO_TYPE                       = 0x1008
+	SO_USELOOPBACK                = 0x40
+	SO_USE_IFBUFS                 = 0x400
+	S_BANDURG                     = 0x400
+	S_EMODFMT                     = 0x3c000000
+	S_ENFMT                       = 0x400
+	S_ERROR                       = 0x100
+	S_HANGUP                      = 0x200
+	S_HIPRI                       = 0x2
+	S_ICRYPTO                     = 0x80000
+	S_IEXEC                       = 0x40
+	S_IFBLK                       = 0x6000
+	S_IFCHR                       = 0x2000
+	S_IFDIR                       = 0x4000
+	S_IFIFO                       = 0x1000
+	S_IFJOURNAL                   = 0x10000
+	S_IFLNK                       = 0xa000
+	S_IFMPX                       = 0x2200
+	S_IFMT                        = 0xf000
+	S_IFPDIR                      = 0x4000000
+	S_IFPSDIR                     = 0x8000000
+	S_IFPSSDIR                    = 0xc000000
+	S_IFREG                       = 0x8000
+	S_IFSOCK                      = 0xc000
+	S_IFSYSEA                     = 0x30000000
+	S_INPUT                       = 0x1
+	S_IREAD                       = 0x100
+	S_IRGRP                       = 0x20
+	S_IROTH                       = 0x4
+	S_IRUSR                       = 0x100
+	S_IRWXG                       = 0x38
+	S_IRWXO                       = 0x7
+	S_IRWXU                       = 0x1c0
+	S_ISGID                       = 0x400
+	S_ISUID                       = 0x800
+	S_ISVTX                       = 0x200
+	S_ITCB                        = 0x1000000
+	S_ITP                         = 0x800000
+	S_IWGRP                       = 0x10
+	S_IWOTH                       = 0x2
+	S_IWRITE                      = 0x80
+	S_IWUSR                       = 0x80
+	S_IXACL                       = 0x2000000
+	S_IXATTR                      = 0x40000
+	S_IXGRP                       = 0x8
+	S_IXINTERFACE                 = 0x100000
+	S_IXMOD                       = 0x40000000
+	S_IXOTH                       = 0x1
+	S_IXUSR                       = 0x40
+	S_MSG                         = 0x8
+	S_OUTPUT                      = 0x4
+	S_RDBAND                      = 0x20
+	S_RDNORM                      = 0x10
+	S_RESERVED1                   = 0x20000
+	S_RESERVED2                   = 0x200000
+	S_RESERVED3                   = 0x400000
+	S_RESERVED4                   = 0x80000000
+	S_RESFMT1                     = 0x10000000
+	S_RESFMT10                    = 0x34000000
+	S_RESFMT11                    = 0x38000000
+	S_RESFMT12                    = 0x3c000000
+	S_RESFMT2                     = 0x14000000
+	S_RESFMT3                     = 0x18000000
+	S_RESFMT4                     = 0x1c000000
+	S_RESFMT5                     = 0x20000000
+	S_RESFMT6                     = 0x24000000
+	S_RESFMT7                     = 0x28000000
+	S_RESFMT8                     = 0x2c000000
+	S_WRBAND                      = 0x80
+	S_WRNORM                      = 0x40
+	TAB0                          = 0x0
+	TAB1                          = 0x400
+	TAB2                          = 0x800
+	TAB3                          = 0xc00
+	TABDLY                        = 0xc00
+	TCFLSH                        = 0x540c
+	TCGETA                        = 0x5405
+	TCGETS                        = 0x5401
+	TCIFLUSH                      = 0x0
+	TCIOFF                        = 0x2
+	TCIOFLUSH                     = 0x2
+	TCION                         = 0x3
+	TCOFLUSH                      = 0x1
+	TCOOFF                        = 0x0
+	TCOON                         = 0x1
+	TCP_24DAYS_WORTH_OF_SLOWTICKS = 0x3f4800
+	TCP_ACLADD                    = 0x23
+	TCP_ACLBIND                   = 0x26
+	TCP_ACLCLEAR                  = 0x22
+	TCP_ACLDEL                    = 0x24
+	TCP_ACLDENY                   = 0x8
+	TCP_ACLFLUSH                  = 0x21
+	TCP_ACLGID                    = 0x1
+	TCP_ACLLS                     = 0x25
+	TCP_ACLSUBNET                 = 0x4
+	TCP_ACLUID                    = 0x2
+	TCP_CWND_DF                   = 0x16
+	TCP_CWND_IF                   = 0x15
+	TCP_DELAY_ACK_FIN             = 0x2
+	TCP_DELAY_ACK_SYN             = 0x1
+	TCP_FASTNAME                  = 0x101080a
+	TCP_KEEPCNT                   = 0x13
+	TCP_KEEPIDLE                  = 0x11
+	TCP_KEEPINTVL                 = 0x12
+	TCP_LSPRIV                    = 0x29
+	TCP_LUID                      = 0x20
+	TCP_MAXBURST                  = 0x8
+	TCP_MAXDF                     = 0x64
+	TCP_MAXIF                     = 0x64
+	TCP_MAXSEG                    = 0x2
+	TCP_MAXWIN                    = 0xffff
+	TCP_MAXWINDOWSCALE            = 0xe
+	TCP_MAX_SACK                  = 0x4
+	TCP_MSS                       = 0x5b4
+	TCP_NODELAY                   = 0x1
+	TCP_NODELAYACK                = 0x14
+	TCP_NOREDUCE_CWND_EXIT_FRXMT  = 0x19
+	TCP_NOREDUCE_CWND_IN_FRXMT    = 0x18
+	TCP_NOTENTER_SSTART           = 0x17
+	TCP_OPT                       = 0x19
+	TCP_RFC1323                   = 0x4
+	TCP_SETPRIV                   = 0x27
+	TCP_STDURG                    = 0x10
+	TCP_TIMESTAMP_OPTLEN          = 0xc
+	TCP_UNSETPRIV                 = 0x28
+	TCSAFLUSH                     = 0x2
+	TCSBRK                        = 0x5409
+	TCSETA                        = 0x5406
+	TCSETAF                       = 0x5408
+	TCSETAW                       = 0x5407
+	TCSETS                        = 0x5402
+	TCSETSF                       = 0x5404
+	TCSETSW                       = 0x5403
+	TCXONC                        = 0x540b
+	TIMER_ABSTIME                 = 0x3e7
+	TIMER_MAX                     = 0x20
+	TIOC                          = 0x5400
+	TIOCCBRK                      = 0x2000747a
+	TIOCCDTR                      = 0x20007478
+	TIOCCONS                      = 0xffffffff80047462
+	TIOCEXCL                      = 0x2000740d
+	TIOCFLUSH                     = 0xffffffff80047410
+	TIOCGETC                      = 0x40067412
+	TIOCGETD                      = 0x40047400
+	TIOCGETP                      = 0x40067408
+	TIOCGLTC                      = 0x40067474
+	TIOCGPGRP                     = 0x40047477
+	TIOCGSID                      = 0x40047448
+	TIOCGSIZE                     = 0x40087468
+	TIOCGWINSZ                    = 0x40087468
+	TIOCHPCL                      = 0x20007402
+	TIOCLBIC                      = 0xffffffff8004747e
+	TIOCLBIS                      = 0xffffffff8004747f
+	TIOCLGET                      = 0x4004747c
+	TIOCLSET                      = 0xffffffff8004747d
+	TIOCMBIC                      = 0xffffffff8004746b
+	TIOCMBIS                      = 0xffffffff8004746c
+	TIOCMGET                      = 0x4004746a
+	TIOCMIWAIT                    = 0xffffffff80047464
+	TIOCMODG                      = 0x40047403
+	TIOCMODS                      = 0xffffffff80047404
+	TIOCMSET                      = 0xffffffff8004746d
+	TIOCM_CAR                     = 0x40
+	TIOCM_CD                      = 0x40
+	TIOCM_CTS                     = 0x20
+	TIOCM_DSR                     = 0x100
+	TIOCM_DTR                     = 0x2
+	TIOCM_LE                      = 0x1
+	TIOCM_RI                      = 0x80
+	TIOCM_RNG                     = 0x80
+	TIOCM_RTS                     = 0x4
+	TIOCM_SR                      = 0x10
+	TIOCM_ST                      = 0x8
+	TIOCNOTTY                     = 0x20007471
+	TIOCNXCL                      = 0x2000740e
+	TIOCOUTQ                      = 0x40047473
+	TIOCPKT                       = 0xffffffff80047470
+	TIOCPKT_DATA                  = 0x0
+	TIOCPKT_DOSTOP                = 0x20
+	TIOCPKT_FLUSHREAD             = 0x1
+	TIOCPKT_FLUSHWRITE            = 0x2
+	TIOCPKT_NOSTOP                = 0x10
+	TIOCPKT_START                 = 0x8
+	TIOCPKT_STOP                  = 0x4
+	TIOCREMOTE                    = 0xffffffff80047469
+	TIOCSBRK                      = 0x2000747b
+	TIOCSDTR                      = 0x20007479
+	TIOCSETC                      = 0xffffffff80067411
+	TIOCSETD                      = 0xffffffff80047401
+	TIOCSETN                      = 0xffffffff8006740a
+	TIOCSETP                      = 0xffffffff80067409
+	TIOCSLTC                      = 0xffffffff80067475
+	TIOCSPGRP                     = 0xffffffff80047476
+	TIOCSSIZE                     = 0xffffffff80087467
+	TIOCSTART                     = 0x2000746e
+	TIOCSTI                       = 0xffffffff80017472
+	TIOCSTOP                      = 0x2000746f
+	TIOCSWINSZ                    = 0xffffffff80087467
+	TIOCUCNTL                     = 0xffffffff80047466
+	TOSTOP                        = 0x10000
+	UTIME_NOW                     = -0x2
+	UTIME_OMIT                    = -0x3
+	VDISCRD                       = 0xc
+	VDSUSP                        = 0xa
+	VEOF                          = 0x4
+	VEOL                          = 0x5
+	VEOL2                         = 0x6
+	VERASE                        = 0x2
+	VINTR                         = 0x0
+	VKILL                         = 0x3
+	VLNEXT                        = 0xe
+	VMIN                          = 0x4
+	VQUIT                         = 0x1
+	VREPRINT                      = 0xb
+	VSTART                        = 0x7
+	VSTOP                         = 0x8
+	VSTRT                         = 0x7
+	VSUSP                         = 0x9
+	VT0                           = 0x0
+	VT1                           = 0x8000
+	VTDELAY                       = 0x2000
+	VTDLY                         = 0x8000
+	VTIME                         = 0x5
+	VWERSE                        = 0xd
+	WPARSTART                     = 0x1
+	WPARSTOP                      = 0x2
+	WPARTTYNAME                   = "Global"
+	XCASE                         = 0x4
+	XTABS                         = 0xc00
+	_FDATAFLUSH                   = 0x2000000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x43)
+	EADDRNOTAVAIL   = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x42)
+	EAGAIN          = syscall.Errno(0xb)
+	EALREADY        = syscall.Errno(0x38)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x78)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x75)
+	ECHILD          = syscall.Errno(0xa)
+	ECHRNG          = syscall.Errno(0x25)
+	ECLONEME        = syscall.Errno(0x52)
+	ECONNABORTED    = syscall.Errno(0x48)
+	ECONNREFUSED    = syscall.Errno(0x4f)
+	ECONNRESET      = syscall.Errno(0x49)
+	ECORRUPT        = syscall.Errno(0x59)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDESTADDREQ     = syscall.Errno(0x3a)
+	EDESTADDRREQ    = syscall.Errno(0x3a)
+	EDIST           = syscall.Errno(0x35)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x58)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFORMAT         = syscall.Errno(0x30)
+	EHOSTDOWN       = syscall.Errno(0x50)
+	EHOSTUNREACH    = syscall.Errno(0x51)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x74)
+	EINPROGRESS     = syscall.Errno(0x37)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x4b)
+	EISDIR          = syscall.Errno(0x15)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOOP           = syscall.Errno(0x55)
+	EMEDIA          = syscall.Errno(0x6e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x3b)
+	EMULTIHOP       = syscall.Errno(0x7d)
+	ENAMETOOLONG    = syscall.Errno(0x56)
+	ENETDOWN        = syscall.Errno(0x45)
+	ENETRESET       = syscall.Errno(0x47)
+	ENETUNREACH     = syscall.Errno(0x46)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x70)
+	ENOBUFS         = syscall.Errno(0x4a)
+	ENOCONNECT      = syscall.Errno(0x32)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x7a)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x31)
+	ENOLINK         = syscall.Errno(0x7e)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x23)
+	ENOPROTOOPT     = syscall.Errno(0x3d)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x76)
+	ENOSTR          = syscall.Errno(0x7b)
+	ENOSYS          = syscall.Errno(0x6d)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x4c)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x11)
+	ENOTREADY       = syscall.Errno(0x2e)
+	ENOTRECOVERABLE = syscall.Errno(0x5e)
+	ENOTRUST        = syscall.Errno(0x72)
+	ENOTSOCK        = syscall.Errno(0x39)
+	ENOTSUP         = syscall.Errno(0x7c)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x40)
+	EOVERFLOW       = syscall.Errno(0x7f)
+	EOWNERDEAD      = syscall.Errno(0x5f)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x41)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x53)
+	EPROTO          = syscall.Errno(0x79)
+	EPROTONOSUPPORT = syscall.Errno(0x3e)
+	EPROTOTYPE      = syscall.Errno(0x3c)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x5d)
+	ERESTART        = syscall.Errno(0x52)
+	EROFS           = syscall.Errno(0x1e)
+	ESAD            = syscall.Errno(0x71)
+	ESHUTDOWN       = syscall.Errno(0x4d)
+	ESOCKTNOSUPPORT = syscall.Errno(0x3f)
+	ESOFT           = syscall.Errno(0x6f)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x34)
+	ESYSERROR       = syscall.Errno(0x5a)
+	ETIME           = syscall.Errno(0x77)
+	ETIMEDOUT       = syscall.Errno(0x4e)
+	ETOOMANYREFS    = syscall.Errno(0x73)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x54)
+	EWOULDBLOCK     = syscall.Errno(0xb)
+	EWRPROTECT      = syscall.Errno(0x2f)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT     = syscall.Signal(0x6)
+	SIGAIO      = syscall.Signal(0x17)
+	SIGALRM     = syscall.Signal(0xe)
+	SIGALRM1    = syscall.Signal(0x26)
+	SIGBUS      = syscall.Signal(0xa)
+	SIGCAPI     = syscall.Signal(0x31)
+	SIGCHLD     = syscall.Signal(0x14)
+	SIGCLD      = syscall.Signal(0x14)
+	SIGCONT     = syscall.Signal(0x13)
+	SIGCPUFAIL  = syscall.Signal(0x3b)
+	SIGDANGER   = syscall.Signal(0x21)
+	SIGEMT      = syscall.Signal(0x7)
+	SIGFPE      = syscall.Signal(0x8)
+	SIGGRANT    = syscall.Signal(0x3c)
+	SIGHUP      = syscall.Signal(0x1)
+	SIGILL      = syscall.Signal(0x4)
+	SIGINT      = syscall.Signal(0x2)
+	SIGIO       = syscall.Signal(0x17)
+	SIGIOINT    = syscall.Signal(0x10)
+	SIGIOT      = syscall.Signal(0x6)
+	SIGKAP      = syscall.Signal(0x3c)
+	SIGKILL     = syscall.Signal(0x9)
+	SIGLOST     = syscall.Signal(0x6)
+	SIGMAX      = syscall.Signal(0xff)
+	SIGMAX32    = syscall.Signal(0x3f)
+	SIGMIGRATE  = syscall.Signal(0x23)
+	SIGMSG      = syscall.Signal(0x1b)
+	SIGPIPE     = syscall.Signal(0xd)
+	SIGPOLL     = syscall.Signal(0x17)
+	SIGPRE      = syscall.Signal(0x24)
+	SIGPROF     = syscall.Signal(0x20)
+	SIGPTY      = syscall.Signal(0x17)
+	SIGPWR      = syscall.Signal(0x1d)
+	SIGQUIT     = syscall.Signal(0x3)
+	SIGRECONFIG = syscall.Signal(0x3a)
+	SIGRETRACT  = syscall.Signal(0x3d)
+	SIGSAK      = syscall.Signal(0x3f)
+	SIGSEGV     = syscall.Signal(0xb)
+	SIGSOUND    = syscall.Signal(0x3e)
+	SIGSTOP     = syscall.Signal(0x11)
+	SIGSYS      = syscall.Signal(0xc)
+	SIGSYSERROR = syscall.Signal(0x30)
+	SIGTALRM    = syscall.Signal(0x26)
+	SIGTERM     = syscall.Signal(0xf)
+	SIGTRAP     = syscall.Signal(0x5)
+	SIGTSTP     = syscall.Signal(0x12)
+	SIGTTIN     = syscall.Signal(0x15)
+	SIGTTOU     = syscall.Signal(0x16)
+	SIGURG      = syscall.Signal(0x10)
+	SIGUSR1     = syscall.Signal(0x1e)
+	SIGUSR2     = syscall.Signal(0x1f)
+	SIGVIRT     = syscall.Signal(0x25)
+	SIGVTALRM   = syscall.Signal(0x22)
+	SIGWAITING  = syscall.Signal(0x27)
+	SIGWINCH    = syscall.Signal(0x1c)
+	SIGXCPU     = syscall.Signal(0x18)
+	SIGXFSZ     = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "not owner"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "I/O error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "arg list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file number"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EWOULDBLOCK", "resource temporarily unavailable"},
+	{12, "ENOMEM", "not enough space"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "ENOTEMPTY", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "file table overflow"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "not a typewriter"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "deadlock condition if locked"},
+	{46, "ENOTREADY", "device not ready"},
+	{47, "EWRPROTECT", "write-protected media"},
+	{48, "EFORMAT", "unformatted or incompatible media"},
+	{49, "ENOLCK", "no locks available"},
+	{50, "ENOCONNECT", "cannot Establish Connection"},
+	{52, "ESTALE", "missing file or filesystem"},
+	{53, "EDIST", "requests blocked by Administrator"},
+	{55, "EINPROGRESS", "operation now in progress"},
+	{56, "EALREADY", "operation already in progress"},
+	{57, "ENOTSOCK", "socket operation on non-socket"},
+	{58, "EDESTADDREQ", "destination address required"},
+	{59, "EMSGSIZE", "message too long"},
+	{60, "EPROTOTYPE", "protocol wrong type for socket"},
+	{61, "ENOPROTOOPT", "protocol not available"},
+	{62, "EPROTONOSUPPORT", "protocol not supported"},
+	{63, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{64, "EOPNOTSUPP", "operation not supported on socket"},
+	{65, "EPFNOSUPPORT", "protocol family not supported"},
+	{66, "EAFNOSUPPORT", "addr family not supported by protocol"},
+	{67, "EADDRINUSE", "address already in use"},
+	{68, "EADDRNOTAVAIL", "can't assign requested address"},
+	{69, "ENETDOWN", "network is down"},
+	{70, "ENETUNREACH", "network is unreachable"},
+	{71, "ENETRESET", "network dropped connection on reset"},
+	{72, "ECONNABORTED", "software caused connection abort"},
+	{73, "ECONNRESET", "connection reset by peer"},
+	{74, "ENOBUFS", "no buffer space available"},
+	{75, "EISCONN", "socket is already connected"},
+	{76, "ENOTCONN", "socket is not connected"},
+	{77, "ESHUTDOWN", "can't send after socket shutdown"},
+	{78, "ETIMEDOUT", "connection timed out"},
+	{79, "ECONNREFUSED", "connection refused"},
+	{80, "EHOSTDOWN", "host is down"},
+	{81, "EHOSTUNREACH", "no route to host"},
+	{82, "ERESTART", "restart the system call"},
+	{83, "EPROCLIM", "too many processes"},
+	{84, "EUSERS", "too many users"},
+	{85, "ELOOP", "too many levels of symbolic links"},
+	{86, "ENAMETOOLONG", "file name too long"},
+	{88, "EDQUOT", "disk quota exceeded"},
+	{89, "ECORRUPT", "invalid file system control data detected"},
+	{90, "ESYSERROR", "for future use "},
+	{93, "EREMOTE", "item is not local to host"},
+	{94, "ENOTRECOVERABLE", "state not recoverable "},
+	{95, "EOWNERDEAD", "previous owner died "},
+	{109, "ENOSYS", "function not implemented"},
+	{110, "EMEDIA", "media surface error"},
+	{111, "ESOFT", "I/O completed, but needs relocation"},
+	{112, "ENOATTR", "no attribute found"},
+	{113, "ESAD", "security Authentication Denied"},
+	{114, "ENOTRUST", "not a Trusted Program"},
+	{115, "ETOOMANYREFS", "too many references: can't splice"},
+	{116, "EILSEQ", "invalid wide character"},
+	{117, "ECANCELED", "asynchronous I/O cancelled"},
+	{118, "ENOSR", "out of STREAMS resources"},
+	{119, "ETIME", "system call timed out"},
+	{120, "EBADMSG", "next message has wrong type"},
+	{121, "EPROTO", "error in protocol"},
+	{122, "ENODATA", "no message on stream head read q"},
+	{123, "ENOSTR", "fd not associated with a stream"},
+	{124, "ENOTSUP", "unsupported attribute value"},
+	{125, "EMULTIHOP", "multihop is not allowed"},
+	{126, "ENOLINK", "the server link has been severed"},
+	{127, "EOVERFLOW", "value too large to be stored in data type"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "IOT/Abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible/complete"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{27, "SIGMSG", "input device data"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGPWR", "power-failure"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPROF", "profiling timer expired"},
+	{33, "SIGDANGER", "paging space low"},
+	{34, "SIGVTALRM", "virtual timer expired"},
+	{35, "SIGMIGRATE", "signal 35"},
+	{36, "SIGPRE", "signal 36"},
+	{37, "SIGVIRT", "signal 37"},
+	{38, "SIGTALRM", "signal 38"},
+	{39, "SIGWAITING", "signal 39"},
+	{48, "SIGSYSERROR", "signal 48"},
+	{49, "SIGCAPI", "signal 49"},
+	{58, "SIGRECONFIG", "signal 58"},
+	{59, "SIGCPUFAIL", "CPU Failure Predicted"},
+	{60, "SIGGRANT", "monitor mode granted"},
+	{61, "SIGRETRACT", "monitor mode retracted"},
+	{62, "SIGSOUND", "sound completed"},
+	{63, "SIGMAX32", "secure attention"},
+	{255, "SIGMAX", "signal 255"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_386.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_386.go
deleted file mode 100644
index 3b39d7408ad84..0000000000000
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_386.go
+++ /dev/null
@@ -1,1783 +0,0 @@
-// mkerrors.sh -m32
-// Code generated by the command above; see README.md. DO NOT EDIT.
-
-// +build 386,darwin
-
-// Created by cgo -godefs - DO NOT EDIT
-// cgo -godefs -- -m32 _const.go
-
-package unix
-
-import "syscall"
-
-const (
-	AF_APPLETALK                      = 0x10
-	AF_CCITT                          = 0xa
-	AF_CHAOS                          = 0x5
-	AF_CNT                            = 0x15
-	AF_COIP                           = 0x14
-	AF_DATAKIT                        = 0x9
-	AF_DECnet                         = 0xc
-	AF_DLI                            = 0xd
-	AF_E164                           = 0x1c
-	AF_ECMA                           = 0x8
-	AF_HYLINK                         = 0xf
-	AF_IEEE80211                      = 0x25
-	AF_IMPLINK                        = 0x3
-	AF_INET                           = 0x2
-	AF_INET6                          = 0x1e
-	AF_IPX                            = 0x17
-	AF_ISDN                           = 0x1c
-	AF_ISO                            = 0x7
-	AF_LAT                            = 0xe
-	AF_LINK                           = 0x12
-	AF_LOCAL                          = 0x1
-	AF_MAX                            = 0x28
-	AF_NATM                           = 0x1f
-	AF_NDRV                           = 0x1b
-	AF_NETBIOS                        = 0x21
-	AF_NS                             = 0x6
-	AF_OSI                            = 0x7
-	AF_PPP                            = 0x22
-	AF_PUP                            = 0x4
-	AF_RESERVED_36                    = 0x24
-	AF_ROUTE                          = 0x11
-	AF_SIP                            = 0x18
-	AF_SNA                            = 0xb
-	AF_SYSTEM                         = 0x20
-	AF_UNIX                           = 0x1
-	AF_UNSPEC                         = 0x0
-	AF_UTUN                           = 0x26
-	ALTWERASE                         = 0x200
-	ATTR_BIT_MAP_COUNT                = 0x5
-	ATTR_CMN_ACCESSMASK               = 0x20000
-	ATTR_CMN_ACCTIME                  = 0x1000
-	ATTR_CMN_ADDEDTIME                = 0x10000000
-	ATTR_CMN_BKUPTIME                 = 0x2000
-	ATTR_CMN_CHGTIME                  = 0x800
-	ATTR_CMN_CRTIME                   = 0x200
-	ATTR_CMN_DATA_PROTECT_FLAGS       = 0x40000000
-	ATTR_CMN_DEVID                    = 0x2
-	ATTR_CMN_DOCUMENT_ID              = 0x100000
-	ATTR_CMN_ERROR                    = 0x20000000
-	ATTR_CMN_EXTENDED_SECURITY        = 0x400000
-	ATTR_CMN_FILEID                   = 0x2000000
-	ATTR_CMN_FLAGS                    = 0x40000
-	ATTR_CMN_FNDRINFO                 = 0x4000
-	ATTR_CMN_FSID                     = 0x4
-	ATTR_CMN_FULLPATH                 = 0x8000000
-	ATTR_CMN_GEN_COUNT                = 0x80000
-	ATTR_CMN_GRPID                    = 0x10000
-	ATTR_CMN_GRPUUID                  = 0x1000000
-	ATTR_CMN_MODTIME                  = 0x400
-	ATTR_CMN_NAME                     = 0x1
-	ATTR_CMN_NAMEDATTRCOUNT           = 0x80000
-	ATTR_CMN_NAMEDATTRLIST            = 0x100000
-	ATTR_CMN_OBJID                    = 0x20
-	ATTR_CMN_OBJPERMANENTID           = 0x40
-	ATTR_CMN_OBJTAG                   = 0x10
-	ATTR_CMN_OBJTYPE                  = 0x8
-	ATTR_CMN_OWNERID                  = 0x8000
-	ATTR_CMN_PARENTID                 = 0x4000000
-	ATTR_CMN_PAROBJID                 = 0x80
-	ATTR_CMN_RETURNED_ATTRS           = 0x80000000
-	ATTR_CMN_SCRIPT                   = 0x100
-	ATTR_CMN_SETMASK                  = 0x41c7ff00
-	ATTR_CMN_USERACCESS               = 0x200000
-	ATTR_CMN_UUID                     = 0x800000
-	ATTR_CMN_VALIDMASK                = 0xffffffff
-	ATTR_CMN_VOLSETMASK               = 0x6700
-	ATTR_FILE_ALLOCSIZE               = 0x4
-	ATTR_FILE_CLUMPSIZE               = 0x10
-	ATTR_FILE_DATAALLOCSIZE           = 0x400
-	ATTR_FILE_DATAEXTENTS             = 0x800
-	ATTR_FILE_DATALENGTH              = 0x200
-	ATTR_FILE_DEVTYPE                 = 0x20
-	ATTR_FILE_FILETYPE                = 0x40
-	ATTR_FILE_FORKCOUNT               = 0x80
-	ATTR_FILE_FORKLIST                = 0x100
-	ATTR_FILE_IOBLOCKSIZE             = 0x8
-	ATTR_FILE_LINKCOUNT               = 0x1
-	ATTR_FILE_RSRCALLOCSIZE           = 0x2000
-	ATTR_FILE_RSRCEXTENTS             = 0x4000
-	ATTR_FILE_RSRCLENGTH              = 0x1000
-	ATTR_FILE_SETMASK                 = 0x20
-	ATTR_FILE_TOTALSIZE               = 0x2
-	ATTR_FILE_VALIDMASK               = 0x37ff
-	ATTR_VOL_ALLOCATIONCLUMP          = 0x40
-	ATTR_VOL_ATTRIBUTES               = 0x40000000
-	ATTR_VOL_CAPABILITIES             = 0x20000
-	ATTR_VOL_DIRCOUNT                 = 0x400
-	ATTR_VOL_ENCODINGSUSED            = 0x10000
-	ATTR_VOL_FILECOUNT                = 0x200
-	ATTR_VOL_FSTYPE                   = 0x1
-	ATTR_VOL_INFO                     = 0x80000000
-	ATTR_VOL_IOBLOCKSIZE              = 0x80
-	ATTR_VOL_MAXOBJCOUNT              = 0x800
-	ATTR_VOL_MINALLOCATION            = 0x20
-	ATTR_VOL_MOUNTEDDEVICE            = 0x8000
-	ATTR_VOL_MOUNTFLAGS               = 0x4000
-	ATTR_VOL_MOUNTPOINT               = 0x1000
-	ATTR_VOL_NAME                     = 0x2000
-	ATTR_VOL_OBJCOUNT                 = 0x100
-	ATTR_VOL_QUOTA_SIZE               = 0x10000000
-	ATTR_VOL_RESERVED_SIZE            = 0x20000000
-	ATTR_VOL_SETMASK                  = 0x80002000
-	ATTR_VOL_SIGNATURE                = 0x2
-	ATTR_VOL_SIZE                     = 0x4
-	ATTR_VOL_SPACEAVAIL               = 0x10
-	ATTR_VOL_SPACEFREE                = 0x8
-	ATTR_VOL_UUID                     = 0x40000
-	ATTR_VOL_VALIDMASK                = 0xf007ffff
-	B0                                = 0x0
-	B110                              = 0x6e
-	B115200                           = 0x1c200
-	B1200                             = 0x4b0
-	B134                              = 0x86
-	B14400                            = 0x3840
-	B150                              = 0x96
-	B1800                             = 0x708
-	B19200                            = 0x4b00
-	B200                              = 0xc8
-	B230400                           = 0x38400
-	B2400                             = 0x960
-	B28800                            = 0x7080
-	B300                              = 0x12c
-	B38400                            = 0x9600
-	B4800                             = 0x12c0
-	B50                               = 0x32
-	B57600                            = 0xe100
-	B600                              = 0x258
-	B7200                             = 0x1c20
-	B75                               = 0x4b
-	B76800                            = 0x12c00
-	B9600                             = 0x2580
-	BIOCFLUSH                         = 0x20004268
-	BIOCGBLEN                         = 0x40044266
-	BIOCGDLT                          = 0x4004426a
-	BIOCGDLTLIST                      = 0xc00c4279
-	BIOCGETIF                         = 0x4020426b
-	BIOCGHDRCMPLT                     = 0x40044274
-	BIOCGRSIG                         = 0x40044272
-	BIOCGRTIMEOUT                     = 0x4008426e
-	BIOCGSEESENT                      = 0x40044276
-	BIOCGSTATS                        = 0x4008426f
-	BIOCIMMEDIATE                     = 0x80044270
-	BIOCPROMISC                       = 0x20004269
-	BIOCSBLEN                         = 0xc0044266
-	BIOCSDLT                          = 0x80044278
-	BIOCSETF                          = 0x80084267
-	BIOCSETFNR                        = 0x8008427e
-	BIOCSETIF                         = 0x8020426c
-	BIOCSHDRCMPLT                     = 0x80044275
-	BIOCSRSIG                         = 0x80044273
-	BIOCSRTIMEOUT                     = 0x8008426d
-	BIOCSSEESENT                      = 0x80044277
-	BIOCVERSION                       = 0x40044271
-	BPF_A                             = 0x10
-	BPF_ABS                           = 0x20
-	BPF_ADD                           = 0x0
-	BPF_ALIGNMENT                     = 0x4
-	BPF_ALU                           = 0x4
-	BPF_AND                           = 0x50
-	BPF_B                             = 0x10
-	BPF_DIV                           = 0x30
-	BPF_H                             = 0x8
-	BPF_IMM                           = 0x0
-	BPF_IND                           = 0x40
-	BPF_JA                            = 0x0
-	BPF_JEQ                           = 0x10
-	BPF_JGE                           = 0x30
-	BPF_JGT                           = 0x20
-	BPF_JMP                           = 0x5
-	BPF_JSET                          = 0x40
-	BPF_K                             = 0x0
-	BPF_LD                            = 0x0
-	BPF_LDX                           = 0x1
-	BPF_LEN                           = 0x80
-	BPF_LSH                           = 0x60
-	BPF_MAJOR_VERSION                 = 0x1
-	BPF_MAXBUFSIZE                    = 0x80000
-	BPF_MAXINSNS                      = 0x200
-	BPF_MEM                           = 0x60
-	BPF_MEMWORDS                      = 0x10
-	BPF_MINBUFSIZE                    = 0x20
-	BPF_MINOR_VERSION                 = 0x1
-	BPF_MISC                          = 0x7
-	BPF_MSH                           = 0xa0
-	BPF_MUL                           = 0x20
-	BPF_NEG                           = 0x80
-	BPF_OR                            = 0x40
-	BPF_RELEASE                       = 0x30bb6
-	BPF_RET                           = 0x6
-	BPF_RSH                           = 0x70
-	BPF_ST                            = 0x2
-	BPF_STX                           = 0x3
-	BPF_SUB                           = 0x10
-	BPF_TAX                           = 0x0
-	BPF_TXA                           = 0x80
-	BPF_W                             = 0x0
-	BPF_X                             = 0x8
-	BRKINT                            = 0x2
-	BS0                               = 0x0
-	BS1                               = 0x8000
-	BSDLY                             = 0x8000
-	CFLUSH                            = 0xf
-	CLOCAL                            = 0x8000
-	CLOCK_MONOTONIC                   = 0x6
-	CLOCK_MONOTONIC_RAW               = 0x4
-	CLOCK_MONOTONIC_RAW_APPROX        = 0x5
-	CLOCK_PROCESS_CPUTIME_ID          = 0xc
-	CLOCK_REALTIME                    = 0x0
-	CLOCK_THREAD_CPUTIME_ID           = 0x10
-	CLOCK_UPTIME_RAW                  = 0x8
-	CLOCK_UPTIME_RAW_APPROX           = 0x9
-	CR0                               = 0x0
-	CR1                               = 0x1000
-	CR2                               = 0x2000
-	CR3                               = 0x3000
-	CRDLY                             = 0x3000
-	CREAD                             = 0x800
-	CRTSCTS                           = 0x30000
-	CS5                               = 0x0
-	CS6                               = 0x100
-	CS7                               = 0x200
-	CS8                               = 0x300
-	CSIZE                             = 0x300
-	CSTART                            = 0x11
-	CSTATUS                           = 0x14
-	CSTOP                             = 0x13
-	CSTOPB                            = 0x400
-	CSUSP                             = 0x1a
-	CTL_HW                            = 0x6
-	CTL_KERN                          = 0x1
-	CTL_MAXNAME                       = 0xc
-	CTL_NET                           = 0x4
-	DLT_A429                          = 0xb8
-	DLT_A653_ICM                      = 0xb9
-	DLT_AIRONET_HEADER                = 0x78
-	DLT_AOS                           = 0xde
-	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
-	DLT_ARCNET                        = 0x7
-	DLT_ARCNET_LINUX                  = 0x81
-	DLT_ATM_CLIP                      = 0x13
-	DLT_ATM_RFC1483                   = 0xb
-	DLT_AURORA                        = 0x7e
-	DLT_AX25                          = 0x3
-	DLT_AX25_KISS                     = 0xca
-	DLT_BACNET_MS_TP                  = 0xa5
-	DLT_BLUETOOTH_HCI_H4              = 0xbb
-	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
-	DLT_CAN20B                        = 0xbe
-	DLT_CAN_SOCKETCAN                 = 0xe3
-	DLT_CHAOS                         = 0x5
-	DLT_CHDLC                         = 0x68
-	DLT_CISCO_IOS                     = 0x76
-	DLT_C_HDLC                        = 0x68
-	DLT_C_HDLC_WITH_DIR               = 0xcd
-	DLT_DBUS                          = 0xe7
-	DLT_DECT                          = 0xdd
-	DLT_DOCSIS                        = 0x8f
-	DLT_DVB_CI                        = 0xeb
-	DLT_ECONET                        = 0x73
-	DLT_EN10MB                        = 0x1
-	DLT_EN3MB                         = 0x2
-	DLT_ENC                           = 0x6d
-	DLT_ERF                           = 0xc5
-	DLT_ERF_ETH                       = 0xaf
-	DLT_ERF_POS                       = 0xb0
-	DLT_FC_2                          = 0xe0
-	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
-	DLT_FDDI                          = 0xa
-	DLT_FLEXRAY                       = 0xd2
-	DLT_FRELAY                        = 0x6b
-	DLT_FRELAY_WITH_DIR               = 0xce
-	DLT_GCOM_SERIAL                   = 0xad
-	DLT_GCOM_T1E1                     = 0xac
-	DLT_GPF_F                         = 0xab
-	DLT_GPF_T                         = 0xaa
-	DLT_GPRS_LLC                      = 0xa9
-	DLT_GSMTAP_ABIS                   = 0xda
-	DLT_GSMTAP_UM                     = 0xd9
-	DLT_HHDLC                         = 0x79
-	DLT_IBM_SN                        = 0x92
-	DLT_IBM_SP                        = 0x91
-	DLT_IEEE802                       = 0x6
-	DLT_IEEE802_11                    = 0x69
-	DLT_IEEE802_11_RADIO              = 0x7f
-	DLT_IEEE802_11_RADIO_AVS          = 0xa3
-	DLT_IEEE802_15_4                  = 0xc3
-	DLT_IEEE802_15_4_LINUX            = 0xbf
-	DLT_IEEE802_15_4_NOFCS            = 0xe6
-	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
-	DLT_IEEE802_16_MAC_CPS            = 0xbc
-	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
-	DLT_IPFILTER                      = 0x74
-	DLT_IPMB                          = 0xc7
-	DLT_IPMB_LINUX                    = 0xd1
-	DLT_IPNET                         = 0xe2
-	DLT_IPOIB                         = 0xf2
-	DLT_IPV4                          = 0xe4
-	DLT_IPV6                          = 0xe5
-	DLT_IP_OVER_FC                    = 0x7a
-	DLT_JUNIPER_ATM1                  = 0x89
-	DLT_JUNIPER_ATM2                  = 0x87
-	DLT_JUNIPER_ATM_CEMIC             = 0xee
-	DLT_JUNIPER_CHDLC                 = 0xb5
-	DLT_JUNIPER_ES                    = 0x84
-	DLT_JUNIPER_ETHER                 = 0xb2
-	DLT_JUNIPER_FIBRECHANNEL          = 0xea
-	DLT_JUNIPER_FRELAY                = 0xb4
-	DLT_JUNIPER_GGSN                  = 0x85
-	DLT_JUNIPER_ISM                   = 0xc2
-	DLT_JUNIPER_MFR                   = 0x86
-	DLT_JUNIPER_MLFR                  = 0x83
-	DLT_JUNIPER_MLPPP                 = 0x82
-	DLT_JUNIPER_MONITOR               = 0xa4
-	DLT_JUNIPER_PIC_PEER              = 0xae
-	DLT_JUNIPER_PPP                   = 0xb3
-	DLT_JUNIPER_PPPOE                 = 0xa7
-	DLT_JUNIPER_PPPOE_ATM             = 0xa8
-	DLT_JUNIPER_SERVICES              = 0x88
-	DLT_JUNIPER_SRX_E2E               = 0xe9
-	DLT_JUNIPER_ST                    = 0xc8
-	DLT_JUNIPER_VP                    = 0xb7
-	DLT_JUNIPER_VS                    = 0xe8
-	DLT_LAPB_WITH_DIR                 = 0xcf
-	DLT_LAPD                          = 0xcb
-	DLT_LIN                           = 0xd4
-	DLT_LINUX_EVDEV                   = 0xd8
-	DLT_LINUX_IRDA                    = 0x90
-	DLT_LINUX_LAPD                    = 0xb1
-	DLT_LINUX_PPP_WITHDIRECTION       = 0xa6
-	DLT_LINUX_SLL                     = 0x71
-	DLT_LOOP                          = 0x6c
-	DLT_LTALK                         = 0x72
-	DLT_MATCHING_MAX                  = 0xf5
-	DLT_MATCHING_MIN                  = 0x68
-	DLT_MFR                           = 0xb6
-	DLT_MOST                          = 0xd3
-	DLT_MPEG_2_TS                     = 0xf3
-	DLT_MPLS                          = 0xdb
-	DLT_MTP2                          = 0x8c
-	DLT_MTP2_WITH_PHDR                = 0x8b
-	DLT_MTP3                          = 0x8d
-	DLT_MUX27010                      = 0xec
-	DLT_NETANALYZER                   = 0xf0
-	DLT_NETANALYZER_TRANSPARENT       = 0xf1
-	DLT_NFC_LLCP                      = 0xf5
-	DLT_NFLOG                         = 0xef
-	DLT_NG40                          = 0xf4
-	DLT_NULL                          = 0x0
-	DLT_PCI_EXP                       = 0x7d
-	DLT_PFLOG                         = 0x75
-	DLT_PFSYNC                        = 0x12
-	DLT_PPI                           = 0xc0
-	DLT_PPP                           = 0x9
-	DLT_PPP_BSDOS                     = 0x10
-	DLT_PPP_ETHER                     = 0x33
-	DLT_PPP_PPPD                      = 0xa6
-	DLT_PPP_SERIAL                    = 0x32
-	DLT_PPP_WITH_DIR                  = 0xcc
-	DLT_PPP_WITH_DIRECTION            = 0xa6
-	DLT_PRISM_HEADER                  = 0x77
-	DLT_PRONET                        = 0x4
-	DLT_RAIF1                         = 0xc6
-	DLT_RAW                           = 0xc
-	DLT_RIO                           = 0x7c
-	DLT_SCCP                          = 0x8e
-	DLT_SITA                          = 0xc4
-	DLT_SLIP                          = 0x8
-	DLT_SLIP_BSDOS                    = 0xf
-	DLT_STANAG_5066_D_PDU             = 0xed
-	DLT_SUNATM                        = 0x7b
-	DLT_SYMANTEC_FIREWALL             = 0x63
-	DLT_TZSP                          = 0x80
-	DLT_USB                           = 0xba
-	DLT_USB_LINUX                     = 0xbd
-	DLT_USB_LINUX_MMAPPED             = 0xdc
-	DLT_USER0                         = 0x93
-	DLT_USER1                         = 0x94
-	DLT_USER10                        = 0x9d
-	DLT_USER11                        = 0x9e
-	DLT_USER12                        = 0x9f
-	DLT_USER13                        = 0xa0
-	DLT_USER14                        = 0xa1
-	DLT_USER15                        = 0xa2
-	DLT_USER2                         = 0x95
-	DLT_USER3                         = 0x96
-	DLT_USER4                         = 0x97
-	DLT_USER5                         = 0x98
-	DLT_USER6                         = 0x99
-	DLT_USER7                         = 0x9a
-	DLT_USER8                         = 0x9b
-	DLT_USER9                         = 0x9c
-	DLT_WIHART                        = 0xdf
-	DLT_X2E_SERIAL                    = 0xd5
-	DLT_X2E_XORAYA                    = 0xd6
-	DT_BLK                            = 0x6
-	DT_CHR                            = 0x2
-	DT_DIR                            = 0x4
-	DT_FIFO                           = 0x1
-	DT_LNK                            = 0xa
-	DT_REG                            = 0x8
-	DT_SOCK                           = 0xc
-	DT_UNKNOWN                        = 0x0
-	DT_WHT                            = 0xe
-	ECHO                              = 0x8
-	ECHOCTL                           = 0x40
-	ECHOE                             = 0x2
-	ECHOK                             = 0x4
-	ECHOKE                            = 0x1
-	ECHONL                            = 0x10
-	ECHOPRT                           = 0x20
-	EVFILT_AIO                        = -0x3
-	EVFILT_EXCEPT                     = -0xf
-	EVFILT_FS                         = -0x9
-	EVFILT_MACHPORT                   = -0x8
-	EVFILT_PROC                       = -0x5
-	EVFILT_READ                       = -0x1
-	EVFILT_SIGNAL                     = -0x6
-	EVFILT_SYSCOUNT                   = 0xf
-	EVFILT_THREADMARKER               = 0xf
-	EVFILT_TIMER                      = -0x7
-	EVFILT_USER                       = -0xa
-	EVFILT_VM                         = -0xc
-	EVFILT_VNODE                      = -0x4
-	EVFILT_WRITE                      = -0x2
-	EV_ADD                            = 0x1
-	EV_CLEAR                          = 0x20
-	EV_DELETE                         = 0x2
-	EV_DISABLE                        = 0x8
-	EV_DISPATCH                       = 0x80
-	EV_DISPATCH2                      = 0x180
-	EV_ENABLE                         = 0x4
-	EV_EOF                            = 0x8000
-	EV_ERROR                          = 0x4000
-	EV_FLAG0                          = 0x1000
-	EV_FLAG1                          = 0x2000
-	EV_ONESHOT                        = 0x10
-	EV_OOBAND                         = 0x2000
-	EV_POLL                           = 0x1000
-	EV_RECEIPT                        = 0x40
-	EV_SYSFLAGS                       = 0xf000
-	EV_UDATA_SPECIFIC                 = 0x100
-	EV_VANISHED                       = 0x200
-	EXTA                              = 0x4b00
-	EXTB                              = 0x9600
-	EXTPROC                           = 0x800
-	FD_CLOEXEC                        = 0x1
-	FD_SETSIZE                        = 0x400
-	FF0                               = 0x0
-	FF1                               = 0x4000
-	FFDLY                             = 0x4000
-	FLUSHO                            = 0x800000
-	FSOPT_ATTR_CMN_EXTENDED           = 0x20
-	FSOPT_NOFOLLOW                    = 0x1
-	FSOPT_NOINMEMUPDATE               = 0x2
-	FSOPT_PACK_INVAL_ATTRS            = 0x8
-	FSOPT_REPORT_FULLSIZE             = 0x4
-	F_ADDFILESIGS                     = 0x3d
-	F_ADDFILESIGS_FOR_DYLD_SIM        = 0x53
-	F_ADDFILESIGS_RETURN              = 0x61
-	F_ADDSIGS                         = 0x3b
-	F_ALLOCATEALL                     = 0x4
-	F_ALLOCATECONTIG                  = 0x2
-	F_BARRIERFSYNC                    = 0x55
-	F_CHECK_LV                        = 0x62
-	F_CHKCLEAN                        = 0x29
-	F_DUPFD                           = 0x0
-	F_DUPFD_CLOEXEC                   = 0x43
-	F_FINDSIGS                        = 0x4e
-	F_FLUSH_DATA                      = 0x28
-	F_FREEZE_FS                       = 0x35
-	F_FULLFSYNC                       = 0x33
-	F_GETCODEDIR                      = 0x48
-	F_GETFD                           = 0x1
-	F_GETFL                           = 0x3
-	F_GETLK                           = 0x7
-	F_GETLKPID                        = 0x42
-	F_GETNOSIGPIPE                    = 0x4a
-	F_GETOWN                          = 0x5
-	F_GETPATH                         = 0x32
-	F_GETPATH_MTMINFO                 = 0x47
-	F_GETPROTECTIONCLASS              = 0x3f
-	F_GETPROTECTIONLEVEL              = 0x4d
-	F_GLOBAL_NOCACHE                  = 0x37
-	F_LOG2PHYS                        = 0x31
-	F_LOG2PHYS_EXT                    = 0x41
-	F_NOCACHE                         = 0x30
-	F_NODIRECT                        = 0x3e
-	F_OK                              = 0x0
-	F_PATHPKG_CHECK                   = 0x34
-	F_PEOFPOSMODE                     = 0x3
-	F_PREALLOCATE                     = 0x2a
-	F_PUNCHHOLE                       = 0x63
-	F_RDADVISE                        = 0x2c
-	F_RDAHEAD                         = 0x2d
-	F_RDLCK                           = 0x1
-	F_SETBACKINGSTORE                 = 0x46
-	F_SETFD                           = 0x2
-	F_SETFL                           = 0x4
-	F_SETLK                           = 0x8
-	F_SETLKW                          = 0x9
-	F_SETLKWTIMEOUT                   = 0xa
-	F_SETNOSIGPIPE                    = 0x49
-	F_SETOWN                          = 0x6
-	F_SETPROTECTIONCLASS              = 0x40
-	F_SETSIZE                         = 0x2b
-	F_SINGLE_WRITER                   = 0x4c
-	F_THAW_FS                         = 0x36
-	F_TRANSCODEKEY                    = 0x4b
-	F_TRIM_ACTIVE_FILE                = 0x64
-	F_UNLCK                           = 0x2
-	F_VOLPOSMODE                      = 0x4
-	F_WRLCK                           = 0x3
-	HUPCL                             = 0x4000
-	HW_MACHINE                        = 0x1
-	ICANON                            = 0x100
-	ICMP6_FILTER                      = 0x12
-	ICRNL                             = 0x100
-	IEXTEN                            = 0x400
-	IFF_ALLMULTI                      = 0x200
-	IFF_ALTPHYS                       = 0x4000
-	IFF_BROADCAST                     = 0x2
-	IFF_DEBUG                         = 0x4
-	IFF_LINK0                         = 0x1000
-	IFF_LINK1                         = 0x2000
-	IFF_LINK2                         = 0x4000
-	IFF_LOOPBACK                      = 0x8
-	IFF_MULTICAST                     = 0x8000
-	IFF_NOARP                         = 0x80
-	IFF_NOTRAILERS                    = 0x20
-	IFF_OACTIVE                       = 0x400
-	IFF_POINTOPOINT                   = 0x10
-	IFF_PROMISC                       = 0x100
-	IFF_RUNNING                       = 0x40
-	IFF_SIMPLEX                       = 0x800
-	IFF_UP                            = 0x1
-	IFNAMSIZ                          = 0x10
-	IFT_1822                          = 0x2
-	IFT_AAL5                          = 0x31
-	IFT_ARCNET                        = 0x23
-	IFT_ARCNETPLUS                    = 0x24
-	IFT_ATM                           = 0x25
-	IFT_BRIDGE                        = 0xd1
-	IFT_CARP                          = 0xf8
-	IFT_CELLULAR                      = 0xff
-	IFT_CEPT                          = 0x13
-	IFT_DS3                           = 0x1e
-	IFT_ENC                           = 0xf4
-	IFT_EON                           = 0x19
-	IFT_ETHER                         = 0x6
-	IFT_FAITH                         = 0x38
-	IFT_FDDI                          = 0xf
-	IFT_FRELAY                        = 0x20
-	IFT_FRELAYDCE                     = 0x2c
-	IFT_GIF                           = 0x37
-	IFT_HDH1822                       = 0x3
-	IFT_HIPPI                         = 0x2f
-	IFT_HSSI                          = 0x2e
-	IFT_HY                            = 0xe
-	IFT_IEEE1394                      = 0x90
-	IFT_IEEE8023ADLAG                 = 0x88
-	IFT_ISDNBASIC                     = 0x14
-	IFT_ISDNPRIMARY                   = 0x15
-	IFT_ISO88022LLC                   = 0x29
-	IFT_ISO88023                      = 0x7
-	IFT_ISO88024                      = 0x8
-	IFT_ISO88025                      = 0x9
-	IFT_ISO88026                      = 0xa
-	IFT_L2VLAN                        = 0x87
-	IFT_LAPB                          = 0x10
-	IFT_LOCALTALK                     = 0x2a
-	IFT_LOOP                          = 0x18
-	IFT_MIOX25                        = 0x26
-	IFT_MODEM                         = 0x30
-	IFT_NSIP                          = 0x1b
-	IFT_OTHER                         = 0x1
-	IFT_P10                           = 0xc
-	IFT_P80                           = 0xd
-	IFT_PARA                          = 0x22
-	IFT_PDP                           = 0xff
-	IFT_PFLOG                         = 0xf5
-	IFT_PFSYNC                        = 0xf6
-	IFT_PKTAP                         = 0xfe
-	IFT_PPP                           = 0x17
-	IFT_PROPMUX                       = 0x36
-	IFT_PROPVIRTUAL                   = 0x35
-	IFT_PTPSERIAL                     = 0x16
-	IFT_RS232                         = 0x21
-	IFT_SDLC                          = 0x11
-	IFT_SIP                           = 0x1f
-	IFT_SLIP                          = 0x1c
-	IFT_SMDSDXI                       = 0x2b
-	IFT_SMDSICIP                      = 0x34
-	IFT_SONET                         = 0x27
-	IFT_SONETPATH                     = 0x32
-	IFT_SONETVT                       = 0x33
-	IFT_STARLAN                       = 0xb
-	IFT_STF                           = 0x39
-	IFT_T1                            = 0x12
-	IFT_ULTRA                         = 0x1d
-	IFT_V35                           = 0x2d
-	IFT_X25                           = 0x5
-	IFT_X25DDN                        = 0x4
-	IFT_X25PLE                        = 0x28
-	IFT_XETHER                        = 0x1a
-	IGNBRK                            = 0x1
-	IGNCR                             = 0x80
-	IGNPAR                            = 0x4
-	IMAXBEL                           = 0x2000
-	INLCR                             = 0x40
-	INPCK                             = 0x10
-	IN_CLASSA_HOST                    = 0xffffff
-	IN_CLASSA_MAX                     = 0x80
-	IN_CLASSA_NET                     = 0xff000000
-	IN_CLASSA_NSHIFT                  = 0x18
-	IN_CLASSB_HOST                    = 0xffff
-	IN_CLASSB_MAX                     = 0x10000
-	IN_CLASSB_NET                     = 0xffff0000
-	IN_CLASSB_NSHIFT                  = 0x10
-	IN_CLASSC_HOST                    = 0xff
-	IN_CLASSC_NET                     = 0xffffff00
-	IN_CLASSC_NSHIFT                  = 0x8
-	IN_CLASSD_HOST                    = 0xfffffff
-	IN_CLASSD_NET                     = 0xf0000000
-	IN_CLASSD_NSHIFT                  = 0x1c
-	IN_LINKLOCALNETNUM                = 0xa9fe0000
-	IN_LOOPBACKNET                    = 0x7f
-	IPPROTO_3PC                       = 0x22
-	IPPROTO_ADFS                      = 0x44
-	IPPROTO_AH                        = 0x33
-	IPPROTO_AHIP                      = 0x3d
-	IPPROTO_APES                      = 0x63
-	IPPROTO_ARGUS                     = 0xd
-	IPPROTO_AX25                      = 0x5d
-	IPPROTO_BHA                       = 0x31
-	IPPROTO_BLT                       = 0x1e
-	IPPROTO_BRSATMON                  = 0x4c
-	IPPROTO_CFTP                      = 0x3e
-	IPPROTO_CHAOS                     = 0x10
-	IPPROTO_CMTP                      = 0x26
-	IPPROTO_CPHB                      = 0x49
-	IPPROTO_CPNX                      = 0x48
-	IPPROTO_DDP                       = 0x25
-	IPPROTO_DGP                       = 0x56
-	IPPROTO_DIVERT                    = 0xfe
-	IPPROTO_DONE                      = 0x101
-	IPPROTO_DSTOPTS                   = 0x3c
-	IPPROTO_EGP                       = 0x8
-	IPPROTO_EMCON                     = 0xe
-	IPPROTO_ENCAP                     = 0x62
-	IPPROTO_EON                       = 0x50
-	IPPROTO_ESP                       = 0x32
-	IPPROTO_ETHERIP                   = 0x61
-	IPPROTO_FRAGMENT                  = 0x2c
-	IPPROTO_GGP                       = 0x3
-	IPPROTO_GMTP                      = 0x64
-	IPPROTO_GRE                       = 0x2f
-	IPPROTO_HELLO                     = 0x3f
-	IPPROTO_HMP                       = 0x14
-	IPPROTO_HOPOPTS                   = 0x0
-	IPPROTO_ICMP                      = 0x1
-	IPPROTO_ICMPV6                    = 0x3a
-	IPPROTO_IDP                       = 0x16
-	IPPROTO_IDPR                      = 0x23
-	IPPROTO_IDRP                      = 0x2d
-	IPPROTO_IGMP                      = 0x2
-	IPPROTO_IGP                       = 0x55
-	IPPROTO_IGRP                      = 0x58
-	IPPROTO_IL                        = 0x28
-	IPPROTO_INLSP                     = 0x34
-	IPPROTO_INP                       = 0x20
-	IPPROTO_IP                        = 0x0
-	IPPROTO_IPCOMP                    = 0x6c
-	IPPROTO_IPCV                      = 0x47
-	IPPROTO_IPEIP                     = 0x5e
-	IPPROTO_IPIP                      = 0x4
-	IPPROTO_IPPC                      = 0x43
-	IPPROTO_IPV4                      = 0x4
-	IPPROTO_IPV6                      = 0x29
-	IPPROTO_IRTP                      = 0x1c
-	IPPROTO_KRYPTOLAN                 = 0x41
-	IPPROTO_LARP                      = 0x5b
-	IPPROTO_LEAF1                     = 0x19
-	IPPROTO_LEAF2                     = 0x1a
-	IPPROTO_MAX                       = 0x100
-	IPPROTO_MAXID                     = 0x34
-	IPPROTO_MEAS                      = 0x13
-	IPPROTO_MHRP                      = 0x30
-	IPPROTO_MICP                      = 0x5f
-	IPPROTO_MTP                       = 0x5c
-	IPPROTO_MUX                       = 0x12
-	IPPROTO_ND                        = 0x4d
-	IPPROTO_NHRP                      = 0x36
-	IPPROTO_NONE                      = 0x3b
-	IPPROTO_NSP                       = 0x1f
-	IPPROTO_NVPII                     = 0xb
-	IPPROTO_OSPFIGP                   = 0x59
-	IPPROTO_PGM                       = 0x71
-	IPPROTO_PIGP                      = 0x9
-	IPPROTO_PIM                       = 0x67
-	IPPROTO_PRM                       = 0x15
-	IPPROTO_PUP                       = 0xc
-	IPPROTO_PVP                       = 0x4b
-	IPPROTO_RAW                       = 0xff
-	IPPROTO_RCCMON                    = 0xa
-	IPPROTO_RDP                       = 0x1b
-	IPPROTO_ROUTING                   = 0x2b
-	IPPROTO_RSVP                      = 0x2e
-	IPPROTO_RVD                       = 0x42
-	IPPROTO_SATEXPAK                  = 0x40
-	IPPROTO_SATMON                    = 0x45
-	IPPROTO_SCCSP                     = 0x60
-	IPPROTO_SCTP                      = 0x84
-	IPPROTO_SDRP                      = 0x2a
-	IPPROTO_SEP                       = 0x21
-	IPPROTO_SRPC                      = 0x5a
-	IPPROTO_ST                        = 0x7
-	IPPROTO_SVMTP                     = 0x52
-	IPPROTO_SWIPE                     = 0x35
-	IPPROTO_TCF                       = 0x57
-	IPPROTO_TCP                       = 0x6
-	IPPROTO_TP                        = 0x1d
-	IPPROTO_TPXX                      = 0x27
-	IPPROTO_TRUNK1                    = 0x17
-	IPPROTO_TRUNK2                    = 0x18
-	IPPROTO_TTP                       = 0x54
-	IPPROTO_UDP                       = 0x11
-	IPPROTO_VINES                     = 0x53
-	IPPROTO_VISA                      = 0x46
-	IPPROTO_VMTP                      = 0x51
-	IPPROTO_WBEXPAK                   = 0x4f
-	IPPROTO_WBMON                     = 0x4e
-	IPPROTO_WSN                       = 0x4a
-	IPPROTO_XNET                      = 0xf
-	IPPROTO_XTP                       = 0x24
-	IPV6_2292DSTOPTS                  = 0x17
-	IPV6_2292HOPLIMIT                 = 0x14
-	IPV6_2292HOPOPTS                  = 0x16
-	IPV6_2292NEXTHOP                  = 0x15
-	IPV6_2292PKTINFO                  = 0x13
-	IPV6_2292PKTOPTIONS               = 0x19
-	IPV6_2292RTHDR                    = 0x18
-	IPV6_BINDV6ONLY                   = 0x1b
-	IPV6_BOUND_IF                     = 0x7d
-	IPV6_CHECKSUM                     = 0x1a
-	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
-	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
-	IPV6_DEFHLIM                      = 0x40
-	IPV6_FAITH                        = 0x1d
-	IPV6_FLOWINFO_MASK                = 0xffffff0f
-	IPV6_FLOWLABEL_MASK               = 0xffff0f00
-	IPV6_FLOW_ECN_MASK                = 0x300
-	IPV6_FRAGTTL                      = 0x3c
-	IPV6_FW_ADD                       = 0x1e
-	IPV6_FW_DEL                       = 0x1f
-	IPV6_FW_FLUSH                     = 0x20
-	IPV6_FW_GET                       = 0x22
-	IPV6_FW_ZERO                      = 0x21
-	IPV6_HLIMDEC                      = 0x1
-	IPV6_IPSEC_POLICY                 = 0x1c
-	IPV6_JOIN_GROUP                   = 0xc
-	IPV6_LEAVE_GROUP                  = 0xd
-	IPV6_MAXHLIM                      = 0xff
-	IPV6_MAXOPTHDR                    = 0x800
-	IPV6_MAXPACKET                    = 0xffff
-	IPV6_MAX_GROUP_SRC_FILTER         = 0x200
-	IPV6_MAX_MEMBERSHIPS              = 0xfff
-	IPV6_MAX_SOCK_SRC_FILTER          = 0x80
-	IPV6_MIN_MEMBERSHIPS              = 0x1f
-	IPV6_MMTU                         = 0x500
-	IPV6_MULTICAST_HOPS               = 0xa
-	IPV6_MULTICAST_IF                 = 0x9
-	IPV6_MULTICAST_LOOP               = 0xb
-	IPV6_PORTRANGE                    = 0xe
-	IPV6_PORTRANGE_DEFAULT            = 0x0
-	IPV6_PORTRANGE_HIGH               = 0x1
-	IPV6_PORTRANGE_LOW                = 0x2
-	IPV6_RECVTCLASS                   = 0x23
-	IPV6_RTHDR_LOOSE                  = 0x0
-	IPV6_RTHDR_STRICT                 = 0x1
-	IPV6_RTHDR_TYPE_0                 = 0x0
-	IPV6_SOCKOPT_RESERVED1            = 0x3
-	IPV6_TCLASS                       = 0x24
-	IPV6_UNICAST_HOPS                 = 0x4
-	IPV6_V6ONLY                       = 0x1b
-	IPV6_VERSION                      = 0x60
-	IPV6_VERSION_MASK                 = 0xf0
-	IP_ADD_MEMBERSHIP                 = 0xc
-	IP_ADD_SOURCE_MEMBERSHIP          = 0x46
-	IP_BLOCK_SOURCE                   = 0x48
-	IP_BOUND_IF                       = 0x19
-	IP_DEFAULT_MULTICAST_LOOP         = 0x1
-	IP_DEFAULT_MULTICAST_TTL          = 0x1
-	IP_DF                             = 0x4000
-	IP_DROP_MEMBERSHIP                = 0xd
-	IP_DROP_SOURCE_MEMBERSHIP         = 0x47
-	IP_DUMMYNET_CONFIGURE             = 0x3c
-	IP_DUMMYNET_DEL                   = 0x3d
-	IP_DUMMYNET_FLUSH                 = 0x3e
-	IP_DUMMYNET_GET                   = 0x40
-	IP_FAITH                          = 0x16
-	IP_FW_ADD                         = 0x28
-	IP_FW_DEL                         = 0x29
-	IP_FW_FLUSH                       = 0x2a
-	IP_FW_GET                         = 0x2c
-	IP_FW_RESETLOG                    = 0x2d
-	IP_FW_ZERO                        = 0x2b
-	IP_HDRINCL                        = 0x2
-	IP_IPSEC_POLICY                   = 0x15
-	IP_MAXPACKET                      = 0xffff
-	IP_MAX_GROUP_SRC_FILTER           = 0x200
-	IP_MAX_MEMBERSHIPS                = 0xfff
-	IP_MAX_SOCK_MUTE_FILTER           = 0x80
-	IP_MAX_SOCK_SRC_FILTER            = 0x80
-	IP_MF                             = 0x2000
-	IP_MIN_MEMBERSHIPS                = 0x1f
-	IP_MSFILTER                       = 0x4a
-	IP_MSS                            = 0x240
-	IP_MULTICAST_IF                   = 0x9
-	IP_MULTICAST_IFINDEX              = 0x42
-	IP_MULTICAST_LOOP                 = 0xb
-	IP_MULTICAST_TTL                  = 0xa
-	IP_MULTICAST_VIF                  = 0xe
-	IP_NAT__XXX                       = 0x37
-	IP_OFFMASK                        = 0x1fff
-	IP_OLD_FW_ADD                     = 0x32
-	IP_OLD_FW_DEL                     = 0x33
-	IP_OLD_FW_FLUSH                   = 0x34
-	IP_OLD_FW_GET                     = 0x36
-	IP_OLD_FW_RESETLOG                = 0x38
-	IP_OLD_FW_ZERO                    = 0x35
-	IP_OPTIONS                        = 0x1
-	IP_PKTINFO                        = 0x1a
-	IP_PORTRANGE                      = 0x13
-	IP_PORTRANGE_DEFAULT              = 0x0
-	IP_PORTRANGE_HIGH                 = 0x1
-	IP_PORTRANGE_LOW                  = 0x2
-	IP_RECVDSTADDR                    = 0x7
-	IP_RECVIF                         = 0x14
-	IP_RECVOPTS                       = 0x5
-	IP_RECVPKTINFO                    = 0x1a
-	IP_RECVRETOPTS                    = 0x6
-	IP_RECVTOS                        = 0x1b
-	IP_RECVTTL                        = 0x18
-	IP_RETOPTS                        = 0x8
-	IP_RF                             = 0x8000
-	IP_RSVP_OFF                       = 0x10
-	IP_RSVP_ON                        = 0xf
-	IP_RSVP_VIF_OFF                   = 0x12
-	IP_RSVP_VIF_ON                    = 0x11
-	IP_STRIPHDR                       = 0x17
-	IP_TOS                            = 0x3
-	IP_TRAFFIC_MGT_BACKGROUND         = 0x41
-	IP_TTL                            = 0x4
-	IP_UNBLOCK_SOURCE                 = 0x49
-	ISIG                              = 0x80
-	ISTRIP                            = 0x20
-	IUTF8                             = 0x4000
-	IXANY                             = 0x800
-	IXOFF                             = 0x400
-	IXON                              = 0x200
-	KERN_HOSTNAME                     = 0xa
-	KERN_OSRELEASE                    = 0x2
-	KERN_OSTYPE                       = 0x1
-	KERN_VERSION                      = 0x4
-	LOCK_EX                           = 0x2
-	LOCK_NB                           = 0x4
-	LOCK_SH                           = 0x1
-	LOCK_UN                           = 0x8
-	MADV_CAN_REUSE                    = 0x9
-	MADV_DONTNEED                     = 0x4
-	MADV_FREE                         = 0x5
-	MADV_FREE_REUSABLE                = 0x7
-	MADV_FREE_REUSE                   = 0x8
-	MADV_NORMAL                       = 0x0
-	MADV_PAGEOUT                      = 0xa
-	MADV_RANDOM                       = 0x1
-	MADV_SEQUENTIAL                   = 0x2
-	MADV_WILLNEED                     = 0x3
-	MADV_ZERO_WIRED_PAGES             = 0x6
-	MAP_ANON                          = 0x1000
-	MAP_ANONYMOUS                     = 0x1000
-	MAP_COPY                          = 0x2
-	MAP_FILE                          = 0x0
-	MAP_FIXED                         = 0x10
-	MAP_HASSEMAPHORE                  = 0x200
-	MAP_JIT                           = 0x800
-	MAP_NOCACHE                       = 0x400
-	MAP_NOEXTEND                      = 0x100
-	MAP_NORESERVE                     = 0x40
-	MAP_PRIVATE                       = 0x2
-	MAP_RENAME                        = 0x20
-	MAP_RESERVED0080                  = 0x80
-	MAP_RESILIENT_CODESIGN            = 0x2000
-	MAP_RESILIENT_MEDIA               = 0x4000
-	MAP_SHARED                        = 0x1
-	MCL_CURRENT                       = 0x1
-	MCL_FUTURE                        = 0x2
-	MNT_ASYNC                         = 0x40
-	MNT_AUTOMOUNTED                   = 0x400000
-	MNT_CMDFLAGS                      = 0xf0000
-	MNT_CPROTECT                      = 0x80
-	MNT_DEFWRITE                      = 0x2000000
-	MNT_DONTBROWSE                    = 0x100000
-	MNT_DOVOLFS                       = 0x8000
-	MNT_DWAIT                         = 0x4
-	MNT_EXPORTED                      = 0x100
-	MNT_FORCE                         = 0x80000
-	MNT_IGNORE_OWNERSHIP              = 0x200000
-	MNT_JOURNALED                     = 0x800000
-	MNT_LOCAL                         = 0x1000
-	MNT_MULTILABEL                    = 0x4000000
-	MNT_NOATIME                       = 0x10000000
-	MNT_NOBLOCK                       = 0x20000
-	MNT_NODEV                         = 0x10
-	MNT_NOEXEC                        = 0x4
-	MNT_NOSUID                        = 0x8
-	MNT_NOUSERXATTR                   = 0x1000000
-	MNT_NOWAIT                        = 0x2
-	MNT_QUARANTINE                    = 0x400
-	MNT_QUOTA                         = 0x2000
-	MNT_RDONLY                        = 0x1
-	MNT_RELOAD                        = 0x40000
-	MNT_ROOTFS                        = 0x4000
-	MNT_SYNCHRONOUS                   = 0x2
-	MNT_UNION                         = 0x20
-	MNT_UNKNOWNPERMISSIONS            = 0x200000
-	MNT_UPDATE                        = 0x10000
-	MNT_VISFLAGMASK                   = 0x17f0f5ff
-	MNT_WAIT                          = 0x1
-	MSG_CTRUNC                        = 0x20
-	MSG_DONTROUTE                     = 0x4
-	MSG_DONTWAIT                      = 0x80
-	MSG_EOF                           = 0x100
-	MSG_EOR                           = 0x8
-	MSG_FLUSH                         = 0x400
-	MSG_HAVEMORE                      = 0x2000
-	MSG_HOLD                          = 0x800
-	MSG_NEEDSA                        = 0x10000
-	MSG_OOB                           = 0x1
-	MSG_PEEK                          = 0x2
-	MSG_RCVMORE                       = 0x4000
-	MSG_SEND                          = 0x1000
-	MSG_TRUNC                         = 0x10
-	MSG_WAITALL                       = 0x40
-	MSG_WAITSTREAM                    = 0x200
-	MS_ASYNC                          = 0x1
-	MS_DEACTIVATE                     = 0x8
-	MS_INVALIDATE                     = 0x2
-	MS_KILLPAGES                      = 0x4
-	MS_SYNC                           = 0x10
-	NAME_MAX                          = 0xff
-	NET_RT_DUMP                       = 0x1
-	NET_RT_DUMP2                      = 0x7
-	NET_RT_FLAGS                      = 0x2
-	NET_RT_IFLIST                     = 0x3
-	NET_RT_IFLIST2                    = 0x6
-	NET_RT_MAXID                      = 0xa
-	NET_RT_STAT                       = 0x4
-	NET_RT_TRASH                      = 0x5
-	NL0                               = 0x0
-	NL1                               = 0x100
-	NL2                               = 0x200
-	NL3                               = 0x300
-	NLDLY                             = 0x300
-	NOFLSH                            = 0x80000000
-	NOKERNINFO                        = 0x2000000
-	NOTE_ABSOLUTE                     = 0x8
-	NOTE_ATTRIB                       = 0x8
-	NOTE_BACKGROUND                   = 0x40
-	NOTE_CHILD                        = 0x4
-	NOTE_CRITICAL                     = 0x20
-	NOTE_DELETE                       = 0x1
-	NOTE_EXEC                         = 0x20000000
-	NOTE_EXIT                         = 0x80000000
-	NOTE_EXITSTATUS                   = 0x4000000
-	NOTE_EXIT_CSERROR                 = 0x40000
-	NOTE_EXIT_DECRYPTFAIL             = 0x10000
-	NOTE_EXIT_DETAIL                  = 0x2000000
-	NOTE_EXIT_DETAIL_MASK             = 0x70000
-	NOTE_EXIT_MEMORY                  = 0x20000
-	NOTE_EXIT_REPARENTED              = 0x80000
-	NOTE_EXTEND                       = 0x4
-	NOTE_FFAND                        = 0x40000000
-	NOTE_FFCOPY                       = 0xc0000000
-	NOTE_FFCTRLMASK                   = 0xc0000000
-	NOTE_FFLAGSMASK                   = 0xffffff
-	NOTE_FFNOP                        = 0x0
-	NOTE_FFOR                         = 0x80000000
-	NOTE_FORK                         = 0x40000000
-	NOTE_FUNLOCK                      = 0x100
-	NOTE_LEEWAY                       = 0x10
-	NOTE_LINK                         = 0x10
-	NOTE_LOWAT                        = 0x1
-	NOTE_MACH_CONTINUOUS_TIME         = 0x80
-	NOTE_NONE                         = 0x80
-	NOTE_NSECONDS                     = 0x4
-	NOTE_OOB                          = 0x2
-	NOTE_PCTRLMASK                    = -0x100000
-	NOTE_PDATAMASK                    = 0xfffff
-	NOTE_REAP                         = 0x10000000
-	NOTE_RENAME                       = 0x20
-	NOTE_REVOKE                       = 0x40
-	NOTE_SECONDS                      = 0x1
-	NOTE_SIGNAL                       = 0x8000000
-	NOTE_TRACK                        = 0x1
-	NOTE_TRACKERR                     = 0x2
-	NOTE_TRIGGER                      = 0x1000000
-	NOTE_USECONDS                     = 0x2
-	NOTE_VM_ERROR                     = 0x10000000
-	NOTE_VM_PRESSURE                  = 0x80000000
-	NOTE_VM_PRESSURE_SUDDEN_TERMINATE = 0x20000000
-	NOTE_VM_PRESSURE_TERMINATE        = 0x40000000
-	NOTE_WRITE                        = 0x2
-	OCRNL                             = 0x10
-	OFDEL                             = 0x20000
-	OFILL                             = 0x80
-	ONLCR                             = 0x2
-	ONLRET                            = 0x40
-	ONOCR                             = 0x20
-	ONOEOT                            = 0x8
-	OPOST                             = 0x1
-	OXTABS                            = 0x4
-	O_ACCMODE                         = 0x3
-	O_ALERT                           = 0x20000000
-	O_APPEND                          = 0x8
-	O_ASYNC                           = 0x40
-	O_CLOEXEC                         = 0x1000000
-	O_CREAT                           = 0x200
-	O_DIRECTORY                       = 0x100000
-	O_DP_GETRAWENCRYPTED              = 0x1
-	O_DP_GETRAWUNENCRYPTED            = 0x2
-	O_DSYNC                           = 0x400000
-	O_EVTONLY                         = 0x8000
-	O_EXCL                            = 0x800
-	O_EXLOCK                          = 0x20
-	O_FSYNC                           = 0x80
-	O_NDELAY                          = 0x4
-	O_NOCTTY                          = 0x20000
-	O_NOFOLLOW                        = 0x100
-	O_NONBLOCK                        = 0x4
-	O_POPUP                           = 0x80000000
-	O_RDONLY                          = 0x0
-	O_RDWR                            = 0x2
-	O_SHLOCK                          = 0x10
-	O_SYMLINK                         = 0x200000
-	O_SYNC                            = 0x80
-	O_TRUNC                           = 0x400
-	O_WRONLY                          = 0x1
-	PARENB                            = 0x1000
-	PARMRK                            = 0x8
-	PARODD                            = 0x2000
-	PENDIN                            = 0x20000000
-	PRIO_PGRP                         = 0x1
-	PRIO_PROCESS                      = 0x0
-	PRIO_USER                         = 0x2
-	PROT_EXEC                         = 0x4
-	PROT_NONE                         = 0x0
-	PROT_READ                         = 0x1
-	PROT_WRITE                        = 0x2
-	PT_ATTACH                         = 0xa
-	PT_ATTACHEXC                      = 0xe
-	PT_CONTINUE                       = 0x7
-	PT_DENY_ATTACH                    = 0x1f
-	PT_DETACH                         = 0xb
-	PT_FIRSTMACH                      = 0x20
-	PT_FORCEQUOTA                     = 0x1e
-	PT_KILL                           = 0x8
-	PT_READ_D                         = 0x2
-	PT_READ_I                         = 0x1
-	PT_READ_U                         = 0x3
-	PT_SIGEXC                         = 0xc
-	PT_STEP                           = 0x9
-	PT_THUPDATE                       = 0xd
-	PT_TRACE_ME                       = 0x0
-	PT_WRITE_D                        = 0x5
-	PT_WRITE_I                        = 0x4
-	PT_WRITE_U                        = 0x6
-	RLIMIT_AS                         = 0x5
-	RLIMIT_CORE                       = 0x4
-	RLIMIT_CPU                        = 0x0
-	RLIMIT_CPU_USAGE_MONITOR          = 0x2
-	RLIMIT_DATA                       = 0x2
-	RLIMIT_FSIZE                      = 0x1
-	RLIMIT_MEMLOCK                    = 0x6
-	RLIMIT_NOFILE                     = 0x8
-	RLIMIT_NPROC                      = 0x7
-	RLIMIT_RSS                        = 0x5
-	RLIMIT_STACK                      = 0x3
-	RLIM_INFINITY                     = 0x7fffffffffffffff
-	RTAX_AUTHOR                       = 0x6
-	RTAX_BRD                          = 0x7
-	RTAX_DST                          = 0x0
-	RTAX_GATEWAY                      = 0x1
-	RTAX_GENMASK                      = 0x3
-	RTAX_IFA                          = 0x5
-	RTAX_IFP                          = 0x4
-	RTAX_MAX                          = 0x8
-	RTAX_NETMASK                      = 0x2
-	RTA_AUTHOR                        = 0x40
-	RTA_BRD                           = 0x80
-	RTA_DST                           = 0x1
-	RTA_GATEWAY                       = 0x2
-	RTA_GENMASK                       = 0x8
-	RTA_IFA                           = 0x20
-	RTA_IFP                           = 0x10
-	RTA_NETMASK                       = 0x4
-	RTF_BLACKHOLE                     = 0x1000
-	RTF_BROADCAST                     = 0x400000
-	RTF_CLONING                       = 0x100
-	RTF_CONDEMNED                     = 0x2000000
-	RTF_DELCLONE                      = 0x80
-	RTF_DONE                          = 0x40
-	RTF_DYNAMIC                       = 0x10
-	RTF_GATEWAY                       = 0x2
-	RTF_HOST                          = 0x4
-	RTF_IFREF                         = 0x4000000
-	RTF_IFSCOPE                       = 0x1000000
-	RTF_LLINFO                        = 0x400
-	RTF_LOCAL                         = 0x200000
-	RTF_MODIFIED                      = 0x20
-	RTF_MULTICAST                     = 0x800000
-	RTF_NOIFREF                       = 0x2000
-	RTF_PINNED                        = 0x100000
-	RTF_PRCLONING                     = 0x10000
-	RTF_PROTO1                        = 0x8000
-	RTF_PROTO2                        = 0x4000
-	RTF_PROTO3                        = 0x40000
-	RTF_PROXY                         = 0x8000000
-	RTF_REJECT                        = 0x8
-	RTF_ROUTER                        = 0x10000000
-	RTF_STATIC                        = 0x800
-	RTF_UP                            = 0x1
-	RTF_WASCLONED                     = 0x20000
-	RTF_XRESOLVE                      = 0x200
-	RTM_ADD                           = 0x1
-	RTM_CHANGE                        = 0x3
-	RTM_DELADDR                       = 0xd
-	RTM_DELETE                        = 0x2
-	RTM_DELMADDR                      = 0x10
-	RTM_GET                           = 0x4
-	RTM_GET2                          = 0x14
-	RTM_IFINFO                        = 0xe
-	RTM_IFINFO2                       = 0x12
-	RTM_LOCK                          = 0x8
-	RTM_LOSING                        = 0x5
-	RTM_MISS                          = 0x7
-	RTM_NEWADDR                       = 0xc
-	RTM_NEWMADDR                      = 0xf
-	RTM_NEWMADDR2                     = 0x13
-	RTM_OLDADD                        = 0x9
-	RTM_OLDDEL                        = 0xa
-	RTM_REDIRECT                      = 0x6
-	RTM_RESOLVE                       = 0xb
-	RTM_RTTUNIT                       = 0xf4240
-	RTM_VERSION                       = 0x5
-	RTV_EXPIRE                        = 0x4
-	RTV_HOPCOUNT                      = 0x2
-	RTV_MTU                           = 0x1
-	RTV_RPIPE                         = 0x8
-	RTV_RTT                           = 0x40
-	RTV_RTTVAR                        = 0x80
-	RTV_SPIPE                         = 0x10
-	RTV_SSTHRESH                      = 0x20
-	RUSAGE_CHILDREN                   = -0x1
-	RUSAGE_SELF                       = 0x0
-	SCM_CREDS                         = 0x3
-	SCM_RIGHTS                        = 0x1
-	SCM_TIMESTAMP                     = 0x2
-	SCM_TIMESTAMP_MONOTONIC           = 0x4
-	SHUT_RD                           = 0x0
-	SHUT_RDWR                         = 0x2
-	SHUT_WR                           = 0x1
-	SIOCADDMULTI                      = 0x80206931
-	SIOCAIFADDR                       = 0x8040691a
-	SIOCARPIPLL                       = 0xc0206928
-	SIOCATMARK                        = 0x40047307
-	SIOCAUTOADDR                      = 0xc0206926
-	SIOCAUTONETMASK                   = 0x80206927
-	SIOCDELMULTI                      = 0x80206932
-	SIOCDIFADDR                       = 0x80206919
-	SIOCDIFPHYADDR                    = 0x80206941
-	SIOCGDRVSPEC                      = 0xc01c697b
-	SIOCGETVLAN                       = 0xc020697f
-	SIOCGHIWAT                        = 0x40047301
-	SIOCGIFADDR                       = 0xc0206921
-	SIOCGIFALTMTU                     = 0xc0206948
-	SIOCGIFASYNCMAP                   = 0xc020697c
-	SIOCGIFBOND                       = 0xc0206947
-	SIOCGIFBRDADDR                    = 0xc0206923
-	SIOCGIFCAP                        = 0xc020695b
-	SIOCGIFCONF                       = 0xc0086924
-	SIOCGIFDEVMTU                     = 0xc0206944
-	SIOCGIFDSTADDR                    = 0xc0206922
-	SIOCGIFFLAGS                      = 0xc0206911
-	SIOCGIFGENERIC                    = 0xc020693a
-	SIOCGIFKPI                        = 0xc0206987
-	SIOCGIFMAC                        = 0xc0206982
-	SIOCGIFMEDIA                      = 0xc0286938
-	SIOCGIFMETRIC                     = 0xc0206917
-	SIOCGIFMTU                        = 0xc0206933
-	SIOCGIFNETMASK                    = 0xc0206925
-	SIOCGIFPDSTADDR                   = 0xc0206940
-	SIOCGIFPHYS                       = 0xc0206935
-	SIOCGIFPSRCADDR                   = 0xc020693f
-	SIOCGIFSTATUS                     = 0xc331693d
-	SIOCGIFVLAN                       = 0xc020697f
-	SIOCGIFWAKEFLAGS                  = 0xc0206988
-	SIOCGLOWAT                        = 0x40047303
-	SIOCGPGRP                         = 0x40047309
-	SIOCIFCREATE                      = 0xc0206978
-	SIOCIFCREATE2                     = 0xc020697a
-	SIOCIFDESTROY                     = 0x80206979
-	SIOCIFGCLONERS                    = 0xc00c6981
-	SIOCRSLVMULTI                     = 0xc008693b
-	SIOCSDRVSPEC                      = 0x801c697b
-	SIOCSETVLAN                       = 0x8020697e
-	SIOCSHIWAT                        = 0x80047300
-	SIOCSIFADDR                       = 0x8020690c
-	SIOCSIFALTMTU                     = 0x80206945
-	SIOCSIFASYNCMAP                   = 0x8020697d
-	SIOCSIFBOND                       = 0x80206946
-	SIOCSIFBRDADDR                    = 0x80206913
-	SIOCSIFCAP                        = 0x8020695a
-	SIOCSIFDSTADDR                    = 0x8020690e
-	SIOCSIFFLAGS                      = 0x80206910
-	SIOCSIFGENERIC                    = 0x80206939
-	SIOCSIFKPI                        = 0x80206986
-	SIOCSIFLLADDR                     = 0x8020693c
-	SIOCSIFMAC                        = 0x80206983
-	SIOCSIFMEDIA                      = 0xc0206937
-	SIOCSIFMETRIC                     = 0x80206918
-	SIOCSIFMTU                        = 0x80206934
-	SIOCSIFNETMASK                    = 0x80206916
-	SIOCSIFPHYADDR                    = 0x8040693e
-	SIOCSIFPHYS                       = 0x80206936
-	SIOCSIFVLAN                       = 0x8020697e
-	SIOCSLOWAT                        = 0x80047302
-	SIOCSPGRP                         = 0x80047308
-	SOCK_DGRAM                        = 0x2
-	SOCK_MAXADDRLEN                   = 0xff
-	SOCK_RAW                          = 0x3
-	SOCK_RDM                          = 0x4
-	SOCK_SEQPACKET                    = 0x5
-	SOCK_STREAM                       = 0x1
-	SOL_SOCKET                        = 0xffff
-	SOMAXCONN                         = 0x80
-	SO_ACCEPTCONN                     = 0x2
-	SO_BROADCAST                      = 0x20
-	SO_DEBUG                          = 0x1
-	SO_DONTROUTE                      = 0x10
-	SO_DONTTRUNC                      = 0x2000
-	SO_ERROR                          = 0x1007
-	SO_KEEPALIVE                      = 0x8
-	SO_LABEL                          = 0x1010
-	SO_LINGER                         = 0x80
-	SO_LINGER_SEC                     = 0x1080
-	SO_NETSVC_MARKING_LEVEL           = 0x1119
-	SO_NET_SERVICE_TYPE               = 0x1116
-	SO_NKE                            = 0x1021
-	SO_NOADDRERR                      = 0x1023
-	SO_NOSIGPIPE                      = 0x1022
-	SO_NOTIFYCONFLICT                 = 0x1026
-	SO_NP_EXTENSIONS                  = 0x1083
-	SO_NREAD                          = 0x1020
-	SO_NUMRCVPKT                      = 0x1112
-	SO_NWRITE                         = 0x1024
-	SO_OOBINLINE                      = 0x100
-	SO_PEERLABEL                      = 0x1011
-	SO_RANDOMPORT                     = 0x1082
-	SO_RCVBUF                         = 0x1002
-	SO_RCVLOWAT                       = 0x1004
-	SO_RCVTIMEO                       = 0x1006
-	SO_REUSEADDR                      = 0x4
-	SO_REUSEPORT                      = 0x200
-	SO_REUSESHAREUID                  = 0x1025
-	SO_SNDBUF                         = 0x1001
-	SO_SNDLOWAT                       = 0x1003
-	SO_SNDTIMEO                       = 0x1005
-	SO_TIMESTAMP                      = 0x400
-	SO_TIMESTAMP_MONOTONIC            = 0x800
-	SO_TYPE                           = 0x1008
-	SO_UPCALLCLOSEWAIT                = 0x1027
-	SO_USELOOPBACK                    = 0x40
-	SO_WANTMORE                       = 0x4000
-	SO_WANTOOBFLAG                    = 0x8000
-	S_IEXEC                           = 0x40
-	S_IFBLK                           = 0x6000
-	S_IFCHR                           = 0x2000
-	S_IFDIR                           = 0x4000
-	S_IFIFO                           = 0x1000
-	S_IFLNK                           = 0xa000
-	S_IFMT                            = 0xf000
-	S_IFREG                           = 0x8000
-	S_IFSOCK                          = 0xc000
-	S_IFWHT                           = 0xe000
-	S_IREAD                           = 0x100
-	S_IRGRP                           = 0x20
-	S_IROTH                           = 0x4
-	S_IRUSR                           = 0x100
-	S_IRWXG                           = 0x38
-	S_IRWXO                           = 0x7
-	S_IRWXU                           = 0x1c0
-	S_ISGID                           = 0x400
-	S_ISTXT                           = 0x200
-	S_ISUID                           = 0x800
-	S_ISVTX                           = 0x200
-	S_IWGRP                           = 0x10
-	S_IWOTH                           = 0x2
-	S_IWRITE                          = 0x80
-	S_IWUSR                           = 0x80
-	S_IXGRP                           = 0x8
-	S_IXOTH                           = 0x1
-	S_IXUSR                           = 0x40
-	TAB0                              = 0x0
-	TAB1                              = 0x400
-	TAB2                              = 0x800
-	TAB3                              = 0x4
-	TABDLY                            = 0xc04
-	TCIFLUSH                          = 0x1
-	TCIOFF                            = 0x3
-	TCIOFLUSH                         = 0x3
-	TCION                             = 0x4
-	TCOFLUSH                          = 0x2
-	TCOOFF                            = 0x1
-	TCOON                             = 0x2
-	TCP_CONNECTIONTIMEOUT             = 0x20
-	TCP_CONNECTION_INFO               = 0x106
-	TCP_ENABLE_ECN                    = 0x104
-	TCP_FASTOPEN                      = 0x105
-	TCP_KEEPALIVE                     = 0x10
-	TCP_KEEPCNT                       = 0x102
-	TCP_KEEPINTVL                     = 0x101
-	TCP_MAXHLEN                       = 0x3c
-	TCP_MAXOLEN                       = 0x28
-	TCP_MAXSEG                        = 0x2
-	TCP_MAXWIN                        = 0xffff
-	TCP_MAX_SACK                      = 0x4
-	TCP_MAX_WINSHIFT                  = 0xe
-	TCP_MINMSS                        = 0xd8
-	TCP_MSS                           = 0x200
-	TCP_NODELAY                       = 0x1
-	TCP_NOOPT                         = 0x8
-	TCP_NOPUSH                        = 0x4
-	TCP_NOTSENT_LOWAT                 = 0x201
-	TCP_RXT_CONNDROPTIME              = 0x80
-	TCP_RXT_FINDROP                   = 0x100
-	TCP_SENDMOREACKS                  = 0x103
-	TCSAFLUSH                         = 0x2
-	TIOCCBRK                          = 0x2000747a
-	TIOCCDTR                          = 0x20007478
-	TIOCCONS                          = 0x80047462
-	TIOCDCDTIMESTAMP                  = 0x40087458
-	TIOCDRAIN                         = 0x2000745e
-	TIOCDSIMICROCODE                  = 0x20007455
-	TIOCEXCL                          = 0x2000740d
-	TIOCEXT                           = 0x80047460
-	TIOCFLUSH                         = 0x80047410
-	TIOCGDRAINWAIT                    = 0x40047456
-	TIOCGETA                          = 0x402c7413
-	TIOCGETD                          = 0x4004741a
-	TIOCGPGRP                         = 0x40047477
-	TIOCGWINSZ                        = 0x40087468
-	TIOCIXOFF                         = 0x20007480
-	TIOCIXON                          = 0x20007481
-	TIOCMBIC                          = 0x8004746b
-	TIOCMBIS                          = 0x8004746c
-	TIOCMGDTRWAIT                     = 0x4004745a
-	TIOCMGET                          = 0x4004746a
-	TIOCMODG                          = 0x40047403
-	TIOCMODS                          = 0x80047404
-	TIOCMSDTRWAIT                     = 0x8004745b
-	TIOCMSET                          = 0x8004746d
-	TIOCM_CAR                         = 0x40
-	TIOCM_CD                          = 0x40
-	TIOCM_CTS                         = 0x20
-	TIOCM_DSR                         = 0x100
-	TIOCM_DTR                         = 0x2
-	TIOCM_LE                          = 0x1
-	TIOCM_RI                          = 0x80
-	TIOCM_RNG                         = 0x80
-	TIOCM_RTS                         = 0x4
-	TIOCM_SR                          = 0x10
-	TIOCM_ST                          = 0x8
-	TIOCNOTTY                         = 0x20007471
-	TIOCNXCL                          = 0x2000740e
-	TIOCOUTQ                          = 0x40047473
-	TIOCPKT                           = 0x80047470
-	TIOCPKT_DATA                      = 0x0
-	TIOCPKT_DOSTOP                    = 0x20
-	TIOCPKT_FLUSHREAD                 = 0x1
-	TIOCPKT_FLUSHWRITE                = 0x2
-	TIOCPKT_IOCTL                     = 0x40
-	TIOCPKT_NOSTOP                    = 0x10
-	TIOCPKT_START                     = 0x8
-	TIOCPKT_STOP                      = 0x4
-	TIOCPTYGNAME                      = 0x40807453
-	TIOCPTYGRANT                      = 0x20007454
-	TIOCPTYUNLK                       = 0x20007452
-	TIOCREMOTE                        = 0x80047469
-	TIOCSBRK                          = 0x2000747b
-	TIOCSCONS                         = 0x20007463
-	TIOCSCTTY                         = 0x20007461
-	TIOCSDRAINWAIT                    = 0x80047457
-	TIOCSDTR                          = 0x20007479
-	TIOCSETA                          = 0x802c7414
-	TIOCSETAF                         = 0x802c7416
-	TIOCSETAW                         = 0x802c7415
-	TIOCSETD                          = 0x8004741b
-	TIOCSIG                           = 0x2000745f
-	TIOCSPGRP                         = 0x80047476
-	TIOCSTART                         = 0x2000746e
-	TIOCSTAT                          = 0x20007465
-	TIOCSTI                           = 0x80017472
-	TIOCSTOP                          = 0x2000746f
-	TIOCSWINSZ                        = 0x80087467
-	TIOCTIMESTAMP                     = 0x40087459
-	TIOCUCNTL                         = 0x80047466
-	TOSTOP                            = 0x400000
-	VDISCARD                          = 0xf
-	VDSUSP                            = 0xb
-	VEOF                              = 0x0
-	VEOL                              = 0x1
-	VEOL2                             = 0x2
-	VERASE                            = 0x3
-	VINTR                             = 0x8
-	VKILL                             = 0x5
-	VLNEXT                            = 0xe
-	VMIN                              = 0x10
-	VM_LOADAVG                        = 0x2
-	VM_MACHFACTOR                     = 0x4
-	VM_MAXID                          = 0x6
-	VM_METER                          = 0x1
-	VM_SWAPUSAGE                      = 0x5
-	VQUIT                             = 0x9
-	VREPRINT                          = 0x6
-	VSTART                            = 0xc
-	VSTATUS                           = 0x12
-	VSTOP                             = 0xd
-	VSUSP                             = 0xa
-	VT0                               = 0x0
-	VT1                               = 0x10000
-	VTDLY                             = 0x10000
-	VTIME                             = 0x11
-	VWERASE                           = 0x4
-	WCONTINUED                        = 0x10
-	WCOREFLAG                         = 0x80
-	WEXITED                           = 0x4
-	WNOHANG                           = 0x1
-	WNOWAIT                           = 0x20
-	WORDSIZE                          = 0x20
-	WSTOPPED                          = 0x8
-	WUNTRACED                         = 0x2
-	XATTR_CREATE                      = 0x2
-	XATTR_NODEFAULT                   = 0x10
-	XATTR_NOFOLLOW                    = 0x1
-	XATTR_NOSECURITY                  = 0x8
-	XATTR_REPLACE                     = 0x4
-	XATTR_SHOWCOMPRESSION             = 0x20
-)
-
-// Errors
-const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
-	EADDRINUSE      = syscall.Errno(0x30)
-	EADDRNOTAVAIL   = syscall.Errno(0x31)
-	EAFNOSUPPORT    = syscall.Errno(0x2f)
-	EAGAIN          = syscall.Errno(0x23)
-	EALREADY        = syscall.Errno(0x25)
-	EAUTH           = syscall.Errno(0x50)
-	EBADARCH        = syscall.Errno(0x56)
-	EBADEXEC        = syscall.Errno(0x55)
-	EBADF           = syscall.Errno(0x9)
-	EBADMACHO       = syscall.Errno(0x58)
-	EBADMSG         = syscall.Errno(0x5e)
-	EBADRPC         = syscall.Errno(0x48)
-	EBUSY           = syscall.Errno(0x10)
-	ECANCELED       = syscall.Errno(0x59)
-	ECHILD          = syscall.Errno(0xa)
-	ECONNABORTED    = syscall.Errno(0x35)
-	ECONNREFUSED    = syscall.Errno(0x3d)
-	ECONNRESET      = syscall.Errno(0x36)
-	EDEADLK         = syscall.Errno(0xb)
-	EDESTADDRREQ    = syscall.Errno(0x27)
-	EDEVERR         = syscall.Errno(0x53)
-	EDOM            = syscall.Errno(0x21)
-	EDQUOT          = syscall.Errno(0x45)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
-	EFTYPE          = syscall.Errno(0x4f)
-	EHOSTDOWN       = syscall.Errno(0x40)
-	EHOSTUNREACH    = syscall.Errno(0x41)
-	EIDRM           = syscall.Errno(0x5a)
-	EILSEQ          = syscall.Errno(0x5c)
-	EINPROGRESS     = syscall.Errno(0x24)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
-	EISCONN         = syscall.Errno(0x38)
-	EISDIR          = syscall.Errno(0x15)
-	ELAST           = syscall.Errno(0x6a)
-	ELOOP           = syscall.Errno(0x3e)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
-	EMSGSIZE        = syscall.Errno(0x28)
-	EMULTIHOP       = syscall.Errno(0x5f)
-	ENAMETOOLONG    = syscall.Errno(0x3f)
-	ENEEDAUTH       = syscall.Errno(0x51)
-	ENETDOWN        = syscall.Errno(0x32)
-	ENETRESET       = syscall.Errno(0x34)
-	ENETUNREACH     = syscall.Errno(0x33)
-	ENFILE          = syscall.Errno(0x17)
-	ENOATTR         = syscall.Errno(0x5d)
-	ENOBUFS         = syscall.Errno(0x37)
-	ENODATA         = syscall.Errno(0x60)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
-	ENOLCK          = syscall.Errno(0x4d)
-	ENOLINK         = syscall.Errno(0x61)
-	ENOMEM          = syscall.Errno(0xc)
-	ENOMSG          = syscall.Errno(0x5b)
-	ENOPOLICY       = syscall.Errno(0x67)
-	ENOPROTOOPT     = syscall.Errno(0x2a)
-	ENOSPC          = syscall.Errno(0x1c)
-	ENOSR           = syscall.Errno(0x62)
-	ENOSTR          = syscall.Errno(0x63)
-	ENOSYS          = syscall.Errno(0x4e)
-	ENOTBLK         = syscall.Errno(0xf)
-	ENOTCONN        = syscall.Errno(0x39)
-	ENOTDIR         = syscall.Errno(0x14)
-	ENOTEMPTY       = syscall.Errno(0x42)
-	ENOTRECOVERABLE = syscall.Errno(0x68)
-	ENOTSOCK        = syscall.Errno(0x26)
-	ENOTSUP         = syscall.Errno(0x2d)
-	ENOTTY          = syscall.Errno(0x19)
-	ENXIO           = syscall.Errno(0x6)
-	EOPNOTSUPP      = syscall.Errno(0x66)
-	EOVERFLOW       = syscall.Errno(0x54)
-	EOWNERDEAD      = syscall.Errno(0x69)
-	EPERM           = syscall.Errno(0x1)
-	EPFNOSUPPORT    = syscall.Errno(0x2e)
-	EPIPE           = syscall.Errno(0x20)
-	EPROCLIM        = syscall.Errno(0x43)
-	EPROCUNAVAIL    = syscall.Errno(0x4c)
-	EPROGMISMATCH   = syscall.Errno(0x4b)
-	EPROGUNAVAIL    = syscall.Errno(0x4a)
-	EPROTO          = syscall.Errno(0x64)
-	EPROTONOSUPPORT = syscall.Errno(0x2b)
-	EPROTOTYPE      = syscall.Errno(0x29)
-	EPWROFF         = syscall.Errno(0x52)
-	EQFULL          = syscall.Errno(0x6a)
-	ERANGE          = syscall.Errno(0x22)
-	EREMOTE         = syscall.Errno(0x47)
-	EROFS           = syscall.Errno(0x1e)
-	ERPCMISMATCH    = syscall.Errno(0x49)
-	ESHLIBVERS      = syscall.Errno(0x57)
-	ESHUTDOWN       = syscall.Errno(0x3a)
-	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
-	ESTALE          = syscall.Errno(0x46)
-	ETIME           = syscall.Errno(0x65)
-	ETIMEDOUT       = syscall.Errno(0x3c)
-	ETOOMANYREFS    = syscall.Errno(0x3b)
-	ETXTBSY         = syscall.Errno(0x1a)
-	EUSERS          = syscall.Errno(0x44)
-	EWOULDBLOCK     = syscall.Errno(0x23)
-	EXDEV           = syscall.Errno(0x12)
-)
-
-// Signals
-const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
-	SIGBUS    = syscall.Signal(0xa)
-	SIGCHLD   = syscall.Signal(0x14)
-	SIGCONT   = syscall.Signal(0x13)
-	SIGEMT    = syscall.Signal(0x7)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINFO   = syscall.Signal(0x1d)
-	SIGINT    = syscall.Signal(0x2)
-	SIGIO     = syscall.Signal(0x17)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
-	SIGPROF   = syscall.Signal(0x1b)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
-	SIGSTOP   = syscall.Signal(0x11)
-	SIGSYS    = syscall.Signal(0xc)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
-	SIGTSTP   = syscall.Signal(0x12)
-	SIGTTIN   = syscall.Signal(0x15)
-	SIGTTOU   = syscall.Signal(0x16)
-	SIGURG    = syscall.Signal(0x10)
-	SIGUSR1   = syscall.Signal(0x1e)
-	SIGUSR2   = syscall.Signal(0x1f)
-	SIGVTALRM = syscall.Signal(0x1a)
-	SIGWINCH  = syscall.Signal(0x1c)
-	SIGXCPU   = syscall.Signal(0x18)
-	SIGXFSZ   = syscall.Signal(0x19)
-)
-
-// Error table
-var errorList = [...]struct {
-	num  syscall.Errno
-	name string
-	desc string
-}{
-	{1, "EPERM", "operation not permitted"},
-	{2, "ENOENT", "no such file or directory"},
-	{3, "ESRCH", "no such process"},
-	{4, "EINTR", "interrupted system call"},
-	{5, "EIO", "input/output error"},
-	{6, "ENXIO", "device not configured"},
-	{7, "E2BIG", "argument list too long"},
-	{8, "ENOEXEC", "exec format error"},
-	{9, "EBADF", "bad file descriptor"},
-	{10, "ECHILD", "no child processes"},
-	{11, "EDEADLK", "resource deadlock avoided"},
-	{12, "ENOMEM", "cannot allocate memory"},
-	{13, "EACCES", "permission denied"},
-	{14, "EFAULT", "bad address"},
-	{15, "ENOTBLK", "block device required"},
-	{16, "EBUSY", "resource busy"},
-	{17, "EEXIST", "file exists"},
-	{18, "EXDEV", "cross-device link"},
-	{19, "ENODEV", "operation not supported by device"},
-	{20, "ENOTDIR", "not a directory"},
-	{21, "EISDIR", "is a directory"},
-	{22, "EINVAL", "invalid argument"},
-	{23, "ENFILE", "too many open files in system"},
-	{24, "EMFILE", "too many open files"},
-	{25, "ENOTTY", "inappropriate ioctl for device"},
-	{26, "ETXTBSY", "text file busy"},
-	{27, "EFBIG", "file too large"},
-	{28, "ENOSPC", "no space left on device"},
-	{29, "ESPIPE", "illegal seek"},
-	{30, "EROFS", "read-only file system"},
-	{31, "EMLINK", "too many links"},
-	{32, "EPIPE", "broken pipe"},
-	{33, "EDOM", "numerical argument out of domain"},
-	{34, "ERANGE", "result too large"},
-	{35, "EAGAIN", "resource temporarily unavailable"},
-	{36, "EINPROGRESS", "operation now in progress"},
-	{37, "EALREADY", "operation already in progress"},
-	{38, "ENOTSOCK", "socket operation on non-socket"},
-	{39, "EDESTADDRREQ", "destination address required"},
-	{40, "EMSGSIZE", "message too long"},
-	{41, "EPROTOTYPE", "protocol wrong type for socket"},
-	{42, "ENOPROTOOPT", "protocol not available"},
-	{43, "EPROTONOSUPPORT", "protocol not supported"},
-	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
-	{45, "ENOTSUP", "operation not supported"},
-	{46, "EPFNOSUPPORT", "protocol family not supported"},
-	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
-	{48, "EADDRINUSE", "address already in use"},
-	{49, "EADDRNOTAVAIL", "can't assign requested address"},
-	{50, "ENETDOWN", "network is down"},
-	{51, "ENETUNREACH", "network is unreachable"},
-	{52, "ENETRESET", "network dropped connection on reset"},
-	{53, "ECONNABORTED", "software caused connection abort"},
-	{54, "ECONNRESET", "connection reset by peer"},
-	{55, "ENOBUFS", "no buffer space available"},
-	{56, "EISCONN", "socket is already connected"},
-	{57, "ENOTCONN", "socket is not connected"},
-	{58, "ESHUTDOWN", "can't send after socket shutdown"},
-	{59, "ETOOMANYREFS", "too many references: can't splice"},
-	{60, "ETIMEDOUT", "operation timed out"},
-	{61, "ECONNREFUSED", "connection refused"},
-	{62, "ELOOP", "too many levels of symbolic links"},
-	{63, "ENAMETOOLONG", "file name too long"},
-	{64, "EHOSTDOWN", "host is down"},
-	{65, "EHOSTUNREACH", "no route to host"},
-	{66, "ENOTEMPTY", "directory not empty"},
-	{67, "EPROCLIM", "too many processes"},
-	{68, "EUSERS", "too many users"},
-	{69, "EDQUOT", "disc quota exceeded"},
-	{70, "ESTALE", "stale NFS file handle"},
-	{71, "EREMOTE", "too many levels of remote in path"},
-	{72, "EBADRPC", "RPC struct is bad"},
-	{73, "ERPCMISMATCH", "RPC version wrong"},
-	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
-	{75, "EPROGMISMATCH", "program version wrong"},
-	{76, "EPROCUNAVAIL", "bad procedure for program"},
-	{77, "ENOLCK", "no locks available"},
-	{78, "ENOSYS", "function not implemented"},
-	{79, "EFTYPE", "inappropriate file type or format"},
-	{80, "EAUTH", "authentication error"},
-	{81, "ENEEDAUTH", "need authenticator"},
-	{82, "EPWROFF", "device power is off"},
-	{83, "EDEVERR", "device error"},
-	{84, "EOVERFLOW", "value too large to be stored in data type"},
-	{85, "EBADEXEC", "bad executable (or shared library)"},
-	{86, "EBADARCH", "bad CPU type in executable"},
-	{87, "ESHLIBVERS", "shared library version mismatch"},
-	{88, "EBADMACHO", "malformed Mach-o file"},
-	{89, "ECANCELED", "operation canceled"},
-	{90, "EIDRM", "identifier removed"},
-	{91, "ENOMSG", "no message of desired type"},
-	{92, "EILSEQ", "illegal byte sequence"},
-	{93, "ENOATTR", "attribute not found"},
-	{94, "EBADMSG", "bad message"},
-	{95, "EMULTIHOP", "EMULTIHOP (Reserved)"},
-	{96, "ENODATA", "no message available on STREAM"},
-	{97, "ENOLINK", "ENOLINK (Reserved)"},
-	{98, "ENOSR", "no STREAM resources"},
-	{99, "ENOSTR", "not a STREAM"},
-	{100, "EPROTO", "protocol error"},
-	{101, "ETIME", "STREAM ioctl timeout"},
-	{102, "EOPNOTSUPP", "operation not supported on socket"},
-	{103, "ENOPOLICY", "policy not found"},
-	{104, "ENOTRECOVERABLE", "state not recoverable"},
-	{105, "EOWNERDEAD", "previous owner died"},
-	{106, "EQFULL", "interface output queue is full"},
-}
-
-// Signal table
-var signalList = [...]struct {
-	num  syscall.Signal
-	name string
-	desc string
-}{
-	{1, "SIGHUP", "hangup"},
-	{2, "SIGINT", "interrupt"},
-	{3, "SIGQUIT", "quit"},
-	{4, "SIGILL", "illegal instruction"},
-	{5, "SIGTRAP", "trace/BPT trap"},
-	{6, "SIGABRT", "abort trap"},
-	{7, "SIGEMT", "EMT trap"},
-	{8, "SIGFPE", "floating point exception"},
-	{9, "SIGKILL", "killed"},
-	{10, "SIGBUS", "bus error"},
-	{11, "SIGSEGV", "segmentation fault"},
-	{12, "SIGSYS", "bad system call"},
-	{13, "SIGPIPE", "broken pipe"},
-	{14, "SIGALRM", "alarm clock"},
-	{15, "SIGTERM", "terminated"},
-	{16, "SIGURG", "urgent I/O condition"},
-	{17, "SIGSTOP", "suspended (signal)"},
-	{18, "SIGTSTP", "suspended"},
-	{19, "SIGCONT", "continued"},
-	{20, "SIGCHLD", "child exited"},
-	{21, "SIGTTIN", "stopped (tty input)"},
-	{22, "SIGTTOU", "stopped (tty output)"},
-	{23, "SIGIO", "I/O possible"},
-	{24, "SIGXCPU", "cputime limit exceeded"},
-	{25, "SIGXFSZ", "filesize limit exceeded"},
-	{26, "SIGVTALRM", "virtual timer expired"},
-	{27, "SIGPROF", "profiling timer expired"},
-	{28, "SIGWINCH", "window size changes"},
-	{29, "SIGINFO", "information request"},
-	{30, "SIGUSR1", "user defined signal 1"},
-	{31, "SIGUSR2", "user defined signal 2"},
-}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
index 8fe5547775b2c..476a1c7e77c52 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && darwin
 // +build amd64,darwin
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -11,1474 +12,1582 @@ package unix
 import "syscall"
 
 const (
-	AF_APPLETALK                      = 0x10
-	AF_CCITT                          = 0xa
-	AF_CHAOS                          = 0x5
-	AF_CNT                            = 0x15
-	AF_COIP                           = 0x14
-	AF_DATAKIT                        = 0x9
-	AF_DECnet                         = 0xc
-	AF_DLI                            = 0xd
-	AF_E164                           = 0x1c
-	AF_ECMA                           = 0x8
-	AF_HYLINK                         = 0xf
-	AF_IEEE80211                      = 0x25
-	AF_IMPLINK                        = 0x3
-	AF_INET                           = 0x2
-	AF_INET6                          = 0x1e
-	AF_IPX                            = 0x17
-	AF_ISDN                           = 0x1c
-	AF_ISO                            = 0x7
-	AF_LAT                            = 0xe
-	AF_LINK                           = 0x12
-	AF_LOCAL                          = 0x1
-	AF_MAX                            = 0x28
-	AF_NATM                           = 0x1f
-	AF_NDRV                           = 0x1b
-	AF_NETBIOS                        = 0x21
-	AF_NS                             = 0x6
-	AF_OSI                            = 0x7
-	AF_PPP                            = 0x22
-	AF_PUP                            = 0x4
-	AF_RESERVED_36                    = 0x24
-	AF_ROUTE                          = 0x11
-	AF_SIP                            = 0x18
-	AF_SNA                            = 0xb
-	AF_SYSTEM                         = 0x20
-	AF_UNIX                           = 0x1
-	AF_UNSPEC                         = 0x0
-	AF_UTUN                           = 0x26
-	ALTWERASE                         = 0x200
-	ATTR_BIT_MAP_COUNT                = 0x5
-	ATTR_CMN_ACCESSMASK               = 0x20000
-	ATTR_CMN_ACCTIME                  = 0x1000
-	ATTR_CMN_ADDEDTIME                = 0x10000000
-	ATTR_CMN_BKUPTIME                 = 0x2000
-	ATTR_CMN_CHGTIME                  = 0x800
-	ATTR_CMN_CRTIME                   = 0x200
-	ATTR_CMN_DATA_PROTECT_FLAGS       = 0x40000000
-	ATTR_CMN_DEVID                    = 0x2
-	ATTR_CMN_DOCUMENT_ID              = 0x100000
-	ATTR_CMN_ERROR                    = 0x20000000
-	ATTR_CMN_EXTENDED_SECURITY        = 0x400000
-	ATTR_CMN_FILEID                   = 0x2000000
-	ATTR_CMN_FLAGS                    = 0x40000
-	ATTR_CMN_FNDRINFO                 = 0x4000
-	ATTR_CMN_FSID                     = 0x4
-	ATTR_CMN_FULLPATH                 = 0x8000000
-	ATTR_CMN_GEN_COUNT                = 0x80000
-	ATTR_CMN_GRPID                    = 0x10000
-	ATTR_CMN_GRPUUID                  = 0x1000000
-	ATTR_CMN_MODTIME                  = 0x400
-	ATTR_CMN_NAME                     = 0x1
-	ATTR_CMN_NAMEDATTRCOUNT           = 0x80000
-	ATTR_CMN_NAMEDATTRLIST            = 0x100000
-	ATTR_CMN_OBJID                    = 0x20
-	ATTR_CMN_OBJPERMANENTID           = 0x40
-	ATTR_CMN_OBJTAG                   = 0x10
-	ATTR_CMN_OBJTYPE                  = 0x8
-	ATTR_CMN_OWNERID                  = 0x8000
-	ATTR_CMN_PARENTID                 = 0x4000000
-	ATTR_CMN_PAROBJID                 = 0x80
-	ATTR_CMN_RETURNED_ATTRS           = 0x80000000
-	ATTR_CMN_SCRIPT                   = 0x100
-	ATTR_CMN_SETMASK                  = 0x41c7ff00
-	ATTR_CMN_USERACCESS               = 0x200000
-	ATTR_CMN_UUID                     = 0x800000
-	ATTR_CMN_VALIDMASK                = 0xffffffff
-	ATTR_CMN_VOLSETMASK               = 0x6700
-	ATTR_FILE_ALLOCSIZE               = 0x4
-	ATTR_FILE_CLUMPSIZE               = 0x10
-	ATTR_FILE_DATAALLOCSIZE           = 0x400
-	ATTR_FILE_DATAEXTENTS             = 0x800
-	ATTR_FILE_DATALENGTH              = 0x200
-	ATTR_FILE_DEVTYPE                 = 0x20
-	ATTR_FILE_FILETYPE                = 0x40
-	ATTR_FILE_FORKCOUNT               = 0x80
-	ATTR_FILE_FORKLIST                = 0x100
-	ATTR_FILE_IOBLOCKSIZE             = 0x8
-	ATTR_FILE_LINKCOUNT               = 0x1
-	ATTR_FILE_RSRCALLOCSIZE           = 0x2000
-	ATTR_FILE_RSRCEXTENTS             = 0x4000
-	ATTR_FILE_RSRCLENGTH              = 0x1000
-	ATTR_FILE_SETMASK                 = 0x20
-	ATTR_FILE_TOTALSIZE               = 0x2
-	ATTR_FILE_VALIDMASK               = 0x37ff
-	ATTR_VOL_ALLOCATIONCLUMP          = 0x40
-	ATTR_VOL_ATTRIBUTES               = 0x40000000
-	ATTR_VOL_CAPABILITIES             = 0x20000
-	ATTR_VOL_DIRCOUNT                 = 0x400
-	ATTR_VOL_ENCODINGSUSED            = 0x10000
-	ATTR_VOL_FILECOUNT                = 0x200
-	ATTR_VOL_FSTYPE                   = 0x1
-	ATTR_VOL_INFO                     = 0x80000000
-	ATTR_VOL_IOBLOCKSIZE              = 0x80
-	ATTR_VOL_MAXOBJCOUNT              = 0x800
-	ATTR_VOL_MINALLOCATION            = 0x20
-	ATTR_VOL_MOUNTEDDEVICE            = 0x8000
-	ATTR_VOL_MOUNTFLAGS               = 0x4000
-	ATTR_VOL_MOUNTPOINT               = 0x1000
-	ATTR_VOL_NAME                     = 0x2000
-	ATTR_VOL_OBJCOUNT                 = 0x100
-	ATTR_VOL_QUOTA_SIZE               = 0x10000000
-	ATTR_VOL_RESERVED_SIZE            = 0x20000000
-	ATTR_VOL_SETMASK                  = 0x80002000
-	ATTR_VOL_SIGNATURE                = 0x2
-	ATTR_VOL_SIZE                     = 0x4
-	ATTR_VOL_SPACEAVAIL               = 0x10
-	ATTR_VOL_SPACEFREE                = 0x8
-	ATTR_VOL_UUID                     = 0x40000
-	ATTR_VOL_VALIDMASK                = 0xf007ffff
-	B0                                = 0x0
-	B110                              = 0x6e
-	B115200                           = 0x1c200
-	B1200                             = 0x4b0
-	B134                              = 0x86
-	B14400                            = 0x3840
-	B150                              = 0x96
-	B1800                             = 0x708
-	B19200                            = 0x4b00
-	B200                              = 0xc8
-	B230400                           = 0x38400
-	B2400                             = 0x960
-	B28800                            = 0x7080
-	B300                              = 0x12c
-	B38400                            = 0x9600
-	B4800                             = 0x12c0
-	B50                               = 0x32
-	B57600                            = 0xe100
-	B600                              = 0x258
-	B7200                             = 0x1c20
-	B75                               = 0x4b
-	B76800                            = 0x12c00
-	B9600                             = 0x2580
-	BIOCFLUSH                         = 0x20004268
-	BIOCGBLEN                         = 0x40044266
-	BIOCGDLT                          = 0x4004426a
-	BIOCGDLTLIST                      = 0xc00c4279
-	BIOCGETIF                         = 0x4020426b
-	BIOCGHDRCMPLT                     = 0x40044274
-	BIOCGRSIG                         = 0x40044272
-	BIOCGRTIMEOUT                     = 0x4010426e
-	BIOCGSEESENT                      = 0x40044276
-	BIOCGSTATS                        = 0x4008426f
-	BIOCIMMEDIATE                     = 0x80044270
-	BIOCPROMISC                       = 0x20004269
-	BIOCSBLEN                         = 0xc0044266
-	BIOCSDLT                          = 0x80044278
-	BIOCSETF                          = 0x80104267
-	BIOCSETFNR                        = 0x8010427e
-	BIOCSETIF                         = 0x8020426c
-	BIOCSHDRCMPLT                     = 0x80044275
-	BIOCSRSIG                         = 0x80044273
-	BIOCSRTIMEOUT                     = 0x8010426d
-	BIOCSSEESENT                      = 0x80044277
-	BIOCVERSION                       = 0x40044271
-	BPF_A                             = 0x10
-	BPF_ABS                           = 0x20
-	BPF_ADD                           = 0x0
-	BPF_ALIGNMENT                     = 0x4
-	BPF_ALU                           = 0x4
-	BPF_AND                           = 0x50
-	BPF_B                             = 0x10
-	BPF_DIV                           = 0x30
-	BPF_H                             = 0x8
-	BPF_IMM                           = 0x0
-	BPF_IND                           = 0x40
-	BPF_JA                            = 0x0
-	BPF_JEQ                           = 0x10
-	BPF_JGE                           = 0x30
-	BPF_JGT                           = 0x20
-	BPF_JMP                           = 0x5
-	BPF_JSET                          = 0x40
-	BPF_K                             = 0x0
-	BPF_LD                            = 0x0
-	BPF_LDX                           = 0x1
-	BPF_LEN                           = 0x80
-	BPF_LSH                           = 0x60
-	BPF_MAJOR_VERSION                 = 0x1
-	BPF_MAXBUFSIZE                    = 0x80000
-	BPF_MAXINSNS                      = 0x200
-	BPF_MEM                           = 0x60
-	BPF_MEMWORDS                      = 0x10
-	BPF_MINBUFSIZE                    = 0x20
-	BPF_MINOR_VERSION                 = 0x1
-	BPF_MISC                          = 0x7
-	BPF_MSH                           = 0xa0
-	BPF_MUL                           = 0x20
-	BPF_NEG                           = 0x80
-	BPF_OR                            = 0x40
-	BPF_RELEASE                       = 0x30bb6
-	BPF_RET                           = 0x6
-	BPF_RSH                           = 0x70
-	BPF_ST                            = 0x2
-	BPF_STX                           = 0x3
-	BPF_SUB                           = 0x10
-	BPF_TAX                           = 0x0
-	BPF_TXA                           = 0x80
-	BPF_W                             = 0x0
-	BPF_X                             = 0x8
-	BRKINT                            = 0x2
-	BS0                               = 0x0
-	BS1                               = 0x8000
-	BSDLY                             = 0x8000
-	CFLUSH                            = 0xf
-	CLOCAL                            = 0x8000
-	CLOCK_MONOTONIC                   = 0x6
-	CLOCK_MONOTONIC_RAW               = 0x4
-	CLOCK_MONOTONIC_RAW_APPROX        = 0x5
-	CLOCK_PROCESS_CPUTIME_ID          = 0xc
-	CLOCK_REALTIME                    = 0x0
-	CLOCK_THREAD_CPUTIME_ID           = 0x10
-	CLOCK_UPTIME_RAW                  = 0x8
-	CLOCK_UPTIME_RAW_APPROX           = 0x9
-	CR0                               = 0x0
-	CR1                               = 0x1000
-	CR2                               = 0x2000
-	CR3                               = 0x3000
-	CRDLY                             = 0x3000
-	CREAD                             = 0x800
-	CRTSCTS                           = 0x30000
-	CS5                               = 0x0
-	CS6                               = 0x100
-	CS7                               = 0x200
-	CS8                               = 0x300
-	CSIZE                             = 0x300
-	CSTART                            = 0x11
-	CSTATUS                           = 0x14
-	CSTOP                             = 0x13
-	CSTOPB                            = 0x400
-	CSUSP                             = 0x1a
-	CTL_HW                            = 0x6
-	CTL_KERN                          = 0x1
-	CTL_MAXNAME                       = 0xc
-	CTL_NET                           = 0x4
-	DLT_A429                          = 0xb8
-	DLT_A653_ICM                      = 0xb9
-	DLT_AIRONET_HEADER                = 0x78
-	DLT_AOS                           = 0xde
-	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
-	DLT_ARCNET                        = 0x7
-	DLT_ARCNET_LINUX                  = 0x81
-	DLT_ATM_CLIP                      = 0x13
-	DLT_ATM_RFC1483                   = 0xb
-	DLT_AURORA                        = 0x7e
-	DLT_AX25                          = 0x3
-	DLT_AX25_KISS                     = 0xca
-	DLT_BACNET_MS_TP                  = 0xa5
-	DLT_BLUETOOTH_HCI_H4              = 0xbb
-	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
-	DLT_CAN20B                        = 0xbe
-	DLT_CAN_SOCKETCAN                 = 0xe3
-	DLT_CHAOS                         = 0x5
-	DLT_CHDLC                         = 0x68
-	DLT_CISCO_IOS                     = 0x76
-	DLT_C_HDLC                        = 0x68
-	DLT_C_HDLC_WITH_DIR               = 0xcd
-	DLT_DBUS                          = 0xe7
-	DLT_DECT                          = 0xdd
-	DLT_DOCSIS                        = 0x8f
-	DLT_DVB_CI                        = 0xeb
-	DLT_ECONET                        = 0x73
-	DLT_EN10MB                        = 0x1
-	DLT_EN3MB                         = 0x2
-	DLT_ENC                           = 0x6d
-	DLT_ERF                           = 0xc5
-	DLT_ERF_ETH                       = 0xaf
-	DLT_ERF_POS                       = 0xb0
-	DLT_FC_2                          = 0xe0
-	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
-	DLT_FDDI                          = 0xa
-	DLT_FLEXRAY                       = 0xd2
-	DLT_FRELAY                        = 0x6b
-	DLT_FRELAY_WITH_DIR               = 0xce
-	DLT_GCOM_SERIAL                   = 0xad
-	DLT_GCOM_T1E1                     = 0xac
-	DLT_GPF_F                         = 0xab
-	DLT_GPF_T                         = 0xaa
-	DLT_GPRS_LLC                      = 0xa9
-	DLT_GSMTAP_ABIS                   = 0xda
-	DLT_GSMTAP_UM                     = 0xd9
-	DLT_HHDLC                         = 0x79
-	DLT_IBM_SN                        = 0x92
-	DLT_IBM_SP                        = 0x91
-	DLT_IEEE802                       = 0x6
-	DLT_IEEE802_11                    = 0x69
-	DLT_IEEE802_11_RADIO              = 0x7f
-	DLT_IEEE802_11_RADIO_AVS          = 0xa3
-	DLT_IEEE802_15_4                  = 0xc3
-	DLT_IEEE802_15_4_LINUX            = 0xbf
-	DLT_IEEE802_15_4_NOFCS            = 0xe6
-	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
-	DLT_IEEE802_16_MAC_CPS            = 0xbc
-	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
-	DLT_IPFILTER                      = 0x74
-	DLT_IPMB                          = 0xc7
-	DLT_IPMB_LINUX                    = 0xd1
-	DLT_IPNET                         = 0xe2
-	DLT_IPOIB                         = 0xf2
-	DLT_IPV4                          = 0xe4
-	DLT_IPV6                          = 0xe5
-	DLT_IP_OVER_FC                    = 0x7a
-	DLT_JUNIPER_ATM1                  = 0x89
-	DLT_JUNIPER_ATM2                  = 0x87
-	DLT_JUNIPER_ATM_CEMIC             = 0xee
-	DLT_JUNIPER_CHDLC                 = 0xb5
-	DLT_JUNIPER_ES                    = 0x84
-	DLT_JUNIPER_ETHER                 = 0xb2
-	DLT_JUNIPER_FIBRECHANNEL          = 0xea
-	DLT_JUNIPER_FRELAY                = 0xb4
-	DLT_JUNIPER_GGSN                  = 0x85
-	DLT_JUNIPER_ISM                   = 0xc2
-	DLT_JUNIPER_MFR                   = 0x86
-	DLT_JUNIPER_MLFR                  = 0x83
-	DLT_JUNIPER_MLPPP                 = 0x82
-	DLT_JUNIPER_MONITOR               = 0xa4
-	DLT_JUNIPER_PIC_PEER              = 0xae
-	DLT_JUNIPER_PPP                   = 0xb3
-	DLT_JUNIPER_PPPOE                 = 0xa7
-	DLT_JUNIPER_PPPOE_ATM             = 0xa8
-	DLT_JUNIPER_SERVICES              = 0x88
-	DLT_JUNIPER_SRX_E2E               = 0xe9
-	DLT_JUNIPER_ST                    = 0xc8
-	DLT_JUNIPER_VP                    = 0xb7
-	DLT_JUNIPER_VS                    = 0xe8
-	DLT_LAPB_WITH_DIR                 = 0xcf
-	DLT_LAPD                          = 0xcb
-	DLT_LIN                           = 0xd4
-	DLT_LINUX_EVDEV                   = 0xd8
-	DLT_LINUX_IRDA                    = 0x90
-	DLT_LINUX_LAPD                    = 0xb1
-	DLT_LINUX_PPP_WITHDIRECTION       = 0xa6
-	DLT_LINUX_SLL                     = 0x71
-	DLT_LOOP                          = 0x6c
-	DLT_LTALK                         = 0x72
-	DLT_MATCHING_MAX                  = 0xf5
-	DLT_MATCHING_MIN                  = 0x68
-	DLT_MFR                           = 0xb6
-	DLT_MOST                          = 0xd3
-	DLT_MPEG_2_TS                     = 0xf3
-	DLT_MPLS                          = 0xdb
-	DLT_MTP2                          = 0x8c
-	DLT_MTP2_WITH_PHDR                = 0x8b
-	DLT_MTP3                          = 0x8d
-	DLT_MUX27010                      = 0xec
-	DLT_NETANALYZER                   = 0xf0
-	DLT_NETANALYZER_TRANSPARENT       = 0xf1
-	DLT_NFC_LLCP                      = 0xf5
-	DLT_NFLOG                         = 0xef
-	DLT_NG40                          = 0xf4
-	DLT_NULL                          = 0x0
-	DLT_PCI_EXP                       = 0x7d
-	DLT_PFLOG                         = 0x75
-	DLT_PFSYNC                        = 0x12
-	DLT_PPI                           = 0xc0
-	DLT_PPP                           = 0x9
-	DLT_PPP_BSDOS                     = 0x10
-	DLT_PPP_ETHER                     = 0x33
-	DLT_PPP_PPPD                      = 0xa6
-	DLT_PPP_SERIAL                    = 0x32
-	DLT_PPP_WITH_DIR                  = 0xcc
-	DLT_PPP_WITH_DIRECTION            = 0xa6
-	DLT_PRISM_HEADER                  = 0x77
-	DLT_PRONET                        = 0x4
-	DLT_RAIF1                         = 0xc6
-	DLT_RAW                           = 0xc
-	DLT_RIO                           = 0x7c
-	DLT_SCCP                          = 0x8e
-	DLT_SITA                          = 0xc4
-	DLT_SLIP                          = 0x8
-	DLT_SLIP_BSDOS                    = 0xf
-	DLT_STANAG_5066_D_PDU             = 0xed
-	DLT_SUNATM                        = 0x7b
-	DLT_SYMANTEC_FIREWALL             = 0x63
-	DLT_TZSP                          = 0x80
-	DLT_USB                           = 0xba
-	DLT_USB_LINUX                     = 0xbd
-	DLT_USB_LINUX_MMAPPED             = 0xdc
-	DLT_USER0                         = 0x93
-	DLT_USER1                         = 0x94
-	DLT_USER10                        = 0x9d
-	DLT_USER11                        = 0x9e
-	DLT_USER12                        = 0x9f
-	DLT_USER13                        = 0xa0
-	DLT_USER14                        = 0xa1
-	DLT_USER15                        = 0xa2
-	DLT_USER2                         = 0x95
-	DLT_USER3                         = 0x96
-	DLT_USER4                         = 0x97
-	DLT_USER5                         = 0x98
-	DLT_USER6                         = 0x99
-	DLT_USER7                         = 0x9a
-	DLT_USER8                         = 0x9b
-	DLT_USER9                         = 0x9c
-	DLT_WIHART                        = 0xdf
-	DLT_X2E_SERIAL                    = 0xd5
-	DLT_X2E_XORAYA                    = 0xd6
-	DT_BLK                            = 0x6
-	DT_CHR                            = 0x2
-	DT_DIR                            = 0x4
-	DT_FIFO                           = 0x1
-	DT_LNK                            = 0xa
-	DT_REG                            = 0x8
-	DT_SOCK                           = 0xc
-	DT_UNKNOWN                        = 0x0
-	DT_WHT                            = 0xe
-	ECHO                              = 0x8
-	ECHOCTL                           = 0x40
-	ECHOE                             = 0x2
-	ECHOK                             = 0x4
-	ECHOKE                            = 0x1
-	ECHONL                            = 0x10
-	ECHOPRT                           = 0x20
-	EVFILT_AIO                        = -0x3
-	EVFILT_EXCEPT                     = -0xf
-	EVFILT_FS                         = -0x9
-	EVFILT_MACHPORT                   = -0x8
-	EVFILT_PROC                       = -0x5
-	EVFILT_READ                       = -0x1
-	EVFILT_SIGNAL                     = -0x6
-	EVFILT_SYSCOUNT                   = 0xf
-	EVFILT_THREADMARKER               = 0xf
-	EVFILT_TIMER                      = -0x7
-	EVFILT_USER                       = -0xa
-	EVFILT_VM                         = -0xc
-	EVFILT_VNODE                      = -0x4
-	EVFILT_WRITE                      = -0x2
-	EV_ADD                            = 0x1
-	EV_CLEAR                          = 0x20
-	EV_DELETE                         = 0x2
-	EV_DISABLE                        = 0x8
-	EV_DISPATCH                       = 0x80
-	EV_DISPATCH2                      = 0x180
-	EV_ENABLE                         = 0x4
-	EV_EOF                            = 0x8000
-	EV_ERROR                          = 0x4000
-	EV_FLAG0                          = 0x1000
-	EV_FLAG1                          = 0x2000
-	EV_ONESHOT                        = 0x10
-	EV_OOBAND                         = 0x2000
-	EV_POLL                           = 0x1000
-	EV_RECEIPT                        = 0x40
-	EV_SYSFLAGS                       = 0xf000
-	EV_UDATA_SPECIFIC                 = 0x100
-	EV_VANISHED                       = 0x200
-	EXTA                              = 0x4b00
-	EXTB                              = 0x9600
-	EXTPROC                           = 0x800
-	FD_CLOEXEC                        = 0x1
-	FD_SETSIZE                        = 0x400
-	FF0                               = 0x0
-	FF1                               = 0x4000
-	FFDLY                             = 0x4000
-	FLUSHO                            = 0x800000
-	FSOPT_ATTR_CMN_EXTENDED           = 0x20
-	FSOPT_NOFOLLOW                    = 0x1
-	FSOPT_NOINMEMUPDATE               = 0x2
-	FSOPT_PACK_INVAL_ATTRS            = 0x8
-	FSOPT_REPORT_FULLSIZE             = 0x4
-	F_ADDFILESIGS                     = 0x3d
-	F_ADDFILESIGS_FOR_DYLD_SIM        = 0x53
-	F_ADDFILESIGS_RETURN              = 0x61
-	F_ADDSIGS                         = 0x3b
-	F_ALLOCATEALL                     = 0x4
-	F_ALLOCATECONTIG                  = 0x2
-	F_BARRIERFSYNC                    = 0x55
-	F_CHECK_LV                        = 0x62
-	F_CHKCLEAN                        = 0x29
-	F_DUPFD                           = 0x0
-	F_DUPFD_CLOEXEC                   = 0x43
-	F_FINDSIGS                        = 0x4e
-	F_FLUSH_DATA                      = 0x28
-	F_FREEZE_FS                       = 0x35
-	F_FULLFSYNC                       = 0x33
-	F_GETCODEDIR                      = 0x48
-	F_GETFD                           = 0x1
-	F_GETFL                           = 0x3
-	F_GETLK                           = 0x7
-	F_GETLKPID                        = 0x42
-	F_GETNOSIGPIPE                    = 0x4a
-	F_GETOWN                          = 0x5
-	F_GETPATH                         = 0x32
-	F_GETPATH_MTMINFO                 = 0x47
-	F_GETPROTECTIONCLASS              = 0x3f
-	F_GETPROTECTIONLEVEL              = 0x4d
-	F_GLOBAL_NOCACHE                  = 0x37
-	F_LOG2PHYS                        = 0x31
-	F_LOG2PHYS_EXT                    = 0x41
-	F_NOCACHE                         = 0x30
-	F_NODIRECT                        = 0x3e
-	F_OK                              = 0x0
-	F_PATHPKG_CHECK                   = 0x34
-	F_PEOFPOSMODE                     = 0x3
-	F_PREALLOCATE                     = 0x2a
-	F_PUNCHHOLE                       = 0x63
-	F_RDADVISE                        = 0x2c
-	F_RDAHEAD                         = 0x2d
-	F_RDLCK                           = 0x1
-	F_SETBACKINGSTORE                 = 0x46
-	F_SETFD                           = 0x2
-	F_SETFL                           = 0x4
-	F_SETLK                           = 0x8
-	F_SETLKW                          = 0x9
-	F_SETLKWTIMEOUT                   = 0xa
-	F_SETNOSIGPIPE                    = 0x49
-	F_SETOWN                          = 0x6
-	F_SETPROTECTIONCLASS              = 0x40
-	F_SETSIZE                         = 0x2b
-	F_SINGLE_WRITER                   = 0x4c
-	F_THAW_FS                         = 0x36
-	F_TRANSCODEKEY                    = 0x4b
-	F_TRIM_ACTIVE_FILE                = 0x64
-	F_UNLCK                           = 0x2
-	F_VOLPOSMODE                      = 0x4
-	F_WRLCK                           = 0x3
-	HUPCL                             = 0x4000
-	HW_MACHINE                        = 0x1
-	ICANON                            = 0x100
-	ICMP6_FILTER                      = 0x12
-	ICRNL                             = 0x100
-	IEXTEN                            = 0x400
-	IFF_ALLMULTI                      = 0x200
-	IFF_ALTPHYS                       = 0x4000
-	IFF_BROADCAST                     = 0x2
-	IFF_DEBUG                         = 0x4
-	IFF_LINK0                         = 0x1000
-	IFF_LINK1                         = 0x2000
-	IFF_LINK2                         = 0x4000
-	IFF_LOOPBACK                      = 0x8
-	IFF_MULTICAST                     = 0x8000
-	IFF_NOARP                         = 0x80
-	IFF_NOTRAILERS                    = 0x20
-	IFF_OACTIVE                       = 0x400
-	IFF_POINTOPOINT                   = 0x10
-	IFF_PROMISC                       = 0x100
-	IFF_RUNNING                       = 0x40
-	IFF_SIMPLEX                       = 0x800
-	IFF_UP                            = 0x1
-	IFNAMSIZ                          = 0x10
-	IFT_1822                          = 0x2
-	IFT_AAL5                          = 0x31
-	IFT_ARCNET                        = 0x23
-	IFT_ARCNETPLUS                    = 0x24
-	IFT_ATM                           = 0x25
-	IFT_BRIDGE                        = 0xd1
-	IFT_CARP                          = 0xf8
-	IFT_CELLULAR                      = 0xff
-	IFT_CEPT                          = 0x13
-	IFT_DS3                           = 0x1e
-	IFT_ENC                           = 0xf4
-	IFT_EON                           = 0x19
-	IFT_ETHER                         = 0x6
-	IFT_FAITH                         = 0x38
-	IFT_FDDI                          = 0xf
-	IFT_FRELAY                        = 0x20
-	IFT_FRELAYDCE                     = 0x2c
-	IFT_GIF                           = 0x37
-	IFT_HDH1822                       = 0x3
-	IFT_HIPPI                         = 0x2f
-	IFT_HSSI                          = 0x2e
-	IFT_HY                            = 0xe
-	IFT_IEEE1394                      = 0x90
-	IFT_IEEE8023ADLAG                 = 0x88
-	IFT_ISDNBASIC                     = 0x14
-	IFT_ISDNPRIMARY                   = 0x15
-	IFT_ISO88022LLC                   = 0x29
-	IFT_ISO88023                      = 0x7
-	IFT_ISO88024                      = 0x8
-	IFT_ISO88025                      = 0x9
-	IFT_ISO88026                      = 0xa
-	IFT_L2VLAN                        = 0x87
-	IFT_LAPB                          = 0x10
-	IFT_LOCALTALK                     = 0x2a
-	IFT_LOOP                          = 0x18
-	IFT_MIOX25                        = 0x26
-	IFT_MODEM                         = 0x30
-	IFT_NSIP                          = 0x1b
-	IFT_OTHER                         = 0x1
-	IFT_P10                           = 0xc
-	IFT_P80                           = 0xd
-	IFT_PARA                          = 0x22
-	IFT_PDP                           = 0xff
-	IFT_PFLOG                         = 0xf5
-	IFT_PFSYNC                        = 0xf6
-	IFT_PKTAP                         = 0xfe
-	IFT_PPP                           = 0x17
-	IFT_PROPMUX                       = 0x36
-	IFT_PROPVIRTUAL                   = 0x35
-	IFT_PTPSERIAL                     = 0x16
-	IFT_RS232                         = 0x21
-	IFT_SDLC                          = 0x11
-	IFT_SIP                           = 0x1f
-	IFT_SLIP                          = 0x1c
-	IFT_SMDSDXI                       = 0x2b
-	IFT_SMDSICIP                      = 0x34
-	IFT_SONET                         = 0x27
-	IFT_SONETPATH                     = 0x32
-	IFT_SONETVT                       = 0x33
-	IFT_STARLAN                       = 0xb
-	IFT_STF                           = 0x39
-	IFT_T1                            = 0x12
-	IFT_ULTRA                         = 0x1d
-	IFT_V35                           = 0x2d
-	IFT_X25                           = 0x5
-	IFT_X25DDN                        = 0x4
-	IFT_X25PLE                        = 0x28
-	IFT_XETHER                        = 0x1a
-	IGNBRK                            = 0x1
-	IGNCR                             = 0x80
-	IGNPAR                            = 0x4
-	IMAXBEL                           = 0x2000
-	INLCR                             = 0x40
-	INPCK                             = 0x10
-	IN_CLASSA_HOST                    = 0xffffff
-	IN_CLASSA_MAX                     = 0x80
-	IN_CLASSA_NET                     = 0xff000000
-	IN_CLASSA_NSHIFT                  = 0x18
-	IN_CLASSB_HOST                    = 0xffff
-	IN_CLASSB_MAX                     = 0x10000
-	IN_CLASSB_NET                     = 0xffff0000
-	IN_CLASSB_NSHIFT                  = 0x10
-	IN_CLASSC_HOST                    = 0xff
-	IN_CLASSC_NET                     = 0xffffff00
-	IN_CLASSC_NSHIFT                  = 0x8
-	IN_CLASSD_HOST                    = 0xfffffff
-	IN_CLASSD_NET                     = 0xf0000000
-	IN_CLASSD_NSHIFT                  = 0x1c
-	IN_LINKLOCALNETNUM                = 0xa9fe0000
-	IN_LOOPBACKNET                    = 0x7f
-	IPPROTO_3PC                       = 0x22
-	IPPROTO_ADFS                      = 0x44
-	IPPROTO_AH                        = 0x33
-	IPPROTO_AHIP                      = 0x3d
-	IPPROTO_APES                      = 0x63
-	IPPROTO_ARGUS                     = 0xd
-	IPPROTO_AX25                      = 0x5d
-	IPPROTO_BHA                       = 0x31
-	IPPROTO_BLT                       = 0x1e
-	IPPROTO_BRSATMON                  = 0x4c
-	IPPROTO_CFTP                      = 0x3e
-	IPPROTO_CHAOS                     = 0x10
-	IPPROTO_CMTP                      = 0x26
-	IPPROTO_CPHB                      = 0x49
-	IPPROTO_CPNX                      = 0x48
-	IPPROTO_DDP                       = 0x25
-	IPPROTO_DGP                       = 0x56
-	IPPROTO_DIVERT                    = 0xfe
-	IPPROTO_DONE                      = 0x101
-	IPPROTO_DSTOPTS                   = 0x3c
-	IPPROTO_EGP                       = 0x8
-	IPPROTO_EMCON                     = 0xe
-	IPPROTO_ENCAP                     = 0x62
-	IPPROTO_EON                       = 0x50
-	IPPROTO_ESP                       = 0x32
-	IPPROTO_ETHERIP                   = 0x61
-	IPPROTO_FRAGMENT                  = 0x2c
-	IPPROTO_GGP                       = 0x3
-	IPPROTO_GMTP                      = 0x64
-	IPPROTO_GRE                       = 0x2f
-	IPPROTO_HELLO                     = 0x3f
-	IPPROTO_HMP                       = 0x14
-	IPPROTO_HOPOPTS                   = 0x0
-	IPPROTO_ICMP                      = 0x1
-	IPPROTO_ICMPV6                    = 0x3a
-	IPPROTO_IDP                       = 0x16
-	IPPROTO_IDPR                      = 0x23
-	IPPROTO_IDRP                      = 0x2d
-	IPPROTO_IGMP                      = 0x2
-	IPPROTO_IGP                       = 0x55
-	IPPROTO_IGRP                      = 0x58
-	IPPROTO_IL                        = 0x28
-	IPPROTO_INLSP                     = 0x34
-	IPPROTO_INP                       = 0x20
-	IPPROTO_IP                        = 0x0
-	IPPROTO_IPCOMP                    = 0x6c
-	IPPROTO_IPCV                      = 0x47
-	IPPROTO_IPEIP                     = 0x5e
-	IPPROTO_IPIP                      = 0x4
-	IPPROTO_IPPC                      = 0x43
-	IPPROTO_IPV4                      = 0x4
-	IPPROTO_IPV6                      = 0x29
-	IPPROTO_IRTP                      = 0x1c
-	IPPROTO_KRYPTOLAN                 = 0x41
-	IPPROTO_LARP                      = 0x5b
-	IPPROTO_LEAF1                     = 0x19
-	IPPROTO_LEAF2                     = 0x1a
-	IPPROTO_MAX                       = 0x100
-	IPPROTO_MAXID                     = 0x34
-	IPPROTO_MEAS                      = 0x13
-	IPPROTO_MHRP                      = 0x30
-	IPPROTO_MICP                      = 0x5f
-	IPPROTO_MTP                       = 0x5c
-	IPPROTO_MUX                       = 0x12
-	IPPROTO_ND                        = 0x4d
-	IPPROTO_NHRP                      = 0x36
-	IPPROTO_NONE                      = 0x3b
-	IPPROTO_NSP                       = 0x1f
-	IPPROTO_NVPII                     = 0xb
-	IPPROTO_OSPFIGP                   = 0x59
-	IPPROTO_PGM                       = 0x71
-	IPPROTO_PIGP                      = 0x9
-	IPPROTO_PIM                       = 0x67
-	IPPROTO_PRM                       = 0x15
-	IPPROTO_PUP                       = 0xc
-	IPPROTO_PVP                       = 0x4b
-	IPPROTO_RAW                       = 0xff
-	IPPROTO_RCCMON                    = 0xa
-	IPPROTO_RDP                       = 0x1b
-	IPPROTO_ROUTING                   = 0x2b
-	IPPROTO_RSVP                      = 0x2e
-	IPPROTO_RVD                       = 0x42
-	IPPROTO_SATEXPAK                  = 0x40
-	IPPROTO_SATMON                    = 0x45
-	IPPROTO_SCCSP                     = 0x60
-	IPPROTO_SCTP                      = 0x84
-	IPPROTO_SDRP                      = 0x2a
-	IPPROTO_SEP                       = 0x21
-	IPPROTO_SRPC                      = 0x5a
-	IPPROTO_ST                        = 0x7
-	IPPROTO_SVMTP                     = 0x52
-	IPPROTO_SWIPE                     = 0x35
-	IPPROTO_TCF                       = 0x57
-	IPPROTO_TCP                       = 0x6
-	IPPROTO_TP                        = 0x1d
-	IPPROTO_TPXX                      = 0x27
-	IPPROTO_TRUNK1                    = 0x17
-	IPPROTO_TRUNK2                    = 0x18
-	IPPROTO_TTP                       = 0x54
-	IPPROTO_UDP                       = 0x11
-	IPPROTO_VINES                     = 0x53
-	IPPROTO_VISA                      = 0x46
-	IPPROTO_VMTP                      = 0x51
-	IPPROTO_WBEXPAK                   = 0x4f
-	IPPROTO_WBMON                     = 0x4e
-	IPPROTO_WSN                       = 0x4a
-	IPPROTO_XNET                      = 0xf
-	IPPROTO_XTP                       = 0x24
-	IPV6_2292DSTOPTS                  = 0x17
-	IPV6_2292HOPLIMIT                 = 0x14
-	IPV6_2292HOPOPTS                  = 0x16
-	IPV6_2292NEXTHOP                  = 0x15
-	IPV6_2292PKTINFO                  = 0x13
-	IPV6_2292PKTOPTIONS               = 0x19
-	IPV6_2292RTHDR                    = 0x18
-	IPV6_BINDV6ONLY                   = 0x1b
-	IPV6_BOUND_IF                     = 0x7d
-	IPV6_CHECKSUM                     = 0x1a
-	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
-	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
-	IPV6_DEFHLIM                      = 0x40
-	IPV6_FAITH                        = 0x1d
-	IPV6_FLOWINFO_MASK                = 0xffffff0f
-	IPV6_FLOWLABEL_MASK               = 0xffff0f00
-	IPV6_FLOW_ECN_MASK                = 0x300
-	IPV6_FRAGTTL                      = 0x3c
-	IPV6_FW_ADD                       = 0x1e
-	IPV6_FW_DEL                       = 0x1f
-	IPV6_FW_FLUSH                     = 0x20
-	IPV6_FW_GET                       = 0x22
-	IPV6_FW_ZERO                      = 0x21
-	IPV6_HLIMDEC                      = 0x1
-	IPV6_IPSEC_POLICY                 = 0x1c
-	IPV6_JOIN_GROUP                   = 0xc
-	IPV6_LEAVE_GROUP                  = 0xd
-	IPV6_MAXHLIM                      = 0xff
-	IPV6_MAXOPTHDR                    = 0x800
-	IPV6_MAXPACKET                    = 0xffff
-	IPV6_MAX_GROUP_SRC_FILTER         = 0x200
-	IPV6_MAX_MEMBERSHIPS              = 0xfff
-	IPV6_MAX_SOCK_SRC_FILTER          = 0x80
-	IPV6_MIN_MEMBERSHIPS              = 0x1f
-	IPV6_MMTU                         = 0x500
-	IPV6_MULTICAST_HOPS               = 0xa
-	IPV6_MULTICAST_IF                 = 0x9
-	IPV6_MULTICAST_LOOP               = 0xb
-	IPV6_PORTRANGE                    = 0xe
-	IPV6_PORTRANGE_DEFAULT            = 0x0
-	IPV6_PORTRANGE_HIGH               = 0x1
-	IPV6_PORTRANGE_LOW                = 0x2
-	IPV6_RECVTCLASS                   = 0x23
-	IPV6_RTHDR_LOOSE                  = 0x0
-	IPV6_RTHDR_STRICT                 = 0x1
-	IPV6_RTHDR_TYPE_0                 = 0x0
-	IPV6_SOCKOPT_RESERVED1            = 0x3
-	IPV6_TCLASS                       = 0x24
-	IPV6_UNICAST_HOPS                 = 0x4
-	IPV6_V6ONLY                       = 0x1b
-	IPV6_VERSION                      = 0x60
-	IPV6_VERSION_MASK                 = 0xf0
-	IP_ADD_MEMBERSHIP                 = 0xc
-	IP_ADD_SOURCE_MEMBERSHIP          = 0x46
-	IP_BLOCK_SOURCE                   = 0x48
-	IP_BOUND_IF                       = 0x19
-	IP_DEFAULT_MULTICAST_LOOP         = 0x1
-	IP_DEFAULT_MULTICAST_TTL          = 0x1
-	IP_DF                             = 0x4000
-	IP_DROP_MEMBERSHIP                = 0xd
-	IP_DROP_SOURCE_MEMBERSHIP         = 0x47
-	IP_DUMMYNET_CONFIGURE             = 0x3c
-	IP_DUMMYNET_DEL                   = 0x3d
-	IP_DUMMYNET_FLUSH                 = 0x3e
-	IP_DUMMYNET_GET                   = 0x40
-	IP_FAITH                          = 0x16
-	IP_FW_ADD                         = 0x28
-	IP_FW_DEL                         = 0x29
-	IP_FW_FLUSH                       = 0x2a
-	IP_FW_GET                         = 0x2c
-	IP_FW_RESETLOG                    = 0x2d
-	IP_FW_ZERO                        = 0x2b
-	IP_HDRINCL                        = 0x2
-	IP_IPSEC_POLICY                   = 0x15
-	IP_MAXPACKET                      = 0xffff
-	IP_MAX_GROUP_SRC_FILTER           = 0x200
-	IP_MAX_MEMBERSHIPS                = 0xfff
-	IP_MAX_SOCK_MUTE_FILTER           = 0x80
-	IP_MAX_SOCK_SRC_FILTER            = 0x80
-	IP_MF                             = 0x2000
-	IP_MIN_MEMBERSHIPS                = 0x1f
-	IP_MSFILTER                       = 0x4a
-	IP_MSS                            = 0x240
-	IP_MULTICAST_IF                   = 0x9
-	IP_MULTICAST_IFINDEX              = 0x42
-	IP_MULTICAST_LOOP                 = 0xb
-	IP_MULTICAST_TTL                  = 0xa
-	IP_MULTICAST_VIF                  = 0xe
-	IP_NAT__XXX                       = 0x37
-	IP_OFFMASK                        = 0x1fff
-	IP_OLD_FW_ADD                     = 0x32
-	IP_OLD_FW_DEL                     = 0x33
-	IP_OLD_FW_FLUSH                   = 0x34
-	IP_OLD_FW_GET                     = 0x36
-	IP_OLD_FW_RESETLOG                = 0x38
-	IP_OLD_FW_ZERO                    = 0x35
-	IP_OPTIONS                        = 0x1
-	IP_PKTINFO                        = 0x1a
-	IP_PORTRANGE                      = 0x13
-	IP_PORTRANGE_DEFAULT              = 0x0
-	IP_PORTRANGE_HIGH                 = 0x1
-	IP_PORTRANGE_LOW                  = 0x2
-	IP_RECVDSTADDR                    = 0x7
-	IP_RECVIF                         = 0x14
-	IP_RECVOPTS                       = 0x5
-	IP_RECVPKTINFO                    = 0x1a
-	IP_RECVRETOPTS                    = 0x6
-	IP_RECVTOS                        = 0x1b
-	IP_RECVTTL                        = 0x18
-	IP_RETOPTS                        = 0x8
-	IP_RF                             = 0x8000
-	IP_RSVP_OFF                       = 0x10
-	IP_RSVP_ON                        = 0xf
-	IP_RSVP_VIF_OFF                   = 0x12
-	IP_RSVP_VIF_ON                    = 0x11
-	IP_STRIPHDR                       = 0x17
-	IP_TOS                            = 0x3
-	IP_TRAFFIC_MGT_BACKGROUND         = 0x41
-	IP_TTL                            = 0x4
-	IP_UNBLOCK_SOURCE                 = 0x49
-	ISIG                              = 0x80
-	ISTRIP                            = 0x20
-	IUTF8                             = 0x4000
-	IXANY                             = 0x800
-	IXOFF                             = 0x400
-	IXON                              = 0x200
-	KERN_HOSTNAME                     = 0xa
-	KERN_OSRELEASE                    = 0x2
-	KERN_OSTYPE                       = 0x1
-	KERN_VERSION                      = 0x4
-	LOCK_EX                           = 0x2
-	LOCK_NB                           = 0x4
-	LOCK_SH                           = 0x1
-	LOCK_UN                           = 0x8
-	MADV_CAN_REUSE                    = 0x9
-	MADV_DONTNEED                     = 0x4
-	MADV_FREE                         = 0x5
-	MADV_FREE_REUSABLE                = 0x7
-	MADV_FREE_REUSE                   = 0x8
-	MADV_NORMAL                       = 0x0
-	MADV_PAGEOUT                      = 0xa
-	MADV_RANDOM                       = 0x1
-	MADV_SEQUENTIAL                   = 0x2
-	MADV_WILLNEED                     = 0x3
-	MADV_ZERO_WIRED_PAGES             = 0x6
-	MAP_ANON                          = 0x1000
-	MAP_ANONYMOUS                     = 0x1000
-	MAP_COPY                          = 0x2
-	MAP_FILE                          = 0x0
-	MAP_FIXED                         = 0x10
-	MAP_HASSEMAPHORE                  = 0x200
-	MAP_JIT                           = 0x800
-	MAP_NOCACHE                       = 0x400
-	MAP_NOEXTEND                      = 0x100
-	MAP_NORESERVE                     = 0x40
-	MAP_PRIVATE                       = 0x2
-	MAP_RENAME                        = 0x20
-	MAP_RESERVED0080                  = 0x80
-	MAP_RESILIENT_CODESIGN            = 0x2000
-	MAP_RESILIENT_MEDIA               = 0x4000
-	MAP_SHARED                        = 0x1
-	MCL_CURRENT                       = 0x1
-	MCL_FUTURE                        = 0x2
-	MNT_ASYNC                         = 0x40
-	MNT_AUTOMOUNTED                   = 0x400000
-	MNT_CMDFLAGS                      = 0xf0000
-	MNT_CPROTECT                      = 0x80
-	MNT_DEFWRITE                      = 0x2000000
-	MNT_DONTBROWSE                    = 0x100000
-	MNT_DOVOLFS                       = 0x8000
-	MNT_DWAIT                         = 0x4
-	MNT_EXPORTED                      = 0x100
-	MNT_FORCE                         = 0x80000
-	MNT_IGNORE_OWNERSHIP              = 0x200000
-	MNT_JOURNALED                     = 0x800000
-	MNT_LOCAL                         = 0x1000
-	MNT_MULTILABEL                    = 0x4000000
-	MNT_NOATIME                       = 0x10000000
-	MNT_NOBLOCK                       = 0x20000
-	MNT_NODEV                         = 0x10
-	MNT_NOEXEC                        = 0x4
-	MNT_NOSUID                        = 0x8
-	MNT_NOUSERXATTR                   = 0x1000000
-	MNT_NOWAIT                        = 0x2
-	MNT_QUARANTINE                    = 0x400
-	MNT_QUOTA                         = 0x2000
-	MNT_RDONLY                        = 0x1
-	MNT_RELOAD                        = 0x40000
-	MNT_ROOTFS                        = 0x4000
-	MNT_SYNCHRONOUS                   = 0x2
-	MNT_UNION                         = 0x20
-	MNT_UNKNOWNPERMISSIONS            = 0x200000
-	MNT_UPDATE                        = 0x10000
-	MNT_VISFLAGMASK                   = 0x17f0f5ff
-	MNT_WAIT                          = 0x1
-	MSG_CTRUNC                        = 0x20
-	MSG_DONTROUTE                     = 0x4
-	MSG_DONTWAIT                      = 0x80
-	MSG_EOF                           = 0x100
-	MSG_EOR                           = 0x8
-	MSG_FLUSH                         = 0x400
-	MSG_HAVEMORE                      = 0x2000
-	MSG_HOLD                          = 0x800
-	MSG_NEEDSA                        = 0x10000
-	MSG_OOB                           = 0x1
-	MSG_PEEK                          = 0x2
-	MSG_RCVMORE                       = 0x4000
-	MSG_SEND                          = 0x1000
-	MSG_TRUNC                         = 0x10
-	MSG_WAITALL                       = 0x40
-	MSG_WAITSTREAM                    = 0x200
-	MS_ASYNC                          = 0x1
-	MS_DEACTIVATE                     = 0x8
-	MS_INVALIDATE                     = 0x2
-	MS_KILLPAGES                      = 0x4
-	MS_SYNC                           = 0x10
-	NAME_MAX                          = 0xff
-	NET_RT_DUMP                       = 0x1
-	NET_RT_DUMP2                      = 0x7
-	NET_RT_FLAGS                      = 0x2
-	NET_RT_IFLIST                     = 0x3
-	NET_RT_IFLIST2                    = 0x6
-	NET_RT_MAXID                      = 0xa
-	NET_RT_STAT                       = 0x4
-	NET_RT_TRASH                      = 0x5
-	NL0                               = 0x0
-	NL1                               = 0x100
-	NL2                               = 0x200
-	NL3                               = 0x300
-	NLDLY                             = 0x300
-	NOFLSH                            = 0x80000000
-	NOKERNINFO                        = 0x2000000
-	NOTE_ABSOLUTE                     = 0x8
-	NOTE_ATTRIB                       = 0x8
-	NOTE_BACKGROUND                   = 0x40
-	NOTE_CHILD                        = 0x4
-	NOTE_CRITICAL                     = 0x20
-	NOTE_DELETE                       = 0x1
-	NOTE_EXEC                         = 0x20000000
-	NOTE_EXIT                         = 0x80000000
-	NOTE_EXITSTATUS                   = 0x4000000
-	NOTE_EXIT_CSERROR                 = 0x40000
-	NOTE_EXIT_DECRYPTFAIL             = 0x10000
-	NOTE_EXIT_DETAIL                  = 0x2000000
-	NOTE_EXIT_DETAIL_MASK             = 0x70000
-	NOTE_EXIT_MEMORY                  = 0x20000
-	NOTE_EXIT_REPARENTED              = 0x80000
-	NOTE_EXTEND                       = 0x4
-	NOTE_FFAND                        = 0x40000000
-	NOTE_FFCOPY                       = 0xc0000000
-	NOTE_FFCTRLMASK                   = 0xc0000000
-	NOTE_FFLAGSMASK                   = 0xffffff
-	NOTE_FFNOP                        = 0x0
-	NOTE_FFOR                         = 0x80000000
-	NOTE_FORK                         = 0x40000000
-	NOTE_FUNLOCK                      = 0x100
-	NOTE_LEEWAY                       = 0x10
-	NOTE_LINK                         = 0x10
-	NOTE_LOWAT                        = 0x1
-	NOTE_MACH_CONTINUOUS_TIME         = 0x80
-	NOTE_NONE                         = 0x80
-	NOTE_NSECONDS                     = 0x4
-	NOTE_OOB                          = 0x2
-	NOTE_PCTRLMASK                    = -0x100000
-	NOTE_PDATAMASK                    = 0xfffff
-	NOTE_REAP                         = 0x10000000
-	NOTE_RENAME                       = 0x20
-	NOTE_REVOKE                       = 0x40
-	NOTE_SECONDS                      = 0x1
-	NOTE_SIGNAL                       = 0x8000000
-	NOTE_TRACK                        = 0x1
-	NOTE_TRACKERR                     = 0x2
-	NOTE_TRIGGER                      = 0x1000000
-	NOTE_USECONDS                     = 0x2
-	NOTE_VM_ERROR                     = 0x10000000
-	NOTE_VM_PRESSURE                  = 0x80000000
-	NOTE_VM_PRESSURE_SUDDEN_TERMINATE = 0x20000000
-	NOTE_VM_PRESSURE_TERMINATE        = 0x40000000
-	NOTE_WRITE                        = 0x2
-	OCRNL                             = 0x10
-	OFDEL                             = 0x20000
-	OFILL                             = 0x80
-	ONLCR                             = 0x2
-	ONLRET                            = 0x40
-	ONOCR                             = 0x20
-	ONOEOT                            = 0x8
-	OPOST                             = 0x1
-	OXTABS                            = 0x4
-	O_ACCMODE                         = 0x3
-	O_ALERT                           = 0x20000000
-	O_APPEND                          = 0x8
-	O_ASYNC                           = 0x40
-	O_CLOEXEC                         = 0x1000000
-	O_CREAT                           = 0x200
-	O_DIRECTORY                       = 0x100000
-	O_DP_GETRAWENCRYPTED              = 0x1
-	O_DP_GETRAWUNENCRYPTED            = 0x2
-	O_DSYNC                           = 0x400000
-	O_EVTONLY                         = 0x8000
-	O_EXCL                            = 0x800
-	O_EXLOCK                          = 0x20
-	O_FSYNC                           = 0x80
-	O_NDELAY                          = 0x4
-	O_NOCTTY                          = 0x20000
-	O_NOFOLLOW                        = 0x100
-	O_NONBLOCK                        = 0x4
-	O_POPUP                           = 0x80000000
-	O_RDONLY                          = 0x0
-	O_RDWR                            = 0x2
-	O_SHLOCK                          = 0x10
-	O_SYMLINK                         = 0x200000
-	O_SYNC                            = 0x80
-	O_TRUNC                           = 0x400
-	O_WRONLY                          = 0x1
-	PARENB                            = 0x1000
-	PARMRK                            = 0x8
-	PARODD                            = 0x2000
-	PENDIN                            = 0x20000000
-	PRIO_PGRP                         = 0x1
-	PRIO_PROCESS                      = 0x0
-	PRIO_USER                         = 0x2
-	PROT_EXEC                         = 0x4
-	PROT_NONE                         = 0x0
-	PROT_READ                         = 0x1
-	PROT_WRITE                        = 0x2
-	PT_ATTACH                         = 0xa
-	PT_ATTACHEXC                      = 0xe
-	PT_CONTINUE                       = 0x7
-	PT_DENY_ATTACH                    = 0x1f
-	PT_DETACH                         = 0xb
-	PT_FIRSTMACH                      = 0x20
-	PT_FORCEQUOTA                     = 0x1e
-	PT_KILL                           = 0x8
-	PT_READ_D                         = 0x2
-	PT_READ_I                         = 0x1
-	PT_READ_U                         = 0x3
-	PT_SIGEXC                         = 0xc
-	PT_STEP                           = 0x9
-	PT_THUPDATE                       = 0xd
-	PT_TRACE_ME                       = 0x0
-	PT_WRITE_D                        = 0x5
-	PT_WRITE_I                        = 0x4
-	PT_WRITE_U                        = 0x6
-	RLIMIT_AS                         = 0x5
-	RLIMIT_CORE                       = 0x4
-	RLIMIT_CPU                        = 0x0
-	RLIMIT_CPU_USAGE_MONITOR          = 0x2
-	RLIMIT_DATA                       = 0x2
-	RLIMIT_FSIZE                      = 0x1
-	RLIMIT_MEMLOCK                    = 0x6
-	RLIMIT_NOFILE                     = 0x8
-	RLIMIT_NPROC                      = 0x7
-	RLIMIT_RSS                        = 0x5
-	RLIMIT_STACK                      = 0x3
-	RLIM_INFINITY                     = 0x7fffffffffffffff
-	RTAX_AUTHOR                       = 0x6
-	RTAX_BRD                          = 0x7
-	RTAX_DST                          = 0x0
-	RTAX_GATEWAY                      = 0x1
-	RTAX_GENMASK                      = 0x3
-	RTAX_IFA                          = 0x5
-	RTAX_IFP                          = 0x4
-	RTAX_MAX                          = 0x8
-	RTAX_NETMASK                      = 0x2
-	RTA_AUTHOR                        = 0x40
-	RTA_BRD                           = 0x80
-	RTA_DST                           = 0x1
-	RTA_GATEWAY                       = 0x2
-	RTA_GENMASK                       = 0x8
-	RTA_IFA                           = 0x20
-	RTA_IFP                           = 0x10
-	RTA_NETMASK                       = 0x4
-	RTF_BLACKHOLE                     = 0x1000
-	RTF_BROADCAST                     = 0x400000
-	RTF_CLONING                       = 0x100
-	RTF_CONDEMNED                     = 0x2000000
-	RTF_DELCLONE                      = 0x80
-	RTF_DONE                          = 0x40
-	RTF_DYNAMIC                       = 0x10
-	RTF_GATEWAY                       = 0x2
-	RTF_HOST                          = 0x4
-	RTF_IFREF                         = 0x4000000
-	RTF_IFSCOPE                       = 0x1000000
-	RTF_LLINFO                        = 0x400
-	RTF_LOCAL                         = 0x200000
-	RTF_MODIFIED                      = 0x20
-	RTF_MULTICAST                     = 0x800000
-	RTF_NOIFREF                       = 0x2000
-	RTF_PINNED                        = 0x100000
-	RTF_PRCLONING                     = 0x10000
-	RTF_PROTO1                        = 0x8000
-	RTF_PROTO2                        = 0x4000
-	RTF_PROTO3                        = 0x40000
-	RTF_PROXY                         = 0x8000000
-	RTF_REJECT                        = 0x8
-	RTF_ROUTER                        = 0x10000000
-	RTF_STATIC                        = 0x800
-	RTF_UP                            = 0x1
-	RTF_WASCLONED                     = 0x20000
-	RTF_XRESOLVE                      = 0x200
-	RTM_ADD                           = 0x1
-	RTM_CHANGE                        = 0x3
-	RTM_DELADDR                       = 0xd
-	RTM_DELETE                        = 0x2
-	RTM_DELMADDR                      = 0x10
-	RTM_GET                           = 0x4
-	RTM_GET2                          = 0x14
-	RTM_IFINFO                        = 0xe
-	RTM_IFINFO2                       = 0x12
-	RTM_LOCK                          = 0x8
-	RTM_LOSING                        = 0x5
-	RTM_MISS                          = 0x7
-	RTM_NEWADDR                       = 0xc
-	RTM_NEWMADDR                      = 0xf
-	RTM_NEWMADDR2                     = 0x13
-	RTM_OLDADD                        = 0x9
-	RTM_OLDDEL                        = 0xa
-	RTM_REDIRECT                      = 0x6
-	RTM_RESOLVE                       = 0xb
-	RTM_RTTUNIT                       = 0xf4240
-	RTM_VERSION                       = 0x5
-	RTV_EXPIRE                        = 0x4
-	RTV_HOPCOUNT                      = 0x2
-	RTV_MTU                           = 0x1
-	RTV_RPIPE                         = 0x8
-	RTV_RTT                           = 0x40
-	RTV_RTTVAR                        = 0x80
-	RTV_SPIPE                         = 0x10
-	RTV_SSTHRESH                      = 0x20
-	RUSAGE_CHILDREN                   = -0x1
-	RUSAGE_SELF                       = 0x0
-	SCM_CREDS                         = 0x3
-	SCM_RIGHTS                        = 0x1
-	SCM_TIMESTAMP                     = 0x2
-	SCM_TIMESTAMP_MONOTONIC           = 0x4
-	SHUT_RD                           = 0x0
-	SHUT_RDWR                         = 0x2
-	SHUT_WR                           = 0x1
-	SIOCADDMULTI                      = 0x80206931
-	SIOCAIFADDR                       = 0x8040691a
-	SIOCARPIPLL                       = 0xc0206928
-	SIOCATMARK                        = 0x40047307
-	SIOCAUTOADDR                      = 0xc0206926
-	SIOCAUTONETMASK                   = 0x80206927
-	SIOCDELMULTI                      = 0x80206932
-	SIOCDIFADDR                       = 0x80206919
-	SIOCDIFPHYADDR                    = 0x80206941
-	SIOCGDRVSPEC                      = 0xc028697b
-	SIOCGETVLAN                       = 0xc020697f
-	SIOCGHIWAT                        = 0x40047301
-	SIOCGIFADDR                       = 0xc0206921
-	SIOCGIFALTMTU                     = 0xc0206948
-	SIOCGIFASYNCMAP                   = 0xc020697c
-	SIOCGIFBOND                       = 0xc0206947
-	SIOCGIFBRDADDR                    = 0xc0206923
-	SIOCGIFCAP                        = 0xc020695b
-	SIOCGIFCONF                       = 0xc00c6924
-	SIOCGIFDEVMTU                     = 0xc0206944
-	SIOCGIFDSTADDR                    = 0xc0206922
-	SIOCGIFFLAGS                      = 0xc0206911
-	SIOCGIFGENERIC                    = 0xc020693a
-	SIOCGIFKPI                        = 0xc0206987
-	SIOCGIFMAC                        = 0xc0206982
-	SIOCGIFMEDIA                      = 0xc02c6938
-	SIOCGIFMETRIC                     = 0xc0206917
-	SIOCGIFMTU                        = 0xc0206933
-	SIOCGIFNETMASK                    = 0xc0206925
-	SIOCGIFPDSTADDR                   = 0xc0206940
-	SIOCGIFPHYS                       = 0xc0206935
-	SIOCGIFPSRCADDR                   = 0xc020693f
-	SIOCGIFSTATUS                     = 0xc331693d
-	SIOCGIFVLAN                       = 0xc020697f
-	SIOCGIFWAKEFLAGS                  = 0xc0206988
-	SIOCGLOWAT                        = 0x40047303
-	SIOCGPGRP                         = 0x40047309
-	SIOCIFCREATE                      = 0xc0206978
-	SIOCIFCREATE2                     = 0xc020697a
-	SIOCIFDESTROY                     = 0x80206979
-	SIOCIFGCLONERS                    = 0xc0106981
-	SIOCRSLVMULTI                     = 0xc010693b
-	SIOCSDRVSPEC                      = 0x8028697b
-	SIOCSETVLAN                       = 0x8020697e
-	SIOCSHIWAT                        = 0x80047300
-	SIOCSIFADDR                       = 0x8020690c
-	SIOCSIFALTMTU                     = 0x80206945
-	SIOCSIFASYNCMAP                   = 0x8020697d
-	SIOCSIFBOND                       = 0x80206946
-	SIOCSIFBRDADDR                    = 0x80206913
-	SIOCSIFCAP                        = 0x8020695a
-	SIOCSIFDSTADDR                    = 0x8020690e
-	SIOCSIFFLAGS                      = 0x80206910
-	SIOCSIFGENERIC                    = 0x80206939
-	SIOCSIFKPI                        = 0x80206986
-	SIOCSIFLLADDR                     = 0x8020693c
-	SIOCSIFMAC                        = 0x80206983
-	SIOCSIFMEDIA                      = 0xc0206937
-	SIOCSIFMETRIC                     = 0x80206918
-	SIOCSIFMTU                        = 0x80206934
-	SIOCSIFNETMASK                    = 0x80206916
-	SIOCSIFPHYADDR                    = 0x8040693e
-	SIOCSIFPHYS                       = 0x80206936
-	SIOCSIFVLAN                       = 0x8020697e
-	SIOCSLOWAT                        = 0x80047302
-	SIOCSPGRP                         = 0x80047308
-	SOCK_DGRAM                        = 0x2
-	SOCK_MAXADDRLEN                   = 0xff
-	SOCK_RAW                          = 0x3
-	SOCK_RDM                          = 0x4
-	SOCK_SEQPACKET                    = 0x5
-	SOCK_STREAM                       = 0x1
-	SOL_SOCKET                        = 0xffff
-	SOMAXCONN                         = 0x80
-	SO_ACCEPTCONN                     = 0x2
-	SO_BROADCAST                      = 0x20
-	SO_DEBUG                          = 0x1
-	SO_DONTROUTE                      = 0x10
-	SO_DONTTRUNC                      = 0x2000
-	SO_ERROR                          = 0x1007
-	SO_KEEPALIVE                      = 0x8
-	SO_LABEL                          = 0x1010
-	SO_LINGER                         = 0x80
-	SO_LINGER_SEC                     = 0x1080
-	SO_NETSVC_MARKING_LEVEL           = 0x1119
-	SO_NET_SERVICE_TYPE               = 0x1116
-	SO_NKE                            = 0x1021
-	SO_NOADDRERR                      = 0x1023
-	SO_NOSIGPIPE                      = 0x1022
-	SO_NOTIFYCONFLICT                 = 0x1026
-	SO_NP_EXTENSIONS                  = 0x1083
-	SO_NREAD                          = 0x1020
-	SO_NUMRCVPKT                      = 0x1112
-	SO_NWRITE                         = 0x1024
-	SO_OOBINLINE                      = 0x100
-	SO_PEERLABEL                      = 0x1011
-	SO_RANDOMPORT                     = 0x1082
-	SO_RCVBUF                         = 0x1002
-	SO_RCVLOWAT                       = 0x1004
-	SO_RCVTIMEO                       = 0x1006
-	SO_REUSEADDR                      = 0x4
-	SO_REUSEPORT                      = 0x200
-	SO_REUSESHAREUID                  = 0x1025
-	SO_SNDBUF                         = 0x1001
-	SO_SNDLOWAT                       = 0x1003
-	SO_SNDTIMEO                       = 0x1005
-	SO_TIMESTAMP                      = 0x400
-	SO_TIMESTAMP_MONOTONIC            = 0x800
-	SO_TYPE                           = 0x1008
-	SO_UPCALLCLOSEWAIT                = 0x1027
-	SO_USELOOPBACK                    = 0x40
-	SO_WANTMORE                       = 0x4000
-	SO_WANTOOBFLAG                    = 0x8000
-	S_IEXEC                           = 0x40
-	S_IFBLK                           = 0x6000
-	S_IFCHR                           = 0x2000
-	S_IFDIR                           = 0x4000
-	S_IFIFO                           = 0x1000
-	S_IFLNK                           = 0xa000
-	S_IFMT                            = 0xf000
-	S_IFREG                           = 0x8000
-	S_IFSOCK                          = 0xc000
-	S_IFWHT                           = 0xe000
-	S_IREAD                           = 0x100
-	S_IRGRP                           = 0x20
-	S_IROTH                           = 0x4
-	S_IRUSR                           = 0x100
-	S_IRWXG                           = 0x38
-	S_IRWXO                           = 0x7
-	S_IRWXU                           = 0x1c0
-	S_ISGID                           = 0x400
-	S_ISTXT                           = 0x200
-	S_ISUID                           = 0x800
-	S_ISVTX                           = 0x200
-	S_IWGRP                           = 0x10
-	S_IWOTH                           = 0x2
-	S_IWRITE                          = 0x80
-	S_IWUSR                           = 0x80
-	S_IXGRP                           = 0x8
-	S_IXOTH                           = 0x1
-	S_IXUSR                           = 0x40
-	TAB0                              = 0x0
-	TAB1                              = 0x400
-	TAB2                              = 0x800
-	TAB3                              = 0x4
-	TABDLY                            = 0xc04
-	TCIFLUSH                          = 0x1
-	TCIOFF                            = 0x3
-	TCIOFLUSH                         = 0x3
-	TCION                             = 0x4
-	TCOFLUSH                          = 0x2
-	TCOOFF                            = 0x1
-	TCOON                             = 0x2
-	TCP_CONNECTIONTIMEOUT             = 0x20
-	TCP_CONNECTION_INFO               = 0x106
-	TCP_ENABLE_ECN                    = 0x104
-	TCP_FASTOPEN                      = 0x105
-	TCP_KEEPALIVE                     = 0x10
-	TCP_KEEPCNT                       = 0x102
-	TCP_KEEPINTVL                     = 0x101
-	TCP_MAXHLEN                       = 0x3c
-	TCP_MAXOLEN                       = 0x28
-	TCP_MAXSEG                        = 0x2
-	TCP_MAXWIN                        = 0xffff
-	TCP_MAX_SACK                      = 0x4
-	TCP_MAX_WINSHIFT                  = 0xe
-	TCP_MINMSS                        = 0xd8
-	TCP_MSS                           = 0x200
-	TCP_NODELAY                       = 0x1
-	TCP_NOOPT                         = 0x8
-	TCP_NOPUSH                        = 0x4
-	TCP_NOTSENT_LOWAT                 = 0x201
-	TCP_RXT_CONNDROPTIME              = 0x80
-	TCP_RXT_FINDROP                   = 0x100
-	TCP_SENDMOREACKS                  = 0x103
-	TCSAFLUSH                         = 0x2
-	TIOCCBRK                          = 0x2000747a
-	TIOCCDTR                          = 0x20007478
-	TIOCCONS                          = 0x80047462
-	TIOCDCDTIMESTAMP                  = 0x40107458
-	TIOCDRAIN                         = 0x2000745e
-	TIOCDSIMICROCODE                  = 0x20007455
-	TIOCEXCL                          = 0x2000740d
-	TIOCEXT                           = 0x80047460
-	TIOCFLUSH                         = 0x80047410
-	TIOCGDRAINWAIT                    = 0x40047456
-	TIOCGETA                          = 0x40487413
-	TIOCGETD                          = 0x4004741a
-	TIOCGPGRP                         = 0x40047477
-	TIOCGWINSZ                        = 0x40087468
-	TIOCIXOFF                         = 0x20007480
-	TIOCIXON                          = 0x20007481
-	TIOCMBIC                          = 0x8004746b
-	TIOCMBIS                          = 0x8004746c
-	TIOCMGDTRWAIT                     = 0x4004745a
-	TIOCMGET                          = 0x4004746a
-	TIOCMODG                          = 0x40047403
-	TIOCMODS                          = 0x80047404
-	TIOCMSDTRWAIT                     = 0x8004745b
-	TIOCMSET                          = 0x8004746d
-	TIOCM_CAR                         = 0x40
-	TIOCM_CD                          = 0x40
-	TIOCM_CTS                         = 0x20
-	TIOCM_DSR                         = 0x100
-	TIOCM_DTR                         = 0x2
-	TIOCM_LE                          = 0x1
-	TIOCM_RI                          = 0x80
-	TIOCM_RNG                         = 0x80
-	TIOCM_RTS                         = 0x4
-	TIOCM_SR                          = 0x10
-	TIOCM_ST                          = 0x8
-	TIOCNOTTY                         = 0x20007471
-	TIOCNXCL                          = 0x2000740e
-	TIOCOUTQ                          = 0x40047473
-	TIOCPKT                           = 0x80047470
-	TIOCPKT_DATA                      = 0x0
-	TIOCPKT_DOSTOP                    = 0x20
-	TIOCPKT_FLUSHREAD                 = 0x1
-	TIOCPKT_FLUSHWRITE                = 0x2
-	TIOCPKT_IOCTL                     = 0x40
-	TIOCPKT_NOSTOP                    = 0x10
-	TIOCPKT_START                     = 0x8
-	TIOCPKT_STOP                      = 0x4
-	TIOCPTYGNAME                      = 0x40807453
-	TIOCPTYGRANT                      = 0x20007454
-	TIOCPTYUNLK                       = 0x20007452
-	TIOCREMOTE                        = 0x80047469
-	TIOCSBRK                          = 0x2000747b
-	TIOCSCONS                         = 0x20007463
-	TIOCSCTTY                         = 0x20007461
-	TIOCSDRAINWAIT                    = 0x80047457
-	TIOCSDTR                          = 0x20007479
-	TIOCSETA                          = 0x80487414
-	TIOCSETAF                         = 0x80487416
-	TIOCSETAW                         = 0x80487415
-	TIOCSETD                          = 0x8004741b
-	TIOCSIG                           = 0x2000745f
-	TIOCSPGRP                         = 0x80047476
-	TIOCSTART                         = 0x2000746e
-	TIOCSTAT                          = 0x20007465
-	TIOCSTI                           = 0x80017472
-	TIOCSTOP                          = 0x2000746f
-	TIOCSWINSZ                        = 0x80087467
-	TIOCTIMESTAMP                     = 0x40107459
-	TIOCUCNTL                         = 0x80047466
-	TOSTOP                            = 0x400000
-	VDISCARD                          = 0xf
-	VDSUSP                            = 0xb
-	VEOF                              = 0x0
-	VEOL                              = 0x1
-	VEOL2                             = 0x2
-	VERASE                            = 0x3
-	VINTR                             = 0x8
-	VKILL                             = 0x5
-	VLNEXT                            = 0xe
-	VMIN                              = 0x10
-	VM_LOADAVG                        = 0x2
-	VM_MACHFACTOR                     = 0x4
-	VM_MAXID                          = 0x6
-	VM_METER                          = 0x1
-	VM_SWAPUSAGE                      = 0x5
-	VQUIT                             = 0x9
-	VREPRINT                          = 0x6
-	VSTART                            = 0xc
-	VSTATUS                           = 0x12
-	VSTOP                             = 0xd
-	VSUSP                             = 0xa
-	VT0                               = 0x0
-	VT1                               = 0x10000
-	VTDLY                             = 0x10000
-	VTIME                             = 0x11
-	VWERASE                           = 0x4
-	WCONTINUED                        = 0x10
-	WCOREFLAG                         = 0x80
-	WEXITED                           = 0x4
-	WNOHANG                           = 0x1
-	WNOWAIT                           = 0x20
-	WORDSIZE                          = 0x40
-	WSTOPPED                          = 0x8
-	WUNTRACED                         = 0x2
-	XATTR_CREATE                      = 0x2
-	XATTR_NODEFAULT                   = 0x10
-	XATTR_NOFOLLOW                    = 0x1
-	XATTR_NOSECURITY                  = 0x8
-	XATTR_REPLACE                     = 0x4
-	XATTR_SHOWCOMPRESSION             = 0x20
+	AF_APPLETALK                            = 0x10
+	AF_CCITT                                = 0xa
+	AF_CHAOS                                = 0x5
+	AF_CNT                                  = 0x15
+	AF_COIP                                 = 0x14
+	AF_DATAKIT                              = 0x9
+	AF_DECnet                               = 0xc
+	AF_DLI                                  = 0xd
+	AF_E164                                 = 0x1c
+	AF_ECMA                                 = 0x8
+	AF_HYLINK                               = 0xf
+	AF_IEEE80211                            = 0x25
+	AF_IMPLINK                              = 0x3
+	AF_INET                                 = 0x2
+	AF_INET6                                = 0x1e
+	AF_IPX                                  = 0x17
+	AF_ISDN                                 = 0x1c
+	AF_ISO                                  = 0x7
+	AF_LAT                                  = 0xe
+	AF_LINK                                 = 0x12
+	AF_LOCAL                                = 0x1
+	AF_MAX                                  = 0x29
+	AF_NATM                                 = 0x1f
+	AF_NDRV                                 = 0x1b
+	AF_NETBIOS                              = 0x21
+	AF_NS                                   = 0x6
+	AF_OSI                                  = 0x7
+	AF_PPP                                  = 0x22
+	AF_PUP                                  = 0x4
+	AF_RESERVED_36                          = 0x24
+	AF_ROUTE                                = 0x11
+	AF_SIP                                  = 0x18
+	AF_SNA                                  = 0xb
+	AF_SYSTEM                               = 0x20
+	AF_SYS_CONTROL                          = 0x2
+	AF_UNIX                                 = 0x1
+	AF_UNSPEC                               = 0x0
+	AF_UTUN                                 = 0x26
+	AF_VSOCK                                = 0x28
+	ALTWERASE                               = 0x200
+	ATTR_BIT_MAP_COUNT                      = 0x5
+	ATTR_CMN_ACCESSMASK                     = 0x20000
+	ATTR_CMN_ACCTIME                        = 0x1000
+	ATTR_CMN_ADDEDTIME                      = 0x10000000
+	ATTR_CMN_BKUPTIME                       = 0x2000
+	ATTR_CMN_CHGTIME                        = 0x800
+	ATTR_CMN_CRTIME                         = 0x200
+	ATTR_CMN_DATA_PROTECT_FLAGS             = 0x40000000
+	ATTR_CMN_DEVID                          = 0x2
+	ATTR_CMN_DOCUMENT_ID                    = 0x100000
+	ATTR_CMN_ERROR                          = 0x20000000
+	ATTR_CMN_EXTENDED_SECURITY              = 0x400000
+	ATTR_CMN_FILEID                         = 0x2000000
+	ATTR_CMN_FLAGS                          = 0x40000
+	ATTR_CMN_FNDRINFO                       = 0x4000
+	ATTR_CMN_FSID                           = 0x4
+	ATTR_CMN_FULLPATH                       = 0x8000000
+	ATTR_CMN_GEN_COUNT                      = 0x80000
+	ATTR_CMN_GRPID                          = 0x10000
+	ATTR_CMN_GRPUUID                        = 0x1000000
+	ATTR_CMN_MODTIME                        = 0x400
+	ATTR_CMN_NAME                           = 0x1
+	ATTR_CMN_NAMEDATTRCOUNT                 = 0x80000
+	ATTR_CMN_NAMEDATTRLIST                  = 0x100000
+	ATTR_CMN_OBJID                          = 0x20
+	ATTR_CMN_OBJPERMANENTID                 = 0x40
+	ATTR_CMN_OBJTAG                         = 0x10
+	ATTR_CMN_OBJTYPE                        = 0x8
+	ATTR_CMN_OWNERID                        = 0x8000
+	ATTR_CMN_PARENTID                       = 0x4000000
+	ATTR_CMN_PAROBJID                       = 0x80
+	ATTR_CMN_RETURNED_ATTRS                 = 0x80000000
+	ATTR_CMN_SCRIPT                         = 0x100
+	ATTR_CMN_SETMASK                        = 0x51c7ff00
+	ATTR_CMN_USERACCESS                     = 0x200000
+	ATTR_CMN_UUID                           = 0x800000
+	ATTR_CMN_VALIDMASK                      = 0xffffffff
+	ATTR_CMN_VOLSETMASK                     = 0x6700
+	ATTR_FILE_ALLOCSIZE                     = 0x4
+	ATTR_FILE_CLUMPSIZE                     = 0x10
+	ATTR_FILE_DATAALLOCSIZE                 = 0x400
+	ATTR_FILE_DATAEXTENTS                   = 0x800
+	ATTR_FILE_DATALENGTH                    = 0x200
+	ATTR_FILE_DEVTYPE                       = 0x20
+	ATTR_FILE_FILETYPE                      = 0x40
+	ATTR_FILE_FORKCOUNT                     = 0x80
+	ATTR_FILE_FORKLIST                      = 0x100
+	ATTR_FILE_IOBLOCKSIZE                   = 0x8
+	ATTR_FILE_LINKCOUNT                     = 0x1
+	ATTR_FILE_RSRCALLOCSIZE                 = 0x2000
+	ATTR_FILE_RSRCEXTENTS                   = 0x4000
+	ATTR_FILE_RSRCLENGTH                    = 0x1000
+	ATTR_FILE_SETMASK                       = 0x20
+	ATTR_FILE_TOTALSIZE                     = 0x2
+	ATTR_FILE_VALIDMASK                     = 0x37ff
+	ATTR_VOL_ALLOCATIONCLUMP                = 0x40
+	ATTR_VOL_ATTRIBUTES                     = 0x40000000
+	ATTR_VOL_CAPABILITIES                   = 0x20000
+	ATTR_VOL_DIRCOUNT                       = 0x400
+	ATTR_VOL_ENCODINGSUSED                  = 0x10000
+	ATTR_VOL_FILECOUNT                      = 0x200
+	ATTR_VOL_FSTYPE                         = 0x1
+	ATTR_VOL_INFO                           = 0x80000000
+	ATTR_VOL_IOBLOCKSIZE                    = 0x80
+	ATTR_VOL_MAXOBJCOUNT                    = 0x800
+	ATTR_VOL_MINALLOCATION                  = 0x20
+	ATTR_VOL_MOUNTEDDEVICE                  = 0x8000
+	ATTR_VOL_MOUNTFLAGS                     = 0x4000
+	ATTR_VOL_MOUNTPOINT                     = 0x1000
+	ATTR_VOL_NAME                           = 0x2000
+	ATTR_VOL_OBJCOUNT                       = 0x100
+	ATTR_VOL_QUOTA_SIZE                     = 0x10000000
+	ATTR_VOL_RESERVED_SIZE                  = 0x20000000
+	ATTR_VOL_SETMASK                        = 0x80002000
+	ATTR_VOL_SIGNATURE                      = 0x2
+	ATTR_VOL_SIZE                           = 0x4
+	ATTR_VOL_SPACEAVAIL                     = 0x10
+	ATTR_VOL_SPACEFREE                      = 0x8
+	ATTR_VOL_SPACEUSED                      = 0x800000
+	ATTR_VOL_UUID                           = 0x40000
+	ATTR_VOL_VALIDMASK                      = 0xf087ffff
+	B0                                      = 0x0
+	B110                                    = 0x6e
+	B115200                                 = 0x1c200
+	B1200                                   = 0x4b0
+	B134                                    = 0x86
+	B14400                                  = 0x3840
+	B150                                    = 0x96
+	B1800                                   = 0x708
+	B19200                                  = 0x4b00
+	B200                                    = 0xc8
+	B230400                                 = 0x38400
+	B2400                                   = 0x960
+	B28800                                  = 0x7080
+	B300                                    = 0x12c
+	B38400                                  = 0x9600
+	B4800                                   = 0x12c0
+	B50                                     = 0x32
+	B57600                                  = 0xe100
+	B600                                    = 0x258
+	B7200                                   = 0x1c20
+	B75                                     = 0x4b
+	B76800                                  = 0x12c00
+	B9600                                   = 0x2580
+	BIOCFLUSH                               = 0x20004268
+	BIOCGBLEN                               = 0x40044266
+	BIOCGDLT                                = 0x4004426a
+	BIOCGDLTLIST                            = 0xc00c4279
+	BIOCGETIF                               = 0x4020426b
+	BIOCGHDRCMPLT                           = 0x40044274
+	BIOCGRSIG                               = 0x40044272
+	BIOCGRTIMEOUT                           = 0x4010426e
+	BIOCGSEESENT                            = 0x40044276
+	BIOCGSTATS                              = 0x4008426f
+	BIOCIMMEDIATE                           = 0x80044270
+	BIOCPROMISC                             = 0x20004269
+	BIOCSBLEN                               = 0xc0044266
+	BIOCSDLT                                = 0x80044278
+	BIOCSETF                                = 0x80104267
+	BIOCSETFNR                              = 0x8010427e
+	BIOCSETIF                               = 0x8020426c
+	BIOCSHDRCMPLT                           = 0x80044275
+	BIOCSRSIG                               = 0x80044273
+	BIOCSRTIMEOUT                           = 0x8010426d
+	BIOCSSEESENT                            = 0x80044277
+	BIOCVERSION                             = 0x40044271
+	BPF_A                                   = 0x10
+	BPF_ABS                                 = 0x20
+	BPF_ADD                                 = 0x0
+	BPF_ALIGNMENT                           = 0x4
+	BPF_ALU                                 = 0x4
+	BPF_AND                                 = 0x50
+	BPF_B                                   = 0x10
+	BPF_DIV                                 = 0x30
+	BPF_H                                   = 0x8
+	BPF_IMM                                 = 0x0
+	BPF_IND                                 = 0x40
+	BPF_JA                                  = 0x0
+	BPF_JEQ                                 = 0x10
+	BPF_JGE                                 = 0x30
+	BPF_JGT                                 = 0x20
+	BPF_JMP                                 = 0x5
+	BPF_JSET                                = 0x40
+	BPF_K                                   = 0x0
+	BPF_LD                                  = 0x0
+	BPF_LDX                                 = 0x1
+	BPF_LEN                                 = 0x80
+	BPF_LSH                                 = 0x60
+	BPF_MAJOR_VERSION                       = 0x1
+	BPF_MAXBUFSIZE                          = 0x80000
+	BPF_MAXINSNS                            = 0x200
+	BPF_MEM                                 = 0x60
+	BPF_MEMWORDS                            = 0x10
+	BPF_MINBUFSIZE                          = 0x20
+	BPF_MINOR_VERSION                       = 0x1
+	BPF_MISC                                = 0x7
+	BPF_MSH                                 = 0xa0
+	BPF_MUL                                 = 0x20
+	BPF_NEG                                 = 0x80
+	BPF_OR                                  = 0x40
+	BPF_RELEASE                             = 0x30bb6
+	BPF_RET                                 = 0x6
+	BPF_RSH                                 = 0x70
+	BPF_ST                                  = 0x2
+	BPF_STX                                 = 0x3
+	BPF_SUB                                 = 0x10
+	BPF_TAX                                 = 0x0
+	BPF_TXA                                 = 0x80
+	BPF_W                                   = 0x0
+	BPF_X                                   = 0x8
+	BRKINT                                  = 0x2
+	BS0                                     = 0x0
+	BS1                                     = 0x8000
+	BSDLY                                   = 0x8000
+	CFLUSH                                  = 0xf
+	CLOCAL                                  = 0x8000
+	CLOCK_MONOTONIC                         = 0x6
+	CLOCK_MONOTONIC_RAW                     = 0x4
+	CLOCK_MONOTONIC_RAW_APPROX              = 0x5
+	CLOCK_PROCESS_CPUTIME_ID                = 0xc
+	CLOCK_REALTIME                          = 0x0
+	CLOCK_THREAD_CPUTIME_ID                 = 0x10
+	CLOCK_UPTIME_RAW                        = 0x8
+	CLOCK_UPTIME_RAW_APPROX                 = 0x9
+	CLONE_NOFOLLOW                          = 0x1
+	CLONE_NOOWNERCOPY                       = 0x2
+	CR0                                     = 0x0
+	CR1                                     = 0x1000
+	CR2                                     = 0x2000
+	CR3                                     = 0x3000
+	CRDLY                                   = 0x3000
+	CREAD                                   = 0x800
+	CRTSCTS                                 = 0x30000
+	CS5                                     = 0x0
+	CS6                                     = 0x100
+	CS7                                     = 0x200
+	CS8                                     = 0x300
+	CSIZE                                   = 0x300
+	CSTART                                  = 0x11
+	CSTATUS                                 = 0x14
+	CSTOP                                   = 0x13
+	CSTOPB                                  = 0x400
+	CSUSP                                   = 0x1a
+	CTLIOCGINFO                             = 0xc0644e03
+	CTL_HW                                  = 0x6
+	CTL_KERN                                = 0x1
+	CTL_MAXNAME                             = 0xc
+	CTL_NET                                 = 0x4
+	DLT_A429                                = 0xb8
+	DLT_A653_ICM                            = 0xb9
+	DLT_AIRONET_HEADER                      = 0x78
+	DLT_AOS                                 = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394              = 0x8a
+	DLT_ARCNET                              = 0x7
+	DLT_ARCNET_LINUX                        = 0x81
+	DLT_ATM_CLIP                            = 0x13
+	DLT_ATM_RFC1483                         = 0xb
+	DLT_AURORA                              = 0x7e
+	DLT_AX25                                = 0x3
+	DLT_AX25_KISS                           = 0xca
+	DLT_BACNET_MS_TP                        = 0xa5
+	DLT_BLUETOOTH_HCI_H4                    = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR          = 0xc9
+	DLT_CAN20B                              = 0xbe
+	DLT_CAN_SOCKETCAN                       = 0xe3
+	DLT_CHAOS                               = 0x5
+	DLT_CHDLC                               = 0x68
+	DLT_CISCO_IOS                           = 0x76
+	DLT_C_HDLC                              = 0x68
+	DLT_C_HDLC_WITH_DIR                     = 0xcd
+	DLT_DBUS                                = 0xe7
+	DLT_DECT                                = 0xdd
+	DLT_DOCSIS                              = 0x8f
+	DLT_DVB_CI                              = 0xeb
+	DLT_ECONET                              = 0x73
+	DLT_EN10MB                              = 0x1
+	DLT_EN3MB                               = 0x2
+	DLT_ENC                                 = 0x6d
+	DLT_ERF                                 = 0xc5
+	DLT_ERF_ETH                             = 0xaf
+	DLT_ERF_POS                             = 0xb0
+	DLT_FC_2                                = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS              = 0xe1
+	DLT_FDDI                                = 0xa
+	DLT_FLEXRAY                             = 0xd2
+	DLT_FRELAY                              = 0x6b
+	DLT_FRELAY_WITH_DIR                     = 0xce
+	DLT_GCOM_SERIAL                         = 0xad
+	DLT_GCOM_T1E1                           = 0xac
+	DLT_GPF_F                               = 0xab
+	DLT_GPF_T                               = 0xaa
+	DLT_GPRS_LLC                            = 0xa9
+	DLT_GSMTAP_ABIS                         = 0xda
+	DLT_GSMTAP_UM                           = 0xd9
+	DLT_HHDLC                               = 0x79
+	DLT_IBM_SN                              = 0x92
+	DLT_IBM_SP                              = 0x91
+	DLT_IEEE802                             = 0x6
+	DLT_IEEE802_11                          = 0x69
+	DLT_IEEE802_11_RADIO                    = 0x7f
+	DLT_IEEE802_11_RADIO_AVS                = 0xa3
+	DLT_IEEE802_15_4                        = 0xc3
+	DLT_IEEE802_15_4_LINUX                  = 0xbf
+	DLT_IEEE802_15_4_NOFCS                  = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY             = 0xd7
+	DLT_IEEE802_16_MAC_CPS                  = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO            = 0xc1
+	DLT_IPFILTER                            = 0x74
+	DLT_IPMB                                = 0xc7
+	DLT_IPMB_LINUX                          = 0xd1
+	DLT_IPNET                               = 0xe2
+	DLT_IPOIB                               = 0xf2
+	DLT_IPV4                                = 0xe4
+	DLT_IPV6                                = 0xe5
+	DLT_IP_OVER_FC                          = 0x7a
+	DLT_JUNIPER_ATM1                        = 0x89
+	DLT_JUNIPER_ATM2                        = 0x87
+	DLT_JUNIPER_ATM_CEMIC                   = 0xee
+	DLT_JUNIPER_CHDLC                       = 0xb5
+	DLT_JUNIPER_ES                          = 0x84
+	DLT_JUNIPER_ETHER                       = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL                = 0xea
+	DLT_JUNIPER_FRELAY                      = 0xb4
+	DLT_JUNIPER_GGSN                        = 0x85
+	DLT_JUNIPER_ISM                         = 0xc2
+	DLT_JUNIPER_MFR                         = 0x86
+	DLT_JUNIPER_MLFR                        = 0x83
+	DLT_JUNIPER_MLPPP                       = 0x82
+	DLT_JUNIPER_MONITOR                     = 0xa4
+	DLT_JUNIPER_PIC_PEER                    = 0xae
+	DLT_JUNIPER_PPP                         = 0xb3
+	DLT_JUNIPER_PPPOE                       = 0xa7
+	DLT_JUNIPER_PPPOE_ATM                   = 0xa8
+	DLT_JUNIPER_SERVICES                    = 0x88
+	DLT_JUNIPER_SRX_E2E                     = 0xe9
+	DLT_JUNIPER_ST                          = 0xc8
+	DLT_JUNIPER_VP                          = 0xb7
+	DLT_JUNIPER_VS                          = 0xe8
+	DLT_LAPB_WITH_DIR                       = 0xcf
+	DLT_LAPD                                = 0xcb
+	DLT_LIN                                 = 0xd4
+	DLT_LINUX_EVDEV                         = 0xd8
+	DLT_LINUX_IRDA                          = 0x90
+	DLT_LINUX_LAPD                          = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION             = 0xa6
+	DLT_LINUX_SLL                           = 0x71
+	DLT_LOOP                                = 0x6c
+	DLT_LTALK                               = 0x72
+	DLT_MATCHING_MAX                        = 0x10a
+	DLT_MATCHING_MIN                        = 0x68
+	DLT_MFR                                 = 0xb6
+	DLT_MOST                                = 0xd3
+	DLT_MPEG_2_TS                           = 0xf3
+	DLT_MPLS                                = 0xdb
+	DLT_MTP2                                = 0x8c
+	DLT_MTP2_WITH_PHDR                      = 0x8b
+	DLT_MTP3                                = 0x8d
+	DLT_MUX27010                            = 0xec
+	DLT_NETANALYZER                         = 0xf0
+	DLT_NETANALYZER_TRANSPARENT             = 0xf1
+	DLT_NFC_LLCP                            = 0xf5
+	DLT_NFLOG                               = 0xef
+	DLT_NG40                                = 0xf4
+	DLT_NULL                                = 0x0
+	DLT_PCI_EXP                             = 0x7d
+	DLT_PFLOG                               = 0x75
+	DLT_PFSYNC                              = 0x12
+	DLT_PPI                                 = 0xc0
+	DLT_PPP                                 = 0x9
+	DLT_PPP_BSDOS                           = 0x10
+	DLT_PPP_ETHER                           = 0x33
+	DLT_PPP_PPPD                            = 0xa6
+	DLT_PPP_SERIAL                          = 0x32
+	DLT_PPP_WITH_DIR                        = 0xcc
+	DLT_PPP_WITH_DIRECTION                  = 0xa6
+	DLT_PRISM_HEADER                        = 0x77
+	DLT_PRONET                              = 0x4
+	DLT_RAIF1                               = 0xc6
+	DLT_RAW                                 = 0xc
+	DLT_RIO                                 = 0x7c
+	DLT_SCCP                                = 0x8e
+	DLT_SITA                                = 0xc4
+	DLT_SLIP                                = 0x8
+	DLT_SLIP_BSDOS                          = 0xf
+	DLT_STANAG_5066_D_PDU                   = 0xed
+	DLT_SUNATM                              = 0x7b
+	DLT_SYMANTEC_FIREWALL                   = 0x63
+	DLT_TZSP                                = 0x80
+	DLT_USB                                 = 0xba
+	DLT_USB_DARWIN                          = 0x10a
+	DLT_USB_LINUX                           = 0xbd
+	DLT_USB_LINUX_MMAPPED                   = 0xdc
+	DLT_USER0                               = 0x93
+	DLT_USER1                               = 0x94
+	DLT_USER10                              = 0x9d
+	DLT_USER11                              = 0x9e
+	DLT_USER12                              = 0x9f
+	DLT_USER13                              = 0xa0
+	DLT_USER14                              = 0xa1
+	DLT_USER15                              = 0xa2
+	DLT_USER2                               = 0x95
+	DLT_USER3                               = 0x96
+	DLT_USER4                               = 0x97
+	DLT_USER5                               = 0x98
+	DLT_USER6                               = 0x99
+	DLT_USER7                               = 0x9a
+	DLT_USER8                               = 0x9b
+	DLT_USER9                               = 0x9c
+	DLT_WIHART                              = 0xdf
+	DLT_X2E_SERIAL                          = 0xd5
+	DLT_X2E_XORAYA                          = 0xd6
+	DT_BLK                                  = 0x6
+	DT_CHR                                  = 0x2
+	DT_DIR                                  = 0x4
+	DT_FIFO                                 = 0x1
+	DT_LNK                                  = 0xa
+	DT_REG                                  = 0x8
+	DT_SOCK                                 = 0xc
+	DT_UNKNOWN                              = 0x0
+	DT_WHT                                  = 0xe
+	ECHO                                    = 0x8
+	ECHOCTL                                 = 0x40
+	ECHOE                                   = 0x2
+	ECHOK                                   = 0x4
+	ECHOKE                                  = 0x1
+	ECHONL                                  = 0x10
+	ECHOPRT                                 = 0x20
+	EVFILT_AIO                              = -0x3
+	EVFILT_EXCEPT                           = -0xf
+	EVFILT_FS                               = -0x9
+	EVFILT_MACHPORT                         = -0x8
+	EVFILT_PROC                             = -0x5
+	EVFILT_READ                             = -0x1
+	EVFILT_SIGNAL                           = -0x6
+	EVFILT_SYSCOUNT                         = 0x11
+	EVFILT_THREADMARKER                     = 0x11
+	EVFILT_TIMER                            = -0x7
+	EVFILT_USER                             = -0xa
+	EVFILT_VM                               = -0xc
+	EVFILT_VNODE                            = -0x4
+	EVFILT_WRITE                            = -0x2
+	EV_ADD                                  = 0x1
+	EV_CLEAR                                = 0x20
+	EV_DELETE                               = 0x2
+	EV_DISABLE                              = 0x8
+	EV_DISPATCH                             = 0x80
+	EV_DISPATCH2                            = 0x180
+	EV_ENABLE                               = 0x4
+	EV_EOF                                  = 0x8000
+	EV_ERROR                                = 0x4000
+	EV_FLAG0                                = 0x1000
+	EV_FLAG1                                = 0x2000
+	EV_ONESHOT                              = 0x10
+	EV_OOBAND                               = 0x2000
+	EV_POLL                                 = 0x1000
+	EV_RECEIPT                              = 0x40
+	EV_SYSFLAGS                             = 0xf000
+	EV_UDATA_SPECIFIC                       = 0x100
+	EV_VANISHED                             = 0x200
+	EXTA                                    = 0x4b00
+	EXTB                                    = 0x9600
+	EXTPROC                                 = 0x800
+	FD_CLOEXEC                              = 0x1
+	FD_SETSIZE                              = 0x400
+	FF0                                     = 0x0
+	FF1                                     = 0x4000
+	FFDLY                                   = 0x4000
+	FLUSHO                                  = 0x800000
+	FSOPT_ATTR_CMN_EXTENDED                 = 0x20
+	FSOPT_NOFOLLOW                          = 0x1
+	FSOPT_NOINMEMUPDATE                     = 0x2
+	FSOPT_PACK_INVAL_ATTRS                  = 0x8
+	FSOPT_REPORT_FULLSIZE                   = 0x4
+	FSOPT_RETURN_REALDEV                    = 0x200
+	F_ADDFILESIGS                           = 0x3d
+	F_ADDFILESIGS_FOR_DYLD_SIM              = 0x53
+	F_ADDFILESIGS_INFO                      = 0x67
+	F_ADDFILESIGS_RETURN                    = 0x61
+	F_ADDFILESUPPL                          = 0x68
+	F_ADDSIGS                               = 0x3b
+	F_ALLOCATEALL                           = 0x4
+	F_ALLOCATECONTIG                        = 0x2
+	F_BARRIERFSYNC                          = 0x55
+	F_CHECK_LV                              = 0x62
+	F_CHKCLEAN                              = 0x29
+	F_DUPFD                                 = 0x0
+	F_DUPFD_CLOEXEC                         = 0x43
+	F_FINDSIGS                              = 0x4e
+	F_FLUSH_DATA                            = 0x28
+	F_FREEZE_FS                             = 0x35
+	F_FULLFSYNC                             = 0x33
+	F_GETCODEDIR                            = 0x48
+	F_GETFD                                 = 0x1
+	F_GETFL                                 = 0x3
+	F_GETLK                                 = 0x7
+	F_GETLKPID                              = 0x42
+	F_GETNOSIGPIPE                          = 0x4a
+	F_GETOWN                                = 0x5
+	F_GETPATH                               = 0x32
+	F_GETPATH_MTMINFO                       = 0x47
+	F_GETPATH_NOFIRMLINK                    = 0x66
+	F_GETPROTECTIONCLASS                    = 0x3f
+	F_GETPROTECTIONLEVEL                    = 0x4d
+	F_GETSIGSINFO                           = 0x69
+	F_GLOBAL_NOCACHE                        = 0x37
+	F_LOG2PHYS                              = 0x31
+	F_LOG2PHYS_EXT                          = 0x41
+	F_NOCACHE                               = 0x30
+	F_NODIRECT                              = 0x3e
+	F_OK                                    = 0x0
+	F_PATHPKG_CHECK                         = 0x34
+	F_PEOFPOSMODE                           = 0x3
+	F_PREALLOCATE                           = 0x2a
+	F_PUNCHHOLE                             = 0x63
+	F_RDADVISE                              = 0x2c
+	F_RDAHEAD                               = 0x2d
+	F_RDLCK                                 = 0x1
+	F_SETBACKINGSTORE                       = 0x46
+	F_SETFD                                 = 0x2
+	F_SETFL                                 = 0x4
+	F_SETLK                                 = 0x8
+	F_SETLKW                                = 0x9
+	F_SETLKWTIMEOUT                         = 0xa
+	F_SETNOSIGPIPE                          = 0x49
+	F_SETOWN                                = 0x6
+	F_SETPROTECTIONCLASS                    = 0x40
+	F_SETSIZE                               = 0x2b
+	F_SINGLE_WRITER                         = 0x4c
+	F_SPECULATIVE_READ                      = 0x65
+	F_THAW_FS                               = 0x36
+	F_TRANSCODEKEY                          = 0x4b
+	F_TRIM_ACTIVE_FILE                      = 0x64
+	F_UNLCK                                 = 0x2
+	F_VOLPOSMODE                            = 0x4
+	F_WRLCK                                 = 0x3
+	HUPCL                                   = 0x4000
+	HW_MACHINE                              = 0x1
+	ICANON                                  = 0x100
+	ICMP6_FILTER                            = 0x12
+	ICRNL                                   = 0x100
+	IEXTEN                                  = 0x400
+	IFF_ALLMULTI                            = 0x200
+	IFF_ALTPHYS                             = 0x4000
+	IFF_BROADCAST                           = 0x2
+	IFF_DEBUG                               = 0x4
+	IFF_LINK0                               = 0x1000
+	IFF_LINK1                               = 0x2000
+	IFF_LINK2                               = 0x4000
+	IFF_LOOPBACK                            = 0x8
+	IFF_MULTICAST                           = 0x8000
+	IFF_NOARP                               = 0x80
+	IFF_NOTRAILERS                          = 0x20
+	IFF_OACTIVE                             = 0x400
+	IFF_POINTOPOINT                         = 0x10
+	IFF_PROMISC                             = 0x100
+	IFF_RUNNING                             = 0x40
+	IFF_SIMPLEX                             = 0x800
+	IFF_UP                                  = 0x1
+	IFNAMSIZ                                = 0x10
+	IFT_1822                                = 0x2
+	IFT_6LOWPAN                             = 0x40
+	IFT_AAL5                                = 0x31
+	IFT_ARCNET                              = 0x23
+	IFT_ARCNETPLUS                          = 0x24
+	IFT_ATM                                 = 0x25
+	IFT_BRIDGE                              = 0xd1
+	IFT_CARP                                = 0xf8
+	IFT_CELLULAR                            = 0xff
+	IFT_CEPT                                = 0x13
+	IFT_DS3                                 = 0x1e
+	IFT_ENC                                 = 0xf4
+	IFT_EON                                 = 0x19
+	IFT_ETHER                               = 0x6
+	IFT_FAITH                               = 0x38
+	IFT_FDDI                                = 0xf
+	IFT_FRELAY                              = 0x20
+	IFT_FRELAYDCE                           = 0x2c
+	IFT_GIF                                 = 0x37
+	IFT_HDH1822                             = 0x3
+	IFT_HIPPI                               = 0x2f
+	IFT_HSSI                                = 0x2e
+	IFT_HY                                  = 0xe
+	IFT_IEEE1394                            = 0x90
+	IFT_IEEE8023ADLAG                       = 0x88
+	IFT_ISDNBASIC                           = 0x14
+	IFT_ISDNPRIMARY                         = 0x15
+	IFT_ISO88022LLC                         = 0x29
+	IFT_ISO88023                            = 0x7
+	IFT_ISO88024                            = 0x8
+	IFT_ISO88025                            = 0x9
+	IFT_ISO88026                            = 0xa
+	IFT_L2VLAN                              = 0x87
+	IFT_LAPB                                = 0x10
+	IFT_LOCALTALK                           = 0x2a
+	IFT_LOOP                                = 0x18
+	IFT_MIOX25                              = 0x26
+	IFT_MODEM                               = 0x30
+	IFT_NSIP                                = 0x1b
+	IFT_OTHER                               = 0x1
+	IFT_P10                                 = 0xc
+	IFT_P80                                 = 0xd
+	IFT_PARA                                = 0x22
+	IFT_PDP                                 = 0xff
+	IFT_PFLOG                               = 0xf5
+	IFT_PFSYNC                              = 0xf6
+	IFT_PKTAP                               = 0xfe
+	IFT_PPP                                 = 0x17
+	IFT_PROPMUX                             = 0x36
+	IFT_PROPVIRTUAL                         = 0x35
+	IFT_PTPSERIAL                           = 0x16
+	IFT_RS232                               = 0x21
+	IFT_SDLC                                = 0x11
+	IFT_SIP                                 = 0x1f
+	IFT_SLIP                                = 0x1c
+	IFT_SMDSDXI                             = 0x2b
+	IFT_SMDSICIP                            = 0x34
+	IFT_SONET                               = 0x27
+	IFT_SONETPATH                           = 0x32
+	IFT_SONETVT                             = 0x33
+	IFT_STARLAN                             = 0xb
+	IFT_STF                                 = 0x39
+	IFT_T1                                  = 0x12
+	IFT_ULTRA                               = 0x1d
+	IFT_V35                                 = 0x2d
+	IFT_X25                                 = 0x5
+	IFT_X25DDN                              = 0x4
+	IFT_X25PLE                              = 0x28
+	IFT_XETHER                              = 0x1a
+	IGNBRK                                  = 0x1
+	IGNCR                                   = 0x80
+	IGNPAR                                  = 0x4
+	IMAXBEL                                 = 0x2000
+	INLCR                                   = 0x40
+	INPCK                                   = 0x10
+	IN_CLASSA_HOST                          = 0xffffff
+	IN_CLASSA_MAX                           = 0x80
+	IN_CLASSA_NET                           = 0xff000000
+	IN_CLASSA_NSHIFT                        = 0x18
+	IN_CLASSB_HOST                          = 0xffff
+	IN_CLASSB_MAX                           = 0x10000
+	IN_CLASSB_NET                           = 0xffff0000
+	IN_CLASSB_NSHIFT                        = 0x10
+	IN_CLASSC_HOST                          = 0xff
+	IN_CLASSC_NET                           = 0xffffff00
+	IN_CLASSC_NSHIFT                        = 0x8
+	IN_CLASSD_HOST                          = 0xfffffff
+	IN_CLASSD_NET                           = 0xf0000000
+	IN_CLASSD_NSHIFT                        = 0x1c
+	IN_LINKLOCALNETNUM                      = 0xa9fe0000
+	IN_LOOPBACKNET                          = 0x7f
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID          = 0x400473d1
+	IPPROTO_3PC                             = 0x22
+	IPPROTO_ADFS                            = 0x44
+	IPPROTO_AH                              = 0x33
+	IPPROTO_AHIP                            = 0x3d
+	IPPROTO_APES                            = 0x63
+	IPPROTO_ARGUS                           = 0xd
+	IPPROTO_AX25                            = 0x5d
+	IPPROTO_BHA                             = 0x31
+	IPPROTO_BLT                             = 0x1e
+	IPPROTO_BRSATMON                        = 0x4c
+	IPPROTO_CFTP                            = 0x3e
+	IPPROTO_CHAOS                           = 0x10
+	IPPROTO_CMTP                            = 0x26
+	IPPROTO_CPHB                            = 0x49
+	IPPROTO_CPNX                            = 0x48
+	IPPROTO_DDP                             = 0x25
+	IPPROTO_DGP                             = 0x56
+	IPPROTO_DIVERT                          = 0xfe
+	IPPROTO_DONE                            = 0x101
+	IPPROTO_DSTOPTS                         = 0x3c
+	IPPROTO_EGP                             = 0x8
+	IPPROTO_EMCON                           = 0xe
+	IPPROTO_ENCAP                           = 0x62
+	IPPROTO_EON                             = 0x50
+	IPPROTO_ESP                             = 0x32
+	IPPROTO_ETHERIP                         = 0x61
+	IPPROTO_FRAGMENT                        = 0x2c
+	IPPROTO_GGP                             = 0x3
+	IPPROTO_GMTP                            = 0x64
+	IPPROTO_GRE                             = 0x2f
+	IPPROTO_HELLO                           = 0x3f
+	IPPROTO_HMP                             = 0x14
+	IPPROTO_HOPOPTS                         = 0x0
+	IPPROTO_ICMP                            = 0x1
+	IPPROTO_ICMPV6                          = 0x3a
+	IPPROTO_IDP                             = 0x16
+	IPPROTO_IDPR                            = 0x23
+	IPPROTO_IDRP                            = 0x2d
+	IPPROTO_IGMP                            = 0x2
+	IPPROTO_IGP                             = 0x55
+	IPPROTO_IGRP                            = 0x58
+	IPPROTO_IL                              = 0x28
+	IPPROTO_INLSP                           = 0x34
+	IPPROTO_INP                             = 0x20
+	IPPROTO_IP                              = 0x0
+	IPPROTO_IPCOMP                          = 0x6c
+	IPPROTO_IPCV                            = 0x47
+	IPPROTO_IPEIP                           = 0x5e
+	IPPROTO_IPIP                            = 0x4
+	IPPROTO_IPPC                            = 0x43
+	IPPROTO_IPV4                            = 0x4
+	IPPROTO_IPV6                            = 0x29
+	IPPROTO_IRTP                            = 0x1c
+	IPPROTO_KRYPTOLAN                       = 0x41
+	IPPROTO_LARP                            = 0x5b
+	IPPROTO_LEAF1                           = 0x19
+	IPPROTO_LEAF2                           = 0x1a
+	IPPROTO_MAX                             = 0x100
+	IPPROTO_MAXID                           = 0x34
+	IPPROTO_MEAS                            = 0x13
+	IPPROTO_MHRP                            = 0x30
+	IPPROTO_MICP                            = 0x5f
+	IPPROTO_MTP                             = 0x5c
+	IPPROTO_MUX                             = 0x12
+	IPPROTO_ND                              = 0x4d
+	IPPROTO_NHRP                            = 0x36
+	IPPROTO_NONE                            = 0x3b
+	IPPROTO_NSP                             = 0x1f
+	IPPROTO_NVPII                           = 0xb
+	IPPROTO_OSPFIGP                         = 0x59
+	IPPROTO_PGM                             = 0x71
+	IPPROTO_PIGP                            = 0x9
+	IPPROTO_PIM                             = 0x67
+	IPPROTO_PRM                             = 0x15
+	IPPROTO_PUP                             = 0xc
+	IPPROTO_PVP                             = 0x4b
+	IPPROTO_RAW                             = 0xff
+	IPPROTO_RCCMON                          = 0xa
+	IPPROTO_RDP                             = 0x1b
+	IPPROTO_ROUTING                         = 0x2b
+	IPPROTO_RSVP                            = 0x2e
+	IPPROTO_RVD                             = 0x42
+	IPPROTO_SATEXPAK                        = 0x40
+	IPPROTO_SATMON                          = 0x45
+	IPPROTO_SCCSP                           = 0x60
+	IPPROTO_SCTP                            = 0x84
+	IPPROTO_SDRP                            = 0x2a
+	IPPROTO_SEP                             = 0x21
+	IPPROTO_SRPC                            = 0x5a
+	IPPROTO_ST                              = 0x7
+	IPPROTO_SVMTP                           = 0x52
+	IPPROTO_SWIPE                           = 0x35
+	IPPROTO_TCF                             = 0x57
+	IPPROTO_TCP                             = 0x6
+	IPPROTO_TP                              = 0x1d
+	IPPROTO_TPXX                            = 0x27
+	IPPROTO_TRUNK1                          = 0x17
+	IPPROTO_TRUNK2                          = 0x18
+	IPPROTO_TTP                             = 0x54
+	IPPROTO_UDP                             = 0x11
+	IPPROTO_VINES                           = 0x53
+	IPPROTO_VISA                            = 0x46
+	IPPROTO_VMTP                            = 0x51
+	IPPROTO_WBEXPAK                         = 0x4f
+	IPPROTO_WBMON                           = 0x4e
+	IPPROTO_WSN                             = 0x4a
+	IPPROTO_XNET                            = 0xf
+	IPPROTO_XTP                             = 0x24
+	IPV6_2292DSTOPTS                        = 0x17
+	IPV6_2292HOPLIMIT                       = 0x14
+	IPV6_2292HOPOPTS                        = 0x16
+	IPV6_2292NEXTHOP                        = 0x15
+	IPV6_2292PKTINFO                        = 0x13
+	IPV6_2292PKTOPTIONS                     = 0x19
+	IPV6_2292RTHDR                          = 0x18
+	IPV6_3542DSTOPTS                        = 0x32
+	IPV6_3542HOPLIMIT                       = 0x2f
+	IPV6_3542HOPOPTS                        = 0x31
+	IPV6_3542NEXTHOP                        = 0x30
+	IPV6_3542PKTINFO                        = 0x2e
+	IPV6_3542RTHDR                          = 0x33
+	IPV6_ADDR_MC_FLAGS_PREFIX               = 0x20
+	IPV6_ADDR_MC_FLAGS_TRANSIENT            = 0x10
+	IPV6_ADDR_MC_FLAGS_UNICAST_BASED        = 0x30
+	IPV6_AUTOFLOWLABEL                      = 0x3b
+	IPV6_BINDV6ONLY                         = 0x1b
+	IPV6_BOUND_IF                           = 0x7d
+	IPV6_CHECKSUM                           = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS             = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP             = 0x1
+	IPV6_DEFHLIM                            = 0x40
+	IPV6_DONTFRAG                           = 0x3e
+	IPV6_DSTOPTS                            = 0x32
+	IPV6_FAITH                              = 0x1d
+	IPV6_FLOWINFO_MASK                      = 0xffffff0f
+	IPV6_FLOWLABEL_MASK                     = 0xffff0f00
+	IPV6_FLOW_ECN_MASK                      = 0x3000
+	IPV6_FRAGTTL                            = 0x3c
+	IPV6_FW_ADD                             = 0x1e
+	IPV6_FW_DEL                             = 0x1f
+	IPV6_FW_FLUSH                           = 0x20
+	IPV6_FW_GET                             = 0x22
+	IPV6_FW_ZERO                            = 0x21
+	IPV6_HLIMDEC                            = 0x1
+	IPV6_HOPLIMIT                           = 0x2f
+	IPV6_HOPOPTS                            = 0x31
+	IPV6_IPSEC_POLICY                       = 0x1c
+	IPV6_JOIN_GROUP                         = 0xc
+	IPV6_LEAVE_GROUP                        = 0xd
+	IPV6_MAXHLIM                            = 0xff
+	IPV6_MAXOPTHDR                          = 0x800
+	IPV6_MAXPACKET                          = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER               = 0x200
+	IPV6_MAX_MEMBERSHIPS                    = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER                = 0x80
+	IPV6_MIN_MEMBERSHIPS                    = 0x1f
+	IPV6_MMTU                               = 0x500
+	IPV6_MSFILTER                           = 0x4a
+	IPV6_MULTICAST_HOPS                     = 0xa
+	IPV6_MULTICAST_IF                       = 0x9
+	IPV6_MULTICAST_LOOP                     = 0xb
+	IPV6_NEXTHOP                            = 0x30
+	IPV6_PATHMTU                            = 0x2c
+	IPV6_PKTINFO                            = 0x2e
+	IPV6_PORTRANGE                          = 0xe
+	IPV6_PORTRANGE_DEFAULT                  = 0x0
+	IPV6_PORTRANGE_HIGH                     = 0x1
+	IPV6_PORTRANGE_LOW                      = 0x2
+	IPV6_PREFER_TEMPADDR                    = 0x3f
+	IPV6_RECVDSTOPTS                        = 0x28
+	IPV6_RECVHOPLIMIT                       = 0x25
+	IPV6_RECVHOPOPTS                        = 0x27
+	IPV6_RECVPATHMTU                        = 0x2b
+	IPV6_RECVPKTINFO                        = 0x3d
+	IPV6_RECVRTHDR                          = 0x26
+	IPV6_RECVTCLASS                         = 0x23
+	IPV6_RTHDR                              = 0x33
+	IPV6_RTHDRDSTOPTS                       = 0x39
+	IPV6_RTHDR_LOOSE                        = 0x0
+	IPV6_RTHDR_STRICT                       = 0x1
+	IPV6_RTHDR_TYPE_0                       = 0x0
+	IPV6_SOCKOPT_RESERVED1                  = 0x3
+	IPV6_TCLASS                             = 0x24
+	IPV6_UNICAST_HOPS                       = 0x4
+	IPV6_USE_MIN_MTU                        = 0x2a
+	IPV6_V6ONLY                             = 0x1b
+	IPV6_VERSION                            = 0x60
+	IPV6_VERSION_MASK                       = 0xf0
+	IP_ADD_MEMBERSHIP                       = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP                = 0x46
+	IP_BLOCK_SOURCE                         = 0x48
+	IP_BOUND_IF                             = 0x19
+	IP_DEFAULT_MULTICAST_LOOP               = 0x1
+	IP_DEFAULT_MULTICAST_TTL                = 0x1
+	IP_DF                                   = 0x4000
+	IP_DONTFRAG                             = 0x1c
+	IP_DROP_MEMBERSHIP                      = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP               = 0x47
+	IP_DUMMYNET_CONFIGURE                   = 0x3c
+	IP_DUMMYNET_DEL                         = 0x3d
+	IP_DUMMYNET_FLUSH                       = 0x3e
+	IP_DUMMYNET_GET                         = 0x40
+	IP_FAITH                                = 0x16
+	IP_FW_ADD                               = 0x28
+	IP_FW_DEL                               = 0x29
+	IP_FW_FLUSH                             = 0x2a
+	IP_FW_GET                               = 0x2c
+	IP_FW_RESETLOG                          = 0x2d
+	IP_FW_ZERO                              = 0x2b
+	IP_HDRINCL                              = 0x2
+	IP_IPSEC_POLICY                         = 0x15
+	IP_MAXPACKET                            = 0xffff
+	IP_MAX_GROUP_SRC_FILTER                 = 0x200
+	IP_MAX_MEMBERSHIPS                      = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER                 = 0x80
+	IP_MAX_SOCK_SRC_FILTER                  = 0x80
+	IP_MF                                   = 0x2000
+	IP_MIN_MEMBERSHIPS                      = 0x1f
+	IP_MSFILTER                             = 0x4a
+	IP_MSS                                  = 0x240
+	IP_MULTICAST_IF                         = 0x9
+	IP_MULTICAST_IFINDEX                    = 0x42
+	IP_MULTICAST_LOOP                       = 0xb
+	IP_MULTICAST_TTL                        = 0xa
+	IP_MULTICAST_VIF                        = 0xe
+	IP_NAT__XXX                             = 0x37
+	IP_OFFMASK                              = 0x1fff
+	IP_OLD_FW_ADD                           = 0x32
+	IP_OLD_FW_DEL                           = 0x33
+	IP_OLD_FW_FLUSH                         = 0x34
+	IP_OLD_FW_GET                           = 0x36
+	IP_OLD_FW_RESETLOG                      = 0x38
+	IP_OLD_FW_ZERO                          = 0x35
+	IP_OPTIONS                              = 0x1
+	IP_PKTINFO                              = 0x1a
+	IP_PORTRANGE                            = 0x13
+	IP_PORTRANGE_DEFAULT                    = 0x0
+	IP_PORTRANGE_HIGH                       = 0x1
+	IP_PORTRANGE_LOW                        = 0x2
+	IP_RECVDSTADDR                          = 0x7
+	IP_RECVIF                               = 0x14
+	IP_RECVOPTS                             = 0x5
+	IP_RECVPKTINFO                          = 0x1a
+	IP_RECVRETOPTS                          = 0x6
+	IP_RECVTOS                              = 0x1b
+	IP_RECVTTL                              = 0x18
+	IP_RETOPTS                              = 0x8
+	IP_RF                                   = 0x8000
+	IP_RSVP_OFF                             = 0x10
+	IP_RSVP_ON                              = 0xf
+	IP_RSVP_VIF_OFF                         = 0x12
+	IP_RSVP_VIF_ON                          = 0x11
+	IP_STRIPHDR                             = 0x17
+	IP_TOS                                  = 0x3
+	IP_TRAFFIC_MGT_BACKGROUND               = 0x41
+	IP_TTL                                  = 0x4
+	IP_UNBLOCK_SOURCE                       = 0x49
+	ISIG                                    = 0x80
+	ISTRIP                                  = 0x20
+	IUTF8                                   = 0x4000
+	IXANY                                   = 0x800
+	IXOFF                                   = 0x400
+	IXON                                    = 0x200
+	KERN_HOSTNAME                           = 0xa
+	KERN_OSRELEASE                          = 0x2
+	KERN_OSTYPE                             = 0x1
+	KERN_VERSION                            = 0x4
+	LOCAL_PEERCRED                          = 0x1
+	LOCAL_PEEREPID                          = 0x3
+	LOCAL_PEEREUUID                         = 0x5
+	LOCAL_PEERPID                           = 0x2
+	LOCAL_PEERTOKEN                         = 0x6
+	LOCAL_PEERUUID                          = 0x4
+	LOCK_EX                                 = 0x2
+	LOCK_NB                                 = 0x4
+	LOCK_SH                                 = 0x1
+	LOCK_UN                                 = 0x8
+	MADV_CAN_REUSE                          = 0x9
+	MADV_DONTNEED                           = 0x4
+	MADV_FREE                               = 0x5
+	MADV_FREE_REUSABLE                      = 0x7
+	MADV_FREE_REUSE                         = 0x8
+	MADV_NORMAL                             = 0x0
+	MADV_PAGEOUT                            = 0xa
+	MADV_RANDOM                             = 0x1
+	MADV_SEQUENTIAL                         = 0x2
+	MADV_WILLNEED                           = 0x3
+	MADV_ZERO_WIRED_PAGES                   = 0x6
+	MAP_32BIT                               = 0x8000
+	MAP_ANON                                = 0x1000
+	MAP_ANONYMOUS                           = 0x1000
+	MAP_COPY                                = 0x2
+	MAP_FILE                                = 0x0
+	MAP_FIXED                               = 0x10
+	MAP_HASSEMAPHORE                        = 0x200
+	MAP_JIT                                 = 0x800
+	MAP_NOCACHE                             = 0x400
+	MAP_NOEXTEND                            = 0x100
+	MAP_NORESERVE                           = 0x40
+	MAP_PRIVATE                             = 0x2
+	MAP_RENAME                              = 0x20
+	MAP_RESERVED0080                        = 0x80
+	MAP_RESILIENT_CODESIGN                  = 0x2000
+	MAP_RESILIENT_MEDIA                     = 0x4000
+	MAP_SHARED                              = 0x1
+	MAP_TRANSLATED_ALLOW_EXECUTE            = 0x20000
+	MAP_UNIX03                              = 0x40000
+	MCAST_BLOCK_SOURCE                      = 0x54
+	MCAST_EXCLUDE                           = 0x2
+	MCAST_INCLUDE                           = 0x1
+	MCAST_JOIN_GROUP                        = 0x50
+	MCAST_JOIN_SOURCE_GROUP                 = 0x52
+	MCAST_LEAVE_GROUP                       = 0x51
+	MCAST_LEAVE_SOURCE_GROUP                = 0x53
+	MCAST_UNBLOCK_SOURCE                    = 0x55
+	MCAST_UNDEFINED                         = 0x0
+	MCL_CURRENT                             = 0x1
+	MCL_FUTURE                              = 0x2
+	MNT_ASYNC                               = 0x40
+	MNT_AUTOMOUNTED                         = 0x400000
+	MNT_CMDFLAGS                            = 0xf0000
+	MNT_CPROTECT                            = 0x80
+	MNT_DEFWRITE                            = 0x2000000
+	MNT_DONTBROWSE                          = 0x100000
+	MNT_DOVOLFS                             = 0x8000
+	MNT_DWAIT                               = 0x4
+	MNT_EXPORTED                            = 0x100
+	MNT_EXT_ROOT_DATA_VOL                   = 0x1
+	MNT_FORCE                               = 0x80000
+	MNT_IGNORE_OWNERSHIP                    = 0x200000
+	MNT_JOURNALED                           = 0x800000
+	MNT_LOCAL                               = 0x1000
+	MNT_MULTILABEL                          = 0x4000000
+	MNT_NOATIME                             = 0x10000000
+	MNT_NOBLOCK                             = 0x20000
+	MNT_NODEV                               = 0x10
+	MNT_NOEXEC                              = 0x4
+	MNT_NOSUID                              = 0x8
+	MNT_NOUSERXATTR                         = 0x1000000
+	MNT_NOWAIT                              = 0x2
+	MNT_QUARANTINE                          = 0x400
+	MNT_QUOTA                               = 0x2000
+	MNT_RDONLY                              = 0x1
+	MNT_RELOAD                              = 0x40000
+	MNT_REMOVABLE                           = 0x200
+	MNT_ROOTFS                              = 0x4000
+	MNT_SNAPSHOT                            = 0x40000000
+	MNT_STRICTATIME                         = 0x80000000
+	MNT_SYNCHRONOUS                         = 0x2
+	MNT_UNION                               = 0x20
+	MNT_UNKNOWNPERMISSIONS                  = 0x200000
+	MNT_UPDATE                              = 0x10000
+	MNT_VISFLAGMASK                         = 0xd7f0f7ff
+	MNT_WAIT                                = 0x1
+	MSG_CTRUNC                              = 0x20
+	MSG_DONTROUTE                           = 0x4
+	MSG_DONTWAIT                            = 0x80
+	MSG_EOF                                 = 0x100
+	MSG_EOR                                 = 0x8
+	MSG_FLUSH                               = 0x400
+	MSG_HAVEMORE                            = 0x2000
+	MSG_HOLD                                = 0x800
+	MSG_NEEDSA                              = 0x10000
+	MSG_NOSIGNAL                            = 0x80000
+	MSG_OOB                                 = 0x1
+	MSG_PEEK                                = 0x2
+	MSG_RCVMORE                             = 0x4000
+	MSG_SEND                                = 0x1000
+	MSG_TRUNC                               = 0x10
+	MSG_WAITALL                             = 0x40
+	MSG_WAITSTREAM                          = 0x200
+	MS_ASYNC                                = 0x1
+	MS_DEACTIVATE                           = 0x8
+	MS_INVALIDATE                           = 0x2
+	MS_KILLPAGES                            = 0x4
+	MS_SYNC                                 = 0x10
+	NAME_MAX                                = 0xff
+	NET_RT_DUMP                             = 0x1
+	NET_RT_DUMP2                            = 0x7
+	NET_RT_FLAGS                            = 0x2
+	NET_RT_FLAGS_PRIV                       = 0xa
+	NET_RT_IFLIST                           = 0x3
+	NET_RT_IFLIST2                          = 0x6
+	NET_RT_MAXID                            = 0xb
+	NET_RT_STAT                             = 0x4
+	NET_RT_TRASH                            = 0x5
+	NFDBITS                                 = 0x20
+	NL0                                     = 0x0
+	NL1                                     = 0x100
+	NL2                                     = 0x200
+	NL3                                     = 0x300
+	NLDLY                                   = 0x300
+	NOFLSH                                  = 0x80000000
+	NOKERNINFO                              = 0x2000000
+	NOTE_ABSOLUTE                           = 0x8
+	NOTE_ATTRIB                             = 0x8
+	NOTE_BACKGROUND                         = 0x40
+	NOTE_CHILD                              = 0x4
+	NOTE_CRITICAL                           = 0x20
+	NOTE_DELETE                             = 0x1
+	NOTE_EXEC                               = 0x20000000
+	NOTE_EXIT                               = 0x80000000
+	NOTE_EXITSTATUS                         = 0x4000000
+	NOTE_EXIT_CSERROR                       = 0x40000
+	NOTE_EXIT_DECRYPTFAIL                   = 0x10000
+	NOTE_EXIT_DETAIL                        = 0x2000000
+	NOTE_EXIT_DETAIL_MASK                   = 0x70000
+	NOTE_EXIT_MEMORY                        = 0x20000
+	NOTE_EXIT_REPARENTED                    = 0x80000
+	NOTE_EXTEND                             = 0x4
+	NOTE_FFAND                              = 0x40000000
+	NOTE_FFCOPY                             = 0xc0000000
+	NOTE_FFCTRLMASK                         = 0xc0000000
+	NOTE_FFLAGSMASK                         = 0xffffff
+	NOTE_FFNOP                              = 0x0
+	NOTE_FFOR                               = 0x80000000
+	NOTE_FORK                               = 0x40000000
+	NOTE_FUNLOCK                            = 0x100
+	NOTE_LEEWAY                             = 0x10
+	NOTE_LINK                               = 0x10
+	NOTE_LOWAT                              = 0x1
+	NOTE_MACHTIME                           = 0x100
+	NOTE_MACH_CONTINUOUS_TIME               = 0x80
+	NOTE_NONE                               = 0x80
+	NOTE_NSECONDS                           = 0x4
+	NOTE_OOB                                = 0x2
+	NOTE_PCTRLMASK                          = -0x100000
+	NOTE_PDATAMASK                          = 0xfffff
+	NOTE_REAP                               = 0x10000000
+	NOTE_RENAME                             = 0x20
+	NOTE_REVOKE                             = 0x40
+	NOTE_SECONDS                            = 0x1
+	NOTE_SIGNAL                             = 0x8000000
+	NOTE_TRACK                              = 0x1
+	NOTE_TRACKERR                           = 0x2
+	NOTE_TRIGGER                            = 0x1000000
+	NOTE_USECONDS                           = 0x2
+	NOTE_VM_ERROR                           = 0x10000000
+	NOTE_VM_PRESSURE                        = 0x80000000
+	NOTE_VM_PRESSURE_SUDDEN_TERMINATE       = 0x20000000
+	NOTE_VM_PRESSURE_TERMINATE              = 0x40000000
+	NOTE_WRITE                              = 0x2
+	OCRNL                                   = 0x10
+	OFDEL                                   = 0x20000
+	OFILL                                   = 0x80
+	ONLCR                                   = 0x2
+	ONLRET                                  = 0x40
+	ONOCR                                   = 0x20
+	ONOEOT                                  = 0x8
+	OPOST                                   = 0x1
+	OXTABS                                  = 0x4
+	O_ACCMODE                               = 0x3
+	O_ALERT                                 = 0x20000000
+	O_APPEND                                = 0x8
+	O_ASYNC                                 = 0x40
+	O_CLOEXEC                               = 0x1000000
+	O_CREAT                                 = 0x200
+	O_DIRECTORY                             = 0x100000
+	O_DP_GETRAWENCRYPTED                    = 0x1
+	O_DP_GETRAWUNENCRYPTED                  = 0x2
+	O_DSYNC                                 = 0x400000
+	O_EVTONLY                               = 0x8000
+	O_EXCL                                  = 0x800
+	O_EXLOCK                                = 0x20
+	O_FSYNC                                 = 0x80
+	O_NDELAY                                = 0x4
+	O_NOCTTY                                = 0x20000
+	O_NOFOLLOW                              = 0x100
+	O_NOFOLLOW_ANY                          = 0x20000000
+	O_NONBLOCK                              = 0x4
+	O_POPUP                                 = 0x80000000
+	O_RDONLY                                = 0x0
+	O_RDWR                                  = 0x2
+	O_SHLOCK                                = 0x10
+	O_SYMLINK                               = 0x200000
+	O_SYNC                                  = 0x80
+	O_TRUNC                                 = 0x400
+	O_WRONLY                                = 0x1
+	PARENB                                  = 0x1000
+	PARMRK                                  = 0x8
+	PARODD                                  = 0x2000
+	PENDIN                                  = 0x20000000
+	PRIO_PGRP                               = 0x1
+	PRIO_PROCESS                            = 0x0
+	PRIO_USER                               = 0x2
+	PROT_EXEC                               = 0x4
+	PROT_NONE                               = 0x0
+	PROT_READ                               = 0x1
+	PROT_WRITE                              = 0x2
+	PT_ATTACH                               = 0xa
+	PT_ATTACHEXC                            = 0xe
+	PT_CONTINUE                             = 0x7
+	PT_DENY_ATTACH                          = 0x1f
+	PT_DETACH                               = 0xb
+	PT_FIRSTMACH                            = 0x20
+	PT_FORCEQUOTA                           = 0x1e
+	PT_KILL                                 = 0x8
+	PT_READ_D                               = 0x2
+	PT_READ_I                               = 0x1
+	PT_READ_U                               = 0x3
+	PT_SIGEXC                               = 0xc
+	PT_STEP                                 = 0x9
+	PT_THUPDATE                             = 0xd
+	PT_TRACE_ME                             = 0x0
+	PT_WRITE_D                              = 0x5
+	PT_WRITE_I                              = 0x4
+	PT_WRITE_U                              = 0x6
+	RLIMIT_AS                               = 0x5
+	RLIMIT_CORE                             = 0x4
+	RLIMIT_CPU                              = 0x0
+	RLIMIT_CPU_USAGE_MONITOR                = 0x2
+	RLIMIT_DATA                             = 0x2
+	RLIMIT_FSIZE                            = 0x1
+	RLIMIT_MEMLOCK                          = 0x6
+	RLIMIT_NOFILE                           = 0x8
+	RLIMIT_NPROC                            = 0x7
+	RLIMIT_RSS                              = 0x5
+	RLIMIT_STACK                            = 0x3
+	RLIM_INFINITY                           = 0x7fffffffffffffff
+	RTAX_AUTHOR                             = 0x6
+	RTAX_BRD                                = 0x7
+	RTAX_DST                                = 0x0
+	RTAX_GATEWAY                            = 0x1
+	RTAX_GENMASK                            = 0x3
+	RTAX_IFA                                = 0x5
+	RTAX_IFP                                = 0x4
+	RTAX_MAX                                = 0x8
+	RTAX_NETMASK                            = 0x2
+	RTA_AUTHOR                              = 0x40
+	RTA_BRD                                 = 0x80
+	RTA_DST                                 = 0x1
+	RTA_GATEWAY                             = 0x2
+	RTA_GENMASK                             = 0x8
+	RTA_IFA                                 = 0x20
+	RTA_IFP                                 = 0x10
+	RTA_NETMASK                             = 0x4
+	RTF_BLACKHOLE                           = 0x1000
+	RTF_BROADCAST                           = 0x400000
+	RTF_CLONING                             = 0x100
+	RTF_CONDEMNED                           = 0x2000000
+	RTF_DEAD                                = 0x20000000
+	RTF_DELCLONE                            = 0x80
+	RTF_DONE                                = 0x40
+	RTF_DYNAMIC                             = 0x10
+	RTF_GATEWAY                             = 0x2
+	RTF_GLOBAL                              = 0x40000000
+	RTF_HOST                                = 0x4
+	RTF_IFREF                               = 0x4000000
+	RTF_IFSCOPE                             = 0x1000000
+	RTF_LLDATA                              = 0x400
+	RTF_LLINFO                              = 0x400
+	RTF_LOCAL                               = 0x200000
+	RTF_MODIFIED                            = 0x20
+	RTF_MULTICAST                           = 0x800000
+	RTF_NOIFREF                             = 0x2000
+	RTF_PINNED                              = 0x100000
+	RTF_PRCLONING                           = 0x10000
+	RTF_PROTO1                              = 0x8000
+	RTF_PROTO2                              = 0x4000
+	RTF_PROTO3                              = 0x40000
+	RTF_PROXY                               = 0x8000000
+	RTF_REJECT                              = 0x8
+	RTF_ROUTER                              = 0x10000000
+	RTF_STATIC                              = 0x800
+	RTF_UP                                  = 0x1
+	RTF_WASCLONED                           = 0x20000
+	RTF_XRESOLVE                            = 0x200
+	RTM_ADD                                 = 0x1
+	RTM_CHANGE                              = 0x3
+	RTM_DELADDR                             = 0xd
+	RTM_DELETE                              = 0x2
+	RTM_DELMADDR                            = 0x10
+	RTM_GET                                 = 0x4
+	RTM_GET2                                = 0x14
+	RTM_IFINFO                              = 0xe
+	RTM_IFINFO2                             = 0x12
+	RTM_LOCK                                = 0x8
+	RTM_LOSING                              = 0x5
+	RTM_MISS                                = 0x7
+	RTM_NEWADDR                             = 0xc
+	RTM_NEWMADDR                            = 0xf
+	RTM_NEWMADDR2                           = 0x13
+	RTM_OLDADD                              = 0x9
+	RTM_OLDDEL                              = 0xa
+	RTM_REDIRECT                            = 0x6
+	RTM_RESOLVE                             = 0xb
+	RTM_RTTUNIT                             = 0xf4240
+	RTM_VERSION                             = 0x5
+	RTV_EXPIRE                              = 0x4
+	RTV_HOPCOUNT                            = 0x2
+	RTV_MTU                                 = 0x1
+	RTV_RPIPE                               = 0x8
+	RTV_RTT                                 = 0x40
+	RTV_RTTVAR                              = 0x80
+	RTV_SPIPE                               = 0x10
+	RTV_SSTHRESH                            = 0x20
+	RUSAGE_CHILDREN                         = -0x1
+	RUSAGE_SELF                             = 0x0
+	SCM_CREDS                               = 0x3
+	SCM_RIGHTS                              = 0x1
+	SCM_TIMESTAMP                           = 0x2
+	SCM_TIMESTAMP_MONOTONIC                 = 0x4
+	SEEK_CUR                                = 0x1
+	SEEK_DATA                               = 0x4
+	SEEK_END                                = 0x2
+	SEEK_HOLE                               = 0x3
+	SEEK_SET                                = 0x0
+	SHUT_RD                                 = 0x0
+	SHUT_RDWR                               = 0x2
+	SHUT_WR                                 = 0x1
+	SIOCADDMULTI                            = 0x80206931
+	SIOCAIFADDR                             = 0x8040691a
+	SIOCARPIPLL                             = 0xc0206928
+	SIOCATMARK                              = 0x40047307
+	SIOCAUTOADDR                            = 0xc0206926
+	SIOCAUTONETMASK                         = 0x80206927
+	SIOCDELMULTI                            = 0x80206932
+	SIOCDIFADDR                             = 0x80206919
+	SIOCDIFPHYADDR                          = 0x80206941
+	SIOCGDRVSPEC                            = 0xc028697b
+	SIOCGETVLAN                             = 0xc020697f
+	SIOCGHIWAT                              = 0x40047301
+	SIOCGIF6LOWPAN                          = 0xc02069c5
+	SIOCGIFADDR                             = 0xc0206921
+	SIOCGIFALTMTU                           = 0xc0206948
+	SIOCGIFASYNCMAP                         = 0xc020697c
+	SIOCGIFBOND                             = 0xc0206947
+	SIOCGIFBRDADDR                          = 0xc0206923
+	SIOCGIFCAP                              = 0xc020695b
+	SIOCGIFCONF                             = 0xc00c6924
+	SIOCGIFDEVMTU                           = 0xc0206944
+	SIOCGIFDSTADDR                          = 0xc0206922
+	SIOCGIFFLAGS                            = 0xc0206911
+	SIOCGIFFUNCTIONALTYPE                   = 0xc02069ad
+	SIOCGIFGENERIC                          = 0xc020693a
+	SIOCGIFKPI                              = 0xc0206987
+	SIOCGIFMAC                              = 0xc0206982
+	SIOCGIFMEDIA                            = 0xc02c6938
+	SIOCGIFMETRIC                           = 0xc0206917
+	SIOCGIFMTU                              = 0xc0206933
+	SIOCGIFNETMASK                          = 0xc0206925
+	SIOCGIFPDSTADDR                         = 0xc0206940
+	SIOCGIFPHYS                             = 0xc0206935
+	SIOCGIFPSRCADDR                         = 0xc020693f
+	SIOCGIFSTATUS                           = 0xc331693d
+	SIOCGIFVLAN                             = 0xc020697f
+	SIOCGIFWAKEFLAGS                        = 0xc0206988
+	SIOCGIFXMEDIA                           = 0xc02c6948
+	SIOCGLOWAT                              = 0x40047303
+	SIOCGPGRP                               = 0x40047309
+	SIOCIFCREATE                            = 0xc0206978
+	SIOCIFCREATE2                           = 0xc020697a
+	SIOCIFDESTROY                           = 0x80206979
+	SIOCIFGCLONERS                          = 0xc0106981
+	SIOCRSLVMULTI                           = 0xc010693b
+	SIOCSDRVSPEC                            = 0x8028697b
+	SIOCSETVLAN                             = 0x8020697e
+	SIOCSHIWAT                              = 0x80047300
+	SIOCSIF6LOWPAN                          = 0x802069c4
+	SIOCSIFADDR                             = 0x8020690c
+	SIOCSIFALTMTU                           = 0x80206945
+	SIOCSIFASYNCMAP                         = 0x8020697d
+	SIOCSIFBOND                             = 0x80206946
+	SIOCSIFBRDADDR                          = 0x80206913
+	SIOCSIFCAP                              = 0x8020695a
+	SIOCSIFDSTADDR                          = 0x8020690e
+	SIOCSIFFLAGS                            = 0x80206910
+	SIOCSIFGENERIC                          = 0x80206939
+	SIOCSIFKPI                              = 0x80206986
+	SIOCSIFLLADDR                           = 0x8020693c
+	SIOCSIFMAC                              = 0x80206983
+	SIOCSIFMEDIA                            = 0xc0206937
+	SIOCSIFMETRIC                           = 0x80206918
+	SIOCSIFMTU                              = 0x80206934
+	SIOCSIFNETMASK                          = 0x80206916
+	SIOCSIFPHYADDR                          = 0x8040693e
+	SIOCSIFPHYS                             = 0x80206936
+	SIOCSIFVLAN                             = 0x8020697e
+	SIOCSLOWAT                              = 0x80047302
+	SIOCSPGRP                               = 0x80047308
+	SOCK_DGRAM                              = 0x2
+	SOCK_MAXADDRLEN                         = 0xff
+	SOCK_RAW                                = 0x3
+	SOCK_RDM                                = 0x4
+	SOCK_SEQPACKET                          = 0x5
+	SOCK_STREAM                             = 0x1
+	SOL_LOCAL                               = 0x0
+	SOL_SOCKET                              = 0xffff
+	SOMAXCONN                               = 0x80
+	SO_ACCEPTCONN                           = 0x2
+	SO_BROADCAST                            = 0x20
+	SO_DEBUG                                = 0x1
+	SO_DONTROUTE                            = 0x10
+	SO_DONTTRUNC                            = 0x2000
+	SO_ERROR                                = 0x1007
+	SO_KEEPALIVE                            = 0x8
+	SO_LABEL                                = 0x1010
+	SO_LINGER                               = 0x80
+	SO_LINGER_SEC                           = 0x1080
+	SO_NETSVC_MARKING_LEVEL                 = 0x1119
+	SO_NET_SERVICE_TYPE                     = 0x1116
+	SO_NKE                                  = 0x1021
+	SO_NOADDRERR                            = 0x1023
+	SO_NOSIGPIPE                            = 0x1022
+	SO_NOTIFYCONFLICT                       = 0x1026
+	SO_NP_EXTENSIONS                        = 0x1083
+	SO_NREAD                                = 0x1020
+	SO_NUMRCVPKT                            = 0x1112
+	SO_NWRITE                               = 0x1024
+	SO_OOBINLINE                            = 0x100
+	SO_PEERLABEL                            = 0x1011
+	SO_RANDOMPORT                           = 0x1082
+	SO_RCVBUF                               = 0x1002
+	SO_RCVLOWAT                             = 0x1004
+	SO_RCVTIMEO                             = 0x1006
+	SO_REUSEADDR                            = 0x4
+	SO_REUSEPORT                            = 0x200
+	SO_REUSESHAREUID                        = 0x1025
+	SO_SNDBUF                               = 0x1001
+	SO_SNDLOWAT                             = 0x1003
+	SO_SNDTIMEO                             = 0x1005
+	SO_TIMESTAMP                            = 0x400
+	SO_TIMESTAMP_MONOTONIC                  = 0x800
+	SO_TRACKER_ATTRIBUTE_FLAGS_APP_APPROVED = 0x1
+	SO_TRACKER_ATTRIBUTE_FLAGS_DOMAIN_SHORT = 0x4
+	SO_TRACKER_ATTRIBUTE_FLAGS_TRACKER      = 0x2
+	SO_TRACKER_TRANSPARENCY_VERSION         = 0x3
+	SO_TYPE                                 = 0x1008
+	SO_UPCALLCLOSEWAIT                      = 0x1027
+	SO_USELOOPBACK                          = 0x40
+	SO_WANTMORE                             = 0x4000
+	SO_WANTOOBFLAG                          = 0x8000
+	S_IEXEC                                 = 0x40
+	S_IFBLK                                 = 0x6000
+	S_IFCHR                                 = 0x2000
+	S_IFDIR                                 = 0x4000
+	S_IFIFO                                 = 0x1000
+	S_IFLNK                                 = 0xa000
+	S_IFMT                                  = 0xf000
+	S_IFREG                                 = 0x8000
+	S_IFSOCK                                = 0xc000
+	S_IFWHT                                 = 0xe000
+	S_IREAD                                 = 0x100
+	S_IRGRP                                 = 0x20
+	S_IROTH                                 = 0x4
+	S_IRUSR                                 = 0x100
+	S_IRWXG                                 = 0x38
+	S_IRWXO                                 = 0x7
+	S_IRWXU                                 = 0x1c0
+	S_ISGID                                 = 0x400
+	S_ISTXT                                 = 0x200
+	S_ISUID                                 = 0x800
+	S_ISVTX                                 = 0x200
+	S_IWGRP                                 = 0x10
+	S_IWOTH                                 = 0x2
+	S_IWRITE                                = 0x80
+	S_IWUSR                                 = 0x80
+	S_IXGRP                                 = 0x8
+	S_IXOTH                                 = 0x1
+	S_IXUSR                                 = 0x40
+	TAB0                                    = 0x0
+	TAB1                                    = 0x400
+	TAB2                                    = 0x800
+	TAB3                                    = 0x4
+	TABDLY                                  = 0xc04
+	TCIFLUSH                                = 0x1
+	TCIOFF                                  = 0x3
+	TCIOFLUSH                               = 0x3
+	TCION                                   = 0x4
+	TCOFLUSH                                = 0x2
+	TCOOFF                                  = 0x1
+	TCOON                                   = 0x2
+	TCPOPT_CC                               = 0xb
+	TCPOPT_CCECHO                           = 0xd
+	TCPOPT_CCNEW                            = 0xc
+	TCPOPT_EOL                              = 0x0
+	TCPOPT_FASTOPEN                         = 0x22
+	TCPOPT_MAXSEG                           = 0x2
+	TCPOPT_NOP                              = 0x1
+	TCPOPT_SACK                             = 0x5
+	TCPOPT_SACK_HDR                         = 0x1010500
+	TCPOPT_SACK_PERMITTED                   = 0x4
+	TCPOPT_SACK_PERMIT_HDR                  = 0x1010402
+	TCPOPT_SIGNATURE                        = 0x13
+	TCPOPT_TIMESTAMP                        = 0x8
+	TCPOPT_TSTAMP_HDR                       = 0x101080a
+	TCPOPT_WINDOW                           = 0x3
+	TCP_CONNECTIONTIMEOUT                   = 0x20
+	TCP_CONNECTION_INFO                     = 0x106
+	TCP_ENABLE_ECN                          = 0x104
+	TCP_FASTOPEN                            = 0x105
+	TCP_KEEPALIVE                           = 0x10
+	TCP_KEEPCNT                             = 0x102
+	TCP_KEEPINTVL                           = 0x101
+	TCP_MAXHLEN                             = 0x3c
+	TCP_MAXOLEN                             = 0x28
+	TCP_MAXSEG                              = 0x2
+	TCP_MAXWIN                              = 0xffff
+	TCP_MAX_SACK                            = 0x4
+	TCP_MAX_WINSHIFT                        = 0xe
+	TCP_MINMSS                              = 0xd8
+	TCP_MSS                                 = 0x200
+	TCP_NODELAY                             = 0x1
+	TCP_NOOPT                               = 0x8
+	TCP_NOPUSH                              = 0x4
+	TCP_NOTSENT_LOWAT                       = 0x201
+	TCP_RXT_CONNDROPTIME                    = 0x80
+	TCP_RXT_FINDROP                         = 0x100
+	TCP_SENDMOREACKS                        = 0x103
+	TCSAFLUSH                               = 0x2
+	TIOCCBRK                                = 0x2000747a
+	TIOCCDTR                                = 0x20007478
+	TIOCCONS                                = 0x80047462
+	TIOCDCDTIMESTAMP                        = 0x40107458
+	TIOCDRAIN                               = 0x2000745e
+	TIOCDSIMICROCODE                        = 0x20007455
+	TIOCEXCL                                = 0x2000740d
+	TIOCEXT                                 = 0x80047460
+	TIOCFLUSH                               = 0x80047410
+	TIOCGDRAINWAIT                          = 0x40047456
+	TIOCGETA                                = 0x40487413
+	TIOCGETD                                = 0x4004741a
+	TIOCGPGRP                               = 0x40047477
+	TIOCGWINSZ                              = 0x40087468
+	TIOCIXOFF                               = 0x20007480
+	TIOCIXON                                = 0x20007481
+	TIOCMBIC                                = 0x8004746b
+	TIOCMBIS                                = 0x8004746c
+	TIOCMGDTRWAIT                           = 0x4004745a
+	TIOCMGET                                = 0x4004746a
+	TIOCMODG                                = 0x40047403
+	TIOCMODS                                = 0x80047404
+	TIOCMSDTRWAIT                           = 0x8004745b
+	TIOCMSET                                = 0x8004746d
+	TIOCM_CAR                               = 0x40
+	TIOCM_CD                                = 0x40
+	TIOCM_CTS                               = 0x20
+	TIOCM_DSR                               = 0x100
+	TIOCM_DTR                               = 0x2
+	TIOCM_LE                                = 0x1
+	TIOCM_RI                                = 0x80
+	TIOCM_RNG                               = 0x80
+	TIOCM_RTS                               = 0x4
+	TIOCM_SR                                = 0x10
+	TIOCM_ST                                = 0x8
+	TIOCNOTTY                               = 0x20007471
+	TIOCNXCL                                = 0x2000740e
+	TIOCOUTQ                                = 0x40047473
+	TIOCPKT                                 = 0x80047470
+	TIOCPKT_DATA                            = 0x0
+	TIOCPKT_DOSTOP                          = 0x20
+	TIOCPKT_FLUSHREAD                       = 0x1
+	TIOCPKT_FLUSHWRITE                      = 0x2
+	TIOCPKT_IOCTL                           = 0x40
+	TIOCPKT_NOSTOP                          = 0x10
+	TIOCPKT_START                           = 0x8
+	TIOCPKT_STOP                            = 0x4
+	TIOCPTYGNAME                            = 0x40807453
+	TIOCPTYGRANT                            = 0x20007454
+	TIOCPTYUNLK                             = 0x20007452
+	TIOCREMOTE                              = 0x80047469
+	TIOCSBRK                                = 0x2000747b
+	TIOCSCONS                               = 0x20007463
+	TIOCSCTTY                               = 0x20007461
+	TIOCSDRAINWAIT                          = 0x80047457
+	TIOCSDTR                                = 0x20007479
+	TIOCSETA                                = 0x80487414
+	TIOCSETAF                               = 0x80487416
+	TIOCSETAW                               = 0x80487415
+	TIOCSETD                                = 0x8004741b
+	TIOCSIG                                 = 0x2000745f
+	TIOCSPGRP                               = 0x80047476
+	TIOCSTART                               = 0x2000746e
+	TIOCSTAT                                = 0x20007465
+	TIOCSTI                                 = 0x80017472
+	TIOCSTOP                                = 0x2000746f
+	TIOCSWINSZ                              = 0x80087467
+	TIOCTIMESTAMP                           = 0x40107459
+	TIOCUCNTL                               = 0x80047466
+	TOSTOP                                  = 0x400000
+	VDISCARD                                = 0xf
+	VDSUSP                                  = 0xb
+	VEOF                                    = 0x0
+	VEOL                                    = 0x1
+	VEOL2                                   = 0x2
+	VERASE                                  = 0x3
+	VINTR                                   = 0x8
+	VKILL                                   = 0x5
+	VLNEXT                                  = 0xe
+	VMADDR_CID_ANY                          = 0xffffffff
+	VMADDR_CID_HOST                         = 0x2
+	VMADDR_CID_HYPERVISOR                   = 0x0
+	VMADDR_CID_RESERVED                     = 0x1
+	VMADDR_PORT_ANY                         = 0xffffffff
+	VMIN                                    = 0x10
+	VM_LOADAVG                              = 0x2
+	VM_MACHFACTOR                           = 0x4
+	VM_MAXID                                = 0x6
+	VM_METER                                = 0x1
+	VM_SWAPUSAGE                            = 0x5
+	VQUIT                                   = 0x9
+	VREPRINT                                = 0x6
+	VSTART                                  = 0xc
+	VSTATUS                                 = 0x12
+	VSTOP                                   = 0xd
+	VSUSP                                   = 0xa
+	VT0                                     = 0x0
+	VT1                                     = 0x10000
+	VTDLY                                   = 0x10000
+	VTIME                                   = 0x11
+	VWERASE                                 = 0x4
+	WCONTINUED                              = 0x10
+	WCOREFLAG                               = 0x80
+	WEXITED                                 = 0x4
+	WNOHANG                                 = 0x1
+	WNOWAIT                                 = 0x20
+	WORDSIZE                                = 0x40
+	WSTOPPED                                = 0x8
+	WUNTRACED                               = 0x2
+	XATTR_CREATE                            = 0x2
+	XATTR_NODEFAULT                         = 0x10
+	XATTR_NOFOLLOW                          = 0x1
+	XATTR_NOSECURITY                        = 0x8
+	XATTR_REPLACE                           = 0x4
+	XATTR_SHOWCOMPRESSION                   = 0x20
 )
 
 // Errors
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm.go
deleted file mode 100644
index 7a977770d0ade..0000000000000
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm.go
+++ /dev/null
@@ -1,1783 +0,0 @@
-// mkerrors.sh
-// Code generated by the command above; see README.md. DO NOT EDIT.
-
-// +build arm,darwin
-
-// Created by cgo -godefs - DO NOT EDIT
-// cgo -godefs -- _const.go
-
-package unix
-
-import "syscall"
-
-const (
-	AF_APPLETALK                      = 0x10
-	AF_CCITT                          = 0xa
-	AF_CHAOS                          = 0x5
-	AF_CNT                            = 0x15
-	AF_COIP                           = 0x14
-	AF_DATAKIT                        = 0x9
-	AF_DECnet                         = 0xc
-	AF_DLI                            = 0xd
-	AF_E164                           = 0x1c
-	AF_ECMA                           = 0x8
-	AF_HYLINK                         = 0xf
-	AF_IEEE80211                      = 0x25
-	AF_IMPLINK                        = 0x3
-	AF_INET                           = 0x2
-	AF_INET6                          = 0x1e
-	AF_IPX                            = 0x17
-	AF_ISDN                           = 0x1c
-	AF_ISO                            = 0x7
-	AF_LAT                            = 0xe
-	AF_LINK                           = 0x12
-	AF_LOCAL                          = 0x1
-	AF_MAX                            = 0x28
-	AF_NATM                           = 0x1f
-	AF_NDRV                           = 0x1b
-	AF_NETBIOS                        = 0x21
-	AF_NS                             = 0x6
-	AF_OSI                            = 0x7
-	AF_PPP                            = 0x22
-	AF_PUP                            = 0x4
-	AF_RESERVED_36                    = 0x24
-	AF_ROUTE                          = 0x11
-	AF_SIP                            = 0x18
-	AF_SNA                            = 0xb
-	AF_SYSTEM                         = 0x20
-	AF_UNIX                           = 0x1
-	AF_UNSPEC                         = 0x0
-	AF_UTUN                           = 0x26
-	ALTWERASE                         = 0x200
-	ATTR_BIT_MAP_COUNT                = 0x5
-	ATTR_CMN_ACCESSMASK               = 0x20000
-	ATTR_CMN_ACCTIME                  = 0x1000
-	ATTR_CMN_ADDEDTIME                = 0x10000000
-	ATTR_CMN_BKUPTIME                 = 0x2000
-	ATTR_CMN_CHGTIME                  = 0x800
-	ATTR_CMN_CRTIME                   = 0x200
-	ATTR_CMN_DATA_PROTECT_FLAGS       = 0x40000000
-	ATTR_CMN_DEVID                    = 0x2
-	ATTR_CMN_DOCUMENT_ID              = 0x100000
-	ATTR_CMN_ERROR                    = 0x20000000
-	ATTR_CMN_EXTENDED_SECURITY        = 0x400000
-	ATTR_CMN_FILEID                   = 0x2000000
-	ATTR_CMN_FLAGS                    = 0x40000
-	ATTR_CMN_FNDRINFO                 = 0x4000
-	ATTR_CMN_FSID                     = 0x4
-	ATTR_CMN_FULLPATH                 = 0x8000000
-	ATTR_CMN_GEN_COUNT                = 0x80000
-	ATTR_CMN_GRPID                    = 0x10000
-	ATTR_CMN_GRPUUID                  = 0x1000000
-	ATTR_CMN_MODTIME                  = 0x400
-	ATTR_CMN_NAME                     = 0x1
-	ATTR_CMN_NAMEDATTRCOUNT           = 0x80000
-	ATTR_CMN_NAMEDATTRLIST            = 0x100000
-	ATTR_CMN_OBJID                    = 0x20
-	ATTR_CMN_OBJPERMANENTID           = 0x40
-	ATTR_CMN_OBJTAG                   = 0x10
-	ATTR_CMN_OBJTYPE                  = 0x8
-	ATTR_CMN_OWNERID                  = 0x8000
-	ATTR_CMN_PARENTID                 = 0x4000000
-	ATTR_CMN_PAROBJID                 = 0x80
-	ATTR_CMN_RETURNED_ATTRS           = 0x80000000
-	ATTR_CMN_SCRIPT                   = 0x100
-	ATTR_CMN_SETMASK                  = 0x41c7ff00
-	ATTR_CMN_USERACCESS               = 0x200000
-	ATTR_CMN_UUID                     = 0x800000
-	ATTR_CMN_VALIDMASK                = 0xffffffff
-	ATTR_CMN_VOLSETMASK               = 0x6700
-	ATTR_FILE_ALLOCSIZE               = 0x4
-	ATTR_FILE_CLUMPSIZE               = 0x10
-	ATTR_FILE_DATAALLOCSIZE           = 0x400
-	ATTR_FILE_DATAEXTENTS             = 0x800
-	ATTR_FILE_DATALENGTH              = 0x200
-	ATTR_FILE_DEVTYPE                 = 0x20
-	ATTR_FILE_FILETYPE                = 0x40
-	ATTR_FILE_FORKCOUNT               = 0x80
-	ATTR_FILE_FORKLIST                = 0x100
-	ATTR_FILE_IOBLOCKSIZE             = 0x8
-	ATTR_FILE_LINKCOUNT               = 0x1
-	ATTR_FILE_RSRCALLOCSIZE           = 0x2000
-	ATTR_FILE_RSRCEXTENTS             = 0x4000
-	ATTR_FILE_RSRCLENGTH              = 0x1000
-	ATTR_FILE_SETMASK                 = 0x20
-	ATTR_FILE_TOTALSIZE               = 0x2
-	ATTR_FILE_VALIDMASK               = 0x37ff
-	ATTR_VOL_ALLOCATIONCLUMP          = 0x40
-	ATTR_VOL_ATTRIBUTES               = 0x40000000
-	ATTR_VOL_CAPABILITIES             = 0x20000
-	ATTR_VOL_DIRCOUNT                 = 0x400
-	ATTR_VOL_ENCODINGSUSED            = 0x10000
-	ATTR_VOL_FILECOUNT                = 0x200
-	ATTR_VOL_FSTYPE                   = 0x1
-	ATTR_VOL_INFO                     = 0x80000000
-	ATTR_VOL_IOBLOCKSIZE              = 0x80
-	ATTR_VOL_MAXOBJCOUNT              = 0x800
-	ATTR_VOL_MINALLOCATION            = 0x20
-	ATTR_VOL_MOUNTEDDEVICE            = 0x8000
-	ATTR_VOL_MOUNTFLAGS               = 0x4000
-	ATTR_VOL_MOUNTPOINT               = 0x1000
-	ATTR_VOL_NAME                     = 0x2000
-	ATTR_VOL_OBJCOUNT                 = 0x100
-	ATTR_VOL_QUOTA_SIZE               = 0x10000000
-	ATTR_VOL_RESERVED_SIZE            = 0x20000000
-	ATTR_VOL_SETMASK                  = 0x80002000
-	ATTR_VOL_SIGNATURE                = 0x2
-	ATTR_VOL_SIZE                     = 0x4
-	ATTR_VOL_SPACEAVAIL               = 0x10
-	ATTR_VOL_SPACEFREE                = 0x8
-	ATTR_VOL_UUID                     = 0x40000
-	ATTR_VOL_VALIDMASK                = 0xf007ffff
-	B0                                = 0x0
-	B110                              = 0x6e
-	B115200                           = 0x1c200
-	B1200                             = 0x4b0
-	B134                              = 0x86
-	B14400                            = 0x3840
-	B150                              = 0x96
-	B1800                             = 0x708
-	B19200                            = 0x4b00
-	B200                              = 0xc8
-	B230400                           = 0x38400
-	B2400                             = 0x960
-	B28800                            = 0x7080
-	B300                              = 0x12c
-	B38400                            = 0x9600
-	B4800                             = 0x12c0
-	B50                               = 0x32
-	B57600                            = 0xe100
-	B600                              = 0x258
-	B7200                             = 0x1c20
-	B75                               = 0x4b
-	B76800                            = 0x12c00
-	B9600                             = 0x2580
-	BIOCFLUSH                         = 0x20004268
-	BIOCGBLEN                         = 0x40044266
-	BIOCGDLT                          = 0x4004426a
-	BIOCGDLTLIST                      = 0xc00c4279
-	BIOCGETIF                         = 0x4020426b
-	BIOCGHDRCMPLT                     = 0x40044274
-	BIOCGRSIG                         = 0x40044272
-	BIOCGRTIMEOUT                     = 0x4010426e
-	BIOCGSEESENT                      = 0x40044276
-	BIOCGSTATS                        = 0x4008426f
-	BIOCIMMEDIATE                     = 0x80044270
-	BIOCPROMISC                       = 0x20004269
-	BIOCSBLEN                         = 0xc0044266
-	BIOCSDLT                          = 0x80044278
-	BIOCSETF                          = 0x80104267
-	BIOCSETFNR                        = 0x8010427e
-	BIOCSETIF                         = 0x8020426c
-	BIOCSHDRCMPLT                     = 0x80044275
-	BIOCSRSIG                         = 0x80044273
-	BIOCSRTIMEOUT                     = 0x8010426d
-	BIOCSSEESENT                      = 0x80044277
-	BIOCVERSION                       = 0x40044271
-	BPF_A                             = 0x10
-	BPF_ABS                           = 0x20
-	BPF_ADD                           = 0x0
-	BPF_ALIGNMENT                     = 0x4
-	BPF_ALU                           = 0x4
-	BPF_AND                           = 0x50
-	BPF_B                             = 0x10
-	BPF_DIV                           = 0x30
-	BPF_H                             = 0x8
-	BPF_IMM                           = 0x0
-	BPF_IND                           = 0x40
-	BPF_JA                            = 0x0
-	BPF_JEQ                           = 0x10
-	BPF_JGE                           = 0x30
-	BPF_JGT                           = 0x20
-	BPF_JMP                           = 0x5
-	BPF_JSET                          = 0x40
-	BPF_K                             = 0x0
-	BPF_LD                            = 0x0
-	BPF_LDX                           = 0x1
-	BPF_LEN                           = 0x80
-	BPF_LSH                           = 0x60
-	BPF_MAJOR_VERSION                 = 0x1
-	BPF_MAXBUFSIZE                    = 0x80000
-	BPF_MAXINSNS                      = 0x200
-	BPF_MEM                           = 0x60
-	BPF_MEMWORDS                      = 0x10
-	BPF_MINBUFSIZE                    = 0x20
-	BPF_MINOR_VERSION                 = 0x1
-	BPF_MISC                          = 0x7
-	BPF_MSH                           = 0xa0
-	BPF_MUL                           = 0x20
-	BPF_NEG                           = 0x80
-	BPF_OR                            = 0x40
-	BPF_RELEASE                       = 0x30bb6
-	BPF_RET                           = 0x6
-	BPF_RSH                           = 0x70
-	BPF_ST                            = 0x2
-	BPF_STX                           = 0x3
-	BPF_SUB                           = 0x10
-	BPF_TAX                           = 0x0
-	BPF_TXA                           = 0x80
-	BPF_W                             = 0x0
-	BPF_X                             = 0x8
-	BRKINT                            = 0x2
-	BS0                               = 0x0
-	BS1                               = 0x8000
-	BSDLY                             = 0x8000
-	CFLUSH                            = 0xf
-	CLOCAL                            = 0x8000
-	CLOCK_MONOTONIC                   = 0x6
-	CLOCK_MONOTONIC_RAW               = 0x4
-	CLOCK_MONOTONIC_RAW_APPROX        = 0x5
-	CLOCK_PROCESS_CPUTIME_ID          = 0xc
-	CLOCK_REALTIME                    = 0x0
-	CLOCK_THREAD_CPUTIME_ID           = 0x10
-	CLOCK_UPTIME_RAW                  = 0x8
-	CLOCK_UPTIME_RAW_APPROX           = 0x9
-	CR0                               = 0x0
-	CR1                               = 0x1000
-	CR2                               = 0x2000
-	CR3                               = 0x3000
-	CRDLY                             = 0x3000
-	CREAD                             = 0x800
-	CRTSCTS                           = 0x30000
-	CS5                               = 0x0
-	CS6                               = 0x100
-	CS7                               = 0x200
-	CS8                               = 0x300
-	CSIZE                             = 0x300
-	CSTART                            = 0x11
-	CSTATUS                           = 0x14
-	CSTOP                             = 0x13
-	CSTOPB                            = 0x400
-	CSUSP                             = 0x1a
-	CTL_HW                            = 0x6
-	CTL_KERN                          = 0x1
-	CTL_MAXNAME                       = 0xc
-	CTL_NET                           = 0x4
-	DLT_A429                          = 0xb8
-	DLT_A653_ICM                      = 0xb9
-	DLT_AIRONET_HEADER                = 0x78
-	DLT_AOS                           = 0xde
-	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
-	DLT_ARCNET                        = 0x7
-	DLT_ARCNET_LINUX                  = 0x81
-	DLT_ATM_CLIP                      = 0x13
-	DLT_ATM_RFC1483                   = 0xb
-	DLT_AURORA                        = 0x7e
-	DLT_AX25                          = 0x3
-	DLT_AX25_KISS                     = 0xca
-	DLT_BACNET_MS_TP                  = 0xa5
-	DLT_BLUETOOTH_HCI_H4              = 0xbb
-	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
-	DLT_CAN20B                        = 0xbe
-	DLT_CAN_SOCKETCAN                 = 0xe3
-	DLT_CHAOS                         = 0x5
-	DLT_CHDLC                         = 0x68
-	DLT_CISCO_IOS                     = 0x76
-	DLT_C_HDLC                        = 0x68
-	DLT_C_HDLC_WITH_DIR               = 0xcd
-	DLT_DBUS                          = 0xe7
-	DLT_DECT                          = 0xdd
-	DLT_DOCSIS                        = 0x8f
-	DLT_DVB_CI                        = 0xeb
-	DLT_ECONET                        = 0x73
-	DLT_EN10MB                        = 0x1
-	DLT_EN3MB                         = 0x2
-	DLT_ENC                           = 0x6d
-	DLT_ERF                           = 0xc5
-	DLT_ERF_ETH                       = 0xaf
-	DLT_ERF_POS                       = 0xb0
-	DLT_FC_2                          = 0xe0
-	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
-	DLT_FDDI                          = 0xa
-	DLT_FLEXRAY                       = 0xd2
-	DLT_FRELAY                        = 0x6b
-	DLT_FRELAY_WITH_DIR               = 0xce
-	DLT_GCOM_SERIAL                   = 0xad
-	DLT_GCOM_T1E1                     = 0xac
-	DLT_GPF_F                         = 0xab
-	DLT_GPF_T                         = 0xaa
-	DLT_GPRS_LLC                      = 0xa9
-	DLT_GSMTAP_ABIS                   = 0xda
-	DLT_GSMTAP_UM                     = 0xd9
-	DLT_HHDLC                         = 0x79
-	DLT_IBM_SN                        = 0x92
-	DLT_IBM_SP                        = 0x91
-	DLT_IEEE802                       = 0x6
-	DLT_IEEE802_11                    = 0x69
-	DLT_IEEE802_11_RADIO              = 0x7f
-	DLT_IEEE802_11_RADIO_AVS          = 0xa3
-	DLT_IEEE802_15_4                  = 0xc3
-	DLT_IEEE802_15_4_LINUX            = 0xbf
-	DLT_IEEE802_15_4_NOFCS            = 0xe6
-	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
-	DLT_IEEE802_16_MAC_CPS            = 0xbc
-	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
-	DLT_IPFILTER                      = 0x74
-	DLT_IPMB                          = 0xc7
-	DLT_IPMB_LINUX                    = 0xd1
-	DLT_IPNET                         = 0xe2
-	DLT_IPOIB                         = 0xf2
-	DLT_IPV4                          = 0xe4
-	DLT_IPV6                          = 0xe5
-	DLT_IP_OVER_FC                    = 0x7a
-	DLT_JUNIPER_ATM1                  = 0x89
-	DLT_JUNIPER_ATM2                  = 0x87
-	DLT_JUNIPER_ATM_CEMIC             = 0xee
-	DLT_JUNIPER_CHDLC                 = 0xb5
-	DLT_JUNIPER_ES                    = 0x84
-	DLT_JUNIPER_ETHER                 = 0xb2
-	DLT_JUNIPER_FIBRECHANNEL          = 0xea
-	DLT_JUNIPER_FRELAY                = 0xb4
-	DLT_JUNIPER_GGSN                  = 0x85
-	DLT_JUNIPER_ISM                   = 0xc2
-	DLT_JUNIPER_MFR                   = 0x86
-	DLT_JUNIPER_MLFR                  = 0x83
-	DLT_JUNIPER_MLPPP                 = 0x82
-	DLT_JUNIPER_MONITOR               = 0xa4
-	DLT_JUNIPER_PIC_PEER              = 0xae
-	DLT_JUNIPER_PPP                   = 0xb3
-	DLT_JUNIPER_PPPOE                 = 0xa7
-	DLT_JUNIPER_PPPOE_ATM             = 0xa8
-	DLT_JUNIPER_SERVICES              = 0x88
-	DLT_JUNIPER_SRX_E2E               = 0xe9
-	DLT_JUNIPER_ST                    = 0xc8
-	DLT_JUNIPER_VP                    = 0xb7
-	DLT_JUNIPER_VS                    = 0xe8
-	DLT_LAPB_WITH_DIR                 = 0xcf
-	DLT_LAPD                          = 0xcb
-	DLT_LIN                           = 0xd4
-	DLT_LINUX_EVDEV                   = 0xd8
-	DLT_LINUX_IRDA                    = 0x90
-	DLT_LINUX_LAPD                    = 0xb1
-	DLT_LINUX_PPP_WITHDIRECTION       = 0xa6
-	DLT_LINUX_SLL                     = 0x71
-	DLT_LOOP                          = 0x6c
-	DLT_LTALK                         = 0x72
-	DLT_MATCHING_MAX                  = 0xf5
-	DLT_MATCHING_MIN                  = 0x68
-	DLT_MFR                           = 0xb6
-	DLT_MOST                          = 0xd3
-	DLT_MPEG_2_TS                     = 0xf3
-	DLT_MPLS                          = 0xdb
-	DLT_MTP2                          = 0x8c
-	DLT_MTP2_WITH_PHDR                = 0x8b
-	DLT_MTP3                          = 0x8d
-	DLT_MUX27010                      = 0xec
-	DLT_NETANALYZER                   = 0xf0
-	DLT_NETANALYZER_TRANSPARENT       = 0xf1
-	DLT_NFC_LLCP                      = 0xf5
-	DLT_NFLOG                         = 0xef
-	DLT_NG40                          = 0xf4
-	DLT_NULL                          = 0x0
-	DLT_PCI_EXP                       = 0x7d
-	DLT_PFLOG                         = 0x75
-	DLT_PFSYNC                        = 0x12
-	DLT_PPI                           = 0xc0
-	DLT_PPP                           = 0x9
-	DLT_PPP_BSDOS                     = 0x10
-	DLT_PPP_ETHER                     = 0x33
-	DLT_PPP_PPPD                      = 0xa6
-	DLT_PPP_SERIAL                    = 0x32
-	DLT_PPP_WITH_DIR                  = 0xcc
-	DLT_PPP_WITH_DIRECTION            = 0xa6
-	DLT_PRISM_HEADER                  = 0x77
-	DLT_PRONET                        = 0x4
-	DLT_RAIF1                         = 0xc6
-	DLT_RAW                           = 0xc
-	DLT_RIO                           = 0x7c
-	DLT_SCCP                          = 0x8e
-	DLT_SITA                          = 0xc4
-	DLT_SLIP                          = 0x8
-	DLT_SLIP_BSDOS                    = 0xf
-	DLT_STANAG_5066_D_PDU             = 0xed
-	DLT_SUNATM                        = 0x7b
-	DLT_SYMANTEC_FIREWALL             = 0x63
-	DLT_TZSP                          = 0x80
-	DLT_USB                           = 0xba
-	DLT_USB_LINUX                     = 0xbd
-	DLT_USB_LINUX_MMAPPED             = 0xdc
-	DLT_USER0                         = 0x93
-	DLT_USER1                         = 0x94
-	DLT_USER10                        = 0x9d
-	DLT_USER11                        = 0x9e
-	DLT_USER12                        = 0x9f
-	DLT_USER13                        = 0xa0
-	DLT_USER14                        = 0xa1
-	DLT_USER15                        = 0xa2
-	DLT_USER2                         = 0x95
-	DLT_USER3                         = 0x96
-	DLT_USER4                         = 0x97
-	DLT_USER5                         = 0x98
-	DLT_USER6                         = 0x99
-	DLT_USER7                         = 0x9a
-	DLT_USER8                         = 0x9b
-	DLT_USER9                         = 0x9c
-	DLT_WIHART                        = 0xdf
-	DLT_X2E_SERIAL                    = 0xd5
-	DLT_X2E_XORAYA                    = 0xd6
-	DT_BLK                            = 0x6
-	DT_CHR                            = 0x2
-	DT_DIR                            = 0x4
-	DT_FIFO                           = 0x1
-	DT_LNK                            = 0xa
-	DT_REG                            = 0x8
-	DT_SOCK                           = 0xc
-	DT_UNKNOWN                        = 0x0
-	DT_WHT                            = 0xe
-	ECHO                              = 0x8
-	ECHOCTL                           = 0x40
-	ECHOE                             = 0x2
-	ECHOK                             = 0x4
-	ECHOKE                            = 0x1
-	ECHONL                            = 0x10
-	ECHOPRT                           = 0x20
-	EVFILT_AIO                        = -0x3
-	EVFILT_EXCEPT                     = -0xf
-	EVFILT_FS                         = -0x9
-	EVFILT_MACHPORT                   = -0x8
-	EVFILT_PROC                       = -0x5
-	EVFILT_READ                       = -0x1
-	EVFILT_SIGNAL                     = -0x6
-	EVFILT_SYSCOUNT                   = 0xf
-	EVFILT_THREADMARKER               = 0xf
-	EVFILT_TIMER                      = -0x7
-	EVFILT_USER                       = -0xa
-	EVFILT_VM                         = -0xc
-	EVFILT_VNODE                      = -0x4
-	EVFILT_WRITE                      = -0x2
-	EV_ADD                            = 0x1
-	EV_CLEAR                          = 0x20
-	EV_DELETE                         = 0x2
-	EV_DISABLE                        = 0x8
-	EV_DISPATCH                       = 0x80
-	EV_DISPATCH2                      = 0x180
-	EV_ENABLE                         = 0x4
-	EV_EOF                            = 0x8000
-	EV_ERROR                          = 0x4000
-	EV_FLAG0                          = 0x1000
-	EV_FLAG1                          = 0x2000
-	EV_ONESHOT                        = 0x10
-	EV_OOBAND                         = 0x2000
-	EV_POLL                           = 0x1000
-	EV_RECEIPT                        = 0x40
-	EV_SYSFLAGS                       = 0xf000
-	EV_UDATA_SPECIFIC                 = 0x100
-	EV_VANISHED                       = 0x200
-	EXTA                              = 0x4b00
-	EXTB                              = 0x9600
-	EXTPROC                           = 0x800
-	FD_CLOEXEC                        = 0x1
-	FD_SETSIZE                        = 0x400
-	FF0                               = 0x0
-	FF1                               = 0x4000
-	FFDLY                             = 0x4000
-	FLUSHO                            = 0x800000
-	FSOPT_ATTR_CMN_EXTENDED           = 0x20
-	FSOPT_NOFOLLOW                    = 0x1
-	FSOPT_NOINMEMUPDATE               = 0x2
-	FSOPT_PACK_INVAL_ATTRS            = 0x8
-	FSOPT_REPORT_FULLSIZE             = 0x4
-	F_ADDFILESIGS                     = 0x3d
-	F_ADDFILESIGS_FOR_DYLD_SIM        = 0x53
-	F_ADDFILESIGS_RETURN              = 0x61
-	F_ADDSIGS                         = 0x3b
-	F_ALLOCATEALL                     = 0x4
-	F_ALLOCATECONTIG                  = 0x2
-	F_BARRIERFSYNC                    = 0x55
-	F_CHECK_LV                        = 0x62
-	F_CHKCLEAN                        = 0x29
-	F_DUPFD                           = 0x0
-	F_DUPFD_CLOEXEC                   = 0x43
-	F_FINDSIGS                        = 0x4e
-	F_FLUSH_DATA                      = 0x28
-	F_FREEZE_FS                       = 0x35
-	F_FULLFSYNC                       = 0x33
-	F_GETCODEDIR                      = 0x48
-	F_GETFD                           = 0x1
-	F_GETFL                           = 0x3
-	F_GETLK                           = 0x7
-	F_GETLKPID                        = 0x42
-	F_GETNOSIGPIPE                    = 0x4a
-	F_GETOWN                          = 0x5
-	F_GETPATH                         = 0x32
-	F_GETPATH_MTMINFO                 = 0x47
-	F_GETPROTECTIONCLASS              = 0x3f
-	F_GETPROTECTIONLEVEL              = 0x4d
-	F_GLOBAL_NOCACHE                  = 0x37
-	F_LOG2PHYS                        = 0x31
-	F_LOG2PHYS_EXT                    = 0x41
-	F_NOCACHE                         = 0x30
-	F_NODIRECT                        = 0x3e
-	F_OK                              = 0x0
-	F_PATHPKG_CHECK                   = 0x34
-	F_PEOFPOSMODE                     = 0x3
-	F_PREALLOCATE                     = 0x2a
-	F_PUNCHHOLE                       = 0x63
-	F_RDADVISE                        = 0x2c
-	F_RDAHEAD                         = 0x2d
-	F_RDLCK                           = 0x1
-	F_SETBACKINGSTORE                 = 0x46
-	F_SETFD                           = 0x2
-	F_SETFL                           = 0x4
-	F_SETLK                           = 0x8
-	F_SETLKW                          = 0x9
-	F_SETLKWTIMEOUT                   = 0xa
-	F_SETNOSIGPIPE                    = 0x49
-	F_SETOWN                          = 0x6
-	F_SETPROTECTIONCLASS              = 0x40
-	F_SETSIZE                         = 0x2b
-	F_SINGLE_WRITER                   = 0x4c
-	F_THAW_FS                         = 0x36
-	F_TRANSCODEKEY                    = 0x4b
-	F_TRIM_ACTIVE_FILE                = 0x64
-	F_UNLCK                           = 0x2
-	F_VOLPOSMODE                      = 0x4
-	F_WRLCK                           = 0x3
-	HUPCL                             = 0x4000
-	HW_MACHINE                        = 0x1
-	ICANON                            = 0x100
-	ICMP6_FILTER                      = 0x12
-	ICRNL                             = 0x100
-	IEXTEN                            = 0x400
-	IFF_ALLMULTI                      = 0x200
-	IFF_ALTPHYS                       = 0x4000
-	IFF_BROADCAST                     = 0x2
-	IFF_DEBUG                         = 0x4
-	IFF_LINK0                         = 0x1000
-	IFF_LINK1                         = 0x2000
-	IFF_LINK2                         = 0x4000
-	IFF_LOOPBACK                      = 0x8
-	IFF_MULTICAST                     = 0x8000
-	IFF_NOARP                         = 0x80
-	IFF_NOTRAILERS                    = 0x20
-	IFF_OACTIVE                       = 0x400
-	IFF_POINTOPOINT                   = 0x10
-	IFF_PROMISC                       = 0x100
-	IFF_RUNNING                       = 0x40
-	IFF_SIMPLEX                       = 0x800
-	IFF_UP                            = 0x1
-	IFNAMSIZ                          = 0x10
-	IFT_1822                          = 0x2
-	IFT_AAL5                          = 0x31
-	IFT_ARCNET                        = 0x23
-	IFT_ARCNETPLUS                    = 0x24
-	IFT_ATM                           = 0x25
-	IFT_BRIDGE                        = 0xd1
-	IFT_CARP                          = 0xf8
-	IFT_CELLULAR                      = 0xff
-	IFT_CEPT                          = 0x13
-	IFT_DS3                           = 0x1e
-	IFT_ENC                           = 0xf4
-	IFT_EON                           = 0x19
-	IFT_ETHER                         = 0x6
-	IFT_FAITH                         = 0x38
-	IFT_FDDI                          = 0xf
-	IFT_FRELAY                        = 0x20
-	IFT_FRELAYDCE                     = 0x2c
-	IFT_GIF                           = 0x37
-	IFT_HDH1822                       = 0x3
-	IFT_HIPPI                         = 0x2f
-	IFT_HSSI                          = 0x2e
-	IFT_HY                            = 0xe
-	IFT_IEEE1394                      = 0x90
-	IFT_IEEE8023ADLAG                 = 0x88
-	IFT_ISDNBASIC                     = 0x14
-	IFT_ISDNPRIMARY                   = 0x15
-	IFT_ISO88022LLC                   = 0x29
-	IFT_ISO88023                      = 0x7
-	IFT_ISO88024                      = 0x8
-	IFT_ISO88025                      = 0x9
-	IFT_ISO88026                      = 0xa
-	IFT_L2VLAN                        = 0x87
-	IFT_LAPB                          = 0x10
-	IFT_LOCALTALK                     = 0x2a
-	IFT_LOOP                          = 0x18
-	IFT_MIOX25                        = 0x26
-	IFT_MODEM                         = 0x30
-	IFT_NSIP                          = 0x1b
-	IFT_OTHER                         = 0x1
-	IFT_P10                           = 0xc
-	IFT_P80                           = 0xd
-	IFT_PARA                          = 0x22
-	IFT_PDP                           = 0xff
-	IFT_PFLOG                         = 0xf5
-	IFT_PFSYNC                        = 0xf6
-	IFT_PKTAP                         = 0xfe
-	IFT_PPP                           = 0x17
-	IFT_PROPMUX                       = 0x36
-	IFT_PROPVIRTUAL                   = 0x35
-	IFT_PTPSERIAL                     = 0x16
-	IFT_RS232                         = 0x21
-	IFT_SDLC                          = 0x11
-	IFT_SIP                           = 0x1f
-	IFT_SLIP                          = 0x1c
-	IFT_SMDSDXI                       = 0x2b
-	IFT_SMDSICIP                      = 0x34
-	IFT_SONET                         = 0x27
-	IFT_SONETPATH                     = 0x32
-	IFT_SONETVT                       = 0x33
-	IFT_STARLAN                       = 0xb
-	IFT_STF                           = 0x39
-	IFT_T1                            = 0x12
-	IFT_ULTRA                         = 0x1d
-	IFT_V35                           = 0x2d
-	IFT_X25                           = 0x5
-	IFT_X25DDN                        = 0x4
-	IFT_X25PLE                        = 0x28
-	IFT_XETHER                        = 0x1a
-	IGNBRK                            = 0x1
-	IGNCR                             = 0x80
-	IGNPAR                            = 0x4
-	IMAXBEL                           = 0x2000
-	INLCR                             = 0x40
-	INPCK                             = 0x10
-	IN_CLASSA_HOST                    = 0xffffff
-	IN_CLASSA_MAX                     = 0x80
-	IN_CLASSA_NET                     = 0xff000000
-	IN_CLASSA_NSHIFT                  = 0x18
-	IN_CLASSB_HOST                    = 0xffff
-	IN_CLASSB_MAX                     = 0x10000
-	IN_CLASSB_NET                     = 0xffff0000
-	IN_CLASSB_NSHIFT                  = 0x10
-	IN_CLASSC_HOST                    = 0xff
-	IN_CLASSC_NET                     = 0xffffff00
-	IN_CLASSC_NSHIFT                  = 0x8
-	IN_CLASSD_HOST                    = 0xfffffff
-	IN_CLASSD_NET                     = 0xf0000000
-	IN_CLASSD_NSHIFT                  = 0x1c
-	IN_LINKLOCALNETNUM                = 0xa9fe0000
-	IN_LOOPBACKNET                    = 0x7f
-	IPPROTO_3PC                       = 0x22
-	IPPROTO_ADFS                      = 0x44
-	IPPROTO_AH                        = 0x33
-	IPPROTO_AHIP                      = 0x3d
-	IPPROTO_APES                      = 0x63
-	IPPROTO_ARGUS                     = 0xd
-	IPPROTO_AX25                      = 0x5d
-	IPPROTO_BHA                       = 0x31
-	IPPROTO_BLT                       = 0x1e
-	IPPROTO_BRSATMON                  = 0x4c
-	IPPROTO_CFTP                      = 0x3e
-	IPPROTO_CHAOS                     = 0x10
-	IPPROTO_CMTP                      = 0x26
-	IPPROTO_CPHB                      = 0x49
-	IPPROTO_CPNX                      = 0x48
-	IPPROTO_DDP                       = 0x25
-	IPPROTO_DGP                       = 0x56
-	IPPROTO_DIVERT                    = 0xfe
-	IPPROTO_DONE                      = 0x101
-	IPPROTO_DSTOPTS                   = 0x3c
-	IPPROTO_EGP                       = 0x8
-	IPPROTO_EMCON                     = 0xe
-	IPPROTO_ENCAP                     = 0x62
-	IPPROTO_EON                       = 0x50
-	IPPROTO_ESP                       = 0x32
-	IPPROTO_ETHERIP                   = 0x61
-	IPPROTO_FRAGMENT                  = 0x2c
-	IPPROTO_GGP                       = 0x3
-	IPPROTO_GMTP                      = 0x64
-	IPPROTO_GRE                       = 0x2f
-	IPPROTO_HELLO                     = 0x3f
-	IPPROTO_HMP                       = 0x14
-	IPPROTO_HOPOPTS                   = 0x0
-	IPPROTO_ICMP                      = 0x1
-	IPPROTO_ICMPV6                    = 0x3a
-	IPPROTO_IDP                       = 0x16
-	IPPROTO_IDPR                      = 0x23
-	IPPROTO_IDRP                      = 0x2d
-	IPPROTO_IGMP                      = 0x2
-	IPPROTO_IGP                       = 0x55
-	IPPROTO_IGRP                      = 0x58
-	IPPROTO_IL                        = 0x28
-	IPPROTO_INLSP                     = 0x34
-	IPPROTO_INP                       = 0x20
-	IPPROTO_IP                        = 0x0
-	IPPROTO_IPCOMP                    = 0x6c
-	IPPROTO_IPCV                      = 0x47
-	IPPROTO_IPEIP                     = 0x5e
-	IPPROTO_IPIP                      = 0x4
-	IPPROTO_IPPC                      = 0x43
-	IPPROTO_IPV4                      = 0x4
-	IPPROTO_IPV6                      = 0x29
-	IPPROTO_IRTP                      = 0x1c
-	IPPROTO_KRYPTOLAN                 = 0x41
-	IPPROTO_LARP                      = 0x5b
-	IPPROTO_LEAF1                     = 0x19
-	IPPROTO_LEAF2                     = 0x1a
-	IPPROTO_MAX                       = 0x100
-	IPPROTO_MAXID                     = 0x34
-	IPPROTO_MEAS                      = 0x13
-	IPPROTO_MHRP                      = 0x30
-	IPPROTO_MICP                      = 0x5f
-	IPPROTO_MTP                       = 0x5c
-	IPPROTO_MUX                       = 0x12
-	IPPROTO_ND                        = 0x4d
-	IPPROTO_NHRP                      = 0x36
-	IPPROTO_NONE                      = 0x3b
-	IPPROTO_NSP                       = 0x1f
-	IPPROTO_NVPII                     = 0xb
-	IPPROTO_OSPFIGP                   = 0x59
-	IPPROTO_PGM                       = 0x71
-	IPPROTO_PIGP                      = 0x9
-	IPPROTO_PIM                       = 0x67
-	IPPROTO_PRM                       = 0x15
-	IPPROTO_PUP                       = 0xc
-	IPPROTO_PVP                       = 0x4b
-	IPPROTO_RAW                       = 0xff
-	IPPROTO_RCCMON                    = 0xa
-	IPPROTO_RDP                       = 0x1b
-	IPPROTO_ROUTING                   = 0x2b
-	IPPROTO_RSVP                      = 0x2e
-	IPPROTO_RVD                       = 0x42
-	IPPROTO_SATEXPAK                  = 0x40
-	IPPROTO_SATMON                    = 0x45
-	IPPROTO_SCCSP                     = 0x60
-	IPPROTO_SCTP                      = 0x84
-	IPPROTO_SDRP                      = 0x2a
-	IPPROTO_SEP                       = 0x21
-	IPPROTO_SRPC                      = 0x5a
-	IPPROTO_ST                        = 0x7
-	IPPROTO_SVMTP                     = 0x52
-	IPPROTO_SWIPE                     = 0x35
-	IPPROTO_TCF                       = 0x57
-	IPPROTO_TCP                       = 0x6
-	IPPROTO_TP                        = 0x1d
-	IPPROTO_TPXX                      = 0x27
-	IPPROTO_TRUNK1                    = 0x17
-	IPPROTO_TRUNK2                    = 0x18
-	IPPROTO_TTP                       = 0x54
-	IPPROTO_UDP                       = 0x11
-	IPPROTO_VINES                     = 0x53
-	IPPROTO_VISA                      = 0x46
-	IPPROTO_VMTP                      = 0x51
-	IPPROTO_WBEXPAK                   = 0x4f
-	IPPROTO_WBMON                     = 0x4e
-	IPPROTO_WSN                       = 0x4a
-	IPPROTO_XNET                      = 0xf
-	IPPROTO_XTP                       = 0x24
-	IPV6_2292DSTOPTS                  = 0x17
-	IPV6_2292HOPLIMIT                 = 0x14
-	IPV6_2292HOPOPTS                  = 0x16
-	IPV6_2292NEXTHOP                  = 0x15
-	IPV6_2292PKTINFO                  = 0x13
-	IPV6_2292PKTOPTIONS               = 0x19
-	IPV6_2292RTHDR                    = 0x18
-	IPV6_BINDV6ONLY                   = 0x1b
-	IPV6_BOUND_IF                     = 0x7d
-	IPV6_CHECKSUM                     = 0x1a
-	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
-	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
-	IPV6_DEFHLIM                      = 0x40
-	IPV6_FAITH                        = 0x1d
-	IPV6_FLOWINFO_MASK                = 0xffffff0f
-	IPV6_FLOWLABEL_MASK               = 0xffff0f00
-	IPV6_FLOW_ECN_MASK                = 0x300
-	IPV6_FRAGTTL                      = 0x3c
-	IPV6_FW_ADD                       = 0x1e
-	IPV6_FW_DEL                       = 0x1f
-	IPV6_FW_FLUSH                     = 0x20
-	IPV6_FW_GET                       = 0x22
-	IPV6_FW_ZERO                      = 0x21
-	IPV6_HLIMDEC                      = 0x1
-	IPV6_IPSEC_POLICY                 = 0x1c
-	IPV6_JOIN_GROUP                   = 0xc
-	IPV6_LEAVE_GROUP                  = 0xd
-	IPV6_MAXHLIM                      = 0xff
-	IPV6_MAXOPTHDR                    = 0x800
-	IPV6_MAXPACKET                    = 0xffff
-	IPV6_MAX_GROUP_SRC_FILTER         = 0x200
-	IPV6_MAX_MEMBERSHIPS              = 0xfff
-	IPV6_MAX_SOCK_SRC_FILTER          = 0x80
-	IPV6_MIN_MEMBERSHIPS              = 0x1f
-	IPV6_MMTU                         = 0x500
-	IPV6_MULTICAST_HOPS               = 0xa
-	IPV6_MULTICAST_IF                 = 0x9
-	IPV6_MULTICAST_LOOP               = 0xb
-	IPV6_PORTRANGE                    = 0xe
-	IPV6_PORTRANGE_DEFAULT            = 0x0
-	IPV6_PORTRANGE_HIGH               = 0x1
-	IPV6_PORTRANGE_LOW                = 0x2
-	IPV6_RECVTCLASS                   = 0x23
-	IPV6_RTHDR_LOOSE                  = 0x0
-	IPV6_RTHDR_STRICT                 = 0x1
-	IPV6_RTHDR_TYPE_0                 = 0x0
-	IPV6_SOCKOPT_RESERVED1            = 0x3
-	IPV6_TCLASS                       = 0x24
-	IPV6_UNICAST_HOPS                 = 0x4
-	IPV6_V6ONLY                       = 0x1b
-	IPV6_VERSION                      = 0x60
-	IPV6_VERSION_MASK                 = 0xf0
-	IP_ADD_MEMBERSHIP                 = 0xc
-	IP_ADD_SOURCE_MEMBERSHIP          = 0x46
-	IP_BLOCK_SOURCE                   = 0x48
-	IP_BOUND_IF                       = 0x19
-	IP_DEFAULT_MULTICAST_LOOP         = 0x1
-	IP_DEFAULT_MULTICAST_TTL          = 0x1
-	IP_DF                             = 0x4000
-	IP_DROP_MEMBERSHIP                = 0xd
-	IP_DROP_SOURCE_MEMBERSHIP         = 0x47
-	IP_DUMMYNET_CONFIGURE             = 0x3c
-	IP_DUMMYNET_DEL                   = 0x3d
-	IP_DUMMYNET_FLUSH                 = 0x3e
-	IP_DUMMYNET_GET                   = 0x40
-	IP_FAITH                          = 0x16
-	IP_FW_ADD                         = 0x28
-	IP_FW_DEL                         = 0x29
-	IP_FW_FLUSH                       = 0x2a
-	IP_FW_GET                         = 0x2c
-	IP_FW_RESETLOG                    = 0x2d
-	IP_FW_ZERO                        = 0x2b
-	IP_HDRINCL                        = 0x2
-	IP_IPSEC_POLICY                   = 0x15
-	IP_MAXPACKET                      = 0xffff
-	IP_MAX_GROUP_SRC_FILTER           = 0x200
-	IP_MAX_MEMBERSHIPS                = 0xfff
-	IP_MAX_SOCK_MUTE_FILTER           = 0x80
-	IP_MAX_SOCK_SRC_FILTER            = 0x80
-	IP_MF                             = 0x2000
-	IP_MIN_MEMBERSHIPS                = 0x1f
-	IP_MSFILTER                       = 0x4a
-	IP_MSS                            = 0x240
-	IP_MULTICAST_IF                   = 0x9
-	IP_MULTICAST_IFINDEX              = 0x42
-	IP_MULTICAST_LOOP                 = 0xb
-	IP_MULTICAST_TTL                  = 0xa
-	IP_MULTICAST_VIF                  = 0xe
-	IP_NAT__XXX                       = 0x37
-	IP_OFFMASK                        = 0x1fff
-	IP_OLD_FW_ADD                     = 0x32
-	IP_OLD_FW_DEL                     = 0x33
-	IP_OLD_FW_FLUSH                   = 0x34
-	IP_OLD_FW_GET                     = 0x36
-	IP_OLD_FW_RESETLOG                = 0x38
-	IP_OLD_FW_ZERO                    = 0x35
-	IP_OPTIONS                        = 0x1
-	IP_PKTINFO                        = 0x1a
-	IP_PORTRANGE                      = 0x13
-	IP_PORTRANGE_DEFAULT              = 0x0
-	IP_PORTRANGE_HIGH                 = 0x1
-	IP_PORTRANGE_LOW                  = 0x2
-	IP_RECVDSTADDR                    = 0x7
-	IP_RECVIF                         = 0x14
-	IP_RECVOPTS                       = 0x5
-	IP_RECVPKTINFO                    = 0x1a
-	IP_RECVRETOPTS                    = 0x6
-	IP_RECVTOS                        = 0x1b
-	IP_RECVTTL                        = 0x18
-	IP_RETOPTS                        = 0x8
-	IP_RF                             = 0x8000
-	IP_RSVP_OFF                       = 0x10
-	IP_RSVP_ON                        = 0xf
-	IP_RSVP_VIF_OFF                   = 0x12
-	IP_RSVP_VIF_ON                    = 0x11
-	IP_STRIPHDR                       = 0x17
-	IP_TOS                            = 0x3
-	IP_TRAFFIC_MGT_BACKGROUND         = 0x41
-	IP_TTL                            = 0x4
-	IP_UNBLOCK_SOURCE                 = 0x49
-	ISIG                              = 0x80
-	ISTRIP                            = 0x20
-	IUTF8                             = 0x4000
-	IXANY                             = 0x800
-	IXOFF                             = 0x400
-	IXON                              = 0x200
-	KERN_HOSTNAME                     = 0xa
-	KERN_OSRELEASE                    = 0x2
-	KERN_OSTYPE                       = 0x1
-	KERN_VERSION                      = 0x4
-	LOCK_EX                           = 0x2
-	LOCK_NB                           = 0x4
-	LOCK_SH                           = 0x1
-	LOCK_UN                           = 0x8
-	MADV_CAN_REUSE                    = 0x9
-	MADV_DONTNEED                     = 0x4
-	MADV_FREE                         = 0x5
-	MADV_FREE_REUSABLE                = 0x7
-	MADV_FREE_REUSE                   = 0x8
-	MADV_NORMAL                       = 0x0
-	MADV_PAGEOUT                      = 0xa
-	MADV_RANDOM                       = 0x1
-	MADV_SEQUENTIAL                   = 0x2
-	MADV_WILLNEED                     = 0x3
-	MADV_ZERO_WIRED_PAGES             = 0x6
-	MAP_ANON                          = 0x1000
-	MAP_ANONYMOUS                     = 0x1000
-	MAP_COPY                          = 0x2
-	MAP_FILE                          = 0x0
-	MAP_FIXED                         = 0x10
-	MAP_HASSEMAPHORE                  = 0x200
-	MAP_JIT                           = 0x800
-	MAP_NOCACHE                       = 0x400
-	MAP_NOEXTEND                      = 0x100
-	MAP_NORESERVE                     = 0x40
-	MAP_PRIVATE                       = 0x2
-	MAP_RENAME                        = 0x20
-	MAP_RESERVED0080                  = 0x80
-	MAP_RESILIENT_CODESIGN            = 0x2000
-	MAP_RESILIENT_MEDIA               = 0x4000
-	MAP_SHARED                        = 0x1
-	MCL_CURRENT                       = 0x1
-	MCL_FUTURE                        = 0x2
-	MNT_ASYNC                         = 0x40
-	MNT_AUTOMOUNTED                   = 0x400000
-	MNT_CMDFLAGS                      = 0xf0000
-	MNT_CPROTECT                      = 0x80
-	MNT_DEFWRITE                      = 0x2000000
-	MNT_DONTBROWSE                    = 0x100000
-	MNT_DOVOLFS                       = 0x8000
-	MNT_DWAIT                         = 0x4
-	MNT_EXPORTED                      = 0x100
-	MNT_FORCE                         = 0x80000
-	MNT_IGNORE_OWNERSHIP              = 0x200000
-	MNT_JOURNALED                     = 0x800000
-	MNT_LOCAL                         = 0x1000
-	MNT_MULTILABEL                    = 0x4000000
-	MNT_NOATIME                       = 0x10000000
-	MNT_NOBLOCK                       = 0x20000
-	MNT_NODEV                         = 0x10
-	MNT_NOEXEC                        = 0x4
-	MNT_NOSUID                        = 0x8
-	MNT_NOUSERXATTR                   = 0x1000000
-	MNT_NOWAIT                        = 0x2
-	MNT_QUARANTINE                    = 0x400
-	MNT_QUOTA                         = 0x2000
-	MNT_RDONLY                        = 0x1
-	MNT_RELOAD                        = 0x40000
-	MNT_ROOTFS                        = 0x4000
-	MNT_SYNCHRONOUS                   = 0x2
-	MNT_UNION                         = 0x20
-	MNT_UNKNOWNPERMISSIONS            = 0x200000
-	MNT_UPDATE                        = 0x10000
-	MNT_VISFLAGMASK                   = 0x17f0f5ff
-	MNT_WAIT                          = 0x1
-	MSG_CTRUNC                        = 0x20
-	MSG_DONTROUTE                     = 0x4
-	MSG_DONTWAIT                      = 0x80
-	MSG_EOF                           = 0x100
-	MSG_EOR                           = 0x8
-	MSG_FLUSH                         = 0x400
-	MSG_HAVEMORE                      = 0x2000
-	MSG_HOLD                          = 0x800
-	MSG_NEEDSA                        = 0x10000
-	MSG_OOB                           = 0x1
-	MSG_PEEK                          = 0x2
-	MSG_RCVMORE                       = 0x4000
-	MSG_SEND                          = 0x1000
-	MSG_TRUNC                         = 0x10
-	MSG_WAITALL                       = 0x40
-	MSG_WAITSTREAM                    = 0x200
-	MS_ASYNC                          = 0x1
-	MS_DEACTIVATE                     = 0x8
-	MS_INVALIDATE                     = 0x2
-	MS_KILLPAGES                      = 0x4
-	MS_SYNC                           = 0x10
-	NAME_MAX                          = 0xff
-	NET_RT_DUMP                       = 0x1
-	NET_RT_DUMP2                      = 0x7
-	NET_RT_FLAGS                      = 0x2
-	NET_RT_IFLIST                     = 0x3
-	NET_RT_IFLIST2                    = 0x6
-	NET_RT_MAXID                      = 0xa
-	NET_RT_STAT                       = 0x4
-	NET_RT_TRASH                      = 0x5
-	NL0                               = 0x0
-	NL1                               = 0x100
-	NL2                               = 0x200
-	NL3                               = 0x300
-	NLDLY                             = 0x300
-	NOFLSH                            = 0x80000000
-	NOKERNINFO                        = 0x2000000
-	NOTE_ABSOLUTE                     = 0x8
-	NOTE_ATTRIB                       = 0x8
-	NOTE_BACKGROUND                   = 0x40
-	NOTE_CHILD                        = 0x4
-	NOTE_CRITICAL                     = 0x20
-	NOTE_DELETE                       = 0x1
-	NOTE_EXEC                         = 0x20000000
-	NOTE_EXIT                         = 0x80000000
-	NOTE_EXITSTATUS                   = 0x4000000
-	NOTE_EXIT_CSERROR                 = 0x40000
-	NOTE_EXIT_DECRYPTFAIL             = 0x10000
-	NOTE_EXIT_DETAIL                  = 0x2000000
-	NOTE_EXIT_DETAIL_MASK             = 0x70000
-	NOTE_EXIT_MEMORY                  = 0x20000
-	NOTE_EXIT_REPARENTED              = 0x80000
-	NOTE_EXTEND                       = 0x4
-	NOTE_FFAND                        = 0x40000000
-	NOTE_FFCOPY                       = 0xc0000000
-	NOTE_FFCTRLMASK                   = 0xc0000000
-	NOTE_FFLAGSMASK                   = 0xffffff
-	NOTE_FFNOP                        = 0x0
-	NOTE_FFOR                         = 0x80000000
-	NOTE_FORK                         = 0x40000000
-	NOTE_FUNLOCK                      = 0x100
-	NOTE_LEEWAY                       = 0x10
-	NOTE_LINK                         = 0x10
-	NOTE_LOWAT                        = 0x1
-	NOTE_MACH_CONTINUOUS_TIME         = 0x80
-	NOTE_NONE                         = 0x80
-	NOTE_NSECONDS                     = 0x4
-	NOTE_OOB                          = 0x2
-	NOTE_PCTRLMASK                    = -0x100000
-	NOTE_PDATAMASK                    = 0xfffff
-	NOTE_REAP                         = 0x10000000
-	NOTE_RENAME                       = 0x20
-	NOTE_REVOKE                       = 0x40
-	NOTE_SECONDS                      = 0x1
-	NOTE_SIGNAL                       = 0x8000000
-	NOTE_TRACK                        = 0x1
-	NOTE_TRACKERR                     = 0x2
-	NOTE_TRIGGER                      = 0x1000000
-	NOTE_USECONDS                     = 0x2
-	NOTE_VM_ERROR                     = 0x10000000
-	NOTE_VM_PRESSURE                  = 0x80000000
-	NOTE_VM_PRESSURE_SUDDEN_TERMINATE = 0x20000000
-	NOTE_VM_PRESSURE_TERMINATE        = 0x40000000
-	NOTE_WRITE                        = 0x2
-	OCRNL                             = 0x10
-	OFDEL                             = 0x20000
-	OFILL                             = 0x80
-	ONLCR                             = 0x2
-	ONLRET                            = 0x40
-	ONOCR                             = 0x20
-	ONOEOT                            = 0x8
-	OPOST                             = 0x1
-	OXTABS                            = 0x4
-	O_ACCMODE                         = 0x3
-	O_ALERT                           = 0x20000000
-	O_APPEND                          = 0x8
-	O_ASYNC                           = 0x40
-	O_CLOEXEC                         = 0x1000000
-	O_CREAT                           = 0x200
-	O_DIRECTORY                       = 0x100000
-	O_DP_GETRAWENCRYPTED              = 0x1
-	O_DP_GETRAWUNENCRYPTED            = 0x2
-	O_DSYNC                           = 0x400000
-	O_EVTONLY                         = 0x8000
-	O_EXCL                            = 0x800
-	O_EXLOCK                          = 0x20
-	O_FSYNC                           = 0x80
-	O_NDELAY                          = 0x4
-	O_NOCTTY                          = 0x20000
-	O_NOFOLLOW                        = 0x100
-	O_NONBLOCK                        = 0x4
-	O_POPUP                           = 0x80000000
-	O_RDONLY                          = 0x0
-	O_RDWR                            = 0x2
-	O_SHLOCK                          = 0x10
-	O_SYMLINK                         = 0x200000
-	O_SYNC                            = 0x80
-	O_TRUNC                           = 0x400
-	O_WRONLY                          = 0x1
-	PARENB                            = 0x1000
-	PARMRK                            = 0x8
-	PARODD                            = 0x2000
-	PENDIN                            = 0x20000000
-	PRIO_PGRP                         = 0x1
-	PRIO_PROCESS                      = 0x0
-	PRIO_USER                         = 0x2
-	PROT_EXEC                         = 0x4
-	PROT_NONE                         = 0x0
-	PROT_READ                         = 0x1
-	PROT_WRITE                        = 0x2
-	PT_ATTACH                         = 0xa
-	PT_ATTACHEXC                      = 0xe
-	PT_CONTINUE                       = 0x7
-	PT_DENY_ATTACH                    = 0x1f
-	PT_DETACH                         = 0xb
-	PT_FIRSTMACH                      = 0x20
-	PT_FORCEQUOTA                     = 0x1e
-	PT_KILL                           = 0x8
-	PT_READ_D                         = 0x2
-	PT_READ_I                         = 0x1
-	PT_READ_U                         = 0x3
-	PT_SIGEXC                         = 0xc
-	PT_STEP                           = 0x9
-	PT_THUPDATE                       = 0xd
-	PT_TRACE_ME                       = 0x0
-	PT_WRITE_D                        = 0x5
-	PT_WRITE_I                        = 0x4
-	PT_WRITE_U                        = 0x6
-	RLIMIT_AS                         = 0x5
-	RLIMIT_CORE                       = 0x4
-	RLIMIT_CPU                        = 0x0
-	RLIMIT_CPU_USAGE_MONITOR          = 0x2
-	RLIMIT_DATA                       = 0x2
-	RLIMIT_FSIZE                      = 0x1
-	RLIMIT_MEMLOCK                    = 0x6
-	RLIMIT_NOFILE                     = 0x8
-	RLIMIT_NPROC                      = 0x7
-	RLIMIT_RSS                        = 0x5
-	RLIMIT_STACK                      = 0x3
-	RLIM_INFINITY                     = 0x7fffffffffffffff
-	RTAX_AUTHOR                       = 0x6
-	RTAX_BRD                          = 0x7
-	RTAX_DST                          = 0x0
-	RTAX_GATEWAY                      = 0x1
-	RTAX_GENMASK                      = 0x3
-	RTAX_IFA                          = 0x5
-	RTAX_IFP                          = 0x4
-	RTAX_MAX                          = 0x8
-	RTAX_NETMASK                      = 0x2
-	RTA_AUTHOR                        = 0x40
-	RTA_BRD                           = 0x80
-	RTA_DST                           = 0x1
-	RTA_GATEWAY                       = 0x2
-	RTA_GENMASK                       = 0x8
-	RTA_IFA                           = 0x20
-	RTA_IFP                           = 0x10
-	RTA_NETMASK                       = 0x4
-	RTF_BLACKHOLE                     = 0x1000
-	RTF_BROADCAST                     = 0x400000
-	RTF_CLONING                       = 0x100
-	RTF_CONDEMNED                     = 0x2000000
-	RTF_DELCLONE                      = 0x80
-	RTF_DONE                          = 0x40
-	RTF_DYNAMIC                       = 0x10
-	RTF_GATEWAY                       = 0x2
-	RTF_HOST                          = 0x4
-	RTF_IFREF                         = 0x4000000
-	RTF_IFSCOPE                       = 0x1000000
-	RTF_LLINFO                        = 0x400
-	RTF_LOCAL                         = 0x200000
-	RTF_MODIFIED                      = 0x20
-	RTF_MULTICAST                     = 0x800000
-	RTF_NOIFREF                       = 0x2000
-	RTF_PINNED                        = 0x100000
-	RTF_PRCLONING                     = 0x10000
-	RTF_PROTO1                        = 0x8000
-	RTF_PROTO2                        = 0x4000
-	RTF_PROTO3                        = 0x40000
-	RTF_PROXY                         = 0x8000000
-	RTF_REJECT                        = 0x8
-	RTF_ROUTER                        = 0x10000000
-	RTF_STATIC                        = 0x800
-	RTF_UP                            = 0x1
-	RTF_WASCLONED                     = 0x20000
-	RTF_XRESOLVE                      = 0x200
-	RTM_ADD                           = 0x1
-	RTM_CHANGE                        = 0x3
-	RTM_DELADDR                       = 0xd
-	RTM_DELETE                        = 0x2
-	RTM_DELMADDR                      = 0x10
-	RTM_GET                           = 0x4
-	RTM_GET2                          = 0x14
-	RTM_IFINFO                        = 0xe
-	RTM_IFINFO2                       = 0x12
-	RTM_LOCK                          = 0x8
-	RTM_LOSING                        = 0x5
-	RTM_MISS                          = 0x7
-	RTM_NEWADDR                       = 0xc
-	RTM_NEWMADDR                      = 0xf
-	RTM_NEWMADDR2                     = 0x13
-	RTM_OLDADD                        = 0x9
-	RTM_OLDDEL                        = 0xa
-	RTM_REDIRECT                      = 0x6
-	RTM_RESOLVE                       = 0xb
-	RTM_RTTUNIT                       = 0xf4240
-	RTM_VERSION                       = 0x5
-	RTV_EXPIRE                        = 0x4
-	RTV_HOPCOUNT                      = 0x2
-	RTV_MTU                           = 0x1
-	RTV_RPIPE                         = 0x8
-	RTV_RTT                           = 0x40
-	RTV_RTTVAR                        = 0x80
-	RTV_SPIPE                         = 0x10
-	RTV_SSTHRESH                      = 0x20
-	RUSAGE_CHILDREN                   = -0x1
-	RUSAGE_SELF                       = 0x0
-	SCM_CREDS                         = 0x3
-	SCM_RIGHTS                        = 0x1
-	SCM_TIMESTAMP                     = 0x2
-	SCM_TIMESTAMP_MONOTONIC           = 0x4
-	SHUT_RD                           = 0x0
-	SHUT_RDWR                         = 0x2
-	SHUT_WR                           = 0x1
-	SIOCADDMULTI                      = 0x80206931
-	SIOCAIFADDR                       = 0x8040691a
-	SIOCARPIPLL                       = 0xc0206928
-	SIOCATMARK                        = 0x40047307
-	SIOCAUTOADDR                      = 0xc0206926
-	SIOCAUTONETMASK                   = 0x80206927
-	SIOCDELMULTI                      = 0x80206932
-	SIOCDIFADDR                       = 0x80206919
-	SIOCDIFPHYADDR                    = 0x80206941
-	SIOCGDRVSPEC                      = 0xc028697b
-	SIOCGETVLAN                       = 0xc020697f
-	SIOCGHIWAT                        = 0x40047301
-	SIOCGIFADDR                       = 0xc0206921
-	SIOCGIFALTMTU                     = 0xc0206948
-	SIOCGIFASYNCMAP                   = 0xc020697c
-	SIOCGIFBOND                       = 0xc0206947
-	SIOCGIFBRDADDR                    = 0xc0206923
-	SIOCGIFCAP                        = 0xc020695b
-	SIOCGIFCONF                       = 0xc00c6924
-	SIOCGIFDEVMTU                     = 0xc0206944
-	SIOCGIFDSTADDR                    = 0xc0206922
-	SIOCGIFFLAGS                      = 0xc0206911
-	SIOCGIFGENERIC                    = 0xc020693a
-	SIOCGIFKPI                        = 0xc0206987
-	SIOCGIFMAC                        = 0xc0206982
-	SIOCGIFMEDIA                      = 0xc02c6938
-	SIOCGIFMETRIC                     = 0xc0206917
-	SIOCGIFMTU                        = 0xc0206933
-	SIOCGIFNETMASK                    = 0xc0206925
-	SIOCGIFPDSTADDR                   = 0xc0206940
-	SIOCGIFPHYS                       = 0xc0206935
-	SIOCGIFPSRCADDR                   = 0xc020693f
-	SIOCGIFSTATUS                     = 0xc331693d
-	SIOCGIFVLAN                       = 0xc020697f
-	SIOCGIFWAKEFLAGS                  = 0xc0206988
-	SIOCGLOWAT                        = 0x40047303
-	SIOCGPGRP                         = 0x40047309
-	SIOCIFCREATE                      = 0xc0206978
-	SIOCIFCREATE2                     = 0xc020697a
-	SIOCIFDESTROY                     = 0x80206979
-	SIOCIFGCLONERS                    = 0xc0106981
-	SIOCRSLVMULTI                     = 0xc010693b
-	SIOCSDRVSPEC                      = 0x8028697b
-	SIOCSETVLAN                       = 0x8020697e
-	SIOCSHIWAT                        = 0x80047300
-	SIOCSIFADDR                       = 0x8020690c
-	SIOCSIFALTMTU                     = 0x80206945
-	SIOCSIFASYNCMAP                   = 0x8020697d
-	SIOCSIFBOND                       = 0x80206946
-	SIOCSIFBRDADDR                    = 0x80206913
-	SIOCSIFCAP                        = 0x8020695a
-	SIOCSIFDSTADDR                    = 0x8020690e
-	SIOCSIFFLAGS                      = 0x80206910
-	SIOCSIFGENERIC                    = 0x80206939
-	SIOCSIFKPI                        = 0x80206986
-	SIOCSIFLLADDR                     = 0x8020693c
-	SIOCSIFMAC                        = 0x80206983
-	SIOCSIFMEDIA                      = 0xc0206937
-	SIOCSIFMETRIC                     = 0x80206918
-	SIOCSIFMTU                        = 0x80206934
-	SIOCSIFNETMASK                    = 0x80206916
-	SIOCSIFPHYADDR                    = 0x8040693e
-	SIOCSIFPHYS                       = 0x80206936
-	SIOCSIFVLAN                       = 0x8020697e
-	SIOCSLOWAT                        = 0x80047302
-	SIOCSPGRP                         = 0x80047308
-	SOCK_DGRAM                        = 0x2
-	SOCK_MAXADDRLEN                   = 0xff
-	SOCK_RAW                          = 0x3
-	SOCK_RDM                          = 0x4
-	SOCK_SEQPACKET                    = 0x5
-	SOCK_STREAM                       = 0x1
-	SOL_SOCKET                        = 0xffff
-	SOMAXCONN                         = 0x80
-	SO_ACCEPTCONN                     = 0x2
-	SO_BROADCAST                      = 0x20
-	SO_DEBUG                          = 0x1
-	SO_DONTROUTE                      = 0x10
-	SO_DONTTRUNC                      = 0x2000
-	SO_ERROR                          = 0x1007
-	SO_KEEPALIVE                      = 0x8
-	SO_LABEL                          = 0x1010
-	SO_LINGER                         = 0x80
-	SO_LINGER_SEC                     = 0x1080
-	SO_NETSVC_MARKING_LEVEL           = 0x1119
-	SO_NET_SERVICE_TYPE               = 0x1116
-	SO_NKE                            = 0x1021
-	SO_NOADDRERR                      = 0x1023
-	SO_NOSIGPIPE                      = 0x1022
-	SO_NOTIFYCONFLICT                 = 0x1026
-	SO_NP_EXTENSIONS                  = 0x1083
-	SO_NREAD                          = 0x1020
-	SO_NUMRCVPKT                      = 0x1112
-	SO_NWRITE                         = 0x1024
-	SO_OOBINLINE                      = 0x100
-	SO_PEERLABEL                      = 0x1011
-	SO_RANDOMPORT                     = 0x1082
-	SO_RCVBUF                         = 0x1002
-	SO_RCVLOWAT                       = 0x1004
-	SO_RCVTIMEO                       = 0x1006
-	SO_REUSEADDR                      = 0x4
-	SO_REUSEPORT                      = 0x200
-	SO_REUSESHAREUID                  = 0x1025
-	SO_SNDBUF                         = 0x1001
-	SO_SNDLOWAT                       = 0x1003
-	SO_SNDTIMEO                       = 0x1005
-	SO_TIMESTAMP                      = 0x400
-	SO_TIMESTAMP_MONOTONIC            = 0x800
-	SO_TYPE                           = 0x1008
-	SO_UPCALLCLOSEWAIT                = 0x1027
-	SO_USELOOPBACK                    = 0x40
-	SO_WANTMORE                       = 0x4000
-	SO_WANTOOBFLAG                    = 0x8000
-	S_IEXEC                           = 0x40
-	S_IFBLK                           = 0x6000
-	S_IFCHR                           = 0x2000
-	S_IFDIR                           = 0x4000
-	S_IFIFO                           = 0x1000
-	S_IFLNK                           = 0xa000
-	S_IFMT                            = 0xf000
-	S_IFREG                           = 0x8000
-	S_IFSOCK                          = 0xc000
-	S_IFWHT                           = 0xe000
-	S_IREAD                           = 0x100
-	S_IRGRP                           = 0x20
-	S_IROTH                           = 0x4
-	S_IRUSR                           = 0x100
-	S_IRWXG                           = 0x38
-	S_IRWXO                           = 0x7
-	S_IRWXU                           = 0x1c0
-	S_ISGID                           = 0x400
-	S_ISTXT                           = 0x200
-	S_ISUID                           = 0x800
-	S_ISVTX                           = 0x200
-	S_IWGRP                           = 0x10
-	S_IWOTH                           = 0x2
-	S_IWRITE                          = 0x80
-	S_IWUSR                           = 0x80
-	S_IXGRP                           = 0x8
-	S_IXOTH                           = 0x1
-	S_IXUSR                           = 0x40
-	TAB0                              = 0x0
-	TAB1                              = 0x400
-	TAB2                              = 0x800
-	TAB3                              = 0x4
-	TABDLY                            = 0xc04
-	TCIFLUSH                          = 0x1
-	TCIOFF                            = 0x3
-	TCIOFLUSH                         = 0x3
-	TCION                             = 0x4
-	TCOFLUSH                          = 0x2
-	TCOOFF                            = 0x1
-	TCOON                             = 0x2
-	TCP_CONNECTIONTIMEOUT             = 0x20
-	TCP_CONNECTION_INFO               = 0x106
-	TCP_ENABLE_ECN                    = 0x104
-	TCP_FASTOPEN                      = 0x105
-	TCP_KEEPALIVE                     = 0x10
-	TCP_KEEPCNT                       = 0x102
-	TCP_KEEPINTVL                     = 0x101
-	TCP_MAXHLEN                       = 0x3c
-	TCP_MAXOLEN                       = 0x28
-	TCP_MAXSEG                        = 0x2
-	TCP_MAXWIN                        = 0xffff
-	TCP_MAX_SACK                      = 0x4
-	TCP_MAX_WINSHIFT                  = 0xe
-	TCP_MINMSS                        = 0xd8
-	TCP_MSS                           = 0x200
-	TCP_NODELAY                       = 0x1
-	TCP_NOOPT                         = 0x8
-	TCP_NOPUSH                        = 0x4
-	TCP_NOTSENT_LOWAT                 = 0x201
-	TCP_RXT_CONNDROPTIME              = 0x80
-	TCP_RXT_FINDROP                   = 0x100
-	TCP_SENDMOREACKS                  = 0x103
-	TCSAFLUSH                         = 0x2
-	TIOCCBRK                          = 0x2000747a
-	TIOCCDTR                          = 0x20007478
-	TIOCCONS                          = 0x80047462
-	TIOCDCDTIMESTAMP                  = 0x40107458
-	TIOCDRAIN                         = 0x2000745e
-	TIOCDSIMICROCODE                  = 0x20007455
-	TIOCEXCL                          = 0x2000740d
-	TIOCEXT                           = 0x80047460
-	TIOCFLUSH                         = 0x80047410
-	TIOCGDRAINWAIT                    = 0x40047456
-	TIOCGETA                          = 0x40487413
-	TIOCGETD                          = 0x4004741a
-	TIOCGPGRP                         = 0x40047477
-	TIOCGWINSZ                        = 0x40087468
-	TIOCIXOFF                         = 0x20007480
-	TIOCIXON                          = 0x20007481
-	TIOCMBIC                          = 0x8004746b
-	TIOCMBIS                          = 0x8004746c
-	TIOCMGDTRWAIT                     = 0x4004745a
-	TIOCMGET                          = 0x4004746a
-	TIOCMODG                          = 0x40047403
-	TIOCMODS                          = 0x80047404
-	TIOCMSDTRWAIT                     = 0x8004745b
-	TIOCMSET                          = 0x8004746d
-	TIOCM_CAR                         = 0x40
-	TIOCM_CD                          = 0x40
-	TIOCM_CTS                         = 0x20
-	TIOCM_DSR                         = 0x100
-	TIOCM_DTR                         = 0x2
-	TIOCM_LE                          = 0x1
-	TIOCM_RI                          = 0x80
-	TIOCM_RNG                         = 0x80
-	TIOCM_RTS                         = 0x4
-	TIOCM_SR                          = 0x10
-	TIOCM_ST                          = 0x8
-	TIOCNOTTY                         = 0x20007471
-	TIOCNXCL                          = 0x2000740e
-	TIOCOUTQ                          = 0x40047473
-	TIOCPKT                           = 0x80047470
-	TIOCPKT_DATA                      = 0x0
-	TIOCPKT_DOSTOP                    = 0x20
-	TIOCPKT_FLUSHREAD                 = 0x1
-	TIOCPKT_FLUSHWRITE                = 0x2
-	TIOCPKT_IOCTL                     = 0x40
-	TIOCPKT_NOSTOP                    = 0x10
-	TIOCPKT_START                     = 0x8
-	TIOCPKT_STOP                      = 0x4
-	TIOCPTYGNAME                      = 0x40807453
-	TIOCPTYGRANT                      = 0x20007454
-	TIOCPTYUNLK                       = 0x20007452
-	TIOCREMOTE                        = 0x80047469
-	TIOCSBRK                          = 0x2000747b
-	TIOCSCONS                         = 0x20007463
-	TIOCSCTTY                         = 0x20007461
-	TIOCSDRAINWAIT                    = 0x80047457
-	TIOCSDTR                          = 0x20007479
-	TIOCSETA                          = 0x80487414
-	TIOCSETAF                         = 0x80487416
-	TIOCSETAW                         = 0x80487415
-	TIOCSETD                          = 0x8004741b
-	TIOCSIG                           = 0x2000745f
-	TIOCSPGRP                         = 0x80047476
-	TIOCSTART                         = 0x2000746e
-	TIOCSTAT                          = 0x20007465
-	TIOCSTI                           = 0x80017472
-	TIOCSTOP                          = 0x2000746f
-	TIOCSWINSZ                        = 0x80087467
-	TIOCTIMESTAMP                     = 0x40107459
-	TIOCUCNTL                         = 0x80047466
-	TOSTOP                            = 0x400000
-	VDISCARD                          = 0xf
-	VDSUSP                            = 0xb
-	VEOF                              = 0x0
-	VEOL                              = 0x1
-	VEOL2                             = 0x2
-	VERASE                            = 0x3
-	VINTR                             = 0x8
-	VKILL                             = 0x5
-	VLNEXT                            = 0xe
-	VMIN                              = 0x10
-	VM_LOADAVG                        = 0x2
-	VM_MACHFACTOR                     = 0x4
-	VM_MAXID                          = 0x6
-	VM_METER                          = 0x1
-	VM_SWAPUSAGE                      = 0x5
-	VQUIT                             = 0x9
-	VREPRINT                          = 0x6
-	VSTART                            = 0xc
-	VSTATUS                           = 0x12
-	VSTOP                             = 0xd
-	VSUSP                             = 0xa
-	VT0                               = 0x0
-	VT1                               = 0x10000
-	VTDLY                             = 0x10000
-	VTIME                             = 0x11
-	VWERASE                           = 0x4
-	WCONTINUED                        = 0x10
-	WCOREFLAG                         = 0x80
-	WEXITED                           = 0x4
-	WNOHANG                           = 0x1
-	WNOWAIT                           = 0x20
-	WORDSIZE                          = 0x40
-	WSTOPPED                          = 0x8
-	WUNTRACED                         = 0x2
-	XATTR_CREATE                      = 0x2
-	XATTR_NODEFAULT                   = 0x10
-	XATTR_NOFOLLOW                    = 0x1
-	XATTR_NOSECURITY                  = 0x8
-	XATTR_REPLACE                     = 0x4
-	XATTR_SHOWCOMPRESSION             = 0x20
-)
-
-// Errors
-const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
-	EADDRINUSE      = syscall.Errno(0x30)
-	EADDRNOTAVAIL   = syscall.Errno(0x31)
-	EAFNOSUPPORT    = syscall.Errno(0x2f)
-	EAGAIN          = syscall.Errno(0x23)
-	EALREADY        = syscall.Errno(0x25)
-	EAUTH           = syscall.Errno(0x50)
-	EBADARCH        = syscall.Errno(0x56)
-	EBADEXEC        = syscall.Errno(0x55)
-	EBADF           = syscall.Errno(0x9)
-	EBADMACHO       = syscall.Errno(0x58)
-	EBADMSG         = syscall.Errno(0x5e)
-	EBADRPC         = syscall.Errno(0x48)
-	EBUSY           = syscall.Errno(0x10)
-	ECANCELED       = syscall.Errno(0x59)
-	ECHILD          = syscall.Errno(0xa)
-	ECONNABORTED    = syscall.Errno(0x35)
-	ECONNREFUSED    = syscall.Errno(0x3d)
-	ECONNRESET      = syscall.Errno(0x36)
-	EDEADLK         = syscall.Errno(0xb)
-	EDESTADDRREQ    = syscall.Errno(0x27)
-	EDEVERR         = syscall.Errno(0x53)
-	EDOM            = syscall.Errno(0x21)
-	EDQUOT          = syscall.Errno(0x45)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
-	EFTYPE          = syscall.Errno(0x4f)
-	EHOSTDOWN       = syscall.Errno(0x40)
-	EHOSTUNREACH    = syscall.Errno(0x41)
-	EIDRM           = syscall.Errno(0x5a)
-	EILSEQ          = syscall.Errno(0x5c)
-	EINPROGRESS     = syscall.Errno(0x24)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
-	EISCONN         = syscall.Errno(0x38)
-	EISDIR          = syscall.Errno(0x15)
-	ELAST           = syscall.Errno(0x6a)
-	ELOOP           = syscall.Errno(0x3e)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
-	EMSGSIZE        = syscall.Errno(0x28)
-	EMULTIHOP       = syscall.Errno(0x5f)
-	ENAMETOOLONG    = syscall.Errno(0x3f)
-	ENEEDAUTH       = syscall.Errno(0x51)
-	ENETDOWN        = syscall.Errno(0x32)
-	ENETRESET       = syscall.Errno(0x34)
-	ENETUNREACH     = syscall.Errno(0x33)
-	ENFILE          = syscall.Errno(0x17)
-	ENOATTR         = syscall.Errno(0x5d)
-	ENOBUFS         = syscall.Errno(0x37)
-	ENODATA         = syscall.Errno(0x60)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
-	ENOLCK          = syscall.Errno(0x4d)
-	ENOLINK         = syscall.Errno(0x61)
-	ENOMEM          = syscall.Errno(0xc)
-	ENOMSG          = syscall.Errno(0x5b)
-	ENOPOLICY       = syscall.Errno(0x67)
-	ENOPROTOOPT     = syscall.Errno(0x2a)
-	ENOSPC          = syscall.Errno(0x1c)
-	ENOSR           = syscall.Errno(0x62)
-	ENOSTR          = syscall.Errno(0x63)
-	ENOSYS          = syscall.Errno(0x4e)
-	ENOTBLK         = syscall.Errno(0xf)
-	ENOTCONN        = syscall.Errno(0x39)
-	ENOTDIR         = syscall.Errno(0x14)
-	ENOTEMPTY       = syscall.Errno(0x42)
-	ENOTRECOVERABLE = syscall.Errno(0x68)
-	ENOTSOCK        = syscall.Errno(0x26)
-	ENOTSUP         = syscall.Errno(0x2d)
-	ENOTTY          = syscall.Errno(0x19)
-	ENXIO           = syscall.Errno(0x6)
-	EOPNOTSUPP      = syscall.Errno(0x66)
-	EOVERFLOW       = syscall.Errno(0x54)
-	EOWNERDEAD      = syscall.Errno(0x69)
-	EPERM           = syscall.Errno(0x1)
-	EPFNOSUPPORT    = syscall.Errno(0x2e)
-	EPIPE           = syscall.Errno(0x20)
-	EPROCLIM        = syscall.Errno(0x43)
-	EPROCUNAVAIL    = syscall.Errno(0x4c)
-	EPROGMISMATCH   = syscall.Errno(0x4b)
-	EPROGUNAVAIL    = syscall.Errno(0x4a)
-	EPROTO          = syscall.Errno(0x64)
-	EPROTONOSUPPORT = syscall.Errno(0x2b)
-	EPROTOTYPE      = syscall.Errno(0x29)
-	EPWROFF         = syscall.Errno(0x52)
-	EQFULL          = syscall.Errno(0x6a)
-	ERANGE          = syscall.Errno(0x22)
-	EREMOTE         = syscall.Errno(0x47)
-	EROFS           = syscall.Errno(0x1e)
-	ERPCMISMATCH    = syscall.Errno(0x49)
-	ESHLIBVERS      = syscall.Errno(0x57)
-	ESHUTDOWN       = syscall.Errno(0x3a)
-	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
-	ESTALE          = syscall.Errno(0x46)
-	ETIME           = syscall.Errno(0x65)
-	ETIMEDOUT       = syscall.Errno(0x3c)
-	ETOOMANYREFS    = syscall.Errno(0x3b)
-	ETXTBSY         = syscall.Errno(0x1a)
-	EUSERS          = syscall.Errno(0x44)
-	EWOULDBLOCK     = syscall.Errno(0x23)
-	EXDEV           = syscall.Errno(0x12)
-)
-
-// Signals
-const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
-	SIGBUS    = syscall.Signal(0xa)
-	SIGCHLD   = syscall.Signal(0x14)
-	SIGCONT   = syscall.Signal(0x13)
-	SIGEMT    = syscall.Signal(0x7)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINFO   = syscall.Signal(0x1d)
-	SIGINT    = syscall.Signal(0x2)
-	SIGIO     = syscall.Signal(0x17)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
-	SIGPROF   = syscall.Signal(0x1b)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
-	SIGSTOP   = syscall.Signal(0x11)
-	SIGSYS    = syscall.Signal(0xc)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
-	SIGTSTP   = syscall.Signal(0x12)
-	SIGTTIN   = syscall.Signal(0x15)
-	SIGTTOU   = syscall.Signal(0x16)
-	SIGURG    = syscall.Signal(0x10)
-	SIGUSR1   = syscall.Signal(0x1e)
-	SIGUSR2   = syscall.Signal(0x1f)
-	SIGVTALRM = syscall.Signal(0x1a)
-	SIGWINCH  = syscall.Signal(0x1c)
-	SIGXCPU   = syscall.Signal(0x18)
-	SIGXFSZ   = syscall.Signal(0x19)
-)
-
-// Error table
-var errorList = [...]struct {
-	num  syscall.Errno
-	name string
-	desc string
-}{
-	{1, "EPERM", "operation not permitted"},
-	{2, "ENOENT", "no such file or directory"},
-	{3, "ESRCH", "no such process"},
-	{4, "EINTR", "interrupted system call"},
-	{5, "EIO", "input/output error"},
-	{6, "ENXIO", "device not configured"},
-	{7, "E2BIG", "argument list too long"},
-	{8, "ENOEXEC", "exec format error"},
-	{9, "EBADF", "bad file descriptor"},
-	{10, "ECHILD", "no child processes"},
-	{11, "EDEADLK", "resource deadlock avoided"},
-	{12, "ENOMEM", "cannot allocate memory"},
-	{13, "EACCES", "permission denied"},
-	{14, "EFAULT", "bad address"},
-	{15, "ENOTBLK", "block device required"},
-	{16, "EBUSY", "resource busy"},
-	{17, "EEXIST", "file exists"},
-	{18, "EXDEV", "cross-device link"},
-	{19, "ENODEV", "operation not supported by device"},
-	{20, "ENOTDIR", "not a directory"},
-	{21, "EISDIR", "is a directory"},
-	{22, "EINVAL", "invalid argument"},
-	{23, "ENFILE", "too many open files in system"},
-	{24, "EMFILE", "too many open files"},
-	{25, "ENOTTY", "inappropriate ioctl for device"},
-	{26, "ETXTBSY", "text file busy"},
-	{27, "EFBIG", "file too large"},
-	{28, "ENOSPC", "no space left on device"},
-	{29, "ESPIPE", "illegal seek"},
-	{30, "EROFS", "read-only file system"},
-	{31, "EMLINK", "too many links"},
-	{32, "EPIPE", "broken pipe"},
-	{33, "EDOM", "numerical argument out of domain"},
-	{34, "ERANGE", "result too large"},
-	{35, "EAGAIN", "resource temporarily unavailable"},
-	{36, "EINPROGRESS", "operation now in progress"},
-	{37, "EALREADY", "operation already in progress"},
-	{38, "ENOTSOCK", "socket operation on non-socket"},
-	{39, "EDESTADDRREQ", "destination address required"},
-	{40, "EMSGSIZE", "message too long"},
-	{41, "EPROTOTYPE", "protocol wrong type for socket"},
-	{42, "ENOPROTOOPT", "protocol not available"},
-	{43, "EPROTONOSUPPORT", "protocol not supported"},
-	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
-	{45, "ENOTSUP", "operation not supported"},
-	{46, "EPFNOSUPPORT", "protocol family not supported"},
-	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
-	{48, "EADDRINUSE", "address already in use"},
-	{49, "EADDRNOTAVAIL", "can't assign requested address"},
-	{50, "ENETDOWN", "network is down"},
-	{51, "ENETUNREACH", "network is unreachable"},
-	{52, "ENETRESET", "network dropped connection on reset"},
-	{53, "ECONNABORTED", "software caused connection abort"},
-	{54, "ECONNRESET", "connection reset by peer"},
-	{55, "ENOBUFS", "no buffer space available"},
-	{56, "EISCONN", "socket is already connected"},
-	{57, "ENOTCONN", "socket is not connected"},
-	{58, "ESHUTDOWN", "can't send after socket shutdown"},
-	{59, "ETOOMANYREFS", "too many references: can't splice"},
-	{60, "ETIMEDOUT", "operation timed out"},
-	{61, "ECONNREFUSED", "connection refused"},
-	{62, "ELOOP", "too many levels of symbolic links"},
-	{63, "ENAMETOOLONG", "file name too long"},
-	{64, "EHOSTDOWN", "host is down"},
-	{65, "EHOSTUNREACH", "no route to host"},
-	{66, "ENOTEMPTY", "directory not empty"},
-	{67, "EPROCLIM", "too many processes"},
-	{68, "EUSERS", "too many users"},
-	{69, "EDQUOT", "disc quota exceeded"},
-	{70, "ESTALE", "stale NFS file handle"},
-	{71, "EREMOTE", "too many levels of remote in path"},
-	{72, "EBADRPC", "RPC struct is bad"},
-	{73, "ERPCMISMATCH", "RPC version wrong"},
-	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
-	{75, "EPROGMISMATCH", "program version wrong"},
-	{76, "EPROCUNAVAIL", "bad procedure for program"},
-	{77, "ENOLCK", "no locks available"},
-	{78, "ENOSYS", "function not implemented"},
-	{79, "EFTYPE", "inappropriate file type or format"},
-	{80, "EAUTH", "authentication error"},
-	{81, "ENEEDAUTH", "need authenticator"},
-	{82, "EPWROFF", "device power is off"},
-	{83, "EDEVERR", "device error"},
-	{84, "EOVERFLOW", "value too large to be stored in data type"},
-	{85, "EBADEXEC", "bad executable (or shared library)"},
-	{86, "EBADARCH", "bad CPU type in executable"},
-	{87, "ESHLIBVERS", "shared library version mismatch"},
-	{88, "EBADMACHO", "malformed Mach-o file"},
-	{89, "ECANCELED", "operation canceled"},
-	{90, "EIDRM", "identifier removed"},
-	{91, "ENOMSG", "no message of desired type"},
-	{92, "EILSEQ", "illegal byte sequence"},
-	{93, "ENOATTR", "attribute not found"},
-	{94, "EBADMSG", "bad message"},
-	{95, "EMULTIHOP", "EMULTIHOP (Reserved)"},
-	{96, "ENODATA", "no message available on STREAM"},
-	{97, "ENOLINK", "ENOLINK (Reserved)"},
-	{98, "ENOSR", "no STREAM resources"},
-	{99, "ENOSTR", "not a STREAM"},
-	{100, "EPROTO", "protocol error"},
-	{101, "ETIME", "STREAM ioctl timeout"},
-	{102, "EOPNOTSUPP", "operation not supported on socket"},
-	{103, "ENOPOLICY", "policy not found"},
-	{104, "ENOTRECOVERABLE", "state not recoverable"},
-	{105, "EOWNERDEAD", "previous owner died"},
-	{106, "EQFULL", "interface output queue is full"},
-}
-
-// Signal table
-var signalList = [...]struct {
-	num  syscall.Signal
-	name string
-	desc string
-}{
-	{1, "SIGHUP", "hangup"},
-	{2, "SIGINT", "interrupt"},
-	{3, "SIGQUIT", "quit"},
-	{4, "SIGILL", "illegal instruction"},
-	{5, "SIGTRAP", "trace/BPT trap"},
-	{6, "SIGABRT", "abort trap"},
-	{7, "SIGEMT", "EMT trap"},
-	{8, "SIGFPE", "floating point exception"},
-	{9, "SIGKILL", "killed"},
-	{10, "SIGBUS", "bus error"},
-	{11, "SIGSEGV", "segmentation fault"},
-	{12, "SIGSYS", "bad system call"},
-	{13, "SIGPIPE", "broken pipe"},
-	{14, "SIGALRM", "alarm clock"},
-	{15, "SIGTERM", "terminated"},
-	{16, "SIGURG", "urgent I/O condition"},
-	{17, "SIGSTOP", "suspended (signal)"},
-	{18, "SIGTSTP", "suspended"},
-	{19, "SIGCONT", "continued"},
-	{20, "SIGCHLD", "child exited"},
-	{21, "SIGTTIN", "stopped (tty input)"},
-	{22, "SIGTTOU", "stopped (tty output)"},
-	{23, "SIGIO", "I/O possible"},
-	{24, "SIGXCPU", "cputime limit exceeded"},
-	{25, "SIGXFSZ", "filesize limit exceeded"},
-	{26, "SIGVTALRM", "virtual timer expired"},
-	{27, "SIGPROF", "profiling timer expired"},
-	{28, "SIGWINCH", "window size changes"},
-	{29, "SIGINFO", "information request"},
-	{30, "SIGUSR1", "user defined signal 1"},
-	{31, "SIGUSR2", "user defined signal 2"},
-}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
index 6d56d8a059d17..e36f5178d6008 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm64 && darwin
 // +build arm64,darwin
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -11,1474 +12,1582 @@ package unix
 import "syscall"
 
 const (
-	AF_APPLETALK                      = 0x10
-	AF_CCITT                          = 0xa
-	AF_CHAOS                          = 0x5
-	AF_CNT                            = 0x15
-	AF_COIP                           = 0x14
-	AF_DATAKIT                        = 0x9
-	AF_DECnet                         = 0xc
-	AF_DLI                            = 0xd
-	AF_E164                           = 0x1c
-	AF_ECMA                           = 0x8
-	AF_HYLINK                         = 0xf
-	AF_IEEE80211                      = 0x25
-	AF_IMPLINK                        = 0x3
-	AF_INET                           = 0x2
-	AF_INET6                          = 0x1e
-	AF_IPX                            = 0x17
-	AF_ISDN                           = 0x1c
-	AF_ISO                            = 0x7
-	AF_LAT                            = 0xe
-	AF_LINK                           = 0x12
-	AF_LOCAL                          = 0x1
-	AF_MAX                            = 0x28
-	AF_NATM                           = 0x1f
-	AF_NDRV                           = 0x1b
-	AF_NETBIOS                        = 0x21
-	AF_NS                             = 0x6
-	AF_OSI                            = 0x7
-	AF_PPP                            = 0x22
-	AF_PUP                            = 0x4
-	AF_RESERVED_36                    = 0x24
-	AF_ROUTE                          = 0x11
-	AF_SIP                            = 0x18
-	AF_SNA                            = 0xb
-	AF_SYSTEM                         = 0x20
-	AF_UNIX                           = 0x1
-	AF_UNSPEC                         = 0x0
-	AF_UTUN                           = 0x26
-	ALTWERASE                         = 0x200
-	ATTR_BIT_MAP_COUNT                = 0x5
-	ATTR_CMN_ACCESSMASK               = 0x20000
-	ATTR_CMN_ACCTIME                  = 0x1000
-	ATTR_CMN_ADDEDTIME                = 0x10000000
-	ATTR_CMN_BKUPTIME                 = 0x2000
-	ATTR_CMN_CHGTIME                  = 0x800
-	ATTR_CMN_CRTIME                   = 0x200
-	ATTR_CMN_DATA_PROTECT_FLAGS       = 0x40000000
-	ATTR_CMN_DEVID                    = 0x2
-	ATTR_CMN_DOCUMENT_ID              = 0x100000
-	ATTR_CMN_ERROR                    = 0x20000000
-	ATTR_CMN_EXTENDED_SECURITY        = 0x400000
-	ATTR_CMN_FILEID                   = 0x2000000
-	ATTR_CMN_FLAGS                    = 0x40000
-	ATTR_CMN_FNDRINFO                 = 0x4000
-	ATTR_CMN_FSID                     = 0x4
-	ATTR_CMN_FULLPATH                 = 0x8000000
-	ATTR_CMN_GEN_COUNT                = 0x80000
-	ATTR_CMN_GRPID                    = 0x10000
-	ATTR_CMN_GRPUUID                  = 0x1000000
-	ATTR_CMN_MODTIME                  = 0x400
-	ATTR_CMN_NAME                     = 0x1
-	ATTR_CMN_NAMEDATTRCOUNT           = 0x80000
-	ATTR_CMN_NAMEDATTRLIST            = 0x100000
-	ATTR_CMN_OBJID                    = 0x20
-	ATTR_CMN_OBJPERMANENTID           = 0x40
-	ATTR_CMN_OBJTAG                   = 0x10
-	ATTR_CMN_OBJTYPE                  = 0x8
-	ATTR_CMN_OWNERID                  = 0x8000
-	ATTR_CMN_PARENTID                 = 0x4000000
-	ATTR_CMN_PAROBJID                 = 0x80
-	ATTR_CMN_RETURNED_ATTRS           = 0x80000000
-	ATTR_CMN_SCRIPT                   = 0x100
-	ATTR_CMN_SETMASK                  = 0x41c7ff00
-	ATTR_CMN_USERACCESS               = 0x200000
-	ATTR_CMN_UUID                     = 0x800000
-	ATTR_CMN_VALIDMASK                = 0xffffffff
-	ATTR_CMN_VOLSETMASK               = 0x6700
-	ATTR_FILE_ALLOCSIZE               = 0x4
-	ATTR_FILE_CLUMPSIZE               = 0x10
-	ATTR_FILE_DATAALLOCSIZE           = 0x400
-	ATTR_FILE_DATAEXTENTS             = 0x800
-	ATTR_FILE_DATALENGTH              = 0x200
-	ATTR_FILE_DEVTYPE                 = 0x20
-	ATTR_FILE_FILETYPE                = 0x40
-	ATTR_FILE_FORKCOUNT               = 0x80
-	ATTR_FILE_FORKLIST                = 0x100
-	ATTR_FILE_IOBLOCKSIZE             = 0x8
-	ATTR_FILE_LINKCOUNT               = 0x1
-	ATTR_FILE_RSRCALLOCSIZE           = 0x2000
-	ATTR_FILE_RSRCEXTENTS             = 0x4000
-	ATTR_FILE_RSRCLENGTH              = 0x1000
-	ATTR_FILE_SETMASK                 = 0x20
-	ATTR_FILE_TOTALSIZE               = 0x2
-	ATTR_FILE_VALIDMASK               = 0x37ff
-	ATTR_VOL_ALLOCATIONCLUMP          = 0x40
-	ATTR_VOL_ATTRIBUTES               = 0x40000000
-	ATTR_VOL_CAPABILITIES             = 0x20000
-	ATTR_VOL_DIRCOUNT                 = 0x400
-	ATTR_VOL_ENCODINGSUSED            = 0x10000
-	ATTR_VOL_FILECOUNT                = 0x200
-	ATTR_VOL_FSTYPE                   = 0x1
-	ATTR_VOL_INFO                     = 0x80000000
-	ATTR_VOL_IOBLOCKSIZE              = 0x80
-	ATTR_VOL_MAXOBJCOUNT              = 0x800
-	ATTR_VOL_MINALLOCATION            = 0x20
-	ATTR_VOL_MOUNTEDDEVICE            = 0x8000
-	ATTR_VOL_MOUNTFLAGS               = 0x4000
-	ATTR_VOL_MOUNTPOINT               = 0x1000
-	ATTR_VOL_NAME                     = 0x2000
-	ATTR_VOL_OBJCOUNT                 = 0x100
-	ATTR_VOL_QUOTA_SIZE               = 0x10000000
-	ATTR_VOL_RESERVED_SIZE            = 0x20000000
-	ATTR_VOL_SETMASK                  = 0x80002000
-	ATTR_VOL_SIGNATURE                = 0x2
-	ATTR_VOL_SIZE                     = 0x4
-	ATTR_VOL_SPACEAVAIL               = 0x10
-	ATTR_VOL_SPACEFREE                = 0x8
-	ATTR_VOL_UUID                     = 0x40000
-	ATTR_VOL_VALIDMASK                = 0xf007ffff
-	B0                                = 0x0
-	B110                              = 0x6e
-	B115200                           = 0x1c200
-	B1200                             = 0x4b0
-	B134                              = 0x86
-	B14400                            = 0x3840
-	B150                              = 0x96
-	B1800                             = 0x708
-	B19200                            = 0x4b00
-	B200                              = 0xc8
-	B230400                           = 0x38400
-	B2400                             = 0x960
-	B28800                            = 0x7080
-	B300                              = 0x12c
-	B38400                            = 0x9600
-	B4800                             = 0x12c0
-	B50                               = 0x32
-	B57600                            = 0xe100
-	B600                              = 0x258
-	B7200                             = 0x1c20
-	B75                               = 0x4b
-	B76800                            = 0x12c00
-	B9600                             = 0x2580
-	BIOCFLUSH                         = 0x20004268
-	BIOCGBLEN                         = 0x40044266
-	BIOCGDLT                          = 0x4004426a
-	BIOCGDLTLIST                      = 0xc00c4279
-	BIOCGETIF                         = 0x4020426b
-	BIOCGHDRCMPLT                     = 0x40044274
-	BIOCGRSIG                         = 0x40044272
-	BIOCGRTIMEOUT                     = 0x4010426e
-	BIOCGSEESENT                      = 0x40044276
-	BIOCGSTATS                        = 0x4008426f
-	BIOCIMMEDIATE                     = 0x80044270
-	BIOCPROMISC                       = 0x20004269
-	BIOCSBLEN                         = 0xc0044266
-	BIOCSDLT                          = 0x80044278
-	BIOCSETF                          = 0x80104267
-	BIOCSETFNR                        = 0x8010427e
-	BIOCSETIF                         = 0x8020426c
-	BIOCSHDRCMPLT                     = 0x80044275
-	BIOCSRSIG                         = 0x80044273
-	BIOCSRTIMEOUT                     = 0x8010426d
-	BIOCSSEESENT                      = 0x80044277
-	BIOCVERSION                       = 0x40044271
-	BPF_A                             = 0x10
-	BPF_ABS                           = 0x20
-	BPF_ADD                           = 0x0
-	BPF_ALIGNMENT                     = 0x4
-	BPF_ALU                           = 0x4
-	BPF_AND                           = 0x50
-	BPF_B                             = 0x10
-	BPF_DIV                           = 0x30
-	BPF_H                             = 0x8
-	BPF_IMM                           = 0x0
-	BPF_IND                           = 0x40
-	BPF_JA                            = 0x0
-	BPF_JEQ                           = 0x10
-	BPF_JGE                           = 0x30
-	BPF_JGT                           = 0x20
-	BPF_JMP                           = 0x5
-	BPF_JSET                          = 0x40
-	BPF_K                             = 0x0
-	BPF_LD                            = 0x0
-	BPF_LDX                           = 0x1
-	BPF_LEN                           = 0x80
-	BPF_LSH                           = 0x60
-	BPF_MAJOR_VERSION                 = 0x1
-	BPF_MAXBUFSIZE                    = 0x80000
-	BPF_MAXINSNS                      = 0x200
-	BPF_MEM                           = 0x60
-	BPF_MEMWORDS                      = 0x10
-	BPF_MINBUFSIZE                    = 0x20
-	BPF_MINOR_VERSION                 = 0x1
-	BPF_MISC                          = 0x7
-	BPF_MSH                           = 0xa0
-	BPF_MUL                           = 0x20
-	BPF_NEG                           = 0x80
-	BPF_OR                            = 0x40
-	BPF_RELEASE                       = 0x30bb6
-	BPF_RET                           = 0x6
-	BPF_RSH                           = 0x70
-	BPF_ST                            = 0x2
-	BPF_STX                           = 0x3
-	BPF_SUB                           = 0x10
-	BPF_TAX                           = 0x0
-	BPF_TXA                           = 0x80
-	BPF_W                             = 0x0
-	BPF_X                             = 0x8
-	BRKINT                            = 0x2
-	BS0                               = 0x0
-	BS1                               = 0x8000
-	BSDLY                             = 0x8000
-	CFLUSH                            = 0xf
-	CLOCAL                            = 0x8000
-	CLOCK_MONOTONIC                   = 0x6
-	CLOCK_MONOTONIC_RAW               = 0x4
-	CLOCK_MONOTONIC_RAW_APPROX        = 0x5
-	CLOCK_PROCESS_CPUTIME_ID          = 0xc
-	CLOCK_REALTIME                    = 0x0
-	CLOCK_THREAD_CPUTIME_ID           = 0x10
-	CLOCK_UPTIME_RAW                  = 0x8
-	CLOCK_UPTIME_RAW_APPROX           = 0x9
-	CR0                               = 0x0
-	CR1                               = 0x1000
-	CR2                               = 0x2000
-	CR3                               = 0x3000
-	CRDLY                             = 0x3000
-	CREAD                             = 0x800
-	CRTSCTS                           = 0x30000
-	CS5                               = 0x0
-	CS6                               = 0x100
-	CS7                               = 0x200
-	CS8                               = 0x300
-	CSIZE                             = 0x300
-	CSTART                            = 0x11
-	CSTATUS                           = 0x14
-	CSTOP                             = 0x13
-	CSTOPB                            = 0x400
-	CSUSP                             = 0x1a
-	CTL_HW                            = 0x6
-	CTL_KERN                          = 0x1
-	CTL_MAXNAME                       = 0xc
-	CTL_NET                           = 0x4
-	DLT_A429                          = 0xb8
-	DLT_A653_ICM                      = 0xb9
-	DLT_AIRONET_HEADER                = 0x78
-	DLT_AOS                           = 0xde
-	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
-	DLT_ARCNET                        = 0x7
-	DLT_ARCNET_LINUX                  = 0x81
-	DLT_ATM_CLIP                      = 0x13
-	DLT_ATM_RFC1483                   = 0xb
-	DLT_AURORA                        = 0x7e
-	DLT_AX25                          = 0x3
-	DLT_AX25_KISS                     = 0xca
-	DLT_BACNET_MS_TP                  = 0xa5
-	DLT_BLUETOOTH_HCI_H4              = 0xbb
-	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
-	DLT_CAN20B                        = 0xbe
-	DLT_CAN_SOCKETCAN                 = 0xe3
-	DLT_CHAOS                         = 0x5
-	DLT_CHDLC                         = 0x68
-	DLT_CISCO_IOS                     = 0x76
-	DLT_C_HDLC                        = 0x68
-	DLT_C_HDLC_WITH_DIR               = 0xcd
-	DLT_DBUS                          = 0xe7
-	DLT_DECT                          = 0xdd
-	DLT_DOCSIS                        = 0x8f
-	DLT_DVB_CI                        = 0xeb
-	DLT_ECONET                        = 0x73
-	DLT_EN10MB                        = 0x1
-	DLT_EN3MB                         = 0x2
-	DLT_ENC                           = 0x6d
-	DLT_ERF                           = 0xc5
-	DLT_ERF_ETH                       = 0xaf
-	DLT_ERF_POS                       = 0xb0
-	DLT_FC_2                          = 0xe0
-	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
-	DLT_FDDI                          = 0xa
-	DLT_FLEXRAY                       = 0xd2
-	DLT_FRELAY                        = 0x6b
-	DLT_FRELAY_WITH_DIR               = 0xce
-	DLT_GCOM_SERIAL                   = 0xad
-	DLT_GCOM_T1E1                     = 0xac
-	DLT_GPF_F                         = 0xab
-	DLT_GPF_T                         = 0xaa
-	DLT_GPRS_LLC                      = 0xa9
-	DLT_GSMTAP_ABIS                   = 0xda
-	DLT_GSMTAP_UM                     = 0xd9
-	DLT_HHDLC                         = 0x79
-	DLT_IBM_SN                        = 0x92
-	DLT_IBM_SP                        = 0x91
-	DLT_IEEE802                       = 0x6
-	DLT_IEEE802_11                    = 0x69
-	DLT_IEEE802_11_RADIO              = 0x7f
-	DLT_IEEE802_11_RADIO_AVS          = 0xa3
-	DLT_IEEE802_15_4                  = 0xc3
-	DLT_IEEE802_15_4_LINUX            = 0xbf
-	DLT_IEEE802_15_4_NOFCS            = 0xe6
-	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
-	DLT_IEEE802_16_MAC_CPS            = 0xbc
-	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
-	DLT_IPFILTER                      = 0x74
-	DLT_IPMB                          = 0xc7
-	DLT_IPMB_LINUX                    = 0xd1
-	DLT_IPNET                         = 0xe2
-	DLT_IPOIB                         = 0xf2
-	DLT_IPV4                          = 0xe4
-	DLT_IPV6                          = 0xe5
-	DLT_IP_OVER_FC                    = 0x7a
-	DLT_JUNIPER_ATM1                  = 0x89
-	DLT_JUNIPER_ATM2                  = 0x87
-	DLT_JUNIPER_ATM_CEMIC             = 0xee
-	DLT_JUNIPER_CHDLC                 = 0xb5
-	DLT_JUNIPER_ES                    = 0x84
-	DLT_JUNIPER_ETHER                 = 0xb2
-	DLT_JUNIPER_FIBRECHANNEL          = 0xea
-	DLT_JUNIPER_FRELAY                = 0xb4
-	DLT_JUNIPER_GGSN                  = 0x85
-	DLT_JUNIPER_ISM                   = 0xc2
-	DLT_JUNIPER_MFR                   = 0x86
-	DLT_JUNIPER_MLFR                  = 0x83
-	DLT_JUNIPER_MLPPP                 = 0x82
-	DLT_JUNIPER_MONITOR               = 0xa4
-	DLT_JUNIPER_PIC_PEER              = 0xae
-	DLT_JUNIPER_PPP                   = 0xb3
-	DLT_JUNIPER_PPPOE                 = 0xa7
-	DLT_JUNIPER_PPPOE_ATM             = 0xa8
-	DLT_JUNIPER_SERVICES              = 0x88
-	DLT_JUNIPER_SRX_E2E               = 0xe9
-	DLT_JUNIPER_ST                    = 0xc8
-	DLT_JUNIPER_VP                    = 0xb7
-	DLT_JUNIPER_VS                    = 0xe8
-	DLT_LAPB_WITH_DIR                 = 0xcf
-	DLT_LAPD                          = 0xcb
-	DLT_LIN                           = 0xd4
-	DLT_LINUX_EVDEV                   = 0xd8
-	DLT_LINUX_IRDA                    = 0x90
-	DLT_LINUX_LAPD                    = 0xb1
-	DLT_LINUX_PPP_WITHDIRECTION       = 0xa6
-	DLT_LINUX_SLL                     = 0x71
-	DLT_LOOP                          = 0x6c
-	DLT_LTALK                         = 0x72
-	DLT_MATCHING_MAX                  = 0xf5
-	DLT_MATCHING_MIN                  = 0x68
-	DLT_MFR                           = 0xb6
-	DLT_MOST                          = 0xd3
-	DLT_MPEG_2_TS                     = 0xf3
-	DLT_MPLS                          = 0xdb
-	DLT_MTP2                          = 0x8c
-	DLT_MTP2_WITH_PHDR                = 0x8b
-	DLT_MTP3                          = 0x8d
-	DLT_MUX27010                      = 0xec
-	DLT_NETANALYZER                   = 0xf0
-	DLT_NETANALYZER_TRANSPARENT       = 0xf1
-	DLT_NFC_LLCP                      = 0xf5
-	DLT_NFLOG                         = 0xef
-	DLT_NG40                          = 0xf4
-	DLT_NULL                          = 0x0
-	DLT_PCI_EXP                       = 0x7d
-	DLT_PFLOG                         = 0x75
-	DLT_PFSYNC                        = 0x12
-	DLT_PPI                           = 0xc0
-	DLT_PPP                           = 0x9
-	DLT_PPP_BSDOS                     = 0x10
-	DLT_PPP_ETHER                     = 0x33
-	DLT_PPP_PPPD                      = 0xa6
-	DLT_PPP_SERIAL                    = 0x32
-	DLT_PPP_WITH_DIR                  = 0xcc
-	DLT_PPP_WITH_DIRECTION            = 0xa6
-	DLT_PRISM_HEADER                  = 0x77
-	DLT_PRONET                        = 0x4
-	DLT_RAIF1                         = 0xc6
-	DLT_RAW                           = 0xc
-	DLT_RIO                           = 0x7c
-	DLT_SCCP                          = 0x8e
-	DLT_SITA                          = 0xc4
-	DLT_SLIP                          = 0x8
-	DLT_SLIP_BSDOS                    = 0xf
-	DLT_STANAG_5066_D_PDU             = 0xed
-	DLT_SUNATM                        = 0x7b
-	DLT_SYMANTEC_FIREWALL             = 0x63
-	DLT_TZSP                          = 0x80
-	DLT_USB                           = 0xba
-	DLT_USB_LINUX                     = 0xbd
-	DLT_USB_LINUX_MMAPPED             = 0xdc
-	DLT_USER0                         = 0x93
-	DLT_USER1                         = 0x94
-	DLT_USER10                        = 0x9d
-	DLT_USER11                        = 0x9e
-	DLT_USER12                        = 0x9f
-	DLT_USER13                        = 0xa0
-	DLT_USER14                        = 0xa1
-	DLT_USER15                        = 0xa2
-	DLT_USER2                         = 0x95
-	DLT_USER3                         = 0x96
-	DLT_USER4                         = 0x97
-	DLT_USER5                         = 0x98
-	DLT_USER6                         = 0x99
-	DLT_USER7                         = 0x9a
-	DLT_USER8                         = 0x9b
-	DLT_USER9                         = 0x9c
-	DLT_WIHART                        = 0xdf
-	DLT_X2E_SERIAL                    = 0xd5
-	DLT_X2E_XORAYA                    = 0xd6
-	DT_BLK                            = 0x6
-	DT_CHR                            = 0x2
-	DT_DIR                            = 0x4
-	DT_FIFO                           = 0x1
-	DT_LNK                            = 0xa
-	DT_REG                            = 0x8
-	DT_SOCK                           = 0xc
-	DT_UNKNOWN                        = 0x0
-	DT_WHT                            = 0xe
-	ECHO                              = 0x8
-	ECHOCTL                           = 0x40
-	ECHOE                             = 0x2
-	ECHOK                             = 0x4
-	ECHOKE                            = 0x1
-	ECHONL                            = 0x10
-	ECHOPRT                           = 0x20
-	EVFILT_AIO                        = -0x3
-	EVFILT_EXCEPT                     = -0xf
-	EVFILT_FS                         = -0x9
-	EVFILT_MACHPORT                   = -0x8
-	EVFILT_PROC                       = -0x5
-	EVFILT_READ                       = -0x1
-	EVFILT_SIGNAL                     = -0x6
-	EVFILT_SYSCOUNT                   = 0xf
-	EVFILT_THREADMARKER               = 0xf
-	EVFILT_TIMER                      = -0x7
-	EVFILT_USER                       = -0xa
-	EVFILT_VM                         = -0xc
-	EVFILT_VNODE                      = -0x4
-	EVFILT_WRITE                      = -0x2
-	EV_ADD                            = 0x1
-	EV_CLEAR                          = 0x20
-	EV_DELETE                         = 0x2
-	EV_DISABLE                        = 0x8
-	EV_DISPATCH                       = 0x80
-	EV_DISPATCH2                      = 0x180
-	EV_ENABLE                         = 0x4
-	EV_EOF                            = 0x8000
-	EV_ERROR                          = 0x4000
-	EV_FLAG0                          = 0x1000
-	EV_FLAG1                          = 0x2000
-	EV_ONESHOT                        = 0x10
-	EV_OOBAND                         = 0x2000
-	EV_POLL                           = 0x1000
-	EV_RECEIPT                        = 0x40
-	EV_SYSFLAGS                       = 0xf000
-	EV_UDATA_SPECIFIC                 = 0x100
-	EV_VANISHED                       = 0x200
-	EXTA                              = 0x4b00
-	EXTB                              = 0x9600
-	EXTPROC                           = 0x800
-	FD_CLOEXEC                        = 0x1
-	FD_SETSIZE                        = 0x400
-	FF0                               = 0x0
-	FF1                               = 0x4000
-	FFDLY                             = 0x4000
-	FLUSHO                            = 0x800000
-	FSOPT_ATTR_CMN_EXTENDED           = 0x20
-	FSOPT_NOFOLLOW                    = 0x1
-	FSOPT_NOINMEMUPDATE               = 0x2
-	FSOPT_PACK_INVAL_ATTRS            = 0x8
-	FSOPT_REPORT_FULLSIZE             = 0x4
-	F_ADDFILESIGS                     = 0x3d
-	F_ADDFILESIGS_FOR_DYLD_SIM        = 0x53
-	F_ADDFILESIGS_RETURN              = 0x61
-	F_ADDSIGS                         = 0x3b
-	F_ALLOCATEALL                     = 0x4
-	F_ALLOCATECONTIG                  = 0x2
-	F_BARRIERFSYNC                    = 0x55
-	F_CHECK_LV                        = 0x62
-	F_CHKCLEAN                        = 0x29
-	F_DUPFD                           = 0x0
-	F_DUPFD_CLOEXEC                   = 0x43
-	F_FINDSIGS                        = 0x4e
-	F_FLUSH_DATA                      = 0x28
-	F_FREEZE_FS                       = 0x35
-	F_FULLFSYNC                       = 0x33
-	F_GETCODEDIR                      = 0x48
-	F_GETFD                           = 0x1
-	F_GETFL                           = 0x3
-	F_GETLK                           = 0x7
-	F_GETLKPID                        = 0x42
-	F_GETNOSIGPIPE                    = 0x4a
-	F_GETOWN                          = 0x5
-	F_GETPATH                         = 0x32
-	F_GETPATH_MTMINFO                 = 0x47
-	F_GETPROTECTIONCLASS              = 0x3f
-	F_GETPROTECTIONLEVEL              = 0x4d
-	F_GLOBAL_NOCACHE                  = 0x37
-	F_LOG2PHYS                        = 0x31
-	F_LOG2PHYS_EXT                    = 0x41
-	F_NOCACHE                         = 0x30
-	F_NODIRECT                        = 0x3e
-	F_OK                              = 0x0
-	F_PATHPKG_CHECK                   = 0x34
-	F_PEOFPOSMODE                     = 0x3
-	F_PREALLOCATE                     = 0x2a
-	F_PUNCHHOLE                       = 0x63
-	F_RDADVISE                        = 0x2c
-	F_RDAHEAD                         = 0x2d
-	F_RDLCK                           = 0x1
-	F_SETBACKINGSTORE                 = 0x46
-	F_SETFD                           = 0x2
-	F_SETFL                           = 0x4
-	F_SETLK                           = 0x8
-	F_SETLKW                          = 0x9
-	F_SETLKWTIMEOUT                   = 0xa
-	F_SETNOSIGPIPE                    = 0x49
-	F_SETOWN                          = 0x6
-	F_SETPROTECTIONCLASS              = 0x40
-	F_SETSIZE                         = 0x2b
-	F_SINGLE_WRITER                   = 0x4c
-	F_THAW_FS                         = 0x36
-	F_TRANSCODEKEY                    = 0x4b
-	F_TRIM_ACTIVE_FILE                = 0x64
-	F_UNLCK                           = 0x2
-	F_VOLPOSMODE                      = 0x4
-	F_WRLCK                           = 0x3
-	HUPCL                             = 0x4000
-	HW_MACHINE                        = 0x1
-	ICANON                            = 0x100
-	ICMP6_FILTER                      = 0x12
-	ICRNL                             = 0x100
-	IEXTEN                            = 0x400
-	IFF_ALLMULTI                      = 0x200
-	IFF_ALTPHYS                       = 0x4000
-	IFF_BROADCAST                     = 0x2
-	IFF_DEBUG                         = 0x4
-	IFF_LINK0                         = 0x1000
-	IFF_LINK1                         = 0x2000
-	IFF_LINK2                         = 0x4000
-	IFF_LOOPBACK                      = 0x8
-	IFF_MULTICAST                     = 0x8000
-	IFF_NOARP                         = 0x80
-	IFF_NOTRAILERS                    = 0x20
-	IFF_OACTIVE                       = 0x400
-	IFF_POINTOPOINT                   = 0x10
-	IFF_PROMISC                       = 0x100
-	IFF_RUNNING                       = 0x40
-	IFF_SIMPLEX                       = 0x800
-	IFF_UP                            = 0x1
-	IFNAMSIZ                          = 0x10
-	IFT_1822                          = 0x2
-	IFT_AAL5                          = 0x31
-	IFT_ARCNET                        = 0x23
-	IFT_ARCNETPLUS                    = 0x24
-	IFT_ATM                           = 0x25
-	IFT_BRIDGE                        = 0xd1
-	IFT_CARP                          = 0xf8
-	IFT_CELLULAR                      = 0xff
-	IFT_CEPT                          = 0x13
-	IFT_DS3                           = 0x1e
-	IFT_ENC                           = 0xf4
-	IFT_EON                           = 0x19
-	IFT_ETHER                         = 0x6
-	IFT_FAITH                         = 0x38
-	IFT_FDDI                          = 0xf
-	IFT_FRELAY                        = 0x20
-	IFT_FRELAYDCE                     = 0x2c
-	IFT_GIF                           = 0x37
-	IFT_HDH1822                       = 0x3
-	IFT_HIPPI                         = 0x2f
-	IFT_HSSI                          = 0x2e
-	IFT_HY                            = 0xe
-	IFT_IEEE1394                      = 0x90
-	IFT_IEEE8023ADLAG                 = 0x88
-	IFT_ISDNBASIC                     = 0x14
-	IFT_ISDNPRIMARY                   = 0x15
-	IFT_ISO88022LLC                   = 0x29
-	IFT_ISO88023                      = 0x7
-	IFT_ISO88024                      = 0x8
-	IFT_ISO88025                      = 0x9
-	IFT_ISO88026                      = 0xa
-	IFT_L2VLAN                        = 0x87
-	IFT_LAPB                          = 0x10
-	IFT_LOCALTALK                     = 0x2a
-	IFT_LOOP                          = 0x18
-	IFT_MIOX25                        = 0x26
-	IFT_MODEM                         = 0x30
-	IFT_NSIP                          = 0x1b
-	IFT_OTHER                         = 0x1
-	IFT_P10                           = 0xc
-	IFT_P80                           = 0xd
-	IFT_PARA                          = 0x22
-	IFT_PDP                           = 0xff
-	IFT_PFLOG                         = 0xf5
-	IFT_PFSYNC                        = 0xf6
-	IFT_PKTAP                         = 0xfe
-	IFT_PPP                           = 0x17
-	IFT_PROPMUX                       = 0x36
-	IFT_PROPVIRTUAL                   = 0x35
-	IFT_PTPSERIAL                     = 0x16
-	IFT_RS232                         = 0x21
-	IFT_SDLC                          = 0x11
-	IFT_SIP                           = 0x1f
-	IFT_SLIP                          = 0x1c
-	IFT_SMDSDXI                       = 0x2b
-	IFT_SMDSICIP                      = 0x34
-	IFT_SONET                         = 0x27
-	IFT_SONETPATH                     = 0x32
-	IFT_SONETVT                       = 0x33
-	IFT_STARLAN                       = 0xb
-	IFT_STF                           = 0x39
-	IFT_T1                            = 0x12
-	IFT_ULTRA                         = 0x1d
-	IFT_V35                           = 0x2d
-	IFT_X25                           = 0x5
-	IFT_X25DDN                        = 0x4
-	IFT_X25PLE                        = 0x28
-	IFT_XETHER                        = 0x1a
-	IGNBRK                            = 0x1
-	IGNCR                             = 0x80
-	IGNPAR                            = 0x4
-	IMAXBEL                           = 0x2000
-	INLCR                             = 0x40
-	INPCK                             = 0x10
-	IN_CLASSA_HOST                    = 0xffffff
-	IN_CLASSA_MAX                     = 0x80
-	IN_CLASSA_NET                     = 0xff000000
-	IN_CLASSA_NSHIFT                  = 0x18
-	IN_CLASSB_HOST                    = 0xffff
-	IN_CLASSB_MAX                     = 0x10000
-	IN_CLASSB_NET                     = 0xffff0000
-	IN_CLASSB_NSHIFT                  = 0x10
-	IN_CLASSC_HOST                    = 0xff
-	IN_CLASSC_NET                     = 0xffffff00
-	IN_CLASSC_NSHIFT                  = 0x8
-	IN_CLASSD_HOST                    = 0xfffffff
-	IN_CLASSD_NET                     = 0xf0000000
-	IN_CLASSD_NSHIFT                  = 0x1c
-	IN_LINKLOCALNETNUM                = 0xa9fe0000
-	IN_LOOPBACKNET                    = 0x7f
-	IPPROTO_3PC                       = 0x22
-	IPPROTO_ADFS                      = 0x44
-	IPPROTO_AH                        = 0x33
-	IPPROTO_AHIP                      = 0x3d
-	IPPROTO_APES                      = 0x63
-	IPPROTO_ARGUS                     = 0xd
-	IPPROTO_AX25                      = 0x5d
-	IPPROTO_BHA                       = 0x31
-	IPPROTO_BLT                       = 0x1e
-	IPPROTO_BRSATMON                  = 0x4c
-	IPPROTO_CFTP                      = 0x3e
-	IPPROTO_CHAOS                     = 0x10
-	IPPROTO_CMTP                      = 0x26
-	IPPROTO_CPHB                      = 0x49
-	IPPROTO_CPNX                      = 0x48
-	IPPROTO_DDP                       = 0x25
-	IPPROTO_DGP                       = 0x56
-	IPPROTO_DIVERT                    = 0xfe
-	IPPROTO_DONE                      = 0x101
-	IPPROTO_DSTOPTS                   = 0x3c
-	IPPROTO_EGP                       = 0x8
-	IPPROTO_EMCON                     = 0xe
-	IPPROTO_ENCAP                     = 0x62
-	IPPROTO_EON                       = 0x50
-	IPPROTO_ESP                       = 0x32
-	IPPROTO_ETHERIP                   = 0x61
-	IPPROTO_FRAGMENT                  = 0x2c
-	IPPROTO_GGP                       = 0x3
-	IPPROTO_GMTP                      = 0x64
-	IPPROTO_GRE                       = 0x2f
-	IPPROTO_HELLO                     = 0x3f
-	IPPROTO_HMP                       = 0x14
-	IPPROTO_HOPOPTS                   = 0x0
-	IPPROTO_ICMP                      = 0x1
-	IPPROTO_ICMPV6                    = 0x3a
-	IPPROTO_IDP                       = 0x16
-	IPPROTO_IDPR                      = 0x23
-	IPPROTO_IDRP                      = 0x2d
-	IPPROTO_IGMP                      = 0x2
-	IPPROTO_IGP                       = 0x55
-	IPPROTO_IGRP                      = 0x58
-	IPPROTO_IL                        = 0x28
-	IPPROTO_INLSP                     = 0x34
-	IPPROTO_INP                       = 0x20
-	IPPROTO_IP                        = 0x0
-	IPPROTO_IPCOMP                    = 0x6c
-	IPPROTO_IPCV                      = 0x47
-	IPPROTO_IPEIP                     = 0x5e
-	IPPROTO_IPIP                      = 0x4
-	IPPROTO_IPPC                      = 0x43
-	IPPROTO_IPV4                      = 0x4
-	IPPROTO_IPV6                      = 0x29
-	IPPROTO_IRTP                      = 0x1c
-	IPPROTO_KRYPTOLAN                 = 0x41
-	IPPROTO_LARP                      = 0x5b
-	IPPROTO_LEAF1                     = 0x19
-	IPPROTO_LEAF2                     = 0x1a
-	IPPROTO_MAX                       = 0x100
-	IPPROTO_MAXID                     = 0x34
-	IPPROTO_MEAS                      = 0x13
-	IPPROTO_MHRP                      = 0x30
-	IPPROTO_MICP                      = 0x5f
-	IPPROTO_MTP                       = 0x5c
-	IPPROTO_MUX                       = 0x12
-	IPPROTO_ND                        = 0x4d
-	IPPROTO_NHRP                      = 0x36
-	IPPROTO_NONE                      = 0x3b
-	IPPROTO_NSP                       = 0x1f
-	IPPROTO_NVPII                     = 0xb
-	IPPROTO_OSPFIGP                   = 0x59
-	IPPROTO_PGM                       = 0x71
-	IPPROTO_PIGP                      = 0x9
-	IPPROTO_PIM                       = 0x67
-	IPPROTO_PRM                       = 0x15
-	IPPROTO_PUP                       = 0xc
-	IPPROTO_PVP                       = 0x4b
-	IPPROTO_RAW                       = 0xff
-	IPPROTO_RCCMON                    = 0xa
-	IPPROTO_RDP                       = 0x1b
-	IPPROTO_ROUTING                   = 0x2b
-	IPPROTO_RSVP                      = 0x2e
-	IPPROTO_RVD                       = 0x42
-	IPPROTO_SATEXPAK                  = 0x40
-	IPPROTO_SATMON                    = 0x45
-	IPPROTO_SCCSP                     = 0x60
-	IPPROTO_SCTP                      = 0x84
-	IPPROTO_SDRP                      = 0x2a
-	IPPROTO_SEP                       = 0x21
-	IPPROTO_SRPC                      = 0x5a
-	IPPROTO_ST                        = 0x7
-	IPPROTO_SVMTP                     = 0x52
-	IPPROTO_SWIPE                     = 0x35
-	IPPROTO_TCF                       = 0x57
-	IPPROTO_TCP                       = 0x6
-	IPPROTO_TP                        = 0x1d
-	IPPROTO_TPXX                      = 0x27
-	IPPROTO_TRUNK1                    = 0x17
-	IPPROTO_TRUNK2                    = 0x18
-	IPPROTO_TTP                       = 0x54
-	IPPROTO_UDP                       = 0x11
-	IPPROTO_VINES                     = 0x53
-	IPPROTO_VISA                      = 0x46
-	IPPROTO_VMTP                      = 0x51
-	IPPROTO_WBEXPAK                   = 0x4f
-	IPPROTO_WBMON                     = 0x4e
-	IPPROTO_WSN                       = 0x4a
-	IPPROTO_XNET                      = 0xf
-	IPPROTO_XTP                       = 0x24
-	IPV6_2292DSTOPTS                  = 0x17
-	IPV6_2292HOPLIMIT                 = 0x14
-	IPV6_2292HOPOPTS                  = 0x16
-	IPV6_2292NEXTHOP                  = 0x15
-	IPV6_2292PKTINFO                  = 0x13
-	IPV6_2292PKTOPTIONS               = 0x19
-	IPV6_2292RTHDR                    = 0x18
-	IPV6_BINDV6ONLY                   = 0x1b
-	IPV6_BOUND_IF                     = 0x7d
-	IPV6_CHECKSUM                     = 0x1a
-	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
-	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
-	IPV6_DEFHLIM                      = 0x40
-	IPV6_FAITH                        = 0x1d
-	IPV6_FLOWINFO_MASK                = 0xffffff0f
-	IPV6_FLOWLABEL_MASK               = 0xffff0f00
-	IPV6_FLOW_ECN_MASK                = 0x300
-	IPV6_FRAGTTL                      = 0x3c
-	IPV6_FW_ADD                       = 0x1e
-	IPV6_FW_DEL                       = 0x1f
-	IPV6_FW_FLUSH                     = 0x20
-	IPV6_FW_GET                       = 0x22
-	IPV6_FW_ZERO                      = 0x21
-	IPV6_HLIMDEC                      = 0x1
-	IPV6_IPSEC_POLICY                 = 0x1c
-	IPV6_JOIN_GROUP                   = 0xc
-	IPV6_LEAVE_GROUP                  = 0xd
-	IPV6_MAXHLIM                      = 0xff
-	IPV6_MAXOPTHDR                    = 0x800
-	IPV6_MAXPACKET                    = 0xffff
-	IPV6_MAX_GROUP_SRC_FILTER         = 0x200
-	IPV6_MAX_MEMBERSHIPS              = 0xfff
-	IPV6_MAX_SOCK_SRC_FILTER          = 0x80
-	IPV6_MIN_MEMBERSHIPS              = 0x1f
-	IPV6_MMTU                         = 0x500
-	IPV6_MULTICAST_HOPS               = 0xa
-	IPV6_MULTICAST_IF                 = 0x9
-	IPV6_MULTICAST_LOOP               = 0xb
-	IPV6_PORTRANGE                    = 0xe
-	IPV6_PORTRANGE_DEFAULT            = 0x0
-	IPV6_PORTRANGE_HIGH               = 0x1
-	IPV6_PORTRANGE_LOW                = 0x2
-	IPV6_RECVTCLASS                   = 0x23
-	IPV6_RTHDR_LOOSE                  = 0x0
-	IPV6_RTHDR_STRICT                 = 0x1
-	IPV6_RTHDR_TYPE_0                 = 0x0
-	IPV6_SOCKOPT_RESERVED1            = 0x3
-	IPV6_TCLASS                       = 0x24
-	IPV6_UNICAST_HOPS                 = 0x4
-	IPV6_V6ONLY                       = 0x1b
-	IPV6_VERSION                      = 0x60
-	IPV6_VERSION_MASK                 = 0xf0
-	IP_ADD_MEMBERSHIP                 = 0xc
-	IP_ADD_SOURCE_MEMBERSHIP          = 0x46
-	IP_BLOCK_SOURCE                   = 0x48
-	IP_BOUND_IF                       = 0x19
-	IP_DEFAULT_MULTICAST_LOOP         = 0x1
-	IP_DEFAULT_MULTICAST_TTL          = 0x1
-	IP_DF                             = 0x4000
-	IP_DROP_MEMBERSHIP                = 0xd
-	IP_DROP_SOURCE_MEMBERSHIP         = 0x47
-	IP_DUMMYNET_CONFIGURE             = 0x3c
-	IP_DUMMYNET_DEL                   = 0x3d
-	IP_DUMMYNET_FLUSH                 = 0x3e
-	IP_DUMMYNET_GET                   = 0x40
-	IP_FAITH                          = 0x16
-	IP_FW_ADD                         = 0x28
-	IP_FW_DEL                         = 0x29
-	IP_FW_FLUSH                       = 0x2a
-	IP_FW_GET                         = 0x2c
-	IP_FW_RESETLOG                    = 0x2d
-	IP_FW_ZERO                        = 0x2b
-	IP_HDRINCL                        = 0x2
-	IP_IPSEC_POLICY                   = 0x15
-	IP_MAXPACKET                      = 0xffff
-	IP_MAX_GROUP_SRC_FILTER           = 0x200
-	IP_MAX_MEMBERSHIPS                = 0xfff
-	IP_MAX_SOCK_MUTE_FILTER           = 0x80
-	IP_MAX_SOCK_SRC_FILTER            = 0x80
-	IP_MF                             = 0x2000
-	IP_MIN_MEMBERSHIPS                = 0x1f
-	IP_MSFILTER                       = 0x4a
-	IP_MSS                            = 0x240
-	IP_MULTICAST_IF                   = 0x9
-	IP_MULTICAST_IFINDEX              = 0x42
-	IP_MULTICAST_LOOP                 = 0xb
-	IP_MULTICAST_TTL                  = 0xa
-	IP_MULTICAST_VIF                  = 0xe
-	IP_NAT__XXX                       = 0x37
-	IP_OFFMASK                        = 0x1fff
-	IP_OLD_FW_ADD                     = 0x32
-	IP_OLD_FW_DEL                     = 0x33
-	IP_OLD_FW_FLUSH                   = 0x34
-	IP_OLD_FW_GET                     = 0x36
-	IP_OLD_FW_RESETLOG                = 0x38
-	IP_OLD_FW_ZERO                    = 0x35
-	IP_OPTIONS                        = 0x1
-	IP_PKTINFO                        = 0x1a
-	IP_PORTRANGE                      = 0x13
-	IP_PORTRANGE_DEFAULT              = 0x0
-	IP_PORTRANGE_HIGH                 = 0x1
-	IP_PORTRANGE_LOW                  = 0x2
-	IP_RECVDSTADDR                    = 0x7
-	IP_RECVIF                         = 0x14
-	IP_RECVOPTS                       = 0x5
-	IP_RECVPKTINFO                    = 0x1a
-	IP_RECVRETOPTS                    = 0x6
-	IP_RECVTOS                        = 0x1b
-	IP_RECVTTL                        = 0x18
-	IP_RETOPTS                        = 0x8
-	IP_RF                             = 0x8000
-	IP_RSVP_OFF                       = 0x10
-	IP_RSVP_ON                        = 0xf
-	IP_RSVP_VIF_OFF                   = 0x12
-	IP_RSVP_VIF_ON                    = 0x11
-	IP_STRIPHDR                       = 0x17
-	IP_TOS                            = 0x3
-	IP_TRAFFIC_MGT_BACKGROUND         = 0x41
-	IP_TTL                            = 0x4
-	IP_UNBLOCK_SOURCE                 = 0x49
-	ISIG                              = 0x80
-	ISTRIP                            = 0x20
-	IUTF8                             = 0x4000
-	IXANY                             = 0x800
-	IXOFF                             = 0x400
-	IXON                              = 0x200
-	KERN_HOSTNAME                     = 0xa
-	KERN_OSRELEASE                    = 0x2
-	KERN_OSTYPE                       = 0x1
-	KERN_VERSION                      = 0x4
-	LOCK_EX                           = 0x2
-	LOCK_NB                           = 0x4
-	LOCK_SH                           = 0x1
-	LOCK_UN                           = 0x8
-	MADV_CAN_REUSE                    = 0x9
-	MADV_DONTNEED                     = 0x4
-	MADV_FREE                         = 0x5
-	MADV_FREE_REUSABLE                = 0x7
-	MADV_FREE_REUSE                   = 0x8
-	MADV_NORMAL                       = 0x0
-	MADV_PAGEOUT                      = 0xa
-	MADV_RANDOM                       = 0x1
-	MADV_SEQUENTIAL                   = 0x2
-	MADV_WILLNEED                     = 0x3
-	MADV_ZERO_WIRED_PAGES             = 0x6
-	MAP_ANON                          = 0x1000
-	MAP_ANONYMOUS                     = 0x1000
-	MAP_COPY                          = 0x2
-	MAP_FILE                          = 0x0
-	MAP_FIXED                         = 0x10
-	MAP_HASSEMAPHORE                  = 0x200
-	MAP_JIT                           = 0x800
-	MAP_NOCACHE                       = 0x400
-	MAP_NOEXTEND                      = 0x100
-	MAP_NORESERVE                     = 0x40
-	MAP_PRIVATE                       = 0x2
-	MAP_RENAME                        = 0x20
-	MAP_RESERVED0080                  = 0x80
-	MAP_RESILIENT_CODESIGN            = 0x2000
-	MAP_RESILIENT_MEDIA               = 0x4000
-	MAP_SHARED                        = 0x1
-	MCL_CURRENT                       = 0x1
-	MCL_FUTURE                        = 0x2
-	MNT_ASYNC                         = 0x40
-	MNT_AUTOMOUNTED                   = 0x400000
-	MNT_CMDFLAGS                      = 0xf0000
-	MNT_CPROTECT                      = 0x80
-	MNT_DEFWRITE                      = 0x2000000
-	MNT_DONTBROWSE                    = 0x100000
-	MNT_DOVOLFS                       = 0x8000
-	MNT_DWAIT                         = 0x4
-	MNT_EXPORTED                      = 0x100
-	MNT_FORCE                         = 0x80000
-	MNT_IGNORE_OWNERSHIP              = 0x200000
-	MNT_JOURNALED                     = 0x800000
-	MNT_LOCAL                         = 0x1000
-	MNT_MULTILABEL                    = 0x4000000
-	MNT_NOATIME                       = 0x10000000
-	MNT_NOBLOCK                       = 0x20000
-	MNT_NODEV                         = 0x10
-	MNT_NOEXEC                        = 0x4
-	MNT_NOSUID                        = 0x8
-	MNT_NOUSERXATTR                   = 0x1000000
-	MNT_NOWAIT                        = 0x2
-	MNT_QUARANTINE                    = 0x400
-	MNT_QUOTA                         = 0x2000
-	MNT_RDONLY                        = 0x1
-	MNT_RELOAD                        = 0x40000
-	MNT_ROOTFS                        = 0x4000
-	MNT_SYNCHRONOUS                   = 0x2
-	MNT_UNION                         = 0x20
-	MNT_UNKNOWNPERMISSIONS            = 0x200000
-	MNT_UPDATE                        = 0x10000
-	MNT_VISFLAGMASK                   = 0x17f0f5ff
-	MNT_WAIT                          = 0x1
-	MSG_CTRUNC                        = 0x20
-	MSG_DONTROUTE                     = 0x4
-	MSG_DONTWAIT                      = 0x80
-	MSG_EOF                           = 0x100
-	MSG_EOR                           = 0x8
-	MSG_FLUSH                         = 0x400
-	MSG_HAVEMORE                      = 0x2000
-	MSG_HOLD                          = 0x800
-	MSG_NEEDSA                        = 0x10000
-	MSG_OOB                           = 0x1
-	MSG_PEEK                          = 0x2
-	MSG_RCVMORE                       = 0x4000
-	MSG_SEND                          = 0x1000
-	MSG_TRUNC                         = 0x10
-	MSG_WAITALL                       = 0x40
-	MSG_WAITSTREAM                    = 0x200
-	MS_ASYNC                          = 0x1
-	MS_DEACTIVATE                     = 0x8
-	MS_INVALIDATE                     = 0x2
-	MS_KILLPAGES                      = 0x4
-	MS_SYNC                           = 0x10
-	NAME_MAX                          = 0xff
-	NET_RT_DUMP                       = 0x1
-	NET_RT_DUMP2                      = 0x7
-	NET_RT_FLAGS                      = 0x2
-	NET_RT_IFLIST                     = 0x3
-	NET_RT_IFLIST2                    = 0x6
-	NET_RT_MAXID                      = 0xa
-	NET_RT_STAT                       = 0x4
-	NET_RT_TRASH                      = 0x5
-	NL0                               = 0x0
-	NL1                               = 0x100
-	NL2                               = 0x200
-	NL3                               = 0x300
-	NLDLY                             = 0x300
-	NOFLSH                            = 0x80000000
-	NOKERNINFO                        = 0x2000000
-	NOTE_ABSOLUTE                     = 0x8
-	NOTE_ATTRIB                       = 0x8
-	NOTE_BACKGROUND                   = 0x40
-	NOTE_CHILD                        = 0x4
-	NOTE_CRITICAL                     = 0x20
-	NOTE_DELETE                       = 0x1
-	NOTE_EXEC                         = 0x20000000
-	NOTE_EXIT                         = 0x80000000
-	NOTE_EXITSTATUS                   = 0x4000000
-	NOTE_EXIT_CSERROR                 = 0x40000
-	NOTE_EXIT_DECRYPTFAIL             = 0x10000
-	NOTE_EXIT_DETAIL                  = 0x2000000
-	NOTE_EXIT_DETAIL_MASK             = 0x70000
-	NOTE_EXIT_MEMORY                  = 0x20000
-	NOTE_EXIT_REPARENTED              = 0x80000
-	NOTE_EXTEND                       = 0x4
-	NOTE_FFAND                        = 0x40000000
-	NOTE_FFCOPY                       = 0xc0000000
-	NOTE_FFCTRLMASK                   = 0xc0000000
-	NOTE_FFLAGSMASK                   = 0xffffff
-	NOTE_FFNOP                        = 0x0
-	NOTE_FFOR                         = 0x80000000
-	NOTE_FORK                         = 0x40000000
-	NOTE_FUNLOCK                      = 0x100
-	NOTE_LEEWAY                       = 0x10
-	NOTE_LINK                         = 0x10
-	NOTE_LOWAT                        = 0x1
-	NOTE_MACH_CONTINUOUS_TIME         = 0x80
-	NOTE_NONE                         = 0x80
-	NOTE_NSECONDS                     = 0x4
-	NOTE_OOB                          = 0x2
-	NOTE_PCTRLMASK                    = -0x100000
-	NOTE_PDATAMASK                    = 0xfffff
-	NOTE_REAP                         = 0x10000000
-	NOTE_RENAME                       = 0x20
-	NOTE_REVOKE                       = 0x40
-	NOTE_SECONDS                      = 0x1
-	NOTE_SIGNAL                       = 0x8000000
-	NOTE_TRACK                        = 0x1
-	NOTE_TRACKERR                     = 0x2
-	NOTE_TRIGGER                      = 0x1000000
-	NOTE_USECONDS                     = 0x2
-	NOTE_VM_ERROR                     = 0x10000000
-	NOTE_VM_PRESSURE                  = 0x80000000
-	NOTE_VM_PRESSURE_SUDDEN_TERMINATE = 0x20000000
-	NOTE_VM_PRESSURE_TERMINATE        = 0x40000000
-	NOTE_WRITE                        = 0x2
-	OCRNL                             = 0x10
-	OFDEL                             = 0x20000
-	OFILL                             = 0x80
-	ONLCR                             = 0x2
-	ONLRET                            = 0x40
-	ONOCR                             = 0x20
-	ONOEOT                            = 0x8
-	OPOST                             = 0x1
-	OXTABS                            = 0x4
-	O_ACCMODE                         = 0x3
-	O_ALERT                           = 0x20000000
-	O_APPEND                          = 0x8
-	O_ASYNC                           = 0x40
-	O_CLOEXEC                         = 0x1000000
-	O_CREAT                           = 0x200
-	O_DIRECTORY                       = 0x100000
-	O_DP_GETRAWENCRYPTED              = 0x1
-	O_DP_GETRAWUNENCRYPTED            = 0x2
-	O_DSYNC                           = 0x400000
-	O_EVTONLY                         = 0x8000
-	O_EXCL                            = 0x800
-	O_EXLOCK                          = 0x20
-	O_FSYNC                           = 0x80
-	O_NDELAY                          = 0x4
-	O_NOCTTY                          = 0x20000
-	O_NOFOLLOW                        = 0x100
-	O_NONBLOCK                        = 0x4
-	O_POPUP                           = 0x80000000
-	O_RDONLY                          = 0x0
-	O_RDWR                            = 0x2
-	O_SHLOCK                          = 0x10
-	O_SYMLINK                         = 0x200000
-	O_SYNC                            = 0x80
-	O_TRUNC                           = 0x400
-	O_WRONLY                          = 0x1
-	PARENB                            = 0x1000
-	PARMRK                            = 0x8
-	PARODD                            = 0x2000
-	PENDIN                            = 0x20000000
-	PRIO_PGRP                         = 0x1
-	PRIO_PROCESS                      = 0x0
-	PRIO_USER                         = 0x2
-	PROT_EXEC                         = 0x4
-	PROT_NONE                         = 0x0
-	PROT_READ                         = 0x1
-	PROT_WRITE                        = 0x2
-	PT_ATTACH                         = 0xa
-	PT_ATTACHEXC                      = 0xe
-	PT_CONTINUE                       = 0x7
-	PT_DENY_ATTACH                    = 0x1f
-	PT_DETACH                         = 0xb
-	PT_FIRSTMACH                      = 0x20
-	PT_FORCEQUOTA                     = 0x1e
-	PT_KILL                           = 0x8
-	PT_READ_D                         = 0x2
-	PT_READ_I                         = 0x1
-	PT_READ_U                         = 0x3
-	PT_SIGEXC                         = 0xc
-	PT_STEP                           = 0x9
-	PT_THUPDATE                       = 0xd
-	PT_TRACE_ME                       = 0x0
-	PT_WRITE_D                        = 0x5
-	PT_WRITE_I                        = 0x4
-	PT_WRITE_U                        = 0x6
-	RLIMIT_AS                         = 0x5
-	RLIMIT_CORE                       = 0x4
-	RLIMIT_CPU                        = 0x0
-	RLIMIT_CPU_USAGE_MONITOR          = 0x2
-	RLIMIT_DATA                       = 0x2
-	RLIMIT_FSIZE                      = 0x1
-	RLIMIT_MEMLOCK                    = 0x6
-	RLIMIT_NOFILE                     = 0x8
-	RLIMIT_NPROC                      = 0x7
-	RLIMIT_RSS                        = 0x5
-	RLIMIT_STACK                      = 0x3
-	RLIM_INFINITY                     = 0x7fffffffffffffff
-	RTAX_AUTHOR                       = 0x6
-	RTAX_BRD                          = 0x7
-	RTAX_DST                          = 0x0
-	RTAX_GATEWAY                      = 0x1
-	RTAX_GENMASK                      = 0x3
-	RTAX_IFA                          = 0x5
-	RTAX_IFP                          = 0x4
-	RTAX_MAX                          = 0x8
-	RTAX_NETMASK                      = 0x2
-	RTA_AUTHOR                        = 0x40
-	RTA_BRD                           = 0x80
-	RTA_DST                           = 0x1
-	RTA_GATEWAY                       = 0x2
-	RTA_GENMASK                       = 0x8
-	RTA_IFA                           = 0x20
-	RTA_IFP                           = 0x10
-	RTA_NETMASK                       = 0x4
-	RTF_BLACKHOLE                     = 0x1000
-	RTF_BROADCAST                     = 0x400000
-	RTF_CLONING                       = 0x100
-	RTF_CONDEMNED                     = 0x2000000
-	RTF_DELCLONE                      = 0x80
-	RTF_DONE                          = 0x40
-	RTF_DYNAMIC                       = 0x10
-	RTF_GATEWAY                       = 0x2
-	RTF_HOST                          = 0x4
-	RTF_IFREF                         = 0x4000000
-	RTF_IFSCOPE                       = 0x1000000
-	RTF_LLINFO                        = 0x400
-	RTF_LOCAL                         = 0x200000
-	RTF_MODIFIED                      = 0x20
-	RTF_MULTICAST                     = 0x800000
-	RTF_NOIFREF                       = 0x2000
-	RTF_PINNED                        = 0x100000
-	RTF_PRCLONING                     = 0x10000
-	RTF_PROTO1                        = 0x8000
-	RTF_PROTO2                        = 0x4000
-	RTF_PROTO3                        = 0x40000
-	RTF_PROXY                         = 0x8000000
-	RTF_REJECT                        = 0x8
-	RTF_ROUTER                        = 0x10000000
-	RTF_STATIC                        = 0x800
-	RTF_UP                            = 0x1
-	RTF_WASCLONED                     = 0x20000
-	RTF_XRESOLVE                      = 0x200
-	RTM_ADD                           = 0x1
-	RTM_CHANGE                        = 0x3
-	RTM_DELADDR                       = 0xd
-	RTM_DELETE                        = 0x2
-	RTM_DELMADDR                      = 0x10
-	RTM_GET                           = 0x4
-	RTM_GET2                          = 0x14
-	RTM_IFINFO                        = 0xe
-	RTM_IFINFO2                       = 0x12
-	RTM_LOCK                          = 0x8
-	RTM_LOSING                        = 0x5
-	RTM_MISS                          = 0x7
-	RTM_NEWADDR                       = 0xc
-	RTM_NEWMADDR                      = 0xf
-	RTM_NEWMADDR2                     = 0x13
-	RTM_OLDADD                        = 0x9
-	RTM_OLDDEL                        = 0xa
-	RTM_REDIRECT                      = 0x6
-	RTM_RESOLVE                       = 0xb
-	RTM_RTTUNIT                       = 0xf4240
-	RTM_VERSION                       = 0x5
-	RTV_EXPIRE                        = 0x4
-	RTV_HOPCOUNT                      = 0x2
-	RTV_MTU                           = 0x1
-	RTV_RPIPE                         = 0x8
-	RTV_RTT                           = 0x40
-	RTV_RTTVAR                        = 0x80
-	RTV_SPIPE                         = 0x10
-	RTV_SSTHRESH                      = 0x20
-	RUSAGE_CHILDREN                   = -0x1
-	RUSAGE_SELF                       = 0x0
-	SCM_CREDS                         = 0x3
-	SCM_RIGHTS                        = 0x1
-	SCM_TIMESTAMP                     = 0x2
-	SCM_TIMESTAMP_MONOTONIC           = 0x4
-	SHUT_RD                           = 0x0
-	SHUT_RDWR                         = 0x2
-	SHUT_WR                           = 0x1
-	SIOCADDMULTI                      = 0x80206931
-	SIOCAIFADDR                       = 0x8040691a
-	SIOCARPIPLL                       = 0xc0206928
-	SIOCATMARK                        = 0x40047307
-	SIOCAUTOADDR                      = 0xc0206926
-	SIOCAUTONETMASK                   = 0x80206927
-	SIOCDELMULTI                      = 0x80206932
-	SIOCDIFADDR                       = 0x80206919
-	SIOCDIFPHYADDR                    = 0x80206941
-	SIOCGDRVSPEC                      = 0xc028697b
-	SIOCGETVLAN                       = 0xc020697f
-	SIOCGHIWAT                        = 0x40047301
-	SIOCGIFADDR                       = 0xc0206921
-	SIOCGIFALTMTU                     = 0xc0206948
-	SIOCGIFASYNCMAP                   = 0xc020697c
-	SIOCGIFBOND                       = 0xc0206947
-	SIOCGIFBRDADDR                    = 0xc0206923
-	SIOCGIFCAP                        = 0xc020695b
-	SIOCGIFCONF                       = 0xc00c6924
-	SIOCGIFDEVMTU                     = 0xc0206944
-	SIOCGIFDSTADDR                    = 0xc0206922
-	SIOCGIFFLAGS                      = 0xc0206911
-	SIOCGIFGENERIC                    = 0xc020693a
-	SIOCGIFKPI                        = 0xc0206987
-	SIOCGIFMAC                        = 0xc0206982
-	SIOCGIFMEDIA                      = 0xc02c6938
-	SIOCGIFMETRIC                     = 0xc0206917
-	SIOCGIFMTU                        = 0xc0206933
-	SIOCGIFNETMASK                    = 0xc0206925
-	SIOCGIFPDSTADDR                   = 0xc0206940
-	SIOCGIFPHYS                       = 0xc0206935
-	SIOCGIFPSRCADDR                   = 0xc020693f
-	SIOCGIFSTATUS                     = 0xc331693d
-	SIOCGIFVLAN                       = 0xc020697f
-	SIOCGIFWAKEFLAGS                  = 0xc0206988
-	SIOCGLOWAT                        = 0x40047303
-	SIOCGPGRP                         = 0x40047309
-	SIOCIFCREATE                      = 0xc0206978
-	SIOCIFCREATE2                     = 0xc020697a
-	SIOCIFDESTROY                     = 0x80206979
-	SIOCIFGCLONERS                    = 0xc0106981
-	SIOCRSLVMULTI                     = 0xc010693b
-	SIOCSDRVSPEC                      = 0x8028697b
-	SIOCSETVLAN                       = 0x8020697e
-	SIOCSHIWAT                        = 0x80047300
-	SIOCSIFADDR                       = 0x8020690c
-	SIOCSIFALTMTU                     = 0x80206945
-	SIOCSIFASYNCMAP                   = 0x8020697d
-	SIOCSIFBOND                       = 0x80206946
-	SIOCSIFBRDADDR                    = 0x80206913
-	SIOCSIFCAP                        = 0x8020695a
-	SIOCSIFDSTADDR                    = 0x8020690e
-	SIOCSIFFLAGS                      = 0x80206910
-	SIOCSIFGENERIC                    = 0x80206939
-	SIOCSIFKPI                        = 0x80206986
-	SIOCSIFLLADDR                     = 0x8020693c
-	SIOCSIFMAC                        = 0x80206983
-	SIOCSIFMEDIA                      = 0xc0206937
-	SIOCSIFMETRIC                     = 0x80206918
-	SIOCSIFMTU                        = 0x80206934
-	SIOCSIFNETMASK                    = 0x80206916
-	SIOCSIFPHYADDR                    = 0x8040693e
-	SIOCSIFPHYS                       = 0x80206936
-	SIOCSIFVLAN                       = 0x8020697e
-	SIOCSLOWAT                        = 0x80047302
-	SIOCSPGRP                         = 0x80047308
-	SOCK_DGRAM                        = 0x2
-	SOCK_MAXADDRLEN                   = 0xff
-	SOCK_RAW                          = 0x3
-	SOCK_RDM                          = 0x4
-	SOCK_SEQPACKET                    = 0x5
-	SOCK_STREAM                       = 0x1
-	SOL_SOCKET                        = 0xffff
-	SOMAXCONN                         = 0x80
-	SO_ACCEPTCONN                     = 0x2
-	SO_BROADCAST                      = 0x20
-	SO_DEBUG                          = 0x1
-	SO_DONTROUTE                      = 0x10
-	SO_DONTTRUNC                      = 0x2000
-	SO_ERROR                          = 0x1007
-	SO_KEEPALIVE                      = 0x8
-	SO_LABEL                          = 0x1010
-	SO_LINGER                         = 0x80
-	SO_LINGER_SEC                     = 0x1080
-	SO_NETSVC_MARKING_LEVEL           = 0x1119
-	SO_NET_SERVICE_TYPE               = 0x1116
-	SO_NKE                            = 0x1021
-	SO_NOADDRERR                      = 0x1023
-	SO_NOSIGPIPE                      = 0x1022
-	SO_NOTIFYCONFLICT                 = 0x1026
-	SO_NP_EXTENSIONS                  = 0x1083
-	SO_NREAD                          = 0x1020
-	SO_NUMRCVPKT                      = 0x1112
-	SO_NWRITE                         = 0x1024
-	SO_OOBINLINE                      = 0x100
-	SO_PEERLABEL                      = 0x1011
-	SO_RANDOMPORT                     = 0x1082
-	SO_RCVBUF                         = 0x1002
-	SO_RCVLOWAT                       = 0x1004
-	SO_RCVTIMEO                       = 0x1006
-	SO_REUSEADDR                      = 0x4
-	SO_REUSEPORT                      = 0x200
-	SO_REUSESHAREUID                  = 0x1025
-	SO_SNDBUF                         = 0x1001
-	SO_SNDLOWAT                       = 0x1003
-	SO_SNDTIMEO                       = 0x1005
-	SO_TIMESTAMP                      = 0x400
-	SO_TIMESTAMP_MONOTONIC            = 0x800
-	SO_TYPE                           = 0x1008
-	SO_UPCALLCLOSEWAIT                = 0x1027
-	SO_USELOOPBACK                    = 0x40
-	SO_WANTMORE                       = 0x4000
-	SO_WANTOOBFLAG                    = 0x8000
-	S_IEXEC                           = 0x40
-	S_IFBLK                           = 0x6000
-	S_IFCHR                           = 0x2000
-	S_IFDIR                           = 0x4000
-	S_IFIFO                           = 0x1000
-	S_IFLNK                           = 0xa000
-	S_IFMT                            = 0xf000
-	S_IFREG                           = 0x8000
-	S_IFSOCK                          = 0xc000
-	S_IFWHT                           = 0xe000
-	S_IREAD                           = 0x100
-	S_IRGRP                           = 0x20
-	S_IROTH                           = 0x4
-	S_IRUSR                           = 0x100
-	S_IRWXG                           = 0x38
-	S_IRWXO                           = 0x7
-	S_IRWXU                           = 0x1c0
-	S_ISGID                           = 0x400
-	S_ISTXT                           = 0x200
-	S_ISUID                           = 0x800
-	S_ISVTX                           = 0x200
-	S_IWGRP                           = 0x10
-	S_IWOTH                           = 0x2
-	S_IWRITE                          = 0x80
-	S_IWUSR                           = 0x80
-	S_IXGRP                           = 0x8
-	S_IXOTH                           = 0x1
-	S_IXUSR                           = 0x40
-	TAB0                              = 0x0
-	TAB1                              = 0x400
-	TAB2                              = 0x800
-	TAB3                              = 0x4
-	TABDLY                            = 0xc04
-	TCIFLUSH                          = 0x1
-	TCIOFF                            = 0x3
-	TCIOFLUSH                         = 0x3
-	TCION                             = 0x4
-	TCOFLUSH                          = 0x2
-	TCOOFF                            = 0x1
-	TCOON                             = 0x2
-	TCP_CONNECTIONTIMEOUT             = 0x20
-	TCP_CONNECTION_INFO               = 0x106
-	TCP_ENABLE_ECN                    = 0x104
-	TCP_FASTOPEN                      = 0x105
-	TCP_KEEPALIVE                     = 0x10
-	TCP_KEEPCNT                       = 0x102
-	TCP_KEEPINTVL                     = 0x101
-	TCP_MAXHLEN                       = 0x3c
-	TCP_MAXOLEN                       = 0x28
-	TCP_MAXSEG                        = 0x2
-	TCP_MAXWIN                        = 0xffff
-	TCP_MAX_SACK                      = 0x4
-	TCP_MAX_WINSHIFT                  = 0xe
-	TCP_MINMSS                        = 0xd8
-	TCP_MSS                           = 0x200
-	TCP_NODELAY                       = 0x1
-	TCP_NOOPT                         = 0x8
-	TCP_NOPUSH                        = 0x4
-	TCP_NOTSENT_LOWAT                 = 0x201
-	TCP_RXT_CONNDROPTIME              = 0x80
-	TCP_RXT_FINDROP                   = 0x100
-	TCP_SENDMOREACKS                  = 0x103
-	TCSAFLUSH                         = 0x2
-	TIOCCBRK                          = 0x2000747a
-	TIOCCDTR                          = 0x20007478
-	TIOCCONS                          = 0x80047462
-	TIOCDCDTIMESTAMP                  = 0x40107458
-	TIOCDRAIN                         = 0x2000745e
-	TIOCDSIMICROCODE                  = 0x20007455
-	TIOCEXCL                          = 0x2000740d
-	TIOCEXT                           = 0x80047460
-	TIOCFLUSH                         = 0x80047410
-	TIOCGDRAINWAIT                    = 0x40047456
-	TIOCGETA                          = 0x40487413
-	TIOCGETD                          = 0x4004741a
-	TIOCGPGRP                         = 0x40047477
-	TIOCGWINSZ                        = 0x40087468
-	TIOCIXOFF                         = 0x20007480
-	TIOCIXON                          = 0x20007481
-	TIOCMBIC                          = 0x8004746b
-	TIOCMBIS                          = 0x8004746c
-	TIOCMGDTRWAIT                     = 0x4004745a
-	TIOCMGET                          = 0x4004746a
-	TIOCMODG                          = 0x40047403
-	TIOCMODS                          = 0x80047404
-	TIOCMSDTRWAIT                     = 0x8004745b
-	TIOCMSET                          = 0x8004746d
-	TIOCM_CAR                         = 0x40
-	TIOCM_CD                          = 0x40
-	TIOCM_CTS                         = 0x20
-	TIOCM_DSR                         = 0x100
-	TIOCM_DTR                         = 0x2
-	TIOCM_LE                          = 0x1
-	TIOCM_RI                          = 0x80
-	TIOCM_RNG                         = 0x80
-	TIOCM_RTS                         = 0x4
-	TIOCM_SR                          = 0x10
-	TIOCM_ST                          = 0x8
-	TIOCNOTTY                         = 0x20007471
-	TIOCNXCL                          = 0x2000740e
-	TIOCOUTQ                          = 0x40047473
-	TIOCPKT                           = 0x80047470
-	TIOCPKT_DATA                      = 0x0
-	TIOCPKT_DOSTOP                    = 0x20
-	TIOCPKT_FLUSHREAD                 = 0x1
-	TIOCPKT_FLUSHWRITE                = 0x2
-	TIOCPKT_IOCTL                     = 0x40
-	TIOCPKT_NOSTOP                    = 0x10
-	TIOCPKT_START                     = 0x8
-	TIOCPKT_STOP                      = 0x4
-	TIOCPTYGNAME                      = 0x40807453
-	TIOCPTYGRANT                      = 0x20007454
-	TIOCPTYUNLK                       = 0x20007452
-	TIOCREMOTE                        = 0x80047469
-	TIOCSBRK                          = 0x2000747b
-	TIOCSCONS                         = 0x20007463
-	TIOCSCTTY                         = 0x20007461
-	TIOCSDRAINWAIT                    = 0x80047457
-	TIOCSDTR                          = 0x20007479
-	TIOCSETA                          = 0x80487414
-	TIOCSETAF                         = 0x80487416
-	TIOCSETAW                         = 0x80487415
-	TIOCSETD                          = 0x8004741b
-	TIOCSIG                           = 0x2000745f
-	TIOCSPGRP                         = 0x80047476
-	TIOCSTART                         = 0x2000746e
-	TIOCSTAT                          = 0x20007465
-	TIOCSTI                           = 0x80017472
-	TIOCSTOP                          = 0x2000746f
-	TIOCSWINSZ                        = 0x80087467
-	TIOCTIMESTAMP                     = 0x40107459
-	TIOCUCNTL                         = 0x80047466
-	TOSTOP                            = 0x400000
-	VDISCARD                          = 0xf
-	VDSUSP                            = 0xb
-	VEOF                              = 0x0
-	VEOL                              = 0x1
-	VEOL2                             = 0x2
-	VERASE                            = 0x3
-	VINTR                             = 0x8
-	VKILL                             = 0x5
-	VLNEXT                            = 0xe
-	VMIN                              = 0x10
-	VM_LOADAVG                        = 0x2
-	VM_MACHFACTOR                     = 0x4
-	VM_MAXID                          = 0x6
-	VM_METER                          = 0x1
-	VM_SWAPUSAGE                      = 0x5
-	VQUIT                             = 0x9
-	VREPRINT                          = 0x6
-	VSTART                            = 0xc
-	VSTATUS                           = 0x12
-	VSTOP                             = 0xd
-	VSUSP                             = 0xa
-	VT0                               = 0x0
-	VT1                               = 0x10000
-	VTDLY                             = 0x10000
-	VTIME                             = 0x11
-	VWERASE                           = 0x4
-	WCONTINUED                        = 0x10
-	WCOREFLAG                         = 0x80
-	WEXITED                           = 0x4
-	WNOHANG                           = 0x1
-	WNOWAIT                           = 0x20
-	WORDSIZE                          = 0x40
-	WSTOPPED                          = 0x8
-	WUNTRACED                         = 0x2
-	XATTR_CREATE                      = 0x2
-	XATTR_NODEFAULT                   = 0x10
-	XATTR_NOFOLLOW                    = 0x1
-	XATTR_NOSECURITY                  = 0x8
-	XATTR_REPLACE                     = 0x4
-	XATTR_SHOWCOMPRESSION             = 0x20
+	AF_APPLETALK                            = 0x10
+	AF_CCITT                                = 0xa
+	AF_CHAOS                                = 0x5
+	AF_CNT                                  = 0x15
+	AF_COIP                                 = 0x14
+	AF_DATAKIT                              = 0x9
+	AF_DECnet                               = 0xc
+	AF_DLI                                  = 0xd
+	AF_E164                                 = 0x1c
+	AF_ECMA                                 = 0x8
+	AF_HYLINK                               = 0xf
+	AF_IEEE80211                            = 0x25
+	AF_IMPLINK                              = 0x3
+	AF_INET                                 = 0x2
+	AF_INET6                                = 0x1e
+	AF_IPX                                  = 0x17
+	AF_ISDN                                 = 0x1c
+	AF_ISO                                  = 0x7
+	AF_LAT                                  = 0xe
+	AF_LINK                                 = 0x12
+	AF_LOCAL                                = 0x1
+	AF_MAX                                  = 0x29
+	AF_NATM                                 = 0x1f
+	AF_NDRV                                 = 0x1b
+	AF_NETBIOS                              = 0x21
+	AF_NS                                   = 0x6
+	AF_OSI                                  = 0x7
+	AF_PPP                                  = 0x22
+	AF_PUP                                  = 0x4
+	AF_RESERVED_36                          = 0x24
+	AF_ROUTE                                = 0x11
+	AF_SIP                                  = 0x18
+	AF_SNA                                  = 0xb
+	AF_SYSTEM                               = 0x20
+	AF_SYS_CONTROL                          = 0x2
+	AF_UNIX                                 = 0x1
+	AF_UNSPEC                               = 0x0
+	AF_UTUN                                 = 0x26
+	AF_VSOCK                                = 0x28
+	ALTWERASE                               = 0x200
+	ATTR_BIT_MAP_COUNT                      = 0x5
+	ATTR_CMN_ACCESSMASK                     = 0x20000
+	ATTR_CMN_ACCTIME                        = 0x1000
+	ATTR_CMN_ADDEDTIME                      = 0x10000000
+	ATTR_CMN_BKUPTIME                       = 0x2000
+	ATTR_CMN_CHGTIME                        = 0x800
+	ATTR_CMN_CRTIME                         = 0x200
+	ATTR_CMN_DATA_PROTECT_FLAGS             = 0x40000000
+	ATTR_CMN_DEVID                          = 0x2
+	ATTR_CMN_DOCUMENT_ID                    = 0x100000
+	ATTR_CMN_ERROR                          = 0x20000000
+	ATTR_CMN_EXTENDED_SECURITY              = 0x400000
+	ATTR_CMN_FILEID                         = 0x2000000
+	ATTR_CMN_FLAGS                          = 0x40000
+	ATTR_CMN_FNDRINFO                       = 0x4000
+	ATTR_CMN_FSID                           = 0x4
+	ATTR_CMN_FULLPATH                       = 0x8000000
+	ATTR_CMN_GEN_COUNT                      = 0x80000
+	ATTR_CMN_GRPID                          = 0x10000
+	ATTR_CMN_GRPUUID                        = 0x1000000
+	ATTR_CMN_MODTIME                        = 0x400
+	ATTR_CMN_NAME                           = 0x1
+	ATTR_CMN_NAMEDATTRCOUNT                 = 0x80000
+	ATTR_CMN_NAMEDATTRLIST                  = 0x100000
+	ATTR_CMN_OBJID                          = 0x20
+	ATTR_CMN_OBJPERMANENTID                 = 0x40
+	ATTR_CMN_OBJTAG                         = 0x10
+	ATTR_CMN_OBJTYPE                        = 0x8
+	ATTR_CMN_OWNERID                        = 0x8000
+	ATTR_CMN_PARENTID                       = 0x4000000
+	ATTR_CMN_PAROBJID                       = 0x80
+	ATTR_CMN_RETURNED_ATTRS                 = 0x80000000
+	ATTR_CMN_SCRIPT                         = 0x100
+	ATTR_CMN_SETMASK                        = 0x51c7ff00
+	ATTR_CMN_USERACCESS                     = 0x200000
+	ATTR_CMN_UUID                           = 0x800000
+	ATTR_CMN_VALIDMASK                      = 0xffffffff
+	ATTR_CMN_VOLSETMASK                     = 0x6700
+	ATTR_FILE_ALLOCSIZE                     = 0x4
+	ATTR_FILE_CLUMPSIZE                     = 0x10
+	ATTR_FILE_DATAALLOCSIZE                 = 0x400
+	ATTR_FILE_DATAEXTENTS                   = 0x800
+	ATTR_FILE_DATALENGTH                    = 0x200
+	ATTR_FILE_DEVTYPE                       = 0x20
+	ATTR_FILE_FILETYPE                      = 0x40
+	ATTR_FILE_FORKCOUNT                     = 0x80
+	ATTR_FILE_FORKLIST                      = 0x100
+	ATTR_FILE_IOBLOCKSIZE                   = 0x8
+	ATTR_FILE_LINKCOUNT                     = 0x1
+	ATTR_FILE_RSRCALLOCSIZE                 = 0x2000
+	ATTR_FILE_RSRCEXTENTS                   = 0x4000
+	ATTR_FILE_RSRCLENGTH                    = 0x1000
+	ATTR_FILE_SETMASK                       = 0x20
+	ATTR_FILE_TOTALSIZE                     = 0x2
+	ATTR_FILE_VALIDMASK                     = 0x37ff
+	ATTR_VOL_ALLOCATIONCLUMP                = 0x40
+	ATTR_VOL_ATTRIBUTES                     = 0x40000000
+	ATTR_VOL_CAPABILITIES                   = 0x20000
+	ATTR_VOL_DIRCOUNT                       = 0x400
+	ATTR_VOL_ENCODINGSUSED                  = 0x10000
+	ATTR_VOL_FILECOUNT                      = 0x200
+	ATTR_VOL_FSTYPE                         = 0x1
+	ATTR_VOL_INFO                           = 0x80000000
+	ATTR_VOL_IOBLOCKSIZE                    = 0x80
+	ATTR_VOL_MAXOBJCOUNT                    = 0x800
+	ATTR_VOL_MINALLOCATION                  = 0x20
+	ATTR_VOL_MOUNTEDDEVICE                  = 0x8000
+	ATTR_VOL_MOUNTFLAGS                     = 0x4000
+	ATTR_VOL_MOUNTPOINT                     = 0x1000
+	ATTR_VOL_NAME                           = 0x2000
+	ATTR_VOL_OBJCOUNT                       = 0x100
+	ATTR_VOL_QUOTA_SIZE                     = 0x10000000
+	ATTR_VOL_RESERVED_SIZE                  = 0x20000000
+	ATTR_VOL_SETMASK                        = 0x80002000
+	ATTR_VOL_SIGNATURE                      = 0x2
+	ATTR_VOL_SIZE                           = 0x4
+	ATTR_VOL_SPACEAVAIL                     = 0x10
+	ATTR_VOL_SPACEFREE                      = 0x8
+	ATTR_VOL_SPACEUSED                      = 0x800000
+	ATTR_VOL_UUID                           = 0x40000
+	ATTR_VOL_VALIDMASK                      = 0xf087ffff
+	B0                                      = 0x0
+	B110                                    = 0x6e
+	B115200                                 = 0x1c200
+	B1200                                   = 0x4b0
+	B134                                    = 0x86
+	B14400                                  = 0x3840
+	B150                                    = 0x96
+	B1800                                   = 0x708
+	B19200                                  = 0x4b00
+	B200                                    = 0xc8
+	B230400                                 = 0x38400
+	B2400                                   = 0x960
+	B28800                                  = 0x7080
+	B300                                    = 0x12c
+	B38400                                  = 0x9600
+	B4800                                   = 0x12c0
+	B50                                     = 0x32
+	B57600                                  = 0xe100
+	B600                                    = 0x258
+	B7200                                   = 0x1c20
+	B75                                     = 0x4b
+	B76800                                  = 0x12c00
+	B9600                                   = 0x2580
+	BIOCFLUSH                               = 0x20004268
+	BIOCGBLEN                               = 0x40044266
+	BIOCGDLT                                = 0x4004426a
+	BIOCGDLTLIST                            = 0xc00c4279
+	BIOCGETIF                               = 0x4020426b
+	BIOCGHDRCMPLT                           = 0x40044274
+	BIOCGRSIG                               = 0x40044272
+	BIOCGRTIMEOUT                           = 0x4010426e
+	BIOCGSEESENT                            = 0x40044276
+	BIOCGSTATS                              = 0x4008426f
+	BIOCIMMEDIATE                           = 0x80044270
+	BIOCPROMISC                             = 0x20004269
+	BIOCSBLEN                               = 0xc0044266
+	BIOCSDLT                                = 0x80044278
+	BIOCSETF                                = 0x80104267
+	BIOCSETFNR                              = 0x8010427e
+	BIOCSETIF                               = 0x8020426c
+	BIOCSHDRCMPLT                           = 0x80044275
+	BIOCSRSIG                               = 0x80044273
+	BIOCSRTIMEOUT                           = 0x8010426d
+	BIOCSSEESENT                            = 0x80044277
+	BIOCVERSION                             = 0x40044271
+	BPF_A                                   = 0x10
+	BPF_ABS                                 = 0x20
+	BPF_ADD                                 = 0x0
+	BPF_ALIGNMENT                           = 0x4
+	BPF_ALU                                 = 0x4
+	BPF_AND                                 = 0x50
+	BPF_B                                   = 0x10
+	BPF_DIV                                 = 0x30
+	BPF_H                                   = 0x8
+	BPF_IMM                                 = 0x0
+	BPF_IND                                 = 0x40
+	BPF_JA                                  = 0x0
+	BPF_JEQ                                 = 0x10
+	BPF_JGE                                 = 0x30
+	BPF_JGT                                 = 0x20
+	BPF_JMP                                 = 0x5
+	BPF_JSET                                = 0x40
+	BPF_K                                   = 0x0
+	BPF_LD                                  = 0x0
+	BPF_LDX                                 = 0x1
+	BPF_LEN                                 = 0x80
+	BPF_LSH                                 = 0x60
+	BPF_MAJOR_VERSION                       = 0x1
+	BPF_MAXBUFSIZE                          = 0x80000
+	BPF_MAXINSNS                            = 0x200
+	BPF_MEM                                 = 0x60
+	BPF_MEMWORDS                            = 0x10
+	BPF_MINBUFSIZE                          = 0x20
+	BPF_MINOR_VERSION                       = 0x1
+	BPF_MISC                                = 0x7
+	BPF_MSH                                 = 0xa0
+	BPF_MUL                                 = 0x20
+	BPF_NEG                                 = 0x80
+	BPF_OR                                  = 0x40
+	BPF_RELEASE                             = 0x30bb6
+	BPF_RET                                 = 0x6
+	BPF_RSH                                 = 0x70
+	BPF_ST                                  = 0x2
+	BPF_STX                                 = 0x3
+	BPF_SUB                                 = 0x10
+	BPF_TAX                                 = 0x0
+	BPF_TXA                                 = 0x80
+	BPF_W                                   = 0x0
+	BPF_X                                   = 0x8
+	BRKINT                                  = 0x2
+	BS0                                     = 0x0
+	BS1                                     = 0x8000
+	BSDLY                                   = 0x8000
+	CFLUSH                                  = 0xf
+	CLOCAL                                  = 0x8000
+	CLOCK_MONOTONIC                         = 0x6
+	CLOCK_MONOTONIC_RAW                     = 0x4
+	CLOCK_MONOTONIC_RAW_APPROX              = 0x5
+	CLOCK_PROCESS_CPUTIME_ID                = 0xc
+	CLOCK_REALTIME                          = 0x0
+	CLOCK_THREAD_CPUTIME_ID                 = 0x10
+	CLOCK_UPTIME_RAW                        = 0x8
+	CLOCK_UPTIME_RAW_APPROX                 = 0x9
+	CLONE_NOFOLLOW                          = 0x1
+	CLONE_NOOWNERCOPY                       = 0x2
+	CR0                                     = 0x0
+	CR1                                     = 0x1000
+	CR2                                     = 0x2000
+	CR3                                     = 0x3000
+	CRDLY                                   = 0x3000
+	CREAD                                   = 0x800
+	CRTSCTS                                 = 0x30000
+	CS5                                     = 0x0
+	CS6                                     = 0x100
+	CS7                                     = 0x200
+	CS8                                     = 0x300
+	CSIZE                                   = 0x300
+	CSTART                                  = 0x11
+	CSTATUS                                 = 0x14
+	CSTOP                                   = 0x13
+	CSTOPB                                  = 0x400
+	CSUSP                                   = 0x1a
+	CTLIOCGINFO                             = 0xc0644e03
+	CTL_HW                                  = 0x6
+	CTL_KERN                                = 0x1
+	CTL_MAXNAME                             = 0xc
+	CTL_NET                                 = 0x4
+	DLT_A429                                = 0xb8
+	DLT_A653_ICM                            = 0xb9
+	DLT_AIRONET_HEADER                      = 0x78
+	DLT_AOS                                 = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394              = 0x8a
+	DLT_ARCNET                              = 0x7
+	DLT_ARCNET_LINUX                        = 0x81
+	DLT_ATM_CLIP                            = 0x13
+	DLT_ATM_RFC1483                         = 0xb
+	DLT_AURORA                              = 0x7e
+	DLT_AX25                                = 0x3
+	DLT_AX25_KISS                           = 0xca
+	DLT_BACNET_MS_TP                        = 0xa5
+	DLT_BLUETOOTH_HCI_H4                    = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR          = 0xc9
+	DLT_CAN20B                              = 0xbe
+	DLT_CAN_SOCKETCAN                       = 0xe3
+	DLT_CHAOS                               = 0x5
+	DLT_CHDLC                               = 0x68
+	DLT_CISCO_IOS                           = 0x76
+	DLT_C_HDLC                              = 0x68
+	DLT_C_HDLC_WITH_DIR                     = 0xcd
+	DLT_DBUS                                = 0xe7
+	DLT_DECT                                = 0xdd
+	DLT_DOCSIS                              = 0x8f
+	DLT_DVB_CI                              = 0xeb
+	DLT_ECONET                              = 0x73
+	DLT_EN10MB                              = 0x1
+	DLT_EN3MB                               = 0x2
+	DLT_ENC                                 = 0x6d
+	DLT_ERF                                 = 0xc5
+	DLT_ERF_ETH                             = 0xaf
+	DLT_ERF_POS                             = 0xb0
+	DLT_FC_2                                = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS              = 0xe1
+	DLT_FDDI                                = 0xa
+	DLT_FLEXRAY                             = 0xd2
+	DLT_FRELAY                              = 0x6b
+	DLT_FRELAY_WITH_DIR                     = 0xce
+	DLT_GCOM_SERIAL                         = 0xad
+	DLT_GCOM_T1E1                           = 0xac
+	DLT_GPF_F                               = 0xab
+	DLT_GPF_T                               = 0xaa
+	DLT_GPRS_LLC                            = 0xa9
+	DLT_GSMTAP_ABIS                         = 0xda
+	DLT_GSMTAP_UM                           = 0xd9
+	DLT_HHDLC                               = 0x79
+	DLT_IBM_SN                              = 0x92
+	DLT_IBM_SP                              = 0x91
+	DLT_IEEE802                             = 0x6
+	DLT_IEEE802_11                          = 0x69
+	DLT_IEEE802_11_RADIO                    = 0x7f
+	DLT_IEEE802_11_RADIO_AVS                = 0xa3
+	DLT_IEEE802_15_4                        = 0xc3
+	DLT_IEEE802_15_4_LINUX                  = 0xbf
+	DLT_IEEE802_15_4_NOFCS                  = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY             = 0xd7
+	DLT_IEEE802_16_MAC_CPS                  = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO            = 0xc1
+	DLT_IPFILTER                            = 0x74
+	DLT_IPMB                                = 0xc7
+	DLT_IPMB_LINUX                          = 0xd1
+	DLT_IPNET                               = 0xe2
+	DLT_IPOIB                               = 0xf2
+	DLT_IPV4                                = 0xe4
+	DLT_IPV6                                = 0xe5
+	DLT_IP_OVER_FC                          = 0x7a
+	DLT_JUNIPER_ATM1                        = 0x89
+	DLT_JUNIPER_ATM2                        = 0x87
+	DLT_JUNIPER_ATM_CEMIC                   = 0xee
+	DLT_JUNIPER_CHDLC                       = 0xb5
+	DLT_JUNIPER_ES                          = 0x84
+	DLT_JUNIPER_ETHER                       = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL                = 0xea
+	DLT_JUNIPER_FRELAY                      = 0xb4
+	DLT_JUNIPER_GGSN                        = 0x85
+	DLT_JUNIPER_ISM                         = 0xc2
+	DLT_JUNIPER_MFR                         = 0x86
+	DLT_JUNIPER_MLFR                        = 0x83
+	DLT_JUNIPER_MLPPP                       = 0x82
+	DLT_JUNIPER_MONITOR                     = 0xa4
+	DLT_JUNIPER_PIC_PEER                    = 0xae
+	DLT_JUNIPER_PPP                         = 0xb3
+	DLT_JUNIPER_PPPOE                       = 0xa7
+	DLT_JUNIPER_PPPOE_ATM                   = 0xa8
+	DLT_JUNIPER_SERVICES                    = 0x88
+	DLT_JUNIPER_SRX_E2E                     = 0xe9
+	DLT_JUNIPER_ST                          = 0xc8
+	DLT_JUNIPER_VP                          = 0xb7
+	DLT_JUNIPER_VS                          = 0xe8
+	DLT_LAPB_WITH_DIR                       = 0xcf
+	DLT_LAPD                                = 0xcb
+	DLT_LIN                                 = 0xd4
+	DLT_LINUX_EVDEV                         = 0xd8
+	DLT_LINUX_IRDA                          = 0x90
+	DLT_LINUX_LAPD                          = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION             = 0xa6
+	DLT_LINUX_SLL                           = 0x71
+	DLT_LOOP                                = 0x6c
+	DLT_LTALK                               = 0x72
+	DLT_MATCHING_MAX                        = 0x10a
+	DLT_MATCHING_MIN                        = 0x68
+	DLT_MFR                                 = 0xb6
+	DLT_MOST                                = 0xd3
+	DLT_MPEG_2_TS                           = 0xf3
+	DLT_MPLS                                = 0xdb
+	DLT_MTP2                                = 0x8c
+	DLT_MTP2_WITH_PHDR                      = 0x8b
+	DLT_MTP3                                = 0x8d
+	DLT_MUX27010                            = 0xec
+	DLT_NETANALYZER                         = 0xf0
+	DLT_NETANALYZER_TRANSPARENT             = 0xf1
+	DLT_NFC_LLCP                            = 0xf5
+	DLT_NFLOG                               = 0xef
+	DLT_NG40                                = 0xf4
+	DLT_NULL                                = 0x0
+	DLT_PCI_EXP                             = 0x7d
+	DLT_PFLOG                               = 0x75
+	DLT_PFSYNC                              = 0x12
+	DLT_PPI                                 = 0xc0
+	DLT_PPP                                 = 0x9
+	DLT_PPP_BSDOS                           = 0x10
+	DLT_PPP_ETHER                           = 0x33
+	DLT_PPP_PPPD                            = 0xa6
+	DLT_PPP_SERIAL                          = 0x32
+	DLT_PPP_WITH_DIR                        = 0xcc
+	DLT_PPP_WITH_DIRECTION                  = 0xa6
+	DLT_PRISM_HEADER                        = 0x77
+	DLT_PRONET                              = 0x4
+	DLT_RAIF1                               = 0xc6
+	DLT_RAW                                 = 0xc
+	DLT_RIO                                 = 0x7c
+	DLT_SCCP                                = 0x8e
+	DLT_SITA                                = 0xc4
+	DLT_SLIP                                = 0x8
+	DLT_SLIP_BSDOS                          = 0xf
+	DLT_STANAG_5066_D_PDU                   = 0xed
+	DLT_SUNATM                              = 0x7b
+	DLT_SYMANTEC_FIREWALL                   = 0x63
+	DLT_TZSP                                = 0x80
+	DLT_USB                                 = 0xba
+	DLT_USB_DARWIN                          = 0x10a
+	DLT_USB_LINUX                           = 0xbd
+	DLT_USB_LINUX_MMAPPED                   = 0xdc
+	DLT_USER0                               = 0x93
+	DLT_USER1                               = 0x94
+	DLT_USER10                              = 0x9d
+	DLT_USER11                              = 0x9e
+	DLT_USER12                              = 0x9f
+	DLT_USER13                              = 0xa0
+	DLT_USER14                              = 0xa1
+	DLT_USER15                              = 0xa2
+	DLT_USER2                               = 0x95
+	DLT_USER3                               = 0x96
+	DLT_USER4                               = 0x97
+	DLT_USER5                               = 0x98
+	DLT_USER6                               = 0x99
+	DLT_USER7                               = 0x9a
+	DLT_USER8                               = 0x9b
+	DLT_USER9                               = 0x9c
+	DLT_WIHART                              = 0xdf
+	DLT_X2E_SERIAL                          = 0xd5
+	DLT_X2E_XORAYA                          = 0xd6
+	DT_BLK                                  = 0x6
+	DT_CHR                                  = 0x2
+	DT_DIR                                  = 0x4
+	DT_FIFO                                 = 0x1
+	DT_LNK                                  = 0xa
+	DT_REG                                  = 0x8
+	DT_SOCK                                 = 0xc
+	DT_UNKNOWN                              = 0x0
+	DT_WHT                                  = 0xe
+	ECHO                                    = 0x8
+	ECHOCTL                                 = 0x40
+	ECHOE                                   = 0x2
+	ECHOK                                   = 0x4
+	ECHOKE                                  = 0x1
+	ECHONL                                  = 0x10
+	ECHOPRT                                 = 0x20
+	EVFILT_AIO                              = -0x3
+	EVFILT_EXCEPT                           = -0xf
+	EVFILT_FS                               = -0x9
+	EVFILT_MACHPORT                         = -0x8
+	EVFILT_PROC                             = -0x5
+	EVFILT_READ                             = -0x1
+	EVFILT_SIGNAL                           = -0x6
+	EVFILT_SYSCOUNT                         = 0x11
+	EVFILT_THREADMARKER                     = 0x11
+	EVFILT_TIMER                            = -0x7
+	EVFILT_USER                             = -0xa
+	EVFILT_VM                               = -0xc
+	EVFILT_VNODE                            = -0x4
+	EVFILT_WRITE                            = -0x2
+	EV_ADD                                  = 0x1
+	EV_CLEAR                                = 0x20
+	EV_DELETE                               = 0x2
+	EV_DISABLE                              = 0x8
+	EV_DISPATCH                             = 0x80
+	EV_DISPATCH2                            = 0x180
+	EV_ENABLE                               = 0x4
+	EV_EOF                                  = 0x8000
+	EV_ERROR                                = 0x4000
+	EV_FLAG0                                = 0x1000
+	EV_FLAG1                                = 0x2000
+	EV_ONESHOT                              = 0x10
+	EV_OOBAND                               = 0x2000
+	EV_POLL                                 = 0x1000
+	EV_RECEIPT                              = 0x40
+	EV_SYSFLAGS                             = 0xf000
+	EV_UDATA_SPECIFIC                       = 0x100
+	EV_VANISHED                             = 0x200
+	EXTA                                    = 0x4b00
+	EXTB                                    = 0x9600
+	EXTPROC                                 = 0x800
+	FD_CLOEXEC                              = 0x1
+	FD_SETSIZE                              = 0x400
+	FF0                                     = 0x0
+	FF1                                     = 0x4000
+	FFDLY                                   = 0x4000
+	FLUSHO                                  = 0x800000
+	FSOPT_ATTR_CMN_EXTENDED                 = 0x20
+	FSOPT_NOFOLLOW                          = 0x1
+	FSOPT_NOINMEMUPDATE                     = 0x2
+	FSOPT_PACK_INVAL_ATTRS                  = 0x8
+	FSOPT_REPORT_FULLSIZE                   = 0x4
+	FSOPT_RETURN_REALDEV                    = 0x200
+	F_ADDFILESIGS                           = 0x3d
+	F_ADDFILESIGS_FOR_DYLD_SIM              = 0x53
+	F_ADDFILESIGS_INFO                      = 0x67
+	F_ADDFILESIGS_RETURN                    = 0x61
+	F_ADDFILESUPPL                          = 0x68
+	F_ADDSIGS                               = 0x3b
+	F_ALLOCATEALL                           = 0x4
+	F_ALLOCATECONTIG                        = 0x2
+	F_BARRIERFSYNC                          = 0x55
+	F_CHECK_LV                              = 0x62
+	F_CHKCLEAN                              = 0x29
+	F_DUPFD                                 = 0x0
+	F_DUPFD_CLOEXEC                         = 0x43
+	F_FINDSIGS                              = 0x4e
+	F_FLUSH_DATA                            = 0x28
+	F_FREEZE_FS                             = 0x35
+	F_FULLFSYNC                             = 0x33
+	F_GETCODEDIR                            = 0x48
+	F_GETFD                                 = 0x1
+	F_GETFL                                 = 0x3
+	F_GETLK                                 = 0x7
+	F_GETLKPID                              = 0x42
+	F_GETNOSIGPIPE                          = 0x4a
+	F_GETOWN                                = 0x5
+	F_GETPATH                               = 0x32
+	F_GETPATH_MTMINFO                       = 0x47
+	F_GETPATH_NOFIRMLINK                    = 0x66
+	F_GETPROTECTIONCLASS                    = 0x3f
+	F_GETPROTECTIONLEVEL                    = 0x4d
+	F_GETSIGSINFO                           = 0x69
+	F_GLOBAL_NOCACHE                        = 0x37
+	F_LOG2PHYS                              = 0x31
+	F_LOG2PHYS_EXT                          = 0x41
+	F_NOCACHE                               = 0x30
+	F_NODIRECT                              = 0x3e
+	F_OK                                    = 0x0
+	F_PATHPKG_CHECK                         = 0x34
+	F_PEOFPOSMODE                           = 0x3
+	F_PREALLOCATE                           = 0x2a
+	F_PUNCHHOLE                             = 0x63
+	F_RDADVISE                              = 0x2c
+	F_RDAHEAD                               = 0x2d
+	F_RDLCK                                 = 0x1
+	F_SETBACKINGSTORE                       = 0x46
+	F_SETFD                                 = 0x2
+	F_SETFL                                 = 0x4
+	F_SETLK                                 = 0x8
+	F_SETLKW                                = 0x9
+	F_SETLKWTIMEOUT                         = 0xa
+	F_SETNOSIGPIPE                          = 0x49
+	F_SETOWN                                = 0x6
+	F_SETPROTECTIONCLASS                    = 0x40
+	F_SETSIZE                               = 0x2b
+	F_SINGLE_WRITER                         = 0x4c
+	F_SPECULATIVE_READ                      = 0x65
+	F_THAW_FS                               = 0x36
+	F_TRANSCODEKEY                          = 0x4b
+	F_TRIM_ACTIVE_FILE                      = 0x64
+	F_UNLCK                                 = 0x2
+	F_VOLPOSMODE                            = 0x4
+	F_WRLCK                                 = 0x3
+	HUPCL                                   = 0x4000
+	HW_MACHINE                              = 0x1
+	ICANON                                  = 0x100
+	ICMP6_FILTER                            = 0x12
+	ICRNL                                   = 0x100
+	IEXTEN                                  = 0x400
+	IFF_ALLMULTI                            = 0x200
+	IFF_ALTPHYS                             = 0x4000
+	IFF_BROADCAST                           = 0x2
+	IFF_DEBUG                               = 0x4
+	IFF_LINK0                               = 0x1000
+	IFF_LINK1                               = 0x2000
+	IFF_LINK2                               = 0x4000
+	IFF_LOOPBACK                            = 0x8
+	IFF_MULTICAST                           = 0x8000
+	IFF_NOARP                               = 0x80
+	IFF_NOTRAILERS                          = 0x20
+	IFF_OACTIVE                             = 0x400
+	IFF_POINTOPOINT                         = 0x10
+	IFF_PROMISC                             = 0x100
+	IFF_RUNNING                             = 0x40
+	IFF_SIMPLEX                             = 0x800
+	IFF_UP                                  = 0x1
+	IFNAMSIZ                                = 0x10
+	IFT_1822                                = 0x2
+	IFT_6LOWPAN                             = 0x40
+	IFT_AAL5                                = 0x31
+	IFT_ARCNET                              = 0x23
+	IFT_ARCNETPLUS                          = 0x24
+	IFT_ATM                                 = 0x25
+	IFT_BRIDGE                              = 0xd1
+	IFT_CARP                                = 0xf8
+	IFT_CELLULAR                            = 0xff
+	IFT_CEPT                                = 0x13
+	IFT_DS3                                 = 0x1e
+	IFT_ENC                                 = 0xf4
+	IFT_EON                                 = 0x19
+	IFT_ETHER                               = 0x6
+	IFT_FAITH                               = 0x38
+	IFT_FDDI                                = 0xf
+	IFT_FRELAY                              = 0x20
+	IFT_FRELAYDCE                           = 0x2c
+	IFT_GIF                                 = 0x37
+	IFT_HDH1822                             = 0x3
+	IFT_HIPPI                               = 0x2f
+	IFT_HSSI                                = 0x2e
+	IFT_HY                                  = 0xe
+	IFT_IEEE1394                            = 0x90
+	IFT_IEEE8023ADLAG                       = 0x88
+	IFT_ISDNBASIC                           = 0x14
+	IFT_ISDNPRIMARY                         = 0x15
+	IFT_ISO88022LLC                         = 0x29
+	IFT_ISO88023                            = 0x7
+	IFT_ISO88024                            = 0x8
+	IFT_ISO88025                            = 0x9
+	IFT_ISO88026                            = 0xa
+	IFT_L2VLAN                              = 0x87
+	IFT_LAPB                                = 0x10
+	IFT_LOCALTALK                           = 0x2a
+	IFT_LOOP                                = 0x18
+	IFT_MIOX25                              = 0x26
+	IFT_MODEM                               = 0x30
+	IFT_NSIP                                = 0x1b
+	IFT_OTHER                               = 0x1
+	IFT_P10                                 = 0xc
+	IFT_P80                                 = 0xd
+	IFT_PARA                                = 0x22
+	IFT_PDP                                 = 0xff
+	IFT_PFLOG                               = 0xf5
+	IFT_PFSYNC                              = 0xf6
+	IFT_PKTAP                               = 0xfe
+	IFT_PPP                                 = 0x17
+	IFT_PROPMUX                             = 0x36
+	IFT_PROPVIRTUAL                         = 0x35
+	IFT_PTPSERIAL                           = 0x16
+	IFT_RS232                               = 0x21
+	IFT_SDLC                                = 0x11
+	IFT_SIP                                 = 0x1f
+	IFT_SLIP                                = 0x1c
+	IFT_SMDSDXI                             = 0x2b
+	IFT_SMDSICIP                            = 0x34
+	IFT_SONET                               = 0x27
+	IFT_SONETPATH                           = 0x32
+	IFT_SONETVT                             = 0x33
+	IFT_STARLAN                             = 0xb
+	IFT_STF                                 = 0x39
+	IFT_T1                                  = 0x12
+	IFT_ULTRA                               = 0x1d
+	IFT_V35                                 = 0x2d
+	IFT_X25                                 = 0x5
+	IFT_X25DDN                              = 0x4
+	IFT_X25PLE                              = 0x28
+	IFT_XETHER                              = 0x1a
+	IGNBRK                                  = 0x1
+	IGNCR                                   = 0x80
+	IGNPAR                                  = 0x4
+	IMAXBEL                                 = 0x2000
+	INLCR                                   = 0x40
+	INPCK                                   = 0x10
+	IN_CLASSA_HOST                          = 0xffffff
+	IN_CLASSA_MAX                           = 0x80
+	IN_CLASSA_NET                           = 0xff000000
+	IN_CLASSA_NSHIFT                        = 0x18
+	IN_CLASSB_HOST                          = 0xffff
+	IN_CLASSB_MAX                           = 0x10000
+	IN_CLASSB_NET                           = 0xffff0000
+	IN_CLASSB_NSHIFT                        = 0x10
+	IN_CLASSC_HOST                          = 0xff
+	IN_CLASSC_NET                           = 0xffffff00
+	IN_CLASSC_NSHIFT                        = 0x8
+	IN_CLASSD_HOST                          = 0xfffffff
+	IN_CLASSD_NET                           = 0xf0000000
+	IN_CLASSD_NSHIFT                        = 0x1c
+	IN_LINKLOCALNETNUM                      = 0xa9fe0000
+	IN_LOOPBACKNET                          = 0x7f
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID          = 0x400473d1
+	IPPROTO_3PC                             = 0x22
+	IPPROTO_ADFS                            = 0x44
+	IPPROTO_AH                              = 0x33
+	IPPROTO_AHIP                            = 0x3d
+	IPPROTO_APES                            = 0x63
+	IPPROTO_ARGUS                           = 0xd
+	IPPROTO_AX25                            = 0x5d
+	IPPROTO_BHA                             = 0x31
+	IPPROTO_BLT                             = 0x1e
+	IPPROTO_BRSATMON                        = 0x4c
+	IPPROTO_CFTP                            = 0x3e
+	IPPROTO_CHAOS                           = 0x10
+	IPPROTO_CMTP                            = 0x26
+	IPPROTO_CPHB                            = 0x49
+	IPPROTO_CPNX                            = 0x48
+	IPPROTO_DDP                             = 0x25
+	IPPROTO_DGP                             = 0x56
+	IPPROTO_DIVERT                          = 0xfe
+	IPPROTO_DONE                            = 0x101
+	IPPROTO_DSTOPTS                         = 0x3c
+	IPPROTO_EGP                             = 0x8
+	IPPROTO_EMCON                           = 0xe
+	IPPROTO_ENCAP                           = 0x62
+	IPPROTO_EON                             = 0x50
+	IPPROTO_ESP                             = 0x32
+	IPPROTO_ETHERIP                         = 0x61
+	IPPROTO_FRAGMENT                        = 0x2c
+	IPPROTO_GGP                             = 0x3
+	IPPROTO_GMTP                            = 0x64
+	IPPROTO_GRE                             = 0x2f
+	IPPROTO_HELLO                           = 0x3f
+	IPPROTO_HMP                             = 0x14
+	IPPROTO_HOPOPTS                         = 0x0
+	IPPROTO_ICMP                            = 0x1
+	IPPROTO_ICMPV6                          = 0x3a
+	IPPROTO_IDP                             = 0x16
+	IPPROTO_IDPR                            = 0x23
+	IPPROTO_IDRP                            = 0x2d
+	IPPROTO_IGMP                            = 0x2
+	IPPROTO_IGP                             = 0x55
+	IPPROTO_IGRP                            = 0x58
+	IPPROTO_IL                              = 0x28
+	IPPROTO_INLSP                           = 0x34
+	IPPROTO_INP                             = 0x20
+	IPPROTO_IP                              = 0x0
+	IPPROTO_IPCOMP                          = 0x6c
+	IPPROTO_IPCV                            = 0x47
+	IPPROTO_IPEIP                           = 0x5e
+	IPPROTO_IPIP                            = 0x4
+	IPPROTO_IPPC                            = 0x43
+	IPPROTO_IPV4                            = 0x4
+	IPPROTO_IPV6                            = 0x29
+	IPPROTO_IRTP                            = 0x1c
+	IPPROTO_KRYPTOLAN                       = 0x41
+	IPPROTO_LARP                            = 0x5b
+	IPPROTO_LEAF1                           = 0x19
+	IPPROTO_LEAF2                           = 0x1a
+	IPPROTO_MAX                             = 0x100
+	IPPROTO_MAXID                           = 0x34
+	IPPROTO_MEAS                            = 0x13
+	IPPROTO_MHRP                            = 0x30
+	IPPROTO_MICP                            = 0x5f
+	IPPROTO_MTP                             = 0x5c
+	IPPROTO_MUX                             = 0x12
+	IPPROTO_ND                              = 0x4d
+	IPPROTO_NHRP                            = 0x36
+	IPPROTO_NONE                            = 0x3b
+	IPPROTO_NSP                             = 0x1f
+	IPPROTO_NVPII                           = 0xb
+	IPPROTO_OSPFIGP                         = 0x59
+	IPPROTO_PGM                             = 0x71
+	IPPROTO_PIGP                            = 0x9
+	IPPROTO_PIM                             = 0x67
+	IPPROTO_PRM                             = 0x15
+	IPPROTO_PUP                             = 0xc
+	IPPROTO_PVP                             = 0x4b
+	IPPROTO_RAW                             = 0xff
+	IPPROTO_RCCMON                          = 0xa
+	IPPROTO_RDP                             = 0x1b
+	IPPROTO_ROUTING                         = 0x2b
+	IPPROTO_RSVP                            = 0x2e
+	IPPROTO_RVD                             = 0x42
+	IPPROTO_SATEXPAK                        = 0x40
+	IPPROTO_SATMON                          = 0x45
+	IPPROTO_SCCSP                           = 0x60
+	IPPROTO_SCTP                            = 0x84
+	IPPROTO_SDRP                            = 0x2a
+	IPPROTO_SEP                             = 0x21
+	IPPROTO_SRPC                            = 0x5a
+	IPPROTO_ST                              = 0x7
+	IPPROTO_SVMTP                           = 0x52
+	IPPROTO_SWIPE                           = 0x35
+	IPPROTO_TCF                             = 0x57
+	IPPROTO_TCP                             = 0x6
+	IPPROTO_TP                              = 0x1d
+	IPPROTO_TPXX                            = 0x27
+	IPPROTO_TRUNK1                          = 0x17
+	IPPROTO_TRUNK2                          = 0x18
+	IPPROTO_TTP                             = 0x54
+	IPPROTO_UDP                             = 0x11
+	IPPROTO_VINES                           = 0x53
+	IPPROTO_VISA                            = 0x46
+	IPPROTO_VMTP                            = 0x51
+	IPPROTO_WBEXPAK                         = 0x4f
+	IPPROTO_WBMON                           = 0x4e
+	IPPROTO_WSN                             = 0x4a
+	IPPROTO_XNET                            = 0xf
+	IPPROTO_XTP                             = 0x24
+	IPV6_2292DSTOPTS                        = 0x17
+	IPV6_2292HOPLIMIT                       = 0x14
+	IPV6_2292HOPOPTS                        = 0x16
+	IPV6_2292NEXTHOP                        = 0x15
+	IPV6_2292PKTINFO                        = 0x13
+	IPV6_2292PKTOPTIONS                     = 0x19
+	IPV6_2292RTHDR                          = 0x18
+	IPV6_3542DSTOPTS                        = 0x32
+	IPV6_3542HOPLIMIT                       = 0x2f
+	IPV6_3542HOPOPTS                        = 0x31
+	IPV6_3542NEXTHOP                        = 0x30
+	IPV6_3542PKTINFO                        = 0x2e
+	IPV6_3542RTHDR                          = 0x33
+	IPV6_ADDR_MC_FLAGS_PREFIX               = 0x20
+	IPV6_ADDR_MC_FLAGS_TRANSIENT            = 0x10
+	IPV6_ADDR_MC_FLAGS_UNICAST_BASED        = 0x30
+	IPV6_AUTOFLOWLABEL                      = 0x3b
+	IPV6_BINDV6ONLY                         = 0x1b
+	IPV6_BOUND_IF                           = 0x7d
+	IPV6_CHECKSUM                           = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS             = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP             = 0x1
+	IPV6_DEFHLIM                            = 0x40
+	IPV6_DONTFRAG                           = 0x3e
+	IPV6_DSTOPTS                            = 0x32
+	IPV6_FAITH                              = 0x1d
+	IPV6_FLOWINFO_MASK                      = 0xffffff0f
+	IPV6_FLOWLABEL_MASK                     = 0xffff0f00
+	IPV6_FLOW_ECN_MASK                      = 0x3000
+	IPV6_FRAGTTL                            = 0x3c
+	IPV6_FW_ADD                             = 0x1e
+	IPV6_FW_DEL                             = 0x1f
+	IPV6_FW_FLUSH                           = 0x20
+	IPV6_FW_GET                             = 0x22
+	IPV6_FW_ZERO                            = 0x21
+	IPV6_HLIMDEC                            = 0x1
+	IPV6_HOPLIMIT                           = 0x2f
+	IPV6_HOPOPTS                            = 0x31
+	IPV6_IPSEC_POLICY                       = 0x1c
+	IPV6_JOIN_GROUP                         = 0xc
+	IPV6_LEAVE_GROUP                        = 0xd
+	IPV6_MAXHLIM                            = 0xff
+	IPV6_MAXOPTHDR                          = 0x800
+	IPV6_MAXPACKET                          = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER               = 0x200
+	IPV6_MAX_MEMBERSHIPS                    = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER                = 0x80
+	IPV6_MIN_MEMBERSHIPS                    = 0x1f
+	IPV6_MMTU                               = 0x500
+	IPV6_MSFILTER                           = 0x4a
+	IPV6_MULTICAST_HOPS                     = 0xa
+	IPV6_MULTICAST_IF                       = 0x9
+	IPV6_MULTICAST_LOOP                     = 0xb
+	IPV6_NEXTHOP                            = 0x30
+	IPV6_PATHMTU                            = 0x2c
+	IPV6_PKTINFO                            = 0x2e
+	IPV6_PORTRANGE                          = 0xe
+	IPV6_PORTRANGE_DEFAULT                  = 0x0
+	IPV6_PORTRANGE_HIGH                     = 0x1
+	IPV6_PORTRANGE_LOW                      = 0x2
+	IPV6_PREFER_TEMPADDR                    = 0x3f
+	IPV6_RECVDSTOPTS                        = 0x28
+	IPV6_RECVHOPLIMIT                       = 0x25
+	IPV6_RECVHOPOPTS                        = 0x27
+	IPV6_RECVPATHMTU                        = 0x2b
+	IPV6_RECVPKTINFO                        = 0x3d
+	IPV6_RECVRTHDR                          = 0x26
+	IPV6_RECVTCLASS                         = 0x23
+	IPV6_RTHDR                              = 0x33
+	IPV6_RTHDRDSTOPTS                       = 0x39
+	IPV6_RTHDR_LOOSE                        = 0x0
+	IPV6_RTHDR_STRICT                       = 0x1
+	IPV6_RTHDR_TYPE_0                       = 0x0
+	IPV6_SOCKOPT_RESERVED1                  = 0x3
+	IPV6_TCLASS                             = 0x24
+	IPV6_UNICAST_HOPS                       = 0x4
+	IPV6_USE_MIN_MTU                        = 0x2a
+	IPV6_V6ONLY                             = 0x1b
+	IPV6_VERSION                            = 0x60
+	IPV6_VERSION_MASK                       = 0xf0
+	IP_ADD_MEMBERSHIP                       = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP                = 0x46
+	IP_BLOCK_SOURCE                         = 0x48
+	IP_BOUND_IF                             = 0x19
+	IP_DEFAULT_MULTICAST_LOOP               = 0x1
+	IP_DEFAULT_MULTICAST_TTL                = 0x1
+	IP_DF                                   = 0x4000
+	IP_DONTFRAG                             = 0x1c
+	IP_DROP_MEMBERSHIP                      = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP               = 0x47
+	IP_DUMMYNET_CONFIGURE                   = 0x3c
+	IP_DUMMYNET_DEL                         = 0x3d
+	IP_DUMMYNET_FLUSH                       = 0x3e
+	IP_DUMMYNET_GET                         = 0x40
+	IP_FAITH                                = 0x16
+	IP_FW_ADD                               = 0x28
+	IP_FW_DEL                               = 0x29
+	IP_FW_FLUSH                             = 0x2a
+	IP_FW_GET                               = 0x2c
+	IP_FW_RESETLOG                          = 0x2d
+	IP_FW_ZERO                              = 0x2b
+	IP_HDRINCL                              = 0x2
+	IP_IPSEC_POLICY                         = 0x15
+	IP_MAXPACKET                            = 0xffff
+	IP_MAX_GROUP_SRC_FILTER                 = 0x200
+	IP_MAX_MEMBERSHIPS                      = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER                 = 0x80
+	IP_MAX_SOCK_SRC_FILTER                  = 0x80
+	IP_MF                                   = 0x2000
+	IP_MIN_MEMBERSHIPS                      = 0x1f
+	IP_MSFILTER                             = 0x4a
+	IP_MSS                                  = 0x240
+	IP_MULTICAST_IF                         = 0x9
+	IP_MULTICAST_IFINDEX                    = 0x42
+	IP_MULTICAST_LOOP                       = 0xb
+	IP_MULTICAST_TTL                        = 0xa
+	IP_MULTICAST_VIF                        = 0xe
+	IP_NAT__XXX                             = 0x37
+	IP_OFFMASK                              = 0x1fff
+	IP_OLD_FW_ADD                           = 0x32
+	IP_OLD_FW_DEL                           = 0x33
+	IP_OLD_FW_FLUSH                         = 0x34
+	IP_OLD_FW_GET                           = 0x36
+	IP_OLD_FW_RESETLOG                      = 0x38
+	IP_OLD_FW_ZERO                          = 0x35
+	IP_OPTIONS                              = 0x1
+	IP_PKTINFO                              = 0x1a
+	IP_PORTRANGE                            = 0x13
+	IP_PORTRANGE_DEFAULT                    = 0x0
+	IP_PORTRANGE_HIGH                       = 0x1
+	IP_PORTRANGE_LOW                        = 0x2
+	IP_RECVDSTADDR                          = 0x7
+	IP_RECVIF                               = 0x14
+	IP_RECVOPTS                             = 0x5
+	IP_RECVPKTINFO                          = 0x1a
+	IP_RECVRETOPTS                          = 0x6
+	IP_RECVTOS                              = 0x1b
+	IP_RECVTTL                              = 0x18
+	IP_RETOPTS                              = 0x8
+	IP_RF                                   = 0x8000
+	IP_RSVP_OFF                             = 0x10
+	IP_RSVP_ON                              = 0xf
+	IP_RSVP_VIF_OFF                         = 0x12
+	IP_RSVP_VIF_ON                          = 0x11
+	IP_STRIPHDR                             = 0x17
+	IP_TOS                                  = 0x3
+	IP_TRAFFIC_MGT_BACKGROUND               = 0x41
+	IP_TTL                                  = 0x4
+	IP_UNBLOCK_SOURCE                       = 0x49
+	ISIG                                    = 0x80
+	ISTRIP                                  = 0x20
+	IUTF8                                   = 0x4000
+	IXANY                                   = 0x800
+	IXOFF                                   = 0x400
+	IXON                                    = 0x200
+	KERN_HOSTNAME                           = 0xa
+	KERN_OSRELEASE                          = 0x2
+	KERN_OSTYPE                             = 0x1
+	KERN_VERSION                            = 0x4
+	LOCAL_PEERCRED                          = 0x1
+	LOCAL_PEEREPID                          = 0x3
+	LOCAL_PEEREUUID                         = 0x5
+	LOCAL_PEERPID                           = 0x2
+	LOCAL_PEERTOKEN                         = 0x6
+	LOCAL_PEERUUID                          = 0x4
+	LOCK_EX                                 = 0x2
+	LOCK_NB                                 = 0x4
+	LOCK_SH                                 = 0x1
+	LOCK_UN                                 = 0x8
+	MADV_CAN_REUSE                          = 0x9
+	MADV_DONTNEED                           = 0x4
+	MADV_FREE                               = 0x5
+	MADV_FREE_REUSABLE                      = 0x7
+	MADV_FREE_REUSE                         = 0x8
+	MADV_NORMAL                             = 0x0
+	MADV_PAGEOUT                            = 0xa
+	MADV_RANDOM                             = 0x1
+	MADV_SEQUENTIAL                         = 0x2
+	MADV_WILLNEED                           = 0x3
+	MADV_ZERO_WIRED_PAGES                   = 0x6
+	MAP_32BIT                               = 0x8000
+	MAP_ANON                                = 0x1000
+	MAP_ANONYMOUS                           = 0x1000
+	MAP_COPY                                = 0x2
+	MAP_FILE                                = 0x0
+	MAP_FIXED                               = 0x10
+	MAP_HASSEMAPHORE                        = 0x200
+	MAP_JIT                                 = 0x800
+	MAP_NOCACHE                             = 0x400
+	MAP_NOEXTEND                            = 0x100
+	MAP_NORESERVE                           = 0x40
+	MAP_PRIVATE                             = 0x2
+	MAP_RENAME                              = 0x20
+	MAP_RESERVED0080                        = 0x80
+	MAP_RESILIENT_CODESIGN                  = 0x2000
+	MAP_RESILIENT_MEDIA                     = 0x4000
+	MAP_SHARED                              = 0x1
+	MAP_TRANSLATED_ALLOW_EXECUTE            = 0x20000
+	MAP_UNIX03                              = 0x40000
+	MCAST_BLOCK_SOURCE                      = 0x54
+	MCAST_EXCLUDE                           = 0x2
+	MCAST_INCLUDE                           = 0x1
+	MCAST_JOIN_GROUP                        = 0x50
+	MCAST_JOIN_SOURCE_GROUP                 = 0x52
+	MCAST_LEAVE_GROUP                       = 0x51
+	MCAST_LEAVE_SOURCE_GROUP                = 0x53
+	MCAST_UNBLOCK_SOURCE                    = 0x55
+	MCAST_UNDEFINED                         = 0x0
+	MCL_CURRENT                             = 0x1
+	MCL_FUTURE                              = 0x2
+	MNT_ASYNC                               = 0x40
+	MNT_AUTOMOUNTED                         = 0x400000
+	MNT_CMDFLAGS                            = 0xf0000
+	MNT_CPROTECT                            = 0x80
+	MNT_DEFWRITE                            = 0x2000000
+	MNT_DONTBROWSE                          = 0x100000
+	MNT_DOVOLFS                             = 0x8000
+	MNT_DWAIT                               = 0x4
+	MNT_EXPORTED                            = 0x100
+	MNT_EXT_ROOT_DATA_VOL                   = 0x1
+	MNT_FORCE                               = 0x80000
+	MNT_IGNORE_OWNERSHIP                    = 0x200000
+	MNT_JOURNALED                           = 0x800000
+	MNT_LOCAL                               = 0x1000
+	MNT_MULTILABEL                          = 0x4000000
+	MNT_NOATIME                             = 0x10000000
+	MNT_NOBLOCK                             = 0x20000
+	MNT_NODEV                               = 0x10
+	MNT_NOEXEC                              = 0x4
+	MNT_NOSUID                              = 0x8
+	MNT_NOUSERXATTR                         = 0x1000000
+	MNT_NOWAIT                              = 0x2
+	MNT_QUARANTINE                          = 0x400
+	MNT_QUOTA                               = 0x2000
+	MNT_RDONLY                              = 0x1
+	MNT_RELOAD                              = 0x40000
+	MNT_REMOVABLE                           = 0x200
+	MNT_ROOTFS                              = 0x4000
+	MNT_SNAPSHOT                            = 0x40000000
+	MNT_STRICTATIME                         = 0x80000000
+	MNT_SYNCHRONOUS                         = 0x2
+	MNT_UNION                               = 0x20
+	MNT_UNKNOWNPERMISSIONS                  = 0x200000
+	MNT_UPDATE                              = 0x10000
+	MNT_VISFLAGMASK                         = 0xd7f0f7ff
+	MNT_WAIT                                = 0x1
+	MSG_CTRUNC                              = 0x20
+	MSG_DONTROUTE                           = 0x4
+	MSG_DONTWAIT                            = 0x80
+	MSG_EOF                                 = 0x100
+	MSG_EOR                                 = 0x8
+	MSG_FLUSH                               = 0x400
+	MSG_HAVEMORE                            = 0x2000
+	MSG_HOLD                                = 0x800
+	MSG_NEEDSA                              = 0x10000
+	MSG_NOSIGNAL                            = 0x80000
+	MSG_OOB                                 = 0x1
+	MSG_PEEK                                = 0x2
+	MSG_RCVMORE                             = 0x4000
+	MSG_SEND                                = 0x1000
+	MSG_TRUNC                               = 0x10
+	MSG_WAITALL                             = 0x40
+	MSG_WAITSTREAM                          = 0x200
+	MS_ASYNC                                = 0x1
+	MS_DEACTIVATE                           = 0x8
+	MS_INVALIDATE                           = 0x2
+	MS_KILLPAGES                            = 0x4
+	MS_SYNC                                 = 0x10
+	NAME_MAX                                = 0xff
+	NET_RT_DUMP                             = 0x1
+	NET_RT_DUMP2                            = 0x7
+	NET_RT_FLAGS                            = 0x2
+	NET_RT_FLAGS_PRIV                       = 0xa
+	NET_RT_IFLIST                           = 0x3
+	NET_RT_IFLIST2                          = 0x6
+	NET_RT_MAXID                            = 0xb
+	NET_RT_STAT                             = 0x4
+	NET_RT_TRASH                            = 0x5
+	NFDBITS                                 = 0x20
+	NL0                                     = 0x0
+	NL1                                     = 0x100
+	NL2                                     = 0x200
+	NL3                                     = 0x300
+	NLDLY                                   = 0x300
+	NOFLSH                                  = 0x80000000
+	NOKERNINFO                              = 0x2000000
+	NOTE_ABSOLUTE                           = 0x8
+	NOTE_ATTRIB                             = 0x8
+	NOTE_BACKGROUND                         = 0x40
+	NOTE_CHILD                              = 0x4
+	NOTE_CRITICAL                           = 0x20
+	NOTE_DELETE                             = 0x1
+	NOTE_EXEC                               = 0x20000000
+	NOTE_EXIT                               = 0x80000000
+	NOTE_EXITSTATUS                         = 0x4000000
+	NOTE_EXIT_CSERROR                       = 0x40000
+	NOTE_EXIT_DECRYPTFAIL                   = 0x10000
+	NOTE_EXIT_DETAIL                        = 0x2000000
+	NOTE_EXIT_DETAIL_MASK                   = 0x70000
+	NOTE_EXIT_MEMORY                        = 0x20000
+	NOTE_EXIT_REPARENTED                    = 0x80000
+	NOTE_EXTEND                             = 0x4
+	NOTE_FFAND                              = 0x40000000
+	NOTE_FFCOPY                             = 0xc0000000
+	NOTE_FFCTRLMASK                         = 0xc0000000
+	NOTE_FFLAGSMASK                         = 0xffffff
+	NOTE_FFNOP                              = 0x0
+	NOTE_FFOR                               = 0x80000000
+	NOTE_FORK                               = 0x40000000
+	NOTE_FUNLOCK                            = 0x100
+	NOTE_LEEWAY                             = 0x10
+	NOTE_LINK                               = 0x10
+	NOTE_LOWAT                              = 0x1
+	NOTE_MACHTIME                           = 0x100
+	NOTE_MACH_CONTINUOUS_TIME               = 0x80
+	NOTE_NONE                               = 0x80
+	NOTE_NSECONDS                           = 0x4
+	NOTE_OOB                                = 0x2
+	NOTE_PCTRLMASK                          = -0x100000
+	NOTE_PDATAMASK                          = 0xfffff
+	NOTE_REAP                               = 0x10000000
+	NOTE_RENAME                             = 0x20
+	NOTE_REVOKE                             = 0x40
+	NOTE_SECONDS                            = 0x1
+	NOTE_SIGNAL                             = 0x8000000
+	NOTE_TRACK                              = 0x1
+	NOTE_TRACKERR                           = 0x2
+	NOTE_TRIGGER                            = 0x1000000
+	NOTE_USECONDS                           = 0x2
+	NOTE_VM_ERROR                           = 0x10000000
+	NOTE_VM_PRESSURE                        = 0x80000000
+	NOTE_VM_PRESSURE_SUDDEN_TERMINATE       = 0x20000000
+	NOTE_VM_PRESSURE_TERMINATE              = 0x40000000
+	NOTE_WRITE                              = 0x2
+	OCRNL                                   = 0x10
+	OFDEL                                   = 0x20000
+	OFILL                                   = 0x80
+	ONLCR                                   = 0x2
+	ONLRET                                  = 0x40
+	ONOCR                                   = 0x20
+	ONOEOT                                  = 0x8
+	OPOST                                   = 0x1
+	OXTABS                                  = 0x4
+	O_ACCMODE                               = 0x3
+	O_ALERT                                 = 0x20000000
+	O_APPEND                                = 0x8
+	O_ASYNC                                 = 0x40
+	O_CLOEXEC                               = 0x1000000
+	O_CREAT                                 = 0x200
+	O_DIRECTORY                             = 0x100000
+	O_DP_GETRAWENCRYPTED                    = 0x1
+	O_DP_GETRAWUNENCRYPTED                  = 0x2
+	O_DSYNC                                 = 0x400000
+	O_EVTONLY                               = 0x8000
+	O_EXCL                                  = 0x800
+	O_EXLOCK                                = 0x20
+	O_FSYNC                                 = 0x80
+	O_NDELAY                                = 0x4
+	O_NOCTTY                                = 0x20000
+	O_NOFOLLOW                              = 0x100
+	O_NOFOLLOW_ANY                          = 0x20000000
+	O_NONBLOCK                              = 0x4
+	O_POPUP                                 = 0x80000000
+	O_RDONLY                                = 0x0
+	O_RDWR                                  = 0x2
+	O_SHLOCK                                = 0x10
+	O_SYMLINK                               = 0x200000
+	O_SYNC                                  = 0x80
+	O_TRUNC                                 = 0x400
+	O_WRONLY                                = 0x1
+	PARENB                                  = 0x1000
+	PARMRK                                  = 0x8
+	PARODD                                  = 0x2000
+	PENDIN                                  = 0x20000000
+	PRIO_PGRP                               = 0x1
+	PRIO_PROCESS                            = 0x0
+	PRIO_USER                               = 0x2
+	PROT_EXEC                               = 0x4
+	PROT_NONE                               = 0x0
+	PROT_READ                               = 0x1
+	PROT_WRITE                              = 0x2
+	PT_ATTACH                               = 0xa
+	PT_ATTACHEXC                            = 0xe
+	PT_CONTINUE                             = 0x7
+	PT_DENY_ATTACH                          = 0x1f
+	PT_DETACH                               = 0xb
+	PT_FIRSTMACH                            = 0x20
+	PT_FORCEQUOTA                           = 0x1e
+	PT_KILL                                 = 0x8
+	PT_READ_D                               = 0x2
+	PT_READ_I                               = 0x1
+	PT_READ_U                               = 0x3
+	PT_SIGEXC                               = 0xc
+	PT_STEP                                 = 0x9
+	PT_THUPDATE                             = 0xd
+	PT_TRACE_ME                             = 0x0
+	PT_WRITE_D                              = 0x5
+	PT_WRITE_I                              = 0x4
+	PT_WRITE_U                              = 0x6
+	RLIMIT_AS                               = 0x5
+	RLIMIT_CORE                             = 0x4
+	RLIMIT_CPU                              = 0x0
+	RLIMIT_CPU_USAGE_MONITOR                = 0x2
+	RLIMIT_DATA                             = 0x2
+	RLIMIT_FSIZE                            = 0x1
+	RLIMIT_MEMLOCK                          = 0x6
+	RLIMIT_NOFILE                           = 0x8
+	RLIMIT_NPROC                            = 0x7
+	RLIMIT_RSS                              = 0x5
+	RLIMIT_STACK                            = 0x3
+	RLIM_INFINITY                           = 0x7fffffffffffffff
+	RTAX_AUTHOR                             = 0x6
+	RTAX_BRD                                = 0x7
+	RTAX_DST                                = 0x0
+	RTAX_GATEWAY                            = 0x1
+	RTAX_GENMASK                            = 0x3
+	RTAX_IFA                                = 0x5
+	RTAX_IFP                                = 0x4
+	RTAX_MAX                                = 0x8
+	RTAX_NETMASK                            = 0x2
+	RTA_AUTHOR                              = 0x40
+	RTA_BRD                                 = 0x80
+	RTA_DST                                 = 0x1
+	RTA_GATEWAY                             = 0x2
+	RTA_GENMASK                             = 0x8
+	RTA_IFA                                 = 0x20
+	RTA_IFP                                 = 0x10
+	RTA_NETMASK                             = 0x4
+	RTF_BLACKHOLE                           = 0x1000
+	RTF_BROADCAST                           = 0x400000
+	RTF_CLONING                             = 0x100
+	RTF_CONDEMNED                           = 0x2000000
+	RTF_DEAD                                = 0x20000000
+	RTF_DELCLONE                            = 0x80
+	RTF_DONE                                = 0x40
+	RTF_DYNAMIC                             = 0x10
+	RTF_GATEWAY                             = 0x2
+	RTF_GLOBAL                              = 0x40000000
+	RTF_HOST                                = 0x4
+	RTF_IFREF                               = 0x4000000
+	RTF_IFSCOPE                             = 0x1000000
+	RTF_LLDATA                              = 0x400
+	RTF_LLINFO                              = 0x400
+	RTF_LOCAL                               = 0x200000
+	RTF_MODIFIED                            = 0x20
+	RTF_MULTICAST                           = 0x800000
+	RTF_NOIFREF                             = 0x2000
+	RTF_PINNED                              = 0x100000
+	RTF_PRCLONING                           = 0x10000
+	RTF_PROTO1                              = 0x8000
+	RTF_PROTO2                              = 0x4000
+	RTF_PROTO3                              = 0x40000
+	RTF_PROXY                               = 0x8000000
+	RTF_REJECT                              = 0x8
+	RTF_ROUTER                              = 0x10000000
+	RTF_STATIC                              = 0x800
+	RTF_UP                                  = 0x1
+	RTF_WASCLONED                           = 0x20000
+	RTF_XRESOLVE                            = 0x200
+	RTM_ADD                                 = 0x1
+	RTM_CHANGE                              = 0x3
+	RTM_DELADDR                             = 0xd
+	RTM_DELETE                              = 0x2
+	RTM_DELMADDR                            = 0x10
+	RTM_GET                                 = 0x4
+	RTM_GET2                                = 0x14
+	RTM_IFINFO                              = 0xe
+	RTM_IFINFO2                             = 0x12
+	RTM_LOCK                                = 0x8
+	RTM_LOSING                              = 0x5
+	RTM_MISS                                = 0x7
+	RTM_NEWADDR                             = 0xc
+	RTM_NEWMADDR                            = 0xf
+	RTM_NEWMADDR2                           = 0x13
+	RTM_OLDADD                              = 0x9
+	RTM_OLDDEL                              = 0xa
+	RTM_REDIRECT                            = 0x6
+	RTM_RESOLVE                             = 0xb
+	RTM_RTTUNIT                             = 0xf4240
+	RTM_VERSION                             = 0x5
+	RTV_EXPIRE                              = 0x4
+	RTV_HOPCOUNT                            = 0x2
+	RTV_MTU                                 = 0x1
+	RTV_RPIPE                               = 0x8
+	RTV_RTT                                 = 0x40
+	RTV_RTTVAR                              = 0x80
+	RTV_SPIPE                               = 0x10
+	RTV_SSTHRESH                            = 0x20
+	RUSAGE_CHILDREN                         = -0x1
+	RUSAGE_SELF                             = 0x0
+	SCM_CREDS                               = 0x3
+	SCM_RIGHTS                              = 0x1
+	SCM_TIMESTAMP                           = 0x2
+	SCM_TIMESTAMP_MONOTONIC                 = 0x4
+	SEEK_CUR                                = 0x1
+	SEEK_DATA                               = 0x4
+	SEEK_END                                = 0x2
+	SEEK_HOLE                               = 0x3
+	SEEK_SET                                = 0x0
+	SHUT_RD                                 = 0x0
+	SHUT_RDWR                               = 0x2
+	SHUT_WR                                 = 0x1
+	SIOCADDMULTI                            = 0x80206931
+	SIOCAIFADDR                             = 0x8040691a
+	SIOCARPIPLL                             = 0xc0206928
+	SIOCATMARK                              = 0x40047307
+	SIOCAUTOADDR                            = 0xc0206926
+	SIOCAUTONETMASK                         = 0x80206927
+	SIOCDELMULTI                            = 0x80206932
+	SIOCDIFADDR                             = 0x80206919
+	SIOCDIFPHYADDR                          = 0x80206941
+	SIOCGDRVSPEC                            = 0xc028697b
+	SIOCGETVLAN                             = 0xc020697f
+	SIOCGHIWAT                              = 0x40047301
+	SIOCGIF6LOWPAN                          = 0xc02069c5
+	SIOCGIFADDR                             = 0xc0206921
+	SIOCGIFALTMTU                           = 0xc0206948
+	SIOCGIFASYNCMAP                         = 0xc020697c
+	SIOCGIFBOND                             = 0xc0206947
+	SIOCGIFBRDADDR                          = 0xc0206923
+	SIOCGIFCAP                              = 0xc020695b
+	SIOCGIFCONF                             = 0xc00c6924
+	SIOCGIFDEVMTU                           = 0xc0206944
+	SIOCGIFDSTADDR                          = 0xc0206922
+	SIOCGIFFLAGS                            = 0xc0206911
+	SIOCGIFFUNCTIONALTYPE                   = 0xc02069ad
+	SIOCGIFGENERIC                          = 0xc020693a
+	SIOCGIFKPI                              = 0xc0206987
+	SIOCGIFMAC                              = 0xc0206982
+	SIOCGIFMEDIA                            = 0xc02c6938
+	SIOCGIFMETRIC                           = 0xc0206917
+	SIOCGIFMTU                              = 0xc0206933
+	SIOCGIFNETMASK                          = 0xc0206925
+	SIOCGIFPDSTADDR                         = 0xc0206940
+	SIOCGIFPHYS                             = 0xc0206935
+	SIOCGIFPSRCADDR                         = 0xc020693f
+	SIOCGIFSTATUS                           = 0xc331693d
+	SIOCGIFVLAN                             = 0xc020697f
+	SIOCGIFWAKEFLAGS                        = 0xc0206988
+	SIOCGIFXMEDIA                           = 0xc02c6948
+	SIOCGLOWAT                              = 0x40047303
+	SIOCGPGRP                               = 0x40047309
+	SIOCIFCREATE                            = 0xc0206978
+	SIOCIFCREATE2                           = 0xc020697a
+	SIOCIFDESTROY                           = 0x80206979
+	SIOCIFGCLONERS                          = 0xc0106981
+	SIOCRSLVMULTI                           = 0xc010693b
+	SIOCSDRVSPEC                            = 0x8028697b
+	SIOCSETVLAN                             = 0x8020697e
+	SIOCSHIWAT                              = 0x80047300
+	SIOCSIF6LOWPAN                          = 0x802069c4
+	SIOCSIFADDR                             = 0x8020690c
+	SIOCSIFALTMTU                           = 0x80206945
+	SIOCSIFASYNCMAP                         = 0x8020697d
+	SIOCSIFBOND                             = 0x80206946
+	SIOCSIFBRDADDR                          = 0x80206913
+	SIOCSIFCAP                              = 0x8020695a
+	SIOCSIFDSTADDR                          = 0x8020690e
+	SIOCSIFFLAGS                            = 0x80206910
+	SIOCSIFGENERIC                          = 0x80206939
+	SIOCSIFKPI                              = 0x80206986
+	SIOCSIFLLADDR                           = 0x8020693c
+	SIOCSIFMAC                              = 0x80206983
+	SIOCSIFMEDIA                            = 0xc0206937
+	SIOCSIFMETRIC                           = 0x80206918
+	SIOCSIFMTU                              = 0x80206934
+	SIOCSIFNETMASK                          = 0x80206916
+	SIOCSIFPHYADDR                          = 0x8040693e
+	SIOCSIFPHYS                             = 0x80206936
+	SIOCSIFVLAN                             = 0x8020697e
+	SIOCSLOWAT                              = 0x80047302
+	SIOCSPGRP                               = 0x80047308
+	SOCK_DGRAM                              = 0x2
+	SOCK_MAXADDRLEN                         = 0xff
+	SOCK_RAW                                = 0x3
+	SOCK_RDM                                = 0x4
+	SOCK_SEQPACKET                          = 0x5
+	SOCK_STREAM                             = 0x1
+	SOL_LOCAL                               = 0x0
+	SOL_SOCKET                              = 0xffff
+	SOMAXCONN                               = 0x80
+	SO_ACCEPTCONN                           = 0x2
+	SO_BROADCAST                            = 0x20
+	SO_DEBUG                                = 0x1
+	SO_DONTROUTE                            = 0x10
+	SO_DONTTRUNC                            = 0x2000
+	SO_ERROR                                = 0x1007
+	SO_KEEPALIVE                            = 0x8
+	SO_LABEL                                = 0x1010
+	SO_LINGER                               = 0x80
+	SO_LINGER_SEC                           = 0x1080
+	SO_NETSVC_MARKING_LEVEL                 = 0x1119
+	SO_NET_SERVICE_TYPE                     = 0x1116
+	SO_NKE                                  = 0x1021
+	SO_NOADDRERR                            = 0x1023
+	SO_NOSIGPIPE                            = 0x1022
+	SO_NOTIFYCONFLICT                       = 0x1026
+	SO_NP_EXTENSIONS                        = 0x1083
+	SO_NREAD                                = 0x1020
+	SO_NUMRCVPKT                            = 0x1112
+	SO_NWRITE                               = 0x1024
+	SO_OOBINLINE                            = 0x100
+	SO_PEERLABEL                            = 0x1011
+	SO_RANDOMPORT                           = 0x1082
+	SO_RCVBUF                               = 0x1002
+	SO_RCVLOWAT                             = 0x1004
+	SO_RCVTIMEO                             = 0x1006
+	SO_REUSEADDR                            = 0x4
+	SO_REUSEPORT                            = 0x200
+	SO_REUSESHAREUID                        = 0x1025
+	SO_SNDBUF                               = 0x1001
+	SO_SNDLOWAT                             = 0x1003
+	SO_SNDTIMEO                             = 0x1005
+	SO_TIMESTAMP                            = 0x400
+	SO_TIMESTAMP_MONOTONIC                  = 0x800
+	SO_TRACKER_ATTRIBUTE_FLAGS_APP_APPROVED = 0x1
+	SO_TRACKER_ATTRIBUTE_FLAGS_DOMAIN_SHORT = 0x4
+	SO_TRACKER_ATTRIBUTE_FLAGS_TRACKER      = 0x2
+	SO_TRACKER_TRANSPARENCY_VERSION         = 0x3
+	SO_TYPE                                 = 0x1008
+	SO_UPCALLCLOSEWAIT                      = 0x1027
+	SO_USELOOPBACK                          = 0x40
+	SO_WANTMORE                             = 0x4000
+	SO_WANTOOBFLAG                          = 0x8000
+	S_IEXEC                                 = 0x40
+	S_IFBLK                                 = 0x6000
+	S_IFCHR                                 = 0x2000
+	S_IFDIR                                 = 0x4000
+	S_IFIFO                                 = 0x1000
+	S_IFLNK                                 = 0xa000
+	S_IFMT                                  = 0xf000
+	S_IFREG                                 = 0x8000
+	S_IFSOCK                                = 0xc000
+	S_IFWHT                                 = 0xe000
+	S_IREAD                                 = 0x100
+	S_IRGRP                                 = 0x20
+	S_IROTH                                 = 0x4
+	S_IRUSR                                 = 0x100
+	S_IRWXG                                 = 0x38
+	S_IRWXO                                 = 0x7
+	S_IRWXU                                 = 0x1c0
+	S_ISGID                                 = 0x400
+	S_ISTXT                                 = 0x200
+	S_ISUID                                 = 0x800
+	S_ISVTX                                 = 0x200
+	S_IWGRP                                 = 0x10
+	S_IWOTH                                 = 0x2
+	S_IWRITE                                = 0x80
+	S_IWUSR                                 = 0x80
+	S_IXGRP                                 = 0x8
+	S_IXOTH                                 = 0x1
+	S_IXUSR                                 = 0x40
+	TAB0                                    = 0x0
+	TAB1                                    = 0x400
+	TAB2                                    = 0x800
+	TAB3                                    = 0x4
+	TABDLY                                  = 0xc04
+	TCIFLUSH                                = 0x1
+	TCIOFF                                  = 0x3
+	TCIOFLUSH                               = 0x3
+	TCION                                   = 0x4
+	TCOFLUSH                                = 0x2
+	TCOOFF                                  = 0x1
+	TCOON                                   = 0x2
+	TCPOPT_CC                               = 0xb
+	TCPOPT_CCECHO                           = 0xd
+	TCPOPT_CCNEW                            = 0xc
+	TCPOPT_EOL                              = 0x0
+	TCPOPT_FASTOPEN                         = 0x22
+	TCPOPT_MAXSEG                           = 0x2
+	TCPOPT_NOP                              = 0x1
+	TCPOPT_SACK                             = 0x5
+	TCPOPT_SACK_HDR                         = 0x1010500
+	TCPOPT_SACK_PERMITTED                   = 0x4
+	TCPOPT_SACK_PERMIT_HDR                  = 0x1010402
+	TCPOPT_SIGNATURE                        = 0x13
+	TCPOPT_TIMESTAMP                        = 0x8
+	TCPOPT_TSTAMP_HDR                       = 0x101080a
+	TCPOPT_WINDOW                           = 0x3
+	TCP_CONNECTIONTIMEOUT                   = 0x20
+	TCP_CONNECTION_INFO                     = 0x106
+	TCP_ENABLE_ECN                          = 0x104
+	TCP_FASTOPEN                            = 0x105
+	TCP_KEEPALIVE                           = 0x10
+	TCP_KEEPCNT                             = 0x102
+	TCP_KEEPINTVL                           = 0x101
+	TCP_MAXHLEN                             = 0x3c
+	TCP_MAXOLEN                             = 0x28
+	TCP_MAXSEG                              = 0x2
+	TCP_MAXWIN                              = 0xffff
+	TCP_MAX_SACK                            = 0x4
+	TCP_MAX_WINSHIFT                        = 0xe
+	TCP_MINMSS                              = 0xd8
+	TCP_MSS                                 = 0x200
+	TCP_NODELAY                             = 0x1
+	TCP_NOOPT                               = 0x8
+	TCP_NOPUSH                              = 0x4
+	TCP_NOTSENT_LOWAT                       = 0x201
+	TCP_RXT_CONNDROPTIME                    = 0x80
+	TCP_RXT_FINDROP                         = 0x100
+	TCP_SENDMOREACKS                        = 0x103
+	TCSAFLUSH                               = 0x2
+	TIOCCBRK                                = 0x2000747a
+	TIOCCDTR                                = 0x20007478
+	TIOCCONS                                = 0x80047462
+	TIOCDCDTIMESTAMP                        = 0x40107458
+	TIOCDRAIN                               = 0x2000745e
+	TIOCDSIMICROCODE                        = 0x20007455
+	TIOCEXCL                                = 0x2000740d
+	TIOCEXT                                 = 0x80047460
+	TIOCFLUSH                               = 0x80047410
+	TIOCGDRAINWAIT                          = 0x40047456
+	TIOCGETA                                = 0x40487413
+	TIOCGETD                                = 0x4004741a
+	TIOCGPGRP                               = 0x40047477
+	TIOCGWINSZ                              = 0x40087468
+	TIOCIXOFF                               = 0x20007480
+	TIOCIXON                                = 0x20007481
+	TIOCMBIC                                = 0x8004746b
+	TIOCMBIS                                = 0x8004746c
+	TIOCMGDTRWAIT                           = 0x4004745a
+	TIOCMGET                                = 0x4004746a
+	TIOCMODG                                = 0x40047403
+	TIOCMODS                                = 0x80047404
+	TIOCMSDTRWAIT                           = 0x8004745b
+	TIOCMSET                                = 0x8004746d
+	TIOCM_CAR                               = 0x40
+	TIOCM_CD                                = 0x40
+	TIOCM_CTS                               = 0x20
+	TIOCM_DSR                               = 0x100
+	TIOCM_DTR                               = 0x2
+	TIOCM_LE                                = 0x1
+	TIOCM_RI                                = 0x80
+	TIOCM_RNG                               = 0x80
+	TIOCM_RTS                               = 0x4
+	TIOCM_SR                                = 0x10
+	TIOCM_ST                                = 0x8
+	TIOCNOTTY                               = 0x20007471
+	TIOCNXCL                                = 0x2000740e
+	TIOCOUTQ                                = 0x40047473
+	TIOCPKT                                 = 0x80047470
+	TIOCPKT_DATA                            = 0x0
+	TIOCPKT_DOSTOP                          = 0x20
+	TIOCPKT_FLUSHREAD                       = 0x1
+	TIOCPKT_FLUSHWRITE                      = 0x2
+	TIOCPKT_IOCTL                           = 0x40
+	TIOCPKT_NOSTOP                          = 0x10
+	TIOCPKT_START                           = 0x8
+	TIOCPKT_STOP                            = 0x4
+	TIOCPTYGNAME                            = 0x40807453
+	TIOCPTYGRANT                            = 0x20007454
+	TIOCPTYUNLK                             = 0x20007452
+	TIOCREMOTE                              = 0x80047469
+	TIOCSBRK                                = 0x2000747b
+	TIOCSCONS                               = 0x20007463
+	TIOCSCTTY                               = 0x20007461
+	TIOCSDRAINWAIT                          = 0x80047457
+	TIOCSDTR                                = 0x20007479
+	TIOCSETA                                = 0x80487414
+	TIOCSETAF                               = 0x80487416
+	TIOCSETAW                               = 0x80487415
+	TIOCSETD                                = 0x8004741b
+	TIOCSIG                                 = 0x2000745f
+	TIOCSPGRP                               = 0x80047476
+	TIOCSTART                               = 0x2000746e
+	TIOCSTAT                                = 0x20007465
+	TIOCSTI                                 = 0x80017472
+	TIOCSTOP                                = 0x2000746f
+	TIOCSWINSZ                              = 0x80087467
+	TIOCTIMESTAMP                           = 0x40107459
+	TIOCUCNTL                               = 0x80047466
+	TOSTOP                                  = 0x400000
+	VDISCARD                                = 0xf
+	VDSUSP                                  = 0xb
+	VEOF                                    = 0x0
+	VEOL                                    = 0x1
+	VEOL2                                   = 0x2
+	VERASE                                  = 0x3
+	VINTR                                   = 0x8
+	VKILL                                   = 0x5
+	VLNEXT                                  = 0xe
+	VMADDR_CID_ANY                          = 0xffffffff
+	VMADDR_CID_HOST                         = 0x2
+	VMADDR_CID_HYPERVISOR                   = 0x0
+	VMADDR_CID_RESERVED                     = 0x1
+	VMADDR_PORT_ANY                         = 0xffffffff
+	VMIN                                    = 0x10
+	VM_LOADAVG                              = 0x2
+	VM_MACHFACTOR                           = 0x4
+	VM_MAXID                                = 0x6
+	VM_METER                                = 0x1
+	VM_SWAPUSAGE                            = 0x5
+	VQUIT                                   = 0x9
+	VREPRINT                                = 0x6
+	VSTART                                  = 0xc
+	VSTATUS                                 = 0x12
+	VSTOP                                   = 0xd
+	VSUSP                                   = 0xa
+	VT0                                     = 0x0
+	VT1                                     = 0x10000
+	VTDLY                                   = 0x10000
+	VTIME                                   = 0x11
+	VWERASE                                 = 0x4
+	WCONTINUED                              = 0x10
+	WCOREFLAG                               = 0x80
+	WEXITED                                 = 0x4
+	WNOHANG                                 = 0x1
+	WNOWAIT                                 = 0x20
+	WORDSIZE                                = 0x40
+	WSTOPPED                                = 0x8
+	WUNTRACED                               = 0x2
+	XATTR_CREATE                            = 0x2
+	XATTR_NODEFAULT                         = 0x10
+	XATTR_NOFOLLOW                          = 0x1
+	XATTR_NOSECURITY                        = 0x8
+	XATTR_REPLACE                           = 0x4
+	XATTR_SHOWCOMPRESSION                   = 0x20
 )
 
 // Errors
diff --git a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
index 46a082b6d59f2..17bba0e44f9e4 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && dragonfly
 // +build amd64,dragonfly
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -62,6 +63,7 @@ const (
 	B28800                            = 0x7080
 	B300                              = 0x12c
 	B38400                            = 0x9600
+	B460800                           = 0x70800
 	B4800                             = 0x12c0
 	B50                               = 0x32
 	B57600                            = 0xe100
@@ -69,12 +71,15 @@ const (
 	B7200                             = 0x1c20
 	B75                               = 0x4b
 	B76800                            = 0x12c00
+	B921600                           = 0xe1000
 	B9600                             = 0x2580
+	BIOCFEEDBACK                      = 0x8004427d
 	BIOCFLUSH                         = 0x20004268
 	BIOCGBLEN                         = 0x40044266
 	BIOCGDLT                          = 0x4004426a
 	BIOCGDLTLIST                      = 0xc0104279
 	BIOCGETIF                         = 0x4020426b
+	BIOCGFEEDBACK                     = 0x4004427c
 	BIOCGHDRCMPLT                     = 0x40044274
 	BIOCGRSIG                         = 0x40044272
 	BIOCGRTIMEOUT                     = 0x4010426e
@@ -88,6 +93,7 @@ const (
 	BIOCSETF                          = 0x80104267
 	BIOCSETIF                         = 0x8020426c
 	BIOCSETWF                         = 0x8010427b
+	BIOCSFEEDBACK                     = 0x8004427d
 	BIOCSHDRCMPLT                     = 0x80044275
 	BIOCSRSIG                         = 0x80044273
 	BIOCSRTIMEOUT                     = 0x8010426d
@@ -125,6 +131,7 @@ const (
 	BPF_MINBUFSIZE                    = 0x20
 	BPF_MINOR_VERSION                 = 0x1
 	BPF_MISC                          = 0x7
+	BPF_MOD                           = 0x90
 	BPF_MSH                           = 0xa0
 	BPF_MUL                           = 0x20
 	BPF_NEG                           = 0x80
@@ -139,6 +146,7 @@ const (
 	BPF_TXA                           = 0x80
 	BPF_W                             = 0x0
 	BPF_X                             = 0x8
+	BPF_XOR                           = 0xa0
 	BRKINT                            = 0x2
 	CFLUSH                            = 0xf
 	CLOCAL                            = 0x8000
@@ -156,6 +164,12 @@ const (
 	CLOCK_UPTIME_FAST                 = 0x8
 	CLOCK_UPTIME_PRECISE              = 0x7
 	CLOCK_VIRTUAL                     = 0x1
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
 	CREAD                             = 0x800
 	CRTSCTS                           = 0x30000
 	CS5                               = 0x0
@@ -175,6 +189,7 @@ const (
 	DLT_A429                          = 0xb8
 	DLT_A653_ICM                      = 0xb9
 	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
 	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
 	DLT_ARCNET                        = 0x7
 	DLT_ARCNET_LINUX                  = 0x81
@@ -184,22 +199,33 @@ const (
 	DLT_AX25                          = 0x3
 	DLT_AX25_KISS                     = 0xca
 	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_BREDR_BB            = 0xff
 	DLT_BLUETOOTH_HCI_H4              = 0xbb
 	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_BLUETOOTH_LE_LL               = 0xfb
+	DLT_BLUETOOTH_LE_LL_WITH_PHDR     = 0x100
+	DLT_BLUETOOTH_LINUX_MONITOR       = 0xfe
 	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
 	DLT_CHAOS                         = 0x5
 	DLT_CHDLC                         = 0x68
 	DLT_CISCO_IOS                     = 0x76
 	DLT_C_HDLC                        = 0x68
 	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DBUS                          = 0xe7
+	DLT_DECT                          = 0xdd
 	DLT_DOCSIS                        = 0x8f
+	DLT_DVB_CI                        = 0xeb
 	DLT_ECONET                        = 0x73
 	DLT_EN10MB                        = 0x1
 	DLT_EN3MB                         = 0x2
 	DLT_ENC                           = 0x6d
+	DLT_EPON                          = 0x103
 	DLT_ERF                           = 0xc5
 	DLT_ERF_ETH                       = 0xaf
 	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
 	DLT_FDDI                          = 0xa
 	DLT_FLEXRAY                       = 0xd2
 	DLT_FRELAY                        = 0x6b
@@ -209,6 +235,8 @@ const (
 	DLT_GPF_F                         = 0xab
 	DLT_GPF_T                         = 0xaa
 	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
 	DLT_HHDLC                         = 0x79
 	DLT_IBM_SN                        = 0x92
 	DLT_IBM_SP                        = 0x91
@@ -218,18 +246,28 @@ const (
 	DLT_IEEE802_11_RADIO_AVS          = 0xa3
 	DLT_IEEE802_15_4                  = 0xc3
 	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NOFCS            = 0xe6
 	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
 	DLT_IEEE802_16_MAC_CPS            = 0xbc
 	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_INFINIBAND                    = 0xf7
 	DLT_IPFILTER                      = 0x74
 	DLT_IPMB                          = 0xc7
 	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPMI_HPM_2                    = 0x104
+	DLT_IPNET                         = 0xe2
+	DLT_IPOIB                         = 0xf2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
 	DLT_IP_OVER_FC                    = 0x7a
+	DLT_ISO_14443                     = 0x108
 	DLT_JUNIPER_ATM1                  = 0x89
 	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_ATM_CEMIC             = 0xee
 	DLT_JUNIPER_CHDLC                 = 0xb5
 	DLT_JUNIPER_ES                    = 0x84
 	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL          = 0xea
 	DLT_JUNIPER_FRELAY                = 0xb4
 	DLT_JUNIPER_GGSN                  = 0x85
 	DLT_JUNIPER_ISM                   = 0xc2
@@ -242,25 +280,40 @@ const (
 	DLT_JUNIPER_PPPOE                 = 0xa7
 	DLT_JUNIPER_PPPOE_ATM             = 0xa8
 	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_SRX_E2E               = 0xe9
 	DLT_JUNIPER_ST                    = 0xc8
 	DLT_JUNIPER_VP                    = 0xb7
+	DLT_JUNIPER_VS                    = 0xe8
 	DLT_LAPB_WITH_DIR                 = 0xcf
 	DLT_LAPD                          = 0xcb
 	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
 	DLT_LINUX_IRDA                    = 0x90
 	DLT_LINUX_LAPD                    = 0xb1
 	DLT_LINUX_SLL                     = 0x71
 	DLT_LOOP                          = 0x6c
 	DLT_LTALK                         = 0x72
+	DLT_MATCHING_MAX                  = 0x109
+	DLT_MATCHING_MIN                  = 0x68
 	DLT_MFR                           = 0xb6
 	DLT_MOST                          = 0xd3
+	DLT_MPEG_2_TS                     = 0xf3
+	DLT_MPLS                          = 0xdb
 	DLT_MTP2                          = 0x8c
 	DLT_MTP2_WITH_PHDR                = 0x8b
 	DLT_MTP3                          = 0x8d
+	DLT_MUX27010                      = 0xec
+	DLT_NETANALYZER                   = 0xf0
+	DLT_NETANALYZER_TRANSPARENT       = 0xf1
+	DLT_NETLINK                       = 0xfd
+	DLT_NFC_LLCP                      = 0xf5
+	DLT_NFLOG                         = 0xef
+	DLT_NG40                          = 0xf4
 	DLT_NULL                          = 0x0
 	DLT_PCI_EXP                       = 0x7d
 	DLT_PFLOG                         = 0x75
 	DLT_PFSYNC                        = 0x12
+	DLT_PKTAP                         = 0x102
 	DLT_PPI                           = 0xc0
 	DLT_PPP                           = 0x9
 	DLT_PPP_BSDOS                     = 0x10
@@ -269,22 +322,51 @@ const (
 	DLT_PPP_SERIAL                    = 0x32
 	DLT_PPP_WITH_DIR                  = 0xcc
 	DLT_PRISM_HEADER                  = 0x77
+	DLT_PROFIBUS_DL                   = 0x101
 	DLT_PRONET                        = 0x4
 	DLT_RAIF1                         = 0xc6
 	DLT_RAW                           = 0xc
+	DLT_RDS                           = 0x109
 	DLT_REDBACK_SMARTEDGE             = 0x20
 	DLT_RIO                           = 0x7c
+	DLT_RTAC_SERIAL                   = 0xfa
 	DLT_SCCP                          = 0x8e
+	DLT_SCTP                          = 0xf8
 	DLT_SITA                          = 0xc4
 	DLT_SLIP                          = 0x8
 	DLT_SLIP_BSDOS                    = 0xf
+	DLT_STANAG_5066_D_PDU             = 0xed
 	DLT_SUNATM                        = 0x7b
 	DLT_SYMANTEC_FIREWALL             = 0x63
 	DLT_TZSP                          = 0x80
 	DLT_USB                           = 0xba
+	DLT_USBPCAP                       = 0xf9
+	DLT_USB_FREEBSD                   = 0xba
 	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DLT_WATTSTOPPER_DLM               = 0x107
+	DLT_WIHART                        = 0xdf
+	DLT_WIRESHARK_UPPER_PDU           = 0xfc
 	DLT_X2E_SERIAL                    = 0xd5
 	DLT_X2E_XORAYA                    = 0xd6
+	DLT_ZWAVE_R1_R2                   = 0x105
+	DLT_ZWAVE_R3                      = 0x106
 	DT_BLK                            = 0x6
 	DT_CHR                            = 0x2
 	DT_DBF                            = 0xf
@@ -323,10 +405,11 @@ const (
 	EV_EOF                            = 0x8000
 	EV_ERROR                          = 0x4000
 	EV_FLAG1                          = 0x2000
+	EV_HUP                            = 0x800
 	EV_NODATA                         = 0x1000
 	EV_ONESHOT                        = 0x10
 	EV_RECEIPT                        = 0x40
-	EV_SYSFLAGS                       = 0xf000
+	EV_SYSFLAGS                       = 0xf800
 	EXTA                              = 0x4b00
 	EXTB                              = 0x9600
 	EXTEXIT_LWP                       = 0x10000
@@ -365,8 +448,9 @@ const (
 	IFF_ALLMULTI                      = 0x200
 	IFF_ALTPHYS                       = 0x4000
 	IFF_BROADCAST                     = 0x2
-	IFF_CANTCHANGE                    = 0x118e72
+	IFF_CANTCHANGE                    = 0x318e72
 	IFF_DEBUG                         = 0x4
+	IFF_IDIRECT                       = 0x200000
 	IFF_LINK0                         = 0x1000
 	IFF_LINK1                         = 0x2000
 	IFF_LINK2                         = 0x4000
@@ -441,7 +525,6 @@ const (
 	IFT_EPLRS                         = 0x57
 	IFT_ESCON                         = 0x49
 	IFT_ETHER                         = 0x6
-	IFT_FAITH                         = 0xf2
 	IFT_FAST                          = 0x7d
 	IFT_FASTETHER                     = 0x3e
 	IFT_FASTETHERFX                   = 0x45
@@ -614,6 +697,7 @@ const (
 	IN_CLASSD_NET                     = 0xf0000000
 	IN_CLASSD_NSHIFT                  = 0x1c
 	IN_LOOPBACKNET                    = 0x7f
+	IN_RFC3021_MASK                   = 0xfffffffe
 	IPPROTO_3PC                       = 0x22
 	IPPROTO_ADFS                      = 0x44
 	IPPROTO_AH                        = 0x33
@@ -735,7 +819,6 @@ const (
 	IPV6_DEFHLIM                      = 0x40
 	IPV6_DONTFRAG                     = 0x3e
 	IPV6_DSTOPTS                      = 0x32
-	IPV6_FAITH                        = 0x1d
 	IPV6_FLOWINFO_MASK                = 0xffffff0f
 	IPV6_FLOWLABEL_MASK               = 0xffff0f00
 	IPV6_FRAGTTL                      = 0x78
@@ -747,7 +830,6 @@ const (
 	IPV6_HLIMDEC                      = 0x1
 	IPV6_HOPLIMIT                     = 0x2f
 	IPV6_HOPOPTS                      = 0x31
-	IPV6_IPSEC_POLICY                 = 0x1c
 	IPV6_JOIN_GROUP                   = 0xc
 	IPV6_LEAVE_GROUP                  = 0xd
 	IPV6_MAXHLIM                      = 0xff
@@ -795,16 +877,22 @@ const (
 	IP_DUMMYNET_DEL                   = 0x3d
 	IP_DUMMYNET_FLUSH                 = 0x3e
 	IP_DUMMYNET_GET                   = 0x40
-	IP_FAITH                          = 0x16
 	IP_FW_ADD                         = 0x32
 	IP_FW_DEL                         = 0x33
 	IP_FW_FLUSH                       = 0x34
 	IP_FW_GET                         = 0x36
 	IP_FW_RESETLOG                    = 0x37
+	IP_FW_TBL_ADD                     = 0x2a
+	IP_FW_TBL_CREATE                  = 0x28
+	IP_FW_TBL_DEL                     = 0x2b
+	IP_FW_TBL_DESTROY                 = 0x29
+	IP_FW_TBL_EXPIRE                  = 0x2f
+	IP_FW_TBL_FLUSH                   = 0x2c
+	IP_FW_TBL_GET                     = 0x2d
+	IP_FW_TBL_ZERO                    = 0x2e
 	IP_FW_X                           = 0x31
 	IP_FW_ZERO                        = 0x35
 	IP_HDRINCL                        = 0x2
-	IP_IPSEC_POLICY                   = 0x15
 	IP_MAXPACKET                      = 0xffff
 	IP_MAX_MEMBERSHIPS                = 0x14
 	IP_MF                             = 0x2000
@@ -880,6 +968,40 @@ const (
 	MAP_VPAGETABLE                    = 0x2000
 	MCL_CURRENT                       = 0x1
 	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_AUTOMOUNTED                   = 0x20
+	MNT_CMDFLAGS                      = 0xf0000
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_EXKERB                        = 0x800
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x20000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_IGNORE                        = 0x800000
+	MNT_LAZY                          = 0x4
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x10000000
+	MNT_NOCLUSTERR                    = 0x40000000
+	MNT_NOCLUSTERW                    = 0x80000000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOSYMFOLLOW                   = 0x400000
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x200000
+	MNT_SUIDDIR                       = 0x100000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_TRIM                          = 0x1000000
+	MNT_UPDATE                        = 0x10000
+	MNT_USER                          = 0x8000
+	MNT_VISFLAGMASK                   = 0xf1f0ffff
+	MNT_WAIT                          = 0x1
 	MSG_CMSG_CLOEXEC                  = 0x1000
 	MSG_CTRUNC                        = 0x20
 	MSG_DONTROUTE                     = 0x4
@@ -904,6 +1026,7 @@ const (
 	NET_RT_FLAGS                      = 0x2
 	NET_RT_IFLIST                     = 0x3
 	NET_RT_MAXID                      = 0x4
+	NFDBITS                           = 0x40
 	NOFLSH                            = 0x80000000
 	NOKERNINFO                        = 0x2000000
 	NOTE_ATTRIB                       = 0x8
@@ -1045,12 +1168,10 @@ const (
 	RTM_MISS                          = 0x7
 	RTM_NEWADDR                       = 0xc
 	RTM_NEWMADDR                      = 0xf
-	RTM_OLDADD                        = 0x9
-	RTM_OLDDEL                        = 0xa
 	RTM_REDIRECT                      = 0x6
 	RTM_RESOLVE                       = 0xb
 	RTM_RTTUNIT                       = 0xf4240
-	RTM_VERSION                       = 0x6
+	RTM_VERSION                       = 0x7
 	RTV_EXPIRE                        = 0x4
 	RTV_HOPCOUNT                      = 0x2
 	RTV_IWCAPSEGS                     = 0x400
@@ -1071,13 +1192,13 @@ const (
 	SHUT_RDWR                         = 0x2
 	SHUT_WR                           = 0x1
 	SIOCADDMULTI                      = 0x80206931
-	SIOCADDRT                         = 0x8040720a
 	SIOCAIFADDR                       = 0x8040691a
+	SIOCAIFGROUP                      = 0x80286987
 	SIOCALIFADDR                      = 0x8118691b
 	SIOCATMARK                        = 0x40047307
 	SIOCDELMULTI                      = 0x80206932
-	SIOCDELRT                         = 0x8040720b
 	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFGROUP                      = 0x80286989
 	SIOCDIFPHYADDR                    = 0x80206949
 	SIOCDLIFADDR                      = 0x8118691d
 	SIOCGDRVSPEC                      = 0xc028697b
@@ -1085,6 +1206,7 @@ const (
 	SIOCGETVIFCNT                     = 0xc028720f
 	SIOCGHIWAT                        = 0x40047301
 	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFALIAS                      = 0xc0406929
 	SIOCGIFBRDADDR                    = 0xc0206923
 	SIOCGIFCAP                        = 0xc020691f
 	SIOCGIFCONF                       = 0xc0106924
@@ -1093,6 +1215,7 @@ const (
 	SIOCGIFFLAGS                      = 0xc0206911
 	SIOCGIFGENERIC                    = 0xc020693a
 	SIOCGIFGMEMB                      = 0xc028698a
+	SIOCGIFGROUP                      = 0xc0286988
 	SIOCGIFINDEX                      = 0xc0206920
 	SIOCGIFMEDIA                      = 0xc0306938
 	SIOCGIFMETRIC                     = 0xc0206917
@@ -1159,6 +1282,7 @@ const (
 	SO_RCVBUF                         = 0x1002
 	SO_RCVLOWAT                       = 0x1004
 	SO_RCVTIMEO                       = 0x1006
+	SO_RERROR                         = 0x2000
 	SO_REUSEADDR                      = 0x4
 	SO_REUSEPORT                      = 0x200
 	SO_SNDBUF                         = 0x1001
@@ -1168,6 +1292,39 @@ const (
 	SO_TIMESTAMP                      = 0x400
 	SO_TYPE                           = 0x1008
 	SO_USELOOPBACK                    = 0x40
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDB                            = 0x9000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TAB0                              = 0x0
+	TAB3                              = 0x4
+	TABDLY                            = 0x4
 	TCIFLUSH                          = 0x1
 	TCIOFF                            = 0x3
 	TCIOFLUSH                         = 0x3
@@ -1194,6 +1351,8 @@ const (
 	TCP_NOPUSH                        = 0x4
 	TCP_SIGNATURE_ENABLE              = 0x10
 	TCSAFLUSH                         = 0x2
+	TIMER_ABSTIME                     = 0x1
+	TIMER_RELTIME                     = 0x0
 	TIOCCBRK                          = 0x2000747a
 	TIOCCDTR                          = 0x20007478
 	TIOCCONS                          = 0x80047462
@@ -1207,7 +1366,6 @@ const (
 	TIOCGETD                          = 0x4004741a
 	TIOCGPGRP                         = 0x40047477
 	TIOCGSID                          = 0x40047463
-	TIOCGSIZE                         = 0x40087468
 	TIOCGWINSZ                        = 0x40087468
 	TIOCISPTMASTER                    = 0x20007455
 	TIOCMBIC                          = 0x8004746b
@@ -1252,7 +1410,6 @@ const (
 	TIOCSETD                          = 0x8004741b
 	TIOCSIG                           = 0x2000745f
 	TIOCSPGRP                         = 0x80047476
-	TIOCSSIZE                         = 0x80087467
 	TIOCSTART                         = 0x2000746e
 	TIOCSTAT                          = 0x20007465
 	TIOCSTI                           = 0x80017472
@@ -1261,6 +1418,8 @@ const (
 	TIOCTIMESTAMP                     = 0x40107459
 	TIOCUCNTL                         = 0x80047466
 	TOSTOP                            = 0x400000
+	UTIME_NOW                         = -0x1
+	UTIME_OMIT                        = -0x2
 	VCHECKPT                          = 0x13
 	VDISCARD                          = 0xf
 	VDSUSP                            = 0xb
@@ -1285,9 +1444,12 @@ const (
 	VWERASE                           = 0x4
 	WCONTINUED                        = 0x4
 	WCOREFLAG                         = 0x80
+	WEXITED                           = 0x10
 	WLINUXCLONE                       = 0x80000000
 	WNOHANG                           = 0x1
-	WSTOPPED                          = 0x7f
+	WNOWAIT                           = 0x8
+	WSTOPPED                          = 0x2
+	WTRAPPED                          = 0x20
 	WUNTRACED                         = 0x2
 )
 
@@ -1387,11 +1549,6 @@ const (
 	ETIMEDOUT       = syscall.Errno(0x3c)
 	ETOOMANYREFS    = syscall.Errno(0x3b)
 	ETXTBSY         = syscall.Errno(0x1a)
-	EUNUSED94       = syscall.Errno(0x5e)
-	EUNUSED95       = syscall.Errno(0x5f)
-	EUNUSED96       = syscall.Errno(0x60)
-	EUNUSED97       = syscall.Errno(0x61)
-	EUNUSED98       = syscall.Errno(0x62)
 	EUSERS          = syscall.Errno(0x44)
 	EWOULDBLOCK     = syscall.Errno(0x23)
 	EXDEV           = syscall.Errno(0x12)
@@ -1535,12 +1692,7 @@ var errorList = [...]struct {
 	{91, "ENOLINK", "link has been severed"},
 	{92, "EPROTO", "protocol error"},
 	{93, "ENOMEDIUM", "no medium found"},
-	{94, "EUNUSED94", "unknown error: 94"},
-	{95, "EUNUSED95", "unknown error: 95"},
-	{96, "EUNUSED96", "unknown error: 96"},
-	{97, "EUNUSED97", "unknown error: 97"},
-	{98, "EUNUSED98", "unknown error: 98"},
-	{99, "ELAST", "unknown error: 99"},
+	{99, "EASYNC", "unknown error: 99"},
 }
 
 // Signal table
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index 2947dc0382e4d..440900112cd42 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m32
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && freebsd
 // +build 386,freebsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
 
 package unix
@@ -339,6 +340,12 @@ const (
 	CLOCK_UPTIME_FAST              = 0x8
 	CLOCK_UPTIME_PRECISE           = 0x7
 	CLOCK_VIRTUAL                  = 0x1
+	CPUSTATES                      = 0x5
+	CP_IDLE                        = 0x4
+	CP_INTR                        = 0x3
+	CP_NICE                        = 0x1
+	CP_SYS                         = 0x2
+	CP_USER                        = 0x0
 	CREAD                          = 0x800
 	CRTSCTS                        = 0x30000
 	CS5                            = 0x0
@@ -355,6 +362,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc144648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x804c6490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc06c648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -379,11 +402,14 @@ const (
 	DLT_CHAOS                      = 0x5
 	DLT_CHDLC                      = 0x68
 	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
 	DLT_C_HDLC                     = 0x68
 	DLT_C_HDLC_WITH_DIR            = 0xcd
 	DLT_DBUS                       = 0xe7
 	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
 	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
 	DLT_DVB_CI                     = 0xeb
 	DLT_ECONET                     = 0x73
 	DLT_EN10MB                     = 0x1
@@ -393,6 +419,7 @@ const (
 	DLT_ERF                        = 0xc5
 	DLT_ERF_ETH                    = 0xaf
 	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
 	DLT_FC_2                       = 0xe0
 	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
 	DLT_FDDI                       = 0xa
@@ -406,7 +433,6 @@ const (
 	DLT_GPRS_LLC                   = 0xa9
 	DLT_GSMTAP_ABIS                = 0xda
 	DLT_GSMTAP_UM                  = 0xd9
-	DLT_HHDLC                      = 0x79
 	DLT_IBM_SN                     = 0x92
 	DLT_IBM_SP                     = 0x91
 	DLT_IEEE802                    = 0x6
@@ -429,6 +455,7 @@ const (
 	DLT_IPV4                       = 0xe4
 	DLT_IPV6                       = 0xe5
 	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
 	DLT_JUNIPER_ATM1               = 0x89
 	DLT_JUNIPER_ATM2               = 0x87
 	DLT_JUNIPER_ATM_CEMIC          = 0xee
@@ -461,8 +488,9 @@ const (
 	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
 	DLT_LINUX_SLL                  = 0x71
 	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
 	DLT_LTALK                      = 0x72
-	DLT_MATCHING_MAX               = 0x104
+	DLT_MATCHING_MAX               = 0x113
 	DLT_MATCHING_MIN               = 0x68
 	DLT_MFR                        = 0xb6
 	DLT_MOST                       = 0xd3
@@ -478,14 +506,16 @@ const (
 	DLT_NFC_LLCP                   = 0xf5
 	DLT_NFLOG                      = 0xef
 	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
 	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
 	DLT_PCI_EXP                    = 0x7d
 	DLT_PFLOG                      = 0x75
 	DLT_PFSYNC                     = 0x79
 	DLT_PKTAP                      = 0x102
 	DLT_PPI                        = 0xc0
 	DLT_PPP                        = 0x9
-	DLT_PPP_BSDOS                  = 0x10
+	DLT_PPP_BSDOS                  = 0xe
 	DLT_PPP_ETHER                  = 0x33
 	DLT_PPP_PPPD                   = 0xa6
 	DLT_PPP_SERIAL                 = 0x32
@@ -496,19 +526,25 @@ const (
 	DLT_PRONET                     = 0x4
 	DLT_RAIF1                      = 0xc6
 	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
 	DLT_RIO                        = 0x7c
 	DLT_RTAC_SERIAL                = 0xfa
 	DLT_SCCP                       = 0x8e
 	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
 	DLT_SITA                       = 0xc4
 	DLT_SLIP                       = 0x8
-	DLT_SLIP_BSDOS                 = 0xf
+	DLT_SLIP_BSDOS                 = 0xd
 	DLT_STANAG_5066_D_PDU          = 0xed
 	DLT_SUNATM                     = 0x7b
 	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
 	DLT_TZSP                       = 0x80
 	DLT_USB                        = 0xba
 	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
 	DLT_USB_LINUX                  = 0xbd
 	DLT_USB_LINUX_MMAPPED          = 0xdc
 	DLT_USER0                      = 0x93
@@ -527,10 +563,14 @@ const (
 	DLT_USER7                      = 0x9a
 	DLT_USER8                      = 0x9b
 	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
 	DLT_WIHART                     = 0xdf
 	DLT_WIRESHARK_UPPER_PDU        = 0xfc
 	DLT_X2E_SERIAL                 = 0xd5
 	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
 	DT_BLK                         = 0x6
 	DT_CHR                         = 0x2
 	DT_DIR                         = 0x4
@@ -548,6 +588,7 @@ const (
 	ECHONL                         = 0x10
 	ECHOPRT                        = 0x20
 	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
 	EVFILT_FS                      = -0x9
 	EVFILT_LIO                     = -0xa
 	EVFILT_PROC                    = -0x5
@@ -555,11 +596,12 @@ const (
 	EVFILT_READ                    = -0x1
 	EVFILT_SENDFILE                = -0xc
 	EVFILT_SIGNAL                  = -0x6
-	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_SYSCOUNT                = 0xd
 	EVFILT_TIMER                   = -0x7
 	EVFILT_USER                    = -0xb
 	EVFILT_VNODE                   = -0x4
 	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
 	EV_ADD                         = 0x1
 	EV_CLEAR                       = 0x20
 	EV_DELETE                      = 0x2
@@ -576,6 +618,7 @@ const (
 	EV_RECEIPT                     = 0x40
 	EV_SYSFLAGS                    = 0xf000
 	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
 	EXTATTR_NAMESPACE_EMPTY        = 0x0
 	EXTATTR_NAMESPACE_SYSTEM       = 0x2
 	EXTATTR_NAMESPACE_USER         = 0x1
@@ -617,6 +660,7 @@ const (
 	IEXTEN                         = 0x400
 	IFAN_ARRIVAL                   = 0x0
 	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
 	IFF_ALLMULTI                   = 0x200
 	IFF_ALTPHYS                    = 0x4000
 	IFF_BROADCAST                  = 0x2
@@ -633,6 +677,7 @@ const (
 	IFF_MONITOR                    = 0x40000
 	IFF_MULTICAST                  = 0x8000
 	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
 	IFF_OACTIVE                    = 0x400
 	IFF_POINTOPOINT                = 0x10
 	IFF_PPROMISC                   = 0x20000
@@ -807,6 +852,7 @@ const (
 	IPV6_DSTOPTS                   = 0x32
 	IPV6_FLOWID                    = 0x43
 	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
 	IPV6_FLOWLABEL_MASK            = 0xffff0f00
 	IPV6_FLOWTYPE                  = 0x44
 	IPV6_FRAGTTL                   = 0x78
@@ -827,13 +873,13 @@ const (
 	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
 	IPV6_MAX_MEMBERSHIPS           = 0xfff
 	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
-	IPV6_MIN_MEMBERSHIPS           = 0x1f
 	IPV6_MMTU                      = 0x500
 	IPV6_MSFILTER                  = 0x4a
 	IPV6_MULTICAST_HOPS            = 0xa
 	IPV6_MULTICAST_IF              = 0x9
 	IPV6_MULTICAST_LOOP            = 0xb
 	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
 	IPV6_PATHMTU                   = 0x2c
 	IPV6_PKTINFO                   = 0x2e
 	IPV6_PORTRANGE                 = 0xe
@@ -845,6 +891,7 @@ const (
 	IPV6_RECVFLOWID                = 0x46
 	IPV6_RECVHOPLIMIT              = 0x25
 	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
 	IPV6_RECVPATHMTU               = 0x2b
 	IPV6_RECVPKTINFO               = 0x24
 	IPV6_RECVRSSBUCKETID           = 0x47
@@ -905,10 +952,8 @@ const (
 	IP_MAX_MEMBERSHIPS             = 0xfff
 	IP_MAX_SOCK_MUTE_FILTER        = 0x80
 	IP_MAX_SOCK_SRC_FILTER         = 0x80
-	IP_MAX_SOURCE_FILTER           = 0x400
 	IP_MF                          = 0x2000
 	IP_MINTTL                      = 0x42
-	IP_MIN_MEMBERSHIPS             = 0x1f
 	IP_MSFILTER                    = 0x4a
 	IP_MSS                         = 0x240
 	IP_MULTICAST_IF                = 0x9
@@ -918,6 +963,7 @@ const (
 	IP_OFFMASK                     = 0x1fff
 	IP_ONESBCAST                   = 0x17
 	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
 	IP_PORTRANGE                   = 0x13
 	IP_PORTRANGE_DEFAULT           = 0x0
 	IP_PORTRANGE_HIGH              = 0x1
@@ -926,6 +972,7 @@ const (
 	IP_RECVFLOWID                  = 0x5d
 	IP_RECVIF                      = 0x14
 	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
 	IP_RECVRETOPTS                 = 0x6
 	IP_RECVRSSBUCKETID             = 0x5e
 	IP_RECVTOS                     = 0x44
@@ -951,6 +998,11 @@ const (
 	KERN_OSRELEASE                 = 0x2
 	KERN_OSTYPE                    = 0x1
 	KERN_VERSION                   = 0x4
+	LOCAL_CONNWAIT                 = 0x4
+	LOCAL_CREDS                    = 0x2
+	LOCAL_CREDS_PERSISTENT         = 0x3
+	LOCAL_PEERCRED                 = 0x1
+	LOCAL_VENDOR                   = 0x80000000
 	LOCK_EX                        = 0x2
 	LOCK_NB                        = 0x4
 	LOCK_SH                        = 0x1
@@ -975,6 +1027,7 @@ const (
 	MAP_EXCL                       = 0x4000
 	MAP_FILE                       = 0x0
 	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
 	MAP_HASSEMAPHORE               = 0x200
 	MAP_NOCORE                     = 0x20000
 	MAP_NOSYNC                     = 0x800
@@ -986,6 +1039,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1026,10 +1088,12 @@ const (
 	MNT_SUSPEND                    = 0x4
 	MNT_SYNCHRONOUS                = 0x2
 	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
 	MNT_UPDATE                     = 0x10000
-	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_UPDATEMASK                 = 0xad8d0807e
 	MNT_USER                       = 0x8000
-	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
 	MNT_WAIT                       = 0x1
 	MSG_CMSG_CLOEXEC               = 0x40000
 	MSG_COMPAT                     = 0x8000
@@ -1055,8 +1119,10 @@ const (
 	NET_RT_IFLIST                  = 0x3
 	NET_RT_IFLISTL                 = 0x5
 	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x20
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
 	NOTE_ATTRIB                    = 0x8
 	NOTE_CHILD                     = 0x4
 	NOTE_CLOSE                     = 0x100
@@ -1211,7 +1277,6 @@ const (
 	RTV_WEIGHT                     = 0x100
 	RT_ALL_FIBS                    = -0x1
 	RT_BLACKHOLE                   = 0x40
-	RT_CACHING_CONTEXT             = 0x1
 	RT_DEFAULT_FIB                 = 0x0
 	RT_HAS_GW                      = 0x80
 	RT_HAS_HEADER                  = 0x10
@@ -1221,15 +1286,22 @@ const (
 	RT_LLE_CACHE                   = 0x100
 	RT_MAY_LOOP                    = 0x8
 	RT_MAY_LOOP_BIT                = 0x3
-	RT_NORTREF                     = 0x2
 	RT_REJECT                      = 0x20
 	RUSAGE_CHILDREN                = -0x1
 	RUSAGE_SELF                    = 0x0
 	RUSAGE_THREAD                  = 0x1
 	SCM_BINTIME                    = 0x4
 	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
+	SEEK_CUR                       = 0x1
+	SEEK_DATA                      = 0x3
+	SEEK_END                       = 0x2
+	SEEK_HOLE                      = 0x4
+	SEEK_SET                       = 0x0
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1245,6 +1317,7 @@ const (
 	SIOCGETSGCNT                   = 0xc0147210
 	SIOCGETVIFCNT                  = 0xc014720f
 	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
 	SIOCGI2C                       = 0xc020693d
 	SIOCGIFADDR                    = 0xc0206921
 	SIOCGIFBRDADDR                 = 0xc0206923
@@ -1266,8 +1339,11 @@ const (
 	SIOCGIFPDSTADDR                = 0xc0206948
 	SIOCGIFPHYS                    = 0xc0206935
 	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
 	SIOCGIFSTATUS                  = 0xc331693b
 	SIOCGIFXMEDIA                  = 0xc028698b
+	SIOCGLANPCP                    = 0xc0206998
 	SIOCGLOWAT                     = 0x40047303
 	SIOCGPGRP                      = 0x40047309
 	SIOCGPRIVATE_0                 = 0xc0206950
@@ -1298,6 +1374,7 @@ const (
 	SIOCSIFPHYS                    = 0x80206936
 	SIOCSIFRVNET                   = 0xc020695b
 	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
 	SIOCSLOWAT                     = 0x80047302
 	SIOCSPGRP                      = 0x80047308
 	SIOCSTUNFIB                    = 0x8020695f
@@ -1309,6 +1386,7 @@ const (
 	SOCK_RDM                       = 0x4
 	SOCK_SEQPACKET                 = 0x5
 	SOCK_STREAM                    = 0x1
+	SOL_LOCAL                      = 0x0
 	SOL_SOCKET                     = 0xffff
 	SOMAXCONN                      = 0x80
 	SO_ACCEPTCONN                  = 0x2
@@ -1316,6 +1394,7 @@ const (
 	SO_BINTIME                     = 0x2000
 	SO_BROADCAST                   = 0x20
 	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
 	SO_DONTROUTE                   = 0x10
 	SO_ERROR                       = 0x1007
 	SO_KEEPALIVE                   = 0x8
@@ -1324,6 +1403,7 @@ const (
 	SO_LISTENINCQLEN               = 0x1013
 	SO_LISTENQLEN                  = 0x1012
 	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
 	SO_NOSIGPIPE                   = 0x800
 	SO_NO_DDP                      = 0x8000
 	SO_NO_OFFLOAD                  = 0x4000
@@ -1336,15 +1416,52 @@ const (
 	SO_RCVTIMEO                    = 0x1006
 	SO_REUSEADDR                   = 0x4
 	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
 	SO_SETFIB                      = 0x1014
 	SO_SNDBUF                      = 0x1001
 	SO_SNDLOWAT                    = 0x1003
 	SO_SNDTIMEO                    = 0x1005
 	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
 	SO_TYPE                        = 0x1008
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
 	SO_VENDOR                      = 0x80000000
+	S_BLKSIZE                      = 0x200
+	S_IEXEC                        = 0x40
+	S_IFBLK                        = 0x6000
+	S_IFCHR                        = 0x2000
+	S_IFDIR                        = 0x4000
+	S_IFIFO                        = 0x1000
+	S_IFLNK                        = 0xa000
+	S_IFMT                         = 0xf000
+	S_IFREG                        = 0x8000
+	S_IFSOCK                       = 0xc000
+	S_IFWHT                        = 0xe000
+	S_IREAD                        = 0x100
+	S_IRGRP                        = 0x20
+	S_IROTH                        = 0x4
+	S_IRUSR                        = 0x100
+	S_IRWXG                        = 0x38
+	S_IRWXO                        = 0x7
+	S_IRWXU                        = 0x1c0
+	S_ISGID                        = 0x400
+	S_ISTXT                        = 0x200
+	S_ISUID                        = 0x800
+	S_ISVTX                        = 0x200
+	S_IWGRP                        = 0x10
+	S_IWOTH                        = 0x2
+	S_IWRITE                       = 0x80
+	S_IWUSR                        = 0x80
+	S_IXGRP                        = 0x8
+	S_IXOTH                        = 0x1
+	S_IXUSR                        = 0x40
 	TAB0                           = 0x0
 	TAB3                           = 0x4
 	TABDLY                         = 0x4
@@ -1355,10 +1472,45 @@ const (
 	TCOFLUSH                       = 0x2
 	TCOOFF                         = 0x1
 	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
 	TCP_CA_NAME_MAX                = 0x10
 	TCP_CCALGOOPT                  = 0x41
 	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
 	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
 	TCP_FUNCTION_BLK               = 0x2000
 	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
 	TCP_INFO                       = 0x20
@@ -1366,6 +1518,12 @@ const (
 	TCP_KEEPIDLE                   = 0x100
 	TCP_KEEPINIT                   = 0x80
 	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
 	TCP_MAXBURST                   = 0x4
 	TCP_MAXHLEN                    = 0x3c
 	TCP_MAXOLEN                    = 0x28
@@ -1381,8 +1539,30 @@ const (
 	TCP_NOPUSH                     = 0x4
 	TCP_PCAP_IN                    = 0x1000
 	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
 	TCP_VENDOR                     = 0x80000000
 	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
 	TIOCCBRK                       = 0x2000747a
 	TIOCCDTR                       = 0x20007478
 	TIOCCONS                       = 0x80047462
@@ -1446,6 +1626,8 @@ const (
 	TIOCTIMESTAMP                  = 0x40087459
 	TIOCUCNTL                      = 0x80047466
 	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
 	VDISCARD                       = 0xf
 	VDSUSP                         = 0xb
 	VEOF                           = 0x0
@@ -1457,6 +1639,8 @@ const (
 	VKILL                          = 0x5
 	VLNEXT                         = 0xe
 	VMIN                           = 0x10
+	VM_BCACHE_SIZE_MAX             = 0x70e0000
+	VM_SWZONE_SIZE_MAX             = 0x2280000
 	VQUIT                          = 0x9
 	VREPRINT                       = 0x6
 	VSTART                         = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index c600d012d069d..64520d31226b9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && freebsd
 // +build amd64,freebsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -339,6 +340,12 @@ const (
 	CLOCK_UPTIME_FAST              = 0x8
 	CLOCK_UPTIME_PRECISE           = 0x7
 	CLOCK_VIRTUAL                  = 0x1
+	CPUSTATES                      = 0x5
+	CP_IDLE                        = 0x4
+	CP_INTR                        = 0x3
+	CP_NICE                        = 0x1
+	CP_SYS                         = 0x2
+	CP_USER                        = 0x0
 	CREAD                          = 0x800
 	CRTSCTS                        = 0x30000
 	CS5                            = 0x0
@@ -355,6 +362,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc148648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x80506490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc080648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -379,11 +402,14 @@ const (
 	DLT_CHAOS                      = 0x5
 	DLT_CHDLC                      = 0x68
 	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
 	DLT_C_HDLC                     = 0x68
 	DLT_C_HDLC_WITH_DIR            = 0xcd
 	DLT_DBUS                       = 0xe7
 	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
 	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
 	DLT_DVB_CI                     = 0xeb
 	DLT_ECONET                     = 0x73
 	DLT_EN10MB                     = 0x1
@@ -393,6 +419,7 @@ const (
 	DLT_ERF                        = 0xc5
 	DLT_ERF_ETH                    = 0xaf
 	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
 	DLT_FC_2                       = 0xe0
 	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
 	DLT_FDDI                       = 0xa
@@ -406,7 +433,6 @@ const (
 	DLT_GPRS_LLC                   = 0xa9
 	DLT_GSMTAP_ABIS                = 0xda
 	DLT_GSMTAP_UM                  = 0xd9
-	DLT_HHDLC                      = 0x79
 	DLT_IBM_SN                     = 0x92
 	DLT_IBM_SP                     = 0x91
 	DLT_IEEE802                    = 0x6
@@ -429,6 +455,7 @@ const (
 	DLT_IPV4                       = 0xe4
 	DLT_IPV6                       = 0xe5
 	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
 	DLT_JUNIPER_ATM1               = 0x89
 	DLT_JUNIPER_ATM2               = 0x87
 	DLT_JUNIPER_ATM_CEMIC          = 0xee
@@ -461,8 +488,9 @@ const (
 	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
 	DLT_LINUX_SLL                  = 0x71
 	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
 	DLT_LTALK                      = 0x72
-	DLT_MATCHING_MAX               = 0x104
+	DLT_MATCHING_MAX               = 0x113
 	DLT_MATCHING_MIN               = 0x68
 	DLT_MFR                        = 0xb6
 	DLT_MOST                       = 0xd3
@@ -478,14 +506,16 @@ const (
 	DLT_NFC_LLCP                   = 0xf5
 	DLT_NFLOG                      = 0xef
 	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
 	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
 	DLT_PCI_EXP                    = 0x7d
 	DLT_PFLOG                      = 0x75
 	DLT_PFSYNC                     = 0x79
 	DLT_PKTAP                      = 0x102
 	DLT_PPI                        = 0xc0
 	DLT_PPP                        = 0x9
-	DLT_PPP_BSDOS                  = 0x10
+	DLT_PPP_BSDOS                  = 0xe
 	DLT_PPP_ETHER                  = 0x33
 	DLT_PPP_PPPD                   = 0xa6
 	DLT_PPP_SERIAL                 = 0x32
@@ -496,19 +526,25 @@ const (
 	DLT_PRONET                     = 0x4
 	DLT_RAIF1                      = 0xc6
 	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
 	DLT_RIO                        = 0x7c
 	DLT_RTAC_SERIAL                = 0xfa
 	DLT_SCCP                       = 0x8e
 	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
 	DLT_SITA                       = 0xc4
 	DLT_SLIP                       = 0x8
-	DLT_SLIP_BSDOS                 = 0xf
+	DLT_SLIP_BSDOS                 = 0xd
 	DLT_STANAG_5066_D_PDU          = 0xed
 	DLT_SUNATM                     = 0x7b
 	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
 	DLT_TZSP                       = 0x80
 	DLT_USB                        = 0xba
 	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
 	DLT_USB_LINUX                  = 0xbd
 	DLT_USB_LINUX_MMAPPED          = 0xdc
 	DLT_USER0                      = 0x93
@@ -527,10 +563,14 @@ const (
 	DLT_USER7                      = 0x9a
 	DLT_USER8                      = 0x9b
 	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
 	DLT_WIHART                     = 0xdf
 	DLT_WIRESHARK_UPPER_PDU        = 0xfc
 	DLT_X2E_SERIAL                 = 0xd5
 	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
 	DT_BLK                         = 0x6
 	DT_CHR                         = 0x2
 	DT_DIR                         = 0x4
@@ -548,6 +588,7 @@ const (
 	ECHONL                         = 0x10
 	ECHOPRT                        = 0x20
 	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
 	EVFILT_FS                      = -0x9
 	EVFILT_LIO                     = -0xa
 	EVFILT_PROC                    = -0x5
@@ -555,11 +596,12 @@ const (
 	EVFILT_READ                    = -0x1
 	EVFILT_SENDFILE                = -0xc
 	EVFILT_SIGNAL                  = -0x6
-	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_SYSCOUNT                = 0xd
 	EVFILT_TIMER                   = -0x7
 	EVFILT_USER                    = -0xb
 	EVFILT_VNODE                   = -0x4
 	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
 	EV_ADD                         = 0x1
 	EV_CLEAR                       = 0x20
 	EV_DELETE                      = 0x2
@@ -576,6 +618,7 @@ const (
 	EV_RECEIPT                     = 0x40
 	EV_SYSFLAGS                    = 0xf000
 	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
 	EXTATTR_NAMESPACE_EMPTY        = 0x0
 	EXTATTR_NAMESPACE_SYSTEM       = 0x2
 	EXTATTR_NAMESPACE_USER         = 0x1
@@ -617,6 +660,7 @@ const (
 	IEXTEN                         = 0x400
 	IFAN_ARRIVAL                   = 0x0
 	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
 	IFF_ALLMULTI                   = 0x200
 	IFF_ALTPHYS                    = 0x4000
 	IFF_BROADCAST                  = 0x2
@@ -633,6 +677,7 @@ const (
 	IFF_MONITOR                    = 0x40000
 	IFF_MULTICAST                  = 0x8000
 	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
 	IFF_OACTIVE                    = 0x400
 	IFF_POINTOPOINT                = 0x10
 	IFF_PPROMISC                   = 0x20000
@@ -807,6 +852,7 @@ const (
 	IPV6_DSTOPTS                   = 0x32
 	IPV6_FLOWID                    = 0x43
 	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
 	IPV6_FLOWLABEL_MASK            = 0xffff0f00
 	IPV6_FLOWTYPE                  = 0x44
 	IPV6_FRAGTTL                   = 0x78
@@ -827,13 +873,13 @@ const (
 	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
 	IPV6_MAX_MEMBERSHIPS           = 0xfff
 	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
-	IPV6_MIN_MEMBERSHIPS           = 0x1f
 	IPV6_MMTU                      = 0x500
 	IPV6_MSFILTER                  = 0x4a
 	IPV6_MULTICAST_HOPS            = 0xa
 	IPV6_MULTICAST_IF              = 0x9
 	IPV6_MULTICAST_LOOP            = 0xb
 	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
 	IPV6_PATHMTU                   = 0x2c
 	IPV6_PKTINFO                   = 0x2e
 	IPV6_PORTRANGE                 = 0xe
@@ -845,6 +891,7 @@ const (
 	IPV6_RECVFLOWID                = 0x46
 	IPV6_RECVHOPLIMIT              = 0x25
 	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
 	IPV6_RECVPATHMTU               = 0x2b
 	IPV6_RECVPKTINFO               = 0x24
 	IPV6_RECVRSSBUCKETID           = 0x47
@@ -905,10 +952,8 @@ const (
 	IP_MAX_MEMBERSHIPS             = 0xfff
 	IP_MAX_SOCK_MUTE_FILTER        = 0x80
 	IP_MAX_SOCK_SRC_FILTER         = 0x80
-	IP_MAX_SOURCE_FILTER           = 0x400
 	IP_MF                          = 0x2000
 	IP_MINTTL                      = 0x42
-	IP_MIN_MEMBERSHIPS             = 0x1f
 	IP_MSFILTER                    = 0x4a
 	IP_MSS                         = 0x240
 	IP_MULTICAST_IF                = 0x9
@@ -918,6 +963,7 @@ const (
 	IP_OFFMASK                     = 0x1fff
 	IP_ONESBCAST                   = 0x17
 	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
 	IP_PORTRANGE                   = 0x13
 	IP_PORTRANGE_DEFAULT           = 0x0
 	IP_PORTRANGE_HIGH              = 0x1
@@ -926,6 +972,7 @@ const (
 	IP_RECVFLOWID                  = 0x5d
 	IP_RECVIF                      = 0x14
 	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
 	IP_RECVRETOPTS                 = 0x6
 	IP_RECVRSSBUCKETID             = 0x5e
 	IP_RECVTOS                     = 0x44
@@ -951,6 +998,11 @@ const (
 	KERN_OSRELEASE                 = 0x2
 	KERN_OSTYPE                    = 0x1
 	KERN_VERSION                   = 0x4
+	LOCAL_CONNWAIT                 = 0x4
+	LOCAL_CREDS                    = 0x2
+	LOCAL_CREDS_PERSISTENT         = 0x3
+	LOCAL_PEERCRED                 = 0x1
+	LOCAL_VENDOR                   = 0x80000000
 	LOCK_EX                        = 0x2
 	LOCK_NB                        = 0x4
 	LOCK_SH                        = 0x1
@@ -976,6 +1028,7 @@ const (
 	MAP_EXCL                       = 0x4000
 	MAP_FILE                       = 0x0
 	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
 	MAP_HASSEMAPHORE               = 0x200
 	MAP_NOCORE                     = 0x20000
 	MAP_NOSYNC                     = 0x800
@@ -987,6 +1040,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1027,10 +1089,12 @@ const (
 	MNT_SUSPEND                    = 0x4
 	MNT_SYNCHRONOUS                = 0x2
 	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
 	MNT_UPDATE                     = 0x10000
-	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_UPDATEMASK                 = 0xad8d0807e
 	MNT_USER                       = 0x8000
-	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
 	MNT_WAIT                       = 0x1
 	MSG_CMSG_CLOEXEC               = 0x40000
 	MSG_COMPAT                     = 0x8000
@@ -1056,8 +1120,10 @@ const (
 	NET_RT_IFLIST                  = 0x3
 	NET_RT_IFLISTL                 = 0x5
 	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x40
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
 	NOTE_ATTRIB                    = 0x8
 	NOTE_CHILD                     = 0x4
 	NOTE_CLOSE                     = 0x100
@@ -1212,7 +1278,6 @@ const (
 	RTV_WEIGHT                     = 0x100
 	RT_ALL_FIBS                    = -0x1
 	RT_BLACKHOLE                   = 0x40
-	RT_CACHING_CONTEXT             = 0x1
 	RT_DEFAULT_FIB                 = 0x0
 	RT_HAS_GW                      = 0x80
 	RT_HAS_HEADER                  = 0x10
@@ -1222,15 +1287,22 @@ const (
 	RT_LLE_CACHE                   = 0x100
 	RT_MAY_LOOP                    = 0x8
 	RT_MAY_LOOP_BIT                = 0x3
-	RT_NORTREF                     = 0x2
 	RT_REJECT                      = 0x20
 	RUSAGE_CHILDREN                = -0x1
 	RUSAGE_SELF                    = 0x0
 	RUSAGE_THREAD                  = 0x1
 	SCM_BINTIME                    = 0x4
 	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
+	SEEK_CUR                       = 0x1
+	SEEK_DATA                      = 0x3
+	SEEK_END                       = 0x2
+	SEEK_HOLE                      = 0x4
+	SEEK_SET                       = 0x0
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1246,6 +1318,7 @@ const (
 	SIOCGETSGCNT                   = 0xc0207210
 	SIOCGETVIFCNT                  = 0xc028720f
 	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
 	SIOCGI2C                       = 0xc020693d
 	SIOCGIFADDR                    = 0xc0206921
 	SIOCGIFBRDADDR                 = 0xc0206923
@@ -1267,8 +1340,11 @@ const (
 	SIOCGIFPDSTADDR                = 0xc0206948
 	SIOCGIFPHYS                    = 0xc0206935
 	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
 	SIOCGIFSTATUS                  = 0xc331693b
 	SIOCGIFXMEDIA                  = 0xc030698b
+	SIOCGLANPCP                    = 0xc0206998
 	SIOCGLOWAT                     = 0x40047303
 	SIOCGPGRP                      = 0x40047309
 	SIOCGPRIVATE_0                 = 0xc0206950
@@ -1299,6 +1375,7 @@ const (
 	SIOCSIFPHYS                    = 0x80206936
 	SIOCSIFRVNET                   = 0xc020695b
 	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
 	SIOCSLOWAT                     = 0x80047302
 	SIOCSPGRP                      = 0x80047308
 	SIOCSTUNFIB                    = 0x8020695f
@@ -1310,6 +1387,7 @@ const (
 	SOCK_RDM                       = 0x4
 	SOCK_SEQPACKET                 = 0x5
 	SOCK_STREAM                    = 0x1
+	SOL_LOCAL                      = 0x0
 	SOL_SOCKET                     = 0xffff
 	SOMAXCONN                      = 0x80
 	SO_ACCEPTCONN                  = 0x2
@@ -1317,6 +1395,7 @@ const (
 	SO_BINTIME                     = 0x2000
 	SO_BROADCAST                   = 0x20
 	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
 	SO_DONTROUTE                   = 0x10
 	SO_ERROR                       = 0x1007
 	SO_KEEPALIVE                   = 0x8
@@ -1325,6 +1404,7 @@ const (
 	SO_LISTENINCQLEN               = 0x1013
 	SO_LISTENQLEN                  = 0x1012
 	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
 	SO_NOSIGPIPE                   = 0x800
 	SO_NO_DDP                      = 0x8000
 	SO_NO_OFFLOAD                  = 0x4000
@@ -1337,15 +1417,52 @@ const (
 	SO_RCVTIMEO                    = 0x1006
 	SO_REUSEADDR                   = 0x4
 	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
 	SO_SETFIB                      = 0x1014
 	SO_SNDBUF                      = 0x1001
 	SO_SNDLOWAT                    = 0x1003
 	SO_SNDTIMEO                    = 0x1005
 	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
 	SO_TYPE                        = 0x1008
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
 	SO_VENDOR                      = 0x80000000
+	S_BLKSIZE                      = 0x200
+	S_IEXEC                        = 0x40
+	S_IFBLK                        = 0x6000
+	S_IFCHR                        = 0x2000
+	S_IFDIR                        = 0x4000
+	S_IFIFO                        = 0x1000
+	S_IFLNK                        = 0xa000
+	S_IFMT                         = 0xf000
+	S_IFREG                        = 0x8000
+	S_IFSOCK                       = 0xc000
+	S_IFWHT                        = 0xe000
+	S_IREAD                        = 0x100
+	S_IRGRP                        = 0x20
+	S_IROTH                        = 0x4
+	S_IRUSR                        = 0x100
+	S_IRWXG                        = 0x38
+	S_IRWXO                        = 0x7
+	S_IRWXU                        = 0x1c0
+	S_ISGID                        = 0x400
+	S_ISTXT                        = 0x200
+	S_ISUID                        = 0x800
+	S_ISVTX                        = 0x200
+	S_IWGRP                        = 0x10
+	S_IWOTH                        = 0x2
+	S_IWRITE                       = 0x80
+	S_IWUSR                        = 0x80
+	S_IXGRP                        = 0x8
+	S_IXOTH                        = 0x1
+	S_IXUSR                        = 0x40
 	TAB0                           = 0x0
 	TAB3                           = 0x4
 	TABDLY                         = 0x4
@@ -1356,10 +1473,45 @@ const (
 	TCOFLUSH                       = 0x2
 	TCOOFF                         = 0x1
 	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
 	TCP_CA_NAME_MAX                = 0x10
 	TCP_CCALGOOPT                  = 0x41
 	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
 	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
 	TCP_FUNCTION_BLK               = 0x2000
 	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
 	TCP_INFO                       = 0x20
@@ -1367,6 +1519,12 @@ const (
 	TCP_KEEPIDLE                   = 0x100
 	TCP_KEEPINIT                   = 0x80
 	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
 	TCP_MAXBURST                   = 0x4
 	TCP_MAXHLEN                    = 0x3c
 	TCP_MAXOLEN                    = 0x28
@@ -1382,8 +1540,30 @@ const (
 	TCP_NOPUSH                     = 0x4
 	TCP_PCAP_IN                    = 0x1000
 	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
 	TCP_VENDOR                     = 0x80000000
 	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
 	TIOCCBRK                       = 0x2000747a
 	TIOCCDTR                       = 0x20007478
 	TIOCCONS                       = 0x80047462
@@ -1447,6 +1627,8 @@ const (
 	TIOCTIMESTAMP                  = 0x40107459
 	TIOCUCNTL                      = 0x80047466
 	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
 	VDISCARD                       = 0xf
 	VDSUSP                         = 0xb
 	VEOF                           = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index e8240d2397b2e..99e9a0e06e95f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -1,9 +1,10 @@
 // mkerrors.sh
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && freebsd
 // +build arm,freebsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
 
 package unix
@@ -339,6 +340,12 @@ const (
 	CLOCK_UPTIME_FAST              = 0x8
 	CLOCK_UPTIME_PRECISE           = 0x7
 	CLOCK_VIRTUAL                  = 0x1
+	CPUSTATES                      = 0x5
+	CP_IDLE                        = 0x4
+	CP_INTR                        = 0x3
+	CP_NICE                        = 0x1
+	CP_SYS                         = 0x2
+	CP_USER                        = 0x0
 	CREAD                          = 0x800
 	CRTSCTS                        = 0x30000
 	CS5                            = 0x0
@@ -355,6 +362,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc144648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x804c6490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc06c648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -958,6 +981,11 @@ const (
 	KERN_OSRELEASE                 = 0x2
 	KERN_OSTYPE                    = 0x1
 	KERN_VERSION                   = 0x4
+	LOCAL_CONNWAIT                 = 0x4
+	LOCAL_CREDS                    = 0x2
+	LOCAL_CREDS_PERSISTENT         = 0x3
+	LOCAL_PEERCRED                 = 0x1
+	LOCAL_VENDOR                   = 0x80000000
 	LOCK_EX                        = 0x2
 	LOCK_NB                        = 0x4
 	LOCK_SH                        = 0x1
@@ -994,6 +1022,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1063,6 +1100,7 @@ const (
 	NET_RT_IFLIST                  = 0x3
 	NET_RT_IFLISTL                 = 0x5
 	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x20
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
 	NOTE_ATTRIB                    = 0x8
@@ -1238,6 +1276,11 @@ const (
 	SCM_CREDS                      = 0x3
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SEEK_CUR                       = 0x1
+	SEEK_DATA                      = 0x3
+	SEEK_END                       = 0x2
+	SEEK_HOLE                      = 0x4
+	SEEK_SET                       = 0x0
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1318,6 +1361,7 @@ const (
 	SOCK_RDM                       = 0x4
 	SOCK_SEQPACKET                 = 0x5
 	SOCK_STREAM                    = 0x1
+	SOL_LOCAL                      = 0x0
 	SOL_SOCKET                     = 0xffff
 	SOMAXCONN                      = 0x80
 	SO_ACCEPTCONN                  = 0x2
@@ -1354,6 +1398,35 @@ const (
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
 	SO_VENDOR                      = 0x80000000
+	S_BLKSIZE                      = 0x200
+	S_IEXEC                        = 0x40
+	S_IFBLK                        = 0x6000
+	S_IFCHR                        = 0x2000
+	S_IFDIR                        = 0x4000
+	S_IFIFO                        = 0x1000
+	S_IFLNK                        = 0xa000
+	S_IFMT                         = 0xf000
+	S_IFREG                        = 0x8000
+	S_IFSOCK                       = 0xc000
+	S_IFWHT                        = 0xe000
+	S_IREAD                        = 0x100
+	S_IRGRP                        = 0x20
+	S_IROTH                        = 0x4
+	S_IRUSR                        = 0x100
+	S_IRWXG                        = 0x38
+	S_IRWXO                        = 0x7
+	S_IRWXU                        = 0x1c0
+	S_ISGID                        = 0x400
+	S_ISTXT                        = 0x200
+	S_ISUID                        = 0x800
+	S_ISVTX                        = 0x200
+	S_IWGRP                        = 0x10
+	S_IWOTH                        = 0x2
+	S_IWRITE                       = 0x80
+	S_IWUSR                        = 0x80
+	S_IXGRP                        = 0x8
+	S_IXOTH                        = 0x1
+	S_IXUSR                        = 0x40
 	TAB0                           = 0x0
 	TAB3                           = 0x4
 	TABDLY                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
new file mode 100644
index 0000000000000..4c837711493ff
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -0,0 +1,1948 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build arm64 && freebsd
+// +build arm64,freebsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                   = 0x10
+	AF_ARP                         = 0x23
+	AF_ATM                         = 0x1e
+	AF_BLUETOOTH                   = 0x24
+	AF_CCITT                       = 0xa
+	AF_CHAOS                       = 0x5
+	AF_CNT                         = 0x15
+	AF_COIP                        = 0x14
+	AF_DATAKIT                     = 0x9
+	AF_DECnet                      = 0xc
+	AF_DLI                         = 0xd
+	AF_E164                        = 0x1a
+	AF_ECMA                        = 0x8
+	AF_HYLINK                      = 0xf
+	AF_IEEE80211                   = 0x25
+	AF_IMPLINK                     = 0x3
+	AF_INET                        = 0x2
+	AF_INET6                       = 0x1c
+	AF_INET6_SDP                   = 0x2a
+	AF_INET_SDP                    = 0x28
+	AF_IPX                         = 0x17
+	AF_ISDN                        = 0x1a
+	AF_ISO                         = 0x7
+	AF_LAT                         = 0xe
+	AF_LINK                        = 0x12
+	AF_LOCAL                       = 0x1
+	AF_MAX                         = 0x2a
+	AF_NATM                        = 0x1d
+	AF_NETBIOS                     = 0x6
+	AF_NETGRAPH                    = 0x20
+	AF_OSI                         = 0x7
+	AF_PUP                         = 0x4
+	AF_ROUTE                       = 0x11
+	AF_SCLUSTER                    = 0x22
+	AF_SIP                         = 0x18
+	AF_SLOW                        = 0x21
+	AF_SNA                         = 0xb
+	AF_UNIX                        = 0x1
+	AF_UNSPEC                      = 0x0
+	AF_VENDOR00                    = 0x27
+	AF_VENDOR01                    = 0x29
+	AF_VENDOR02                    = 0x2b
+	AF_VENDOR03                    = 0x2d
+	AF_VENDOR04                    = 0x2f
+	AF_VENDOR05                    = 0x31
+	AF_VENDOR06                    = 0x33
+	AF_VENDOR07                    = 0x35
+	AF_VENDOR08                    = 0x37
+	AF_VENDOR09                    = 0x39
+	AF_VENDOR10                    = 0x3b
+	AF_VENDOR11                    = 0x3d
+	AF_VENDOR12                    = 0x3f
+	AF_VENDOR13                    = 0x41
+	AF_VENDOR14                    = 0x43
+	AF_VENDOR15                    = 0x45
+	AF_VENDOR16                    = 0x47
+	AF_VENDOR17                    = 0x49
+	AF_VENDOR18                    = 0x4b
+	AF_VENDOR19                    = 0x4d
+	AF_VENDOR20                    = 0x4f
+	AF_VENDOR21                    = 0x51
+	AF_VENDOR22                    = 0x53
+	AF_VENDOR23                    = 0x55
+	AF_VENDOR24                    = 0x57
+	AF_VENDOR25                    = 0x59
+	AF_VENDOR26                    = 0x5b
+	AF_VENDOR27                    = 0x5d
+	AF_VENDOR28                    = 0x5f
+	AF_VENDOR29                    = 0x61
+	AF_VENDOR30                    = 0x63
+	AF_VENDOR31                    = 0x65
+	AF_VENDOR32                    = 0x67
+	AF_VENDOR33                    = 0x69
+	AF_VENDOR34                    = 0x6b
+	AF_VENDOR35                    = 0x6d
+	AF_VENDOR36                    = 0x6f
+	AF_VENDOR37                    = 0x71
+	AF_VENDOR38                    = 0x73
+	AF_VENDOR39                    = 0x75
+	AF_VENDOR40                    = 0x77
+	AF_VENDOR41                    = 0x79
+	AF_VENDOR42                    = 0x7b
+	AF_VENDOR43                    = 0x7d
+	AF_VENDOR44                    = 0x7f
+	AF_VENDOR45                    = 0x81
+	AF_VENDOR46                    = 0x83
+	AF_VENDOR47                    = 0x85
+	ALTWERASE                      = 0x200
+	B0                             = 0x0
+	B110                           = 0x6e
+	B115200                        = 0x1c200
+	B1200                          = 0x4b0
+	B134                           = 0x86
+	B14400                         = 0x3840
+	B150                           = 0x96
+	B1800                          = 0x708
+	B19200                         = 0x4b00
+	B200                           = 0xc8
+	B230400                        = 0x38400
+	B2400                          = 0x960
+	B28800                         = 0x7080
+	B300                           = 0x12c
+	B38400                         = 0x9600
+	B460800                        = 0x70800
+	B4800                          = 0x12c0
+	B50                            = 0x32
+	B57600                         = 0xe100
+	B600                           = 0x258
+	B7200                          = 0x1c20
+	B75                            = 0x4b
+	B76800                         = 0x12c00
+	B921600                        = 0xe1000
+	B9600                          = 0x2580
+	BIOCFEEDBACK                   = 0x8004427c
+	BIOCFLUSH                      = 0x20004268
+	BIOCGBLEN                      = 0x40044266
+	BIOCGDIRECTION                 = 0x40044276
+	BIOCGDLT                       = 0x4004426a
+	BIOCGDLTLIST                   = 0xc0104279
+	BIOCGETBUFMODE                 = 0x4004427d
+	BIOCGETIF                      = 0x4020426b
+	BIOCGETZMAX                    = 0x4008427f
+	BIOCGHDRCMPLT                  = 0x40044274
+	BIOCGRSIG                      = 0x40044272
+	BIOCGRTIMEOUT                  = 0x4010426e
+	BIOCGSEESENT                   = 0x40044276
+	BIOCGSTATS                     = 0x4008426f
+	BIOCGTSTAMP                    = 0x40044283
+	BIOCIMMEDIATE                  = 0x80044270
+	BIOCLOCK                       = 0x2000427a
+	BIOCPROMISC                    = 0x20004269
+	BIOCROTZBUF                    = 0x40184280
+	BIOCSBLEN                      = 0xc0044266
+	BIOCSDIRECTION                 = 0x80044277
+	BIOCSDLT                       = 0x80044278
+	BIOCSETBUFMODE                 = 0x8004427e
+	BIOCSETF                       = 0x80104267
+	BIOCSETFNR                     = 0x80104282
+	BIOCSETIF                      = 0x8020426c
+	BIOCSETWF                      = 0x8010427b
+	BIOCSETZBUF                    = 0x80184281
+	BIOCSHDRCMPLT                  = 0x80044275
+	BIOCSRSIG                      = 0x80044273
+	BIOCSRTIMEOUT                  = 0x8010426d
+	BIOCSSEESENT                   = 0x80044277
+	BIOCSTSTAMP                    = 0x80044284
+	BIOCVERSION                    = 0x40044271
+	BPF_A                          = 0x10
+	BPF_ABS                        = 0x20
+	BPF_ADD                        = 0x0
+	BPF_ALIGNMENT                  = 0x8
+	BPF_ALU                        = 0x4
+	BPF_AND                        = 0x50
+	BPF_B                          = 0x10
+	BPF_BUFMODE_BUFFER             = 0x1
+	BPF_BUFMODE_ZBUF               = 0x2
+	BPF_DIV                        = 0x30
+	BPF_H                          = 0x8
+	BPF_IMM                        = 0x0
+	BPF_IND                        = 0x40
+	BPF_JA                         = 0x0
+	BPF_JEQ                        = 0x10
+	BPF_JGE                        = 0x30
+	BPF_JGT                        = 0x20
+	BPF_JMP                        = 0x5
+	BPF_JSET                       = 0x40
+	BPF_K                          = 0x0
+	BPF_LD                         = 0x0
+	BPF_LDX                        = 0x1
+	BPF_LEN                        = 0x80
+	BPF_LSH                        = 0x60
+	BPF_MAJOR_VERSION              = 0x1
+	BPF_MAXBUFSIZE                 = 0x80000
+	BPF_MAXINSNS                   = 0x200
+	BPF_MEM                        = 0x60
+	BPF_MEMWORDS                   = 0x10
+	BPF_MINBUFSIZE                 = 0x20
+	BPF_MINOR_VERSION              = 0x1
+	BPF_MISC                       = 0x7
+	BPF_MOD                        = 0x90
+	BPF_MSH                        = 0xa0
+	BPF_MUL                        = 0x20
+	BPF_NEG                        = 0x80
+	BPF_OR                         = 0x40
+	BPF_RELEASE                    = 0x30bb6
+	BPF_RET                        = 0x6
+	BPF_RSH                        = 0x70
+	BPF_ST                         = 0x2
+	BPF_STX                        = 0x3
+	BPF_SUB                        = 0x10
+	BPF_TAX                        = 0x0
+	BPF_TXA                        = 0x80
+	BPF_T_BINTIME                  = 0x2
+	BPF_T_BINTIME_FAST             = 0x102
+	BPF_T_BINTIME_MONOTONIC        = 0x202
+	BPF_T_BINTIME_MONOTONIC_FAST   = 0x302
+	BPF_T_FAST                     = 0x100
+	BPF_T_FLAG_MASK                = 0x300
+	BPF_T_FORMAT_MASK              = 0x3
+	BPF_T_MICROTIME                = 0x0
+	BPF_T_MICROTIME_FAST           = 0x100
+	BPF_T_MICROTIME_MONOTONIC      = 0x200
+	BPF_T_MICROTIME_MONOTONIC_FAST = 0x300
+	BPF_T_MONOTONIC                = 0x200
+	BPF_T_MONOTONIC_FAST           = 0x300
+	BPF_T_NANOTIME                 = 0x1
+	BPF_T_NANOTIME_FAST            = 0x101
+	BPF_T_NANOTIME_MONOTONIC       = 0x201
+	BPF_T_NANOTIME_MONOTONIC_FAST  = 0x301
+	BPF_T_NONE                     = 0x3
+	BPF_T_NORMAL                   = 0x0
+	BPF_W                          = 0x0
+	BPF_X                          = 0x8
+	BPF_XOR                        = 0xa0
+	BRKINT                         = 0x2
+	CAP_ACCEPT                     = 0x200000020000000
+	CAP_ACL_CHECK                  = 0x400000000010000
+	CAP_ACL_DELETE                 = 0x400000000020000
+	CAP_ACL_GET                    = 0x400000000040000
+	CAP_ACL_SET                    = 0x400000000080000
+	CAP_ALL0                       = 0x20007ffffffffff
+	CAP_ALL1                       = 0x4000000001fffff
+	CAP_BIND                       = 0x200000040000000
+	CAP_BINDAT                     = 0x200008000000400
+	CAP_CHFLAGSAT                  = 0x200000000001400
+	CAP_CONNECT                    = 0x200000080000000
+	CAP_CONNECTAT                  = 0x200010000000400
+	CAP_CREATE                     = 0x200000000000040
+	CAP_EVENT                      = 0x400000000000020
+	CAP_EXTATTR_DELETE             = 0x400000000001000
+	CAP_EXTATTR_GET                = 0x400000000002000
+	CAP_EXTATTR_LIST               = 0x400000000004000
+	CAP_EXTATTR_SET                = 0x400000000008000
+	CAP_FCHDIR                     = 0x200000000000800
+	CAP_FCHFLAGS                   = 0x200000000001000
+	CAP_FCHMOD                     = 0x200000000002000
+	CAP_FCHMODAT                   = 0x200000000002400
+	CAP_FCHOWN                     = 0x200000000004000
+	CAP_FCHOWNAT                   = 0x200000000004400
+	CAP_FCNTL                      = 0x200000000008000
+	CAP_FCNTL_ALL                  = 0x78
+	CAP_FCNTL_GETFL                = 0x8
+	CAP_FCNTL_GETOWN               = 0x20
+	CAP_FCNTL_SETFL                = 0x10
+	CAP_FCNTL_SETOWN               = 0x40
+	CAP_FEXECVE                    = 0x200000000000080
+	CAP_FLOCK                      = 0x200000000010000
+	CAP_FPATHCONF                  = 0x200000000020000
+	CAP_FSCK                       = 0x200000000040000
+	CAP_FSTAT                      = 0x200000000080000
+	CAP_FSTATAT                    = 0x200000000080400
+	CAP_FSTATFS                    = 0x200000000100000
+	CAP_FSYNC                      = 0x200000000000100
+	CAP_FTRUNCATE                  = 0x200000000000200
+	CAP_FUTIMES                    = 0x200000000200000
+	CAP_FUTIMESAT                  = 0x200000000200400
+	CAP_GETPEERNAME                = 0x200000100000000
+	CAP_GETSOCKNAME                = 0x200000200000000
+	CAP_GETSOCKOPT                 = 0x200000400000000
+	CAP_IOCTL                      = 0x400000000000080
+	CAP_IOCTLS_ALL                 = 0x7fffffffffffffff
+	CAP_KQUEUE                     = 0x400000000100040
+	CAP_KQUEUE_CHANGE              = 0x400000000100000
+	CAP_KQUEUE_EVENT               = 0x400000000000040
+	CAP_LINKAT_SOURCE              = 0x200020000000400
+	CAP_LINKAT_TARGET              = 0x200000000400400
+	CAP_LISTEN                     = 0x200000800000000
+	CAP_LOOKUP                     = 0x200000000000400
+	CAP_MAC_GET                    = 0x400000000000001
+	CAP_MAC_SET                    = 0x400000000000002
+	CAP_MKDIRAT                    = 0x200000000800400
+	CAP_MKFIFOAT                   = 0x200000001000400
+	CAP_MKNODAT                    = 0x200000002000400
+	CAP_MMAP                       = 0x200000000000010
+	CAP_MMAP_R                     = 0x20000000000001d
+	CAP_MMAP_RW                    = 0x20000000000001f
+	CAP_MMAP_RWX                   = 0x20000000000003f
+	CAP_MMAP_RX                    = 0x20000000000003d
+	CAP_MMAP_W                     = 0x20000000000001e
+	CAP_MMAP_WX                    = 0x20000000000003e
+	CAP_MMAP_X                     = 0x20000000000003c
+	CAP_PDGETPID                   = 0x400000000000200
+	CAP_PDKILL                     = 0x400000000000800
+	CAP_PDWAIT                     = 0x400000000000400
+	CAP_PEELOFF                    = 0x200001000000000
+	CAP_POLL_EVENT                 = 0x400000000000020
+	CAP_PREAD                      = 0x20000000000000d
+	CAP_PWRITE                     = 0x20000000000000e
+	CAP_READ                       = 0x200000000000001
+	CAP_RECV                       = 0x200000000000001
+	CAP_RENAMEAT_SOURCE            = 0x200000004000400
+	CAP_RENAMEAT_TARGET            = 0x200040000000400
+	CAP_RIGHTS_VERSION             = 0x0
+	CAP_RIGHTS_VERSION_00          = 0x0
+	CAP_SEEK                       = 0x20000000000000c
+	CAP_SEEK_TELL                  = 0x200000000000004
+	CAP_SEM_GETVALUE               = 0x400000000000004
+	CAP_SEM_POST                   = 0x400000000000008
+	CAP_SEM_WAIT                   = 0x400000000000010
+	CAP_SEND                       = 0x200000000000002
+	CAP_SETSOCKOPT                 = 0x200002000000000
+	CAP_SHUTDOWN                   = 0x200004000000000
+	CAP_SOCK_CLIENT                = 0x200007780000003
+	CAP_SOCK_SERVER                = 0x200007f60000003
+	CAP_SYMLINKAT                  = 0x200000008000400
+	CAP_TTYHOOK                    = 0x400000000000100
+	CAP_UNLINKAT                   = 0x200000010000400
+	CAP_UNUSED0_44                 = 0x200080000000000
+	CAP_UNUSED0_57                 = 0x300000000000000
+	CAP_UNUSED1_22                 = 0x400000000200000
+	CAP_UNUSED1_57                 = 0x500000000000000
+	CAP_WRITE                      = 0x200000000000002
+	CFLUSH                         = 0xf
+	CLOCAL                         = 0x8000
+	CLOCK_MONOTONIC                = 0x4
+	CLOCK_MONOTONIC_FAST           = 0xc
+	CLOCK_MONOTONIC_PRECISE        = 0xb
+	CLOCK_PROCESS_CPUTIME_ID       = 0xf
+	CLOCK_PROF                     = 0x2
+	CLOCK_REALTIME                 = 0x0
+	CLOCK_REALTIME_FAST            = 0xa
+	CLOCK_REALTIME_PRECISE         = 0x9
+	CLOCK_SECOND                   = 0xd
+	CLOCK_THREAD_CPUTIME_ID        = 0xe
+	CLOCK_UPTIME                   = 0x5
+	CLOCK_UPTIME_FAST              = 0x8
+	CLOCK_UPTIME_PRECISE           = 0x7
+	CLOCK_VIRTUAL                  = 0x1
+	CPUSTATES                      = 0x5
+	CP_IDLE                        = 0x4
+	CP_INTR                        = 0x3
+	CP_NICE                        = 0x1
+	CP_SYS                         = 0x2
+	CP_USER                        = 0x0
+	CREAD                          = 0x800
+	CRTSCTS                        = 0x30000
+	CS5                            = 0x0
+	CS6                            = 0x100
+	CS7                            = 0x200
+	CS8                            = 0x300
+	CSIZE                          = 0x300
+	CSTART                         = 0x11
+	CSTATUS                        = 0x14
+	CSTOP                          = 0x13
+	CSTOPB                         = 0x400
+	CSUSP                          = 0x1a
+	CTL_HW                         = 0x6
+	CTL_KERN                       = 0x1
+	CTL_MAXNAME                    = 0x18
+	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc148648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x80506490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc080648f
+	DLT_A429                       = 0xb8
+	DLT_A653_ICM                   = 0xb9
+	DLT_AIRONET_HEADER             = 0x78
+	DLT_AOS                        = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394     = 0x8a
+	DLT_ARCNET                     = 0x7
+	DLT_ARCNET_LINUX               = 0x81
+	DLT_ATM_CLIP                   = 0x13
+	DLT_ATM_RFC1483                = 0xb
+	DLT_AURORA                     = 0x7e
+	DLT_AX25                       = 0x3
+	DLT_AX25_KISS                  = 0xca
+	DLT_BACNET_MS_TP               = 0xa5
+	DLT_BLUETOOTH_BREDR_BB         = 0xff
+	DLT_BLUETOOTH_HCI_H4           = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR = 0xc9
+	DLT_BLUETOOTH_LE_LL            = 0xfb
+	DLT_BLUETOOTH_LE_LL_WITH_PHDR  = 0x100
+	DLT_BLUETOOTH_LINUX_MONITOR    = 0xfe
+	DLT_CAN20B                     = 0xbe
+	DLT_CAN_SOCKETCAN              = 0xe3
+	DLT_CHAOS                      = 0x5
+	DLT_CHDLC                      = 0x68
+	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
+	DLT_C_HDLC                     = 0x68
+	DLT_C_HDLC_WITH_DIR            = 0xcd
+	DLT_DBUS                       = 0xe7
+	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
+	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
+	DLT_DVB_CI                     = 0xeb
+	DLT_ECONET                     = 0x73
+	DLT_EN10MB                     = 0x1
+	DLT_EN3MB                      = 0x2
+	DLT_ENC                        = 0x6d
+	DLT_EPON                       = 0x103
+	DLT_ERF                        = 0xc5
+	DLT_ERF_ETH                    = 0xaf
+	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
+	DLT_FC_2                       = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
+	DLT_FDDI                       = 0xa
+	DLT_FLEXRAY                    = 0xd2
+	DLT_FRELAY                     = 0x6b
+	DLT_FRELAY_WITH_DIR            = 0xce
+	DLT_GCOM_SERIAL                = 0xad
+	DLT_GCOM_T1E1                  = 0xac
+	DLT_GPF_F                      = 0xab
+	DLT_GPF_T                      = 0xaa
+	DLT_GPRS_LLC                   = 0xa9
+	DLT_GSMTAP_ABIS                = 0xda
+	DLT_GSMTAP_UM                  = 0xd9
+	DLT_IBM_SN                     = 0x92
+	DLT_IBM_SP                     = 0x91
+	DLT_IEEE802                    = 0x6
+	DLT_IEEE802_11                 = 0x69
+	DLT_IEEE802_11_RADIO           = 0x7f
+	DLT_IEEE802_11_RADIO_AVS       = 0xa3
+	DLT_IEEE802_15_4               = 0xc3
+	DLT_IEEE802_15_4_LINUX         = 0xbf
+	DLT_IEEE802_15_4_NOFCS         = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY    = 0xd7
+	DLT_IEEE802_16_MAC_CPS         = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO   = 0xc1
+	DLT_INFINIBAND                 = 0xf7
+	DLT_IPFILTER                   = 0x74
+	DLT_IPMB                       = 0xc7
+	DLT_IPMB_LINUX                 = 0xd1
+	DLT_IPMI_HPM_2                 = 0x104
+	DLT_IPNET                      = 0xe2
+	DLT_IPOIB                      = 0xf2
+	DLT_IPV4                       = 0xe4
+	DLT_IPV6                       = 0xe5
+	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
+	DLT_JUNIPER_ATM1               = 0x89
+	DLT_JUNIPER_ATM2               = 0x87
+	DLT_JUNIPER_ATM_CEMIC          = 0xee
+	DLT_JUNIPER_CHDLC              = 0xb5
+	DLT_JUNIPER_ES                 = 0x84
+	DLT_JUNIPER_ETHER              = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL       = 0xea
+	DLT_JUNIPER_FRELAY             = 0xb4
+	DLT_JUNIPER_GGSN               = 0x85
+	DLT_JUNIPER_ISM                = 0xc2
+	DLT_JUNIPER_MFR                = 0x86
+	DLT_JUNIPER_MLFR               = 0x83
+	DLT_JUNIPER_MLPPP              = 0x82
+	DLT_JUNIPER_MONITOR            = 0xa4
+	DLT_JUNIPER_PIC_PEER           = 0xae
+	DLT_JUNIPER_PPP                = 0xb3
+	DLT_JUNIPER_PPPOE              = 0xa7
+	DLT_JUNIPER_PPPOE_ATM          = 0xa8
+	DLT_JUNIPER_SERVICES           = 0x88
+	DLT_JUNIPER_SRX_E2E            = 0xe9
+	DLT_JUNIPER_ST                 = 0xc8
+	DLT_JUNIPER_VP                 = 0xb7
+	DLT_JUNIPER_VS                 = 0xe8
+	DLT_LAPB_WITH_DIR              = 0xcf
+	DLT_LAPD                       = 0xcb
+	DLT_LIN                        = 0xd4
+	DLT_LINUX_EVDEV                = 0xd8
+	DLT_LINUX_IRDA                 = 0x90
+	DLT_LINUX_LAPD                 = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
+	DLT_LINUX_SLL                  = 0x71
+	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
+	DLT_LTALK                      = 0x72
+	DLT_MATCHING_MAX               = 0x113
+	DLT_MATCHING_MIN               = 0x68
+	DLT_MFR                        = 0xb6
+	DLT_MOST                       = 0xd3
+	DLT_MPEG_2_TS                  = 0xf3
+	DLT_MPLS                       = 0xdb
+	DLT_MTP2                       = 0x8c
+	DLT_MTP2_WITH_PHDR             = 0x8b
+	DLT_MTP3                       = 0x8d
+	DLT_MUX27010                   = 0xec
+	DLT_NETANALYZER                = 0xf0
+	DLT_NETANALYZER_TRANSPARENT    = 0xf1
+	DLT_NETLINK                    = 0xfd
+	DLT_NFC_LLCP                   = 0xf5
+	DLT_NFLOG                      = 0xef
+	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
+	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
+	DLT_PCI_EXP                    = 0x7d
+	DLT_PFLOG                      = 0x75
+	DLT_PFSYNC                     = 0x79
+	DLT_PKTAP                      = 0x102
+	DLT_PPI                        = 0xc0
+	DLT_PPP                        = 0x9
+	DLT_PPP_BSDOS                  = 0xe
+	DLT_PPP_ETHER                  = 0x33
+	DLT_PPP_PPPD                   = 0xa6
+	DLT_PPP_SERIAL                 = 0x32
+	DLT_PPP_WITH_DIR               = 0xcc
+	DLT_PPP_WITH_DIRECTION         = 0xa6
+	DLT_PRISM_HEADER               = 0x77
+	DLT_PROFIBUS_DL                = 0x101
+	DLT_PRONET                     = 0x4
+	DLT_RAIF1                      = 0xc6
+	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
+	DLT_RIO                        = 0x7c
+	DLT_RTAC_SERIAL                = 0xfa
+	DLT_SCCP                       = 0x8e
+	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
+	DLT_SITA                       = 0xc4
+	DLT_SLIP                       = 0x8
+	DLT_SLIP_BSDOS                 = 0xd
+	DLT_STANAG_5066_D_PDU          = 0xed
+	DLT_SUNATM                     = 0x7b
+	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
+	DLT_TZSP                       = 0x80
+	DLT_USB                        = 0xba
+	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
+	DLT_USB_LINUX                  = 0xbd
+	DLT_USB_LINUX_MMAPPED          = 0xdc
+	DLT_USER0                      = 0x93
+	DLT_USER1                      = 0x94
+	DLT_USER10                     = 0x9d
+	DLT_USER11                     = 0x9e
+	DLT_USER12                     = 0x9f
+	DLT_USER13                     = 0xa0
+	DLT_USER14                     = 0xa1
+	DLT_USER15                     = 0xa2
+	DLT_USER2                      = 0x95
+	DLT_USER3                      = 0x96
+	DLT_USER4                      = 0x97
+	DLT_USER5                      = 0x98
+	DLT_USER6                      = 0x99
+	DLT_USER7                      = 0x9a
+	DLT_USER8                      = 0x9b
+	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
+	DLT_WIHART                     = 0xdf
+	DLT_WIRESHARK_UPPER_PDU        = 0xfc
+	DLT_X2E_SERIAL                 = 0xd5
+	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
+	DT_BLK                         = 0x6
+	DT_CHR                         = 0x2
+	DT_DIR                         = 0x4
+	DT_FIFO                        = 0x1
+	DT_LNK                         = 0xa
+	DT_REG                         = 0x8
+	DT_SOCK                        = 0xc
+	DT_UNKNOWN                     = 0x0
+	DT_WHT                         = 0xe
+	ECHO                           = 0x8
+	ECHOCTL                        = 0x40
+	ECHOE                          = 0x2
+	ECHOK                          = 0x4
+	ECHOKE                         = 0x1
+	ECHONL                         = 0x10
+	ECHOPRT                        = 0x20
+	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
+	EVFILT_FS                      = -0x9
+	EVFILT_LIO                     = -0xa
+	EVFILT_PROC                    = -0x5
+	EVFILT_PROCDESC                = -0x8
+	EVFILT_READ                    = -0x1
+	EVFILT_SENDFILE                = -0xc
+	EVFILT_SIGNAL                  = -0x6
+	EVFILT_SYSCOUNT                = 0xd
+	EVFILT_TIMER                   = -0x7
+	EVFILT_USER                    = -0xb
+	EVFILT_VNODE                   = -0x4
+	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
+	EV_ADD                         = 0x1
+	EV_CLEAR                       = 0x20
+	EV_DELETE                      = 0x2
+	EV_DISABLE                     = 0x8
+	EV_DISPATCH                    = 0x80
+	EV_DROP                        = 0x1000
+	EV_ENABLE                      = 0x4
+	EV_EOF                         = 0x8000
+	EV_ERROR                       = 0x4000
+	EV_FLAG1                       = 0x2000
+	EV_FLAG2                       = 0x4000
+	EV_FORCEONESHOT                = 0x100
+	EV_ONESHOT                     = 0x10
+	EV_RECEIPT                     = 0x40
+	EV_SYSFLAGS                    = 0xf000
+	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
+	EXTATTR_NAMESPACE_EMPTY        = 0x0
+	EXTATTR_NAMESPACE_SYSTEM       = 0x2
+	EXTATTR_NAMESPACE_USER         = 0x1
+	EXTB                           = 0x9600
+	EXTPROC                        = 0x800
+	FD_CLOEXEC                     = 0x1
+	FD_SETSIZE                     = 0x400
+	FLUSHO                         = 0x800000
+	F_CANCEL                       = 0x5
+	F_DUP2FD                       = 0xa
+	F_DUP2FD_CLOEXEC               = 0x12
+	F_DUPFD                        = 0x0
+	F_DUPFD_CLOEXEC                = 0x11
+	F_GETFD                        = 0x1
+	F_GETFL                        = 0x3
+	F_GETLK                        = 0xb
+	F_GETOWN                       = 0x5
+	F_OGETLK                       = 0x7
+	F_OK                           = 0x0
+	F_OSETLK                       = 0x8
+	F_OSETLKW                      = 0x9
+	F_RDAHEAD                      = 0x10
+	F_RDLCK                        = 0x1
+	F_READAHEAD                    = 0xf
+	F_SETFD                        = 0x2
+	F_SETFL                        = 0x4
+	F_SETLK                        = 0xc
+	F_SETLKW                       = 0xd
+	F_SETLK_REMOTE                 = 0xe
+	F_SETOWN                       = 0x6
+	F_UNLCK                        = 0x2
+	F_UNLCKSYS                     = 0x4
+	F_WRLCK                        = 0x3
+	HUPCL                          = 0x4000
+	HW_MACHINE                     = 0x1
+	ICANON                         = 0x100
+	ICMP6_FILTER                   = 0x12
+	ICRNL                          = 0x100
+	IEXTEN                         = 0x400
+	IFAN_ARRIVAL                   = 0x0
+	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
+	IFF_ALLMULTI                   = 0x200
+	IFF_ALTPHYS                    = 0x4000
+	IFF_BROADCAST                  = 0x2
+	IFF_CANTCHANGE                 = 0x218f52
+	IFF_CANTCONFIG                 = 0x10000
+	IFF_DEBUG                      = 0x4
+	IFF_DRV_OACTIVE                = 0x400
+	IFF_DRV_RUNNING                = 0x40
+	IFF_DYING                      = 0x200000
+	IFF_LINK0                      = 0x1000
+	IFF_LINK1                      = 0x2000
+	IFF_LINK2                      = 0x4000
+	IFF_LOOPBACK                   = 0x8
+	IFF_MONITOR                    = 0x40000
+	IFF_MULTICAST                  = 0x8000
+	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
+	IFF_OACTIVE                    = 0x400
+	IFF_POINTOPOINT                = 0x10
+	IFF_PPROMISC                   = 0x20000
+	IFF_PROMISC                    = 0x100
+	IFF_RENAMING                   = 0x400000
+	IFF_RUNNING                    = 0x40
+	IFF_SIMPLEX                    = 0x800
+	IFF_STATICARP                  = 0x80000
+	IFF_UP                         = 0x1
+	IFNAMSIZ                       = 0x10
+	IFT_BRIDGE                     = 0xd1
+	IFT_CARP                       = 0xf8
+	IFT_IEEE1394                   = 0x90
+	IFT_INFINIBAND                 = 0xc7
+	IFT_L2VLAN                     = 0x87
+	IFT_L3IPVLAN                   = 0x88
+	IFT_PPP                        = 0x17
+	IFT_PROPVIRTUAL                = 0x35
+	IGNBRK                         = 0x1
+	IGNCR                          = 0x80
+	IGNPAR                         = 0x4
+	IMAXBEL                        = 0x2000
+	INLCR                          = 0x40
+	INPCK                          = 0x10
+	IN_CLASSA_HOST                 = 0xffffff
+	IN_CLASSA_MAX                  = 0x80
+	IN_CLASSA_NET                  = 0xff000000
+	IN_CLASSA_NSHIFT               = 0x18
+	IN_CLASSB_HOST                 = 0xffff
+	IN_CLASSB_MAX                  = 0x10000
+	IN_CLASSB_NET                  = 0xffff0000
+	IN_CLASSB_NSHIFT               = 0x10
+	IN_CLASSC_HOST                 = 0xff
+	IN_CLASSC_NET                  = 0xffffff00
+	IN_CLASSC_NSHIFT               = 0x8
+	IN_CLASSD_HOST                 = 0xfffffff
+	IN_CLASSD_NET                  = 0xf0000000
+	IN_CLASSD_NSHIFT               = 0x1c
+	IN_LOOPBACKNET                 = 0x7f
+	IN_RFC3021_MASK                = 0xfffffffe
+	IPPROTO_3PC                    = 0x22
+	IPPROTO_ADFS                   = 0x44
+	IPPROTO_AH                     = 0x33
+	IPPROTO_AHIP                   = 0x3d
+	IPPROTO_APES                   = 0x63
+	IPPROTO_ARGUS                  = 0xd
+	IPPROTO_AX25                   = 0x5d
+	IPPROTO_BHA                    = 0x31
+	IPPROTO_BLT                    = 0x1e
+	IPPROTO_BRSATMON               = 0x4c
+	IPPROTO_CARP                   = 0x70
+	IPPROTO_CFTP                   = 0x3e
+	IPPROTO_CHAOS                  = 0x10
+	IPPROTO_CMTP                   = 0x26
+	IPPROTO_CPHB                   = 0x49
+	IPPROTO_CPNX                   = 0x48
+	IPPROTO_DDP                    = 0x25
+	IPPROTO_DGP                    = 0x56
+	IPPROTO_DIVERT                 = 0x102
+	IPPROTO_DONE                   = 0x101
+	IPPROTO_DSTOPTS                = 0x3c
+	IPPROTO_EGP                    = 0x8
+	IPPROTO_EMCON                  = 0xe
+	IPPROTO_ENCAP                  = 0x62
+	IPPROTO_EON                    = 0x50
+	IPPROTO_ESP                    = 0x32
+	IPPROTO_ETHERIP                = 0x61
+	IPPROTO_FRAGMENT               = 0x2c
+	IPPROTO_GGP                    = 0x3
+	IPPROTO_GMTP                   = 0x64
+	IPPROTO_GRE                    = 0x2f
+	IPPROTO_HELLO                  = 0x3f
+	IPPROTO_HIP                    = 0x8b
+	IPPROTO_HMP                    = 0x14
+	IPPROTO_HOPOPTS                = 0x0
+	IPPROTO_ICMP                   = 0x1
+	IPPROTO_ICMPV6                 = 0x3a
+	IPPROTO_IDP                    = 0x16
+	IPPROTO_IDPR                   = 0x23
+	IPPROTO_IDRP                   = 0x2d
+	IPPROTO_IGMP                   = 0x2
+	IPPROTO_IGP                    = 0x55
+	IPPROTO_IGRP                   = 0x58
+	IPPROTO_IL                     = 0x28
+	IPPROTO_INLSP                  = 0x34
+	IPPROTO_INP                    = 0x20
+	IPPROTO_IP                     = 0x0
+	IPPROTO_IPCOMP                 = 0x6c
+	IPPROTO_IPCV                   = 0x47
+	IPPROTO_IPEIP                  = 0x5e
+	IPPROTO_IPIP                   = 0x4
+	IPPROTO_IPPC                   = 0x43
+	IPPROTO_IPV4                   = 0x4
+	IPPROTO_IPV6                   = 0x29
+	IPPROTO_IRTP                   = 0x1c
+	IPPROTO_KRYPTOLAN              = 0x41
+	IPPROTO_LARP                   = 0x5b
+	IPPROTO_LEAF1                  = 0x19
+	IPPROTO_LEAF2                  = 0x1a
+	IPPROTO_MAX                    = 0x100
+	IPPROTO_MEAS                   = 0x13
+	IPPROTO_MH                     = 0x87
+	IPPROTO_MHRP                   = 0x30
+	IPPROTO_MICP                   = 0x5f
+	IPPROTO_MOBILE                 = 0x37
+	IPPROTO_MPLS                   = 0x89
+	IPPROTO_MTP                    = 0x5c
+	IPPROTO_MUX                    = 0x12
+	IPPROTO_ND                     = 0x4d
+	IPPROTO_NHRP                   = 0x36
+	IPPROTO_NONE                   = 0x3b
+	IPPROTO_NSP                    = 0x1f
+	IPPROTO_NVPII                  = 0xb
+	IPPROTO_OLD_DIVERT             = 0xfe
+	IPPROTO_OSPFIGP                = 0x59
+	IPPROTO_PFSYNC                 = 0xf0
+	IPPROTO_PGM                    = 0x71
+	IPPROTO_PIGP                   = 0x9
+	IPPROTO_PIM                    = 0x67
+	IPPROTO_PRM                    = 0x15
+	IPPROTO_PUP                    = 0xc
+	IPPROTO_PVP                    = 0x4b
+	IPPROTO_RAW                    = 0xff
+	IPPROTO_RCCMON                 = 0xa
+	IPPROTO_RDP                    = 0x1b
+	IPPROTO_RESERVED_253           = 0xfd
+	IPPROTO_RESERVED_254           = 0xfe
+	IPPROTO_ROUTING                = 0x2b
+	IPPROTO_RSVP                   = 0x2e
+	IPPROTO_RVD                    = 0x42
+	IPPROTO_SATEXPAK               = 0x40
+	IPPROTO_SATMON                 = 0x45
+	IPPROTO_SCCSP                  = 0x60
+	IPPROTO_SCTP                   = 0x84
+	IPPROTO_SDRP                   = 0x2a
+	IPPROTO_SEND                   = 0x103
+	IPPROTO_SEP                    = 0x21
+	IPPROTO_SHIM6                  = 0x8c
+	IPPROTO_SKIP                   = 0x39
+	IPPROTO_SPACER                 = 0x7fff
+	IPPROTO_SRPC                   = 0x5a
+	IPPROTO_ST                     = 0x7
+	IPPROTO_SVMTP                  = 0x52
+	IPPROTO_SWIPE                  = 0x35
+	IPPROTO_TCF                    = 0x57
+	IPPROTO_TCP                    = 0x6
+	IPPROTO_TLSP                   = 0x38
+	IPPROTO_TP                     = 0x1d
+	IPPROTO_TPXX                   = 0x27
+	IPPROTO_TRUNK1                 = 0x17
+	IPPROTO_TRUNK2                 = 0x18
+	IPPROTO_TTP                    = 0x54
+	IPPROTO_UDP                    = 0x11
+	IPPROTO_UDPLITE                = 0x88
+	IPPROTO_VINES                  = 0x53
+	IPPROTO_VISA                   = 0x46
+	IPPROTO_VMTP                   = 0x51
+	IPPROTO_WBEXPAK                = 0x4f
+	IPPROTO_WBMON                  = 0x4e
+	IPPROTO_WSN                    = 0x4a
+	IPPROTO_XNET                   = 0xf
+	IPPROTO_XTP                    = 0x24
+	IPV6_AUTOFLOWLABEL             = 0x3b
+	IPV6_BINDANY                   = 0x40
+	IPV6_BINDMULTI                 = 0x41
+	IPV6_BINDV6ONLY                = 0x1b
+	IPV6_CHECKSUM                  = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS    = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP    = 0x1
+	IPV6_DEFHLIM                   = 0x40
+	IPV6_DONTFRAG                  = 0x3e
+	IPV6_DSTOPTS                   = 0x32
+	IPV6_FLOWID                    = 0x43
+	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
+	IPV6_FLOWLABEL_MASK            = 0xffff0f00
+	IPV6_FLOWTYPE                  = 0x44
+	IPV6_FRAGTTL                   = 0x78
+	IPV6_FW_ADD                    = 0x1e
+	IPV6_FW_DEL                    = 0x1f
+	IPV6_FW_FLUSH                  = 0x20
+	IPV6_FW_GET                    = 0x22
+	IPV6_FW_ZERO                   = 0x21
+	IPV6_HLIMDEC                   = 0x1
+	IPV6_HOPLIMIT                  = 0x2f
+	IPV6_HOPOPTS                   = 0x31
+	IPV6_IPSEC_POLICY              = 0x1c
+	IPV6_JOIN_GROUP                = 0xc
+	IPV6_LEAVE_GROUP               = 0xd
+	IPV6_MAXHLIM                   = 0xff
+	IPV6_MAXOPTHDR                 = 0x800
+	IPV6_MAXPACKET                 = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
+	IPV6_MAX_MEMBERSHIPS           = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
+	IPV6_MMTU                      = 0x500
+	IPV6_MSFILTER                  = 0x4a
+	IPV6_MULTICAST_HOPS            = 0xa
+	IPV6_MULTICAST_IF              = 0x9
+	IPV6_MULTICAST_LOOP            = 0xb
+	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
+	IPV6_PATHMTU                   = 0x2c
+	IPV6_PKTINFO                   = 0x2e
+	IPV6_PORTRANGE                 = 0xe
+	IPV6_PORTRANGE_DEFAULT         = 0x0
+	IPV6_PORTRANGE_HIGH            = 0x1
+	IPV6_PORTRANGE_LOW             = 0x2
+	IPV6_PREFER_TEMPADDR           = 0x3f
+	IPV6_RECVDSTOPTS               = 0x28
+	IPV6_RECVFLOWID                = 0x46
+	IPV6_RECVHOPLIMIT              = 0x25
+	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
+	IPV6_RECVPATHMTU               = 0x2b
+	IPV6_RECVPKTINFO               = 0x24
+	IPV6_RECVRSSBUCKETID           = 0x47
+	IPV6_RECVRTHDR                 = 0x26
+	IPV6_RECVTCLASS                = 0x39
+	IPV6_RSSBUCKETID               = 0x45
+	IPV6_RSS_LISTEN_BUCKET         = 0x42
+	IPV6_RTHDR                     = 0x33
+	IPV6_RTHDRDSTOPTS              = 0x23
+	IPV6_RTHDR_LOOSE               = 0x0
+	IPV6_RTHDR_STRICT              = 0x1
+	IPV6_RTHDR_TYPE_0              = 0x0
+	IPV6_SOCKOPT_RESERVED1         = 0x3
+	IPV6_TCLASS                    = 0x3d
+	IPV6_UNICAST_HOPS              = 0x4
+	IPV6_USE_MIN_MTU               = 0x2a
+	IPV6_V6ONLY                    = 0x1b
+	IPV6_VERSION                   = 0x60
+	IPV6_VERSION_MASK              = 0xf0
+	IP_ADD_MEMBERSHIP              = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP       = 0x46
+	IP_BINDANY                     = 0x18
+	IP_BINDMULTI                   = 0x19
+	IP_BLOCK_SOURCE                = 0x48
+	IP_DEFAULT_MULTICAST_LOOP      = 0x1
+	IP_DEFAULT_MULTICAST_TTL       = 0x1
+	IP_DF                          = 0x4000
+	IP_DONTFRAG                    = 0x43
+	IP_DROP_MEMBERSHIP             = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP      = 0x47
+	IP_DUMMYNET3                   = 0x31
+	IP_DUMMYNET_CONFIGURE          = 0x3c
+	IP_DUMMYNET_DEL                = 0x3d
+	IP_DUMMYNET_FLUSH              = 0x3e
+	IP_DUMMYNET_GET                = 0x40
+	IP_FLOWID                      = 0x5a
+	IP_FLOWTYPE                    = 0x5b
+	IP_FW3                         = 0x30
+	IP_FW_ADD                      = 0x32
+	IP_FW_DEL                      = 0x33
+	IP_FW_FLUSH                    = 0x34
+	IP_FW_GET                      = 0x36
+	IP_FW_NAT_CFG                  = 0x38
+	IP_FW_NAT_DEL                  = 0x39
+	IP_FW_NAT_GET_CONFIG           = 0x3a
+	IP_FW_NAT_GET_LOG              = 0x3b
+	IP_FW_RESETLOG                 = 0x37
+	IP_FW_TABLE_ADD                = 0x28
+	IP_FW_TABLE_DEL                = 0x29
+	IP_FW_TABLE_FLUSH              = 0x2a
+	IP_FW_TABLE_GETSIZE            = 0x2b
+	IP_FW_TABLE_LIST               = 0x2c
+	IP_FW_ZERO                     = 0x35
+	IP_HDRINCL                     = 0x2
+	IP_IPSEC_POLICY                = 0x15
+	IP_MAXPACKET                   = 0xffff
+	IP_MAX_GROUP_SRC_FILTER        = 0x200
+	IP_MAX_MEMBERSHIPS             = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER        = 0x80
+	IP_MAX_SOCK_SRC_FILTER         = 0x80
+	IP_MF                          = 0x2000
+	IP_MINTTL                      = 0x42
+	IP_MSFILTER                    = 0x4a
+	IP_MSS                         = 0x240
+	IP_MULTICAST_IF                = 0x9
+	IP_MULTICAST_LOOP              = 0xb
+	IP_MULTICAST_TTL               = 0xa
+	IP_MULTICAST_VIF               = 0xe
+	IP_OFFMASK                     = 0x1fff
+	IP_ONESBCAST                   = 0x17
+	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
+	IP_PORTRANGE                   = 0x13
+	IP_PORTRANGE_DEFAULT           = 0x0
+	IP_PORTRANGE_HIGH              = 0x1
+	IP_PORTRANGE_LOW               = 0x2
+	IP_RECVDSTADDR                 = 0x7
+	IP_RECVFLOWID                  = 0x5d
+	IP_RECVIF                      = 0x14
+	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
+	IP_RECVRETOPTS                 = 0x6
+	IP_RECVRSSBUCKETID             = 0x5e
+	IP_RECVTOS                     = 0x44
+	IP_RECVTTL                     = 0x41
+	IP_RETOPTS                     = 0x8
+	IP_RF                          = 0x8000
+	IP_RSSBUCKETID                 = 0x5c
+	IP_RSS_LISTEN_BUCKET           = 0x1a
+	IP_RSVP_OFF                    = 0x10
+	IP_RSVP_ON                     = 0xf
+	IP_RSVP_VIF_OFF                = 0x12
+	IP_RSVP_VIF_ON                 = 0x11
+	IP_SENDSRCADDR                 = 0x7
+	IP_TOS                         = 0x3
+	IP_TTL                         = 0x4
+	IP_UNBLOCK_SOURCE              = 0x49
+	ISIG                           = 0x80
+	ISTRIP                         = 0x20
+	IXANY                          = 0x800
+	IXOFF                          = 0x400
+	IXON                           = 0x200
+	KERN_HOSTNAME                  = 0xa
+	KERN_OSRELEASE                 = 0x2
+	KERN_OSTYPE                    = 0x1
+	KERN_VERSION                   = 0x4
+	LOCAL_CONNWAIT                 = 0x4
+	LOCAL_CREDS                    = 0x2
+	LOCAL_CREDS_PERSISTENT         = 0x3
+	LOCAL_PEERCRED                 = 0x1
+	LOCAL_VENDOR                   = 0x80000000
+	LOCK_EX                        = 0x2
+	LOCK_NB                        = 0x4
+	LOCK_SH                        = 0x1
+	LOCK_UN                        = 0x8
+	MADV_AUTOSYNC                  = 0x7
+	MADV_CORE                      = 0x9
+	MADV_DONTNEED                  = 0x4
+	MADV_FREE                      = 0x5
+	MADV_NOCORE                    = 0x8
+	MADV_NORMAL                    = 0x0
+	MADV_NOSYNC                    = 0x6
+	MADV_PROTECT                   = 0xa
+	MADV_RANDOM                    = 0x1
+	MADV_SEQUENTIAL                = 0x2
+	MADV_WILLNEED                  = 0x3
+	MAP_32BIT                      = 0x80000
+	MAP_ALIGNED_SUPER              = 0x1000000
+	MAP_ALIGNMENT_MASK             = -0x1000000
+	MAP_ALIGNMENT_SHIFT            = 0x18
+	MAP_ANON                       = 0x1000
+	MAP_ANONYMOUS                  = 0x1000
+	MAP_COPY                       = 0x2
+	MAP_EXCL                       = 0x4000
+	MAP_FILE                       = 0x0
+	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
+	MAP_HASSEMAPHORE               = 0x200
+	MAP_NOCORE                     = 0x20000
+	MAP_NOSYNC                     = 0x800
+	MAP_PREFAULT_READ              = 0x40000
+	MAP_PRIVATE                    = 0x2
+	MAP_RESERVED0020               = 0x20
+	MAP_RESERVED0040               = 0x40
+	MAP_RESERVED0080               = 0x80
+	MAP_RESERVED0100               = 0x100
+	MAP_SHARED                     = 0x1
+	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
+	MCL_CURRENT                    = 0x1
+	MCL_FUTURE                     = 0x2
+	MNT_ACLS                       = 0x8000000
+	MNT_ASYNC                      = 0x40
+	MNT_AUTOMOUNTED                = 0x200000000
+	MNT_BYFSID                     = 0x8000000
+	MNT_CMDFLAGS                   = 0xd0f0000
+	MNT_DEFEXPORTED                = 0x200
+	MNT_DELEXPORT                  = 0x20000
+	MNT_EXKERB                     = 0x800
+	MNT_EXPORTANON                 = 0x400
+	MNT_EXPORTED                   = 0x100
+	MNT_EXPUBLIC                   = 0x20000000
+	MNT_EXRDONLY                   = 0x80
+	MNT_FORCE                      = 0x80000
+	MNT_GJOURNAL                   = 0x2000000
+	MNT_IGNORE                     = 0x800000
+	MNT_LAZY                       = 0x3
+	MNT_LOCAL                      = 0x1000
+	MNT_MULTILABEL                 = 0x4000000
+	MNT_NFS4ACLS                   = 0x10
+	MNT_NOATIME                    = 0x10000000
+	MNT_NOCLUSTERR                 = 0x40000000
+	MNT_NOCLUSTERW                 = 0x80000000
+	MNT_NOEXEC                     = 0x4
+	MNT_NONBUSY                    = 0x4000000
+	MNT_NOSUID                     = 0x8
+	MNT_NOSYMFOLLOW                = 0x400000
+	MNT_NOWAIT                     = 0x2
+	MNT_QUOTA                      = 0x2000
+	MNT_RDONLY                     = 0x1
+	MNT_RELOAD                     = 0x40000
+	MNT_ROOTFS                     = 0x4000
+	MNT_SNAPSHOT                   = 0x1000000
+	MNT_SOFTDEP                    = 0x200000
+	MNT_SUIDDIR                    = 0x100000
+	MNT_SUJ                        = 0x100000000
+	MNT_SUSPEND                    = 0x4
+	MNT_SYNCHRONOUS                = 0x2
+	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
+	MNT_UPDATE                     = 0x10000
+	MNT_UPDATEMASK                 = 0xad8d0807e
+	MNT_USER                       = 0x8000
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
+	MNT_WAIT                       = 0x1
+	MSG_CMSG_CLOEXEC               = 0x40000
+	MSG_COMPAT                     = 0x8000
+	MSG_CTRUNC                     = 0x20
+	MSG_DONTROUTE                  = 0x4
+	MSG_DONTWAIT                   = 0x80
+	MSG_EOF                        = 0x100
+	MSG_EOR                        = 0x8
+	MSG_NBIO                       = 0x4000
+	MSG_NOSIGNAL                   = 0x20000
+	MSG_NOTIFICATION               = 0x2000
+	MSG_OOB                        = 0x1
+	MSG_PEEK                       = 0x2
+	MSG_TRUNC                      = 0x10
+	MSG_WAITALL                    = 0x40
+	MSG_WAITFORONE                 = 0x80000
+	MS_ASYNC                       = 0x1
+	MS_INVALIDATE                  = 0x2
+	MS_SYNC                        = 0x0
+	NAME_MAX                       = 0xff
+	NET_RT_DUMP                    = 0x1
+	NET_RT_FLAGS                   = 0x2
+	NET_RT_IFLIST                  = 0x3
+	NET_RT_IFLISTL                 = 0x5
+	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x40
+	NOFLSH                         = 0x80000000
+	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
+	NOTE_ATTRIB                    = 0x8
+	NOTE_CHILD                     = 0x4
+	NOTE_CLOSE                     = 0x100
+	NOTE_CLOSE_WRITE               = 0x200
+	NOTE_DELETE                    = 0x1
+	NOTE_EXEC                      = 0x20000000
+	NOTE_EXIT                      = 0x80000000
+	NOTE_EXTEND                    = 0x4
+	NOTE_FFAND                     = 0x40000000
+	NOTE_FFCOPY                    = 0xc0000000
+	NOTE_FFCTRLMASK                = 0xc0000000
+	NOTE_FFLAGSMASK                = 0xffffff
+	NOTE_FFNOP                     = 0x0
+	NOTE_FFOR                      = 0x80000000
+	NOTE_FILE_POLL                 = 0x2
+	NOTE_FORK                      = 0x40000000
+	NOTE_LINK                      = 0x10
+	NOTE_LOWAT                     = 0x1
+	NOTE_MSECONDS                  = 0x2
+	NOTE_NSECONDS                  = 0x8
+	NOTE_OPEN                      = 0x80
+	NOTE_PCTRLMASK                 = 0xf0000000
+	NOTE_PDATAMASK                 = 0xfffff
+	NOTE_READ                      = 0x400
+	NOTE_RENAME                    = 0x20
+	NOTE_REVOKE                    = 0x40
+	NOTE_SECONDS                   = 0x1
+	NOTE_TRACK                     = 0x1
+	NOTE_TRACKERR                  = 0x2
+	NOTE_TRIGGER                   = 0x1000000
+	NOTE_USECONDS                  = 0x4
+	NOTE_WRITE                     = 0x2
+	OCRNL                          = 0x10
+	ONLCR                          = 0x2
+	ONLRET                         = 0x40
+	ONOCR                          = 0x20
+	ONOEOT                         = 0x8
+	OPOST                          = 0x1
+	OXTABS                         = 0x4
+	O_ACCMODE                      = 0x3
+	O_APPEND                       = 0x8
+	O_ASYNC                        = 0x40
+	O_CLOEXEC                      = 0x100000
+	O_CREAT                        = 0x200
+	O_DIRECT                       = 0x10000
+	O_DIRECTORY                    = 0x20000
+	O_EXCL                         = 0x800
+	O_EXEC                         = 0x40000
+	O_EXLOCK                       = 0x20
+	O_FSYNC                        = 0x80
+	O_NDELAY                       = 0x4
+	O_NOCTTY                       = 0x8000
+	O_NOFOLLOW                     = 0x100
+	O_NONBLOCK                     = 0x4
+	O_RDONLY                       = 0x0
+	O_RDWR                         = 0x2
+	O_SHLOCK                       = 0x10
+	O_SYNC                         = 0x80
+	O_TRUNC                        = 0x400
+	O_TTY_INIT                     = 0x80000
+	O_VERIFY                       = 0x200000
+	O_WRONLY                       = 0x1
+	PARENB                         = 0x1000
+	PARMRK                         = 0x8
+	PARODD                         = 0x2000
+	PENDIN                         = 0x20000000
+	PRIO_PGRP                      = 0x1
+	PRIO_PROCESS                   = 0x0
+	PRIO_USER                      = 0x2
+	PROT_EXEC                      = 0x4
+	PROT_NONE                      = 0x0
+	PROT_READ                      = 0x1
+	PROT_WRITE                     = 0x2
+	RLIMIT_AS                      = 0xa
+	RLIMIT_CORE                    = 0x4
+	RLIMIT_CPU                     = 0x0
+	RLIMIT_DATA                    = 0x2
+	RLIMIT_FSIZE                   = 0x1
+	RLIMIT_MEMLOCK                 = 0x6
+	RLIMIT_NOFILE                  = 0x8
+	RLIMIT_NPROC                   = 0x7
+	RLIMIT_RSS                     = 0x5
+	RLIMIT_STACK                   = 0x3
+	RLIM_INFINITY                  = 0x7fffffffffffffff
+	RTAX_AUTHOR                    = 0x6
+	RTAX_BRD                       = 0x7
+	RTAX_DST                       = 0x0
+	RTAX_GATEWAY                   = 0x1
+	RTAX_GENMASK                   = 0x3
+	RTAX_IFA                       = 0x5
+	RTAX_IFP                       = 0x4
+	RTAX_MAX                       = 0x8
+	RTAX_NETMASK                   = 0x2
+	RTA_AUTHOR                     = 0x40
+	RTA_BRD                        = 0x80
+	RTA_DST                        = 0x1
+	RTA_GATEWAY                    = 0x2
+	RTA_GENMASK                    = 0x8
+	RTA_IFA                        = 0x20
+	RTA_IFP                        = 0x10
+	RTA_NETMASK                    = 0x4
+	RTF_BLACKHOLE                  = 0x1000
+	RTF_BROADCAST                  = 0x400000
+	RTF_DONE                       = 0x40
+	RTF_DYNAMIC                    = 0x10
+	RTF_FIXEDMTU                   = 0x80000
+	RTF_FMASK                      = 0x1004d808
+	RTF_GATEWAY                    = 0x2
+	RTF_GWFLAG_COMPAT              = 0x80000000
+	RTF_HOST                       = 0x4
+	RTF_LLDATA                     = 0x400
+	RTF_LLINFO                     = 0x400
+	RTF_LOCAL                      = 0x200000
+	RTF_MODIFIED                   = 0x20
+	RTF_MULTICAST                  = 0x800000
+	RTF_PINNED                     = 0x100000
+	RTF_PROTO1                     = 0x8000
+	RTF_PROTO2                     = 0x4000
+	RTF_PROTO3                     = 0x40000
+	RTF_REJECT                     = 0x8
+	RTF_RNH_LOCKED                 = 0x40000000
+	RTF_STATIC                     = 0x800
+	RTF_STICKY                     = 0x10000000
+	RTF_UP                         = 0x1
+	RTF_XRESOLVE                   = 0x200
+	RTM_ADD                        = 0x1
+	RTM_CHANGE                     = 0x3
+	RTM_DELADDR                    = 0xd
+	RTM_DELETE                     = 0x2
+	RTM_DELMADDR                   = 0x10
+	RTM_GET                        = 0x4
+	RTM_IEEE80211                  = 0x12
+	RTM_IFANNOUNCE                 = 0x11
+	RTM_IFINFO                     = 0xe
+	RTM_LOCK                       = 0x8
+	RTM_LOSING                     = 0x5
+	RTM_MISS                       = 0x7
+	RTM_NEWADDR                    = 0xc
+	RTM_NEWMADDR                   = 0xf
+	RTM_REDIRECT                   = 0x6
+	RTM_RESOLVE                    = 0xb
+	RTM_RTTUNIT                    = 0xf4240
+	RTM_VERSION                    = 0x5
+	RTV_EXPIRE                     = 0x4
+	RTV_HOPCOUNT                   = 0x2
+	RTV_MTU                        = 0x1
+	RTV_RPIPE                      = 0x8
+	RTV_RTT                        = 0x40
+	RTV_RTTVAR                     = 0x80
+	RTV_SPIPE                      = 0x10
+	RTV_SSTHRESH                   = 0x20
+	RTV_WEIGHT                     = 0x100
+	RT_ALL_FIBS                    = -0x1
+	RT_BLACKHOLE                   = 0x40
+	RT_DEFAULT_FIB                 = 0x0
+	RT_HAS_GW                      = 0x80
+	RT_HAS_HEADER                  = 0x10
+	RT_HAS_HEADER_BIT              = 0x4
+	RT_L2_ME                       = 0x4
+	RT_L2_ME_BIT                   = 0x2
+	RT_LLE_CACHE                   = 0x100
+	RT_MAY_LOOP                    = 0x8
+	RT_MAY_LOOP_BIT                = 0x3
+	RT_REJECT                      = 0x20
+	RUSAGE_CHILDREN                = -0x1
+	RUSAGE_SELF                    = 0x0
+	RUSAGE_THREAD                  = 0x1
+	SCM_BINTIME                    = 0x4
+	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
+	SCM_RIGHTS                     = 0x1
+	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
+	SEEK_CUR                       = 0x1
+	SEEK_DATA                      = 0x3
+	SEEK_END                       = 0x2
+	SEEK_HOLE                      = 0x4
+	SEEK_SET                       = 0x0
+	SHUT_RD                        = 0x0
+	SHUT_RDWR                      = 0x2
+	SHUT_WR                        = 0x1
+	SIOCADDMULTI                   = 0x80206931
+	SIOCAIFADDR                    = 0x8040691a
+	SIOCAIFGROUP                   = 0x80286987
+	SIOCATMARK                     = 0x40047307
+	SIOCDELMULTI                   = 0x80206932
+	SIOCDIFADDR                    = 0x80206919
+	SIOCDIFGROUP                   = 0x80286989
+	SIOCDIFPHYADDR                 = 0x80206949
+	SIOCGDRVSPEC                   = 0xc028697b
+	SIOCGETSGCNT                   = 0xc0207210
+	SIOCGETVIFCNT                  = 0xc028720f
+	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
+	SIOCGI2C                       = 0xc020693d
+	SIOCGIFADDR                    = 0xc0206921
+	SIOCGIFBRDADDR                 = 0xc0206923
+	SIOCGIFCAP                     = 0xc020691f
+	SIOCGIFCONF                    = 0xc0106924
+	SIOCGIFDESCR                   = 0xc020692a
+	SIOCGIFDSTADDR                 = 0xc0206922
+	SIOCGIFFIB                     = 0xc020695c
+	SIOCGIFFLAGS                   = 0xc0206911
+	SIOCGIFGENERIC                 = 0xc020693a
+	SIOCGIFGMEMB                   = 0xc028698a
+	SIOCGIFGROUP                   = 0xc0286988
+	SIOCGIFINDEX                   = 0xc0206920
+	SIOCGIFMAC                     = 0xc0206926
+	SIOCGIFMEDIA                   = 0xc0306938
+	SIOCGIFMETRIC                  = 0xc0206917
+	SIOCGIFMTU                     = 0xc0206933
+	SIOCGIFNETMASK                 = 0xc0206925
+	SIOCGIFPDSTADDR                = 0xc0206948
+	SIOCGIFPHYS                    = 0xc0206935
+	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
+	SIOCGIFSTATUS                  = 0xc331693b
+	SIOCGIFXMEDIA                  = 0xc030698b
+	SIOCGLANPCP                    = 0xc0206998
+	SIOCGLOWAT                     = 0x40047303
+	SIOCGPGRP                      = 0x40047309
+	SIOCGPRIVATE_0                 = 0xc0206950
+	SIOCGPRIVATE_1                 = 0xc0206951
+	SIOCGTUNFIB                    = 0xc020695e
+	SIOCIFCREATE                   = 0xc020697a
+	SIOCIFCREATE2                  = 0xc020697c
+	SIOCIFDESTROY                  = 0x80206979
+	SIOCIFGCLONERS                 = 0xc0106978
+	SIOCSDRVSPEC                   = 0x8028697b
+	SIOCSHIWAT                     = 0x80047300
+	SIOCSIFADDR                    = 0x8020690c
+	SIOCSIFBRDADDR                 = 0x80206913
+	SIOCSIFCAP                     = 0x8020691e
+	SIOCSIFDESCR                   = 0x80206929
+	SIOCSIFDSTADDR                 = 0x8020690e
+	SIOCSIFFIB                     = 0x8020695d
+	SIOCSIFFLAGS                   = 0x80206910
+	SIOCSIFGENERIC                 = 0x80206939
+	SIOCSIFLLADDR                  = 0x8020693c
+	SIOCSIFMAC                     = 0x80206927
+	SIOCSIFMEDIA                   = 0xc0206937
+	SIOCSIFMETRIC                  = 0x80206918
+	SIOCSIFMTU                     = 0x80206934
+	SIOCSIFNAME                    = 0x80206928
+	SIOCSIFNETMASK                 = 0x80206916
+	SIOCSIFPHYADDR                 = 0x80406946
+	SIOCSIFPHYS                    = 0x80206936
+	SIOCSIFRVNET                   = 0xc020695b
+	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
+	SIOCSLOWAT                     = 0x80047302
+	SIOCSPGRP                      = 0x80047308
+	SIOCSTUNFIB                    = 0x8020695f
+	SOCK_CLOEXEC                   = 0x10000000
+	SOCK_DGRAM                     = 0x2
+	SOCK_MAXADDRLEN                = 0xff
+	SOCK_NONBLOCK                  = 0x20000000
+	SOCK_RAW                       = 0x3
+	SOCK_RDM                       = 0x4
+	SOCK_SEQPACKET                 = 0x5
+	SOCK_STREAM                    = 0x1
+	SOL_LOCAL                      = 0x0
+	SOL_SOCKET                     = 0xffff
+	SOMAXCONN                      = 0x80
+	SO_ACCEPTCONN                  = 0x2
+	SO_ACCEPTFILTER                = 0x1000
+	SO_BINTIME                     = 0x2000
+	SO_BROADCAST                   = 0x20
+	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
+	SO_DONTROUTE                   = 0x10
+	SO_ERROR                       = 0x1007
+	SO_KEEPALIVE                   = 0x8
+	SO_LABEL                       = 0x1009
+	SO_LINGER                      = 0x80
+	SO_LISTENINCQLEN               = 0x1013
+	SO_LISTENQLEN                  = 0x1012
+	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
+	SO_NOSIGPIPE                   = 0x800
+	SO_NO_DDP                      = 0x8000
+	SO_NO_OFFLOAD                  = 0x4000
+	SO_OOBINLINE                   = 0x100
+	SO_PEERLABEL                   = 0x1010
+	SO_PROTOCOL                    = 0x1016
+	SO_PROTOTYPE                   = 0x1016
+	SO_RCVBUF                      = 0x1002
+	SO_RCVLOWAT                    = 0x1004
+	SO_RCVTIMEO                    = 0x1006
+	SO_REUSEADDR                   = 0x4
+	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
+	SO_SETFIB                      = 0x1014
+	SO_SNDBUF                      = 0x1001
+	SO_SNDLOWAT                    = 0x1003
+	SO_SNDTIMEO                    = 0x1005
+	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
+	SO_TYPE                        = 0x1008
+	SO_USELOOPBACK                 = 0x40
+	SO_USER_COOKIE                 = 0x1015
+	SO_VENDOR                      = 0x80000000
+	S_BLKSIZE                      = 0x200
+	S_IEXEC                        = 0x40
+	S_IFBLK                        = 0x6000
+	S_IFCHR                        = 0x2000
+	S_IFDIR                        = 0x4000
+	S_IFIFO                        = 0x1000
+	S_IFLNK                        = 0xa000
+	S_IFMT                         = 0xf000
+	S_IFREG                        = 0x8000
+	S_IFSOCK                       = 0xc000
+	S_IFWHT                        = 0xe000
+	S_IREAD                        = 0x100
+	S_IRGRP                        = 0x20
+	S_IROTH                        = 0x4
+	S_IRUSR                        = 0x100
+	S_IRWXG                        = 0x38
+	S_IRWXO                        = 0x7
+	S_IRWXU                        = 0x1c0
+	S_ISGID                        = 0x400
+	S_ISTXT                        = 0x200
+	S_ISUID                        = 0x800
+	S_ISVTX                        = 0x200
+	S_IWGRP                        = 0x10
+	S_IWOTH                        = 0x2
+	S_IWRITE                       = 0x80
+	S_IWUSR                        = 0x80
+	S_IXGRP                        = 0x8
+	S_IXOTH                        = 0x1
+	S_IXUSR                        = 0x40
+	TAB0                           = 0x0
+	TAB3                           = 0x4
+	TABDLY                         = 0x4
+	TCIFLUSH                       = 0x1
+	TCIOFF                         = 0x3
+	TCIOFLUSH                      = 0x3
+	TCION                          = 0x4
+	TCOFLUSH                       = 0x2
+	TCOOFF                         = 0x1
+	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
+	TCP_CA_NAME_MAX                = 0x10
+	TCP_CCALGOOPT                  = 0x41
+	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
+	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
+	TCP_FUNCTION_BLK               = 0x2000
+	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
+	TCP_INFO                       = 0x20
+	TCP_KEEPCNT                    = 0x400
+	TCP_KEEPIDLE                   = 0x100
+	TCP_KEEPINIT                   = 0x80
+	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
+	TCP_MAXBURST                   = 0x4
+	TCP_MAXHLEN                    = 0x3c
+	TCP_MAXOLEN                    = 0x28
+	TCP_MAXSEG                     = 0x2
+	TCP_MAXWIN                     = 0xffff
+	TCP_MAX_SACK                   = 0x4
+	TCP_MAX_WINSHIFT               = 0xe
+	TCP_MD5SIG                     = 0x10
+	TCP_MINMSS                     = 0xd8
+	TCP_MSS                        = 0x218
+	TCP_NODELAY                    = 0x1
+	TCP_NOOPT                      = 0x8
+	TCP_NOPUSH                     = 0x4
+	TCP_PCAP_IN                    = 0x1000
+	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
+	TCP_VENDOR                     = 0x80000000
+	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
+	TIOCCBRK                       = 0x2000747a
+	TIOCCDTR                       = 0x20007478
+	TIOCCONS                       = 0x80047462
+	TIOCDRAIN                      = 0x2000745e
+	TIOCEXCL                       = 0x2000740d
+	TIOCEXT                        = 0x80047460
+	TIOCFLUSH                      = 0x80047410
+	TIOCGDRAINWAIT                 = 0x40047456
+	TIOCGETA                       = 0x402c7413
+	TIOCGETD                       = 0x4004741a
+	TIOCGPGRP                      = 0x40047477
+	TIOCGPTN                       = 0x4004740f
+	TIOCGSID                       = 0x40047463
+	TIOCGWINSZ                     = 0x40087468
+	TIOCMBIC                       = 0x8004746b
+	TIOCMBIS                       = 0x8004746c
+	TIOCMGDTRWAIT                  = 0x4004745a
+	TIOCMGET                       = 0x4004746a
+	TIOCMSDTRWAIT                  = 0x8004745b
+	TIOCMSET                       = 0x8004746d
+	TIOCM_CAR                      = 0x40
+	TIOCM_CD                       = 0x40
+	TIOCM_CTS                      = 0x20
+	TIOCM_DCD                      = 0x40
+	TIOCM_DSR                      = 0x100
+	TIOCM_DTR                      = 0x2
+	TIOCM_LE                       = 0x1
+	TIOCM_RI                       = 0x80
+	TIOCM_RNG                      = 0x80
+	TIOCM_RTS                      = 0x4
+	TIOCM_SR                       = 0x10
+	TIOCM_ST                       = 0x8
+	TIOCNOTTY                      = 0x20007471
+	TIOCNXCL                       = 0x2000740e
+	TIOCOUTQ                       = 0x40047473
+	TIOCPKT                        = 0x80047470
+	TIOCPKT_DATA                   = 0x0
+	TIOCPKT_DOSTOP                 = 0x20
+	TIOCPKT_FLUSHREAD              = 0x1
+	TIOCPKT_FLUSHWRITE             = 0x2
+	TIOCPKT_IOCTL                  = 0x40
+	TIOCPKT_NOSTOP                 = 0x10
+	TIOCPKT_START                  = 0x8
+	TIOCPKT_STOP                   = 0x4
+	TIOCPTMASTER                   = 0x2000741c
+	TIOCSBRK                       = 0x2000747b
+	TIOCSCTTY                      = 0x20007461
+	TIOCSDRAINWAIT                 = 0x80047457
+	TIOCSDTR                       = 0x20007479
+	TIOCSETA                       = 0x802c7414
+	TIOCSETAF                      = 0x802c7416
+	TIOCSETAW                      = 0x802c7415
+	TIOCSETD                       = 0x8004741b
+	TIOCSIG                        = 0x2004745f
+	TIOCSPGRP                      = 0x80047476
+	TIOCSTART                      = 0x2000746e
+	TIOCSTAT                       = 0x20007465
+	TIOCSTI                        = 0x80017472
+	TIOCSTOP                       = 0x2000746f
+	TIOCSWINSZ                     = 0x80087467
+	TIOCTIMESTAMP                  = 0x40107459
+	TIOCUCNTL                      = 0x80047466
+	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
+	VDISCARD                       = 0xf
+	VDSUSP                         = 0xb
+	VEOF                           = 0x0
+	VEOL                           = 0x1
+	VEOL2                          = 0x2
+	VERASE                         = 0x3
+	VERASE2                        = 0x7
+	VINTR                          = 0x8
+	VKILL                          = 0x5
+	VLNEXT                         = 0xe
+	VMIN                           = 0x10
+	VM_BCACHE_SIZE_MAX             = 0x19000000
+	VQUIT                          = 0x9
+	VREPRINT                       = 0x6
+	VSTART                         = 0xc
+	VSTATUS                        = 0x12
+	VSTOP                          = 0xd
+	VSUSP                          = 0xa
+	VTIME                          = 0x11
+	VWERASE                        = 0x4
+	WCONTINUED                     = 0x4
+	WCOREFLAG                      = 0x80
+	WEXITED                        = 0x10
+	WLINUXCLONE                    = 0x80000000
+	WNOHANG                        = 0x1
+	WNOWAIT                        = 0x8
+	WSTOPPED                       = 0x2
+	WTRAPPED                       = 0x20
+	WUNTRACED                      = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x59)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x55)
+	ECAPMODE        = syscall.Errno(0x5e)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDOOFUS         = syscall.Errno(0x58)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x56)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5a)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x57)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5b)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCAPABLE     = syscall.Errno(0x5d)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5f)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x60)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5c)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGLIBRT  = syscall.Signal(0x21)
+	SIGLWP    = syscall.Signal(0x20)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "ECANCELED", "operation canceled"},
+	{86, "EILSEQ", "illegal byte sequence"},
+	{87, "ENOATTR", "attribute not found"},
+	{88, "EDOOFUS", "programming error"},
+	{89, "EBADMSG", "bad message"},
+	{90, "EMULTIHOP", "multihop attempted"},
+	{91, "ENOLINK", "link has been severed"},
+	{92, "EPROTO", "protocol error"},
+	{93, "ENOTCAPABLE", "capabilities insufficient"},
+	{94, "ECAPMODE", "not permitted in capability mode"},
+	{95, "ENOTRECOVERABLE", "state not recoverable"},
+	{96, "EOWNERDEAD", "previous owner died"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "unknown signal"},
+	{33, "SIGLIBRT", "unknown signal"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
new file mode 100644
index 0000000000000..78d4b85ece50f
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -0,0 +1,2969 @@
+// Code generated by mkmerge.go; DO NOT EDIT.
+
+//go:build linux
+// +build linux
+
+package unix
+
+import "syscall"
+
+const (
+	AAFS_MAGIC                                  = 0x5a3c69f0
+	ADFS_SUPER_MAGIC                            = 0xadf5
+	AFFS_SUPER_MAGIC                            = 0xadff
+	AFS_FS_MAGIC                                = 0x6b414653
+	AFS_SUPER_MAGIC                             = 0x5346414f
+	AF_ALG                                      = 0x26
+	AF_APPLETALK                                = 0x5
+	AF_ASH                                      = 0x12
+	AF_ATMPVC                                   = 0x8
+	AF_ATMSVC                                   = 0x14
+	AF_AX25                                     = 0x3
+	AF_BLUETOOTH                                = 0x1f
+	AF_BRIDGE                                   = 0x7
+	AF_CAIF                                     = 0x25
+	AF_CAN                                      = 0x1d
+	AF_DECnet                                   = 0xc
+	AF_ECONET                                   = 0x13
+	AF_FILE                                     = 0x1
+	AF_IB                                       = 0x1b
+	AF_IEEE802154                               = 0x24
+	AF_INET                                     = 0x2
+	AF_INET6                                    = 0xa
+	AF_IPX                                      = 0x4
+	AF_IRDA                                     = 0x17
+	AF_ISDN                                     = 0x22
+	AF_IUCV                                     = 0x20
+	AF_KCM                                      = 0x29
+	AF_KEY                                      = 0xf
+	AF_LLC                                      = 0x1a
+	AF_LOCAL                                    = 0x1
+	AF_MAX                                      = 0x2d
+	AF_MPLS                                     = 0x1c
+	AF_NETBEUI                                  = 0xd
+	AF_NETLINK                                  = 0x10
+	AF_NETROM                                   = 0x6
+	AF_NFC                                      = 0x27
+	AF_PACKET                                   = 0x11
+	AF_PHONET                                   = 0x23
+	AF_PPPOX                                    = 0x18
+	AF_QIPCRTR                                  = 0x2a
+	AF_RDS                                      = 0x15
+	AF_ROSE                                     = 0xb
+	AF_ROUTE                                    = 0x10
+	AF_RXRPC                                    = 0x21
+	AF_SECURITY                                 = 0xe
+	AF_SMC                                      = 0x2b
+	AF_SNA                                      = 0x16
+	AF_TIPC                                     = 0x1e
+	AF_UNIX                                     = 0x1
+	AF_UNSPEC                                   = 0x0
+	AF_VSOCK                                    = 0x28
+	AF_WANPIPE                                  = 0x19
+	AF_X25                                      = 0x9
+	AF_XDP                                      = 0x2c
+	ALG_OP_DECRYPT                              = 0x0
+	ALG_OP_ENCRYPT                              = 0x1
+	ALG_SET_AEAD_ASSOCLEN                       = 0x4
+	ALG_SET_AEAD_AUTHSIZE                       = 0x5
+	ALG_SET_DRBG_ENTROPY                        = 0x6
+	ALG_SET_IV                                  = 0x2
+	ALG_SET_KEY                                 = 0x1
+	ALG_SET_OP                                  = 0x3
+	ANON_INODE_FS_MAGIC                         = 0x9041934
+	ARPHRD_6LOWPAN                              = 0x339
+	ARPHRD_ADAPT                                = 0x108
+	ARPHRD_APPLETLK                             = 0x8
+	ARPHRD_ARCNET                               = 0x7
+	ARPHRD_ASH                                  = 0x30d
+	ARPHRD_ATM                                  = 0x13
+	ARPHRD_AX25                                 = 0x3
+	ARPHRD_BIF                                  = 0x307
+	ARPHRD_CAIF                                 = 0x336
+	ARPHRD_CAN                                  = 0x118
+	ARPHRD_CHAOS                                = 0x5
+	ARPHRD_CISCO                                = 0x201
+	ARPHRD_CSLIP                                = 0x101
+	ARPHRD_CSLIP6                               = 0x103
+	ARPHRD_DDCMP                                = 0x205
+	ARPHRD_DLCI                                 = 0xf
+	ARPHRD_ECONET                               = 0x30e
+	ARPHRD_EETHER                               = 0x2
+	ARPHRD_ETHER                                = 0x1
+	ARPHRD_EUI64                                = 0x1b
+	ARPHRD_FCAL                                 = 0x311
+	ARPHRD_FCFABRIC                             = 0x313
+	ARPHRD_FCPL                                 = 0x312
+	ARPHRD_FCPP                                 = 0x310
+	ARPHRD_FDDI                                 = 0x306
+	ARPHRD_FRAD                                 = 0x302
+	ARPHRD_HDLC                                 = 0x201
+	ARPHRD_HIPPI                                = 0x30c
+	ARPHRD_HWX25                                = 0x110
+	ARPHRD_IEEE1394                             = 0x18
+	ARPHRD_IEEE802                              = 0x6
+	ARPHRD_IEEE80211                            = 0x321
+	ARPHRD_IEEE80211_PRISM                      = 0x322
+	ARPHRD_IEEE80211_RADIOTAP                   = 0x323
+	ARPHRD_IEEE802154                           = 0x324
+	ARPHRD_IEEE802154_MONITOR                   = 0x325
+	ARPHRD_IEEE802_TR                           = 0x320
+	ARPHRD_INFINIBAND                           = 0x20
+	ARPHRD_IP6GRE                               = 0x337
+	ARPHRD_IPDDP                                = 0x309
+	ARPHRD_IPGRE                                = 0x30a
+	ARPHRD_IRDA                                 = 0x30f
+	ARPHRD_LAPB                                 = 0x204
+	ARPHRD_LOCALTLK                             = 0x305
+	ARPHRD_LOOPBACK                             = 0x304
+	ARPHRD_METRICOM                             = 0x17
+	ARPHRD_NETLINK                              = 0x338
+	ARPHRD_NETROM                               = 0x0
+	ARPHRD_NONE                                 = 0xfffe
+	ARPHRD_PHONET                               = 0x334
+	ARPHRD_PHONET_PIPE                          = 0x335
+	ARPHRD_PIMREG                               = 0x30b
+	ARPHRD_PPP                                  = 0x200
+	ARPHRD_PRONET                               = 0x4
+	ARPHRD_RAWHDLC                              = 0x206
+	ARPHRD_RAWIP                                = 0x207
+	ARPHRD_ROSE                                 = 0x10e
+	ARPHRD_RSRVD                                = 0x104
+	ARPHRD_SIT                                  = 0x308
+	ARPHRD_SKIP                                 = 0x303
+	ARPHRD_SLIP                                 = 0x100
+	ARPHRD_SLIP6                                = 0x102
+	ARPHRD_TUNNEL                               = 0x300
+	ARPHRD_TUNNEL6                              = 0x301
+	ARPHRD_VOID                                 = 0xffff
+	ARPHRD_VSOCKMON                             = 0x33a
+	ARPHRD_X25                                  = 0x10f
+	AUTOFS_SUPER_MAGIC                          = 0x187
+	B0                                          = 0x0
+	B110                                        = 0x3
+	B1200                                       = 0x9
+	B134                                        = 0x4
+	B150                                        = 0x5
+	B1800                                       = 0xa
+	B19200                                      = 0xe
+	B200                                        = 0x6
+	B2400                                       = 0xb
+	B300                                        = 0x7
+	B38400                                      = 0xf
+	B4800                                       = 0xc
+	B50                                         = 0x1
+	B600                                        = 0x8
+	B75                                         = 0x2
+	B9600                                       = 0xd
+	BALLOON_KVM_MAGIC                           = 0x13661366
+	BDEVFS_MAGIC                                = 0x62646576
+	BINDERFS_SUPER_MAGIC                        = 0x6c6f6f70
+	BINFMTFS_MAGIC                              = 0x42494e4d
+	BPF_A                                       = 0x10
+	BPF_ABS                                     = 0x20
+	BPF_ADD                                     = 0x0
+	BPF_ALU                                     = 0x4
+	BPF_ALU64                                   = 0x7
+	BPF_AND                                     = 0x50
+	BPF_ARSH                                    = 0xc0
+	BPF_ATOMIC                                  = 0xc0
+	BPF_B                                       = 0x10
+	BPF_BUILD_ID_SIZE                           = 0x14
+	BPF_CALL                                    = 0x80
+	BPF_CMPXCHG                                 = 0xf1
+	BPF_DIV                                     = 0x30
+	BPF_DW                                      = 0x18
+	BPF_END                                     = 0xd0
+	BPF_EXIT                                    = 0x90
+	BPF_FETCH                                   = 0x1
+	BPF_FROM_BE                                 = 0x8
+	BPF_FROM_LE                                 = 0x0
+	BPF_FS_MAGIC                                = 0xcafe4a11
+	BPF_F_ALLOW_MULTI                           = 0x2
+	BPF_F_ALLOW_OVERRIDE                        = 0x1
+	BPF_F_ANY_ALIGNMENT                         = 0x2
+	BPF_F_QUERY_EFFECTIVE                       = 0x1
+	BPF_F_REPLACE                               = 0x4
+	BPF_F_SLEEPABLE                             = 0x10
+	BPF_F_STRICT_ALIGNMENT                      = 0x1
+	BPF_F_TEST_RND_HI32                         = 0x4
+	BPF_F_TEST_RUN_ON_CPU                       = 0x1
+	BPF_F_TEST_STATE_FREQ                       = 0x8
+	BPF_H                                       = 0x8
+	BPF_IMM                                     = 0x0
+	BPF_IND                                     = 0x40
+	BPF_JA                                      = 0x0
+	BPF_JEQ                                     = 0x10
+	BPF_JGE                                     = 0x30
+	BPF_JGT                                     = 0x20
+	BPF_JLE                                     = 0xb0
+	BPF_JLT                                     = 0xa0
+	BPF_JMP                                     = 0x5
+	BPF_JMP32                                   = 0x6
+	BPF_JNE                                     = 0x50
+	BPF_JSET                                    = 0x40
+	BPF_JSGE                                    = 0x70
+	BPF_JSGT                                    = 0x60
+	BPF_JSLE                                    = 0xd0
+	BPF_JSLT                                    = 0xc0
+	BPF_K                                       = 0x0
+	BPF_LD                                      = 0x0
+	BPF_LDX                                     = 0x1
+	BPF_LEN                                     = 0x80
+	BPF_LL_OFF                                  = -0x200000
+	BPF_LSH                                     = 0x60
+	BPF_MAJOR_VERSION                           = 0x1
+	BPF_MAXINSNS                                = 0x1000
+	BPF_MEM                                     = 0x60
+	BPF_MEMWORDS                                = 0x10
+	BPF_MINOR_VERSION                           = 0x1
+	BPF_MISC                                    = 0x7
+	BPF_MOD                                     = 0x90
+	BPF_MOV                                     = 0xb0
+	BPF_MSH                                     = 0xa0
+	BPF_MUL                                     = 0x20
+	BPF_NEG                                     = 0x80
+	BPF_NET_OFF                                 = -0x100000
+	BPF_OBJ_NAME_LEN                            = 0x10
+	BPF_OR                                      = 0x40
+	BPF_PSEUDO_BTF_ID                           = 0x3
+	BPF_PSEUDO_CALL                             = 0x1
+	BPF_PSEUDO_FUNC                             = 0x4
+	BPF_PSEUDO_KFUNC_CALL                       = 0x2
+	BPF_PSEUDO_MAP_FD                           = 0x1
+	BPF_PSEUDO_MAP_IDX                          = 0x5
+	BPF_PSEUDO_MAP_IDX_VALUE                    = 0x6
+	BPF_PSEUDO_MAP_VALUE                        = 0x2
+	BPF_RET                                     = 0x6
+	BPF_RSH                                     = 0x70
+	BPF_ST                                      = 0x2
+	BPF_STX                                     = 0x3
+	BPF_SUB                                     = 0x10
+	BPF_TAG_SIZE                                = 0x8
+	BPF_TAX                                     = 0x0
+	BPF_TO_BE                                   = 0x8
+	BPF_TO_LE                                   = 0x0
+	BPF_TXA                                     = 0x80
+	BPF_W                                       = 0x0
+	BPF_X                                       = 0x8
+	BPF_XADD                                    = 0xc0
+	BPF_XCHG                                    = 0xe1
+	BPF_XOR                                     = 0xa0
+	BRKINT                                      = 0x2
+	BS0                                         = 0x0
+	BTRFS_SUPER_MAGIC                           = 0x9123683e
+	BTRFS_TEST_MAGIC                            = 0x73727279
+	BUS_BLUETOOTH                               = 0x5
+	BUS_HIL                                     = 0x4
+	BUS_USB                                     = 0x3
+	BUS_VIRTUAL                                 = 0x6
+	CAN_BCM                                     = 0x2
+	CAN_EFF_FLAG                                = 0x80000000
+	CAN_EFF_ID_BITS                             = 0x1d
+	CAN_EFF_MASK                                = 0x1fffffff
+	CAN_ERR_ACK                                 = 0x20
+	CAN_ERR_BUSERROR                            = 0x80
+	CAN_ERR_BUSOFF                              = 0x40
+	CAN_ERR_CRTL                                = 0x4
+	CAN_ERR_CRTL_ACTIVE                         = 0x40
+	CAN_ERR_CRTL_RX_OVERFLOW                    = 0x1
+	CAN_ERR_CRTL_RX_PASSIVE                     = 0x10
+	CAN_ERR_CRTL_RX_WARNING                     = 0x4
+	CAN_ERR_CRTL_TX_OVERFLOW                    = 0x2
+	CAN_ERR_CRTL_TX_PASSIVE                     = 0x20
+	CAN_ERR_CRTL_TX_WARNING                     = 0x8
+	CAN_ERR_CRTL_UNSPEC                         = 0x0
+	CAN_ERR_DLC                                 = 0x8
+	CAN_ERR_FLAG                                = 0x20000000
+	CAN_ERR_LOSTARB                             = 0x2
+	CAN_ERR_LOSTARB_UNSPEC                      = 0x0
+	CAN_ERR_MASK                                = 0x1fffffff
+	CAN_ERR_PROT                                = 0x8
+	CAN_ERR_PROT_ACTIVE                         = 0x40
+	CAN_ERR_PROT_BIT                            = 0x1
+	CAN_ERR_PROT_BIT0                           = 0x8
+	CAN_ERR_PROT_BIT1                           = 0x10
+	CAN_ERR_PROT_FORM                           = 0x2
+	CAN_ERR_PROT_LOC_ACK                        = 0x19
+	CAN_ERR_PROT_LOC_ACK_DEL                    = 0x1b
+	CAN_ERR_PROT_LOC_CRC_DEL                    = 0x18
+	CAN_ERR_PROT_LOC_CRC_SEQ                    = 0x8
+	CAN_ERR_PROT_LOC_DATA                       = 0xa
+	CAN_ERR_PROT_LOC_DLC                        = 0xb
+	CAN_ERR_PROT_LOC_EOF                        = 0x1a
+	CAN_ERR_PROT_LOC_ID04_00                    = 0xe
+	CAN_ERR_PROT_LOC_ID12_05                    = 0xf
+	CAN_ERR_PROT_LOC_ID17_13                    = 0x7
+	CAN_ERR_PROT_LOC_ID20_18                    = 0x6
+	CAN_ERR_PROT_LOC_ID28_21                    = 0x2
+	CAN_ERR_PROT_LOC_IDE                        = 0x5
+	CAN_ERR_PROT_LOC_INTERM                     = 0x12
+	CAN_ERR_PROT_LOC_RES0                       = 0x9
+	CAN_ERR_PROT_LOC_RES1                       = 0xd
+	CAN_ERR_PROT_LOC_RTR                        = 0xc
+	CAN_ERR_PROT_LOC_SOF                        = 0x3
+	CAN_ERR_PROT_LOC_SRTR                       = 0x4
+	CAN_ERR_PROT_LOC_UNSPEC                     = 0x0
+	CAN_ERR_PROT_OVERLOAD                       = 0x20
+	CAN_ERR_PROT_STUFF                          = 0x4
+	CAN_ERR_PROT_TX                             = 0x80
+	CAN_ERR_PROT_UNSPEC                         = 0x0
+	CAN_ERR_RESTARTED                           = 0x100
+	CAN_ERR_TRX                                 = 0x10
+	CAN_ERR_TRX_CANH_NO_WIRE                    = 0x4
+	CAN_ERR_TRX_CANH_SHORT_TO_BAT               = 0x5
+	CAN_ERR_TRX_CANH_SHORT_TO_GND               = 0x7
+	CAN_ERR_TRX_CANH_SHORT_TO_VCC               = 0x6
+	CAN_ERR_TRX_CANL_NO_WIRE                    = 0x40
+	CAN_ERR_TRX_CANL_SHORT_TO_BAT               = 0x50
+	CAN_ERR_TRX_CANL_SHORT_TO_CANH              = 0x80
+	CAN_ERR_TRX_CANL_SHORT_TO_GND               = 0x70
+	CAN_ERR_TRX_CANL_SHORT_TO_VCC               = 0x60
+	CAN_ERR_TRX_UNSPEC                          = 0x0
+	CAN_ERR_TX_TIMEOUT                          = 0x1
+	CAN_INV_FILTER                              = 0x20000000
+	CAN_ISOTP                                   = 0x6
+	CAN_J1939                                   = 0x7
+	CAN_MAX_DLC                                 = 0x8
+	CAN_MAX_DLEN                                = 0x8
+	CAN_MAX_RAW_DLC                             = 0xf
+	CAN_MCNET                                   = 0x5
+	CAN_MTU                                     = 0x10
+	CAN_NPROTO                                  = 0x8
+	CAN_RAW                                     = 0x1
+	CAN_RAW_FILTER_MAX                          = 0x200
+	CAN_RTR_FLAG                                = 0x40000000
+	CAN_SFF_ID_BITS                             = 0xb
+	CAN_SFF_MASK                                = 0x7ff
+	CAN_TP16                                    = 0x3
+	CAN_TP20                                    = 0x4
+	CAP_AUDIT_CONTROL                           = 0x1e
+	CAP_AUDIT_READ                              = 0x25
+	CAP_AUDIT_WRITE                             = 0x1d
+	CAP_BLOCK_SUSPEND                           = 0x24
+	CAP_BPF                                     = 0x27
+	CAP_CHECKPOINT_RESTORE                      = 0x28
+	CAP_CHOWN                                   = 0x0
+	CAP_DAC_OVERRIDE                            = 0x1
+	CAP_DAC_READ_SEARCH                         = 0x2
+	CAP_FOWNER                                  = 0x3
+	CAP_FSETID                                  = 0x4
+	CAP_IPC_LOCK                                = 0xe
+	CAP_IPC_OWNER                               = 0xf
+	CAP_KILL                                    = 0x5
+	CAP_LAST_CAP                                = 0x28
+	CAP_LEASE                                   = 0x1c
+	CAP_LINUX_IMMUTABLE                         = 0x9
+	CAP_MAC_ADMIN                               = 0x21
+	CAP_MAC_OVERRIDE                            = 0x20
+	CAP_MKNOD                                   = 0x1b
+	CAP_NET_ADMIN                               = 0xc
+	CAP_NET_BIND_SERVICE                        = 0xa
+	CAP_NET_BROADCAST                           = 0xb
+	CAP_NET_RAW                                 = 0xd
+	CAP_PERFMON                                 = 0x26
+	CAP_SETFCAP                                 = 0x1f
+	CAP_SETGID                                  = 0x6
+	CAP_SETPCAP                                 = 0x8
+	CAP_SETUID                                  = 0x7
+	CAP_SYSLOG                                  = 0x22
+	CAP_SYS_ADMIN                               = 0x15
+	CAP_SYS_BOOT                                = 0x16
+	CAP_SYS_CHROOT                              = 0x12
+	CAP_SYS_MODULE                              = 0x10
+	CAP_SYS_NICE                                = 0x17
+	CAP_SYS_PACCT                               = 0x14
+	CAP_SYS_PTRACE                              = 0x13
+	CAP_SYS_RAWIO                               = 0x11
+	CAP_SYS_RESOURCE                            = 0x18
+	CAP_SYS_TIME                                = 0x19
+	CAP_SYS_TTY_CONFIG                          = 0x1a
+	CAP_WAKE_ALARM                              = 0x23
+	CFLUSH                                      = 0xf
+	CGROUP2_SUPER_MAGIC                         = 0x63677270
+	CGROUP_SUPER_MAGIC                          = 0x27e0eb
+	CLOCK_BOOTTIME                              = 0x7
+	CLOCK_BOOTTIME_ALARM                        = 0x9
+	CLOCK_DEFAULT                               = 0x0
+	CLOCK_EXT                                   = 0x1
+	CLOCK_INT                                   = 0x2
+	CLOCK_MONOTONIC                             = 0x1
+	CLOCK_MONOTONIC_COARSE                      = 0x6
+	CLOCK_MONOTONIC_RAW                         = 0x4
+	CLOCK_PROCESS_CPUTIME_ID                    = 0x2
+	CLOCK_REALTIME                              = 0x0
+	CLOCK_REALTIME_ALARM                        = 0x8
+	CLOCK_REALTIME_COARSE                       = 0x5
+	CLOCK_TAI                                   = 0xb
+	CLOCK_THREAD_CPUTIME_ID                     = 0x3
+	CLOCK_TXFROMRX                              = 0x4
+	CLOCK_TXINT                                 = 0x3
+	CLONE_ARGS_SIZE_VER0                        = 0x40
+	CLONE_ARGS_SIZE_VER1                        = 0x50
+	CLONE_ARGS_SIZE_VER2                        = 0x58
+	CLONE_CHILD_CLEARTID                        = 0x200000
+	CLONE_CHILD_SETTID                          = 0x1000000
+	CLONE_CLEAR_SIGHAND                         = 0x100000000
+	CLONE_DETACHED                              = 0x400000
+	CLONE_FILES                                 = 0x400
+	CLONE_FS                                    = 0x200
+	CLONE_INTO_CGROUP                           = 0x200000000
+	CLONE_IO                                    = 0x80000000
+	CLONE_NEWCGROUP                             = 0x2000000
+	CLONE_NEWIPC                                = 0x8000000
+	CLONE_NEWNET                                = 0x40000000
+	CLONE_NEWNS                                 = 0x20000
+	CLONE_NEWPID                                = 0x20000000
+	CLONE_NEWTIME                               = 0x80
+	CLONE_NEWUSER                               = 0x10000000
+	CLONE_NEWUTS                                = 0x4000000
+	CLONE_PARENT                                = 0x8000
+	CLONE_PARENT_SETTID                         = 0x100000
+	CLONE_PIDFD                                 = 0x1000
+	CLONE_PTRACE                                = 0x2000
+	CLONE_SETTLS                                = 0x80000
+	CLONE_SIGHAND                               = 0x800
+	CLONE_SYSVSEM                               = 0x40000
+	CLONE_THREAD                                = 0x10000
+	CLONE_UNTRACED                              = 0x800000
+	CLONE_VFORK                                 = 0x4000
+	CLONE_VM                                    = 0x100
+	CMSPAR                                      = 0x40000000
+	CODA_SUPER_MAGIC                            = 0x73757245
+	CR0                                         = 0x0
+	CRAMFS_MAGIC                                = 0x28cd3d45
+	CRTSCTS                                     = 0x80000000
+	CRYPTO_MAX_NAME                             = 0x40
+	CRYPTO_MSG_MAX                              = 0x15
+	CRYPTO_NR_MSGTYPES                          = 0x6
+	CRYPTO_REPORT_MAXSIZE                       = 0x160
+	CS5                                         = 0x0
+	CSIGNAL                                     = 0xff
+	CSTART                                      = 0x11
+	CSTATUS                                     = 0x0
+	CSTOP                                       = 0x13
+	CSUSP                                       = 0x1a
+	DAXFS_MAGIC                                 = 0x64646178
+	DEBUGFS_MAGIC                               = 0x64626720
+	DEVLINK_CMD_ESWITCH_MODE_GET                = 0x1d
+	DEVLINK_CMD_ESWITCH_MODE_SET                = 0x1e
+	DEVLINK_FLASH_OVERWRITE_IDENTIFIERS         = 0x2
+	DEVLINK_FLASH_OVERWRITE_SETTINGS            = 0x1
+	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
+	DEVLINK_GENL_NAME                           = "devlink"
+	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
+	DEVLINK_SUPPORTED_FLASH_OVERWRITE_SECTIONS  = 0x3
+	DEVMEM_MAGIC                                = 0x454d444d
+	DEVPTS_SUPER_MAGIC                          = 0x1cd1
+	DMA_BUF_MAGIC                               = 0x444d4142
+	DM_ACTIVE_PRESENT_FLAG                      = 0x20
+	DM_BUFFER_FULL_FLAG                         = 0x100
+	DM_CONTROL_NODE                             = "control"
+	DM_DATA_OUT_FLAG                            = 0x10000
+	DM_DEFERRED_REMOVE                          = 0x20000
+	DM_DEV_ARM_POLL                             = 0xc138fd10
+	DM_DEV_CREATE                               = 0xc138fd03
+	DM_DEV_REMOVE                               = 0xc138fd04
+	DM_DEV_RENAME                               = 0xc138fd05
+	DM_DEV_SET_GEOMETRY                         = 0xc138fd0f
+	DM_DEV_STATUS                               = 0xc138fd07
+	DM_DEV_SUSPEND                              = 0xc138fd06
+	DM_DEV_WAIT                                 = 0xc138fd08
+	DM_DIR                                      = "mapper"
+	DM_GET_TARGET_VERSION                       = 0xc138fd11
+	DM_INACTIVE_PRESENT_FLAG                    = 0x40
+	DM_INTERNAL_SUSPEND_FLAG                    = 0x40000
+	DM_IOCTL                                    = 0xfd
+	DM_LIST_DEVICES                             = 0xc138fd02
+	DM_LIST_VERSIONS                            = 0xc138fd0d
+	DM_MAX_TYPE_NAME                            = 0x10
+	DM_NAME_LEN                                 = 0x80
+	DM_NAME_LIST_FLAG_DOESNT_HAVE_UUID          = 0x2
+	DM_NAME_LIST_FLAG_HAS_UUID                  = 0x1
+	DM_NOFLUSH_FLAG                             = 0x800
+	DM_PERSISTENT_DEV_FLAG                      = 0x8
+	DM_QUERY_INACTIVE_TABLE_FLAG                = 0x1000
+	DM_READONLY_FLAG                            = 0x1
+	DM_REMOVE_ALL                               = 0xc138fd01
+	DM_SECURE_DATA_FLAG                         = 0x8000
+	DM_SKIP_BDGET_FLAG                          = 0x200
+	DM_SKIP_LOCKFS_FLAG                         = 0x400
+	DM_STATUS_TABLE_FLAG                        = 0x10
+	DM_SUSPEND_FLAG                             = 0x2
+	DM_TABLE_CLEAR                              = 0xc138fd0a
+	DM_TABLE_DEPS                               = 0xc138fd0b
+	DM_TABLE_LOAD                               = 0xc138fd09
+	DM_TABLE_STATUS                             = 0xc138fd0c
+	DM_TARGET_MSG                               = 0xc138fd0e
+	DM_UEVENT_GENERATED_FLAG                    = 0x2000
+	DM_UUID_FLAG                                = 0x4000
+	DM_UUID_LEN                                 = 0x81
+	DM_VERSION                                  = 0xc138fd00
+	DM_VERSION_EXTRA                            = "-ioctl (2021-03-22)"
+	DM_VERSION_MAJOR                            = 0x4
+	DM_VERSION_MINOR                            = 0x2d
+	DM_VERSION_PATCHLEVEL                       = 0x0
+	DT_BLK                                      = 0x6
+	DT_CHR                                      = 0x2
+	DT_DIR                                      = 0x4
+	DT_FIFO                                     = 0x1
+	DT_LNK                                      = 0xa
+	DT_REG                                      = 0x8
+	DT_SOCK                                     = 0xc
+	DT_UNKNOWN                                  = 0x0
+	DT_WHT                                      = 0xe
+	ECHO                                        = 0x8
+	ECRYPTFS_SUPER_MAGIC                        = 0xf15f
+	EFD_SEMAPHORE                               = 0x1
+	EFIVARFS_MAGIC                              = 0xde5e81e4
+	EFS_SUPER_MAGIC                             = 0x414a53
+	ENCODING_DEFAULT                            = 0x0
+	ENCODING_FM_MARK                            = 0x3
+	ENCODING_FM_SPACE                           = 0x4
+	ENCODING_MANCHESTER                         = 0x5
+	ENCODING_NRZ                                = 0x1
+	ENCODING_NRZI                               = 0x2
+	EPOLLERR                                    = 0x8
+	EPOLLET                                     = 0x80000000
+	EPOLLEXCLUSIVE                              = 0x10000000
+	EPOLLHUP                                    = 0x10
+	EPOLLIN                                     = 0x1
+	EPOLLMSG                                    = 0x400
+	EPOLLONESHOT                                = 0x40000000
+	EPOLLOUT                                    = 0x4
+	EPOLLPRI                                    = 0x2
+	EPOLLRDBAND                                 = 0x80
+	EPOLLRDHUP                                  = 0x2000
+	EPOLLRDNORM                                 = 0x40
+	EPOLLWAKEUP                                 = 0x20000000
+	EPOLLWRBAND                                 = 0x200
+	EPOLLWRNORM                                 = 0x100
+	EPOLL_CTL_ADD                               = 0x1
+	EPOLL_CTL_DEL                               = 0x2
+	EPOLL_CTL_MOD                               = 0x3
+	EROFS_SUPER_MAGIC_V1                        = 0xe0f5e1e2
+	ESP_V4_FLOW                                 = 0xa
+	ESP_V6_FLOW                                 = 0xc
+	ETHER_FLOW                                  = 0x12
+	ETHTOOL_BUSINFO_LEN                         = 0x20
+	ETHTOOL_EROMVERS_LEN                        = 0x20
+	ETHTOOL_FEC_AUTO                            = 0x2
+	ETHTOOL_FEC_BASER                           = 0x10
+	ETHTOOL_FEC_LLRS                            = 0x20
+	ETHTOOL_FEC_NONE                            = 0x1
+	ETHTOOL_FEC_OFF                             = 0x4
+	ETHTOOL_FEC_RS                              = 0x8
+	ETHTOOL_FLAG_ALL                            = 0x7
+	ETHTOOL_FLAG_COMPACT_BITSETS                = 0x1
+	ETHTOOL_FLAG_OMIT_REPLY                     = 0x2
+	ETHTOOL_FLAG_STATS                          = 0x4
+	ETHTOOL_FLASHDEV                            = 0x33
+	ETHTOOL_FLASH_MAX_FILENAME                  = 0x80
+	ETHTOOL_FWVERS_LEN                          = 0x20
+	ETHTOOL_F_COMPAT                            = 0x4
+	ETHTOOL_F_UNSUPPORTED                       = 0x1
+	ETHTOOL_F_WISH                              = 0x2
+	ETHTOOL_GCHANNELS                           = 0x3c
+	ETHTOOL_GCOALESCE                           = 0xe
+	ETHTOOL_GDRVINFO                            = 0x3
+	ETHTOOL_GEEE                                = 0x44
+	ETHTOOL_GEEPROM                             = 0xb
+	ETHTOOL_GENL_NAME                           = "ethtool"
+	ETHTOOL_GENL_VERSION                        = 0x1
+	ETHTOOL_GET_DUMP_DATA                       = 0x40
+	ETHTOOL_GET_DUMP_FLAG                       = 0x3f
+	ETHTOOL_GET_TS_INFO                         = 0x41
+	ETHTOOL_GFEATURES                           = 0x3a
+	ETHTOOL_GFECPARAM                           = 0x50
+	ETHTOOL_GFLAGS                              = 0x25
+	ETHTOOL_GGRO                                = 0x2b
+	ETHTOOL_GGSO                                = 0x23
+	ETHTOOL_GLINK                               = 0xa
+	ETHTOOL_GLINKSETTINGS                       = 0x4c
+	ETHTOOL_GMODULEEEPROM                       = 0x43
+	ETHTOOL_GMODULEINFO                         = 0x42
+	ETHTOOL_GMSGLVL                             = 0x7
+	ETHTOOL_GPAUSEPARAM                         = 0x12
+	ETHTOOL_GPERMADDR                           = 0x20
+	ETHTOOL_GPFLAGS                             = 0x27
+	ETHTOOL_GPHYSTATS                           = 0x4a
+	ETHTOOL_GREGS                               = 0x4
+	ETHTOOL_GRINGPARAM                          = 0x10
+	ETHTOOL_GRSSH                               = 0x46
+	ETHTOOL_GRXCLSRLALL                         = 0x30
+	ETHTOOL_GRXCLSRLCNT                         = 0x2e
+	ETHTOOL_GRXCLSRULE                          = 0x2f
+	ETHTOOL_GRXCSUM                             = 0x14
+	ETHTOOL_GRXFH                               = 0x29
+	ETHTOOL_GRXFHINDIR                          = 0x38
+	ETHTOOL_GRXNTUPLE                           = 0x36
+	ETHTOOL_GRXRINGS                            = 0x2d
+	ETHTOOL_GSET                                = 0x1
+	ETHTOOL_GSG                                 = 0x18
+	ETHTOOL_GSSET_INFO                          = 0x37
+	ETHTOOL_GSTATS                              = 0x1d
+	ETHTOOL_GSTRINGS                            = 0x1b
+	ETHTOOL_GTSO                                = 0x1e
+	ETHTOOL_GTUNABLE                            = 0x48
+	ETHTOOL_GTXCSUM                             = 0x16
+	ETHTOOL_GUFO                                = 0x21
+	ETHTOOL_GWOL                                = 0x5
+	ETHTOOL_MCGRP_MONITOR_NAME                  = "monitor"
+	ETHTOOL_NWAY_RST                            = 0x9
+	ETHTOOL_PERQUEUE                            = 0x4b
+	ETHTOOL_PHYS_ID                             = 0x1c
+	ETHTOOL_PHY_EDPD_DFLT_TX_MSECS              = 0xffff
+	ETHTOOL_PHY_EDPD_DISABLE                    = 0x0
+	ETHTOOL_PHY_EDPD_NO_TX                      = 0xfffe
+	ETHTOOL_PHY_FAST_LINK_DOWN_OFF              = 0xff
+	ETHTOOL_PHY_FAST_LINK_DOWN_ON               = 0x0
+	ETHTOOL_PHY_GTUNABLE                        = 0x4e
+	ETHTOOL_PHY_STUNABLE                        = 0x4f
+	ETHTOOL_RESET                               = 0x34
+	ETHTOOL_RXNTUPLE_ACTION_CLEAR               = -0x2
+	ETHTOOL_RXNTUPLE_ACTION_DROP                = -0x1
+	ETHTOOL_RX_FLOW_SPEC_RING                   = 0xffffffff
+	ETHTOOL_RX_FLOW_SPEC_RING_VF                = 0xff00000000
+	ETHTOOL_RX_FLOW_SPEC_RING_VF_OFF            = 0x20
+	ETHTOOL_SCHANNELS                           = 0x3d
+	ETHTOOL_SCOALESCE                           = 0xf
+	ETHTOOL_SEEE                                = 0x45
+	ETHTOOL_SEEPROM                             = 0xc
+	ETHTOOL_SET_DUMP                            = 0x3e
+	ETHTOOL_SFEATURES                           = 0x3b
+	ETHTOOL_SFECPARAM                           = 0x51
+	ETHTOOL_SFLAGS                              = 0x26
+	ETHTOOL_SGRO                                = 0x2c
+	ETHTOOL_SGSO                                = 0x24
+	ETHTOOL_SLINKSETTINGS                       = 0x4d
+	ETHTOOL_SMSGLVL                             = 0x8
+	ETHTOOL_SPAUSEPARAM                         = 0x13
+	ETHTOOL_SPFLAGS                             = 0x28
+	ETHTOOL_SRINGPARAM                          = 0x11
+	ETHTOOL_SRSSH                               = 0x47
+	ETHTOOL_SRXCLSRLDEL                         = 0x31
+	ETHTOOL_SRXCLSRLINS                         = 0x32
+	ETHTOOL_SRXCSUM                             = 0x15
+	ETHTOOL_SRXFH                               = 0x2a
+	ETHTOOL_SRXFHINDIR                          = 0x39
+	ETHTOOL_SRXNTUPLE                           = 0x35
+	ETHTOOL_SSET                                = 0x2
+	ETHTOOL_SSG                                 = 0x19
+	ETHTOOL_STSO                                = 0x1f
+	ETHTOOL_STUNABLE                            = 0x49
+	ETHTOOL_STXCSUM                             = 0x17
+	ETHTOOL_SUFO                                = 0x22
+	ETHTOOL_SWOL                                = 0x6
+	ETHTOOL_TEST                                = 0x1a
+	ETH_P_1588                                  = 0x88f7
+	ETH_P_8021AD                                = 0x88a8
+	ETH_P_8021AH                                = 0x88e7
+	ETH_P_8021Q                                 = 0x8100
+	ETH_P_80221                                 = 0x8917
+	ETH_P_802_2                                 = 0x4
+	ETH_P_802_3                                 = 0x1
+	ETH_P_802_3_MIN                             = 0x600
+	ETH_P_802_EX1                               = 0x88b5
+	ETH_P_AARP                                  = 0x80f3
+	ETH_P_AF_IUCV                               = 0xfbfb
+	ETH_P_ALL                                   = 0x3
+	ETH_P_AOE                                   = 0x88a2
+	ETH_P_ARCNET                                = 0x1a
+	ETH_P_ARP                                   = 0x806
+	ETH_P_ATALK                                 = 0x809b
+	ETH_P_ATMFATE                               = 0x8884
+	ETH_P_ATMMPOA                               = 0x884c
+	ETH_P_AX25                                  = 0x2
+	ETH_P_BATMAN                                = 0x4305
+	ETH_P_BPQ                                   = 0x8ff
+	ETH_P_CAIF                                  = 0xf7
+	ETH_P_CAN                                   = 0xc
+	ETH_P_CANFD                                 = 0xd
+	ETH_P_CFM                                   = 0x8902
+	ETH_P_CONTROL                               = 0x16
+	ETH_P_CUST                                  = 0x6006
+	ETH_P_DDCMP                                 = 0x6
+	ETH_P_DEC                                   = 0x6000
+	ETH_P_DIAG                                  = 0x6005
+	ETH_P_DNA_DL                                = 0x6001
+	ETH_P_DNA_RC                                = 0x6002
+	ETH_P_DNA_RT                                = 0x6003
+	ETH_P_DSA                                   = 0x1b
+	ETH_P_DSA_8021Q                             = 0xdadb
+	ETH_P_ECONET                                = 0x18
+	ETH_P_EDSA                                  = 0xdada
+	ETH_P_ERSPAN                                = 0x88be
+	ETH_P_ERSPAN2                               = 0x22eb
+	ETH_P_FCOE                                  = 0x8906
+	ETH_P_FIP                                   = 0x8914
+	ETH_P_HDLC                                  = 0x19
+	ETH_P_HSR                                   = 0x892f
+	ETH_P_IBOE                                  = 0x8915
+	ETH_P_IEEE802154                            = 0xf6
+	ETH_P_IEEEPUP                               = 0xa00
+	ETH_P_IEEEPUPAT                             = 0xa01
+	ETH_P_IFE                                   = 0xed3e
+	ETH_P_IP                                    = 0x800
+	ETH_P_IPV6                                  = 0x86dd
+	ETH_P_IPX                                   = 0x8137
+	ETH_P_IRDA                                  = 0x17
+	ETH_P_LAT                                   = 0x6004
+	ETH_P_LINK_CTL                              = 0x886c
+	ETH_P_LLDP                                  = 0x88cc
+	ETH_P_LOCALTALK                             = 0x9
+	ETH_P_LOOP                                  = 0x60
+	ETH_P_LOOPBACK                              = 0x9000
+	ETH_P_MACSEC                                = 0x88e5
+	ETH_P_MAP                                   = 0xf9
+	ETH_P_MOBITEX                               = 0x15
+	ETH_P_MPLS_MC                               = 0x8848
+	ETH_P_MPLS_UC                               = 0x8847
+	ETH_P_MRP                                   = 0x88e3
+	ETH_P_MVRP                                  = 0x88f5
+	ETH_P_NCSI                                  = 0x88f8
+	ETH_P_NSH                                   = 0x894f
+	ETH_P_PAE                                   = 0x888e
+	ETH_P_PAUSE                                 = 0x8808
+	ETH_P_PHONET                                = 0xf5
+	ETH_P_PPPTALK                               = 0x10
+	ETH_P_PPP_DISC                              = 0x8863
+	ETH_P_PPP_MP                                = 0x8
+	ETH_P_PPP_SES                               = 0x8864
+	ETH_P_PREAUTH                               = 0x88c7
+	ETH_P_PRP                                   = 0x88fb
+	ETH_P_PUP                                   = 0x200
+	ETH_P_PUPAT                                 = 0x201
+	ETH_P_QINQ1                                 = 0x9100
+	ETH_P_QINQ2                                 = 0x9200
+	ETH_P_QINQ3                                 = 0x9300
+	ETH_P_RARP                                  = 0x8035
+	ETH_P_SCA                                   = 0x6007
+	ETH_P_SLOW                                  = 0x8809
+	ETH_P_SNAP                                  = 0x5
+	ETH_P_TDLS                                  = 0x890d
+	ETH_P_TEB                                   = 0x6558
+	ETH_P_TIPC                                  = 0x88ca
+	ETH_P_TRAILER                               = 0x1c
+	ETH_P_TR_802_2                              = 0x11
+	ETH_P_TSN                                   = 0x22f0
+	ETH_P_WAN_PPP                               = 0x7
+	ETH_P_WCCP                                  = 0x883e
+	ETH_P_X25                                   = 0x805
+	ETH_P_XDSA                                  = 0xf8
+	EXABYTE_ENABLE_NEST                         = 0xf0
+	EXT2_SUPER_MAGIC                            = 0xef53
+	EXT3_SUPER_MAGIC                            = 0xef53
+	EXT4_SUPER_MAGIC                            = 0xef53
+	EXTA                                        = 0xe
+	EXTB                                        = 0xf
+	F2FS_SUPER_MAGIC                            = 0xf2f52010
+	FALLOC_FL_COLLAPSE_RANGE                    = 0x8
+	FALLOC_FL_INSERT_RANGE                      = 0x20
+	FALLOC_FL_KEEP_SIZE                         = 0x1
+	FALLOC_FL_NO_HIDE_STALE                     = 0x4
+	FALLOC_FL_PUNCH_HOLE                        = 0x2
+	FALLOC_FL_UNSHARE_RANGE                     = 0x40
+	FALLOC_FL_ZERO_RANGE                        = 0x10
+	FANOTIFY_METADATA_VERSION                   = 0x3
+	FAN_ACCESS                                  = 0x1
+	FAN_ACCESS_PERM                             = 0x20000
+	FAN_ALLOW                                   = 0x1
+	FAN_ALL_CLASS_BITS                          = 0xc
+	FAN_ALL_EVENTS                              = 0x3b
+	FAN_ALL_INIT_FLAGS                          = 0x3f
+	FAN_ALL_MARK_FLAGS                          = 0xff
+	FAN_ALL_OUTGOING_EVENTS                     = 0x3403b
+	FAN_ALL_PERM_EVENTS                         = 0x30000
+	FAN_ATTRIB                                  = 0x4
+	FAN_AUDIT                                   = 0x10
+	FAN_CLASS_CONTENT                           = 0x4
+	FAN_CLASS_NOTIF                             = 0x0
+	FAN_CLASS_PRE_CONTENT                       = 0x8
+	FAN_CLOEXEC                                 = 0x1
+	FAN_CLOSE                                   = 0x18
+	FAN_CLOSE_NOWRITE                           = 0x10
+	FAN_CLOSE_WRITE                             = 0x8
+	FAN_CREATE                                  = 0x100
+	FAN_DELETE                                  = 0x200
+	FAN_DELETE_SELF                             = 0x400
+	FAN_DENY                                    = 0x2
+	FAN_ENABLE_AUDIT                            = 0x40
+	FAN_EVENT_INFO_TYPE_DFID                    = 0x3
+	FAN_EVENT_INFO_TYPE_DFID_NAME               = 0x2
+	FAN_EVENT_INFO_TYPE_FID                     = 0x1
+	FAN_EVENT_METADATA_LEN                      = 0x18
+	FAN_EVENT_ON_CHILD                          = 0x8000000
+	FAN_MARK_ADD                                = 0x1
+	FAN_MARK_DONT_FOLLOW                        = 0x4
+	FAN_MARK_FILESYSTEM                         = 0x100
+	FAN_MARK_FLUSH                              = 0x80
+	FAN_MARK_IGNORED_MASK                       = 0x20
+	FAN_MARK_IGNORED_SURV_MODIFY                = 0x40
+	FAN_MARK_INODE                              = 0x0
+	FAN_MARK_MOUNT                              = 0x10
+	FAN_MARK_ONLYDIR                            = 0x8
+	FAN_MARK_REMOVE                             = 0x2
+	FAN_MODIFY                                  = 0x2
+	FAN_MOVE                                    = 0xc0
+	FAN_MOVED_FROM                              = 0x40
+	FAN_MOVED_TO                                = 0x80
+	FAN_MOVE_SELF                               = 0x800
+	FAN_NOFD                                    = -0x1
+	FAN_NONBLOCK                                = 0x2
+	FAN_ONDIR                                   = 0x40000000
+	FAN_OPEN                                    = 0x20
+	FAN_OPEN_EXEC                               = 0x1000
+	FAN_OPEN_EXEC_PERM                          = 0x40000
+	FAN_OPEN_PERM                               = 0x10000
+	FAN_Q_OVERFLOW                              = 0x4000
+	FAN_REPORT_DFID_NAME                        = 0xc00
+	FAN_REPORT_DIR_FID                          = 0x400
+	FAN_REPORT_FID                              = 0x200
+	FAN_REPORT_NAME                             = 0x800
+	FAN_REPORT_TID                              = 0x100
+	FAN_UNLIMITED_MARKS                         = 0x20
+	FAN_UNLIMITED_QUEUE                         = 0x10
+	FD_CLOEXEC                                  = 0x1
+	FD_SETSIZE                                  = 0x400
+	FF0                                         = 0x0
+	FIDEDUPERANGE                               = 0xc0189436
+	FSCRYPT_KEY_DESCRIPTOR_SIZE                 = 0x8
+	FSCRYPT_KEY_DESC_PREFIX                     = "fscrypt:"
+	FSCRYPT_KEY_DESC_PREFIX_SIZE                = 0x8
+	FSCRYPT_KEY_IDENTIFIER_SIZE                 = 0x10
+	FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY  = 0x1
+	FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS = 0x2
+	FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR            = 0x1
+	FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER            = 0x2
+	FSCRYPT_KEY_STATUS_ABSENT                   = 0x1
+	FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF       = 0x1
+	FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED     = 0x3
+	FSCRYPT_KEY_STATUS_PRESENT                  = 0x2
+	FSCRYPT_MAX_KEY_SIZE                        = 0x40
+	FSCRYPT_MODE_ADIANTUM                       = 0x9
+	FSCRYPT_MODE_AES_128_CBC                    = 0x5
+	FSCRYPT_MODE_AES_128_CTS                    = 0x6
+	FSCRYPT_MODE_AES_256_CTS                    = 0x4
+	FSCRYPT_MODE_AES_256_XTS                    = 0x1
+	FSCRYPT_POLICY_FLAGS_PAD_16                 = 0x2
+	FSCRYPT_POLICY_FLAGS_PAD_32                 = 0x3
+	FSCRYPT_POLICY_FLAGS_PAD_4                  = 0x0
+	FSCRYPT_POLICY_FLAGS_PAD_8                  = 0x1
+	FSCRYPT_POLICY_FLAGS_PAD_MASK               = 0x3
+	FSCRYPT_POLICY_FLAG_DIRECT_KEY              = 0x4
+	FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32          = 0x10
+	FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64          = 0x8
+	FSCRYPT_POLICY_V1                           = 0x0
+	FSCRYPT_POLICY_V2                           = 0x2
+	FS_ENCRYPTION_MODE_ADIANTUM                 = 0x9
+	FS_ENCRYPTION_MODE_AES_128_CBC              = 0x5
+	FS_ENCRYPTION_MODE_AES_128_CTS              = 0x6
+	FS_ENCRYPTION_MODE_AES_256_CBC              = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS              = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM              = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS              = 0x1
+	FS_ENCRYPTION_MODE_INVALID                  = 0x0
+	FS_ENCRYPTION_MODE_SPECK128_256_CTS         = 0x8
+	FS_ENCRYPTION_MODE_SPECK128_256_XTS         = 0x7
+	FS_IOC_ADD_ENCRYPTION_KEY                   = 0xc0506617
+	FS_IOC_GET_ENCRYPTION_KEY_STATUS            = 0xc080661a
+	FS_IOC_GET_ENCRYPTION_POLICY_EX             = 0xc0096616
+	FS_IOC_MEASURE_VERITY                       = 0xc0046686
+	FS_IOC_READ_VERITY_METADATA                 = 0xc0286687
+	FS_IOC_REMOVE_ENCRYPTION_KEY                = 0xc0406618
+	FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS      = 0xc0406619
+	FS_KEY_DESCRIPTOR_SIZE                      = 0x8
+	FS_KEY_DESC_PREFIX                          = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE                     = 0x8
+	FS_MAX_KEY_SIZE                             = 0x40
+	FS_POLICY_FLAGS_PAD_16                      = 0x2
+	FS_POLICY_FLAGS_PAD_32                      = 0x3
+	FS_POLICY_FLAGS_PAD_4                       = 0x0
+	FS_POLICY_FLAGS_PAD_8                       = 0x1
+	FS_POLICY_FLAGS_PAD_MASK                    = 0x3
+	FS_POLICY_FLAGS_VALID                       = 0x7
+	FS_VERITY_FL                                = 0x100000
+	FS_VERITY_HASH_ALG_SHA256                   = 0x1
+	FS_VERITY_HASH_ALG_SHA512                   = 0x2
+	FS_VERITY_METADATA_TYPE_DESCRIPTOR          = 0x2
+	FS_VERITY_METADATA_TYPE_MERKLE_TREE         = 0x1
+	FS_VERITY_METADATA_TYPE_SIGNATURE           = 0x3
+	FUTEXFS_SUPER_MAGIC                         = 0xbad1dea
+	F_ADD_SEALS                                 = 0x409
+	F_DUPFD                                     = 0x0
+	F_DUPFD_CLOEXEC                             = 0x406
+	F_EXLCK                                     = 0x4
+	F_GETFD                                     = 0x1
+	F_GETFL                                     = 0x3
+	F_GETLEASE                                  = 0x401
+	F_GETOWN_EX                                 = 0x10
+	F_GETPIPE_SZ                                = 0x408
+	F_GETSIG                                    = 0xb
+	F_GET_FILE_RW_HINT                          = 0x40d
+	F_GET_RW_HINT                               = 0x40b
+	F_GET_SEALS                                 = 0x40a
+	F_LOCK                                      = 0x1
+	F_NOTIFY                                    = 0x402
+	F_OFD_GETLK                                 = 0x24
+	F_OFD_SETLK                                 = 0x25
+	F_OFD_SETLKW                                = 0x26
+	F_OK                                        = 0x0
+	F_SEAL_FUTURE_WRITE                         = 0x10
+	F_SEAL_GROW                                 = 0x4
+	F_SEAL_SEAL                                 = 0x1
+	F_SEAL_SHRINK                               = 0x2
+	F_SEAL_WRITE                                = 0x8
+	F_SETFD                                     = 0x2
+	F_SETFL                                     = 0x4
+	F_SETLEASE                                  = 0x400
+	F_SETOWN_EX                                 = 0xf
+	F_SETPIPE_SZ                                = 0x407
+	F_SETSIG                                    = 0xa
+	F_SET_FILE_RW_HINT                          = 0x40e
+	F_SET_RW_HINT                               = 0x40c
+	F_SHLCK                                     = 0x8
+	F_TEST                                      = 0x3
+	F_TLOCK                                     = 0x2
+	F_ULOCK                                     = 0x0
+	GENL_ADMIN_PERM                             = 0x1
+	GENL_CMD_CAP_DO                             = 0x2
+	GENL_CMD_CAP_DUMP                           = 0x4
+	GENL_CMD_CAP_HASPOL                         = 0x8
+	GENL_HDRLEN                                 = 0x4
+	GENL_ID_CTRL                                = 0x10
+	GENL_ID_PMCRAID                             = 0x12
+	GENL_ID_VFS_DQUOT                           = 0x11
+	GENL_MAX_ID                                 = 0x3ff
+	GENL_MIN_ID                                 = 0x10
+	GENL_NAMSIZ                                 = 0x10
+	GENL_START_ALLOC                            = 0x13
+	GENL_UNS_ADMIN_PERM                         = 0x10
+	GRND_INSECURE                               = 0x4
+	GRND_NONBLOCK                               = 0x1
+	GRND_RANDOM                                 = 0x2
+	HDIO_DRIVE_CMD                              = 0x31f
+	HDIO_DRIVE_CMD_AEB                          = 0x31e
+	HDIO_DRIVE_CMD_HDR_SIZE                     = 0x4
+	HDIO_DRIVE_HOB_HDR_SIZE                     = 0x8
+	HDIO_DRIVE_RESET                            = 0x31c
+	HDIO_DRIVE_TASK                             = 0x31e
+	HDIO_DRIVE_TASKFILE                         = 0x31d
+	HDIO_DRIVE_TASK_HDR_SIZE                    = 0x8
+	HDIO_GETGEO                                 = 0x301
+	HDIO_GET_32BIT                              = 0x309
+	HDIO_GET_ACOUSTIC                           = 0x30f
+	HDIO_GET_ADDRESS                            = 0x310
+	HDIO_GET_BUSSTATE                           = 0x31a
+	HDIO_GET_DMA                                = 0x30b
+	HDIO_GET_IDENTITY                           = 0x30d
+	HDIO_GET_KEEPSETTINGS                       = 0x308
+	HDIO_GET_MULTCOUNT                          = 0x304
+	HDIO_GET_NICE                               = 0x30c
+	HDIO_GET_NOWERR                             = 0x30a
+	HDIO_GET_QDMA                               = 0x305
+	HDIO_GET_UNMASKINTR                         = 0x302
+	HDIO_GET_WCACHE                             = 0x30e
+	HDIO_OBSOLETE_IDENTITY                      = 0x307
+	HDIO_SCAN_HWIF                              = 0x328
+	HDIO_SET_32BIT                              = 0x324
+	HDIO_SET_ACOUSTIC                           = 0x32c
+	HDIO_SET_ADDRESS                            = 0x32f
+	HDIO_SET_BUSSTATE                           = 0x32d
+	HDIO_SET_DMA                                = 0x326
+	HDIO_SET_KEEPSETTINGS                       = 0x323
+	HDIO_SET_MULTCOUNT                          = 0x321
+	HDIO_SET_NICE                               = 0x329
+	HDIO_SET_NOWERR                             = 0x325
+	HDIO_SET_PIO_MODE                           = 0x327
+	HDIO_SET_QDMA                               = 0x32e
+	HDIO_SET_UNMASKINTR                         = 0x322
+	HDIO_SET_WCACHE                             = 0x32b
+	HDIO_SET_XFER                               = 0x306
+	HDIO_TRISTATE_HWIF                          = 0x31b
+	HDIO_UNREGISTER_HWIF                        = 0x32a
+	HID_MAX_DESCRIPTOR_SIZE                     = 0x1000
+	HOSTFS_SUPER_MAGIC                          = 0xc0ffee
+	HPFS_SUPER_MAGIC                            = 0xf995e849
+	HUGETLBFS_MAGIC                             = 0x958458f6
+	IBSHIFT                                     = 0x10
+	ICRNL                                       = 0x100
+	IFA_F_DADFAILED                             = 0x8
+	IFA_F_DEPRECATED                            = 0x20
+	IFA_F_HOMEADDRESS                           = 0x10
+	IFA_F_MANAGETEMPADDR                        = 0x100
+	IFA_F_MCAUTOJOIN                            = 0x400
+	IFA_F_NODAD                                 = 0x2
+	IFA_F_NOPREFIXROUTE                         = 0x200
+	IFA_F_OPTIMISTIC                            = 0x4
+	IFA_F_PERMANENT                             = 0x80
+	IFA_F_SECONDARY                             = 0x1
+	IFA_F_STABLE_PRIVACY                        = 0x800
+	IFA_F_TEMPORARY                             = 0x1
+	IFA_F_TENTATIVE                             = 0x40
+	IFA_MAX                                     = 0xa
+	IFF_ALLMULTI                                = 0x200
+	IFF_ATTACH_QUEUE                            = 0x200
+	IFF_AUTOMEDIA                               = 0x4000
+	IFF_BROADCAST                               = 0x2
+	IFF_DEBUG                                   = 0x4
+	IFF_DETACH_QUEUE                            = 0x400
+	IFF_DORMANT                                 = 0x20000
+	IFF_DYNAMIC                                 = 0x8000
+	IFF_ECHO                                    = 0x40000
+	IFF_LOOPBACK                                = 0x8
+	IFF_LOWER_UP                                = 0x10000
+	IFF_MASTER                                  = 0x400
+	IFF_MULTICAST                               = 0x1000
+	IFF_MULTI_QUEUE                             = 0x100
+	IFF_NAPI                                    = 0x10
+	IFF_NAPI_FRAGS                              = 0x20
+	IFF_NOARP                                   = 0x80
+	IFF_NOFILTER                                = 0x1000
+	IFF_NOTRAILERS                              = 0x20
+	IFF_NO_PI                                   = 0x1000
+	IFF_ONE_QUEUE                               = 0x2000
+	IFF_PERSIST                                 = 0x800
+	IFF_POINTOPOINT                             = 0x10
+	IFF_PORTSEL                                 = 0x2000
+	IFF_PROMISC                                 = 0x100
+	IFF_RUNNING                                 = 0x40
+	IFF_SLAVE                                   = 0x800
+	IFF_TAP                                     = 0x2
+	IFF_TUN                                     = 0x1
+	IFF_TUN_EXCL                                = 0x8000
+	IFF_UP                                      = 0x1
+	IFF_VNET_HDR                                = 0x4000
+	IFF_VOLATILE                                = 0x70c5a
+	IFNAMSIZ                                    = 0x10
+	IGNBRK                                      = 0x1
+	IGNCR                                       = 0x80
+	IGNPAR                                      = 0x4
+	IMAXBEL                                     = 0x2000
+	INLCR                                       = 0x40
+	INPCK                                       = 0x10
+	IN_ACCESS                                   = 0x1
+	IN_ALL_EVENTS                               = 0xfff
+	IN_ATTRIB                                   = 0x4
+	IN_CLASSA_HOST                              = 0xffffff
+	IN_CLASSA_MAX                               = 0x80
+	IN_CLASSA_NET                               = 0xff000000
+	IN_CLASSA_NSHIFT                            = 0x18
+	IN_CLASSB_HOST                              = 0xffff
+	IN_CLASSB_MAX                               = 0x10000
+	IN_CLASSB_NET                               = 0xffff0000
+	IN_CLASSB_NSHIFT                            = 0x10
+	IN_CLASSC_HOST                              = 0xff
+	IN_CLASSC_NET                               = 0xffffff00
+	IN_CLASSC_NSHIFT                            = 0x8
+	IN_CLOSE                                    = 0x18
+	IN_CLOSE_NOWRITE                            = 0x10
+	IN_CLOSE_WRITE                              = 0x8
+	IN_CREATE                                   = 0x100
+	IN_DELETE                                   = 0x200
+	IN_DELETE_SELF                              = 0x400
+	IN_DONT_FOLLOW                              = 0x2000000
+	IN_EXCL_UNLINK                              = 0x4000000
+	IN_IGNORED                                  = 0x8000
+	IN_ISDIR                                    = 0x40000000
+	IN_LOOPBACKNET                              = 0x7f
+	IN_MASK_ADD                                 = 0x20000000
+	IN_MASK_CREATE                              = 0x10000000
+	IN_MODIFY                                   = 0x2
+	IN_MOVE                                     = 0xc0
+	IN_MOVED_FROM                               = 0x40
+	IN_MOVED_TO                                 = 0x80
+	IN_MOVE_SELF                                = 0x800
+	IN_ONESHOT                                  = 0x80000000
+	IN_ONLYDIR                                  = 0x1000000
+	IN_OPEN                                     = 0x20
+	IN_Q_OVERFLOW                               = 0x4000
+	IN_UNMOUNT                                  = 0x2000
+	IPPROTO_AH                                  = 0x33
+	IPPROTO_BEETPH                              = 0x5e
+	IPPROTO_COMP                                = 0x6c
+	IPPROTO_DCCP                                = 0x21
+	IPPROTO_DSTOPTS                             = 0x3c
+	IPPROTO_EGP                                 = 0x8
+	IPPROTO_ENCAP                               = 0x62
+	IPPROTO_ESP                                 = 0x32
+	IPPROTO_ETHERNET                            = 0x8f
+	IPPROTO_FRAGMENT                            = 0x2c
+	IPPROTO_GRE                                 = 0x2f
+	IPPROTO_HOPOPTS                             = 0x0
+	IPPROTO_ICMP                                = 0x1
+	IPPROTO_ICMPV6                              = 0x3a
+	IPPROTO_IDP                                 = 0x16
+	IPPROTO_IGMP                                = 0x2
+	IPPROTO_IP                                  = 0x0
+	IPPROTO_IPIP                                = 0x4
+	IPPROTO_IPV6                                = 0x29
+	IPPROTO_L2TP                                = 0x73
+	IPPROTO_MH                                  = 0x87
+	IPPROTO_MPLS                                = 0x89
+	IPPROTO_MPTCP                               = 0x106
+	IPPROTO_MTP                                 = 0x5c
+	IPPROTO_NONE                                = 0x3b
+	IPPROTO_PIM                                 = 0x67
+	IPPROTO_PUP                                 = 0xc
+	IPPROTO_RAW                                 = 0xff
+	IPPROTO_ROUTING                             = 0x2b
+	IPPROTO_RSVP                                = 0x2e
+	IPPROTO_SCTP                                = 0x84
+	IPPROTO_TCP                                 = 0x6
+	IPPROTO_TP                                  = 0x1d
+	IPPROTO_UDP                                 = 0x11
+	IPPROTO_UDPLITE                             = 0x88
+	IPV6_2292DSTOPTS                            = 0x4
+	IPV6_2292HOPLIMIT                           = 0x8
+	IPV6_2292HOPOPTS                            = 0x3
+	IPV6_2292PKTINFO                            = 0x2
+	IPV6_2292PKTOPTIONS                         = 0x6
+	IPV6_2292RTHDR                              = 0x5
+	IPV6_ADDRFORM                               = 0x1
+	IPV6_ADDR_PREFERENCES                       = 0x48
+	IPV6_ADD_MEMBERSHIP                         = 0x14
+	IPV6_AUTHHDR                                = 0xa
+	IPV6_AUTOFLOWLABEL                          = 0x46
+	IPV6_CHECKSUM                               = 0x7
+	IPV6_DONTFRAG                               = 0x3e
+	IPV6_DROP_MEMBERSHIP                        = 0x15
+	IPV6_DSTOPTS                                = 0x3b
+	IPV6_FLOW                                   = 0x11
+	IPV6_FREEBIND                               = 0x4e
+	IPV6_HDRINCL                                = 0x24
+	IPV6_HOPLIMIT                               = 0x34
+	IPV6_HOPOPTS                                = 0x36
+	IPV6_IPSEC_POLICY                           = 0x22
+	IPV6_JOIN_ANYCAST                           = 0x1b
+	IPV6_JOIN_GROUP                             = 0x14
+	IPV6_LEAVE_ANYCAST                          = 0x1c
+	IPV6_LEAVE_GROUP                            = 0x15
+	IPV6_MINHOPCOUNT                            = 0x49
+	IPV6_MTU                                    = 0x18
+	IPV6_MTU_DISCOVER                           = 0x17
+	IPV6_MULTICAST_ALL                          = 0x1d
+	IPV6_MULTICAST_HOPS                         = 0x12
+	IPV6_MULTICAST_IF                           = 0x11
+	IPV6_MULTICAST_LOOP                         = 0x13
+	IPV6_NEXTHOP                                = 0x9
+	IPV6_ORIGDSTADDR                            = 0x4a
+	IPV6_PATHMTU                                = 0x3d
+	IPV6_PKTINFO                                = 0x32
+	IPV6_PMTUDISC_DO                            = 0x2
+	IPV6_PMTUDISC_DONT                          = 0x0
+	IPV6_PMTUDISC_INTERFACE                     = 0x4
+	IPV6_PMTUDISC_OMIT                          = 0x5
+	IPV6_PMTUDISC_PROBE                         = 0x3
+	IPV6_PMTUDISC_WANT                          = 0x1
+	IPV6_RECVDSTOPTS                            = 0x3a
+	IPV6_RECVERR                                = 0x19
+	IPV6_RECVERR_RFC4884                        = 0x1f
+	IPV6_RECVFRAGSIZE                           = 0x4d
+	IPV6_RECVHOPLIMIT                           = 0x33
+	IPV6_RECVHOPOPTS                            = 0x35
+	IPV6_RECVORIGDSTADDR                        = 0x4a
+	IPV6_RECVPATHMTU                            = 0x3c
+	IPV6_RECVPKTINFO                            = 0x31
+	IPV6_RECVRTHDR                              = 0x38
+	IPV6_RECVTCLASS                             = 0x42
+	IPV6_ROUTER_ALERT                           = 0x16
+	IPV6_ROUTER_ALERT_ISOLATE                   = 0x1e
+	IPV6_RTHDR                                  = 0x39
+	IPV6_RTHDRDSTOPTS                           = 0x37
+	IPV6_RTHDR_LOOSE                            = 0x0
+	IPV6_RTHDR_STRICT                           = 0x1
+	IPV6_RTHDR_TYPE_0                           = 0x0
+	IPV6_RXDSTOPTS                              = 0x3b
+	IPV6_RXHOPOPTS                              = 0x36
+	IPV6_TCLASS                                 = 0x43
+	IPV6_TRANSPARENT                            = 0x4b
+	IPV6_UNICAST_HOPS                           = 0x10
+	IPV6_UNICAST_IF                             = 0x4c
+	IPV6_USER_FLOW                              = 0xe
+	IPV6_V6ONLY                                 = 0x1a
+	IPV6_XFRM_POLICY                            = 0x23
+	IP_ADD_MEMBERSHIP                           = 0x23
+	IP_ADD_SOURCE_MEMBERSHIP                    = 0x27
+	IP_BIND_ADDRESS_NO_PORT                     = 0x18
+	IP_BLOCK_SOURCE                             = 0x26
+	IP_CHECKSUM                                 = 0x17
+	IP_DEFAULT_MULTICAST_LOOP                   = 0x1
+	IP_DEFAULT_MULTICAST_TTL                    = 0x1
+	IP_DF                                       = 0x4000
+	IP_DROP_MEMBERSHIP                          = 0x24
+	IP_DROP_SOURCE_MEMBERSHIP                   = 0x28
+	IP_FREEBIND                                 = 0xf
+	IP_HDRINCL                                  = 0x3
+	IP_IPSEC_POLICY                             = 0x10
+	IP_MAXPACKET                                = 0xffff
+	IP_MAX_MEMBERSHIPS                          = 0x14
+	IP_MF                                       = 0x2000
+	IP_MINTTL                                   = 0x15
+	IP_MSFILTER                                 = 0x29
+	IP_MSS                                      = 0x240
+	IP_MTU                                      = 0xe
+	IP_MTU_DISCOVER                             = 0xa
+	IP_MULTICAST_ALL                            = 0x31
+	IP_MULTICAST_IF                             = 0x20
+	IP_MULTICAST_LOOP                           = 0x22
+	IP_MULTICAST_TTL                            = 0x21
+	IP_NODEFRAG                                 = 0x16
+	IP_OFFMASK                                  = 0x1fff
+	IP_OPTIONS                                  = 0x4
+	IP_ORIGDSTADDR                              = 0x14
+	IP_PASSSEC                                  = 0x12
+	IP_PKTINFO                                  = 0x8
+	IP_PKTOPTIONS                               = 0x9
+	IP_PMTUDISC                                 = 0xa
+	IP_PMTUDISC_DO                              = 0x2
+	IP_PMTUDISC_DONT                            = 0x0
+	IP_PMTUDISC_INTERFACE                       = 0x4
+	IP_PMTUDISC_OMIT                            = 0x5
+	IP_PMTUDISC_PROBE                           = 0x3
+	IP_PMTUDISC_WANT                            = 0x1
+	IP_RECVERR                                  = 0xb
+	IP_RECVERR_RFC4884                          = 0x1a
+	IP_RECVFRAGSIZE                             = 0x19
+	IP_RECVOPTS                                 = 0x6
+	IP_RECVORIGDSTADDR                          = 0x14
+	IP_RECVRETOPTS                              = 0x7
+	IP_RECVTOS                                  = 0xd
+	IP_RECVTTL                                  = 0xc
+	IP_RETOPTS                                  = 0x7
+	IP_RF                                       = 0x8000
+	IP_ROUTER_ALERT                             = 0x5
+	IP_TOS                                      = 0x1
+	IP_TRANSPARENT                              = 0x13
+	IP_TTL                                      = 0x2
+	IP_UNBLOCK_SOURCE                           = 0x25
+	IP_UNICAST_IF                               = 0x32
+	IP_USER_FLOW                                = 0xd
+	IP_XFRM_POLICY                              = 0x11
+	ISOFS_SUPER_MAGIC                           = 0x9660
+	ISTRIP                                      = 0x20
+	IUTF8                                       = 0x4000
+	IXANY                                       = 0x800
+	JFFS2_SUPER_MAGIC                           = 0x72b6
+	KEXEC_ARCH_386                              = 0x30000
+	KEXEC_ARCH_68K                              = 0x40000
+	KEXEC_ARCH_AARCH64                          = 0xb70000
+	KEXEC_ARCH_ARM                              = 0x280000
+	KEXEC_ARCH_DEFAULT                          = 0x0
+	KEXEC_ARCH_IA_64                            = 0x320000
+	KEXEC_ARCH_MASK                             = 0xffff0000
+	KEXEC_ARCH_MIPS                             = 0x80000
+	KEXEC_ARCH_MIPS_LE                          = 0xa0000
+	KEXEC_ARCH_PARISC                           = 0xf0000
+	KEXEC_ARCH_PPC                              = 0x140000
+	KEXEC_ARCH_PPC64                            = 0x150000
+	KEXEC_ARCH_RISCV                            = 0xf30000
+	KEXEC_ARCH_S390                             = 0x160000
+	KEXEC_ARCH_SH                               = 0x2a0000
+	KEXEC_ARCH_X86_64                           = 0x3e0000
+	KEXEC_FILE_NO_INITRAMFS                     = 0x4
+	KEXEC_FILE_ON_CRASH                         = 0x2
+	KEXEC_FILE_UNLOAD                           = 0x1
+	KEXEC_ON_CRASH                              = 0x1
+	KEXEC_PRESERVE_CONTEXT                      = 0x2
+	KEXEC_SEGMENT_MAX                           = 0x10
+	KEYCTL_ASSUME_AUTHORITY                     = 0x10
+	KEYCTL_CAPABILITIES                         = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                        = 0x10
+	KEYCTL_CAPS0_CAPABILITIES                   = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN                 = 0x4
+	KEYCTL_CAPS0_INVALIDATE                     = 0x20
+	KEYCTL_CAPS0_MOVE                           = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS            = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY                     = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING               = 0x40
+	KEYCTL_CAPS1_NOTIFICATIONS                  = 0x4
+	KEYCTL_CAPS1_NS_KEYRING_NAME                = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG                     = 0x2
+	KEYCTL_CHOWN                                = 0x4
+	KEYCTL_CLEAR                                = 0x7
+	KEYCTL_DESCRIBE                             = 0x6
+	KEYCTL_DH_COMPUTE                           = 0x17
+	KEYCTL_GET_KEYRING_ID                       = 0x0
+	KEYCTL_GET_PERSISTENT                       = 0x16
+	KEYCTL_GET_SECURITY                         = 0x11
+	KEYCTL_INSTANTIATE                          = 0xc
+	KEYCTL_INSTANTIATE_IOV                      = 0x14
+	KEYCTL_INVALIDATE                           = 0x15
+	KEYCTL_JOIN_SESSION_KEYRING                 = 0x1
+	KEYCTL_LINK                                 = 0x8
+	KEYCTL_MOVE                                 = 0x1e
+	KEYCTL_MOVE_EXCL                            = 0x1
+	KEYCTL_NEGATE                               = 0xd
+	KEYCTL_PKEY_DECRYPT                         = 0x1a
+	KEYCTL_PKEY_ENCRYPT                         = 0x19
+	KEYCTL_PKEY_QUERY                           = 0x18
+	KEYCTL_PKEY_SIGN                            = 0x1b
+	KEYCTL_PKEY_VERIFY                          = 0x1c
+	KEYCTL_READ                                 = 0xb
+	KEYCTL_REJECT                               = 0x13
+	KEYCTL_RESTRICT_KEYRING                     = 0x1d
+	KEYCTL_REVOKE                               = 0x3
+	KEYCTL_SEARCH                               = 0xa
+	KEYCTL_SESSION_TO_PARENT                    = 0x12
+	KEYCTL_SETPERM                              = 0x5
+	KEYCTL_SET_REQKEY_KEYRING                   = 0xe
+	KEYCTL_SET_TIMEOUT                          = 0xf
+	KEYCTL_SUPPORTS_DECRYPT                     = 0x2
+	KEYCTL_SUPPORTS_ENCRYPT                     = 0x1
+	KEYCTL_SUPPORTS_SIGN                        = 0x4
+	KEYCTL_SUPPORTS_VERIFY                      = 0x8
+	KEYCTL_UNLINK                               = 0x9
+	KEYCTL_UPDATE                               = 0x2
+	KEYCTL_WATCH_KEY                            = 0x20
+	KEY_REQKEY_DEFL_DEFAULT                     = 0x0
+	KEY_REQKEY_DEFL_GROUP_KEYRING               = 0x6
+	KEY_REQKEY_DEFL_NO_CHANGE                   = -0x1
+	KEY_REQKEY_DEFL_PROCESS_KEYRING             = 0x2
+	KEY_REQKEY_DEFL_REQUESTOR_KEYRING           = 0x7
+	KEY_REQKEY_DEFL_SESSION_KEYRING             = 0x3
+	KEY_REQKEY_DEFL_THREAD_KEYRING              = 0x1
+	KEY_REQKEY_DEFL_USER_KEYRING                = 0x4
+	KEY_REQKEY_DEFL_USER_SESSION_KEYRING        = 0x5
+	KEY_SPEC_GROUP_KEYRING                      = -0x6
+	KEY_SPEC_PROCESS_KEYRING                    = -0x2
+	KEY_SPEC_REQKEY_AUTH_KEY                    = -0x7
+	KEY_SPEC_REQUESTOR_KEYRING                  = -0x8
+	KEY_SPEC_SESSION_KEYRING                    = -0x3
+	KEY_SPEC_THREAD_KEYRING                     = -0x1
+	KEY_SPEC_USER_KEYRING                       = -0x4
+	KEY_SPEC_USER_SESSION_KEYRING               = -0x5
+	LANDLOCK_ACCESS_FS_EXECUTE                  = 0x1
+	LANDLOCK_ACCESS_FS_MAKE_BLOCK               = 0x800
+	LANDLOCK_ACCESS_FS_MAKE_CHAR                = 0x40
+	LANDLOCK_ACCESS_FS_MAKE_DIR                 = 0x80
+	LANDLOCK_ACCESS_FS_MAKE_FIFO                = 0x400
+	LANDLOCK_ACCESS_FS_MAKE_REG                 = 0x100
+	LANDLOCK_ACCESS_FS_MAKE_SOCK                = 0x200
+	LANDLOCK_ACCESS_FS_MAKE_SYM                 = 0x1000
+	LANDLOCK_ACCESS_FS_READ_DIR                 = 0x8
+	LANDLOCK_ACCESS_FS_READ_FILE                = 0x4
+	LANDLOCK_ACCESS_FS_REMOVE_DIR               = 0x10
+	LANDLOCK_ACCESS_FS_REMOVE_FILE              = 0x20
+	LANDLOCK_ACCESS_FS_WRITE_FILE               = 0x2
+	LANDLOCK_CREATE_RULESET_VERSION             = 0x1
+	LINUX_REBOOT_CMD_CAD_OFF                    = 0x0
+	LINUX_REBOOT_CMD_CAD_ON                     = 0x89abcdef
+	LINUX_REBOOT_CMD_HALT                       = 0xcdef0123
+	LINUX_REBOOT_CMD_KEXEC                      = 0x45584543
+	LINUX_REBOOT_CMD_POWER_OFF                  = 0x4321fedc
+	LINUX_REBOOT_CMD_RESTART                    = 0x1234567
+	LINUX_REBOOT_CMD_RESTART2                   = 0xa1b2c3d4
+	LINUX_REBOOT_CMD_SW_SUSPEND                 = 0xd000fce2
+	LINUX_REBOOT_MAGIC1                         = 0xfee1dead
+	LINUX_REBOOT_MAGIC2                         = 0x28121969
+	LOCK_EX                                     = 0x2
+	LOCK_NB                                     = 0x4
+	LOCK_SH                                     = 0x1
+	LOCK_UN                                     = 0x8
+	LOOP_CLR_FD                                 = 0x4c01
+	LOOP_CTL_ADD                                = 0x4c80
+	LOOP_CTL_GET_FREE                           = 0x4c82
+	LOOP_CTL_REMOVE                             = 0x4c81
+	LOOP_GET_STATUS                             = 0x4c03
+	LOOP_GET_STATUS64                           = 0x4c05
+	LOOP_SET_BLOCK_SIZE                         = 0x4c09
+	LOOP_SET_CAPACITY                           = 0x4c07
+	LOOP_SET_DIRECT_IO                          = 0x4c08
+	LOOP_SET_FD                                 = 0x4c00
+	LOOP_SET_STATUS                             = 0x4c02
+	LOOP_SET_STATUS64                           = 0x4c04
+	LOOP_SET_STATUS_CLEARABLE_FLAGS             = 0x4
+	LOOP_SET_STATUS_SETTABLE_FLAGS              = 0xc
+	LO_KEY_SIZE                                 = 0x20
+	LO_NAME_SIZE                                = 0x40
+	LWTUNNEL_IP6_MAX                            = 0x8
+	LWTUNNEL_IP_MAX                             = 0x8
+	LWTUNNEL_IP_OPTS_MAX                        = 0x3
+	LWTUNNEL_IP_OPT_ERSPAN_MAX                  = 0x4
+	LWTUNNEL_IP_OPT_GENEVE_MAX                  = 0x3
+	LWTUNNEL_IP_OPT_VXLAN_MAX                   = 0x1
+	MADV_COLD                                   = 0x14
+	MADV_DODUMP                                 = 0x11
+	MADV_DOFORK                                 = 0xb
+	MADV_DONTDUMP                               = 0x10
+	MADV_DONTFORK                               = 0xa
+	MADV_DONTNEED                               = 0x4
+	MADV_FREE                                   = 0x8
+	MADV_HUGEPAGE                               = 0xe
+	MADV_HWPOISON                               = 0x64
+	MADV_KEEPONFORK                             = 0x13
+	MADV_MERGEABLE                              = 0xc
+	MADV_NOHUGEPAGE                             = 0xf
+	MADV_NORMAL                                 = 0x0
+	MADV_PAGEOUT                                = 0x15
+	MADV_POPULATE_READ                          = 0x16
+	MADV_POPULATE_WRITE                         = 0x17
+	MADV_RANDOM                                 = 0x1
+	MADV_REMOVE                                 = 0x9
+	MADV_SEQUENTIAL                             = 0x2
+	MADV_UNMERGEABLE                            = 0xd
+	MADV_WILLNEED                               = 0x3
+	MADV_WIPEONFORK                             = 0x12
+	MAP_FILE                                    = 0x0
+	MAP_FIXED                                   = 0x10
+	MAP_FIXED_NOREPLACE                         = 0x100000
+	MAP_HUGE_MASK                               = 0x3f
+	MAP_HUGE_SHIFT                              = 0x1a
+	MAP_PRIVATE                                 = 0x2
+	MAP_SHARED                                  = 0x1
+	MAP_SHARED_VALIDATE                         = 0x3
+	MAP_TYPE                                    = 0xf
+	MCAST_BLOCK_SOURCE                          = 0x2b
+	MCAST_EXCLUDE                               = 0x0
+	MCAST_INCLUDE                               = 0x1
+	MCAST_JOIN_GROUP                            = 0x2a
+	MCAST_JOIN_SOURCE_GROUP                     = 0x2e
+	MCAST_LEAVE_GROUP                           = 0x2d
+	MCAST_LEAVE_SOURCE_GROUP                    = 0x2f
+	MCAST_MSFILTER                              = 0x30
+	MCAST_UNBLOCK_SOURCE                        = 0x2c
+	MEMGETREGIONINFO                            = 0xc0104d08
+	MEMREADOOB64                                = 0xc0184d16
+	MEMWRITE                                    = 0xc0304d18
+	MEMWRITEOOB64                               = 0xc0184d15
+	MFD_ALLOW_SEALING                           = 0x2
+	MFD_CLOEXEC                                 = 0x1
+	MFD_HUGETLB                                 = 0x4
+	MFD_HUGE_16GB                               = -0x78000000
+	MFD_HUGE_16MB                               = 0x60000000
+	MFD_HUGE_1GB                                = 0x78000000
+	MFD_HUGE_1MB                                = 0x50000000
+	MFD_HUGE_256MB                              = 0x70000000
+	MFD_HUGE_2GB                                = 0x7c000000
+	MFD_HUGE_2MB                                = 0x54000000
+	MFD_HUGE_32MB                               = 0x64000000
+	MFD_HUGE_512KB                              = 0x4c000000
+	MFD_HUGE_512MB                              = 0x74000000
+	MFD_HUGE_64KB                               = 0x40000000
+	MFD_HUGE_8MB                                = 0x5c000000
+	MFD_HUGE_MASK                               = 0x3f
+	MFD_HUGE_SHIFT                              = 0x1a
+	MINIX2_SUPER_MAGIC                          = 0x2468
+	MINIX2_SUPER_MAGIC2                         = 0x2478
+	MINIX3_SUPER_MAGIC                          = 0x4d5a
+	MINIX_SUPER_MAGIC                           = 0x137f
+	MINIX_SUPER_MAGIC2                          = 0x138f
+	MNT_DETACH                                  = 0x2
+	MNT_EXPIRE                                  = 0x4
+	MNT_FORCE                                   = 0x1
+	MODULE_INIT_IGNORE_MODVERSIONS              = 0x1
+	MODULE_INIT_IGNORE_VERMAGIC                 = 0x2
+	MSDOS_SUPER_MAGIC                           = 0x4d44
+	MSG_BATCH                                   = 0x40000
+	MSG_CMSG_CLOEXEC                            = 0x40000000
+	MSG_CONFIRM                                 = 0x800
+	MSG_CTRUNC                                  = 0x8
+	MSG_DONTROUTE                               = 0x4
+	MSG_DONTWAIT                                = 0x40
+	MSG_EOR                                     = 0x80
+	MSG_ERRQUEUE                                = 0x2000
+	MSG_FASTOPEN                                = 0x20000000
+	MSG_FIN                                     = 0x200
+	MSG_MORE                                    = 0x8000
+	MSG_NOSIGNAL                                = 0x4000
+	MSG_OOB                                     = 0x1
+	MSG_PEEK                                    = 0x2
+	MSG_PROXY                                   = 0x10
+	MSG_RST                                     = 0x1000
+	MSG_SYN                                     = 0x400
+	MSG_TRUNC                                   = 0x20
+	MSG_TRYHARD                                 = 0x4
+	MSG_WAITALL                                 = 0x100
+	MSG_WAITFORONE                              = 0x10000
+	MSG_ZEROCOPY                                = 0x4000000
+	MS_ACTIVE                                   = 0x40000000
+	MS_ASYNC                                    = 0x1
+	MS_BIND                                     = 0x1000
+	MS_BORN                                     = 0x20000000
+	MS_DIRSYNC                                  = 0x80
+	MS_INVALIDATE                               = 0x2
+	MS_I_VERSION                                = 0x800000
+	MS_KERNMOUNT                                = 0x400000
+	MS_LAZYTIME                                 = 0x2000000
+	MS_MANDLOCK                                 = 0x40
+	MS_MGC_MSK                                  = 0xffff0000
+	MS_MGC_VAL                                  = 0xc0ed0000
+	MS_MOVE                                     = 0x2000
+	MS_NOATIME                                  = 0x400
+	MS_NODEV                                    = 0x4
+	MS_NODIRATIME                               = 0x800
+	MS_NOEXEC                                   = 0x8
+	MS_NOREMOTELOCK                             = 0x8000000
+	MS_NOSEC                                    = 0x10000000
+	MS_NOSUID                                   = 0x2
+	MS_NOSYMFOLLOW                              = 0x100
+	MS_NOUSER                                   = -0x80000000
+	MS_POSIXACL                                 = 0x10000
+	MS_PRIVATE                                  = 0x40000
+	MS_RDONLY                                   = 0x1
+	MS_REC                                      = 0x4000
+	MS_RELATIME                                 = 0x200000
+	MS_REMOUNT                                  = 0x20
+	MS_RMT_MASK                                 = 0x2800051
+	MS_SHARED                                   = 0x100000
+	MS_SILENT                                   = 0x8000
+	MS_SLAVE                                    = 0x80000
+	MS_STRICTATIME                              = 0x1000000
+	MS_SUBMOUNT                                 = 0x4000000
+	MS_SYNC                                     = 0x4
+	MS_SYNCHRONOUS                              = 0x10
+	MS_UNBINDABLE                               = 0x20000
+	MS_VERBOSE                                  = 0x8000
+	MTD_ABSENT                                  = 0x0
+	MTD_BIT_WRITEABLE                           = 0x800
+	MTD_CAP_NANDFLASH                           = 0x400
+	MTD_CAP_NORFLASH                            = 0xc00
+	MTD_CAP_NVRAM                               = 0x1c00
+	MTD_CAP_RAM                                 = 0x1c00
+	MTD_CAP_ROM                                 = 0x0
+	MTD_DATAFLASH                               = 0x6
+	MTD_INODE_FS_MAGIC                          = 0x11307854
+	MTD_MAX_ECCPOS_ENTRIES                      = 0x40
+	MTD_MAX_OOBFREE_ENTRIES                     = 0x8
+	MTD_MLCNANDFLASH                            = 0x8
+	MTD_NANDECC_AUTOPLACE                       = 0x2
+	MTD_NANDECC_AUTOPL_USR                      = 0x4
+	MTD_NANDECC_OFF                             = 0x0
+	MTD_NANDECC_PLACE                           = 0x1
+	MTD_NANDECC_PLACEONLY                       = 0x3
+	MTD_NANDFLASH                               = 0x4
+	MTD_NORFLASH                                = 0x3
+	MTD_NO_ERASE                                = 0x1000
+	MTD_OTP_FACTORY                             = 0x1
+	MTD_OTP_OFF                                 = 0x0
+	MTD_OTP_USER                                = 0x2
+	MTD_POWERUP_LOCK                            = 0x2000
+	MTD_RAM                                     = 0x1
+	MTD_ROM                                     = 0x2
+	MTD_SLC_ON_MLC_EMULATION                    = 0x4000
+	MTD_UBIVOLUME                               = 0x7
+	MTD_WRITEABLE                               = 0x400
+	NAME_MAX                                    = 0xff
+	NCP_SUPER_MAGIC                             = 0x564c
+	NETLINK_ADD_MEMBERSHIP                      = 0x1
+	NETLINK_AUDIT                               = 0x9
+	NETLINK_BROADCAST_ERROR                     = 0x4
+	NETLINK_CAP_ACK                             = 0xa
+	NETLINK_CONNECTOR                           = 0xb
+	NETLINK_CRYPTO                              = 0x15
+	NETLINK_DNRTMSG                             = 0xe
+	NETLINK_DROP_MEMBERSHIP                     = 0x2
+	NETLINK_ECRYPTFS                            = 0x13
+	NETLINK_EXT_ACK                             = 0xb
+	NETLINK_FIB_LOOKUP                          = 0xa
+	NETLINK_FIREWALL                            = 0x3
+	NETLINK_GENERIC                             = 0x10
+	NETLINK_GET_STRICT_CHK                      = 0xc
+	NETLINK_INET_DIAG                           = 0x4
+	NETLINK_IP6_FW                              = 0xd
+	NETLINK_ISCSI                               = 0x8
+	NETLINK_KOBJECT_UEVENT                      = 0xf
+	NETLINK_LISTEN_ALL_NSID                     = 0x8
+	NETLINK_LIST_MEMBERSHIPS                    = 0x9
+	NETLINK_NETFILTER                           = 0xc
+	NETLINK_NFLOG                               = 0x5
+	NETLINK_NO_ENOBUFS                          = 0x5
+	NETLINK_PKTINFO                             = 0x3
+	NETLINK_RDMA                                = 0x14
+	NETLINK_ROUTE                               = 0x0
+	NETLINK_RX_RING                             = 0x6
+	NETLINK_SCSITRANSPORT                       = 0x12
+	NETLINK_SELINUX                             = 0x7
+	NETLINK_SMC                                 = 0x16
+	NETLINK_SOCK_DIAG                           = 0x4
+	NETLINK_TX_RING                             = 0x7
+	NETLINK_UNUSED                              = 0x1
+	NETLINK_USERSOCK                            = 0x2
+	NETLINK_XFRM                                = 0x6
+	NETNSA_MAX                                  = 0x5
+	NETNSA_NSID_NOT_ASSIGNED                    = -0x1
+	NFC_ATR_REQ_GB_MAXSIZE                      = 0x30
+	NFC_ATR_REQ_MAXSIZE                         = 0x40
+	NFC_ATR_RES_GB_MAXSIZE                      = 0x2f
+	NFC_ATR_RES_MAXSIZE                         = 0x40
+	NFC_COMM_ACTIVE                             = 0x0
+	NFC_COMM_PASSIVE                            = 0x1
+	NFC_DEVICE_NAME_MAXSIZE                     = 0x8
+	NFC_DIRECTION_RX                            = 0x0
+	NFC_DIRECTION_TX                            = 0x1
+	NFC_FIRMWARE_NAME_MAXSIZE                   = 0x20
+	NFC_GB_MAXSIZE                              = 0x30
+	NFC_GENL_MCAST_EVENT_NAME                   = "events"
+	NFC_GENL_NAME                               = "nfc"
+	NFC_GENL_VERSION                            = 0x1
+	NFC_HEADER_SIZE                             = 0x1
+	NFC_ISO15693_UID_MAXSIZE                    = 0x8
+	NFC_LLCP_MAX_SERVICE_NAME                   = 0x3f
+	NFC_LLCP_MIUX                               = 0x1
+	NFC_LLCP_REMOTE_LTO                         = 0x3
+	NFC_LLCP_REMOTE_MIU                         = 0x2
+	NFC_LLCP_REMOTE_RW                          = 0x4
+	NFC_LLCP_RW                                 = 0x0
+	NFC_NFCID1_MAXSIZE                          = 0xa
+	NFC_NFCID2_MAXSIZE                          = 0x8
+	NFC_NFCID3_MAXSIZE                          = 0xa
+	NFC_PROTO_FELICA                            = 0x3
+	NFC_PROTO_FELICA_MASK                       = 0x8
+	NFC_PROTO_ISO14443                          = 0x4
+	NFC_PROTO_ISO14443_B                        = 0x6
+	NFC_PROTO_ISO14443_B_MASK                   = 0x40
+	NFC_PROTO_ISO14443_MASK                     = 0x10
+	NFC_PROTO_ISO15693                          = 0x7
+	NFC_PROTO_ISO15693_MASK                     = 0x80
+	NFC_PROTO_JEWEL                             = 0x1
+	NFC_PROTO_JEWEL_MASK                        = 0x2
+	NFC_PROTO_MAX                               = 0x8
+	NFC_PROTO_MIFARE                            = 0x2
+	NFC_PROTO_MIFARE_MASK                       = 0x4
+	NFC_PROTO_NFC_DEP                           = 0x5
+	NFC_PROTO_NFC_DEP_MASK                      = 0x20
+	NFC_RAW_HEADER_SIZE                         = 0x2
+	NFC_RF_INITIATOR                            = 0x0
+	NFC_RF_NONE                                 = 0x2
+	NFC_RF_TARGET                               = 0x1
+	NFC_SENSB_RES_MAXSIZE                       = 0xc
+	NFC_SENSF_RES_MAXSIZE                       = 0x12
+	NFC_SE_DISABLED                             = 0x0
+	NFC_SE_EMBEDDED                             = 0x2
+	NFC_SE_ENABLED                              = 0x1
+	NFC_SE_UICC                                 = 0x1
+	NFC_SOCKPROTO_LLCP                          = 0x1
+	NFC_SOCKPROTO_MAX                           = 0x2
+	NFC_SOCKPROTO_RAW                           = 0x0
+	NFNETLINK_V0                                = 0x0
+	NFNLGRP_ACCT_QUOTA                          = 0x8
+	NFNLGRP_CONNTRACK_DESTROY                   = 0x3
+	NFNLGRP_CONNTRACK_EXP_DESTROY               = 0x6
+	NFNLGRP_CONNTRACK_EXP_NEW                   = 0x4
+	NFNLGRP_CONNTRACK_EXP_UPDATE                = 0x5
+	NFNLGRP_CONNTRACK_NEW                       = 0x1
+	NFNLGRP_CONNTRACK_UPDATE                    = 0x2
+	NFNLGRP_MAX                                 = 0x9
+	NFNLGRP_NFTABLES                            = 0x7
+	NFNLGRP_NFTRACE                             = 0x9
+	NFNLGRP_NONE                                = 0x0
+	NFNL_BATCH_MAX                              = 0x1
+	NFNL_MSG_BATCH_BEGIN                        = 0x10
+	NFNL_MSG_BATCH_END                          = 0x11
+	NFNL_NFA_NEST                               = 0x8000
+	NFNL_SUBSYS_ACCT                            = 0x7
+	NFNL_SUBSYS_COUNT                           = 0xd
+	NFNL_SUBSYS_CTHELPER                        = 0x9
+	NFNL_SUBSYS_CTNETLINK                       = 0x1
+	NFNL_SUBSYS_CTNETLINK_EXP                   = 0x2
+	NFNL_SUBSYS_CTNETLINK_TIMEOUT               = 0x8
+	NFNL_SUBSYS_HOOK                            = 0xc
+	NFNL_SUBSYS_IPSET                           = 0x6
+	NFNL_SUBSYS_NFTABLES                        = 0xa
+	NFNL_SUBSYS_NFT_COMPAT                      = 0xb
+	NFNL_SUBSYS_NONE                            = 0x0
+	NFNL_SUBSYS_OSF                             = 0x5
+	NFNL_SUBSYS_QUEUE                           = 0x3
+	NFNL_SUBSYS_ULOG                            = 0x4
+	NFS_SUPER_MAGIC                             = 0x6969
+	NILFS_SUPER_MAGIC                           = 0x3434
+	NL0                                         = 0x0
+	NL1                                         = 0x100
+	NLA_ALIGNTO                                 = 0x4
+	NLA_F_NESTED                                = 0x8000
+	NLA_F_NET_BYTEORDER                         = 0x4000
+	NLA_HDRLEN                                  = 0x4
+	NLMSG_ALIGNTO                               = 0x4
+	NLMSG_DONE                                  = 0x3
+	NLMSG_ERROR                                 = 0x2
+	NLMSG_HDRLEN                                = 0x10
+	NLMSG_MIN_TYPE                              = 0x10
+	NLMSG_NOOP                                  = 0x1
+	NLMSG_OVERRUN                               = 0x4
+	NLM_F_ACK                                   = 0x4
+	NLM_F_ACK_TLVS                              = 0x200
+	NLM_F_APPEND                                = 0x800
+	NLM_F_ATOMIC                                = 0x400
+	NLM_F_CAPPED                                = 0x100
+	NLM_F_CREATE                                = 0x400
+	NLM_F_DUMP                                  = 0x300
+	NLM_F_DUMP_FILTERED                         = 0x20
+	NLM_F_DUMP_INTR                             = 0x10
+	NLM_F_ECHO                                  = 0x8
+	NLM_F_EXCL                                  = 0x200
+	NLM_F_MATCH                                 = 0x200
+	NLM_F_MULTI                                 = 0x2
+	NLM_F_NONREC                                = 0x100
+	NLM_F_REPLACE                               = 0x100
+	NLM_F_REQUEST                               = 0x1
+	NLM_F_ROOT                                  = 0x100
+	NSFS_MAGIC                                  = 0x6e736673
+	OCFS2_SUPER_MAGIC                           = 0x7461636f
+	OCRNL                                       = 0x8
+	OFDEL                                       = 0x80
+	OFILL                                       = 0x40
+	ONLRET                                      = 0x20
+	ONOCR                                       = 0x10
+	OPENPROM_SUPER_MAGIC                        = 0x9fa1
+	OPOST                                       = 0x1
+	OVERLAYFS_SUPER_MAGIC                       = 0x794c7630
+	O_ACCMODE                                   = 0x3
+	O_RDONLY                                    = 0x0
+	O_RDWR                                      = 0x2
+	O_WRONLY                                    = 0x1
+	PACKET_ADD_MEMBERSHIP                       = 0x1
+	PACKET_AUXDATA                              = 0x8
+	PACKET_BROADCAST                            = 0x1
+	PACKET_COPY_THRESH                          = 0x7
+	PACKET_DROP_MEMBERSHIP                      = 0x2
+	PACKET_FANOUT                               = 0x12
+	PACKET_FANOUT_CBPF                          = 0x6
+	PACKET_FANOUT_CPU                           = 0x2
+	PACKET_FANOUT_DATA                          = 0x16
+	PACKET_FANOUT_EBPF                          = 0x7
+	PACKET_FANOUT_FLAG_DEFRAG                   = 0x8000
+	PACKET_FANOUT_FLAG_ROLLOVER                 = 0x1000
+	PACKET_FANOUT_FLAG_UNIQUEID                 = 0x2000
+	PACKET_FANOUT_HASH                          = 0x0
+	PACKET_FANOUT_LB                            = 0x1
+	PACKET_FANOUT_QM                            = 0x5
+	PACKET_FANOUT_RND                           = 0x4
+	PACKET_FANOUT_ROLLOVER                      = 0x3
+	PACKET_FASTROUTE                            = 0x6
+	PACKET_HDRLEN                               = 0xb
+	PACKET_HOST                                 = 0x0
+	PACKET_IGNORE_OUTGOING                      = 0x17
+	PACKET_KERNEL                               = 0x7
+	PACKET_LOOPBACK                             = 0x5
+	PACKET_LOSS                                 = 0xe
+	PACKET_MR_ALLMULTI                          = 0x2
+	PACKET_MR_MULTICAST                         = 0x0
+	PACKET_MR_PROMISC                           = 0x1
+	PACKET_MR_UNICAST                           = 0x3
+	PACKET_MULTICAST                            = 0x2
+	PACKET_ORIGDEV                              = 0x9
+	PACKET_OTHERHOST                            = 0x3
+	PACKET_OUTGOING                             = 0x4
+	PACKET_QDISC_BYPASS                         = 0x14
+	PACKET_RECV_OUTPUT                          = 0x3
+	PACKET_RESERVE                              = 0xc
+	PACKET_ROLLOVER_STATS                       = 0x15
+	PACKET_RX_RING                              = 0x5
+	PACKET_STATISTICS                           = 0x6
+	PACKET_TIMESTAMP                            = 0x11
+	PACKET_TX_HAS_OFF                           = 0x13
+	PACKET_TX_RING                              = 0xd
+	PACKET_TX_TIMESTAMP                         = 0x10
+	PACKET_USER                                 = 0x6
+	PACKET_VERSION                              = 0xa
+	PACKET_VNET_HDR                             = 0xf
+	PARITY_CRC16_PR0                            = 0x2
+	PARITY_CRC16_PR0_CCITT                      = 0x4
+	PARITY_CRC16_PR1                            = 0x3
+	PARITY_CRC16_PR1_CCITT                      = 0x5
+	PARITY_CRC32_PR0_CCITT                      = 0x6
+	PARITY_CRC32_PR1_CCITT                      = 0x7
+	PARITY_DEFAULT                              = 0x0
+	PARITY_NONE                                 = 0x1
+	PARMRK                                      = 0x8
+	PERF_ATTR_SIZE_VER0                         = 0x40
+	PERF_ATTR_SIZE_VER1                         = 0x48
+	PERF_ATTR_SIZE_VER2                         = 0x50
+	PERF_ATTR_SIZE_VER3                         = 0x60
+	PERF_ATTR_SIZE_VER4                         = 0x68
+	PERF_ATTR_SIZE_VER5                         = 0x70
+	PERF_ATTR_SIZE_VER6                         = 0x78
+	PERF_ATTR_SIZE_VER7                         = 0x80
+	PERF_AUX_FLAG_COLLISION                     = 0x8
+	PERF_AUX_FLAG_CORESIGHT_FORMAT_CORESIGHT    = 0x0
+	PERF_AUX_FLAG_CORESIGHT_FORMAT_RAW          = 0x100
+	PERF_AUX_FLAG_OVERWRITE                     = 0x2
+	PERF_AUX_FLAG_PARTIAL                       = 0x4
+	PERF_AUX_FLAG_PMU_FORMAT_TYPE_MASK          = 0xff00
+	PERF_AUX_FLAG_TRUNCATED                     = 0x1
+	PERF_FLAG_FD_CLOEXEC                        = 0x8
+	PERF_FLAG_FD_NO_GROUP                       = 0x1
+	PERF_FLAG_FD_OUTPUT                         = 0x2
+	PERF_FLAG_PID_CGROUP                        = 0x4
+	PERF_HW_EVENT_MASK                          = 0xffffffff
+	PERF_MAX_CONTEXTS_PER_STACK                 = 0x8
+	PERF_MAX_STACK_DEPTH                        = 0x7f
+	PERF_MEM_BLK_ADDR                           = 0x4
+	PERF_MEM_BLK_DATA                           = 0x2
+	PERF_MEM_BLK_NA                             = 0x1
+	PERF_MEM_BLK_SHIFT                          = 0x28
+	PERF_MEM_LOCK_LOCKED                        = 0x2
+	PERF_MEM_LOCK_NA                            = 0x1
+	PERF_MEM_LOCK_SHIFT                         = 0x18
+	PERF_MEM_LVLNUM_ANY_CACHE                   = 0xb
+	PERF_MEM_LVLNUM_L1                          = 0x1
+	PERF_MEM_LVLNUM_L2                          = 0x2
+	PERF_MEM_LVLNUM_L3                          = 0x3
+	PERF_MEM_LVLNUM_L4                          = 0x4
+	PERF_MEM_LVLNUM_LFB                         = 0xc
+	PERF_MEM_LVLNUM_NA                          = 0xf
+	PERF_MEM_LVLNUM_PMEM                        = 0xe
+	PERF_MEM_LVLNUM_RAM                         = 0xd
+	PERF_MEM_LVLNUM_SHIFT                       = 0x21
+	PERF_MEM_LVL_HIT                            = 0x2
+	PERF_MEM_LVL_IO                             = 0x1000
+	PERF_MEM_LVL_L1                             = 0x8
+	PERF_MEM_LVL_L2                             = 0x20
+	PERF_MEM_LVL_L3                             = 0x40
+	PERF_MEM_LVL_LFB                            = 0x10
+	PERF_MEM_LVL_LOC_RAM                        = 0x80
+	PERF_MEM_LVL_MISS                           = 0x4
+	PERF_MEM_LVL_NA                             = 0x1
+	PERF_MEM_LVL_REM_CCE1                       = 0x400
+	PERF_MEM_LVL_REM_CCE2                       = 0x800
+	PERF_MEM_LVL_REM_RAM1                       = 0x100
+	PERF_MEM_LVL_REM_RAM2                       = 0x200
+	PERF_MEM_LVL_SHIFT                          = 0x5
+	PERF_MEM_LVL_UNC                            = 0x2000
+	PERF_MEM_OP_EXEC                            = 0x10
+	PERF_MEM_OP_LOAD                            = 0x2
+	PERF_MEM_OP_NA                              = 0x1
+	PERF_MEM_OP_PFETCH                          = 0x8
+	PERF_MEM_OP_SHIFT                           = 0x0
+	PERF_MEM_OP_STORE                           = 0x4
+	PERF_MEM_REMOTE_REMOTE                      = 0x1
+	PERF_MEM_REMOTE_SHIFT                       = 0x25
+	PERF_MEM_SNOOPX_FWD                         = 0x1
+	PERF_MEM_SNOOPX_SHIFT                       = 0x26
+	PERF_MEM_SNOOP_HIT                          = 0x4
+	PERF_MEM_SNOOP_HITM                         = 0x10
+	PERF_MEM_SNOOP_MISS                         = 0x8
+	PERF_MEM_SNOOP_NA                           = 0x1
+	PERF_MEM_SNOOP_NONE                         = 0x2
+	PERF_MEM_SNOOP_SHIFT                        = 0x13
+	PERF_MEM_TLB_HIT                            = 0x2
+	PERF_MEM_TLB_L1                             = 0x8
+	PERF_MEM_TLB_L2                             = 0x10
+	PERF_MEM_TLB_MISS                           = 0x4
+	PERF_MEM_TLB_NA                             = 0x1
+	PERF_MEM_TLB_OS                             = 0x40
+	PERF_MEM_TLB_SHIFT                          = 0x1a
+	PERF_MEM_TLB_WK                             = 0x20
+	PERF_PMU_TYPE_SHIFT                         = 0x20
+	PERF_RECORD_KSYMBOL_FLAGS_UNREGISTER        = 0x1
+	PERF_RECORD_MISC_COMM_EXEC                  = 0x2000
+	PERF_RECORD_MISC_CPUMODE_MASK               = 0x7
+	PERF_RECORD_MISC_CPUMODE_UNKNOWN            = 0x0
+	PERF_RECORD_MISC_EXACT_IP                   = 0x4000
+	PERF_RECORD_MISC_EXT_RESERVED               = 0x8000
+	PERF_RECORD_MISC_FORK_EXEC                  = 0x2000
+	PERF_RECORD_MISC_GUEST_KERNEL               = 0x4
+	PERF_RECORD_MISC_GUEST_USER                 = 0x5
+	PERF_RECORD_MISC_HYPERVISOR                 = 0x3
+	PERF_RECORD_MISC_KERNEL                     = 0x1
+	PERF_RECORD_MISC_MMAP_BUILD_ID              = 0x4000
+	PERF_RECORD_MISC_MMAP_DATA                  = 0x2000
+	PERF_RECORD_MISC_PROC_MAP_PARSE_TIMEOUT     = 0x1000
+	PERF_RECORD_MISC_SWITCH_OUT                 = 0x2000
+	PERF_RECORD_MISC_SWITCH_OUT_PREEMPT         = 0x4000
+	PERF_RECORD_MISC_USER                       = 0x2
+	PERF_SAMPLE_BRANCH_PLM_ALL                  = 0x7
+	PERF_SAMPLE_WEIGHT_TYPE                     = 0x1004000
+	PIPEFS_MAGIC                                = 0x50495045
+	PPC_CMM_MAGIC                               = 0xc7571590
+	PPPIOCGNPMODE                               = 0xc008744c
+	PPPIOCNEWUNIT                               = 0xc004743e
+	PRIO_PGRP                                   = 0x1
+	PRIO_PROCESS                                = 0x0
+	PRIO_USER                                   = 0x2
+	PROC_SUPER_MAGIC                            = 0x9fa0
+	PROT_EXEC                                   = 0x4
+	PROT_GROWSDOWN                              = 0x1000000
+	PROT_GROWSUP                                = 0x2000000
+	PROT_NONE                                   = 0x0
+	PROT_READ                                   = 0x1
+	PROT_WRITE                                  = 0x2
+	PR_CAPBSET_DROP                             = 0x18
+	PR_CAPBSET_READ                             = 0x17
+	PR_CAP_AMBIENT                              = 0x2f
+	PR_CAP_AMBIENT_CLEAR_ALL                    = 0x4
+	PR_CAP_AMBIENT_IS_SET                       = 0x1
+	PR_CAP_AMBIENT_LOWER                        = 0x3
+	PR_CAP_AMBIENT_RAISE                        = 0x2
+	PR_ENDIAN_BIG                               = 0x0
+	PR_ENDIAN_LITTLE                            = 0x1
+	PR_ENDIAN_PPC_LITTLE                        = 0x2
+	PR_FPEMU_NOPRINT                            = 0x1
+	PR_FPEMU_SIGFPE                             = 0x2
+	PR_FP_EXC_ASYNC                             = 0x2
+	PR_FP_EXC_DISABLED                          = 0x0
+	PR_FP_EXC_DIV                               = 0x10000
+	PR_FP_EXC_INV                               = 0x100000
+	PR_FP_EXC_NONRECOV                          = 0x1
+	PR_FP_EXC_OVF                               = 0x20000
+	PR_FP_EXC_PRECISE                           = 0x3
+	PR_FP_EXC_RES                               = 0x80000
+	PR_FP_EXC_SW_ENABLE                         = 0x80
+	PR_FP_EXC_UND                               = 0x40000
+	PR_FP_MODE_FR                               = 0x1
+	PR_FP_MODE_FRE                              = 0x2
+	PR_GET_CHILD_SUBREAPER                      = 0x25
+	PR_GET_DUMPABLE                             = 0x3
+	PR_GET_ENDIAN                               = 0x13
+	PR_GET_FPEMU                                = 0x9
+	PR_GET_FPEXC                                = 0xb
+	PR_GET_FP_MODE                              = 0x2e
+	PR_GET_IO_FLUSHER                           = 0x3a
+	PR_GET_KEEPCAPS                             = 0x7
+	PR_GET_NAME                                 = 0x10
+	PR_GET_NO_NEW_PRIVS                         = 0x27
+	PR_GET_PDEATHSIG                            = 0x2
+	PR_GET_SECCOMP                              = 0x15
+	PR_GET_SECUREBITS                           = 0x1b
+	PR_GET_SPECULATION_CTRL                     = 0x34
+	PR_GET_TAGGED_ADDR_CTRL                     = 0x38
+	PR_GET_THP_DISABLE                          = 0x2a
+	PR_GET_TID_ADDRESS                          = 0x28
+	PR_GET_TIMERSLACK                           = 0x1e
+	PR_GET_TIMING                               = 0xd
+	PR_GET_TSC                                  = 0x19
+	PR_GET_UNALIGN                              = 0x5
+	PR_MCE_KILL                                 = 0x21
+	PR_MCE_KILL_CLEAR                           = 0x0
+	PR_MCE_KILL_DEFAULT                         = 0x2
+	PR_MCE_KILL_EARLY                           = 0x1
+	PR_MCE_KILL_GET                             = 0x22
+	PR_MCE_KILL_LATE                            = 0x0
+	PR_MCE_KILL_SET                             = 0x1
+	PR_MPX_DISABLE_MANAGEMENT                   = 0x2c
+	PR_MPX_ENABLE_MANAGEMENT                    = 0x2b
+	PR_MTE_TAG_MASK                             = 0x7fff8
+	PR_MTE_TAG_SHIFT                            = 0x3
+	PR_MTE_TCF_ASYNC                            = 0x4
+	PR_MTE_TCF_MASK                             = 0x6
+	PR_MTE_TCF_NONE                             = 0x0
+	PR_MTE_TCF_SHIFT                            = 0x1
+	PR_MTE_TCF_SYNC                             = 0x2
+	PR_PAC_APDAKEY                              = 0x4
+	PR_PAC_APDBKEY                              = 0x8
+	PR_PAC_APGAKEY                              = 0x10
+	PR_PAC_APIAKEY                              = 0x1
+	PR_PAC_APIBKEY                              = 0x2
+	PR_PAC_GET_ENABLED_KEYS                     = 0x3d
+	PR_PAC_RESET_KEYS                           = 0x36
+	PR_PAC_SET_ENABLED_KEYS                     = 0x3c
+	PR_SCHED_CORE                               = 0x3e
+	PR_SCHED_CORE_CREATE                        = 0x1
+	PR_SCHED_CORE_GET                           = 0x0
+	PR_SCHED_CORE_MAX                           = 0x4
+	PR_SCHED_CORE_SHARE_FROM                    = 0x3
+	PR_SCHED_CORE_SHARE_TO                      = 0x2
+	PR_SET_CHILD_SUBREAPER                      = 0x24
+	PR_SET_DUMPABLE                             = 0x4
+	PR_SET_ENDIAN                               = 0x14
+	PR_SET_FPEMU                                = 0xa
+	PR_SET_FPEXC                                = 0xc
+	PR_SET_FP_MODE                              = 0x2d
+	PR_SET_IO_FLUSHER                           = 0x39
+	PR_SET_KEEPCAPS                             = 0x8
+	PR_SET_MM                                   = 0x23
+	PR_SET_MM_ARG_END                           = 0x9
+	PR_SET_MM_ARG_START                         = 0x8
+	PR_SET_MM_AUXV                              = 0xc
+	PR_SET_MM_BRK                               = 0x7
+	PR_SET_MM_END_CODE                          = 0x2
+	PR_SET_MM_END_DATA                          = 0x4
+	PR_SET_MM_ENV_END                           = 0xb
+	PR_SET_MM_ENV_START                         = 0xa
+	PR_SET_MM_EXE_FILE                          = 0xd
+	PR_SET_MM_MAP                               = 0xe
+	PR_SET_MM_MAP_SIZE                          = 0xf
+	PR_SET_MM_START_BRK                         = 0x6
+	PR_SET_MM_START_CODE                        = 0x1
+	PR_SET_MM_START_DATA                        = 0x3
+	PR_SET_MM_START_STACK                       = 0x5
+	PR_SET_NAME                                 = 0xf
+	PR_SET_NO_NEW_PRIVS                         = 0x26
+	PR_SET_PDEATHSIG                            = 0x1
+	PR_SET_PTRACER                              = 0x59616d61
+	PR_SET_SECCOMP                              = 0x16
+	PR_SET_SECUREBITS                           = 0x1c
+	PR_SET_SPECULATION_CTRL                     = 0x35
+	PR_SET_SYSCALL_USER_DISPATCH                = 0x3b
+	PR_SET_TAGGED_ADDR_CTRL                     = 0x37
+	PR_SET_THP_DISABLE                          = 0x29
+	PR_SET_TIMERSLACK                           = 0x1d
+	PR_SET_TIMING                               = 0xe
+	PR_SET_TSC                                  = 0x1a
+	PR_SET_UNALIGN                              = 0x6
+	PR_SPEC_DISABLE                             = 0x4
+	PR_SPEC_DISABLE_NOEXEC                      = 0x10
+	PR_SPEC_ENABLE                              = 0x2
+	PR_SPEC_FORCE_DISABLE                       = 0x8
+	PR_SPEC_INDIRECT_BRANCH                     = 0x1
+	PR_SPEC_NOT_AFFECTED                        = 0x0
+	PR_SPEC_PRCTL                               = 0x1
+	PR_SPEC_STORE_BYPASS                        = 0x0
+	PR_SVE_GET_VL                               = 0x33
+	PR_SVE_SET_VL                               = 0x32
+	PR_SVE_SET_VL_ONEXEC                        = 0x40000
+	PR_SVE_VL_INHERIT                           = 0x20000
+	PR_SVE_VL_LEN_MASK                          = 0xffff
+	PR_SYS_DISPATCH_OFF                         = 0x0
+	PR_SYS_DISPATCH_ON                          = 0x1
+	PR_TAGGED_ADDR_ENABLE                       = 0x1
+	PR_TASK_PERF_EVENTS_DISABLE                 = 0x1f
+	PR_TASK_PERF_EVENTS_ENABLE                  = 0x20
+	PR_TIMING_STATISTICAL                       = 0x0
+	PR_TIMING_TIMESTAMP                         = 0x1
+	PR_TSC_ENABLE                               = 0x1
+	PR_TSC_SIGSEGV                              = 0x2
+	PR_UNALIGN_NOPRINT                          = 0x1
+	PR_UNALIGN_SIGBUS                           = 0x2
+	PSTOREFS_MAGIC                              = 0x6165676c
+	PTRACE_ATTACH                               = 0x10
+	PTRACE_CONT                                 = 0x7
+	PTRACE_DETACH                               = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY               = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT                = 0x2
+	PTRACE_EVENT_CLONE                          = 0x3
+	PTRACE_EVENT_EXEC                           = 0x4
+	PTRACE_EVENT_EXIT                           = 0x6
+	PTRACE_EVENT_FORK                           = 0x1
+	PTRACE_EVENT_SECCOMP                        = 0x7
+	PTRACE_EVENT_STOP                           = 0x80
+	PTRACE_EVENT_VFORK                          = 0x2
+	PTRACE_EVENT_VFORK_DONE                     = 0x5
+	PTRACE_GETEVENTMSG                          = 0x4201
+	PTRACE_GETREGS                              = 0xc
+	PTRACE_GETREGSET                            = 0x4204
+	PTRACE_GETSIGINFO                           = 0x4202
+	PTRACE_GETSIGMASK                           = 0x420a
+	PTRACE_GET_RSEQ_CONFIGURATION               = 0x420f
+	PTRACE_GET_SYSCALL_INFO                     = 0x420e
+	PTRACE_INTERRUPT                            = 0x4207
+	PTRACE_KILL                                 = 0x8
+	PTRACE_LISTEN                               = 0x4208
+	PTRACE_O_EXITKILL                           = 0x100000
+	PTRACE_O_MASK                               = 0x3000ff
+	PTRACE_O_SUSPEND_SECCOMP                    = 0x200000
+	PTRACE_O_TRACECLONE                         = 0x8
+	PTRACE_O_TRACEEXEC                          = 0x10
+	PTRACE_O_TRACEEXIT                          = 0x40
+	PTRACE_O_TRACEFORK                          = 0x2
+	PTRACE_O_TRACESECCOMP                       = 0x80
+	PTRACE_O_TRACESYSGOOD                       = 0x1
+	PTRACE_O_TRACEVFORK                         = 0x4
+	PTRACE_O_TRACEVFORKDONE                     = 0x20
+	PTRACE_PEEKDATA                             = 0x2
+	PTRACE_PEEKSIGINFO                          = 0x4209
+	PTRACE_PEEKSIGINFO_SHARED                   = 0x1
+	PTRACE_PEEKTEXT                             = 0x1
+	PTRACE_PEEKUSR                              = 0x3
+	PTRACE_POKEDATA                             = 0x5
+	PTRACE_POKETEXT                             = 0x4
+	PTRACE_POKEUSR                              = 0x6
+	PTRACE_SECCOMP_GET_FILTER                   = 0x420c
+	PTRACE_SECCOMP_GET_METADATA                 = 0x420d
+	PTRACE_SEIZE                                = 0x4206
+	PTRACE_SETOPTIONS                           = 0x4200
+	PTRACE_SETREGS                              = 0xd
+	PTRACE_SETREGSET                            = 0x4205
+	PTRACE_SETSIGINFO                           = 0x4203
+	PTRACE_SETSIGMASK                           = 0x420b
+	PTRACE_SINGLESTEP                           = 0x9
+	PTRACE_SYSCALL                              = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY                   = 0x1
+	PTRACE_SYSCALL_INFO_EXIT                    = 0x2
+	PTRACE_SYSCALL_INFO_NONE                    = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP                 = 0x3
+	PTRACE_TRACEME                              = 0x0
+	QNX4_SUPER_MAGIC                            = 0x2f
+	QNX6_SUPER_MAGIC                            = 0x68191122
+	RAMFS_MAGIC                                 = 0x858458f6
+	RAW_PAYLOAD_DIGITAL                         = 0x3
+	RAW_PAYLOAD_HCI                             = 0x2
+	RAW_PAYLOAD_LLCP                            = 0x0
+	RAW_PAYLOAD_NCI                             = 0x1
+	RAW_PAYLOAD_PROPRIETARY                     = 0x4
+	RDTGROUP_SUPER_MAGIC                        = 0x7655821
+	REISERFS_SUPER_MAGIC                        = 0x52654973
+	RENAME_EXCHANGE                             = 0x2
+	RENAME_NOREPLACE                            = 0x1
+	RENAME_WHITEOUT                             = 0x4
+	RLIMIT_CORE                                 = 0x4
+	RLIMIT_CPU                                  = 0x0
+	RLIMIT_DATA                                 = 0x2
+	RLIMIT_FSIZE                                = 0x1
+	RLIMIT_LOCKS                                = 0xa
+	RLIMIT_MSGQUEUE                             = 0xc
+	RLIMIT_NICE                                 = 0xd
+	RLIMIT_RTPRIO                               = 0xe
+	RLIMIT_RTTIME                               = 0xf
+	RLIMIT_SIGPENDING                           = 0xb
+	RLIMIT_STACK                                = 0x3
+	RLIM_INFINITY                               = 0xffffffffffffffff
+	RTAX_ADVMSS                                 = 0x8
+	RTAX_CC_ALGO                                = 0x10
+	RTAX_CWND                                   = 0x7
+	RTAX_FASTOPEN_NO_COOKIE                     = 0x11
+	RTAX_FEATURES                               = 0xc
+	RTAX_FEATURE_ALLFRAG                        = 0x8
+	RTAX_FEATURE_ECN                            = 0x1
+	RTAX_FEATURE_MASK                           = 0xf
+	RTAX_FEATURE_SACK                           = 0x2
+	RTAX_FEATURE_TIMESTAMP                      = 0x4
+	RTAX_HOPLIMIT                               = 0xa
+	RTAX_INITCWND                               = 0xb
+	RTAX_INITRWND                               = 0xe
+	RTAX_LOCK                                   = 0x1
+	RTAX_MAX                                    = 0x11
+	RTAX_MTU                                    = 0x2
+	RTAX_QUICKACK                               = 0xf
+	RTAX_REORDERING                             = 0x9
+	RTAX_RTO_MIN                                = 0xd
+	RTAX_RTT                                    = 0x4
+	RTAX_RTTVAR                                 = 0x5
+	RTAX_SSTHRESH                               = 0x6
+	RTAX_UNSPEC                                 = 0x0
+	RTAX_WINDOW                                 = 0x3
+	RTA_ALIGNTO                                 = 0x4
+	RTA_MAX                                     = 0x1e
+	RTCF_DIRECTSRC                              = 0x4000000
+	RTCF_DOREDIRECT                             = 0x1000000
+	RTCF_LOG                                    = 0x2000000
+	RTCF_MASQ                                   = 0x400000
+	RTCF_NAT                                    = 0x800000
+	RTCF_VALVE                                  = 0x200000
+	RTC_AF                                      = 0x20
+	RTC_FEATURE_ALARM                           = 0x0
+	RTC_FEATURE_ALARM_RES_MINUTE                = 0x1
+	RTC_FEATURE_CNT                             = 0x3
+	RTC_FEATURE_NEED_WEEK_DAY                   = 0x2
+	RTC_IRQF                                    = 0x80
+	RTC_MAX_FREQ                                = 0x2000
+	RTC_PF                                      = 0x40
+	RTC_UF                                      = 0x10
+	RTF_ADDRCLASSMASK                           = 0xf8000000
+	RTF_ADDRCONF                                = 0x40000
+	RTF_ALLONLINK                               = 0x20000
+	RTF_BROADCAST                               = 0x10000000
+	RTF_CACHE                                   = 0x1000000
+	RTF_DEFAULT                                 = 0x10000
+	RTF_DYNAMIC                                 = 0x10
+	RTF_FLOW                                    = 0x2000000
+	RTF_GATEWAY                                 = 0x2
+	RTF_HOST                                    = 0x4
+	RTF_INTERFACE                               = 0x40000000
+	RTF_IRTT                                    = 0x100
+	RTF_LINKRT                                  = 0x100000
+	RTF_LOCAL                                   = 0x80000000
+	RTF_MODIFIED                                = 0x20
+	RTF_MSS                                     = 0x40
+	RTF_MTU                                     = 0x40
+	RTF_MULTICAST                               = 0x20000000
+	RTF_NAT                                     = 0x8000000
+	RTF_NOFORWARD                               = 0x1000
+	RTF_NONEXTHOP                               = 0x200000
+	RTF_NOPMTUDISC                              = 0x4000
+	RTF_POLICY                                  = 0x4000000
+	RTF_REINSTATE                               = 0x8
+	RTF_REJECT                                  = 0x200
+	RTF_STATIC                                  = 0x400
+	RTF_THROW                                   = 0x2000
+	RTF_UP                                      = 0x1
+	RTF_WINDOW                                  = 0x80
+	RTF_XRESOLVE                                = 0x800
+	RTMGRP_DECnet_IFADDR                        = 0x1000
+	RTMGRP_DECnet_ROUTE                         = 0x4000
+	RTMGRP_IPV4_IFADDR                          = 0x10
+	RTMGRP_IPV4_MROUTE                          = 0x20
+	RTMGRP_IPV4_ROUTE                           = 0x40
+	RTMGRP_IPV4_RULE                            = 0x80
+	RTMGRP_IPV6_IFADDR                          = 0x100
+	RTMGRP_IPV6_IFINFO                          = 0x800
+	RTMGRP_IPV6_MROUTE                          = 0x200
+	RTMGRP_IPV6_PREFIX                          = 0x20000
+	RTMGRP_IPV6_ROUTE                           = 0x400
+	RTMGRP_LINK                                 = 0x1
+	RTMGRP_NEIGH                                = 0x4
+	RTMGRP_NOTIFY                               = 0x2
+	RTMGRP_TC                                   = 0x8
+	RTM_BASE                                    = 0x10
+	RTM_DELACTION                               = 0x31
+	RTM_DELADDR                                 = 0x15
+	RTM_DELADDRLABEL                            = 0x49
+	RTM_DELCHAIN                                = 0x65
+	RTM_DELLINK                                 = 0x11
+	RTM_DELLINKPROP                             = 0x6d
+	RTM_DELMDB                                  = 0x55
+	RTM_DELNEIGH                                = 0x1d
+	RTM_DELNETCONF                              = 0x51
+	RTM_DELNEXTHOP                              = 0x69
+	RTM_DELNEXTHOPBUCKET                        = 0x75
+	RTM_DELNSID                                 = 0x59
+	RTM_DELQDISC                                = 0x25
+	RTM_DELROUTE                                = 0x19
+	RTM_DELRULE                                 = 0x21
+	RTM_DELTCLASS                               = 0x29
+	RTM_DELTFILTER                              = 0x2d
+	RTM_DELVLAN                                 = 0x71
+	RTM_F_CLONED                                = 0x200
+	RTM_F_EQUALIZE                              = 0x400
+	RTM_F_FIB_MATCH                             = 0x2000
+	RTM_F_LOOKUP_TABLE                          = 0x1000
+	RTM_F_NOTIFY                                = 0x100
+	RTM_F_OFFLOAD                               = 0x4000
+	RTM_F_OFFLOAD_FAILED                        = 0x20000000
+	RTM_F_PREFIX                                = 0x800
+	RTM_F_TRAP                                  = 0x8000
+	RTM_GETACTION                               = 0x32
+	RTM_GETADDR                                 = 0x16
+	RTM_GETADDRLABEL                            = 0x4a
+	RTM_GETANYCAST                              = 0x3e
+	RTM_GETCHAIN                                = 0x66
+	RTM_GETDCB                                  = 0x4e
+	RTM_GETLINK                                 = 0x12
+	RTM_GETLINKPROP                             = 0x6e
+	RTM_GETMDB                                  = 0x56
+	RTM_GETMULTICAST                            = 0x3a
+	RTM_GETNEIGH                                = 0x1e
+	RTM_GETNEIGHTBL                             = 0x42
+	RTM_GETNETCONF                              = 0x52
+	RTM_GETNEXTHOP                              = 0x6a
+	RTM_GETNEXTHOPBUCKET                        = 0x76
+	RTM_GETNSID                                 = 0x5a
+	RTM_GETQDISC                                = 0x26
+	RTM_GETROUTE                                = 0x1a
+	RTM_GETRULE                                 = 0x22
+	RTM_GETSTATS                                = 0x5e
+	RTM_GETTCLASS                               = 0x2a
+	RTM_GETTFILTER                              = 0x2e
+	RTM_GETVLAN                                 = 0x72
+	RTM_MAX                                     = 0x77
+	RTM_NEWACTION                               = 0x30
+	RTM_NEWADDR                                 = 0x14
+	RTM_NEWADDRLABEL                            = 0x48
+	RTM_NEWCACHEREPORT                          = 0x60
+	RTM_NEWCHAIN                                = 0x64
+	RTM_NEWLINK                                 = 0x10
+	RTM_NEWLINKPROP                             = 0x6c
+	RTM_NEWMDB                                  = 0x54
+	RTM_NEWNDUSEROPT                            = 0x44
+	RTM_NEWNEIGH                                = 0x1c
+	RTM_NEWNEIGHTBL                             = 0x40
+	RTM_NEWNETCONF                              = 0x50
+	RTM_NEWNEXTHOP                              = 0x68
+	RTM_NEWNEXTHOPBUCKET                        = 0x74
+	RTM_NEWNSID                                 = 0x58
+	RTM_NEWNVLAN                                = 0x70
+	RTM_NEWPREFIX                               = 0x34
+	RTM_NEWQDISC                                = 0x24
+	RTM_NEWROUTE                                = 0x18
+	RTM_NEWRULE                                 = 0x20
+	RTM_NEWSTATS                                = 0x5c
+	RTM_NEWTCLASS                               = 0x28
+	RTM_NEWTFILTER                              = 0x2c
+	RTM_NR_FAMILIES                             = 0x1a
+	RTM_NR_MSGTYPES                             = 0x68
+	RTM_SETDCB                                  = 0x4f
+	RTM_SETLINK                                 = 0x13
+	RTM_SETNEIGHTBL                             = 0x43
+	RTNH_ALIGNTO                                = 0x4
+	RTNH_COMPARE_MASK                           = 0x59
+	RTNH_F_DEAD                                 = 0x1
+	RTNH_F_LINKDOWN                             = 0x10
+	RTNH_F_OFFLOAD                              = 0x8
+	RTNH_F_ONLINK                               = 0x4
+	RTNH_F_PERVASIVE                            = 0x2
+	RTNH_F_TRAP                                 = 0x40
+	RTNH_F_UNRESOLVED                           = 0x20
+	RTN_MAX                                     = 0xb
+	RTPROT_BABEL                                = 0x2a
+	RTPROT_BGP                                  = 0xba
+	RTPROT_BIRD                                 = 0xc
+	RTPROT_BOOT                                 = 0x3
+	RTPROT_DHCP                                 = 0x10
+	RTPROT_DNROUTED                             = 0xd
+	RTPROT_EIGRP                                = 0xc0
+	RTPROT_GATED                                = 0x8
+	RTPROT_ISIS                                 = 0xbb
+	RTPROT_KEEPALIVED                           = 0x12
+	RTPROT_KERNEL                               = 0x2
+	RTPROT_MROUTED                              = 0x11
+	RTPROT_MRT                                  = 0xa
+	RTPROT_NTK                                  = 0xf
+	RTPROT_OPENR                                = 0x63
+	RTPROT_OSPF                                 = 0xbc
+	RTPROT_RA                                   = 0x9
+	RTPROT_REDIRECT                             = 0x1
+	RTPROT_RIP                                  = 0xbd
+	RTPROT_STATIC                               = 0x4
+	RTPROT_UNSPEC                               = 0x0
+	RTPROT_XORP                                 = 0xe
+	RTPROT_ZEBRA                                = 0xb
+	RT_CLASS_DEFAULT                            = 0xfd
+	RT_CLASS_LOCAL                              = 0xff
+	RT_CLASS_MAIN                               = 0xfe
+	RT_CLASS_MAX                                = 0xff
+	RT_CLASS_UNSPEC                             = 0x0
+	RUSAGE_CHILDREN                             = -0x1
+	RUSAGE_SELF                                 = 0x0
+	RUSAGE_THREAD                               = 0x1
+	RWF_APPEND                                  = 0x10
+	RWF_DSYNC                                   = 0x2
+	RWF_HIPRI                                   = 0x1
+	RWF_NOWAIT                                  = 0x8
+	RWF_SUPPORTED                               = 0x1f
+	RWF_SYNC                                    = 0x4
+	RWF_WRITE_LIFE_NOT_SET                      = 0x0
+	SCM_CREDENTIALS                             = 0x2
+	SCM_RIGHTS                                  = 0x1
+	SCM_TIMESTAMP                               = 0x1d
+	SC_LOG_FLUSH                                = 0x100000
+	SECCOMP_MODE_DISABLED                       = 0x0
+	SECCOMP_MODE_FILTER                         = 0x2
+	SECCOMP_MODE_STRICT                         = 0x1
+	SECRETMEM_MAGIC                             = 0x5345434d
+	SECURITYFS_MAGIC                            = 0x73636673
+	SEEK_CUR                                    = 0x1
+	SEEK_DATA                                   = 0x3
+	SEEK_END                                    = 0x2
+	SEEK_HOLE                                   = 0x4
+	SEEK_MAX                                    = 0x4
+	SEEK_SET                                    = 0x0
+	SELINUX_MAGIC                               = 0xf97cff8c
+	SHUT_RD                                     = 0x0
+	SHUT_RDWR                                   = 0x2
+	SHUT_WR                                     = 0x1
+	SIOCADDDLCI                                 = 0x8980
+	SIOCADDMULTI                                = 0x8931
+	SIOCADDRT                                   = 0x890b
+	SIOCBONDCHANGEACTIVE                        = 0x8995
+	SIOCBONDENSLAVE                             = 0x8990
+	SIOCBONDINFOQUERY                           = 0x8994
+	SIOCBONDRELEASE                             = 0x8991
+	SIOCBONDSETHWADDR                           = 0x8992
+	SIOCBONDSLAVEINFOQUERY                      = 0x8993
+	SIOCBRADDBR                                 = 0x89a0
+	SIOCBRADDIF                                 = 0x89a2
+	SIOCBRDELBR                                 = 0x89a1
+	SIOCBRDELIF                                 = 0x89a3
+	SIOCDARP                                    = 0x8953
+	SIOCDELDLCI                                 = 0x8981
+	SIOCDELMULTI                                = 0x8932
+	SIOCDELRT                                   = 0x890c
+	SIOCDEVPRIVATE                              = 0x89f0
+	SIOCDIFADDR                                 = 0x8936
+	SIOCDRARP                                   = 0x8960
+	SIOCETHTOOL                                 = 0x8946
+	SIOCGARP                                    = 0x8954
+	SIOCGETLINKNAME                             = 0x89e0
+	SIOCGETNODEID                               = 0x89e1
+	SIOCGHWTSTAMP                               = 0x89b1
+	SIOCGIFADDR                                 = 0x8915
+	SIOCGIFBR                                   = 0x8940
+	SIOCGIFBRDADDR                              = 0x8919
+	SIOCGIFCONF                                 = 0x8912
+	SIOCGIFCOUNT                                = 0x8938
+	SIOCGIFDSTADDR                              = 0x8917
+	SIOCGIFENCAP                                = 0x8925
+	SIOCGIFFLAGS                                = 0x8913
+	SIOCGIFHWADDR                               = 0x8927
+	SIOCGIFINDEX                                = 0x8933
+	SIOCGIFMAP                                  = 0x8970
+	SIOCGIFMEM                                  = 0x891f
+	SIOCGIFMETRIC                               = 0x891d
+	SIOCGIFMTU                                  = 0x8921
+	SIOCGIFNAME                                 = 0x8910
+	SIOCGIFNETMASK                              = 0x891b
+	SIOCGIFPFLAGS                               = 0x8935
+	SIOCGIFSLAVE                                = 0x8929
+	SIOCGIFTXQLEN                               = 0x8942
+	SIOCGIFVLAN                                 = 0x8982
+	SIOCGMIIPHY                                 = 0x8947
+	SIOCGMIIREG                                 = 0x8948
+	SIOCGPPPCSTATS                              = 0x89f2
+	SIOCGPPPSTATS                               = 0x89f0
+	SIOCGPPPVER                                 = 0x89f1
+	SIOCGRARP                                   = 0x8961
+	SIOCGSKNS                                   = 0x894c
+	SIOCGSTAMP                                  = 0x8906
+	SIOCGSTAMPNS                                = 0x8907
+	SIOCGSTAMPNS_OLD                            = 0x8907
+	SIOCGSTAMP_OLD                              = 0x8906
+	SIOCOUTQNSD                                 = 0x894b
+	SIOCPROTOPRIVATE                            = 0x89e0
+	SIOCRTMSG                                   = 0x890d
+	SIOCSARP                                    = 0x8955
+	SIOCSHWTSTAMP                               = 0x89b0
+	SIOCSIFADDR                                 = 0x8916
+	SIOCSIFBR                                   = 0x8941
+	SIOCSIFBRDADDR                              = 0x891a
+	SIOCSIFDSTADDR                              = 0x8918
+	SIOCSIFENCAP                                = 0x8926
+	SIOCSIFFLAGS                                = 0x8914
+	SIOCSIFHWADDR                               = 0x8924
+	SIOCSIFHWBROADCAST                          = 0x8937
+	SIOCSIFLINK                                 = 0x8911
+	SIOCSIFMAP                                  = 0x8971
+	SIOCSIFMEM                                  = 0x8920
+	SIOCSIFMETRIC                               = 0x891e
+	SIOCSIFMTU                                  = 0x8922
+	SIOCSIFNAME                                 = 0x8923
+	SIOCSIFNETMASK                              = 0x891c
+	SIOCSIFPFLAGS                               = 0x8934
+	SIOCSIFSLAVE                                = 0x8930
+	SIOCSIFTXQLEN                               = 0x8943
+	SIOCSIFVLAN                                 = 0x8983
+	SIOCSMIIREG                                 = 0x8949
+	SIOCSRARP                                   = 0x8962
+	SIOCWANDEV                                  = 0x894a
+	SMACK_MAGIC                                 = 0x43415d53
+	SMART_AUTOSAVE                              = 0xd2
+	SMART_AUTO_OFFLINE                          = 0xdb
+	SMART_DISABLE                               = 0xd9
+	SMART_ENABLE                                = 0xd8
+	SMART_HCYL_PASS                             = 0xc2
+	SMART_IMMEDIATE_OFFLINE                     = 0xd4
+	SMART_LCYL_PASS                             = 0x4f
+	SMART_READ_LOG_SECTOR                       = 0xd5
+	SMART_READ_THRESHOLDS                       = 0xd1
+	SMART_READ_VALUES                           = 0xd0
+	SMART_SAVE                                  = 0xd3
+	SMART_STATUS                                = 0xda
+	SMART_WRITE_LOG_SECTOR                      = 0xd6
+	SMART_WRITE_THRESHOLDS                      = 0xd7
+	SMB_SUPER_MAGIC                             = 0x517b
+	SOCKFS_MAGIC                                = 0x534f434b
+	SOCK_DCCP                                   = 0x6
+	SOCK_IOC_TYPE                               = 0x89
+	SOCK_PACKET                                 = 0xa
+	SOCK_RAW                                    = 0x3
+	SOCK_RDM                                    = 0x4
+	SOCK_SEQPACKET                              = 0x5
+	SOL_AAL                                     = 0x109
+	SOL_ALG                                     = 0x117
+	SOL_ATM                                     = 0x108
+	SOL_CAIF                                    = 0x116
+	SOL_CAN_BASE                                = 0x64
+	SOL_CAN_RAW                                 = 0x65
+	SOL_DCCP                                    = 0x10d
+	SOL_DECNET                                  = 0x105
+	SOL_ICMPV6                                  = 0x3a
+	SOL_IP                                      = 0x0
+	SOL_IPV6                                    = 0x29
+	SOL_IRDA                                    = 0x10a
+	SOL_IUCV                                    = 0x115
+	SOL_KCM                                     = 0x119
+	SOL_LLC                                     = 0x10c
+	SOL_NETBEUI                                 = 0x10b
+	SOL_NETLINK                                 = 0x10e
+	SOL_NFC                                     = 0x118
+	SOL_PACKET                                  = 0x107
+	SOL_PNPIPE                                  = 0x113
+	SOL_PPPOL2TP                                = 0x111
+	SOL_RAW                                     = 0xff
+	SOL_RDS                                     = 0x114
+	SOL_RXRPC                                   = 0x110
+	SOL_TCP                                     = 0x6
+	SOL_TIPC                                    = 0x10f
+	SOL_TLS                                     = 0x11a
+	SOL_X25                                     = 0x106
+	SOL_XDP                                     = 0x11b
+	SOMAXCONN                                   = 0x1000
+	SO_ATTACH_FILTER                            = 0x1a
+	SO_DEBUG                                    = 0x1
+	SO_DETACH_BPF                               = 0x1b
+	SO_DETACH_FILTER                            = 0x1b
+	SO_EE_CODE_TXTIME_INVALID_PARAM             = 0x1
+	SO_EE_CODE_TXTIME_MISSED                    = 0x2
+	SO_EE_CODE_ZEROCOPY_COPIED                  = 0x1
+	SO_EE_ORIGIN_ICMP                           = 0x2
+	SO_EE_ORIGIN_ICMP6                          = 0x3
+	SO_EE_ORIGIN_LOCAL                          = 0x1
+	SO_EE_ORIGIN_NONE                           = 0x0
+	SO_EE_ORIGIN_TIMESTAMPING                   = 0x4
+	SO_EE_ORIGIN_TXSTATUS                       = 0x4
+	SO_EE_ORIGIN_TXTIME                         = 0x6
+	SO_EE_ORIGIN_ZEROCOPY                       = 0x5
+	SO_EE_RFC4884_FLAG_INVALID                  = 0x1
+	SO_GET_FILTER                               = 0x1a
+	SO_NO_CHECK                                 = 0xb
+	SO_PEERNAME                                 = 0x1c
+	SO_PRIORITY                                 = 0xc
+	SO_TIMESTAMP                                = 0x1d
+	SO_TIMESTAMP_OLD                            = 0x1d
+	SO_VM_SOCKETS_BUFFER_MAX_SIZE               = 0x2
+	SO_VM_SOCKETS_BUFFER_MIN_SIZE               = 0x1
+	SO_VM_SOCKETS_BUFFER_SIZE                   = 0x0
+	SO_VM_SOCKETS_CONNECT_TIMEOUT               = 0x6
+	SO_VM_SOCKETS_NONBLOCK_TXRX                 = 0x7
+	SO_VM_SOCKETS_PEER_HOST_VM_ID               = 0x3
+	SO_VM_SOCKETS_TRUSTED                       = 0x5
+	SPLICE_F_GIFT                               = 0x8
+	SPLICE_F_MORE                               = 0x4
+	SPLICE_F_MOVE                               = 0x1
+	SPLICE_F_NONBLOCK                           = 0x2
+	SQUASHFS_MAGIC                              = 0x73717368
+	STACK_END_MAGIC                             = 0x57ac6e9d
+	STATX_ALL                                   = 0xfff
+	STATX_ATIME                                 = 0x20
+	STATX_ATTR_APPEND                           = 0x20
+	STATX_ATTR_AUTOMOUNT                        = 0x1000
+	STATX_ATTR_COMPRESSED                       = 0x4
+	STATX_ATTR_DAX                              = 0x200000
+	STATX_ATTR_ENCRYPTED                        = 0x800
+	STATX_ATTR_IMMUTABLE                        = 0x10
+	STATX_ATTR_MOUNT_ROOT                       = 0x2000
+	STATX_ATTR_NODUMP                           = 0x40
+	STATX_ATTR_VERITY                           = 0x100000
+	STATX_BASIC_STATS                           = 0x7ff
+	STATX_BLOCKS                                = 0x400
+	STATX_BTIME                                 = 0x800
+	STATX_CTIME                                 = 0x80
+	STATX_GID                                   = 0x10
+	STATX_INO                                   = 0x100
+	STATX_MNT_ID                                = 0x1000
+	STATX_MODE                                  = 0x2
+	STATX_MTIME                                 = 0x40
+	STATX_NLINK                                 = 0x4
+	STATX_SIZE                                  = 0x200
+	STATX_TYPE                                  = 0x1
+	STATX_UID                                   = 0x8
+	STATX__RESERVED                             = 0x80000000
+	SYNC_FILE_RANGE_WAIT_AFTER                  = 0x4
+	SYNC_FILE_RANGE_WAIT_BEFORE                 = 0x1
+	SYNC_FILE_RANGE_WRITE                       = 0x2
+	SYNC_FILE_RANGE_WRITE_AND_WAIT              = 0x7
+	SYSFS_MAGIC                                 = 0x62656572
+	S_BLKSIZE                                   = 0x200
+	S_IEXEC                                     = 0x40
+	S_IFBLK                                     = 0x6000
+	S_IFCHR                                     = 0x2000
+	S_IFDIR                                     = 0x4000
+	S_IFIFO                                     = 0x1000
+	S_IFLNK                                     = 0xa000
+	S_IFMT                                      = 0xf000
+	S_IFREG                                     = 0x8000
+	S_IFSOCK                                    = 0xc000
+	S_IREAD                                     = 0x100
+	S_IRGRP                                     = 0x20
+	S_IROTH                                     = 0x4
+	S_IRUSR                                     = 0x100
+	S_IRWXG                                     = 0x38
+	S_IRWXO                                     = 0x7
+	S_IRWXU                                     = 0x1c0
+	S_ISGID                                     = 0x400
+	S_ISUID                                     = 0x800
+	S_ISVTX                                     = 0x200
+	S_IWGRP                                     = 0x10
+	S_IWOTH                                     = 0x2
+	S_IWRITE                                    = 0x80
+	S_IWUSR                                     = 0x80
+	S_IXGRP                                     = 0x8
+	S_IXOTH                                     = 0x1
+	S_IXUSR                                     = 0x40
+	TAB0                                        = 0x0
+	TASKSTATS_CMD_ATTR_MAX                      = 0x4
+	TASKSTATS_CMD_MAX                           = 0x2
+	TASKSTATS_GENL_NAME                         = "TASKSTATS"
+	TASKSTATS_GENL_VERSION                      = 0x1
+	TASKSTATS_TYPE_MAX                          = 0x6
+	TASKSTATS_VERSION                           = 0xa
+	TCIFLUSH                                    = 0x0
+	TCIOFF                                      = 0x2
+	TCIOFLUSH                                   = 0x2
+	TCION                                       = 0x3
+	TCOFLUSH                                    = 0x1
+	TCOOFF                                      = 0x0
+	TCOON                                       = 0x1
+	TCPOPT_EOL                                  = 0x0
+	TCPOPT_MAXSEG                               = 0x2
+	TCPOPT_NOP                                  = 0x1
+	TCPOPT_SACK                                 = 0x5
+	TCPOPT_SACK_PERMITTED                       = 0x4
+	TCPOPT_TIMESTAMP                            = 0x8
+	TCPOPT_TSTAMP_HDR                           = 0x101080a
+	TCPOPT_WINDOW                               = 0x3
+	TCP_CC_INFO                                 = 0x1a
+	TCP_CM_INQ                                  = 0x24
+	TCP_CONGESTION                              = 0xd
+	TCP_COOKIE_IN_ALWAYS                        = 0x1
+	TCP_COOKIE_MAX                              = 0x10
+	TCP_COOKIE_MIN                              = 0x8
+	TCP_COOKIE_OUT_NEVER                        = 0x2
+	TCP_COOKIE_PAIR_SIZE                        = 0x20
+	TCP_COOKIE_TRANSACTIONS                     = 0xf
+	TCP_CORK                                    = 0x3
+	TCP_DEFER_ACCEPT                            = 0x9
+	TCP_FASTOPEN                                = 0x17
+	TCP_FASTOPEN_CONNECT                        = 0x1e
+	TCP_FASTOPEN_KEY                            = 0x21
+	TCP_FASTOPEN_NO_COOKIE                      = 0x22
+	TCP_INFO                                    = 0xb
+	TCP_INQ                                     = 0x24
+	TCP_KEEPCNT                                 = 0x6
+	TCP_KEEPIDLE                                = 0x4
+	TCP_KEEPINTVL                               = 0x5
+	TCP_LINGER2                                 = 0x8
+	TCP_MAXSEG                                  = 0x2
+	TCP_MAXWIN                                  = 0xffff
+	TCP_MAX_WINSHIFT                            = 0xe
+	TCP_MD5SIG                                  = 0xe
+	TCP_MD5SIG_EXT                              = 0x20
+	TCP_MD5SIG_FLAG_PREFIX                      = 0x1
+	TCP_MD5SIG_MAXKEYLEN                        = 0x50
+	TCP_MSS                                     = 0x200
+	TCP_MSS_DEFAULT                             = 0x218
+	TCP_MSS_DESIRED                             = 0x4c4
+	TCP_NODELAY                                 = 0x1
+	TCP_NOTSENT_LOWAT                           = 0x19
+	TCP_QUEUE_SEQ                               = 0x15
+	TCP_QUICKACK                                = 0xc
+	TCP_REPAIR                                  = 0x13
+	TCP_REPAIR_OFF                              = 0x0
+	TCP_REPAIR_OFF_NO_WP                        = -0x1
+	TCP_REPAIR_ON                               = 0x1
+	TCP_REPAIR_OPTIONS                          = 0x16
+	TCP_REPAIR_QUEUE                            = 0x14
+	TCP_REPAIR_WINDOW                           = 0x1d
+	TCP_SAVED_SYN                               = 0x1c
+	TCP_SAVE_SYN                                = 0x1b
+	TCP_SYNCNT                                  = 0x7
+	TCP_S_DATA_IN                               = 0x4
+	TCP_S_DATA_OUT                              = 0x8
+	TCP_THIN_DUPACK                             = 0x11
+	TCP_THIN_LINEAR_TIMEOUTS                    = 0x10
+	TCP_TIMESTAMP                               = 0x18
+	TCP_TX_DELAY                                = 0x25
+	TCP_ULP                                     = 0x1f
+	TCP_USER_TIMEOUT                            = 0x12
+	TCP_V4_FLOW                                 = 0x1
+	TCP_V6_FLOW                                 = 0x5
+	TCP_WINDOW_CLAMP                            = 0xa
+	TCP_ZEROCOPY_RECEIVE                        = 0x23
+	TFD_TIMER_ABSTIME                           = 0x1
+	TFD_TIMER_CANCEL_ON_SET                     = 0x2
+	TIMER_ABSTIME                               = 0x1
+	TIOCM_DTR                                   = 0x2
+	TIOCM_LE                                    = 0x1
+	TIOCM_RTS                                   = 0x4
+	TIOCPKT_DATA                                = 0x0
+	TIOCPKT_DOSTOP                              = 0x20
+	TIOCPKT_FLUSHREAD                           = 0x1
+	TIOCPKT_FLUSHWRITE                          = 0x2
+	TIOCPKT_IOCTL                               = 0x40
+	TIOCPKT_NOSTOP                              = 0x10
+	TIOCPKT_START                               = 0x8
+	TIOCPKT_STOP                                = 0x4
+	TIPC_ADDR_ID                                = 0x3
+	TIPC_ADDR_MCAST                             = 0x1
+	TIPC_ADDR_NAME                              = 0x2
+	TIPC_ADDR_NAMESEQ                           = 0x1
+	TIPC_AEAD_ALG_NAME                          = 0x20
+	TIPC_AEAD_KEYLEN_MAX                        = 0x24
+	TIPC_AEAD_KEYLEN_MIN                        = 0x14
+	TIPC_AEAD_KEY_SIZE_MAX                      = 0x48
+	TIPC_CFG_SRV                                = 0x0
+	TIPC_CLUSTER_BITS                           = 0xc
+	TIPC_CLUSTER_MASK                           = 0xfff000
+	TIPC_CLUSTER_OFFSET                         = 0xc
+	TIPC_CLUSTER_SIZE                           = 0xfff
+	TIPC_CONN_SHUTDOWN                          = 0x5
+	TIPC_CONN_TIMEOUT                           = 0x82
+	TIPC_CRITICAL_IMPORTANCE                    = 0x3
+	TIPC_DESTNAME                               = 0x3
+	TIPC_DEST_DROPPABLE                         = 0x81
+	TIPC_ERRINFO                                = 0x1
+	TIPC_ERR_NO_NAME                            = 0x1
+	TIPC_ERR_NO_NODE                            = 0x3
+	TIPC_ERR_NO_PORT                            = 0x2
+	TIPC_ERR_OVERLOAD                           = 0x4
+	TIPC_GROUP_JOIN                             = 0x87
+	TIPC_GROUP_LEAVE                            = 0x88
+	TIPC_GROUP_LOOPBACK                         = 0x1
+	TIPC_GROUP_MEMBER_EVTS                      = 0x2
+	TIPC_HIGH_IMPORTANCE                        = 0x2
+	TIPC_IMPORTANCE                             = 0x7f
+	TIPC_LINK_STATE                             = 0x2
+	TIPC_LOW_IMPORTANCE                         = 0x0
+	TIPC_MAX_BEARER_NAME                        = 0x20
+	TIPC_MAX_IF_NAME                            = 0x10
+	TIPC_MAX_LINK_NAME                          = 0x44
+	TIPC_MAX_MEDIA_NAME                         = 0x10
+	TIPC_MAX_USER_MSG_SIZE                      = 0x101d0
+	TIPC_MCAST_BROADCAST                        = 0x85
+	TIPC_MCAST_REPLICAST                        = 0x86
+	TIPC_MEDIUM_IMPORTANCE                      = 0x1
+	TIPC_NODEID_LEN                             = 0x10
+	TIPC_NODELAY                                = 0x8a
+	TIPC_NODE_BITS                              = 0xc
+	TIPC_NODE_MASK                              = 0xfff
+	TIPC_NODE_OFFSET                            = 0x0
+	TIPC_NODE_RECVQ_DEPTH                       = 0x83
+	TIPC_NODE_SIZE                              = 0xfff
+	TIPC_NODE_STATE                             = 0x0
+	TIPC_OK                                     = 0x0
+	TIPC_PUBLISHED                              = 0x1
+	TIPC_REKEYING_NOW                           = 0xffffffff
+	TIPC_RESERVED_TYPES                         = 0x40
+	TIPC_RETDATA                                = 0x2
+	TIPC_SERVICE_ADDR                           = 0x2
+	TIPC_SERVICE_RANGE                          = 0x1
+	TIPC_SOCKET_ADDR                            = 0x3
+	TIPC_SOCK_RECVQ_DEPTH                       = 0x84
+	TIPC_SOCK_RECVQ_USED                        = 0x89
+	TIPC_SRC_DROPPABLE                          = 0x80
+	TIPC_SUBSCR_TIMEOUT                         = 0x3
+	TIPC_SUB_CANCEL                             = 0x4
+	TIPC_SUB_PORTS                              = 0x1
+	TIPC_SUB_SERVICE                            = 0x2
+	TIPC_TOP_SRV                                = 0x1
+	TIPC_WAIT_FOREVER                           = 0xffffffff
+	TIPC_WITHDRAWN                              = 0x2
+	TIPC_ZONE_BITS                              = 0x8
+	TIPC_ZONE_CLUSTER_MASK                      = 0xfffff000
+	TIPC_ZONE_MASK                              = 0xff000000
+	TIPC_ZONE_OFFSET                            = 0x18
+	TIPC_ZONE_SCOPE                             = 0x1
+	TIPC_ZONE_SIZE                              = 0xff
+	TMPFS_MAGIC                                 = 0x1021994
+	TPACKET_ALIGNMENT                           = 0x10
+	TPACKET_HDRLEN                              = 0x34
+	TP_STATUS_AVAILABLE                         = 0x0
+	TP_STATUS_BLK_TMO                           = 0x20
+	TP_STATUS_COPY                              = 0x2
+	TP_STATUS_CSUMNOTREADY                      = 0x8
+	TP_STATUS_CSUM_VALID                        = 0x80
+	TP_STATUS_KERNEL                            = 0x0
+	TP_STATUS_LOSING                            = 0x4
+	TP_STATUS_SENDING                           = 0x2
+	TP_STATUS_SEND_REQUEST                      = 0x1
+	TP_STATUS_TS_RAW_HARDWARE                   = 0x80000000
+	TP_STATUS_TS_SOFTWARE                       = 0x20000000
+	TP_STATUS_TS_SYS_HARDWARE                   = 0x40000000
+	TP_STATUS_USER                              = 0x1
+	TP_STATUS_VLAN_TPID_VALID                   = 0x40
+	TP_STATUS_VLAN_VALID                        = 0x10
+	TP_STATUS_WRONG_FORMAT                      = 0x4
+	TRACEFS_MAGIC                               = 0x74726163
+	TS_COMM_LEN                                 = 0x20
+	UDF_SUPER_MAGIC                             = 0x15013346
+	UMOUNT_NOFOLLOW                             = 0x8
+	USBDEVICE_SUPER_MAGIC                       = 0x9fa2
+	UTIME_NOW                                   = 0x3fffffff
+	UTIME_OMIT                                  = 0x3ffffffe
+	V9FS_MAGIC                                  = 0x1021997
+	VERASE                                      = 0x2
+	VINTR                                       = 0x0
+	VKILL                                       = 0x3
+	VLNEXT                                      = 0xf
+	VMADDR_CID_ANY                              = 0xffffffff
+	VMADDR_CID_HOST                             = 0x2
+	VMADDR_CID_HYPERVISOR                       = 0x0
+	VMADDR_CID_LOCAL                            = 0x1
+	VMADDR_FLAG_TO_HOST                         = 0x1
+	VMADDR_PORT_ANY                             = 0xffffffff
+	VM_SOCKETS_INVALID_VERSION                  = 0xffffffff
+	VQUIT                                       = 0x1
+	VT0                                         = 0x0
+	WAKE_MAGIC                                  = 0x20
+	WALL                                        = 0x40000000
+	WCLONE                                      = 0x80000000
+	WCONTINUED                                  = 0x8
+	WDIOC_SETPRETIMEOUT                         = 0xc0045708
+	WDIOC_SETTIMEOUT                            = 0xc0045706
+	WDIOF_ALARMONLY                             = 0x400
+	WDIOF_CARDRESET                             = 0x20
+	WDIOF_EXTERN1                               = 0x4
+	WDIOF_EXTERN2                               = 0x8
+	WDIOF_FANFAULT                              = 0x2
+	WDIOF_KEEPALIVEPING                         = 0x8000
+	WDIOF_MAGICCLOSE                            = 0x100
+	WDIOF_OVERHEAT                              = 0x1
+	WDIOF_POWEROVER                             = 0x40
+	WDIOF_POWERUNDER                            = 0x10
+	WDIOF_PRETIMEOUT                            = 0x200
+	WDIOF_SETTIMEOUT                            = 0x80
+	WDIOF_UNKNOWN                               = -0x1
+	WDIOS_DISABLECARD                           = 0x1
+	WDIOS_ENABLECARD                            = 0x2
+	WDIOS_TEMPPANIC                             = 0x4
+	WDIOS_UNKNOWN                               = -0x1
+	WEXITED                                     = 0x4
+	WIN_ACKMEDIACHANGE                          = 0xdb
+	WIN_CHECKPOWERMODE1                         = 0xe5
+	WIN_CHECKPOWERMODE2                         = 0x98
+	WIN_DEVICE_RESET                            = 0x8
+	WIN_DIAGNOSE                                = 0x90
+	WIN_DOORLOCK                                = 0xde
+	WIN_DOORUNLOCK                              = 0xdf
+	WIN_DOWNLOAD_MICROCODE                      = 0x92
+	WIN_FLUSH_CACHE                             = 0xe7
+	WIN_FLUSH_CACHE_EXT                         = 0xea
+	WIN_FORMAT                                  = 0x50
+	WIN_GETMEDIASTATUS                          = 0xda
+	WIN_IDENTIFY                                = 0xec
+	WIN_IDENTIFY_DMA                            = 0xee
+	WIN_IDLEIMMEDIATE                           = 0xe1
+	WIN_INIT                                    = 0x60
+	WIN_MEDIAEJECT                              = 0xed
+	WIN_MULTREAD                                = 0xc4
+	WIN_MULTREAD_EXT                            = 0x29
+	WIN_MULTWRITE                               = 0xc5
+	WIN_MULTWRITE_EXT                           = 0x39
+	WIN_NOP                                     = 0x0
+	WIN_PACKETCMD                               = 0xa0
+	WIN_PIDENTIFY                               = 0xa1
+	WIN_POSTBOOT                                = 0xdc
+	WIN_PREBOOT                                 = 0xdd
+	WIN_QUEUED_SERVICE                          = 0xa2
+	WIN_READ                                    = 0x20
+	WIN_READDMA                                 = 0xc8
+	WIN_READDMA_EXT                             = 0x25
+	WIN_READDMA_ONCE                            = 0xc9
+	WIN_READDMA_QUEUED                          = 0xc7
+	WIN_READDMA_QUEUED_EXT                      = 0x26
+	WIN_READ_BUFFER                             = 0xe4
+	WIN_READ_EXT                                = 0x24
+	WIN_READ_LONG                               = 0x22
+	WIN_READ_LONG_ONCE                          = 0x23
+	WIN_READ_NATIVE_MAX                         = 0xf8
+	WIN_READ_NATIVE_MAX_EXT                     = 0x27
+	WIN_READ_ONCE                               = 0x21
+	WIN_RECAL                                   = 0x10
+	WIN_RESTORE                                 = 0x10
+	WIN_SECURITY_DISABLE                        = 0xf6
+	WIN_SECURITY_ERASE_PREPARE                  = 0xf3
+	WIN_SECURITY_ERASE_UNIT                     = 0xf4
+	WIN_SECURITY_FREEZE_LOCK                    = 0xf5
+	WIN_SECURITY_SET_PASS                       = 0xf1
+	WIN_SECURITY_UNLOCK                         = 0xf2
+	WIN_SEEK                                    = 0x70
+	WIN_SETFEATURES                             = 0xef
+	WIN_SETIDLE1                                = 0xe3
+	WIN_SETIDLE2                                = 0x97
+	WIN_SETMULT                                 = 0xc6
+	WIN_SET_MAX                                 = 0xf9
+	WIN_SET_MAX_EXT                             = 0x37
+	WIN_SLEEPNOW1                               = 0xe6
+	WIN_SLEEPNOW2                               = 0x99
+	WIN_SMART                                   = 0xb0
+	WIN_SPECIFY                                 = 0x91
+	WIN_SRST                                    = 0x8
+	WIN_STANDBY                                 = 0xe2
+	WIN_STANDBY2                                = 0x96
+	WIN_STANDBYNOW1                             = 0xe0
+	WIN_STANDBYNOW2                             = 0x94
+	WIN_VERIFY                                  = 0x40
+	WIN_VERIFY_EXT                              = 0x42
+	WIN_VERIFY_ONCE                             = 0x41
+	WIN_WRITE                                   = 0x30
+	WIN_WRITEDMA                                = 0xca
+	WIN_WRITEDMA_EXT                            = 0x35
+	WIN_WRITEDMA_ONCE                           = 0xcb
+	WIN_WRITEDMA_QUEUED                         = 0xcc
+	WIN_WRITEDMA_QUEUED_EXT                     = 0x36
+	WIN_WRITE_BUFFER                            = 0xe8
+	WIN_WRITE_EXT                               = 0x34
+	WIN_WRITE_LONG                              = 0x32
+	WIN_WRITE_LONG_ONCE                         = 0x33
+	WIN_WRITE_ONCE                              = 0x31
+	WIN_WRITE_SAME                              = 0xe9
+	WIN_WRITE_VERIFY                            = 0x3c
+	WNOHANG                                     = 0x1
+	WNOTHREAD                                   = 0x20000000
+	WNOWAIT                                     = 0x1000000
+	WSTOPPED                                    = 0x2
+	WUNTRACED                                   = 0x2
+	XATTR_CREATE                                = 0x1
+	XATTR_REPLACE                               = 0x2
+	XDP_COPY                                    = 0x2
+	XDP_FLAGS_DRV_MODE                          = 0x4
+	XDP_FLAGS_HW_MODE                           = 0x8
+	XDP_FLAGS_MASK                              = 0x1f
+	XDP_FLAGS_MODES                             = 0xe
+	XDP_FLAGS_REPLACE                           = 0x10
+	XDP_FLAGS_SKB_MODE                          = 0x2
+	XDP_FLAGS_UPDATE_IF_NOEXIST                 = 0x1
+	XDP_MMAP_OFFSETS                            = 0x1
+	XDP_OPTIONS                                 = 0x8
+	XDP_OPTIONS_ZEROCOPY                        = 0x1
+	XDP_PACKET_HEADROOM                         = 0x100
+	XDP_PGOFF_RX_RING                           = 0x0
+	XDP_PGOFF_TX_RING                           = 0x80000000
+	XDP_RING_NEED_WAKEUP                        = 0x1
+	XDP_RX_RING                                 = 0x2
+	XDP_SHARED_UMEM                             = 0x1
+	XDP_STATISTICS                              = 0x7
+	XDP_TX_RING                                 = 0x3
+	XDP_UMEM_COMPLETION_RING                    = 0x6
+	XDP_UMEM_FILL_RING                          = 0x5
+	XDP_UMEM_PGOFF_COMPLETION_RING              = 0x180000000
+	XDP_UMEM_PGOFF_FILL_RING                    = 0x100000000
+	XDP_UMEM_REG                                = 0x4
+	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
+	XDP_USE_NEED_WAKEUP                         = 0x8
+	XDP_ZEROCOPY                                = 0x4
+	XENFS_SUPER_MAGIC                           = 0xabba1974
+	XFS_SUPER_MAGIC                             = 0x58465342
+	Z3FOLD_MAGIC                                = 0x33
+	ZONEFS_MAGIC                                = 0x5a4f4653
+	ZSMALLOC_MAGIC                              = 0x58295829
+	_HIDIOCGRAWNAME_LEN                         = 0x80
+	_HIDIOCGRAWPHYS_LEN                         = 0x40
+	_HIDIOCGRAWUNIQ_LEN                         = 0x40
+)
+
+// Errors
+const (
+	E2BIG       = syscall.Errno(0x7)
+	EACCES      = syscall.Errno(0xd)
+	EAGAIN      = syscall.Errno(0xb)
+	EBADF       = syscall.Errno(0x9)
+	EBUSY       = syscall.Errno(0x10)
+	ECHILD      = syscall.Errno(0xa)
+	EDOM        = syscall.Errno(0x21)
+	EEXIST      = syscall.Errno(0x11)
+	EFAULT      = syscall.Errno(0xe)
+	EFBIG       = syscall.Errno(0x1b)
+	EINTR       = syscall.Errno(0x4)
+	EINVAL      = syscall.Errno(0x16)
+	EIO         = syscall.Errno(0x5)
+	EISDIR      = syscall.Errno(0x15)
+	EMFILE      = syscall.Errno(0x18)
+	EMLINK      = syscall.Errno(0x1f)
+	ENFILE      = syscall.Errno(0x17)
+	ENODEV      = syscall.Errno(0x13)
+	ENOENT      = syscall.Errno(0x2)
+	ENOEXEC     = syscall.Errno(0x8)
+	ENOMEM      = syscall.Errno(0xc)
+	ENOSPC      = syscall.Errno(0x1c)
+	ENOTBLK     = syscall.Errno(0xf)
+	ENOTDIR     = syscall.Errno(0x14)
+	ENOTTY      = syscall.Errno(0x19)
+	ENXIO       = syscall.Errno(0x6)
+	EPERM       = syscall.Errno(0x1)
+	EPIPE       = syscall.Errno(0x20)
+	ERANGE      = syscall.Errno(0x22)
+	EROFS       = syscall.Errno(0x1e)
+	ESPIPE      = syscall.Errno(0x1d)
+	ESRCH       = syscall.Errno(0x3)
+	ETXTBSY     = syscall.Errno(0x1a)
+	EWOULDBLOCK = syscall.Errno(0xb)
+	EXDEV       = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT = syscall.Signal(0x6)
+	SIGALRM = syscall.Signal(0xe)
+	SIGFPE  = syscall.Signal(0x8)
+	SIGHUP  = syscall.Signal(0x1)
+	SIGILL  = syscall.Signal(0x4)
+	SIGINT  = syscall.Signal(0x2)
+	SIGIOT  = syscall.Signal(0x6)
+	SIGKILL = syscall.Signal(0x9)
+	SIGPIPE = syscall.Signal(0xd)
+	SIGQUIT = syscall.Signal(0x3)
+	SIGSEGV = syscall.Signal(0xb)
+	SIGTERM = syscall.Signal(0xf)
+	SIGTRAP = syscall.Signal(0x5)
+)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 2f0091bbc9204..697811a460082 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -1,2273 +1,535 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include -m32
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && linux
 // +build 386,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x80041270
-	BLKBSZSET                            = 0x40041271
-	BLKFLSBUF                            = 0x1261
-	BLKFRAGET                            = 0x1265
-	BLKFRASET                            = 0x1264
-	BLKGETSIZE                           = 0x1260
-	BLKGETSIZE64                         = 0x80041272
-	BLKPBSZGET                           = 0x127b
-	BLKRAGET                             = 0x1263
-	BLKRASET                             = 0x1262
-	BLKROGET                             = 0x125e
-	BLKROSET                             = 0x125d
-	BLKRRPART                            = 0x125f
-	BLKSECTGET                           = 0x1267
-	BLKSECTSET                           = 0x1266
-	BLKSSZGET                            = 0x1268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x800
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x1000
-	FP_XSTATE_MAGIC2                     = 0x46505845
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x400c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x40106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x800c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0xc
-	F_GETLK64                            = 0xc
-	F_GETOWN                             = 0x9
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0xd
-	F_SETLK64                            = 0xd
-	F_SETLKW                             = 0xe
-	F_SETLKW64                           = 0xe
-	F_SETOWN                             = 0x8
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x8000
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x800
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x7b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_32BIT                            = 0x40
-	MAP_ANON                             = 0x20
-	MAP_ANONYMOUS                        = 0x20
-	MAP_DENYWRITE                        = 0x800
-	MAP_EXECUTABLE                       = 0x1000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x100
-	MAP_HUGETLB                          = 0x40000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x2000
-	MAP_NONBLOCK                         = 0x10000
-	MAP_NORESERVE                        = 0x4000
-	MAP_POPULATE                         = 0x8000
-	MAP_PRIVATE                          = 0x2
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x20000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x400
-	O_ASYNC                              = 0x2000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x40
-	O_DIRECT                             = 0x4000
-	O_DIRECTORY                          = 0x10000
-	O_DSYNC                              = 0x1000
-	O_EXCL                               = 0x80
-	O_FSYNC                              = 0x101000
-	O_LARGEFILE                          = 0x8000
-	O_NDELAY                             = 0x800
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x100
-	O_NOFOLLOW                           = 0x20000
-	O_NONBLOCK                           = 0x800
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x101000
-	O_SYNC                               = 0x101000
-	O_TMPFILE                            = 0x410000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x2401
-	PERF_EVENT_IOC_ENABLE                = 0x2400
-	PERF_EVENT_IOC_ID                    = 0x80042407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x4004240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x40042409
-	PERF_EVENT_IOC_PERIOD                = 0x40082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc004240a
-	PERF_EVENT_IOC_REFRESH               = 0x2402
-	PERF_EVENT_IOC_RESET                 = 0x2403
-	PERF_EVENT_IOC_SET_BPF               = 0x40042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x40042406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x2405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETFPXREGS                    = 0x12
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GET_THREAD_AREA               = 0x19
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_OLDSETOPTIONS                 = 0x15
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETFPXREGS                    = 0x13
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SET_THREAD_AREA               = 0x1a
-	PTRACE_SINGLEBLOCK                   = 0x21
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_SYSEMU                        = 0x1f
-	PTRACE_SYSEMU_SINGLESTEP             = 0x20
-	PTRACE_TRACEME                       = 0x0
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x9
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x8
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x7
-	RLIMIT_NPROC                         = 0x6
-	RLIMIT_RSS                           = 0x5
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x7002
-	RTC_AIE_ON                           = 0x7001
-	RTC_ALM_READ                         = 0x80247008
-	RTC_ALM_SET                          = 0x40247007
-	RTC_EPOCH_READ                       = 0x8004700d
-	RTC_EPOCH_SET                        = 0x4004700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x8004700b
-	RTC_IRQP_SET                         = 0x4004700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x7006
-	RTC_PIE_ON                           = 0x7005
-	RTC_PLL_GET                          = 0x801c7011
-	RTC_PLL_SET                          = 0x401c7012
-	RTC_RD_TIME                          = 0x80247009
-	RTC_SET_TIME                         = 0x4024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x7004
-	RTC_UIE_ON                           = 0x7003
-	RTC_VL_CLR                           = 0x7014
-	RTC_VL_READ                          = 0x80047013
-	RTC_WIE_OFF                          = 0x7010
-	RTC_WIE_ON                           = 0x700f
-	RTC_WKALM_RD                         = 0x80287010
-	RTC_WKALM_SET                        = 0x4028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x8905
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x8904
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x541b
-	SIOCOUTQ                             = 0x5411
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x8902
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x2
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x800
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x1
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0x1
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1e
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x6
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x27
-	SO_DONTROUTE                         = 0x5
-	SO_ERROR                             = 0x4
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x9
-	SO_LINGER                            = 0xd
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0xa
-	SO_PASSCRED                          = 0x10
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x11
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1f
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x26
-	SO_RCVBUF                            = 0x8
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x12
-	SO_RCVTIMEO                          = 0x14
-	SO_REUSEADDR                         = 0x2
-	SO_REUSEPORT                         = 0xf
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x7
-	SO_SNDBUFFORCE                       = 0x20
-	SO_SNDLOWAT                          = 0x13
-	SO_SNDTIMEO                          = 0x15
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x3
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x540b
-	TCGETA                               = 0x5405
-	TCGETS                               = 0x5401
-	TCGETS2                              = 0x802c542a
-	TCGETX                               = 0x5432
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x2
-	TCSBRK                               = 0x5409
-	TCSBRKP                              = 0x5425
-	TCSETA                               = 0x5406
-	TCSETAF                              = 0x5408
-	TCSETAW                              = 0x5407
-	TCSETS                               = 0x5402
-	TCSETS2                              = 0x402c542b
-	TCSETSF                              = 0x5404
-	TCSETSF2                             = 0x402c542d
-	TCSETSW                              = 0x5403
-	TCSETSW2                             = 0x402c542c
-	TCSETX                               = 0x5433
-	TCSETXF                              = 0x5434
-	TCSETXW                              = 0x5435
-	TCXONC                               = 0x540a
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x541d
-	TIOCEXCL                             = 0x540c
-	TIOCGDEV                             = 0x80045432
-	TIOCGETD                             = 0x5424
-	TIOCGEXCL                            = 0x80045440
-	TIOCGICOUNT                          = 0x545d
-	TIOCGLCKTRMIOS                       = 0x5456
-	TIOCGPGRP                            = 0x540f
-	TIOCGPKT                             = 0x80045438
-	TIOCGPTLCK                           = 0x80045439
-	TIOCGPTN                             = 0x80045430
-	TIOCGPTPEER                          = 0x5441
-	TIOCGRS485                           = 0x542e
-	TIOCGSERIAL                          = 0x541e
-	TIOCGSID                             = 0x5429
-	TIOCGSOFTCAR                         = 0x5419
-	TIOCGWINSZ                           = 0x5413
-	TIOCINQ                              = 0x541b
-	TIOCLINUX                            = 0x541c
-	TIOCMBIC                             = 0x5417
-	TIOCMBIS                             = 0x5416
-	TIOCMGET                             = 0x5415
-	TIOCMIWAIT                           = 0x545c
-	TIOCMSET                             = 0x5418
-	TIOCM_CAR                            = 0x40
-	TIOCM_CD                             = 0x40
-	TIOCM_CTS                            = 0x20
-	TIOCM_DSR                            = 0x100
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x80
-	TIOCM_RNG                            = 0x80
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x10
-	TIOCM_ST                             = 0x8
-	TIOCNOTTY                            = 0x5422
-	TIOCNXCL                             = 0x540d
-	TIOCOUTQ                             = 0x5411
-	TIOCPKT                              = 0x5420
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x540e
-	TIOCSERCONFIG                        = 0x5453
-	TIOCSERGETLSR                        = 0x5459
-	TIOCSERGETMULTI                      = 0x545a
-	TIOCSERGSTRUCT                       = 0x5458
-	TIOCSERGWILD                         = 0x5454
-	TIOCSERSETMULTI                      = 0x545b
-	TIOCSERSWILD                         = 0x5455
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x5423
-	TIOCSIG                              = 0x40045436
-	TIOCSLCKTRMIOS                       = 0x5457
-	TIOCSPGRP                            = 0x5410
-	TIOCSPTLCK                           = 0x40045431
-	TIOCSRS485                           = 0x542f
-	TIOCSSERIAL                          = 0x541f
-	TIOCSSOFTCAR                         = 0x541a
-	TIOCSTI                              = 0x5412
-	TIOCSWINSZ                           = 0x5414
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x100
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x400854d5
-	TUNDETACHFILTER                      = 0x400854d6
-	TUNGETFEATURES                       = 0x800454cf
-	TUNGETFILTER                         = 0x800854db
-	TUNGETIFF                            = 0x800454d2
-	TUNGETSNDBUF                         = 0x800454d3
-	TUNGETVNETBE                         = 0x800454df
-	TUNGETVNETHDRSZ                      = 0x800454d7
-	TUNGETVNETLE                         = 0x800454dd
-	TUNSETDEBUG                          = 0x400454c9
-	TUNSETFILTEREBPF                     = 0x800454e1
-	TUNSETGROUP                          = 0x400454ce
-	TUNSETIFF                            = 0x400454ca
-	TUNSETIFINDEX                        = 0x400454da
-	TUNSETLINK                           = 0x400454cd
-	TUNSETNOCSUM                         = 0x400454c8
-	TUNSETOFFLOAD                        = 0x400454d0
-	TUNSETOWNER                          = 0x400454cc
-	TUNSETPERSIST                        = 0x400454cb
-	TUNSETQUEUE                          = 0x400454d9
-	TUNSETSNDBUF                         = 0x400454d4
-	TUNSETSTEERINGEBPF                   = 0x800454e0
-	TUNSETTXFILTER                       = 0x400454d1
-	TUNSETVNETBE                         = 0x400454de
-	TUNSETVNETHDRSZ                      = 0x400454d8
-	TUNSETVNETLE                         = 0x400454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x4
-	VEOL                                 = 0xb
-	VEOL2                                = 0x10
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x6
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x80045702
-	WDIOC_GETPRETIMEOUT                  = 0x80045709
-	WDIOC_GETSTATUS                      = 0x80045701
-	WDIOC_GETSUPPORT                     = 0x80285700
-	WDIOC_GETTEMP                        = 0x80045703
-	WDIOC_GETTIMELEFT                    = 0x8004570a
-	WDIOC_GETTIMEOUT                     = 0x80045707
-	WDIOC_KEEPALIVE                      = 0x80045705
-	WDIOC_SETOPTIONS                     = 0x80045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x20
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	X86_FXSR_MAGIC                       = 0x0
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80041270
+	BLKBSZSET                        = 0x40041271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80041272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x81484d11
+	ECCGETSTATS                      = 0x80104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FP_XSTATE_MAGIC2                 = 0x46505845
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0xc
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0xd
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0xe
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x80084803
+	HIDIOCGRDESC                     = 0x90044802
+	HIDIOCGRDESCSIZE                 = 0x80044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_32BIT                        = 0x40
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x40084d02
+	MEMERASE64                       = 0x40104d14
+	MEMGETBADBLOCK                   = 0x40084d0b
+	MEMGETINFO                       = 0x80204d01
+	MEMGETOOBSEL                     = 0x80c84d0a
+	MEMGETREGIONCOUNT                = 0x80044d07
+	MEMISLOCKED                      = 0x80084d17
+	MEMLOCK                          = 0x40084d05
+	MEMREADOOB                       = 0xc00c4d04
+	MEMSETBADBLOCK                   = 0x40084d0c
+	MEMUNLOCK                        = 0x40084d06
+	MEMWRITEOOB                      = 0xc00c4d03
+	MTDFILEMODE                      = 0x4d13
+	NFDBITS                          = 0x20
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x400c4d19
+	OTPGETREGIONCOUNT                = 0x40044d0e
+	OTPGETREGIONINFO                 = 0x400c4d0f
+	OTPLOCK                          = 0x800c4d10
+	OTPSELECT                        = 0x80044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x4000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x8000
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCBRIDGECHAN                 = 0x40047435
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8008743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40087446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x400c744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40087447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCUNBRIDGECHAN               = 0x7434
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETFPXREGS                = 0x12
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETFPXREGS                = 0x13
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x21
+	PTRACE_SYSEMU                    = 0x1f
+	PTRACE_SYSEMU_SINGLESTEP         = 0x20
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8004700d
+	RTC_EPOCH_SET                    = 0x4004700e
+	RTC_IRQP_READ                    = 0x8004700b
+	RTC_IRQP_SET                     = 0x4004700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x801c7011
+	RTC_PLL_SET                      = 0x401c7012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x400854d5
+	TUNDETACHFILTER                  = 0x400854d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x800854db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x20
+	X86_FXSR_MAGIC                   = 0x0
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x80804804
+	_HIDIOCGRAWPHYS                  = 0x80404805
+	_HIDIOCGRAWUNIQ                  = 0x80404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x62)
 	EADDRNOTAVAIL   = syscall.Errno(0x63)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x61)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x72)
 	EBADE           = syscall.Errno(0x34)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x4d)
 	EBADMSG         = syscall.Errno(0x4a)
 	EBADR           = syscall.Errno(0x35)
 	EBADRQC         = syscall.Errno(0x38)
 	EBADSLT         = syscall.Errno(0x39)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x7d)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x2c)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x67)
@@ -2276,23 +538,15 @@ const (
 	EDEADLK         = syscall.Errno(0x23)
 	EDEADLOCK       = syscall.Errno(0x23)
 	EDESTADDRREQ    = syscall.Errno(0x59)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x7a)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x70)
 	EHOSTUNREACH    = syscall.Errno(0x71)
 	EHWPOISON       = syscall.Errno(0x85)
 	EIDRM           = syscall.Errno(0x2b)
 	EILSEQ          = syscall.Errno(0x54)
 	EINPROGRESS     = syscall.Errno(0x73)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x6a)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x78)
 	EKEYEXPIRED     = syscall.Errno(0x7f)
 	EKEYREJECTED    = syscall.Errno(0x81)
@@ -2309,8 +563,6 @@ const (
 	ELNRNG          = syscall.Errno(0x30)
 	ELOOP           = syscall.Errno(0x28)
 	EMEDIUMTYPE     = syscall.Errno(0x7c)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x5a)
 	EMULTIHOP       = syscall.Errno(0x48)
 	ENAMETOOLONG    = syscall.Errno(0x24)
@@ -2318,99 +570,67 @@ const (
 	ENETDOWN        = syscall.Errno(0x64)
 	ENETRESET       = syscall.Errno(0x66)
 	ENETUNREACH     = syscall.Errno(0x65)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x37)
 	ENOBUFS         = syscall.Errno(0x69)
 	ENOCSI          = syscall.Errno(0x32)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0x7e)
 	ENOLCK          = syscall.Errno(0x25)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x7b)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x2a)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x5c)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x26)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x6b)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x27)
 	ENOTNAM         = syscall.Errno(0x76)
 	ENOTRECOVERABLE = syscall.Errno(0x83)
 	ENOTSOCK        = syscall.Errno(0x58)
 	ENOTSUP         = syscall.Errno(0x5f)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x4c)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x5f)
 	EOVERFLOW       = syscall.Errno(0x4b)
 	EOWNERDEAD      = syscall.Errno(0x82)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x60)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x5d)
 	EPROTOTYPE      = syscall.Errno(0x5b)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x4e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x79)
 	ERESTART        = syscall.Errno(0x55)
 	ERFKILL         = syscall.Errno(0x84)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x6c)
 	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x74)
 	ESTRPIPE        = syscall.Errno(0x56)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x6e)
 	ETOOMANYREFS    = syscall.Errno(0x6d)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x75)
 	EUNATCH         = syscall.Errno(0x31)
 	EUSERS          = syscall.Errno(0x57)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x36)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0x7)
 	SIGCHLD   = syscall.Signal(0x11)
 	SIGCLD    = syscall.Signal(0x11)
 	SIGCONT   = syscall.Signal(0x12)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x1d)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x1d)
 	SIGPROF   = syscall.Signal(0x1b)
 	SIGPWR    = syscall.Signal(0x1e)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTKFLT = syscall.Signal(0x10)
 	SIGSTOP   = syscall.Signal(0x13)
 	SIGSYS    = syscall.Signal(0x1f)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x14)
 	SIGTTIN   = syscall.Signal(0x15)
 	SIGTTOU   = syscall.Signal(0x16)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index a80c7ae5fb433..7d8d93bfc4b0b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -1,2273 +1,535 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && linux
 // +build amd64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x80081270
-	BLKBSZSET                            = 0x40081271
-	BLKFLSBUF                            = 0x1261
-	BLKFRAGET                            = 0x1265
-	BLKFRASET                            = 0x1264
-	BLKGETSIZE                           = 0x1260
-	BLKGETSIZE64                         = 0x80081272
-	BLKPBSZGET                           = 0x127b
-	BLKRAGET                             = 0x1263
-	BLKRASET                             = 0x1262
-	BLKROGET                             = 0x125e
-	BLKROSET                             = 0x125d
-	BLKRRPART                            = 0x125f
-	BLKSECTGET                           = 0x1267
-	BLKSECTSET                           = 0x1266
-	BLKSSZGET                            = 0x1268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x800
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x1000
-	FP_XSTATE_MAGIC2                     = 0x46505845
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x400c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x40106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x800c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0x5
-	F_GETLK64                            = 0x5
-	F_GETOWN                             = 0x9
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x6
-	F_SETLK64                            = 0x6
-	F_SETLKW                             = 0x7
-	F_SETLKW64                           = 0x7
-	F_SETOWN                             = 0x8
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x8000
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x800
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x7b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_32BIT                            = 0x40
-	MAP_ANON                             = 0x20
-	MAP_ANONYMOUS                        = 0x20
-	MAP_DENYWRITE                        = 0x800
-	MAP_EXECUTABLE                       = 0x1000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x100
-	MAP_HUGETLB                          = 0x40000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x2000
-	MAP_NONBLOCK                         = 0x10000
-	MAP_NORESERVE                        = 0x4000
-	MAP_POPULATE                         = 0x8000
-	MAP_PRIVATE                          = 0x2
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x20000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x400
-	O_ASYNC                              = 0x2000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x40
-	O_DIRECT                             = 0x4000
-	O_DIRECTORY                          = 0x10000
-	O_DSYNC                              = 0x1000
-	O_EXCL                               = 0x80
-	O_FSYNC                              = 0x101000
-	O_LARGEFILE                          = 0x0
-	O_NDELAY                             = 0x800
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x100
-	O_NOFOLLOW                           = 0x20000
-	O_NONBLOCK                           = 0x800
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x101000
-	O_SYNC                               = 0x101000
-	O_TMPFILE                            = 0x410000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x2401
-	PERF_EVENT_IOC_ENABLE                = 0x2400
-	PERF_EVENT_IOC_ID                    = 0x80082407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x4008240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x40042409
-	PERF_EVENT_IOC_PERIOD                = 0x40082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc008240a
-	PERF_EVENT_IOC_REFRESH               = 0x2402
-	PERF_EVENT_IOC_RESET                 = 0x2403
-	PERF_EVENT_IOC_SET_BPF               = 0x40042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x40082406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x2405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffffffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ARCH_PRCTL                    = 0x1e
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETFPXREGS                    = 0x12
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GET_THREAD_AREA               = 0x19
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_OLDSETOPTIONS                 = 0x15
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETFPXREGS                    = 0x13
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SET_THREAD_AREA               = 0x1a
-	PTRACE_SINGLEBLOCK                   = 0x21
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_SYSEMU                        = 0x1f
-	PTRACE_SYSEMU_SINGLESTEP             = 0x20
-	PTRACE_TRACEME                       = 0x0
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x9
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x8
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x7
-	RLIMIT_NPROC                         = 0x6
-	RLIMIT_RSS                           = 0x5
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x7002
-	RTC_AIE_ON                           = 0x7001
-	RTC_ALM_READ                         = 0x80247008
-	RTC_ALM_SET                          = 0x40247007
-	RTC_EPOCH_READ                       = 0x8008700d
-	RTC_EPOCH_SET                        = 0x4008700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x8008700b
-	RTC_IRQP_SET                         = 0x4008700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x7006
-	RTC_PIE_ON                           = 0x7005
-	RTC_PLL_GET                          = 0x80207011
-	RTC_PLL_SET                          = 0x40207012
-	RTC_RD_TIME                          = 0x80247009
-	RTC_SET_TIME                         = 0x4024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x7004
-	RTC_UIE_ON                           = 0x7003
-	RTC_VL_CLR                           = 0x7014
-	RTC_VL_READ                          = 0x80047013
-	RTC_WIE_OFF                          = 0x7010
-	RTC_WIE_ON                           = 0x700f
-	RTC_WKALM_RD                         = 0x80287010
-	RTC_WKALM_SET                        = 0x4028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x8905
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x8904
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x541b
-	SIOCOUTQ                             = 0x5411
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x8902
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x2
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x800
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x1
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0x1
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1e
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x6
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x27
-	SO_DONTROUTE                         = 0x5
-	SO_ERROR                             = 0x4
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x9
-	SO_LINGER                            = 0xd
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0xa
-	SO_PASSCRED                          = 0x10
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x11
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1f
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x26
-	SO_RCVBUF                            = 0x8
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x12
-	SO_RCVTIMEO                          = 0x14
-	SO_REUSEADDR                         = 0x2
-	SO_REUSEPORT                         = 0xf
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x7
-	SO_SNDBUFFORCE                       = 0x20
-	SO_SNDLOWAT                          = 0x13
-	SO_SNDTIMEO                          = 0x15
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x3
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x540b
-	TCGETA                               = 0x5405
-	TCGETS                               = 0x5401
-	TCGETS2                              = 0x802c542a
-	TCGETX                               = 0x5432
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x2
-	TCSBRK                               = 0x5409
-	TCSBRKP                              = 0x5425
-	TCSETA                               = 0x5406
-	TCSETAF                              = 0x5408
-	TCSETAW                              = 0x5407
-	TCSETS                               = 0x5402
-	TCSETS2                              = 0x402c542b
-	TCSETSF                              = 0x5404
-	TCSETSF2                             = 0x402c542d
-	TCSETSW                              = 0x5403
-	TCSETSW2                             = 0x402c542c
-	TCSETX                               = 0x5433
-	TCSETXF                              = 0x5434
-	TCSETXW                              = 0x5435
-	TCXONC                               = 0x540a
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x541d
-	TIOCEXCL                             = 0x540c
-	TIOCGDEV                             = 0x80045432
-	TIOCGETD                             = 0x5424
-	TIOCGEXCL                            = 0x80045440
-	TIOCGICOUNT                          = 0x545d
-	TIOCGLCKTRMIOS                       = 0x5456
-	TIOCGPGRP                            = 0x540f
-	TIOCGPKT                             = 0x80045438
-	TIOCGPTLCK                           = 0x80045439
-	TIOCGPTN                             = 0x80045430
-	TIOCGPTPEER                          = 0x5441
-	TIOCGRS485                           = 0x542e
-	TIOCGSERIAL                          = 0x541e
-	TIOCGSID                             = 0x5429
-	TIOCGSOFTCAR                         = 0x5419
-	TIOCGWINSZ                           = 0x5413
-	TIOCINQ                              = 0x541b
-	TIOCLINUX                            = 0x541c
-	TIOCMBIC                             = 0x5417
-	TIOCMBIS                             = 0x5416
-	TIOCMGET                             = 0x5415
-	TIOCMIWAIT                           = 0x545c
-	TIOCMSET                             = 0x5418
-	TIOCM_CAR                            = 0x40
-	TIOCM_CD                             = 0x40
-	TIOCM_CTS                            = 0x20
-	TIOCM_DSR                            = 0x100
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x80
-	TIOCM_RNG                            = 0x80
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x10
-	TIOCM_ST                             = 0x8
-	TIOCNOTTY                            = 0x5422
-	TIOCNXCL                             = 0x540d
-	TIOCOUTQ                             = 0x5411
-	TIOCPKT                              = 0x5420
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x540e
-	TIOCSERCONFIG                        = 0x5453
-	TIOCSERGETLSR                        = 0x5459
-	TIOCSERGETMULTI                      = 0x545a
-	TIOCSERGSTRUCT                       = 0x5458
-	TIOCSERGWILD                         = 0x5454
-	TIOCSERSETMULTI                      = 0x545b
-	TIOCSERSWILD                         = 0x5455
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x5423
-	TIOCSIG                              = 0x40045436
-	TIOCSLCKTRMIOS                       = 0x5457
-	TIOCSPGRP                            = 0x5410
-	TIOCSPTLCK                           = 0x40045431
-	TIOCSRS485                           = 0x542f
-	TIOCSSERIAL                          = 0x541f
-	TIOCSSOFTCAR                         = 0x541a
-	TIOCSTI                              = 0x5412
-	TIOCSWINSZ                           = 0x5414
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x100
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x401054d5
-	TUNDETACHFILTER                      = 0x401054d6
-	TUNGETFEATURES                       = 0x800454cf
-	TUNGETFILTER                         = 0x801054db
-	TUNGETIFF                            = 0x800454d2
-	TUNGETSNDBUF                         = 0x800454d3
-	TUNGETVNETBE                         = 0x800454df
-	TUNGETVNETHDRSZ                      = 0x800454d7
-	TUNGETVNETLE                         = 0x800454dd
-	TUNSETDEBUG                          = 0x400454c9
-	TUNSETFILTEREBPF                     = 0x800454e1
-	TUNSETGROUP                          = 0x400454ce
-	TUNSETIFF                            = 0x400454ca
-	TUNSETIFINDEX                        = 0x400454da
-	TUNSETLINK                           = 0x400454cd
-	TUNSETNOCSUM                         = 0x400454c8
-	TUNSETOFFLOAD                        = 0x400454d0
-	TUNSETOWNER                          = 0x400454cc
-	TUNSETPERSIST                        = 0x400454cb
-	TUNSETQUEUE                          = 0x400454d9
-	TUNSETSNDBUF                         = 0x400454d4
-	TUNSETSTEERINGEBPF                   = 0x800454e0
-	TUNSETTXFILTER                       = 0x400454d1
-	TUNSETVNETBE                         = 0x400454de
-	TUNSETVNETHDRSZ                      = 0x400454d8
-	TUNSETVNETLE                         = 0x400454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x4
-	VEOL                                 = 0xb
-	VEOL2                                = 0x10
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x6
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x80045702
-	WDIOC_GETPRETIMEOUT                  = 0x80045709
-	WDIOC_GETSTATUS                      = 0x80045701
-	WDIOC_GETSUPPORT                     = 0x80285700
-	WDIOC_GETTEMP                        = 0x80045703
-	WDIOC_GETTIMELEFT                    = 0x8004570a
-	WDIOC_GETTIMEOUT                     = 0x80045707
-	WDIOC_KEEPALIVE                      = 0x80045705
-	WDIOC_SETOPTIONS                     = 0x80045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x40
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80081270
+	BLKBSZSET                        = 0x40081271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x81484d11
+	ECCGETSTATS                      = 0x80104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FP_XSTATE_MAGIC2                 = 0x46505845
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0x5
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x80084803
+	HIDIOCGRDESC                     = 0x90044802
+	HIDIOCGRDESCSIZE                 = 0x80044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_32BIT                        = 0x40
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x40084d02
+	MEMERASE64                       = 0x40104d14
+	MEMGETBADBLOCK                   = 0x40084d0b
+	MEMGETINFO                       = 0x80204d01
+	MEMGETOOBSEL                     = 0x80c84d0a
+	MEMGETREGIONCOUNT                = 0x80044d07
+	MEMISLOCKED                      = 0x80084d17
+	MEMLOCK                          = 0x40084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x40084d0c
+	MEMUNLOCK                        = 0x40084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x4d13
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x400c4d19
+	OTPGETREGIONCOUNT                = 0x40044d0e
+	OTPGETREGIONINFO                 = 0x400c4d0f
+	OTPLOCK                          = 0x800c4d10
+	OTPSELECT                        = 0x80044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x4000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCBRIDGECHAN                 = 0x40047435
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8010743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40107446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x4010744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40107447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCUNBRIDGECHAN               = 0x7434
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_ARCH_PRCTL                = 0x1e
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETFPXREGS                = 0x12
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETFPXREGS                = 0x13
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x21
+	PTRACE_SYSEMU                    = 0x1f
+	PTRACE_SYSEMU_SINGLESTEP         = 0x20
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8008700d
+	RTC_EPOCH_SET                    = 0x4008700e
+	RTC_IRQP_READ                    = 0x8008700b
+	RTC_IRQP_SET                     = 0x4008700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x80207011
+	RTC_PLL_SET                      = 0x40207012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x401054d5
+	TUNDETACHFILTER                  = 0x401054d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x801054db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x80804804
+	_HIDIOCGRAWPHYS                  = 0x80404805
+	_HIDIOCGRAWUNIQ                  = 0x80404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x62)
 	EADDRNOTAVAIL   = syscall.Errno(0x63)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x61)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x72)
 	EBADE           = syscall.Errno(0x34)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x4d)
 	EBADMSG         = syscall.Errno(0x4a)
 	EBADR           = syscall.Errno(0x35)
 	EBADRQC         = syscall.Errno(0x38)
 	EBADSLT         = syscall.Errno(0x39)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x7d)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x2c)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x67)
@@ -2276,23 +538,15 @@ const (
 	EDEADLK         = syscall.Errno(0x23)
 	EDEADLOCK       = syscall.Errno(0x23)
 	EDESTADDRREQ    = syscall.Errno(0x59)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x7a)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x70)
 	EHOSTUNREACH    = syscall.Errno(0x71)
 	EHWPOISON       = syscall.Errno(0x85)
 	EIDRM           = syscall.Errno(0x2b)
 	EILSEQ          = syscall.Errno(0x54)
 	EINPROGRESS     = syscall.Errno(0x73)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x6a)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x78)
 	EKEYEXPIRED     = syscall.Errno(0x7f)
 	EKEYREJECTED    = syscall.Errno(0x81)
@@ -2309,8 +563,6 @@ const (
 	ELNRNG          = syscall.Errno(0x30)
 	ELOOP           = syscall.Errno(0x28)
 	EMEDIUMTYPE     = syscall.Errno(0x7c)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x5a)
 	EMULTIHOP       = syscall.Errno(0x48)
 	ENAMETOOLONG    = syscall.Errno(0x24)
@@ -2318,99 +570,67 @@ const (
 	ENETDOWN        = syscall.Errno(0x64)
 	ENETRESET       = syscall.Errno(0x66)
 	ENETUNREACH     = syscall.Errno(0x65)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x37)
 	ENOBUFS         = syscall.Errno(0x69)
 	ENOCSI          = syscall.Errno(0x32)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0x7e)
 	ENOLCK          = syscall.Errno(0x25)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x7b)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x2a)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x5c)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x26)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x6b)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x27)
 	ENOTNAM         = syscall.Errno(0x76)
 	ENOTRECOVERABLE = syscall.Errno(0x83)
 	ENOTSOCK        = syscall.Errno(0x58)
 	ENOTSUP         = syscall.Errno(0x5f)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x4c)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x5f)
 	EOVERFLOW       = syscall.Errno(0x4b)
 	EOWNERDEAD      = syscall.Errno(0x82)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x60)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x5d)
 	EPROTOTYPE      = syscall.Errno(0x5b)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x4e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x79)
 	ERESTART        = syscall.Errno(0x55)
 	ERFKILL         = syscall.Errno(0x84)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x6c)
 	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x74)
 	ESTRPIPE        = syscall.Errno(0x56)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x6e)
 	ETOOMANYREFS    = syscall.Errno(0x6d)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x75)
 	EUNATCH         = syscall.Errno(0x31)
 	EUSERS          = syscall.Errno(0x57)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x36)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0x7)
 	SIGCHLD   = syscall.Signal(0x11)
 	SIGCLD    = syscall.Signal(0x11)
 	SIGCONT   = syscall.Signal(0x12)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x1d)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x1d)
 	SIGPROF   = syscall.Signal(0x1b)
 	SIGPWR    = syscall.Signal(0x1e)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTKFLT = syscall.Signal(0x10)
 	SIGSTOP   = syscall.Signal(0x13)
 	SIGSYS    = syscall.Signal(0x1f)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x14)
 	SIGTTIN   = syscall.Signal(0x15)
 	SIGTTOU   = syscall.Signal(0x16)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 49a9b0133bb31..f707d508941d4 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -1,2279 +1,541 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && linux
 // +build arm,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x80041270
-	BLKBSZSET                            = 0x40041271
-	BLKFLSBUF                            = 0x1261
-	BLKFRAGET                            = 0x1265
-	BLKFRASET                            = 0x1264
-	BLKGETSIZE                           = 0x1260
-	BLKGETSIZE64                         = 0x80041272
-	BLKPBSZGET                           = 0x127b
-	BLKRAGET                             = 0x1263
-	BLKRASET                             = 0x1262
-	BLKROGET                             = 0x125e
-	BLKROSET                             = 0x125d
-	BLKRRPART                            = 0x125f
-	BLKSECTGET                           = 0x1267
-	BLKSECTSET                           = 0x1266
-	BLKSSZGET                            = 0x1268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x800
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x1000
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x400c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x40106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x800c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0xc
-	F_GETLK64                            = 0xc
-	F_GETOWN                             = 0x9
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0xd
-	F_SETLK64                            = 0xd
-	F_SETLKW                             = 0xe
-	F_SETLKW64                           = 0xe
-	F_SETOWN                             = 0x8
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x8000
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x800
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x7b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x20
-	MAP_ANONYMOUS                        = 0x20
-	MAP_DENYWRITE                        = 0x800
-	MAP_EXECUTABLE                       = 0x1000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x100
-	MAP_HUGETLB                          = 0x40000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x2000
-	MAP_NONBLOCK                         = 0x10000
-	MAP_NORESERVE                        = 0x4000
-	MAP_POPULATE                         = 0x8000
-	MAP_PRIVATE                          = 0x2
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x20000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x400
-	O_ASYNC                              = 0x2000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x40
-	O_DIRECT                             = 0x10000
-	O_DIRECTORY                          = 0x4000
-	O_DSYNC                              = 0x1000
-	O_EXCL                               = 0x80
-	O_FSYNC                              = 0x101000
-	O_LARGEFILE                          = 0x20000
-	O_NDELAY                             = 0x800
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x100
-	O_NOFOLLOW                           = 0x8000
-	O_NONBLOCK                           = 0x800
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x101000
-	O_SYNC                               = 0x101000
-	O_TMPFILE                            = 0x404000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x2401
-	PERF_EVENT_IOC_ENABLE                = 0x2400
-	PERF_EVENT_IOC_ID                    = 0x80042407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x4004240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x40042409
-	PERF_EVENT_IOC_PERIOD                = 0x40082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc004240a
-	PERF_EVENT_IOC_REFRESH               = 0x2402
-	PERF_EVENT_IOC_RESET                 = 0x2403
-	PERF_EVENT_IOC_SET_BPF               = 0x40042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x40042406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x2405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETCRUNCHREGS                 = 0x19
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETFDPIC                      = 0x1f
-	PTRACE_GETFDPIC_EXEC                 = 0x0
-	PTRACE_GETFDPIC_INTERP               = 0x1
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETHBPREGS                    = 0x1d
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GETVFPREGS                    = 0x1b
-	PTRACE_GETWMMXREGS                   = 0x12
-	PTRACE_GET_THREAD_AREA               = 0x16
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_OLDSETOPTIONS                 = 0x15
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETCRUNCHREGS                 = 0x1a
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETHBPREGS                    = 0x1e
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SETVFPREGS                    = 0x1c
-	PTRACE_SETWMMXREGS                   = 0x13
-	PTRACE_SET_SYSCALL                   = 0x17
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TRACEME                       = 0x0
-	PT_DATA_ADDR                         = 0x10004
-	PT_TEXT_ADDR                         = 0x10000
-	PT_TEXT_END_ADDR                     = 0x10008
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x9
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x8
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x7
-	RLIMIT_NPROC                         = 0x6
-	RLIMIT_RSS                           = 0x5
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x7002
-	RTC_AIE_ON                           = 0x7001
-	RTC_ALM_READ                         = 0x80247008
-	RTC_ALM_SET                          = 0x40247007
-	RTC_EPOCH_READ                       = 0x8004700d
-	RTC_EPOCH_SET                        = 0x4004700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x8004700b
-	RTC_IRQP_SET                         = 0x4004700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x7006
-	RTC_PIE_ON                           = 0x7005
-	RTC_PLL_GET                          = 0x801c7011
-	RTC_PLL_SET                          = 0x401c7012
-	RTC_RD_TIME                          = 0x80247009
-	RTC_SET_TIME                         = 0x4024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x7004
-	RTC_UIE_ON                           = 0x7003
-	RTC_VL_CLR                           = 0x7014
-	RTC_VL_READ                          = 0x80047013
-	RTC_WIE_OFF                          = 0x7010
-	RTC_WIE_ON                           = 0x700f
-	RTC_WKALM_RD                         = 0x80287010
-	RTC_WKALM_SET                        = 0x4028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x8905
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x8904
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x541b
-	SIOCOUTQ                             = 0x5411
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x8902
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x2
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x800
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x1
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0x1
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1e
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x6
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x27
-	SO_DONTROUTE                         = 0x5
-	SO_ERROR                             = 0x4
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x9
-	SO_LINGER                            = 0xd
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0xa
-	SO_PASSCRED                          = 0x10
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x11
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1f
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x26
-	SO_RCVBUF                            = 0x8
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x12
-	SO_RCVTIMEO                          = 0x14
-	SO_REUSEADDR                         = 0x2
-	SO_REUSEPORT                         = 0xf
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x7
-	SO_SNDBUFFORCE                       = 0x20
-	SO_SNDLOWAT                          = 0x13
-	SO_SNDTIMEO                          = 0x15
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x3
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x540b
-	TCGETA                               = 0x5405
-	TCGETS                               = 0x5401
-	TCGETS2                              = 0x802c542a
-	TCGETX                               = 0x5432
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x2
-	TCSBRK                               = 0x5409
-	TCSBRKP                              = 0x5425
-	TCSETA                               = 0x5406
-	TCSETAF                              = 0x5408
-	TCSETAW                              = 0x5407
-	TCSETS                               = 0x5402
-	TCSETS2                              = 0x402c542b
-	TCSETSF                              = 0x5404
-	TCSETSF2                             = 0x402c542d
-	TCSETSW                              = 0x5403
-	TCSETSW2                             = 0x402c542c
-	TCSETX                               = 0x5433
-	TCSETXF                              = 0x5434
-	TCSETXW                              = 0x5435
-	TCXONC                               = 0x540a
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x541d
-	TIOCEXCL                             = 0x540c
-	TIOCGDEV                             = 0x80045432
-	TIOCGETD                             = 0x5424
-	TIOCGEXCL                            = 0x80045440
-	TIOCGICOUNT                          = 0x545d
-	TIOCGLCKTRMIOS                       = 0x5456
-	TIOCGPGRP                            = 0x540f
-	TIOCGPKT                             = 0x80045438
-	TIOCGPTLCK                           = 0x80045439
-	TIOCGPTN                             = 0x80045430
-	TIOCGPTPEER                          = 0x5441
-	TIOCGRS485                           = 0x542e
-	TIOCGSERIAL                          = 0x541e
-	TIOCGSID                             = 0x5429
-	TIOCGSOFTCAR                         = 0x5419
-	TIOCGWINSZ                           = 0x5413
-	TIOCINQ                              = 0x541b
-	TIOCLINUX                            = 0x541c
-	TIOCMBIC                             = 0x5417
-	TIOCMBIS                             = 0x5416
-	TIOCMGET                             = 0x5415
-	TIOCMIWAIT                           = 0x545c
-	TIOCMSET                             = 0x5418
-	TIOCM_CAR                            = 0x40
-	TIOCM_CD                             = 0x40
-	TIOCM_CTS                            = 0x20
-	TIOCM_DSR                            = 0x100
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x80
-	TIOCM_RNG                            = 0x80
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x10
-	TIOCM_ST                             = 0x8
-	TIOCNOTTY                            = 0x5422
-	TIOCNXCL                             = 0x540d
-	TIOCOUTQ                             = 0x5411
-	TIOCPKT                              = 0x5420
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x540e
-	TIOCSERCONFIG                        = 0x5453
-	TIOCSERGETLSR                        = 0x5459
-	TIOCSERGETMULTI                      = 0x545a
-	TIOCSERGSTRUCT                       = 0x5458
-	TIOCSERGWILD                         = 0x5454
-	TIOCSERSETMULTI                      = 0x545b
-	TIOCSERSWILD                         = 0x5455
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x5423
-	TIOCSIG                              = 0x40045436
-	TIOCSLCKTRMIOS                       = 0x5457
-	TIOCSPGRP                            = 0x5410
-	TIOCSPTLCK                           = 0x40045431
-	TIOCSRS485                           = 0x542f
-	TIOCSSERIAL                          = 0x541f
-	TIOCSSOFTCAR                         = 0x541a
-	TIOCSTI                              = 0x5412
-	TIOCSWINSZ                           = 0x5414
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x100
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x400854d5
-	TUNDETACHFILTER                      = 0x400854d6
-	TUNGETFEATURES                       = 0x800454cf
-	TUNGETFILTER                         = 0x800854db
-	TUNGETIFF                            = 0x800454d2
-	TUNGETSNDBUF                         = 0x800454d3
-	TUNGETVNETBE                         = 0x800454df
-	TUNGETVNETHDRSZ                      = 0x800454d7
-	TUNGETVNETLE                         = 0x800454dd
-	TUNSETDEBUG                          = 0x400454c9
-	TUNSETFILTEREBPF                     = 0x800454e1
-	TUNSETGROUP                          = 0x400454ce
-	TUNSETIFF                            = 0x400454ca
-	TUNSETIFINDEX                        = 0x400454da
-	TUNSETLINK                           = 0x400454cd
-	TUNSETNOCSUM                         = 0x400454c8
-	TUNSETOFFLOAD                        = 0x400454d0
-	TUNSETOWNER                          = 0x400454cc
-	TUNSETPERSIST                        = 0x400454cb
-	TUNSETQUEUE                          = 0x400454d9
-	TUNSETSNDBUF                         = 0x400454d4
-	TUNSETSTEERINGEBPF                   = 0x800454e0
-	TUNSETTXFILTER                       = 0x400454d1
-	TUNSETVNETBE                         = 0x400454de
-	TUNSETVNETHDRSZ                      = 0x400454d8
-	TUNSETVNETLE                         = 0x400454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x4
-	VEOL                                 = 0xb
-	VEOL2                                = 0x10
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x6
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x80045702
-	WDIOC_GETPRETIMEOUT                  = 0x80045709
-	WDIOC_GETSTATUS                      = 0x80045701
-	WDIOC_GETSUPPORT                     = 0x80285700
-	WDIOC_GETTEMP                        = 0x80045703
-	WDIOC_GETTIMELEFT                    = 0x8004570a
-	WDIOC_GETTIMEOUT                     = 0x80045707
-	WDIOC_KEEPALIVE                      = 0x80045705
-	WDIOC_SETOPTIONS                     = 0x80045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x20
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80041270
+	BLKBSZSET                        = 0x40041271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80041272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x81484d11
+	ECCGETSTATS                      = 0x80104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0xc
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0xd
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0xe
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x80084803
+	HIDIOCGRDESC                     = 0x90044802
+	HIDIOCGRDESCSIZE                 = 0x80044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x40084d02
+	MEMERASE64                       = 0x40104d14
+	MEMGETBADBLOCK                   = 0x40084d0b
+	MEMGETINFO                       = 0x80204d01
+	MEMGETOOBSEL                     = 0x80c84d0a
+	MEMGETREGIONCOUNT                = 0x80044d07
+	MEMISLOCKED                      = 0x80084d17
+	MEMLOCK                          = 0x40084d05
+	MEMREADOOB                       = 0xc00c4d04
+	MEMSETBADBLOCK                   = 0x40084d0c
+	MEMUNLOCK                        = 0x40084d06
+	MEMWRITEOOB                      = 0xc00c4d03
+	MTDFILEMODE                      = 0x4d13
+	NFDBITS                          = 0x20
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x400c4d19
+	OTPGETREGIONCOUNT                = 0x40044d0e
+	OTPGETREGIONINFO                 = 0x400c4d0f
+	OTPLOCK                          = 0x800c4d10
+	OTPSELECT                        = 0x80044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x10000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x20000
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCBRIDGECHAN                 = 0x40047435
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8008743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40087446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x400c744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40087447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCUNBRIDGECHAN               = 0x7434
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETCRUNCHREGS             = 0x19
+	PTRACE_GETFDPIC                  = 0x1f
+	PTRACE_GETFDPIC_EXEC             = 0x0
+	PTRACE_GETFDPIC_INTERP           = 0x1
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETHBPREGS                = 0x1d
+	PTRACE_GETVFPREGS                = 0x1b
+	PTRACE_GETWMMXREGS               = 0x12
+	PTRACE_GET_THREAD_AREA           = 0x16
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_SETCRUNCHREGS             = 0x1a
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETHBPREGS                = 0x1e
+	PTRACE_SETVFPREGS                = 0x1c
+	PTRACE_SETWMMXREGS               = 0x13
+	PTRACE_SET_SYSCALL               = 0x17
+	PT_DATA_ADDR                     = 0x10004
+	PT_TEXT_ADDR                     = 0x10000
+	PT_TEXT_END_ADDR                 = 0x10008
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8004700d
+	RTC_EPOCH_SET                    = 0x4004700e
+	RTC_IRQP_READ                    = 0x8004700b
+	RTC_IRQP_SET                     = 0x4004700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x801c7011
+	RTC_PLL_SET                      = 0x401c7012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x400854d5
+	TUNDETACHFILTER                  = 0x400854d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x800854db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x20
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x80804804
+	_HIDIOCGRAWPHYS                  = 0x80404805
+	_HIDIOCGRAWUNIQ                  = 0x80404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x62)
 	EADDRNOTAVAIL   = syscall.Errno(0x63)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x61)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x72)
 	EBADE           = syscall.Errno(0x34)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x4d)
 	EBADMSG         = syscall.Errno(0x4a)
 	EBADR           = syscall.Errno(0x35)
 	EBADRQC         = syscall.Errno(0x38)
 	EBADSLT         = syscall.Errno(0x39)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x7d)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x2c)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x67)
@@ -2282,23 +544,15 @@ const (
 	EDEADLK         = syscall.Errno(0x23)
 	EDEADLOCK       = syscall.Errno(0x23)
 	EDESTADDRREQ    = syscall.Errno(0x59)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x7a)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x70)
 	EHOSTUNREACH    = syscall.Errno(0x71)
 	EHWPOISON       = syscall.Errno(0x85)
 	EIDRM           = syscall.Errno(0x2b)
 	EILSEQ          = syscall.Errno(0x54)
 	EINPROGRESS     = syscall.Errno(0x73)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x6a)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x78)
 	EKEYEXPIRED     = syscall.Errno(0x7f)
 	EKEYREJECTED    = syscall.Errno(0x81)
@@ -2315,8 +569,6 @@ const (
 	ELNRNG          = syscall.Errno(0x30)
 	ELOOP           = syscall.Errno(0x28)
 	EMEDIUMTYPE     = syscall.Errno(0x7c)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x5a)
 	EMULTIHOP       = syscall.Errno(0x48)
 	ENAMETOOLONG    = syscall.Errno(0x24)
@@ -2324,99 +576,67 @@ const (
 	ENETDOWN        = syscall.Errno(0x64)
 	ENETRESET       = syscall.Errno(0x66)
 	ENETUNREACH     = syscall.Errno(0x65)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x37)
 	ENOBUFS         = syscall.Errno(0x69)
 	ENOCSI          = syscall.Errno(0x32)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0x7e)
 	ENOLCK          = syscall.Errno(0x25)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x7b)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x2a)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x5c)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x26)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x6b)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x27)
 	ENOTNAM         = syscall.Errno(0x76)
 	ENOTRECOVERABLE = syscall.Errno(0x83)
 	ENOTSOCK        = syscall.Errno(0x58)
 	ENOTSUP         = syscall.Errno(0x5f)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x4c)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x5f)
 	EOVERFLOW       = syscall.Errno(0x4b)
 	EOWNERDEAD      = syscall.Errno(0x82)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x60)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x5d)
 	EPROTOTYPE      = syscall.Errno(0x5b)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x4e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x79)
 	ERESTART        = syscall.Errno(0x55)
 	ERFKILL         = syscall.Errno(0x84)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x6c)
 	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x74)
 	ESTRPIPE        = syscall.Errno(0x56)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x6e)
 	ETOOMANYREFS    = syscall.Errno(0x6d)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x75)
 	EUNATCH         = syscall.Errno(0x31)
 	EUSERS          = syscall.Errno(0x57)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x36)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0x7)
 	SIGCHLD   = syscall.Signal(0x11)
 	SIGCLD    = syscall.Signal(0x11)
 	SIGCONT   = syscall.Signal(0x12)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x1d)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x1d)
 	SIGPROF   = syscall.Signal(0x1b)
 	SIGPWR    = syscall.Signal(0x1e)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTKFLT = syscall.Signal(0x10)
 	SIGSTOP   = syscall.Signal(0x13)
 	SIGSYS    = syscall.Signal(0x1f)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x14)
 	SIGTTIN   = syscall.Signal(0x15)
 	SIGTTOU   = syscall.Signal(0x16)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 8d70233b260b5..3a67a9c852116 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -1,2264 +1,532 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm64 && linux
 // +build arm64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x80081270
-	BLKBSZSET                            = 0x40081271
-	BLKFLSBUF                            = 0x1261
-	BLKFRAGET                            = 0x1265
-	BLKFRASET                            = 0x1264
-	BLKGETSIZE                           = 0x1260
-	BLKGETSIZE64                         = 0x80081272
-	BLKPBSZGET                           = 0x127b
-	BLKRAGET                             = 0x1263
-	BLKRASET                             = 0x1262
-	BLKROGET                             = 0x125e
-	BLKROSET                             = 0x125d
-	BLKRRPART                            = 0x125f
-	BLKSECTGET                           = 0x1267
-	BLKSECTSET                           = 0x1266
-	BLKSSZGET                            = 0x1268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x800
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ESR_MAGIC                            = 0x45535201
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	EXTRA_MAGIC                          = 0x45585401
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x1000
-	FPSIMD_MAGIC                         = 0x46508001
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x400c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x40106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x800c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0x5
-	F_GETLK64                            = 0x5
-	F_GETOWN                             = 0x9
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x6
-	F_SETLK64                            = 0x6
-	F_SETLKW                             = 0x7
-	F_SETLKW64                           = 0x7
-	F_SETOWN                             = 0x8
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x8000
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x800
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x7b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x20
-	MAP_ANONYMOUS                        = 0x20
-	MAP_DENYWRITE                        = 0x800
-	MAP_EXECUTABLE                       = 0x1000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x100
-	MAP_HUGETLB                          = 0x40000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x2000
-	MAP_NONBLOCK                         = 0x10000
-	MAP_NORESERVE                        = 0x4000
-	MAP_POPULATE                         = 0x8000
-	MAP_PRIVATE                          = 0x2
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x20000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x400
-	O_ASYNC                              = 0x2000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x40
-	O_DIRECT                             = 0x10000
-	O_DIRECTORY                          = 0x4000
-	O_DSYNC                              = 0x1000
-	O_EXCL                               = 0x80
-	O_FSYNC                              = 0x101000
-	O_LARGEFILE                          = 0x0
-	O_NDELAY                             = 0x800
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x100
-	O_NOFOLLOW                           = 0x8000
-	O_NONBLOCK                           = 0x800
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x101000
-	O_SYNC                               = 0x101000
-	O_TMPFILE                            = 0x404000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x2401
-	PERF_EVENT_IOC_ENABLE                = 0x2400
-	PERF_EVENT_IOC_ID                    = 0x80082407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x4008240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x40042409
-	PERF_EVENT_IOC_PERIOD                = 0x40082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc008240a
-	PERF_EVENT_IOC_REFRESH               = 0x2402
-	PERF_EVENT_IOC_RESET                 = 0x2403
-	PERF_EVENT_IOC_SET_BPF               = 0x40042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x40082406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x2405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffffffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TRACEME                       = 0x0
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x9
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x8
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x7
-	RLIMIT_NPROC                         = 0x6
-	RLIMIT_RSS                           = 0x5
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x7002
-	RTC_AIE_ON                           = 0x7001
-	RTC_ALM_READ                         = 0x80247008
-	RTC_ALM_SET                          = 0x40247007
-	RTC_EPOCH_READ                       = 0x8008700d
-	RTC_EPOCH_SET                        = 0x4008700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x8008700b
-	RTC_IRQP_SET                         = 0x4008700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x7006
-	RTC_PIE_ON                           = 0x7005
-	RTC_PLL_GET                          = 0x80207011
-	RTC_PLL_SET                          = 0x40207012
-	RTC_RD_TIME                          = 0x80247009
-	RTC_SET_TIME                         = 0x4024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x7004
-	RTC_UIE_ON                           = 0x7003
-	RTC_VL_CLR                           = 0x7014
-	RTC_VL_READ                          = 0x80047013
-	RTC_WIE_OFF                          = 0x7010
-	RTC_WIE_ON                           = 0x700f
-	RTC_WKALM_RD                         = 0x80287010
-	RTC_WKALM_SET                        = 0x4028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x8905
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x8904
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x541b
-	SIOCOUTQ                             = 0x5411
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x8902
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x2
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x800
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x1
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0x1
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1e
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x6
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x27
-	SO_DONTROUTE                         = 0x5
-	SO_ERROR                             = 0x4
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x9
-	SO_LINGER                            = 0xd
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0xa
-	SO_PASSCRED                          = 0x10
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x11
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1f
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x26
-	SO_RCVBUF                            = 0x8
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x12
-	SO_RCVTIMEO                          = 0x14
-	SO_REUSEADDR                         = 0x2
-	SO_REUSEPORT                         = 0xf
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x7
-	SO_SNDBUFFORCE                       = 0x20
-	SO_SNDLOWAT                          = 0x13
-	SO_SNDTIMEO                          = 0x15
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x3
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SVE_MAGIC                            = 0x53564501
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x540b
-	TCGETA                               = 0x5405
-	TCGETS                               = 0x5401
-	TCGETS2                              = 0x802c542a
-	TCGETX                               = 0x5432
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x2
-	TCSBRK                               = 0x5409
-	TCSBRKP                              = 0x5425
-	TCSETA                               = 0x5406
-	TCSETAF                              = 0x5408
-	TCSETAW                              = 0x5407
-	TCSETS                               = 0x5402
-	TCSETS2                              = 0x402c542b
-	TCSETSF                              = 0x5404
-	TCSETSF2                             = 0x402c542d
-	TCSETSW                              = 0x5403
-	TCSETSW2                             = 0x402c542c
-	TCSETX                               = 0x5433
-	TCSETXF                              = 0x5434
-	TCSETXW                              = 0x5435
-	TCXONC                               = 0x540a
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x541d
-	TIOCEXCL                             = 0x540c
-	TIOCGDEV                             = 0x80045432
-	TIOCGETD                             = 0x5424
-	TIOCGEXCL                            = 0x80045440
-	TIOCGICOUNT                          = 0x545d
-	TIOCGLCKTRMIOS                       = 0x5456
-	TIOCGPGRP                            = 0x540f
-	TIOCGPKT                             = 0x80045438
-	TIOCGPTLCK                           = 0x80045439
-	TIOCGPTN                             = 0x80045430
-	TIOCGPTPEER                          = 0x5441
-	TIOCGRS485                           = 0x542e
-	TIOCGSERIAL                          = 0x541e
-	TIOCGSID                             = 0x5429
-	TIOCGSOFTCAR                         = 0x5419
-	TIOCGWINSZ                           = 0x5413
-	TIOCINQ                              = 0x541b
-	TIOCLINUX                            = 0x541c
-	TIOCMBIC                             = 0x5417
-	TIOCMBIS                             = 0x5416
-	TIOCMGET                             = 0x5415
-	TIOCMIWAIT                           = 0x545c
-	TIOCMSET                             = 0x5418
-	TIOCM_CAR                            = 0x40
-	TIOCM_CD                             = 0x40
-	TIOCM_CTS                            = 0x20
-	TIOCM_DSR                            = 0x100
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x80
-	TIOCM_RNG                            = 0x80
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x10
-	TIOCM_ST                             = 0x8
-	TIOCNOTTY                            = 0x5422
-	TIOCNXCL                             = 0x540d
-	TIOCOUTQ                             = 0x5411
-	TIOCPKT                              = 0x5420
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x540e
-	TIOCSERCONFIG                        = 0x5453
-	TIOCSERGETLSR                        = 0x5459
-	TIOCSERGETMULTI                      = 0x545a
-	TIOCSERGSTRUCT                       = 0x5458
-	TIOCSERGWILD                         = 0x5454
-	TIOCSERSETMULTI                      = 0x545b
-	TIOCSERSWILD                         = 0x5455
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x5423
-	TIOCSIG                              = 0x40045436
-	TIOCSLCKTRMIOS                       = 0x5457
-	TIOCSPGRP                            = 0x5410
-	TIOCSPTLCK                           = 0x40045431
-	TIOCSRS485                           = 0x542f
-	TIOCSSERIAL                          = 0x541f
-	TIOCSSOFTCAR                         = 0x541a
-	TIOCSTI                              = 0x5412
-	TIOCSWINSZ                           = 0x5414
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x100
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x401054d5
-	TUNDETACHFILTER                      = 0x401054d6
-	TUNGETFEATURES                       = 0x800454cf
-	TUNGETFILTER                         = 0x801054db
-	TUNGETIFF                            = 0x800454d2
-	TUNGETSNDBUF                         = 0x800454d3
-	TUNGETVNETBE                         = 0x800454df
-	TUNGETVNETHDRSZ                      = 0x800454d7
-	TUNGETVNETLE                         = 0x800454dd
-	TUNSETDEBUG                          = 0x400454c9
-	TUNSETFILTEREBPF                     = 0x800454e1
-	TUNSETGROUP                          = 0x400454ce
-	TUNSETIFF                            = 0x400454ca
-	TUNSETIFINDEX                        = 0x400454da
-	TUNSETLINK                           = 0x400454cd
-	TUNSETNOCSUM                         = 0x400454c8
-	TUNSETOFFLOAD                        = 0x400454d0
-	TUNSETOWNER                          = 0x400454cc
-	TUNSETPERSIST                        = 0x400454cb
-	TUNSETQUEUE                          = 0x400454d9
-	TUNSETSNDBUF                         = 0x400454d4
-	TUNSETSTEERINGEBPF                   = 0x800454e0
-	TUNSETTXFILTER                       = 0x400454d1
-	TUNSETVNETBE                         = 0x400454de
-	TUNSETVNETHDRSZ                      = 0x400454d8
-	TUNSETVNETLE                         = 0x400454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x4
-	VEOL                                 = 0xb
-	VEOL2                                = 0x10
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x6
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x80045702
-	WDIOC_GETPRETIMEOUT                  = 0x80045709
-	WDIOC_GETSTATUS                      = 0x80045701
-	WDIOC_GETSUPPORT                     = 0x80285700
-	WDIOC_GETTEMP                        = 0x80045703
-	WDIOC_GETTIMELEFT                    = 0x8004570a
-	WDIOC_GETTIMEOUT                     = 0x80045707
-	WDIOC_KEEPALIVE                      = 0x80045705
-	WDIOC_SETOPTIONS                     = 0x80045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x40
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80081270
+	BLKBSZSET                        = 0x40081271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x81484d11
+	ECCGETSTATS                      = 0x80104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	ESR_MAGIC                        = 0x45535201
+	EXTPROC                          = 0x10000
+	EXTRA_MAGIC                      = 0x45585401
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FPSIMD_MAGIC                     = 0x46508001
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0x5
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x80084803
+	HIDIOCGRDESC                     = 0x90044802
+	HIDIOCGRDESCSIZE                 = 0x80044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x40084d02
+	MEMERASE64                       = 0x40104d14
+	MEMGETBADBLOCK                   = 0x40084d0b
+	MEMGETINFO                       = 0x80204d01
+	MEMGETOOBSEL                     = 0x80c84d0a
+	MEMGETREGIONCOUNT                = 0x80044d07
+	MEMISLOCKED                      = 0x80084d17
+	MEMLOCK                          = 0x40084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x40084d0c
+	MEMUNLOCK                        = 0x40084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x4d13
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x400c4d19
+	OTPGETREGIONCOUNT                = 0x40044d0e
+	OTPGETREGIONINFO                 = 0x400c4d0f
+	OTPLOCK                          = 0x800c4d10
+	OTPSELECT                        = 0x80044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x10000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCBRIDGECHAN                 = 0x40047435
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8010743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40107446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x4010744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40107447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCUNBRIDGECHAN               = 0x7434
+	PPPIOCXFERUNIT                   = 0x744e
+	PROT_BTI                         = 0x10
+	PROT_MTE                         = 0x20
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_PEEKMTETAGS               = 0x21
+	PTRACE_POKEMTETAGS               = 0x22
+	PTRACE_SYSEMU                    = 0x1f
+	PTRACE_SYSEMU_SINGLESTEP         = 0x20
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8008700d
+	RTC_EPOCH_SET                    = 0x4008700e
+	RTC_IRQP_READ                    = 0x8008700b
+	RTC_IRQP_SET                     = 0x4008700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x80207011
+	RTC_PLL_SET                      = 0x40207012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	SVE_MAGIC                        = 0x53564501
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x401054d5
+	TUNDETACHFILTER                  = 0x401054d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x801054db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x80804804
+	_HIDIOCGRAWPHYS                  = 0x80404805
+	_HIDIOCGRAWUNIQ                  = 0x80404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x62)
 	EADDRNOTAVAIL   = syscall.Errno(0x63)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x61)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x72)
 	EBADE           = syscall.Errno(0x34)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x4d)
 	EBADMSG         = syscall.Errno(0x4a)
 	EBADR           = syscall.Errno(0x35)
 	EBADRQC         = syscall.Errno(0x38)
 	EBADSLT         = syscall.Errno(0x39)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x7d)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x2c)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x67)
@@ -2267,23 +535,15 @@ const (
 	EDEADLK         = syscall.Errno(0x23)
 	EDEADLOCK       = syscall.Errno(0x23)
 	EDESTADDRREQ    = syscall.Errno(0x59)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x7a)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x70)
 	EHOSTUNREACH    = syscall.Errno(0x71)
 	EHWPOISON       = syscall.Errno(0x85)
 	EIDRM           = syscall.Errno(0x2b)
 	EILSEQ          = syscall.Errno(0x54)
 	EINPROGRESS     = syscall.Errno(0x73)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x6a)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x78)
 	EKEYEXPIRED     = syscall.Errno(0x7f)
 	EKEYREJECTED    = syscall.Errno(0x81)
@@ -2300,8 +560,6 @@ const (
 	ELNRNG          = syscall.Errno(0x30)
 	ELOOP           = syscall.Errno(0x28)
 	EMEDIUMTYPE     = syscall.Errno(0x7c)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x5a)
 	EMULTIHOP       = syscall.Errno(0x48)
 	ENAMETOOLONG    = syscall.Errno(0x24)
@@ -2309,99 +567,67 @@ const (
 	ENETDOWN        = syscall.Errno(0x64)
 	ENETRESET       = syscall.Errno(0x66)
 	ENETUNREACH     = syscall.Errno(0x65)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x37)
 	ENOBUFS         = syscall.Errno(0x69)
 	ENOCSI          = syscall.Errno(0x32)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0x7e)
 	ENOLCK          = syscall.Errno(0x25)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x7b)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x2a)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x5c)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x26)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x6b)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x27)
 	ENOTNAM         = syscall.Errno(0x76)
 	ENOTRECOVERABLE = syscall.Errno(0x83)
 	ENOTSOCK        = syscall.Errno(0x58)
 	ENOTSUP         = syscall.Errno(0x5f)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x4c)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x5f)
 	EOVERFLOW       = syscall.Errno(0x4b)
 	EOWNERDEAD      = syscall.Errno(0x82)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x60)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x5d)
 	EPROTOTYPE      = syscall.Errno(0x5b)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x4e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x79)
 	ERESTART        = syscall.Errno(0x55)
 	ERFKILL         = syscall.Errno(0x84)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x6c)
 	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x74)
 	ESTRPIPE        = syscall.Errno(0x56)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x6e)
 	ETOOMANYREFS    = syscall.Errno(0x6d)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x75)
 	EUNATCH         = syscall.Errno(0x31)
 	EUSERS          = syscall.Errno(0x57)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x36)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0x7)
 	SIGCHLD   = syscall.Signal(0x11)
 	SIGCLD    = syscall.Signal(0x11)
 	SIGCONT   = syscall.Signal(0x12)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x1d)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x1d)
 	SIGPROF   = syscall.Signal(0x1b)
 	SIGPWR    = syscall.Signal(0x1e)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTKFLT = syscall.Signal(0x10)
 	SIGSTOP   = syscall.Signal(0x13)
 	SIGSYS    = syscall.Signal(0x1f)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x14)
 	SIGTTIN   = syscall.Signal(0x15)
 	SIGTTOU   = syscall.Signal(0x16)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 410ab56b095b6..a7ccef56c52a9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -1,2276 +1,537 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips && linux
 // +build mips,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x40041270
-	BLKBSZSET                            = 0x80041271
-	BLKFLSBUF                            = 0x20001261
-	BLKFRAGET                            = 0x20001265
-	BLKFRASET                            = 0x20001264
-	BLKGETSIZE                           = 0x20001260
-	BLKGETSIZE64                         = 0x40041272
-	BLKPBSZGET                           = 0x2000127b
-	BLKRAGET                             = 0x20001263
-	BLKRASET                             = 0x20001262
-	BLKROGET                             = 0x2000125e
-	BLKROSET                             = 0x2000125d
-	BLKRRPART                            = 0x2000125f
-	BLKSECTGET                           = 0x20001267
-	BLKSECTSET                           = 0x20001266
-	BLKSSZGET                            = 0x20001268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x80
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x2000
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x800c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x80106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x400c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0x21
-	F_GETLK64                            = 0x21
-	F_GETOWN                             = 0x17
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x22
-	F_SETLK64                            = 0x22
-	F_SETLKW                             = 0x23
-	F_SETLKW64                           = 0x23
-	F_SETOWN                             = 0x18
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x100
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x80
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x200007b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x800
-	MAP_ANONYMOUS                        = 0x800
-	MAP_DENYWRITE                        = 0x2000
-	MAP_EXECUTABLE                       = 0x4000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x1000
-	MAP_HUGETLB                          = 0x80000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x8000
-	MAP_NONBLOCK                         = 0x20000
-	MAP_NORESERVE                        = 0x400
-	MAP_POPULATE                         = 0x10000
-	MAP_PRIVATE                          = 0x2
-	MAP_RENAME                           = 0x800
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x40000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x8
-	O_ASYNC                              = 0x1000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x100
-	O_DIRECT                             = 0x8000
-	O_DIRECTORY                          = 0x10000
-	O_DSYNC                              = 0x10
-	O_EXCL                               = 0x400
-	O_FSYNC                              = 0x4010
-	O_LARGEFILE                          = 0x2000
-	O_NDELAY                             = 0x80
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x800
-	O_NOFOLLOW                           = 0x20000
-	O_NONBLOCK                           = 0x80
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x4010
-	O_SYNC                               = 0x4010
-	O_TMPFILE                            = 0x410000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x20002401
-	PERF_EVENT_IOC_ENABLE                = 0x20002400
-	PERF_EVENT_IOC_ID                    = 0x40042407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x8004240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x80042409
-	PERF_EVENT_IOC_PERIOD                = 0x80082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc004240a
-	PERF_EVENT_IOC_REFRESH               = 0x20002402
-	PERF_EVENT_IOC_RESET                 = 0x20002403
-	PERF_EVENT_IOC_SET_BPF               = 0x80042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x80042406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x20002405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GET_THREAD_AREA               = 0x19
-	PTRACE_GET_THREAD_AREA_3264          = 0xc4
-	PTRACE_GET_WATCH_REGS                = 0xd0
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_OLDSETOPTIONS                 = 0x15
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKDATA_3264                 = 0xc1
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKTEXT_3264                 = 0xc0
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKEDATA_3264                 = 0xc3
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKETEXT_3264                 = 0xc2
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SET_THREAD_AREA               = 0x1a
-	PTRACE_SET_WATCH_REGS                = 0xd1
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TRACEME                       = 0x0
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x6
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x9
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x5
-	RLIMIT_NPROC                         = 0x8
-	RLIMIT_RSS                           = 0x7
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x20007002
-	RTC_AIE_ON                           = 0x20007001
-	RTC_ALM_READ                         = 0x40247008
-	RTC_ALM_SET                          = 0x80247007
-	RTC_EPOCH_READ                       = 0x4004700d
-	RTC_EPOCH_SET                        = 0x8004700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x4004700b
-	RTC_IRQP_SET                         = 0x8004700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x20007006
-	RTC_PIE_ON                           = 0x20007005
-	RTC_PLL_GET                          = 0x401c7011
-	RTC_PLL_SET                          = 0x801c7012
-	RTC_RD_TIME                          = 0x40247009
-	RTC_SET_TIME                         = 0x8024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x20007004
-	RTC_UIE_ON                           = 0x20007003
-	RTC_VL_CLR                           = 0x20007014
-	RTC_VL_READ                          = 0x40047013
-	RTC_WIE_OFF                          = 0x20007010
-	RTC_WIE_ON                           = 0x2000700f
-	RTC_WKALM_RD                         = 0x40287010
-	RTC_WKALM_SET                        = 0x8028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x40047307
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x40047309
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x467f
-	SIOCOUTQ                             = 0x7472
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x80047308
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x1
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x80
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x2
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0xffff
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1009
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x20
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x1029
-	SO_DONTROUTE                         = 0x10
-	SO_ERROR                             = 0x1007
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x8
-	SO_LINGER                            = 0x80
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0x100
-	SO_PASSCRED                          = 0x11
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x12
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1e
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x1028
-	SO_RCVBUF                            = 0x1002
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x1004
-	SO_RCVTIMEO                          = 0x1006
-	SO_REUSEADDR                         = 0x4
-	SO_REUSEPORT                         = 0x200
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x1001
-	SO_SNDBUFFORCE                       = 0x1f
-	SO_SNDLOWAT                          = 0x1003
-	SO_SNDTIMEO                          = 0x1005
-	SO_STYLE                             = 0x1008
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x1008
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x5407
-	TCGETA                               = 0x5401
-	TCGETS                               = 0x540d
-	TCGETS2                              = 0x4030542a
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x5410
-	TCSBRK                               = 0x5405
-	TCSBRKP                              = 0x5486
-	TCSETA                               = 0x5402
-	TCSETAF                              = 0x5404
-	TCSETAW                              = 0x5403
-	TCSETS                               = 0x540e
-	TCSETS2                              = 0x8030542b
-	TCSETSF                              = 0x5410
-	TCSETSF2                             = 0x8030542d
-	TCSETSW                              = 0x540f
-	TCSETSW2                             = 0x8030542c
-	TCXONC                               = 0x5406
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x80047478
-	TIOCEXCL                             = 0x740d
-	TIOCGDEV                             = 0x40045432
-	TIOCGETD                             = 0x7400
-	TIOCGETP                             = 0x7408
-	TIOCGEXCL                            = 0x40045440
-	TIOCGICOUNT                          = 0x5492
-	TIOCGLCKTRMIOS                       = 0x548b
-	TIOCGLTC                             = 0x7474
-	TIOCGPGRP                            = 0x40047477
-	TIOCGPKT                             = 0x40045438
-	TIOCGPTLCK                           = 0x40045439
-	TIOCGPTN                             = 0x40045430
-	TIOCGPTPEER                          = 0x20005441
-	TIOCGRS485                           = 0x4020542e
-	TIOCGSERIAL                          = 0x5484
-	TIOCGSID                             = 0x7416
-	TIOCGSOFTCAR                         = 0x5481
-	TIOCGWINSZ                           = 0x40087468
-	TIOCINQ                              = 0x467f
-	TIOCLINUX                            = 0x5483
-	TIOCMBIC                             = 0x741c
-	TIOCMBIS                             = 0x741b
-	TIOCMGET                             = 0x741d
-	TIOCMIWAIT                           = 0x5491
-	TIOCMSET                             = 0x741a
-	TIOCM_CAR                            = 0x100
-	TIOCM_CD                             = 0x100
-	TIOCM_CTS                            = 0x40
-	TIOCM_DSR                            = 0x400
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x200
-	TIOCM_RNG                            = 0x200
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x20
-	TIOCM_ST                             = 0x10
-	TIOCNOTTY                            = 0x5471
-	TIOCNXCL                             = 0x740e
-	TIOCOUTQ                             = 0x7472
-	TIOCPKT                              = 0x5470
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x5480
-	TIOCSERCONFIG                        = 0x5488
-	TIOCSERGETLSR                        = 0x548e
-	TIOCSERGETMULTI                      = 0x548f
-	TIOCSERGSTRUCT                       = 0x548d
-	TIOCSERGWILD                         = 0x5489
-	TIOCSERSETMULTI                      = 0x5490
-	TIOCSERSWILD                         = 0x548a
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x7401
-	TIOCSETN                             = 0x740a
-	TIOCSETP                             = 0x7409
-	TIOCSIG                              = 0x80045436
-	TIOCSLCKTRMIOS                       = 0x548c
-	TIOCSLTC                             = 0x7475
-	TIOCSPGRP                            = 0x80047476
-	TIOCSPTLCK                           = 0x80045431
-	TIOCSRS485                           = 0xc020542f
-	TIOCSSERIAL                          = 0x5485
-	TIOCSSOFTCAR                         = 0x5482
-	TIOCSTI                              = 0x5472
-	TIOCSWINSZ                           = 0x80087467
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x8000
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x800854d5
-	TUNDETACHFILTER                      = 0x800854d6
-	TUNGETFEATURES                       = 0x400454cf
-	TUNGETFILTER                         = 0x400854db
-	TUNGETIFF                            = 0x400454d2
-	TUNGETSNDBUF                         = 0x400454d3
-	TUNGETVNETBE                         = 0x400454df
-	TUNGETVNETHDRSZ                      = 0x400454d7
-	TUNGETVNETLE                         = 0x400454dd
-	TUNSETDEBUG                          = 0x800454c9
-	TUNSETFILTEREBPF                     = 0x400454e1
-	TUNSETGROUP                          = 0x800454ce
-	TUNSETIFF                            = 0x800454ca
-	TUNSETIFINDEX                        = 0x800454da
-	TUNSETLINK                           = 0x800454cd
-	TUNSETNOCSUM                         = 0x800454c8
-	TUNSETOFFLOAD                        = 0x800454d0
-	TUNSETOWNER                          = 0x800454cc
-	TUNSETPERSIST                        = 0x800454cb
-	TUNSETQUEUE                          = 0x800454d9
-	TUNSETSNDBUF                         = 0x800454d4
-	TUNSETSTEERINGEBPF                   = 0x400454e0
-	TUNSETTXFILTER                       = 0x800454d1
-	TUNSETVNETBE                         = 0x800454de
-	TUNSETVNETHDRSZ                      = 0x800454d8
-	TUNSETVNETLE                         = 0x800454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x10
-	VEOL                                 = 0x11
-	VEOL2                                = 0x6
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x4
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VSWTCH                               = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x40045702
-	WDIOC_GETPRETIMEOUT                  = 0x40045709
-	WDIOC_GETSTATUS                      = 0x40045701
-	WDIOC_GETSUPPORT                     = 0x40285700
-	WDIOC_GETTEMP                        = 0x40045703
-	WDIOC_GETTIMELEFT                    = 0x4004570a
-	WDIOC_GETTIMEOUT                     = 0x40045707
-	WDIOC_KEEPALIVE                      = 0x40045705
-	WDIOC_SETOPTIONS                     = 0x40045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x20
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40041270
+	BLKBSZSET                        = 0x80041271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40041272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x41484d11
+	ECCGETSTATS                      = 0x40104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x80
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x21
+	F_GETLK64                        = 0x21
+	F_GETOWN                         = 0x17
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x22
+	F_SETLK64                        = 0x22
+	F_SETLKW                         = 0x23
+	F_SETLKW64                       = 0x23
+	F_SETOWN                         = 0x18
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x100
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x80
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x800
+	MAP_ANONYMOUS                    = 0x800
+	MAP_DENYWRITE                    = 0x2000
+	MAP_EXECUTABLE                   = 0x4000
+	MAP_GROWSDOWN                    = 0x1000
+	MAP_HUGETLB                      = 0x80000
+	MAP_LOCKED                       = 0x8000
+	MAP_NONBLOCK                     = 0x20000
+	MAP_NORESERVE                    = 0x400
+	MAP_POPULATE                     = 0x10000
+	MAP_RENAME                       = 0x800
+	MAP_STACK                        = 0x40000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x80084d02
+	MEMERASE64                       = 0x80104d14
+	MEMGETBADBLOCK                   = 0x80084d0b
+	MEMGETINFO                       = 0x40204d01
+	MEMGETOOBSEL                     = 0x40c84d0a
+	MEMGETREGIONCOUNT                = 0x40044d07
+	MEMISLOCKED                      = 0x40084d17
+	MEMLOCK                          = 0x80084d05
+	MEMREADOOB                       = 0xc00c4d04
+	MEMSETBADBLOCK                   = 0x80084d0c
+	MEMUNLOCK                        = 0x80084d06
+	MEMWRITEOOB                      = 0xc00c4d03
+	MTDFILEMODE                      = 0x20004d13
+	NFDBITS                          = 0x20
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x800c4d19
+	OTPGETREGIONCOUNT                = 0x80044d0e
+	OTPGETREGIONINFO                 = 0x800c4d0f
+	OTPLOCK                          = 0x400c4d10
+	OTPSELECT                        = 0x40044d0d
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x1000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x100
+	O_DIRECT                         = 0x8000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x10
+	O_EXCL                           = 0x400
+	O_FSYNC                          = 0x4010
+	O_LARGEFILE                      = 0x2000
+	O_NDELAY                         = 0x80
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x800
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x80
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x4010
+	O_SYNC                           = 0x4010
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4008743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80087446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x800c744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80087447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_GET_THREAD_AREA_3264      = 0xc4
+	PTRACE_GET_WATCH_REGS            = 0xd0
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_3264             = 0xc1
+	PTRACE_PEEKTEXT_3264             = 0xc0
+	PTRACE_POKEDATA_3264             = 0xc3
+	PTRACE_POKETEXT_3264             = 0xc2
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SET_WATCH_REGS            = 0xd1
+	RLIMIT_AS                        = 0x6
+	RLIMIT_MEMLOCK                   = 0x9
+	RLIMIT_NOFILE                    = 0x5
+	RLIMIT_NPROC                     = 0x8
+	RLIMIT_RSS                       = 0x7
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4004700d
+	RTC_EPOCH_SET                    = 0x8004700e
+	RTC_IRQP_READ                    = 0x4004700b
+	RTC_IRQP_SET                     = 0x8004700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x401c7011
+	RTC_PLL_SET                      = 0x801c7012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x80
+	SIOCATMARK                       = 0x40047307
+	SIOCGPGRP                        = 0x40047309
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x467f
+	SIOCOUTQ                         = 0x7472
+	SIOCSPGRP                        = 0x80047308
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x1
+	SOCK_NONBLOCK                    = 0x80
+	SOCK_STREAM                      = 0x2
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x1009
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x11
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x12
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1e
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x1004
+	SO_RCVTIMEO                      = 0x1006
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x1006
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x1f
+	SO_SNDLOWAT                      = 0x1003
+	SO_SNDTIMEO                      = 0x1005
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x1005
+	SO_STYLE                         = 0x1008
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x5407
+	TCGETA                           = 0x5401
+	TCGETS                           = 0x540d
+	TCGETS2                          = 0x4030542a
+	TCSAFLUSH                        = 0x5410
+	TCSBRK                           = 0x5405
+	TCSBRKP                          = 0x5486
+	TCSETA                           = 0x5402
+	TCSETAF                          = 0x5404
+	TCSETAW                          = 0x5403
+	TCSETS                           = 0x540e
+	TCSETS2                          = 0x8030542b
+	TCSETSF                          = 0x5410
+	TCSETSF2                         = 0x8030542d
+	TCSETSW                          = 0x540f
+	TCSETSW2                         = 0x8030542c
+	TCXONC                           = 0x5406
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x80
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x80047478
+	TIOCEXCL                         = 0x740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x7400
+	TIOCGETP                         = 0x7408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x5492
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x548b
+	TIOCGLTC                         = 0x7474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x4020542e
+	TIOCGSERIAL                      = 0x5484
+	TIOCGSID                         = 0x7416
+	TIOCGSOFTCAR                     = 0x5481
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x467f
+	TIOCLINUX                        = 0x5483
+	TIOCMBIC                         = 0x741c
+	TIOCMBIS                         = 0x741b
+	TIOCMGET                         = 0x741d
+	TIOCMIWAIT                       = 0x5491
+	TIOCMSET                         = 0x741a
+	TIOCM_CAR                        = 0x100
+	TIOCM_CD                         = 0x100
+	TIOCM_CTS                        = 0x40
+	TIOCM_DSR                        = 0x400
+	TIOCM_RI                         = 0x200
+	TIOCM_RNG                        = 0x200
+	TIOCM_SR                         = 0x20
+	TIOCM_ST                         = 0x10
+	TIOCNOTTY                        = 0x5471
+	TIOCNXCL                         = 0x740e
+	TIOCOUTQ                         = 0x7472
+	TIOCPKT                          = 0x5470
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x5480
+	TIOCSERCONFIG                    = 0x5488
+	TIOCSERGETLSR                    = 0x548e
+	TIOCSERGETMULTI                  = 0x548f
+	TIOCSERGSTRUCT                   = 0x548d
+	TIOCSERGWILD                     = 0x5489
+	TIOCSERSETMULTI                  = 0x5490
+	TIOCSERSWILD                     = 0x548a
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x7401
+	TIOCSETN                         = 0x740a
+	TIOCSETP                         = 0x7409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x548c
+	TIOCSLTC                         = 0x7475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0xc020542f
+	TIOCSSERIAL                      = 0x5485
+	TIOCSSOFTCAR                     = 0x5482
+	TIOCSTI                          = 0x5472
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x8000
+	TUNATTACHFILTER                  = 0x800854d5
+	TUNDETACHFILTER                  = 0x800854d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x400854db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x10
+	VEOL                             = 0x11
+	VEOL2                            = 0x6
+	VMIN                             = 0x4
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VSWTCH                           = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x20
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x7d)
 	EADDRNOTAVAIL   = syscall.Errno(0x7e)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x7c)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x95)
 	EBADE           = syscall.Errno(0x32)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x51)
 	EBADMSG         = syscall.Errno(0x4d)
 	EBADR           = syscall.Errno(0x33)
 	EBADRQC         = syscall.Errno(0x36)
 	EBADSLT         = syscall.Errno(0x37)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x9e)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x25)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x82)
@@ -2279,12 +540,8 @@ const (
 	EDEADLK         = syscall.Errno(0x2d)
 	EDEADLOCK       = syscall.Errno(0x38)
 	EDESTADDRREQ    = syscall.Errno(0x60)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x46d)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x93)
 	EHOSTUNREACH    = syscall.Errno(0x94)
 	EHWPOISON       = syscall.Errno(0xa8)
@@ -2292,11 +549,7 @@ const (
 	EILSEQ          = syscall.Errno(0x58)
 	EINIT           = syscall.Errno(0x8d)
 	EINPROGRESS     = syscall.Errno(0x96)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x85)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x8b)
 	EKEYEXPIRED     = syscall.Errno(0xa2)
 	EKEYREJECTED    = syscall.Errno(0xa4)
@@ -2313,8 +566,6 @@ const (
 	ELNRNG          = syscall.Errno(0x29)
 	ELOOP           = syscall.Errno(0x5a)
 	EMEDIUMTYPE     = syscall.Errno(0xa0)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x61)
 	EMULTIHOP       = syscall.Errno(0x4a)
 	ENAMETOOLONG    = syscall.Errno(0x4e)
@@ -2322,100 +573,68 @@ const (
 	ENETDOWN        = syscall.Errno(0x7f)
 	ENETRESET       = syscall.Errno(0x81)
 	ENETUNREACH     = syscall.Errno(0x80)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x35)
 	ENOBUFS         = syscall.Errno(0x84)
 	ENOCSI          = syscall.Errno(0x2b)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0xa1)
 	ENOLCK          = syscall.Errno(0x2e)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x9f)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x23)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x63)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x59)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x86)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x5d)
 	ENOTNAM         = syscall.Errno(0x89)
 	ENOTRECOVERABLE = syscall.Errno(0xa6)
 	ENOTSOCK        = syscall.Errno(0x5f)
 	ENOTSUP         = syscall.Errno(0x7a)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x50)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x7a)
 	EOVERFLOW       = syscall.Errno(0x4f)
 	EOWNERDEAD      = syscall.Errno(0xa5)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x7b)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x78)
 	EPROTOTYPE      = syscall.Errno(0x62)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x52)
 	EREMDEV         = syscall.Errno(0x8e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x8c)
 	ERESTART        = syscall.Errno(0x5b)
 	ERFKILL         = syscall.Errno(0xa7)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x8f)
 	ESOCKTNOSUPPORT = syscall.Errno(0x79)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x97)
 	ESTRPIPE        = syscall.Errno(0x5c)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x91)
 	ETOOMANYREFS    = syscall.Errno(0x90)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x87)
 	EUNATCH         = syscall.Errno(0x2a)
 	EUSERS          = syscall.Errno(0x5e)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x34)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0xa)
 	SIGCHLD   = syscall.Signal(0x12)
 	SIGCLD    = syscall.Signal(0x12)
 	SIGCONT   = syscall.Signal(0x19)
 	SIGEMT    = syscall.Signal(0x7)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x16)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x16)
 	SIGPROF   = syscall.Signal(0x1d)
 	SIGPWR    = syscall.Signal(0x13)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTOP   = syscall.Signal(0x17)
 	SIGSYS    = syscall.Signal(0xc)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x18)
 	SIGTTIN   = syscall.Signal(0x1a)
 	SIGTTOU   = syscall.Signal(0x1b)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index dac4d90fada6d..f7b7cec910f00 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -1,2276 +1,537 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips64 && linux
 // +build mips64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x40081270
-	BLKBSZSET                            = 0x80081271
-	BLKFLSBUF                            = 0x20001261
-	BLKFRAGET                            = 0x20001265
-	BLKFRASET                            = 0x20001264
-	BLKGETSIZE                           = 0x20001260
-	BLKGETSIZE64                         = 0x40081272
-	BLKPBSZGET                           = 0x2000127b
-	BLKRAGET                             = 0x20001263
-	BLKRASET                             = 0x20001262
-	BLKROGET                             = 0x2000125e
-	BLKROSET                             = 0x2000125d
-	BLKRRPART                            = 0x2000125f
-	BLKSECTGET                           = 0x20001267
-	BLKSECTSET                           = 0x20001266
-	BLKSSZGET                            = 0x20001268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x80
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x2000
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x800c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x80106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x400c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0xe
-	F_GETLK64                            = 0xe
-	F_GETOWN                             = 0x17
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x6
-	F_SETLK64                            = 0x6
-	F_SETLKW                             = 0x7
-	F_SETLKW64                           = 0x7
-	F_SETOWN                             = 0x18
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x100
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x80
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x200007b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x800
-	MAP_ANONYMOUS                        = 0x800
-	MAP_DENYWRITE                        = 0x2000
-	MAP_EXECUTABLE                       = 0x4000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x1000
-	MAP_HUGETLB                          = 0x80000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x8000
-	MAP_NONBLOCK                         = 0x20000
-	MAP_NORESERVE                        = 0x400
-	MAP_POPULATE                         = 0x10000
-	MAP_PRIVATE                          = 0x2
-	MAP_RENAME                           = 0x800
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x40000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x8
-	O_ASYNC                              = 0x1000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x100
-	O_DIRECT                             = 0x8000
-	O_DIRECTORY                          = 0x10000
-	O_DSYNC                              = 0x10
-	O_EXCL                               = 0x400
-	O_FSYNC                              = 0x4010
-	O_LARGEFILE                          = 0x0
-	O_NDELAY                             = 0x80
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x800
-	O_NOFOLLOW                           = 0x20000
-	O_NONBLOCK                           = 0x80
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x4010
-	O_SYNC                               = 0x4010
-	O_TMPFILE                            = 0x410000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x20002401
-	PERF_EVENT_IOC_ENABLE                = 0x20002400
-	PERF_EVENT_IOC_ID                    = 0x40082407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x8008240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x80042409
-	PERF_EVENT_IOC_PERIOD                = 0x80082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc008240a
-	PERF_EVENT_IOC_REFRESH               = 0x20002402
-	PERF_EVENT_IOC_RESET                 = 0x20002403
-	PERF_EVENT_IOC_SET_BPF               = 0x80042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x80082406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x20002405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffffffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GET_THREAD_AREA               = 0x19
-	PTRACE_GET_THREAD_AREA_3264          = 0xc4
-	PTRACE_GET_WATCH_REGS                = 0xd0
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_OLDSETOPTIONS                 = 0x15
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKDATA_3264                 = 0xc1
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKTEXT_3264                 = 0xc0
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKEDATA_3264                 = 0xc3
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKETEXT_3264                 = 0xc2
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SET_THREAD_AREA               = 0x1a
-	PTRACE_SET_WATCH_REGS                = 0xd1
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TRACEME                       = 0x0
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x6
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x9
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x5
-	RLIMIT_NPROC                         = 0x8
-	RLIMIT_RSS                           = 0x7
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x20007002
-	RTC_AIE_ON                           = 0x20007001
-	RTC_ALM_READ                         = 0x40247008
-	RTC_ALM_SET                          = 0x80247007
-	RTC_EPOCH_READ                       = 0x4008700d
-	RTC_EPOCH_SET                        = 0x8008700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x4008700b
-	RTC_IRQP_SET                         = 0x8008700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x20007006
-	RTC_PIE_ON                           = 0x20007005
-	RTC_PLL_GET                          = 0x40207011
-	RTC_PLL_SET                          = 0x80207012
-	RTC_RD_TIME                          = 0x40247009
-	RTC_SET_TIME                         = 0x8024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x20007004
-	RTC_UIE_ON                           = 0x20007003
-	RTC_VL_CLR                           = 0x20007014
-	RTC_VL_READ                          = 0x40047013
-	RTC_WIE_OFF                          = 0x20007010
-	RTC_WIE_ON                           = 0x2000700f
-	RTC_WKALM_RD                         = 0x40287010
-	RTC_WKALM_SET                        = 0x8028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x40047307
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x40047309
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x467f
-	SIOCOUTQ                             = 0x7472
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x80047308
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x1
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x80
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x2
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0xffff
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1009
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x20
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x1029
-	SO_DONTROUTE                         = 0x10
-	SO_ERROR                             = 0x1007
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x8
-	SO_LINGER                            = 0x80
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0x100
-	SO_PASSCRED                          = 0x11
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x12
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1e
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x1028
-	SO_RCVBUF                            = 0x1002
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x1004
-	SO_RCVTIMEO                          = 0x1006
-	SO_REUSEADDR                         = 0x4
-	SO_REUSEPORT                         = 0x200
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x1001
-	SO_SNDBUFFORCE                       = 0x1f
-	SO_SNDLOWAT                          = 0x1003
-	SO_SNDTIMEO                          = 0x1005
-	SO_STYLE                             = 0x1008
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x1008
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x5407
-	TCGETA                               = 0x5401
-	TCGETS                               = 0x540d
-	TCGETS2                              = 0x4030542a
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x5410
-	TCSBRK                               = 0x5405
-	TCSBRKP                              = 0x5486
-	TCSETA                               = 0x5402
-	TCSETAF                              = 0x5404
-	TCSETAW                              = 0x5403
-	TCSETS                               = 0x540e
-	TCSETS2                              = 0x8030542b
-	TCSETSF                              = 0x5410
-	TCSETSF2                             = 0x8030542d
-	TCSETSW                              = 0x540f
-	TCSETSW2                             = 0x8030542c
-	TCXONC                               = 0x5406
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x80047478
-	TIOCEXCL                             = 0x740d
-	TIOCGDEV                             = 0x40045432
-	TIOCGETD                             = 0x7400
-	TIOCGETP                             = 0x7408
-	TIOCGEXCL                            = 0x40045440
-	TIOCGICOUNT                          = 0x5492
-	TIOCGLCKTRMIOS                       = 0x548b
-	TIOCGLTC                             = 0x7474
-	TIOCGPGRP                            = 0x40047477
-	TIOCGPKT                             = 0x40045438
-	TIOCGPTLCK                           = 0x40045439
-	TIOCGPTN                             = 0x40045430
-	TIOCGPTPEER                          = 0x20005441
-	TIOCGRS485                           = 0x4020542e
-	TIOCGSERIAL                          = 0x5484
-	TIOCGSID                             = 0x7416
-	TIOCGSOFTCAR                         = 0x5481
-	TIOCGWINSZ                           = 0x40087468
-	TIOCINQ                              = 0x467f
-	TIOCLINUX                            = 0x5483
-	TIOCMBIC                             = 0x741c
-	TIOCMBIS                             = 0x741b
-	TIOCMGET                             = 0x741d
-	TIOCMIWAIT                           = 0x5491
-	TIOCMSET                             = 0x741a
-	TIOCM_CAR                            = 0x100
-	TIOCM_CD                             = 0x100
-	TIOCM_CTS                            = 0x40
-	TIOCM_DSR                            = 0x400
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x200
-	TIOCM_RNG                            = 0x200
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x20
-	TIOCM_ST                             = 0x10
-	TIOCNOTTY                            = 0x5471
-	TIOCNXCL                             = 0x740e
-	TIOCOUTQ                             = 0x7472
-	TIOCPKT                              = 0x5470
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x5480
-	TIOCSERCONFIG                        = 0x5488
-	TIOCSERGETLSR                        = 0x548e
-	TIOCSERGETMULTI                      = 0x548f
-	TIOCSERGSTRUCT                       = 0x548d
-	TIOCSERGWILD                         = 0x5489
-	TIOCSERSETMULTI                      = 0x5490
-	TIOCSERSWILD                         = 0x548a
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x7401
-	TIOCSETN                             = 0x740a
-	TIOCSETP                             = 0x7409
-	TIOCSIG                              = 0x80045436
-	TIOCSLCKTRMIOS                       = 0x548c
-	TIOCSLTC                             = 0x7475
-	TIOCSPGRP                            = 0x80047476
-	TIOCSPTLCK                           = 0x80045431
-	TIOCSRS485                           = 0xc020542f
-	TIOCSSERIAL                          = 0x5485
-	TIOCSSOFTCAR                         = 0x5482
-	TIOCSTI                              = 0x5472
-	TIOCSWINSZ                           = 0x80087467
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x8000
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x801054d5
-	TUNDETACHFILTER                      = 0x801054d6
-	TUNGETFEATURES                       = 0x400454cf
-	TUNGETFILTER                         = 0x401054db
-	TUNGETIFF                            = 0x400454d2
-	TUNGETSNDBUF                         = 0x400454d3
-	TUNGETVNETBE                         = 0x400454df
-	TUNGETVNETHDRSZ                      = 0x400454d7
-	TUNGETVNETLE                         = 0x400454dd
-	TUNSETDEBUG                          = 0x800454c9
-	TUNSETFILTEREBPF                     = 0x400454e1
-	TUNSETGROUP                          = 0x800454ce
-	TUNSETIFF                            = 0x800454ca
-	TUNSETIFINDEX                        = 0x800454da
-	TUNSETLINK                           = 0x800454cd
-	TUNSETNOCSUM                         = 0x800454c8
-	TUNSETOFFLOAD                        = 0x800454d0
-	TUNSETOWNER                          = 0x800454cc
-	TUNSETPERSIST                        = 0x800454cb
-	TUNSETQUEUE                          = 0x800454d9
-	TUNSETSNDBUF                         = 0x800454d4
-	TUNSETSTEERINGEBPF                   = 0x400454e0
-	TUNSETTXFILTER                       = 0x800454d1
-	TUNSETVNETBE                         = 0x800454de
-	TUNSETVNETHDRSZ                      = 0x800454d8
-	TUNSETVNETLE                         = 0x800454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x10
-	VEOL                                 = 0x11
-	VEOL2                                = 0x6
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x4
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VSWTCH                               = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x40045702
-	WDIOC_GETPRETIMEOUT                  = 0x40045709
-	WDIOC_GETSTATUS                      = 0x40045701
-	WDIOC_GETSUPPORT                     = 0x40285700
-	WDIOC_GETTEMP                        = 0x40045703
-	WDIOC_GETTIMELEFT                    = 0x4004570a
-	WDIOC_GETTIMEOUT                     = 0x40045707
-	WDIOC_KEEPALIVE                      = 0x40045705
-	WDIOC_SETOPTIONS                     = 0x40045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x40
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x41484d11
+	ECCGETSTATS                      = 0x40104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x80
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0xe
+	F_GETLK64                        = 0xe
+	F_GETOWN                         = 0x17
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x18
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x100
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x80
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x800
+	MAP_ANONYMOUS                    = 0x800
+	MAP_DENYWRITE                    = 0x2000
+	MAP_EXECUTABLE                   = 0x4000
+	MAP_GROWSDOWN                    = 0x1000
+	MAP_HUGETLB                      = 0x80000
+	MAP_LOCKED                       = 0x8000
+	MAP_NONBLOCK                     = 0x20000
+	MAP_NORESERVE                    = 0x400
+	MAP_POPULATE                     = 0x10000
+	MAP_RENAME                       = 0x800
+	MAP_STACK                        = 0x40000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x80084d02
+	MEMERASE64                       = 0x80104d14
+	MEMGETBADBLOCK                   = 0x80084d0b
+	MEMGETINFO                       = 0x40204d01
+	MEMGETOOBSEL                     = 0x40c84d0a
+	MEMGETREGIONCOUNT                = 0x40044d07
+	MEMISLOCKED                      = 0x40084d17
+	MEMLOCK                          = 0x80084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x80084d0c
+	MEMUNLOCK                        = 0x80084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x20004d13
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x800c4d19
+	OTPGETREGIONCOUNT                = 0x80044d0e
+	OTPGETREGIONINFO                 = 0x800c4d0f
+	OTPLOCK                          = 0x400c4d10
+	OTPSELECT                        = 0x40044d0d
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x1000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x100
+	O_DIRECT                         = 0x8000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x10
+	O_EXCL                           = 0x400
+	O_FSYNC                          = 0x4010
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x80
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x800
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x80
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x4010
+	O_SYNC                           = 0x4010
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_GET_THREAD_AREA_3264      = 0xc4
+	PTRACE_GET_WATCH_REGS            = 0xd0
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_3264             = 0xc1
+	PTRACE_PEEKTEXT_3264             = 0xc0
+	PTRACE_POKEDATA_3264             = 0xc3
+	PTRACE_POKETEXT_3264             = 0xc2
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SET_WATCH_REGS            = 0xd1
+	RLIMIT_AS                        = 0x6
+	RLIMIT_MEMLOCK                   = 0x9
+	RLIMIT_NOFILE                    = 0x5
+	RLIMIT_NPROC                     = 0x8
+	RLIMIT_RSS                       = 0x7
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x80
+	SIOCATMARK                       = 0x40047307
+	SIOCGPGRP                        = 0x40047309
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x467f
+	SIOCOUTQ                         = 0x7472
+	SIOCSPGRP                        = 0x80047308
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x1
+	SOCK_NONBLOCK                    = 0x80
+	SOCK_STREAM                      = 0x2
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x1009
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x11
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x12
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1e
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x1004
+	SO_RCVTIMEO                      = 0x1006
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x1006
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x1f
+	SO_SNDLOWAT                      = 0x1003
+	SO_SNDTIMEO                      = 0x1005
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x1005
+	SO_STYLE                         = 0x1008
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x5407
+	TCGETA                           = 0x5401
+	TCGETS                           = 0x540d
+	TCGETS2                          = 0x4030542a
+	TCSAFLUSH                        = 0x5410
+	TCSBRK                           = 0x5405
+	TCSBRKP                          = 0x5486
+	TCSETA                           = 0x5402
+	TCSETAF                          = 0x5404
+	TCSETAW                          = 0x5403
+	TCSETS                           = 0x540e
+	TCSETS2                          = 0x8030542b
+	TCSETSF                          = 0x5410
+	TCSETSF2                         = 0x8030542d
+	TCSETSW                          = 0x540f
+	TCSETSW2                         = 0x8030542c
+	TCXONC                           = 0x5406
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x80
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x80047478
+	TIOCEXCL                         = 0x740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x7400
+	TIOCGETP                         = 0x7408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x5492
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x548b
+	TIOCGLTC                         = 0x7474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x4020542e
+	TIOCGSERIAL                      = 0x5484
+	TIOCGSID                         = 0x7416
+	TIOCGSOFTCAR                     = 0x5481
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x467f
+	TIOCLINUX                        = 0x5483
+	TIOCMBIC                         = 0x741c
+	TIOCMBIS                         = 0x741b
+	TIOCMGET                         = 0x741d
+	TIOCMIWAIT                       = 0x5491
+	TIOCMSET                         = 0x741a
+	TIOCM_CAR                        = 0x100
+	TIOCM_CD                         = 0x100
+	TIOCM_CTS                        = 0x40
+	TIOCM_DSR                        = 0x400
+	TIOCM_RI                         = 0x200
+	TIOCM_RNG                        = 0x200
+	TIOCM_SR                         = 0x20
+	TIOCM_ST                         = 0x10
+	TIOCNOTTY                        = 0x5471
+	TIOCNXCL                         = 0x740e
+	TIOCOUTQ                         = 0x7472
+	TIOCPKT                          = 0x5470
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x5480
+	TIOCSERCONFIG                    = 0x5488
+	TIOCSERGETLSR                    = 0x548e
+	TIOCSERGETMULTI                  = 0x548f
+	TIOCSERGSTRUCT                   = 0x548d
+	TIOCSERGWILD                     = 0x5489
+	TIOCSERSETMULTI                  = 0x5490
+	TIOCSERSWILD                     = 0x548a
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x7401
+	TIOCSETN                         = 0x740a
+	TIOCSETP                         = 0x7409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x548c
+	TIOCSLTC                         = 0x7475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0xc020542f
+	TIOCSSERIAL                      = 0x5485
+	TIOCSSOFTCAR                     = 0x5482
+	TIOCSTI                          = 0x5472
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x8000
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x10
+	VEOL                             = 0x11
+	VEOL2                            = 0x6
+	VMIN                             = 0x4
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VSWTCH                           = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x7d)
 	EADDRNOTAVAIL   = syscall.Errno(0x7e)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x7c)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x95)
 	EBADE           = syscall.Errno(0x32)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x51)
 	EBADMSG         = syscall.Errno(0x4d)
 	EBADR           = syscall.Errno(0x33)
 	EBADRQC         = syscall.Errno(0x36)
 	EBADSLT         = syscall.Errno(0x37)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x9e)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x25)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x82)
@@ -2279,12 +540,8 @@ const (
 	EDEADLK         = syscall.Errno(0x2d)
 	EDEADLOCK       = syscall.Errno(0x38)
 	EDESTADDRREQ    = syscall.Errno(0x60)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x46d)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x93)
 	EHOSTUNREACH    = syscall.Errno(0x94)
 	EHWPOISON       = syscall.Errno(0xa8)
@@ -2292,11 +549,7 @@ const (
 	EILSEQ          = syscall.Errno(0x58)
 	EINIT           = syscall.Errno(0x8d)
 	EINPROGRESS     = syscall.Errno(0x96)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x85)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x8b)
 	EKEYEXPIRED     = syscall.Errno(0xa2)
 	EKEYREJECTED    = syscall.Errno(0xa4)
@@ -2313,8 +566,6 @@ const (
 	ELNRNG          = syscall.Errno(0x29)
 	ELOOP           = syscall.Errno(0x5a)
 	EMEDIUMTYPE     = syscall.Errno(0xa0)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x61)
 	EMULTIHOP       = syscall.Errno(0x4a)
 	ENAMETOOLONG    = syscall.Errno(0x4e)
@@ -2322,100 +573,68 @@ const (
 	ENETDOWN        = syscall.Errno(0x7f)
 	ENETRESET       = syscall.Errno(0x81)
 	ENETUNREACH     = syscall.Errno(0x80)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x35)
 	ENOBUFS         = syscall.Errno(0x84)
 	ENOCSI          = syscall.Errno(0x2b)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0xa1)
 	ENOLCK          = syscall.Errno(0x2e)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x9f)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x23)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x63)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x59)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x86)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x5d)
 	ENOTNAM         = syscall.Errno(0x89)
 	ENOTRECOVERABLE = syscall.Errno(0xa6)
 	ENOTSOCK        = syscall.Errno(0x5f)
 	ENOTSUP         = syscall.Errno(0x7a)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x50)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x7a)
 	EOVERFLOW       = syscall.Errno(0x4f)
 	EOWNERDEAD      = syscall.Errno(0xa5)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x7b)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x78)
 	EPROTOTYPE      = syscall.Errno(0x62)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x52)
 	EREMDEV         = syscall.Errno(0x8e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x8c)
 	ERESTART        = syscall.Errno(0x5b)
 	ERFKILL         = syscall.Errno(0xa7)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x8f)
 	ESOCKTNOSUPPORT = syscall.Errno(0x79)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x97)
 	ESTRPIPE        = syscall.Errno(0x5c)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x91)
 	ETOOMANYREFS    = syscall.Errno(0x90)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x87)
 	EUNATCH         = syscall.Errno(0x2a)
 	EUSERS          = syscall.Errno(0x5e)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x34)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0xa)
 	SIGCHLD   = syscall.Signal(0x12)
 	SIGCLD    = syscall.Signal(0x12)
 	SIGCONT   = syscall.Signal(0x19)
 	SIGEMT    = syscall.Signal(0x7)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x16)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x16)
 	SIGPROF   = syscall.Signal(0x1d)
 	SIGPWR    = syscall.Signal(0x13)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTOP   = syscall.Signal(0x17)
 	SIGSYS    = syscall.Signal(0xc)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x18)
 	SIGTTIN   = syscall.Signal(0x1a)
 	SIGTTOU   = syscall.Signal(0x1b)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 1d2f0e6382b78..4fcacf95849be 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -1,2276 +1,537 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips64le && linux
 // +build mips64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x40081270
-	BLKBSZSET                            = 0x80081271
-	BLKFLSBUF                            = 0x20001261
-	BLKFRAGET                            = 0x20001265
-	BLKFRASET                            = 0x20001264
-	BLKGETSIZE                           = 0x20001260
-	BLKGETSIZE64                         = 0x40081272
-	BLKPBSZGET                           = 0x2000127b
-	BLKRAGET                             = 0x20001263
-	BLKRASET                             = 0x20001262
-	BLKROGET                             = 0x2000125e
-	BLKROSET                             = 0x2000125d
-	BLKRRPART                            = 0x2000125f
-	BLKSECTGET                           = 0x20001267
-	BLKSECTSET                           = 0x20001266
-	BLKSSZGET                            = 0x20001268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x80
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x2000
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x800c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x80106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x400c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0xe
-	F_GETLK64                            = 0xe
-	F_GETOWN                             = 0x17
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x6
-	F_SETLK64                            = 0x6
-	F_SETLKW                             = 0x7
-	F_SETLKW64                           = 0x7
-	F_SETOWN                             = 0x18
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x100
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x80
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x200007b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x800
-	MAP_ANONYMOUS                        = 0x800
-	MAP_DENYWRITE                        = 0x2000
-	MAP_EXECUTABLE                       = 0x4000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x1000
-	MAP_HUGETLB                          = 0x80000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x8000
-	MAP_NONBLOCK                         = 0x20000
-	MAP_NORESERVE                        = 0x400
-	MAP_POPULATE                         = 0x10000
-	MAP_PRIVATE                          = 0x2
-	MAP_RENAME                           = 0x800
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x40000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x8
-	O_ASYNC                              = 0x1000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x100
-	O_DIRECT                             = 0x8000
-	O_DIRECTORY                          = 0x10000
-	O_DSYNC                              = 0x10
-	O_EXCL                               = 0x400
-	O_FSYNC                              = 0x4010
-	O_LARGEFILE                          = 0x0
-	O_NDELAY                             = 0x80
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x800
-	O_NOFOLLOW                           = 0x20000
-	O_NONBLOCK                           = 0x80
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x4010
-	O_SYNC                               = 0x4010
-	O_TMPFILE                            = 0x410000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x20002401
-	PERF_EVENT_IOC_ENABLE                = 0x20002400
-	PERF_EVENT_IOC_ID                    = 0x40082407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x8008240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x80042409
-	PERF_EVENT_IOC_PERIOD                = 0x80082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc008240a
-	PERF_EVENT_IOC_REFRESH               = 0x20002402
-	PERF_EVENT_IOC_RESET                 = 0x20002403
-	PERF_EVENT_IOC_SET_BPF               = 0x80042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x80082406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x20002405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffffffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GET_THREAD_AREA               = 0x19
-	PTRACE_GET_THREAD_AREA_3264          = 0xc4
-	PTRACE_GET_WATCH_REGS                = 0xd0
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_OLDSETOPTIONS                 = 0x15
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKDATA_3264                 = 0xc1
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKTEXT_3264                 = 0xc0
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKEDATA_3264                 = 0xc3
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKETEXT_3264                 = 0xc2
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SET_THREAD_AREA               = 0x1a
-	PTRACE_SET_WATCH_REGS                = 0xd1
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TRACEME                       = 0x0
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x6
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x9
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x5
-	RLIMIT_NPROC                         = 0x8
-	RLIMIT_RSS                           = 0x7
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x20007002
-	RTC_AIE_ON                           = 0x20007001
-	RTC_ALM_READ                         = 0x40247008
-	RTC_ALM_SET                          = 0x80247007
-	RTC_EPOCH_READ                       = 0x4008700d
-	RTC_EPOCH_SET                        = 0x8008700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x4008700b
-	RTC_IRQP_SET                         = 0x8008700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x20007006
-	RTC_PIE_ON                           = 0x20007005
-	RTC_PLL_GET                          = 0x40207011
-	RTC_PLL_SET                          = 0x80207012
-	RTC_RD_TIME                          = 0x40247009
-	RTC_SET_TIME                         = 0x8024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x20007004
-	RTC_UIE_ON                           = 0x20007003
-	RTC_VL_CLR                           = 0x20007014
-	RTC_VL_READ                          = 0x40047013
-	RTC_WIE_OFF                          = 0x20007010
-	RTC_WIE_ON                           = 0x2000700f
-	RTC_WKALM_RD                         = 0x40287010
-	RTC_WKALM_SET                        = 0x8028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x40047307
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x40047309
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x467f
-	SIOCOUTQ                             = 0x7472
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x80047308
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x1
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x80
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x2
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0xffff
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1009
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x20
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x1029
-	SO_DONTROUTE                         = 0x10
-	SO_ERROR                             = 0x1007
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x8
-	SO_LINGER                            = 0x80
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0x100
-	SO_PASSCRED                          = 0x11
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x12
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1e
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x1028
-	SO_RCVBUF                            = 0x1002
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x1004
-	SO_RCVTIMEO                          = 0x1006
-	SO_REUSEADDR                         = 0x4
-	SO_REUSEPORT                         = 0x200
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x1001
-	SO_SNDBUFFORCE                       = 0x1f
-	SO_SNDLOWAT                          = 0x1003
-	SO_SNDTIMEO                          = 0x1005
-	SO_STYLE                             = 0x1008
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x1008
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x5407
-	TCGETA                               = 0x5401
-	TCGETS                               = 0x540d
-	TCGETS2                              = 0x4030542a
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x5410
-	TCSBRK                               = 0x5405
-	TCSBRKP                              = 0x5486
-	TCSETA                               = 0x5402
-	TCSETAF                              = 0x5404
-	TCSETAW                              = 0x5403
-	TCSETS                               = 0x540e
-	TCSETS2                              = 0x8030542b
-	TCSETSF                              = 0x5410
-	TCSETSF2                             = 0x8030542d
-	TCSETSW                              = 0x540f
-	TCSETSW2                             = 0x8030542c
-	TCXONC                               = 0x5406
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x80047478
-	TIOCEXCL                             = 0x740d
-	TIOCGDEV                             = 0x40045432
-	TIOCGETD                             = 0x7400
-	TIOCGETP                             = 0x7408
-	TIOCGEXCL                            = 0x40045440
-	TIOCGICOUNT                          = 0x5492
-	TIOCGLCKTRMIOS                       = 0x548b
-	TIOCGLTC                             = 0x7474
-	TIOCGPGRP                            = 0x40047477
-	TIOCGPKT                             = 0x40045438
-	TIOCGPTLCK                           = 0x40045439
-	TIOCGPTN                             = 0x40045430
-	TIOCGPTPEER                          = 0x20005441
-	TIOCGRS485                           = 0x4020542e
-	TIOCGSERIAL                          = 0x5484
-	TIOCGSID                             = 0x7416
-	TIOCGSOFTCAR                         = 0x5481
-	TIOCGWINSZ                           = 0x40087468
-	TIOCINQ                              = 0x467f
-	TIOCLINUX                            = 0x5483
-	TIOCMBIC                             = 0x741c
-	TIOCMBIS                             = 0x741b
-	TIOCMGET                             = 0x741d
-	TIOCMIWAIT                           = 0x5491
-	TIOCMSET                             = 0x741a
-	TIOCM_CAR                            = 0x100
-	TIOCM_CD                             = 0x100
-	TIOCM_CTS                            = 0x40
-	TIOCM_DSR                            = 0x400
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x200
-	TIOCM_RNG                            = 0x200
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x20
-	TIOCM_ST                             = 0x10
-	TIOCNOTTY                            = 0x5471
-	TIOCNXCL                             = 0x740e
-	TIOCOUTQ                             = 0x7472
-	TIOCPKT                              = 0x5470
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x5480
-	TIOCSERCONFIG                        = 0x5488
-	TIOCSERGETLSR                        = 0x548e
-	TIOCSERGETMULTI                      = 0x548f
-	TIOCSERGSTRUCT                       = 0x548d
-	TIOCSERGWILD                         = 0x5489
-	TIOCSERSETMULTI                      = 0x5490
-	TIOCSERSWILD                         = 0x548a
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x7401
-	TIOCSETN                             = 0x740a
-	TIOCSETP                             = 0x7409
-	TIOCSIG                              = 0x80045436
-	TIOCSLCKTRMIOS                       = 0x548c
-	TIOCSLTC                             = 0x7475
-	TIOCSPGRP                            = 0x80047476
-	TIOCSPTLCK                           = 0x80045431
-	TIOCSRS485                           = 0xc020542f
-	TIOCSSERIAL                          = 0x5485
-	TIOCSSOFTCAR                         = 0x5482
-	TIOCSTI                              = 0x5472
-	TIOCSWINSZ                           = 0x80087467
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x8000
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x801054d5
-	TUNDETACHFILTER                      = 0x801054d6
-	TUNGETFEATURES                       = 0x400454cf
-	TUNGETFILTER                         = 0x401054db
-	TUNGETIFF                            = 0x400454d2
-	TUNGETSNDBUF                         = 0x400454d3
-	TUNGETVNETBE                         = 0x400454df
-	TUNGETVNETHDRSZ                      = 0x400454d7
-	TUNGETVNETLE                         = 0x400454dd
-	TUNSETDEBUG                          = 0x800454c9
-	TUNSETFILTEREBPF                     = 0x400454e1
-	TUNSETGROUP                          = 0x800454ce
-	TUNSETIFF                            = 0x800454ca
-	TUNSETIFINDEX                        = 0x800454da
-	TUNSETLINK                           = 0x800454cd
-	TUNSETNOCSUM                         = 0x800454c8
-	TUNSETOFFLOAD                        = 0x800454d0
-	TUNSETOWNER                          = 0x800454cc
-	TUNSETPERSIST                        = 0x800454cb
-	TUNSETQUEUE                          = 0x800454d9
-	TUNSETSNDBUF                         = 0x800454d4
-	TUNSETSTEERINGEBPF                   = 0x400454e0
-	TUNSETTXFILTER                       = 0x800454d1
-	TUNSETVNETBE                         = 0x800454de
-	TUNSETVNETHDRSZ                      = 0x800454d8
-	TUNSETVNETLE                         = 0x800454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x10
-	VEOL                                 = 0x11
-	VEOL2                                = 0x6
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x4
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VSWTCH                               = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x40045702
-	WDIOC_GETPRETIMEOUT                  = 0x40045709
-	WDIOC_GETSTATUS                      = 0x40045701
-	WDIOC_GETSUPPORT                     = 0x40285700
-	WDIOC_GETTEMP                        = 0x40045703
-	WDIOC_GETTIMELEFT                    = 0x4004570a
-	WDIOC_GETTIMEOUT                     = 0x40045707
-	WDIOC_KEEPALIVE                      = 0x40045705
-	WDIOC_SETOPTIONS                     = 0x40045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x40
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x41484d11
+	ECCGETSTATS                      = 0x40104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x80
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0xe
+	F_GETLK64                        = 0xe
+	F_GETOWN                         = 0x17
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x18
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x100
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x80
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x800
+	MAP_ANONYMOUS                    = 0x800
+	MAP_DENYWRITE                    = 0x2000
+	MAP_EXECUTABLE                   = 0x4000
+	MAP_GROWSDOWN                    = 0x1000
+	MAP_HUGETLB                      = 0x80000
+	MAP_LOCKED                       = 0x8000
+	MAP_NONBLOCK                     = 0x20000
+	MAP_NORESERVE                    = 0x400
+	MAP_POPULATE                     = 0x10000
+	MAP_RENAME                       = 0x800
+	MAP_STACK                        = 0x40000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x80084d02
+	MEMERASE64                       = 0x80104d14
+	MEMGETBADBLOCK                   = 0x80084d0b
+	MEMGETINFO                       = 0x40204d01
+	MEMGETOOBSEL                     = 0x40c84d0a
+	MEMGETREGIONCOUNT                = 0x40044d07
+	MEMISLOCKED                      = 0x40084d17
+	MEMLOCK                          = 0x80084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x80084d0c
+	MEMUNLOCK                        = 0x80084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x20004d13
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x800c4d19
+	OTPGETREGIONCOUNT                = 0x80044d0e
+	OTPGETREGIONINFO                 = 0x800c4d0f
+	OTPLOCK                          = 0x400c4d10
+	OTPSELECT                        = 0x40044d0d
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x1000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x100
+	O_DIRECT                         = 0x8000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x10
+	O_EXCL                           = 0x400
+	O_FSYNC                          = 0x4010
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x80
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x800
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x80
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x4010
+	O_SYNC                           = 0x4010
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_GET_THREAD_AREA_3264      = 0xc4
+	PTRACE_GET_WATCH_REGS            = 0xd0
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_3264             = 0xc1
+	PTRACE_PEEKTEXT_3264             = 0xc0
+	PTRACE_POKEDATA_3264             = 0xc3
+	PTRACE_POKETEXT_3264             = 0xc2
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SET_WATCH_REGS            = 0xd1
+	RLIMIT_AS                        = 0x6
+	RLIMIT_MEMLOCK                   = 0x9
+	RLIMIT_NOFILE                    = 0x5
+	RLIMIT_NPROC                     = 0x8
+	RLIMIT_RSS                       = 0x7
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x80
+	SIOCATMARK                       = 0x40047307
+	SIOCGPGRP                        = 0x40047309
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x467f
+	SIOCOUTQ                         = 0x7472
+	SIOCSPGRP                        = 0x80047308
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x1
+	SOCK_NONBLOCK                    = 0x80
+	SOCK_STREAM                      = 0x2
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x1009
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x11
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x12
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1e
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x1004
+	SO_RCVTIMEO                      = 0x1006
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x1006
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x1f
+	SO_SNDLOWAT                      = 0x1003
+	SO_SNDTIMEO                      = 0x1005
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x1005
+	SO_STYLE                         = 0x1008
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x5407
+	TCGETA                           = 0x5401
+	TCGETS                           = 0x540d
+	TCGETS2                          = 0x4030542a
+	TCSAFLUSH                        = 0x5410
+	TCSBRK                           = 0x5405
+	TCSBRKP                          = 0x5486
+	TCSETA                           = 0x5402
+	TCSETAF                          = 0x5404
+	TCSETAW                          = 0x5403
+	TCSETS                           = 0x540e
+	TCSETS2                          = 0x8030542b
+	TCSETSF                          = 0x5410
+	TCSETSF2                         = 0x8030542d
+	TCSETSW                          = 0x540f
+	TCSETSW2                         = 0x8030542c
+	TCXONC                           = 0x5406
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x80
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x80047478
+	TIOCEXCL                         = 0x740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x7400
+	TIOCGETP                         = 0x7408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x5492
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x548b
+	TIOCGLTC                         = 0x7474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x4020542e
+	TIOCGSERIAL                      = 0x5484
+	TIOCGSID                         = 0x7416
+	TIOCGSOFTCAR                     = 0x5481
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x467f
+	TIOCLINUX                        = 0x5483
+	TIOCMBIC                         = 0x741c
+	TIOCMBIS                         = 0x741b
+	TIOCMGET                         = 0x741d
+	TIOCMIWAIT                       = 0x5491
+	TIOCMSET                         = 0x741a
+	TIOCM_CAR                        = 0x100
+	TIOCM_CD                         = 0x100
+	TIOCM_CTS                        = 0x40
+	TIOCM_DSR                        = 0x400
+	TIOCM_RI                         = 0x200
+	TIOCM_RNG                        = 0x200
+	TIOCM_SR                         = 0x20
+	TIOCM_ST                         = 0x10
+	TIOCNOTTY                        = 0x5471
+	TIOCNXCL                         = 0x740e
+	TIOCOUTQ                         = 0x7472
+	TIOCPKT                          = 0x5470
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x5480
+	TIOCSERCONFIG                    = 0x5488
+	TIOCSERGETLSR                    = 0x548e
+	TIOCSERGETMULTI                  = 0x548f
+	TIOCSERGSTRUCT                   = 0x548d
+	TIOCSERGWILD                     = 0x5489
+	TIOCSERSETMULTI                  = 0x5490
+	TIOCSERSWILD                     = 0x548a
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x7401
+	TIOCSETN                         = 0x740a
+	TIOCSETP                         = 0x7409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x548c
+	TIOCSLTC                         = 0x7475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0xc020542f
+	TIOCSSERIAL                      = 0x5485
+	TIOCSSOFTCAR                     = 0x5482
+	TIOCSTI                          = 0x5472
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x8000
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x10
+	VEOL                             = 0x11
+	VEOL2                            = 0x6
+	VMIN                             = 0x4
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VSWTCH                           = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x7d)
 	EADDRNOTAVAIL   = syscall.Errno(0x7e)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x7c)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x95)
 	EBADE           = syscall.Errno(0x32)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x51)
 	EBADMSG         = syscall.Errno(0x4d)
 	EBADR           = syscall.Errno(0x33)
 	EBADRQC         = syscall.Errno(0x36)
 	EBADSLT         = syscall.Errno(0x37)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x9e)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x25)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x82)
@@ -2279,12 +540,8 @@ const (
 	EDEADLK         = syscall.Errno(0x2d)
 	EDEADLOCK       = syscall.Errno(0x38)
 	EDESTADDRREQ    = syscall.Errno(0x60)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x46d)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x93)
 	EHOSTUNREACH    = syscall.Errno(0x94)
 	EHWPOISON       = syscall.Errno(0xa8)
@@ -2292,11 +549,7 @@ const (
 	EILSEQ          = syscall.Errno(0x58)
 	EINIT           = syscall.Errno(0x8d)
 	EINPROGRESS     = syscall.Errno(0x96)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x85)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x8b)
 	EKEYEXPIRED     = syscall.Errno(0xa2)
 	EKEYREJECTED    = syscall.Errno(0xa4)
@@ -2313,8 +566,6 @@ const (
 	ELNRNG          = syscall.Errno(0x29)
 	ELOOP           = syscall.Errno(0x5a)
 	EMEDIUMTYPE     = syscall.Errno(0xa0)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x61)
 	EMULTIHOP       = syscall.Errno(0x4a)
 	ENAMETOOLONG    = syscall.Errno(0x4e)
@@ -2322,100 +573,68 @@ const (
 	ENETDOWN        = syscall.Errno(0x7f)
 	ENETRESET       = syscall.Errno(0x81)
 	ENETUNREACH     = syscall.Errno(0x80)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x35)
 	ENOBUFS         = syscall.Errno(0x84)
 	ENOCSI          = syscall.Errno(0x2b)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0xa1)
 	ENOLCK          = syscall.Errno(0x2e)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x9f)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x23)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x63)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x59)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x86)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x5d)
 	ENOTNAM         = syscall.Errno(0x89)
 	ENOTRECOVERABLE = syscall.Errno(0xa6)
 	ENOTSOCK        = syscall.Errno(0x5f)
 	ENOTSUP         = syscall.Errno(0x7a)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x50)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x7a)
 	EOVERFLOW       = syscall.Errno(0x4f)
 	EOWNERDEAD      = syscall.Errno(0xa5)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x7b)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x78)
 	EPROTOTYPE      = syscall.Errno(0x62)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x52)
 	EREMDEV         = syscall.Errno(0x8e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x8c)
 	ERESTART        = syscall.Errno(0x5b)
 	ERFKILL         = syscall.Errno(0xa7)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x8f)
 	ESOCKTNOSUPPORT = syscall.Errno(0x79)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x97)
 	ESTRPIPE        = syscall.Errno(0x5c)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x91)
 	ETOOMANYREFS    = syscall.Errno(0x90)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x87)
 	EUNATCH         = syscall.Errno(0x2a)
 	EUSERS          = syscall.Errno(0x5e)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x34)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0xa)
 	SIGCHLD   = syscall.Signal(0x12)
 	SIGCLD    = syscall.Signal(0x12)
 	SIGCONT   = syscall.Signal(0x19)
 	SIGEMT    = syscall.Signal(0x7)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x16)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x16)
 	SIGPROF   = syscall.Signal(0x1d)
 	SIGPWR    = syscall.Signal(0x13)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTOP   = syscall.Signal(0x17)
 	SIGSYS    = syscall.Signal(0xc)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x18)
 	SIGTTIN   = syscall.Signal(0x1a)
 	SIGTTOU   = syscall.Signal(0x1b)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 33b9940234979..6f6c223a2cb66 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -1,2276 +1,537 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mipsle && linux
 // +build mipsle,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x40041270
-	BLKBSZSET                            = 0x80041271
-	BLKFLSBUF                            = 0x20001261
-	BLKFRAGET                            = 0x20001265
-	BLKFRASET                            = 0x20001264
-	BLKGETSIZE                           = 0x20001260
-	BLKGETSIZE64                         = 0x40041272
-	BLKPBSZGET                           = 0x2000127b
-	BLKRAGET                             = 0x20001263
-	BLKRASET                             = 0x20001262
-	BLKROGET                             = 0x2000125e
-	BLKROSET                             = 0x2000125d
-	BLKRRPART                            = 0x2000125f
-	BLKSECTGET                           = 0x20001267
-	BLKSECTSET                           = 0x20001266
-	BLKSSZGET                            = 0x20001268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x80
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x2000
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x800c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x80106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x400c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0x21
-	F_GETLK64                            = 0x21
-	F_GETOWN                             = 0x17
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x22
-	F_SETLK64                            = 0x22
-	F_SETLKW                             = 0x23
-	F_SETLKW64                           = 0x23
-	F_SETOWN                             = 0x18
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x100
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x80
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x200007b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x800
-	MAP_ANONYMOUS                        = 0x800
-	MAP_DENYWRITE                        = 0x2000
-	MAP_EXECUTABLE                       = 0x4000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x1000
-	MAP_HUGETLB                          = 0x80000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x8000
-	MAP_NONBLOCK                         = 0x20000
-	MAP_NORESERVE                        = 0x400
-	MAP_POPULATE                         = 0x10000
-	MAP_PRIVATE                          = 0x2
-	MAP_RENAME                           = 0x800
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x40000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x8
-	O_ASYNC                              = 0x1000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x100
-	O_DIRECT                             = 0x8000
-	O_DIRECTORY                          = 0x10000
-	O_DSYNC                              = 0x10
-	O_EXCL                               = 0x400
-	O_FSYNC                              = 0x4010
-	O_LARGEFILE                          = 0x2000
-	O_NDELAY                             = 0x80
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x800
-	O_NOFOLLOW                           = 0x20000
-	O_NONBLOCK                           = 0x80
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x4010
-	O_SYNC                               = 0x4010
-	O_TMPFILE                            = 0x410000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x20002401
-	PERF_EVENT_IOC_ENABLE                = 0x20002400
-	PERF_EVENT_IOC_ID                    = 0x40042407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x8004240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x80042409
-	PERF_EVENT_IOC_PERIOD                = 0x80082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc004240a
-	PERF_EVENT_IOC_REFRESH               = 0x20002402
-	PERF_EVENT_IOC_RESET                 = 0x20002403
-	PERF_EVENT_IOC_SET_BPF               = 0x80042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x80042406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x20002405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GET_THREAD_AREA               = 0x19
-	PTRACE_GET_THREAD_AREA_3264          = 0xc4
-	PTRACE_GET_WATCH_REGS                = 0xd0
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_OLDSETOPTIONS                 = 0x15
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKDATA_3264                 = 0xc1
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKTEXT_3264                 = 0xc0
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKEDATA_3264                 = 0xc3
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKETEXT_3264                 = 0xc2
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SET_THREAD_AREA               = 0x1a
-	PTRACE_SET_WATCH_REGS                = 0xd1
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TRACEME                       = 0x0
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x6
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x9
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x5
-	RLIMIT_NPROC                         = 0x8
-	RLIMIT_RSS                           = 0x7
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x20007002
-	RTC_AIE_ON                           = 0x20007001
-	RTC_ALM_READ                         = 0x40247008
-	RTC_ALM_SET                          = 0x80247007
-	RTC_EPOCH_READ                       = 0x4004700d
-	RTC_EPOCH_SET                        = 0x8004700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x4004700b
-	RTC_IRQP_SET                         = 0x8004700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x20007006
-	RTC_PIE_ON                           = 0x20007005
-	RTC_PLL_GET                          = 0x401c7011
-	RTC_PLL_SET                          = 0x801c7012
-	RTC_RD_TIME                          = 0x40247009
-	RTC_SET_TIME                         = 0x8024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x20007004
-	RTC_UIE_ON                           = 0x20007003
-	RTC_VL_CLR                           = 0x20007014
-	RTC_VL_READ                          = 0x40047013
-	RTC_WIE_OFF                          = 0x20007010
-	RTC_WIE_ON                           = 0x2000700f
-	RTC_WKALM_RD                         = 0x40287010
-	RTC_WKALM_SET                        = 0x8028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x40047307
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x40047309
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x467f
-	SIOCOUTQ                             = 0x7472
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x80047308
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x1
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x80
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x2
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0xffff
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1009
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x20
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x1029
-	SO_DONTROUTE                         = 0x10
-	SO_ERROR                             = 0x1007
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x8
-	SO_LINGER                            = 0x80
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0x100
-	SO_PASSCRED                          = 0x11
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x12
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1e
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x1028
-	SO_RCVBUF                            = 0x1002
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x1004
-	SO_RCVTIMEO                          = 0x1006
-	SO_REUSEADDR                         = 0x4
-	SO_REUSEPORT                         = 0x200
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x1001
-	SO_SNDBUFFORCE                       = 0x1f
-	SO_SNDLOWAT                          = 0x1003
-	SO_SNDTIMEO                          = 0x1005
-	SO_STYLE                             = 0x1008
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x1008
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x5407
-	TCGETA                               = 0x5401
-	TCGETS                               = 0x540d
-	TCGETS2                              = 0x4030542a
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x5410
-	TCSBRK                               = 0x5405
-	TCSBRKP                              = 0x5486
-	TCSETA                               = 0x5402
-	TCSETAF                              = 0x5404
-	TCSETAW                              = 0x5403
-	TCSETS                               = 0x540e
-	TCSETS2                              = 0x8030542b
-	TCSETSF                              = 0x5410
-	TCSETSF2                             = 0x8030542d
-	TCSETSW                              = 0x540f
-	TCSETSW2                             = 0x8030542c
-	TCXONC                               = 0x5406
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x80047478
-	TIOCEXCL                             = 0x740d
-	TIOCGDEV                             = 0x40045432
-	TIOCGETD                             = 0x7400
-	TIOCGETP                             = 0x7408
-	TIOCGEXCL                            = 0x40045440
-	TIOCGICOUNT                          = 0x5492
-	TIOCGLCKTRMIOS                       = 0x548b
-	TIOCGLTC                             = 0x7474
-	TIOCGPGRP                            = 0x40047477
-	TIOCGPKT                             = 0x40045438
-	TIOCGPTLCK                           = 0x40045439
-	TIOCGPTN                             = 0x40045430
-	TIOCGPTPEER                          = 0x20005441
-	TIOCGRS485                           = 0x4020542e
-	TIOCGSERIAL                          = 0x5484
-	TIOCGSID                             = 0x7416
-	TIOCGSOFTCAR                         = 0x5481
-	TIOCGWINSZ                           = 0x40087468
-	TIOCINQ                              = 0x467f
-	TIOCLINUX                            = 0x5483
-	TIOCMBIC                             = 0x741c
-	TIOCMBIS                             = 0x741b
-	TIOCMGET                             = 0x741d
-	TIOCMIWAIT                           = 0x5491
-	TIOCMSET                             = 0x741a
-	TIOCM_CAR                            = 0x100
-	TIOCM_CD                             = 0x100
-	TIOCM_CTS                            = 0x40
-	TIOCM_DSR                            = 0x400
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x200
-	TIOCM_RNG                            = 0x200
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x20
-	TIOCM_ST                             = 0x10
-	TIOCNOTTY                            = 0x5471
-	TIOCNXCL                             = 0x740e
-	TIOCOUTQ                             = 0x7472
-	TIOCPKT                              = 0x5470
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x5480
-	TIOCSERCONFIG                        = 0x5488
-	TIOCSERGETLSR                        = 0x548e
-	TIOCSERGETMULTI                      = 0x548f
-	TIOCSERGSTRUCT                       = 0x548d
-	TIOCSERGWILD                         = 0x5489
-	TIOCSERSETMULTI                      = 0x5490
-	TIOCSERSWILD                         = 0x548a
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x7401
-	TIOCSETN                             = 0x740a
-	TIOCSETP                             = 0x7409
-	TIOCSIG                              = 0x80045436
-	TIOCSLCKTRMIOS                       = 0x548c
-	TIOCSLTC                             = 0x7475
-	TIOCSPGRP                            = 0x80047476
-	TIOCSPTLCK                           = 0x80045431
-	TIOCSRS485                           = 0xc020542f
-	TIOCSSERIAL                          = 0x5485
-	TIOCSSOFTCAR                         = 0x5482
-	TIOCSTI                              = 0x5472
-	TIOCSWINSZ                           = 0x80087467
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x8000
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x800854d5
-	TUNDETACHFILTER                      = 0x800854d6
-	TUNGETFEATURES                       = 0x400454cf
-	TUNGETFILTER                         = 0x400854db
-	TUNGETIFF                            = 0x400454d2
-	TUNGETSNDBUF                         = 0x400454d3
-	TUNGETVNETBE                         = 0x400454df
-	TUNGETVNETHDRSZ                      = 0x400454d7
-	TUNGETVNETLE                         = 0x400454dd
-	TUNSETDEBUG                          = 0x800454c9
-	TUNSETFILTEREBPF                     = 0x400454e1
-	TUNSETGROUP                          = 0x800454ce
-	TUNSETIFF                            = 0x800454ca
-	TUNSETIFINDEX                        = 0x800454da
-	TUNSETLINK                           = 0x800454cd
-	TUNSETNOCSUM                         = 0x800454c8
-	TUNSETOFFLOAD                        = 0x800454d0
-	TUNSETOWNER                          = 0x800454cc
-	TUNSETPERSIST                        = 0x800454cb
-	TUNSETQUEUE                          = 0x800454d9
-	TUNSETSNDBUF                         = 0x800454d4
-	TUNSETSTEERINGEBPF                   = 0x400454e0
-	TUNSETTXFILTER                       = 0x800454d1
-	TUNSETVNETBE                         = 0x800454de
-	TUNSETVNETHDRSZ                      = 0x800454d8
-	TUNSETVNETLE                         = 0x800454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x10
-	VEOL                                 = 0x11
-	VEOL2                                = 0x6
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x4
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VSWTCH                               = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x40045702
-	WDIOC_GETPRETIMEOUT                  = 0x40045709
-	WDIOC_GETSTATUS                      = 0x40045701
-	WDIOC_GETSUPPORT                     = 0x40285700
-	WDIOC_GETTEMP                        = 0x40045703
-	WDIOC_GETTIMELEFT                    = 0x4004570a
-	WDIOC_GETTIMEOUT                     = 0x40045707
-	WDIOC_KEEPALIVE                      = 0x40045705
-	WDIOC_SETOPTIONS                     = 0x40045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x20
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40041270
+	BLKBSZSET                        = 0x80041271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40041272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x41484d11
+	ECCGETSTATS                      = 0x40104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x80
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x21
+	F_GETLK64                        = 0x21
+	F_GETOWN                         = 0x17
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x22
+	F_SETLK64                        = 0x22
+	F_SETLKW                         = 0x23
+	F_SETLKW64                       = 0x23
+	F_SETOWN                         = 0x18
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x100
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x80
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x800
+	MAP_ANONYMOUS                    = 0x800
+	MAP_DENYWRITE                    = 0x2000
+	MAP_EXECUTABLE                   = 0x4000
+	MAP_GROWSDOWN                    = 0x1000
+	MAP_HUGETLB                      = 0x80000
+	MAP_LOCKED                       = 0x8000
+	MAP_NONBLOCK                     = 0x20000
+	MAP_NORESERVE                    = 0x400
+	MAP_POPULATE                     = 0x10000
+	MAP_RENAME                       = 0x800
+	MAP_STACK                        = 0x40000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x80084d02
+	MEMERASE64                       = 0x80104d14
+	MEMGETBADBLOCK                   = 0x80084d0b
+	MEMGETINFO                       = 0x40204d01
+	MEMGETOOBSEL                     = 0x40c84d0a
+	MEMGETREGIONCOUNT                = 0x40044d07
+	MEMISLOCKED                      = 0x40084d17
+	MEMLOCK                          = 0x80084d05
+	MEMREADOOB                       = 0xc00c4d04
+	MEMSETBADBLOCK                   = 0x80084d0c
+	MEMUNLOCK                        = 0x80084d06
+	MEMWRITEOOB                      = 0xc00c4d03
+	MTDFILEMODE                      = 0x20004d13
+	NFDBITS                          = 0x20
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x800c4d19
+	OTPGETREGIONCOUNT                = 0x80044d0e
+	OTPGETREGIONINFO                 = 0x800c4d0f
+	OTPLOCK                          = 0x400c4d10
+	OTPSELECT                        = 0x40044d0d
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x1000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x100
+	O_DIRECT                         = 0x8000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x10
+	O_EXCL                           = 0x400
+	O_FSYNC                          = 0x4010
+	O_LARGEFILE                      = 0x2000
+	O_NDELAY                         = 0x80
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x800
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x80
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x4010
+	O_SYNC                           = 0x4010
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4008743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80087446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x800c744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80087447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_GET_THREAD_AREA_3264      = 0xc4
+	PTRACE_GET_WATCH_REGS            = 0xd0
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_3264             = 0xc1
+	PTRACE_PEEKTEXT_3264             = 0xc0
+	PTRACE_POKEDATA_3264             = 0xc3
+	PTRACE_POKETEXT_3264             = 0xc2
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SET_WATCH_REGS            = 0xd1
+	RLIMIT_AS                        = 0x6
+	RLIMIT_MEMLOCK                   = 0x9
+	RLIMIT_NOFILE                    = 0x5
+	RLIMIT_NPROC                     = 0x8
+	RLIMIT_RSS                       = 0x7
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4004700d
+	RTC_EPOCH_SET                    = 0x8004700e
+	RTC_IRQP_READ                    = 0x4004700b
+	RTC_IRQP_SET                     = 0x8004700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x401c7011
+	RTC_PLL_SET                      = 0x801c7012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x80
+	SIOCATMARK                       = 0x40047307
+	SIOCGPGRP                        = 0x40047309
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x467f
+	SIOCOUTQ                         = 0x7472
+	SIOCSPGRP                        = 0x80047308
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x1
+	SOCK_NONBLOCK                    = 0x80
+	SOCK_STREAM                      = 0x2
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x1009
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x11
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x12
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1e
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x1004
+	SO_RCVTIMEO                      = 0x1006
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x1006
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x1f
+	SO_SNDLOWAT                      = 0x1003
+	SO_SNDTIMEO                      = 0x1005
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x1005
+	SO_STYLE                         = 0x1008
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x5407
+	TCGETA                           = 0x5401
+	TCGETS                           = 0x540d
+	TCGETS2                          = 0x4030542a
+	TCSAFLUSH                        = 0x5410
+	TCSBRK                           = 0x5405
+	TCSBRKP                          = 0x5486
+	TCSETA                           = 0x5402
+	TCSETAF                          = 0x5404
+	TCSETAW                          = 0x5403
+	TCSETS                           = 0x540e
+	TCSETS2                          = 0x8030542b
+	TCSETSF                          = 0x5410
+	TCSETSF2                         = 0x8030542d
+	TCSETSW                          = 0x540f
+	TCSETSW2                         = 0x8030542c
+	TCXONC                           = 0x5406
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x80
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x80047478
+	TIOCEXCL                         = 0x740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x7400
+	TIOCGETP                         = 0x7408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x5492
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x548b
+	TIOCGLTC                         = 0x7474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x4020542e
+	TIOCGSERIAL                      = 0x5484
+	TIOCGSID                         = 0x7416
+	TIOCGSOFTCAR                     = 0x5481
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x467f
+	TIOCLINUX                        = 0x5483
+	TIOCMBIC                         = 0x741c
+	TIOCMBIS                         = 0x741b
+	TIOCMGET                         = 0x741d
+	TIOCMIWAIT                       = 0x5491
+	TIOCMSET                         = 0x741a
+	TIOCM_CAR                        = 0x100
+	TIOCM_CD                         = 0x100
+	TIOCM_CTS                        = 0x40
+	TIOCM_DSR                        = 0x400
+	TIOCM_RI                         = 0x200
+	TIOCM_RNG                        = 0x200
+	TIOCM_SR                         = 0x20
+	TIOCM_ST                         = 0x10
+	TIOCNOTTY                        = 0x5471
+	TIOCNXCL                         = 0x740e
+	TIOCOUTQ                         = 0x7472
+	TIOCPKT                          = 0x5470
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x5480
+	TIOCSERCONFIG                    = 0x5488
+	TIOCSERGETLSR                    = 0x548e
+	TIOCSERGETMULTI                  = 0x548f
+	TIOCSERGSTRUCT                   = 0x548d
+	TIOCSERGWILD                     = 0x5489
+	TIOCSERSETMULTI                  = 0x5490
+	TIOCSERSWILD                     = 0x548a
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x7401
+	TIOCSETN                         = 0x740a
+	TIOCSETP                         = 0x7409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x548c
+	TIOCSLTC                         = 0x7475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0xc020542f
+	TIOCSSERIAL                      = 0x5485
+	TIOCSSOFTCAR                     = 0x5482
+	TIOCSTI                          = 0x5472
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x8000
+	TUNATTACHFILTER                  = 0x800854d5
+	TUNDETACHFILTER                  = 0x800854d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x400854db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x10
+	VEOL                             = 0x11
+	VEOL2                            = 0x6
+	VMIN                             = 0x4
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VSWTCH                           = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x20
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x7d)
 	EADDRNOTAVAIL   = syscall.Errno(0x7e)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x7c)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x95)
 	EBADE           = syscall.Errno(0x32)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x51)
 	EBADMSG         = syscall.Errno(0x4d)
 	EBADR           = syscall.Errno(0x33)
 	EBADRQC         = syscall.Errno(0x36)
 	EBADSLT         = syscall.Errno(0x37)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x9e)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x25)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x82)
@@ -2279,12 +540,8 @@ const (
 	EDEADLK         = syscall.Errno(0x2d)
 	EDEADLOCK       = syscall.Errno(0x38)
 	EDESTADDRREQ    = syscall.Errno(0x60)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x46d)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x93)
 	EHOSTUNREACH    = syscall.Errno(0x94)
 	EHWPOISON       = syscall.Errno(0xa8)
@@ -2292,11 +549,7 @@ const (
 	EILSEQ          = syscall.Errno(0x58)
 	EINIT           = syscall.Errno(0x8d)
 	EINPROGRESS     = syscall.Errno(0x96)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x85)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x8b)
 	EKEYEXPIRED     = syscall.Errno(0xa2)
 	EKEYREJECTED    = syscall.Errno(0xa4)
@@ -2313,8 +566,6 @@ const (
 	ELNRNG          = syscall.Errno(0x29)
 	ELOOP           = syscall.Errno(0x5a)
 	EMEDIUMTYPE     = syscall.Errno(0xa0)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x61)
 	EMULTIHOP       = syscall.Errno(0x4a)
 	ENAMETOOLONG    = syscall.Errno(0x4e)
@@ -2322,100 +573,68 @@ const (
 	ENETDOWN        = syscall.Errno(0x7f)
 	ENETRESET       = syscall.Errno(0x81)
 	ENETUNREACH     = syscall.Errno(0x80)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x35)
 	ENOBUFS         = syscall.Errno(0x84)
 	ENOCSI          = syscall.Errno(0x2b)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0xa1)
 	ENOLCK          = syscall.Errno(0x2e)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x9f)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x23)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x63)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x59)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x86)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x5d)
 	ENOTNAM         = syscall.Errno(0x89)
 	ENOTRECOVERABLE = syscall.Errno(0xa6)
 	ENOTSOCK        = syscall.Errno(0x5f)
 	ENOTSUP         = syscall.Errno(0x7a)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x50)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x7a)
 	EOVERFLOW       = syscall.Errno(0x4f)
 	EOWNERDEAD      = syscall.Errno(0xa5)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x7b)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x78)
 	EPROTOTYPE      = syscall.Errno(0x62)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x52)
 	EREMDEV         = syscall.Errno(0x8e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x8c)
 	ERESTART        = syscall.Errno(0x5b)
 	ERFKILL         = syscall.Errno(0xa7)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x8f)
 	ESOCKTNOSUPPORT = syscall.Errno(0x79)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x97)
 	ESTRPIPE        = syscall.Errno(0x5c)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x91)
 	ETOOMANYREFS    = syscall.Errno(0x90)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x87)
 	EUNATCH         = syscall.Errno(0x2a)
 	EUSERS          = syscall.Errno(0x5e)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x34)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0xa)
 	SIGCHLD   = syscall.Signal(0x12)
 	SIGCLD    = syscall.Signal(0x12)
 	SIGCONT   = syscall.Signal(0x19)
 	SIGEMT    = syscall.Signal(0x7)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x16)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x16)
 	SIGPROF   = syscall.Signal(0x1d)
 	SIGPWR    = syscall.Signal(0x13)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTOP   = syscall.Signal(0x17)
 	SIGSYS    = syscall.Signal(0xc)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x18)
 	SIGTTIN   = syscall.Signal(0x1a)
 	SIGTTOU   = syscall.Signal(0x1b)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
new file mode 100644
index 0000000000000..59e522bcf4e05
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -0,0 +1,881 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x17
+	B115200                          = 0x11
+	B1152000                         = 0x18
+	B1500000                         = 0x19
+	B2000000                         = 0x1a
+	B230400                          = 0x12
+	B2500000                         = 0x1b
+	B3000000                         = 0x1c
+	B3500000                         = 0x1d
+	B4000000                         = 0x1e
+	B460800                          = 0x13
+	B500000                          = 0x14
+	B57600                           = 0x10
+	B576000                          = 0x15
+	B921600                          = 0x16
+	BLKBSZGET                        = 0x40041270
+	BLKBSZSET                        = 0x80041271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40041272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1f
+	BS1                              = 0x8000
+	BSDLY                            = 0x8000
+	CBAUD                            = 0xff
+	CBAUDEX                          = 0x0
+	CIBAUD                           = 0xff0000
+	CLOCAL                           = 0x8000
+	CR1                              = 0x1000
+	CR2                              = 0x2000
+	CR3                              = 0x3000
+	CRDLY                            = 0x3000
+	CREAD                            = 0x800
+	CS6                              = 0x100
+	CS7                              = 0x200
+	CS8                              = 0x300
+	CSIZE                            = 0x300
+	CSTOPB                           = 0x400
+	ECCGETLAYOUT                     = 0x41484d11
+	ECCGETSTATS                      = 0x40104d12
+	ECHOCTL                          = 0x40
+	ECHOE                            = 0x2
+	ECHOK                            = 0x4
+	ECHOKE                           = 0x1
+	ECHONL                           = 0x10
+	ECHOPRT                          = 0x20
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000000
+	FF1                              = 0x4000
+	FFDLY                            = 0x4000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x800000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0xc
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0xd
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0xe
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
+	HUPCL                            = 0x4000
+	ICANON                           = 0x100
+	IEXTEN                           = 0x400
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x80
+	IUCLC                            = 0x1000
+	IXOFF                            = 0x400
+	IXON                             = 0x200
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x80
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x40
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x2000
+	MCL_FUTURE                       = 0x4000
+	MCL_ONFAULT                      = 0x8000
+	MEMERASE                         = 0x80084d02
+	MEMERASE64                       = 0x80104d14
+	MEMGETBADBLOCK                   = 0x80084d0b
+	MEMGETINFO                       = 0x40204d01
+	MEMGETOOBSEL                     = 0x40c84d0a
+	MEMGETREGIONCOUNT                = 0x40044d07
+	MEMISLOCKED                      = 0x40084d17
+	MEMLOCK                          = 0x80084d05
+	MEMREADOOB                       = 0xc00c4d04
+	MEMSETBADBLOCK                   = 0x80084d0c
+	MEMUNLOCK                        = 0x80084d06
+	MEMWRITEOOB                      = 0xc00c4d03
+	MTDFILEMODE                      = 0x20004d13
+	NFDBITS                          = 0x20
+	NL2                              = 0x200
+	NL3                              = 0x300
+	NLDLY                            = 0x300
+	NOFLSH                           = 0x80000000
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x4
+	ONLCR                            = 0x2
+	OTPERASE                         = 0x800c4d19
+	OTPGETREGIONCOUNT                = 0x80044d0e
+	OTPGETREGIONINFO                 = 0x800c4d0f
+	OTPLOCK                          = 0x400c4d10
+	OTPSELECT                        = 0x40044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x20000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x10000
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x1000
+	PARODD                           = 0x2000
+	PENDIN                           = 0x20000000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4008743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80087446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x800c744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80087447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PROT_SAO                         = 0x10
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETEVRREGS                = 0x14
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETREGS64                 = 0x16
+	PTRACE_GETVRREGS                 = 0x12
+	PTRACE_GETVSRREGS                = 0x1b
+	PTRACE_GET_DEBUGREG              = 0x19
+	PTRACE_SETEVRREGS                = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETREGS64                 = 0x17
+	PTRACE_SETVRREGS                 = 0x13
+	PTRACE_SETVSRREGS                = 0x1c
+	PTRACE_SET_DEBUGREG              = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x100
+	PTRACE_SYSEMU                    = 0x1d
+	PTRACE_SYSEMU_SINGLESTEP         = 0x1e
+	PT_CCR                           = 0x26
+	PT_CTR                           = 0x23
+	PT_DAR                           = 0x29
+	PT_DSCR                          = 0x2c
+	PT_DSISR                         = 0x2a
+	PT_FPR0                          = 0x30
+	PT_FPR31                         = 0x6e
+	PT_FPSCR                         = 0x71
+	PT_LNK                           = 0x24
+	PT_MQ                            = 0x27
+	PT_MSR                           = 0x21
+	PT_NIP                           = 0x20
+	PT_ORIG_R3                       = 0x22
+	PT_R0                            = 0x0
+	PT_R1                            = 0x1
+	PT_R10                           = 0xa
+	PT_R11                           = 0xb
+	PT_R12                           = 0xc
+	PT_R13                           = 0xd
+	PT_R14                           = 0xe
+	PT_R15                           = 0xf
+	PT_R16                           = 0x10
+	PT_R17                           = 0x11
+	PT_R18                           = 0x12
+	PT_R19                           = 0x13
+	PT_R2                            = 0x2
+	PT_R20                           = 0x14
+	PT_R21                           = 0x15
+	PT_R22                           = 0x16
+	PT_R23                           = 0x17
+	PT_R24                           = 0x18
+	PT_R25                           = 0x19
+	PT_R26                           = 0x1a
+	PT_R27                           = 0x1b
+	PT_R28                           = 0x1c
+	PT_R29                           = 0x1d
+	PT_R3                            = 0x3
+	PT_R30                           = 0x1e
+	PT_R31                           = 0x1f
+	PT_R4                            = 0x4
+	PT_R5                            = 0x5
+	PT_R6                            = 0x6
+	PT_R7                            = 0x7
+	PT_R8                            = 0x8
+	PT_R9                            = 0x9
+	PT_REGS_COUNT                    = 0x2c
+	PT_RESULT                        = 0x2b
+	PT_TRAP                          = 0x28
+	PT_XER                           = 0x25
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4004700d
+	RTC_EPOCH_SET                    = 0x8004700e
+	RTC_IRQP_READ                    = 0x4004700b
+	RTC_IRQP_SET                     = 0x8004700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x401c7011
+	RTC_PLL_SET                      = 0x801c7012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x4004667f
+	SIOCOUTQ                         = 0x40047473
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x14
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x15
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x10
+	SO_RCVTIMEO                      = 0x12
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x12
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x11
+	SO_SNDTIMEO                      = 0x13
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x13
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x400
+	TAB2                             = 0x800
+	TAB3                             = 0xc00
+	TABDLY                           = 0xc00
+	TCFLSH                           = 0x2000741f
+	TCGETA                           = 0x40147417
+	TCGETS                           = 0x402c7413
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x2000741d
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x80147418
+	TCSETAF                          = 0x8014741c
+	TCSETAW                          = 0x80147419
+	TCSETS                           = 0x802c7414
+	TCSETSF                          = 0x802c7416
+	TCSETSW                          = 0x802c7415
+	TCXONC                           = 0x2000741e
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x40045432
+	TIOCGETC                         = 0x40067412
+	TIOCGETD                         = 0x5424
+	TIOCGETP                         = 0x40067408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGLTC                         = 0x40067474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x4004667f
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_LOOP                       = 0x8000
+	TIOCM_OUT1                       = 0x2000
+	TIOCM_OUT2                       = 0x4000
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x40047473
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETC                         = 0x80067411
+	TIOCSETD                         = 0x5423
+	TIOCSETN                         = 0x8006740a
+	TIOCSETP                         = 0x80067409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSLTC                         = 0x80067475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTART                        = 0x2000746e
+	TIOCSTI                          = 0x5412
+	TIOCSTOP                         = 0x2000746f
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x400000
+	TUNATTACHFILTER                  = 0x800854d5
+	TUNDETACHFILTER                  = 0x800854d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x400854db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0x10
+	VEOF                             = 0x4
+	VEOL                             = 0x6
+	VEOL2                            = 0x8
+	VMIN                             = 0x5
+	VREPRINT                         = 0xb
+	VSTART                           = 0xd
+	VSTOP                            = 0xe
+	VSUSP                            = 0xc
+	VSWTC                            = 0x9
+	VT1                              = 0x10000
+	VTDLY                            = 0x10000
+	VTIME                            = 0x7
+	VWERASE                          = 0xa
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x20
+	XCASE                            = 0x4000
+	XTABS                            = 0xc00
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x3a)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{58, "EDEADLOCK", "file locking deadlock error"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index c78d669761b39..d4264a0f73e78 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -1,2333 +1,597 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build ppc64 && linux
 // +build ppc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x17
-	B110                                 = 0x3
-	B115200                              = 0x11
-	B1152000                             = 0x18
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x19
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x1a
-	B230400                              = 0x12
-	B2400                                = 0xb
-	B2500000                             = 0x1b
-	B300                                 = 0x7
-	B3000000                             = 0x1c
-	B3500000                             = 0x1d
-	B38400                               = 0xf
-	B4000000                             = 0x1e
-	B460800                              = 0x13
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x14
-	B57600                               = 0x10
-	B576000                              = 0x15
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x16
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x40081270
-	BLKBSZSET                            = 0x80081271
-	BLKFLSBUF                            = 0x20001261
-	BLKFRAGET                            = 0x20001265
-	BLKFRASET                            = 0x20001264
-	BLKGETSIZE                           = 0x20001260
-	BLKGETSIZE64                         = 0x40081272
-	BLKPBSZGET                           = 0x2000127b
-	BLKRAGET                             = 0x20001263
-	BLKRASET                             = 0x20001262
-	BLKROGET                             = 0x2000125e
-	BLKROSET                             = 0x2000125d
-	BLKRRPART                            = 0x2000125f
-	BLKSECTGET                           = 0x20001267
-	BLKSECTSET                           = 0x20001266
-	BLKSSZGET                            = 0x20001268
-	BOTHER                               = 0x1f
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x8000
-	BSDLY                                = 0x8000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0xff
-	CBAUDEX                              = 0x0
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0xff0000
-	CLOCAL                               = 0x8000
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x1000
-	CR2                                  = 0x2000
-	CR3                                  = 0x3000
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x3000
-	CREAD                                = 0x800
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x100
-	CS7                                  = 0x200
-	CS8                                  = 0x300
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x300
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x400
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x40
-	ECHOE                                = 0x2
-	ECHOK                                = 0x4
-	ECHOKE                               = 0x1
-	ECHONL                               = 0x10
-	ECHOPRT                              = 0x20
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x800
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x4000
-	FFDLY                                = 0x4000
-	FLUSHO                               = 0x800000
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x800c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x80106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x400c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0x5
-	F_GETLK64                            = 0xc
-	F_GETOWN                             = 0x9
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x6
-	F_SETLK64                            = 0xd
-	F_SETLKW                             = 0x7
-	F_SETLKW64                           = 0xe
-	F_SETOWN                             = 0x8
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x4000
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x100
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x400
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x800
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x200007b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x80
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x1000
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x400
-	IXON                                 = 0x200
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x20
-	MAP_ANONYMOUS                        = 0x20
-	MAP_DENYWRITE                        = 0x800
-	MAP_EXECUTABLE                       = 0x1000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x100
-	MAP_HUGETLB                          = 0x40000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x80
-	MAP_NONBLOCK                         = 0x10000
-	MAP_NORESERVE                        = 0x40
-	MAP_POPULATE                         = 0x8000
-	MAP_PRIVATE                          = 0x2
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x20000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x2000
-	MCL_FUTURE                           = 0x4000
-	MCL_ONFAULT                          = 0x8000
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NL2                                  = 0x200
-	NL3                                  = 0x300
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x300
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80000000
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x4
-	ONLCR                                = 0x2
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x400
-	O_ASYNC                              = 0x2000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x40
-	O_DIRECT                             = 0x20000
-	O_DIRECTORY                          = 0x4000
-	O_DSYNC                              = 0x1000
-	O_EXCL                               = 0x80
-	O_FSYNC                              = 0x101000
-	O_LARGEFILE                          = 0x0
-	O_NDELAY                             = 0x800
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x100
-	O_NOFOLLOW                           = 0x8000
-	O_NONBLOCK                           = 0x800
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x101000
-	O_SYNC                               = 0x101000
-	O_TMPFILE                            = 0x404000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x1000
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x2000
-	PENDIN                               = 0x20000000
-	PERF_EVENT_IOC_DISABLE               = 0x20002401
-	PERF_EVENT_IOC_ENABLE                = 0x20002400
-	PERF_EVENT_IOC_ID                    = 0x40082407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x8008240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x80042409
-	PERF_EVENT_IOC_PERIOD                = 0x80082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc008240a
-	PERF_EVENT_IOC_REFRESH               = 0x20002402
-	PERF_EVENT_IOC_RESET                 = 0x20002403
-	PERF_EVENT_IOC_SET_BPF               = 0x80042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x80082406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x20002405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_SAO                             = 0x10
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffffffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETEVRREGS                    = 0x14
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGS64                     = 0x16
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GETVRREGS                     = 0x12
-	PTRACE_GETVSRREGS                    = 0x1b
-	PTRACE_GET_DEBUGREG                  = 0x19
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETEVRREGS                    = 0x15
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGS64                     = 0x17
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SETVRREGS                     = 0x13
-	PTRACE_SETVSRREGS                    = 0x1c
-	PTRACE_SET_DEBUGREG                  = 0x1a
-	PTRACE_SINGLEBLOCK                   = 0x100
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TRACEME                       = 0x0
-	PT_CCR                               = 0x26
-	PT_CTR                               = 0x23
-	PT_DAR                               = 0x29
-	PT_DSCR                              = 0x2c
-	PT_DSISR                             = 0x2a
-	PT_FPR0                              = 0x30
-	PT_FPSCR                             = 0x50
-	PT_LNK                               = 0x24
-	PT_MSR                               = 0x21
-	PT_NIP                               = 0x20
-	PT_ORIG_R3                           = 0x22
-	PT_R0                                = 0x0
-	PT_R1                                = 0x1
-	PT_R10                               = 0xa
-	PT_R11                               = 0xb
-	PT_R12                               = 0xc
-	PT_R13                               = 0xd
-	PT_R14                               = 0xe
-	PT_R15                               = 0xf
-	PT_R16                               = 0x10
-	PT_R17                               = 0x11
-	PT_R18                               = 0x12
-	PT_R19                               = 0x13
-	PT_R2                                = 0x2
-	PT_R20                               = 0x14
-	PT_R21                               = 0x15
-	PT_R22                               = 0x16
-	PT_R23                               = 0x17
-	PT_R24                               = 0x18
-	PT_R25                               = 0x19
-	PT_R26                               = 0x1a
-	PT_R27                               = 0x1b
-	PT_R28                               = 0x1c
-	PT_R29                               = 0x1d
-	PT_R3                                = 0x3
-	PT_R30                               = 0x1e
-	PT_R31                               = 0x1f
-	PT_R4                                = 0x4
-	PT_R5                                = 0x5
-	PT_R6                                = 0x6
-	PT_R7                                = 0x7
-	PT_R8                                = 0x8
-	PT_R9                                = 0x9
-	PT_REGS_COUNT                        = 0x2c
-	PT_RESULT                            = 0x2b
-	PT_SOFTE                             = 0x27
-	PT_TRAP                              = 0x28
-	PT_VR0                               = 0x52
-	PT_VRSAVE                            = 0x94
-	PT_VSCR                              = 0x93
-	PT_VSR0                              = 0x96
-	PT_VSR31                             = 0xd4
-	PT_XER                               = 0x25
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x9
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x8
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x7
-	RLIMIT_NPROC                         = 0x6
-	RLIMIT_RSS                           = 0x5
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x20007002
-	RTC_AIE_ON                           = 0x20007001
-	RTC_ALM_READ                         = 0x40247008
-	RTC_ALM_SET                          = 0x80247007
-	RTC_EPOCH_READ                       = 0x4008700d
-	RTC_EPOCH_SET                        = 0x8008700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x4008700b
-	RTC_IRQP_SET                         = 0x8008700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x20007006
-	RTC_PIE_ON                           = 0x20007005
-	RTC_PLL_GET                          = 0x40207011
-	RTC_PLL_SET                          = 0x80207012
-	RTC_RD_TIME                          = 0x40247009
-	RTC_SET_TIME                         = 0x8024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x20007004
-	RTC_UIE_ON                           = 0x20007003
-	RTC_VL_CLR                           = 0x20007014
-	RTC_VL_READ                          = 0x40047013
-	RTC_WIE_OFF                          = 0x20007010
-	RTC_WIE_ON                           = 0x2000700f
-	RTC_WKALM_RD                         = 0x40287010
-	RTC_WKALM_SET                        = 0x8028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x8905
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x8904
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x4004667f
-	SIOCOUTQ                             = 0x40047473
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x8902
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x2
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x800
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x1
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0x1
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1e
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x6
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x27
-	SO_DONTROUTE                         = 0x5
-	SO_ERROR                             = 0x4
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x9
-	SO_LINGER                            = 0xd
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0xa
-	SO_PASSCRED                          = 0x14
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x15
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1f
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x26
-	SO_RCVBUF                            = 0x8
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x10
-	SO_RCVTIMEO                          = 0x12
-	SO_REUSEADDR                         = 0x2
-	SO_REUSEPORT                         = 0xf
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x7
-	SO_SNDBUFFORCE                       = 0x20
-	SO_SNDLOWAT                          = 0x11
-	SO_SNDTIMEO                          = 0x13
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x3
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x400
-	TAB2                                 = 0x800
-	TAB3                                 = 0xc00
-	TABDLY                               = 0xc00
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x2000741f
-	TCGETA                               = 0x40147417
-	TCGETS                               = 0x402c7413
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x2
-	TCSBRK                               = 0x2000741d
-	TCSBRKP                              = 0x5425
-	TCSETA                               = 0x80147418
-	TCSETAF                              = 0x8014741c
-	TCSETAW                              = 0x80147419
-	TCSETS                               = 0x802c7414
-	TCSETSF                              = 0x802c7416
-	TCSETSW                              = 0x802c7415
-	TCXONC                               = 0x2000741e
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x541d
-	TIOCEXCL                             = 0x540c
-	TIOCGDEV                             = 0x40045432
-	TIOCGETC                             = 0x40067412
-	TIOCGETD                             = 0x5424
-	TIOCGETP                             = 0x40067408
-	TIOCGEXCL                            = 0x40045440
-	TIOCGICOUNT                          = 0x545d
-	TIOCGLCKTRMIOS                       = 0x5456
-	TIOCGLTC                             = 0x40067474
-	TIOCGPGRP                            = 0x40047477
-	TIOCGPKT                             = 0x40045438
-	TIOCGPTLCK                           = 0x40045439
-	TIOCGPTN                             = 0x40045430
-	TIOCGPTPEER                          = 0x20005441
-	TIOCGRS485                           = 0x542e
-	TIOCGSERIAL                          = 0x541e
-	TIOCGSID                             = 0x5429
-	TIOCGSOFTCAR                         = 0x5419
-	TIOCGWINSZ                           = 0x40087468
-	TIOCINQ                              = 0x4004667f
-	TIOCLINUX                            = 0x541c
-	TIOCMBIC                             = 0x5417
-	TIOCMBIS                             = 0x5416
-	TIOCMGET                             = 0x5415
-	TIOCMIWAIT                           = 0x545c
-	TIOCMSET                             = 0x5418
-	TIOCM_CAR                            = 0x40
-	TIOCM_CD                             = 0x40
-	TIOCM_CTS                            = 0x20
-	TIOCM_DSR                            = 0x100
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_LOOP                           = 0x8000
-	TIOCM_OUT1                           = 0x2000
-	TIOCM_OUT2                           = 0x4000
-	TIOCM_RI                             = 0x80
-	TIOCM_RNG                            = 0x80
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x10
-	TIOCM_ST                             = 0x8
-	TIOCNOTTY                            = 0x5422
-	TIOCNXCL                             = 0x540d
-	TIOCOUTQ                             = 0x40047473
-	TIOCPKT                              = 0x5420
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x540e
-	TIOCSERCONFIG                        = 0x5453
-	TIOCSERGETLSR                        = 0x5459
-	TIOCSERGETMULTI                      = 0x545a
-	TIOCSERGSTRUCT                       = 0x5458
-	TIOCSERGWILD                         = 0x5454
-	TIOCSERSETMULTI                      = 0x545b
-	TIOCSERSWILD                         = 0x5455
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETC                             = 0x80067411
-	TIOCSETD                             = 0x5423
-	TIOCSETN                             = 0x8006740a
-	TIOCSETP                             = 0x80067409
-	TIOCSIG                              = 0x80045436
-	TIOCSLCKTRMIOS                       = 0x5457
-	TIOCSLTC                             = 0x80067475
-	TIOCSPGRP                            = 0x80047476
-	TIOCSPTLCK                           = 0x80045431
-	TIOCSRS485                           = 0x542f
-	TIOCSSERIAL                          = 0x541f
-	TIOCSSOFTCAR                         = 0x541a
-	TIOCSTART                            = 0x2000746e
-	TIOCSTI                              = 0x5412
-	TIOCSTOP                             = 0x2000746f
-	TIOCSWINSZ                           = 0x80087467
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x400000
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x801054d5
-	TUNDETACHFILTER                      = 0x801054d6
-	TUNGETFEATURES                       = 0x400454cf
-	TUNGETFILTER                         = 0x401054db
-	TUNGETIFF                            = 0x400454d2
-	TUNGETSNDBUF                         = 0x400454d3
-	TUNGETVNETBE                         = 0x400454df
-	TUNGETVNETHDRSZ                      = 0x400454d7
-	TUNGETVNETLE                         = 0x400454dd
-	TUNSETDEBUG                          = 0x800454c9
-	TUNSETFILTEREBPF                     = 0x400454e1
-	TUNSETGROUP                          = 0x800454ce
-	TUNSETIFF                            = 0x800454ca
-	TUNSETIFINDEX                        = 0x800454da
-	TUNSETLINK                           = 0x800454cd
-	TUNSETNOCSUM                         = 0x800454c8
-	TUNSETOFFLOAD                        = 0x800454d0
-	TUNSETOWNER                          = 0x800454cc
-	TUNSETPERSIST                        = 0x800454cb
-	TUNSETQUEUE                          = 0x800454d9
-	TUNSETSNDBUF                         = 0x800454d4
-	TUNSETSTEERINGEBPF                   = 0x400454e0
-	TUNSETTXFILTER                       = 0x800454d1
-	TUNSETVNETBE                         = 0x800454de
-	TUNSETVNETHDRSZ                      = 0x800454d8
-	TUNSETVNETLE                         = 0x800454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0x10
-	VEOF                                 = 0x4
-	VEOL                                 = 0x6
-	VEOL2                                = 0x8
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x5
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xb
-	VSTART                               = 0xd
-	VSTOP                                = 0xe
-	VSUSP                                = 0xc
-	VSWTC                                = 0x9
-	VT0                                  = 0x0
-	VT1                                  = 0x10000
-	VTDLY                                = 0x10000
-	VTIME                                = 0x7
-	VWERASE                              = 0xa
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x40045702
-	WDIOC_GETPRETIMEOUT                  = 0x40045709
-	WDIOC_GETSTATUS                      = 0x40045701
-	WDIOC_GETSUPPORT                     = 0x40285700
-	WDIOC_GETTEMP                        = 0x40045703
-	WDIOC_GETTIMELEFT                    = 0x4004570a
-	WDIOC_GETTIMEOUT                     = 0x40045707
-	WDIOC_KEEPALIVE                      = 0x40045705
-	WDIOC_SETOPTIONS                     = 0x40045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x40
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4000
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0xc00
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x17
+	B115200                          = 0x11
+	B1152000                         = 0x18
+	B1500000                         = 0x19
+	B2000000                         = 0x1a
+	B230400                          = 0x12
+	B2500000                         = 0x1b
+	B3000000                         = 0x1c
+	B3500000                         = 0x1d
+	B4000000                         = 0x1e
+	B460800                          = 0x13
+	B500000                          = 0x14
+	B57600                           = 0x10
+	B576000                          = 0x15
+	B921600                          = 0x16
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1f
+	BS1                              = 0x8000
+	BSDLY                            = 0x8000
+	CBAUD                            = 0xff
+	CBAUDEX                          = 0x0
+	CIBAUD                           = 0xff0000
+	CLOCAL                           = 0x8000
+	CR1                              = 0x1000
+	CR2                              = 0x2000
+	CR3                              = 0x3000
+	CRDLY                            = 0x3000
+	CREAD                            = 0x800
+	CS6                              = 0x100
+	CS7                              = 0x200
+	CS8                              = 0x300
+	CSIZE                            = 0x300
+	CSTOPB                           = 0x400
+	ECCGETLAYOUT                     = 0x41484d11
+	ECCGETSTATS                      = 0x40104d12
+	ECHOCTL                          = 0x40
+	ECHOE                            = 0x2
+	ECHOK                            = 0x4
+	ECHOKE                           = 0x1
+	ECHONL                           = 0x10
+	ECHOPRT                          = 0x20
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000000
+	FF1                              = 0x4000
+	FFDLY                            = 0x4000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x800000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
+	HUPCL                            = 0x4000
+	ICANON                           = 0x100
+	IEXTEN                           = 0x400
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x80
+	IUCLC                            = 0x1000
+	IXOFF                            = 0x400
+	IXON                             = 0x200
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x80
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x40
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x2000
+	MCL_FUTURE                       = 0x4000
+	MCL_ONFAULT                      = 0x8000
+	MEMERASE                         = 0x80084d02
+	MEMERASE64                       = 0x80104d14
+	MEMGETBADBLOCK                   = 0x80084d0b
+	MEMGETINFO                       = 0x40204d01
+	MEMGETOOBSEL                     = 0x40c84d0a
+	MEMGETREGIONCOUNT                = 0x40044d07
+	MEMISLOCKED                      = 0x40084d17
+	MEMLOCK                          = 0x80084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x80084d0c
+	MEMUNLOCK                        = 0x80084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x20004d13
+	NFDBITS                          = 0x40
+	NL2                              = 0x200
+	NL3                              = 0x300
+	NLDLY                            = 0x300
+	NOFLSH                           = 0x80000000
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x4
+	ONLCR                            = 0x2
+	OTPERASE                         = 0x800c4d19
+	OTPGETREGIONCOUNT                = 0x80044d0e
+	OTPGETREGIONINFO                 = 0x800c4d0f
+	OTPLOCK                          = 0x400c4d10
+	OTPSELECT                        = 0x40044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x20000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x1000
+	PARODD                           = 0x2000
+	PENDIN                           = 0x20000000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PROT_SAO                         = 0x10
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETEVRREGS                = 0x14
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETREGS64                 = 0x16
+	PTRACE_GETVRREGS                 = 0x12
+	PTRACE_GETVSRREGS                = 0x1b
+	PTRACE_GET_DEBUGREG              = 0x19
+	PTRACE_SETEVRREGS                = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETREGS64                 = 0x17
+	PTRACE_SETVRREGS                 = 0x13
+	PTRACE_SETVSRREGS                = 0x1c
+	PTRACE_SET_DEBUGREG              = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x100
+	PTRACE_SYSEMU                    = 0x1d
+	PTRACE_SYSEMU_SINGLESTEP         = 0x1e
+	PT_CCR                           = 0x26
+	PT_CTR                           = 0x23
+	PT_DAR                           = 0x29
+	PT_DSCR                          = 0x2c
+	PT_DSISR                         = 0x2a
+	PT_FPR0                          = 0x30
+	PT_FPSCR                         = 0x50
+	PT_LNK                           = 0x24
+	PT_MSR                           = 0x21
+	PT_NIP                           = 0x20
+	PT_ORIG_R3                       = 0x22
+	PT_R0                            = 0x0
+	PT_R1                            = 0x1
+	PT_R10                           = 0xa
+	PT_R11                           = 0xb
+	PT_R12                           = 0xc
+	PT_R13                           = 0xd
+	PT_R14                           = 0xe
+	PT_R15                           = 0xf
+	PT_R16                           = 0x10
+	PT_R17                           = 0x11
+	PT_R18                           = 0x12
+	PT_R19                           = 0x13
+	PT_R2                            = 0x2
+	PT_R20                           = 0x14
+	PT_R21                           = 0x15
+	PT_R22                           = 0x16
+	PT_R23                           = 0x17
+	PT_R24                           = 0x18
+	PT_R25                           = 0x19
+	PT_R26                           = 0x1a
+	PT_R27                           = 0x1b
+	PT_R28                           = 0x1c
+	PT_R29                           = 0x1d
+	PT_R3                            = 0x3
+	PT_R30                           = 0x1e
+	PT_R31                           = 0x1f
+	PT_R4                            = 0x4
+	PT_R5                            = 0x5
+	PT_R6                            = 0x6
+	PT_R7                            = 0x7
+	PT_R8                            = 0x8
+	PT_R9                            = 0x9
+	PT_REGS_COUNT                    = 0x2c
+	PT_RESULT                        = 0x2b
+	PT_SOFTE                         = 0x27
+	PT_TRAP                          = 0x28
+	PT_VR0                           = 0x52
+	PT_VRSAVE                        = 0x94
+	PT_VSCR                          = 0x93
+	PT_VSR0                          = 0x96
+	PT_VSR31                         = 0xd4
+	PT_XER                           = 0x25
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x4004667f
+	SIOCOUTQ                         = 0x40047473
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x14
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x15
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x10
+	SO_RCVTIMEO                      = 0x12
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x12
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x11
+	SO_SNDTIMEO                      = 0x13
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x13
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x400
+	TAB2                             = 0x800
+	TAB3                             = 0xc00
+	TABDLY                           = 0xc00
+	TCFLSH                           = 0x2000741f
+	TCGETA                           = 0x40147417
+	TCGETS                           = 0x402c7413
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x2000741d
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x80147418
+	TCSETAF                          = 0x8014741c
+	TCSETAW                          = 0x80147419
+	TCSETS                           = 0x802c7414
+	TCSETSF                          = 0x802c7416
+	TCSETSW                          = 0x802c7415
+	TCXONC                           = 0x2000741e
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x40045432
+	TIOCGETC                         = 0x40067412
+	TIOCGETD                         = 0x5424
+	TIOCGETP                         = 0x40067408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGLTC                         = 0x40067474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x4004667f
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_LOOP                       = 0x8000
+	TIOCM_OUT1                       = 0x2000
+	TIOCM_OUT2                       = 0x4000
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x40047473
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETC                         = 0x80067411
+	TIOCSETD                         = 0x5423
+	TIOCSETN                         = 0x8006740a
+	TIOCSETP                         = 0x80067409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSLTC                         = 0x80067475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTART                        = 0x2000746e
+	TIOCSTI                          = 0x5412
+	TIOCSTOP                         = 0x2000746f
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x400000
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0x10
+	VEOF                             = 0x4
+	VEOL                             = 0x6
+	VEOL2                            = 0x8
+	VMIN                             = 0x5
+	VREPRINT                         = 0xb
+	VSTART                           = 0xd
+	VSTOP                            = 0xe
+	VSUSP                            = 0xc
+	VSWTC                            = 0x9
+	VT1                              = 0x10000
+	VTDLY                            = 0x10000
+	VTIME                            = 0x7
+	VWERASE                          = 0xa
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4000
+	XTABS                            = 0xc00
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x62)
 	EADDRNOTAVAIL   = syscall.Errno(0x63)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x61)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x72)
 	EBADE           = syscall.Errno(0x34)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x4d)
 	EBADMSG         = syscall.Errno(0x4a)
 	EBADR           = syscall.Errno(0x35)
 	EBADRQC         = syscall.Errno(0x38)
 	EBADSLT         = syscall.Errno(0x39)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x7d)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x2c)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x67)
@@ -2336,23 +600,15 @@ const (
 	EDEADLK         = syscall.Errno(0x23)
 	EDEADLOCK       = syscall.Errno(0x3a)
 	EDESTADDRREQ    = syscall.Errno(0x59)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x7a)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x70)
 	EHOSTUNREACH    = syscall.Errno(0x71)
 	EHWPOISON       = syscall.Errno(0x85)
 	EIDRM           = syscall.Errno(0x2b)
 	EILSEQ          = syscall.Errno(0x54)
 	EINPROGRESS     = syscall.Errno(0x73)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x6a)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x78)
 	EKEYEXPIRED     = syscall.Errno(0x7f)
 	EKEYREJECTED    = syscall.Errno(0x81)
@@ -2369,8 +625,6 @@ const (
 	ELNRNG          = syscall.Errno(0x30)
 	ELOOP           = syscall.Errno(0x28)
 	EMEDIUMTYPE     = syscall.Errno(0x7c)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x5a)
 	EMULTIHOP       = syscall.Errno(0x48)
 	ENAMETOOLONG    = syscall.Errno(0x24)
@@ -2378,99 +632,67 @@ const (
 	ENETDOWN        = syscall.Errno(0x64)
 	ENETRESET       = syscall.Errno(0x66)
 	ENETUNREACH     = syscall.Errno(0x65)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x37)
 	ENOBUFS         = syscall.Errno(0x69)
 	ENOCSI          = syscall.Errno(0x32)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0x7e)
 	ENOLCK          = syscall.Errno(0x25)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x7b)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x2a)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x5c)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x26)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x6b)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x27)
 	ENOTNAM         = syscall.Errno(0x76)
 	ENOTRECOVERABLE = syscall.Errno(0x83)
 	ENOTSOCK        = syscall.Errno(0x58)
 	ENOTSUP         = syscall.Errno(0x5f)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x4c)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x5f)
 	EOVERFLOW       = syscall.Errno(0x4b)
 	EOWNERDEAD      = syscall.Errno(0x82)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x60)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x5d)
 	EPROTOTYPE      = syscall.Errno(0x5b)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x4e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x79)
 	ERESTART        = syscall.Errno(0x55)
 	ERFKILL         = syscall.Errno(0x84)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x6c)
 	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x74)
 	ESTRPIPE        = syscall.Errno(0x56)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x6e)
 	ETOOMANYREFS    = syscall.Errno(0x6d)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x75)
 	EUNATCH         = syscall.Errno(0x31)
 	EUSERS          = syscall.Errno(0x57)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x36)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0x7)
 	SIGCHLD   = syscall.Signal(0x11)
 	SIGCLD    = syscall.Signal(0x11)
 	SIGCONT   = syscall.Signal(0x12)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x1d)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x1d)
 	SIGPROF   = syscall.Signal(0x1b)
 	SIGPWR    = syscall.Signal(0x1e)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTKFLT = syscall.Signal(0x10)
 	SIGSTOP   = syscall.Signal(0x13)
 	SIGSYS    = syscall.Signal(0x1f)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x14)
 	SIGTTIN   = syscall.Signal(0x15)
 	SIGTTOU   = syscall.Signal(0x16)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index 63493756d89b6..21cbec1dd35f5 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -1,2333 +1,597 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build ppc64le && linux
 // +build ppc64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x17
-	B110                                 = 0x3
-	B115200                              = 0x11
-	B1152000                             = 0x18
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x19
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x1a
-	B230400                              = 0x12
-	B2400                                = 0xb
-	B2500000                             = 0x1b
-	B300                                 = 0x7
-	B3000000                             = 0x1c
-	B3500000                             = 0x1d
-	B38400                               = 0xf
-	B4000000                             = 0x1e
-	B460800                              = 0x13
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x14
-	B57600                               = 0x10
-	B576000                              = 0x15
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x16
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x40081270
-	BLKBSZSET                            = 0x80081271
-	BLKFLSBUF                            = 0x20001261
-	BLKFRAGET                            = 0x20001265
-	BLKFRASET                            = 0x20001264
-	BLKGETSIZE                           = 0x20001260
-	BLKGETSIZE64                         = 0x40081272
-	BLKPBSZGET                           = 0x2000127b
-	BLKRAGET                             = 0x20001263
-	BLKRASET                             = 0x20001262
-	BLKROGET                             = 0x2000125e
-	BLKROSET                             = 0x2000125d
-	BLKRRPART                            = 0x2000125f
-	BLKSECTGET                           = 0x20001267
-	BLKSECTSET                           = 0x20001266
-	BLKSSZGET                            = 0x20001268
-	BOTHER                               = 0x1f
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x8000
-	BSDLY                                = 0x8000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0xff
-	CBAUDEX                              = 0x0
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0xff0000
-	CLOCAL                               = 0x8000
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x1000
-	CR2                                  = 0x2000
-	CR3                                  = 0x3000
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x3000
-	CREAD                                = 0x800
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x100
-	CS7                                  = 0x200
-	CS8                                  = 0x300
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x300
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x400
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x40
-	ECHOE                                = 0x2
-	ECHOK                                = 0x4
-	ECHOKE                               = 0x1
-	ECHONL                               = 0x10
-	ECHOPRT                              = 0x20
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x800
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x4000
-	FFDLY                                = 0x4000
-	FLUSHO                               = 0x800000
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x800c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x80106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x400c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0x5
-	F_GETLK64                            = 0xc
-	F_GETOWN                             = 0x9
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x6
-	F_SETLK64                            = 0xd
-	F_SETLKW                             = 0x7
-	F_SETLKW64                           = 0xe
-	F_SETOWN                             = 0x8
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x4000
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x100
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x400
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x800
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x200007b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x80
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x1000
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x400
-	IXON                                 = 0x200
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x20
-	MAP_ANONYMOUS                        = 0x20
-	MAP_DENYWRITE                        = 0x800
-	MAP_EXECUTABLE                       = 0x1000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x100
-	MAP_HUGETLB                          = 0x40000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x80
-	MAP_NONBLOCK                         = 0x10000
-	MAP_NORESERVE                        = 0x40
-	MAP_POPULATE                         = 0x8000
-	MAP_PRIVATE                          = 0x2
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x20000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x2000
-	MCL_FUTURE                           = 0x4000
-	MCL_ONFAULT                          = 0x8000
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NL2                                  = 0x200
-	NL3                                  = 0x300
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x300
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80000000
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x4
-	ONLCR                                = 0x2
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x400
-	O_ASYNC                              = 0x2000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x40
-	O_DIRECT                             = 0x20000
-	O_DIRECTORY                          = 0x4000
-	O_DSYNC                              = 0x1000
-	O_EXCL                               = 0x80
-	O_FSYNC                              = 0x101000
-	O_LARGEFILE                          = 0x0
-	O_NDELAY                             = 0x800
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x100
-	O_NOFOLLOW                           = 0x8000
-	O_NONBLOCK                           = 0x800
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x101000
-	O_SYNC                               = 0x101000
-	O_TMPFILE                            = 0x404000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x1000
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x2000
-	PENDIN                               = 0x20000000
-	PERF_EVENT_IOC_DISABLE               = 0x20002401
-	PERF_EVENT_IOC_ENABLE                = 0x20002400
-	PERF_EVENT_IOC_ID                    = 0x40082407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x8008240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x80042409
-	PERF_EVENT_IOC_PERIOD                = 0x80082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc008240a
-	PERF_EVENT_IOC_REFRESH               = 0x20002402
-	PERF_EVENT_IOC_RESET                 = 0x20002403
-	PERF_EVENT_IOC_SET_BPF               = 0x80042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x80082406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x20002405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_SAO                             = 0x10
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffffffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETEVRREGS                    = 0x14
-	PTRACE_GETFPREGS                     = 0xe
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGS64                     = 0x16
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GETVRREGS                     = 0x12
-	PTRACE_GETVSRREGS                    = 0x1b
-	PTRACE_GET_DEBUGREG                  = 0x19
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETEVRREGS                    = 0x15
-	PTRACE_SETFPREGS                     = 0xf
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGS64                     = 0x17
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SETVRREGS                     = 0x13
-	PTRACE_SETVSRREGS                    = 0x1c
-	PTRACE_SET_DEBUGREG                  = 0x1a
-	PTRACE_SINGLEBLOCK                   = 0x100
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TRACEME                       = 0x0
-	PT_CCR                               = 0x26
-	PT_CTR                               = 0x23
-	PT_DAR                               = 0x29
-	PT_DSCR                              = 0x2c
-	PT_DSISR                             = 0x2a
-	PT_FPR0                              = 0x30
-	PT_FPSCR                             = 0x50
-	PT_LNK                               = 0x24
-	PT_MSR                               = 0x21
-	PT_NIP                               = 0x20
-	PT_ORIG_R3                           = 0x22
-	PT_R0                                = 0x0
-	PT_R1                                = 0x1
-	PT_R10                               = 0xa
-	PT_R11                               = 0xb
-	PT_R12                               = 0xc
-	PT_R13                               = 0xd
-	PT_R14                               = 0xe
-	PT_R15                               = 0xf
-	PT_R16                               = 0x10
-	PT_R17                               = 0x11
-	PT_R18                               = 0x12
-	PT_R19                               = 0x13
-	PT_R2                                = 0x2
-	PT_R20                               = 0x14
-	PT_R21                               = 0x15
-	PT_R22                               = 0x16
-	PT_R23                               = 0x17
-	PT_R24                               = 0x18
-	PT_R25                               = 0x19
-	PT_R26                               = 0x1a
-	PT_R27                               = 0x1b
-	PT_R28                               = 0x1c
-	PT_R29                               = 0x1d
-	PT_R3                                = 0x3
-	PT_R30                               = 0x1e
-	PT_R31                               = 0x1f
-	PT_R4                                = 0x4
-	PT_R5                                = 0x5
-	PT_R6                                = 0x6
-	PT_R7                                = 0x7
-	PT_R8                                = 0x8
-	PT_R9                                = 0x9
-	PT_REGS_COUNT                        = 0x2c
-	PT_RESULT                            = 0x2b
-	PT_SOFTE                             = 0x27
-	PT_TRAP                              = 0x28
-	PT_VR0                               = 0x52
-	PT_VRSAVE                            = 0x94
-	PT_VSCR                              = 0x93
-	PT_VSR0                              = 0x96
-	PT_VSR31                             = 0xd4
-	PT_XER                               = 0x25
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x9
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x8
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x7
-	RLIMIT_NPROC                         = 0x6
-	RLIMIT_RSS                           = 0x5
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x20007002
-	RTC_AIE_ON                           = 0x20007001
-	RTC_ALM_READ                         = 0x40247008
-	RTC_ALM_SET                          = 0x80247007
-	RTC_EPOCH_READ                       = 0x4008700d
-	RTC_EPOCH_SET                        = 0x8008700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x4008700b
-	RTC_IRQP_SET                         = 0x8008700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x20007006
-	RTC_PIE_ON                           = 0x20007005
-	RTC_PLL_GET                          = 0x40207011
-	RTC_PLL_SET                          = 0x80207012
-	RTC_RD_TIME                          = 0x40247009
-	RTC_SET_TIME                         = 0x8024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x20007004
-	RTC_UIE_ON                           = 0x20007003
-	RTC_VL_CLR                           = 0x20007014
-	RTC_VL_READ                          = 0x40047013
-	RTC_WIE_OFF                          = 0x20007010
-	RTC_WIE_ON                           = 0x2000700f
-	RTC_WKALM_RD                         = 0x40287010
-	RTC_WKALM_SET                        = 0x8028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x8905
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x8904
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x4004667f
-	SIOCOUTQ                             = 0x40047473
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x8902
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x2
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x800
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x1
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0x1
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1e
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x6
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x27
-	SO_DONTROUTE                         = 0x5
-	SO_ERROR                             = 0x4
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x9
-	SO_LINGER                            = 0xd
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0xa
-	SO_PASSCRED                          = 0x14
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x15
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1f
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x26
-	SO_RCVBUF                            = 0x8
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x10
-	SO_RCVTIMEO                          = 0x12
-	SO_REUSEADDR                         = 0x2
-	SO_REUSEPORT                         = 0xf
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x7
-	SO_SNDBUFFORCE                       = 0x20
-	SO_SNDLOWAT                          = 0x11
-	SO_SNDTIMEO                          = 0x13
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x3
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x400
-	TAB2                                 = 0x800
-	TAB3                                 = 0xc00
-	TABDLY                               = 0xc00
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x2000741f
-	TCGETA                               = 0x40147417
-	TCGETS                               = 0x402c7413
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x2
-	TCSBRK                               = 0x2000741d
-	TCSBRKP                              = 0x5425
-	TCSETA                               = 0x80147418
-	TCSETAF                              = 0x8014741c
-	TCSETAW                              = 0x80147419
-	TCSETS                               = 0x802c7414
-	TCSETSF                              = 0x802c7416
-	TCSETSW                              = 0x802c7415
-	TCXONC                               = 0x2000741e
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x541d
-	TIOCEXCL                             = 0x540c
-	TIOCGDEV                             = 0x40045432
-	TIOCGETC                             = 0x40067412
-	TIOCGETD                             = 0x5424
-	TIOCGETP                             = 0x40067408
-	TIOCGEXCL                            = 0x40045440
-	TIOCGICOUNT                          = 0x545d
-	TIOCGLCKTRMIOS                       = 0x5456
-	TIOCGLTC                             = 0x40067474
-	TIOCGPGRP                            = 0x40047477
-	TIOCGPKT                             = 0x40045438
-	TIOCGPTLCK                           = 0x40045439
-	TIOCGPTN                             = 0x40045430
-	TIOCGPTPEER                          = 0x20005441
-	TIOCGRS485                           = 0x542e
-	TIOCGSERIAL                          = 0x541e
-	TIOCGSID                             = 0x5429
-	TIOCGSOFTCAR                         = 0x5419
-	TIOCGWINSZ                           = 0x40087468
-	TIOCINQ                              = 0x4004667f
-	TIOCLINUX                            = 0x541c
-	TIOCMBIC                             = 0x5417
-	TIOCMBIS                             = 0x5416
-	TIOCMGET                             = 0x5415
-	TIOCMIWAIT                           = 0x545c
-	TIOCMSET                             = 0x5418
-	TIOCM_CAR                            = 0x40
-	TIOCM_CD                             = 0x40
-	TIOCM_CTS                            = 0x20
-	TIOCM_DSR                            = 0x100
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_LOOP                           = 0x8000
-	TIOCM_OUT1                           = 0x2000
-	TIOCM_OUT2                           = 0x4000
-	TIOCM_RI                             = 0x80
-	TIOCM_RNG                            = 0x80
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x10
-	TIOCM_ST                             = 0x8
-	TIOCNOTTY                            = 0x5422
-	TIOCNXCL                             = 0x540d
-	TIOCOUTQ                             = 0x40047473
-	TIOCPKT                              = 0x5420
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x540e
-	TIOCSERCONFIG                        = 0x5453
-	TIOCSERGETLSR                        = 0x5459
-	TIOCSERGETMULTI                      = 0x545a
-	TIOCSERGSTRUCT                       = 0x5458
-	TIOCSERGWILD                         = 0x5454
-	TIOCSERSETMULTI                      = 0x545b
-	TIOCSERSWILD                         = 0x5455
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETC                             = 0x80067411
-	TIOCSETD                             = 0x5423
-	TIOCSETN                             = 0x8006740a
-	TIOCSETP                             = 0x80067409
-	TIOCSIG                              = 0x80045436
-	TIOCSLCKTRMIOS                       = 0x5457
-	TIOCSLTC                             = 0x80067475
-	TIOCSPGRP                            = 0x80047476
-	TIOCSPTLCK                           = 0x80045431
-	TIOCSRS485                           = 0x542f
-	TIOCSSERIAL                          = 0x541f
-	TIOCSSOFTCAR                         = 0x541a
-	TIOCSTART                            = 0x2000746e
-	TIOCSTI                              = 0x5412
-	TIOCSTOP                             = 0x2000746f
-	TIOCSWINSZ                           = 0x80087467
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x400000
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x801054d5
-	TUNDETACHFILTER                      = 0x801054d6
-	TUNGETFEATURES                       = 0x400454cf
-	TUNGETFILTER                         = 0x401054db
-	TUNGETIFF                            = 0x400454d2
-	TUNGETSNDBUF                         = 0x400454d3
-	TUNGETVNETBE                         = 0x400454df
-	TUNGETVNETHDRSZ                      = 0x400454d7
-	TUNGETVNETLE                         = 0x400454dd
-	TUNSETDEBUG                          = 0x800454c9
-	TUNSETFILTEREBPF                     = 0x400454e1
-	TUNSETGROUP                          = 0x800454ce
-	TUNSETIFF                            = 0x800454ca
-	TUNSETIFINDEX                        = 0x800454da
-	TUNSETLINK                           = 0x800454cd
-	TUNSETNOCSUM                         = 0x800454c8
-	TUNSETOFFLOAD                        = 0x800454d0
-	TUNSETOWNER                          = 0x800454cc
-	TUNSETPERSIST                        = 0x800454cb
-	TUNSETQUEUE                          = 0x800454d9
-	TUNSETSNDBUF                         = 0x800454d4
-	TUNSETSTEERINGEBPF                   = 0x400454e0
-	TUNSETTXFILTER                       = 0x800454d1
-	TUNSETVNETBE                         = 0x800454de
-	TUNSETVNETHDRSZ                      = 0x800454d8
-	TUNSETVNETLE                         = 0x800454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0x10
-	VEOF                                 = 0x4
-	VEOL                                 = 0x6
-	VEOL2                                = 0x8
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x5
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xb
-	VSTART                               = 0xd
-	VSTOP                                = 0xe
-	VSUSP                                = 0xc
-	VSWTC                                = 0x9
-	VT0                                  = 0x0
-	VT1                                  = 0x10000
-	VTDLY                                = 0x10000
-	VTIME                                = 0x7
-	VWERASE                              = 0xa
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x40045702
-	WDIOC_GETPRETIMEOUT                  = 0x40045709
-	WDIOC_GETSTATUS                      = 0x40045701
-	WDIOC_GETSUPPORT                     = 0x40285700
-	WDIOC_GETTEMP                        = 0x40045703
-	WDIOC_GETTIMELEFT                    = 0x4004570a
-	WDIOC_GETTIMEOUT                     = 0x40045707
-	WDIOC_KEEPALIVE                      = 0x40045705
-	WDIOC_SETOPTIONS                     = 0x40045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x40
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4000
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0xc00
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x17
+	B115200                          = 0x11
+	B1152000                         = 0x18
+	B1500000                         = 0x19
+	B2000000                         = 0x1a
+	B230400                          = 0x12
+	B2500000                         = 0x1b
+	B3000000                         = 0x1c
+	B3500000                         = 0x1d
+	B4000000                         = 0x1e
+	B460800                          = 0x13
+	B500000                          = 0x14
+	B57600                           = 0x10
+	B576000                          = 0x15
+	B921600                          = 0x16
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1f
+	BS1                              = 0x8000
+	BSDLY                            = 0x8000
+	CBAUD                            = 0xff
+	CBAUDEX                          = 0x0
+	CIBAUD                           = 0xff0000
+	CLOCAL                           = 0x8000
+	CR1                              = 0x1000
+	CR2                              = 0x2000
+	CR3                              = 0x3000
+	CRDLY                            = 0x3000
+	CREAD                            = 0x800
+	CS6                              = 0x100
+	CS7                              = 0x200
+	CS8                              = 0x300
+	CSIZE                            = 0x300
+	CSTOPB                           = 0x400
+	ECCGETLAYOUT                     = 0x41484d11
+	ECCGETSTATS                      = 0x40104d12
+	ECHOCTL                          = 0x40
+	ECHOE                            = 0x2
+	ECHOK                            = 0x4
+	ECHOKE                           = 0x1
+	ECHONL                           = 0x10
+	ECHOPRT                          = 0x20
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000000
+	FF1                              = 0x4000
+	FFDLY                            = 0x4000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x800000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
+	HUPCL                            = 0x4000
+	ICANON                           = 0x100
+	IEXTEN                           = 0x400
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x80
+	IUCLC                            = 0x1000
+	IXOFF                            = 0x400
+	IXON                             = 0x200
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x80
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x40
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x2000
+	MCL_FUTURE                       = 0x4000
+	MCL_ONFAULT                      = 0x8000
+	MEMERASE                         = 0x80084d02
+	MEMERASE64                       = 0x80104d14
+	MEMGETBADBLOCK                   = 0x80084d0b
+	MEMGETINFO                       = 0x40204d01
+	MEMGETOOBSEL                     = 0x40c84d0a
+	MEMGETREGIONCOUNT                = 0x40044d07
+	MEMISLOCKED                      = 0x40084d17
+	MEMLOCK                          = 0x80084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x80084d0c
+	MEMUNLOCK                        = 0x80084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x20004d13
+	NFDBITS                          = 0x40
+	NL2                              = 0x200
+	NL3                              = 0x300
+	NLDLY                            = 0x300
+	NOFLSH                           = 0x80000000
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x4
+	ONLCR                            = 0x2
+	OTPERASE                         = 0x800c4d19
+	OTPGETREGIONCOUNT                = 0x80044d0e
+	OTPGETREGIONINFO                 = 0x800c4d0f
+	OTPLOCK                          = 0x400c4d10
+	OTPSELECT                        = 0x40044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x20000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x1000
+	PARODD                           = 0x2000
+	PENDIN                           = 0x20000000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PROT_SAO                         = 0x10
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETEVRREGS                = 0x14
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETREGS64                 = 0x16
+	PTRACE_GETVRREGS                 = 0x12
+	PTRACE_GETVSRREGS                = 0x1b
+	PTRACE_GET_DEBUGREG              = 0x19
+	PTRACE_SETEVRREGS                = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETREGS64                 = 0x17
+	PTRACE_SETVRREGS                 = 0x13
+	PTRACE_SETVSRREGS                = 0x1c
+	PTRACE_SET_DEBUGREG              = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x100
+	PTRACE_SYSEMU                    = 0x1d
+	PTRACE_SYSEMU_SINGLESTEP         = 0x1e
+	PT_CCR                           = 0x26
+	PT_CTR                           = 0x23
+	PT_DAR                           = 0x29
+	PT_DSCR                          = 0x2c
+	PT_DSISR                         = 0x2a
+	PT_FPR0                          = 0x30
+	PT_FPSCR                         = 0x50
+	PT_LNK                           = 0x24
+	PT_MSR                           = 0x21
+	PT_NIP                           = 0x20
+	PT_ORIG_R3                       = 0x22
+	PT_R0                            = 0x0
+	PT_R1                            = 0x1
+	PT_R10                           = 0xa
+	PT_R11                           = 0xb
+	PT_R12                           = 0xc
+	PT_R13                           = 0xd
+	PT_R14                           = 0xe
+	PT_R15                           = 0xf
+	PT_R16                           = 0x10
+	PT_R17                           = 0x11
+	PT_R18                           = 0x12
+	PT_R19                           = 0x13
+	PT_R2                            = 0x2
+	PT_R20                           = 0x14
+	PT_R21                           = 0x15
+	PT_R22                           = 0x16
+	PT_R23                           = 0x17
+	PT_R24                           = 0x18
+	PT_R25                           = 0x19
+	PT_R26                           = 0x1a
+	PT_R27                           = 0x1b
+	PT_R28                           = 0x1c
+	PT_R29                           = 0x1d
+	PT_R3                            = 0x3
+	PT_R30                           = 0x1e
+	PT_R31                           = 0x1f
+	PT_R4                            = 0x4
+	PT_R5                            = 0x5
+	PT_R6                            = 0x6
+	PT_R7                            = 0x7
+	PT_R8                            = 0x8
+	PT_R9                            = 0x9
+	PT_REGS_COUNT                    = 0x2c
+	PT_RESULT                        = 0x2b
+	PT_SOFTE                         = 0x27
+	PT_TRAP                          = 0x28
+	PT_VR0                           = 0x52
+	PT_VRSAVE                        = 0x94
+	PT_VSCR                          = 0x93
+	PT_VSR0                          = 0x96
+	PT_VSR31                         = 0xd4
+	PT_XER                           = 0x25
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x4004667f
+	SIOCOUTQ                         = 0x40047473
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x14
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x15
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x10
+	SO_RCVTIMEO                      = 0x12
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x12
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x11
+	SO_SNDTIMEO                      = 0x13
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x13
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x400
+	TAB2                             = 0x800
+	TAB3                             = 0xc00
+	TABDLY                           = 0xc00
+	TCFLSH                           = 0x2000741f
+	TCGETA                           = 0x40147417
+	TCGETS                           = 0x402c7413
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x2000741d
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x80147418
+	TCSETAF                          = 0x8014741c
+	TCSETAW                          = 0x80147419
+	TCSETS                           = 0x802c7414
+	TCSETSF                          = 0x802c7416
+	TCSETSW                          = 0x802c7415
+	TCXONC                           = 0x2000741e
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x40045432
+	TIOCGETC                         = 0x40067412
+	TIOCGETD                         = 0x5424
+	TIOCGETP                         = 0x40067408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGLTC                         = 0x40067474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x4004667f
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_LOOP                       = 0x8000
+	TIOCM_OUT1                       = 0x2000
+	TIOCM_OUT2                       = 0x4000
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x40047473
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETC                         = 0x80067411
+	TIOCSETD                         = 0x5423
+	TIOCSETN                         = 0x8006740a
+	TIOCSETP                         = 0x80067409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSLTC                         = 0x80067475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTART                        = 0x2000746e
+	TIOCSTI                          = 0x5412
+	TIOCSTOP                         = 0x2000746f
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x400000
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0x10
+	VEOF                             = 0x4
+	VEOL                             = 0x6
+	VEOL2                            = 0x8
+	VMIN                             = 0x5
+	VREPRINT                         = 0xb
+	VSTART                           = 0xd
+	VSTOP                            = 0xe
+	VSUSP                            = 0xc
+	VSWTC                            = 0x9
+	VT1                              = 0x10000
+	VTDLY                            = 0x10000
+	VTIME                            = 0x7
+	VWERASE                          = 0xa
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4000
+	XTABS                            = 0xc00
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x62)
 	EADDRNOTAVAIL   = syscall.Errno(0x63)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x61)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x72)
 	EBADE           = syscall.Errno(0x34)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x4d)
 	EBADMSG         = syscall.Errno(0x4a)
 	EBADR           = syscall.Errno(0x35)
 	EBADRQC         = syscall.Errno(0x38)
 	EBADSLT         = syscall.Errno(0x39)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x7d)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x2c)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x67)
@@ -2336,23 +600,15 @@ const (
 	EDEADLK         = syscall.Errno(0x23)
 	EDEADLOCK       = syscall.Errno(0x3a)
 	EDESTADDRREQ    = syscall.Errno(0x59)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x7a)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x70)
 	EHOSTUNREACH    = syscall.Errno(0x71)
 	EHWPOISON       = syscall.Errno(0x85)
 	EIDRM           = syscall.Errno(0x2b)
 	EILSEQ          = syscall.Errno(0x54)
 	EINPROGRESS     = syscall.Errno(0x73)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x6a)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x78)
 	EKEYEXPIRED     = syscall.Errno(0x7f)
 	EKEYREJECTED    = syscall.Errno(0x81)
@@ -2369,8 +625,6 @@ const (
 	ELNRNG          = syscall.Errno(0x30)
 	ELOOP           = syscall.Errno(0x28)
 	EMEDIUMTYPE     = syscall.Errno(0x7c)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x5a)
 	EMULTIHOP       = syscall.Errno(0x48)
 	ENAMETOOLONG    = syscall.Errno(0x24)
@@ -2378,99 +632,67 @@ const (
 	ENETDOWN        = syscall.Errno(0x64)
 	ENETRESET       = syscall.Errno(0x66)
 	ENETUNREACH     = syscall.Errno(0x65)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x37)
 	ENOBUFS         = syscall.Errno(0x69)
 	ENOCSI          = syscall.Errno(0x32)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0x7e)
 	ENOLCK          = syscall.Errno(0x25)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x7b)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x2a)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x5c)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x26)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x6b)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x27)
 	ENOTNAM         = syscall.Errno(0x76)
 	ENOTRECOVERABLE = syscall.Errno(0x83)
 	ENOTSOCK        = syscall.Errno(0x58)
 	ENOTSUP         = syscall.Errno(0x5f)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x4c)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x5f)
 	EOVERFLOW       = syscall.Errno(0x4b)
 	EOWNERDEAD      = syscall.Errno(0x82)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x60)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x5d)
 	EPROTOTYPE      = syscall.Errno(0x5b)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x4e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x79)
 	ERESTART        = syscall.Errno(0x55)
 	ERFKILL         = syscall.Errno(0x84)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x6c)
 	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x74)
 	ESTRPIPE        = syscall.Errno(0x56)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x6e)
 	ETOOMANYREFS    = syscall.Errno(0x6d)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x75)
 	EUNATCH         = syscall.Errno(0x31)
 	EUSERS          = syscall.Errno(0x57)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x36)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0x7)
 	SIGCHLD   = syscall.Signal(0x11)
 	SIGCLD    = syscall.Signal(0x11)
 	SIGCONT   = syscall.Signal(0x12)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x1d)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x1d)
 	SIGPROF   = syscall.Signal(0x1b)
 	SIGPWR    = syscall.Signal(0x1e)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTKFLT = syscall.Signal(0x10)
 	SIGSTOP   = syscall.Signal(0x13)
 	SIGSYS    = syscall.Signal(0x1f)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x14)
 	SIGTTIN   = syscall.Signal(0x15)
 	SIGTTOU   = syscall.Signal(0x16)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
new file mode 100644
index 0000000000000..9b05bf12fc34a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -0,0 +1,809 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build riscv64 && linux
+// +build riscv64,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80081270
+	BLKBSZSET                        = 0x40081271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x81484d11
+	ECCGETSTATS                      = 0x80104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0x5
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x80084803
+	HIDIOCGRDESC                     = 0x90044802
+	HIDIOCGRDESCSIZE                 = 0x80044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x40084d02
+	MEMERASE64                       = 0x40104d14
+	MEMGETBADBLOCK                   = 0x40084d0b
+	MEMGETINFO                       = 0x80204d01
+	MEMGETOOBSEL                     = 0x80c84d0a
+	MEMGETREGIONCOUNT                = 0x80044d07
+	MEMISLOCKED                      = 0x80084d17
+	MEMLOCK                          = 0x40084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x40084d0c
+	MEMUNLOCK                        = 0x40084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x4d13
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x400c4d19
+	OTPGETREGIONCOUNT                = 0x40044d0e
+	OTPGETREGIONINFO                 = 0x400c4d0f
+	OTPLOCK                          = 0x800c4d10
+	OTPSELECT                        = 0x80044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x4000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCBRIDGECHAN                 = 0x40047435
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8010743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40107446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x4010744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40107447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCUNBRIDGECHAN               = 0x7434
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8008700d
+	RTC_EPOCH_SET                    = 0x4008700e
+	RTC_IRQP_READ                    = 0x8008700b
+	RTC_IRQP_SET                     = 0x4008700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x80207011
+	RTC_PLL_SET                      = 0x40207012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x401054d5
+	TUNDETACHFILTER                  = 0x401054d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x801054db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x80804804
+	_HIDIOCGRAWPHYS                  = 0x80404805
+	_HIDIOCGRAWUNIQ                  = 0x80404808
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x23)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 3814df854935e..bd82ace09a579 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -1,2333 +1,597 @@
 // mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build s390x && linux
 // +build s390x,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AAFS_MAGIC                           = 0x5a3c69f0
-	ADFS_SUPER_MAGIC                     = 0xadf5
-	AFFS_SUPER_MAGIC                     = 0xadff
-	AFS_FS_MAGIC                         = 0x6b414653
-	AFS_SUPER_MAGIC                      = 0x5346414f
-	AF_ALG                               = 0x26
-	AF_APPLETALK                         = 0x5
-	AF_ASH                               = 0x12
-	AF_ATMPVC                            = 0x8
-	AF_ATMSVC                            = 0x14
-	AF_AX25                              = 0x3
-	AF_BLUETOOTH                         = 0x1f
-	AF_BRIDGE                            = 0x7
-	AF_CAIF                              = 0x25
-	AF_CAN                               = 0x1d
-	AF_DECnet                            = 0xc
-	AF_ECONET                            = 0x13
-	AF_FILE                              = 0x1
-	AF_IB                                = 0x1b
-	AF_IEEE802154                        = 0x24
-	AF_INET                              = 0x2
-	AF_INET6                             = 0xa
-	AF_IPX                               = 0x4
-	AF_IRDA                              = 0x17
-	AF_ISDN                              = 0x22
-	AF_IUCV                              = 0x20
-	AF_KCM                               = 0x29
-	AF_KEY                               = 0xf
-	AF_LLC                               = 0x1a
-	AF_LOCAL                             = 0x1
-	AF_MAX                               = 0x2c
-	AF_MPLS                              = 0x1c
-	AF_NETBEUI                           = 0xd
-	AF_NETLINK                           = 0x10
-	AF_NETROM                            = 0x6
-	AF_NFC                               = 0x27
-	AF_PACKET                            = 0x11
-	AF_PHONET                            = 0x23
-	AF_PPPOX                             = 0x18
-	AF_QIPCRTR                           = 0x2a
-	AF_RDS                               = 0x15
-	AF_ROSE                              = 0xb
-	AF_ROUTE                             = 0x10
-	AF_RXRPC                             = 0x21
-	AF_SECURITY                          = 0xe
-	AF_SMC                               = 0x2b
-	AF_SNA                               = 0x16
-	AF_TIPC                              = 0x1e
-	AF_UNIX                              = 0x1
-	AF_UNSPEC                            = 0x0
-	AF_VSOCK                             = 0x28
-	AF_WANPIPE                           = 0x19
-	AF_X25                               = 0x9
-	ALG_OP_DECRYPT                       = 0x0
-	ALG_OP_ENCRYPT                       = 0x1
-	ALG_SET_AEAD_ASSOCLEN                = 0x4
-	ALG_SET_AEAD_AUTHSIZE                = 0x5
-	ALG_SET_IV                           = 0x2
-	ALG_SET_KEY                          = 0x1
-	ALG_SET_OP                           = 0x3
-	ANON_INODE_FS_MAGIC                  = 0x9041934
-	ARPHRD_6LOWPAN                       = 0x339
-	ARPHRD_ADAPT                         = 0x108
-	ARPHRD_APPLETLK                      = 0x8
-	ARPHRD_ARCNET                        = 0x7
-	ARPHRD_ASH                           = 0x30d
-	ARPHRD_ATM                           = 0x13
-	ARPHRD_AX25                          = 0x3
-	ARPHRD_BIF                           = 0x307
-	ARPHRD_CAIF                          = 0x336
-	ARPHRD_CAN                           = 0x118
-	ARPHRD_CHAOS                         = 0x5
-	ARPHRD_CISCO                         = 0x201
-	ARPHRD_CSLIP                         = 0x101
-	ARPHRD_CSLIP6                        = 0x103
-	ARPHRD_DDCMP                         = 0x205
-	ARPHRD_DLCI                          = 0xf
-	ARPHRD_ECONET                        = 0x30e
-	ARPHRD_EETHER                        = 0x2
-	ARPHRD_ETHER                         = 0x1
-	ARPHRD_EUI64                         = 0x1b
-	ARPHRD_FCAL                          = 0x311
-	ARPHRD_FCFABRIC                      = 0x313
-	ARPHRD_FCPL                          = 0x312
-	ARPHRD_FCPP                          = 0x310
-	ARPHRD_FDDI                          = 0x306
-	ARPHRD_FRAD                          = 0x302
-	ARPHRD_HDLC                          = 0x201
-	ARPHRD_HIPPI                         = 0x30c
-	ARPHRD_HWX25                         = 0x110
-	ARPHRD_IEEE1394                      = 0x18
-	ARPHRD_IEEE802                       = 0x6
-	ARPHRD_IEEE80211                     = 0x321
-	ARPHRD_IEEE80211_PRISM               = 0x322
-	ARPHRD_IEEE80211_RADIOTAP            = 0x323
-	ARPHRD_IEEE802154                    = 0x324
-	ARPHRD_IEEE802154_MONITOR            = 0x325
-	ARPHRD_IEEE802_TR                    = 0x320
-	ARPHRD_INFINIBAND                    = 0x20
-	ARPHRD_IP6GRE                        = 0x337
-	ARPHRD_IPDDP                         = 0x309
-	ARPHRD_IPGRE                         = 0x30a
-	ARPHRD_IRDA                          = 0x30f
-	ARPHRD_LAPB                          = 0x204
-	ARPHRD_LOCALTLK                      = 0x305
-	ARPHRD_LOOPBACK                      = 0x304
-	ARPHRD_METRICOM                      = 0x17
-	ARPHRD_NETLINK                       = 0x338
-	ARPHRD_NETROM                        = 0x0
-	ARPHRD_NONE                          = 0xfffe
-	ARPHRD_PHONET                        = 0x334
-	ARPHRD_PHONET_PIPE                   = 0x335
-	ARPHRD_PIMREG                        = 0x30b
-	ARPHRD_PPP                           = 0x200
-	ARPHRD_PRONET                        = 0x4
-	ARPHRD_RAWHDLC                       = 0x206
-	ARPHRD_RAWIP                         = 0x207
-	ARPHRD_ROSE                          = 0x10e
-	ARPHRD_RSRVD                         = 0x104
-	ARPHRD_SIT                           = 0x308
-	ARPHRD_SKIP                          = 0x303
-	ARPHRD_SLIP                          = 0x100
-	ARPHRD_SLIP6                         = 0x102
-	ARPHRD_TUNNEL                        = 0x300
-	ARPHRD_TUNNEL6                       = 0x301
-	ARPHRD_VOID                          = 0xffff
-	ARPHRD_VSOCKMON                      = 0x33a
-	ARPHRD_X25                           = 0x10f
-	AUTOFS_SUPER_MAGIC                   = 0x187
-	B0                                   = 0x0
-	B1000000                             = 0x1008
-	B110                                 = 0x3
-	B115200                              = 0x1002
-	B1152000                             = 0x1009
-	B1200                                = 0x9
-	B134                                 = 0x4
-	B150                                 = 0x5
-	B1500000                             = 0x100a
-	B1800                                = 0xa
-	B19200                               = 0xe
-	B200                                 = 0x6
-	B2000000                             = 0x100b
-	B230400                              = 0x1003
-	B2400                                = 0xb
-	B2500000                             = 0x100c
-	B300                                 = 0x7
-	B3000000                             = 0x100d
-	B3500000                             = 0x100e
-	B38400                               = 0xf
-	B4000000                             = 0x100f
-	B460800                              = 0x1004
-	B4800                                = 0xc
-	B50                                  = 0x1
-	B500000                              = 0x1005
-	B57600                               = 0x1001
-	B576000                              = 0x1006
-	B600                                 = 0x8
-	B75                                  = 0x2
-	B921600                              = 0x1007
-	B9600                                = 0xd
-	BALLOON_KVM_MAGIC                    = 0x13661366
-	BDEVFS_MAGIC                         = 0x62646576
-	BINFMTFS_MAGIC                       = 0x42494e4d
-	BLKBSZGET                            = 0x80081270
-	BLKBSZSET                            = 0x40081271
-	BLKFLSBUF                            = 0x1261
-	BLKFRAGET                            = 0x1265
-	BLKFRASET                            = 0x1264
-	BLKGETSIZE                           = 0x1260
-	BLKGETSIZE64                         = 0x80081272
-	BLKPBSZGET                           = 0x127b
-	BLKRAGET                             = 0x1263
-	BLKRASET                             = 0x1262
-	BLKROGET                             = 0x125e
-	BLKROSET                             = 0x125d
-	BLKRRPART                            = 0x125f
-	BLKSECTGET                           = 0x1267
-	BLKSECTSET                           = 0x1266
-	BLKSSZGET                            = 0x1268
-	BOTHER                               = 0x1000
-	BPF_A                                = 0x10
-	BPF_ABS                              = 0x20
-	BPF_ADD                              = 0x0
-	BPF_ALU                              = 0x4
-	BPF_AND                              = 0x50
-	BPF_B                                = 0x10
-	BPF_DIV                              = 0x30
-	BPF_FS_MAGIC                         = 0xcafe4a11
-	BPF_H                                = 0x8
-	BPF_IMM                              = 0x0
-	BPF_IND                              = 0x40
-	BPF_JA                               = 0x0
-	BPF_JEQ                              = 0x10
-	BPF_JGE                              = 0x30
-	BPF_JGT                              = 0x20
-	BPF_JMP                              = 0x5
-	BPF_JSET                             = 0x40
-	BPF_K                                = 0x0
-	BPF_LD                               = 0x0
-	BPF_LDX                              = 0x1
-	BPF_LEN                              = 0x80
-	BPF_LL_OFF                           = -0x200000
-	BPF_LSH                              = 0x60
-	BPF_MAJOR_VERSION                    = 0x1
-	BPF_MAXINSNS                         = 0x1000
-	BPF_MEM                              = 0x60
-	BPF_MEMWORDS                         = 0x10
-	BPF_MINOR_VERSION                    = 0x1
-	BPF_MISC                             = 0x7
-	BPF_MOD                              = 0x90
-	BPF_MSH                              = 0xa0
-	BPF_MUL                              = 0x20
-	BPF_NEG                              = 0x80
-	BPF_NET_OFF                          = -0x100000
-	BPF_OR                               = 0x40
-	BPF_RET                              = 0x6
-	BPF_RSH                              = 0x70
-	BPF_ST                               = 0x2
-	BPF_STX                              = 0x3
-	BPF_SUB                              = 0x10
-	BPF_TAX                              = 0x0
-	BPF_TXA                              = 0x80
-	BPF_W                                = 0x0
-	BPF_X                                = 0x8
-	BPF_XOR                              = 0xa0
-	BRKINT                               = 0x2
-	BS0                                  = 0x0
-	BS1                                  = 0x2000
-	BSDLY                                = 0x2000
-	BTRFS_SUPER_MAGIC                    = 0x9123683e
-	BTRFS_TEST_MAGIC                     = 0x73727279
-	CAN_BCM                              = 0x2
-	CAN_EFF_FLAG                         = 0x80000000
-	CAN_EFF_ID_BITS                      = 0x1d
-	CAN_EFF_MASK                         = 0x1fffffff
-	CAN_ERR_FLAG                         = 0x20000000
-	CAN_ERR_MASK                         = 0x1fffffff
-	CAN_INV_FILTER                       = 0x20000000
-	CAN_ISOTP                            = 0x6
-	CAN_MAX_DLC                          = 0x8
-	CAN_MAX_DLEN                         = 0x8
-	CAN_MCNET                            = 0x5
-	CAN_MTU                              = 0x10
-	CAN_NPROTO                           = 0x7
-	CAN_RAW                              = 0x1
-	CAN_RAW_FILTER_MAX                   = 0x200
-	CAN_RTR_FLAG                         = 0x40000000
-	CAN_SFF_ID_BITS                      = 0xb
-	CAN_SFF_MASK                         = 0x7ff
-	CAN_TP16                             = 0x3
-	CAN_TP20                             = 0x4
-	CBAUD                                = 0x100f
-	CBAUDEX                              = 0x1000
-	CFLUSH                               = 0xf
-	CGROUP2_SUPER_MAGIC                  = 0x63677270
-	CGROUP_SUPER_MAGIC                   = 0x27e0eb
-	CIBAUD                               = 0x100f0000
-	CLOCAL                               = 0x800
-	CLOCK_BOOTTIME                       = 0x7
-	CLOCK_BOOTTIME_ALARM                 = 0x9
-	CLOCK_DEFAULT                        = 0x0
-	CLOCK_EXT                            = 0x1
-	CLOCK_INT                            = 0x2
-	CLOCK_MONOTONIC                      = 0x1
-	CLOCK_MONOTONIC_COARSE               = 0x6
-	CLOCK_MONOTONIC_RAW                  = 0x4
-	CLOCK_PROCESS_CPUTIME_ID             = 0x2
-	CLOCK_REALTIME                       = 0x0
-	CLOCK_REALTIME_ALARM                 = 0x8
-	CLOCK_REALTIME_COARSE                = 0x5
-	CLOCK_TAI                            = 0xb
-	CLOCK_THREAD_CPUTIME_ID              = 0x3
-	CLOCK_TXFROMRX                       = 0x4
-	CLOCK_TXINT                          = 0x3
-	CLONE_CHILD_CLEARTID                 = 0x200000
-	CLONE_CHILD_SETTID                   = 0x1000000
-	CLONE_DETACHED                       = 0x400000
-	CLONE_FILES                          = 0x400
-	CLONE_FS                             = 0x200
-	CLONE_IO                             = 0x80000000
-	CLONE_NEWCGROUP                      = 0x2000000
-	CLONE_NEWIPC                         = 0x8000000
-	CLONE_NEWNET                         = 0x40000000
-	CLONE_NEWNS                          = 0x20000
-	CLONE_NEWPID                         = 0x20000000
-	CLONE_NEWUSER                        = 0x10000000
-	CLONE_NEWUTS                         = 0x4000000
-	CLONE_PARENT                         = 0x8000
-	CLONE_PARENT_SETTID                  = 0x100000
-	CLONE_PTRACE                         = 0x2000
-	CLONE_SETTLS                         = 0x80000
-	CLONE_SIGHAND                        = 0x800
-	CLONE_SYSVSEM                        = 0x40000
-	CLONE_THREAD                         = 0x10000
-	CLONE_UNTRACED                       = 0x800000
-	CLONE_VFORK                          = 0x4000
-	CLONE_VM                             = 0x100
-	CMSPAR                               = 0x40000000
-	CODA_SUPER_MAGIC                     = 0x73757245
-	CR0                                  = 0x0
-	CR1                                  = 0x200
-	CR2                                  = 0x400
-	CR3                                  = 0x600
-	CRAMFS_MAGIC                         = 0x28cd3d45
-	CRDLY                                = 0x600
-	CREAD                                = 0x80
-	CRTSCTS                              = 0x80000000
-	CS5                                  = 0x0
-	CS6                                  = 0x10
-	CS7                                  = 0x20
-	CS8                                  = 0x30
-	CSIGNAL                              = 0xff
-	CSIZE                                = 0x30
-	CSTART                               = 0x11
-	CSTATUS                              = 0x0
-	CSTOP                                = 0x13
-	CSTOPB                               = 0x40
-	CSUSP                                = 0x1a
-	DAXFS_MAGIC                          = 0x64646178
-	DEBUGFS_MAGIC                        = 0x64626720
-	DEVPTS_SUPER_MAGIC                   = 0x1cd1
-	DT_BLK                               = 0x6
-	DT_CHR                               = 0x2
-	DT_DIR                               = 0x4
-	DT_FIFO                              = 0x1
-	DT_LNK                               = 0xa
-	DT_REG                               = 0x8
-	DT_SOCK                              = 0xc
-	DT_UNKNOWN                           = 0x0
-	DT_WHT                               = 0xe
-	ECHO                                 = 0x8
-	ECHOCTL                              = 0x200
-	ECHOE                                = 0x10
-	ECHOK                                = 0x20
-	ECHOKE                               = 0x800
-	ECHONL                               = 0x40
-	ECHOPRT                              = 0x400
-	ECRYPTFS_SUPER_MAGIC                 = 0xf15f
-	EFD_CLOEXEC                          = 0x80000
-	EFD_NONBLOCK                         = 0x800
-	EFD_SEMAPHORE                        = 0x1
-	EFIVARFS_MAGIC                       = 0xde5e81e4
-	EFS_SUPER_MAGIC                      = 0x414a53
-	ENCODING_DEFAULT                     = 0x0
-	ENCODING_FM_MARK                     = 0x3
-	ENCODING_FM_SPACE                    = 0x4
-	ENCODING_MANCHESTER                  = 0x5
-	ENCODING_NRZ                         = 0x1
-	ENCODING_NRZI                        = 0x2
-	EPOLLERR                             = 0x8
-	EPOLLET                              = 0x80000000
-	EPOLLEXCLUSIVE                       = 0x10000000
-	EPOLLHUP                             = 0x10
-	EPOLLIN                              = 0x1
-	EPOLLMSG                             = 0x400
-	EPOLLONESHOT                         = 0x40000000
-	EPOLLOUT                             = 0x4
-	EPOLLPRI                             = 0x2
-	EPOLLRDBAND                          = 0x80
-	EPOLLRDHUP                           = 0x2000
-	EPOLLRDNORM                          = 0x40
-	EPOLLWAKEUP                          = 0x20000000
-	EPOLLWRBAND                          = 0x200
-	EPOLLWRNORM                          = 0x100
-	EPOLL_CLOEXEC                        = 0x80000
-	EPOLL_CTL_ADD                        = 0x1
-	EPOLL_CTL_DEL                        = 0x2
-	EPOLL_CTL_MOD                        = 0x3
-	ETH_P_1588                           = 0x88f7
-	ETH_P_8021AD                         = 0x88a8
-	ETH_P_8021AH                         = 0x88e7
-	ETH_P_8021Q                          = 0x8100
-	ETH_P_80221                          = 0x8917
-	ETH_P_802_2                          = 0x4
-	ETH_P_802_3                          = 0x1
-	ETH_P_802_3_MIN                      = 0x600
-	ETH_P_802_EX1                        = 0x88b5
-	ETH_P_AARP                           = 0x80f3
-	ETH_P_AF_IUCV                        = 0xfbfb
-	ETH_P_ALL                            = 0x3
-	ETH_P_AOE                            = 0x88a2
-	ETH_P_ARCNET                         = 0x1a
-	ETH_P_ARP                            = 0x806
-	ETH_P_ATALK                          = 0x809b
-	ETH_P_ATMFATE                        = 0x8884
-	ETH_P_ATMMPOA                        = 0x884c
-	ETH_P_AX25                           = 0x2
-	ETH_P_BATMAN                         = 0x4305
-	ETH_P_BPQ                            = 0x8ff
-	ETH_P_CAIF                           = 0xf7
-	ETH_P_CAN                            = 0xc
-	ETH_P_CANFD                          = 0xd
-	ETH_P_CONTROL                        = 0x16
-	ETH_P_CUST                           = 0x6006
-	ETH_P_DDCMP                          = 0x6
-	ETH_P_DEC                            = 0x6000
-	ETH_P_DIAG                           = 0x6005
-	ETH_P_DNA_DL                         = 0x6001
-	ETH_P_DNA_RC                         = 0x6002
-	ETH_P_DNA_RT                         = 0x6003
-	ETH_P_DSA                            = 0x1b
-	ETH_P_ECONET                         = 0x18
-	ETH_P_EDSA                           = 0xdada
-	ETH_P_ERSPAN                         = 0x88be
-	ETH_P_ERSPAN2                        = 0x22eb
-	ETH_P_FCOE                           = 0x8906
-	ETH_P_FIP                            = 0x8914
-	ETH_P_HDLC                           = 0x19
-	ETH_P_HSR                            = 0x892f
-	ETH_P_IBOE                           = 0x8915
-	ETH_P_IEEE802154                     = 0xf6
-	ETH_P_IEEEPUP                        = 0xa00
-	ETH_P_IEEEPUPAT                      = 0xa01
-	ETH_P_IFE                            = 0xed3e
-	ETH_P_IP                             = 0x800
-	ETH_P_IPV6                           = 0x86dd
-	ETH_P_IPX                            = 0x8137
-	ETH_P_IRDA                           = 0x17
-	ETH_P_LAT                            = 0x6004
-	ETH_P_LINK_CTL                       = 0x886c
-	ETH_P_LOCALTALK                      = 0x9
-	ETH_P_LOOP                           = 0x60
-	ETH_P_LOOPBACK                       = 0x9000
-	ETH_P_MACSEC                         = 0x88e5
-	ETH_P_MAP                            = 0xf9
-	ETH_P_MOBITEX                        = 0x15
-	ETH_P_MPLS_MC                        = 0x8848
-	ETH_P_MPLS_UC                        = 0x8847
-	ETH_P_MVRP                           = 0x88f5
-	ETH_P_NCSI                           = 0x88f8
-	ETH_P_NSH                            = 0x894f
-	ETH_P_PAE                            = 0x888e
-	ETH_P_PAUSE                          = 0x8808
-	ETH_P_PHONET                         = 0xf5
-	ETH_P_PPPTALK                        = 0x10
-	ETH_P_PPP_DISC                       = 0x8863
-	ETH_P_PPP_MP                         = 0x8
-	ETH_P_PPP_SES                        = 0x8864
-	ETH_P_PREAUTH                        = 0x88c7
-	ETH_P_PRP                            = 0x88fb
-	ETH_P_PUP                            = 0x200
-	ETH_P_PUPAT                          = 0x201
-	ETH_P_QINQ1                          = 0x9100
-	ETH_P_QINQ2                          = 0x9200
-	ETH_P_QINQ3                          = 0x9300
-	ETH_P_RARP                           = 0x8035
-	ETH_P_SCA                            = 0x6007
-	ETH_P_SLOW                           = 0x8809
-	ETH_P_SNAP                           = 0x5
-	ETH_P_TDLS                           = 0x890d
-	ETH_P_TEB                            = 0x6558
-	ETH_P_TIPC                           = 0x88ca
-	ETH_P_TRAILER                        = 0x1c
-	ETH_P_TR_802_2                       = 0x11
-	ETH_P_TSN                            = 0x22f0
-	ETH_P_WAN_PPP                        = 0x7
-	ETH_P_WCCP                           = 0x883e
-	ETH_P_X25                            = 0x805
-	ETH_P_XDSA                           = 0xf8
-	EXABYTE_ENABLE_NEST                  = 0xf0
-	EXT2_SUPER_MAGIC                     = 0xef53
-	EXT3_SUPER_MAGIC                     = 0xef53
-	EXT4_SUPER_MAGIC                     = 0xef53
-	EXTA                                 = 0xe
-	EXTB                                 = 0xf
-	EXTPROC                              = 0x10000
-	F2FS_SUPER_MAGIC                     = 0xf2f52010
-	FALLOC_FL_COLLAPSE_RANGE             = 0x8
-	FALLOC_FL_INSERT_RANGE               = 0x20
-	FALLOC_FL_KEEP_SIZE                  = 0x1
-	FALLOC_FL_NO_HIDE_STALE              = 0x4
-	FALLOC_FL_PUNCH_HOLE                 = 0x2
-	FALLOC_FL_UNSHARE_RANGE              = 0x40
-	FALLOC_FL_ZERO_RANGE                 = 0x10
-	FD_CLOEXEC                           = 0x1
-	FD_SETSIZE                           = 0x400
-	FF0                                  = 0x0
-	FF1                                  = 0x8000
-	FFDLY                                = 0x8000
-	FLUSHO                               = 0x1000
-	FS_ENCRYPTION_MODE_AES_128_CBC       = 0x5
-	FS_ENCRYPTION_MODE_AES_128_CTS       = 0x6
-	FS_ENCRYPTION_MODE_AES_256_CBC       = 0x3
-	FS_ENCRYPTION_MODE_AES_256_CTS       = 0x4
-	FS_ENCRYPTION_MODE_AES_256_GCM       = 0x2
-	FS_ENCRYPTION_MODE_AES_256_XTS       = 0x1
-	FS_ENCRYPTION_MODE_INVALID           = 0x0
-	FS_IOC_GET_ENCRYPTION_POLICY         = 0x400c6615
-	FS_IOC_GET_ENCRYPTION_PWSALT         = 0x40106614
-	FS_IOC_SET_ENCRYPTION_POLICY         = 0x800c6613
-	FS_KEY_DESCRIPTOR_SIZE               = 0x8
-	FS_KEY_DESC_PREFIX                   = "fscrypt:"
-	FS_KEY_DESC_PREFIX_SIZE              = 0x8
-	FS_MAX_KEY_SIZE                      = 0x40
-	FS_POLICY_FLAGS_PAD_16               = 0x2
-	FS_POLICY_FLAGS_PAD_32               = 0x3
-	FS_POLICY_FLAGS_PAD_4                = 0x0
-	FS_POLICY_FLAGS_PAD_8                = 0x1
-	FS_POLICY_FLAGS_PAD_MASK             = 0x3
-	FS_POLICY_FLAGS_VALID                = 0x3
-	FUTEXFS_SUPER_MAGIC                  = 0xbad1dea
-	F_ADD_SEALS                          = 0x409
-	F_DUPFD                              = 0x0
-	F_DUPFD_CLOEXEC                      = 0x406
-	F_EXLCK                              = 0x4
-	F_GETFD                              = 0x1
-	F_GETFL                              = 0x3
-	F_GETLEASE                           = 0x401
-	F_GETLK                              = 0x5
-	F_GETLK64                            = 0x5
-	F_GETOWN                             = 0x9
-	F_GETOWN_EX                          = 0x10
-	F_GETPIPE_SZ                         = 0x408
-	F_GETSIG                             = 0xb
-	F_GET_FILE_RW_HINT                   = 0x40d
-	F_GET_RW_HINT                        = 0x40b
-	F_GET_SEALS                          = 0x40a
-	F_LOCK                               = 0x1
-	F_NOTIFY                             = 0x402
-	F_OFD_GETLK                          = 0x24
-	F_OFD_SETLK                          = 0x25
-	F_OFD_SETLKW                         = 0x26
-	F_OK                                 = 0x0
-	F_RDLCK                              = 0x0
-	F_SEAL_GROW                          = 0x4
-	F_SEAL_SEAL                          = 0x1
-	F_SEAL_SHRINK                        = 0x2
-	F_SEAL_WRITE                         = 0x8
-	F_SETFD                              = 0x2
-	F_SETFL                              = 0x4
-	F_SETLEASE                           = 0x400
-	F_SETLK                              = 0x6
-	F_SETLK64                            = 0x6
-	F_SETLKW                             = 0x7
-	F_SETLKW64                           = 0x7
-	F_SETOWN                             = 0x8
-	F_SETOWN_EX                          = 0xf
-	F_SETPIPE_SZ                         = 0x407
-	F_SETSIG                             = 0xa
-	F_SET_FILE_RW_HINT                   = 0x40e
-	F_SET_RW_HINT                        = 0x40c
-	F_SHLCK                              = 0x8
-	F_TEST                               = 0x3
-	F_TLOCK                              = 0x2
-	F_ULOCK                              = 0x0
-	F_UNLCK                              = 0x2
-	F_WRLCK                              = 0x1
-	GENL_ADMIN_PERM                      = 0x1
-	GENL_CMD_CAP_DO                      = 0x2
-	GENL_CMD_CAP_DUMP                    = 0x4
-	GENL_CMD_CAP_HASPOL                  = 0x8
-	GENL_HDRLEN                          = 0x4
-	GENL_ID_CTRL                         = 0x10
-	GENL_ID_PMCRAID                      = 0x12
-	GENL_ID_VFS_DQUOT                    = 0x11
-	GENL_MAX_ID                          = 0x3ff
-	GENL_MIN_ID                          = 0x10
-	GENL_NAMSIZ                          = 0x10
-	GENL_START_ALLOC                     = 0x13
-	GENL_UNS_ADMIN_PERM                  = 0x10
-	GRND_NONBLOCK                        = 0x1
-	GRND_RANDOM                          = 0x2
-	HDIO_DRIVE_CMD                       = 0x31f
-	HDIO_DRIVE_CMD_AEB                   = 0x31e
-	HDIO_DRIVE_CMD_HDR_SIZE              = 0x4
-	HDIO_DRIVE_HOB_HDR_SIZE              = 0x8
-	HDIO_DRIVE_RESET                     = 0x31c
-	HDIO_DRIVE_TASK                      = 0x31e
-	HDIO_DRIVE_TASKFILE                  = 0x31d
-	HDIO_DRIVE_TASK_HDR_SIZE             = 0x8
-	HDIO_GETGEO                          = 0x301
-	HDIO_GET_32BIT                       = 0x309
-	HDIO_GET_ACOUSTIC                    = 0x30f
-	HDIO_GET_ADDRESS                     = 0x310
-	HDIO_GET_BUSSTATE                    = 0x31a
-	HDIO_GET_DMA                         = 0x30b
-	HDIO_GET_IDENTITY                    = 0x30d
-	HDIO_GET_KEEPSETTINGS                = 0x308
-	HDIO_GET_MULTCOUNT                   = 0x304
-	HDIO_GET_NICE                        = 0x30c
-	HDIO_GET_NOWERR                      = 0x30a
-	HDIO_GET_QDMA                        = 0x305
-	HDIO_GET_UNMASKINTR                  = 0x302
-	HDIO_GET_WCACHE                      = 0x30e
-	HDIO_OBSOLETE_IDENTITY               = 0x307
-	HDIO_SCAN_HWIF                       = 0x328
-	HDIO_SET_32BIT                       = 0x324
-	HDIO_SET_ACOUSTIC                    = 0x32c
-	HDIO_SET_ADDRESS                     = 0x32f
-	HDIO_SET_BUSSTATE                    = 0x32d
-	HDIO_SET_DMA                         = 0x326
-	HDIO_SET_KEEPSETTINGS                = 0x323
-	HDIO_SET_MULTCOUNT                   = 0x321
-	HDIO_SET_NICE                        = 0x329
-	HDIO_SET_NOWERR                      = 0x325
-	HDIO_SET_PIO_MODE                    = 0x327
-	HDIO_SET_QDMA                        = 0x32e
-	HDIO_SET_UNMASKINTR                  = 0x322
-	HDIO_SET_WCACHE                      = 0x32b
-	HDIO_SET_XFER                        = 0x306
-	HDIO_TRISTATE_HWIF                   = 0x31b
-	HDIO_UNREGISTER_HWIF                 = 0x32a
-	HOSTFS_SUPER_MAGIC                   = 0xc0ffee
-	HPFS_SUPER_MAGIC                     = 0xf995e849
-	HUGETLBFS_MAGIC                      = 0x958458f6
-	HUPCL                                = 0x400
-	IBSHIFT                              = 0x10
-	ICANON                               = 0x2
-	ICMPV6_FILTER                        = 0x1
-	ICRNL                                = 0x100
-	IEXTEN                               = 0x8000
-	IFA_F_DADFAILED                      = 0x8
-	IFA_F_DEPRECATED                     = 0x20
-	IFA_F_HOMEADDRESS                    = 0x10
-	IFA_F_MANAGETEMPADDR                 = 0x100
-	IFA_F_MCAUTOJOIN                     = 0x400
-	IFA_F_NODAD                          = 0x2
-	IFA_F_NOPREFIXROUTE                  = 0x200
-	IFA_F_OPTIMISTIC                     = 0x4
-	IFA_F_PERMANENT                      = 0x80
-	IFA_F_SECONDARY                      = 0x1
-	IFA_F_STABLE_PRIVACY                 = 0x800
-	IFA_F_TEMPORARY                      = 0x1
-	IFA_F_TENTATIVE                      = 0x40
-	IFA_MAX                              = 0x8
-	IFF_ALLMULTI                         = 0x200
-	IFF_ATTACH_QUEUE                     = 0x200
-	IFF_AUTOMEDIA                        = 0x4000
-	IFF_BROADCAST                        = 0x2
-	IFF_DEBUG                            = 0x4
-	IFF_DETACH_QUEUE                     = 0x400
-	IFF_DORMANT                          = 0x20000
-	IFF_DYNAMIC                          = 0x8000
-	IFF_ECHO                             = 0x40000
-	IFF_LOOPBACK                         = 0x8
-	IFF_LOWER_UP                         = 0x10000
-	IFF_MASTER                           = 0x400
-	IFF_MULTICAST                        = 0x1000
-	IFF_MULTI_QUEUE                      = 0x100
-	IFF_NAPI                             = 0x10
-	IFF_NAPI_FRAGS                       = 0x20
-	IFF_NOARP                            = 0x80
-	IFF_NOFILTER                         = 0x1000
-	IFF_NOTRAILERS                       = 0x20
-	IFF_NO_PI                            = 0x1000
-	IFF_ONE_QUEUE                        = 0x2000
-	IFF_PERSIST                          = 0x800
-	IFF_POINTOPOINT                      = 0x10
-	IFF_PORTSEL                          = 0x2000
-	IFF_PROMISC                          = 0x100
-	IFF_RUNNING                          = 0x40
-	IFF_SLAVE                            = 0x800
-	IFF_TAP                              = 0x2
-	IFF_TUN                              = 0x1
-	IFF_TUN_EXCL                         = 0x8000
-	IFF_UP                               = 0x1
-	IFF_VNET_HDR                         = 0x4000
-	IFF_VOLATILE                         = 0x70c5a
-	IFNAMSIZ                             = 0x10
-	IGNBRK                               = 0x1
-	IGNCR                                = 0x80
-	IGNPAR                               = 0x4
-	IMAXBEL                              = 0x2000
-	INLCR                                = 0x40
-	INPCK                                = 0x10
-	IN_ACCESS                            = 0x1
-	IN_ALL_EVENTS                        = 0xfff
-	IN_ATTRIB                            = 0x4
-	IN_CLASSA_HOST                       = 0xffffff
-	IN_CLASSA_MAX                        = 0x80
-	IN_CLASSA_NET                        = 0xff000000
-	IN_CLASSA_NSHIFT                     = 0x18
-	IN_CLASSB_HOST                       = 0xffff
-	IN_CLASSB_MAX                        = 0x10000
-	IN_CLASSB_NET                        = 0xffff0000
-	IN_CLASSB_NSHIFT                     = 0x10
-	IN_CLASSC_HOST                       = 0xff
-	IN_CLASSC_NET                        = 0xffffff00
-	IN_CLASSC_NSHIFT                     = 0x8
-	IN_CLOEXEC                           = 0x80000
-	IN_CLOSE                             = 0x18
-	IN_CLOSE_NOWRITE                     = 0x10
-	IN_CLOSE_WRITE                       = 0x8
-	IN_CREATE                            = 0x100
-	IN_DELETE                            = 0x200
-	IN_DELETE_SELF                       = 0x400
-	IN_DONT_FOLLOW                       = 0x2000000
-	IN_EXCL_UNLINK                       = 0x4000000
-	IN_IGNORED                           = 0x8000
-	IN_ISDIR                             = 0x40000000
-	IN_LOOPBACKNET                       = 0x7f
-	IN_MASK_ADD                          = 0x20000000
-	IN_MODIFY                            = 0x2
-	IN_MOVE                              = 0xc0
-	IN_MOVED_FROM                        = 0x40
-	IN_MOVED_TO                          = 0x80
-	IN_MOVE_SELF                         = 0x800
-	IN_NONBLOCK                          = 0x800
-	IN_ONESHOT                           = 0x80000000
-	IN_ONLYDIR                           = 0x1000000
-	IN_OPEN                              = 0x20
-	IN_Q_OVERFLOW                        = 0x4000
-	IN_UNMOUNT                           = 0x2000
-	IOCTL_VM_SOCKETS_GET_LOCAL_CID       = 0x7b9
-	IPPROTO_AH                           = 0x33
-	IPPROTO_BEETPH                       = 0x5e
-	IPPROTO_COMP                         = 0x6c
-	IPPROTO_DCCP                         = 0x21
-	IPPROTO_DSTOPTS                      = 0x3c
-	IPPROTO_EGP                          = 0x8
-	IPPROTO_ENCAP                        = 0x62
-	IPPROTO_ESP                          = 0x32
-	IPPROTO_FRAGMENT                     = 0x2c
-	IPPROTO_GRE                          = 0x2f
-	IPPROTO_HOPOPTS                      = 0x0
-	IPPROTO_ICMP                         = 0x1
-	IPPROTO_ICMPV6                       = 0x3a
-	IPPROTO_IDP                          = 0x16
-	IPPROTO_IGMP                         = 0x2
-	IPPROTO_IP                           = 0x0
-	IPPROTO_IPIP                         = 0x4
-	IPPROTO_IPV6                         = 0x29
-	IPPROTO_MH                           = 0x87
-	IPPROTO_MPLS                         = 0x89
-	IPPROTO_MTP                          = 0x5c
-	IPPROTO_NONE                         = 0x3b
-	IPPROTO_PIM                          = 0x67
-	IPPROTO_PUP                          = 0xc
-	IPPROTO_RAW                          = 0xff
-	IPPROTO_ROUTING                      = 0x2b
-	IPPROTO_RSVP                         = 0x2e
-	IPPROTO_SCTP                         = 0x84
-	IPPROTO_TCP                          = 0x6
-	IPPROTO_TP                           = 0x1d
-	IPPROTO_UDP                          = 0x11
-	IPPROTO_UDPLITE                      = 0x88
-	IPV6_2292DSTOPTS                     = 0x4
-	IPV6_2292HOPLIMIT                    = 0x8
-	IPV6_2292HOPOPTS                     = 0x3
-	IPV6_2292PKTINFO                     = 0x2
-	IPV6_2292PKTOPTIONS                  = 0x6
-	IPV6_2292RTHDR                       = 0x5
-	IPV6_ADDRFORM                        = 0x1
-	IPV6_ADDR_PREFERENCES                = 0x48
-	IPV6_ADD_MEMBERSHIP                  = 0x14
-	IPV6_AUTHHDR                         = 0xa
-	IPV6_AUTOFLOWLABEL                   = 0x46
-	IPV6_CHECKSUM                        = 0x7
-	IPV6_DONTFRAG                        = 0x3e
-	IPV6_DROP_MEMBERSHIP                 = 0x15
-	IPV6_DSTOPTS                         = 0x3b
-	IPV6_HDRINCL                         = 0x24
-	IPV6_HOPLIMIT                        = 0x34
-	IPV6_HOPOPTS                         = 0x36
-	IPV6_IPSEC_POLICY                    = 0x22
-	IPV6_JOIN_ANYCAST                    = 0x1b
-	IPV6_JOIN_GROUP                      = 0x14
-	IPV6_LEAVE_ANYCAST                   = 0x1c
-	IPV6_LEAVE_GROUP                     = 0x15
-	IPV6_MINHOPCOUNT                     = 0x49
-	IPV6_MTU                             = 0x18
-	IPV6_MTU_DISCOVER                    = 0x17
-	IPV6_MULTICAST_HOPS                  = 0x12
-	IPV6_MULTICAST_IF                    = 0x11
-	IPV6_MULTICAST_LOOP                  = 0x13
-	IPV6_NEXTHOP                         = 0x9
-	IPV6_ORIGDSTADDR                     = 0x4a
-	IPV6_PATHMTU                         = 0x3d
-	IPV6_PKTINFO                         = 0x32
-	IPV6_PMTUDISC_DO                     = 0x2
-	IPV6_PMTUDISC_DONT                   = 0x0
-	IPV6_PMTUDISC_INTERFACE              = 0x4
-	IPV6_PMTUDISC_OMIT                   = 0x5
-	IPV6_PMTUDISC_PROBE                  = 0x3
-	IPV6_PMTUDISC_WANT                   = 0x1
-	IPV6_RECVDSTOPTS                     = 0x3a
-	IPV6_RECVERR                         = 0x19
-	IPV6_RECVFRAGSIZE                    = 0x4d
-	IPV6_RECVHOPLIMIT                    = 0x33
-	IPV6_RECVHOPOPTS                     = 0x35
-	IPV6_RECVORIGDSTADDR                 = 0x4a
-	IPV6_RECVPATHMTU                     = 0x3c
-	IPV6_RECVPKTINFO                     = 0x31
-	IPV6_RECVRTHDR                       = 0x38
-	IPV6_RECVTCLASS                      = 0x42
-	IPV6_ROUTER_ALERT                    = 0x16
-	IPV6_RTHDR                           = 0x39
-	IPV6_RTHDRDSTOPTS                    = 0x37
-	IPV6_RTHDR_LOOSE                     = 0x0
-	IPV6_RTHDR_STRICT                    = 0x1
-	IPV6_RTHDR_TYPE_0                    = 0x0
-	IPV6_RXDSTOPTS                       = 0x3b
-	IPV6_RXHOPOPTS                       = 0x36
-	IPV6_TCLASS                          = 0x43
-	IPV6_TRANSPARENT                     = 0x4b
-	IPV6_UNICAST_HOPS                    = 0x10
-	IPV6_UNICAST_IF                      = 0x4c
-	IPV6_V6ONLY                          = 0x1a
-	IPV6_XFRM_POLICY                     = 0x23
-	IP_ADD_MEMBERSHIP                    = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP             = 0x27
-	IP_BIND_ADDRESS_NO_PORT              = 0x18
-	IP_BLOCK_SOURCE                      = 0x26
-	IP_CHECKSUM                          = 0x17
-	IP_DEFAULT_MULTICAST_LOOP            = 0x1
-	IP_DEFAULT_MULTICAST_TTL             = 0x1
-	IP_DF                                = 0x4000
-	IP_DROP_MEMBERSHIP                   = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP            = 0x28
-	IP_FREEBIND                          = 0xf
-	IP_HDRINCL                           = 0x3
-	IP_IPSEC_POLICY                      = 0x10
-	IP_MAXPACKET                         = 0xffff
-	IP_MAX_MEMBERSHIPS                   = 0x14
-	IP_MF                                = 0x2000
-	IP_MINTTL                            = 0x15
-	IP_MSFILTER                          = 0x29
-	IP_MSS                               = 0x240
-	IP_MTU                               = 0xe
-	IP_MTU_DISCOVER                      = 0xa
-	IP_MULTICAST_ALL                     = 0x31
-	IP_MULTICAST_IF                      = 0x20
-	IP_MULTICAST_LOOP                    = 0x22
-	IP_MULTICAST_TTL                     = 0x21
-	IP_NODEFRAG                          = 0x16
-	IP_OFFMASK                           = 0x1fff
-	IP_OPTIONS                           = 0x4
-	IP_ORIGDSTADDR                       = 0x14
-	IP_PASSSEC                           = 0x12
-	IP_PKTINFO                           = 0x8
-	IP_PKTOPTIONS                        = 0x9
-	IP_PMTUDISC                          = 0xa
-	IP_PMTUDISC_DO                       = 0x2
-	IP_PMTUDISC_DONT                     = 0x0
-	IP_PMTUDISC_INTERFACE                = 0x4
-	IP_PMTUDISC_OMIT                     = 0x5
-	IP_PMTUDISC_PROBE                    = 0x3
-	IP_PMTUDISC_WANT                     = 0x1
-	IP_RECVERR                           = 0xb
-	IP_RECVFRAGSIZE                      = 0x19
-	IP_RECVOPTS                          = 0x6
-	IP_RECVORIGDSTADDR                   = 0x14
-	IP_RECVRETOPTS                       = 0x7
-	IP_RECVTOS                           = 0xd
-	IP_RECVTTL                           = 0xc
-	IP_RETOPTS                           = 0x7
-	IP_RF                                = 0x8000
-	IP_ROUTER_ALERT                      = 0x5
-	IP_TOS                               = 0x1
-	IP_TRANSPARENT                       = 0x13
-	IP_TTL                               = 0x2
-	IP_UNBLOCK_SOURCE                    = 0x25
-	IP_UNICAST_IF                        = 0x32
-	IP_XFRM_POLICY                       = 0x11
-	ISIG                                 = 0x1
-	ISOFS_SUPER_MAGIC                    = 0x9660
-	ISTRIP                               = 0x20
-	IUCLC                                = 0x200
-	IUTF8                                = 0x4000
-	IXANY                                = 0x800
-	IXOFF                                = 0x1000
-	IXON                                 = 0x400
-	JFFS2_SUPER_MAGIC                    = 0x72b6
-	KEYCTL_ASSUME_AUTHORITY              = 0x10
-	KEYCTL_CHOWN                         = 0x4
-	KEYCTL_CLEAR                         = 0x7
-	KEYCTL_DESCRIBE                      = 0x6
-	KEYCTL_DH_COMPUTE                    = 0x17
-	KEYCTL_GET_KEYRING_ID                = 0x0
-	KEYCTL_GET_PERSISTENT                = 0x16
-	KEYCTL_GET_SECURITY                  = 0x11
-	KEYCTL_INSTANTIATE                   = 0xc
-	KEYCTL_INSTANTIATE_IOV               = 0x14
-	KEYCTL_INVALIDATE                    = 0x15
-	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
-	KEYCTL_LINK                          = 0x8
-	KEYCTL_NEGATE                        = 0xd
-	KEYCTL_READ                          = 0xb
-	KEYCTL_REJECT                        = 0x13
-	KEYCTL_RESTRICT_KEYRING              = 0x1d
-	KEYCTL_REVOKE                        = 0x3
-	KEYCTL_SEARCH                        = 0xa
-	KEYCTL_SESSION_TO_PARENT             = 0x12
-	KEYCTL_SETPERM                       = 0x5
-	KEYCTL_SET_REQKEY_KEYRING            = 0xe
-	KEYCTL_SET_TIMEOUT                   = 0xf
-	KEYCTL_UNLINK                        = 0x9
-	KEYCTL_UPDATE                        = 0x2
-	KEY_REQKEY_DEFL_DEFAULT              = 0x0
-	KEY_REQKEY_DEFL_GROUP_KEYRING        = 0x6
-	KEY_REQKEY_DEFL_NO_CHANGE            = -0x1
-	KEY_REQKEY_DEFL_PROCESS_KEYRING      = 0x2
-	KEY_REQKEY_DEFL_REQUESTOR_KEYRING    = 0x7
-	KEY_REQKEY_DEFL_SESSION_KEYRING      = 0x3
-	KEY_REQKEY_DEFL_THREAD_KEYRING       = 0x1
-	KEY_REQKEY_DEFL_USER_KEYRING         = 0x4
-	KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5
-	KEY_SPEC_GROUP_KEYRING               = -0x6
-	KEY_SPEC_PROCESS_KEYRING             = -0x2
-	KEY_SPEC_REQKEY_AUTH_KEY             = -0x7
-	KEY_SPEC_REQUESTOR_KEYRING           = -0x8
-	KEY_SPEC_SESSION_KEYRING             = -0x3
-	KEY_SPEC_THREAD_KEYRING              = -0x1
-	KEY_SPEC_USER_KEYRING                = -0x4
-	KEY_SPEC_USER_SESSION_KEYRING        = -0x5
-	LINUX_REBOOT_CMD_CAD_OFF             = 0x0
-	LINUX_REBOOT_CMD_CAD_ON              = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT                = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC               = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF           = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART             = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2            = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND          = 0xd000fce2
-	LINUX_REBOOT_MAGIC1                  = 0xfee1dead
-	LINUX_REBOOT_MAGIC2                  = 0x28121969
-	LOCK_EX                              = 0x2
-	LOCK_NB                              = 0x4
-	LOCK_SH                              = 0x1
-	LOCK_UN                              = 0x8
-	MADV_DODUMP                          = 0x11
-	MADV_DOFORK                          = 0xb
-	MADV_DONTDUMP                        = 0x10
-	MADV_DONTFORK                        = 0xa
-	MADV_DONTNEED                        = 0x4
-	MADV_FREE                            = 0x8
-	MADV_HUGEPAGE                        = 0xe
-	MADV_HWPOISON                        = 0x64
-	MADV_KEEPONFORK                      = 0x13
-	MADV_MERGEABLE                       = 0xc
-	MADV_NOHUGEPAGE                      = 0xf
-	MADV_NORMAL                          = 0x0
-	MADV_RANDOM                          = 0x1
-	MADV_REMOVE                          = 0x9
-	MADV_SEQUENTIAL                      = 0x2
-	MADV_UNMERGEABLE                     = 0xd
-	MADV_WILLNEED                        = 0x3
-	MADV_WIPEONFORK                      = 0x12
-	MAP_ANON                             = 0x20
-	MAP_ANONYMOUS                        = 0x20
-	MAP_DENYWRITE                        = 0x800
-	MAP_EXECUTABLE                       = 0x1000
-	MAP_FILE                             = 0x0
-	MAP_FIXED                            = 0x10
-	MAP_GROWSDOWN                        = 0x100
-	MAP_HUGETLB                          = 0x40000
-	MAP_HUGE_MASK                        = 0x3f
-	MAP_HUGE_SHIFT                       = 0x1a
-	MAP_LOCKED                           = 0x2000
-	MAP_NONBLOCK                         = 0x10000
-	MAP_NORESERVE                        = 0x4000
-	MAP_POPULATE                         = 0x8000
-	MAP_PRIVATE                          = 0x2
-	MAP_SHARED                           = 0x1
-	MAP_STACK                            = 0x20000
-	MAP_TYPE                             = 0xf
-	MCL_CURRENT                          = 0x1
-	MCL_FUTURE                           = 0x2
-	MCL_ONFAULT                          = 0x4
-	MINIX2_SUPER_MAGIC                   = 0x2468
-	MINIX2_SUPER_MAGIC2                  = 0x2478
-	MINIX3_SUPER_MAGIC                   = 0x4d5a
-	MINIX_SUPER_MAGIC                    = 0x137f
-	MINIX_SUPER_MAGIC2                   = 0x138f
-	MNT_DETACH                           = 0x2
-	MNT_EXPIRE                           = 0x4
-	MNT_FORCE                            = 0x1
-	MSDOS_SUPER_MAGIC                    = 0x4d44
-	MSG_BATCH                            = 0x40000
-	MSG_CMSG_CLOEXEC                     = 0x40000000
-	MSG_CONFIRM                          = 0x800
-	MSG_CTRUNC                           = 0x8
-	MSG_DONTROUTE                        = 0x4
-	MSG_DONTWAIT                         = 0x40
-	MSG_EOR                              = 0x80
-	MSG_ERRQUEUE                         = 0x2000
-	MSG_FASTOPEN                         = 0x20000000
-	MSG_FIN                              = 0x200
-	MSG_MORE                             = 0x8000
-	MSG_NOSIGNAL                         = 0x4000
-	MSG_OOB                              = 0x1
-	MSG_PEEK                             = 0x2
-	MSG_PROXY                            = 0x10
-	MSG_RST                              = 0x1000
-	MSG_SYN                              = 0x400
-	MSG_TRUNC                            = 0x20
-	MSG_TRYHARD                          = 0x4
-	MSG_WAITALL                          = 0x100
-	MSG_WAITFORONE                       = 0x10000
-	MSG_ZEROCOPY                         = 0x4000000
-	MS_ACTIVE                            = 0x40000000
-	MS_ASYNC                             = 0x1
-	MS_BIND                              = 0x1000
-	MS_BORN                              = 0x20000000
-	MS_DIRSYNC                           = 0x80
-	MS_INVALIDATE                        = 0x2
-	MS_I_VERSION                         = 0x800000
-	MS_KERNMOUNT                         = 0x400000
-	MS_LAZYTIME                          = 0x2000000
-	MS_MANDLOCK                          = 0x40
-	MS_MGC_MSK                           = 0xffff0000
-	MS_MGC_VAL                           = 0xc0ed0000
-	MS_MOVE                              = 0x2000
-	MS_NOATIME                           = 0x400
-	MS_NODEV                             = 0x4
-	MS_NODIRATIME                        = 0x800
-	MS_NOEXEC                            = 0x8
-	MS_NOREMOTELOCK                      = 0x8000000
-	MS_NOSEC                             = 0x10000000
-	MS_NOSUID                            = 0x2
-	MS_NOUSER                            = -0x80000000
-	MS_POSIXACL                          = 0x10000
-	MS_PRIVATE                           = 0x40000
-	MS_RDONLY                            = 0x1
-	MS_REC                               = 0x4000
-	MS_RELATIME                          = 0x200000
-	MS_REMOUNT                           = 0x20
-	MS_RMT_MASK                          = 0x2800051
-	MS_SHARED                            = 0x100000
-	MS_SILENT                            = 0x8000
-	MS_SLAVE                             = 0x80000
-	MS_STRICTATIME                       = 0x1000000
-	MS_SUBMOUNT                          = 0x4000000
-	MS_SYNC                              = 0x4
-	MS_SYNCHRONOUS                       = 0x10
-	MS_UNBINDABLE                        = 0x20000
-	MS_VERBOSE                           = 0x8000
-	MTD_INODE_FS_MAGIC                   = 0x11307854
-	NAME_MAX                             = 0xff
-	NCP_SUPER_MAGIC                      = 0x564c
-	NETLINK_ADD_MEMBERSHIP               = 0x1
-	NETLINK_AUDIT                        = 0x9
-	NETLINK_BROADCAST_ERROR              = 0x4
-	NETLINK_CAP_ACK                      = 0xa
-	NETLINK_CONNECTOR                    = 0xb
-	NETLINK_CRYPTO                       = 0x15
-	NETLINK_DNRTMSG                      = 0xe
-	NETLINK_DROP_MEMBERSHIP              = 0x2
-	NETLINK_ECRYPTFS                     = 0x13
-	NETLINK_EXT_ACK                      = 0xb
-	NETLINK_FIB_LOOKUP                   = 0xa
-	NETLINK_FIREWALL                     = 0x3
-	NETLINK_GENERIC                      = 0x10
-	NETLINK_INET_DIAG                    = 0x4
-	NETLINK_IP6_FW                       = 0xd
-	NETLINK_ISCSI                        = 0x8
-	NETLINK_KOBJECT_UEVENT               = 0xf
-	NETLINK_LISTEN_ALL_NSID              = 0x8
-	NETLINK_LIST_MEMBERSHIPS             = 0x9
-	NETLINK_NETFILTER                    = 0xc
-	NETLINK_NFLOG                        = 0x5
-	NETLINK_NO_ENOBUFS                   = 0x5
-	NETLINK_PKTINFO                      = 0x3
-	NETLINK_RDMA                         = 0x14
-	NETLINK_ROUTE                        = 0x0
-	NETLINK_RX_RING                      = 0x6
-	NETLINK_SCSITRANSPORT                = 0x12
-	NETLINK_SELINUX                      = 0x7
-	NETLINK_SMC                          = 0x16
-	NETLINK_SOCK_DIAG                    = 0x4
-	NETLINK_TX_RING                      = 0x7
-	NETLINK_UNUSED                       = 0x1
-	NETLINK_USERSOCK                     = 0x2
-	NETLINK_XFRM                         = 0x6
-	NFNETLINK_V0                         = 0x0
-	NFNLGRP_ACCT_QUOTA                   = 0x8
-	NFNLGRP_CONNTRACK_DESTROY            = 0x3
-	NFNLGRP_CONNTRACK_EXP_DESTROY        = 0x6
-	NFNLGRP_CONNTRACK_EXP_NEW            = 0x4
-	NFNLGRP_CONNTRACK_EXP_UPDATE         = 0x5
-	NFNLGRP_CONNTRACK_NEW                = 0x1
-	NFNLGRP_CONNTRACK_UPDATE             = 0x2
-	NFNLGRP_MAX                          = 0x9
-	NFNLGRP_NFTABLES                     = 0x7
-	NFNLGRP_NFTRACE                      = 0x9
-	NFNLGRP_NONE                         = 0x0
-	NFNL_BATCH_MAX                       = 0x1
-	NFNL_MSG_BATCH_BEGIN                 = 0x10
-	NFNL_MSG_BATCH_END                   = 0x11
-	NFNL_NFA_NEST                        = 0x8000
-	NFNL_SUBSYS_ACCT                     = 0x7
-	NFNL_SUBSYS_COUNT                    = 0xc
-	NFNL_SUBSYS_CTHELPER                 = 0x9
-	NFNL_SUBSYS_CTNETLINK                = 0x1
-	NFNL_SUBSYS_CTNETLINK_EXP            = 0x2
-	NFNL_SUBSYS_CTNETLINK_TIMEOUT        = 0x8
-	NFNL_SUBSYS_IPSET                    = 0x6
-	NFNL_SUBSYS_NFTABLES                 = 0xa
-	NFNL_SUBSYS_NFT_COMPAT               = 0xb
-	NFNL_SUBSYS_NONE                     = 0x0
-	NFNL_SUBSYS_OSF                      = 0x5
-	NFNL_SUBSYS_QUEUE                    = 0x3
-	NFNL_SUBSYS_ULOG                     = 0x4
-	NFS_SUPER_MAGIC                      = 0x6969
-	NILFS_SUPER_MAGIC                    = 0x3434
-	NL0                                  = 0x0
-	NL1                                  = 0x100
-	NLA_ALIGNTO                          = 0x4
-	NLA_F_NESTED                         = 0x8000
-	NLA_F_NET_BYTEORDER                  = 0x4000
-	NLA_HDRLEN                           = 0x4
-	NLDLY                                = 0x100
-	NLMSG_ALIGNTO                        = 0x4
-	NLMSG_DONE                           = 0x3
-	NLMSG_ERROR                          = 0x2
-	NLMSG_HDRLEN                         = 0x10
-	NLMSG_MIN_TYPE                       = 0x10
-	NLMSG_NOOP                           = 0x1
-	NLMSG_OVERRUN                        = 0x4
-	NLM_F_ACK                            = 0x4
-	NLM_F_ACK_TLVS                       = 0x200
-	NLM_F_APPEND                         = 0x800
-	NLM_F_ATOMIC                         = 0x400
-	NLM_F_CAPPED                         = 0x100
-	NLM_F_CREATE                         = 0x400
-	NLM_F_DUMP                           = 0x300
-	NLM_F_DUMP_FILTERED                  = 0x20
-	NLM_F_DUMP_INTR                      = 0x10
-	NLM_F_ECHO                           = 0x8
-	NLM_F_EXCL                           = 0x200
-	NLM_F_MATCH                          = 0x200
-	NLM_F_MULTI                          = 0x2
-	NLM_F_NONREC                         = 0x100
-	NLM_F_REPLACE                        = 0x100
-	NLM_F_REQUEST                        = 0x1
-	NLM_F_ROOT                           = 0x100
-	NOFLSH                               = 0x80
-	NSFS_MAGIC                           = 0x6e736673
-	OCFS2_SUPER_MAGIC                    = 0x7461636f
-	OCRNL                                = 0x8
-	OFDEL                                = 0x80
-	OFILL                                = 0x40
-	OLCUC                                = 0x2
-	ONLCR                                = 0x4
-	ONLRET                               = 0x20
-	ONOCR                                = 0x10
-	OPENPROM_SUPER_MAGIC                 = 0x9fa1
-	OPOST                                = 0x1
-	OVERLAYFS_SUPER_MAGIC                = 0x794c7630
-	O_ACCMODE                            = 0x3
-	O_APPEND                             = 0x400
-	O_ASYNC                              = 0x2000
-	O_CLOEXEC                            = 0x80000
-	O_CREAT                              = 0x40
-	O_DIRECT                             = 0x4000
-	O_DIRECTORY                          = 0x10000
-	O_DSYNC                              = 0x1000
-	O_EXCL                               = 0x80
-	O_FSYNC                              = 0x101000
-	O_LARGEFILE                          = 0x0
-	O_NDELAY                             = 0x800
-	O_NOATIME                            = 0x40000
-	O_NOCTTY                             = 0x100
-	O_NOFOLLOW                           = 0x20000
-	O_NONBLOCK                           = 0x800
-	O_PATH                               = 0x200000
-	O_RDONLY                             = 0x0
-	O_RDWR                               = 0x2
-	O_RSYNC                              = 0x101000
-	O_SYNC                               = 0x101000
-	O_TMPFILE                            = 0x410000
-	O_TRUNC                              = 0x200
-	O_WRONLY                             = 0x1
-	PACKET_ADD_MEMBERSHIP                = 0x1
-	PACKET_AUXDATA                       = 0x8
-	PACKET_BROADCAST                     = 0x1
-	PACKET_COPY_THRESH                   = 0x7
-	PACKET_DROP_MEMBERSHIP               = 0x2
-	PACKET_FANOUT                        = 0x12
-	PACKET_FANOUT_CBPF                   = 0x6
-	PACKET_FANOUT_CPU                    = 0x2
-	PACKET_FANOUT_DATA                   = 0x16
-	PACKET_FANOUT_EBPF                   = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG            = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER          = 0x1000
-	PACKET_FANOUT_FLAG_UNIQUEID          = 0x2000
-	PACKET_FANOUT_HASH                   = 0x0
-	PACKET_FANOUT_LB                     = 0x1
-	PACKET_FANOUT_QM                     = 0x5
-	PACKET_FANOUT_RND                    = 0x4
-	PACKET_FANOUT_ROLLOVER               = 0x3
-	PACKET_FASTROUTE                     = 0x6
-	PACKET_HDRLEN                        = 0xb
-	PACKET_HOST                          = 0x0
-	PACKET_KERNEL                        = 0x7
-	PACKET_LOOPBACK                      = 0x5
-	PACKET_LOSS                          = 0xe
-	PACKET_MR_ALLMULTI                   = 0x2
-	PACKET_MR_MULTICAST                  = 0x0
-	PACKET_MR_PROMISC                    = 0x1
-	PACKET_MR_UNICAST                    = 0x3
-	PACKET_MULTICAST                     = 0x2
-	PACKET_ORIGDEV                       = 0x9
-	PACKET_OTHERHOST                     = 0x3
-	PACKET_OUTGOING                      = 0x4
-	PACKET_QDISC_BYPASS                  = 0x14
-	PACKET_RECV_OUTPUT                   = 0x3
-	PACKET_RESERVE                       = 0xc
-	PACKET_ROLLOVER_STATS                = 0x15
-	PACKET_RX_RING                       = 0x5
-	PACKET_STATISTICS                    = 0x6
-	PACKET_TIMESTAMP                     = 0x11
-	PACKET_TX_HAS_OFF                    = 0x13
-	PACKET_TX_RING                       = 0xd
-	PACKET_TX_TIMESTAMP                  = 0x10
-	PACKET_USER                          = 0x6
-	PACKET_VERSION                       = 0xa
-	PACKET_VNET_HDR                      = 0xf
-	PARENB                               = 0x100
-	PARITY_CRC16_PR0                     = 0x2
-	PARITY_CRC16_PR0_CCITT               = 0x4
-	PARITY_CRC16_PR1                     = 0x3
-	PARITY_CRC16_PR1_CCITT               = 0x5
-	PARITY_CRC32_PR0_CCITT               = 0x6
-	PARITY_CRC32_PR1_CCITT               = 0x7
-	PARITY_DEFAULT                       = 0x0
-	PARITY_NONE                          = 0x1
-	PARMRK                               = 0x8
-	PARODD                               = 0x200
-	PENDIN                               = 0x4000
-	PERF_EVENT_IOC_DISABLE               = 0x2401
-	PERF_EVENT_IOC_ENABLE                = 0x2400
-	PERF_EVENT_IOC_ID                    = 0x80082407
-	PERF_EVENT_IOC_MODIFY_ATTRIBUTES     = 0x4008240b
-	PERF_EVENT_IOC_PAUSE_OUTPUT          = 0x40042409
-	PERF_EVENT_IOC_PERIOD                = 0x40082404
-	PERF_EVENT_IOC_QUERY_BPF             = 0xc008240a
-	PERF_EVENT_IOC_REFRESH               = 0x2402
-	PERF_EVENT_IOC_RESET                 = 0x2403
-	PERF_EVENT_IOC_SET_BPF               = 0x40042408
-	PERF_EVENT_IOC_SET_FILTER            = 0x40082406
-	PERF_EVENT_IOC_SET_OUTPUT            = 0x2405
-	PIPEFS_MAGIC                         = 0x50495045
-	PRIO_PGRP                            = 0x1
-	PRIO_PROCESS                         = 0x0
-	PRIO_USER                            = 0x2
-	PROC_SUPER_MAGIC                     = 0x9fa0
-	PROT_EXEC                            = 0x4
-	PROT_GROWSDOWN                       = 0x1000000
-	PROT_GROWSUP                         = 0x2000000
-	PROT_NONE                            = 0x0
-	PROT_READ                            = 0x1
-	PROT_WRITE                           = 0x2
-	PR_CAPBSET_DROP                      = 0x18
-	PR_CAPBSET_READ                      = 0x17
-	PR_CAP_AMBIENT                       = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL             = 0x4
-	PR_CAP_AMBIENT_IS_SET                = 0x1
-	PR_CAP_AMBIENT_LOWER                 = 0x3
-	PR_CAP_AMBIENT_RAISE                 = 0x2
-	PR_ENDIAN_BIG                        = 0x0
-	PR_ENDIAN_LITTLE                     = 0x1
-	PR_ENDIAN_PPC_LITTLE                 = 0x2
-	PR_FPEMU_NOPRINT                     = 0x1
-	PR_FPEMU_SIGFPE                      = 0x2
-	PR_FP_EXC_ASYNC                      = 0x2
-	PR_FP_EXC_DISABLED                   = 0x0
-	PR_FP_EXC_DIV                        = 0x10000
-	PR_FP_EXC_INV                        = 0x100000
-	PR_FP_EXC_NONRECOV                   = 0x1
-	PR_FP_EXC_OVF                        = 0x20000
-	PR_FP_EXC_PRECISE                    = 0x3
-	PR_FP_EXC_RES                        = 0x80000
-	PR_FP_EXC_SW_ENABLE                  = 0x80
-	PR_FP_EXC_UND                        = 0x40000
-	PR_FP_MODE_FR                        = 0x1
-	PR_FP_MODE_FRE                       = 0x2
-	PR_GET_CHILD_SUBREAPER               = 0x25
-	PR_GET_DUMPABLE                      = 0x3
-	PR_GET_ENDIAN                        = 0x13
-	PR_GET_FPEMU                         = 0x9
-	PR_GET_FPEXC                         = 0xb
-	PR_GET_FP_MODE                       = 0x2e
-	PR_GET_KEEPCAPS                      = 0x7
-	PR_GET_NAME                          = 0x10
-	PR_GET_NO_NEW_PRIVS                  = 0x27
-	PR_GET_PDEATHSIG                     = 0x2
-	PR_GET_SECCOMP                       = 0x15
-	PR_GET_SECUREBITS                    = 0x1b
-	PR_GET_SPECULATION_CTRL              = 0x34
-	PR_GET_THP_DISABLE                   = 0x2a
-	PR_GET_TID_ADDRESS                   = 0x28
-	PR_GET_TIMERSLACK                    = 0x1e
-	PR_GET_TIMING                        = 0xd
-	PR_GET_TSC                           = 0x19
-	PR_GET_UNALIGN                       = 0x5
-	PR_MCE_KILL                          = 0x21
-	PR_MCE_KILL_CLEAR                    = 0x0
-	PR_MCE_KILL_DEFAULT                  = 0x2
-	PR_MCE_KILL_EARLY                    = 0x1
-	PR_MCE_KILL_GET                      = 0x22
-	PR_MCE_KILL_LATE                     = 0x0
-	PR_MCE_KILL_SET                      = 0x1
-	PR_MPX_DISABLE_MANAGEMENT            = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT             = 0x2b
-	PR_SET_CHILD_SUBREAPER               = 0x24
-	PR_SET_DUMPABLE                      = 0x4
-	PR_SET_ENDIAN                        = 0x14
-	PR_SET_FPEMU                         = 0xa
-	PR_SET_FPEXC                         = 0xc
-	PR_SET_FP_MODE                       = 0x2d
-	PR_SET_KEEPCAPS                      = 0x8
-	PR_SET_MM                            = 0x23
-	PR_SET_MM_ARG_END                    = 0x9
-	PR_SET_MM_ARG_START                  = 0x8
-	PR_SET_MM_AUXV                       = 0xc
-	PR_SET_MM_BRK                        = 0x7
-	PR_SET_MM_END_CODE                   = 0x2
-	PR_SET_MM_END_DATA                   = 0x4
-	PR_SET_MM_ENV_END                    = 0xb
-	PR_SET_MM_ENV_START                  = 0xa
-	PR_SET_MM_EXE_FILE                   = 0xd
-	PR_SET_MM_MAP                        = 0xe
-	PR_SET_MM_MAP_SIZE                   = 0xf
-	PR_SET_MM_START_BRK                  = 0x6
-	PR_SET_MM_START_CODE                 = 0x1
-	PR_SET_MM_START_DATA                 = 0x3
-	PR_SET_MM_START_STACK                = 0x5
-	PR_SET_NAME                          = 0xf
-	PR_SET_NO_NEW_PRIVS                  = 0x26
-	PR_SET_PDEATHSIG                     = 0x1
-	PR_SET_PTRACER                       = 0x59616d61
-	PR_SET_PTRACER_ANY                   = 0xffffffffffffffff
-	PR_SET_SECCOMP                       = 0x16
-	PR_SET_SECUREBITS                    = 0x1c
-	PR_SET_SPECULATION_CTRL              = 0x35
-	PR_SET_THP_DISABLE                   = 0x29
-	PR_SET_TIMERSLACK                    = 0x1d
-	PR_SET_TIMING                        = 0xe
-	PR_SET_TSC                           = 0x1a
-	PR_SET_UNALIGN                       = 0x6
-	PR_SPEC_DISABLE                      = 0x4
-	PR_SPEC_ENABLE                       = 0x2
-	PR_SPEC_FORCE_DISABLE                = 0x8
-	PR_SPEC_NOT_AFFECTED                 = 0x0
-	PR_SPEC_PRCTL                        = 0x1
-	PR_SPEC_STORE_BYPASS                 = 0x0
-	PR_SVE_GET_VL                        = 0x33
-	PR_SVE_SET_VL                        = 0x32
-	PR_SVE_SET_VL_ONEXEC                 = 0x40000
-	PR_SVE_VL_INHERIT                    = 0x20000
-	PR_SVE_VL_LEN_MASK                   = 0xffff
-	PR_TASK_PERF_EVENTS_DISABLE          = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE           = 0x20
-	PR_TIMING_STATISTICAL                = 0x0
-	PR_TIMING_TIMESTAMP                  = 0x1
-	PR_TSC_ENABLE                        = 0x1
-	PR_TSC_SIGSEGV                       = 0x2
-	PR_UNALIGN_NOPRINT                   = 0x1
-	PR_UNALIGN_SIGBUS                    = 0x2
-	PSTOREFS_MAGIC                       = 0x6165676c
-	PTRACE_ATTACH                        = 0x10
-	PTRACE_CONT                          = 0x7
-	PTRACE_DETACH                        = 0x11
-	PTRACE_DISABLE_TE                    = 0x5010
-	PTRACE_ENABLE_TE                     = 0x5009
-	PTRACE_EVENT_CLONE                   = 0x3
-	PTRACE_EVENT_EXEC                    = 0x4
-	PTRACE_EVENT_EXIT                    = 0x6
-	PTRACE_EVENT_FORK                    = 0x1
-	PTRACE_EVENT_SECCOMP                 = 0x7
-	PTRACE_EVENT_STOP                    = 0x80
-	PTRACE_EVENT_VFORK                   = 0x2
-	PTRACE_EVENT_VFORK_DONE              = 0x5
-	PTRACE_GETEVENTMSG                   = 0x4201
-	PTRACE_GETREGS                       = 0xc
-	PTRACE_GETREGSET                     = 0x4204
-	PTRACE_GETSIGINFO                    = 0x4202
-	PTRACE_GETSIGMASK                    = 0x420a
-	PTRACE_GET_LAST_BREAK                = 0x5006
-	PTRACE_INTERRUPT                     = 0x4207
-	PTRACE_KILL                          = 0x8
-	PTRACE_LISTEN                        = 0x4208
-	PTRACE_OLDSETOPTIONS                 = 0x15
-	PTRACE_O_EXITKILL                    = 0x100000
-	PTRACE_O_MASK                        = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP             = 0x200000
-	PTRACE_O_TRACECLONE                  = 0x8
-	PTRACE_O_TRACEEXEC                   = 0x10
-	PTRACE_O_TRACEEXIT                   = 0x40
-	PTRACE_O_TRACEFORK                   = 0x2
-	PTRACE_O_TRACESECCOMP                = 0x80
-	PTRACE_O_TRACESYSGOOD                = 0x1
-	PTRACE_O_TRACEVFORK                  = 0x4
-	PTRACE_O_TRACEVFORKDONE              = 0x20
-	PTRACE_PEEKDATA                      = 0x2
-	PTRACE_PEEKDATA_AREA                 = 0x5003
-	PTRACE_PEEKSIGINFO                   = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED            = 0x1
-	PTRACE_PEEKTEXT                      = 0x1
-	PTRACE_PEEKTEXT_AREA                 = 0x5002
-	PTRACE_PEEKUSR                       = 0x3
-	PTRACE_PEEKUSR_AREA                  = 0x5000
-	PTRACE_PEEK_SYSTEM_CALL              = 0x5007
-	PTRACE_POKEDATA                      = 0x5
-	PTRACE_POKEDATA_AREA                 = 0x5005
-	PTRACE_POKETEXT                      = 0x4
-	PTRACE_POKETEXT_AREA                 = 0x5004
-	PTRACE_POKEUSR                       = 0x6
-	PTRACE_POKEUSR_AREA                  = 0x5001
-	PTRACE_POKE_SYSTEM_CALL              = 0x5008
-	PTRACE_PROT                          = 0x15
-	PTRACE_SECCOMP_GET_FILTER            = 0x420c
-	PTRACE_SECCOMP_GET_METADATA          = 0x420d
-	PTRACE_SEIZE                         = 0x4206
-	PTRACE_SETOPTIONS                    = 0x4200
-	PTRACE_SETREGS                       = 0xd
-	PTRACE_SETREGSET                     = 0x4205
-	PTRACE_SETSIGINFO                    = 0x4203
-	PTRACE_SETSIGMASK                    = 0x420b
-	PTRACE_SINGLEBLOCK                   = 0xc
-	PTRACE_SINGLESTEP                    = 0x9
-	PTRACE_SYSCALL                       = 0x18
-	PTRACE_TE_ABORT_RAND                 = 0x5011
-	PTRACE_TRACEME                       = 0x0
-	PT_ACR0                              = 0x90
-	PT_ACR1                              = 0x94
-	PT_ACR10                             = 0xb8
-	PT_ACR11                             = 0xbc
-	PT_ACR12                             = 0xc0
-	PT_ACR13                             = 0xc4
-	PT_ACR14                             = 0xc8
-	PT_ACR15                             = 0xcc
-	PT_ACR2                              = 0x98
-	PT_ACR3                              = 0x9c
-	PT_ACR4                              = 0xa0
-	PT_ACR5                              = 0xa4
-	PT_ACR6                              = 0xa8
-	PT_ACR7                              = 0xac
-	PT_ACR8                              = 0xb0
-	PT_ACR9                              = 0xb4
-	PT_CR_10                             = 0x168
-	PT_CR_11                             = 0x170
-	PT_CR_9                              = 0x160
-	PT_ENDREGS                           = 0x1af
-	PT_FPC                               = 0xd8
-	PT_FPR0                              = 0xe0
-	PT_FPR1                              = 0xe8
-	PT_FPR10                             = 0x130
-	PT_FPR11                             = 0x138
-	PT_FPR12                             = 0x140
-	PT_FPR13                             = 0x148
-	PT_FPR14                             = 0x150
-	PT_FPR15                             = 0x158
-	PT_FPR2                              = 0xf0
-	PT_FPR3                              = 0xf8
-	PT_FPR4                              = 0x100
-	PT_FPR5                              = 0x108
-	PT_FPR6                              = 0x110
-	PT_FPR7                              = 0x118
-	PT_FPR8                              = 0x120
-	PT_FPR9                              = 0x128
-	PT_GPR0                              = 0x10
-	PT_GPR1                              = 0x18
-	PT_GPR10                             = 0x60
-	PT_GPR11                             = 0x68
-	PT_GPR12                             = 0x70
-	PT_GPR13                             = 0x78
-	PT_GPR14                             = 0x80
-	PT_GPR15                             = 0x88
-	PT_GPR2                              = 0x20
-	PT_GPR3                              = 0x28
-	PT_GPR4                              = 0x30
-	PT_GPR5                              = 0x38
-	PT_GPR6                              = 0x40
-	PT_GPR7                              = 0x48
-	PT_GPR8                              = 0x50
-	PT_GPR9                              = 0x58
-	PT_IEEE_IP                           = 0x1a8
-	PT_LASTOFF                           = 0x1a8
-	PT_ORIGGPR2                          = 0xd0
-	PT_PSWADDR                           = 0x8
-	PT_PSWMASK                           = 0x0
-	QNX4_SUPER_MAGIC                     = 0x2f
-	QNX6_SUPER_MAGIC                     = 0x68191122
-	RAMFS_MAGIC                          = 0x858458f6
-	RDTGROUP_SUPER_MAGIC                 = 0x7655821
-	REISERFS_SUPER_MAGIC                 = 0x52654973
-	RLIMIT_AS                            = 0x9
-	RLIMIT_CORE                          = 0x4
-	RLIMIT_CPU                           = 0x0
-	RLIMIT_DATA                          = 0x2
-	RLIMIT_FSIZE                         = 0x1
-	RLIMIT_LOCKS                         = 0xa
-	RLIMIT_MEMLOCK                       = 0x8
-	RLIMIT_MSGQUEUE                      = 0xc
-	RLIMIT_NICE                          = 0xd
-	RLIMIT_NOFILE                        = 0x7
-	RLIMIT_NPROC                         = 0x6
-	RLIMIT_RSS                           = 0x5
-	RLIMIT_RTPRIO                        = 0xe
-	RLIMIT_RTTIME                        = 0xf
-	RLIMIT_SIGPENDING                    = 0xb
-	RLIMIT_STACK                         = 0x3
-	RLIM_INFINITY                        = 0xffffffffffffffff
-	RTAX_ADVMSS                          = 0x8
-	RTAX_CC_ALGO                         = 0x10
-	RTAX_CWND                            = 0x7
-	RTAX_FASTOPEN_NO_COOKIE              = 0x11
-	RTAX_FEATURES                        = 0xc
-	RTAX_FEATURE_ALLFRAG                 = 0x8
-	RTAX_FEATURE_ECN                     = 0x1
-	RTAX_FEATURE_MASK                    = 0xf
-	RTAX_FEATURE_SACK                    = 0x2
-	RTAX_FEATURE_TIMESTAMP               = 0x4
-	RTAX_HOPLIMIT                        = 0xa
-	RTAX_INITCWND                        = 0xb
-	RTAX_INITRWND                        = 0xe
-	RTAX_LOCK                            = 0x1
-	RTAX_MAX                             = 0x11
-	RTAX_MTU                             = 0x2
-	RTAX_QUICKACK                        = 0xf
-	RTAX_REORDERING                      = 0x9
-	RTAX_RTO_MIN                         = 0xd
-	RTAX_RTT                             = 0x4
-	RTAX_RTTVAR                          = 0x5
-	RTAX_SSTHRESH                        = 0x6
-	RTAX_UNSPEC                          = 0x0
-	RTAX_WINDOW                          = 0x3
-	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1a
-	RTCF_DIRECTSRC                       = 0x4000000
-	RTCF_DOREDIRECT                      = 0x1000000
-	RTCF_LOG                             = 0x2000000
-	RTCF_MASQ                            = 0x400000
-	RTCF_NAT                             = 0x800000
-	RTCF_VALVE                           = 0x200000
-	RTC_AF                               = 0x20
-	RTC_AIE_OFF                          = 0x7002
-	RTC_AIE_ON                           = 0x7001
-	RTC_ALM_READ                         = 0x80247008
-	RTC_ALM_SET                          = 0x40247007
-	RTC_EPOCH_READ                       = 0x8008700d
-	RTC_EPOCH_SET                        = 0x4008700e
-	RTC_IRQF                             = 0x80
-	RTC_IRQP_READ                        = 0x8008700b
-	RTC_IRQP_SET                         = 0x4008700c
-	RTC_MAX_FREQ                         = 0x2000
-	RTC_PF                               = 0x40
-	RTC_PIE_OFF                          = 0x7006
-	RTC_PIE_ON                           = 0x7005
-	RTC_PLL_GET                          = 0x80207011
-	RTC_PLL_SET                          = 0x40207012
-	RTC_RD_TIME                          = 0x80247009
-	RTC_SET_TIME                         = 0x4024700a
-	RTC_UF                               = 0x10
-	RTC_UIE_OFF                          = 0x7004
-	RTC_UIE_ON                           = 0x7003
-	RTC_VL_CLR                           = 0x7014
-	RTC_VL_READ                          = 0x80047013
-	RTC_WIE_OFF                          = 0x7010
-	RTC_WIE_ON                           = 0x700f
-	RTC_WKALM_RD                         = 0x80287010
-	RTC_WKALM_SET                        = 0x4028700f
-	RTF_ADDRCLASSMASK                    = 0xf8000000
-	RTF_ADDRCONF                         = 0x40000
-	RTF_ALLONLINK                        = 0x20000
-	RTF_BROADCAST                        = 0x10000000
-	RTF_CACHE                            = 0x1000000
-	RTF_DEFAULT                          = 0x10000
-	RTF_DYNAMIC                          = 0x10
-	RTF_FLOW                             = 0x2000000
-	RTF_GATEWAY                          = 0x2
-	RTF_HOST                             = 0x4
-	RTF_INTERFACE                        = 0x40000000
-	RTF_IRTT                             = 0x100
-	RTF_LINKRT                           = 0x100000
-	RTF_LOCAL                            = 0x80000000
-	RTF_MODIFIED                         = 0x20
-	RTF_MSS                              = 0x40
-	RTF_MTU                              = 0x40
-	RTF_MULTICAST                        = 0x20000000
-	RTF_NAT                              = 0x8000000
-	RTF_NOFORWARD                        = 0x1000
-	RTF_NONEXTHOP                        = 0x200000
-	RTF_NOPMTUDISC                       = 0x4000
-	RTF_POLICY                           = 0x4000000
-	RTF_REINSTATE                        = 0x8
-	RTF_REJECT                           = 0x200
-	RTF_STATIC                           = 0x400
-	RTF_THROW                            = 0x2000
-	RTF_UP                               = 0x1
-	RTF_WINDOW                           = 0x80
-	RTF_XRESOLVE                         = 0x800
-	RTM_BASE                             = 0x10
-	RTM_DELACTION                        = 0x31
-	RTM_DELADDR                          = 0x15
-	RTM_DELADDRLABEL                     = 0x49
-	RTM_DELLINK                          = 0x11
-	RTM_DELMDB                           = 0x55
-	RTM_DELNEIGH                         = 0x1d
-	RTM_DELNETCONF                       = 0x51
-	RTM_DELNSID                          = 0x59
-	RTM_DELQDISC                         = 0x25
-	RTM_DELROUTE                         = 0x19
-	RTM_DELRULE                          = 0x21
-	RTM_DELTCLASS                        = 0x29
-	RTM_DELTFILTER                       = 0x2d
-	RTM_F_CLONED                         = 0x200
-	RTM_F_EQUALIZE                       = 0x400
-	RTM_F_FIB_MATCH                      = 0x2000
-	RTM_F_LOOKUP_TABLE                   = 0x1000
-	RTM_F_NOTIFY                         = 0x100
-	RTM_F_PREFIX                         = 0x800
-	RTM_GETACTION                        = 0x32
-	RTM_GETADDR                          = 0x16
-	RTM_GETADDRLABEL                     = 0x4a
-	RTM_GETANYCAST                       = 0x3e
-	RTM_GETDCB                           = 0x4e
-	RTM_GETLINK                          = 0x12
-	RTM_GETMDB                           = 0x56
-	RTM_GETMULTICAST                     = 0x3a
-	RTM_GETNEIGH                         = 0x1e
-	RTM_GETNEIGHTBL                      = 0x42
-	RTM_GETNETCONF                       = 0x52
-	RTM_GETNSID                          = 0x5a
-	RTM_GETQDISC                         = 0x26
-	RTM_GETROUTE                         = 0x1a
-	RTM_GETRULE                          = 0x22
-	RTM_GETSTATS                         = 0x5e
-	RTM_GETTCLASS                        = 0x2a
-	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x63
-	RTM_NEWACTION                        = 0x30
-	RTM_NEWADDR                          = 0x14
-	RTM_NEWADDRLABEL                     = 0x48
-	RTM_NEWCACHEREPORT                   = 0x60
-	RTM_NEWLINK                          = 0x10
-	RTM_NEWMDB                           = 0x54
-	RTM_NEWNDUSEROPT                     = 0x44
-	RTM_NEWNEIGH                         = 0x1c
-	RTM_NEWNEIGHTBL                      = 0x40
-	RTM_NEWNETCONF                       = 0x50
-	RTM_NEWNSID                          = 0x58
-	RTM_NEWPREFIX                        = 0x34
-	RTM_NEWQDISC                         = 0x24
-	RTM_NEWROUTE                         = 0x18
-	RTM_NEWRULE                          = 0x20
-	RTM_NEWSTATS                         = 0x5c
-	RTM_NEWTCLASS                        = 0x28
-	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x15
-	RTM_NR_MSGTYPES                      = 0x54
-	RTM_SETDCB                           = 0x4f
-	RTM_SETLINK                          = 0x13
-	RTM_SETNEIGHTBL                      = 0x43
-	RTNH_ALIGNTO                         = 0x4
-	RTNH_COMPARE_MASK                    = 0x19
-	RTNH_F_DEAD                          = 0x1
-	RTNH_F_LINKDOWN                      = 0x10
-	RTNH_F_OFFLOAD                       = 0x8
-	RTNH_F_ONLINK                        = 0x4
-	RTNH_F_PERVASIVE                     = 0x2
-	RTNH_F_UNRESOLVED                    = 0x20
-	RTN_MAX                              = 0xb
-	RTPROT_BABEL                         = 0x2a
-	RTPROT_BIRD                          = 0xc
-	RTPROT_BOOT                          = 0x3
-	RTPROT_DHCP                          = 0x10
-	RTPROT_DNROUTED                      = 0xd
-	RTPROT_GATED                         = 0x8
-	RTPROT_KERNEL                        = 0x2
-	RTPROT_MROUTED                       = 0x11
-	RTPROT_MRT                           = 0xa
-	RTPROT_NTK                           = 0xf
-	RTPROT_RA                            = 0x9
-	RTPROT_REDIRECT                      = 0x1
-	RTPROT_STATIC                        = 0x4
-	RTPROT_UNSPEC                        = 0x0
-	RTPROT_XORP                          = 0xe
-	RTPROT_ZEBRA                         = 0xb
-	RT_CLASS_DEFAULT                     = 0xfd
-	RT_CLASS_LOCAL                       = 0xff
-	RT_CLASS_MAIN                        = 0xfe
-	RT_CLASS_MAX                         = 0xff
-	RT_CLASS_UNSPEC                      = 0x0
-	RUSAGE_CHILDREN                      = -0x1
-	RUSAGE_SELF                          = 0x0
-	RUSAGE_THREAD                        = 0x1
-	SCM_CREDENTIALS                      = 0x2
-	SCM_RIGHTS                           = 0x1
-	SCM_TIMESTAMP                        = 0x1d
-	SCM_TIMESTAMPING                     = 0x25
-	SCM_TIMESTAMPING_OPT_STATS           = 0x36
-	SCM_TIMESTAMPING_PKTINFO             = 0x3a
-	SCM_TIMESTAMPNS                      = 0x23
-	SCM_WIFI_STATUS                      = 0x29
-	SECCOMP_MODE_DISABLED                = 0x0
-	SECCOMP_MODE_FILTER                  = 0x2
-	SECCOMP_MODE_STRICT                  = 0x1
-	SECURITYFS_MAGIC                     = 0x73636673
-	SELINUX_MAGIC                        = 0xf97cff8c
-	SHUT_RD                              = 0x0
-	SHUT_RDWR                            = 0x2
-	SHUT_WR                              = 0x1
-	SIOCADDDLCI                          = 0x8980
-	SIOCADDMULTI                         = 0x8931
-	SIOCADDRT                            = 0x890b
-	SIOCATMARK                           = 0x8905
-	SIOCBONDCHANGEACTIVE                 = 0x8995
-	SIOCBONDENSLAVE                      = 0x8990
-	SIOCBONDINFOQUERY                    = 0x8994
-	SIOCBONDRELEASE                      = 0x8991
-	SIOCBONDSETHWADDR                    = 0x8992
-	SIOCBONDSLAVEINFOQUERY               = 0x8993
-	SIOCBRADDBR                          = 0x89a0
-	SIOCBRADDIF                          = 0x89a2
-	SIOCBRDELBR                          = 0x89a1
-	SIOCBRDELIF                          = 0x89a3
-	SIOCDARP                             = 0x8953
-	SIOCDELDLCI                          = 0x8981
-	SIOCDELMULTI                         = 0x8932
-	SIOCDELRT                            = 0x890c
-	SIOCDEVPRIVATE                       = 0x89f0
-	SIOCDIFADDR                          = 0x8936
-	SIOCDRARP                            = 0x8960
-	SIOCETHTOOL                          = 0x8946
-	SIOCGARP                             = 0x8954
-	SIOCGHWTSTAMP                        = 0x89b1
-	SIOCGIFADDR                          = 0x8915
-	SIOCGIFBR                            = 0x8940
-	SIOCGIFBRDADDR                       = 0x8919
-	SIOCGIFCONF                          = 0x8912
-	SIOCGIFCOUNT                         = 0x8938
-	SIOCGIFDSTADDR                       = 0x8917
-	SIOCGIFENCAP                         = 0x8925
-	SIOCGIFFLAGS                         = 0x8913
-	SIOCGIFHWADDR                        = 0x8927
-	SIOCGIFINDEX                         = 0x8933
-	SIOCGIFMAP                           = 0x8970
-	SIOCGIFMEM                           = 0x891f
-	SIOCGIFMETRIC                        = 0x891d
-	SIOCGIFMTU                           = 0x8921
-	SIOCGIFNAME                          = 0x8910
-	SIOCGIFNETMASK                       = 0x891b
-	SIOCGIFPFLAGS                        = 0x8935
-	SIOCGIFSLAVE                         = 0x8929
-	SIOCGIFTXQLEN                        = 0x8942
-	SIOCGIFVLAN                          = 0x8982
-	SIOCGMIIPHY                          = 0x8947
-	SIOCGMIIREG                          = 0x8948
-	SIOCGPGRP                            = 0x8904
-	SIOCGRARP                            = 0x8961
-	SIOCGSKNS                            = 0x894c
-	SIOCGSTAMP                           = 0x8906
-	SIOCGSTAMPNS                         = 0x8907
-	SIOCINQ                              = 0x541b
-	SIOCOUTQ                             = 0x5411
-	SIOCOUTQNSD                          = 0x894b
-	SIOCPROTOPRIVATE                     = 0x89e0
-	SIOCRTMSG                            = 0x890d
-	SIOCSARP                             = 0x8955
-	SIOCSHWTSTAMP                        = 0x89b0
-	SIOCSIFADDR                          = 0x8916
-	SIOCSIFBR                            = 0x8941
-	SIOCSIFBRDADDR                       = 0x891a
-	SIOCSIFDSTADDR                       = 0x8918
-	SIOCSIFENCAP                         = 0x8926
-	SIOCSIFFLAGS                         = 0x8914
-	SIOCSIFHWADDR                        = 0x8924
-	SIOCSIFHWBROADCAST                   = 0x8937
-	SIOCSIFLINK                          = 0x8911
-	SIOCSIFMAP                           = 0x8971
-	SIOCSIFMEM                           = 0x8920
-	SIOCSIFMETRIC                        = 0x891e
-	SIOCSIFMTU                           = 0x8922
-	SIOCSIFNAME                          = 0x8923
-	SIOCSIFNETMASK                       = 0x891c
-	SIOCSIFPFLAGS                        = 0x8934
-	SIOCSIFSLAVE                         = 0x8930
-	SIOCSIFTXQLEN                        = 0x8943
-	SIOCSIFVLAN                          = 0x8983
-	SIOCSMIIREG                          = 0x8949
-	SIOCSPGRP                            = 0x8902
-	SIOCSRARP                            = 0x8962
-	SIOCWANDEV                           = 0x894a
-	SMACK_MAGIC                          = 0x43415d53
-	SMART_AUTOSAVE                       = 0xd2
-	SMART_AUTO_OFFLINE                   = 0xdb
-	SMART_DISABLE                        = 0xd9
-	SMART_ENABLE                         = 0xd8
-	SMART_HCYL_PASS                      = 0xc2
-	SMART_IMMEDIATE_OFFLINE              = 0xd4
-	SMART_LCYL_PASS                      = 0x4f
-	SMART_READ_LOG_SECTOR                = 0xd5
-	SMART_READ_THRESHOLDS                = 0xd1
-	SMART_READ_VALUES                    = 0xd0
-	SMART_SAVE                           = 0xd3
-	SMART_STATUS                         = 0xda
-	SMART_WRITE_LOG_SECTOR               = 0xd6
-	SMART_WRITE_THRESHOLDS               = 0xd7
-	SMB_SUPER_MAGIC                      = 0x517b
-	SOCKFS_MAGIC                         = 0x534f434b
-	SOCK_CLOEXEC                         = 0x80000
-	SOCK_DCCP                            = 0x6
-	SOCK_DGRAM                           = 0x2
-	SOCK_IOC_TYPE                        = 0x89
-	SOCK_NONBLOCK                        = 0x800
-	SOCK_PACKET                          = 0xa
-	SOCK_RAW                             = 0x3
-	SOCK_RDM                             = 0x4
-	SOCK_SEQPACKET                       = 0x5
-	SOCK_STREAM                          = 0x1
-	SOL_AAL                              = 0x109
-	SOL_ALG                              = 0x117
-	SOL_ATM                              = 0x108
-	SOL_CAIF                             = 0x116
-	SOL_CAN_BASE                         = 0x64
-	SOL_DCCP                             = 0x10d
-	SOL_DECNET                           = 0x105
-	SOL_ICMPV6                           = 0x3a
-	SOL_IP                               = 0x0
-	SOL_IPV6                             = 0x29
-	SOL_IRDA                             = 0x10a
-	SOL_IUCV                             = 0x115
-	SOL_KCM                              = 0x119
-	SOL_LLC                              = 0x10c
-	SOL_NETBEUI                          = 0x10b
-	SOL_NETLINK                          = 0x10e
-	SOL_NFC                              = 0x118
-	SOL_PACKET                           = 0x107
-	SOL_PNPIPE                           = 0x113
-	SOL_PPPOL2TP                         = 0x111
-	SOL_RAW                              = 0xff
-	SOL_RDS                              = 0x114
-	SOL_RXRPC                            = 0x110
-	SOL_SOCKET                           = 0x1
-	SOL_TCP                              = 0x6
-	SOL_TIPC                             = 0x10f
-	SOL_TLS                              = 0x11a
-	SOL_X25                              = 0x106
-	SOMAXCONN                            = 0x80
-	SO_ACCEPTCONN                        = 0x1e
-	SO_ATTACH_BPF                        = 0x32
-	SO_ATTACH_FILTER                     = 0x1a
-	SO_ATTACH_REUSEPORT_CBPF             = 0x33
-	SO_ATTACH_REUSEPORT_EBPF             = 0x34
-	SO_BINDTODEVICE                      = 0x19
-	SO_BPF_EXTENSIONS                    = 0x30
-	SO_BROADCAST                         = 0x6
-	SO_BSDCOMPAT                         = 0xe
-	SO_BUSY_POLL                         = 0x2e
-	SO_CNX_ADVICE                        = 0x35
-	SO_COOKIE                            = 0x39
-	SO_DEBUG                             = 0x1
-	SO_DETACH_BPF                        = 0x1b
-	SO_DETACH_FILTER                     = 0x1b
-	SO_DOMAIN                            = 0x27
-	SO_DONTROUTE                         = 0x5
-	SO_ERROR                             = 0x4
-	SO_GET_FILTER                        = 0x1a
-	SO_INCOMING_CPU                      = 0x31
-	SO_INCOMING_NAPI_ID                  = 0x38
-	SO_KEEPALIVE                         = 0x9
-	SO_LINGER                            = 0xd
-	SO_LOCK_FILTER                       = 0x2c
-	SO_MARK                              = 0x24
-	SO_MAX_PACING_RATE                   = 0x2f
-	SO_MEMINFO                           = 0x37
-	SO_NOFCS                             = 0x2b
-	SO_NO_CHECK                          = 0xb
-	SO_OOBINLINE                         = 0xa
-	SO_PASSCRED                          = 0x10
-	SO_PASSSEC                           = 0x22
-	SO_PEEK_OFF                          = 0x2a
-	SO_PEERCRED                          = 0x11
-	SO_PEERGROUPS                        = 0x3b
-	SO_PEERNAME                          = 0x1c
-	SO_PEERSEC                           = 0x1f
-	SO_PRIORITY                          = 0xc
-	SO_PROTOCOL                          = 0x26
-	SO_RCVBUF                            = 0x8
-	SO_RCVBUFFORCE                       = 0x21
-	SO_RCVLOWAT                          = 0x12
-	SO_RCVTIMEO                          = 0x14
-	SO_REUSEADDR                         = 0x2
-	SO_REUSEPORT                         = 0xf
-	SO_RXQ_OVFL                          = 0x28
-	SO_SECURITY_AUTHENTICATION           = 0x16
-	SO_SECURITY_ENCRYPTION_NETWORK       = 0x18
-	SO_SECURITY_ENCRYPTION_TRANSPORT     = 0x17
-	SO_SELECT_ERR_QUEUE                  = 0x2d
-	SO_SNDBUF                            = 0x7
-	SO_SNDBUFFORCE                       = 0x20
-	SO_SNDLOWAT                          = 0x13
-	SO_SNDTIMEO                          = 0x15
-	SO_TIMESTAMP                         = 0x1d
-	SO_TIMESTAMPING                      = 0x25
-	SO_TIMESTAMPNS                       = 0x23
-	SO_TYPE                              = 0x3
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE        = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE        = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE            = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT        = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX          = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID        = 0x3
-	SO_VM_SOCKETS_TRUSTED                = 0x5
-	SO_WIFI_STATUS                       = 0x29
-	SO_ZEROCOPY                          = 0x3c
-	SPLICE_F_GIFT                        = 0x8
-	SPLICE_F_MORE                        = 0x4
-	SPLICE_F_MOVE                        = 0x1
-	SPLICE_F_NONBLOCK                    = 0x2
-	SQUASHFS_MAGIC                       = 0x73717368
-	STACK_END_MAGIC                      = 0x57ac6e9d
-	STATX_ALL                            = 0xfff
-	STATX_ATIME                          = 0x20
-	STATX_ATTR_APPEND                    = 0x20
-	STATX_ATTR_AUTOMOUNT                 = 0x1000
-	STATX_ATTR_COMPRESSED                = 0x4
-	STATX_ATTR_ENCRYPTED                 = 0x800
-	STATX_ATTR_IMMUTABLE                 = 0x10
-	STATX_ATTR_NODUMP                    = 0x40
-	STATX_BASIC_STATS                    = 0x7ff
-	STATX_BLOCKS                         = 0x400
-	STATX_BTIME                          = 0x800
-	STATX_CTIME                          = 0x80
-	STATX_GID                            = 0x10
-	STATX_INO                            = 0x100
-	STATX_MODE                           = 0x2
-	STATX_MTIME                          = 0x40
-	STATX_NLINK                          = 0x4
-	STATX_SIZE                           = 0x200
-	STATX_TYPE                           = 0x1
-	STATX_UID                            = 0x8
-	STATX__RESERVED                      = 0x80000000
-	SYSFS_MAGIC                          = 0x62656572
-	S_BLKSIZE                            = 0x200
-	S_IEXEC                              = 0x40
-	S_IFBLK                              = 0x6000
-	S_IFCHR                              = 0x2000
-	S_IFDIR                              = 0x4000
-	S_IFIFO                              = 0x1000
-	S_IFLNK                              = 0xa000
-	S_IFMT                               = 0xf000
-	S_IFREG                              = 0x8000
-	S_IFSOCK                             = 0xc000
-	S_IREAD                              = 0x100
-	S_IRGRP                              = 0x20
-	S_IROTH                              = 0x4
-	S_IRUSR                              = 0x100
-	S_IRWXG                              = 0x38
-	S_IRWXO                              = 0x7
-	S_IRWXU                              = 0x1c0
-	S_ISGID                              = 0x400
-	S_ISUID                              = 0x800
-	S_ISVTX                              = 0x200
-	S_IWGRP                              = 0x10
-	S_IWOTH                              = 0x2
-	S_IWRITE                             = 0x80
-	S_IWUSR                              = 0x80
-	S_IXGRP                              = 0x8
-	S_IXOTH                              = 0x1
-	S_IXUSR                              = 0x40
-	TAB0                                 = 0x0
-	TAB1                                 = 0x800
-	TAB2                                 = 0x1000
-	TAB3                                 = 0x1800
-	TABDLY                               = 0x1800
-	TASKSTATS_CMD_ATTR_MAX               = 0x4
-	TASKSTATS_CMD_MAX                    = 0x2
-	TASKSTATS_GENL_NAME                  = "TASKSTATS"
-	TASKSTATS_GENL_VERSION               = 0x1
-	TASKSTATS_TYPE_MAX                   = 0x6
-	TASKSTATS_VERSION                    = 0x8
-	TCFLSH                               = 0x540b
-	TCGETA                               = 0x5405
-	TCGETS                               = 0x5401
-	TCGETS2                              = 0x802c542a
-	TCGETX                               = 0x5432
-	TCIFLUSH                             = 0x0
-	TCIOFF                               = 0x2
-	TCIOFLUSH                            = 0x2
-	TCION                                = 0x3
-	TCOFLUSH                             = 0x1
-	TCOOFF                               = 0x0
-	TCOON                                = 0x1
-	TCP_CC_INFO                          = 0x1a
-	TCP_CONGESTION                       = 0xd
-	TCP_COOKIE_IN_ALWAYS                 = 0x1
-	TCP_COOKIE_MAX                       = 0x10
-	TCP_COOKIE_MIN                       = 0x8
-	TCP_COOKIE_OUT_NEVER                 = 0x2
-	TCP_COOKIE_PAIR_SIZE                 = 0x20
-	TCP_COOKIE_TRANSACTIONS              = 0xf
-	TCP_CORK                             = 0x3
-	TCP_DEFER_ACCEPT                     = 0x9
-	TCP_FASTOPEN                         = 0x17
-	TCP_FASTOPEN_CONNECT                 = 0x1e
-	TCP_INFO                             = 0xb
-	TCP_KEEPCNT                          = 0x6
-	TCP_KEEPIDLE                         = 0x4
-	TCP_KEEPINTVL                        = 0x5
-	TCP_LINGER2                          = 0x8
-	TCP_MAXSEG                           = 0x2
-	TCP_MAXWIN                           = 0xffff
-	TCP_MAX_WINSHIFT                     = 0xe
-	TCP_MD5SIG                           = 0xe
-	TCP_MD5SIG_EXT                       = 0x20
-	TCP_MD5SIG_FLAG_PREFIX               = 0x1
-	TCP_MD5SIG_MAXKEYLEN                 = 0x50
-	TCP_MSS                              = 0x200
-	TCP_MSS_DEFAULT                      = 0x218
-	TCP_MSS_DESIRED                      = 0x4c4
-	TCP_NODELAY                          = 0x1
-	TCP_NOTSENT_LOWAT                    = 0x19
-	TCP_QUEUE_SEQ                        = 0x15
-	TCP_QUICKACK                         = 0xc
-	TCP_REPAIR                           = 0x13
-	TCP_REPAIR_OPTIONS                   = 0x16
-	TCP_REPAIR_QUEUE                     = 0x14
-	TCP_REPAIR_WINDOW                    = 0x1d
-	TCP_SAVED_SYN                        = 0x1c
-	TCP_SAVE_SYN                         = 0x1b
-	TCP_SYNCNT                           = 0x7
-	TCP_S_DATA_IN                        = 0x4
-	TCP_S_DATA_OUT                       = 0x8
-	TCP_THIN_DUPACK                      = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS             = 0x10
-	TCP_TIMESTAMP                        = 0x18
-	TCP_ULP                              = 0x1f
-	TCP_USER_TIMEOUT                     = 0x12
-	TCP_WINDOW_CLAMP                     = 0xa
-	TCSAFLUSH                            = 0x2
-	TCSBRK                               = 0x5409
-	TCSBRKP                              = 0x5425
-	TCSETA                               = 0x5406
-	TCSETAF                              = 0x5408
-	TCSETAW                              = 0x5407
-	TCSETS                               = 0x5402
-	TCSETS2                              = 0x402c542b
-	TCSETSF                              = 0x5404
-	TCSETSF2                             = 0x402c542d
-	TCSETSW                              = 0x5403
-	TCSETSW2                             = 0x402c542c
-	TCSETX                               = 0x5433
-	TCSETXF                              = 0x5434
-	TCSETXW                              = 0x5435
-	TCXONC                               = 0x540a
-	TIOCCBRK                             = 0x5428
-	TIOCCONS                             = 0x541d
-	TIOCEXCL                             = 0x540c
-	TIOCGDEV                             = 0x80045432
-	TIOCGETD                             = 0x5424
-	TIOCGEXCL                            = 0x80045440
-	TIOCGICOUNT                          = 0x545d
-	TIOCGLCKTRMIOS                       = 0x5456
-	TIOCGPGRP                            = 0x540f
-	TIOCGPKT                             = 0x80045438
-	TIOCGPTLCK                           = 0x80045439
-	TIOCGPTN                             = 0x80045430
-	TIOCGPTPEER                          = 0x5441
-	TIOCGRS485                           = 0x542e
-	TIOCGSERIAL                          = 0x541e
-	TIOCGSID                             = 0x5429
-	TIOCGSOFTCAR                         = 0x5419
-	TIOCGWINSZ                           = 0x5413
-	TIOCINQ                              = 0x541b
-	TIOCLINUX                            = 0x541c
-	TIOCMBIC                             = 0x5417
-	TIOCMBIS                             = 0x5416
-	TIOCMGET                             = 0x5415
-	TIOCMIWAIT                           = 0x545c
-	TIOCMSET                             = 0x5418
-	TIOCM_CAR                            = 0x40
-	TIOCM_CD                             = 0x40
-	TIOCM_CTS                            = 0x20
-	TIOCM_DSR                            = 0x100
-	TIOCM_DTR                            = 0x2
-	TIOCM_LE                             = 0x1
-	TIOCM_RI                             = 0x80
-	TIOCM_RNG                            = 0x80
-	TIOCM_RTS                            = 0x4
-	TIOCM_SR                             = 0x10
-	TIOCM_ST                             = 0x8
-	TIOCNOTTY                            = 0x5422
-	TIOCNXCL                             = 0x540d
-	TIOCOUTQ                             = 0x5411
-	TIOCPKT                              = 0x5420
-	TIOCPKT_DATA                         = 0x0
-	TIOCPKT_DOSTOP                       = 0x20
-	TIOCPKT_FLUSHREAD                    = 0x1
-	TIOCPKT_FLUSHWRITE                   = 0x2
-	TIOCPKT_IOCTL                        = 0x40
-	TIOCPKT_NOSTOP                       = 0x10
-	TIOCPKT_START                        = 0x8
-	TIOCPKT_STOP                         = 0x4
-	TIOCSBRK                             = 0x5427
-	TIOCSCTTY                            = 0x540e
-	TIOCSERCONFIG                        = 0x5453
-	TIOCSERGETLSR                        = 0x5459
-	TIOCSERGETMULTI                      = 0x545a
-	TIOCSERGSTRUCT                       = 0x5458
-	TIOCSERGWILD                         = 0x5454
-	TIOCSERSETMULTI                      = 0x545b
-	TIOCSERSWILD                         = 0x5455
-	TIOCSER_TEMT                         = 0x1
-	TIOCSETD                             = 0x5423
-	TIOCSIG                              = 0x40045436
-	TIOCSLCKTRMIOS                       = 0x5457
-	TIOCSPGRP                            = 0x5410
-	TIOCSPTLCK                           = 0x40045431
-	TIOCSRS485                           = 0x542f
-	TIOCSSERIAL                          = 0x541f
-	TIOCSSOFTCAR                         = 0x541a
-	TIOCSTI                              = 0x5412
-	TIOCSWINSZ                           = 0x5414
-	TIOCVHANGUP                          = 0x5437
-	TMPFS_MAGIC                          = 0x1021994
-	TOSTOP                               = 0x100
-	TPACKET_ALIGNMENT                    = 0x10
-	TPACKET_HDRLEN                       = 0x34
-	TP_STATUS_AVAILABLE                  = 0x0
-	TP_STATUS_BLK_TMO                    = 0x20
-	TP_STATUS_COPY                       = 0x2
-	TP_STATUS_CSUMNOTREADY               = 0x8
-	TP_STATUS_CSUM_VALID                 = 0x80
-	TP_STATUS_KERNEL                     = 0x0
-	TP_STATUS_LOSING                     = 0x4
-	TP_STATUS_SENDING                    = 0x2
-	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
-	TP_STATUS_TS_SOFTWARE                = 0x20000000
-	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
-	TP_STATUS_USER                       = 0x1
-	TP_STATUS_VLAN_TPID_VALID            = 0x40
-	TP_STATUS_VLAN_VALID                 = 0x10
-	TP_STATUS_WRONG_FORMAT               = 0x4
-	TRACEFS_MAGIC                        = 0x74726163
-	TS_COMM_LEN                          = 0x20
-	TUNATTACHFILTER                      = 0x401054d5
-	TUNDETACHFILTER                      = 0x401054d6
-	TUNGETFEATURES                       = 0x800454cf
-	TUNGETFILTER                         = 0x801054db
-	TUNGETIFF                            = 0x800454d2
-	TUNGETSNDBUF                         = 0x800454d3
-	TUNGETVNETBE                         = 0x800454df
-	TUNGETVNETHDRSZ                      = 0x800454d7
-	TUNGETVNETLE                         = 0x800454dd
-	TUNSETDEBUG                          = 0x400454c9
-	TUNSETFILTEREBPF                     = 0x800454e1
-	TUNSETGROUP                          = 0x400454ce
-	TUNSETIFF                            = 0x400454ca
-	TUNSETIFINDEX                        = 0x400454da
-	TUNSETLINK                           = 0x400454cd
-	TUNSETNOCSUM                         = 0x400454c8
-	TUNSETOFFLOAD                        = 0x400454d0
-	TUNSETOWNER                          = 0x400454cc
-	TUNSETPERSIST                        = 0x400454cb
-	TUNSETQUEUE                          = 0x400454d9
-	TUNSETSNDBUF                         = 0x400454d4
-	TUNSETSTEERINGEBPF                   = 0x800454e0
-	TUNSETTXFILTER                       = 0x400454d1
-	TUNSETVNETBE                         = 0x400454de
-	TUNSETVNETHDRSZ                      = 0x400454d8
-	TUNSETVNETLE                         = 0x400454dc
-	UDF_SUPER_MAGIC                      = 0x15013346
-	UMOUNT_NOFOLLOW                      = 0x8
-	USBDEVICE_SUPER_MAGIC                = 0x9fa2
-	UTIME_NOW                            = 0x3fffffff
-	UTIME_OMIT                           = 0x3ffffffe
-	V9FS_MAGIC                           = 0x1021997
-	VDISCARD                             = 0xd
-	VEOF                                 = 0x4
-	VEOL                                 = 0xb
-	VEOL2                                = 0x10
-	VERASE                               = 0x2
-	VINTR                                = 0x0
-	VKILL                                = 0x3
-	VLNEXT                               = 0xf
-	VMADDR_CID_ANY                       = 0xffffffff
-	VMADDR_CID_HOST                      = 0x2
-	VMADDR_CID_HYPERVISOR                = 0x0
-	VMADDR_CID_RESERVED                  = 0x1
-	VMADDR_PORT_ANY                      = 0xffffffff
-	VMIN                                 = 0x6
-	VM_SOCKETS_INVALID_VERSION           = 0xffffffff
-	VQUIT                                = 0x1
-	VREPRINT                             = 0xc
-	VSTART                               = 0x8
-	VSTOP                                = 0x9
-	VSUSP                                = 0xa
-	VSWTC                                = 0x7
-	VT0                                  = 0x0
-	VT1                                  = 0x4000
-	VTDLY                                = 0x4000
-	VTIME                                = 0x5
-	VWERASE                              = 0xe
-	WALL                                 = 0x40000000
-	WCLONE                               = 0x80000000
-	WCONTINUED                           = 0x8
-	WDIOC_GETBOOTSTATUS                  = 0x80045702
-	WDIOC_GETPRETIMEOUT                  = 0x80045709
-	WDIOC_GETSTATUS                      = 0x80045701
-	WDIOC_GETSUPPORT                     = 0x80285700
-	WDIOC_GETTEMP                        = 0x80045703
-	WDIOC_GETTIMELEFT                    = 0x8004570a
-	WDIOC_GETTIMEOUT                     = 0x80045707
-	WDIOC_KEEPALIVE                      = 0x80045705
-	WDIOC_SETOPTIONS                     = 0x80045704
-	WDIOC_SETPRETIMEOUT                  = 0xc0045708
-	WDIOC_SETTIMEOUT                     = 0xc0045706
-	WEXITED                              = 0x4
-	WIN_ACKMEDIACHANGE                   = 0xdb
-	WIN_CHECKPOWERMODE1                  = 0xe5
-	WIN_CHECKPOWERMODE2                  = 0x98
-	WIN_DEVICE_RESET                     = 0x8
-	WIN_DIAGNOSE                         = 0x90
-	WIN_DOORLOCK                         = 0xde
-	WIN_DOORUNLOCK                       = 0xdf
-	WIN_DOWNLOAD_MICROCODE               = 0x92
-	WIN_FLUSH_CACHE                      = 0xe7
-	WIN_FLUSH_CACHE_EXT                  = 0xea
-	WIN_FORMAT                           = 0x50
-	WIN_GETMEDIASTATUS                   = 0xda
-	WIN_IDENTIFY                         = 0xec
-	WIN_IDENTIFY_DMA                     = 0xee
-	WIN_IDLEIMMEDIATE                    = 0xe1
-	WIN_INIT                             = 0x60
-	WIN_MEDIAEJECT                       = 0xed
-	WIN_MULTREAD                         = 0xc4
-	WIN_MULTREAD_EXT                     = 0x29
-	WIN_MULTWRITE                        = 0xc5
-	WIN_MULTWRITE_EXT                    = 0x39
-	WIN_NOP                              = 0x0
-	WIN_PACKETCMD                        = 0xa0
-	WIN_PIDENTIFY                        = 0xa1
-	WIN_POSTBOOT                         = 0xdc
-	WIN_PREBOOT                          = 0xdd
-	WIN_QUEUED_SERVICE                   = 0xa2
-	WIN_READ                             = 0x20
-	WIN_READDMA                          = 0xc8
-	WIN_READDMA_EXT                      = 0x25
-	WIN_READDMA_ONCE                     = 0xc9
-	WIN_READDMA_QUEUED                   = 0xc7
-	WIN_READDMA_QUEUED_EXT               = 0x26
-	WIN_READ_BUFFER                      = 0xe4
-	WIN_READ_EXT                         = 0x24
-	WIN_READ_LONG                        = 0x22
-	WIN_READ_LONG_ONCE                   = 0x23
-	WIN_READ_NATIVE_MAX                  = 0xf8
-	WIN_READ_NATIVE_MAX_EXT              = 0x27
-	WIN_READ_ONCE                        = 0x21
-	WIN_RECAL                            = 0x10
-	WIN_RESTORE                          = 0x10
-	WIN_SECURITY_DISABLE                 = 0xf6
-	WIN_SECURITY_ERASE_PREPARE           = 0xf3
-	WIN_SECURITY_ERASE_UNIT              = 0xf4
-	WIN_SECURITY_FREEZE_LOCK             = 0xf5
-	WIN_SECURITY_SET_PASS                = 0xf1
-	WIN_SECURITY_UNLOCK                  = 0xf2
-	WIN_SEEK                             = 0x70
-	WIN_SETFEATURES                      = 0xef
-	WIN_SETIDLE1                         = 0xe3
-	WIN_SETIDLE2                         = 0x97
-	WIN_SETMULT                          = 0xc6
-	WIN_SET_MAX                          = 0xf9
-	WIN_SET_MAX_EXT                      = 0x37
-	WIN_SLEEPNOW1                        = 0xe6
-	WIN_SLEEPNOW2                        = 0x99
-	WIN_SMART                            = 0xb0
-	WIN_SPECIFY                          = 0x91
-	WIN_SRST                             = 0x8
-	WIN_STANDBY                          = 0xe2
-	WIN_STANDBY2                         = 0x96
-	WIN_STANDBYNOW1                      = 0xe0
-	WIN_STANDBYNOW2                      = 0x94
-	WIN_VERIFY                           = 0x40
-	WIN_VERIFY_EXT                       = 0x42
-	WIN_VERIFY_ONCE                      = 0x41
-	WIN_WRITE                            = 0x30
-	WIN_WRITEDMA                         = 0xca
-	WIN_WRITEDMA_EXT                     = 0x35
-	WIN_WRITEDMA_ONCE                    = 0xcb
-	WIN_WRITEDMA_QUEUED                  = 0xcc
-	WIN_WRITEDMA_QUEUED_EXT              = 0x36
-	WIN_WRITE_BUFFER                     = 0xe8
-	WIN_WRITE_EXT                        = 0x34
-	WIN_WRITE_LONG                       = 0x32
-	WIN_WRITE_LONG_ONCE                  = 0x33
-	WIN_WRITE_ONCE                       = 0x31
-	WIN_WRITE_SAME                       = 0xe9
-	WIN_WRITE_VERIFY                     = 0x3c
-	WNOHANG                              = 0x1
-	WNOTHREAD                            = 0x20000000
-	WNOWAIT                              = 0x1000000
-	WORDSIZE                             = 0x40
-	WSTOPPED                             = 0x2
-	WUNTRACED                            = 0x2
-	XATTR_CREATE                         = 0x1
-	XATTR_REPLACE                        = 0x2
-	XCASE                                = 0x4
-	XENFS_SUPER_MAGIC                    = 0xabba1974
-	XTABS                                = 0x1800
-	ZSMALLOC_MAGIC                       = 0x58295829
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80081270
+	BLKBSZSET                        = 0x40081271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECCGETLAYOUT                     = 0x81484d11
+	ECCGETSTATS                      = 0x80104d12
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0x5
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x80084803
+	HIDIOCGRDESC                     = 0x90044802
+	HIDIOCGRDESCSIZE                 = 0x80044801
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	MEMERASE                         = 0x40084d02
+	MEMERASE64                       = 0x40104d14
+	MEMGETBADBLOCK                   = 0x40084d0b
+	MEMGETINFO                       = 0x80204d01
+	MEMGETOOBSEL                     = 0x80c84d0a
+	MEMGETREGIONCOUNT                = 0x80044d07
+	MEMISLOCKED                      = 0x80084d17
+	MEMLOCK                          = 0x40084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x40084d0c
+	MEMUNLOCK                        = 0x40084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x4d13
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	OTPERASE                         = 0x400c4d19
+	OTPGETREGIONCOUNT                = 0x40044d0e
+	OTPGETREGIONINFO                 = 0x400c4d0f
+	OTPLOCK                          = 0x800c4d10
+	OTPSELECT                        = 0x80044d0d
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x4000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCBRIDGECHAN                 = 0x40047435
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8010743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40107446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x4010744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40107447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCUNBRIDGECHAN               = 0x7434
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_DISABLE_TE                = 0x5010
+	PTRACE_ENABLE_TE                 = 0x5009
+	PTRACE_GET_LAST_BREAK            = 0x5006
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_AREA             = 0x5003
+	PTRACE_PEEKTEXT_AREA             = 0x5002
+	PTRACE_PEEKUSR_AREA              = 0x5000
+	PTRACE_PEEK_SYSTEM_CALL          = 0x5007
+	PTRACE_POKEDATA_AREA             = 0x5005
+	PTRACE_POKETEXT_AREA             = 0x5004
+	PTRACE_POKEUSR_AREA              = 0x5001
+	PTRACE_POKE_SYSTEM_CALL          = 0x5008
+	PTRACE_PROT                      = 0x15
+	PTRACE_SINGLEBLOCK               = 0xc
+	PTRACE_SYSEMU                    = 0x1f
+	PTRACE_SYSEMU_SINGLESTEP         = 0x20
+	PTRACE_TE_ABORT_RAND             = 0x5011
+	PT_ACR0                          = 0x90
+	PT_ACR1                          = 0x94
+	PT_ACR10                         = 0xb8
+	PT_ACR11                         = 0xbc
+	PT_ACR12                         = 0xc0
+	PT_ACR13                         = 0xc4
+	PT_ACR14                         = 0xc8
+	PT_ACR15                         = 0xcc
+	PT_ACR2                          = 0x98
+	PT_ACR3                          = 0x9c
+	PT_ACR4                          = 0xa0
+	PT_ACR5                          = 0xa4
+	PT_ACR6                          = 0xa8
+	PT_ACR7                          = 0xac
+	PT_ACR8                          = 0xb0
+	PT_ACR9                          = 0xb4
+	PT_CR_10                         = 0x168
+	PT_CR_11                         = 0x170
+	PT_CR_9                          = 0x160
+	PT_ENDREGS                       = 0x1af
+	PT_FPC                           = 0xd8
+	PT_FPR0                          = 0xe0
+	PT_FPR1                          = 0xe8
+	PT_FPR10                         = 0x130
+	PT_FPR11                         = 0x138
+	PT_FPR12                         = 0x140
+	PT_FPR13                         = 0x148
+	PT_FPR14                         = 0x150
+	PT_FPR15                         = 0x158
+	PT_FPR2                          = 0xf0
+	PT_FPR3                          = 0xf8
+	PT_FPR4                          = 0x100
+	PT_FPR5                          = 0x108
+	PT_FPR6                          = 0x110
+	PT_FPR7                          = 0x118
+	PT_FPR8                          = 0x120
+	PT_FPR9                          = 0x128
+	PT_GPR0                          = 0x10
+	PT_GPR1                          = 0x18
+	PT_GPR10                         = 0x60
+	PT_GPR11                         = 0x68
+	PT_GPR12                         = 0x70
+	PT_GPR13                         = 0x78
+	PT_GPR14                         = 0x80
+	PT_GPR15                         = 0x88
+	PT_GPR2                          = 0x20
+	PT_GPR3                          = 0x28
+	PT_GPR4                          = 0x30
+	PT_GPR5                          = 0x38
+	PT_GPR6                          = 0x40
+	PT_GPR7                          = 0x48
+	PT_GPR8                          = 0x50
+	PT_GPR9                          = 0x58
+	PT_IEEE_IP                       = 0x1a8
+	PT_LASTOFF                       = 0x1a8
+	PT_ORIGGPR2                      = 0xd0
+	PT_PSWADDR                       = 0x8
+	PT_PSWMASK                       = 0x0
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8008700d
+	RTC_EPOCH_SET                    = 0x4008700e
+	RTC_IRQP_READ                    = 0x8008700b
+	RTC_IRQP_SET                     = 0x4008700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x80207011
+	RTC_PLL_SET                      = 0x40207012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NETNS_COOKIE                  = 0x47
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x401054d5
+	TUNDETACHFILTER                  = 0x401054d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x801054db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x80804804
+	_HIDIOCGRAWPHYS                  = 0x80404805
+	_HIDIOCGRAWUNIQ                  = 0x80404808
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x62)
 	EADDRNOTAVAIL   = syscall.Errno(0x63)
 	EADV            = syscall.Errno(0x44)
 	EAFNOSUPPORT    = syscall.Errno(0x61)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x72)
 	EBADE           = syscall.Errno(0x34)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x4d)
 	EBADMSG         = syscall.Errno(0x4a)
 	EBADR           = syscall.Errno(0x35)
 	EBADRQC         = syscall.Errno(0x38)
 	EBADSLT         = syscall.Errno(0x39)
 	EBFONT          = syscall.Errno(0x3b)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x7d)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x2c)
 	ECOMM           = syscall.Errno(0x46)
 	ECONNABORTED    = syscall.Errno(0x67)
@@ -2336,23 +600,15 @@ const (
 	EDEADLK         = syscall.Errno(0x23)
 	EDEADLOCK       = syscall.Errno(0x23)
 	EDESTADDRREQ    = syscall.Errno(0x59)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x49)
 	EDQUOT          = syscall.Errno(0x7a)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x70)
 	EHOSTUNREACH    = syscall.Errno(0x71)
 	EHWPOISON       = syscall.Errno(0x85)
 	EIDRM           = syscall.Errno(0x2b)
 	EILSEQ          = syscall.Errno(0x54)
 	EINPROGRESS     = syscall.Errno(0x73)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x6a)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x78)
 	EKEYEXPIRED     = syscall.Errno(0x7f)
 	EKEYREJECTED    = syscall.Errno(0x81)
@@ -2369,8 +625,6 @@ const (
 	ELNRNG          = syscall.Errno(0x30)
 	ELOOP           = syscall.Errno(0x28)
 	EMEDIUMTYPE     = syscall.Errno(0x7c)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x5a)
 	EMULTIHOP       = syscall.Errno(0x48)
 	ENAMETOOLONG    = syscall.Errno(0x24)
@@ -2378,99 +632,67 @@ const (
 	ENETDOWN        = syscall.Errno(0x64)
 	ENETRESET       = syscall.Errno(0x66)
 	ENETUNREACH     = syscall.Errno(0x65)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x37)
 	ENOBUFS         = syscall.Errno(0x69)
 	ENOCSI          = syscall.Errno(0x32)
 	ENODATA         = syscall.Errno(0x3d)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0x7e)
 	ENOLCK          = syscall.Errno(0x25)
 	ENOLINK         = syscall.Errno(0x43)
 	ENOMEDIUM       = syscall.Errno(0x7b)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x2a)
 	ENONET          = syscall.Errno(0x40)
 	ENOPKG          = syscall.Errno(0x41)
 	ENOPROTOOPT     = syscall.Errno(0x5c)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x3f)
 	ENOSTR          = syscall.Errno(0x3c)
 	ENOSYS          = syscall.Errno(0x26)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x6b)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x27)
 	ENOTNAM         = syscall.Errno(0x76)
 	ENOTRECOVERABLE = syscall.Errno(0x83)
 	ENOTSOCK        = syscall.Errno(0x58)
 	ENOTSUP         = syscall.Errno(0x5f)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x4c)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x5f)
 	EOVERFLOW       = syscall.Errno(0x4b)
 	EOWNERDEAD      = syscall.Errno(0x82)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x60)
-	EPIPE           = syscall.Errno(0x20)
 	EPROTO          = syscall.Errno(0x47)
 	EPROTONOSUPPORT = syscall.Errno(0x5d)
 	EPROTOTYPE      = syscall.Errno(0x5b)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x4e)
 	EREMOTE         = syscall.Errno(0x42)
 	EREMOTEIO       = syscall.Errno(0x79)
 	ERESTART        = syscall.Errno(0x55)
 	ERFKILL         = syscall.Errno(0x84)
-	EROFS           = syscall.Errno(0x1e)
 	ESHUTDOWN       = syscall.Errno(0x6c)
 	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x45)
 	ESTALE          = syscall.Errno(0x74)
 	ESTRPIPE        = syscall.Errno(0x56)
 	ETIME           = syscall.Errno(0x3e)
 	ETIMEDOUT       = syscall.Errno(0x6e)
 	ETOOMANYREFS    = syscall.Errno(0x6d)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x75)
 	EUNATCH         = syscall.Errno(0x31)
 	EUSERS          = syscall.Errno(0x57)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x36)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0x7)
 	SIGCHLD   = syscall.Signal(0x11)
 	SIGCLD    = syscall.Signal(0x11)
 	SIGCONT   = syscall.Signal(0x12)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x1d)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x1d)
 	SIGPROF   = syscall.Signal(0x1b)
 	SIGPWR    = syscall.Signal(0x1e)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTKFLT = syscall.Signal(0x10)
 	SIGSTOP   = syscall.Signal(0x13)
 	SIGSYS    = syscall.Signal(0x1f)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x14)
 	SIGTTIN   = syscall.Signal(0x15)
 	SIGTTOU   = syscall.Signal(0x16)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 7fdc85b172609..1f8bded56bbc1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -1,915 +1,160 @@
-// mkerrors.sh -m64
-// Code generated by the command above; DO NOT EDIT.
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build sparc64 && linux
 // +build sparc64,linux
 
-// Created by cgo -godefs - DO NOT EDIT
-// cgo -godefs -- -m64 _const.go
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
 
 package unix
 
 import "syscall"
 
 const (
-	AF_ALG                           = 0x26
-	AF_APPLETALK                     = 0x5
-	AF_ASH                           = 0x12
-	AF_ATMPVC                        = 0x8
-	AF_ATMSVC                        = 0x14
-	AF_AX25                          = 0x3
-	AF_BLUETOOTH                     = 0x1f
-	AF_BRIDGE                        = 0x7
-	AF_CAIF                          = 0x25
-	AF_CAN                           = 0x1d
-	AF_DECnet                        = 0xc
-	AF_ECONET                        = 0x13
-	AF_FILE                          = 0x1
-	AF_IB                            = 0x1b
-	AF_IEEE802154                    = 0x24
-	AF_INET                          = 0x2
-	AF_INET6                         = 0xa
-	AF_IPX                           = 0x4
-	AF_IRDA                          = 0x17
-	AF_ISDN                          = 0x22
-	AF_IUCV                          = 0x20
-	AF_KCM                           = 0x29
-	AF_KEY                           = 0xf
-	AF_LLC                           = 0x1a
-	AF_LOCAL                         = 0x1
-	AF_MAX                           = 0x2a
-	AF_MPLS                          = 0x1c
-	AF_NETBEUI                       = 0xd
-	AF_NETLINK                       = 0x10
-	AF_NETROM                        = 0x6
-	AF_NFC                           = 0x27
-	AF_PACKET                        = 0x11
-	AF_PHONET                        = 0x23
-	AF_PPPOX                         = 0x18
-	AF_RDS                           = 0x15
-	AF_ROSE                          = 0xb
-	AF_ROUTE                         = 0x10
-	AF_RXRPC                         = 0x21
-	AF_SECURITY                      = 0xe
-	AF_SNA                           = 0x16
-	AF_TIPC                          = 0x1e
-	AF_UNIX                          = 0x1
-	AF_UNSPEC                        = 0x0
-	AF_VSOCK                         = 0x28
-	AF_WANPIPE                       = 0x19
-	AF_X25                           = 0x9
-	ALG_OP_DECRYPT                   = 0x0
-	ALG_OP_ENCRYPT                   = 0x1
-	ALG_SET_AEAD_ASSOCLEN            = 0x4
-	ALG_SET_AEAD_AUTHSIZE            = 0x5
-	ALG_SET_IV                       = 0x2
-	ALG_SET_KEY                      = 0x1
-	ALG_SET_OP                       = 0x3
-	ARPHRD_6LOWPAN                   = 0x339
-	ARPHRD_ADAPT                     = 0x108
-	ARPHRD_APPLETLK                  = 0x8
-	ARPHRD_ARCNET                    = 0x7
-	ARPHRD_ASH                       = 0x30d
-	ARPHRD_ATM                       = 0x13
-	ARPHRD_AX25                      = 0x3
-	ARPHRD_BIF                       = 0x307
-	ARPHRD_CAIF                      = 0x336
-	ARPHRD_CAN                       = 0x118
-	ARPHRD_CHAOS                     = 0x5
-	ARPHRD_CISCO                     = 0x201
-	ARPHRD_CSLIP                     = 0x101
-	ARPHRD_CSLIP6                    = 0x103
-	ARPHRD_DDCMP                     = 0x205
-	ARPHRD_DLCI                      = 0xf
-	ARPHRD_ECONET                    = 0x30e
-	ARPHRD_EETHER                    = 0x2
-	ARPHRD_ETHER                     = 0x1
-	ARPHRD_EUI64                     = 0x1b
-	ARPHRD_FCAL                      = 0x311
-	ARPHRD_FCFABRIC                  = 0x313
-	ARPHRD_FCPL                      = 0x312
-	ARPHRD_FCPP                      = 0x310
-	ARPHRD_FDDI                      = 0x306
-	ARPHRD_FRAD                      = 0x302
-	ARPHRD_HDLC                      = 0x201
-	ARPHRD_HIPPI                     = 0x30c
-	ARPHRD_HWX25                     = 0x110
-	ARPHRD_IEEE1394                  = 0x18
-	ARPHRD_IEEE802                   = 0x6
-	ARPHRD_IEEE80211                 = 0x321
-	ARPHRD_IEEE80211_PRISM           = 0x322
-	ARPHRD_IEEE80211_RADIOTAP        = 0x323
-	ARPHRD_IEEE802154                = 0x324
-	ARPHRD_IEEE802154_MONITOR        = 0x325
-	ARPHRD_IEEE802_TR                = 0x320
-	ARPHRD_INFINIBAND                = 0x20
-	ARPHRD_IP6GRE                    = 0x337
-	ARPHRD_IPDDP                     = 0x309
-	ARPHRD_IPGRE                     = 0x30a
-	ARPHRD_IRDA                      = 0x30f
-	ARPHRD_LAPB                      = 0x204
-	ARPHRD_LOCALTLK                  = 0x305
-	ARPHRD_LOOPBACK                  = 0x304
-	ARPHRD_METRICOM                  = 0x17
-	ARPHRD_NETLINK                   = 0x338
-	ARPHRD_NETROM                    = 0x0
-	ARPHRD_NONE                      = 0xfffe
-	ARPHRD_PHONET                    = 0x334
-	ARPHRD_PHONET_PIPE               = 0x335
-	ARPHRD_PIMREG                    = 0x30b
-	ARPHRD_PPP                       = 0x200
-	ARPHRD_PRONET                    = 0x4
-	ARPHRD_RAWHDLC                   = 0x206
-	ARPHRD_ROSE                      = 0x10e
-	ARPHRD_RSRVD                     = 0x104
-	ARPHRD_SIT                       = 0x308
-	ARPHRD_SKIP                      = 0x303
-	ARPHRD_SLIP                      = 0x100
-	ARPHRD_SLIP6                     = 0x102
-	ARPHRD_TUNNEL                    = 0x300
-	ARPHRD_TUNNEL6                   = 0x301
-	ARPHRD_VOID                      = 0xffff
-	ARPHRD_X25                       = 0x10f
 	ASI_LEON_DFLUSH                  = 0x11
 	ASI_LEON_IFLUSH                  = 0x10
 	ASI_LEON_MMUFLUSH                = 0x18
-	B0                               = 0x0
-	B1000000                         = 0x100c
-	B110                             = 0x3
+	B1000000                         = 0x1008
 	B115200                          = 0x1002
-	B1152000                         = 0x100d
-	B1200                            = 0x9
-	B134                             = 0x4
-	B150                             = 0x5
-	B1500000                         = 0x100e
-	B153600                          = 0x1006
-	B1800                            = 0xa
-	B19200                           = 0xe
-	B200                             = 0x6
-	B2000000                         = 0x100f
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
 	B230400                          = 0x1003
-	B2400                            = 0xb
-	B300                             = 0x7
-	B307200                          = 0x1007
-	B38400                           = 0xf
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
 	B460800                          = 0x1004
-	B4800                            = 0xc
-	B50                              = 0x1
-	B500000                          = 0x100a
+	B500000                          = 0x1005
 	B57600                           = 0x1001
-	B576000                          = 0x100b
-	B600                             = 0x8
-	B614400                          = 0x1008
-	B75                              = 0x2
-	B76800                           = 0x1005
-	B921600                          = 0x1009
-	B9600                            = 0xd
-	BLKBSZGET                        = 0x80081270
-	BLKBSZSET                        = 0x40081271
-	BLKFLSBUF                        = 0x1261
-	BLKFRAGET                        = 0x1265
-	BLKFRASET                        = 0x1264
-	BLKGETSIZE                       = 0x1260
-	BLKGETSIZE64                     = 0x80081272
-	BLKRAGET                         = 0x1263
-	BLKRASET                         = 0x1262
-	BLKROGET                         = 0x125e
-	BLKROSET                         = 0x125d
-	BLKRRPART                        = 0x125f
-	BLKSECTGET                       = 0x1267
-	BLKSECTSET                       = 0x1266
-	BLKSSZGET                        = 0x1268
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
 	BOTHER                           = 0x1000
-	BPF_A                            = 0x10
-	BPF_ABS                          = 0x20
-	BPF_ADD                          = 0x0
-	BPF_ALU                          = 0x4
-	BPF_AND                          = 0x50
-	BPF_B                            = 0x10
-	BPF_DIV                          = 0x30
-	BPF_H                            = 0x8
-	BPF_IMM                          = 0x0
-	BPF_IND                          = 0x40
-	BPF_JA                           = 0x0
-	BPF_JEQ                          = 0x10
-	BPF_JGE                          = 0x30
-	BPF_JGT                          = 0x20
-	BPF_JMP                          = 0x5
-	BPF_JSET                         = 0x40
-	BPF_K                            = 0x0
-	BPF_LD                           = 0x0
-	BPF_LDX                          = 0x1
-	BPF_LEN                          = 0x80
-	BPF_LL_OFF                       = -0x200000
-	BPF_LSH                          = 0x60
-	BPF_MAJOR_VERSION                = 0x1
-	BPF_MAXINSNS                     = 0x1000
-	BPF_MEM                          = 0x60
-	BPF_MEMWORDS                     = 0x10
-	BPF_MINOR_VERSION                = 0x1
-	BPF_MISC                         = 0x7
-	BPF_MOD                          = 0x90
-	BPF_MSH                          = 0xa0
-	BPF_MUL                          = 0x20
-	BPF_NEG                          = 0x80
-	BPF_NET_OFF                      = -0x100000
-	BPF_OR                           = 0x40
-	BPF_RET                          = 0x6
-	BPF_RSH                          = 0x70
-	BPF_ST                           = 0x2
-	BPF_STX                          = 0x3
-	BPF_SUB                          = 0x10
-	BPF_TAX                          = 0x0
-	BPF_TXA                          = 0x80
-	BPF_W                            = 0x0
-	BPF_X                            = 0x8
-	BPF_XOR                          = 0xa0
-	BRKINT                           = 0x2
-	BS0                              = 0x0
 	BS1                              = 0x2000
 	BSDLY                            = 0x2000
-	CAN_BCM                          = 0x2
-	CAN_EFF_FLAG                     = 0x80000000
-	CAN_EFF_ID_BITS                  = 0x1d
-	CAN_EFF_MASK                     = 0x1fffffff
-	CAN_ERR_FLAG                     = 0x20000000
-	CAN_ERR_MASK                     = 0x1fffffff
-	CAN_INV_FILTER                   = 0x20000000
-	CAN_ISOTP                        = 0x6
-	CAN_MAX_DLC                      = 0x8
-	CAN_MAX_DLEN                     = 0x8
-	CAN_MCNET                        = 0x5
-	CAN_MTU                          = 0x10
-	CAN_NPROTO                       = 0x7
-	CAN_RAW                          = 0x1
-	CAN_RTR_FLAG                     = 0x40000000
-	CAN_SFF_ID_BITS                  = 0xb
-	CAN_SFF_MASK                     = 0x7ff
-	CAN_TP16                         = 0x3
-	CAN_TP20                         = 0x4
 	CBAUD                            = 0x100f
 	CBAUDEX                          = 0x1000
-	CFLUSH                           = 0xf
 	CIBAUD                           = 0x100f0000
 	CLOCAL                           = 0x800
-	CLOCK_BOOTTIME                   = 0x7
-	CLOCK_BOOTTIME_ALARM             = 0x9
-	CLOCK_DEFAULT                    = 0x0
-	CLOCK_EXT                        = 0x1
-	CLOCK_INT                        = 0x2
-	CLOCK_MONOTONIC                  = 0x1
-	CLOCK_MONOTONIC_COARSE           = 0x6
-	CLOCK_MONOTONIC_RAW              = 0x4
-	CLOCK_PROCESS_CPUTIME_ID         = 0x2
-	CLOCK_REALTIME                   = 0x0
-	CLOCK_REALTIME_ALARM             = 0x8
-	CLOCK_REALTIME_COARSE            = 0x5
-	CLOCK_TAI                        = 0xb
-	CLOCK_THREAD_CPUTIME_ID          = 0x3
-	CLOCK_TXFROMRX                   = 0x4
-	CLOCK_TXINT                      = 0x3
-	CLONE_CHILD_CLEARTID             = 0x200000
-	CLONE_CHILD_SETTID               = 0x1000000
-	CLONE_DETACHED                   = 0x400000
-	CLONE_FILES                      = 0x400
-	CLONE_FS                         = 0x200
-	CLONE_IO                         = 0x80000000
-	CLONE_NEWCGROUP                  = 0x2000000
-	CLONE_NEWIPC                     = 0x8000000
-	CLONE_NEWNET                     = 0x40000000
-	CLONE_NEWNS                      = 0x20000
-	CLONE_NEWPID                     = 0x20000000
-	CLONE_NEWUSER                    = 0x10000000
-	CLONE_NEWUTS                     = 0x4000000
-	CLONE_PARENT                     = 0x8000
-	CLONE_PARENT_SETTID              = 0x100000
-	CLONE_PTRACE                     = 0x2000
-	CLONE_SETTLS                     = 0x80000
-	CLONE_SIGHAND                    = 0x800
-	CLONE_SYSVSEM                    = 0x40000
-	CLONE_THREAD                     = 0x10000
-	CLONE_UNTRACED                   = 0x800000
-	CLONE_VFORK                      = 0x4000
-	CLONE_VM                         = 0x100
-	CMSPAR                           = 0x40000000
-	CR0                              = 0x0
 	CR1                              = 0x200
 	CR2                              = 0x400
 	CR3                              = 0x600
 	CRDLY                            = 0x600
 	CREAD                            = 0x80
-	CRTSCTS                          = 0x80000000
-	CS5                              = 0x0
 	CS6                              = 0x10
 	CS7                              = 0x20
 	CS8                              = 0x30
-	CSIGNAL                          = 0xff
 	CSIZE                            = 0x30
-	CSTART                           = 0x11
-	CSTATUS                          = 0x0
-	CSTOP                            = 0x13
 	CSTOPB                           = 0x40
-	CSUSP                            = 0x1a
-	DT_BLK                           = 0x6
-	DT_CHR                           = 0x2
-	DT_DIR                           = 0x4
-	DT_FIFO                          = 0x1
-	DT_LNK                           = 0xa
-	DT_REG                           = 0x8
-	DT_SOCK                          = 0xc
-	DT_UNKNOWN                       = 0x0
-	DT_WHT                           = 0xe
-	ECHO                             = 0x8
+	ECCGETLAYOUT                     = 0x41484d11
+	ECCGETSTATS                      = 0x40104d12
 	ECHOCTL                          = 0x200
 	ECHOE                            = 0x10
 	ECHOK                            = 0x20
 	ECHOKE                           = 0x800
 	ECHONL                           = 0x40
 	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x400000
+	EFD_NONBLOCK                     = 0x4000
 	EMT_TAGOVF                       = 0x1
-	ENCODING_DEFAULT                 = 0x0
-	ENCODING_FM_MARK                 = 0x3
-	ENCODING_FM_SPACE                = 0x4
-	ENCODING_MANCHESTER              = 0x5
-	ENCODING_NRZ                     = 0x1
-	ENCODING_NRZI                    = 0x2
-	EPOLLERR                         = 0x8
-	EPOLLET                          = 0x80000000
-	EPOLLEXCLUSIVE                   = 0x10000000
-	EPOLLHUP                         = 0x10
-	EPOLLIN                          = 0x1
-	EPOLLMSG                         = 0x400
-	EPOLLONESHOT                     = 0x40000000
-	EPOLLOUT                         = 0x4
-	EPOLLPRI                         = 0x2
-	EPOLLRDBAND                      = 0x80
-	EPOLLRDHUP                       = 0x2000
-	EPOLLRDNORM                      = 0x40
-	EPOLLWAKEUP                      = 0x20000000
-	EPOLLWRBAND                      = 0x200
-	EPOLLWRNORM                      = 0x100
 	EPOLL_CLOEXEC                    = 0x400000
-	EPOLL_CTL_ADD                    = 0x1
-	EPOLL_CTL_DEL                    = 0x2
-	EPOLL_CTL_MOD                    = 0x3
-	ETH_P_1588                       = 0x88f7
-	ETH_P_8021AD                     = 0x88a8
-	ETH_P_8021AH                     = 0x88e7
-	ETH_P_8021Q                      = 0x8100
-	ETH_P_80221                      = 0x8917
-	ETH_P_802_2                      = 0x4
-	ETH_P_802_3                      = 0x1
-	ETH_P_802_3_MIN                  = 0x600
-	ETH_P_802_EX1                    = 0x88b5
-	ETH_P_AARP                       = 0x80f3
-	ETH_P_AF_IUCV                    = 0xfbfb
-	ETH_P_ALL                        = 0x3
-	ETH_P_AOE                        = 0x88a2
-	ETH_P_ARCNET                     = 0x1a
-	ETH_P_ARP                        = 0x806
-	ETH_P_ATALK                      = 0x809b
-	ETH_P_ATMFATE                    = 0x8884
-	ETH_P_ATMMPOA                    = 0x884c
-	ETH_P_AX25                       = 0x2
-	ETH_P_BATMAN                     = 0x4305
-	ETH_P_BPQ                        = 0x8ff
-	ETH_P_CAIF                       = 0xf7
-	ETH_P_CAN                        = 0xc
-	ETH_P_CANFD                      = 0xd
-	ETH_P_CONTROL                    = 0x16
-	ETH_P_CUST                       = 0x6006
-	ETH_P_DDCMP                      = 0x6
-	ETH_P_DEC                        = 0x6000
-	ETH_P_DIAG                       = 0x6005
-	ETH_P_DNA_DL                     = 0x6001
-	ETH_P_DNA_RC                     = 0x6002
-	ETH_P_DNA_RT                     = 0x6003
-	ETH_P_DSA                        = 0x1b
-	ETH_P_ECONET                     = 0x18
-	ETH_P_EDSA                       = 0xdada
-	ETH_P_FCOE                       = 0x8906
-	ETH_P_FIP                        = 0x8914
-	ETH_P_HDLC                       = 0x19
-	ETH_P_HSR                        = 0x892f
-	ETH_P_IEEE802154                 = 0xf6
-	ETH_P_IEEEPUP                    = 0xa00
-	ETH_P_IEEEPUPAT                  = 0xa01
-	ETH_P_IP                         = 0x800
-	ETH_P_IPV6                       = 0x86dd
-	ETH_P_IPX                        = 0x8137
-	ETH_P_IRDA                       = 0x17
-	ETH_P_LAT                        = 0x6004
-	ETH_P_LINK_CTL                   = 0x886c
-	ETH_P_LOCALTALK                  = 0x9
-	ETH_P_LOOP                       = 0x60
-	ETH_P_LOOPBACK                   = 0x9000
-	ETH_P_MACSEC                     = 0x88e5
-	ETH_P_MOBITEX                    = 0x15
-	ETH_P_MPLS_MC                    = 0x8848
-	ETH_P_MPLS_UC                    = 0x8847
-	ETH_P_MVRP                       = 0x88f5
-	ETH_P_PAE                        = 0x888e
-	ETH_P_PAUSE                      = 0x8808
-	ETH_P_PHONET                     = 0xf5
-	ETH_P_PPPTALK                    = 0x10
-	ETH_P_PPP_DISC                   = 0x8863
-	ETH_P_PPP_MP                     = 0x8
-	ETH_P_PPP_SES                    = 0x8864
-	ETH_P_PRP                        = 0x88fb
-	ETH_P_PUP                        = 0x200
-	ETH_P_PUPAT                      = 0x201
-	ETH_P_QINQ1                      = 0x9100
-	ETH_P_QINQ2                      = 0x9200
-	ETH_P_QINQ3                      = 0x9300
-	ETH_P_RARP                       = 0x8035
-	ETH_P_SCA                        = 0x6007
-	ETH_P_SLOW                       = 0x8809
-	ETH_P_SNAP                       = 0x5
-	ETH_P_TDLS                       = 0x890d
-	ETH_P_TEB                        = 0x6558
-	ETH_P_TIPC                       = 0x88ca
-	ETH_P_TRAILER                    = 0x1c
-	ETH_P_TR_802_2                   = 0x11
-	ETH_P_TSN                        = 0x22f0
-	ETH_P_WAN_PPP                    = 0x7
-	ETH_P_WCCP                       = 0x883e
-	ETH_P_X25                        = 0x805
-	ETH_P_XDSA                       = 0xf8
-	EXTA                             = 0xe
-	EXTB                             = 0xf
 	EXTPROC                          = 0x10000
-	FALLOC_FL_COLLAPSE_RANGE         = 0x8
-	FALLOC_FL_INSERT_RANGE           = 0x20
-	FALLOC_FL_KEEP_SIZE              = 0x1
-	FALLOC_FL_NO_HIDE_STALE          = 0x4
-	FALLOC_FL_PUNCH_HOLE             = 0x2
-	FALLOC_FL_ZERO_RANGE             = 0x10
-	FD_CLOEXEC                       = 0x1
-	FD_SETSIZE                       = 0x400
-	FF0                              = 0x0
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
-	FLUSHO                           = 0x2000
-	F_DUPFD                          = 0x0
-	F_DUPFD_CLOEXEC                  = 0x406
-	F_EXLCK                          = 0x4
-	F_GETFD                          = 0x1
-	F_GETFL                          = 0x3
-	F_GETLEASE                       = 0x401
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
 	F_GETLK                          = 0x7
 	F_GETLK64                        = 0x7
 	F_GETOWN                         = 0x5
-	F_GETOWN_EX                      = 0x10
-	F_GETPIPE_SZ                     = 0x408
-	F_GETSIG                         = 0xb
-	F_LOCK                           = 0x1
-	F_NOTIFY                         = 0x402
-	F_OFD_GETLK                      = 0x24
-	F_OFD_SETLK                      = 0x25
-	F_OFD_SETLKW                     = 0x26
-	F_OK                             = 0x0
 	F_RDLCK                          = 0x1
-	F_SETFD                          = 0x2
-	F_SETFL                          = 0x4
-	F_SETLEASE                       = 0x400
 	F_SETLK                          = 0x8
 	F_SETLK64                        = 0x8
 	F_SETLKW                         = 0x9
 	F_SETLKW64                       = 0x9
 	F_SETOWN                         = 0x6
-	F_SETOWN_EX                      = 0xf
-	F_SETPIPE_SZ                     = 0x407
-	F_SETSIG                         = 0xa
-	F_SHLCK                          = 0x8
-	F_TEST                           = 0x3
-	F_TLOCK                          = 0x2
-	F_ULOCK                          = 0x0
 	F_UNLCK                          = 0x3
 	F_WRLCK                          = 0x2
-	GRND_NONBLOCK                    = 0x1
-	GRND_RANDOM                      = 0x2
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
 	HUPCL                            = 0x400
-	IBSHIFT                          = 0x10
 	ICANON                           = 0x2
-	ICMPV6_FILTER                    = 0x1
-	ICRNL                            = 0x100
 	IEXTEN                           = 0x8000
-	IFA_F_DADFAILED                  = 0x8
-	IFA_F_DEPRECATED                 = 0x20
-	IFA_F_HOMEADDRESS                = 0x10
-	IFA_F_MANAGETEMPADDR             = 0x100
-	IFA_F_MCAUTOJOIN                 = 0x400
-	IFA_F_NODAD                      = 0x2
-	IFA_F_NOPREFIXROUTE              = 0x200
-	IFA_F_OPTIMISTIC                 = 0x4
-	IFA_F_PERMANENT                  = 0x80
-	IFA_F_SECONDARY                  = 0x1
-	IFA_F_STABLE_PRIVACY             = 0x800
-	IFA_F_TEMPORARY                  = 0x1
-	IFA_F_TENTATIVE                  = 0x40
-	IFA_MAX                          = 0x8
-	IFF_ALLMULTI                     = 0x200
-	IFF_ATTACH_QUEUE                 = 0x200
-	IFF_AUTOMEDIA                    = 0x4000
-	IFF_BROADCAST                    = 0x2
-	IFF_DEBUG                        = 0x4
-	IFF_DETACH_QUEUE                 = 0x400
-	IFF_DORMANT                      = 0x20000
-	IFF_DYNAMIC                      = 0x8000
-	IFF_ECHO                         = 0x40000
-	IFF_LOOPBACK                     = 0x8
-	IFF_LOWER_UP                     = 0x10000
-	IFF_MASTER                       = 0x400
-	IFF_MULTICAST                    = 0x1000
-	IFF_MULTI_QUEUE                  = 0x100
-	IFF_NOARP                        = 0x80
-	IFF_NOFILTER                     = 0x1000
-	IFF_NOTRAILERS                   = 0x20
-	IFF_NO_PI                        = 0x1000
-	IFF_ONE_QUEUE                    = 0x2000
-	IFF_PERSIST                      = 0x800
-	IFF_POINTOPOINT                  = 0x10
-	IFF_PORTSEL                      = 0x2000
-	IFF_PROMISC                      = 0x100
-	IFF_RUNNING                      = 0x40
-	IFF_SLAVE                        = 0x800
-	IFF_TAP                          = 0x2
-	IFF_TUN                          = 0x1
-	IFF_TUN_EXCL                     = 0x8000
-	IFF_UP                           = 0x1
-	IFF_VNET_HDR                     = 0x4000
-	IFF_VOLATILE                     = 0x70c5a
-	IFNAMSIZ                         = 0x10
-	IGNBRK                           = 0x1
-	IGNCR                            = 0x80
-	IGNPAR                           = 0x4
-	IMAXBEL                          = 0x2000
-	INLCR                            = 0x40
-	INPCK                            = 0x10
-	IN_ACCESS                        = 0x1
-	IN_ALL_EVENTS                    = 0xfff
-	IN_ATTRIB                        = 0x4
-	IN_CLASSA_HOST                   = 0xffffff
-	IN_CLASSA_MAX                    = 0x80
-	IN_CLASSA_NET                    = 0xff000000
-	IN_CLASSA_NSHIFT                 = 0x18
-	IN_CLASSB_HOST                   = 0xffff
-	IN_CLASSB_MAX                    = 0x10000
-	IN_CLASSB_NET                    = 0xffff0000
-	IN_CLASSB_NSHIFT                 = 0x10
-	IN_CLASSC_HOST                   = 0xff
-	IN_CLASSC_NET                    = 0xffffff00
-	IN_CLASSC_NSHIFT                 = 0x8
 	IN_CLOEXEC                       = 0x400000
-	IN_CLOSE                         = 0x18
-	IN_CLOSE_NOWRITE                 = 0x10
-	IN_CLOSE_WRITE                   = 0x8
-	IN_CREATE                        = 0x100
-	IN_DELETE                        = 0x200
-	IN_DELETE_SELF                   = 0x400
-	IN_DONT_FOLLOW                   = 0x2000000
-	IN_EXCL_UNLINK                   = 0x4000000
-	IN_IGNORED                       = 0x8000
-	IN_ISDIR                         = 0x40000000
-	IN_LOOPBACKNET                   = 0x7f
-	IN_MASK_ADD                      = 0x20000000
-	IN_MODIFY                        = 0x2
-	IN_MOVE                          = 0xc0
-	IN_MOVED_FROM                    = 0x40
-	IN_MOVED_TO                      = 0x80
-	IN_MOVE_SELF                     = 0x800
 	IN_NONBLOCK                      = 0x4000
-	IN_ONESHOT                       = 0x80000000
-	IN_ONLYDIR                       = 0x1000000
-	IN_OPEN                          = 0x20
-	IN_Q_OVERFLOW                    = 0x4000
-	IN_UNMOUNT                       = 0x2000
-	IPPROTO_AH                       = 0x33
-	IPPROTO_BEETPH                   = 0x5e
-	IPPROTO_COMP                     = 0x6c
-	IPPROTO_DCCP                     = 0x21
-	IPPROTO_DSTOPTS                  = 0x3c
-	IPPROTO_EGP                      = 0x8
-	IPPROTO_ENCAP                    = 0x62
-	IPPROTO_ESP                      = 0x32
-	IPPROTO_FRAGMENT                 = 0x2c
-	IPPROTO_GRE                      = 0x2f
-	IPPROTO_HOPOPTS                  = 0x0
-	IPPROTO_ICMP                     = 0x1
-	IPPROTO_ICMPV6                   = 0x3a
-	IPPROTO_IDP                      = 0x16
-	IPPROTO_IGMP                     = 0x2
-	IPPROTO_IP                       = 0x0
-	IPPROTO_IPIP                     = 0x4
-	IPPROTO_IPV6                     = 0x29
-	IPPROTO_MH                       = 0x87
-	IPPROTO_MPLS                     = 0x89
-	IPPROTO_MTP                      = 0x5c
-	IPPROTO_NONE                     = 0x3b
-	IPPROTO_PIM                      = 0x67
-	IPPROTO_PUP                      = 0xc
-	IPPROTO_RAW                      = 0xff
-	IPPROTO_ROUTING                  = 0x2b
-	IPPROTO_RSVP                     = 0x2e
-	IPPROTO_SCTP                     = 0x84
-	IPPROTO_TCP                      = 0x6
-	IPPROTO_TP                       = 0x1d
-	IPPROTO_UDP                      = 0x11
-	IPPROTO_UDPLITE                  = 0x88
-	IPV6_2292DSTOPTS                 = 0x4
-	IPV6_2292HOPLIMIT                = 0x8
-	IPV6_2292HOPOPTS                 = 0x3
-	IPV6_2292PKTINFO                 = 0x2
-	IPV6_2292PKTOPTIONS              = 0x6
-	IPV6_2292RTHDR                   = 0x5
-	IPV6_ADDRFORM                    = 0x1
-	IPV6_ADD_MEMBERSHIP              = 0x14
-	IPV6_AUTHHDR                     = 0xa
-	IPV6_CHECKSUM                    = 0x7
-	IPV6_DONTFRAG                    = 0x3e
-	IPV6_DROP_MEMBERSHIP             = 0x15
-	IPV6_DSTOPTS                     = 0x3b
-	IPV6_HDRINCL                     = 0x24
-	IPV6_HOPLIMIT                    = 0x34
-	IPV6_HOPOPTS                     = 0x36
-	IPV6_IPSEC_POLICY                = 0x22
-	IPV6_JOIN_ANYCAST                = 0x1b
-	IPV6_JOIN_GROUP                  = 0x14
-	IPV6_LEAVE_ANYCAST               = 0x1c
-	IPV6_LEAVE_GROUP                 = 0x15
-	IPV6_MTU                         = 0x18
-	IPV6_MTU_DISCOVER                = 0x17
-	IPV6_MULTICAST_HOPS              = 0x12
-	IPV6_MULTICAST_IF                = 0x11
-	IPV6_MULTICAST_LOOP              = 0x13
-	IPV6_NEXTHOP                     = 0x9
-	IPV6_PATHMTU                     = 0x3d
-	IPV6_PKTINFO                     = 0x32
-	IPV6_PMTUDISC_DO                 = 0x2
-	IPV6_PMTUDISC_DONT               = 0x0
-	IPV6_PMTUDISC_INTERFACE          = 0x4
-	IPV6_PMTUDISC_OMIT               = 0x5
-	IPV6_PMTUDISC_PROBE              = 0x3
-	IPV6_PMTUDISC_WANT               = 0x1
-	IPV6_RECVDSTOPTS                 = 0x3a
-	IPV6_RECVERR                     = 0x19
-	IPV6_RECVHOPLIMIT                = 0x33
-	IPV6_RECVHOPOPTS                 = 0x35
-	IPV6_RECVPATHMTU                 = 0x3c
-	IPV6_RECVPKTINFO                 = 0x31
-	IPV6_RECVRTHDR                   = 0x38
-	IPV6_RECVTCLASS                  = 0x42
-	IPV6_ROUTER_ALERT                = 0x16
-	IPV6_RTHDR                       = 0x39
-	IPV6_RTHDRDSTOPTS                = 0x37
-	IPV6_RTHDR_LOOSE                 = 0x0
-	IPV6_RTHDR_STRICT                = 0x1
-	IPV6_RTHDR_TYPE_0                = 0x0
-	IPV6_RXDSTOPTS                   = 0x3b
-	IPV6_RXHOPOPTS                   = 0x36
-	IPV6_TCLASS                      = 0x43
-	IPV6_UNICAST_HOPS                = 0x10
-	IPV6_V6ONLY                      = 0x1a
-	IPV6_XFRM_POLICY                 = 0x23
-	IP_ADD_MEMBERSHIP                = 0x23
-	IP_ADD_SOURCE_MEMBERSHIP         = 0x27
-	IP_BIND_ADDRESS_NO_PORT          = 0x18
-	IP_BLOCK_SOURCE                  = 0x26
-	IP_CHECKSUM                      = 0x17
-	IP_DEFAULT_MULTICAST_LOOP        = 0x1
-	IP_DEFAULT_MULTICAST_TTL         = 0x1
-	IP_DF                            = 0x4000
-	IP_DROP_MEMBERSHIP               = 0x24
-	IP_DROP_SOURCE_MEMBERSHIP        = 0x28
-	IP_FREEBIND                      = 0xf
-	IP_HDRINCL                       = 0x3
-	IP_IPSEC_POLICY                  = 0x10
-	IP_MAXPACKET                     = 0xffff
-	IP_MAX_MEMBERSHIPS               = 0x14
-	IP_MF                            = 0x2000
-	IP_MINTTL                        = 0x15
-	IP_MSFILTER                      = 0x29
-	IP_MSS                           = 0x240
-	IP_MTU                           = 0xe
-	IP_MTU_DISCOVER                  = 0xa
-	IP_MULTICAST_ALL                 = 0x31
-	IP_MULTICAST_IF                  = 0x20
-	IP_MULTICAST_LOOP                = 0x22
-	IP_MULTICAST_TTL                 = 0x21
-	IP_NODEFRAG                      = 0x16
-	IP_OFFMASK                       = 0x1fff
-	IP_OPTIONS                       = 0x4
-	IP_ORIGDSTADDR                   = 0x14
-	IP_PASSSEC                       = 0x12
-	IP_PKTINFO                       = 0x8
-	IP_PKTOPTIONS                    = 0x9
-	IP_PMTUDISC                      = 0xa
-	IP_PMTUDISC_DO                   = 0x2
-	IP_PMTUDISC_DONT                 = 0x0
-	IP_PMTUDISC_INTERFACE            = 0x4
-	IP_PMTUDISC_OMIT                 = 0x5
-	IP_PMTUDISC_PROBE                = 0x3
-	IP_PMTUDISC_WANT                 = 0x1
-	IP_RECVERR                       = 0xb
-	IP_RECVOPTS                      = 0x6
-	IP_RECVORIGDSTADDR               = 0x14
-	IP_RECVRETOPTS                   = 0x7
-	IP_RECVTOS                       = 0xd
-	IP_RECVTTL                       = 0xc
-	IP_RETOPTS                       = 0x7
-	IP_RF                            = 0x8000
-	IP_ROUTER_ALERT                  = 0x5
-	IP_TOS                           = 0x1
-	IP_TRANSPARENT                   = 0x13
-	IP_TTL                           = 0x2
-	IP_UNBLOCK_SOURCE                = 0x25
-	IP_UNICAST_IF                    = 0x32
-	IP_XFRM_POLICY                   = 0x11
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
 	ISIG                             = 0x1
-	ISTRIP                           = 0x20
 	IUCLC                            = 0x200
-	IUTF8                            = 0x4000
-	IXANY                            = 0x800
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
-	LINUX_REBOOT_CMD_CAD_OFF         = 0x0
-	LINUX_REBOOT_CMD_CAD_ON          = 0x89abcdef
-	LINUX_REBOOT_CMD_HALT            = 0xcdef0123
-	LINUX_REBOOT_CMD_KEXEC           = 0x45584543
-	LINUX_REBOOT_CMD_POWER_OFF       = 0x4321fedc
-	LINUX_REBOOT_CMD_RESTART         = 0x1234567
-	LINUX_REBOOT_CMD_RESTART2        = 0xa1b2c3d4
-	LINUX_REBOOT_CMD_SW_SUSPEND      = 0xd000fce2
-	LINUX_REBOOT_MAGIC1              = 0xfee1dead
-	LINUX_REBOOT_MAGIC2              = 0x28121969
-	LOCK_EX                          = 0x2
-	LOCK_NB                          = 0x4
-	LOCK_SH                          = 0x1
-	LOCK_UN                          = 0x8
-	MADV_DODUMP                      = 0x11
-	MADV_DOFORK                      = 0xb
-	MADV_DONTDUMP                    = 0x10
-	MADV_DONTFORK                    = 0xa
-	MADV_DONTNEED                    = 0x4
-	MADV_FREE                        = 0x8
-	MADV_HUGEPAGE                    = 0xe
-	MADV_HWPOISON                    = 0x64
-	MADV_MERGEABLE                   = 0xc
-	MADV_NOHUGEPAGE                  = 0xf
-	MADV_NORMAL                      = 0x0
-	MADV_RANDOM                      = 0x1
-	MADV_REMOVE                      = 0x9
-	MADV_SEQUENTIAL                  = 0x2
-	MADV_UNMERGEABLE                 = 0xd
-	MADV_WILLNEED                    = 0x3
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
 	MAP_DENYWRITE                    = 0x800
 	MAP_EXECUTABLE                   = 0x1000
-	MAP_FILE                         = 0x0
-	MAP_FIXED                        = 0x10
 	MAP_GROWSDOWN                    = 0x200
 	MAP_HUGETLB                      = 0x40000
-	MAP_HUGE_MASK                    = 0x3f
-	MAP_HUGE_SHIFT                   = 0x1a
 	MAP_LOCKED                       = 0x100
 	MAP_NONBLOCK                     = 0x10000
 	MAP_NORESERVE                    = 0x40
 	MAP_POPULATE                     = 0x8000
-	MAP_PRIVATE                      = 0x2
 	MAP_RENAME                       = 0x20
-	MAP_SHARED                       = 0x1
 	MAP_STACK                        = 0x20000
-	MAP_TYPE                         = 0xf
+	MAP_SYNC                         = 0x80000
 	MCL_CURRENT                      = 0x2000
 	MCL_FUTURE                       = 0x4000
 	MCL_ONFAULT                      = 0x8000
-	MNT_DETACH                       = 0x2
-	MNT_EXPIRE                       = 0x4
-	MNT_FORCE                        = 0x1
-	MSG_BATCH                        = 0x40000
-	MSG_CMSG_CLOEXEC                 = 0x40000000
-	MSG_CONFIRM                      = 0x800
-	MSG_CTRUNC                       = 0x8
-	MSG_DONTROUTE                    = 0x4
-	MSG_DONTWAIT                     = 0x40
-	MSG_EOR                          = 0x80
-	MSG_ERRQUEUE                     = 0x2000
-	MSG_FASTOPEN                     = 0x20000000
-	MSG_FIN                          = 0x200
-	MSG_MORE                         = 0x8000
-	MSG_NOSIGNAL                     = 0x4000
-	MSG_OOB                          = 0x1
-	MSG_PEEK                         = 0x2
-	MSG_PROXY                        = 0x10
-	MSG_RST                          = 0x1000
-	MSG_SYN                          = 0x400
-	MSG_TRUNC                        = 0x20
-	MSG_TRYHARD                      = 0x4
-	MSG_WAITALL                      = 0x100
-	MSG_WAITFORONE                   = 0x10000
-	MS_ACTIVE                        = 0x40000000
-	MS_ASYNC                         = 0x1
-	MS_BIND                          = 0x1000
-	MS_DIRSYNC                       = 0x80
-	MS_INVALIDATE                    = 0x2
-	MS_I_VERSION                     = 0x800000
-	MS_KERNMOUNT                     = 0x400000
-	MS_LAZYTIME                      = 0x2000000
-	MS_MANDLOCK                      = 0x40
-	MS_MGC_MSK                       = 0xffff0000
-	MS_MGC_VAL                       = 0xc0ed0000
-	MS_MOVE                          = 0x2000
-	MS_NOATIME                       = 0x400
-	MS_NODEV                         = 0x4
-	MS_NODIRATIME                    = 0x800
-	MS_NOEXEC                        = 0x8
-	MS_NOSUID                        = 0x2
-	MS_NOUSER                        = -0x80000000
-	MS_POSIXACL                      = 0x10000
-	MS_PRIVATE                       = 0x40000
-	MS_RDONLY                        = 0x1
-	MS_REC                           = 0x4000
-	MS_RELATIME                      = 0x200000
-	MS_REMOUNT                       = 0x20
-	MS_RMT_MASK                      = 0x2800051
-	MS_SHARED                        = 0x100000
-	MS_SILENT                        = 0x8000
-	MS_SLAVE                         = 0x80000
-	MS_STRICTATIME                   = 0x1000000
-	MS_SYNC                          = 0x4
-	MS_SYNCHRONOUS                   = 0x10
-	MS_UNBINDABLE                    = 0x20000
-	NAME_MAX                         = 0xff
-	NETLINK_ADD_MEMBERSHIP           = 0x1
-	NETLINK_AUDIT                    = 0x9
-	NETLINK_BROADCAST_ERROR          = 0x4
-	NETLINK_CAP_ACK                  = 0xa
-	NETLINK_CONNECTOR                = 0xb
-	NETLINK_CRYPTO                   = 0x15
-	NETLINK_DNRTMSG                  = 0xe
-	NETLINK_DROP_MEMBERSHIP          = 0x2
-	NETLINK_ECRYPTFS                 = 0x13
-	NETLINK_FIB_LOOKUP               = 0xa
-	NETLINK_FIREWALL                 = 0x3
-	NETLINK_GENERIC                  = 0x10
-	NETLINK_INET_DIAG                = 0x4
-	NETLINK_IP6_FW                   = 0xd
-	NETLINK_ISCSI                    = 0x8
-	NETLINK_KOBJECT_UEVENT           = 0xf
-	NETLINK_LISTEN_ALL_NSID          = 0x8
-	NETLINK_LIST_MEMBERSHIPS         = 0x9
-	NETLINK_NETFILTER                = 0xc
-	NETLINK_NFLOG                    = 0x5
-	NETLINK_NO_ENOBUFS               = 0x5
-	NETLINK_PKTINFO                  = 0x3
-	NETLINK_RDMA                     = 0x14
-	NETLINK_ROUTE                    = 0x0
-	NETLINK_RX_RING                  = 0x6
-	NETLINK_SCSITRANSPORT            = 0x12
-	NETLINK_SELINUX                  = 0x7
-	NETLINK_SOCK_DIAG                = 0x4
-	NETLINK_TX_RING                  = 0x7
-	NETLINK_UNUSED                   = 0x1
-	NETLINK_USERSOCK                 = 0x2
-	NETLINK_XFRM                     = 0x6
-	NL0                              = 0x0
-	NL1                              = 0x100
-	NLA_ALIGNTO                      = 0x4
-	NLA_F_NESTED                     = 0x8000
-	NLA_F_NET_BYTEORDER              = 0x4000
-	NLA_HDRLEN                       = 0x4
+	MEMERASE                         = 0x80084d02
+	MEMERASE64                       = 0x80104d14
+	MEMGETBADBLOCK                   = 0x80084d0b
+	MEMGETINFO                       = 0x40204d01
+	MEMGETOOBSEL                     = 0x40c84d0a
+	MEMGETREGIONCOUNT                = 0x40044d07
+	MEMISLOCKED                      = 0x40084d17
+	MEMLOCK                          = 0x80084d05
+	MEMREADOOB                       = 0xc0104d04
+	MEMSETBADBLOCK                   = 0x80084d0c
+	MEMUNLOCK                        = 0x80084d06
+	MEMWRITEOOB                      = 0xc0104d03
+	MTDFILEMODE                      = 0x20004d13
+	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
-	NLMSG_ALIGNTO                    = 0x4
-	NLMSG_DONE                       = 0x3
-	NLMSG_ERROR                      = 0x2
-	NLMSG_HDRLEN                     = 0x10
-	NLMSG_MIN_TYPE                   = 0x10
-	NLMSG_NOOP                       = 0x1
-	NLMSG_OVERRUN                    = 0x4
-	NLM_F_ACK                        = 0x4
-	NLM_F_APPEND                     = 0x800
-	NLM_F_ATOMIC                     = 0x400
-	NLM_F_CREATE                     = 0x400
-	NLM_F_DUMP                       = 0x300
-	NLM_F_DUMP_FILTERED              = 0x20
-	NLM_F_DUMP_INTR                  = 0x10
-	NLM_F_ECHO                       = 0x8
-	NLM_F_EXCL                       = 0x200
-	NLM_F_MATCH                      = 0x200
-	NLM_F_MULTI                      = 0x2
-	NLM_F_REPLACE                    = 0x100
-	NLM_F_REQUEST                    = 0x1
-	NLM_F_ROOT                       = 0x100
 	NOFLSH                           = 0x80
-	OCRNL                            = 0x8
-	OFDEL                            = 0x80
-	OFILL                            = 0x40
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
-	ONLRET                           = 0x20
-	ONOCR                            = 0x10
-	OPOST                            = 0x1
-	O_ACCMODE                        = 0x3
+	OTPERASE                         = 0x800c4d19
+	OTPGETREGIONCOUNT                = 0x80044d0e
+	OTPGETREGIONINFO                 = 0x800c4d0f
+	OTPLOCK                          = 0x400c4d10
+	OTPSELECT                        = 0x40044d0d
 	O_APPEND                         = 0x8
 	O_ASYNC                          = 0x40
 	O_CLOEXEC                        = 0x400000
@@ -926,231 +171,69 @@ const (
 	O_NOFOLLOW                       = 0x20000
 	O_NONBLOCK                       = 0x4000
 	O_PATH                           = 0x1000000
-	O_RDONLY                         = 0x0
-	O_RDWR                           = 0x2
 	O_RSYNC                          = 0x802000
 	O_SYNC                           = 0x802000
 	O_TMPFILE                        = 0x2010000
 	O_TRUNC                          = 0x400
-	O_WRONLY                         = 0x1
-	PACKET_ADD_MEMBERSHIP            = 0x1
-	PACKET_AUXDATA                   = 0x8
-	PACKET_BROADCAST                 = 0x1
-	PACKET_COPY_THRESH               = 0x7
-	PACKET_DROP_MEMBERSHIP           = 0x2
-	PACKET_FANOUT                    = 0x12
-	PACKET_FANOUT_CBPF               = 0x6
-	PACKET_FANOUT_CPU                = 0x2
-	PACKET_FANOUT_DATA               = 0x16
-	PACKET_FANOUT_EBPF               = 0x7
-	PACKET_FANOUT_FLAG_DEFRAG        = 0x8000
-	PACKET_FANOUT_FLAG_ROLLOVER      = 0x1000
-	PACKET_FANOUT_HASH               = 0x0
-	PACKET_FANOUT_LB                 = 0x1
-	PACKET_FANOUT_QM                 = 0x5
-	PACKET_FANOUT_RND                = 0x4
-	PACKET_FANOUT_ROLLOVER           = 0x3
-	PACKET_FASTROUTE                 = 0x6
-	PACKET_HDRLEN                    = 0xb
-	PACKET_HOST                      = 0x0
-	PACKET_KERNEL                    = 0x7
-	PACKET_LOOPBACK                  = 0x5
-	PACKET_LOSS                      = 0xe
-	PACKET_MR_ALLMULTI               = 0x2
-	PACKET_MR_MULTICAST              = 0x0
-	PACKET_MR_PROMISC                = 0x1
-	PACKET_MR_UNICAST                = 0x3
-	PACKET_MULTICAST                 = 0x2
-	PACKET_ORIGDEV                   = 0x9
-	PACKET_OTHERHOST                 = 0x3
-	PACKET_OUTGOING                  = 0x4
-	PACKET_QDISC_BYPASS              = 0x14
-	PACKET_RECV_OUTPUT               = 0x3
-	PACKET_RESERVE                   = 0xc
-	PACKET_ROLLOVER_STATS            = 0x15
-	PACKET_RX_RING                   = 0x5
-	PACKET_STATISTICS                = 0x6
-	PACKET_TIMESTAMP                 = 0x11
-	PACKET_TX_HAS_OFF                = 0x13
-	PACKET_TX_RING                   = 0xd
-	PACKET_TX_TIMESTAMP              = 0x10
-	PACKET_USER                      = 0x6
-	PACKET_VERSION                   = 0xa
-	PACKET_VNET_HDR                  = 0xf
 	PARENB                           = 0x100
-	PARITY_CRC16_PR0                 = 0x2
-	PARITY_CRC16_PR0_CCITT           = 0x4
-	PARITY_CRC16_PR1                 = 0x3
-	PARITY_CRC16_PR1_CCITT           = 0x5
-	PARITY_CRC32_PR0_CCITT           = 0x6
-	PARITY_CRC32_PR1_CCITT           = 0x7
-	PARITY_DEFAULT                   = 0x0
-	PARITY_NONE                      = 0x1
-	PARMRK                           = 0x8
 	PARODD                           = 0x200
 	PENDIN                           = 0x4000
-	PRIO_PGRP                        = 0x1
-	PRIO_PROCESS                     = 0x0
-	PRIO_USER                        = 0x2
-	PROT_EXEC                        = 0x4
-	PROT_GROWSDOWN                   = 0x1000000
-	PROT_GROWSUP                     = 0x2000000
-	PROT_NONE                        = 0x0
-	PROT_READ                        = 0x1
-	PROT_WRITE                       = 0x2
-	PR_CAPBSET_DROP                  = 0x18
-	PR_CAPBSET_READ                  = 0x17
-	PR_CAP_AMBIENT                   = 0x2f
-	PR_CAP_AMBIENT_CLEAR_ALL         = 0x4
-	PR_CAP_AMBIENT_IS_SET            = 0x1
-	PR_CAP_AMBIENT_LOWER             = 0x3
-	PR_CAP_AMBIENT_RAISE             = 0x2
-	PR_ENDIAN_BIG                    = 0x0
-	PR_ENDIAN_LITTLE                 = 0x1
-	PR_ENDIAN_PPC_LITTLE             = 0x2
-	PR_FPEMU_NOPRINT                 = 0x1
-	PR_FPEMU_SIGFPE                  = 0x2
-	PR_FP_EXC_ASYNC                  = 0x2
-	PR_FP_EXC_DISABLED               = 0x0
-	PR_FP_EXC_DIV                    = 0x10000
-	PR_FP_EXC_INV                    = 0x100000
-	PR_FP_EXC_NONRECOV               = 0x1
-	PR_FP_EXC_OVF                    = 0x20000
-	PR_FP_EXC_PRECISE                = 0x3
-	PR_FP_EXC_RES                    = 0x80000
-	PR_FP_EXC_SW_ENABLE              = 0x80
-	PR_FP_EXC_UND                    = 0x40000
-	PR_FP_MODE_FR                    = 0x1
-	PR_FP_MODE_FRE                   = 0x2
-	PR_GET_CHILD_SUBREAPER           = 0x25
-	PR_GET_DUMPABLE                  = 0x3
-	PR_GET_ENDIAN                    = 0x13
-	PR_GET_FPEMU                     = 0x9
-	PR_GET_FPEXC                     = 0xb
-	PR_GET_FP_MODE                   = 0x2e
-	PR_GET_KEEPCAPS                  = 0x7
-	PR_GET_NAME                      = 0x10
-	PR_GET_NO_NEW_PRIVS              = 0x27
-	PR_GET_PDEATHSIG                 = 0x2
-	PR_GET_SECCOMP                   = 0x15
-	PR_GET_SECUREBITS                = 0x1b
-	PR_GET_THP_DISABLE               = 0x2a
-	PR_GET_TID_ADDRESS               = 0x28
-	PR_GET_TIMERSLACK                = 0x1e
-	PR_GET_TIMING                    = 0xd
-	PR_GET_TSC                       = 0x19
-	PR_GET_UNALIGN                   = 0x5
-	PR_MCE_KILL                      = 0x21
-	PR_MCE_KILL_CLEAR                = 0x0
-	PR_MCE_KILL_DEFAULT              = 0x2
-	PR_MCE_KILL_EARLY                = 0x1
-	PR_MCE_KILL_GET                  = 0x22
-	PR_MCE_KILL_LATE                 = 0x0
-	PR_MCE_KILL_SET                  = 0x1
-	PR_MPX_DISABLE_MANAGEMENT        = 0x2c
-	PR_MPX_ENABLE_MANAGEMENT         = 0x2b
-	PR_SET_CHILD_SUBREAPER           = 0x24
-	PR_SET_DUMPABLE                  = 0x4
-	PR_SET_ENDIAN                    = 0x14
-	PR_SET_FPEMU                     = 0xa
-	PR_SET_FPEXC                     = 0xc
-	PR_SET_FP_MODE                   = 0x2d
-	PR_SET_KEEPCAPS                  = 0x8
-	PR_SET_MM                        = 0x23
-	PR_SET_MM_ARG_END                = 0x9
-	PR_SET_MM_ARG_START              = 0x8
-	PR_SET_MM_AUXV                   = 0xc
-	PR_SET_MM_BRK                    = 0x7
-	PR_SET_MM_END_CODE               = 0x2
-	PR_SET_MM_END_DATA               = 0x4
-	PR_SET_MM_ENV_END                = 0xb
-	PR_SET_MM_ENV_START              = 0xa
-	PR_SET_MM_EXE_FILE               = 0xd
-	PR_SET_MM_MAP                    = 0xe
-	PR_SET_MM_MAP_SIZE               = 0xf
-	PR_SET_MM_START_BRK              = 0x6
-	PR_SET_MM_START_CODE             = 0x1
-	PR_SET_MM_START_DATA             = 0x3
-	PR_SET_MM_START_STACK            = 0x5
-	PR_SET_NAME                      = 0xf
-	PR_SET_NO_NEW_PRIVS              = 0x26
-	PR_SET_PDEATHSIG                 = 0x1
-	PR_SET_PTRACER                   = 0x59616d61
-	PR_SET_PTRACER_ANY               = -0x1
-	PR_SET_SECCOMP                   = 0x16
-	PR_SET_SECUREBITS                = 0x1c
-	PR_SET_THP_DISABLE               = 0x29
-	PR_SET_TIMERSLACK                = 0x1d
-	PR_SET_TIMING                    = 0xe
-	PR_SET_TSC                       = 0x1a
-	PR_SET_UNALIGN                   = 0x6
-	PR_TASK_PERF_EVENTS_DISABLE      = 0x1f
-	PR_TASK_PERF_EVENTS_ENABLE       = 0x20
-	PR_TIMING_STATISTICAL            = 0x0
-	PR_TIMING_TIMESTAMP              = 0x1
-	PR_TSC_ENABLE                    = 0x1
-	PR_TSC_SIGSEGV                   = 0x2
-	PR_UNALIGN_NOPRINT               = 0x1
-	PR_UNALIGN_SIGBUS                = 0x2
-	PTRACE_ATTACH                    = 0x10
-	PTRACE_CONT                      = 0x7
-	PTRACE_DETACH                    = 0x11
-	PTRACE_EVENT_CLONE               = 0x3
-	PTRACE_EVENT_EXEC                = 0x4
-	PTRACE_EVENT_EXIT                = 0x6
-	PTRACE_EVENT_FORK                = 0x1
-	PTRACE_EVENT_SECCOMP             = 0x7
-	PTRACE_EVENT_STOP                = 0x80
-	PTRACE_EVENT_VFORK               = 0x2
-	PTRACE_EVENT_VFORK_DONE          = 0x5
-	PTRACE_GETEVENTMSG               = 0x4201
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
 	PTRACE_GETFPAREGS                = 0x14
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GETFPREGS64               = 0x19
-	PTRACE_GETREGS                   = 0xc
 	PTRACE_GETREGS64                 = 0x16
-	PTRACE_GETREGSET                 = 0x4204
-	PTRACE_GETSIGINFO                = 0x4202
-	PTRACE_GETSIGMASK                = 0x420a
-	PTRACE_INTERRUPT                 = 0x4207
-	PTRACE_KILL                      = 0x8
-	PTRACE_LISTEN                    = 0x4208
-	PTRACE_O_EXITKILL                = 0x100000
-	PTRACE_O_MASK                    = 0x3000ff
-	PTRACE_O_SUSPEND_SECCOMP         = 0x200000
-	PTRACE_O_TRACECLONE              = 0x8
-	PTRACE_O_TRACEEXEC               = 0x10
-	PTRACE_O_TRACEEXIT               = 0x40
-	PTRACE_O_TRACEFORK               = 0x2
-	PTRACE_O_TRACESECCOMP            = 0x80
-	PTRACE_O_TRACESYSGOOD            = 0x1
-	PTRACE_O_TRACEVFORK              = 0x4
-	PTRACE_O_TRACEVFORKDONE          = 0x20
-	PTRACE_PEEKDATA                  = 0x2
-	PTRACE_PEEKSIGINFO               = 0x4209
-	PTRACE_PEEKSIGINFO_SHARED        = 0x1
-	PTRACE_PEEKTEXT                  = 0x1
-	PTRACE_PEEKUSR                   = 0x3
-	PTRACE_POKEDATA                  = 0x5
-	PTRACE_POKETEXT                  = 0x4
-	PTRACE_POKEUSR                   = 0x6
 	PTRACE_READDATA                  = 0x10
 	PTRACE_READTEXT                  = 0x12
-	PTRACE_SECCOMP_GET_FILTER        = 0x420c
-	PTRACE_SEIZE                     = 0x4206
 	PTRACE_SETFPAREGS                = 0x15
 	PTRACE_SETFPREGS                 = 0xf
 	PTRACE_SETFPREGS64               = 0x1a
-	PTRACE_SETOPTIONS                = 0x4200
-	PTRACE_SETREGS                   = 0xd
 	PTRACE_SETREGS64                 = 0x17
-	PTRACE_SETREGSET                 = 0x4205
-	PTRACE_SETSIGINFO                = 0x4203
-	PTRACE_SETSIGMASK                = 0x420b
-	PTRACE_SINGLESTEP                = 0x9
 	PTRACE_SPARC_DETACH              = 0xb
-	PTRACE_SYSCALL                   = 0x18
-	PTRACE_TRACEME                   = 0x0
 	PTRACE_WRITEDATA                 = 0x11
 	PTRACE_WRITETEXT                 = 0x13
 	PT_FP                            = 0x48
@@ -1202,329 +285,101 @@ const (
 	PT_WIM                           = 0x10
 	PT_Y                             = 0xc
 	RLIMIT_AS                        = 0x9
-	RLIMIT_CORE                      = 0x4
-	RLIMIT_CPU                       = 0x0
-	RLIMIT_DATA                      = 0x2
-	RLIMIT_FSIZE                     = 0x1
+	RLIMIT_MEMLOCK                   = 0x8
 	RLIMIT_NOFILE                    = 0x6
-	RLIMIT_STACK                     = 0x3
-	RLIM_INFINITY                    = -0x1
-	RTAX_ADVMSS                      = 0x8
-	RTAX_CC_ALGO                     = 0x10
-	RTAX_CWND                        = 0x7
-	RTAX_FEATURES                    = 0xc
-	RTAX_FEATURE_ALLFRAG             = 0x8
-	RTAX_FEATURE_ECN                 = 0x1
-	RTAX_FEATURE_MASK                = 0xf
-	RTAX_FEATURE_SACK                = 0x2
-	RTAX_FEATURE_TIMESTAMP           = 0x4
-	RTAX_HOPLIMIT                    = 0xa
-	RTAX_INITCWND                    = 0xb
-	RTAX_INITRWND                    = 0xe
-	RTAX_LOCK                        = 0x1
-	RTAX_MAX                         = 0x10
-	RTAX_MTU                         = 0x2
-	RTAX_QUICKACK                    = 0xf
-	RTAX_REORDERING                  = 0x9
-	RTAX_RTO_MIN                     = 0xd
-	RTAX_RTT                         = 0x4
-	RTAX_RTTVAR                      = 0x5
-	RTAX_SSTHRESH                    = 0x6
-	RTAX_UNSPEC                      = 0x0
-	RTAX_WINDOW                      = 0x3
-	RTA_ALIGNTO                      = 0x4
-	RTA_MAX                          = 0x18
-	RTCF_DIRECTSRC                   = 0x4000000
-	RTCF_DOREDIRECT                  = 0x1000000
-	RTCF_LOG                         = 0x2000000
-	RTCF_MASQ                        = 0x400000
-	RTCF_NAT                         = 0x800000
-	RTCF_VALVE                       = 0x200000
-	RTF_ADDRCLASSMASK                = 0xf8000000
-	RTF_ADDRCONF                     = 0x40000
-	RTF_ALLONLINK                    = 0x20000
-	RTF_BROADCAST                    = 0x10000000
-	RTF_CACHE                        = 0x1000000
-	RTF_DEFAULT                      = 0x10000
-	RTF_DYNAMIC                      = 0x10
-	RTF_FLOW                         = 0x2000000
-	RTF_GATEWAY                      = 0x2
-	RTF_HOST                         = 0x4
-	RTF_INTERFACE                    = 0x40000000
-	RTF_IRTT                         = 0x100
-	RTF_LINKRT                       = 0x100000
-	RTF_LOCAL                        = 0x80000000
-	RTF_MODIFIED                     = 0x20
-	RTF_MSS                          = 0x40
-	RTF_MTU                          = 0x40
-	RTF_MULTICAST                    = 0x20000000
-	RTF_NAT                          = 0x8000000
-	RTF_NOFORWARD                    = 0x1000
-	RTF_NONEXTHOP                    = 0x200000
-	RTF_NOPMTUDISC                   = 0x4000
-	RTF_POLICY                       = 0x4000000
-	RTF_REINSTATE                    = 0x8
-	RTF_REJECT                       = 0x200
-	RTF_STATIC                       = 0x400
-	RTF_THROW                        = 0x2000
-	RTF_UP                           = 0x1
-	RTF_WINDOW                       = 0x80
-	RTF_XRESOLVE                     = 0x800
-	RTM_BASE                         = 0x10
-	RTM_DELACTION                    = 0x31
-	RTM_DELADDR                      = 0x15
-	RTM_DELADDRLABEL                 = 0x49
-	RTM_DELLINK                      = 0x11
-	RTM_DELMDB                       = 0x55
-	RTM_DELNEIGH                     = 0x1d
-	RTM_DELNSID                      = 0x59
-	RTM_DELQDISC                     = 0x25
-	RTM_DELROUTE                     = 0x19
-	RTM_DELRULE                      = 0x21
-	RTM_DELTCLASS                    = 0x29
-	RTM_DELTFILTER                   = 0x2d
-	RTM_F_CLONED                     = 0x200
-	RTM_F_EQUALIZE                   = 0x400
-	RTM_F_LOOKUP_TABLE               = 0x1000
-	RTM_F_NOTIFY                     = 0x100
-	RTM_F_PREFIX                     = 0x800
-	RTM_GETACTION                    = 0x32
-	RTM_GETADDR                      = 0x16
-	RTM_GETADDRLABEL                 = 0x4a
-	RTM_GETANYCAST                   = 0x3e
-	RTM_GETDCB                       = 0x4e
-	RTM_GETLINK                      = 0x12
-	RTM_GETMDB                       = 0x56
-	RTM_GETMULTICAST                 = 0x3a
-	RTM_GETNEIGH                     = 0x1e
-	RTM_GETNEIGHTBL                  = 0x42
-	RTM_GETNETCONF                   = 0x52
-	RTM_GETNSID                      = 0x5a
-	RTM_GETQDISC                     = 0x26
-	RTM_GETROUTE                     = 0x1a
-	RTM_GETRULE                      = 0x22
-	RTM_GETSTATS                     = 0x5e
-	RTM_GETTCLASS                    = 0x2a
-	RTM_GETTFILTER                   = 0x2e
-	RTM_MAX                          = 0x5f
-	RTM_NEWACTION                    = 0x30
-	RTM_NEWADDR                      = 0x14
-	RTM_NEWADDRLABEL                 = 0x48
-	RTM_NEWLINK                      = 0x10
-	RTM_NEWMDB                       = 0x54
-	RTM_NEWNDUSEROPT                 = 0x44
-	RTM_NEWNEIGH                     = 0x1c
-	RTM_NEWNEIGHTBL                  = 0x40
-	RTM_NEWNETCONF                   = 0x50
-	RTM_NEWNSID                      = 0x58
-	RTM_NEWPREFIX                    = 0x34
-	RTM_NEWQDISC                     = 0x24
-	RTM_NEWROUTE                     = 0x18
-	RTM_NEWRULE                      = 0x20
-	RTM_NEWSTATS                     = 0x5c
-	RTM_NEWTCLASS                    = 0x28
-	RTM_NEWTFILTER                   = 0x2c
-	RTM_NR_FAMILIES                  = 0x14
-	RTM_NR_MSGTYPES                  = 0x50
-	RTM_SETDCB                       = 0x4f
-	RTM_SETLINK                      = 0x13
-	RTM_SETNEIGHTBL                  = 0x43
-	RTNH_ALIGNTO                     = 0x4
-	RTNH_COMPARE_MASK                = 0x11
-	RTNH_F_DEAD                      = 0x1
-	RTNH_F_LINKDOWN                  = 0x10
-	RTNH_F_OFFLOAD                   = 0x8
-	RTNH_F_ONLINK                    = 0x4
-	RTNH_F_PERVASIVE                 = 0x2
-	RTN_MAX                          = 0xb
-	RTPROT_BABEL                     = 0x2a
-	RTPROT_BIRD                      = 0xc
-	RTPROT_BOOT                      = 0x3
-	RTPROT_DHCP                      = 0x10
-	RTPROT_DNROUTED                  = 0xd
-	RTPROT_GATED                     = 0x8
-	RTPROT_KERNEL                    = 0x2
-	RTPROT_MROUTED                   = 0x11
-	RTPROT_MRT                       = 0xa
-	RTPROT_NTK                       = 0xf
-	RTPROT_RA                        = 0x9
-	RTPROT_REDIRECT                  = 0x1
-	RTPROT_STATIC                    = 0x4
-	RTPROT_UNSPEC                    = 0x0
-	RTPROT_XORP                      = 0xe
-	RTPROT_ZEBRA                     = 0xb
-	RT_CLASS_DEFAULT                 = 0xfd
-	RT_CLASS_LOCAL                   = 0xff
-	RT_CLASS_MAIN                    = 0xfe
-	RT_CLASS_MAX                     = 0xff
-	RT_CLASS_UNSPEC                  = 0x0
-	RUSAGE_CHILDREN                  = -0x1
-	RUSAGE_SELF                      = 0x0
-	RUSAGE_THREAD                    = 0x1
-	SCM_CREDENTIALS                  = 0x2
-	SCM_RIGHTS                       = 0x1
-	SCM_TIMESTAMP                    = 0x1d
+	RLIMIT_NPROC                     = 0x7
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
 	SCM_TIMESTAMPING                 = 0x23
+	SCM_TIMESTAMPING_OPT_STATS       = 0x38
+	SCM_TIMESTAMPING_PKTINFO         = 0x3c
 	SCM_TIMESTAMPNS                  = 0x21
+	SCM_TXTIME                       = 0x3f
 	SCM_WIFI_STATUS                  = 0x25
-	SHUT_RD                          = 0x0
-	SHUT_RDWR                        = 0x2
-	SHUT_WR                          = 0x1
-	SIOCADDDLCI                      = 0x8980
-	SIOCADDMULTI                     = 0x8931
-	SIOCADDRT                        = 0x890b
+	SFD_CLOEXEC                      = 0x400000
+	SFD_NONBLOCK                     = 0x4000
 	SIOCATMARK                       = 0x8905
-	SIOCBONDCHANGEACTIVE             = 0x8995
-	SIOCBONDENSLAVE                  = 0x8990
-	SIOCBONDINFOQUERY                = 0x8994
-	SIOCBONDRELEASE                  = 0x8991
-	SIOCBONDSETHWADDR                = 0x8992
-	SIOCBONDSLAVEINFOQUERY           = 0x8993
-	SIOCBRADDBR                      = 0x89a0
-	SIOCBRADDIF                      = 0x89a2
-	SIOCBRDELBR                      = 0x89a1
-	SIOCBRDELIF                      = 0x89a3
-	SIOCDARP                         = 0x8953
-	SIOCDELDLCI                      = 0x8981
-	SIOCDELMULTI                     = 0x8932
-	SIOCDELRT                        = 0x890c
-	SIOCDEVPRIVATE                   = 0x89f0
-	SIOCDIFADDR                      = 0x8936
-	SIOCDRARP                        = 0x8960
-	SIOCETHTOOL                      = 0x8946
-	SIOCGARP                         = 0x8954
-	SIOCGHWTSTAMP                    = 0x89b1
-	SIOCGIFADDR                      = 0x8915
-	SIOCGIFBR                        = 0x8940
-	SIOCGIFBRDADDR                   = 0x8919
-	SIOCGIFCONF                      = 0x8912
-	SIOCGIFCOUNT                     = 0x8938
-	SIOCGIFDSTADDR                   = 0x8917
-	SIOCGIFENCAP                     = 0x8925
-	SIOCGIFFLAGS                     = 0x8913
-	SIOCGIFHWADDR                    = 0x8927
-	SIOCGIFINDEX                     = 0x8933
-	SIOCGIFMAP                       = 0x8970
-	SIOCGIFMEM                       = 0x891f
-	SIOCGIFMETRIC                    = 0x891d
-	SIOCGIFMTU                       = 0x8921
-	SIOCGIFNAME                      = 0x8910
-	SIOCGIFNETMASK                   = 0x891b
-	SIOCGIFPFLAGS                    = 0x8935
-	SIOCGIFSLAVE                     = 0x8929
-	SIOCGIFTXQLEN                    = 0x8942
-	SIOCGIFVLAN                      = 0x8982
-	SIOCGMIIPHY                      = 0x8947
-	SIOCGMIIREG                      = 0x8948
 	SIOCGPGRP                        = 0x8904
-	SIOCGRARP                        = 0x8961
-	SIOCGSTAMP                       = 0x8906
-	SIOCGSTAMPNS                     = 0x8907
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
 	SIOCINQ                          = 0x4004667f
 	SIOCOUTQ                         = 0x40047473
-	SIOCOUTQNSD                      = 0x894b
-	SIOCPROTOPRIVATE                 = 0x89e0
-	SIOCRTMSG                        = 0x890d
-	SIOCSARP                         = 0x8955
-	SIOCSHWTSTAMP                    = 0x89b0
-	SIOCSIFADDR                      = 0x8916
-	SIOCSIFBR                        = 0x8941
-	SIOCSIFBRDADDR                   = 0x891a
-	SIOCSIFDSTADDR                   = 0x8918
-	SIOCSIFENCAP                     = 0x8926
-	SIOCSIFFLAGS                     = 0x8914
-	SIOCSIFHWADDR                    = 0x8924
-	SIOCSIFHWBROADCAST               = 0x8937
-	SIOCSIFLINK                      = 0x8911
-	SIOCSIFMAP                       = 0x8971
-	SIOCSIFMEM                       = 0x8920
-	SIOCSIFMETRIC                    = 0x891e
-	SIOCSIFMTU                       = 0x8922
-	SIOCSIFNAME                      = 0x8923
-	SIOCSIFNETMASK                   = 0x891c
-	SIOCSIFPFLAGS                    = 0x8934
-	SIOCSIFSLAVE                     = 0x8930
-	SIOCSIFTXQLEN                    = 0x8943
-	SIOCSIFVLAN                      = 0x8983
-	SIOCSMIIREG                      = 0x8949
 	SIOCSPGRP                        = 0x8902
-	SIOCSRARP                        = 0x8962
-	SIOCWANDEV                       = 0x894a
 	SOCK_CLOEXEC                     = 0x400000
-	SOCK_DCCP                        = 0x6
 	SOCK_DGRAM                       = 0x2
 	SOCK_NONBLOCK                    = 0x4000
-	SOCK_PACKET                      = 0xa
-	SOCK_RAW                         = 0x3
-	SOCK_RDM                         = 0x4
-	SOCK_SEQPACKET                   = 0x5
 	SOCK_STREAM                      = 0x1
-	SOL_AAL                          = 0x109
-	SOL_ALG                          = 0x117
-	SOL_ATM                          = 0x108
-	SOL_CAIF                         = 0x116
-	SOL_DCCP                         = 0x10d
-	SOL_DECNET                       = 0x105
-	SOL_ICMPV6                       = 0x3a
-	SOL_IP                           = 0x0
-	SOL_IPV6                         = 0x29
-	SOL_IRDA                         = 0x10a
-	SOL_IUCV                         = 0x115
-	SOL_KCM                          = 0x119
-	SOL_LLC                          = 0x10c
-	SOL_NETBEUI                      = 0x10b
-	SOL_NETLINK                      = 0x10e
-	SOL_NFC                          = 0x118
-	SOL_PACKET                       = 0x107
-	SOL_PNPIPE                       = 0x113
-	SOL_PPPOL2TP                     = 0x111
-	SOL_RAW                          = 0xff
-	SOL_RDS                          = 0x114
-	SOL_RXRPC                        = 0x110
 	SOL_SOCKET                       = 0xffff
-	SOL_TCP                          = 0x6
-	SOL_TIPC                         = 0x10f
-	SOL_X25                          = 0x106
-	SOMAXCONN                        = 0x80
 	SO_ACCEPTCONN                    = 0x8000
 	SO_ATTACH_BPF                    = 0x34
-	SO_ATTACH_FILTER                 = 0x1a
 	SO_ATTACH_REUSEPORT_CBPF         = 0x35
 	SO_ATTACH_REUSEPORT_EBPF         = 0x36
 	SO_BINDTODEVICE                  = 0xd
+	SO_BINDTOIFINDEX                 = 0x41
 	SO_BPF_EXTENSIONS                = 0x32
 	SO_BROADCAST                     = 0x20
 	SO_BSDCOMPAT                     = 0x400
 	SO_BUSY_POLL                     = 0x30
+	SO_BUSY_POLL_BUDGET              = 0x49
 	SO_CNX_ADVICE                    = 0x37
-	SO_DEBUG                         = 0x1
-	SO_DETACH_BPF                    = 0x1b
-	SO_DETACH_FILTER                 = 0x1b
+	SO_COOKIE                        = 0x3b
+	SO_DETACH_REUSEPORT_BPF          = 0x47
 	SO_DOMAIN                        = 0x1029
 	SO_DONTROUTE                     = 0x10
 	SO_ERROR                         = 0x1007
-	SO_GET_FILTER                    = 0x1a
 	SO_INCOMING_CPU                  = 0x33
+	SO_INCOMING_NAPI_ID              = 0x3a
 	SO_KEEPALIVE                     = 0x8
 	SO_LINGER                        = 0x80
 	SO_LOCK_FILTER                   = 0x28
 	SO_MARK                          = 0x22
 	SO_MAX_PACING_RATE               = 0x31
+	SO_MEMINFO                       = 0x39
+	SO_NETNS_COOKIE                  = 0x50
 	SO_NOFCS                         = 0x27
-	SO_NO_CHECK                      = 0xb
 	SO_OOBINLINE                     = 0x100
 	SO_PASSCRED                      = 0x2
 	SO_PASSSEC                       = 0x1f
 	SO_PEEK_OFF                      = 0x26
 	SO_PEERCRED                      = 0x40
-	SO_PEERNAME                      = 0x1c
+	SO_PEERGROUPS                    = 0x3d
 	SO_PEERSEC                       = 0x1e
-	SO_PRIORITY                      = 0xc
+	SO_PREFER_BUSY_POLL              = 0x48
 	SO_PROTOCOL                      = 0x1028
 	SO_RCVBUF                        = 0x1002
 	SO_RCVBUFFORCE                   = 0x100b
 	SO_RCVLOWAT                      = 0x800
 	SO_RCVTIMEO                      = 0x2000
+	SO_RCVTIMEO_NEW                  = 0x44
+	SO_RCVTIMEO_OLD                  = 0x2000
 	SO_REUSEADDR                     = 0x4
 	SO_REUSEPORT                     = 0x200
 	SO_RXQ_OVFL                      = 0x24
@@ -1536,50 +391,19 @@ const (
 	SO_SNDBUFFORCE                   = 0x100a
 	SO_SNDLOWAT                      = 0x1000
 	SO_SNDTIMEO                      = 0x4000
-	SO_TIMESTAMP                     = 0x1d
+	SO_SNDTIMEO_NEW                  = 0x45
+	SO_SNDTIMEO_OLD                  = 0x4000
 	SO_TIMESTAMPING                  = 0x23
+	SO_TIMESTAMPING_NEW              = 0x43
+	SO_TIMESTAMPING_OLD              = 0x23
 	SO_TIMESTAMPNS                   = 0x21
+	SO_TIMESTAMPNS_NEW               = 0x42
+	SO_TIMESTAMPNS_OLD               = 0x21
+	SO_TIMESTAMP_NEW                 = 0x46
+	SO_TXTIME                        = 0x3f
 	SO_TYPE                          = 0x1008
-	SO_VM_SOCKETS_BUFFER_MAX_SIZE    = 0x2
-	SO_VM_SOCKETS_BUFFER_MIN_SIZE    = 0x1
-	SO_VM_SOCKETS_BUFFER_SIZE        = 0x0
-	SO_VM_SOCKETS_CONNECT_TIMEOUT    = 0x6
-	SO_VM_SOCKETS_NONBLOCK_TXRX      = 0x7
-	SO_VM_SOCKETS_PEER_HOST_VM_ID    = 0x3
-	SO_VM_SOCKETS_TRUSTED            = 0x5
 	SO_WIFI_STATUS                   = 0x25
-	SPLICE_F_GIFT                    = 0x8
-	SPLICE_F_MORE                    = 0x4
-	SPLICE_F_MOVE                    = 0x1
-	SPLICE_F_NONBLOCK                = 0x2
-	S_BLKSIZE                        = 0x200
-	S_IEXEC                          = 0x40
-	S_IFBLK                          = 0x6000
-	S_IFCHR                          = 0x2000
-	S_IFDIR                          = 0x4000
-	S_IFIFO                          = 0x1000
-	S_IFLNK                          = 0xa000
-	S_IFMT                           = 0xf000
-	S_IFREG                          = 0x8000
-	S_IFSOCK                         = 0xc000
-	S_IREAD                          = 0x100
-	S_IRGRP                          = 0x20
-	S_IROTH                          = 0x4
-	S_IRUSR                          = 0x100
-	S_IRWXG                          = 0x38
-	S_IRWXO                          = 0x7
-	S_IRWXU                          = 0x1c0
-	S_ISGID                          = 0x400
-	S_ISUID                          = 0x800
-	S_ISVTX                          = 0x200
-	S_IWGRP                          = 0x10
-	S_IWOTH                          = 0x2
-	S_IWRITE                         = 0x80
-	S_IWUSR                          = 0x80
-	S_IXGRP                          = 0x8
-	S_IXOTH                          = 0x1
-	S_IXUSR                          = 0x40
-	TAB0                             = 0x0
+	SO_ZEROCOPY                      = 0x3e
 	TAB1                             = 0x800
 	TAB2                             = 0x1000
 	TAB3                             = 0x1800
@@ -1588,54 +412,6 @@ const (
 	TCGETA                           = 0x40125401
 	TCGETS                           = 0x40245408
 	TCGETS2                          = 0x402c540c
-	TCIFLUSH                         = 0x0
-	TCIOFF                           = 0x2
-	TCIOFLUSH                        = 0x2
-	TCION                            = 0x3
-	TCOFLUSH                         = 0x1
-	TCOOFF                           = 0x0
-	TCOON                            = 0x1
-	TCP_CC_INFO                      = 0x1a
-	TCP_CONGESTION                   = 0xd
-	TCP_COOKIE_IN_ALWAYS             = 0x1
-	TCP_COOKIE_MAX                   = 0x10
-	TCP_COOKIE_MIN                   = 0x8
-	TCP_COOKIE_OUT_NEVER             = 0x2
-	TCP_COOKIE_PAIR_SIZE             = 0x20
-	TCP_COOKIE_TRANSACTIONS          = 0xf
-	TCP_CORK                         = 0x3
-	TCP_DEFER_ACCEPT                 = 0x9
-	TCP_FASTOPEN                     = 0x17
-	TCP_INFO                         = 0xb
-	TCP_KEEPCNT                      = 0x6
-	TCP_KEEPIDLE                     = 0x4
-	TCP_KEEPINTVL                    = 0x5
-	TCP_LINGER2                      = 0x8
-	TCP_MAXSEG                       = 0x2
-	TCP_MAXWIN                       = 0xffff
-	TCP_MAX_WINSHIFT                 = 0xe
-	TCP_MD5SIG                       = 0xe
-	TCP_MD5SIG_MAXKEYLEN             = 0x50
-	TCP_MSS                          = 0x200
-	TCP_MSS_DEFAULT                  = 0x218
-	TCP_MSS_DESIRED                  = 0x4c4
-	TCP_NODELAY                      = 0x1
-	TCP_NOTSENT_LOWAT                = 0x19
-	TCP_QUEUE_SEQ                    = 0x15
-	TCP_QUICKACK                     = 0xc
-	TCP_REPAIR                       = 0x13
-	TCP_REPAIR_OPTIONS               = 0x16
-	TCP_REPAIR_QUEUE                 = 0x14
-	TCP_SAVED_SYN                    = 0x1c
-	TCP_SAVE_SYN                     = 0x1b
-	TCP_SYNCNT                       = 0x7
-	TCP_S_DATA_IN                    = 0x4
-	TCP_S_DATA_OUT                   = 0x8
-	TCP_THIN_DUPACK                  = 0x11
-	TCP_THIN_LINEAR_TIMEOUTS         = 0x10
-	TCP_TIMESTAMP                    = 0x18
-	TCP_USER_TIMEOUT                 = 0x12
-	TCP_WINDOW_CLAMP                 = 0xa
 	TCSAFLUSH                        = 0x2
 	TCSBRK                           = 0x20005405
 	TCSBRKP                          = 0x5425
@@ -1649,6 +425,8 @@ const (
 	TCSETSW                          = 0x8024540a
 	TCSETSW2                         = 0x802c540e
 	TCXONC                           = 0x20005406
+	TFD_CLOEXEC                      = 0x400000
+	TFD_NONBLOCK                     = 0x4000
 	TIOCCBRK                         = 0x2000747a
 	TIOCCONS                         = 0x20007424
 	TIOCEXCL                         = 0x2000740d
@@ -1656,11 +434,13 @@ const (
 	TIOCGETD                         = 0x40047400
 	TIOCGEXCL                        = 0x40045440
 	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x40285443
 	TIOCGLCKTRMIOS                   = 0x5456
 	TIOCGPGRP                        = 0x40047483
 	TIOCGPKT                         = 0x40045438
 	TIOCGPTLCK                       = 0x40045439
 	TIOCGPTN                         = 0x40047486
+	TIOCGPTPEER                      = 0x20007489
 	TIOCGRS485                       = 0x40205441
 	TIOCGSERIAL                      = 0x541e
 	TIOCGSID                         = 0x40047485
@@ -1677,28 +457,14 @@ const (
 	TIOCM_CD                         = 0x40
 	TIOCM_CTS                        = 0x20
 	TIOCM_DSR                        = 0x100
-	TIOCM_DTR                        = 0x2
-	TIOCM_LE                         = 0x1
-	TIOCM_LOOP                       = 0x8000
-	TIOCM_OUT1                       = 0x2000
-	TIOCM_OUT2                       = 0x4000
 	TIOCM_RI                         = 0x80
 	TIOCM_RNG                        = 0x80
-	TIOCM_RTS                        = 0x4
 	TIOCM_SR                         = 0x10
 	TIOCM_ST                         = 0x8
 	TIOCNOTTY                        = 0x20007471
 	TIOCNXCL                         = 0x2000740e
 	TIOCOUTQ                         = 0x40047473
 	TIOCPKT                          = 0x80047470
-	TIOCPKT_DATA                     = 0x0
-	TIOCPKT_DOSTOP                   = 0x20
-	TIOCPKT_FLUSHREAD                = 0x1
-	TIOCPKT_FLUSHWRITE               = 0x2
-	TIOCPKT_IOCTL                    = 0x40
-	TIOCPKT_NOSTOP                   = 0x10
-	TIOCPKT_START                    = 0x8
-	TIOCPKT_STOP                     = 0x4
 	TIOCSBRK                         = 0x2000747b
 	TIOCSCTTY                        = 0x20007484
 	TIOCSERCONFIG                    = 0x5453
@@ -1708,9 +474,9 @@ const (
 	TIOCSERGWILD                     = 0x5454
 	TIOCSERSETMULTI                  = 0x545b
 	TIOCSERSWILD                     = 0x5455
-	TIOCSER_TEMT                     = 0x1
 	TIOCSETD                         = 0x80047401
 	TIOCSIG                          = 0x80047488
+	TIOCSISO7816                     = 0xc0285444
 	TIOCSLCKTRMIOS                   = 0x5457
 	TIOCSPGRP                        = 0x80047482
 	TIOCSPTLCK                       = 0x80047487
@@ -1725,6 +491,7 @@ const (
 	TOSTOP                           = 0x100
 	TUNATTACHFILTER                  = 0x801054d5
 	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
 	TUNGETFEATURES                   = 0x400454cf
 	TUNGETFILTER                     = 0x401054db
 	TUNGETIFF                        = 0x400454d2
@@ -1732,7 +499,9 @@ const (
 	TUNGETVNETBE                     = 0x400454df
 	TUNGETVNETHDRSZ                  = 0x400454d7
 	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
 	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
 	TUNSETGROUP                      = 0x800454ce
 	TUNSETIFF                        = 0x800454ca
 	TUNSETIFINDEX                    = 0x800454da
@@ -1743,73 +512,75 @@ const (
 	TUNSETPERSIST                    = 0x800454cb
 	TUNSETQUEUE                      = 0x800454d9
 	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
 	TUNSETTXFILTER                   = 0x800454d1
 	TUNSETVNETBE                     = 0x800454de
 	TUNSETVNETHDRSZ                  = 0x800454d8
 	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
 	VDISCARD                         = 0xd
-	VDSUSP                           = 0xb
 	VEOF                             = 0x4
-	VEOL                             = 0x5
-	VEOL2                            = 0x6
-	VERASE                           = 0x2
-	VINTR                            = 0x0
-	VKILL                            = 0x3
-	VLNEXT                           = 0xf
-	VMADDR_CID_ANY                   = 0xffffffff
-	VMADDR_CID_HOST                  = 0x2
-	VMADDR_CID_HYPERVISOR            = 0x0
-	VMADDR_CID_RESERVED              = 0x1
-	VMADDR_PORT_ANY                  = 0xffffffff
-	VMIN                             = 0x4
-	VQUIT                            = 0x1
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
 	VREPRINT                         = 0xc
 	VSTART                           = 0x8
 	VSTOP                            = 0x9
 	VSUSP                            = 0xa
 	VSWTC                            = 0x7
-	VT0                              = 0x0
 	VT1                              = 0x4000
 	VTDLY                            = 0x4000
 	VTIME                            = 0x5
 	VWERASE                          = 0xe
-	WALL                             = 0x40000000
-	WCLONE                           = 0x80000000
-	WCONTINUED                       = 0x8
-	WEXITED                          = 0x4
-	WNOHANG                          = 0x1
-	WNOTHREAD                        = 0x20000000
-	WNOWAIT                          = 0x1000000
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
 	WORDSIZE                         = 0x40
-	WRAP                             = 0x20000
-	WSTOPPED                         = 0x2
-	WUNTRACED                        = 0x2
 	XCASE                            = 0x4
 	XTABS                            = 0x1800
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
 	__TIOCFLUSH                      = 0x80047410
 )
 
 // Errors
 const (
-	E2BIG           = syscall.Errno(0x7)
-	EACCES          = syscall.Errno(0xd)
 	EADDRINUSE      = syscall.Errno(0x30)
 	EADDRNOTAVAIL   = syscall.Errno(0x31)
 	EADV            = syscall.Errno(0x53)
 	EAFNOSUPPORT    = syscall.Errno(0x2f)
-	EAGAIN          = syscall.Errno(0xb)
 	EALREADY        = syscall.Errno(0x25)
 	EBADE           = syscall.Errno(0x66)
-	EBADF           = syscall.Errno(0x9)
 	EBADFD          = syscall.Errno(0x5d)
 	EBADMSG         = syscall.Errno(0x4c)
 	EBADR           = syscall.Errno(0x67)
 	EBADRQC         = syscall.Errno(0x6a)
 	EBADSLT         = syscall.Errno(0x6b)
 	EBFONT          = syscall.Errno(0x6d)
-	EBUSY           = syscall.Errno(0x10)
 	ECANCELED       = syscall.Errno(0x7f)
-	ECHILD          = syscall.Errno(0xa)
 	ECHRNG          = syscall.Errno(0x5e)
 	ECOMM           = syscall.Errno(0x55)
 	ECONNABORTED    = syscall.Errno(0x35)
@@ -1818,23 +589,15 @@ const (
 	EDEADLK         = syscall.Errno(0x4e)
 	EDEADLOCK       = syscall.Errno(0x6c)
 	EDESTADDRREQ    = syscall.Errno(0x27)
-	EDOM            = syscall.Errno(0x21)
 	EDOTDOT         = syscall.Errno(0x58)
 	EDQUOT          = syscall.Errno(0x45)
-	EEXIST          = syscall.Errno(0x11)
-	EFAULT          = syscall.Errno(0xe)
-	EFBIG           = syscall.Errno(0x1b)
 	EHOSTDOWN       = syscall.Errno(0x40)
 	EHOSTUNREACH    = syscall.Errno(0x41)
 	EHWPOISON       = syscall.Errno(0x87)
 	EIDRM           = syscall.Errno(0x4d)
 	EILSEQ          = syscall.Errno(0x7a)
 	EINPROGRESS     = syscall.Errno(0x24)
-	EINTR           = syscall.Errno(0x4)
-	EINVAL          = syscall.Errno(0x16)
-	EIO             = syscall.Errno(0x5)
 	EISCONN         = syscall.Errno(0x38)
-	EISDIR          = syscall.Errno(0x15)
 	EISNAM          = syscall.Errno(0x78)
 	EKEYEXPIRED     = syscall.Errno(0x81)
 	EKEYREJECTED    = syscall.Errno(0x83)
@@ -1851,8 +614,6 @@ const (
 	ELNRNG          = syscall.Errno(0x62)
 	ELOOP           = syscall.Errno(0x3e)
 	EMEDIUMTYPE     = syscall.Errno(0x7e)
-	EMFILE          = syscall.Errno(0x18)
-	EMLINK          = syscall.Errno(0x1f)
 	EMSGSIZE        = syscall.Errno(0x28)
 	EMULTIHOP       = syscall.Errno(0x57)
 	ENAMETOOLONG    = syscall.Errno(0x3f)
@@ -1860,102 +621,70 @@ const (
 	ENETDOWN        = syscall.Errno(0x32)
 	ENETRESET       = syscall.Errno(0x34)
 	ENETUNREACH     = syscall.Errno(0x33)
-	ENFILE          = syscall.Errno(0x17)
 	ENOANO          = syscall.Errno(0x69)
 	ENOBUFS         = syscall.Errno(0x37)
 	ENOCSI          = syscall.Errno(0x64)
 	ENODATA         = syscall.Errno(0x6f)
-	ENODEV          = syscall.Errno(0x13)
-	ENOENT          = syscall.Errno(0x2)
-	ENOEXEC         = syscall.Errno(0x8)
 	ENOKEY          = syscall.Errno(0x80)
 	ENOLCK          = syscall.Errno(0x4f)
 	ENOLINK         = syscall.Errno(0x52)
 	ENOMEDIUM       = syscall.Errno(0x7d)
-	ENOMEM          = syscall.Errno(0xc)
 	ENOMSG          = syscall.Errno(0x4b)
 	ENONET          = syscall.Errno(0x50)
 	ENOPKG          = syscall.Errno(0x71)
 	ENOPROTOOPT     = syscall.Errno(0x2a)
-	ENOSPC          = syscall.Errno(0x1c)
 	ENOSR           = syscall.Errno(0x4a)
 	ENOSTR          = syscall.Errno(0x48)
 	ENOSYS          = syscall.Errno(0x5a)
-	ENOTBLK         = syscall.Errno(0xf)
 	ENOTCONN        = syscall.Errno(0x39)
-	ENOTDIR         = syscall.Errno(0x14)
 	ENOTEMPTY       = syscall.Errno(0x42)
 	ENOTNAM         = syscall.Errno(0x76)
 	ENOTRECOVERABLE = syscall.Errno(0x85)
 	ENOTSOCK        = syscall.Errno(0x26)
 	ENOTSUP         = syscall.Errno(0x2d)
-	ENOTTY          = syscall.Errno(0x19)
 	ENOTUNIQ        = syscall.Errno(0x73)
-	ENXIO           = syscall.Errno(0x6)
 	EOPNOTSUPP      = syscall.Errno(0x2d)
 	EOVERFLOW       = syscall.Errno(0x5c)
 	EOWNERDEAD      = syscall.Errno(0x84)
-	EPERM           = syscall.Errno(0x1)
 	EPFNOSUPPORT    = syscall.Errno(0x2e)
-	EPIPE           = syscall.Errno(0x20)
 	EPROCLIM        = syscall.Errno(0x43)
 	EPROTO          = syscall.Errno(0x56)
 	EPROTONOSUPPORT = syscall.Errno(0x2b)
 	EPROTOTYPE      = syscall.Errno(0x29)
-	ERANGE          = syscall.Errno(0x22)
 	EREMCHG         = syscall.Errno(0x59)
 	EREMOTE         = syscall.Errno(0x47)
 	EREMOTEIO       = syscall.Errno(0x79)
 	ERESTART        = syscall.Errno(0x74)
 	ERFKILL         = syscall.Errno(0x86)
-	EROFS           = syscall.Errno(0x1e)
 	ERREMOTE        = syscall.Errno(0x51)
 	ESHUTDOWN       = syscall.Errno(0x3a)
 	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
-	ESPIPE          = syscall.Errno(0x1d)
-	ESRCH           = syscall.Errno(0x3)
 	ESRMNT          = syscall.Errno(0x54)
 	ESTALE          = syscall.Errno(0x46)
 	ESTRPIPE        = syscall.Errno(0x5b)
 	ETIME           = syscall.Errno(0x49)
 	ETIMEDOUT       = syscall.Errno(0x3c)
 	ETOOMANYREFS    = syscall.Errno(0x3b)
-	ETXTBSY         = syscall.Errno(0x1a)
 	EUCLEAN         = syscall.Errno(0x75)
 	EUNATCH         = syscall.Errno(0x63)
 	EUSERS          = syscall.Errno(0x44)
-	EWOULDBLOCK     = syscall.Errno(0xb)
-	EXDEV           = syscall.Errno(0x12)
 	EXFULL          = syscall.Errno(0x68)
 )
 
 // Signals
 const (
-	SIGABRT   = syscall.Signal(0x6)
-	SIGALRM   = syscall.Signal(0xe)
 	SIGBUS    = syscall.Signal(0xa)
 	SIGCHLD   = syscall.Signal(0x14)
 	SIGCLD    = syscall.Signal(0x14)
 	SIGCONT   = syscall.Signal(0x13)
 	SIGEMT    = syscall.Signal(0x7)
-	SIGFPE    = syscall.Signal(0x8)
-	SIGHUP    = syscall.Signal(0x1)
-	SIGILL    = syscall.Signal(0x4)
-	SIGINT    = syscall.Signal(0x2)
 	SIGIO     = syscall.Signal(0x17)
-	SIGIOT    = syscall.Signal(0x6)
-	SIGKILL   = syscall.Signal(0x9)
 	SIGLOST   = syscall.Signal(0x1d)
-	SIGPIPE   = syscall.Signal(0xd)
 	SIGPOLL   = syscall.Signal(0x17)
 	SIGPROF   = syscall.Signal(0x1b)
 	SIGPWR    = syscall.Signal(0x1d)
-	SIGQUIT   = syscall.Signal(0x3)
-	SIGSEGV   = syscall.Signal(0xb)
 	SIGSTOP   = syscall.Signal(0x11)
 	SIGSYS    = syscall.Signal(0xc)
-	SIGTERM   = syscall.Signal(0xf)
-	SIGTRAP   = syscall.Signal(0x5)
 	SIGTSTP   = syscall.Signal(0x12)
 	SIGTTIN   = syscall.Signal(0x15)
 	SIGTTOU   = syscall.Signal(0x16)
@@ -1969,174 +698,182 @@ const (
 )
 
 // Error table
-var errors = [...]string{
-	1:   "operation not permitted",
-	2:   "no such file or directory",
-	3:   "no such process",
-	4:   "interrupted system call",
-	5:   "input/output error",
-	6:   "no such device or address",
-	7:   "argument list too long",
-	8:   "exec format error",
-	9:   "bad file descriptor",
-	10:  "no child processes",
-	11:  "resource temporarily unavailable",
-	12:  "cannot allocate memory",
-	13:  "permission denied",
-	14:  "bad address",
-	15:  "block device required",
-	16:  "device or resource busy",
-	17:  "file exists",
-	18:  "invalid cross-device link",
-	19:  "no such device",
-	20:  "not a directory",
-	21:  "is a directory",
-	22:  "invalid argument",
-	23:  "too many open files in system",
-	24:  "too many open files",
-	25:  "inappropriate ioctl for device",
-	26:  "text file busy",
-	27:  "file too large",
-	28:  "no space left on device",
-	29:  "illegal seek",
-	30:  "read-only file system",
-	31:  "too many links",
-	32:  "broken pipe",
-	33:  "numerical argument out of domain",
-	34:  "numerical result out of range",
-	36:  "operation now in progress",
-	37:  "operation already in progress",
-	38:  "socket operation on non-socket",
-	39:  "destination address required",
-	40:  "message too long",
-	41:  "protocol wrong type for socket",
-	42:  "protocol not available",
-	43:  "protocol not supported",
-	44:  "socket type not supported",
-	45:  "operation not supported",
-	46:  "protocol family not supported",
-	47:  "address family not supported by protocol",
-	48:  "address already in use",
-	49:  "cannot assign requested address",
-	50:  "network is down",
-	51:  "network is unreachable",
-	52:  "network dropped connection on reset",
-	53:  "software caused connection abort",
-	54:  "connection reset by peer",
-	55:  "no buffer space available",
-	56:  "transport endpoint is already connected",
-	57:  "transport endpoint is not connected",
-	58:  "cannot send after transport endpoint shutdown",
-	59:  "too many references: cannot splice",
-	60:  "connection timed out",
-	61:  "connection refused",
-	62:  "too many levels of symbolic links",
-	63:  "file name too long",
-	64:  "host is down",
-	65:  "no route to host",
-	66:  "directory not empty",
-	67:  "too many processes",
-	68:  "too many users",
-	69:  "disk quota exceeded",
-	70:  "stale file handle",
-	71:  "object is remote",
-	72:  "device not a stream",
-	73:  "timer expired",
-	74:  "out of streams resources",
-	75:  "no message of desired type",
-	76:  "bad message",
-	77:  "identifier removed",
-	78:  "resource deadlock avoided",
-	79:  "no locks available",
-	80:  "machine is not on the network",
-	81:  "unknown error 81",
-	82:  "link has been severed",
-	83:  "advertise error",
-	84:  "srmount error",
-	85:  "communication error on send",
-	86:  "protocol error",
-	87:  "multihop attempted",
-	88:  "RFS specific error",
-	89:  "remote address changed",
-	90:  "function not implemented",
-	91:  "streams pipe error",
-	92:  "value too large for defined data type",
-	93:  "file descriptor in bad state",
-	94:  "channel number out of range",
-	95:  "level 2 not synchronized",
-	96:  "level 3 halted",
-	97:  "level 3 reset",
-	98:  "link number out of range",
-	99:  "protocol driver not attached",
-	100: "no CSI structure available",
-	101: "level 2 halted",
-	102: "invalid exchange",
-	103: "invalid request descriptor",
-	104: "exchange full",
-	105: "no anode",
-	106: "invalid request code",
-	107: "invalid slot",
-	108: "file locking deadlock error",
-	109: "bad font file format",
-	110: "cannot exec a shared library directly",
-	111: "no data available",
-	112: "accessing a corrupted shared library",
-	113: "package not installed",
-	114: "can not access a needed shared library",
-	115: "name not unique on network",
-	116: "interrupted system call should be restarted",
-	117: "structure needs cleaning",
-	118: "not a XENIX named type file",
-	119: "no XENIX semaphores available",
-	120: "is a named type file",
-	121: "remote I/O error",
-	122: "invalid or incomplete multibyte or wide character",
-	123: "attempting to link in too many shared libraries",
-	124: ".lib section in a.out corrupted",
-	125: "no medium found",
-	126: "wrong medium type",
-	127: "operation canceled",
-	128: "required key not available",
-	129: "key has expired",
-	130: "key has been revoked",
-	131: "key was rejected by service",
-	132: "owner died",
-	133: "state not recoverable",
-	134: "operation not possible due to RF-kill",
-	135: "memory page has hardware error",
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "ENOTSUP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "transport endpoint is already connected"},
+	{57, "ENOTCONN", "transport endpoint is not connected"},
+	{58, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{59, "ETOOMANYREFS", "too many references: cannot splice"},
+	{60, "ETIMEDOUT", "connection timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale file handle"},
+	{71, "EREMOTE", "object is remote"},
+	{72, "ENOSTR", "device not a stream"},
+	{73, "ETIME", "timer expired"},
+	{74, "ENOSR", "out of streams resources"},
+	{75, "ENOMSG", "no message of desired type"},
+	{76, "EBADMSG", "bad message"},
+	{77, "EIDRM", "identifier removed"},
+	{78, "EDEADLK", "resource deadlock avoided"},
+	{79, "ENOLCK", "no locks available"},
+	{80, "ENONET", "machine is not on the network"},
+	{81, "ERREMOTE", "unknown error 81"},
+	{82, "ENOLINK", "link has been severed"},
+	{83, "EADV", "advertise error"},
+	{84, "ESRMNT", "srmount error"},
+	{85, "ECOMM", "communication error on send"},
+	{86, "EPROTO", "protocol error"},
+	{87, "EMULTIHOP", "multihop attempted"},
+	{88, "EDOTDOT", "RFS specific error"},
+	{89, "EREMCHG", "remote address changed"},
+	{90, "ENOSYS", "function not implemented"},
+	{91, "ESTRPIPE", "streams pipe error"},
+	{92, "EOVERFLOW", "value too large for defined data type"},
+	{93, "EBADFD", "file descriptor in bad state"},
+	{94, "ECHRNG", "channel number out of range"},
+	{95, "EL2NSYNC", "level 2 not synchronized"},
+	{96, "EL3HLT", "level 3 halted"},
+	{97, "EL3RST", "level 3 reset"},
+	{98, "ELNRNG", "link number out of range"},
+	{99, "EUNATCH", "protocol driver not attached"},
+	{100, "ENOCSI", "no CSI structure available"},
+	{101, "EL2HLT", "level 2 halted"},
+	{102, "EBADE", "invalid exchange"},
+	{103, "EBADR", "invalid request descriptor"},
+	{104, "EXFULL", "exchange full"},
+	{105, "ENOANO", "no anode"},
+	{106, "EBADRQC", "invalid request code"},
+	{107, "EBADSLT", "invalid slot"},
+	{108, "EDEADLOCK", "file locking deadlock error"},
+	{109, "EBFONT", "bad font file format"},
+	{110, "ELIBEXEC", "cannot exec a shared library directly"},
+	{111, "ENODATA", "no data available"},
+	{112, "ELIBBAD", "accessing a corrupted shared library"},
+	{113, "ENOPKG", "package not installed"},
+	{114, "ELIBACC", "can not access a needed shared library"},
+	{115, "ENOTUNIQ", "name not unique on network"},
+	{116, "ERESTART", "interrupted system call should be restarted"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{123, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{124, "ELIBSCN", ".lib section in a.out corrupted"},
+	{125, "ENOMEDIUM", "no medium found"},
+	{126, "EMEDIUMTYPE", "wrong medium type"},
+	{127, "ECANCELED", "operation canceled"},
+	{128, "ENOKEY", "required key not available"},
+	{129, "EKEYEXPIRED", "key has expired"},
+	{130, "EKEYREVOKED", "key has been revoked"},
+	{131, "EKEYREJECTED", "key was rejected by service"},
+	{132, "EOWNERDEAD", "owner died"},
+	{133, "ENOTRECOVERABLE", "state not recoverable"},
+	{134, "ERFKILL", "operation not possible due to RF-kill"},
+	{135, "EHWPOISON", "memory page has hardware error"},
 }
 
 // Signal table
-var signals = [...]string{
-	1:  "hangup",
-	2:  "interrupt",
-	3:  "quit",
-	4:  "illegal instruction",
-	5:  "trace/breakpoint trap",
-	6:  "aborted",
-	7:  "EMT trap",
-	8:  "floating point exception",
-	9:  "killed",
-	10: "bus error",
-	11: "segmentation fault",
-	12: "bad system call",
-	13: "broken pipe",
-	14: "alarm clock",
-	15: "terminated",
-	16: "urgent I/O condition",
-	17: "stopped (signal)",
-	18: "stopped",
-	19: "continued",
-	20: "child exited",
-	21: "stopped (tty input)",
-	22: "stopped (tty output)",
-	23: "I/O possible",
-	24: "CPU time limit exceeded",
-	25: "file size limit exceeded",
-	26: "virtual timer expired",
-	27: "profiling timer expired",
-	28: "window changed",
-	29: "resource lost",
-	30: "user defined signal 1",
-	31: "user defined signal 2",
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGLOST", "power failure"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
 }
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
index cd93ce0d85e53..72f7420d20a14 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m32
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && netbsd
 // +build 386,netbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
 
 package unix
@@ -158,6 +159,12 @@ const (
 	CLONE_SIGHAND                     = 0x800
 	CLONE_VFORK                       = 0x4000
 	CLONE_VM                          = 0x100
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
 	CREAD                             = 0x800
 	CRTSCTS                           = 0x10000
 	CS5                               = 0x0
@@ -550,6 +557,10 @@ const (
 	EV_ONESHOT                        = 0x10
 	EV_SYSFLAGS                       = 0xf000
 	EXTA                              = 0x4b00
+	EXTATTR_CMD_START                 = 0x1
+	EXTATTR_CMD_STOP                  = 0x2
+	EXTATTR_NAMESPACE_SYSTEM          = 0x2
+	EXTATTR_NAMESPACE_USER            = 0x1
 	EXTB                              = 0x9600
 	EXTPROC                           = 0x800
 	FD_CLOEXEC                        = 0x1
@@ -1016,6 +1027,43 @@ const (
 	MAP_WIRED                         = 0x800
 	MCL_CURRENT                       = 0x1
 	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_BASIC_FLAGS                   = 0xe782807f
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DISCARD                       = 0x800000
+	MNT_EXKERB                        = 0x800
+	MNT_EXNORESPORT                   = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x10000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_EXTATTR                       = 0x1000000
+	MNT_FORCE                         = 0x80000
+	MNT_GETARGS                       = 0x400000
+	MNT_IGNORE                        = 0x100000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_LOG                           = 0x2000000
+	MNT_NOATIME                       = 0x4000000
+	MNT_NOCOREDUMP                    = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NODEVMTIME                    = 0x40000000
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_OP_FLAGS                      = 0x4d0000
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELATIME                      = 0x20000
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x80000000
+	MNT_SYMPERM                       = 0x20000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0xff90ffff
+	MNT_WAIT                          = 0x1
 	MSG_BCAST                         = 0x100
 	MSG_CMSG_CLOEXEC                  = 0x800
 	MSG_CONTROLMBUF                   = 0x2000000
@@ -1044,6 +1092,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_OIFLIST                    = 0x4
 	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4
@@ -1109,7 +1158,10 @@ const (
 	RLIMIT_CPU                        = 0x0
 	RLIMIT_DATA                       = 0x2
 	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
 	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
 	RLIMIT_STACK                      = 0x3
 	RLIM_INFINITY                     = 0x7fffffffffffffff
 	RTAX_AUTHOR                       = 0x6
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
index 071701c41181c..8d4eb0c0804e1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && netbsd
 // +build amd64,netbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -158,6 +159,12 @@ const (
 	CLONE_SIGHAND                     = 0x800
 	CLONE_VFORK                       = 0x4000
 	CLONE_VM                          = 0x100
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
 	CREAD                             = 0x800
 	CRTSCTS                           = 0x10000
 	CS5                               = 0x0
@@ -540,6 +547,10 @@ const (
 	EV_ONESHOT                        = 0x10
 	EV_SYSFLAGS                       = 0xf000
 	EXTA                              = 0x4b00
+	EXTATTR_CMD_START                 = 0x1
+	EXTATTR_CMD_STOP                  = 0x2
+	EXTATTR_NAMESPACE_SYSTEM          = 0x2
+	EXTATTR_NAMESPACE_USER            = 0x1
 	EXTB                              = 0x9600
 	EXTPROC                           = 0x800
 	FD_CLOEXEC                        = 0x1
@@ -1006,6 +1017,43 @@ const (
 	MAP_WIRED                         = 0x800
 	MCL_CURRENT                       = 0x1
 	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_BASIC_FLAGS                   = 0xe782807f
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DISCARD                       = 0x800000
+	MNT_EXKERB                        = 0x800
+	MNT_EXNORESPORT                   = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x10000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_EXTATTR                       = 0x1000000
+	MNT_FORCE                         = 0x80000
+	MNT_GETARGS                       = 0x400000
+	MNT_IGNORE                        = 0x100000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_LOG                           = 0x2000000
+	MNT_NOATIME                       = 0x4000000
+	MNT_NOCOREDUMP                    = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NODEVMTIME                    = 0x40000000
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_OP_FLAGS                      = 0x4d0000
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELATIME                      = 0x20000
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x80000000
+	MNT_SYMPERM                       = 0x20000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0xff90ffff
+	MNT_WAIT                          = 0x1
 	MSG_BCAST                         = 0x100
 	MSG_CMSG_CLOEXEC                  = 0x800
 	MSG_CONTROLMBUF                   = 0x2000000
@@ -1034,6 +1082,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_OIFLIST                    = 0x4
 	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4
@@ -1099,7 +1148,10 @@ const (
 	RLIMIT_CPU                        = 0x0
 	RLIMIT_DATA                       = 0x2
 	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
 	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
 	RLIMIT_STACK                      = 0x3
 	RLIM_INFINITY                     = 0x7fffffffffffffff
 	RTAX_AUTHOR                       = 0x6
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
index 5fe56ae8c7241..9eef9749f6aac 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -marm
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && netbsd
 // +build arm,netbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -marm _const.go
 
 package unix
@@ -150,6 +151,12 @@ const (
 	BRKINT                            = 0x2
 	CFLUSH                            = 0xf
 	CLOCAL                            = 0x8000
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
 	CREAD                             = 0x800
 	CRTSCTS                           = 0x10000
 	CS5                               = 0x0
@@ -532,6 +539,10 @@ const (
 	EV_ONESHOT                        = 0x10
 	EV_SYSFLAGS                       = 0xf000
 	EXTA                              = 0x4b00
+	EXTATTR_CMD_START                 = 0x1
+	EXTATTR_CMD_STOP                  = 0x2
+	EXTATTR_NAMESPACE_SYSTEM          = 0x2
+	EXTATTR_NAMESPACE_USER            = 0x1
 	EXTB                              = 0x9600
 	EXTPROC                           = 0x800
 	FD_CLOEXEC                        = 0x1
@@ -996,6 +1007,43 @@ const (
 	MAP_STACK                         = 0x2000
 	MAP_TRYFIXED                      = 0x400
 	MAP_WIRED                         = 0x800
+	MNT_ASYNC                         = 0x40
+	MNT_BASIC_FLAGS                   = 0xe782807f
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DISCARD                       = 0x800000
+	MNT_EXKERB                        = 0x800
+	MNT_EXNORESPORT                   = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x10000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_EXTATTR                       = 0x1000000
+	MNT_FORCE                         = 0x80000
+	MNT_GETARGS                       = 0x400000
+	MNT_IGNORE                        = 0x100000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_LOG                           = 0x2000000
+	MNT_NOATIME                       = 0x4000000
+	MNT_NOCOREDUMP                    = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NODEVMTIME                    = 0x40000000
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_OP_FLAGS                      = 0x4d0000
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELATIME                      = 0x20000
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x80000000
+	MNT_SYMPERM                       = 0x20000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0xff90ffff
+	MNT_WAIT                          = 0x1
 	MSG_BCAST                         = 0x100
 	MSG_CMSG_CLOEXEC                  = 0x800
 	MSG_CONTROLMBUF                   = 0x2000000
@@ -1024,6 +1072,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_OIFLIST                    = 0x4
 	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4
@@ -1089,7 +1138,10 @@ const (
 	RLIMIT_CPU                        = 0x0
 	RLIMIT_DATA                       = 0x2
 	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
 	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
 	RLIMIT_STACK                      = 0x3
 	RLIM_INFINITY                     = 0x7fffffffffffffff
 	RTAX_AUTHOR                       = 0x6
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
new file mode 100644
index 0000000000000..3b62ba192c352
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -0,0 +1,1770 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build arm64 && netbsd
+// +build arm64,netbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_ARP                            = 0x1c
+	AF_BLUETOOTH                      = 0x1f
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x20
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x23
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OROUTE                         = 0x11
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x22
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ARPHRD_ARCNET                     = 0x7
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	ARPHRD_STRIP                      = 0x17
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B460800                           = 0x70800
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B921600                           = 0xe1000
+	B9600                             = 0x2580
+	BIOCFEEDBACK                      = 0x8004427d
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc0104277
+	BIOCGETIF                         = 0x4090426b
+	BIOCGFEEDBACK                     = 0x4004427c
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRTIMEOUT                     = 0x4010427b
+	BIOCGSEESENT                      = 0x40044278
+	BIOCGSTATS                        = 0x4080426f
+	BIOCGSTATSOLD                     = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044276
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8090426c
+	BIOCSFEEDBACK                     = 0x8004427d
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRTIMEOUT                     = 0x8010427a
+	BIOCSSEESENT                      = 0x80044279
+	BIOCSTCPF                         = 0x80104272
+	BIOCSUDPF                         = 0x80104273
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x8
+	BPF_ALIGNMENT32                   = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DFLTBUFSIZE                   = 0x100000
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x1000000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLONE_CSIGNAL                     = 0xff
+	CLONE_FILES                       = 0x400
+	CLONE_FS                          = 0x200
+	CLONE_PID                         = 0x1000
+	CLONE_PTRACE                      = 0x2000
+	CLONE_SIGHAND                     = 0x800
+	CLONE_VFORK                       = 0x4000
+	CLONE_VM                          = 0x100
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	CTL_QUERY                         = -0x2
+	DIOCBSFLUSH                       = 0x20006478
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HDLC                          = 0x10
+	DLT_HHDLC                         = 0x79
+	DLT_HIPPI                         = 0xf
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0xe
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RAWAF_MASK                    = 0x2240000
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xd
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMUL_LINUX                        = 0x1
+	EMUL_LINUX32                      = 0x5
+	EMUL_MAXID                        = 0x6
+	ETHERCAP_JUMBO_MTU                = 0x4
+	ETHERCAP_VLAN_HWTAGGING           = 0x2
+	ETHERCAP_VLAN_MTU                 = 0x1
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERMTU_JUMBO                    = 0x2328
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOWPROTOCOLS           = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MAX_LEN_JUMBO               = 0x233a
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_PPPOE_ENCAP_LEN             = 0x8
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = 0x2
+	EVFILT_PROC                       = 0x4
+	EVFILT_READ                       = 0x0
+	EVFILT_SIGNAL                     = 0x5
+	EVFILT_SYSCOUNT                   = 0x7
+	EVFILT_TIMER                      = 0x6
+	EVFILT_VNODE                      = 0x3
+	EVFILT_WRITE                      = 0x1
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTATTR_CMD_START                 = 0x1
+	EXTATTR_CMD_STOP                  = 0x2
+	EXTATTR_NAMESPACE_SYSTEM          = 0x2
+	EXTATTR_NAMESPACE_USER            = 0x1
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x100
+	FLUSHO                            = 0x800000
+	F_CLOSEM                          = 0xa
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xc
+	F_FSCTL                           = -0x80000000
+	F_FSDIRMASK                       = 0x70000000
+	F_FSIN                            = 0x10000000
+	F_FSINOUT                         = 0x30000000
+	F_FSOUT                           = 0x20000000
+	F_FSPRIV                          = 0x8000
+	F_FSVOID                          = 0x40000000
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETNOSIGPIPE                    = 0xd
+	F_GETOWN                          = 0x5
+	F_MAXFD                           = 0xb
+	F_OK                              = 0x0
+	F_PARAM_MASK                      = 0xfff
+	F_PARAM_MAX                       = 0xfff
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETNOSIGPIPE                    = 0xe
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFA_ROUTE                         = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8f52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf8
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf2
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xd7
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IPV6_ICMP                 = 0x3a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VRRP                      = 0x70
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_EF                             = 0x8000
+	IP_ERRORMTU                       = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x16
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0x14
+	IP_MF                             = 0x2000
+	IP_MINFRAGSIZE                    = 0x45
+	IP_MINTTL                         = 0x18
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTTL                        = 0x17
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ALIGNMENT_16MB                = 0x18000000
+	MAP_ALIGNMENT_1TB                 = 0x28000000
+	MAP_ALIGNMENT_256TB               = 0x30000000
+	MAP_ALIGNMENT_4GB                 = 0x20000000
+	MAP_ALIGNMENT_64KB                = 0x10000000
+	MAP_ALIGNMENT_64PB                = 0x38000000
+	MAP_ALIGNMENT_MASK                = -0x1000000
+	MAP_ALIGNMENT_SHIFT               = 0x18
+	MAP_ANON                          = 0x1000
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_INHERIT                       = 0x80
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_DEFAULT               = 0x1
+	MAP_INHERIT_DONATE_COPY           = 0x3
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x2000
+	MAP_TRYFIXED                      = 0x400
+	MAP_WIRED                         = 0x800
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_BASIC_FLAGS                   = 0xe782807f
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DISCARD                       = 0x800000
+	MNT_EXKERB                        = 0x800
+	MNT_EXNORESPORT                   = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x10000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_EXTATTR                       = 0x1000000
+	MNT_FORCE                         = 0x80000
+	MNT_GETARGS                       = 0x400000
+	MNT_IGNORE                        = 0x100000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_LOG                           = 0x2000000
+	MNT_NOATIME                       = 0x4000000
+	MNT_NOCOREDUMP                    = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NODEVMTIME                    = 0x40000000
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_OP_FLAGS                      = 0x4d0000
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELATIME                      = 0x20000
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x80000000
+	MNT_SYMPERM                       = 0x20000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0xff90ffff
+	MNT_WAIT                          = 0x1
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CONTROLMBUF                   = 0x2000000
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_IOVUSRSPACE                   = 0x4000000
+	MSG_LENUSRSPACE                   = 0x8000000
+	MSG_MCAST                         = 0x200
+	MSG_NAMEMBUF                      = 0x1000000
+	MSG_NBIO                          = 0x1000
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_USERFLAGS                     = 0xffffff
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x2
+	MS_SYNC                           = 0x4
+	NAME_MAX                          = 0x1ff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x5
+	NET_RT_MAXID                      = 0x6
+	NET_RT_OIFLIST                    = 0x4
+	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFIOGETBMAP                       = 0xc004667a
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	O_ACCMODE                         = 0x3
+	O_ALT_IO                          = 0x40000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x400000
+	O_CREAT                           = 0x200
+	O_DIRECT                          = 0x80000
+	O_DIRECTORY                       = 0x200000
+	O_DSYNC                           = 0x10000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_NOSIGPIPE                       = 0x1000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x20000
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PRI_IOFLUSH                       = 0x7c
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_AS                         = 0xa
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x9
+	RTAX_NETMASK                      = 0x2
+	RTAX_TAG                          = 0x8
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTA_TAG                           = 0x100
+	RTF_ANNOUNCE                      = 0x20000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_CLONED                        = 0x2000
+	RTF_CLONING                       = 0x100
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_MASK                          = 0x80
+	RTF_MODIFIED                      = 0x20
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_REJECT                        = 0x8
+	RTF_SRC                           = 0x10000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDR                       = 0x15
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_GET                           = 0x4
+	RTM_IEEE80211                     = 0x11
+	RTM_IFANNOUNCE                    = 0x10
+	RTM_IFINFO                        = 0x14
+	RTM_LLINFO_UPD                    = 0x13
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_OIFINFO                       = 0xf
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_OOIFINFO                      = 0xe
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_SETGATE                       = 0x12
+	RTM_VERSION                       = 0x4
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x4
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x8
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80906931
+	SIOCADDRT                         = 0x8038720a
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCALIFADDR                      = 0x8118691c
+	SIOCATMARK                        = 0x40047307
+	SIOCDELMULTI                      = 0x80906932
+	SIOCDELRT                         = 0x8038720b
+	SIOCDIFADDR                       = 0x80906919
+	SIOCDIFPHYADDR                    = 0x80906949
+	SIOCDLIFADDR                      = 0x8118691e
+	SIOCGDRVSPEC                      = 0xc028697b
+	SIOCGETPFSYNC                     = 0xc09069f8
+	SIOCGETSGCNT                      = 0xc0207534
+	SIOCGETVIFCNT                     = 0xc0287533
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0906921
+	SIOCGIFADDRPREF                   = 0xc0986920
+	SIOCGIFALIAS                      = 0xc040691b
+	SIOCGIFBRDADDR                    = 0xc0906923
+	SIOCGIFCAP                        = 0xc0206976
+	SIOCGIFCONF                       = 0xc0106926
+	SIOCGIFDATA                       = 0xc0986985
+	SIOCGIFDLT                        = 0xc0906977
+	SIOCGIFDSTADDR                    = 0xc0906922
+	SIOCGIFFLAGS                      = 0xc0906911
+	SIOCGIFGENERIC                    = 0xc090693a
+	SIOCGIFMEDIA                      = 0xc0306936
+	SIOCGIFMETRIC                     = 0xc0906917
+	SIOCGIFMTU                        = 0xc090697e
+	SIOCGIFNETMASK                    = 0xc0906925
+	SIOCGIFPDSTADDR                   = 0xc0906948
+	SIOCGIFPSRCADDR                   = 0xc0906947
+	SIOCGLIFADDR                      = 0xc118691d
+	SIOCGLIFPHYADDR                   = 0xc118694b
+	SIOCGLINKSTR                      = 0xc0286987
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCGVH                           = 0xc0906983
+	SIOCIFCREATE                      = 0x8090697a
+	SIOCIFDESTROY                     = 0x80906979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCINITIFADDR                    = 0xc0706984
+	SIOCSDRVSPEC                      = 0x8028697b
+	SIOCSETPFSYNC                     = 0x809069f7
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8090690c
+	SIOCSIFADDRPREF                   = 0x8098691f
+	SIOCSIFBRDADDR                    = 0x80906913
+	SIOCSIFCAP                        = 0x80206975
+	SIOCSIFDSTADDR                    = 0x8090690e
+	SIOCSIFFLAGS                      = 0x80906910
+	SIOCSIFGENERIC                    = 0x80906939
+	SIOCSIFMEDIA                      = 0xc0906935
+	SIOCSIFMETRIC                     = 0x80906918
+	SIOCSIFMTU                        = 0x8090697f
+	SIOCSIFNETMASK                    = 0x80906916
+	SIOCSIFPHYADDR                    = 0x80406946
+	SIOCSLIFPHYADDR                   = 0x8118694a
+	SIOCSLINKSTR                      = 0x80286988
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SIOCSVH                           = 0xc0906982
+	SIOCZIFDATA                       = 0xc0986986
+	SOCK_CLOEXEC                      = 0x10000000
+	SOCK_DGRAM                        = 0x2
+	SOCK_FLAGS_MASK                   = 0xf0000000
+	SOCK_NONBLOCK                     = 0x20000000
+	SOCK_NOSIGPIPE                    = 0x40000000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_ACCEPTFILTER                   = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NOHEADER                       = 0x100a
+	SO_NOSIGPIPE                      = 0x800
+	SO_OOBINLINE                      = 0x100
+	SO_OVERFLOWED                     = 0x1009
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x100c
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x100b
+	SO_TIMESTAMP                      = 0x2000
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SYSCTL_VERSION                    = 0x1000000
+	SYSCTL_VERS_0                     = 0x0
+	SYSCTL_VERS_1                     = 0x1000000
+	SYSCTL_VERS_MASK                  = 0xff000000
+	S_ARCH1                           = 0x10000
+	S_ARCH2                           = 0x20000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	S_LOGIN_SET                       = 0x1
+	TCIFLUSH                          = 0x1
+	TCIOFLUSH                         = 0x3
+	TCOFLUSH                          = 0x2
+	TCP_CONGCTL                       = 0x20
+	TCP_KEEPCNT                       = 0x6
+	TCP_KEEPIDLE                      = 0x3
+	TCP_KEEPINIT                      = 0x7
+	TCP_KEEPINTVL                     = 0x5
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x10
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x218
+	TCP_NODELAY                       = 0x1
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x40107458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CDTRCTS                  = 0x10
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGLINED                        = 0x40207442
+	TIOCGPGRP                         = 0x40047477
+	TIOCGQSIZE                        = 0x40047481
+	TIOCGRANTPT                       = 0x20007447
+	TIOCGSID                          = 0x40047463
+	TIOCGSIZE                         = 0x40087468
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTMGET                        = 0x40287446
+	TIOCPTSNAME                       = 0x40287448
+	TIOCRCVFRAME                      = 0x80087445
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x2000745f
+	TIOCSLINED                        = 0x80207443
+	TIOCSPGRP                         = 0x80047476
+	TIOCSQSIZE                        = 0x80047480
+	TIOCSSIZE                         = 0x80087467
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x80047465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCXMTFRAME                      = 0x80087444
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALL                              = 0x8
+	WALLSIG                           = 0x8
+	WALTSIG                           = 0x4
+	WCLONE                            = 0x4
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x10000
+	WNOZOMBIE                         = 0x20000
+	WOPTSCHECKED                      = 0x40000
+	WSTOPPED                          = 0x7f
+	WUNTRACED                         = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x58)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x57)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x55)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5e)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x59)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5f)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x5a)
+	ENOSTR          = syscall.Errno(0x5b)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x56)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x60)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x5c)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x20)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large or too small"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol option not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "connection timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EILSEQ", "illegal byte sequence"},
+	{86, "ENOTSUP", "not supported"},
+	{87, "ECANCELED", "operation Canceled"},
+	{88, "EBADMSG", "bad or Corrupt message"},
+	{89, "ENODATA", "no message available"},
+	{90, "ENOSR", "no STREAM resources"},
+	{91, "ENOSTR", "not a STREAM"},
+	{92, "ETIME", "STREAM ioctl timeout"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EMULTIHOP", "multihop attempted"},
+	{95, "ENOLINK", "link has been severed"},
+	{96, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPWR", "power fail/restart"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
index 0a1c3e7e8c3b6..6d56edc05ac3c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m32
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && openbsd
 // +build 386,openbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
 
 package unix
@@ -146,6 +147,13 @@ const (
 	BRKINT                            = 0x2
 	CFLUSH                            = 0xf
 	CLOCAL                            = 0x8000
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
 	CREAD                             = 0x800
 	CRTSCTS                           = 0x10000
 	CS5                               = 0x0
@@ -881,14 +889,15 @@ const (
 	MADV_SPACEAVAIL                   = 0x5
 	MADV_WILLNEED                     = 0x3
 	MAP_ANON                          = 0x1000
-	MAP_COPY                          = 0x4
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
 	MAP_FILE                          = 0x0
 	MAP_FIXED                         = 0x10
-	MAP_FLAGMASK                      = 0x1ff7
-	MAP_HASSEMAPHORE                  = 0x200
-	MAP_INHERIT                       = 0x80
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
 	MAP_INHERIT_COPY                  = 0x1
-	MAP_INHERIT_DONATE_COPY           = 0x3
 	MAP_INHERIT_NONE                  = 0x2
 	MAP_INHERIT_SHARE                 = 0x0
 	MAP_NOEXTEND                      = 0x100
@@ -896,9 +905,36 @@ const (
 	MAP_PRIVATE                       = 0x2
 	MAP_RENAME                        = 0x20
 	MAP_SHARED                        = 0x1
-	MAP_TRYFIXED                      = 0x400
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
 	MCL_CURRENT                       = 0x1
 	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
 	MSG_BCAST                         = 0x100
 	MSG_CTRUNC                        = 0x20
 	MSG_DONTROUTE                     = 0x4
@@ -920,6 +956,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_STATS                      = 0x4
 	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4
@@ -983,7 +1020,10 @@ const (
 	RLIMIT_CPU                        = 0x0
 	RLIMIT_DATA                       = 0x2
 	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
 	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
 	RLIMIT_STACK                      = 0x3
 	RLIM_INFINITY                     = 0x7fffffffffffffff
 	RTAX_AUTHOR                       = 0x6
@@ -1218,6 +1258,34 @@ const (
 	SO_TIMESTAMP                      = 0x800
 	SO_TYPE                           = 0x1008
 	SO_USELOOPBACK                    = 0x40
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
 	TCIFLUSH                          = 0x1
 	TCIOFLUSH                         = 0x3
 	TCOFLUSH                          = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
index acfc664691942..25cb6094813cc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && openbsd
 // +build amd64,openbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -153,6 +154,13 @@ const (
 	CLOCK_REALTIME                    = 0x0
 	CLOCK_THREAD_CPUTIME_ID           = 0x4
 	CLOCK_UPTIME                      = 0x5
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
 	CREAD                             = 0x800
 	CRTSCTS                           = 0x10000
 	CS5                               = 0x0
@@ -472,6 +480,7 @@ const (
 	F_GETLK                           = 0x7
 	F_GETOWN                          = 0x5
 	F_ISATTY                          = 0xb
+	F_OK                              = 0x0
 	F_RDLCK                           = 0x1
 	F_SETFD                           = 0x2
 	F_SETFL                           = 0x4
@@ -919,10 +928,11 @@ const (
 	MADV_WILLNEED                     = 0x3
 	MAP_ANON                          = 0x1000
 	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
 	MAP_COPY                          = 0x2
 	MAP_FILE                          = 0x0
 	MAP_FIXED                         = 0x10
-	MAP_FLAGMASK                      = 0x7ff7
+	MAP_FLAGMASK                      = 0xfff7
 	MAP_HASSEMAPHORE                  = 0x0
 	MAP_INHERIT                       = 0x0
 	MAP_INHERIT_COPY                  = 0x1
@@ -938,6 +948,34 @@ const (
 	MAP_TRYFIXED                      = 0x0
 	MCL_CURRENT                       = 0x1
 	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOPERM                        = 0x20
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_STALLED                       = 0x100000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
 	MSG_BCAST                         = 0x100
 	MSG_CMSG_CLOEXEC                  = 0x800
 	MSG_CTRUNC                        = 0x20
@@ -961,6 +999,7 @@ const (
 	NET_RT_MAXID                      = 0x7
 	NET_RT_STATS                      = 0x4
 	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOKERNINFO                        = 0x2000000
 	NOTE_ATTRIB                       = 0x8
@@ -1296,6 +1335,34 @@ const (
 	SO_TYPE                           = 0x1008
 	SO_USELOOPBACK                    = 0x40
 	SO_ZEROIZE                        = 0x2000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
 	TCIFLUSH                          = 0x1
 	TCIOFF                            = 0x3
 	TCIOFLUSH                         = 0x3
@@ -1386,6 +1453,8 @@ const (
 	TIOCUCNTL_CBRK                    = 0x7a
 	TIOCUCNTL_SBRK                    = 0x7b
 	TOSTOP                            = 0x400000
+	UTIME_NOW                         = -0x2
+	UTIME_OMIT                        = -0x1
 	VDISCARD                          = 0xf
 	VDSUSP                            = 0xb
 	VEOF                              = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
index 93e37c4b289ed..aef6c085609ab 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -1,11 +1,12 @@
 // mkerrors.sh
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
-// Created by cgo -godefs - DO NOT EDIT
-// cgo -godefs -- _const.go
-
+//go:build arm && openbsd
 // +build arm,openbsd
 
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- _const.go
+
 package unix
 
 import "syscall"
@@ -146,6 +147,13 @@ const (
 	BRKINT                            = 0x2
 	CFLUSH                            = 0xf
 	CLOCAL                            = 0x8000
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
 	CREAD                             = 0x800
 	CRTSCTS                           = 0x10000
 	CS5                               = 0x0
@@ -881,10 +889,11 @@ const (
 	MADV_WILLNEED                     = 0x3
 	MAP_ANON                          = 0x1000
 	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
 	MAP_COPY                          = 0x2
 	MAP_FILE                          = 0x0
 	MAP_FIXED                         = 0x10
-	MAP_FLAGMASK                      = 0x3ff7
+	MAP_FLAGMASK                      = 0xfff7
 	MAP_HASSEMAPHORE                  = 0x0
 	MAP_INHERIT                       = 0x0
 	MAP_INHERIT_COPY                  = 0x1
@@ -896,9 +905,36 @@ const (
 	MAP_PRIVATE                       = 0x2
 	MAP_RENAME                        = 0x0
 	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
 	MAP_TRYFIXED                      = 0x0
 	MCL_CURRENT                       = 0x1
 	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
 	MSG_BCAST                         = 0x100
 	MSG_CMSG_CLOEXEC                  = 0x800
 	MSG_CTRUNC                        = 0x20
@@ -921,6 +957,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_STATS                      = 0x4
 	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4
@@ -983,7 +1020,10 @@ const (
 	RLIMIT_CPU                        = 0x0
 	RLIMIT_DATA                       = 0x2
 	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
 	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
 	RLIMIT_STACK                      = 0x3
 	RLIM_INFINITY                     = 0x7fffffffffffffff
 	RTAX_AUTHOR                       = 0x6
@@ -1221,6 +1261,34 @@ const (
 	SO_TIMESTAMP                      = 0x800
 	SO_TYPE                           = 0x1008
 	SO_USELOOPBACK                    = 0x40
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
 	TCIFLUSH                          = 0x1
 	TCIOFLUSH                         = 0x3
 	TCOFLUSH                          = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
new file mode 100644
index 0000000000000..90de7dfc33a35
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -0,0 +1,1798 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build arm64 && openbsd
+// +build arm64,openbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_BLUETOOTH                      = 0x20
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_ENCAP                          = 0x1c
+	AF_HYLINK                         = 0xf
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_KEY                            = 0x1e
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x24
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x1d
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ALTWERASE                         = 0x200
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDIRFILT                      = 0x4004427c
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc010427b
+	BIOCGETIF                         = 0x4020426b
+	BIOCGFILDROP                      = 0x40044278
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044273
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCLOCK                          = 0x20004276
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDIRFILT                      = 0x8004427d
+	BIOCSDLT                          = 0x8004427a
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8020426c
+	BIOCSETWF                         = 0x80104277
+	BIOCSFILDROP                      = 0x80044279
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044272
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIRECTION_IN                  = 0x1
+	BPF_DIRECTION_OUT                 = 0x2
+	BPF_DIV                           = 0x30
+	BPF_FILDROP_CAPTURE               = 0x1
+	BPF_FILDROP_DROP                  = 0x2
+	BPF_FILDROP_PASS                  = 0x0
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x200000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_BOOTTIME                    = 0x6
+	CLOCK_MONOTONIC                   = 0x3
+	CLOCK_PROCESS_CPUTIME_ID          = 0x2
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x4
+	CLOCK_UPTIME                      = 0x5
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0xff
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DIOCOSFPFLUSH                     = 0x2000444e
+	DLT_ARCNET                        = 0x7
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AX25                          = 0x3
+	DLT_CHAOS                         = 0x5
+	DLT_C_HDLC                        = 0x68
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0xd
+	DLT_FDDI                          = 0xa
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_LOOP                          = 0xc
+	DLT_MPLS                          = 0xdb
+	DLT_NULL                          = 0x0
+	DLT_OPENFLOW                      = 0x10b
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PRONET                        = 0x4
+	DLT_RAW                           = 0xe
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_USBPCAP                       = 0xf9
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMT_TAGOVF                        = 0x1
+	EMUL_ENABLED                      = 0x1
+	EMUL_NATIVE                       = 0x2
+	ENDRUNDISC                        = 0x9
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_AOE                     = 0x88a2
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LLDP                    = 0x88cc
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PBB                     = 0x88e7
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_QINQ                    = 0x88a8
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOW                    = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_ALIGN                       = 0x2
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_DIX_LEN                 = 0x600
+	ETHER_MAX_HARDMTU_LEN             = 0xff9b
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = -0x3
+	EVFILT_DEVICE                     = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0x8
+	EVFILT_TIMER                      = -0x7
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EVL_ENCAPLEN                      = 0x4
+	EVL_PRIO_BITS                     = 0xd
+	EVL_PRIO_MAX                      = 0x7
+	EVL_VLID_MASK                     = 0xfff
+	EVL_VLID_MAX                      = 0xffe
+	EVL_VLID_MIN                      = 0x1
+	EVL_VLID_NULL                     = 0x0
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FLUSHO                            = 0x800000
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xa
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETOWN                          = 0x5
+	F_ISATTY                          = 0xb
+	F_OK                              = 0x0
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8e52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_STATICARP                     = 0x20
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BLUETOOTH                     = 0xf8
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf7
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DUMMY                         = 0xf1
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf3
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MBIM                          = 0xfa
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFLOW                         = 0xf9
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf2
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IN_RFC3021_HOST                   = 0x1
+	IN_RFC3021_NET                    = 0xfffffffe
+	IN_RFC3021_NSHIFT                 = 0x1f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DIVERT                    = 0x102
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x103
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_MPLS                      = 0x89
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPV6_AUTH_LEVEL                   = 0x35
+	IPV6_AUTOFLOWLABEL                = 0x3b
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_ESP_NETWORK_LEVEL            = 0x37
+	IPV6_ESP_TRANS_LEVEL              = 0x36
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPCOMP_LEVEL                 = 0x3c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MINHOPCOUNT                  = 0x41
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_OPTIONS                      = 0x1
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PIPEX                        = 0x3f
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVDSTPORT                  = 0x40
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTABLE                       = 0x1021
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_AUTH_LEVEL                     = 0x14
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_ESP_NETWORK_LEVEL              = 0x16
+	IP_ESP_TRANS_LEVEL                = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPCOMP_LEVEL                   = 0x1d
+	IP_IPDEFTTL                       = 0x25
+	IP_IPSECFLOWINFO                  = 0x24
+	IP_IPSEC_LOCAL_AUTH               = 0x1b
+	IP_IPSEC_LOCAL_CRED               = 0x19
+	IP_IPSEC_LOCAL_ID                 = 0x17
+	IP_IPSEC_REMOTE_AUTH              = 0x1c
+	IP_IPSEC_REMOTE_CRED              = 0x1a
+	IP_IPSEC_REMOTE_ID                = 0x18
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MF                             = 0x2000
+	IP_MINTTL                         = 0x20
+	IP_MIN_MEMBERSHIPS                = 0xf
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PIPEX                          = 0x22
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVDSTPORT                    = 0x21
+	IP_RECVIF                         = 0x1e
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVRTABLE                     = 0x23
+	IP_RECVTTL                        = 0x1f
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RTABLE                         = 0x1021
+	IP_SENDSRCADDR                    = 0x7
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUCLC                             = 0x1000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LCNT_OVERLOAD_FLUSH               = 0x6
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_INHERIT_ZERO                  = 0x3
+	MAP_NOEXTEND                      = 0x0
+	MAP_NORESERVE                     = 0x0
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x0
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOPERM                        = 0x20
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_STALLED                       = 0x100000
+	MNT_SWAPPABLE                     = 0x200000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_MCAST                         = 0x200
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x4
+	MS_SYNC                           = 0x2
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFNAMES                    = 0x6
+	NET_RT_MAXID                      = 0x7
+	NET_RT_STATS                      = 0x4
+	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHANGE                       = 0x1
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EOF                          = 0x2
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRUNCATE                     = 0x80
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OLCUC                             = 0x20
+	ONLCR                             = 0x2
+	ONLRET                            = 0x80
+	ONOCR                             = 0x40
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x10000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x20000
+	O_DSYNC                           = 0x80
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x80
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PF_FLUSH                          = 0x1
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BFD                          = 0xb
+	RTAX_BRD                          = 0x7
+	RTAX_DNS                          = 0xc
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_LABEL                        = 0xa
+	RTAX_MAX                          = 0xf
+	RTAX_NETMASK                      = 0x2
+	RTAX_SEARCH                       = 0xe
+	RTAX_SRC                          = 0x8
+	RTAX_SRCMASK                      = 0x9
+	RTAX_STATIC                       = 0xd
+	RTA_AUTHOR                        = 0x40
+	RTA_BFD                           = 0x800
+	RTA_BRD                           = 0x80
+	RTA_DNS                           = 0x1000
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_LABEL                         = 0x400
+	RTA_NETMASK                       = 0x4
+	RTA_SEARCH                        = 0x4000
+	RTA_SRC                           = 0x100
+	RTA_SRCMASK                       = 0x200
+	RTA_STATIC                        = 0x2000
+	RTF_ANNOUNCE                      = 0x4000
+	RTF_BFD                           = 0x1000000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CACHED                        = 0x20000
+	RTF_CLONED                        = 0x10000
+	RTF_CLONING                       = 0x100
+	RTF_CONNECTED                     = 0x800000
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_FMASK                         = 0x110fc08
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MPATH                         = 0x40000
+	RTF_MPLS                          = 0x100000
+	RTF_MULTICAST                     = 0x200
+	RTF_PERMANENT_ARP                 = 0x2000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x2000
+	RTF_REJECT                        = 0x8
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_USETRAILERS                   = 0x8000
+	RTM_80211INFO                     = 0x15
+	RTM_ADD                           = 0x1
+	RTM_BFD                           = 0x12
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDRATTR                   = 0x14
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DESYNC                        = 0x10
+	RTM_GET                           = 0x4
+	RTM_IFANNOUNCE                    = 0xf
+	RTM_IFINFO                        = 0xe
+	RTM_INVALIDATE                    = 0x11
+	RTM_LOSING                        = 0x5
+	RTM_MAXSIZE                       = 0x800
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_PROPOSAL                      = 0x13
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RT_TABLEID_BITS                   = 0x8
+	RT_TABLEID_MASK                   = 0xff
+	RT_TABLEID_MAX                    = 0xff
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	RUSAGE_THREAD                     = 0x1
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCAIFGROUP                      = 0x80286987
+	SIOCATMARK                        = 0x40047307
+	SIOCBRDGADD                       = 0x8060693c
+	SIOCBRDGADDL                      = 0x80606949
+	SIOCBRDGADDS                      = 0x80606941
+	SIOCBRDGARL                       = 0x808c694d
+	SIOCBRDGDADDR                     = 0x81286947
+	SIOCBRDGDEL                       = 0x8060693d
+	SIOCBRDGDELS                      = 0x80606942
+	SIOCBRDGFLUSH                     = 0x80606948
+	SIOCBRDGFRL                       = 0x808c694e
+	SIOCBRDGGCACHE                    = 0xc0186941
+	SIOCBRDGGFD                       = 0xc0186952
+	SIOCBRDGGHT                       = 0xc0186951
+	SIOCBRDGGIFFLGS                   = 0xc060693e
+	SIOCBRDGGMA                       = 0xc0186953
+	SIOCBRDGGPARAM                    = 0xc0406958
+	SIOCBRDGGPRI                      = 0xc0186950
+	SIOCBRDGGRL                       = 0xc030694f
+	SIOCBRDGGTO                       = 0xc0186946
+	SIOCBRDGIFS                       = 0xc0606942
+	SIOCBRDGRTS                       = 0xc0206943
+	SIOCBRDGSADDR                     = 0xc1286944
+	SIOCBRDGSCACHE                    = 0x80186940
+	SIOCBRDGSFD                       = 0x80186952
+	SIOCBRDGSHT                       = 0x80186951
+	SIOCBRDGSIFCOST                   = 0x80606955
+	SIOCBRDGSIFFLGS                   = 0x8060693f
+	SIOCBRDGSIFPRIO                   = 0x80606954
+	SIOCBRDGSIFPROT                   = 0x8060694a
+	SIOCBRDGSMA                       = 0x80186953
+	SIOCBRDGSPRI                      = 0x80186950
+	SIOCBRDGSPROTO                    = 0x8018695a
+	SIOCBRDGSTO                       = 0x80186945
+	SIOCBRDGSTXHC                     = 0x80186959
+	SIOCDELLABEL                      = 0x80206997
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFGROUP                      = 0x80286989
+	SIOCDIFPARENT                     = 0x802069b4
+	SIOCDIFPHYADDR                    = 0x80206949
+	SIOCDPWE3NEIGHBOR                 = 0x802069de
+	SIOCDVNETID                       = 0x802069af
+	SIOCGETKALIVE                     = 0xc01869a4
+	SIOCGETLABEL                      = 0x8020699a
+	SIOCGETMPWCFG                     = 0xc02069ae
+	SIOCGETPFLOW                      = 0xc02069fe
+	SIOCGETPFSYNC                     = 0xc02069f8
+	SIOCGETSGCNT                      = 0xc0207534
+	SIOCGETVIFCNT                     = 0xc0287533
+	SIOCGETVLAN                       = 0xc0206990
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCONF                       = 0xc0106924
+	SIOCGIFDATA                       = 0xc020691b
+	SIOCGIFDESCR                      = 0xc0206981
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGATTR                      = 0xc028698b
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFGLIST                      = 0xc028698d
+	SIOCGIFGMEMB                      = 0xc028698a
+	SIOCGIFGROUP                      = 0xc0286988
+	SIOCGIFHARDMTU                    = 0xc02069a5
+	SIOCGIFLLPRIO                     = 0xc02069b6
+	SIOCGIFMEDIA                      = 0xc0406938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc020697e
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPAIR                       = 0xc02069b1
+	SIOCGIFPARENT                     = 0xc02069b3
+	SIOCGIFPRIORITY                   = 0xc020699c
+	SIOCGIFRDOMAIN                    = 0xc02069a0
+	SIOCGIFRTLABEL                    = 0xc0206983
+	SIOCGIFRXR                        = 0x802069aa
+	SIOCGIFSFFPAGE                    = 0xc1126939
+	SIOCGIFXFLAGS                     = 0xc020699e
+	SIOCGLIFPHYADDR                   = 0xc218694b
+	SIOCGLIFPHYDF                     = 0xc02069c2
+	SIOCGLIFPHYECN                    = 0xc02069c8
+	SIOCGLIFPHYRTABLE                 = 0xc02069a2
+	SIOCGLIFPHYTTL                    = 0xc02069a9
+	SIOCGPGRP                         = 0x40047309
+	SIOCGPWE3                         = 0xc0206998
+	SIOCGPWE3CTRLWORD                 = 0xc02069dc
+	SIOCGPWE3FAT                      = 0xc02069dd
+	SIOCGPWE3NEIGHBOR                 = 0xc21869de
+	SIOCGSPPPPARAMS                   = 0xc0206994
+	SIOCGTXHPRIO                      = 0xc02069c6
+	SIOCGUMBINFO                      = 0xc02069be
+	SIOCGUMBPARAM                     = 0xc02069c0
+	SIOCGVH                           = 0xc02069f6
+	SIOCGVNETFLOWID                   = 0xc02069c4
+	SIOCGVNETID                       = 0xc02069a7
+	SIOCIFAFATTACH                    = 0x801169ab
+	SIOCIFAFDETACH                    = 0x801169ac
+	SIOCIFCREATE                      = 0x8020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCSETKALIVE                     = 0x801869a3
+	SIOCSETLABEL                      = 0x80206999
+	SIOCSETMPWCFG                     = 0x802069ad
+	SIOCSETPFLOW                      = 0x802069fd
+	SIOCSETPFSYNC                     = 0x802069f7
+	SIOCSETVLAN                       = 0x8020698f
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFDESCR                      = 0x80206980
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGATTR                      = 0x8028698c
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFLLADDR                     = 0x8020691f
+	SIOCSIFLLPRIO                     = 0x802069b5
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x8020697f
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPAIR                       = 0x802069b0
+	SIOCSIFPARENT                     = 0x802069b2
+	SIOCSIFPRIORITY                   = 0x8020699b
+	SIOCSIFRDOMAIN                    = 0x8020699f
+	SIOCSIFRTLABEL                    = 0x80206982
+	SIOCSIFXFLAGS                     = 0x8020699d
+	SIOCSLIFPHYADDR                   = 0x8218694a
+	SIOCSLIFPHYDF                     = 0x802069c1
+	SIOCSLIFPHYECN                    = 0x802069c7
+	SIOCSLIFPHYRTABLE                 = 0x802069a1
+	SIOCSLIFPHYTTL                    = 0x802069a8
+	SIOCSPGRP                         = 0x80047308
+	SIOCSPWE3CTRLWORD                 = 0x802069dc
+	SIOCSPWE3FAT                      = 0x802069dd
+	SIOCSPWE3NEIGHBOR                 = 0x821869de
+	SIOCSSPPPPARAMS                   = 0x80206993
+	SIOCSTXHPRIO                      = 0x802069c5
+	SIOCSUMBPARAM                     = 0x802069bf
+	SIOCSVH                           = 0xc02069f5
+	SIOCSVNETFLOWID                   = 0x802069c3
+	SIOCSVNETID                       = 0x802069a6
+	SIOCSWGDPID                       = 0xc018695b
+	SIOCSWGMAXFLOW                    = 0xc0186960
+	SIOCSWGMAXGROUP                   = 0xc018695d
+	SIOCSWSDPID                       = 0x8018695c
+	SIOCSWSPORTNO                     = 0xc060695f
+	SOCK_CLOEXEC                      = 0x8000
+	SOCK_DGRAM                        = 0x2
+	SOCK_DNS                          = 0x1000
+	SOCK_NONBLOCK                     = 0x4000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BINDANY                        = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NETPROC                        = 0x1020
+	SO_OOBINLINE                      = 0x100
+	SO_PEERCRED                       = 0x1022
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_RTABLE                         = 0x1021
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_SPLICE                         = 0x1023
+	SO_TIMESTAMP                      = 0x800
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SO_ZEROIZE                        = 0x2000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x3
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x4
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOPUSH                        = 0x10
+	TCP_SACK_ENABLE                   = 0x8
+	TCSAFLUSH                         = 0x2
+	TIMER_ABSTIME                     = 0x1
+	TIMER_RELTIME                     = 0x0
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCHKVERAUTH                    = 0x2000741e
+	TIOCCLRVERAUTH                    = 0x2000741d
+	TIOCCONS                          = 0x80047462
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_PPS                      = 0x10
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGPGRP                         = 0x40047477
+	TIOCGSID                          = 0x40047463
+	TIOCGTSTAMP                       = 0x4010745b
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x4004746a
+	TIOCMODS                          = 0x8004746d
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSETVERAUTH                    = 0x8004741c
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x8004745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTOP                          = 0x2000746f
+	TIOCSTSTAMP                       = 0x8008745a
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCUCNTL_CBRK                    = 0x7a
+	TIOCUCNTL_SBRK                    = 0x7b
+	TOSTOP                            = 0x400000
+	UTIME_NOW                         = -0x2
+	UTIME_OMIT                        = -0x1
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_ANONMIN                        = 0x7
+	VM_LOADAVG                        = 0x2
+	VM_MALLOC_CONF                    = 0xc
+	VM_MAXID                          = 0xd
+	VM_MAXSLP                         = 0xa
+	VM_METER                          = 0x1
+	VM_NKMEMPAGES                     = 0x6
+	VM_PSSTRINGS                      = 0x3
+	VM_SWAPENCRYPT                    = 0x5
+	VM_USPACE                         = 0xb
+	VM_UVMEXP                         = 0x4
+	VM_VNODEMIN                       = 0x9
+	VM_VTEXTMIN                       = 0x8
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALTSIG                           = 0x4
+	WCONTINUED                        = 0x8
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WUNTRACED                         = 0x2
+	XCASE                             = 0x1000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x5c)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x58)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x59)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EIPSEC          = syscall.Errno(0x52)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x5f)
+	ELOOP           = syscall.Errno(0x3e)
+	EMEDIUMTYPE     = syscall.Errno(0x56)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x53)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOMEDIUM       = syscall.Errno(0x55)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5a)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5d)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x5b)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x57)
+	EOWNERDEAD      = syscall.Errno(0x5e)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5f)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC program not available"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIPSEC", "IPsec processing failure"},
+	{83, "ENOATTR", "attribute not found"},
+	{84, "EILSEQ", "illegal byte sequence"},
+	{85, "ENOMEDIUM", "no medium found"},
+	{86, "EMEDIUMTYPE", "wrong medium type"},
+	{87, "EOVERFLOW", "value too large to be stored in data type"},
+	{88, "ECANCELED", "operation canceled"},
+	{89, "EIDRM", "identifier removed"},
+	{90, "ENOMSG", "no message of desired type"},
+	{91, "ENOTSUP", "not supported"},
+	{92, "EBADMSG", "bad message"},
+	{93, "ENOTRECOVERABLE", "state not recoverable"},
+	{94, "EOWNERDEAD", "previous owner died"},
+	{95, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "thread AST"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
new file mode 100644
index 0000000000000..f1154ff56f6c1
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
@@ -0,0 +1,1863 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build mips64 && openbsd
+// +build mips64,openbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_BLUETOOTH                      = 0x20
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_ENCAP                          = 0x1c
+	AF_HYLINK                         = 0xf
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_KEY                            = 0x1e
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x24
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x1d
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ALTWERASE                         = 0x200
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDIRFILT                      = 0x4004427c
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc010427b
+	BIOCGETIF                         = 0x4020426b
+	BIOCGFILDROP                      = 0x40044278
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044273
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCLOCK                          = 0x20004276
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDIRFILT                      = 0x8004427d
+	BIOCSDLT                          = 0x8004427a
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8020426c
+	BIOCSETWF                         = 0x80104277
+	BIOCSFILDROP                      = 0x80044279
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044272
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIRECTION_IN                  = 0x1
+	BPF_DIRECTION_OUT                 = 0x2
+	BPF_DIV                           = 0x30
+	BPF_FILDROP_CAPTURE               = 0x1
+	BPF_FILDROP_DROP                  = 0x2
+	BPF_FILDROP_PASS                  = 0x0
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x200000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_BOOTTIME                    = 0x6
+	CLOCK_MONOTONIC                   = 0x3
+	CLOCK_PROCESS_CPUTIME_ID          = 0x2
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x4
+	CLOCK_UPTIME                      = 0x5
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0xff
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DIOCADDQUEUE                      = 0xc110445d
+	DIOCADDRULE                       = 0xcd604404
+	DIOCADDSTATE                      = 0xc1084425
+	DIOCCHANGERULE                    = 0xcd60441a
+	DIOCCLRIFFLAG                     = 0xc028445a
+	DIOCCLRSRCNODES                   = 0x20004455
+	DIOCCLRSTATES                     = 0xc0e04412
+	DIOCCLRSTATUS                     = 0xc0284416
+	DIOCGETLIMIT                      = 0xc0084427
+	DIOCGETQSTATS                     = 0xc1204460
+	DIOCGETQUEUE                      = 0xc110445f
+	DIOCGETQUEUES                     = 0xc110445e
+	DIOCGETRULE                       = 0xcd604407
+	DIOCGETRULES                      = 0xcd604406
+	DIOCGETRULESET                    = 0xc444443b
+	DIOCGETRULESETS                   = 0xc444443a
+	DIOCGETSRCNODES                   = 0xc0104454
+	DIOCGETSTATE                      = 0xc1084413
+	DIOCGETSTATES                     = 0xc0104419
+	DIOCGETSTATUS                     = 0xc1e84415
+	DIOCGETSYNFLWATS                  = 0xc0084463
+	DIOCGETTIMEOUT                    = 0xc008441e
+	DIOCIGETIFACES                    = 0xc0284457
+	DIOCKILLSRCNODES                  = 0xc080445b
+	DIOCKILLSTATES                    = 0xc0e04429
+	DIOCNATLOOK                       = 0xc0504417
+	DIOCOSFPADD                       = 0xc088444f
+	DIOCOSFPFLUSH                     = 0x2000444e
+	DIOCOSFPGET                       = 0xc0884450
+	DIOCRADDADDRS                     = 0xc4504443
+	DIOCRADDTABLES                    = 0xc450443d
+	DIOCRCLRADDRS                     = 0xc4504442
+	DIOCRCLRASTATS                    = 0xc4504448
+	DIOCRCLRTABLES                    = 0xc450443c
+	DIOCRCLRTSTATS                    = 0xc4504441
+	DIOCRDELADDRS                     = 0xc4504444
+	DIOCRDELTABLES                    = 0xc450443e
+	DIOCRGETADDRS                     = 0xc4504446
+	DIOCRGETASTATS                    = 0xc4504447
+	DIOCRGETTABLES                    = 0xc450443f
+	DIOCRGETTSTATS                    = 0xc4504440
+	DIOCRINADEFINE                    = 0xc450444d
+	DIOCRSETADDRS                     = 0xc4504445
+	DIOCRSETTFLAGS                    = 0xc450444a
+	DIOCRTSTADDRS                     = 0xc4504449
+	DIOCSETDEBUG                      = 0xc0044418
+	DIOCSETHOSTID                     = 0xc0044456
+	DIOCSETIFFLAG                     = 0xc0284459
+	DIOCSETLIMIT                      = 0xc0084428
+	DIOCSETREASS                      = 0xc004445c
+	DIOCSETSTATUSIF                   = 0xc0284414
+	DIOCSETSYNCOOKIES                 = 0xc0014462
+	DIOCSETSYNFLWATS                  = 0xc0084461
+	DIOCSETTIMEOUT                    = 0xc008441d
+	DIOCSTART                         = 0x20004401
+	DIOCSTOP                          = 0x20004402
+	DIOCXBEGIN                        = 0xc0104451
+	DIOCXCOMMIT                       = 0xc0104452
+	DIOCXROLLBACK                     = 0xc0104453
+	DLT_ARCNET                        = 0x7
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AX25                          = 0x3
+	DLT_CHAOS                         = 0x5
+	DLT_C_HDLC                        = 0x68
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0xd
+	DLT_FDDI                          = 0xa
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_LOOP                          = 0xc
+	DLT_MPLS                          = 0xdb
+	DLT_NULL                          = 0x0
+	DLT_OPENFLOW                      = 0x10b
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PRONET                        = 0x4
+	DLT_RAW                           = 0xe
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_USBPCAP                       = 0xf9
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMT_TAGOVF                        = 0x1
+	EMUL_ENABLED                      = 0x1
+	EMUL_NATIVE                       = 0x2
+	ENDRUNDISC                        = 0x9
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_AOE                     = 0x88a2
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LLDP                    = 0x88cc
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MACSEC                  = 0x88e5
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PBB                     = 0x88e7
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_QINQ                    = 0x88a8
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOW                    = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_ALIGN                       = 0x2
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_DIX_LEN                 = 0x600
+	ETHER_MAX_HARDMTU_LEN             = 0xff9b
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = -0x3
+	EVFILT_DEVICE                     = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0x8
+	EVFILT_TIMER                      = -0x7
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EVL_ENCAPLEN                      = 0x4
+	EVL_PRIO_BITS                     = 0xd
+	EVL_PRIO_MAX                      = 0x7
+	EVL_VLID_MASK                     = 0xfff
+	EVL_VLID_MAX                      = 0xffe
+	EVL_VLID_MIN                      = 0x1
+	EVL_VLID_NULL                     = 0x0
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FLUSHO                            = 0x800000
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xa
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETOWN                          = 0x5
+	F_ISATTY                          = 0xb
+	F_OK                              = 0x0
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8e52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_STATICARP                     = 0x20
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BLUETOOTH                     = 0xf8
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf7
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DUMMY                         = 0xf1
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf3
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MBIM                          = 0xfa
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFLOW                         = 0xf9
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf2
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IN_RFC3021_HOST                   = 0x1
+	IN_RFC3021_NET                    = 0xfffffffe
+	IN_RFC3021_NSHIFT                 = 0x1f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DIVERT                    = 0x102
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x103
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_MPLS                      = 0x89
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_UDPLITE                   = 0x88
+	IPV6_AUTH_LEVEL                   = 0x35
+	IPV6_AUTOFLOWLABEL                = 0x3b
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_ESP_NETWORK_LEVEL            = 0x37
+	IPV6_ESP_TRANS_LEVEL              = 0x36
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xfffffff
+	IPV6_FLOWLABEL_MASK               = 0xfffff
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPCOMP_LEVEL                 = 0x3c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MINHOPCOUNT                  = 0x41
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_OPTIONS                      = 0x1
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PIPEX                        = 0x3f
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVDSTPORT                  = 0x40
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTABLE                       = 0x1021
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_AUTH_LEVEL                     = 0x14
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_ESP_NETWORK_LEVEL              = 0x16
+	IP_ESP_TRANS_LEVEL                = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPCOMP_LEVEL                   = 0x1d
+	IP_IPDEFTTL                       = 0x25
+	IP_IPSECFLOWINFO                  = 0x24
+	IP_IPSEC_LOCAL_AUTH               = 0x1b
+	IP_IPSEC_LOCAL_CRED               = 0x19
+	IP_IPSEC_LOCAL_ID                 = 0x17
+	IP_IPSEC_REMOTE_AUTH              = 0x1c
+	IP_IPSEC_REMOTE_CRED              = 0x1a
+	IP_IPSEC_REMOTE_ID                = 0x18
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MF                             = 0x2000
+	IP_MINTTL                         = 0x20
+	IP_MIN_MEMBERSHIPS                = 0xf
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PIPEX                          = 0x22
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVDSTPORT                    = 0x21
+	IP_RECVIF                         = 0x1e
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVRTABLE                     = 0x23
+	IP_RECVTTL                        = 0x1f
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RTABLE                         = 0x1021
+	IP_SENDSRCADDR                    = 0x7
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUCLC                             = 0x1000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LCNT_OVERLOAD_FLUSH               = 0x6
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_INHERIT_ZERO                  = 0x3
+	MAP_NOEXTEND                      = 0x0
+	MAP_NORESERVE                     = 0x0
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x0
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOPERM                        = 0x20
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_STALLED                       = 0x100000
+	MNT_SWAPPABLE                     = 0x200000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_MCAST                         = 0x200
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x4
+	MS_SYNC                           = 0x2
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFNAMES                    = 0x6
+	NET_RT_MAXID                      = 0x7
+	NET_RT_STATS                      = 0x4
+	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHANGE                       = 0x1
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EOF                          = 0x2
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRUNCATE                     = 0x80
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OLCUC                             = 0x20
+	ONLCR                             = 0x2
+	ONLRET                            = 0x80
+	ONOCR                             = 0x40
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x10000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x20000
+	O_DSYNC                           = 0x80
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x80
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PF_FLUSH                          = 0x1
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BFD                          = 0xb
+	RTAX_BRD                          = 0x7
+	RTAX_DNS                          = 0xc
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_LABEL                        = 0xa
+	RTAX_MAX                          = 0xf
+	RTAX_NETMASK                      = 0x2
+	RTAX_SEARCH                       = 0xe
+	RTAX_SRC                          = 0x8
+	RTAX_SRCMASK                      = 0x9
+	RTAX_STATIC                       = 0xd
+	RTA_AUTHOR                        = 0x40
+	RTA_BFD                           = 0x800
+	RTA_BRD                           = 0x80
+	RTA_DNS                           = 0x1000
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_LABEL                         = 0x400
+	RTA_NETMASK                       = 0x4
+	RTA_SEARCH                        = 0x4000
+	RTA_SRC                           = 0x100
+	RTA_SRCMASK                       = 0x200
+	RTA_STATIC                        = 0x2000
+	RTF_ANNOUNCE                      = 0x4000
+	RTF_BFD                           = 0x1000000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CACHED                        = 0x20000
+	RTF_CLONED                        = 0x10000
+	RTF_CLONING                       = 0x100
+	RTF_CONNECTED                     = 0x800000
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_FMASK                         = 0x110fc08
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MPATH                         = 0x40000
+	RTF_MPLS                          = 0x100000
+	RTF_MULTICAST                     = 0x200
+	RTF_PERMANENT_ARP                 = 0x2000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x2000
+	RTF_REJECT                        = 0x8
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_USETRAILERS                   = 0x8000
+	RTM_80211INFO                     = 0x15
+	RTM_ADD                           = 0x1
+	RTM_BFD                           = 0x12
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDRATTR                   = 0x14
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DESYNC                        = 0x10
+	RTM_GET                           = 0x4
+	RTM_IFANNOUNCE                    = 0xf
+	RTM_IFINFO                        = 0xe
+	RTM_INVALIDATE                    = 0x11
+	RTM_LOSING                        = 0x5
+	RTM_MAXSIZE                       = 0x800
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_PROPOSAL                      = 0x13
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RT_TABLEID_BITS                   = 0x8
+	RT_TABLEID_MASK                   = 0xff
+	RT_TABLEID_MAX                    = 0xff
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	RUSAGE_THREAD                     = 0x1
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCAIFGROUP                      = 0x80286987
+	SIOCATMARK                        = 0x40047307
+	SIOCBRDGADD                       = 0x8060693c
+	SIOCBRDGADDL                      = 0x80606949
+	SIOCBRDGADDS                      = 0x80606941
+	SIOCBRDGARL                       = 0x808c694d
+	SIOCBRDGDADDR                     = 0x81286947
+	SIOCBRDGDEL                       = 0x8060693d
+	SIOCBRDGDELS                      = 0x80606942
+	SIOCBRDGFLUSH                     = 0x80606948
+	SIOCBRDGFRL                       = 0x808c694e
+	SIOCBRDGGCACHE                    = 0xc0186941
+	SIOCBRDGGFD                       = 0xc0186952
+	SIOCBRDGGHT                       = 0xc0186951
+	SIOCBRDGGIFFLGS                   = 0xc060693e
+	SIOCBRDGGMA                       = 0xc0186953
+	SIOCBRDGGPARAM                    = 0xc0406958
+	SIOCBRDGGPRI                      = 0xc0186950
+	SIOCBRDGGRL                       = 0xc030694f
+	SIOCBRDGGTO                       = 0xc0186946
+	SIOCBRDGIFS                       = 0xc0606942
+	SIOCBRDGRTS                       = 0xc0206943
+	SIOCBRDGSADDR                     = 0xc1286944
+	SIOCBRDGSCACHE                    = 0x80186940
+	SIOCBRDGSFD                       = 0x80186952
+	SIOCBRDGSHT                       = 0x80186951
+	SIOCBRDGSIFCOST                   = 0x80606955
+	SIOCBRDGSIFFLGS                   = 0x8060693f
+	SIOCBRDGSIFPRIO                   = 0x80606954
+	SIOCBRDGSIFPROT                   = 0x8060694a
+	SIOCBRDGSMA                       = 0x80186953
+	SIOCBRDGSPRI                      = 0x80186950
+	SIOCBRDGSPROTO                    = 0x8018695a
+	SIOCBRDGSTO                       = 0x80186945
+	SIOCBRDGSTXHC                     = 0x80186959
+	SIOCDELLABEL                      = 0x80206997
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFGROUP                      = 0x80286989
+	SIOCDIFPARENT                     = 0x802069b4
+	SIOCDIFPHYADDR                    = 0x80206949
+	SIOCDPWE3NEIGHBOR                 = 0x802069de
+	SIOCDVNETID                       = 0x802069af
+	SIOCGETKALIVE                     = 0xc01869a4
+	SIOCGETLABEL                      = 0x8020699a
+	SIOCGETMPWCFG                     = 0xc02069ae
+	SIOCGETPFLOW                      = 0xc02069fe
+	SIOCGETPFSYNC                     = 0xc02069f8
+	SIOCGETSGCNT                      = 0xc0207534
+	SIOCGETVIFCNT                     = 0xc0287533
+	SIOCGETVLAN                       = 0xc0206990
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCONF                       = 0xc0106924
+	SIOCGIFDATA                       = 0xc020691b
+	SIOCGIFDESCR                      = 0xc0206981
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGATTR                      = 0xc028698b
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFGLIST                      = 0xc028698d
+	SIOCGIFGMEMB                      = 0xc028698a
+	SIOCGIFGROUP                      = 0xc0286988
+	SIOCGIFHARDMTU                    = 0xc02069a5
+	SIOCGIFLLPRIO                     = 0xc02069b6
+	SIOCGIFMEDIA                      = 0xc0406938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc020697e
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPAIR                       = 0xc02069b1
+	SIOCGIFPARENT                     = 0xc02069b3
+	SIOCGIFPRIORITY                   = 0xc020699c
+	SIOCGIFRDOMAIN                    = 0xc02069a0
+	SIOCGIFRTLABEL                    = 0xc0206983
+	SIOCGIFRXR                        = 0x802069aa
+	SIOCGIFSFFPAGE                    = 0xc1126939
+	SIOCGIFXFLAGS                     = 0xc020699e
+	SIOCGLIFPHYADDR                   = 0xc218694b
+	SIOCGLIFPHYDF                     = 0xc02069c2
+	SIOCGLIFPHYECN                    = 0xc02069c8
+	SIOCGLIFPHYRTABLE                 = 0xc02069a2
+	SIOCGLIFPHYTTL                    = 0xc02069a9
+	SIOCGPGRP                         = 0x40047309
+	SIOCGPWE3                         = 0xc0206998
+	SIOCGPWE3CTRLWORD                 = 0xc02069dc
+	SIOCGPWE3FAT                      = 0xc02069dd
+	SIOCGPWE3NEIGHBOR                 = 0xc21869de
+	SIOCGRXHPRIO                      = 0xc02069db
+	SIOCGSPPPPARAMS                   = 0xc0206994
+	SIOCGTXHPRIO                      = 0xc02069c6
+	SIOCGUMBINFO                      = 0xc02069be
+	SIOCGUMBPARAM                     = 0xc02069c0
+	SIOCGVH                           = 0xc02069f6
+	SIOCGVNETFLOWID                   = 0xc02069c4
+	SIOCGVNETID                       = 0xc02069a7
+	SIOCIFAFATTACH                    = 0x801169ab
+	SIOCIFAFDETACH                    = 0x801169ac
+	SIOCIFCREATE                      = 0x8020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCSETKALIVE                     = 0x801869a3
+	SIOCSETLABEL                      = 0x80206999
+	SIOCSETMPWCFG                     = 0x802069ad
+	SIOCSETPFLOW                      = 0x802069fd
+	SIOCSETPFSYNC                     = 0x802069f7
+	SIOCSETVLAN                       = 0x8020698f
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFDESCR                      = 0x80206980
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGATTR                      = 0x8028698c
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFLLADDR                     = 0x8020691f
+	SIOCSIFLLPRIO                     = 0x802069b5
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x8020697f
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPAIR                       = 0x802069b0
+	SIOCSIFPARENT                     = 0x802069b2
+	SIOCSIFPRIORITY                   = 0x8020699b
+	SIOCSIFRDOMAIN                    = 0x8020699f
+	SIOCSIFRTLABEL                    = 0x80206982
+	SIOCSIFXFLAGS                     = 0x8020699d
+	SIOCSLIFPHYADDR                   = 0x8218694a
+	SIOCSLIFPHYDF                     = 0x802069c1
+	SIOCSLIFPHYECN                    = 0x802069c7
+	SIOCSLIFPHYRTABLE                 = 0x802069a1
+	SIOCSLIFPHYTTL                    = 0x802069a8
+	SIOCSPGRP                         = 0x80047308
+	SIOCSPWE3CTRLWORD                 = 0x802069dc
+	SIOCSPWE3FAT                      = 0x802069dd
+	SIOCSPWE3NEIGHBOR                 = 0x821869de
+	SIOCSRXHPRIO                      = 0x802069db
+	SIOCSSPPPPARAMS                   = 0x80206993
+	SIOCSTXHPRIO                      = 0x802069c5
+	SIOCSUMBPARAM                     = 0x802069bf
+	SIOCSVH                           = 0xc02069f5
+	SIOCSVNETFLOWID                   = 0x802069c3
+	SIOCSVNETID                       = 0x802069a6
+	SIOCSWGDPID                       = 0xc018695b
+	SIOCSWGMAXFLOW                    = 0xc0186960
+	SIOCSWGMAXGROUP                   = 0xc018695d
+	SIOCSWSDPID                       = 0x8018695c
+	SIOCSWSPORTNO                     = 0xc060695f
+	SOCK_CLOEXEC                      = 0x8000
+	SOCK_DGRAM                        = 0x2
+	SOCK_DNS                          = 0x1000
+	SOCK_NONBLOCK                     = 0x4000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BINDANY                        = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DOMAIN                         = 0x1024
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NETPROC                        = 0x1020
+	SO_OOBINLINE                      = 0x100
+	SO_PEERCRED                       = 0x1022
+	SO_PROTOCOL                       = 0x1025
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_RTABLE                         = 0x1021
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_SPLICE                         = 0x1023
+	SO_TIMESTAMP                      = 0x800
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SO_ZEROIZE                        = 0x2000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x3
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x4
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOPUSH                        = 0x10
+	TCP_SACKHOLE_LIMIT                = 0x80
+	TCP_SACK_ENABLE                   = 0x8
+	TCSAFLUSH                         = 0x2
+	TIMER_ABSTIME                     = 0x1
+	TIMER_RELTIME                     = 0x0
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCHKVERAUTH                    = 0x2000741e
+	TIOCCLRVERAUTH                    = 0x2000741d
+	TIOCCONS                          = 0x80047462
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_PPS                      = 0x10
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGPGRP                         = 0x40047477
+	TIOCGSID                          = 0x40047463
+	TIOCGTSTAMP                       = 0x4010745b
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x4004746a
+	TIOCMODS                          = 0x8004746d
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSETVERAUTH                    = 0x8004741c
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x8004745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTOP                          = 0x2000746f
+	TIOCSTSTAMP                       = 0x8008745a
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCUCNTL_CBRK                    = 0x7a
+	TIOCUCNTL_SBRK                    = 0x7b
+	TOSTOP                            = 0x400000
+	UTIME_NOW                         = -0x2
+	UTIME_OMIT                        = -0x1
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_ANONMIN                        = 0x7
+	VM_LOADAVG                        = 0x2
+	VM_MALLOC_CONF                    = 0xc
+	VM_MAXID                          = 0xd
+	VM_MAXSLP                         = 0xa
+	VM_METER                          = 0x1
+	VM_NKMEMPAGES                     = 0x6
+	VM_PSSTRINGS                      = 0x3
+	VM_SWAPENCRYPT                    = 0x5
+	VM_USPACE                         = 0xb
+	VM_UVMEXP                         = 0x4
+	VM_VNODEMIN                       = 0x9
+	VM_VTEXTMIN                       = 0x8
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALTSIG                           = 0x4
+	WCONTINUED                        = 0x8
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WUNTRACED                         = 0x2
+	XCASE                             = 0x1000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x5c)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x58)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x59)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EIPSEC          = syscall.Errno(0x52)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x5f)
+	ELOOP           = syscall.Errno(0x3e)
+	EMEDIUMTYPE     = syscall.Errno(0x56)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x53)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOMEDIUM       = syscall.Errno(0x55)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5a)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5d)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x5b)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x57)
+	EOWNERDEAD      = syscall.Errno(0x5e)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5f)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC program not available"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIPSEC", "IPsec processing failure"},
+	{83, "ENOATTR", "attribute not found"},
+	{84, "EILSEQ", "illegal byte sequence"},
+	{85, "ENOMEDIUM", "no medium found"},
+	{86, "EMEDIUMTYPE", "wrong medium type"},
+	{87, "EOVERFLOW", "value too large to be stored in data type"},
+	{88, "ECANCELED", "operation canceled"},
+	{89, "EIDRM", "identifier removed"},
+	{90, "ENOMSG", "no message of desired type"},
+	{91, "ENOTSUP", "not supported"},
+	{92, "EBADMSG", "bad message"},
+	{93, "ENOTRECOVERABLE", "state not recoverable"},
+	{94, "EOWNERDEAD", "previous owner died"},
+	{95, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "thread AST"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
index be42830cf3d38..1afee6a08905c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
@@ -1,9 +1,10 @@
 // mkerrors.sh -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && solaris
 // +build amd64,solaris
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -192,6 +193,12 @@ const (
 	CSTOPB                        = 0x40
 	CSUSP                         = 0x1a
 	CSWTCH                        = 0x1a
+	DIOC                          = 0x6400
+	DIOCGETB                      = 0x6402
+	DIOCGETC                      = 0x6401
+	DIOCGETP                      = 0x6408
+	DIOCSETE                      = 0x6403
+	DIOCSETP                      = 0x6409
 	DLT_AIRONET_HEADER            = 0x78
 	DLT_APPLE_IP_OVER_IEEE1394    = 0x8a
 	DLT_ARCNET                    = 0x7
@@ -290,6 +297,7 @@ const (
 	FF0                           = 0x0
 	FF1                           = 0x8000
 	FFDLY                         = 0x8000
+	FIORDCHK                      = 0x6603
 	FLUSHALL                      = 0x1
 	FLUSHDATA                     = 0x0
 	FLUSHO                        = 0x2000
@@ -358,6 +366,7 @@ const (
 	HUPCL                         = 0x400
 	IBSHIFT                       = 0x10
 	ICANON                        = 0x2
+	ICMP6_FILTER                  = 0x1
 	ICRNL                         = 0x100
 	IEXTEN                        = 0x8000
 	IFF_ADDRCONF                  = 0x80000
@@ -604,6 +613,7 @@ const (
 	IP_RECVPKTINFO                = 0x1a
 	IP_RECVRETOPTS                = 0x6
 	IP_RECVSLLA                   = 0xa
+	IP_RECVTOS                    = 0xc
 	IP_RECVTTL                    = 0xb
 	IP_RETOPTS                    = 0x8
 	IP_REUSEADDR                  = 0x104
@@ -645,6 +655,14 @@ const (
 	MAP_SHARED                    = 0x1
 	MAP_TEXT                      = 0x400
 	MAP_TYPE                      = 0xf
+	MCAST_BLOCK_SOURCE            = 0x2b
+	MCAST_EXCLUDE                 = 0x2
+	MCAST_INCLUDE                 = 0x1
+	MCAST_JOIN_GROUP              = 0x29
+	MCAST_JOIN_SOURCE_GROUP       = 0x2d
+	MCAST_LEAVE_GROUP             = 0x2a
+	MCAST_LEAVE_SOURCE_GROUP      = 0x2e
+	MCAST_UNBLOCK_SOURCE          = 0x2c
 	MCL_CURRENT                   = 0x1
 	MCL_FUTURE                    = 0x2
 	MSG_CTRUNC                    = 0x10
@@ -653,6 +671,7 @@ const (
 	MSG_DUPCTRL                   = 0x800
 	MSG_EOR                       = 0x8
 	MSG_MAXIOVLEN                 = 0x10
+	MSG_NOSIGNAL                  = 0x200
 	MSG_NOTIFICATION              = 0x100
 	MSG_OOB                       = 0x1
 	MSG_PEEK                      = 0x2
@@ -666,6 +685,7 @@ const (
 	M_FLUSH                       = 0x86
 	NAME_MAX                      = 0xff
 	NEWDEV                        = 0x1
+	NFDBITS                       = 0x40
 	NL0                           = 0x0
 	NL1                           = 0x100
 	NLDLY                         = 0x100
@@ -686,6 +706,8 @@ const (
 	O_APPEND                      = 0x8
 	O_CLOEXEC                     = 0x800000
 	O_CREAT                       = 0x100
+	O_DIRECT                      = 0x2000000
+	O_DIRECTORY                   = 0x1000000
 	O_DSYNC                       = 0x40
 	O_EXCL                        = 0x400
 	O_EXEC                        = 0x400000
@@ -724,7 +746,7 @@ const (
 	RLIMIT_FSIZE                  = 0x1
 	RLIMIT_NOFILE                 = 0x5
 	RLIMIT_STACK                  = 0x3
-	RLIM_INFINITY                 = -0x3
+	RLIM_INFINITY                 = 0xfffffffffffffffd
 	RTAX_AUTHOR                   = 0x6
 	RTAX_BRD                      = 0x7
 	RTAX_DST                      = 0x0
@@ -996,6 +1018,39 @@ const (
 	SO_USELOOPBACK                = 0x40
 	SO_VRRP                       = 0x1017
 	SO_WROFF                      = 0x2
+	S_ENFMT                       = 0x400
+	S_IAMB                        = 0x1ff
+	S_IEXEC                       = 0x40
+	S_IFBLK                       = 0x6000
+	S_IFCHR                       = 0x2000
+	S_IFDIR                       = 0x4000
+	S_IFDOOR                      = 0xd000
+	S_IFIFO                       = 0x1000
+	S_IFLNK                       = 0xa000
+	S_IFMT                        = 0xf000
+	S_IFNAM                       = 0x5000
+	S_IFPORT                      = 0xe000
+	S_IFREG                       = 0x8000
+	S_IFSOCK                      = 0xc000
+	S_INSEM                       = 0x1
+	S_INSHD                       = 0x2
+	S_IREAD                       = 0x100
+	S_IRGRP                       = 0x20
+	S_IROTH                       = 0x4
+	S_IRUSR                       = 0x100
+	S_IRWXG                       = 0x38
+	S_IRWXO                       = 0x7
+	S_IRWXU                       = 0x1c0
+	S_ISGID                       = 0x400
+	S_ISUID                       = 0x800
+	S_ISVTX                       = 0x200
+	S_IWGRP                       = 0x10
+	S_IWOTH                       = 0x2
+	S_IWRITE                      = 0x80
+	S_IWUSR                       = 0x80
+	S_IXGRP                       = 0x8
+	S_IXOTH                       = 0x1
+	S_IXUSR                       = 0x40
 	TAB0                          = 0x0
 	TAB1                          = 0x800
 	TAB2                          = 0x1000
@@ -1013,6 +1068,7 @@ const (
 	TCOON                         = 0x1
 	TCP_ABORT_THRESHOLD           = 0x11
 	TCP_ANONPRIVBIND              = 0x20
+	TCP_CONGESTION                = 0x25
 	TCP_CONN_ABORT_THRESHOLD      = 0x13
 	TCP_CONN_NOTIFY_THRESHOLD     = 0x12
 	TCP_CORK                      = 0x18
@@ -1042,6 +1098,8 @@ const (
 	TCSETSF                       = 0x5410
 	TCSETSW                       = 0x540f
 	TCXONC                        = 0x5406
+	TIMER_ABSTIME                 = 0x1
+	TIMER_RELTIME                 = 0x0
 	TIOC                          = 0x5400
 	TIOCCBRK                      = 0x747a
 	TIOCCDTR                      = 0x7478
@@ -1102,6 +1160,8 @@ const (
 	TIOCSTOP                      = 0x746f
 	TIOCSWINSZ                    = 0x5467
 	TOSTOP                        = 0x100
+	UTIME_NOW                     = -0x1
+	UTIME_OMIT                    = -0x2
 	VCEOF                         = 0x8
 	VCEOL                         = 0x9
 	VDISCARD                      = 0xd
diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
new file mode 100644
index 0000000000000..fc7d0506f6c02
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -0,0 +1,860 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+// Hand edited based on zerrors_linux_s390x.go
+// TODO: auto-generate.
+
+package unix
+
+const (
+	BRKINT                          = 0x0001
+	CLOCK_MONOTONIC                 = 0x1
+	CLOCK_PROCESS_CPUTIME_ID        = 0x2
+	CLOCK_REALTIME                  = 0x0
+	CLOCK_THREAD_CPUTIME_ID         = 0x3
+	CS8                             = 0x0030
+	CSIZE                           = 0x0030
+	ECHO                            = 0x00000008
+	ECHONL                          = 0x00000001
+	FD_CLOEXEC                      = 0x01
+	FD_CLOFORK                      = 0x02
+	FNDELAY                         = 0x04
+	F_CLOSFD                        = 9
+	F_CONTROL_CVT                   = 13
+	F_DUPFD                         = 0
+	F_DUPFD2                        = 8
+	F_GETFD                         = 1
+	F_GETFL                         = 259
+	F_GETLK                         = 5
+	F_GETOWN                        = 10
+	F_OK                            = 0x0
+	F_RDLCK                         = 1
+	F_SETFD                         = 2
+	F_SETFL                         = 4
+	F_SETLK                         = 6
+	F_SETLKW                        = 7
+	F_SETOWN                        = 11
+	F_SETTAG                        = 12
+	F_UNLCK                         = 3
+	F_WRLCK                         = 2
+	FSTYPE_ZFS                      = 0xe9 //"Z"
+	FSTYPE_HFS                      = 0xc8 //"H"
+	FSTYPE_NFS                      = 0xd5 //"N"
+	FSTYPE_TFS                      = 0xe3 //"T"
+	FSTYPE_AUTOMOUNT                = 0xc1 //"A"
+	IP6F_MORE_FRAG                  = 0x0001
+	IP6F_OFF_MASK                   = 0xfff8
+	IP6F_RESERVED_MASK              = 0x0006
+	IP6OPT_JUMBO                    = 0xc2
+	IP6OPT_JUMBO_LEN                = 6
+	IP6OPT_MUTABLE                  = 0x20
+	IP6OPT_NSAP_ADDR                = 0xc3
+	IP6OPT_PAD1                     = 0x00
+	IP6OPT_PADN                     = 0x01
+	IP6OPT_ROUTER_ALERT             = 0x05
+	IP6OPT_TUNNEL_LIMIT             = 0x04
+	IP6OPT_TYPE_DISCARD             = 0x40
+	IP6OPT_TYPE_FORCEICMP           = 0x80
+	IP6OPT_TYPE_ICMP                = 0xc0
+	IP6OPT_TYPE_SKIP                = 0x00
+	IP6_ALERT_AN                    = 0x0002
+	IP6_ALERT_MLD                   = 0x0000
+	IP6_ALERT_RSVP                  = 0x0001
+	IPPORT_RESERVED                 = 1024
+	IPPORT_USERRESERVED             = 5000
+	IPPROTO_AH                      = 51
+	SOL_AH                          = 51
+	IPPROTO_DSTOPTS                 = 60
+	SOL_DSTOPTS                     = 60
+	IPPROTO_EGP                     = 8
+	SOL_EGP                         = 8
+	IPPROTO_ESP                     = 50
+	SOL_ESP                         = 50
+	IPPROTO_FRAGMENT                = 44
+	SOL_FRAGMENT                    = 44
+	IPPROTO_GGP                     = 2
+	SOL_GGP                         = 2
+	IPPROTO_HOPOPTS                 = 0
+	SOL_HOPOPTS                     = 0
+	IPPROTO_ICMP                    = 1
+	SOL_ICMP                        = 1
+	IPPROTO_ICMPV6                  = 58
+	SOL_ICMPV6                      = 58
+	IPPROTO_IDP                     = 22
+	SOL_IDP                         = 22
+	IPPROTO_IP                      = 0
+	SOL_IP                          = 0
+	IPPROTO_IPV6                    = 41
+	SOL_IPV6                        = 41
+	IPPROTO_MAX                     = 256
+	SOL_MAX                         = 256
+	IPPROTO_NONE                    = 59
+	SOL_NONE                        = 59
+	IPPROTO_PUP                     = 12
+	SOL_PUP                         = 12
+	IPPROTO_RAW                     = 255
+	SOL_RAW                         = 255
+	IPPROTO_ROUTING                 = 43
+	SOL_ROUTING                     = 43
+	IPPROTO_TCP                     = 6
+	SOL_TCP                         = 6
+	IPPROTO_UDP                     = 17
+	SOL_UDP                         = 17
+	IPV6_ADDR_PREFERENCES           = 32
+	IPV6_CHECKSUM                   = 19
+	IPV6_DONTFRAG                   = 29
+	IPV6_DSTOPTS                    = 23
+	IPV6_HOPLIMIT                   = 11
+	IPV6_HOPOPTS                    = 22
+	IPV6_JOIN_GROUP                 = 5
+	IPV6_LEAVE_GROUP                = 6
+	IPV6_MULTICAST_HOPS             = 9
+	IPV6_MULTICAST_IF               = 7
+	IPV6_MULTICAST_LOOP             = 4
+	IPV6_NEXTHOP                    = 20
+	IPV6_PATHMTU                    = 12
+	IPV6_PKTINFO                    = 13
+	IPV6_PREFER_SRC_CGA             = 0x10
+	IPV6_PREFER_SRC_COA             = 0x02
+	IPV6_PREFER_SRC_HOME            = 0x01
+	IPV6_PREFER_SRC_NONCGA          = 0x20
+	IPV6_PREFER_SRC_PUBLIC          = 0x08
+	IPV6_PREFER_SRC_TMP             = 0x04
+	IPV6_RECVDSTOPTS                = 28
+	IPV6_RECVHOPLIMIT               = 14
+	IPV6_RECVHOPOPTS                = 26
+	IPV6_RECVPATHMTU                = 16
+	IPV6_RECVPKTINFO                = 15
+	IPV6_RECVRTHDR                  = 25
+	IPV6_RECVTCLASS                 = 31
+	IPV6_RTHDR                      = 21
+	IPV6_RTHDRDSTOPTS               = 24
+	IPV6_RTHDR_TYPE_0               = 0
+	IPV6_TCLASS                     = 30
+	IPV6_UNICAST_HOPS               = 3
+	IPV6_USE_MIN_MTU                = 18
+	IPV6_V6ONLY                     = 10
+	IP_ADD_MEMBERSHIP               = 5
+	IP_ADD_SOURCE_MEMBERSHIP        = 12
+	IP_BLOCK_SOURCE                 = 10
+	IP_DEFAULT_MULTICAST_LOOP       = 1
+	IP_DEFAULT_MULTICAST_TTL        = 1
+	IP_DROP_MEMBERSHIP              = 6
+	IP_DROP_SOURCE_MEMBERSHIP       = 13
+	IP_MAX_MEMBERSHIPS              = 20
+	IP_MULTICAST_IF                 = 7
+	IP_MULTICAST_LOOP               = 4
+	IP_MULTICAST_TTL                = 3
+	IP_OPTIONS                      = 1
+	IP_PKTINFO                      = 101
+	IP_RECVPKTINFO                  = 102
+	IP_TOS                          = 2
+	IP_TTL                          = 3
+	IP_UNBLOCK_SOURCE               = 11
+	ICANON                          = 0x0010
+	ICMP6_FILTER                    = 0x26
+	ICRNL                           = 0x0002
+	IEXTEN                          = 0x0020
+	IGNBRK                          = 0x0004
+	IGNCR                           = 0x0008
+	INLCR                           = 0x0020
+	ISIG                            = 0x0040
+	ISTRIP                          = 0x0080
+	IXON                            = 0x0200
+	IXOFF                           = 0x0100
+	LOCK_SH                         = 0x1 // Not exist on zOS
+	LOCK_EX                         = 0x2 // Not exist on zOS
+	LOCK_NB                         = 0x4 // Not exist on zOS
+	LOCK_UN                         = 0x8 // Not exist on zOS
+	POLLIN                          = 0x0003
+	POLLOUT                         = 0x0004
+	POLLPRI                         = 0x0010
+	POLLERR                         = 0x0020
+	POLLHUP                         = 0x0040
+	POLLNVAL                        = 0x0080
+	PROT_READ                       = 0x1 // mmap - page can be read
+	PROT_WRITE                      = 0x2 // page can be written
+	PROT_NONE                       = 0x4 // can't be accessed
+	PROT_EXEC                       = 0x8 // can be executed
+	MAP_PRIVATE                     = 0x1 // changes are private
+	MAP_SHARED                      = 0x2 // changes are shared
+	MAP_FIXED                       = 0x4 // place exactly
+	MCAST_JOIN_GROUP                = 40
+	MCAST_LEAVE_GROUP               = 41
+	MCAST_JOIN_SOURCE_GROUP         = 42
+	MCAST_LEAVE_SOURCE_GROUP        = 43
+	MCAST_BLOCK_SOURCE              = 44
+	MCAST_UNBLOCK_SOURCE            = 45
+	MS_SYNC                         = 0x1 // msync - synchronous writes
+	MS_ASYNC                        = 0x2 // asynchronous writes
+	MS_INVALIDATE                   = 0x4 // invalidate mappings
+	MTM_RDONLY                      = 0x80000000
+	MTM_RDWR                        = 0x40000000
+	MTM_UMOUNT                      = 0x10000000
+	MTM_IMMED                       = 0x08000000
+	MTM_FORCE                       = 0x04000000
+	MTM_DRAIN                       = 0x02000000
+	MTM_RESET                       = 0x01000000
+	MTM_SAMEMODE                    = 0x00100000
+	MTM_UNQSEFORCE                  = 0x00040000
+	MTM_NOSUID                      = 0x00000400
+	MTM_SYNCHONLY                   = 0x00000200
+	MTM_REMOUNT                     = 0x00000100
+	MTM_NOSECURITY                  = 0x00000080
+	NFDBITS                         = 0x20
+	O_ACCMODE                       = 0x03
+	O_APPEND                        = 0x08
+	O_ASYNCSIG                      = 0x0200
+	O_CREAT                         = 0x80
+	O_EXCL                          = 0x40
+	O_GETFL                         = 0x0F
+	O_LARGEFILE                     = 0x0400
+	O_NONBLOCK                      = 0x04
+	O_RDONLY                        = 0x02
+	O_RDWR                          = 0x03
+	O_SYNC                          = 0x0100
+	O_TRUNC                         = 0x10
+	O_WRONLY                        = 0x01
+	O_NOCTTY                        = 0x20
+	OPOST                           = 0x0001
+	ONLCR                           = 0x0004
+	PARENB                          = 0x0200
+	PARMRK                          = 0x0400
+	QUERYCVT                        = 3
+	RUSAGE_CHILDREN                 = -0x1
+	RUSAGE_SELF                     = 0x0 // RUSAGE_THREAD unsupported on z/OS
+	SEEK_CUR                        = 1
+	SEEK_END                        = 2
+	SEEK_SET                        = 0
+	SETAUTOCVTALL                   = 5
+	SETAUTOCVTON                    = 2
+	SETCVTALL                       = 4
+	SETCVTOFF                       = 0
+	SETCVTON                        = 1
+	AF_APPLETALK                    = 16
+	AF_CCITT                        = 10
+	AF_CHAOS                        = 5
+	AF_DATAKIT                      = 9
+	AF_DLI                          = 13
+	AF_ECMA                         = 8
+	AF_HYLINK                       = 15
+	AF_IMPLINK                      = 3
+	AF_INET                         = 2
+	AF_INET6                        = 19
+	AF_INTF                         = 20
+	AF_IUCV                         = 17
+	AF_LAT                          = 14
+	AF_LINK                         = 18
+	AF_MAX                          = 30
+	AF_NBS                          = 7
+	AF_NDD                          = 23
+	AF_NETWARE                      = 22
+	AF_NS                           = 6
+	AF_PUP                          = 4
+	AF_RIF                          = 21
+	AF_ROUTE                        = 20
+	AF_SNA                          = 11
+	AF_UNIX                         = 1
+	AF_UNSPEC                       = 0
+	IBMTCP_IMAGE                    = 1
+	MSG_ACK_EXPECTED                = 0x10
+	MSG_ACK_GEN                     = 0x40
+	MSG_ACK_TIMEOUT                 = 0x20
+	MSG_CONNTERM                    = 0x80
+	MSG_CTRUNC                      = 0x20
+	MSG_DONTROUTE                   = 0x4
+	MSG_EOF                         = 0x8000
+	MSG_EOR                         = 0x8
+	MSG_MAXIOVLEN                   = 16
+	MSG_NONBLOCK                    = 0x4000
+	MSG_OOB                         = 0x1
+	MSG_PEEK                        = 0x2
+	MSG_TRUNC                       = 0x10
+	MSG_WAITALL                     = 0x40
+	PRIO_PROCESS                    = 1
+	PRIO_PGRP                       = 2
+	PRIO_USER                       = 3
+	RLIMIT_CPU                      = 0
+	RLIMIT_FSIZE                    = 1
+	RLIMIT_DATA                     = 2
+	RLIMIT_STACK                    = 3
+	RLIMIT_CORE                     = 4
+	RLIMIT_AS                       = 5
+	RLIMIT_NOFILE                   = 6
+	RLIMIT_MEMLIMIT                 = 7
+	RLIM_INFINITY                   = 2147483647
+	SCM_RIGHTS                      = 0x01
+	SF_CLOSE                        = 0x00000002
+	SF_REUSE                        = 0x00000001
+	SHUT_RD                         = 0
+	SHUT_RDWR                       = 2
+	SHUT_WR                         = 1
+	SOCK_CONN_DGRAM                 = 6
+	SOCK_DGRAM                      = 2
+	SOCK_RAW                        = 3
+	SOCK_RDM                        = 4
+	SOCK_SEQPACKET                  = 5
+	SOCK_STREAM                     = 1
+	SOL_SOCKET                      = 0xffff
+	SOMAXCONN                       = 10
+	SO_ACCEPTCONN                   = 0x0002
+	SO_ACCEPTECONNABORTED           = 0x0006
+	SO_ACKNOW                       = 0x7700
+	SO_BROADCAST                    = 0x0020
+	SO_BULKMODE                     = 0x8000
+	SO_CKSUMRECV                    = 0x0800
+	SO_CLOSE                        = 0x01
+	SO_CLUSTERCONNTYPE              = 0x00004001
+	SO_CLUSTERCONNTYPE_INTERNAL     = 8
+	SO_CLUSTERCONNTYPE_NOCONN       = 0
+	SO_CLUSTERCONNTYPE_NONE         = 1
+	SO_CLUSTERCONNTYPE_SAME_CLUSTER = 2
+	SO_CLUSTERCONNTYPE_SAME_IMAGE   = 4
+	SO_DEBUG                        = 0x0001
+	SO_DONTROUTE                    = 0x0010
+	SO_ERROR                        = 0x1007
+	SO_IGNOREINCOMINGPUSH           = 0x1
+	SO_IGNORESOURCEVIPA             = 0x0002
+	SO_KEEPALIVE                    = 0x0008
+	SO_LINGER                       = 0x0080
+	SO_NONBLOCKLOCAL                = 0x8001
+	SO_NOREUSEADDR                  = 0x1000
+	SO_OOBINLINE                    = 0x0100
+	SO_OPTACK                       = 0x8004
+	SO_OPTMSS                       = 0x8003
+	SO_RCVBUF                       = 0x1002
+	SO_RCVLOWAT                     = 0x1004
+	SO_RCVTIMEO                     = 0x1006
+	SO_REUSEADDR                    = 0x0004
+	SO_REUSEPORT                    = 0x0200
+	SO_SECINFO                      = 0x00004002
+	SO_SET                          = 0x0200
+	SO_SNDBUF                       = 0x1001
+	SO_SNDLOWAT                     = 0x1003
+	SO_SNDTIMEO                     = 0x1005
+	SO_TYPE                         = 0x1008
+	SO_UNSET                        = 0x0400
+	SO_USELOOPBACK                  = 0x0040
+	SO_USE_IFBUFS                   = 0x0400
+	S_ISUID                         = 0x0800
+	S_ISGID                         = 0x0400
+	S_ISVTX                         = 0x0200
+	S_IRUSR                         = 0x0100
+	S_IWUSR                         = 0x0080
+	S_IXUSR                         = 0x0040
+	S_IRWXU                         = 0x01C0
+	S_IRGRP                         = 0x0020
+	S_IWGRP                         = 0x0010
+	S_IXGRP                         = 0x0008
+	S_IRWXG                         = 0x0038
+	S_IROTH                         = 0x0004
+	S_IWOTH                         = 0x0002
+	S_IXOTH                         = 0x0001
+	S_IRWXO                         = 0x0007
+	S_IREAD                         = S_IRUSR
+	S_IWRITE                        = S_IWUSR
+	S_IEXEC                         = S_IXUSR
+	S_IFDIR                         = 0x01000000
+	S_IFCHR                         = 0x02000000
+	S_IFREG                         = 0x03000000
+	S_IFFIFO                        = 0x04000000
+	S_IFIFO                         = 0x04000000
+	S_IFLNK                         = 0x05000000
+	S_IFBLK                         = 0x06000000
+	S_IFSOCK                        = 0x07000000
+	S_IFVMEXTL                      = 0xFE000000
+	S_IFVMEXTL_EXEC                 = 0x00010000
+	S_IFVMEXTL_DATA                 = 0x00020000
+	S_IFVMEXTL_MEL                  = 0x00030000
+	S_IFEXTL                        = 0x00000001
+	S_IFPROGCTL                     = 0x00000002
+	S_IFAPFCTL                      = 0x00000004
+	S_IFNOSHARE                     = 0x00000008
+	S_IFSHARELIB                    = 0x00000010
+	S_IFMT                          = 0xFF000000
+	S_IFMST                         = 0x00FF0000
+	TCP_KEEPALIVE                   = 0x8
+	TCP_NODELAY                     = 0x1
+	TCP_INFO                        = 0xb
+	TCP_USER_TIMEOUT                = 0x1
+	TIOCGWINSZ                      = 0x4008a368
+	TIOCSWINSZ                      = 0x8008a367
+	TIOCSBRK                        = 0x2000a77b
+	TIOCCBRK                        = 0x2000a77a
+	TIOCSTI                         = 0x8001a772
+	TIOCGPGRP                       = 0x4004a777 // _IOR(167, 119, int)
+	TCSANOW                         = 0
+	TCSETS                          = 0 // equivalent to TCSANOW for tcsetattr
+	TCSADRAIN                       = 1
+	TCSETSW                         = 1 // equivalent to TCSADRAIN for tcsetattr
+	TCSAFLUSH                       = 2
+	TCSETSF                         = 2 // equivalent to TCSAFLUSH for tcsetattr
+	TCGETS                          = 3 // not defined in ioctl.h -- zos golang only
+	TCIFLUSH                        = 0
+	TCOFLUSH                        = 1
+	TCIOFLUSH                       = 2
+	TCOOFF                          = 0
+	TCOON                           = 1
+	TCIOFF                          = 2
+	TCION                           = 3
+	TIOCSPGRP                       = 0x8004a776
+	TIOCNOTTY                       = 0x2000a771
+	TIOCEXCL                        = 0x2000a70d
+	TIOCNXCL                        = 0x2000a70e
+	TIOCGETD                        = 0x4004a700
+	TIOCSETD                        = 0x8004a701
+	TIOCPKT                         = 0x8004a770
+	TIOCSTOP                        = 0x2000a76f
+	TIOCSTART                       = 0x2000a76e
+	TIOCUCNTL                       = 0x8004a766
+	TIOCREMOTE                      = 0x8004a769
+	TIOCMGET                        = 0x4004a76a
+	TIOCMSET                        = 0x8004a76d
+	TIOCMBIC                        = 0x8004a76b
+	TIOCMBIS                        = 0x8004a76c
+	VINTR                           = 0
+	VQUIT                           = 1
+	VERASE                          = 2
+	VKILL                           = 3
+	VEOF                            = 4
+	VEOL                            = 5
+	VMIN                            = 6
+	VSTART                          = 7
+	VSTOP                           = 8
+	VSUSP                           = 9
+	VTIME                           = 10
+	WCONTINUED                      = 0x4
+	WNOHANG                         = 0x1
+	WUNTRACED                       = 0x2
+	_BPX_SWAP                       = 1
+	_BPX_NONSWAP                    = 2
+	MCL_CURRENT                     = 1  // for Linux compatibility -- no zos semantics
+	MCL_FUTURE                      = 2  // for Linux compatibility -- no zos semantics
+	MCL_ONFAULT                     = 3  // for Linux compatibility -- no zos semantics
+	MADV_NORMAL                     = 0  // for Linux compatibility -- no zos semantics
+	MADV_RANDOM                     = 1  // for Linux compatibility -- no zos semantics
+	MADV_SEQUENTIAL                 = 2  // for Linux compatibility -- no zos semantics
+	MADV_WILLNEED                   = 3  // for Linux compatibility -- no zos semantics
+	MADV_REMOVE                     = 4  // for Linux compatibility -- no zos semantics
+	MADV_DONTFORK                   = 5  // for Linux compatibility -- no zos semantics
+	MADV_DOFORK                     = 6  // for Linux compatibility -- no zos semantics
+	MADV_HWPOISON                   = 7  // for Linux compatibility -- no zos semantics
+	MADV_MERGEABLE                  = 8  // for Linux compatibility -- no zos semantics
+	MADV_UNMERGEABLE                = 9  // for Linux compatibility -- no zos semantics
+	MADV_SOFT_OFFLINE               = 10 // for Linux compatibility -- no zos semantics
+	MADV_HUGEPAGE                   = 11 // for Linux compatibility -- no zos semantics
+	MADV_NOHUGEPAGE                 = 12 // for Linux compatibility -- no zos semantics
+	MADV_DONTDUMP                   = 13 // for Linux compatibility -- no zos semantics
+	MADV_DODUMP                     = 14 // for Linux compatibility -- no zos semantics
+	MADV_FREE                       = 15 // for Linux compatibility -- no zos semantics
+	MADV_WIPEONFORK                 = 16 // for Linux compatibility -- no zos semantics
+	MADV_KEEPONFORK                 = 17 // for Linux compatibility -- no zos semantics
+	AT_SYMLINK_NOFOLLOW             = 1  // for Unix  compatibility -- no zos semantics
+	AT_FDCWD                        = 2  // for Unix  compatibility -- no zos semantics
+)
+
+const (
+	EDOM               = Errno(1)
+	ERANGE             = Errno(2)
+	EACCES             = Errno(111)
+	EAGAIN             = Errno(112)
+	EBADF              = Errno(113)
+	EBUSY              = Errno(114)
+	ECHILD             = Errno(115)
+	EDEADLK            = Errno(116)
+	EEXIST             = Errno(117)
+	EFAULT             = Errno(118)
+	EFBIG              = Errno(119)
+	EINTR              = Errno(120)
+	EINVAL             = Errno(121)
+	EIO                = Errno(122)
+	EISDIR             = Errno(123)
+	EMFILE             = Errno(124)
+	EMLINK             = Errno(125)
+	ENAMETOOLONG       = Errno(126)
+	ENFILE             = Errno(127)
+	ENODEV             = Errno(128)
+	ENOENT             = Errno(129)
+	ENOEXEC            = Errno(130)
+	ENOLCK             = Errno(131)
+	ENOMEM             = Errno(132)
+	ENOSPC             = Errno(133)
+	ENOSYS             = Errno(134)
+	ENOTDIR            = Errno(135)
+	ENOTEMPTY          = Errno(136)
+	ENOTTY             = Errno(137)
+	ENXIO              = Errno(138)
+	EPERM              = Errno(139)
+	EPIPE              = Errno(140)
+	EROFS              = Errno(141)
+	ESPIPE             = Errno(142)
+	ESRCH              = Errno(143)
+	EXDEV              = Errno(144)
+	E2BIG              = Errno(145)
+	ELOOP              = Errno(146)
+	EILSEQ             = Errno(147)
+	ENODATA            = Errno(148)
+	EOVERFLOW          = Errno(149)
+	EMVSNOTUP          = Errno(150)
+	ECMSSTORAGE        = Errno(151)
+	EMVSDYNALC         = Errno(151)
+	EMVSCVAF           = Errno(152)
+	EMVSCATLG          = Errno(153)
+	ECMSINITIAL        = Errno(156)
+	EMVSINITIAL        = Errno(156)
+	ECMSERR            = Errno(157)
+	EMVSERR            = Errno(157)
+	EMVSPARM           = Errno(158)
+	ECMSPFSFILE        = Errno(159)
+	EMVSPFSFILE        = Errno(159)
+	EMVSBADCHAR        = Errno(160)
+	ECMSPFSPERM        = Errno(162)
+	EMVSPFSPERM        = Errno(162)
+	EMVSSAFEXTRERR     = Errno(163)
+	EMVSSAF2ERR        = Errno(164)
+	EMVSTODNOTSET      = Errno(165)
+	EMVSPATHOPTS       = Errno(166)
+	EMVSNORTL          = Errno(167)
+	EMVSEXPIRE         = Errno(168)
+	EMVSPASSWORD       = Errno(169)
+	EMVSWLMERROR       = Errno(170)
+	EMVSCPLERROR       = Errno(171)
+	EMVSARMERROR       = Errno(172)
+	ELENOFORK          = Errno(200)
+	ELEMSGERR          = Errno(201)
+	EFPMASKINV         = Errno(202)
+	EFPMODEINV         = Errno(203)
+	EBUFLEN            = Errno(227)
+	EEXTLINK           = Errno(228)
+	ENODD              = Errno(229)
+	ECMSESMERR         = Errno(230)
+	ECPERR             = Errno(231)
+	ELEMULTITHREAD     = Errno(232)
+	ELEFENCE           = Errno(244)
+	EBADDATA           = Errno(245)
+	EUNKNOWN           = Errno(246)
+	ENOTSUP            = Errno(247)
+	EBADNAME           = Errno(248)
+	ENOTSAFE           = Errno(249)
+	ELEMULTITHREADFORK = Errno(257)
+	ECUNNOENV          = Errno(258)
+	ECUNNOCONV         = Errno(259)
+	ECUNNOTALIGNED     = Errno(260)
+	ECUNERR            = Errno(262)
+	EIBMBADCALL        = Errno(1000)
+	EIBMBADPARM        = Errno(1001)
+	EIBMSOCKOUTOFRANGE = Errno(1002)
+	EIBMSOCKINUSE      = Errno(1003)
+	EIBMIUCVERR        = Errno(1004)
+	EOFFLOADboxERROR   = Errno(1005)
+	EOFFLOADboxRESTART = Errno(1006)
+	EOFFLOADboxDOWN    = Errno(1007)
+	EIBMCONFLICT       = Errno(1008)
+	EIBMCANCELLED      = Errno(1009)
+	EIBMBADTCPNAME     = Errno(1011)
+	ENOTBLK            = Errno(1100)
+	ETXTBSY            = Errno(1101)
+	EWOULDBLOCK        = Errno(1102)
+	EINPROGRESS        = Errno(1103)
+	EALREADY           = Errno(1104)
+	ENOTSOCK           = Errno(1105)
+	EDESTADDRREQ       = Errno(1106)
+	EMSGSIZE           = Errno(1107)
+	EPROTOTYPE         = Errno(1108)
+	ENOPROTOOPT        = Errno(1109)
+	EPROTONOSUPPORT    = Errno(1110)
+	ESOCKTNOSUPPORT    = Errno(1111)
+	EOPNOTSUPP         = Errno(1112)
+	EPFNOSUPPORT       = Errno(1113)
+	EAFNOSUPPORT       = Errno(1114)
+	EADDRINUSE         = Errno(1115)
+	EADDRNOTAVAIL      = Errno(1116)
+	ENETDOWN           = Errno(1117)
+	ENETUNREACH        = Errno(1118)
+	ENETRESET          = Errno(1119)
+	ECONNABORTED       = Errno(1120)
+	ECONNRESET         = Errno(1121)
+	ENOBUFS            = Errno(1122)
+	EISCONN            = Errno(1123)
+	ENOTCONN           = Errno(1124)
+	ESHUTDOWN          = Errno(1125)
+	ETOOMANYREFS       = Errno(1126)
+	ETIMEDOUT          = Errno(1127)
+	ECONNREFUSED       = Errno(1128)
+	EHOSTDOWN          = Errno(1129)
+	EHOSTUNREACH       = Errno(1130)
+	EPROCLIM           = Errno(1131)
+	EUSERS             = Errno(1132)
+	EDQUOT             = Errno(1133)
+	ESTALE             = Errno(1134)
+	EREMOTE            = Errno(1135)
+	ENOSTR             = Errno(1136)
+	ETIME              = Errno(1137)
+	ENOSR              = Errno(1138)
+	ENOMSG             = Errno(1139)
+	EBADMSG            = Errno(1140)
+	EIDRM              = Errno(1141)
+	ENONET             = Errno(1142)
+	ERREMOTE           = Errno(1143)
+	ENOLINK            = Errno(1144)
+	EADV               = Errno(1145)
+	ESRMNT             = Errno(1146)
+	ECOMM              = Errno(1147)
+	EPROTO             = Errno(1148)
+	EMULTIHOP          = Errno(1149)
+	EDOTDOT            = Errno(1150)
+	EREMCHG            = Errno(1151)
+	ECANCELED          = Errno(1152)
+	EINTRNODATA        = Errno(1159)
+	ENOREUSE           = Errno(1160)
+	ENOMOVE            = Errno(1161)
+)
+
+// Signals
+const (
+	SIGHUP    = Signal(1)
+	SIGINT    = Signal(2)
+	SIGABRT   = Signal(3)
+	SIGILL    = Signal(4)
+	SIGPOLL   = Signal(5)
+	SIGURG    = Signal(6)
+	SIGSTOP   = Signal(7)
+	SIGFPE    = Signal(8)
+	SIGKILL   = Signal(9)
+	SIGBUS    = Signal(10)
+	SIGSEGV   = Signal(11)
+	SIGSYS    = Signal(12)
+	SIGPIPE   = Signal(13)
+	SIGALRM   = Signal(14)
+	SIGTERM   = Signal(15)
+	SIGUSR1   = Signal(16)
+	SIGUSR2   = Signal(17)
+	SIGABND   = Signal(18)
+	SIGCONT   = Signal(19)
+	SIGCHLD   = Signal(20)
+	SIGTTIN   = Signal(21)
+	SIGTTOU   = Signal(22)
+	SIGIO     = Signal(23)
+	SIGQUIT   = Signal(24)
+	SIGTSTP   = Signal(25)
+	SIGTRAP   = Signal(26)
+	SIGIOERR  = Signal(27)
+	SIGWINCH  = Signal(28)
+	SIGXCPU   = Signal(29)
+	SIGXFSZ   = Signal(30)
+	SIGVTALRM = Signal(31)
+	SIGPROF   = Signal(32)
+	SIGDANGER = Signal(33)
+	SIGTHSTOP = Signal(34)
+	SIGTHCONT = Signal(35)
+	SIGTRACE  = Signal(37)
+	SIGDCE    = Signal(38)
+	SIGDUMP   = Signal(39)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  Errno
+	name string
+	desc string
+}{
+	{1, "EDC5001I", "A domain error occurred."},
+	{2, "EDC5002I", "A range error occurred."},
+	{111, "EDC5111I", "Permission denied."},
+	{112, "EDC5112I", "Resource temporarily unavailable."},
+	{113, "EDC5113I", "Bad file descriptor."},
+	{114, "EDC5114I", "Resource busy."},
+	{115, "EDC5115I", "No child processes."},
+	{116, "EDC5116I", "Resource deadlock avoided."},
+	{117, "EDC5117I", "File exists."},
+	{118, "EDC5118I", "Incorrect address."},
+	{119, "EDC5119I", "File too large."},
+	{120, "EDC5120I", "Interrupted function call."},
+	{121, "EDC5121I", "Invalid argument."},
+	{122, "EDC5122I", "Input/output error."},
+	{123, "EDC5123I", "Is a directory."},
+	{124, "EDC5124I", "Too many open files."},
+	{125, "EDC5125I", "Too many links."},
+	{126, "EDC5126I", "Filename too long."},
+	{127, "EDC5127I", "Too many open files in system."},
+	{128, "EDC5128I", "No such device."},
+	{129, "EDC5129I", "No such file or directory."},
+	{130, "EDC5130I", "Exec format error."},
+	{131, "EDC5131I", "No locks available."},
+	{132, "EDC5132I", "Not enough memory."},
+	{133, "EDC5133I", "No space left on device."},
+	{134, "EDC5134I", "Function not implemented."},
+	{135, "EDC5135I", "Not a directory."},
+	{136, "EDC5136I", "Directory not empty."},
+	{137, "EDC5137I", "Inappropriate I/O control operation."},
+	{138, "EDC5138I", "No such device or address."},
+	{139, "EDC5139I", "Operation not permitted."},
+	{140, "EDC5140I", "Broken pipe."},
+	{141, "EDC5141I", "Read-only file system."},
+	{142, "EDC5142I", "Invalid seek."},
+	{143, "EDC5143I", "No such process."},
+	{144, "EDC5144I", "Improper link."},
+	{145, "EDC5145I", "The parameter list is too long, or the message to receive was too large for the buffer."},
+	{146, "EDC5146I", "Too many levels of symbolic links."},
+	{147, "EDC5147I", "Illegal byte sequence."},
+	{148, "", ""},
+	{149, "EDC5149I", "Value Overflow Error."},
+	{150, "EDC5150I", "UNIX System Services is not active."},
+	{151, "EDC5151I", "Dynamic allocation error."},
+	{152, "EDC5152I", "Common VTOC access facility (CVAF) error."},
+	{153, "EDC5153I", "Catalog obtain error."},
+	{156, "EDC5156I", "Process initialization error."},
+	{157, "EDC5157I", "An internal error has occurred."},
+	{158, "EDC5158I", "Bad parameters were passed to the service."},
+	{159, "EDC5159I", "The Physical File System encountered a permanent file error."},
+	{160, "EDC5160I", "Bad character in environment variable name."},
+	{162, "EDC5162I", "The Physical File System encountered a system error."},
+	{163, "EDC5163I", "SAF/RACF extract error."},
+	{164, "EDC5164I", "SAF/RACF error."},
+	{165, "EDC5165I", "System TOD clock not set."},
+	{166, "EDC5166I", "Access mode argument on function call conflicts with PATHOPTS parameter on JCL DD statement."},
+	{167, "EDC5167I", "Access to the UNIX System Services version of the C RTL is denied."},
+	{168, "EDC5168I", "Password has expired."},
+	{169, "EDC5169I", "Password is invalid."},
+	{170, "EDC5170I", "An error was encountered with WLM."},
+	{171, "EDC5171I", "An error was encountered with CPL."},
+	{172, "EDC5172I", "An error was encountered with Application Response Measurement (ARM) component."},
+	{200, "EDC5200I", "The application contains a Language Environment member language that cannot tolerate a fork()."},
+	{201, "EDC5201I", "The Language Environment message file was not found in the hierarchical file system."},
+	{202, "EDC5202E", "DLL facilities are not supported under SPC environment."},
+	{203, "EDC5203E", "DLL facilities are not supported under POSIX environment."},
+	{227, "EDC5227I", "Buffer is not long enough to contain a path definition"},
+	{228, "EDC5228I", "The file referred to is an external link"},
+	{229, "EDC5229I", "No path definition for ddname in effect"},
+	{230, "EDC5230I", "ESM error."},
+	{231, "EDC5231I", "CP or the external security manager had an error"},
+	{232, "EDC5232I", "The function failed because it was invoked from a multithread environment."},
+	{244, "EDC5244I", "The program, module or DLL is not supported in this environment."},
+	{245, "EDC5245I", "Data is not valid."},
+	{246, "EDC5246I", "Unknown system state."},
+	{247, "EDC5247I", "Operation not supported."},
+	{248, "EDC5248I", "The object name specified is not correct."},
+	{249, "EDC5249I", "The function is not allowed."},
+	{257, "EDC5257I", "Function cannot be called in the child process of a fork() from a multithreaded process until exec() is called."},
+	{258, "EDC5258I", "A CUN_RS_NO_UNI_ENV error was issued by Unicode Services."},
+	{259, "EDC5259I", "A CUN_RS_NO_CONVERSION error was issued by Unicode Services."},
+	{260, "EDC5260I", "A CUN_RS_TABLE_NOT_ALIGNED error was issued by Unicode Services."},
+	{262, "EDC5262I", "An iconv() function encountered an unexpected error while using Unicode Services."},
+	{1000, "EDC8000I", "A bad socket-call constant was found in the IUCV header."},
+	{1001, "EDC8001I", "An error was found in the IUCV header."},
+	{1002, "EDC8002I", "A socket descriptor is out of range."},
+	{1003, "EDC8003I", "A socket descriptor is in use."},
+	{1004, "EDC8004I", "Request failed because of an IUCV error."},
+	{1005, "EDC8005I", "Offload box error."},
+	{1006, "EDC8006I", "Offload box restarted."},
+	{1007, "EDC8007I", "Offload box down."},
+	{1008, "EDC8008I", "Already a conflicting call outstanding on socket."},
+	{1009, "EDC8009I", "Request cancelled using a SOCKcallCANCEL request."},
+	{1011, "EDC8011I", "A name of a PFS was specified that either is not configured or is not a Sockets PFS."},
+	{1100, "EDC8100I", "Block device required."},
+	{1101, "EDC8101I", "Text file busy."},
+	{1102, "EDC8102I", "Operation would block."},
+	{1103, "EDC8103I", "Operation now in progress."},
+	{1104, "EDC8104I", "Connection already in progress."},
+	{1105, "EDC8105I", "Socket operation on non-socket."},
+	{1106, "EDC8106I", "Destination address required."},
+	{1107, "EDC8107I", "Message too long."},
+	{1108, "EDC8108I", "Protocol wrong type for socket."},
+	{1109, "EDC8109I", "Protocol not available."},
+	{1110, "EDC8110I", "Protocol not supported."},
+	{1111, "EDC8111I", "Socket type not supported."},
+	{1112, "EDC8112I", "Operation not supported on socket."},
+	{1113, "EDC8113I", "Protocol family not supported."},
+	{1114, "EDC8114I", "Address family not supported."},
+	{1115, "EDC8115I", "Address already in use."},
+	{1116, "EDC8116I", "Address not available."},
+	{1117, "EDC8117I", "Network is down."},
+	{1118, "EDC8118I", "Network is unreachable."},
+	{1119, "EDC8119I", "Network dropped connection on reset."},
+	{1120, "EDC8120I", "Connection ended abnormally."},
+	{1121, "EDC8121I", "Connection reset."},
+	{1122, "EDC8122I", "No buffer space available."},
+	{1123, "EDC8123I", "Socket already connected."},
+	{1124, "EDC8124I", "Socket not connected."},
+	{1125, "EDC8125I", "Can't send after socket shutdown."},
+	{1126, "EDC8126I", "Too many references; can't splice."},
+	{1127, "EDC8127I", "Connection timed out."},
+	{1128, "EDC8128I", "Connection refused."},
+	{1129, "EDC8129I", "Host is not available."},
+	{1130, "EDC8130I", "Host cannot be reached."},
+	{1131, "EDC8131I", "Too many processes."},
+	{1132, "EDC8132I", "Too many users."},
+	{1133, "EDC8133I", "Disk quota exceeded."},
+	{1134, "EDC8134I", "Stale file handle."},
+	{1135, "", ""},
+	{1136, "EDC8136I", "File is not a STREAM."},
+	{1137, "EDC8137I", "STREAMS ioctl() timeout."},
+	{1138, "EDC8138I", "No STREAMS resources."},
+	{1139, "EDC8139I", "The message identified by set_id and msg_id is not in the message catalog."},
+	{1140, "EDC8140I", "Bad message."},
+	{1141, "EDC8141I", "Identifier removed."},
+	{1142, "", ""},
+	{1143, "", ""},
+	{1144, "EDC8144I", "The link has been severed."},
+	{1145, "", ""},
+	{1146, "", ""},
+	{1147, "", ""},
+	{1148, "EDC8148I", "Protocol error."},
+	{1149, "EDC8149I", "Multihop not allowed."},
+	{1150, "", ""},
+	{1151, "", ""},
+	{1152, "EDC8152I", "The asynchronous I/O request has been canceled."},
+	{1159, "EDC8159I", "Function call was interrupted before any data was received."},
+	{1160, "EDC8160I", "Socket reuse is not supported."},
+	{1161, "EDC8161I", "The file system cannot currently be moved."},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGABT", "aborted"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGPOLL", "pollable event"},
+	{6, "SIGURG", "urgent I/O condition"},
+	{7, "SIGSTOP", "stop process"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad argument to routine"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGUSR1", "user defined signal 1"},
+	{17, "SIGUSR2", "user defined signal 2"},
+	{18, "SIGABND", "abend"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGQUIT", "quit"},
+	{25, "SIGTSTP", "stopped"},
+	{26, "SIGTRAP", "trace/breakpoint trap"},
+	{27, "SIGIOER", "I/O error"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGXCPU", "CPU time limit exceeded"},
+	{30, "SIGXFSZ", "file size limit exceeded"},
+	{31, "SIGVTALRM", "virtual timer expired"},
+	{32, "SIGPROF", "profiling timer expired"},
+	{33, "SIGDANGER", "danger"},
+	{34, "SIGTHSTOP", "stop thread"},
+	{35, "SIGTHCONT", "continue thread"},
+	{37, "SIGTRACE", "trace"},
+	{38, "", "DCE"},
+	{39, "SIGDUMP", "dump"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zptrace386_linux.go b/vendor/golang.org/x/sys/unix/zptrace386_linux.go
deleted file mode 100644
index 2d21c49e12652..0000000000000
--- a/vendor/golang.org/x/sys/unix/zptrace386_linux.go
+++ /dev/null
@@ -1,80 +0,0 @@
-// Code generated by linux/mkall.go generatePtracePair(386, amd64). DO NOT EDIT.
-
-// +build linux
-// +build 386 amd64
-
-package unix
-
-import "unsafe"
-
-// PtraceRegs386 is the registers used by 386 binaries.
-type PtraceRegs386 struct {
-	Ebx      int32
-	Ecx      int32
-	Edx      int32
-	Esi      int32
-	Edi      int32
-	Ebp      int32
-	Eax      int32
-	Xds      int32
-	Xes      int32
-	Xfs      int32
-	Xgs      int32
-	Orig_eax int32
-	Eip      int32
-	Xcs      int32
-	Eflags   int32
-	Esp      int32
-	Xss      int32
-}
-
-// PtraceGetRegs386 fetches the registers used by 386 binaries.
-func PtraceGetRegs386(pid int, regsout *PtraceRegs386) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
-}
-
-// PtraceSetRegs386 sets the registers used by 386 binaries.
-func PtraceSetRegs386(pid int, regs *PtraceRegs386) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
-}
-
-// PtraceRegsAmd64 is the registers used by amd64 binaries.
-type PtraceRegsAmd64 struct {
-	R15      uint64
-	R14      uint64
-	R13      uint64
-	R12      uint64
-	Rbp      uint64
-	Rbx      uint64
-	R11      uint64
-	R10      uint64
-	R9       uint64
-	R8       uint64
-	Rax      uint64
-	Rcx      uint64
-	Rdx      uint64
-	Rsi      uint64
-	Rdi      uint64
-	Orig_rax uint64
-	Rip      uint64
-	Cs       uint64
-	Eflags   uint64
-	Rsp      uint64
-	Ss       uint64
-	Fs_base  uint64
-	Gs_base  uint64
-	Ds       uint64
-	Es       uint64
-	Fs       uint64
-	Gs       uint64
-}
-
-// PtraceGetRegsAmd64 fetches the registers used by amd64 binaries.
-func PtraceGetRegsAmd64(pid int, regsout *PtraceRegsAmd64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
-}
-
-// PtraceSetRegsAmd64 sets the registers used by amd64 binaries.
-func PtraceSetRegsAmd64(pid int, regs *PtraceRegsAmd64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
-}
diff --git a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
new file mode 100644
index 0000000000000..bd001a6e1cc71
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -0,0 +1,42 @@
+// Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
+
+//go:build linux && (arm || arm64)
+// +build linux
+// +build arm arm64
+
+package unix
+
+import "unsafe"
+
+// PtraceRegsArm is the registers used by arm binaries.
+type PtraceRegsArm struct {
+	Uregs [18]uint32
+}
+
+// PtraceGetRegsArm fetches the registers used by arm binaries.
+func PtraceGetRegsArm(pid int, regsout *PtraceRegsArm) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsArm sets the registers used by arm binaries.
+func PtraceSetRegsArm(pid int, regs *PtraceRegsArm) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+// PtraceRegsArm64 is the registers used by arm64 binaries.
+type PtraceRegsArm64 struct {
+	Regs   [31]uint64
+	Sp     uint64
+	Pc     uint64
+	Pstate uint64
+}
+
+// PtraceGetRegsArm64 fetches the registers used by arm64 binaries.
+func PtraceGetRegsArm64(pid int, regsout *PtraceRegsArm64) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsArm64 sets the registers used by arm64 binaries.
+func PtraceSetRegsArm64(pid int, regs *PtraceRegsArm64) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
diff --git a/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go b/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
new file mode 100644
index 0000000000000..6cb6d688aa461
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
@@ -0,0 +1,17 @@
+// Code generated by linux/mkall.go generatePtraceRegSet("arm64"). DO NOT EDIT.
+
+package unix
+
+import "unsafe"
+
+// PtraceGetRegSetArm64 fetches the registers used by arm64 binaries.
+func PtraceGetRegSetArm64(pid, addr int, regsout *PtraceRegsArm64) error {
+	iovec := Iovec{(*byte)(unsafe.Pointer(regsout)), uint64(unsafe.Sizeof(*regsout))}
+	return ptrace(PTRACE_GETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+}
+
+// PtraceSetRegSetArm64 sets the registers used by arm64 binaries.
+func PtraceSetRegSetArm64(pid, addr int, regs *PtraceRegsArm64) error {
+	iovec := Iovec{(*byte)(unsafe.Pointer(regs)), uint64(unsafe.Sizeof(*regs))}
+	return ptrace(PTRACE_SETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+}
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
new file mode 100644
index 0000000000000..c34d0639be3aa
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -0,0 +1,51 @@
+// Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
+
+//go:build linux && (mips || mips64)
+// +build linux
+// +build mips mips64
+
+package unix
+
+import "unsafe"
+
+// PtraceRegsMips is the registers used by mips binaries.
+type PtraceRegsMips struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+// PtraceGetRegsMips fetches the registers used by mips binaries.
+func PtraceGetRegsMips(pid int, regsout *PtraceRegsMips) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsMips sets the registers used by mips binaries.
+func PtraceSetRegsMips(pid int, regs *PtraceRegsMips) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+// PtraceRegsMips64 is the registers used by mips64 binaries.
+type PtraceRegsMips64 struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+// PtraceGetRegsMips64 fetches the registers used by mips64 binaries.
+func PtraceGetRegsMips64(pid int, regsout *PtraceRegsMips64) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsMips64 sets the registers used by mips64 binaries.
+func PtraceSetRegsMips64(pid int, regs *PtraceRegsMips64) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
new file mode 100644
index 0000000000000..3ccf0c0c4a80c
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -0,0 +1,51 @@
+// Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
+
+//go:build linux && (mipsle || mips64le)
+// +build linux
+// +build mipsle mips64le
+
+package unix
+
+import "unsafe"
+
+// PtraceRegsMipsle is the registers used by mipsle binaries.
+type PtraceRegsMipsle struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+// PtraceGetRegsMipsle fetches the registers used by mipsle binaries.
+func PtraceGetRegsMipsle(pid int, regsout *PtraceRegsMipsle) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsMipsle sets the registers used by mipsle binaries.
+func PtraceSetRegsMipsle(pid int, regs *PtraceRegsMipsle) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+// PtraceRegsMips64le is the registers used by mips64le binaries.
+type PtraceRegsMips64le struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+// PtraceGetRegsMips64le fetches the registers used by mips64le binaries.
+func PtraceGetRegsMips64le(pid int, regsout *PtraceRegsMips64le) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsMips64le sets the registers used by mips64le binaries.
+func PtraceSetRegsMips64le(pid int, regs *PtraceRegsMips64le) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
diff --git a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
new file mode 100644
index 0000000000000..7d65857004c44
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -0,0 +1,81 @@
+// Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
+
+//go:build linux && (386 || amd64)
+// +build linux
+// +build 386 amd64
+
+package unix
+
+import "unsafe"
+
+// PtraceRegs386 is the registers used by 386 binaries.
+type PtraceRegs386 struct {
+	Ebx      int32
+	Ecx      int32
+	Edx      int32
+	Esi      int32
+	Edi      int32
+	Ebp      int32
+	Eax      int32
+	Xds      int32
+	Xes      int32
+	Xfs      int32
+	Xgs      int32
+	Orig_eax int32
+	Eip      int32
+	Xcs      int32
+	Eflags   int32
+	Esp      int32
+	Xss      int32
+}
+
+// PtraceGetRegs386 fetches the registers used by 386 binaries.
+func PtraceGetRegs386(pid int, regsout *PtraceRegs386) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegs386 sets the registers used by 386 binaries.
+func PtraceSetRegs386(pid int, regs *PtraceRegs386) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+// PtraceRegsAmd64 is the registers used by amd64 binaries.
+type PtraceRegsAmd64 struct {
+	R15      uint64
+	R14      uint64
+	R13      uint64
+	R12      uint64
+	Rbp      uint64
+	Rbx      uint64
+	R11      uint64
+	R10      uint64
+	R9       uint64
+	R8       uint64
+	Rax      uint64
+	Rcx      uint64
+	Rdx      uint64
+	Rsi      uint64
+	Rdi      uint64
+	Orig_rax uint64
+	Rip      uint64
+	Cs       uint64
+	Eflags   uint64
+	Rsp      uint64
+	Ss       uint64
+	Fs_base  uint64
+	Gs_base  uint64
+	Ds       uint64
+	Es       uint64
+	Fs       uint64
+	Gs       uint64
+}
+
+// PtraceGetRegsAmd64 fetches the registers used by amd64 binaries.
+func PtraceGetRegsAmd64(pid int, regsout *PtraceRegsAmd64) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsAmd64 sets the registers used by amd64 binaries.
+func PtraceSetRegsAmd64(pid int, regs *PtraceRegsAmd64) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
diff --git a/vendor/golang.org/x/sys/unix/zptracearm_linux.go b/vendor/golang.org/x/sys/unix/zptracearm_linux.go
deleted file mode 100644
index faf23bbed97e9..0000000000000
--- a/vendor/golang.org/x/sys/unix/zptracearm_linux.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// Code generated by linux/mkall.go generatePtracePair(arm, arm64). DO NOT EDIT.
-
-// +build linux
-// +build arm arm64
-
-package unix
-
-import "unsafe"
-
-// PtraceRegsArm is the registers used by arm binaries.
-type PtraceRegsArm struct {
-	Uregs [18]uint32
-}
-
-// PtraceGetRegsArm fetches the registers used by arm binaries.
-func PtraceGetRegsArm(pid int, regsout *PtraceRegsArm) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
-}
-
-// PtraceSetRegsArm sets the registers used by arm binaries.
-func PtraceSetRegsArm(pid int, regs *PtraceRegsArm) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
-}
-
-// PtraceRegsArm64 is the registers used by arm64 binaries.
-type PtraceRegsArm64 struct {
-	Regs   [31]uint64
-	Sp     uint64
-	Pc     uint64
-	Pstate uint64
-}
-
-// PtraceGetRegsArm64 fetches the registers used by arm64 binaries.
-func PtraceGetRegsArm64(pid int, regsout *PtraceRegsArm64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
-}
-
-// PtraceSetRegsArm64 sets the registers used by arm64 binaries.
-func PtraceSetRegsArm64(pid int, regs *PtraceRegsArm64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
-}
diff --git a/vendor/golang.org/x/sys/unix/zptracemips_linux.go b/vendor/golang.org/x/sys/unix/zptracemips_linux.go
deleted file mode 100644
index c431131e63cf2..0000000000000
--- a/vendor/golang.org/x/sys/unix/zptracemips_linux.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// Code generated by linux/mkall.go generatePtracePair(mips, mips64). DO NOT EDIT.
-
-// +build linux
-// +build mips mips64
-
-package unix
-
-import "unsafe"
-
-// PtraceRegsMips is the registers used by mips binaries.
-type PtraceRegsMips struct {
-	Regs     [32]uint64
-	Lo       uint64
-	Hi       uint64
-	Epc      uint64
-	Badvaddr uint64
-	Status   uint64
-	Cause    uint64
-}
-
-// PtraceGetRegsMips fetches the registers used by mips binaries.
-func PtraceGetRegsMips(pid int, regsout *PtraceRegsMips) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
-}
-
-// PtraceSetRegsMips sets the registers used by mips binaries.
-func PtraceSetRegsMips(pid int, regs *PtraceRegsMips) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
-}
-
-// PtraceRegsMips64 is the registers used by mips64 binaries.
-type PtraceRegsMips64 struct {
-	Regs     [32]uint64
-	Lo       uint64
-	Hi       uint64
-	Epc      uint64
-	Badvaddr uint64
-	Status   uint64
-	Cause    uint64
-}
-
-// PtraceGetRegsMips64 fetches the registers used by mips64 binaries.
-func PtraceGetRegsMips64(pid int, regsout *PtraceRegsMips64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
-}
-
-// PtraceSetRegsMips64 sets the registers used by mips64 binaries.
-func PtraceSetRegsMips64(pid int, regs *PtraceRegsMips64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
-}
diff --git a/vendor/golang.org/x/sys/unix/zptracemipsle_linux.go b/vendor/golang.org/x/sys/unix/zptracemipsle_linux.go
deleted file mode 100644
index dc3d6d37322a9..0000000000000
--- a/vendor/golang.org/x/sys/unix/zptracemipsle_linux.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// Code generated by linux/mkall.go generatePtracePair(mipsle, mips64le). DO NOT EDIT.
-
-// +build linux
-// +build mipsle mips64le
-
-package unix
-
-import "unsafe"
-
-// PtraceRegsMipsle is the registers used by mipsle binaries.
-type PtraceRegsMipsle struct {
-	Regs     [32]uint64
-	Lo       uint64
-	Hi       uint64
-	Epc      uint64
-	Badvaddr uint64
-	Status   uint64
-	Cause    uint64
-}
-
-// PtraceGetRegsMipsle fetches the registers used by mipsle binaries.
-func PtraceGetRegsMipsle(pid int, regsout *PtraceRegsMipsle) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
-}
-
-// PtraceSetRegsMipsle sets the registers used by mipsle binaries.
-func PtraceSetRegsMipsle(pid int, regs *PtraceRegsMipsle) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
-}
-
-// PtraceRegsMips64le is the registers used by mips64le binaries.
-type PtraceRegsMips64le struct {
-	Regs     [32]uint64
-	Lo       uint64
-	Hi       uint64
-	Epc      uint64
-	Badvaddr uint64
-	Status   uint64
-	Cause    uint64
-}
-
-// PtraceGetRegsMips64le fetches the registers used by mips64le binaries.
-func PtraceGetRegsMips64le(pid int, regsout *PtraceRegsMips64le) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
-}
-
-// PtraceSetRegsMips64le sets the registers used by mips64le binaries.
-func PtraceSetRegsMips64le(pid int, regs *PtraceRegsMips64le) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
new file mode 100644
index 0000000000000..91a23cc72874d
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -0,0 +1,1485 @@
+// go run mksyscall_aix_ppc.go -aix -tags aix,ppc syscall_aix.go syscall_aix_ppc.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build aix && ppc
+// +build aix,ppc
+
+package unix
+
+/*
+#include <stdint.h>
+#include <stddef.h>
+int utimes(uintptr_t, uintptr_t);
+int utimensat(int, uintptr_t, uintptr_t, int);
+int getcwd(uintptr_t, size_t);
+int accept(int, uintptr_t, uintptr_t);
+int getdirent(int, uintptr_t, size_t);
+int wait4(int, uintptr_t, int, uintptr_t);
+int ioctl(int, int, uintptr_t);
+int fcntl(uintptr_t, int, uintptr_t);
+int acct(uintptr_t);
+int chdir(uintptr_t);
+int chroot(uintptr_t);
+int close(int);
+int dup(int);
+void exit(int);
+int faccessat(int, uintptr_t, unsigned int, int);
+int fchdir(int);
+int fchmod(int, unsigned int);
+int fchmodat(int, uintptr_t, unsigned int, int);
+int fchownat(int, uintptr_t, int, int, int);
+int fdatasync(int);
+int fsync(int);
+int getpgid(int);
+int getpgrp();
+int getpid();
+int getppid();
+int getpriority(int, int);
+int getrusage(int, uintptr_t);
+int getsid(int);
+int kill(int, int);
+int syslog(int, uintptr_t, size_t);
+int mkdir(int, uintptr_t, unsigned int);
+int mkdirat(int, uintptr_t, unsigned int);
+int mkfifo(uintptr_t, unsigned int);
+int mknod(uintptr_t, unsigned int, int);
+int mknodat(int, uintptr_t, unsigned int, int);
+int nanosleep(uintptr_t, uintptr_t);
+int open64(uintptr_t, int, unsigned int);
+int openat(int, uintptr_t, int, unsigned int);
+int read(int, uintptr_t, size_t);
+int readlink(uintptr_t, uintptr_t, size_t);
+int renameat(int, uintptr_t, int, uintptr_t);
+int setdomainname(uintptr_t, size_t);
+int sethostname(uintptr_t, size_t);
+int setpgid(int, int);
+int setsid();
+int settimeofday(uintptr_t);
+int setuid(int);
+int setgid(int);
+int setpriority(int, int, int);
+int statx(int, uintptr_t, int, int, uintptr_t);
+int sync();
+uintptr_t times(uintptr_t);
+int umask(int);
+int uname(uintptr_t);
+int unlink(uintptr_t);
+int unlinkat(int, uintptr_t, int);
+int ustat(int, uintptr_t);
+int write(int, uintptr_t, size_t);
+int dup2(int, int);
+int posix_fadvise64(int, long long, long long, int);
+int fchown(int, int, int);
+int fstat(int, uintptr_t);
+int fstatat(int, uintptr_t, uintptr_t, int);
+int fstatfs(int, uintptr_t);
+int ftruncate(int, long long);
+int getegid();
+int geteuid();
+int getgid();
+int getuid();
+int lchown(uintptr_t, int, int);
+int listen(int, int);
+int lstat(uintptr_t, uintptr_t);
+int pause();
+int pread64(int, uintptr_t, size_t, long long);
+int pwrite64(int, uintptr_t, size_t, long long);
+#define c_select select
+int select(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+int pselect(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+int setregid(int, int);
+int setreuid(int, int);
+int shutdown(int, int);
+long long splice(int, uintptr_t, int, uintptr_t, int, int);
+int stat(uintptr_t, uintptr_t);
+int statfs(uintptr_t, uintptr_t);
+int truncate(uintptr_t, long long);
+int bind(int, uintptr_t, uintptr_t);
+int connect(int, uintptr_t, uintptr_t);
+int getgroups(int, uintptr_t);
+int setgroups(int, uintptr_t);
+int getsockopt(int, int, int, uintptr_t, uintptr_t);
+int setsockopt(int, int, int, uintptr_t, uintptr_t);
+int socket(int, int, int);
+int socketpair(int, int, int, uintptr_t);
+int getpeername(int, uintptr_t, uintptr_t);
+int getsockname(int, uintptr_t, uintptr_t);
+int recvfrom(int, uintptr_t, size_t, int, uintptr_t, uintptr_t);
+int sendto(int, uintptr_t, size_t, int, uintptr_t, uintptr_t);
+int nrecvmsg(int, uintptr_t, int);
+int nsendmsg(int, uintptr_t, int);
+int munmap(uintptr_t, uintptr_t);
+int madvise(uintptr_t, size_t, int);
+int mprotect(uintptr_t, size_t, int);
+int mlock(uintptr_t, size_t);
+int mlockall(int);
+int msync(uintptr_t, size_t, int);
+int munlock(uintptr_t, size_t);
+int munlockall();
+int pipe(uintptr_t);
+int poll(uintptr_t, int, int);
+int gettimeofday(uintptr_t, uintptr_t);
+int time(uintptr_t);
+int utime(uintptr_t, uintptr_t);
+unsigned long long getsystemcfg(int);
+int umount(uintptr_t);
+int getrlimit64(int, uintptr_t);
+int setrlimit64(int, uintptr_t);
+long long lseek64(int, long long, int);
+uintptr_t mmap(uintptr_t, uintptr_t, int, int, int, long long);
+
+*/
+import "C"
+import (
+	"unsafe"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.utimes(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(times))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flag int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.utimensat(C.int(dirfd), C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(times))), C.int(flag))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getcwd(buf []byte) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	var _p1 int
+	_p1 = len(buf)
+	r0, er := C.getcwd(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, er := C.accept(C.int(s), C.uintptr_t(uintptr(unsafe.Pointer(rsa))), C.uintptr_t(uintptr(unsafe.Pointer(addrlen))))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirent(fd int, buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	var _p1 int
+	_p1 = len(buf)
+	r0, er := C.getdirent(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, err error) {
+	r0, er := C.wait4(C.int(pid), C.uintptr_t(uintptr(unsafe.Pointer(status))), C.int(options), C.uintptr_t(uintptr(unsafe.Pointer(rusage))))
+	wpid = Pid_t(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(arg))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
+	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))
+	r = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) (err error) {
+	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(uintptr(unsafe.Pointer(lk))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))
+	val = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Acct(path string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.acct(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.chdir(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.chroot(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	r0, er := C.close(C.int(fd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(oldfd int) (fd int, err error) {
+	r0, er := C.dup(C.int(oldfd))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	C.exit(C.int(code))
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.faccessat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	r0, er := C.fchdir(C.int(fd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	r0, er := C.fchmod(C.int(fd), C.uint(mode))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.fchmodat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.fchownat(C.int(dirfd), C.uintptr_t(_p0), C.int(uid), C.int(gid), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fdatasync(fd int) (err error) {
+	r0, er := C.fdatasync(C.int(fd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	r0, er := C.fsync(C.int(fd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, er := C.getpgid(C.int(pid))
+	pgid = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pid int) {
+	r0, _ := C.getpgrp()
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _ := C.getpid()
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _ := C.getppid()
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, er := C.getpriority(C.int(which), C.int(who))
+	prio = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	r0, er := C.getrusage(C.int(who), C.uintptr_t(uintptr(unsafe.Pointer(rusage))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, er := C.getsid(C.int(pid))
+	sid = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig Signal) (err error) {
+	r0, er := C.kill(C.int(pid), C.int(sig))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Klogctl(typ int, buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	var _p1 int
+	_p1 = len(buf)
+	r0, er := C.syslog(C.int(typ), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(dirfd int, path string, mode uint32) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mkdir(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mkdirat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mkfifo(C.uintptr_t(_p0), C.uint(mode))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mknod(C.uintptr_t(_p0), C.uint(mode), C.int(dev))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mknodat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(dev))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	r0, er := C.nanosleep(C.uintptr_t(uintptr(unsafe.Pointer(time))), C.uintptr_t(uintptr(unsafe.Pointer(leftover))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.open64(C.uintptr_t(_p0), C.int(mode), C.uint(perm))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.openat(C.int(dirfd), C.uintptr_t(_p0), C.int(flags), C.uint(mode))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.read(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	var _p1 *byte
+	if len(buf) > 0 {
+		_p1 = &buf[0]
+	}
+	var _p2 int
+	_p2 = len(buf)
+	r0, er := C.readlink(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(_p1))), C.size_t(_p2))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(oldpath)))
+	_p1 := uintptr(unsafe.Pointer(C.CString(newpath)))
+	r0, er := C.renameat(C.int(olddirfd), C.uintptr_t(_p0), C.int(newdirfd), C.uintptr_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setdomainname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.setdomainname(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sethostname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.sethostname(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	r0, er := C.setpgid(C.int(pid), C.int(pgid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, er := C.setsid()
+	pid = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tv *Timeval) (err error) {
+	r0, er := C.settimeofday(C.uintptr_t(uintptr(unsafe.Pointer(tv))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	r0, er := C.setuid(C.int(uid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(uid int) (err error) {
+	r0, er := C.setgid(C.int(uid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	r0, er := C.setpriority(C.int(which), C.int(who), C.int(prio))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.statx(C.int(dirfd), C.uintptr_t(_p0), C.int(flags), C.int(mask), C.uintptr_t(uintptr(unsafe.Pointer(stat))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() {
+	C.sync()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	r0, er := C.times(C.uintptr_t(uintptr(unsafe.Pointer(tms))))
+	ticks = uintptr(r0)
+	if uintptr(r0) == ^uintptr(0) && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(mask int) (oldmask int) {
+	r0, _ := C.umask(C.int(mask))
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	r0, er := C.uname(C.uintptr_t(uintptr(unsafe.Pointer(buf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.unlink(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.unlinkat(C.int(dirfd), C.uintptr_t(_p0), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	r0, er := C.ustat(C.int(dev), C.uintptr_t(uintptr(unsafe.Pointer(ubuf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.write(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, p *byte, np int) (n int, err error) {
+	r0, er := C.read(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(p))), C.size_t(np))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, p *byte, np int) (n int, err error) {
+	r0, er := C.write(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(p))), C.size_t(np))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(oldfd int, newfd int) (err error) {
+	r0, er := C.dup2(C.int(oldfd), C.int(newfd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	r0, er := C.posix_fadvise64(C.int(fd), C.longlong(offset), C.longlong(length), C.int(advice))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	r0, er := C.fchown(C.int(fd), C.int(uid), C.int(gid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *Stat_t) (err error) {
+	r0, er := C.fstat(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(stat))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.fstatat(C.int(dirfd), C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(stat))), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	r0, er := C.fstatfs(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(buf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	r0, er := C.ftruncate(C.int(fd), C.longlong(length))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := C.getegid()
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := C.geteuid()
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := C.getgid()
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := C.getuid()
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.lchown(C.uintptr_t(_p0), C.int(uid), C.int(gid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	r0, er := C.listen(C.int(s), C.int(n))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *Stat_t) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.lstat(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(stat))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	r0, er := C.pause()
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.pread64(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.longlong(offset))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.pwrite64(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.longlong(offset))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, er := C.c_select(C.int(nfd), C.uintptr_t(uintptr(unsafe.Pointer(r))), C.uintptr_t(uintptr(unsafe.Pointer(w))), C.uintptr_t(uintptr(unsafe.Pointer(e))), C.uintptr_t(uintptr(unsafe.Pointer(timeout))))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, er := C.pselect(C.int(nfd), C.uintptr_t(uintptr(unsafe.Pointer(r))), C.uintptr_t(uintptr(unsafe.Pointer(w))), C.uintptr_t(uintptr(unsafe.Pointer(e))), C.uintptr_t(uintptr(unsafe.Pointer(timeout))), C.uintptr_t(uintptr(unsafe.Pointer(sigmask))))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	r0, er := C.setregid(C.int(rgid), C.int(egid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	r0, er := C.setreuid(C.int(ruid), C.int(euid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	r0, er := C.shutdown(C.int(fd), C.int(how))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, er := C.splice(C.int(rfd), C.uintptr_t(uintptr(unsafe.Pointer(roff))), C.int(wfd), C.uintptr_t(uintptr(unsafe.Pointer(woff))), C.int(len), C.int(flags))
+	n = int64(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, statptr *Stat_t) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.stat(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(statptr))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.statfs(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(buf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.truncate(C.uintptr_t(_p0), C.longlong(length))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	r0, er := C.bind(C.int(s), C.uintptr_t(uintptr(addr)), C.uintptr_t(uintptr(addrlen)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	r0, er := C.connect(C.int(s), C.uintptr_t(uintptr(addr)), C.uintptr_t(uintptr(addrlen)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, er := C.getgroups(C.int(n), C.uintptr_t(uintptr(unsafe.Pointer(list))))
+	nn = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	r0, er := C.setgroups(C.int(n), C.uintptr_t(uintptr(unsafe.Pointer(list))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	r0, er := C.getsockopt(C.int(s), C.int(level), C.int(name), C.uintptr_t(uintptr(val)), C.uintptr_t(uintptr(unsafe.Pointer(vallen))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	r0, er := C.setsockopt(C.int(s), C.int(level), C.int(name), C.uintptr_t(uintptr(val)), C.uintptr_t(vallen))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, er := C.socket(C.int(domain), C.int(typ), C.int(proto))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	r0, er := C.socketpair(C.int(domain), C.int(typ), C.int(proto), C.uintptr_t(uintptr(unsafe.Pointer(fd))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	r0, er := C.getpeername(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(rsa))), C.uintptr_t(uintptr(unsafe.Pointer(addrlen))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	r0, er := C.getsockname(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(rsa))), C.uintptr_t(uintptr(unsafe.Pointer(addrlen))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.recvfrom(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(flags), C.uintptr_t(uintptr(unsafe.Pointer(from))), C.uintptr_t(uintptr(unsafe.Pointer(fromlen))))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	var _p1 int
+	_p1 = len(buf)
+	r0, er := C.sendto(C.int(s), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(flags), C.uintptr_t(uintptr(to)), C.uintptr_t(uintptr(addrlen)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, er := C.nrecvmsg(C.int(s), C.uintptr_t(uintptr(unsafe.Pointer(msg))), C.int(flags))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, er := C.nsendmsg(C.int(s), C.uintptr_t(uintptr(unsafe.Pointer(msg))), C.int(flags))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	r0, er := C.munmap(C.uintptr_t(addr), C.uintptr_t(length))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, advice int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.madvise(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(advice))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.mprotect(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(prot))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.mlock(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	r0, er := C.mlockall(C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.msync(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.munlock(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	r0, er := C.munlockall()
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	r0, er := C.pipe(C.uintptr_t(uintptr(unsafe.Pointer(p))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, er := C.poll(C.uintptr_t(uintptr(unsafe.Pointer(fds))), C.int(nfds), C.int(timeout))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func gettimeofday(tv *Timeval, tzp *Timezone) (err error) {
+	r0, er := C.gettimeofday(C.uintptr_t(uintptr(unsafe.Pointer(tv))), C.uintptr_t(uintptr(unsafe.Pointer(tzp))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, er := C.time(C.uintptr_t(uintptr(unsafe.Pointer(t))))
+	tt = Time_t(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.utime(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(buf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsystemcfg(label int) (n uint64) {
+	r0, _ := C.getsystemcfg(C.int(label))
+	n = uint64(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func umount(target string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(target)))
+	r0, er := C.umount(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	r0, er := C.getrlimit64(C.int(resource), C.uintptr_t(uintptr(unsafe.Pointer(rlim))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	r0, er := C.setrlimit64(C.int(resource), C.uintptr_t(uintptr(unsafe.Pointer(rlim))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, er := C.lseek64(C.int(fd), C.longlong(offset), C.int(whence))
+	off = int64(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, er := C.mmap(C.uintptr_t(addr), C.uintptr_t(length), C.int(prot), C.int(flags), C.int(fd), C.longlong(offset))
+	xaddr = uintptr(r0)
+	if uintptr(r0) == ^uintptr(0) && er != nil {
+		err = er
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
new file mode 100644
index 0000000000000..33c2609b8b406
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -0,0 +1,1443 @@
+// go run mksyscall_aix_ppc64.go -aix -tags aix,ppc64 syscall_aix.go syscall_aix_ppc64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build aix && ppc64
+// +build aix,ppc64
+
+package unix
+
+import (
+	"unsafe"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callutimes(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flag int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callutimensat(dirfd, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), flag)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getcwd(buf []byte) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	_, e1 := callgetcwd(uintptr(unsafe.Pointer(_p0)), len(buf))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, e1 := callaccept(s, uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirent(fd int, buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, e1 := callgetdirent(fd, uintptr(unsafe.Pointer(_p0)), len(buf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, err error) {
+	r0, e1 := callwait4(int(pid), uintptr(unsafe.Pointer(status)), options, uintptr(unsafe.Pointer(rusage)))
+	wpid = Pid_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, e1 := callioctl(fd, int(req), arg)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
+	r0, e1 := callfcntl(fd, cmd, uintptr(arg))
+	r = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) (err error) {
+	_, e1 := callfcntl(fd, cmd, uintptr(unsafe.Pointer(lk)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, e1 := callfcntl(uintptr(fd), cmd, uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Acct(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callacct(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callchdir(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callchroot(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, e1 := callclose(fd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(oldfd int) (fd int, err error) {
+	r0, e1 := calldup(oldfd)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	callexit(code)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callfaccessat(dirfd, uintptr(unsafe.Pointer(_p0)), mode, flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, e1 := callfchdir(fd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, e1 := callfchmod(fd, mode)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callfchmodat(dirfd, uintptr(unsafe.Pointer(_p0)), mode, flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callfchownat(dirfd, uintptr(unsafe.Pointer(_p0)), uid, gid, flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fdatasync(fd int) (err error) {
+	_, e1 := callfdatasync(fd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, e1 := callfsync(fd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, e1 := callgetpgid(pid)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pid int) {
+	r0, _ := callgetpgrp()
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _ := callgetpid()
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _ := callgetppid()
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, e1 := callgetpriority(which, who)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, e1 := callgetrusage(who, uintptr(unsafe.Pointer(rusage)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, e1 := callgetsid(pid)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig Signal) (err error) {
+	_, e1 := callkill(pid, int(sig))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Klogctl(typ int, buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, e1 := callsyslog(typ, uintptr(unsafe.Pointer(_p0)), len(buf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmkdir(dirfd, uintptr(unsafe.Pointer(_p0)), mode)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmkdirat(dirfd, uintptr(unsafe.Pointer(_p0)), mode)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmkfifo(uintptr(unsafe.Pointer(_p0)), mode)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmknod(uintptr(unsafe.Pointer(_p0)), mode, dev)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmknodat(dirfd, uintptr(unsafe.Pointer(_p0)), mode, dev)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, e1 := callnanosleep(uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, e1 := callopen64(uintptr(unsafe.Pointer(_p0)), mode, perm)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, e1 := callopenat(dirfd, uintptr(unsafe.Pointer(_p0)), flags, mode)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callread(fd, uintptr(unsafe.Pointer(_p0)), len(p))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	if len(buf) > 0 {
+		_p1 = &buf[0]
+	}
+	r0, e1 := callreadlink(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), len(buf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, e1 := callrenameat(olddirfd, uintptr(unsafe.Pointer(_p0)), newdirfd, uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setdomainname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	_, e1 := callsetdomainname(uintptr(unsafe.Pointer(_p0)), len(p))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sethostname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	_, e1 := callsethostname(uintptr(unsafe.Pointer(_p0)), len(p))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, e1 := callsetpgid(pid, pgid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, e1 := callsetsid()
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tv *Timeval) (err error) {
+	_, e1 := callsettimeofday(uintptr(unsafe.Pointer(tv)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, e1 := callsetuid(uid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(uid int) (err error) {
+	_, e1 := callsetgid(uid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, e1 := callsetpriority(which, who, prio)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callstatx(dirfd, uintptr(unsafe.Pointer(_p0)), flags, mask, uintptr(unsafe.Pointer(stat)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() {
+	callsync()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	r0, e1 := calltimes(uintptr(unsafe.Pointer(tms)))
+	ticks = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(mask int) (oldmask int) {
+	r0, _ := callumask(mask)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	_, e1 := calluname(uintptr(unsafe.Pointer(buf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callunlink(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callunlinkat(dirfd, uintptr(unsafe.Pointer(_p0)), flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, e1 := callustat(dev, uintptr(unsafe.Pointer(ubuf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callwrite(fd, uintptr(unsafe.Pointer(_p0)), len(p))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, p *byte, np int) (n int, err error) {
+	r0, e1 := callread(fd, uintptr(unsafe.Pointer(p)), np)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, p *byte, np int) (n int, err error) {
+	r0, e1 := callwrite(fd, uintptr(unsafe.Pointer(p)), np)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(oldfd int, newfd int) (err error) {
+	_, e1 := calldup2(oldfd, newfd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, e1 := callposix_fadvise64(fd, offset, length, advice)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, e1 := callfchown(fd, uid, gid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *Stat_t) (err error) {
+	_, e1 := callfstat(fd, uintptr(unsafe.Pointer(stat)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callfstatat(dirfd, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, e1 := callfstatfs(fd, uintptr(unsafe.Pointer(buf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, e1 := callftruncate(fd, length)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := callgetegid()
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := callgeteuid()
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := callgetgid()
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := callgetuid()
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := calllchown(uintptr(unsafe.Pointer(_p0)), uid, gid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, e1 := calllisten(s, n)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := calllstat(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, e1 := callpause()
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callpread64(fd, uintptr(unsafe.Pointer(_p0)), len(p), offset)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callpwrite64(fd, uintptr(unsafe.Pointer(_p0)), len(p), offset)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, e1 := callselect(nfd, uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, e1 := callpselect(nfd, uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, e1 := callsetregid(rgid, egid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, e1 := callsetreuid(ruid, euid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, e1 := callshutdown(fd, how)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, e1 := callsplice(rfd, uintptr(unsafe.Pointer(roff)), wfd, uintptr(unsafe.Pointer(woff)), len, flags)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, statptr *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callstat(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statptr)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callstatfs(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := calltruncate(uintptr(unsafe.Pointer(_p0)), length)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, e1 := callbind(s, uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, e1 := callconnect(s, uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, e1 := callgetgroups(n, uintptr(unsafe.Pointer(list)))
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, e1 := callsetgroups(n, uintptr(unsafe.Pointer(list)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, e1 := callgetsockopt(s, level, name, uintptr(val), uintptr(unsafe.Pointer(vallen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, e1 := callsetsockopt(s, level, name, uintptr(val), vallen)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, e1 := callsocket(domain, typ, proto)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, e1 := callsocketpair(domain, typ, proto, uintptr(unsafe.Pointer(fd)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, e1 := callgetpeername(fd, uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, e1 := callgetsockname(fd, uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callrecvfrom(fd, uintptr(unsafe.Pointer(_p0)), len(p), flags, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	_, e1 := callsendto(s, uintptr(unsafe.Pointer(_p0)), len(buf), flags, uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, e1 := callnrecvmsg(s, uintptr(unsafe.Pointer(msg)), flags)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, e1 := callnsendmsg(s, uintptr(unsafe.Pointer(msg)), flags)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, e1 := callmunmap(addr, length)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, advice int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmadvise(uintptr(unsafe.Pointer(_p0)), len(b), advice)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmprotect(uintptr(unsafe.Pointer(_p0)), len(b), prot)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmlock(uintptr(unsafe.Pointer(_p0)), len(b))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, e1 := callmlockall(flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmsync(uintptr(unsafe.Pointer(_p0)), len(b), flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmunlock(uintptr(unsafe.Pointer(_p0)), len(b))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, e1 := callmunlockall()
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, e1 := callpipe(uintptr(unsafe.Pointer(p)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, e1 := callpoll(uintptr(unsafe.Pointer(fds)), nfds, timeout)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func gettimeofday(tv *Timeval, tzp *Timezone) (err error) {
+	_, e1 := callgettimeofday(uintptr(unsafe.Pointer(tv)), uintptr(unsafe.Pointer(tzp)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, e1 := calltime(uintptr(unsafe.Pointer(t)))
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callutime(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsystemcfg(label int) (n uint64) {
+	r0, _ := callgetsystemcfg(label)
+	n = uint64(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func umount(target string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	_, e1 := callumount(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, e1 := callgetrlimit(resource, uintptr(unsafe.Pointer(rlim)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, e1 := callsetrlimit(resource, uintptr(unsafe.Pointer(rlim)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, e1 := calllseek(fd, offset, whence)
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, e1 := callmmap64(addr, length, prot, flags, fd, offset)
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
new file mode 100644
index 0000000000000..8b737fa971e85
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -0,0 +1,1192 @@
+// go run mksyscall_aix_ppc64.go -aix -tags aix,ppc64 syscall_aix.go syscall_aix_ppc64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build aix && ppc64 && gc
+// +build aix,ppc64,gc
+
+package unix
+
+import (
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_utimes utimes "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_utimensat utimensat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getcwd getcwd "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_accept accept "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getdirent getdirent "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_wait4 wait4 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_ioctl ioctl "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_acct acct "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_chdir chdir "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_chroot chroot "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_close close "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_dup dup "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_exit exit "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_faccessat faccessat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchdir fchdir "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchmod fchmod "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchownat fchownat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fdatasync fdatasync "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fsync fsync "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpgid getpgid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpid getpid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getppid getppid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpriority getpriority "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getrusage getrusage "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getsid getsid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_kill kill "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_syslog syslog "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mkdir mkdir "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mknod mknod "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mknodat mknodat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_open64 open64 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_openat openat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_read read "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_readlink readlink "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_renameat renameat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setdomainname setdomainname "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_sethostname sethostname "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setpgid setpgid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setsid setsid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setuid setuid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setgid setgid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setpriority setpriority "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_statx statx "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_sync sync "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_times times "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_umask umask "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_uname uname "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_unlink unlink "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_ustat ustat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_write write "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_dup2 dup2 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_posix_fadvise64 posix_fadvise64 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchown fchown "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fstat fstat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fstatat fstatat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getegid getegid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_geteuid geteuid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getgid getgid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getuid getuid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_lchown lchown "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_listen listen "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_lstat lstat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pause pause "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pread64 pread64 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pwrite64 pwrite64 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_select select "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pselect pselect "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setregid setregid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setreuid setreuid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_shutdown shutdown "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_splice splice "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_stat stat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_statfs statfs "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_truncate truncate "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_bind bind "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_connect connect "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getgroups getgroups "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setgroups setgroups "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_socket socket "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_socketpair socketpair "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpeername getpeername "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getsockname getsockname "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_sendto sendto "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_nrecvmsg nrecvmsg "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_nsendmsg nsendmsg "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_munmap munmap "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_madvise madvise "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mprotect mprotect "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mlock mlock "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mlockall mlockall "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_msync msync "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_munlock munlock "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_munlockall munlockall "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pipe pipe "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_poll poll "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_time time "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_utime utime "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_umount umount "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_lseek lseek "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mmap64 mmap64 "libc.a/shr_64.o"
+
+//go:linkname libc_utimes libc_utimes
+//go:linkname libc_utimensat libc_utimensat
+//go:linkname libc_getcwd libc_getcwd
+//go:linkname libc_accept libc_accept
+//go:linkname libc_getdirent libc_getdirent
+//go:linkname libc_wait4 libc_wait4
+//go:linkname libc_ioctl libc_ioctl
+//go:linkname libc_fcntl libc_fcntl
+//go:linkname libc_acct libc_acct
+//go:linkname libc_chdir libc_chdir
+//go:linkname libc_chroot libc_chroot
+//go:linkname libc_close libc_close
+//go:linkname libc_dup libc_dup
+//go:linkname libc_exit libc_exit
+//go:linkname libc_faccessat libc_faccessat
+//go:linkname libc_fchdir libc_fchdir
+//go:linkname libc_fchmod libc_fchmod
+//go:linkname libc_fchmodat libc_fchmodat
+//go:linkname libc_fchownat libc_fchownat
+//go:linkname libc_fdatasync libc_fdatasync
+//go:linkname libc_fsync libc_fsync
+//go:linkname libc_getpgid libc_getpgid
+//go:linkname libc_getpgrp libc_getpgrp
+//go:linkname libc_getpid libc_getpid
+//go:linkname libc_getppid libc_getppid
+//go:linkname libc_getpriority libc_getpriority
+//go:linkname libc_getrusage libc_getrusage
+//go:linkname libc_getsid libc_getsid
+//go:linkname libc_kill libc_kill
+//go:linkname libc_syslog libc_syslog
+//go:linkname libc_mkdir libc_mkdir
+//go:linkname libc_mkdirat libc_mkdirat
+//go:linkname libc_mkfifo libc_mkfifo
+//go:linkname libc_mknod libc_mknod
+//go:linkname libc_mknodat libc_mknodat
+//go:linkname libc_nanosleep libc_nanosleep
+//go:linkname libc_open64 libc_open64
+//go:linkname libc_openat libc_openat
+//go:linkname libc_read libc_read
+//go:linkname libc_readlink libc_readlink
+//go:linkname libc_renameat libc_renameat
+//go:linkname libc_setdomainname libc_setdomainname
+//go:linkname libc_sethostname libc_sethostname
+//go:linkname libc_setpgid libc_setpgid
+//go:linkname libc_setsid libc_setsid
+//go:linkname libc_settimeofday libc_settimeofday
+//go:linkname libc_setuid libc_setuid
+//go:linkname libc_setgid libc_setgid
+//go:linkname libc_setpriority libc_setpriority
+//go:linkname libc_statx libc_statx
+//go:linkname libc_sync libc_sync
+//go:linkname libc_times libc_times
+//go:linkname libc_umask libc_umask
+//go:linkname libc_uname libc_uname
+//go:linkname libc_unlink libc_unlink
+//go:linkname libc_unlinkat libc_unlinkat
+//go:linkname libc_ustat libc_ustat
+//go:linkname libc_write libc_write
+//go:linkname libc_dup2 libc_dup2
+//go:linkname libc_posix_fadvise64 libc_posix_fadvise64
+//go:linkname libc_fchown libc_fchown
+//go:linkname libc_fstat libc_fstat
+//go:linkname libc_fstatat libc_fstatat
+//go:linkname libc_fstatfs libc_fstatfs
+//go:linkname libc_ftruncate libc_ftruncate
+//go:linkname libc_getegid libc_getegid
+//go:linkname libc_geteuid libc_geteuid
+//go:linkname libc_getgid libc_getgid
+//go:linkname libc_getuid libc_getuid
+//go:linkname libc_lchown libc_lchown
+//go:linkname libc_listen libc_listen
+//go:linkname libc_lstat libc_lstat
+//go:linkname libc_pause libc_pause
+//go:linkname libc_pread64 libc_pread64
+//go:linkname libc_pwrite64 libc_pwrite64
+//go:linkname libc_select libc_select
+//go:linkname libc_pselect libc_pselect
+//go:linkname libc_setregid libc_setregid
+//go:linkname libc_setreuid libc_setreuid
+//go:linkname libc_shutdown libc_shutdown
+//go:linkname libc_splice libc_splice
+//go:linkname libc_stat libc_stat
+//go:linkname libc_statfs libc_statfs
+//go:linkname libc_truncate libc_truncate
+//go:linkname libc_bind libc_bind
+//go:linkname libc_connect libc_connect
+//go:linkname libc_getgroups libc_getgroups
+//go:linkname libc_setgroups libc_setgroups
+//go:linkname libc_getsockopt libc_getsockopt
+//go:linkname libc_setsockopt libc_setsockopt
+//go:linkname libc_socket libc_socket
+//go:linkname libc_socketpair libc_socketpair
+//go:linkname libc_getpeername libc_getpeername
+//go:linkname libc_getsockname libc_getsockname
+//go:linkname libc_recvfrom libc_recvfrom
+//go:linkname libc_sendto libc_sendto
+//go:linkname libc_nrecvmsg libc_nrecvmsg
+//go:linkname libc_nsendmsg libc_nsendmsg
+//go:linkname libc_munmap libc_munmap
+//go:linkname libc_madvise libc_madvise
+//go:linkname libc_mprotect libc_mprotect
+//go:linkname libc_mlock libc_mlock
+//go:linkname libc_mlockall libc_mlockall
+//go:linkname libc_msync libc_msync
+//go:linkname libc_munlock libc_munlock
+//go:linkname libc_munlockall libc_munlockall
+//go:linkname libc_pipe libc_pipe
+//go:linkname libc_poll libc_poll
+//go:linkname libc_gettimeofday libc_gettimeofday
+//go:linkname libc_time libc_time
+//go:linkname libc_utime libc_utime
+//go:linkname libc_getsystemcfg libc_getsystemcfg
+//go:linkname libc_umount libc_umount
+//go:linkname libc_getrlimit libc_getrlimit
+//go:linkname libc_setrlimit libc_setrlimit
+//go:linkname libc_lseek libc_lseek
+//go:linkname libc_mmap64 libc_mmap64
+
+type syscallFunc uintptr
+
+var (
+	libc_utimes,
+	libc_utimensat,
+	libc_getcwd,
+	libc_accept,
+	libc_getdirent,
+	libc_wait4,
+	libc_ioctl,
+	libc_fcntl,
+	libc_acct,
+	libc_chdir,
+	libc_chroot,
+	libc_close,
+	libc_dup,
+	libc_exit,
+	libc_faccessat,
+	libc_fchdir,
+	libc_fchmod,
+	libc_fchmodat,
+	libc_fchownat,
+	libc_fdatasync,
+	libc_fsync,
+	libc_getpgid,
+	libc_getpgrp,
+	libc_getpid,
+	libc_getppid,
+	libc_getpriority,
+	libc_getrusage,
+	libc_getsid,
+	libc_kill,
+	libc_syslog,
+	libc_mkdir,
+	libc_mkdirat,
+	libc_mkfifo,
+	libc_mknod,
+	libc_mknodat,
+	libc_nanosleep,
+	libc_open64,
+	libc_openat,
+	libc_read,
+	libc_readlink,
+	libc_renameat,
+	libc_setdomainname,
+	libc_sethostname,
+	libc_setpgid,
+	libc_setsid,
+	libc_settimeofday,
+	libc_setuid,
+	libc_setgid,
+	libc_setpriority,
+	libc_statx,
+	libc_sync,
+	libc_times,
+	libc_umask,
+	libc_uname,
+	libc_unlink,
+	libc_unlinkat,
+	libc_ustat,
+	libc_write,
+	libc_dup2,
+	libc_posix_fadvise64,
+	libc_fchown,
+	libc_fstat,
+	libc_fstatat,
+	libc_fstatfs,
+	libc_ftruncate,
+	libc_getegid,
+	libc_geteuid,
+	libc_getgid,
+	libc_getuid,
+	libc_lchown,
+	libc_listen,
+	libc_lstat,
+	libc_pause,
+	libc_pread64,
+	libc_pwrite64,
+	libc_select,
+	libc_pselect,
+	libc_setregid,
+	libc_setreuid,
+	libc_shutdown,
+	libc_splice,
+	libc_stat,
+	libc_statfs,
+	libc_truncate,
+	libc_bind,
+	libc_connect,
+	libc_getgroups,
+	libc_setgroups,
+	libc_getsockopt,
+	libc_setsockopt,
+	libc_socket,
+	libc_socketpair,
+	libc_getpeername,
+	libc_getsockname,
+	libc_recvfrom,
+	libc_sendto,
+	libc_nrecvmsg,
+	libc_nsendmsg,
+	libc_munmap,
+	libc_madvise,
+	libc_mprotect,
+	libc_mlock,
+	libc_mlockall,
+	libc_msync,
+	libc_munlock,
+	libc_munlockall,
+	libc_pipe,
+	libc_poll,
+	libc_gettimeofday,
+	libc_time,
+	libc_utime,
+	libc_getsystemcfg,
+	libc_umount,
+	libc_getrlimit,
+	libc_setrlimit,
+	libc_lseek,
+	libc_mmap64 syscallFunc
+)
+
+// Implemented in runtime/syscall_aix.go.
+func rawSyscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutimes(_p0 uintptr, times uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_utimes)), 2, _p0, times, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutimensat(dirfd int, _p0 uintptr, times uintptr, flag int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_utimensat)), 4, uintptr(dirfd), _p0, times, uintptr(flag), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetcwd(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getcwd)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callaccept(s int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_accept)), 3, uintptr(s), rsa, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetdirent(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getdirent)), 3, uintptr(fd), _p0, uintptr(_lenp0), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callwait4(pid int, status uintptr, options int, rusage uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_wait4)), 4, uintptr(pid), status, uintptr(options), rusage, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ioctl)), 3, uintptr(fd), uintptr(req), arg, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fcntl)), 3, fd, uintptr(cmd), arg, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callacct(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_acct)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callchdir(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_chdir)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callchroot(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_chroot)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callclose(fd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_close)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calldup(oldfd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_dup)), 1, uintptr(oldfd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callexit(code int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_exit)), 1, uintptr(code), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfaccessat(dirfd int, _p0 uintptr, mode uint32, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_faccessat)), 4, uintptr(dirfd), _p0, uintptr(mode), uintptr(flags), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchdir(fd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchdir)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchmod(fd int, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchmod)), 2, uintptr(fd), uintptr(mode), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchmodat(dirfd int, _p0 uintptr, mode uint32, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchmodat)), 4, uintptr(dirfd), _p0, uintptr(mode), uintptr(flags), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchownat(dirfd int, _p0 uintptr, uid int, gid int, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchownat)), 5, uintptr(dirfd), _p0, uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfdatasync(fd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fdatasync)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfsync(fd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fsync)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpgid(pid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getpgid)), 1, uintptr(pid), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpgrp() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getpgrp)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getpid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetppid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getppid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpriority(which int, who int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getpriority)), 2, uintptr(which), uintptr(who), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetrusage(who int, rusage uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getrusage)), 2, uintptr(who), rusage, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsid(pid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getsid)), 1, uintptr(pid), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callkill(pid int, sig int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_kill)), 2, uintptr(pid), uintptr(sig), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsyslog(typ int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_syslog)), 3, uintptr(typ), _p0, uintptr(_lenp0), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkdir(dirfd int, _p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mkdir)), 3, uintptr(dirfd), _p0, uintptr(mode), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkdirat(dirfd int, _p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mkdirat)), 3, uintptr(dirfd), _p0, uintptr(mode), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkfifo(_p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mkfifo)), 2, _p0, uintptr(mode), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmknod(_p0 uintptr, mode uint32, dev int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mknod)), 3, _p0, uintptr(mode), uintptr(dev), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmknodat(dirfd int, _p0 uintptr, mode uint32, dev int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mknodat)), 4, uintptr(dirfd), _p0, uintptr(mode), uintptr(dev), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnanosleep(time uintptr, leftover uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_nanosleep)), 2, time, leftover, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callopen64(_p0 uintptr, mode int, perm uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_open64)), 3, _p0, uintptr(mode), uintptr(perm), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callopenat(dirfd int, _p0 uintptr, flags int, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_openat)), 4, uintptr(dirfd), _p0, uintptr(flags), uintptr(mode), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callread(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_read)), 3, uintptr(fd), _p0, uintptr(_lenp0), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callreadlink(_p0 uintptr, _p1 uintptr, _lenp1 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_readlink)), 3, _p0, _p1, uintptr(_lenp1), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callrenameat(olddirfd int, _p0 uintptr, newdirfd int, _p1 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_renameat)), 4, uintptr(olddirfd), _p0, uintptr(newdirfd), _p1, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetdomainname(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setdomainname)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsethostname(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_sethostname)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetpgid(pid int, pgid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setpgid)), 2, uintptr(pid), uintptr(pgid), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetsid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setsid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsettimeofday(tv uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_settimeofday)), 1, tv, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetuid(uid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setuid)), 1, uintptr(uid), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetgid(uid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setgid)), 1, uintptr(uid), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetpriority(which int, who int, prio int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setpriority)), 3, uintptr(which), uintptr(who), uintptr(prio), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstatx(dirfd int, _p0 uintptr, flags int, mask int, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_statx)), 5, uintptr(dirfd), _p0, uintptr(flags), uintptr(mask), stat, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsync() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_sync)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltimes(tms uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_times)), 1, tms, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callumask(mask int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_umask)), 1, uintptr(mask), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calluname(buf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_uname)), 1, buf, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callunlink(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_unlink)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callunlinkat(dirfd int, _p0 uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_unlinkat)), 3, uintptr(dirfd), _p0, uintptr(flags), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callustat(dev int, ubuf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ustat)), 2, uintptr(dev), ubuf, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callwrite(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_write)), 3, uintptr(fd), _p0, uintptr(_lenp0), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calldup2(oldfd int, newfd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_dup2)), 2, uintptr(oldfd), uintptr(newfd), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callposix_fadvise64(fd int, offset int64, length int64, advice int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_posix_fadvise64)), 4, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchown(fd int, uid int, gid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchown)), 3, uintptr(fd), uintptr(uid), uintptr(gid), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstat(fd int, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fstat)), 2, uintptr(fd), stat, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstatat(dirfd int, _p0 uintptr, stat uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fstatat)), 4, uintptr(dirfd), _p0, stat, uintptr(flags), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstatfs(fd int, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fstatfs)), 2, uintptr(fd), buf, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callftruncate(fd int, length int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ftruncate)), 2, uintptr(fd), uintptr(length), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetegid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getegid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgeteuid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_geteuid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetgid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getgid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetuid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getuid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllchown(_p0 uintptr, uid int, gid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_lchown)), 3, _p0, uintptr(uid), uintptr(gid), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllisten(s int, n int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_listen)), 2, uintptr(s), uintptr(n), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllstat(_p0 uintptr, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_lstat)), 2, _p0, stat, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpause() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_pause)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpread64(fd int, _p0 uintptr, _lenp0 int, offset int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_pread64)), 4, uintptr(fd), _p0, uintptr(_lenp0), uintptr(offset), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpwrite64(fd int, _p0 uintptr, _lenp0 int, offset int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_pwrite64)), 4, uintptr(fd), _p0, uintptr(_lenp0), uintptr(offset), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callselect(nfd int, r uintptr, w uintptr, e uintptr, timeout uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_select)), 5, uintptr(nfd), r, w, e, timeout, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpselect(nfd int, r uintptr, w uintptr, e uintptr, timeout uintptr, sigmask uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_pselect)), 6, uintptr(nfd), r, w, e, timeout, sigmask)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetregid(rgid int, egid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setregid)), 2, uintptr(rgid), uintptr(egid), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetreuid(ruid int, euid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setreuid)), 2, uintptr(ruid), uintptr(euid), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callshutdown(fd int, how int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_shutdown)), 2, uintptr(fd), uintptr(how), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsplice(rfd int, roff uintptr, wfd int, woff uintptr, len int, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_splice)), 6, uintptr(rfd), roff, uintptr(wfd), woff, uintptr(len), uintptr(flags))
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstat(_p0 uintptr, statptr uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_stat)), 2, _p0, statptr, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstatfs(_p0 uintptr, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_statfs)), 2, _p0, buf, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltruncate(_p0 uintptr, length int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_truncate)), 2, _p0, uintptr(length), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callbind(s int, addr uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_bind)), 3, uintptr(s), addr, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callconnect(s int, addr uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_connect)), 3, uintptr(s), addr, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetgroups(n int, list uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getgroups)), 2, uintptr(n), list, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetgroups(n int, list uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setgroups)), 2, uintptr(n), list, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsockopt(s int, level int, name int, val uintptr, vallen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), val, vallen, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetsockopt(s int, level int, name int, val uintptr, vallen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), val, vallen, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsocket(domain int, typ int, proto int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_socket)), 3, uintptr(domain), uintptr(typ), uintptr(proto), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsocketpair(domain int, typ int, proto int, fd uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_socketpair)), 4, uintptr(domain), uintptr(typ), uintptr(proto), fd, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpeername(fd int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getpeername)), 3, uintptr(fd), rsa, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsockname(fd int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getsockname)), 3, uintptr(fd), rsa, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callrecvfrom(fd int, _p0 uintptr, _lenp0 int, flags int, from uintptr, fromlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_recvfrom)), 6, uintptr(fd), _p0, uintptr(_lenp0), uintptr(flags), from, fromlen)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsendto(s int, _p0 uintptr, _lenp0 int, flags int, to uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_sendto)), 6, uintptr(s), _p0, uintptr(_lenp0), uintptr(flags), to, addrlen)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnrecvmsg(s int, msg uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_nrecvmsg)), 3, uintptr(s), msg, uintptr(flags), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnsendmsg(s int, msg uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_nsendmsg)), 3, uintptr(s), msg, uintptr(flags), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunmap(addr uintptr, length uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_munmap)), 2, addr, length, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmadvise(_p0 uintptr, _lenp0 int, advice int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_madvise)), 3, _p0, uintptr(_lenp0), uintptr(advice), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmprotect(_p0 uintptr, _lenp0 int, prot int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mprotect)), 3, _p0, uintptr(_lenp0), uintptr(prot), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmlock(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mlock)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmlockall(flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mlockall)), 1, uintptr(flags), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmsync(_p0 uintptr, _lenp0 int, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_msync)), 3, _p0, uintptr(_lenp0), uintptr(flags), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunlock(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_munlock)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunlockall() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_munlockall)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpipe(p uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_pipe)), 1, p, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpoll(fds uintptr, nfds int, timeout int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_poll)), 3, fds, uintptr(nfds), uintptr(timeout), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgettimeofday(tv uintptr, tzp uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_gettimeofday)), 2, tv, tzp, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltime(t uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_time)), 1, t, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutime(_p0 uintptr, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_utime)), 2, _p0, buf, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsystemcfg)), 1, uintptr(label), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callumount(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_umount)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getrlimit)), 2, uintptr(resource), rlim, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setrlimit)), 2, uintptr(resource), rlim, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllseek(fd int, offset int64, whence int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_lseek)), 3, uintptr(fd), uintptr(offset), uintptr(whence), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmmap64(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mmap64)), 6, addr, length, uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
new file mode 100644
index 0000000000000..3c260917ed590
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -0,0 +1,1070 @@
+// go run mksyscall_aix_ppc64.go -aix -tags aix,ppc64 syscall_aix.go syscall_aix_ppc64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build aix && ppc64 && gccgo
+// +build aix,ppc64,gccgo
+
+package unix
+
+/*
+#include <stdint.h>
+int utimes(uintptr_t, uintptr_t);
+int utimensat(int, uintptr_t, uintptr_t, int);
+int getcwd(uintptr_t, size_t);
+int accept(int, uintptr_t, uintptr_t);
+int getdirent(int, uintptr_t, size_t);
+int wait4(int, uintptr_t, int, uintptr_t);
+int ioctl(int, int, uintptr_t);
+int fcntl(uintptr_t, int, uintptr_t);
+int acct(uintptr_t);
+int chdir(uintptr_t);
+int chroot(uintptr_t);
+int close(int);
+int dup(int);
+void exit(int);
+int faccessat(int, uintptr_t, unsigned int, int);
+int fchdir(int);
+int fchmod(int, unsigned int);
+int fchmodat(int, uintptr_t, unsigned int, int);
+int fchownat(int, uintptr_t, int, int, int);
+int fdatasync(int);
+int fsync(int);
+int getpgid(int);
+int getpgrp();
+int getpid();
+int getppid();
+int getpriority(int, int);
+int getrusage(int, uintptr_t);
+int getsid(int);
+int kill(int, int);
+int syslog(int, uintptr_t, size_t);
+int mkdir(int, uintptr_t, unsigned int);
+int mkdirat(int, uintptr_t, unsigned int);
+int mkfifo(uintptr_t, unsigned int);
+int mknod(uintptr_t, unsigned int, int);
+int mknodat(int, uintptr_t, unsigned int, int);
+int nanosleep(uintptr_t, uintptr_t);
+int open64(uintptr_t, int, unsigned int);
+int openat(int, uintptr_t, int, unsigned int);
+int read(int, uintptr_t, size_t);
+int readlink(uintptr_t, uintptr_t, size_t);
+int renameat(int, uintptr_t, int, uintptr_t);
+int setdomainname(uintptr_t, size_t);
+int sethostname(uintptr_t, size_t);
+int setpgid(int, int);
+int setsid();
+int settimeofday(uintptr_t);
+int setuid(int);
+int setgid(int);
+int setpriority(int, int, int);
+int statx(int, uintptr_t, int, int, uintptr_t);
+int sync();
+uintptr_t times(uintptr_t);
+int umask(int);
+int uname(uintptr_t);
+int unlink(uintptr_t);
+int unlinkat(int, uintptr_t, int);
+int ustat(int, uintptr_t);
+int write(int, uintptr_t, size_t);
+int dup2(int, int);
+int posix_fadvise64(int, long long, long long, int);
+int fchown(int, int, int);
+int fstat(int, uintptr_t);
+int fstatat(int, uintptr_t, uintptr_t, int);
+int fstatfs(int, uintptr_t);
+int ftruncate(int, long long);
+int getegid();
+int geteuid();
+int getgid();
+int getuid();
+int lchown(uintptr_t, int, int);
+int listen(int, int);
+int lstat(uintptr_t, uintptr_t);
+int pause();
+int pread64(int, uintptr_t, size_t, long long);
+int pwrite64(int, uintptr_t, size_t, long long);
+#define c_select select
+int select(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+int pselect(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+int setregid(int, int);
+int setreuid(int, int);
+int shutdown(int, int);
+long long splice(int, uintptr_t, int, uintptr_t, int, int);
+int stat(uintptr_t, uintptr_t);
+int statfs(uintptr_t, uintptr_t);
+int truncate(uintptr_t, long long);
+int bind(int, uintptr_t, uintptr_t);
+int connect(int, uintptr_t, uintptr_t);
+int getgroups(int, uintptr_t);
+int setgroups(int, uintptr_t);
+int getsockopt(int, int, int, uintptr_t, uintptr_t);
+int setsockopt(int, int, int, uintptr_t, uintptr_t);
+int socket(int, int, int);
+int socketpair(int, int, int, uintptr_t);
+int getpeername(int, uintptr_t, uintptr_t);
+int getsockname(int, uintptr_t, uintptr_t);
+int recvfrom(int, uintptr_t, size_t, int, uintptr_t, uintptr_t);
+int sendto(int, uintptr_t, size_t, int, uintptr_t, uintptr_t);
+int nrecvmsg(int, uintptr_t, int);
+int nsendmsg(int, uintptr_t, int);
+int munmap(uintptr_t, uintptr_t);
+int madvise(uintptr_t, size_t, int);
+int mprotect(uintptr_t, size_t, int);
+int mlock(uintptr_t, size_t);
+int mlockall(int);
+int msync(uintptr_t, size_t, int);
+int munlock(uintptr_t, size_t);
+int munlockall();
+int pipe(uintptr_t);
+int poll(uintptr_t, int, int);
+int gettimeofday(uintptr_t, uintptr_t);
+int time(uintptr_t);
+int utime(uintptr_t, uintptr_t);
+unsigned long long getsystemcfg(int);
+int umount(uintptr_t);
+int getrlimit(int, uintptr_t);
+int setrlimit(int, uintptr_t);
+long long lseek(int, long long, int);
+uintptr_t mmap64(uintptr_t, uintptr_t, int, int, int, long long);
+
+*/
+import "C"
+import (
+	"syscall"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutimes(_p0 uintptr, times uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.utimes(C.uintptr_t(_p0), C.uintptr_t(times)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutimensat(dirfd int, _p0 uintptr, times uintptr, flag int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.utimensat(C.int(dirfd), C.uintptr_t(_p0), C.uintptr_t(times), C.int(flag)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetcwd(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getcwd(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callaccept(s int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.accept(C.int(s), C.uintptr_t(rsa), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetdirent(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getdirent(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callwait4(pid int, status uintptr, options int, rusage uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.wait4(C.int(pid), C.uintptr_t(status), C.int(options), C.uintptr_t(rusage)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ioctl(C.int(fd), C.int(req), C.uintptr_t(arg)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callacct(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.acct(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callchdir(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.chdir(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callchroot(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.chroot(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callclose(fd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.close(C.int(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calldup(oldfd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.dup(C.int(oldfd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callexit(code int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.exit(C.int(code)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfaccessat(dirfd int, _p0 uintptr, mode uint32, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.faccessat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchdir(fd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchdir(C.int(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchmod(fd int, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchmod(C.int(fd), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchmodat(dirfd int, _p0 uintptr, mode uint32, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchmodat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchownat(dirfd int, _p0 uintptr, uid int, gid int, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchownat(C.int(dirfd), C.uintptr_t(_p0), C.int(uid), C.int(gid), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfdatasync(fd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fdatasync(C.int(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfsync(fd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fsync(C.int(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpgid(pid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpgid(C.int(pid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpgrp() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpgrp())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetppid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getppid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpriority(which int, who int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpriority(C.int(which), C.int(who)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetrusage(who int, rusage uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getrusage(C.int(who), C.uintptr_t(rusage)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsid(pid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getsid(C.int(pid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callkill(pid int, sig int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.kill(C.int(pid), C.int(sig)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsyslog(typ int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.syslog(C.int(typ), C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkdir(dirfd int, _p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mkdir(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkdirat(dirfd int, _p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mkdirat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkfifo(_p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mkfifo(C.uintptr_t(_p0), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmknod(_p0 uintptr, mode uint32, dev int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mknod(C.uintptr_t(_p0), C.uint(mode), C.int(dev)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmknodat(dirfd int, _p0 uintptr, mode uint32, dev int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mknodat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(dev)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnanosleep(time uintptr, leftover uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.nanosleep(C.uintptr_t(time), C.uintptr_t(leftover)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callopen64(_p0 uintptr, mode int, perm uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.open64(C.uintptr_t(_p0), C.int(mode), C.uint(perm)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callopenat(dirfd int, _p0 uintptr, flags int, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.openat(C.int(dirfd), C.uintptr_t(_p0), C.int(flags), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callread(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.read(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callreadlink(_p0 uintptr, _p1 uintptr, _lenp1 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.readlink(C.uintptr_t(_p0), C.uintptr_t(_p1), C.size_t(_lenp1)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callrenameat(olddirfd int, _p0 uintptr, newdirfd int, _p1 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.renameat(C.int(olddirfd), C.uintptr_t(_p0), C.int(newdirfd), C.uintptr_t(_p1)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetdomainname(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setdomainname(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsethostname(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.sethostname(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetpgid(pid int, pgid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setpgid(C.int(pid), C.int(pgid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetsid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setsid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsettimeofday(tv uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.settimeofday(C.uintptr_t(tv)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetuid(uid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setuid(C.int(uid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetgid(uid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setgid(C.int(uid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetpriority(which int, who int, prio int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setpriority(C.int(which), C.int(who), C.int(prio)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstatx(dirfd int, _p0 uintptr, flags int, mask int, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.statx(C.int(dirfd), C.uintptr_t(_p0), C.int(flags), C.int(mask), C.uintptr_t(stat)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsync() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.sync())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltimes(tms uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.times(C.uintptr_t(tms)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callumask(mask int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.umask(C.int(mask)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calluname(buf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.uname(C.uintptr_t(buf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callunlink(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.unlink(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callunlinkat(dirfd int, _p0 uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.unlinkat(C.int(dirfd), C.uintptr_t(_p0), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callustat(dev int, ubuf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ustat(C.int(dev), C.uintptr_t(ubuf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callwrite(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.write(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calldup2(oldfd int, newfd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.dup2(C.int(oldfd), C.int(newfd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callposix_fadvise64(fd int, offset int64, length int64, advice int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.posix_fadvise64(C.int(fd), C.longlong(offset), C.longlong(length), C.int(advice)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchown(fd int, uid int, gid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchown(C.int(fd), C.int(uid), C.int(gid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstat(fd int, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fstat(C.int(fd), C.uintptr_t(stat)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstatat(dirfd int, _p0 uintptr, stat uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fstatat(C.int(dirfd), C.uintptr_t(_p0), C.uintptr_t(stat), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstatfs(fd int, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fstatfs(C.int(fd), C.uintptr_t(buf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callftruncate(fd int, length int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ftruncate(C.int(fd), C.longlong(length)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetegid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getegid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgeteuid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.geteuid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetgid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getgid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetuid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getuid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllchown(_p0 uintptr, uid int, gid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.lchown(C.uintptr_t(_p0), C.int(uid), C.int(gid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllisten(s int, n int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.listen(C.int(s), C.int(n)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllstat(_p0 uintptr, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.lstat(C.uintptr_t(_p0), C.uintptr_t(stat)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpause() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pause())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpread64(fd int, _p0 uintptr, _lenp0 int, offset int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pread64(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0), C.longlong(offset)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpwrite64(fd int, _p0 uintptr, _lenp0 int, offset int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pwrite64(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0), C.longlong(offset)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callselect(nfd int, r uintptr, w uintptr, e uintptr, timeout uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.c_select(C.int(nfd), C.uintptr_t(r), C.uintptr_t(w), C.uintptr_t(e), C.uintptr_t(timeout)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpselect(nfd int, r uintptr, w uintptr, e uintptr, timeout uintptr, sigmask uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pselect(C.int(nfd), C.uintptr_t(r), C.uintptr_t(w), C.uintptr_t(e), C.uintptr_t(timeout), C.uintptr_t(sigmask)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetregid(rgid int, egid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setregid(C.int(rgid), C.int(egid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetreuid(ruid int, euid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setreuid(C.int(ruid), C.int(euid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callshutdown(fd int, how int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.shutdown(C.int(fd), C.int(how)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsplice(rfd int, roff uintptr, wfd int, woff uintptr, len int, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.splice(C.int(rfd), C.uintptr_t(roff), C.int(wfd), C.uintptr_t(woff), C.int(len), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstat(_p0 uintptr, statptr uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.stat(C.uintptr_t(_p0), C.uintptr_t(statptr)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstatfs(_p0 uintptr, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.statfs(C.uintptr_t(_p0), C.uintptr_t(buf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltruncate(_p0 uintptr, length int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.truncate(C.uintptr_t(_p0), C.longlong(length)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callbind(s int, addr uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.bind(C.int(s), C.uintptr_t(addr), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callconnect(s int, addr uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.connect(C.int(s), C.uintptr_t(addr), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetgroups(n int, list uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getgroups(C.int(n), C.uintptr_t(list)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetgroups(n int, list uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setgroups(C.int(n), C.uintptr_t(list)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsockopt(s int, level int, name int, val uintptr, vallen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getsockopt(C.int(s), C.int(level), C.int(name), C.uintptr_t(val), C.uintptr_t(vallen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetsockopt(s int, level int, name int, val uintptr, vallen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setsockopt(C.int(s), C.int(level), C.int(name), C.uintptr_t(val), C.uintptr_t(vallen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsocket(domain int, typ int, proto int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.socket(C.int(domain), C.int(typ), C.int(proto)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsocketpair(domain int, typ int, proto int, fd uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.socketpair(C.int(domain), C.int(typ), C.int(proto), C.uintptr_t(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpeername(fd int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpeername(C.int(fd), C.uintptr_t(rsa), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsockname(fd int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getsockname(C.int(fd), C.uintptr_t(rsa), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callrecvfrom(fd int, _p0 uintptr, _lenp0 int, flags int, from uintptr, fromlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.recvfrom(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0), C.int(flags), C.uintptr_t(from), C.uintptr_t(fromlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsendto(s int, _p0 uintptr, _lenp0 int, flags int, to uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.sendto(C.int(s), C.uintptr_t(_p0), C.size_t(_lenp0), C.int(flags), C.uintptr_t(to), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnrecvmsg(s int, msg uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.nrecvmsg(C.int(s), C.uintptr_t(msg), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnsendmsg(s int, msg uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.nsendmsg(C.int(s), C.uintptr_t(msg), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunmap(addr uintptr, length uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.munmap(C.uintptr_t(addr), C.uintptr_t(length)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmadvise(_p0 uintptr, _lenp0 int, advice int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.madvise(C.uintptr_t(_p0), C.size_t(_lenp0), C.int(advice)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmprotect(_p0 uintptr, _lenp0 int, prot int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mprotect(C.uintptr_t(_p0), C.size_t(_lenp0), C.int(prot)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmlock(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mlock(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmlockall(flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mlockall(C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmsync(_p0 uintptr, _lenp0 int, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.msync(C.uintptr_t(_p0), C.size_t(_lenp0), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunlock(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.munlock(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunlockall() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.munlockall())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpipe(p uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pipe(C.uintptr_t(p)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpoll(fds uintptr, nfds int, timeout int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.poll(C.uintptr_t(fds), C.int(nfds), C.int(timeout)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgettimeofday(tv uintptr, tzp uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.gettimeofday(C.uintptr_t(tv), C.uintptr_t(tzp)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltime(t uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.time(C.uintptr_t(t)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutime(_p0 uintptr, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.utime(C.uintptr_t(_p0), C.uintptr_t(buf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getsystemcfg(C.int(label)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callumount(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.umount(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getrlimit(C.int(resource), C.uintptr_t(rlim)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setrlimit(C.int(resource), C.uintptr_t(rlim)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllseek(fd int, offset int64, whence int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.lseek(C.int(fd), C.longlong(offset), C.int(whence)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmmap64(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mmap64(C.uintptr_t(addr), C.uintptr_t(length), C.int(prot), C.int(flags), C.int(fd), C.longlong(offset)))
+	e1 = syscall.GetErrno()
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.go
deleted file mode 100644
index ac02d4d8419e6..0000000000000
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.go
+++ /dev/null
@@ -1,1712 +0,0 @@
-// mksyscall.pl -l32 -tags darwin,386 syscall_bsd.go syscall_darwin.go syscall_darwin_386.go
-// Code generated by the command above; see README.md. DO NOT EDIT.
-
-// +build darwin,386
-
-package unix
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-var _ syscall.Errno
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func setgroups(ngid int, gid *_Gid_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Shutdown(s int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimes(path string, timeval *[2]Timeval) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func futimes(fd int, timeval *[2]Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, behav int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func pipe() (r int, w int, err error) {
-	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
-	r = int(r0)
-	w = int(r1)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func removexattr(path string, attr string, options int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func listxattr(path string, dest *byte, size int, options int) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func kill(pid int, signum int, posix int) (err error) {
-	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), uintptr(posix))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Access(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chflags(path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chmod(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chown(path string, uid int, gid int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(fd int) (nfd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
-	nfd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(from int, to int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exchangedata(path1 string, path2 string, options int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path1)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(path2)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_EXCHANGEDATA, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchflags(fd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fpathconf(fd int, name int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fstat(fd int, stat *Stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTATFS64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), uintptr(length>>32))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdtablesize() (size int) {
-	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
-	size = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getegid() (egid int) {
-	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
-	egid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Geteuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
-	uid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getgid() (gid int) {
-	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
-	gid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgrp() (pgrp int) {
-	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
-	pgrp = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
-	uid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Issetugid() (tainted bool) {
-	r0, _, _ := RawSyscall(SYS_ISSETUGID, 0, 0, 0)
-	tainted = bool(r0 != 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kqueue() (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lchown(path string, uid int, gid int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Link(path string, link string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(link)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(link)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listen(s int, backlog int) (err error) {
-	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lstat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdir(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkfifo(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknod(path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Open(path string, mode int, perm uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pathconf(path string, name int) (val int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pread(fd int, p []byte, offset int64) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlink(path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Rename(from string, to string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(from)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(to)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(fromfd int, from string, tofd int, to string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(from)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(to)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Revoke(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Rmdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
-	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(whence), 0, 0)
-	newoffset = int64(int64(r1)<<32 | int64(r0))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setegid(egid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETEGID, uintptr(egid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Seteuid(euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setgid(gid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setlogin(name string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(name)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setprivexec(flag int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIVEXEC, uintptr(flag), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tp *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setuid(uid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Stat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statfs(path string, stat *Statfs_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlink(path string, link string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(link)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() (err error) {
-	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Truncate(path string, length int64) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), uintptr(length>>32))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(newmask int) (oldmask int) {
-	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Undelete(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlink(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos), uintptr(pos>>32), 0, 0)
-	ret = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func gettimeofday(tp *Timeval) (sec int32, usec int32, err error) {
-	r0, r1, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
-	sec = int32(r0)
-	usec = int32(r1)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go
new file mode 100644
index 0000000000000..a06eb0932420a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go
@@ -0,0 +1,40 @@
+// go run mksyscall.go -tags darwin,amd64,go1.13 syscall_darwin.1_13.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build darwin && amd64 && go1.13
+// +build darwin,amd64,go1.13
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func closedir(dir uintptr) (err error) {
+	_, _, e1 := syscall_syscall(libc_closedir_trampoline_addr, uintptr(dir), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_closedir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) {
+	r0, _, _ := syscall_syscall(libc_readdir_r_trampoline_addr, uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	res = Errno(r0)
+	return
+}
+
+var libc_readdir_r_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
new file mode 100644
index 0000000000000..d6c3e25c018ac
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
@@ -0,0 +1,25 @@
+// go run mkasm_darwin.go amd64
+// Code generated by the command above; DO NOT EDIT.
+
+//go:build go1.13
+// +build go1.13
+
+#include "textflag.h"
+
+TEXT libc_fdopendir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fdopendir(SB)
+
+GLOBL	·libc_fdopendir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fdopendir_trampoline_addr(SB)/8, $libc_fdopendir_trampoline<>(SB)
+
+TEXT libc_closedir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_closedir(SB)
+
+GLOBL	·libc_closedir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_closedir_trampoline_addr(SB)/8, $libc_closedir_trampoline<>(SB)
+
+TEXT libc_readdir_r_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readdir_r(SB)
+
+GLOBL	·libc_readdir_r_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readdir_r_trampoline_addr(SB)/8, $libc_readdir_r_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index 1dd3cfa0e17ab..0ae0ed4cb8af7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -1,7 +1,8 @@
-// mksyscall.pl -tags darwin,amd64 syscall_bsd.go syscall_darwin.go syscall_darwin_amd64.go
+// go run mksyscall.go -tags darwin,amd64,go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
-// +build darwin,amd64
+//go:build darwin && amd64 && go1.12
+// +build darwin,amd64,go1.12
 
 package unix
 
@@ -15,7 +16,7 @@ var _ syscall.Errno
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -23,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
 	return
 }
 
+var libc_getgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgroups getgroups "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setgroups(ngid int, gid *_Gid_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgroups setgroups "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
 	wpid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -44,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err
 	return
 }
 
+var libc_wait4_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_wait4 wait4 "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -55,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	return
 }
 
+var libc_accept_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_accept accept "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_bind_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_bind bind "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_connect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connect connect "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -86,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 	return
 }
 
+var libc_socket_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socket socket "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	_, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockopt getsockopt "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	_, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsockopt setsockopt "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getpeername_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpeername getpeername "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockname_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockname getsockname "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Shutdown(s int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_shutdown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shutdown shutdown "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	_, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_socketpair_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socketpair socketpair "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
@@ -155,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -163,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	return
 }
 
+var libc_recvfrom_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvfrom recvfrom "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
@@ -172,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	_, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sendto_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendto sendto "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -190,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_recvmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvmsg recvmsg "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -201,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_sendmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendmsg sendmsg "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -212,21 +281,9 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_kevent_trampoline_addr uintptr
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_kevent kevent "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
@@ -236,38 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_utimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimes utimes "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func futimes(fd int, timeval *[2]Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_futimes_trampoline_addr uintptr
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_futimes futimes "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -275,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	return
 }
 
+var libc_poll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_poll poll "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Madvise(b []byte, behav int) (err error) {
@@ -284,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	_, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_madvise_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_madvise madvise "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlock(b []byte) (err error) {
@@ -300,23 +362,31 @@ func Mlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlock mlock "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlockall mlockall "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mprotect(b []byte, prot int) (err error) {
@@ -326,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	_, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mprotect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mprotect mprotect "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Msync(b []byte, flags int) (err error) {
@@ -342,13 +416,17 @@ func Msync(b []byte, flags int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_msync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_msync msync "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlock(b []byte) (err error) {
@@ -358,45 +436,45 @@ func Munlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlock munlock "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_munlockall_trampoline_addr uintptr
 
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_munlockall munlockall "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe() (r int, w int, err error) {
-	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
-	r = int(r0)
-	w = int(r1)
+func pipe(p *[2]int32) (err error) {
+	_, _, e1 := syscall_rawSyscall(libc_pipe_trampoline_addr, uintptr(unsafe.Pointer(p)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_pipe_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pipe pipe "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
@@ -410,7 +488,27 @@ func getxattr(path string, attr string, dest *byte, size int, position uint32, o
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	r0, _, e1 := syscall_syscall6(libc_getxattr_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getxattr getxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fgetxattr(fd int, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(libc_fgetxattr_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
 	sz = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -418,6 +516,10 @@ func getxattr(path string, attr string, dest *byte, size int, position uint32, o
 	return
 }
 
+var libc_fgetxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fgetxattr fgetxattr "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error) {
@@ -431,13 +533,36 @@ func setxattr(path string, attr string, data *byte, size int, position uint32, o
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	_, _, e1 := syscall_syscall6(libc_setxattr_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setxattr setxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fsetxattr(fd int, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_fsetxattr_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fsetxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fsetxattr fsetxattr "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func removexattr(path string, attr string, options int) (err error) {
@@ -451,13 +576,36 @@ func removexattr(path string, attr string, options int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	_, _, e1 := syscall_syscall(libc_removexattr_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_removexattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_removexattr removexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fremovexattr(fd int, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_fremovexattr_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(options))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fremovexattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fremovexattr fremovexattr "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func listxattr(path string, dest *byte, size int, options int) (sz int, err error) {
@@ -466,7 +614,22 @@ func listxattr(path string, dest *byte, size int, options int) (sz int, err erro
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_listxattr_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_listxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_listxattr listxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func flistxattr(fd int, dest *byte, size int, options int) (sz int, err error) {
+	r0, _, e1 := syscall_syscall6(libc_flistxattr_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
 	sz = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -474,26 +637,160 @@ func listxattr(path string, dest *byte, size int, options int) (sz int, err erro
 	return
 }
 
+var libc_flistxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_flistxattr flistxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) {
+	_, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(list), uintptr(buf), uintptr(size), uintptr(options), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_setattrlist_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func kill(pid int, signum int, posix int) (err error) {
-	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), uintptr(posix))
+	_, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), uintptr(posix))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_kill_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kill kill "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ioctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
+	_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_sendfile_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendfile sendfile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmat(id int, addr uintptr, flag int) (ret uintptr, err error) {
+	r0, _, e1 := syscall_syscall(libc_shmat_trampoline_addr, uintptr(id), uintptr(addr), uintptr(flag))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_shmat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shmat shmat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) {
+	r0, _, e1 := syscall_syscall(libc_shmctl_trampoline_addr, uintptr(id), uintptr(cmd), uintptr(unsafe.Pointer(buf)))
+	result = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_shmctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shmctl shmctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmdt(addr uintptr) (err error) {
+	_, _, e1 := syscall_syscall(libc_shmdt_trampoline_addr, uintptr(addr), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_shmdt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shmdt shmdt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmget(key int, size int, flag int) (id int, err error) {
+	r0, _, e1 := syscall_syscall(libc_shmget_trampoline_addr, uintptr(key), uintptr(size), uintptr(flag))
+	id = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_shmget_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shmget shmget "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Access(path string, mode uint32) (err error) {
@@ -502,23 +799,31 @@ func Access(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_access_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_access access "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	_, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_adjtime_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_adjtime adjtime "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chdir(path string) (err error) {
@@ -527,13 +832,17 @@ func Chdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chdir chdir "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chflags(path string, flags int) (err error) {
@@ -542,13 +851,17 @@ func Chflags(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chflags chflags "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chmod(path string, mode uint32) (err error) {
@@ -557,13 +870,17 @@ func Chmod(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chmod chmod "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chown(path string, uid int, gid int) (err error) {
@@ -572,13 +889,17 @@ func Chown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chown chown "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chroot(path string) (err error) {
@@ -587,27 +908,97 @@ func Chroot(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_chroot_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chroot chroot "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_clock_gettime_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_clock_gettime clock_gettime "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_close_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_close close "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefile(src string, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_clonefile_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_clonefile_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_clonefile clonefile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefileat(srcDirfd int, src string, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_clonefileat_trampoline_addr, uintptr(srcDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_clonefileat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_clonefileat clonefileat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup(fd int) (nfd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0)
 	nfd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -615,16 +1006,24 @@ func Dup(fd int) (nfd int, err error) {
 	return
 }
 
+var libc_dup_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup dup "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup2(from int, to int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	_, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup2 dup2 "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exchangedata(path1 string, path2 string, options int) (err error) {
@@ -638,20 +1037,28 @@ func Exchangedata(path1 string, path2 string, options int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_EXCHANGEDATA, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	_, _, e1 := syscall_syscall(libc_exchangedata_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_exchangedata_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_exchangedata exchangedata "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exit(code int) {
-	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0)
 	return
 }
 
+var libc_exit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_exit exit "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -660,43 +1067,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_faccessat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_faccessat faccessat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchdir fchdir "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchflags(fd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchflags fchflags "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmod fchmod "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -705,23 +1128,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmodat fchmodat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchown fchown "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
@@ -730,99 +1161,103 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_fchownat_trampoline_addr uintptr
 
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_fchownat fchownat "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fpathconf(fd int, name int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
-	val = int(r0)
+func Fclonefileat(srcDirfd int, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_fclonefileat_trampoline_addr, uintptr(srcDirfd), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_fclonefileat_trampoline_addr uintptr
 
-func Fstat(fd int, stat *Stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_fclonefileat fclonefileat "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_flock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_flock flock "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTATFS64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fpathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fpathconf fpathconf "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fsync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fsync fsync "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ftruncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ftruncate ftruncate "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+func Getcwd(buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -830,42 +1265,62 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	return
 }
 
+var libc_getcwd_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getcwd getcwd "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getdtablesize() (size int) {
-	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
+	r0, _, _ := syscall_syscall(libc_getdtablesize_trampoline_addr, 0, 0, 0)
 	size = int(r0)
 	return
 }
 
+var libc_getdtablesize_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getdtablesize getdtablesize "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getegid() (egid int) {
-	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0)
 	egid = int(r0)
 	return
 }
 
+var libc_getegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getegid getegid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Geteuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_geteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_geteuid geteuid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getgid() (gid int) {
-	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0)
 	gid = int(r0)
 	return
 }
 
+var libc_getgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgid getgid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0)
 	pgid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -873,34 +1328,50 @@ func Getpgid(pid int) (pgid int, err error) {
 	return
 }
 
+var libc_getpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgid getpgid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgrp() (pgrp int) {
-	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0)
 	pgrp = int(r0)
 	return
 }
 
+var libc_getpgrp_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgrp getpgrp "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpid() (pid int) {
-	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	return
 }
 
+var libc_getpid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpid getpid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getppid() (ppid int) {
-	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0)
 	ppid = int(r0)
 	return
 }
 
+var libc_getppid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getppid getppid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0)
 	prio = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -908,30 +1379,42 @@ func Getpriority(which int, who int) (prio int, err error) {
 	return
 }
 
+var libc_getpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpriority getpriority "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrlimit getrlimit "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrusage_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrusage getrusage "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0)
 	sid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -939,26 +1422,52 @@ func Getsid(pid int) (sid int, err error) {
 	return
 }
 
+var libc_getsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsid getsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_gettimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_getuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getuid getuid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Issetugid() (tainted bool) {
-	r0, _, _ := RawSyscall(SYS_ISSETUGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_issetugid_trampoline_addr, 0, 0, 0)
 	tainted = bool(r0 != 0)
 	return
 }
 
+var libc_issetugid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_issetugid issetugid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kqueue() (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -966,6 +1475,10 @@ func Kqueue() (fd int, err error) {
 	return
 }
 
+var libc_kqueue_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kqueue kqueue "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lchown(path string, uid int, gid int) (err error) {
@@ -974,13 +1487,17 @@ func Lchown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lchown lchown "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Link(path string, link string) (err error) {
@@ -994,13 +1511,17 @@ func Link(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_link_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_link link "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
@@ -1014,37 +1535,30 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_linkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_linkat linkat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Listen(s int, backlog int) (err error) {
-	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	_, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_listen_trampoline_addr uintptr
 
-func Lstat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_listen listen "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
@@ -1054,13 +1568,17 @@ func Mkdir(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdir mkdir "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdirat(dirfd int, path string, mode uint32) (err error) {
@@ -1069,13 +1587,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdirat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdirat mkdirat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifo(path string, mode uint32) (err error) {
@@ -1084,13 +1606,17 @@ func Mkfifo(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifo_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifo mkfifo "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknod(path string, mode uint32, dev int) (err error) {
@@ -1099,13 +1625,17 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	_, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknod mknod "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Open(path string, mode int, perm uint32) (fd int, err error) {
@@ -1114,7 +1644,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1122,6 +1652,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_open_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_open open "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
@@ -1130,7 +1664,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1138,6 +1672,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_openat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_openat openat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pathconf(path string, name int) (val int, err error) {
@@ -1146,7 +1684,7 @@ func Pathconf(path string, name int) (val int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1154,6 +1692,10 @@ func Pathconf(path string, name int) (val int, err error) {
 	return
 }
 
+var libc_pathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pathconf pathconf "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pread(fd int, p []byte, offset int64) (n int, err error) {
@@ -1163,7 +1705,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1171,6 +1713,10 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pread_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pread pread "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
@@ -1180,7 +1726,7 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1188,6 +1734,10 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pwrite_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwrite pwrite "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func read(fd int, p []byte) (n int, err error) {
@@ -1197,7 +1747,7 @@ func read(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1205,6 +1755,10 @@ func read(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_read_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_read read "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlink(path string, buf []byte) (n int, err error) {
@@ -1219,7 +1773,7 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1227,6 +1781,10 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlink readlink "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
@@ -1241,7 +1799,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1249,6 +1807,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlinkat readlinkat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rename(from string, to string) (err error) {
@@ -1262,13 +1824,17 @@ func Rename(from string, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rename_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rename rename "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Renameat(fromfd int, from string, tofd int, to string) (err error) {
@@ -1282,13 +1848,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_renameat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameat renameat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Revoke(path string) (err error) {
@@ -1297,13 +1867,17 @@ func Revoke(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_revoke_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_revoke revoke "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rmdir(path string) (err error) {
@@ -1312,17 +1886,21 @@ func Rmdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rmdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rmdir rmdir "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
-	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence))
 	newoffset = int64(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1330,46 +1908,67 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	return
 }
 
+var libc_lseek_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lseek lseek "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_select_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_select select "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setegid(egid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setegid setegid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seteuid(euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_seteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_seteuid seteuid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setgid(gid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgid setgid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setlogin(name string) (err error) {
@@ -1378,77 +1977,105 @@ func Setlogin(name string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setlogin_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setlogin setlogin "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpgid setpgid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	_, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpriority setpriority "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setprivexec(flag int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIVEXEC, uintptr(flag), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setprivexec_trampoline_addr, uintptr(flag), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setprivexec_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setprivexec setprivexec "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setregid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setregid setregid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setreuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setreuid setreuid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1456,55 +2083,37 @@ func Setsid() (pid int, err error) {
 	return
 }
 
+var libc_setsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsid setsid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Settimeofday(tp *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_settimeofday_trampoline_addr uintptr
 
-func Setuid(uid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_settimeofday settimeofday "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Stat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+func Setuid(uid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_setuid_trampoline_addr uintptr
 
-func Statfs(path string, stat *Statfs_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_setuid setuid "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
@@ -1519,13 +2128,17 @@ func Symlink(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlink symlink "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
@@ -1539,23 +2152,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	_, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlinkat symlinkat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Sync() (err error) {
-	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sync sync "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Truncate(path string, length int64) (err error) {
@@ -1564,21 +2185,29 @@ func Truncate(path string, length int64) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_truncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_truncate truncate "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Umask(newmask int) (oldmask int) {
-	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0)
 	oldmask = int(r0)
 	return
 }
 
+var libc_umask_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_umask umask "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Undelete(path string) (err error) {
@@ -1587,13 +2216,17 @@ func Undelete(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_undelete_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_undelete_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_undelete undelete "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlink(path string) (err error) {
@@ -1602,13 +2235,17 @@ func Unlink(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlink unlink "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlinkat(dirfd int, path string, flags int) (err error) {
@@ -1617,13 +2254,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlinkat unlinkat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unmount(path string, flags int) (err error) {
@@ -1632,13 +2273,17 @@ func Unmount(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unmount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unmount unmount "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func write(fd int, p []byte) (n int, err error) {
@@ -1648,7 +2293,7 @@ func write(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1656,10 +2301,14 @@ func write(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_write_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_write write "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
 	ret = uintptr(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1667,20 +2316,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 	return
 }
 
+var libc_mmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mmap mmap "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munmap munmap "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1691,7 +2348,65 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := syscall_syscall(libc_fstat64_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fstat64_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstat64 fstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_fstatat64_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fstatat64_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatat64 fstatat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := syscall_syscall(libc_fstatfs64_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fstatfs64_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatfs64 fstatfs64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat64_trampoline_addr, uintptr(buf), uintptr(size), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1699,14 +2414,77 @@ func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
 	return
 }
 
+var libc_getfsstat64_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat64 getfsstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_lstat64_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_lstat64_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lstat64 lstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_ptrace_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_stat64_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_stat64_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_stat64 stat64 "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func gettimeofday(tp *Timeval) (sec int64, usec int32, err error) {
-	r0, r1, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
-	sec = int64(r0)
-	usec = int32(r1)
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_statfs64_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
+
+var libc_statfs64_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_statfs64 statfs64 "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
new file mode 100644
index 0000000000000..eac6ca806f4d5
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -0,0 +1,883 @@
+// go run mkasm_darwin.go amd64
+// Code generated by the command above; DO NOT EDIT.
+
+//go:build go1.12
+// +build go1.12
+
+#include "textflag.h"
+
+TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+
+GLOBL	·libc_getgroups_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB)
+
+TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+
+GLOBL	·libc_setgroups_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB)
+
+TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+
+GLOBL	·libc_wait4_trampoline_addr(SB), RODATA, $8
+DATA	·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB)
+
+TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+
+GLOBL	·libc_accept_trampoline_addr(SB), RODATA, $8
+DATA	·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB)
+
+TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+
+GLOBL	·libc_bind_trampoline_addr(SB), RODATA, $8
+DATA	·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB)
+
+TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+
+GLOBL	·libc_connect_trampoline_addr(SB), RODATA, $8
+DATA	·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB)
+
+TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+
+GLOBL	·libc_socket_trampoline_addr(SB), RODATA, $8
+DATA	·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB)
+
+TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+
+GLOBL	·libc_getsockopt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB)
+
+TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+
+GLOBL	·libc_setsockopt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB)
+
+TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+
+GLOBL	·libc_getpeername_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB)
+
+TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+
+GLOBL	·libc_getsockname_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB)
+
+TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+
+GLOBL	·libc_shutdown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB)
+
+TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+
+GLOBL	·libc_socketpair_trampoline_addr(SB), RODATA, $8
+DATA	·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB)
+
+TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+
+GLOBL	·libc_recvfrom_trampoline_addr(SB), RODATA, $8
+DATA	·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB)
+
+TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+
+GLOBL	·libc_sendto_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB)
+
+TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+
+GLOBL	·libc_recvmsg_trampoline_addr(SB), RODATA, $8
+DATA	·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB)
+
+TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+
+GLOBL	·libc_sendmsg_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB)
+
+TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+
+GLOBL	·libc_kevent_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB)
+
+TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+
+GLOBL	·libc_utimes_trampoline_addr(SB), RODATA, $8
+DATA	·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB)
+
+TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+
+GLOBL	·libc_futimes_trampoline_addr(SB), RODATA, $8
+DATA	·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB)
+
+TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+
+GLOBL	·libc_poll_trampoline_addr(SB), RODATA, $8
+DATA	·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB)
+
+TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+
+GLOBL	·libc_madvise_trampoline_addr(SB), RODATA, $8
+DATA	·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB)
+
+TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+
+GLOBL	·libc_mlock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB)
+
+TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+
+GLOBL	·libc_mlockall_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB)
+
+TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+
+GLOBL	·libc_mprotect_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB)
+
+TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+
+GLOBL	·libc_msync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB)
+
+TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+
+GLOBL	·libc_munlock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB)
+
+TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+
+GLOBL	·libc_munlockall_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB)
+
+TEXT libc_pipe_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pipe(SB)
+
+GLOBL	·libc_pipe_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pipe_trampoline_addr(SB)/8, $libc_pipe_trampoline<>(SB)
+
+TEXT libc_getxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getxattr(SB)
+
+GLOBL	·libc_getxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getxattr_trampoline_addr(SB)/8, $libc_getxattr_trampoline<>(SB)
+
+TEXT libc_fgetxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fgetxattr(SB)
+
+GLOBL	·libc_fgetxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fgetxattr_trampoline_addr(SB)/8, $libc_fgetxattr_trampoline<>(SB)
+
+TEXT libc_setxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setxattr(SB)
+
+GLOBL	·libc_setxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setxattr_trampoline_addr(SB)/8, $libc_setxattr_trampoline<>(SB)
+
+TEXT libc_fsetxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fsetxattr(SB)
+
+GLOBL	·libc_fsetxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fsetxattr_trampoline_addr(SB)/8, $libc_fsetxattr_trampoline<>(SB)
+
+TEXT libc_removexattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_removexattr(SB)
+
+GLOBL	·libc_removexattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_removexattr_trampoline_addr(SB)/8, $libc_removexattr_trampoline<>(SB)
+
+TEXT libc_fremovexattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fremovexattr(SB)
+
+GLOBL	·libc_fremovexattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fremovexattr_trampoline_addr(SB)/8, $libc_fremovexattr_trampoline<>(SB)
+
+TEXT libc_listxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_listxattr(SB)
+
+GLOBL	·libc_listxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_listxattr_trampoline_addr(SB)/8, $libc_listxattr_trampoline<>(SB)
+
+TEXT libc_flistxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_flistxattr(SB)
+
+GLOBL	·libc_flistxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_flistxattr_trampoline_addr(SB)/8, $libc_flistxattr_trampoline<>(SB)
+
+TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setattrlist(SB)
+
+GLOBL	·libc_setattrlist_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB)
+
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
+TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+
+GLOBL	·libc_kill_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB)
+
+TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+
+GLOBL	·libc_ioctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB)
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
+TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendfile(SB)
+
+GLOBL	·libc_sendfile_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendfile_trampoline_addr(SB)/8, $libc_sendfile_trampoline<>(SB)
+
+TEXT libc_shmat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shmat(SB)
+
+GLOBL	·libc_shmat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shmat_trampoline_addr(SB)/8, $libc_shmat_trampoline<>(SB)
+
+TEXT libc_shmctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shmctl(SB)
+
+GLOBL	·libc_shmctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shmctl_trampoline_addr(SB)/8, $libc_shmctl_trampoline<>(SB)
+
+TEXT libc_shmdt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shmdt(SB)
+
+GLOBL	·libc_shmdt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shmdt_trampoline_addr(SB)/8, $libc_shmdt_trampoline<>(SB)
+
+TEXT libc_shmget_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shmget(SB)
+
+GLOBL	·libc_shmget_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shmget_trampoline_addr(SB)/8, $libc_shmget_trampoline<>(SB)
+
+TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+
+GLOBL	·libc_access_trampoline_addr(SB), RODATA, $8
+DATA	·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB)
+
+TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+
+GLOBL	·libc_adjtime_trampoline_addr(SB), RODATA, $8
+DATA	·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB)
+
+TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+
+GLOBL	·libc_chdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB)
+
+TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+
+GLOBL	·libc_chflags_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB)
+
+TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+
+GLOBL	·libc_chmod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB)
+
+TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+
+GLOBL	·libc_chown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB)
+
+TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+
+GLOBL	·libc_chroot_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB)
+
+TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_clock_gettime(SB)
+
+GLOBL	·libc_clock_gettime_trampoline_addr(SB), RODATA, $8
+DATA	·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB)
+
+TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+
+GLOBL	·libc_close_trampoline_addr(SB), RODATA, $8
+DATA	·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB)
+
+TEXT libc_clonefile_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_clonefile(SB)
+
+GLOBL	·libc_clonefile_trampoline_addr(SB), RODATA, $8
+DATA	·libc_clonefile_trampoline_addr(SB)/8, $libc_clonefile_trampoline<>(SB)
+
+TEXT libc_clonefileat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_clonefileat(SB)
+
+GLOBL	·libc_clonefileat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_clonefileat_trampoline_addr(SB)/8, $libc_clonefileat_trampoline<>(SB)
+
+TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+
+GLOBL	·libc_dup_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB)
+
+TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+
+GLOBL	·libc_dup2_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB)
+
+TEXT libc_exchangedata_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_exchangedata(SB)
+
+GLOBL	·libc_exchangedata_trampoline_addr(SB), RODATA, $8
+DATA	·libc_exchangedata_trampoline_addr(SB)/8, $libc_exchangedata_trampoline<>(SB)
+
+TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+
+GLOBL	·libc_exit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB)
+
+TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+
+GLOBL	·libc_faccessat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB)
+
+TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+
+GLOBL	·libc_fchdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB)
+
+TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+
+GLOBL	·libc_fchflags_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB)
+
+TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+
+GLOBL	·libc_fchmod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB)
+
+TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+
+GLOBL	·libc_fchmodat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB)
+
+TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+
+GLOBL	·libc_fchown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB)
+
+TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+
+GLOBL	·libc_fchownat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB)
+
+TEXT libc_fclonefileat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fclonefileat(SB)
+
+GLOBL	·libc_fclonefileat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fclonefileat_trampoline_addr(SB)/8, $libc_fclonefileat_trampoline<>(SB)
+
+TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+
+GLOBL	·libc_flock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB)
+
+TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+
+GLOBL	·libc_fpathconf_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB)
+
+TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+
+GLOBL	·libc_fsync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB)
+
+TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+
+GLOBL	·libc_ftruncate_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB)
+
+TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+
+GLOBL	·libc_getcwd_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB)
+
+TEXT libc_getdtablesize_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getdtablesize(SB)
+
+GLOBL	·libc_getdtablesize_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getdtablesize_trampoline_addr(SB)/8, $libc_getdtablesize_trampoline<>(SB)
+
+TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+
+GLOBL	·libc_getegid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB)
+
+TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+
+GLOBL	·libc_geteuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB)
+
+TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+
+GLOBL	·libc_getgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB)
+
+TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+
+GLOBL	·libc_getpgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB)
+
+TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+
+GLOBL	·libc_getpgrp_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB)
+
+TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+
+GLOBL	·libc_getpid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB)
+
+TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+
+GLOBL	·libc_getppid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB)
+
+TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+
+GLOBL	·libc_getpriority_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB)
+
+TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+
+GLOBL	·libc_getrlimit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB)
+
+TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+
+GLOBL	·libc_getrusage_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB)
+
+TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+
+GLOBL	·libc_getsid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB)
+
+TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+
+GLOBL	·libc_gettimeofday_trampoline_addr(SB), RODATA, $8
+DATA	·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB)
+
+TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+
+GLOBL	·libc_getuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB)
+
+TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+
+GLOBL	·libc_issetugid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB)
+
+TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+
+GLOBL	·libc_kqueue_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB)
+
+TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+
+GLOBL	·libc_lchown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB)
+
+TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+
+GLOBL	·libc_link_trampoline_addr(SB), RODATA, $8
+DATA	·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB)
+
+TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+
+GLOBL	·libc_linkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB)
+
+TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+
+GLOBL	·libc_listen_trampoline_addr(SB), RODATA, $8
+DATA	·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB)
+
+TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+
+GLOBL	·libc_mkdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB)
+
+TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+
+GLOBL	·libc_mkdirat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB)
+
+TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+
+GLOBL	·libc_mkfifo_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB)
+
+TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+
+GLOBL	·libc_mknod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB)
+
+TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+
+GLOBL	·libc_open_trampoline_addr(SB), RODATA, $8
+DATA	·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB)
+
+TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+
+GLOBL	·libc_openat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB)
+
+TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+
+GLOBL	·libc_pathconf_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB)
+
+TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+
+GLOBL	·libc_pread_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB)
+
+TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+
+GLOBL	·libc_pwrite_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB)
+
+TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+
+GLOBL	·libc_read_trampoline_addr(SB), RODATA, $8
+DATA	·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB)
+
+TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+
+GLOBL	·libc_readlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB)
+
+TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+
+GLOBL	·libc_readlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB)
+
+TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+
+GLOBL	·libc_rename_trampoline_addr(SB), RODATA, $8
+DATA	·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB)
+
+TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+
+GLOBL	·libc_renameat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB)
+
+TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+
+GLOBL	·libc_revoke_trampoline_addr(SB), RODATA, $8
+DATA	·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB)
+
+TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+
+GLOBL	·libc_rmdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB)
+
+TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+
+GLOBL	·libc_lseek_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB)
+
+TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+
+GLOBL	·libc_select_trampoline_addr(SB), RODATA, $8
+DATA	·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB)
+
+TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+
+GLOBL	·libc_setegid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB)
+
+TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+
+GLOBL	·libc_seteuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB)
+
+TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+
+GLOBL	·libc_setgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB)
+
+TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+
+GLOBL	·libc_setlogin_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB)
+
+TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+
+GLOBL	·libc_setpgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB)
+
+TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+
+GLOBL	·libc_setpriority_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB)
+
+TEXT libc_setprivexec_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setprivexec(SB)
+
+GLOBL	·libc_setprivexec_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setprivexec_trampoline_addr(SB)/8, $libc_setprivexec_trampoline<>(SB)
+
+TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+
+GLOBL	·libc_setregid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB)
+
+TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+
+GLOBL	·libc_setreuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB)
+
+TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+
+GLOBL	·libc_setrlimit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
+
+TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+
+GLOBL	·libc_setsid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB)
+
+TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+
+GLOBL	·libc_settimeofday_trampoline_addr(SB), RODATA, $8
+DATA	·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB)
+
+TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+
+GLOBL	·libc_setuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB)
+
+TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+
+GLOBL	·libc_symlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB)
+
+TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+
+GLOBL	·libc_symlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB)
+
+TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+
+GLOBL	·libc_sync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB)
+
+TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+
+GLOBL	·libc_truncate_trampoline_addr(SB), RODATA, $8
+DATA	·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB)
+
+TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+
+GLOBL	·libc_umask_trampoline_addr(SB), RODATA, $8
+DATA	·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB)
+
+TEXT libc_undelete_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_undelete(SB)
+
+GLOBL	·libc_undelete_trampoline_addr(SB), RODATA, $8
+DATA	·libc_undelete_trampoline_addr(SB)/8, $libc_undelete_trampoline<>(SB)
+
+TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+
+GLOBL	·libc_unlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB)
+
+TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+
+GLOBL	·libc_unlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB)
+
+TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+
+GLOBL	·libc_unmount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB)
+
+TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+
+GLOBL	·libc_write_trampoline_addr(SB), RODATA, $8
+DATA	·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB)
+
+TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+
+GLOBL	·libc_mmap_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB)
+
+TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+
+GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
+TEXT libc_fstat64_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstat64(SB)
+
+GLOBL	·libc_fstat64_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstat64_trampoline_addr(SB)/8, $libc_fstat64_trampoline<>(SB)
+
+TEXT libc_fstatat64_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat64(SB)
+
+GLOBL	·libc_fstatat64_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstatat64_trampoline_addr(SB)/8, $libc_fstatat64_trampoline<>(SB)
+
+TEXT libc_fstatfs64_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs64(SB)
+
+GLOBL	·libc_fstatfs64_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstatfs64_trampoline_addr(SB)/8, $libc_fstatfs64_trampoline<>(SB)
+
+TEXT libc_getfsstat64_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat64(SB)
+
+GLOBL	·libc_getfsstat64_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat64_trampoline_addr(SB)/8, $libc_getfsstat64_trampoline<>(SB)
+
+TEXT libc_lstat64_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lstat64(SB)
+
+GLOBL	·libc_lstat64_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lstat64_trampoline_addr(SB)/8, $libc_lstat64_trampoline<>(SB)
+
+TEXT libc_ptrace_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ptrace(SB)
+
+GLOBL	·libc_ptrace_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ptrace_trampoline_addr(SB)/8, $libc_ptrace_trampoline<>(SB)
+
+TEXT libc_stat64_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_stat64(SB)
+
+GLOBL	·libc_stat64_trampoline_addr(SB), RODATA, $8
+DATA	·libc_stat64_trampoline_addr(SB)/8, $libc_stat64_trampoline<>(SB)
+
+TEXT libc_statfs64_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_statfs64(SB)
+
+GLOBL	·libc_statfs64_trampoline_addr(SB), RODATA, $8
+DATA	·libc_statfs64_trampoline_addr(SB)/8, $libc_statfs64_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.go
deleted file mode 100644
index cab46e74ba447..0000000000000
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.go
+++ /dev/null
@@ -1,1712 +0,0 @@
-// mksyscall.pl -l32 -tags darwin,arm syscall_bsd.go syscall_darwin.go syscall_darwin_arm.go
-// Code generated by the command above; see README.md. DO NOT EDIT.
-
-// +build darwin,arm
-
-package unix
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-var _ syscall.Errno
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func setgroups(ngid int, gid *_Gid_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Shutdown(s int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimes(path string, timeval *[2]Timeval) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func futimes(fd int, timeval *[2]Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, behav int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func pipe() (r int, w int, err error) {
-	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
-	r = int(r0)
-	w = int(r1)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func removexattr(path string, attr string, options int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func listxattr(path string, dest *byte, size int, options int) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func kill(pid int, signum int, posix int) (err error) {
-	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), uintptr(posix))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Access(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chflags(path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chmod(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chown(path string, uid int, gid int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(fd int) (nfd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
-	nfd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(from int, to int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exchangedata(path1 string, path2 string, options int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path1)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(path2)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_EXCHANGEDATA, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchflags(fd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fpathconf(fd int, name int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fstat(fd int, stat *Stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTATFS64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), uintptr(length>>32))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdtablesize() (size int) {
-	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
-	size = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getegid() (egid int) {
-	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
-	egid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Geteuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
-	uid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getgid() (gid int) {
-	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
-	gid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgrp() (pgrp int) {
-	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
-	pgrp = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
-	uid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Issetugid() (tainted bool) {
-	r0, _, _ := RawSyscall(SYS_ISSETUGID, 0, 0, 0)
-	tainted = bool(r0 != 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kqueue() (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lchown(path string, uid int, gid int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Link(path string, link string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(link)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(link)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listen(s int, backlog int) (err error) {
-	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lstat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdir(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkfifo(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknod(path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Open(path string, mode int, perm uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pathconf(path string, name int) (val int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pread(fd int, p []byte, offset int64) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlink(path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Rename(from string, to string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(from)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(to)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(fromfd int, from string, tofd int, to string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(from)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(to)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Revoke(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Rmdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
-	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(whence), 0, 0)
-	newoffset = int64(int64(r1)<<32 | int64(r0))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setegid(egid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETEGID, uintptr(egid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Seteuid(euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setgid(gid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setlogin(name string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(name)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setprivexec(flag int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIVEXEC, uintptr(flag), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tp *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setuid(uid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Stat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statfs(path string, stat *Statfs_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlink(path string, link string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(link)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() (err error) {
-	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Truncate(path string, length int64) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), uintptr(length>>32))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(newmask int) (oldmask int) {
-	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Undelete(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlink(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos), uintptr(pos>>32), 0, 0)
-	ret = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func gettimeofday(tp *Timeval) (sec int32, usec int32, err error) {
-	r0, r1, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
-	sec = int32(r0)
-	usec = int32(r1)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go
new file mode 100644
index 0000000000000..cec595d553a49
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go
@@ -0,0 +1,40 @@
+// go run mksyscall.go -tags darwin,arm64,go1.13 syscall_darwin.1_13.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build darwin && arm64 && go1.13
+// +build darwin,arm64,go1.13
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func closedir(dir uintptr) (err error) {
+	_, _, e1 := syscall_syscall(libc_closedir_trampoline_addr, uintptr(dir), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_closedir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) {
+	r0, _, _ := syscall_syscall(libc_readdir_r_trampoline_addr, uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	res = Errno(r0)
+	return
+}
+
+var libc_readdir_r_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
new file mode 100644
index 0000000000000..357989722cfbc
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
@@ -0,0 +1,25 @@
+// go run mkasm_darwin.go arm64
+// Code generated by the command above; DO NOT EDIT.
+
+//go:build go1.13
+// +build go1.13
+
+#include "textflag.h"
+
+TEXT libc_fdopendir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fdopendir(SB)
+
+GLOBL	·libc_fdopendir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fdopendir_trampoline_addr(SB)/8, $libc_fdopendir_trampoline<>(SB)
+
+TEXT libc_closedir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_closedir(SB)
+
+GLOBL	·libc_closedir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_closedir_trampoline_addr(SB)/8, $libc_closedir_trampoline<>(SB)
+
+TEXT libc_readdir_r_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readdir_r(SB)
+
+GLOBL	·libc_readdir_r_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readdir_r_trampoline_addr(SB)/8, $libc_readdir_r_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 13478dd0bcf3d..cf71be3edb3b3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -1,7 +1,8 @@
-// mksyscall.pl -tags darwin,arm64 syscall_bsd.go syscall_darwin.go syscall_darwin_arm64.go
+// go run mksyscall.go -tags darwin,arm64,go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_arm64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
-// +build darwin,arm64
+//go:build darwin && arm64 && go1.12
+// +build darwin,arm64,go1.12
 
 package unix
 
@@ -15,7 +16,7 @@ var _ syscall.Errno
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -23,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
 	return
 }
 
+var libc_getgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgroups getgroups "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setgroups(ngid int, gid *_Gid_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgroups setgroups "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
 	wpid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -44,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err
 	return
 }
 
+var libc_wait4_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_wait4 wait4 "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -55,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	return
 }
 
+var libc_accept_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_accept accept "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_bind_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_bind bind "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_connect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connect connect "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -86,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 	return
 }
 
+var libc_socket_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socket socket "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	_, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockopt getsockopt "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	_, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsockopt setsockopt "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getpeername_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpeername getpeername "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockname_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockname getsockname "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Shutdown(s int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_shutdown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shutdown shutdown "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	_, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_socketpair_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socketpair socketpair "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
@@ -155,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -163,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	return
 }
 
+var libc_recvfrom_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvfrom recvfrom "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
@@ -172,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	_, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sendto_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendto sendto "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -190,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_recvmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvmsg recvmsg "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -201,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_sendmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendmsg sendmsg "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -212,21 +281,9 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_kevent_trampoline_addr uintptr
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_kevent kevent "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
@@ -236,38 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_utimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimes utimes "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func futimes(fd int, timeval *[2]Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_futimes_trampoline_addr uintptr
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_futimes futimes "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -275,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	return
 }
 
+var libc_poll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_poll poll "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Madvise(b []byte, behav int) (err error) {
@@ -284,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	_, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_madvise_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_madvise madvise "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlock(b []byte) (err error) {
@@ -300,23 +362,31 @@ func Mlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlock mlock "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlockall mlockall "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mprotect(b []byte, prot int) (err error) {
@@ -326,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	_, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mprotect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mprotect mprotect "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Msync(b []byte, flags int) (err error) {
@@ -342,13 +416,17 @@ func Msync(b []byte, flags int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_msync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_msync msync "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlock(b []byte) (err error) {
@@ -358,45 +436,45 @@ func Munlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlock munlock "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_munlockall_trampoline_addr uintptr
 
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_munlockall munlockall "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe() (r int, w int, err error) {
-	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
-	r = int(r0)
-	w = int(r1)
+func pipe(p *[2]int32) (err error) {
+	_, _, e1 := syscall_rawSyscall(libc_pipe_trampoline_addr, uintptr(unsafe.Pointer(p)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_pipe_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pipe pipe "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
@@ -410,7 +488,27 @@ func getxattr(path string, attr string, dest *byte, size int, position uint32, o
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	r0, _, e1 := syscall_syscall6(libc_getxattr_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getxattr getxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fgetxattr(fd int, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(libc_fgetxattr_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
 	sz = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -418,6 +516,10 @@ func getxattr(path string, attr string, dest *byte, size int, position uint32, o
 	return
 }
 
+var libc_fgetxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fgetxattr fgetxattr "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error) {
@@ -431,13 +533,36 @@ func setxattr(path string, attr string, data *byte, size int, position uint32, o
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	_, _, e1 := syscall_syscall6(libc_setxattr_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setxattr setxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fsetxattr(fd int, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_fsetxattr_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fsetxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fsetxattr fsetxattr "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func removexattr(path string, attr string, options int) (err error) {
@@ -451,13 +576,36 @@ func removexattr(path string, attr string, options int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	_, _, e1 := syscall_syscall(libc_removexattr_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_removexattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_removexattr removexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fremovexattr(fd int, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_fremovexattr_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(options))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fremovexattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fremovexattr fremovexattr "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func listxattr(path string, dest *byte, size int, options int) (sz int, err error) {
@@ -466,7 +614,22 @@ func listxattr(path string, dest *byte, size int, options int) (sz int, err erro
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_listxattr_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_listxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_listxattr listxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func flistxattr(fd int, dest *byte, size int, options int) (sz int, err error) {
+	r0, _, e1 := syscall_syscall6(libc_flistxattr_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
 	sz = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -474,26 +637,160 @@ func listxattr(path string, dest *byte, size int, options int) (sz int, err erro
 	return
 }
 
+var libc_flistxattr_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_flistxattr flistxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) {
+	_, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(list), uintptr(buf), uintptr(size), uintptr(options), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_setattrlist_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func kill(pid int, signum int, posix int) (err error) {
-	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), uintptr(posix))
+	_, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), uintptr(posix))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_kill_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kill kill "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ioctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
+	_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_sendfile_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendfile sendfile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmat(id int, addr uintptr, flag int) (ret uintptr, err error) {
+	r0, _, e1 := syscall_syscall(libc_shmat_trampoline_addr, uintptr(id), uintptr(addr), uintptr(flag))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_shmat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shmat shmat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) {
+	r0, _, e1 := syscall_syscall(libc_shmctl_trampoline_addr, uintptr(id), uintptr(cmd), uintptr(unsafe.Pointer(buf)))
+	result = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_shmctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shmctl shmctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmdt(addr uintptr) (err error) {
+	_, _, e1 := syscall_syscall(libc_shmdt_trampoline_addr, uintptr(addr), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_shmdt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shmdt shmdt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmget(key int, size int, flag int) (id int, err error) {
+	r0, _, e1 := syscall_syscall(libc_shmget_trampoline_addr, uintptr(key), uintptr(size), uintptr(flag))
+	id = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_shmget_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shmget shmget "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Access(path string, mode uint32) (err error) {
@@ -502,23 +799,31 @@ func Access(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_access_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_access access "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	_, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_adjtime_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_adjtime adjtime "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chdir(path string) (err error) {
@@ -527,13 +832,17 @@ func Chdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chdir chdir "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chflags(path string, flags int) (err error) {
@@ -542,13 +851,17 @@ func Chflags(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chflags chflags "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chmod(path string, mode uint32) (err error) {
@@ -557,13 +870,17 @@ func Chmod(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chmod chmod "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chown(path string, uid int, gid int) (err error) {
@@ -572,13 +889,17 @@ func Chown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chown chown "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chroot(path string) (err error) {
@@ -587,27 +908,97 @@ func Chroot(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_chroot_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chroot chroot "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_clock_gettime_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_clock_gettime clock_gettime "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_close_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_close close "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefile(src string, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_clonefile_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_clonefile_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_clonefile clonefile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefileat(srcDirfd int, src string, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_clonefileat_trampoline_addr, uintptr(srcDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_clonefileat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_clonefileat clonefileat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup(fd int) (nfd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0)
 	nfd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -615,16 +1006,24 @@ func Dup(fd int) (nfd int, err error) {
 	return
 }
 
+var libc_dup_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup dup "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup2(from int, to int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	_, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup2 dup2 "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exchangedata(path1 string, path2 string, options int) (err error) {
@@ -638,20 +1037,28 @@ func Exchangedata(path1 string, path2 string, options int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_EXCHANGEDATA, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	_, _, e1 := syscall_syscall(libc_exchangedata_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_exchangedata_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_exchangedata exchangedata "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exit(code int) {
-	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0)
 	return
 }
 
+var libc_exit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_exit exit "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -660,43 +1067,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_faccessat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_faccessat faccessat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchdir fchdir "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchflags(fd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchflags fchflags "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmod fchmod "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -705,23 +1128,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmodat fchmodat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchown fchown "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
@@ -730,99 +1161,103 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_fchownat_trampoline_addr uintptr
 
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_fchownat fchownat "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fpathconf(fd int, name int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
-	val = int(r0)
+func Fclonefileat(srcDirfd int, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_fclonefileat_trampoline_addr, uintptr(srcDirfd), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_fclonefileat_trampoline_addr uintptr
 
-func Fstat(fd int, stat *Stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_fclonefileat fclonefileat "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_flock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_flock flock "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTATFS64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fpathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fpathconf fpathconf "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fsync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fsync fsync "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ftruncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ftruncate ftruncate "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+func Getcwd(buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -830,42 +1265,62 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	return
 }
 
+var libc_getcwd_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getcwd getcwd "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getdtablesize() (size int) {
-	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
+	r0, _, _ := syscall_syscall(libc_getdtablesize_trampoline_addr, 0, 0, 0)
 	size = int(r0)
 	return
 }
 
+var libc_getdtablesize_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getdtablesize getdtablesize "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getegid() (egid int) {
-	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0)
 	egid = int(r0)
 	return
 }
 
+var libc_getegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getegid getegid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Geteuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_geteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_geteuid geteuid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getgid() (gid int) {
-	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0)
 	gid = int(r0)
 	return
 }
 
+var libc_getgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgid getgid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0)
 	pgid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -873,34 +1328,50 @@ func Getpgid(pid int) (pgid int, err error) {
 	return
 }
 
+var libc_getpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgid getpgid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgrp() (pgrp int) {
-	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0)
 	pgrp = int(r0)
 	return
 }
 
+var libc_getpgrp_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgrp getpgrp "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpid() (pid int) {
-	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	return
 }
 
+var libc_getpid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpid getpid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getppid() (ppid int) {
-	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0)
 	ppid = int(r0)
 	return
 }
 
+var libc_getppid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getppid getppid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0)
 	prio = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -908,30 +1379,42 @@ func Getpriority(which int, who int) (prio int, err error) {
 	return
 }
 
+var libc_getpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpriority getpriority "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrlimit getrlimit "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrusage_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrusage getrusage "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0)
 	sid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -939,26 +1422,52 @@ func Getsid(pid int) (sid int, err error) {
 	return
 }
 
+var libc_getsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsid getsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_gettimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_getuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getuid getuid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Issetugid() (tainted bool) {
-	r0, _, _ := RawSyscall(SYS_ISSETUGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_issetugid_trampoline_addr, 0, 0, 0)
 	tainted = bool(r0 != 0)
 	return
 }
 
+var libc_issetugid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_issetugid issetugid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kqueue() (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -966,6 +1475,10 @@ func Kqueue() (fd int, err error) {
 	return
 }
 
+var libc_kqueue_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kqueue kqueue "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lchown(path string, uid int, gid int) (err error) {
@@ -974,13 +1487,17 @@ func Lchown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lchown lchown "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Link(path string, link string) (err error) {
@@ -994,13 +1511,17 @@ func Link(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_link_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_link link "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
@@ -1014,37 +1535,30 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_linkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_linkat linkat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Listen(s int, backlog int) (err error) {
-	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	_, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_listen_trampoline_addr uintptr
 
-func Lstat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_listen listen "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
@@ -1054,13 +1568,17 @@ func Mkdir(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdir mkdir "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdirat(dirfd int, path string, mode uint32) (err error) {
@@ -1069,13 +1587,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdirat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdirat mkdirat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifo(path string, mode uint32) (err error) {
@@ -1084,13 +1606,17 @@ func Mkfifo(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifo_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifo mkfifo "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknod(path string, mode uint32, dev int) (err error) {
@@ -1099,13 +1625,17 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	_, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknod mknod "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Open(path string, mode int, perm uint32) (fd int, err error) {
@@ -1114,7 +1644,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1122,6 +1652,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_open_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_open open "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
@@ -1130,7 +1664,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1138,6 +1672,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_openat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_openat openat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pathconf(path string, name int) (val int, err error) {
@@ -1146,7 +1684,7 @@ func Pathconf(path string, name int) (val int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1154,6 +1692,10 @@ func Pathconf(path string, name int) (val int, err error) {
 	return
 }
 
+var libc_pathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pathconf pathconf "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pread(fd int, p []byte, offset int64) (n int, err error) {
@@ -1163,7 +1705,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1171,6 +1713,10 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pread_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pread pread "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
@@ -1180,7 +1726,7 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1188,6 +1734,10 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pwrite_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwrite pwrite "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func read(fd int, p []byte) (n int, err error) {
@@ -1197,7 +1747,7 @@ func read(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1205,6 +1755,10 @@ func read(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_read_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_read read "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlink(path string, buf []byte) (n int, err error) {
@@ -1219,7 +1773,7 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1227,6 +1781,10 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlink readlink "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
@@ -1241,7 +1799,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1249,6 +1807,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlinkat readlinkat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rename(from string, to string) (err error) {
@@ -1262,13 +1824,17 @@ func Rename(from string, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rename_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rename rename "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Renameat(fromfd int, from string, tofd int, to string) (err error) {
@@ -1282,13 +1848,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_renameat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameat renameat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Revoke(path string) (err error) {
@@ -1297,13 +1867,17 @@ func Revoke(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_revoke_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_revoke revoke "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rmdir(path string) (err error) {
@@ -1312,17 +1886,21 @@ func Rmdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rmdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rmdir rmdir "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
-	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence))
 	newoffset = int64(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1330,46 +1908,67 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	return
 }
 
+var libc_lseek_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lseek lseek "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_select_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_select select "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setegid(egid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setegid setegid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seteuid(euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_seteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_seteuid seteuid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setgid(gid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgid setgid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setlogin(name string) (err error) {
@@ -1378,77 +1977,105 @@ func Setlogin(name string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setlogin_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setlogin setlogin "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpgid setpgid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	_, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpriority setpriority "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setprivexec(flag int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIVEXEC, uintptr(flag), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setprivexec_trampoline_addr, uintptr(flag), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setprivexec_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setprivexec setprivexec "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setregid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setregid setregid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setreuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setreuid setreuid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1456,55 +2083,37 @@ func Setsid() (pid int, err error) {
 	return
 }
 
+var libc_setsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsid setsid "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Settimeofday(tp *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_settimeofday_trampoline_addr uintptr
 
-func Setuid(uid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_settimeofday settimeofday "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Stat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+func Setuid(uid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+var libc_setuid_trampoline_addr uintptr
 
-func Statfs(path string, stat *Statfs_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
+//go:cgo_import_dynamic libc_setuid setuid "/usr/lib/libSystem.B.dylib"
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
@@ -1519,13 +2128,17 @@ func Symlink(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlink symlink "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
@@ -1539,23 +2152,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	_, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlinkat symlinkat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Sync() (err error) {
-	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sync sync "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Truncate(path string, length int64) (err error) {
@@ -1564,21 +2185,29 @@ func Truncate(path string, length int64) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_truncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_truncate truncate "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Umask(newmask int) (oldmask int) {
-	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0)
 	oldmask = int(r0)
 	return
 }
 
+var libc_umask_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_umask umask "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Undelete(path string) (err error) {
@@ -1587,13 +2216,17 @@ func Undelete(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_undelete_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_undelete_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_undelete undelete "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlink(path string) (err error) {
@@ -1602,13 +2235,17 @@ func Unlink(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlink unlink "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlinkat(dirfd int, path string, flags int) (err error) {
@@ -1617,13 +2254,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlinkat unlinkat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unmount(path string, flags int) (err error) {
@@ -1632,13 +2273,17 @@ func Unmount(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unmount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unmount unmount "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func write(fd int, p []byte) (n int, err error) {
@@ -1648,7 +2293,7 @@ func write(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1656,10 +2301,14 @@ func write(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_write_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_write write "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
 	ret = uintptr(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1667,20 +2316,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 	return
 }
 
+var libc_mmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mmap mmap "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munmap munmap "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1691,7 +2348,65 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstat fstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fstatat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatat fstatat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fstatfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatfs fstatfs "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(buf), uintptr(size), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1699,14 +2414,77 @@ func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
 	return
 }
 
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_lstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lstat lstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_ptrace_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_stat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_stat stat "/usr/lib/libSystem.B.dylib"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func gettimeofday(tp *Timeval) (sec int64, usec int32, err error) {
-	r0, r1, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
-	sec = int64(r0)
-	usec = int32(r1)
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
+
+var libc_statfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_statfs statfs "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
new file mode 100644
index 0000000000000..4ebcf21758540
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -0,0 +1,883 @@
+// go run mkasm_darwin.go arm64
+// Code generated by the command above; DO NOT EDIT.
+
+//go:build go1.12
+// +build go1.12
+
+#include "textflag.h"
+
+TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+
+GLOBL	·libc_getgroups_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB)
+
+TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+
+GLOBL	·libc_setgroups_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB)
+
+TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+
+GLOBL	·libc_wait4_trampoline_addr(SB), RODATA, $8
+DATA	·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB)
+
+TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+
+GLOBL	·libc_accept_trampoline_addr(SB), RODATA, $8
+DATA	·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB)
+
+TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+
+GLOBL	·libc_bind_trampoline_addr(SB), RODATA, $8
+DATA	·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB)
+
+TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+
+GLOBL	·libc_connect_trampoline_addr(SB), RODATA, $8
+DATA	·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB)
+
+TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+
+GLOBL	·libc_socket_trampoline_addr(SB), RODATA, $8
+DATA	·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB)
+
+TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+
+GLOBL	·libc_getsockopt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB)
+
+TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+
+GLOBL	·libc_setsockopt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB)
+
+TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+
+GLOBL	·libc_getpeername_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB)
+
+TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+
+GLOBL	·libc_getsockname_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB)
+
+TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+
+GLOBL	·libc_shutdown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB)
+
+TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+
+GLOBL	·libc_socketpair_trampoline_addr(SB), RODATA, $8
+DATA	·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB)
+
+TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+
+GLOBL	·libc_recvfrom_trampoline_addr(SB), RODATA, $8
+DATA	·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB)
+
+TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+
+GLOBL	·libc_sendto_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB)
+
+TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+
+GLOBL	·libc_recvmsg_trampoline_addr(SB), RODATA, $8
+DATA	·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB)
+
+TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+
+GLOBL	·libc_sendmsg_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB)
+
+TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+
+GLOBL	·libc_kevent_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB)
+
+TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+
+GLOBL	·libc_utimes_trampoline_addr(SB), RODATA, $8
+DATA	·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB)
+
+TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+
+GLOBL	·libc_futimes_trampoline_addr(SB), RODATA, $8
+DATA	·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB)
+
+TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+
+GLOBL	·libc_poll_trampoline_addr(SB), RODATA, $8
+DATA	·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB)
+
+TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+
+GLOBL	·libc_madvise_trampoline_addr(SB), RODATA, $8
+DATA	·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB)
+
+TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+
+GLOBL	·libc_mlock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB)
+
+TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+
+GLOBL	·libc_mlockall_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB)
+
+TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+
+GLOBL	·libc_mprotect_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB)
+
+TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+
+GLOBL	·libc_msync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB)
+
+TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+
+GLOBL	·libc_munlock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB)
+
+TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+
+GLOBL	·libc_munlockall_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB)
+
+TEXT libc_pipe_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pipe(SB)
+
+GLOBL	·libc_pipe_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pipe_trampoline_addr(SB)/8, $libc_pipe_trampoline<>(SB)
+
+TEXT libc_getxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getxattr(SB)
+
+GLOBL	·libc_getxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getxattr_trampoline_addr(SB)/8, $libc_getxattr_trampoline<>(SB)
+
+TEXT libc_fgetxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fgetxattr(SB)
+
+GLOBL	·libc_fgetxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fgetxattr_trampoline_addr(SB)/8, $libc_fgetxattr_trampoline<>(SB)
+
+TEXT libc_setxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setxattr(SB)
+
+GLOBL	·libc_setxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setxattr_trampoline_addr(SB)/8, $libc_setxattr_trampoline<>(SB)
+
+TEXT libc_fsetxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fsetxattr(SB)
+
+GLOBL	·libc_fsetxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fsetxattr_trampoline_addr(SB)/8, $libc_fsetxattr_trampoline<>(SB)
+
+TEXT libc_removexattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_removexattr(SB)
+
+GLOBL	·libc_removexattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_removexattr_trampoline_addr(SB)/8, $libc_removexattr_trampoline<>(SB)
+
+TEXT libc_fremovexattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fremovexattr(SB)
+
+GLOBL	·libc_fremovexattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fremovexattr_trampoline_addr(SB)/8, $libc_fremovexattr_trampoline<>(SB)
+
+TEXT libc_listxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_listxattr(SB)
+
+GLOBL	·libc_listxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_listxattr_trampoline_addr(SB)/8, $libc_listxattr_trampoline<>(SB)
+
+TEXT libc_flistxattr_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_flistxattr(SB)
+
+GLOBL	·libc_flistxattr_trampoline_addr(SB), RODATA, $8
+DATA	·libc_flistxattr_trampoline_addr(SB)/8, $libc_flistxattr_trampoline<>(SB)
+
+TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setattrlist(SB)
+
+GLOBL	·libc_setattrlist_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB)
+
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
+TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+
+GLOBL	·libc_kill_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB)
+
+TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+
+GLOBL	·libc_ioctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB)
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
+TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendfile(SB)
+
+GLOBL	·libc_sendfile_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendfile_trampoline_addr(SB)/8, $libc_sendfile_trampoline<>(SB)
+
+TEXT libc_shmat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shmat(SB)
+
+GLOBL	·libc_shmat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shmat_trampoline_addr(SB)/8, $libc_shmat_trampoline<>(SB)
+
+TEXT libc_shmctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shmctl(SB)
+
+GLOBL	·libc_shmctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shmctl_trampoline_addr(SB)/8, $libc_shmctl_trampoline<>(SB)
+
+TEXT libc_shmdt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shmdt(SB)
+
+GLOBL	·libc_shmdt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shmdt_trampoline_addr(SB)/8, $libc_shmdt_trampoline<>(SB)
+
+TEXT libc_shmget_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shmget(SB)
+
+GLOBL	·libc_shmget_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shmget_trampoline_addr(SB)/8, $libc_shmget_trampoline<>(SB)
+
+TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+
+GLOBL	·libc_access_trampoline_addr(SB), RODATA, $8
+DATA	·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB)
+
+TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+
+GLOBL	·libc_adjtime_trampoline_addr(SB), RODATA, $8
+DATA	·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB)
+
+TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+
+GLOBL	·libc_chdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB)
+
+TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+
+GLOBL	·libc_chflags_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB)
+
+TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+
+GLOBL	·libc_chmod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB)
+
+TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+
+GLOBL	·libc_chown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB)
+
+TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+
+GLOBL	·libc_chroot_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB)
+
+TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_clock_gettime(SB)
+
+GLOBL	·libc_clock_gettime_trampoline_addr(SB), RODATA, $8
+DATA	·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB)
+
+TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+
+GLOBL	·libc_close_trampoline_addr(SB), RODATA, $8
+DATA	·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB)
+
+TEXT libc_clonefile_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_clonefile(SB)
+
+GLOBL	·libc_clonefile_trampoline_addr(SB), RODATA, $8
+DATA	·libc_clonefile_trampoline_addr(SB)/8, $libc_clonefile_trampoline<>(SB)
+
+TEXT libc_clonefileat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_clonefileat(SB)
+
+GLOBL	·libc_clonefileat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_clonefileat_trampoline_addr(SB)/8, $libc_clonefileat_trampoline<>(SB)
+
+TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+
+GLOBL	·libc_dup_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB)
+
+TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+
+GLOBL	·libc_dup2_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB)
+
+TEXT libc_exchangedata_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_exchangedata(SB)
+
+GLOBL	·libc_exchangedata_trampoline_addr(SB), RODATA, $8
+DATA	·libc_exchangedata_trampoline_addr(SB)/8, $libc_exchangedata_trampoline<>(SB)
+
+TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+
+GLOBL	·libc_exit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB)
+
+TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+
+GLOBL	·libc_faccessat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB)
+
+TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+
+GLOBL	·libc_fchdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB)
+
+TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+
+GLOBL	·libc_fchflags_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB)
+
+TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+
+GLOBL	·libc_fchmod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB)
+
+TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+
+GLOBL	·libc_fchmodat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB)
+
+TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+
+GLOBL	·libc_fchown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB)
+
+TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+
+GLOBL	·libc_fchownat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB)
+
+TEXT libc_fclonefileat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fclonefileat(SB)
+
+GLOBL	·libc_fclonefileat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fclonefileat_trampoline_addr(SB)/8, $libc_fclonefileat_trampoline<>(SB)
+
+TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+
+GLOBL	·libc_flock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB)
+
+TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+
+GLOBL	·libc_fpathconf_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB)
+
+TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+
+GLOBL	·libc_fsync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB)
+
+TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+
+GLOBL	·libc_ftruncate_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB)
+
+TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+
+GLOBL	·libc_getcwd_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB)
+
+TEXT libc_getdtablesize_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getdtablesize(SB)
+
+GLOBL	·libc_getdtablesize_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getdtablesize_trampoline_addr(SB)/8, $libc_getdtablesize_trampoline<>(SB)
+
+TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+
+GLOBL	·libc_getegid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB)
+
+TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+
+GLOBL	·libc_geteuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB)
+
+TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+
+GLOBL	·libc_getgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB)
+
+TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+
+GLOBL	·libc_getpgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB)
+
+TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+
+GLOBL	·libc_getpgrp_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB)
+
+TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+
+GLOBL	·libc_getpid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB)
+
+TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+
+GLOBL	·libc_getppid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB)
+
+TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+
+GLOBL	·libc_getpriority_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB)
+
+TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+
+GLOBL	·libc_getrlimit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB)
+
+TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+
+GLOBL	·libc_getrusage_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB)
+
+TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+
+GLOBL	·libc_getsid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB)
+
+TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+
+GLOBL	·libc_gettimeofday_trampoline_addr(SB), RODATA, $8
+DATA	·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB)
+
+TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+
+GLOBL	·libc_getuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB)
+
+TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+
+GLOBL	·libc_issetugid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB)
+
+TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+
+GLOBL	·libc_kqueue_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB)
+
+TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+
+GLOBL	·libc_lchown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB)
+
+TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+
+GLOBL	·libc_link_trampoline_addr(SB), RODATA, $8
+DATA	·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB)
+
+TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+
+GLOBL	·libc_linkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB)
+
+TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+
+GLOBL	·libc_listen_trampoline_addr(SB), RODATA, $8
+DATA	·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB)
+
+TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+
+GLOBL	·libc_mkdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB)
+
+TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+
+GLOBL	·libc_mkdirat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB)
+
+TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+
+GLOBL	·libc_mkfifo_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB)
+
+TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+
+GLOBL	·libc_mknod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB)
+
+TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+
+GLOBL	·libc_open_trampoline_addr(SB), RODATA, $8
+DATA	·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB)
+
+TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+
+GLOBL	·libc_openat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB)
+
+TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+
+GLOBL	·libc_pathconf_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB)
+
+TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+
+GLOBL	·libc_pread_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB)
+
+TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+
+GLOBL	·libc_pwrite_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB)
+
+TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+
+GLOBL	·libc_read_trampoline_addr(SB), RODATA, $8
+DATA	·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB)
+
+TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+
+GLOBL	·libc_readlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB)
+
+TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+
+GLOBL	·libc_readlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB)
+
+TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+
+GLOBL	·libc_rename_trampoline_addr(SB), RODATA, $8
+DATA	·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB)
+
+TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+
+GLOBL	·libc_renameat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB)
+
+TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+
+GLOBL	·libc_revoke_trampoline_addr(SB), RODATA, $8
+DATA	·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB)
+
+TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+
+GLOBL	·libc_rmdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB)
+
+TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+
+GLOBL	·libc_lseek_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB)
+
+TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+
+GLOBL	·libc_select_trampoline_addr(SB), RODATA, $8
+DATA	·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB)
+
+TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+
+GLOBL	·libc_setegid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB)
+
+TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+
+GLOBL	·libc_seteuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB)
+
+TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+
+GLOBL	·libc_setgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB)
+
+TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+
+GLOBL	·libc_setlogin_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB)
+
+TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+
+GLOBL	·libc_setpgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB)
+
+TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+
+GLOBL	·libc_setpriority_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB)
+
+TEXT libc_setprivexec_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setprivexec(SB)
+
+GLOBL	·libc_setprivexec_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setprivexec_trampoline_addr(SB)/8, $libc_setprivexec_trampoline<>(SB)
+
+TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+
+GLOBL	·libc_setregid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB)
+
+TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+
+GLOBL	·libc_setreuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB)
+
+TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+
+GLOBL	·libc_setrlimit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
+
+TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+
+GLOBL	·libc_setsid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB)
+
+TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+
+GLOBL	·libc_settimeofday_trampoline_addr(SB), RODATA, $8
+DATA	·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB)
+
+TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+
+GLOBL	·libc_setuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB)
+
+TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+
+GLOBL	·libc_symlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB)
+
+TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+
+GLOBL	·libc_symlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB)
+
+TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+
+GLOBL	·libc_sync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB)
+
+TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+
+GLOBL	·libc_truncate_trampoline_addr(SB), RODATA, $8
+DATA	·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB)
+
+TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+
+GLOBL	·libc_umask_trampoline_addr(SB), RODATA, $8
+DATA	·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB)
+
+TEXT libc_undelete_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_undelete(SB)
+
+GLOBL	·libc_undelete_trampoline_addr(SB), RODATA, $8
+DATA	·libc_undelete_trampoline_addr(SB)/8, $libc_undelete_trampoline<>(SB)
+
+TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+
+GLOBL	·libc_unlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB)
+
+TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+
+GLOBL	·libc_unlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB)
+
+TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+
+GLOBL	·libc_unmount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB)
+
+TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+
+GLOBL	·libc_write_trampoline_addr(SB), RODATA, $8
+DATA	·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB)
+
+TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+
+GLOBL	·libc_mmap_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB)
+
+TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+
+GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
+TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstat(SB)
+
+GLOBL	·libc_fstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB)
+
+TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat(SB)
+
+GLOBL	·libc_fstatat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB)
+
+TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs(SB)
+
+GLOBL	·libc_fstatfs_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB)
+
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
+TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lstat(SB)
+
+GLOBL	·libc_lstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB)
+
+TEXT libc_ptrace_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ptrace(SB)
+
+GLOBL	·libc_ptrace_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ptrace_trampoline_addr(SB)/8, $libc_ptrace_trampoline<>(SB)
+
+TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_stat(SB)
+
+GLOBL	·libc_stat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB)
+
+TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_statfs(SB)
+
+GLOBL	·libc_statfs_trampoline_addr(SB), RODATA, $8
+DATA	·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 91f36e9ec30f2..1b6eedfa61159 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -dragonfly -tags dragonfly,amd64 syscall_bsd.go syscall_dragonfly.go syscall_dragonfly_amd64.go
+// go run mksyscall.go -dragonfly -tags dragonfly,amd64 syscall_bsd.go syscall_dragonfly.go syscall_dragonfly_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build dragonfly && amd64
 // +build dragonfly,amd64
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -389,6 +363,18 @@ func pipe() (r int, w int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func pipe2(p *[2]_C_int, flags int) (r int, w int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	r = int(r0)
+	w = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func extpread(fd int, p []byte, flags int, offset int64) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(p) > 0 {
@@ -450,6 +436,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -588,6 +590,21 @@ func Exit(code int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fchdir(fd int) (err error) {
 	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
 	if e1 != 0 {
@@ -643,6 +660,21 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Flock(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
@@ -719,6 +751,23 @@ func Ftruncate(fd int, length int64) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
@@ -927,6 +976,26 @@ func Link(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, backlog int) (err error) {
 	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
@@ -967,6 +1036,21 @@ func Mkdir(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -997,6 +1081,21 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -1023,6 +1122,22 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pathconf(path string, name int) (val int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1098,6 +1213,26 @@ func Rename(from string, to string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Revoke(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1139,8 +1274,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1345,6 +1481,26 @@ func Symlink(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() (err error) {
 	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
 	if e1 != 0 {
@@ -1408,6 +1564,21 @@ func Unlink(path string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unmount(path string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index a86434a7ba8f2..3e9bddb7b2245 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -tags freebsd,386 syscall_bsd.go syscall_freebsd.go syscall_freebsd_386.go
+// go run mksyscall.go -l32 -tags freebsd,386 syscall_bsd.go syscall_freebsd.go syscall_freebsd_386.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build freebsd && 386
 // +build freebsd,386
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -377,10 +351,8 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe() (r int, w int, err error) {
-	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
-	r = int(r0)
-	w = int(r1)
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -416,6 +388,32 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -914,7 +912,7 @@ func Fpathconf(fd int, name int) (val int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstat(fd int, stat *Stat_t) (err error) {
+func fstat(fd int, stat *stat_freebsd11_t) (err error) {
 	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -924,7 +922,17 @@ func Fstat(fd int, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+func fstat_freebsd12(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -939,7 +947,22 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
+func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) {
 	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -949,6 +972,16 @@ func Fstatfs(fd int, stat *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fsync(fd int) (err error) {
 	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
 	if e1 != 0 {
@@ -969,14 +1002,14 @@ func Ftruncate(fd int, length int64) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdents(fd int, buf []byte) (n int, err error) {
+func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -986,14 +1019,14 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1224,7 +1257,7 @@ func Listen(s int, backlog int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Lstat(path string, stat *Stat_t) (err error) {
+func lstat(path string, stat *stat_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1284,7 +1317,7 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Mknod(path string, mode uint32, dev int) (err error) {
+func mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1299,6 +1332,36 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), uintptr(dev>>32), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -1533,8 +1596,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1689,7 +1753,7 @@ func Setuid(uid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Stat(path string, stat *Stat_t) (err error) {
+func stat(path string, stat *stat_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1704,7 +1768,7 @@ func Stat(path string, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Statfs(path string, stat *Statfs_t) (err error) {
+func statfs(path string, stat *statfs_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1719,6 +1783,21 @@ func Statfs(path string, stat *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func statfs_freebsd12(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Symlink(path string, link string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 040e2f760cd41..c72a462b91e19 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags freebsd,amd64 syscall_bsd.go syscall_freebsd.go syscall_freebsd_amd64.go
+// go run mksyscall.go -tags freebsd,amd64 syscall_bsd.go syscall_freebsd.go syscall_freebsd_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build freebsd && amd64
 // +build freebsd,amd64
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -377,10 +351,8 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe() (r int, w int, err error) {
-	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
-	r = int(r0)
-	w = int(r1)
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -416,6 +388,32 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -914,7 +912,7 @@ func Fpathconf(fd int, name int) (val int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstat(fd int, stat *Stat_t) (err error) {
+func fstat(fd int, stat *stat_freebsd11_t) (err error) {
 	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -924,7 +922,17 @@ func Fstat(fd int, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+func fstat_freebsd12(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -939,7 +947,22 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
+func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) {
 	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -949,6 +972,16 @@ func Fstatfs(fd int, stat *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fsync(fd int) (err error) {
 	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
 	if e1 != 0 {
@@ -969,14 +1002,14 @@ func Ftruncate(fd int, length int64) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdents(fd int, buf []byte) (n int, err error) {
+func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -986,14 +1019,14 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1224,7 +1257,7 @@ func Listen(s int, backlog int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Lstat(path string, stat *Stat_t) (err error) {
+func lstat(path string, stat *stat_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1284,7 +1317,7 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Mknod(path string, mode uint32, dev int) (err error) {
+func mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1299,6 +1332,36 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -1533,8 +1596,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1689,7 +1753,7 @@ func Setuid(uid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Stat(path string, stat *Stat_t) (err error) {
+func stat(path string, stat *stat_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1704,7 +1768,7 @@ func Stat(path string, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Statfs(path string, stat *Statfs_t) (err error) {
+func statfs(path string, stat *statfs_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1719,6 +1783,21 @@ func Statfs(path string, stat *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func statfs_freebsd12(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Symlink(path string, link string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index cddc5e86b1976..530d5df90c0cf 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -arm -tags freebsd,arm syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm.go
+// go run mksyscall.go -l32 -arm -tags freebsd,arm syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build freebsd && arm
 // +build freebsd,arm
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -377,10 +351,24 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe() (r int, w int, err error) {
-	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
-	r = int(r0)
-	w = int(r1)
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -416,6 +404,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -914,7 +912,7 @@ func Fpathconf(fd int, name int) (val int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstat(fd int, stat *Stat_t) (err error) {
+func fstat(fd int, stat *stat_freebsd11_t) (err error) {
 	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -924,7 +922,17 @@ func Fstat(fd int, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+func fstat_freebsd12(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -939,7 +947,22 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
+func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) {
 	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -949,6 +972,16 @@ func Fstatfs(fd int, stat *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fsync(fd int) (err error) {
 	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
 	if e1 != 0 {
@@ -969,14 +1002,14 @@ func Ftruncate(fd int, length int64) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdents(fd int, buf []byte) (n int, err error) {
+func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -986,14 +1019,14 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1224,7 +1257,7 @@ func Listen(s int, backlog int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Lstat(path string, stat *Stat_t) (err error) {
+func lstat(path string, stat *stat_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1284,7 +1317,7 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Mknod(path string, mode uint32, dev int) (err error) {
+func mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1299,6 +1332,36 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -1533,8 +1596,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1689,7 +1753,7 @@ func Setuid(uid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Stat(path string, stat *Stat_t) (err error) {
+func stat(path string, stat *stat_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1704,7 +1768,7 @@ func Stat(path string, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Statfs(path string, stat *Statfs_t) (err error) {
+func statfs(path string, stat *statfs_freebsd11_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
@@ -1719,6 +1783,21 @@ func Statfs(path string, stat *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func statfs_freebsd12(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Symlink(path string, link string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
new file mode 100644
index 0000000000000..71e7df9e8558d
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -0,0 +1,2016 @@
+// go run mksyscall.go -tags freebsd,arm64 syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build freebsd && arm64
+// +build freebsd,arm64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func CapEnter() (err error) {
+	_, _, e1 := Syscall(SYS_CAP_ENTER, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsGet(version int, fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS___CAP_RIGHTS_GET, uintptr(version), uintptr(fd), uintptr(unsafe.Pointer(rightsp)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsLimit(fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS_CAP_RIGHTS_LIMIT, uintptr(fd), uintptr(unsafe.Pointer(rightsp)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_POSIX_FADVISE, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *stat_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat_freebsd12(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(fdat int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(fdat), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs(path string, stat *statfs_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs_freebsd12(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
new file mode 100644
index 0000000000000..af5cb064ec4fa
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
@@ -0,0 +1,128 @@
+// go run mksyscall_solaris.go -illumos -tags illumos,amd64 syscall_illumos.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build illumos && amd64
+// +build illumos,amd64
+
+package unix
+
+import (
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_readv readv "libc.so"
+//go:cgo_import_dynamic libc_preadv preadv "libc.so"
+//go:cgo_import_dynamic libc_writev writev "libc.so"
+//go:cgo_import_dynamic libc_pwritev pwritev "libc.so"
+//go:cgo_import_dynamic libc_accept4 accept4 "libsocket.so"
+//go:cgo_import_dynamic libc_putmsg putmsg "libc.so"
+//go:cgo_import_dynamic libc_getmsg getmsg "libc.so"
+
+//go:linkname procreadv libc_readv
+//go:linkname procpreadv libc_preadv
+//go:linkname procwritev libc_writev
+//go:linkname procpwritev libc_pwritev
+//go:linkname procaccept4 libc_accept4
+//go:linkname procputmsg libc_putmsg
+//go:linkname procgetmsg libc_getmsg
+
+var (
+	procreadv,
+	procpreadv,
+	procwritev,
+	procpwritev,
+	procaccept4,
+	procputmsg,
+	procgetmsg syscallFunc
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readv(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procreadv)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovs []Iovec, off int64) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpreadv)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwritev)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovs []Iovec, off int64) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpwritev)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procaccept4)), 4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procputmsg)), 4, uintptr(fd), uintptr(unsafe.Pointer(clptr)), uintptr(unsafe.Pointer(dataptr)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetmsg)), 4, uintptr(fd), uintptr(unsafe.Pointer(clptr)), uintptr(unsafe.Pointer(dataptr)), uintptr(unsafe.Pointer(flags)), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
new file mode 100644
index 0000000000000..4f5da1f54f809
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -0,0 +1,2019 @@
+// Code generated by mkmerge.go; DO NOT EDIT.
+
+//go:build linux
+// +build linux
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FanotifyInit(flags uint, event_f_flags uint) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_FANOTIFY_INIT, uintptr(flags), uintptr(event_f_flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fchmodat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(open_how)), uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(arg2)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(arg3)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(arg4)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(payload) > 0 {
+		_p0 = unsafe.Pointer(&payload[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlRestrictKeyringByType(cmd int, arg2 int, keyType string, restriction string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(keyType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(restriction)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlRestrictKeyring(cmd int, arg2 int) (err error) {
+	_, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(arg)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(source)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	var _p2 *byte
+	_p2, err = BytePtrFromString(fstype)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Acct(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(keyType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(description)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(payload) > 0 {
+		_p2 = unsafe.Pointer(&payload[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
+	id = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtimex(buf *Timex) (state int, err error) {
+	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
+	state = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Capget(hdr *CapUserHeader, data *CapUserData) (err error) {
+	_, _, e1 := RawSyscall(SYS_CAPGET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Capset(hdr *CapUserHeader, data *CapUserData) (err error) {
+	_, _, e1 := RawSyscall(SYS_CAPSET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGetres(clockid int32, res *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_CLOCK_GETRES, uintptr(clockid), uintptr(unsafe.Pointer(res)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) {
+	_, _, e1 := Syscall6(SYS_CLOCK_NANOSLEEP, uintptr(clockid), uintptr(flags), uintptr(unsafe.Pointer(request)), uintptr(unsafe.Pointer(remain)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func CloseRange(first uint, last uint, flags uint) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE_RANGE, uintptr(first), uintptr(last), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func DeleteModule(name string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_DELETE_MODULE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(oldfd int) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(oldfd int, newfd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate1(flag int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Eventfd(initval uint, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fdatasync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_FGETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FinitModule(fd int, params string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(params)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FINIT_MODULE, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flistxattr(fd int, dest []byte) (sz int, err error) {
+	var _p0 unsafe.Pointer
+	if len(dest) > 0 {
+		_p0 = unsafe.Pointer(&dest[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_FLISTXATTR, uintptr(fd), uintptr(_p0), uintptr(len(dest)))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fremovexattr(fd int, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FREMOVEXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsetxattr(fd int, attr string, dest []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_FSETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrandom(buf []byte, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettid() (tid int) {
+	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
+	tid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(dest) > 0 {
+		_p2 = unsafe.Pointer(&dest[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InitModule(moduleImage []byte, params string) (err error) {
+	var _p0 unsafe.Pointer
+	if len(moduleImage) > 0 {
+		_p0 = unsafe.Pointer(&moduleImage[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(params)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_INIT_MODULE, uintptr(_p0), uintptr(len(moduleImage)), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(pathname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
+	watchdesc = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit1(flags int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
+	success = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig syscall.Signal) (err error) {
+	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Klogctl(typ int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(dest) > 0 {
+		_p2 = unsafe.Pointer(&dest[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listxattr(path string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Llistxattr(path string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lremovexattr(path string, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(data) > 0 {
+		_p2 = unsafe.Pointer(&data[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func MemfdCreate(name string, flags int) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func PivotRoot(newroot string, putold string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(newroot)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(putold)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Removexattr(path string, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT2, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(keyType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(description)
+	if err != nil {
+		return
+	}
+	var _p2 *byte
+	_p2, err = BytePtrFromString(callback)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
+	id = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setdomainname(p []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sethostname(p []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setns(fd int, nstype int) (err error) {
+	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(data) > 0 {
+		_p2 = unsafe.Pointer(&data[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func signalfd(fd int, sigmask *Sigset_t, maskSize uintptr, flags int) (newfd int, err error) {
+	r0, _, e1 := Syscall6(SYS_SIGNALFD4, uintptr(fd), uintptr(unsafe.Pointer(sigmask)), uintptr(maskSize), uintptr(flags), 0, 0)
+	newfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() {
+	SyscallNoError(SYS_SYNC, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Syncfs(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sysinfo(info *Sysinfo_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func TimerfdCreate(clockid int, flags int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIMERFD_CREATE, uintptr(clockid), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func TimerfdGettime(fd int, currValue *ItimerSpec) (err error) {
+	_, _, e1 := RawSyscall(SYS_TIMERFD_GETTIME, uintptr(fd), uintptr(unsafe.Pointer(currValue)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func TimerfdSettime(fd int, flags int, newValue *ItimerSpec, oldValue *ItimerSpec) (err error) {
+	_, _, e1 := RawSyscall6(SYS_TIMERFD_SETTIME, uintptr(fd), uintptr(flags), uintptr(unsafe.Pointer(newValue)), uintptr(unsafe.Pointer(oldValue)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
+	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
+	ticks = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(mask int) (oldmask int) {
+	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(target string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unshare(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func exitThread(code int) (err error) {
+	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, p *byte, np int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, p *byte, np int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readv(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READV, uintptr(fd), uintptr(_p0), uintptr(len(iovs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITEV, uintptr(fd), uintptr(_p0), uintptr(len(iovs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREADV, uintptr(fd), uintptr(_p0), uintptr(len(iovs)), uintptr(offs_l), uintptr(offs_h), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITEV, uintptr(fd), uintptr(_p0), uintptr(len(iovs)), uintptr(offs_l), uintptr(offs_h), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREADV2, uintptr(fd), uintptr(_p0), uintptr(len(iovs)), uintptr(offs_l), uintptr(offs_h), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITEV2, uintptr(fd), uintptr(_p0), uintptr(len(iovs)), uintptr(offs_l), uintptr(offs_h), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, advice int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func faccessat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat2(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func nameToHandleAt(dirFD int, pathname string, fh *fileHandle, mountID *_C_int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(pathname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NAME_TO_HANDLE_AT, uintptr(dirFD), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(fh)), uintptr(unsafe.Pointer(mountID)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func openByHandleAt(mountFD int, fh *fileHandle, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_OPEN_BY_HANDLE_AT, uintptr(mountFD), uintptr(unsafe.Pointer(fh)), uintptr(flags))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ProcessVMReadv(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(localIov) > 0 {
+		_p0 = unsafe.Pointer(&localIov[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	var _p1 unsafe.Pointer
+	if len(remoteIov) > 0 {
+		_p1 = unsafe.Pointer(&remoteIov[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PROCESS_VM_READV, uintptr(pid), uintptr(_p0), uintptr(len(localIov)), uintptr(_p1), uintptr(len(remoteIov)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ProcessVMWritev(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(localIov) > 0 {
+		_p0 = unsafe.Pointer(&localIov[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	var _p1 unsafe.Pointer
+	if len(remoteIov) > 0 {
+		_p1 = unsafe.Pointer(&remoteIov[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PROCESS_VM_WRITEV, uintptr(pid), uintptr(_p0), uintptr(len(localIov)), uintptr(_p1), uintptr(len(remoteIov)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func PidfdOpen(pid int, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_PIDFD_OPEN, uintptr(pid), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func PidfdGetfd(pidfd int, targetfd int, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_PIDFD_GETFD, uintptr(pidfd), uintptr(targetfd), uintptr(flags))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmat(id int, addr uintptr, flag int) (ret uintptr, err error) {
+	r0, _, e1 := Syscall(SYS_SHMAT, uintptr(id), uintptr(addr), uintptr(flag))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) {
+	r0, _, e1 := Syscall(SYS_SHMCTL, uintptr(id), uintptr(cmd), uintptr(unsafe.Pointer(buf)))
+	result = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmdt(addr uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_SHMDT, uintptr(addr), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmget(key int, size int, flag int) (id int, err error) {
+	r0, _, e1 := Syscall(SYS_SHMGET, uintptr(key), uintptr(size), uintptr(flag))
+	id = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index 237e960959e97..ff90c81e7300e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -tags linux,386 syscall_linux.go syscall_linux_386.go
+// go run mksyscall.go -l32 -tags linux,386 syscall_linux.go syscall_linux_386.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && 386
 // +build linux,386
 
 package unix
@@ -14,1224 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(mask>>32), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1240,277 +25,8 @@ func Sysinfo(info *Sysinfo_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
-	r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
-	n = int64(int64(r1)<<32 | int64(r0))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1519,9 +35,9 @@ func Dup2(oldfd int, newfd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(int64(r1)<<32 | int64(r0))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1634,17 +150,6 @@ func Getuid() (uid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Ioperm(from int, num int, on int) (err error) {
 	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
 	if e1 != 0 {
@@ -1729,6 +234,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
 	written = int(r0)
@@ -1740,8 +265,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID32, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID32, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1750,8 +276,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID32, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID32, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1997,14 +524,3 @@ func utimes(path string, times *[2]Timeval) (err error) {
 	}
 	return
 }
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index 9b40f580b083f..fa7d3dbe4e94d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags linux,amd64 syscall_linux.go syscall_linux_amd64.go
+// go run mksyscall.go -tags linux,amd64 syscall_linux.go syscall_linux_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && amd64
 // +build linux,amd64
 
 package unix
@@ -14,1458 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
-	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
-	n = int64(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1474,23 +25,8 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1499,9 +35,9 @@ func Dup2(oldfd int, newfd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1634,17 +170,6 @@ func Getuid() (uid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Ioperm(from int, num int, on int) (err error) {
 	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
 	if e1 != 0 {
@@ -1690,21 +215,6 @@ func Listen(s int, n int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Lstat(path string, stat *Stat_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Pause() (err error) {
 	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
 	if e1 != 0 {
@@ -1749,6 +259,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
 	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
 	off = int64(r0)
@@ -1771,8 +301,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1781,8 +312,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2147,29 +679,13 @@ func utimes(path string, times *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
 	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index d93cc2f3b172d..654f91530f695 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -arm -tags linux,arm syscall_linux.go syscall_linux_arm.go
+// go run mksyscall.go -l32 -arm -tags linux,arm syscall_linux.go syscall_linux_arm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && arm
 // +build linux,arm
 
 package unix
@@ -14,1214 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(mask>>32), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1230,8 +25,8 @@ func Syncfs(fd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1251,254 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	fd = int(r0)
@@ -1678,27 +225,6 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(events) > 0 {
@@ -1783,17 +309,6 @@ func Getuid() (uid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Lchown(path string, uid int, gid int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1844,6 +359,26 @@ func Pause() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
 	written = int(r0)
@@ -1866,8 +401,9 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID32, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID32, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1876,8 +412,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID32, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID32, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2102,9 +639,23 @@ func setrlimit(resource int, rlim *rlimit32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
+func armSyncFileRange(fd int, flags int, off int64, n int64) (err error) {
+	_, _, e1 := Syscall6(SYS_ARM_SYNC_FILE_RANGE, uintptr(fd), uintptr(flags), uintptr(off), uintptr(off>>32), uintptr(n), uintptr(n>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index 5f7d0213b275a..e893f987f91de 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags linux,arm64 syscall_linux.go syscall_linux_arm64.go
+// go run mksyscall.go -tags linux,arm64 syscall_linux.go syscall_linux_arm64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && arm64
 // +build linux,arm64
 
 package unix
@@ -14,1214 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1230,8 +25,8 @@ func Syncfs(fd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1251,244 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(events) > 0 {
@@ -1595,7 +152,7 @@ func Getgid() (gid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getrlimit(resource int, rlim *Rlimit) (err error) {
+func getrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1657,6 +214,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
 	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
 	off = int64(r0)
@@ -1679,8 +256,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1689,8 +267,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1729,7 +308,7 @@ func Setresuid(ruid int, euid int, suid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
+func setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -2010,8 +589,13 @@ func Gettimeofday(tv *Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index e761705282551..6d1552885314b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -b32 -arm -tags linux,mips syscall_linux.go syscall_linux_mipsx.go
+// go run mksyscall.go -b32 -arm -tags linux,mips syscall_linux.go syscall_linux_mipsx.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && mips
 // +build linux,mips
 
 package unix
@@ -14,1214 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off>>32), uintptr(off), uintptr(len>>32), uintptr(len))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask>>32), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1230,8 +25,8 @@ func Syncfs(fd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off>>32), uintptr(off), uintptr(len>>32), uintptr(len))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1251,265 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(events) > 0 {
@@ -1648,6 +184,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
 	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
 	n = int(r0)
@@ -1670,8 +226,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1680,8 +237,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1965,17 +523,6 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Ioperm(from int, num int, on int) (err error) {
 	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
 	if e1 != 0 {
@@ -2127,16 +674,6 @@ func Pause() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
 	r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
 	xaddr = uintptr(r0)
@@ -2165,14 +702,3 @@ func setrlimit(resource int, rlim *rlimit32) (err error) {
 	}
 	return
 }
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index 382e072f5e552..1e20d72df21ec 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags linux,mips64 syscall_linux.go syscall_linux_mips64x.go
+// go run mksyscall.go -tags linux,mips64 syscall_linux.go syscall_linux_mips64x.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && mips64
 // +build linux,mips64
 
 package unix
@@ -14,1473 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
-	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
-	n = int64(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1489,8 +25,8 @@ func faccessat(dirfd int, path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1499,9 +35,9 @@ func Dup2(oldfd int, newfd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1547,21 +83,6 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Fstatfs(fd int, buf *Statfs_t) (err error) {
 	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
 	if e1 != 0 {
@@ -1693,6 +214,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
 	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
 	off = int64(r0)
@@ -1715,8 +256,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1725,8 +267,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2101,8 +644,8 @@ func utimes(path string, times *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+func fstat(fd int, st *stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(st)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2111,8 +654,13 @@ func pipe2(p *[2]_C_int, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fstat(fd int, st *stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(st)), 0)
+func fstatat(dirfd int, path string, st *stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(st)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2148,14 +696,3 @@ func stat(path string, st *stat_t) (err error) {
 	}
 	return
 }
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index da33eb12b072b..82b5e2d9eda45 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags linux,mips64le syscall_linux.go syscall_linux_mips64x.go
+// go run mksyscall.go -tags linux,mips64le syscall_linux.go syscall_linux_mips64x.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && mips64le
 // +build linux,mips64le
 
 package unix
@@ -14,1473 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
-	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
-	n = int64(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1489,8 +25,8 @@ func faccessat(dirfd int, path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1499,9 +35,9 @@ func Dup2(oldfd int, newfd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1547,21 +83,6 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Fstatfs(fd int, buf *Statfs_t) (err error) {
 	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
 	if e1 != 0 {
@@ -1693,6 +214,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
 	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
 	off = int64(r0)
@@ -1715,8 +256,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1725,8 +267,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2101,8 +644,8 @@ func utimes(path string, times *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+func fstat(fd int, st *stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(st)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2111,8 +654,13 @@ func pipe2(p *[2]_C_int, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fstat(fd int, st *stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(st)), 0)
+func fstatat(dirfd int, path string, st *stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(st)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2148,14 +696,3 @@ func stat(path string, st *stat_t) (err error) {
 	}
 	return
 }
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index f6e45189ae530..a0440c1d43be3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -arm -tags linux,mipsle syscall_linux.go syscall_linux_mipsx.go
+// go run mksyscall.go -l32 -arm -tags linux,mipsle syscall_linux.go syscall_linux_mipsx.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && mipsle
 // +build linux,mipsle
 
 package unix
@@ -14,1214 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(mask>>32), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1230,8 +25,8 @@ func Syncfs(fd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1251,265 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(events) > 0 {
@@ -1648,6 +184,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
 	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
 	n = int(r0)
@@ -1670,8 +226,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1680,8 +237,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1965,17 +523,6 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Ioperm(from int, num int, on int) (err error) {
 	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
 	if e1 != 0 {
@@ -2127,16 +674,6 @@ func Pause() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
 	r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
 	xaddr = uintptr(r0)
@@ -2165,14 +702,3 @@ func setrlimit(resource int, rlim *rlimit32) (err error) {
 	}
 	return
 }
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
new file mode 100644
index 0000000000000..5864b9ca64903
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -0,0 +1,709 @@
+// go run mksyscall.go -b32 -tags linux,ppc syscall_linux.go syscall_linux_ppc.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build linux && ppc
+// +build linux,ppc
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask>>32), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off>>32), uintptr(off), uintptr(len>>32), uintptr(len))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(int64(r0)<<32 | int64(r1))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE64, uintptr(fd), uintptr(length>>32), uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset>>32), uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset>>32), uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE64, uintptr(unsafe.Pointer(_p0)), uintptr(length>>32), uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIME, uintptr(unsafe.Pointer(t)), 0, 0)
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_UGETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func syncFileRange2(fd int, flags int, off int64, n int64) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off>>32), uintptr(off), uintptr(n>>32), uintptr(n))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index 7cc1bfd129f2a..beeb49e34217a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags linux,ppc64 syscall_linux.go syscall_linux_ppc64x.go
+// go run mksyscall.go -tags linux,ppc64 syscall_linux.go syscall_linux_ppc64x.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && ppc64
 // +build linux,ppc64
 
 package unix
@@ -14,1214 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1230,8 +25,8 @@ func Syncfs(fd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1251,265 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(events) > 0 {
@@ -1634,17 +170,6 @@ func Getuid() (uid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Ioperm(from int, num int, on int) (err error) {
 	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
 	if e1 != 0 {
@@ -1749,6 +274,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
 	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
 	off = int64(r0)
@@ -1782,8 +327,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1792,8 +338,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1903,16 +450,6 @@ func Statfs(path string, buf *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
-	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Truncate(path string, length int64) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2194,8 +731,8 @@ func utimes(path string, times *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+func syncFileRange2(fd int, flags int, off int64, n int64) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off), uintptr(n), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2204,19 +741,13 @@ func pipe(p *[2]_C_int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
 	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index c3dcb381861be..53139b82c7be1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags linux,ppc64le syscall_linux.go syscall_linux_ppc64x.go
+// go run mksyscall.go -tags linux,ppc64le syscall_linux.go syscall_linux_ppc64x.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && ppc64le
 // +build linux,ppc64le
 
 package unix
@@ -14,1214 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1230,8 +25,8 @@ func Syncfs(fd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1251,265 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(events) > 0 {
@@ -1634,17 +170,6 @@ func Getuid() (uid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Ioperm(from int, num int, on int) (err error) {
 	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
 	if e1 != 0 {
@@ -1749,6 +274,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
 	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
 	off = int64(r0)
@@ -1782,8 +327,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1792,8 +338,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1903,16 +450,6 @@ func Statfs(path string, buf *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
-	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Truncate(path string, length int64) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2194,8 +731,8 @@ func utimes(path string, times *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+func syncFileRange2(fd int, flags int, off int64, n int64) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off), uintptr(n), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2204,19 +741,13 @@ func pipe(p *[2]_C_int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
 	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
new file mode 100644
index 0000000000000..63b393b8027d4
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -0,0 +1,583 @@
+// go run mksyscall.go -tags linux,riscv64 syscall_linux.go syscall_linux_riscv64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build linux && riscv64
+// +build linux,riscv64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index 38f903cd3e1f6..202add37d10a5 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags linux,s390x syscall_linux.go syscall_linux_s390x.go
+// go run mksyscall.go -tags linux,s390x syscall_linux.go syscall_linux_s390x.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && s390x
 // +build linux,s390x
 
 package unix
@@ -14,1214 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1230,8 +25,8 @@ func Syncfs(fd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1251,265 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func faccessat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate(size int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(events) > 0 {
@@ -1634,17 +170,6 @@ func Getuid() (uid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Lchown(path string, uid int, gid int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1719,6 +244,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
 	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
 	off = int64(r0)
@@ -1752,8 +297,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1762,8 +308,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1974,19 +521,13 @@ func utimes(path string, times *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
 	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index b26aee9579a63..2ab268c343593 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -tags linux,sparc64 syscall_linux.go syscall_linux_sparc64.go
+// go run mksyscall.go -tags linux,sparc64 syscall_linux.go syscall_linux_sparc64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build linux && sparc64
 // +build linux,sparc64
 
 package unix
@@ -14,1229 +15,8 @@ var _ syscall.Errno
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fchmodat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unlinkat(dirfd int, path string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getcwd(buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
-	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg2)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg3)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(arg4)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(payload) > 0 {
-		_p0 = unsafe.Pointer(&payload[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(arg)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(source)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Acct(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(payload) > 0 {
-		_p2 = unsafe.Pointer(&payload[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Adjtimex(buf *Timex) (state int, err error) {
-	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
-	state = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Chroot(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func ClockGettime(clockid int32, time *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Dup3(oldfd int, newfd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCreate1(flag int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Eventfd(initval uint, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Exit(code int) {
-	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fdatasync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getdents(fd int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpid() (pid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getppid() (ppid int) {
-	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
-	ppid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Gettid() (tid int) {
-	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
-	tid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(pathname)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
-	watchdesc = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyInit1(flags int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
-	success = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Kill(pid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Klogctl(typ int, buf []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Listxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Llistxattr(path string, dest []byte) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lremovexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mkdirat(dirfd int, path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
-	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func PivotRoot(newroot string, putold string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(newroot)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(putold)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
-	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func read(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Removexattr(path string, attr string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(oldpath)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(newpath)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(keyType)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(description)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(callback)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
-	id = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setdomainname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sethostname(p []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
-	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Settimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setns(fd int, nstype int) (err error) {
-	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Sync() {
-	SyscallNoError(SYS_SYNC, 0, 0, 0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Syncfs(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1245,8 +25,8 @@ func Syncfs(fd int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Sysinfo(info *Sysinfo_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1266,229 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
-	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Umask(mask int) (oldmask int) {
-	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
-	oldmask = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unmount(target string, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(target)
-	if err != nil {
-		return
-	}
-	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Unshare(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func write(fd int, p []byte) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func exitThread(code int) (err error) {
-	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func readlen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func writelen(fd int, p *byte, np int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Madvise(b []byte, advice int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mprotect(b []byte, prot int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlock(b []byte) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(events) > 0 {
@@ -1516,16 +73,6 @@ func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Fchown(fd int, uid int, gid int) (err error) {
 	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
@@ -1623,17 +170,6 @@ func Getuid() (uid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func InotifyInit() (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Lchown(path string, uid int, gid int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1718,6 +254,26 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
 	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
 	off = int64(r0)
@@ -1751,8 +307,9 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsgid(gid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1761,8 +318,9 @@ func Setfsgid(gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setfsuid(uid int) (err error) {
-	_, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2139,34 +697,3 @@ func utimes(path string, times *[2]Timeval) (err error) {
 	}
 	return
 }
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index b3298930e7422..4726ab30a8fa6 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -netbsd -tags netbsd,386 syscall_bsd.go syscall_netbsd.go syscall_netbsd_386.go
+// go run mksyscall.go -l32 -netbsd -tags netbsd,386 syscall_bsd.go syscall_netbsd.go syscall_netbsd_386.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build netbsd && 386
 // +build netbsd,386
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -389,7 +363,17 @@ func pipe() (fd1 int, fd2 int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func getdents(fd int, buf []byte) (n int, err error) {
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
@@ -433,6 +417,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -564,6 +564,16 @@ func Dup2(from int, to int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Exit(code int) {
 	Syscall(SYS_EXIT, uintptr(code), 0, 0)
 	return
@@ -571,6 +581,220 @@ func Exit(code int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -651,6 +875,21 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Flock(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
@@ -697,6 +936,16 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATVFS1, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fsync(fd int) (err error) {
 	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
 	if e1 != 0 {
@@ -900,6 +1149,26 @@ func Link(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, backlog int) (err error) {
 	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
@@ -940,6 +1209,21 @@ func Mkdir(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -955,6 +1239,21 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -970,6 +1269,21 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -996,6 +1310,22 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pathconf(path string, name int) (val int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1085,6 +1415,28 @@ func Readlink(path string, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rename(from string, to string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(from)
@@ -1105,6 +1457,26 @@ func Rename(from string, to string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Revoke(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1146,8 +1518,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1282,6 +1655,21 @@ func Stat(path string, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Statvfs1(path string, buf *Statvfs_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATVFS1, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Symlink(path string, link string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1302,6 +1690,26 @@ func Symlink(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() (err error) {
 	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
 	if e1 != 0 {
@@ -1350,6 +1758,21 @@ func Unlink(path string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unmount(path string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index 5096ef07e4902..fe71456dbc0f8 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -netbsd -tags netbsd,amd64 syscall_bsd.go syscall_netbsd.go syscall_netbsd_amd64.go
+// go run mksyscall.go -netbsd -tags netbsd,amd64 syscall_bsd.go syscall_netbsd.go syscall_netbsd_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build netbsd && amd64
 // +build netbsd,amd64
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -389,7 +363,17 @@ func pipe() (fd1 int, fd2 int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func getdents(fd int, buf []byte) (n int, err error) {
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
@@ -433,6 +417,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -564,6 +564,16 @@ func Dup2(from int, to int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Exit(code int) {
 	Syscall(SYS_EXIT, uintptr(code), 0, 0)
 	return
@@ -571,6 +581,220 @@ func Exit(code int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -651,6 +875,21 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Flock(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
@@ -697,6 +936,16 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATVFS1, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fsync(fd int) (err error) {
 	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
 	if e1 != 0 {
@@ -900,6 +1149,26 @@ func Link(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, backlog int) (err error) {
 	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
@@ -940,6 +1209,21 @@ func Mkdir(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -955,6 +1239,21 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -970,6 +1269,21 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -996,6 +1310,22 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pathconf(path string, name int) (val int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1085,6 +1415,28 @@ func Readlink(path string, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rename(from string, to string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(from)
@@ -1105,6 +1457,26 @@ func Rename(from string, to string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Revoke(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1146,8 +1518,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1282,6 +1655,21 @@ func Stat(path string, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Statvfs1(path string, buf *Statvfs_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATVFS1, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Symlink(path string, link string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1302,6 +1690,26 @@ func Symlink(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() (err error) {
 	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
 	if e1 != 0 {
@@ -1350,6 +1758,21 @@ func Unlink(path string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unmount(path string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index b7141c63f9f4b..0b5b2f0143bea 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -netbsd -arm -tags netbsd,arm syscall_bsd.go syscall_netbsd.go syscall_netbsd_arm.go
+// go run mksyscall.go -l32 -netbsd -arm -tags netbsd,arm syscall_bsd.go syscall_netbsd.go syscall_netbsd_arm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build netbsd && arm
 // +build netbsd,arm
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -389,7 +363,17 @@ func pipe() (fd1 int, fd2 int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func getdents(fd int, buf []byte) (n int, err error) {
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
@@ -433,6 +417,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -564,6 +564,16 @@ func Dup2(from int, to int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Exit(code int) {
 	Syscall(SYS_EXIT, uintptr(code), 0, 0)
 	return
@@ -571,6 +581,220 @@ func Exit(code int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -651,6 +875,21 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Flock(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
@@ -697,6 +936,16 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATVFS1, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fsync(fd int) (err error) {
 	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
 	if e1 != 0 {
@@ -900,6 +1149,26 @@ func Link(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, backlog int) (err error) {
 	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
@@ -940,6 +1209,21 @@ func Mkdir(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -955,6 +1239,21 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -970,6 +1269,21 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -996,6 +1310,22 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pathconf(path string, name int) (val int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1085,6 +1415,28 @@ func Readlink(path string, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rename(from string, to string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(from)
@@ -1105,6 +1457,26 @@ func Rename(from string, to string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Revoke(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1146,8 +1518,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1282,6 +1655,21 @@ func Stat(path string, stat *Stat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Statvfs1(path string, buf *Statvfs_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATVFS1, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Symlink(path string, link string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1302,6 +1690,26 @@ func Symlink(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() (err error) {
 	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
 	if e1 != 0 {
@@ -1350,6 +1758,21 @@ func Unlink(path string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unmount(path string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
new file mode 100644
index 0000000000000..bfca28648fb59
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -0,0 +1,1862 @@
+// go run mksyscall.go -netbsd -tags netbsd,arm64 syscall_bsd.go syscall_netbsd.go syscall_netbsd_arm64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build netbsd && arm64
+// +build netbsd,arm64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (fd1 int, fd2 int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
+	fd1 = int(r0)
+	fd2 = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_POSIX_FADVISE, uintptr(fd), 0, uintptr(offset), 0, uintptr(length), uintptr(advice))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATVFS1, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statvfs1(path string, buf *Statvfs_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATVFS1, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index 1942049b0f893..8f80f4ade511e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -openbsd -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go
+// go run mksyscall.go -l32 -openbsd -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build openbsd && 386
 // +build openbsd,386
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -377,8 +351,8 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -387,7 +361,7 @@ func pipe(p *[2]_C_int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func getdents(fd int, buf []byte) (n int, err error) {
+func Getdents(fd int, buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
@@ -431,6 +405,33 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -562,6 +563,16 @@ func Dup2(from int, to int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Exit(code int) {
 	Syscall(SYS_EXIT, uintptr(code), 0, 0)
 	return
@@ -639,6 +650,21 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Flock(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
@@ -909,6 +935,26 @@ func Link(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, backlog int) (err error) {
 	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
@@ -949,6 +995,21 @@ func Mkdir(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -964,6 +1025,21 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -979,6 +1055,21 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -1005,6 +1096,22 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pathconf(path string, name int) (val int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1094,6 +1201,28 @@ func Readlink(path string, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rename(from string, to string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(from)
@@ -1114,6 +1243,26 @@ func Rename(from string, to string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Revoke(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1155,8 +1304,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1371,6 +1521,26 @@ func Symlink(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() (err error) {
 	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
 	if e1 != 0 {
@@ -1419,6 +1589,21 @@ func Unlink(path string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unmount(path string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index d351c72cb716f..3a47aca7bf70d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -openbsd -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go
+// go run mksyscall.go -openbsd -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build openbsd && amd64
 // +build openbsd,amd64
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -377,8 +351,8 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -387,7 +361,7 @@ func pipe(p *[2]_C_int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func getdents(fd int, buf []byte) (n int, err error) {
+func Getdents(fd int, buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
@@ -431,6 +405,33 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -562,6 +563,16 @@ func Dup2(from int, to int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Exit(code int) {
 	Syscall(SYS_EXIT, uintptr(code), 0, 0)
 	return
@@ -639,6 +650,21 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Flock(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
@@ -909,6 +935,26 @@ func Link(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, backlog int) (err error) {
 	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
@@ -949,6 +995,21 @@ func Mkdir(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -964,6 +1025,21 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -979,6 +1055,21 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -1005,6 +1096,22 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pathconf(path string, name int) (val int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1094,6 +1201,28 @@ func Readlink(path string, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rename(from string, to string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(from)
@@ -1114,6 +1243,26 @@ func Rename(from string, to string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Revoke(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1155,8 +1304,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1371,6 +1521,26 @@ func Symlink(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() (err error) {
 	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
 	if e1 != 0 {
@@ -1419,6 +1589,21 @@ func Unlink(path string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unmount(path string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index 617d47f0f311b..883a9b45e8e22 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -1,6 +1,7 @@
-// mksyscall.pl -l32 -openbsd -arm -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go
+// go run mksyscall.go -l32 -openbsd -arm -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build openbsd && arm
 // +build openbsd,arm
 
 package unix
@@ -214,22 +215,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -255,17 +240,6 @@ func futimes(fd int, timeval *[2]Timeval) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
@@ -377,8 +351,8 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -387,7 +361,7 @@ func pipe(p *[2]_C_int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func getdents(fd int, buf []byte) (n int, err error) {
+func Getdents(fd int, buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
 		_p0 = unsafe.Pointer(&buf[0])
@@ -431,6 +405,33 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -562,6 +563,16 @@ func Dup2(from int, to int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Exit(code int) {
 	Syscall(SYS_EXIT, uintptr(code), 0, 0)
 	return
@@ -639,6 +650,21 @@ func Fchown(fd int, uid int, gid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Flock(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
@@ -909,6 +935,26 @@ func Link(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, backlog int) (err error) {
 	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
@@ -949,6 +995,21 @@ func Mkdir(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -964,6 +1025,21 @@ func Mkfifo(path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -979,6 +1055,21 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -1005,6 +1096,22 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pathconf(path string, name int) (val int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1094,6 +1201,28 @@ func Readlink(path string, buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rename(from string, to string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(from)
@@ -1114,6 +1243,26 @@ func Rename(from string, to string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Revoke(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1155,8 +1304,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1371,6 +1521,26 @@ func Symlink(path string, link string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() (err error) {
 	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
 	if e1 != 0 {
@@ -1419,6 +1589,21 @@ func Unlink(path string) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unmount(path string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
new file mode 100644
index 0000000000000..aac7fdc95e28a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -0,0 +1,1693 @@
+// go run mksyscall.go -openbsd -tags openbsd,arm64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build openbsd && arm64
+// +build openbsd,arm64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrtable() (rtable int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	rtable = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrtable(rtable int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
new file mode 100644
index 0000000000000..8776187462b74
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -0,0 +1,1693 @@
+// go run mksyscall.go -openbsd -tags openbsd,mips64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_mips64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build openbsd && mips64
+// +build openbsd,mips64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrtable() (rtable int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	rtable = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrtable(rtable int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index e2e5fc5e0a6b1..b5f926cee2a99 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -1,6 +1,7 @@
-// mksyscall_solaris.pl -tags solaris,amd64 syscall_solaris.go syscall_solaris_amd64.go
+// go run mksyscall_solaris.go -tags solaris,amd64 syscall_solaris.go syscall_solaris_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build solaris && amd64
 // +build solaris,amd64
 
 package unix
@@ -11,6 +12,7 @@ import (
 )
 
 //go:cgo_import_dynamic libc_pipe pipe "libc.so"
+//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so"
 //go:cgo_import_dynamic libc_getsockname getsockname "libsocket.so"
 //go:cgo_import_dynamic libc_getcwd getcwd "libc.so"
 //go:cgo_import_dynamic libc_getgroups getgroups "libc.so"
@@ -114,6 +116,7 @@ import (
 //go:cgo_import_dynamic libc_statvfs statvfs "libc.so"
 //go:cgo_import_dynamic libc_symlink symlink "libc.so"
 //go:cgo_import_dynamic libc_sync sync "libc.so"
+//go:cgo_import_dynamic libc_sysconf sysconf "libc.so"
 //go:cgo_import_dynamic libc_times times "libc.so"
 //go:cgo_import_dynamic libc_truncate truncate "libc.so"
 //go:cgo_import_dynamic libc_fsync fsync "libc.so"
@@ -138,8 +141,14 @@ import (
 //go:cgo_import_dynamic libc_getpeername getpeername "libsocket.so"
 //go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so"
 //go:cgo_import_dynamic libc_recvfrom recvfrom "libsocket.so"
+//go:cgo_import_dynamic libc_port_create port_create "libc.so"
+//go:cgo_import_dynamic libc_port_associate port_associate "libc.so"
+//go:cgo_import_dynamic libc_port_dissociate port_dissociate "libc.so"
+//go:cgo_import_dynamic libc_port_get port_get "libc.so"
+//go:cgo_import_dynamic libc_port_getn port_getn "libc.so"
 
 //go:linkname procpipe libc_pipe
+//go:linkname procpipe2 libc_pipe2
 //go:linkname procgetsockname libc_getsockname
 //go:linkname procGetcwd libc_getcwd
 //go:linkname procgetgroups libc_getgroups
@@ -243,6 +252,7 @@ import (
 //go:linkname procStatvfs libc_statvfs
 //go:linkname procSymlink libc_symlink
 //go:linkname procSync libc_sync
+//go:linkname procSysconf libc_sysconf
 //go:linkname procTimes libc_times
 //go:linkname procTruncate libc_truncate
 //go:linkname procFsync libc_fsync
@@ -267,9 +277,15 @@ import (
 //go:linkname procgetpeername libc_getpeername
 //go:linkname procsetsockopt libc_setsockopt
 //go:linkname procrecvfrom libc_recvfrom
+//go:linkname procport_create libc_port_create
+//go:linkname procport_associate libc_port_associate
+//go:linkname procport_dissociate libc_port_dissociate
+//go:linkname procport_get libc_port_get
+//go:linkname procport_getn libc_port_getn
 
 var (
 	procpipe,
+	procpipe2,
 	procgetsockname,
 	procGetcwd,
 	procgetgroups,
@@ -373,6 +389,7 @@ var (
 	procStatvfs,
 	procSymlink,
 	procSync,
+	procSysconf,
 	procTimes,
 	procTruncate,
 	procFsync,
@@ -396,9 +413,16 @@ var (
 	proc__xnet_getsockopt,
 	procgetpeername,
 	procsetsockopt,
-	procrecvfrom syscallFunc
+	procrecvfrom,
+	procport_create,
+	procport_associate,
+	procport_dissociate,
+	procport_get,
+	procport_getn syscallFunc
 )
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func pipe(p *[2]_C_int) (n int, err error) {
 	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procpipe)), 1, uintptr(unsafe.Pointer(p)), 0, 0, 0, 0, 0)
 	n = int(r0)
@@ -408,6 +432,18 @@ func pipe(p *[2]_C_int) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procpipe2)), 2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetsockname)), 3, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
 	if e1 != 0 {
@@ -416,6 +452,8 @@ func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getcwd(buf []byte) (n int, err error) {
 	var _p0 *byte
 	if len(buf) > 0 {
@@ -429,6 +467,8 @@ func Getcwd(buf []byte) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
 	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procgetgroups)), 2, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0, 0, 0, 0)
 	n = int(r0)
@@ -438,6 +478,8 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func setgroups(ngid int, gid *_Gid_t) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procsetgroups)), 2, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -446,6 +488,8 @@ func setgroups(ngid int, gid *_Gid_t) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func wait4(pid int32, statusp *_C_int, options int, rusage *Rusage) (wpid int32, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwait4)), 4, uintptr(pid), uintptr(unsafe.Pointer(statusp)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
 	wpid = int32(r0)
@@ -455,6 +499,8 @@ func wait4(pid int32, statusp *_C_int, options int, rusage *Rusage) (wpid int32,
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func gethostname(buf []byte) (n int, err error) {
 	var _p0 *byte
 	if len(buf) > 0 {
@@ -468,6 +514,8 @@ func gethostname(buf []byte) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimes(path string, times *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -481,6 +529,8 @@ func utimes(path string, times *[2]Timeval) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(fd int, path string, times *[2]Timespec, flag int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -494,6 +544,8 @@ func utimensat(fd int, path string, times *[2]Timespec, flag int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func fcntl(fd int, cmd int, arg int) (val int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procfcntl)), 3, uintptr(fd), uintptr(cmd), uintptr(arg), 0, 0, 0)
 	val = int(r0)
@@ -503,6 +555,8 @@ func fcntl(fd int, cmd int, arg int) (val int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func futimesat(fildes int, path *byte, times *[2]Timeval) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procfutimesat)), 3, uintptr(fildes), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(times)), 0, 0, 0)
 	if e1 != 0 {
@@ -511,6 +565,8 @@ func futimesat(fildes int, path *byte, times *[2]Timeval) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procaccept)), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
 	fd = int(r0)
@@ -520,6 +576,8 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_recvmsg)), 3, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags), 0, 0, 0)
 	n = int(r0)
@@ -529,6 +587,8 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_sendmsg)), 3, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags), 0, 0, 0)
 	n = int(r0)
@@ -538,6 +598,8 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func acct(path *byte) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procacct)), 1, uintptr(unsafe.Pointer(path)), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -546,32 +608,43 @@ func acct(path *byte) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func __makedev(version int, major uint, minor uint) (val uint64) {
 	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&proc__makedev)), 3, uintptr(version), uintptr(major), uintptr(minor), 0, 0, 0)
 	val = uint64(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func __major(version int, dev uint64) (val uint) {
 	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&proc__major)), 2, uintptr(version), uintptr(dev), 0, 0, 0, 0)
 	val = uint(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func __minor(version int, dev uint64) (val uint) {
 	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&proc__minor)), 2, uintptr(version), uintptr(dev), 0, 0, 0, 0)
 	val = uint(r0)
 	return
 }
 
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+	ret = int(r0)
 	if e1 != 0 {
 		err = e1
 	}
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0)
 	n = int(r0)
@@ -581,6 +654,8 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -594,6 +669,8 @@ func Access(path string, mode uint32) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procAdjtime)), 2, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -602,6 +679,8 @@ func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Chdir(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -615,6 +694,8 @@ func Chdir(path string) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Chmod(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -628,6 +709,8 @@ func Chmod(path string, mode uint32) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Chown(path string, uid int, gid int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -641,6 +724,8 @@ func Chown(path string, uid int, gid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Chroot(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -654,6 +739,8 @@ func Chroot(path string) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Close(fd int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procClose)), 1, uintptr(fd), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -662,6 +749,8 @@ func Close(fd int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Creat(path string, mode uint32) (fd int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -676,6 +765,8 @@ func Creat(path string, mode uint32) (fd int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Dup(fd int) (nfd int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procDup)), 1, uintptr(fd), 0, 0, 0, 0, 0)
 	nfd = int(r0)
@@ -685,6 +776,8 @@ func Dup(fd int) (nfd int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Dup2(oldfd int, newfd int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procDup2)), 2, uintptr(oldfd), uintptr(newfd), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -693,11 +786,15 @@ func Dup2(oldfd int, newfd int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Exit(code int) {
 	sysvicall6(uintptr(unsafe.Pointer(&procExit)), 1, uintptr(code), 0, 0, 0, 0, 0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -711,6 +808,8 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fchdir(fd int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchdir)), 1, uintptr(fd), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -719,6 +818,8 @@ func Fchdir(fd int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fchmod(fd int, mode uint32) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchmod)), 2, uintptr(fd), uintptr(mode), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -727,6 +828,8 @@ func Fchmod(fd int, mode uint32) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -740,6 +843,8 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fchown(fd int, uid int, gid int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchown)), 3, uintptr(fd), uintptr(uid), uintptr(gid), 0, 0, 0)
 	if e1 != 0 {
@@ -748,6 +853,8 @@ func Fchown(fd int, uid int, gid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -761,6 +868,8 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fdatasync(fd int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFdatasync)), 1, uintptr(fd), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -769,6 +878,8 @@ func Fdatasync(fd int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Flock(fd int, how int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFlock)), 2, uintptr(fd), uintptr(how), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -777,6 +888,8 @@ func Flock(fd int, how int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fpathconf(fd int, name int) (val int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFpathconf)), 2, uintptr(fd), uintptr(name), 0, 0, 0, 0)
 	val = int(r0)
@@ -786,6 +899,8 @@ func Fpathconf(fd int, name int) (val int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fstat(fd int, stat *Stat_t) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFstat)), 2, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -794,6 +909,8 @@ func Fstat(fd int, stat *Stat_t) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -807,6 +924,8 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fstatvfs(fd int, vfsstat *Statvfs_t) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFstatvfs)), 2, uintptr(fd), uintptr(unsafe.Pointer(vfsstat)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -815,6 +934,8 @@ func Fstatvfs(fd int, vfsstat *Statvfs_t) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getdents(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	var _p0 *byte
 	if len(buf) > 0 {
@@ -828,18 +949,24 @@ func Getdents(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getgid() (gid int) {
 	r0, _, _ := rawSysvicall6(uintptr(unsafe.Pointer(&procGetgid)), 0, 0, 0, 0, 0, 0, 0)
 	gid = int(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getpid() (pid int) {
 	r0, _, _ := rawSysvicall6(uintptr(unsafe.Pointer(&procGetpid)), 0, 0, 0, 0, 0, 0, 0)
 	pid = int(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getpgid(pid int) (pgid int, err error) {
 	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetpgid)), 1, uintptr(pid), 0, 0, 0, 0, 0)
 	pgid = int(r0)
@@ -849,6 +976,8 @@ func Getpgid(pid int) (pgid int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getpgrp() (pgid int, err error) {
 	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetpgrp)), 0, 0, 0, 0, 0, 0, 0)
 	pgid = int(r0)
@@ -858,24 +987,32 @@ func Getpgrp() (pgid int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Geteuid() (euid int) {
 	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procGeteuid)), 0, 0, 0, 0, 0, 0, 0)
 	euid = int(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getegid() (egid int) {
 	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procGetegid)), 0, 0, 0, 0, 0, 0, 0)
 	egid = int(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getppid() (ppid int) {
 	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procGetppid)), 0, 0, 0, 0, 0, 0, 0)
 	ppid = int(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getpriority(which int, who int) (n int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procGetpriority)), 2, uintptr(which), uintptr(who), 0, 0, 0, 0)
 	n = int(r0)
@@ -885,6 +1022,8 @@ func Getpriority(which int, who int) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getrlimit(which int, lim *Rlimit) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetrlimit)), 2, uintptr(which), uintptr(unsafe.Pointer(lim)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -893,6 +1032,8 @@ func Getrlimit(which int, lim *Rlimit) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getrusage(who int, rusage *Rusage) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetrusage)), 2, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -901,6 +1042,8 @@ func Getrusage(who int, rusage *Rusage) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Gettimeofday(tv *Timeval) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGettimeofday)), 1, uintptr(unsafe.Pointer(tv)), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -909,12 +1052,16 @@ func Gettimeofday(tv *Timeval) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getuid() (uid int) {
 	r0, _, _ := rawSysvicall6(uintptr(unsafe.Pointer(&procGetuid)), 0, 0, 0, 0, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Kill(pid int, signum syscall.Signal) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procKill)), 2, uintptr(pid), uintptr(signum), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -923,6 +1070,8 @@ func Kill(pid int, signum syscall.Signal) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Lchown(path string, uid int, gid int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -936,6 +1085,8 @@ func Lchown(path string, uid int, gid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Link(path string, link string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -954,6 +1105,8 @@ func Link(path string, link string) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, backlog int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_llisten)), 2, uintptr(s), uintptr(backlog), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -962,6 +1115,8 @@ func Listen(s int, backlog int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Lstat(path string, stat *Stat_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -975,6 +1130,8 @@ func Lstat(path string, stat *Stat_t) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Madvise(b []byte, advice int) (err error) {
 	var _p0 *byte
 	if len(b) > 0 {
@@ -987,6 +1144,8 @@ func Madvise(b []byte, advice int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkdir(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1000,6 +1159,8 @@ func Mkdir(path string, mode uint32) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkdirat(dirfd int, path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1013,6 +1174,8 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1026,6 +1189,8 @@ func Mkfifo(path string, mode uint32) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1039,6 +1204,8 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mknod(path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1052,6 +1219,8 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1065,6 +1234,8 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mlock(b []byte) (err error) {
 	var _p0 *byte
 	if len(b) > 0 {
@@ -1077,6 +1248,8 @@ func Mlock(b []byte) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mlockall(flags int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMlockall)), 1, uintptr(flags), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1085,6 +1258,8 @@ func Mlockall(flags int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mprotect(b []byte, prot int) (err error) {
 	var _p0 *byte
 	if len(b) > 0 {
@@ -1097,6 +1272,8 @@ func Mprotect(b []byte, prot int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Msync(b []byte, flags int) (err error) {
 	var _p0 *byte
 	if len(b) > 0 {
@@ -1109,6 +1286,8 @@ func Msync(b []byte, flags int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Munlock(b []byte) (err error) {
 	var _p0 *byte
 	if len(b) > 0 {
@@ -1121,6 +1300,8 @@ func Munlock(b []byte) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Munlockall() (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMunlockall)), 0, 0, 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1129,6 +1310,8 @@ func Munlockall() (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procNanosleep)), 2, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1137,6 +1320,8 @@ func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Open(path string, mode int, perm uint32) (fd int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1151,6 +1336,8 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1165,6 +1352,8 @@ func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pathconf(path string, name int) (val int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1179,6 +1368,8 @@ func Pathconf(path string, name int) (val int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pause() (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPause)), 0, 0, 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1187,6 +1378,8 @@ func Pause() (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	var _p0 *byte
 	if len(p) > 0 {
@@ -1200,6 +1393,8 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	var _p0 *byte
 	if len(p) > 0 {
@@ -1213,6 +1408,8 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func read(fd int, p []byte) (n int, err error) {
 	var _p0 *byte
 	if len(p) > 0 {
@@ -1226,6 +1423,8 @@ func read(fd int, p []byte) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Readlink(path string, buf []byte) (n int, err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1244,6 +1443,8 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rename(from string, to string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(from)
@@ -1262,6 +1463,8 @@ func Rename(from string, to string) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(oldpath)
@@ -1280,6 +1483,8 @@ func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err e
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rmdir(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1293,6 +1498,8 @@ func Rmdir(path string) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proclseek)), 3, uintptr(fd), uintptr(offset), uintptr(whence), 0, 0, 0)
 	newoffset = int64(r0)
@@ -1302,14 +1509,19 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	return
 }
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSelect)), 5, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSelect)), 5, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = e1
 	}
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setegid(egid int) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetegid)), 1, uintptr(egid), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1318,6 +1530,8 @@ func Setegid(egid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Seteuid(euid int) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSeteuid)), 1, uintptr(euid), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1326,6 +1540,8 @@ func Seteuid(euid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setgid(gid int) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetgid)), 1, uintptr(gid), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1334,6 +1550,8 @@ func Setgid(gid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sethostname(p []byte) (err error) {
 	var _p0 *byte
 	if len(p) > 0 {
@@ -1346,6 +1564,8 @@ func Sethostname(p []byte) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setpgid(pid int, pgid int) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetpgid)), 2, uintptr(pid), uintptr(pgid), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1354,6 +1574,8 @@ func Setpgid(pid int, pgid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setpriority(which int, who int, prio int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSetpriority)), 3, uintptr(which), uintptr(who), uintptr(prio), 0, 0, 0)
 	if e1 != 0 {
@@ -1362,6 +1584,8 @@ func Setpriority(which int, who int, prio int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setregid(rgid int, egid int) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetregid)), 2, uintptr(rgid), uintptr(egid), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1370,6 +1594,8 @@ func Setregid(rgid int, egid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setreuid(ruid int, euid int) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetreuid)), 2, uintptr(ruid), uintptr(euid), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1378,6 +1604,8 @@ func Setreuid(ruid int, euid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setrlimit(which int, lim *Rlimit) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetrlimit)), 2, uintptr(which), uintptr(unsafe.Pointer(lim)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1386,6 +1614,8 @@ func Setrlimit(which int, lim *Rlimit) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setsid() (pid int, err error) {
 	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetsid)), 0, 0, 0, 0, 0, 0, 0)
 	pid = int(r0)
@@ -1395,6 +1625,8 @@ func Setsid() (pid int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setuid(uid int) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetuid)), 1, uintptr(uid), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1403,6 +1635,8 @@ func Setuid(uid int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Shutdown(s int, how int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procshutdown)), 2, uintptr(s), uintptr(how), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1411,6 +1645,8 @@ func Shutdown(s int, how int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Stat(path string, stat *Stat_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1424,6 +1660,8 @@ func Stat(path string, stat *Stat_t) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Statvfs(path string, vfsstat *Statvfs_t) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1437,6 +1675,8 @@ func Statvfs(path string, vfsstat *Statvfs_t) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Symlink(path string, link string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1455,6 +1695,8 @@ func Symlink(path string, link string) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSync)), 0, 0, 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1463,6 +1705,19 @@ func Sync() (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sysconf(which int) (n int64, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSysconf)), 1, uintptr(which), 0, 0, 0, 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Times(tms *Tms) (ticks uintptr, err error) {
 	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procTimes)), 1, uintptr(unsafe.Pointer(tms)), 0, 0, 0, 0, 0)
 	ticks = uintptr(r0)
@@ -1472,6 +1727,8 @@ func Times(tms *Tms) (ticks uintptr, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Truncate(path string, length int64) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1485,6 +1742,8 @@ func Truncate(path string, length int64) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fsync(fd int) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFsync)), 1, uintptr(fd), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1493,6 +1752,8 @@ func Fsync(fd int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Ftruncate(fd int, length int64) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFtruncate)), 2, uintptr(fd), uintptr(length), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1501,12 +1762,16 @@ func Ftruncate(fd int, length int64) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Umask(mask int) (oldmask int) {
 	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procUmask)), 1, uintptr(mask), 0, 0, 0, 0, 0)
 	oldmask = int(r0)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Uname(buf *Utsname) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procUname)), 1, uintptr(unsafe.Pointer(buf)), 0, 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1515,6 +1780,8 @@ func Uname(buf *Utsname) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unmount(target string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(target)
@@ -1528,6 +1795,8 @@ func Unmount(target string, flags int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unlink(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1541,6 +1810,8 @@ func Unlink(path string) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Unlinkat(dirfd int, path string, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1554,6 +1825,8 @@ func Unlinkat(dirfd int, path string, flags int) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Ustat(dev int, ubuf *Ustat_t) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUstat)), 2, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1562,6 +1835,8 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Utime(path string, buf *Utimbuf) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1575,6 +1850,8 @@ func Utime(path string, buf *Utimbuf) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_bind)), 3, uintptr(s), uintptr(addr), uintptr(addrlen), 0, 0, 0)
 	if e1 != 0 {
@@ -1583,6 +1860,8 @@ func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_connect)), 3, uintptr(s), uintptr(addr), uintptr(addrlen), 0, 0, 0)
 	if e1 != 0 {
@@ -1591,6 +1870,8 @@ func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procmmap)), 6, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
 	ret = uintptr(r0)
@@ -1600,6 +1881,8 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func munmap(addr uintptr, length uintptr) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procmunmap)), 2, uintptr(addr), uintptr(length), 0, 0, 0, 0)
 	if e1 != 0 {
@@ -1608,6 +1891,8 @@ func munmap(addr uintptr, length uintptr) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procsendfile)), 4, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
 	written = int(r0)
@@ -1617,6 +1902,8 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
 	var _p0 *byte
 	if len(buf) > 0 {
@@ -1629,6 +1916,8 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func socket(domain int, typ int, proto int) (fd int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_socket)), 3, uintptr(domain), uintptr(typ), uintptr(proto), 0, 0, 0)
 	fd = int(r0)
@@ -1638,6 +1927,8 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&proc__xnet_socketpair)), 4, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
 	if e1 != 0 {
@@ -1646,6 +1937,8 @@ func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func write(fd int, p []byte) (n int, err error) {
 	var _p0 *byte
 	if len(p) > 0 {
@@ -1659,6 +1952,8 @@ func write(fd int, p []byte) (n int, err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_getsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
 	if e1 != 0 {
@@ -1667,6 +1962,8 @@ func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
 	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procgetpeername)), 3, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
 	if e1 != 0 {
@@ -1675,6 +1972,8 @@ func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
 	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procsetsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
 	if e1 != 0 {
@@ -1683,6 +1982,8 @@ func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr)
 	return
 }
 
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
 	var _p0 *byte
 	if len(p) > 0 {
@@ -1695,3 +1996,58 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func port_create() (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_create)), 0, 0, 0, 0, 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func port_associate(port int, source int, object uintptr, events int, user *byte) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_associate)), 5, uintptr(port), uintptr(source), uintptr(object), uintptr(events), uintptr(unsafe.Pointer(user)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func port_dissociate(port int, source int, object uintptr) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_dissociate)), 3, uintptr(port), uintptr(source), uintptr(object), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func port_get(port int, pe *portEvent, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_get)), 3, uintptr(port), uintptr(unsafe.Pointer(pe)), uintptr(unsafe.Pointer(timeout)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func port_getn(port int, pe *portEvent, max uint32, nget *uint32, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_getn)), 5, uintptr(port), uintptr(unsafe.Pointer(pe)), uintptr(max), uintptr(unsafe.Pointer(nget)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
new file mode 100644
index 0000000000000..f2079457c6b24
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -0,0 +1,1255 @@
+// go run mksyscall.go -tags zos,s390x syscall_zos_s390x.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+package unix
+
+import (
+	"unsafe"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := syscall_syscall(SYS___ACCEPT_A, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(SYS___BIND_A, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(SYS___CONNECT_A, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := syscall_rawsyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := syscall_syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := syscall_rawsyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := syscall_rawsyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS___GETPEERNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS___GETSOCKNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(SYS___RECVFROM_A, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(SYS___SENDTO_A, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(SYS___RECVMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(SYS___SENDMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := syscall_syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := syscall_syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___ACCESS_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___CHDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___CHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___CHMOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Creat(path string, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(SYS___CREAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(oldfd int) (fd int, err error) {
+	r0, _, e1 := syscall_syscall(SYS_DUP, uintptr(oldfd), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Errno2() (er2 int) {
+	uer2, _, _ := syscall_syscall(SYS___ERRNO2, 0, 0, 0)
+	er2 = int(uer2)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Err2ad() (eadd *int) {
+	ueadd, _, _ := syscall_syscall(SYS___ERR2AD, 0, 0, 0)
+	eadd = (*int)(unsafe.Pointer(ueadd))
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	syscall_syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := syscall_syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) {
+	r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
+	retval = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *Stat_LE_t) (err error) {
+	_, _, e1 := syscall_syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs(fd int, stat *Statvfs_t) (err error) {
+	_, _, e1 := syscall_syscall(SYS_FSTATVFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := syscall_syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpagesize() (pgsize int) {
+	r0, _, _ := syscall_syscall(SYS_GETPAGESIZE, 0, 0, 0)
+	pgsize = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(fds) > 0 {
+		_p0 = unsafe.Pointer(&fds[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(SYS_POLL, uintptr(_p0), uintptr(len(fds)), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	r0, _, e1 := syscall_syscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
+	ticks = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func W_Getmntent(buff *byte, size int) (lastsys int, err error) {
+	r0, _, e1 := syscall_syscall(SYS_W_GETMNTENT, uintptr(unsafe.Pointer(buff)), uintptr(size), 0)
+	lastsys = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func W_Getmntent_A(buff *byte, size int) (lastsys int, err error) {
+	r0, _, e1 := syscall_syscall(SYS___W_GETMNTENT_A, uintptr(unsafe.Pointer(buff)), uintptr(size), 0)
+	lastsys = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(filesystem)
+	if err != nil {
+		return
+	}
+	var _p2 *byte
+	_p2, err = BytePtrFromString(fstype)
+	if err != nil {
+		return
+	}
+	var _p3 *byte
+	_p3, err = BytePtrFromString(parm)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(SYS___MOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unmount(filesystem string, mtm int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(filesystem)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___UMOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mtm), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___CHROOT_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS___UNAME_A, uintptr(unsafe.Pointer(buf)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gethostname(buf []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(SYS___GETHOSTNAME_A, uintptr(_p0), uintptr(len(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := syscall_rawsyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := syscall_rawsyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := syscall_rawsyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := syscall_rawsyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := syscall_rawsyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (pid int) {
+	r0, _, _ := syscall_rawsyscall(SYS_GETPPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := syscall_syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrusage(who int, rusage *rusage_zos) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := syscall_rawsyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := syscall_rawsyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig Signal) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___LCHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___LINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *Stat_LE_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___LSTAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___MKDIR_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___MKFIFO_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___MKNOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(SYS___READLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___RENAME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___RMDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := syscall_syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := syscall_rawsyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(uid int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_SETGID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := syscall_syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, statLE *Stat_LE_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___STAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___SYMLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() {
+	syscall_syscall(SYS_SYNC, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___TRUNCATE_A, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tcgetattr(fildes int, termptr *Termios) (err error) {
+	_, _, e1 := syscall_syscall(SYS_TCGETATTR, uintptr(fildes), uintptr(unsafe.Pointer(termptr)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tcsetattr(fildes int, when int, termptr *Termios) (err error) {
+	_, _, e1 := syscall_syscall(SYS_TCSETATTR, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(mask int) (oldmask int) {
+	r0, _, _ := syscall_syscall(SYS_UMASK, uintptr(mask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___UNLINK_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, utim *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___UTIME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(SYS___OPEN_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func remove(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS_REMOVE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) {
+	r0, _, e1 := syscall_syscall(SYS_WAITPID, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options))
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func gettimeofday(tv *timeval_zos) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, _, e1 := syscall_rawsyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(SYS___UTIMES_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) {
+	r0, _, e1 := syscall_syscall6(SYS_SELECT, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
index b005031abed3c..9e9d0b2a9c452 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
@@ -1,6 +1,9 @@
-// mksysctl_openbsd.pl
+// go run mksysctl_openbsd.go
 // Code generated by the command above; DO NOT EDIT.
 
+//go:build 386 && openbsd
+// +build 386,openbsd
+
 package unix
 
 type mibentry struct {
@@ -28,6 +31,7 @@ var sysctlMib = []mibentry{
 	{"hw.model", []_C_int{6, 2}},
 	{"hw.ncpu", []_C_int{6, 3}},
 	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
 	{"hw.pagesize", []_C_int{6, 7}},
 	{"hw.physmem", []_C_int{6, 19}},
 	{"hw.product", []_C_int{6, 15}},
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
index 90c95c2c75cd4..adecd09667d0d 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
@@ -1,6 +1,7 @@
-// mksysctl_openbsd.pl
+// go run mksysctl_openbsd.go
 // Code generated by the command above; DO NOT EDIT.
 
+//go:build amd64 && openbsd
 // +build amd64,openbsd
 
 package unix
@@ -31,6 +32,7 @@ var sysctlMib = []mibentry{
 	{"hw.model", []_C_int{6, 2}},
 	{"hw.ncpu", []_C_int{6, 3}},
 	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
 	{"hw.pagesize", []_C_int{6, 7}},
 	{"hw.perfpolicy", []_C_int{6, 23}},
 	{"hw.physmem", []_C_int{6, 19}},
@@ -254,4 +256,17 @@ var sysctlMib = []mibentry{
 	{"net.mpls.ttl", []_C_int{4, 33, 2}},
 	{"net.pflow.stats", []_C_int{4, 34, 1}},
 	{"net.pipex.enable", []_C_int{4, 35, 1}},
+	{"vm.anonmin", []_C_int{2, 7}},
+	{"vm.loadavg", []_C_int{2, 2}},
+	{"vm.maxslp", []_C_int{2, 10}},
+	{"vm.nkmempages", []_C_int{2, 6}},
+	{"vm.psstrings", []_C_int{2, 3}},
+	{"vm.swapencrypt.enable", []_C_int{2, 5, 0}},
+	{"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}},
+	{"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}},
+	{"vm.uspace", []_C_int{2, 11}},
+	{"vm.uvmexp", []_C_int{2, 4}},
+	{"vm.vmmeter", []_C_int{2, 1}},
+	{"vm.vnodemin", []_C_int{2, 9}},
+	{"vm.vtextmin", []_C_int{2, 8}},
 }
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
index b005031abed3c..8ea52a4a1810e 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
@@ -1,6 +1,9 @@
-// mksysctl_openbsd.pl
+// go run mksysctl_openbsd.go
 // Code generated by the command above; DO NOT EDIT.
 
+//go:build arm && openbsd
+// +build arm,openbsd
+
 package unix
 
 type mibentry struct {
@@ -28,6 +31,7 @@ var sysctlMib = []mibentry{
 	{"hw.model", []_C_int{6, 2}},
 	{"hw.ncpu", []_C_int{6, 3}},
 	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
 	{"hw.pagesize", []_C_int{6, 7}},
 	{"hw.physmem", []_C_int{6, 19}},
 	{"hw.product", []_C_int{6, 15}},
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
new file mode 100644
index 0000000000000..154b57ae3e2ad
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
@@ -0,0 +1,276 @@
+// go run mksysctl_openbsd.go
+// Code generated by the command above; DO NOT EDIT.
+
+//go:build arm64 && openbsd
+// +build arm64,openbsd
+
+package unix
+
+type mibentry struct {
+	ctlname string
+	ctloid  []_C_int
+}
+
+var sysctlMib = []mibentry{
+	{"ddb.console", []_C_int{9, 6}},
+	{"ddb.log", []_C_int{9, 7}},
+	{"ddb.max_line", []_C_int{9, 3}},
+	{"ddb.max_width", []_C_int{9, 2}},
+	{"ddb.panic", []_C_int{9, 5}},
+	{"ddb.profile", []_C_int{9, 9}},
+	{"ddb.radix", []_C_int{9, 1}},
+	{"ddb.tab_stop_width", []_C_int{9, 4}},
+	{"ddb.trigger", []_C_int{9, 8}},
+	{"fs.posix.setuid", []_C_int{3, 1, 1}},
+	{"hw.allowpowerdown", []_C_int{6, 22}},
+	{"hw.byteorder", []_C_int{6, 4}},
+	{"hw.cpuspeed", []_C_int{6, 12}},
+	{"hw.diskcount", []_C_int{6, 10}},
+	{"hw.disknames", []_C_int{6, 8}},
+	{"hw.diskstats", []_C_int{6, 9}},
+	{"hw.machine", []_C_int{6, 1}},
+	{"hw.model", []_C_int{6, 2}},
+	{"hw.ncpu", []_C_int{6, 3}},
+	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
+	{"hw.pagesize", []_C_int{6, 7}},
+	{"hw.perfpolicy", []_C_int{6, 23}},
+	{"hw.physmem", []_C_int{6, 19}},
+	{"hw.product", []_C_int{6, 15}},
+	{"hw.serialno", []_C_int{6, 17}},
+	{"hw.setperf", []_C_int{6, 13}},
+	{"hw.smt", []_C_int{6, 24}},
+	{"hw.usermem", []_C_int{6, 20}},
+	{"hw.uuid", []_C_int{6, 18}},
+	{"hw.vendor", []_C_int{6, 14}},
+	{"hw.version", []_C_int{6, 16}},
+	{"kern.allowkmem", []_C_int{1, 52}},
+	{"kern.argmax", []_C_int{1, 8}},
+	{"kern.audio", []_C_int{1, 84}},
+	{"kern.boottime", []_C_int{1, 21}},
+	{"kern.bufcachepercent", []_C_int{1, 72}},
+	{"kern.ccpu", []_C_int{1, 45}},
+	{"kern.clockrate", []_C_int{1, 12}},
+	{"kern.consdev", []_C_int{1, 75}},
+	{"kern.cp_time", []_C_int{1, 40}},
+	{"kern.cp_time2", []_C_int{1, 71}},
+	{"kern.cpustats", []_C_int{1, 85}},
+	{"kern.domainname", []_C_int{1, 22}},
+	{"kern.file", []_C_int{1, 73}},
+	{"kern.forkstat", []_C_int{1, 42}},
+	{"kern.fscale", []_C_int{1, 46}},
+	{"kern.fsync", []_C_int{1, 33}},
+	{"kern.global_ptrace", []_C_int{1, 81}},
+	{"kern.hostid", []_C_int{1, 11}},
+	{"kern.hostname", []_C_int{1, 10}},
+	{"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}},
+	{"kern.job_control", []_C_int{1, 19}},
+	{"kern.malloc.buckets", []_C_int{1, 39, 1}},
+	{"kern.malloc.kmemnames", []_C_int{1, 39, 3}},
+	{"kern.maxclusters", []_C_int{1, 67}},
+	{"kern.maxfiles", []_C_int{1, 7}},
+	{"kern.maxlocksperuid", []_C_int{1, 70}},
+	{"kern.maxpartitions", []_C_int{1, 23}},
+	{"kern.maxproc", []_C_int{1, 6}},
+	{"kern.maxthread", []_C_int{1, 25}},
+	{"kern.maxvnodes", []_C_int{1, 5}},
+	{"kern.mbstat", []_C_int{1, 59}},
+	{"kern.msgbuf", []_C_int{1, 48}},
+	{"kern.msgbufsize", []_C_int{1, 38}},
+	{"kern.nchstats", []_C_int{1, 41}},
+	{"kern.netlivelocks", []_C_int{1, 76}},
+	{"kern.nfiles", []_C_int{1, 56}},
+	{"kern.ngroups", []_C_int{1, 18}},
+	{"kern.nosuidcoredump", []_C_int{1, 32}},
+	{"kern.nprocs", []_C_int{1, 47}},
+	{"kern.nselcoll", []_C_int{1, 43}},
+	{"kern.nthreads", []_C_int{1, 26}},
+	{"kern.numvnodes", []_C_int{1, 58}},
+	{"kern.osrelease", []_C_int{1, 2}},
+	{"kern.osrevision", []_C_int{1, 3}},
+	{"kern.ostype", []_C_int{1, 1}},
+	{"kern.osversion", []_C_int{1, 27}},
+	{"kern.pool_debug", []_C_int{1, 77}},
+	{"kern.posix1version", []_C_int{1, 17}},
+	{"kern.proc", []_C_int{1, 66}},
+	{"kern.rawpartition", []_C_int{1, 24}},
+	{"kern.saved_ids", []_C_int{1, 20}},
+	{"kern.securelevel", []_C_int{1, 9}},
+	{"kern.seminfo", []_C_int{1, 61}},
+	{"kern.shminfo", []_C_int{1, 62}},
+	{"kern.somaxconn", []_C_int{1, 28}},
+	{"kern.sominconn", []_C_int{1, 29}},
+	{"kern.splassert", []_C_int{1, 54}},
+	{"kern.stackgap_random", []_C_int{1, 50}},
+	{"kern.sysvipc_info", []_C_int{1, 51}},
+	{"kern.sysvmsg", []_C_int{1, 34}},
+	{"kern.sysvsem", []_C_int{1, 35}},
+	{"kern.sysvshm", []_C_int{1, 36}},
+	{"kern.timecounter.choice", []_C_int{1, 69, 4}},
+	{"kern.timecounter.hardware", []_C_int{1, 69, 3}},
+	{"kern.timecounter.tick", []_C_int{1, 69, 1}},
+	{"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}},
+	{"kern.tty.tk_cancc", []_C_int{1, 44, 4}},
+	{"kern.tty.tk_nin", []_C_int{1, 44, 1}},
+	{"kern.tty.tk_nout", []_C_int{1, 44, 2}},
+	{"kern.tty.tk_rawcc", []_C_int{1, 44, 3}},
+	{"kern.tty.ttyinfo", []_C_int{1, 44, 5}},
+	{"kern.ttycount", []_C_int{1, 57}},
+	{"kern.version", []_C_int{1, 4}},
+	{"kern.watchdog.auto", []_C_int{1, 64, 2}},
+	{"kern.watchdog.period", []_C_int{1, 64, 1}},
+	{"kern.witnesswatch", []_C_int{1, 53}},
+	{"kern.wxabort", []_C_int{1, 74}},
+	{"net.bpf.bufsize", []_C_int{4, 31, 1}},
+	{"net.bpf.maxbufsize", []_C_int{4, 31, 2}},
+	{"net.inet.ah.enable", []_C_int{4, 2, 51, 1}},
+	{"net.inet.ah.stats", []_C_int{4, 2, 51, 2}},
+	{"net.inet.carp.allow", []_C_int{4, 2, 112, 1}},
+	{"net.inet.carp.log", []_C_int{4, 2, 112, 3}},
+	{"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}},
+	{"net.inet.carp.stats", []_C_int{4, 2, 112, 4}},
+	{"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}},
+	{"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}},
+	{"net.inet.divert.stats", []_C_int{4, 2, 258, 3}},
+	{"net.inet.esp.enable", []_C_int{4, 2, 50, 1}},
+	{"net.inet.esp.stats", []_C_int{4, 2, 50, 4}},
+	{"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}},
+	{"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}},
+	{"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}},
+	{"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}},
+	{"net.inet.gre.allow", []_C_int{4, 2, 47, 1}},
+	{"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}},
+	{"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}},
+	{"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}},
+	{"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}},
+	{"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}},
+	{"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}},
+	{"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}},
+	{"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}},
+	{"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}},
+	{"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}},
+	{"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}},
+	{"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}},
+	{"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}},
+	{"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}},
+	{"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}},
+	{"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}},
+	{"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}},
+	{"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}},
+	{"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}},
+	{"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}},
+	{"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}},
+	{"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}},
+	{"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}},
+	{"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}},
+	{"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}},
+	{"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}},
+	{"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}},
+	{"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}},
+	{"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}},
+	{"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}},
+	{"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}},
+	{"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}},
+	{"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}},
+	{"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}},
+	{"net.inet.ip.stats", []_C_int{4, 2, 0, 33}},
+	{"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}},
+	{"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}},
+	{"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}},
+	{"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}},
+	{"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}},
+	{"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}},
+	{"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}},
+	{"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}},
+	{"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}},
+	{"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}},
+	{"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}},
+	{"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}},
+	{"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}},
+	{"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}},
+	{"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}},
+	{"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}},
+	{"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}},
+	{"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}},
+	{"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}},
+	{"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}},
+	{"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}},
+	{"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}},
+	{"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}},
+	{"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}},
+	{"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}},
+	{"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}},
+	{"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}},
+	{"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}},
+	{"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}},
+	{"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}},
+	{"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}},
+	{"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}},
+	{"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}},
+	{"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}},
+	{"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}},
+	{"net.inet.udp.stats", []_C_int{4, 2, 17, 5}},
+	{"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}},
+	{"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}},
+	{"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}},
+	{"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}},
+	{"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}},
+	{"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}},
+	{"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}},
+	{"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}},
+	{"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}},
+	{"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}},
+	{"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}},
+	{"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}},
+	{"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}},
+	{"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}},
+	{"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}},
+	{"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}},
+	{"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}},
+	{"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}},
+	{"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}},
+	{"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}},
+	{"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}},
+	{"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}},
+	{"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}},
+	{"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}},
+	{"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}},
+	{"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}},
+	{"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}},
+	{"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}},
+	{"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}},
+	{"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}},
+	{"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}},
+	{"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}},
+	{"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}},
+	{"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}},
+	{"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}},
+	{"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}},
+	{"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}},
+	{"net.key.sadb_dump", []_C_int{4, 30, 1}},
+	{"net.key.spd_dump", []_C_int{4, 30, 2}},
+	{"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}},
+	{"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}},
+	{"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}},
+	{"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}},
+	{"net.mpls.mapttl_ip", []_C_int{4, 33, 5}},
+	{"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}},
+	{"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}},
+	{"net.mpls.ttl", []_C_int{4, 33, 2}},
+	{"net.pflow.stats", []_C_int{4, 34, 1}},
+	{"net.pipex.enable", []_C_int{4, 35, 1}},
+	{"vm.anonmin", []_C_int{2, 7}},
+	{"vm.loadavg", []_C_int{2, 2}},
+	{"vm.malloc_conf", []_C_int{2, 12}},
+	{"vm.maxslp", []_C_int{2, 10}},
+	{"vm.nkmempages", []_C_int{2, 6}},
+	{"vm.psstrings", []_C_int{2, 3}},
+	{"vm.swapencrypt.enable", []_C_int{2, 5, 0}},
+	{"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}},
+	{"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}},
+	{"vm.uspace", []_C_int{2, 11}},
+	{"vm.uvmexp", []_C_int{2, 4}},
+	{"vm.vmmeter", []_C_int{2, 1}},
+	{"vm.vnodemin", []_C_int{2, 9}},
+	{"vm.vtextmin", []_C_int{2, 8}},
+}
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
new file mode 100644
index 0000000000000..d96bb2ba4db67
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
@@ -0,0 +1,280 @@
+// go run mksysctl_openbsd.go
+// Code generated by the command above; DO NOT EDIT.
+
+//go:build mips64 && openbsd
+// +build mips64,openbsd
+
+package unix
+
+type mibentry struct {
+	ctlname string
+	ctloid  []_C_int
+}
+
+var sysctlMib = []mibentry{
+	{"ddb.console", []_C_int{9, 6}},
+	{"ddb.log", []_C_int{9, 7}},
+	{"ddb.max_line", []_C_int{9, 3}},
+	{"ddb.max_width", []_C_int{9, 2}},
+	{"ddb.panic", []_C_int{9, 5}},
+	{"ddb.profile", []_C_int{9, 9}},
+	{"ddb.radix", []_C_int{9, 1}},
+	{"ddb.tab_stop_width", []_C_int{9, 4}},
+	{"ddb.trigger", []_C_int{9, 8}},
+	{"fs.posix.setuid", []_C_int{3, 1, 1}},
+	{"hw.allowpowerdown", []_C_int{6, 22}},
+	{"hw.byteorder", []_C_int{6, 4}},
+	{"hw.cpuspeed", []_C_int{6, 12}},
+	{"hw.diskcount", []_C_int{6, 10}},
+	{"hw.disknames", []_C_int{6, 8}},
+	{"hw.diskstats", []_C_int{6, 9}},
+	{"hw.machine", []_C_int{6, 1}},
+	{"hw.model", []_C_int{6, 2}},
+	{"hw.ncpu", []_C_int{6, 3}},
+	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
+	{"hw.pagesize", []_C_int{6, 7}},
+	{"hw.perfpolicy", []_C_int{6, 23}},
+	{"hw.physmem", []_C_int{6, 19}},
+	{"hw.product", []_C_int{6, 15}},
+	{"hw.serialno", []_C_int{6, 17}},
+	{"hw.setperf", []_C_int{6, 13}},
+	{"hw.smt", []_C_int{6, 24}},
+	{"hw.usermem", []_C_int{6, 20}},
+	{"hw.uuid", []_C_int{6, 18}},
+	{"hw.vendor", []_C_int{6, 14}},
+	{"hw.version", []_C_int{6, 16}},
+	{"kern.allowdt", []_C_int{1, 65}},
+	{"kern.allowkmem", []_C_int{1, 52}},
+	{"kern.argmax", []_C_int{1, 8}},
+	{"kern.audio", []_C_int{1, 84}},
+	{"kern.boottime", []_C_int{1, 21}},
+	{"kern.bufcachepercent", []_C_int{1, 72}},
+	{"kern.ccpu", []_C_int{1, 45}},
+	{"kern.clockrate", []_C_int{1, 12}},
+	{"kern.consbuf", []_C_int{1, 83}},
+	{"kern.consbufsize", []_C_int{1, 82}},
+	{"kern.consdev", []_C_int{1, 75}},
+	{"kern.cp_time", []_C_int{1, 40}},
+	{"kern.cp_time2", []_C_int{1, 71}},
+	{"kern.cpustats", []_C_int{1, 85}},
+	{"kern.domainname", []_C_int{1, 22}},
+	{"kern.file", []_C_int{1, 73}},
+	{"kern.forkstat", []_C_int{1, 42}},
+	{"kern.fscale", []_C_int{1, 46}},
+	{"kern.fsync", []_C_int{1, 33}},
+	{"kern.global_ptrace", []_C_int{1, 81}},
+	{"kern.hostid", []_C_int{1, 11}},
+	{"kern.hostname", []_C_int{1, 10}},
+	{"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}},
+	{"kern.job_control", []_C_int{1, 19}},
+	{"kern.malloc.buckets", []_C_int{1, 39, 1}},
+	{"kern.malloc.kmemnames", []_C_int{1, 39, 3}},
+	{"kern.maxclusters", []_C_int{1, 67}},
+	{"kern.maxfiles", []_C_int{1, 7}},
+	{"kern.maxlocksperuid", []_C_int{1, 70}},
+	{"kern.maxpartitions", []_C_int{1, 23}},
+	{"kern.maxproc", []_C_int{1, 6}},
+	{"kern.maxthread", []_C_int{1, 25}},
+	{"kern.maxvnodes", []_C_int{1, 5}},
+	{"kern.mbstat", []_C_int{1, 59}},
+	{"kern.msgbuf", []_C_int{1, 48}},
+	{"kern.msgbufsize", []_C_int{1, 38}},
+	{"kern.nchstats", []_C_int{1, 41}},
+	{"kern.netlivelocks", []_C_int{1, 76}},
+	{"kern.nfiles", []_C_int{1, 56}},
+	{"kern.ngroups", []_C_int{1, 18}},
+	{"kern.nosuidcoredump", []_C_int{1, 32}},
+	{"kern.nprocs", []_C_int{1, 47}},
+	{"kern.nselcoll", []_C_int{1, 43}},
+	{"kern.nthreads", []_C_int{1, 26}},
+	{"kern.numvnodes", []_C_int{1, 58}},
+	{"kern.osrelease", []_C_int{1, 2}},
+	{"kern.osrevision", []_C_int{1, 3}},
+	{"kern.ostype", []_C_int{1, 1}},
+	{"kern.osversion", []_C_int{1, 27}},
+	{"kern.pfstatus", []_C_int{1, 86}},
+	{"kern.pool_debug", []_C_int{1, 77}},
+	{"kern.posix1version", []_C_int{1, 17}},
+	{"kern.proc", []_C_int{1, 66}},
+	{"kern.rawpartition", []_C_int{1, 24}},
+	{"kern.saved_ids", []_C_int{1, 20}},
+	{"kern.securelevel", []_C_int{1, 9}},
+	{"kern.seminfo", []_C_int{1, 61}},
+	{"kern.shminfo", []_C_int{1, 62}},
+	{"kern.somaxconn", []_C_int{1, 28}},
+	{"kern.sominconn", []_C_int{1, 29}},
+	{"kern.splassert", []_C_int{1, 54}},
+	{"kern.stackgap_random", []_C_int{1, 50}},
+	{"kern.sysvipc_info", []_C_int{1, 51}},
+	{"kern.sysvmsg", []_C_int{1, 34}},
+	{"kern.sysvsem", []_C_int{1, 35}},
+	{"kern.sysvshm", []_C_int{1, 36}},
+	{"kern.timecounter.choice", []_C_int{1, 69, 4}},
+	{"kern.timecounter.hardware", []_C_int{1, 69, 3}},
+	{"kern.timecounter.tick", []_C_int{1, 69, 1}},
+	{"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}},
+	{"kern.timeout_stats", []_C_int{1, 87}},
+	{"kern.tty.tk_cancc", []_C_int{1, 44, 4}},
+	{"kern.tty.tk_nin", []_C_int{1, 44, 1}},
+	{"kern.tty.tk_nout", []_C_int{1, 44, 2}},
+	{"kern.tty.tk_rawcc", []_C_int{1, 44, 3}},
+	{"kern.tty.ttyinfo", []_C_int{1, 44, 5}},
+	{"kern.ttycount", []_C_int{1, 57}},
+	{"kern.utc_offset", []_C_int{1, 88}},
+	{"kern.version", []_C_int{1, 4}},
+	{"kern.watchdog.auto", []_C_int{1, 64, 2}},
+	{"kern.watchdog.period", []_C_int{1, 64, 1}},
+	{"kern.witnesswatch", []_C_int{1, 53}},
+	{"kern.wxabort", []_C_int{1, 74}},
+	{"net.bpf.bufsize", []_C_int{4, 31, 1}},
+	{"net.bpf.maxbufsize", []_C_int{4, 31, 2}},
+	{"net.inet.ah.enable", []_C_int{4, 2, 51, 1}},
+	{"net.inet.ah.stats", []_C_int{4, 2, 51, 2}},
+	{"net.inet.carp.allow", []_C_int{4, 2, 112, 1}},
+	{"net.inet.carp.log", []_C_int{4, 2, 112, 3}},
+	{"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}},
+	{"net.inet.carp.stats", []_C_int{4, 2, 112, 4}},
+	{"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}},
+	{"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}},
+	{"net.inet.divert.stats", []_C_int{4, 2, 258, 3}},
+	{"net.inet.esp.enable", []_C_int{4, 2, 50, 1}},
+	{"net.inet.esp.stats", []_C_int{4, 2, 50, 4}},
+	{"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}},
+	{"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}},
+	{"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}},
+	{"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}},
+	{"net.inet.gre.allow", []_C_int{4, 2, 47, 1}},
+	{"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}},
+	{"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}},
+	{"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}},
+	{"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}},
+	{"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}},
+	{"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}},
+	{"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}},
+	{"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}},
+	{"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}},
+	{"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}},
+	{"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}},
+	{"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}},
+	{"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}},
+	{"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}},
+	{"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}},
+	{"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}},
+	{"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}},
+	{"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}},
+	{"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}},
+	{"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}},
+	{"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}},
+	{"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}},
+	{"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}},
+	{"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}},
+	{"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}},
+	{"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}},
+	{"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}},
+	{"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}},
+	{"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}},
+	{"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}},
+	{"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}},
+	{"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}},
+	{"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}},
+	{"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}},
+	{"net.inet.ip.stats", []_C_int{4, 2, 0, 33}},
+	{"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}},
+	{"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}},
+	{"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}},
+	{"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}},
+	{"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}},
+	{"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}},
+	{"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}},
+	{"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}},
+	{"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}},
+	{"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}},
+	{"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}},
+	{"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}},
+	{"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}},
+	{"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}},
+	{"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}},
+	{"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}},
+	{"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}},
+	{"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}},
+	{"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}},
+	{"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}},
+	{"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}},
+	{"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}},
+	{"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}},
+	{"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}},
+	{"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}},
+	{"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}},
+	{"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}},
+	{"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}},
+	{"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}},
+	{"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}},
+	{"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}},
+	{"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}},
+	{"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}},
+	{"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}},
+	{"net.inet.udp.stats", []_C_int{4, 2, 17, 5}},
+	{"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}},
+	{"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}},
+	{"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}},
+	{"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}},
+	{"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}},
+	{"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}},
+	{"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}},
+	{"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}},
+	{"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}},
+	{"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}},
+	{"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}},
+	{"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}},
+	{"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}},
+	{"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}},
+	{"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}},
+	{"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}},
+	{"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}},
+	{"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}},
+	{"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}},
+	{"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}},
+	{"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}},
+	{"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}},
+	{"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}},
+	{"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}},
+	{"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}},
+	{"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}},
+	{"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}},
+	{"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}},
+	{"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}},
+	{"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}},
+	{"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}},
+	{"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}},
+	{"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}},
+	{"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}},
+	{"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}},
+	{"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}},
+	{"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}},
+	{"net.key.sadb_dump", []_C_int{4, 30, 1}},
+	{"net.key.spd_dump", []_C_int{4, 30, 2}},
+	{"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}},
+	{"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}},
+	{"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}},
+	{"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}},
+	{"net.mpls.mapttl_ip", []_C_int{4, 33, 5}},
+	{"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}},
+	{"net.mpls.ttl", []_C_int{4, 33, 2}},
+	{"net.pflow.stats", []_C_int{4, 34, 1}},
+	{"net.pipex.enable", []_C_int{4, 35, 1}},
+	{"vm.anonmin", []_C_int{2, 7}},
+	{"vm.loadavg", []_C_int{2, 2}},
+	{"vm.malloc_conf", []_C_int{2, 12}},
+	{"vm.maxslp", []_C_int{2, 10}},
+	{"vm.nkmempages", []_C_int{2, 6}},
+	{"vm.psstrings", []_C_int{2, 3}},
+	{"vm.swapencrypt.enable", []_C_int{2, 5, 0}},
+	{"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}},
+	{"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}},
+	{"vm.uspace", []_C_int{2, 11}},
+	{"vm.uvmexp", []_C_int{2, 4}},
+	{"vm.vmmeter", []_C_int{2, 1}},
+	{"vm.vnodemin", []_C_int{2, 9}},
+	{"vm.vtextmin", []_C_int{2, 8}},
+}
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_386.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_386.go
deleted file mode 100644
index d1d36da3f5127..0000000000000
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_386.go
+++ /dev/null
@@ -1,436 +0,0 @@
-// mksysnum_darwin.pl /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/syscall.h
-// Code generated by the command above; see README.md. DO NOT EDIT.
-
-// +build 386,darwin
-
-package unix
-
-const (
-	SYS_SYSCALL                        = 0
-	SYS_EXIT                           = 1
-	SYS_FORK                           = 2
-	SYS_READ                           = 3
-	SYS_WRITE                          = 4
-	SYS_OPEN                           = 5
-	SYS_CLOSE                          = 6
-	SYS_WAIT4                          = 7
-	SYS_LINK                           = 9
-	SYS_UNLINK                         = 10
-	SYS_CHDIR                          = 12
-	SYS_FCHDIR                         = 13
-	SYS_MKNOD                          = 14
-	SYS_CHMOD                          = 15
-	SYS_CHOWN                          = 16
-	SYS_GETFSSTAT                      = 18
-	SYS_GETPID                         = 20
-	SYS_SETUID                         = 23
-	SYS_GETUID                         = 24
-	SYS_GETEUID                        = 25
-	SYS_PTRACE                         = 26
-	SYS_RECVMSG                        = 27
-	SYS_SENDMSG                        = 28
-	SYS_RECVFROM                       = 29
-	SYS_ACCEPT                         = 30
-	SYS_GETPEERNAME                    = 31
-	SYS_GETSOCKNAME                    = 32
-	SYS_ACCESS                         = 33
-	SYS_CHFLAGS                        = 34
-	SYS_FCHFLAGS                       = 35
-	SYS_SYNC                           = 36
-	SYS_KILL                           = 37
-	SYS_GETPPID                        = 39
-	SYS_DUP                            = 41
-	SYS_PIPE                           = 42
-	SYS_GETEGID                        = 43
-	SYS_SIGACTION                      = 46
-	SYS_GETGID                         = 47
-	SYS_SIGPROCMASK                    = 48
-	SYS_GETLOGIN                       = 49
-	SYS_SETLOGIN                       = 50
-	SYS_ACCT                           = 51
-	SYS_SIGPENDING                     = 52
-	SYS_SIGALTSTACK                    = 53
-	SYS_IOCTL                          = 54
-	SYS_REBOOT                         = 55
-	SYS_REVOKE                         = 56
-	SYS_SYMLINK                        = 57
-	SYS_READLINK                       = 58
-	SYS_EXECVE                         = 59
-	SYS_UMASK                          = 60
-	SYS_CHROOT                         = 61
-	SYS_MSYNC                          = 65
-	SYS_VFORK                          = 66
-	SYS_MUNMAP                         = 73
-	SYS_MPROTECT                       = 74
-	SYS_MADVISE                        = 75
-	SYS_MINCORE                        = 78
-	SYS_GETGROUPS                      = 79
-	SYS_SETGROUPS                      = 80
-	SYS_GETPGRP                        = 81
-	SYS_SETPGID                        = 82
-	SYS_SETITIMER                      = 83
-	SYS_SWAPON                         = 85
-	SYS_GETITIMER                      = 86
-	SYS_GETDTABLESIZE                  = 89
-	SYS_DUP2                           = 90
-	SYS_FCNTL                          = 92
-	SYS_SELECT                         = 93
-	SYS_FSYNC                          = 95
-	SYS_SETPRIORITY                    = 96
-	SYS_SOCKET                         = 97
-	SYS_CONNECT                        = 98
-	SYS_GETPRIORITY                    = 100
-	SYS_BIND                           = 104
-	SYS_SETSOCKOPT                     = 105
-	SYS_LISTEN                         = 106
-	SYS_SIGSUSPEND                     = 111
-	SYS_GETTIMEOFDAY                   = 116
-	SYS_GETRUSAGE                      = 117
-	SYS_GETSOCKOPT                     = 118
-	SYS_READV                          = 120
-	SYS_WRITEV                         = 121
-	SYS_SETTIMEOFDAY                   = 122
-	SYS_FCHOWN                         = 123
-	SYS_FCHMOD                         = 124
-	SYS_SETREUID                       = 126
-	SYS_SETREGID                       = 127
-	SYS_RENAME                         = 128
-	SYS_FLOCK                          = 131
-	SYS_MKFIFO                         = 132
-	SYS_SENDTO                         = 133
-	SYS_SHUTDOWN                       = 134
-	SYS_SOCKETPAIR                     = 135
-	SYS_MKDIR                          = 136
-	SYS_RMDIR                          = 137
-	SYS_UTIMES                         = 138
-	SYS_FUTIMES                        = 139
-	SYS_ADJTIME                        = 140
-	SYS_GETHOSTUUID                    = 142
-	SYS_SETSID                         = 147
-	SYS_GETPGID                        = 151
-	SYS_SETPRIVEXEC                    = 152
-	SYS_PREAD                          = 153
-	SYS_PWRITE                         = 154
-	SYS_NFSSVC                         = 155
-	SYS_STATFS                         = 157
-	SYS_FSTATFS                        = 158
-	SYS_UNMOUNT                        = 159
-	SYS_GETFH                          = 161
-	SYS_QUOTACTL                       = 165
-	SYS_MOUNT                          = 167
-	SYS_CSOPS                          = 169
-	SYS_CSOPS_AUDITTOKEN               = 170
-	SYS_WAITID                         = 173
-	SYS_KDEBUG_TYPEFILTER              = 177
-	SYS_KDEBUG_TRACE_STRING            = 178
-	SYS_KDEBUG_TRACE64                 = 179
-	SYS_KDEBUG_TRACE                   = 180
-	SYS_SETGID                         = 181
-	SYS_SETEGID                        = 182
-	SYS_SETEUID                        = 183
-	SYS_SIGRETURN                      = 184
-	SYS_THREAD_SELFCOUNTS              = 186
-	SYS_FDATASYNC                      = 187
-	SYS_STAT                           = 188
-	SYS_FSTAT                          = 189
-	SYS_LSTAT                          = 190
-	SYS_PATHCONF                       = 191
-	SYS_FPATHCONF                      = 192
-	SYS_GETRLIMIT                      = 194
-	SYS_SETRLIMIT                      = 195
-	SYS_GETDIRENTRIES                  = 196
-	SYS_MMAP                           = 197
-	SYS_LSEEK                          = 199
-	SYS_TRUNCATE                       = 200
-	SYS_FTRUNCATE                      = 201
-	SYS_SYSCTL                         = 202
-	SYS_MLOCK                          = 203
-	SYS_MUNLOCK                        = 204
-	SYS_UNDELETE                       = 205
-	SYS_OPEN_DPROTECTED_NP             = 216
-	SYS_GETATTRLIST                    = 220
-	SYS_SETATTRLIST                    = 221
-	SYS_GETDIRENTRIESATTR              = 222
-	SYS_EXCHANGEDATA                   = 223
-	SYS_SEARCHFS                       = 225
-	SYS_DELETE                         = 226
-	SYS_COPYFILE                       = 227
-	SYS_FGETATTRLIST                   = 228
-	SYS_FSETATTRLIST                   = 229
-	SYS_POLL                           = 230
-	SYS_WATCHEVENT                     = 231
-	SYS_WAITEVENT                      = 232
-	SYS_MODWATCH                       = 233
-	SYS_GETXATTR                       = 234
-	SYS_FGETXATTR                      = 235
-	SYS_SETXATTR                       = 236
-	SYS_FSETXATTR                      = 237
-	SYS_REMOVEXATTR                    = 238
-	SYS_FREMOVEXATTR                   = 239
-	SYS_LISTXATTR                      = 240
-	SYS_FLISTXATTR                     = 241
-	SYS_FSCTL                          = 242
-	SYS_INITGROUPS                     = 243
-	SYS_POSIX_SPAWN                    = 244
-	SYS_FFSCTL                         = 245
-	SYS_NFSCLNT                        = 247
-	SYS_FHOPEN                         = 248
-	SYS_MINHERIT                       = 250
-	SYS_SEMSYS                         = 251
-	SYS_MSGSYS                         = 252
-	SYS_SHMSYS                         = 253
-	SYS_SEMCTL                         = 254
-	SYS_SEMGET                         = 255
-	SYS_SEMOP                          = 256
-	SYS_MSGCTL                         = 258
-	SYS_MSGGET                         = 259
-	SYS_MSGSND                         = 260
-	SYS_MSGRCV                         = 261
-	SYS_SHMAT                          = 262
-	SYS_SHMCTL                         = 263
-	SYS_SHMDT                          = 264
-	SYS_SHMGET                         = 265
-	SYS_SHM_OPEN                       = 266
-	SYS_SHM_UNLINK                     = 267
-	SYS_SEM_OPEN                       = 268
-	SYS_SEM_CLOSE                      = 269
-	SYS_SEM_UNLINK                     = 270
-	SYS_SEM_WAIT                       = 271
-	SYS_SEM_TRYWAIT                    = 272
-	SYS_SEM_POST                       = 273
-	SYS_SYSCTLBYNAME                   = 274
-	SYS_OPEN_EXTENDED                  = 277
-	SYS_UMASK_EXTENDED                 = 278
-	SYS_STAT_EXTENDED                  = 279
-	SYS_LSTAT_EXTENDED                 = 280
-	SYS_FSTAT_EXTENDED                 = 281
-	SYS_CHMOD_EXTENDED                 = 282
-	SYS_FCHMOD_EXTENDED                = 283
-	SYS_ACCESS_EXTENDED                = 284
-	SYS_SETTID                         = 285
-	SYS_GETTID                         = 286
-	SYS_SETSGROUPS                     = 287
-	SYS_GETSGROUPS                     = 288
-	SYS_SETWGROUPS                     = 289
-	SYS_GETWGROUPS                     = 290
-	SYS_MKFIFO_EXTENDED                = 291
-	SYS_MKDIR_EXTENDED                 = 292
-	SYS_IDENTITYSVC                    = 293
-	SYS_SHARED_REGION_CHECK_NP         = 294
-	SYS_VM_PRESSURE_MONITOR            = 296
-	SYS_PSYNCH_RW_LONGRDLOCK           = 297
-	SYS_PSYNCH_RW_YIELDWRLOCK          = 298
-	SYS_PSYNCH_RW_DOWNGRADE            = 299
-	SYS_PSYNCH_RW_UPGRADE              = 300
-	SYS_PSYNCH_MUTEXWAIT               = 301
-	SYS_PSYNCH_MUTEXDROP               = 302
-	SYS_PSYNCH_CVBROAD                 = 303
-	SYS_PSYNCH_CVSIGNAL                = 304
-	SYS_PSYNCH_CVWAIT                  = 305
-	SYS_PSYNCH_RW_RDLOCK               = 306
-	SYS_PSYNCH_RW_WRLOCK               = 307
-	SYS_PSYNCH_RW_UNLOCK               = 308
-	SYS_PSYNCH_RW_UNLOCK2              = 309
-	SYS_GETSID                         = 310
-	SYS_SETTID_WITH_PID                = 311
-	SYS_PSYNCH_CVCLRPREPOST            = 312
-	SYS_AIO_FSYNC                      = 313
-	SYS_AIO_RETURN                     = 314
-	SYS_AIO_SUSPEND                    = 315
-	SYS_AIO_CANCEL                     = 316
-	SYS_AIO_ERROR                      = 317
-	SYS_AIO_READ                       = 318
-	SYS_AIO_WRITE                      = 319
-	SYS_LIO_LISTIO                     = 320
-	SYS_IOPOLICYSYS                    = 322
-	SYS_PROCESS_POLICY                 = 323
-	SYS_MLOCKALL                       = 324
-	SYS_MUNLOCKALL                     = 325
-	SYS_ISSETUGID                      = 327
-	SYS___PTHREAD_KILL                 = 328
-	SYS___PTHREAD_SIGMASK              = 329
-	SYS___SIGWAIT                      = 330
-	SYS___DISABLE_THREADSIGNAL         = 331
-	SYS___PTHREAD_MARKCANCEL           = 332
-	SYS___PTHREAD_CANCELED             = 333
-	SYS___SEMWAIT_SIGNAL               = 334
-	SYS_PROC_INFO                      = 336
-	SYS_SENDFILE                       = 337
-	SYS_STAT64                         = 338
-	SYS_FSTAT64                        = 339
-	SYS_LSTAT64                        = 340
-	SYS_STAT64_EXTENDED                = 341
-	SYS_LSTAT64_EXTENDED               = 342
-	SYS_FSTAT64_EXTENDED               = 343
-	SYS_GETDIRENTRIES64                = 344
-	SYS_STATFS64                       = 345
-	SYS_FSTATFS64                      = 346
-	SYS_GETFSSTAT64                    = 347
-	SYS___PTHREAD_CHDIR                = 348
-	SYS___PTHREAD_FCHDIR               = 349
-	SYS_AUDIT                          = 350
-	SYS_AUDITON                        = 351
-	SYS_GETAUID                        = 353
-	SYS_SETAUID                        = 354
-	SYS_GETAUDIT_ADDR                  = 357
-	SYS_SETAUDIT_ADDR                  = 358
-	SYS_AUDITCTL                       = 359
-	SYS_BSDTHREAD_CREATE               = 360
-	SYS_BSDTHREAD_TERMINATE            = 361
-	SYS_KQUEUE                         = 362
-	SYS_KEVENT                         = 363
-	SYS_LCHOWN                         = 364
-	SYS_BSDTHREAD_REGISTER             = 366
-	SYS_WORKQ_OPEN                     = 367
-	SYS_WORKQ_KERNRETURN               = 368
-	SYS_KEVENT64                       = 369
-	SYS___OLD_SEMWAIT_SIGNAL           = 370
-	SYS___OLD_SEMWAIT_SIGNAL_NOCANCEL  = 371
-	SYS_THREAD_SELFID                  = 372
-	SYS_LEDGER                         = 373
-	SYS_KEVENT_QOS                     = 374
-	SYS_KEVENT_ID                      = 375
-	SYS___MAC_EXECVE                   = 380
-	SYS___MAC_SYSCALL                  = 381
-	SYS___MAC_GET_FILE                 = 382
-	SYS___MAC_SET_FILE                 = 383
-	SYS___MAC_GET_LINK                 = 384
-	SYS___MAC_SET_LINK                 = 385
-	SYS___MAC_GET_PROC                 = 386
-	SYS___MAC_SET_PROC                 = 387
-	SYS___MAC_GET_FD                   = 388
-	SYS___MAC_SET_FD                   = 389
-	SYS___MAC_GET_PID                  = 390
-	SYS_PSELECT                        = 394
-	SYS_PSELECT_NOCANCEL               = 395
-	SYS_READ_NOCANCEL                  = 396
-	SYS_WRITE_NOCANCEL                 = 397
-	SYS_OPEN_NOCANCEL                  = 398
-	SYS_CLOSE_NOCANCEL                 = 399
-	SYS_WAIT4_NOCANCEL                 = 400
-	SYS_RECVMSG_NOCANCEL               = 401
-	SYS_SENDMSG_NOCANCEL               = 402
-	SYS_RECVFROM_NOCANCEL              = 403
-	SYS_ACCEPT_NOCANCEL                = 404
-	SYS_MSYNC_NOCANCEL                 = 405
-	SYS_FCNTL_NOCANCEL                 = 406
-	SYS_SELECT_NOCANCEL                = 407
-	SYS_FSYNC_NOCANCEL                 = 408
-	SYS_CONNECT_NOCANCEL               = 409
-	SYS_SIGSUSPEND_NOCANCEL            = 410
-	SYS_READV_NOCANCEL                 = 411
-	SYS_WRITEV_NOCANCEL                = 412
-	SYS_SENDTO_NOCANCEL                = 413
-	SYS_PREAD_NOCANCEL                 = 414
-	SYS_PWRITE_NOCANCEL                = 415
-	SYS_WAITID_NOCANCEL                = 416
-	SYS_POLL_NOCANCEL                  = 417
-	SYS_MSGSND_NOCANCEL                = 418
-	SYS_MSGRCV_NOCANCEL                = 419
-	SYS_SEM_WAIT_NOCANCEL              = 420
-	SYS_AIO_SUSPEND_NOCANCEL           = 421
-	SYS___SIGWAIT_NOCANCEL             = 422
-	SYS___SEMWAIT_SIGNAL_NOCANCEL      = 423
-	SYS___MAC_MOUNT                    = 424
-	SYS___MAC_GET_MOUNT                = 425
-	SYS___MAC_GETFSSTAT                = 426
-	SYS_FSGETPATH                      = 427
-	SYS_AUDIT_SESSION_SELF             = 428
-	SYS_AUDIT_SESSION_JOIN             = 429
-	SYS_FILEPORT_MAKEPORT              = 430
-	SYS_FILEPORT_MAKEFD                = 431
-	SYS_AUDIT_SESSION_PORT             = 432
-	SYS_PID_SUSPEND                    = 433
-	SYS_PID_RESUME                     = 434
-	SYS_PID_HIBERNATE                  = 435
-	SYS_PID_SHUTDOWN_SOCKETS           = 436
-	SYS_SHARED_REGION_MAP_AND_SLIDE_NP = 438
-	SYS_KAS_INFO                       = 439
-	SYS_MEMORYSTATUS_CONTROL           = 440
-	SYS_GUARDED_OPEN_NP                = 441
-	SYS_GUARDED_CLOSE_NP               = 442
-	SYS_GUARDED_KQUEUE_NP              = 443
-	SYS_CHANGE_FDGUARD_NP              = 444
-	SYS_USRCTL                         = 445
-	SYS_PROC_RLIMIT_CONTROL            = 446
-	SYS_CONNECTX                       = 447
-	SYS_DISCONNECTX                    = 448
-	SYS_PEELOFF                        = 449
-	SYS_SOCKET_DELEGATE                = 450
-	SYS_TELEMETRY                      = 451
-	SYS_PROC_UUID_POLICY               = 452
-	SYS_MEMORYSTATUS_GET_LEVEL         = 453
-	SYS_SYSTEM_OVERRIDE                = 454
-	SYS_VFS_PURGE                      = 455
-	SYS_SFI_CTL                        = 456
-	SYS_SFI_PIDCTL                     = 457
-	SYS_COALITION                      = 458
-	SYS_COALITION_INFO                 = 459
-	SYS_NECP_MATCH_POLICY              = 460
-	SYS_GETATTRLISTBULK                = 461
-	SYS_CLONEFILEAT                    = 462
-	SYS_OPENAT                         = 463
-	SYS_OPENAT_NOCANCEL                = 464
-	SYS_RENAMEAT                       = 465
-	SYS_FACCESSAT                      = 466
-	SYS_FCHMODAT                       = 467
-	SYS_FCHOWNAT                       = 468
-	SYS_FSTATAT                        = 469
-	SYS_FSTATAT64                      = 470
-	SYS_LINKAT                         = 471
-	SYS_UNLINKAT                       = 472
-	SYS_READLINKAT                     = 473
-	SYS_SYMLINKAT                      = 474
-	SYS_MKDIRAT                        = 475
-	SYS_GETATTRLISTAT                  = 476
-	SYS_PROC_TRACE_LOG                 = 477
-	SYS_BSDTHREAD_CTL                  = 478
-	SYS_OPENBYID_NP                    = 479
-	SYS_RECVMSG_X                      = 480
-	SYS_SENDMSG_X                      = 481
-	SYS_THREAD_SELFUSAGE               = 482
-	SYS_CSRCTL                         = 483
-	SYS_GUARDED_OPEN_DPROTECTED_NP     = 484
-	SYS_GUARDED_WRITE_NP               = 485
-	SYS_GUARDED_PWRITE_NP              = 486
-	SYS_GUARDED_WRITEV_NP              = 487
-	SYS_RENAMEATX_NP                   = 488
-	SYS_MREMAP_ENCRYPTED               = 489
-	SYS_NETAGENT_TRIGGER               = 490
-	SYS_STACK_SNAPSHOT_WITH_CONFIG     = 491
-	SYS_MICROSTACKSHOT                 = 492
-	SYS_GRAB_PGO_DATA                  = 493
-	SYS_PERSONA                        = 494
-	SYS_WORK_INTERVAL_CTL              = 499
-	SYS_GETENTROPY                     = 500
-	SYS_NECP_OPEN                      = 501
-	SYS_NECP_CLIENT_ACTION             = 502
-	SYS___NEXUS_OPEN                   = 503
-	SYS___NEXUS_REGISTER               = 504
-	SYS___NEXUS_DEREGISTER             = 505
-	SYS___NEXUS_CREATE                 = 506
-	SYS___NEXUS_DESTROY                = 507
-	SYS___NEXUS_GET_OPT                = 508
-	SYS___NEXUS_SET_OPT                = 509
-	SYS___CHANNEL_OPEN                 = 510
-	SYS___CHANNEL_GET_INFO             = 511
-	SYS___CHANNEL_SYNC                 = 512
-	SYS___CHANNEL_GET_OPT              = 513
-	SYS___CHANNEL_SET_OPT              = 514
-	SYS_ULOCK_WAIT                     = 515
-	SYS_ULOCK_WAKE                     = 516
-	SYS_FCLONEFILEAT                   = 517
-	SYS_FS_SNAPSHOT                    = 518
-	SYS_TERMINATE_WITH_PAYLOAD         = 520
-	SYS_ABORT_WITH_PAYLOAD             = 521
-	SYS_NECP_SESSION_OPEN              = 522
-	SYS_NECP_SESSION_ACTION            = 523
-	SYS_SETATTRLISTAT                  = 524
-	SYS_NET_QOS_GUIDELINE              = 525
-	SYS_FMOUNT                         = 526
-	SYS_NTP_ADJTIME                    = 527
-	SYS_NTP_GETTIME                    = 528
-	SYS_OS_FAULT_WITH_PAYLOAD          = 529
-	SYS_MAXSYSCALL                     = 530
-	SYS_INVALID                        = 63
-)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
index e35de4145ed90..f8298ff9b58a3 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
@@ -1,10 +1,12 @@
-// mksysnum_darwin.pl /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/syscall.h
+// go run mksysnum.go /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk/usr/include/sys/syscall.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && darwin
 // +build amd64,darwin
 
 package unix
 
+// Deprecated: Use libSystem wrappers instead of direct syscalls.
 const (
 	SYS_SYSCALL                        = 0
 	SYS_EXIT                           = 1
@@ -431,6 +433,8 @@ const (
 	SYS_NTP_ADJTIME                    = 527
 	SYS_NTP_GETTIME                    = 528
 	SYS_OS_FAULT_WITH_PAYLOAD          = 529
-	SYS_MAXSYSCALL                     = 530
+	SYS_KQUEUE_WORKLOOP_CTL            = 530
+	SYS___MACH_BRIDGE_REMOTE_TIME      = 531
+	SYS_MAXSYSCALL                     = 532
 	SYS_INVALID                        = 63
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm.go
deleted file mode 100644
index f2df27db2c237..0000000000000
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm.go
+++ /dev/null
@@ -1,436 +0,0 @@
-// mksysnum_darwin.pl /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS11.1.sdk/usr/include/sys/syscall.h
-// Code generated by the command above; see README.md. DO NOT EDIT.
-
-// +build arm,darwin
-
-package unix
-
-const (
-	SYS_SYSCALL                        = 0
-	SYS_EXIT                           = 1
-	SYS_FORK                           = 2
-	SYS_READ                           = 3
-	SYS_WRITE                          = 4
-	SYS_OPEN                           = 5
-	SYS_CLOSE                          = 6
-	SYS_WAIT4                          = 7
-	SYS_LINK                           = 9
-	SYS_UNLINK                         = 10
-	SYS_CHDIR                          = 12
-	SYS_FCHDIR                         = 13
-	SYS_MKNOD                          = 14
-	SYS_CHMOD                          = 15
-	SYS_CHOWN                          = 16
-	SYS_GETFSSTAT                      = 18
-	SYS_GETPID                         = 20
-	SYS_SETUID                         = 23
-	SYS_GETUID                         = 24
-	SYS_GETEUID                        = 25
-	SYS_PTRACE                         = 26
-	SYS_RECVMSG                        = 27
-	SYS_SENDMSG                        = 28
-	SYS_RECVFROM                       = 29
-	SYS_ACCEPT                         = 30
-	SYS_GETPEERNAME                    = 31
-	SYS_GETSOCKNAME                    = 32
-	SYS_ACCESS                         = 33
-	SYS_CHFLAGS                        = 34
-	SYS_FCHFLAGS                       = 35
-	SYS_SYNC                           = 36
-	SYS_KILL                           = 37
-	SYS_GETPPID                        = 39
-	SYS_DUP                            = 41
-	SYS_PIPE                           = 42
-	SYS_GETEGID                        = 43
-	SYS_SIGACTION                      = 46
-	SYS_GETGID                         = 47
-	SYS_SIGPROCMASK                    = 48
-	SYS_GETLOGIN                       = 49
-	SYS_SETLOGIN                       = 50
-	SYS_ACCT                           = 51
-	SYS_SIGPENDING                     = 52
-	SYS_SIGALTSTACK                    = 53
-	SYS_IOCTL                          = 54
-	SYS_REBOOT                         = 55
-	SYS_REVOKE                         = 56
-	SYS_SYMLINK                        = 57
-	SYS_READLINK                       = 58
-	SYS_EXECVE                         = 59
-	SYS_UMASK                          = 60
-	SYS_CHROOT                         = 61
-	SYS_MSYNC                          = 65
-	SYS_VFORK                          = 66
-	SYS_MUNMAP                         = 73
-	SYS_MPROTECT                       = 74
-	SYS_MADVISE                        = 75
-	SYS_MINCORE                        = 78
-	SYS_GETGROUPS                      = 79
-	SYS_SETGROUPS                      = 80
-	SYS_GETPGRP                        = 81
-	SYS_SETPGID                        = 82
-	SYS_SETITIMER                      = 83
-	SYS_SWAPON                         = 85
-	SYS_GETITIMER                      = 86
-	SYS_GETDTABLESIZE                  = 89
-	SYS_DUP2                           = 90
-	SYS_FCNTL                          = 92
-	SYS_SELECT                         = 93
-	SYS_FSYNC                          = 95
-	SYS_SETPRIORITY                    = 96
-	SYS_SOCKET                         = 97
-	SYS_CONNECT                        = 98
-	SYS_GETPRIORITY                    = 100
-	SYS_BIND                           = 104
-	SYS_SETSOCKOPT                     = 105
-	SYS_LISTEN                         = 106
-	SYS_SIGSUSPEND                     = 111
-	SYS_GETTIMEOFDAY                   = 116
-	SYS_GETRUSAGE                      = 117
-	SYS_GETSOCKOPT                     = 118
-	SYS_READV                          = 120
-	SYS_WRITEV                         = 121
-	SYS_SETTIMEOFDAY                   = 122
-	SYS_FCHOWN                         = 123
-	SYS_FCHMOD                         = 124
-	SYS_SETREUID                       = 126
-	SYS_SETREGID                       = 127
-	SYS_RENAME                         = 128
-	SYS_FLOCK                          = 131
-	SYS_MKFIFO                         = 132
-	SYS_SENDTO                         = 133
-	SYS_SHUTDOWN                       = 134
-	SYS_SOCKETPAIR                     = 135
-	SYS_MKDIR                          = 136
-	SYS_RMDIR                          = 137
-	SYS_UTIMES                         = 138
-	SYS_FUTIMES                        = 139
-	SYS_ADJTIME                        = 140
-	SYS_GETHOSTUUID                    = 142
-	SYS_SETSID                         = 147
-	SYS_GETPGID                        = 151
-	SYS_SETPRIVEXEC                    = 152
-	SYS_PREAD                          = 153
-	SYS_PWRITE                         = 154
-	SYS_NFSSVC                         = 155
-	SYS_STATFS                         = 157
-	SYS_FSTATFS                        = 158
-	SYS_UNMOUNT                        = 159
-	SYS_GETFH                          = 161
-	SYS_QUOTACTL                       = 165
-	SYS_MOUNT                          = 167
-	SYS_CSOPS                          = 169
-	SYS_CSOPS_AUDITTOKEN               = 170
-	SYS_WAITID                         = 173
-	SYS_KDEBUG_TYPEFILTER              = 177
-	SYS_KDEBUG_TRACE_STRING            = 178
-	SYS_KDEBUG_TRACE64                 = 179
-	SYS_KDEBUG_TRACE                   = 180
-	SYS_SETGID                         = 181
-	SYS_SETEGID                        = 182
-	SYS_SETEUID                        = 183
-	SYS_SIGRETURN                      = 184
-	SYS_THREAD_SELFCOUNTS              = 186
-	SYS_FDATASYNC                      = 187
-	SYS_STAT                           = 188
-	SYS_FSTAT                          = 189
-	SYS_LSTAT                          = 190
-	SYS_PATHCONF                       = 191
-	SYS_FPATHCONF                      = 192
-	SYS_GETRLIMIT                      = 194
-	SYS_SETRLIMIT                      = 195
-	SYS_GETDIRENTRIES                  = 196
-	SYS_MMAP                           = 197
-	SYS_LSEEK                          = 199
-	SYS_TRUNCATE                       = 200
-	SYS_FTRUNCATE                      = 201
-	SYS_SYSCTL                         = 202
-	SYS_MLOCK                          = 203
-	SYS_MUNLOCK                        = 204
-	SYS_UNDELETE                       = 205
-	SYS_OPEN_DPROTECTED_NP             = 216
-	SYS_GETATTRLIST                    = 220
-	SYS_SETATTRLIST                    = 221
-	SYS_GETDIRENTRIESATTR              = 222
-	SYS_EXCHANGEDATA                   = 223
-	SYS_SEARCHFS                       = 225
-	SYS_DELETE                         = 226
-	SYS_COPYFILE                       = 227
-	SYS_FGETATTRLIST                   = 228
-	SYS_FSETATTRLIST                   = 229
-	SYS_POLL                           = 230
-	SYS_WATCHEVENT                     = 231
-	SYS_WAITEVENT                      = 232
-	SYS_MODWATCH                       = 233
-	SYS_GETXATTR                       = 234
-	SYS_FGETXATTR                      = 235
-	SYS_SETXATTR                       = 236
-	SYS_FSETXATTR                      = 237
-	SYS_REMOVEXATTR                    = 238
-	SYS_FREMOVEXATTR                   = 239
-	SYS_LISTXATTR                      = 240
-	SYS_FLISTXATTR                     = 241
-	SYS_FSCTL                          = 242
-	SYS_INITGROUPS                     = 243
-	SYS_POSIX_SPAWN                    = 244
-	SYS_FFSCTL                         = 245
-	SYS_NFSCLNT                        = 247
-	SYS_FHOPEN                         = 248
-	SYS_MINHERIT                       = 250
-	SYS_SEMSYS                         = 251
-	SYS_MSGSYS                         = 252
-	SYS_SHMSYS                         = 253
-	SYS_SEMCTL                         = 254
-	SYS_SEMGET                         = 255
-	SYS_SEMOP                          = 256
-	SYS_MSGCTL                         = 258
-	SYS_MSGGET                         = 259
-	SYS_MSGSND                         = 260
-	SYS_MSGRCV                         = 261
-	SYS_SHMAT                          = 262
-	SYS_SHMCTL                         = 263
-	SYS_SHMDT                          = 264
-	SYS_SHMGET                         = 265
-	SYS_SHM_OPEN                       = 266
-	SYS_SHM_UNLINK                     = 267
-	SYS_SEM_OPEN                       = 268
-	SYS_SEM_CLOSE                      = 269
-	SYS_SEM_UNLINK                     = 270
-	SYS_SEM_WAIT                       = 271
-	SYS_SEM_TRYWAIT                    = 272
-	SYS_SEM_POST                       = 273
-	SYS_SYSCTLBYNAME                   = 274
-	SYS_OPEN_EXTENDED                  = 277
-	SYS_UMASK_EXTENDED                 = 278
-	SYS_STAT_EXTENDED                  = 279
-	SYS_LSTAT_EXTENDED                 = 280
-	SYS_FSTAT_EXTENDED                 = 281
-	SYS_CHMOD_EXTENDED                 = 282
-	SYS_FCHMOD_EXTENDED                = 283
-	SYS_ACCESS_EXTENDED                = 284
-	SYS_SETTID                         = 285
-	SYS_GETTID                         = 286
-	SYS_SETSGROUPS                     = 287
-	SYS_GETSGROUPS                     = 288
-	SYS_SETWGROUPS                     = 289
-	SYS_GETWGROUPS                     = 290
-	SYS_MKFIFO_EXTENDED                = 291
-	SYS_MKDIR_EXTENDED                 = 292
-	SYS_IDENTITYSVC                    = 293
-	SYS_SHARED_REGION_CHECK_NP         = 294
-	SYS_VM_PRESSURE_MONITOR            = 296
-	SYS_PSYNCH_RW_LONGRDLOCK           = 297
-	SYS_PSYNCH_RW_YIELDWRLOCK          = 298
-	SYS_PSYNCH_RW_DOWNGRADE            = 299
-	SYS_PSYNCH_RW_UPGRADE              = 300
-	SYS_PSYNCH_MUTEXWAIT               = 301
-	SYS_PSYNCH_MUTEXDROP               = 302
-	SYS_PSYNCH_CVBROAD                 = 303
-	SYS_PSYNCH_CVSIGNAL                = 304
-	SYS_PSYNCH_CVWAIT                  = 305
-	SYS_PSYNCH_RW_RDLOCK               = 306
-	SYS_PSYNCH_RW_WRLOCK               = 307
-	SYS_PSYNCH_RW_UNLOCK               = 308
-	SYS_PSYNCH_RW_UNLOCK2              = 309
-	SYS_GETSID                         = 310
-	SYS_SETTID_WITH_PID                = 311
-	SYS_PSYNCH_CVCLRPREPOST            = 312
-	SYS_AIO_FSYNC                      = 313
-	SYS_AIO_RETURN                     = 314
-	SYS_AIO_SUSPEND                    = 315
-	SYS_AIO_CANCEL                     = 316
-	SYS_AIO_ERROR                      = 317
-	SYS_AIO_READ                       = 318
-	SYS_AIO_WRITE                      = 319
-	SYS_LIO_LISTIO                     = 320
-	SYS_IOPOLICYSYS                    = 322
-	SYS_PROCESS_POLICY                 = 323
-	SYS_MLOCKALL                       = 324
-	SYS_MUNLOCKALL                     = 325
-	SYS_ISSETUGID                      = 327
-	SYS___PTHREAD_KILL                 = 328
-	SYS___PTHREAD_SIGMASK              = 329
-	SYS___SIGWAIT                      = 330
-	SYS___DISABLE_THREADSIGNAL         = 331
-	SYS___PTHREAD_MARKCANCEL           = 332
-	SYS___PTHREAD_CANCELED             = 333
-	SYS___SEMWAIT_SIGNAL               = 334
-	SYS_PROC_INFO                      = 336
-	SYS_SENDFILE                       = 337
-	SYS_STAT64                         = 338
-	SYS_FSTAT64                        = 339
-	SYS_LSTAT64                        = 340
-	SYS_STAT64_EXTENDED                = 341
-	SYS_LSTAT64_EXTENDED               = 342
-	SYS_FSTAT64_EXTENDED               = 343
-	SYS_GETDIRENTRIES64                = 344
-	SYS_STATFS64                       = 345
-	SYS_FSTATFS64                      = 346
-	SYS_GETFSSTAT64                    = 347
-	SYS___PTHREAD_CHDIR                = 348
-	SYS___PTHREAD_FCHDIR               = 349
-	SYS_AUDIT                          = 350
-	SYS_AUDITON                        = 351
-	SYS_GETAUID                        = 353
-	SYS_SETAUID                        = 354
-	SYS_GETAUDIT_ADDR                  = 357
-	SYS_SETAUDIT_ADDR                  = 358
-	SYS_AUDITCTL                       = 359
-	SYS_BSDTHREAD_CREATE               = 360
-	SYS_BSDTHREAD_TERMINATE            = 361
-	SYS_KQUEUE                         = 362
-	SYS_KEVENT                         = 363
-	SYS_LCHOWN                         = 364
-	SYS_BSDTHREAD_REGISTER             = 366
-	SYS_WORKQ_OPEN                     = 367
-	SYS_WORKQ_KERNRETURN               = 368
-	SYS_KEVENT64                       = 369
-	SYS___OLD_SEMWAIT_SIGNAL           = 370
-	SYS___OLD_SEMWAIT_SIGNAL_NOCANCEL  = 371
-	SYS_THREAD_SELFID                  = 372
-	SYS_LEDGER                         = 373
-	SYS_KEVENT_QOS                     = 374
-	SYS_KEVENT_ID                      = 375
-	SYS___MAC_EXECVE                   = 380
-	SYS___MAC_SYSCALL                  = 381
-	SYS___MAC_GET_FILE                 = 382
-	SYS___MAC_SET_FILE                 = 383
-	SYS___MAC_GET_LINK                 = 384
-	SYS___MAC_SET_LINK                 = 385
-	SYS___MAC_GET_PROC                 = 386
-	SYS___MAC_SET_PROC                 = 387
-	SYS___MAC_GET_FD                   = 388
-	SYS___MAC_SET_FD                   = 389
-	SYS___MAC_GET_PID                  = 390
-	SYS_PSELECT                        = 394
-	SYS_PSELECT_NOCANCEL               = 395
-	SYS_READ_NOCANCEL                  = 396
-	SYS_WRITE_NOCANCEL                 = 397
-	SYS_OPEN_NOCANCEL                  = 398
-	SYS_CLOSE_NOCANCEL                 = 399
-	SYS_WAIT4_NOCANCEL                 = 400
-	SYS_RECVMSG_NOCANCEL               = 401
-	SYS_SENDMSG_NOCANCEL               = 402
-	SYS_RECVFROM_NOCANCEL              = 403
-	SYS_ACCEPT_NOCANCEL                = 404
-	SYS_MSYNC_NOCANCEL                 = 405
-	SYS_FCNTL_NOCANCEL                 = 406
-	SYS_SELECT_NOCANCEL                = 407
-	SYS_FSYNC_NOCANCEL                 = 408
-	SYS_CONNECT_NOCANCEL               = 409
-	SYS_SIGSUSPEND_NOCANCEL            = 410
-	SYS_READV_NOCANCEL                 = 411
-	SYS_WRITEV_NOCANCEL                = 412
-	SYS_SENDTO_NOCANCEL                = 413
-	SYS_PREAD_NOCANCEL                 = 414
-	SYS_PWRITE_NOCANCEL                = 415
-	SYS_WAITID_NOCANCEL                = 416
-	SYS_POLL_NOCANCEL                  = 417
-	SYS_MSGSND_NOCANCEL                = 418
-	SYS_MSGRCV_NOCANCEL                = 419
-	SYS_SEM_WAIT_NOCANCEL              = 420
-	SYS_AIO_SUSPEND_NOCANCEL           = 421
-	SYS___SIGWAIT_NOCANCEL             = 422
-	SYS___SEMWAIT_SIGNAL_NOCANCEL      = 423
-	SYS___MAC_MOUNT                    = 424
-	SYS___MAC_GET_MOUNT                = 425
-	SYS___MAC_GETFSSTAT                = 426
-	SYS_FSGETPATH                      = 427
-	SYS_AUDIT_SESSION_SELF             = 428
-	SYS_AUDIT_SESSION_JOIN             = 429
-	SYS_FILEPORT_MAKEPORT              = 430
-	SYS_FILEPORT_MAKEFD                = 431
-	SYS_AUDIT_SESSION_PORT             = 432
-	SYS_PID_SUSPEND                    = 433
-	SYS_PID_RESUME                     = 434
-	SYS_PID_HIBERNATE                  = 435
-	SYS_PID_SHUTDOWN_SOCKETS           = 436
-	SYS_SHARED_REGION_MAP_AND_SLIDE_NP = 438
-	SYS_KAS_INFO                       = 439
-	SYS_MEMORYSTATUS_CONTROL           = 440
-	SYS_GUARDED_OPEN_NP                = 441
-	SYS_GUARDED_CLOSE_NP               = 442
-	SYS_GUARDED_KQUEUE_NP              = 443
-	SYS_CHANGE_FDGUARD_NP              = 444
-	SYS_USRCTL                         = 445
-	SYS_PROC_RLIMIT_CONTROL            = 446
-	SYS_CONNECTX                       = 447
-	SYS_DISCONNECTX                    = 448
-	SYS_PEELOFF                        = 449
-	SYS_SOCKET_DELEGATE                = 450
-	SYS_TELEMETRY                      = 451
-	SYS_PROC_UUID_POLICY               = 452
-	SYS_MEMORYSTATUS_GET_LEVEL         = 453
-	SYS_SYSTEM_OVERRIDE                = 454
-	SYS_VFS_PURGE                      = 455
-	SYS_SFI_CTL                        = 456
-	SYS_SFI_PIDCTL                     = 457
-	SYS_COALITION                      = 458
-	SYS_COALITION_INFO                 = 459
-	SYS_NECP_MATCH_POLICY              = 460
-	SYS_GETATTRLISTBULK                = 461
-	SYS_CLONEFILEAT                    = 462
-	SYS_OPENAT                         = 463
-	SYS_OPENAT_NOCANCEL                = 464
-	SYS_RENAMEAT                       = 465
-	SYS_FACCESSAT                      = 466
-	SYS_FCHMODAT                       = 467
-	SYS_FCHOWNAT                       = 468
-	SYS_FSTATAT                        = 469
-	SYS_FSTATAT64                      = 470
-	SYS_LINKAT                         = 471
-	SYS_UNLINKAT                       = 472
-	SYS_READLINKAT                     = 473
-	SYS_SYMLINKAT                      = 474
-	SYS_MKDIRAT                        = 475
-	SYS_GETATTRLISTAT                  = 476
-	SYS_PROC_TRACE_LOG                 = 477
-	SYS_BSDTHREAD_CTL                  = 478
-	SYS_OPENBYID_NP                    = 479
-	SYS_RECVMSG_X                      = 480
-	SYS_SENDMSG_X                      = 481
-	SYS_THREAD_SELFUSAGE               = 482
-	SYS_CSRCTL                         = 483
-	SYS_GUARDED_OPEN_DPROTECTED_NP     = 484
-	SYS_GUARDED_WRITE_NP               = 485
-	SYS_GUARDED_PWRITE_NP              = 486
-	SYS_GUARDED_WRITEV_NP              = 487
-	SYS_RENAMEATX_NP                   = 488
-	SYS_MREMAP_ENCRYPTED               = 489
-	SYS_NETAGENT_TRIGGER               = 490
-	SYS_STACK_SNAPSHOT_WITH_CONFIG     = 491
-	SYS_MICROSTACKSHOT                 = 492
-	SYS_GRAB_PGO_DATA                  = 493
-	SYS_PERSONA                        = 494
-	SYS_WORK_INTERVAL_CTL              = 499
-	SYS_GETENTROPY                     = 500
-	SYS_NECP_OPEN                      = 501
-	SYS_NECP_CLIENT_ACTION             = 502
-	SYS___NEXUS_OPEN                   = 503
-	SYS___NEXUS_REGISTER               = 504
-	SYS___NEXUS_DEREGISTER             = 505
-	SYS___NEXUS_CREATE                 = 506
-	SYS___NEXUS_DESTROY                = 507
-	SYS___NEXUS_GET_OPT                = 508
-	SYS___NEXUS_SET_OPT                = 509
-	SYS___CHANNEL_OPEN                 = 510
-	SYS___CHANNEL_GET_INFO             = 511
-	SYS___CHANNEL_SYNC                 = 512
-	SYS___CHANNEL_GET_OPT              = 513
-	SYS___CHANNEL_SET_OPT              = 514
-	SYS_ULOCK_WAIT                     = 515
-	SYS_ULOCK_WAKE                     = 516
-	SYS_FCLONEFILEAT                   = 517
-	SYS_FS_SNAPSHOT                    = 518
-	SYS_TERMINATE_WITH_PAYLOAD         = 520
-	SYS_ABORT_WITH_PAYLOAD             = 521
-	SYS_NECP_SESSION_OPEN              = 522
-	SYS_NECP_SESSION_ACTION            = 523
-	SYS_SETATTRLISTAT                  = 524
-	SYS_NET_QOS_GUIDELINE              = 525
-	SYS_FMOUNT                         = 526
-	SYS_NTP_ADJTIME                    = 527
-	SYS_NTP_GETTIME                    = 528
-	SYS_OS_FAULT_WITH_PAYLOAD          = 529
-	SYS_MAXSYSCALL                     = 530
-	SYS_INVALID                        = 63
-)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
index 9694630232f5a..5eb433bbf010e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
@@ -1,10 +1,12 @@
-// mksysnum_darwin.pl /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS11.1.sdk/usr/include/sys/syscall.h
+// go run mksysnum.go /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS11.1.sdk/usr/include/sys/syscall.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm64 && darwin
 // +build arm64,darwin
 
 package unix
 
+// Deprecated: Use libSystem wrappers instead of direct syscalls.
 const (
 	SYS_SYSCALL                        = 0
 	SYS_EXIT                           = 1
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
index b2c9ef81b8196..703675c0c4a53 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
@@ -1,168 +1,165 @@
-// mksysnum_dragonfly.pl
+// go run mksysnum.go https://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/HEAD:/sys/kern/syscalls.master
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && dragonfly
 // +build amd64,dragonfly
 
 package unix
 
 const (
-	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
-	SYS_EXIT          = 1   // { void exit(int rval); }
-	SYS_FORK          = 2   // { int fork(void); }
-	SYS_READ          = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
-	SYS_WRITE         = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
-	SYS_OPEN          = 5   // { int open(char *path, int flags, int mode); }
-	SYS_CLOSE         = 6   // { int close(int fd); }
-	SYS_WAIT4         = 7   // { int wait4(int pid, int *status, int options, \
-	SYS_LINK          = 9   // { int link(char *path, char *link); }
-	SYS_UNLINK        = 10  // { int unlink(char *path); }
-	SYS_CHDIR         = 12  // { int chdir(char *path); }
-	SYS_FCHDIR        = 13  // { int fchdir(int fd); }
-	SYS_MKNOD         = 14  // { int mknod(char *path, int mode, int dev); }
-	SYS_CHMOD         = 15  // { int chmod(char *path, int mode); }
-	SYS_CHOWN         = 16  // { int chown(char *path, int uid, int gid); }
-	SYS_OBREAK        = 17  // { int obreak(char *nsize); } break obreak_args int
-	SYS_GETFSSTAT     = 18  // { int getfsstat(struct statfs *buf, long bufsize, \
-	SYS_GETPID        = 20  // { pid_t getpid(void); }
-	SYS_MOUNT         = 21  // { int mount(char *type, char *path, int flags, \
-	SYS_UNMOUNT       = 22  // { int unmount(char *path, int flags); }
-	SYS_SETUID        = 23  // { int setuid(uid_t uid); }
-	SYS_GETUID        = 24  // { uid_t getuid(void); }
-	SYS_GETEUID       = 25  // { uid_t geteuid(void); }
-	SYS_PTRACE        = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, \
-	SYS_RECVMSG       = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
-	SYS_SENDMSG       = 28  // { int sendmsg(int s, caddr_t msg, int flags); }
-	SYS_RECVFROM      = 29  // { int recvfrom(int s, caddr_t buf, size_t len, \
-	SYS_ACCEPT        = 30  // { int accept(int s, caddr_t name, int *anamelen); }
-	SYS_GETPEERNAME   = 31  // { int getpeername(int fdes, caddr_t asa, int *alen); }
-	SYS_GETSOCKNAME   = 32  // { int getsockname(int fdes, caddr_t asa, int *alen); }
-	SYS_ACCESS        = 33  // { int access(char *path, int flags); }
-	SYS_CHFLAGS       = 34  // { int chflags(char *path, int flags); }
-	SYS_FCHFLAGS      = 35  // { int fchflags(int fd, int flags); }
-	SYS_SYNC          = 36  // { int sync(void); }
-	SYS_KILL          = 37  // { int kill(int pid, int signum); }
-	SYS_GETPPID       = 39  // { pid_t getppid(void); }
-	SYS_DUP           = 41  // { int dup(int fd); }
-	SYS_PIPE          = 42  // { int pipe(void); }
-	SYS_GETEGID       = 43  // { gid_t getegid(void); }
-	SYS_PROFIL        = 44  // { int profil(caddr_t samples, size_t size, \
-	SYS_KTRACE        = 45  // { int ktrace(const char *fname, int ops, int facs, \
-	SYS_GETGID        = 47  // { gid_t getgid(void); }
-	SYS_GETLOGIN      = 49  // { int getlogin(char *namebuf, u_int namelen); }
-	SYS_SETLOGIN      = 50  // { int setlogin(char *namebuf); }
-	SYS_ACCT          = 51  // { int acct(char *path); }
-	SYS_SIGALTSTACK   = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
-	SYS_IOCTL         = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
-	SYS_REBOOT        = 55  // { int reboot(int opt); }
-	SYS_REVOKE        = 56  // { int revoke(char *path); }
-	SYS_SYMLINK       = 57  // { int symlink(char *path, char *link); }
-	SYS_READLINK      = 58  // { int readlink(char *path, char *buf, int count); }
-	SYS_EXECVE        = 59  // { int execve(char *fname, char **argv, char **envv); }
-	SYS_UMASK         = 60  // { int umask(int newmask); } umask umask_args int
-	SYS_CHROOT        = 61  // { int chroot(char *path); }
-	SYS_MSYNC         = 65  // { int msync(void *addr, size_t len, int flags); }
-	SYS_VFORK         = 66  // { pid_t vfork(void); }
-	SYS_SBRK          = 69  // { int sbrk(int incr); }
-	SYS_SSTK          = 70  // { int sstk(int incr); }
-	SYS_MUNMAP        = 73  // { int munmap(void *addr, size_t len); }
-	SYS_MPROTECT      = 74  // { int mprotect(void *addr, size_t len, int prot); }
-	SYS_MADVISE       = 75  // { int madvise(void *addr, size_t len, int behav); }
-	SYS_MINCORE       = 78  // { int mincore(const void *addr, size_t len, \
-	SYS_GETGROUPS     = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
-	SYS_SETGROUPS     = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
-	SYS_GETPGRP       = 81  // { int getpgrp(void); }
-	SYS_SETPGID       = 82  // { int setpgid(int pid, int pgid); }
-	SYS_SETITIMER     = 83  // { int setitimer(u_int which, struct itimerval *itv, \
-	SYS_SWAPON        = 85  // { int swapon(char *name); }
-	SYS_GETITIMER     = 86  // { int getitimer(u_int which, struct itimerval *itv); }
-	SYS_GETDTABLESIZE = 89  // { int getdtablesize(void); }
-	SYS_DUP2          = 90  // { int dup2(int from, int to); }
-	SYS_FCNTL         = 92  // { int fcntl(int fd, int cmd, long arg); }
-	SYS_SELECT        = 93  // { int select(int nd, fd_set *in, fd_set *ou, \
-	SYS_FSYNC         = 95  // { int fsync(int fd); }
-	SYS_SETPRIORITY   = 96  // { int setpriority(int which, int who, int prio); }
-	SYS_SOCKET        = 97  // { int socket(int domain, int type, int protocol); }
-	SYS_CONNECT       = 98  // { int connect(int s, caddr_t name, int namelen); }
-	SYS_GETPRIORITY   = 100 // { int getpriority(int which, int who); }
-	SYS_BIND          = 104 // { int bind(int s, caddr_t name, int namelen); }
-	SYS_SETSOCKOPT    = 105 // { int setsockopt(int s, int level, int name, \
-	SYS_LISTEN        = 106 // { int listen(int s, int backlog); }
-	SYS_GETTIMEOFDAY  = 116 // { int gettimeofday(struct timeval *tp, \
-	SYS_GETRUSAGE     = 117 // { int getrusage(int who, struct rusage *rusage); }
-	SYS_GETSOCKOPT    = 118 // { int getsockopt(int s, int level, int name, \
-	SYS_READV         = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
-	SYS_WRITEV        = 121 // { int writev(int fd, struct iovec *iovp, \
-	SYS_SETTIMEOFDAY  = 122 // { int settimeofday(struct timeval *tv, \
-	SYS_FCHOWN        = 123 // { int fchown(int fd, int uid, int gid); }
-	SYS_FCHMOD        = 124 // { int fchmod(int fd, int mode); }
-	SYS_SETREUID      = 126 // { int setreuid(int ruid, int euid); }
-	SYS_SETREGID      = 127 // { int setregid(int rgid, int egid); }
-	SYS_RENAME        = 128 // { int rename(char *from, char *to); }
-	SYS_FLOCK         = 131 // { int flock(int fd, int how); }
-	SYS_MKFIFO        = 132 // { int mkfifo(char *path, int mode); }
-	SYS_SENDTO        = 133 // { int sendto(int s, caddr_t buf, size_t len, \
-	SYS_SHUTDOWN      = 134 // { int shutdown(int s, int how); }
-	SYS_SOCKETPAIR    = 135 // { int socketpair(int domain, int type, int protocol, \
-	SYS_MKDIR         = 136 // { int mkdir(char *path, int mode); }
-	SYS_RMDIR         = 137 // { int rmdir(char *path); }
-	SYS_UTIMES        = 138 // { int utimes(char *path, struct timeval *tptr); }
-	SYS_ADJTIME       = 140 // { int adjtime(struct timeval *delta, \
-	SYS_SETSID        = 147 // { int setsid(void); }
-	SYS_QUOTACTL      = 148 // { int quotactl(char *path, int cmd, int uid, \
-	SYS_STATFS        = 157 // { int statfs(char *path, struct statfs *buf); }
-	SYS_FSTATFS       = 158 // { int fstatfs(int fd, struct statfs *buf); }
-	SYS_GETFH         = 161 // { int getfh(char *fname, struct fhandle *fhp); }
-	SYS_GETDOMAINNAME = 162 // { int getdomainname(char *domainname, int len); }
-	SYS_SETDOMAINNAME = 163 // { int setdomainname(char *domainname, int len); }
-	SYS_UNAME         = 164 // { int uname(struct utsname *name); }
-	SYS_SYSARCH       = 165 // { int sysarch(int op, char *parms); }
-	SYS_RTPRIO        = 166 // { int rtprio(int function, pid_t pid, \
-	SYS_EXTPREAD      = 173 // { ssize_t extpread(int fd, void *buf, \
-	SYS_EXTPWRITE     = 174 // { ssize_t extpwrite(int fd, const void *buf, \
-	SYS_NTP_ADJTIME   = 176 // { int ntp_adjtime(struct timex *tp); }
-	SYS_SETGID        = 181 // { int setgid(gid_t gid); }
-	SYS_SETEGID       = 182 // { int setegid(gid_t egid); }
-	SYS_SETEUID       = 183 // { int seteuid(uid_t euid); }
-	SYS_PATHCONF      = 191 // { int pathconf(char *path, int name); }
-	SYS_FPATHCONF     = 192 // { int fpathconf(int fd, int name); }
-	SYS_GETRLIMIT     = 194 // { int getrlimit(u_int which, \
-	SYS_SETRLIMIT     = 195 // { int setrlimit(u_int which, \
-	SYS_MMAP          = 197 // { caddr_t mmap(caddr_t addr, size_t len, int prot, \
-	// SYS_NOSYS = 198;  // { int nosys(void); } __syscall __syscall_args int
-	SYS_LSEEK                  = 199 // { off_t lseek(int fd, int pad, off_t offset, \
+	SYS_EXIT  = 1 // { void exit(int rval); }
+	SYS_FORK  = 2 // { int fork(void); }
+	SYS_READ  = 3 // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE = 4 // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN  = 5 // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE = 6 // { int close(int fd); }
+	SYS_WAIT4 = 7 // { int wait4(int pid, int *status, int options, struct rusage *rusage); } wait4 wait_args int
+	// SYS_NOSYS = 8;  // { int nosys(void); } __nosys nosys_args int
+	SYS_LINK                   = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                 = 10  // { int unlink(char *path); }
+	SYS_CHDIR                  = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                 = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                  = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                  = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                  = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                 = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETFSSTAT              = 18  // { int getfsstat(struct statfs *buf, long bufsize, int flags); }
+	SYS_GETPID                 = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                  = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                 = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                 = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                 = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                = 28  // { int sendmsg(int s, caddr_t msg, int flags); }
+	SYS_RECVFROM               = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, caddr_t from, int *fromlenaddr); }
+	SYS_ACCEPT                 = 30  // { int accept(int s, caddr_t name, int *anamelen); }
+	SYS_GETPEERNAME            = 31  // { int getpeername(int fdes, caddr_t asa, int *alen); }
+	SYS_GETSOCKNAME            = 32  // { int getsockname(int fdes, caddr_t asa, int *alen); }
+	SYS_ACCESS                 = 33  // { int access(char *path, int flags); }
+	SYS_CHFLAGS                = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS               = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                   = 36  // { int sync(void); }
+	SYS_KILL                   = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                = 39  // { pid_t getppid(void); }
+	SYS_DUP                    = 41  // { int dup(int fd); }
+	SYS_PIPE                   = 42  // { int pipe(void); }
+	SYS_GETEGID                = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                 = 44  // { int profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE                 = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                 = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN               = 49  // { int getlogin(char *namebuf, size_t namelen); }
+	SYS_SETLOGIN               = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                   = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK            = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                  = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                 = 55  // { int reboot(int opt); }
+	SYS_REVOKE                 = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK               = 58  // { int readlink(char *path, char *buf, int count); }
+	SYS_EXECVE                 = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                  = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                 = 61  // { int chroot(char *path); }
+	SYS_MSYNC                  = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                  = 66  // { pid_t vfork(void); }
+	SYS_SBRK                   = 69  // { caddr_t sbrk(size_t incr); }
+	SYS_SSTK                   = 70  // { int sstk(size_t incr); }
+	SYS_MUNMAP                 = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT               = 74  // { int mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE                = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS              = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS              = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                = 81  // { int getpgrp(void); }
+	SYS_SETPGID                = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER              = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                 = 85  // { int swapon(char *name); }
+	SYS_GETITIMER              = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE          = 89  // { int getdtablesize(void); }
+	SYS_DUP2                   = 90  // { int dup2(int from, int to); }
+	SYS_FCNTL                  = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                 = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                  = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY            = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                 = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY            = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                   = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT             = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                 = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY           = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE              = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT             = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                  = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                 = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY           = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                 = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                 = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID               = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID               = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                 = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                  = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                 = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                 = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN               = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR             = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                  = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                  = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                 = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                 = 147 // { int setsid(void); }
+	SYS_QUOTACTL               = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_STATFS                 = 157 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                = 158 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_GETFH                  = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                 = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_EXTPREAD               = 173 // { ssize_t extpread(int fd, void *buf, size_t nbyte, int flags, off_t offset); }
+	SYS_EXTPWRITE              = 174 // { ssize_t extpwrite(int fd, const void *buf, size_t nbyte, int flags, off_t offset); }
+	SYS_NTP_ADJTIME            = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                 = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                = 183 // { int seteuid(uid_t euid); }
+	SYS_PATHCONF               = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF              = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT              = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT              = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_MMAP                   = 197 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, int pad, off_t pos); }
+	SYS_LSEEK                  = 199 // { off_t lseek(int fd, int pad, off_t offset, int whence); }
 	SYS_TRUNCATE               = 200 // { int truncate(char *path, int pad, off_t length); }
 	SYS_FTRUNCATE              = 201 // { int ftruncate(int fd, int pad, off_t length); }
-	SYS___SYSCTL               = 202 // { int __sysctl(int *name, u_int namelen, void *old, \
+	SYS___SYSCTL               = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
 	SYS_MLOCK                  = 203 // { int mlock(const void *addr, size_t len); }
 	SYS_MUNLOCK                = 204 // { int munlock(const void *addr, size_t len); }
 	SYS_UNDELETE               = 205 // { int undelete(char *path); }
 	SYS_FUTIMES                = 206 // { int futimes(int fd, struct timeval *tptr); }
 	SYS_GETPGID                = 207 // { int getpgid(pid_t pid); }
-	SYS_POLL                   = 209 // { int poll(struct pollfd *fds, u_int nfds, \
-	SYS___SEMCTL               = 220 // { int __semctl(int semid, int semnum, int cmd, \
+	SYS_POLL                   = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS___SEMCTL               = 220 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
 	SYS_SEMGET                 = 221 // { int semget(key_t key, int nsems, int semflg); }
-	SYS_SEMOP                  = 222 // { int semop(int semid, struct sembuf *sops, \
-	SYS_MSGCTL                 = 224 // { int msgctl(int msqid, int cmd, \
+	SYS_SEMOP                  = 222 // { int semop(int semid, struct sembuf *sops, u_int nsops); }
+	SYS_MSGCTL                 = 224 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
 	SYS_MSGGET                 = 225 // { int msgget(key_t key, int msgflg); }
-	SYS_MSGSND                 = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, \
-	SYS_MSGRCV                 = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, \
-	SYS_SHMAT                  = 228 // { caddr_t shmat(int shmid, const void *shmaddr, \
-	SYS_SHMCTL                 = 229 // { int shmctl(int shmid, int cmd, \
+	SYS_MSGSND                 = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                 = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                  = 228 // { caddr_t shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMCTL                 = 229 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
 	SYS_SHMDT                  = 230 // { int shmdt(const void *shmaddr); }
 	SYS_SHMGET                 = 231 // { int shmget(key_t key, size_t size, int shmflg); }
-	SYS_CLOCK_GETTIME          = 232 // { int clock_gettime(clockid_t clock_id, \
-	SYS_CLOCK_SETTIME          = 233 // { int clock_settime(clockid_t clock_id, \
-	SYS_CLOCK_GETRES           = 234 // { int clock_getres(clockid_t clock_id, \
-	SYS_NANOSLEEP              = 240 // { int nanosleep(const struct timespec *rqtp, \
+	SYS_CLOCK_GETTIME          = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME          = 233 // { int clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES           = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_NANOSLEEP              = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
 	SYS_MINHERIT               = 250 // { int minherit(void *addr, size_t len, int inherit); }
 	SYS_RFORK                  = 251 // { int rfork(int flags); }
-	SYS_OPENBSD_POLL           = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, \
+	SYS_OPENBSD_POLL           = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
 	SYS_ISSETUGID              = 253 // { int issetugid(void); }
 	SYS_LCHOWN                 = 254 // { int lchown(char *path, int uid, int gid); }
 	SYS_LCHMOD                 = 274 // { int lchmod(char *path, mode_t mode); }
 	SYS_LUTIMES                = 276 // { int lutimes(char *path, struct timeval *tptr); }
-	SYS_EXTPREADV              = 289 // { ssize_t extpreadv(int fd, struct iovec *iovp, \
-	SYS_EXTPWRITEV             = 290 // { ssize_t extpwritev(int fd, struct iovec *iovp,\
+	SYS_EXTPREADV              = 289 // { ssize_t extpreadv(int fd, const struct iovec *iovp, int iovcnt, int flags, off_t offset); }
+	SYS_EXTPWRITEV             = 290 // { ssize_t extpwritev(int fd, const struct iovec *iovp, int iovcnt, int flags, off_t offset); }
 	SYS_FHSTATFS               = 297 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
 	SYS_FHOPEN                 = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
 	SYS_MODNEXT                = 300 // { int modnext(int modid); }
@@ -200,34 +197,34 @@ const (
 	SYS_UTRACE                 = 335 // { int utrace(const void *addr, size_t len); }
 	SYS_KLDSYM                 = 337 // { int kldsym(int fileid, int cmd, void *data); }
 	SYS_JAIL                   = 338 // { int jail(struct jail *jail); }
-	SYS_SIGPROCMASK            = 340 // { int sigprocmask(int how, const sigset_t *set, \
+	SYS_SIGPROCMASK            = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
 	SYS_SIGSUSPEND             = 341 // { int sigsuspend(const sigset_t *sigmask); }
-	SYS_SIGACTION              = 342 // { int sigaction(int sig, const struct sigaction *act, \
+	SYS_SIGACTION              = 342 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
 	SYS_SIGPENDING             = 343 // { int sigpending(sigset_t *set); }
 	SYS_SIGRETURN              = 344 // { int sigreturn(ucontext_t *sigcntxp); }
-	SYS_SIGTIMEDWAIT           = 345 // { int sigtimedwait(const sigset_t *set,\
-	SYS_SIGWAITINFO            = 346 // { int sigwaitinfo(const sigset_t *set,\
-	SYS___ACL_GET_FILE         = 347 // { int __acl_get_file(const char *path, \
-	SYS___ACL_SET_FILE         = 348 // { int __acl_set_file(const char *path, \
-	SYS___ACL_GET_FD           = 349 // { int __acl_get_fd(int filedes, acl_type_t type, \
-	SYS___ACL_SET_FD           = 350 // { int __acl_set_fd(int filedes, acl_type_t type, \
-	SYS___ACL_DELETE_FILE      = 351 // { int __acl_delete_file(const char *path, \
+	SYS_SIGTIMEDWAIT           = 345 // { int sigtimedwait(const sigset_t *set,siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO            = 346 // { int sigwaitinfo(const sigset_t *set,siginfo_t *info); }
+	SYS___ACL_GET_FILE         = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE         = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD           = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD           = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE      = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
 	SYS___ACL_DELETE_FD        = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
-	SYS___ACL_ACLCHECK_FILE    = 353 // { int __acl_aclcheck_file(const char *path, \
-	SYS___ACL_ACLCHECK_FD      = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, \
-	SYS_EXTATTRCTL             = 355 // { int extattrctl(const char *path, int cmd, \
-	SYS_EXTATTR_SET_FILE       = 356 // { int extattr_set_file(const char *path, \
-	SYS_EXTATTR_GET_FILE       = 357 // { int extattr_get_file(const char *path, \
-	SYS_EXTATTR_DELETE_FILE    = 358 // { int extattr_delete_file(const char *path, \
+	SYS___ACL_ACLCHECK_FILE    = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD      = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL             = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE       = 356 // { int extattr_set_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE       = 357 // { int extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE    = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
 	SYS_AIO_WAITCOMPLETE       = 359 // { int aio_waitcomplete(struct aiocb **aiocbp, struct timespec *timeout); }
 	SYS_GETRESUID              = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
 	SYS_GETRESGID              = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
 	SYS_KQUEUE                 = 362 // { int kqueue(void); }
-	SYS_KEVENT                 = 363 // { int kevent(int fd, \
+	SYS_KEVENT                 = 363 // { int kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
 	SYS_KENV                   = 390 // { int kenv(int what, const char *name, char *value, int len); }
-	SYS_LCHFLAGS               = 391 // { int lchflags(char *path, int flags); }
+	SYS_LCHFLAGS               = 391 // { int lchflags(const char *path, u_long flags); }
 	SYS_UUIDGEN                = 392 // { int uuidgen(struct uuid *store, int count); }
-	SYS_SENDFILE               = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, \
+	SYS_SENDFILE               = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
 	SYS_VARSYM_SET             = 450 // { int varsym_set(int level, const char *name, const char *data); }
 	SYS_VARSYM_GET             = 451 // { int varsym_get(int mask, const char *wild, char *buf, int bufsize); }
 	SYS_VARSYM_LIST            = 452 // { int varsym_list(int level, char *buf, int maxsize, int *marker); }
@@ -245,71 +242,76 @@ const (
 	SYS_FSTAT                  = 476 // { int fstat(int fd, struct stat *sb); }
 	SYS_LSTAT                  = 477 // { int lstat(const char *path, struct stat *ub); }
 	SYS_FHSTAT                 = 478 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
-	SYS_GETDIRENTRIES          = 479 // { int getdirentries(int fd, char *buf, u_int count, \
+	SYS_GETDIRENTRIES          = 479 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
 	SYS_GETDENTS               = 480 // { int getdents(int fd, char *buf, size_t count); }
-	SYS_USCHED_SET             = 481 // { int usched_set(pid_t pid, int cmd, void *data, \
+	SYS_USCHED_SET             = 481 // { int usched_set(pid_t pid, int cmd, void *data, int bytes); }
 	SYS_EXTACCEPT              = 482 // { int extaccept(int s, int flags, caddr_t name, int *anamelen); }
 	SYS_EXTCONNECT             = 483 // { int extconnect(int s, int flags, caddr_t name, int namelen); }
 	SYS_MCONTROL               = 485 // { int mcontrol(void *addr, size_t len, int behav, off_t value); }
 	SYS_VMSPACE_CREATE         = 486 // { int vmspace_create(void *id, int type, void *data); }
 	SYS_VMSPACE_DESTROY        = 487 // { int vmspace_destroy(void *id); }
-	SYS_VMSPACE_CTL            = 488 // { int vmspace_ctl(void *id, int cmd, 		\
-	SYS_VMSPACE_MMAP           = 489 // { int vmspace_mmap(void *id, void *addr, size_t len, \
-	SYS_VMSPACE_MUNMAP         = 490 // { int vmspace_munmap(void *id, void *addr,	\
-	SYS_VMSPACE_MCONTROL       = 491 // { int vmspace_mcontrol(void *id, void *addr, 	\
-	SYS_VMSPACE_PREAD          = 492 // { ssize_t vmspace_pread(void *id, void *buf, \
-	SYS_VMSPACE_PWRITE         = 493 // { ssize_t vmspace_pwrite(void *id, const void *buf, \
+	SYS_VMSPACE_CTL            = 488 // { int vmspace_ctl(void *id, int cmd, 		struct trapframe *tframe,	struct vextframe *vframe); }
+	SYS_VMSPACE_MMAP           = 489 // { int vmspace_mmap(void *id, void *addr, size_t len, int prot, int flags, int fd, off_t offset); }
+	SYS_VMSPACE_MUNMAP         = 490 // { int vmspace_munmap(void *id, void *addr,	size_t len); }
+	SYS_VMSPACE_MCONTROL       = 491 // { int vmspace_mcontrol(void *id, void *addr, 	size_t len, int behav, off_t value); }
+	SYS_VMSPACE_PREAD          = 492 // { ssize_t vmspace_pread(void *id, void *buf, size_t nbyte, int flags, off_t offset); }
+	SYS_VMSPACE_PWRITE         = 493 // { ssize_t vmspace_pwrite(void *id, const void *buf, size_t nbyte, int flags, off_t offset); }
 	SYS_EXTEXIT                = 494 // { void extexit(int how, int status, void *addr); }
 	SYS_LWP_CREATE             = 495 // { int lwp_create(struct lwp_params *params); }
 	SYS_LWP_GETTID             = 496 // { lwpid_t lwp_gettid(void); }
 	SYS_LWP_KILL               = 497 // { int lwp_kill(pid_t pid, lwpid_t tid, int signum); }
 	SYS_LWP_RTPRIO             = 498 // { int lwp_rtprio(int function, pid_t pid, lwpid_t tid, struct rtprio *rtp); }
-	SYS_PSELECT                = 499 // { int pselect(int nd, fd_set *in, fd_set *ou, \
+	SYS_PSELECT                = 499 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts,    const sigset_t *sigmask); }
 	SYS_STATVFS                = 500 // { int statvfs(const char *path, struct statvfs *buf); }
 	SYS_FSTATVFS               = 501 // { int fstatvfs(int fd, struct statvfs *buf); }
 	SYS_FHSTATVFS              = 502 // { int fhstatvfs(const struct fhandle *u_fhp, struct statvfs *buf); }
-	SYS_GETVFSSTAT             = 503 // { int getvfsstat(struct statfs *buf,          \
+	SYS_GETVFSSTAT             = 503 // { int getvfsstat(struct statfs *buf,          struct statvfs *vbuf, long vbufsize, int flags); }
 	SYS_OPENAT                 = 504 // { int openat(int fd, char *path, int flags, int mode); }
-	SYS_FSTATAT                = 505 // { int fstatat(int fd, char *path, 	\
-	SYS_FCHMODAT               = 506 // { int fchmodat(int fd, char *path, int mode, \
-	SYS_FCHOWNAT               = 507 // { int fchownat(int fd, char *path, int uid, int gid, \
+	SYS_FSTATAT                = 505 // { int fstatat(int fd, char *path, 	struct stat *sb, int flags); }
+	SYS_FCHMODAT               = 506 // { int fchmodat(int fd, char *path, int mode, int flags); }
+	SYS_FCHOWNAT               = 507 // { int fchownat(int fd, char *path, int uid, int gid, int flags); }
 	SYS_UNLINKAT               = 508 // { int unlinkat(int fd, char *path, int flags); }
-	SYS_FACCESSAT              = 509 // { int faccessat(int fd, char *path, int amode, \
-	SYS_MQ_OPEN                = 510 // { mqd_t mq_open(const char * name, int oflag, \
+	SYS_FACCESSAT              = 509 // { int faccessat(int fd, char *path, int amode, int flags); }
+	SYS_MQ_OPEN                = 510 // { mqd_t mq_open(const char * name, int oflag, mode_t mode, struct mq_attr *attr); }
 	SYS_MQ_CLOSE               = 511 // { int mq_close(mqd_t mqdes); }
 	SYS_MQ_UNLINK              = 512 // { int mq_unlink(const char *name); }
-	SYS_MQ_GETATTR             = 513 // { int mq_getattr(mqd_t mqdes, \
-	SYS_MQ_SETATTR             = 514 // { int mq_setattr(mqd_t mqdes, \
-	SYS_MQ_NOTIFY              = 515 // { int mq_notify(mqd_t mqdes, \
-	SYS_MQ_SEND                = 516 // { int mq_send(mqd_t mqdes, const char *msg_ptr, \
-	SYS_MQ_RECEIVE             = 517 // { ssize_t mq_receive(mqd_t mqdes, char *msg_ptr, \
-	SYS_MQ_TIMEDSEND           = 518 // { int mq_timedsend(mqd_t mqdes, \
-	SYS_MQ_TIMEDRECEIVE        = 519 // { ssize_t mq_timedreceive(mqd_t mqdes, \
+	SYS_MQ_GETATTR             = 513 // { int mq_getattr(mqd_t mqdes, struct mq_attr *mqstat); }
+	SYS_MQ_SETATTR             = 514 // { int mq_setattr(mqd_t mqdes, const struct mq_attr *mqstat, struct mq_attr *omqstat); }
+	SYS_MQ_NOTIFY              = 515 // { int mq_notify(mqd_t mqdes, const struct sigevent *notification); }
+	SYS_MQ_SEND                = 516 // { int mq_send(mqd_t mqdes, const char *msg_ptr, size_t msg_len, unsigned msg_prio); }
+	SYS_MQ_RECEIVE             = 517 // { ssize_t mq_receive(mqd_t mqdes, char *msg_ptr, size_t msg_len, unsigned *msg_prio); }
+	SYS_MQ_TIMEDSEND           = 518 // { int mq_timedsend(mqd_t mqdes, const char *msg_ptr, size_t msg_len, unsigned msg_prio, const struct timespec *abs_timeout); }
+	SYS_MQ_TIMEDRECEIVE        = 519 // { ssize_t mq_timedreceive(mqd_t mqdes, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); }
 	SYS_IOPRIO_SET             = 520 // { int ioprio_set(int which, int who, int prio); }
 	SYS_IOPRIO_GET             = 521 // { int ioprio_get(int which, int who); }
 	SYS_CHROOT_KERNEL          = 522 // { int chroot_kernel(char *path); }
-	SYS_RENAMEAT               = 523 // { int renameat(int oldfd, char *old, int newfd, \
+	SYS_RENAMEAT               = 523 // { int renameat(int oldfd, char *old, int newfd, char *new); }
 	SYS_MKDIRAT                = 524 // { int mkdirat(int fd, char *path, mode_t mode); }
 	SYS_MKFIFOAT               = 525 // { int mkfifoat(int fd, char *path, mode_t mode); }
-	SYS_MKNODAT                = 526 // { int mknodat(int fd, char *path, mode_t mode, \
-	SYS_READLINKAT             = 527 // { int readlinkat(int fd, char *path, char *buf, \
+	SYS_MKNODAT                = 526 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_READLINKAT             = 527 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
 	SYS_SYMLINKAT              = 528 // { int symlinkat(char *path1, int fd, char *path2); }
 	SYS_SWAPOFF                = 529 // { int swapoff(char *name); }
-	SYS_VQUOTACTL              = 530 // { int vquotactl(const char *path, \
-	SYS_LINKAT                 = 531 // { int linkat(int fd1, char *path1, int fd2, \
+	SYS_VQUOTACTL              = 530 // { int vquotactl(const char *path, struct plistref *pref); }
+	SYS_LINKAT                 = 531 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flags); }
 	SYS_EACCESS                = 532 // { int eaccess(char *path, int flags); }
 	SYS_LPATHCONF              = 533 // { int lpathconf(char *path, int name); }
 	SYS_VMM_GUEST_CTL          = 534 // { int vmm_guest_ctl(int op, struct vmm_guest_options *options); }
 	SYS_VMM_GUEST_SYNC_ADDR    = 535 // { int vmm_guest_sync_addr(long *dstaddr, long *srcaddr); }
 	SYS_PROCCTL                = 536 // { int procctl(idtype_t idtype, id_t id, int cmd, void *data); }
-	SYS_CHFLAGSAT              = 537 // { int chflagsat(int fd, const char *path, int flags, int atflags);}
+	SYS_CHFLAGSAT              = 537 // { int chflagsat(int fd, const char *path, u_long flags, int atflags);}
 	SYS_PIPE2                  = 538 // { int pipe2(int *fildes, int flags); }
 	SYS_UTIMENSAT              = 539 // { int utimensat(int fd, const char *path, const struct timespec *ts, int flags); }
 	SYS_FUTIMENS               = 540 // { int futimens(int fd, const struct timespec *ts); }
 	SYS_ACCEPT4                = 541 // { int accept4(int s, caddr_t name, int *anamelen, int flags); }
 	SYS_LWP_SETNAME            = 542 // { int lwp_setname(lwpid_t tid, const char *name); }
-	SYS_PPOLL                  = 543 // { int ppoll(struct pollfd *fds, u_int nfds, \
+	SYS_PPOLL                  = 543 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *sigmask); }
 	SYS_LWP_SETAFFINITY        = 544 // { int lwp_setaffinity(pid_t pid, lwpid_t tid, const cpumask_t *mask); }
 	SYS_LWP_GETAFFINITY        = 545 // { int lwp_getaffinity(pid_t pid, lwpid_t tid, cpumask_t *mask); }
 	SYS_LWP_CREATE2            = 546 // { int lwp_create2(struct lwp_params *params, const cpumask_t *mask); }
+	SYS_GETCPUCLOCKID          = 547 // { int getcpuclockid(pid_t pid, lwpid_t lwp_id, clockid_t *clock_id); }
+	SYS_WAIT6                  = 548 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_LWP_GETNAME            = 549 // { int lwp_getname(lwpid_t tid, char *name, size_t len); }
+	SYS_GETRANDOM              = 550 // { ssize_t getrandom(void *buf, size_t len, unsigned flags); }
+	SYS___REALPATH             = 551 // { ssize_t __realpath(const char *path, char *buf, size_t len); }
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
index b64a8122ce4c3..59d5dfc209222 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
@@ -1,353 +1,397 @@
-// mksysnum_freebsd.pl
+// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && freebsd
 // +build 386,freebsd
 
 package unix
 
 const (
 	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
-	SYS_EXIT                   = 1   // { void sys_exit(int rval); } exit \
-	SYS_FORK                   = 2   // { int fork(void); }
-	SYS_READ                   = 3   // { ssize_t read(int fd, void *buf, \
-	SYS_WRITE                  = 4   // { ssize_t write(int fd, const void *buf, \
-	SYS_OPEN                   = 5   // { int open(char *path, int flags, int mode); }
-	SYS_CLOSE                  = 6   // { int close(int fd); }
-	SYS_WAIT4                  = 7   // { int wait4(int pid, int *status, \
-	SYS_LINK                   = 9   // { int link(char *path, char *link); }
-	SYS_UNLINK                 = 10  // { int unlink(char *path); }
-	SYS_CHDIR                  = 12  // { int chdir(char *path); }
-	SYS_FCHDIR                 = 13  // { int fchdir(int fd); }
-	SYS_MKNOD                  = 14  // { int mknod(char *path, int mode, int dev); }
-	SYS_CHMOD                  = 15  // { int chmod(char *path, int mode); }
-	SYS_CHOWN                  = 16  // { int chown(char *path, int uid, int gid); }
-	SYS_OBREAK                 = 17  // { int obreak(char *nsize); } break \
-	SYS_GETPID                 = 20  // { pid_t getpid(void); }
-	SYS_MOUNT                  = 21  // { int mount(char *type, char *path, \
-	SYS_UNMOUNT                = 22  // { int unmount(char *path, int flags); }
-	SYS_SETUID                 = 23  // { int setuid(uid_t uid); }
-	SYS_GETUID                 = 24  // { uid_t getuid(void); }
-	SYS_GETEUID                = 25  // { uid_t geteuid(void); }
-	SYS_PTRACE                 = 26  // { int ptrace(int req, pid_t pid, \
-	SYS_RECVMSG                = 27  // { int recvmsg(int s, struct msghdr *msg, \
-	SYS_SENDMSG                = 28  // { int sendmsg(int s, struct msghdr *msg, \
-	SYS_RECVFROM               = 29  // { int recvfrom(int s, caddr_t buf, \
-	SYS_ACCEPT                 = 30  // { int accept(int s, \
-	SYS_GETPEERNAME            = 31  // { int getpeername(int fdes, \
-	SYS_GETSOCKNAME            = 32  // { int getsockname(int fdes, \
-	SYS_ACCESS                 = 33  // { int access(char *path, int amode); }
-	SYS_CHFLAGS                = 34  // { int chflags(const char *path, u_long flags); }
-	SYS_FCHFLAGS               = 35  // { int fchflags(int fd, u_long flags); }
-	SYS_SYNC                   = 36  // { int sync(void); }
-	SYS_KILL                   = 37  // { int kill(int pid, int signum); }
-	SYS_GETPPID                = 39  // { pid_t getppid(void); }
-	SYS_DUP                    = 41  // { int dup(u_int fd); }
-	SYS_PIPE                   = 42  // { int pipe(void); }
-	SYS_GETEGID                = 43  // { gid_t getegid(void); }
-	SYS_PROFIL                 = 44  // { int profil(caddr_t samples, size_t size, \
-	SYS_KTRACE                 = 45  // { int ktrace(const char *fname, int ops, \
-	SYS_GETGID                 = 47  // { gid_t getgid(void); }
-	SYS_GETLOGIN               = 49  // { int getlogin(char *namebuf, u_int \
-	SYS_SETLOGIN               = 50  // { int setlogin(char *namebuf); }
-	SYS_ACCT                   = 51  // { int acct(char *path); }
-	SYS_SIGALTSTACK            = 53  // { int sigaltstack(stack_t *ss, \
-	SYS_IOCTL                  = 54  // { int ioctl(int fd, u_long com, \
-	SYS_REBOOT                 = 55  // { int reboot(int opt); }
-	SYS_REVOKE                 = 56  // { int revoke(char *path); }
-	SYS_SYMLINK                = 57  // { int symlink(char *path, char *link); }
-	SYS_READLINK               = 58  // { ssize_t readlink(char *path, char *buf, \
-	SYS_EXECVE                 = 59  // { int execve(char *fname, char **argv, \
-	SYS_UMASK                  = 60  // { int umask(int newmask); } umask umask_args \
-	SYS_CHROOT                 = 61  // { int chroot(char *path); }
-	SYS_MSYNC                  = 65  // { int msync(void *addr, size_t len, \
-	SYS_VFORK                  = 66  // { int vfork(void); }
-	SYS_SBRK                   = 69  // { int sbrk(int incr); }
-	SYS_SSTK                   = 70  // { int sstk(int incr); }
-	SYS_OVADVISE               = 72  // { int ovadvise(int anom); } vadvise \
-	SYS_MUNMAP                 = 73  // { int munmap(void *addr, size_t len); }
-	SYS_MPROTECT               = 74  // { int mprotect(const void *addr, size_t len, \
-	SYS_MADVISE                = 75  // { int madvise(void *addr, size_t len, \
-	SYS_MINCORE                = 78  // { int mincore(const void *addr, size_t len, \
-	SYS_GETGROUPS              = 79  // { int getgroups(u_int gidsetsize, \
-	SYS_SETGROUPS              = 80  // { int setgroups(u_int gidsetsize, \
-	SYS_GETPGRP                = 81  // { int getpgrp(void); }
-	SYS_SETPGID                = 82  // { int setpgid(int pid, int pgid); }
-	SYS_SETITIMER              = 83  // { int setitimer(u_int which, struct \
-	SYS_SWAPON                 = 85  // { int swapon(char *name); }
-	SYS_GETITIMER              = 86  // { int getitimer(u_int which, \
-	SYS_GETDTABLESIZE          = 89  // { int getdtablesize(void); }
-	SYS_DUP2                   = 90  // { int dup2(u_int from, u_int to); }
-	SYS_FCNTL                  = 92  // { int fcntl(int fd, int cmd, long arg); }
-	SYS_SELECT                 = 93  // { int select(int nd, fd_set *in, fd_set *ou, \
-	SYS_FSYNC                  = 95  // { int fsync(int fd); }
-	SYS_SETPRIORITY            = 96  // { int setpriority(int which, int who, \
-	SYS_SOCKET                 = 97  // { int socket(int domain, int type, \
-	SYS_CONNECT                = 98  // { int connect(int s, caddr_t name, \
-	SYS_GETPRIORITY            = 100 // { int getpriority(int which, int who); }
-	SYS_BIND                   = 104 // { int bind(int s, caddr_t name, \
-	SYS_SETSOCKOPT             = 105 // { int setsockopt(int s, int level, int name, \
-	SYS_LISTEN                 = 106 // { int listen(int s, int backlog); }
-	SYS_GETTIMEOFDAY           = 116 // { int gettimeofday(struct timeval *tp, \
-	SYS_GETRUSAGE              = 117 // { int getrusage(int who, \
-	SYS_GETSOCKOPT             = 118 // { int getsockopt(int s, int level, int name, \
-	SYS_READV                  = 120 // { int readv(int fd, struct iovec *iovp, \
-	SYS_WRITEV                 = 121 // { int writev(int fd, struct iovec *iovp, \
-	SYS_SETTIMEOFDAY           = 122 // { int settimeofday(struct timeval *tv, \
-	SYS_FCHOWN                 = 123 // { int fchown(int fd, int uid, int gid); }
-	SYS_FCHMOD                 = 124 // { int fchmod(int fd, int mode); }
-	SYS_SETREUID               = 126 // { int setreuid(int ruid, int euid); }
-	SYS_SETREGID               = 127 // { int setregid(int rgid, int egid); }
-	SYS_RENAME                 = 128 // { int rename(char *from, char *to); }
-	SYS_FLOCK                  = 131 // { int flock(int fd, int how); }
-	SYS_MKFIFO                 = 132 // { int mkfifo(char *path, int mode); }
-	SYS_SENDTO                 = 133 // { int sendto(int s, caddr_t buf, size_t len, \
-	SYS_SHUTDOWN               = 134 // { int shutdown(int s, int how); }
-	SYS_SOCKETPAIR             = 135 // { int socketpair(int domain, int type, \
-	SYS_MKDIR                  = 136 // { int mkdir(char *path, int mode); }
-	SYS_RMDIR                  = 137 // { int rmdir(char *path); }
-	SYS_UTIMES                 = 138 // { int utimes(char *path, \
-	SYS_ADJTIME                = 140 // { int adjtime(struct timeval *delta, \
-	SYS_SETSID                 = 147 // { int setsid(void); }
-	SYS_QUOTACTL               = 148 // { int quotactl(char *path, int cmd, int uid, \
-	SYS_LGETFH                 = 160 // { int lgetfh(char *fname, \
-	SYS_GETFH                  = 161 // { int getfh(char *fname, \
-	SYS_SYSARCH                = 165 // { int sysarch(int op, char *parms); }
-	SYS_RTPRIO                 = 166 // { int rtprio(int function, pid_t pid, \
-	SYS_FREEBSD6_PREAD         = 173 // { ssize_t freebsd6_pread(int fd, void *buf, \
-	SYS_FREEBSD6_PWRITE        = 174 // { ssize_t freebsd6_pwrite(int fd, \
-	SYS_SETFIB                 = 175 // { int setfib(int fibnum); }
-	SYS_NTP_ADJTIME            = 176 // { int ntp_adjtime(struct timex *tp); }
-	SYS_SETGID                 = 181 // { int setgid(gid_t gid); }
-	SYS_SETEGID                = 182 // { int setegid(gid_t egid); }
-	SYS_SETEUID                = 183 // { int seteuid(uid_t euid); }
-	SYS_STAT                   = 188 // { int stat(char *path, struct stat *ub); }
-	SYS_FSTAT                  = 189 // { int fstat(int fd, struct stat *sb); }
-	SYS_LSTAT                  = 190 // { int lstat(char *path, struct stat *ub); }
-	SYS_PATHCONF               = 191 // { int pathconf(char *path, int name); }
-	SYS_FPATHCONF              = 192 // { int fpathconf(int fd, int name); }
-	SYS_GETRLIMIT              = 194 // { int getrlimit(u_int which, \
-	SYS_SETRLIMIT              = 195 // { int setrlimit(u_int which, \
-	SYS_GETDIRENTRIES          = 196 // { int getdirentries(int fd, char *buf, \
-	SYS_FREEBSD6_MMAP          = 197 // { caddr_t freebsd6_mmap(caddr_t addr, \
-	SYS_FREEBSD6_LSEEK         = 199 // { off_t freebsd6_lseek(int fd, int pad, \
-	SYS_FREEBSD6_TRUNCATE      = 200 // { int freebsd6_truncate(char *path, int pad, \
-	SYS_FREEBSD6_FTRUNCATE     = 201 // { int freebsd6_ftruncate(int fd, int pad, \
-	SYS___SYSCTL               = 202 // { int __sysctl(int *name, u_int namelen, \
-	SYS_MLOCK                  = 203 // { int mlock(const void *addr, size_t len); }
-	SYS_MUNLOCK                = 204 // { int munlock(const void *addr, size_t len); }
-	SYS_UNDELETE               = 205 // { int undelete(char *path); }
-	SYS_FUTIMES                = 206 // { int futimes(int fd, struct timeval *tptr); }
-	SYS_GETPGID                = 207 // { int getpgid(pid_t pid); }
-	SYS_POLL                   = 209 // { int poll(struct pollfd *fds, u_int nfds, \
-	SYS_CLOCK_GETTIME          = 232 // { int clock_gettime(clockid_t clock_id, \
-	SYS_CLOCK_SETTIME          = 233 // { int clock_settime( \
-	SYS_CLOCK_GETRES           = 234 // { int clock_getres(clockid_t clock_id, \
-	SYS_KTIMER_CREATE          = 235 // { int ktimer_create(clockid_t clock_id, \
-	SYS_KTIMER_DELETE          = 236 // { int ktimer_delete(int timerid); }
-	SYS_KTIMER_SETTIME         = 237 // { int ktimer_settime(int timerid, int flags, \
-	SYS_KTIMER_GETTIME         = 238 // { int ktimer_gettime(int timerid, struct \
-	SYS_KTIMER_GETOVERRUN      = 239 // { int ktimer_getoverrun(int timerid); }
-	SYS_NANOSLEEP              = 240 // { int nanosleep(const struct timespec *rqtp, \
-	SYS_FFCLOCK_GETCOUNTER     = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
-	SYS_FFCLOCK_SETESTIMATE    = 242 // { int ffclock_setestimate( \
-	SYS_FFCLOCK_GETESTIMATE    = 243 // { int ffclock_getestimate( \
-	SYS_CLOCK_GETCPUCLOCKID2   = 247 // { int clock_getcpuclockid2(id_t id,\
-	SYS_NTP_GETTIME            = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
-	SYS_MINHERIT               = 250 // { int minherit(void *addr, size_t len, \
-	SYS_RFORK                  = 251 // { int rfork(int flags); }
-	SYS_OPENBSD_POLL           = 252 // { int openbsd_poll(struct pollfd *fds, \
-	SYS_ISSETUGID              = 253 // { int issetugid(void); }
-	SYS_LCHOWN                 = 254 // { int lchown(char *path, int uid, int gid); }
-	SYS_GETDENTS               = 272 // { int getdents(int fd, char *buf, \
-	SYS_LCHMOD                 = 274 // { int lchmod(char *path, mode_t mode); }
-	SYS_LUTIMES                = 276 // { int lutimes(char *path, \
-	SYS_NSTAT                  = 278 // { int nstat(char *path, struct nstat *ub); }
-	SYS_NFSTAT                 = 279 // { int nfstat(int fd, struct nstat *sb); }
-	SYS_NLSTAT                 = 280 // { int nlstat(char *path, struct nstat *ub); }
-	SYS_PREADV                 = 289 // { ssize_t preadv(int fd, struct iovec *iovp, \
-	SYS_PWRITEV                = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, \
-	SYS_FHOPEN                 = 298 // { int fhopen(const struct fhandle *u_fhp, \
-	SYS_FHSTAT                 = 299 // { int fhstat(const struct fhandle *u_fhp, \
-	SYS_MODNEXT                = 300 // { int modnext(int modid); }
-	SYS_MODSTAT                = 301 // { int modstat(int modid, \
-	SYS_MODFNEXT               = 302 // { int modfnext(int modid); }
-	SYS_MODFIND                = 303 // { int modfind(const char *name); }
-	SYS_KLDLOAD                = 304 // { int kldload(const char *file); }
-	SYS_KLDUNLOAD              = 305 // { int kldunload(int fileid); }
-	SYS_KLDFIND                = 306 // { int kldfind(const char *file); }
-	SYS_KLDNEXT                = 307 // { int kldnext(int fileid); }
-	SYS_KLDSTAT                = 308 // { int kldstat(int fileid, struct \
-	SYS_KLDFIRSTMOD            = 309 // { int kldfirstmod(int fileid); }
-	SYS_GETSID                 = 310 // { int getsid(pid_t pid); }
-	SYS_SETRESUID              = 311 // { int setresuid(uid_t ruid, uid_t euid, \
-	SYS_SETRESGID              = 312 // { int setresgid(gid_t rgid, gid_t egid, \
-	SYS_YIELD                  = 321 // { int yield(void); }
-	SYS_MLOCKALL               = 324 // { int mlockall(int how); }
-	SYS_MUNLOCKALL             = 325 // { int munlockall(void); }
-	SYS___GETCWD               = 326 // { int __getcwd(char *buf, u_int buflen); }
-	SYS_SCHED_SETPARAM         = 327 // { int sched_setparam (pid_t pid, \
-	SYS_SCHED_GETPARAM         = 328 // { int sched_getparam (pid_t pid, struct \
-	SYS_SCHED_SETSCHEDULER     = 329 // { int sched_setscheduler (pid_t pid, int \
-	SYS_SCHED_GETSCHEDULER     = 330 // { int sched_getscheduler (pid_t pid); }
-	SYS_SCHED_YIELD            = 331 // { int sched_yield (void); }
-	SYS_SCHED_GET_PRIORITY_MAX = 332 // { int sched_get_priority_max (int policy); }
-	SYS_SCHED_GET_PRIORITY_MIN = 333 // { int sched_get_priority_min (int policy); }
-	SYS_SCHED_RR_GET_INTERVAL  = 334 // { int sched_rr_get_interval (pid_t pid, \
-	SYS_UTRACE                 = 335 // { int utrace(const void *addr, size_t len); }
-	SYS_KLDSYM                 = 337 // { int kldsym(int fileid, int cmd, \
-	SYS_JAIL                   = 338 // { int jail(struct jail *jail); }
-	SYS_SIGPROCMASK            = 340 // { int sigprocmask(int how, \
-	SYS_SIGSUSPEND             = 341 // { int sigsuspend(const sigset_t *sigmask); }
-	SYS_SIGPENDING             = 343 // { int sigpending(sigset_t *set); }
-	SYS_SIGTIMEDWAIT           = 345 // { int sigtimedwait(const sigset_t *set, \
-	SYS_SIGWAITINFO            = 346 // { int sigwaitinfo(const sigset_t *set, \
-	SYS___ACL_GET_FILE         = 347 // { int __acl_get_file(const char *path, \
-	SYS___ACL_SET_FILE         = 348 // { int __acl_set_file(const char *path, \
-	SYS___ACL_GET_FD           = 349 // { int __acl_get_fd(int filedes, \
-	SYS___ACL_SET_FD           = 350 // { int __acl_set_fd(int filedes, \
-	SYS___ACL_DELETE_FILE      = 351 // { int __acl_delete_file(const char *path, \
-	SYS___ACL_DELETE_FD        = 352 // { int __acl_delete_fd(int filedes, \
-	SYS___ACL_ACLCHECK_FILE    = 353 // { int __acl_aclcheck_file(const char *path, \
-	SYS___ACL_ACLCHECK_FD      = 354 // { int __acl_aclcheck_fd(int filedes, \
-	SYS_EXTATTRCTL             = 355 // { int extattrctl(const char *path, int cmd, \
-	SYS_EXTATTR_SET_FILE       = 356 // { ssize_t extattr_set_file( \
-	SYS_EXTATTR_GET_FILE       = 357 // { ssize_t extattr_get_file( \
-	SYS_EXTATTR_DELETE_FILE    = 358 // { int extattr_delete_file(const char *path, \
-	SYS_GETRESUID              = 360 // { int getresuid(uid_t *ruid, uid_t *euid, \
-	SYS_GETRESGID              = 361 // { int getresgid(gid_t *rgid, gid_t *egid, \
-	SYS_KQUEUE                 = 362 // { int kqueue(void); }
-	SYS_KEVENT                 = 363 // { int kevent(int fd, \
-	SYS_EXTATTR_SET_FD         = 371 // { ssize_t extattr_set_fd(int fd, \
-	SYS_EXTATTR_GET_FD         = 372 // { ssize_t extattr_get_fd(int fd, \
-	SYS_EXTATTR_DELETE_FD      = 373 // { int extattr_delete_fd(int fd, \
-	SYS___SETUGID              = 374 // { int __setugid(int flag); }
-	SYS_EACCESS                = 376 // { int eaccess(char *path, int amode); }
-	SYS_NMOUNT                 = 378 // { int nmount(struct iovec *iovp, \
-	SYS___MAC_GET_PROC         = 384 // { int __mac_get_proc(struct mac *mac_p); }
-	SYS___MAC_SET_PROC         = 385 // { int __mac_set_proc(struct mac *mac_p); }
-	SYS___MAC_GET_FD           = 386 // { int __mac_get_fd(int fd, \
-	SYS___MAC_GET_FILE         = 387 // { int __mac_get_file(const char *path_p, \
-	SYS___MAC_SET_FD           = 388 // { int __mac_set_fd(int fd, \
-	SYS___MAC_SET_FILE         = 389 // { int __mac_set_file(const char *path_p, \
-	SYS_KENV                   = 390 // { int kenv(int what, const char *name, \
-	SYS_LCHFLAGS               = 391 // { int lchflags(const char *path, \
-	SYS_UUIDGEN                = 392 // { int uuidgen(struct uuid *store, \
-	SYS_SENDFILE               = 393 // { int sendfile(int fd, int s, off_t offset, \
-	SYS_MAC_SYSCALL            = 394 // { int mac_syscall(const char *policy, \
-	SYS_GETFSSTAT              = 395 // { int getfsstat(struct statfs *buf, \
-	SYS_STATFS                 = 396 // { int statfs(char *path, \
-	SYS_FSTATFS                = 397 // { int fstatfs(int fd, struct statfs *buf); }
-	SYS_FHSTATFS               = 398 // { int fhstatfs(const struct fhandle *u_fhp, \
-	SYS___MAC_GET_PID          = 409 // { int __mac_get_pid(pid_t pid, \
-	SYS___MAC_GET_LINK         = 410 // { int __mac_get_link(const char *path_p, \
-	SYS___MAC_SET_LINK         = 411 // { int __mac_set_link(const char *path_p, \
-	SYS_EXTATTR_SET_LINK       = 412 // { ssize_t extattr_set_link( \
-	SYS_EXTATTR_GET_LINK       = 413 // { ssize_t extattr_get_link( \
-	SYS_EXTATTR_DELETE_LINK    = 414 // { int extattr_delete_link( \
-	SYS___MAC_EXECVE           = 415 // { int __mac_execve(char *fname, char **argv, \
-	SYS_SIGACTION              = 416 // { int sigaction(int sig, \
-	SYS_SIGRETURN              = 417 // { int sigreturn( \
-	SYS_GETCONTEXT             = 421 // { int getcontext(struct __ucontext *ucp); }
-	SYS_SETCONTEXT             = 422 // { int setcontext( \
-	SYS_SWAPCONTEXT            = 423 // { int swapcontext(struct __ucontext *oucp, \
-	SYS_SWAPOFF                = 424 // { int swapoff(const char *name); }
-	SYS___ACL_GET_LINK         = 425 // { int __acl_get_link(const char *path, \
-	SYS___ACL_SET_LINK         = 426 // { int __acl_set_link(const char *path, \
-	SYS___ACL_DELETE_LINK      = 427 // { int __acl_delete_link(const char *path, \
-	SYS___ACL_ACLCHECK_LINK    = 428 // { int __acl_aclcheck_link(const char *path, \
-	SYS_SIGWAIT                = 429 // { int sigwait(const sigset_t *set, \
-	SYS_THR_CREATE             = 430 // { int thr_create(ucontext_t *ctx, long *id, \
-	SYS_THR_EXIT               = 431 // { void thr_exit(long *state); }
-	SYS_THR_SELF               = 432 // { int thr_self(long *id); }
-	SYS_THR_KILL               = 433 // { int thr_kill(long id, int sig); }
-	SYS__UMTX_LOCK             = 434 // { int _umtx_lock(struct umtx *umtx); }
-	SYS__UMTX_UNLOCK           = 435 // { int _umtx_unlock(struct umtx *umtx); }
-	SYS_JAIL_ATTACH            = 436 // { int jail_attach(int jid); }
-	SYS_EXTATTR_LIST_FD        = 437 // { ssize_t extattr_list_fd(int fd, \
-	SYS_EXTATTR_LIST_FILE      = 438 // { ssize_t extattr_list_file( \
-	SYS_EXTATTR_LIST_LINK      = 439 // { ssize_t extattr_list_link( \
-	SYS_THR_SUSPEND            = 442 // { int thr_suspend( \
-	SYS_THR_WAKE               = 443 // { int thr_wake(long id); }
-	SYS_KLDUNLOADF             = 444 // { int kldunloadf(int fileid, int flags); }
-	SYS_AUDIT                  = 445 // { int audit(const void *record, \
-	SYS_AUDITON                = 446 // { int auditon(int cmd, void *data, \
-	SYS_GETAUID                = 447 // { int getauid(uid_t *auid); }
-	SYS_SETAUID                = 448 // { int setauid(uid_t *auid); }
-	SYS_GETAUDIT               = 449 // { int getaudit(struct auditinfo *auditinfo); }
-	SYS_SETAUDIT               = 450 // { int setaudit(struct auditinfo *auditinfo); }
-	SYS_GETAUDIT_ADDR          = 451 // { int getaudit_addr( \
-	SYS_SETAUDIT_ADDR          = 452 // { int setaudit_addr( \
-	SYS_AUDITCTL               = 453 // { int auditctl(char *path); }
-	SYS__UMTX_OP               = 454 // { int _umtx_op(void *obj, int op, \
-	SYS_THR_NEW                = 455 // { int thr_new(struct thr_param *param, \
-	SYS_SIGQUEUE               = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
-	SYS_ABORT2                 = 463 // { int abort2(const char *why, int nargs, void **args); }
-	SYS_THR_SET_NAME           = 464 // { int thr_set_name(long id, const char *name); }
-	SYS_RTPRIO_THREAD          = 466 // { int rtprio_thread(int function, \
-	SYS_PREAD                  = 475 // { ssize_t pread(int fd, void *buf, \
-	SYS_PWRITE                 = 476 // { ssize_t pwrite(int fd, const void *buf, \
-	SYS_MMAP                   = 477 // { caddr_t mmap(caddr_t addr, size_t len, \
-	SYS_LSEEK                  = 478 // { off_t lseek(int fd, off_t offset, \
-	SYS_TRUNCATE               = 479 // { int truncate(char *path, off_t length); }
-	SYS_FTRUNCATE              = 480 // { int ftruncate(int fd, off_t length); }
-	SYS_THR_KILL2              = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
-	SYS_SHM_OPEN               = 482 // { int shm_open(const char *path, int flags, \
-	SYS_SHM_UNLINK             = 483 // { int shm_unlink(const char *path); }
-	SYS_CPUSET                 = 484 // { int cpuset(cpusetid_t *setid); }
-	SYS_CPUSET_SETID           = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, \
-	SYS_CPUSET_GETID           = 486 // { int cpuset_getid(cpulevel_t level, \
-	SYS_CPUSET_GETAFFINITY     = 487 // { int cpuset_getaffinity(cpulevel_t level, \
-	SYS_CPUSET_SETAFFINITY     = 488 // { int cpuset_setaffinity(cpulevel_t level, \
-	SYS_FACCESSAT              = 489 // { int faccessat(int fd, char *path, int amode, \
-	SYS_FCHMODAT               = 490 // { int fchmodat(int fd, char *path, mode_t mode, \
-	SYS_FCHOWNAT               = 491 // { int fchownat(int fd, char *path, uid_t uid, \
-	SYS_FEXECVE                = 492 // { int fexecve(int fd, char **argv, \
-	SYS_FSTATAT                = 493 // { int fstatat(int fd, char *path, \
-	SYS_FUTIMESAT              = 494 // { int futimesat(int fd, char *path, \
-	SYS_LINKAT                 = 495 // { int linkat(int fd1, char *path1, int fd2, \
-	SYS_MKDIRAT                = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
-	SYS_MKFIFOAT               = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
-	SYS_MKNODAT                = 498 // { int mknodat(int fd, char *path, mode_t mode, \
-	SYS_OPENAT                 = 499 // { int openat(int fd, char *path, int flag, \
-	SYS_READLINKAT             = 500 // { int readlinkat(int fd, char *path, char *buf, \
-	SYS_RENAMEAT               = 501 // { int renameat(int oldfd, char *old, int newfd, \
-	SYS_SYMLINKAT              = 502 // { int symlinkat(char *path1, int fd, \
-	SYS_UNLINKAT               = 503 // { int unlinkat(int fd, char *path, int flag); }
-	SYS_POSIX_OPENPT           = 504 // { int posix_openpt(int flags); }
-	SYS_JAIL_GET               = 506 // { int jail_get(struct iovec *iovp, \
-	SYS_JAIL_SET               = 507 // { int jail_set(struct iovec *iovp, \
-	SYS_JAIL_REMOVE            = 508 // { int jail_remove(int jid); }
-	SYS_CLOSEFROM              = 509 // { int closefrom(int lowfd); }
-	SYS_LPATHCONF              = 513 // { int lpathconf(char *path, int name); }
-	SYS___CAP_RIGHTS_GET       = 515 // { int __cap_rights_get(int version, \
-	SYS_CAP_ENTER              = 516 // { int cap_enter(void); }
-	SYS_CAP_GETMODE            = 517 // { int cap_getmode(u_int *modep); }
-	SYS_PDFORK                 = 518 // { int pdfork(int *fdp, int flags); }
-	SYS_PDKILL                 = 519 // { int pdkill(int fd, int signum); }
-	SYS_PDGETPID               = 520 // { int pdgetpid(int fd, pid_t *pidp); }
-	SYS_PSELECT                = 522 // { int pselect(int nd, fd_set *in, \
-	SYS_GETLOGINCLASS          = 523 // { int getloginclass(char *namebuf, \
-	SYS_SETLOGINCLASS          = 524 // { int setloginclass(const char *namebuf); }
-	SYS_RCTL_GET_RACCT         = 525 // { int rctl_get_racct(const void *inbufp, \
-	SYS_RCTL_GET_RULES         = 526 // { int rctl_get_rules(const void *inbufp, \
-	SYS_RCTL_GET_LIMITS        = 527 // { int rctl_get_limits(const void *inbufp, \
-	SYS_RCTL_ADD_RULE          = 528 // { int rctl_add_rule(const void *inbufp, \
-	SYS_RCTL_REMOVE_RULE       = 529 // { int rctl_remove_rule(const void *inbufp, \
-	SYS_POSIX_FALLOCATE        = 530 // { int posix_fallocate(int fd, \
-	SYS_POSIX_FADVISE          = 531 // { int posix_fadvise(int fd, off_t offset, \
-	SYS_WAIT6                  = 532 // { int wait6(idtype_t idtype, id_t id, \
-	SYS_CAP_RIGHTS_LIMIT       = 533 // { int cap_rights_limit(int fd, \
-	SYS_CAP_IOCTLS_LIMIT       = 534 // { int cap_ioctls_limit(int fd, \
-	SYS_CAP_IOCTLS_GET         = 535 // { ssize_t cap_ioctls_get(int fd, \
-	SYS_CAP_FCNTLS_LIMIT       = 536 // { int cap_fcntls_limit(int fd, \
-	SYS_CAP_FCNTLS_GET         = 537 // { int cap_fcntls_get(int fd, \
-	SYS_BINDAT                 = 538 // { int bindat(int fd, int s, caddr_t name, \
-	SYS_CONNECTAT              = 539 // { int connectat(int fd, int s, caddr_t name, \
-	SYS_CHFLAGSAT              = 540 // { int chflagsat(int fd, const char *path, \
-	SYS_ACCEPT4                = 541 // { int accept4(int s, \
-	SYS_PIPE2                  = 542 // { int pipe2(int *fildes, int flags); }
-	SYS_PROCCTL                = 544 // { int procctl(idtype_t idtype, id_t id, \
-	SYS_PPOLL                  = 545 // { int ppoll(struct pollfd *fds, u_int nfds, \
-	SYS_FUTIMENS               = 546 // { int futimens(int fd, \
-	SYS_UTIMENSAT              = 547 // { int utimensat(int fd, \
+	SYS_EXIT                     = 1   // { void sys_exit(int rval); } exit sys_exit_args void
+	SYS_FORK                     = 2   // { int fork(void); }
+	SYS_READ                     = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                    = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                     = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE                    = 6   // { int close(int fd); }
+	SYS_WAIT4                    = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); }
+	SYS_LINK                     = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                   = 10  // { int unlink(char *path); }
+	SYS_CHDIR                    = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                   = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                    = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                    = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                    = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                   = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETPID                   = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                    = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                  = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                   = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                   = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                  = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                   = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                  = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                  = 28  // { int sendmsg(int s, struct msghdr *msg, int flags); }
+	SYS_RECVFROM                 = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); }
+	SYS_ACCEPT                   = 30  // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); }
+	SYS_GETPEERNAME              = 31  // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_GETSOCKNAME              = 32  // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_ACCESS                   = 33  // { int access(char *path, int amode); }
+	SYS_CHFLAGS                  = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS                 = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                     = 36  // { int sync(void); }
+	SYS_KILL                     = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                  = 39  // { pid_t getppid(void); }
+	SYS_DUP                      = 41  // { int dup(u_int fd); }
+	SYS_PIPE                     = 42  // { int pipe(void); }
+	SYS_GETEGID                  = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                   = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE                   = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                   = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN                 = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN                 = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                     = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK              = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                    = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                   = 55  // { int reboot(int opt); }
+	SYS_REVOKE                   = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                  = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK                 = 58  // { ssize_t readlink(char *path, char *buf, size_t count); }
+	SYS_EXECVE                   = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                    = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                   = 61  // { int chroot(char *path); }
+	SYS_MSYNC                    = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                    = 66  // { int vfork(void); }
+	SYS_SBRK                     = 69  // { int sbrk(int incr); }
+	SYS_SSTK                     = 70  // { int sstk(int incr); }
+	SYS_OVADVISE                 = 72  // { int ovadvise(int anom); } vadvise ovadvise_args int
+	SYS_MUNMAP                   = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT                 = 74  // { int mprotect(const void *addr, size_t len, int prot); }
+	SYS_MADVISE                  = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                  = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS                = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS                = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                  = 81  // { int getpgrp(void); }
+	SYS_SETPGID                  = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER                = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                   = 85  // { int swapon(char *name); }
+	SYS_GETITIMER                = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE            = 89  // { int getdtablesize(void); }
+	SYS_DUP2                     = 90  // { int dup2(u_int from, u_int to); }
+	SYS_FCNTL                    = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                   = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                    = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY              = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                   = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                  = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY              = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                     = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT               = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                   = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY             = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE                = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT               = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                    = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                   = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY             = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                   = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                   = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID                 = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID                 = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                   = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                    = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                   = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                   = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN                 = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR               = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                    = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                    = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                   = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                  = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                   = 147 // { int setsid(void); }
+	SYS_QUOTACTL                 = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_NLM_SYSCALL              = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); }
+	SYS_NFSSVC                   = 155 // { int nfssvc(int flag, caddr_t argp); }
+	SYS_LGETFH                   = 160 // { int lgetfh(char *fname, struct fhandle *fhp); }
+	SYS_GETFH                    = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                  = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                   = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_SEMSYS                   = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); }
+	SYS_MSGSYS                   = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); }
+	SYS_SHMSYS                   = 171 // { int shmsys(int which, int a2, int a3, int a4); }
+	SYS_SETFIB                   = 175 // { int setfib(int fibnum); }
+	SYS_NTP_ADJTIME              = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                   = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                  = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                  = 183 // { int seteuid(uid_t euid); }
+	SYS_STAT                     = 188 // { int stat(char *path, struct stat *ub); }
+	SYS_FSTAT                    = 189 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                    = 190 // { int lstat(char *path, struct stat *ub); }
+	SYS_PATHCONF                 = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF                = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT                = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT                = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_GETDIRENTRIES            = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS___SYSCTL                 = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                    = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                  = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE                 = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                  = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                  = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                     = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET                   = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                    = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_MSGGET                   = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                   = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                   = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                    = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                    = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                   = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME            = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME            = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES             = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_KTIMER_CREATE            = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); }
+	SYS_KTIMER_DELETE            = 236 // { int ktimer_delete(int timerid); }
+	SYS_KTIMER_SETTIME           = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_KTIMER_GETTIME           = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); }
+	SYS_KTIMER_GETOVERRUN        = 239 // { int ktimer_getoverrun(int timerid); }
+	SYS_NANOSLEEP                = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FFCLOCK_GETCOUNTER       = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
+	SYS_FFCLOCK_SETESTIMATE      = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); }
+	SYS_FFCLOCK_GETESTIMATE      = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); }
+	SYS_CLOCK_NANOSLEEP          = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_CLOCK_GETCPUCLOCKID2     = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); }
+	SYS_NTP_GETTIME              = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_MINHERIT                 = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                    = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL             = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID                = 253 // { int issetugid(void); }
+	SYS_LCHOWN                   = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_AIO_READ                 = 255 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE                = 256 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO               = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_GETDENTS                 = 272 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_LCHMOD                   = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                  = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_NSTAT                    = 278 // { int nstat(char *path, struct nstat *ub); }
+	SYS_NFSTAT                   = 279 // { int nfstat(int fd, struct nstat *sb); }
+	SYS_NLSTAT                   = 280 // { int nlstat(char *path, struct nstat *ub); }
+	SYS_PREADV                   = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_PWRITEV                  = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_FHOPEN                   = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_FHSTAT                   = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_MODNEXT                  = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                  = 301 // { int modstat(int modid, struct module_stat *stat); }
+	SYS_MODFNEXT                 = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                  = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                  = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD                = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                  = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                  = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                  = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD              = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                   = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID                = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID                = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN               = 314 // { ssize_t aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND              = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL               = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR                = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_YIELD                    = 321 // { int yield(void); }
+	SYS_MLOCKALL                 = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL               = 325 // { int munlockall(void); }
+	SYS___GETCWD                 = 326 // { int __getcwd(char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM           = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM           = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER       = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER       = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD              = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX   = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN   = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL    = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                   = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                   = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                     = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK              = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND               = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGPENDING               = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGTIMEDWAIT             = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO              = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); }
+	SYS___ACL_GET_FILE           = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE           = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD             = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD             = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE        = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD          = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE      = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD        = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL               = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE         = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE         = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE      = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE         = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID                = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID                = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                   = 362 // { int kqueue(void); }
+	SYS_KEVENT                   = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_EXTATTR_SET_FD           = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD           = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD        = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS___SETUGID                = 374 // { int __setugid(int flag); }
+	SYS_EACCESS                  = 376 // { int eaccess(char *path, int amode); }
+	SYS_NMOUNT                   = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS___MAC_GET_PROC           = 384 // { int __mac_get_proc(struct mac *mac_p); }
+	SYS___MAC_SET_PROC           = 385 // { int __mac_set_proc(struct mac *mac_p); }
+	SYS___MAC_GET_FD             = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_GET_FILE           = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_FD             = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_SET_FILE           = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); }
+	SYS_KENV                     = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS                 = 391 // { int lchflags(const char *path, u_long flags); }
+	SYS_UUIDGEN                  = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE                 = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_MAC_SYSCALL              = 394 // { int mac_syscall(const char *policy, int call, void *arg); }
+	SYS_GETFSSTAT                = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); }
+	SYS_STATFS                   = 396 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                  = 397 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS                 = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_KSEM_CLOSE               = 400 // { int ksem_close(semid_t id); }
+	SYS_KSEM_POST                = 401 // { int ksem_post(semid_t id); }
+	SYS_KSEM_WAIT                = 402 // { int ksem_wait(semid_t id); }
+	SYS_KSEM_TRYWAIT             = 403 // { int ksem_trywait(semid_t id); }
+	SYS_KSEM_INIT                = 404 // { int ksem_init(semid_t *idp, unsigned int value); }
+	SYS_KSEM_OPEN                = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); }
+	SYS_KSEM_UNLINK              = 406 // { int ksem_unlink(const char *name); }
+	SYS_KSEM_GETVALUE            = 407 // { int ksem_getvalue(semid_t id, int *val); }
+	SYS_KSEM_DESTROY             = 408 // { int ksem_destroy(semid_t id); }
+	SYS___MAC_GET_PID            = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); }
+	SYS___MAC_GET_LINK           = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_LINK           = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); }
+	SYS_EXTATTR_SET_LINK         = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK         = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK      = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); }
+	SYS___MAC_EXECVE             = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); }
+	SYS_SIGACTION                = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGRETURN                = 417 // { int sigreturn( const struct __ucontext *sigcntxp); }
+	SYS_GETCONTEXT               = 421 // { int getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT               = 422 // { int setcontext( const struct __ucontext *ucp); }
+	SYS_SWAPCONTEXT              = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); }
+	SYS_SWAPOFF                  = 424 // { int swapoff(const char *name); }
+	SYS___ACL_GET_LINK           = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_LINK           = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_LINK        = 427 // { int __acl_delete_link(const char *path, acl_type_t type); }
+	SYS___ACL_ACLCHECK_LINK      = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS_SIGWAIT                  = 429 // { int sigwait(const sigset_t *set, int *sig); }
+	SYS_THR_CREATE               = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); }
+	SYS_THR_EXIT                 = 431 // { void thr_exit(long *state); }
+	SYS_THR_SELF                 = 432 // { int thr_self(long *id); }
+	SYS_THR_KILL                 = 433 // { int thr_kill(long id, int sig); }
+	SYS_JAIL_ATTACH              = 436 // { int jail_attach(int jid); }
+	SYS_EXTATTR_LIST_FD          = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE        = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK        = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_KSEM_TIMEDWAIT           = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); }
+	SYS_THR_SUSPEND              = 442 // { int thr_suspend( const struct timespec *timeout); }
+	SYS_THR_WAKE                 = 443 // { int thr_wake(long id); }
+	SYS_KLDUNLOADF               = 444 // { int kldunloadf(int fileid, int flags); }
+	SYS_AUDIT                    = 445 // { int audit(const void *record, u_int length); }
+	SYS_AUDITON                  = 446 // { int auditon(int cmd, void *data, u_int length); }
+	SYS_GETAUID                  = 447 // { int getauid(uid_t *auid); }
+	SYS_SETAUID                  = 448 // { int setauid(uid_t *auid); }
+	SYS_GETAUDIT                 = 449 // { int getaudit(struct auditinfo *auditinfo); }
+	SYS_SETAUDIT                 = 450 // { int setaudit(struct auditinfo *auditinfo); }
+	SYS_GETAUDIT_ADDR            = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_SETAUDIT_ADDR            = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_AUDITCTL                 = 453 // { int auditctl(char *path); }
+	SYS__UMTX_OP                 = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); }
+	SYS_THR_NEW                  = 455 // { int thr_new(struct thr_param *param, int param_size); }
+	SYS_SIGQUEUE                 = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
+	SYS_KMQ_OPEN                 = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); }
+	SYS_KMQ_SETATTR              = 458 // { int kmq_setattr(int mqd,		const struct mq_attr *attr,		struct mq_attr *oattr); }
+	SYS_KMQ_TIMEDRECEIVE         = 459 // { int kmq_timedreceive(int mqd,	char *msg_ptr, size_t msg_len,	unsigned *msg_prio,			const struct timespec *abs_timeout); }
+	SYS_KMQ_TIMEDSEND            = 460 // { int kmq_timedsend(int mqd,		const char *msg_ptr, size_t msg_len,unsigned msg_prio,			const struct timespec *abs_timeout);}
+	SYS_KMQ_NOTIFY               = 461 // { int kmq_notify(int mqd,		const struct sigevent *sigev); }
+	SYS_KMQ_UNLINK               = 462 // { int kmq_unlink(const char *path); }
+	SYS_ABORT2                   = 463 // { int abort2(const char *why, int nargs, void **args); }
+	SYS_THR_SET_NAME             = 464 // { int thr_set_name(long id, const char *name); }
+	SYS_AIO_FSYNC                = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); }
+	SYS_RTPRIO_THREAD            = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); }
+	SYS_SCTP_PEELOFF             = 471 // { int sctp_peeloff(int sd, uint32_t name); }
+	SYS_SCTP_GENERIC_SENDMSG     = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_RECVMSG     = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); }
+	SYS_PREAD                    = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); }
+	SYS_PWRITE                   = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); }
+	SYS_MMAP                     = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); }
+	SYS_LSEEK                    = 478 // { off_t lseek(int fd, off_t offset, int whence); }
+	SYS_TRUNCATE                 = 479 // { int truncate(char *path, off_t length); }
+	SYS_FTRUNCATE                = 480 // { int ftruncate(int fd, off_t length); }
+	SYS_THR_KILL2                = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
+	SYS_SHM_OPEN                 = 482 // { int shm_open(const char *path, int flags, mode_t mode); }
+	SYS_SHM_UNLINK               = 483 // { int shm_unlink(const char *path); }
+	SYS_CPUSET                   = 484 // { int cpuset(cpusetid_t *setid); }
+	SYS_CPUSET_SETID             = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); }
+	SYS_CPUSET_GETID             = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); }
+	SYS_CPUSET_GETAFFINITY       = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); }
+	SYS_CPUSET_SETAFFINITY       = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); }
+	SYS_FACCESSAT                = 489 // { int faccessat(int fd, char *path, int amode, int flag); }
+	SYS_FCHMODAT                 = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT                 = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_FEXECVE                  = 492 // { int fexecve(int fd, char **argv, char **envv); }
+	SYS_FSTATAT                  = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); }
+	SYS_FUTIMESAT                = 494 // { int futimesat(int fd, char *path, struct timeval *times); }
+	SYS_LINKAT                   = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); }
+	SYS_MKDIRAT                  = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT                 = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                  = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT                   = 499 // { int openat(int fd, char *path, int flag, mode_t mode); }
+	SYS_READLINKAT               = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_RENAMEAT                 = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_SYMLINKAT                = 502 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_UNLINKAT                 = 503 // { int unlinkat(int fd, char *path, int flag); }
+	SYS_POSIX_OPENPT             = 504 // { int posix_openpt(int flags); }
+	SYS_GSSD_SYSCALL             = 505 // { int gssd_syscall(char *path); }
+	SYS_JAIL_GET                 = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_SET                 = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_REMOVE              = 508 // { int jail_remove(int jid); }
+	SYS_CLOSEFROM                = 509 // { int closefrom(int lowfd); }
+	SYS___SEMCTL                 = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_MSGCTL                   = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SHMCTL                   = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_LPATHCONF                = 513 // { int lpathconf(char *path, int name); }
+	SYS___CAP_RIGHTS_GET         = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); }
+	SYS_CAP_ENTER                = 516 // { int cap_enter(void); }
+	SYS_CAP_GETMODE              = 517 // { int cap_getmode(u_int *modep); }
+	SYS_PDFORK                   = 518 // { int pdfork(int *fdp, int flags); }
+	SYS_PDKILL                   = 519 // { int pdkill(int fd, int signum); }
+	SYS_PDGETPID                 = 520 // { int pdgetpid(int fd, pid_t *pidp); }
+	SYS_PSELECT                  = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); }
+	SYS_GETLOGINCLASS            = 523 // { int getloginclass(char *namebuf, size_t namelen); }
+	SYS_SETLOGINCLASS            = 524 // { int setloginclass(const char *namebuf); }
+	SYS_RCTL_GET_RACCT           = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_RULES           = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_LIMITS          = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_ADD_RULE            = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_REMOVE_RULE         = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_POSIX_FALLOCATE          = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); }
+	SYS_POSIX_FADVISE            = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); }
+	SYS_WAIT6                    = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_CAP_RIGHTS_LIMIT         = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); }
+	SYS_CAP_IOCTLS_LIMIT         = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); }
+	SYS_CAP_IOCTLS_GET           = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); }
+	SYS_CAP_FCNTLS_LIMIT         = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); }
+	SYS_CAP_FCNTLS_GET           = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); }
+	SYS_BINDAT                   = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CONNECTAT                = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CHFLAGSAT                = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); }
+	SYS_ACCEPT4                  = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); }
+	SYS_PIPE2                    = 542 // { int pipe2(int *fildes, int flags); }
+	SYS_AIO_MLOCK                = 543 // { int aio_mlock(struct aiocb *aiocbp); }
+	SYS_PROCCTL                  = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); }
+	SYS_PPOLL                    = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); }
+	SYS_FUTIMENS                 = 546 // { int futimens(int fd, struct timespec *times); }
+	SYS_UTIMENSAT                = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); }
+	SYS_NUMA_GETAFFINITY         = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); }
+	SYS_NUMA_SETAFFINITY         = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); }
+	SYS_FDATASYNC                = 550 // { int fdatasync(int fd); }
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
index 81722ac9f3bdd..342d471d2eb1a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
@@ -1,353 +1,397 @@
-// mksysnum_freebsd.pl
+// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && freebsd
 // +build amd64,freebsd
 
 package unix
 
 const (
 	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
-	SYS_EXIT                   = 1   // { void sys_exit(int rval); } exit \
-	SYS_FORK                   = 2   // { int fork(void); }
-	SYS_READ                   = 3   // { ssize_t read(int fd, void *buf, \
-	SYS_WRITE                  = 4   // { ssize_t write(int fd, const void *buf, \
-	SYS_OPEN                   = 5   // { int open(char *path, int flags, int mode); }
-	SYS_CLOSE                  = 6   // { int close(int fd); }
-	SYS_WAIT4                  = 7   // { int wait4(int pid, int *status, \
-	SYS_LINK                   = 9   // { int link(char *path, char *link); }
-	SYS_UNLINK                 = 10  // { int unlink(char *path); }
-	SYS_CHDIR                  = 12  // { int chdir(char *path); }
-	SYS_FCHDIR                 = 13  // { int fchdir(int fd); }
-	SYS_MKNOD                  = 14  // { int mknod(char *path, int mode, int dev); }
-	SYS_CHMOD                  = 15  // { int chmod(char *path, int mode); }
-	SYS_CHOWN                  = 16  // { int chown(char *path, int uid, int gid); }
-	SYS_OBREAK                 = 17  // { int obreak(char *nsize); } break \
-	SYS_GETPID                 = 20  // { pid_t getpid(void); }
-	SYS_MOUNT                  = 21  // { int mount(char *type, char *path, \
-	SYS_UNMOUNT                = 22  // { int unmount(char *path, int flags); }
-	SYS_SETUID                 = 23  // { int setuid(uid_t uid); }
-	SYS_GETUID                 = 24  // { uid_t getuid(void); }
-	SYS_GETEUID                = 25  // { uid_t geteuid(void); }
-	SYS_PTRACE                 = 26  // { int ptrace(int req, pid_t pid, \
-	SYS_RECVMSG                = 27  // { int recvmsg(int s, struct msghdr *msg, \
-	SYS_SENDMSG                = 28  // { int sendmsg(int s, struct msghdr *msg, \
-	SYS_RECVFROM               = 29  // { int recvfrom(int s, caddr_t buf, \
-	SYS_ACCEPT                 = 30  // { int accept(int s, \
-	SYS_GETPEERNAME            = 31  // { int getpeername(int fdes, \
-	SYS_GETSOCKNAME            = 32  // { int getsockname(int fdes, \
-	SYS_ACCESS                 = 33  // { int access(char *path, int amode); }
-	SYS_CHFLAGS                = 34  // { int chflags(const char *path, u_long flags); }
-	SYS_FCHFLAGS               = 35  // { int fchflags(int fd, u_long flags); }
-	SYS_SYNC                   = 36  // { int sync(void); }
-	SYS_KILL                   = 37  // { int kill(int pid, int signum); }
-	SYS_GETPPID                = 39  // { pid_t getppid(void); }
-	SYS_DUP                    = 41  // { int dup(u_int fd); }
-	SYS_PIPE                   = 42  // { int pipe(void); }
-	SYS_GETEGID                = 43  // { gid_t getegid(void); }
-	SYS_PROFIL                 = 44  // { int profil(caddr_t samples, size_t size, \
-	SYS_KTRACE                 = 45  // { int ktrace(const char *fname, int ops, \
-	SYS_GETGID                 = 47  // { gid_t getgid(void); }
-	SYS_GETLOGIN               = 49  // { int getlogin(char *namebuf, u_int \
-	SYS_SETLOGIN               = 50  // { int setlogin(char *namebuf); }
-	SYS_ACCT                   = 51  // { int acct(char *path); }
-	SYS_SIGALTSTACK            = 53  // { int sigaltstack(stack_t *ss, \
-	SYS_IOCTL                  = 54  // { int ioctl(int fd, u_long com, \
-	SYS_REBOOT                 = 55  // { int reboot(int opt); }
-	SYS_REVOKE                 = 56  // { int revoke(char *path); }
-	SYS_SYMLINK                = 57  // { int symlink(char *path, char *link); }
-	SYS_READLINK               = 58  // { ssize_t readlink(char *path, char *buf, \
-	SYS_EXECVE                 = 59  // { int execve(char *fname, char **argv, \
-	SYS_UMASK                  = 60  // { int umask(int newmask); } umask umask_args \
-	SYS_CHROOT                 = 61  // { int chroot(char *path); }
-	SYS_MSYNC                  = 65  // { int msync(void *addr, size_t len, \
-	SYS_VFORK                  = 66  // { int vfork(void); }
-	SYS_SBRK                   = 69  // { int sbrk(int incr); }
-	SYS_SSTK                   = 70  // { int sstk(int incr); }
-	SYS_OVADVISE               = 72  // { int ovadvise(int anom); } vadvise \
-	SYS_MUNMAP                 = 73  // { int munmap(void *addr, size_t len); }
-	SYS_MPROTECT               = 74  // { int mprotect(const void *addr, size_t len, \
-	SYS_MADVISE                = 75  // { int madvise(void *addr, size_t len, \
-	SYS_MINCORE                = 78  // { int mincore(const void *addr, size_t len, \
-	SYS_GETGROUPS              = 79  // { int getgroups(u_int gidsetsize, \
-	SYS_SETGROUPS              = 80  // { int setgroups(u_int gidsetsize, \
-	SYS_GETPGRP                = 81  // { int getpgrp(void); }
-	SYS_SETPGID                = 82  // { int setpgid(int pid, int pgid); }
-	SYS_SETITIMER              = 83  // { int setitimer(u_int which, struct \
-	SYS_SWAPON                 = 85  // { int swapon(char *name); }
-	SYS_GETITIMER              = 86  // { int getitimer(u_int which, \
-	SYS_GETDTABLESIZE          = 89  // { int getdtablesize(void); }
-	SYS_DUP2                   = 90  // { int dup2(u_int from, u_int to); }
-	SYS_FCNTL                  = 92  // { int fcntl(int fd, int cmd, long arg); }
-	SYS_SELECT                 = 93  // { int select(int nd, fd_set *in, fd_set *ou, \
-	SYS_FSYNC                  = 95  // { int fsync(int fd); }
-	SYS_SETPRIORITY            = 96  // { int setpriority(int which, int who, \
-	SYS_SOCKET                 = 97  // { int socket(int domain, int type, \
-	SYS_CONNECT                = 98  // { int connect(int s, caddr_t name, \
-	SYS_GETPRIORITY            = 100 // { int getpriority(int which, int who); }
-	SYS_BIND                   = 104 // { int bind(int s, caddr_t name, \
-	SYS_SETSOCKOPT             = 105 // { int setsockopt(int s, int level, int name, \
-	SYS_LISTEN                 = 106 // { int listen(int s, int backlog); }
-	SYS_GETTIMEOFDAY           = 116 // { int gettimeofday(struct timeval *tp, \
-	SYS_GETRUSAGE              = 117 // { int getrusage(int who, \
-	SYS_GETSOCKOPT             = 118 // { int getsockopt(int s, int level, int name, \
-	SYS_READV                  = 120 // { int readv(int fd, struct iovec *iovp, \
-	SYS_WRITEV                 = 121 // { int writev(int fd, struct iovec *iovp, \
-	SYS_SETTIMEOFDAY           = 122 // { int settimeofday(struct timeval *tv, \
-	SYS_FCHOWN                 = 123 // { int fchown(int fd, int uid, int gid); }
-	SYS_FCHMOD                 = 124 // { int fchmod(int fd, int mode); }
-	SYS_SETREUID               = 126 // { int setreuid(int ruid, int euid); }
-	SYS_SETREGID               = 127 // { int setregid(int rgid, int egid); }
-	SYS_RENAME                 = 128 // { int rename(char *from, char *to); }
-	SYS_FLOCK                  = 131 // { int flock(int fd, int how); }
-	SYS_MKFIFO                 = 132 // { int mkfifo(char *path, int mode); }
-	SYS_SENDTO                 = 133 // { int sendto(int s, caddr_t buf, size_t len, \
-	SYS_SHUTDOWN               = 134 // { int shutdown(int s, int how); }
-	SYS_SOCKETPAIR             = 135 // { int socketpair(int domain, int type, \
-	SYS_MKDIR                  = 136 // { int mkdir(char *path, int mode); }
-	SYS_RMDIR                  = 137 // { int rmdir(char *path); }
-	SYS_UTIMES                 = 138 // { int utimes(char *path, \
-	SYS_ADJTIME                = 140 // { int adjtime(struct timeval *delta, \
-	SYS_SETSID                 = 147 // { int setsid(void); }
-	SYS_QUOTACTL               = 148 // { int quotactl(char *path, int cmd, int uid, \
-	SYS_LGETFH                 = 160 // { int lgetfh(char *fname, \
-	SYS_GETFH                  = 161 // { int getfh(char *fname, \
-	SYS_SYSARCH                = 165 // { int sysarch(int op, char *parms); }
-	SYS_RTPRIO                 = 166 // { int rtprio(int function, pid_t pid, \
-	SYS_FREEBSD6_PREAD         = 173 // { ssize_t freebsd6_pread(int fd, void *buf, \
-	SYS_FREEBSD6_PWRITE        = 174 // { ssize_t freebsd6_pwrite(int fd, \
-	SYS_SETFIB                 = 175 // { int setfib(int fibnum); }
-	SYS_NTP_ADJTIME            = 176 // { int ntp_adjtime(struct timex *tp); }
-	SYS_SETGID                 = 181 // { int setgid(gid_t gid); }
-	SYS_SETEGID                = 182 // { int setegid(gid_t egid); }
-	SYS_SETEUID                = 183 // { int seteuid(uid_t euid); }
-	SYS_STAT                   = 188 // { int stat(char *path, struct stat *ub); }
-	SYS_FSTAT                  = 189 // { int fstat(int fd, struct stat *sb); }
-	SYS_LSTAT                  = 190 // { int lstat(char *path, struct stat *ub); }
-	SYS_PATHCONF               = 191 // { int pathconf(char *path, int name); }
-	SYS_FPATHCONF              = 192 // { int fpathconf(int fd, int name); }
-	SYS_GETRLIMIT              = 194 // { int getrlimit(u_int which, \
-	SYS_SETRLIMIT              = 195 // { int setrlimit(u_int which, \
-	SYS_GETDIRENTRIES          = 196 // { int getdirentries(int fd, char *buf, \
-	SYS_FREEBSD6_MMAP          = 197 // { caddr_t freebsd6_mmap(caddr_t addr, \
-	SYS_FREEBSD6_LSEEK         = 199 // { off_t freebsd6_lseek(int fd, int pad, \
-	SYS_FREEBSD6_TRUNCATE      = 200 // { int freebsd6_truncate(char *path, int pad, \
-	SYS_FREEBSD6_FTRUNCATE     = 201 // { int freebsd6_ftruncate(int fd, int pad, \
-	SYS___SYSCTL               = 202 // { int __sysctl(int *name, u_int namelen, \
-	SYS_MLOCK                  = 203 // { int mlock(const void *addr, size_t len); }
-	SYS_MUNLOCK                = 204 // { int munlock(const void *addr, size_t len); }
-	SYS_UNDELETE               = 205 // { int undelete(char *path); }
-	SYS_FUTIMES                = 206 // { int futimes(int fd, struct timeval *tptr); }
-	SYS_GETPGID                = 207 // { int getpgid(pid_t pid); }
-	SYS_POLL                   = 209 // { int poll(struct pollfd *fds, u_int nfds, \
-	SYS_CLOCK_GETTIME          = 232 // { int clock_gettime(clockid_t clock_id, \
-	SYS_CLOCK_SETTIME          = 233 // { int clock_settime( \
-	SYS_CLOCK_GETRES           = 234 // { int clock_getres(clockid_t clock_id, \
-	SYS_KTIMER_CREATE          = 235 // { int ktimer_create(clockid_t clock_id, \
-	SYS_KTIMER_DELETE          = 236 // { int ktimer_delete(int timerid); }
-	SYS_KTIMER_SETTIME         = 237 // { int ktimer_settime(int timerid, int flags, \
-	SYS_KTIMER_GETTIME         = 238 // { int ktimer_gettime(int timerid, struct \
-	SYS_KTIMER_GETOVERRUN      = 239 // { int ktimer_getoverrun(int timerid); }
-	SYS_NANOSLEEP              = 240 // { int nanosleep(const struct timespec *rqtp, \
-	SYS_FFCLOCK_GETCOUNTER     = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
-	SYS_FFCLOCK_SETESTIMATE    = 242 // { int ffclock_setestimate( \
-	SYS_FFCLOCK_GETESTIMATE    = 243 // { int ffclock_getestimate( \
-	SYS_CLOCK_GETCPUCLOCKID2   = 247 // { int clock_getcpuclockid2(id_t id,\
-	SYS_NTP_GETTIME            = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
-	SYS_MINHERIT               = 250 // { int minherit(void *addr, size_t len, \
-	SYS_RFORK                  = 251 // { int rfork(int flags); }
-	SYS_OPENBSD_POLL           = 252 // { int openbsd_poll(struct pollfd *fds, \
-	SYS_ISSETUGID              = 253 // { int issetugid(void); }
-	SYS_LCHOWN                 = 254 // { int lchown(char *path, int uid, int gid); }
-	SYS_GETDENTS               = 272 // { int getdents(int fd, char *buf, \
-	SYS_LCHMOD                 = 274 // { int lchmod(char *path, mode_t mode); }
-	SYS_LUTIMES                = 276 // { int lutimes(char *path, \
-	SYS_NSTAT                  = 278 // { int nstat(char *path, struct nstat *ub); }
-	SYS_NFSTAT                 = 279 // { int nfstat(int fd, struct nstat *sb); }
-	SYS_NLSTAT                 = 280 // { int nlstat(char *path, struct nstat *ub); }
-	SYS_PREADV                 = 289 // { ssize_t preadv(int fd, struct iovec *iovp, \
-	SYS_PWRITEV                = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, \
-	SYS_FHOPEN                 = 298 // { int fhopen(const struct fhandle *u_fhp, \
-	SYS_FHSTAT                 = 299 // { int fhstat(const struct fhandle *u_fhp, \
-	SYS_MODNEXT                = 300 // { int modnext(int modid); }
-	SYS_MODSTAT                = 301 // { int modstat(int modid, \
-	SYS_MODFNEXT               = 302 // { int modfnext(int modid); }
-	SYS_MODFIND                = 303 // { int modfind(const char *name); }
-	SYS_KLDLOAD                = 304 // { int kldload(const char *file); }
-	SYS_KLDUNLOAD              = 305 // { int kldunload(int fileid); }
-	SYS_KLDFIND                = 306 // { int kldfind(const char *file); }
-	SYS_KLDNEXT                = 307 // { int kldnext(int fileid); }
-	SYS_KLDSTAT                = 308 // { int kldstat(int fileid, struct \
-	SYS_KLDFIRSTMOD            = 309 // { int kldfirstmod(int fileid); }
-	SYS_GETSID                 = 310 // { int getsid(pid_t pid); }
-	SYS_SETRESUID              = 311 // { int setresuid(uid_t ruid, uid_t euid, \
-	SYS_SETRESGID              = 312 // { int setresgid(gid_t rgid, gid_t egid, \
-	SYS_YIELD                  = 321 // { int yield(void); }
-	SYS_MLOCKALL               = 324 // { int mlockall(int how); }
-	SYS_MUNLOCKALL             = 325 // { int munlockall(void); }
-	SYS___GETCWD               = 326 // { int __getcwd(char *buf, u_int buflen); }
-	SYS_SCHED_SETPARAM         = 327 // { int sched_setparam (pid_t pid, \
-	SYS_SCHED_GETPARAM         = 328 // { int sched_getparam (pid_t pid, struct \
-	SYS_SCHED_SETSCHEDULER     = 329 // { int sched_setscheduler (pid_t pid, int \
-	SYS_SCHED_GETSCHEDULER     = 330 // { int sched_getscheduler (pid_t pid); }
-	SYS_SCHED_YIELD            = 331 // { int sched_yield (void); }
-	SYS_SCHED_GET_PRIORITY_MAX = 332 // { int sched_get_priority_max (int policy); }
-	SYS_SCHED_GET_PRIORITY_MIN = 333 // { int sched_get_priority_min (int policy); }
-	SYS_SCHED_RR_GET_INTERVAL  = 334 // { int sched_rr_get_interval (pid_t pid, \
-	SYS_UTRACE                 = 335 // { int utrace(const void *addr, size_t len); }
-	SYS_KLDSYM                 = 337 // { int kldsym(int fileid, int cmd, \
-	SYS_JAIL                   = 338 // { int jail(struct jail *jail); }
-	SYS_SIGPROCMASK            = 340 // { int sigprocmask(int how, \
-	SYS_SIGSUSPEND             = 341 // { int sigsuspend(const sigset_t *sigmask); }
-	SYS_SIGPENDING             = 343 // { int sigpending(sigset_t *set); }
-	SYS_SIGTIMEDWAIT           = 345 // { int sigtimedwait(const sigset_t *set, \
-	SYS_SIGWAITINFO            = 346 // { int sigwaitinfo(const sigset_t *set, \
-	SYS___ACL_GET_FILE         = 347 // { int __acl_get_file(const char *path, \
-	SYS___ACL_SET_FILE         = 348 // { int __acl_set_file(const char *path, \
-	SYS___ACL_GET_FD           = 349 // { int __acl_get_fd(int filedes, \
-	SYS___ACL_SET_FD           = 350 // { int __acl_set_fd(int filedes, \
-	SYS___ACL_DELETE_FILE      = 351 // { int __acl_delete_file(const char *path, \
-	SYS___ACL_DELETE_FD        = 352 // { int __acl_delete_fd(int filedes, \
-	SYS___ACL_ACLCHECK_FILE    = 353 // { int __acl_aclcheck_file(const char *path, \
-	SYS___ACL_ACLCHECK_FD      = 354 // { int __acl_aclcheck_fd(int filedes, \
-	SYS_EXTATTRCTL             = 355 // { int extattrctl(const char *path, int cmd, \
-	SYS_EXTATTR_SET_FILE       = 356 // { ssize_t extattr_set_file( \
-	SYS_EXTATTR_GET_FILE       = 357 // { ssize_t extattr_get_file( \
-	SYS_EXTATTR_DELETE_FILE    = 358 // { int extattr_delete_file(const char *path, \
-	SYS_GETRESUID              = 360 // { int getresuid(uid_t *ruid, uid_t *euid, \
-	SYS_GETRESGID              = 361 // { int getresgid(gid_t *rgid, gid_t *egid, \
-	SYS_KQUEUE                 = 362 // { int kqueue(void); }
-	SYS_KEVENT                 = 363 // { int kevent(int fd, \
-	SYS_EXTATTR_SET_FD         = 371 // { ssize_t extattr_set_fd(int fd, \
-	SYS_EXTATTR_GET_FD         = 372 // { ssize_t extattr_get_fd(int fd, \
-	SYS_EXTATTR_DELETE_FD      = 373 // { int extattr_delete_fd(int fd, \
-	SYS___SETUGID              = 374 // { int __setugid(int flag); }
-	SYS_EACCESS                = 376 // { int eaccess(char *path, int amode); }
-	SYS_NMOUNT                 = 378 // { int nmount(struct iovec *iovp, \
-	SYS___MAC_GET_PROC         = 384 // { int __mac_get_proc(struct mac *mac_p); }
-	SYS___MAC_SET_PROC         = 385 // { int __mac_set_proc(struct mac *mac_p); }
-	SYS___MAC_GET_FD           = 386 // { int __mac_get_fd(int fd, \
-	SYS___MAC_GET_FILE         = 387 // { int __mac_get_file(const char *path_p, \
-	SYS___MAC_SET_FD           = 388 // { int __mac_set_fd(int fd, \
-	SYS___MAC_SET_FILE         = 389 // { int __mac_set_file(const char *path_p, \
-	SYS_KENV                   = 390 // { int kenv(int what, const char *name, \
-	SYS_LCHFLAGS               = 391 // { int lchflags(const char *path, \
-	SYS_UUIDGEN                = 392 // { int uuidgen(struct uuid *store, \
-	SYS_SENDFILE               = 393 // { int sendfile(int fd, int s, off_t offset, \
-	SYS_MAC_SYSCALL            = 394 // { int mac_syscall(const char *policy, \
-	SYS_GETFSSTAT              = 395 // { int getfsstat(struct statfs *buf, \
-	SYS_STATFS                 = 396 // { int statfs(char *path, \
-	SYS_FSTATFS                = 397 // { int fstatfs(int fd, struct statfs *buf); }
-	SYS_FHSTATFS               = 398 // { int fhstatfs(const struct fhandle *u_fhp, \
-	SYS___MAC_GET_PID          = 409 // { int __mac_get_pid(pid_t pid, \
-	SYS___MAC_GET_LINK         = 410 // { int __mac_get_link(const char *path_p, \
-	SYS___MAC_SET_LINK         = 411 // { int __mac_set_link(const char *path_p, \
-	SYS_EXTATTR_SET_LINK       = 412 // { ssize_t extattr_set_link( \
-	SYS_EXTATTR_GET_LINK       = 413 // { ssize_t extattr_get_link( \
-	SYS_EXTATTR_DELETE_LINK    = 414 // { int extattr_delete_link( \
-	SYS___MAC_EXECVE           = 415 // { int __mac_execve(char *fname, char **argv, \
-	SYS_SIGACTION              = 416 // { int sigaction(int sig, \
-	SYS_SIGRETURN              = 417 // { int sigreturn( \
-	SYS_GETCONTEXT             = 421 // { int getcontext(struct __ucontext *ucp); }
-	SYS_SETCONTEXT             = 422 // { int setcontext( \
-	SYS_SWAPCONTEXT            = 423 // { int swapcontext(struct __ucontext *oucp, \
-	SYS_SWAPOFF                = 424 // { int swapoff(const char *name); }
-	SYS___ACL_GET_LINK         = 425 // { int __acl_get_link(const char *path, \
-	SYS___ACL_SET_LINK         = 426 // { int __acl_set_link(const char *path, \
-	SYS___ACL_DELETE_LINK      = 427 // { int __acl_delete_link(const char *path, \
-	SYS___ACL_ACLCHECK_LINK    = 428 // { int __acl_aclcheck_link(const char *path, \
-	SYS_SIGWAIT                = 429 // { int sigwait(const sigset_t *set, \
-	SYS_THR_CREATE             = 430 // { int thr_create(ucontext_t *ctx, long *id, \
-	SYS_THR_EXIT               = 431 // { void thr_exit(long *state); }
-	SYS_THR_SELF               = 432 // { int thr_self(long *id); }
-	SYS_THR_KILL               = 433 // { int thr_kill(long id, int sig); }
-	SYS__UMTX_LOCK             = 434 // { int _umtx_lock(struct umtx *umtx); }
-	SYS__UMTX_UNLOCK           = 435 // { int _umtx_unlock(struct umtx *umtx); }
-	SYS_JAIL_ATTACH            = 436 // { int jail_attach(int jid); }
-	SYS_EXTATTR_LIST_FD        = 437 // { ssize_t extattr_list_fd(int fd, \
-	SYS_EXTATTR_LIST_FILE      = 438 // { ssize_t extattr_list_file( \
-	SYS_EXTATTR_LIST_LINK      = 439 // { ssize_t extattr_list_link( \
-	SYS_THR_SUSPEND            = 442 // { int thr_suspend( \
-	SYS_THR_WAKE               = 443 // { int thr_wake(long id); }
-	SYS_KLDUNLOADF             = 444 // { int kldunloadf(int fileid, int flags); }
-	SYS_AUDIT                  = 445 // { int audit(const void *record, \
-	SYS_AUDITON                = 446 // { int auditon(int cmd, void *data, \
-	SYS_GETAUID                = 447 // { int getauid(uid_t *auid); }
-	SYS_SETAUID                = 448 // { int setauid(uid_t *auid); }
-	SYS_GETAUDIT               = 449 // { int getaudit(struct auditinfo *auditinfo); }
-	SYS_SETAUDIT               = 450 // { int setaudit(struct auditinfo *auditinfo); }
-	SYS_GETAUDIT_ADDR          = 451 // { int getaudit_addr( \
-	SYS_SETAUDIT_ADDR          = 452 // { int setaudit_addr( \
-	SYS_AUDITCTL               = 453 // { int auditctl(char *path); }
-	SYS__UMTX_OP               = 454 // { int _umtx_op(void *obj, int op, \
-	SYS_THR_NEW                = 455 // { int thr_new(struct thr_param *param, \
-	SYS_SIGQUEUE               = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
-	SYS_ABORT2                 = 463 // { int abort2(const char *why, int nargs, void **args); }
-	SYS_THR_SET_NAME           = 464 // { int thr_set_name(long id, const char *name); }
-	SYS_RTPRIO_THREAD          = 466 // { int rtprio_thread(int function, \
-	SYS_PREAD                  = 475 // { ssize_t pread(int fd, void *buf, \
-	SYS_PWRITE                 = 476 // { ssize_t pwrite(int fd, const void *buf, \
-	SYS_MMAP                   = 477 // { caddr_t mmap(caddr_t addr, size_t len, \
-	SYS_LSEEK                  = 478 // { off_t lseek(int fd, off_t offset, \
-	SYS_TRUNCATE               = 479 // { int truncate(char *path, off_t length); }
-	SYS_FTRUNCATE              = 480 // { int ftruncate(int fd, off_t length); }
-	SYS_THR_KILL2              = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
-	SYS_SHM_OPEN               = 482 // { int shm_open(const char *path, int flags, \
-	SYS_SHM_UNLINK             = 483 // { int shm_unlink(const char *path); }
-	SYS_CPUSET                 = 484 // { int cpuset(cpusetid_t *setid); }
-	SYS_CPUSET_SETID           = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, \
-	SYS_CPUSET_GETID           = 486 // { int cpuset_getid(cpulevel_t level, \
-	SYS_CPUSET_GETAFFINITY     = 487 // { int cpuset_getaffinity(cpulevel_t level, \
-	SYS_CPUSET_SETAFFINITY     = 488 // { int cpuset_setaffinity(cpulevel_t level, \
-	SYS_FACCESSAT              = 489 // { int faccessat(int fd, char *path, int amode, \
-	SYS_FCHMODAT               = 490 // { int fchmodat(int fd, char *path, mode_t mode, \
-	SYS_FCHOWNAT               = 491 // { int fchownat(int fd, char *path, uid_t uid, \
-	SYS_FEXECVE                = 492 // { int fexecve(int fd, char **argv, \
-	SYS_FSTATAT                = 493 // { int fstatat(int fd, char *path, \
-	SYS_FUTIMESAT              = 494 // { int futimesat(int fd, char *path, \
-	SYS_LINKAT                 = 495 // { int linkat(int fd1, char *path1, int fd2, \
-	SYS_MKDIRAT                = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
-	SYS_MKFIFOAT               = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
-	SYS_MKNODAT                = 498 // { int mknodat(int fd, char *path, mode_t mode, \
-	SYS_OPENAT                 = 499 // { int openat(int fd, char *path, int flag, \
-	SYS_READLINKAT             = 500 // { int readlinkat(int fd, char *path, char *buf, \
-	SYS_RENAMEAT               = 501 // { int renameat(int oldfd, char *old, int newfd, \
-	SYS_SYMLINKAT              = 502 // { int symlinkat(char *path1, int fd, \
-	SYS_UNLINKAT               = 503 // { int unlinkat(int fd, char *path, int flag); }
-	SYS_POSIX_OPENPT           = 504 // { int posix_openpt(int flags); }
-	SYS_JAIL_GET               = 506 // { int jail_get(struct iovec *iovp, \
-	SYS_JAIL_SET               = 507 // { int jail_set(struct iovec *iovp, \
-	SYS_JAIL_REMOVE            = 508 // { int jail_remove(int jid); }
-	SYS_CLOSEFROM              = 509 // { int closefrom(int lowfd); }
-	SYS_LPATHCONF              = 513 // { int lpathconf(char *path, int name); }
-	SYS___CAP_RIGHTS_GET       = 515 // { int __cap_rights_get(int version, \
-	SYS_CAP_ENTER              = 516 // { int cap_enter(void); }
-	SYS_CAP_GETMODE            = 517 // { int cap_getmode(u_int *modep); }
-	SYS_PDFORK                 = 518 // { int pdfork(int *fdp, int flags); }
-	SYS_PDKILL                 = 519 // { int pdkill(int fd, int signum); }
-	SYS_PDGETPID               = 520 // { int pdgetpid(int fd, pid_t *pidp); }
-	SYS_PSELECT                = 522 // { int pselect(int nd, fd_set *in, \
-	SYS_GETLOGINCLASS          = 523 // { int getloginclass(char *namebuf, \
-	SYS_SETLOGINCLASS          = 524 // { int setloginclass(const char *namebuf); }
-	SYS_RCTL_GET_RACCT         = 525 // { int rctl_get_racct(const void *inbufp, \
-	SYS_RCTL_GET_RULES         = 526 // { int rctl_get_rules(const void *inbufp, \
-	SYS_RCTL_GET_LIMITS        = 527 // { int rctl_get_limits(const void *inbufp, \
-	SYS_RCTL_ADD_RULE          = 528 // { int rctl_add_rule(const void *inbufp, \
-	SYS_RCTL_REMOVE_RULE       = 529 // { int rctl_remove_rule(const void *inbufp, \
-	SYS_POSIX_FALLOCATE        = 530 // { int posix_fallocate(int fd, \
-	SYS_POSIX_FADVISE          = 531 // { int posix_fadvise(int fd, off_t offset, \
-	SYS_WAIT6                  = 532 // { int wait6(idtype_t idtype, id_t id, \
-	SYS_CAP_RIGHTS_LIMIT       = 533 // { int cap_rights_limit(int fd, \
-	SYS_CAP_IOCTLS_LIMIT       = 534 // { int cap_ioctls_limit(int fd, \
-	SYS_CAP_IOCTLS_GET         = 535 // { ssize_t cap_ioctls_get(int fd, \
-	SYS_CAP_FCNTLS_LIMIT       = 536 // { int cap_fcntls_limit(int fd, \
-	SYS_CAP_FCNTLS_GET         = 537 // { int cap_fcntls_get(int fd, \
-	SYS_BINDAT                 = 538 // { int bindat(int fd, int s, caddr_t name, \
-	SYS_CONNECTAT              = 539 // { int connectat(int fd, int s, caddr_t name, \
-	SYS_CHFLAGSAT              = 540 // { int chflagsat(int fd, const char *path, \
-	SYS_ACCEPT4                = 541 // { int accept4(int s, \
-	SYS_PIPE2                  = 542 // { int pipe2(int *fildes, int flags); }
-	SYS_PROCCTL                = 544 // { int procctl(idtype_t idtype, id_t id, \
-	SYS_PPOLL                  = 545 // { int ppoll(struct pollfd *fds, u_int nfds, \
-	SYS_FUTIMENS               = 546 // { int futimens(int fd, \
-	SYS_UTIMENSAT              = 547 // { int utimensat(int fd, \
+	SYS_EXIT                     = 1   // { void sys_exit(int rval); } exit sys_exit_args void
+	SYS_FORK                     = 2   // { int fork(void); }
+	SYS_READ                     = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                    = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                     = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE                    = 6   // { int close(int fd); }
+	SYS_WAIT4                    = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); }
+	SYS_LINK                     = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                   = 10  // { int unlink(char *path); }
+	SYS_CHDIR                    = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                   = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                    = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                    = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                    = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                   = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETPID                   = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                    = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                  = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                   = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                   = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                  = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                   = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                  = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                  = 28  // { int sendmsg(int s, struct msghdr *msg, int flags); }
+	SYS_RECVFROM                 = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); }
+	SYS_ACCEPT                   = 30  // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); }
+	SYS_GETPEERNAME              = 31  // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_GETSOCKNAME              = 32  // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_ACCESS                   = 33  // { int access(char *path, int amode); }
+	SYS_CHFLAGS                  = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS                 = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                     = 36  // { int sync(void); }
+	SYS_KILL                     = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                  = 39  // { pid_t getppid(void); }
+	SYS_DUP                      = 41  // { int dup(u_int fd); }
+	SYS_PIPE                     = 42  // { int pipe(void); }
+	SYS_GETEGID                  = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                   = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE                   = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                   = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN                 = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN                 = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                     = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK              = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                    = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                   = 55  // { int reboot(int opt); }
+	SYS_REVOKE                   = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                  = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK                 = 58  // { ssize_t readlink(char *path, char *buf, size_t count); }
+	SYS_EXECVE                   = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                    = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                   = 61  // { int chroot(char *path); }
+	SYS_MSYNC                    = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                    = 66  // { int vfork(void); }
+	SYS_SBRK                     = 69  // { int sbrk(int incr); }
+	SYS_SSTK                     = 70  // { int sstk(int incr); }
+	SYS_OVADVISE                 = 72  // { int ovadvise(int anom); } vadvise ovadvise_args int
+	SYS_MUNMAP                   = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT                 = 74  // { int mprotect(const void *addr, size_t len, int prot); }
+	SYS_MADVISE                  = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                  = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS                = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS                = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                  = 81  // { int getpgrp(void); }
+	SYS_SETPGID                  = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER                = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                   = 85  // { int swapon(char *name); }
+	SYS_GETITIMER                = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE            = 89  // { int getdtablesize(void); }
+	SYS_DUP2                     = 90  // { int dup2(u_int from, u_int to); }
+	SYS_FCNTL                    = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                   = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                    = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY              = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                   = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                  = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY              = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                     = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT               = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                   = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY             = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE                = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT               = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                    = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                   = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY             = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                   = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                   = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID                 = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID                 = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                   = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                    = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                   = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                   = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN                 = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR               = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                    = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                    = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                   = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                  = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                   = 147 // { int setsid(void); }
+	SYS_QUOTACTL                 = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_NLM_SYSCALL              = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); }
+	SYS_NFSSVC                   = 155 // { int nfssvc(int flag, caddr_t argp); }
+	SYS_LGETFH                   = 160 // { int lgetfh(char *fname, struct fhandle *fhp); }
+	SYS_GETFH                    = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                  = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                   = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_SEMSYS                   = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); }
+	SYS_MSGSYS                   = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); }
+	SYS_SHMSYS                   = 171 // { int shmsys(int which, int a2, int a3, int a4); }
+	SYS_SETFIB                   = 175 // { int setfib(int fibnum); }
+	SYS_NTP_ADJTIME              = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                   = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                  = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                  = 183 // { int seteuid(uid_t euid); }
+	SYS_STAT                     = 188 // { int stat(char *path, struct stat *ub); }
+	SYS_FSTAT                    = 189 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                    = 190 // { int lstat(char *path, struct stat *ub); }
+	SYS_PATHCONF                 = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF                = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT                = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT                = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_GETDIRENTRIES            = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS___SYSCTL                 = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                    = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                  = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE                 = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                  = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                  = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                     = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET                   = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                    = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_MSGGET                   = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                   = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                   = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                    = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                    = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                   = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME            = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME            = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES             = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_KTIMER_CREATE            = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); }
+	SYS_KTIMER_DELETE            = 236 // { int ktimer_delete(int timerid); }
+	SYS_KTIMER_SETTIME           = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_KTIMER_GETTIME           = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); }
+	SYS_KTIMER_GETOVERRUN        = 239 // { int ktimer_getoverrun(int timerid); }
+	SYS_NANOSLEEP                = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FFCLOCK_GETCOUNTER       = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
+	SYS_FFCLOCK_SETESTIMATE      = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); }
+	SYS_FFCLOCK_GETESTIMATE      = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); }
+	SYS_CLOCK_NANOSLEEP          = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_CLOCK_GETCPUCLOCKID2     = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); }
+	SYS_NTP_GETTIME              = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_MINHERIT                 = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                    = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL             = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID                = 253 // { int issetugid(void); }
+	SYS_LCHOWN                   = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_AIO_READ                 = 255 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE                = 256 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO               = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_GETDENTS                 = 272 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_LCHMOD                   = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                  = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_NSTAT                    = 278 // { int nstat(char *path, struct nstat *ub); }
+	SYS_NFSTAT                   = 279 // { int nfstat(int fd, struct nstat *sb); }
+	SYS_NLSTAT                   = 280 // { int nlstat(char *path, struct nstat *ub); }
+	SYS_PREADV                   = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_PWRITEV                  = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_FHOPEN                   = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_FHSTAT                   = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_MODNEXT                  = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                  = 301 // { int modstat(int modid, struct module_stat *stat); }
+	SYS_MODFNEXT                 = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                  = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                  = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD                = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                  = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                  = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                  = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD              = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                   = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID                = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID                = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN               = 314 // { ssize_t aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND              = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL               = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR                = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_YIELD                    = 321 // { int yield(void); }
+	SYS_MLOCKALL                 = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL               = 325 // { int munlockall(void); }
+	SYS___GETCWD                 = 326 // { int __getcwd(char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM           = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM           = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER       = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER       = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD              = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX   = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN   = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL    = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                   = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                   = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                     = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK              = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND               = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGPENDING               = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGTIMEDWAIT             = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO              = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); }
+	SYS___ACL_GET_FILE           = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE           = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD             = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD             = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE        = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD          = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE      = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD        = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL               = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE         = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE         = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE      = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE         = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID                = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID                = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                   = 362 // { int kqueue(void); }
+	SYS_KEVENT                   = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_EXTATTR_SET_FD           = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD           = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD        = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS___SETUGID                = 374 // { int __setugid(int flag); }
+	SYS_EACCESS                  = 376 // { int eaccess(char *path, int amode); }
+	SYS_NMOUNT                   = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS___MAC_GET_PROC           = 384 // { int __mac_get_proc(struct mac *mac_p); }
+	SYS___MAC_SET_PROC           = 385 // { int __mac_set_proc(struct mac *mac_p); }
+	SYS___MAC_GET_FD             = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_GET_FILE           = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_FD             = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_SET_FILE           = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); }
+	SYS_KENV                     = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS                 = 391 // { int lchflags(const char *path, u_long flags); }
+	SYS_UUIDGEN                  = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE                 = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_MAC_SYSCALL              = 394 // { int mac_syscall(const char *policy, int call, void *arg); }
+	SYS_GETFSSTAT                = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); }
+	SYS_STATFS                   = 396 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                  = 397 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS                 = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_KSEM_CLOSE               = 400 // { int ksem_close(semid_t id); }
+	SYS_KSEM_POST                = 401 // { int ksem_post(semid_t id); }
+	SYS_KSEM_WAIT                = 402 // { int ksem_wait(semid_t id); }
+	SYS_KSEM_TRYWAIT             = 403 // { int ksem_trywait(semid_t id); }
+	SYS_KSEM_INIT                = 404 // { int ksem_init(semid_t *idp, unsigned int value); }
+	SYS_KSEM_OPEN                = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); }
+	SYS_KSEM_UNLINK              = 406 // { int ksem_unlink(const char *name); }
+	SYS_KSEM_GETVALUE            = 407 // { int ksem_getvalue(semid_t id, int *val); }
+	SYS_KSEM_DESTROY             = 408 // { int ksem_destroy(semid_t id); }
+	SYS___MAC_GET_PID            = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); }
+	SYS___MAC_GET_LINK           = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_LINK           = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); }
+	SYS_EXTATTR_SET_LINK         = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK         = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK      = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); }
+	SYS___MAC_EXECVE             = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); }
+	SYS_SIGACTION                = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGRETURN                = 417 // { int sigreturn( const struct __ucontext *sigcntxp); }
+	SYS_GETCONTEXT               = 421 // { int getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT               = 422 // { int setcontext( const struct __ucontext *ucp); }
+	SYS_SWAPCONTEXT              = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); }
+	SYS_SWAPOFF                  = 424 // { int swapoff(const char *name); }
+	SYS___ACL_GET_LINK           = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_LINK           = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_LINK        = 427 // { int __acl_delete_link(const char *path, acl_type_t type); }
+	SYS___ACL_ACLCHECK_LINK      = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS_SIGWAIT                  = 429 // { int sigwait(const sigset_t *set, int *sig); }
+	SYS_THR_CREATE               = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); }
+	SYS_THR_EXIT                 = 431 // { void thr_exit(long *state); }
+	SYS_THR_SELF                 = 432 // { int thr_self(long *id); }
+	SYS_THR_KILL                 = 433 // { int thr_kill(long id, int sig); }
+	SYS_JAIL_ATTACH              = 436 // { int jail_attach(int jid); }
+	SYS_EXTATTR_LIST_FD          = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE        = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK        = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_KSEM_TIMEDWAIT           = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); }
+	SYS_THR_SUSPEND              = 442 // { int thr_suspend( const struct timespec *timeout); }
+	SYS_THR_WAKE                 = 443 // { int thr_wake(long id); }
+	SYS_KLDUNLOADF               = 444 // { int kldunloadf(int fileid, int flags); }
+	SYS_AUDIT                    = 445 // { int audit(const void *record, u_int length); }
+	SYS_AUDITON                  = 446 // { int auditon(int cmd, void *data, u_int length); }
+	SYS_GETAUID                  = 447 // { int getauid(uid_t *auid); }
+	SYS_SETAUID                  = 448 // { int setauid(uid_t *auid); }
+	SYS_GETAUDIT                 = 449 // { int getaudit(struct auditinfo *auditinfo); }
+	SYS_SETAUDIT                 = 450 // { int setaudit(struct auditinfo *auditinfo); }
+	SYS_GETAUDIT_ADDR            = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_SETAUDIT_ADDR            = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_AUDITCTL                 = 453 // { int auditctl(char *path); }
+	SYS__UMTX_OP                 = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); }
+	SYS_THR_NEW                  = 455 // { int thr_new(struct thr_param *param, int param_size); }
+	SYS_SIGQUEUE                 = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
+	SYS_KMQ_OPEN                 = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); }
+	SYS_KMQ_SETATTR              = 458 // { int kmq_setattr(int mqd,		const struct mq_attr *attr,		struct mq_attr *oattr); }
+	SYS_KMQ_TIMEDRECEIVE         = 459 // { int kmq_timedreceive(int mqd,	char *msg_ptr, size_t msg_len,	unsigned *msg_prio,			const struct timespec *abs_timeout); }
+	SYS_KMQ_TIMEDSEND            = 460 // { int kmq_timedsend(int mqd,		const char *msg_ptr, size_t msg_len,unsigned msg_prio,			const struct timespec *abs_timeout);}
+	SYS_KMQ_NOTIFY               = 461 // { int kmq_notify(int mqd,		const struct sigevent *sigev); }
+	SYS_KMQ_UNLINK               = 462 // { int kmq_unlink(const char *path); }
+	SYS_ABORT2                   = 463 // { int abort2(const char *why, int nargs, void **args); }
+	SYS_THR_SET_NAME             = 464 // { int thr_set_name(long id, const char *name); }
+	SYS_AIO_FSYNC                = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); }
+	SYS_RTPRIO_THREAD            = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); }
+	SYS_SCTP_PEELOFF             = 471 // { int sctp_peeloff(int sd, uint32_t name); }
+	SYS_SCTP_GENERIC_SENDMSG     = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_RECVMSG     = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); }
+	SYS_PREAD                    = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); }
+	SYS_PWRITE                   = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); }
+	SYS_MMAP                     = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); }
+	SYS_LSEEK                    = 478 // { off_t lseek(int fd, off_t offset, int whence); }
+	SYS_TRUNCATE                 = 479 // { int truncate(char *path, off_t length); }
+	SYS_FTRUNCATE                = 480 // { int ftruncate(int fd, off_t length); }
+	SYS_THR_KILL2                = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
+	SYS_SHM_OPEN                 = 482 // { int shm_open(const char *path, int flags, mode_t mode); }
+	SYS_SHM_UNLINK               = 483 // { int shm_unlink(const char *path); }
+	SYS_CPUSET                   = 484 // { int cpuset(cpusetid_t *setid); }
+	SYS_CPUSET_SETID             = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); }
+	SYS_CPUSET_GETID             = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); }
+	SYS_CPUSET_GETAFFINITY       = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); }
+	SYS_CPUSET_SETAFFINITY       = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); }
+	SYS_FACCESSAT                = 489 // { int faccessat(int fd, char *path, int amode, int flag); }
+	SYS_FCHMODAT                 = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT                 = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_FEXECVE                  = 492 // { int fexecve(int fd, char **argv, char **envv); }
+	SYS_FSTATAT                  = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); }
+	SYS_FUTIMESAT                = 494 // { int futimesat(int fd, char *path, struct timeval *times); }
+	SYS_LINKAT                   = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); }
+	SYS_MKDIRAT                  = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT                 = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                  = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT                   = 499 // { int openat(int fd, char *path, int flag, mode_t mode); }
+	SYS_READLINKAT               = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_RENAMEAT                 = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_SYMLINKAT                = 502 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_UNLINKAT                 = 503 // { int unlinkat(int fd, char *path, int flag); }
+	SYS_POSIX_OPENPT             = 504 // { int posix_openpt(int flags); }
+	SYS_GSSD_SYSCALL             = 505 // { int gssd_syscall(char *path); }
+	SYS_JAIL_GET                 = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_SET                 = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_REMOVE              = 508 // { int jail_remove(int jid); }
+	SYS_CLOSEFROM                = 509 // { int closefrom(int lowfd); }
+	SYS___SEMCTL                 = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_MSGCTL                   = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SHMCTL                   = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_LPATHCONF                = 513 // { int lpathconf(char *path, int name); }
+	SYS___CAP_RIGHTS_GET         = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); }
+	SYS_CAP_ENTER                = 516 // { int cap_enter(void); }
+	SYS_CAP_GETMODE              = 517 // { int cap_getmode(u_int *modep); }
+	SYS_PDFORK                   = 518 // { int pdfork(int *fdp, int flags); }
+	SYS_PDKILL                   = 519 // { int pdkill(int fd, int signum); }
+	SYS_PDGETPID                 = 520 // { int pdgetpid(int fd, pid_t *pidp); }
+	SYS_PSELECT                  = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); }
+	SYS_GETLOGINCLASS            = 523 // { int getloginclass(char *namebuf, size_t namelen); }
+	SYS_SETLOGINCLASS            = 524 // { int setloginclass(const char *namebuf); }
+	SYS_RCTL_GET_RACCT           = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_RULES           = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_LIMITS          = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_ADD_RULE            = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_REMOVE_RULE         = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_POSIX_FALLOCATE          = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); }
+	SYS_POSIX_FADVISE            = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); }
+	SYS_WAIT6                    = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_CAP_RIGHTS_LIMIT         = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); }
+	SYS_CAP_IOCTLS_LIMIT         = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); }
+	SYS_CAP_IOCTLS_GET           = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); }
+	SYS_CAP_FCNTLS_LIMIT         = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); }
+	SYS_CAP_FCNTLS_GET           = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); }
+	SYS_BINDAT                   = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CONNECTAT                = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CHFLAGSAT                = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); }
+	SYS_ACCEPT4                  = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); }
+	SYS_PIPE2                    = 542 // { int pipe2(int *fildes, int flags); }
+	SYS_AIO_MLOCK                = 543 // { int aio_mlock(struct aiocb *aiocbp); }
+	SYS_PROCCTL                  = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); }
+	SYS_PPOLL                    = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); }
+	SYS_FUTIMENS                 = 546 // { int futimens(int fd, struct timespec *times); }
+	SYS_UTIMENSAT                = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); }
+	SYS_NUMA_GETAFFINITY         = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); }
+	SYS_NUMA_SETAFFINITY         = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); }
+	SYS_FDATASYNC                = 550 // { int fdatasync(int fd); }
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
index 448831418165b..e2e3d72c5b04f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
@@ -1,353 +1,397 @@
-// mksysnum_freebsd.pl
+// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && freebsd
 // +build arm,freebsd
 
 package unix
 
 const (
 	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
-	SYS_EXIT                   = 1   // { void sys_exit(int rval); } exit \
-	SYS_FORK                   = 2   // { int fork(void); }
-	SYS_READ                   = 3   // { ssize_t read(int fd, void *buf, \
-	SYS_WRITE                  = 4   // { ssize_t write(int fd, const void *buf, \
-	SYS_OPEN                   = 5   // { int open(char *path, int flags, int mode); }
-	SYS_CLOSE                  = 6   // { int close(int fd); }
-	SYS_WAIT4                  = 7   // { int wait4(int pid, int *status, \
-	SYS_LINK                   = 9   // { int link(char *path, char *link); }
-	SYS_UNLINK                 = 10  // { int unlink(char *path); }
-	SYS_CHDIR                  = 12  // { int chdir(char *path); }
-	SYS_FCHDIR                 = 13  // { int fchdir(int fd); }
-	SYS_MKNOD                  = 14  // { int mknod(char *path, int mode, int dev); }
-	SYS_CHMOD                  = 15  // { int chmod(char *path, int mode); }
-	SYS_CHOWN                  = 16  // { int chown(char *path, int uid, int gid); }
-	SYS_OBREAK                 = 17  // { int obreak(char *nsize); } break \
-	SYS_GETPID                 = 20  // { pid_t getpid(void); }
-	SYS_MOUNT                  = 21  // { int mount(char *type, char *path, \
-	SYS_UNMOUNT                = 22  // { int unmount(char *path, int flags); }
-	SYS_SETUID                 = 23  // { int setuid(uid_t uid); }
-	SYS_GETUID                 = 24  // { uid_t getuid(void); }
-	SYS_GETEUID                = 25  // { uid_t geteuid(void); }
-	SYS_PTRACE                 = 26  // { int ptrace(int req, pid_t pid, \
-	SYS_RECVMSG                = 27  // { int recvmsg(int s, struct msghdr *msg, \
-	SYS_SENDMSG                = 28  // { int sendmsg(int s, struct msghdr *msg, \
-	SYS_RECVFROM               = 29  // { int recvfrom(int s, caddr_t buf, \
-	SYS_ACCEPT                 = 30  // { int accept(int s, \
-	SYS_GETPEERNAME            = 31  // { int getpeername(int fdes, \
-	SYS_GETSOCKNAME            = 32  // { int getsockname(int fdes, \
-	SYS_ACCESS                 = 33  // { int access(char *path, int amode); }
-	SYS_CHFLAGS                = 34  // { int chflags(const char *path, u_long flags); }
-	SYS_FCHFLAGS               = 35  // { int fchflags(int fd, u_long flags); }
-	SYS_SYNC                   = 36  // { int sync(void); }
-	SYS_KILL                   = 37  // { int kill(int pid, int signum); }
-	SYS_GETPPID                = 39  // { pid_t getppid(void); }
-	SYS_DUP                    = 41  // { int dup(u_int fd); }
-	SYS_PIPE                   = 42  // { int pipe(void); }
-	SYS_GETEGID                = 43  // { gid_t getegid(void); }
-	SYS_PROFIL                 = 44  // { int profil(caddr_t samples, size_t size, \
-	SYS_KTRACE                 = 45  // { int ktrace(const char *fname, int ops, \
-	SYS_GETGID                 = 47  // { gid_t getgid(void); }
-	SYS_GETLOGIN               = 49  // { int getlogin(char *namebuf, u_int \
-	SYS_SETLOGIN               = 50  // { int setlogin(char *namebuf); }
-	SYS_ACCT                   = 51  // { int acct(char *path); }
-	SYS_SIGALTSTACK            = 53  // { int sigaltstack(stack_t *ss, \
-	SYS_IOCTL                  = 54  // { int ioctl(int fd, u_long com, \
-	SYS_REBOOT                 = 55  // { int reboot(int opt); }
-	SYS_REVOKE                 = 56  // { int revoke(char *path); }
-	SYS_SYMLINK                = 57  // { int symlink(char *path, char *link); }
-	SYS_READLINK               = 58  // { ssize_t readlink(char *path, char *buf, \
-	SYS_EXECVE                 = 59  // { int execve(char *fname, char **argv, \
-	SYS_UMASK                  = 60  // { int umask(int newmask); } umask umask_args \
-	SYS_CHROOT                 = 61  // { int chroot(char *path); }
-	SYS_MSYNC                  = 65  // { int msync(void *addr, size_t len, \
-	SYS_VFORK                  = 66  // { int vfork(void); }
-	SYS_SBRK                   = 69  // { int sbrk(int incr); }
-	SYS_SSTK                   = 70  // { int sstk(int incr); }
-	SYS_OVADVISE               = 72  // { int ovadvise(int anom); } vadvise \
-	SYS_MUNMAP                 = 73  // { int munmap(void *addr, size_t len); }
-	SYS_MPROTECT               = 74  // { int mprotect(const void *addr, size_t len, \
-	SYS_MADVISE                = 75  // { int madvise(void *addr, size_t len, \
-	SYS_MINCORE                = 78  // { int mincore(const void *addr, size_t len, \
-	SYS_GETGROUPS              = 79  // { int getgroups(u_int gidsetsize, \
-	SYS_SETGROUPS              = 80  // { int setgroups(u_int gidsetsize, \
-	SYS_GETPGRP                = 81  // { int getpgrp(void); }
-	SYS_SETPGID                = 82  // { int setpgid(int pid, int pgid); }
-	SYS_SETITIMER              = 83  // { int setitimer(u_int which, struct \
-	SYS_SWAPON                 = 85  // { int swapon(char *name); }
-	SYS_GETITIMER              = 86  // { int getitimer(u_int which, \
-	SYS_GETDTABLESIZE          = 89  // { int getdtablesize(void); }
-	SYS_DUP2                   = 90  // { int dup2(u_int from, u_int to); }
-	SYS_FCNTL                  = 92  // { int fcntl(int fd, int cmd, long arg); }
-	SYS_SELECT                 = 93  // { int select(int nd, fd_set *in, fd_set *ou, \
-	SYS_FSYNC                  = 95  // { int fsync(int fd); }
-	SYS_SETPRIORITY            = 96  // { int setpriority(int which, int who, \
-	SYS_SOCKET                 = 97  // { int socket(int domain, int type, \
-	SYS_CONNECT                = 98  // { int connect(int s, caddr_t name, \
-	SYS_GETPRIORITY            = 100 // { int getpriority(int which, int who); }
-	SYS_BIND                   = 104 // { int bind(int s, caddr_t name, \
-	SYS_SETSOCKOPT             = 105 // { int setsockopt(int s, int level, int name, \
-	SYS_LISTEN                 = 106 // { int listen(int s, int backlog); }
-	SYS_GETTIMEOFDAY           = 116 // { int gettimeofday(struct timeval *tp, \
-	SYS_GETRUSAGE              = 117 // { int getrusage(int who, \
-	SYS_GETSOCKOPT             = 118 // { int getsockopt(int s, int level, int name, \
-	SYS_READV                  = 120 // { int readv(int fd, struct iovec *iovp, \
-	SYS_WRITEV                 = 121 // { int writev(int fd, struct iovec *iovp, \
-	SYS_SETTIMEOFDAY           = 122 // { int settimeofday(struct timeval *tv, \
-	SYS_FCHOWN                 = 123 // { int fchown(int fd, int uid, int gid); }
-	SYS_FCHMOD                 = 124 // { int fchmod(int fd, int mode); }
-	SYS_SETREUID               = 126 // { int setreuid(int ruid, int euid); }
-	SYS_SETREGID               = 127 // { int setregid(int rgid, int egid); }
-	SYS_RENAME                 = 128 // { int rename(char *from, char *to); }
-	SYS_FLOCK                  = 131 // { int flock(int fd, int how); }
-	SYS_MKFIFO                 = 132 // { int mkfifo(char *path, int mode); }
-	SYS_SENDTO                 = 133 // { int sendto(int s, caddr_t buf, size_t len, \
-	SYS_SHUTDOWN               = 134 // { int shutdown(int s, int how); }
-	SYS_SOCKETPAIR             = 135 // { int socketpair(int domain, int type, \
-	SYS_MKDIR                  = 136 // { int mkdir(char *path, int mode); }
-	SYS_RMDIR                  = 137 // { int rmdir(char *path); }
-	SYS_UTIMES                 = 138 // { int utimes(char *path, \
-	SYS_ADJTIME                = 140 // { int adjtime(struct timeval *delta, \
-	SYS_SETSID                 = 147 // { int setsid(void); }
-	SYS_QUOTACTL               = 148 // { int quotactl(char *path, int cmd, int uid, \
-	SYS_LGETFH                 = 160 // { int lgetfh(char *fname, \
-	SYS_GETFH                  = 161 // { int getfh(char *fname, \
-	SYS_SYSARCH                = 165 // { int sysarch(int op, char *parms); }
-	SYS_RTPRIO                 = 166 // { int rtprio(int function, pid_t pid, \
-	SYS_FREEBSD6_PREAD         = 173 // { ssize_t freebsd6_pread(int fd, void *buf, \
-	SYS_FREEBSD6_PWRITE        = 174 // { ssize_t freebsd6_pwrite(int fd, \
-	SYS_SETFIB                 = 175 // { int setfib(int fibnum); }
-	SYS_NTP_ADJTIME            = 176 // { int ntp_adjtime(struct timex *tp); }
-	SYS_SETGID                 = 181 // { int setgid(gid_t gid); }
-	SYS_SETEGID                = 182 // { int setegid(gid_t egid); }
-	SYS_SETEUID                = 183 // { int seteuid(uid_t euid); }
-	SYS_STAT                   = 188 // { int stat(char *path, struct stat *ub); }
-	SYS_FSTAT                  = 189 // { int fstat(int fd, struct stat *sb); }
-	SYS_LSTAT                  = 190 // { int lstat(char *path, struct stat *ub); }
-	SYS_PATHCONF               = 191 // { int pathconf(char *path, int name); }
-	SYS_FPATHCONF              = 192 // { int fpathconf(int fd, int name); }
-	SYS_GETRLIMIT              = 194 // { int getrlimit(u_int which, \
-	SYS_SETRLIMIT              = 195 // { int setrlimit(u_int which, \
-	SYS_GETDIRENTRIES          = 196 // { int getdirentries(int fd, char *buf, \
-	SYS_FREEBSD6_MMAP          = 197 // { caddr_t freebsd6_mmap(caddr_t addr, \
-	SYS_FREEBSD6_LSEEK         = 199 // { off_t freebsd6_lseek(int fd, int pad, \
-	SYS_FREEBSD6_TRUNCATE      = 200 // { int freebsd6_truncate(char *path, int pad, \
-	SYS_FREEBSD6_FTRUNCATE     = 201 // { int freebsd6_ftruncate(int fd, int pad, \
-	SYS___SYSCTL               = 202 // { int __sysctl(int *name, u_int namelen, \
-	SYS_MLOCK                  = 203 // { int mlock(const void *addr, size_t len); }
-	SYS_MUNLOCK                = 204 // { int munlock(const void *addr, size_t len); }
-	SYS_UNDELETE               = 205 // { int undelete(char *path); }
-	SYS_FUTIMES                = 206 // { int futimes(int fd, struct timeval *tptr); }
-	SYS_GETPGID                = 207 // { int getpgid(pid_t pid); }
-	SYS_POLL                   = 209 // { int poll(struct pollfd *fds, u_int nfds, \
-	SYS_CLOCK_GETTIME          = 232 // { int clock_gettime(clockid_t clock_id, \
-	SYS_CLOCK_SETTIME          = 233 // { int clock_settime( \
-	SYS_CLOCK_GETRES           = 234 // { int clock_getres(clockid_t clock_id, \
-	SYS_KTIMER_CREATE          = 235 // { int ktimer_create(clockid_t clock_id, \
-	SYS_KTIMER_DELETE          = 236 // { int ktimer_delete(int timerid); }
-	SYS_KTIMER_SETTIME         = 237 // { int ktimer_settime(int timerid, int flags, \
-	SYS_KTIMER_GETTIME         = 238 // { int ktimer_gettime(int timerid, struct \
-	SYS_KTIMER_GETOVERRUN      = 239 // { int ktimer_getoverrun(int timerid); }
-	SYS_NANOSLEEP              = 240 // { int nanosleep(const struct timespec *rqtp, \
-	SYS_FFCLOCK_GETCOUNTER     = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
-	SYS_FFCLOCK_SETESTIMATE    = 242 // { int ffclock_setestimate( \
-	SYS_FFCLOCK_GETESTIMATE    = 243 // { int ffclock_getestimate( \
-	SYS_CLOCK_GETCPUCLOCKID2   = 247 // { int clock_getcpuclockid2(id_t id,\
-	SYS_NTP_GETTIME            = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
-	SYS_MINHERIT               = 250 // { int minherit(void *addr, size_t len, \
-	SYS_RFORK                  = 251 // { int rfork(int flags); }
-	SYS_OPENBSD_POLL           = 252 // { int openbsd_poll(struct pollfd *fds, \
-	SYS_ISSETUGID              = 253 // { int issetugid(void); }
-	SYS_LCHOWN                 = 254 // { int lchown(char *path, int uid, int gid); }
-	SYS_GETDENTS               = 272 // { int getdents(int fd, char *buf, \
-	SYS_LCHMOD                 = 274 // { int lchmod(char *path, mode_t mode); }
-	SYS_LUTIMES                = 276 // { int lutimes(char *path, \
-	SYS_NSTAT                  = 278 // { int nstat(char *path, struct nstat *ub); }
-	SYS_NFSTAT                 = 279 // { int nfstat(int fd, struct nstat *sb); }
-	SYS_NLSTAT                 = 280 // { int nlstat(char *path, struct nstat *ub); }
-	SYS_PREADV                 = 289 // { ssize_t preadv(int fd, struct iovec *iovp, \
-	SYS_PWRITEV                = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, \
-	SYS_FHOPEN                 = 298 // { int fhopen(const struct fhandle *u_fhp, \
-	SYS_FHSTAT                 = 299 // { int fhstat(const struct fhandle *u_fhp, \
-	SYS_MODNEXT                = 300 // { int modnext(int modid); }
-	SYS_MODSTAT                = 301 // { int modstat(int modid, \
-	SYS_MODFNEXT               = 302 // { int modfnext(int modid); }
-	SYS_MODFIND                = 303 // { int modfind(const char *name); }
-	SYS_KLDLOAD                = 304 // { int kldload(const char *file); }
-	SYS_KLDUNLOAD              = 305 // { int kldunload(int fileid); }
-	SYS_KLDFIND                = 306 // { int kldfind(const char *file); }
-	SYS_KLDNEXT                = 307 // { int kldnext(int fileid); }
-	SYS_KLDSTAT                = 308 // { int kldstat(int fileid, struct \
-	SYS_KLDFIRSTMOD            = 309 // { int kldfirstmod(int fileid); }
-	SYS_GETSID                 = 310 // { int getsid(pid_t pid); }
-	SYS_SETRESUID              = 311 // { int setresuid(uid_t ruid, uid_t euid, \
-	SYS_SETRESGID              = 312 // { int setresgid(gid_t rgid, gid_t egid, \
-	SYS_YIELD                  = 321 // { int yield(void); }
-	SYS_MLOCKALL               = 324 // { int mlockall(int how); }
-	SYS_MUNLOCKALL             = 325 // { int munlockall(void); }
-	SYS___GETCWD               = 326 // { int __getcwd(char *buf, u_int buflen); }
-	SYS_SCHED_SETPARAM         = 327 // { int sched_setparam (pid_t pid, \
-	SYS_SCHED_GETPARAM         = 328 // { int sched_getparam (pid_t pid, struct \
-	SYS_SCHED_SETSCHEDULER     = 329 // { int sched_setscheduler (pid_t pid, int \
-	SYS_SCHED_GETSCHEDULER     = 330 // { int sched_getscheduler (pid_t pid); }
-	SYS_SCHED_YIELD            = 331 // { int sched_yield (void); }
-	SYS_SCHED_GET_PRIORITY_MAX = 332 // { int sched_get_priority_max (int policy); }
-	SYS_SCHED_GET_PRIORITY_MIN = 333 // { int sched_get_priority_min (int policy); }
-	SYS_SCHED_RR_GET_INTERVAL  = 334 // { int sched_rr_get_interval (pid_t pid, \
-	SYS_UTRACE                 = 335 // { int utrace(const void *addr, size_t len); }
-	SYS_KLDSYM                 = 337 // { int kldsym(int fileid, int cmd, \
-	SYS_JAIL                   = 338 // { int jail(struct jail *jail); }
-	SYS_SIGPROCMASK            = 340 // { int sigprocmask(int how, \
-	SYS_SIGSUSPEND             = 341 // { int sigsuspend(const sigset_t *sigmask); }
-	SYS_SIGPENDING             = 343 // { int sigpending(sigset_t *set); }
-	SYS_SIGTIMEDWAIT           = 345 // { int sigtimedwait(const sigset_t *set, \
-	SYS_SIGWAITINFO            = 346 // { int sigwaitinfo(const sigset_t *set, \
-	SYS___ACL_GET_FILE         = 347 // { int __acl_get_file(const char *path, \
-	SYS___ACL_SET_FILE         = 348 // { int __acl_set_file(const char *path, \
-	SYS___ACL_GET_FD           = 349 // { int __acl_get_fd(int filedes, \
-	SYS___ACL_SET_FD           = 350 // { int __acl_set_fd(int filedes, \
-	SYS___ACL_DELETE_FILE      = 351 // { int __acl_delete_file(const char *path, \
-	SYS___ACL_DELETE_FD        = 352 // { int __acl_delete_fd(int filedes, \
-	SYS___ACL_ACLCHECK_FILE    = 353 // { int __acl_aclcheck_file(const char *path, \
-	SYS___ACL_ACLCHECK_FD      = 354 // { int __acl_aclcheck_fd(int filedes, \
-	SYS_EXTATTRCTL             = 355 // { int extattrctl(const char *path, int cmd, \
-	SYS_EXTATTR_SET_FILE       = 356 // { ssize_t extattr_set_file( \
-	SYS_EXTATTR_GET_FILE       = 357 // { ssize_t extattr_get_file( \
-	SYS_EXTATTR_DELETE_FILE    = 358 // { int extattr_delete_file(const char *path, \
-	SYS_GETRESUID              = 360 // { int getresuid(uid_t *ruid, uid_t *euid, \
-	SYS_GETRESGID              = 361 // { int getresgid(gid_t *rgid, gid_t *egid, \
-	SYS_KQUEUE                 = 362 // { int kqueue(void); }
-	SYS_KEVENT                 = 363 // { int kevent(int fd, \
-	SYS_EXTATTR_SET_FD         = 371 // { ssize_t extattr_set_fd(int fd, \
-	SYS_EXTATTR_GET_FD         = 372 // { ssize_t extattr_get_fd(int fd, \
-	SYS_EXTATTR_DELETE_FD      = 373 // { int extattr_delete_fd(int fd, \
-	SYS___SETUGID              = 374 // { int __setugid(int flag); }
-	SYS_EACCESS                = 376 // { int eaccess(char *path, int amode); }
-	SYS_NMOUNT                 = 378 // { int nmount(struct iovec *iovp, \
-	SYS___MAC_GET_PROC         = 384 // { int __mac_get_proc(struct mac *mac_p); }
-	SYS___MAC_SET_PROC         = 385 // { int __mac_set_proc(struct mac *mac_p); }
-	SYS___MAC_GET_FD           = 386 // { int __mac_get_fd(int fd, \
-	SYS___MAC_GET_FILE         = 387 // { int __mac_get_file(const char *path_p, \
-	SYS___MAC_SET_FD           = 388 // { int __mac_set_fd(int fd, \
-	SYS___MAC_SET_FILE         = 389 // { int __mac_set_file(const char *path_p, \
-	SYS_KENV                   = 390 // { int kenv(int what, const char *name, \
-	SYS_LCHFLAGS               = 391 // { int lchflags(const char *path, \
-	SYS_UUIDGEN                = 392 // { int uuidgen(struct uuid *store, \
-	SYS_SENDFILE               = 393 // { int sendfile(int fd, int s, off_t offset, \
-	SYS_MAC_SYSCALL            = 394 // { int mac_syscall(const char *policy, \
-	SYS_GETFSSTAT              = 395 // { int getfsstat(struct statfs *buf, \
-	SYS_STATFS                 = 396 // { int statfs(char *path, \
-	SYS_FSTATFS                = 397 // { int fstatfs(int fd, struct statfs *buf); }
-	SYS_FHSTATFS               = 398 // { int fhstatfs(const struct fhandle *u_fhp, \
-	SYS___MAC_GET_PID          = 409 // { int __mac_get_pid(pid_t pid, \
-	SYS___MAC_GET_LINK         = 410 // { int __mac_get_link(const char *path_p, \
-	SYS___MAC_SET_LINK         = 411 // { int __mac_set_link(const char *path_p, \
-	SYS_EXTATTR_SET_LINK       = 412 // { ssize_t extattr_set_link( \
-	SYS_EXTATTR_GET_LINK       = 413 // { ssize_t extattr_get_link( \
-	SYS_EXTATTR_DELETE_LINK    = 414 // { int extattr_delete_link( \
-	SYS___MAC_EXECVE           = 415 // { int __mac_execve(char *fname, char **argv, \
-	SYS_SIGACTION              = 416 // { int sigaction(int sig, \
-	SYS_SIGRETURN              = 417 // { int sigreturn( \
-	SYS_GETCONTEXT             = 421 // { int getcontext(struct __ucontext *ucp); }
-	SYS_SETCONTEXT             = 422 // { int setcontext( \
-	SYS_SWAPCONTEXT            = 423 // { int swapcontext(struct __ucontext *oucp, \
-	SYS_SWAPOFF                = 424 // { int swapoff(const char *name); }
-	SYS___ACL_GET_LINK         = 425 // { int __acl_get_link(const char *path, \
-	SYS___ACL_SET_LINK         = 426 // { int __acl_set_link(const char *path, \
-	SYS___ACL_DELETE_LINK      = 427 // { int __acl_delete_link(const char *path, \
-	SYS___ACL_ACLCHECK_LINK    = 428 // { int __acl_aclcheck_link(const char *path, \
-	SYS_SIGWAIT                = 429 // { int sigwait(const sigset_t *set, \
-	SYS_THR_CREATE             = 430 // { int thr_create(ucontext_t *ctx, long *id, \
-	SYS_THR_EXIT               = 431 // { void thr_exit(long *state); }
-	SYS_THR_SELF               = 432 // { int thr_self(long *id); }
-	SYS_THR_KILL               = 433 // { int thr_kill(long id, int sig); }
-	SYS__UMTX_LOCK             = 434 // { int _umtx_lock(struct umtx *umtx); }
-	SYS__UMTX_UNLOCK           = 435 // { int _umtx_unlock(struct umtx *umtx); }
-	SYS_JAIL_ATTACH            = 436 // { int jail_attach(int jid); }
-	SYS_EXTATTR_LIST_FD        = 437 // { ssize_t extattr_list_fd(int fd, \
-	SYS_EXTATTR_LIST_FILE      = 438 // { ssize_t extattr_list_file( \
-	SYS_EXTATTR_LIST_LINK      = 439 // { ssize_t extattr_list_link( \
-	SYS_THR_SUSPEND            = 442 // { int thr_suspend( \
-	SYS_THR_WAKE               = 443 // { int thr_wake(long id); }
-	SYS_KLDUNLOADF             = 444 // { int kldunloadf(int fileid, int flags); }
-	SYS_AUDIT                  = 445 // { int audit(const void *record, \
-	SYS_AUDITON                = 446 // { int auditon(int cmd, void *data, \
-	SYS_GETAUID                = 447 // { int getauid(uid_t *auid); }
-	SYS_SETAUID                = 448 // { int setauid(uid_t *auid); }
-	SYS_GETAUDIT               = 449 // { int getaudit(struct auditinfo *auditinfo); }
-	SYS_SETAUDIT               = 450 // { int setaudit(struct auditinfo *auditinfo); }
-	SYS_GETAUDIT_ADDR          = 451 // { int getaudit_addr( \
-	SYS_SETAUDIT_ADDR          = 452 // { int setaudit_addr( \
-	SYS_AUDITCTL               = 453 // { int auditctl(char *path); }
-	SYS__UMTX_OP               = 454 // { int _umtx_op(void *obj, int op, \
-	SYS_THR_NEW                = 455 // { int thr_new(struct thr_param *param, \
-	SYS_SIGQUEUE               = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
-	SYS_ABORT2                 = 463 // { int abort2(const char *why, int nargs, void **args); }
-	SYS_THR_SET_NAME           = 464 // { int thr_set_name(long id, const char *name); }
-	SYS_RTPRIO_THREAD          = 466 // { int rtprio_thread(int function, \
-	SYS_PREAD                  = 475 // { ssize_t pread(int fd, void *buf, \
-	SYS_PWRITE                 = 476 // { ssize_t pwrite(int fd, const void *buf, \
-	SYS_MMAP                   = 477 // { caddr_t mmap(caddr_t addr, size_t len, \
-	SYS_LSEEK                  = 478 // { off_t lseek(int fd, off_t offset, \
-	SYS_TRUNCATE               = 479 // { int truncate(char *path, off_t length); }
-	SYS_FTRUNCATE              = 480 // { int ftruncate(int fd, off_t length); }
-	SYS_THR_KILL2              = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
-	SYS_SHM_OPEN               = 482 // { int shm_open(const char *path, int flags, \
-	SYS_SHM_UNLINK             = 483 // { int shm_unlink(const char *path); }
-	SYS_CPUSET                 = 484 // { int cpuset(cpusetid_t *setid); }
-	SYS_CPUSET_SETID           = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, \
-	SYS_CPUSET_GETID           = 486 // { int cpuset_getid(cpulevel_t level, \
-	SYS_CPUSET_GETAFFINITY     = 487 // { int cpuset_getaffinity(cpulevel_t level, \
-	SYS_CPUSET_SETAFFINITY     = 488 // { int cpuset_setaffinity(cpulevel_t level, \
-	SYS_FACCESSAT              = 489 // { int faccessat(int fd, char *path, int amode, \
-	SYS_FCHMODAT               = 490 // { int fchmodat(int fd, char *path, mode_t mode, \
-	SYS_FCHOWNAT               = 491 // { int fchownat(int fd, char *path, uid_t uid, \
-	SYS_FEXECVE                = 492 // { int fexecve(int fd, char **argv, \
-	SYS_FSTATAT                = 493 // { int fstatat(int fd, char *path, \
-	SYS_FUTIMESAT              = 494 // { int futimesat(int fd, char *path, \
-	SYS_LINKAT                 = 495 // { int linkat(int fd1, char *path1, int fd2, \
-	SYS_MKDIRAT                = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
-	SYS_MKFIFOAT               = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
-	SYS_MKNODAT                = 498 // { int mknodat(int fd, char *path, mode_t mode, \
-	SYS_OPENAT                 = 499 // { int openat(int fd, char *path, int flag, \
-	SYS_READLINKAT             = 500 // { int readlinkat(int fd, char *path, char *buf, \
-	SYS_RENAMEAT               = 501 // { int renameat(int oldfd, char *old, int newfd, \
-	SYS_SYMLINKAT              = 502 // { int symlinkat(char *path1, int fd, \
-	SYS_UNLINKAT               = 503 // { int unlinkat(int fd, char *path, int flag); }
-	SYS_POSIX_OPENPT           = 504 // { int posix_openpt(int flags); }
-	SYS_JAIL_GET               = 506 // { int jail_get(struct iovec *iovp, \
-	SYS_JAIL_SET               = 507 // { int jail_set(struct iovec *iovp, \
-	SYS_JAIL_REMOVE            = 508 // { int jail_remove(int jid); }
-	SYS_CLOSEFROM              = 509 // { int closefrom(int lowfd); }
-	SYS_LPATHCONF              = 513 // { int lpathconf(char *path, int name); }
-	SYS___CAP_RIGHTS_GET       = 515 // { int __cap_rights_get(int version, \
-	SYS_CAP_ENTER              = 516 // { int cap_enter(void); }
-	SYS_CAP_GETMODE            = 517 // { int cap_getmode(u_int *modep); }
-	SYS_PDFORK                 = 518 // { int pdfork(int *fdp, int flags); }
-	SYS_PDKILL                 = 519 // { int pdkill(int fd, int signum); }
-	SYS_PDGETPID               = 520 // { int pdgetpid(int fd, pid_t *pidp); }
-	SYS_PSELECT                = 522 // { int pselect(int nd, fd_set *in, \
-	SYS_GETLOGINCLASS          = 523 // { int getloginclass(char *namebuf, \
-	SYS_SETLOGINCLASS          = 524 // { int setloginclass(const char *namebuf); }
-	SYS_RCTL_GET_RACCT         = 525 // { int rctl_get_racct(const void *inbufp, \
-	SYS_RCTL_GET_RULES         = 526 // { int rctl_get_rules(const void *inbufp, \
-	SYS_RCTL_GET_LIMITS        = 527 // { int rctl_get_limits(const void *inbufp, \
-	SYS_RCTL_ADD_RULE          = 528 // { int rctl_add_rule(const void *inbufp, \
-	SYS_RCTL_REMOVE_RULE       = 529 // { int rctl_remove_rule(const void *inbufp, \
-	SYS_POSIX_FALLOCATE        = 530 // { int posix_fallocate(int fd, \
-	SYS_POSIX_FADVISE          = 531 // { int posix_fadvise(int fd, off_t offset, \
-	SYS_WAIT6                  = 532 // { int wait6(idtype_t idtype, id_t id, \
-	SYS_CAP_RIGHTS_LIMIT       = 533 // { int cap_rights_limit(int fd, \
-	SYS_CAP_IOCTLS_LIMIT       = 534 // { int cap_ioctls_limit(int fd, \
-	SYS_CAP_IOCTLS_GET         = 535 // { ssize_t cap_ioctls_get(int fd, \
-	SYS_CAP_FCNTLS_LIMIT       = 536 // { int cap_fcntls_limit(int fd, \
-	SYS_CAP_FCNTLS_GET         = 537 // { int cap_fcntls_get(int fd, \
-	SYS_BINDAT                 = 538 // { int bindat(int fd, int s, caddr_t name, \
-	SYS_CONNECTAT              = 539 // { int connectat(int fd, int s, caddr_t name, \
-	SYS_CHFLAGSAT              = 540 // { int chflagsat(int fd, const char *path, \
-	SYS_ACCEPT4                = 541 // { int accept4(int s, \
-	SYS_PIPE2                  = 542 // { int pipe2(int *fildes, int flags); }
-	SYS_PROCCTL                = 544 // { int procctl(idtype_t idtype, id_t id, \
-	SYS_PPOLL                  = 545 // { int ppoll(struct pollfd *fds, u_int nfds, \
-	SYS_FUTIMENS               = 546 // { int futimens(int fd, \
-	SYS_UTIMENSAT              = 547 // { int utimensat(int fd, \
+	SYS_EXIT                     = 1   // { void sys_exit(int rval); } exit sys_exit_args void
+	SYS_FORK                     = 2   // { int fork(void); }
+	SYS_READ                     = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                    = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                     = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE                    = 6   // { int close(int fd); }
+	SYS_WAIT4                    = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); }
+	SYS_LINK                     = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                   = 10  // { int unlink(char *path); }
+	SYS_CHDIR                    = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                   = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                    = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                    = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                    = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                   = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETPID                   = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                    = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                  = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                   = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                   = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                  = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                   = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                  = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                  = 28  // { int sendmsg(int s, struct msghdr *msg, int flags); }
+	SYS_RECVFROM                 = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); }
+	SYS_ACCEPT                   = 30  // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); }
+	SYS_GETPEERNAME              = 31  // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_GETSOCKNAME              = 32  // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_ACCESS                   = 33  // { int access(char *path, int amode); }
+	SYS_CHFLAGS                  = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS                 = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                     = 36  // { int sync(void); }
+	SYS_KILL                     = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                  = 39  // { pid_t getppid(void); }
+	SYS_DUP                      = 41  // { int dup(u_int fd); }
+	SYS_PIPE                     = 42  // { int pipe(void); }
+	SYS_GETEGID                  = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                   = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE                   = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                   = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN                 = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN                 = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                     = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK              = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                    = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                   = 55  // { int reboot(int opt); }
+	SYS_REVOKE                   = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                  = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK                 = 58  // { ssize_t readlink(char *path, char *buf, size_t count); }
+	SYS_EXECVE                   = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                    = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                   = 61  // { int chroot(char *path); }
+	SYS_MSYNC                    = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                    = 66  // { int vfork(void); }
+	SYS_SBRK                     = 69  // { int sbrk(int incr); }
+	SYS_SSTK                     = 70  // { int sstk(int incr); }
+	SYS_OVADVISE                 = 72  // { int ovadvise(int anom); } vadvise ovadvise_args int
+	SYS_MUNMAP                   = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT                 = 74  // { int mprotect(const void *addr, size_t len, int prot); }
+	SYS_MADVISE                  = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                  = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS                = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS                = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                  = 81  // { int getpgrp(void); }
+	SYS_SETPGID                  = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER                = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                   = 85  // { int swapon(char *name); }
+	SYS_GETITIMER                = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE            = 89  // { int getdtablesize(void); }
+	SYS_DUP2                     = 90  // { int dup2(u_int from, u_int to); }
+	SYS_FCNTL                    = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                   = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                    = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY              = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                   = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                  = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY              = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                     = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT               = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                   = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY             = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE                = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT               = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                    = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                   = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY             = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                   = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                   = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID                 = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID                 = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                   = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                    = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                   = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                   = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN                 = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR               = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                    = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                    = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                   = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                  = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                   = 147 // { int setsid(void); }
+	SYS_QUOTACTL                 = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_NLM_SYSCALL              = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); }
+	SYS_NFSSVC                   = 155 // { int nfssvc(int flag, caddr_t argp); }
+	SYS_LGETFH                   = 160 // { int lgetfh(char *fname, struct fhandle *fhp); }
+	SYS_GETFH                    = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                  = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                   = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_SEMSYS                   = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); }
+	SYS_MSGSYS                   = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); }
+	SYS_SHMSYS                   = 171 // { int shmsys(int which, int a2, int a3, int a4); }
+	SYS_SETFIB                   = 175 // { int setfib(int fibnum); }
+	SYS_NTP_ADJTIME              = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                   = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                  = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                  = 183 // { int seteuid(uid_t euid); }
+	SYS_STAT                     = 188 // { int stat(char *path, struct stat *ub); }
+	SYS_FSTAT                    = 189 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                    = 190 // { int lstat(char *path, struct stat *ub); }
+	SYS_PATHCONF                 = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF                = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT                = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT                = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_GETDIRENTRIES            = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS___SYSCTL                 = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                    = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                  = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE                 = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                  = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                  = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                     = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET                   = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                    = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_MSGGET                   = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                   = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                   = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                    = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                    = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                   = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME            = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME            = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES             = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_KTIMER_CREATE            = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); }
+	SYS_KTIMER_DELETE            = 236 // { int ktimer_delete(int timerid); }
+	SYS_KTIMER_SETTIME           = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_KTIMER_GETTIME           = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); }
+	SYS_KTIMER_GETOVERRUN        = 239 // { int ktimer_getoverrun(int timerid); }
+	SYS_NANOSLEEP                = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FFCLOCK_GETCOUNTER       = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
+	SYS_FFCLOCK_SETESTIMATE      = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); }
+	SYS_FFCLOCK_GETESTIMATE      = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); }
+	SYS_CLOCK_NANOSLEEP          = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_CLOCK_GETCPUCLOCKID2     = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); }
+	SYS_NTP_GETTIME              = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_MINHERIT                 = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                    = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL             = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID                = 253 // { int issetugid(void); }
+	SYS_LCHOWN                   = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_AIO_READ                 = 255 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE                = 256 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO               = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_GETDENTS                 = 272 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_LCHMOD                   = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                  = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_NSTAT                    = 278 // { int nstat(char *path, struct nstat *ub); }
+	SYS_NFSTAT                   = 279 // { int nfstat(int fd, struct nstat *sb); }
+	SYS_NLSTAT                   = 280 // { int nlstat(char *path, struct nstat *ub); }
+	SYS_PREADV                   = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_PWRITEV                  = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_FHOPEN                   = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_FHSTAT                   = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_MODNEXT                  = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                  = 301 // { int modstat(int modid, struct module_stat *stat); }
+	SYS_MODFNEXT                 = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                  = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                  = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD                = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                  = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                  = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                  = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD              = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                   = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID                = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID                = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN               = 314 // { ssize_t aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND              = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL               = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR                = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_YIELD                    = 321 // { int yield(void); }
+	SYS_MLOCKALL                 = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL               = 325 // { int munlockall(void); }
+	SYS___GETCWD                 = 326 // { int __getcwd(char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM           = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM           = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER       = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER       = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD              = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX   = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN   = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL    = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                   = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                   = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                     = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK              = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND               = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGPENDING               = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGTIMEDWAIT             = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO              = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); }
+	SYS___ACL_GET_FILE           = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE           = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD             = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD             = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE        = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD          = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE      = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD        = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL               = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE         = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE         = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE      = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE         = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID                = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID                = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                   = 362 // { int kqueue(void); }
+	SYS_KEVENT                   = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_EXTATTR_SET_FD           = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD           = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD        = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS___SETUGID                = 374 // { int __setugid(int flag); }
+	SYS_EACCESS                  = 376 // { int eaccess(char *path, int amode); }
+	SYS_NMOUNT                   = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS___MAC_GET_PROC           = 384 // { int __mac_get_proc(struct mac *mac_p); }
+	SYS___MAC_SET_PROC           = 385 // { int __mac_set_proc(struct mac *mac_p); }
+	SYS___MAC_GET_FD             = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_GET_FILE           = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_FD             = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_SET_FILE           = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); }
+	SYS_KENV                     = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS                 = 391 // { int lchflags(const char *path, u_long flags); }
+	SYS_UUIDGEN                  = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE                 = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_MAC_SYSCALL              = 394 // { int mac_syscall(const char *policy, int call, void *arg); }
+	SYS_GETFSSTAT                = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); }
+	SYS_STATFS                   = 396 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                  = 397 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS                 = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_KSEM_CLOSE               = 400 // { int ksem_close(semid_t id); }
+	SYS_KSEM_POST                = 401 // { int ksem_post(semid_t id); }
+	SYS_KSEM_WAIT                = 402 // { int ksem_wait(semid_t id); }
+	SYS_KSEM_TRYWAIT             = 403 // { int ksem_trywait(semid_t id); }
+	SYS_KSEM_INIT                = 404 // { int ksem_init(semid_t *idp, unsigned int value); }
+	SYS_KSEM_OPEN                = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); }
+	SYS_KSEM_UNLINK              = 406 // { int ksem_unlink(const char *name); }
+	SYS_KSEM_GETVALUE            = 407 // { int ksem_getvalue(semid_t id, int *val); }
+	SYS_KSEM_DESTROY             = 408 // { int ksem_destroy(semid_t id); }
+	SYS___MAC_GET_PID            = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); }
+	SYS___MAC_GET_LINK           = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_LINK           = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); }
+	SYS_EXTATTR_SET_LINK         = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK         = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK      = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); }
+	SYS___MAC_EXECVE             = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); }
+	SYS_SIGACTION                = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGRETURN                = 417 // { int sigreturn( const struct __ucontext *sigcntxp); }
+	SYS_GETCONTEXT               = 421 // { int getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT               = 422 // { int setcontext( const struct __ucontext *ucp); }
+	SYS_SWAPCONTEXT              = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); }
+	SYS_SWAPOFF                  = 424 // { int swapoff(const char *name); }
+	SYS___ACL_GET_LINK           = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_LINK           = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_LINK        = 427 // { int __acl_delete_link(const char *path, acl_type_t type); }
+	SYS___ACL_ACLCHECK_LINK      = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS_SIGWAIT                  = 429 // { int sigwait(const sigset_t *set, int *sig); }
+	SYS_THR_CREATE               = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); }
+	SYS_THR_EXIT                 = 431 // { void thr_exit(long *state); }
+	SYS_THR_SELF                 = 432 // { int thr_self(long *id); }
+	SYS_THR_KILL                 = 433 // { int thr_kill(long id, int sig); }
+	SYS_JAIL_ATTACH              = 436 // { int jail_attach(int jid); }
+	SYS_EXTATTR_LIST_FD          = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE        = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK        = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_KSEM_TIMEDWAIT           = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); }
+	SYS_THR_SUSPEND              = 442 // { int thr_suspend( const struct timespec *timeout); }
+	SYS_THR_WAKE                 = 443 // { int thr_wake(long id); }
+	SYS_KLDUNLOADF               = 444 // { int kldunloadf(int fileid, int flags); }
+	SYS_AUDIT                    = 445 // { int audit(const void *record, u_int length); }
+	SYS_AUDITON                  = 446 // { int auditon(int cmd, void *data, u_int length); }
+	SYS_GETAUID                  = 447 // { int getauid(uid_t *auid); }
+	SYS_SETAUID                  = 448 // { int setauid(uid_t *auid); }
+	SYS_GETAUDIT                 = 449 // { int getaudit(struct auditinfo *auditinfo); }
+	SYS_SETAUDIT                 = 450 // { int setaudit(struct auditinfo *auditinfo); }
+	SYS_GETAUDIT_ADDR            = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_SETAUDIT_ADDR            = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_AUDITCTL                 = 453 // { int auditctl(char *path); }
+	SYS__UMTX_OP                 = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); }
+	SYS_THR_NEW                  = 455 // { int thr_new(struct thr_param *param, int param_size); }
+	SYS_SIGQUEUE                 = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
+	SYS_KMQ_OPEN                 = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); }
+	SYS_KMQ_SETATTR              = 458 // { int kmq_setattr(int mqd,		const struct mq_attr *attr,		struct mq_attr *oattr); }
+	SYS_KMQ_TIMEDRECEIVE         = 459 // { int kmq_timedreceive(int mqd,	char *msg_ptr, size_t msg_len,	unsigned *msg_prio,			const struct timespec *abs_timeout); }
+	SYS_KMQ_TIMEDSEND            = 460 // { int kmq_timedsend(int mqd,		const char *msg_ptr, size_t msg_len,unsigned msg_prio,			const struct timespec *abs_timeout);}
+	SYS_KMQ_NOTIFY               = 461 // { int kmq_notify(int mqd,		const struct sigevent *sigev); }
+	SYS_KMQ_UNLINK               = 462 // { int kmq_unlink(const char *path); }
+	SYS_ABORT2                   = 463 // { int abort2(const char *why, int nargs, void **args); }
+	SYS_THR_SET_NAME             = 464 // { int thr_set_name(long id, const char *name); }
+	SYS_AIO_FSYNC                = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); }
+	SYS_RTPRIO_THREAD            = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); }
+	SYS_SCTP_PEELOFF             = 471 // { int sctp_peeloff(int sd, uint32_t name); }
+	SYS_SCTP_GENERIC_SENDMSG     = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_RECVMSG     = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); }
+	SYS_PREAD                    = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); }
+	SYS_PWRITE                   = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); }
+	SYS_MMAP                     = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); }
+	SYS_LSEEK                    = 478 // { off_t lseek(int fd, off_t offset, int whence); }
+	SYS_TRUNCATE                 = 479 // { int truncate(char *path, off_t length); }
+	SYS_FTRUNCATE                = 480 // { int ftruncate(int fd, off_t length); }
+	SYS_THR_KILL2                = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
+	SYS_SHM_OPEN                 = 482 // { int shm_open(const char *path, int flags, mode_t mode); }
+	SYS_SHM_UNLINK               = 483 // { int shm_unlink(const char *path); }
+	SYS_CPUSET                   = 484 // { int cpuset(cpusetid_t *setid); }
+	SYS_CPUSET_SETID             = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); }
+	SYS_CPUSET_GETID             = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); }
+	SYS_CPUSET_GETAFFINITY       = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); }
+	SYS_CPUSET_SETAFFINITY       = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); }
+	SYS_FACCESSAT                = 489 // { int faccessat(int fd, char *path, int amode, int flag); }
+	SYS_FCHMODAT                 = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT                 = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_FEXECVE                  = 492 // { int fexecve(int fd, char **argv, char **envv); }
+	SYS_FSTATAT                  = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); }
+	SYS_FUTIMESAT                = 494 // { int futimesat(int fd, char *path, struct timeval *times); }
+	SYS_LINKAT                   = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); }
+	SYS_MKDIRAT                  = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT                 = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                  = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT                   = 499 // { int openat(int fd, char *path, int flag, mode_t mode); }
+	SYS_READLINKAT               = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_RENAMEAT                 = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_SYMLINKAT                = 502 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_UNLINKAT                 = 503 // { int unlinkat(int fd, char *path, int flag); }
+	SYS_POSIX_OPENPT             = 504 // { int posix_openpt(int flags); }
+	SYS_GSSD_SYSCALL             = 505 // { int gssd_syscall(char *path); }
+	SYS_JAIL_GET                 = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_SET                 = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_REMOVE              = 508 // { int jail_remove(int jid); }
+	SYS_CLOSEFROM                = 509 // { int closefrom(int lowfd); }
+	SYS___SEMCTL                 = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_MSGCTL                   = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SHMCTL                   = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_LPATHCONF                = 513 // { int lpathconf(char *path, int name); }
+	SYS___CAP_RIGHTS_GET         = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); }
+	SYS_CAP_ENTER                = 516 // { int cap_enter(void); }
+	SYS_CAP_GETMODE              = 517 // { int cap_getmode(u_int *modep); }
+	SYS_PDFORK                   = 518 // { int pdfork(int *fdp, int flags); }
+	SYS_PDKILL                   = 519 // { int pdkill(int fd, int signum); }
+	SYS_PDGETPID                 = 520 // { int pdgetpid(int fd, pid_t *pidp); }
+	SYS_PSELECT                  = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); }
+	SYS_GETLOGINCLASS            = 523 // { int getloginclass(char *namebuf, size_t namelen); }
+	SYS_SETLOGINCLASS            = 524 // { int setloginclass(const char *namebuf); }
+	SYS_RCTL_GET_RACCT           = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_RULES           = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_LIMITS          = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_ADD_RULE            = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_REMOVE_RULE         = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_POSIX_FALLOCATE          = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); }
+	SYS_POSIX_FADVISE            = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); }
+	SYS_WAIT6                    = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_CAP_RIGHTS_LIMIT         = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); }
+	SYS_CAP_IOCTLS_LIMIT         = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); }
+	SYS_CAP_IOCTLS_GET           = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); }
+	SYS_CAP_FCNTLS_LIMIT         = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); }
+	SYS_CAP_FCNTLS_GET           = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); }
+	SYS_BINDAT                   = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CONNECTAT                = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CHFLAGSAT                = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); }
+	SYS_ACCEPT4                  = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); }
+	SYS_PIPE2                    = 542 // { int pipe2(int *fildes, int flags); }
+	SYS_AIO_MLOCK                = 543 // { int aio_mlock(struct aiocb *aiocbp); }
+	SYS_PROCCTL                  = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); }
+	SYS_PPOLL                    = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); }
+	SYS_FUTIMENS                 = 546 // { int futimens(int fd, struct timespec *times); }
+	SYS_UTIMENSAT                = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); }
+	SYS_NUMA_GETAFFINITY         = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); }
+	SYS_NUMA_SETAFFINITY         = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); }
+	SYS_FDATASYNC                = 550 // { int fdatasync(int fd); }
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
new file mode 100644
index 0000000000000..61ad5ca3c19b6
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
@@ -0,0 +1,397 @@
+// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build arm64 && freebsd
+// +build arm64,freebsd
+
+package unix
+
+const (
+	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
+	SYS_EXIT                     = 1   // { void sys_exit(int rval); } exit sys_exit_args void
+	SYS_FORK                     = 2   // { int fork(void); }
+	SYS_READ                     = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                    = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                     = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE                    = 6   // { int close(int fd); }
+	SYS_WAIT4                    = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); }
+	SYS_LINK                     = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                   = 10  // { int unlink(char *path); }
+	SYS_CHDIR                    = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                   = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                    = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                    = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                    = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                   = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETPID                   = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                    = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                  = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                   = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                   = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                  = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                   = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                  = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                  = 28  // { int sendmsg(int s, struct msghdr *msg, int flags); }
+	SYS_RECVFROM                 = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); }
+	SYS_ACCEPT                   = 30  // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); }
+	SYS_GETPEERNAME              = 31  // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_GETSOCKNAME              = 32  // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_ACCESS                   = 33  // { int access(char *path, int amode); }
+	SYS_CHFLAGS                  = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS                 = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                     = 36  // { int sync(void); }
+	SYS_KILL                     = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                  = 39  // { pid_t getppid(void); }
+	SYS_DUP                      = 41  // { int dup(u_int fd); }
+	SYS_PIPE                     = 42  // { int pipe(void); }
+	SYS_GETEGID                  = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                   = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE                   = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                   = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN                 = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN                 = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                     = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK              = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                    = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                   = 55  // { int reboot(int opt); }
+	SYS_REVOKE                   = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                  = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK                 = 58  // { ssize_t readlink(char *path, char *buf, size_t count); }
+	SYS_EXECVE                   = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                    = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                   = 61  // { int chroot(char *path); }
+	SYS_MSYNC                    = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                    = 66  // { int vfork(void); }
+	SYS_SBRK                     = 69  // { int sbrk(int incr); }
+	SYS_SSTK                     = 70  // { int sstk(int incr); }
+	SYS_OVADVISE                 = 72  // { int ovadvise(int anom); } vadvise ovadvise_args int
+	SYS_MUNMAP                   = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT                 = 74  // { int mprotect(const void *addr, size_t len, int prot); }
+	SYS_MADVISE                  = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                  = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS                = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS                = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                  = 81  // { int getpgrp(void); }
+	SYS_SETPGID                  = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER                = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                   = 85  // { int swapon(char *name); }
+	SYS_GETITIMER                = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE            = 89  // { int getdtablesize(void); }
+	SYS_DUP2                     = 90  // { int dup2(u_int from, u_int to); }
+	SYS_FCNTL                    = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                   = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                    = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY              = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                   = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                  = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY              = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                     = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT               = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                   = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY             = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE                = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT               = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                    = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                   = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY             = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                   = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                   = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID                 = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID                 = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                   = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                    = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                   = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                   = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN                 = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR               = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                    = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                    = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                   = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                  = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                   = 147 // { int setsid(void); }
+	SYS_QUOTACTL                 = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_NLM_SYSCALL              = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); }
+	SYS_NFSSVC                   = 155 // { int nfssvc(int flag, caddr_t argp); }
+	SYS_LGETFH                   = 160 // { int lgetfh(char *fname, struct fhandle *fhp); }
+	SYS_GETFH                    = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                  = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                   = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_SEMSYS                   = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); }
+	SYS_MSGSYS                   = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); }
+	SYS_SHMSYS                   = 171 // { int shmsys(int which, int a2, int a3, int a4); }
+	SYS_SETFIB                   = 175 // { int setfib(int fibnum); }
+	SYS_NTP_ADJTIME              = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                   = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                  = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                  = 183 // { int seteuid(uid_t euid); }
+	SYS_STAT                     = 188 // { int stat(char *path, struct stat *ub); }
+	SYS_FSTAT                    = 189 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                    = 190 // { int lstat(char *path, struct stat *ub); }
+	SYS_PATHCONF                 = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF                = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT                = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT                = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_GETDIRENTRIES            = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS___SYSCTL                 = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                    = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                  = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE                 = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                  = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                  = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                     = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET                   = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                    = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_MSGGET                   = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                   = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                   = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                    = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                    = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                   = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME            = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME            = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES             = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_KTIMER_CREATE            = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); }
+	SYS_KTIMER_DELETE            = 236 // { int ktimer_delete(int timerid); }
+	SYS_KTIMER_SETTIME           = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_KTIMER_GETTIME           = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); }
+	SYS_KTIMER_GETOVERRUN        = 239 // { int ktimer_getoverrun(int timerid); }
+	SYS_NANOSLEEP                = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FFCLOCK_GETCOUNTER       = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
+	SYS_FFCLOCK_SETESTIMATE      = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); }
+	SYS_FFCLOCK_GETESTIMATE      = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); }
+	SYS_CLOCK_NANOSLEEP          = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_CLOCK_GETCPUCLOCKID2     = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); }
+	SYS_NTP_GETTIME              = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_MINHERIT                 = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                    = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL             = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID                = 253 // { int issetugid(void); }
+	SYS_LCHOWN                   = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_AIO_READ                 = 255 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE                = 256 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO               = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_GETDENTS                 = 272 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_LCHMOD                   = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                  = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_NSTAT                    = 278 // { int nstat(char *path, struct nstat *ub); }
+	SYS_NFSTAT                   = 279 // { int nfstat(int fd, struct nstat *sb); }
+	SYS_NLSTAT                   = 280 // { int nlstat(char *path, struct nstat *ub); }
+	SYS_PREADV                   = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_PWRITEV                  = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_FHOPEN                   = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_FHSTAT                   = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_MODNEXT                  = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                  = 301 // { int modstat(int modid, struct module_stat *stat); }
+	SYS_MODFNEXT                 = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                  = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                  = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD                = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                  = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                  = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                  = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD              = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                   = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID                = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID                = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN               = 314 // { ssize_t aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND              = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL               = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR                = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_YIELD                    = 321 // { int yield(void); }
+	SYS_MLOCKALL                 = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL               = 325 // { int munlockall(void); }
+	SYS___GETCWD                 = 326 // { int __getcwd(char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM           = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM           = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER       = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER       = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD              = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX   = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN   = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL    = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                   = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                   = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                     = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK              = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND               = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGPENDING               = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGTIMEDWAIT             = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO              = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); }
+	SYS___ACL_GET_FILE           = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE           = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD             = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD             = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE        = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD          = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE      = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD        = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL               = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE         = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE         = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE      = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE         = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID                = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID                = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                   = 362 // { int kqueue(void); }
+	SYS_KEVENT                   = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_EXTATTR_SET_FD           = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD           = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD        = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS___SETUGID                = 374 // { int __setugid(int flag); }
+	SYS_EACCESS                  = 376 // { int eaccess(char *path, int amode); }
+	SYS_NMOUNT                   = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS___MAC_GET_PROC           = 384 // { int __mac_get_proc(struct mac *mac_p); }
+	SYS___MAC_SET_PROC           = 385 // { int __mac_set_proc(struct mac *mac_p); }
+	SYS___MAC_GET_FD             = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_GET_FILE           = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_FD             = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_SET_FILE           = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); }
+	SYS_KENV                     = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS                 = 391 // { int lchflags(const char *path, u_long flags); }
+	SYS_UUIDGEN                  = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE                 = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_MAC_SYSCALL              = 394 // { int mac_syscall(const char *policy, int call, void *arg); }
+	SYS_GETFSSTAT                = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); }
+	SYS_STATFS                   = 396 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                  = 397 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS                 = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_KSEM_CLOSE               = 400 // { int ksem_close(semid_t id); }
+	SYS_KSEM_POST                = 401 // { int ksem_post(semid_t id); }
+	SYS_KSEM_WAIT                = 402 // { int ksem_wait(semid_t id); }
+	SYS_KSEM_TRYWAIT             = 403 // { int ksem_trywait(semid_t id); }
+	SYS_KSEM_INIT                = 404 // { int ksem_init(semid_t *idp, unsigned int value); }
+	SYS_KSEM_OPEN                = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); }
+	SYS_KSEM_UNLINK              = 406 // { int ksem_unlink(const char *name); }
+	SYS_KSEM_GETVALUE            = 407 // { int ksem_getvalue(semid_t id, int *val); }
+	SYS_KSEM_DESTROY             = 408 // { int ksem_destroy(semid_t id); }
+	SYS___MAC_GET_PID            = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); }
+	SYS___MAC_GET_LINK           = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_LINK           = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); }
+	SYS_EXTATTR_SET_LINK         = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK         = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK      = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); }
+	SYS___MAC_EXECVE             = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); }
+	SYS_SIGACTION                = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGRETURN                = 417 // { int sigreturn( const struct __ucontext *sigcntxp); }
+	SYS_GETCONTEXT               = 421 // { int getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT               = 422 // { int setcontext( const struct __ucontext *ucp); }
+	SYS_SWAPCONTEXT              = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); }
+	SYS_SWAPOFF                  = 424 // { int swapoff(const char *name); }
+	SYS___ACL_GET_LINK           = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_LINK           = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_LINK        = 427 // { int __acl_delete_link(const char *path, acl_type_t type); }
+	SYS___ACL_ACLCHECK_LINK      = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS_SIGWAIT                  = 429 // { int sigwait(const sigset_t *set, int *sig); }
+	SYS_THR_CREATE               = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); }
+	SYS_THR_EXIT                 = 431 // { void thr_exit(long *state); }
+	SYS_THR_SELF                 = 432 // { int thr_self(long *id); }
+	SYS_THR_KILL                 = 433 // { int thr_kill(long id, int sig); }
+	SYS_JAIL_ATTACH              = 436 // { int jail_attach(int jid); }
+	SYS_EXTATTR_LIST_FD          = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE        = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK        = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_KSEM_TIMEDWAIT           = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); }
+	SYS_THR_SUSPEND              = 442 // { int thr_suspend( const struct timespec *timeout); }
+	SYS_THR_WAKE                 = 443 // { int thr_wake(long id); }
+	SYS_KLDUNLOADF               = 444 // { int kldunloadf(int fileid, int flags); }
+	SYS_AUDIT                    = 445 // { int audit(const void *record, u_int length); }
+	SYS_AUDITON                  = 446 // { int auditon(int cmd, void *data, u_int length); }
+	SYS_GETAUID                  = 447 // { int getauid(uid_t *auid); }
+	SYS_SETAUID                  = 448 // { int setauid(uid_t *auid); }
+	SYS_GETAUDIT                 = 449 // { int getaudit(struct auditinfo *auditinfo); }
+	SYS_SETAUDIT                 = 450 // { int setaudit(struct auditinfo *auditinfo); }
+	SYS_GETAUDIT_ADDR            = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_SETAUDIT_ADDR            = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_AUDITCTL                 = 453 // { int auditctl(char *path); }
+	SYS__UMTX_OP                 = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); }
+	SYS_THR_NEW                  = 455 // { int thr_new(struct thr_param *param, int param_size); }
+	SYS_SIGQUEUE                 = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
+	SYS_KMQ_OPEN                 = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); }
+	SYS_KMQ_SETATTR              = 458 // { int kmq_setattr(int mqd,		const struct mq_attr *attr,		struct mq_attr *oattr); }
+	SYS_KMQ_TIMEDRECEIVE         = 459 // { int kmq_timedreceive(int mqd,	char *msg_ptr, size_t msg_len,	unsigned *msg_prio,			const struct timespec *abs_timeout); }
+	SYS_KMQ_TIMEDSEND            = 460 // { int kmq_timedsend(int mqd,		const char *msg_ptr, size_t msg_len,unsigned msg_prio,			const struct timespec *abs_timeout);}
+	SYS_KMQ_NOTIFY               = 461 // { int kmq_notify(int mqd,		const struct sigevent *sigev); }
+	SYS_KMQ_UNLINK               = 462 // { int kmq_unlink(const char *path); }
+	SYS_ABORT2                   = 463 // { int abort2(const char *why, int nargs, void **args); }
+	SYS_THR_SET_NAME             = 464 // { int thr_set_name(long id, const char *name); }
+	SYS_AIO_FSYNC                = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); }
+	SYS_RTPRIO_THREAD            = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); }
+	SYS_SCTP_PEELOFF             = 471 // { int sctp_peeloff(int sd, uint32_t name); }
+	SYS_SCTP_GENERIC_SENDMSG     = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_RECVMSG     = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); }
+	SYS_PREAD                    = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); }
+	SYS_PWRITE                   = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); }
+	SYS_MMAP                     = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); }
+	SYS_LSEEK                    = 478 // { off_t lseek(int fd, off_t offset, int whence); }
+	SYS_TRUNCATE                 = 479 // { int truncate(char *path, off_t length); }
+	SYS_FTRUNCATE                = 480 // { int ftruncate(int fd, off_t length); }
+	SYS_THR_KILL2                = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
+	SYS_SHM_OPEN                 = 482 // { int shm_open(const char *path, int flags, mode_t mode); }
+	SYS_SHM_UNLINK               = 483 // { int shm_unlink(const char *path); }
+	SYS_CPUSET                   = 484 // { int cpuset(cpusetid_t *setid); }
+	SYS_CPUSET_SETID             = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); }
+	SYS_CPUSET_GETID             = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); }
+	SYS_CPUSET_GETAFFINITY       = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); }
+	SYS_CPUSET_SETAFFINITY       = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); }
+	SYS_FACCESSAT                = 489 // { int faccessat(int fd, char *path, int amode, int flag); }
+	SYS_FCHMODAT                 = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT                 = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_FEXECVE                  = 492 // { int fexecve(int fd, char **argv, char **envv); }
+	SYS_FSTATAT                  = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); }
+	SYS_FUTIMESAT                = 494 // { int futimesat(int fd, char *path, struct timeval *times); }
+	SYS_LINKAT                   = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); }
+	SYS_MKDIRAT                  = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT                 = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                  = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT                   = 499 // { int openat(int fd, char *path, int flag, mode_t mode); }
+	SYS_READLINKAT               = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_RENAMEAT                 = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_SYMLINKAT                = 502 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_UNLINKAT                 = 503 // { int unlinkat(int fd, char *path, int flag); }
+	SYS_POSIX_OPENPT             = 504 // { int posix_openpt(int flags); }
+	SYS_GSSD_SYSCALL             = 505 // { int gssd_syscall(char *path); }
+	SYS_JAIL_GET                 = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_SET                 = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_REMOVE              = 508 // { int jail_remove(int jid); }
+	SYS_CLOSEFROM                = 509 // { int closefrom(int lowfd); }
+	SYS___SEMCTL                 = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_MSGCTL                   = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SHMCTL                   = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_LPATHCONF                = 513 // { int lpathconf(char *path, int name); }
+	SYS___CAP_RIGHTS_GET         = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); }
+	SYS_CAP_ENTER                = 516 // { int cap_enter(void); }
+	SYS_CAP_GETMODE              = 517 // { int cap_getmode(u_int *modep); }
+	SYS_PDFORK                   = 518 // { int pdfork(int *fdp, int flags); }
+	SYS_PDKILL                   = 519 // { int pdkill(int fd, int signum); }
+	SYS_PDGETPID                 = 520 // { int pdgetpid(int fd, pid_t *pidp); }
+	SYS_PSELECT                  = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); }
+	SYS_GETLOGINCLASS            = 523 // { int getloginclass(char *namebuf, size_t namelen); }
+	SYS_SETLOGINCLASS            = 524 // { int setloginclass(const char *namebuf); }
+	SYS_RCTL_GET_RACCT           = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_RULES           = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_LIMITS          = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_ADD_RULE            = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_REMOVE_RULE         = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_POSIX_FALLOCATE          = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); }
+	SYS_POSIX_FADVISE            = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); }
+	SYS_WAIT6                    = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_CAP_RIGHTS_LIMIT         = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); }
+	SYS_CAP_IOCTLS_LIMIT         = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); }
+	SYS_CAP_IOCTLS_GET           = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); }
+	SYS_CAP_FCNTLS_LIMIT         = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); }
+	SYS_CAP_FCNTLS_GET           = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); }
+	SYS_BINDAT                   = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CONNECTAT                = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CHFLAGSAT                = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); }
+	SYS_ACCEPT4                  = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); }
+	SYS_PIPE2                    = 542 // { int pipe2(int *fildes, int flags); }
+	SYS_AIO_MLOCK                = 543 // { int aio_mlock(struct aiocb *aiocbp); }
+	SYS_PROCCTL                  = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); }
+	SYS_PPOLL                    = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); }
+	SYS_FUTIMENS                 = 546 // { int futimens(int fd, struct timespec *times); }
+	SYS_UTIMENSAT                = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); }
+	SYS_NUMA_GETAFFINITY         = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); }
+	SYS_NUMA_SETAFFINITY         = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); }
+	SYS_FDATASYNC                = 550 // { int fdatasync(int fd); }
+)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 95ab12903ec5d..aa7ce85d1550a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -1,390 +1,447 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include -m32 /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -m32 /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && linux
 // +build 386,linux
 
 package unix
 
 const (
-	SYS_RESTART_SYSCALL        = 0
-	SYS_EXIT                   = 1
-	SYS_FORK                   = 2
-	SYS_READ                   = 3
-	SYS_WRITE                  = 4
-	SYS_OPEN                   = 5
-	SYS_CLOSE                  = 6
-	SYS_WAITPID                = 7
-	SYS_CREAT                  = 8
-	SYS_LINK                   = 9
-	SYS_UNLINK                 = 10
-	SYS_EXECVE                 = 11
-	SYS_CHDIR                  = 12
-	SYS_TIME                   = 13
-	SYS_MKNOD                  = 14
-	SYS_CHMOD                  = 15
-	SYS_LCHOWN                 = 16
-	SYS_BREAK                  = 17
-	SYS_OLDSTAT                = 18
-	SYS_LSEEK                  = 19
-	SYS_GETPID                 = 20
-	SYS_MOUNT                  = 21
-	SYS_UMOUNT                 = 22
-	SYS_SETUID                 = 23
-	SYS_GETUID                 = 24
-	SYS_STIME                  = 25
-	SYS_PTRACE                 = 26
-	SYS_ALARM                  = 27
-	SYS_OLDFSTAT               = 28
-	SYS_PAUSE                  = 29
-	SYS_UTIME                  = 30
-	SYS_STTY                   = 31
-	SYS_GTTY                   = 32
-	SYS_ACCESS                 = 33
-	SYS_NICE                   = 34
-	SYS_FTIME                  = 35
-	SYS_SYNC                   = 36
-	SYS_KILL                   = 37
-	SYS_RENAME                 = 38
-	SYS_MKDIR                  = 39
-	SYS_RMDIR                  = 40
-	SYS_DUP                    = 41
-	SYS_PIPE                   = 42
-	SYS_TIMES                  = 43
-	SYS_PROF                   = 44
-	SYS_BRK                    = 45
-	SYS_SETGID                 = 46
-	SYS_GETGID                 = 47
-	SYS_SIGNAL                 = 48
-	SYS_GETEUID                = 49
-	SYS_GETEGID                = 50
-	SYS_ACCT                   = 51
-	SYS_UMOUNT2                = 52
-	SYS_LOCK                   = 53
-	SYS_IOCTL                  = 54
-	SYS_FCNTL                  = 55
-	SYS_MPX                    = 56
-	SYS_SETPGID                = 57
-	SYS_ULIMIT                 = 58
-	SYS_OLDOLDUNAME            = 59
-	SYS_UMASK                  = 60
-	SYS_CHROOT                 = 61
-	SYS_USTAT                  = 62
-	SYS_DUP2                   = 63
-	SYS_GETPPID                = 64
-	SYS_GETPGRP                = 65
-	SYS_SETSID                 = 66
-	SYS_SIGACTION              = 67
-	SYS_SGETMASK               = 68
-	SYS_SSETMASK               = 69
-	SYS_SETREUID               = 70
-	SYS_SETREGID               = 71
-	SYS_SIGSUSPEND             = 72
-	SYS_SIGPENDING             = 73
-	SYS_SETHOSTNAME            = 74
-	SYS_SETRLIMIT              = 75
-	SYS_GETRLIMIT              = 76
-	SYS_GETRUSAGE              = 77
-	SYS_GETTIMEOFDAY           = 78
-	SYS_SETTIMEOFDAY           = 79
-	SYS_GETGROUPS              = 80
-	SYS_SETGROUPS              = 81
-	SYS_SELECT                 = 82
-	SYS_SYMLINK                = 83
-	SYS_OLDLSTAT               = 84
-	SYS_READLINK               = 85
-	SYS_USELIB                 = 86
-	SYS_SWAPON                 = 87
-	SYS_REBOOT                 = 88
-	SYS_READDIR                = 89
-	SYS_MMAP                   = 90
-	SYS_MUNMAP                 = 91
-	SYS_TRUNCATE               = 92
-	SYS_FTRUNCATE              = 93
-	SYS_FCHMOD                 = 94
-	SYS_FCHOWN                 = 95
-	SYS_GETPRIORITY            = 96
-	SYS_SETPRIORITY            = 97
-	SYS_PROFIL                 = 98
-	SYS_STATFS                 = 99
-	SYS_FSTATFS                = 100
-	SYS_IOPERM                 = 101
-	SYS_SOCKETCALL             = 102
-	SYS_SYSLOG                 = 103
-	SYS_SETITIMER              = 104
-	SYS_GETITIMER              = 105
-	SYS_STAT                   = 106
-	SYS_LSTAT                  = 107
-	SYS_FSTAT                  = 108
-	SYS_OLDUNAME               = 109
-	SYS_IOPL                   = 110
-	SYS_VHANGUP                = 111
-	SYS_IDLE                   = 112
-	SYS_VM86OLD                = 113
-	SYS_WAIT4                  = 114
-	SYS_SWAPOFF                = 115
-	SYS_SYSINFO                = 116
-	SYS_IPC                    = 117
-	SYS_FSYNC                  = 118
-	SYS_SIGRETURN              = 119
-	SYS_CLONE                  = 120
-	SYS_SETDOMAINNAME          = 121
-	SYS_UNAME                  = 122
-	SYS_MODIFY_LDT             = 123
-	SYS_ADJTIMEX               = 124
-	SYS_MPROTECT               = 125
-	SYS_SIGPROCMASK            = 126
-	SYS_CREATE_MODULE          = 127
-	SYS_INIT_MODULE            = 128
-	SYS_DELETE_MODULE          = 129
-	SYS_GET_KERNEL_SYMS        = 130
-	SYS_QUOTACTL               = 131
-	SYS_GETPGID                = 132
-	SYS_FCHDIR                 = 133
-	SYS_BDFLUSH                = 134
-	SYS_SYSFS                  = 135
-	SYS_PERSONALITY            = 136
-	SYS_AFS_SYSCALL            = 137
-	SYS_SETFSUID               = 138
-	SYS_SETFSGID               = 139
-	SYS__LLSEEK                = 140
-	SYS_GETDENTS               = 141
-	SYS__NEWSELECT             = 142
-	SYS_FLOCK                  = 143
-	SYS_MSYNC                  = 144
-	SYS_READV                  = 145
-	SYS_WRITEV                 = 146
-	SYS_GETSID                 = 147
-	SYS_FDATASYNC              = 148
-	SYS__SYSCTL                = 149
-	SYS_MLOCK                  = 150
-	SYS_MUNLOCK                = 151
-	SYS_MLOCKALL               = 152
-	SYS_MUNLOCKALL             = 153
-	SYS_SCHED_SETPARAM         = 154
-	SYS_SCHED_GETPARAM         = 155
-	SYS_SCHED_SETSCHEDULER     = 156
-	SYS_SCHED_GETSCHEDULER     = 157
-	SYS_SCHED_YIELD            = 158
-	SYS_SCHED_GET_PRIORITY_MAX = 159
-	SYS_SCHED_GET_PRIORITY_MIN = 160
-	SYS_SCHED_RR_GET_INTERVAL  = 161
-	SYS_NANOSLEEP              = 162
-	SYS_MREMAP                 = 163
-	SYS_SETRESUID              = 164
-	SYS_GETRESUID              = 165
-	SYS_VM86                   = 166
-	SYS_QUERY_MODULE           = 167
-	SYS_POLL                   = 168
-	SYS_NFSSERVCTL             = 169
-	SYS_SETRESGID              = 170
-	SYS_GETRESGID              = 171
-	SYS_PRCTL                  = 172
-	SYS_RT_SIGRETURN           = 173
-	SYS_RT_SIGACTION           = 174
-	SYS_RT_SIGPROCMASK         = 175
-	SYS_RT_SIGPENDING          = 176
-	SYS_RT_SIGTIMEDWAIT        = 177
-	SYS_RT_SIGQUEUEINFO        = 178
-	SYS_RT_SIGSUSPEND          = 179
-	SYS_PREAD64                = 180
-	SYS_PWRITE64               = 181
-	SYS_CHOWN                  = 182
-	SYS_GETCWD                 = 183
-	SYS_CAPGET                 = 184
-	SYS_CAPSET                 = 185
-	SYS_SIGALTSTACK            = 186
-	SYS_SENDFILE               = 187
-	SYS_GETPMSG                = 188
-	SYS_PUTPMSG                = 189
-	SYS_VFORK                  = 190
-	SYS_UGETRLIMIT             = 191
-	SYS_MMAP2                  = 192
-	SYS_TRUNCATE64             = 193
-	SYS_FTRUNCATE64            = 194
-	SYS_STAT64                 = 195
-	SYS_LSTAT64                = 196
-	SYS_FSTAT64                = 197
-	SYS_LCHOWN32               = 198
-	SYS_GETUID32               = 199
-	SYS_GETGID32               = 200
-	SYS_GETEUID32              = 201
-	SYS_GETEGID32              = 202
-	SYS_SETREUID32             = 203
-	SYS_SETREGID32             = 204
-	SYS_GETGROUPS32            = 205
-	SYS_SETGROUPS32            = 206
-	SYS_FCHOWN32               = 207
-	SYS_SETRESUID32            = 208
-	SYS_GETRESUID32            = 209
-	SYS_SETRESGID32            = 210
-	SYS_GETRESGID32            = 211
-	SYS_CHOWN32                = 212
-	SYS_SETUID32               = 213
-	SYS_SETGID32               = 214
-	SYS_SETFSUID32             = 215
-	SYS_SETFSGID32             = 216
-	SYS_PIVOT_ROOT             = 217
-	SYS_MINCORE                = 218
-	SYS_MADVISE                = 219
-	SYS_GETDENTS64             = 220
-	SYS_FCNTL64                = 221
-	SYS_GETTID                 = 224
-	SYS_READAHEAD              = 225
-	SYS_SETXATTR               = 226
-	SYS_LSETXATTR              = 227
-	SYS_FSETXATTR              = 228
-	SYS_GETXATTR               = 229
-	SYS_LGETXATTR              = 230
-	SYS_FGETXATTR              = 231
-	SYS_LISTXATTR              = 232
-	SYS_LLISTXATTR             = 233
-	SYS_FLISTXATTR             = 234
-	SYS_REMOVEXATTR            = 235
-	SYS_LREMOVEXATTR           = 236
-	SYS_FREMOVEXATTR           = 237
-	SYS_TKILL                  = 238
-	SYS_SENDFILE64             = 239
-	SYS_FUTEX                  = 240
-	SYS_SCHED_SETAFFINITY      = 241
-	SYS_SCHED_GETAFFINITY      = 242
-	SYS_SET_THREAD_AREA        = 243
-	SYS_GET_THREAD_AREA        = 244
-	SYS_IO_SETUP               = 245
-	SYS_IO_DESTROY             = 246
-	SYS_IO_GETEVENTS           = 247
-	SYS_IO_SUBMIT              = 248
-	SYS_IO_CANCEL              = 249
-	SYS_FADVISE64              = 250
-	SYS_EXIT_GROUP             = 252
-	SYS_LOOKUP_DCOOKIE         = 253
-	SYS_EPOLL_CREATE           = 254
-	SYS_EPOLL_CTL              = 255
-	SYS_EPOLL_WAIT             = 256
-	SYS_REMAP_FILE_PAGES       = 257
-	SYS_SET_TID_ADDRESS        = 258
-	SYS_TIMER_CREATE           = 259
-	SYS_TIMER_SETTIME          = 260
-	SYS_TIMER_GETTIME          = 261
-	SYS_TIMER_GETOVERRUN       = 262
-	SYS_TIMER_DELETE           = 263
-	SYS_CLOCK_SETTIME          = 264
-	SYS_CLOCK_GETTIME          = 265
-	SYS_CLOCK_GETRES           = 266
-	SYS_CLOCK_NANOSLEEP        = 267
-	SYS_STATFS64               = 268
-	SYS_FSTATFS64              = 269
-	SYS_TGKILL                 = 270
-	SYS_UTIMES                 = 271
-	SYS_FADVISE64_64           = 272
-	SYS_VSERVER                = 273
-	SYS_MBIND                  = 274
-	SYS_GET_MEMPOLICY          = 275
-	SYS_SET_MEMPOLICY          = 276
-	SYS_MQ_OPEN                = 277
-	SYS_MQ_UNLINK              = 278
-	SYS_MQ_TIMEDSEND           = 279
-	SYS_MQ_TIMEDRECEIVE        = 280
-	SYS_MQ_NOTIFY              = 281
-	SYS_MQ_GETSETATTR          = 282
-	SYS_KEXEC_LOAD             = 283
-	SYS_WAITID                 = 284
-	SYS_ADD_KEY                = 286
-	SYS_REQUEST_KEY            = 287
-	SYS_KEYCTL                 = 288
-	SYS_IOPRIO_SET             = 289
-	SYS_IOPRIO_GET             = 290
-	SYS_INOTIFY_INIT           = 291
-	SYS_INOTIFY_ADD_WATCH      = 292
-	SYS_INOTIFY_RM_WATCH       = 293
-	SYS_MIGRATE_PAGES          = 294
-	SYS_OPENAT                 = 295
-	SYS_MKDIRAT                = 296
-	SYS_MKNODAT                = 297
-	SYS_FCHOWNAT               = 298
-	SYS_FUTIMESAT              = 299
-	SYS_FSTATAT64              = 300
-	SYS_UNLINKAT               = 301
-	SYS_RENAMEAT               = 302
-	SYS_LINKAT                 = 303
-	SYS_SYMLINKAT              = 304
-	SYS_READLINKAT             = 305
-	SYS_FCHMODAT               = 306
-	SYS_FACCESSAT              = 307
-	SYS_PSELECT6               = 308
-	SYS_PPOLL                  = 309
-	SYS_UNSHARE                = 310
-	SYS_SET_ROBUST_LIST        = 311
-	SYS_GET_ROBUST_LIST        = 312
-	SYS_SPLICE                 = 313
-	SYS_SYNC_FILE_RANGE        = 314
-	SYS_TEE                    = 315
-	SYS_VMSPLICE               = 316
-	SYS_MOVE_PAGES             = 317
-	SYS_GETCPU                 = 318
-	SYS_EPOLL_PWAIT            = 319
-	SYS_UTIMENSAT              = 320
-	SYS_SIGNALFD               = 321
-	SYS_TIMERFD_CREATE         = 322
-	SYS_EVENTFD                = 323
-	SYS_FALLOCATE              = 324
-	SYS_TIMERFD_SETTIME        = 325
-	SYS_TIMERFD_GETTIME        = 326
-	SYS_SIGNALFD4              = 327
-	SYS_EVENTFD2               = 328
-	SYS_EPOLL_CREATE1          = 329
-	SYS_DUP3                   = 330
-	SYS_PIPE2                  = 331
-	SYS_INOTIFY_INIT1          = 332
-	SYS_PREADV                 = 333
-	SYS_PWRITEV                = 334
-	SYS_RT_TGSIGQUEUEINFO      = 335
-	SYS_PERF_EVENT_OPEN        = 336
-	SYS_RECVMMSG               = 337
-	SYS_FANOTIFY_INIT          = 338
-	SYS_FANOTIFY_MARK          = 339
-	SYS_PRLIMIT64              = 340
-	SYS_NAME_TO_HANDLE_AT      = 341
-	SYS_OPEN_BY_HANDLE_AT      = 342
-	SYS_CLOCK_ADJTIME          = 343
-	SYS_SYNCFS                 = 344
-	SYS_SENDMMSG               = 345
-	SYS_SETNS                  = 346
-	SYS_PROCESS_VM_READV       = 347
-	SYS_PROCESS_VM_WRITEV      = 348
-	SYS_KCMP                   = 349
-	SYS_FINIT_MODULE           = 350
-	SYS_SCHED_SETATTR          = 351
-	SYS_SCHED_GETATTR          = 352
-	SYS_RENAMEAT2              = 353
-	SYS_SECCOMP                = 354
-	SYS_GETRANDOM              = 355
-	SYS_MEMFD_CREATE           = 356
-	SYS_BPF                    = 357
-	SYS_EXECVEAT               = 358
-	SYS_SOCKET                 = 359
-	SYS_SOCKETPAIR             = 360
-	SYS_BIND                   = 361
-	SYS_CONNECT                = 362
-	SYS_LISTEN                 = 363
-	SYS_ACCEPT4                = 364
-	SYS_GETSOCKOPT             = 365
-	SYS_SETSOCKOPT             = 366
-	SYS_GETSOCKNAME            = 367
-	SYS_GETPEERNAME            = 368
-	SYS_SENDTO                 = 369
-	SYS_SENDMSG                = 370
-	SYS_RECVFROM               = 371
-	SYS_RECVMSG                = 372
-	SYS_SHUTDOWN               = 373
-	SYS_USERFAULTFD            = 374
-	SYS_MEMBARRIER             = 375
-	SYS_MLOCK2                 = 376
-	SYS_COPY_FILE_RANGE        = 377
-	SYS_PREADV2                = 378
-	SYS_PWRITEV2               = 379
-	SYS_PKEY_MPROTECT          = 380
-	SYS_PKEY_ALLOC             = 381
-	SYS_PKEY_FREE              = 382
-	SYS_STATX                  = 383
-	SYS_ARCH_PRCTL             = 384
+	SYS_RESTART_SYSCALL              = 0
+	SYS_EXIT                         = 1
+	SYS_FORK                         = 2
+	SYS_READ                         = 3
+	SYS_WRITE                        = 4
+	SYS_OPEN                         = 5
+	SYS_CLOSE                        = 6
+	SYS_WAITPID                      = 7
+	SYS_CREAT                        = 8
+	SYS_LINK                         = 9
+	SYS_UNLINK                       = 10
+	SYS_EXECVE                       = 11
+	SYS_CHDIR                        = 12
+	SYS_TIME                         = 13
+	SYS_MKNOD                        = 14
+	SYS_CHMOD                        = 15
+	SYS_LCHOWN                       = 16
+	SYS_BREAK                        = 17
+	SYS_OLDSTAT                      = 18
+	SYS_LSEEK                        = 19
+	SYS_GETPID                       = 20
+	SYS_MOUNT                        = 21
+	SYS_UMOUNT                       = 22
+	SYS_SETUID                       = 23
+	SYS_GETUID                       = 24
+	SYS_STIME                        = 25
+	SYS_PTRACE                       = 26
+	SYS_ALARM                        = 27
+	SYS_OLDFSTAT                     = 28
+	SYS_PAUSE                        = 29
+	SYS_UTIME                        = 30
+	SYS_STTY                         = 31
+	SYS_GTTY                         = 32
+	SYS_ACCESS                       = 33
+	SYS_NICE                         = 34
+	SYS_FTIME                        = 35
+	SYS_SYNC                         = 36
+	SYS_KILL                         = 37
+	SYS_RENAME                       = 38
+	SYS_MKDIR                        = 39
+	SYS_RMDIR                        = 40
+	SYS_DUP                          = 41
+	SYS_PIPE                         = 42
+	SYS_TIMES                        = 43
+	SYS_PROF                         = 44
+	SYS_BRK                          = 45
+	SYS_SETGID                       = 46
+	SYS_GETGID                       = 47
+	SYS_SIGNAL                       = 48
+	SYS_GETEUID                      = 49
+	SYS_GETEGID                      = 50
+	SYS_ACCT                         = 51
+	SYS_UMOUNT2                      = 52
+	SYS_LOCK                         = 53
+	SYS_IOCTL                        = 54
+	SYS_FCNTL                        = 55
+	SYS_MPX                          = 56
+	SYS_SETPGID                      = 57
+	SYS_ULIMIT                       = 58
+	SYS_OLDOLDUNAME                  = 59
+	SYS_UMASK                        = 60
+	SYS_CHROOT                       = 61
+	SYS_USTAT                        = 62
+	SYS_DUP2                         = 63
+	SYS_GETPPID                      = 64
+	SYS_GETPGRP                      = 65
+	SYS_SETSID                       = 66
+	SYS_SIGACTION                    = 67
+	SYS_SGETMASK                     = 68
+	SYS_SSETMASK                     = 69
+	SYS_SETREUID                     = 70
+	SYS_SETREGID                     = 71
+	SYS_SIGSUSPEND                   = 72
+	SYS_SIGPENDING                   = 73
+	SYS_SETHOSTNAME                  = 74
+	SYS_SETRLIMIT                    = 75
+	SYS_GETRLIMIT                    = 76
+	SYS_GETRUSAGE                    = 77
+	SYS_GETTIMEOFDAY                 = 78
+	SYS_SETTIMEOFDAY                 = 79
+	SYS_GETGROUPS                    = 80
+	SYS_SETGROUPS                    = 81
+	SYS_SELECT                       = 82
+	SYS_SYMLINK                      = 83
+	SYS_OLDLSTAT                     = 84
+	SYS_READLINK                     = 85
+	SYS_USELIB                       = 86
+	SYS_SWAPON                       = 87
+	SYS_REBOOT                       = 88
+	SYS_READDIR                      = 89
+	SYS_MMAP                         = 90
+	SYS_MUNMAP                       = 91
+	SYS_TRUNCATE                     = 92
+	SYS_FTRUNCATE                    = 93
+	SYS_FCHMOD                       = 94
+	SYS_FCHOWN                       = 95
+	SYS_GETPRIORITY                  = 96
+	SYS_SETPRIORITY                  = 97
+	SYS_PROFIL                       = 98
+	SYS_STATFS                       = 99
+	SYS_FSTATFS                      = 100
+	SYS_IOPERM                       = 101
+	SYS_SOCKETCALL                   = 102
+	SYS_SYSLOG                       = 103
+	SYS_SETITIMER                    = 104
+	SYS_GETITIMER                    = 105
+	SYS_STAT                         = 106
+	SYS_LSTAT                        = 107
+	SYS_FSTAT                        = 108
+	SYS_OLDUNAME                     = 109
+	SYS_IOPL                         = 110
+	SYS_VHANGUP                      = 111
+	SYS_IDLE                         = 112
+	SYS_VM86OLD                      = 113
+	SYS_WAIT4                        = 114
+	SYS_SWAPOFF                      = 115
+	SYS_SYSINFO                      = 116
+	SYS_IPC                          = 117
+	SYS_FSYNC                        = 118
+	SYS_SIGRETURN                    = 119
+	SYS_CLONE                        = 120
+	SYS_SETDOMAINNAME                = 121
+	SYS_UNAME                        = 122
+	SYS_MODIFY_LDT                   = 123
+	SYS_ADJTIMEX                     = 124
+	SYS_MPROTECT                     = 125
+	SYS_SIGPROCMASK                  = 126
+	SYS_CREATE_MODULE                = 127
+	SYS_INIT_MODULE                  = 128
+	SYS_DELETE_MODULE                = 129
+	SYS_GET_KERNEL_SYMS              = 130
+	SYS_QUOTACTL                     = 131
+	SYS_GETPGID                      = 132
+	SYS_FCHDIR                       = 133
+	SYS_BDFLUSH                      = 134
+	SYS_SYSFS                        = 135
+	SYS_PERSONALITY                  = 136
+	SYS_AFS_SYSCALL                  = 137
+	SYS_SETFSUID                     = 138
+	SYS_SETFSGID                     = 139
+	SYS__LLSEEK                      = 140
+	SYS_GETDENTS                     = 141
+	SYS__NEWSELECT                   = 142
+	SYS_FLOCK                        = 143
+	SYS_MSYNC                        = 144
+	SYS_READV                        = 145
+	SYS_WRITEV                       = 146
+	SYS_GETSID                       = 147
+	SYS_FDATASYNC                    = 148
+	SYS__SYSCTL                      = 149
+	SYS_MLOCK                        = 150
+	SYS_MUNLOCK                      = 151
+	SYS_MLOCKALL                     = 152
+	SYS_MUNLOCKALL                   = 153
+	SYS_SCHED_SETPARAM               = 154
+	SYS_SCHED_GETPARAM               = 155
+	SYS_SCHED_SETSCHEDULER           = 156
+	SYS_SCHED_GETSCHEDULER           = 157
+	SYS_SCHED_YIELD                  = 158
+	SYS_SCHED_GET_PRIORITY_MAX       = 159
+	SYS_SCHED_GET_PRIORITY_MIN       = 160
+	SYS_SCHED_RR_GET_INTERVAL        = 161
+	SYS_NANOSLEEP                    = 162
+	SYS_MREMAP                       = 163
+	SYS_SETRESUID                    = 164
+	SYS_GETRESUID                    = 165
+	SYS_VM86                         = 166
+	SYS_QUERY_MODULE                 = 167
+	SYS_POLL                         = 168
+	SYS_NFSSERVCTL                   = 169
+	SYS_SETRESGID                    = 170
+	SYS_GETRESGID                    = 171
+	SYS_PRCTL                        = 172
+	SYS_RT_SIGRETURN                 = 173
+	SYS_RT_SIGACTION                 = 174
+	SYS_RT_SIGPROCMASK               = 175
+	SYS_RT_SIGPENDING                = 176
+	SYS_RT_SIGTIMEDWAIT              = 177
+	SYS_RT_SIGQUEUEINFO              = 178
+	SYS_RT_SIGSUSPEND                = 179
+	SYS_PREAD64                      = 180
+	SYS_PWRITE64                     = 181
+	SYS_CHOWN                        = 182
+	SYS_GETCWD                       = 183
+	SYS_CAPGET                       = 184
+	SYS_CAPSET                       = 185
+	SYS_SIGALTSTACK                  = 186
+	SYS_SENDFILE                     = 187
+	SYS_GETPMSG                      = 188
+	SYS_PUTPMSG                      = 189
+	SYS_VFORK                        = 190
+	SYS_UGETRLIMIT                   = 191
+	SYS_MMAP2                        = 192
+	SYS_TRUNCATE64                   = 193
+	SYS_FTRUNCATE64                  = 194
+	SYS_STAT64                       = 195
+	SYS_LSTAT64                      = 196
+	SYS_FSTAT64                      = 197
+	SYS_LCHOWN32                     = 198
+	SYS_GETUID32                     = 199
+	SYS_GETGID32                     = 200
+	SYS_GETEUID32                    = 201
+	SYS_GETEGID32                    = 202
+	SYS_SETREUID32                   = 203
+	SYS_SETREGID32                   = 204
+	SYS_GETGROUPS32                  = 205
+	SYS_SETGROUPS32                  = 206
+	SYS_FCHOWN32                     = 207
+	SYS_SETRESUID32                  = 208
+	SYS_GETRESUID32                  = 209
+	SYS_SETRESGID32                  = 210
+	SYS_GETRESGID32                  = 211
+	SYS_CHOWN32                      = 212
+	SYS_SETUID32                     = 213
+	SYS_SETGID32                     = 214
+	SYS_SETFSUID32                   = 215
+	SYS_SETFSGID32                   = 216
+	SYS_PIVOT_ROOT                   = 217
+	SYS_MINCORE                      = 218
+	SYS_MADVISE                      = 219
+	SYS_GETDENTS64                   = 220
+	SYS_FCNTL64                      = 221
+	SYS_GETTID                       = 224
+	SYS_READAHEAD                    = 225
+	SYS_SETXATTR                     = 226
+	SYS_LSETXATTR                    = 227
+	SYS_FSETXATTR                    = 228
+	SYS_GETXATTR                     = 229
+	SYS_LGETXATTR                    = 230
+	SYS_FGETXATTR                    = 231
+	SYS_LISTXATTR                    = 232
+	SYS_LLISTXATTR                   = 233
+	SYS_FLISTXATTR                   = 234
+	SYS_REMOVEXATTR                  = 235
+	SYS_LREMOVEXATTR                 = 236
+	SYS_FREMOVEXATTR                 = 237
+	SYS_TKILL                        = 238
+	SYS_SENDFILE64                   = 239
+	SYS_FUTEX                        = 240
+	SYS_SCHED_SETAFFINITY            = 241
+	SYS_SCHED_GETAFFINITY            = 242
+	SYS_SET_THREAD_AREA              = 243
+	SYS_GET_THREAD_AREA              = 244
+	SYS_IO_SETUP                     = 245
+	SYS_IO_DESTROY                   = 246
+	SYS_IO_GETEVENTS                 = 247
+	SYS_IO_SUBMIT                    = 248
+	SYS_IO_CANCEL                    = 249
+	SYS_FADVISE64                    = 250
+	SYS_EXIT_GROUP                   = 252
+	SYS_LOOKUP_DCOOKIE               = 253
+	SYS_EPOLL_CREATE                 = 254
+	SYS_EPOLL_CTL                    = 255
+	SYS_EPOLL_WAIT                   = 256
+	SYS_REMAP_FILE_PAGES             = 257
+	SYS_SET_TID_ADDRESS              = 258
+	SYS_TIMER_CREATE                 = 259
+	SYS_TIMER_SETTIME                = 260
+	SYS_TIMER_GETTIME                = 261
+	SYS_TIMER_GETOVERRUN             = 262
+	SYS_TIMER_DELETE                 = 263
+	SYS_CLOCK_SETTIME                = 264
+	SYS_CLOCK_GETTIME                = 265
+	SYS_CLOCK_GETRES                 = 266
+	SYS_CLOCK_NANOSLEEP              = 267
+	SYS_STATFS64                     = 268
+	SYS_FSTATFS64                    = 269
+	SYS_TGKILL                       = 270
+	SYS_UTIMES                       = 271
+	SYS_FADVISE64_64                 = 272
+	SYS_VSERVER                      = 273
+	SYS_MBIND                        = 274
+	SYS_GET_MEMPOLICY                = 275
+	SYS_SET_MEMPOLICY                = 276
+	SYS_MQ_OPEN                      = 277
+	SYS_MQ_UNLINK                    = 278
+	SYS_MQ_TIMEDSEND                 = 279
+	SYS_MQ_TIMEDRECEIVE              = 280
+	SYS_MQ_NOTIFY                    = 281
+	SYS_MQ_GETSETATTR                = 282
+	SYS_KEXEC_LOAD                   = 283
+	SYS_WAITID                       = 284
+	SYS_ADD_KEY                      = 286
+	SYS_REQUEST_KEY                  = 287
+	SYS_KEYCTL                       = 288
+	SYS_IOPRIO_SET                   = 289
+	SYS_IOPRIO_GET                   = 290
+	SYS_INOTIFY_INIT                 = 291
+	SYS_INOTIFY_ADD_WATCH            = 292
+	SYS_INOTIFY_RM_WATCH             = 293
+	SYS_MIGRATE_PAGES                = 294
+	SYS_OPENAT                       = 295
+	SYS_MKDIRAT                      = 296
+	SYS_MKNODAT                      = 297
+	SYS_FCHOWNAT                     = 298
+	SYS_FUTIMESAT                    = 299
+	SYS_FSTATAT64                    = 300
+	SYS_UNLINKAT                     = 301
+	SYS_RENAMEAT                     = 302
+	SYS_LINKAT                       = 303
+	SYS_SYMLINKAT                    = 304
+	SYS_READLINKAT                   = 305
+	SYS_FCHMODAT                     = 306
+	SYS_FACCESSAT                    = 307
+	SYS_PSELECT6                     = 308
+	SYS_PPOLL                        = 309
+	SYS_UNSHARE                      = 310
+	SYS_SET_ROBUST_LIST              = 311
+	SYS_GET_ROBUST_LIST              = 312
+	SYS_SPLICE                       = 313
+	SYS_SYNC_FILE_RANGE              = 314
+	SYS_TEE                          = 315
+	SYS_VMSPLICE                     = 316
+	SYS_MOVE_PAGES                   = 317
+	SYS_GETCPU                       = 318
+	SYS_EPOLL_PWAIT                  = 319
+	SYS_UTIMENSAT                    = 320
+	SYS_SIGNALFD                     = 321
+	SYS_TIMERFD_CREATE               = 322
+	SYS_EVENTFD                      = 323
+	SYS_FALLOCATE                    = 324
+	SYS_TIMERFD_SETTIME              = 325
+	SYS_TIMERFD_GETTIME              = 326
+	SYS_SIGNALFD4                    = 327
+	SYS_EVENTFD2                     = 328
+	SYS_EPOLL_CREATE1                = 329
+	SYS_DUP3                         = 330
+	SYS_PIPE2                        = 331
+	SYS_INOTIFY_INIT1                = 332
+	SYS_PREADV                       = 333
+	SYS_PWRITEV                      = 334
+	SYS_RT_TGSIGQUEUEINFO            = 335
+	SYS_PERF_EVENT_OPEN              = 336
+	SYS_RECVMMSG                     = 337
+	SYS_FANOTIFY_INIT                = 338
+	SYS_FANOTIFY_MARK                = 339
+	SYS_PRLIMIT64                    = 340
+	SYS_NAME_TO_HANDLE_AT            = 341
+	SYS_OPEN_BY_HANDLE_AT            = 342
+	SYS_CLOCK_ADJTIME                = 343
+	SYS_SYNCFS                       = 344
+	SYS_SENDMMSG                     = 345
+	SYS_SETNS                        = 346
+	SYS_PROCESS_VM_READV             = 347
+	SYS_PROCESS_VM_WRITEV            = 348
+	SYS_KCMP                         = 349
+	SYS_FINIT_MODULE                 = 350
+	SYS_SCHED_SETATTR                = 351
+	SYS_SCHED_GETATTR                = 352
+	SYS_RENAMEAT2                    = 353
+	SYS_SECCOMP                      = 354
+	SYS_GETRANDOM                    = 355
+	SYS_MEMFD_CREATE                 = 356
+	SYS_BPF                          = 357
+	SYS_EXECVEAT                     = 358
+	SYS_SOCKET                       = 359
+	SYS_SOCKETPAIR                   = 360
+	SYS_BIND                         = 361
+	SYS_CONNECT                      = 362
+	SYS_LISTEN                       = 363
+	SYS_ACCEPT4                      = 364
+	SYS_GETSOCKOPT                   = 365
+	SYS_SETSOCKOPT                   = 366
+	SYS_GETSOCKNAME                  = 367
+	SYS_GETPEERNAME                  = 368
+	SYS_SENDTO                       = 369
+	SYS_SENDMSG                      = 370
+	SYS_RECVFROM                     = 371
+	SYS_RECVMSG                      = 372
+	SYS_SHUTDOWN                     = 373
+	SYS_USERFAULTFD                  = 374
+	SYS_MEMBARRIER                   = 375
+	SYS_MLOCK2                       = 376
+	SYS_COPY_FILE_RANGE              = 377
+	SYS_PREADV2                      = 378
+	SYS_PWRITEV2                     = 379
+	SYS_PKEY_MPROTECT                = 380
+	SYS_PKEY_ALLOC                   = 381
+	SYS_PKEY_FREE                    = 382
+	SYS_STATX                        = 383
+	SYS_ARCH_PRCTL                   = 384
+	SYS_IO_PGETEVENTS                = 385
+	SYS_RSEQ                         = 386
+	SYS_SEMGET                       = 393
+	SYS_SEMCTL                       = 394
+	SYS_SHMGET                       = 395
+	SYS_SHMCTL                       = 396
+	SYS_SHMAT                        = 397
+	SYS_SHMDT                        = 398
+	SYS_MSGGET                       = 399
+	SYS_MSGSND                       = 400
+	SYS_MSGRCV                       = 401
+	SYS_MSGCTL                       = 402
+	SYS_CLOCK_GETTIME64              = 403
+	SYS_CLOCK_SETTIME64              = 404
+	SYS_CLOCK_ADJTIME64              = 405
+	SYS_CLOCK_GETRES_TIME64          = 406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 407
+	SYS_TIMER_GETTIME64              = 408
+	SYS_TIMER_SETTIME64              = 409
+	SYS_TIMERFD_GETTIME64            = 410
+	SYS_TIMERFD_SETTIME64            = 411
+	SYS_UTIMENSAT_TIME64             = 412
+	SYS_PSELECT6_TIME64              = 413
+	SYS_PPOLL_TIME64                 = 414
+	SYS_IO_PGETEVENTS_TIME64         = 416
+	SYS_RECVMMSG_TIME64              = 417
+	SYS_MQ_TIMEDSEND_TIME64          = 418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 419
+	SYS_SEMTIMEDOP_TIME64            = 420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 421
+	SYS_FUTEX_TIME64                 = 422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
+	SYS_PIDFD_SEND_SIGNAL            = 424
+	SYS_IO_URING_SETUP               = 425
+	SYS_IO_URING_ENTER               = 426
+	SYS_IO_URING_REGISTER            = 427
+	SYS_OPEN_TREE                    = 428
+	SYS_MOVE_MOUNT                   = 429
+	SYS_FSOPEN                       = 430
+	SYS_FSCONFIG                     = 431
+	SYS_FSMOUNT                      = 432
+	SYS_FSPICK                       = 433
+	SYS_PIDFD_OPEN                   = 434
+	SYS_CLONE3                       = 435
+	SYS_CLOSE_RANGE                  = 436
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
+	SYS_FACCESSAT2                   = 439
+	SYS_PROCESS_MADVISE              = 440
+	SYS_EPOLL_PWAIT2                 = 441
+	SYS_MOUNT_SETATTR                = 442
+	SYS_QUOTACTL_FD                  = 443
+	SYS_LANDLOCK_CREATE_RULESET      = 444
+	SYS_LANDLOCK_ADD_RULE            = 445
+	SYS_LANDLOCK_RESTRICT_SELF       = 446
+	SYS_MEMFD_SECRET                 = 447
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index c5dabf2e45185..b830326386cd2 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -1,342 +1,369 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include -m64 /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -m64 /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && linux
 // +build amd64,linux
 
 package unix
 
 const (
-	SYS_READ                   = 0
-	SYS_WRITE                  = 1
-	SYS_OPEN                   = 2
-	SYS_CLOSE                  = 3
-	SYS_STAT                   = 4
-	SYS_FSTAT                  = 5
-	SYS_LSTAT                  = 6
-	SYS_POLL                   = 7
-	SYS_LSEEK                  = 8
-	SYS_MMAP                   = 9
-	SYS_MPROTECT               = 10
-	SYS_MUNMAP                 = 11
-	SYS_BRK                    = 12
-	SYS_RT_SIGACTION           = 13
-	SYS_RT_SIGPROCMASK         = 14
-	SYS_RT_SIGRETURN           = 15
-	SYS_IOCTL                  = 16
-	SYS_PREAD64                = 17
-	SYS_PWRITE64               = 18
-	SYS_READV                  = 19
-	SYS_WRITEV                 = 20
-	SYS_ACCESS                 = 21
-	SYS_PIPE                   = 22
-	SYS_SELECT                 = 23
-	SYS_SCHED_YIELD            = 24
-	SYS_MREMAP                 = 25
-	SYS_MSYNC                  = 26
-	SYS_MINCORE                = 27
-	SYS_MADVISE                = 28
-	SYS_SHMGET                 = 29
-	SYS_SHMAT                  = 30
-	SYS_SHMCTL                 = 31
-	SYS_DUP                    = 32
-	SYS_DUP2                   = 33
-	SYS_PAUSE                  = 34
-	SYS_NANOSLEEP              = 35
-	SYS_GETITIMER              = 36
-	SYS_ALARM                  = 37
-	SYS_SETITIMER              = 38
-	SYS_GETPID                 = 39
-	SYS_SENDFILE               = 40
-	SYS_SOCKET                 = 41
-	SYS_CONNECT                = 42
-	SYS_ACCEPT                 = 43
-	SYS_SENDTO                 = 44
-	SYS_RECVFROM               = 45
-	SYS_SENDMSG                = 46
-	SYS_RECVMSG                = 47
-	SYS_SHUTDOWN               = 48
-	SYS_BIND                   = 49
-	SYS_LISTEN                 = 50
-	SYS_GETSOCKNAME            = 51
-	SYS_GETPEERNAME            = 52
-	SYS_SOCKETPAIR             = 53
-	SYS_SETSOCKOPT             = 54
-	SYS_GETSOCKOPT             = 55
-	SYS_CLONE                  = 56
-	SYS_FORK                   = 57
-	SYS_VFORK                  = 58
-	SYS_EXECVE                 = 59
-	SYS_EXIT                   = 60
-	SYS_WAIT4                  = 61
-	SYS_KILL                   = 62
-	SYS_UNAME                  = 63
-	SYS_SEMGET                 = 64
-	SYS_SEMOP                  = 65
-	SYS_SEMCTL                 = 66
-	SYS_SHMDT                  = 67
-	SYS_MSGGET                 = 68
-	SYS_MSGSND                 = 69
-	SYS_MSGRCV                 = 70
-	SYS_MSGCTL                 = 71
-	SYS_FCNTL                  = 72
-	SYS_FLOCK                  = 73
-	SYS_FSYNC                  = 74
-	SYS_FDATASYNC              = 75
-	SYS_TRUNCATE               = 76
-	SYS_FTRUNCATE              = 77
-	SYS_GETDENTS               = 78
-	SYS_GETCWD                 = 79
-	SYS_CHDIR                  = 80
-	SYS_FCHDIR                 = 81
-	SYS_RENAME                 = 82
-	SYS_MKDIR                  = 83
-	SYS_RMDIR                  = 84
-	SYS_CREAT                  = 85
-	SYS_LINK                   = 86
-	SYS_UNLINK                 = 87
-	SYS_SYMLINK                = 88
-	SYS_READLINK               = 89
-	SYS_CHMOD                  = 90
-	SYS_FCHMOD                 = 91
-	SYS_CHOWN                  = 92
-	SYS_FCHOWN                 = 93
-	SYS_LCHOWN                 = 94
-	SYS_UMASK                  = 95
-	SYS_GETTIMEOFDAY           = 96
-	SYS_GETRLIMIT              = 97
-	SYS_GETRUSAGE              = 98
-	SYS_SYSINFO                = 99
-	SYS_TIMES                  = 100
-	SYS_PTRACE                 = 101
-	SYS_GETUID                 = 102
-	SYS_SYSLOG                 = 103
-	SYS_GETGID                 = 104
-	SYS_SETUID                 = 105
-	SYS_SETGID                 = 106
-	SYS_GETEUID                = 107
-	SYS_GETEGID                = 108
-	SYS_SETPGID                = 109
-	SYS_GETPPID                = 110
-	SYS_GETPGRP                = 111
-	SYS_SETSID                 = 112
-	SYS_SETREUID               = 113
-	SYS_SETREGID               = 114
-	SYS_GETGROUPS              = 115
-	SYS_SETGROUPS              = 116
-	SYS_SETRESUID              = 117
-	SYS_GETRESUID              = 118
-	SYS_SETRESGID              = 119
-	SYS_GETRESGID              = 120
-	SYS_GETPGID                = 121
-	SYS_SETFSUID               = 122
-	SYS_SETFSGID               = 123
-	SYS_GETSID                 = 124
-	SYS_CAPGET                 = 125
-	SYS_CAPSET                 = 126
-	SYS_RT_SIGPENDING          = 127
-	SYS_RT_SIGTIMEDWAIT        = 128
-	SYS_RT_SIGQUEUEINFO        = 129
-	SYS_RT_SIGSUSPEND          = 130
-	SYS_SIGALTSTACK            = 131
-	SYS_UTIME                  = 132
-	SYS_MKNOD                  = 133
-	SYS_USELIB                 = 134
-	SYS_PERSONALITY            = 135
-	SYS_USTAT                  = 136
-	SYS_STATFS                 = 137
-	SYS_FSTATFS                = 138
-	SYS_SYSFS                  = 139
-	SYS_GETPRIORITY            = 140
-	SYS_SETPRIORITY            = 141
-	SYS_SCHED_SETPARAM         = 142
-	SYS_SCHED_GETPARAM         = 143
-	SYS_SCHED_SETSCHEDULER     = 144
-	SYS_SCHED_GETSCHEDULER     = 145
-	SYS_SCHED_GET_PRIORITY_MAX = 146
-	SYS_SCHED_GET_PRIORITY_MIN = 147
-	SYS_SCHED_RR_GET_INTERVAL  = 148
-	SYS_MLOCK                  = 149
-	SYS_MUNLOCK                = 150
-	SYS_MLOCKALL               = 151
-	SYS_MUNLOCKALL             = 152
-	SYS_VHANGUP                = 153
-	SYS_MODIFY_LDT             = 154
-	SYS_PIVOT_ROOT             = 155
-	SYS__SYSCTL                = 156
-	SYS_PRCTL                  = 157
-	SYS_ARCH_PRCTL             = 158
-	SYS_ADJTIMEX               = 159
-	SYS_SETRLIMIT              = 160
-	SYS_CHROOT                 = 161
-	SYS_SYNC                   = 162
-	SYS_ACCT                   = 163
-	SYS_SETTIMEOFDAY           = 164
-	SYS_MOUNT                  = 165
-	SYS_UMOUNT2                = 166
-	SYS_SWAPON                 = 167
-	SYS_SWAPOFF                = 168
-	SYS_REBOOT                 = 169
-	SYS_SETHOSTNAME            = 170
-	SYS_SETDOMAINNAME          = 171
-	SYS_IOPL                   = 172
-	SYS_IOPERM                 = 173
-	SYS_CREATE_MODULE          = 174
-	SYS_INIT_MODULE            = 175
-	SYS_DELETE_MODULE          = 176
-	SYS_GET_KERNEL_SYMS        = 177
-	SYS_QUERY_MODULE           = 178
-	SYS_QUOTACTL               = 179
-	SYS_NFSSERVCTL             = 180
-	SYS_GETPMSG                = 181
-	SYS_PUTPMSG                = 182
-	SYS_AFS_SYSCALL            = 183
-	SYS_TUXCALL                = 184
-	SYS_SECURITY               = 185
-	SYS_GETTID                 = 186
-	SYS_READAHEAD              = 187
-	SYS_SETXATTR               = 188
-	SYS_LSETXATTR              = 189
-	SYS_FSETXATTR              = 190
-	SYS_GETXATTR               = 191
-	SYS_LGETXATTR              = 192
-	SYS_FGETXATTR              = 193
-	SYS_LISTXATTR              = 194
-	SYS_LLISTXATTR             = 195
-	SYS_FLISTXATTR             = 196
-	SYS_REMOVEXATTR            = 197
-	SYS_LREMOVEXATTR           = 198
-	SYS_FREMOVEXATTR           = 199
-	SYS_TKILL                  = 200
-	SYS_TIME                   = 201
-	SYS_FUTEX                  = 202
-	SYS_SCHED_SETAFFINITY      = 203
-	SYS_SCHED_GETAFFINITY      = 204
-	SYS_SET_THREAD_AREA        = 205
-	SYS_IO_SETUP               = 206
-	SYS_IO_DESTROY             = 207
-	SYS_IO_GETEVENTS           = 208
-	SYS_IO_SUBMIT              = 209
-	SYS_IO_CANCEL              = 210
-	SYS_GET_THREAD_AREA        = 211
-	SYS_LOOKUP_DCOOKIE         = 212
-	SYS_EPOLL_CREATE           = 213
-	SYS_EPOLL_CTL_OLD          = 214
-	SYS_EPOLL_WAIT_OLD         = 215
-	SYS_REMAP_FILE_PAGES       = 216
-	SYS_GETDENTS64             = 217
-	SYS_SET_TID_ADDRESS        = 218
-	SYS_RESTART_SYSCALL        = 219
-	SYS_SEMTIMEDOP             = 220
-	SYS_FADVISE64              = 221
-	SYS_TIMER_CREATE           = 222
-	SYS_TIMER_SETTIME          = 223
-	SYS_TIMER_GETTIME          = 224
-	SYS_TIMER_GETOVERRUN       = 225
-	SYS_TIMER_DELETE           = 226
-	SYS_CLOCK_SETTIME          = 227
-	SYS_CLOCK_GETTIME          = 228
-	SYS_CLOCK_GETRES           = 229
-	SYS_CLOCK_NANOSLEEP        = 230
-	SYS_EXIT_GROUP             = 231
-	SYS_EPOLL_WAIT             = 232
-	SYS_EPOLL_CTL              = 233
-	SYS_TGKILL                 = 234
-	SYS_UTIMES                 = 235
-	SYS_VSERVER                = 236
-	SYS_MBIND                  = 237
-	SYS_SET_MEMPOLICY          = 238
-	SYS_GET_MEMPOLICY          = 239
-	SYS_MQ_OPEN                = 240
-	SYS_MQ_UNLINK              = 241
-	SYS_MQ_TIMEDSEND           = 242
-	SYS_MQ_TIMEDRECEIVE        = 243
-	SYS_MQ_NOTIFY              = 244
-	SYS_MQ_GETSETATTR          = 245
-	SYS_KEXEC_LOAD             = 246
-	SYS_WAITID                 = 247
-	SYS_ADD_KEY                = 248
-	SYS_REQUEST_KEY            = 249
-	SYS_KEYCTL                 = 250
-	SYS_IOPRIO_SET             = 251
-	SYS_IOPRIO_GET             = 252
-	SYS_INOTIFY_INIT           = 253
-	SYS_INOTIFY_ADD_WATCH      = 254
-	SYS_INOTIFY_RM_WATCH       = 255
-	SYS_MIGRATE_PAGES          = 256
-	SYS_OPENAT                 = 257
-	SYS_MKDIRAT                = 258
-	SYS_MKNODAT                = 259
-	SYS_FCHOWNAT               = 260
-	SYS_FUTIMESAT              = 261
-	SYS_NEWFSTATAT             = 262
-	SYS_UNLINKAT               = 263
-	SYS_RENAMEAT               = 264
-	SYS_LINKAT                 = 265
-	SYS_SYMLINKAT              = 266
-	SYS_READLINKAT             = 267
-	SYS_FCHMODAT               = 268
-	SYS_FACCESSAT              = 269
-	SYS_PSELECT6               = 270
-	SYS_PPOLL                  = 271
-	SYS_UNSHARE                = 272
-	SYS_SET_ROBUST_LIST        = 273
-	SYS_GET_ROBUST_LIST        = 274
-	SYS_SPLICE                 = 275
-	SYS_TEE                    = 276
-	SYS_SYNC_FILE_RANGE        = 277
-	SYS_VMSPLICE               = 278
-	SYS_MOVE_PAGES             = 279
-	SYS_UTIMENSAT              = 280
-	SYS_EPOLL_PWAIT            = 281
-	SYS_SIGNALFD               = 282
-	SYS_TIMERFD_CREATE         = 283
-	SYS_EVENTFD                = 284
-	SYS_FALLOCATE              = 285
-	SYS_TIMERFD_SETTIME        = 286
-	SYS_TIMERFD_GETTIME        = 287
-	SYS_ACCEPT4                = 288
-	SYS_SIGNALFD4              = 289
-	SYS_EVENTFD2               = 290
-	SYS_EPOLL_CREATE1          = 291
-	SYS_DUP3                   = 292
-	SYS_PIPE2                  = 293
-	SYS_INOTIFY_INIT1          = 294
-	SYS_PREADV                 = 295
-	SYS_PWRITEV                = 296
-	SYS_RT_TGSIGQUEUEINFO      = 297
-	SYS_PERF_EVENT_OPEN        = 298
-	SYS_RECVMMSG               = 299
-	SYS_FANOTIFY_INIT          = 300
-	SYS_FANOTIFY_MARK          = 301
-	SYS_PRLIMIT64              = 302
-	SYS_NAME_TO_HANDLE_AT      = 303
-	SYS_OPEN_BY_HANDLE_AT      = 304
-	SYS_CLOCK_ADJTIME          = 305
-	SYS_SYNCFS                 = 306
-	SYS_SENDMMSG               = 307
-	SYS_SETNS                  = 308
-	SYS_GETCPU                 = 309
-	SYS_PROCESS_VM_READV       = 310
-	SYS_PROCESS_VM_WRITEV      = 311
-	SYS_KCMP                   = 312
-	SYS_FINIT_MODULE           = 313
-	SYS_SCHED_SETATTR          = 314
-	SYS_SCHED_GETATTR          = 315
-	SYS_RENAMEAT2              = 316
-	SYS_SECCOMP                = 317
-	SYS_GETRANDOM              = 318
-	SYS_MEMFD_CREATE           = 319
-	SYS_KEXEC_FILE_LOAD        = 320
-	SYS_BPF                    = 321
-	SYS_EXECVEAT               = 322
-	SYS_USERFAULTFD            = 323
-	SYS_MEMBARRIER             = 324
-	SYS_MLOCK2                 = 325
-	SYS_COPY_FILE_RANGE        = 326
-	SYS_PREADV2                = 327
-	SYS_PWRITEV2               = 328
-	SYS_PKEY_MPROTECT          = 329
-	SYS_PKEY_ALLOC             = 330
-	SYS_PKEY_FREE              = 331
-	SYS_STATX                  = 332
+	SYS_READ                    = 0
+	SYS_WRITE                   = 1
+	SYS_OPEN                    = 2
+	SYS_CLOSE                   = 3
+	SYS_STAT                    = 4
+	SYS_FSTAT                   = 5
+	SYS_LSTAT                   = 6
+	SYS_POLL                    = 7
+	SYS_LSEEK                   = 8
+	SYS_MMAP                    = 9
+	SYS_MPROTECT                = 10
+	SYS_MUNMAP                  = 11
+	SYS_BRK                     = 12
+	SYS_RT_SIGACTION            = 13
+	SYS_RT_SIGPROCMASK          = 14
+	SYS_RT_SIGRETURN            = 15
+	SYS_IOCTL                   = 16
+	SYS_PREAD64                 = 17
+	SYS_PWRITE64                = 18
+	SYS_READV                   = 19
+	SYS_WRITEV                  = 20
+	SYS_ACCESS                  = 21
+	SYS_PIPE                    = 22
+	SYS_SELECT                  = 23
+	SYS_SCHED_YIELD             = 24
+	SYS_MREMAP                  = 25
+	SYS_MSYNC                   = 26
+	SYS_MINCORE                 = 27
+	SYS_MADVISE                 = 28
+	SYS_SHMGET                  = 29
+	SYS_SHMAT                   = 30
+	SYS_SHMCTL                  = 31
+	SYS_DUP                     = 32
+	SYS_DUP2                    = 33
+	SYS_PAUSE                   = 34
+	SYS_NANOSLEEP               = 35
+	SYS_GETITIMER               = 36
+	SYS_ALARM                   = 37
+	SYS_SETITIMER               = 38
+	SYS_GETPID                  = 39
+	SYS_SENDFILE                = 40
+	SYS_SOCKET                  = 41
+	SYS_CONNECT                 = 42
+	SYS_ACCEPT                  = 43
+	SYS_SENDTO                  = 44
+	SYS_RECVFROM                = 45
+	SYS_SENDMSG                 = 46
+	SYS_RECVMSG                 = 47
+	SYS_SHUTDOWN                = 48
+	SYS_BIND                    = 49
+	SYS_LISTEN                  = 50
+	SYS_GETSOCKNAME             = 51
+	SYS_GETPEERNAME             = 52
+	SYS_SOCKETPAIR              = 53
+	SYS_SETSOCKOPT              = 54
+	SYS_GETSOCKOPT              = 55
+	SYS_CLONE                   = 56
+	SYS_FORK                    = 57
+	SYS_VFORK                   = 58
+	SYS_EXECVE                  = 59
+	SYS_EXIT                    = 60
+	SYS_WAIT4                   = 61
+	SYS_KILL                    = 62
+	SYS_UNAME                   = 63
+	SYS_SEMGET                  = 64
+	SYS_SEMOP                   = 65
+	SYS_SEMCTL                  = 66
+	SYS_SHMDT                   = 67
+	SYS_MSGGET                  = 68
+	SYS_MSGSND                  = 69
+	SYS_MSGRCV                  = 70
+	SYS_MSGCTL                  = 71
+	SYS_FCNTL                   = 72
+	SYS_FLOCK                   = 73
+	SYS_FSYNC                   = 74
+	SYS_FDATASYNC               = 75
+	SYS_TRUNCATE                = 76
+	SYS_FTRUNCATE               = 77
+	SYS_GETDENTS                = 78
+	SYS_GETCWD                  = 79
+	SYS_CHDIR                   = 80
+	SYS_FCHDIR                  = 81
+	SYS_RENAME                  = 82
+	SYS_MKDIR                   = 83
+	SYS_RMDIR                   = 84
+	SYS_CREAT                   = 85
+	SYS_LINK                    = 86
+	SYS_UNLINK                  = 87
+	SYS_SYMLINK                 = 88
+	SYS_READLINK                = 89
+	SYS_CHMOD                   = 90
+	SYS_FCHMOD                  = 91
+	SYS_CHOWN                   = 92
+	SYS_FCHOWN                  = 93
+	SYS_LCHOWN                  = 94
+	SYS_UMASK                   = 95
+	SYS_GETTIMEOFDAY            = 96
+	SYS_GETRLIMIT               = 97
+	SYS_GETRUSAGE               = 98
+	SYS_SYSINFO                 = 99
+	SYS_TIMES                   = 100
+	SYS_PTRACE                  = 101
+	SYS_GETUID                  = 102
+	SYS_SYSLOG                  = 103
+	SYS_GETGID                  = 104
+	SYS_SETUID                  = 105
+	SYS_SETGID                  = 106
+	SYS_GETEUID                 = 107
+	SYS_GETEGID                 = 108
+	SYS_SETPGID                 = 109
+	SYS_GETPPID                 = 110
+	SYS_GETPGRP                 = 111
+	SYS_SETSID                  = 112
+	SYS_SETREUID                = 113
+	SYS_SETREGID                = 114
+	SYS_GETGROUPS               = 115
+	SYS_SETGROUPS               = 116
+	SYS_SETRESUID               = 117
+	SYS_GETRESUID               = 118
+	SYS_SETRESGID               = 119
+	SYS_GETRESGID               = 120
+	SYS_GETPGID                 = 121
+	SYS_SETFSUID                = 122
+	SYS_SETFSGID                = 123
+	SYS_GETSID                  = 124
+	SYS_CAPGET                  = 125
+	SYS_CAPSET                  = 126
+	SYS_RT_SIGPENDING           = 127
+	SYS_RT_SIGTIMEDWAIT         = 128
+	SYS_RT_SIGQUEUEINFO         = 129
+	SYS_RT_SIGSUSPEND           = 130
+	SYS_SIGALTSTACK             = 131
+	SYS_UTIME                   = 132
+	SYS_MKNOD                   = 133
+	SYS_USELIB                  = 134
+	SYS_PERSONALITY             = 135
+	SYS_USTAT                   = 136
+	SYS_STATFS                  = 137
+	SYS_FSTATFS                 = 138
+	SYS_SYSFS                   = 139
+	SYS_GETPRIORITY             = 140
+	SYS_SETPRIORITY             = 141
+	SYS_SCHED_SETPARAM          = 142
+	SYS_SCHED_GETPARAM          = 143
+	SYS_SCHED_SETSCHEDULER      = 144
+	SYS_SCHED_GETSCHEDULER      = 145
+	SYS_SCHED_GET_PRIORITY_MAX  = 146
+	SYS_SCHED_GET_PRIORITY_MIN  = 147
+	SYS_SCHED_RR_GET_INTERVAL   = 148
+	SYS_MLOCK                   = 149
+	SYS_MUNLOCK                 = 150
+	SYS_MLOCKALL                = 151
+	SYS_MUNLOCKALL              = 152
+	SYS_VHANGUP                 = 153
+	SYS_MODIFY_LDT              = 154
+	SYS_PIVOT_ROOT              = 155
+	SYS__SYSCTL                 = 156
+	SYS_PRCTL                   = 157
+	SYS_ARCH_PRCTL              = 158
+	SYS_ADJTIMEX                = 159
+	SYS_SETRLIMIT               = 160
+	SYS_CHROOT                  = 161
+	SYS_SYNC                    = 162
+	SYS_ACCT                    = 163
+	SYS_SETTIMEOFDAY            = 164
+	SYS_MOUNT                   = 165
+	SYS_UMOUNT2                 = 166
+	SYS_SWAPON                  = 167
+	SYS_SWAPOFF                 = 168
+	SYS_REBOOT                  = 169
+	SYS_SETHOSTNAME             = 170
+	SYS_SETDOMAINNAME           = 171
+	SYS_IOPL                    = 172
+	SYS_IOPERM                  = 173
+	SYS_CREATE_MODULE           = 174
+	SYS_INIT_MODULE             = 175
+	SYS_DELETE_MODULE           = 176
+	SYS_GET_KERNEL_SYMS         = 177
+	SYS_QUERY_MODULE            = 178
+	SYS_QUOTACTL                = 179
+	SYS_NFSSERVCTL              = 180
+	SYS_GETPMSG                 = 181
+	SYS_PUTPMSG                 = 182
+	SYS_AFS_SYSCALL             = 183
+	SYS_TUXCALL                 = 184
+	SYS_SECURITY                = 185
+	SYS_GETTID                  = 186
+	SYS_READAHEAD               = 187
+	SYS_SETXATTR                = 188
+	SYS_LSETXATTR               = 189
+	SYS_FSETXATTR               = 190
+	SYS_GETXATTR                = 191
+	SYS_LGETXATTR               = 192
+	SYS_FGETXATTR               = 193
+	SYS_LISTXATTR               = 194
+	SYS_LLISTXATTR              = 195
+	SYS_FLISTXATTR              = 196
+	SYS_REMOVEXATTR             = 197
+	SYS_LREMOVEXATTR            = 198
+	SYS_FREMOVEXATTR            = 199
+	SYS_TKILL                   = 200
+	SYS_TIME                    = 201
+	SYS_FUTEX                   = 202
+	SYS_SCHED_SETAFFINITY       = 203
+	SYS_SCHED_GETAFFINITY       = 204
+	SYS_SET_THREAD_AREA         = 205
+	SYS_IO_SETUP                = 206
+	SYS_IO_DESTROY              = 207
+	SYS_IO_GETEVENTS            = 208
+	SYS_IO_SUBMIT               = 209
+	SYS_IO_CANCEL               = 210
+	SYS_GET_THREAD_AREA         = 211
+	SYS_LOOKUP_DCOOKIE          = 212
+	SYS_EPOLL_CREATE            = 213
+	SYS_EPOLL_CTL_OLD           = 214
+	SYS_EPOLL_WAIT_OLD          = 215
+	SYS_REMAP_FILE_PAGES        = 216
+	SYS_GETDENTS64              = 217
+	SYS_SET_TID_ADDRESS         = 218
+	SYS_RESTART_SYSCALL         = 219
+	SYS_SEMTIMEDOP              = 220
+	SYS_FADVISE64               = 221
+	SYS_TIMER_CREATE            = 222
+	SYS_TIMER_SETTIME           = 223
+	SYS_TIMER_GETTIME           = 224
+	SYS_TIMER_GETOVERRUN        = 225
+	SYS_TIMER_DELETE            = 226
+	SYS_CLOCK_SETTIME           = 227
+	SYS_CLOCK_GETTIME           = 228
+	SYS_CLOCK_GETRES            = 229
+	SYS_CLOCK_NANOSLEEP         = 230
+	SYS_EXIT_GROUP              = 231
+	SYS_EPOLL_WAIT              = 232
+	SYS_EPOLL_CTL               = 233
+	SYS_TGKILL                  = 234
+	SYS_UTIMES                  = 235
+	SYS_VSERVER                 = 236
+	SYS_MBIND                   = 237
+	SYS_SET_MEMPOLICY           = 238
+	SYS_GET_MEMPOLICY           = 239
+	SYS_MQ_OPEN                 = 240
+	SYS_MQ_UNLINK               = 241
+	SYS_MQ_TIMEDSEND            = 242
+	SYS_MQ_TIMEDRECEIVE         = 243
+	SYS_MQ_NOTIFY               = 244
+	SYS_MQ_GETSETATTR           = 245
+	SYS_KEXEC_LOAD              = 246
+	SYS_WAITID                  = 247
+	SYS_ADD_KEY                 = 248
+	SYS_REQUEST_KEY             = 249
+	SYS_KEYCTL                  = 250
+	SYS_IOPRIO_SET              = 251
+	SYS_IOPRIO_GET              = 252
+	SYS_INOTIFY_INIT            = 253
+	SYS_INOTIFY_ADD_WATCH       = 254
+	SYS_INOTIFY_RM_WATCH        = 255
+	SYS_MIGRATE_PAGES           = 256
+	SYS_OPENAT                  = 257
+	SYS_MKDIRAT                 = 258
+	SYS_MKNODAT                 = 259
+	SYS_FCHOWNAT                = 260
+	SYS_FUTIMESAT               = 261
+	SYS_NEWFSTATAT              = 262
+	SYS_UNLINKAT                = 263
+	SYS_RENAMEAT                = 264
+	SYS_LINKAT                  = 265
+	SYS_SYMLINKAT               = 266
+	SYS_READLINKAT              = 267
+	SYS_FCHMODAT                = 268
+	SYS_FACCESSAT               = 269
+	SYS_PSELECT6                = 270
+	SYS_PPOLL                   = 271
+	SYS_UNSHARE                 = 272
+	SYS_SET_ROBUST_LIST         = 273
+	SYS_GET_ROBUST_LIST         = 274
+	SYS_SPLICE                  = 275
+	SYS_TEE                     = 276
+	SYS_SYNC_FILE_RANGE         = 277
+	SYS_VMSPLICE                = 278
+	SYS_MOVE_PAGES              = 279
+	SYS_UTIMENSAT               = 280
+	SYS_EPOLL_PWAIT             = 281
+	SYS_SIGNALFD                = 282
+	SYS_TIMERFD_CREATE          = 283
+	SYS_EVENTFD                 = 284
+	SYS_FALLOCATE               = 285
+	SYS_TIMERFD_SETTIME         = 286
+	SYS_TIMERFD_GETTIME         = 287
+	SYS_ACCEPT4                 = 288
+	SYS_SIGNALFD4               = 289
+	SYS_EVENTFD2                = 290
+	SYS_EPOLL_CREATE1           = 291
+	SYS_DUP3                    = 292
+	SYS_PIPE2                   = 293
+	SYS_INOTIFY_INIT1           = 294
+	SYS_PREADV                  = 295
+	SYS_PWRITEV                 = 296
+	SYS_RT_TGSIGQUEUEINFO       = 297
+	SYS_PERF_EVENT_OPEN         = 298
+	SYS_RECVMMSG                = 299
+	SYS_FANOTIFY_INIT           = 300
+	SYS_FANOTIFY_MARK           = 301
+	SYS_PRLIMIT64               = 302
+	SYS_NAME_TO_HANDLE_AT       = 303
+	SYS_OPEN_BY_HANDLE_AT       = 304
+	SYS_CLOCK_ADJTIME           = 305
+	SYS_SYNCFS                  = 306
+	SYS_SENDMMSG                = 307
+	SYS_SETNS                   = 308
+	SYS_GETCPU                  = 309
+	SYS_PROCESS_VM_READV        = 310
+	SYS_PROCESS_VM_WRITEV       = 311
+	SYS_KCMP                    = 312
+	SYS_FINIT_MODULE            = 313
+	SYS_SCHED_SETATTR           = 314
+	SYS_SCHED_GETATTR           = 315
+	SYS_RENAMEAT2               = 316
+	SYS_SECCOMP                 = 317
+	SYS_GETRANDOM               = 318
+	SYS_MEMFD_CREATE            = 319
+	SYS_KEXEC_FILE_LOAD         = 320
+	SYS_BPF                     = 321
+	SYS_EXECVEAT                = 322
+	SYS_USERFAULTFD             = 323
+	SYS_MEMBARRIER              = 324
+	SYS_MLOCK2                  = 325
+	SYS_COPY_FILE_RANGE         = 326
+	SYS_PREADV2                 = 327
+	SYS_PWRITEV2                = 328
+	SYS_PKEY_MPROTECT           = 329
+	SYS_PKEY_ALLOC              = 330
+	SYS_PKEY_FREE               = 331
+	SYS_STATX                   = 332
+	SYS_IO_PGETEVENTS           = 333
+	SYS_RSEQ                    = 334
+	SYS_PIDFD_SEND_SIGNAL       = 424
+	SYS_IO_URING_SETUP          = 425
+	SYS_IO_URING_ENTER          = 426
+	SYS_IO_URING_REGISTER       = 427
+	SYS_OPEN_TREE               = 428
+	SYS_MOVE_MOUNT              = 429
+	SYS_FSOPEN                  = 430
+	SYS_FSCONFIG                = 431
+	SYS_FSMOUNT                 = 432
+	SYS_FSPICK                  = 433
+	SYS_PIDFD_OPEN              = 434
+	SYS_CLONE3                  = 435
+	SYS_CLOSE_RANGE             = 436
+	SYS_OPENAT2                 = 437
+	SYS_PIDFD_GETFD             = 438
+	SYS_FACCESSAT2              = 439
+	SYS_PROCESS_MADVISE         = 440
+	SYS_EPOLL_PWAIT2            = 441
+	SYS_MOUNT_SETATTR           = 442
+	SYS_QUOTACTL_FD             = 443
+	SYS_LANDLOCK_CREATE_RULESET = 444
+	SYS_LANDLOCK_ADD_RULE       = 445
+	SYS_LANDLOCK_RESTRICT_SELF  = 446
+	SYS_MEMFD_SECRET            = 447
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index ab7fa5fd3939d..d75f65a0aa701 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -1,362 +1,410 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && linux
 // +build arm,linux
 
 package unix
 
 const (
-	SYS_RESTART_SYSCALL        = 0
-	SYS_EXIT                   = 1
-	SYS_FORK                   = 2
-	SYS_READ                   = 3
-	SYS_WRITE                  = 4
-	SYS_OPEN                   = 5
-	SYS_CLOSE                  = 6
-	SYS_CREAT                  = 8
-	SYS_LINK                   = 9
-	SYS_UNLINK                 = 10
-	SYS_EXECVE                 = 11
-	SYS_CHDIR                  = 12
-	SYS_MKNOD                  = 14
-	SYS_CHMOD                  = 15
-	SYS_LCHOWN                 = 16
-	SYS_LSEEK                  = 19
-	SYS_GETPID                 = 20
-	SYS_MOUNT                  = 21
-	SYS_SETUID                 = 23
-	SYS_GETUID                 = 24
-	SYS_PTRACE                 = 26
-	SYS_PAUSE                  = 29
-	SYS_ACCESS                 = 33
-	SYS_NICE                   = 34
-	SYS_SYNC                   = 36
-	SYS_KILL                   = 37
-	SYS_RENAME                 = 38
-	SYS_MKDIR                  = 39
-	SYS_RMDIR                  = 40
-	SYS_DUP                    = 41
-	SYS_PIPE                   = 42
-	SYS_TIMES                  = 43
-	SYS_BRK                    = 45
-	SYS_SETGID                 = 46
-	SYS_GETGID                 = 47
-	SYS_GETEUID                = 49
-	SYS_GETEGID                = 50
-	SYS_ACCT                   = 51
-	SYS_UMOUNT2                = 52
-	SYS_IOCTL                  = 54
-	SYS_FCNTL                  = 55
-	SYS_SETPGID                = 57
-	SYS_UMASK                  = 60
-	SYS_CHROOT                 = 61
-	SYS_USTAT                  = 62
-	SYS_DUP2                   = 63
-	SYS_GETPPID                = 64
-	SYS_GETPGRP                = 65
-	SYS_SETSID                 = 66
-	SYS_SIGACTION              = 67
-	SYS_SETREUID               = 70
-	SYS_SETREGID               = 71
-	SYS_SIGSUSPEND             = 72
-	SYS_SIGPENDING             = 73
-	SYS_SETHOSTNAME            = 74
-	SYS_SETRLIMIT              = 75
-	SYS_GETRUSAGE              = 77
-	SYS_GETTIMEOFDAY           = 78
-	SYS_SETTIMEOFDAY           = 79
-	SYS_GETGROUPS              = 80
-	SYS_SETGROUPS              = 81
-	SYS_SYMLINK                = 83
-	SYS_READLINK               = 85
-	SYS_USELIB                 = 86
-	SYS_SWAPON                 = 87
-	SYS_REBOOT                 = 88
-	SYS_MUNMAP                 = 91
-	SYS_TRUNCATE               = 92
-	SYS_FTRUNCATE              = 93
-	SYS_FCHMOD                 = 94
-	SYS_FCHOWN                 = 95
-	SYS_GETPRIORITY            = 96
-	SYS_SETPRIORITY            = 97
-	SYS_STATFS                 = 99
-	SYS_FSTATFS                = 100
-	SYS_SYSLOG                 = 103
-	SYS_SETITIMER              = 104
-	SYS_GETITIMER              = 105
-	SYS_STAT                   = 106
-	SYS_LSTAT                  = 107
-	SYS_FSTAT                  = 108
-	SYS_VHANGUP                = 111
-	SYS_WAIT4                  = 114
-	SYS_SWAPOFF                = 115
-	SYS_SYSINFO                = 116
-	SYS_FSYNC                  = 118
-	SYS_SIGRETURN              = 119
-	SYS_CLONE                  = 120
-	SYS_SETDOMAINNAME          = 121
-	SYS_UNAME                  = 122
-	SYS_ADJTIMEX               = 124
-	SYS_MPROTECT               = 125
-	SYS_SIGPROCMASK            = 126
-	SYS_INIT_MODULE            = 128
-	SYS_DELETE_MODULE          = 129
-	SYS_QUOTACTL               = 131
-	SYS_GETPGID                = 132
-	SYS_FCHDIR                 = 133
-	SYS_BDFLUSH                = 134
-	SYS_SYSFS                  = 135
-	SYS_PERSONALITY            = 136
-	SYS_SETFSUID               = 138
-	SYS_SETFSGID               = 139
-	SYS__LLSEEK                = 140
-	SYS_GETDENTS               = 141
-	SYS__NEWSELECT             = 142
-	SYS_FLOCK                  = 143
-	SYS_MSYNC                  = 144
-	SYS_READV                  = 145
-	SYS_WRITEV                 = 146
-	SYS_GETSID                 = 147
-	SYS_FDATASYNC              = 148
-	SYS__SYSCTL                = 149
-	SYS_MLOCK                  = 150
-	SYS_MUNLOCK                = 151
-	SYS_MLOCKALL               = 152
-	SYS_MUNLOCKALL             = 153
-	SYS_SCHED_SETPARAM         = 154
-	SYS_SCHED_GETPARAM         = 155
-	SYS_SCHED_SETSCHEDULER     = 156
-	SYS_SCHED_GETSCHEDULER     = 157
-	SYS_SCHED_YIELD            = 158
-	SYS_SCHED_GET_PRIORITY_MAX = 159
-	SYS_SCHED_GET_PRIORITY_MIN = 160
-	SYS_SCHED_RR_GET_INTERVAL  = 161
-	SYS_NANOSLEEP              = 162
-	SYS_MREMAP                 = 163
-	SYS_SETRESUID              = 164
-	SYS_GETRESUID              = 165
-	SYS_POLL                   = 168
-	SYS_NFSSERVCTL             = 169
-	SYS_SETRESGID              = 170
-	SYS_GETRESGID              = 171
-	SYS_PRCTL                  = 172
-	SYS_RT_SIGRETURN           = 173
-	SYS_RT_SIGACTION           = 174
-	SYS_RT_SIGPROCMASK         = 175
-	SYS_RT_SIGPENDING          = 176
-	SYS_RT_SIGTIMEDWAIT        = 177
-	SYS_RT_SIGQUEUEINFO        = 178
-	SYS_RT_SIGSUSPEND          = 179
-	SYS_PREAD64                = 180
-	SYS_PWRITE64               = 181
-	SYS_CHOWN                  = 182
-	SYS_GETCWD                 = 183
-	SYS_CAPGET                 = 184
-	SYS_CAPSET                 = 185
-	SYS_SIGALTSTACK            = 186
-	SYS_SENDFILE               = 187
-	SYS_VFORK                  = 190
-	SYS_UGETRLIMIT             = 191
-	SYS_MMAP2                  = 192
-	SYS_TRUNCATE64             = 193
-	SYS_FTRUNCATE64            = 194
-	SYS_STAT64                 = 195
-	SYS_LSTAT64                = 196
-	SYS_FSTAT64                = 197
-	SYS_LCHOWN32               = 198
-	SYS_GETUID32               = 199
-	SYS_GETGID32               = 200
-	SYS_GETEUID32              = 201
-	SYS_GETEGID32              = 202
-	SYS_SETREUID32             = 203
-	SYS_SETREGID32             = 204
-	SYS_GETGROUPS32            = 205
-	SYS_SETGROUPS32            = 206
-	SYS_FCHOWN32               = 207
-	SYS_SETRESUID32            = 208
-	SYS_GETRESUID32            = 209
-	SYS_SETRESGID32            = 210
-	SYS_GETRESGID32            = 211
-	SYS_CHOWN32                = 212
-	SYS_SETUID32               = 213
-	SYS_SETGID32               = 214
-	SYS_SETFSUID32             = 215
-	SYS_SETFSGID32             = 216
-	SYS_GETDENTS64             = 217
-	SYS_PIVOT_ROOT             = 218
-	SYS_MINCORE                = 219
-	SYS_MADVISE                = 220
-	SYS_FCNTL64                = 221
-	SYS_GETTID                 = 224
-	SYS_READAHEAD              = 225
-	SYS_SETXATTR               = 226
-	SYS_LSETXATTR              = 227
-	SYS_FSETXATTR              = 228
-	SYS_GETXATTR               = 229
-	SYS_LGETXATTR              = 230
-	SYS_FGETXATTR              = 231
-	SYS_LISTXATTR              = 232
-	SYS_LLISTXATTR             = 233
-	SYS_FLISTXATTR             = 234
-	SYS_REMOVEXATTR            = 235
-	SYS_LREMOVEXATTR           = 236
-	SYS_FREMOVEXATTR           = 237
-	SYS_TKILL                  = 238
-	SYS_SENDFILE64             = 239
-	SYS_FUTEX                  = 240
-	SYS_SCHED_SETAFFINITY      = 241
-	SYS_SCHED_GETAFFINITY      = 242
-	SYS_IO_SETUP               = 243
-	SYS_IO_DESTROY             = 244
-	SYS_IO_GETEVENTS           = 245
-	SYS_IO_SUBMIT              = 246
-	SYS_IO_CANCEL              = 247
-	SYS_EXIT_GROUP             = 248
-	SYS_LOOKUP_DCOOKIE         = 249
-	SYS_EPOLL_CREATE           = 250
-	SYS_EPOLL_CTL              = 251
-	SYS_EPOLL_WAIT             = 252
-	SYS_REMAP_FILE_PAGES       = 253
-	SYS_SET_TID_ADDRESS        = 256
-	SYS_TIMER_CREATE           = 257
-	SYS_TIMER_SETTIME          = 258
-	SYS_TIMER_GETTIME          = 259
-	SYS_TIMER_GETOVERRUN       = 260
-	SYS_TIMER_DELETE           = 261
-	SYS_CLOCK_SETTIME          = 262
-	SYS_CLOCK_GETTIME          = 263
-	SYS_CLOCK_GETRES           = 264
-	SYS_CLOCK_NANOSLEEP        = 265
-	SYS_STATFS64               = 266
-	SYS_FSTATFS64              = 267
-	SYS_TGKILL                 = 268
-	SYS_UTIMES                 = 269
-	SYS_ARM_FADVISE64_64       = 270
-	SYS_PCICONFIG_IOBASE       = 271
-	SYS_PCICONFIG_READ         = 272
-	SYS_PCICONFIG_WRITE        = 273
-	SYS_MQ_OPEN                = 274
-	SYS_MQ_UNLINK              = 275
-	SYS_MQ_TIMEDSEND           = 276
-	SYS_MQ_TIMEDRECEIVE        = 277
-	SYS_MQ_NOTIFY              = 278
-	SYS_MQ_GETSETATTR          = 279
-	SYS_WAITID                 = 280
-	SYS_SOCKET                 = 281
-	SYS_BIND                   = 282
-	SYS_CONNECT                = 283
-	SYS_LISTEN                 = 284
-	SYS_ACCEPT                 = 285
-	SYS_GETSOCKNAME            = 286
-	SYS_GETPEERNAME            = 287
-	SYS_SOCKETPAIR             = 288
-	SYS_SEND                   = 289
-	SYS_SENDTO                 = 290
-	SYS_RECV                   = 291
-	SYS_RECVFROM               = 292
-	SYS_SHUTDOWN               = 293
-	SYS_SETSOCKOPT             = 294
-	SYS_GETSOCKOPT             = 295
-	SYS_SENDMSG                = 296
-	SYS_RECVMSG                = 297
-	SYS_SEMOP                  = 298
-	SYS_SEMGET                 = 299
-	SYS_SEMCTL                 = 300
-	SYS_MSGSND                 = 301
-	SYS_MSGRCV                 = 302
-	SYS_MSGGET                 = 303
-	SYS_MSGCTL                 = 304
-	SYS_SHMAT                  = 305
-	SYS_SHMDT                  = 306
-	SYS_SHMGET                 = 307
-	SYS_SHMCTL                 = 308
-	SYS_ADD_KEY                = 309
-	SYS_REQUEST_KEY            = 310
-	SYS_KEYCTL                 = 311
-	SYS_SEMTIMEDOP             = 312
-	SYS_VSERVER                = 313
-	SYS_IOPRIO_SET             = 314
-	SYS_IOPRIO_GET             = 315
-	SYS_INOTIFY_INIT           = 316
-	SYS_INOTIFY_ADD_WATCH      = 317
-	SYS_INOTIFY_RM_WATCH       = 318
-	SYS_MBIND                  = 319
-	SYS_GET_MEMPOLICY          = 320
-	SYS_SET_MEMPOLICY          = 321
-	SYS_OPENAT                 = 322
-	SYS_MKDIRAT                = 323
-	SYS_MKNODAT                = 324
-	SYS_FCHOWNAT               = 325
-	SYS_FUTIMESAT              = 326
-	SYS_FSTATAT64              = 327
-	SYS_UNLINKAT               = 328
-	SYS_RENAMEAT               = 329
-	SYS_LINKAT                 = 330
-	SYS_SYMLINKAT              = 331
-	SYS_READLINKAT             = 332
-	SYS_FCHMODAT               = 333
-	SYS_FACCESSAT              = 334
-	SYS_PSELECT6               = 335
-	SYS_PPOLL                  = 336
-	SYS_UNSHARE                = 337
-	SYS_SET_ROBUST_LIST        = 338
-	SYS_GET_ROBUST_LIST        = 339
-	SYS_SPLICE                 = 340
-	SYS_ARM_SYNC_FILE_RANGE    = 341
-	SYS_TEE                    = 342
-	SYS_VMSPLICE               = 343
-	SYS_MOVE_PAGES             = 344
-	SYS_GETCPU                 = 345
-	SYS_EPOLL_PWAIT            = 346
-	SYS_KEXEC_LOAD             = 347
-	SYS_UTIMENSAT              = 348
-	SYS_SIGNALFD               = 349
-	SYS_TIMERFD_CREATE         = 350
-	SYS_EVENTFD                = 351
-	SYS_FALLOCATE              = 352
-	SYS_TIMERFD_SETTIME        = 353
-	SYS_TIMERFD_GETTIME        = 354
-	SYS_SIGNALFD4              = 355
-	SYS_EVENTFD2               = 356
-	SYS_EPOLL_CREATE1          = 357
-	SYS_DUP3                   = 358
-	SYS_PIPE2                  = 359
-	SYS_INOTIFY_INIT1          = 360
-	SYS_PREADV                 = 361
-	SYS_PWRITEV                = 362
-	SYS_RT_TGSIGQUEUEINFO      = 363
-	SYS_PERF_EVENT_OPEN        = 364
-	SYS_RECVMMSG               = 365
-	SYS_ACCEPT4                = 366
-	SYS_FANOTIFY_INIT          = 367
-	SYS_FANOTIFY_MARK          = 368
-	SYS_PRLIMIT64              = 369
-	SYS_NAME_TO_HANDLE_AT      = 370
-	SYS_OPEN_BY_HANDLE_AT      = 371
-	SYS_CLOCK_ADJTIME          = 372
-	SYS_SYNCFS                 = 373
-	SYS_SENDMMSG               = 374
-	SYS_SETNS                  = 375
-	SYS_PROCESS_VM_READV       = 376
-	SYS_PROCESS_VM_WRITEV      = 377
-	SYS_KCMP                   = 378
-	SYS_FINIT_MODULE           = 379
-	SYS_SCHED_SETATTR          = 380
-	SYS_SCHED_GETATTR          = 381
-	SYS_RENAMEAT2              = 382
-	SYS_SECCOMP                = 383
-	SYS_GETRANDOM              = 384
-	SYS_MEMFD_CREATE           = 385
-	SYS_BPF                    = 386
-	SYS_EXECVEAT               = 387
-	SYS_USERFAULTFD            = 388
-	SYS_MEMBARRIER             = 389
-	SYS_MLOCK2                 = 390
-	SYS_COPY_FILE_RANGE        = 391
-	SYS_PREADV2                = 392
-	SYS_PWRITEV2               = 393
-	SYS_PKEY_MPROTECT          = 394
-	SYS_PKEY_ALLOC             = 395
-	SYS_PKEY_FREE              = 396
-	SYS_STATX                  = 397
+	SYS_RESTART_SYSCALL              = 0
+	SYS_EXIT                         = 1
+	SYS_FORK                         = 2
+	SYS_READ                         = 3
+	SYS_WRITE                        = 4
+	SYS_OPEN                         = 5
+	SYS_CLOSE                        = 6
+	SYS_CREAT                        = 8
+	SYS_LINK                         = 9
+	SYS_UNLINK                       = 10
+	SYS_EXECVE                       = 11
+	SYS_CHDIR                        = 12
+	SYS_MKNOD                        = 14
+	SYS_CHMOD                        = 15
+	SYS_LCHOWN                       = 16
+	SYS_LSEEK                        = 19
+	SYS_GETPID                       = 20
+	SYS_MOUNT                        = 21
+	SYS_SETUID                       = 23
+	SYS_GETUID                       = 24
+	SYS_PTRACE                       = 26
+	SYS_PAUSE                        = 29
+	SYS_ACCESS                       = 33
+	SYS_NICE                         = 34
+	SYS_SYNC                         = 36
+	SYS_KILL                         = 37
+	SYS_RENAME                       = 38
+	SYS_MKDIR                        = 39
+	SYS_RMDIR                        = 40
+	SYS_DUP                          = 41
+	SYS_PIPE                         = 42
+	SYS_TIMES                        = 43
+	SYS_BRK                          = 45
+	SYS_SETGID                       = 46
+	SYS_GETGID                       = 47
+	SYS_GETEUID                      = 49
+	SYS_GETEGID                      = 50
+	SYS_ACCT                         = 51
+	SYS_UMOUNT2                      = 52
+	SYS_IOCTL                        = 54
+	SYS_FCNTL                        = 55
+	SYS_SETPGID                      = 57
+	SYS_UMASK                        = 60
+	SYS_CHROOT                       = 61
+	SYS_USTAT                        = 62
+	SYS_DUP2                         = 63
+	SYS_GETPPID                      = 64
+	SYS_GETPGRP                      = 65
+	SYS_SETSID                       = 66
+	SYS_SIGACTION                    = 67
+	SYS_SETREUID                     = 70
+	SYS_SETREGID                     = 71
+	SYS_SIGSUSPEND                   = 72
+	SYS_SIGPENDING                   = 73
+	SYS_SETHOSTNAME                  = 74
+	SYS_SETRLIMIT                    = 75
+	SYS_GETRUSAGE                    = 77
+	SYS_GETTIMEOFDAY                 = 78
+	SYS_SETTIMEOFDAY                 = 79
+	SYS_GETGROUPS                    = 80
+	SYS_SETGROUPS                    = 81
+	SYS_SYMLINK                      = 83
+	SYS_READLINK                     = 85
+	SYS_USELIB                       = 86
+	SYS_SWAPON                       = 87
+	SYS_REBOOT                       = 88
+	SYS_MUNMAP                       = 91
+	SYS_TRUNCATE                     = 92
+	SYS_FTRUNCATE                    = 93
+	SYS_FCHMOD                       = 94
+	SYS_FCHOWN                       = 95
+	SYS_GETPRIORITY                  = 96
+	SYS_SETPRIORITY                  = 97
+	SYS_STATFS                       = 99
+	SYS_FSTATFS                      = 100
+	SYS_SYSLOG                       = 103
+	SYS_SETITIMER                    = 104
+	SYS_GETITIMER                    = 105
+	SYS_STAT                         = 106
+	SYS_LSTAT                        = 107
+	SYS_FSTAT                        = 108
+	SYS_VHANGUP                      = 111
+	SYS_WAIT4                        = 114
+	SYS_SWAPOFF                      = 115
+	SYS_SYSINFO                      = 116
+	SYS_FSYNC                        = 118
+	SYS_SIGRETURN                    = 119
+	SYS_CLONE                        = 120
+	SYS_SETDOMAINNAME                = 121
+	SYS_UNAME                        = 122
+	SYS_ADJTIMEX                     = 124
+	SYS_MPROTECT                     = 125
+	SYS_SIGPROCMASK                  = 126
+	SYS_INIT_MODULE                  = 128
+	SYS_DELETE_MODULE                = 129
+	SYS_QUOTACTL                     = 131
+	SYS_GETPGID                      = 132
+	SYS_FCHDIR                       = 133
+	SYS_BDFLUSH                      = 134
+	SYS_SYSFS                        = 135
+	SYS_PERSONALITY                  = 136
+	SYS_SETFSUID                     = 138
+	SYS_SETFSGID                     = 139
+	SYS__LLSEEK                      = 140
+	SYS_GETDENTS                     = 141
+	SYS__NEWSELECT                   = 142
+	SYS_FLOCK                        = 143
+	SYS_MSYNC                        = 144
+	SYS_READV                        = 145
+	SYS_WRITEV                       = 146
+	SYS_GETSID                       = 147
+	SYS_FDATASYNC                    = 148
+	SYS__SYSCTL                      = 149
+	SYS_MLOCK                        = 150
+	SYS_MUNLOCK                      = 151
+	SYS_MLOCKALL                     = 152
+	SYS_MUNLOCKALL                   = 153
+	SYS_SCHED_SETPARAM               = 154
+	SYS_SCHED_GETPARAM               = 155
+	SYS_SCHED_SETSCHEDULER           = 156
+	SYS_SCHED_GETSCHEDULER           = 157
+	SYS_SCHED_YIELD                  = 158
+	SYS_SCHED_GET_PRIORITY_MAX       = 159
+	SYS_SCHED_GET_PRIORITY_MIN       = 160
+	SYS_SCHED_RR_GET_INTERVAL        = 161
+	SYS_NANOSLEEP                    = 162
+	SYS_MREMAP                       = 163
+	SYS_SETRESUID                    = 164
+	SYS_GETRESUID                    = 165
+	SYS_POLL                         = 168
+	SYS_NFSSERVCTL                   = 169
+	SYS_SETRESGID                    = 170
+	SYS_GETRESGID                    = 171
+	SYS_PRCTL                        = 172
+	SYS_RT_SIGRETURN                 = 173
+	SYS_RT_SIGACTION                 = 174
+	SYS_RT_SIGPROCMASK               = 175
+	SYS_RT_SIGPENDING                = 176
+	SYS_RT_SIGTIMEDWAIT              = 177
+	SYS_RT_SIGQUEUEINFO              = 178
+	SYS_RT_SIGSUSPEND                = 179
+	SYS_PREAD64                      = 180
+	SYS_PWRITE64                     = 181
+	SYS_CHOWN                        = 182
+	SYS_GETCWD                       = 183
+	SYS_CAPGET                       = 184
+	SYS_CAPSET                       = 185
+	SYS_SIGALTSTACK                  = 186
+	SYS_SENDFILE                     = 187
+	SYS_VFORK                        = 190
+	SYS_UGETRLIMIT                   = 191
+	SYS_MMAP2                        = 192
+	SYS_TRUNCATE64                   = 193
+	SYS_FTRUNCATE64                  = 194
+	SYS_STAT64                       = 195
+	SYS_LSTAT64                      = 196
+	SYS_FSTAT64                      = 197
+	SYS_LCHOWN32                     = 198
+	SYS_GETUID32                     = 199
+	SYS_GETGID32                     = 200
+	SYS_GETEUID32                    = 201
+	SYS_GETEGID32                    = 202
+	SYS_SETREUID32                   = 203
+	SYS_SETREGID32                   = 204
+	SYS_GETGROUPS32                  = 205
+	SYS_SETGROUPS32                  = 206
+	SYS_FCHOWN32                     = 207
+	SYS_SETRESUID32                  = 208
+	SYS_GETRESUID32                  = 209
+	SYS_SETRESGID32                  = 210
+	SYS_GETRESGID32                  = 211
+	SYS_CHOWN32                      = 212
+	SYS_SETUID32                     = 213
+	SYS_SETGID32                     = 214
+	SYS_SETFSUID32                   = 215
+	SYS_SETFSGID32                   = 216
+	SYS_GETDENTS64                   = 217
+	SYS_PIVOT_ROOT                   = 218
+	SYS_MINCORE                      = 219
+	SYS_MADVISE                      = 220
+	SYS_FCNTL64                      = 221
+	SYS_GETTID                       = 224
+	SYS_READAHEAD                    = 225
+	SYS_SETXATTR                     = 226
+	SYS_LSETXATTR                    = 227
+	SYS_FSETXATTR                    = 228
+	SYS_GETXATTR                     = 229
+	SYS_LGETXATTR                    = 230
+	SYS_FGETXATTR                    = 231
+	SYS_LISTXATTR                    = 232
+	SYS_LLISTXATTR                   = 233
+	SYS_FLISTXATTR                   = 234
+	SYS_REMOVEXATTR                  = 235
+	SYS_LREMOVEXATTR                 = 236
+	SYS_FREMOVEXATTR                 = 237
+	SYS_TKILL                        = 238
+	SYS_SENDFILE64                   = 239
+	SYS_FUTEX                        = 240
+	SYS_SCHED_SETAFFINITY            = 241
+	SYS_SCHED_GETAFFINITY            = 242
+	SYS_IO_SETUP                     = 243
+	SYS_IO_DESTROY                   = 244
+	SYS_IO_GETEVENTS                 = 245
+	SYS_IO_SUBMIT                    = 246
+	SYS_IO_CANCEL                    = 247
+	SYS_EXIT_GROUP                   = 248
+	SYS_LOOKUP_DCOOKIE               = 249
+	SYS_EPOLL_CREATE                 = 250
+	SYS_EPOLL_CTL                    = 251
+	SYS_EPOLL_WAIT                   = 252
+	SYS_REMAP_FILE_PAGES             = 253
+	SYS_SET_TID_ADDRESS              = 256
+	SYS_TIMER_CREATE                 = 257
+	SYS_TIMER_SETTIME                = 258
+	SYS_TIMER_GETTIME                = 259
+	SYS_TIMER_GETOVERRUN             = 260
+	SYS_TIMER_DELETE                 = 261
+	SYS_CLOCK_SETTIME                = 262
+	SYS_CLOCK_GETTIME                = 263
+	SYS_CLOCK_GETRES                 = 264
+	SYS_CLOCK_NANOSLEEP              = 265
+	SYS_STATFS64                     = 266
+	SYS_FSTATFS64                    = 267
+	SYS_TGKILL                       = 268
+	SYS_UTIMES                       = 269
+	SYS_ARM_FADVISE64_64             = 270
+	SYS_PCICONFIG_IOBASE             = 271
+	SYS_PCICONFIG_READ               = 272
+	SYS_PCICONFIG_WRITE              = 273
+	SYS_MQ_OPEN                      = 274
+	SYS_MQ_UNLINK                    = 275
+	SYS_MQ_TIMEDSEND                 = 276
+	SYS_MQ_TIMEDRECEIVE              = 277
+	SYS_MQ_NOTIFY                    = 278
+	SYS_MQ_GETSETATTR                = 279
+	SYS_WAITID                       = 280
+	SYS_SOCKET                       = 281
+	SYS_BIND                         = 282
+	SYS_CONNECT                      = 283
+	SYS_LISTEN                       = 284
+	SYS_ACCEPT                       = 285
+	SYS_GETSOCKNAME                  = 286
+	SYS_GETPEERNAME                  = 287
+	SYS_SOCKETPAIR                   = 288
+	SYS_SEND                         = 289
+	SYS_SENDTO                       = 290
+	SYS_RECV                         = 291
+	SYS_RECVFROM                     = 292
+	SYS_SHUTDOWN                     = 293
+	SYS_SETSOCKOPT                   = 294
+	SYS_GETSOCKOPT                   = 295
+	SYS_SENDMSG                      = 296
+	SYS_RECVMSG                      = 297
+	SYS_SEMOP                        = 298
+	SYS_SEMGET                       = 299
+	SYS_SEMCTL                       = 300
+	SYS_MSGSND                       = 301
+	SYS_MSGRCV                       = 302
+	SYS_MSGGET                       = 303
+	SYS_MSGCTL                       = 304
+	SYS_SHMAT                        = 305
+	SYS_SHMDT                        = 306
+	SYS_SHMGET                       = 307
+	SYS_SHMCTL                       = 308
+	SYS_ADD_KEY                      = 309
+	SYS_REQUEST_KEY                  = 310
+	SYS_KEYCTL                       = 311
+	SYS_SEMTIMEDOP                   = 312
+	SYS_VSERVER                      = 313
+	SYS_IOPRIO_SET                   = 314
+	SYS_IOPRIO_GET                   = 315
+	SYS_INOTIFY_INIT                 = 316
+	SYS_INOTIFY_ADD_WATCH            = 317
+	SYS_INOTIFY_RM_WATCH             = 318
+	SYS_MBIND                        = 319
+	SYS_GET_MEMPOLICY                = 320
+	SYS_SET_MEMPOLICY                = 321
+	SYS_OPENAT                       = 322
+	SYS_MKDIRAT                      = 323
+	SYS_MKNODAT                      = 324
+	SYS_FCHOWNAT                     = 325
+	SYS_FUTIMESAT                    = 326
+	SYS_FSTATAT64                    = 327
+	SYS_UNLINKAT                     = 328
+	SYS_RENAMEAT                     = 329
+	SYS_LINKAT                       = 330
+	SYS_SYMLINKAT                    = 331
+	SYS_READLINKAT                   = 332
+	SYS_FCHMODAT                     = 333
+	SYS_FACCESSAT                    = 334
+	SYS_PSELECT6                     = 335
+	SYS_PPOLL                        = 336
+	SYS_UNSHARE                      = 337
+	SYS_SET_ROBUST_LIST              = 338
+	SYS_GET_ROBUST_LIST              = 339
+	SYS_SPLICE                       = 340
+	SYS_ARM_SYNC_FILE_RANGE          = 341
+	SYS_TEE                          = 342
+	SYS_VMSPLICE                     = 343
+	SYS_MOVE_PAGES                   = 344
+	SYS_GETCPU                       = 345
+	SYS_EPOLL_PWAIT                  = 346
+	SYS_KEXEC_LOAD                   = 347
+	SYS_UTIMENSAT                    = 348
+	SYS_SIGNALFD                     = 349
+	SYS_TIMERFD_CREATE               = 350
+	SYS_EVENTFD                      = 351
+	SYS_FALLOCATE                    = 352
+	SYS_TIMERFD_SETTIME              = 353
+	SYS_TIMERFD_GETTIME              = 354
+	SYS_SIGNALFD4                    = 355
+	SYS_EVENTFD2                     = 356
+	SYS_EPOLL_CREATE1                = 357
+	SYS_DUP3                         = 358
+	SYS_PIPE2                        = 359
+	SYS_INOTIFY_INIT1                = 360
+	SYS_PREADV                       = 361
+	SYS_PWRITEV                      = 362
+	SYS_RT_TGSIGQUEUEINFO            = 363
+	SYS_PERF_EVENT_OPEN              = 364
+	SYS_RECVMMSG                     = 365
+	SYS_ACCEPT4                      = 366
+	SYS_FANOTIFY_INIT                = 367
+	SYS_FANOTIFY_MARK                = 368
+	SYS_PRLIMIT64                    = 369
+	SYS_NAME_TO_HANDLE_AT            = 370
+	SYS_OPEN_BY_HANDLE_AT            = 371
+	SYS_CLOCK_ADJTIME                = 372
+	SYS_SYNCFS                       = 373
+	SYS_SENDMMSG                     = 374
+	SYS_SETNS                        = 375
+	SYS_PROCESS_VM_READV             = 376
+	SYS_PROCESS_VM_WRITEV            = 377
+	SYS_KCMP                         = 378
+	SYS_FINIT_MODULE                 = 379
+	SYS_SCHED_SETATTR                = 380
+	SYS_SCHED_GETATTR                = 381
+	SYS_RENAMEAT2                    = 382
+	SYS_SECCOMP                      = 383
+	SYS_GETRANDOM                    = 384
+	SYS_MEMFD_CREATE                 = 385
+	SYS_BPF                          = 386
+	SYS_EXECVEAT                     = 387
+	SYS_USERFAULTFD                  = 388
+	SYS_MEMBARRIER                   = 389
+	SYS_MLOCK2                       = 390
+	SYS_COPY_FILE_RANGE              = 391
+	SYS_PREADV2                      = 392
+	SYS_PWRITEV2                     = 393
+	SYS_PKEY_MPROTECT                = 394
+	SYS_PKEY_ALLOC                   = 395
+	SYS_PKEY_FREE                    = 396
+	SYS_STATX                        = 397
+	SYS_RSEQ                         = 398
+	SYS_IO_PGETEVENTS                = 399
+	SYS_MIGRATE_PAGES                = 400
+	SYS_KEXEC_FILE_LOAD              = 401
+	SYS_CLOCK_GETTIME64              = 403
+	SYS_CLOCK_SETTIME64              = 404
+	SYS_CLOCK_ADJTIME64              = 405
+	SYS_CLOCK_GETRES_TIME64          = 406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 407
+	SYS_TIMER_GETTIME64              = 408
+	SYS_TIMER_SETTIME64              = 409
+	SYS_TIMERFD_GETTIME64            = 410
+	SYS_TIMERFD_SETTIME64            = 411
+	SYS_UTIMENSAT_TIME64             = 412
+	SYS_PSELECT6_TIME64              = 413
+	SYS_PPOLL_TIME64                 = 414
+	SYS_IO_PGETEVENTS_TIME64         = 416
+	SYS_RECVMMSG_TIME64              = 417
+	SYS_MQ_TIMEDSEND_TIME64          = 418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 419
+	SYS_SEMTIMEDOP_TIME64            = 420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 421
+	SYS_FUTEX_TIME64                 = 422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
+	SYS_PIDFD_SEND_SIGNAL            = 424
+	SYS_IO_URING_SETUP               = 425
+	SYS_IO_URING_ENTER               = 426
+	SYS_IO_URING_REGISTER            = 427
+	SYS_OPEN_TREE                    = 428
+	SYS_MOVE_MOUNT                   = 429
+	SYS_FSOPEN                       = 430
+	SYS_FSCONFIG                     = 431
+	SYS_FSMOUNT                      = 432
+	SYS_FSPICK                       = 433
+	SYS_PIDFD_OPEN                   = 434
+	SYS_CLONE3                       = 435
+	SYS_CLOSE_RANGE                  = 436
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
+	SYS_FACCESSAT2                   = 439
+	SYS_PROCESS_MADVISE              = 440
+	SYS_EPOLL_PWAIT2                 = 441
+	SYS_MOUNT_SETATTR                = 442
+	SYS_QUOTACTL_FD                  = 443
+	SYS_LANDLOCK_CREATE_RULESET      = 444
+	SYS_LANDLOCK_ADD_RULE            = 445
+	SYS_LANDLOCK_RESTRICT_SELF       = 446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index b1c6b4bd3b39d..8b02f09e9b5cd 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -1,286 +1,314 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm64 && linux
 // +build arm64,linux
 
 package unix
 
 const (
-	SYS_IO_SETUP               = 0
-	SYS_IO_DESTROY             = 1
-	SYS_IO_SUBMIT              = 2
-	SYS_IO_CANCEL              = 3
-	SYS_IO_GETEVENTS           = 4
-	SYS_SETXATTR               = 5
-	SYS_LSETXATTR              = 6
-	SYS_FSETXATTR              = 7
-	SYS_GETXATTR               = 8
-	SYS_LGETXATTR              = 9
-	SYS_FGETXATTR              = 10
-	SYS_LISTXATTR              = 11
-	SYS_LLISTXATTR             = 12
-	SYS_FLISTXATTR             = 13
-	SYS_REMOVEXATTR            = 14
-	SYS_LREMOVEXATTR           = 15
-	SYS_FREMOVEXATTR           = 16
-	SYS_GETCWD                 = 17
-	SYS_LOOKUP_DCOOKIE         = 18
-	SYS_EVENTFD2               = 19
-	SYS_EPOLL_CREATE1          = 20
-	SYS_EPOLL_CTL              = 21
-	SYS_EPOLL_PWAIT            = 22
-	SYS_DUP                    = 23
-	SYS_DUP3                   = 24
-	SYS_FCNTL                  = 25
-	SYS_INOTIFY_INIT1          = 26
-	SYS_INOTIFY_ADD_WATCH      = 27
-	SYS_INOTIFY_RM_WATCH       = 28
-	SYS_IOCTL                  = 29
-	SYS_IOPRIO_SET             = 30
-	SYS_IOPRIO_GET             = 31
-	SYS_FLOCK                  = 32
-	SYS_MKNODAT                = 33
-	SYS_MKDIRAT                = 34
-	SYS_UNLINKAT               = 35
-	SYS_SYMLINKAT              = 36
-	SYS_LINKAT                 = 37
-	SYS_RENAMEAT               = 38
-	SYS_UMOUNT2                = 39
-	SYS_MOUNT                  = 40
-	SYS_PIVOT_ROOT             = 41
-	SYS_NFSSERVCTL             = 42
-	SYS_STATFS                 = 43
-	SYS_FSTATFS                = 44
-	SYS_TRUNCATE               = 45
-	SYS_FTRUNCATE              = 46
-	SYS_FALLOCATE              = 47
-	SYS_FACCESSAT              = 48
-	SYS_CHDIR                  = 49
-	SYS_FCHDIR                 = 50
-	SYS_CHROOT                 = 51
-	SYS_FCHMOD                 = 52
-	SYS_FCHMODAT               = 53
-	SYS_FCHOWNAT               = 54
-	SYS_FCHOWN                 = 55
-	SYS_OPENAT                 = 56
-	SYS_CLOSE                  = 57
-	SYS_VHANGUP                = 58
-	SYS_PIPE2                  = 59
-	SYS_QUOTACTL               = 60
-	SYS_GETDENTS64             = 61
-	SYS_LSEEK                  = 62
-	SYS_READ                   = 63
-	SYS_WRITE                  = 64
-	SYS_READV                  = 65
-	SYS_WRITEV                 = 66
-	SYS_PREAD64                = 67
-	SYS_PWRITE64               = 68
-	SYS_PREADV                 = 69
-	SYS_PWRITEV                = 70
-	SYS_SENDFILE               = 71
-	SYS_PSELECT6               = 72
-	SYS_PPOLL                  = 73
-	SYS_SIGNALFD4              = 74
-	SYS_VMSPLICE               = 75
-	SYS_SPLICE                 = 76
-	SYS_TEE                    = 77
-	SYS_READLINKAT             = 78
-	SYS_FSTATAT                = 79
-	SYS_FSTAT                  = 80
-	SYS_SYNC                   = 81
-	SYS_FSYNC                  = 82
-	SYS_FDATASYNC              = 83
-	SYS_SYNC_FILE_RANGE        = 84
-	SYS_TIMERFD_CREATE         = 85
-	SYS_TIMERFD_SETTIME        = 86
-	SYS_TIMERFD_GETTIME        = 87
-	SYS_UTIMENSAT              = 88
-	SYS_ACCT                   = 89
-	SYS_CAPGET                 = 90
-	SYS_CAPSET                 = 91
-	SYS_PERSONALITY            = 92
-	SYS_EXIT                   = 93
-	SYS_EXIT_GROUP             = 94
-	SYS_WAITID                 = 95
-	SYS_SET_TID_ADDRESS        = 96
-	SYS_UNSHARE                = 97
-	SYS_FUTEX                  = 98
-	SYS_SET_ROBUST_LIST        = 99
-	SYS_GET_ROBUST_LIST        = 100
-	SYS_NANOSLEEP              = 101
-	SYS_GETITIMER              = 102
-	SYS_SETITIMER              = 103
-	SYS_KEXEC_LOAD             = 104
-	SYS_INIT_MODULE            = 105
-	SYS_DELETE_MODULE          = 106
-	SYS_TIMER_CREATE           = 107
-	SYS_TIMER_GETTIME          = 108
-	SYS_TIMER_GETOVERRUN       = 109
-	SYS_TIMER_SETTIME          = 110
-	SYS_TIMER_DELETE           = 111
-	SYS_CLOCK_SETTIME          = 112
-	SYS_CLOCK_GETTIME          = 113
-	SYS_CLOCK_GETRES           = 114
-	SYS_CLOCK_NANOSLEEP        = 115
-	SYS_SYSLOG                 = 116
-	SYS_PTRACE                 = 117
-	SYS_SCHED_SETPARAM         = 118
-	SYS_SCHED_SETSCHEDULER     = 119
-	SYS_SCHED_GETSCHEDULER     = 120
-	SYS_SCHED_GETPARAM         = 121
-	SYS_SCHED_SETAFFINITY      = 122
-	SYS_SCHED_GETAFFINITY      = 123
-	SYS_SCHED_YIELD            = 124
-	SYS_SCHED_GET_PRIORITY_MAX = 125
-	SYS_SCHED_GET_PRIORITY_MIN = 126
-	SYS_SCHED_RR_GET_INTERVAL  = 127
-	SYS_RESTART_SYSCALL        = 128
-	SYS_KILL                   = 129
-	SYS_TKILL                  = 130
-	SYS_TGKILL                 = 131
-	SYS_SIGALTSTACK            = 132
-	SYS_RT_SIGSUSPEND          = 133
-	SYS_RT_SIGACTION           = 134
-	SYS_RT_SIGPROCMASK         = 135
-	SYS_RT_SIGPENDING          = 136
-	SYS_RT_SIGTIMEDWAIT        = 137
-	SYS_RT_SIGQUEUEINFO        = 138
-	SYS_RT_SIGRETURN           = 139
-	SYS_SETPRIORITY            = 140
-	SYS_GETPRIORITY            = 141
-	SYS_REBOOT                 = 142
-	SYS_SETREGID               = 143
-	SYS_SETGID                 = 144
-	SYS_SETREUID               = 145
-	SYS_SETUID                 = 146
-	SYS_SETRESUID              = 147
-	SYS_GETRESUID              = 148
-	SYS_SETRESGID              = 149
-	SYS_GETRESGID              = 150
-	SYS_SETFSUID               = 151
-	SYS_SETFSGID               = 152
-	SYS_TIMES                  = 153
-	SYS_SETPGID                = 154
-	SYS_GETPGID                = 155
-	SYS_GETSID                 = 156
-	SYS_SETSID                 = 157
-	SYS_GETGROUPS              = 158
-	SYS_SETGROUPS              = 159
-	SYS_UNAME                  = 160
-	SYS_SETHOSTNAME            = 161
-	SYS_SETDOMAINNAME          = 162
-	SYS_GETRLIMIT              = 163
-	SYS_SETRLIMIT              = 164
-	SYS_GETRUSAGE              = 165
-	SYS_UMASK                  = 166
-	SYS_PRCTL                  = 167
-	SYS_GETCPU                 = 168
-	SYS_GETTIMEOFDAY           = 169
-	SYS_SETTIMEOFDAY           = 170
-	SYS_ADJTIMEX               = 171
-	SYS_GETPID                 = 172
-	SYS_GETPPID                = 173
-	SYS_GETUID                 = 174
-	SYS_GETEUID                = 175
-	SYS_GETGID                 = 176
-	SYS_GETEGID                = 177
-	SYS_GETTID                 = 178
-	SYS_SYSINFO                = 179
-	SYS_MQ_OPEN                = 180
-	SYS_MQ_UNLINK              = 181
-	SYS_MQ_TIMEDSEND           = 182
-	SYS_MQ_TIMEDRECEIVE        = 183
-	SYS_MQ_NOTIFY              = 184
-	SYS_MQ_GETSETATTR          = 185
-	SYS_MSGGET                 = 186
-	SYS_MSGCTL                 = 187
-	SYS_MSGRCV                 = 188
-	SYS_MSGSND                 = 189
-	SYS_SEMGET                 = 190
-	SYS_SEMCTL                 = 191
-	SYS_SEMTIMEDOP             = 192
-	SYS_SEMOP                  = 193
-	SYS_SHMGET                 = 194
-	SYS_SHMCTL                 = 195
-	SYS_SHMAT                  = 196
-	SYS_SHMDT                  = 197
-	SYS_SOCKET                 = 198
-	SYS_SOCKETPAIR             = 199
-	SYS_BIND                   = 200
-	SYS_LISTEN                 = 201
-	SYS_ACCEPT                 = 202
-	SYS_CONNECT                = 203
-	SYS_GETSOCKNAME            = 204
-	SYS_GETPEERNAME            = 205
-	SYS_SENDTO                 = 206
-	SYS_RECVFROM               = 207
-	SYS_SETSOCKOPT             = 208
-	SYS_GETSOCKOPT             = 209
-	SYS_SHUTDOWN               = 210
-	SYS_SENDMSG                = 211
-	SYS_RECVMSG                = 212
-	SYS_READAHEAD              = 213
-	SYS_BRK                    = 214
-	SYS_MUNMAP                 = 215
-	SYS_MREMAP                 = 216
-	SYS_ADD_KEY                = 217
-	SYS_REQUEST_KEY            = 218
-	SYS_KEYCTL                 = 219
-	SYS_CLONE                  = 220
-	SYS_EXECVE                 = 221
-	SYS_MMAP                   = 222
-	SYS_FADVISE64              = 223
-	SYS_SWAPON                 = 224
-	SYS_SWAPOFF                = 225
-	SYS_MPROTECT               = 226
-	SYS_MSYNC                  = 227
-	SYS_MLOCK                  = 228
-	SYS_MUNLOCK                = 229
-	SYS_MLOCKALL               = 230
-	SYS_MUNLOCKALL             = 231
-	SYS_MINCORE                = 232
-	SYS_MADVISE                = 233
-	SYS_REMAP_FILE_PAGES       = 234
-	SYS_MBIND                  = 235
-	SYS_GET_MEMPOLICY          = 236
-	SYS_SET_MEMPOLICY          = 237
-	SYS_MIGRATE_PAGES          = 238
-	SYS_MOVE_PAGES             = 239
-	SYS_RT_TGSIGQUEUEINFO      = 240
-	SYS_PERF_EVENT_OPEN        = 241
-	SYS_ACCEPT4                = 242
-	SYS_RECVMMSG               = 243
-	SYS_ARCH_SPECIFIC_SYSCALL  = 244
-	SYS_WAIT4                  = 260
-	SYS_PRLIMIT64              = 261
-	SYS_FANOTIFY_INIT          = 262
-	SYS_FANOTIFY_MARK          = 263
-	SYS_NAME_TO_HANDLE_AT      = 264
-	SYS_OPEN_BY_HANDLE_AT      = 265
-	SYS_CLOCK_ADJTIME          = 266
-	SYS_SYNCFS                 = 267
-	SYS_SETNS                  = 268
-	SYS_SENDMMSG               = 269
-	SYS_PROCESS_VM_READV       = 270
-	SYS_PROCESS_VM_WRITEV      = 271
-	SYS_KCMP                   = 272
-	SYS_FINIT_MODULE           = 273
-	SYS_SCHED_SETATTR          = 274
-	SYS_SCHED_GETATTR          = 275
-	SYS_RENAMEAT2              = 276
-	SYS_SECCOMP                = 277
-	SYS_GETRANDOM              = 278
-	SYS_MEMFD_CREATE           = 279
-	SYS_BPF                    = 280
-	SYS_EXECVEAT               = 281
-	SYS_USERFAULTFD            = 282
-	SYS_MEMBARRIER             = 283
-	SYS_MLOCK2                 = 284
-	SYS_COPY_FILE_RANGE        = 285
-	SYS_PREADV2                = 286
-	SYS_PWRITEV2               = 287
-	SYS_PKEY_MPROTECT          = 288
-	SYS_PKEY_ALLOC             = 289
-	SYS_PKEY_FREE              = 290
-	SYS_STATX                  = 291
+	SYS_IO_SETUP                = 0
+	SYS_IO_DESTROY              = 1
+	SYS_IO_SUBMIT               = 2
+	SYS_IO_CANCEL               = 3
+	SYS_IO_GETEVENTS            = 4
+	SYS_SETXATTR                = 5
+	SYS_LSETXATTR               = 6
+	SYS_FSETXATTR               = 7
+	SYS_GETXATTR                = 8
+	SYS_LGETXATTR               = 9
+	SYS_FGETXATTR               = 10
+	SYS_LISTXATTR               = 11
+	SYS_LLISTXATTR              = 12
+	SYS_FLISTXATTR              = 13
+	SYS_REMOVEXATTR             = 14
+	SYS_LREMOVEXATTR            = 15
+	SYS_FREMOVEXATTR            = 16
+	SYS_GETCWD                  = 17
+	SYS_LOOKUP_DCOOKIE          = 18
+	SYS_EVENTFD2                = 19
+	SYS_EPOLL_CREATE1           = 20
+	SYS_EPOLL_CTL               = 21
+	SYS_EPOLL_PWAIT             = 22
+	SYS_DUP                     = 23
+	SYS_DUP3                    = 24
+	SYS_FCNTL                   = 25
+	SYS_INOTIFY_INIT1           = 26
+	SYS_INOTIFY_ADD_WATCH       = 27
+	SYS_INOTIFY_RM_WATCH        = 28
+	SYS_IOCTL                   = 29
+	SYS_IOPRIO_SET              = 30
+	SYS_IOPRIO_GET              = 31
+	SYS_FLOCK                   = 32
+	SYS_MKNODAT                 = 33
+	SYS_MKDIRAT                 = 34
+	SYS_UNLINKAT                = 35
+	SYS_SYMLINKAT               = 36
+	SYS_LINKAT                  = 37
+	SYS_RENAMEAT                = 38
+	SYS_UMOUNT2                 = 39
+	SYS_MOUNT                   = 40
+	SYS_PIVOT_ROOT              = 41
+	SYS_NFSSERVCTL              = 42
+	SYS_STATFS                  = 43
+	SYS_FSTATFS                 = 44
+	SYS_TRUNCATE                = 45
+	SYS_FTRUNCATE               = 46
+	SYS_FALLOCATE               = 47
+	SYS_FACCESSAT               = 48
+	SYS_CHDIR                   = 49
+	SYS_FCHDIR                  = 50
+	SYS_CHROOT                  = 51
+	SYS_FCHMOD                  = 52
+	SYS_FCHMODAT                = 53
+	SYS_FCHOWNAT                = 54
+	SYS_FCHOWN                  = 55
+	SYS_OPENAT                  = 56
+	SYS_CLOSE                   = 57
+	SYS_VHANGUP                 = 58
+	SYS_PIPE2                   = 59
+	SYS_QUOTACTL                = 60
+	SYS_GETDENTS64              = 61
+	SYS_LSEEK                   = 62
+	SYS_READ                    = 63
+	SYS_WRITE                   = 64
+	SYS_READV                   = 65
+	SYS_WRITEV                  = 66
+	SYS_PREAD64                 = 67
+	SYS_PWRITE64                = 68
+	SYS_PREADV                  = 69
+	SYS_PWRITEV                 = 70
+	SYS_SENDFILE                = 71
+	SYS_PSELECT6                = 72
+	SYS_PPOLL                   = 73
+	SYS_SIGNALFD4               = 74
+	SYS_VMSPLICE                = 75
+	SYS_SPLICE                  = 76
+	SYS_TEE                     = 77
+	SYS_READLINKAT              = 78
+	SYS_FSTATAT                 = 79
+	SYS_FSTAT                   = 80
+	SYS_SYNC                    = 81
+	SYS_FSYNC                   = 82
+	SYS_FDATASYNC               = 83
+	SYS_SYNC_FILE_RANGE         = 84
+	SYS_TIMERFD_CREATE          = 85
+	SYS_TIMERFD_SETTIME         = 86
+	SYS_TIMERFD_GETTIME         = 87
+	SYS_UTIMENSAT               = 88
+	SYS_ACCT                    = 89
+	SYS_CAPGET                  = 90
+	SYS_CAPSET                  = 91
+	SYS_PERSONALITY             = 92
+	SYS_EXIT                    = 93
+	SYS_EXIT_GROUP              = 94
+	SYS_WAITID                  = 95
+	SYS_SET_TID_ADDRESS         = 96
+	SYS_UNSHARE                 = 97
+	SYS_FUTEX                   = 98
+	SYS_SET_ROBUST_LIST         = 99
+	SYS_GET_ROBUST_LIST         = 100
+	SYS_NANOSLEEP               = 101
+	SYS_GETITIMER               = 102
+	SYS_SETITIMER               = 103
+	SYS_KEXEC_LOAD              = 104
+	SYS_INIT_MODULE             = 105
+	SYS_DELETE_MODULE           = 106
+	SYS_TIMER_CREATE            = 107
+	SYS_TIMER_GETTIME           = 108
+	SYS_TIMER_GETOVERRUN        = 109
+	SYS_TIMER_SETTIME           = 110
+	SYS_TIMER_DELETE            = 111
+	SYS_CLOCK_SETTIME           = 112
+	SYS_CLOCK_GETTIME           = 113
+	SYS_CLOCK_GETRES            = 114
+	SYS_CLOCK_NANOSLEEP         = 115
+	SYS_SYSLOG                  = 116
+	SYS_PTRACE                  = 117
+	SYS_SCHED_SETPARAM          = 118
+	SYS_SCHED_SETSCHEDULER      = 119
+	SYS_SCHED_GETSCHEDULER      = 120
+	SYS_SCHED_GETPARAM          = 121
+	SYS_SCHED_SETAFFINITY       = 122
+	SYS_SCHED_GETAFFINITY       = 123
+	SYS_SCHED_YIELD             = 124
+	SYS_SCHED_GET_PRIORITY_MAX  = 125
+	SYS_SCHED_GET_PRIORITY_MIN  = 126
+	SYS_SCHED_RR_GET_INTERVAL   = 127
+	SYS_RESTART_SYSCALL         = 128
+	SYS_KILL                    = 129
+	SYS_TKILL                   = 130
+	SYS_TGKILL                  = 131
+	SYS_SIGALTSTACK             = 132
+	SYS_RT_SIGSUSPEND           = 133
+	SYS_RT_SIGACTION            = 134
+	SYS_RT_SIGPROCMASK          = 135
+	SYS_RT_SIGPENDING           = 136
+	SYS_RT_SIGTIMEDWAIT         = 137
+	SYS_RT_SIGQUEUEINFO         = 138
+	SYS_RT_SIGRETURN            = 139
+	SYS_SETPRIORITY             = 140
+	SYS_GETPRIORITY             = 141
+	SYS_REBOOT                  = 142
+	SYS_SETREGID                = 143
+	SYS_SETGID                  = 144
+	SYS_SETREUID                = 145
+	SYS_SETUID                  = 146
+	SYS_SETRESUID               = 147
+	SYS_GETRESUID               = 148
+	SYS_SETRESGID               = 149
+	SYS_GETRESGID               = 150
+	SYS_SETFSUID                = 151
+	SYS_SETFSGID                = 152
+	SYS_TIMES                   = 153
+	SYS_SETPGID                 = 154
+	SYS_GETPGID                 = 155
+	SYS_GETSID                  = 156
+	SYS_SETSID                  = 157
+	SYS_GETGROUPS               = 158
+	SYS_SETGROUPS               = 159
+	SYS_UNAME                   = 160
+	SYS_SETHOSTNAME             = 161
+	SYS_SETDOMAINNAME           = 162
+	SYS_GETRLIMIT               = 163
+	SYS_SETRLIMIT               = 164
+	SYS_GETRUSAGE               = 165
+	SYS_UMASK                   = 166
+	SYS_PRCTL                   = 167
+	SYS_GETCPU                  = 168
+	SYS_GETTIMEOFDAY            = 169
+	SYS_SETTIMEOFDAY            = 170
+	SYS_ADJTIMEX                = 171
+	SYS_GETPID                  = 172
+	SYS_GETPPID                 = 173
+	SYS_GETUID                  = 174
+	SYS_GETEUID                 = 175
+	SYS_GETGID                  = 176
+	SYS_GETEGID                 = 177
+	SYS_GETTID                  = 178
+	SYS_SYSINFO                 = 179
+	SYS_MQ_OPEN                 = 180
+	SYS_MQ_UNLINK               = 181
+	SYS_MQ_TIMEDSEND            = 182
+	SYS_MQ_TIMEDRECEIVE         = 183
+	SYS_MQ_NOTIFY               = 184
+	SYS_MQ_GETSETATTR           = 185
+	SYS_MSGGET                  = 186
+	SYS_MSGCTL                  = 187
+	SYS_MSGRCV                  = 188
+	SYS_MSGSND                  = 189
+	SYS_SEMGET                  = 190
+	SYS_SEMCTL                  = 191
+	SYS_SEMTIMEDOP              = 192
+	SYS_SEMOP                   = 193
+	SYS_SHMGET                  = 194
+	SYS_SHMCTL                  = 195
+	SYS_SHMAT                   = 196
+	SYS_SHMDT                   = 197
+	SYS_SOCKET                  = 198
+	SYS_SOCKETPAIR              = 199
+	SYS_BIND                    = 200
+	SYS_LISTEN                  = 201
+	SYS_ACCEPT                  = 202
+	SYS_CONNECT                 = 203
+	SYS_GETSOCKNAME             = 204
+	SYS_GETPEERNAME             = 205
+	SYS_SENDTO                  = 206
+	SYS_RECVFROM                = 207
+	SYS_SETSOCKOPT              = 208
+	SYS_GETSOCKOPT              = 209
+	SYS_SHUTDOWN                = 210
+	SYS_SENDMSG                 = 211
+	SYS_RECVMSG                 = 212
+	SYS_READAHEAD               = 213
+	SYS_BRK                     = 214
+	SYS_MUNMAP                  = 215
+	SYS_MREMAP                  = 216
+	SYS_ADD_KEY                 = 217
+	SYS_REQUEST_KEY             = 218
+	SYS_KEYCTL                  = 219
+	SYS_CLONE                   = 220
+	SYS_EXECVE                  = 221
+	SYS_MMAP                    = 222
+	SYS_FADVISE64               = 223
+	SYS_SWAPON                  = 224
+	SYS_SWAPOFF                 = 225
+	SYS_MPROTECT                = 226
+	SYS_MSYNC                   = 227
+	SYS_MLOCK                   = 228
+	SYS_MUNLOCK                 = 229
+	SYS_MLOCKALL                = 230
+	SYS_MUNLOCKALL              = 231
+	SYS_MINCORE                 = 232
+	SYS_MADVISE                 = 233
+	SYS_REMAP_FILE_PAGES        = 234
+	SYS_MBIND                   = 235
+	SYS_GET_MEMPOLICY           = 236
+	SYS_SET_MEMPOLICY           = 237
+	SYS_MIGRATE_PAGES           = 238
+	SYS_MOVE_PAGES              = 239
+	SYS_RT_TGSIGQUEUEINFO       = 240
+	SYS_PERF_EVENT_OPEN         = 241
+	SYS_ACCEPT4                 = 242
+	SYS_RECVMMSG                = 243
+	SYS_ARCH_SPECIFIC_SYSCALL   = 244
+	SYS_WAIT4                   = 260
+	SYS_PRLIMIT64               = 261
+	SYS_FANOTIFY_INIT           = 262
+	SYS_FANOTIFY_MARK           = 263
+	SYS_NAME_TO_HANDLE_AT       = 264
+	SYS_OPEN_BY_HANDLE_AT       = 265
+	SYS_CLOCK_ADJTIME           = 266
+	SYS_SYNCFS                  = 267
+	SYS_SETNS                   = 268
+	SYS_SENDMMSG                = 269
+	SYS_PROCESS_VM_READV        = 270
+	SYS_PROCESS_VM_WRITEV       = 271
+	SYS_KCMP                    = 272
+	SYS_FINIT_MODULE            = 273
+	SYS_SCHED_SETATTR           = 274
+	SYS_SCHED_GETATTR           = 275
+	SYS_RENAMEAT2               = 276
+	SYS_SECCOMP                 = 277
+	SYS_GETRANDOM               = 278
+	SYS_MEMFD_CREATE            = 279
+	SYS_BPF                     = 280
+	SYS_EXECVEAT                = 281
+	SYS_USERFAULTFD             = 282
+	SYS_MEMBARRIER              = 283
+	SYS_MLOCK2                  = 284
+	SYS_COPY_FILE_RANGE         = 285
+	SYS_PREADV2                 = 286
+	SYS_PWRITEV2                = 287
+	SYS_PKEY_MPROTECT           = 288
+	SYS_PKEY_ALLOC              = 289
+	SYS_PKEY_FREE               = 290
+	SYS_STATX                   = 291
+	SYS_IO_PGETEVENTS           = 292
+	SYS_RSEQ                    = 293
+	SYS_KEXEC_FILE_LOAD         = 294
+	SYS_PIDFD_SEND_SIGNAL       = 424
+	SYS_IO_URING_SETUP          = 425
+	SYS_IO_URING_ENTER          = 426
+	SYS_IO_URING_REGISTER       = 427
+	SYS_OPEN_TREE               = 428
+	SYS_MOVE_MOUNT              = 429
+	SYS_FSOPEN                  = 430
+	SYS_FSCONFIG                = 431
+	SYS_FSMOUNT                 = 432
+	SYS_FSPICK                  = 433
+	SYS_PIDFD_OPEN              = 434
+	SYS_CLONE3                  = 435
+	SYS_CLOSE_RANGE             = 436
+	SYS_OPENAT2                 = 437
+	SYS_PIDFD_GETFD             = 438
+	SYS_FACCESSAT2              = 439
+	SYS_PROCESS_MADVISE         = 440
+	SYS_EPOLL_PWAIT2            = 441
+	SYS_MOUNT_SETATTR           = 442
+	SYS_QUOTACTL_FD             = 443
+	SYS_LANDLOCK_CREATE_RULESET = 444
+	SYS_LANDLOCK_ADD_RULE       = 445
+	SYS_LANDLOCK_RESTRICT_SELF  = 446
+	SYS_MEMFD_SECRET            = 447
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 2e9aa7a3e7ece..026695abb1a7e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -1,375 +1,431 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips && linux
 // +build mips,linux
 
 package unix
 
 const (
-	SYS_SYSCALL                = 4000
-	SYS_EXIT                   = 4001
-	SYS_FORK                   = 4002
-	SYS_READ                   = 4003
-	SYS_WRITE                  = 4004
-	SYS_OPEN                   = 4005
-	SYS_CLOSE                  = 4006
-	SYS_WAITPID                = 4007
-	SYS_CREAT                  = 4008
-	SYS_LINK                   = 4009
-	SYS_UNLINK                 = 4010
-	SYS_EXECVE                 = 4011
-	SYS_CHDIR                  = 4012
-	SYS_TIME                   = 4013
-	SYS_MKNOD                  = 4014
-	SYS_CHMOD                  = 4015
-	SYS_LCHOWN                 = 4016
-	SYS_BREAK                  = 4017
-	SYS_UNUSED18               = 4018
-	SYS_LSEEK                  = 4019
-	SYS_GETPID                 = 4020
-	SYS_MOUNT                  = 4021
-	SYS_UMOUNT                 = 4022
-	SYS_SETUID                 = 4023
-	SYS_GETUID                 = 4024
-	SYS_STIME                  = 4025
-	SYS_PTRACE                 = 4026
-	SYS_ALARM                  = 4027
-	SYS_UNUSED28               = 4028
-	SYS_PAUSE                  = 4029
-	SYS_UTIME                  = 4030
-	SYS_STTY                   = 4031
-	SYS_GTTY                   = 4032
-	SYS_ACCESS                 = 4033
-	SYS_NICE                   = 4034
-	SYS_FTIME                  = 4035
-	SYS_SYNC                   = 4036
-	SYS_KILL                   = 4037
-	SYS_RENAME                 = 4038
-	SYS_MKDIR                  = 4039
-	SYS_RMDIR                  = 4040
-	SYS_DUP                    = 4041
-	SYS_PIPE                   = 4042
-	SYS_TIMES                  = 4043
-	SYS_PROF                   = 4044
-	SYS_BRK                    = 4045
-	SYS_SETGID                 = 4046
-	SYS_GETGID                 = 4047
-	SYS_SIGNAL                 = 4048
-	SYS_GETEUID                = 4049
-	SYS_GETEGID                = 4050
-	SYS_ACCT                   = 4051
-	SYS_UMOUNT2                = 4052
-	SYS_LOCK                   = 4053
-	SYS_IOCTL                  = 4054
-	SYS_FCNTL                  = 4055
-	SYS_MPX                    = 4056
-	SYS_SETPGID                = 4057
-	SYS_ULIMIT                 = 4058
-	SYS_UNUSED59               = 4059
-	SYS_UMASK                  = 4060
-	SYS_CHROOT                 = 4061
-	SYS_USTAT                  = 4062
-	SYS_DUP2                   = 4063
-	SYS_GETPPID                = 4064
-	SYS_GETPGRP                = 4065
-	SYS_SETSID                 = 4066
-	SYS_SIGACTION              = 4067
-	SYS_SGETMASK               = 4068
-	SYS_SSETMASK               = 4069
-	SYS_SETREUID               = 4070
-	SYS_SETREGID               = 4071
-	SYS_SIGSUSPEND             = 4072
-	SYS_SIGPENDING             = 4073
-	SYS_SETHOSTNAME            = 4074
-	SYS_SETRLIMIT              = 4075
-	SYS_GETRLIMIT              = 4076
-	SYS_GETRUSAGE              = 4077
-	SYS_GETTIMEOFDAY           = 4078
-	SYS_SETTIMEOFDAY           = 4079
-	SYS_GETGROUPS              = 4080
-	SYS_SETGROUPS              = 4081
-	SYS_RESERVED82             = 4082
-	SYS_SYMLINK                = 4083
-	SYS_UNUSED84               = 4084
-	SYS_READLINK               = 4085
-	SYS_USELIB                 = 4086
-	SYS_SWAPON                 = 4087
-	SYS_REBOOT                 = 4088
-	SYS_READDIR                = 4089
-	SYS_MMAP                   = 4090
-	SYS_MUNMAP                 = 4091
-	SYS_TRUNCATE               = 4092
-	SYS_FTRUNCATE              = 4093
-	SYS_FCHMOD                 = 4094
-	SYS_FCHOWN                 = 4095
-	SYS_GETPRIORITY            = 4096
-	SYS_SETPRIORITY            = 4097
-	SYS_PROFIL                 = 4098
-	SYS_STATFS                 = 4099
-	SYS_FSTATFS                = 4100
-	SYS_IOPERM                 = 4101
-	SYS_SOCKETCALL             = 4102
-	SYS_SYSLOG                 = 4103
-	SYS_SETITIMER              = 4104
-	SYS_GETITIMER              = 4105
-	SYS_STAT                   = 4106
-	SYS_LSTAT                  = 4107
-	SYS_FSTAT                  = 4108
-	SYS_UNUSED109              = 4109
-	SYS_IOPL                   = 4110
-	SYS_VHANGUP                = 4111
-	SYS_IDLE                   = 4112
-	SYS_VM86                   = 4113
-	SYS_WAIT4                  = 4114
-	SYS_SWAPOFF                = 4115
-	SYS_SYSINFO                = 4116
-	SYS_IPC                    = 4117
-	SYS_FSYNC                  = 4118
-	SYS_SIGRETURN              = 4119
-	SYS_CLONE                  = 4120
-	SYS_SETDOMAINNAME          = 4121
-	SYS_UNAME                  = 4122
-	SYS_MODIFY_LDT             = 4123
-	SYS_ADJTIMEX               = 4124
-	SYS_MPROTECT               = 4125
-	SYS_SIGPROCMASK            = 4126
-	SYS_CREATE_MODULE          = 4127
-	SYS_INIT_MODULE            = 4128
-	SYS_DELETE_MODULE          = 4129
-	SYS_GET_KERNEL_SYMS        = 4130
-	SYS_QUOTACTL               = 4131
-	SYS_GETPGID                = 4132
-	SYS_FCHDIR                 = 4133
-	SYS_BDFLUSH                = 4134
-	SYS_SYSFS                  = 4135
-	SYS_PERSONALITY            = 4136
-	SYS_AFS_SYSCALL            = 4137
-	SYS_SETFSUID               = 4138
-	SYS_SETFSGID               = 4139
-	SYS__LLSEEK                = 4140
-	SYS_GETDENTS               = 4141
-	SYS__NEWSELECT             = 4142
-	SYS_FLOCK                  = 4143
-	SYS_MSYNC                  = 4144
-	SYS_READV                  = 4145
-	SYS_WRITEV                 = 4146
-	SYS_CACHEFLUSH             = 4147
-	SYS_CACHECTL               = 4148
-	SYS_SYSMIPS                = 4149
-	SYS_UNUSED150              = 4150
-	SYS_GETSID                 = 4151
-	SYS_FDATASYNC              = 4152
-	SYS__SYSCTL                = 4153
-	SYS_MLOCK                  = 4154
-	SYS_MUNLOCK                = 4155
-	SYS_MLOCKALL               = 4156
-	SYS_MUNLOCKALL             = 4157
-	SYS_SCHED_SETPARAM         = 4158
-	SYS_SCHED_GETPARAM         = 4159
-	SYS_SCHED_SETSCHEDULER     = 4160
-	SYS_SCHED_GETSCHEDULER     = 4161
-	SYS_SCHED_YIELD            = 4162
-	SYS_SCHED_GET_PRIORITY_MAX = 4163
-	SYS_SCHED_GET_PRIORITY_MIN = 4164
-	SYS_SCHED_RR_GET_INTERVAL  = 4165
-	SYS_NANOSLEEP              = 4166
-	SYS_MREMAP                 = 4167
-	SYS_ACCEPT                 = 4168
-	SYS_BIND                   = 4169
-	SYS_CONNECT                = 4170
-	SYS_GETPEERNAME            = 4171
-	SYS_GETSOCKNAME            = 4172
-	SYS_GETSOCKOPT             = 4173
-	SYS_LISTEN                 = 4174
-	SYS_RECV                   = 4175
-	SYS_RECVFROM               = 4176
-	SYS_RECVMSG                = 4177
-	SYS_SEND                   = 4178
-	SYS_SENDMSG                = 4179
-	SYS_SENDTO                 = 4180
-	SYS_SETSOCKOPT             = 4181
-	SYS_SHUTDOWN               = 4182
-	SYS_SOCKET                 = 4183
-	SYS_SOCKETPAIR             = 4184
-	SYS_SETRESUID              = 4185
-	SYS_GETRESUID              = 4186
-	SYS_QUERY_MODULE           = 4187
-	SYS_POLL                   = 4188
-	SYS_NFSSERVCTL             = 4189
-	SYS_SETRESGID              = 4190
-	SYS_GETRESGID              = 4191
-	SYS_PRCTL                  = 4192
-	SYS_RT_SIGRETURN           = 4193
-	SYS_RT_SIGACTION           = 4194
-	SYS_RT_SIGPROCMASK         = 4195
-	SYS_RT_SIGPENDING          = 4196
-	SYS_RT_SIGTIMEDWAIT        = 4197
-	SYS_RT_SIGQUEUEINFO        = 4198
-	SYS_RT_SIGSUSPEND          = 4199
-	SYS_PREAD64                = 4200
-	SYS_PWRITE64               = 4201
-	SYS_CHOWN                  = 4202
-	SYS_GETCWD                 = 4203
-	SYS_CAPGET                 = 4204
-	SYS_CAPSET                 = 4205
-	SYS_SIGALTSTACK            = 4206
-	SYS_SENDFILE               = 4207
-	SYS_GETPMSG                = 4208
-	SYS_PUTPMSG                = 4209
-	SYS_MMAP2                  = 4210
-	SYS_TRUNCATE64             = 4211
-	SYS_FTRUNCATE64            = 4212
-	SYS_STAT64                 = 4213
-	SYS_LSTAT64                = 4214
-	SYS_FSTAT64                = 4215
-	SYS_PIVOT_ROOT             = 4216
-	SYS_MINCORE                = 4217
-	SYS_MADVISE                = 4218
-	SYS_GETDENTS64             = 4219
-	SYS_FCNTL64                = 4220
-	SYS_RESERVED221            = 4221
-	SYS_GETTID                 = 4222
-	SYS_READAHEAD              = 4223
-	SYS_SETXATTR               = 4224
-	SYS_LSETXATTR              = 4225
-	SYS_FSETXATTR              = 4226
-	SYS_GETXATTR               = 4227
-	SYS_LGETXATTR              = 4228
-	SYS_FGETXATTR              = 4229
-	SYS_LISTXATTR              = 4230
-	SYS_LLISTXATTR             = 4231
-	SYS_FLISTXATTR             = 4232
-	SYS_REMOVEXATTR            = 4233
-	SYS_LREMOVEXATTR           = 4234
-	SYS_FREMOVEXATTR           = 4235
-	SYS_TKILL                  = 4236
-	SYS_SENDFILE64             = 4237
-	SYS_FUTEX                  = 4238
-	SYS_SCHED_SETAFFINITY      = 4239
-	SYS_SCHED_GETAFFINITY      = 4240
-	SYS_IO_SETUP               = 4241
-	SYS_IO_DESTROY             = 4242
-	SYS_IO_GETEVENTS           = 4243
-	SYS_IO_SUBMIT              = 4244
-	SYS_IO_CANCEL              = 4245
-	SYS_EXIT_GROUP             = 4246
-	SYS_LOOKUP_DCOOKIE         = 4247
-	SYS_EPOLL_CREATE           = 4248
-	SYS_EPOLL_CTL              = 4249
-	SYS_EPOLL_WAIT             = 4250
-	SYS_REMAP_FILE_PAGES       = 4251
-	SYS_SET_TID_ADDRESS        = 4252
-	SYS_RESTART_SYSCALL        = 4253
-	SYS_FADVISE64              = 4254
-	SYS_STATFS64               = 4255
-	SYS_FSTATFS64              = 4256
-	SYS_TIMER_CREATE           = 4257
-	SYS_TIMER_SETTIME          = 4258
-	SYS_TIMER_GETTIME          = 4259
-	SYS_TIMER_GETOVERRUN       = 4260
-	SYS_TIMER_DELETE           = 4261
-	SYS_CLOCK_SETTIME          = 4262
-	SYS_CLOCK_GETTIME          = 4263
-	SYS_CLOCK_GETRES           = 4264
-	SYS_CLOCK_NANOSLEEP        = 4265
-	SYS_TGKILL                 = 4266
-	SYS_UTIMES                 = 4267
-	SYS_MBIND                  = 4268
-	SYS_GET_MEMPOLICY          = 4269
-	SYS_SET_MEMPOLICY          = 4270
-	SYS_MQ_OPEN                = 4271
-	SYS_MQ_UNLINK              = 4272
-	SYS_MQ_TIMEDSEND           = 4273
-	SYS_MQ_TIMEDRECEIVE        = 4274
-	SYS_MQ_NOTIFY              = 4275
-	SYS_MQ_GETSETATTR          = 4276
-	SYS_VSERVER                = 4277
-	SYS_WAITID                 = 4278
-	SYS_ADD_KEY                = 4280
-	SYS_REQUEST_KEY            = 4281
-	SYS_KEYCTL                 = 4282
-	SYS_SET_THREAD_AREA        = 4283
-	SYS_INOTIFY_INIT           = 4284
-	SYS_INOTIFY_ADD_WATCH      = 4285
-	SYS_INOTIFY_RM_WATCH       = 4286
-	SYS_MIGRATE_PAGES          = 4287
-	SYS_OPENAT                 = 4288
-	SYS_MKDIRAT                = 4289
-	SYS_MKNODAT                = 4290
-	SYS_FCHOWNAT               = 4291
-	SYS_FUTIMESAT              = 4292
-	SYS_FSTATAT64              = 4293
-	SYS_UNLINKAT               = 4294
-	SYS_RENAMEAT               = 4295
-	SYS_LINKAT                 = 4296
-	SYS_SYMLINKAT              = 4297
-	SYS_READLINKAT             = 4298
-	SYS_FCHMODAT               = 4299
-	SYS_FACCESSAT              = 4300
-	SYS_PSELECT6               = 4301
-	SYS_PPOLL                  = 4302
-	SYS_UNSHARE                = 4303
-	SYS_SPLICE                 = 4304
-	SYS_SYNC_FILE_RANGE        = 4305
-	SYS_TEE                    = 4306
-	SYS_VMSPLICE               = 4307
-	SYS_MOVE_PAGES             = 4308
-	SYS_SET_ROBUST_LIST        = 4309
-	SYS_GET_ROBUST_LIST        = 4310
-	SYS_KEXEC_LOAD             = 4311
-	SYS_GETCPU                 = 4312
-	SYS_EPOLL_PWAIT            = 4313
-	SYS_IOPRIO_SET             = 4314
-	SYS_IOPRIO_GET             = 4315
-	SYS_UTIMENSAT              = 4316
-	SYS_SIGNALFD               = 4317
-	SYS_TIMERFD                = 4318
-	SYS_EVENTFD                = 4319
-	SYS_FALLOCATE              = 4320
-	SYS_TIMERFD_CREATE         = 4321
-	SYS_TIMERFD_GETTIME        = 4322
-	SYS_TIMERFD_SETTIME        = 4323
-	SYS_SIGNALFD4              = 4324
-	SYS_EVENTFD2               = 4325
-	SYS_EPOLL_CREATE1          = 4326
-	SYS_DUP3                   = 4327
-	SYS_PIPE2                  = 4328
-	SYS_INOTIFY_INIT1          = 4329
-	SYS_PREADV                 = 4330
-	SYS_PWRITEV                = 4331
-	SYS_RT_TGSIGQUEUEINFO      = 4332
-	SYS_PERF_EVENT_OPEN        = 4333
-	SYS_ACCEPT4                = 4334
-	SYS_RECVMMSG               = 4335
-	SYS_FANOTIFY_INIT          = 4336
-	SYS_FANOTIFY_MARK          = 4337
-	SYS_PRLIMIT64              = 4338
-	SYS_NAME_TO_HANDLE_AT      = 4339
-	SYS_OPEN_BY_HANDLE_AT      = 4340
-	SYS_CLOCK_ADJTIME          = 4341
-	SYS_SYNCFS                 = 4342
-	SYS_SENDMMSG               = 4343
-	SYS_SETNS                  = 4344
-	SYS_PROCESS_VM_READV       = 4345
-	SYS_PROCESS_VM_WRITEV      = 4346
-	SYS_KCMP                   = 4347
-	SYS_FINIT_MODULE           = 4348
-	SYS_SCHED_SETATTR          = 4349
-	SYS_SCHED_GETATTR          = 4350
-	SYS_RENAMEAT2              = 4351
-	SYS_SECCOMP                = 4352
-	SYS_GETRANDOM              = 4353
-	SYS_MEMFD_CREATE           = 4354
-	SYS_BPF                    = 4355
-	SYS_EXECVEAT               = 4356
-	SYS_USERFAULTFD            = 4357
-	SYS_MEMBARRIER             = 4358
-	SYS_MLOCK2                 = 4359
-	SYS_COPY_FILE_RANGE        = 4360
-	SYS_PREADV2                = 4361
-	SYS_PWRITEV2               = 4362
-	SYS_PKEY_MPROTECT          = 4363
-	SYS_PKEY_ALLOC             = 4364
-	SYS_PKEY_FREE              = 4365
-	SYS_STATX                  = 4366
+	SYS_SYSCALL                      = 4000
+	SYS_EXIT                         = 4001
+	SYS_FORK                         = 4002
+	SYS_READ                         = 4003
+	SYS_WRITE                        = 4004
+	SYS_OPEN                         = 4005
+	SYS_CLOSE                        = 4006
+	SYS_WAITPID                      = 4007
+	SYS_CREAT                        = 4008
+	SYS_LINK                         = 4009
+	SYS_UNLINK                       = 4010
+	SYS_EXECVE                       = 4011
+	SYS_CHDIR                        = 4012
+	SYS_TIME                         = 4013
+	SYS_MKNOD                        = 4014
+	SYS_CHMOD                        = 4015
+	SYS_LCHOWN                       = 4016
+	SYS_BREAK                        = 4017
+	SYS_UNUSED18                     = 4018
+	SYS_LSEEK                        = 4019
+	SYS_GETPID                       = 4020
+	SYS_MOUNT                        = 4021
+	SYS_UMOUNT                       = 4022
+	SYS_SETUID                       = 4023
+	SYS_GETUID                       = 4024
+	SYS_STIME                        = 4025
+	SYS_PTRACE                       = 4026
+	SYS_ALARM                        = 4027
+	SYS_UNUSED28                     = 4028
+	SYS_PAUSE                        = 4029
+	SYS_UTIME                        = 4030
+	SYS_STTY                         = 4031
+	SYS_GTTY                         = 4032
+	SYS_ACCESS                       = 4033
+	SYS_NICE                         = 4034
+	SYS_FTIME                        = 4035
+	SYS_SYNC                         = 4036
+	SYS_KILL                         = 4037
+	SYS_RENAME                       = 4038
+	SYS_MKDIR                        = 4039
+	SYS_RMDIR                        = 4040
+	SYS_DUP                          = 4041
+	SYS_PIPE                         = 4042
+	SYS_TIMES                        = 4043
+	SYS_PROF                         = 4044
+	SYS_BRK                          = 4045
+	SYS_SETGID                       = 4046
+	SYS_GETGID                       = 4047
+	SYS_SIGNAL                       = 4048
+	SYS_GETEUID                      = 4049
+	SYS_GETEGID                      = 4050
+	SYS_ACCT                         = 4051
+	SYS_UMOUNT2                      = 4052
+	SYS_LOCK                         = 4053
+	SYS_IOCTL                        = 4054
+	SYS_FCNTL                        = 4055
+	SYS_MPX                          = 4056
+	SYS_SETPGID                      = 4057
+	SYS_ULIMIT                       = 4058
+	SYS_UNUSED59                     = 4059
+	SYS_UMASK                        = 4060
+	SYS_CHROOT                       = 4061
+	SYS_USTAT                        = 4062
+	SYS_DUP2                         = 4063
+	SYS_GETPPID                      = 4064
+	SYS_GETPGRP                      = 4065
+	SYS_SETSID                       = 4066
+	SYS_SIGACTION                    = 4067
+	SYS_SGETMASK                     = 4068
+	SYS_SSETMASK                     = 4069
+	SYS_SETREUID                     = 4070
+	SYS_SETREGID                     = 4071
+	SYS_SIGSUSPEND                   = 4072
+	SYS_SIGPENDING                   = 4073
+	SYS_SETHOSTNAME                  = 4074
+	SYS_SETRLIMIT                    = 4075
+	SYS_GETRLIMIT                    = 4076
+	SYS_GETRUSAGE                    = 4077
+	SYS_GETTIMEOFDAY                 = 4078
+	SYS_SETTIMEOFDAY                 = 4079
+	SYS_GETGROUPS                    = 4080
+	SYS_SETGROUPS                    = 4081
+	SYS_RESERVED82                   = 4082
+	SYS_SYMLINK                      = 4083
+	SYS_UNUSED84                     = 4084
+	SYS_READLINK                     = 4085
+	SYS_USELIB                       = 4086
+	SYS_SWAPON                       = 4087
+	SYS_REBOOT                       = 4088
+	SYS_READDIR                      = 4089
+	SYS_MMAP                         = 4090
+	SYS_MUNMAP                       = 4091
+	SYS_TRUNCATE                     = 4092
+	SYS_FTRUNCATE                    = 4093
+	SYS_FCHMOD                       = 4094
+	SYS_FCHOWN                       = 4095
+	SYS_GETPRIORITY                  = 4096
+	SYS_SETPRIORITY                  = 4097
+	SYS_PROFIL                       = 4098
+	SYS_STATFS                       = 4099
+	SYS_FSTATFS                      = 4100
+	SYS_IOPERM                       = 4101
+	SYS_SOCKETCALL                   = 4102
+	SYS_SYSLOG                       = 4103
+	SYS_SETITIMER                    = 4104
+	SYS_GETITIMER                    = 4105
+	SYS_STAT                         = 4106
+	SYS_LSTAT                        = 4107
+	SYS_FSTAT                        = 4108
+	SYS_UNUSED109                    = 4109
+	SYS_IOPL                         = 4110
+	SYS_VHANGUP                      = 4111
+	SYS_IDLE                         = 4112
+	SYS_VM86                         = 4113
+	SYS_WAIT4                        = 4114
+	SYS_SWAPOFF                      = 4115
+	SYS_SYSINFO                      = 4116
+	SYS_IPC                          = 4117
+	SYS_FSYNC                        = 4118
+	SYS_SIGRETURN                    = 4119
+	SYS_CLONE                        = 4120
+	SYS_SETDOMAINNAME                = 4121
+	SYS_UNAME                        = 4122
+	SYS_MODIFY_LDT                   = 4123
+	SYS_ADJTIMEX                     = 4124
+	SYS_MPROTECT                     = 4125
+	SYS_SIGPROCMASK                  = 4126
+	SYS_CREATE_MODULE                = 4127
+	SYS_INIT_MODULE                  = 4128
+	SYS_DELETE_MODULE                = 4129
+	SYS_GET_KERNEL_SYMS              = 4130
+	SYS_QUOTACTL                     = 4131
+	SYS_GETPGID                      = 4132
+	SYS_FCHDIR                       = 4133
+	SYS_BDFLUSH                      = 4134
+	SYS_SYSFS                        = 4135
+	SYS_PERSONALITY                  = 4136
+	SYS_AFS_SYSCALL                  = 4137
+	SYS_SETFSUID                     = 4138
+	SYS_SETFSGID                     = 4139
+	SYS__LLSEEK                      = 4140
+	SYS_GETDENTS                     = 4141
+	SYS__NEWSELECT                   = 4142
+	SYS_FLOCK                        = 4143
+	SYS_MSYNC                        = 4144
+	SYS_READV                        = 4145
+	SYS_WRITEV                       = 4146
+	SYS_CACHEFLUSH                   = 4147
+	SYS_CACHECTL                     = 4148
+	SYS_SYSMIPS                      = 4149
+	SYS_UNUSED150                    = 4150
+	SYS_GETSID                       = 4151
+	SYS_FDATASYNC                    = 4152
+	SYS__SYSCTL                      = 4153
+	SYS_MLOCK                        = 4154
+	SYS_MUNLOCK                      = 4155
+	SYS_MLOCKALL                     = 4156
+	SYS_MUNLOCKALL                   = 4157
+	SYS_SCHED_SETPARAM               = 4158
+	SYS_SCHED_GETPARAM               = 4159
+	SYS_SCHED_SETSCHEDULER           = 4160
+	SYS_SCHED_GETSCHEDULER           = 4161
+	SYS_SCHED_YIELD                  = 4162
+	SYS_SCHED_GET_PRIORITY_MAX       = 4163
+	SYS_SCHED_GET_PRIORITY_MIN       = 4164
+	SYS_SCHED_RR_GET_INTERVAL        = 4165
+	SYS_NANOSLEEP                    = 4166
+	SYS_MREMAP                       = 4167
+	SYS_ACCEPT                       = 4168
+	SYS_BIND                         = 4169
+	SYS_CONNECT                      = 4170
+	SYS_GETPEERNAME                  = 4171
+	SYS_GETSOCKNAME                  = 4172
+	SYS_GETSOCKOPT                   = 4173
+	SYS_LISTEN                       = 4174
+	SYS_RECV                         = 4175
+	SYS_RECVFROM                     = 4176
+	SYS_RECVMSG                      = 4177
+	SYS_SEND                         = 4178
+	SYS_SENDMSG                      = 4179
+	SYS_SENDTO                       = 4180
+	SYS_SETSOCKOPT                   = 4181
+	SYS_SHUTDOWN                     = 4182
+	SYS_SOCKET                       = 4183
+	SYS_SOCKETPAIR                   = 4184
+	SYS_SETRESUID                    = 4185
+	SYS_GETRESUID                    = 4186
+	SYS_QUERY_MODULE                 = 4187
+	SYS_POLL                         = 4188
+	SYS_NFSSERVCTL                   = 4189
+	SYS_SETRESGID                    = 4190
+	SYS_GETRESGID                    = 4191
+	SYS_PRCTL                        = 4192
+	SYS_RT_SIGRETURN                 = 4193
+	SYS_RT_SIGACTION                 = 4194
+	SYS_RT_SIGPROCMASK               = 4195
+	SYS_RT_SIGPENDING                = 4196
+	SYS_RT_SIGTIMEDWAIT              = 4197
+	SYS_RT_SIGQUEUEINFO              = 4198
+	SYS_RT_SIGSUSPEND                = 4199
+	SYS_PREAD64                      = 4200
+	SYS_PWRITE64                     = 4201
+	SYS_CHOWN                        = 4202
+	SYS_GETCWD                       = 4203
+	SYS_CAPGET                       = 4204
+	SYS_CAPSET                       = 4205
+	SYS_SIGALTSTACK                  = 4206
+	SYS_SENDFILE                     = 4207
+	SYS_GETPMSG                      = 4208
+	SYS_PUTPMSG                      = 4209
+	SYS_MMAP2                        = 4210
+	SYS_TRUNCATE64                   = 4211
+	SYS_FTRUNCATE64                  = 4212
+	SYS_STAT64                       = 4213
+	SYS_LSTAT64                      = 4214
+	SYS_FSTAT64                      = 4215
+	SYS_PIVOT_ROOT                   = 4216
+	SYS_MINCORE                      = 4217
+	SYS_MADVISE                      = 4218
+	SYS_GETDENTS64                   = 4219
+	SYS_FCNTL64                      = 4220
+	SYS_RESERVED221                  = 4221
+	SYS_GETTID                       = 4222
+	SYS_READAHEAD                    = 4223
+	SYS_SETXATTR                     = 4224
+	SYS_LSETXATTR                    = 4225
+	SYS_FSETXATTR                    = 4226
+	SYS_GETXATTR                     = 4227
+	SYS_LGETXATTR                    = 4228
+	SYS_FGETXATTR                    = 4229
+	SYS_LISTXATTR                    = 4230
+	SYS_LLISTXATTR                   = 4231
+	SYS_FLISTXATTR                   = 4232
+	SYS_REMOVEXATTR                  = 4233
+	SYS_LREMOVEXATTR                 = 4234
+	SYS_FREMOVEXATTR                 = 4235
+	SYS_TKILL                        = 4236
+	SYS_SENDFILE64                   = 4237
+	SYS_FUTEX                        = 4238
+	SYS_SCHED_SETAFFINITY            = 4239
+	SYS_SCHED_GETAFFINITY            = 4240
+	SYS_IO_SETUP                     = 4241
+	SYS_IO_DESTROY                   = 4242
+	SYS_IO_GETEVENTS                 = 4243
+	SYS_IO_SUBMIT                    = 4244
+	SYS_IO_CANCEL                    = 4245
+	SYS_EXIT_GROUP                   = 4246
+	SYS_LOOKUP_DCOOKIE               = 4247
+	SYS_EPOLL_CREATE                 = 4248
+	SYS_EPOLL_CTL                    = 4249
+	SYS_EPOLL_WAIT                   = 4250
+	SYS_REMAP_FILE_PAGES             = 4251
+	SYS_SET_TID_ADDRESS              = 4252
+	SYS_RESTART_SYSCALL              = 4253
+	SYS_FADVISE64                    = 4254
+	SYS_STATFS64                     = 4255
+	SYS_FSTATFS64                    = 4256
+	SYS_TIMER_CREATE                 = 4257
+	SYS_TIMER_SETTIME                = 4258
+	SYS_TIMER_GETTIME                = 4259
+	SYS_TIMER_GETOVERRUN             = 4260
+	SYS_TIMER_DELETE                 = 4261
+	SYS_CLOCK_SETTIME                = 4262
+	SYS_CLOCK_GETTIME                = 4263
+	SYS_CLOCK_GETRES                 = 4264
+	SYS_CLOCK_NANOSLEEP              = 4265
+	SYS_TGKILL                       = 4266
+	SYS_UTIMES                       = 4267
+	SYS_MBIND                        = 4268
+	SYS_GET_MEMPOLICY                = 4269
+	SYS_SET_MEMPOLICY                = 4270
+	SYS_MQ_OPEN                      = 4271
+	SYS_MQ_UNLINK                    = 4272
+	SYS_MQ_TIMEDSEND                 = 4273
+	SYS_MQ_TIMEDRECEIVE              = 4274
+	SYS_MQ_NOTIFY                    = 4275
+	SYS_MQ_GETSETATTR                = 4276
+	SYS_VSERVER                      = 4277
+	SYS_WAITID                       = 4278
+	SYS_ADD_KEY                      = 4280
+	SYS_REQUEST_KEY                  = 4281
+	SYS_KEYCTL                       = 4282
+	SYS_SET_THREAD_AREA              = 4283
+	SYS_INOTIFY_INIT                 = 4284
+	SYS_INOTIFY_ADD_WATCH            = 4285
+	SYS_INOTIFY_RM_WATCH             = 4286
+	SYS_MIGRATE_PAGES                = 4287
+	SYS_OPENAT                       = 4288
+	SYS_MKDIRAT                      = 4289
+	SYS_MKNODAT                      = 4290
+	SYS_FCHOWNAT                     = 4291
+	SYS_FUTIMESAT                    = 4292
+	SYS_FSTATAT64                    = 4293
+	SYS_UNLINKAT                     = 4294
+	SYS_RENAMEAT                     = 4295
+	SYS_LINKAT                       = 4296
+	SYS_SYMLINKAT                    = 4297
+	SYS_READLINKAT                   = 4298
+	SYS_FCHMODAT                     = 4299
+	SYS_FACCESSAT                    = 4300
+	SYS_PSELECT6                     = 4301
+	SYS_PPOLL                        = 4302
+	SYS_UNSHARE                      = 4303
+	SYS_SPLICE                       = 4304
+	SYS_SYNC_FILE_RANGE              = 4305
+	SYS_TEE                          = 4306
+	SYS_VMSPLICE                     = 4307
+	SYS_MOVE_PAGES                   = 4308
+	SYS_SET_ROBUST_LIST              = 4309
+	SYS_GET_ROBUST_LIST              = 4310
+	SYS_KEXEC_LOAD                   = 4311
+	SYS_GETCPU                       = 4312
+	SYS_EPOLL_PWAIT                  = 4313
+	SYS_IOPRIO_SET                   = 4314
+	SYS_IOPRIO_GET                   = 4315
+	SYS_UTIMENSAT                    = 4316
+	SYS_SIGNALFD                     = 4317
+	SYS_TIMERFD                      = 4318
+	SYS_EVENTFD                      = 4319
+	SYS_FALLOCATE                    = 4320
+	SYS_TIMERFD_CREATE               = 4321
+	SYS_TIMERFD_GETTIME              = 4322
+	SYS_TIMERFD_SETTIME              = 4323
+	SYS_SIGNALFD4                    = 4324
+	SYS_EVENTFD2                     = 4325
+	SYS_EPOLL_CREATE1                = 4326
+	SYS_DUP3                         = 4327
+	SYS_PIPE2                        = 4328
+	SYS_INOTIFY_INIT1                = 4329
+	SYS_PREADV                       = 4330
+	SYS_PWRITEV                      = 4331
+	SYS_RT_TGSIGQUEUEINFO            = 4332
+	SYS_PERF_EVENT_OPEN              = 4333
+	SYS_ACCEPT4                      = 4334
+	SYS_RECVMMSG                     = 4335
+	SYS_FANOTIFY_INIT                = 4336
+	SYS_FANOTIFY_MARK                = 4337
+	SYS_PRLIMIT64                    = 4338
+	SYS_NAME_TO_HANDLE_AT            = 4339
+	SYS_OPEN_BY_HANDLE_AT            = 4340
+	SYS_CLOCK_ADJTIME                = 4341
+	SYS_SYNCFS                       = 4342
+	SYS_SENDMMSG                     = 4343
+	SYS_SETNS                        = 4344
+	SYS_PROCESS_VM_READV             = 4345
+	SYS_PROCESS_VM_WRITEV            = 4346
+	SYS_KCMP                         = 4347
+	SYS_FINIT_MODULE                 = 4348
+	SYS_SCHED_SETATTR                = 4349
+	SYS_SCHED_GETATTR                = 4350
+	SYS_RENAMEAT2                    = 4351
+	SYS_SECCOMP                      = 4352
+	SYS_GETRANDOM                    = 4353
+	SYS_MEMFD_CREATE                 = 4354
+	SYS_BPF                          = 4355
+	SYS_EXECVEAT                     = 4356
+	SYS_USERFAULTFD                  = 4357
+	SYS_MEMBARRIER                   = 4358
+	SYS_MLOCK2                       = 4359
+	SYS_COPY_FILE_RANGE              = 4360
+	SYS_PREADV2                      = 4361
+	SYS_PWRITEV2                     = 4362
+	SYS_PKEY_MPROTECT                = 4363
+	SYS_PKEY_ALLOC                   = 4364
+	SYS_PKEY_FREE                    = 4365
+	SYS_STATX                        = 4366
+	SYS_RSEQ                         = 4367
+	SYS_IO_PGETEVENTS                = 4368
+	SYS_SEMGET                       = 4393
+	SYS_SEMCTL                       = 4394
+	SYS_SHMGET                       = 4395
+	SYS_SHMCTL                       = 4396
+	SYS_SHMAT                        = 4397
+	SYS_SHMDT                        = 4398
+	SYS_MSGGET                       = 4399
+	SYS_MSGSND                       = 4400
+	SYS_MSGRCV                       = 4401
+	SYS_MSGCTL                       = 4402
+	SYS_CLOCK_GETTIME64              = 4403
+	SYS_CLOCK_SETTIME64              = 4404
+	SYS_CLOCK_ADJTIME64              = 4405
+	SYS_CLOCK_GETRES_TIME64          = 4406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 4407
+	SYS_TIMER_GETTIME64              = 4408
+	SYS_TIMER_SETTIME64              = 4409
+	SYS_TIMERFD_GETTIME64            = 4410
+	SYS_TIMERFD_SETTIME64            = 4411
+	SYS_UTIMENSAT_TIME64             = 4412
+	SYS_PSELECT6_TIME64              = 4413
+	SYS_PPOLL_TIME64                 = 4414
+	SYS_IO_PGETEVENTS_TIME64         = 4416
+	SYS_RECVMMSG_TIME64              = 4417
+	SYS_MQ_TIMEDSEND_TIME64          = 4418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 4419
+	SYS_SEMTIMEDOP_TIME64            = 4420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 4421
+	SYS_FUTEX_TIME64                 = 4422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 4423
+	SYS_PIDFD_SEND_SIGNAL            = 4424
+	SYS_IO_URING_SETUP               = 4425
+	SYS_IO_URING_ENTER               = 4426
+	SYS_IO_URING_REGISTER            = 4427
+	SYS_OPEN_TREE                    = 4428
+	SYS_MOVE_MOUNT                   = 4429
+	SYS_FSOPEN                       = 4430
+	SYS_FSCONFIG                     = 4431
+	SYS_FSMOUNT                      = 4432
+	SYS_FSPICK                       = 4433
+	SYS_PIDFD_OPEN                   = 4434
+	SYS_CLONE3                       = 4435
+	SYS_CLOSE_RANGE                  = 4436
+	SYS_OPENAT2                      = 4437
+	SYS_PIDFD_GETFD                  = 4438
+	SYS_FACCESSAT2                   = 4439
+	SYS_PROCESS_MADVISE              = 4440
+	SYS_EPOLL_PWAIT2                 = 4441
+	SYS_MOUNT_SETATTR                = 4442
+	SYS_QUOTACTL_FD                  = 4443
+	SYS_LANDLOCK_CREATE_RULESET      = 4444
+	SYS_LANDLOCK_ADD_RULE            = 4445
+	SYS_LANDLOCK_RESTRICT_SELF       = 4446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 92827635aae49..7320ba95833a6 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -1,335 +1,361 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips64 && linux
 // +build mips64,linux
 
 package unix
 
 const (
-	SYS_READ                   = 5000
-	SYS_WRITE                  = 5001
-	SYS_OPEN                   = 5002
-	SYS_CLOSE                  = 5003
-	SYS_STAT                   = 5004
-	SYS_FSTAT                  = 5005
-	SYS_LSTAT                  = 5006
-	SYS_POLL                   = 5007
-	SYS_LSEEK                  = 5008
-	SYS_MMAP                   = 5009
-	SYS_MPROTECT               = 5010
-	SYS_MUNMAP                 = 5011
-	SYS_BRK                    = 5012
-	SYS_RT_SIGACTION           = 5013
-	SYS_RT_SIGPROCMASK         = 5014
-	SYS_IOCTL                  = 5015
-	SYS_PREAD64                = 5016
-	SYS_PWRITE64               = 5017
-	SYS_READV                  = 5018
-	SYS_WRITEV                 = 5019
-	SYS_ACCESS                 = 5020
-	SYS_PIPE                   = 5021
-	SYS__NEWSELECT             = 5022
-	SYS_SCHED_YIELD            = 5023
-	SYS_MREMAP                 = 5024
-	SYS_MSYNC                  = 5025
-	SYS_MINCORE                = 5026
-	SYS_MADVISE                = 5027
-	SYS_SHMGET                 = 5028
-	SYS_SHMAT                  = 5029
-	SYS_SHMCTL                 = 5030
-	SYS_DUP                    = 5031
-	SYS_DUP2                   = 5032
-	SYS_PAUSE                  = 5033
-	SYS_NANOSLEEP              = 5034
-	SYS_GETITIMER              = 5035
-	SYS_SETITIMER              = 5036
-	SYS_ALARM                  = 5037
-	SYS_GETPID                 = 5038
-	SYS_SENDFILE               = 5039
-	SYS_SOCKET                 = 5040
-	SYS_CONNECT                = 5041
-	SYS_ACCEPT                 = 5042
-	SYS_SENDTO                 = 5043
-	SYS_RECVFROM               = 5044
-	SYS_SENDMSG                = 5045
-	SYS_RECVMSG                = 5046
-	SYS_SHUTDOWN               = 5047
-	SYS_BIND                   = 5048
-	SYS_LISTEN                 = 5049
-	SYS_GETSOCKNAME            = 5050
-	SYS_GETPEERNAME            = 5051
-	SYS_SOCKETPAIR             = 5052
-	SYS_SETSOCKOPT             = 5053
-	SYS_GETSOCKOPT             = 5054
-	SYS_CLONE                  = 5055
-	SYS_FORK                   = 5056
-	SYS_EXECVE                 = 5057
-	SYS_EXIT                   = 5058
-	SYS_WAIT4                  = 5059
-	SYS_KILL                   = 5060
-	SYS_UNAME                  = 5061
-	SYS_SEMGET                 = 5062
-	SYS_SEMOP                  = 5063
-	SYS_SEMCTL                 = 5064
-	SYS_SHMDT                  = 5065
-	SYS_MSGGET                 = 5066
-	SYS_MSGSND                 = 5067
-	SYS_MSGRCV                 = 5068
-	SYS_MSGCTL                 = 5069
-	SYS_FCNTL                  = 5070
-	SYS_FLOCK                  = 5071
-	SYS_FSYNC                  = 5072
-	SYS_FDATASYNC              = 5073
-	SYS_TRUNCATE               = 5074
-	SYS_FTRUNCATE              = 5075
-	SYS_GETDENTS               = 5076
-	SYS_GETCWD                 = 5077
-	SYS_CHDIR                  = 5078
-	SYS_FCHDIR                 = 5079
-	SYS_RENAME                 = 5080
-	SYS_MKDIR                  = 5081
-	SYS_RMDIR                  = 5082
-	SYS_CREAT                  = 5083
-	SYS_LINK                   = 5084
-	SYS_UNLINK                 = 5085
-	SYS_SYMLINK                = 5086
-	SYS_READLINK               = 5087
-	SYS_CHMOD                  = 5088
-	SYS_FCHMOD                 = 5089
-	SYS_CHOWN                  = 5090
-	SYS_FCHOWN                 = 5091
-	SYS_LCHOWN                 = 5092
-	SYS_UMASK                  = 5093
-	SYS_GETTIMEOFDAY           = 5094
-	SYS_GETRLIMIT              = 5095
-	SYS_GETRUSAGE              = 5096
-	SYS_SYSINFO                = 5097
-	SYS_TIMES                  = 5098
-	SYS_PTRACE                 = 5099
-	SYS_GETUID                 = 5100
-	SYS_SYSLOG                 = 5101
-	SYS_GETGID                 = 5102
-	SYS_SETUID                 = 5103
-	SYS_SETGID                 = 5104
-	SYS_GETEUID                = 5105
-	SYS_GETEGID                = 5106
-	SYS_SETPGID                = 5107
-	SYS_GETPPID                = 5108
-	SYS_GETPGRP                = 5109
-	SYS_SETSID                 = 5110
-	SYS_SETREUID               = 5111
-	SYS_SETREGID               = 5112
-	SYS_GETGROUPS              = 5113
-	SYS_SETGROUPS              = 5114
-	SYS_SETRESUID              = 5115
-	SYS_GETRESUID              = 5116
-	SYS_SETRESGID              = 5117
-	SYS_GETRESGID              = 5118
-	SYS_GETPGID                = 5119
-	SYS_SETFSUID               = 5120
-	SYS_SETFSGID               = 5121
-	SYS_GETSID                 = 5122
-	SYS_CAPGET                 = 5123
-	SYS_CAPSET                 = 5124
-	SYS_RT_SIGPENDING          = 5125
-	SYS_RT_SIGTIMEDWAIT        = 5126
-	SYS_RT_SIGQUEUEINFO        = 5127
-	SYS_RT_SIGSUSPEND          = 5128
-	SYS_SIGALTSTACK            = 5129
-	SYS_UTIME                  = 5130
-	SYS_MKNOD                  = 5131
-	SYS_PERSONALITY            = 5132
-	SYS_USTAT                  = 5133
-	SYS_STATFS                 = 5134
-	SYS_FSTATFS                = 5135
-	SYS_SYSFS                  = 5136
-	SYS_GETPRIORITY            = 5137
-	SYS_SETPRIORITY            = 5138
-	SYS_SCHED_SETPARAM         = 5139
-	SYS_SCHED_GETPARAM         = 5140
-	SYS_SCHED_SETSCHEDULER     = 5141
-	SYS_SCHED_GETSCHEDULER     = 5142
-	SYS_SCHED_GET_PRIORITY_MAX = 5143
-	SYS_SCHED_GET_PRIORITY_MIN = 5144
-	SYS_SCHED_RR_GET_INTERVAL  = 5145
-	SYS_MLOCK                  = 5146
-	SYS_MUNLOCK                = 5147
-	SYS_MLOCKALL               = 5148
-	SYS_MUNLOCKALL             = 5149
-	SYS_VHANGUP                = 5150
-	SYS_PIVOT_ROOT             = 5151
-	SYS__SYSCTL                = 5152
-	SYS_PRCTL                  = 5153
-	SYS_ADJTIMEX               = 5154
-	SYS_SETRLIMIT              = 5155
-	SYS_CHROOT                 = 5156
-	SYS_SYNC                   = 5157
-	SYS_ACCT                   = 5158
-	SYS_SETTIMEOFDAY           = 5159
-	SYS_MOUNT                  = 5160
-	SYS_UMOUNT2                = 5161
-	SYS_SWAPON                 = 5162
-	SYS_SWAPOFF                = 5163
-	SYS_REBOOT                 = 5164
-	SYS_SETHOSTNAME            = 5165
-	SYS_SETDOMAINNAME          = 5166
-	SYS_CREATE_MODULE          = 5167
-	SYS_INIT_MODULE            = 5168
-	SYS_DELETE_MODULE          = 5169
-	SYS_GET_KERNEL_SYMS        = 5170
-	SYS_QUERY_MODULE           = 5171
-	SYS_QUOTACTL               = 5172
-	SYS_NFSSERVCTL             = 5173
-	SYS_GETPMSG                = 5174
-	SYS_PUTPMSG                = 5175
-	SYS_AFS_SYSCALL            = 5176
-	SYS_RESERVED177            = 5177
-	SYS_GETTID                 = 5178
-	SYS_READAHEAD              = 5179
-	SYS_SETXATTR               = 5180
-	SYS_LSETXATTR              = 5181
-	SYS_FSETXATTR              = 5182
-	SYS_GETXATTR               = 5183
-	SYS_LGETXATTR              = 5184
-	SYS_FGETXATTR              = 5185
-	SYS_LISTXATTR              = 5186
-	SYS_LLISTXATTR             = 5187
-	SYS_FLISTXATTR             = 5188
-	SYS_REMOVEXATTR            = 5189
-	SYS_LREMOVEXATTR           = 5190
-	SYS_FREMOVEXATTR           = 5191
-	SYS_TKILL                  = 5192
-	SYS_RESERVED193            = 5193
-	SYS_FUTEX                  = 5194
-	SYS_SCHED_SETAFFINITY      = 5195
-	SYS_SCHED_GETAFFINITY      = 5196
-	SYS_CACHEFLUSH             = 5197
-	SYS_CACHECTL               = 5198
-	SYS_SYSMIPS                = 5199
-	SYS_IO_SETUP               = 5200
-	SYS_IO_DESTROY             = 5201
-	SYS_IO_GETEVENTS           = 5202
-	SYS_IO_SUBMIT              = 5203
-	SYS_IO_CANCEL              = 5204
-	SYS_EXIT_GROUP             = 5205
-	SYS_LOOKUP_DCOOKIE         = 5206
-	SYS_EPOLL_CREATE           = 5207
-	SYS_EPOLL_CTL              = 5208
-	SYS_EPOLL_WAIT             = 5209
-	SYS_REMAP_FILE_PAGES       = 5210
-	SYS_RT_SIGRETURN           = 5211
-	SYS_SET_TID_ADDRESS        = 5212
-	SYS_RESTART_SYSCALL        = 5213
-	SYS_SEMTIMEDOP             = 5214
-	SYS_FADVISE64              = 5215
-	SYS_TIMER_CREATE           = 5216
-	SYS_TIMER_SETTIME          = 5217
-	SYS_TIMER_GETTIME          = 5218
-	SYS_TIMER_GETOVERRUN       = 5219
-	SYS_TIMER_DELETE           = 5220
-	SYS_CLOCK_SETTIME          = 5221
-	SYS_CLOCK_GETTIME          = 5222
-	SYS_CLOCK_GETRES           = 5223
-	SYS_CLOCK_NANOSLEEP        = 5224
-	SYS_TGKILL                 = 5225
-	SYS_UTIMES                 = 5226
-	SYS_MBIND                  = 5227
-	SYS_GET_MEMPOLICY          = 5228
-	SYS_SET_MEMPOLICY          = 5229
-	SYS_MQ_OPEN                = 5230
-	SYS_MQ_UNLINK              = 5231
-	SYS_MQ_TIMEDSEND           = 5232
-	SYS_MQ_TIMEDRECEIVE        = 5233
-	SYS_MQ_NOTIFY              = 5234
-	SYS_MQ_GETSETATTR          = 5235
-	SYS_VSERVER                = 5236
-	SYS_WAITID                 = 5237
-	SYS_ADD_KEY                = 5239
-	SYS_REQUEST_KEY            = 5240
-	SYS_KEYCTL                 = 5241
-	SYS_SET_THREAD_AREA        = 5242
-	SYS_INOTIFY_INIT           = 5243
-	SYS_INOTIFY_ADD_WATCH      = 5244
-	SYS_INOTIFY_RM_WATCH       = 5245
-	SYS_MIGRATE_PAGES          = 5246
-	SYS_OPENAT                 = 5247
-	SYS_MKDIRAT                = 5248
-	SYS_MKNODAT                = 5249
-	SYS_FCHOWNAT               = 5250
-	SYS_FUTIMESAT              = 5251
-	SYS_NEWFSTATAT             = 5252
-	SYS_UNLINKAT               = 5253
-	SYS_RENAMEAT               = 5254
-	SYS_LINKAT                 = 5255
-	SYS_SYMLINKAT              = 5256
-	SYS_READLINKAT             = 5257
-	SYS_FCHMODAT               = 5258
-	SYS_FACCESSAT              = 5259
-	SYS_PSELECT6               = 5260
-	SYS_PPOLL                  = 5261
-	SYS_UNSHARE                = 5262
-	SYS_SPLICE                 = 5263
-	SYS_SYNC_FILE_RANGE        = 5264
-	SYS_TEE                    = 5265
-	SYS_VMSPLICE               = 5266
-	SYS_MOVE_PAGES             = 5267
-	SYS_SET_ROBUST_LIST        = 5268
-	SYS_GET_ROBUST_LIST        = 5269
-	SYS_KEXEC_LOAD             = 5270
-	SYS_GETCPU                 = 5271
-	SYS_EPOLL_PWAIT            = 5272
-	SYS_IOPRIO_SET             = 5273
-	SYS_IOPRIO_GET             = 5274
-	SYS_UTIMENSAT              = 5275
-	SYS_SIGNALFD               = 5276
-	SYS_TIMERFD                = 5277
-	SYS_EVENTFD                = 5278
-	SYS_FALLOCATE              = 5279
-	SYS_TIMERFD_CREATE         = 5280
-	SYS_TIMERFD_GETTIME        = 5281
-	SYS_TIMERFD_SETTIME        = 5282
-	SYS_SIGNALFD4              = 5283
-	SYS_EVENTFD2               = 5284
-	SYS_EPOLL_CREATE1          = 5285
-	SYS_DUP3                   = 5286
-	SYS_PIPE2                  = 5287
-	SYS_INOTIFY_INIT1          = 5288
-	SYS_PREADV                 = 5289
-	SYS_PWRITEV                = 5290
-	SYS_RT_TGSIGQUEUEINFO      = 5291
-	SYS_PERF_EVENT_OPEN        = 5292
-	SYS_ACCEPT4                = 5293
-	SYS_RECVMMSG               = 5294
-	SYS_FANOTIFY_INIT          = 5295
-	SYS_FANOTIFY_MARK          = 5296
-	SYS_PRLIMIT64              = 5297
-	SYS_NAME_TO_HANDLE_AT      = 5298
-	SYS_OPEN_BY_HANDLE_AT      = 5299
-	SYS_CLOCK_ADJTIME          = 5300
-	SYS_SYNCFS                 = 5301
-	SYS_SENDMMSG               = 5302
-	SYS_SETNS                  = 5303
-	SYS_PROCESS_VM_READV       = 5304
-	SYS_PROCESS_VM_WRITEV      = 5305
-	SYS_KCMP                   = 5306
-	SYS_FINIT_MODULE           = 5307
-	SYS_GETDENTS64             = 5308
-	SYS_SCHED_SETATTR          = 5309
-	SYS_SCHED_GETATTR          = 5310
-	SYS_RENAMEAT2              = 5311
-	SYS_SECCOMP                = 5312
-	SYS_GETRANDOM              = 5313
-	SYS_MEMFD_CREATE           = 5314
-	SYS_BPF                    = 5315
-	SYS_EXECVEAT               = 5316
-	SYS_USERFAULTFD            = 5317
-	SYS_MEMBARRIER             = 5318
-	SYS_MLOCK2                 = 5319
-	SYS_COPY_FILE_RANGE        = 5320
-	SYS_PREADV2                = 5321
-	SYS_PWRITEV2               = 5322
-	SYS_PKEY_MPROTECT          = 5323
-	SYS_PKEY_ALLOC             = 5324
-	SYS_PKEY_FREE              = 5325
-	SYS_STATX                  = 5326
+	SYS_READ                    = 5000
+	SYS_WRITE                   = 5001
+	SYS_OPEN                    = 5002
+	SYS_CLOSE                   = 5003
+	SYS_STAT                    = 5004
+	SYS_FSTAT                   = 5005
+	SYS_LSTAT                   = 5006
+	SYS_POLL                    = 5007
+	SYS_LSEEK                   = 5008
+	SYS_MMAP                    = 5009
+	SYS_MPROTECT                = 5010
+	SYS_MUNMAP                  = 5011
+	SYS_BRK                     = 5012
+	SYS_RT_SIGACTION            = 5013
+	SYS_RT_SIGPROCMASK          = 5014
+	SYS_IOCTL                   = 5015
+	SYS_PREAD64                 = 5016
+	SYS_PWRITE64                = 5017
+	SYS_READV                   = 5018
+	SYS_WRITEV                  = 5019
+	SYS_ACCESS                  = 5020
+	SYS_PIPE                    = 5021
+	SYS__NEWSELECT              = 5022
+	SYS_SCHED_YIELD             = 5023
+	SYS_MREMAP                  = 5024
+	SYS_MSYNC                   = 5025
+	SYS_MINCORE                 = 5026
+	SYS_MADVISE                 = 5027
+	SYS_SHMGET                  = 5028
+	SYS_SHMAT                   = 5029
+	SYS_SHMCTL                  = 5030
+	SYS_DUP                     = 5031
+	SYS_DUP2                    = 5032
+	SYS_PAUSE                   = 5033
+	SYS_NANOSLEEP               = 5034
+	SYS_GETITIMER               = 5035
+	SYS_SETITIMER               = 5036
+	SYS_ALARM                   = 5037
+	SYS_GETPID                  = 5038
+	SYS_SENDFILE                = 5039
+	SYS_SOCKET                  = 5040
+	SYS_CONNECT                 = 5041
+	SYS_ACCEPT                  = 5042
+	SYS_SENDTO                  = 5043
+	SYS_RECVFROM                = 5044
+	SYS_SENDMSG                 = 5045
+	SYS_RECVMSG                 = 5046
+	SYS_SHUTDOWN                = 5047
+	SYS_BIND                    = 5048
+	SYS_LISTEN                  = 5049
+	SYS_GETSOCKNAME             = 5050
+	SYS_GETPEERNAME             = 5051
+	SYS_SOCKETPAIR              = 5052
+	SYS_SETSOCKOPT              = 5053
+	SYS_GETSOCKOPT              = 5054
+	SYS_CLONE                   = 5055
+	SYS_FORK                    = 5056
+	SYS_EXECVE                  = 5057
+	SYS_EXIT                    = 5058
+	SYS_WAIT4                   = 5059
+	SYS_KILL                    = 5060
+	SYS_UNAME                   = 5061
+	SYS_SEMGET                  = 5062
+	SYS_SEMOP                   = 5063
+	SYS_SEMCTL                  = 5064
+	SYS_SHMDT                   = 5065
+	SYS_MSGGET                  = 5066
+	SYS_MSGSND                  = 5067
+	SYS_MSGRCV                  = 5068
+	SYS_MSGCTL                  = 5069
+	SYS_FCNTL                   = 5070
+	SYS_FLOCK                   = 5071
+	SYS_FSYNC                   = 5072
+	SYS_FDATASYNC               = 5073
+	SYS_TRUNCATE                = 5074
+	SYS_FTRUNCATE               = 5075
+	SYS_GETDENTS                = 5076
+	SYS_GETCWD                  = 5077
+	SYS_CHDIR                   = 5078
+	SYS_FCHDIR                  = 5079
+	SYS_RENAME                  = 5080
+	SYS_MKDIR                   = 5081
+	SYS_RMDIR                   = 5082
+	SYS_CREAT                   = 5083
+	SYS_LINK                    = 5084
+	SYS_UNLINK                  = 5085
+	SYS_SYMLINK                 = 5086
+	SYS_READLINK                = 5087
+	SYS_CHMOD                   = 5088
+	SYS_FCHMOD                  = 5089
+	SYS_CHOWN                   = 5090
+	SYS_FCHOWN                  = 5091
+	SYS_LCHOWN                  = 5092
+	SYS_UMASK                   = 5093
+	SYS_GETTIMEOFDAY            = 5094
+	SYS_GETRLIMIT               = 5095
+	SYS_GETRUSAGE               = 5096
+	SYS_SYSINFO                 = 5097
+	SYS_TIMES                   = 5098
+	SYS_PTRACE                  = 5099
+	SYS_GETUID                  = 5100
+	SYS_SYSLOG                  = 5101
+	SYS_GETGID                  = 5102
+	SYS_SETUID                  = 5103
+	SYS_SETGID                  = 5104
+	SYS_GETEUID                 = 5105
+	SYS_GETEGID                 = 5106
+	SYS_SETPGID                 = 5107
+	SYS_GETPPID                 = 5108
+	SYS_GETPGRP                 = 5109
+	SYS_SETSID                  = 5110
+	SYS_SETREUID                = 5111
+	SYS_SETREGID                = 5112
+	SYS_GETGROUPS               = 5113
+	SYS_SETGROUPS               = 5114
+	SYS_SETRESUID               = 5115
+	SYS_GETRESUID               = 5116
+	SYS_SETRESGID               = 5117
+	SYS_GETRESGID               = 5118
+	SYS_GETPGID                 = 5119
+	SYS_SETFSUID                = 5120
+	SYS_SETFSGID                = 5121
+	SYS_GETSID                  = 5122
+	SYS_CAPGET                  = 5123
+	SYS_CAPSET                  = 5124
+	SYS_RT_SIGPENDING           = 5125
+	SYS_RT_SIGTIMEDWAIT         = 5126
+	SYS_RT_SIGQUEUEINFO         = 5127
+	SYS_RT_SIGSUSPEND           = 5128
+	SYS_SIGALTSTACK             = 5129
+	SYS_UTIME                   = 5130
+	SYS_MKNOD                   = 5131
+	SYS_PERSONALITY             = 5132
+	SYS_USTAT                   = 5133
+	SYS_STATFS                  = 5134
+	SYS_FSTATFS                 = 5135
+	SYS_SYSFS                   = 5136
+	SYS_GETPRIORITY             = 5137
+	SYS_SETPRIORITY             = 5138
+	SYS_SCHED_SETPARAM          = 5139
+	SYS_SCHED_GETPARAM          = 5140
+	SYS_SCHED_SETSCHEDULER      = 5141
+	SYS_SCHED_GETSCHEDULER      = 5142
+	SYS_SCHED_GET_PRIORITY_MAX  = 5143
+	SYS_SCHED_GET_PRIORITY_MIN  = 5144
+	SYS_SCHED_RR_GET_INTERVAL   = 5145
+	SYS_MLOCK                   = 5146
+	SYS_MUNLOCK                 = 5147
+	SYS_MLOCKALL                = 5148
+	SYS_MUNLOCKALL              = 5149
+	SYS_VHANGUP                 = 5150
+	SYS_PIVOT_ROOT              = 5151
+	SYS__SYSCTL                 = 5152
+	SYS_PRCTL                   = 5153
+	SYS_ADJTIMEX                = 5154
+	SYS_SETRLIMIT               = 5155
+	SYS_CHROOT                  = 5156
+	SYS_SYNC                    = 5157
+	SYS_ACCT                    = 5158
+	SYS_SETTIMEOFDAY            = 5159
+	SYS_MOUNT                   = 5160
+	SYS_UMOUNT2                 = 5161
+	SYS_SWAPON                  = 5162
+	SYS_SWAPOFF                 = 5163
+	SYS_REBOOT                  = 5164
+	SYS_SETHOSTNAME             = 5165
+	SYS_SETDOMAINNAME           = 5166
+	SYS_CREATE_MODULE           = 5167
+	SYS_INIT_MODULE             = 5168
+	SYS_DELETE_MODULE           = 5169
+	SYS_GET_KERNEL_SYMS         = 5170
+	SYS_QUERY_MODULE            = 5171
+	SYS_QUOTACTL                = 5172
+	SYS_NFSSERVCTL              = 5173
+	SYS_GETPMSG                 = 5174
+	SYS_PUTPMSG                 = 5175
+	SYS_AFS_SYSCALL             = 5176
+	SYS_RESERVED177             = 5177
+	SYS_GETTID                  = 5178
+	SYS_READAHEAD               = 5179
+	SYS_SETXATTR                = 5180
+	SYS_LSETXATTR               = 5181
+	SYS_FSETXATTR               = 5182
+	SYS_GETXATTR                = 5183
+	SYS_LGETXATTR               = 5184
+	SYS_FGETXATTR               = 5185
+	SYS_LISTXATTR               = 5186
+	SYS_LLISTXATTR              = 5187
+	SYS_FLISTXATTR              = 5188
+	SYS_REMOVEXATTR             = 5189
+	SYS_LREMOVEXATTR            = 5190
+	SYS_FREMOVEXATTR            = 5191
+	SYS_TKILL                   = 5192
+	SYS_RESERVED193             = 5193
+	SYS_FUTEX                   = 5194
+	SYS_SCHED_SETAFFINITY       = 5195
+	SYS_SCHED_GETAFFINITY       = 5196
+	SYS_CACHEFLUSH              = 5197
+	SYS_CACHECTL                = 5198
+	SYS_SYSMIPS                 = 5199
+	SYS_IO_SETUP                = 5200
+	SYS_IO_DESTROY              = 5201
+	SYS_IO_GETEVENTS            = 5202
+	SYS_IO_SUBMIT               = 5203
+	SYS_IO_CANCEL               = 5204
+	SYS_EXIT_GROUP              = 5205
+	SYS_LOOKUP_DCOOKIE          = 5206
+	SYS_EPOLL_CREATE            = 5207
+	SYS_EPOLL_CTL               = 5208
+	SYS_EPOLL_WAIT              = 5209
+	SYS_REMAP_FILE_PAGES        = 5210
+	SYS_RT_SIGRETURN            = 5211
+	SYS_SET_TID_ADDRESS         = 5212
+	SYS_RESTART_SYSCALL         = 5213
+	SYS_SEMTIMEDOP              = 5214
+	SYS_FADVISE64               = 5215
+	SYS_TIMER_CREATE            = 5216
+	SYS_TIMER_SETTIME           = 5217
+	SYS_TIMER_GETTIME           = 5218
+	SYS_TIMER_GETOVERRUN        = 5219
+	SYS_TIMER_DELETE            = 5220
+	SYS_CLOCK_SETTIME           = 5221
+	SYS_CLOCK_GETTIME           = 5222
+	SYS_CLOCK_GETRES            = 5223
+	SYS_CLOCK_NANOSLEEP         = 5224
+	SYS_TGKILL                  = 5225
+	SYS_UTIMES                  = 5226
+	SYS_MBIND                   = 5227
+	SYS_GET_MEMPOLICY           = 5228
+	SYS_SET_MEMPOLICY           = 5229
+	SYS_MQ_OPEN                 = 5230
+	SYS_MQ_UNLINK               = 5231
+	SYS_MQ_TIMEDSEND            = 5232
+	SYS_MQ_TIMEDRECEIVE         = 5233
+	SYS_MQ_NOTIFY               = 5234
+	SYS_MQ_GETSETATTR           = 5235
+	SYS_VSERVER                 = 5236
+	SYS_WAITID                  = 5237
+	SYS_ADD_KEY                 = 5239
+	SYS_REQUEST_KEY             = 5240
+	SYS_KEYCTL                  = 5241
+	SYS_SET_THREAD_AREA         = 5242
+	SYS_INOTIFY_INIT            = 5243
+	SYS_INOTIFY_ADD_WATCH       = 5244
+	SYS_INOTIFY_RM_WATCH        = 5245
+	SYS_MIGRATE_PAGES           = 5246
+	SYS_OPENAT                  = 5247
+	SYS_MKDIRAT                 = 5248
+	SYS_MKNODAT                 = 5249
+	SYS_FCHOWNAT                = 5250
+	SYS_FUTIMESAT               = 5251
+	SYS_NEWFSTATAT              = 5252
+	SYS_UNLINKAT                = 5253
+	SYS_RENAMEAT                = 5254
+	SYS_LINKAT                  = 5255
+	SYS_SYMLINKAT               = 5256
+	SYS_READLINKAT              = 5257
+	SYS_FCHMODAT                = 5258
+	SYS_FACCESSAT               = 5259
+	SYS_PSELECT6                = 5260
+	SYS_PPOLL                   = 5261
+	SYS_UNSHARE                 = 5262
+	SYS_SPLICE                  = 5263
+	SYS_SYNC_FILE_RANGE         = 5264
+	SYS_TEE                     = 5265
+	SYS_VMSPLICE                = 5266
+	SYS_MOVE_PAGES              = 5267
+	SYS_SET_ROBUST_LIST         = 5268
+	SYS_GET_ROBUST_LIST         = 5269
+	SYS_KEXEC_LOAD              = 5270
+	SYS_GETCPU                  = 5271
+	SYS_EPOLL_PWAIT             = 5272
+	SYS_IOPRIO_SET              = 5273
+	SYS_IOPRIO_GET              = 5274
+	SYS_UTIMENSAT               = 5275
+	SYS_SIGNALFD                = 5276
+	SYS_TIMERFD                 = 5277
+	SYS_EVENTFD                 = 5278
+	SYS_FALLOCATE               = 5279
+	SYS_TIMERFD_CREATE          = 5280
+	SYS_TIMERFD_GETTIME         = 5281
+	SYS_TIMERFD_SETTIME         = 5282
+	SYS_SIGNALFD4               = 5283
+	SYS_EVENTFD2                = 5284
+	SYS_EPOLL_CREATE1           = 5285
+	SYS_DUP3                    = 5286
+	SYS_PIPE2                   = 5287
+	SYS_INOTIFY_INIT1           = 5288
+	SYS_PREADV                  = 5289
+	SYS_PWRITEV                 = 5290
+	SYS_RT_TGSIGQUEUEINFO       = 5291
+	SYS_PERF_EVENT_OPEN         = 5292
+	SYS_ACCEPT4                 = 5293
+	SYS_RECVMMSG                = 5294
+	SYS_FANOTIFY_INIT           = 5295
+	SYS_FANOTIFY_MARK           = 5296
+	SYS_PRLIMIT64               = 5297
+	SYS_NAME_TO_HANDLE_AT       = 5298
+	SYS_OPEN_BY_HANDLE_AT       = 5299
+	SYS_CLOCK_ADJTIME           = 5300
+	SYS_SYNCFS                  = 5301
+	SYS_SENDMMSG                = 5302
+	SYS_SETNS                   = 5303
+	SYS_PROCESS_VM_READV        = 5304
+	SYS_PROCESS_VM_WRITEV       = 5305
+	SYS_KCMP                    = 5306
+	SYS_FINIT_MODULE            = 5307
+	SYS_GETDENTS64              = 5308
+	SYS_SCHED_SETATTR           = 5309
+	SYS_SCHED_GETATTR           = 5310
+	SYS_RENAMEAT2               = 5311
+	SYS_SECCOMP                 = 5312
+	SYS_GETRANDOM               = 5313
+	SYS_MEMFD_CREATE            = 5314
+	SYS_BPF                     = 5315
+	SYS_EXECVEAT                = 5316
+	SYS_USERFAULTFD             = 5317
+	SYS_MEMBARRIER              = 5318
+	SYS_MLOCK2                  = 5319
+	SYS_COPY_FILE_RANGE         = 5320
+	SYS_PREADV2                 = 5321
+	SYS_PWRITEV2                = 5322
+	SYS_PKEY_MPROTECT           = 5323
+	SYS_PKEY_ALLOC              = 5324
+	SYS_PKEY_FREE               = 5325
+	SYS_STATX                   = 5326
+	SYS_RSEQ                    = 5327
+	SYS_IO_PGETEVENTS           = 5328
+	SYS_PIDFD_SEND_SIGNAL       = 5424
+	SYS_IO_URING_SETUP          = 5425
+	SYS_IO_URING_ENTER          = 5426
+	SYS_IO_URING_REGISTER       = 5427
+	SYS_OPEN_TREE               = 5428
+	SYS_MOVE_MOUNT              = 5429
+	SYS_FSOPEN                  = 5430
+	SYS_FSCONFIG                = 5431
+	SYS_FSMOUNT                 = 5432
+	SYS_FSPICK                  = 5433
+	SYS_PIDFD_OPEN              = 5434
+	SYS_CLONE3                  = 5435
+	SYS_CLOSE_RANGE             = 5436
+	SYS_OPENAT2                 = 5437
+	SYS_PIDFD_GETFD             = 5438
+	SYS_FACCESSAT2              = 5439
+	SYS_PROCESS_MADVISE         = 5440
+	SYS_EPOLL_PWAIT2            = 5441
+	SYS_MOUNT_SETATTR           = 5442
+	SYS_QUOTACTL_FD             = 5443
+	SYS_LANDLOCK_CREATE_RULESET = 5444
+	SYS_LANDLOCK_ADD_RULE       = 5445
+	SYS_LANDLOCK_RESTRICT_SELF  = 5446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index 45bd3fd6c84be..45082dd67fffb 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -1,335 +1,361 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips64le && linux
 // +build mips64le,linux
 
 package unix
 
 const (
-	SYS_READ                   = 5000
-	SYS_WRITE                  = 5001
-	SYS_OPEN                   = 5002
-	SYS_CLOSE                  = 5003
-	SYS_STAT                   = 5004
-	SYS_FSTAT                  = 5005
-	SYS_LSTAT                  = 5006
-	SYS_POLL                   = 5007
-	SYS_LSEEK                  = 5008
-	SYS_MMAP                   = 5009
-	SYS_MPROTECT               = 5010
-	SYS_MUNMAP                 = 5011
-	SYS_BRK                    = 5012
-	SYS_RT_SIGACTION           = 5013
-	SYS_RT_SIGPROCMASK         = 5014
-	SYS_IOCTL                  = 5015
-	SYS_PREAD64                = 5016
-	SYS_PWRITE64               = 5017
-	SYS_READV                  = 5018
-	SYS_WRITEV                 = 5019
-	SYS_ACCESS                 = 5020
-	SYS_PIPE                   = 5021
-	SYS__NEWSELECT             = 5022
-	SYS_SCHED_YIELD            = 5023
-	SYS_MREMAP                 = 5024
-	SYS_MSYNC                  = 5025
-	SYS_MINCORE                = 5026
-	SYS_MADVISE                = 5027
-	SYS_SHMGET                 = 5028
-	SYS_SHMAT                  = 5029
-	SYS_SHMCTL                 = 5030
-	SYS_DUP                    = 5031
-	SYS_DUP2                   = 5032
-	SYS_PAUSE                  = 5033
-	SYS_NANOSLEEP              = 5034
-	SYS_GETITIMER              = 5035
-	SYS_SETITIMER              = 5036
-	SYS_ALARM                  = 5037
-	SYS_GETPID                 = 5038
-	SYS_SENDFILE               = 5039
-	SYS_SOCKET                 = 5040
-	SYS_CONNECT                = 5041
-	SYS_ACCEPT                 = 5042
-	SYS_SENDTO                 = 5043
-	SYS_RECVFROM               = 5044
-	SYS_SENDMSG                = 5045
-	SYS_RECVMSG                = 5046
-	SYS_SHUTDOWN               = 5047
-	SYS_BIND                   = 5048
-	SYS_LISTEN                 = 5049
-	SYS_GETSOCKNAME            = 5050
-	SYS_GETPEERNAME            = 5051
-	SYS_SOCKETPAIR             = 5052
-	SYS_SETSOCKOPT             = 5053
-	SYS_GETSOCKOPT             = 5054
-	SYS_CLONE                  = 5055
-	SYS_FORK                   = 5056
-	SYS_EXECVE                 = 5057
-	SYS_EXIT                   = 5058
-	SYS_WAIT4                  = 5059
-	SYS_KILL                   = 5060
-	SYS_UNAME                  = 5061
-	SYS_SEMGET                 = 5062
-	SYS_SEMOP                  = 5063
-	SYS_SEMCTL                 = 5064
-	SYS_SHMDT                  = 5065
-	SYS_MSGGET                 = 5066
-	SYS_MSGSND                 = 5067
-	SYS_MSGRCV                 = 5068
-	SYS_MSGCTL                 = 5069
-	SYS_FCNTL                  = 5070
-	SYS_FLOCK                  = 5071
-	SYS_FSYNC                  = 5072
-	SYS_FDATASYNC              = 5073
-	SYS_TRUNCATE               = 5074
-	SYS_FTRUNCATE              = 5075
-	SYS_GETDENTS               = 5076
-	SYS_GETCWD                 = 5077
-	SYS_CHDIR                  = 5078
-	SYS_FCHDIR                 = 5079
-	SYS_RENAME                 = 5080
-	SYS_MKDIR                  = 5081
-	SYS_RMDIR                  = 5082
-	SYS_CREAT                  = 5083
-	SYS_LINK                   = 5084
-	SYS_UNLINK                 = 5085
-	SYS_SYMLINK                = 5086
-	SYS_READLINK               = 5087
-	SYS_CHMOD                  = 5088
-	SYS_FCHMOD                 = 5089
-	SYS_CHOWN                  = 5090
-	SYS_FCHOWN                 = 5091
-	SYS_LCHOWN                 = 5092
-	SYS_UMASK                  = 5093
-	SYS_GETTIMEOFDAY           = 5094
-	SYS_GETRLIMIT              = 5095
-	SYS_GETRUSAGE              = 5096
-	SYS_SYSINFO                = 5097
-	SYS_TIMES                  = 5098
-	SYS_PTRACE                 = 5099
-	SYS_GETUID                 = 5100
-	SYS_SYSLOG                 = 5101
-	SYS_GETGID                 = 5102
-	SYS_SETUID                 = 5103
-	SYS_SETGID                 = 5104
-	SYS_GETEUID                = 5105
-	SYS_GETEGID                = 5106
-	SYS_SETPGID                = 5107
-	SYS_GETPPID                = 5108
-	SYS_GETPGRP                = 5109
-	SYS_SETSID                 = 5110
-	SYS_SETREUID               = 5111
-	SYS_SETREGID               = 5112
-	SYS_GETGROUPS              = 5113
-	SYS_SETGROUPS              = 5114
-	SYS_SETRESUID              = 5115
-	SYS_GETRESUID              = 5116
-	SYS_SETRESGID              = 5117
-	SYS_GETRESGID              = 5118
-	SYS_GETPGID                = 5119
-	SYS_SETFSUID               = 5120
-	SYS_SETFSGID               = 5121
-	SYS_GETSID                 = 5122
-	SYS_CAPGET                 = 5123
-	SYS_CAPSET                 = 5124
-	SYS_RT_SIGPENDING          = 5125
-	SYS_RT_SIGTIMEDWAIT        = 5126
-	SYS_RT_SIGQUEUEINFO        = 5127
-	SYS_RT_SIGSUSPEND          = 5128
-	SYS_SIGALTSTACK            = 5129
-	SYS_UTIME                  = 5130
-	SYS_MKNOD                  = 5131
-	SYS_PERSONALITY            = 5132
-	SYS_USTAT                  = 5133
-	SYS_STATFS                 = 5134
-	SYS_FSTATFS                = 5135
-	SYS_SYSFS                  = 5136
-	SYS_GETPRIORITY            = 5137
-	SYS_SETPRIORITY            = 5138
-	SYS_SCHED_SETPARAM         = 5139
-	SYS_SCHED_GETPARAM         = 5140
-	SYS_SCHED_SETSCHEDULER     = 5141
-	SYS_SCHED_GETSCHEDULER     = 5142
-	SYS_SCHED_GET_PRIORITY_MAX = 5143
-	SYS_SCHED_GET_PRIORITY_MIN = 5144
-	SYS_SCHED_RR_GET_INTERVAL  = 5145
-	SYS_MLOCK                  = 5146
-	SYS_MUNLOCK                = 5147
-	SYS_MLOCKALL               = 5148
-	SYS_MUNLOCKALL             = 5149
-	SYS_VHANGUP                = 5150
-	SYS_PIVOT_ROOT             = 5151
-	SYS__SYSCTL                = 5152
-	SYS_PRCTL                  = 5153
-	SYS_ADJTIMEX               = 5154
-	SYS_SETRLIMIT              = 5155
-	SYS_CHROOT                 = 5156
-	SYS_SYNC                   = 5157
-	SYS_ACCT                   = 5158
-	SYS_SETTIMEOFDAY           = 5159
-	SYS_MOUNT                  = 5160
-	SYS_UMOUNT2                = 5161
-	SYS_SWAPON                 = 5162
-	SYS_SWAPOFF                = 5163
-	SYS_REBOOT                 = 5164
-	SYS_SETHOSTNAME            = 5165
-	SYS_SETDOMAINNAME          = 5166
-	SYS_CREATE_MODULE          = 5167
-	SYS_INIT_MODULE            = 5168
-	SYS_DELETE_MODULE          = 5169
-	SYS_GET_KERNEL_SYMS        = 5170
-	SYS_QUERY_MODULE           = 5171
-	SYS_QUOTACTL               = 5172
-	SYS_NFSSERVCTL             = 5173
-	SYS_GETPMSG                = 5174
-	SYS_PUTPMSG                = 5175
-	SYS_AFS_SYSCALL            = 5176
-	SYS_RESERVED177            = 5177
-	SYS_GETTID                 = 5178
-	SYS_READAHEAD              = 5179
-	SYS_SETXATTR               = 5180
-	SYS_LSETXATTR              = 5181
-	SYS_FSETXATTR              = 5182
-	SYS_GETXATTR               = 5183
-	SYS_LGETXATTR              = 5184
-	SYS_FGETXATTR              = 5185
-	SYS_LISTXATTR              = 5186
-	SYS_LLISTXATTR             = 5187
-	SYS_FLISTXATTR             = 5188
-	SYS_REMOVEXATTR            = 5189
-	SYS_LREMOVEXATTR           = 5190
-	SYS_FREMOVEXATTR           = 5191
-	SYS_TKILL                  = 5192
-	SYS_RESERVED193            = 5193
-	SYS_FUTEX                  = 5194
-	SYS_SCHED_SETAFFINITY      = 5195
-	SYS_SCHED_GETAFFINITY      = 5196
-	SYS_CACHEFLUSH             = 5197
-	SYS_CACHECTL               = 5198
-	SYS_SYSMIPS                = 5199
-	SYS_IO_SETUP               = 5200
-	SYS_IO_DESTROY             = 5201
-	SYS_IO_GETEVENTS           = 5202
-	SYS_IO_SUBMIT              = 5203
-	SYS_IO_CANCEL              = 5204
-	SYS_EXIT_GROUP             = 5205
-	SYS_LOOKUP_DCOOKIE         = 5206
-	SYS_EPOLL_CREATE           = 5207
-	SYS_EPOLL_CTL              = 5208
-	SYS_EPOLL_WAIT             = 5209
-	SYS_REMAP_FILE_PAGES       = 5210
-	SYS_RT_SIGRETURN           = 5211
-	SYS_SET_TID_ADDRESS        = 5212
-	SYS_RESTART_SYSCALL        = 5213
-	SYS_SEMTIMEDOP             = 5214
-	SYS_FADVISE64              = 5215
-	SYS_TIMER_CREATE           = 5216
-	SYS_TIMER_SETTIME          = 5217
-	SYS_TIMER_GETTIME          = 5218
-	SYS_TIMER_GETOVERRUN       = 5219
-	SYS_TIMER_DELETE           = 5220
-	SYS_CLOCK_SETTIME          = 5221
-	SYS_CLOCK_GETTIME          = 5222
-	SYS_CLOCK_GETRES           = 5223
-	SYS_CLOCK_NANOSLEEP        = 5224
-	SYS_TGKILL                 = 5225
-	SYS_UTIMES                 = 5226
-	SYS_MBIND                  = 5227
-	SYS_GET_MEMPOLICY          = 5228
-	SYS_SET_MEMPOLICY          = 5229
-	SYS_MQ_OPEN                = 5230
-	SYS_MQ_UNLINK              = 5231
-	SYS_MQ_TIMEDSEND           = 5232
-	SYS_MQ_TIMEDRECEIVE        = 5233
-	SYS_MQ_NOTIFY              = 5234
-	SYS_MQ_GETSETATTR          = 5235
-	SYS_VSERVER                = 5236
-	SYS_WAITID                 = 5237
-	SYS_ADD_KEY                = 5239
-	SYS_REQUEST_KEY            = 5240
-	SYS_KEYCTL                 = 5241
-	SYS_SET_THREAD_AREA        = 5242
-	SYS_INOTIFY_INIT           = 5243
-	SYS_INOTIFY_ADD_WATCH      = 5244
-	SYS_INOTIFY_RM_WATCH       = 5245
-	SYS_MIGRATE_PAGES          = 5246
-	SYS_OPENAT                 = 5247
-	SYS_MKDIRAT                = 5248
-	SYS_MKNODAT                = 5249
-	SYS_FCHOWNAT               = 5250
-	SYS_FUTIMESAT              = 5251
-	SYS_NEWFSTATAT             = 5252
-	SYS_UNLINKAT               = 5253
-	SYS_RENAMEAT               = 5254
-	SYS_LINKAT                 = 5255
-	SYS_SYMLINKAT              = 5256
-	SYS_READLINKAT             = 5257
-	SYS_FCHMODAT               = 5258
-	SYS_FACCESSAT              = 5259
-	SYS_PSELECT6               = 5260
-	SYS_PPOLL                  = 5261
-	SYS_UNSHARE                = 5262
-	SYS_SPLICE                 = 5263
-	SYS_SYNC_FILE_RANGE        = 5264
-	SYS_TEE                    = 5265
-	SYS_VMSPLICE               = 5266
-	SYS_MOVE_PAGES             = 5267
-	SYS_SET_ROBUST_LIST        = 5268
-	SYS_GET_ROBUST_LIST        = 5269
-	SYS_KEXEC_LOAD             = 5270
-	SYS_GETCPU                 = 5271
-	SYS_EPOLL_PWAIT            = 5272
-	SYS_IOPRIO_SET             = 5273
-	SYS_IOPRIO_GET             = 5274
-	SYS_UTIMENSAT              = 5275
-	SYS_SIGNALFD               = 5276
-	SYS_TIMERFD                = 5277
-	SYS_EVENTFD                = 5278
-	SYS_FALLOCATE              = 5279
-	SYS_TIMERFD_CREATE         = 5280
-	SYS_TIMERFD_GETTIME        = 5281
-	SYS_TIMERFD_SETTIME        = 5282
-	SYS_SIGNALFD4              = 5283
-	SYS_EVENTFD2               = 5284
-	SYS_EPOLL_CREATE1          = 5285
-	SYS_DUP3                   = 5286
-	SYS_PIPE2                  = 5287
-	SYS_INOTIFY_INIT1          = 5288
-	SYS_PREADV                 = 5289
-	SYS_PWRITEV                = 5290
-	SYS_RT_TGSIGQUEUEINFO      = 5291
-	SYS_PERF_EVENT_OPEN        = 5292
-	SYS_ACCEPT4                = 5293
-	SYS_RECVMMSG               = 5294
-	SYS_FANOTIFY_INIT          = 5295
-	SYS_FANOTIFY_MARK          = 5296
-	SYS_PRLIMIT64              = 5297
-	SYS_NAME_TO_HANDLE_AT      = 5298
-	SYS_OPEN_BY_HANDLE_AT      = 5299
-	SYS_CLOCK_ADJTIME          = 5300
-	SYS_SYNCFS                 = 5301
-	SYS_SENDMMSG               = 5302
-	SYS_SETNS                  = 5303
-	SYS_PROCESS_VM_READV       = 5304
-	SYS_PROCESS_VM_WRITEV      = 5305
-	SYS_KCMP                   = 5306
-	SYS_FINIT_MODULE           = 5307
-	SYS_GETDENTS64             = 5308
-	SYS_SCHED_SETATTR          = 5309
-	SYS_SCHED_GETATTR          = 5310
-	SYS_RENAMEAT2              = 5311
-	SYS_SECCOMP                = 5312
-	SYS_GETRANDOM              = 5313
-	SYS_MEMFD_CREATE           = 5314
-	SYS_BPF                    = 5315
-	SYS_EXECVEAT               = 5316
-	SYS_USERFAULTFD            = 5317
-	SYS_MEMBARRIER             = 5318
-	SYS_MLOCK2                 = 5319
-	SYS_COPY_FILE_RANGE        = 5320
-	SYS_PREADV2                = 5321
-	SYS_PWRITEV2               = 5322
-	SYS_PKEY_MPROTECT          = 5323
-	SYS_PKEY_ALLOC             = 5324
-	SYS_PKEY_FREE              = 5325
-	SYS_STATX                  = 5326
+	SYS_READ                    = 5000
+	SYS_WRITE                   = 5001
+	SYS_OPEN                    = 5002
+	SYS_CLOSE                   = 5003
+	SYS_STAT                    = 5004
+	SYS_FSTAT                   = 5005
+	SYS_LSTAT                   = 5006
+	SYS_POLL                    = 5007
+	SYS_LSEEK                   = 5008
+	SYS_MMAP                    = 5009
+	SYS_MPROTECT                = 5010
+	SYS_MUNMAP                  = 5011
+	SYS_BRK                     = 5012
+	SYS_RT_SIGACTION            = 5013
+	SYS_RT_SIGPROCMASK          = 5014
+	SYS_IOCTL                   = 5015
+	SYS_PREAD64                 = 5016
+	SYS_PWRITE64                = 5017
+	SYS_READV                   = 5018
+	SYS_WRITEV                  = 5019
+	SYS_ACCESS                  = 5020
+	SYS_PIPE                    = 5021
+	SYS__NEWSELECT              = 5022
+	SYS_SCHED_YIELD             = 5023
+	SYS_MREMAP                  = 5024
+	SYS_MSYNC                   = 5025
+	SYS_MINCORE                 = 5026
+	SYS_MADVISE                 = 5027
+	SYS_SHMGET                  = 5028
+	SYS_SHMAT                   = 5029
+	SYS_SHMCTL                  = 5030
+	SYS_DUP                     = 5031
+	SYS_DUP2                    = 5032
+	SYS_PAUSE                   = 5033
+	SYS_NANOSLEEP               = 5034
+	SYS_GETITIMER               = 5035
+	SYS_SETITIMER               = 5036
+	SYS_ALARM                   = 5037
+	SYS_GETPID                  = 5038
+	SYS_SENDFILE                = 5039
+	SYS_SOCKET                  = 5040
+	SYS_CONNECT                 = 5041
+	SYS_ACCEPT                  = 5042
+	SYS_SENDTO                  = 5043
+	SYS_RECVFROM                = 5044
+	SYS_SENDMSG                 = 5045
+	SYS_RECVMSG                 = 5046
+	SYS_SHUTDOWN                = 5047
+	SYS_BIND                    = 5048
+	SYS_LISTEN                  = 5049
+	SYS_GETSOCKNAME             = 5050
+	SYS_GETPEERNAME             = 5051
+	SYS_SOCKETPAIR              = 5052
+	SYS_SETSOCKOPT              = 5053
+	SYS_GETSOCKOPT              = 5054
+	SYS_CLONE                   = 5055
+	SYS_FORK                    = 5056
+	SYS_EXECVE                  = 5057
+	SYS_EXIT                    = 5058
+	SYS_WAIT4                   = 5059
+	SYS_KILL                    = 5060
+	SYS_UNAME                   = 5061
+	SYS_SEMGET                  = 5062
+	SYS_SEMOP                   = 5063
+	SYS_SEMCTL                  = 5064
+	SYS_SHMDT                   = 5065
+	SYS_MSGGET                  = 5066
+	SYS_MSGSND                  = 5067
+	SYS_MSGRCV                  = 5068
+	SYS_MSGCTL                  = 5069
+	SYS_FCNTL                   = 5070
+	SYS_FLOCK                   = 5071
+	SYS_FSYNC                   = 5072
+	SYS_FDATASYNC               = 5073
+	SYS_TRUNCATE                = 5074
+	SYS_FTRUNCATE               = 5075
+	SYS_GETDENTS                = 5076
+	SYS_GETCWD                  = 5077
+	SYS_CHDIR                   = 5078
+	SYS_FCHDIR                  = 5079
+	SYS_RENAME                  = 5080
+	SYS_MKDIR                   = 5081
+	SYS_RMDIR                   = 5082
+	SYS_CREAT                   = 5083
+	SYS_LINK                    = 5084
+	SYS_UNLINK                  = 5085
+	SYS_SYMLINK                 = 5086
+	SYS_READLINK                = 5087
+	SYS_CHMOD                   = 5088
+	SYS_FCHMOD                  = 5089
+	SYS_CHOWN                   = 5090
+	SYS_FCHOWN                  = 5091
+	SYS_LCHOWN                  = 5092
+	SYS_UMASK                   = 5093
+	SYS_GETTIMEOFDAY            = 5094
+	SYS_GETRLIMIT               = 5095
+	SYS_GETRUSAGE               = 5096
+	SYS_SYSINFO                 = 5097
+	SYS_TIMES                   = 5098
+	SYS_PTRACE                  = 5099
+	SYS_GETUID                  = 5100
+	SYS_SYSLOG                  = 5101
+	SYS_GETGID                  = 5102
+	SYS_SETUID                  = 5103
+	SYS_SETGID                  = 5104
+	SYS_GETEUID                 = 5105
+	SYS_GETEGID                 = 5106
+	SYS_SETPGID                 = 5107
+	SYS_GETPPID                 = 5108
+	SYS_GETPGRP                 = 5109
+	SYS_SETSID                  = 5110
+	SYS_SETREUID                = 5111
+	SYS_SETREGID                = 5112
+	SYS_GETGROUPS               = 5113
+	SYS_SETGROUPS               = 5114
+	SYS_SETRESUID               = 5115
+	SYS_GETRESUID               = 5116
+	SYS_SETRESGID               = 5117
+	SYS_GETRESGID               = 5118
+	SYS_GETPGID                 = 5119
+	SYS_SETFSUID                = 5120
+	SYS_SETFSGID                = 5121
+	SYS_GETSID                  = 5122
+	SYS_CAPGET                  = 5123
+	SYS_CAPSET                  = 5124
+	SYS_RT_SIGPENDING           = 5125
+	SYS_RT_SIGTIMEDWAIT         = 5126
+	SYS_RT_SIGQUEUEINFO         = 5127
+	SYS_RT_SIGSUSPEND           = 5128
+	SYS_SIGALTSTACK             = 5129
+	SYS_UTIME                   = 5130
+	SYS_MKNOD                   = 5131
+	SYS_PERSONALITY             = 5132
+	SYS_USTAT                   = 5133
+	SYS_STATFS                  = 5134
+	SYS_FSTATFS                 = 5135
+	SYS_SYSFS                   = 5136
+	SYS_GETPRIORITY             = 5137
+	SYS_SETPRIORITY             = 5138
+	SYS_SCHED_SETPARAM          = 5139
+	SYS_SCHED_GETPARAM          = 5140
+	SYS_SCHED_SETSCHEDULER      = 5141
+	SYS_SCHED_GETSCHEDULER      = 5142
+	SYS_SCHED_GET_PRIORITY_MAX  = 5143
+	SYS_SCHED_GET_PRIORITY_MIN  = 5144
+	SYS_SCHED_RR_GET_INTERVAL   = 5145
+	SYS_MLOCK                   = 5146
+	SYS_MUNLOCK                 = 5147
+	SYS_MLOCKALL                = 5148
+	SYS_MUNLOCKALL              = 5149
+	SYS_VHANGUP                 = 5150
+	SYS_PIVOT_ROOT              = 5151
+	SYS__SYSCTL                 = 5152
+	SYS_PRCTL                   = 5153
+	SYS_ADJTIMEX                = 5154
+	SYS_SETRLIMIT               = 5155
+	SYS_CHROOT                  = 5156
+	SYS_SYNC                    = 5157
+	SYS_ACCT                    = 5158
+	SYS_SETTIMEOFDAY            = 5159
+	SYS_MOUNT                   = 5160
+	SYS_UMOUNT2                 = 5161
+	SYS_SWAPON                  = 5162
+	SYS_SWAPOFF                 = 5163
+	SYS_REBOOT                  = 5164
+	SYS_SETHOSTNAME             = 5165
+	SYS_SETDOMAINNAME           = 5166
+	SYS_CREATE_MODULE           = 5167
+	SYS_INIT_MODULE             = 5168
+	SYS_DELETE_MODULE           = 5169
+	SYS_GET_KERNEL_SYMS         = 5170
+	SYS_QUERY_MODULE            = 5171
+	SYS_QUOTACTL                = 5172
+	SYS_NFSSERVCTL              = 5173
+	SYS_GETPMSG                 = 5174
+	SYS_PUTPMSG                 = 5175
+	SYS_AFS_SYSCALL             = 5176
+	SYS_RESERVED177             = 5177
+	SYS_GETTID                  = 5178
+	SYS_READAHEAD               = 5179
+	SYS_SETXATTR                = 5180
+	SYS_LSETXATTR               = 5181
+	SYS_FSETXATTR               = 5182
+	SYS_GETXATTR                = 5183
+	SYS_LGETXATTR               = 5184
+	SYS_FGETXATTR               = 5185
+	SYS_LISTXATTR               = 5186
+	SYS_LLISTXATTR              = 5187
+	SYS_FLISTXATTR              = 5188
+	SYS_REMOVEXATTR             = 5189
+	SYS_LREMOVEXATTR            = 5190
+	SYS_FREMOVEXATTR            = 5191
+	SYS_TKILL                   = 5192
+	SYS_RESERVED193             = 5193
+	SYS_FUTEX                   = 5194
+	SYS_SCHED_SETAFFINITY       = 5195
+	SYS_SCHED_GETAFFINITY       = 5196
+	SYS_CACHEFLUSH              = 5197
+	SYS_CACHECTL                = 5198
+	SYS_SYSMIPS                 = 5199
+	SYS_IO_SETUP                = 5200
+	SYS_IO_DESTROY              = 5201
+	SYS_IO_GETEVENTS            = 5202
+	SYS_IO_SUBMIT               = 5203
+	SYS_IO_CANCEL               = 5204
+	SYS_EXIT_GROUP              = 5205
+	SYS_LOOKUP_DCOOKIE          = 5206
+	SYS_EPOLL_CREATE            = 5207
+	SYS_EPOLL_CTL               = 5208
+	SYS_EPOLL_WAIT              = 5209
+	SYS_REMAP_FILE_PAGES        = 5210
+	SYS_RT_SIGRETURN            = 5211
+	SYS_SET_TID_ADDRESS         = 5212
+	SYS_RESTART_SYSCALL         = 5213
+	SYS_SEMTIMEDOP              = 5214
+	SYS_FADVISE64               = 5215
+	SYS_TIMER_CREATE            = 5216
+	SYS_TIMER_SETTIME           = 5217
+	SYS_TIMER_GETTIME           = 5218
+	SYS_TIMER_GETOVERRUN        = 5219
+	SYS_TIMER_DELETE            = 5220
+	SYS_CLOCK_SETTIME           = 5221
+	SYS_CLOCK_GETTIME           = 5222
+	SYS_CLOCK_GETRES            = 5223
+	SYS_CLOCK_NANOSLEEP         = 5224
+	SYS_TGKILL                  = 5225
+	SYS_UTIMES                  = 5226
+	SYS_MBIND                   = 5227
+	SYS_GET_MEMPOLICY           = 5228
+	SYS_SET_MEMPOLICY           = 5229
+	SYS_MQ_OPEN                 = 5230
+	SYS_MQ_UNLINK               = 5231
+	SYS_MQ_TIMEDSEND            = 5232
+	SYS_MQ_TIMEDRECEIVE         = 5233
+	SYS_MQ_NOTIFY               = 5234
+	SYS_MQ_GETSETATTR           = 5235
+	SYS_VSERVER                 = 5236
+	SYS_WAITID                  = 5237
+	SYS_ADD_KEY                 = 5239
+	SYS_REQUEST_KEY             = 5240
+	SYS_KEYCTL                  = 5241
+	SYS_SET_THREAD_AREA         = 5242
+	SYS_INOTIFY_INIT            = 5243
+	SYS_INOTIFY_ADD_WATCH       = 5244
+	SYS_INOTIFY_RM_WATCH        = 5245
+	SYS_MIGRATE_PAGES           = 5246
+	SYS_OPENAT                  = 5247
+	SYS_MKDIRAT                 = 5248
+	SYS_MKNODAT                 = 5249
+	SYS_FCHOWNAT                = 5250
+	SYS_FUTIMESAT               = 5251
+	SYS_NEWFSTATAT              = 5252
+	SYS_UNLINKAT                = 5253
+	SYS_RENAMEAT                = 5254
+	SYS_LINKAT                  = 5255
+	SYS_SYMLINKAT               = 5256
+	SYS_READLINKAT              = 5257
+	SYS_FCHMODAT                = 5258
+	SYS_FACCESSAT               = 5259
+	SYS_PSELECT6                = 5260
+	SYS_PPOLL                   = 5261
+	SYS_UNSHARE                 = 5262
+	SYS_SPLICE                  = 5263
+	SYS_SYNC_FILE_RANGE         = 5264
+	SYS_TEE                     = 5265
+	SYS_VMSPLICE                = 5266
+	SYS_MOVE_PAGES              = 5267
+	SYS_SET_ROBUST_LIST         = 5268
+	SYS_GET_ROBUST_LIST         = 5269
+	SYS_KEXEC_LOAD              = 5270
+	SYS_GETCPU                  = 5271
+	SYS_EPOLL_PWAIT             = 5272
+	SYS_IOPRIO_SET              = 5273
+	SYS_IOPRIO_GET              = 5274
+	SYS_UTIMENSAT               = 5275
+	SYS_SIGNALFD                = 5276
+	SYS_TIMERFD                 = 5277
+	SYS_EVENTFD                 = 5278
+	SYS_FALLOCATE               = 5279
+	SYS_TIMERFD_CREATE          = 5280
+	SYS_TIMERFD_GETTIME         = 5281
+	SYS_TIMERFD_SETTIME         = 5282
+	SYS_SIGNALFD4               = 5283
+	SYS_EVENTFD2                = 5284
+	SYS_EPOLL_CREATE1           = 5285
+	SYS_DUP3                    = 5286
+	SYS_PIPE2                   = 5287
+	SYS_INOTIFY_INIT1           = 5288
+	SYS_PREADV                  = 5289
+	SYS_PWRITEV                 = 5290
+	SYS_RT_TGSIGQUEUEINFO       = 5291
+	SYS_PERF_EVENT_OPEN         = 5292
+	SYS_ACCEPT4                 = 5293
+	SYS_RECVMMSG                = 5294
+	SYS_FANOTIFY_INIT           = 5295
+	SYS_FANOTIFY_MARK           = 5296
+	SYS_PRLIMIT64               = 5297
+	SYS_NAME_TO_HANDLE_AT       = 5298
+	SYS_OPEN_BY_HANDLE_AT       = 5299
+	SYS_CLOCK_ADJTIME           = 5300
+	SYS_SYNCFS                  = 5301
+	SYS_SENDMMSG                = 5302
+	SYS_SETNS                   = 5303
+	SYS_PROCESS_VM_READV        = 5304
+	SYS_PROCESS_VM_WRITEV       = 5305
+	SYS_KCMP                    = 5306
+	SYS_FINIT_MODULE            = 5307
+	SYS_GETDENTS64              = 5308
+	SYS_SCHED_SETATTR           = 5309
+	SYS_SCHED_GETATTR           = 5310
+	SYS_RENAMEAT2               = 5311
+	SYS_SECCOMP                 = 5312
+	SYS_GETRANDOM               = 5313
+	SYS_MEMFD_CREATE            = 5314
+	SYS_BPF                     = 5315
+	SYS_EXECVEAT                = 5316
+	SYS_USERFAULTFD             = 5317
+	SYS_MEMBARRIER              = 5318
+	SYS_MLOCK2                  = 5319
+	SYS_COPY_FILE_RANGE         = 5320
+	SYS_PREADV2                 = 5321
+	SYS_PWRITEV2                = 5322
+	SYS_PKEY_MPROTECT           = 5323
+	SYS_PKEY_ALLOC              = 5324
+	SYS_PKEY_FREE               = 5325
+	SYS_STATX                   = 5326
+	SYS_RSEQ                    = 5327
+	SYS_IO_PGETEVENTS           = 5328
+	SYS_PIDFD_SEND_SIGNAL       = 5424
+	SYS_IO_URING_SETUP          = 5425
+	SYS_IO_URING_ENTER          = 5426
+	SYS_IO_URING_REGISTER       = 5427
+	SYS_OPEN_TREE               = 5428
+	SYS_MOVE_MOUNT              = 5429
+	SYS_FSOPEN                  = 5430
+	SYS_FSCONFIG                = 5431
+	SYS_FSMOUNT                 = 5432
+	SYS_FSPICK                  = 5433
+	SYS_PIDFD_OPEN              = 5434
+	SYS_CLONE3                  = 5435
+	SYS_CLOSE_RANGE             = 5436
+	SYS_OPENAT2                 = 5437
+	SYS_PIDFD_GETFD             = 5438
+	SYS_FACCESSAT2              = 5439
+	SYS_PROCESS_MADVISE         = 5440
+	SYS_EPOLL_PWAIT2            = 5441
+	SYS_MOUNT_SETATTR           = 5442
+	SYS_QUOTACTL_FD             = 5443
+	SYS_LANDLOCK_CREATE_RULESET = 5444
+	SYS_LANDLOCK_ADD_RULE       = 5445
+	SYS_LANDLOCK_RESTRICT_SELF  = 5446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 62ccac4b74212..570a857a56ead 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -1,375 +1,431 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mipsle && linux
 // +build mipsle,linux
 
 package unix
 
 const (
-	SYS_SYSCALL                = 4000
-	SYS_EXIT                   = 4001
-	SYS_FORK                   = 4002
-	SYS_READ                   = 4003
-	SYS_WRITE                  = 4004
-	SYS_OPEN                   = 4005
-	SYS_CLOSE                  = 4006
-	SYS_WAITPID                = 4007
-	SYS_CREAT                  = 4008
-	SYS_LINK                   = 4009
-	SYS_UNLINK                 = 4010
-	SYS_EXECVE                 = 4011
-	SYS_CHDIR                  = 4012
-	SYS_TIME                   = 4013
-	SYS_MKNOD                  = 4014
-	SYS_CHMOD                  = 4015
-	SYS_LCHOWN                 = 4016
-	SYS_BREAK                  = 4017
-	SYS_UNUSED18               = 4018
-	SYS_LSEEK                  = 4019
-	SYS_GETPID                 = 4020
-	SYS_MOUNT                  = 4021
-	SYS_UMOUNT                 = 4022
-	SYS_SETUID                 = 4023
-	SYS_GETUID                 = 4024
-	SYS_STIME                  = 4025
-	SYS_PTRACE                 = 4026
-	SYS_ALARM                  = 4027
-	SYS_UNUSED28               = 4028
-	SYS_PAUSE                  = 4029
-	SYS_UTIME                  = 4030
-	SYS_STTY                   = 4031
-	SYS_GTTY                   = 4032
-	SYS_ACCESS                 = 4033
-	SYS_NICE                   = 4034
-	SYS_FTIME                  = 4035
-	SYS_SYNC                   = 4036
-	SYS_KILL                   = 4037
-	SYS_RENAME                 = 4038
-	SYS_MKDIR                  = 4039
-	SYS_RMDIR                  = 4040
-	SYS_DUP                    = 4041
-	SYS_PIPE                   = 4042
-	SYS_TIMES                  = 4043
-	SYS_PROF                   = 4044
-	SYS_BRK                    = 4045
-	SYS_SETGID                 = 4046
-	SYS_GETGID                 = 4047
-	SYS_SIGNAL                 = 4048
-	SYS_GETEUID                = 4049
-	SYS_GETEGID                = 4050
-	SYS_ACCT                   = 4051
-	SYS_UMOUNT2                = 4052
-	SYS_LOCK                   = 4053
-	SYS_IOCTL                  = 4054
-	SYS_FCNTL                  = 4055
-	SYS_MPX                    = 4056
-	SYS_SETPGID                = 4057
-	SYS_ULIMIT                 = 4058
-	SYS_UNUSED59               = 4059
-	SYS_UMASK                  = 4060
-	SYS_CHROOT                 = 4061
-	SYS_USTAT                  = 4062
-	SYS_DUP2                   = 4063
-	SYS_GETPPID                = 4064
-	SYS_GETPGRP                = 4065
-	SYS_SETSID                 = 4066
-	SYS_SIGACTION              = 4067
-	SYS_SGETMASK               = 4068
-	SYS_SSETMASK               = 4069
-	SYS_SETREUID               = 4070
-	SYS_SETREGID               = 4071
-	SYS_SIGSUSPEND             = 4072
-	SYS_SIGPENDING             = 4073
-	SYS_SETHOSTNAME            = 4074
-	SYS_SETRLIMIT              = 4075
-	SYS_GETRLIMIT              = 4076
-	SYS_GETRUSAGE              = 4077
-	SYS_GETTIMEOFDAY           = 4078
-	SYS_SETTIMEOFDAY           = 4079
-	SYS_GETGROUPS              = 4080
-	SYS_SETGROUPS              = 4081
-	SYS_RESERVED82             = 4082
-	SYS_SYMLINK                = 4083
-	SYS_UNUSED84               = 4084
-	SYS_READLINK               = 4085
-	SYS_USELIB                 = 4086
-	SYS_SWAPON                 = 4087
-	SYS_REBOOT                 = 4088
-	SYS_READDIR                = 4089
-	SYS_MMAP                   = 4090
-	SYS_MUNMAP                 = 4091
-	SYS_TRUNCATE               = 4092
-	SYS_FTRUNCATE              = 4093
-	SYS_FCHMOD                 = 4094
-	SYS_FCHOWN                 = 4095
-	SYS_GETPRIORITY            = 4096
-	SYS_SETPRIORITY            = 4097
-	SYS_PROFIL                 = 4098
-	SYS_STATFS                 = 4099
-	SYS_FSTATFS                = 4100
-	SYS_IOPERM                 = 4101
-	SYS_SOCKETCALL             = 4102
-	SYS_SYSLOG                 = 4103
-	SYS_SETITIMER              = 4104
-	SYS_GETITIMER              = 4105
-	SYS_STAT                   = 4106
-	SYS_LSTAT                  = 4107
-	SYS_FSTAT                  = 4108
-	SYS_UNUSED109              = 4109
-	SYS_IOPL                   = 4110
-	SYS_VHANGUP                = 4111
-	SYS_IDLE                   = 4112
-	SYS_VM86                   = 4113
-	SYS_WAIT4                  = 4114
-	SYS_SWAPOFF                = 4115
-	SYS_SYSINFO                = 4116
-	SYS_IPC                    = 4117
-	SYS_FSYNC                  = 4118
-	SYS_SIGRETURN              = 4119
-	SYS_CLONE                  = 4120
-	SYS_SETDOMAINNAME          = 4121
-	SYS_UNAME                  = 4122
-	SYS_MODIFY_LDT             = 4123
-	SYS_ADJTIMEX               = 4124
-	SYS_MPROTECT               = 4125
-	SYS_SIGPROCMASK            = 4126
-	SYS_CREATE_MODULE          = 4127
-	SYS_INIT_MODULE            = 4128
-	SYS_DELETE_MODULE          = 4129
-	SYS_GET_KERNEL_SYMS        = 4130
-	SYS_QUOTACTL               = 4131
-	SYS_GETPGID                = 4132
-	SYS_FCHDIR                 = 4133
-	SYS_BDFLUSH                = 4134
-	SYS_SYSFS                  = 4135
-	SYS_PERSONALITY            = 4136
-	SYS_AFS_SYSCALL            = 4137
-	SYS_SETFSUID               = 4138
-	SYS_SETFSGID               = 4139
-	SYS__LLSEEK                = 4140
-	SYS_GETDENTS               = 4141
-	SYS__NEWSELECT             = 4142
-	SYS_FLOCK                  = 4143
-	SYS_MSYNC                  = 4144
-	SYS_READV                  = 4145
-	SYS_WRITEV                 = 4146
-	SYS_CACHEFLUSH             = 4147
-	SYS_CACHECTL               = 4148
-	SYS_SYSMIPS                = 4149
-	SYS_UNUSED150              = 4150
-	SYS_GETSID                 = 4151
-	SYS_FDATASYNC              = 4152
-	SYS__SYSCTL                = 4153
-	SYS_MLOCK                  = 4154
-	SYS_MUNLOCK                = 4155
-	SYS_MLOCKALL               = 4156
-	SYS_MUNLOCKALL             = 4157
-	SYS_SCHED_SETPARAM         = 4158
-	SYS_SCHED_GETPARAM         = 4159
-	SYS_SCHED_SETSCHEDULER     = 4160
-	SYS_SCHED_GETSCHEDULER     = 4161
-	SYS_SCHED_YIELD            = 4162
-	SYS_SCHED_GET_PRIORITY_MAX = 4163
-	SYS_SCHED_GET_PRIORITY_MIN = 4164
-	SYS_SCHED_RR_GET_INTERVAL  = 4165
-	SYS_NANOSLEEP              = 4166
-	SYS_MREMAP                 = 4167
-	SYS_ACCEPT                 = 4168
-	SYS_BIND                   = 4169
-	SYS_CONNECT                = 4170
-	SYS_GETPEERNAME            = 4171
-	SYS_GETSOCKNAME            = 4172
-	SYS_GETSOCKOPT             = 4173
-	SYS_LISTEN                 = 4174
-	SYS_RECV                   = 4175
-	SYS_RECVFROM               = 4176
-	SYS_RECVMSG                = 4177
-	SYS_SEND                   = 4178
-	SYS_SENDMSG                = 4179
-	SYS_SENDTO                 = 4180
-	SYS_SETSOCKOPT             = 4181
-	SYS_SHUTDOWN               = 4182
-	SYS_SOCKET                 = 4183
-	SYS_SOCKETPAIR             = 4184
-	SYS_SETRESUID              = 4185
-	SYS_GETRESUID              = 4186
-	SYS_QUERY_MODULE           = 4187
-	SYS_POLL                   = 4188
-	SYS_NFSSERVCTL             = 4189
-	SYS_SETRESGID              = 4190
-	SYS_GETRESGID              = 4191
-	SYS_PRCTL                  = 4192
-	SYS_RT_SIGRETURN           = 4193
-	SYS_RT_SIGACTION           = 4194
-	SYS_RT_SIGPROCMASK         = 4195
-	SYS_RT_SIGPENDING          = 4196
-	SYS_RT_SIGTIMEDWAIT        = 4197
-	SYS_RT_SIGQUEUEINFO        = 4198
-	SYS_RT_SIGSUSPEND          = 4199
-	SYS_PREAD64                = 4200
-	SYS_PWRITE64               = 4201
-	SYS_CHOWN                  = 4202
-	SYS_GETCWD                 = 4203
-	SYS_CAPGET                 = 4204
-	SYS_CAPSET                 = 4205
-	SYS_SIGALTSTACK            = 4206
-	SYS_SENDFILE               = 4207
-	SYS_GETPMSG                = 4208
-	SYS_PUTPMSG                = 4209
-	SYS_MMAP2                  = 4210
-	SYS_TRUNCATE64             = 4211
-	SYS_FTRUNCATE64            = 4212
-	SYS_STAT64                 = 4213
-	SYS_LSTAT64                = 4214
-	SYS_FSTAT64                = 4215
-	SYS_PIVOT_ROOT             = 4216
-	SYS_MINCORE                = 4217
-	SYS_MADVISE                = 4218
-	SYS_GETDENTS64             = 4219
-	SYS_FCNTL64                = 4220
-	SYS_RESERVED221            = 4221
-	SYS_GETTID                 = 4222
-	SYS_READAHEAD              = 4223
-	SYS_SETXATTR               = 4224
-	SYS_LSETXATTR              = 4225
-	SYS_FSETXATTR              = 4226
-	SYS_GETXATTR               = 4227
-	SYS_LGETXATTR              = 4228
-	SYS_FGETXATTR              = 4229
-	SYS_LISTXATTR              = 4230
-	SYS_LLISTXATTR             = 4231
-	SYS_FLISTXATTR             = 4232
-	SYS_REMOVEXATTR            = 4233
-	SYS_LREMOVEXATTR           = 4234
-	SYS_FREMOVEXATTR           = 4235
-	SYS_TKILL                  = 4236
-	SYS_SENDFILE64             = 4237
-	SYS_FUTEX                  = 4238
-	SYS_SCHED_SETAFFINITY      = 4239
-	SYS_SCHED_GETAFFINITY      = 4240
-	SYS_IO_SETUP               = 4241
-	SYS_IO_DESTROY             = 4242
-	SYS_IO_GETEVENTS           = 4243
-	SYS_IO_SUBMIT              = 4244
-	SYS_IO_CANCEL              = 4245
-	SYS_EXIT_GROUP             = 4246
-	SYS_LOOKUP_DCOOKIE         = 4247
-	SYS_EPOLL_CREATE           = 4248
-	SYS_EPOLL_CTL              = 4249
-	SYS_EPOLL_WAIT             = 4250
-	SYS_REMAP_FILE_PAGES       = 4251
-	SYS_SET_TID_ADDRESS        = 4252
-	SYS_RESTART_SYSCALL        = 4253
-	SYS_FADVISE64              = 4254
-	SYS_STATFS64               = 4255
-	SYS_FSTATFS64              = 4256
-	SYS_TIMER_CREATE           = 4257
-	SYS_TIMER_SETTIME          = 4258
-	SYS_TIMER_GETTIME          = 4259
-	SYS_TIMER_GETOVERRUN       = 4260
-	SYS_TIMER_DELETE           = 4261
-	SYS_CLOCK_SETTIME          = 4262
-	SYS_CLOCK_GETTIME          = 4263
-	SYS_CLOCK_GETRES           = 4264
-	SYS_CLOCK_NANOSLEEP        = 4265
-	SYS_TGKILL                 = 4266
-	SYS_UTIMES                 = 4267
-	SYS_MBIND                  = 4268
-	SYS_GET_MEMPOLICY          = 4269
-	SYS_SET_MEMPOLICY          = 4270
-	SYS_MQ_OPEN                = 4271
-	SYS_MQ_UNLINK              = 4272
-	SYS_MQ_TIMEDSEND           = 4273
-	SYS_MQ_TIMEDRECEIVE        = 4274
-	SYS_MQ_NOTIFY              = 4275
-	SYS_MQ_GETSETATTR          = 4276
-	SYS_VSERVER                = 4277
-	SYS_WAITID                 = 4278
-	SYS_ADD_KEY                = 4280
-	SYS_REQUEST_KEY            = 4281
-	SYS_KEYCTL                 = 4282
-	SYS_SET_THREAD_AREA        = 4283
-	SYS_INOTIFY_INIT           = 4284
-	SYS_INOTIFY_ADD_WATCH      = 4285
-	SYS_INOTIFY_RM_WATCH       = 4286
-	SYS_MIGRATE_PAGES          = 4287
-	SYS_OPENAT                 = 4288
-	SYS_MKDIRAT                = 4289
-	SYS_MKNODAT                = 4290
-	SYS_FCHOWNAT               = 4291
-	SYS_FUTIMESAT              = 4292
-	SYS_FSTATAT64              = 4293
-	SYS_UNLINKAT               = 4294
-	SYS_RENAMEAT               = 4295
-	SYS_LINKAT                 = 4296
-	SYS_SYMLINKAT              = 4297
-	SYS_READLINKAT             = 4298
-	SYS_FCHMODAT               = 4299
-	SYS_FACCESSAT              = 4300
-	SYS_PSELECT6               = 4301
-	SYS_PPOLL                  = 4302
-	SYS_UNSHARE                = 4303
-	SYS_SPLICE                 = 4304
-	SYS_SYNC_FILE_RANGE        = 4305
-	SYS_TEE                    = 4306
-	SYS_VMSPLICE               = 4307
-	SYS_MOVE_PAGES             = 4308
-	SYS_SET_ROBUST_LIST        = 4309
-	SYS_GET_ROBUST_LIST        = 4310
-	SYS_KEXEC_LOAD             = 4311
-	SYS_GETCPU                 = 4312
-	SYS_EPOLL_PWAIT            = 4313
-	SYS_IOPRIO_SET             = 4314
-	SYS_IOPRIO_GET             = 4315
-	SYS_UTIMENSAT              = 4316
-	SYS_SIGNALFD               = 4317
-	SYS_TIMERFD                = 4318
-	SYS_EVENTFD                = 4319
-	SYS_FALLOCATE              = 4320
-	SYS_TIMERFD_CREATE         = 4321
-	SYS_TIMERFD_GETTIME        = 4322
-	SYS_TIMERFD_SETTIME        = 4323
-	SYS_SIGNALFD4              = 4324
-	SYS_EVENTFD2               = 4325
-	SYS_EPOLL_CREATE1          = 4326
-	SYS_DUP3                   = 4327
-	SYS_PIPE2                  = 4328
-	SYS_INOTIFY_INIT1          = 4329
-	SYS_PREADV                 = 4330
-	SYS_PWRITEV                = 4331
-	SYS_RT_TGSIGQUEUEINFO      = 4332
-	SYS_PERF_EVENT_OPEN        = 4333
-	SYS_ACCEPT4                = 4334
-	SYS_RECVMMSG               = 4335
-	SYS_FANOTIFY_INIT          = 4336
-	SYS_FANOTIFY_MARK          = 4337
-	SYS_PRLIMIT64              = 4338
-	SYS_NAME_TO_HANDLE_AT      = 4339
-	SYS_OPEN_BY_HANDLE_AT      = 4340
-	SYS_CLOCK_ADJTIME          = 4341
-	SYS_SYNCFS                 = 4342
-	SYS_SENDMMSG               = 4343
-	SYS_SETNS                  = 4344
-	SYS_PROCESS_VM_READV       = 4345
-	SYS_PROCESS_VM_WRITEV      = 4346
-	SYS_KCMP                   = 4347
-	SYS_FINIT_MODULE           = 4348
-	SYS_SCHED_SETATTR          = 4349
-	SYS_SCHED_GETATTR          = 4350
-	SYS_RENAMEAT2              = 4351
-	SYS_SECCOMP                = 4352
-	SYS_GETRANDOM              = 4353
-	SYS_MEMFD_CREATE           = 4354
-	SYS_BPF                    = 4355
-	SYS_EXECVEAT               = 4356
-	SYS_USERFAULTFD            = 4357
-	SYS_MEMBARRIER             = 4358
-	SYS_MLOCK2                 = 4359
-	SYS_COPY_FILE_RANGE        = 4360
-	SYS_PREADV2                = 4361
-	SYS_PWRITEV2               = 4362
-	SYS_PKEY_MPROTECT          = 4363
-	SYS_PKEY_ALLOC             = 4364
-	SYS_PKEY_FREE              = 4365
-	SYS_STATX                  = 4366
+	SYS_SYSCALL                      = 4000
+	SYS_EXIT                         = 4001
+	SYS_FORK                         = 4002
+	SYS_READ                         = 4003
+	SYS_WRITE                        = 4004
+	SYS_OPEN                         = 4005
+	SYS_CLOSE                        = 4006
+	SYS_WAITPID                      = 4007
+	SYS_CREAT                        = 4008
+	SYS_LINK                         = 4009
+	SYS_UNLINK                       = 4010
+	SYS_EXECVE                       = 4011
+	SYS_CHDIR                        = 4012
+	SYS_TIME                         = 4013
+	SYS_MKNOD                        = 4014
+	SYS_CHMOD                        = 4015
+	SYS_LCHOWN                       = 4016
+	SYS_BREAK                        = 4017
+	SYS_UNUSED18                     = 4018
+	SYS_LSEEK                        = 4019
+	SYS_GETPID                       = 4020
+	SYS_MOUNT                        = 4021
+	SYS_UMOUNT                       = 4022
+	SYS_SETUID                       = 4023
+	SYS_GETUID                       = 4024
+	SYS_STIME                        = 4025
+	SYS_PTRACE                       = 4026
+	SYS_ALARM                        = 4027
+	SYS_UNUSED28                     = 4028
+	SYS_PAUSE                        = 4029
+	SYS_UTIME                        = 4030
+	SYS_STTY                         = 4031
+	SYS_GTTY                         = 4032
+	SYS_ACCESS                       = 4033
+	SYS_NICE                         = 4034
+	SYS_FTIME                        = 4035
+	SYS_SYNC                         = 4036
+	SYS_KILL                         = 4037
+	SYS_RENAME                       = 4038
+	SYS_MKDIR                        = 4039
+	SYS_RMDIR                        = 4040
+	SYS_DUP                          = 4041
+	SYS_PIPE                         = 4042
+	SYS_TIMES                        = 4043
+	SYS_PROF                         = 4044
+	SYS_BRK                          = 4045
+	SYS_SETGID                       = 4046
+	SYS_GETGID                       = 4047
+	SYS_SIGNAL                       = 4048
+	SYS_GETEUID                      = 4049
+	SYS_GETEGID                      = 4050
+	SYS_ACCT                         = 4051
+	SYS_UMOUNT2                      = 4052
+	SYS_LOCK                         = 4053
+	SYS_IOCTL                        = 4054
+	SYS_FCNTL                        = 4055
+	SYS_MPX                          = 4056
+	SYS_SETPGID                      = 4057
+	SYS_ULIMIT                       = 4058
+	SYS_UNUSED59                     = 4059
+	SYS_UMASK                        = 4060
+	SYS_CHROOT                       = 4061
+	SYS_USTAT                        = 4062
+	SYS_DUP2                         = 4063
+	SYS_GETPPID                      = 4064
+	SYS_GETPGRP                      = 4065
+	SYS_SETSID                       = 4066
+	SYS_SIGACTION                    = 4067
+	SYS_SGETMASK                     = 4068
+	SYS_SSETMASK                     = 4069
+	SYS_SETREUID                     = 4070
+	SYS_SETREGID                     = 4071
+	SYS_SIGSUSPEND                   = 4072
+	SYS_SIGPENDING                   = 4073
+	SYS_SETHOSTNAME                  = 4074
+	SYS_SETRLIMIT                    = 4075
+	SYS_GETRLIMIT                    = 4076
+	SYS_GETRUSAGE                    = 4077
+	SYS_GETTIMEOFDAY                 = 4078
+	SYS_SETTIMEOFDAY                 = 4079
+	SYS_GETGROUPS                    = 4080
+	SYS_SETGROUPS                    = 4081
+	SYS_RESERVED82                   = 4082
+	SYS_SYMLINK                      = 4083
+	SYS_UNUSED84                     = 4084
+	SYS_READLINK                     = 4085
+	SYS_USELIB                       = 4086
+	SYS_SWAPON                       = 4087
+	SYS_REBOOT                       = 4088
+	SYS_READDIR                      = 4089
+	SYS_MMAP                         = 4090
+	SYS_MUNMAP                       = 4091
+	SYS_TRUNCATE                     = 4092
+	SYS_FTRUNCATE                    = 4093
+	SYS_FCHMOD                       = 4094
+	SYS_FCHOWN                       = 4095
+	SYS_GETPRIORITY                  = 4096
+	SYS_SETPRIORITY                  = 4097
+	SYS_PROFIL                       = 4098
+	SYS_STATFS                       = 4099
+	SYS_FSTATFS                      = 4100
+	SYS_IOPERM                       = 4101
+	SYS_SOCKETCALL                   = 4102
+	SYS_SYSLOG                       = 4103
+	SYS_SETITIMER                    = 4104
+	SYS_GETITIMER                    = 4105
+	SYS_STAT                         = 4106
+	SYS_LSTAT                        = 4107
+	SYS_FSTAT                        = 4108
+	SYS_UNUSED109                    = 4109
+	SYS_IOPL                         = 4110
+	SYS_VHANGUP                      = 4111
+	SYS_IDLE                         = 4112
+	SYS_VM86                         = 4113
+	SYS_WAIT4                        = 4114
+	SYS_SWAPOFF                      = 4115
+	SYS_SYSINFO                      = 4116
+	SYS_IPC                          = 4117
+	SYS_FSYNC                        = 4118
+	SYS_SIGRETURN                    = 4119
+	SYS_CLONE                        = 4120
+	SYS_SETDOMAINNAME                = 4121
+	SYS_UNAME                        = 4122
+	SYS_MODIFY_LDT                   = 4123
+	SYS_ADJTIMEX                     = 4124
+	SYS_MPROTECT                     = 4125
+	SYS_SIGPROCMASK                  = 4126
+	SYS_CREATE_MODULE                = 4127
+	SYS_INIT_MODULE                  = 4128
+	SYS_DELETE_MODULE                = 4129
+	SYS_GET_KERNEL_SYMS              = 4130
+	SYS_QUOTACTL                     = 4131
+	SYS_GETPGID                      = 4132
+	SYS_FCHDIR                       = 4133
+	SYS_BDFLUSH                      = 4134
+	SYS_SYSFS                        = 4135
+	SYS_PERSONALITY                  = 4136
+	SYS_AFS_SYSCALL                  = 4137
+	SYS_SETFSUID                     = 4138
+	SYS_SETFSGID                     = 4139
+	SYS__LLSEEK                      = 4140
+	SYS_GETDENTS                     = 4141
+	SYS__NEWSELECT                   = 4142
+	SYS_FLOCK                        = 4143
+	SYS_MSYNC                        = 4144
+	SYS_READV                        = 4145
+	SYS_WRITEV                       = 4146
+	SYS_CACHEFLUSH                   = 4147
+	SYS_CACHECTL                     = 4148
+	SYS_SYSMIPS                      = 4149
+	SYS_UNUSED150                    = 4150
+	SYS_GETSID                       = 4151
+	SYS_FDATASYNC                    = 4152
+	SYS__SYSCTL                      = 4153
+	SYS_MLOCK                        = 4154
+	SYS_MUNLOCK                      = 4155
+	SYS_MLOCKALL                     = 4156
+	SYS_MUNLOCKALL                   = 4157
+	SYS_SCHED_SETPARAM               = 4158
+	SYS_SCHED_GETPARAM               = 4159
+	SYS_SCHED_SETSCHEDULER           = 4160
+	SYS_SCHED_GETSCHEDULER           = 4161
+	SYS_SCHED_YIELD                  = 4162
+	SYS_SCHED_GET_PRIORITY_MAX       = 4163
+	SYS_SCHED_GET_PRIORITY_MIN       = 4164
+	SYS_SCHED_RR_GET_INTERVAL        = 4165
+	SYS_NANOSLEEP                    = 4166
+	SYS_MREMAP                       = 4167
+	SYS_ACCEPT                       = 4168
+	SYS_BIND                         = 4169
+	SYS_CONNECT                      = 4170
+	SYS_GETPEERNAME                  = 4171
+	SYS_GETSOCKNAME                  = 4172
+	SYS_GETSOCKOPT                   = 4173
+	SYS_LISTEN                       = 4174
+	SYS_RECV                         = 4175
+	SYS_RECVFROM                     = 4176
+	SYS_RECVMSG                      = 4177
+	SYS_SEND                         = 4178
+	SYS_SENDMSG                      = 4179
+	SYS_SENDTO                       = 4180
+	SYS_SETSOCKOPT                   = 4181
+	SYS_SHUTDOWN                     = 4182
+	SYS_SOCKET                       = 4183
+	SYS_SOCKETPAIR                   = 4184
+	SYS_SETRESUID                    = 4185
+	SYS_GETRESUID                    = 4186
+	SYS_QUERY_MODULE                 = 4187
+	SYS_POLL                         = 4188
+	SYS_NFSSERVCTL                   = 4189
+	SYS_SETRESGID                    = 4190
+	SYS_GETRESGID                    = 4191
+	SYS_PRCTL                        = 4192
+	SYS_RT_SIGRETURN                 = 4193
+	SYS_RT_SIGACTION                 = 4194
+	SYS_RT_SIGPROCMASK               = 4195
+	SYS_RT_SIGPENDING                = 4196
+	SYS_RT_SIGTIMEDWAIT              = 4197
+	SYS_RT_SIGQUEUEINFO              = 4198
+	SYS_RT_SIGSUSPEND                = 4199
+	SYS_PREAD64                      = 4200
+	SYS_PWRITE64                     = 4201
+	SYS_CHOWN                        = 4202
+	SYS_GETCWD                       = 4203
+	SYS_CAPGET                       = 4204
+	SYS_CAPSET                       = 4205
+	SYS_SIGALTSTACK                  = 4206
+	SYS_SENDFILE                     = 4207
+	SYS_GETPMSG                      = 4208
+	SYS_PUTPMSG                      = 4209
+	SYS_MMAP2                        = 4210
+	SYS_TRUNCATE64                   = 4211
+	SYS_FTRUNCATE64                  = 4212
+	SYS_STAT64                       = 4213
+	SYS_LSTAT64                      = 4214
+	SYS_FSTAT64                      = 4215
+	SYS_PIVOT_ROOT                   = 4216
+	SYS_MINCORE                      = 4217
+	SYS_MADVISE                      = 4218
+	SYS_GETDENTS64                   = 4219
+	SYS_FCNTL64                      = 4220
+	SYS_RESERVED221                  = 4221
+	SYS_GETTID                       = 4222
+	SYS_READAHEAD                    = 4223
+	SYS_SETXATTR                     = 4224
+	SYS_LSETXATTR                    = 4225
+	SYS_FSETXATTR                    = 4226
+	SYS_GETXATTR                     = 4227
+	SYS_LGETXATTR                    = 4228
+	SYS_FGETXATTR                    = 4229
+	SYS_LISTXATTR                    = 4230
+	SYS_LLISTXATTR                   = 4231
+	SYS_FLISTXATTR                   = 4232
+	SYS_REMOVEXATTR                  = 4233
+	SYS_LREMOVEXATTR                 = 4234
+	SYS_FREMOVEXATTR                 = 4235
+	SYS_TKILL                        = 4236
+	SYS_SENDFILE64                   = 4237
+	SYS_FUTEX                        = 4238
+	SYS_SCHED_SETAFFINITY            = 4239
+	SYS_SCHED_GETAFFINITY            = 4240
+	SYS_IO_SETUP                     = 4241
+	SYS_IO_DESTROY                   = 4242
+	SYS_IO_GETEVENTS                 = 4243
+	SYS_IO_SUBMIT                    = 4244
+	SYS_IO_CANCEL                    = 4245
+	SYS_EXIT_GROUP                   = 4246
+	SYS_LOOKUP_DCOOKIE               = 4247
+	SYS_EPOLL_CREATE                 = 4248
+	SYS_EPOLL_CTL                    = 4249
+	SYS_EPOLL_WAIT                   = 4250
+	SYS_REMAP_FILE_PAGES             = 4251
+	SYS_SET_TID_ADDRESS              = 4252
+	SYS_RESTART_SYSCALL              = 4253
+	SYS_FADVISE64                    = 4254
+	SYS_STATFS64                     = 4255
+	SYS_FSTATFS64                    = 4256
+	SYS_TIMER_CREATE                 = 4257
+	SYS_TIMER_SETTIME                = 4258
+	SYS_TIMER_GETTIME                = 4259
+	SYS_TIMER_GETOVERRUN             = 4260
+	SYS_TIMER_DELETE                 = 4261
+	SYS_CLOCK_SETTIME                = 4262
+	SYS_CLOCK_GETTIME                = 4263
+	SYS_CLOCK_GETRES                 = 4264
+	SYS_CLOCK_NANOSLEEP              = 4265
+	SYS_TGKILL                       = 4266
+	SYS_UTIMES                       = 4267
+	SYS_MBIND                        = 4268
+	SYS_GET_MEMPOLICY                = 4269
+	SYS_SET_MEMPOLICY                = 4270
+	SYS_MQ_OPEN                      = 4271
+	SYS_MQ_UNLINK                    = 4272
+	SYS_MQ_TIMEDSEND                 = 4273
+	SYS_MQ_TIMEDRECEIVE              = 4274
+	SYS_MQ_NOTIFY                    = 4275
+	SYS_MQ_GETSETATTR                = 4276
+	SYS_VSERVER                      = 4277
+	SYS_WAITID                       = 4278
+	SYS_ADD_KEY                      = 4280
+	SYS_REQUEST_KEY                  = 4281
+	SYS_KEYCTL                       = 4282
+	SYS_SET_THREAD_AREA              = 4283
+	SYS_INOTIFY_INIT                 = 4284
+	SYS_INOTIFY_ADD_WATCH            = 4285
+	SYS_INOTIFY_RM_WATCH             = 4286
+	SYS_MIGRATE_PAGES                = 4287
+	SYS_OPENAT                       = 4288
+	SYS_MKDIRAT                      = 4289
+	SYS_MKNODAT                      = 4290
+	SYS_FCHOWNAT                     = 4291
+	SYS_FUTIMESAT                    = 4292
+	SYS_FSTATAT64                    = 4293
+	SYS_UNLINKAT                     = 4294
+	SYS_RENAMEAT                     = 4295
+	SYS_LINKAT                       = 4296
+	SYS_SYMLINKAT                    = 4297
+	SYS_READLINKAT                   = 4298
+	SYS_FCHMODAT                     = 4299
+	SYS_FACCESSAT                    = 4300
+	SYS_PSELECT6                     = 4301
+	SYS_PPOLL                        = 4302
+	SYS_UNSHARE                      = 4303
+	SYS_SPLICE                       = 4304
+	SYS_SYNC_FILE_RANGE              = 4305
+	SYS_TEE                          = 4306
+	SYS_VMSPLICE                     = 4307
+	SYS_MOVE_PAGES                   = 4308
+	SYS_SET_ROBUST_LIST              = 4309
+	SYS_GET_ROBUST_LIST              = 4310
+	SYS_KEXEC_LOAD                   = 4311
+	SYS_GETCPU                       = 4312
+	SYS_EPOLL_PWAIT                  = 4313
+	SYS_IOPRIO_SET                   = 4314
+	SYS_IOPRIO_GET                   = 4315
+	SYS_UTIMENSAT                    = 4316
+	SYS_SIGNALFD                     = 4317
+	SYS_TIMERFD                      = 4318
+	SYS_EVENTFD                      = 4319
+	SYS_FALLOCATE                    = 4320
+	SYS_TIMERFD_CREATE               = 4321
+	SYS_TIMERFD_GETTIME              = 4322
+	SYS_TIMERFD_SETTIME              = 4323
+	SYS_SIGNALFD4                    = 4324
+	SYS_EVENTFD2                     = 4325
+	SYS_EPOLL_CREATE1                = 4326
+	SYS_DUP3                         = 4327
+	SYS_PIPE2                        = 4328
+	SYS_INOTIFY_INIT1                = 4329
+	SYS_PREADV                       = 4330
+	SYS_PWRITEV                      = 4331
+	SYS_RT_TGSIGQUEUEINFO            = 4332
+	SYS_PERF_EVENT_OPEN              = 4333
+	SYS_ACCEPT4                      = 4334
+	SYS_RECVMMSG                     = 4335
+	SYS_FANOTIFY_INIT                = 4336
+	SYS_FANOTIFY_MARK                = 4337
+	SYS_PRLIMIT64                    = 4338
+	SYS_NAME_TO_HANDLE_AT            = 4339
+	SYS_OPEN_BY_HANDLE_AT            = 4340
+	SYS_CLOCK_ADJTIME                = 4341
+	SYS_SYNCFS                       = 4342
+	SYS_SENDMMSG                     = 4343
+	SYS_SETNS                        = 4344
+	SYS_PROCESS_VM_READV             = 4345
+	SYS_PROCESS_VM_WRITEV            = 4346
+	SYS_KCMP                         = 4347
+	SYS_FINIT_MODULE                 = 4348
+	SYS_SCHED_SETATTR                = 4349
+	SYS_SCHED_GETATTR                = 4350
+	SYS_RENAMEAT2                    = 4351
+	SYS_SECCOMP                      = 4352
+	SYS_GETRANDOM                    = 4353
+	SYS_MEMFD_CREATE                 = 4354
+	SYS_BPF                          = 4355
+	SYS_EXECVEAT                     = 4356
+	SYS_USERFAULTFD                  = 4357
+	SYS_MEMBARRIER                   = 4358
+	SYS_MLOCK2                       = 4359
+	SYS_COPY_FILE_RANGE              = 4360
+	SYS_PREADV2                      = 4361
+	SYS_PWRITEV2                     = 4362
+	SYS_PKEY_MPROTECT                = 4363
+	SYS_PKEY_ALLOC                   = 4364
+	SYS_PKEY_FREE                    = 4365
+	SYS_STATX                        = 4366
+	SYS_RSEQ                         = 4367
+	SYS_IO_PGETEVENTS                = 4368
+	SYS_SEMGET                       = 4393
+	SYS_SEMCTL                       = 4394
+	SYS_SHMGET                       = 4395
+	SYS_SHMCTL                       = 4396
+	SYS_SHMAT                        = 4397
+	SYS_SHMDT                        = 4398
+	SYS_MSGGET                       = 4399
+	SYS_MSGSND                       = 4400
+	SYS_MSGRCV                       = 4401
+	SYS_MSGCTL                       = 4402
+	SYS_CLOCK_GETTIME64              = 4403
+	SYS_CLOCK_SETTIME64              = 4404
+	SYS_CLOCK_ADJTIME64              = 4405
+	SYS_CLOCK_GETRES_TIME64          = 4406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 4407
+	SYS_TIMER_GETTIME64              = 4408
+	SYS_TIMER_SETTIME64              = 4409
+	SYS_TIMERFD_GETTIME64            = 4410
+	SYS_TIMERFD_SETTIME64            = 4411
+	SYS_UTIMENSAT_TIME64             = 4412
+	SYS_PSELECT6_TIME64              = 4413
+	SYS_PPOLL_TIME64                 = 4414
+	SYS_IO_PGETEVENTS_TIME64         = 4416
+	SYS_RECVMMSG_TIME64              = 4417
+	SYS_MQ_TIMEDSEND_TIME64          = 4418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 4419
+	SYS_SEMTIMEDOP_TIME64            = 4420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 4421
+	SYS_FUTEX_TIME64                 = 4422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 4423
+	SYS_PIDFD_SEND_SIGNAL            = 4424
+	SYS_IO_URING_SETUP               = 4425
+	SYS_IO_URING_ENTER               = 4426
+	SYS_IO_URING_REGISTER            = 4427
+	SYS_OPEN_TREE                    = 4428
+	SYS_MOVE_MOUNT                   = 4429
+	SYS_FSOPEN                       = 4430
+	SYS_FSCONFIG                     = 4431
+	SYS_FSMOUNT                      = 4432
+	SYS_FSPICK                       = 4433
+	SYS_PIDFD_OPEN                   = 4434
+	SYS_CLONE3                       = 4435
+	SYS_CLOSE_RANGE                  = 4436
+	SYS_OPENAT2                      = 4437
+	SYS_PIDFD_GETFD                  = 4438
+	SYS_FACCESSAT2                   = 4439
+	SYS_PROCESS_MADVISE              = 4440
+	SYS_EPOLL_PWAIT2                 = 4441
+	SYS_MOUNT_SETATTR                = 4442
+	SYS_QUOTACTL_FD                  = 4443
+	SYS_LANDLOCK_CREATE_RULESET      = 4444
+	SYS_LANDLOCK_ADD_RULE            = 4445
+	SYS_LANDLOCK_RESTRICT_SELF       = 4446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
new file mode 100644
index 0000000000000..638498d62e228
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -0,0 +1,438 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+package unix
+
+const (
+	SYS_RESTART_SYSCALL              = 0
+	SYS_EXIT                         = 1
+	SYS_FORK                         = 2
+	SYS_READ                         = 3
+	SYS_WRITE                        = 4
+	SYS_OPEN                         = 5
+	SYS_CLOSE                        = 6
+	SYS_WAITPID                      = 7
+	SYS_CREAT                        = 8
+	SYS_LINK                         = 9
+	SYS_UNLINK                       = 10
+	SYS_EXECVE                       = 11
+	SYS_CHDIR                        = 12
+	SYS_TIME                         = 13
+	SYS_MKNOD                        = 14
+	SYS_CHMOD                        = 15
+	SYS_LCHOWN                       = 16
+	SYS_BREAK                        = 17
+	SYS_OLDSTAT                      = 18
+	SYS_LSEEK                        = 19
+	SYS_GETPID                       = 20
+	SYS_MOUNT                        = 21
+	SYS_UMOUNT                       = 22
+	SYS_SETUID                       = 23
+	SYS_GETUID                       = 24
+	SYS_STIME                        = 25
+	SYS_PTRACE                       = 26
+	SYS_ALARM                        = 27
+	SYS_OLDFSTAT                     = 28
+	SYS_PAUSE                        = 29
+	SYS_UTIME                        = 30
+	SYS_STTY                         = 31
+	SYS_GTTY                         = 32
+	SYS_ACCESS                       = 33
+	SYS_NICE                         = 34
+	SYS_FTIME                        = 35
+	SYS_SYNC                         = 36
+	SYS_KILL                         = 37
+	SYS_RENAME                       = 38
+	SYS_MKDIR                        = 39
+	SYS_RMDIR                        = 40
+	SYS_DUP                          = 41
+	SYS_PIPE                         = 42
+	SYS_TIMES                        = 43
+	SYS_PROF                         = 44
+	SYS_BRK                          = 45
+	SYS_SETGID                       = 46
+	SYS_GETGID                       = 47
+	SYS_SIGNAL                       = 48
+	SYS_GETEUID                      = 49
+	SYS_GETEGID                      = 50
+	SYS_ACCT                         = 51
+	SYS_UMOUNT2                      = 52
+	SYS_LOCK                         = 53
+	SYS_IOCTL                        = 54
+	SYS_FCNTL                        = 55
+	SYS_MPX                          = 56
+	SYS_SETPGID                      = 57
+	SYS_ULIMIT                       = 58
+	SYS_OLDOLDUNAME                  = 59
+	SYS_UMASK                        = 60
+	SYS_CHROOT                       = 61
+	SYS_USTAT                        = 62
+	SYS_DUP2                         = 63
+	SYS_GETPPID                      = 64
+	SYS_GETPGRP                      = 65
+	SYS_SETSID                       = 66
+	SYS_SIGACTION                    = 67
+	SYS_SGETMASK                     = 68
+	SYS_SSETMASK                     = 69
+	SYS_SETREUID                     = 70
+	SYS_SETREGID                     = 71
+	SYS_SIGSUSPEND                   = 72
+	SYS_SIGPENDING                   = 73
+	SYS_SETHOSTNAME                  = 74
+	SYS_SETRLIMIT                    = 75
+	SYS_GETRLIMIT                    = 76
+	SYS_GETRUSAGE                    = 77
+	SYS_GETTIMEOFDAY                 = 78
+	SYS_SETTIMEOFDAY                 = 79
+	SYS_GETGROUPS                    = 80
+	SYS_SETGROUPS                    = 81
+	SYS_SELECT                       = 82
+	SYS_SYMLINK                      = 83
+	SYS_OLDLSTAT                     = 84
+	SYS_READLINK                     = 85
+	SYS_USELIB                       = 86
+	SYS_SWAPON                       = 87
+	SYS_REBOOT                       = 88
+	SYS_READDIR                      = 89
+	SYS_MMAP                         = 90
+	SYS_MUNMAP                       = 91
+	SYS_TRUNCATE                     = 92
+	SYS_FTRUNCATE                    = 93
+	SYS_FCHMOD                       = 94
+	SYS_FCHOWN                       = 95
+	SYS_GETPRIORITY                  = 96
+	SYS_SETPRIORITY                  = 97
+	SYS_PROFIL                       = 98
+	SYS_STATFS                       = 99
+	SYS_FSTATFS                      = 100
+	SYS_IOPERM                       = 101
+	SYS_SOCKETCALL                   = 102
+	SYS_SYSLOG                       = 103
+	SYS_SETITIMER                    = 104
+	SYS_GETITIMER                    = 105
+	SYS_STAT                         = 106
+	SYS_LSTAT                        = 107
+	SYS_FSTAT                        = 108
+	SYS_OLDUNAME                     = 109
+	SYS_IOPL                         = 110
+	SYS_VHANGUP                      = 111
+	SYS_IDLE                         = 112
+	SYS_VM86                         = 113
+	SYS_WAIT4                        = 114
+	SYS_SWAPOFF                      = 115
+	SYS_SYSINFO                      = 116
+	SYS_IPC                          = 117
+	SYS_FSYNC                        = 118
+	SYS_SIGRETURN                    = 119
+	SYS_CLONE                        = 120
+	SYS_SETDOMAINNAME                = 121
+	SYS_UNAME                        = 122
+	SYS_MODIFY_LDT                   = 123
+	SYS_ADJTIMEX                     = 124
+	SYS_MPROTECT                     = 125
+	SYS_SIGPROCMASK                  = 126
+	SYS_CREATE_MODULE                = 127
+	SYS_INIT_MODULE                  = 128
+	SYS_DELETE_MODULE                = 129
+	SYS_GET_KERNEL_SYMS              = 130
+	SYS_QUOTACTL                     = 131
+	SYS_GETPGID                      = 132
+	SYS_FCHDIR                       = 133
+	SYS_BDFLUSH                      = 134
+	SYS_SYSFS                        = 135
+	SYS_PERSONALITY                  = 136
+	SYS_AFS_SYSCALL                  = 137
+	SYS_SETFSUID                     = 138
+	SYS_SETFSGID                     = 139
+	SYS__LLSEEK                      = 140
+	SYS_GETDENTS                     = 141
+	SYS__NEWSELECT                   = 142
+	SYS_FLOCK                        = 143
+	SYS_MSYNC                        = 144
+	SYS_READV                        = 145
+	SYS_WRITEV                       = 146
+	SYS_GETSID                       = 147
+	SYS_FDATASYNC                    = 148
+	SYS__SYSCTL                      = 149
+	SYS_MLOCK                        = 150
+	SYS_MUNLOCK                      = 151
+	SYS_MLOCKALL                     = 152
+	SYS_MUNLOCKALL                   = 153
+	SYS_SCHED_SETPARAM               = 154
+	SYS_SCHED_GETPARAM               = 155
+	SYS_SCHED_SETSCHEDULER           = 156
+	SYS_SCHED_GETSCHEDULER           = 157
+	SYS_SCHED_YIELD                  = 158
+	SYS_SCHED_GET_PRIORITY_MAX       = 159
+	SYS_SCHED_GET_PRIORITY_MIN       = 160
+	SYS_SCHED_RR_GET_INTERVAL        = 161
+	SYS_NANOSLEEP                    = 162
+	SYS_MREMAP                       = 163
+	SYS_SETRESUID                    = 164
+	SYS_GETRESUID                    = 165
+	SYS_QUERY_MODULE                 = 166
+	SYS_POLL                         = 167
+	SYS_NFSSERVCTL                   = 168
+	SYS_SETRESGID                    = 169
+	SYS_GETRESGID                    = 170
+	SYS_PRCTL                        = 171
+	SYS_RT_SIGRETURN                 = 172
+	SYS_RT_SIGACTION                 = 173
+	SYS_RT_SIGPROCMASK               = 174
+	SYS_RT_SIGPENDING                = 175
+	SYS_RT_SIGTIMEDWAIT              = 176
+	SYS_RT_SIGQUEUEINFO              = 177
+	SYS_RT_SIGSUSPEND                = 178
+	SYS_PREAD64                      = 179
+	SYS_PWRITE64                     = 180
+	SYS_CHOWN                        = 181
+	SYS_GETCWD                       = 182
+	SYS_CAPGET                       = 183
+	SYS_CAPSET                       = 184
+	SYS_SIGALTSTACK                  = 185
+	SYS_SENDFILE                     = 186
+	SYS_GETPMSG                      = 187
+	SYS_PUTPMSG                      = 188
+	SYS_VFORK                        = 189
+	SYS_UGETRLIMIT                   = 190
+	SYS_READAHEAD                    = 191
+	SYS_MMAP2                        = 192
+	SYS_TRUNCATE64                   = 193
+	SYS_FTRUNCATE64                  = 194
+	SYS_STAT64                       = 195
+	SYS_LSTAT64                      = 196
+	SYS_FSTAT64                      = 197
+	SYS_PCICONFIG_READ               = 198
+	SYS_PCICONFIG_WRITE              = 199
+	SYS_PCICONFIG_IOBASE             = 200
+	SYS_MULTIPLEXER                  = 201
+	SYS_GETDENTS64                   = 202
+	SYS_PIVOT_ROOT                   = 203
+	SYS_FCNTL64                      = 204
+	SYS_MADVISE                      = 205
+	SYS_MINCORE                      = 206
+	SYS_GETTID                       = 207
+	SYS_TKILL                        = 208
+	SYS_SETXATTR                     = 209
+	SYS_LSETXATTR                    = 210
+	SYS_FSETXATTR                    = 211
+	SYS_GETXATTR                     = 212
+	SYS_LGETXATTR                    = 213
+	SYS_FGETXATTR                    = 214
+	SYS_LISTXATTR                    = 215
+	SYS_LLISTXATTR                   = 216
+	SYS_FLISTXATTR                   = 217
+	SYS_REMOVEXATTR                  = 218
+	SYS_LREMOVEXATTR                 = 219
+	SYS_FREMOVEXATTR                 = 220
+	SYS_FUTEX                        = 221
+	SYS_SCHED_SETAFFINITY            = 222
+	SYS_SCHED_GETAFFINITY            = 223
+	SYS_TUXCALL                      = 225
+	SYS_SENDFILE64                   = 226
+	SYS_IO_SETUP                     = 227
+	SYS_IO_DESTROY                   = 228
+	SYS_IO_GETEVENTS                 = 229
+	SYS_IO_SUBMIT                    = 230
+	SYS_IO_CANCEL                    = 231
+	SYS_SET_TID_ADDRESS              = 232
+	SYS_FADVISE64                    = 233
+	SYS_EXIT_GROUP                   = 234
+	SYS_LOOKUP_DCOOKIE               = 235
+	SYS_EPOLL_CREATE                 = 236
+	SYS_EPOLL_CTL                    = 237
+	SYS_EPOLL_WAIT                   = 238
+	SYS_REMAP_FILE_PAGES             = 239
+	SYS_TIMER_CREATE                 = 240
+	SYS_TIMER_SETTIME                = 241
+	SYS_TIMER_GETTIME                = 242
+	SYS_TIMER_GETOVERRUN             = 243
+	SYS_TIMER_DELETE                 = 244
+	SYS_CLOCK_SETTIME                = 245
+	SYS_CLOCK_GETTIME                = 246
+	SYS_CLOCK_GETRES                 = 247
+	SYS_CLOCK_NANOSLEEP              = 248
+	SYS_SWAPCONTEXT                  = 249
+	SYS_TGKILL                       = 250
+	SYS_UTIMES                       = 251
+	SYS_STATFS64                     = 252
+	SYS_FSTATFS64                    = 253
+	SYS_FADVISE64_64                 = 254
+	SYS_RTAS                         = 255
+	SYS_SYS_DEBUG_SETCONTEXT         = 256
+	SYS_MIGRATE_PAGES                = 258
+	SYS_MBIND                        = 259
+	SYS_GET_MEMPOLICY                = 260
+	SYS_SET_MEMPOLICY                = 261
+	SYS_MQ_OPEN                      = 262
+	SYS_MQ_UNLINK                    = 263
+	SYS_MQ_TIMEDSEND                 = 264
+	SYS_MQ_TIMEDRECEIVE              = 265
+	SYS_MQ_NOTIFY                    = 266
+	SYS_MQ_GETSETATTR                = 267
+	SYS_KEXEC_LOAD                   = 268
+	SYS_ADD_KEY                      = 269
+	SYS_REQUEST_KEY                  = 270
+	SYS_KEYCTL                       = 271
+	SYS_WAITID                       = 272
+	SYS_IOPRIO_SET                   = 273
+	SYS_IOPRIO_GET                   = 274
+	SYS_INOTIFY_INIT                 = 275
+	SYS_INOTIFY_ADD_WATCH            = 276
+	SYS_INOTIFY_RM_WATCH             = 277
+	SYS_SPU_RUN                      = 278
+	SYS_SPU_CREATE                   = 279
+	SYS_PSELECT6                     = 280
+	SYS_PPOLL                        = 281
+	SYS_UNSHARE                      = 282
+	SYS_SPLICE                       = 283
+	SYS_TEE                          = 284
+	SYS_VMSPLICE                     = 285
+	SYS_OPENAT                       = 286
+	SYS_MKDIRAT                      = 287
+	SYS_MKNODAT                      = 288
+	SYS_FCHOWNAT                     = 289
+	SYS_FUTIMESAT                    = 290
+	SYS_FSTATAT64                    = 291
+	SYS_UNLINKAT                     = 292
+	SYS_RENAMEAT                     = 293
+	SYS_LINKAT                       = 294
+	SYS_SYMLINKAT                    = 295
+	SYS_READLINKAT                   = 296
+	SYS_FCHMODAT                     = 297
+	SYS_FACCESSAT                    = 298
+	SYS_GET_ROBUST_LIST              = 299
+	SYS_SET_ROBUST_LIST              = 300
+	SYS_MOVE_PAGES                   = 301
+	SYS_GETCPU                       = 302
+	SYS_EPOLL_PWAIT                  = 303
+	SYS_UTIMENSAT                    = 304
+	SYS_SIGNALFD                     = 305
+	SYS_TIMERFD_CREATE               = 306
+	SYS_EVENTFD                      = 307
+	SYS_SYNC_FILE_RANGE2             = 308
+	SYS_FALLOCATE                    = 309
+	SYS_SUBPAGE_PROT                 = 310
+	SYS_TIMERFD_SETTIME              = 311
+	SYS_TIMERFD_GETTIME              = 312
+	SYS_SIGNALFD4                    = 313
+	SYS_EVENTFD2                     = 314
+	SYS_EPOLL_CREATE1                = 315
+	SYS_DUP3                         = 316
+	SYS_PIPE2                        = 317
+	SYS_INOTIFY_INIT1                = 318
+	SYS_PERF_EVENT_OPEN              = 319
+	SYS_PREADV                       = 320
+	SYS_PWRITEV                      = 321
+	SYS_RT_TGSIGQUEUEINFO            = 322
+	SYS_FANOTIFY_INIT                = 323
+	SYS_FANOTIFY_MARK                = 324
+	SYS_PRLIMIT64                    = 325
+	SYS_SOCKET                       = 326
+	SYS_BIND                         = 327
+	SYS_CONNECT                      = 328
+	SYS_LISTEN                       = 329
+	SYS_ACCEPT                       = 330
+	SYS_GETSOCKNAME                  = 331
+	SYS_GETPEERNAME                  = 332
+	SYS_SOCKETPAIR                   = 333
+	SYS_SEND                         = 334
+	SYS_SENDTO                       = 335
+	SYS_RECV                         = 336
+	SYS_RECVFROM                     = 337
+	SYS_SHUTDOWN                     = 338
+	SYS_SETSOCKOPT                   = 339
+	SYS_GETSOCKOPT                   = 340
+	SYS_SENDMSG                      = 341
+	SYS_RECVMSG                      = 342
+	SYS_RECVMMSG                     = 343
+	SYS_ACCEPT4                      = 344
+	SYS_NAME_TO_HANDLE_AT            = 345
+	SYS_OPEN_BY_HANDLE_AT            = 346
+	SYS_CLOCK_ADJTIME                = 347
+	SYS_SYNCFS                       = 348
+	SYS_SENDMMSG                     = 349
+	SYS_SETNS                        = 350
+	SYS_PROCESS_VM_READV             = 351
+	SYS_PROCESS_VM_WRITEV            = 352
+	SYS_FINIT_MODULE                 = 353
+	SYS_KCMP                         = 354
+	SYS_SCHED_SETATTR                = 355
+	SYS_SCHED_GETATTR                = 356
+	SYS_RENAMEAT2                    = 357
+	SYS_SECCOMP                      = 358
+	SYS_GETRANDOM                    = 359
+	SYS_MEMFD_CREATE                 = 360
+	SYS_BPF                          = 361
+	SYS_EXECVEAT                     = 362
+	SYS_SWITCH_ENDIAN                = 363
+	SYS_USERFAULTFD                  = 364
+	SYS_MEMBARRIER                   = 365
+	SYS_MLOCK2                       = 378
+	SYS_COPY_FILE_RANGE              = 379
+	SYS_PREADV2                      = 380
+	SYS_PWRITEV2                     = 381
+	SYS_KEXEC_FILE_LOAD              = 382
+	SYS_STATX                        = 383
+	SYS_PKEY_ALLOC                   = 384
+	SYS_PKEY_FREE                    = 385
+	SYS_PKEY_MPROTECT                = 386
+	SYS_RSEQ                         = 387
+	SYS_IO_PGETEVENTS                = 388
+	SYS_SEMGET                       = 393
+	SYS_SEMCTL                       = 394
+	SYS_SHMGET                       = 395
+	SYS_SHMCTL                       = 396
+	SYS_SHMAT                        = 397
+	SYS_SHMDT                        = 398
+	SYS_MSGGET                       = 399
+	SYS_MSGSND                       = 400
+	SYS_MSGRCV                       = 401
+	SYS_MSGCTL                       = 402
+	SYS_CLOCK_GETTIME64              = 403
+	SYS_CLOCK_SETTIME64              = 404
+	SYS_CLOCK_ADJTIME64              = 405
+	SYS_CLOCK_GETRES_TIME64          = 406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 407
+	SYS_TIMER_GETTIME64              = 408
+	SYS_TIMER_SETTIME64              = 409
+	SYS_TIMERFD_GETTIME64            = 410
+	SYS_TIMERFD_SETTIME64            = 411
+	SYS_UTIMENSAT_TIME64             = 412
+	SYS_PSELECT6_TIME64              = 413
+	SYS_PPOLL_TIME64                 = 414
+	SYS_IO_PGETEVENTS_TIME64         = 416
+	SYS_RECVMMSG_TIME64              = 417
+	SYS_MQ_TIMEDSEND_TIME64          = 418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 419
+	SYS_SEMTIMEDOP_TIME64            = 420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 421
+	SYS_FUTEX_TIME64                 = 422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
+	SYS_PIDFD_SEND_SIGNAL            = 424
+	SYS_IO_URING_SETUP               = 425
+	SYS_IO_URING_ENTER               = 426
+	SYS_IO_URING_REGISTER            = 427
+	SYS_OPEN_TREE                    = 428
+	SYS_MOVE_MOUNT                   = 429
+	SYS_FSOPEN                       = 430
+	SYS_FSCONFIG                     = 431
+	SYS_FSMOUNT                      = 432
+	SYS_FSPICK                       = 433
+	SYS_PIDFD_OPEN                   = 434
+	SYS_CLONE3                       = 435
+	SYS_CLOSE_RANGE                  = 436
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
+	SYS_FACCESSAT2                   = 439
+	SYS_PROCESS_MADVISE              = 440
+	SYS_EPOLL_PWAIT2                 = 441
+	SYS_MOUNT_SETATTR                = 442
+	SYS_QUOTACTL_FD                  = 443
+	SYS_LANDLOCK_CREATE_RULESET      = 444
+	SYS_LANDLOCK_ADD_RULE            = 445
+	SYS_LANDLOCK_RESTRICT_SELF       = 446
+)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index 384d49bfa5a5c..702beebfefe23 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -1,373 +1,410 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build ppc64 && linux
 // +build ppc64,linux
 
 package unix
 
 const (
-	SYS_RESTART_SYSCALL        = 0
-	SYS_EXIT                   = 1
-	SYS_FORK                   = 2
-	SYS_READ                   = 3
-	SYS_WRITE                  = 4
-	SYS_OPEN                   = 5
-	SYS_CLOSE                  = 6
-	SYS_WAITPID                = 7
-	SYS_CREAT                  = 8
-	SYS_LINK                   = 9
-	SYS_UNLINK                 = 10
-	SYS_EXECVE                 = 11
-	SYS_CHDIR                  = 12
-	SYS_TIME                   = 13
-	SYS_MKNOD                  = 14
-	SYS_CHMOD                  = 15
-	SYS_LCHOWN                 = 16
-	SYS_BREAK                  = 17
-	SYS_OLDSTAT                = 18
-	SYS_LSEEK                  = 19
-	SYS_GETPID                 = 20
-	SYS_MOUNT                  = 21
-	SYS_UMOUNT                 = 22
-	SYS_SETUID                 = 23
-	SYS_GETUID                 = 24
-	SYS_STIME                  = 25
-	SYS_PTRACE                 = 26
-	SYS_ALARM                  = 27
-	SYS_OLDFSTAT               = 28
-	SYS_PAUSE                  = 29
-	SYS_UTIME                  = 30
-	SYS_STTY                   = 31
-	SYS_GTTY                   = 32
-	SYS_ACCESS                 = 33
-	SYS_NICE                   = 34
-	SYS_FTIME                  = 35
-	SYS_SYNC                   = 36
-	SYS_KILL                   = 37
-	SYS_RENAME                 = 38
-	SYS_MKDIR                  = 39
-	SYS_RMDIR                  = 40
-	SYS_DUP                    = 41
-	SYS_PIPE                   = 42
-	SYS_TIMES                  = 43
-	SYS_PROF                   = 44
-	SYS_BRK                    = 45
-	SYS_SETGID                 = 46
-	SYS_GETGID                 = 47
-	SYS_SIGNAL                 = 48
-	SYS_GETEUID                = 49
-	SYS_GETEGID                = 50
-	SYS_ACCT                   = 51
-	SYS_UMOUNT2                = 52
-	SYS_LOCK                   = 53
-	SYS_IOCTL                  = 54
-	SYS_FCNTL                  = 55
-	SYS_MPX                    = 56
-	SYS_SETPGID                = 57
-	SYS_ULIMIT                 = 58
-	SYS_OLDOLDUNAME            = 59
-	SYS_UMASK                  = 60
-	SYS_CHROOT                 = 61
-	SYS_USTAT                  = 62
-	SYS_DUP2                   = 63
-	SYS_GETPPID                = 64
-	SYS_GETPGRP                = 65
-	SYS_SETSID                 = 66
-	SYS_SIGACTION              = 67
-	SYS_SGETMASK               = 68
-	SYS_SSETMASK               = 69
-	SYS_SETREUID               = 70
-	SYS_SETREGID               = 71
-	SYS_SIGSUSPEND             = 72
-	SYS_SIGPENDING             = 73
-	SYS_SETHOSTNAME            = 74
-	SYS_SETRLIMIT              = 75
-	SYS_GETRLIMIT              = 76
-	SYS_GETRUSAGE              = 77
-	SYS_GETTIMEOFDAY           = 78
-	SYS_SETTIMEOFDAY           = 79
-	SYS_GETGROUPS              = 80
-	SYS_SETGROUPS              = 81
-	SYS_SELECT                 = 82
-	SYS_SYMLINK                = 83
-	SYS_OLDLSTAT               = 84
-	SYS_READLINK               = 85
-	SYS_USELIB                 = 86
-	SYS_SWAPON                 = 87
-	SYS_REBOOT                 = 88
-	SYS_READDIR                = 89
-	SYS_MMAP                   = 90
-	SYS_MUNMAP                 = 91
-	SYS_TRUNCATE               = 92
-	SYS_FTRUNCATE              = 93
-	SYS_FCHMOD                 = 94
-	SYS_FCHOWN                 = 95
-	SYS_GETPRIORITY            = 96
-	SYS_SETPRIORITY            = 97
-	SYS_PROFIL                 = 98
-	SYS_STATFS                 = 99
-	SYS_FSTATFS                = 100
-	SYS_IOPERM                 = 101
-	SYS_SOCKETCALL             = 102
-	SYS_SYSLOG                 = 103
-	SYS_SETITIMER              = 104
-	SYS_GETITIMER              = 105
-	SYS_STAT                   = 106
-	SYS_LSTAT                  = 107
-	SYS_FSTAT                  = 108
-	SYS_OLDUNAME               = 109
-	SYS_IOPL                   = 110
-	SYS_VHANGUP                = 111
-	SYS_IDLE                   = 112
-	SYS_VM86                   = 113
-	SYS_WAIT4                  = 114
-	SYS_SWAPOFF                = 115
-	SYS_SYSINFO                = 116
-	SYS_IPC                    = 117
-	SYS_FSYNC                  = 118
-	SYS_SIGRETURN              = 119
-	SYS_CLONE                  = 120
-	SYS_SETDOMAINNAME          = 121
-	SYS_UNAME                  = 122
-	SYS_MODIFY_LDT             = 123
-	SYS_ADJTIMEX               = 124
-	SYS_MPROTECT               = 125
-	SYS_SIGPROCMASK            = 126
-	SYS_CREATE_MODULE          = 127
-	SYS_INIT_MODULE            = 128
-	SYS_DELETE_MODULE          = 129
-	SYS_GET_KERNEL_SYMS        = 130
-	SYS_QUOTACTL               = 131
-	SYS_GETPGID                = 132
-	SYS_FCHDIR                 = 133
-	SYS_BDFLUSH                = 134
-	SYS_SYSFS                  = 135
-	SYS_PERSONALITY            = 136
-	SYS_AFS_SYSCALL            = 137
-	SYS_SETFSUID               = 138
-	SYS_SETFSGID               = 139
-	SYS__LLSEEK                = 140
-	SYS_GETDENTS               = 141
-	SYS__NEWSELECT             = 142
-	SYS_FLOCK                  = 143
-	SYS_MSYNC                  = 144
-	SYS_READV                  = 145
-	SYS_WRITEV                 = 146
-	SYS_GETSID                 = 147
-	SYS_FDATASYNC              = 148
-	SYS__SYSCTL                = 149
-	SYS_MLOCK                  = 150
-	SYS_MUNLOCK                = 151
-	SYS_MLOCKALL               = 152
-	SYS_MUNLOCKALL             = 153
-	SYS_SCHED_SETPARAM         = 154
-	SYS_SCHED_GETPARAM         = 155
-	SYS_SCHED_SETSCHEDULER     = 156
-	SYS_SCHED_GETSCHEDULER     = 157
-	SYS_SCHED_YIELD            = 158
-	SYS_SCHED_GET_PRIORITY_MAX = 159
-	SYS_SCHED_GET_PRIORITY_MIN = 160
-	SYS_SCHED_RR_GET_INTERVAL  = 161
-	SYS_NANOSLEEP              = 162
-	SYS_MREMAP                 = 163
-	SYS_SETRESUID              = 164
-	SYS_GETRESUID              = 165
-	SYS_QUERY_MODULE           = 166
-	SYS_POLL                   = 167
-	SYS_NFSSERVCTL             = 168
-	SYS_SETRESGID              = 169
-	SYS_GETRESGID              = 170
-	SYS_PRCTL                  = 171
-	SYS_RT_SIGRETURN           = 172
-	SYS_RT_SIGACTION           = 173
-	SYS_RT_SIGPROCMASK         = 174
-	SYS_RT_SIGPENDING          = 175
-	SYS_RT_SIGTIMEDWAIT        = 176
-	SYS_RT_SIGQUEUEINFO        = 177
-	SYS_RT_SIGSUSPEND          = 178
-	SYS_PREAD64                = 179
-	SYS_PWRITE64               = 180
-	SYS_CHOWN                  = 181
-	SYS_GETCWD                 = 182
-	SYS_CAPGET                 = 183
-	SYS_CAPSET                 = 184
-	SYS_SIGALTSTACK            = 185
-	SYS_SENDFILE               = 186
-	SYS_GETPMSG                = 187
-	SYS_PUTPMSG                = 188
-	SYS_VFORK                  = 189
-	SYS_UGETRLIMIT             = 190
-	SYS_READAHEAD              = 191
-	SYS_PCICONFIG_READ         = 198
-	SYS_PCICONFIG_WRITE        = 199
-	SYS_PCICONFIG_IOBASE       = 200
-	SYS_MULTIPLEXER            = 201
-	SYS_GETDENTS64             = 202
-	SYS_PIVOT_ROOT             = 203
-	SYS_MADVISE                = 205
-	SYS_MINCORE                = 206
-	SYS_GETTID                 = 207
-	SYS_TKILL                  = 208
-	SYS_SETXATTR               = 209
-	SYS_LSETXATTR              = 210
-	SYS_FSETXATTR              = 211
-	SYS_GETXATTR               = 212
-	SYS_LGETXATTR              = 213
-	SYS_FGETXATTR              = 214
-	SYS_LISTXATTR              = 215
-	SYS_LLISTXATTR             = 216
-	SYS_FLISTXATTR             = 217
-	SYS_REMOVEXATTR            = 218
-	SYS_LREMOVEXATTR           = 219
-	SYS_FREMOVEXATTR           = 220
-	SYS_FUTEX                  = 221
-	SYS_SCHED_SETAFFINITY      = 222
-	SYS_SCHED_GETAFFINITY      = 223
-	SYS_TUXCALL                = 225
-	SYS_IO_SETUP               = 227
-	SYS_IO_DESTROY             = 228
-	SYS_IO_GETEVENTS           = 229
-	SYS_IO_SUBMIT              = 230
-	SYS_IO_CANCEL              = 231
-	SYS_SET_TID_ADDRESS        = 232
-	SYS_FADVISE64              = 233
-	SYS_EXIT_GROUP             = 234
-	SYS_LOOKUP_DCOOKIE         = 235
-	SYS_EPOLL_CREATE           = 236
-	SYS_EPOLL_CTL              = 237
-	SYS_EPOLL_WAIT             = 238
-	SYS_REMAP_FILE_PAGES       = 239
-	SYS_TIMER_CREATE           = 240
-	SYS_TIMER_SETTIME          = 241
-	SYS_TIMER_GETTIME          = 242
-	SYS_TIMER_GETOVERRUN       = 243
-	SYS_TIMER_DELETE           = 244
-	SYS_CLOCK_SETTIME          = 245
-	SYS_CLOCK_GETTIME          = 246
-	SYS_CLOCK_GETRES           = 247
-	SYS_CLOCK_NANOSLEEP        = 248
-	SYS_SWAPCONTEXT            = 249
-	SYS_TGKILL                 = 250
-	SYS_UTIMES                 = 251
-	SYS_STATFS64               = 252
-	SYS_FSTATFS64              = 253
-	SYS_RTAS                   = 255
-	SYS_SYS_DEBUG_SETCONTEXT   = 256
-	SYS_MIGRATE_PAGES          = 258
-	SYS_MBIND                  = 259
-	SYS_GET_MEMPOLICY          = 260
-	SYS_SET_MEMPOLICY          = 261
-	SYS_MQ_OPEN                = 262
-	SYS_MQ_UNLINK              = 263
-	SYS_MQ_TIMEDSEND           = 264
-	SYS_MQ_TIMEDRECEIVE        = 265
-	SYS_MQ_NOTIFY              = 266
-	SYS_MQ_GETSETATTR          = 267
-	SYS_KEXEC_LOAD             = 268
-	SYS_ADD_KEY                = 269
-	SYS_REQUEST_KEY            = 270
-	SYS_KEYCTL                 = 271
-	SYS_WAITID                 = 272
-	SYS_IOPRIO_SET             = 273
-	SYS_IOPRIO_GET             = 274
-	SYS_INOTIFY_INIT           = 275
-	SYS_INOTIFY_ADD_WATCH      = 276
-	SYS_INOTIFY_RM_WATCH       = 277
-	SYS_SPU_RUN                = 278
-	SYS_SPU_CREATE             = 279
-	SYS_PSELECT6               = 280
-	SYS_PPOLL                  = 281
-	SYS_UNSHARE                = 282
-	SYS_SPLICE                 = 283
-	SYS_TEE                    = 284
-	SYS_VMSPLICE               = 285
-	SYS_OPENAT                 = 286
-	SYS_MKDIRAT                = 287
-	SYS_MKNODAT                = 288
-	SYS_FCHOWNAT               = 289
-	SYS_FUTIMESAT              = 290
-	SYS_NEWFSTATAT             = 291
-	SYS_UNLINKAT               = 292
-	SYS_RENAMEAT               = 293
-	SYS_LINKAT                 = 294
-	SYS_SYMLINKAT              = 295
-	SYS_READLINKAT             = 296
-	SYS_FCHMODAT               = 297
-	SYS_FACCESSAT              = 298
-	SYS_GET_ROBUST_LIST        = 299
-	SYS_SET_ROBUST_LIST        = 300
-	SYS_MOVE_PAGES             = 301
-	SYS_GETCPU                 = 302
-	SYS_EPOLL_PWAIT            = 303
-	SYS_UTIMENSAT              = 304
-	SYS_SIGNALFD               = 305
-	SYS_TIMERFD_CREATE         = 306
-	SYS_EVENTFD                = 307
-	SYS_SYNC_FILE_RANGE2       = 308
-	SYS_FALLOCATE              = 309
-	SYS_SUBPAGE_PROT           = 310
-	SYS_TIMERFD_SETTIME        = 311
-	SYS_TIMERFD_GETTIME        = 312
-	SYS_SIGNALFD4              = 313
-	SYS_EVENTFD2               = 314
-	SYS_EPOLL_CREATE1          = 315
-	SYS_DUP3                   = 316
-	SYS_PIPE2                  = 317
-	SYS_INOTIFY_INIT1          = 318
-	SYS_PERF_EVENT_OPEN        = 319
-	SYS_PREADV                 = 320
-	SYS_PWRITEV                = 321
-	SYS_RT_TGSIGQUEUEINFO      = 322
-	SYS_FANOTIFY_INIT          = 323
-	SYS_FANOTIFY_MARK          = 324
-	SYS_PRLIMIT64              = 325
-	SYS_SOCKET                 = 326
-	SYS_BIND                   = 327
-	SYS_CONNECT                = 328
-	SYS_LISTEN                 = 329
-	SYS_ACCEPT                 = 330
-	SYS_GETSOCKNAME            = 331
-	SYS_GETPEERNAME            = 332
-	SYS_SOCKETPAIR             = 333
-	SYS_SEND                   = 334
-	SYS_SENDTO                 = 335
-	SYS_RECV                   = 336
-	SYS_RECVFROM               = 337
-	SYS_SHUTDOWN               = 338
-	SYS_SETSOCKOPT             = 339
-	SYS_GETSOCKOPT             = 340
-	SYS_SENDMSG                = 341
-	SYS_RECVMSG                = 342
-	SYS_RECVMMSG               = 343
-	SYS_ACCEPT4                = 344
-	SYS_NAME_TO_HANDLE_AT      = 345
-	SYS_OPEN_BY_HANDLE_AT      = 346
-	SYS_CLOCK_ADJTIME          = 347
-	SYS_SYNCFS                 = 348
-	SYS_SENDMMSG               = 349
-	SYS_SETNS                  = 350
-	SYS_PROCESS_VM_READV       = 351
-	SYS_PROCESS_VM_WRITEV      = 352
-	SYS_FINIT_MODULE           = 353
-	SYS_KCMP                   = 354
-	SYS_SCHED_SETATTR          = 355
-	SYS_SCHED_GETATTR          = 356
-	SYS_RENAMEAT2              = 357
-	SYS_SECCOMP                = 358
-	SYS_GETRANDOM              = 359
-	SYS_MEMFD_CREATE           = 360
-	SYS_BPF                    = 361
-	SYS_EXECVEAT               = 362
-	SYS_SWITCH_ENDIAN          = 363
-	SYS_USERFAULTFD            = 364
-	SYS_MEMBARRIER             = 365
-	SYS_MLOCK2                 = 378
-	SYS_COPY_FILE_RANGE        = 379
-	SYS_PREADV2                = 380
-	SYS_PWRITEV2               = 381
-	SYS_KEXEC_FILE_LOAD        = 382
-	SYS_STATX                  = 383
-	SYS_PKEY_ALLOC             = 384
-	SYS_PKEY_FREE              = 385
-	SYS_PKEY_MPROTECT          = 386
+	SYS_RESTART_SYSCALL         = 0
+	SYS_EXIT                    = 1
+	SYS_FORK                    = 2
+	SYS_READ                    = 3
+	SYS_WRITE                   = 4
+	SYS_OPEN                    = 5
+	SYS_CLOSE                   = 6
+	SYS_WAITPID                 = 7
+	SYS_CREAT                   = 8
+	SYS_LINK                    = 9
+	SYS_UNLINK                  = 10
+	SYS_EXECVE                  = 11
+	SYS_CHDIR                   = 12
+	SYS_TIME                    = 13
+	SYS_MKNOD                   = 14
+	SYS_CHMOD                   = 15
+	SYS_LCHOWN                  = 16
+	SYS_BREAK                   = 17
+	SYS_OLDSTAT                 = 18
+	SYS_LSEEK                   = 19
+	SYS_GETPID                  = 20
+	SYS_MOUNT                   = 21
+	SYS_UMOUNT                  = 22
+	SYS_SETUID                  = 23
+	SYS_GETUID                  = 24
+	SYS_STIME                   = 25
+	SYS_PTRACE                  = 26
+	SYS_ALARM                   = 27
+	SYS_OLDFSTAT                = 28
+	SYS_PAUSE                   = 29
+	SYS_UTIME                   = 30
+	SYS_STTY                    = 31
+	SYS_GTTY                    = 32
+	SYS_ACCESS                  = 33
+	SYS_NICE                    = 34
+	SYS_FTIME                   = 35
+	SYS_SYNC                    = 36
+	SYS_KILL                    = 37
+	SYS_RENAME                  = 38
+	SYS_MKDIR                   = 39
+	SYS_RMDIR                   = 40
+	SYS_DUP                     = 41
+	SYS_PIPE                    = 42
+	SYS_TIMES                   = 43
+	SYS_PROF                    = 44
+	SYS_BRK                     = 45
+	SYS_SETGID                  = 46
+	SYS_GETGID                  = 47
+	SYS_SIGNAL                  = 48
+	SYS_GETEUID                 = 49
+	SYS_GETEGID                 = 50
+	SYS_ACCT                    = 51
+	SYS_UMOUNT2                 = 52
+	SYS_LOCK                    = 53
+	SYS_IOCTL                   = 54
+	SYS_FCNTL                   = 55
+	SYS_MPX                     = 56
+	SYS_SETPGID                 = 57
+	SYS_ULIMIT                  = 58
+	SYS_OLDOLDUNAME             = 59
+	SYS_UMASK                   = 60
+	SYS_CHROOT                  = 61
+	SYS_USTAT                   = 62
+	SYS_DUP2                    = 63
+	SYS_GETPPID                 = 64
+	SYS_GETPGRP                 = 65
+	SYS_SETSID                  = 66
+	SYS_SIGACTION               = 67
+	SYS_SGETMASK                = 68
+	SYS_SSETMASK                = 69
+	SYS_SETREUID                = 70
+	SYS_SETREGID                = 71
+	SYS_SIGSUSPEND              = 72
+	SYS_SIGPENDING              = 73
+	SYS_SETHOSTNAME             = 74
+	SYS_SETRLIMIT               = 75
+	SYS_GETRLIMIT               = 76
+	SYS_GETRUSAGE               = 77
+	SYS_GETTIMEOFDAY            = 78
+	SYS_SETTIMEOFDAY            = 79
+	SYS_GETGROUPS               = 80
+	SYS_SETGROUPS               = 81
+	SYS_SELECT                  = 82
+	SYS_SYMLINK                 = 83
+	SYS_OLDLSTAT                = 84
+	SYS_READLINK                = 85
+	SYS_USELIB                  = 86
+	SYS_SWAPON                  = 87
+	SYS_REBOOT                  = 88
+	SYS_READDIR                 = 89
+	SYS_MMAP                    = 90
+	SYS_MUNMAP                  = 91
+	SYS_TRUNCATE                = 92
+	SYS_FTRUNCATE               = 93
+	SYS_FCHMOD                  = 94
+	SYS_FCHOWN                  = 95
+	SYS_GETPRIORITY             = 96
+	SYS_SETPRIORITY             = 97
+	SYS_PROFIL                  = 98
+	SYS_STATFS                  = 99
+	SYS_FSTATFS                 = 100
+	SYS_IOPERM                  = 101
+	SYS_SOCKETCALL              = 102
+	SYS_SYSLOG                  = 103
+	SYS_SETITIMER               = 104
+	SYS_GETITIMER               = 105
+	SYS_STAT                    = 106
+	SYS_LSTAT                   = 107
+	SYS_FSTAT                   = 108
+	SYS_OLDUNAME                = 109
+	SYS_IOPL                    = 110
+	SYS_VHANGUP                 = 111
+	SYS_IDLE                    = 112
+	SYS_VM86                    = 113
+	SYS_WAIT4                   = 114
+	SYS_SWAPOFF                 = 115
+	SYS_SYSINFO                 = 116
+	SYS_IPC                     = 117
+	SYS_FSYNC                   = 118
+	SYS_SIGRETURN               = 119
+	SYS_CLONE                   = 120
+	SYS_SETDOMAINNAME           = 121
+	SYS_UNAME                   = 122
+	SYS_MODIFY_LDT              = 123
+	SYS_ADJTIMEX                = 124
+	SYS_MPROTECT                = 125
+	SYS_SIGPROCMASK             = 126
+	SYS_CREATE_MODULE           = 127
+	SYS_INIT_MODULE             = 128
+	SYS_DELETE_MODULE           = 129
+	SYS_GET_KERNEL_SYMS         = 130
+	SYS_QUOTACTL                = 131
+	SYS_GETPGID                 = 132
+	SYS_FCHDIR                  = 133
+	SYS_BDFLUSH                 = 134
+	SYS_SYSFS                   = 135
+	SYS_PERSONALITY             = 136
+	SYS_AFS_SYSCALL             = 137
+	SYS_SETFSUID                = 138
+	SYS_SETFSGID                = 139
+	SYS__LLSEEK                 = 140
+	SYS_GETDENTS                = 141
+	SYS__NEWSELECT              = 142
+	SYS_FLOCK                   = 143
+	SYS_MSYNC                   = 144
+	SYS_READV                   = 145
+	SYS_WRITEV                  = 146
+	SYS_GETSID                  = 147
+	SYS_FDATASYNC               = 148
+	SYS__SYSCTL                 = 149
+	SYS_MLOCK                   = 150
+	SYS_MUNLOCK                 = 151
+	SYS_MLOCKALL                = 152
+	SYS_MUNLOCKALL              = 153
+	SYS_SCHED_SETPARAM          = 154
+	SYS_SCHED_GETPARAM          = 155
+	SYS_SCHED_SETSCHEDULER      = 156
+	SYS_SCHED_GETSCHEDULER      = 157
+	SYS_SCHED_YIELD             = 158
+	SYS_SCHED_GET_PRIORITY_MAX  = 159
+	SYS_SCHED_GET_PRIORITY_MIN  = 160
+	SYS_SCHED_RR_GET_INTERVAL   = 161
+	SYS_NANOSLEEP               = 162
+	SYS_MREMAP                  = 163
+	SYS_SETRESUID               = 164
+	SYS_GETRESUID               = 165
+	SYS_QUERY_MODULE            = 166
+	SYS_POLL                    = 167
+	SYS_NFSSERVCTL              = 168
+	SYS_SETRESGID               = 169
+	SYS_GETRESGID               = 170
+	SYS_PRCTL                   = 171
+	SYS_RT_SIGRETURN            = 172
+	SYS_RT_SIGACTION            = 173
+	SYS_RT_SIGPROCMASK          = 174
+	SYS_RT_SIGPENDING           = 175
+	SYS_RT_SIGTIMEDWAIT         = 176
+	SYS_RT_SIGQUEUEINFO         = 177
+	SYS_RT_SIGSUSPEND           = 178
+	SYS_PREAD64                 = 179
+	SYS_PWRITE64                = 180
+	SYS_CHOWN                   = 181
+	SYS_GETCWD                  = 182
+	SYS_CAPGET                  = 183
+	SYS_CAPSET                  = 184
+	SYS_SIGALTSTACK             = 185
+	SYS_SENDFILE                = 186
+	SYS_GETPMSG                 = 187
+	SYS_PUTPMSG                 = 188
+	SYS_VFORK                   = 189
+	SYS_UGETRLIMIT              = 190
+	SYS_READAHEAD               = 191
+	SYS_PCICONFIG_READ          = 198
+	SYS_PCICONFIG_WRITE         = 199
+	SYS_PCICONFIG_IOBASE        = 200
+	SYS_MULTIPLEXER             = 201
+	SYS_GETDENTS64              = 202
+	SYS_PIVOT_ROOT              = 203
+	SYS_MADVISE                 = 205
+	SYS_MINCORE                 = 206
+	SYS_GETTID                  = 207
+	SYS_TKILL                   = 208
+	SYS_SETXATTR                = 209
+	SYS_LSETXATTR               = 210
+	SYS_FSETXATTR               = 211
+	SYS_GETXATTR                = 212
+	SYS_LGETXATTR               = 213
+	SYS_FGETXATTR               = 214
+	SYS_LISTXATTR               = 215
+	SYS_LLISTXATTR              = 216
+	SYS_FLISTXATTR              = 217
+	SYS_REMOVEXATTR             = 218
+	SYS_LREMOVEXATTR            = 219
+	SYS_FREMOVEXATTR            = 220
+	SYS_FUTEX                   = 221
+	SYS_SCHED_SETAFFINITY       = 222
+	SYS_SCHED_GETAFFINITY       = 223
+	SYS_TUXCALL                 = 225
+	SYS_IO_SETUP                = 227
+	SYS_IO_DESTROY              = 228
+	SYS_IO_GETEVENTS            = 229
+	SYS_IO_SUBMIT               = 230
+	SYS_IO_CANCEL               = 231
+	SYS_SET_TID_ADDRESS         = 232
+	SYS_FADVISE64               = 233
+	SYS_EXIT_GROUP              = 234
+	SYS_LOOKUP_DCOOKIE          = 235
+	SYS_EPOLL_CREATE            = 236
+	SYS_EPOLL_CTL               = 237
+	SYS_EPOLL_WAIT              = 238
+	SYS_REMAP_FILE_PAGES        = 239
+	SYS_TIMER_CREATE            = 240
+	SYS_TIMER_SETTIME           = 241
+	SYS_TIMER_GETTIME           = 242
+	SYS_TIMER_GETOVERRUN        = 243
+	SYS_TIMER_DELETE            = 244
+	SYS_CLOCK_SETTIME           = 245
+	SYS_CLOCK_GETTIME           = 246
+	SYS_CLOCK_GETRES            = 247
+	SYS_CLOCK_NANOSLEEP         = 248
+	SYS_SWAPCONTEXT             = 249
+	SYS_TGKILL                  = 250
+	SYS_UTIMES                  = 251
+	SYS_STATFS64                = 252
+	SYS_FSTATFS64               = 253
+	SYS_RTAS                    = 255
+	SYS_SYS_DEBUG_SETCONTEXT    = 256
+	SYS_MIGRATE_PAGES           = 258
+	SYS_MBIND                   = 259
+	SYS_GET_MEMPOLICY           = 260
+	SYS_SET_MEMPOLICY           = 261
+	SYS_MQ_OPEN                 = 262
+	SYS_MQ_UNLINK               = 263
+	SYS_MQ_TIMEDSEND            = 264
+	SYS_MQ_TIMEDRECEIVE         = 265
+	SYS_MQ_NOTIFY               = 266
+	SYS_MQ_GETSETATTR           = 267
+	SYS_KEXEC_LOAD              = 268
+	SYS_ADD_KEY                 = 269
+	SYS_REQUEST_KEY             = 270
+	SYS_KEYCTL                  = 271
+	SYS_WAITID                  = 272
+	SYS_IOPRIO_SET              = 273
+	SYS_IOPRIO_GET              = 274
+	SYS_INOTIFY_INIT            = 275
+	SYS_INOTIFY_ADD_WATCH       = 276
+	SYS_INOTIFY_RM_WATCH        = 277
+	SYS_SPU_RUN                 = 278
+	SYS_SPU_CREATE              = 279
+	SYS_PSELECT6                = 280
+	SYS_PPOLL                   = 281
+	SYS_UNSHARE                 = 282
+	SYS_SPLICE                  = 283
+	SYS_TEE                     = 284
+	SYS_VMSPLICE                = 285
+	SYS_OPENAT                  = 286
+	SYS_MKDIRAT                 = 287
+	SYS_MKNODAT                 = 288
+	SYS_FCHOWNAT                = 289
+	SYS_FUTIMESAT               = 290
+	SYS_NEWFSTATAT              = 291
+	SYS_UNLINKAT                = 292
+	SYS_RENAMEAT                = 293
+	SYS_LINKAT                  = 294
+	SYS_SYMLINKAT               = 295
+	SYS_READLINKAT              = 296
+	SYS_FCHMODAT                = 297
+	SYS_FACCESSAT               = 298
+	SYS_GET_ROBUST_LIST         = 299
+	SYS_SET_ROBUST_LIST         = 300
+	SYS_MOVE_PAGES              = 301
+	SYS_GETCPU                  = 302
+	SYS_EPOLL_PWAIT             = 303
+	SYS_UTIMENSAT               = 304
+	SYS_SIGNALFD                = 305
+	SYS_TIMERFD_CREATE          = 306
+	SYS_EVENTFD                 = 307
+	SYS_SYNC_FILE_RANGE2        = 308
+	SYS_FALLOCATE               = 309
+	SYS_SUBPAGE_PROT            = 310
+	SYS_TIMERFD_SETTIME         = 311
+	SYS_TIMERFD_GETTIME         = 312
+	SYS_SIGNALFD4               = 313
+	SYS_EVENTFD2                = 314
+	SYS_EPOLL_CREATE1           = 315
+	SYS_DUP3                    = 316
+	SYS_PIPE2                   = 317
+	SYS_INOTIFY_INIT1           = 318
+	SYS_PERF_EVENT_OPEN         = 319
+	SYS_PREADV                  = 320
+	SYS_PWRITEV                 = 321
+	SYS_RT_TGSIGQUEUEINFO       = 322
+	SYS_FANOTIFY_INIT           = 323
+	SYS_FANOTIFY_MARK           = 324
+	SYS_PRLIMIT64               = 325
+	SYS_SOCKET                  = 326
+	SYS_BIND                    = 327
+	SYS_CONNECT                 = 328
+	SYS_LISTEN                  = 329
+	SYS_ACCEPT                  = 330
+	SYS_GETSOCKNAME             = 331
+	SYS_GETPEERNAME             = 332
+	SYS_SOCKETPAIR              = 333
+	SYS_SEND                    = 334
+	SYS_SENDTO                  = 335
+	SYS_RECV                    = 336
+	SYS_RECVFROM                = 337
+	SYS_SHUTDOWN                = 338
+	SYS_SETSOCKOPT              = 339
+	SYS_GETSOCKOPT              = 340
+	SYS_SENDMSG                 = 341
+	SYS_RECVMSG                 = 342
+	SYS_RECVMMSG                = 343
+	SYS_ACCEPT4                 = 344
+	SYS_NAME_TO_HANDLE_AT       = 345
+	SYS_OPEN_BY_HANDLE_AT       = 346
+	SYS_CLOCK_ADJTIME           = 347
+	SYS_SYNCFS                  = 348
+	SYS_SENDMMSG                = 349
+	SYS_SETNS                   = 350
+	SYS_PROCESS_VM_READV        = 351
+	SYS_PROCESS_VM_WRITEV       = 352
+	SYS_FINIT_MODULE            = 353
+	SYS_KCMP                    = 354
+	SYS_SCHED_SETATTR           = 355
+	SYS_SCHED_GETATTR           = 356
+	SYS_RENAMEAT2               = 357
+	SYS_SECCOMP                 = 358
+	SYS_GETRANDOM               = 359
+	SYS_MEMFD_CREATE            = 360
+	SYS_BPF                     = 361
+	SYS_EXECVEAT                = 362
+	SYS_SWITCH_ENDIAN           = 363
+	SYS_USERFAULTFD             = 364
+	SYS_MEMBARRIER              = 365
+	SYS_MLOCK2                  = 378
+	SYS_COPY_FILE_RANGE         = 379
+	SYS_PREADV2                 = 380
+	SYS_PWRITEV2                = 381
+	SYS_KEXEC_FILE_LOAD         = 382
+	SYS_STATX                   = 383
+	SYS_PKEY_ALLOC              = 384
+	SYS_PKEY_FREE               = 385
+	SYS_PKEY_MPROTECT           = 386
+	SYS_RSEQ                    = 387
+	SYS_IO_PGETEVENTS           = 388
+	SYS_SEMTIMEDOP              = 392
+	SYS_SEMGET                  = 393
+	SYS_SEMCTL                  = 394
+	SYS_SHMGET                  = 395
+	SYS_SHMCTL                  = 396
+	SYS_SHMAT                   = 397
+	SYS_SHMDT                   = 398
+	SYS_MSGGET                  = 399
+	SYS_MSGSND                  = 400
+	SYS_MSGRCV                  = 401
+	SYS_MSGCTL                  = 402
+	SYS_PIDFD_SEND_SIGNAL       = 424
+	SYS_IO_URING_SETUP          = 425
+	SYS_IO_URING_ENTER          = 426
+	SYS_IO_URING_REGISTER       = 427
+	SYS_OPEN_TREE               = 428
+	SYS_MOVE_MOUNT              = 429
+	SYS_FSOPEN                  = 430
+	SYS_FSCONFIG                = 431
+	SYS_FSMOUNT                 = 432
+	SYS_FSPICK                  = 433
+	SYS_PIDFD_OPEN              = 434
+	SYS_CLONE3                  = 435
+	SYS_CLOSE_RANGE             = 436
+	SYS_OPENAT2                 = 437
+	SYS_PIDFD_GETFD             = 438
+	SYS_FACCESSAT2              = 439
+	SYS_PROCESS_MADVISE         = 440
+	SYS_EPOLL_PWAIT2            = 441
+	SYS_MOUNT_SETATTR           = 442
+	SYS_QUOTACTL_FD             = 443
+	SYS_LANDLOCK_CREATE_RULESET = 444
+	SYS_LANDLOCK_ADD_RULE       = 445
+	SYS_LANDLOCK_RESTRICT_SELF  = 446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index 9623248a5ef14..bfc87ea444399 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -1,373 +1,410 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build ppc64le && linux
 // +build ppc64le,linux
 
 package unix
 
 const (
-	SYS_RESTART_SYSCALL        = 0
-	SYS_EXIT                   = 1
-	SYS_FORK                   = 2
-	SYS_READ                   = 3
-	SYS_WRITE                  = 4
-	SYS_OPEN                   = 5
-	SYS_CLOSE                  = 6
-	SYS_WAITPID                = 7
-	SYS_CREAT                  = 8
-	SYS_LINK                   = 9
-	SYS_UNLINK                 = 10
-	SYS_EXECVE                 = 11
-	SYS_CHDIR                  = 12
-	SYS_TIME                   = 13
-	SYS_MKNOD                  = 14
-	SYS_CHMOD                  = 15
-	SYS_LCHOWN                 = 16
-	SYS_BREAK                  = 17
-	SYS_OLDSTAT                = 18
-	SYS_LSEEK                  = 19
-	SYS_GETPID                 = 20
-	SYS_MOUNT                  = 21
-	SYS_UMOUNT                 = 22
-	SYS_SETUID                 = 23
-	SYS_GETUID                 = 24
-	SYS_STIME                  = 25
-	SYS_PTRACE                 = 26
-	SYS_ALARM                  = 27
-	SYS_OLDFSTAT               = 28
-	SYS_PAUSE                  = 29
-	SYS_UTIME                  = 30
-	SYS_STTY                   = 31
-	SYS_GTTY                   = 32
-	SYS_ACCESS                 = 33
-	SYS_NICE                   = 34
-	SYS_FTIME                  = 35
-	SYS_SYNC                   = 36
-	SYS_KILL                   = 37
-	SYS_RENAME                 = 38
-	SYS_MKDIR                  = 39
-	SYS_RMDIR                  = 40
-	SYS_DUP                    = 41
-	SYS_PIPE                   = 42
-	SYS_TIMES                  = 43
-	SYS_PROF                   = 44
-	SYS_BRK                    = 45
-	SYS_SETGID                 = 46
-	SYS_GETGID                 = 47
-	SYS_SIGNAL                 = 48
-	SYS_GETEUID                = 49
-	SYS_GETEGID                = 50
-	SYS_ACCT                   = 51
-	SYS_UMOUNT2                = 52
-	SYS_LOCK                   = 53
-	SYS_IOCTL                  = 54
-	SYS_FCNTL                  = 55
-	SYS_MPX                    = 56
-	SYS_SETPGID                = 57
-	SYS_ULIMIT                 = 58
-	SYS_OLDOLDUNAME            = 59
-	SYS_UMASK                  = 60
-	SYS_CHROOT                 = 61
-	SYS_USTAT                  = 62
-	SYS_DUP2                   = 63
-	SYS_GETPPID                = 64
-	SYS_GETPGRP                = 65
-	SYS_SETSID                 = 66
-	SYS_SIGACTION              = 67
-	SYS_SGETMASK               = 68
-	SYS_SSETMASK               = 69
-	SYS_SETREUID               = 70
-	SYS_SETREGID               = 71
-	SYS_SIGSUSPEND             = 72
-	SYS_SIGPENDING             = 73
-	SYS_SETHOSTNAME            = 74
-	SYS_SETRLIMIT              = 75
-	SYS_GETRLIMIT              = 76
-	SYS_GETRUSAGE              = 77
-	SYS_GETTIMEOFDAY           = 78
-	SYS_SETTIMEOFDAY           = 79
-	SYS_GETGROUPS              = 80
-	SYS_SETGROUPS              = 81
-	SYS_SELECT                 = 82
-	SYS_SYMLINK                = 83
-	SYS_OLDLSTAT               = 84
-	SYS_READLINK               = 85
-	SYS_USELIB                 = 86
-	SYS_SWAPON                 = 87
-	SYS_REBOOT                 = 88
-	SYS_READDIR                = 89
-	SYS_MMAP                   = 90
-	SYS_MUNMAP                 = 91
-	SYS_TRUNCATE               = 92
-	SYS_FTRUNCATE              = 93
-	SYS_FCHMOD                 = 94
-	SYS_FCHOWN                 = 95
-	SYS_GETPRIORITY            = 96
-	SYS_SETPRIORITY            = 97
-	SYS_PROFIL                 = 98
-	SYS_STATFS                 = 99
-	SYS_FSTATFS                = 100
-	SYS_IOPERM                 = 101
-	SYS_SOCKETCALL             = 102
-	SYS_SYSLOG                 = 103
-	SYS_SETITIMER              = 104
-	SYS_GETITIMER              = 105
-	SYS_STAT                   = 106
-	SYS_LSTAT                  = 107
-	SYS_FSTAT                  = 108
-	SYS_OLDUNAME               = 109
-	SYS_IOPL                   = 110
-	SYS_VHANGUP                = 111
-	SYS_IDLE                   = 112
-	SYS_VM86                   = 113
-	SYS_WAIT4                  = 114
-	SYS_SWAPOFF                = 115
-	SYS_SYSINFO                = 116
-	SYS_IPC                    = 117
-	SYS_FSYNC                  = 118
-	SYS_SIGRETURN              = 119
-	SYS_CLONE                  = 120
-	SYS_SETDOMAINNAME          = 121
-	SYS_UNAME                  = 122
-	SYS_MODIFY_LDT             = 123
-	SYS_ADJTIMEX               = 124
-	SYS_MPROTECT               = 125
-	SYS_SIGPROCMASK            = 126
-	SYS_CREATE_MODULE          = 127
-	SYS_INIT_MODULE            = 128
-	SYS_DELETE_MODULE          = 129
-	SYS_GET_KERNEL_SYMS        = 130
-	SYS_QUOTACTL               = 131
-	SYS_GETPGID                = 132
-	SYS_FCHDIR                 = 133
-	SYS_BDFLUSH                = 134
-	SYS_SYSFS                  = 135
-	SYS_PERSONALITY            = 136
-	SYS_AFS_SYSCALL            = 137
-	SYS_SETFSUID               = 138
-	SYS_SETFSGID               = 139
-	SYS__LLSEEK                = 140
-	SYS_GETDENTS               = 141
-	SYS__NEWSELECT             = 142
-	SYS_FLOCK                  = 143
-	SYS_MSYNC                  = 144
-	SYS_READV                  = 145
-	SYS_WRITEV                 = 146
-	SYS_GETSID                 = 147
-	SYS_FDATASYNC              = 148
-	SYS__SYSCTL                = 149
-	SYS_MLOCK                  = 150
-	SYS_MUNLOCK                = 151
-	SYS_MLOCKALL               = 152
-	SYS_MUNLOCKALL             = 153
-	SYS_SCHED_SETPARAM         = 154
-	SYS_SCHED_GETPARAM         = 155
-	SYS_SCHED_SETSCHEDULER     = 156
-	SYS_SCHED_GETSCHEDULER     = 157
-	SYS_SCHED_YIELD            = 158
-	SYS_SCHED_GET_PRIORITY_MAX = 159
-	SYS_SCHED_GET_PRIORITY_MIN = 160
-	SYS_SCHED_RR_GET_INTERVAL  = 161
-	SYS_NANOSLEEP              = 162
-	SYS_MREMAP                 = 163
-	SYS_SETRESUID              = 164
-	SYS_GETRESUID              = 165
-	SYS_QUERY_MODULE           = 166
-	SYS_POLL                   = 167
-	SYS_NFSSERVCTL             = 168
-	SYS_SETRESGID              = 169
-	SYS_GETRESGID              = 170
-	SYS_PRCTL                  = 171
-	SYS_RT_SIGRETURN           = 172
-	SYS_RT_SIGACTION           = 173
-	SYS_RT_SIGPROCMASK         = 174
-	SYS_RT_SIGPENDING          = 175
-	SYS_RT_SIGTIMEDWAIT        = 176
-	SYS_RT_SIGQUEUEINFO        = 177
-	SYS_RT_SIGSUSPEND          = 178
-	SYS_PREAD64                = 179
-	SYS_PWRITE64               = 180
-	SYS_CHOWN                  = 181
-	SYS_GETCWD                 = 182
-	SYS_CAPGET                 = 183
-	SYS_CAPSET                 = 184
-	SYS_SIGALTSTACK            = 185
-	SYS_SENDFILE               = 186
-	SYS_GETPMSG                = 187
-	SYS_PUTPMSG                = 188
-	SYS_VFORK                  = 189
-	SYS_UGETRLIMIT             = 190
-	SYS_READAHEAD              = 191
-	SYS_PCICONFIG_READ         = 198
-	SYS_PCICONFIG_WRITE        = 199
-	SYS_PCICONFIG_IOBASE       = 200
-	SYS_MULTIPLEXER            = 201
-	SYS_GETDENTS64             = 202
-	SYS_PIVOT_ROOT             = 203
-	SYS_MADVISE                = 205
-	SYS_MINCORE                = 206
-	SYS_GETTID                 = 207
-	SYS_TKILL                  = 208
-	SYS_SETXATTR               = 209
-	SYS_LSETXATTR              = 210
-	SYS_FSETXATTR              = 211
-	SYS_GETXATTR               = 212
-	SYS_LGETXATTR              = 213
-	SYS_FGETXATTR              = 214
-	SYS_LISTXATTR              = 215
-	SYS_LLISTXATTR             = 216
-	SYS_FLISTXATTR             = 217
-	SYS_REMOVEXATTR            = 218
-	SYS_LREMOVEXATTR           = 219
-	SYS_FREMOVEXATTR           = 220
-	SYS_FUTEX                  = 221
-	SYS_SCHED_SETAFFINITY      = 222
-	SYS_SCHED_GETAFFINITY      = 223
-	SYS_TUXCALL                = 225
-	SYS_IO_SETUP               = 227
-	SYS_IO_DESTROY             = 228
-	SYS_IO_GETEVENTS           = 229
-	SYS_IO_SUBMIT              = 230
-	SYS_IO_CANCEL              = 231
-	SYS_SET_TID_ADDRESS        = 232
-	SYS_FADVISE64              = 233
-	SYS_EXIT_GROUP             = 234
-	SYS_LOOKUP_DCOOKIE         = 235
-	SYS_EPOLL_CREATE           = 236
-	SYS_EPOLL_CTL              = 237
-	SYS_EPOLL_WAIT             = 238
-	SYS_REMAP_FILE_PAGES       = 239
-	SYS_TIMER_CREATE           = 240
-	SYS_TIMER_SETTIME          = 241
-	SYS_TIMER_GETTIME          = 242
-	SYS_TIMER_GETOVERRUN       = 243
-	SYS_TIMER_DELETE           = 244
-	SYS_CLOCK_SETTIME          = 245
-	SYS_CLOCK_GETTIME          = 246
-	SYS_CLOCK_GETRES           = 247
-	SYS_CLOCK_NANOSLEEP        = 248
-	SYS_SWAPCONTEXT            = 249
-	SYS_TGKILL                 = 250
-	SYS_UTIMES                 = 251
-	SYS_STATFS64               = 252
-	SYS_FSTATFS64              = 253
-	SYS_RTAS                   = 255
-	SYS_SYS_DEBUG_SETCONTEXT   = 256
-	SYS_MIGRATE_PAGES          = 258
-	SYS_MBIND                  = 259
-	SYS_GET_MEMPOLICY          = 260
-	SYS_SET_MEMPOLICY          = 261
-	SYS_MQ_OPEN                = 262
-	SYS_MQ_UNLINK              = 263
-	SYS_MQ_TIMEDSEND           = 264
-	SYS_MQ_TIMEDRECEIVE        = 265
-	SYS_MQ_NOTIFY              = 266
-	SYS_MQ_GETSETATTR          = 267
-	SYS_KEXEC_LOAD             = 268
-	SYS_ADD_KEY                = 269
-	SYS_REQUEST_KEY            = 270
-	SYS_KEYCTL                 = 271
-	SYS_WAITID                 = 272
-	SYS_IOPRIO_SET             = 273
-	SYS_IOPRIO_GET             = 274
-	SYS_INOTIFY_INIT           = 275
-	SYS_INOTIFY_ADD_WATCH      = 276
-	SYS_INOTIFY_RM_WATCH       = 277
-	SYS_SPU_RUN                = 278
-	SYS_SPU_CREATE             = 279
-	SYS_PSELECT6               = 280
-	SYS_PPOLL                  = 281
-	SYS_UNSHARE                = 282
-	SYS_SPLICE                 = 283
-	SYS_TEE                    = 284
-	SYS_VMSPLICE               = 285
-	SYS_OPENAT                 = 286
-	SYS_MKDIRAT                = 287
-	SYS_MKNODAT                = 288
-	SYS_FCHOWNAT               = 289
-	SYS_FUTIMESAT              = 290
-	SYS_NEWFSTATAT             = 291
-	SYS_UNLINKAT               = 292
-	SYS_RENAMEAT               = 293
-	SYS_LINKAT                 = 294
-	SYS_SYMLINKAT              = 295
-	SYS_READLINKAT             = 296
-	SYS_FCHMODAT               = 297
-	SYS_FACCESSAT              = 298
-	SYS_GET_ROBUST_LIST        = 299
-	SYS_SET_ROBUST_LIST        = 300
-	SYS_MOVE_PAGES             = 301
-	SYS_GETCPU                 = 302
-	SYS_EPOLL_PWAIT            = 303
-	SYS_UTIMENSAT              = 304
-	SYS_SIGNALFD               = 305
-	SYS_TIMERFD_CREATE         = 306
-	SYS_EVENTFD                = 307
-	SYS_SYNC_FILE_RANGE2       = 308
-	SYS_FALLOCATE              = 309
-	SYS_SUBPAGE_PROT           = 310
-	SYS_TIMERFD_SETTIME        = 311
-	SYS_TIMERFD_GETTIME        = 312
-	SYS_SIGNALFD4              = 313
-	SYS_EVENTFD2               = 314
-	SYS_EPOLL_CREATE1          = 315
-	SYS_DUP3                   = 316
-	SYS_PIPE2                  = 317
-	SYS_INOTIFY_INIT1          = 318
-	SYS_PERF_EVENT_OPEN        = 319
-	SYS_PREADV                 = 320
-	SYS_PWRITEV                = 321
-	SYS_RT_TGSIGQUEUEINFO      = 322
-	SYS_FANOTIFY_INIT          = 323
-	SYS_FANOTIFY_MARK          = 324
-	SYS_PRLIMIT64              = 325
-	SYS_SOCKET                 = 326
-	SYS_BIND                   = 327
-	SYS_CONNECT                = 328
-	SYS_LISTEN                 = 329
-	SYS_ACCEPT                 = 330
-	SYS_GETSOCKNAME            = 331
-	SYS_GETPEERNAME            = 332
-	SYS_SOCKETPAIR             = 333
-	SYS_SEND                   = 334
-	SYS_SENDTO                 = 335
-	SYS_RECV                   = 336
-	SYS_RECVFROM               = 337
-	SYS_SHUTDOWN               = 338
-	SYS_SETSOCKOPT             = 339
-	SYS_GETSOCKOPT             = 340
-	SYS_SENDMSG                = 341
-	SYS_RECVMSG                = 342
-	SYS_RECVMMSG               = 343
-	SYS_ACCEPT4                = 344
-	SYS_NAME_TO_HANDLE_AT      = 345
-	SYS_OPEN_BY_HANDLE_AT      = 346
-	SYS_CLOCK_ADJTIME          = 347
-	SYS_SYNCFS                 = 348
-	SYS_SENDMMSG               = 349
-	SYS_SETNS                  = 350
-	SYS_PROCESS_VM_READV       = 351
-	SYS_PROCESS_VM_WRITEV      = 352
-	SYS_FINIT_MODULE           = 353
-	SYS_KCMP                   = 354
-	SYS_SCHED_SETATTR          = 355
-	SYS_SCHED_GETATTR          = 356
-	SYS_RENAMEAT2              = 357
-	SYS_SECCOMP                = 358
-	SYS_GETRANDOM              = 359
-	SYS_MEMFD_CREATE           = 360
-	SYS_BPF                    = 361
-	SYS_EXECVEAT               = 362
-	SYS_SWITCH_ENDIAN          = 363
-	SYS_USERFAULTFD            = 364
-	SYS_MEMBARRIER             = 365
-	SYS_MLOCK2                 = 378
-	SYS_COPY_FILE_RANGE        = 379
-	SYS_PREADV2                = 380
-	SYS_PWRITEV2               = 381
-	SYS_KEXEC_FILE_LOAD        = 382
-	SYS_STATX                  = 383
-	SYS_PKEY_ALLOC             = 384
-	SYS_PKEY_FREE              = 385
-	SYS_PKEY_MPROTECT          = 386
+	SYS_RESTART_SYSCALL         = 0
+	SYS_EXIT                    = 1
+	SYS_FORK                    = 2
+	SYS_READ                    = 3
+	SYS_WRITE                   = 4
+	SYS_OPEN                    = 5
+	SYS_CLOSE                   = 6
+	SYS_WAITPID                 = 7
+	SYS_CREAT                   = 8
+	SYS_LINK                    = 9
+	SYS_UNLINK                  = 10
+	SYS_EXECVE                  = 11
+	SYS_CHDIR                   = 12
+	SYS_TIME                    = 13
+	SYS_MKNOD                   = 14
+	SYS_CHMOD                   = 15
+	SYS_LCHOWN                  = 16
+	SYS_BREAK                   = 17
+	SYS_OLDSTAT                 = 18
+	SYS_LSEEK                   = 19
+	SYS_GETPID                  = 20
+	SYS_MOUNT                   = 21
+	SYS_UMOUNT                  = 22
+	SYS_SETUID                  = 23
+	SYS_GETUID                  = 24
+	SYS_STIME                   = 25
+	SYS_PTRACE                  = 26
+	SYS_ALARM                   = 27
+	SYS_OLDFSTAT                = 28
+	SYS_PAUSE                   = 29
+	SYS_UTIME                   = 30
+	SYS_STTY                    = 31
+	SYS_GTTY                    = 32
+	SYS_ACCESS                  = 33
+	SYS_NICE                    = 34
+	SYS_FTIME                   = 35
+	SYS_SYNC                    = 36
+	SYS_KILL                    = 37
+	SYS_RENAME                  = 38
+	SYS_MKDIR                   = 39
+	SYS_RMDIR                   = 40
+	SYS_DUP                     = 41
+	SYS_PIPE                    = 42
+	SYS_TIMES                   = 43
+	SYS_PROF                    = 44
+	SYS_BRK                     = 45
+	SYS_SETGID                  = 46
+	SYS_GETGID                  = 47
+	SYS_SIGNAL                  = 48
+	SYS_GETEUID                 = 49
+	SYS_GETEGID                 = 50
+	SYS_ACCT                    = 51
+	SYS_UMOUNT2                 = 52
+	SYS_LOCK                    = 53
+	SYS_IOCTL                   = 54
+	SYS_FCNTL                   = 55
+	SYS_MPX                     = 56
+	SYS_SETPGID                 = 57
+	SYS_ULIMIT                  = 58
+	SYS_OLDOLDUNAME             = 59
+	SYS_UMASK                   = 60
+	SYS_CHROOT                  = 61
+	SYS_USTAT                   = 62
+	SYS_DUP2                    = 63
+	SYS_GETPPID                 = 64
+	SYS_GETPGRP                 = 65
+	SYS_SETSID                  = 66
+	SYS_SIGACTION               = 67
+	SYS_SGETMASK                = 68
+	SYS_SSETMASK                = 69
+	SYS_SETREUID                = 70
+	SYS_SETREGID                = 71
+	SYS_SIGSUSPEND              = 72
+	SYS_SIGPENDING              = 73
+	SYS_SETHOSTNAME             = 74
+	SYS_SETRLIMIT               = 75
+	SYS_GETRLIMIT               = 76
+	SYS_GETRUSAGE               = 77
+	SYS_GETTIMEOFDAY            = 78
+	SYS_SETTIMEOFDAY            = 79
+	SYS_GETGROUPS               = 80
+	SYS_SETGROUPS               = 81
+	SYS_SELECT                  = 82
+	SYS_SYMLINK                 = 83
+	SYS_OLDLSTAT                = 84
+	SYS_READLINK                = 85
+	SYS_USELIB                  = 86
+	SYS_SWAPON                  = 87
+	SYS_REBOOT                  = 88
+	SYS_READDIR                 = 89
+	SYS_MMAP                    = 90
+	SYS_MUNMAP                  = 91
+	SYS_TRUNCATE                = 92
+	SYS_FTRUNCATE               = 93
+	SYS_FCHMOD                  = 94
+	SYS_FCHOWN                  = 95
+	SYS_GETPRIORITY             = 96
+	SYS_SETPRIORITY             = 97
+	SYS_PROFIL                  = 98
+	SYS_STATFS                  = 99
+	SYS_FSTATFS                 = 100
+	SYS_IOPERM                  = 101
+	SYS_SOCKETCALL              = 102
+	SYS_SYSLOG                  = 103
+	SYS_SETITIMER               = 104
+	SYS_GETITIMER               = 105
+	SYS_STAT                    = 106
+	SYS_LSTAT                   = 107
+	SYS_FSTAT                   = 108
+	SYS_OLDUNAME                = 109
+	SYS_IOPL                    = 110
+	SYS_VHANGUP                 = 111
+	SYS_IDLE                    = 112
+	SYS_VM86                    = 113
+	SYS_WAIT4                   = 114
+	SYS_SWAPOFF                 = 115
+	SYS_SYSINFO                 = 116
+	SYS_IPC                     = 117
+	SYS_FSYNC                   = 118
+	SYS_SIGRETURN               = 119
+	SYS_CLONE                   = 120
+	SYS_SETDOMAINNAME           = 121
+	SYS_UNAME                   = 122
+	SYS_MODIFY_LDT              = 123
+	SYS_ADJTIMEX                = 124
+	SYS_MPROTECT                = 125
+	SYS_SIGPROCMASK             = 126
+	SYS_CREATE_MODULE           = 127
+	SYS_INIT_MODULE             = 128
+	SYS_DELETE_MODULE           = 129
+	SYS_GET_KERNEL_SYMS         = 130
+	SYS_QUOTACTL                = 131
+	SYS_GETPGID                 = 132
+	SYS_FCHDIR                  = 133
+	SYS_BDFLUSH                 = 134
+	SYS_SYSFS                   = 135
+	SYS_PERSONALITY             = 136
+	SYS_AFS_SYSCALL             = 137
+	SYS_SETFSUID                = 138
+	SYS_SETFSGID                = 139
+	SYS__LLSEEK                 = 140
+	SYS_GETDENTS                = 141
+	SYS__NEWSELECT              = 142
+	SYS_FLOCK                   = 143
+	SYS_MSYNC                   = 144
+	SYS_READV                   = 145
+	SYS_WRITEV                  = 146
+	SYS_GETSID                  = 147
+	SYS_FDATASYNC               = 148
+	SYS__SYSCTL                 = 149
+	SYS_MLOCK                   = 150
+	SYS_MUNLOCK                 = 151
+	SYS_MLOCKALL                = 152
+	SYS_MUNLOCKALL              = 153
+	SYS_SCHED_SETPARAM          = 154
+	SYS_SCHED_GETPARAM          = 155
+	SYS_SCHED_SETSCHEDULER      = 156
+	SYS_SCHED_GETSCHEDULER      = 157
+	SYS_SCHED_YIELD             = 158
+	SYS_SCHED_GET_PRIORITY_MAX  = 159
+	SYS_SCHED_GET_PRIORITY_MIN  = 160
+	SYS_SCHED_RR_GET_INTERVAL   = 161
+	SYS_NANOSLEEP               = 162
+	SYS_MREMAP                  = 163
+	SYS_SETRESUID               = 164
+	SYS_GETRESUID               = 165
+	SYS_QUERY_MODULE            = 166
+	SYS_POLL                    = 167
+	SYS_NFSSERVCTL              = 168
+	SYS_SETRESGID               = 169
+	SYS_GETRESGID               = 170
+	SYS_PRCTL                   = 171
+	SYS_RT_SIGRETURN            = 172
+	SYS_RT_SIGACTION            = 173
+	SYS_RT_SIGPROCMASK          = 174
+	SYS_RT_SIGPENDING           = 175
+	SYS_RT_SIGTIMEDWAIT         = 176
+	SYS_RT_SIGQUEUEINFO         = 177
+	SYS_RT_SIGSUSPEND           = 178
+	SYS_PREAD64                 = 179
+	SYS_PWRITE64                = 180
+	SYS_CHOWN                   = 181
+	SYS_GETCWD                  = 182
+	SYS_CAPGET                  = 183
+	SYS_CAPSET                  = 184
+	SYS_SIGALTSTACK             = 185
+	SYS_SENDFILE                = 186
+	SYS_GETPMSG                 = 187
+	SYS_PUTPMSG                 = 188
+	SYS_VFORK                   = 189
+	SYS_UGETRLIMIT              = 190
+	SYS_READAHEAD               = 191
+	SYS_PCICONFIG_READ          = 198
+	SYS_PCICONFIG_WRITE         = 199
+	SYS_PCICONFIG_IOBASE        = 200
+	SYS_MULTIPLEXER             = 201
+	SYS_GETDENTS64              = 202
+	SYS_PIVOT_ROOT              = 203
+	SYS_MADVISE                 = 205
+	SYS_MINCORE                 = 206
+	SYS_GETTID                  = 207
+	SYS_TKILL                   = 208
+	SYS_SETXATTR                = 209
+	SYS_LSETXATTR               = 210
+	SYS_FSETXATTR               = 211
+	SYS_GETXATTR                = 212
+	SYS_LGETXATTR               = 213
+	SYS_FGETXATTR               = 214
+	SYS_LISTXATTR               = 215
+	SYS_LLISTXATTR              = 216
+	SYS_FLISTXATTR              = 217
+	SYS_REMOVEXATTR             = 218
+	SYS_LREMOVEXATTR            = 219
+	SYS_FREMOVEXATTR            = 220
+	SYS_FUTEX                   = 221
+	SYS_SCHED_SETAFFINITY       = 222
+	SYS_SCHED_GETAFFINITY       = 223
+	SYS_TUXCALL                 = 225
+	SYS_IO_SETUP                = 227
+	SYS_IO_DESTROY              = 228
+	SYS_IO_GETEVENTS            = 229
+	SYS_IO_SUBMIT               = 230
+	SYS_IO_CANCEL               = 231
+	SYS_SET_TID_ADDRESS         = 232
+	SYS_FADVISE64               = 233
+	SYS_EXIT_GROUP              = 234
+	SYS_LOOKUP_DCOOKIE          = 235
+	SYS_EPOLL_CREATE            = 236
+	SYS_EPOLL_CTL               = 237
+	SYS_EPOLL_WAIT              = 238
+	SYS_REMAP_FILE_PAGES        = 239
+	SYS_TIMER_CREATE            = 240
+	SYS_TIMER_SETTIME           = 241
+	SYS_TIMER_GETTIME           = 242
+	SYS_TIMER_GETOVERRUN        = 243
+	SYS_TIMER_DELETE            = 244
+	SYS_CLOCK_SETTIME           = 245
+	SYS_CLOCK_GETTIME           = 246
+	SYS_CLOCK_GETRES            = 247
+	SYS_CLOCK_NANOSLEEP         = 248
+	SYS_SWAPCONTEXT             = 249
+	SYS_TGKILL                  = 250
+	SYS_UTIMES                  = 251
+	SYS_STATFS64                = 252
+	SYS_FSTATFS64               = 253
+	SYS_RTAS                    = 255
+	SYS_SYS_DEBUG_SETCONTEXT    = 256
+	SYS_MIGRATE_PAGES           = 258
+	SYS_MBIND                   = 259
+	SYS_GET_MEMPOLICY           = 260
+	SYS_SET_MEMPOLICY           = 261
+	SYS_MQ_OPEN                 = 262
+	SYS_MQ_UNLINK               = 263
+	SYS_MQ_TIMEDSEND            = 264
+	SYS_MQ_TIMEDRECEIVE         = 265
+	SYS_MQ_NOTIFY               = 266
+	SYS_MQ_GETSETATTR           = 267
+	SYS_KEXEC_LOAD              = 268
+	SYS_ADD_KEY                 = 269
+	SYS_REQUEST_KEY             = 270
+	SYS_KEYCTL                  = 271
+	SYS_WAITID                  = 272
+	SYS_IOPRIO_SET              = 273
+	SYS_IOPRIO_GET              = 274
+	SYS_INOTIFY_INIT            = 275
+	SYS_INOTIFY_ADD_WATCH       = 276
+	SYS_INOTIFY_RM_WATCH        = 277
+	SYS_SPU_RUN                 = 278
+	SYS_SPU_CREATE              = 279
+	SYS_PSELECT6                = 280
+	SYS_PPOLL                   = 281
+	SYS_UNSHARE                 = 282
+	SYS_SPLICE                  = 283
+	SYS_TEE                     = 284
+	SYS_VMSPLICE                = 285
+	SYS_OPENAT                  = 286
+	SYS_MKDIRAT                 = 287
+	SYS_MKNODAT                 = 288
+	SYS_FCHOWNAT                = 289
+	SYS_FUTIMESAT               = 290
+	SYS_NEWFSTATAT              = 291
+	SYS_UNLINKAT                = 292
+	SYS_RENAMEAT                = 293
+	SYS_LINKAT                  = 294
+	SYS_SYMLINKAT               = 295
+	SYS_READLINKAT              = 296
+	SYS_FCHMODAT                = 297
+	SYS_FACCESSAT               = 298
+	SYS_GET_ROBUST_LIST         = 299
+	SYS_SET_ROBUST_LIST         = 300
+	SYS_MOVE_PAGES              = 301
+	SYS_GETCPU                  = 302
+	SYS_EPOLL_PWAIT             = 303
+	SYS_UTIMENSAT               = 304
+	SYS_SIGNALFD                = 305
+	SYS_TIMERFD_CREATE          = 306
+	SYS_EVENTFD                 = 307
+	SYS_SYNC_FILE_RANGE2        = 308
+	SYS_FALLOCATE               = 309
+	SYS_SUBPAGE_PROT            = 310
+	SYS_TIMERFD_SETTIME         = 311
+	SYS_TIMERFD_GETTIME         = 312
+	SYS_SIGNALFD4               = 313
+	SYS_EVENTFD2                = 314
+	SYS_EPOLL_CREATE1           = 315
+	SYS_DUP3                    = 316
+	SYS_PIPE2                   = 317
+	SYS_INOTIFY_INIT1           = 318
+	SYS_PERF_EVENT_OPEN         = 319
+	SYS_PREADV                  = 320
+	SYS_PWRITEV                 = 321
+	SYS_RT_TGSIGQUEUEINFO       = 322
+	SYS_FANOTIFY_INIT           = 323
+	SYS_FANOTIFY_MARK           = 324
+	SYS_PRLIMIT64               = 325
+	SYS_SOCKET                  = 326
+	SYS_BIND                    = 327
+	SYS_CONNECT                 = 328
+	SYS_LISTEN                  = 329
+	SYS_ACCEPT                  = 330
+	SYS_GETSOCKNAME             = 331
+	SYS_GETPEERNAME             = 332
+	SYS_SOCKETPAIR              = 333
+	SYS_SEND                    = 334
+	SYS_SENDTO                  = 335
+	SYS_RECV                    = 336
+	SYS_RECVFROM                = 337
+	SYS_SHUTDOWN                = 338
+	SYS_SETSOCKOPT              = 339
+	SYS_GETSOCKOPT              = 340
+	SYS_SENDMSG                 = 341
+	SYS_RECVMSG                 = 342
+	SYS_RECVMMSG                = 343
+	SYS_ACCEPT4                 = 344
+	SYS_NAME_TO_HANDLE_AT       = 345
+	SYS_OPEN_BY_HANDLE_AT       = 346
+	SYS_CLOCK_ADJTIME           = 347
+	SYS_SYNCFS                  = 348
+	SYS_SENDMMSG                = 349
+	SYS_SETNS                   = 350
+	SYS_PROCESS_VM_READV        = 351
+	SYS_PROCESS_VM_WRITEV       = 352
+	SYS_FINIT_MODULE            = 353
+	SYS_KCMP                    = 354
+	SYS_SCHED_SETATTR           = 355
+	SYS_SCHED_GETATTR           = 356
+	SYS_RENAMEAT2               = 357
+	SYS_SECCOMP                 = 358
+	SYS_GETRANDOM               = 359
+	SYS_MEMFD_CREATE            = 360
+	SYS_BPF                     = 361
+	SYS_EXECVEAT                = 362
+	SYS_SWITCH_ENDIAN           = 363
+	SYS_USERFAULTFD             = 364
+	SYS_MEMBARRIER              = 365
+	SYS_MLOCK2                  = 378
+	SYS_COPY_FILE_RANGE         = 379
+	SYS_PREADV2                 = 380
+	SYS_PWRITEV2                = 381
+	SYS_KEXEC_FILE_LOAD         = 382
+	SYS_STATX                   = 383
+	SYS_PKEY_ALLOC              = 384
+	SYS_PKEY_FREE               = 385
+	SYS_PKEY_MPROTECT           = 386
+	SYS_RSEQ                    = 387
+	SYS_IO_PGETEVENTS           = 388
+	SYS_SEMTIMEDOP              = 392
+	SYS_SEMGET                  = 393
+	SYS_SEMCTL                  = 394
+	SYS_SHMGET                  = 395
+	SYS_SHMCTL                  = 396
+	SYS_SHMAT                   = 397
+	SYS_SHMDT                   = 398
+	SYS_MSGGET                  = 399
+	SYS_MSGSND                  = 400
+	SYS_MSGRCV                  = 401
+	SYS_MSGCTL                  = 402
+	SYS_PIDFD_SEND_SIGNAL       = 424
+	SYS_IO_URING_SETUP          = 425
+	SYS_IO_URING_ENTER          = 426
+	SYS_IO_URING_REGISTER       = 427
+	SYS_OPEN_TREE               = 428
+	SYS_MOVE_MOUNT              = 429
+	SYS_FSOPEN                  = 430
+	SYS_FSCONFIG                = 431
+	SYS_FSMOUNT                 = 432
+	SYS_FSPICK                  = 433
+	SYS_PIDFD_OPEN              = 434
+	SYS_CLONE3                  = 435
+	SYS_CLOSE_RANGE             = 436
+	SYS_OPENAT2                 = 437
+	SYS_PIDFD_GETFD             = 438
+	SYS_FACCESSAT2              = 439
+	SYS_PROCESS_MADVISE         = 440
+	SYS_EPOLL_PWAIT2            = 441
+	SYS_MOUNT_SETATTR           = 442
+	SYS_QUOTACTL_FD             = 443
+	SYS_LANDLOCK_CREATE_RULESET = 444
+	SYS_LANDLOCK_ADD_RULE       = 445
+	SYS_LANDLOCK_RESTRICT_SELF  = 446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
new file mode 100644
index 0000000000000..a390e147d3c22
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -0,0 +1,312 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build riscv64 && linux
+// +build riscv64,linux
+
+package unix
+
+const (
+	SYS_IO_SETUP                = 0
+	SYS_IO_DESTROY              = 1
+	SYS_IO_SUBMIT               = 2
+	SYS_IO_CANCEL               = 3
+	SYS_IO_GETEVENTS            = 4
+	SYS_SETXATTR                = 5
+	SYS_LSETXATTR               = 6
+	SYS_FSETXATTR               = 7
+	SYS_GETXATTR                = 8
+	SYS_LGETXATTR               = 9
+	SYS_FGETXATTR               = 10
+	SYS_LISTXATTR               = 11
+	SYS_LLISTXATTR              = 12
+	SYS_FLISTXATTR              = 13
+	SYS_REMOVEXATTR             = 14
+	SYS_LREMOVEXATTR            = 15
+	SYS_FREMOVEXATTR            = 16
+	SYS_GETCWD                  = 17
+	SYS_LOOKUP_DCOOKIE          = 18
+	SYS_EVENTFD2                = 19
+	SYS_EPOLL_CREATE1           = 20
+	SYS_EPOLL_CTL               = 21
+	SYS_EPOLL_PWAIT             = 22
+	SYS_DUP                     = 23
+	SYS_DUP3                    = 24
+	SYS_FCNTL                   = 25
+	SYS_INOTIFY_INIT1           = 26
+	SYS_INOTIFY_ADD_WATCH       = 27
+	SYS_INOTIFY_RM_WATCH        = 28
+	SYS_IOCTL                   = 29
+	SYS_IOPRIO_SET              = 30
+	SYS_IOPRIO_GET              = 31
+	SYS_FLOCK                   = 32
+	SYS_MKNODAT                 = 33
+	SYS_MKDIRAT                 = 34
+	SYS_UNLINKAT                = 35
+	SYS_SYMLINKAT               = 36
+	SYS_LINKAT                  = 37
+	SYS_UMOUNT2                 = 39
+	SYS_MOUNT                   = 40
+	SYS_PIVOT_ROOT              = 41
+	SYS_NFSSERVCTL              = 42
+	SYS_STATFS                  = 43
+	SYS_FSTATFS                 = 44
+	SYS_TRUNCATE                = 45
+	SYS_FTRUNCATE               = 46
+	SYS_FALLOCATE               = 47
+	SYS_FACCESSAT               = 48
+	SYS_CHDIR                   = 49
+	SYS_FCHDIR                  = 50
+	SYS_CHROOT                  = 51
+	SYS_FCHMOD                  = 52
+	SYS_FCHMODAT                = 53
+	SYS_FCHOWNAT                = 54
+	SYS_FCHOWN                  = 55
+	SYS_OPENAT                  = 56
+	SYS_CLOSE                   = 57
+	SYS_VHANGUP                 = 58
+	SYS_PIPE2                   = 59
+	SYS_QUOTACTL                = 60
+	SYS_GETDENTS64              = 61
+	SYS_LSEEK                   = 62
+	SYS_READ                    = 63
+	SYS_WRITE                   = 64
+	SYS_READV                   = 65
+	SYS_WRITEV                  = 66
+	SYS_PREAD64                 = 67
+	SYS_PWRITE64                = 68
+	SYS_PREADV                  = 69
+	SYS_PWRITEV                 = 70
+	SYS_SENDFILE                = 71
+	SYS_PSELECT6                = 72
+	SYS_PPOLL                   = 73
+	SYS_SIGNALFD4               = 74
+	SYS_VMSPLICE                = 75
+	SYS_SPLICE                  = 76
+	SYS_TEE                     = 77
+	SYS_READLINKAT              = 78
+	SYS_FSTATAT                 = 79
+	SYS_FSTAT                   = 80
+	SYS_SYNC                    = 81
+	SYS_FSYNC                   = 82
+	SYS_FDATASYNC               = 83
+	SYS_SYNC_FILE_RANGE         = 84
+	SYS_TIMERFD_CREATE          = 85
+	SYS_TIMERFD_SETTIME         = 86
+	SYS_TIMERFD_GETTIME         = 87
+	SYS_UTIMENSAT               = 88
+	SYS_ACCT                    = 89
+	SYS_CAPGET                  = 90
+	SYS_CAPSET                  = 91
+	SYS_PERSONALITY             = 92
+	SYS_EXIT                    = 93
+	SYS_EXIT_GROUP              = 94
+	SYS_WAITID                  = 95
+	SYS_SET_TID_ADDRESS         = 96
+	SYS_UNSHARE                 = 97
+	SYS_FUTEX                   = 98
+	SYS_SET_ROBUST_LIST         = 99
+	SYS_GET_ROBUST_LIST         = 100
+	SYS_NANOSLEEP               = 101
+	SYS_GETITIMER               = 102
+	SYS_SETITIMER               = 103
+	SYS_KEXEC_LOAD              = 104
+	SYS_INIT_MODULE             = 105
+	SYS_DELETE_MODULE           = 106
+	SYS_TIMER_CREATE            = 107
+	SYS_TIMER_GETTIME           = 108
+	SYS_TIMER_GETOVERRUN        = 109
+	SYS_TIMER_SETTIME           = 110
+	SYS_TIMER_DELETE            = 111
+	SYS_CLOCK_SETTIME           = 112
+	SYS_CLOCK_GETTIME           = 113
+	SYS_CLOCK_GETRES            = 114
+	SYS_CLOCK_NANOSLEEP         = 115
+	SYS_SYSLOG                  = 116
+	SYS_PTRACE                  = 117
+	SYS_SCHED_SETPARAM          = 118
+	SYS_SCHED_SETSCHEDULER      = 119
+	SYS_SCHED_GETSCHEDULER      = 120
+	SYS_SCHED_GETPARAM          = 121
+	SYS_SCHED_SETAFFINITY       = 122
+	SYS_SCHED_GETAFFINITY       = 123
+	SYS_SCHED_YIELD             = 124
+	SYS_SCHED_GET_PRIORITY_MAX  = 125
+	SYS_SCHED_GET_PRIORITY_MIN  = 126
+	SYS_SCHED_RR_GET_INTERVAL   = 127
+	SYS_RESTART_SYSCALL         = 128
+	SYS_KILL                    = 129
+	SYS_TKILL                   = 130
+	SYS_TGKILL                  = 131
+	SYS_SIGALTSTACK             = 132
+	SYS_RT_SIGSUSPEND           = 133
+	SYS_RT_SIGACTION            = 134
+	SYS_RT_SIGPROCMASK          = 135
+	SYS_RT_SIGPENDING           = 136
+	SYS_RT_SIGTIMEDWAIT         = 137
+	SYS_RT_SIGQUEUEINFO         = 138
+	SYS_RT_SIGRETURN            = 139
+	SYS_SETPRIORITY             = 140
+	SYS_GETPRIORITY             = 141
+	SYS_REBOOT                  = 142
+	SYS_SETREGID                = 143
+	SYS_SETGID                  = 144
+	SYS_SETREUID                = 145
+	SYS_SETUID                  = 146
+	SYS_SETRESUID               = 147
+	SYS_GETRESUID               = 148
+	SYS_SETRESGID               = 149
+	SYS_GETRESGID               = 150
+	SYS_SETFSUID                = 151
+	SYS_SETFSGID                = 152
+	SYS_TIMES                   = 153
+	SYS_SETPGID                 = 154
+	SYS_GETPGID                 = 155
+	SYS_GETSID                  = 156
+	SYS_SETSID                  = 157
+	SYS_GETGROUPS               = 158
+	SYS_SETGROUPS               = 159
+	SYS_UNAME                   = 160
+	SYS_SETHOSTNAME             = 161
+	SYS_SETDOMAINNAME           = 162
+	SYS_GETRLIMIT               = 163
+	SYS_SETRLIMIT               = 164
+	SYS_GETRUSAGE               = 165
+	SYS_UMASK                   = 166
+	SYS_PRCTL                   = 167
+	SYS_GETCPU                  = 168
+	SYS_GETTIMEOFDAY            = 169
+	SYS_SETTIMEOFDAY            = 170
+	SYS_ADJTIMEX                = 171
+	SYS_GETPID                  = 172
+	SYS_GETPPID                 = 173
+	SYS_GETUID                  = 174
+	SYS_GETEUID                 = 175
+	SYS_GETGID                  = 176
+	SYS_GETEGID                 = 177
+	SYS_GETTID                  = 178
+	SYS_SYSINFO                 = 179
+	SYS_MQ_OPEN                 = 180
+	SYS_MQ_UNLINK               = 181
+	SYS_MQ_TIMEDSEND            = 182
+	SYS_MQ_TIMEDRECEIVE         = 183
+	SYS_MQ_NOTIFY               = 184
+	SYS_MQ_GETSETATTR           = 185
+	SYS_MSGGET                  = 186
+	SYS_MSGCTL                  = 187
+	SYS_MSGRCV                  = 188
+	SYS_MSGSND                  = 189
+	SYS_SEMGET                  = 190
+	SYS_SEMCTL                  = 191
+	SYS_SEMTIMEDOP              = 192
+	SYS_SEMOP                   = 193
+	SYS_SHMGET                  = 194
+	SYS_SHMCTL                  = 195
+	SYS_SHMAT                   = 196
+	SYS_SHMDT                   = 197
+	SYS_SOCKET                  = 198
+	SYS_SOCKETPAIR              = 199
+	SYS_BIND                    = 200
+	SYS_LISTEN                  = 201
+	SYS_ACCEPT                  = 202
+	SYS_CONNECT                 = 203
+	SYS_GETSOCKNAME             = 204
+	SYS_GETPEERNAME             = 205
+	SYS_SENDTO                  = 206
+	SYS_RECVFROM                = 207
+	SYS_SETSOCKOPT              = 208
+	SYS_GETSOCKOPT              = 209
+	SYS_SHUTDOWN                = 210
+	SYS_SENDMSG                 = 211
+	SYS_RECVMSG                 = 212
+	SYS_READAHEAD               = 213
+	SYS_BRK                     = 214
+	SYS_MUNMAP                  = 215
+	SYS_MREMAP                  = 216
+	SYS_ADD_KEY                 = 217
+	SYS_REQUEST_KEY             = 218
+	SYS_KEYCTL                  = 219
+	SYS_CLONE                   = 220
+	SYS_EXECVE                  = 221
+	SYS_MMAP                    = 222
+	SYS_FADVISE64               = 223
+	SYS_SWAPON                  = 224
+	SYS_SWAPOFF                 = 225
+	SYS_MPROTECT                = 226
+	SYS_MSYNC                   = 227
+	SYS_MLOCK                   = 228
+	SYS_MUNLOCK                 = 229
+	SYS_MLOCKALL                = 230
+	SYS_MUNLOCKALL              = 231
+	SYS_MINCORE                 = 232
+	SYS_MADVISE                 = 233
+	SYS_REMAP_FILE_PAGES        = 234
+	SYS_MBIND                   = 235
+	SYS_GET_MEMPOLICY           = 236
+	SYS_SET_MEMPOLICY           = 237
+	SYS_MIGRATE_PAGES           = 238
+	SYS_MOVE_PAGES              = 239
+	SYS_RT_TGSIGQUEUEINFO       = 240
+	SYS_PERF_EVENT_OPEN         = 241
+	SYS_ACCEPT4                 = 242
+	SYS_RECVMMSG                = 243
+	SYS_ARCH_SPECIFIC_SYSCALL   = 244
+	SYS_WAIT4                   = 260
+	SYS_PRLIMIT64               = 261
+	SYS_FANOTIFY_INIT           = 262
+	SYS_FANOTIFY_MARK           = 263
+	SYS_NAME_TO_HANDLE_AT       = 264
+	SYS_OPEN_BY_HANDLE_AT       = 265
+	SYS_CLOCK_ADJTIME           = 266
+	SYS_SYNCFS                  = 267
+	SYS_SETNS                   = 268
+	SYS_SENDMMSG                = 269
+	SYS_PROCESS_VM_READV        = 270
+	SYS_PROCESS_VM_WRITEV       = 271
+	SYS_KCMP                    = 272
+	SYS_FINIT_MODULE            = 273
+	SYS_SCHED_SETATTR           = 274
+	SYS_SCHED_GETATTR           = 275
+	SYS_RENAMEAT2               = 276
+	SYS_SECCOMP                 = 277
+	SYS_GETRANDOM               = 278
+	SYS_MEMFD_CREATE            = 279
+	SYS_BPF                     = 280
+	SYS_EXECVEAT                = 281
+	SYS_USERFAULTFD             = 282
+	SYS_MEMBARRIER              = 283
+	SYS_MLOCK2                  = 284
+	SYS_COPY_FILE_RANGE         = 285
+	SYS_PREADV2                 = 286
+	SYS_PWRITEV2                = 287
+	SYS_PKEY_MPROTECT           = 288
+	SYS_PKEY_ALLOC              = 289
+	SYS_PKEY_FREE               = 290
+	SYS_STATX                   = 291
+	SYS_IO_PGETEVENTS           = 292
+	SYS_RSEQ                    = 293
+	SYS_KEXEC_FILE_LOAD         = 294
+	SYS_PIDFD_SEND_SIGNAL       = 424
+	SYS_IO_URING_SETUP          = 425
+	SYS_IO_URING_ENTER          = 426
+	SYS_IO_URING_REGISTER       = 427
+	SYS_OPEN_TREE               = 428
+	SYS_MOVE_MOUNT              = 429
+	SYS_FSOPEN                  = 430
+	SYS_FSCONFIG                = 431
+	SYS_FSMOUNT                 = 432
+	SYS_FSPICK                  = 433
+	SYS_PIDFD_OPEN              = 434
+	SYS_CLONE3                  = 435
+	SYS_CLOSE_RANGE             = 436
+	SYS_OPENAT2                 = 437
+	SYS_PIDFD_GETFD             = 438
+	SYS_FACCESSAT2              = 439
+	SYS_PROCESS_MADVISE         = 440
+	SYS_EPOLL_PWAIT2            = 441
+	SYS_MOUNT_SETATTR           = 442
+	SYS_QUOTACTL_FD             = 443
+	SYS_LANDLOCK_CREATE_RULESET = 444
+	SYS_LANDLOCK_ADD_RULE       = 445
+	SYS_LANDLOCK_RESTRICT_SELF  = 446
+)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index c061d6f1d3bb3..3e791e6cd228b 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -1,335 +1,375 @@
-// linux/mksysnum.pl -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build s390x && linux
 // +build s390x,linux
 
 package unix
 
 const (
-	SYS_EXIT                   = 1
-	SYS_FORK                   = 2
-	SYS_READ                   = 3
-	SYS_WRITE                  = 4
-	SYS_OPEN                   = 5
-	SYS_CLOSE                  = 6
-	SYS_RESTART_SYSCALL        = 7
-	SYS_CREAT                  = 8
-	SYS_LINK                   = 9
-	SYS_UNLINK                 = 10
-	SYS_EXECVE                 = 11
-	SYS_CHDIR                  = 12
-	SYS_MKNOD                  = 14
-	SYS_CHMOD                  = 15
-	SYS_LSEEK                  = 19
-	SYS_GETPID                 = 20
-	SYS_MOUNT                  = 21
-	SYS_UMOUNT                 = 22
-	SYS_PTRACE                 = 26
-	SYS_ALARM                  = 27
-	SYS_PAUSE                  = 29
-	SYS_UTIME                  = 30
-	SYS_ACCESS                 = 33
-	SYS_NICE                   = 34
-	SYS_SYNC                   = 36
-	SYS_KILL                   = 37
-	SYS_RENAME                 = 38
-	SYS_MKDIR                  = 39
-	SYS_RMDIR                  = 40
-	SYS_DUP                    = 41
-	SYS_PIPE                   = 42
-	SYS_TIMES                  = 43
-	SYS_BRK                    = 45
-	SYS_SIGNAL                 = 48
-	SYS_ACCT                   = 51
-	SYS_UMOUNT2                = 52
-	SYS_IOCTL                  = 54
-	SYS_FCNTL                  = 55
-	SYS_SETPGID                = 57
-	SYS_UMASK                  = 60
-	SYS_CHROOT                 = 61
-	SYS_USTAT                  = 62
-	SYS_DUP2                   = 63
-	SYS_GETPPID                = 64
-	SYS_GETPGRP                = 65
-	SYS_SETSID                 = 66
-	SYS_SIGACTION              = 67
-	SYS_SIGSUSPEND             = 72
-	SYS_SIGPENDING             = 73
-	SYS_SETHOSTNAME            = 74
-	SYS_SETRLIMIT              = 75
-	SYS_GETRUSAGE              = 77
-	SYS_GETTIMEOFDAY           = 78
-	SYS_SETTIMEOFDAY           = 79
-	SYS_SYMLINK                = 83
-	SYS_READLINK               = 85
-	SYS_USELIB                 = 86
-	SYS_SWAPON                 = 87
-	SYS_REBOOT                 = 88
-	SYS_READDIR                = 89
-	SYS_MMAP                   = 90
-	SYS_MUNMAP                 = 91
-	SYS_TRUNCATE               = 92
-	SYS_FTRUNCATE              = 93
-	SYS_FCHMOD                 = 94
-	SYS_GETPRIORITY            = 96
-	SYS_SETPRIORITY            = 97
-	SYS_STATFS                 = 99
-	SYS_FSTATFS                = 100
-	SYS_SOCKETCALL             = 102
-	SYS_SYSLOG                 = 103
-	SYS_SETITIMER              = 104
-	SYS_GETITIMER              = 105
-	SYS_STAT                   = 106
-	SYS_LSTAT                  = 107
-	SYS_FSTAT                  = 108
-	SYS_LOOKUP_DCOOKIE         = 110
-	SYS_VHANGUP                = 111
-	SYS_IDLE                   = 112
-	SYS_WAIT4                  = 114
-	SYS_SWAPOFF                = 115
-	SYS_SYSINFO                = 116
-	SYS_IPC                    = 117
-	SYS_FSYNC                  = 118
-	SYS_SIGRETURN              = 119
-	SYS_CLONE                  = 120
-	SYS_SETDOMAINNAME          = 121
-	SYS_UNAME                  = 122
-	SYS_ADJTIMEX               = 124
-	SYS_MPROTECT               = 125
-	SYS_SIGPROCMASK            = 126
-	SYS_CREATE_MODULE          = 127
-	SYS_INIT_MODULE            = 128
-	SYS_DELETE_MODULE          = 129
-	SYS_GET_KERNEL_SYMS        = 130
-	SYS_QUOTACTL               = 131
-	SYS_GETPGID                = 132
-	SYS_FCHDIR                 = 133
-	SYS_BDFLUSH                = 134
-	SYS_SYSFS                  = 135
-	SYS_PERSONALITY            = 136
-	SYS_AFS_SYSCALL            = 137
-	SYS_GETDENTS               = 141
-	SYS_SELECT                 = 142
-	SYS_FLOCK                  = 143
-	SYS_MSYNC                  = 144
-	SYS_READV                  = 145
-	SYS_WRITEV                 = 146
-	SYS_GETSID                 = 147
-	SYS_FDATASYNC              = 148
-	SYS__SYSCTL                = 149
-	SYS_MLOCK                  = 150
-	SYS_MUNLOCK                = 151
-	SYS_MLOCKALL               = 152
-	SYS_MUNLOCKALL             = 153
-	SYS_SCHED_SETPARAM         = 154
-	SYS_SCHED_GETPARAM         = 155
-	SYS_SCHED_SETSCHEDULER     = 156
-	SYS_SCHED_GETSCHEDULER     = 157
-	SYS_SCHED_YIELD            = 158
-	SYS_SCHED_GET_PRIORITY_MAX = 159
-	SYS_SCHED_GET_PRIORITY_MIN = 160
-	SYS_SCHED_RR_GET_INTERVAL  = 161
-	SYS_NANOSLEEP              = 162
-	SYS_MREMAP                 = 163
-	SYS_QUERY_MODULE           = 167
-	SYS_POLL                   = 168
-	SYS_NFSSERVCTL             = 169
-	SYS_PRCTL                  = 172
-	SYS_RT_SIGRETURN           = 173
-	SYS_RT_SIGACTION           = 174
-	SYS_RT_SIGPROCMASK         = 175
-	SYS_RT_SIGPENDING          = 176
-	SYS_RT_SIGTIMEDWAIT        = 177
-	SYS_RT_SIGQUEUEINFO        = 178
-	SYS_RT_SIGSUSPEND          = 179
-	SYS_PREAD64                = 180
-	SYS_PWRITE64               = 181
-	SYS_GETCWD                 = 183
-	SYS_CAPGET                 = 184
-	SYS_CAPSET                 = 185
-	SYS_SIGALTSTACK            = 186
-	SYS_SENDFILE               = 187
-	SYS_GETPMSG                = 188
-	SYS_PUTPMSG                = 189
-	SYS_VFORK                  = 190
-	SYS_GETRLIMIT              = 191
-	SYS_LCHOWN                 = 198
-	SYS_GETUID                 = 199
-	SYS_GETGID                 = 200
-	SYS_GETEUID                = 201
-	SYS_GETEGID                = 202
-	SYS_SETREUID               = 203
-	SYS_SETREGID               = 204
-	SYS_GETGROUPS              = 205
-	SYS_SETGROUPS              = 206
-	SYS_FCHOWN                 = 207
-	SYS_SETRESUID              = 208
-	SYS_GETRESUID              = 209
-	SYS_SETRESGID              = 210
-	SYS_GETRESGID              = 211
-	SYS_CHOWN                  = 212
-	SYS_SETUID                 = 213
-	SYS_SETGID                 = 214
-	SYS_SETFSUID               = 215
-	SYS_SETFSGID               = 216
-	SYS_PIVOT_ROOT             = 217
-	SYS_MINCORE                = 218
-	SYS_MADVISE                = 219
-	SYS_GETDENTS64             = 220
-	SYS_READAHEAD              = 222
-	SYS_SETXATTR               = 224
-	SYS_LSETXATTR              = 225
-	SYS_FSETXATTR              = 226
-	SYS_GETXATTR               = 227
-	SYS_LGETXATTR              = 228
-	SYS_FGETXATTR              = 229
-	SYS_LISTXATTR              = 230
-	SYS_LLISTXATTR             = 231
-	SYS_FLISTXATTR             = 232
-	SYS_REMOVEXATTR            = 233
-	SYS_LREMOVEXATTR           = 234
-	SYS_FREMOVEXATTR           = 235
-	SYS_GETTID                 = 236
-	SYS_TKILL                  = 237
-	SYS_FUTEX                  = 238
-	SYS_SCHED_SETAFFINITY      = 239
-	SYS_SCHED_GETAFFINITY      = 240
-	SYS_TGKILL                 = 241
-	SYS_IO_SETUP               = 243
-	SYS_IO_DESTROY             = 244
-	SYS_IO_GETEVENTS           = 245
-	SYS_IO_SUBMIT              = 246
-	SYS_IO_CANCEL              = 247
-	SYS_EXIT_GROUP             = 248
-	SYS_EPOLL_CREATE           = 249
-	SYS_EPOLL_CTL              = 250
-	SYS_EPOLL_WAIT             = 251
-	SYS_SET_TID_ADDRESS        = 252
-	SYS_FADVISE64              = 253
-	SYS_TIMER_CREATE           = 254
-	SYS_TIMER_SETTIME          = 255
-	SYS_TIMER_GETTIME          = 256
-	SYS_TIMER_GETOVERRUN       = 257
-	SYS_TIMER_DELETE           = 258
-	SYS_CLOCK_SETTIME          = 259
-	SYS_CLOCK_GETTIME          = 260
-	SYS_CLOCK_GETRES           = 261
-	SYS_CLOCK_NANOSLEEP        = 262
-	SYS_STATFS64               = 265
-	SYS_FSTATFS64              = 266
-	SYS_REMAP_FILE_PAGES       = 267
-	SYS_MBIND                  = 268
-	SYS_GET_MEMPOLICY          = 269
-	SYS_SET_MEMPOLICY          = 270
-	SYS_MQ_OPEN                = 271
-	SYS_MQ_UNLINK              = 272
-	SYS_MQ_TIMEDSEND           = 273
-	SYS_MQ_TIMEDRECEIVE        = 274
-	SYS_MQ_NOTIFY              = 275
-	SYS_MQ_GETSETATTR          = 276
-	SYS_KEXEC_LOAD             = 277
-	SYS_ADD_KEY                = 278
-	SYS_REQUEST_KEY            = 279
-	SYS_KEYCTL                 = 280
-	SYS_WAITID                 = 281
-	SYS_IOPRIO_SET             = 282
-	SYS_IOPRIO_GET             = 283
-	SYS_INOTIFY_INIT           = 284
-	SYS_INOTIFY_ADD_WATCH      = 285
-	SYS_INOTIFY_RM_WATCH       = 286
-	SYS_MIGRATE_PAGES          = 287
-	SYS_OPENAT                 = 288
-	SYS_MKDIRAT                = 289
-	SYS_MKNODAT                = 290
-	SYS_FCHOWNAT               = 291
-	SYS_FUTIMESAT              = 292
-	SYS_NEWFSTATAT             = 293
-	SYS_UNLINKAT               = 294
-	SYS_RENAMEAT               = 295
-	SYS_LINKAT                 = 296
-	SYS_SYMLINKAT              = 297
-	SYS_READLINKAT             = 298
-	SYS_FCHMODAT               = 299
-	SYS_FACCESSAT              = 300
-	SYS_PSELECT6               = 301
-	SYS_PPOLL                  = 302
-	SYS_UNSHARE                = 303
-	SYS_SET_ROBUST_LIST        = 304
-	SYS_GET_ROBUST_LIST        = 305
-	SYS_SPLICE                 = 306
-	SYS_SYNC_FILE_RANGE        = 307
-	SYS_TEE                    = 308
-	SYS_VMSPLICE               = 309
-	SYS_MOVE_PAGES             = 310
-	SYS_GETCPU                 = 311
-	SYS_EPOLL_PWAIT            = 312
-	SYS_UTIMES                 = 313
-	SYS_FALLOCATE              = 314
-	SYS_UTIMENSAT              = 315
-	SYS_SIGNALFD               = 316
-	SYS_TIMERFD                = 317
-	SYS_EVENTFD                = 318
-	SYS_TIMERFD_CREATE         = 319
-	SYS_TIMERFD_SETTIME        = 320
-	SYS_TIMERFD_GETTIME        = 321
-	SYS_SIGNALFD4              = 322
-	SYS_EVENTFD2               = 323
-	SYS_INOTIFY_INIT1          = 324
-	SYS_PIPE2                  = 325
-	SYS_DUP3                   = 326
-	SYS_EPOLL_CREATE1          = 327
-	SYS_PREADV                 = 328
-	SYS_PWRITEV                = 329
-	SYS_RT_TGSIGQUEUEINFO      = 330
-	SYS_PERF_EVENT_OPEN        = 331
-	SYS_FANOTIFY_INIT          = 332
-	SYS_FANOTIFY_MARK          = 333
-	SYS_PRLIMIT64              = 334
-	SYS_NAME_TO_HANDLE_AT      = 335
-	SYS_OPEN_BY_HANDLE_AT      = 336
-	SYS_CLOCK_ADJTIME          = 337
-	SYS_SYNCFS                 = 338
-	SYS_SETNS                  = 339
-	SYS_PROCESS_VM_READV       = 340
-	SYS_PROCESS_VM_WRITEV      = 341
-	SYS_S390_RUNTIME_INSTR     = 342
-	SYS_KCMP                   = 343
-	SYS_FINIT_MODULE           = 344
-	SYS_SCHED_SETATTR          = 345
-	SYS_SCHED_GETATTR          = 346
-	SYS_RENAMEAT2              = 347
-	SYS_SECCOMP                = 348
-	SYS_GETRANDOM              = 349
-	SYS_MEMFD_CREATE           = 350
-	SYS_BPF                    = 351
-	SYS_S390_PCI_MMIO_WRITE    = 352
-	SYS_S390_PCI_MMIO_READ     = 353
-	SYS_EXECVEAT               = 354
-	SYS_USERFAULTFD            = 355
-	SYS_MEMBARRIER             = 356
-	SYS_RECVMMSG               = 357
-	SYS_SENDMMSG               = 358
-	SYS_SOCKET                 = 359
-	SYS_SOCKETPAIR             = 360
-	SYS_BIND                   = 361
-	SYS_CONNECT                = 362
-	SYS_LISTEN                 = 363
-	SYS_ACCEPT4                = 364
-	SYS_GETSOCKOPT             = 365
-	SYS_SETSOCKOPT             = 366
-	SYS_GETSOCKNAME            = 367
-	SYS_GETPEERNAME            = 368
-	SYS_SENDTO                 = 369
-	SYS_SENDMSG                = 370
-	SYS_RECVFROM               = 371
-	SYS_RECVMSG                = 372
-	SYS_SHUTDOWN               = 373
-	SYS_MLOCK2                 = 374
-	SYS_COPY_FILE_RANGE        = 375
-	SYS_PREADV2                = 376
-	SYS_PWRITEV2               = 377
-	SYS_S390_GUARDED_STORAGE   = 378
-	SYS_STATX                  = 379
-	SYS_S390_STHYI             = 380
-	SYS_KEXEC_FILE_LOAD        = 381
+	SYS_EXIT                    = 1
+	SYS_FORK                    = 2
+	SYS_READ                    = 3
+	SYS_WRITE                   = 4
+	SYS_OPEN                    = 5
+	SYS_CLOSE                   = 6
+	SYS_RESTART_SYSCALL         = 7
+	SYS_CREAT                   = 8
+	SYS_LINK                    = 9
+	SYS_UNLINK                  = 10
+	SYS_EXECVE                  = 11
+	SYS_CHDIR                   = 12
+	SYS_MKNOD                   = 14
+	SYS_CHMOD                   = 15
+	SYS_LSEEK                   = 19
+	SYS_GETPID                  = 20
+	SYS_MOUNT                   = 21
+	SYS_UMOUNT                  = 22
+	SYS_PTRACE                  = 26
+	SYS_ALARM                   = 27
+	SYS_PAUSE                   = 29
+	SYS_UTIME                   = 30
+	SYS_ACCESS                  = 33
+	SYS_NICE                    = 34
+	SYS_SYNC                    = 36
+	SYS_KILL                    = 37
+	SYS_RENAME                  = 38
+	SYS_MKDIR                   = 39
+	SYS_RMDIR                   = 40
+	SYS_DUP                     = 41
+	SYS_PIPE                    = 42
+	SYS_TIMES                   = 43
+	SYS_BRK                     = 45
+	SYS_SIGNAL                  = 48
+	SYS_ACCT                    = 51
+	SYS_UMOUNT2                 = 52
+	SYS_IOCTL                   = 54
+	SYS_FCNTL                   = 55
+	SYS_SETPGID                 = 57
+	SYS_UMASK                   = 60
+	SYS_CHROOT                  = 61
+	SYS_USTAT                   = 62
+	SYS_DUP2                    = 63
+	SYS_GETPPID                 = 64
+	SYS_GETPGRP                 = 65
+	SYS_SETSID                  = 66
+	SYS_SIGACTION               = 67
+	SYS_SIGSUSPEND              = 72
+	SYS_SIGPENDING              = 73
+	SYS_SETHOSTNAME             = 74
+	SYS_SETRLIMIT               = 75
+	SYS_GETRUSAGE               = 77
+	SYS_GETTIMEOFDAY            = 78
+	SYS_SETTIMEOFDAY            = 79
+	SYS_SYMLINK                 = 83
+	SYS_READLINK                = 85
+	SYS_USELIB                  = 86
+	SYS_SWAPON                  = 87
+	SYS_REBOOT                  = 88
+	SYS_READDIR                 = 89
+	SYS_MMAP                    = 90
+	SYS_MUNMAP                  = 91
+	SYS_TRUNCATE                = 92
+	SYS_FTRUNCATE               = 93
+	SYS_FCHMOD                  = 94
+	SYS_GETPRIORITY             = 96
+	SYS_SETPRIORITY             = 97
+	SYS_STATFS                  = 99
+	SYS_FSTATFS                 = 100
+	SYS_SOCKETCALL              = 102
+	SYS_SYSLOG                  = 103
+	SYS_SETITIMER               = 104
+	SYS_GETITIMER               = 105
+	SYS_STAT                    = 106
+	SYS_LSTAT                   = 107
+	SYS_FSTAT                   = 108
+	SYS_LOOKUP_DCOOKIE          = 110
+	SYS_VHANGUP                 = 111
+	SYS_IDLE                    = 112
+	SYS_WAIT4                   = 114
+	SYS_SWAPOFF                 = 115
+	SYS_SYSINFO                 = 116
+	SYS_IPC                     = 117
+	SYS_FSYNC                   = 118
+	SYS_SIGRETURN               = 119
+	SYS_CLONE                   = 120
+	SYS_SETDOMAINNAME           = 121
+	SYS_UNAME                   = 122
+	SYS_ADJTIMEX                = 124
+	SYS_MPROTECT                = 125
+	SYS_SIGPROCMASK             = 126
+	SYS_CREATE_MODULE           = 127
+	SYS_INIT_MODULE             = 128
+	SYS_DELETE_MODULE           = 129
+	SYS_GET_KERNEL_SYMS         = 130
+	SYS_QUOTACTL                = 131
+	SYS_GETPGID                 = 132
+	SYS_FCHDIR                  = 133
+	SYS_BDFLUSH                 = 134
+	SYS_SYSFS                   = 135
+	SYS_PERSONALITY             = 136
+	SYS_AFS_SYSCALL             = 137
+	SYS_GETDENTS                = 141
+	SYS_SELECT                  = 142
+	SYS_FLOCK                   = 143
+	SYS_MSYNC                   = 144
+	SYS_READV                   = 145
+	SYS_WRITEV                  = 146
+	SYS_GETSID                  = 147
+	SYS_FDATASYNC               = 148
+	SYS__SYSCTL                 = 149
+	SYS_MLOCK                   = 150
+	SYS_MUNLOCK                 = 151
+	SYS_MLOCKALL                = 152
+	SYS_MUNLOCKALL              = 153
+	SYS_SCHED_SETPARAM          = 154
+	SYS_SCHED_GETPARAM          = 155
+	SYS_SCHED_SETSCHEDULER      = 156
+	SYS_SCHED_GETSCHEDULER      = 157
+	SYS_SCHED_YIELD             = 158
+	SYS_SCHED_GET_PRIORITY_MAX  = 159
+	SYS_SCHED_GET_PRIORITY_MIN  = 160
+	SYS_SCHED_RR_GET_INTERVAL   = 161
+	SYS_NANOSLEEP               = 162
+	SYS_MREMAP                  = 163
+	SYS_QUERY_MODULE            = 167
+	SYS_POLL                    = 168
+	SYS_NFSSERVCTL              = 169
+	SYS_PRCTL                   = 172
+	SYS_RT_SIGRETURN            = 173
+	SYS_RT_SIGACTION            = 174
+	SYS_RT_SIGPROCMASK          = 175
+	SYS_RT_SIGPENDING           = 176
+	SYS_RT_SIGTIMEDWAIT         = 177
+	SYS_RT_SIGQUEUEINFO         = 178
+	SYS_RT_SIGSUSPEND           = 179
+	SYS_PREAD64                 = 180
+	SYS_PWRITE64                = 181
+	SYS_GETCWD                  = 183
+	SYS_CAPGET                  = 184
+	SYS_CAPSET                  = 185
+	SYS_SIGALTSTACK             = 186
+	SYS_SENDFILE                = 187
+	SYS_GETPMSG                 = 188
+	SYS_PUTPMSG                 = 189
+	SYS_VFORK                   = 190
+	SYS_GETRLIMIT               = 191
+	SYS_LCHOWN                  = 198
+	SYS_GETUID                  = 199
+	SYS_GETGID                  = 200
+	SYS_GETEUID                 = 201
+	SYS_GETEGID                 = 202
+	SYS_SETREUID                = 203
+	SYS_SETREGID                = 204
+	SYS_GETGROUPS               = 205
+	SYS_SETGROUPS               = 206
+	SYS_FCHOWN                  = 207
+	SYS_SETRESUID               = 208
+	SYS_GETRESUID               = 209
+	SYS_SETRESGID               = 210
+	SYS_GETRESGID               = 211
+	SYS_CHOWN                   = 212
+	SYS_SETUID                  = 213
+	SYS_SETGID                  = 214
+	SYS_SETFSUID                = 215
+	SYS_SETFSGID                = 216
+	SYS_PIVOT_ROOT              = 217
+	SYS_MINCORE                 = 218
+	SYS_MADVISE                 = 219
+	SYS_GETDENTS64              = 220
+	SYS_READAHEAD               = 222
+	SYS_SETXATTR                = 224
+	SYS_LSETXATTR               = 225
+	SYS_FSETXATTR               = 226
+	SYS_GETXATTR                = 227
+	SYS_LGETXATTR               = 228
+	SYS_FGETXATTR               = 229
+	SYS_LISTXATTR               = 230
+	SYS_LLISTXATTR              = 231
+	SYS_FLISTXATTR              = 232
+	SYS_REMOVEXATTR             = 233
+	SYS_LREMOVEXATTR            = 234
+	SYS_FREMOVEXATTR            = 235
+	SYS_GETTID                  = 236
+	SYS_TKILL                   = 237
+	SYS_FUTEX                   = 238
+	SYS_SCHED_SETAFFINITY       = 239
+	SYS_SCHED_GETAFFINITY       = 240
+	SYS_TGKILL                  = 241
+	SYS_IO_SETUP                = 243
+	SYS_IO_DESTROY              = 244
+	SYS_IO_GETEVENTS            = 245
+	SYS_IO_SUBMIT               = 246
+	SYS_IO_CANCEL               = 247
+	SYS_EXIT_GROUP              = 248
+	SYS_EPOLL_CREATE            = 249
+	SYS_EPOLL_CTL               = 250
+	SYS_EPOLL_WAIT              = 251
+	SYS_SET_TID_ADDRESS         = 252
+	SYS_FADVISE64               = 253
+	SYS_TIMER_CREATE            = 254
+	SYS_TIMER_SETTIME           = 255
+	SYS_TIMER_GETTIME           = 256
+	SYS_TIMER_GETOVERRUN        = 257
+	SYS_TIMER_DELETE            = 258
+	SYS_CLOCK_SETTIME           = 259
+	SYS_CLOCK_GETTIME           = 260
+	SYS_CLOCK_GETRES            = 261
+	SYS_CLOCK_NANOSLEEP         = 262
+	SYS_STATFS64                = 265
+	SYS_FSTATFS64               = 266
+	SYS_REMAP_FILE_PAGES        = 267
+	SYS_MBIND                   = 268
+	SYS_GET_MEMPOLICY           = 269
+	SYS_SET_MEMPOLICY           = 270
+	SYS_MQ_OPEN                 = 271
+	SYS_MQ_UNLINK               = 272
+	SYS_MQ_TIMEDSEND            = 273
+	SYS_MQ_TIMEDRECEIVE         = 274
+	SYS_MQ_NOTIFY               = 275
+	SYS_MQ_GETSETATTR           = 276
+	SYS_KEXEC_LOAD              = 277
+	SYS_ADD_KEY                 = 278
+	SYS_REQUEST_KEY             = 279
+	SYS_KEYCTL                  = 280
+	SYS_WAITID                  = 281
+	SYS_IOPRIO_SET              = 282
+	SYS_IOPRIO_GET              = 283
+	SYS_INOTIFY_INIT            = 284
+	SYS_INOTIFY_ADD_WATCH       = 285
+	SYS_INOTIFY_RM_WATCH        = 286
+	SYS_MIGRATE_PAGES           = 287
+	SYS_OPENAT                  = 288
+	SYS_MKDIRAT                 = 289
+	SYS_MKNODAT                 = 290
+	SYS_FCHOWNAT                = 291
+	SYS_FUTIMESAT               = 292
+	SYS_NEWFSTATAT              = 293
+	SYS_UNLINKAT                = 294
+	SYS_RENAMEAT                = 295
+	SYS_LINKAT                  = 296
+	SYS_SYMLINKAT               = 297
+	SYS_READLINKAT              = 298
+	SYS_FCHMODAT                = 299
+	SYS_FACCESSAT               = 300
+	SYS_PSELECT6                = 301
+	SYS_PPOLL                   = 302
+	SYS_UNSHARE                 = 303
+	SYS_SET_ROBUST_LIST         = 304
+	SYS_GET_ROBUST_LIST         = 305
+	SYS_SPLICE                  = 306
+	SYS_SYNC_FILE_RANGE         = 307
+	SYS_TEE                     = 308
+	SYS_VMSPLICE                = 309
+	SYS_MOVE_PAGES              = 310
+	SYS_GETCPU                  = 311
+	SYS_EPOLL_PWAIT             = 312
+	SYS_UTIMES                  = 313
+	SYS_FALLOCATE               = 314
+	SYS_UTIMENSAT               = 315
+	SYS_SIGNALFD                = 316
+	SYS_TIMERFD                 = 317
+	SYS_EVENTFD                 = 318
+	SYS_TIMERFD_CREATE          = 319
+	SYS_TIMERFD_SETTIME         = 320
+	SYS_TIMERFD_GETTIME         = 321
+	SYS_SIGNALFD4               = 322
+	SYS_EVENTFD2                = 323
+	SYS_INOTIFY_INIT1           = 324
+	SYS_PIPE2                   = 325
+	SYS_DUP3                    = 326
+	SYS_EPOLL_CREATE1           = 327
+	SYS_PREADV                  = 328
+	SYS_PWRITEV                 = 329
+	SYS_RT_TGSIGQUEUEINFO       = 330
+	SYS_PERF_EVENT_OPEN         = 331
+	SYS_FANOTIFY_INIT           = 332
+	SYS_FANOTIFY_MARK           = 333
+	SYS_PRLIMIT64               = 334
+	SYS_NAME_TO_HANDLE_AT       = 335
+	SYS_OPEN_BY_HANDLE_AT       = 336
+	SYS_CLOCK_ADJTIME           = 337
+	SYS_SYNCFS                  = 338
+	SYS_SETNS                   = 339
+	SYS_PROCESS_VM_READV        = 340
+	SYS_PROCESS_VM_WRITEV       = 341
+	SYS_S390_RUNTIME_INSTR      = 342
+	SYS_KCMP                    = 343
+	SYS_FINIT_MODULE            = 344
+	SYS_SCHED_SETATTR           = 345
+	SYS_SCHED_GETATTR           = 346
+	SYS_RENAMEAT2               = 347
+	SYS_SECCOMP                 = 348
+	SYS_GETRANDOM               = 349
+	SYS_MEMFD_CREATE            = 350
+	SYS_BPF                     = 351
+	SYS_S390_PCI_MMIO_WRITE     = 352
+	SYS_S390_PCI_MMIO_READ      = 353
+	SYS_EXECVEAT                = 354
+	SYS_USERFAULTFD             = 355
+	SYS_MEMBARRIER              = 356
+	SYS_RECVMMSG                = 357
+	SYS_SENDMMSG                = 358
+	SYS_SOCKET                  = 359
+	SYS_SOCKETPAIR              = 360
+	SYS_BIND                    = 361
+	SYS_CONNECT                 = 362
+	SYS_LISTEN                  = 363
+	SYS_ACCEPT4                 = 364
+	SYS_GETSOCKOPT              = 365
+	SYS_SETSOCKOPT              = 366
+	SYS_GETSOCKNAME             = 367
+	SYS_GETPEERNAME             = 368
+	SYS_SENDTO                  = 369
+	SYS_SENDMSG                 = 370
+	SYS_RECVFROM                = 371
+	SYS_RECVMSG                 = 372
+	SYS_SHUTDOWN                = 373
+	SYS_MLOCK2                  = 374
+	SYS_COPY_FILE_RANGE         = 375
+	SYS_PREADV2                 = 376
+	SYS_PWRITEV2                = 377
+	SYS_S390_GUARDED_STORAGE    = 378
+	SYS_STATX                   = 379
+	SYS_S390_STHYI              = 380
+	SYS_KEXEC_FILE_LOAD         = 381
+	SYS_IO_PGETEVENTS           = 382
+	SYS_RSEQ                    = 383
+	SYS_PKEY_MPROTECT           = 384
+	SYS_PKEY_ALLOC              = 385
+	SYS_PKEY_FREE               = 386
+	SYS_SEMTIMEDOP              = 392
+	SYS_SEMGET                  = 393
+	SYS_SEMCTL                  = 394
+	SYS_SHMGET                  = 395
+	SYS_SHMCTL                  = 396
+	SYS_SHMAT                   = 397
+	SYS_SHMDT                   = 398
+	SYS_MSGGET                  = 399
+	SYS_MSGSND                  = 400
+	SYS_MSGRCV                  = 401
+	SYS_MSGCTL                  = 402
+	SYS_PIDFD_SEND_SIGNAL       = 424
+	SYS_IO_URING_SETUP          = 425
+	SYS_IO_URING_ENTER          = 426
+	SYS_IO_URING_REGISTER       = 427
+	SYS_OPEN_TREE               = 428
+	SYS_MOVE_MOUNT              = 429
+	SYS_FSOPEN                  = 430
+	SYS_FSCONFIG                = 431
+	SYS_FSMOUNT                 = 432
+	SYS_FSPICK                  = 433
+	SYS_PIDFD_OPEN              = 434
+	SYS_CLONE3                  = 435
+	SYS_CLOSE_RANGE             = 436
+	SYS_OPENAT2                 = 437
+	SYS_PIDFD_GETFD             = 438
+	SYS_FACCESSAT2              = 439
+	SYS_PROCESS_MADVISE         = 440
+	SYS_EPOLL_PWAIT2            = 441
+	SYS_MOUNT_SETATTR           = 442
+	SYS_QUOTACTL_FD             = 443
+	SYS_LANDLOCK_CREATE_RULESET = 444
+	SYS_LANDLOCK_ADD_RULE       = 445
+	SYS_LANDLOCK_RESTRICT_SELF  = 446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 2d099367215c8..78802a5cf7cd6 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -1,348 +1,389 @@
-// mksysnum_linux.pl -Ilinux/usr/include -m64 -D__arch64__ linux/usr/include/asm/unistd.h
-// Code generated by the command above; DO NOT EDIT.
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build sparc64 && linux
 // +build sparc64,linux
 
 package unix
 
 const (
-	SYS_RESTART_SYSCALL        = 0
-	SYS_EXIT                   = 1
-	SYS_FORK                   = 2
-	SYS_READ                   = 3
-	SYS_WRITE                  = 4
-	SYS_OPEN                   = 5
-	SYS_CLOSE                  = 6
-	SYS_WAIT4                  = 7
-	SYS_CREAT                  = 8
-	SYS_LINK                   = 9
-	SYS_UNLINK                 = 10
-	SYS_EXECV                  = 11
-	SYS_CHDIR                  = 12
-	SYS_CHOWN                  = 13
-	SYS_MKNOD                  = 14
-	SYS_CHMOD                  = 15
-	SYS_LCHOWN                 = 16
-	SYS_BRK                    = 17
-	SYS_PERFCTR                = 18
-	SYS_LSEEK                  = 19
-	SYS_GETPID                 = 20
-	SYS_CAPGET                 = 21
-	SYS_CAPSET                 = 22
-	SYS_SETUID                 = 23
-	SYS_GETUID                 = 24
-	SYS_VMSPLICE               = 25
-	SYS_PTRACE                 = 26
-	SYS_ALARM                  = 27
-	SYS_SIGALTSTACK            = 28
-	SYS_PAUSE                  = 29
-	SYS_UTIME                  = 30
-	SYS_ACCESS                 = 33
-	SYS_NICE                   = 34
-	SYS_SYNC                   = 36
-	SYS_KILL                   = 37
-	SYS_STAT                   = 38
-	SYS_SENDFILE               = 39
-	SYS_LSTAT                  = 40
-	SYS_DUP                    = 41
-	SYS_PIPE                   = 42
-	SYS_TIMES                  = 43
-	SYS_UMOUNT2                = 45
-	SYS_SETGID                 = 46
-	SYS_GETGID                 = 47
-	SYS_SIGNAL                 = 48
-	SYS_GETEUID                = 49
-	SYS_GETEGID                = 50
-	SYS_ACCT                   = 51
-	SYS_MEMORY_ORDERING        = 52
-	SYS_IOCTL                  = 54
-	SYS_REBOOT                 = 55
-	SYS_SYMLINK                = 57
-	SYS_READLINK               = 58
-	SYS_EXECVE                 = 59
-	SYS_UMASK                  = 60
-	SYS_CHROOT                 = 61
-	SYS_FSTAT                  = 62
-	SYS_FSTAT64                = 63
-	SYS_GETPAGESIZE            = 64
-	SYS_MSYNC                  = 65
-	SYS_VFORK                  = 66
-	SYS_PREAD64                = 67
-	SYS_PWRITE64               = 68
-	SYS_MMAP                   = 71
-	SYS_MUNMAP                 = 73
-	SYS_MPROTECT               = 74
-	SYS_MADVISE                = 75
-	SYS_VHANGUP                = 76
-	SYS_MINCORE                = 78
-	SYS_GETGROUPS              = 79
-	SYS_SETGROUPS              = 80
-	SYS_GETPGRP                = 81
-	SYS_SETITIMER              = 83
-	SYS_SWAPON                 = 85
-	SYS_GETITIMER              = 86
-	SYS_SETHOSTNAME            = 88
-	SYS_DUP2                   = 90
-	SYS_FCNTL                  = 92
-	SYS_SELECT                 = 93
-	SYS_FSYNC                  = 95
-	SYS_SETPRIORITY            = 96
-	SYS_SOCKET                 = 97
-	SYS_CONNECT                = 98
-	SYS_ACCEPT                 = 99
-	SYS_GETPRIORITY            = 100
-	SYS_RT_SIGRETURN           = 101
-	SYS_RT_SIGACTION           = 102
-	SYS_RT_SIGPROCMASK         = 103
-	SYS_RT_SIGPENDING          = 104
-	SYS_RT_SIGTIMEDWAIT        = 105
-	SYS_RT_SIGQUEUEINFO        = 106
-	SYS_RT_SIGSUSPEND          = 107
-	SYS_SETRESUID              = 108
-	SYS_GETRESUID              = 109
-	SYS_SETRESGID              = 110
-	SYS_GETRESGID              = 111
-	SYS_RECVMSG                = 113
-	SYS_SENDMSG                = 114
-	SYS_GETTIMEOFDAY           = 116
-	SYS_GETRUSAGE              = 117
-	SYS_GETSOCKOPT             = 118
-	SYS_GETCWD                 = 119
-	SYS_READV                  = 120
-	SYS_WRITEV                 = 121
-	SYS_SETTIMEOFDAY           = 122
-	SYS_FCHOWN                 = 123
-	SYS_FCHMOD                 = 124
-	SYS_RECVFROM               = 125
-	SYS_SETREUID               = 126
-	SYS_SETREGID               = 127
-	SYS_RENAME                 = 128
-	SYS_TRUNCATE               = 129
-	SYS_FTRUNCATE              = 130
-	SYS_FLOCK                  = 131
-	SYS_LSTAT64                = 132
-	SYS_SENDTO                 = 133
-	SYS_SHUTDOWN               = 134
-	SYS_SOCKETPAIR             = 135
-	SYS_MKDIR                  = 136
-	SYS_RMDIR                  = 137
-	SYS_UTIMES                 = 138
-	SYS_STAT64                 = 139
-	SYS_SENDFILE64             = 140
-	SYS_GETPEERNAME            = 141
-	SYS_FUTEX                  = 142
-	SYS_GETTID                 = 143
-	SYS_GETRLIMIT              = 144
-	SYS_SETRLIMIT              = 145
-	SYS_PIVOT_ROOT             = 146
-	SYS_PRCTL                  = 147
-	SYS_PCICONFIG_READ         = 148
-	SYS_PCICONFIG_WRITE        = 149
-	SYS_GETSOCKNAME            = 150
-	SYS_INOTIFY_INIT           = 151
-	SYS_INOTIFY_ADD_WATCH      = 152
-	SYS_POLL                   = 153
-	SYS_GETDENTS64             = 154
-	SYS_INOTIFY_RM_WATCH       = 156
-	SYS_STATFS                 = 157
-	SYS_FSTATFS                = 158
-	SYS_UMOUNT                 = 159
-	SYS_SCHED_SET_AFFINITY     = 160
-	SYS_SCHED_GET_AFFINITY     = 161
-	SYS_GETDOMAINNAME          = 162
-	SYS_SETDOMAINNAME          = 163
-	SYS_UTRAP_INSTALL          = 164
-	SYS_QUOTACTL               = 165
-	SYS_SET_TID_ADDRESS        = 166
-	SYS_MOUNT                  = 167
-	SYS_USTAT                  = 168
-	SYS_SETXATTR               = 169
-	SYS_LSETXATTR              = 170
-	SYS_FSETXATTR              = 171
-	SYS_GETXATTR               = 172
-	SYS_LGETXATTR              = 173
-	SYS_GETDENTS               = 174
-	SYS_SETSID                 = 175
-	SYS_FCHDIR                 = 176
-	SYS_FGETXATTR              = 177
-	SYS_LISTXATTR              = 178
-	SYS_LLISTXATTR             = 179
-	SYS_FLISTXATTR             = 180
-	SYS_REMOVEXATTR            = 181
-	SYS_LREMOVEXATTR           = 182
-	SYS_SIGPENDING             = 183
-	SYS_QUERY_MODULE           = 184
-	SYS_SETPGID                = 185
-	SYS_FREMOVEXATTR           = 186
-	SYS_TKILL                  = 187
-	SYS_EXIT_GROUP             = 188
-	SYS_UNAME                  = 189
-	SYS_INIT_MODULE            = 190
-	SYS_PERSONALITY            = 191
-	SYS_REMAP_FILE_PAGES       = 192
-	SYS_EPOLL_CREATE           = 193
-	SYS_EPOLL_CTL              = 194
-	SYS_EPOLL_WAIT             = 195
-	SYS_IOPRIO_SET             = 196
-	SYS_GETPPID                = 197
-	SYS_SIGACTION              = 198
-	SYS_SGETMASK               = 199
-	SYS_SSETMASK               = 200
-	SYS_SIGSUSPEND             = 201
-	SYS_OLDLSTAT               = 202
-	SYS_USELIB                 = 203
-	SYS_READDIR                = 204
-	SYS_READAHEAD              = 205
-	SYS_SOCKETCALL             = 206
-	SYS_SYSLOG                 = 207
-	SYS_LOOKUP_DCOOKIE         = 208
-	SYS_FADVISE64              = 209
-	SYS_FADVISE64_64           = 210
-	SYS_TGKILL                 = 211
-	SYS_WAITPID                = 212
-	SYS_SWAPOFF                = 213
-	SYS_SYSINFO                = 214
-	SYS_IPC                    = 215
-	SYS_SIGRETURN              = 216
-	SYS_CLONE                  = 217
-	SYS_IOPRIO_GET             = 218
-	SYS_ADJTIMEX               = 219
-	SYS_SIGPROCMASK            = 220
-	SYS_CREATE_MODULE          = 221
-	SYS_DELETE_MODULE          = 222
-	SYS_GET_KERNEL_SYMS        = 223
-	SYS_GETPGID                = 224
-	SYS_BDFLUSH                = 225
-	SYS_SYSFS                  = 226
-	SYS_AFS_SYSCALL            = 227
-	SYS_SETFSUID               = 228
-	SYS_SETFSGID               = 229
-	SYS__NEWSELECT             = 230
-	SYS_SPLICE                 = 232
-	SYS_STIME                  = 233
-	SYS_STATFS64               = 234
-	SYS_FSTATFS64              = 235
-	SYS__LLSEEK                = 236
-	SYS_MLOCK                  = 237
-	SYS_MUNLOCK                = 238
-	SYS_MLOCKALL               = 239
-	SYS_MUNLOCKALL             = 240
-	SYS_SCHED_SETPARAM         = 241
-	SYS_SCHED_GETPARAM         = 242
-	SYS_SCHED_SETSCHEDULER     = 243
-	SYS_SCHED_GETSCHEDULER     = 244
-	SYS_SCHED_YIELD            = 245
-	SYS_SCHED_GET_PRIORITY_MAX = 246
-	SYS_SCHED_GET_PRIORITY_MIN = 247
-	SYS_SCHED_RR_GET_INTERVAL  = 248
-	SYS_NANOSLEEP              = 249
-	SYS_MREMAP                 = 250
-	SYS__SYSCTL                = 251
-	SYS_GETSID                 = 252
-	SYS_FDATASYNC              = 253
-	SYS_NFSSERVCTL             = 254
-	SYS_SYNC_FILE_RANGE        = 255
-	SYS_CLOCK_SETTIME          = 256
-	SYS_CLOCK_GETTIME          = 257
-	SYS_CLOCK_GETRES           = 258
-	SYS_CLOCK_NANOSLEEP        = 259
-	SYS_SCHED_GETAFFINITY      = 260
-	SYS_SCHED_SETAFFINITY      = 261
-	SYS_TIMER_SETTIME          = 262
-	SYS_TIMER_GETTIME          = 263
-	SYS_TIMER_GETOVERRUN       = 264
-	SYS_TIMER_DELETE           = 265
-	SYS_TIMER_CREATE           = 266
-	SYS_IO_SETUP               = 268
-	SYS_IO_DESTROY             = 269
-	SYS_IO_SUBMIT              = 270
-	SYS_IO_CANCEL              = 271
-	SYS_IO_GETEVENTS           = 272
-	SYS_MQ_OPEN                = 273
-	SYS_MQ_UNLINK              = 274
-	SYS_MQ_TIMEDSEND           = 275
-	SYS_MQ_TIMEDRECEIVE        = 276
-	SYS_MQ_NOTIFY              = 277
-	SYS_MQ_GETSETATTR          = 278
-	SYS_WAITID                 = 279
-	SYS_TEE                    = 280
-	SYS_ADD_KEY                = 281
-	SYS_REQUEST_KEY            = 282
-	SYS_KEYCTL                 = 283
-	SYS_OPENAT                 = 284
-	SYS_MKDIRAT                = 285
-	SYS_MKNODAT                = 286
-	SYS_FCHOWNAT               = 287
-	SYS_FUTIMESAT              = 288
-	SYS_FSTATAT64              = 289
-	SYS_UNLINKAT               = 290
-	SYS_RENAMEAT               = 291
-	SYS_LINKAT                 = 292
-	SYS_SYMLINKAT              = 293
-	SYS_READLINKAT             = 294
-	SYS_FCHMODAT               = 295
-	SYS_FACCESSAT              = 296
-	SYS_PSELECT6               = 297
-	SYS_PPOLL                  = 298
-	SYS_UNSHARE                = 299
-	SYS_SET_ROBUST_LIST        = 300
-	SYS_GET_ROBUST_LIST        = 301
-	SYS_MIGRATE_PAGES          = 302
-	SYS_MBIND                  = 303
-	SYS_GET_MEMPOLICY          = 304
-	SYS_SET_MEMPOLICY          = 305
-	SYS_KEXEC_LOAD             = 306
-	SYS_MOVE_PAGES             = 307
-	SYS_GETCPU                 = 308
-	SYS_EPOLL_PWAIT            = 309
-	SYS_UTIMENSAT              = 310
-	SYS_SIGNALFD               = 311
-	SYS_TIMERFD_CREATE         = 312
-	SYS_EVENTFD                = 313
-	SYS_FALLOCATE              = 314
-	SYS_TIMERFD_SETTIME        = 315
-	SYS_TIMERFD_GETTIME        = 316
-	SYS_SIGNALFD4              = 317
-	SYS_EVENTFD2               = 318
-	SYS_EPOLL_CREATE1          = 319
-	SYS_DUP3                   = 320
-	SYS_PIPE2                  = 321
-	SYS_INOTIFY_INIT1          = 322
-	SYS_ACCEPT4                = 323
-	SYS_PREADV                 = 324
-	SYS_PWRITEV                = 325
-	SYS_RT_TGSIGQUEUEINFO      = 326
-	SYS_PERF_EVENT_OPEN        = 327
-	SYS_RECVMMSG               = 328
-	SYS_FANOTIFY_INIT          = 329
-	SYS_FANOTIFY_MARK          = 330
-	SYS_PRLIMIT64              = 331
-	SYS_NAME_TO_HANDLE_AT      = 332
-	SYS_OPEN_BY_HANDLE_AT      = 333
-	SYS_CLOCK_ADJTIME          = 334
-	SYS_SYNCFS                 = 335
-	SYS_SENDMMSG               = 336
-	SYS_SETNS                  = 337
-	SYS_PROCESS_VM_READV       = 338
-	SYS_PROCESS_VM_WRITEV      = 339
-	SYS_KERN_FEATURES          = 340
-	SYS_KCMP                   = 341
-	SYS_FINIT_MODULE           = 342
-	SYS_SCHED_SETATTR          = 343
-	SYS_SCHED_GETATTR          = 344
-	SYS_RENAMEAT2              = 345
-	SYS_SECCOMP                = 346
-	SYS_GETRANDOM              = 347
-	SYS_MEMFD_CREATE           = 348
-	SYS_BPF                    = 349
-	SYS_EXECVEAT               = 350
-	SYS_MEMBARRIER             = 351
-	SYS_USERFAULTFD            = 352
-	SYS_BIND                   = 353
-	SYS_LISTEN                 = 354
-	SYS_SETSOCKOPT             = 355
-	SYS_MLOCK2                 = 356
-	SYS_COPY_FILE_RANGE        = 357
-	SYS_PREADV2                = 358
-	SYS_PWRITEV2               = 359
+	SYS_RESTART_SYSCALL         = 0
+	SYS_EXIT                    = 1
+	SYS_FORK                    = 2
+	SYS_READ                    = 3
+	SYS_WRITE                   = 4
+	SYS_OPEN                    = 5
+	SYS_CLOSE                   = 6
+	SYS_WAIT4                   = 7
+	SYS_CREAT                   = 8
+	SYS_LINK                    = 9
+	SYS_UNLINK                  = 10
+	SYS_EXECV                   = 11
+	SYS_CHDIR                   = 12
+	SYS_CHOWN                   = 13
+	SYS_MKNOD                   = 14
+	SYS_CHMOD                   = 15
+	SYS_LCHOWN                  = 16
+	SYS_BRK                     = 17
+	SYS_PERFCTR                 = 18
+	SYS_LSEEK                   = 19
+	SYS_GETPID                  = 20
+	SYS_CAPGET                  = 21
+	SYS_CAPSET                  = 22
+	SYS_SETUID                  = 23
+	SYS_GETUID                  = 24
+	SYS_VMSPLICE                = 25
+	SYS_PTRACE                  = 26
+	SYS_ALARM                   = 27
+	SYS_SIGALTSTACK             = 28
+	SYS_PAUSE                   = 29
+	SYS_UTIME                   = 30
+	SYS_ACCESS                  = 33
+	SYS_NICE                    = 34
+	SYS_SYNC                    = 36
+	SYS_KILL                    = 37
+	SYS_STAT                    = 38
+	SYS_SENDFILE                = 39
+	SYS_LSTAT                   = 40
+	SYS_DUP                     = 41
+	SYS_PIPE                    = 42
+	SYS_TIMES                   = 43
+	SYS_UMOUNT2                 = 45
+	SYS_SETGID                  = 46
+	SYS_GETGID                  = 47
+	SYS_SIGNAL                  = 48
+	SYS_GETEUID                 = 49
+	SYS_GETEGID                 = 50
+	SYS_ACCT                    = 51
+	SYS_MEMORY_ORDERING         = 52
+	SYS_IOCTL                   = 54
+	SYS_REBOOT                  = 55
+	SYS_SYMLINK                 = 57
+	SYS_READLINK                = 58
+	SYS_EXECVE                  = 59
+	SYS_UMASK                   = 60
+	SYS_CHROOT                  = 61
+	SYS_FSTAT                   = 62
+	SYS_FSTAT64                 = 63
+	SYS_GETPAGESIZE             = 64
+	SYS_MSYNC                   = 65
+	SYS_VFORK                   = 66
+	SYS_PREAD64                 = 67
+	SYS_PWRITE64                = 68
+	SYS_MMAP                    = 71
+	SYS_MUNMAP                  = 73
+	SYS_MPROTECT                = 74
+	SYS_MADVISE                 = 75
+	SYS_VHANGUP                 = 76
+	SYS_MINCORE                 = 78
+	SYS_GETGROUPS               = 79
+	SYS_SETGROUPS               = 80
+	SYS_GETPGRP                 = 81
+	SYS_SETITIMER               = 83
+	SYS_SWAPON                  = 85
+	SYS_GETITIMER               = 86
+	SYS_SETHOSTNAME             = 88
+	SYS_DUP2                    = 90
+	SYS_FCNTL                   = 92
+	SYS_SELECT                  = 93
+	SYS_FSYNC                   = 95
+	SYS_SETPRIORITY             = 96
+	SYS_SOCKET                  = 97
+	SYS_CONNECT                 = 98
+	SYS_ACCEPT                  = 99
+	SYS_GETPRIORITY             = 100
+	SYS_RT_SIGRETURN            = 101
+	SYS_RT_SIGACTION            = 102
+	SYS_RT_SIGPROCMASK          = 103
+	SYS_RT_SIGPENDING           = 104
+	SYS_RT_SIGTIMEDWAIT         = 105
+	SYS_RT_SIGQUEUEINFO         = 106
+	SYS_RT_SIGSUSPEND           = 107
+	SYS_SETRESUID               = 108
+	SYS_GETRESUID               = 109
+	SYS_SETRESGID               = 110
+	SYS_GETRESGID               = 111
+	SYS_RECVMSG                 = 113
+	SYS_SENDMSG                 = 114
+	SYS_GETTIMEOFDAY            = 116
+	SYS_GETRUSAGE               = 117
+	SYS_GETSOCKOPT              = 118
+	SYS_GETCWD                  = 119
+	SYS_READV                   = 120
+	SYS_WRITEV                  = 121
+	SYS_SETTIMEOFDAY            = 122
+	SYS_FCHOWN                  = 123
+	SYS_FCHMOD                  = 124
+	SYS_RECVFROM                = 125
+	SYS_SETREUID                = 126
+	SYS_SETREGID                = 127
+	SYS_RENAME                  = 128
+	SYS_TRUNCATE                = 129
+	SYS_FTRUNCATE               = 130
+	SYS_FLOCK                   = 131
+	SYS_LSTAT64                 = 132
+	SYS_SENDTO                  = 133
+	SYS_SHUTDOWN                = 134
+	SYS_SOCKETPAIR              = 135
+	SYS_MKDIR                   = 136
+	SYS_RMDIR                   = 137
+	SYS_UTIMES                  = 138
+	SYS_STAT64                  = 139
+	SYS_SENDFILE64              = 140
+	SYS_GETPEERNAME             = 141
+	SYS_FUTEX                   = 142
+	SYS_GETTID                  = 143
+	SYS_GETRLIMIT               = 144
+	SYS_SETRLIMIT               = 145
+	SYS_PIVOT_ROOT              = 146
+	SYS_PRCTL                   = 147
+	SYS_PCICONFIG_READ          = 148
+	SYS_PCICONFIG_WRITE         = 149
+	SYS_GETSOCKNAME             = 150
+	SYS_INOTIFY_INIT            = 151
+	SYS_INOTIFY_ADD_WATCH       = 152
+	SYS_POLL                    = 153
+	SYS_GETDENTS64              = 154
+	SYS_INOTIFY_RM_WATCH        = 156
+	SYS_STATFS                  = 157
+	SYS_FSTATFS                 = 158
+	SYS_UMOUNT                  = 159
+	SYS_SCHED_SET_AFFINITY      = 160
+	SYS_SCHED_GET_AFFINITY      = 161
+	SYS_GETDOMAINNAME           = 162
+	SYS_SETDOMAINNAME           = 163
+	SYS_UTRAP_INSTALL           = 164
+	SYS_QUOTACTL                = 165
+	SYS_SET_TID_ADDRESS         = 166
+	SYS_MOUNT                   = 167
+	SYS_USTAT                   = 168
+	SYS_SETXATTR                = 169
+	SYS_LSETXATTR               = 170
+	SYS_FSETXATTR               = 171
+	SYS_GETXATTR                = 172
+	SYS_LGETXATTR               = 173
+	SYS_GETDENTS                = 174
+	SYS_SETSID                  = 175
+	SYS_FCHDIR                  = 176
+	SYS_FGETXATTR               = 177
+	SYS_LISTXATTR               = 178
+	SYS_LLISTXATTR              = 179
+	SYS_FLISTXATTR              = 180
+	SYS_REMOVEXATTR             = 181
+	SYS_LREMOVEXATTR            = 182
+	SYS_SIGPENDING              = 183
+	SYS_QUERY_MODULE            = 184
+	SYS_SETPGID                 = 185
+	SYS_FREMOVEXATTR            = 186
+	SYS_TKILL                   = 187
+	SYS_EXIT_GROUP              = 188
+	SYS_UNAME                   = 189
+	SYS_INIT_MODULE             = 190
+	SYS_PERSONALITY             = 191
+	SYS_REMAP_FILE_PAGES        = 192
+	SYS_EPOLL_CREATE            = 193
+	SYS_EPOLL_CTL               = 194
+	SYS_EPOLL_WAIT              = 195
+	SYS_IOPRIO_SET              = 196
+	SYS_GETPPID                 = 197
+	SYS_SIGACTION               = 198
+	SYS_SGETMASK                = 199
+	SYS_SSETMASK                = 200
+	SYS_SIGSUSPEND              = 201
+	SYS_OLDLSTAT                = 202
+	SYS_USELIB                  = 203
+	SYS_READDIR                 = 204
+	SYS_READAHEAD               = 205
+	SYS_SOCKETCALL              = 206
+	SYS_SYSLOG                  = 207
+	SYS_LOOKUP_DCOOKIE          = 208
+	SYS_FADVISE64               = 209
+	SYS_FADVISE64_64            = 210
+	SYS_TGKILL                  = 211
+	SYS_WAITPID                 = 212
+	SYS_SWAPOFF                 = 213
+	SYS_SYSINFO                 = 214
+	SYS_IPC                     = 215
+	SYS_SIGRETURN               = 216
+	SYS_CLONE                   = 217
+	SYS_IOPRIO_GET              = 218
+	SYS_ADJTIMEX                = 219
+	SYS_SIGPROCMASK             = 220
+	SYS_CREATE_MODULE           = 221
+	SYS_DELETE_MODULE           = 222
+	SYS_GET_KERNEL_SYMS         = 223
+	SYS_GETPGID                 = 224
+	SYS_BDFLUSH                 = 225
+	SYS_SYSFS                   = 226
+	SYS_AFS_SYSCALL             = 227
+	SYS_SETFSUID                = 228
+	SYS_SETFSGID                = 229
+	SYS__NEWSELECT              = 230
+	SYS_SPLICE                  = 232
+	SYS_STIME                   = 233
+	SYS_STATFS64                = 234
+	SYS_FSTATFS64               = 235
+	SYS__LLSEEK                 = 236
+	SYS_MLOCK                   = 237
+	SYS_MUNLOCK                 = 238
+	SYS_MLOCKALL                = 239
+	SYS_MUNLOCKALL              = 240
+	SYS_SCHED_SETPARAM          = 241
+	SYS_SCHED_GETPARAM          = 242
+	SYS_SCHED_SETSCHEDULER      = 243
+	SYS_SCHED_GETSCHEDULER      = 244
+	SYS_SCHED_YIELD             = 245
+	SYS_SCHED_GET_PRIORITY_MAX  = 246
+	SYS_SCHED_GET_PRIORITY_MIN  = 247
+	SYS_SCHED_RR_GET_INTERVAL   = 248
+	SYS_NANOSLEEP               = 249
+	SYS_MREMAP                  = 250
+	SYS__SYSCTL                 = 251
+	SYS_GETSID                  = 252
+	SYS_FDATASYNC               = 253
+	SYS_NFSSERVCTL              = 254
+	SYS_SYNC_FILE_RANGE         = 255
+	SYS_CLOCK_SETTIME           = 256
+	SYS_CLOCK_GETTIME           = 257
+	SYS_CLOCK_GETRES            = 258
+	SYS_CLOCK_NANOSLEEP         = 259
+	SYS_SCHED_GETAFFINITY       = 260
+	SYS_SCHED_SETAFFINITY       = 261
+	SYS_TIMER_SETTIME           = 262
+	SYS_TIMER_GETTIME           = 263
+	SYS_TIMER_GETOVERRUN        = 264
+	SYS_TIMER_DELETE            = 265
+	SYS_TIMER_CREATE            = 266
+	SYS_VSERVER                 = 267
+	SYS_IO_SETUP                = 268
+	SYS_IO_DESTROY              = 269
+	SYS_IO_SUBMIT               = 270
+	SYS_IO_CANCEL               = 271
+	SYS_IO_GETEVENTS            = 272
+	SYS_MQ_OPEN                 = 273
+	SYS_MQ_UNLINK               = 274
+	SYS_MQ_TIMEDSEND            = 275
+	SYS_MQ_TIMEDRECEIVE         = 276
+	SYS_MQ_NOTIFY               = 277
+	SYS_MQ_GETSETATTR           = 278
+	SYS_WAITID                  = 279
+	SYS_TEE                     = 280
+	SYS_ADD_KEY                 = 281
+	SYS_REQUEST_KEY             = 282
+	SYS_KEYCTL                  = 283
+	SYS_OPENAT                  = 284
+	SYS_MKDIRAT                 = 285
+	SYS_MKNODAT                 = 286
+	SYS_FCHOWNAT                = 287
+	SYS_FUTIMESAT               = 288
+	SYS_FSTATAT64               = 289
+	SYS_UNLINKAT                = 290
+	SYS_RENAMEAT                = 291
+	SYS_LINKAT                  = 292
+	SYS_SYMLINKAT               = 293
+	SYS_READLINKAT              = 294
+	SYS_FCHMODAT                = 295
+	SYS_FACCESSAT               = 296
+	SYS_PSELECT6                = 297
+	SYS_PPOLL                   = 298
+	SYS_UNSHARE                 = 299
+	SYS_SET_ROBUST_LIST         = 300
+	SYS_GET_ROBUST_LIST         = 301
+	SYS_MIGRATE_PAGES           = 302
+	SYS_MBIND                   = 303
+	SYS_GET_MEMPOLICY           = 304
+	SYS_SET_MEMPOLICY           = 305
+	SYS_KEXEC_LOAD              = 306
+	SYS_MOVE_PAGES              = 307
+	SYS_GETCPU                  = 308
+	SYS_EPOLL_PWAIT             = 309
+	SYS_UTIMENSAT               = 310
+	SYS_SIGNALFD                = 311
+	SYS_TIMERFD_CREATE          = 312
+	SYS_EVENTFD                 = 313
+	SYS_FALLOCATE               = 314
+	SYS_TIMERFD_SETTIME         = 315
+	SYS_TIMERFD_GETTIME         = 316
+	SYS_SIGNALFD4               = 317
+	SYS_EVENTFD2                = 318
+	SYS_EPOLL_CREATE1           = 319
+	SYS_DUP3                    = 320
+	SYS_PIPE2                   = 321
+	SYS_INOTIFY_INIT1           = 322
+	SYS_ACCEPT4                 = 323
+	SYS_PREADV                  = 324
+	SYS_PWRITEV                 = 325
+	SYS_RT_TGSIGQUEUEINFO       = 326
+	SYS_PERF_EVENT_OPEN         = 327
+	SYS_RECVMMSG                = 328
+	SYS_FANOTIFY_INIT           = 329
+	SYS_FANOTIFY_MARK           = 330
+	SYS_PRLIMIT64               = 331
+	SYS_NAME_TO_HANDLE_AT       = 332
+	SYS_OPEN_BY_HANDLE_AT       = 333
+	SYS_CLOCK_ADJTIME           = 334
+	SYS_SYNCFS                  = 335
+	SYS_SENDMMSG                = 336
+	SYS_SETNS                   = 337
+	SYS_PROCESS_VM_READV        = 338
+	SYS_PROCESS_VM_WRITEV       = 339
+	SYS_KERN_FEATURES           = 340
+	SYS_KCMP                    = 341
+	SYS_FINIT_MODULE            = 342
+	SYS_SCHED_SETATTR           = 343
+	SYS_SCHED_GETATTR           = 344
+	SYS_RENAMEAT2               = 345
+	SYS_SECCOMP                 = 346
+	SYS_GETRANDOM               = 347
+	SYS_MEMFD_CREATE            = 348
+	SYS_BPF                     = 349
+	SYS_EXECVEAT                = 350
+	SYS_MEMBARRIER              = 351
+	SYS_USERFAULTFD             = 352
+	SYS_BIND                    = 353
+	SYS_LISTEN                  = 354
+	SYS_SETSOCKOPT              = 355
+	SYS_MLOCK2                  = 356
+	SYS_COPY_FILE_RANGE         = 357
+	SYS_PREADV2                 = 358
+	SYS_PWRITEV2                = 359
+	SYS_STATX                   = 360
+	SYS_IO_PGETEVENTS           = 361
+	SYS_PKEY_MPROTECT           = 362
+	SYS_PKEY_ALLOC              = 363
+	SYS_PKEY_FREE               = 364
+	SYS_RSEQ                    = 365
+	SYS_SEMTIMEDOP              = 392
+	SYS_SEMGET                  = 393
+	SYS_SEMCTL                  = 394
+	SYS_SHMGET                  = 395
+	SYS_SHMCTL                  = 396
+	SYS_SHMAT                   = 397
+	SYS_SHMDT                   = 398
+	SYS_MSGGET                  = 399
+	SYS_MSGSND                  = 400
+	SYS_MSGRCV                  = 401
+	SYS_MSGCTL                  = 402
+	SYS_PIDFD_SEND_SIGNAL       = 424
+	SYS_IO_URING_SETUP          = 425
+	SYS_IO_URING_ENTER          = 426
+	SYS_IO_URING_REGISTER       = 427
+	SYS_OPEN_TREE               = 428
+	SYS_MOVE_MOUNT              = 429
+	SYS_FSOPEN                  = 430
+	SYS_FSCONFIG                = 431
+	SYS_FSMOUNT                 = 432
+	SYS_FSPICK                  = 433
+	SYS_PIDFD_OPEN              = 434
+	SYS_CLOSE_RANGE             = 436
+	SYS_OPENAT2                 = 437
+	SYS_PIDFD_GETFD             = 438
+	SYS_FACCESSAT2              = 439
+	SYS_PROCESS_MADVISE         = 440
+	SYS_EPOLL_PWAIT2            = 441
+	SYS_MOUNT_SETATTR           = 442
+	SYS_QUOTACTL_FD             = 443
+	SYS_LANDLOCK_CREATE_RULESET = 444
+	SYS_LANDLOCK_ADD_RULE       = 445
+	SYS_LANDLOCK_RESTRICT_SELF  = 446
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
index f0daa05a9cbf7..3a6699eba9825 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
@@ -1,6 +1,7 @@
-// mksysnum_netbsd.pl
-// Code generated by the command above; DO NOT EDIT.
+// go run mksysnum.go http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && netbsd
 // +build 386,netbsd
 
 package unix
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
index ddb25b94f36d8..5677cd4f15842 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
@@ -1,6 +1,7 @@
-// mksysnum_netbsd.pl
-// Code generated by the command above; DO NOT EDIT.
+// go run mksysnum.go http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && netbsd
 // +build amd64,netbsd
 
 package unix
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
index 315bd63f89041..e784cb6db1c29 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
@@ -1,6 +1,7 @@
-// mksysnum_netbsd.pl
-// Code generated by the command above; DO NOT EDIT.
+// go run mksysnum.go http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && netbsd
 // +build arm,netbsd
 
 package unix
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
new file mode 100644
index 0000000000000..bd4952efa5bd2
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
@@ -0,0 +1,275 @@
+// go run mksysnum.go http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; DO NOT EDIT.
+
+//go:build arm64 && netbsd
+// +build arm64,netbsd
+
+package unix
+
+const (
+	SYS_EXIT                 = 1   // { void|sys||exit(int rval); }
+	SYS_FORK                 = 2   // { int|sys||fork(void); }
+	SYS_READ                 = 3   // { ssize_t|sys||read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                = 4   // { ssize_t|sys||write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                 = 5   // { int|sys||open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE                = 6   // { int|sys||close(int fd); }
+	SYS_LINK                 = 9   // { int|sys||link(const char *path, const char *link); }
+	SYS_UNLINK               = 10  // { int|sys||unlink(const char *path); }
+	SYS_CHDIR                = 12  // { int|sys||chdir(const char *path); }
+	SYS_FCHDIR               = 13  // { int|sys||fchdir(int fd); }
+	SYS_CHMOD                = 15  // { int|sys||chmod(const char *path, mode_t mode); }
+	SYS_CHOWN                = 16  // { int|sys||chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_BREAK                = 17  // { int|sys||obreak(char *nsize); }
+	SYS_GETPID               = 20  // { pid_t|sys||getpid_with_ppid(void); }
+	SYS_UNMOUNT              = 22  // { int|sys||unmount(const char *path, int flags); }
+	SYS_SETUID               = 23  // { int|sys||setuid(uid_t uid); }
+	SYS_GETUID               = 24  // { uid_t|sys||getuid_with_euid(void); }
+	SYS_GETEUID              = 25  // { uid_t|sys||geteuid(void); }
+	SYS_PTRACE               = 26  // { int|sys||ptrace(int req, pid_t pid, void *addr, int data); }
+	SYS_RECVMSG              = 27  // { ssize_t|sys||recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG              = 28  // { ssize_t|sys||sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM             = 29  // { ssize_t|sys||recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT               = 30  // { int|sys||accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME          = 31  // { int|sys||getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME          = 32  // { int|sys||getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS               = 33  // { int|sys||access(const char *path, int flags); }
+	SYS_CHFLAGS              = 34  // { int|sys||chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS             = 35  // { int|sys||fchflags(int fd, u_long flags); }
+	SYS_SYNC                 = 36  // { void|sys||sync(void); }
+	SYS_KILL                 = 37  // { int|sys||kill(pid_t pid, int signum); }
+	SYS_GETPPID              = 39  // { pid_t|sys||getppid(void); }
+	SYS_DUP                  = 41  // { int|sys||dup(int fd); }
+	SYS_PIPE                 = 42  // { int|sys||pipe(void); }
+	SYS_GETEGID              = 43  // { gid_t|sys||getegid(void); }
+	SYS_PROFIL               = 44  // { int|sys||profil(char *samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE               = 45  // { int|sys||ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_GETGID               = 47  // { gid_t|sys||getgid_with_egid(void); }
+	SYS___GETLOGIN           = 49  // { int|sys||__getlogin(char *namebuf, size_t namelen); }
+	SYS___SETLOGIN           = 50  // { int|sys||__setlogin(const char *namebuf); }
+	SYS_ACCT                 = 51  // { int|sys||acct(const char *path); }
+	SYS_IOCTL                = 54  // { int|sys||ioctl(int fd, u_long com, ... void *data); }
+	SYS_REVOKE               = 56  // { int|sys||revoke(const char *path); }
+	SYS_SYMLINK              = 57  // { int|sys||symlink(const char *path, const char *link); }
+	SYS_READLINK             = 58  // { ssize_t|sys||readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE               = 59  // { int|sys||execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK                = 60  // { mode_t|sys||umask(mode_t newmask); }
+	SYS_CHROOT               = 61  // { int|sys||chroot(const char *path); }
+	SYS_VFORK                = 66  // { int|sys||vfork(void); }
+	SYS_SBRK                 = 69  // { int|sys||sbrk(intptr_t incr); }
+	SYS_SSTK                 = 70  // { int|sys||sstk(int incr); }
+	SYS_VADVISE              = 72  // { int|sys||ovadvise(int anom); }
+	SYS_MUNMAP               = 73  // { int|sys||munmap(void *addr, size_t len); }
+	SYS_MPROTECT             = 74  // { int|sys||mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE              = 75  // { int|sys||madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE              = 78  // { int|sys||mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS            = 79  // { int|sys||getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS            = 80  // { int|sys||setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP              = 81  // { int|sys||getpgrp(void); }
+	SYS_SETPGID              = 82  // { int|sys||setpgid(pid_t pid, pid_t pgid); }
+	SYS_DUP2                 = 90  // { int|sys||dup2(int from, int to); }
+	SYS_FCNTL                = 92  // { int|sys||fcntl(int fd, int cmd, ... void *arg); }
+	SYS_FSYNC                = 95  // { int|sys||fsync(int fd); }
+	SYS_SETPRIORITY          = 96  // { int|sys||setpriority(int which, id_t who, int prio); }
+	SYS_CONNECT              = 98  // { int|sys||connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETPRIORITY          = 100 // { int|sys||getpriority(int which, id_t who); }
+	SYS_BIND                 = 104 // { int|sys||bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT           = 105 // { int|sys||setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN               = 106 // { int|sys||listen(int s, int backlog); }
+	SYS_GETSOCKOPT           = 118 // { int|sys||getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_READV                = 120 // { ssize_t|sys||readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV               = 121 // { ssize_t|sys||writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_FCHOWN               = 123 // { int|sys||fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD               = 124 // { int|sys||fchmod(int fd, mode_t mode); }
+	SYS_SETREUID             = 126 // { int|sys||setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID             = 127 // { int|sys||setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME               = 128 // { int|sys||rename(const char *from, const char *to); }
+	SYS_FLOCK                = 131 // { int|sys||flock(int fd, int how); }
+	SYS_MKFIFO               = 132 // { int|sys||mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO               = 133 // { ssize_t|sys||sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN             = 134 // { int|sys||shutdown(int s, int how); }
+	SYS_SOCKETPAIR           = 135 // { int|sys||socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                = 136 // { int|sys||mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR                = 137 // { int|sys||rmdir(const char *path); }
+	SYS_SETSID               = 147 // { int|sys||setsid(void); }
+	SYS_SYSARCH              = 165 // { int|sys||sysarch(int op, void *parms); }
+	SYS_PREAD                = 173 // { ssize_t|sys||pread(int fd, void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_PWRITE               = 174 // { ssize_t|sys||pwrite(int fd, const void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_NTP_ADJTIME          = 176 // { int|sys||ntp_adjtime(struct timex *tp); }
+	SYS_SETGID               = 181 // { int|sys||setgid(gid_t gid); }
+	SYS_SETEGID              = 182 // { int|sys||setegid(gid_t egid); }
+	SYS_SETEUID              = 183 // { int|sys||seteuid(uid_t euid); }
+	SYS_PATHCONF             = 191 // { long|sys||pathconf(const char *path, int name); }
+	SYS_FPATHCONF            = 192 // { long|sys||fpathconf(int fd, int name); }
+	SYS_GETRLIMIT            = 194 // { int|sys||getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT            = 195 // { int|sys||setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP                 = 197 // { void *|sys||mmap(void *addr, size_t len, int prot, int flags, int fd, long PAD, off_t pos); }
+	SYS_LSEEK                = 199 // { off_t|sys||lseek(int fd, int PAD, off_t offset, int whence); }
+	SYS_TRUNCATE             = 200 // { int|sys||truncate(const char *path, int PAD, off_t length); }
+	SYS_FTRUNCATE            = 201 // { int|sys||ftruncate(int fd, int PAD, off_t length); }
+	SYS___SYSCTL             = 202 // { int|sys||__sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, const void *new, size_t newlen); }
+	SYS_MLOCK                = 203 // { int|sys||mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK              = 204 // { int|sys||munlock(const void *addr, size_t len); }
+	SYS_UNDELETE             = 205 // { int|sys||undelete(const char *path); }
+	SYS_GETPGID              = 207 // { pid_t|sys||getpgid(pid_t pid); }
+	SYS_REBOOT               = 208 // { int|sys||reboot(int opt, char *bootstr); }
+	SYS_POLL                 = 209 // { int|sys||poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET               = 221 // { int|sys||semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                = 222 // { int|sys||semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_SEMCONFIG            = 223 // { int|sys||semconfig(int flag); }
+	SYS_MSGGET               = 225 // { int|sys||msgget(key_t key, int msgflg); }
+	SYS_MSGSND               = 226 // { int|sys||msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV               = 227 // { ssize_t|sys||msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                = 228 // { void *|sys||shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                = 230 // { int|sys||shmdt(const void *shmaddr); }
+	SYS_SHMGET               = 231 // { int|sys||shmget(key_t key, size_t size, int shmflg); }
+	SYS_TIMER_CREATE         = 235 // { int|sys||timer_create(clockid_t clock_id, struct sigevent *evp, timer_t *timerid); }
+	SYS_TIMER_DELETE         = 236 // { int|sys||timer_delete(timer_t timerid); }
+	SYS_TIMER_GETOVERRUN     = 239 // { int|sys||timer_getoverrun(timer_t timerid); }
+	SYS_FDATASYNC            = 241 // { int|sys||fdatasync(int fd); }
+	SYS_MLOCKALL             = 242 // { int|sys||mlockall(int flags); }
+	SYS_MUNLOCKALL           = 243 // { int|sys||munlockall(void); }
+	SYS_SIGQUEUEINFO         = 245 // { int|sys||sigqueueinfo(pid_t pid, const siginfo_t *info); }
+	SYS_MODCTL               = 246 // { int|sys||modctl(int cmd, void *arg); }
+	SYS___POSIX_RENAME       = 270 // { int|sys||__posix_rename(const char *from, const char *to); }
+	SYS_SWAPCTL              = 271 // { int|sys||swapctl(int cmd, void *arg, int misc); }
+	SYS_MINHERIT             = 273 // { int|sys||minherit(void *addr, size_t len, int inherit); }
+	SYS_LCHMOD               = 274 // { int|sys||lchmod(const char *path, mode_t mode); }
+	SYS_LCHOWN               = 275 // { int|sys||lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_MSYNC                = 277 // { int|sys|13|msync(void *addr, size_t len, int flags); }
+	SYS___POSIX_CHOWN        = 283 // { int|sys||__posix_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS___POSIX_FCHOWN       = 284 // { int|sys||__posix_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS___POSIX_LCHOWN       = 285 // { int|sys||__posix_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID               = 286 // { pid_t|sys||getsid(pid_t pid); }
+	SYS___CLONE              = 287 // { pid_t|sys||__clone(int flags, void *stack); }
+	SYS_FKTRACE              = 288 // { int|sys||fktrace(int fd, int ops, int facs, pid_t pid); }
+	SYS_PREADV               = 289 // { ssize_t|sys||preadv(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS_PWRITEV              = 290 // { ssize_t|sys||pwritev(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS___GETCWD             = 296 // { int|sys||__getcwd(char *bufp, size_t length); }
+	SYS_FCHROOT              = 297 // { int|sys||fchroot(int fd); }
+	SYS_LCHFLAGS             = 304 // { int|sys||lchflags(const char *path, u_long flags); }
+	SYS_ISSETUGID            = 305 // { int|sys||issetugid(void); }
+	SYS_UTRACE               = 306 // { int|sys||utrace(const char *label, void *addr, size_t len); }
+	SYS_GETCONTEXT           = 307 // { int|sys||getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT           = 308 // { int|sys||setcontext(const struct __ucontext *ucp); }
+	SYS__LWP_CREATE          = 309 // { int|sys||_lwp_create(const struct __ucontext *ucp, u_long flags, lwpid_t *new_lwp); }
+	SYS__LWP_EXIT            = 310 // { int|sys||_lwp_exit(void); }
+	SYS__LWP_SELF            = 311 // { lwpid_t|sys||_lwp_self(void); }
+	SYS__LWP_WAIT            = 312 // { int|sys||_lwp_wait(lwpid_t wait_for, lwpid_t *departed); }
+	SYS__LWP_SUSPEND         = 313 // { int|sys||_lwp_suspend(lwpid_t target); }
+	SYS__LWP_CONTINUE        = 314 // { int|sys||_lwp_continue(lwpid_t target); }
+	SYS__LWP_WAKEUP          = 315 // { int|sys||_lwp_wakeup(lwpid_t target); }
+	SYS__LWP_GETPRIVATE      = 316 // { void *|sys||_lwp_getprivate(void); }
+	SYS__LWP_SETPRIVATE      = 317 // { void|sys||_lwp_setprivate(void *ptr); }
+	SYS__LWP_KILL            = 318 // { int|sys||_lwp_kill(lwpid_t target, int signo); }
+	SYS__LWP_DETACH          = 319 // { int|sys||_lwp_detach(lwpid_t target); }
+	SYS__LWP_UNPARK          = 321 // { int|sys||_lwp_unpark(lwpid_t target, const void *hint); }
+	SYS__LWP_UNPARK_ALL      = 322 // { ssize_t|sys||_lwp_unpark_all(const lwpid_t *targets, size_t ntargets, const void *hint); }
+	SYS__LWP_SETNAME         = 323 // { int|sys||_lwp_setname(lwpid_t target, const char *name); }
+	SYS__LWP_GETNAME         = 324 // { int|sys||_lwp_getname(lwpid_t target, char *name, size_t len); }
+	SYS__LWP_CTL             = 325 // { int|sys||_lwp_ctl(int features, struct lwpctl **address); }
+	SYS___SIGACTION_SIGTRAMP = 340 // { int|sys||__sigaction_sigtramp(int signum, const struct sigaction *nsa, struct sigaction *osa, const void *tramp, int vers); }
+	SYS_PMC_GET_INFO         = 341 // { int|sys||pmc_get_info(int ctr, int op, void *args); }
+	SYS_PMC_CONTROL          = 342 // { int|sys||pmc_control(int ctr, int op, void *args); }
+	SYS_RASCTL               = 343 // { int|sys||rasctl(void *addr, size_t len, int op); }
+	SYS_KQUEUE               = 344 // { int|sys||kqueue(void); }
+	SYS__SCHED_SETPARAM      = 346 // { int|sys||_sched_setparam(pid_t pid, lwpid_t lid, int policy, const struct sched_param *params); }
+	SYS__SCHED_GETPARAM      = 347 // { int|sys||_sched_getparam(pid_t pid, lwpid_t lid, int *policy, struct sched_param *params); }
+	SYS__SCHED_SETAFFINITY   = 348 // { int|sys||_sched_setaffinity(pid_t pid, lwpid_t lid, size_t size, const cpuset_t *cpuset); }
+	SYS__SCHED_GETAFFINITY   = 349 // { int|sys||_sched_getaffinity(pid_t pid, lwpid_t lid, size_t size, cpuset_t *cpuset); }
+	SYS_SCHED_YIELD          = 350 // { int|sys||sched_yield(void); }
+	SYS_FSYNC_RANGE          = 354 // { int|sys||fsync_range(int fd, int flags, off_t start, off_t length); }
+	SYS_UUIDGEN              = 355 // { int|sys||uuidgen(struct uuid *store, int count); }
+	SYS_GETVFSSTAT           = 356 // { int|sys||getvfsstat(struct statvfs *buf, size_t bufsize, int flags); }
+	SYS_STATVFS1             = 357 // { int|sys||statvfs1(const char *path, struct statvfs *buf, int flags); }
+	SYS_FSTATVFS1            = 358 // { int|sys||fstatvfs1(int fd, struct statvfs *buf, int flags); }
+	SYS_EXTATTRCTL           = 360 // { int|sys||extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE     = 361 // { int|sys||extattr_set_file(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE     = 362 // { ssize_t|sys||extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE  = 363 // { int|sys||extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FD       = 364 // { int|sys||extattr_set_fd(int fd, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD       = 365 // { ssize_t|sys||extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD    = 366 // { int|sys||extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_LINK     = 367 // { int|sys||extattr_set_link(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK     = 368 // { ssize_t|sys||extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK  = 369 // { int|sys||extattr_delete_link(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_LIST_FD      = 370 // { ssize_t|sys||extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE    = 371 // { ssize_t|sys||extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK    = 372 // { ssize_t|sys||extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_SETXATTR             = 375 // { int|sys||setxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_LSETXATTR            = 376 // { int|sys||lsetxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_FSETXATTR            = 377 // { int|sys||fsetxattr(int fd, const char *name, const void *value, size_t size, int flags); }
+	SYS_GETXATTR             = 378 // { int|sys||getxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_LGETXATTR            = 379 // { int|sys||lgetxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_FGETXATTR            = 380 // { int|sys||fgetxattr(int fd, const char *name, void *value, size_t size); }
+	SYS_LISTXATTR            = 381 // { int|sys||listxattr(const char *path, char *list, size_t size); }
+	SYS_LLISTXATTR           = 382 // { int|sys||llistxattr(const char *path, char *list, size_t size); }
+	SYS_FLISTXATTR           = 383 // { int|sys||flistxattr(int fd, char *list, size_t size); }
+	SYS_REMOVEXATTR          = 384 // { int|sys||removexattr(const char *path, const char *name); }
+	SYS_LREMOVEXATTR         = 385 // { int|sys||lremovexattr(const char *path, const char *name); }
+	SYS_FREMOVEXATTR         = 386 // { int|sys||fremovexattr(int fd, const char *name); }
+	SYS_GETDENTS             = 390 // { int|sys|30|getdents(int fd, char *buf, size_t count); }
+	SYS_SOCKET               = 394 // { int|sys|30|socket(int domain, int type, int protocol); }
+	SYS_GETFH                = 395 // { int|sys|30|getfh(const char *fname, void *fhp, size_t *fh_size); }
+	SYS_MOUNT                = 410 // { int|sys|50|mount(const char *type, const char *path, int flags, void *data, size_t data_len); }
+	SYS_MREMAP               = 411 // { void *|sys||mremap(void *old_address, size_t old_size, void *new_address, size_t new_size, int flags); }
+	SYS_PSET_CREATE          = 412 // { int|sys||pset_create(psetid_t *psid); }
+	SYS_PSET_DESTROY         = 413 // { int|sys||pset_destroy(psetid_t psid); }
+	SYS_PSET_ASSIGN          = 414 // { int|sys||pset_assign(psetid_t psid, cpuid_t cpuid, psetid_t *opsid); }
+	SYS__PSET_BIND           = 415 // { int|sys||_pset_bind(idtype_t idtype, id_t first_id, id_t second_id, psetid_t psid, psetid_t *opsid); }
+	SYS_POSIX_FADVISE        = 416 // { int|sys|50|posix_fadvise(int fd, int PAD, off_t offset, off_t len, int advice); }
+	SYS_SELECT               = 417 // { int|sys|50|select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_GETTIMEOFDAY         = 418 // { int|sys|50|gettimeofday(struct timeval *tp, void *tzp); }
+	SYS_SETTIMEOFDAY         = 419 // { int|sys|50|settimeofday(const struct timeval *tv, const void *tzp); }
+	SYS_UTIMES               = 420 // { int|sys|50|utimes(const char *path, const struct timeval *tptr); }
+	SYS_ADJTIME              = 421 // { int|sys|50|adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_FUTIMES              = 423 // { int|sys|50|futimes(int fd, const struct timeval *tptr); }
+	SYS_LUTIMES              = 424 // { int|sys|50|lutimes(const char *path, const struct timeval *tptr); }
+	SYS_SETITIMER            = 425 // { int|sys|50|setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER            = 426 // { int|sys|50|getitimer(int which, struct itimerval *itv); }
+	SYS_CLOCK_GETTIME        = 427 // { int|sys|50|clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME        = 428 // { int|sys|50|clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES         = 429 // { int|sys|50|clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_NANOSLEEP            = 430 // { int|sys|50|nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS___SIGTIMEDWAIT       = 431 // { int|sys|50|__sigtimedwait(const sigset_t *set, siginfo_t *info, struct timespec *timeout); }
+	SYS__LWP_PARK            = 434 // { int|sys|50|_lwp_park(const struct timespec *ts, lwpid_t unpark, const void *hint, const void *unparkhint); }
+	SYS_KEVENT               = 435 // { int|sys|50|kevent(int fd, const struct kevent *changelist, size_t nchanges, struct kevent *eventlist, size_t nevents, const struct timespec *timeout); }
+	SYS_PSELECT              = 436 // { int|sys|50|pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_POLLTS               = 437 // { int|sys|50|pollts(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_STAT                 = 439 // { int|sys|50|stat(const char *path, struct stat *ub); }
+	SYS_FSTAT                = 440 // { int|sys|50|fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                = 441 // { int|sys|50|lstat(const char *path, struct stat *ub); }
+	SYS___SEMCTL             = 442 // { int|sys|50|__semctl(int semid, int semnum, int cmd, ... union __semun *arg); }
+	SYS_SHMCTL               = 443 // { int|sys|50|shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL               = 444 // { int|sys|50|msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_GETRUSAGE            = 445 // { int|sys|50|getrusage(int who, struct rusage *rusage); }
+	SYS_TIMER_SETTIME        = 446 // { int|sys|50|timer_settime(timer_t timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_TIMER_GETTIME        = 447 // { int|sys|50|timer_gettime(timer_t timerid, struct itimerspec *value); }
+	SYS_NTP_GETTIME          = 448 // { int|sys|50|ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_WAIT4                = 449 // { int|sys|50|wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_MKNOD                = 450 // { int|sys|50|mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_FHSTAT               = 451 // { int|sys|50|fhstat(const void *fhp, size_t fh_size, struct stat *sb); }
+	SYS_PIPE2                = 453 // { int|sys||pipe2(int *fildes, int flags); }
+	SYS_DUP3                 = 454 // { int|sys||dup3(int from, int to, int flags); }
+	SYS_KQUEUE1              = 455 // { int|sys||kqueue1(int flags); }
+	SYS_PACCEPT              = 456 // { int|sys||paccept(int s, struct sockaddr *name, socklen_t *anamelen, const sigset_t *mask, int flags); }
+	SYS_LINKAT               = 457 // { int|sys||linkat(int fd1, const char *name1, int fd2, const char *name2, int flags); }
+	SYS_RENAMEAT             = 458 // { int|sys||renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_MKFIFOAT             = 459 // { int|sys||mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT              = 460 // { int|sys||mknodat(int fd, const char *path, mode_t mode, uint32_t dev); }
+	SYS_MKDIRAT              = 461 // { int|sys||mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_FACCESSAT            = 462 // { int|sys||faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT             = 463 // { int|sys||fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT             = 464 // { int|sys||fchownat(int fd, const char *path, uid_t owner, gid_t group, int flag); }
+	SYS_FEXECVE              = 465 // { int|sys||fexecve(int fd, char * const *argp, char * const *envp); }
+	SYS_FSTATAT              = 466 // { int|sys||fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_UTIMENSAT            = 467 // { int|sys||utimensat(int fd, const char *path, const struct timespec *tptr, int flag); }
+	SYS_OPENAT               = 468 // { int|sys||openat(int fd, const char *path, int oflags, ... mode_t mode); }
+	SYS_READLINKAT           = 469 // { int|sys||readlinkat(int fd, const char *path, char *buf, size_t bufsize); }
+	SYS_SYMLINKAT            = 470 // { int|sys||symlinkat(const char *path1, int fd, const char *path2); }
+	SYS_UNLINKAT             = 471 // { int|sys||unlinkat(int fd, const char *path, int flag); }
+	SYS_FUTIMENS             = 472 // { int|sys||futimens(int fd, const struct timespec *tptr); }
+	SYS___QUOTACTL           = 473 // { int|sys||__quotactl(const char *path, struct quotactl_args *args); }
+	SYS_POSIX_SPAWN          = 474 // { int|sys||posix_spawn(pid_t *pid, const char *path, const struct posix_spawn_file_actions *file_actions, const struct posix_spawnattr *attrp, char *const *argv, char *const *envp); }
+	SYS_RECVMMSG             = 475 // { int|sys||recvmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags, struct timespec *timeout); }
+	SYS_SENDMMSG             = 476 // { int|sys||sendmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags); }
+)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
index 07787301f0102..817edbf95c0ab 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
@@ -1,6 +1,7 @@
-// mksysnum_openbsd.pl
-// Code generated by the command above; DO NOT EDIT.
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && openbsd
 // +build 386,openbsd
 
 package unix
@@ -9,109 +10,119 @@ const (
 	SYS_EXIT           = 1   // { void sys_exit(int rval); }
 	SYS_FORK           = 2   // { int sys_fork(void); }
 	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
-	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, \
-	SYS_OPEN           = 5   // { int sys_open(const char *path, \
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
 	SYS_CLOSE          = 6   // { int sys_close(int fd); }
-	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, \
+	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
 	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
 	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
-	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, \
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
 	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
 	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
-	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, \
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
 	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
-	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, \
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
 	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
 	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
-	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, \
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
 	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
-	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, \
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
 	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
 	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
 	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
 	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
-	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, \
-	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, \
-	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, \
-	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, \
-	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, \
-	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, \
-	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, \
-	SYS_ACCESS         = 33  // { int sys_access(const char *path, int flags); }
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
 	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
 	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
 	SYS_SYNC           = 36  // { void sys_sync(void); }
-	SYS_KILL           = 37  // { int sys_kill(int pid, int signum); }
 	SYS_STAT           = 38  // { int sys_stat(const char *path, struct stat *ub); }
 	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
 	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
 	SYS_DUP            = 41  // { int sys_dup(int fd); }
-	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, \
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
 	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
-	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, \
-	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, \
-	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, \
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
 	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
 	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
-	SYS_GETLOGIN       = 49  // { int sys_getlogin(char *namebuf, u_int namelen); }
 	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
 	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
 	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
 	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
-	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, \
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
 	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
 	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
-	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, \
-	SYS_READLINK       = 58  // { int sys_readlink(const char *path, char *buf, \
-	SYS_EXECVE         = 59  // { int sys_execve(const char *path, \
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
 	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
 	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
-	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, \
-	SYS_STATFS         = 63  // { int sys_statfs(const char *path, \
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
 	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
-	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, \
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
 	SYS_VFORK          = 66  // { int sys_vfork(void); }
-	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, \
-	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, \
-	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, \
-	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, \
-	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, \
-	SYS_KEVENT         = 72  // { int sys_kevent(int fd, \
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
 	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
-	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, \
-	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, \
-	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, \
-	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, \
-	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, \
-	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, \
-	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, \
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
 	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
-	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, int pgid); }
-	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, \
-	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, \
-	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, \
-	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, \
-	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, \
+	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
 	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
-	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, \
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
 	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
-	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, \
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
 	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
 	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
 	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
-	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, \
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
 	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
 	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
+	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
+	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
 	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
-	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, \
-	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, \
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
 	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
-	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, \
-	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, \
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
 	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
-	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, \
-	SYS_READV          = 120 // { ssize_t sys_readv(int fd, \
-	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, \
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
 	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
 	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
 	SYS_SETREUID       = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); }
@@ -119,89 +130,90 @@ const (
 	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
 	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
 	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
-	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, \
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
 	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
-	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, \
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
 	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
 	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
-	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, \
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
 	SYS_SETSID         = 147 // { int sys_setsid(void); }
-	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, \
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
 	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
 	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
 	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
-	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, \
-	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, \
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
 	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
 	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
 	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
 	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
 	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
 	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
-	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, \
-	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, \
-	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, \
-	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, \
-	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, \
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
 	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
-	SYS___SYSCTL       = 202 // { int sys___sysctl(const int *name, u_int namelen, \
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
 	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
 	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
 	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
-	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, \
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
 	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
 	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
-	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, \
-	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, \
-	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, \
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
 	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
-	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, \
-	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, \
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
 	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
 	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
 	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
 	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
 	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
 	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
-	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, \
-	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, \
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
 	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
 	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
 	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
-	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, \
-	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, \
-	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, \
-	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, \
-	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, \
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
 	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
-	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, \
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
 	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
-	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, \
-	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, \
-	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, \
-	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, \
-	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, \
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
 	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
 	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
-	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, \
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
 	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
-	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, \
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
 	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
-	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, \
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
 	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
 	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
-	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, \
-	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, \
-	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, \
-	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, \
-	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, \
-	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, \
-	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, \
-	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, \
-	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, \
-	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, \
-	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, \
-	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, \
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
 	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
 	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
index 10edff07d5754..ea453614e6977 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
@@ -1,6 +1,7 @@
-// mksysnum_openbsd.pl
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && openbsd
 // +build amd64,openbsd
 
 package unix
@@ -9,35 +10,35 @@ const (
 	SYS_EXIT           = 1   // { void sys_exit(int rval); }
 	SYS_FORK           = 2   // { int sys_fork(void); }
 	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
-	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, \
-	SYS_OPEN           = 5   // { int sys_open(const char *path, \
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
 	SYS_CLOSE          = 6   // { int sys_close(int fd); }
 	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
-	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, \
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
 	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
 	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
-	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, \
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
 	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
 	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
-	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, \
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
 	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
-	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, \
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
 	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
 	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
-	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, \
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
 	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
-	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, \
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
 	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
 	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
 	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
 	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
-	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, \
-	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, \
-	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, \
-	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, \
-	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, \
-	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, \
-	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, \
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
 	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
 	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
 	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
@@ -46,80 +47,81 @@ const (
 	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
 	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
 	SYS_DUP            = 41  // { int sys_dup(int fd); }
-	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, \
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
 	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
-	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, \
-	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, \
-	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, \
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
 	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
 	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
 	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
 	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
 	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
 	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
-	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, \
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
 	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
 	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
-	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, \
-	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, \
-	SYS_EXECVE         = 59  // { int sys_execve(const char *path, \
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
 	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
 	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
-	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, \
-	SYS_STATFS         = 63  // { int sys_statfs(const char *path, \
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
 	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
-	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, \
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
 	SYS_VFORK          = 66  // { int sys_vfork(void); }
-	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, \
-	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, \
-	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, \
-	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, \
-	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, \
-	SYS_KEVENT         = 72  // { int sys_kevent(int fd, \
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
 	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
-	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, \
-	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, \
-	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, \
-	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, \
-	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, \
-	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, \
-	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, \
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
 	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
 	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
-	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, \
-	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, \
-	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, \
-	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, \
-	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, \
-	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, \
-	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, \
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
 	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
-	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, \
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
 	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
-	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, \
-	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, \
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
 	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
 	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
 	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
-	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, \
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
 	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
 	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
 	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
 	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
 	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
-	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, \
-	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, \
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
 	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
-	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, \
-	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, \
-	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, \
-	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, \
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
 	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
-	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, \
-	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, \
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
 	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
-	SYS_READV          = 120 // { ssize_t sys_readv(int fd, \
-	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, \
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
 	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
 	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
 	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
@@ -128,90 +130,90 @@ const (
 	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
 	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
 	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
-	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, \
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
 	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
-	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, \
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
 	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
 	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
-	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, \
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
 	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
 	SYS_SETSID         = 147 // { int sys_setsid(void); }
-	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, \
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
 	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
 	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
 	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
-	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, \
-	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, \
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
 	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
 	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
 	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
 	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
 	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
 	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
-	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, \
-	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, \
-	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, \
-	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, \
-	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, \
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
 	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
-	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, \
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
 	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
 	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
 	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
-	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, \
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
 	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
 	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
-	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, \
-	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, \
-	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, \
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
 	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
-	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, \
-	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, \
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
 	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
 	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
 	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
 	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
 	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
 	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
-	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, \
-	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, \
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
 	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
 	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
 	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
-	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, \
-	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, \
-	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, \
-	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, \
-	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, \
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
 	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
-	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, \
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
 	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
-	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, \
-	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, \
-	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, \
-	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, \
-	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, \
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
 	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
 	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
-	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, \
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
 	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
-	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, \
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
 	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
-	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, \
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
 	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
 	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
-	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, \
-	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, \
-	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, \
-	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, \
-	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, \
-	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, \
-	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, \
-	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, \
-	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, \
-	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, \
-	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, \
-	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, \
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
 	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
 	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
index 7a1693acbc197..467971eed661a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
@@ -1,6 +1,7 @@
-// mksysnum_openbsd.pl
-// Code generated by the command above; DO NOT EDIT.
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && openbsd
 // +build arm,openbsd
 
 package unix
@@ -9,35 +10,35 @@ const (
 	SYS_EXIT           = 1   // { void sys_exit(int rval); }
 	SYS_FORK           = 2   // { int sys_fork(void); }
 	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
-	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, \
-	SYS_OPEN           = 5   // { int sys_open(const char *path, \
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
 	SYS_CLOSE          = 6   // { int sys_close(int fd); }
 	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
-	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, \
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
 	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
 	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
-	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, \
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
 	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
 	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
-	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, \
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
 	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
-	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, \
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
 	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
 	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
-	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, \
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
 	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
-	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, \
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
 	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
 	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
 	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
 	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
-	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, \
-	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, \
-	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, \
-	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, \
-	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, \
-	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, \
-	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, \
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
 	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
 	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
 	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
@@ -46,77 +47,81 @@ const (
 	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
 	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
 	SYS_DUP            = 41  // { int sys_dup(int fd); }
-	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, \
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
 	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
-	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, \
-	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, \
-	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, \
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
 	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
 	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
-	SYS_GETLOGIN       = 49  // { int sys_getlogin(char *namebuf, u_int namelen); }
 	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
 	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
 	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
 	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
-	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, \
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
 	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
 	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
-	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, \
-	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, \
-	SYS_EXECVE         = 59  // { int sys_execve(const char *path, \
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
 	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
 	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
-	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, \
-	SYS_STATFS         = 63  // { int sys_statfs(const char *path, \
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
 	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
-	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, \
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
 	SYS_VFORK          = 66  // { int sys_vfork(void); }
-	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, \
-	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, \
-	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, \
-	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, \
-	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, \
-	SYS_KEVENT         = 72  // { int sys_kevent(int fd, \
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
 	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
-	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, \
-	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, \
-	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, \
-	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, \
-	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, \
-	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, \
-	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, \
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
 	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
 	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
-	SYS_SENDSYSLOG     = 83  // { int sys_sendsyslog(const void *buf, size_t nbyte); }
-	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, \
-	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, \
-	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, \
-	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, \
-	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, \
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
 	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
-	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, \
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
 	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
-	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, \
-	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, \
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
 	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
 	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
 	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
-	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, \
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
 	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
 	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
 	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
 	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
 	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
-	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, \
-	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, \
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
 	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
-	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, \
-	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, \
-	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, \
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
 	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
-	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, \
-	SYS_READV          = 120 // { ssize_t sys_readv(int fd, \
-	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, \
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
 	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
 	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
 	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
@@ -125,89 +130,90 @@ const (
 	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
 	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
 	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
-	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, \
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
 	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
-	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, \
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
 	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
 	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
-	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, \
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
 	SYS_SETSID         = 147 // { int sys_setsid(void); }
-	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, \
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
 	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
 	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
 	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
-	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, \
-	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, \
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
 	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
 	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
 	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
 	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
 	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
 	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
-	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, \
-	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, \
-	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, \
-	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, \
-	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, \
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
 	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
-	SYS___SYSCTL       = 202 // { int sys___sysctl(const int *name, u_int namelen, \
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
 	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
 	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
 	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
-	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, \
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
 	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
 	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
-	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, \
-	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, \
-	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, \
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
 	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
-	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, \
-	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, \
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
 	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
 	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
 	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
 	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
 	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
 	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
-	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, \
-	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, \
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
 	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
 	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
 	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
-	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, \
-	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, \
-	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, \
-	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, \
-	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, \
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
 	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
-	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, \
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
 	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
-	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, \
-	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, \
-	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, \
-	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, \
-	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, \
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
 	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
 	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
-	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, \
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
 	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
-	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, \
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
 	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
-	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, \
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
 	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
 	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
-	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, \
-	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, \
-	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, \
-	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, \
-	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, \
-	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, \
-	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, \
-	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, \
-	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, \
-	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, \
-	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, \
-	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, \
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
 	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
 	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
new file mode 100644
index 0000000000000..32eec5ed56f1a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
@@ -0,0 +1,218 @@
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build arm64 && openbsd
+// +build arm64,openbsd
+
+package unix
+
+const (
+	SYS_EXIT           = 1   // { void sys_exit(int rval); }
+	SYS_FORK           = 2   // { int sys_fork(void); }
+	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE          = 6   // { int sys_close(int fd); }
+	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
+	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
+	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
+	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
+	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
+	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
+	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
+	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
+	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
+	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
+	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
+	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
+	SYS_SYNC           = 36  // { void sys_sync(void); }
+	SYS_STAT           = 38  // { int sys_stat(const char *path, struct stat *ub); }
+	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
+	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
+	SYS_DUP            = 41  // { int sys_dup(int fd); }
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
+	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
+	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
+	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
+	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
+	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
+	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
+	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
+	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
+	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
+	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
+	SYS_VFORK          = 66  // { int sys_vfork(void); }
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
+	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
+	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
+	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
+	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
+	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
+	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
+	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
+	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
+	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
+	SYS_SETREUID       = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID       = 127 // { int sys_setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
+	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
+	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
+	SYS_SETSID         = 147 // { int sys_setsid(void); }
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
+	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
+	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
+	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
+	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
+	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
+	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
+	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
+	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
+	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
+	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
+	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
+	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
+	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
+	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
+	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
+	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
+	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
+	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
+	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
+	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
+	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
+	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
+	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
+	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
+	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
+	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
+	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
+)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
new file mode 100644
index 0000000000000..a37f77375636f
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
@@ -0,0 +1,221 @@
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build mips64 && openbsd
+// +build mips64,openbsd
+
+package unix
+
+const (
+	SYS_EXIT           = 1   // { void sys_exit(int rval); }
+	SYS_FORK           = 2   // { int sys_fork(void); }
+	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE          = 6   // { int sys_close(int fd); }
+	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
+	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
+	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
+	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
+	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
+	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
+	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
+	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
+	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
+	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
+	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
+	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
+	SYS_SYNC           = 36  // { void sys_sync(void); }
+	SYS_MSYSCALL       = 37  // { int sys_msyscall(void *addr, size_t len); }
+	SYS_STAT           = 38  // { int sys_stat(const char *path, struct stat *ub); }
+	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
+	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
+	SYS_DUP            = 41  // { int sys_dup(int fd); }
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
+	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
+	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
+	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
+	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
+	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
+	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
+	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
+	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
+	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
+	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
+	SYS_VFORK          = 66  // { int sys_vfork(void); }
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
+	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
+	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
+	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
+	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
+	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
+	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
+	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
+	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS___REALPATH     = 115 // { int sys___realpath(const char *pathname, char *resolved); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
+	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
+	SYS_SETREUID       = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID       = 127 // { int sys_setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
+	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
+	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
+	SYS_SETSID         = 147 // { int sys_setsid(void); }
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
+	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
+	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
+	SYS___TMPFD        = 164 // { int sys___tmpfd(int flags); }
+	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
+	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
+	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
+	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
+	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
+	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
+	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
+	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
+	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
+	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
+	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
+	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
+	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
+	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
+	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
+	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
+	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
+	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
+	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
+	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
+	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
+	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
+	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
+	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
+	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
+)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
new file mode 100644
index 0000000000000..073daad43b7a0
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -0,0 +1,2670 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+package unix
+
+// TODO: auto-generate.
+
+const (
+	SYS_ACOSD128                        = 0xB80
+	SYS_ACOSD32                         = 0xB7E
+	SYS_ACOSD64                         = 0xB7F
+	SYS_ACOSHD128                       = 0xB83
+	SYS_ACOSHD32                        = 0xB81
+	SYS_ACOSHD64                        = 0xB82
+	SYS_AIO_FSYNC                       = 0xC69
+	SYS_ASCTIME                         = 0x0AE
+	SYS_ASCTIME64                       = 0xCD7
+	SYS_ASCTIME64_R                     = 0xCD8
+	SYS_ASIND128                        = 0xB86
+	SYS_ASIND32                         = 0xB84
+	SYS_ASIND64                         = 0xB85
+	SYS_ASINHD128                       = 0xB89
+	SYS_ASINHD32                        = 0xB87
+	SYS_ASINHD64                        = 0xB88
+	SYS_ATAN2D128                       = 0xB8F
+	SYS_ATAN2D32                        = 0xB8D
+	SYS_ATAN2D64                        = 0xB8E
+	SYS_ATAND128                        = 0xB8C
+	SYS_ATAND32                         = 0xB8A
+	SYS_ATAND64                         = 0xB8B
+	SYS_ATANHD128                       = 0xB92
+	SYS_ATANHD32                        = 0xB90
+	SYS_ATANHD64                        = 0xB91
+	SYS_BIND2ADDRSEL                    = 0xD59
+	SYS_C16RTOMB                        = 0xD40
+	SYS_C32RTOMB                        = 0xD41
+	SYS_CBRTD128                        = 0xB95
+	SYS_CBRTD32                         = 0xB93
+	SYS_CBRTD64                         = 0xB94
+	SYS_CEILD128                        = 0xB98
+	SYS_CEILD32                         = 0xB96
+	SYS_CEILD64                         = 0xB97
+	SYS_CLEARENV                        = 0x0C9
+	SYS_CLEARERR_UNLOCKED               = 0xCA1
+	SYS_CLOCK                           = 0x0AA
+	SYS_CLOGL                           = 0xA00
+	SYS_CLRMEMF                         = 0x0BD
+	SYS_CONJ                            = 0xA03
+	SYS_CONJF                           = 0xA06
+	SYS_CONJL                           = 0xA09
+	SYS_COPYSIGND128                    = 0xB9E
+	SYS_COPYSIGND32                     = 0xB9C
+	SYS_COPYSIGND64                     = 0xB9D
+	SYS_COSD128                         = 0xBA1
+	SYS_COSD32                          = 0xB9F
+	SYS_COSD64                          = 0xBA0
+	SYS_COSHD128                        = 0xBA4
+	SYS_COSHD32                         = 0xBA2
+	SYS_COSHD64                         = 0xBA3
+	SYS_CPOW                            = 0xA0C
+	SYS_CPOWF                           = 0xA0F
+	SYS_CPOWL                           = 0xA12
+	SYS_CPROJ                           = 0xA15
+	SYS_CPROJF                          = 0xA18
+	SYS_CPROJL                          = 0xA1B
+	SYS_CREAL                           = 0xA1E
+	SYS_CREALF                          = 0xA21
+	SYS_CREALL                          = 0xA24
+	SYS_CSIN                            = 0xA27
+	SYS_CSINF                           = 0xA2A
+	SYS_CSINH                           = 0xA30
+	SYS_CSINHF                          = 0xA33
+	SYS_CSINHL                          = 0xA36
+	SYS_CSINL                           = 0xA2D
+	SYS_CSNAP                           = 0x0C5
+	SYS_CSQRT                           = 0xA39
+	SYS_CSQRTF                          = 0xA3C
+	SYS_CSQRTL                          = 0xA3F
+	SYS_CTAN                            = 0xA42
+	SYS_CTANF                           = 0xA45
+	SYS_CTANH                           = 0xA4B
+	SYS_CTANHF                          = 0xA4E
+	SYS_CTANHL                          = 0xA51
+	SYS_CTANL                           = 0xA48
+	SYS_CTIME                           = 0x0AB
+	SYS_CTIME64                         = 0xCD9
+	SYS_CTIME64_R                       = 0xCDA
+	SYS_CTRACE                          = 0x0C6
+	SYS_DIFFTIME                        = 0x0A7
+	SYS_DIFFTIME64                      = 0xCDB
+	SYS_DLADDR                          = 0xC82
+	SYS_DYNALLOC                        = 0x0C3
+	SYS_DYNFREE                         = 0x0C2
+	SYS_ERFCD128                        = 0xBAA
+	SYS_ERFCD32                         = 0xBA8
+	SYS_ERFCD64                         = 0xBA9
+	SYS_ERFD128                         = 0xBA7
+	SYS_ERFD32                          = 0xBA5
+	SYS_ERFD64                          = 0xBA6
+	SYS_EXP2D128                        = 0xBB0
+	SYS_EXP2D32                         = 0xBAE
+	SYS_EXP2D64                         = 0xBAF
+	SYS_EXPD128                         = 0xBAD
+	SYS_EXPD32                          = 0xBAB
+	SYS_EXPD64                          = 0xBAC
+	SYS_EXPM1D128                       = 0xBB3
+	SYS_EXPM1D32                        = 0xBB1
+	SYS_EXPM1D64                        = 0xBB2
+	SYS_FABSD128                        = 0xBB6
+	SYS_FABSD32                         = 0xBB4
+	SYS_FABSD64                         = 0xBB5
+	SYS_FDELREC_UNLOCKED                = 0xCA2
+	SYS_FDIMD128                        = 0xBB9
+	SYS_FDIMD32                         = 0xBB7
+	SYS_FDIMD64                         = 0xBB8
+	SYS_FDOPEN_UNLOCKED                 = 0xCFC
+	SYS_FECLEAREXCEPT                   = 0xAEA
+	SYS_FEGETENV                        = 0xAEB
+	SYS_FEGETEXCEPTFLAG                 = 0xAEC
+	SYS_FEGETROUND                      = 0xAED
+	SYS_FEHOLDEXCEPT                    = 0xAEE
+	SYS_FEOF_UNLOCKED                   = 0xCA3
+	SYS_FERAISEEXCEPT                   = 0xAEF
+	SYS_FERROR_UNLOCKED                 = 0xCA4
+	SYS_FESETENV                        = 0xAF0
+	SYS_FESETEXCEPTFLAG                 = 0xAF1
+	SYS_FESETROUND                      = 0xAF2
+	SYS_FETCHEP                         = 0x0BF
+	SYS_FETESTEXCEPT                    = 0xAF3
+	SYS_FEUPDATEENV                     = 0xAF4
+	SYS_FE_DEC_GETROUND                 = 0xBBA
+	SYS_FE_DEC_SETROUND                 = 0xBBB
+	SYS_FFLUSH_UNLOCKED                 = 0xCA5
+	SYS_FGETC_UNLOCKED                  = 0xC80
+	SYS_FGETPOS64                       = 0xCEE
+	SYS_FGETPOS64_UNLOCKED              = 0xCF4
+	SYS_FGETPOS_UNLOCKED                = 0xCA6
+	SYS_FGETS_UNLOCKED                  = 0xC7C
+	SYS_FGETWC_UNLOCKED                 = 0xCA7
+	SYS_FGETWS_UNLOCKED                 = 0xCA8
+	SYS_FILENO_UNLOCKED                 = 0xCA9
+	SYS_FLDATA                          = 0x0C1
+	SYS_FLDATA_UNLOCKED                 = 0xCAA
+	SYS_FLOCATE_UNLOCKED                = 0xCAB
+	SYS_FLOORD128                       = 0xBBE
+	SYS_FLOORD32                        = 0xBBC
+	SYS_FLOORD64                        = 0xBBD
+	SYS_FMA                             = 0xA63
+	SYS_FMAD128                         = 0xBC1
+	SYS_FMAD32                          = 0xBBF
+	SYS_FMAD64                          = 0xBC0
+	SYS_FMAF                            = 0xA66
+	SYS_FMAL                            = 0xA69
+	SYS_FMAX                            = 0xA6C
+	SYS_FMAXD128                        = 0xBC4
+	SYS_FMAXD32                         = 0xBC2
+	SYS_FMAXD64                         = 0xBC3
+	SYS_FMAXF                           = 0xA6F
+	SYS_FMAXL                           = 0xA72
+	SYS_FMIN                            = 0xA75
+	SYS_FMIND128                        = 0xBC7
+	SYS_FMIND32                         = 0xBC5
+	SYS_FMIND64                         = 0xBC6
+	SYS_FMINF                           = 0xA78
+	SYS_FMINL                           = 0xA7B
+	SYS_FMODD128                        = 0xBCA
+	SYS_FMODD32                         = 0xBC8
+	SYS_FMODD64                         = 0xBC9
+	SYS_FOPEN64                         = 0xD49
+	SYS_FOPEN64_UNLOCKED                = 0xD4A
+	SYS_FOPEN_UNLOCKED                  = 0xCFA
+	SYS_FPRINTF_UNLOCKED                = 0xCAC
+	SYS_FPUTC_UNLOCKED                  = 0xC81
+	SYS_FPUTS_UNLOCKED                  = 0xC7E
+	SYS_FPUTWC_UNLOCKED                 = 0xCAD
+	SYS_FPUTWS_UNLOCKED                 = 0xCAE
+	SYS_FREAD_NOUPDATE                  = 0xCEC
+	SYS_FREAD_NOUPDATE_UNLOCKED         = 0xCED
+	SYS_FREAD_UNLOCKED                  = 0xC7B
+	SYS_FREEIFADDRS                     = 0xCE6
+	SYS_FREOPEN64                       = 0xD4B
+	SYS_FREOPEN64_UNLOCKED              = 0xD4C
+	SYS_FREOPEN_UNLOCKED                = 0xCFB
+	SYS_FREXPD128                       = 0xBCE
+	SYS_FREXPD32                        = 0xBCC
+	SYS_FREXPD64                        = 0xBCD
+	SYS_FSCANF_UNLOCKED                 = 0xCAF
+	SYS_FSEEK64                         = 0xCEF
+	SYS_FSEEK64_UNLOCKED                = 0xCF5
+	SYS_FSEEKO64                        = 0xCF0
+	SYS_FSEEKO64_UNLOCKED               = 0xCF6
+	SYS_FSEEKO_UNLOCKED                 = 0xCB1
+	SYS_FSEEK_UNLOCKED                  = 0xCB0
+	SYS_FSETPOS64                       = 0xCF1
+	SYS_FSETPOS64_UNLOCKED              = 0xCF7
+	SYS_FSETPOS_UNLOCKED                = 0xCB3
+	SYS_FTELL64                         = 0xCF2
+	SYS_FTELL64_UNLOCKED                = 0xCF8
+	SYS_FTELLO64                        = 0xCF3
+	SYS_FTELLO64_UNLOCKED               = 0xCF9
+	SYS_FTELLO_UNLOCKED                 = 0xCB5
+	SYS_FTELL_UNLOCKED                  = 0xCB4
+	SYS_FUPDATE                         = 0x0B5
+	SYS_FUPDATE_UNLOCKED                = 0xCB7
+	SYS_FWIDE_UNLOCKED                  = 0xCB8
+	SYS_FWPRINTF_UNLOCKED               = 0xCB9
+	SYS_FWRITE_UNLOCKED                 = 0xC7A
+	SYS_FWSCANF_UNLOCKED                = 0xCBA
+	SYS_GETDATE64                       = 0xD4F
+	SYS_GETIFADDRS                      = 0xCE7
+	SYS_GETIPV4SOURCEFILTER             = 0xC77
+	SYS_GETSOURCEFILTER                 = 0xC79
+	SYS_GETSYNTX                        = 0x0FD
+	SYS_GETS_UNLOCKED                   = 0xC7D
+	SYS_GETTIMEOFDAY64                  = 0xD50
+	SYS_GETWCHAR_UNLOCKED               = 0xCBC
+	SYS_GETWC_UNLOCKED                  = 0xCBB
+	SYS_GMTIME                          = 0x0B0
+	SYS_GMTIME64                        = 0xCDC
+	SYS_GMTIME64_R                      = 0xCDD
+	SYS_HYPOTD128                       = 0xBD1
+	SYS_HYPOTD32                        = 0xBCF
+	SYS_HYPOTD64                        = 0xBD0
+	SYS_ILOGBD128                       = 0xBD4
+	SYS_ILOGBD32                        = 0xBD2
+	SYS_ILOGBD64                        = 0xBD3
+	SYS_ILOGBF                          = 0xA7E
+	SYS_ILOGBL                          = 0xA81
+	SYS_INET6_IS_SRCADDR                = 0xD5A
+	SYS_ISBLANK                         = 0x0FE
+	SYS_ISWALNUM                        = 0x0FF
+	SYS_LDEXPD128                       = 0xBD7
+	SYS_LDEXPD32                        = 0xBD5
+	SYS_LDEXPD64                        = 0xBD6
+	SYS_LGAMMAD128                      = 0xBDA
+	SYS_LGAMMAD32                       = 0xBD8
+	SYS_LGAMMAD64                       = 0xBD9
+	SYS_LIO_LISTIO                      = 0xC6A
+	SYS_LLRINT                          = 0xA84
+	SYS_LLRINTD128                      = 0xBDD
+	SYS_LLRINTD32                       = 0xBDB
+	SYS_LLRINTD64                       = 0xBDC
+	SYS_LLRINTF                         = 0xA87
+	SYS_LLRINTL                         = 0xA8A
+	SYS_LLROUND                         = 0xA8D
+	SYS_LLROUNDD128                     = 0xBE0
+	SYS_LLROUNDD32                      = 0xBDE
+	SYS_LLROUNDD64                      = 0xBDF
+	SYS_LLROUNDF                        = 0xA90
+	SYS_LLROUNDL                        = 0xA93
+	SYS_LOCALTIM                        = 0x0B1
+	SYS_LOCALTIME                       = 0x0B1
+	SYS_LOCALTIME64                     = 0xCDE
+	SYS_LOCALTIME64_R                   = 0xCDF
+	SYS_LOG10D128                       = 0xBE6
+	SYS_LOG10D32                        = 0xBE4
+	SYS_LOG10D64                        = 0xBE5
+	SYS_LOG1PD128                       = 0xBE9
+	SYS_LOG1PD32                        = 0xBE7
+	SYS_LOG1PD64                        = 0xBE8
+	SYS_LOG2D128                        = 0xBEC
+	SYS_LOG2D32                         = 0xBEA
+	SYS_LOG2D64                         = 0xBEB
+	SYS_LOGBD128                        = 0xBEF
+	SYS_LOGBD32                         = 0xBED
+	SYS_LOGBD64                         = 0xBEE
+	SYS_LOGBF                           = 0xA96
+	SYS_LOGBL                           = 0xA99
+	SYS_LOGD128                         = 0xBE3
+	SYS_LOGD32                          = 0xBE1
+	SYS_LOGD64                          = 0xBE2
+	SYS_LRINT                           = 0xA9C
+	SYS_LRINTD128                       = 0xBF2
+	SYS_LRINTD32                        = 0xBF0
+	SYS_LRINTD64                        = 0xBF1
+	SYS_LRINTF                          = 0xA9F
+	SYS_LRINTL                          = 0xAA2
+	SYS_LROUNDD128                      = 0xBF5
+	SYS_LROUNDD32                       = 0xBF3
+	SYS_LROUNDD64                       = 0xBF4
+	SYS_LROUNDL                         = 0xAA5
+	SYS_MBLEN                           = 0x0AF
+	SYS_MBRTOC16                        = 0xD42
+	SYS_MBRTOC32                        = 0xD43
+	SYS_MEMSET                          = 0x0A3
+	SYS_MKTIME                          = 0x0AC
+	SYS_MKTIME64                        = 0xCE0
+	SYS_MODFD128                        = 0xBF8
+	SYS_MODFD32                         = 0xBF6
+	SYS_MODFD64                         = 0xBF7
+	SYS_NAN                             = 0xAA8
+	SYS_NAND128                         = 0xBFB
+	SYS_NAND32                          = 0xBF9
+	SYS_NAND64                          = 0xBFA
+	SYS_NANF                            = 0xAAA
+	SYS_NANL                            = 0xAAC
+	SYS_NEARBYINT                       = 0xAAE
+	SYS_NEARBYINTD128                   = 0xBFE
+	SYS_NEARBYINTD32                    = 0xBFC
+	SYS_NEARBYINTD64                    = 0xBFD
+	SYS_NEARBYINTF                      = 0xAB1
+	SYS_NEARBYINTL                      = 0xAB4
+	SYS_NEXTAFTERD128                   = 0xC01
+	SYS_NEXTAFTERD32                    = 0xBFF
+	SYS_NEXTAFTERD64                    = 0xC00
+	SYS_NEXTAFTERF                      = 0xAB7
+	SYS_NEXTAFTERL                      = 0xABA
+	SYS_NEXTTOWARD                      = 0xABD
+	SYS_NEXTTOWARDD128                  = 0xC04
+	SYS_NEXTTOWARDD32                   = 0xC02
+	SYS_NEXTTOWARDD64                   = 0xC03
+	SYS_NEXTTOWARDF                     = 0xAC0
+	SYS_NEXTTOWARDL                     = 0xAC3
+	SYS_NL_LANGINFO                     = 0x0FC
+	SYS_PERROR_UNLOCKED                 = 0xCBD
+	SYS_POSIX_FALLOCATE                 = 0xCE8
+	SYS_POSIX_MEMALIGN                  = 0xCE9
+	SYS_POSIX_OPENPT                    = 0xC66
+	SYS_POWD128                         = 0xC07
+	SYS_POWD32                          = 0xC05
+	SYS_POWD64                          = 0xC06
+	SYS_PRINTF_UNLOCKED                 = 0xCBE
+	SYS_PSELECT                         = 0xC67
+	SYS_PTHREAD_ATTR_GETSTACK           = 0xB3E
+	SYS_PTHREAD_ATTR_SETSTACK           = 0xB3F
+	SYS_PTHREAD_SECURITY_APPLID_NP      = 0xCE4
+	SYS_PUTS_UNLOCKED                   = 0xC7F
+	SYS_PUTWCHAR_UNLOCKED               = 0xCC0
+	SYS_PUTWC_UNLOCKED                  = 0xCBF
+	SYS_QUANTEXPD128                    = 0xD46
+	SYS_QUANTEXPD32                     = 0xD44
+	SYS_QUANTEXPD64                     = 0xD45
+	SYS_QUANTIZED128                    = 0xC0A
+	SYS_QUANTIZED32                     = 0xC08
+	SYS_QUANTIZED64                     = 0xC09
+	SYS_REMAINDERD128                   = 0xC0D
+	SYS_REMAINDERD32                    = 0xC0B
+	SYS_REMAINDERD64                    = 0xC0C
+	SYS_RESIZE_ALLOC                    = 0xCEB
+	SYS_REWIND_UNLOCKED                 = 0xCC1
+	SYS_RINTD128                        = 0xC13
+	SYS_RINTD32                         = 0xC11
+	SYS_RINTD64                         = 0xC12
+	SYS_RINTF                           = 0xACB
+	SYS_RINTL                           = 0xACD
+	SYS_ROUND                           = 0xACF
+	SYS_ROUNDD128                       = 0xC16
+	SYS_ROUNDD32                        = 0xC14
+	SYS_ROUNDD64                        = 0xC15
+	SYS_ROUNDF                          = 0xAD2
+	SYS_ROUNDL                          = 0xAD5
+	SYS_SAMEQUANTUMD128                 = 0xC19
+	SYS_SAMEQUANTUMD32                  = 0xC17
+	SYS_SAMEQUANTUMD64                  = 0xC18
+	SYS_SCALBLN                         = 0xAD8
+	SYS_SCALBLND128                     = 0xC1C
+	SYS_SCALBLND32                      = 0xC1A
+	SYS_SCALBLND64                      = 0xC1B
+	SYS_SCALBLNF                        = 0xADB
+	SYS_SCALBLNL                        = 0xADE
+	SYS_SCALBND128                      = 0xC1F
+	SYS_SCALBND32                       = 0xC1D
+	SYS_SCALBND64                       = 0xC1E
+	SYS_SCALBNF                         = 0xAE3
+	SYS_SCALBNL                         = 0xAE6
+	SYS_SCANF_UNLOCKED                  = 0xCC2
+	SYS_SCHED_YIELD                     = 0xB32
+	SYS_SETENV                          = 0x0C8
+	SYS_SETIPV4SOURCEFILTER             = 0xC76
+	SYS_SETSOURCEFILTER                 = 0xC78
+	SYS_SHM_OPEN                        = 0xC8C
+	SYS_SHM_UNLINK                      = 0xC8D
+	SYS_SIND128                         = 0xC22
+	SYS_SIND32                          = 0xC20
+	SYS_SIND64                          = 0xC21
+	SYS_SINHD128                        = 0xC25
+	SYS_SINHD32                         = 0xC23
+	SYS_SINHD64                         = 0xC24
+	SYS_SIZEOF_ALLOC                    = 0xCEA
+	SYS_SOCKATMARK                      = 0xC68
+	SYS_SQRTD128                        = 0xC28
+	SYS_SQRTD32                         = 0xC26
+	SYS_SQRTD64                         = 0xC27
+	SYS_STRCHR                          = 0x0A0
+	SYS_STRCSPN                         = 0x0A1
+	SYS_STRERROR                        = 0x0A8
+	SYS_STRERROR_R                      = 0xB33
+	SYS_STRFTIME                        = 0x0B2
+	SYS_STRLEN                          = 0x0A9
+	SYS_STRPBRK                         = 0x0A2
+	SYS_STRSPN                          = 0x0A4
+	SYS_STRSTR                          = 0x0A5
+	SYS_STRTOD128                       = 0xC2B
+	SYS_STRTOD32                        = 0xC29
+	SYS_STRTOD64                        = 0xC2A
+	SYS_STRTOK                          = 0x0A6
+	SYS_TAND128                         = 0xC2E
+	SYS_TAND32                          = 0xC2C
+	SYS_TAND64                          = 0xC2D
+	SYS_TANHD128                        = 0xC31
+	SYS_TANHD32                         = 0xC2F
+	SYS_TANHD64                         = 0xC30
+	SYS_TGAMMAD128                      = 0xC34
+	SYS_TGAMMAD32                       = 0xC32
+	SYS_TGAMMAD64                       = 0xC33
+	SYS_TIME                            = 0x0AD
+	SYS_TIME64                          = 0xCE1
+	SYS_TMPFILE64                       = 0xD4D
+	SYS_TMPFILE64_UNLOCKED              = 0xD4E
+	SYS_TMPFILE_UNLOCKED                = 0xCFD
+	SYS_TRUNCD128                       = 0xC40
+	SYS_TRUNCD32                        = 0xC3E
+	SYS_TRUNCD64                        = 0xC3F
+	SYS_UNGETC_UNLOCKED                 = 0xCC3
+	SYS_UNGETWC_UNLOCKED                = 0xCC4
+	SYS_UNSETENV                        = 0xB34
+	SYS_VFPRINTF_UNLOCKED               = 0xCC5
+	SYS_VFSCANF_UNLOCKED                = 0xCC7
+	SYS_VFWPRINTF_UNLOCKED              = 0xCC9
+	SYS_VFWSCANF_UNLOCKED               = 0xCCB
+	SYS_VPRINTF_UNLOCKED                = 0xCCD
+	SYS_VSCANF_UNLOCKED                 = 0xCCF
+	SYS_VWPRINTF_UNLOCKED               = 0xCD1
+	SYS_VWSCANF_UNLOCKED                = 0xCD3
+	SYS_WCSTOD128                       = 0xC43
+	SYS_WCSTOD32                        = 0xC41
+	SYS_WCSTOD64                        = 0xC42
+	SYS_WPRINTF_UNLOCKED                = 0xCD5
+	SYS_WSCANF_UNLOCKED                 = 0xCD6
+	SYS__FLUSHLBF                       = 0xD68
+	SYS__FLUSHLBF_UNLOCKED              = 0xD6F
+	SYS___ACOSHF_H                      = 0xA54
+	SYS___ACOSHL_H                      = 0xA55
+	SYS___ASINHF_H                      = 0xA56
+	SYS___ASINHL_H                      = 0xA57
+	SYS___ATANPID128                    = 0xC6D
+	SYS___ATANPID32                     = 0xC6B
+	SYS___ATANPID64                     = 0xC6C
+	SYS___CBRTF_H                       = 0xA58
+	SYS___CBRTL_H                       = 0xA59
+	SYS___CDUMP                         = 0x0C4
+	SYS___CLASS                         = 0xAFA
+	SYS___CLASS2                        = 0xB99
+	SYS___CLASS2D128                    = 0xC99
+	SYS___CLASS2D32                     = 0xC97
+	SYS___CLASS2D64                     = 0xC98
+	SYS___CLASS2F                       = 0xC91
+	SYS___CLASS2F_B                     = 0xC93
+	SYS___CLASS2F_H                     = 0xC94
+	SYS___CLASS2L                       = 0xC92
+	SYS___CLASS2L_B                     = 0xC95
+	SYS___CLASS2L_H                     = 0xC96
+	SYS___CLASS2_B                      = 0xB9A
+	SYS___CLASS2_H                      = 0xB9B
+	SYS___CLASS_B                       = 0xAFB
+	SYS___CLASS_H                       = 0xAFC
+	SYS___CLOGL_B                       = 0xA01
+	SYS___CLOGL_H                       = 0xA02
+	SYS___CLRENV                        = 0x0C9
+	SYS___CLRMF                         = 0x0BD
+	SYS___CODEPAGE_INFO                 = 0xC64
+	SYS___CONJF_B                       = 0xA07
+	SYS___CONJF_H                       = 0xA08
+	SYS___CONJL_B                       = 0xA0A
+	SYS___CONJL_H                       = 0xA0B
+	SYS___CONJ_B                        = 0xA04
+	SYS___CONJ_H                        = 0xA05
+	SYS___COPYSIGN_B                    = 0xA5A
+	SYS___COPYSIGN_H                    = 0xAF5
+	SYS___COSPID128                     = 0xC70
+	SYS___COSPID32                      = 0xC6E
+	SYS___COSPID64                      = 0xC6F
+	SYS___CPOWF_B                       = 0xA10
+	SYS___CPOWF_H                       = 0xA11
+	SYS___CPOWL_B                       = 0xA13
+	SYS___CPOWL_H                       = 0xA14
+	SYS___CPOW_B                        = 0xA0D
+	SYS___CPOW_H                        = 0xA0E
+	SYS___CPROJF_B                      = 0xA19
+	SYS___CPROJF_H                      = 0xA1A
+	SYS___CPROJL_B                      = 0xA1C
+	SYS___CPROJL_H                      = 0xA1D
+	SYS___CPROJ_B                       = 0xA16
+	SYS___CPROJ_H                       = 0xA17
+	SYS___CREALF_B                      = 0xA22
+	SYS___CREALF_H                      = 0xA23
+	SYS___CREALL_B                      = 0xA25
+	SYS___CREALL_H                      = 0xA26
+	SYS___CREAL_B                       = 0xA1F
+	SYS___CREAL_H                       = 0xA20
+	SYS___CSINF_B                       = 0xA2B
+	SYS___CSINF_H                       = 0xA2C
+	SYS___CSINHF_B                      = 0xA34
+	SYS___CSINHF_H                      = 0xA35
+	SYS___CSINHL_B                      = 0xA37
+	SYS___CSINHL_H                      = 0xA38
+	SYS___CSINH_B                       = 0xA31
+	SYS___CSINH_H                       = 0xA32
+	SYS___CSINL_B                       = 0xA2E
+	SYS___CSINL_H                       = 0xA2F
+	SYS___CSIN_B                        = 0xA28
+	SYS___CSIN_H                        = 0xA29
+	SYS___CSNAP                         = 0x0C5
+	SYS___CSQRTF_B                      = 0xA3D
+	SYS___CSQRTF_H                      = 0xA3E
+	SYS___CSQRTL_B                      = 0xA40
+	SYS___CSQRTL_H                      = 0xA41
+	SYS___CSQRT_B                       = 0xA3A
+	SYS___CSQRT_H                       = 0xA3B
+	SYS___CTANF_B                       = 0xA46
+	SYS___CTANF_H                       = 0xA47
+	SYS___CTANHF_B                      = 0xA4F
+	SYS___CTANHF_H                      = 0xA50
+	SYS___CTANHL_B                      = 0xA52
+	SYS___CTANHL_H                      = 0xA53
+	SYS___CTANH_B                       = 0xA4C
+	SYS___CTANH_H                       = 0xA4D
+	SYS___CTANL_B                       = 0xA49
+	SYS___CTANL_H                       = 0xA4A
+	SYS___CTAN_B                        = 0xA43
+	SYS___CTAN_H                        = 0xA44
+	SYS___CTEST                         = 0x0C7
+	SYS___CTRACE                        = 0x0C6
+	SYS___D1TOP                         = 0xC9B
+	SYS___D2TOP                         = 0xC9C
+	SYS___D4TOP                         = 0xC9D
+	SYS___DYNALL                        = 0x0C3
+	SYS___DYNFRE                        = 0x0C2
+	SYS___EXP2F_H                       = 0xA5E
+	SYS___EXP2L_H                       = 0xA5F
+	SYS___EXP2_H                        = 0xA5D
+	SYS___EXPM1F_H                      = 0xA5B
+	SYS___EXPM1L_H                      = 0xA5C
+	SYS___FBUFSIZE                      = 0xD60
+	SYS___FLBF                          = 0xD62
+	SYS___FLDATA                        = 0x0C1
+	SYS___FMAF_B                        = 0xA67
+	SYS___FMAF_H                        = 0xA68
+	SYS___FMAL_B                        = 0xA6A
+	SYS___FMAL_H                        = 0xA6B
+	SYS___FMAXF_B                       = 0xA70
+	SYS___FMAXF_H                       = 0xA71
+	SYS___FMAXL_B                       = 0xA73
+	SYS___FMAXL_H                       = 0xA74
+	SYS___FMAX_B                        = 0xA6D
+	SYS___FMAX_H                        = 0xA6E
+	SYS___FMA_B                         = 0xA64
+	SYS___FMA_H                         = 0xA65
+	SYS___FMINF_B                       = 0xA79
+	SYS___FMINF_H                       = 0xA7A
+	SYS___FMINL_B                       = 0xA7C
+	SYS___FMINL_H                       = 0xA7D
+	SYS___FMIN_B                        = 0xA76
+	SYS___FMIN_H                        = 0xA77
+	SYS___FPENDING                      = 0xD61
+	SYS___FPENDING_UNLOCKED             = 0xD6C
+	SYS___FPURGE                        = 0xD69
+	SYS___FPURGE_UNLOCKED               = 0xD70
+	SYS___FP_CAST_D                     = 0xBCB
+	SYS___FREADABLE                     = 0xD63
+	SYS___FREADAHEAD                    = 0xD6A
+	SYS___FREADAHEAD_UNLOCKED           = 0xD71
+	SYS___FREADING                      = 0xD65
+	SYS___FREADING_UNLOCKED             = 0xD6D
+	SYS___FSEEK2                        = 0xB3C
+	SYS___FSETERR                       = 0xD6B
+	SYS___FSETLOCKING                   = 0xD67
+	SYS___FTCHEP                        = 0x0BF
+	SYS___FTELL2                        = 0xB3B
+	SYS___FUPDT                         = 0x0B5
+	SYS___FWRITABLE                     = 0xD64
+	SYS___FWRITING                      = 0xD66
+	SYS___FWRITING_UNLOCKED             = 0xD6E
+	SYS___GETCB                         = 0x0B4
+	SYS___GETGRGID1                     = 0xD5B
+	SYS___GETGRNAM1                     = 0xD5C
+	SYS___GETTHENT                      = 0xCE5
+	SYS___GETTOD                        = 0xD3E
+	SYS___HYPOTF_H                      = 0xAF6
+	SYS___HYPOTL_H                      = 0xAF7
+	SYS___ILOGBF_B                      = 0xA7F
+	SYS___ILOGBF_H                      = 0xA80
+	SYS___ILOGBL_B                      = 0xA82
+	SYS___ILOGBL_H                      = 0xA83
+	SYS___ISBLANK_A                     = 0xB2E
+	SYS___ISBLNK                        = 0x0FE
+	SYS___ISWBLANK_A                    = 0xB2F
+	SYS___LE_CEEGTJS                    = 0xD72
+	SYS___LE_TRACEBACK                  = 0xB7A
+	SYS___LGAMMAL_H                     = 0xA62
+	SYS___LGAMMA_B_C99                  = 0xB39
+	SYS___LGAMMA_H_C99                  = 0xB38
+	SYS___LGAMMA_R_C99                  = 0xB3A
+	SYS___LLRINTF_B                     = 0xA88
+	SYS___LLRINTF_H                     = 0xA89
+	SYS___LLRINTL_B                     = 0xA8B
+	SYS___LLRINTL_H                     = 0xA8C
+	SYS___LLRINT_B                      = 0xA85
+	SYS___LLRINT_H                      = 0xA86
+	SYS___LLROUNDF_B                    = 0xA91
+	SYS___LLROUNDF_H                    = 0xA92
+	SYS___LLROUNDL_B                    = 0xA94
+	SYS___LLROUNDL_H                    = 0xA95
+	SYS___LLROUND_B                     = 0xA8E
+	SYS___LLROUND_H                     = 0xA8F
+	SYS___LOCALE_CTL                    = 0xD47
+	SYS___LOG1PF_H                      = 0xA60
+	SYS___LOG1PL_H                      = 0xA61
+	SYS___LOGBF_B                       = 0xA97
+	SYS___LOGBF_H                       = 0xA98
+	SYS___LOGBL_B                       = 0xA9A
+	SYS___LOGBL_H                       = 0xA9B
+	SYS___LOGIN_APPLID                  = 0xCE2
+	SYS___LRINTF_B                      = 0xAA0
+	SYS___LRINTF_H                      = 0xAA1
+	SYS___LRINTL_B                      = 0xAA3
+	SYS___LRINTL_H                      = 0xAA4
+	SYS___LRINT_B                       = 0xA9D
+	SYS___LRINT_H                       = 0xA9E
+	SYS___LROUNDF_FIXUP                 = 0xB31
+	SYS___LROUNDL_B                     = 0xAA6
+	SYS___LROUNDL_H                     = 0xAA7
+	SYS___LROUND_FIXUP                  = 0xB30
+	SYS___MOSERVICES                    = 0xD3D
+	SYS___MUST_STAY_CLEAN               = 0xB7C
+	SYS___NANF_B                        = 0xAAB
+	SYS___NANL_B                        = 0xAAD
+	SYS___NAN_B                         = 0xAA9
+	SYS___NEARBYINTF_B                  = 0xAB2
+	SYS___NEARBYINTF_H                  = 0xAB3
+	SYS___NEARBYINTL_B                  = 0xAB5
+	SYS___NEARBYINTL_H                  = 0xAB6
+	SYS___NEARBYINT_B                   = 0xAAF
+	SYS___NEARBYINT_H                   = 0xAB0
+	SYS___NEXTAFTERF_B                  = 0xAB8
+	SYS___NEXTAFTERF_H                  = 0xAB9
+	SYS___NEXTAFTERL_B                  = 0xABB
+	SYS___NEXTAFTERL_H                  = 0xABC
+	SYS___NEXTTOWARDF_B                 = 0xAC1
+	SYS___NEXTTOWARDF_H                 = 0xAC2
+	SYS___NEXTTOWARDL_B                 = 0xAC4
+	SYS___NEXTTOWARDL_H                 = 0xAC5
+	SYS___NEXTTOWARD_B                  = 0xABE
+	SYS___NEXTTOWARD_H                  = 0xABF
+	SYS___O_ENV                         = 0xB7D
+	SYS___PASSWD_APPLID                 = 0xCE3
+	SYS___PTOD1                         = 0xC9E
+	SYS___PTOD2                         = 0xC9F
+	SYS___PTOD4                         = 0xCA0
+	SYS___REGCOMP_STD                   = 0x0EA
+	SYS___REMAINDERF_H                  = 0xAC6
+	SYS___REMAINDERL_H                  = 0xAC7
+	SYS___REMQUOD128                    = 0xC10
+	SYS___REMQUOD32                     = 0xC0E
+	SYS___REMQUOD64                     = 0xC0F
+	SYS___REMQUOF_H                     = 0xAC9
+	SYS___REMQUOL_H                     = 0xACA
+	SYS___REMQUO_H                      = 0xAC8
+	SYS___RINTF_B                       = 0xACC
+	SYS___RINTL_B                       = 0xACE
+	SYS___ROUNDF_B                      = 0xAD3
+	SYS___ROUNDF_H                      = 0xAD4
+	SYS___ROUNDL_B                      = 0xAD6
+	SYS___ROUNDL_H                      = 0xAD7
+	SYS___ROUND_B                       = 0xAD0
+	SYS___ROUND_H                       = 0xAD1
+	SYS___SCALBLNF_B                    = 0xADC
+	SYS___SCALBLNF_H                    = 0xADD
+	SYS___SCALBLNL_B                    = 0xADF
+	SYS___SCALBLNL_H                    = 0xAE0
+	SYS___SCALBLN_B                     = 0xAD9
+	SYS___SCALBLN_H                     = 0xADA
+	SYS___SCALBNF_B                     = 0xAE4
+	SYS___SCALBNF_H                     = 0xAE5
+	SYS___SCALBNL_B                     = 0xAE7
+	SYS___SCALBNL_H                     = 0xAE8
+	SYS___SCALBN_B                      = 0xAE1
+	SYS___SCALBN_H                      = 0xAE2
+	SYS___SETENV                        = 0x0C8
+	SYS___SINPID128                     = 0xC73
+	SYS___SINPID32                      = 0xC71
+	SYS___SINPID64                      = 0xC72
+	SYS___SMF_RECORD2                   = 0xD48
+	SYS___STATIC_REINIT                 = 0xB3D
+	SYS___TGAMMAF_H_C99                 = 0xB79
+	SYS___TGAMMAL_H                     = 0xAE9
+	SYS___TGAMMA_H_C99                  = 0xB78
+	SYS___TOCSNAME2                     = 0xC9A
+	SYS_CEIL                            = 0x01F
+	SYS_CHAUDIT                         = 0x1E0
+	SYS_EXP                             = 0x01A
+	SYS_FCHAUDIT                        = 0x1E1
+	SYS_FREXP                           = 0x01D
+	SYS_GETGROUPSBYNAME                 = 0x1E2
+	SYS_GETPWUID                        = 0x1A0
+	SYS_GETUID                          = 0x1A1
+	SYS_ISATTY                          = 0x1A3
+	SYS_KILL                            = 0x1A4
+	SYS_LDEXP                           = 0x01E
+	SYS_LINK                            = 0x1A5
+	SYS_LOG10                           = 0x01C
+	SYS_LSEEK                           = 0x1A6
+	SYS_LSTAT                           = 0x1A7
+	SYS_MKDIR                           = 0x1A8
+	SYS_MKFIFO                          = 0x1A9
+	SYS_MKNOD                           = 0x1AA
+	SYS_MODF                            = 0x01B
+	SYS_MOUNT                           = 0x1AB
+	SYS_OPEN                            = 0x1AC
+	SYS_OPENDIR                         = 0x1AD
+	SYS_PATHCONF                        = 0x1AE
+	SYS_PAUSE                           = 0x1AF
+	SYS_PIPE                            = 0x1B0
+	SYS_PTHREAD_ATTR_DESTROY            = 0x1E7
+	SYS_PTHREAD_ATTR_GETDETACHSTATE     = 0x1EB
+	SYS_PTHREAD_ATTR_GETSTACKSIZE       = 0x1E9
+	SYS_PTHREAD_ATTR_GETWEIGHT_NP       = 0x1ED
+	SYS_PTHREAD_ATTR_INIT               = 0x1E6
+	SYS_PTHREAD_ATTR_SETDETACHSTATE     = 0x1EA
+	SYS_PTHREAD_ATTR_SETSTACKSIZE       = 0x1E8
+	SYS_PTHREAD_ATTR_SETWEIGHT_NP       = 0x1EC
+	SYS_PTHREAD_CANCEL                  = 0x1EE
+	SYS_PTHREAD_CLEANUP_POP             = 0x1F0
+	SYS_PTHREAD_CLEANUP_PUSH            = 0x1EF
+	SYS_PTHREAD_CONDATTR_DESTROY        = 0x1F2
+	SYS_PTHREAD_CONDATTR_INIT           = 0x1F1
+	SYS_PTHREAD_COND_BROADCAST          = 0x1F6
+	SYS_PTHREAD_COND_DESTROY            = 0x1F4
+	SYS_PTHREAD_COND_INIT               = 0x1F3
+	SYS_PTHREAD_COND_SIGNAL             = 0x1F5
+	SYS_PTHREAD_COND_TIMEDWAIT          = 0x1F8
+	SYS_PTHREAD_COND_WAIT               = 0x1F7
+	SYS_PTHREAD_CREATE                  = 0x1F9
+	SYS_PTHREAD_DETACH                  = 0x1FA
+	SYS_PTHREAD_EQUAL                   = 0x1FB
+	SYS_PTHREAD_EXIT                    = 0x1E4
+	SYS_PTHREAD_GETSPECIFIC             = 0x1FC
+	SYS_PTHREAD_JOIN                    = 0x1FD
+	SYS_PTHREAD_KEY_CREATE              = 0x1FE
+	SYS_PTHREAD_KILL                    = 0x1E5
+	SYS_PTHREAD_MUTEXATTR_INIT          = 0x1FF
+	SYS_READ                            = 0x1B2
+	SYS_READDIR                         = 0x1B3
+	SYS_READLINK                        = 0x1B4
+	SYS_REWINDDIR                       = 0x1B5
+	SYS_RMDIR                           = 0x1B6
+	SYS_SETEGID                         = 0x1B7
+	SYS_SETEUID                         = 0x1B8
+	SYS_SETGID                          = 0x1B9
+	SYS_SETPGID                         = 0x1BA
+	SYS_SETSID                          = 0x1BB
+	SYS_SETUID                          = 0x1BC
+	SYS_SIGACTION                       = 0x1BD
+	SYS_SIGADDSET                       = 0x1BE
+	SYS_SIGDELSET                       = 0x1BF
+	SYS_SIGEMPTYSET                     = 0x1C0
+	SYS_SIGFILLSET                      = 0x1C1
+	SYS_SIGISMEMBER                     = 0x1C2
+	SYS_SIGLONGJMP                      = 0x1C3
+	SYS_SIGPENDING                      = 0x1C4
+	SYS_SIGPROCMASK                     = 0x1C5
+	SYS_SIGSETJMP                       = 0x1C6
+	SYS_SIGSUSPEND                      = 0x1C7
+	SYS_SIGWAIT                         = 0x1E3
+	SYS_SLEEP                           = 0x1C8
+	SYS_STAT                            = 0x1C9
+	SYS_SYMLINK                         = 0x1CB
+	SYS_SYSCONF                         = 0x1CC
+	SYS_TCDRAIN                         = 0x1CD
+	SYS_TCFLOW                          = 0x1CE
+	SYS_TCFLUSH                         = 0x1CF
+	SYS_TCGETATTR                       = 0x1D0
+	SYS_TCGETPGRP                       = 0x1D1
+	SYS_TCSENDBREAK                     = 0x1D2
+	SYS_TCSETATTR                       = 0x1D3
+	SYS_TCSETPGRP                       = 0x1D4
+	SYS_TIMES                           = 0x1D5
+	SYS_TTYNAME                         = 0x1D6
+	SYS_TZSET                           = 0x1D7
+	SYS_UMASK                           = 0x1D8
+	SYS_UMOUNT                          = 0x1D9
+	SYS_UNAME                           = 0x1DA
+	SYS_UNLINK                          = 0x1DB
+	SYS_UTIME                           = 0x1DC
+	SYS_WAIT                            = 0x1DD
+	SYS_WAITPID                         = 0x1DE
+	SYS_WRITE                           = 0x1DF
+	SYS_W_GETPSENT                      = 0x1B1
+	SYS_W_IOCTL                         = 0x1A2
+	SYS_W_STATFS                        = 0x1CA
+	SYS_A64L                            = 0x2EF
+	SYS_BCMP                            = 0x2B9
+	SYS_BCOPY                           = 0x2BA
+	SYS_BZERO                           = 0x2BB
+	SYS_CATCLOSE                        = 0x2B6
+	SYS_CATGETS                         = 0x2B7
+	SYS_CATOPEN                         = 0x2B8
+	SYS_CRYPT                           = 0x2AC
+	SYS_DBM_CLEARERR                    = 0x2F7
+	SYS_DBM_CLOSE                       = 0x2F8
+	SYS_DBM_DELETE                      = 0x2F9
+	SYS_DBM_ERROR                       = 0x2FA
+	SYS_DBM_FETCH                       = 0x2FB
+	SYS_DBM_FIRSTKEY                    = 0x2FC
+	SYS_DBM_NEXTKEY                     = 0x2FD
+	SYS_DBM_OPEN                        = 0x2FE
+	SYS_DBM_STORE                       = 0x2FF
+	SYS_DRAND48                         = 0x2B2
+	SYS_ENCRYPT                         = 0x2AD
+	SYS_ENDUTXENT                       = 0x2E1
+	SYS_ERAND48                         = 0x2B3
+	SYS_ERF                             = 0x02C
+	SYS_ERFC                            = 0x02D
+	SYS_FCHDIR                          = 0x2D9
+	SYS_FFS                             = 0x2BC
+	SYS_FMTMSG                          = 0x2E5
+	SYS_FSTATVFS                        = 0x2B4
+	SYS_FTIME                           = 0x2F5
+	SYS_GAMMA                           = 0x02E
+	SYS_GETDATE                         = 0x2A6
+	SYS_GETPAGESIZE                     = 0x2D8
+	SYS_GETTIMEOFDAY                    = 0x2F6
+	SYS_GETUTXENT                       = 0x2E0
+	SYS_GETUTXID                        = 0x2E2
+	SYS_GETUTXLINE                      = 0x2E3
+	SYS_HCREATE                         = 0x2C6
+	SYS_HDESTROY                        = 0x2C7
+	SYS_HSEARCH                         = 0x2C8
+	SYS_HYPOT                           = 0x02B
+	SYS_INDEX                           = 0x2BD
+	SYS_INITSTATE                       = 0x2C2
+	SYS_INSQUE                          = 0x2CF
+	SYS_ISASCII                         = 0x2ED
+	SYS_JRAND48                         = 0x2E6
+	SYS_L64A                            = 0x2F0
+	SYS_LCONG48                         = 0x2EA
+	SYS_LFIND                           = 0x2C9
+	SYS_LRAND48                         = 0x2E7
+	SYS_LSEARCH                         = 0x2CA
+	SYS_MEMCCPY                         = 0x2D4
+	SYS_MRAND48                         = 0x2E8
+	SYS_NRAND48                         = 0x2E9
+	SYS_PCLOSE                          = 0x2D2
+	SYS_POPEN                           = 0x2D1
+	SYS_PUTUTXLINE                      = 0x2E4
+	SYS_RANDOM                          = 0x2C4
+	SYS_REMQUE                          = 0x2D0
+	SYS_RINDEX                          = 0x2BE
+	SYS_SEED48                          = 0x2EC
+	SYS_SETKEY                          = 0x2AE
+	SYS_SETSTATE                        = 0x2C3
+	SYS_SETUTXENT                       = 0x2DF
+	SYS_SRAND48                         = 0x2EB
+	SYS_SRANDOM                         = 0x2C5
+	SYS_STATVFS                         = 0x2B5
+	SYS_STRCASECMP                      = 0x2BF
+	SYS_STRDUP                          = 0x2C0
+	SYS_STRNCASECMP                     = 0x2C1
+	SYS_SWAB                            = 0x2D3
+	SYS_TDELETE                         = 0x2CB
+	SYS_TFIND                           = 0x2CC
+	SYS_TOASCII                         = 0x2EE
+	SYS_TSEARCH                         = 0x2CD
+	SYS_TWALK                           = 0x2CE
+	SYS_UALARM                          = 0x2F1
+	SYS_USLEEP                          = 0x2F2
+	SYS_WAIT3                           = 0x2A7
+	SYS_WAITID                          = 0x2A8
+	SYS_Y1                              = 0x02A
+	SYS___ATOE                          = 0x2DB
+	SYS___ATOE_L                        = 0x2DC
+	SYS___CATTRM                        = 0x2A9
+	SYS___CNVBLK                        = 0x2AF
+	SYS___CRYTRM                        = 0x2B0
+	SYS___DLGHT                         = 0x2A1
+	SYS___ECRTRM                        = 0x2B1
+	SYS___ETOA                          = 0x2DD
+	SYS___ETOA_L                        = 0x2DE
+	SYS___GDTRM                         = 0x2AA
+	SYS___OCLCK                         = 0x2DA
+	SYS___OPARGF                        = 0x2A2
+	SYS___OPERRF                        = 0x2A5
+	SYS___OPINDF                        = 0x2A4
+	SYS___OPOPTF                        = 0x2A3
+	SYS___RNDTRM                        = 0x2AB
+	SYS___SRCTRM                        = 0x2F4
+	SYS___TZONE                         = 0x2A0
+	SYS___UTXTRM                        = 0x2F3
+	SYS_ASIN                            = 0x03E
+	SYS_ISXDIGIT                        = 0x03B
+	SYS_SETLOCAL                        = 0x03A
+	SYS_SETLOCALE                       = 0x03A
+	SYS_SIN                             = 0x03F
+	SYS_TOLOWER                         = 0x03C
+	SYS_TOUPPER                         = 0x03D
+	SYS_ACCEPT_AND_RECV                 = 0x4F7
+	SYS_ATOL                            = 0x04E
+	SYS_CHECKSCH                        = 0x4BC
+	SYS_CHECKSCHENV                     = 0x4BC
+	SYS_CLEARERR                        = 0x04C
+	SYS_CONNECTS                        = 0x4B5
+	SYS_CONNECTSERVER                   = 0x4B5
+	SYS_CONNECTW                        = 0x4B4
+	SYS_CONNECTWORKMGR                  = 0x4B4
+	SYS_CONTINUE                        = 0x4B3
+	SYS_CONTINUEWORKUNIT                = 0x4B3
+	SYS_COPYSIGN                        = 0x4C2
+	SYS_CREATEWO                        = 0x4B2
+	SYS_CREATEWORKUNIT                  = 0x4B2
+	SYS_DELETEWO                        = 0x4B9
+	SYS_DELETEWORKUNIT                  = 0x4B9
+	SYS_DISCONNE                        = 0x4B6
+	SYS_DISCONNECTSERVER                = 0x4B6
+	SYS_FEOF                            = 0x04D
+	SYS_FERROR                          = 0x04A
+	SYS_FINITE                          = 0x4C8
+	SYS_GAMMA_R                         = 0x4E2
+	SYS_JOINWORK                        = 0x4B7
+	SYS_JOINWORKUNIT                    = 0x4B7
+	SYS_LEAVEWOR                        = 0x4B8
+	SYS_LEAVEWORKUNIT                   = 0x4B8
+	SYS_LGAMMA_R                        = 0x4EB
+	SYS_MATHERR                         = 0x4D0
+	SYS_PERROR                          = 0x04F
+	SYS_QUERYMET                        = 0x4BA
+	SYS_QUERYMETRICS                    = 0x4BA
+	SYS_QUERYSCH                        = 0x4BB
+	SYS_QUERYSCHENV                     = 0x4BB
+	SYS_REWIND                          = 0x04B
+	SYS_SCALBN                          = 0x4D4
+	SYS_SIGNIFIC                        = 0x4D5
+	SYS_SIGNIFICAND                     = 0x4D5
+	SYS___ACOSH_B                       = 0x4DA
+	SYS___ACOS_B                        = 0x4D9
+	SYS___ASINH_B                       = 0x4BE
+	SYS___ASIN_B                        = 0x4DB
+	SYS___ATAN2_B                       = 0x4DC
+	SYS___ATANH_B                       = 0x4DD
+	SYS___ATAN_B                        = 0x4BF
+	SYS___CBRT_B                        = 0x4C0
+	SYS___CEIL_B                        = 0x4C1
+	SYS___COSH_B                        = 0x4DE
+	SYS___COS_B                         = 0x4C3
+	SYS___DGHT                          = 0x4A8
+	SYS___ENVN                          = 0x4B0
+	SYS___ERFC_B                        = 0x4C5
+	SYS___ERF_B                         = 0x4C4
+	SYS___EXPM1_B                       = 0x4C6
+	SYS___EXP_B                         = 0x4DF
+	SYS___FABS_B                        = 0x4C7
+	SYS___FLOOR_B                       = 0x4C9
+	SYS___FMOD_B                        = 0x4E0
+	SYS___FP_SETMODE                    = 0x4F8
+	SYS___FREXP_B                       = 0x4CA
+	SYS___GAMMA_B                       = 0x4E1
+	SYS___GDRR                          = 0x4A1
+	SYS___HRRNO                         = 0x4A2
+	SYS___HYPOT_B                       = 0x4E3
+	SYS___ILOGB_B                       = 0x4CB
+	SYS___ISNAN_B                       = 0x4CC
+	SYS___J0_B                          = 0x4E4
+	SYS___J1_B                          = 0x4E6
+	SYS___JN_B                          = 0x4E8
+	SYS___LDEXP_B                       = 0x4CD
+	SYS___LGAMMA_B                      = 0x4EA
+	SYS___LOG10_B                       = 0x4ED
+	SYS___LOG1P_B                       = 0x4CE
+	SYS___LOGB_B                        = 0x4CF
+	SYS___LOGIN                         = 0x4F5
+	SYS___LOG_B                         = 0x4EC
+	SYS___MLOCKALL                      = 0x4B1
+	SYS___MODF_B                        = 0x4D1
+	SYS___NEXTAFTER_B                   = 0x4D2
+	SYS___OPENDIR2                      = 0x4F3
+	SYS___OPEN_STAT                     = 0x4F6
+	SYS___OPND                          = 0x4A5
+	SYS___OPPT                          = 0x4A6
+	SYS___OPRG                          = 0x4A3
+	SYS___OPRR                          = 0x4A4
+	SYS___PID_AFFINITY                  = 0x4BD
+	SYS___POW_B                         = 0x4EE
+	SYS___READDIR2                      = 0x4F4
+	SYS___REMAINDER_B                   = 0x4EF
+	SYS___RINT_B                        = 0x4D3
+	SYS___SCALB_B                       = 0x4F0
+	SYS___SIGACTIONSET                  = 0x4FB
+	SYS___SIGGM                         = 0x4A7
+	SYS___SINH_B                        = 0x4F1
+	SYS___SIN_B                         = 0x4D6
+	SYS___SQRT_B                        = 0x4F2
+	SYS___TANH_B                        = 0x4D8
+	SYS___TAN_B                         = 0x4D7
+	SYS___TRRNO                         = 0x4AF
+	SYS___TZNE                          = 0x4A9
+	SYS___TZZN                          = 0x4AA
+	SYS___UCREATE                       = 0x4FC
+	SYS___UFREE                         = 0x4FE
+	SYS___UHEAPREPORT                   = 0x4FF
+	SYS___UMALLOC                       = 0x4FD
+	SYS___Y0_B                          = 0x4E5
+	SYS___Y1_B                          = 0x4E7
+	SYS___YN_B                          = 0x4E9
+	SYS_ABORT                           = 0x05C
+	SYS_ASCTIME_R                       = 0x5E0
+	SYS_ATEXIT                          = 0x05D
+	SYS_CONNECTE                        = 0x5AE
+	SYS_CONNECTEXPORTIMPORT             = 0x5AE
+	SYS_CTIME_R                         = 0x5E1
+	SYS_DN_COMP                         = 0x5DF
+	SYS_DN_EXPAND                       = 0x5DD
+	SYS_DN_SKIPNAME                     = 0x5DE
+	SYS_EXIT                            = 0x05A
+	SYS_EXPORTWO                        = 0x5A1
+	SYS_EXPORTWORKUNIT                  = 0x5A1
+	SYS_EXTRACTW                        = 0x5A5
+	SYS_EXTRACTWORKUNIT                 = 0x5A5
+	SYS_FSEEKO                          = 0x5C9
+	SYS_FTELLO                          = 0x5C8
+	SYS_GETGRGID_R                      = 0x5E7
+	SYS_GETGRNAM_R                      = 0x5E8
+	SYS_GETLOGIN_R                      = 0x5E9
+	SYS_GETPWNAM_R                      = 0x5EA
+	SYS_GETPWUID_R                      = 0x5EB
+	SYS_GMTIME_R                        = 0x5E2
+	SYS_IMPORTWO                        = 0x5A3
+	SYS_IMPORTWORKUNIT                  = 0x5A3
+	SYS_INET_NTOP                       = 0x5D3
+	SYS_INET_PTON                       = 0x5D4
+	SYS_LLABS                           = 0x5CE
+	SYS_LLDIV                           = 0x5CB
+	SYS_LOCALTIME_R                     = 0x5E3
+	SYS_PTHREAD_ATFORK                  = 0x5ED
+	SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB
+	SYS_PTHREAD_ATTR_GETGUARDSIZE       = 0x5EE
+	SYS_PTHREAD_ATTR_GETSCHEDPARAM      = 0x5F9
+	SYS_PTHREAD_ATTR_GETSTACKADDR       = 0x5EF
+	SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC
+	SYS_PTHREAD_ATTR_SETGUARDSIZE       = 0x5F0
+	SYS_PTHREAD_ATTR_SETSCHEDPARAM      = 0x5FA
+	SYS_PTHREAD_ATTR_SETSTACKADDR       = 0x5F1
+	SYS_PTHREAD_CONDATTR_GETPSHARED     = 0x5F2
+	SYS_PTHREAD_CONDATTR_SETPSHARED     = 0x5F3
+	SYS_PTHREAD_DETACH_U98              = 0x5FD
+	SYS_PTHREAD_GETCONCURRENCY          = 0x5F4
+	SYS_PTHREAD_GETSPECIFIC_U98         = 0x5FE
+	SYS_PTHREAD_KEY_DELETE              = 0x5F5
+	SYS_PTHREAD_SETCANCELSTATE          = 0x5FF
+	SYS_PTHREAD_SETCONCURRENCY          = 0x5F6
+	SYS_PTHREAD_SIGMASK                 = 0x5F7
+	SYS_QUERYENC                        = 0x5AD
+	SYS_QUERYWORKUNITCLASSIFICATION     = 0x5AD
+	SYS_RAISE                           = 0x05E
+	SYS_RAND_R                          = 0x5E4
+	SYS_READDIR_R                       = 0x5E6
+	SYS_REALLOC                         = 0x05B
+	SYS_RES_INIT                        = 0x5D8
+	SYS_RES_MKQUERY                     = 0x5D7
+	SYS_RES_QUERY                       = 0x5D9
+	SYS_RES_QUERYDOMAIN                 = 0x5DC
+	SYS_RES_SEARCH                      = 0x5DA
+	SYS_RES_SEND                        = 0x5DB
+	SYS_SETJMP                          = 0x05F
+	SYS_SIGQUEUE                        = 0x5A9
+	SYS_STRTOK_R                        = 0x5E5
+	SYS_STRTOLL                         = 0x5B0
+	SYS_STRTOULL                        = 0x5B1
+	SYS_TTYNAME_R                       = 0x5EC
+	SYS_UNDOEXPO                        = 0x5A2
+	SYS_UNDOEXPORTWORKUNIT              = 0x5A2
+	SYS_UNDOIMPO                        = 0x5A4
+	SYS_UNDOIMPORTWORKUNIT              = 0x5A4
+	SYS_WCSTOLL                         = 0x5CC
+	SYS_WCSTOULL                        = 0x5CD
+	SYS___ABORT                         = 0x05C
+	SYS___CONSOLE2                      = 0x5D2
+	SYS___CPL                           = 0x5A6
+	SYS___DISCARDDATA                   = 0x5F8
+	SYS___DSA_PREV                      = 0x5B2
+	SYS___EP_FIND                       = 0x5B3
+	SYS___FP_SWAPMODE                   = 0x5AF
+	SYS___GETUSERID                     = 0x5AB
+	SYS___GET_CPUID                     = 0x5B9
+	SYS___GET_SYSTEM_SETTINGS           = 0x5BA
+	SYS___IPDOMAINNAME                  = 0x5AC
+	SYS___MAP_INIT                      = 0x5A7
+	SYS___MAP_SERVICE                   = 0x5A8
+	SYS___MOUNT                         = 0x5AA
+	SYS___MSGRCV_TIMED                  = 0x5B7
+	SYS___RES                           = 0x5D6
+	SYS___SEMOP_TIMED                   = 0x5B8
+	SYS___SERVER_THREADS_QUERY          = 0x5B4
+	SYS_FPRINTF                         = 0x06D
+	SYS_FSCANF                          = 0x06A
+	SYS_PRINTF                          = 0x06F
+	SYS_SETBUF                          = 0x06B
+	SYS_SETVBUF                         = 0x06C
+	SYS_SSCANF                          = 0x06E
+	SYS___CATGETS_A                     = 0x6C0
+	SYS___CHAUDIT_A                     = 0x6F4
+	SYS___CHMOD_A                       = 0x6E8
+	SYS___COLLATE_INIT_A                = 0x6AC
+	SYS___CREAT_A                       = 0x6F6
+	SYS___CTYPE_INIT_A                  = 0x6AF
+	SYS___DLLLOAD_A                     = 0x6DF
+	SYS___DLLQUERYFN_A                  = 0x6E0
+	SYS___DLLQUERYVAR_A                 = 0x6E1
+	SYS___E2A_L                         = 0x6E3
+	SYS___EXECLE_A                      = 0x6A0
+	SYS___EXECLP_A                      = 0x6A4
+	SYS___EXECVE_A                      = 0x6C1
+	SYS___EXECVP_A                      = 0x6C2
+	SYS___EXECV_A                       = 0x6B1
+	SYS___FPRINTF_A                     = 0x6FA
+	SYS___GETADDRINFO_A                 = 0x6BF
+	SYS___GETNAMEINFO_A                 = 0x6C4
+	SYS___GET_WCTYPE_STD_A              = 0x6AE
+	SYS___ICONV_OPEN_A                  = 0x6DE
+	SYS___IF_INDEXTONAME_A              = 0x6DC
+	SYS___IF_NAMETOINDEX_A              = 0x6DB
+	SYS___ISWCTYPE_A                    = 0x6B0
+	SYS___IS_WCTYPE_STD_A               = 0x6B2
+	SYS___LOCALECONV_A                  = 0x6B8
+	SYS___LOCALECONV_STD_A              = 0x6B9
+	SYS___LOCALE_INIT_A                 = 0x6B7
+	SYS___LSTAT_A                       = 0x6EE
+	SYS___LSTAT_O_A                     = 0x6EF
+	SYS___MKDIR_A                       = 0x6E9
+	SYS___MKFIFO_A                      = 0x6EC
+	SYS___MKNOD_A                       = 0x6F0
+	SYS___MONETARY_INIT_A               = 0x6BC
+	SYS___MOUNT_A                       = 0x6F1
+	SYS___NL_CSINFO_A                   = 0x6D6
+	SYS___NL_LANGINFO_A                 = 0x6BA
+	SYS___NL_LNAGINFO_STD_A             = 0x6BB
+	SYS___NL_MONINFO_A                  = 0x6D7
+	SYS___NL_NUMINFO_A                  = 0x6D8
+	SYS___NL_RESPINFO_A                 = 0x6D9
+	SYS___NL_TIMINFO_A                  = 0x6DA
+	SYS___NUMERIC_INIT_A                = 0x6C6
+	SYS___OPEN_A                        = 0x6F7
+	SYS___PRINTF_A                      = 0x6DD
+	SYS___RESP_INIT_A                   = 0x6C7
+	SYS___RPMATCH_A                     = 0x6C8
+	SYS___RPMATCH_C_A                   = 0x6C9
+	SYS___RPMATCH_STD_A                 = 0x6CA
+	SYS___SETLOCALE_A                   = 0x6F9
+	SYS___SPAWNP_A                      = 0x6C5
+	SYS___SPAWN_A                       = 0x6C3
+	SYS___SPRINTF_A                     = 0x6FB
+	SYS___STAT_A                        = 0x6EA
+	SYS___STAT_O_A                      = 0x6EB
+	SYS___STRCOLL_STD_A                 = 0x6A1
+	SYS___STRFMON_A                     = 0x6BD
+	SYS___STRFMON_STD_A                 = 0x6BE
+	SYS___STRFTIME_A                    = 0x6CC
+	SYS___STRFTIME_STD_A                = 0x6CD
+	SYS___STRPTIME_A                    = 0x6CE
+	SYS___STRPTIME_STD_A                = 0x6CF
+	SYS___STRXFRM_A                     = 0x6A2
+	SYS___STRXFRM_C_A                   = 0x6A3
+	SYS___STRXFRM_STD_A                 = 0x6A5
+	SYS___SYNTAX_INIT_A                 = 0x6D4
+	SYS___TIME_INIT_A                   = 0x6CB
+	SYS___TOD_INIT_A                    = 0x6D5
+	SYS___TOWLOWER_A                    = 0x6B3
+	SYS___TOWLOWER_STD_A                = 0x6B4
+	SYS___TOWUPPER_A                    = 0x6B5
+	SYS___TOWUPPER_STD_A                = 0x6B6
+	SYS___UMOUNT_A                      = 0x6F2
+	SYS___VFPRINTF_A                    = 0x6FC
+	SYS___VPRINTF_A                     = 0x6FD
+	SYS___VSPRINTF_A                    = 0x6FE
+	SYS___VSWPRINTF_A                   = 0x6FF
+	SYS___WCSCOLL_A                     = 0x6A6
+	SYS___WCSCOLL_C_A                   = 0x6A7
+	SYS___WCSCOLL_STD_A                 = 0x6A8
+	SYS___WCSFTIME_A                    = 0x6D0
+	SYS___WCSFTIME_STD_A                = 0x6D1
+	SYS___WCSXFRM_A                     = 0x6A9
+	SYS___WCSXFRM_C_A                   = 0x6AA
+	SYS___WCSXFRM_STD_A                 = 0x6AB
+	SYS___WCTYPE_A                      = 0x6AD
+	SYS___W_GETMNTENT_A                 = 0x6F5
+	SYS_____CCSIDTYPE_A                 = 0x6E6
+	SYS_____CHATTR_A                    = 0x6E2
+	SYS_____CSNAMETYPE_A                = 0x6E7
+	SYS_____OPEN_STAT_A                 = 0x6ED
+	SYS_____SPAWN2_A                    = 0x6D2
+	SYS_____SPAWNP2_A                   = 0x6D3
+	SYS_____TOCCSID_A                   = 0x6E4
+	SYS_____TOCSNAME_A                  = 0x6E5
+	SYS_ACL_FREE                        = 0x7FF
+	SYS_ACL_INIT                        = 0x7FE
+	SYS_FWIDE                           = 0x7DF
+	SYS_FWPRINTF                        = 0x7D1
+	SYS_FWRITE                          = 0x07E
+	SYS_FWSCANF                         = 0x7D5
+	SYS_GETCHAR                         = 0x07B
+	SYS_GETS                            = 0x07C
+	SYS_M_CREATE_LAYOUT                 = 0x7C9
+	SYS_M_DESTROY_LAYOUT                = 0x7CA
+	SYS_M_GETVALUES_LAYOUT              = 0x7CB
+	SYS_M_SETVALUES_LAYOUT              = 0x7CC
+	SYS_M_TRANSFORM_LAYOUT              = 0x7CD
+	SYS_M_WTRANSFORM_LAYOUT             = 0x7CE
+	SYS_PREAD                           = 0x7C7
+	SYS_PUTC                            = 0x07D
+	SYS_PUTCHAR                         = 0x07A
+	SYS_PUTS                            = 0x07F
+	SYS_PWRITE                          = 0x7C8
+	SYS_TOWCTRAN                        = 0x7D8
+	SYS_TOWCTRANS                       = 0x7D8
+	SYS_UNATEXIT                        = 0x7B5
+	SYS_VFWPRINT                        = 0x7D3
+	SYS_VFWPRINTF                       = 0x7D3
+	SYS_VWPRINTF                        = 0x7D4
+	SYS_WCTRANS                         = 0x7D7
+	SYS_WPRINTF                         = 0x7D2
+	SYS_WSCANF                          = 0x7D6
+	SYS___ASCTIME_R_A                   = 0x7A1
+	SYS___BASENAME_A                    = 0x7DC
+	SYS___BTOWC_A                       = 0x7E4
+	SYS___CDUMP_A                       = 0x7B7
+	SYS___CEE3DMP_A                     = 0x7B6
+	SYS___CEILF_H                       = 0x7F4
+	SYS___CEILL_H                       = 0x7F5
+	SYS___CEIL_H                        = 0x7EA
+	SYS___CRYPT_A                       = 0x7BE
+	SYS___CSNAP_A                       = 0x7B8
+	SYS___CTEST_A                       = 0x7B9
+	SYS___CTIME_R_A                     = 0x7A2
+	SYS___CTRACE_A                      = 0x7BA
+	SYS___DBM_OPEN_A                    = 0x7E6
+	SYS___DIRNAME_A                     = 0x7DD
+	SYS___FABSF_H                       = 0x7FA
+	SYS___FABSL_H                       = 0x7FB
+	SYS___FABS_H                        = 0x7ED
+	SYS___FGETWC_A                      = 0x7AA
+	SYS___FGETWS_A                      = 0x7AD
+	SYS___FLOORF_H                      = 0x7F6
+	SYS___FLOORL_H                      = 0x7F7
+	SYS___FLOOR_H                       = 0x7EB
+	SYS___FPUTWC_A                      = 0x7A5
+	SYS___FPUTWS_A                      = 0x7A8
+	SYS___GETTIMEOFDAY_A                = 0x7AE
+	SYS___GETWCHAR_A                    = 0x7AC
+	SYS___GETWC_A                       = 0x7AB
+	SYS___GLOB_A                        = 0x7DE
+	SYS___GMTIME_A                      = 0x7AF
+	SYS___GMTIME_R_A                    = 0x7B0
+	SYS___INET_PTON_A                   = 0x7BC
+	SYS___J0_H                          = 0x7EE
+	SYS___J1_H                          = 0x7EF
+	SYS___JN_H                          = 0x7F0
+	SYS___LOCALTIME_A                   = 0x7B1
+	SYS___LOCALTIME_R_A                 = 0x7B2
+	SYS___MALLOC24                      = 0x7FC
+	SYS___MALLOC31                      = 0x7FD
+	SYS___MKTIME_A                      = 0x7B3
+	SYS___MODFF_H                       = 0x7F8
+	SYS___MODFL_H                       = 0x7F9
+	SYS___MODF_H                        = 0x7EC
+	SYS___OPENDIR_A                     = 0x7C2
+	SYS___OSNAME                        = 0x7E0
+	SYS___PUTWCHAR_A                    = 0x7A7
+	SYS___PUTWC_A                       = 0x7A6
+	SYS___READDIR_A                     = 0x7C3
+	SYS___STRTOLL_A                     = 0x7A3
+	SYS___STRTOULL_A                    = 0x7A4
+	SYS___SYSLOG_A                      = 0x7BD
+	SYS___TZZNA                         = 0x7B4
+	SYS___UNGETWC_A                     = 0x7A9
+	SYS___UTIME_A                       = 0x7A0
+	SYS___VFPRINTF2_A                   = 0x7E7
+	SYS___VPRINTF2_A                    = 0x7E8
+	SYS___VSPRINTF2_A                   = 0x7E9
+	SYS___VSWPRNTF2_A                   = 0x7BB
+	SYS___WCSTOD_A                      = 0x7D9
+	SYS___WCSTOL_A                      = 0x7DA
+	SYS___WCSTOUL_A                     = 0x7DB
+	SYS___WCTOB_A                       = 0x7E5
+	SYS___Y0_H                          = 0x7F1
+	SYS___Y1_H                          = 0x7F2
+	SYS___YN_H                          = 0x7F3
+	SYS_____OPENDIR2_A                  = 0x7BF
+	SYS_____OSNAME_A                    = 0x7E1
+	SYS_____READDIR2_A                  = 0x7C0
+	SYS_DLCLOSE                         = 0x8DF
+	SYS_DLERROR                         = 0x8E0
+	SYS_DLOPEN                          = 0x8DD
+	SYS_DLSYM                           = 0x8DE
+	SYS_FLOCKFILE                       = 0x8D3
+	SYS_FTRYLOCKFILE                    = 0x8D4
+	SYS_FUNLOCKFILE                     = 0x8D5
+	SYS_GETCHAR_UNLOCKED                = 0x8D7
+	SYS_GETC_UNLOCKED                   = 0x8D6
+	SYS_PUTCHAR_UNLOCKED                = 0x8D9
+	SYS_PUTC_UNLOCKED                   = 0x8D8
+	SYS_SNPRINTF                        = 0x8DA
+	SYS_VSNPRINTF                       = 0x8DB
+	SYS_WCSCSPN                         = 0x08B
+	SYS_WCSLEN                          = 0x08C
+	SYS_WCSNCAT                         = 0x08D
+	SYS_WCSNCMP                         = 0x08A
+	SYS_WCSNCPY                         = 0x08F
+	SYS_WCSSPN                          = 0x08E
+	SYS___ABSF_H                        = 0x8E7
+	SYS___ABSL_H                        = 0x8E8
+	SYS___ABS_H                         = 0x8E6
+	SYS___ACOSF_H                       = 0x8EA
+	SYS___ACOSH_H                       = 0x8EC
+	SYS___ACOSL_H                       = 0x8EB
+	SYS___ACOS_H                        = 0x8E9
+	SYS___ASINF_H                       = 0x8EE
+	SYS___ASINH_H                       = 0x8F0
+	SYS___ASINL_H                       = 0x8EF
+	SYS___ASIN_H                        = 0x8ED
+	SYS___ATAN2F_H                      = 0x8F8
+	SYS___ATAN2L_H                      = 0x8F9
+	SYS___ATAN2_H                       = 0x8F7
+	SYS___ATANF_H                       = 0x8F2
+	SYS___ATANHF_H                      = 0x8F5
+	SYS___ATANHL_H                      = 0x8F6
+	SYS___ATANH_H                       = 0x8F4
+	SYS___ATANL_H                       = 0x8F3
+	SYS___ATAN_H                        = 0x8F1
+	SYS___CBRT_H                        = 0x8FA
+	SYS___COPYSIGNF_H                   = 0x8FB
+	SYS___COPYSIGNL_H                   = 0x8FC
+	SYS___COSF_H                        = 0x8FE
+	SYS___COSL_H                        = 0x8FF
+	SYS___COS_H                         = 0x8FD
+	SYS___DLERROR_A                     = 0x8D2
+	SYS___DLOPEN_A                      = 0x8D0
+	SYS___DLSYM_A                       = 0x8D1
+	SYS___GETUTXENT_A                   = 0x8C6
+	SYS___GETUTXID_A                    = 0x8C7
+	SYS___GETUTXLINE_A                  = 0x8C8
+	SYS___ITOA                          = 0x8AA
+	SYS___ITOA_A                        = 0x8B0
+	SYS___LE_CONDITION_TOKEN_BUILD      = 0x8A5
+	SYS___LE_MSG_ADD_INSERT             = 0x8A6
+	SYS___LE_MSG_GET                    = 0x8A7
+	SYS___LE_MSG_GET_AND_WRITE          = 0x8A8
+	SYS___LE_MSG_WRITE                  = 0x8A9
+	SYS___LLTOA                         = 0x8AE
+	SYS___LLTOA_A                       = 0x8B4
+	SYS___LTOA                          = 0x8AC
+	SYS___LTOA_A                        = 0x8B2
+	SYS___PUTCHAR_UNLOCKED_A            = 0x8CC
+	SYS___PUTC_UNLOCKED_A               = 0x8CB
+	SYS___PUTUTXLINE_A                  = 0x8C9
+	SYS___RESET_EXCEPTION_HANDLER       = 0x8E3
+	SYS___REXEC_A                       = 0x8C4
+	SYS___REXEC_AF_A                    = 0x8C5
+	SYS___SET_EXCEPTION_HANDLER         = 0x8E2
+	SYS___SNPRINTF_A                    = 0x8CD
+	SYS___SUPERKILL                     = 0x8A4
+	SYS___TCGETATTR_A                   = 0x8A1
+	SYS___TCSETATTR_A                   = 0x8A2
+	SYS___ULLTOA                        = 0x8AF
+	SYS___ULLTOA_A                      = 0x8B5
+	SYS___ULTOA                         = 0x8AD
+	SYS___ULTOA_A                       = 0x8B3
+	SYS___UTOA                          = 0x8AB
+	SYS___UTOA_A                        = 0x8B1
+	SYS___VHM_EVENT                     = 0x8E4
+	SYS___VSNPRINTF_A                   = 0x8CE
+	SYS_____GETENV_A                    = 0x8C3
+	SYS_____UTMPXNAME_A                 = 0x8CA
+	SYS_CACOSH                          = 0x9A0
+	SYS_CACOSHF                         = 0x9A3
+	SYS_CACOSHL                         = 0x9A6
+	SYS_CARG                            = 0x9A9
+	SYS_CARGF                           = 0x9AC
+	SYS_CARGL                           = 0x9AF
+	SYS_CASIN                           = 0x9B2
+	SYS_CASINF                          = 0x9B5
+	SYS_CASINH                          = 0x9BB
+	SYS_CASINHF                         = 0x9BE
+	SYS_CASINHL                         = 0x9C1
+	SYS_CASINL                          = 0x9B8
+	SYS_CATAN                           = 0x9C4
+	SYS_CATANF                          = 0x9C7
+	SYS_CATANH                          = 0x9CD
+	SYS_CATANHF                         = 0x9D0
+	SYS_CATANHL                         = 0x9D3
+	SYS_CATANL                          = 0x9CA
+	SYS_CCOS                            = 0x9D6
+	SYS_CCOSF                           = 0x9D9
+	SYS_CCOSH                           = 0x9DF
+	SYS_CCOSHF                          = 0x9E2
+	SYS_CCOSHL                          = 0x9E5
+	SYS_CCOSL                           = 0x9DC
+	SYS_CEXP                            = 0x9E8
+	SYS_CEXPF                           = 0x9EB
+	SYS_CEXPL                           = 0x9EE
+	SYS_CIMAG                           = 0x9F1
+	SYS_CIMAGF                          = 0x9F4
+	SYS_CIMAGL                          = 0x9F7
+	SYS_CLOGF                           = 0x9FD
+	SYS_MEMCHR                          = 0x09B
+	SYS_MEMCMP                          = 0x09A
+	SYS_STRCOLL                         = 0x09C
+	SYS_STRNCMP                         = 0x09D
+	SYS_STRRCHR                         = 0x09F
+	SYS_STRXFRM                         = 0x09E
+	SYS___CACOSHF_B                     = 0x9A4
+	SYS___CACOSHF_H                     = 0x9A5
+	SYS___CACOSHL_B                     = 0x9A7
+	SYS___CACOSHL_H                     = 0x9A8
+	SYS___CACOSH_B                      = 0x9A1
+	SYS___CACOSH_H                      = 0x9A2
+	SYS___CARGF_B                       = 0x9AD
+	SYS___CARGF_H                       = 0x9AE
+	SYS___CARGL_B                       = 0x9B0
+	SYS___CARGL_H                       = 0x9B1
+	SYS___CARG_B                        = 0x9AA
+	SYS___CARG_H                        = 0x9AB
+	SYS___CASINF_B                      = 0x9B6
+	SYS___CASINF_H                      = 0x9B7
+	SYS___CASINHF_B                     = 0x9BF
+	SYS___CASINHF_H                     = 0x9C0
+	SYS___CASINHL_B                     = 0x9C2
+	SYS___CASINHL_H                     = 0x9C3
+	SYS___CASINH_B                      = 0x9BC
+	SYS___CASINH_H                      = 0x9BD
+	SYS___CASINL_B                      = 0x9B9
+	SYS___CASINL_H                      = 0x9BA
+	SYS___CASIN_B                       = 0x9B3
+	SYS___CASIN_H                       = 0x9B4
+	SYS___CATANF_B                      = 0x9C8
+	SYS___CATANF_H                      = 0x9C9
+	SYS___CATANHF_B                     = 0x9D1
+	SYS___CATANHF_H                     = 0x9D2
+	SYS___CATANHL_B                     = 0x9D4
+	SYS___CATANHL_H                     = 0x9D5
+	SYS___CATANH_B                      = 0x9CE
+	SYS___CATANH_H                      = 0x9CF
+	SYS___CATANL_B                      = 0x9CB
+	SYS___CATANL_H                      = 0x9CC
+	SYS___CATAN_B                       = 0x9C5
+	SYS___CATAN_H                       = 0x9C6
+	SYS___CCOSF_B                       = 0x9DA
+	SYS___CCOSF_H                       = 0x9DB
+	SYS___CCOSHF_B                      = 0x9E3
+	SYS___CCOSHF_H                      = 0x9E4
+	SYS___CCOSHL_B                      = 0x9E6
+	SYS___CCOSHL_H                      = 0x9E7
+	SYS___CCOSH_B                       = 0x9E0
+	SYS___CCOSH_H                       = 0x9E1
+	SYS___CCOSL_B                       = 0x9DD
+	SYS___CCOSL_H                       = 0x9DE
+	SYS___CCOS_B                        = 0x9D7
+	SYS___CCOS_H                        = 0x9D8
+	SYS___CEXPF_B                       = 0x9EC
+	SYS___CEXPF_H                       = 0x9ED
+	SYS___CEXPL_B                       = 0x9EF
+	SYS___CEXPL_H                       = 0x9F0
+	SYS___CEXP_B                        = 0x9E9
+	SYS___CEXP_H                        = 0x9EA
+	SYS___CIMAGF_B                      = 0x9F5
+	SYS___CIMAGF_H                      = 0x9F6
+	SYS___CIMAGL_B                      = 0x9F8
+	SYS___CIMAGL_H                      = 0x9F9
+	SYS___CIMAG_B                       = 0x9F2
+	SYS___CIMAG_H                       = 0x9F3
+	SYS___CLOG                          = 0x9FA
+	SYS___CLOGF_B                       = 0x9FE
+	SYS___CLOGF_H                       = 0x9FF
+	SYS___CLOG_B                        = 0x9FB
+	SYS___CLOG_H                        = 0x9FC
+	SYS_ISWCTYPE                        = 0x10C
+	SYS_ISWXDIGI                        = 0x10A
+	SYS_ISWXDIGIT                       = 0x10A
+	SYS_MBSINIT                         = 0x10F
+	SYS_TOWLOWER                        = 0x10D
+	SYS_TOWUPPER                        = 0x10E
+	SYS_WCTYPE                          = 0x10B
+	SYS_WCSSTR                          = 0x11B
+	SYS___RPMTCH                        = 0x11A
+	SYS_WCSTOD                          = 0x12E
+	SYS_WCSTOK                          = 0x12C
+	SYS_WCSTOL                          = 0x12D
+	SYS_WCSTOUL                         = 0x12F
+	SYS_FGETWC                          = 0x13C
+	SYS_FGETWS                          = 0x13D
+	SYS_FPUTWC                          = 0x13E
+	SYS_FPUTWS                          = 0x13F
+	SYS_REGERROR                        = 0x13B
+	SYS_REGFREE                         = 0x13A
+	SYS_COLLEQUIV                       = 0x14F
+	SYS_COLLTOSTR                       = 0x14E
+	SYS_ISMCCOLLEL                      = 0x14C
+	SYS_STRTOCOLL                       = 0x14D
+	SYS_DLLFREE                         = 0x16F
+	SYS_DLLQUERYFN                      = 0x16D
+	SYS_DLLQUERYVAR                     = 0x16E
+	SYS_GETMCCOLL                       = 0x16A
+	SYS_GETWMCCOLL                      = 0x16B
+	SYS___ERR2AD                        = 0x16C
+	SYS_CFSETOSPEED                     = 0x17A
+	SYS_CHDIR                           = 0x17B
+	SYS_CHMOD                           = 0x17C
+	SYS_CHOWN                           = 0x17D
+	SYS_CLOSE                           = 0x17E
+	SYS_CLOSEDIR                        = 0x17F
+	SYS_LOG                             = 0x017
+	SYS_COSH                            = 0x018
+	SYS_FCHMOD                          = 0x18A
+	SYS_FCHOWN                          = 0x18B
+	SYS_FCNTL                           = 0x18C
+	SYS_FILENO                          = 0x18D
+	SYS_FORK                            = 0x18E
+	SYS_FPATHCONF                       = 0x18F
+	SYS_GETLOGIN                        = 0x19A
+	SYS_GETPGRP                         = 0x19C
+	SYS_GETPID                          = 0x19D
+	SYS_GETPPID                         = 0x19E
+	SYS_GETPWNAM                        = 0x19F
+	SYS_TANH                            = 0x019
+	SYS_W_GETMNTENT                     = 0x19B
+	SYS_POW                             = 0x020
+	SYS_PTHREAD_SELF                    = 0x20A
+	SYS_PTHREAD_SETINTR                 = 0x20B
+	SYS_PTHREAD_SETINTRTYPE             = 0x20C
+	SYS_PTHREAD_SETSPECIFIC             = 0x20D
+	SYS_PTHREAD_TESTINTR                = 0x20E
+	SYS_PTHREAD_YIELD                   = 0x20F
+	SYS_SQRT                            = 0x021
+	SYS_FLOOR                           = 0x022
+	SYS_J1                              = 0x023
+	SYS_WCSPBRK                         = 0x23F
+	SYS_BSEARCH                         = 0x24C
+	SYS_FABS                            = 0x024
+	SYS_GETENV                          = 0x24A
+	SYS_LDIV                            = 0x24D
+	SYS_SYSTEM                          = 0x24B
+	SYS_FMOD                            = 0x025
+	SYS___RETHROW                       = 0x25F
+	SYS___THROW                         = 0x25E
+	SYS_J0                              = 0x026
+	SYS_PUTENV                          = 0x26A
+	SYS___GETENV                        = 0x26F
+	SYS_SEMCTL                          = 0x27A
+	SYS_SEMGET                          = 0x27B
+	SYS_SEMOP                           = 0x27C
+	SYS_SHMAT                           = 0x27D
+	SYS_SHMCTL                          = 0x27E
+	SYS_SHMDT                           = 0x27F
+	SYS_YN                              = 0x027
+	SYS_JN                              = 0x028
+	SYS_SIGALTSTACK                     = 0x28A
+	SYS_SIGHOLD                         = 0x28B
+	SYS_SIGIGNORE                       = 0x28C
+	SYS_SIGINTERRUPT                    = 0x28D
+	SYS_SIGPAUSE                        = 0x28E
+	SYS_SIGRELSE                        = 0x28F
+	SYS_GETOPT                          = 0x29A
+	SYS_GETSUBOPT                       = 0x29D
+	SYS_LCHOWN                          = 0x29B
+	SYS_SETPGRP                         = 0x29E
+	SYS_TRUNCATE                        = 0x29C
+	SYS_Y0                              = 0x029
+	SYS___GDERR                         = 0x29F
+	SYS_ISALPHA                         = 0x030
+	SYS_VFORK                           = 0x30F
+	SYS__LONGJMP                        = 0x30D
+	SYS__SETJMP                         = 0x30E
+	SYS_GLOB                            = 0x31A
+	SYS_GLOBFREE                        = 0x31B
+	SYS_ISALNUM                         = 0x031
+	SYS_PUTW                            = 0x31C
+	SYS_SEEKDIR                         = 0x31D
+	SYS_TELLDIR                         = 0x31E
+	SYS_TEMPNAM                         = 0x31F
+	SYS_GETTIMEOFDAY_R                  = 0x32E
+	SYS_ISLOWER                         = 0x032
+	SYS_LGAMMA                          = 0x32C
+	SYS_REMAINDER                       = 0x32A
+	SYS_SCALB                           = 0x32B
+	SYS_SYNC                            = 0x32F
+	SYS_TTYSLOT                         = 0x32D
+	SYS_ENDPROTOENT                     = 0x33A
+	SYS_ENDSERVENT                      = 0x33B
+	SYS_GETHOSTBYADDR                   = 0x33D
+	SYS_GETHOSTBYADDR_R                 = 0x33C
+	SYS_GETHOSTBYNAME                   = 0x33F
+	SYS_GETHOSTBYNAME_R                 = 0x33E
+	SYS_ISCNTRL                         = 0x033
+	SYS_GETSERVBYNAME                   = 0x34A
+	SYS_GETSERVBYPORT                   = 0x34B
+	SYS_GETSERVENT                      = 0x34C
+	SYS_GETSOCKNAME                     = 0x34D
+	SYS_GETSOCKOPT                      = 0x34E
+	SYS_INET_ADDR                       = 0x34F
+	SYS_ISDIGIT                         = 0x034
+	SYS_ISGRAPH                         = 0x035
+	SYS_SELECT                          = 0x35B
+	SYS_SELECTEX                        = 0x35C
+	SYS_SEND                            = 0x35D
+	SYS_SENDTO                          = 0x35F
+	SYS_CHROOT                          = 0x36A
+	SYS_ISNAN                           = 0x36D
+	SYS_ISUPPER                         = 0x036
+	SYS_ULIMIT                          = 0x36C
+	SYS_UTIMES                          = 0x36E
+	SYS_W_STATVFS                       = 0x36B
+	SYS___H_ERRNO                       = 0x36F
+	SYS_GRANTPT                         = 0x37A
+	SYS_ISPRINT                         = 0x037
+	SYS_TCGETSID                        = 0x37C
+	SYS_UNLOCKPT                        = 0x37B
+	SYS___TCGETCP                       = 0x37D
+	SYS___TCSETCP                       = 0x37E
+	SYS___TCSETTABLES                   = 0x37F
+	SYS_ISPUNCT                         = 0x038
+	SYS_NLIST                           = 0x38C
+	SYS___IPDBCS                        = 0x38D
+	SYS___IPDSPX                        = 0x38E
+	SYS___IPMSGC                        = 0x38F
+	SYS___STHOSTENT                     = 0x38B
+	SYS___STSERVENT                     = 0x38A
+	SYS_ISSPACE                         = 0x039
+	SYS_COS                             = 0x040
+	SYS_T_ALLOC                         = 0x40A
+	SYS_T_BIND                          = 0x40B
+	SYS_T_CLOSE                         = 0x40C
+	SYS_T_CONNECT                       = 0x40D
+	SYS_T_ERROR                         = 0x40E
+	SYS_T_FREE                          = 0x40F
+	SYS_TAN                             = 0x041
+	SYS_T_RCVREL                        = 0x41A
+	SYS_T_RCVUDATA                      = 0x41B
+	SYS_T_RCVUDERR                      = 0x41C
+	SYS_T_SND                           = 0x41D
+	SYS_T_SNDDIS                        = 0x41E
+	SYS_T_SNDREL                        = 0x41F
+	SYS_GETPMSG                         = 0x42A
+	SYS_ISASTREAM                       = 0x42B
+	SYS_PUTMSG                          = 0x42C
+	SYS_PUTPMSG                         = 0x42D
+	SYS_SINH                            = 0x042
+	SYS___ISPOSIXON                     = 0x42E
+	SYS___OPENMVSREL                    = 0x42F
+	SYS_ACOS                            = 0x043
+	SYS_ATAN                            = 0x044
+	SYS_ATAN2                           = 0x045
+	SYS_FTELL                           = 0x046
+	SYS_FGETPOS                         = 0x047
+	SYS_SOCK_DEBUG                      = 0x47A
+	SYS_SOCK_DO_TESTSTOR                = 0x47D
+	SYS_TAKESOCKET                      = 0x47E
+	SYS___SERVER_INIT                   = 0x47F
+	SYS_FSEEK                           = 0x048
+	SYS___IPHOST                        = 0x48B
+	SYS___IPNODE                        = 0x48C
+	SYS___SERVER_CLASSIFY_CREATE        = 0x48D
+	SYS___SERVER_CLASSIFY_DESTROY       = 0x48E
+	SYS___SERVER_CLASSIFY_RESET         = 0x48F
+	SYS___SMF_RECORD                    = 0x48A
+	SYS_FSETPOS                         = 0x049
+	SYS___FNWSA                         = 0x49B
+	SYS___SPAWN2                        = 0x49D
+	SYS___SPAWNP2                       = 0x49E
+	SYS_ATOF                            = 0x050
+	SYS_PTHREAD_MUTEXATTR_GETPSHARED    = 0x50A
+	SYS_PTHREAD_MUTEXATTR_SETPSHARED    = 0x50B
+	SYS_PTHREAD_RWLOCK_DESTROY          = 0x50C
+	SYS_PTHREAD_RWLOCK_INIT             = 0x50D
+	SYS_PTHREAD_RWLOCK_RDLOCK           = 0x50E
+	SYS_PTHREAD_RWLOCK_TRYRDLOCK        = 0x50F
+	SYS_ATOI                            = 0x051
+	SYS___FP_CLASS                      = 0x51D
+	SYS___FP_CLR_FLAG                   = 0x51A
+	SYS___FP_FINITE                     = 0x51E
+	SYS___FP_ISNAN                      = 0x51F
+	SYS___FP_RAISE_XCP                  = 0x51C
+	SYS___FP_READ_FLAG                  = 0x51B
+	SYS_RAND                            = 0x052
+	SYS_SIGTIMEDWAIT                    = 0x52D
+	SYS_SIGWAITINFO                     = 0x52E
+	SYS___CHKBFP                        = 0x52F
+	SYS___FPC_RS                        = 0x52C
+	SYS___FPC_RW                        = 0x52A
+	SYS___FPC_SM                        = 0x52B
+	SYS_STRTOD                          = 0x053
+	SYS_STRTOL                          = 0x054
+	SYS_STRTOUL                         = 0x055
+	SYS_MALLOC                          = 0x056
+	SYS_SRAND                           = 0x057
+	SYS_CALLOC                          = 0x058
+	SYS_FREE                            = 0x059
+	SYS___OSENV                         = 0x59F
+	SYS___W_PIOCTL                      = 0x59E
+	SYS_LONGJMP                         = 0x060
+	SYS___FLOORF_B                      = 0x60A
+	SYS___FLOORL_B                      = 0x60B
+	SYS___FREXPF_B                      = 0x60C
+	SYS___FREXPL_B                      = 0x60D
+	SYS___LDEXPF_B                      = 0x60E
+	SYS___LDEXPL_B                      = 0x60F
+	SYS_SIGNAL                          = 0x061
+	SYS___ATAN2F_B                      = 0x61A
+	SYS___ATAN2L_B                      = 0x61B
+	SYS___COSHF_B                       = 0x61C
+	SYS___COSHL_B                       = 0x61D
+	SYS___EXPF_B                        = 0x61E
+	SYS___EXPL_B                        = 0x61F
+	SYS_TMPNAM                          = 0x062
+	SYS___ABSF_B                        = 0x62A
+	SYS___ABSL_B                        = 0x62C
+	SYS___ABS_B                         = 0x62B
+	SYS___FMODF_B                       = 0x62D
+	SYS___FMODL_B                       = 0x62E
+	SYS___MODFF_B                       = 0x62F
+	SYS_ATANL                           = 0x63A
+	SYS_CEILF                           = 0x63B
+	SYS_CEILL                           = 0x63C
+	SYS_COSF                            = 0x63D
+	SYS_COSHF                           = 0x63F
+	SYS_COSL                            = 0x63E
+	SYS_REMOVE                          = 0x063
+	SYS_POWL                            = 0x64A
+	SYS_RENAME                          = 0x064
+	SYS_SINF                            = 0x64B
+	SYS_SINHF                           = 0x64F
+	SYS_SINL                            = 0x64C
+	SYS_SQRTF                           = 0x64D
+	SYS_SQRTL                           = 0x64E
+	SYS_BTOWC                           = 0x65F
+	SYS_FREXPL                          = 0x65A
+	SYS_LDEXPF                          = 0x65B
+	SYS_LDEXPL                          = 0x65C
+	SYS_MODFF                           = 0x65D
+	SYS_MODFL                           = 0x65E
+	SYS_TMPFILE                         = 0x065
+	SYS_FREOPEN                         = 0x066
+	SYS___CHARMAP_INIT_A                = 0x66E
+	SYS___GETHOSTBYADDR_R_A             = 0x66C
+	SYS___GETHOSTBYNAME_A               = 0x66A
+	SYS___GETHOSTBYNAME_R_A             = 0x66D
+	SYS___MBLEN_A                       = 0x66F
+	SYS___RES_INIT_A                    = 0x66B
+	SYS_FCLOSE                          = 0x067
+	SYS___GETGRGID_R_A                  = 0x67D
+	SYS___WCSTOMBS_A                    = 0x67A
+	SYS___WCSTOMBS_STD_A                = 0x67B
+	SYS___WCSWIDTH_A                    = 0x67C
+	SYS___WCSWIDTH_ASIA                 = 0x67F
+	SYS___WCSWIDTH_STD_A                = 0x67E
+	SYS_FFLUSH                          = 0x068
+	SYS___GETLOGIN_R_A                  = 0x68E
+	SYS___GETPWNAM_R_A                  = 0x68C
+	SYS___GETPWUID_R_A                  = 0x68D
+	SYS___TTYNAME_R_A                   = 0x68F
+	SYS___WCWIDTH_ASIA                  = 0x68B
+	SYS___WCWIDTH_STD_A                 = 0x68A
+	SYS_FOPEN                           = 0x069
+	SYS___REGEXEC_A                     = 0x69A
+	SYS___REGEXEC_STD_A                 = 0x69B
+	SYS___REGFREE_A                     = 0x69C
+	SYS___REGFREE_STD_A                 = 0x69D
+	SYS___STRCOLL_A                     = 0x69E
+	SYS___STRCOLL_C_A                   = 0x69F
+	SYS_SCANF                           = 0x070
+	SYS___A64L_A                        = 0x70C
+	SYS___ECVT_A                        = 0x70D
+	SYS___FCVT_A                        = 0x70E
+	SYS___GCVT_A                        = 0x70F
+	SYS___STRTOUL_A                     = 0x70A
+	SYS_____AE_CORRESTBL_QUERY_A        = 0x70B
+	SYS_SPRINTF                         = 0x071
+	SYS___ACCESS_A                      = 0x71F
+	SYS___CATOPEN_A                     = 0x71E
+	SYS___GETOPT_A                      = 0x71D
+	SYS___REALPATH_A                    = 0x71A
+	SYS___SETENV_A                      = 0x71B
+	SYS___SYSTEM_A                      = 0x71C
+	SYS_FGETC                           = 0x072
+	SYS___GAI_STRERROR_A                = 0x72F
+	SYS___RMDIR_A                       = 0x72A
+	SYS___STATVFS_A                     = 0x72B
+	SYS___SYMLINK_A                     = 0x72C
+	SYS___TRUNCATE_A                    = 0x72D
+	SYS___UNLINK_A                      = 0x72E
+	SYS_VFPRINTF                        = 0x073
+	SYS___ISSPACE_A                     = 0x73A
+	SYS___ISUPPER_A                     = 0x73B
+	SYS___ISWALNUM_A                    = 0x73F
+	SYS___ISXDIGIT_A                    = 0x73C
+	SYS___TOLOWER_A                     = 0x73D
+	SYS___TOUPPER_A                     = 0x73E
+	SYS_VPRINTF                         = 0x074
+	SYS___CONFSTR_A                     = 0x74B
+	SYS___FDOPEN_A                      = 0x74E
+	SYS___FLDATA_A                      = 0x74F
+	SYS___FTOK_A                        = 0x74C
+	SYS___ISWXDIGIT_A                   = 0x74A
+	SYS___MKTEMP_A                      = 0x74D
+	SYS_VSPRINTF                        = 0x075
+	SYS___GETGRGID_A                    = 0x75A
+	SYS___GETGRNAM_A                    = 0x75B
+	SYS___GETGROUPSBYNAME_A             = 0x75C
+	SYS___GETHOSTENT_A                  = 0x75D
+	SYS___GETHOSTNAME_A                 = 0x75E
+	SYS___GETLOGIN_A                    = 0x75F
+	SYS_GETC                            = 0x076
+	SYS___CREATEWORKUNIT_A              = 0x76A
+	SYS___CTERMID_A                     = 0x76B
+	SYS___FMTMSG_A                      = 0x76C
+	SYS___INITGROUPS_A                  = 0x76D
+	SYS___MSGRCV_A                      = 0x76F
+	SYS_____LOGIN_A                     = 0x76E
+	SYS_FGETS                           = 0x077
+	SYS___STRCASECMP_A                  = 0x77B
+	SYS___STRNCASECMP_A                 = 0x77C
+	SYS___TTYNAME_A                     = 0x77D
+	SYS___UNAME_A                       = 0x77E
+	SYS___UTIMES_A                      = 0x77F
+	SYS_____SERVER_PWU_A                = 0x77A
+	SYS_FPUTC                           = 0x078
+	SYS___CREAT_O_A                     = 0x78E
+	SYS___ENVNA                         = 0x78F
+	SYS___FREAD_A                       = 0x78A
+	SYS___FWRITE_A                      = 0x78B
+	SYS___ISASCII                       = 0x78D
+	SYS___OPEN_O_A                      = 0x78C
+	SYS_FPUTS                           = 0x079
+	SYS___ASCTIME_A                     = 0x79C
+	SYS___CTIME_A                       = 0x79D
+	SYS___GETDATE_A                     = 0x79E
+	SYS___GETSERVBYPORT_A               = 0x79A
+	SYS___GETSERVENT_A                  = 0x79B
+	SYS___TZSET_A                       = 0x79F
+	SYS_ACL_FROM_TEXT                   = 0x80C
+	SYS_ACL_SET_FD                      = 0x80A
+	SYS_ACL_SET_FILE                    = 0x80B
+	SYS_ACL_SORT                        = 0x80E
+	SYS_ACL_TO_TEXT                     = 0x80D
+	SYS_UNGETC                          = 0x080
+	SYS___SHUTDOWN_REGISTRATION         = 0x80F
+	SYS_FREAD                           = 0x081
+	SYS_FREEADDRINFO                    = 0x81A
+	SYS_GAI_STRERROR                    = 0x81B
+	SYS_REXEC_AF                        = 0x81C
+	SYS___DYNALLOC_A                    = 0x81F
+	SYS___POE                           = 0x81D
+	SYS_WCSTOMBS                        = 0x082
+	SYS___INET_ADDR_A                   = 0x82F
+	SYS___NLIST_A                       = 0x82A
+	SYS_____TCGETCP_A                   = 0x82B
+	SYS_____TCSETCP_A                   = 0x82C
+	SYS_____W_PIOCTL_A                  = 0x82E
+	SYS_MBTOWC                          = 0x083
+	SYS___CABEND                        = 0x83D
+	SYS___LE_CIB_GET                    = 0x83E
+	SYS___RECVMSG_A                     = 0x83B
+	SYS___SENDMSG_A                     = 0x83A
+	SYS___SET_LAA_FOR_JIT               = 0x83F
+	SYS_____LCHATTR_A                   = 0x83C
+	SYS_WCTOMB                          = 0x084
+	SYS___CBRTL_B                       = 0x84A
+	SYS___COPYSIGNF_B                   = 0x84B
+	SYS___COPYSIGNL_B                   = 0x84C
+	SYS___COTANF_B                      = 0x84D
+	SYS___COTANL_B                      = 0x84F
+	SYS___COTAN_B                       = 0x84E
+	SYS_MBSTOWCS                        = 0x085
+	SYS___LOG1PL_B                      = 0x85A
+	SYS___LOG2F_B                       = 0x85B
+	SYS___LOG2L_B                       = 0x85D
+	SYS___LOG2_B                        = 0x85C
+	SYS___REMAINDERF_B                  = 0x85E
+	SYS___REMAINDERL_B                  = 0x85F
+	SYS_ACOSHF                          = 0x86E
+	SYS_ACOSHL                          = 0x86F
+	SYS_WCSCPY                          = 0x086
+	SYS___ERFCF_B                       = 0x86D
+	SYS___ERFF_B                        = 0x86C
+	SYS___LROUNDF_B                     = 0x86A
+	SYS___LROUND_B                      = 0x86B
+	SYS_COTANL                          = 0x87A
+	SYS_EXP2F                           = 0x87B
+	SYS_EXP2L                           = 0x87C
+	SYS_EXPM1F                          = 0x87D
+	SYS_EXPM1L                          = 0x87E
+	SYS_FDIMF                           = 0x87F
+	SYS_WCSCAT                          = 0x087
+	SYS___COTANL                        = 0x87A
+	SYS_REMAINDERF                      = 0x88A
+	SYS_REMAINDERL                      = 0x88B
+	SYS_REMAINDF                        = 0x88A
+	SYS_REMAINDL                        = 0x88B
+	SYS_REMQUO                          = 0x88D
+	SYS_REMQUOF                         = 0x88C
+	SYS_REMQUOL                         = 0x88E
+	SYS_TGAMMAF                         = 0x88F
+	SYS_WCSCHR                          = 0x088
+	SYS_ERFCF                           = 0x89B
+	SYS_ERFCL                           = 0x89C
+	SYS_ERFL                            = 0x89A
+	SYS_EXP2                            = 0x89E
+	SYS_WCSCMP                          = 0x089
+	SYS___EXP2_B                        = 0x89D
+	SYS___FAR_JUMP                      = 0x89F
+	SYS_ABS                             = 0x090
+	SYS___ERFCL_H                       = 0x90A
+	SYS___EXPF_H                        = 0x90C
+	SYS___EXPL_H                        = 0x90D
+	SYS___EXPM1_H                       = 0x90E
+	SYS___EXP_H                         = 0x90B
+	SYS___FDIM_H                        = 0x90F
+	SYS_DIV                             = 0x091
+	SYS___LOG2F_H                       = 0x91F
+	SYS___LOG2_H                        = 0x91E
+	SYS___LOGB_H                        = 0x91D
+	SYS___LOGF_H                        = 0x91B
+	SYS___LOGL_H                        = 0x91C
+	SYS___LOG_H                         = 0x91A
+	SYS_LABS                            = 0x092
+	SYS___POWL_H                        = 0x92A
+	SYS___REMAINDER_H                   = 0x92B
+	SYS___RINT_H                        = 0x92C
+	SYS___SCALB_H                       = 0x92D
+	SYS___SINF_H                        = 0x92F
+	SYS___SIN_H                         = 0x92E
+	SYS_STRNCPY                         = 0x093
+	SYS___TANHF_H                       = 0x93B
+	SYS___TANHL_H                       = 0x93C
+	SYS___TANH_H                        = 0x93A
+	SYS___TGAMMAF_H                     = 0x93E
+	SYS___TGAMMA_H                      = 0x93D
+	SYS___TRUNC_H                       = 0x93F
+	SYS_MEMCPY                          = 0x094
+	SYS_VFWSCANF                        = 0x94A
+	SYS_VSWSCANF                        = 0x94E
+	SYS_VWSCANF                         = 0x94C
+	SYS_INET6_RTH_ADD                   = 0x95D
+	SYS_INET6_RTH_INIT                  = 0x95C
+	SYS_INET6_RTH_REVERSE               = 0x95E
+	SYS_INET6_RTH_SEGMENTS              = 0x95F
+	SYS_INET6_RTH_SPACE                 = 0x95B
+	SYS_MEMMOVE                         = 0x095
+	SYS_WCSTOLD                         = 0x95A
+	SYS_STRCPY                          = 0x096
+	SYS_STRCMP                          = 0x097
+	SYS_CABS                            = 0x98E
+	SYS_STRCAT                          = 0x098
+	SYS___CABS_B                        = 0x98F
+	SYS___POW_II                        = 0x98A
+	SYS___POW_II_B                      = 0x98B
+	SYS___POW_II_H                      = 0x98C
+	SYS_CACOSF                          = 0x99A
+	SYS_CACOSL                          = 0x99D
+	SYS_STRNCAT                         = 0x099
+	SYS___CACOSF_B                      = 0x99B
+	SYS___CACOSF_H                      = 0x99C
+	SYS___CACOSL_B                      = 0x99E
+	SYS___CACOSL_H                      = 0x99F
+	SYS_ISWALPHA                        = 0x100
+	SYS_ISWBLANK                        = 0x101
+	SYS___ISWBLK                        = 0x101
+	SYS_ISWCNTRL                        = 0x102
+	SYS_ISWDIGIT                        = 0x103
+	SYS_ISWGRAPH                        = 0x104
+	SYS_ISWLOWER                        = 0x105
+	SYS_ISWPRINT                        = 0x106
+	SYS_ISWPUNCT                        = 0x107
+	SYS_ISWSPACE                        = 0x108
+	SYS_ISWUPPER                        = 0x109
+	SYS_WCTOB                           = 0x110
+	SYS_MBRLEN                          = 0x111
+	SYS_MBRTOWC                         = 0x112
+	SYS_MBSRTOWC                        = 0x113
+	SYS_MBSRTOWCS                       = 0x113
+	SYS_WCRTOMB                         = 0x114
+	SYS_WCSRTOMB                        = 0x115
+	SYS_WCSRTOMBS                       = 0x115
+	SYS___CSID                          = 0x116
+	SYS___WCSID                         = 0x117
+	SYS_STRPTIME                        = 0x118
+	SYS___STRPTM                        = 0x118
+	SYS_STRFMON                         = 0x119
+	SYS_WCSCOLL                         = 0x130
+	SYS_WCSXFRM                         = 0x131
+	SYS_WCSWIDTH                        = 0x132
+	SYS_WCWIDTH                         = 0x133
+	SYS_WCSFTIME                        = 0x134
+	SYS_SWPRINTF                        = 0x135
+	SYS_VSWPRINT                        = 0x136
+	SYS_VSWPRINTF                       = 0x136
+	SYS_SWSCANF                         = 0x137
+	SYS_REGCOMP                         = 0x138
+	SYS_REGEXEC                         = 0x139
+	SYS_GETWC                           = 0x140
+	SYS_GETWCHAR                        = 0x141
+	SYS_PUTWC                           = 0x142
+	SYS_PUTWCHAR                        = 0x143
+	SYS_UNGETWC                         = 0x144
+	SYS_ICONV_OPEN                      = 0x145
+	SYS_ICONV                           = 0x146
+	SYS_ICONV_CLOSE                     = 0x147
+	SYS_COLLRANGE                       = 0x150
+	SYS_CCLASS                          = 0x151
+	SYS_COLLORDER                       = 0x152
+	SYS___DEMANGLE                      = 0x154
+	SYS_FDOPEN                          = 0x155
+	SYS___ERRNO                         = 0x156
+	SYS___ERRNO2                        = 0x157
+	SYS___TERROR                        = 0x158
+	SYS_MAXCOLL                         = 0x169
+	SYS_DLLLOAD                         = 0x170
+	SYS__EXIT                           = 0x174
+	SYS_ACCESS                          = 0x175
+	SYS_ALARM                           = 0x176
+	SYS_CFGETISPEED                     = 0x177
+	SYS_CFGETOSPEED                     = 0x178
+	SYS_CFSETISPEED                     = 0x179
+	SYS_CREAT                           = 0x180
+	SYS_CTERMID                         = 0x181
+	SYS_DUP                             = 0x182
+	SYS_DUP2                            = 0x183
+	SYS_EXECL                           = 0x184
+	SYS_EXECLE                          = 0x185
+	SYS_EXECLP                          = 0x186
+	SYS_EXECV                           = 0x187
+	SYS_EXECVE                          = 0x188
+	SYS_EXECVP                          = 0x189
+	SYS_FSTAT                           = 0x190
+	SYS_FSYNC                           = 0x191
+	SYS_FTRUNCATE                       = 0x192
+	SYS_GETCWD                          = 0x193
+	SYS_GETEGID                         = 0x194
+	SYS_GETEUID                         = 0x195
+	SYS_GETGID                          = 0x196
+	SYS_GETGRGID                        = 0x197
+	SYS_GETGRNAM                        = 0x198
+	SYS_GETGROUPS                       = 0x199
+	SYS_PTHREAD_MUTEXATTR_DESTROY       = 0x200
+	SYS_PTHREAD_MUTEXATTR_SETKIND_NP    = 0x201
+	SYS_PTHREAD_MUTEXATTR_GETKIND_NP    = 0x202
+	SYS_PTHREAD_MUTEX_INIT              = 0x203
+	SYS_PTHREAD_MUTEX_DESTROY           = 0x204
+	SYS_PTHREAD_MUTEX_LOCK              = 0x205
+	SYS_PTHREAD_MUTEX_TRYLOCK           = 0x206
+	SYS_PTHREAD_MUTEX_UNLOCK            = 0x207
+	SYS_PTHREAD_ONCE                    = 0x209
+	SYS_TW_OPEN                         = 0x210
+	SYS_TW_FCNTL                        = 0x211
+	SYS_PTHREAD_JOIN_D4_NP              = 0x212
+	SYS_PTHREAD_CONDATTR_SETKIND_NP     = 0x213
+	SYS_PTHREAD_CONDATTR_GETKIND_NP     = 0x214
+	SYS_EXTLINK_NP                      = 0x215
+	SYS___PASSWD                        = 0x216
+	SYS_SETGROUPS                       = 0x217
+	SYS_INITGROUPS                      = 0x218
+	SYS_WCSRCHR                         = 0x240
+	SYS_SVC99                           = 0x241
+	SYS___SVC99                         = 0x241
+	SYS_WCSWCS                          = 0x242
+	SYS_LOCALECO                        = 0x243
+	SYS_LOCALECONV                      = 0x243
+	SYS___LIBREL                        = 0x244
+	SYS_RELEASE                         = 0x245
+	SYS___RLSE                          = 0x245
+	SYS_FLOCATE                         = 0x246
+	SYS___FLOCT                         = 0x246
+	SYS_FDELREC                         = 0x247
+	SYS___FDLREC                        = 0x247
+	SYS_FETCH                           = 0x248
+	SYS___FETCH                         = 0x248
+	SYS_QSORT                           = 0x249
+	SYS___CLEANUPCATCH                  = 0x260
+	SYS___CATCHMATCH                    = 0x261
+	SYS___CLEAN2UPCATCH                 = 0x262
+	SYS_GETPRIORITY                     = 0x270
+	SYS_NICE                            = 0x271
+	SYS_SETPRIORITY                     = 0x272
+	SYS_GETITIMER                       = 0x273
+	SYS_SETITIMER                       = 0x274
+	SYS_MSGCTL                          = 0x275
+	SYS_MSGGET                          = 0x276
+	SYS_MSGRCV                          = 0x277
+	SYS_MSGSND                          = 0x278
+	SYS_MSGXRCV                         = 0x279
+	SYS___MSGXR                         = 0x279
+	SYS_SHMGET                          = 0x280
+	SYS___GETIPC                        = 0x281
+	SYS_SETGRENT                        = 0x282
+	SYS_GETGRENT                        = 0x283
+	SYS_ENDGRENT                        = 0x284
+	SYS_SETPWENT                        = 0x285
+	SYS_GETPWENT                        = 0x286
+	SYS_ENDPWENT                        = 0x287
+	SYS_BSD_SIGNAL                      = 0x288
+	SYS_KILLPG                          = 0x289
+	SYS_SIGSET                          = 0x290
+	SYS_SIGSTACK                        = 0x291
+	SYS_GETRLIMIT                       = 0x292
+	SYS_SETRLIMIT                       = 0x293
+	SYS_GETRUSAGE                       = 0x294
+	SYS_MMAP                            = 0x295
+	SYS_MPROTECT                        = 0x296
+	SYS_MSYNC                           = 0x297
+	SYS_MUNMAP                          = 0x298
+	SYS_CONFSTR                         = 0x299
+	SYS___NDMTRM                        = 0x300
+	SYS_FTOK                            = 0x301
+	SYS_BASENAME                        = 0x302
+	SYS_DIRNAME                         = 0x303
+	SYS_GETDTABLESIZE                   = 0x304
+	SYS_MKSTEMP                         = 0x305
+	SYS_MKTEMP                          = 0x306
+	SYS_NFTW                            = 0x307
+	SYS_GETWD                           = 0x308
+	SYS_LOCKF                           = 0x309
+	SYS_WORDEXP                         = 0x310
+	SYS_WORDFREE                        = 0x311
+	SYS_GETPGID                         = 0x312
+	SYS_GETSID                          = 0x313
+	SYS___UTMPXNAME                     = 0x314
+	SYS_CUSERID                         = 0x315
+	SYS_GETPASS                         = 0x316
+	SYS_FNMATCH                         = 0x317
+	SYS_FTW                             = 0x318
+	SYS_GETW                            = 0x319
+	SYS_ACOSH                           = 0x320
+	SYS_ASINH                           = 0x321
+	SYS_ATANH                           = 0x322
+	SYS_CBRT                            = 0x323
+	SYS_EXPM1                           = 0x324
+	SYS_ILOGB                           = 0x325
+	SYS_LOGB                            = 0x326
+	SYS_LOG1P                           = 0x327
+	SYS_NEXTAFTER                       = 0x328
+	SYS_RINT                            = 0x329
+	SYS_SPAWN                           = 0x330
+	SYS_SPAWNP                          = 0x331
+	SYS_GETLOGIN_UU                     = 0x332
+	SYS_ECVT                            = 0x333
+	SYS_FCVT                            = 0x334
+	SYS_GCVT                            = 0x335
+	SYS_ACCEPT                          = 0x336
+	SYS_BIND                            = 0x337
+	SYS_CONNECT                         = 0x338
+	SYS_ENDHOSTENT                      = 0x339
+	SYS_GETHOSTENT                      = 0x340
+	SYS_GETHOSTID                       = 0x341
+	SYS_GETHOSTNAME                     = 0x342
+	SYS_GETNETBYADDR                    = 0x343
+	SYS_GETNETBYNAME                    = 0x344
+	SYS_GETNETENT                       = 0x345
+	SYS_GETPEERNAME                     = 0x346
+	SYS_GETPROTOBYNAME                  = 0x347
+	SYS_GETPROTOBYNUMBER                = 0x348
+	SYS_GETPROTOENT                     = 0x349
+	SYS_INET_LNAOF                      = 0x350
+	SYS_INET_MAKEADDR                   = 0x351
+	SYS_INET_NETOF                      = 0x352
+	SYS_INET_NETWORK                    = 0x353
+	SYS_INET_NTOA                       = 0x354
+	SYS_IOCTL                           = 0x355
+	SYS_LISTEN                          = 0x356
+	SYS_READV                           = 0x357
+	SYS_RECV                            = 0x358
+	SYS_RECVFROM                        = 0x359
+	SYS_SETHOSTENT                      = 0x360
+	SYS_SETNETENT                       = 0x361
+	SYS_SETPEER                         = 0x362
+	SYS_SETPROTOENT                     = 0x363
+	SYS_SETSERVENT                      = 0x364
+	SYS_SETSOCKOPT                      = 0x365
+	SYS_SHUTDOWN                        = 0x366
+	SYS_SOCKET                          = 0x367
+	SYS_SOCKETPAIR                      = 0x368
+	SYS_WRITEV                          = 0x369
+	SYS_ENDNETENT                       = 0x370
+	SYS_CLOSELOG                        = 0x371
+	SYS_OPENLOG                         = 0x372
+	SYS_SETLOGMASK                      = 0x373
+	SYS_SYSLOG                          = 0x374
+	SYS_PTSNAME                         = 0x375
+	SYS_SETREUID                        = 0x376
+	SYS_SETREGID                        = 0x377
+	SYS_REALPATH                        = 0x378
+	SYS___SIGNGAM                       = 0x379
+	SYS_POLL                            = 0x380
+	SYS_REXEC                           = 0x381
+	SYS___ISASCII2                      = 0x382
+	SYS___TOASCII2                      = 0x383
+	SYS_CHPRIORITY                      = 0x384
+	SYS_PTHREAD_ATTR_SETSYNCTYPE_NP     = 0x385
+	SYS_PTHREAD_ATTR_GETSYNCTYPE_NP     = 0x386
+	SYS_PTHREAD_SET_LIMIT_NP            = 0x387
+	SYS___STNETENT                      = 0x388
+	SYS___STPROTOENT                    = 0x389
+	SYS___SELECT1                       = 0x390
+	SYS_PTHREAD_SECURITY_NP             = 0x391
+	SYS___CHECK_RESOURCE_AUTH_NP        = 0x392
+	SYS___CONVERT_ID_NP                 = 0x393
+	SYS___OPENVMREL                     = 0x394
+	SYS_WMEMCHR                         = 0x395
+	SYS_WMEMCMP                         = 0x396
+	SYS_WMEMCPY                         = 0x397
+	SYS_WMEMMOVE                        = 0x398
+	SYS_WMEMSET                         = 0x399
+	SYS___FPUTWC                        = 0x400
+	SYS___PUTWC                         = 0x401
+	SYS___PWCHAR                        = 0x402
+	SYS___WCSFTM                        = 0x403
+	SYS___WCSTOK                        = 0x404
+	SYS___WCWDTH                        = 0x405
+	SYS_T_ACCEPT                        = 0x409
+	SYS_T_GETINFO                       = 0x410
+	SYS_T_GETPROTADDR                   = 0x411
+	SYS_T_GETSTATE                      = 0x412
+	SYS_T_LISTEN                        = 0x413
+	SYS_T_LOOK                          = 0x414
+	SYS_T_OPEN                          = 0x415
+	SYS_T_OPTMGMT                       = 0x416
+	SYS_T_RCV                           = 0x417
+	SYS_T_RCVCONNECT                    = 0x418
+	SYS_T_RCVDIS                        = 0x419
+	SYS_T_SNDUDATA                      = 0x420
+	SYS_T_STRERROR                      = 0x421
+	SYS_T_SYNC                          = 0x422
+	SYS_T_UNBIND                        = 0x423
+	SYS___T_ERRNO                       = 0x424
+	SYS___RECVMSG2                      = 0x425
+	SYS___SENDMSG2                      = 0x426
+	SYS_FATTACH                         = 0x427
+	SYS_FDETACH                         = 0x428
+	SYS_GETMSG                          = 0x429
+	SYS_GETCONTEXT                      = 0x430
+	SYS_SETCONTEXT                      = 0x431
+	SYS_MAKECONTEXT                     = 0x432
+	SYS_SWAPCONTEXT                     = 0x433
+	SYS_PTHREAD_GETSPECIFIC_D8_NP       = 0x434
+	SYS_GETCLIENTID                     = 0x470
+	SYS___GETCLIENTID                   = 0x471
+	SYS_GETSTABLESIZE                   = 0x472
+	SYS_GETIBMOPT                       = 0x473
+	SYS_GETIBMSOCKOPT                   = 0x474
+	SYS_GIVESOCKET                      = 0x475
+	SYS_IBMSFLUSH                       = 0x476
+	SYS_MAXDESC                         = 0x477
+	SYS_SETIBMOPT                       = 0x478
+	SYS_SETIBMSOCKOPT                   = 0x479
+	SYS___SERVER_PWU                    = 0x480
+	SYS_PTHREAD_TAG_NP                  = 0x481
+	SYS___CONSOLE                       = 0x482
+	SYS___WSINIT                        = 0x483
+	SYS___IPTCPN                        = 0x489
+	SYS___SERVER_CLASSIFY               = 0x490
+	SYS___HEAPRPT                       = 0x496
+	SYS___ISBFP                         = 0x500
+	SYS___FP_CAST                       = 0x501
+	SYS___CERTIFICATE                   = 0x502
+	SYS_SEND_FILE                       = 0x503
+	SYS_AIO_CANCEL                      = 0x504
+	SYS_AIO_ERROR                       = 0x505
+	SYS_AIO_READ                        = 0x506
+	SYS_AIO_RETURN                      = 0x507
+	SYS_AIO_SUSPEND                     = 0x508
+	SYS_AIO_WRITE                       = 0x509
+	SYS_PTHREAD_RWLOCK_TRYWRLOCK        = 0x510
+	SYS_PTHREAD_RWLOCK_UNLOCK           = 0x511
+	SYS_PTHREAD_RWLOCK_WRLOCK           = 0x512
+	SYS_PTHREAD_RWLOCKATTR_GETPSHARED   = 0x513
+	SYS_PTHREAD_RWLOCKATTR_SETPSHARED   = 0x514
+	SYS_PTHREAD_RWLOCKATTR_INIT         = 0x515
+	SYS_PTHREAD_RWLOCKATTR_DESTROY      = 0x516
+	SYS___CTTBL                         = 0x517
+	SYS_PTHREAD_MUTEXATTR_SETTYPE       = 0x518
+	SYS_PTHREAD_MUTEXATTR_GETTYPE       = 0x519
+	SYS___FP_UNORDERED                  = 0x520
+	SYS___FP_READ_RND                   = 0x521
+	SYS___FP_READ_RND_B                 = 0x522
+	SYS___FP_SWAP_RND                   = 0x523
+	SYS___FP_SWAP_RND_B                 = 0x524
+	SYS___FP_LEVEL                      = 0x525
+	SYS___FP_BTOH                       = 0x526
+	SYS___FP_HTOB                       = 0x527
+	SYS___FPC_RD                        = 0x528
+	SYS___FPC_WR                        = 0x529
+	SYS_PTHREAD_SETCANCELTYPE           = 0x600
+	SYS_PTHREAD_TESTCANCEL              = 0x601
+	SYS___ATANF_B                       = 0x602
+	SYS___ATANL_B                       = 0x603
+	SYS___CEILF_B                       = 0x604
+	SYS___CEILL_B                       = 0x605
+	SYS___COSF_B                        = 0x606
+	SYS___COSL_B                        = 0x607
+	SYS___FABSF_B                       = 0x608
+	SYS___FABSL_B                       = 0x609
+	SYS___SINF_B                        = 0x610
+	SYS___SINL_B                        = 0x611
+	SYS___TANF_B                        = 0x612
+	SYS___TANL_B                        = 0x613
+	SYS___TANHF_B                       = 0x614
+	SYS___TANHL_B                       = 0x615
+	SYS___ACOSF_B                       = 0x616
+	SYS___ACOSL_B                       = 0x617
+	SYS___ASINF_B                       = 0x618
+	SYS___ASINL_B                       = 0x619
+	SYS___LOGF_B                        = 0x620
+	SYS___LOGL_B                        = 0x621
+	SYS___LOG10F_B                      = 0x622
+	SYS___LOG10L_B                      = 0x623
+	SYS___POWF_B                        = 0x624
+	SYS___POWL_B                        = 0x625
+	SYS___SINHF_B                       = 0x626
+	SYS___SINHL_B                       = 0x627
+	SYS___SQRTF_B                       = 0x628
+	SYS___SQRTL_B                       = 0x629
+	SYS___MODFL_B                       = 0x630
+	SYS_ABSF                            = 0x631
+	SYS_ABSL                            = 0x632
+	SYS_ACOSF                           = 0x633
+	SYS_ACOSL                           = 0x634
+	SYS_ASINF                           = 0x635
+	SYS_ASINL                           = 0x636
+	SYS_ATAN2F                          = 0x637
+	SYS_ATAN2L                          = 0x638
+	SYS_ATANF                           = 0x639
+	SYS_COSHL                           = 0x640
+	SYS_EXPF                            = 0x641
+	SYS_EXPL                            = 0x642
+	SYS_TANHF                           = 0x643
+	SYS_TANHL                           = 0x644
+	SYS_LOG10F                          = 0x645
+	SYS_LOG10L                          = 0x646
+	SYS_LOGF                            = 0x647
+	SYS_LOGL                            = 0x648
+	SYS_POWF                            = 0x649
+	SYS_SINHL                           = 0x650
+	SYS_TANF                            = 0x651
+	SYS_TANL                            = 0x652
+	SYS_FABSF                           = 0x653
+	SYS_FABSL                           = 0x654
+	SYS_FLOORF                          = 0x655
+	SYS_FLOORL                          = 0x656
+	SYS_FMODF                           = 0x657
+	SYS_FMODL                           = 0x658
+	SYS_FREXPF                          = 0x659
+	SYS___CHATTR                        = 0x660
+	SYS___FCHATTR                       = 0x661
+	SYS___TOCCSID                       = 0x662
+	SYS___CSNAMETYPE                    = 0x663
+	SYS___TOCSNAME                      = 0x664
+	SYS___CCSIDTYPE                     = 0x665
+	SYS___AE_CORRESTBL_QUERY            = 0x666
+	SYS___AE_AUTOCONVERT_STATE          = 0x667
+	SYS_DN_FIND                         = 0x668
+	SYS___GETHOSTBYADDR_A               = 0x669
+	SYS___MBLEN_SB_A                    = 0x670
+	SYS___MBLEN_STD_A                   = 0x671
+	SYS___MBLEN_UTF                     = 0x672
+	SYS___MBSTOWCS_A                    = 0x673
+	SYS___MBSTOWCS_STD_A                = 0x674
+	SYS___MBTOWC_A                      = 0x675
+	SYS___MBTOWC_ISO1                   = 0x676
+	SYS___MBTOWC_SBCS                   = 0x677
+	SYS___MBTOWC_MBCS                   = 0x678
+	SYS___MBTOWC_UTF                    = 0x679
+	SYS___CSID_A                        = 0x680
+	SYS___CSID_STD_A                    = 0x681
+	SYS___WCSID_A                       = 0x682
+	SYS___WCSID_STD_A                   = 0x683
+	SYS___WCTOMB_A                      = 0x684
+	SYS___WCTOMB_ISO1                   = 0x685
+	SYS___WCTOMB_STD_A                  = 0x686
+	SYS___WCTOMB_UTF                    = 0x687
+	SYS___WCWIDTH_A                     = 0x688
+	SYS___GETGRNAM_R_A                  = 0x689
+	SYS___READDIR_R_A                   = 0x690
+	SYS___E2A_S                         = 0x691
+	SYS___FNMATCH_A                     = 0x692
+	SYS___FNMATCH_C_A                   = 0x693
+	SYS___EXECL_A                       = 0x694
+	SYS___FNMATCH_STD_A                 = 0x695
+	SYS___REGCOMP_A                     = 0x696
+	SYS___REGCOMP_STD_A                 = 0x697
+	SYS___REGERROR_A                    = 0x698
+	SYS___REGERROR_STD_A                = 0x699
+	SYS___SWPRINTF_A                    = 0x700
+	SYS___FSCANF_A                      = 0x701
+	SYS___SCANF_A                       = 0x702
+	SYS___SSCANF_A                      = 0x703
+	SYS___SWSCANF_A                     = 0x704
+	SYS___ATOF_A                        = 0x705
+	SYS___ATOI_A                        = 0x706
+	SYS___ATOL_A                        = 0x707
+	SYS___STRTOD_A                      = 0x708
+	SYS___STRTOL_A                      = 0x709
+	SYS___L64A_A                        = 0x710
+	SYS___STRERROR_A                    = 0x711
+	SYS___PERROR_A                      = 0x712
+	SYS___FETCH_A                       = 0x713
+	SYS___GETENV_A                      = 0x714
+	SYS___MKSTEMP_A                     = 0x717
+	SYS___PTSNAME_A                     = 0x718
+	SYS___PUTENV_A                      = 0x719
+	SYS___CHDIR_A                       = 0x720
+	SYS___CHOWN_A                       = 0x721
+	SYS___CHROOT_A                      = 0x722
+	SYS___GETCWD_A                      = 0x723
+	SYS___GETWD_A                       = 0x724
+	SYS___LCHOWN_A                      = 0x725
+	SYS___LINK_A                        = 0x726
+	SYS___PATHCONF_A                    = 0x727
+	SYS___IF_NAMEINDEX_A                = 0x728
+	SYS___READLINK_A                    = 0x729
+	SYS___EXTLINK_NP_A                  = 0x730
+	SYS___ISALNUM_A                     = 0x731
+	SYS___ISALPHA_A                     = 0x732
+	SYS___A2E_S                         = 0x733
+	SYS___ISCNTRL_A                     = 0x734
+	SYS___ISDIGIT_A                     = 0x735
+	SYS___ISGRAPH_A                     = 0x736
+	SYS___ISLOWER_A                     = 0x737
+	SYS___ISPRINT_A                     = 0x738
+	SYS___ISPUNCT_A                     = 0x739
+	SYS___ISWALPHA_A                    = 0x740
+	SYS___A2E_L                         = 0x741
+	SYS___ISWCNTRL_A                    = 0x742
+	SYS___ISWDIGIT_A                    = 0x743
+	SYS___ISWGRAPH_A                    = 0x744
+	SYS___ISWLOWER_A                    = 0x745
+	SYS___ISWPRINT_A                    = 0x746
+	SYS___ISWPUNCT_A                    = 0x747
+	SYS___ISWSPACE_A                    = 0x748
+	SYS___ISWUPPER_A                    = 0x749
+	SYS___REMOVE_A                      = 0x750
+	SYS___RENAME_A                      = 0x751
+	SYS___TMPNAM_A                      = 0x752
+	SYS___FOPEN_A                       = 0x753
+	SYS___FREOPEN_A                     = 0x754
+	SYS___CUSERID_A                     = 0x755
+	SYS___POPEN_A                       = 0x756
+	SYS___TEMPNAM_A                     = 0x757
+	SYS___FTW_A                         = 0x758
+	SYS___GETGRENT_A                    = 0x759
+	SYS___INET_NTOP_A                   = 0x760
+	SYS___GETPASS_A                     = 0x761
+	SYS___GETPWENT_A                    = 0x762
+	SYS___GETPWNAM_A                    = 0x763
+	SYS___GETPWUID_A                    = 0x764
+	SYS_____CHECK_RESOURCE_AUTH_NP_A    = 0x765
+	SYS___CHECKSCHENV_A                 = 0x766
+	SYS___CONNECTSERVER_A               = 0x767
+	SYS___CONNECTWORKMGR_A              = 0x768
+	SYS_____CONSOLE_A                   = 0x769
+	SYS___MSGSND_A                      = 0x770
+	SYS___MSGXRCV_A                     = 0x771
+	SYS___NFTW_A                        = 0x772
+	SYS_____PASSWD_A                    = 0x773
+	SYS___PTHREAD_SECURITY_NP_A         = 0x774
+	SYS___QUERYMETRICS_A                = 0x775
+	SYS___QUERYSCHENV                   = 0x776
+	SYS___READV_A                       = 0x777
+	SYS_____SERVER_CLASSIFY_A           = 0x778
+	SYS_____SERVER_INIT_A               = 0x779
+	SYS___W_GETPSENT_A                  = 0x780
+	SYS___WRITEV_A                      = 0x781
+	SYS___W_STATFS_A                    = 0x782
+	SYS___W_STATVFS_A                   = 0x783
+	SYS___FPUTC_A                       = 0x784
+	SYS___PUTCHAR_A                     = 0x785
+	SYS___PUTS_A                        = 0x786
+	SYS___FGETS_A                       = 0x787
+	SYS___GETS_A                        = 0x788
+	SYS___FPUTS_A                       = 0x789
+	SYS___PUTC_A                        = 0x790
+	SYS___AE_THREAD_SETMODE             = 0x791
+	SYS___AE_THREAD_SWAPMODE            = 0x792
+	SYS___GETNETBYADDR_A                = 0x793
+	SYS___GETNETBYNAME_A                = 0x794
+	SYS___GETNETENT_A                   = 0x795
+	SYS___GETPROTOBYNAME_A              = 0x796
+	SYS___GETPROTOBYNUMBER_A            = 0x797
+	SYS___GETPROTOENT_A                 = 0x798
+	SYS___GETSERVBYNAME_A               = 0x799
+	SYS_ACL_FIRST_ENTRY                 = 0x800
+	SYS_ACL_GET_ENTRY                   = 0x801
+	SYS_ACL_VALID                       = 0x802
+	SYS_ACL_CREATE_ENTRY                = 0x803
+	SYS_ACL_DELETE_ENTRY                = 0x804
+	SYS_ACL_UPDATE_ENTRY                = 0x805
+	SYS_ACL_DELETE_FD                   = 0x806
+	SYS_ACL_DELETE_FILE                 = 0x807
+	SYS_ACL_GET_FD                      = 0x808
+	SYS_ACL_GET_FILE                    = 0x809
+	SYS___ERFL_B                        = 0x810
+	SYS___ERFCL_B                       = 0x811
+	SYS___LGAMMAL_B                     = 0x812
+	SYS___SETHOOKEVENTS                 = 0x813
+	SYS_IF_NAMETOINDEX                  = 0x814
+	SYS_IF_INDEXTONAME                  = 0x815
+	SYS_IF_NAMEINDEX                    = 0x816
+	SYS_IF_FREENAMEINDEX                = 0x817
+	SYS_GETADDRINFO                     = 0x818
+	SYS_GETNAMEINFO                     = 0x819
+	SYS___DYNFREE_A                     = 0x820
+	SYS___RES_QUERY_A                   = 0x821
+	SYS___RES_SEARCH_A                  = 0x822
+	SYS___RES_QUERYDOMAIN_A             = 0x823
+	SYS___RES_MKQUERY_A                 = 0x824
+	SYS___RES_SEND_A                    = 0x825
+	SYS___DN_EXPAND_A                   = 0x826
+	SYS___DN_SKIPNAME_A                 = 0x827
+	SYS___DN_COMP_A                     = 0x828
+	SYS___DN_FIND_A                     = 0x829
+	SYS___INET_NTOA_A                   = 0x830
+	SYS___INET_NETWORK_A                = 0x831
+	SYS___ACCEPT_A                      = 0x832
+	SYS___ACCEPT_AND_RECV_A             = 0x833
+	SYS___BIND_A                        = 0x834
+	SYS___CONNECT_A                     = 0x835
+	SYS___GETPEERNAME_A                 = 0x836
+	SYS___GETSOCKNAME_A                 = 0x837
+	SYS___RECVFROM_A                    = 0x838
+	SYS___SENDTO_A                      = 0x839
+	SYS___LCHATTR                       = 0x840
+	SYS___WRITEDOWN                     = 0x841
+	SYS_PTHREAD_MUTEX_INIT2             = 0x842
+	SYS___ACOSHF_B                      = 0x843
+	SYS___ACOSHL_B                      = 0x844
+	SYS___ASINHF_B                      = 0x845
+	SYS___ASINHL_B                      = 0x846
+	SYS___ATANHF_B                      = 0x847
+	SYS___ATANHL_B                      = 0x848
+	SYS___CBRTF_B                       = 0x849
+	SYS___EXP2F_B                       = 0x850
+	SYS___EXP2L_B                       = 0x851
+	SYS___EXPM1F_B                      = 0x852
+	SYS___EXPM1L_B                      = 0x853
+	SYS___FDIMF_B                       = 0x854
+	SYS___FDIM_B                        = 0x855
+	SYS___FDIML_B                       = 0x856
+	SYS___HYPOTF_B                      = 0x857
+	SYS___HYPOTL_B                      = 0x858
+	SYS___LOG1PF_B                      = 0x859
+	SYS___REMQUOF_B                     = 0x860
+	SYS___REMQUO_B                      = 0x861
+	SYS___REMQUOL_B                     = 0x862
+	SYS___TGAMMAF_B                     = 0x863
+	SYS___TGAMMA_B                      = 0x864
+	SYS___TGAMMAL_B                     = 0x865
+	SYS___TRUNCF_B                      = 0x866
+	SYS___TRUNC_B                       = 0x867
+	SYS___TRUNCL_B                      = 0x868
+	SYS___LGAMMAF_B                     = 0x869
+	SYS_ASINHF                          = 0x870
+	SYS_ASINHL                          = 0x871
+	SYS_ATANHF                          = 0x872
+	SYS_ATANHL                          = 0x873
+	SYS_CBRTF                           = 0x874
+	SYS_CBRTL                           = 0x875
+	SYS_COPYSIGNF                       = 0x876
+	SYS_CPYSIGNF                        = 0x876
+	SYS_COPYSIGNL                       = 0x877
+	SYS_CPYSIGNL                        = 0x877
+	SYS_COTANF                          = 0x878
+	SYS___COTANF                        = 0x878
+	SYS_COTAN                           = 0x879
+	SYS___COTAN                         = 0x879
+	SYS_FDIM                            = 0x881
+	SYS_FDIML                           = 0x882
+	SYS_HYPOTF                          = 0x883
+	SYS_HYPOTL                          = 0x884
+	SYS_LOG1PF                          = 0x885
+	SYS_LOG1PL                          = 0x886
+	SYS_LOG2F                           = 0x887
+	SYS_LOG2                            = 0x888
+	SYS_LOG2L                           = 0x889
+	SYS_TGAMMA                          = 0x890
+	SYS_TGAMMAL                         = 0x891
+	SYS_TRUNCF                          = 0x892
+	SYS_TRUNC                           = 0x893
+	SYS_TRUNCL                          = 0x894
+	SYS_LGAMMAF                         = 0x895
+	SYS_LGAMMAL                         = 0x896
+	SYS_LROUNDF                         = 0x897
+	SYS_LROUND                          = 0x898
+	SYS_ERFF                            = 0x899
+	SYS___COSHF_H                       = 0x900
+	SYS___COSHL_H                       = 0x901
+	SYS___COTAN_H                       = 0x902
+	SYS___COTANF_H                      = 0x903
+	SYS___COTANL_H                      = 0x904
+	SYS___ERF_H                         = 0x905
+	SYS___ERFF_H                        = 0x906
+	SYS___ERFL_H                        = 0x907
+	SYS___ERFC_H                        = 0x908
+	SYS___ERFCF_H                       = 0x909
+	SYS___FDIMF_H                       = 0x910
+	SYS___FDIML_H                       = 0x911
+	SYS___FMOD_H                        = 0x912
+	SYS___FMODF_H                       = 0x913
+	SYS___FMODL_H                       = 0x914
+	SYS___GAMMA_H                       = 0x915
+	SYS___HYPOT_H                       = 0x916
+	SYS___ILOGB_H                       = 0x917
+	SYS___LGAMMA_H                      = 0x918
+	SYS___LGAMMAF_H                     = 0x919
+	SYS___LOG2L_H                       = 0x920
+	SYS___LOG1P_H                       = 0x921
+	SYS___LOG10_H                       = 0x922
+	SYS___LOG10F_H                      = 0x923
+	SYS___LOG10L_H                      = 0x924
+	SYS___LROUND_H                      = 0x925
+	SYS___LROUNDF_H                     = 0x926
+	SYS___NEXTAFTER_H                   = 0x927
+	SYS___POW_H                         = 0x928
+	SYS___POWF_H                        = 0x929
+	SYS___SINL_H                        = 0x930
+	SYS___SINH_H                        = 0x931
+	SYS___SINHF_H                       = 0x932
+	SYS___SINHL_H                       = 0x933
+	SYS___SQRT_H                        = 0x934
+	SYS___SQRTF_H                       = 0x935
+	SYS___SQRTL_H                       = 0x936
+	SYS___TAN_H                         = 0x937
+	SYS___TANF_H                        = 0x938
+	SYS___TANL_H                        = 0x939
+	SYS___TRUNCF_H                      = 0x940
+	SYS___TRUNCL_H                      = 0x941
+	SYS___COSH_H                        = 0x942
+	SYS___LE_DEBUG_SET_RESUME_MCH       = 0x943
+	SYS_VFSCANF                         = 0x944
+	SYS_VSCANF                          = 0x946
+	SYS_VSSCANF                         = 0x948
+	SYS_IMAXABS                         = 0x950
+	SYS_IMAXDIV                         = 0x951
+	SYS_STRTOIMAX                       = 0x952
+	SYS_STRTOUMAX                       = 0x953
+	SYS_WCSTOIMAX                       = 0x954
+	SYS_WCSTOUMAX                       = 0x955
+	SYS_ATOLL                           = 0x956
+	SYS_STRTOF                          = 0x957
+	SYS_STRTOLD                         = 0x958
+	SYS_WCSTOF                          = 0x959
+	SYS_INET6_RTH_GETADDR               = 0x960
+	SYS_INET6_OPT_INIT                  = 0x961
+	SYS_INET6_OPT_APPEND                = 0x962
+	SYS_INET6_OPT_FINISH                = 0x963
+	SYS_INET6_OPT_SET_VAL               = 0x964
+	SYS_INET6_OPT_NEXT                  = 0x965
+	SYS_INET6_OPT_FIND                  = 0x966
+	SYS_INET6_OPT_GET_VAL               = 0x967
+	SYS___POW_I                         = 0x987
+	SYS___POW_I_B                       = 0x988
+	SYS___POW_I_H                       = 0x989
+	SYS___CABS_H                        = 0x990
+	SYS_CABSF                           = 0x991
+	SYS___CABSF_B                       = 0x992
+	SYS___CABSF_H                       = 0x993
+	SYS_CABSL                           = 0x994
+	SYS___CABSL_B                       = 0x995
+	SYS___CABSL_H                       = 0x996
+	SYS_CACOS                           = 0x997
+	SYS___CACOS_B                       = 0x998
+	SYS___CACOS_H                       = 0x999
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
new file mode 100644
index 0000000000000..7a8161c1d1cae
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
@@ -0,0 +1,354 @@
+// cgo -godefs types_aix.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && aix
+// +build ppc,aix
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+	PathMax        = 0x3ff
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type off64 int64
+type off int32
+type Mode_t uint32
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timeval32 struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct{}
+
+type Time_t int32
+
+type Tms struct{}
+
+type Utimbuf struct {
+	Actime  int32
+	Modtime int32
+}
+
+type Timezone struct {
+	Minuteswest int32
+	Dsttime     int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type Pid_t int32
+
+type _Gid_t uint32
+
+type dev_t uint32
+
+type Stat_t struct {
+	Dev      uint32
+	Ino      uint32
+	Mode     uint32
+	Nlink    int16
+	Flag     uint16
+	Uid      uint32
+	Gid      uint32
+	Rdev     uint32
+	Size     int32
+	Atim     Timespec
+	Mtim     Timespec
+	Ctim     Timespec
+	Blksize  int32
+	Blocks   int32
+	Vfstype  int32
+	Vfs      uint32
+	Type     uint32
+	Gen      uint32
+	Reserved [9]uint32
+}
+
+type StatxTimestamp struct{}
+
+type Statx_t struct{}
+
+type Dirent struct {
+	Offset uint32
+	Ino    uint32
+	Reclen uint16
+	Namlen uint16
+	Name   [256]uint8
+}
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [1023]uint8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [120]uint8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [1012]uint8
+}
+
+type _Socklen uint32
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x404
+	SizeofSockaddrUnix     = 0x401
+	SizeofSockaddrDatalink = 0x80
+	SizeofLinger           = 0x8
+	SizeofIovec            = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	SizeofIfMsghdr = 0x10
+)
+
+type IfMsgHdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Addrlen uint8
+	_       [1]byte
+}
+
+type FdSet struct {
+	Bits [2048]int32
+}
+
+type Utsname struct {
+	Sysname  [32]byte
+	Nodename [32]byte
+	Release  [32]byte
+	Version  [32]byte
+	Machine  [32]byte
+}
+
+type Ustat_t struct{}
+
+type Sigset_t struct {
+	Losigs uint32
+	Hisigs uint32
+}
+
+const (
+	AT_FDCWD            = -0x2
+	AT_REMOVEDIR        = 0x1
+	AT_SYMLINK_NOFOLLOW = 0x1
+)
+
+type Termios struct {
+	Iflag uint32
+	Oflag uint32
+	Cflag uint32
+	Lflag uint32
+	Cc    [16]uint8
+}
+
+type Termio struct {
+	Iflag uint16
+	Oflag uint16
+	Cflag uint16
+	Lflag uint16
+	Line  uint8
+	Cc    [8]uint8
+	_     [1]byte
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type PollFd struct {
+	Fd      int32
+	Events  uint16
+	Revents uint16
+}
+
+const (
+	POLLERR    = 0x4000
+	POLLHUP    = 0x2000
+	POLLIN     = 0x1
+	POLLNVAL   = 0x8000
+	POLLOUT    = 0x2
+	POLLPRI    = 0x4
+	POLLRDBAND = 0x20
+	POLLRDNORM = 0x10
+	POLLWRBAND = 0x40
+	POLLWRNORM = 0x2
+)
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Sysid  uint32
+	Pid    int32
+	Vfs    int32
+	Start  int64
+	Len    int64
+}
+
+type Fsid_t struct {
+	Val [2]uint32
+}
+type Fsid64_t struct {
+	Val [2]uint64
+}
+
+type Statfs_t struct {
+	Version   int32
+	Type      int32
+	Bsize     uint32
+	Blocks    uint32
+	Bfree     uint32
+	Bavail    uint32
+	Files     uint32
+	Ffree     uint32
+	Fsid      Fsid_t
+	Vfstype   int32
+	Fsize     uint32
+	Vfsnumber int32
+	Vfsoff    int32
+	Vfslen    int32
+	Vfsvers   int32
+	Fname     [32]uint8
+	Fpack     [32]uint8
+	Name_max  int32
+}
+
+const RNDGETENTCNT = 0x80045200
diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
new file mode 100644
index 0000000000000..07ed733c51b55
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
@@ -0,0 +1,358 @@
+// cgo -godefs types_aix.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc64 && aix
+// +build ppc64,aix
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+	PathMax        = 0x3ff
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type off64 int64
+type off int64
+type Mode_t uint32
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+	_    [4]byte
+}
+
+type Timeval32 struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct{}
+
+type Time_t int64
+
+type Tms struct{}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Timezone struct {
+	Minuteswest int32
+	Dsttime     int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type Pid_t int32
+
+type _Gid_t uint32
+
+type dev_t uint64
+
+type Stat_t struct {
+	Dev      uint64
+	Ino      uint64
+	Mode     uint32
+	Nlink    int16
+	Flag     uint16
+	Uid      uint32
+	Gid      uint32
+	Rdev     uint64
+	Ssize    int32
+	Atim     Timespec
+	Mtim     Timespec
+	Ctim     Timespec
+	Blksize  int64
+	Blocks   int64
+	Vfstype  int32
+	Vfs      uint32
+	Type     uint32
+	Gen      uint32
+	Reserved [9]uint32
+	Padto_ll uint32
+	Size     int64
+}
+
+type StatxTimestamp struct{}
+
+type Statx_t struct{}
+
+type Dirent struct {
+	Offset uint64
+	Ino    uint64
+	Reclen uint16
+	Namlen uint16
+	Name   [256]uint8
+	_      [4]byte
+}
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [1023]uint8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [120]uint8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [1012]uint8
+}
+
+type _Socklen uint32
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x404
+	SizeofSockaddrUnix     = 0x401
+	SizeofSockaddrDatalink = 0x80
+	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	SizeofIfMsghdr = 0x10
+)
+
+type IfMsgHdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Addrlen uint8
+	_       [1]byte
+}
+
+type FdSet struct {
+	Bits [1024]int64
+}
+
+type Utsname struct {
+	Sysname  [32]byte
+	Nodename [32]byte
+	Release  [32]byte
+	Version  [32]byte
+	Machine  [32]byte
+}
+
+type Ustat_t struct{}
+
+type Sigset_t struct {
+	Set [4]uint64
+}
+
+const (
+	AT_FDCWD            = -0x2
+	AT_REMOVEDIR        = 0x1
+	AT_SYMLINK_NOFOLLOW = 0x1
+)
+
+type Termios struct {
+	Iflag uint32
+	Oflag uint32
+	Cflag uint32
+	Lflag uint32
+	Cc    [16]uint8
+}
+
+type Termio struct {
+	Iflag uint16
+	Oflag uint16
+	Cflag uint16
+	Lflag uint16
+	Line  uint8
+	Cc    [8]uint8
+	_     [1]byte
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type PollFd struct {
+	Fd      int32
+	Events  uint16
+	Revents uint16
+}
+
+const (
+	POLLERR    = 0x4000
+	POLLHUP    = 0x2000
+	POLLIN     = 0x1
+	POLLNVAL   = 0x8000
+	POLLOUT    = 0x2
+	POLLPRI    = 0x4
+	POLLRDBAND = 0x20
+	POLLRDNORM = 0x10
+	POLLWRBAND = 0x40
+	POLLWRNORM = 0x2
+)
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Sysid  uint32
+	Pid    int32
+	Vfs    int32
+	Start  int64
+	Len    int64
+}
+
+type Fsid_t struct {
+	Val [2]uint32
+}
+type Fsid64_t struct {
+	Val [2]uint64
+}
+
+type Statfs_t struct {
+	Version   int32
+	Type      int32
+	Bsize     uint64
+	Blocks    uint64
+	Bfree     uint64
+	Bavail    uint64
+	Files     uint64
+	Ffree     uint64
+	Fsid      Fsid64_t
+	Vfstype   int32
+	Fsize     uint64
+	Vfsnumber int32
+	Vfsoff    int32
+	Vfslen    int32
+	Vfsvers   int32
+	Fname     [32]uint8
+	Fpack     [32]uint8
+	Name_max  int32
+	_         [4]byte
+}
+
+const RNDGETENTCNT = 0x80045200
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_386.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_386.go
deleted file mode 100644
index 327af5fba16c0..0000000000000
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_386.go
+++ /dev/null
@@ -1,489 +0,0 @@
-// cgo -godefs types_darwin.go | go run mkpost.go
-// Code generated by the command above; see README.md. DO NOT EDIT.
-
-// +build 386,darwin
-
-package unix
-
-const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
-)
-
-type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int32
-	_C_long_long int64
-)
-
-type Timespec struct {
-	Sec  int32
-	Nsec int32
-}
-
-type Timeval struct {
-	Sec  int32
-	Usec int32
-}
-
-type Timeval32 struct{}
-
-type Rusage struct {
-	Utime    Timeval
-	Stime    Timeval
-	Maxrss   int32
-	Ixrss    int32
-	Idrss    int32
-	Isrss    int32
-	Minflt   int32
-	Majflt   int32
-	Nswap    int32
-	Inblock  int32
-	Oublock  int32
-	Msgsnd   int32
-	Msgrcv   int32
-	Nsignals int32
-	Nvcsw    int32
-	Nivcsw   int32
-}
-
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
-type Stat_t struct {
-	Dev           int32
-	Mode          uint16
-	Nlink         uint16
-	Ino           uint64
-	Uid           uint32
-	Gid           uint32
-	Rdev          int32
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Birthtimespec Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       int32
-	Flags         uint32
-	Gen           uint32
-	Lspare        int32
-	Qspare        [2]int64
-}
-
-type Statfs_t struct {
-	Bsize       uint32
-	Iosize      int32
-	Blocks      uint64
-	Bfree       uint64
-	Bavail      uint64
-	Files       uint64
-	Ffree       uint64
-	Fsid        Fsid
-	Owner       uint32
-	Type        uint32
-	Flags       uint32
-	Fssubtype   uint32
-	Fstypename  [16]int8
-	Mntonname   [1024]int8
-	Mntfromname [1024]int8
-	Reserved    [8]uint32
-}
-
-type Flock_t struct {
-	Start  int64
-	Len    int64
-	Pid    int32
-	Type   int16
-	Whence int16
-}
-
-type Fstore_t struct {
-	Flags      uint32
-	Posmode    int32
-	Offset     int64
-	Length     int64
-	Bytesalloc int64
-}
-
-type Radvisory_t struct {
-	Offset int64
-	Count  int32
-}
-
-type Fbootstraptransfer_t struct {
-	Offset int64
-	Length uint32
-	Buffer *byte
-}
-
-type Log2phys_t struct {
-	Flags       uint32
-	Contigbytes int64
-	Devoffset   int64
-}
-
-type Fsid struct {
-	Val [2]int32
-}
-
-type Dirent struct {
-	Ino     uint64
-	Seekoff uint64
-	Reclen  uint16
-	Namlen  uint16
-	Type    uint8
-	Name    [1024]int8
-	_       [3]byte
-}
-
-type RawSockaddrInet4 struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type RawSockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Len    uint8
-	Family uint8
-	Path   [104]int8
-}
-
-type RawSockaddrDatalink struct {
-	Len    uint8
-	Family uint8
-	Index  uint16
-	Type   uint8
-	Nlen   uint8
-	Alen   uint8
-	Slen   uint8
-	Data   [12]int8
-}
-
-type RawSockaddr struct {
-	Len    uint8
-	Family uint8
-	Data   [14]int8
-}
-
-type RawSockaddrAny struct {
-	Addr RawSockaddr
-	Pad  [92]int8
-}
-
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
-type Iovec struct {
-	Base *byte
-	Len  uint32
-}
-
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type Msghdr struct {
-	Name       *byte
-	Namelen    uint32
-	Iov        *Iovec
-	Iovlen     int32
-	Control    *byte
-	Controllen uint32
-	Flags      int32
-}
-
-type Cmsghdr struct {
-	Len   uint32
-	Level int32
-	Type  int32
-}
-
-type Inet4Pktinfo struct {
-	Ifindex  uint32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Filt [8]uint32
-}
-
-const (
-	SizeofSockaddrInet4    = 0x10
-	SizeofSockaddrInet6    = 0x1c
-	SizeofSockaddrAny      = 0x6c
-	SizeofSockaddrUnix     = 0x6a
-	SizeofSockaddrDatalink = 0x14
-	SizeofLinger           = 0x8
-	SizeofIPMreq           = 0x8
-	SizeofIPv6Mreq         = 0x14
-	SizeofMsghdr           = 0x1c
-	SizeofCmsghdr          = 0xc
-	SizeofInet4Pktinfo     = 0xc
-	SizeofInet6Pktinfo     = 0x14
-	SizeofIPv6MTUInfo      = 0x20
-	SizeofICMPv6Filter     = 0x20
-)
-
-const (
-	PTRACE_TRACEME = 0x0
-	PTRACE_CONT    = 0x7
-	PTRACE_KILL    = 0x8
-)
-
-type Kevent_t struct {
-	Ident  uint32
-	Filter int16
-	Flags  uint16
-	Fflags uint32
-	Data   int32
-	Udata  *byte
-}
-
-type FdSet struct {
-	Bits [32]int32
-}
-
-const (
-	SizeofIfMsghdr    = 0x70
-	SizeofIfData      = 0x60
-	SizeofIfaMsghdr   = 0x14
-	SizeofIfmaMsghdr  = 0x10
-	SizeofIfmaMsghdr2 = 0x14
-	SizeofRtMsghdr    = 0x5c
-	SizeofRtMetrics   = 0x38
-)
-
-type IfMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Addrs   int32
-	Flags   int32
-	Index   uint16
-	_       [2]byte
-	Data    IfData
-}
-
-type IfData struct {
-	Type       uint8
-	Typelen    uint8
-	Physical   uint8
-	Addrlen    uint8
-	Hdrlen     uint8
-	Recvquota  uint8
-	Xmitquota  uint8
-	Unused1    uint8
-	Mtu        uint32
-	Metric     uint32
-	Baudrate   uint32
-	Ipackets   uint32
-	Ierrors    uint32
-	Opackets   uint32
-	Oerrors    uint32
-	Collisions uint32
-	Ibytes     uint32
-	Obytes     uint32
-	Imcasts    uint32
-	Omcasts    uint32
-	Iqdrops    uint32
-	Noproto    uint32
-	Recvtiming uint32
-	Xmittiming uint32
-	Lastchange Timeval
-	Unused2    uint32
-	Hwassist   uint32
-	Reserved1  uint32
-	Reserved2  uint32
-}
-
-type IfaMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Addrs   int32
-	Flags   int32
-	Index   uint16
-	_       [2]byte
-	Metric  int32
-}
-
-type IfmaMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Addrs   int32
-	Flags   int32
-	Index   uint16
-	_       [2]byte
-}
-
-type IfmaMsghdr2 struct {
-	Msglen   uint16
-	Version  uint8
-	Type     uint8
-	Addrs    int32
-	Flags    int32
-	Index    uint16
-	_        [2]byte
-	Refcount int32
-}
-
-type RtMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Index   uint16
-	_       [2]byte
-	Flags   int32
-	Addrs   int32
-	Pid     int32
-	Seq     int32
-	Errno   int32
-	Use     int32
-	Inits   uint32
-	Rmx     RtMetrics
-}
-
-type RtMetrics struct {
-	Locks    uint32
-	Mtu      uint32
-	Hopcount uint32
-	Expire   int32
-	Recvpipe uint32
-	Sendpipe uint32
-	Ssthresh uint32
-	Rtt      uint32
-	Rttvar   uint32
-	Pksent   uint32
-	Filler   [4]uint32
-}
-
-const (
-	SizeofBpfVersion = 0x4
-	SizeofBpfStat    = 0x8
-	SizeofBpfProgram = 0x8
-	SizeofBpfInsn    = 0x8
-	SizeofBpfHdr     = 0x14
-)
-
-type BpfVersion struct {
-	Major uint16
-	Minor uint16
-}
-
-type BpfStat struct {
-	Recv uint32
-	Drop uint32
-}
-
-type BpfProgram struct {
-	Len   uint32
-	Insns *BpfInsn
-}
-
-type BpfInsn struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type BpfHdr struct {
-	Tstamp  Timeval
-	Caplen  uint32
-	Datalen uint32
-	Hdrlen  uint16
-	_       [2]byte
-}
-
-type Termios struct {
-	Iflag  uint32
-	Oflag  uint32
-	Cflag  uint32
-	Lflag  uint32
-	Cc     [20]uint8
-	Ispeed uint32
-	Ospeed uint32
-}
-
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
-const (
-	AT_FDCWD            = -0x2
-	AT_REMOVEDIR        = 0x80
-	AT_SYMLINK_FOLLOW   = 0x40
-	AT_SYMLINK_NOFOLLOW = 0x20
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLERR    = 0x8
-	POLLHUP    = 0x10
-	POLLIN     = 0x1
-	POLLNVAL   = 0x20
-	POLLOUT    = 0x4
-	POLLPRI    = 0x2
-	POLLRDBAND = 0x80
-	POLLRDNORM = 0x40
-	POLLWRBAND = 0x100
-	POLLWRNORM = 0x4
-)
-
-type Utsname struct {
-	Sysname  [256]byte
-	Nodename [256]byte
-	Release  [256]byte
-	Version  [256]byte
-	Machine  [256]byte
-}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index 116e6e0757854..7efe5ccba331f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_darwin.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && darwin
 // +build amd64,darwin
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -63,25 +64,24 @@ type Rlimit struct {
 type _Gid_t uint32
 
 type Stat_t struct {
-	Dev           int32
-	Mode          uint16
-	Nlink         uint16
-	Ino           uint64
-	Uid           uint32
-	Gid           uint32
-	Rdev          int32
-	_             [4]byte
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Birthtimespec Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       int32
-	Flags         uint32
-	Gen           uint32
-	Lspare        int32
-	Qspare        [2]int64
+	Dev     int32
+	Mode    uint16
+	Nlink   uint16
+	Ino     uint64
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Qspare  [2]int64
 }
 
 type Statfs_t struct {
@@ -97,10 +97,11 @@ type Statfs_t struct {
 	Type        uint32
 	Flags       uint32
 	Fssubtype   uint32
-	Fstypename  [16]int8
-	Mntonname   [1024]int8
-	Mntfromname [1024]int8
-	Reserved    [8]uint32
+	Fstypename  [16]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+	Flags_ext   uint32
+	Reserved    [7]uint32
 }
 
 type Flock_t struct {
@@ -133,8 +134,7 @@ type Fbootstraptransfer_t struct {
 
 type Log2phys_t struct {
 	Flags uint32
-	_     [8]byte
-	_     [8]byte
+	_     [16]byte
 }
 
 type Fsid struct {
@@ -151,6 +151,10 @@ type Dirent struct {
 	_       [3]byte
 }
 
+const (
+	PathMax = 0x400
+)
+
 type RawSockaddrInet4 struct {
 	Len    uint8
 	Family uint8
@@ -196,8 +200,110 @@ type RawSockaddrAny struct {
 	Pad  [92]int8
 }
 
+type RawSockaddrCtl struct {
+	Sc_len      uint8
+	Sc_family   uint8
+	Ss_sysaddr  uint16
+	Sc_id       uint32
+	Sc_unit     uint32
+	Sc_reserved [5]uint32
+}
+
+type RawSockaddrVM struct {
+	Len       uint8
+	Family    uint8
+	Reserved1 uint16
+	Port      uint32
+	Cid       uint32
+}
+
+type XVSockPCB struct {
+	Xv_len           uint32
+	Xv_vsockpp       uint64
+	Xvp_local_cid    uint32
+	Xvp_local_port   uint32
+	Xvp_remote_cid   uint32
+	Xvp_remote_port  uint32
+	Xvp_rxcnt        uint32
+	Xvp_txcnt        uint32
+	Xvp_peer_rxhiwat uint32
+	Xvp_peer_rxcnt   uint32
+	Xvp_last_pid     int32
+	Xvp_gencnt       uint64
+	Xv_socket        XSocket
+	_                [4]byte
+}
+
+type XSocket struct {
+	Xso_len      uint32
+	Xso_so       uint32
+	So_type      int16
+	So_options   int16
+	So_linger    int16
+	So_state     int16
+	So_pcb       uint32
+	Xso_protocol int32
+	Xso_family   int32
+	So_qlen      int16
+	So_incqlen   int16
+	So_qlimit    int16
+	So_timeo     int16
+	So_error     uint16
+	So_pgid      int32
+	So_oobmark   uint32
+	So_rcv       XSockbuf
+	So_snd       XSockbuf
+	So_uid       uint32
+}
+
+type XSocket64 struct {
+	Xso_len      uint32
+	_            [8]byte
+	So_type      int16
+	So_options   int16
+	So_linger    int16
+	So_state     int16
+	_            [8]byte
+	Xso_protocol int32
+	Xso_family   int32
+	So_qlen      int16
+	So_incqlen   int16
+	So_qlimit    int16
+	So_timeo     int16
+	So_error     uint16
+	So_pgid      int32
+	So_oobmark   uint32
+	So_rcv       XSockbuf
+	So_snd       XSockbuf
+	So_uid       uint32
+}
+
+type XSockbuf struct {
+	Cc    uint32
+	Hiwat uint32
+	Mbcnt uint32
+	Mbmax uint32
+	Lowat int32
+	Flags int16
+	Timeo int16
+}
+
+type XVSockPgen struct {
+	Len   uint32
+	Count uint64
+	Gen   uint64
+	Sogen uint64
+}
+
 type _Socklen uint32
 
+type Xucred struct {
+	Version uint32
+	Uid     uint32
+	Ngroups int16
+	Groups  [16]uint32
+}
+
 type Linger struct {
 	Onoff  int32
 	Linger int32
@@ -213,6 +319,12 @@ type IPMreq struct {
 	Interface [4]byte /* in_addr */
 }
 
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
 type IPv6Mreq struct {
 	Multiaddr [16]byte /* in6_addr */
 	Interface uint32
@@ -221,10 +333,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     int32
-	_          [4]byte
 	Control    *byte
 	Controllen uint32
 	Flags      int32
@@ -262,8 +372,17 @@ const (
 	SizeofSockaddrAny      = 0x6c
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x14
+	SizeofSockaddrCtl      = 0x20
+	SizeofSockaddrVM       = 0xc
+	SizeofXvsockpcb        = 0xa8
+	SizeofXSocket          = 0x64
+	SizeofXSockbuf         = 0x18
+	SizeofXVSockPgen       = 0x20
+	SizeofXucred           = 0x4c
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
 	SizeofIPMreq           = 0x8
+	SizeofIPMreqn          = 0xc
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x30
 	SizeofCmsghdr          = 0xc
@@ -309,7 +428,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -352,7 +470,6 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Metric  int32
 }
 
@@ -373,7 +490,6 @@ type IfmaMsghdr2 struct {
 	Addrs    int32
 	Flags    int32
 	Index    uint16
-	_        [2]byte
 	Refcount int32
 }
 
@@ -382,7 +498,6 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
 	Flags   int32
 	Addrs   int32
 	Pid     int32
@@ -404,7 +519,8 @@ type RtMetrics struct {
 	Rtt      uint32
 	Rttvar   uint32
 	Pksent   uint32
-	Filler   [4]uint32
+	State    uint32
+	Filler   [3]uint32
 }
 
 const (
@@ -427,7 +543,6 @@ type BpfStat struct {
 
 type BpfProgram struct {
 	Len   uint32
-	_     [4]byte
 	Insns *BpfInsn
 }
 
@@ -452,7 +567,6 @@ type Termios struct {
 	Cflag  uint64
 	Lflag  uint64
 	Cc     [20]uint8
-	_      [4]byte
 	Ispeed uint64
 	Ospeed uint64
 }
@@ -497,3 +611,158 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
+
+type CtlInfo struct {
+	Id   uint32
+	Name [96]byte
+}
+
+const SizeofKinfoProc = 0x288
+
+type Eproc struct {
+	Paddr   uintptr
+	Sess    uintptr
+	Pcred   Pcred
+	Ucred   Ucred
+	Vm      Vmspace
+	Ppid    int32
+	Pgid    int32
+	Jobc    int16
+	Tdev    int32
+	Tpgid   int32
+	Tsess   uintptr
+	Wmesg   [8]int8
+	Xsize   int32
+	Xrssize int16
+	Xccount int16
+	Xswrss  int16
+	Flag    int32
+	Login   [12]int8
+	Spare   [4]int32
+	_       [4]byte
+}
+
+type ExternProc struct {
+	P_starttime Timeval
+	P_vmspace   *Vmspace
+	P_sigacts   uintptr
+	P_flag      int32
+	P_stat      int8
+	P_pid       int32
+	P_oppid     int32
+	P_dupfd     int32
+	User_stack  *int8
+	Exit_thread *byte
+	P_debugger  int32
+	Sigwait     int32
+	P_estcpu    uint32
+	P_cpticks   int32
+	P_pctcpu    uint32
+	P_wchan     *byte
+	P_wmesg     *int8
+	P_swtime    uint32
+	P_slptime   uint32
+	P_realtimer Itimerval
+	P_rtime     Timeval
+	P_uticks    uint64
+	P_sticks    uint64
+	P_iticks    uint64
+	P_traceflag int32
+	P_tracep    uintptr
+	P_siglist   int32
+	P_textvp    uintptr
+	P_holdcnt   int32
+	P_sigmask   uint32
+	P_sigignore uint32
+	P_sigcatch  uint32
+	P_priority  uint8
+	P_usrpri    uint8
+	P_nice      int8
+	P_comm      [17]int8
+	P_pgrp      uintptr
+	P_addr      uintptr
+	P_xstat     uint16
+	P_acflag    uint16
+	P_ru        *Rusage
+}
+
+type Itimerval struct {
+	Interval Timeval
+	Value    Timeval
+}
+
+type KinfoProc struct {
+	Proc  ExternProc
+	Eproc Eproc
+}
+
+type Vmspace struct {
+	Dummy  int32
+	Dummy2 *int8
+	Dummy3 [5]int32
+	Dummy4 [3]*int8
+}
+
+type Pcred struct {
+	Pc_lock  [72]int8
+	Pc_ucred uintptr
+	P_ruid   uint32
+	P_svuid  uint32
+	P_rgid   uint32
+	P_svgid  uint32
+	P_refcnt int32
+	_        [4]byte
+}
+
+type Ucred struct {
+	Ref     int32
+	Uid     uint32
+	Ngroups int16
+	Groups  [16]uint32
+}
+
+type SysvIpcPerm struct {
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint16
+	_    uint16
+	_    int32
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Segsz  uint64
+	Lpid   int32
+	Cpid   int32
+	Nattch uint16
+	_      [34]byte
+}
+
+const (
+	IPC_CREAT   = 0x200
+	IPC_EXCL    = 0x400
+	IPC_NOWAIT  = 0x800
+	IPC_PRIVATE = 0x0
+)
+
+const (
+	IPC_RMID = 0x0
+	IPC_SET  = 0x1
+	IPC_STAT = 0x2
+)
+
+const (
+	SHM_RDONLY = 0x1000
+	SHM_RND    = 0x2000
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm.go
deleted file mode 100644
index 2750ad76070d1..0000000000000
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm.go
+++ /dev/null
@@ -1,490 +0,0 @@
-// NOTE: cgo can't generate struct Stat_t and struct Statfs_t yet
-// Created by cgo -godefs - DO NOT EDIT
-// cgo -godefs types_darwin.go
-
-// +build arm,darwin
-
-package unix
-
-const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
-)
-
-type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int32
-	_C_long_long int64
-)
-
-type Timespec struct {
-	Sec  int32
-	Nsec int32
-}
-
-type Timeval struct {
-	Sec  int32
-	Usec int32
-}
-
-type Timeval32 [0]byte
-
-type Rusage struct {
-	Utime    Timeval
-	Stime    Timeval
-	Maxrss   int32
-	Ixrss    int32
-	Idrss    int32
-	Isrss    int32
-	Minflt   int32
-	Majflt   int32
-	Nswap    int32
-	Inblock  int32
-	Oublock  int32
-	Msgsnd   int32
-	Msgrcv   int32
-	Nsignals int32
-	Nvcsw    int32
-	Nivcsw   int32
-}
-
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
-type Stat_t struct {
-	Dev           int32
-	Mode          uint16
-	Nlink         uint16
-	Ino           uint64
-	Uid           uint32
-	Gid           uint32
-	Rdev          int32
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Birthtimespec Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       int32
-	Flags         uint32
-	Gen           uint32
-	Lspare        int32
-	Qspare        [2]int64
-}
-
-type Statfs_t struct {
-	Bsize       uint32
-	Iosize      int32
-	Blocks      uint64
-	Bfree       uint64
-	Bavail      uint64
-	Files       uint64
-	Ffree       uint64
-	Fsid        Fsid
-	Owner       uint32
-	Type        uint32
-	Flags       uint32
-	Fssubtype   uint32
-	Fstypename  [16]int8
-	Mntonname   [1024]int8
-	Mntfromname [1024]int8
-	Reserved    [8]uint32
-}
-
-type Flock_t struct {
-	Start  int64
-	Len    int64
-	Pid    int32
-	Type   int16
-	Whence int16
-}
-
-type Fstore_t struct {
-	Flags      uint32
-	Posmode    int32
-	Offset     int64
-	Length     int64
-	Bytesalloc int64
-}
-
-type Radvisory_t struct {
-	Offset int64
-	Count  int32
-}
-
-type Fbootstraptransfer_t struct {
-	Offset int64
-	Length uint32
-	Buffer *byte
-}
-
-type Log2phys_t struct {
-	Flags       uint32
-	Contigbytes int64
-	Devoffset   int64
-}
-
-type Fsid struct {
-	Val [2]int32
-}
-
-type Dirent struct {
-	Ino     uint64
-	Seekoff uint64
-	Reclen  uint16
-	Namlen  uint16
-	Type    uint8
-	Name    [1024]int8
-	_       [3]byte
-}
-
-type RawSockaddrInet4 struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type RawSockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Len    uint8
-	Family uint8
-	Path   [104]int8
-}
-
-type RawSockaddrDatalink struct {
-	Len    uint8
-	Family uint8
-	Index  uint16
-	Type   uint8
-	Nlen   uint8
-	Alen   uint8
-	Slen   uint8
-	Data   [12]int8
-}
-
-type RawSockaddr struct {
-	Len    uint8
-	Family uint8
-	Data   [14]int8
-}
-
-type RawSockaddrAny struct {
-	Addr RawSockaddr
-	Pad  [92]int8
-}
-
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
-type Iovec struct {
-	Base *byte
-	Len  uint32
-}
-
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type Msghdr struct {
-	Name       *byte
-	Namelen    uint32
-	Iov        *Iovec
-	Iovlen     int32
-	Control    *byte
-	Controllen uint32
-	Flags      int32
-}
-
-type Cmsghdr struct {
-	Len   uint32
-	Level int32
-	Type  int32
-}
-
-type Inet4Pktinfo struct {
-	Ifindex  uint32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Filt [8]uint32
-}
-
-const (
-	SizeofSockaddrInet4    = 0x10
-	SizeofSockaddrInet6    = 0x1c
-	SizeofSockaddrAny      = 0x6c
-	SizeofSockaddrUnix     = 0x6a
-	SizeofSockaddrDatalink = 0x14
-	SizeofLinger           = 0x8
-	SizeofIPMreq           = 0x8
-	SizeofIPv6Mreq         = 0x14
-	SizeofMsghdr           = 0x1c
-	SizeofCmsghdr          = 0xc
-	SizeofInet4Pktinfo     = 0xc
-	SizeofInet6Pktinfo     = 0x14
-	SizeofIPv6MTUInfo      = 0x20
-	SizeofICMPv6Filter     = 0x20
-)
-
-const (
-	PTRACE_TRACEME = 0x0
-	PTRACE_CONT    = 0x7
-	PTRACE_KILL    = 0x8
-)
-
-type Kevent_t struct {
-	Ident  uint32
-	Filter int16
-	Flags  uint16
-	Fflags uint32
-	Data   int32
-	Udata  *byte
-}
-
-type FdSet struct {
-	Bits [32]int32
-}
-
-const (
-	SizeofIfMsghdr    = 0x70
-	SizeofIfData      = 0x60
-	SizeofIfaMsghdr   = 0x14
-	SizeofIfmaMsghdr  = 0x10
-	SizeofIfmaMsghdr2 = 0x14
-	SizeofRtMsghdr    = 0x5c
-	SizeofRtMetrics   = 0x38
-)
-
-type IfMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Addrs   int32
-	Flags   int32
-	Index   uint16
-	_       [2]byte
-	Data    IfData
-}
-
-type IfData struct {
-	Type       uint8
-	Typelen    uint8
-	Physical   uint8
-	Addrlen    uint8
-	Hdrlen     uint8
-	Recvquota  uint8
-	Xmitquota  uint8
-	Unused1    uint8
-	Mtu        uint32
-	Metric     uint32
-	Baudrate   uint32
-	Ipackets   uint32
-	Ierrors    uint32
-	Opackets   uint32
-	Oerrors    uint32
-	Collisions uint32
-	Ibytes     uint32
-	Obytes     uint32
-	Imcasts    uint32
-	Omcasts    uint32
-	Iqdrops    uint32
-	Noproto    uint32
-	Recvtiming uint32
-	Xmittiming uint32
-	Lastchange Timeval
-	Unused2    uint32
-	Hwassist   uint32
-	Reserved1  uint32
-	Reserved2  uint32
-}
-
-type IfaMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Addrs   int32
-	Flags   int32
-	Index   uint16
-	_       [2]byte
-	Metric  int32
-}
-
-type IfmaMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Addrs   int32
-	Flags   int32
-	Index   uint16
-	_       [2]byte
-}
-
-type IfmaMsghdr2 struct {
-	Msglen   uint16
-	Version  uint8
-	Type     uint8
-	Addrs    int32
-	Flags    int32
-	Index    uint16
-	_        [2]byte
-	Refcount int32
-}
-
-type RtMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Index   uint16
-	_       [2]byte
-	Flags   int32
-	Addrs   int32
-	Pid     int32
-	Seq     int32
-	Errno   int32
-	Use     int32
-	Inits   uint32
-	Rmx     RtMetrics
-}
-
-type RtMetrics struct {
-	Locks    uint32
-	Mtu      uint32
-	Hopcount uint32
-	Expire   int32
-	Recvpipe uint32
-	Sendpipe uint32
-	Ssthresh uint32
-	Rtt      uint32
-	Rttvar   uint32
-	Pksent   uint32
-	Filler   [4]uint32
-}
-
-const (
-	SizeofBpfVersion = 0x4
-	SizeofBpfStat    = 0x8
-	SizeofBpfProgram = 0x8
-	SizeofBpfInsn    = 0x8
-	SizeofBpfHdr     = 0x14
-)
-
-type BpfVersion struct {
-	Major uint16
-	Minor uint16
-}
-
-type BpfStat struct {
-	Recv uint32
-	Drop uint32
-}
-
-type BpfProgram struct {
-	Len   uint32
-	Insns *BpfInsn
-}
-
-type BpfInsn struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type BpfHdr struct {
-	Tstamp  Timeval
-	Caplen  uint32
-	Datalen uint32
-	Hdrlen  uint16
-	_       [2]byte
-}
-
-type Termios struct {
-	Iflag  uint32
-	Oflag  uint32
-	Cflag  uint32
-	Lflag  uint32
-	Cc     [20]uint8
-	Ispeed uint32
-	Ospeed uint32
-}
-
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
-const (
-	AT_FDCWD            = -0x2
-	AT_REMOVEDIR        = 0x80
-	AT_SYMLINK_FOLLOW   = 0x40
-	AT_SYMLINK_NOFOLLOW = 0x20
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLERR    = 0x8
-	POLLHUP    = 0x10
-	POLLIN     = 0x1
-	POLLNVAL   = 0x20
-	POLLOUT    = 0x4
-	POLLPRI    = 0x2
-	POLLRDBAND = 0x80
-	POLLRDNORM = 0x40
-	POLLWRBAND = 0x100
-	POLLWRNORM = 0x4
-)
-
-type Utsname struct {
-	Sysname  [256]byte
-	Nodename [256]byte
-	Release  [256]byte
-	Version  [256]byte
-	Machine  [256]byte
-}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 8cead0996c849..b23a2efe81b82 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_darwin.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm64 && darwin
 // +build arm64,darwin
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -63,25 +64,24 @@ type Rlimit struct {
 type _Gid_t uint32
 
 type Stat_t struct {
-	Dev           int32
-	Mode          uint16
-	Nlink         uint16
-	Ino           uint64
-	Uid           uint32
-	Gid           uint32
-	Rdev          int32
-	_             [4]byte
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Birthtimespec Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       int32
-	Flags         uint32
-	Gen           uint32
-	Lspare        int32
-	Qspare        [2]int64
+	Dev     int32
+	Mode    uint16
+	Nlink   uint16
+	Ino     uint64
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Qspare  [2]int64
 }
 
 type Statfs_t struct {
@@ -97,10 +97,11 @@ type Statfs_t struct {
 	Type        uint32
 	Flags       uint32
 	Fssubtype   uint32
-	Fstypename  [16]int8
-	Mntonname   [1024]int8
-	Mntfromname [1024]int8
-	Reserved    [8]uint32
+	Fstypename  [16]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+	Flags_ext   uint32
+	Reserved    [7]uint32
 }
 
 type Flock_t struct {
@@ -133,8 +134,7 @@ type Fbootstraptransfer_t struct {
 
 type Log2phys_t struct {
 	Flags uint32
-	_     [8]byte
-	_     [8]byte
+	_     [16]byte
 }
 
 type Fsid struct {
@@ -151,6 +151,10 @@ type Dirent struct {
 	_       [3]byte
 }
 
+const (
+	PathMax = 0x400
+)
+
 type RawSockaddrInet4 struct {
 	Len    uint8
 	Family uint8
@@ -196,8 +200,110 @@ type RawSockaddrAny struct {
 	Pad  [92]int8
 }
 
+type RawSockaddrCtl struct {
+	Sc_len      uint8
+	Sc_family   uint8
+	Ss_sysaddr  uint16
+	Sc_id       uint32
+	Sc_unit     uint32
+	Sc_reserved [5]uint32
+}
+
+type RawSockaddrVM struct {
+	Len       uint8
+	Family    uint8
+	Reserved1 uint16
+	Port      uint32
+	Cid       uint32
+}
+
+type XVSockPCB struct {
+	Xv_len           uint32
+	Xv_vsockpp       uint64
+	Xvp_local_cid    uint32
+	Xvp_local_port   uint32
+	Xvp_remote_cid   uint32
+	Xvp_remote_port  uint32
+	Xvp_rxcnt        uint32
+	Xvp_txcnt        uint32
+	Xvp_peer_rxhiwat uint32
+	Xvp_peer_rxcnt   uint32
+	Xvp_last_pid     int32
+	Xvp_gencnt       uint64
+	Xv_socket        XSocket
+	_                [4]byte
+}
+
+type XSocket struct {
+	Xso_len      uint32
+	Xso_so       uint32
+	So_type      int16
+	So_options   int16
+	So_linger    int16
+	So_state     int16
+	So_pcb       uint32
+	Xso_protocol int32
+	Xso_family   int32
+	So_qlen      int16
+	So_incqlen   int16
+	So_qlimit    int16
+	So_timeo     int16
+	So_error     uint16
+	So_pgid      int32
+	So_oobmark   uint32
+	So_rcv       XSockbuf
+	So_snd       XSockbuf
+	So_uid       uint32
+}
+
+type XSocket64 struct {
+	Xso_len      uint32
+	_            [8]byte
+	So_type      int16
+	So_options   int16
+	So_linger    int16
+	So_state     int16
+	_            [8]byte
+	Xso_protocol int32
+	Xso_family   int32
+	So_qlen      int16
+	So_incqlen   int16
+	So_qlimit    int16
+	So_timeo     int16
+	So_error     uint16
+	So_pgid      int32
+	So_oobmark   uint32
+	So_rcv       XSockbuf
+	So_snd       XSockbuf
+	So_uid       uint32
+}
+
+type XSockbuf struct {
+	Cc    uint32
+	Hiwat uint32
+	Mbcnt uint32
+	Mbmax uint32
+	Lowat int32
+	Flags int16
+	Timeo int16
+}
+
+type XVSockPgen struct {
+	Len   uint32
+	Count uint64
+	Gen   uint64
+	Sogen uint64
+}
+
 type _Socklen uint32
 
+type Xucred struct {
+	Version uint32
+	Uid     uint32
+	Ngroups int16
+	Groups  [16]uint32
+}
+
 type Linger struct {
 	Onoff  int32
 	Linger int32
@@ -213,6 +319,12 @@ type IPMreq struct {
 	Interface [4]byte /* in_addr */
 }
 
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
 type IPv6Mreq struct {
 	Multiaddr [16]byte /* in6_addr */
 	Interface uint32
@@ -221,10 +333,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     int32
-	_          [4]byte
 	Control    *byte
 	Controllen uint32
 	Flags      int32
@@ -262,8 +372,17 @@ const (
 	SizeofSockaddrAny      = 0x6c
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x14
+	SizeofSockaddrCtl      = 0x20
+	SizeofSockaddrVM       = 0xc
+	SizeofXvsockpcb        = 0xa8
+	SizeofXSocket          = 0x64
+	SizeofXSockbuf         = 0x18
+	SizeofXVSockPgen       = 0x20
+	SizeofXucred           = 0x4c
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
 	SizeofIPMreq           = 0x8
+	SizeofIPMreqn          = 0xc
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x30
 	SizeofCmsghdr          = 0xc
@@ -309,7 +428,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -352,7 +470,6 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Metric  int32
 }
 
@@ -373,7 +490,6 @@ type IfmaMsghdr2 struct {
 	Addrs    int32
 	Flags    int32
 	Index    uint16
-	_        [2]byte
 	Refcount int32
 }
 
@@ -382,7 +498,6 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
 	Flags   int32
 	Addrs   int32
 	Pid     int32
@@ -404,7 +519,8 @@ type RtMetrics struct {
 	Rtt      uint32
 	Rttvar   uint32
 	Pksent   uint32
-	Filler   [4]uint32
+	State    uint32
+	Filler   [3]uint32
 }
 
 const (
@@ -427,7 +543,6 @@ type BpfStat struct {
 
 type BpfProgram struct {
 	Len   uint32
-	_     [4]byte
 	Insns *BpfInsn
 }
 
@@ -452,7 +567,6 @@ type Termios struct {
 	Cflag  uint64
 	Lflag  uint64
 	Cc     [20]uint8
-	_      [4]byte
 	Ispeed uint64
 	Ospeed uint64
 }
@@ -497,3 +611,158 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
+
+type CtlInfo struct {
+	Id   uint32
+	Name [96]byte
+}
+
+const SizeofKinfoProc = 0x288
+
+type Eproc struct {
+	Paddr   uintptr
+	Sess    uintptr
+	Pcred   Pcred
+	Ucred   Ucred
+	Vm      Vmspace
+	Ppid    int32
+	Pgid    int32
+	Jobc    int16
+	Tdev    int32
+	Tpgid   int32
+	Tsess   uintptr
+	Wmesg   [8]int8
+	Xsize   int32
+	Xrssize int16
+	Xccount int16
+	Xswrss  int16
+	Flag    int32
+	Login   [12]int8
+	Spare   [4]int32
+	_       [4]byte
+}
+
+type ExternProc struct {
+	P_starttime Timeval
+	P_vmspace   *Vmspace
+	P_sigacts   uintptr
+	P_flag      int32
+	P_stat      int8
+	P_pid       int32
+	P_oppid     int32
+	P_dupfd     int32
+	User_stack  *int8
+	Exit_thread *byte
+	P_debugger  int32
+	Sigwait     int32
+	P_estcpu    uint32
+	P_cpticks   int32
+	P_pctcpu    uint32
+	P_wchan     *byte
+	P_wmesg     *int8
+	P_swtime    uint32
+	P_slptime   uint32
+	P_realtimer Itimerval
+	P_rtime     Timeval
+	P_uticks    uint64
+	P_sticks    uint64
+	P_iticks    uint64
+	P_traceflag int32
+	P_tracep    uintptr
+	P_siglist   int32
+	P_textvp    uintptr
+	P_holdcnt   int32
+	P_sigmask   uint32
+	P_sigignore uint32
+	P_sigcatch  uint32
+	P_priority  uint8
+	P_usrpri    uint8
+	P_nice      int8
+	P_comm      [17]int8
+	P_pgrp      uintptr
+	P_addr      uintptr
+	P_xstat     uint16
+	P_acflag    uint16
+	P_ru        *Rusage
+}
+
+type Itimerval struct {
+	Interval Timeval
+	Value    Timeval
+}
+
+type KinfoProc struct {
+	Proc  ExternProc
+	Eproc Eproc
+}
+
+type Vmspace struct {
+	Dummy  int32
+	Dummy2 *int8
+	Dummy3 [5]int32
+	Dummy4 [3]*int8
+}
+
+type Pcred struct {
+	Pc_lock  [72]int8
+	Pc_ucred uintptr
+	P_ruid   uint32
+	P_svuid  uint32
+	P_rgid   uint32
+	P_svgid  uint32
+	P_refcnt int32
+	_        [4]byte
+}
+
+type Ucred struct {
+	Ref     int32
+	Uid     uint32
+	Ngroups int16
+	Groups  [16]uint32
+}
+
+type SysvIpcPerm struct {
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint16
+	_    uint16
+	_    int32
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Segsz  uint64
+	Lpid   int32
+	Cpid   int32
+	Nattch uint16
+	_      [34]byte
+}
+
+const (
+	IPC_CREAT   = 0x200
+	IPC_EXCL    = 0x400
+	IPC_NOWAIT  = 0x800
+	IPC_PRIVATE = 0x0
+)
+
+const (
+	IPC_RMID = 0x0
+	IPC_SET  = 0x1
+	IPC_STAT = 0x2
+)
+
+const (
+	SHM_RDONLY = 0x1000
+	SHM_RND    = 0x2000
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
index 315a553bd5bb0..d0ba8e9b86a34 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_dragonfly.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && dragonfly
 // +build amd64,dragonfly
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -56,43 +57,26 @@ type Rlimit struct {
 
 type _Gid_t uint32
 
-const (
-	S_IFMT   = 0xf000
-	S_IFIFO  = 0x1000
-	S_IFCHR  = 0x2000
-	S_IFDIR  = 0x4000
-	S_IFBLK  = 0x6000
-	S_IFREG  = 0x8000
-	S_IFLNK  = 0xa000
-	S_IFSOCK = 0xc000
-	S_ISUID  = 0x800
-	S_ISGID  = 0x400
-	S_ISVTX  = 0x200
-	S_IRUSR  = 0x100
-	S_IWUSR  = 0x80
-	S_IXUSR  = 0x40
-)
-
 type Stat_t struct {
-	Ino      uint64
-	Nlink    uint32
-	Dev      uint32
-	Mode     uint16
-	Padding1 uint16
-	Uid      uint32
-	Gid      uint32
-	Rdev     uint32
-	Atim     Timespec
-	Mtim     Timespec
-	Ctim     Timespec
-	Size     int64
-	Blocks   int64
-	Blksize  uint32
-	Flags    uint32
-	Gen      uint32
-	Lspare   int32
-	Qspare1  int64
-	Qspare2  int64
+	Ino     uint64
+	Nlink   uint32
+	Dev     uint32
+	Mode    uint16
+	_1      uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	_       uint32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Blksize int64
+	Qspare2 int64
 }
 
 type Statfs_t struct {
@@ -108,17 +92,15 @@ type Statfs_t struct {
 	Owner       uint32
 	Type        int32
 	Flags       int32
-	_           [4]byte
 	Syncwrites  int64
 	Asyncwrites int64
-	Fstypename  [16]int8
-	Mntonname   [80]int8
+	Fstypename  [16]byte
+	Mntonname   [80]byte
 	Syncreads   int64
 	Asyncreads  int64
 	Spares1     int16
-	Mntfromname [80]int8
+	Mntfromname [80]byte
 	Spares2     int16
-	_           [4]byte
 	Spare       [2]int64
 }
 
@@ -219,10 +201,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     int32
-	_          [4]byte
 	Control    *byte
 	Controllen uint32
 	Flags      int32
@@ -255,6 +235,7 @@ const (
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x36
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
 	SizeofIPMreq           = 0x8
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x30
@@ -286,7 +267,7 @@ type FdSet struct {
 const (
 	SizeofIfMsghdr         = 0xb0
 	SizeofIfData           = 0xa0
-	SizeofIfaMsghdr        = 0x14
+	SizeofIfaMsghdr        = 0x18
 	SizeofIfmaMsghdr       = 0x10
 	SizeofIfAnnounceMsghdr = 0x18
 	SizeofRtMsghdr         = 0x98
@@ -297,10 +278,9 @@ type IfMsghdr struct {
 	Msglen  uint16
 	Version uint8
 	Type    uint8
-	Addrs   int32
-	Flags   int32
 	Index   uint16
-	_       [2]byte
+	Flags   int32
+	Addrs   int32
 	Data    IfData
 }
 
@@ -311,7 +291,6 @@ type IfData struct {
 	Hdrlen     uint8
 	Recvquota  uint8
 	Xmitquota  uint8
-	_          [2]byte
 	Mtu        uint64
 	Metric     uint64
 	Link_state uint64
@@ -333,24 +312,23 @@ type IfData struct {
 }
 
 type IfaMsghdr struct {
-	Msglen  uint16
-	Version uint8
-	Type    uint8
-	Addrs   int32
-	Flags   int32
-	Index   uint16
-	_       [2]byte
-	Metric  int32
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Index     uint16
+	Flags     int32
+	Addrs     int32
+	Addrflags int32
+	Metric    int32
 }
 
 type IfmaMsghdr struct {
 	Msglen  uint16
 	Version uint8
 	Type    uint8
-	Addrs   int32
-	Flags   int32
 	Index   uint16
-	_       [2]byte
+	Flags   int32
+	Addrs   int32
 }
 
 type IfAnnounceMsghdr struct {
@@ -367,7 +345,6 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
 	Flags   int32
 	Addrs   int32
 	Pid     int32
@@ -391,7 +368,6 @@ type RtMetrics struct {
 	Hopcount  uint64
 	Mssopt    uint16
 	Pad       uint16
-	_         [4]byte
 	Msl       uint64
 	Iwmaxsegs uint64
 	Iwcapsegs uint64
@@ -417,7 +393,6 @@ type BpfStat struct {
 
 type BpfProgram struct {
 	Len   uint32
-	_     [4]byte
 	Insns *BpfInsn
 }
 
@@ -456,6 +431,9 @@ type Winsize struct {
 const (
 	AT_FDCWD            = 0xfffafdcd
 	AT_SYMLINK_NOFOLLOW = 0x1
+	AT_REMOVEDIR        = 0x2
+	AT_EACCESS          = 0x4
+	AT_SYMLINK_FOLLOW   = 0x8
 )
 
 type PollFd struct {
@@ -484,3 +462,13 @@ type Utsname struct {
 	Version  [32]byte
 	Machine  [32]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 878a21ad6d74a..4eec078e52490 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_freebsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && freebsd
 // +build 386,freebsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -30,6 +31,8 @@ type Timeval struct {
 	Usec int32
 }
 
+type Time_t int32
+
 type Rusage struct {
 	Utime    Timeval
 	Stime    Timeval
@@ -57,41 +60,55 @@ type Rlimit struct {
 type _Gid_t uint32
 
 const (
-	S_IFMT   = 0xf000
-	S_IFIFO  = 0x1000
-	S_IFCHR  = 0x2000
-	S_IFDIR  = 0x4000
-	S_IFBLK  = 0x6000
-	S_IFREG  = 0x8000
-	S_IFLNK  = 0xa000
-	S_IFSOCK = 0xc000
-	S_ISUID  = 0x800
-	S_ISGID  = 0x400
-	S_ISVTX  = 0x200
-	S_IRUSR  = 0x100
-	S_IWUSR  = 0x80
-	S_IXUSR  = 0x40
+	_statfsVersion = 0x20140518
+	_dirblksiz     = 0x400
 )
 
 type Stat_t struct {
-	Dev           uint32
-	Ino           uint32
-	Mode          uint16
-	Nlink         uint16
-	Uid           uint32
-	Gid           uint32
-	Rdev          uint32
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       int32
-	Flags         uint32
-	Gen           uint32
-	Lspare        int32
-	Birthtimespec Timespec
-	Pad_cgo_0     [8]byte
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint16
+	_0      int16
+	Uid     uint32
+	Gid     uint32
+	_1      int32
+	Rdev    uint64
+	_       int32
+	Atim    Timespec
+	_       int32
+	Mtim    Timespec
+	_       int32
+	Ctim    Timespec
+	_       int32
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint64
+	Spare   [10]uint64
+}
+
+type stat_freebsd11_t struct {
+	Dev     uint32
+	Ino     uint32
+	Mode    uint16
+	Nlink   uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Btim    Timespec
+	_       [8]byte
 }
 
 type Statfs_t struct {
@@ -114,9 +131,34 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [88]int8
-	Mntonname   [88]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
+}
+
+type statfs_freebsd11_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
@@ -129,6 +171,17 @@ type Flock_t struct {
 }
 
 type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Pad0   uint8
+	Namlen uint16
+	Pad1   uint16
+	Name   [256]int8
+}
+
+type dirent_freebsd11 struct {
 	Fileno uint32
 	Reclen uint16
 	Type   uint8
@@ -200,6 +253,14 @@ type RawSockaddrAny struct {
 
 type _Socklen uint32
 
+type Xucred struct {
+	Version uint32
+	Uid     uint32
+	Ngroups int16
+	Groups  [16]uint32
+	_       *byte
+}
+
 type Linger struct {
 	Onoff  int32
 	Linger int32
@@ -262,7 +323,9 @@ const (
 	SizeofSockaddrAny      = 0x6c
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x36
+	SizeofXucred           = 0x50
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x8
 	SizeofIPMreq           = 0x8
 	SizeofIPMreqn          = 0xc
 	SizeofIPv6Mreq         = 0x14
@@ -274,11 +337,108 @@ const (
 )
 
 const (
-	PTRACE_TRACEME = 0x0
-	PTRACE_CONT    = 0x7
-	PTRACE_KILL    = 0x8
+	PTRACE_ATTACH     = 0xa
+	PTRACE_CONT       = 0x7
+	PTRACE_DETACH     = 0xb
+	PTRACE_GETFPREGS  = 0x23
+	PTRACE_GETFSBASE  = 0x47
+	PTRACE_GETLWPLIST = 0xf
+	PTRACE_GETNUMLWPS = 0xe
+	PTRACE_GETREGS    = 0x21
+	PTRACE_GETXSTATE  = 0x45
+	PTRACE_IO         = 0xc
+	PTRACE_KILL       = 0x8
+	PTRACE_LWPEVENTS  = 0x18
+	PTRACE_LWPINFO    = 0xd
+	PTRACE_SETFPREGS  = 0x24
+	PTRACE_SETREGS    = 0x22
+	PTRACE_SINGLESTEP = 0x9
+	PTRACE_TRACEME    = 0x0
+)
+
+const (
+	PIOD_READ_D  = 0x1
+	PIOD_WRITE_D = 0x2
+	PIOD_READ_I  = 0x3
+	PIOD_WRITE_I = 0x4
+)
+
+const (
+	PL_FLAG_BORN   = 0x100
+	PL_FLAG_EXITED = 0x200
+	PL_FLAG_SI     = 0x20
 )
 
+const (
+	TRAP_BRKPT = 0x1
+	TRAP_TRACE = 0x2
+)
+
+type PtraceLwpInfoStruct struct {
+	Lwpid        int32
+	Event        int32
+	Flags        int32
+	Sigmask      Sigset_t
+	Siglist      Sigset_t
+	Siginfo      __Siginfo
+	Tdname       [20]int8
+	Child_pid    int32
+	Syscall_code uint32
+	Syscall_narg uint32
+}
+
+type __Siginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   *byte
+	Value  [4]byte
+	_      [32]byte
+}
+
+type Sigset_t struct {
+	Val [4]uint32
+}
+
+type Reg struct {
+	Fs     uint32
+	Es     uint32
+	Ds     uint32
+	Edi    uint32
+	Esi    uint32
+	Ebp    uint32
+	Isp    uint32
+	Ebx    uint32
+	Edx    uint32
+	Ecx    uint32
+	Eax    uint32
+	Trapno uint32
+	Err    uint32
+	Eip    uint32
+	Cs     uint32
+	Eflags uint32
+	Esp    uint32
+	Ss     uint32
+	Gs     uint32
+}
+
+type FpReg struct {
+	Env   [7]uint32
+	Acc   [8][10]uint8
+	Ex_sw uint32
+	Pad   [64]uint8
+}
+
+type PtraceIoDesc struct {
+	Op   int32
+	Offs *byte
+	Addr *byte
+	Len  uint32
+}
+
 type Kevent_t struct {
 	Ident  uint32
 	Filter int16
@@ -289,7 +449,7 @@ type Kevent_t struct {
 }
 
 type FdSet struct {
-	X__fds_bits [32]uint32
+	Bits [32]uint32
 }
 
 const (
@@ -305,53 +465,52 @@ const (
 )
 
 type ifMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Data      ifData
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Data    ifData
 }
 
 type IfMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Data      IfData
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Data    IfData
 }
 
 type ifData struct {
-	Type              uint8
-	Physical          uint8
-	Addrlen           uint8
-	Hdrlen            uint8
-	Link_state        uint8
-	Vhid              uint8
-	Datalen           uint16
-	Mtu               uint32
-	Metric            uint32
-	Baudrate          uint64
-	Ipackets          uint64
-	Ierrors           uint64
-	Opackets          uint64
-	Oerrors           uint64
-	Collisions        uint64
-	Ibytes            uint64
-	Obytes            uint64
-	Imcasts           uint64
-	Omcasts           uint64
-	Iqdrops           uint64
-	Oqdrops           uint64
-	Noproto           uint64
-	Hwassist          uint64
-	X__ifi_epoch      [8]byte
-	X__ifi_lastchange [16]byte
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Link_state uint8
+	Vhid       uint8
+	Datalen    uint16
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Oqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	_          [8]byte
+	_          [16]byte
 }
 
 type IfData struct {
@@ -383,24 +542,24 @@ type IfData struct {
 }
 
 type IfaMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Metric    int32
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Metric  int32
 }
 
 type IfmaMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
 }
 
 type IfAnnounceMsghdr struct {
@@ -413,19 +572,19 @@ type IfAnnounceMsghdr struct {
 }
 
 type RtMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Flags     int32
-	Addrs     int32
-	Pid       int32
-	Seq       int32
-	Errno     int32
-	Fmask     int32
-	Inits     uint32
-	Rmx       RtMetrics
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       uint16
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Fmask   int32
+	Inits   uint32
+	Rmx     RtMetrics
 }
 
 type RtMetrics struct {
@@ -482,18 +641,18 @@ type BpfInsn struct {
 }
 
 type BpfHdr struct {
-	Tstamp    Timeval
-	Caplen    uint32
-	Datalen   uint32
-	Hdrlen    uint16
-	Pad_cgo_0 [2]byte
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
 }
 
 type BpfZbufHeader struct {
 	Kernel_gen uint32
 	Kernel_len uint32
 	User_gen   uint32
-	X_bzh_pad  [5]uint32
+	_          [5]uint32
 }
 
 type Termios struct {
@@ -515,9 +674,10 @@ type Winsize struct {
 
 const (
 	AT_FDCWD            = -0x64
-	AT_REMOVEDIR        = 0x800
-	AT_SYMLINK_FOLLOW   = 0x400
+	AT_EACCESS          = 0x100
 	AT_SYMLINK_NOFOLLOW = 0x200
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_REMOVEDIR        = 0x800
 )
 
 type PollFd struct {
@@ -551,3 +711,13 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz     int32
+	Tick   int32
+	Spare  int32
+	Stathz int32
+	Profhz int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 8408af1250cbb..7622904a532f4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_freebsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && freebsd
 // +build amd64,freebsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -30,6 +31,8 @@ type Timeval struct {
 	Usec int64
 }
 
+type Time_t int64
+
 type Rusage struct {
 	Utime    Timeval
 	Stime    Timeval
@@ -57,40 +60,50 @@ type Rlimit struct {
 type _Gid_t uint32
 
 const (
-	S_IFMT   = 0xf000
-	S_IFIFO  = 0x1000
-	S_IFCHR  = 0x2000
-	S_IFDIR  = 0x4000
-	S_IFBLK  = 0x6000
-	S_IFREG  = 0x8000
-	S_IFLNK  = 0xa000
-	S_IFSOCK = 0xc000
-	S_ISUID  = 0x800
-	S_ISGID  = 0x400
-	S_ISVTX  = 0x200
-	S_IRUSR  = 0x100
-	S_IWUSR  = 0x80
-	S_IXUSR  = 0x40
+	_statfsVersion = 0x20140518
+	_dirblksiz     = 0x400
 )
 
 type Stat_t struct {
-	Dev           uint32
-	Ino           uint32
-	Mode          uint16
-	Nlink         uint16
-	Uid           uint32
-	Gid           uint32
-	Rdev          uint32
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       int32
-	Flags         uint32
-	Gen           uint32
-	Lspare        int32
-	Birthtimespec Timespec
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint16
+	_0      int16
+	Uid     uint32
+	Gid     uint32
+	_1      int32
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint64
+	Spare   [10]uint64
+}
+
+type stat_freebsd11_t struct {
+	Dev     uint32
+	Ino     uint32
+	Mode    uint16
+	Nlink   uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Btim    Timespec
 }
 
 type Statfs_t struct {
@@ -113,22 +126,58 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [88]int8
-	Mntonname   [88]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
+}
+
+type statfs_freebsd11_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
-	Start     int64
-	Len       int64
-	Pid       int32
-	Type      int16
-	Whence    int16
-	Sysid     int32
-	Pad_cgo_0 [4]byte
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+	Sysid  int32
+	_      [4]byte
 }
 
 type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Pad0   uint8
+	Namlen uint16
+	Pad1   uint16
+	Name   [256]int8
+}
+
+type dirent_freebsd11 struct {
 	Fileno uint32
 	Reclen uint16
 	Type   uint8
@@ -200,6 +249,14 @@ type RawSockaddrAny struct {
 
 type _Socklen uint32
 
+type Xucred struct {
+	Version uint32
+	Uid     uint32
+	Ngroups int16
+	Groups  [16]uint32
+	_       *byte
+}
+
 type Linger struct {
 	Onoff  int32
 	Linger int32
@@ -229,10 +286,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	Pad_cgo_0  [4]byte
 	Iov        *Iovec
 	Iovlen     int32
-	Pad_cgo_1  [4]byte
 	Control    *byte
 	Controllen uint32
 	Flags      int32
@@ -264,7 +319,9 @@ const (
 	SizeofSockaddrAny      = 0x6c
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x36
+	SizeofXucred           = 0x58
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
 	SizeofIPMreq           = 0x8
 	SizeofIPMreqn          = 0xc
 	SizeofIPv6Mreq         = 0x14
@@ -276,11 +333,115 @@ const (
 )
 
 const (
-	PTRACE_TRACEME = 0x0
-	PTRACE_CONT    = 0x7
-	PTRACE_KILL    = 0x8
+	PTRACE_ATTACH     = 0xa
+	PTRACE_CONT       = 0x7
+	PTRACE_DETACH     = 0xb
+	PTRACE_GETFPREGS  = 0x23
+	PTRACE_GETFSBASE  = 0x47
+	PTRACE_GETLWPLIST = 0xf
+	PTRACE_GETNUMLWPS = 0xe
+	PTRACE_GETREGS    = 0x21
+	PTRACE_GETXSTATE  = 0x45
+	PTRACE_IO         = 0xc
+	PTRACE_KILL       = 0x8
+	PTRACE_LWPEVENTS  = 0x18
+	PTRACE_LWPINFO    = 0xd
+	PTRACE_SETFPREGS  = 0x24
+	PTRACE_SETREGS    = 0x22
+	PTRACE_SINGLESTEP = 0x9
+	PTRACE_TRACEME    = 0x0
+)
+
+const (
+	PIOD_READ_D  = 0x1
+	PIOD_WRITE_D = 0x2
+	PIOD_READ_I  = 0x3
+	PIOD_WRITE_I = 0x4
+)
+
+const (
+	PL_FLAG_BORN   = 0x100
+	PL_FLAG_EXITED = 0x200
+	PL_FLAG_SI     = 0x20
 )
 
+const (
+	TRAP_BRKPT = 0x1
+	TRAP_TRACE = 0x2
+)
+
+type PtraceLwpInfoStruct struct {
+	Lwpid        int32
+	Event        int32
+	Flags        int32
+	Sigmask      Sigset_t
+	Siglist      Sigset_t
+	Siginfo      __Siginfo
+	Tdname       [20]int8
+	Child_pid    int32
+	Syscall_code uint32
+	Syscall_narg uint32
+}
+
+type __Siginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   *byte
+	Value  [8]byte
+	_      [40]byte
+}
+
+type Sigset_t struct {
+	Val [4]uint32
+}
+
+type Reg struct {
+	R15    int64
+	R14    int64
+	R13    int64
+	R12    int64
+	R11    int64
+	R10    int64
+	R9     int64
+	R8     int64
+	Rdi    int64
+	Rsi    int64
+	Rbp    int64
+	Rbx    int64
+	Rdx    int64
+	Rcx    int64
+	Rax    int64
+	Trapno uint32
+	Fs     uint16
+	Gs     uint16
+	Err    uint32
+	Es     uint16
+	Ds     uint16
+	Rip    int64
+	Cs     int64
+	Rflags int64
+	Rsp    int64
+	Ss     int64
+}
+
+type FpReg struct {
+	Env   [4]uint64
+	Acc   [8][16]uint8
+	Xacc  [16][16]uint8
+	Spare [12]uint64
+}
+
+type PtraceIoDesc struct {
+	Op   int32
+	Offs *byte
+	Addr *byte
+	Len  uint64
+}
+
 type Kevent_t struct {
 	Ident  uint64
 	Filter int16
@@ -291,7 +452,7 @@ type Kevent_t struct {
 }
 
 type FdSet struct {
-	X__fds_bits [16]uint64
+	Bits [16]uint64
 }
 
 const (
@@ -307,53 +468,52 @@ const (
 )
 
 type ifMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Data      ifData
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Data    ifData
 }
 
 type IfMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Data      IfData
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Data    IfData
 }
 
 type ifData struct {
-	Type              uint8
-	Physical          uint8
-	Addrlen           uint8
-	Hdrlen            uint8
-	Link_state        uint8
-	Vhid              uint8
-	Datalen           uint16
-	Mtu               uint32
-	Metric            uint32
-	Baudrate          uint64
-	Ipackets          uint64
-	Ierrors           uint64
-	Opackets          uint64
-	Oerrors           uint64
-	Collisions        uint64
-	Ibytes            uint64
-	Obytes            uint64
-	Imcasts           uint64
-	Omcasts           uint64
-	Iqdrops           uint64
-	Oqdrops           uint64
-	Noproto           uint64
-	Hwassist          uint64
-	X__ifi_epoch      [8]byte
-	X__ifi_lastchange [16]byte
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Link_state uint8
+	Vhid       uint8
+	Datalen    uint16
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Oqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	_          [8]byte
+	_          [16]byte
 }
 
 type IfData struct {
@@ -385,24 +545,24 @@ type IfData struct {
 }
 
 type IfaMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Metric    int32
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Metric  int32
 }
 
 type IfmaMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
 }
 
 type IfAnnounceMsghdr struct {
@@ -415,19 +575,19 @@ type IfAnnounceMsghdr struct {
 }
 
 type RtMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Flags     int32
-	Addrs     int32
-	Pid       int32
-	Seq       int32
-	Errno     int32
-	Fmask     int32
-	Inits     uint64
-	Rmx       RtMetrics
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       uint16
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Fmask   int32
+	Inits   uint64
+	Rmx     RtMetrics
 }
 
 type RtMetrics struct {
@@ -472,9 +632,8 @@ type BpfZbuf struct {
 }
 
 type BpfProgram struct {
-	Len       uint32
-	Pad_cgo_0 [4]byte
-	Insns     *BpfInsn
+	Len   uint32
+	Insns *BpfInsn
 }
 
 type BpfInsn struct {
@@ -485,18 +644,18 @@ type BpfInsn struct {
 }
 
 type BpfHdr struct {
-	Tstamp    Timeval
-	Caplen    uint32
-	Datalen   uint32
-	Hdrlen    uint16
-	Pad_cgo_0 [6]byte
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [6]byte
 }
 
 type BpfZbufHeader struct {
 	Kernel_gen uint32
 	Kernel_len uint32
 	User_gen   uint32
-	X_bzh_pad  [5]uint32
+	_          [5]uint32
 }
 
 type Termios struct {
@@ -518,9 +677,10 @@ type Winsize struct {
 
 const (
 	AT_FDCWD            = -0x64
-	AT_REMOVEDIR        = 0x800
-	AT_SYMLINK_FOLLOW   = 0x400
+	AT_EACCESS          = 0x100
 	AT_SYMLINK_NOFOLLOW = 0x200
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_REMOVEDIR        = 0x800
 )
 
 type PollFd struct {
@@ -554,3 +714,13 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz     int32
+	Tick   int32
+	Spare  int32
+	Stathz int32
+	Profhz int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index 4b2d9a4839974..19223ce8ecf90 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -1,16 +1,17 @@
 // cgo -godefs -- -fsigned-char types_freebsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && freebsd
 // +build arm,freebsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -21,17 +22,19 @@ type (
 )
 
 type Timespec struct {
-	Sec       int64
-	Nsec      int32
-	Pad_cgo_0 [4]byte
+	Sec  int64
+	Nsec int32
+	_    [4]byte
 }
 
 type Timeval struct {
-	Sec       int64
-	Usec      int32
-	Pad_cgo_0 [4]byte
+	Sec  int64
+	Usec int32
+	_    [4]byte
 }
 
+type Time_t int32
+
 type Rusage struct {
 	Utime    Timeval
 	Stime    Timeval
@@ -59,40 +62,50 @@ type Rlimit struct {
 type _Gid_t uint32
 
 const (
-	S_IFMT   = 0xf000
-	S_IFIFO  = 0x1000
-	S_IFCHR  = 0x2000
-	S_IFDIR  = 0x4000
-	S_IFBLK  = 0x6000
-	S_IFREG  = 0x8000
-	S_IFLNK  = 0xa000
-	S_IFSOCK = 0xc000
-	S_ISUID  = 0x800
-	S_ISGID  = 0x400
-	S_ISVTX  = 0x200
-	S_IRUSR  = 0x100
-	S_IWUSR  = 0x80
-	S_IXUSR  = 0x40
+	_statfsVersion = 0x20140518
+	_dirblksiz     = 0x400
 )
 
 type Stat_t struct {
-	Dev           uint32
-	Ino           uint32
-	Mode          uint16
-	Nlink         uint16
-	Uid           uint32
-	Gid           uint32
-	Rdev          uint32
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       int32
-	Flags         uint32
-	Gen           uint32
-	Lspare        int32
-	Birthtimespec Timespec
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint16
+	_0      int16
+	Uid     uint32
+	Gid     uint32
+	_1      int32
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint64
+	Spare   [10]uint64
+}
+
+type stat_freebsd11_t struct {
+	Dev     uint32
+	Ino     uint32
+	Mode    uint16
+	Nlink   uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Btim    Timespec
 }
 
 type Statfs_t struct {
@@ -115,22 +128,58 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [88]int8
-	Mntonname   [88]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
+}
+
+type statfs_freebsd11_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
-	Start     int64
-	Len       int64
-	Pid       int32
-	Type      int16
-	Whence    int16
-	Sysid     int32
-	Pad_cgo_0 [4]byte
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+	Sysid  int32
+	_      [4]byte
 }
 
 type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Pad0   uint8
+	Namlen uint16
+	Pad1   uint16
+	Name   [256]int8
+}
+
+type dirent_freebsd11 struct {
 	Fileno uint32
 	Reclen uint16
 	Type   uint8
@@ -202,6 +251,14 @@ type RawSockaddrAny struct {
 
 type _Socklen uint32
 
+type Xucred struct {
+	Version uint32
+	Uid     uint32
+	Ngroups int16
+	Groups  [16]uint32
+	_       *byte
+}
+
 type Linger struct {
 	Onoff  int32
 	Linger int32
@@ -264,7 +321,9 @@ const (
 	SizeofSockaddrAny      = 0x6c
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x36
+	SizeofXucred           = 0x50
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x8
 	SizeofIPMreq           = 0x8
 	SizeofIPMreqn          = 0xc
 	SizeofIPv6Mreq         = 0x14
@@ -276,11 +335,92 @@ const (
 )
 
 const (
-	PTRACE_TRACEME = 0x0
-	PTRACE_CONT    = 0x7
-	PTRACE_KILL    = 0x8
+	PTRACE_ATTACH     = 0xa
+	PTRACE_CONT       = 0x7
+	PTRACE_DETACH     = 0xb
+	PTRACE_GETFPREGS  = 0x23
+	PTRACE_GETFSBASE  = 0x47
+	PTRACE_GETLWPLIST = 0xf
+	PTRACE_GETNUMLWPS = 0xe
+	PTRACE_GETREGS    = 0x21
+	PTRACE_GETXSTATE  = 0x45
+	PTRACE_IO         = 0xc
+	PTRACE_KILL       = 0x8
+	PTRACE_LWPEVENTS  = 0x18
+	PTRACE_LWPINFO    = 0xd
+	PTRACE_SETFPREGS  = 0x24
+	PTRACE_SETREGS    = 0x22
+	PTRACE_SINGLESTEP = 0x9
+	PTRACE_TRACEME    = 0x0
 )
 
+const (
+	PIOD_READ_D  = 0x1
+	PIOD_WRITE_D = 0x2
+	PIOD_READ_I  = 0x3
+	PIOD_WRITE_I = 0x4
+)
+
+const (
+	PL_FLAG_BORN   = 0x100
+	PL_FLAG_EXITED = 0x200
+	PL_FLAG_SI     = 0x20
+)
+
+const (
+	TRAP_BRKPT = 0x1
+	TRAP_TRACE = 0x2
+)
+
+type PtraceLwpInfoStruct struct {
+	Lwpid        int32
+	Event        int32
+	Flags        int32
+	Sigmask      Sigset_t
+	Siglist      Sigset_t
+	Siginfo      __Siginfo
+	Tdname       [20]int8
+	Child_pid    int32
+	Syscall_code uint32
+	Syscall_narg uint32
+}
+
+type __Siginfo struct {
+	Signo    int32
+	Errno    int32
+	Code     int32
+	Pid      int32
+	Uid      uint32
+	Status   int32
+	Addr     *byte
+	Value    [4]byte
+	X_reason [32]byte
+}
+
+type Sigset_t struct {
+	Val [4]uint32
+}
+
+type Reg struct {
+	R      [13]uint32
+	R_sp   uint32
+	R_lr   uint32
+	R_pc   uint32
+	R_cpsr uint32
+}
+
+type FpReg struct {
+	Fpr_fpsr uint32
+	Fpr      [8][3]uint32
+}
+
+type PtraceIoDesc struct {
+	Op   int32
+	Offs *byte
+	Addr *byte
+	Len  uint32
+}
+
 type Kevent_t struct {
 	Ident  uint32
 	Filter int16
@@ -291,7 +431,7 @@ type Kevent_t struct {
 }
 
 type FdSet struct {
-	X__fds_bits [32]uint32
+	Bits [32]uint32
 }
 
 const (
@@ -307,53 +447,53 @@ const (
 )
 
 type ifMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Data      ifData
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    ifData
 }
 
 type IfMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Data      IfData
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    IfData
 }
 
 type ifData struct {
-	Type              uint8
-	Physical          uint8
-	Addrlen           uint8
-	Hdrlen            uint8
-	Link_state        uint8
-	Vhid              uint8
-	Datalen           uint16
-	Mtu               uint32
-	Metric            uint32
-	Baudrate          uint64
-	Ipackets          uint64
-	Ierrors           uint64
-	Opackets          uint64
-	Oerrors           uint64
-	Collisions        uint64
-	Ibytes            uint64
-	Obytes            uint64
-	Imcasts           uint64
-	Omcasts           uint64
-	Iqdrops           uint64
-	Oqdrops           uint64
-	Noproto           uint64
-	Hwassist          uint64
-	X__ifi_epoch      [8]byte
-	X__ifi_lastchange [16]byte
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Link_state uint8
+	Vhid       uint8
+	Datalen    uint16
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Oqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	_          [8]byte
+	_          [16]byte
 }
 
 type IfData struct {
@@ -380,30 +520,30 @@ type IfData struct {
 	Iqdrops     uint32
 	Noproto     uint32
 	Hwassist    uint32
-	Pad_cgo_0   [4]byte
+	_           [4]byte
 	Epoch       int64
 	Lastchange  Timeval
 }
 
 type IfaMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Metric    int32
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Metric  int32
 }
 
 type IfmaMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Addrs     int32
-	Flags     int32
-	Index     uint16
-	Pad_cgo_0 [2]byte
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
 }
 
 type IfAnnounceMsghdr struct {
@@ -416,19 +556,19 @@ type IfAnnounceMsghdr struct {
 }
 
 type RtMsghdr struct {
-	Msglen    uint16
-	Version   uint8
-	Type      uint8
-	Index     uint16
-	Pad_cgo_0 [2]byte
-	Flags     int32
-	Addrs     int32
-	Pid       int32
-	Seq       int32
-	Errno     int32
-	Fmask     int32
-	Inits     uint32
-	Rmx       RtMetrics
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       [2]byte
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Fmask   int32
+	Inits   uint32
+	Rmx     RtMetrics
 }
 
 type RtMetrics struct {
@@ -485,18 +625,18 @@ type BpfInsn struct {
 }
 
 type BpfHdr struct {
-	Tstamp    Timeval
-	Caplen    uint32
-	Datalen   uint32
-	Hdrlen    uint16
-	Pad_cgo_0 [6]byte
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [6]byte
 }
 
 type BpfZbufHeader struct {
 	Kernel_gen uint32
 	Kernel_len uint32
 	User_gen   uint32
-	X_bzh_pad  [5]uint32
+	_          [5]uint32
 }
 
 type Termios struct {
@@ -518,9 +658,10 @@ type Winsize struct {
 
 const (
 	AT_FDCWD            = -0x64
-	AT_REMOVEDIR        = 0x800
-	AT_SYMLINK_FOLLOW   = 0x400
+	AT_EACCESS          = 0x100
 	AT_SYMLINK_NOFOLLOW = 0x200
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_REMOVEDIR        = 0x800
 )
 
 type PollFd struct {
@@ -554,3 +695,13 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz     int32
+	Tick   int32
+	Spare  int32
+	Stathz int32
+	Profhz int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
new file mode 100644
index 0000000000000..8e3e33f679058
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -0,0 +1,704 @@
+// cgo -godefs -- -fsigned-char types_freebsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build arm64 && freebsd
+// +build arm64,freebsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Time_t int64
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur int64
+	Max int64
+}
+
+type _Gid_t uint32
+
+const (
+	_statfsVersion = 0x20140518
+	_dirblksiz     = 0x400
+)
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint16
+	_0      int16
+	Uid     uint32
+	Gid     uint32
+	_1      int32
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint64
+	Spare   [10]uint64
+}
+
+type stat_freebsd11_t struct {
+	Dev     uint32
+	Ino     uint32
+	Mode    uint16
+	Nlink   uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Btim    Timespec
+}
+
+type Statfs_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
+}
+
+type statfs_freebsd11_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+	Sysid  int32
+	_      [4]byte
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Pad0   uint8
+	Namlen uint16
+	Pad1   uint16
+	Name   [256]int8
+}
+
+type dirent_freebsd11 struct {
+	Fileno uint32
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [46]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Xucred struct {
+	Version uint32
+	Uid     uint32
+	Ngroups int16
+	Groups  [16]uint32
+	_       *byte
+}
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x36
+	SizeofXucred           = 0x58
+	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
+	SizeofIPMreq           = 0x8
+	SizeofIPMreqn          = 0xc
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_ATTACH     = 0xa
+	PTRACE_CONT       = 0x7
+	PTRACE_DETACH     = 0xb
+	PTRACE_GETFPREGS  = 0x23
+	PTRACE_GETLWPLIST = 0xf
+	PTRACE_GETNUMLWPS = 0xe
+	PTRACE_GETREGS    = 0x21
+	PTRACE_IO         = 0xc
+	PTRACE_KILL       = 0x8
+	PTRACE_LWPEVENTS  = 0x18
+	PTRACE_LWPINFO    = 0xd
+	PTRACE_SETFPREGS  = 0x24
+	PTRACE_SETREGS    = 0x22
+	PTRACE_SINGLESTEP = 0x9
+	PTRACE_TRACEME    = 0x0
+)
+
+const (
+	PIOD_READ_D  = 0x1
+	PIOD_WRITE_D = 0x2
+	PIOD_READ_I  = 0x3
+	PIOD_WRITE_I = 0x4
+)
+
+const (
+	PL_FLAG_BORN   = 0x100
+	PL_FLAG_EXITED = 0x200
+	PL_FLAG_SI     = 0x20
+)
+
+const (
+	TRAP_BRKPT = 0x1
+	TRAP_TRACE = 0x2
+)
+
+type PtraceLwpInfoStruct struct {
+	Lwpid        int32
+	Event        int32
+	Flags        int32
+	Sigmask      Sigset_t
+	Siglist      Sigset_t
+	Siginfo      __Siginfo
+	Tdname       [20]int8
+	Child_pid    int32
+	Syscall_code uint32
+	Syscall_narg uint32
+}
+
+type __Siginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   *byte
+	Value  [8]byte
+	_      [40]byte
+}
+
+type Sigset_t struct {
+	Val [4]uint32
+}
+
+type Reg struct {
+	X    [30]uint64
+	Lr   uint64
+	Sp   uint64
+	Elr  uint64
+	Spsr uint32
+	_    [4]byte
+}
+
+type FpReg struct {
+	Q  [32][16]uint8
+	Sr uint32
+	Cr uint32
+	_  [8]byte
+}
+
+type PtraceIoDesc struct {
+	Op   int32
+	Offs *byte
+	Addr *byte
+	Len  uint64
+}
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [16]uint64
+}
+
+const (
+	sizeofIfMsghdr         = 0xa8
+	SizeofIfMsghdr         = 0xa8
+	sizeofIfData           = 0x98
+	SizeofIfData           = 0x98
+	SizeofIfaMsghdr        = 0x14
+	SizeofIfmaMsghdr       = 0x10
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x98
+	SizeofRtMetrics        = 0x70
+)
+
+type ifMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Data    ifData
+}
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Data    IfData
+}
+
+type ifData struct {
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Link_state uint8
+	Vhid       uint8
+	Datalen    uint16
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Oqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	_          [8]byte
+	_          [16]byte
+}
+
+type IfData struct {
+	Type        uint8
+	Physical    uint8
+	Addrlen     uint8
+	Hdrlen      uint8
+	Link_state  uint8
+	Spare_char1 uint8
+	Spare_char2 uint8
+	Datalen     uint8
+	Mtu         uint64
+	Metric      uint64
+	Baudrate    uint64
+	Ipackets    uint64
+	Ierrors     uint64
+	Opackets    uint64
+	Oerrors     uint64
+	Collisions  uint64
+	Ibytes      uint64
+	Obytes      uint64
+	Imcasts     uint64
+	Omcasts     uint64
+	Iqdrops     uint64
+	Noproto     uint64
+	Hwassist    uint64
+	Epoch       int64
+	Lastchange  Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       uint16
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Fmask   int32
+	Inits   uint64
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint64
+	Mtu      uint64
+	Hopcount uint64
+	Expire   uint64
+	Recvpipe uint64
+	Sendpipe uint64
+	Ssthresh uint64
+	Rtt      uint64
+	Rttvar   uint64
+	Pksent   uint64
+	Weight   uint64
+	Filler   [3]uint64
+}
+
+const (
+	SizeofBpfVersion    = 0x4
+	SizeofBpfStat       = 0x8
+	SizeofBpfZbuf       = 0x18
+	SizeofBpfProgram    = 0x10
+	SizeofBpfInsn       = 0x8
+	SizeofBpfHdr        = 0x20
+	SizeofBpfZbufHeader = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfZbuf struct {
+	Bufa   *byte
+	Bufb   *byte
+	Buflen uint64
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [6]byte
+}
+
+type BpfZbufHeader struct {
+	Kernel_gen uint32
+	Kernel_len uint32
+	User_gen   uint32
+	_          [5]uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x100
+	AT_SYMLINK_NOFOLLOW = 0x200
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_REMOVEDIR        = 0x800
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR      = 0x8
+	POLLHUP      = 0x10
+	POLLIN       = 0x1
+	POLLINIGNEOF = 0x2000
+	POLLNVAL     = 0x20
+	POLLOUT      = 0x4
+	POLLPRI      = 0x2
+	POLLRDBAND   = 0x80
+	POLLRDNORM   = 0x40
+	POLLWRBAND   = 0x100
+	POLLWRNORM   = 0x4
+)
+
+type CapRights struct {
+	Rights [2]uint64
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz     int32
+	Tick   int32
+	Spare  int32
+	Stathz int32
+	Profhz int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go
new file mode 100644
index 0000000000000..4c485261d6dfd
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go
@@ -0,0 +1,42 @@
+// cgo -godefs types_illumos.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build amd64 && illumos
+// +build amd64,illumos
+
+package unix
+
+const (
+	TUNNEWPPA = 0x540001
+	TUNSETPPA = 0x540002
+
+	I_STR     = 0x5308
+	I_POP     = 0x5303
+	I_PUSH    = 0x5302
+	I_LINK    = 0x530c
+	I_UNLINK  = 0x530d
+	I_PLINK   = 0x5316
+	I_PUNLINK = 0x5317
+
+	IF_UNITSEL = -0x7ffb8cca
+)
+
+type strbuf struct {
+	Maxlen int32
+	Len    int32
+	Buf    *int8
+}
+
+type Strioctl struct {
+	Cmd    int32
+	Timout int32
+	Len    int32
+	Dp     *int8
+}
+
+type Lifreq struct {
+	Name   [32]int8
+	Lifru1 [4]byte
+	Type   uint32
+	Lifru  [336]byte
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
new file mode 100644
index 0000000000000..249ecfcd4cc66
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -0,0 +1,3958 @@
+// Code generated by mkmerge.go; DO NOT EDIT.
+
+//go:build linux
+// +build linux
+
+package unix
+
+const (
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLongLong = 0x8
+	PathMax        = 0x1000
+)
+
+type (
+	_C_short int16
+	_C_int   int32
+
+	_C_long_long int64
+)
+
+type ItimerSpec struct {
+	Interval Timespec
+	Value    Timespec
+}
+
+const (
+	TIME_OK    = 0x0
+	TIME_INS   = 0x1
+	TIME_DEL   = 0x2
+	TIME_OOP   = 0x3
+	TIME_WAIT  = 0x4
+	TIME_ERROR = 0x5
+	TIME_BAD   = 0x5
+)
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type StatxTimestamp struct {
+	Sec  int64
+	Nsec uint32
+	_    int32
+}
+
+type Statx_t struct {
+	Mask            uint32
+	Blksize         uint32
+	Attributes      uint64
+	Nlink           uint32
+	Uid             uint32
+	Gid             uint32
+	Mode            uint16
+	_               [1]uint16
+	Ino             uint64
+	Size            uint64
+	Blocks          uint64
+	Attributes_mask uint64
+	Atime           StatxTimestamp
+	Btime           StatxTimestamp
+	Ctime           StatxTimestamp
+	Mtime           StatxTimestamp
+	Rdev_major      uint32
+	Rdev_minor      uint32
+	Dev_major       uint32
+	Dev_minor       uint32
+	Mnt_id          uint64
+	_               uint64
+	_               [12]uint64
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+type FileCloneRange struct {
+	Src_fd      int64
+	Src_offset  uint64
+	Src_length  uint64
+	Dest_offset uint64
+}
+
+type RawFileDedupeRange struct {
+	Src_offset uint64
+	Src_length uint64
+	Dest_count uint16
+	Reserved1  uint16
+	Reserved2  uint32
+}
+
+type RawFileDedupeRangeInfo struct {
+	Dest_fd       int64
+	Dest_offset   uint64
+	Bytes_deduped uint64
+	Status        int32
+	Reserved      uint32
+}
+
+const (
+	SizeofRawFileDedupeRange     = 0x18
+	SizeofRawFileDedupeRangeInfo = 0x20
+	FILE_DEDUPE_RANGE_SAME       = 0x0
+	FILE_DEDUPE_RANGE_DIFFERS    = 0x1
+)
+
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
+type FscryptPolicyV1 struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptPolicyV2 struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	_                         [4]uint8
+	Master_key_identifier     [16]uint8
+}
+
+type FscryptGetPolicyExArg struct {
+	Size   uint64
+	Policy [24]byte
+}
+
+type FscryptKeySpecifier struct {
+	Type uint32
+	_    uint32
+	U    [32]byte
+}
+
+type FscryptAddKeyArg struct {
+	Key_spec FscryptKeySpecifier
+	Raw_size uint32
+	Key_id   uint32
+	_        [8]uint32
+}
+
+type FscryptRemoveKeyArg struct {
+	Key_spec             FscryptKeySpecifier
+	Removal_status_flags uint32
+	_                    [5]uint32
+}
+
+type FscryptGetKeyStatusArg struct {
+	Key_spec     FscryptKeySpecifier
+	_            [6]uint32
+	Status       uint32
+	Status_flags uint32
+	User_count   uint32
+	_            [13]uint32
+}
+
+type DmIoctl struct {
+	Version      [3]uint32
+	Data_size    uint32
+	Data_start   uint32
+	Target_count uint32
+	Open_count   int32
+	Flags        uint32
+	Event_nr     uint32
+	_            uint32
+	Dev          uint64
+	Name         [128]byte
+	Uuid         [129]byte
+	Data         [7]byte
+}
+
+type DmTargetSpec struct {
+	Sector_start uint64
+	Length       uint64
+	Status       int32
+	Next         uint32
+	Target_type  [16]byte
+}
+
+type DmTargetDeps struct {
+	Count uint32
+	_     uint32
+}
+
+type DmTargetVersions struct {
+	Next    uint32
+	Version [3]uint32
+}
+
+type DmTargetMsg struct {
+	Sector uint64
+}
+
+const (
+	SizeofDmIoctl      = 0x138
+	SizeofDmTargetSpec = 0x28
+)
+
+type KeyctlDHParams struct {
+	Private int32
+	Prime   int32
+	Base    int32
+}
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+)
+
+type RawSockaddrInet4 struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type RawSockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Family uint16
+	Path   [108]int8
+}
+
+type RawSockaddrLinklayer struct {
+	Family   uint16
+	Protocol uint16
+	Ifindex  int32
+	Hatype   uint16
+	Pkttype  uint8
+	Halen    uint8
+	Addr     [8]uint8
+}
+
+type RawSockaddrNetlink struct {
+	Family uint16
+	Pad    uint16
+	Pid    uint32
+	Groups uint32
+}
+
+type RawSockaddrHCI struct {
+	Family  uint16
+	Dev     uint16
+	Channel uint16
+}
+
+type RawSockaddrL2 struct {
+	Family      uint16
+	Psm         uint16
+	Bdaddr      [6]uint8
+	Cid         uint16
+	Bdaddr_type uint8
+	_           [1]byte
+}
+
+type RawSockaddrRFCOMM struct {
+	Family  uint16
+	Bdaddr  [6]uint8
+	Channel uint8
+	_       [1]byte
+}
+
+type RawSockaddrCAN struct {
+	Family  uint16
+	Ifindex int32
+	Addr    [16]byte
+}
+
+type RawSockaddrALG struct {
+	Family uint16
+	Type   [14]uint8
+	Feat   uint32
+	Mask   uint32
+	Name   [64]uint8
+}
+
+type RawSockaddrVM struct {
+	Family    uint16
+	Reserved1 uint16
+	Port      uint32
+	Cid       uint32
+	Flags     uint8
+	Zero      [3]uint8
+}
+
+type RawSockaddrXDP struct {
+	Family         uint16
+	Flags          uint16
+	Ifindex        uint32
+	Queue_id       uint32
+	Shared_umem_fd uint32
+}
+
+type RawSockaddrPPPoX [0x1e]byte
+
+type RawSockaddrTIPC struct {
+	Family   uint16
+	Addrtype uint8
+	Scope    int8
+	Addr     [12]byte
+}
+
+type RawSockaddrL2TPIP struct {
+	Family  uint16
+	Unused  uint16
+	Addr    [4]byte /* in_addr */
+	Conn_id uint32
+	_       [4]uint8
+}
+
+type RawSockaddrL2TPIP6 struct {
+	Family   uint16
+	Unused   uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+	Conn_id  uint32
+}
+
+type RawSockaddrIUCV struct {
+	Family  uint16
+	Port    uint16
+	Addr    uint32
+	Nodeid  [8]int8
+	User_id [8]int8
+	Name    [8]int8
+}
+
+type RawSockaddrNFC struct {
+	Sa_family    uint16
+	Dev_idx      uint32
+	Target_idx   uint32
+	Nfc_protocol uint32
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type PacketMreq struct {
+	Ifindex int32
+	Type    uint16
+	Alen    uint16
+	Address [8]uint8
+}
+
+type Inet4Pktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Data [8]uint32
+}
+
+type Ucred struct {
+	Pid int32
+	Uid uint32
+	Gid uint32
+}
+
+type TCPInfo struct {
+	State          uint8
+	Ca_state       uint8
+	Retransmits    uint8
+	Probes         uint8
+	Backoff        uint8
+	Options        uint8
+	Rto            uint32
+	Ato            uint32
+	Snd_mss        uint32
+	Rcv_mss        uint32
+	Unacked        uint32
+	Sacked         uint32
+	Lost           uint32
+	Retrans        uint32
+	Fackets        uint32
+	Last_data_sent uint32
+	Last_ack_sent  uint32
+	Last_data_recv uint32
+	Last_ack_recv  uint32
+	Pmtu           uint32
+	Rcv_ssthresh   uint32
+	Rtt            uint32
+	Rttvar         uint32
+	Snd_ssthresh   uint32
+	Snd_cwnd       uint32
+	Advmss         uint32
+	Reordering     uint32
+	Rcv_rtt        uint32
+	Rcv_space      uint32
+	Total_retrans  uint32
+}
+
+type CanFilter struct {
+	Id   uint32
+	Mask uint32
+}
+
+type TCPRepairOpt struct {
+	Code uint32
+	Val  uint32
+}
+
+const (
+	SizeofSockaddrInet4     = 0x10
+	SizeofSockaddrInet6     = 0x1c
+	SizeofSockaddrAny       = 0x70
+	SizeofSockaddrUnix      = 0x6e
+	SizeofSockaddrLinklayer = 0x14
+	SizeofSockaddrNetlink   = 0xc
+	SizeofSockaddrHCI       = 0x6
+	SizeofSockaddrL2        = 0xe
+	SizeofSockaddrRFCOMM    = 0xa
+	SizeofSockaddrCAN       = 0x18
+	SizeofSockaddrALG       = 0x58
+	SizeofSockaddrVM        = 0x10
+	SizeofSockaddrXDP       = 0x10
+	SizeofSockaddrPPPoX     = 0x1e
+	SizeofSockaddrTIPC      = 0x10
+	SizeofSockaddrL2TPIP    = 0x10
+	SizeofSockaddrL2TPIP6   = 0x20
+	SizeofSockaddrIUCV      = 0x20
+	SizeofSockaddrNFC       = 0x10
+	SizeofLinger            = 0x8
+	SizeofIPMreq            = 0x8
+	SizeofIPMreqn           = 0xc
+	SizeofIPv6Mreq          = 0x14
+	SizeofPacketMreq        = 0x10
+	SizeofInet4Pktinfo      = 0xc
+	SizeofInet6Pktinfo      = 0x14
+	SizeofIPv6MTUInfo       = 0x20
+	SizeofICMPv6Filter      = 0x20
+	SizeofUcred             = 0xc
+	SizeofTCPInfo           = 0x68
+	SizeofCanFilter         = 0x8
+	SizeofTCPRepairOpt      = 0x8
+)
+
+const (
+	NDA_UNSPEC         = 0x0
+	NDA_DST            = 0x1
+	NDA_LLADDR         = 0x2
+	NDA_CACHEINFO      = 0x3
+	NDA_PROBES         = 0x4
+	NDA_VLAN           = 0x5
+	NDA_PORT           = 0x6
+	NDA_VNI            = 0x7
+	NDA_IFINDEX        = 0x8
+	NDA_MASTER         = 0x9
+	NDA_LINK_NETNSID   = 0xa
+	NDA_SRC_VNI        = 0xb
+	NTF_USE            = 0x1
+	NTF_SELF           = 0x2
+	NTF_MASTER         = 0x4
+	NTF_PROXY          = 0x8
+	NTF_EXT_LEARNED    = 0x10
+	NTF_OFFLOADED      = 0x20
+	NTF_ROUTER         = 0x80
+	NUD_INCOMPLETE     = 0x1
+	NUD_REACHABLE      = 0x2
+	NUD_STALE          = 0x4
+	NUD_DELAY          = 0x8
+	NUD_PROBE          = 0x10
+	NUD_FAILED         = 0x20
+	NUD_NOARP          = 0x40
+	NUD_PERMANENT      = 0x80
+	NUD_NONE           = 0x0
+	IFA_UNSPEC         = 0x0
+	IFA_ADDRESS        = 0x1
+	IFA_LOCAL          = 0x2
+	IFA_LABEL          = 0x3
+	IFA_BROADCAST      = 0x4
+	IFA_ANYCAST        = 0x5
+	IFA_CACHEINFO      = 0x6
+	IFA_MULTICAST      = 0x7
+	IFA_FLAGS          = 0x8
+	IFA_RT_PRIORITY    = 0x9
+	IFA_TARGET_NETNSID = 0xa
+	RT_SCOPE_UNIVERSE  = 0x0
+	RT_SCOPE_SITE      = 0xc8
+	RT_SCOPE_LINK      = 0xfd
+	RT_SCOPE_HOST      = 0xfe
+	RT_SCOPE_NOWHERE   = 0xff
+	RT_TABLE_UNSPEC    = 0x0
+	RT_TABLE_COMPAT    = 0xfc
+	RT_TABLE_DEFAULT   = 0xfd
+	RT_TABLE_MAIN      = 0xfe
+	RT_TABLE_LOCAL     = 0xff
+	RT_TABLE_MAX       = 0xffffffff
+	RTA_UNSPEC         = 0x0
+	RTA_DST            = 0x1
+	RTA_SRC            = 0x2
+	RTA_IIF            = 0x3
+	RTA_OIF            = 0x4
+	RTA_GATEWAY        = 0x5
+	RTA_PRIORITY       = 0x6
+	RTA_PREFSRC        = 0x7
+	RTA_METRICS        = 0x8
+	RTA_MULTIPATH      = 0x9
+	RTA_FLOW           = 0xb
+	RTA_CACHEINFO      = 0xc
+	RTA_TABLE          = 0xf
+	RTA_MARK           = 0x10
+	RTA_MFC_STATS      = 0x11
+	RTA_VIA            = 0x12
+	RTA_NEWDST         = 0x13
+	RTA_PREF           = 0x14
+	RTA_ENCAP_TYPE     = 0x15
+	RTA_ENCAP          = 0x16
+	RTA_EXPIRES        = 0x17
+	RTA_PAD            = 0x18
+	RTA_UID            = 0x19
+	RTA_TTL_PROPAGATE  = 0x1a
+	RTA_IP_PROTO       = 0x1b
+	RTA_SPORT          = 0x1c
+	RTA_DPORT          = 0x1d
+	RTN_UNSPEC         = 0x0
+	RTN_UNICAST        = 0x1
+	RTN_LOCAL          = 0x2
+	RTN_BROADCAST      = 0x3
+	RTN_ANYCAST        = 0x4
+	RTN_MULTICAST      = 0x5
+	RTN_BLACKHOLE      = 0x6
+	RTN_UNREACHABLE    = 0x7
+	RTN_PROHIBIT       = 0x8
+	RTN_THROW          = 0x9
+	RTN_NAT            = 0xa
+	RTN_XRESOLVE       = 0xb
+	SizeofNlMsghdr     = 0x10
+	SizeofNlMsgerr     = 0x14
+	SizeofRtGenmsg     = 0x1
+	SizeofNlAttr       = 0x4
+	SizeofRtAttr       = 0x4
+	SizeofIfInfomsg    = 0x10
+	SizeofIfAddrmsg    = 0x8
+	SizeofIfaCacheinfo = 0x10
+	SizeofRtMsg        = 0xc
+	SizeofRtNexthop    = 0x8
+	SizeofNdUseroptmsg = 0x10
+	SizeofNdMsg        = 0xc
+)
+
+type NlMsghdr struct {
+	Len   uint32
+	Type  uint16
+	Flags uint16
+	Seq   uint32
+	Pid   uint32
+}
+
+type NlMsgerr struct {
+	Error int32
+	Msg   NlMsghdr
+}
+
+type RtGenmsg struct {
+	Family uint8
+}
+
+type NlAttr struct {
+	Len  uint16
+	Type uint16
+}
+
+type RtAttr struct {
+	Len  uint16
+	Type uint16
+}
+
+type IfInfomsg struct {
+	Family uint8
+	_      uint8
+	Type   uint16
+	Index  int32
+	Flags  uint32
+	Change uint32
+}
+
+type IfAddrmsg struct {
+	Family    uint8
+	Prefixlen uint8
+	Flags     uint8
+	Scope     uint8
+	Index     uint32
+}
+
+type IfaCacheinfo struct {
+	Prefered uint32
+	Valid    uint32
+	Cstamp   uint32
+	Tstamp   uint32
+}
+
+type RtMsg struct {
+	Family   uint8
+	Dst_len  uint8
+	Src_len  uint8
+	Tos      uint8
+	Table    uint8
+	Protocol uint8
+	Scope    uint8
+	Type     uint8
+	Flags    uint32
+}
+
+type RtNexthop struct {
+	Len     uint16
+	Flags   uint8
+	Hops    uint8
+	Ifindex int32
+}
+
+type NdUseroptmsg struct {
+	Family    uint8
+	Pad1      uint8
+	Opts_len  uint16
+	Ifindex   int32
+	Icmp_type uint8
+	Icmp_code uint8
+	Pad2      uint16
+	Pad3      uint32
+}
+
+type NdMsg struct {
+	Family  uint8
+	Pad1    uint8
+	Pad2    uint16
+	Ifindex int32
+	State   uint16
+	Flags   uint8
+	Type    uint8
+}
+
+const (
+	ICMP_FILTER = 0x1
+
+	ICMPV6_FILTER             = 0x1
+	ICMPV6_FILTER_BLOCK       = 0x1
+	ICMPV6_FILTER_BLOCKOTHERS = 0x3
+	ICMPV6_FILTER_PASS        = 0x2
+	ICMPV6_FILTER_PASSONLY    = 0x4
+)
+
+const (
+	SizeofSockFilter = 0x8
+)
+
+type SockFilter struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type SockFprog struct {
+	Len    uint16
+	Filter *SockFilter
+}
+
+type InotifyEvent struct {
+	Wd     int32
+	Mask   uint32
+	Cookie uint32
+	Len    uint32
+}
+
+const SizeofInotifyEvent = 0x10
+
+const SI_LOAD_SHIFT = 0x10
+
+type Utsname struct {
+	Sysname    [65]byte
+	Nodename   [65]byte
+	Release    [65]byte
+	Version    [65]byte
+	Machine    [65]byte
+	Domainname [65]byte
+}
+
+const (
+	AT_EMPTY_PATH   = 0x1000
+	AT_FDCWD        = -0x64
+	AT_NO_AUTOMOUNT = 0x800
+	AT_REMOVEDIR    = 0x200
+
+	AT_STATX_SYNC_AS_STAT = 0x0
+	AT_STATX_FORCE_SYNC   = 0x2000
+	AT_STATX_DONT_SYNC    = 0x4000
+
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x100
+
+	AT_EACCESS = 0x200
+)
+
+type OpenHow struct {
+	Flags   uint64
+	Mode    uint64
+	Resolve uint64
+}
+
+const SizeofOpenHow = 0x18
+
+const (
+	RESOLVE_BENEATH       = 0x8
+	RESOLVE_IN_ROOT       = 0x10
+	RESOLVE_NO_MAGICLINKS = 0x2
+	RESOLVE_NO_SYMLINKS   = 0x4
+	RESOLVE_NO_XDEV       = 0x1
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLIN   = 0x1
+	POLLPRI  = 0x2
+	POLLOUT  = 0x4
+	POLLERR  = 0x8
+	POLLHUP  = 0x10
+	POLLNVAL = 0x20
+)
+
+type SignalfdSiginfo struct {
+	Signo     uint32
+	Errno     int32
+	Code      int32
+	Pid       uint32
+	Uid       uint32
+	Fd        int32
+	Tid       uint32
+	Band      uint32
+	Overrun   uint32
+	Trapno    uint32
+	Status    int32
+	Int       int32
+	Ptr       uint64
+	Utime     uint64
+	Stime     uint64
+	Addr      uint64
+	Addr_lsb  uint16
+	_         uint16
+	Syscall   int32
+	Call_addr uint64
+	Arch      uint32
+	_         [28]uint8
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	TASKSTATS_CMD_UNSPEC                  = 0x0
+	TASKSTATS_CMD_GET                     = 0x1
+	TASKSTATS_CMD_NEW                     = 0x2
+	TASKSTATS_TYPE_UNSPEC                 = 0x0
+	TASKSTATS_TYPE_PID                    = 0x1
+	TASKSTATS_TYPE_TGID                   = 0x2
+	TASKSTATS_TYPE_STATS                  = 0x3
+	TASKSTATS_TYPE_AGGR_PID               = 0x4
+	TASKSTATS_TYPE_AGGR_TGID              = 0x5
+	TASKSTATS_TYPE_NULL                   = 0x6
+	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
+	TASKSTATS_CMD_ATTR_PID                = 0x1
+	TASKSTATS_CMD_ATTR_TGID               = 0x2
+	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
+	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
+)
+
+type CGroupStats struct {
+	Sleeping        uint64
+	Running         uint64
+	Stopped         uint64
+	Uninterruptible uint64
+	Io_wait         uint64
+}
+
+const (
+	CGROUPSTATS_CMD_UNSPEC        = 0x3
+	CGROUPSTATS_CMD_GET           = 0x4
+	CGROUPSTATS_CMD_NEW           = 0x5
+	CGROUPSTATS_TYPE_UNSPEC       = 0x0
+	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
+	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
+	CGROUPSTATS_CMD_ATTR_FD       = 0x1
+)
+
+type Genlmsghdr struct {
+	Cmd      uint8
+	Version  uint8
+	Reserved uint16
+}
+
+const (
+	CTRL_CMD_UNSPEC            = 0x0
+	CTRL_CMD_NEWFAMILY         = 0x1
+	CTRL_CMD_DELFAMILY         = 0x2
+	CTRL_CMD_GETFAMILY         = 0x3
+	CTRL_CMD_NEWOPS            = 0x4
+	CTRL_CMD_DELOPS            = 0x5
+	CTRL_CMD_GETOPS            = 0x6
+	CTRL_CMD_NEWMCAST_GRP      = 0x7
+	CTRL_CMD_DELMCAST_GRP      = 0x8
+	CTRL_CMD_GETMCAST_GRP      = 0x9
+	CTRL_ATTR_UNSPEC           = 0x0
+	CTRL_ATTR_FAMILY_ID        = 0x1
+	CTRL_ATTR_FAMILY_NAME      = 0x2
+	CTRL_ATTR_VERSION          = 0x3
+	CTRL_ATTR_HDRSIZE          = 0x4
+	CTRL_ATTR_MAXATTR          = 0x5
+	CTRL_ATTR_OPS              = 0x6
+	CTRL_ATTR_MCAST_GROUPS     = 0x7
+	CTRL_ATTR_OP_UNSPEC        = 0x0
+	CTRL_ATTR_OP_ID            = 0x1
+	CTRL_ATTR_OP_FLAGS         = 0x2
+	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
+	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
+	CTRL_ATTR_MCAST_GRP_ID     = 0x2
+)
+
+const (
+	_CPU_SETSIZE = 0x400
+)
+
+const (
+	BDADDR_BREDR     = 0x0
+	BDADDR_LE_PUBLIC = 0x1
+	BDADDR_LE_RANDOM = 0x2
+)
+
+type PerfEventAttr struct {
+	Type               uint32
+	Size               uint32
+	Config             uint64
+	Sample             uint64
+	Sample_type        uint64
+	Read_format        uint64
+	Bits               uint64
+	Wakeup             uint32
+	Bp_type            uint32
+	Ext1               uint64
+	Ext2               uint64
+	Branch_sample_type uint64
+	Sample_regs_user   uint64
+	Sample_stack_user  uint32
+	Clockid            int32
+	Sample_regs_intr   uint64
+	Aux_watermark      uint32
+	Sample_max_stack   uint16
+	_                  uint16
+}
+
+type PerfEventMmapPage struct {
+	Version        uint32
+	Compat_version uint32
+	Lock           uint32
+	Index          uint32
+	Offset         int64
+	Time_enabled   uint64
+	Time_running   uint64
+	Capabilities   uint64
+	Pmc_width      uint16
+	Time_shift     uint16
+	Time_mult      uint32
+	Time_offset    uint64
+	Time_zero      uint64
+	Size           uint32
+	_              uint32
+	Time_cycles    uint64
+	Time_mask      uint64
+	_              [928]uint8
+	Data_head      uint64
+	Data_tail      uint64
+	Data_offset    uint64
+	Data_size      uint64
+	Aux_head       uint64
+	Aux_tail       uint64
+	Aux_offset     uint64
+	Aux_size       uint64
+}
+
+const (
+	PerfBitDisabled               uint64 = CBitFieldMaskBit0
+	PerfBitInherit                       = CBitFieldMaskBit1
+	PerfBitPinned                        = CBitFieldMaskBit2
+	PerfBitExclusive                     = CBitFieldMaskBit3
+	PerfBitExcludeUser                   = CBitFieldMaskBit4
+	PerfBitExcludeKernel                 = CBitFieldMaskBit5
+	PerfBitExcludeHv                     = CBitFieldMaskBit6
+	PerfBitExcludeIdle                   = CBitFieldMaskBit7
+	PerfBitMmap                          = CBitFieldMaskBit8
+	PerfBitComm                          = CBitFieldMaskBit9
+	PerfBitFreq                          = CBitFieldMaskBit10
+	PerfBitInheritStat                   = CBitFieldMaskBit11
+	PerfBitEnableOnExec                  = CBitFieldMaskBit12
+	PerfBitTask                          = CBitFieldMaskBit13
+	PerfBitWatermark                     = CBitFieldMaskBit14
+	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
+	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
+	PerfBitMmapData                      = CBitFieldMaskBit17
+	PerfBitSampleIDAll                   = CBitFieldMaskBit18
+	PerfBitExcludeHost                   = CBitFieldMaskBit19
+	PerfBitExcludeGuest                  = CBitFieldMaskBit20
+	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
+	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
+	PerfBitMmap2                         = CBitFieldMaskBit23
+	PerfBitCommExec                      = CBitFieldMaskBit24
+	PerfBitUseClockID                    = CBitFieldMaskBit25
+	PerfBitContextSwitch                 = CBitFieldMaskBit26
+)
+
+const (
+	PERF_TYPE_HARDWARE                    = 0x0
+	PERF_TYPE_SOFTWARE                    = 0x1
+	PERF_TYPE_TRACEPOINT                  = 0x2
+	PERF_TYPE_HW_CACHE                    = 0x3
+	PERF_TYPE_RAW                         = 0x4
+	PERF_TYPE_BREAKPOINT                  = 0x5
+	PERF_TYPE_MAX                         = 0x6
+	PERF_COUNT_HW_CPU_CYCLES              = 0x0
+	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
+	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
+	PERF_COUNT_HW_CACHE_MISSES            = 0x3
+	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
+	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
+	PERF_COUNT_HW_BUS_CYCLES              = 0x6
+	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
+	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
+	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
+	PERF_COUNT_HW_MAX                     = 0xa
+	PERF_COUNT_HW_CACHE_L1D               = 0x0
+	PERF_COUNT_HW_CACHE_L1I               = 0x1
+	PERF_COUNT_HW_CACHE_LL                = 0x2
+	PERF_COUNT_HW_CACHE_DTLB              = 0x3
+	PERF_COUNT_HW_CACHE_ITLB              = 0x4
+	PERF_COUNT_HW_CACHE_BPU               = 0x5
+	PERF_COUNT_HW_CACHE_NODE              = 0x6
+	PERF_COUNT_HW_CACHE_MAX               = 0x7
+	PERF_COUNT_HW_CACHE_OP_READ           = 0x0
+	PERF_COUNT_HW_CACHE_OP_WRITE          = 0x1
+	PERF_COUNT_HW_CACHE_OP_PREFETCH       = 0x2
+	PERF_COUNT_HW_CACHE_OP_MAX            = 0x3
+	PERF_COUNT_HW_CACHE_RESULT_ACCESS     = 0x0
+	PERF_COUNT_HW_CACHE_RESULT_MISS       = 0x1
+	PERF_COUNT_HW_CACHE_RESULT_MAX        = 0x2
+	PERF_COUNT_SW_CPU_CLOCK               = 0x0
+	PERF_COUNT_SW_TASK_CLOCK              = 0x1
+	PERF_COUNT_SW_PAGE_FAULTS             = 0x2
+	PERF_COUNT_SW_CONTEXT_SWITCHES        = 0x3
+	PERF_COUNT_SW_CPU_MIGRATIONS          = 0x4
+	PERF_COUNT_SW_PAGE_FAULTS_MIN         = 0x5
+	PERF_COUNT_SW_PAGE_FAULTS_MAJ         = 0x6
+	PERF_COUNT_SW_ALIGNMENT_FAULTS        = 0x7
+	PERF_COUNT_SW_EMULATION_FAULTS        = 0x8
+	PERF_COUNT_SW_DUMMY                   = 0x9
+	PERF_COUNT_SW_BPF_OUTPUT              = 0xa
+	PERF_COUNT_SW_MAX                     = 0xc
+	PERF_SAMPLE_IP                        = 0x1
+	PERF_SAMPLE_TID                       = 0x2
+	PERF_SAMPLE_TIME                      = 0x4
+	PERF_SAMPLE_ADDR                      = 0x8
+	PERF_SAMPLE_READ                      = 0x10
+	PERF_SAMPLE_CALLCHAIN                 = 0x20
+	PERF_SAMPLE_ID                        = 0x40
+	PERF_SAMPLE_CPU                       = 0x80
+	PERF_SAMPLE_PERIOD                    = 0x100
+	PERF_SAMPLE_STREAM_ID                 = 0x200
+	PERF_SAMPLE_RAW                       = 0x400
+	PERF_SAMPLE_BRANCH_STACK              = 0x800
+	PERF_SAMPLE_REGS_USER                 = 0x1000
+	PERF_SAMPLE_STACK_USER                = 0x2000
+	PERF_SAMPLE_WEIGHT                    = 0x4000
+	PERF_SAMPLE_DATA_SRC                  = 0x8000
+	PERF_SAMPLE_IDENTIFIER                = 0x10000
+	PERF_SAMPLE_TRANSACTION               = 0x20000
+	PERF_SAMPLE_REGS_INTR                 = 0x40000
+	PERF_SAMPLE_PHYS_ADDR                 = 0x80000
+	PERF_SAMPLE_AUX                       = 0x100000
+	PERF_SAMPLE_CGROUP                    = 0x200000
+	PERF_SAMPLE_DATA_PAGE_SIZE            = 0x400000
+	PERF_SAMPLE_CODE_PAGE_SIZE            = 0x800000
+	PERF_SAMPLE_WEIGHT_STRUCT             = 0x1000000
+	PERF_SAMPLE_MAX                       = 0x2000000
+	PERF_SAMPLE_BRANCH_USER_SHIFT         = 0x0
+	PERF_SAMPLE_BRANCH_KERNEL_SHIFT       = 0x1
+	PERF_SAMPLE_BRANCH_HV_SHIFT           = 0x2
+	PERF_SAMPLE_BRANCH_ANY_SHIFT          = 0x3
+	PERF_SAMPLE_BRANCH_ANY_CALL_SHIFT     = 0x4
+	PERF_SAMPLE_BRANCH_ANY_RETURN_SHIFT   = 0x5
+	PERF_SAMPLE_BRANCH_IND_CALL_SHIFT     = 0x6
+	PERF_SAMPLE_BRANCH_ABORT_TX_SHIFT     = 0x7
+	PERF_SAMPLE_BRANCH_IN_TX_SHIFT        = 0x8
+	PERF_SAMPLE_BRANCH_NO_TX_SHIFT        = 0x9
+	PERF_SAMPLE_BRANCH_COND_SHIFT         = 0xa
+	PERF_SAMPLE_BRANCH_CALL_STACK_SHIFT   = 0xb
+	PERF_SAMPLE_BRANCH_IND_JUMP_SHIFT     = 0xc
+	PERF_SAMPLE_BRANCH_CALL_SHIFT         = 0xd
+	PERF_SAMPLE_BRANCH_NO_FLAGS_SHIFT     = 0xe
+	PERF_SAMPLE_BRANCH_NO_CYCLES_SHIFT    = 0xf
+	PERF_SAMPLE_BRANCH_TYPE_SAVE_SHIFT    = 0x10
+	PERF_SAMPLE_BRANCH_HW_INDEX_SHIFT     = 0x11
+	PERF_SAMPLE_BRANCH_MAX_SHIFT          = 0x12
+	PERF_SAMPLE_BRANCH_USER               = 0x1
+	PERF_SAMPLE_BRANCH_KERNEL             = 0x2
+	PERF_SAMPLE_BRANCH_HV                 = 0x4
+	PERF_SAMPLE_BRANCH_ANY                = 0x8
+	PERF_SAMPLE_BRANCH_ANY_CALL           = 0x10
+	PERF_SAMPLE_BRANCH_ANY_RETURN         = 0x20
+	PERF_SAMPLE_BRANCH_IND_CALL           = 0x40
+	PERF_SAMPLE_BRANCH_ABORT_TX           = 0x80
+	PERF_SAMPLE_BRANCH_IN_TX              = 0x100
+	PERF_SAMPLE_BRANCH_NO_TX              = 0x200
+	PERF_SAMPLE_BRANCH_COND               = 0x400
+	PERF_SAMPLE_BRANCH_CALL_STACK         = 0x800
+	PERF_SAMPLE_BRANCH_IND_JUMP           = 0x1000
+	PERF_SAMPLE_BRANCH_CALL               = 0x2000
+	PERF_SAMPLE_BRANCH_NO_FLAGS           = 0x4000
+	PERF_SAMPLE_BRANCH_NO_CYCLES          = 0x8000
+	PERF_SAMPLE_BRANCH_TYPE_SAVE          = 0x10000
+	PERF_SAMPLE_BRANCH_HW_INDEX           = 0x20000
+	PERF_SAMPLE_BRANCH_MAX                = 0x40000
+	PERF_BR_UNKNOWN                       = 0x0
+	PERF_BR_COND                          = 0x1
+	PERF_BR_UNCOND                        = 0x2
+	PERF_BR_IND                           = 0x3
+	PERF_BR_CALL                          = 0x4
+	PERF_BR_IND_CALL                      = 0x5
+	PERF_BR_RET                           = 0x6
+	PERF_BR_SYSCALL                       = 0x7
+	PERF_BR_SYSRET                        = 0x8
+	PERF_BR_COND_CALL                     = 0x9
+	PERF_BR_COND_RET                      = 0xa
+	PERF_BR_MAX                           = 0xb
+	PERF_SAMPLE_REGS_ABI_NONE             = 0x0
+	PERF_SAMPLE_REGS_ABI_32               = 0x1
+	PERF_SAMPLE_REGS_ABI_64               = 0x2
+	PERF_TXN_ELISION                      = 0x1
+	PERF_TXN_TRANSACTION                  = 0x2
+	PERF_TXN_SYNC                         = 0x4
+	PERF_TXN_ASYNC                        = 0x8
+	PERF_TXN_RETRY                        = 0x10
+	PERF_TXN_CONFLICT                     = 0x20
+	PERF_TXN_CAPACITY_WRITE               = 0x40
+	PERF_TXN_CAPACITY_READ                = 0x80
+	PERF_TXN_MAX                          = 0x100
+	PERF_TXN_ABORT_MASK                   = -0x100000000
+	PERF_TXN_ABORT_SHIFT                  = 0x20
+	PERF_FORMAT_TOTAL_TIME_ENABLED        = 0x1
+	PERF_FORMAT_TOTAL_TIME_RUNNING        = 0x2
+	PERF_FORMAT_ID                        = 0x4
+	PERF_FORMAT_GROUP                     = 0x8
+	PERF_FORMAT_MAX                       = 0x10
+	PERF_IOC_FLAG_GROUP                   = 0x1
+	PERF_RECORD_MMAP                      = 0x1
+	PERF_RECORD_LOST                      = 0x2
+	PERF_RECORD_COMM                      = 0x3
+	PERF_RECORD_EXIT                      = 0x4
+	PERF_RECORD_THROTTLE                  = 0x5
+	PERF_RECORD_UNTHROTTLE                = 0x6
+	PERF_RECORD_FORK                      = 0x7
+	PERF_RECORD_READ                      = 0x8
+	PERF_RECORD_SAMPLE                    = 0x9
+	PERF_RECORD_MMAP2                     = 0xa
+	PERF_RECORD_AUX                       = 0xb
+	PERF_RECORD_ITRACE_START              = 0xc
+	PERF_RECORD_LOST_SAMPLES              = 0xd
+	PERF_RECORD_SWITCH                    = 0xe
+	PERF_RECORD_SWITCH_CPU_WIDE           = 0xf
+	PERF_RECORD_NAMESPACES                = 0x10
+	PERF_RECORD_KSYMBOL                   = 0x11
+	PERF_RECORD_BPF_EVENT                 = 0x12
+	PERF_RECORD_CGROUP                    = 0x13
+	PERF_RECORD_TEXT_POKE                 = 0x14
+	PERF_RECORD_MAX                       = 0x15
+	PERF_RECORD_KSYMBOL_TYPE_UNKNOWN      = 0x0
+	PERF_RECORD_KSYMBOL_TYPE_BPF          = 0x1
+	PERF_RECORD_KSYMBOL_TYPE_OOL          = 0x2
+	PERF_RECORD_KSYMBOL_TYPE_MAX          = 0x3
+	PERF_BPF_EVENT_UNKNOWN                = 0x0
+	PERF_BPF_EVENT_PROG_LOAD              = 0x1
+	PERF_BPF_EVENT_PROG_UNLOAD            = 0x2
+	PERF_BPF_EVENT_MAX                    = 0x3
+	PERF_CONTEXT_HV                       = -0x20
+	PERF_CONTEXT_KERNEL                   = -0x80
+	PERF_CONTEXT_USER                     = -0x200
+	PERF_CONTEXT_GUEST                    = -0x800
+	PERF_CONTEXT_GUEST_KERNEL             = -0x880
+	PERF_CONTEXT_GUEST_USER               = -0xa00
+	PERF_CONTEXT_MAX                      = -0xfff
+)
+
+type TCPMD5Sig struct {
+	Addr      SockaddrStorage
+	Flags     uint8
+	Prefixlen uint8
+	Keylen    uint16
+	_         uint32
+	Key       [80]uint8
+}
+
+type HDDriveCmdHdr struct {
+	Command uint8
+	Number  uint8
+	Feature uint8
+	Count   uint8
+}
+
+type HDDriveID struct {
+	Config         uint16
+	Cyls           uint16
+	Reserved2      uint16
+	Heads          uint16
+	Track_bytes    uint16
+	Sector_bytes   uint16
+	Sectors        uint16
+	Vendor0        uint16
+	Vendor1        uint16
+	Vendor2        uint16
+	Serial_no      [20]uint8
+	Buf_type       uint16
+	Buf_size       uint16
+	Ecc_bytes      uint16
+	Fw_rev         [8]uint8
+	Model          [40]uint8
+	Max_multsect   uint8
+	Vendor3        uint8
+	Dword_io       uint16
+	Vendor4        uint8
+	Capability     uint8
+	Reserved50     uint16
+	Vendor5        uint8
+	TPIO           uint8
+	Vendor6        uint8
+	TDMA           uint8
+	Field_valid    uint16
+	Cur_cyls       uint16
+	Cur_heads      uint16
+	Cur_sectors    uint16
+	Cur_capacity0  uint16
+	Cur_capacity1  uint16
+	Multsect       uint8
+	Multsect_valid uint8
+	Lba_capacity   uint32
+	Dma_1word      uint16
+	Dma_mword      uint16
+	Eide_pio_modes uint16
+	Eide_dma_min   uint16
+	Eide_dma_time  uint16
+	Eide_pio       uint16
+	Eide_pio_iordy uint16
+	Words69_70     [2]uint16
+	Words71_74     [4]uint16
+	Queue_depth    uint16
+	Words76_79     [4]uint16
+	Major_rev_num  uint16
+	Minor_rev_num  uint16
+	Command_set_1  uint16
+	Command_set_2  uint16
+	Cfsse          uint16
+	Cfs_enable_1   uint16
+	Cfs_enable_2   uint16
+	Csf_default    uint16
+	Dma_ultra      uint16
+	Trseuc         uint16
+	TrsEuc         uint16
+	CurAPMvalues   uint16
+	Mprc           uint16
+	Hw_config      uint16
+	Acoustic       uint16
+	Msrqs          uint16
+	Sxfert         uint16
+	Sal            uint16
+	Spg            uint32
+	Lba_capacity_2 uint64
+	Words104_125   [22]uint16
+	Last_lun       uint16
+	Word127        uint16
+	Dlf            uint16
+	Csfo           uint16
+	Words130_155   [26]uint16
+	Word156        uint16
+	Words157_159   [3]uint16
+	Cfa_power      uint16
+	Words161_175   [15]uint16
+	Words176_205   [30]uint16
+	Words206_254   [49]uint16
+	Integrity_word uint16
+}
+
+const (
+	ST_MANDLOCK    = 0x40
+	ST_NOATIME     = 0x400
+	ST_NODEV       = 0x4
+	ST_NODIRATIME  = 0x800
+	ST_NOEXEC      = 0x8
+	ST_NOSUID      = 0x2
+	ST_RDONLY      = 0x1
+	ST_RELATIME    = 0x1000
+	ST_SYNCHRONOUS = 0x10
+)
+
+type Tpacket2Hdr struct {
+	Status    uint32
+	Len       uint32
+	Snaplen   uint32
+	Mac       uint16
+	Net       uint16
+	Sec       uint32
+	Nsec      uint32
+	Vlan_tci  uint16
+	Vlan_tpid uint16
+	_         [4]uint8
+}
+
+type Tpacket3Hdr struct {
+	Next_offset uint32
+	Sec         uint32
+	Nsec        uint32
+	Snaplen     uint32
+	Len         uint32
+	Status      uint32
+	Mac         uint16
+	Net         uint16
+	Hv1         TpacketHdrVariant1
+	_           [8]uint8
+}
+
+type TpacketHdrVariant1 struct {
+	Rxhash    uint32
+	Vlan_tci  uint32
+	Vlan_tpid uint16
+	_         uint16
+}
+
+type TpacketBlockDesc struct {
+	Version uint32
+	To_priv uint32
+	Hdr     [40]byte
+}
+
+type TpacketBDTS struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type TpacketHdrV1 struct {
+	Block_status        uint32
+	Num_pkts            uint32
+	Offset_to_first_pkt uint32
+	Blk_len             uint32
+	Seq_num             uint64
+	Ts_first_pkt        TpacketBDTS
+	Ts_last_pkt         TpacketBDTS
+}
+
+type TpacketReq struct {
+	Block_size uint32
+	Block_nr   uint32
+	Frame_size uint32
+	Frame_nr   uint32
+}
+
+type TpacketReq3 struct {
+	Block_size       uint32
+	Block_nr         uint32
+	Frame_size       uint32
+	Frame_nr         uint32
+	Retire_blk_tov   uint32
+	Sizeof_priv      uint32
+	Feature_req_word uint32
+}
+
+type TpacketStats struct {
+	Packets uint32
+	Drops   uint32
+}
+
+type TpacketStatsV3 struct {
+	Packets      uint32
+	Drops        uint32
+	Freeze_q_cnt uint32
+}
+
+type TpacketAuxdata struct {
+	Status    uint32
+	Len       uint32
+	Snaplen   uint32
+	Mac       uint16
+	Net       uint16
+	Vlan_tci  uint16
+	Vlan_tpid uint16
+}
+
+const (
+	TPACKET_V1 = 0x0
+	TPACKET_V2 = 0x1
+	TPACKET_V3 = 0x2
+)
+
+const (
+	SizeofTpacket2Hdr = 0x20
+	SizeofTpacket3Hdr = 0x30
+
+	SizeofTpacketStats   = 0x8
+	SizeofTpacketStatsV3 = 0xc
+)
+
+const (
+	IFLA_UNSPEC                                = 0x0
+	IFLA_ADDRESS                               = 0x1
+	IFLA_BROADCAST                             = 0x2
+	IFLA_IFNAME                                = 0x3
+	IFLA_MTU                                   = 0x4
+	IFLA_LINK                                  = 0x5
+	IFLA_QDISC                                 = 0x6
+	IFLA_STATS                                 = 0x7
+	IFLA_COST                                  = 0x8
+	IFLA_PRIORITY                              = 0x9
+	IFLA_MASTER                                = 0xa
+	IFLA_WIRELESS                              = 0xb
+	IFLA_PROTINFO                              = 0xc
+	IFLA_TXQLEN                                = 0xd
+	IFLA_MAP                                   = 0xe
+	IFLA_WEIGHT                                = 0xf
+	IFLA_OPERSTATE                             = 0x10
+	IFLA_LINKMODE                              = 0x11
+	IFLA_LINKINFO                              = 0x12
+	IFLA_NET_NS_PID                            = 0x13
+	IFLA_IFALIAS                               = 0x14
+	IFLA_NUM_VF                                = 0x15
+	IFLA_VFINFO_LIST                           = 0x16
+	IFLA_STATS64                               = 0x17
+	IFLA_VF_PORTS                              = 0x18
+	IFLA_PORT_SELF                             = 0x19
+	IFLA_AF_SPEC                               = 0x1a
+	IFLA_GROUP                                 = 0x1b
+	IFLA_NET_NS_FD                             = 0x1c
+	IFLA_EXT_MASK                              = 0x1d
+	IFLA_PROMISCUITY                           = 0x1e
+	IFLA_NUM_TX_QUEUES                         = 0x1f
+	IFLA_NUM_RX_QUEUES                         = 0x20
+	IFLA_CARRIER                               = 0x21
+	IFLA_PHYS_PORT_ID                          = 0x22
+	IFLA_CARRIER_CHANGES                       = 0x23
+	IFLA_PHYS_SWITCH_ID                        = 0x24
+	IFLA_LINK_NETNSID                          = 0x25
+	IFLA_PHYS_PORT_NAME                        = 0x26
+	IFLA_PROTO_DOWN                            = 0x27
+	IFLA_GSO_MAX_SEGS                          = 0x28
+	IFLA_GSO_MAX_SIZE                          = 0x29
+	IFLA_PAD                                   = 0x2a
+	IFLA_XDP                                   = 0x2b
+	IFLA_EVENT                                 = 0x2c
+	IFLA_NEW_NETNSID                           = 0x2d
+	IFLA_IF_NETNSID                            = 0x2e
+	IFLA_TARGET_NETNSID                        = 0x2e
+	IFLA_CARRIER_UP_COUNT                      = 0x2f
+	IFLA_CARRIER_DOWN_COUNT                    = 0x30
+	IFLA_NEW_IFINDEX                           = 0x31
+	IFLA_MIN_MTU                               = 0x32
+	IFLA_MAX_MTU                               = 0x33
+	IFLA_PROP_LIST                             = 0x34
+	IFLA_ALT_IFNAME                            = 0x35
+	IFLA_PERM_ADDRESS                          = 0x36
+	IFLA_PROTO_DOWN_REASON                     = 0x37
+	IFLA_PROTO_DOWN_REASON_UNSPEC              = 0x0
+	IFLA_PROTO_DOWN_REASON_MASK                = 0x1
+	IFLA_PROTO_DOWN_REASON_VALUE               = 0x2
+	IFLA_PROTO_DOWN_REASON_MAX                 = 0x2
+	IFLA_INET_UNSPEC                           = 0x0
+	IFLA_INET_CONF                             = 0x1
+	IFLA_INET6_UNSPEC                          = 0x0
+	IFLA_INET6_FLAGS                           = 0x1
+	IFLA_INET6_CONF                            = 0x2
+	IFLA_INET6_STATS                           = 0x3
+	IFLA_INET6_MCAST                           = 0x4
+	IFLA_INET6_CACHEINFO                       = 0x5
+	IFLA_INET6_ICMP6STATS                      = 0x6
+	IFLA_INET6_TOKEN                           = 0x7
+	IFLA_INET6_ADDR_GEN_MODE                   = 0x8
+	IFLA_BR_UNSPEC                             = 0x0
+	IFLA_BR_FORWARD_DELAY                      = 0x1
+	IFLA_BR_HELLO_TIME                         = 0x2
+	IFLA_BR_MAX_AGE                            = 0x3
+	IFLA_BR_AGEING_TIME                        = 0x4
+	IFLA_BR_STP_STATE                          = 0x5
+	IFLA_BR_PRIORITY                           = 0x6
+	IFLA_BR_VLAN_FILTERING                     = 0x7
+	IFLA_BR_VLAN_PROTOCOL                      = 0x8
+	IFLA_BR_GROUP_FWD_MASK                     = 0x9
+	IFLA_BR_ROOT_ID                            = 0xa
+	IFLA_BR_BRIDGE_ID                          = 0xb
+	IFLA_BR_ROOT_PORT                          = 0xc
+	IFLA_BR_ROOT_PATH_COST                     = 0xd
+	IFLA_BR_TOPOLOGY_CHANGE                    = 0xe
+	IFLA_BR_TOPOLOGY_CHANGE_DETECTED           = 0xf
+	IFLA_BR_HELLO_TIMER                        = 0x10
+	IFLA_BR_TCN_TIMER                          = 0x11
+	IFLA_BR_TOPOLOGY_CHANGE_TIMER              = 0x12
+	IFLA_BR_GC_TIMER                           = 0x13
+	IFLA_BR_GROUP_ADDR                         = 0x14
+	IFLA_BR_FDB_FLUSH                          = 0x15
+	IFLA_BR_MCAST_ROUTER                       = 0x16
+	IFLA_BR_MCAST_SNOOPING                     = 0x17
+	IFLA_BR_MCAST_QUERY_USE_IFADDR             = 0x18
+	IFLA_BR_MCAST_QUERIER                      = 0x19
+	IFLA_BR_MCAST_HASH_ELASTICITY              = 0x1a
+	IFLA_BR_MCAST_HASH_MAX                     = 0x1b
+	IFLA_BR_MCAST_LAST_MEMBER_CNT              = 0x1c
+	IFLA_BR_MCAST_STARTUP_QUERY_CNT            = 0x1d
+	IFLA_BR_MCAST_LAST_MEMBER_INTVL            = 0x1e
+	IFLA_BR_MCAST_MEMBERSHIP_INTVL             = 0x1f
+	IFLA_BR_MCAST_QUERIER_INTVL                = 0x20
+	IFLA_BR_MCAST_QUERY_INTVL                  = 0x21
+	IFLA_BR_MCAST_QUERY_RESPONSE_INTVL         = 0x22
+	IFLA_BR_MCAST_STARTUP_QUERY_INTVL          = 0x23
+	IFLA_BR_NF_CALL_IPTABLES                   = 0x24
+	IFLA_BR_NF_CALL_IP6TABLES                  = 0x25
+	IFLA_BR_NF_CALL_ARPTABLES                  = 0x26
+	IFLA_BR_VLAN_DEFAULT_PVID                  = 0x27
+	IFLA_BR_PAD                                = 0x28
+	IFLA_BR_VLAN_STATS_ENABLED                 = 0x29
+	IFLA_BR_MCAST_STATS_ENABLED                = 0x2a
+	IFLA_BR_MCAST_IGMP_VERSION                 = 0x2b
+	IFLA_BR_MCAST_MLD_VERSION                  = 0x2c
+	IFLA_BR_VLAN_STATS_PER_PORT                = 0x2d
+	IFLA_BR_MULTI_BOOLOPT                      = 0x2e
+	IFLA_BRPORT_UNSPEC                         = 0x0
+	IFLA_BRPORT_STATE                          = 0x1
+	IFLA_BRPORT_PRIORITY                       = 0x2
+	IFLA_BRPORT_COST                           = 0x3
+	IFLA_BRPORT_MODE                           = 0x4
+	IFLA_BRPORT_GUARD                          = 0x5
+	IFLA_BRPORT_PROTECT                        = 0x6
+	IFLA_BRPORT_FAST_LEAVE                     = 0x7
+	IFLA_BRPORT_LEARNING                       = 0x8
+	IFLA_BRPORT_UNICAST_FLOOD                  = 0x9
+	IFLA_BRPORT_PROXYARP                       = 0xa
+	IFLA_BRPORT_LEARNING_SYNC                  = 0xb
+	IFLA_BRPORT_PROXYARP_WIFI                  = 0xc
+	IFLA_BRPORT_ROOT_ID                        = 0xd
+	IFLA_BRPORT_BRIDGE_ID                      = 0xe
+	IFLA_BRPORT_DESIGNATED_PORT                = 0xf
+	IFLA_BRPORT_DESIGNATED_COST                = 0x10
+	IFLA_BRPORT_ID                             = 0x11
+	IFLA_BRPORT_NO                             = 0x12
+	IFLA_BRPORT_TOPOLOGY_CHANGE_ACK            = 0x13
+	IFLA_BRPORT_CONFIG_PENDING                 = 0x14
+	IFLA_BRPORT_MESSAGE_AGE_TIMER              = 0x15
+	IFLA_BRPORT_FORWARD_DELAY_TIMER            = 0x16
+	IFLA_BRPORT_HOLD_TIMER                     = 0x17
+	IFLA_BRPORT_FLUSH                          = 0x18
+	IFLA_BRPORT_MULTICAST_ROUTER               = 0x19
+	IFLA_BRPORT_PAD                            = 0x1a
+	IFLA_BRPORT_MCAST_FLOOD                    = 0x1b
+	IFLA_BRPORT_MCAST_TO_UCAST                 = 0x1c
+	IFLA_BRPORT_VLAN_TUNNEL                    = 0x1d
+	IFLA_BRPORT_BCAST_FLOOD                    = 0x1e
+	IFLA_BRPORT_GROUP_FWD_MASK                 = 0x1f
+	IFLA_BRPORT_NEIGH_SUPPRESS                 = 0x20
+	IFLA_BRPORT_ISOLATED                       = 0x21
+	IFLA_BRPORT_BACKUP_PORT                    = 0x22
+	IFLA_BRPORT_MRP_RING_OPEN                  = 0x23
+	IFLA_BRPORT_MRP_IN_OPEN                    = 0x24
+	IFLA_INFO_UNSPEC                           = 0x0
+	IFLA_INFO_KIND                             = 0x1
+	IFLA_INFO_DATA                             = 0x2
+	IFLA_INFO_XSTATS                           = 0x3
+	IFLA_INFO_SLAVE_KIND                       = 0x4
+	IFLA_INFO_SLAVE_DATA                       = 0x5
+	IFLA_VLAN_UNSPEC                           = 0x0
+	IFLA_VLAN_ID                               = 0x1
+	IFLA_VLAN_FLAGS                            = 0x2
+	IFLA_VLAN_EGRESS_QOS                       = 0x3
+	IFLA_VLAN_INGRESS_QOS                      = 0x4
+	IFLA_VLAN_PROTOCOL                         = 0x5
+	IFLA_VLAN_QOS_UNSPEC                       = 0x0
+	IFLA_VLAN_QOS_MAPPING                      = 0x1
+	IFLA_MACVLAN_UNSPEC                        = 0x0
+	IFLA_MACVLAN_MODE                          = 0x1
+	IFLA_MACVLAN_FLAGS                         = 0x2
+	IFLA_MACVLAN_MACADDR_MODE                  = 0x3
+	IFLA_MACVLAN_MACADDR                       = 0x4
+	IFLA_MACVLAN_MACADDR_DATA                  = 0x5
+	IFLA_MACVLAN_MACADDR_COUNT                 = 0x6
+	IFLA_VRF_UNSPEC                            = 0x0
+	IFLA_VRF_TABLE                             = 0x1
+	IFLA_VRF_PORT_UNSPEC                       = 0x0
+	IFLA_VRF_PORT_TABLE                        = 0x1
+	IFLA_MACSEC_UNSPEC                         = 0x0
+	IFLA_MACSEC_SCI                            = 0x1
+	IFLA_MACSEC_PORT                           = 0x2
+	IFLA_MACSEC_ICV_LEN                        = 0x3
+	IFLA_MACSEC_CIPHER_SUITE                   = 0x4
+	IFLA_MACSEC_WINDOW                         = 0x5
+	IFLA_MACSEC_ENCODING_SA                    = 0x6
+	IFLA_MACSEC_ENCRYPT                        = 0x7
+	IFLA_MACSEC_PROTECT                        = 0x8
+	IFLA_MACSEC_INC_SCI                        = 0x9
+	IFLA_MACSEC_ES                             = 0xa
+	IFLA_MACSEC_SCB                            = 0xb
+	IFLA_MACSEC_REPLAY_PROTECT                 = 0xc
+	IFLA_MACSEC_VALIDATION                     = 0xd
+	IFLA_MACSEC_PAD                            = 0xe
+	IFLA_MACSEC_OFFLOAD                        = 0xf
+	IFLA_XFRM_UNSPEC                           = 0x0
+	IFLA_XFRM_LINK                             = 0x1
+	IFLA_XFRM_IF_ID                            = 0x2
+	IFLA_IPVLAN_UNSPEC                         = 0x0
+	IFLA_IPVLAN_MODE                           = 0x1
+	IFLA_IPVLAN_FLAGS                          = 0x2
+	IFLA_VXLAN_UNSPEC                          = 0x0
+	IFLA_VXLAN_ID                              = 0x1
+	IFLA_VXLAN_GROUP                           = 0x2
+	IFLA_VXLAN_LINK                            = 0x3
+	IFLA_VXLAN_LOCAL                           = 0x4
+	IFLA_VXLAN_TTL                             = 0x5
+	IFLA_VXLAN_TOS                             = 0x6
+	IFLA_VXLAN_LEARNING                        = 0x7
+	IFLA_VXLAN_AGEING                          = 0x8
+	IFLA_VXLAN_LIMIT                           = 0x9
+	IFLA_VXLAN_PORT_RANGE                      = 0xa
+	IFLA_VXLAN_PROXY                           = 0xb
+	IFLA_VXLAN_RSC                             = 0xc
+	IFLA_VXLAN_L2MISS                          = 0xd
+	IFLA_VXLAN_L3MISS                          = 0xe
+	IFLA_VXLAN_PORT                            = 0xf
+	IFLA_VXLAN_GROUP6                          = 0x10
+	IFLA_VXLAN_LOCAL6                          = 0x11
+	IFLA_VXLAN_UDP_CSUM                        = 0x12
+	IFLA_VXLAN_UDP_ZERO_CSUM6_TX               = 0x13
+	IFLA_VXLAN_UDP_ZERO_CSUM6_RX               = 0x14
+	IFLA_VXLAN_REMCSUM_TX                      = 0x15
+	IFLA_VXLAN_REMCSUM_RX                      = 0x16
+	IFLA_VXLAN_GBP                             = 0x17
+	IFLA_VXLAN_REMCSUM_NOPARTIAL               = 0x18
+	IFLA_VXLAN_COLLECT_METADATA                = 0x19
+	IFLA_VXLAN_LABEL                           = 0x1a
+	IFLA_VXLAN_GPE                             = 0x1b
+	IFLA_VXLAN_TTL_INHERIT                     = 0x1c
+	IFLA_VXLAN_DF                              = 0x1d
+	IFLA_GENEVE_UNSPEC                         = 0x0
+	IFLA_GENEVE_ID                             = 0x1
+	IFLA_GENEVE_REMOTE                         = 0x2
+	IFLA_GENEVE_TTL                            = 0x3
+	IFLA_GENEVE_TOS                            = 0x4
+	IFLA_GENEVE_PORT                           = 0x5
+	IFLA_GENEVE_COLLECT_METADATA               = 0x6
+	IFLA_GENEVE_REMOTE6                        = 0x7
+	IFLA_GENEVE_UDP_CSUM                       = 0x8
+	IFLA_GENEVE_UDP_ZERO_CSUM6_TX              = 0x9
+	IFLA_GENEVE_UDP_ZERO_CSUM6_RX              = 0xa
+	IFLA_GENEVE_LABEL                          = 0xb
+	IFLA_GENEVE_TTL_INHERIT                    = 0xc
+	IFLA_GENEVE_DF                             = 0xd
+	IFLA_BAREUDP_UNSPEC                        = 0x0
+	IFLA_BAREUDP_PORT                          = 0x1
+	IFLA_BAREUDP_ETHERTYPE                     = 0x2
+	IFLA_BAREUDP_SRCPORT_MIN                   = 0x3
+	IFLA_BAREUDP_MULTIPROTO_MODE               = 0x4
+	IFLA_PPP_UNSPEC                            = 0x0
+	IFLA_PPP_DEV_FD                            = 0x1
+	IFLA_GTP_UNSPEC                            = 0x0
+	IFLA_GTP_FD0                               = 0x1
+	IFLA_GTP_FD1                               = 0x2
+	IFLA_GTP_PDP_HASHSIZE                      = 0x3
+	IFLA_GTP_ROLE                              = 0x4
+	IFLA_BOND_UNSPEC                           = 0x0
+	IFLA_BOND_MODE                             = 0x1
+	IFLA_BOND_ACTIVE_SLAVE                     = 0x2
+	IFLA_BOND_MIIMON                           = 0x3
+	IFLA_BOND_UPDELAY                          = 0x4
+	IFLA_BOND_DOWNDELAY                        = 0x5
+	IFLA_BOND_USE_CARRIER                      = 0x6
+	IFLA_BOND_ARP_INTERVAL                     = 0x7
+	IFLA_BOND_ARP_IP_TARGET                    = 0x8
+	IFLA_BOND_ARP_VALIDATE                     = 0x9
+	IFLA_BOND_ARP_ALL_TARGETS                  = 0xa
+	IFLA_BOND_PRIMARY                          = 0xb
+	IFLA_BOND_PRIMARY_RESELECT                 = 0xc
+	IFLA_BOND_FAIL_OVER_MAC                    = 0xd
+	IFLA_BOND_XMIT_HASH_POLICY                 = 0xe
+	IFLA_BOND_RESEND_IGMP                      = 0xf
+	IFLA_BOND_NUM_PEER_NOTIF                   = 0x10
+	IFLA_BOND_ALL_SLAVES_ACTIVE                = 0x11
+	IFLA_BOND_MIN_LINKS                        = 0x12
+	IFLA_BOND_LP_INTERVAL                      = 0x13
+	IFLA_BOND_PACKETS_PER_SLAVE                = 0x14
+	IFLA_BOND_AD_LACP_RATE                     = 0x15
+	IFLA_BOND_AD_SELECT                        = 0x16
+	IFLA_BOND_AD_INFO                          = 0x17
+	IFLA_BOND_AD_ACTOR_SYS_PRIO                = 0x18
+	IFLA_BOND_AD_USER_PORT_KEY                 = 0x19
+	IFLA_BOND_AD_ACTOR_SYSTEM                  = 0x1a
+	IFLA_BOND_TLB_DYNAMIC_LB                   = 0x1b
+	IFLA_BOND_PEER_NOTIF_DELAY                 = 0x1c
+	IFLA_BOND_AD_INFO_UNSPEC                   = 0x0
+	IFLA_BOND_AD_INFO_AGGREGATOR               = 0x1
+	IFLA_BOND_AD_INFO_NUM_PORTS                = 0x2
+	IFLA_BOND_AD_INFO_ACTOR_KEY                = 0x3
+	IFLA_BOND_AD_INFO_PARTNER_KEY              = 0x4
+	IFLA_BOND_AD_INFO_PARTNER_MAC              = 0x5
+	IFLA_BOND_SLAVE_UNSPEC                     = 0x0
+	IFLA_BOND_SLAVE_STATE                      = 0x1
+	IFLA_BOND_SLAVE_MII_STATUS                 = 0x2
+	IFLA_BOND_SLAVE_LINK_FAILURE_COUNT         = 0x3
+	IFLA_BOND_SLAVE_PERM_HWADDR                = 0x4
+	IFLA_BOND_SLAVE_QUEUE_ID                   = 0x5
+	IFLA_BOND_SLAVE_AD_AGGREGATOR_ID           = 0x6
+	IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE   = 0x7
+	IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE = 0x8
+	IFLA_VF_INFO_UNSPEC                        = 0x0
+	IFLA_VF_INFO                               = 0x1
+	IFLA_VF_UNSPEC                             = 0x0
+	IFLA_VF_MAC                                = 0x1
+	IFLA_VF_VLAN                               = 0x2
+	IFLA_VF_TX_RATE                            = 0x3
+	IFLA_VF_SPOOFCHK                           = 0x4
+	IFLA_VF_LINK_STATE                         = 0x5
+	IFLA_VF_RATE                               = 0x6
+	IFLA_VF_RSS_QUERY_EN                       = 0x7
+	IFLA_VF_STATS                              = 0x8
+	IFLA_VF_TRUST                              = 0x9
+	IFLA_VF_IB_NODE_GUID                       = 0xa
+	IFLA_VF_IB_PORT_GUID                       = 0xb
+	IFLA_VF_VLAN_LIST                          = 0xc
+	IFLA_VF_BROADCAST                          = 0xd
+	IFLA_VF_VLAN_INFO_UNSPEC                   = 0x0
+	IFLA_VF_VLAN_INFO                          = 0x1
+	IFLA_VF_LINK_STATE_AUTO                    = 0x0
+	IFLA_VF_LINK_STATE_ENABLE                  = 0x1
+	IFLA_VF_LINK_STATE_DISABLE                 = 0x2
+	IFLA_VF_STATS_RX_PACKETS                   = 0x0
+	IFLA_VF_STATS_TX_PACKETS                   = 0x1
+	IFLA_VF_STATS_RX_BYTES                     = 0x2
+	IFLA_VF_STATS_TX_BYTES                     = 0x3
+	IFLA_VF_STATS_BROADCAST                    = 0x4
+	IFLA_VF_STATS_MULTICAST                    = 0x5
+	IFLA_VF_STATS_PAD                          = 0x6
+	IFLA_VF_STATS_RX_DROPPED                   = 0x7
+	IFLA_VF_STATS_TX_DROPPED                   = 0x8
+	IFLA_VF_PORT_UNSPEC                        = 0x0
+	IFLA_VF_PORT                               = 0x1
+	IFLA_PORT_UNSPEC                           = 0x0
+	IFLA_PORT_VF                               = 0x1
+	IFLA_PORT_PROFILE                          = 0x2
+	IFLA_PORT_VSI_TYPE                         = 0x3
+	IFLA_PORT_INSTANCE_UUID                    = 0x4
+	IFLA_PORT_HOST_UUID                        = 0x5
+	IFLA_PORT_REQUEST                          = 0x6
+	IFLA_PORT_RESPONSE                         = 0x7
+	IFLA_IPOIB_UNSPEC                          = 0x0
+	IFLA_IPOIB_PKEY                            = 0x1
+	IFLA_IPOIB_MODE                            = 0x2
+	IFLA_IPOIB_UMCAST                          = 0x3
+	IFLA_HSR_UNSPEC                            = 0x0
+	IFLA_HSR_SLAVE1                            = 0x1
+	IFLA_HSR_SLAVE2                            = 0x2
+	IFLA_HSR_MULTICAST_SPEC                    = 0x3
+	IFLA_HSR_SUPERVISION_ADDR                  = 0x4
+	IFLA_HSR_SEQ_NR                            = 0x5
+	IFLA_HSR_VERSION                           = 0x6
+	IFLA_HSR_PROTOCOL                          = 0x7
+	IFLA_STATS_UNSPEC                          = 0x0
+	IFLA_STATS_LINK_64                         = 0x1
+	IFLA_STATS_LINK_XSTATS                     = 0x2
+	IFLA_STATS_LINK_XSTATS_SLAVE               = 0x3
+	IFLA_STATS_LINK_OFFLOAD_XSTATS             = 0x4
+	IFLA_STATS_AF_SPEC                         = 0x5
+	IFLA_OFFLOAD_XSTATS_UNSPEC                 = 0x0
+	IFLA_OFFLOAD_XSTATS_CPU_HIT                = 0x1
+	IFLA_XDP_UNSPEC                            = 0x0
+	IFLA_XDP_FD                                = 0x1
+	IFLA_XDP_ATTACHED                          = 0x2
+	IFLA_XDP_FLAGS                             = 0x3
+	IFLA_XDP_PROG_ID                           = 0x4
+	IFLA_XDP_DRV_PROG_ID                       = 0x5
+	IFLA_XDP_SKB_PROG_ID                       = 0x6
+	IFLA_XDP_HW_PROG_ID                        = 0x7
+	IFLA_XDP_EXPECTED_FD                       = 0x8
+	IFLA_EVENT_NONE                            = 0x0
+	IFLA_EVENT_REBOOT                          = 0x1
+	IFLA_EVENT_FEATURES                        = 0x2
+	IFLA_EVENT_BONDING_FAILOVER                = 0x3
+	IFLA_EVENT_NOTIFY_PEERS                    = 0x4
+	IFLA_EVENT_IGMP_RESEND                     = 0x5
+	IFLA_EVENT_BONDING_OPTIONS                 = 0x6
+	IFLA_TUN_UNSPEC                            = 0x0
+	IFLA_TUN_OWNER                             = 0x1
+	IFLA_TUN_GROUP                             = 0x2
+	IFLA_TUN_TYPE                              = 0x3
+	IFLA_TUN_PI                                = 0x4
+	IFLA_TUN_VNET_HDR                          = 0x5
+	IFLA_TUN_PERSIST                           = 0x6
+	IFLA_TUN_MULTI_QUEUE                       = 0x7
+	IFLA_TUN_NUM_QUEUES                        = 0x8
+	IFLA_TUN_NUM_DISABLED_QUEUES               = 0x9
+	IFLA_RMNET_UNSPEC                          = 0x0
+	IFLA_RMNET_MUX_ID                          = 0x1
+	IFLA_RMNET_FLAGS                           = 0x2
+)
+
+const (
+	NF_INET_PRE_ROUTING  = 0x0
+	NF_INET_LOCAL_IN     = 0x1
+	NF_INET_FORWARD      = 0x2
+	NF_INET_LOCAL_OUT    = 0x3
+	NF_INET_POST_ROUTING = 0x4
+	NF_INET_NUMHOOKS     = 0x5
+)
+
+const (
+	NF_NETDEV_INGRESS  = 0x0
+	NF_NETDEV_NUMHOOKS = 0x1
+)
+
+const (
+	NFPROTO_UNSPEC   = 0x0
+	NFPROTO_INET     = 0x1
+	NFPROTO_IPV4     = 0x2
+	NFPROTO_ARP      = 0x3
+	NFPROTO_NETDEV   = 0x5
+	NFPROTO_BRIDGE   = 0x7
+	NFPROTO_IPV6     = 0xa
+	NFPROTO_DECNET   = 0xc
+	NFPROTO_NUMPROTO = 0xd
+)
+
+const SO_ORIGINAL_DST = 0x50
+
+type Nfgenmsg struct {
+	Nfgen_family uint8
+	Version      uint8
+	Res_id       uint16
+}
+
+const (
+	NFNL_BATCH_UNSPEC = 0x0
+	NFNL_BATCH_GENID  = 0x1
+)
+
+const (
+	NFT_REG_VERDICT                   = 0x0
+	NFT_REG_1                         = 0x1
+	NFT_REG_2                         = 0x2
+	NFT_REG_3                         = 0x3
+	NFT_REG_4                         = 0x4
+	NFT_REG32_00                      = 0x8
+	NFT_REG32_01                      = 0x9
+	NFT_REG32_02                      = 0xa
+	NFT_REG32_03                      = 0xb
+	NFT_REG32_04                      = 0xc
+	NFT_REG32_05                      = 0xd
+	NFT_REG32_06                      = 0xe
+	NFT_REG32_07                      = 0xf
+	NFT_REG32_08                      = 0x10
+	NFT_REG32_09                      = 0x11
+	NFT_REG32_10                      = 0x12
+	NFT_REG32_11                      = 0x13
+	NFT_REG32_12                      = 0x14
+	NFT_REG32_13                      = 0x15
+	NFT_REG32_14                      = 0x16
+	NFT_REG32_15                      = 0x17
+	NFT_CONTINUE                      = -0x1
+	NFT_BREAK                         = -0x2
+	NFT_JUMP                          = -0x3
+	NFT_GOTO                          = -0x4
+	NFT_RETURN                        = -0x5
+	NFT_MSG_NEWTABLE                  = 0x0
+	NFT_MSG_GETTABLE                  = 0x1
+	NFT_MSG_DELTABLE                  = 0x2
+	NFT_MSG_NEWCHAIN                  = 0x3
+	NFT_MSG_GETCHAIN                  = 0x4
+	NFT_MSG_DELCHAIN                  = 0x5
+	NFT_MSG_NEWRULE                   = 0x6
+	NFT_MSG_GETRULE                   = 0x7
+	NFT_MSG_DELRULE                   = 0x8
+	NFT_MSG_NEWSET                    = 0x9
+	NFT_MSG_GETSET                    = 0xa
+	NFT_MSG_DELSET                    = 0xb
+	NFT_MSG_NEWSETELEM                = 0xc
+	NFT_MSG_GETSETELEM                = 0xd
+	NFT_MSG_DELSETELEM                = 0xe
+	NFT_MSG_NEWGEN                    = 0xf
+	NFT_MSG_GETGEN                    = 0x10
+	NFT_MSG_TRACE                     = 0x11
+	NFT_MSG_NEWOBJ                    = 0x12
+	NFT_MSG_GETOBJ                    = 0x13
+	NFT_MSG_DELOBJ                    = 0x14
+	NFT_MSG_GETOBJ_RESET              = 0x15
+	NFT_MSG_MAX                       = 0x19
+	NFTA_LIST_UNSPEC                  = 0x0
+	NFTA_LIST_ELEM                    = 0x1
+	NFTA_HOOK_UNSPEC                  = 0x0
+	NFTA_HOOK_HOOKNUM                 = 0x1
+	NFTA_HOOK_PRIORITY                = 0x2
+	NFTA_HOOK_DEV                     = 0x3
+	NFT_TABLE_F_DORMANT               = 0x1
+	NFTA_TABLE_UNSPEC                 = 0x0
+	NFTA_TABLE_NAME                   = 0x1
+	NFTA_TABLE_FLAGS                  = 0x2
+	NFTA_TABLE_USE                    = 0x3
+	NFTA_CHAIN_UNSPEC                 = 0x0
+	NFTA_CHAIN_TABLE                  = 0x1
+	NFTA_CHAIN_HANDLE                 = 0x2
+	NFTA_CHAIN_NAME                   = 0x3
+	NFTA_CHAIN_HOOK                   = 0x4
+	NFTA_CHAIN_POLICY                 = 0x5
+	NFTA_CHAIN_USE                    = 0x6
+	NFTA_CHAIN_TYPE                   = 0x7
+	NFTA_CHAIN_COUNTERS               = 0x8
+	NFTA_CHAIN_PAD                    = 0x9
+	NFTA_RULE_UNSPEC                  = 0x0
+	NFTA_RULE_TABLE                   = 0x1
+	NFTA_RULE_CHAIN                   = 0x2
+	NFTA_RULE_HANDLE                  = 0x3
+	NFTA_RULE_EXPRESSIONS             = 0x4
+	NFTA_RULE_COMPAT                  = 0x5
+	NFTA_RULE_POSITION                = 0x6
+	NFTA_RULE_USERDATA                = 0x7
+	NFTA_RULE_PAD                     = 0x8
+	NFTA_RULE_ID                      = 0x9
+	NFT_RULE_COMPAT_F_INV             = 0x2
+	NFT_RULE_COMPAT_F_MASK            = 0x2
+	NFTA_RULE_COMPAT_UNSPEC           = 0x0
+	NFTA_RULE_COMPAT_PROTO            = 0x1
+	NFTA_RULE_COMPAT_FLAGS            = 0x2
+	NFT_SET_ANONYMOUS                 = 0x1
+	NFT_SET_CONSTANT                  = 0x2
+	NFT_SET_INTERVAL                  = 0x4
+	NFT_SET_MAP                       = 0x8
+	NFT_SET_TIMEOUT                   = 0x10
+	NFT_SET_EVAL                      = 0x20
+	NFT_SET_OBJECT                    = 0x40
+	NFT_SET_POL_PERFORMANCE           = 0x0
+	NFT_SET_POL_MEMORY                = 0x1
+	NFTA_SET_DESC_UNSPEC              = 0x0
+	NFTA_SET_DESC_SIZE                = 0x1
+	NFTA_SET_UNSPEC                   = 0x0
+	NFTA_SET_TABLE                    = 0x1
+	NFTA_SET_NAME                     = 0x2
+	NFTA_SET_FLAGS                    = 0x3
+	NFTA_SET_KEY_TYPE                 = 0x4
+	NFTA_SET_KEY_LEN                  = 0x5
+	NFTA_SET_DATA_TYPE                = 0x6
+	NFTA_SET_DATA_LEN                 = 0x7
+	NFTA_SET_POLICY                   = 0x8
+	NFTA_SET_DESC                     = 0x9
+	NFTA_SET_ID                       = 0xa
+	NFTA_SET_TIMEOUT                  = 0xb
+	NFTA_SET_GC_INTERVAL              = 0xc
+	NFTA_SET_USERDATA                 = 0xd
+	NFTA_SET_PAD                      = 0xe
+	NFTA_SET_OBJ_TYPE                 = 0xf
+	NFT_SET_ELEM_INTERVAL_END         = 0x1
+	NFTA_SET_ELEM_UNSPEC              = 0x0
+	NFTA_SET_ELEM_KEY                 = 0x1
+	NFTA_SET_ELEM_DATA                = 0x2
+	NFTA_SET_ELEM_FLAGS               = 0x3
+	NFTA_SET_ELEM_TIMEOUT             = 0x4
+	NFTA_SET_ELEM_EXPIRATION          = 0x5
+	NFTA_SET_ELEM_USERDATA            = 0x6
+	NFTA_SET_ELEM_EXPR                = 0x7
+	NFTA_SET_ELEM_PAD                 = 0x8
+	NFTA_SET_ELEM_OBJREF              = 0x9
+	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
+	NFTA_SET_ELEM_LIST_TABLE          = 0x1
+	NFTA_SET_ELEM_LIST_SET            = 0x2
+	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
+	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
+	NFT_DATA_VALUE                    = 0x0
+	NFT_DATA_VERDICT                  = 0xffffff00
+	NFTA_DATA_UNSPEC                  = 0x0
+	NFTA_DATA_VALUE                   = 0x1
+	NFTA_DATA_VERDICT                 = 0x2
+	NFTA_VERDICT_UNSPEC               = 0x0
+	NFTA_VERDICT_CODE                 = 0x1
+	NFTA_VERDICT_CHAIN                = 0x2
+	NFTA_EXPR_UNSPEC                  = 0x0
+	NFTA_EXPR_NAME                    = 0x1
+	NFTA_EXPR_DATA                    = 0x2
+	NFTA_IMMEDIATE_UNSPEC             = 0x0
+	NFTA_IMMEDIATE_DREG               = 0x1
+	NFTA_IMMEDIATE_DATA               = 0x2
+	NFTA_BITWISE_UNSPEC               = 0x0
+	NFTA_BITWISE_SREG                 = 0x1
+	NFTA_BITWISE_DREG                 = 0x2
+	NFTA_BITWISE_LEN                  = 0x3
+	NFTA_BITWISE_MASK                 = 0x4
+	NFTA_BITWISE_XOR                  = 0x5
+	NFT_BYTEORDER_NTOH                = 0x0
+	NFT_BYTEORDER_HTON                = 0x1
+	NFTA_BYTEORDER_UNSPEC             = 0x0
+	NFTA_BYTEORDER_SREG               = 0x1
+	NFTA_BYTEORDER_DREG               = 0x2
+	NFTA_BYTEORDER_OP                 = 0x3
+	NFTA_BYTEORDER_LEN                = 0x4
+	NFTA_BYTEORDER_SIZE               = 0x5
+	NFT_CMP_EQ                        = 0x0
+	NFT_CMP_NEQ                       = 0x1
+	NFT_CMP_LT                        = 0x2
+	NFT_CMP_LTE                       = 0x3
+	NFT_CMP_GT                        = 0x4
+	NFT_CMP_GTE                       = 0x5
+	NFTA_CMP_UNSPEC                   = 0x0
+	NFTA_CMP_SREG                     = 0x1
+	NFTA_CMP_OP                       = 0x2
+	NFTA_CMP_DATA                     = 0x3
+	NFT_RANGE_EQ                      = 0x0
+	NFT_RANGE_NEQ                     = 0x1
+	NFTA_RANGE_UNSPEC                 = 0x0
+	NFTA_RANGE_SREG                   = 0x1
+	NFTA_RANGE_OP                     = 0x2
+	NFTA_RANGE_FROM_DATA              = 0x3
+	NFTA_RANGE_TO_DATA                = 0x4
+	NFT_LOOKUP_F_INV                  = 0x1
+	NFTA_LOOKUP_UNSPEC                = 0x0
+	NFTA_LOOKUP_SET                   = 0x1
+	NFTA_LOOKUP_SREG                  = 0x2
+	NFTA_LOOKUP_DREG                  = 0x3
+	NFTA_LOOKUP_SET_ID                = 0x4
+	NFTA_LOOKUP_FLAGS                 = 0x5
+	NFT_DYNSET_OP_ADD                 = 0x0
+	NFT_DYNSET_OP_UPDATE              = 0x1
+	NFT_DYNSET_F_INV                  = 0x1
+	NFTA_DYNSET_UNSPEC                = 0x0
+	NFTA_DYNSET_SET_NAME              = 0x1
+	NFTA_DYNSET_SET_ID                = 0x2
+	NFTA_DYNSET_OP                    = 0x3
+	NFTA_DYNSET_SREG_KEY              = 0x4
+	NFTA_DYNSET_SREG_DATA             = 0x5
+	NFTA_DYNSET_TIMEOUT               = 0x6
+	NFTA_DYNSET_EXPR                  = 0x7
+	NFTA_DYNSET_PAD                   = 0x8
+	NFTA_DYNSET_FLAGS                 = 0x9
+	NFT_PAYLOAD_LL_HEADER             = 0x0
+	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
+	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
+	NFT_PAYLOAD_CSUM_NONE             = 0x0
+	NFT_PAYLOAD_CSUM_INET             = 0x1
+	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
+	NFTA_PAYLOAD_UNSPEC               = 0x0
+	NFTA_PAYLOAD_DREG                 = 0x1
+	NFTA_PAYLOAD_BASE                 = 0x2
+	NFTA_PAYLOAD_OFFSET               = 0x3
+	NFTA_PAYLOAD_LEN                  = 0x4
+	NFTA_PAYLOAD_SREG                 = 0x5
+	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
+	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
+	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
+	NFT_EXTHDR_F_PRESENT              = 0x1
+	NFT_EXTHDR_OP_IPV6                = 0x0
+	NFT_EXTHDR_OP_TCPOPT              = 0x1
+	NFTA_EXTHDR_UNSPEC                = 0x0
+	NFTA_EXTHDR_DREG                  = 0x1
+	NFTA_EXTHDR_TYPE                  = 0x2
+	NFTA_EXTHDR_OFFSET                = 0x3
+	NFTA_EXTHDR_LEN                   = 0x4
+	NFTA_EXTHDR_FLAGS                 = 0x5
+	NFTA_EXTHDR_OP                    = 0x6
+	NFTA_EXTHDR_SREG                  = 0x7
+	NFT_META_LEN                      = 0x0
+	NFT_META_PROTOCOL                 = 0x1
+	NFT_META_PRIORITY                 = 0x2
+	NFT_META_MARK                     = 0x3
+	NFT_META_IIF                      = 0x4
+	NFT_META_OIF                      = 0x5
+	NFT_META_IIFNAME                  = 0x6
+	NFT_META_OIFNAME                  = 0x7
+	NFT_META_IIFTYPE                  = 0x8
+	NFT_META_OIFTYPE                  = 0x9
+	NFT_META_SKUID                    = 0xa
+	NFT_META_SKGID                    = 0xb
+	NFT_META_NFTRACE                  = 0xc
+	NFT_META_RTCLASSID                = 0xd
+	NFT_META_SECMARK                  = 0xe
+	NFT_META_NFPROTO                  = 0xf
+	NFT_META_L4PROTO                  = 0x10
+	NFT_META_BRI_IIFNAME              = 0x11
+	NFT_META_BRI_OIFNAME              = 0x12
+	NFT_META_PKTTYPE                  = 0x13
+	NFT_META_CPU                      = 0x14
+	NFT_META_IIFGROUP                 = 0x15
+	NFT_META_OIFGROUP                 = 0x16
+	NFT_META_CGROUP                   = 0x17
+	NFT_META_PRANDOM                  = 0x18
+	NFT_RT_CLASSID                    = 0x0
+	NFT_RT_NEXTHOP4                   = 0x1
+	NFT_RT_NEXTHOP6                   = 0x2
+	NFT_RT_TCPMSS                     = 0x3
+	NFT_HASH_JENKINS                  = 0x0
+	NFT_HASH_SYM                      = 0x1
+	NFTA_HASH_UNSPEC                  = 0x0
+	NFTA_HASH_SREG                    = 0x1
+	NFTA_HASH_DREG                    = 0x2
+	NFTA_HASH_LEN                     = 0x3
+	NFTA_HASH_MODULUS                 = 0x4
+	NFTA_HASH_SEED                    = 0x5
+	NFTA_HASH_OFFSET                  = 0x6
+	NFTA_HASH_TYPE                    = 0x7
+	NFTA_META_UNSPEC                  = 0x0
+	NFTA_META_DREG                    = 0x1
+	NFTA_META_KEY                     = 0x2
+	NFTA_META_SREG                    = 0x3
+	NFTA_RT_UNSPEC                    = 0x0
+	NFTA_RT_DREG                      = 0x1
+	NFTA_RT_KEY                       = 0x2
+	NFT_CT_STATE                      = 0x0
+	NFT_CT_DIRECTION                  = 0x1
+	NFT_CT_STATUS                     = 0x2
+	NFT_CT_MARK                       = 0x3
+	NFT_CT_SECMARK                    = 0x4
+	NFT_CT_EXPIRATION                 = 0x5
+	NFT_CT_HELPER                     = 0x6
+	NFT_CT_L3PROTOCOL                 = 0x7
+	NFT_CT_SRC                        = 0x8
+	NFT_CT_DST                        = 0x9
+	NFT_CT_PROTOCOL                   = 0xa
+	NFT_CT_PROTO_SRC                  = 0xb
+	NFT_CT_PROTO_DST                  = 0xc
+	NFT_CT_LABELS                     = 0xd
+	NFT_CT_PKTS                       = 0xe
+	NFT_CT_BYTES                      = 0xf
+	NFT_CT_AVGPKT                     = 0x10
+	NFT_CT_ZONE                       = 0x11
+	NFT_CT_EVENTMASK                  = 0x12
+	NFTA_CT_UNSPEC                    = 0x0
+	NFTA_CT_DREG                      = 0x1
+	NFTA_CT_KEY                       = 0x2
+	NFTA_CT_DIRECTION                 = 0x3
+	NFTA_CT_SREG                      = 0x4
+	NFT_LIMIT_PKTS                    = 0x0
+	NFT_LIMIT_PKT_BYTES               = 0x1
+	NFT_LIMIT_F_INV                   = 0x1
+	NFTA_LIMIT_UNSPEC                 = 0x0
+	NFTA_LIMIT_RATE                   = 0x1
+	NFTA_LIMIT_UNIT                   = 0x2
+	NFTA_LIMIT_BURST                  = 0x3
+	NFTA_LIMIT_TYPE                   = 0x4
+	NFTA_LIMIT_FLAGS                  = 0x5
+	NFTA_LIMIT_PAD                    = 0x6
+	NFTA_COUNTER_UNSPEC               = 0x0
+	NFTA_COUNTER_BYTES                = 0x1
+	NFTA_COUNTER_PACKETS              = 0x2
+	NFTA_COUNTER_PAD                  = 0x3
+	NFTA_LOG_UNSPEC                   = 0x0
+	NFTA_LOG_GROUP                    = 0x1
+	NFTA_LOG_PREFIX                   = 0x2
+	NFTA_LOG_SNAPLEN                  = 0x3
+	NFTA_LOG_QTHRESHOLD               = 0x4
+	NFTA_LOG_LEVEL                    = 0x5
+	NFTA_LOG_FLAGS                    = 0x6
+	NFTA_QUEUE_UNSPEC                 = 0x0
+	NFTA_QUEUE_NUM                    = 0x1
+	NFTA_QUEUE_TOTAL                  = 0x2
+	NFTA_QUEUE_FLAGS                  = 0x3
+	NFTA_QUEUE_SREG_QNUM              = 0x4
+	NFT_QUOTA_F_INV                   = 0x1
+	NFT_QUOTA_F_DEPLETED              = 0x2
+	NFTA_QUOTA_UNSPEC                 = 0x0
+	NFTA_QUOTA_BYTES                  = 0x1
+	NFTA_QUOTA_FLAGS                  = 0x2
+	NFTA_QUOTA_PAD                    = 0x3
+	NFTA_QUOTA_CONSUMED               = 0x4
+	NFT_REJECT_ICMP_UNREACH           = 0x0
+	NFT_REJECT_TCP_RST                = 0x1
+	NFT_REJECT_ICMPX_UNREACH          = 0x2
+	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
+	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
+	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
+	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
+	NFTA_REJECT_UNSPEC                = 0x0
+	NFTA_REJECT_TYPE                  = 0x1
+	NFTA_REJECT_ICMP_CODE             = 0x2
+	NFT_NAT_SNAT                      = 0x0
+	NFT_NAT_DNAT                      = 0x1
+	NFTA_NAT_UNSPEC                   = 0x0
+	NFTA_NAT_TYPE                     = 0x1
+	NFTA_NAT_FAMILY                   = 0x2
+	NFTA_NAT_REG_ADDR_MIN             = 0x3
+	NFTA_NAT_REG_ADDR_MAX             = 0x4
+	NFTA_NAT_REG_PROTO_MIN            = 0x5
+	NFTA_NAT_REG_PROTO_MAX            = 0x6
+	NFTA_NAT_FLAGS                    = 0x7
+	NFTA_MASQ_UNSPEC                  = 0x0
+	NFTA_MASQ_FLAGS                   = 0x1
+	NFTA_MASQ_REG_PROTO_MIN           = 0x2
+	NFTA_MASQ_REG_PROTO_MAX           = 0x3
+	NFTA_REDIR_UNSPEC                 = 0x0
+	NFTA_REDIR_REG_PROTO_MIN          = 0x1
+	NFTA_REDIR_REG_PROTO_MAX          = 0x2
+	NFTA_REDIR_FLAGS                  = 0x3
+	NFTA_DUP_UNSPEC                   = 0x0
+	NFTA_DUP_SREG_ADDR                = 0x1
+	NFTA_DUP_SREG_DEV                 = 0x2
+	NFTA_FWD_UNSPEC                   = 0x0
+	NFTA_FWD_SREG_DEV                 = 0x1
+	NFTA_OBJREF_UNSPEC                = 0x0
+	NFTA_OBJREF_IMM_TYPE              = 0x1
+	NFTA_OBJREF_IMM_NAME              = 0x2
+	NFTA_OBJREF_SET_SREG              = 0x3
+	NFTA_OBJREF_SET_NAME              = 0x4
+	NFTA_OBJREF_SET_ID                = 0x5
+	NFTA_GEN_UNSPEC                   = 0x0
+	NFTA_GEN_ID                       = 0x1
+	NFTA_GEN_PROC_PID                 = 0x2
+	NFTA_GEN_PROC_NAME                = 0x3
+	NFTA_FIB_UNSPEC                   = 0x0
+	NFTA_FIB_DREG                     = 0x1
+	NFTA_FIB_RESULT                   = 0x2
+	NFTA_FIB_FLAGS                    = 0x3
+	NFT_FIB_RESULT_UNSPEC             = 0x0
+	NFT_FIB_RESULT_OIF                = 0x1
+	NFT_FIB_RESULT_OIFNAME            = 0x2
+	NFT_FIB_RESULT_ADDRTYPE           = 0x3
+	NFTA_FIB_F_SADDR                  = 0x1
+	NFTA_FIB_F_DADDR                  = 0x2
+	NFTA_FIB_F_MARK                   = 0x4
+	NFTA_FIB_F_IIF                    = 0x8
+	NFTA_FIB_F_OIF                    = 0x10
+	NFTA_FIB_F_PRESENT                = 0x20
+	NFTA_CT_HELPER_UNSPEC             = 0x0
+	NFTA_CT_HELPER_NAME               = 0x1
+	NFTA_CT_HELPER_L3PROTO            = 0x2
+	NFTA_CT_HELPER_L4PROTO            = 0x3
+	NFTA_OBJ_UNSPEC                   = 0x0
+	NFTA_OBJ_TABLE                    = 0x1
+	NFTA_OBJ_NAME                     = 0x2
+	NFTA_OBJ_TYPE                     = 0x3
+	NFTA_OBJ_DATA                     = 0x4
+	NFTA_OBJ_USE                      = 0x5
+	NFTA_TRACE_UNSPEC                 = 0x0
+	NFTA_TRACE_TABLE                  = 0x1
+	NFTA_TRACE_CHAIN                  = 0x2
+	NFTA_TRACE_RULE_HANDLE            = 0x3
+	NFTA_TRACE_TYPE                   = 0x4
+	NFTA_TRACE_VERDICT                = 0x5
+	NFTA_TRACE_ID                     = 0x6
+	NFTA_TRACE_LL_HEADER              = 0x7
+	NFTA_TRACE_NETWORK_HEADER         = 0x8
+	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
+	NFTA_TRACE_IIF                    = 0xa
+	NFTA_TRACE_IIFTYPE                = 0xb
+	NFTA_TRACE_OIF                    = 0xc
+	NFTA_TRACE_OIFTYPE                = 0xd
+	NFTA_TRACE_MARK                   = 0xe
+	NFTA_TRACE_NFPROTO                = 0xf
+	NFTA_TRACE_POLICY                 = 0x10
+	NFTA_TRACE_PAD                    = 0x11
+	NFT_TRACETYPE_UNSPEC              = 0x0
+	NFT_TRACETYPE_POLICY              = 0x1
+	NFT_TRACETYPE_RETURN              = 0x2
+	NFT_TRACETYPE_RULE                = 0x3
+	NFTA_NG_UNSPEC                    = 0x0
+	NFTA_NG_DREG                      = 0x1
+	NFTA_NG_MODULUS                   = 0x2
+	NFTA_NG_TYPE                      = 0x3
+	NFTA_NG_OFFSET                    = 0x4
+	NFT_NG_INCREMENTAL                = 0x0
+	NFT_NG_RANDOM                     = 0x1
+)
+
+const (
+	NFTA_TARGET_UNSPEC = 0x0
+	NFTA_TARGET_NAME   = 0x1
+	NFTA_TARGET_REV    = 0x2
+	NFTA_TARGET_INFO   = 0x3
+	NFTA_MATCH_UNSPEC  = 0x0
+	NFTA_MATCH_NAME    = 0x1
+	NFTA_MATCH_REV     = 0x2
+	NFTA_MATCH_INFO    = 0x3
+	NFTA_COMPAT_UNSPEC = 0x0
+	NFTA_COMPAT_NAME   = 0x1
+	NFTA_COMPAT_REV    = 0x2
+	NFTA_COMPAT_TYPE   = 0x3
+)
+
+type RTCTime struct {
+	Sec   int32
+	Min   int32
+	Hour  int32
+	Mday  int32
+	Mon   int32
+	Year  int32
+	Wday  int32
+	Yday  int32
+	Isdst int32
+}
+
+type RTCWkAlrm struct {
+	Enabled uint8
+	Pending uint8
+	Time    RTCTime
+}
+
+type BlkpgIoctlArg struct {
+	Op      int32
+	Flags   int32
+	Datalen int32
+	Data    *byte
+}
+
+const (
+	BLKPG_ADD_PARTITION    = 0x1
+	BLKPG_DEL_PARTITION    = 0x2
+	BLKPG_RESIZE_PARTITION = 0x3
+)
+
+const (
+	NETNSA_NONE         = 0x0
+	NETNSA_NSID         = 0x1
+	NETNSA_PID          = 0x2
+	NETNSA_FD           = 0x3
+	NETNSA_TARGET_NSID  = 0x4
+	NETNSA_CURRENT_NSID = 0x5
+)
+
+type XDPRingOffset struct {
+	Producer uint64
+	Consumer uint64
+	Desc     uint64
+	Flags    uint64
+}
+
+type XDPMmapOffsets struct {
+	Rx XDPRingOffset
+	Tx XDPRingOffset
+	Fr XDPRingOffset
+	Cr XDPRingOffset
+}
+
+type XDPStatistics struct {
+	Rx_dropped               uint64
+	Rx_invalid_descs         uint64
+	Tx_invalid_descs         uint64
+	Rx_ring_full             uint64
+	Rx_fill_ring_empty_descs uint64
+	Tx_ring_empty_descs      uint64
+}
+
+type XDPDesc struct {
+	Addr    uint64
+	Len     uint32
+	Options uint32
+}
+
+const (
+	NCSI_CMD_UNSPEC                 = 0x0
+	NCSI_CMD_PKG_INFO               = 0x1
+	NCSI_CMD_SET_INTERFACE          = 0x2
+	NCSI_CMD_CLEAR_INTERFACE        = 0x3
+	NCSI_ATTR_UNSPEC                = 0x0
+	NCSI_ATTR_IFINDEX               = 0x1
+	NCSI_ATTR_PACKAGE_LIST          = 0x2
+	NCSI_ATTR_PACKAGE_ID            = 0x3
+	NCSI_ATTR_CHANNEL_ID            = 0x4
+	NCSI_PKG_ATTR_UNSPEC            = 0x0
+	NCSI_PKG_ATTR                   = 0x1
+	NCSI_PKG_ATTR_ID                = 0x2
+	NCSI_PKG_ATTR_FORCED            = 0x3
+	NCSI_PKG_ATTR_CHANNEL_LIST      = 0x4
+	NCSI_CHANNEL_ATTR_UNSPEC        = 0x0
+	NCSI_CHANNEL_ATTR               = 0x1
+	NCSI_CHANNEL_ATTR_ID            = 0x2
+	NCSI_CHANNEL_ATTR_VERSION_MAJOR = 0x3
+	NCSI_CHANNEL_ATTR_VERSION_MINOR = 0x4
+	NCSI_CHANNEL_ATTR_VERSION_STR   = 0x5
+	NCSI_CHANNEL_ATTR_LINK_STATE    = 0x6
+	NCSI_CHANNEL_ATTR_ACTIVE        = 0x7
+	NCSI_CHANNEL_ATTR_FORCED        = 0x8
+	NCSI_CHANNEL_ATTR_VLAN_LIST     = 0x9
+	NCSI_CHANNEL_ATTR_VLAN_ID       = 0xa
+)
+
+type ScmTimestamping struct {
+	Ts [3]Timespec
+}
+
+const (
+	SOF_TIMESTAMPING_TX_HARDWARE  = 0x1
+	SOF_TIMESTAMPING_TX_SOFTWARE  = 0x2
+	SOF_TIMESTAMPING_RX_HARDWARE  = 0x4
+	SOF_TIMESTAMPING_RX_SOFTWARE  = 0x8
+	SOF_TIMESTAMPING_SOFTWARE     = 0x10
+	SOF_TIMESTAMPING_SYS_HARDWARE = 0x20
+	SOF_TIMESTAMPING_RAW_HARDWARE = 0x40
+	SOF_TIMESTAMPING_OPT_ID       = 0x80
+	SOF_TIMESTAMPING_TX_SCHED     = 0x100
+	SOF_TIMESTAMPING_TX_ACK       = 0x200
+	SOF_TIMESTAMPING_OPT_CMSG     = 0x400
+	SOF_TIMESTAMPING_OPT_TSONLY   = 0x800
+	SOF_TIMESTAMPING_OPT_STATS    = 0x1000
+	SOF_TIMESTAMPING_OPT_PKTINFO  = 0x2000
+	SOF_TIMESTAMPING_OPT_TX_SWHW  = 0x4000
+
+	SOF_TIMESTAMPING_LAST = 0x8000
+	SOF_TIMESTAMPING_MASK = 0xffff
+
+	SCM_TSTAMP_SND   = 0x0
+	SCM_TSTAMP_SCHED = 0x1
+	SCM_TSTAMP_ACK   = 0x2
+)
+
+type SockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type FanotifyEventMetadata struct {
+	Event_len    uint32
+	Vers         uint8
+	Reserved     uint8
+	Metadata_len uint16
+	Mask         uint64
+	Fd           int32
+	Pid          int32
+}
+
+type FanotifyResponse struct {
+	Fd       int32
+	Response uint32
+}
+
+const (
+	CRYPTO_MSG_BASE      = 0x10
+	CRYPTO_MSG_NEWALG    = 0x10
+	CRYPTO_MSG_DELALG    = 0x11
+	CRYPTO_MSG_UPDATEALG = 0x12
+	CRYPTO_MSG_GETALG    = 0x13
+	CRYPTO_MSG_DELRNG    = 0x14
+	CRYPTO_MSG_GETSTAT   = 0x15
+)
+
+const (
+	CRYPTOCFGA_UNSPEC           = 0x0
+	CRYPTOCFGA_PRIORITY_VAL     = 0x1
+	CRYPTOCFGA_REPORT_LARVAL    = 0x2
+	CRYPTOCFGA_REPORT_HASH      = 0x3
+	CRYPTOCFGA_REPORT_BLKCIPHER = 0x4
+	CRYPTOCFGA_REPORT_AEAD      = 0x5
+	CRYPTOCFGA_REPORT_COMPRESS  = 0x6
+	CRYPTOCFGA_REPORT_RNG       = 0x7
+	CRYPTOCFGA_REPORT_CIPHER    = 0x8
+	CRYPTOCFGA_REPORT_AKCIPHER  = 0x9
+	CRYPTOCFGA_REPORT_KPP       = 0xa
+	CRYPTOCFGA_REPORT_ACOMP     = 0xb
+	CRYPTOCFGA_STAT_LARVAL      = 0xc
+	CRYPTOCFGA_STAT_HASH        = 0xd
+	CRYPTOCFGA_STAT_BLKCIPHER   = 0xe
+	CRYPTOCFGA_STAT_AEAD        = 0xf
+	CRYPTOCFGA_STAT_COMPRESS    = 0x10
+	CRYPTOCFGA_STAT_RNG         = 0x11
+	CRYPTOCFGA_STAT_CIPHER      = 0x12
+	CRYPTOCFGA_STAT_AKCIPHER    = 0x13
+	CRYPTOCFGA_STAT_KPP         = 0x14
+	CRYPTOCFGA_STAT_ACOMP       = 0x15
+)
+
+const (
+	BPF_REG_0                                  = 0x0
+	BPF_REG_1                                  = 0x1
+	BPF_REG_2                                  = 0x2
+	BPF_REG_3                                  = 0x3
+	BPF_REG_4                                  = 0x4
+	BPF_REG_5                                  = 0x5
+	BPF_REG_6                                  = 0x6
+	BPF_REG_7                                  = 0x7
+	BPF_REG_8                                  = 0x8
+	BPF_REG_9                                  = 0x9
+	BPF_REG_10                                 = 0xa
+	BPF_MAP_CREATE                             = 0x0
+	BPF_MAP_LOOKUP_ELEM                        = 0x1
+	BPF_MAP_UPDATE_ELEM                        = 0x2
+	BPF_MAP_DELETE_ELEM                        = 0x3
+	BPF_MAP_GET_NEXT_KEY                       = 0x4
+	BPF_PROG_LOAD                              = 0x5
+	BPF_OBJ_PIN                                = 0x6
+	BPF_OBJ_GET                                = 0x7
+	BPF_PROG_ATTACH                            = 0x8
+	BPF_PROG_DETACH                            = 0x9
+	BPF_PROG_TEST_RUN                          = 0xa
+	BPF_PROG_GET_NEXT_ID                       = 0xb
+	BPF_MAP_GET_NEXT_ID                        = 0xc
+	BPF_PROG_GET_FD_BY_ID                      = 0xd
+	BPF_MAP_GET_FD_BY_ID                       = 0xe
+	BPF_OBJ_GET_INFO_BY_FD                     = 0xf
+	BPF_PROG_QUERY                             = 0x10
+	BPF_RAW_TRACEPOINT_OPEN                    = 0x11
+	BPF_BTF_LOAD                               = 0x12
+	BPF_BTF_GET_FD_BY_ID                       = 0x13
+	BPF_TASK_FD_QUERY                          = 0x14
+	BPF_MAP_LOOKUP_AND_DELETE_ELEM             = 0x15
+	BPF_MAP_FREEZE                             = 0x16
+	BPF_BTF_GET_NEXT_ID                        = 0x17
+	BPF_MAP_LOOKUP_BATCH                       = 0x18
+	BPF_MAP_LOOKUP_AND_DELETE_BATCH            = 0x19
+	BPF_MAP_UPDATE_BATCH                       = 0x1a
+	BPF_MAP_DELETE_BATCH                       = 0x1b
+	BPF_LINK_CREATE                            = 0x1c
+	BPF_LINK_UPDATE                            = 0x1d
+	BPF_LINK_GET_FD_BY_ID                      = 0x1e
+	BPF_LINK_GET_NEXT_ID                       = 0x1f
+	BPF_ENABLE_STATS                           = 0x20
+	BPF_ITER_CREATE                            = 0x21
+	BPF_LINK_DETACH                            = 0x22
+	BPF_PROG_BIND_MAP                          = 0x23
+	BPF_MAP_TYPE_UNSPEC                        = 0x0
+	BPF_MAP_TYPE_HASH                          = 0x1
+	BPF_MAP_TYPE_ARRAY                         = 0x2
+	BPF_MAP_TYPE_PROG_ARRAY                    = 0x3
+	BPF_MAP_TYPE_PERF_EVENT_ARRAY              = 0x4
+	BPF_MAP_TYPE_PERCPU_HASH                   = 0x5
+	BPF_MAP_TYPE_PERCPU_ARRAY                  = 0x6
+	BPF_MAP_TYPE_STACK_TRACE                   = 0x7
+	BPF_MAP_TYPE_CGROUP_ARRAY                  = 0x8
+	BPF_MAP_TYPE_LRU_HASH                      = 0x9
+	BPF_MAP_TYPE_LRU_PERCPU_HASH               = 0xa
+	BPF_MAP_TYPE_LPM_TRIE                      = 0xb
+	BPF_MAP_TYPE_ARRAY_OF_MAPS                 = 0xc
+	BPF_MAP_TYPE_HASH_OF_MAPS                  = 0xd
+	BPF_MAP_TYPE_DEVMAP                        = 0xe
+	BPF_MAP_TYPE_SOCKMAP                       = 0xf
+	BPF_MAP_TYPE_CPUMAP                        = 0x10
+	BPF_MAP_TYPE_XSKMAP                        = 0x11
+	BPF_MAP_TYPE_SOCKHASH                      = 0x12
+	BPF_MAP_TYPE_CGROUP_STORAGE                = 0x13
+	BPF_MAP_TYPE_REUSEPORT_SOCKARRAY           = 0x14
+	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE         = 0x15
+	BPF_MAP_TYPE_QUEUE                         = 0x16
+	BPF_MAP_TYPE_STACK                         = 0x17
+	BPF_MAP_TYPE_SK_STORAGE                    = 0x18
+	BPF_MAP_TYPE_DEVMAP_HASH                   = 0x19
+	BPF_MAP_TYPE_STRUCT_OPS                    = 0x1a
+	BPF_MAP_TYPE_RINGBUF                       = 0x1b
+	BPF_MAP_TYPE_INODE_STORAGE                 = 0x1c
+	BPF_PROG_TYPE_UNSPEC                       = 0x0
+	BPF_PROG_TYPE_SOCKET_FILTER                = 0x1
+	BPF_PROG_TYPE_KPROBE                       = 0x2
+	BPF_PROG_TYPE_SCHED_CLS                    = 0x3
+	BPF_PROG_TYPE_SCHED_ACT                    = 0x4
+	BPF_PROG_TYPE_TRACEPOINT                   = 0x5
+	BPF_PROG_TYPE_XDP                          = 0x6
+	BPF_PROG_TYPE_PERF_EVENT                   = 0x7
+	BPF_PROG_TYPE_CGROUP_SKB                   = 0x8
+	BPF_PROG_TYPE_CGROUP_SOCK                  = 0x9
+	BPF_PROG_TYPE_LWT_IN                       = 0xa
+	BPF_PROG_TYPE_LWT_OUT                      = 0xb
+	BPF_PROG_TYPE_LWT_XMIT                     = 0xc
+	BPF_PROG_TYPE_SOCK_OPS                     = 0xd
+	BPF_PROG_TYPE_SK_SKB                       = 0xe
+	BPF_PROG_TYPE_CGROUP_DEVICE                = 0xf
+	BPF_PROG_TYPE_SK_MSG                       = 0x10
+	BPF_PROG_TYPE_RAW_TRACEPOINT               = 0x11
+	BPF_PROG_TYPE_CGROUP_SOCK_ADDR             = 0x12
+	BPF_PROG_TYPE_LWT_SEG6LOCAL                = 0x13
+	BPF_PROG_TYPE_LIRC_MODE2                   = 0x14
+	BPF_PROG_TYPE_SK_REUSEPORT                 = 0x15
+	BPF_PROG_TYPE_FLOW_DISSECTOR               = 0x16
+	BPF_PROG_TYPE_CGROUP_SYSCTL                = 0x17
+	BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE      = 0x18
+	BPF_PROG_TYPE_CGROUP_SOCKOPT               = 0x19
+	BPF_PROG_TYPE_TRACING                      = 0x1a
+	BPF_PROG_TYPE_STRUCT_OPS                   = 0x1b
+	BPF_PROG_TYPE_EXT                          = 0x1c
+	BPF_PROG_TYPE_LSM                          = 0x1d
+	BPF_PROG_TYPE_SK_LOOKUP                    = 0x1e
+	BPF_CGROUP_INET_INGRESS                    = 0x0
+	BPF_CGROUP_INET_EGRESS                     = 0x1
+	BPF_CGROUP_INET_SOCK_CREATE                = 0x2
+	BPF_CGROUP_SOCK_OPS                        = 0x3
+	BPF_SK_SKB_STREAM_PARSER                   = 0x4
+	BPF_SK_SKB_STREAM_VERDICT                  = 0x5
+	BPF_CGROUP_DEVICE                          = 0x6
+	BPF_SK_MSG_VERDICT                         = 0x7
+	BPF_CGROUP_INET4_BIND                      = 0x8
+	BPF_CGROUP_INET6_BIND                      = 0x9
+	BPF_CGROUP_INET4_CONNECT                   = 0xa
+	BPF_CGROUP_INET6_CONNECT                   = 0xb
+	BPF_CGROUP_INET4_POST_BIND                 = 0xc
+	BPF_CGROUP_INET6_POST_BIND                 = 0xd
+	BPF_CGROUP_UDP4_SENDMSG                    = 0xe
+	BPF_CGROUP_UDP6_SENDMSG                    = 0xf
+	BPF_LIRC_MODE2                             = 0x10
+	BPF_FLOW_DISSECTOR                         = 0x11
+	BPF_CGROUP_SYSCTL                          = 0x12
+	BPF_CGROUP_UDP4_RECVMSG                    = 0x13
+	BPF_CGROUP_UDP6_RECVMSG                    = 0x14
+	BPF_CGROUP_GETSOCKOPT                      = 0x15
+	BPF_CGROUP_SETSOCKOPT                      = 0x16
+	BPF_TRACE_RAW_TP                           = 0x17
+	BPF_TRACE_FENTRY                           = 0x18
+	BPF_TRACE_FEXIT                            = 0x19
+	BPF_MODIFY_RETURN                          = 0x1a
+	BPF_LSM_MAC                                = 0x1b
+	BPF_TRACE_ITER                             = 0x1c
+	BPF_CGROUP_INET4_GETPEERNAME               = 0x1d
+	BPF_CGROUP_INET6_GETPEERNAME               = 0x1e
+	BPF_CGROUP_INET4_GETSOCKNAME               = 0x1f
+	BPF_CGROUP_INET6_GETSOCKNAME               = 0x20
+	BPF_XDP_DEVMAP                             = 0x21
+	BPF_CGROUP_INET_SOCK_RELEASE               = 0x22
+	BPF_XDP_CPUMAP                             = 0x23
+	BPF_SK_LOOKUP                              = 0x24
+	BPF_XDP                                    = 0x25
+	BPF_LINK_TYPE_UNSPEC                       = 0x0
+	BPF_LINK_TYPE_RAW_TRACEPOINT               = 0x1
+	BPF_LINK_TYPE_TRACING                      = 0x2
+	BPF_LINK_TYPE_CGROUP                       = 0x3
+	BPF_LINK_TYPE_ITER                         = 0x4
+	BPF_LINK_TYPE_NETNS                        = 0x5
+	BPF_LINK_TYPE_XDP                          = 0x6
+	BPF_ANY                                    = 0x0
+	BPF_NOEXIST                                = 0x1
+	BPF_EXIST                                  = 0x2
+	BPF_F_LOCK                                 = 0x4
+	BPF_F_NO_PREALLOC                          = 0x1
+	BPF_F_NO_COMMON_LRU                        = 0x2
+	BPF_F_NUMA_NODE                            = 0x4
+	BPF_F_RDONLY                               = 0x8
+	BPF_F_WRONLY                               = 0x10
+	BPF_F_STACK_BUILD_ID                       = 0x20
+	BPF_F_ZERO_SEED                            = 0x40
+	BPF_F_RDONLY_PROG                          = 0x80
+	BPF_F_WRONLY_PROG                          = 0x100
+	BPF_F_CLONE                                = 0x200
+	BPF_F_MMAPABLE                             = 0x400
+	BPF_F_PRESERVE_ELEMS                       = 0x800
+	BPF_F_INNER_MAP                            = 0x1000
+	BPF_STATS_RUN_TIME                         = 0x0
+	BPF_STACK_BUILD_ID_EMPTY                   = 0x0
+	BPF_STACK_BUILD_ID_VALID                   = 0x1
+	BPF_STACK_BUILD_ID_IP                      = 0x2
+	BPF_F_RECOMPUTE_CSUM                       = 0x1
+	BPF_F_INVALIDATE_HASH                      = 0x2
+	BPF_F_HDR_FIELD_MASK                       = 0xf
+	BPF_F_PSEUDO_HDR                           = 0x10
+	BPF_F_MARK_MANGLED_0                       = 0x20
+	BPF_F_MARK_ENFORCE                         = 0x40
+	BPF_F_INGRESS                              = 0x1
+	BPF_F_TUNINFO_IPV6                         = 0x1
+	BPF_F_SKIP_FIELD_MASK                      = 0xff
+	BPF_F_USER_STACK                           = 0x100
+	BPF_F_FAST_STACK_CMP                       = 0x200
+	BPF_F_REUSE_STACKID                        = 0x400
+	BPF_F_USER_BUILD_ID                        = 0x800
+	BPF_F_ZERO_CSUM_TX                         = 0x2
+	BPF_F_DONT_FRAGMENT                        = 0x4
+	BPF_F_SEQ_NUMBER                           = 0x8
+	BPF_F_INDEX_MASK                           = 0xffffffff
+	BPF_F_CURRENT_CPU                          = 0xffffffff
+	BPF_F_CTXLEN_MASK                          = 0xfffff00000000
+	BPF_F_CURRENT_NETNS                        = -0x1
+	BPF_CSUM_LEVEL_QUERY                       = 0x0
+	BPF_CSUM_LEVEL_INC                         = 0x1
+	BPF_CSUM_LEVEL_DEC                         = 0x2
+	BPF_CSUM_LEVEL_RESET                       = 0x3
+	BPF_F_ADJ_ROOM_FIXED_GSO                   = 0x1
+	BPF_F_ADJ_ROOM_ENCAP_L3_IPV4               = 0x2
+	BPF_F_ADJ_ROOM_ENCAP_L3_IPV6               = 0x4
+	BPF_F_ADJ_ROOM_ENCAP_L4_GRE                = 0x8
+	BPF_F_ADJ_ROOM_ENCAP_L4_UDP                = 0x10
+	BPF_F_ADJ_ROOM_NO_CSUM_RESET               = 0x20
+	BPF_ADJ_ROOM_ENCAP_L2_MASK                 = 0xff
+	BPF_ADJ_ROOM_ENCAP_L2_SHIFT                = 0x38
+	BPF_F_SYSCTL_BASE_NAME                     = 0x1
+	BPF_LOCAL_STORAGE_GET_F_CREATE             = 0x1
+	BPF_SK_STORAGE_GET_F_CREATE                = 0x1
+	BPF_F_GET_BRANCH_RECORDS_SIZE              = 0x1
+	BPF_RB_NO_WAKEUP                           = 0x1
+	BPF_RB_FORCE_WAKEUP                        = 0x2
+	BPF_RB_AVAIL_DATA                          = 0x0
+	BPF_RB_RING_SIZE                           = 0x1
+	BPF_RB_CONS_POS                            = 0x2
+	BPF_RB_PROD_POS                            = 0x3
+	BPF_RINGBUF_BUSY_BIT                       = 0x80000000
+	BPF_RINGBUF_DISCARD_BIT                    = 0x40000000
+	BPF_RINGBUF_HDR_SZ                         = 0x8
+	BPF_SK_LOOKUP_F_REPLACE                    = 0x1
+	BPF_SK_LOOKUP_F_NO_REUSEPORT               = 0x2
+	BPF_ADJ_ROOM_NET                           = 0x0
+	BPF_ADJ_ROOM_MAC                           = 0x1
+	BPF_HDR_START_MAC                          = 0x0
+	BPF_HDR_START_NET                          = 0x1
+	BPF_LWT_ENCAP_SEG6                         = 0x0
+	BPF_LWT_ENCAP_SEG6_INLINE                  = 0x1
+	BPF_LWT_ENCAP_IP                           = 0x2
+	BPF_OK                                     = 0x0
+	BPF_DROP                                   = 0x2
+	BPF_REDIRECT                               = 0x7
+	BPF_LWT_REROUTE                            = 0x80
+	BPF_SOCK_OPS_RTO_CB_FLAG                   = 0x1
+	BPF_SOCK_OPS_RETRANS_CB_FLAG               = 0x2
+	BPF_SOCK_OPS_STATE_CB_FLAG                 = 0x4
+	BPF_SOCK_OPS_RTT_CB_FLAG                   = 0x8
+	BPF_SOCK_OPS_PARSE_ALL_HDR_OPT_CB_FLAG     = 0x10
+	BPF_SOCK_OPS_PARSE_UNKNOWN_HDR_OPT_CB_FLAG = 0x20
+	BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG         = 0x40
+	BPF_SOCK_OPS_ALL_CB_FLAGS                  = 0x7f
+	BPF_SOCK_OPS_VOID                          = 0x0
+	BPF_SOCK_OPS_TIMEOUT_INIT                  = 0x1
+	BPF_SOCK_OPS_RWND_INIT                     = 0x2
+	BPF_SOCK_OPS_TCP_CONNECT_CB                = 0x3
+	BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB         = 0x4
+	BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB        = 0x5
+	BPF_SOCK_OPS_NEEDS_ECN                     = 0x6
+	BPF_SOCK_OPS_BASE_RTT                      = 0x7
+	BPF_SOCK_OPS_RTO_CB                        = 0x8
+	BPF_SOCK_OPS_RETRANS_CB                    = 0x9
+	BPF_SOCK_OPS_STATE_CB                      = 0xa
+	BPF_SOCK_OPS_TCP_LISTEN_CB                 = 0xb
+	BPF_SOCK_OPS_RTT_CB                        = 0xc
+	BPF_SOCK_OPS_PARSE_HDR_OPT_CB              = 0xd
+	BPF_SOCK_OPS_HDR_OPT_LEN_CB                = 0xe
+	BPF_SOCK_OPS_WRITE_HDR_OPT_CB              = 0xf
+	BPF_TCP_ESTABLISHED                        = 0x1
+	BPF_TCP_SYN_SENT                           = 0x2
+	BPF_TCP_SYN_RECV                           = 0x3
+	BPF_TCP_FIN_WAIT1                          = 0x4
+	BPF_TCP_FIN_WAIT2                          = 0x5
+	BPF_TCP_TIME_WAIT                          = 0x6
+	BPF_TCP_CLOSE                              = 0x7
+	BPF_TCP_CLOSE_WAIT                         = 0x8
+	BPF_TCP_LAST_ACK                           = 0x9
+	BPF_TCP_LISTEN                             = 0xa
+	BPF_TCP_CLOSING                            = 0xb
+	BPF_TCP_NEW_SYN_RECV                       = 0xc
+	BPF_TCP_MAX_STATES                         = 0xd
+	TCP_BPF_IW                                 = 0x3e9
+	TCP_BPF_SNDCWND_CLAMP                      = 0x3ea
+	TCP_BPF_DELACK_MAX                         = 0x3eb
+	TCP_BPF_RTO_MIN                            = 0x3ec
+	TCP_BPF_SYN                                = 0x3ed
+	TCP_BPF_SYN_IP                             = 0x3ee
+	TCP_BPF_SYN_MAC                            = 0x3ef
+	BPF_LOAD_HDR_OPT_TCP_SYN                   = 0x1
+	BPF_WRITE_HDR_TCP_CURRENT_MSS              = 0x1
+	BPF_WRITE_HDR_TCP_SYNACK_COOKIE            = 0x2
+	BPF_DEVCG_ACC_MKNOD                        = 0x1
+	BPF_DEVCG_ACC_READ                         = 0x2
+	BPF_DEVCG_ACC_WRITE                        = 0x4
+	BPF_DEVCG_DEV_BLOCK                        = 0x1
+	BPF_DEVCG_DEV_CHAR                         = 0x2
+	BPF_FIB_LOOKUP_DIRECT                      = 0x1
+	BPF_FIB_LOOKUP_OUTPUT                      = 0x2
+	BPF_FIB_LKUP_RET_SUCCESS                   = 0x0
+	BPF_FIB_LKUP_RET_BLACKHOLE                 = 0x1
+	BPF_FIB_LKUP_RET_UNREACHABLE               = 0x2
+	BPF_FIB_LKUP_RET_PROHIBIT                  = 0x3
+	BPF_FIB_LKUP_RET_NOT_FWDED                 = 0x4
+	BPF_FIB_LKUP_RET_FWD_DISABLED              = 0x5
+	BPF_FIB_LKUP_RET_UNSUPP_LWT                = 0x6
+	BPF_FIB_LKUP_RET_NO_NEIGH                  = 0x7
+	BPF_FIB_LKUP_RET_FRAG_NEEDED               = 0x8
+	BPF_FD_TYPE_RAW_TRACEPOINT                 = 0x0
+	BPF_FD_TYPE_TRACEPOINT                     = 0x1
+	BPF_FD_TYPE_KPROBE                         = 0x2
+	BPF_FD_TYPE_KRETPROBE                      = 0x3
+	BPF_FD_TYPE_UPROBE                         = 0x4
+	BPF_FD_TYPE_URETPROBE                      = 0x5
+	BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG        = 0x1
+	BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL    = 0x2
+	BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP         = 0x4
+)
+
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+	RTNLGRP_BRVLAN        = 0x21
+)
+
+type CapUserHeader struct {
+	Version uint32
+	Pid     int32
+}
+
+type CapUserData struct {
+	Effective   uint32
+	Permitted   uint32
+	Inheritable uint32
+}
+
+const (
+	LINUX_CAPABILITY_VERSION_1 = 0x19980330
+	LINUX_CAPABILITY_VERSION_2 = 0x20071026
+	LINUX_CAPABILITY_VERSION_3 = 0x20080522
+)
+
+const (
+	LO_FLAGS_READ_ONLY = 0x1
+	LO_FLAGS_AUTOCLEAR = 0x4
+	LO_FLAGS_PARTSCAN  = 0x8
+	LO_FLAGS_DIRECT_IO = 0x10
+)
+
+type LoopInfo64 struct {
+	Device           uint64
+	Inode            uint64
+	Rdevice          uint64
+	Offset           uint64
+	Sizelimit        uint64
+	Number           uint32
+	Encrypt_type     uint32
+	Encrypt_key_size uint32
+	Flags            uint32
+	File_name        [64]uint8
+	Crypt_name       [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+}
+
+type TIPCSocketAddr struct {
+	Ref  uint32
+	Node uint32
+}
+
+type TIPCServiceRange struct {
+	Type  uint32
+	Lower uint32
+	Upper uint32
+}
+
+type TIPCServiceName struct {
+	Type     uint32
+	Instance uint32
+	Domain   uint32
+}
+
+type TIPCEvent struct {
+	Event uint32
+	Lower uint32
+	Upper uint32
+	Port  TIPCSocketAddr
+	S     TIPCSubscr
+}
+
+type TIPCGroupReq struct {
+	Type     uint32
+	Instance uint32
+	Scope    uint32
+	Flags    uint32
+}
+
+const (
+	TIPC_CLUSTER_SCOPE = 0x2
+	TIPC_NODE_SCOPE    = 0x3
+)
+
+const (
+	SYSLOG_ACTION_CLOSE         = 0
+	SYSLOG_ACTION_OPEN          = 1
+	SYSLOG_ACTION_READ          = 2
+	SYSLOG_ACTION_READ_ALL      = 3
+	SYSLOG_ACTION_READ_CLEAR    = 4
+	SYSLOG_ACTION_CLEAR         = 5
+	SYSLOG_ACTION_CONSOLE_OFF   = 6
+	SYSLOG_ACTION_CONSOLE_ON    = 7
+	SYSLOG_ACTION_CONSOLE_LEVEL = 8
+	SYSLOG_ACTION_SIZE_UNREAD   = 9
+	SYSLOG_ACTION_SIZE_BUFFER   = 10
+)
+
+const (
+	DEVLINK_CMD_UNSPEC                                 = 0x0
+	DEVLINK_CMD_GET                                    = 0x1
+	DEVLINK_CMD_SET                                    = 0x2
+	DEVLINK_CMD_NEW                                    = 0x3
+	DEVLINK_CMD_DEL                                    = 0x4
+	DEVLINK_CMD_PORT_GET                               = 0x5
+	DEVLINK_CMD_PORT_SET                               = 0x6
+	DEVLINK_CMD_PORT_NEW                               = 0x7
+	DEVLINK_CMD_PORT_DEL                               = 0x8
+	DEVLINK_CMD_PORT_SPLIT                             = 0x9
+	DEVLINK_CMD_PORT_UNSPLIT                           = 0xa
+	DEVLINK_CMD_SB_GET                                 = 0xb
+	DEVLINK_CMD_SB_SET                                 = 0xc
+	DEVLINK_CMD_SB_NEW                                 = 0xd
+	DEVLINK_CMD_SB_DEL                                 = 0xe
+	DEVLINK_CMD_SB_POOL_GET                            = 0xf
+	DEVLINK_CMD_SB_POOL_SET                            = 0x10
+	DEVLINK_CMD_SB_POOL_NEW                            = 0x11
+	DEVLINK_CMD_SB_POOL_DEL                            = 0x12
+	DEVLINK_CMD_SB_PORT_POOL_GET                       = 0x13
+	DEVLINK_CMD_SB_PORT_POOL_SET                       = 0x14
+	DEVLINK_CMD_SB_PORT_POOL_NEW                       = 0x15
+	DEVLINK_CMD_SB_PORT_POOL_DEL                       = 0x16
+	DEVLINK_CMD_SB_TC_POOL_BIND_GET                    = 0x17
+	DEVLINK_CMD_SB_TC_POOL_BIND_SET                    = 0x18
+	DEVLINK_CMD_SB_TC_POOL_BIND_NEW                    = 0x19
+	DEVLINK_CMD_SB_TC_POOL_BIND_DEL                    = 0x1a
+	DEVLINK_CMD_SB_OCC_SNAPSHOT                        = 0x1b
+	DEVLINK_CMD_SB_OCC_MAX_CLEAR                       = 0x1c
+	DEVLINK_CMD_ESWITCH_GET                            = 0x1d
+	DEVLINK_CMD_ESWITCH_SET                            = 0x1e
+	DEVLINK_CMD_DPIPE_TABLE_GET                        = 0x1f
+	DEVLINK_CMD_DPIPE_ENTRIES_GET                      = 0x20
+	DEVLINK_CMD_DPIPE_HEADERS_GET                      = 0x21
+	DEVLINK_CMD_DPIPE_TABLE_COUNTERS_SET               = 0x22
+	DEVLINK_CMD_RESOURCE_SET                           = 0x23
+	DEVLINK_CMD_RESOURCE_DUMP                          = 0x24
+	DEVLINK_CMD_RELOAD                                 = 0x25
+	DEVLINK_CMD_PARAM_GET                              = 0x26
+	DEVLINK_CMD_PARAM_SET                              = 0x27
+	DEVLINK_CMD_PARAM_NEW                              = 0x28
+	DEVLINK_CMD_PARAM_DEL                              = 0x29
+	DEVLINK_CMD_REGION_GET                             = 0x2a
+	DEVLINK_CMD_REGION_SET                             = 0x2b
+	DEVLINK_CMD_REGION_NEW                             = 0x2c
+	DEVLINK_CMD_REGION_DEL                             = 0x2d
+	DEVLINK_CMD_REGION_READ                            = 0x2e
+	DEVLINK_CMD_PORT_PARAM_GET                         = 0x2f
+	DEVLINK_CMD_PORT_PARAM_SET                         = 0x30
+	DEVLINK_CMD_PORT_PARAM_NEW                         = 0x31
+	DEVLINK_CMD_PORT_PARAM_DEL                         = 0x32
+	DEVLINK_CMD_INFO_GET                               = 0x33
+	DEVLINK_CMD_HEALTH_REPORTER_GET                    = 0x34
+	DEVLINK_CMD_HEALTH_REPORTER_SET                    = 0x35
+	DEVLINK_CMD_HEALTH_REPORTER_RECOVER                = 0x36
+	DEVLINK_CMD_HEALTH_REPORTER_DIAGNOSE               = 0x37
+	DEVLINK_CMD_HEALTH_REPORTER_DUMP_GET               = 0x38
+	DEVLINK_CMD_HEALTH_REPORTER_DUMP_CLEAR             = 0x39
+	DEVLINK_CMD_FLASH_UPDATE                           = 0x3a
+	DEVLINK_CMD_FLASH_UPDATE_END                       = 0x3b
+	DEVLINK_CMD_FLASH_UPDATE_STATUS                    = 0x3c
+	DEVLINK_CMD_TRAP_GET                               = 0x3d
+	DEVLINK_CMD_TRAP_SET                               = 0x3e
+	DEVLINK_CMD_TRAP_NEW                               = 0x3f
+	DEVLINK_CMD_TRAP_DEL                               = 0x40
+	DEVLINK_CMD_TRAP_GROUP_GET                         = 0x41
+	DEVLINK_CMD_TRAP_GROUP_SET                         = 0x42
+	DEVLINK_CMD_TRAP_GROUP_NEW                         = 0x43
+	DEVLINK_CMD_TRAP_GROUP_DEL                         = 0x44
+	DEVLINK_CMD_TRAP_POLICER_GET                       = 0x45
+	DEVLINK_CMD_TRAP_POLICER_SET                       = 0x46
+	DEVLINK_CMD_TRAP_POLICER_NEW                       = 0x47
+	DEVLINK_CMD_TRAP_POLICER_DEL                       = 0x48
+	DEVLINK_CMD_HEALTH_REPORTER_TEST                   = 0x49
+	DEVLINK_CMD_MAX                                    = 0x4d
+	DEVLINK_PORT_TYPE_NOTSET                           = 0x0
+	DEVLINK_PORT_TYPE_AUTO                             = 0x1
+	DEVLINK_PORT_TYPE_ETH                              = 0x2
+	DEVLINK_PORT_TYPE_IB                               = 0x3
+	DEVLINK_SB_POOL_TYPE_INGRESS                       = 0x0
+	DEVLINK_SB_POOL_TYPE_EGRESS                        = 0x1
+	DEVLINK_SB_THRESHOLD_TYPE_STATIC                   = 0x0
+	DEVLINK_SB_THRESHOLD_TYPE_DYNAMIC                  = 0x1
+	DEVLINK_ESWITCH_MODE_LEGACY                        = 0x0
+	DEVLINK_ESWITCH_MODE_SWITCHDEV                     = 0x1
+	DEVLINK_ESWITCH_INLINE_MODE_NONE                   = 0x0
+	DEVLINK_ESWITCH_INLINE_MODE_LINK                   = 0x1
+	DEVLINK_ESWITCH_INLINE_MODE_NETWORK                = 0x2
+	DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT              = 0x3
+	DEVLINK_ESWITCH_ENCAP_MODE_NONE                    = 0x0
+	DEVLINK_ESWITCH_ENCAP_MODE_BASIC                   = 0x1
+	DEVLINK_PORT_FLAVOUR_PHYSICAL                      = 0x0
+	DEVLINK_PORT_FLAVOUR_CPU                           = 0x1
+	DEVLINK_PORT_FLAVOUR_DSA                           = 0x2
+	DEVLINK_PORT_FLAVOUR_PCI_PF                        = 0x3
+	DEVLINK_PORT_FLAVOUR_PCI_VF                        = 0x4
+	DEVLINK_PORT_FLAVOUR_VIRTUAL                       = 0x5
+	DEVLINK_PORT_FLAVOUR_UNUSED                        = 0x6
+	DEVLINK_PARAM_CMODE_RUNTIME                        = 0x0
+	DEVLINK_PARAM_CMODE_DRIVERINIT                     = 0x1
+	DEVLINK_PARAM_CMODE_PERMANENT                      = 0x2
+	DEVLINK_PARAM_CMODE_MAX                            = 0x2
+	DEVLINK_PARAM_FW_LOAD_POLICY_VALUE_DRIVER          = 0x0
+	DEVLINK_PARAM_FW_LOAD_POLICY_VALUE_FLASH           = 0x1
+	DEVLINK_PARAM_FW_LOAD_POLICY_VALUE_DISK            = 0x2
+	DEVLINK_PARAM_FW_LOAD_POLICY_VALUE_UNKNOWN         = 0x3
+	DEVLINK_PARAM_RESET_DEV_ON_DRV_PROBE_VALUE_UNKNOWN = 0x0
+	DEVLINK_PARAM_RESET_DEV_ON_DRV_PROBE_VALUE_ALWAYS  = 0x1
+	DEVLINK_PARAM_RESET_DEV_ON_DRV_PROBE_VALUE_NEVER   = 0x2
+	DEVLINK_PARAM_RESET_DEV_ON_DRV_PROBE_VALUE_DISK    = 0x3
+	DEVLINK_ATTR_STATS_RX_PACKETS                      = 0x0
+	DEVLINK_ATTR_STATS_RX_BYTES                        = 0x1
+	DEVLINK_ATTR_STATS_RX_DROPPED                      = 0x2
+	DEVLINK_ATTR_STATS_MAX                             = 0x2
+	DEVLINK_FLASH_OVERWRITE_SETTINGS_BIT               = 0x0
+	DEVLINK_FLASH_OVERWRITE_IDENTIFIERS_BIT            = 0x1
+	DEVLINK_FLASH_OVERWRITE_MAX_BIT                    = 0x1
+	DEVLINK_TRAP_ACTION_DROP                           = 0x0
+	DEVLINK_TRAP_ACTION_TRAP                           = 0x1
+	DEVLINK_TRAP_ACTION_MIRROR                         = 0x2
+	DEVLINK_TRAP_TYPE_DROP                             = 0x0
+	DEVLINK_TRAP_TYPE_EXCEPTION                        = 0x1
+	DEVLINK_TRAP_TYPE_CONTROL                          = 0x2
+	DEVLINK_ATTR_TRAP_METADATA_TYPE_IN_PORT            = 0x0
+	DEVLINK_ATTR_TRAP_METADATA_TYPE_FA_COOKIE          = 0x1
+	DEVLINK_RELOAD_ACTION_UNSPEC                       = 0x0
+	DEVLINK_RELOAD_ACTION_DRIVER_REINIT                = 0x1
+	DEVLINK_RELOAD_ACTION_FW_ACTIVATE                  = 0x2
+	DEVLINK_RELOAD_ACTION_MAX                          = 0x2
+	DEVLINK_RELOAD_LIMIT_UNSPEC                        = 0x0
+	DEVLINK_RELOAD_LIMIT_NO_RESET                      = 0x1
+	DEVLINK_RELOAD_LIMIT_MAX                           = 0x1
+	DEVLINK_ATTR_UNSPEC                                = 0x0
+	DEVLINK_ATTR_BUS_NAME                              = 0x1
+	DEVLINK_ATTR_DEV_NAME                              = 0x2
+	DEVLINK_ATTR_PORT_INDEX                            = 0x3
+	DEVLINK_ATTR_PORT_TYPE                             = 0x4
+	DEVLINK_ATTR_PORT_DESIRED_TYPE                     = 0x5
+	DEVLINK_ATTR_PORT_NETDEV_IFINDEX                   = 0x6
+	DEVLINK_ATTR_PORT_NETDEV_NAME                      = 0x7
+	DEVLINK_ATTR_PORT_IBDEV_NAME                       = 0x8
+	DEVLINK_ATTR_PORT_SPLIT_COUNT                      = 0x9
+	DEVLINK_ATTR_PORT_SPLIT_GROUP                      = 0xa
+	DEVLINK_ATTR_SB_INDEX                              = 0xb
+	DEVLINK_ATTR_SB_SIZE                               = 0xc
+	DEVLINK_ATTR_SB_INGRESS_POOL_COUNT                 = 0xd
+	DEVLINK_ATTR_SB_EGRESS_POOL_COUNT                  = 0xe
+	DEVLINK_ATTR_SB_INGRESS_TC_COUNT                   = 0xf
+	DEVLINK_ATTR_SB_EGRESS_TC_COUNT                    = 0x10
+	DEVLINK_ATTR_SB_POOL_INDEX                         = 0x11
+	DEVLINK_ATTR_SB_POOL_TYPE                          = 0x12
+	DEVLINK_ATTR_SB_POOL_SIZE                          = 0x13
+	DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE                = 0x14
+	DEVLINK_ATTR_SB_THRESHOLD                          = 0x15
+	DEVLINK_ATTR_SB_TC_INDEX                           = 0x16
+	DEVLINK_ATTR_SB_OCC_CUR                            = 0x17
+	DEVLINK_ATTR_SB_OCC_MAX                            = 0x18
+	DEVLINK_ATTR_ESWITCH_MODE                          = 0x19
+	DEVLINK_ATTR_ESWITCH_INLINE_MODE                   = 0x1a
+	DEVLINK_ATTR_DPIPE_TABLES                          = 0x1b
+	DEVLINK_ATTR_DPIPE_TABLE                           = 0x1c
+	DEVLINK_ATTR_DPIPE_TABLE_NAME                      = 0x1d
+	DEVLINK_ATTR_DPIPE_TABLE_SIZE                      = 0x1e
+	DEVLINK_ATTR_DPIPE_TABLE_MATCHES                   = 0x1f
+	DEVLINK_ATTR_DPIPE_TABLE_ACTIONS                   = 0x20
+	DEVLINK_ATTR_DPIPE_TABLE_COUNTERS_ENABLED          = 0x21
+	DEVLINK_ATTR_DPIPE_ENTRIES                         = 0x22
+	DEVLINK_ATTR_DPIPE_ENTRY                           = 0x23
+	DEVLINK_ATTR_DPIPE_ENTRY_INDEX                     = 0x24
+	DEVLINK_ATTR_DPIPE_ENTRY_MATCH_VALUES              = 0x25
+	DEVLINK_ATTR_DPIPE_ENTRY_ACTION_VALUES             = 0x26
+	DEVLINK_ATTR_DPIPE_ENTRY_COUNTER                   = 0x27
+	DEVLINK_ATTR_DPIPE_MATCH                           = 0x28
+	DEVLINK_ATTR_DPIPE_MATCH_VALUE                     = 0x29
+	DEVLINK_ATTR_DPIPE_MATCH_TYPE                      = 0x2a
+	DEVLINK_ATTR_DPIPE_ACTION                          = 0x2b
+	DEVLINK_ATTR_DPIPE_ACTION_VALUE                    = 0x2c
+	DEVLINK_ATTR_DPIPE_ACTION_TYPE                     = 0x2d
+	DEVLINK_ATTR_DPIPE_VALUE                           = 0x2e
+	DEVLINK_ATTR_DPIPE_VALUE_MASK                      = 0x2f
+	DEVLINK_ATTR_DPIPE_VALUE_MAPPING                   = 0x30
+	DEVLINK_ATTR_DPIPE_HEADERS                         = 0x31
+	DEVLINK_ATTR_DPIPE_HEADER                          = 0x32
+	DEVLINK_ATTR_DPIPE_HEADER_NAME                     = 0x33
+	DEVLINK_ATTR_DPIPE_HEADER_ID                       = 0x34
+	DEVLINK_ATTR_DPIPE_HEADER_FIELDS                   = 0x35
+	DEVLINK_ATTR_DPIPE_HEADER_GLOBAL                   = 0x36
+	DEVLINK_ATTR_DPIPE_HEADER_INDEX                    = 0x37
+	DEVLINK_ATTR_DPIPE_FIELD                           = 0x38
+	DEVLINK_ATTR_DPIPE_FIELD_NAME                      = 0x39
+	DEVLINK_ATTR_DPIPE_FIELD_ID                        = 0x3a
+	DEVLINK_ATTR_DPIPE_FIELD_BITWIDTH                  = 0x3b
+	DEVLINK_ATTR_DPIPE_FIELD_MAPPING_TYPE              = 0x3c
+	DEVLINK_ATTR_PAD                                   = 0x3d
+	DEVLINK_ATTR_ESWITCH_ENCAP_MODE                    = 0x3e
+	DEVLINK_ATTR_RESOURCE_LIST                         = 0x3f
+	DEVLINK_ATTR_RESOURCE                              = 0x40
+	DEVLINK_ATTR_RESOURCE_NAME                         = 0x41
+	DEVLINK_ATTR_RESOURCE_ID                           = 0x42
+	DEVLINK_ATTR_RESOURCE_SIZE                         = 0x43
+	DEVLINK_ATTR_RESOURCE_SIZE_NEW                     = 0x44
+	DEVLINK_ATTR_RESOURCE_SIZE_VALID                   = 0x45
+	DEVLINK_ATTR_RESOURCE_SIZE_MIN                     = 0x46
+	DEVLINK_ATTR_RESOURCE_SIZE_MAX                     = 0x47
+	DEVLINK_ATTR_RESOURCE_SIZE_GRAN                    = 0x48
+	DEVLINK_ATTR_RESOURCE_UNIT                         = 0x49
+	DEVLINK_ATTR_RESOURCE_OCC                          = 0x4a
+	DEVLINK_ATTR_DPIPE_TABLE_RESOURCE_ID               = 0x4b
+	DEVLINK_ATTR_DPIPE_TABLE_RESOURCE_UNITS            = 0x4c
+	DEVLINK_ATTR_PORT_FLAVOUR                          = 0x4d
+	DEVLINK_ATTR_PORT_NUMBER                           = 0x4e
+	DEVLINK_ATTR_PORT_SPLIT_SUBPORT_NUMBER             = 0x4f
+	DEVLINK_ATTR_PARAM                                 = 0x50
+	DEVLINK_ATTR_PARAM_NAME                            = 0x51
+	DEVLINK_ATTR_PARAM_GENERIC                         = 0x52
+	DEVLINK_ATTR_PARAM_TYPE                            = 0x53
+	DEVLINK_ATTR_PARAM_VALUES_LIST                     = 0x54
+	DEVLINK_ATTR_PARAM_VALUE                           = 0x55
+	DEVLINK_ATTR_PARAM_VALUE_DATA                      = 0x56
+	DEVLINK_ATTR_PARAM_VALUE_CMODE                     = 0x57
+	DEVLINK_ATTR_REGION_NAME                           = 0x58
+	DEVLINK_ATTR_REGION_SIZE                           = 0x59
+	DEVLINK_ATTR_REGION_SNAPSHOTS                      = 0x5a
+	DEVLINK_ATTR_REGION_SNAPSHOT                       = 0x5b
+	DEVLINK_ATTR_REGION_SNAPSHOT_ID                    = 0x5c
+	DEVLINK_ATTR_REGION_CHUNKS                         = 0x5d
+	DEVLINK_ATTR_REGION_CHUNK                          = 0x5e
+	DEVLINK_ATTR_REGION_CHUNK_DATA                     = 0x5f
+	DEVLINK_ATTR_REGION_CHUNK_ADDR                     = 0x60
+	DEVLINK_ATTR_REGION_CHUNK_LEN                      = 0x61
+	DEVLINK_ATTR_INFO_DRIVER_NAME                      = 0x62
+	DEVLINK_ATTR_INFO_SERIAL_NUMBER                    = 0x63
+	DEVLINK_ATTR_INFO_VERSION_FIXED                    = 0x64
+	DEVLINK_ATTR_INFO_VERSION_RUNNING                  = 0x65
+	DEVLINK_ATTR_INFO_VERSION_STORED                   = 0x66
+	DEVLINK_ATTR_INFO_VERSION_NAME                     = 0x67
+	DEVLINK_ATTR_INFO_VERSION_VALUE                    = 0x68
+	DEVLINK_ATTR_SB_POOL_CELL_SIZE                     = 0x69
+	DEVLINK_ATTR_FMSG                                  = 0x6a
+	DEVLINK_ATTR_FMSG_OBJ_NEST_START                   = 0x6b
+	DEVLINK_ATTR_FMSG_PAIR_NEST_START                  = 0x6c
+	DEVLINK_ATTR_FMSG_ARR_NEST_START                   = 0x6d
+	DEVLINK_ATTR_FMSG_NEST_END                         = 0x6e
+	DEVLINK_ATTR_FMSG_OBJ_NAME                         = 0x6f
+	DEVLINK_ATTR_FMSG_OBJ_VALUE_TYPE                   = 0x70
+	DEVLINK_ATTR_FMSG_OBJ_VALUE_DATA                   = 0x71
+	DEVLINK_ATTR_HEALTH_REPORTER                       = 0x72
+	DEVLINK_ATTR_HEALTH_REPORTER_NAME                  = 0x73
+	DEVLINK_ATTR_HEALTH_REPORTER_STATE                 = 0x74
+	DEVLINK_ATTR_HEALTH_REPORTER_ERR_COUNT             = 0x75
+	DEVLINK_ATTR_HEALTH_REPORTER_RECOVER_COUNT         = 0x76
+	DEVLINK_ATTR_HEALTH_REPORTER_DUMP_TS               = 0x77
+	DEVLINK_ATTR_HEALTH_REPORTER_GRACEFUL_PERIOD       = 0x78
+	DEVLINK_ATTR_HEALTH_REPORTER_AUTO_RECOVER          = 0x79
+	DEVLINK_ATTR_FLASH_UPDATE_FILE_NAME                = 0x7a
+	DEVLINK_ATTR_FLASH_UPDATE_COMPONENT                = 0x7b
+	DEVLINK_ATTR_FLASH_UPDATE_STATUS_MSG               = 0x7c
+	DEVLINK_ATTR_FLASH_UPDATE_STATUS_DONE              = 0x7d
+	DEVLINK_ATTR_FLASH_UPDATE_STATUS_TOTAL             = 0x7e
+	DEVLINK_ATTR_PORT_PCI_PF_NUMBER                    = 0x7f
+	DEVLINK_ATTR_PORT_PCI_VF_NUMBER                    = 0x80
+	DEVLINK_ATTR_STATS                                 = 0x81
+	DEVLINK_ATTR_TRAP_NAME                             = 0x82
+	DEVLINK_ATTR_TRAP_ACTION                           = 0x83
+	DEVLINK_ATTR_TRAP_TYPE                             = 0x84
+	DEVLINK_ATTR_TRAP_GENERIC                          = 0x85
+	DEVLINK_ATTR_TRAP_METADATA                         = 0x86
+	DEVLINK_ATTR_TRAP_GROUP_NAME                       = 0x87
+	DEVLINK_ATTR_RELOAD_FAILED                         = 0x88
+	DEVLINK_ATTR_HEALTH_REPORTER_DUMP_TS_NS            = 0x89
+	DEVLINK_ATTR_NETNS_FD                              = 0x8a
+	DEVLINK_ATTR_NETNS_PID                             = 0x8b
+	DEVLINK_ATTR_NETNS_ID                              = 0x8c
+	DEVLINK_ATTR_HEALTH_REPORTER_AUTO_DUMP             = 0x8d
+	DEVLINK_ATTR_TRAP_POLICER_ID                       = 0x8e
+	DEVLINK_ATTR_TRAP_POLICER_RATE                     = 0x8f
+	DEVLINK_ATTR_TRAP_POLICER_BURST                    = 0x90
+	DEVLINK_ATTR_PORT_FUNCTION                         = 0x91
+	DEVLINK_ATTR_INFO_BOARD_SERIAL_NUMBER              = 0x92
+	DEVLINK_ATTR_PORT_LANES                            = 0x93
+	DEVLINK_ATTR_PORT_SPLITTABLE                       = 0x94
+	DEVLINK_ATTR_PORT_EXTERNAL                         = 0x95
+	DEVLINK_ATTR_PORT_CONTROLLER_NUMBER                = 0x96
+	DEVLINK_ATTR_FLASH_UPDATE_STATUS_TIMEOUT           = 0x97
+	DEVLINK_ATTR_FLASH_UPDATE_OVERWRITE_MASK           = 0x98
+	DEVLINK_ATTR_RELOAD_ACTION                         = 0x99
+	DEVLINK_ATTR_RELOAD_ACTIONS_PERFORMED              = 0x9a
+	DEVLINK_ATTR_RELOAD_LIMITS                         = 0x9b
+	DEVLINK_ATTR_DEV_STATS                             = 0x9c
+	DEVLINK_ATTR_RELOAD_STATS                          = 0x9d
+	DEVLINK_ATTR_RELOAD_STATS_ENTRY                    = 0x9e
+	DEVLINK_ATTR_RELOAD_STATS_LIMIT                    = 0x9f
+	DEVLINK_ATTR_RELOAD_STATS_VALUE                    = 0xa0
+	DEVLINK_ATTR_REMOTE_RELOAD_STATS                   = 0xa1
+	DEVLINK_ATTR_RELOAD_ACTION_INFO                    = 0xa2
+	DEVLINK_ATTR_RELOAD_ACTION_STATS                   = 0xa3
+	DEVLINK_ATTR_PORT_PCI_SF_NUMBER                    = 0xa4
+	DEVLINK_ATTR_MAX                                   = 0xa9
+	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE              = 0x0
+	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX           = 0x1
+	DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT               = 0x0
+	DEVLINK_DPIPE_ACTION_TYPE_FIELD_MODIFY             = 0x0
+	DEVLINK_DPIPE_FIELD_ETHERNET_DST_MAC               = 0x0
+	DEVLINK_DPIPE_FIELD_IPV4_DST_IP                    = 0x0
+	DEVLINK_DPIPE_FIELD_IPV6_DST_IP                    = 0x0
+	DEVLINK_DPIPE_HEADER_ETHERNET                      = 0x0
+	DEVLINK_DPIPE_HEADER_IPV4                          = 0x1
+	DEVLINK_DPIPE_HEADER_IPV6                          = 0x2
+	DEVLINK_RESOURCE_UNIT_ENTRY                        = 0x0
+	DEVLINK_PORT_FUNCTION_ATTR_UNSPEC                  = 0x0
+	DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR                 = 0x1
+	DEVLINK_PORT_FN_ATTR_STATE                         = 0x2
+	DEVLINK_PORT_FN_ATTR_OPSTATE                       = 0x3
+	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x3
+)
+
+type FsverityDigest struct {
+	Algorithm uint16
+	Size      uint16
+}
+
+type FsverityEnableArg struct {
+	Version        uint32
+	Hash_algorithm uint32
+	Block_size     uint32
+	Salt_size      uint32
+	Salt_ptr       uint64
+	Sig_size       uint32
+	_              uint32
+	Sig_ptr        uint64
+	_              [11]uint64
+}
+
+type Nhmsg struct {
+	Family   uint8
+	Scope    uint8
+	Protocol uint8
+	Resvd    uint8
+	Flags    uint32
+}
+
+type NexthopGrp struct {
+	Id     uint32
+	Weight uint8
+	Resvd1 uint8
+	Resvd2 uint16
+}
+
+const (
+	NHA_UNSPEC     = 0x0
+	NHA_ID         = 0x1
+	NHA_GROUP      = 0x2
+	NHA_GROUP_TYPE = 0x3
+	NHA_BLACKHOLE  = 0x4
+	NHA_OIF        = 0x5
+	NHA_GATEWAY    = 0x6
+	NHA_ENCAP_TYPE = 0x7
+	NHA_ENCAP      = 0x8
+	NHA_GROUPS     = 0x9
+	NHA_MASTER     = 0xa
+)
+
+const (
+	CAN_RAW_FILTER        = 0x1
+	CAN_RAW_ERR_FILTER    = 0x2
+	CAN_RAW_LOOPBACK      = 0x3
+	CAN_RAW_RECV_OWN_MSGS = 0x4
+	CAN_RAW_FD_FRAMES     = 0x5
+	CAN_RAW_JOIN_FILTERS  = 0x6
+)
+
+type WatchdogInfo struct {
+	Options  uint32
+	Version  uint32
+	Identity [32]uint8
+}
+
+type PPSFData struct {
+	Info    PPSKInfo
+	Timeout PPSKTime
+}
+
+type PPSKParams struct {
+	Api_version   int32
+	Mode          int32
+	Assert_off_tu PPSKTime
+	Clear_off_tu  PPSKTime
+}
+
+type PPSKTime struct {
+	Sec   int64
+	Nsec  int32
+	Flags uint32
+}
+
+const (
+	LWTUNNEL_ENCAP_NONE       = 0x0
+	LWTUNNEL_ENCAP_MPLS       = 0x1
+	LWTUNNEL_ENCAP_IP         = 0x2
+	LWTUNNEL_ENCAP_ILA        = 0x3
+	LWTUNNEL_ENCAP_IP6        = 0x4
+	LWTUNNEL_ENCAP_SEG6       = 0x5
+	LWTUNNEL_ENCAP_BPF        = 0x6
+	LWTUNNEL_ENCAP_SEG6_LOCAL = 0x7
+	LWTUNNEL_ENCAP_RPL        = 0x8
+	LWTUNNEL_ENCAP_MAX        = 0x8
+
+	MPLS_IPTUNNEL_UNSPEC = 0x0
+	MPLS_IPTUNNEL_DST    = 0x1
+	MPLS_IPTUNNEL_TTL    = 0x2
+	MPLS_IPTUNNEL_MAX    = 0x2
+)
+
+const (
+	ETHTOOL_ID_UNSPEC                                                       = 0x0
+	ETHTOOL_RX_COPYBREAK                                                    = 0x1
+	ETHTOOL_TX_COPYBREAK                                                    = 0x2
+	ETHTOOL_PFC_PREVENTION_TOUT                                             = 0x3
+	ETHTOOL_TUNABLE_UNSPEC                                                  = 0x0
+	ETHTOOL_TUNABLE_U8                                                      = 0x1
+	ETHTOOL_TUNABLE_U16                                                     = 0x2
+	ETHTOOL_TUNABLE_U32                                                     = 0x3
+	ETHTOOL_TUNABLE_U64                                                     = 0x4
+	ETHTOOL_TUNABLE_STRING                                                  = 0x5
+	ETHTOOL_TUNABLE_S8                                                      = 0x6
+	ETHTOOL_TUNABLE_S16                                                     = 0x7
+	ETHTOOL_TUNABLE_S32                                                     = 0x8
+	ETHTOOL_TUNABLE_S64                                                     = 0x9
+	ETHTOOL_PHY_ID_UNSPEC                                                   = 0x0
+	ETHTOOL_PHY_DOWNSHIFT                                                   = 0x1
+	ETHTOOL_PHY_FAST_LINK_DOWN                                              = 0x2
+	ETHTOOL_PHY_EDPD                                                        = 0x3
+	ETHTOOL_LINK_EXT_STATE_AUTONEG                                          = 0x0
+	ETHTOOL_LINK_EXT_STATE_LINK_TRAINING_FAILURE                            = 0x1
+	ETHTOOL_LINK_EXT_STATE_LINK_LOGICAL_MISMATCH                            = 0x2
+	ETHTOOL_LINK_EXT_STATE_BAD_SIGNAL_INTEGRITY                             = 0x3
+	ETHTOOL_LINK_EXT_STATE_NO_CABLE                                         = 0x4
+	ETHTOOL_LINK_EXT_STATE_CABLE_ISSUE                                      = 0x5
+	ETHTOOL_LINK_EXT_STATE_EEPROM_ISSUE                                     = 0x6
+	ETHTOOL_LINK_EXT_STATE_CALIBRATION_FAILURE                              = 0x7
+	ETHTOOL_LINK_EXT_STATE_POWER_BUDGET_EXCEEDED                            = 0x8
+	ETHTOOL_LINK_EXT_STATE_OVERHEAT                                         = 0x9
+	ETHTOOL_LINK_EXT_SUBSTATE_AN_NO_PARTNER_DETECTED                        = 0x1
+	ETHTOOL_LINK_EXT_SUBSTATE_AN_ACK_NOT_RECEIVED                           = 0x2
+	ETHTOOL_LINK_EXT_SUBSTATE_AN_NEXT_PAGE_EXCHANGE_FAILED                  = 0x3
+	ETHTOOL_LINK_EXT_SUBSTATE_AN_NO_PARTNER_DETECTED_FORCE_MODE             = 0x4
+	ETHTOOL_LINK_EXT_SUBSTATE_AN_FEC_MISMATCH_DURING_OVERRIDE               = 0x5
+	ETHTOOL_LINK_EXT_SUBSTATE_AN_NO_HCD                                     = 0x6
+	ETHTOOL_LINK_EXT_SUBSTATE_LT_KR_FRAME_LOCK_NOT_ACQUIRED                 = 0x1
+	ETHTOOL_LINK_EXT_SUBSTATE_LT_KR_LINK_INHIBIT_TIMEOUT                    = 0x2
+	ETHTOOL_LINK_EXT_SUBSTATE_LT_KR_LINK_PARTNER_DID_NOT_SET_RECEIVER_READY = 0x3
+	ETHTOOL_LINK_EXT_SUBSTATE_LT_REMOTE_FAULT                               = 0x4
+	ETHTOOL_LINK_EXT_SUBSTATE_LLM_PCS_DID_NOT_ACQUIRE_BLOCK_LOCK            = 0x1
+	ETHTOOL_LINK_EXT_SUBSTATE_LLM_PCS_DID_NOT_ACQUIRE_AM_LOCK               = 0x2
+	ETHTOOL_LINK_EXT_SUBSTATE_LLM_PCS_DID_NOT_GET_ALIGN_STATUS              = 0x3
+	ETHTOOL_LINK_EXT_SUBSTATE_LLM_FC_FEC_IS_NOT_LOCKED                      = 0x4
+	ETHTOOL_LINK_EXT_SUBSTATE_LLM_RS_FEC_IS_NOT_LOCKED                      = 0x5
+	ETHTOOL_LINK_EXT_SUBSTATE_BSI_LARGE_NUMBER_OF_PHYSICAL_ERRORS           = 0x1
+	ETHTOOL_LINK_EXT_SUBSTATE_BSI_UNSUPPORTED_RATE                          = 0x2
+	ETHTOOL_LINK_EXT_SUBSTATE_CI_UNSUPPORTED_CABLE                          = 0x1
+	ETHTOOL_LINK_EXT_SUBSTATE_CI_CABLE_TEST_FAILURE                         = 0x2
+	ETHTOOL_FLASH_ALL_REGIONS                                               = 0x0
+	ETHTOOL_F_UNSUPPORTED__BIT                                              = 0x0
+	ETHTOOL_F_WISH__BIT                                                     = 0x1
+	ETHTOOL_F_COMPAT__BIT                                                   = 0x2
+	ETHTOOL_FEC_NONE_BIT                                                    = 0x0
+	ETHTOOL_FEC_AUTO_BIT                                                    = 0x1
+	ETHTOOL_FEC_OFF_BIT                                                     = 0x2
+	ETHTOOL_FEC_RS_BIT                                                      = 0x3
+	ETHTOOL_FEC_BASER_BIT                                                   = 0x4
+	ETHTOOL_FEC_LLRS_BIT                                                    = 0x5
+	ETHTOOL_LINK_MODE_10baseT_Half_BIT                                      = 0x0
+	ETHTOOL_LINK_MODE_10baseT_Full_BIT                                      = 0x1
+	ETHTOOL_LINK_MODE_100baseT_Half_BIT                                     = 0x2
+	ETHTOOL_LINK_MODE_100baseT_Full_BIT                                     = 0x3
+	ETHTOOL_LINK_MODE_1000baseT_Half_BIT                                    = 0x4
+	ETHTOOL_LINK_MODE_1000baseT_Full_BIT                                    = 0x5
+	ETHTOOL_LINK_MODE_Autoneg_BIT                                           = 0x6
+	ETHTOOL_LINK_MODE_TP_BIT                                                = 0x7
+	ETHTOOL_LINK_MODE_AUI_BIT                                               = 0x8
+	ETHTOOL_LINK_MODE_MII_BIT                                               = 0x9
+	ETHTOOL_LINK_MODE_FIBRE_BIT                                             = 0xa
+	ETHTOOL_LINK_MODE_BNC_BIT                                               = 0xb
+	ETHTOOL_LINK_MODE_10000baseT_Full_BIT                                   = 0xc
+	ETHTOOL_LINK_MODE_Pause_BIT                                             = 0xd
+	ETHTOOL_LINK_MODE_Asym_Pause_BIT                                        = 0xe
+	ETHTOOL_LINK_MODE_2500baseX_Full_BIT                                    = 0xf
+	ETHTOOL_LINK_MODE_Backplane_BIT                                         = 0x10
+	ETHTOOL_LINK_MODE_1000baseKX_Full_BIT                                   = 0x11
+	ETHTOOL_LINK_MODE_10000baseKX4_Full_BIT                                 = 0x12
+	ETHTOOL_LINK_MODE_10000baseKR_Full_BIT                                  = 0x13
+	ETHTOOL_LINK_MODE_10000baseR_FEC_BIT                                    = 0x14
+	ETHTOOL_LINK_MODE_20000baseMLD2_Full_BIT                                = 0x15
+	ETHTOOL_LINK_MODE_20000baseKR2_Full_BIT                                 = 0x16
+	ETHTOOL_LINK_MODE_40000baseKR4_Full_BIT                                 = 0x17
+	ETHTOOL_LINK_MODE_40000baseCR4_Full_BIT                                 = 0x18
+	ETHTOOL_LINK_MODE_40000baseSR4_Full_BIT                                 = 0x19
+	ETHTOOL_LINK_MODE_40000baseLR4_Full_BIT                                 = 0x1a
+	ETHTOOL_LINK_MODE_56000baseKR4_Full_BIT                                 = 0x1b
+	ETHTOOL_LINK_MODE_56000baseCR4_Full_BIT                                 = 0x1c
+	ETHTOOL_LINK_MODE_56000baseSR4_Full_BIT                                 = 0x1d
+	ETHTOOL_LINK_MODE_56000baseLR4_Full_BIT                                 = 0x1e
+	ETHTOOL_LINK_MODE_25000baseCR_Full_BIT                                  = 0x1f
+	ETHTOOL_LINK_MODE_25000baseKR_Full_BIT                                  = 0x20
+	ETHTOOL_LINK_MODE_25000baseSR_Full_BIT                                  = 0x21
+	ETHTOOL_LINK_MODE_50000baseCR2_Full_BIT                                 = 0x22
+	ETHTOOL_LINK_MODE_50000baseKR2_Full_BIT                                 = 0x23
+	ETHTOOL_LINK_MODE_100000baseKR4_Full_BIT                                = 0x24
+	ETHTOOL_LINK_MODE_100000baseSR4_Full_BIT                                = 0x25
+	ETHTOOL_LINK_MODE_100000baseCR4_Full_BIT                                = 0x26
+	ETHTOOL_LINK_MODE_100000baseLR4_ER4_Full_BIT                            = 0x27
+	ETHTOOL_LINK_MODE_50000baseSR2_Full_BIT                                 = 0x28
+	ETHTOOL_LINK_MODE_1000baseX_Full_BIT                                    = 0x29
+	ETHTOOL_LINK_MODE_10000baseCR_Full_BIT                                  = 0x2a
+	ETHTOOL_LINK_MODE_10000baseSR_Full_BIT                                  = 0x2b
+	ETHTOOL_LINK_MODE_10000baseLR_Full_BIT                                  = 0x2c
+	ETHTOOL_LINK_MODE_10000baseLRM_Full_BIT                                 = 0x2d
+	ETHTOOL_LINK_MODE_10000baseER_Full_BIT                                  = 0x2e
+	ETHTOOL_LINK_MODE_2500baseT_Full_BIT                                    = 0x2f
+	ETHTOOL_LINK_MODE_5000baseT_Full_BIT                                    = 0x30
+	ETHTOOL_LINK_MODE_FEC_NONE_BIT                                          = 0x31
+	ETHTOOL_LINK_MODE_FEC_RS_BIT                                            = 0x32
+	ETHTOOL_LINK_MODE_FEC_BASER_BIT                                         = 0x33
+	ETHTOOL_LINK_MODE_50000baseKR_Full_BIT                                  = 0x34
+	ETHTOOL_LINK_MODE_50000baseSR_Full_BIT                                  = 0x35
+	ETHTOOL_LINK_MODE_50000baseCR_Full_BIT                                  = 0x36
+	ETHTOOL_LINK_MODE_50000baseLR_ER_FR_Full_BIT                            = 0x37
+	ETHTOOL_LINK_MODE_50000baseDR_Full_BIT                                  = 0x38
+	ETHTOOL_LINK_MODE_100000baseKR2_Full_BIT                                = 0x39
+	ETHTOOL_LINK_MODE_100000baseSR2_Full_BIT                                = 0x3a
+	ETHTOOL_LINK_MODE_100000baseCR2_Full_BIT                                = 0x3b
+	ETHTOOL_LINK_MODE_100000baseLR2_ER2_FR2_Full_BIT                        = 0x3c
+	ETHTOOL_LINK_MODE_100000baseDR2_Full_BIT                                = 0x3d
+	ETHTOOL_LINK_MODE_200000baseKR4_Full_BIT                                = 0x3e
+	ETHTOOL_LINK_MODE_200000baseSR4_Full_BIT                                = 0x3f
+	ETHTOOL_LINK_MODE_200000baseLR4_ER4_FR4_Full_BIT                        = 0x40
+	ETHTOOL_LINK_MODE_200000baseDR4_Full_BIT                                = 0x41
+	ETHTOOL_LINK_MODE_200000baseCR4_Full_BIT                                = 0x42
+	ETHTOOL_LINK_MODE_100baseT1_Full_BIT                                    = 0x43
+	ETHTOOL_LINK_MODE_1000baseT1_Full_BIT                                   = 0x44
+	ETHTOOL_LINK_MODE_400000baseKR8_Full_BIT                                = 0x45
+	ETHTOOL_LINK_MODE_400000baseSR8_Full_BIT                                = 0x46
+	ETHTOOL_LINK_MODE_400000baseLR8_ER8_FR8_Full_BIT                        = 0x47
+	ETHTOOL_LINK_MODE_400000baseDR8_Full_BIT                                = 0x48
+	ETHTOOL_LINK_MODE_400000baseCR8_Full_BIT                                = 0x49
+	ETHTOOL_LINK_MODE_FEC_LLRS_BIT                                          = 0x4a
+	ETHTOOL_LINK_MODE_100000baseKR_Full_BIT                                 = 0x4b
+	ETHTOOL_LINK_MODE_100000baseSR_Full_BIT                                 = 0x4c
+	ETHTOOL_LINK_MODE_100000baseLR_ER_FR_Full_BIT                           = 0x4d
+	ETHTOOL_LINK_MODE_100000baseCR_Full_BIT                                 = 0x4e
+	ETHTOOL_LINK_MODE_100000baseDR_Full_BIT                                 = 0x4f
+	ETHTOOL_LINK_MODE_200000baseKR2_Full_BIT                                = 0x50
+	ETHTOOL_LINK_MODE_200000baseSR2_Full_BIT                                = 0x51
+	ETHTOOL_LINK_MODE_200000baseLR2_ER2_FR2_Full_BIT                        = 0x52
+	ETHTOOL_LINK_MODE_200000baseDR2_Full_BIT                                = 0x53
+	ETHTOOL_LINK_MODE_200000baseCR2_Full_BIT                                = 0x54
+	ETHTOOL_LINK_MODE_400000baseKR4_Full_BIT                                = 0x55
+	ETHTOOL_LINK_MODE_400000baseSR4_Full_BIT                                = 0x56
+	ETHTOOL_LINK_MODE_400000baseLR4_ER4_FR4_Full_BIT                        = 0x57
+	ETHTOOL_LINK_MODE_400000baseDR4_Full_BIT                                = 0x58
+	ETHTOOL_LINK_MODE_400000baseCR4_Full_BIT                                = 0x59
+	ETHTOOL_LINK_MODE_100baseFX_Half_BIT                                    = 0x5a
+	ETHTOOL_LINK_MODE_100baseFX_Full_BIT                                    = 0x5b
+
+	ETHTOOL_MSG_USER_NONE                     = 0x0
+	ETHTOOL_MSG_STRSET_GET                    = 0x1
+	ETHTOOL_MSG_LINKINFO_GET                  = 0x2
+	ETHTOOL_MSG_LINKINFO_SET                  = 0x3
+	ETHTOOL_MSG_LINKMODES_GET                 = 0x4
+	ETHTOOL_MSG_LINKMODES_SET                 = 0x5
+	ETHTOOL_MSG_LINKSTATE_GET                 = 0x6
+	ETHTOOL_MSG_DEBUG_GET                     = 0x7
+	ETHTOOL_MSG_DEBUG_SET                     = 0x8
+	ETHTOOL_MSG_WOL_GET                       = 0x9
+	ETHTOOL_MSG_WOL_SET                       = 0xa
+	ETHTOOL_MSG_FEATURES_GET                  = 0xb
+	ETHTOOL_MSG_FEATURES_SET                  = 0xc
+	ETHTOOL_MSG_PRIVFLAGS_GET                 = 0xd
+	ETHTOOL_MSG_PRIVFLAGS_SET                 = 0xe
+	ETHTOOL_MSG_RINGS_GET                     = 0xf
+	ETHTOOL_MSG_RINGS_SET                     = 0x10
+	ETHTOOL_MSG_CHANNELS_GET                  = 0x11
+	ETHTOOL_MSG_CHANNELS_SET                  = 0x12
+	ETHTOOL_MSG_COALESCE_GET                  = 0x13
+	ETHTOOL_MSG_COALESCE_SET                  = 0x14
+	ETHTOOL_MSG_PAUSE_GET                     = 0x15
+	ETHTOOL_MSG_PAUSE_SET                     = 0x16
+	ETHTOOL_MSG_EEE_GET                       = 0x17
+	ETHTOOL_MSG_EEE_SET                       = 0x18
+	ETHTOOL_MSG_TSINFO_GET                    = 0x19
+	ETHTOOL_MSG_CABLE_TEST_ACT                = 0x1a
+	ETHTOOL_MSG_CABLE_TEST_TDR_ACT            = 0x1b
+	ETHTOOL_MSG_TUNNEL_INFO_GET               = 0x1c
+	ETHTOOL_MSG_USER_MAX                      = 0x21
+	ETHTOOL_MSG_KERNEL_NONE                   = 0x0
+	ETHTOOL_MSG_STRSET_GET_REPLY              = 0x1
+	ETHTOOL_MSG_LINKINFO_GET_REPLY            = 0x2
+	ETHTOOL_MSG_LINKINFO_NTF                  = 0x3
+	ETHTOOL_MSG_LINKMODES_GET_REPLY           = 0x4
+	ETHTOOL_MSG_LINKMODES_NTF                 = 0x5
+	ETHTOOL_MSG_LINKSTATE_GET_REPLY           = 0x6
+	ETHTOOL_MSG_DEBUG_GET_REPLY               = 0x7
+	ETHTOOL_MSG_DEBUG_NTF                     = 0x8
+	ETHTOOL_MSG_WOL_GET_REPLY                 = 0x9
+	ETHTOOL_MSG_WOL_NTF                       = 0xa
+	ETHTOOL_MSG_FEATURES_GET_REPLY            = 0xb
+	ETHTOOL_MSG_FEATURES_SET_REPLY            = 0xc
+	ETHTOOL_MSG_FEATURES_NTF                  = 0xd
+	ETHTOOL_MSG_PRIVFLAGS_GET_REPLY           = 0xe
+	ETHTOOL_MSG_PRIVFLAGS_NTF                 = 0xf
+	ETHTOOL_MSG_RINGS_GET_REPLY               = 0x10
+	ETHTOOL_MSG_RINGS_NTF                     = 0x11
+	ETHTOOL_MSG_CHANNELS_GET_REPLY            = 0x12
+	ETHTOOL_MSG_CHANNELS_NTF                  = 0x13
+	ETHTOOL_MSG_COALESCE_GET_REPLY            = 0x14
+	ETHTOOL_MSG_COALESCE_NTF                  = 0x15
+	ETHTOOL_MSG_PAUSE_GET_REPLY               = 0x16
+	ETHTOOL_MSG_PAUSE_NTF                     = 0x17
+	ETHTOOL_MSG_EEE_GET_REPLY                 = 0x18
+	ETHTOOL_MSG_EEE_NTF                       = 0x19
+	ETHTOOL_MSG_TSINFO_GET_REPLY              = 0x1a
+	ETHTOOL_MSG_CABLE_TEST_NTF                = 0x1b
+	ETHTOOL_MSG_CABLE_TEST_TDR_NTF            = 0x1c
+	ETHTOOL_MSG_TUNNEL_INFO_GET_REPLY         = 0x1d
+	ETHTOOL_MSG_KERNEL_MAX                    = 0x22
+	ETHTOOL_A_HEADER_UNSPEC                   = 0x0
+	ETHTOOL_A_HEADER_DEV_INDEX                = 0x1
+	ETHTOOL_A_HEADER_DEV_NAME                 = 0x2
+	ETHTOOL_A_HEADER_FLAGS                    = 0x3
+	ETHTOOL_A_HEADER_MAX                      = 0x3
+	ETHTOOL_A_BITSET_BIT_UNSPEC               = 0x0
+	ETHTOOL_A_BITSET_BIT_INDEX                = 0x1
+	ETHTOOL_A_BITSET_BIT_NAME                 = 0x2
+	ETHTOOL_A_BITSET_BIT_VALUE                = 0x3
+	ETHTOOL_A_BITSET_BIT_MAX                  = 0x3
+	ETHTOOL_A_BITSET_BITS_UNSPEC              = 0x0
+	ETHTOOL_A_BITSET_BITS_BIT                 = 0x1
+	ETHTOOL_A_BITSET_BITS_MAX                 = 0x1
+	ETHTOOL_A_BITSET_UNSPEC                   = 0x0
+	ETHTOOL_A_BITSET_NOMASK                   = 0x1
+	ETHTOOL_A_BITSET_SIZE                     = 0x2
+	ETHTOOL_A_BITSET_BITS                     = 0x3
+	ETHTOOL_A_BITSET_VALUE                    = 0x4
+	ETHTOOL_A_BITSET_MASK                     = 0x5
+	ETHTOOL_A_BITSET_MAX                      = 0x5
+	ETHTOOL_A_STRING_UNSPEC                   = 0x0
+	ETHTOOL_A_STRING_INDEX                    = 0x1
+	ETHTOOL_A_STRING_VALUE                    = 0x2
+	ETHTOOL_A_STRING_MAX                      = 0x2
+	ETHTOOL_A_STRINGS_UNSPEC                  = 0x0
+	ETHTOOL_A_STRINGS_STRING                  = 0x1
+	ETHTOOL_A_STRINGS_MAX                     = 0x1
+	ETHTOOL_A_STRINGSET_UNSPEC                = 0x0
+	ETHTOOL_A_STRINGSET_ID                    = 0x1
+	ETHTOOL_A_STRINGSET_COUNT                 = 0x2
+	ETHTOOL_A_STRINGSET_STRINGS               = 0x3
+	ETHTOOL_A_STRINGSET_MAX                   = 0x3
+	ETHTOOL_A_STRINGSETS_UNSPEC               = 0x0
+	ETHTOOL_A_STRINGSETS_STRINGSET            = 0x1
+	ETHTOOL_A_STRINGSETS_MAX                  = 0x1
+	ETHTOOL_A_STRSET_UNSPEC                   = 0x0
+	ETHTOOL_A_STRSET_HEADER                   = 0x1
+	ETHTOOL_A_STRSET_STRINGSETS               = 0x2
+	ETHTOOL_A_STRSET_COUNTS_ONLY              = 0x3
+	ETHTOOL_A_STRSET_MAX                      = 0x3
+	ETHTOOL_A_LINKINFO_UNSPEC                 = 0x0
+	ETHTOOL_A_LINKINFO_HEADER                 = 0x1
+	ETHTOOL_A_LINKINFO_PORT                   = 0x2
+	ETHTOOL_A_LINKINFO_PHYADDR                = 0x3
+	ETHTOOL_A_LINKINFO_TP_MDIX                = 0x4
+	ETHTOOL_A_LINKINFO_TP_MDIX_CTRL           = 0x5
+	ETHTOOL_A_LINKINFO_TRANSCEIVER            = 0x6
+	ETHTOOL_A_LINKINFO_MAX                    = 0x6
+	ETHTOOL_A_LINKMODES_UNSPEC                = 0x0
+	ETHTOOL_A_LINKMODES_HEADER                = 0x1
+	ETHTOOL_A_LINKMODES_AUTONEG               = 0x2
+	ETHTOOL_A_LINKMODES_OURS                  = 0x3
+	ETHTOOL_A_LINKMODES_PEER                  = 0x4
+	ETHTOOL_A_LINKMODES_SPEED                 = 0x5
+	ETHTOOL_A_LINKMODES_DUPLEX                = 0x6
+	ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG      = 0x7
+	ETHTOOL_A_LINKMODES_MASTER_SLAVE_STATE    = 0x8
+	ETHTOOL_A_LINKMODES_LANES                 = 0x9
+	ETHTOOL_A_LINKMODES_MAX                   = 0x9
+	ETHTOOL_A_LINKSTATE_UNSPEC                = 0x0
+	ETHTOOL_A_LINKSTATE_HEADER                = 0x1
+	ETHTOOL_A_LINKSTATE_LINK                  = 0x2
+	ETHTOOL_A_LINKSTATE_SQI                   = 0x3
+	ETHTOOL_A_LINKSTATE_SQI_MAX               = 0x4
+	ETHTOOL_A_LINKSTATE_EXT_STATE             = 0x5
+	ETHTOOL_A_LINKSTATE_EXT_SUBSTATE          = 0x6
+	ETHTOOL_A_LINKSTATE_MAX                   = 0x6
+	ETHTOOL_A_DEBUG_UNSPEC                    = 0x0
+	ETHTOOL_A_DEBUG_HEADER                    = 0x1
+	ETHTOOL_A_DEBUG_MSGMASK                   = 0x2
+	ETHTOOL_A_DEBUG_MAX                       = 0x2
+	ETHTOOL_A_WOL_UNSPEC                      = 0x0
+	ETHTOOL_A_WOL_HEADER                      = 0x1
+	ETHTOOL_A_WOL_MODES                       = 0x2
+	ETHTOOL_A_WOL_SOPASS                      = 0x3
+	ETHTOOL_A_WOL_MAX                         = 0x3
+	ETHTOOL_A_FEATURES_UNSPEC                 = 0x0
+	ETHTOOL_A_FEATURES_HEADER                 = 0x1
+	ETHTOOL_A_FEATURES_HW                     = 0x2
+	ETHTOOL_A_FEATURES_WANTED                 = 0x3
+	ETHTOOL_A_FEATURES_ACTIVE                 = 0x4
+	ETHTOOL_A_FEATURES_NOCHANGE               = 0x5
+	ETHTOOL_A_FEATURES_MAX                    = 0x5
+	ETHTOOL_A_PRIVFLAGS_UNSPEC                = 0x0
+	ETHTOOL_A_PRIVFLAGS_HEADER                = 0x1
+	ETHTOOL_A_PRIVFLAGS_FLAGS                 = 0x2
+	ETHTOOL_A_PRIVFLAGS_MAX                   = 0x2
+	ETHTOOL_A_RINGS_UNSPEC                    = 0x0
+	ETHTOOL_A_RINGS_HEADER                    = 0x1
+	ETHTOOL_A_RINGS_RX_MAX                    = 0x2
+	ETHTOOL_A_RINGS_RX_MINI_MAX               = 0x3
+	ETHTOOL_A_RINGS_RX_JUMBO_MAX              = 0x4
+	ETHTOOL_A_RINGS_TX_MAX                    = 0x5
+	ETHTOOL_A_RINGS_RX                        = 0x6
+	ETHTOOL_A_RINGS_RX_MINI                   = 0x7
+	ETHTOOL_A_RINGS_RX_JUMBO                  = 0x8
+	ETHTOOL_A_RINGS_TX                        = 0x9
+	ETHTOOL_A_RINGS_MAX                       = 0x9
+	ETHTOOL_A_CHANNELS_UNSPEC                 = 0x0
+	ETHTOOL_A_CHANNELS_HEADER                 = 0x1
+	ETHTOOL_A_CHANNELS_RX_MAX                 = 0x2
+	ETHTOOL_A_CHANNELS_TX_MAX                 = 0x3
+	ETHTOOL_A_CHANNELS_OTHER_MAX              = 0x4
+	ETHTOOL_A_CHANNELS_COMBINED_MAX           = 0x5
+	ETHTOOL_A_CHANNELS_RX_COUNT               = 0x6
+	ETHTOOL_A_CHANNELS_TX_COUNT               = 0x7
+	ETHTOOL_A_CHANNELS_OTHER_COUNT            = 0x8
+	ETHTOOL_A_CHANNELS_COMBINED_COUNT         = 0x9
+	ETHTOOL_A_CHANNELS_MAX                    = 0x9
+	ETHTOOL_A_COALESCE_UNSPEC                 = 0x0
+	ETHTOOL_A_COALESCE_HEADER                 = 0x1
+	ETHTOOL_A_COALESCE_RX_USECS               = 0x2
+	ETHTOOL_A_COALESCE_RX_MAX_FRAMES          = 0x3
+	ETHTOOL_A_COALESCE_RX_USECS_IRQ           = 0x4
+	ETHTOOL_A_COALESCE_RX_MAX_FRAMES_IRQ      = 0x5
+	ETHTOOL_A_COALESCE_TX_USECS               = 0x6
+	ETHTOOL_A_COALESCE_TX_MAX_FRAMES          = 0x7
+	ETHTOOL_A_COALESCE_TX_USECS_IRQ           = 0x8
+	ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ      = 0x9
+	ETHTOOL_A_COALESCE_STATS_BLOCK_USECS      = 0xa
+	ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX        = 0xb
+	ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX        = 0xc
+	ETHTOOL_A_COALESCE_PKT_RATE_LOW           = 0xd
+	ETHTOOL_A_COALESCE_RX_USECS_LOW           = 0xe
+	ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW      = 0xf
+	ETHTOOL_A_COALESCE_TX_USECS_LOW           = 0x10
+	ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW      = 0x11
+	ETHTOOL_A_COALESCE_PKT_RATE_HIGH          = 0x12
+	ETHTOOL_A_COALESCE_RX_USECS_HIGH          = 0x13
+	ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH     = 0x14
+	ETHTOOL_A_COALESCE_TX_USECS_HIGH          = 0x15
+	ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH     = 0x16
+	ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL   = 0x17
+	ETHTOOL_A_COALESCE_MAX                    = 0x17
+	ETHTOOL_A_PAUSE_UNSPEC                    = 0x0
+	ETHTOOL_A_PAUSE_HEADER                    = 0x1
+	ETHTOOL_A_PAUSE_AUTONEG                   = 0x2
+	ETHTOOL_A_PAUSE_RX                        = 0x3
+	ETHTOOL_A_PAUSE_TX                        = 0x4
+	ETHTOOL_A_PAUSE_STATS                     = 0x5
+	ETHTOOL_A_PAUSE_MAX                       = 0x5
+	ETHTOOL_A_PAUSE_STAT_UNSPEC               = 0x0
+	ETHTOOL_A_PAUSE_STAT_PAD                  = 0x1
+	ETHTOOL_A_PAUSE_STAT_TX_FRAMES            = 0x2
+	ETHTOOL_A_PAUSE_STAT_RX_FRAMES            = 0x3
+	ETHTOOL_A_PAUSE_STAT_MAX                  = 0x3
+	ETHTOOL_A_EEE_UNSPEC                      = 0x0
+	ETHTOOL_A_EEE_HEADER                      = 0x1
+	ETHTOOL_A_EEE_MODES_OURS                  = 0x2
+	ETHTOOL_A_EEE_MODES_PEER                  = 0x3
+	ETHTOOL_A_EEE_ACTIVE                      = 0x4
+	ETHTOOL_A_EEE_ENABLED                     = 0x5
+	ETHTOOL_A_EEE_TX_LPI_ENABLED              = 0x6
+	ETHTOOL_A_EEE_TX_LPI_TIMER                = 0x7
+	ETHTOOL_A_EEE_MAX                         = 0x7
+	ETHTOOL_A_TSINFO_UNSPEC                   = 0x0
+	ETHTOOL_A_TSINFO_HEADER                   = 0x1
+	ETHTOOL_A_TSINFO_TIMESTAMPING             = 0x2
+	ETHTOOL_A_TSINFO_TX_TYPES                 = 0x3
+	ETHTOOL_A_TSINFO_RX_FILTERS               = 0x4
+	ETHTOOL_A_TSINFO_PHC_INDEX                = 0x5
+	ETHTOOL_A_TSINFO_MAX                      = 0x5
+	ETHTOOL_A_CABLE_TEST_UNSPEC               = 0x0
+	ETHTOOL_A_CABLE_TEST_HEADER               = 0x1
+	ETHTOOL_A_CABLE_TEST_MAX                  = 0x1
+	ETHTOOL_A_CABLE_RESULT_CODE_UNSPEC        = 0x0
+	ETHTOOL_A_CABLE_RESULT_CODE_OK            = 0x1
+	ETHTOOL_A_CABLE_RESULT_CODE_OPEN          = 0x2
+	ETHTOOL_A_CABLE_RESULT_CODE_SAME_SHORT    = 0x3
+	ETHTOOL_A_CABLE_RESULT_CODE_CROSS_SHORT   = 0x4
+	ETHTOOL_A_CABLE_PAIR_A                    = 0x0
+	ETHTOOL_A_CABLE_PAIR_B                    = 0x1
+	ETHTOOL_A_CABLE_PAIR_C                    = 0x2
+	ETHTOOL_A_CABLE_PAIR_D                    = 0x3
+	ETHTOOL_A_CABLE_RESULT_UNSPEC             = 0x0
+	ETHTOOL_A_CABLE_RESULT_PAIR               = 0x1
+	ETHTOOL_A_CABLE_RESULT_CODE               = 0x2
+	ETHTOOL_A_CABLE_RESULT_MAX                = 0x2
+	ETHTOOL_A_CABLE_FAULT_LENGTH_UNSPEC       = 0x0
+	ETHTOOL_A_CABLE_FAULT_LENGTH_PAIR         = 0x1
+	ETHTOOL_A_CABLE_FAULT_LENGTH_CM           = 0x2
+	ETHTOOL_A_CABLE_FAULT_LENGTH_MAX          = 0x2
+	ETHTOOL_A_CABLE_TEST_NTF_STATUS_UNSPEC    = 0x0
+	ETHTOOL_A_CABLE_TEST_NTF_STATUS_STARTED   = 0x1
+	ETHTOOL_A_CABLE_TEST_NTF_STATUS_COMPLETED = 0x2
+	ETHTOOL_A_CABLE_NEST_UNSPEC               = 0x0
+	ETHTOOL_A_CABLE_NEST_RESULT               = 0x1
+	ETHTOOL_A_CABLE_NEST_FAULT_LENGTH         = 0x2
+	ETHTOOL_A_CABLE_NEST_MAX                  = 0x2
+	ETHTOOL_A_CABLE_TEST_NTF_UNSPEC           = 0x0
+	ETHTOOL_A_CABLE_TEST_NTF_HEADER           = 0x1
+	ETHTOOL_A_CABLE_TEST_NTF_STATUS           = 0x2
+	ETHTOOL_A_CABLE_TEST_NTF_NEST             = 0x3
+	ETHTOOL_A_CABLE_TEST_NTF_MAX              = 0x3
+	ETHTOOL_A_CABLE_TEST_TDR_CFG_UNSPEC       = 0x0
+	ETHTOOL_A_CABLE_TEST_TDR_CFG_FIRST        = 0x1
+	ETHTOOL_A_CABLE_TEST_TDR_CFG_LAST         = 0x2
+	ETHTOOL_A_CABLE_TEST_TDR_CFG_STEP         = 0x3
+	ETHTOOL_A_CABLE_TEST_TDR_CFG_PAIR         = 0x4
+	ETHTOOL_A_CABLE_TEST_TDR_CFG_MAX          = 0x4
+	ETHTOOL_A_CABLE_TEST_TDR_UNSPEC           = 0x0
+	ETHTOOL_A_CABLE_TEST_TDR_HEADER           = 0x1
+	ETHTOOL_A_CABLE_TEST_TDR_CFG              = 0x2
+	ETHTOOL_A_CABLE_TEST_TDR_MAX              = 0x2
+	ETHTOOL_A_CABLE_AMPLITUDE_UNSPEC          = 0x0
+	ETHTOOL_A_CABLE_AMPLITUDE_PAIR            = 0x1
+	ETHTOOL_A_CABLE_AMPLITUDE_mV              = 0x2
+	ETHTOOL_A_CABLE_AMPLITUDE_MAX             = 0x2
+	ETHTOOL_A_CABLE_PULSE_UNSPEC              = 0x0
+	ETHTOOL_A_CABLE_PULSE_mV                  = 0x1
+	ETHTOOL_A_CABLE_PULSE_MAX                 = 0x1
+	ETHTOOL_A_CABLE_STEP_UNSPEC               = 0x0
+	ETHTOOL_A_CABLE_STEP_FIRST_DISTANCE       = 0x1
+	ETHTOOL_A_CABLE_STEP_LAST_DISTANCE        = 0x2
+	ETHTOOL_A_CABLE_STEP_STEP_DISTANCE        = 0x3
+	ETHTOOL_A_CABLE_STEP_MAX                  = 0x3
+	ETHTOOL_A_CABLE_TDR_NEST_UNSPEC           = 0x0
+	ETHTOOL_A_CABLE_TDR_NEST_STEP             = 0x1
+	ETHTOOL_A_CABLE_TDR_NEST_AMPLITUDE        = 0x2
+	ETHTOOL_A_CABLE_TDR_NEST_PULSE            = 0x3
+	ETHTOOL_A_CABLE_TDR_NEST_MAX              = 0x3
+	ETHTOOL_A_CABLE_TEST_TDR_NTF_UNSPEC       = 0x0
+	ETHTOOL_A_CABLE_TEST_TDR_NTF_HEADER       = 0x1
+	ETHTOOL_A_CABLE_TEST_TDR_NTF_STATUS       = 0x2
+	ETHTOOL_A_CABLE_TEST_TDR_NTF_NEST         = 0x3
+	ETHTOOL_A_CABLE_TEST_TDR_NTF_MAX          = 0x3
+	ETHTOOL_UDP_TUNNEL_TYPE_VXLAN             = 0x0
+	ETHTOOL_UDP_TUNNEL_TYPE_GENEVE            = 0x1
+	ETHTOOL_UDP_TUNNEL_TYPE_VXLAN_GPE         = 0x2
+	ETHTOOL_A_TUNNEL_UDP_ENTRY_UNSPEC         = 0x0
+	ETHTOOL_A_TUNNEL_UDP_ENTRY_PORT           = 0x1
+	ETHTOOL_A_TUNNEL_UDP_ENTRY_TYPE           = 0x2
+	ETHTOOL_A_TUNNEL_UDP_ENTRY_MAX            = 0x2
+	ETHTOOL_A_TUNNEL_UDP_TABLE_UNSPEC         = 0x0
+	ETHTOOL_A_TUNNEL_UDP_TABLE_SIZE           = 0x1
+	ETHTOOL_A_TUNNEL_UDP_TABLE_TYPES          = 0x2
+	ETHTOOL_A_TUNNEL_UDP_TABLE_ENTRY          = 0x3
+	ETHTOOL_A_TUNNEL_UDP_TABLE_MAX            = 0x3
+	ETHTOOL_A_TUNNEL_UDP_UNSPEC               = 0x0
+	ETHTOOL_A_TUNNEL_UDP_TABLE                = 0x1
+	ETHTOOL_A_TUNNEL_UDP_MAX                  = 0x1
+	ETHTOOL_A_TUNNEL_INFO_UNSPEC              = 0x0
+	ETHTOOL_A_TUNNEL_INFO_HEADER              = 0x1
+	ETHTOOL_A_TUNNEL_INFO_UDP_PORTS           = 0x2
+	ETHTOOL_A_TUNNEL_INFO_MAX                 = 0x2
+)
+
+type EthtoolDrvinfo struct {
+	Cmd          uint32
+	Driver       [32]byte
+	Version      [32]byte
+	Fw_version   [32]byte
+	Bus_info     [32]byte
+	Erom_version [32]byte
+	Reserved2    [12]byte
+	N_priv_flags uint32
+	N_stats      uint32
+	Testinfo_len uint32
+	Eedump_len   uint32
+	Regdump_len  uint32
+}
+
+type (
+	HIDRawReportDescriptor struct {
+		Size  uint32
+		Value [4096]uint8
+	}
+	HIDRawDevInfo struct {
+		Bustype uint32
+		Vendor  int16
+		Product int16
+	}
+)
+
+const (
+	CLOSE_RANGE_UNSHARE = 0x2
+	CLOSE_RANGE_CLOEXEC = 0x4
+)
+
+const (
+	NLMSGERR_ATTR_MSG    = 0x1
+	NLMSGERR_ATTR_OFFS   = 0x2
+	NLMSGERR_ATTR_COOKIE = 0x3
+)
+
+type (
+	EraseInfo struct {
+		Start  uint32
+		Length uint32
+	}
+	EraseInfo64 struct {
+		Start  uint64
+		Length uint64
+	}
+	MtdOobBuf struct {
+		Start  uint32
+		Length uint32
+		Ptr    *uint8
+	}
+	MtdOobBuf64 struct {
+		Start  uint64
+		Pad    uint32
+		Length uint32
+		Ptr    uint64
+	}
+	MtdWriteReq struct {
+		Start  uint64
+		Len    uint64
+		Ooblen uint64
+		Data   uint64
+		Oob    uint64
+		Mode   uint8
+		_      [7]uint8
+	}
+	MtdInfo struct {
+		Type      uint8
+		Flags     uint32
+		Size      uint32
+		Erasesize uint32
+		Writesize uint32
+		Oobsize   uint32
+		_         uint64
+	}
+	RegionInfo struct {
+		Offset      uint32
+		Erasesize   uint32
+		Numblocks   uint32
+		Regionindex uint32
+	}
+	OtpInfo struct {
+		Start  uint32
+		Length uint32
+		Locked uint32
+	}
+	NandOobinfo struct {
+		Useecc   uint32
+		Eccbytes uint32
+		Oobfree  [8][2]uint32
+		Eccpos   [32]uint32
+	}
+	NandOobfree struct {
+		Offset uint32
+		Length uint32
+	}
+	NandEcclayout struct {
+		Eccbytes uint32
+		Eccpos   [64]uint32
+		Oobavail uint32
+		Oobfree  [8]NandOobfree
+	}
+	MtdEccStats struct {
+		Corrected uint32
+		Failed    uint32
+		Badblocks uint32
+		Bbtblocks uint32
+	}
+)
+
+const (
+	MTD_OPS_PLACE_OOB = 0x0
+	MTD_OPS_AUTO_OOB  = 0x1
+	MTD_OPS_RAW       = 0x2
+)
+
+const (
+	MTD_FILE_MODE_NORMAL      = 0x0
+	MTD_FILE_MODE_OTP_FACTORY = 0x1
+	MTD_FILE_MODE_OTP_USER    = 0x2
+	MTD_FILE_MODE_RAW         = 0x3
+)
+
+const (
+	NFC_CMD_UNSPEC                    = 0x0
+	NFC_CMD_GET_DEVICE                = 0x1
+	NFC_CMD_DEV_UP                    = 0x2
+	NFC_CMD_DEV_DOWN                  = 0x3
+	NFC_CMD_DEP_LINK_UP               = 0x4
+	NFC_CMD_DEP_LINK_DOWN             = 0x5
+	NFC_CMD_START_POLL                = 0x6
+	NFC_CMD_STOP_POLL                 = 0x7
+	NFC_CMD_GET_TARGET                = 0x8
+	NFC_EVENT_TARGETS_FOUND           = 0x9
+	NFC_EVENT_DEVICE_ADDED            = 0xa
+	NFC_EVENT_DEVICE_REMOVED          = 0xb
+	NFC_EVENT_TARGET_LOST             = 0xc
+	NFC_EVENT_TM_ACTIVATED            = 0xd
+	NFC_EVENT_TM_DEACTIVATED          = 0xe
+	NFC_CMD_LLC_GET_PARAMS            = 0xf
+	NFC_CMD_LLC_SET_PARAMS            = 0x10
+	NFC_CMD_ENABLE_SE                 = 0x11
+	NFC_CMD_DISABLE_SE                = 0x12
+	NFC_CMD_LLC_SDREQ                 = 0x13
+	NFC_EVENT_LLC_SDRES               = 0x14
+	NFC_CMD_FW_DOWNLOAD               = 0x15
+	NFC_EVENT_SE_ADDED                = 0x16
+	NFC_EVENT_SE_REMOVED              = 0x17
+	NFC_EVENT_SE_CONNECTIVITY         = 0x18
+	NFC_EVENT_SE_TRANSACTION          = 0x19
+	NFC_CMD_GET_SE                    = 0x1a
+	NFC_CMD_SE_IO                     = 0x1b
+	NFC_CMD_ACTIVATE_TARGET           = 0x1c
+	NFC_CMD_VENDOR                    = 0x1d
+	NFC_CMD_DEACTIVATE_TARGET         = 0x1e
+	NFC_ATTR_UNSPEC                   = 0x0
+	NFC_ATTR_DEVICE_INDEX             = 0x1
+	NFC_ATTR_DEVICE_NAME              = 0x2
+	NFC_ATTR_PROTOCOLS                = 0x3
+	NFC_ATTR_TARGET_INDEX             = 0x4
+	NFC_ATTR_TARGET_SENS_RES          = 0x5
+	NFC_ATTR_TARGET_SEL_RES           = 0x6
+	NFC_ATTR_TARGET_NFCID1            = 0x7
+	NFC_ATTR_TARGET_SENSB_RES         = 0x8
+	NFC_ATTR_TARGET_SENSF_RES         = 0x9
+	NFC_ATTR_COMM_MODE                = 0xa
+	NFC_ATTR_RF_MODE                  = 0xb
+	NFC_ATTR_DEVICE_POWERED           = 0xc
+	NFC_ATTR_IM_PROTOCOLS             = 0xd
+	NFC_ATTR_TM_PROTOCOLS             = 0xe
+	NFC_ATTR_LLC_PARAM_LTO            = 0xf
+	NFC_ATTR_LLC_PARAM_RW             = 0x10
+	NFC_ATTR_LLC_PARAM_MIUX           = 0x11
+	NFC_ATTR_SE                       = 0x12
+	NFC_ATTR_LLC_SDP                  = 0x13
+	NFC_ATTR_FIRMWARE_NAME            = 0x14
+	NFC_ATTR_SE_INDEX                 = 0x15
+	NFC_ATTR_SE_TYPE                  = 0x16
+	NFC_ATTR_SE_AID                   = 0x17
+	NFC_ATTR_FIRMWARE_DOWNLOAD_STATUS = 0x18
+	NFC_ATTR_SE_APDU                  = 0x19
+	NFC_ATTR_TARGET_ISO15693_DSFID    = 0x1a
+	NFC_ATTR_TARGET_ISO15693_UID      = 0x1b
+	NFC_ATTR_SE_PARAMS                = 0x1c
+	NFC_ATTR_VENDOR_ID                = 0x1d
+	NFC_ATTR_VENDOR_SUBCMD            = 0x1e
+	NFC_ATTR_VENDOR_DATA              = 0x1f
+	NFC_SDP_ATTR_UNSPEC               = 0x0
+	NFC_SDP_ATTR_URI                  = 0x1
+	NFC_SDP_ATTR_SAP                  = 0x2
+)
+
+type LandlockRulesetAttr struct {
+	Access_fs uint64
+}
+
+type LandlockPathBeneathAttr struct {
+	Allowed_access uint64
+	Parent_fd      int32
+}
+
+const (
+	LANDLOCK_RULE_PATH_BENEATH = 0x1
+)
+
+const (
+	IPC_CREAT   = 0x200
+	IPC_EXCL    = 0x400
+	IPC_NOWAIT  = 0x800
+	IPC_PRIVATE = 0x0
+
+	ipc_64 = 0x100
+)
+
+const (
+	IPC_RMID = 0x0
+	IPC_SET  = 0x1
+	IPC_STAT = 0x2
+)
+
+const (
+	SHM_RDONLY = 0x1000
+	SHM_RND    = 0x2000
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 4c250033fa76b..eeeb9aa39ac1c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && linux
 // +build 386,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int32
-	_C_long_long int64
+	_C_long int32
 )
 
 type Timespec struct {
@@ -88,17 +82,9 @@ type Rusage struct {
 	Nivcsw   int32
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint64
 	_       uint16
-	_       [2]byte
 	_       uint32
 	Mode    uint32
 	Nlink   uint32
@@ -106,7 +92,6 @@ type Stat_t struct {
 	Gid     uint32
 	Rdev    uint64
 	_       uint16
-	_       [2]byte
 	Size    int64
 	Blksize int32
 	Blocks  int64
@@ -116,36 +101,6 @@ type Stat_t struct {
 	Ino     uint64
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -155,10 +110,6 @@ type Dirent struct {
 	_      [1]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
@@ -167,115 +118,25 @@ type Flock_t struct {
 	Pid    int32
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint32
 }
 
 type RawSockaddr struct {
@@ -288,41 +149,11 @@ type RawSockaddrAny struct {
 	Pad  [96]int8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint32
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
@@ -339,305 +170,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
-}
-
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [16]byte
 }
 
 const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x8
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x1c
-	SizeofCmsghdr           = 0xc
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
+	SizeofSockaddrNFCLLCP = 0x58
+	SizeofIovec           = 0x8
+	SizeofMsghdr          = 0x1c
+	SizeofCmsghdr         = 0xc
 )
 
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockFprog = 0x8
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
-const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x8
-)
-
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [2]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Ebx      int32
 	Ecx      int32
@@ -679,15 +227,6 @@ type Sysinfo_t struct {
 	_         [8]int8
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
 	Tinode uint32
@@ -702,44 +241,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [32]uint32
 }
 
-const RNDGETENTCNT = 0x80045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x41
 
 type Termios struct {
 	Iflag  uint32
@@ -752,20 +261,12 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
+	_                         [4]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -807,259 +308,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint32
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x20
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x20
 )
 
 const (
@@ -1135,22 +392,6 @@ type SockaddrStorage struct {
 	_      uint32
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
@@ -1158,88 +399,6 @@ type HDGeometry struct {
 	Start     uint32
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int32
 	Bsize   int32
@@ -1255,18 +414,6 @@ type Statfs_t struct {
 	Spare   [4]int32
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint32
 	Len     uint32
@@ -1277,578 +424,247 @@ type TpacketHdr struct {
 	Usec    uint32
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
 
-const (
-	SizeofTpacketHdr  = 0x18
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportLarval struct {
+	Type [64]int8
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportComp struct {
+	Type [64]int8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int32
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint16
+	Inode            uint32
+	Rdevice          uint16
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]int8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+}
+
+const (
+	PPS_GETPARAMS = 0x800470a1
+	PPS_SETPARAMS = 0x400470a2
+	PPS_GETCAP    = 0x800470a3
+	PPS_FETCH     = 0xc00470a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint16
+	_    [2]uint8
+	Seq  uint16
+	_    uint16
+	_    uint32
+	_    uint32
+}
+type SysvShmDesc struct {
+	Perm       SysvIpcPerm
+	Segsz      uint32
+	Atime      uint32
+	Atime_high uint32
+	Dtime      uint32
+	Dtime_high uint32
+	Ctime      uint32
+	Ctime_high uint32
+	Cpid       int32
+	Lpid       int32
+	Nattch     uint32
+	_          uint32
+	_          uint32
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 2e4d709b4fd74..d30e1155cc068 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && linux
 // +build amd64,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int64
-	_C_long_long int64
+	_C_long int64
 )
 
 type Timespec struct {
@@ -33,13 +27,11 @@ type Timeval struct {
 
 type Timex struct {
 	Modes     uint32
-	_         [4]byte
 	Offset    int64
 	Freq      int64
 	Maxerror  int64
 	Esterror  int64
 	Status    int32
-	_         [4]byte
 	Constant  int64
 	Precision int64
 	Tolerance int64
@@ -48,7 +40,6 @@ type Timex struct {
 	Ppsfreq   int64
 	Jitter    int64
 	Shift     int32
-	_         [4]byte
 	Stabil    int64
 	Jitcnt    int64
 	Calcnt    int64
@@ -91,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int64
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint64
 	Ino     uint64
@@ -116,36 +100,6 @@ type Stat_t struct {
 	_       [3]int64
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -155,129 +109,36 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
-	_      [4]byte
 	Start  int64
 	Len    int64
 	Pid    int32
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
 }
 
 type RawSockaddr struct {
@@ -290,45 +151,14 @@ type RawSockaddrAny struct {
 	Pad  [96]int8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint64
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     uint64
 	Control    *byte
@@ -343,305 +173,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
 }
 
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
-}
-
-const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x10
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x38
-	SizeofCmsghdr           = 0x10
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
-)
-
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
 const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x10
+	SizeofSockFprog = 0x10
 )
 
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [6]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	R15      uint64
 	R14      uint64
@@ -687,7 +234,6 @@ type Sysinfo_t struct {
 	Freeswap  uint64
 	Procs     uint16
 	Pad       uint16
-	_         [4]byte
 	Totalhigh uint64
 	Freehigh  uint64
 	Unit      uint32
@@ -695,18 +241,8 @@ type Sysinfo_t struct {
 	_         [4]byte
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
-	_      [4]byte
 	Tinode uint64
 	Fname  [6]int8
 	Fpack  [6]int8
@@ -720,44 +256,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [16]uint64
 }
 
-const RNDGETENTCNT = 0x80045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x41
 
 type Termios struct {
 	Iflag  uint32
@@ -770,20 +276,11 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -801,7 +298,6 @@ type Taskstats struct {
 	Ac_pid                    uint32
 	Ac_ppid                   uint32
 	Ac_btime                  uint32
-	_                         [4]byte
 	Ac_etime                  uint64
 	Ac_utime                  uint64
 	Ac_stime                  uint64
@@ -825,259 +321,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint64
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x40
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x40
 )
 
 const (
@@ -1153,112 +405,13 @@ type SockaddrStorage struct {
 	_      uint64
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
 	Cylinders uint16
-	_         [4]byte
 	Start     uint64
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int64
 	Bsize   int64
@@ -1274,18 +427,6 @@ type Statfs_t struct {
 	Spare   [4]int64
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint64
 	Len     uint32
@@ -1297,578 +438,248 @@ type TpacketHdr struct {
 	_       [4]byte
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-const (
-	SizeofTpacketHdr  = 0x20
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoReportLarval struct {
+	Type [64]int8
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportComp struct {
+	Type [64]int8
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportAKCipher struct {
+	Type [64]int8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportKPP struct {
+	Type [64]int8
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int64
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint64
+	Inode            uint64
+	Rdevice          uint64
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x800870a1
+	PPS_SETPARAMS = 0x400870a2
+	PPS_GETCAP    = 0x800870a3
+	PPS_FETCH     = 0xc00870a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    [0]uint8
+	Seq  uint16
+	_    uint16
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Segsz  uint64
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index bf38e5e2cd81d..69d0297520c4e 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && linux
 // +build arm,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int32
-	_C_long_long int64
+	_C_long int32
 )
 
 type Timespec struct {
@@ -88,17 +82,9 @@ type Rusage struct {
 	Nivcsw   int32
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint64
 	_       uint16
-	_       [2]byte
 	_       uint32
 	Mode    uint32
 	Nlink   uint32
@@ -106,7 +92,7 @@ type Stat_t struct {
 	Gid     uint32
 	Rdev    uint64
 	_       uint16
-	_       [6]byte
+	_       [4]byte
 	Size    int64
 	Blksize int32
 	_       [4]byte
@@ -117,36 +103,6 @@ type Stat_t struct {
 	Ino     uint64
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -156,10 +112,6 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
@@ -170,115 +122,27 @@ type Flock_t struct {
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint32
 }
 
 type RawSockaddr struct {
@@ -291,41 +155,11 @@ type RawSockaddrAny struct {
 	Pad  [96]uint8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint32
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
@@ -342,305 +176,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
-}
-
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [16]byte
 }
 
 const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x8
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x1c
-	SizeofCmsghdr           = 0xc
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
+	SizeofSockaddrNFCLLCP = 0x58
+	SizeofIovec           = 0x8
+	SizeofMsghdr          = 0x1c
+	SizeofCmsghdr         = 0xc
 )
 
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockFprog = 0x8
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
-const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x8
-)
-
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [2]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Uregs [18]uint32
 }
@@ -666,15 +217,6 @@ type Sysinfo_t struct {
 	_         [8]uint8
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
 	Tinode uint32
@@ -690,44 +232,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [32]uint32
 }
 
-const RNDGETENTCNT = 0x80045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x41
 
 type Termios struct {
 	Iflag  uint32
@@ -740,20 +252,12 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
+	_                         [4]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -795,259 +299,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint32
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x20
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x20
 )
 
 const (
@@ -1123,22 +383,6 @@ type SockaddrStorage struct {
 	_      uint32
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
@@ -1146,88 +390,6 @@ type HDGeometry struct {
 	Start     uint32
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int32
 	Bsize   int32
@@ -1244,18 +406,6 @@ type Statfs_t struct {
 	_       [4]byte
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint32
 	Len     uint32
@@ -1266,578 +416,250 @@ type TpacketHdr struct {
 	Usec    uint32
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
 
-const (
-	SizeofTpacketHdr  = 0x18
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportComp struct {
+	Type [64]uint8
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportAKCipher struct {
+	Type [64]uint8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportKPP struct {
+	Type [64]uint8
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int32
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint16
+	Inode            uint32
+	Rdevice          uint16
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]uint8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x800470a1
+	PPS_SETPARAMS = 0x400470a2
+	PPS_GETCAP    = 0x800470a3
+	PPS_FETCH     = 0xc00470a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint16
+	_    [2]uint8
+	Seq  uint16
+	_    uint16
+	_    uint32
+	_    uint32
+}
+type SysvShmDesc struct {
+	Perm       SysvIpcPerm
+	Segsz      uint32
+	Atime      uint32
+	Atime_high uint32
+	Dtime      uint32
+	Dtime_high uint32
+	Ctime      uint32
+	Ctime_high uint32
+	Cpid       int32
+	Lpid       int32
+	Nattch     uint32
+	_          uint32
+	_          uint32
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 972c1b8723631..28a0455bc9d60 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm64 && linux
 // +build arm64,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int64
-	_C_long_long int64
+	_C_long int64
 )
 
 type Timespec struct {
@@ -33,13 +27,11 @@ type Timeval struct {
 
 type Timex struct {
 	Modes     uint32
-	_         [4]byte
 	Offset    int64
 	Freq      int64
 	Maxerror  int64
 	Esterror  int64
 	Status    int32
-	_         [4]byte
 	Constant  int64
 	Precision int64
 	Tolerance int64
@@ -48,7 +40,6 @@ type Timex struct {
 	Ppsfreq   int64
 	Jitter    int64
 	Shift     int32
-	_         [4]byte
 	Stabil    int64
 	Jitcnt    int64
 	Calcnt    int64
@@ -91,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int64
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint64
 	Ino     uint64
@@ -117,36 +101,6 @@ type Stat_t struct {
 	_       [2]int32
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -156,129 +110,36 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
-	_      [4]byte
 	Start  int64
 	Len    int64
 	Pid    int32
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
 }
 
 type RawSockaddr struct {
@@ -291,45 +152,14 @@ type RawSockaddrAny struct {
 	Pad  [96]int8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint64
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     uint64
 	Control    *byte
@@ -344,305 +174,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
 }
 
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
-}
-
-const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x10
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x38
-	SizeofCmsghdr           = 0x10
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
-)
-
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
 const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x10
+	SizeofSockFprog = 0x10
 )
 
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [6]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Regs   [31]uint64
 	Sp     uint64
@@ -665,7 +212,6 @@ type Sysinfo_t struct {
 	Freeswap  uint64
 	Procs     uint16
 	Pad       uint16
-	_         [4]byte
 	Totalhigh uint64
 	Freehigh  uint64
 	Unit      uint32
@@ -673,18 +219,8 @@ type Sysinfo_t struct {
 	_         [4]byte
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
-	_      [4]byte
 	Tinode uint64
 	Fname  [6]int8
 	Fpack  [6]int8
@@ -699,44 +235,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [16]uint64
 }
 
-const RNDGETENTCNT = 0x80045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x41
 
 type Termios struct {
 	Iflag  uint32
@@ -749,20 +255,11 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -780,7 +277,6 @@ type Taskstats struct {
 	Ac_pid                    uint32
 	Ac_ppid                   uint32
 	Ac_btime                  uint32
-	_                         [4]byte
 	Ac_etime                  uint64
 	Ac_utime                  uint64
 	Ac_stime                  uint64
@@ -804,259 +300,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint64
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x40
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x40
 )
 
 const (
@@ -1132,112 +384,13 @@ type SockaddrStorage struct {
 	_      uint64
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
 	Cylinders uint16
-	_         [4]byte
 	Start     uint64
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int64
 	Bsize   int64
@@ -1253,18 +406,6 @@ type Statfs_t struct {
 	Spare   [4]int64
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint64
 	Len     uint32
@@ -1276,578 +417,248 @@ type TpacketHdr struct {
 	_       [4]byte
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-const (
-	SizeofTpacketHdr  = 0x20
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoReportLarval struct {
+	Type [64]int8
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportComp struct {
+	Type [64]int8
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportAKCipher struct {
+	Type [64]int8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportKPP struct {
+	Type [64]int8
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int64
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x800870a1
+	PPS_SETPARAMS = 0x400870a2
+	PPS_GETCAP    = 0x800870a3
+	PPS_FETCH     = 0xc00870a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    [0]uint8
+	Seq  uint16
+	_    uint16
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Segsz  uint64
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 783e70e87ca40..64a845483db2e 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips && linux
 // +build mips,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int32
-	_C_long_long int64
+	_C_long int32
 )
 
 type Timespec struct {
@@ -88,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int32
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint32
 	Pad1    [3]int32
@@ -115,36 +102,6 @@ type Stat_t struct {
 	Pad5    [14]int32
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -154,10 +111,6 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
@@ -168,115 +121,27 @@ type Flock_t struct {
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint32
 }
 
 type RawSockaddr struct {
@@ -289,41 +154,11 @@ type RawSockaddrAny struct {
 	Pad  [96]int8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint32
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
@@ -340,305 +175,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
-}
-
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [16]byte
 }
 
 const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x8
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x1c
-	SizeofCmsghdr           = 0xc
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
+	SizeofSockaddrNFCLLCP = 0x58
+	SizeofIovec           = 0x8
+	SizeofMsghdr          = 0x1c
+	SizeofCmsghdr         = 0xc
 )
 
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockFprog = 0x8
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
-const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x8
-)
-
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [2]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Regs     [32]uint64
 	Lo       uint64
@@ -670,15 +222,6 @@ type Sysinfo_t struct {
 	_         [8]int8
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
 	Tinode uint32
@@ -694,44 +237,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [32]uint32
 }
 
-const RNDGETENTCNT = 0x40045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x80
 
 type Termios struct {
 	Iflag  uint32
@@ -744,20 +257,12 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
+	_                         [4]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -799,259 +304,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint32
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x20
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x20
 )
 
 const (
@@ -1127,22 +388,6 @@ type SockaddrStorage struct {
 	_      uint32
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
@@ -1150,88 +395,6 @@ type HDGeometry struct {
 	Start     uint32
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int32
 	Bsize   int32
@@ -1249,18 +412,6 @@ type Statfs_t struct {
 	_       [4]byte
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint32
 	Len     uint32
@@ -1271,578 +422,249 @@ type TpacketHdr struct {
 	Usec    uint32
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
 
-const (
-	SizeofTpacketHdr  = 0x18
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportLarval struct {
+	Type [64]int8
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportComp struct {
+	Type [64]int8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int32
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint32
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]int8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x400470a1
+	PPS_SETPARAMS = 0x800470a2
+	PPS_GETCAP    = 0x400470a3
+	PPS_FETCH     = 0xc00470a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x80
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    [0]uint8
+	Seq  uint16
+	_    uint16
+	_    uint32
+	_    uint32
+}
+type SysvShmDesc struct {
+	Perm       SysvIpcPerm
+	Segsz      uint32
+	Atime      uint32
+	Dtime      uint32
+	Ctime      uint32
+	Cpid       int32
+	Lpid       int32
+	Nattch     uint32
+	Atime_high uint16
+	Dtime_high uint16
+	Ctime_high uint16
+	_          uint16
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index 5c6ea719dabc6..a1b7dee4123d9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips64 && linux
 // +build mips64,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int64
-	_C_long_long int64
+	_C_long int64
 )
 
 type Timespec struct {
@@ -33,13 +27,11 @@ type Timeval struct {
 
 type Timex struct {
 	Modes     uint32
-	_         [4]byte
 	Offset    int64
 	Freq      int64
 	Maxerror  int64
 	Esterror  int64
 	Status    int32
-	_         [4]byte
 	Constant  int64
 	Precision int64
 	Tolerance int64
@@ -48,7 +40,6 @@ type Timex struct {
 	Ppsfreq   int64
 	Jitter    int64
 	Shift     int32
-	_         [4]byte
 	Stabil    int64
 	Jitcnt    int64
 	Calcnt    int64
@@ -91,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int64
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint32
 	Pad1    [3]uint32
@@ -117,36 +101,6 @@ type Stat_t struct {
 	Blocks  int64
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -156,129 +110,36 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
-	_      [4]byte
 	Start  int64
 	Len    int64
 	Pid    int32
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
 }
 
 type RawSockaddr struct {
@@ -291,45 +152,14 @@ type RawSockaddrAny struct {
 	Pad  [96]int8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint64
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     uint64
 	Control    *byte
@@ -344,305 +174,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
 }
 
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
-}
-
-const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x10
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x38
-	SizeofCmsghdr           = 0x10
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
-)
-
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
 const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x10
+	SizeofSockFprog = 0x10
 )
 
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [6]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Regs     [32]uint64
 	Lo       uint64
@@ -668,7 +215,6 @@ type Sysinfo_t struct {
 	Freeswap  uint64
 	Procs     uint16
 	Pad       uint16
-	_         [4]byte
 	Totalhigh uint64
 	Freehigh  uint64
 	Unit      uint32
@@ -676,18 +222,8 @@ type Sysinfo_t struct {
 	_         [4]byte
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
-	_      [4]byte
 	Tinode uint64
 	Fname  [6]int8
 	Fpack  [6]int8
@@ -696,49 +232,20 @@ type Ustat_t struct {
 
 type EpollEvent struct {
 	Events uint32
+	_      int32
 	Fd     int32
 	Pad    int32
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [16]uint64
 }
 
-const RNDGETENTCNT = 0x40045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x80
 
 type Termios struct {
 	Iflag  uint32
@@ -751,20 +258,11 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -782,7 +280,6 @@ type Taskstats struct {
 	Ac_pid                    uint32
 	Ac_ppid                   uint32
 	Ac_btime                  uint32
-	_                         [4]byte
 	Ac_etime                  uint64
 	Ac_utime                  uint64
 	Ac_stime                  uint64
@@ -806,259 +303,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint64
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x40
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x40
 )
 
 const (
@@ -1134,112 +387,13 @@ type SockaddrStorage struct {
 	_      uint64
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
 	Cylinders uint16
-	_         [4]byte
 	Start     uint64
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int64
 	Bsize   int64
@@ -1255,18 +409,6 @@ type Statfs_t struct {
 	Spare   [5]int64
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint64
 	Len     uint32
@@ -1278,578 +420,248 @@ type TpacketHdr struct {
 	_       [4]byte
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-const (
-	SizeofTpacketHdr  = 0x20
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoReportLarval struct {
+	Type [64]int8
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportComp struct {
+	Type [64]int8
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportAKCipher struct {
+	Type [64]int8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportKPP struct {
+	Type [64]int8
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int64
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x400870a1
+	PPS_SETPARAMS = 0x800870a2
+	PPS_GETCAP    = 0x400870a3
+	PPS_FETCH     = 0xc00870a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x80
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    [0]uint8
+	Seq  uint16
+	_    uint16
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Segsz  uint64
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 93effc8eca8e5..936fa6a266f1a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mips64le && linux
 // +build mips64le,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int64
-	_C_long_long int64
+	_C_long int64
 )
 
 type Timespec struct {
@@ -33,13 +27,11 @@ type Timeval struct {
 
 type Timex struct {
 	Modes     uint32
-	_         [4]byte
 	Offset    int64
 	Freq      int64
 	Maxerror  int64
 	Esterror  int64
 	Status    int32
-	_         [4]byte
 	Constant  int64
 	Precision int64
 	Tolerance int64
@@ -48,7 +40,6 @@ type Timex struct {
 	Ppsfreq   int64
 	Jitter    int64
 	Shift     int32
-	_         [4]byte
 	Stabil    int64
 	Jitcnt    int64
 	Calcnt    int64
@@ -91,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int64
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint32
 	Pad1    [3]uint32
@@ -117,36 +101,6 @@ type Stat_t struct {
 	Blocks  int64
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -156,129 +110,36 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
-	_      [4]byte
 	Start  int64
 	Len    int64
 	Pid    int32
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
 }
 
 type RawSockaddr struct {
@@ -291,45 +152,14 @@ type RawSockaddrAny struct {
 	Pad  [96]int8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint64
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     uint64
 	Control    *byte
@@ -344,305 +174,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
 }
 
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
-}
-
-const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x10
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x38
-	SizeofCmsghdr           = 0x10
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
-)
-
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
 const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x10
+	SizeofSockFprog = 0x10
 )
 
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [6]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Regs     [32]uint64
 	Lo       uint64
@@ -668,7 +215,6 @@ type Sysinfo_t struct {
 	Freeswap  uint64
 	Procs     uint16
 	Pad       uint16
-	_         [4]byte
 	Totalhigh uint64
 	Freehigh  uint64
 	Unit      uint32
@@ -676,18 +222,8 @@ type Sysinfo_t struct {
 	_         [4]byte
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
-	_      [4]byte
 	Tinode uint64
 	Fname  [6]int8
 	Fpack  [6]int8
@@ -696,49 +232,20 @@ type Ustat_t struct {
 
 type EpollEvent struct {
 	Events uint32
+	_      int32
 	Fd     int32
 	Pad    int32
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [16]uint64
 }
 
-const RNDGETENTCNT = 0x40045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x80
 
 type Termios struct {
 	Iflag  uint32
@@ -751,20 +258,11 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -782,7 +280,6 @@ type Taskstats struct {
 	Ac_pid                    uint32
 	Ac_ppid                   uint32
 	Ac_btime                  uint32
-	_                         [4]byte
 	Ac_etime                  uint64
 	Ac_utime                  uint64
 	Ac_stime                  uint64
@@ -806,259 +303,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint64
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x40
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x40
 )
 
 const (
@@ -1134,112 +387,13 @@ type SockaddrStorage struct {
 	_      uint64
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
 	Cylinders uint16
-	_         [4]byte
 	Start     uint64
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int64
 	Bsize   int64
@@ -1255,18 +409,6 @@ type Statfs_t struct {
 	Spare   [5]int64
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint64
 	Len     uint32
@@ -1278,578 +420,248 @@ type TpacketHdr struct {
 	_       [4]byte
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-const (
-	SizeofTpacketHdr  = 0x20
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoReportLarval struct {
+	Type [64]int8
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportComp struct {
+	Type [64]int8
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportAKCipher struct {
+	Type [64]int8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportKPP struct {
+	Type [64]int8
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int64
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x400870a1
+	PPS_SETPARAMS = 0x800870a2
+	PPS_GETCAP    = 0x400870a3
+	PPS_FETCH     = 0xc00870a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x80
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    [0]uint8
+	Seq  uint16
+	_    uint16
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Segsz  uint64
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index cc5ca242ebffd..5dd546fbf0790 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build mipsle && linux
 // +build mipsle,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int32
-	_C_long_long int64
+	_C_long int32
 )
 
 type Timespec struct {
@@ -88,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int32
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint32
 	Pad1    [3]int32
@@ -115,36 +102,6 @@ type Stat_t struct {
 	Pad5    [14]int32
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -154,10 +111,6 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
@@ -168,115 +121,27 @@ type Flock_t struct {
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint32
 }
 
 type RawSockaddr struct {
@@ -289,41 +154,11 @@ type RawSockaddrAny struct {
 	Pad  [96]int8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint32
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
@@ -340,305 +175,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
-}
-
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [16]byte
 }
 
 const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x8
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x1c
-	SizeofCmsghdr           = 0xc
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
+	SizeofSockaddrNFCLLCP = 0x58
+	SizeofIovec           = 0x8
+	SizeofMsghdr          = 0x1c
+	SizeofCmsghdr         = 0xc
 )
 
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockFprog = 0x8
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
-const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x8
-)
-
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [2]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Regs     [32]uint64
 	Lo       uint64
@@ -670,15 +222,6 @@ type Sysinfo_t struct {
 	_         [8]int8
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
 	Tinode uint32
@@ -694,44 +237,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [32]uint32
 }
 
-const RNDGETENTCNT = 0x40045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x80
 
 type Termios struct {
 	Iflag  uint32
@@ -744,20 +257,12 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
+	_                         [4]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -799,259 +304,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint32
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x20
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x20
 )
 
 const (
@@ -1127,22 +388,6 @@ type SockaddrStorage struct {
 	_      uint32
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
@@ -1150,88 +395,6 @@ type HDGeometry struct {
 	Start     uint32
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int32
 	Bsize   int32
@@ -1249,18 +412,6 @@ type Statfs_t struct {
 	_       [4]byte
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint32
 	Len     uint32
@@ -1271,578 +422,249 @@ type TpacketHdr struct {
 	Usec    uint32
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
 
-const (
-	SizeofTpacketHdr  = 0x18
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportLarval struct {
+	Type [64]int8
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportComp struct {
+	Type [64]int8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int32
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint32
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]int8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x400470a1
+	PPS_SETPARAMS = 0x800470a2
+	PPS_GETCAP    = 0x400470a3
+	PPS_FETCH     = 0xc00470a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x80
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    [0]uint8
+	Seq  uint16
+	_    uint16
+	_    uint32
+	_    uint32
+}
+type SysvShmDesc struct {
+	Perm       SysvIpcPerm
+	Segsz      uint32
+	Atime      uint32
+	Dtime      uint32
+	Ctime      uint32
+	Cpid       int32
+	Lpid       int32
+	Nattch     uint32
+	Atime_high uint16
+	Dtime_high uint16
+	Ctime_high uint16
+	_          uint16
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
new file mode 100644
index 0000000000000..947b32e434b05
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -0,0 +1,678 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
+)
+
+type (
+	_C_long int32
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int32
+	Freq      int32
+	Maxerror  int32
+	Esterror  int32
+	Status    int32
+	Constant  int32
+	Precision int32
+	Tolerance int32
+	Time      Timeval
+	Tick      int32
+	Ppsfreq   int32
+	Jitter    int32
+	Shift     int32
+	Stabil    int32
+	Jitcnt    int32
+	Calcnt    int32
+	Errcnt    int32
+	Stbcnt    int32
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int32
+
+type Tms struct {
+	Utime  int32
+	Stime  int32
+	Cutime int32
+	Cstime int32
+}
+
+type Utimbuf struct {
+	Actime  int32
+	Modtime int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint16
+	_       [4]byte
+	Size    int64
+	Blksize int32
+	_       [4]byte
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       uint32
+	_       uint32
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]uint8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	_      [4]byte
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint32
+}
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]uint8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [16]byte
+}
+
+const (
+	SizeofSockaddrNFCLLCP = 0x58
+	SizeofIovec           = 0x8
+	SizeofMsghdr          = 0x1c
+	SizeofCmsghdr         = 0xc
+)
+
+const (
+	SizeofSockFprog = 0x8
+)
+
+type PtraceRegs struct {
+	Gpr       [32]uint32
+	Nip       uint32
+	Msr       uint32
+	Orig_gpr3 uint32
+	Ctr       uint32
+	Link      uint32
+	Xer       uint32
+	Ccr       uint32
+	Mq        uint32
+	Trap      uint32
+	Dar       uint32
+	Dsisr     uint32
+	Result    uint32
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+type Sysinfo_t struct {
+	Uptime    int32
+	Loads     [3]uint32
+	Totalram  uint32
+	Freeram   uint32
+	Sharedram uint32
+	Bufferram uint32
+	Totalswap uint32
+	Freeswap  uint32
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint32
+	Freehigh  uint32
+	Unit      uint32
+	_         [8]uint8
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint32
+	Fname  [6]uint8
+	Fpack  [6]uint8
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [32]uint32
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [19]uint8
+	Line   uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	_                         [4]byte
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]uint8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	_                         [4]byte
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint32
+
+const (
+	_NCPUBITS = 0x20
+)
+
+const (
+	CBitFieldMaskBit0  = 0x8000000000000000
+	CBitFieldMaskBit1  = 0x4000000000000000
+	CBitFieldMaskBit2  = 0x2000000000000000
+	CBitFieldMaskBit3  = 0x1000000000000000
+	CBitFieldMaskBit4  = 0x800000000000000
+	CBitFieldMaskBit5  = 0x400000000000000
+	CBitFieldMaskBit6  = 0x200000000000000
+	CBitFieldMaskBit7  = 0x100000000000000
+	CBitFieldMaskBit8  = 0x80000000000000
+	CBitFieldMaskBit9  = 0x40000000000000
+	CBitFieldMaskBit10 = 0x20000000000000
+	CBitFieldMaskBit11 = 0x10000000000000
+	CBitFieldMaskBit12 = 0x8000000000000
+	CBitFieldMaskBit13 = 0x4000000000000
+	CBitFieldMaskBit14 = 0x2000000000000
+	CBitFieldMaskBit15 = 0x1000000000000
+	CBitFieldMaskBit16 = 0x800000000000
+	CBitFieldMaskBit17 = 0x400000000000
+	CBitFieldMaskBit18 = 0x200000000000
+	CBitFieldMaskBit19 = 0x100000000000
+	CBitFieldMaskBit20 = 0x80000000000
+	CBitFieldMaskBit21 = 0x40000000000
+	CBitFieldMaskBit22 = 0x20000000000
+	CBitFieldMaskBit23 = 0x10000000000
+	CBitFieldMaskBit24 = 0x8000000000
+	CBitFieldMaskBit25 = 0x4000000000
+	CBitFieldMaskBit26 = 0x2000000000
+	CBitFieldMaskBit27 = 0x1000000000
+	CBitFieldMaskBit28 = 0x800000000
+	CBitFieldMaskBit29 = 0x400000000
+	CBitFieldMaskBit30 = 0x200000000
+	CBitFieldMaskBit31 = 0x100000000
+	CBitFieldMaskBit32 = 0x80000000
+	CBitFieldMaskBit33 = 0x40000000
+	CBitFieldMaskBit34 = 0x20000000
+	CBitFieldMaskBit35 = 0x10000000
+	CBitFieldMaskBit36 = 0x8000000
+	CBitFieldMaskBit37 = 0x4000000
+	CBitFieldMaskBit38 = 0x2000000
+	CBitFieldMaskBit39 = 0x1000000
+	CBitFieldMaskBit40 = 0x800000
+	CBitFieldMaskBit41 = 0x400000
+	CBitFieldMaskBit42 = 0x200000
+	CBitFieldMaskBit43 = 0x100000
+	CBitFieldMaskBit44 = 0x80000
+	CBitFieldMaskBit45 = 0x40000
+	CBitFieldMaskBit46 = 0x20000
+	CBitFieldMaskBit47 = 0x10000
+	CBitFieldMaskBit48 = 0x8000
+	CBitFieldMaskBit49 = 0x4000
+	CBitFieldMaskBit50 = 0x2000
+	CBitFieldMaskBit51 = 0x1000
+	CBitFieldMaskBit52 = 0x800
+	CBitFieldMaskBit53 = 0x400
+	CBitFieldMaskBit54 = 0x200
+	CBitFieldMaskBit55 = 0x100
+	CBitFieldMaskBit56 = 0x80
+	CBitFieldMaskBit57 = 0x40
+	CBitFieldMaskBit58 = 0x20
+	CBitFieldMaskBit59 = 0x10
+	CBitFieldMaskBit60 = 0x8
+	CBitFieldMaskBit61 = 0x4
+	CBitFieldMaskBit62 = 0x2
+	CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [122]uint8
+	_      uint32
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint32
+}
+
+type Statfs_t struct {
+	Type    int32
+	Bsize   int32
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int32
+	Frsize  int32
+	Flags   int32
+	Spare   [4]int32
+	_       [4]byte
+}
+
+type TpacketHdr struct {
+	Status  uint32
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+}
+
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]uint8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]uint8
+}
+
+type CryptoReportKPP struct {
+	Type [64]uint8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint32
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]uint8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x400470a1
+	PPS_SETPARAMS = 0x800470a2
+	PPS_GETCAP    = 0x400470a3
+	PPS_FETCH     = 0xc00470a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	Seq  uint32
+	_    uint32
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm       SysvIpcPerm
+	Atime_high uint32
+	Atime      uint32
+	Dtime_high uint32
+	Dtime      uint32
+	Ctime_high uint32
+	Ctime      uint32
+	_          uint32
+	Segsz      uint32
+	Cpid       int32
+	Lpid       int32
+	Nattch     uint32
+	_          uint32
+	_          uint32
+	_          [4]byte
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 712f640295bcc..2a606151b0c8d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build ppc64 && linux
 // +build ppc64,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int64
-	_C_long_long int64
+	_C_long int64
 )
 
 type Timespec struct {
@@ -33,13 +27,11 @@ type Timeval struct {
 
 type Timex struct {
 	Modes     uint32
-	_         [4]byte
 	Offset    int64
 	Freq      int64
 	Maxerror  int64
 	Esterror  int64
 	Status    int32
-	_         [4]byte
 	Constant  int64
 	Precision int64
 	Tolerance int64
@@ -48,7 +40,6 @@ type Timex struct {
 	Ppsfreq   int64
 	Jitter    int64
 	Shift     int32
-	_         [4]byte
 	Stabil    int64
 	Jitcnt    int64
 	Calcnt    int64
@@ -91,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int64
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint64
 	Ino     uint64
@@ -118,36 +102,6 @@ type Stat_t struct {
 	_       uint64
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -157,129 +111,36 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
-	_      [4]byte
 	Start  int64
 	Len    int64
 	Pid    int32
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
 }
 
 type RawSockaddr struct {
@@ -292,45 +153,14 @@ type RawSockaddrAny struct {
 	Pad  [96]uint8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint64
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     uint64
 	Control    *byte
@@ -345,305 +175,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
 }
 
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
-}
-
-const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x10
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x38
-	SizeofCmsghdr           = 0x10
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
-)
-
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
 const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x10
+	SizeofSockFprog = 0x10
 )
 
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [6]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Gpr       [32]uint64
 	Nip       uint64
@@ -675,7 +222,6 @@ type Sysinfo_t struct {
 	Freeswap  uint64
 	Procs     uint16
 	Pad       uint16
-	_         [4]byte
 	Totalhigh uint64
 	Freehigh  uint64
 	Unit      uint32
@@ -683,18 +229,8 @@ type Sysinfo_t struct {
 	_         [4]byte
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
-	_      [4]byte
 	Tinode uint64
 	Fname  [6]uint8
 	Fpack  [6]uint8
@@ -709,44 +245,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [16]uint64
 }
 
-const RNDGETENTCNT = 0x40045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x41
 
 type Termios struct {
 	Iflag  uint32
@@ -759,20 +265,11 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -790,7 +287,6 @@ type Taskstats struct {
 	Ac_pid                    uint32
 	Ac_ppid                   uint32
 	Ac_btime                  uint32
-	_                         [4]byte
 	Ac_etime                  uint64
 	Ac_utime                  uint64
 	Ac_stime                  uint64
@@ -814,259 +310,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint64
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x40
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x40
 )
 
 const (
@@ -1142,112 +394,13 @@ type SockaddrStorage struct {
 	_      uint64
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
 	Cylinders uint16
-	_         [4]byte
 	Start     uint64
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int64
 	Bsize   int64
@@ -1263,18 +416,6 @@ type Statfs_t struct {
 	Spare   [4]int64
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint64
 	Len     uint32
@@ -1286,578 +427,247 @@ type TpacketHdr struct {
 	_       [4]byte
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
 
-const (
-	SizeofTpacketHdr  = 0x20
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportComp struct {
+	Type [64]uint8
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportAKCipher struct {
+	Type [64]uint8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportKPP struct {
+	Type [64]uint8
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int64
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint64
+	Inode            uint64
+	Rdevice          uint64
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]uint8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x400870a1
+	PPS_SETPARAMS = 0x800870a2
+	PPS_GETCAP    = 0x400870a3
+	PPS_FETCH     = 0xc00870a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	Seq  uint32
+	_    uint32
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Segsz  uint64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index 1be45320abea8..d0d735d02cd8e 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build ppc64le && linux
 // +build ppc64le,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int64
-	_C_long_long int64
+	_C_long int64
 )
 
 type Timespec struct {
@@ -33,13 +27,11 @@ type Timeval struct {
 
 type Timex struct {
 	Modes     uint32
-	_         [4]byte
 	Offset    int64
 	Freq      int64
 	Maxerror  int64
 	Esterror  int64
 	Status    int32
-	_         [4]byte
 	Constant  int64
 	Precision int64
 	Tolerance int64
@@ -48,7 +40,6 @@ type Timex struct {
 	Ppsfreq   int64
 	Jitter    int64
 	Shift     int32
-	_         [4]byte
 	Stabil    int64
 	Jitcnt    int64
 	Calcnt    int64
@@ -91,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int64
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint64
 	Ino     uint64
@@ -118,36 +102,6 @@ type Stat_t struct {
 	_       uint64
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -157,129 +111,36 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
-	_      [4]byte
 	Start  int64
 	Len    int64
 	Pid    int32
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
 }
 
 type RawSockaddr struct {
@@ -292,45 +153,14 @@ type RawSockaddrAny struct {
 	Pad  [96]uint8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint64
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     uint64
 	Control    *byte
@@ -345,305 +175,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
 }
 
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
-}
-
-const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x10
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x38
-	SizeofCmsghdr           = 0x10
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
-)
-
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
 const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x10
+	SizeofSockFprog = 0x10
 )
 
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [6]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Gpr       [32]uint64
 	Nip       uint64
@@ -675,7 +222,6 @@ type Sysinfo_t struct {
 	Freeswap  uint64
 	Procs     uint16
 	Pad       uint16
-	_         [4]byte
 	Totalhigh uint64
 	Freehigh  uint64
 	Unit      uint32
@@ -683,18 +229,8 @@ type Sysinfo_t struct {
 	_         [4]byte
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
-	_      [4]byte
 	Tinode uint64
 	Fname  [6]uint8
 	Fpack  [6]uint8
@@ -709,44 +245,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [16]uint64
 }
 
-const RNDGETENTCNT = 0x40045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x41
 
 type Termios struct {
 	Iflag  uint32
@@ -759,20 +265,11 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -790,7 +287,6 @@ type Taskstats struct {
 	Ac_pid                    uint32
 	Ac_ppid                   uint32
 	Ac_btime                  uint32
-	_                         [4]byte
 	Ac_etime                  uint64
 	Ac_utime                  uint64
 	Ac_stime                  uint64
@@ -814,259 +310,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint64
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x40
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x40
 )
 
 const (
@@ -1142,112 +394,13 @@ type SockaddrStorage struct {
 	_      uint64
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
 	Cylinders uint16
-	_         [4]byte
 	Start     uint64
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    int64
 	Bsize   int64
@@ -1263,18 +416,6 @@ type Statfs_t struct {
 	Spare   [4]int64
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint64
 	Len     uint32
@@ -1286,578 +427,247 @@ type TpacketHdr struct {
 	_       [4]byte
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
 
-const (
-	SizeofTpacketHdr  = 0x20
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportComp struct {
+	Type [64]uint8
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportAKCipher struct {
+	Type [64]uint8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportKPP struct {
+	Type [64]uint8
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int64
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint64
+	Inode            uint64
+	Rdevice          uint64
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]uint8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x400870a1
+	PPS_SETPARAMS = 0x800870a2
+	PPS_GETCAP    = 0x400870a3
+	PPS_FETCH     = 0xc00870a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	Seq  uint32
+	_    uint32
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Segsz  uint64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
new file mode 100644
index 0000000000000..95e3d6d06fcac
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -0,0 +1,692 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build riscv64 && linux
+// +build riscv64,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint64
+	Size    int64
+	Blksize int32
+	_       int32
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       [2]int32
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]uint8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
+}
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]uint8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
+}
+
+const (
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Pc  uint64
+	Ra  uint64
+	Sp  uint64
+	Gp  uint64
+	Tp  uint64
+	T0  uint64
+	T1  uint64
+	T2  uint64
+	S0  uint64
+	S1  uint64
+	A0  uint64
+	A1  uint64
+	A2  uint64
+	A3  uint64
+	A4  uint64
+	A5  uint64
+	A6  uint64
+	A7  uint64
+	S2  uint64
+	S3  uint64
+	S4  uint64
+	S5  uint64
+	S6  uint64
+	S7  uint64
+	S8  uint64
+	S9  uint64
+	S10 uint64
+	S11 uint64
+	T3  uint64
+	T4  uint64
+	T5  uint64
+	T6  uint64
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]uint8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]uint8
+	Fpack  [6]uint8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]uint8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]uint8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]uint8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]uint8
+}
+
+type CryptoReportKPP struct {
+	Type [64]uint8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]uint8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x800870a1
+	PPS_SETPARAMS = 0x400870a2
+	PPS_GETCAP    = 0x800870a3
+	PPS_FETCH     = 0xc00870a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    [0]uint8
+	Seq  uint16
+	_    uint16
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Segsz  uint64
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index 932b655fed6f8..cccf1ef26a656 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -1,24 +1,18 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char /build/linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build s390x && linux
 // +build s390x,linux
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int64
-	_C_long_long int64
+	_C_long int64
 )
 
 type Timespec struct {
@@ -33,13 +27,11 @@ type Timeval struct {
 
 type Timex struct {
 	Modes     uint32
-	_         [4]byte
 	Offset    int64
 	Freq      int64
 	Maxerror  int64
 	Esterror  int64
 	Status    int32
-	_         [4]byte
 	Constant  int64
 	Precision int64
 	Tolerance int64
@@ -48,7 +40,6 @@ type Timex struct {
 	Ppsfreq   int64
 	Jitter    int64
 	Shift     int32
-	_         [4]byte
 	Stabil    int64
 	Jitcnt    int64
 	Calcnt    int64
@@ -91,13 +82,6 @@ type Rusage struct {
 	Nivcsw   int64
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
 	Dev     uint64
 	Ino     uint64
@@ -116,36 +100,6 @@ type Stat_t struct {
 	_       [3]int64
 }
 
-type StatxTimestamp struct {
-	Sec  int64
-	Nsec uint32
-	_    int32
-}
-
-type Statx_t struct {
-	Mask            uint32
-	Blksize         uint32
-	Attributes      uint64
-	Nlink           uint32
-	Uid             uint32
-	Gid             uint32
-	Mode            uint16
-	_               [1]uint16
-	Ino             uint64
-	Size            uint64
-	Blocks          uint64
-	Attributes_mask uint64
-	Atime           StatxTimestamp
-	Btime           StatxTimestamp
-	Ctime           StatxTimestamp
-	Mtime           StatxTimestamp
-	Rdev_major      uint32
-	Rdev_minor      uint32
-	Dev_major       uint32
-	Dev_minor       uint32
-	_               [14]uint64
-}
-
 type Dirent struct {
 	Ino    uint64
 	Off    int64
@@ -155,129 +109,36 @@ type Dirent struct {
 	_      [5]byte
 }
 
-type Fsid struct {
-	Val [2]int32
-}
-
 type Flock_t struct {
 	Type   int16
 	Whence int16
-	_      [4]byte
 	Start  int64
 	Len    int64
 	Pid    int32
 	_      [4]byte
 }
 
-type FscryptPolicy struct {
-	Version                   uint8
-	Contents_encryption_mode  uint8
-	Filenames_encryption_mode uint8
-	Flags                     uint8
-	Master_key_descriptor     [8]uint8
-}
-
-type FscryptKey struct {
-	Mode uint32
-	Raw  [64]uint8
-	Size uint32
-}
-
-type KeyctlDHParams struct {
-	Private int32
-	Prime   int32
-	Base    int32
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x6
-	FADV_NOREUSE    = 0x7
+	FADV_DONTNEED = 0x6
+	FADV_NOREUSE  = 0x7
 )
 
-type RawSockaddrInet4 struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
-}
-
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
-}
-
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
-}
-
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
-}
-
-type RawSockaddrL2 struct {
-	Family      uint16
-	Psm         uint16
-	Bdaddr      [6]uint8
-	Cid         uint16
-	Bdaddr_type uint8
-	_           [1]byte
-}
-
-type RawSockaddrRFCOMM struct {
-	Family  uint16
-	Bdaddr  [6]uint8
-	Channel uint8
-	_       [1]byte
-}
-
-type RawSockaddrCAN struct {
-	Family  uint16
-	_       [2]byte
-	Ifindex int32
-	Addr    [8]byte
-}
-
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
-}
-
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
 }
 
 type RawSockaddr struct {
@@ -290,45 +151,14 @@ type RawSockaddrAny struct {
 	Pad  [96]int8
 }
 
-type _Socklen uint32
-
-type Linger struct {
-	Onoff  int32
-	Linger int32
-}
-
 type Iovec struct {
 	Base *byte
 	Len  uint64
 }
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
-}
-
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
-
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
-}
-
-type PacketMreq struct {
-	Ifindex int32
-	Type    uint16
-	Alen    uint16
-	Address [8]uint8
-}
-
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     uint64
 	Control    *byte
@@ -343,305 +173,22 @@ type Cmsghdr struct {
 	Type  int32
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
 }
 
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	_              [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
-}
-
-const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrL2        = 0xe
-	SizeofSockaddrRFCOMM    = 0xa
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIovec             = 0x10
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofPacketMreq        = 0x10
-	SizeofMsghdr            = 0x38
-	SizeofCmsghdr           = 0x10
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
-)
-
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x31
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
-}
-
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
-}
-
-type RtGenmsg struct {
-	Family uint8
-}
-
-type NlAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type RtAttr struct {
-	Len  uint16
-	Type uint16
-}
-
-type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-}
-
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
-}
-
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
-}
-
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
-}
-
 const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x10
+	SizeofSockFprog = 0x10
 )
 
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
-}
-
-type SockFprog struct {
-	Len    uint16
-	_      [6]byte
-	Filter *SockFilter
-}
-
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
-}
-
-const SizeofInotifyEvent = 0x10
-
 type PtraceRegs struct {
 	Psw                      PtracePsw
 	Gprs                     [16]uint64
@@ -659,18 +206,15 @@ type PtracePsw struct {
 
 type PtraceFpregs struct {
 	Fpc  uint32
-	_    [4]byte
 	Fprs [16]float64
 }
 
 type PtracePer struct {
 	_             [0]uint64
-	_             [24]byte
-	_             [8]byte
+	_             [32]byte
 	Starting_addr uint64
 	Ending_addr   uint64
 	Perc_atmid    uint16
-	_             [6]byte
 	Address       uint64
 	Access_id     uint8
 	_             [7]byte
@@ -691,7 +235,6 @@ type Sysinfo_t struct {
 	Freeswap  uint64
 	Procs     uint16
 	Pad       uint16
-	_         [4]byte
 	Totalhigh uint64
 	Freehigh  uint64
 	Unit      uint32
@@ -699,18 +242,8 @@ type Sysinfo_t struct {
 	_         [4]byte
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
-}
-
 type Ustat_t struct {
 	Tfree  int32
-	_      [4]byte
 	Tinode uint64
 	Fname  [6]int8
 	Fpack  [6]int8
@@ -725,44 +258,14 @@ type EpollEvent struct {
 }
 
 const (
-	AT_EMPTY_PATH   = 0x1000
-	AT_FDCWD        = -0x64
-	AT_NO_AUTOMOUNT = 0x800
-	AT_REMOVEDIR    = 0x200
-
-	AT_STATX_SYNC_AS_STAT = 0x0
-	AT_STATX_FORCE_SYNC   = 0x2000
-	AT_STATX_DONT_SYNC    = 0x4000
-
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-
-	AT_EACCESS = 0x200
-)
-
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
-}
-
-const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
 	POLLRDHUP = 0x2000
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
 )
 
 type Sigset_t struct {
 	Val [16]uint64
 }
 
-const RNDGETENTCNT = 0x80045200
-
-const PERF_IOC_FLAG_GROUP = 0x1
+const _C__NSIG = 0x41
 
 type Termios struct {
 	Iflag  uint32
@@ -775,20 +278,11 @@ type Termios struct {
 	Ospeed uint32
 }
 
-type Winsize struct {
-	Row    uint16
-	Col    uint16
-	Xpixel uint16
-	Ypixel uint16
-}
-
 type Taskstats struct {
 	Version                   uint16
-	_                         [2]byte
 	Ac_exitcode               uint32
 	Ac_flag                   uint8
 	Ac_nice                   uint8
-	_                         [6]byte
 	Cpu_count                 uint64
 	Cpu_delay_total           uint64
 	Blkio_count               uint64
@@ -806,7 +300,6 @@ type Taskstats struct {
 	Ac_pid                    uint32
 	Ac_ppid                   uint32
 	Ac_btime                  uint32
-	_                         [4]byte
 	Ac_etime                  uint64
 	Ac_utime                  uint64
 	Ac_stime                  uint64
@@ -830,259 +323,15 @@ type Taskstats struct {
 	Cpu_scaled_run_real_total uint64
 	Freepages_count           uint64
 	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
-const (
-	TASKSTATS_CMD_UNSPEC                  = 0x0
-	TASKSTATS_CMD_GET                     = 0x1
-	TASKSTATS_CMD_NEW                     = 0x2
-	TASKSTATS_TYPE_UNSPEC                 = 0x0
-	TASKSTATS_TYPE_PID                    = 0x1
-	TASKSTATS_TYPE_TGID                   = 0x2
-	TASKSTATS_TYPE_STATS                  = 0x3
-	TASKSTATS_TYPE_AGGR_PID               = 0x4
-	TASKSTATS_TYPE_AGGR_TGID              = 0x5
-	TASKSTATS_TYPE_NULL                   = 0x6
-	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
-	TASKSTATS_CMD_ATTR_PID                = 0x1
-	TASKSTATS_CMD_ATTR_TGID               = 0x2
-	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
-	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
-)
-
-type CGroupStats struct {
-	Sleeping        uint64
-	Running         uint64
-	Stopped         uint64
-	Uninterruptible uint64
-	Io_wait         uint64
-}
-
-const (
-	CGROUPSTATS_CMD_UNSPEC        = 0x3
-	CGROUPSTATS_CMD_GET           = 0x4
-	CGROUPSTATS_CMD_NEW           = 0x5
-	CGROUPSTATS_TYPE_UNSPEC       = 0x0
-	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
-	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
-	CGROUPSTATS_CMD_ATTR_FD       = 0x1
-)
-
-type Genlmsghdr struct {
-	Cmd      uint8
-	Version  uint8
-	Reserved uint16
-}
-
-const (
-	CTRL_CMD_UNSPEC            = 0x0
-	CTRL_CMD_NEWFAMILY         = 0x1
-	CTRL_CMD_DELFAMILY         = 0x2
-	CTRL_CMD_GETFAMILY         = 0x3
-	CTRL_CMD_NEWOPS            = 0x4
-	CTRL_CMD_DELOPS            = 0x5
-	CTRL_CMD_GETOPS            = 0x6
-	CTRL_CMD_NEWMCAST_GRP      = 0x7
-	CTRL_CMD_DELMCAST_GRP      = 0x8
-	CTRL_CMD_GETMCAST_GRP      = 0x9
-	CTRL_ATTR_UNSPEC           = 0x0
-	CTRL_ATTR_FAMILY_ID        = 0x1
-	CTRL_ATTR_FAMILY_NAME      = 0x2
-	CTRL_ATTR_VERSION          = 0x3
-	CTRL_ATTR_HDRSIZE          = 0x4
-	CTRL_ATTR_MAXATTR          = 0x5
-	CTRL_ATTR_OPS              = 0x6
-	CTRL_ATTR_MCAST_GROUPS     = 0x7
-	CTRL_ATTR_OP_UNSPEC        = 0x0
-	CTRL_ATTR_OP_ID            = 0x1
-	CTRL_ATTR_OP_FLAGS         = 0x2
-	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
-	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
-	CTRL_ATTR_MCAST_GRP_ID     = 0x2
-)
-
 type cpuMask uint64
 
 const (
-	_CPU_SETSIZE = 0x400
-	_NCPUBITS    = 0x40
-)
-
-const (
-	BDADDR_BREDR     = 0x0
-	BDADDR_LE_PUBLIC = 0x1
-	BDADDR_LE_RANDOM = 0x2
-)
-
-type PerfEventAttr struct {
-	Type               uint32
-	Size               uint32
-	Config             uint64
-	Sample             uint64
-	Sample_type        uint64
-	Read_format        uint64
-	Bits               uint64
-	Wakeup             uint32
-	Bp_type            uint32
-	Ext1               uint64
-	Ext2               uint64
-	Branch_sample_type uint64
-	Sample_regs_user   uint64
-	Sample_stack_user  uint32
-	Clockid            int32
-	Sample_regs_intr   uint64
-	Aux_watermark      uint32
-	_                  uint32
-}
-
-type PerfEventMmapPage struct {
-	Version        uint32
-	Compat_version uint32
-	Lock           uint32
-	Index          uint32
-	Offset         int64
-	Time_enabled   uint64
-	Time_running   uint64
-	Capabilities   uint64
-	Pmc_width      uint16
-	Time_shift     uint16
-	Time_mult      uint32
-	Time_offset    uint64
-	Time_zero      uint64
-	Size           uint32
-	_              [948]uint8
-	Data_head      uint64
-	Data_tail      uint64
-	Data_offset    uint64
-	Data_size      uint64
-	Aux_head       uint64
-	Aux_tail       uint64
-	Aux_offset     uint64
-	Aux_size       uint64
-}
-
-const (
-	PerfBitDisabled               uint64 = CBitFieldMaskBit0
-	PerfBitInherit                       = CBitFieldMaskBit1
-	PerfBitPinned                        = CBitFieldMaskBit2
-	PerfBitExclusive                     = CBitFieldMaskBit3
-	PerfBitExcludeUser                   = CBitFieldMaskBit4
-	PerfBitExcludeKernel                 = CBitFieldMaskBit5
-	PerfBitExcludeHv                     = CBitFieldMaskBit6
-	PerfBitExcludeIdle                   = CBitFieldMaskBit7
-	PerfBitMmap                          = CBitFieldMaskBit8
-	PerfBitComm                          = CBitFieldMaskBit9
-	PerfBitFreq                          = CBitFieldMaskBit10
-	PerfBitInheritStat                   = CBitFieldMaskBit11
-	PerfBitEnableOnExec                  = CBitFieldMaskBit12
-	PerfBitTask                          = CBitFieldMaskBit13
-	PerfBitWatermark                     = CBitFieldMaskBit14
-	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
-	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
-	PerfBitMmapData                      = CBitFieldMaskBit17
-	PerfBitSampleIDAll                   = CBitFieldMaskBit18
-	PerfBitExcludeHost                   = CBitFieldMaskBit19
-	PerfBitExcludeGuest                  = CBitFieldMaskBit20
-	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
-	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
-	PerfBitMmap2                         = CBitFieldMaskBit23
-	PerfBitCommExec                      = CBitFieldMaskBit24
-	PerfBitUseClockID                    = CBitFieldMaskBit25
-	PerfBitContextSwitch                 = CBitFieldMaskBit26
-)
-
-const (
-	PERF_TYPE_HARDWARE   = 0x0
-	PERF_TYPE_SOFTWARE   = 0x1
-	PERF_TYPE_TRACEPOINT = 0x2
-	PERF_TYPE_HW_CACHE   = 0x3
-	PERF_TYPE_RAW        = 0x4
-	PERF_TYPE_BREAKPOINT = 0x5
-
-	PERF_COUNT_HW_CPU_CYCLES              = 0x0
-	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
-	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
-	PERF_COUNT_HW_CACHE_MISSES            = 0x3
-	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
-	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
-	PERF_COUNT_HW_BUS_CYCLES              = 0x6
-	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
-	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
-	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
-
-	PERF_COUNT_HW_CACHE_L1D  = 0x0
-	PERF_COUNT_HW_CACHE_L1I  = 0x1
-	PERF_COUNT_HW_CACHE_LL   = 0x2
-	PERF_COUNT_HW_CACHE_DTLB = 0x3
-	PERF_COUNT_HW_CACHE_ITLB = 0x4
-	PERF_COUNT_HW_CACHE_BPU  = 0x5
-	PERF_COUNT_HW_CACHE_NODE = 0x6
-
-	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
-	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
-	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
-
-	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
-	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
-
-	PERF_COUNT_SW_CPU_CLOCK        = 0x0
-	PERF_COUNT_SW_TASK_CLOCK       = 0x1
-	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
-	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
-	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
-	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
-	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
-	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
-	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
-	PERF_COUNT_SW_DUMMY            = 0x9
-
-	PERF_SAMPLE_IP           = 0x1
-	PERF_SAMPLE_TID          = 0x2
-	PERF_SAMPLE_TIME         = 0x4
-	PERF_SAMPLE_ADDR         = 0x8
-	PERF_SAMPLE_READ         = 0x10
-	PERF_SAMPLE_CALLCHAIN    = 0x20
-	PERF_SAMPLE_ID           = 0x40
-	PERF_SAMPLE_CPU          = 0x80
-	PERF_SAMPLE_PERIOD       = 0x100
-	PERF_SAMPLE_STREAM_ID    = 0x200
-	PERF_SAMPLE_RAW          = 0x400
-	PERF_SAMPLE_BRANCH_STACK = 0x800
-
-	PERF_SAMPLE_BRANCH_USER       = 0x1
-	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
-	PERF_SAMPLE_BRANCH_HV         = 0x4
-	PERF_SAMPLE_BRANCH_ANY        = 0x8
-	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
-	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
-	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
-
-	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
-	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
-	PERF_FORMAT_ID                 = 0x4
-	PERF_FORMAT_GROUP              = 0x8
-
-	PERF_RECORD_MMAP       = 0x1
-	PERF_RECORD_LOST       = 0x2
-	PERF_RECORD_COMM       = 0x3
-	PERF_RECORD_EXIT       = 0x4
-	PERF_RECORD_THROTTLE   = 0x5
-	PERF_RECORD_UNTHROTTLE = 0x6
-	PERF_RECORD_FORK       = 0x7
-	PERF_RECORD_READ       = 0x8
-	PERF_RECORD_SAMPLE     = 0x9
-
-	PERF_CONTEXT_HV     = -0x20
-	PERF_CONTEXT_KERNEL = -0x80
-	PERF_CONTEXT_USER   = -0x200
-
-	PERF_CONTEXT_GUEST        = -0x800
-	PERF_CONTEXT_GUEST_KERNEL = -0x880
-	PERF_CONTEXT_GUEST_USER   = -0xa00
-
-	PERF_FLAG_FD_NO_GROUP = 0x1
-	PERF_FLAG_FD_OUTPUT   = 0x2
-	PERF_FLAG_PID_CGROUP  = 0x4
+	_NCPUBITS = 0x40
 )
 
 const (
@@ -1158,112 +407,13 @@ type SockaddrStorage struct {
 	_      uint64
 }
 
-type TCPMD5Sig struct {
-	Addr      SockaddrStorage
-	Flags     uint8
-	Prefixlen uint8
-	Keylen    uint16
-	_         uint32
-	Key       [80]uint8
-}
-
-type HDDriveCmdHdr struct {
-	Command uint8
-	Number  uint8
-	Feature uint8
-	Count   uint8
-}
-
 type HDGeometry struct {
 	Heads     uint8
 	Sectors   uint8
 	Cylinders uint16
-	_         [4]byte
 	Start     uint64
 }
 
-type HDDriveID struct {
-	Config         uint16
-	Cyls           uint16
-	Reserved2      uint16
-	Heads          uint16
-	Track_bytes    uint16
-	Sector_bytes   uint16
-	Sectors        uint16
-	Vendor0        uint16
-	Vendor1        uint16
-	Vendor2        uint16
-	Serial_no      [20]uint8
-	Buf_type       uint16
-	Buf_size       uint16
-	Ecc_bytes      uint16
-	Fw_rev         [8]uint8
-	Model          [40]uint8
-	Max_multsect   uint8
-	Vendor3        uint8
-	Dword_io       uint16
-	Vendor4        uint8
-	Capability     uint8
-	Reserved50     uint16
-	Vendor5        uint8
-	TPIO           uint8
-	Vendor6        uint8
-	TDMA           uint8
-	Field_valid    uint16
-	Cur_cyls       uint16
-	Cur_heads      uint16
-	Cur_sectors    uint16
-	Cur_capacity0  uint16
-	Cur_capacity1  uint16
-	Multsect       uint8
-	Multsect_valid uint8
-	Lba_capacity   uint32
-	Dma_1word      uint16
-	Dma_mword      uint16
-	Eide_pio_modes uint16
-	Eide_dma_min   uint16
-	Eide_dma_time  uint16
-	Eide_pio       uint16
-	Eide_pio_iordy uint16
-	Words69_70     [2]uint16
-	Words71_74     [4]uint16
-	Queue_depth    uint16
-	Words76_79     [4]uint16
-	Major_rev_num  uint16
-	Minor_rev_num  uint16
-	Command_set_1  uint16
-	Command_set_2  uint16
-	Cfsse          uint16
-	Cfs_enable_1   uint16
-	Cfs_enable_2   uint16
-	Csf_default    uint16
-	Dma_ultra      uint16
-	Trseuc         uint16
-	TrsEuc         uint16
-	CurAPMvalues   uint16
-	Mprc           uint16
-	Hw_config      uint16
-	Acoustic       uint16
-	Msrqs          uint16
-	Sxfert         uint16
-	Sal            uint16
-	Spg            uint32
-	Lba_capacity_2 uint64
-	Words104_125   [22]uint16
-	Last_lun       uint16
-	Word127        uint16
-	Dlf            uint16
-	Csfo           uint16
-	Words130_155   [26]uint16
-	Word156        uint16
-	Words157_159   [3]uint16
-	Cfa_power      uint16
-	Words161_175   [15]uint16
-	Words176_205   [30]uint16
-	Words206_254   [49]uint16
-	Integrity_word uint16
-}
-
 type Statfs_t struct {
 	Type    uint32
 	Bsize   uint32
@@ -1280,18 +430,6 @@ type Statfs_t struct {
 	_       [4]byte
 }
 
-const (
-	ST_MANDLOCK    = 0x40
-	ST_NOATIME     = 0x400
-	ST_NODEV       = 0x4
-	ST_NODIRATIME  = 0x800
-	ST_NOEXEC      = 0x8
-	ST_NOSUID      = 0x2
-	ST_RDONLY      = 0x1
-	ST_RELATIME    = 0x1000
-	ST_SYNCHRONOUS = 0x10
-)
-
 type TpacketHdr struct {
 	Status  uint64
 	Len     uint32
@@ -1303,578 +441,247 @@ type TpacketHdr struct {
 	_       [4]byte
 }
 
-type Tpacket2Hdr struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Sec       uint32
-	Nsec      uint32
-	Vlan_tci  uint16
-	Vlan_tpid uint16
-	_         [4]uint8
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
 }
 
-type Tpacket3Hdr struct {
-	Next_offset uint32
-	Sec         uint32
-	Nsec        uint32
-	Snaplen     uint32
-	Len         uint32
-	Status      uint32
-	Mac         uint16
-	Net         uint16
-	Hv1         TpacketHdrVariant1
-	_           [8]uint8
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
 }
 
-type TpacketHdrVariant1 struct {
-	Rxhash    uint32
-	Vlan_tci  uint32
-	Vlan_tpid uint16
-	_         uint16
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type TpacketBlockDesc struct {
-	Version uint32
-	To_priv uint32
-	Hdr     [40]byte
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type TpacketReq struct {
-	Block_size uint32
-	Block_nr   uint32
-	Frame_size uint32
-	Frame_nr   uint32
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketReq3 struct {
-	Block_size       uint32
-	Block_nr         uint32
-	Frame_size       uint32
-	Frame_nr         uint32
-	Retire_blk_tov   uint32
-	Sizeof_priv      uint32
-	Feature_req_word uint32
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type TpacketStats struct {
-	Packets uint32
-	Drops   uint32
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type TpacketStatsV3 struct {
-	Packets      uint32
-	Drops        uint32
-	Freeze_q_cnt uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type TpacketAuxdata struct {
-	Status    uint32
-	Len       uint32
-	Snaplen   uint32
-	Mac       uint16
-	Net       uint16
-	Vlan_tci  uint16
-	Vlan_tpid uint16
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-const (
-	TPACKET_V1 = 0x0
-	TPACKET_V2 = 0x1
-	TPACKET_V3 = 0x2
-)
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
 
-const (
-	SizeofTpacketHdr  = 0x20
-	SizeofTpacket2Hdr = 0x20
-	SizeofTpacket3Hdr = 0x30
-)
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
 
-const (
-	NF_INET_PRE_ROUTING  = 0x0
-	NF_INET_LOCAL_IN     = 0x1
-	NF_INET_FORWARD      = 0x2
-	NF_INET_LOCAL_OUT    = 0x3
-	NF_INET_POST_ROUTING = 0x4
-	NF_INET_NUMHOOKS     = 0x5
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-const (
-	NF_NETDEV_INGRESS  = 0x0
-	NF_NETDEV_NUMHOOKS = 0x1
-)
+type CryptoReportLarval struct {
+	Type [64]int8
+}
 
-const (
-	NFPROTO_UNSPEC   = 0x0
-	NFPROTO_INET     = 0x1
-	NFPROTO_IPV4     = 0x2
-	NFPROTO_ARP      = 0x3
-	NFPROTO_NETDEV   = 0x5
-	NFPROTO_BRIDGE   = 0x7
-	NFPROTO_IPV6     = 0xa
-	NFPROTO_DECNET   = 0xc
-	NFPROTO_NUMPROTO = 0xd
-)
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
 
-type Nfgenmsg struct {
-	Nfgen_family uint8
-	Version      uint8
-	Res_id       uint16
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
 }
 
-const (
-	NFNL_BATCH_UNSPEC = 0x0
-	NFNL_BATCH_GENID  = 0x1
-)
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-const (
-	NFT_REG_VERDICT                   = 0x0
-	NFT_REG_1                         = 0x1
-	NFT_REG_2                         = 0x2
-	NFT_REG_3                         = 0x3
-	NFT_REG_4                         = 0x4
-	NFT_REG32_00                      = 0x8
-	NFT_REG32_01                      = 0x9
-	NFT_REG32_02                      = 0xa
-	NFT_REG32_03                      = 0xb
-	NFT_REG32_04                      = 0xc
-	NFT_REG32_05                      = 0xd
-	NFT_REG32_06                      = 0xe
-	NFT_REG32_07                      = 0xf
-	NFT_REG32_08                      = 0x10
-	NFT_REG32_09                      = 0x11
-	NFT_REG32_10                      = 0x12
-	NFT_REG32_11                      = 0x13
-	NFT_REG32_12                      = 0x14
-	NFT_REG32_13                      = 0x15
-	NFT_REG32_14                      = 0x16
-	NFT_REG32_15                      = 0x17
-	NFT_CONTINUE                      = -0x1
-	NFT_BREAK                         = -0x2
-	NFT_JUMP                          = -0x3
-	NFT_GOTO                          = -0x4
-	NFT_RETURN                        = -0x5
-	NFT_MSG_NEWTABLE                  = 0x0
-	NFT_MSG_GETTABLE                  = 0x1
-	NFT_MSG_DELTABLE                  = 0x2
-	NFT_MSG_NEWCHAIN                  = 0x3
-	NFT_MSG_GETCHAIN                  = 0x4
-	NFT_MSG_DELCHAIN                  = 0x5
-	NFT_MSG_NEWRULE                   = 0x6
-	NFT_MSG_GETRULE                   = 0x7
-	NFT_MSG_DELRULE                   = 0x8
-	NFT_MSG_NEWSET                    = 0x9
-	NFT_MSG_GETSET                    = 0xa
-	NFT_MSG_DELSET                    = 0xb
-	NFT_MSG_NEWSETELEM                = 0xc
-	NFT_MSG_GETSETELEM                = 0xd
-	NFT_MSG_DELSETELEM                = 0xe
-	NFT_MSG_NEWGEN                    = 0xf
-	NFT_MSG_GETGEN                    = 0x10
-	NFT_MSG_TRACE                     = 0x11
-	NFT_MSG_NEWOBJ                    = 0x12
-	NFT_MSG_GETOBJ                    = 0x13
-	NFT_MSG_DELOBJ                    = 0x14
-	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
-	NFTA_LIST_UNPEC                   = 0x0
-	NFTA_LIST_ELEM                    = 0x1
-	NFTA_HOOK_UNSPEC                  = 0x0
-	NFTA_HOOK_HOOKNUM                 = 0x1
-	NFTA_HOOK_PRIORITY                = 0x2
-	NFTA_HOOK_DEV                     = 0x3
-	NFT_TABLE_F_DORMANT               = 0x1
-	NFTA_TABLE_UNSPEC                 = 0x0
-	NFTA_TABLE_NAME                   = 0x1
-	NFTA_TABLE_FLAGS                  = 0x2
-	NFTA_TABLE_USE                    = 0x3
-	NFTA_CHAIN_UNSPEC                 = 0x0
-	NFTA_CHAIN_TABLE                  = 0x1
-	NFTA_CHAIN_HANDLE                 = 0x2
-	NFTA_CHAIN_NAME                   = 0x3
-	NFTA_CHAIN_HOOK                   = 0x4
-	NFTA_CHAIN_POLICY                 = 0x5
-	NFTA_CHAIN_USE                    = 0x6
-	NFTA_CHAIN_TYPE                   = 0x7
-	NFTA_CHAIN_COUNTERS               = 0x8
-	NFTA_CHAIN_PAD                    = 0x9
-	NFTA_RULE_UNSPEC                  = 0x0
-	NFTA_RULE_TABLE                   = 0x1
-	NFTA_RULE_CHAIN                   = 0x2
-	NFTA_RULE_HANDLE                  = 0x3
-	NFTA_RULE_EXPRESSIONS             = 0x4
-	NFTA_RULE_COMPAT                  = 0x5
-	NFTA_RULE_POSITION                = 0x6
-	NFTA_RULE_USERDATA                = 0x7
-	NFTA_RULE_PAD                     = 0x8
-	NFTA_RULE_ID                      = 0x9
-	NFT_RULE_COMPAT_F_INV             = 0x2
-	NFT_RULE_COMPAT_F_MASK            = 0x2
-	NFTA_RULE_COMPAT_UNSPEC           = 0x0
-	NFTA_RULE_COMPAT_PROTO            = 0x1
-	NFTA_RULE_COMPAT_FLAGS            = 0x2
-	NFT_SET_ANONYMOUS                 = 0x1
-	NFT_SET_CONSTANT                  = 0x2
-	NFT_SET_INTERVAL                  = 0x4
-	NFT_SET_MAP                       = 0x8
-	NFT_SET_TIMEOUT                   = 0x10
-	NFT_SET_EVAL                      = 0x20
-	NFT_SET_OBJECT                    = 0x40
-	NFT_SET_POL_PERFORMANCE           = 0x0
-	NFT_SET_POL_MEMORY                = 0x1
-	NFTA_SET_DESC_UNSPEC              = 0x0
-	NFTA_SET_DESC_SIZE                = 0x1
-	NFTA_SET_UNSPEC                   = 0x0
-	NFTA_SET_TABLE                    = 0x1
-	NFTA_SET_NAME                     = 0x2
-	NFTA_SET_FLAGS                    = 0x3
-	NFTA_SET_KEY_TYPE                 = 0x4
-	NFTA_SET_KEY_LEN                  = 0x5
-	NFTA_SET_DATA_TYPE                = 0x6
-	NFTA_SET_DATA_LEN                 = 0x7
-	NFTA_SET_POLICY                   = 0x8
-	NFTA_SET_DESC                     = 0x9
-	NFTA_SET_ID                       = 0xa
-	NFTA_SET_TIMEOUT                  = 0xb
-	NFTA_SET_GC_INTERVAL              = 0xc
-	NFTA_SET_USERDATA                 = 0xd
-	NFTA_SET_PAD                      = 0xe
-	NFTA_SET_OBJ_TYPE                 = 0xf
-	NFT_SET_ELEM_INTERVAL_END         = 0x1
-	NFTA_SET_ELEM_UNSPEC              = 0x0
-	NFTA_SET_ELEM_KEY                 = 0x1
-	NFTA_SET_ELEM_DATA                = 0x2
-	NFTA_SET_ELEM_FLAGS               = 0x3
-	NFTA_SET_ELEM_TIMEOUT             = 0x4
-	NFTA_SET_ELEM_EXPIRATION          = 0x5
-	NFTA_SET_ELEM_USERDATA            = 0x6
-	NFTA_SET_ELEM_EXPR                = 0x7
-	NFTA_SET_ELEM_PAD                 = 0x8
-	NFTA_SET_ELEM_OBJREF              = 0x9
-	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
-	NFTA_SET_ELEM_LIST_TABLE          = 0x1
-	NFTA_SET_ELEM_LIST_SET            = 0x2
-	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
-	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
-	NFT_DATA_VALUE                    = 0x0
-	NFT_DATA_VERDICT                  = 0xffffff00
-	NFTA_DATA_UNSPEC                  = 0x0
-	NFTA_DATA_VALUE                   = 0x1
-	NFTA_DATA_VERDICT                 = 0x2
-	NFTA_VERDICT_UNSPEC               = 0x0
-	NFTA_VERDICT_CODE                 = 0x1
-	NFTA_VERDICT_CHAIN                = 0x2
-	NFTA_EXPR_UNSPEC                  = 0x0
-	NFTA_EXPR_NAME                    = 0x1
-	NFTA_EXPR_DATA                    = 0x2
-	NFTA_IMMEDIATE_UNSPEC             = 0x0
-	NFTA_IMMEDIATE_DREG               = 0x1
-	NFTA_IMMEDIATE_DATA               = 0x2
-	NFTA_BITWISE_UNSPEC               = 0x0
-	NFTA_BITWISE_SREG                 = 0x1
-	NFTA_BITWISE_DREG                 = 0x2
-	NFTA_BITWISE_LEN                  = 0x3
-	NFTA_BITWISE_MASK                 = 0x4
-	NFTA_BITWISE_XOR                  = 0x5
-	NFT_BYTEORDER_NTOH                = 0x0
-	NFT_BYTEORDER_HTON                = 0x1
-	NFTA_BYTEORDER_UNSPEC             = 0x0
-	NFTA_BYTEORDER_SREG               = 0x1
-	NFTA_BYTEORDER_DREG               = 0x2
-	NFTA_BYTEORDER_OP                 = 0x3
-	NFTA_BYTEORDER_LEN                = 0x4
-	NFTA_BYTEORDER_SIZE               = 0x5
-	NFT_CMP_EQ                        = 0x0
-	NFT_CMP_NEQ                       = 0x1
-	NFT_CMP_LT                        = 0x2
-	NFT_CMP_LTE                       = 0x3
-	NFT_CMP_GT                        = 0x4
-	NFT_CMP_GTE                       = 0x5
-	NFTA_CMP_UNSPEC                   = 0x0
-	NFTA_CMP_SREG                     = 0x1
-	NFTA_CMP_OP                       = 0x2
-	NFTA_CMP_DATA                     = 0x3
-	NFT_RANGE_EQ                      = 0x0
-	NFT_RANGE_NEQ                     = 0x1
-	NFTA_RANGE_UNSPEC                 = 0x0
-	NFTA_RANGE_SREG                   = 0x1
-	NFTA_RANGE_OP                     = 0x2
-	NFTA_RANGE_FROM_DATA              = 0x3
-	NFTA_RANGE_TO_DATA                = 0x4
-	NFT_LOOKUP_F_INV                  = 0x1
-	NFTA_LOOKUP_UNSPEC                = 0x0
-	NFTA_LOOKUP_SET                   = 0x1
-	NFTA_LOOKUP_SREG                  = 0x2
-	NFTA_LOOKUP_DREG                  = 0x3
-	NFTA_LOOKUP_SET_ID                = 0x4
-	NFTA_LOOKUP_FLAGS                 = 0x5
-	NFT_DYNSET_OP_ADD                 = 0x0
-	NFT_DYNSET_OP_UPDATE              = 0x1
-	NFT_DYNSET_F_INV                  = 0x1
-	NFTA_DYNSET_UNSPEC                = 0x0
-	NFTA_DYNSET_SET_NAME              = 0x1
-	NFTA_DYNSET_SET_ID                = 0x2
-	NFTA_DYNSET_OP                    = 0x3
-	NFTA_DYNSET_SREG_KEY              = 0x4
-	NFTA_DYNSET_SREG_DATA             = 0x5
-	NFTA_DYNSET_TIMEOUT               = 0x6
-	NFTA_DYNSET_EXPR                  = 0x7
-	NFTA_DYNSET_PAD                   = 0x8
-	NFTA_DYNSET_FLAGS                 = 0x9
-	NFT_PAYLOAD_LL_HEADER             = 0x0
-	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
-	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
-	NFT_PAYLOAD_CSUM_NONE             = 0x0
-	NFT_PAYLOAD_CSUM_INET             = 0x1
-	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
-	NFTA_PAYLOAD_UNSPEC               = 0x0
-	NFTA_PAYLOAD_DREG                 = 0x1
-	NFTA_PAYLOAD_BASE                 = 0x2
-	NFTA_PAYLOAD_OFFSET               = 0x3
-	NFTA_PAYLOAD_LEN                  = 0x4
-	NFTA_PAYLOAD_SREG                 = 0x5
-	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
-	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
-	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
-	NFT_EXTHDR_F_PRESENT              = 0x1
-	NFT_EXTHDR_OP_IPV6                = 0x0
-	NFT_EXTHDR_OP_TCPOPT              = 0x1
-	NFTA_EXTHDR_UNSPEC                = 0x0
-	NFTA_EXTHDR_DREG                  = 0x1
-	NFTA_EXTHDR_TYPE                  = 0x2
-	NFTA_EXTHDR_OFFSET                = 0x3
-	NFTA_EXTHDR_LEN                   = 0x4
-	NFTA_EXTHDR_FLAGS                 = 0x5
-	NFTA_EXTHDR_OP                    = 0x6
-	NFTA_EXTHDR_SREG                  = 0x7
-	NFT_META_LEN                      = 0x0
-	NFT_META_PROTOCOL                 = 0x1
-	NFT_META_PRIORITY                 = 0x2
-	NFT_META_MARK                     = 0x3
-	NFT_META_IIF                      = 0x4
-	NFT_META_OIF                      = 0x5
-	NFT_META_IIFNAME                  = 0x6
-	NFT_META_OIFNAME                  = 0x7
-	NFT_META_IIFTYPE                  = 0x8
-	NFT_META_OIFTYPE                  = 0x9
-	NFT_META_SKUID                    = 0xa
-	NFT_META_SKGID                    = 0xb
-	NFT_META_NFTRACE                  = 0xc
-	NFT_META_RTCLASSID                = 0xd
-	NFT_META_SECMARK                  = 0xe
-	NFT_META_NFPROTO                  = 0xf
-	NFT_META_L4PROTO                  = 0x10
-	NFT_META_BRI_IIFNAME              = 0x11
-	NFT_META_BRI_OIFNAME              = 0x12
-	NFT_META_PKTTYPE                  = 0x13
-	NFT_META_CPU                      = 0x14
-	NFT_META_IIFGROUP                 = 0x15
-	NFT_META_OIFGROUP                 = 0x16
-	NFT_META_CGROUP                   = 0x17
-	NFT_META_PRANDOM                  = 0x18
-	NFT_RT_CLASSID                    = 0x0
-	NFT_RT_NEXTHOP4                   = 0x1
-	NFT_RT_NEXTHOP6                   = 0x2
-	NFT_RT_TCPMSS                     = 0x3
-	NFT_HASH_JENKINS                  = 0x0
-	NFT_HASH_SYM                      = 0x1
-	NFTA_HASH_UNSPEC                  = 0x0
-	NFTA_HASH_SREG                    = 0x1
-	NFTA_HASH_DREG                    = 0x2
-	NFTA_HASH_LEN                     = 0x3
-	NFTA_HASH_MODULUS                 = 0x4
-	NFTA_HASH_SEED                    = 0x5
-	NFTA_HASH_OFFSET                  = 0x6
-	NFTA_HASH_TYPE                    = 0x7
-	NFTA_META_UNSPEC                  = 0x0
-	NFTA_META_DREG                    = 0x1
-	NFTA_META_KEY                     = 0x2
-	NFTA_META_SREG                    = 0x3
-	NFTA_RT_UNSPEC                    = 0x0
-	NFTA_RT_DREG                      = 0x1
-	NFTA_RT_KEY                       = 0x2
-	NFT_CT_STATE                      = 0x0
-	NFT_CT_DIRECTION                  = 0x1
-	NFT_CT_STATUS                     = 0x2
-	NFT_CT_MARK                       = 0x3
-	NFT_CT_SECMARK                    = 0x4
-	NFT_CT_EXPIRATION                 = 0x5
-	NFT_CT_HELPER                     = 0x6
-	NFT_CT_L3PROTOCOL                 = 0x7
-	NFT_CT_SRC                        = 0x8
-	NFT_CT_DST                        = 0x9
-	NFT_CT_PROTOCOL                   = 0xa
-	NFT_CT_PROTO_SRC                  = 0xb
-	NFT_CT_PROTO_DST                  = 0xc
-	NFT_CT_LABELS                     = 0xd
-	NFT_CT_PKTS                       = 0xe
-	NFT_CT_BYTES                      = 0xf
-	NFT_CT_AVGPKT                     = 0x10
-	NFT_CT_ZONE                       = 0x11
-	NFT_CT_EVENTMASK                  = 0x12
-	NFTA_CT_UNSPEC                    = 0x0
-	NFTA_CT_DREG                      = 0x1
-	NFTA_CT_KEY                       = 0x2
-	NFTA_CT_DIRECTION                 = 0x3
-	NFTA_CT_SREG                      = 0x4
-	NFT_LIMIT_PKTS                    = 0x0
-	NFT_LIMIT_PKT_BYTES               = 0x1
-	NFT_LIMIT_F_INV                   = 0x1
-	NFTA_LIMIT_UNSPEC                 = 0x0
-	NFTA_LIMIT_RATE                   = 0x1
-	NFTA_LIMIT_UNIT                   = 0x2
-	NFTA_LIMIT_BURST                  = 0x3
-	NFTA_LIMIT_TYPE                   = 0x4
-	NFTA_LIMIT_FLAGS                  = 0x5
-	NFTA_LIMIT_PAD                    = 0x6
-	NFTA_COUNTER_UNSPEC               = 0x0
-	NFTA_COUNTER_BYTES                = 0x1
-	NFTA_COUNTER_PACKETS              = 0x2
-	NFTA_COUNTER_PAD                  = 0x3
-	NFTA_LOG_UNSPEC                   = 0x0
-	NFTA_LOG_GROUP                    = 0x1
-	NFTA_LOG_PREFIX                   = 0x2
-	NFTA_LOG_SNAPLEN                  = 0x3
-	NFTA_LOG_QTHRESHOLD               = 0x4
-	NFTA_LOG_LEVEL                    = 0x5
-	NFTA_LOG_FLAGS                    = 0x6
-	NFTA_QUEUE_UNSPEC                 = 0x0
-	NFTA_QUEUE_NUM                    = 0x1
-	NFTA_QUEUE_TOTAL                  = 0x2
-	NFTA_QUEUE_FLAGS                  = 0x3
-	NFTA_QUEUE_SREG_QNUM              = 0x4
-	NFT_QUOTA_F_INV                   = 0x1
-	NFT_QUOTA_F_DEPLETED              = 0x2
-	NFTA_QUOTA_UNSPEC                 = 0x0
-	NFTA_QUOTA_BYTES                  = 0x1
-	NFTA_QUOTA_FLAGS                  = 0x2
-	NFTA_QUOTA_PAD                    = 0x3
-	NFTA_QUOTA_CONSUMED               = 0x4
-	NFT_REJECT_ICMP_UNREACH           = 0x0
-	NFT_REJECT_TCP_RST                = 0x1
-	NFT_REJECT_ICMPX_UNREACH          = 0x2
-	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
-	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
-	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
-	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
-	NFTA_REJECT_UNSPEC                = 0x0
-	NFTA_REJECT_TYPE                  = 0x1
-	NFTA_REJECT_ICMP_CODE             = 0x2
-	NFT_NAT_SNAT                      = 0x0
-	NFT_NAT_DNAT                      = 0x1
-	NFTA_NAT_UNSPEC                   = 0x0
-	NFTA_NAT_TYPE                     = 0x1
-	NFTA_NAT_FAMILY                   = 0x2
-	NFTA_NAT_REG_ADDR_MIN             = 0x3
-	NFTA_NAT_REG_ADDR_MAX             = 0x4
-	NFTA_NAT_REG_PROTO_MIN            = 0x5
-	NFTA_NAT_REG_PROTO_MAX            = 0x6
-	NFTA_NAT_FLAGS                    = 0x7
-	NFTA_MASQ_UNSPEC                  = 0x0
-	NFTA_MASQ_FLAGS                   = 0x1
-	NFTA_MASQ_REG_PROTO_MIN           = 0x2
-	NFTA_MASQ_REG_PROTO_MAX           = 0x3
-	NFTA_REDIR_UNSPEC                 = 0x0
-	NFTA_REDIR_REG_PROTO_MIN          = 0x1
-	NFTA_REDIR_REG_PROTO_MAX          = 0x2
-	NFTA_REDIR_FLAGS                  = 0x3
-	NFTA_DUP_UNSPEC                   = 0x0
-	NFTA_DUP_SREG_ADDR                = 0x1
-	NFTA_DUP_SREG_DEV                 = 0x2
-	NFTA_FWD_UNSPEC                   = 0x0
-	NFTA_FWD_SREG_DEV                 = 0x1
-	NFTA_OBJREF_UNSPEC                = 0x0
-	NFTA_OBJREF_IMM_TYPE              = 0x1
-	NFTA_OBJREF_IMM_NAME              = 0x2
-	NFTA_OBJREF_SET_SREG              = 0x3
-	NFTA_OBJREF_SET_NAME              = 0x4
-	NFTA_OBJREF_SET_ID                = 0x5
-	NFTA_GEN_UNSPEC                   = 0x0
-	NFTA_GEN_ID                       = 0x1
-	NFTA_GEN_PROC_PID                 = 0x2
-	NFTA_GEN_PROC_NAME                = 0x3
-	NFTA_FIB_UNSPEC                   = 0x0
-	NFTA_FIB_DREG                     = 0x1
-	NFTA_FIB_RESULT                   = 0x2
-	NFTA_FIB_FLAGS                    = 0x3
-	NFT_FIB_RESULT_UNSPEC             = 0x0
-	NFT_FIB_RESULT_OIF                = 0x1
-	NFT_FIB_RESULT_OIFNAME            = 0x2
-	NFT_FIB_RESULT_ADDRTYPE           = 0x3
-	NFTA_FIB_F_SADDR                  = 0x1
-	NFTA_FIB_F_DADDR                  = 0x2
-	NFTA_FIB_F_MARK                   = 0x4
-	NFTA_FIB_F_IIF                    = 0x8
-	NFTA_FIB_F_OIF                    = 0x10
-	NFTA_FIB_F_PRESENT                = 0x20
-	NFTA_CT_HELPER_UNSPEC             = 0x0
-	NFTA_CT_HELPER_NAME               = 0x1
-	NFTA_CT_HELPER_L3PROTO            = 0x2
-	NFTA_CT_HELPER_L4PROTO            = 0x3
-	NFTA_OBJ_UNSPEC                   = 0x0
-	NFTA_OBJ_TABLE                    = 0x1
-	NFTA_OBJ_NAME                     = 0x2
-	NFTA_OBJ_TYPE                     = 0x3
-	NFTA_OBJ_DATA                     = 0x4
-	NFTA_OBJ_USE                      = 0x5
-	NFTA_TRACE_UNSPEC                 = 0x0
-	NFTA_TRACE_TABLE                  = 0x1
-	NFTA_TRACE_CHAIN                  = 0x2
-	NFTA_TRACE_RULE_HANDLE            = 0x3
-	NFTA_TRACE_TYPE                   = 0x4
-	NFTA_TRACE_VERDICT                = 0x5
-	NFTA_TRACE_ID                     = 0x6
-	NFTA_TRACE_LL_HEADER              = 0x7
-	NFTA_TRACE_NETWORK_HEADER         = 0x8
-	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
-	NFTA_TRACE_IIF                    = 0xa
-	NFTA_TRACE_IIFTYPE                = 0xb
-	NFTA_TRACE_OIF                    = 0xc
-	NFTA_TRACE_OIFTYPE                = 0xd
-	NFTA_TRACE_MARK                   = 0xe
-	NFTA_TRACE_NFPROTO                = 0xf
-	NFTA_TRACE_POLICY                 = 0x10
-	NFTA_TRACE_PAD                    = 0x11
-	NFT_TRACETYPE_UNSPEC              = 0x0
-	NFT_TRACETYPE_POLICY              = 0x1
-	NFT_TRACETYPE_RETURN              = 0x2
-	NFT_TRACETYPE_RULE                = 0x3
-	NFTA_NG_UNSPEC                    = 0x0
-	NFTA_NG_DREG                      = 0x1
-	NFTA_NG_MODULUS                   = 0x2
-	NFTA_NG_TYPE                      = 0x3
-	NFTA_NG_OFFSET                    = 0x4
-	NFT_NG_INCREMENTAL                = 0x0
-	NFT_NG_RANDOM                     = 0x1
-)
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
 
-type RTCTime struct {
-	Sec   int32
-	Min   int32
-	Hour  int32
-	Mday  int32
-	Mon   int32
-	Year  int32
-	Wday  int32
-	Yday  int32
-	Isdst int32
+type CryptoReportComp struct {
+	Type [64]int8
 }
 
-type RTCWkAlrm struct {
-	Enabled uint8
-	Pending uint8
-	_       [2]byte
-	Time    RTCTime
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
 }
 
-type RTCPLLInfo struct {
-	Ctrl    int32
-	Value   int32
-	Max     int32
-	Min     int32
-	Posmult int32
-	Negmult int32
-	Clock   int64
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint16
+	Inode            uint64
+	Rdevice          uint16
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x800870a1
+	PPS_SETPARAMS = 0x400870a2
+	PPS_GETCAP    = 0x800870a3
+	PPS_FETCH     = 0xc00870a4
+)
+
+const (
+	PIDFD_NONBLOCK = 0x800
+)
+
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    uint16
+	Seq  uint16
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Segsz  uint64
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 8e7384b89ca77..44fcbe4e9a1ba 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -1,23 +1,18 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build sparc64 && linux
 // +build sparc64,linux
-// Created by cgo -godefs - DO NOT EDIT
-// cgo -godefs types_linux.go | go run mkpost.go
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
-	PathMax        = 0x1000
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
 )
 
 type (
-	_C_short     int16
-	_C_int       int32
-	_C_long      int64
-	_C_long_long int64
+	_C_long int64
 )
 
 type Timespec struct {
@@ -26,20 +21,18 @@ type Timespec struct {
 }
 
 type Timeval struct {
-	Sec       int64
-	Usec      int32
-	Pad_cgo_0 [4]byte
+	Sec  int64
+	Usec int32
+	_    [4]byte
 }
 
 type Timex struct {
 	Modes     uint32
-	Pad_cgo_0 [4]byte
 	Offset    int64
 	Freq      int64
 	Maxerror  int64
 	Esterror  int64
 	Status    int32
-	Pad_cgo_1 [4]byte
 	Constant  int64
 	Precision int64
 	Tolerance int64
@@ -48,14 +41,13 @@ type Timex struct {
 	Ppsfreq   int64
 	Jitter    int64
 	Shift     int32
-	Pad_cgo_2 [4]byte
 	Stabil    int64
 	Jitcnt    int64
 	Calcnt    int64
 	Errcnt    int64
 	Stbcnt    int64
 	Tai       int32
-	Pad_cgo_3 [44]byte
+	_         [44]byte
 }
 
 type Time_t int64
@@ -91,600 +83,586 @@ type Rusage struct {
 	Nivcsw   int64
 }
 
-type Rlimit struct {
-	Cur uint64
-	Max uint64
-}
-
-type _Gid_t uint32
-
 type Stat_t struct {
-	Dev                uint64
-	X__pad1            uint16
-	Pad_cgo_0          [6]byte
-	Ino                uint64
-	Mode               uint32
-	Nlink              uint32
-	Uid                uint32
-	Gid                uint32
-	Rdev               uint64
-	X__pad2            uint16
-	Pad_cgo_1          [6]byte
-	Size               int64
-	Blksize            int64
-	Blocks             int64
-	Atim               Timespec
-	Mtim               Timespec
-	Ctim               Timespec
-	X__glibc_reserved4 uint64
-	X__glibc_reserved5 uint64
-}
-
-type Statfs_t struct {
-	Type    int64
-	Bsize   int64
-	Blocks  uint64
-	Bfree   uint64
-	Bavail  uint64
-	Files   uint64
-	Ffree   uint64
-	Fsid    Fsid
-	Namelen int64
-	Frsize  int64
-	Flags   int64
-	Spare   [4]int64
+	Dev     uint64
+	_       uint16
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint16
+	Size    int64
+	Blksize int64
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       uint64
+	_       uint64
 }
 
 type Dirent struct {
-	Ino       uint64
-	Off       int64
-	Reclen    uint16
-	Type      uint8
-	Name      [256]int8
-	Pad_cgo_0 [5]byte
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
 }
 
-type Fsid struct {
-	X__val [2]int32
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      int16
+	_      [2]byte
 }
 
-type Flock_t struct {
-	Type              int16
-	Whence            int16
-	Pad_cgo_0         [4]byte
-	Start             int64
-	Len               int64
-	Pid               int32
-	X__glibc_reserved int16
-	Pad_cgo_1         [2]byte
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
 }
 
 const (
-	FADV_NORMAL     = 0x0
-	FADV_RANDOM     = 0x1
-	FADV_SEQUENTIAL = 0x2
-	FADV_WILLNEED   = 0x3
-	FADV_DONTNEED   = 0x4
-	FADV_NOREUSE    = 0x5
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
 )
 
-type RawSockaddrInet4 struct {
+type RawSockaddrNFCLLCP struct {
+	Sa_family        uint16
+	Dev_idx          uint32
+	Target_idx       uint32
+	Nfc_protocol     uint32
+	Dsap             uint8
+	Ssap             uint8
+	Service_name     [63]uint8
+	Service_name_len uint64
+}
+
+type RawSockaddr struct {
 	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
+	Data   [14]int8
 }
 
-type RawSockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
 }
 
-type RawSockaddrUnix struct {
-	Family uint16
-	Path   [108]int8
+type Iovec struct {
+	Base *byte
+	Len  uint64
 }
 
-type RawSockaddrLinklayer struct {
-	Family   uint16
-	Protocol uint16
-	Ifindex  int32
-	Hatype   uint16
-	Pkttype  uint8
-	Halen    uint8
-	Addr     [8]uint8
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
 }
 
-type RawSockaddrNetlink struct {
-	Family uint16
-	Pad    uint16
-	Pid    uint32
-	Groups uint32
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
 }
 
-type RawSockaddrHCI struct {
-	Family  uint16
-	Dev     uint16
-	Channel uint16
+type ifreq struct {
+	Ifrn [16]byte
+	Ifru [24]byte
 }
 
-type RawSockaddrCAN struct {
-	Family    uint16
-	Pad_cgo_0 [2]byte
-	Ifindex   int32
-	Addr      [8]byte
+const (
+	SizeofSockaddrNFCLLCP = 0x60
+	SizeofIovec           = 0x10
+	SizeofMsghdr          = 0x38
+	SizeofCmsghdr         = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Regs   [16]uint64
+	Tstate uint64
+	Tpc    uint64
+	Tnpc   uint64
+	Y      uint32
+	Magic  uint32
 }
 
-type RawSockaddrALG struct {
-	Family uint16
-	Type   [14]uint8
-	Feat   uint32
-	Mask   uint32
-	Name   [64]uint8
+type FdSet struct {
+	Bits [16]int64
 }
 
-type RawSockaddrVM struct {
-	Family    uint16
-	Reserved1 uint16
-	Port      uint32
-	Cid       uint32
-	Zero      [4]uint8
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]int8
+	_         [4]byte
 }
 
-type RawSockaddr struct {
-	Family uint16
-	Data   [14]int8
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]int8
+	Fpack  [6]int8
+	_      [4]byte
 }
 
-type RawSockaddrAny struct {
-	Addr RawSockaddr
-	Pad  [96]int8
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
 }
 
-type _Socklen uint32
+const (
+	POLLRDHUP = 0x800
+)
 
-type Linger struct {
-	Onoff  int32
-	Linger int32
+type Sigset_t struct {
+	Val [16]uint64
 }
 
-type Iovec struct {
-	Base *byte
-	Len  uint64
-}
+const _C__NSIG = 0x41
 
-type IPMreq struct {
-	Multiaddr [4]byte /* in_addr */
-	Interface [4]byte /* in_addr */
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
 }
 
-type IPMreqn struct {
-	Multiaddr [4]byte /* in_addr */
-	Address   [4]byte /* in_addr */
-	Ifindex   int32
-}
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
 
-type IPv6Mreq struct {
-	Multiaddr [16]byte /* in6_addr */
-	Interface uint32
+const (
+	CBitFieldMaskBit0  = 0x8000000000000000
+	CBitFieldMaskBit1  = 0x4000000000000000
+	CBitFieldMaskBit2  = 0x2000000000000000
+	CBitFieldMaskBit3  = 0x1000000000000000
+	CBitFieldMaskBit4  = 0x800000000000000
+	CBitFieldMaskBit5  = 0x400000000000000
+	CBitFieldMaskBit6  = 0x200000000000000
+	CBitFieldMaskBit7  = 0x100000000000000
+	CBitFieldMaskBit8  = 0x80000000000000
+	CBitFieldMaskBit9  = 0x40000000000000
+	CBitFieldMaskBit10 = 0x20000000000000
+	CBitFieldMaskBit11 = 0x10000000000000
+	CBitFieldMaskBit12 = 0x8000000000000
+	CBitFieldMaskBit13 = 0x4000000000000
+	CBitFieldMaskBit14 = 0x2000000000000
+	CBitFieldMaskBit15 = 0x1000000000000
+	CBitFieldMaskBit16 = 0x800000000000
+	CBitFieldMaskBit17 = 0x400000000000
+	CBitFieldMaskBit18 = 0x200000000000
+	CBitFieldMaskBit19 = 0x100000000000
+	CBitFieldMaskBit20 = 0x80000000000
+	CBitFieldMaskBit21 = 0x40000000000
+	CBitFieldMaskBit22 = 0x20000000000
+	CBitFieldMaskBit23 = 0x10000000000
+	CBitFieldMaskBit24 = 0x8000000000
+	CBitFieldMaskBit25 = 0x4000000000
+	CBitFieldMaskBit26 = 0x2000000000
+	CBitFieldMaskBit27 = 0x1000000000
+	CBitFieldMaskBit28 = 0x800000000
+	CBitFieldMaskBit29 = 0x400000000
+	CBitFieldMaskBit30 = 0x200000000
+	CBitFieldMaskBit31 = 0x100000000
+	CBitFieldMaskBit32 = 0x80000000
+	CBitFieldMaskBit33 = 0x40000000
+	CBitFieldMaskBit34 = 0x20000000
+	CBitFieldMaskBit35 = 0x10000000
+	CBitFieldMaskBit36 = 0x8000000
+	CBitFieldMaskBit37 = 0x4000000
+	CBitFieldMaskBit38 = 0x2000000
+	CBitFieldMaskBit39 = 0x1000000
+	CBitFieldMaskBit40 = 0x800000
+	CBitFieldMaskBit41 = 0x400000
+	CBitFieldMaskBit42 = 0x200000
+	CBitFieldMaskBit43 = 0x100000
+	CBitFieldMaskBit44 = 0x80000
+	CBitFieldMaskBit45 = 0x40000
+	CBitFieldMaskBit46 = 0x20000
+	CBitFieldMaskBit47 = 0x10000
+	CBitFieldMaskBit48 = 0x8000
+	CBitFieldMaskBit49 = 0x4000
+	CBitFieldMaskBit50 = 0x2000
+	CBitFieldMaskBit51 = 0x1000
+	CBitFieldMaskBit52 = 0x800
+	CBitFieldMaskBit53 = 0x400
+	CBitFieldMaskBit54 = 0x200
+	CBitFieldMaskBit55 = 0x100
+	CBitFieldMaskBit56 = 0x80
+	CBitFieldMaskBit57 = 0x40
+	CBitFieldMaskBit58 = 0x20
+	CBitFieldMaskBit59 = 0x10
+	CBitFieldMaskBit60 = 0x8
+	CBitFieldMaskBit61 = 0x4
+	CBitFieldMaskBit62 = 0x2
+	CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]int8
+	_      uint64
 }
 
-type Msghdr struct {
-	Name       *byte
-	Namelen    uint32
-	Pad_cgo_0  [4]byte
-	Iov        *Iovec
-	Iovlen     uint64
-	Control    *byte
-	Controllen uint64
-	Flags      int32
-	Pad_cgo_1  [4]byte
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
 }
 
-type Cmsghdr struct {
-	Len   uint64
-	Level int32
-	Type  int32
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
 }
 
-type Inet4Pktinfo struct {
-	Ifindex  int32
-	Spec_dst [4]byte /* in_addr */
-	Addr     [4]byte /* in_addr */
-}
-
-type Inet6Pktinfo struct {
-	Addr    [16]byte /* in6_addr */
-	Ifindex uint32
-}
-
-type IPv6MTUInfo struct {
-	Addr RawSockaddrInet6
-	Mtu  uint32
-}
-
-type ICMPv6Filter struct {
-	Data [8]uint32
-}
-
-type Ucred struct {
-	Pid int32
-	Uid uint32
-	Gid uint32
-}
-
-type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	Pad_cgo_0      [2]byte
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
 }
 
 const (
-	SizeofSockaddrInet4     = 0x10
-	SizeofSockaddrInet6     = 0x1c
-	SizeofSockaddrAny       = 0x70
-	SizeofSockaddrUnix      = 0x6e
-	SizeofSockaddrLinklayer = 0x14
-	SizeofSockaddrNetlink   = 0xc
-	SizeofSockaddrHCI       = 0x6
-	SizeofSockaddrCAN       = 0x10
-	SizeofSockaddrALG       = 0x58
-	SizeofSockaddrVM        = 0x10
-	SizeofLinger            = 0x8
-	SizeofIPMreq            = 0x8
-	SizeofIPMreqn           = 0xc
-	SizeofIPv6Mreq          = 0x14
-	SizeofMsghdr            = 0x38
-	SizeofCmsghdr           = 0x10
-	SizeofInet4Pktinfo      = 0xc
-	SizeofInet6Pktinfo      = 0x14
-	SizeofIPv6MTUInfo       = 0x20
-	SizeofICMPv6Filter      = 0x20
-	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
+	SizeofTpacketHdr = 0x20
 )
 
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
 const (
-	IFA_UNSPEC           = 0x0
-	IFA_ADDRESS          = 0x1
-	IFA_LOCAL            = 0x2
-	IFA_LABEL            = 0x3
-	IFA_BROADCAST        = 0x4
-	IFA_ANYCAST          = 0x5
-	IFA_CACHEINFO        = 0x6
-	IFA_MULTICAST        = 0x7
-	IFLA_UNSPEC          = 0x0
-	IFLA_ADDRESS         = 0x1
-	IFLA_BROADCAST       = 0x2
-	IFLA_IFNAME          = 0x3
-	IFLA_MTU             = 0x4
-	IFLA_LINK            = 0x5
-	IFLA_QDISC           = 0x6
-	IFLA_STATS           = 0x7
-	IFLA_COST            = 0x8
-	IFLA_PRIORITY        = 0x9
-	IFLA_MASTER          = 0xa
-	IFLA_WIRELESS        = 0xb
-	IFLA_PROTINFO        = 0xc
-	IFLA_TXQLEN          = 0xd
-	IFLA_MAP             = 0xe
-	IFLA_WEIGHT          = 0xf
-	IFLA_OPERSTATE       = 0x10
-	IFLA_LINKMODE        = 0x11
-	IFLA_LINKINFO        = 0x12
-	IFLA_NET_NS_PID      = 0x13
-	IFLA_IFALIAS         = 0x14
-	IFLA_NUM_VF          = 0x15
-	IFLA_VFINFO_LIST     = 0x16
-	IFLA_STATS64         = 0x17
-	IFLA_VF_PORTS        = 0x18
-	IFLA_PORT_SELF       = 0x19
-	IFLA_AF_SPEC         = 0x1a
-	IFLA_GROUP           = 0x1b
-	IFLA_NET_NS_FD       = 0x1c
-	IFLA_EXT_MASK        = 0x1d
-	IFLA_PROMISCUITY     = 0x1e
-	IFLA_NUM_TX_QUEUES   = 0x1f
-	IFLA_NUM_RX_QUEUES   = 0x20
-	IFLA_CARRIER         = 0x21
-	IFLA_PHYS_PORT_ID    = 0x22
-	IFLA_CARRIER_CHANGES = 0x23
-	IFLA_PHYS_SWITCH_ID  = 0x24
-	IFLA_LINK_NETNSID    = 0x25
-	IFLA_PHYS_PORT_NAME  = 0x26
-	IFLA_PROTO_DOWN      = 0x27
-	IFLA_GSO_MAX_SEGS    = 0x28
-	IFLA_GSO_MAX_SIZE    = 0x29
-	IFLA_PAD             = 0x2a
-	IFLA_XDP             = 0x2b
-	IFLA_EVENT           = 0x2c
-	IFLA_NEW_NETNSID     = 0x2d
-	IFLA_IF_NETNSID      = 0x2e
-	IFLA_MAX             = 0x2e
-	RT_SCOPE_UNIVERSE    = 0x0
-	RT_SCOPE_SITE        = 0xc8
-	RT_SCOPE_LINK        = 0xfd
-	RT_SCOPE_HOST        = 0xfe
-	RT_SCOPE_NOWHERE     = 0xff
-	RT_TABLE_UNSPEC      = 0x0
-	RT_TABLE_COMPAT      = 0xfc
-	RT_TABLE_DEFAULT     = 0xfd
-	RT_TABLE_MAIN        = 0xfe
-	RT_TABLE_LOCAL       = 0xff
-	RT_TABLE_MAX         = 0xffffffff
-	RTA_UNSPEC           = 0x0
-	RTA_DST              = 0x1
-	RTA_SRC              = 0x2
-	RTA_IIF              = 0x3
-	RTA_OIF              = 0x4
-	RTA_GATEWAY          = 0x5
-	RTA_PRIORITY         = 0x6
-	RTA_PREFSRC          = 0x7
-	RTA_METRICS          = 0x8
-	RTA_MULTIPATH        = 0x9
-	RTA_FLOW             = 0xb
-	RTA_CACHEINFO        = 0xc
-	RTA_TABLE            = 0xf
-	RTN_UNSPEC           = 0x0
-	RTN_UNICAST          = 0x1
-	RTN_LOCAL            = 0x2
-	RTN_BROADCAST        = 0x3
-	RTN_ANYCAST          = 0x4
-	RTN_MULTICAST        = 0x5
-	RTN_BLACKHOLE        = 0x6
-	RTN_UNREACHABLE      = 0x7
-	RTN_PROHIBIT         = 0x8
-	RTN_THROW            = 0x9
-	RTN_NAT              = 0xa
-	RTN_XRESOLVE         = 0xb
-	RTNLGRP_NONE         = 0x0
-	RTNLGRP_LINK         = 0x1
-	RTNLGRP_NOTIFY       = 0x2
-	RTNLGRP_NEIGH        = 0x3
-	RTNLGRP_TC           = 0x4
-	RTNLGRP_IPV4_IFADDR  = 0x5
-	RTNLGRP_IPV4_MROUTE  = 0x6
-	RTNLGRP_IPV4_ROUTE   = 0x7
-	RTNLGRP_IPV4_RULE    = 0x8
-	RTNLGRP_IPV6_IFADDR  = 0x9
-	RTNLGRP_IPV6_MROUTE  = 0xa
-	RTNLGRP_IPV6_ROUTE   = 0xb
-	RTNLGRP_IPV6_IFINFO  = 0xc
-	RTNLGRP_IPV6_PREFIX  = 0x12
-	RTNLGRP_IPV6_RULE    = 0x13
-	RTNLGRP_ND_USEROPT   = 0x14
-	SizeofNlMsghdr       = 0x10
-	SizeofNlMsgerr       = 0x14
-	SizeofRtGenmsg       = 0x1
-	SizeofNlAttr         = 0x4
-	SizeofRtAttr         = 0x4
-	SizeofIfInfomsg      = 0x10
-	SizeofIfAddrmsg      = 0x8
-	SizeofRtMsg          = 0xc
-	SizeofRtNexthop      = 0x8
+	BLKPG = 0x20001269
 )
 
-type NlMsghdr struct {
-	Len   uint32
-	Type  uint16
-	Flags uint16
-	Seq   uint32
-	Pid   uint32
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
 }
 
-type NlMsgerr struct {
-	Error int32
-	Msg   NlMsghdr
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
 }
 
-type RtGenmsg struct {
-	Family uint8
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type NlAttr struct {
-	Len  uint16
-	Type uint16
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
 }
 
-type RtAttr struct {
-	Len  uint16
-	Type uint16
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
 }
 
-type IfInfomsg struct {
-	Family     uint8
-	X__ifi_pad uint8
-	Type       uint16
-	Index      int32
-	Flags      uint32
-	Change     uint32
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
 }
 
-type IfAddrmsg struct {
-	Family    uint8
-	Prefixlen uint8
-	Flags     uint8
-	Scope     uint8
-	Index     uint32
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
 }
 
-type RtMsg struct {
-	Family   uint8
-	Dst_len  uint8
-	Src_len  uint8
-	Tos      uint8
-	Table    uint8
-	Protocol uint8
-	Scope    uint8
-	Type     uint8
-	Flags    uint32
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
 }
 
-type RtNexthop struct {
-	Len     uint16
-	Flags   uint8
-	Hops    uint8
-	Ifindex int32
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
 }
 
-const (
-	SizeofSockFilter = 0x8
-	SizeofSockFprog  = 0x10
-)
+type CryptoStatLarval struct {
+	Type [64]int8
+}
 
-type SockFilter struct {
-	Code uint16
-	Jt   uint8
-	Jf   uint8
-	K    uint32
+type CryptoReportLarval struct {
+	Type [64]int8
 }
 
-type SockFprog struct {
-	Len       uint16
-	Pad_cgo_0 [6]byte
-	Filter    *SockFilter
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
 }
 
-type InotifyEvent struct {
-	Wd     int32
-	Mask   uint32
-	Cookie uint32
-	Len    uint32
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
 }
 
-const SizeofInotifyEvent = 0x10
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
 
-type PtraceRegs struct {
-	Regs   [16]uint64
-	Tstate uint64
-	Tpc    uint64
-	Tnpc   uint64
-	Y      uint32
-	Magic  uint32
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
 }
 
-type ptracePsw struct {
+type CryptoReportComp struct {
+	Type [64]int8
 }
 
-type ptraceFpregs struct {
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
 }
 
-type ptracePer struct {
+type CryptoReportAKCipher struct {
+	Type [64]int8
 }
 
-type FdSet struct {
-	Bits [16]int64
+type CryptoReportKPP struct {
+	Type [64]int8
 }
 
-type Sysinfo_t struct {
-	Uptime    int64
-	Loads     [3]uint64
-	Totalram  uint64
-	Freeram   uint64
-	Sharedram uint64
-	Bufferram uint64
-	Totalswap uint64
-	Freeswap  uint64
-	Procs     uint16
-	Pad       uint16
-	Pad_cgo_0 [4]byte
-	Totalhigh uint64
-	Freehigh  uint64
-	Unit      uint32
-	X_f       [0]int8
-	Pad_cgo_1 [4]byte
+type CryptoReportAcomp struct {
+	Type [64]int8
 }
 
-type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
 }
 
-type Ustat_t struct {
-	Tfree     int32
-	Pad_cgo_0 [4]byte
-	Tinode    uint64
-	Fname     [6]int8
-	Fpack     [6]int8
-	Pad_cgo_1 [4]byte
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
 }
 
-type EpollEvent struct {
-	Events  uint32
-	X_padFd int32
-	Fd      int32
-	Pad     int32
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
 }
 
-const (
-	AT_FDCWD            = -0x64
-	AT_REMOVEDIR        = 0x200
-	AT_SYMLINK_FOLLOW   = 0x400
-	AT_SYMLINK_NOFOLLOW = 0x100
-)
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
 
-type PollFd struct {
-	Fd      int32
-	Events  int16
-	Revents int16
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
 }
 
 const (
-	POLLIN    = 0x1
-	POLLPRI   = 0x2
-	POLLOUT   = 0x4
-	POLLRDHUP = 0x800
-	POLLERR   = 0x8
-	POLLHUP   = 0x10
-	POLLNVAL  = 0x20
+	PPS_GETPARAMS = 0x400870a1
+	PPS_SETPARAMS = 0x800870a2
+	PPS_GETCAP    = 0x400870a3
+	PPS_FETCH     = 0xc00870a4
 )
 
-type Sigset_t struct {
-	X__val [16]uint64
-}
+const (
+	PIDFD_NONBLOCK = 0x4000
+)
 
-type Termios struct {
-	Iflag  uint32
-	Oflag  uint32
-	Cflag  uint32
-	Lflag  uint32
-	Line   uint8
-	Cc     [19]uint8
-	Ispeed uint32
-	Ospeed uint32
+type SysvIpcPerm struct {
+	Key  int32
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode uint32
+	_    uint16
+	Seq  uint16
+	_    uint64
+	_    uint64
+}
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+	Segsz  uint64
+	Cpid   int32
+	Lpid   int32
+	Nattch uint64
+	_      uint64
+	_      uint64
 }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
index 4b86fb2b33282..2fd2060e617a4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_netbsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && netbsd
 // +build 386,netbsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -57,27 +58,54 @@ type Rlimit struct {
 type _Gid_t uint32
 
 type Stat_t struct {
-	Dev           uint64
-	Mode          uint32
-	Ino           uint64
-	Nlink         uint32
-	Uid           uint32
-	Gid           uint32
-	Rdev          uint64
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Birthtimespec Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       uint32
-	Flags         uint32
-	Gen           uint32
-	Spare         [2]uint32
+	Dev     uint64
+	Mode    uint32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Spare   [2]uint32
 }
 
 type Statfs_t [0]byte
 
+type Statvfs_t struct {
+	Flag        uint32
+	Bsize       uint32
+	Frsize      uint32
+	Iosize      uint32
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Bresvd      uint64
+	Files       uint64
+	Ffree       uint64
+	Favail      uint64
+	Fresvd      uint64
+	Syncreads   uint64
+	Syncwrites  uint64
+	Asyncreads  uint64
+	Asyncwrites uint64
+	Fsidx       Fsid
+	Fsid        uint32
+	Namemax     uint32
+	Owner       uint32
+	Spare       [4]uint32
+	Fstypename  [32]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+}
+
 type Flock_t struct {
 	Start  int64
 	Len    int64
@@ -103,6 +131,11 @@ const (
 	PathMax = 0x400
 )
 
+const (
+	ST_WAIT   = 0x1
+	ST_NOWAIT = 0x2
+)
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1
@@ -216,6 +249,7 @@ const (
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x14
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x8
 	SizeofIPMreq           = 0x8
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x1c
@@ -402,9 +436,19 @@ type Winsize struct {
 	Ypixel uint16
 }
 
+type Ptmget struct {
+	Cfd int32
+	Sfd int32
+	Cn  [1024]byte
+	Sn  [1024]byte
+}
+
 const (
 	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x100
 	AT_SYMLINK_NOFOLLOW = 0x200
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_REMOVEDIR        = 0x800
 )
 
 type PollFd struct {
@@ -446,3 +490,13 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
index 9048a509d0883..6a5a1a8ae5568 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_netbsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && netbsd
 // +build amd64,netbsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -58,30 +59,58 @@ type Rlimit struct {
 type _Gid_t uint32
 
 type Stat_t struct {
-	Dev           uint64
-	Mode          uint32
-	Pad_cgo_0     [4]byte
-	Ino           uint64
-	Nlink         uint32
-	Uid           uint32
-	Gid           uint32
-	Pad_cgo_1     [4]byte
-	Rdev          uint64
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Birthtimespec Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       uint32
-	Flags         uint32
-	Gen           uint32
-	Spare         [2]uint32
-	Pad_cgo_2     [4]byte
+	Dev     uint64
+	Mode    uint32
+	_       [4]byte
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	_       [4]byte
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Spare   [2]uint32
+	_       [4]byte
 }
 
 type Statfs_t [0]byte
 
+type Statvfs_t struct {
+	Flag        uint64
+	Bsize       uint64
+	Frsize      uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Bresvd      uint64
+	Files       uint64
+	Ffree       uint64
+	Favail      uint64
+	Fresvd      uint64
+	Syncreads   uint64
+	Syncwrites  uint64
+	Asyncreads  uint64
+	Asyncwrites uint64
+	Fsidx       Fsid
+	Fsid        uint64
+	Namemax     uint64
+	Owner       uint32
+	Spare       [4]uint32
+	Fstypename  [32]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+	_           [4]byte
+}
+
 type Flock_t struct {
 	Start  int64
 	Len    int64
@@ -107,6 +136,11 @@ const (
 	PathMax = 0x400
 )
 
+const (
+	ST_WAIT   = 0x1
+	ST_NOWAIT = 0x2
+)
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1
@@ -222,6 +256,7 @@ const (
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x14
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
 	SizeofIPMreq           = 0x8
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x30
@@ -409,9 +444,19 @@ type Winsize struct {
 	Ypixel uint16
 }
 
+type Ptmget struct {
+	Cfd int32
+	Sfd int32
+	Cn  [1024]byte
+	Sn  [1024]byte
+}
+
 const (
 	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x100
 	AT_SYMLINK_NOFOLLOW = 0x200
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_REMOVEDIR        = 0x800
 )
 
 type PollFd struct {
@@ -453,3 +498,13 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
index 00525e7b02961..84cc8d01e6566 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_netbsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && netbsd
 // +build arm,netbsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -59,30 +60,57 @@ type Rlimit struct {
 type _Gid_t uint32
 
 type Stat_t struct {
-	Dev           uint64
-	Mode          uint32
-	Pad_cgo_0     [4]byte
-	Ino           uint64
-	Nlink         uint32
-	Uid           uint32
-	Gid           uint32
-	Pad_cgo_1     [4]byte
-	Rdev          uint64
-	Atimespec     Timespec
-	Mtimespec     Timespec
-	Ctimespec     Timespec
-	Birthtimespec Timespec
-	Size          int64
-	Blocks        int64
-	Blksize       uint32
-	Flags         uint32
-	Gen           uint32
-	Spare         [2]uint32
-	Pad_cgo_2     [4]byte
+	Dev     uint64
+	Mode    uint32
+	_       [4]byte
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	_       [4]byte
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Spare   [2]uint32
+	_       [4]byte
 }
 
 type Statfs_t [0]byte
 
+type Statvfs_t struct {
+	Flag        uint32
+	Bsize       uint32
+	Frsize      uint32
+	Iosize      uint32
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Bresvd      uint64
+	Files       uint64
+	Ffree       uint64
+	Favail      uint64
+	Fresvd      uint64
+	Syncreads   uint64
+	Syncwrites  uint64
+	Asyncreads  uint64
+	Asyncwrites uint64
+	Fsidx       Fsid
+	Fsid        uint32
+	Namemax     uint32
+	Owner       uint32
+	Spare       [4]uint32
+	Fstypename  [32]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+}
+
 type Flock_t struct {
 	Start  int64
 	Len    int64
@@ -108,6 +136,11 @@ const (
 	PathMax = 0x400
 )
 
+const (
+	ST_WAIT   = 0x1
+	ST_NOWAIT = 0x2
+)
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1
@@ -221,6 +254,7 @@ const (
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x14
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x8
 	SizeofIPMreq           = 0x8
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x1c
@@ -407,9 +441,19 @@ type Winsize struct {
 	Ypixel uint16
 }
 
+type Ptmget struct {
+	Cfd int32
+	Sfd int32
+	Cn  [1024]byte
+	Sn  [1024]byte
+}
+
 const (
 	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x100
 	AT_SYMLINK_NOFOLLOW = 0x200
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_REMOVEDIR        = 0x800
 )
 
 type PollFd struct {
@@ -451,3 +495,13 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
new file mode 100644
index 0000000000000..c844e7096ff5a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
@@ -0,0 +1,510 @@
+// cgo -godefs types_netbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build arm64 && netbsd
+// +build arm64,netbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec       int64
+	Usec      int32
+	Pad_cgo_0 [4]byte
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     uint64
+	Mode    uint32
+	_       [4]byte
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	_       [4]byte
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Spare   [2]uint32
+	_       [4]byte
+}
+
+type Statfs_t [0]byte
+
+type Statvfs_t struct {
+	Flag        uint64
+	Bsize       uint64
+	Frsize      uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Bresvd      uint64
+	Files       uint64
+	Ffree       uint64
+	Favail      uint64
+	Fresvd      uint64
+	Syncreads   uint64
+	Syncwrites  uint64
+	Asyncreads  uint64
+	Asyncwrites uint64
+	Fsidx       Fsid
+	Fsid        uint64
+	Namemax     uint64
+	Owner       uint32
+	Spare       [4]uint32
+	Fstypename  [32]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+	_           [4]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno    uint64
+	Reclen    uint16
+	Namlen    uint16
+	Type      uint8
+	Name      [512]int8
+	Pad_cgo_0 [3]byte
+}
+
+type Fsid struct {
+	X__fsid_val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	ST_WAIT   = 0x1
+	ST_NOWAIT = 0x2
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *Iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident     uint64
+	Filter    uint32
+	Flags     uint32
+	Fflags    uint32
+	Pad_cgo_0 [4]byte
+	Data      int64
+	Udata     int64
+}
+
+type FdSet struct {
+	Bits [8]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0x98
+	SizeofIfData           = 0x88
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x78
+	SizeofRtMetrics        = 0x50
+)
+
+type IfMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Data      IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Pad_cgo_0  [1]byte
+	Link_state int32
+	Mtu        uint64
+	Metric     uint64
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Noproto    uint64
+	Lastchange Timespec
+}
+
+type IfaMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Metric    int32
+	Index     uint16
+	Pad_cgo_0 [6]byte
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Flags     int32
+	Addrs     int32
+	Pid       int32
+	Seq       int32
+	Errno     int32
+	Use       int32
+	Inits     int32
+	Pad_cgo_1 [4]byte
+	Rmx       RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint64
+	Mtu      uint64
+	Hopcount uint64
+	Recvpipe uint64
+	Sendpipe uint64
+	Ssthresh uint64
+	Rtt      uint64
+	Rttvar   uint64
+	Expire   int64
+	Pksent   int64
+}
+
+type Mclpool [0]byte
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x80
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv    uint64
+	Drop    uint64
+	Capt    uint64
+	Padding [13]uint64
+}
+
+type BpfProgram struct {
+	Len       uint32
+	Pad_cgo_0 [4]byte
+	Insns     *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp    BpfTimeval
+	Caplen    uint32
+	Datalen   uint32
+	Hdrlen    uint16
+	Pad_cgo_0 [6]byte
+}
+
+type BpfTimeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type Ptmget struct {
+	Cfd int32
+	Sfd int32
+	Cn  [1024]byte
+	Sn  [1024]byte
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x100
+	AT_SYMLINK_NOFOLLOW = 0x200
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_REMOVEDIR        = 0x800
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sysctlnode struct {
+	Flags           uint32
+	Num             int32
+	Name            [32]int8
+	Ver             uint32
+	X__rsvd         uint32
+	Un              [16]byte
+	X_sysctl_size   [8]byte
+	X_sysctl_func   [8]byte
+	X_sysctl_parent [8]byte
+	X_sysctl_desc   [8]byte
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
index d5a2d75da3834..2a8b1e6f73f51 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_openbsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build 386 && openbsd
 // +build 386,openbsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -56,23 +57,6 @@ type Rlimit struct {
 
 type _Gid_t uint32
 
-const (
-	S_IFMT   = 0xf000
-	S_IFIFO  = 0x1000
-	S_IFCHR  = 0x2000
-	S_IFDIR  = 0x4000
-	S_IFBLK  = 0x6000
-	S_IFREG  = 0x8000
-	S_IFLNK  = 0xa000
-	S_IFSOCK = 0xc000
-	S_ISUID  = 0x800
-	S_ISGID  = 0x400
-	S_ISVTX  = 0x200
-	S_IRUSR  = 0x100
-	S_IWUSR  = 0x80
-	S_IXUSR  = 0x40
-)
-
 type Stat_t struct {
 	Mode           uint32
 	Dev            int32
@@ -248,6 +232,7 @@ const (
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x20
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x8
 	SizeofIPMreq           = 0x8
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x1c
@@ -453,7 +438,10 @@ type Winsize struct {
 
 const (
 	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x1
 	AT_SYMLINK_NOFOLLOW = 0x2
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_REMOVEDIR        = 0x8
 )
 
 type PollFd struct {
@@ -475,6 +463,8 @@ const (
 	POLLWRNORM = 0x4
 )
 
+type Sigset_t uint32
+
 type Utsname struct {
 	Sysname  [256]byte
 	Nodename [256]byte
@@ -482,3 +472,104 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Anonpages          int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Nanonneeded        int32
+	Nfreeanon          int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Obsolete_swapins   int32
+	Obsolete_swapouts  int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Zeroaborts         int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Pdreanon           int32
+	Pdrevnode          int32
+	Pdrevtext          int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
index 5a9c8184859b5..b1759cf705c00 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_openbsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && openbsd
 // +build amd64,openbsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -56,23 +57,6 @@ type Rlimit struct {
 
 type _Gid_t uint32
 
-const (
-	S_IFMT   = 0xf000
-	S_IFIFO  = 0x1000
-	S_IFCHR  = 0x2000
-	S_IFDIR  = 0x4000
-	S_IFBLK  = 0x6000
-	S_IFREG  = 0x8000
-	S_IFLNK  = 0xa000
-	S_IFSOCK = 0xc000
-	S_ISUID  = 0x800
-	S_ISGID  = 0x400
-	S_ISVTX  = 0x200
-	S_IRUSR  = 0x100
-	S_IWUSR  = 0x80
-	S_IXUSR  = 0x40
-)
-
 type Stat_t struct {
 	Mode    uint32
 	Dev     int32
@@ -252,6 +236,7 @@ const (
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x20
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
 	SizeofIPMreq           = 0x8
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x30
@@ -453,7 +438,10 @@ type Winsize struct {
 
 const (
 	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x1
 	AT_SYMLINK_NOFOLLOW = 0x2
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_REMOVEDIR        = 0x8
 )
 
 type PollFd struct {
@@ -475,6 +463,8 @@ const (
 	POLLWRNORM = 0x4
 )
 
+type Sigset_t uint32
+
 type Utsname struct {
 	Sysname  [256]byte
 	Nodename [256]byte
@@ -482,3 +472,104 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Anonpages          int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Nanonneeded        int32
+	Nfreeanon          int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Obsolete_swapins   int32
+	Obsolete_swapouts  int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Zeroaborts         int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Pdreanon           int32
+	Pdrevnode          int32
+	Pdrevtext          int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
index e35b13b6fcf73..e807de2065c74 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
@@ -1,16 +1,17 @@
-// cgo -godefs types_openbsd.go | go run mkpost.go
+// cgo -godefs -- -fsigned-char types_openbsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build arm && openbsd
 // +build arm,openbsd
 
 package unix
 
 const (
-	sizeofPtr      = 0x4
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x4
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
 )
 
 type (
@@ -23,11 +24,13 @@ type (
 type Timespec struct {
 	Sec  int64
 	Nsec int32
+	_    [4]byte
 }
 
 type Timeval struct {
 	Sec  int64
 	Usec int32
+	_    [4]byte
 }
 
 type Rusage struct {
@@ -56,46 +59,31 @@ type Rlimit struct {
 
 type _Gid_t uint32
 
-const (
-	S_IFMT   = 0xf000
-	S_IFIFO  = 0x1000
-	S_IFCHR  = 0x2000
-	S_IFDIR  = 0x4000
-	S_IFBLK  = 0x6000
-	S_IFREG  = 0x8000
-	S_IFLNK  = 0xa000
-	S_IFSOCK = 0xc000
-	S_ISUID  = 0x800
-	S_ISGID  = 0x400
-	S_ISVTX  = 0x200
-	S_IRUSR  = 0x100
-	S_IWUSR  = 0x80
-	S_IXUSR  = 0x40
-)
-
 type Stat_t struct {
-	Mode           uint32
-	Dev            int32
-	Ino            uint64
-	Nlink          uint32
-	Uid            uint32
-	Gid            uint32
-	Rdev           int32
-	Atim           Timespec
-	Mtim           Timespec
-	Ctim           Timespec
-	Size           int64
-	Blocks         int64
-	Blksize        int32
-	Flags          uint32
-	Gen            uint32
-	X__st_birthtim Timespec
+	Mode    uint32
+	Dev     int32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	_       [4]byte
+	_       Timespec
 }
 
 type Statfs_t struct {
 	F_flags       uint32
 	F_bsize       uint32
 	F_iosize      uint32
+	_             [4]byte
 	F_blocks      uint64
 	F_bfree       uint64
 	F_bavail      int64
@@ -110,11 +98,11 @@ type Statfs_t struct {
 	F_namemax     uint32
 	F_owner       uint32
 	F_ctime       uint64
-	F_fstypename  [16]uint8
-	F_mntonname   [90]uint8
-	F_mntfromname [90]uint8
-	F_mntfromspec [90]uint8
-	Pad_cgo_0     [2]byte
+	F_fstypename  [16]int8
+	F_mntonname   [90]int8
+	F_mntfromname [90]int8
+	F_mntfromspec [90]int8
+	_             [2]byte
 	Mount_info    [160]byte
 }
 
@@ -127,13 +115,13 @@ type Flock_t struct {
 }
 
 type Dirent struct {
-	Fileno       uint64
-	Off          int64
-	Reclen       uint16
-	Type         uint8
-	Namlen       uint8
-	X__d_padding [4]uint8
-	Name         [256]uint8
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	_      [4]uint8
+	Name   [256]int8
 }
 
 type Fsid struct {
@@ -248,6 +236,7 @@ const (
 	SizeofSockaddrUnix     = 0x6a
 	SizeofSockaddrDatalink = 0x20
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x8
 	SizeofIPMreq           = 0x8
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x1c
@@ -268,8 +257,10 @@ type Kevent_t struct {
 	Filter int16
 	Flags  uint16
 	Fflags uint32
+	_      [4]byte
 	Data   int64
 	Udata  *byte
+	_      [4]byte
 }
 
 type FdSet struct {
@@ -277,8 +268,8 @@ type FdSet struct {
 }
 
 const (
-	SizeofIfMsghdr         = 0x98
-	SizeofIfData           = 0x80
+	SizeofIfMsghdr         = 0xa8
+	SizeofIfData           = 0x90
 	SizeofIfaMsghdr        = 0x18
 	SizeofIfAnnounceMsghdr = 0x1a
 	SizeofRtMsghdr         = 0x60
@@ -307,7 +298,7 @@ type IfData struct {
 	Link_state   uint8
 	Mtu          uint32
 	Metric       uint32
-	Pad          uint32
+	Rdomain      uint32
 	Baudrate     uint64
 	Ipackets     uint64
 	Ierrors      uint64
@@ -319,8 +310,10 @@ type IfData struct {
 	Imcasts      uint64
 	Omcasts      uint64
 	Iqdrops      uint64
+	Oqdrops      uint64
 	Noproto      uint64
 	Capabilities uint32
+	_            [4]byte
 	Lastchange   Timeval
 }
 
@@ -345,7 +338,7 @@ type IfAnnounceMsghdr struct {
 	Hdrlen  uint16
 	Index   uint16
 	What    uint16
-	Name    [16]uint8
+	Name    [16]int8
 }
 
 type RtMsghdr struct {
@@ -415,11 +408,11 @@ type BpfInsn struct {
 }
 
 type BpfHdr struct {
-	Tstamp    BpfTimeval
-	Caplen    uint32
-	Datalen   uint32
-	Hdrlen    uint16
-	Pad_cgo_0 [2]byte
+	Tstamp  BpfTimeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
 }
 
 type BpfTimeval struct {
@@ -446,7 +439,10 @@ type Winsize struct {
 
 const (
 	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x1
 	AT_SYMLINK_NOFOLLOW = 0x2
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_REMOVEDIR        = 0x8
 )
 
 type PollFd struct {
@@ -468,6 +464,8 @@ const (
 	POLLWRNORM = 0x4
 )
 
+type Sigset_t uint32
+
 type Utsname struct {
 	Sysname  [256]byte
 	Nodename [256]byte
@@ -475,3 +473,104 @@ type Utsname struct {
 	Version  [256]byte
 	Machine  [256]byte
 }
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Unused01           int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Unused05           int32
+	Unused06           int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Unused07           int32
+	Unused08           int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Unused09           int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Unused11           int32
+	Unused12           int32
+	Unused13           int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
new file mode 100644
index 0000000000000..ff3aecaee40ac
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
@@ -0,0 +1,569 @@
+// cgo -godefs -- -fsigned-char types_openbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build arm64 && openbsd
+// +build arm64,openbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Mode    uint32
+	Dev     int32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	_       Timespec
+}
+
+type Statfs_t struct {
+	F_flags       uint32
+	F_bsize       uint32
+	F_iosize      uint32
+	F_blocks      uint64
+	F_bfree       uint64
+	F_bavail      int64
+	F_files       uint64
+	F_ffree       uint64
+	F_favail      int64
+	F_syncwrites  uint64
+	F_syncreads   uint64
+	F_asyncwrites uint64
+	F_asyncreads  uint64
+	F_fsid        Fsid
+	F_namemax     uint32
+	F_owner       uint32
+	F_ctime       uint64
+	F_fstypename  [16]int8
+	F_mntonname   [90]int8
+	F_mntfromname [90]int8
+	F_mntfromspec [90]int8
+	_             [2]byte
+	Mount_info    [160]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	_      [4]uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [24]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x20
+	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0xa8
+	SizeofIfData           = 0x90
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x1a
+	SizeofRtMsghdr         = 0x60
+	SizeofRtMetrics        = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Xflags  int32
+	Data    IfData
+}
+
+type IfData struct {
+	Type         uint8
+	Addrlen      uint8
+	Hdrlen       uint8
+	Link_state   uint8
+	Mtu          uint32
+	Metric       uint32
+	Rdomain      uint32
+	Baudrate     uint64
+	Ipackets     uint64
+	Ierrors      uint64
+	Opackets     uint64
+	Oerrors      uint64
+	Collisions   uint64
+	Ibytes       uint64
+	Obytes       uint64
+	Imcasts      uint64
+	Omcasts      uint64
+	Iqdrops      uint64
+	Oqdrops      uint64
+	Noproto      uint64
+	Capabilities uint32
+	Lastchange   Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Metric  int32
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	What    uint16
+	Name    [16]int8
+}
+
+type RtMsghdr struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Hdrlen   uint16
+	Index    uint16
+	Tableid  uint16
+	Priority uint8
+	Mpls     uint8
+	Addrs    int32
+	Flags    int32
+	Fmask    int32
+	Pid      int32
+	Seq      int32
+	Errno    int32
+	Inits    uint32
+	Rmx      RtMetrics
+}
+
+type RtMetrics struct {
+	Pksent   uint64
+	Expire   int64
+	Locks    uint32
+	Mtu      uint32
+	Refcnt   uint32
+	Hopcount uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pad      uint32
+}
+
+type Mclpool struct{}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  BpfTimeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x1
+	AT_SYMLINK_NOFOLLOW = 0x2
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_REMOVEDIR        = 0x8
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sigset_t uint32
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Unused01           int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Unused05           int32
+	Unused06           int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Unused07           int32
+	Unused08           int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Unused09           int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Unused11           int32
+	Unused12           int32
+	Unused13           int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
new file mode 100644
index 0000000000000..9ecda69174c84
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
@@ -0,0 +1,569 @@
+// cgo -godefs -- -fsigned-char types_openbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build mips64 && openbsd
+// +build mips64,openbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Mode    uint32
+	Dev     int32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	_       Timespec
+}
+
+type Statfs_t struct {
+	F_flags       uint32
+	F_bsize       uint32
+	F_iosize      uint32
+	F_blocks      uint64
+	F_bfree       uint64
+	F_bavail      int64
+	F_files       uint64
+	F_ffree       uint64
+	F_favail      int64
+	F_syncwrites  uint64
+	F_syncreads   uint64
+	F_asyncwrites uint64
+	F_asyncreads  uint64
+	F_fsid        Fsid
+	F_namemax     uint32
+	F_owner       uint32
+	F_ctime       uint64
+	F_fstypename  [16]int8
+	F_mntonname   [90]int8
+	F_mntfromname [90]int8
+	F_mntfromspec [90]int8
+	_             [2]byte
+	Mount_info    [160]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	_      [4]uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [24]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x20
+	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0xa8
+	SizeofIfData           = 0x90
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x1a
+	SizeofRtMsghdr         = 0x60
+	SizeofRtMetrics        = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Xflags  int32
+	Data    IfData
+}
+
+type IfData struct {
+	Type         uint8
+	Addrlen      uint8
+	Hdrlen       uint8
+	Link_state   uint8
+	Mtu          uint32
+	Metric       uint32
+	Rdomain      uint32
+	Baudrate     uint64
+	Ipackets     uint64
+	Ierrors      uint64
+	Opackets     uint64
+	Oerrors      uint64
+	Collisions   uint64
+	Ibytes       uint64
+	Obytes       uint64
+	Imcasts      uint64
+	Omcasts      uint64
+	Iqdrops      uint64
+	Oqdrops      uint64
+	Noproto      uint64
+	Capabilities uint32
+	Lastchange   Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Metric  int32
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	What    uint16
+	Name    [16]int8
+}
+
+type RtMsghdr struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Hdrlen   uint16
+	Index    uint16
+	Tableid  uint16
+	Priority uint8
+	Mpls     uint8
+	Addrs    int32
+	Flags    int32
+	Fmask    int32
+	Pid      int32
+	Seq      int32
+	Errno    int32
+	Inits    uint32
+	Rmx      RtMetrics
+}
+
+type RtMetrics struct {
+	Pksent   uint64
+	Expire   int64
+	Locks    uint32
+	Mtu      uint32
+	Refcnt   uint32
+	Hopcount uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pad      uint32
+}
+
+type Mclpool struct{}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  BpfTimeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_EACCESS          = 0x1
+	AT_SYMLINK_NOFOLLOW = 0x2
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_REMOVEDIR        = 0x8
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sigset_t uint32
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Unused01           int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Unused05           int32
+	Unused06           int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Unused07           int32
+	Unused08           int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Unused09           int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Unused11           int32
+	Unused12           int32
+	Unused13           int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
index 2248598d03f99..ad4aad2796869 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
@@ -1,16 +1,17 @@
 // cgo -godefs types_solaris.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
+//go:build amd64 && solaris
 // +build amd64,solaris
 
 package unix
 
 const (
-	sizeofPtr      = 0x8
-	sizeofShort    = 0x2
-	sizeofInt      = 0x4
-	sizeofLong     = 0x8
-	sizeofLongLong = 0x8
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
 	PathMax        = 0x400
 	MaxHostNameLen = 0x100
 )
@@ -75,23 +76,6 @@ type Rlimit struct {
 
 type _Gid_t uint32
 
-const (
-	S_IFMT   = 0xf000
-	S_IFIFO  = 0x1000
-	S_IFCHR  = 0x2000
-	S_IFDIR  = 0x4000
-	S_IFBLK  = 0x6000
-	S_IFREG  = 0x8000
-	S_IFLNK  = 0xa000
-	S_IFSOCK = 0xc000
-	S_ISUID  = 0x800
-	S_ISGID  = 0x400
-	S_ISVTX  = 0x200
-	S_IRUSR  = 0x100
-	S_IWUSR  = 0x80
-	S_IXUSR  = 0x40
-)
-
 type Stat_t struct {
 	Dev     uint64
 	Ino     uint64
@@ -105,7 +89,6 @@ type Stat_t struct {
 	Mtim    Timespec
 	Ctim    Timespec
 	Blksize int32
-	_       [4]byte
 	Blocks  int64
 	Fstype  [16]int8
 }
@@ -113,7 +96,6 @@ type Stat_t struct {
 type Flock_t struct {
 	Type   int16
 	Whence int16
-	_      [4]byte
 	Start  int64
 	Len    int64
 	Sysid  int32
@@ -155,12 +137,12 @@ type RawSockaddrInet4 struct {
 }
 
 type RawSockaddrInet6 struct {
-	Family         uint16
-	Port           uint16
-	Flowinfo       uint32
-	Addr           [16]byte /* in6_addr */
-	Scope_id       uint32
-	X__sin6_src_id uint32
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+	_        uint32
 }
 
 type RawSockaddrUnix struct {
@@ -213,10 +195,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name         *byte
 	Namelen      uint32
-	_            [4]byte
 	Iov          *Iovec
 	Iovlen       int32
-	_            [4]byte
 	Accrights    *int8
 	Accrightslen int32
 	_            [4]byte
@@ -228,6 +208,12 @@ type Cmsghdr struct {
 	Type  int32
 }
 
+type Inet4Pktinfo struct {
+	Ifindex  uint32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
 type Inet6Pktinfo struct {
 	Addr    [16]byte /* in6_addr */
 	Ifindex uint32
@@ -239,7 +225,7 @@ type IPv6MTUInfo struct {
 }
 
 type ICMPv6Filter struct {
-	X__icmp6_filt [8]uint32
+	Filt [8]uint32
 }
 
 const (
@@ -249,10 +235,12 @@ const (
 	SizeofSockaddrUnix     = 0x6e
 	SizeofSockaddrDatalink = 0xfc
 	SizeofLinger           = 0x8
+	SizeofIovec            = 0x10
 	SizeofIPMreq           = 0x8
 	SizeofIPv6Mreq         = 0x14
 	SizeofMsghdr           = 0x30
 	SizeofCmsghdr          = 0xc
+	SizeofInet4Pktinfo     = 0xc
 	SizeofInet6Pktinfo     = 0x14
 	SizeofIPv6MTUInfo      = 0x24
 	SizeofICMPv6Filter     = 0x20
@@ -301,7 +289,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -309,7 +296,6 @@ type IfData struct {
 	Type       uint8
 	Addrlen    uint8
 	Hdrlen     uint8
-	_          [1]byte
 	Mtu        uint32
 	Metric     uint32
 	Baudrate   uint32
@@ -334,7 +320,6 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Metric  int32
 }
 
@@ -343,7 +328,6 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
 	Flags   int32
 	Addrs   int32
 	Pid     int32
@@ -381,15 +365,14 @@ type BpfVersion struct {
 }
 
 type BpfStat struct {
-	Recv    uint64
-	Drop    uint64
-	Capt    uint64
-	Padding [13]uint64
+	Recv uint64
+	Drop uint64
+	Capt uint64
+	_    [13]uint64
 }
 
 type BpfProgram struct {
 	Len   uint32
-	_     [4]byte
 	Insns *BpfInsn
 }
 
@@ -457,3 +440,43 @@ const (
 	POLLWRBAND = 0x100
 	POLLWRNORM = 0x4
 )
+
+type fileObj struct {
+	Atim Timespec
+	Mtim Timespec
+	Ctim Timespec
+	Pad  [3]uint64
+	Name *int8
+}
+
+type portEvent struct {
+	Events int32
+	Source uint16
+	Pad    uint16
+	Object uint64
+	User   *byte
+}
+
+const (
+	PORT_SOURCE_AIO    = 0x1
+	PORT_SOURCE_TIMER  = 0x2
+	PORT_SOURCE_USER   = 0x3
+	PORT_SOURCE_FD     = 0x4
+	PORT_SOURCE_ALERT  = 0x5
+	PORT_SOURCE_MQ     = 0x6
+	PORT_SOURCE_FILE   = 0x7
+	PORT_ALERT_SET     = 0x1
+	PORT_ALERT_UPDATE  = 0x2
+	PORT_ALERT_INVALID = 0x3
+	FILE_ACCESS        = 0x1
+	FILE_MODIFIED      = 0x2
+	FILE_ATTRIB        = 0x4
+	FILE_TRUNC         = 0x100000
+	FILE_NOFOLLOW      = 0x10000000
+	FILE_DELETE        = 0x10
+	FILE_RENAME_TO     = 0x20
+	FILE_RENAME_FROM   = 0x40
+	UNMOUNTED          = 0x20000000
+	MOUNTEDOVER        = 0x40000000
+	FILE_EXCEPTION     = 0x60000070
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
new file mode 100644
index 0000000000000..4ab638cb94c7a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -0,0 +1,406 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x
+// +build zos,s390x
+
+// Hand edited based on ztypes_linux_s390x.go
+// TODO: auto-generate.
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+	PathMax        = 0x1000
+)
+
+const (
+	SizeofSockaddrAny   = 128
+	SizeofCmsghdr       = 12
+	SizeofIPMreq        = 8
+	SizeofIPv6Mreq      = 20
+	SizeofICMPv6Filter  = 32
+	SizeofIPv6MTUInfo   = 32
+	SizeofLinger        = 8
+	SizeofSockaddrInet4 = 16
+	SizeofSockaddrInet6 = 28
+	SizeofTCPInfo       = 0x68
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type timeval_zos struct { //correct (with padding and all)
+	Sec  int64
+	_    [4]byte // pad
+	Usec int32
+}
+
+type Tms struct { //clock_t is 4-byte unsigned int in zos
+	Utime  uint32
+	Stime  uint32
+	Cutime uint32
+	Cstime uint32
+}
+
+type Time_t int64
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Utsname struct {
+	Sysname    [65]byte
+	Nodename   [65]byte
+	Release    [65]byte
+	Version    [65]byte
+	Machine    [65]byte
+	Domainname [65]byte
+}
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [108]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	_    [112]uint8 // pad
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Iov        *Iovec
+	Control    *byte
+	Flags      int32
+	Namelen    int32
+	Iovlen     int32
+	Controllen int32
+}
+
+type Cmsghdr struct {
+	Len   int32
+	Level int32
+	Type  int32
+}
+
+type Inet4Pktinfo struct {
+	Addr    [4]byte /* in_addr */
+	Ifindex uint32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Data [8]uint32
+}
+
+type TCPInfo struct {
+	State          uint8
+	Ca_state       uint8
+	Retransmits    uint8
+	Probes         uint8
+	Backoff        uint8
+	Options        uint8
+	Rto            uint32
+	Ato            uint32
+	Snd_mss        uint32
+	Rcv_mss        uint32
+	Unacked        uint32
+	Sacked         uint32
+	Lost           uint32
+	Retrans        uint32
+	Fackets        uint32
+	Last_data_sent uint32
+	Last_ack_sent  uint32
+	Last_data_recv uint32
+	Last_ack_recv  uint32
+	Pmtu           uint32
+	Rcv_ssthresh   uint32
+	Rtt            uint32
+	Rttvar         uint32
+	Snd_ssthresh   uint32
+	Snd_cwnd       uint32
+	Advmss         uint32
+	Reordering     uint32
+	Rcv_rtt        uint32
+	Rcv_space      uint32
+	Total_retrans  uint32
+}
+
+type _Gid_t uint32
+
+type rusage_zos struct {
+	Utime timeval_zos
+	Stime timeval_zos
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+// { int, short, short } in poll.h
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+type Stat_t struct { //Linux Definition
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint32
+	Uid     uint32
+	Gid     uint32
+	_       int32
+	Rdev    uint64
+	Size    int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Blksize int64
+	Blocks  int64
+	_       [3]int64
+}
+
+type Stat_LE_t struct {
+	_            [4]byte // eye catcher
+	Length       uint16
+	Version      uint16
+	Mode         int32
+	Ino          uint32
+	Dev          uint32
+	Nlink        int32
+	Uid          int32
+	Gid          int32
+	Size         int64
+	Atim31       [4]byte
+	Mtim31       [4]byte
+	Ctim31       [4]byte
+	Rdev         uint32
+	Auditoraudit uint32
+	Useraudit    uint32
+	Blksize      int32
+	Creatim31    [4]byte
+	AuditID      [16]byte
+	_            [4]byte // rsrvd1
+	File_tag     struct {
+		Ccsid   uint16
+		Txtflag uint16 // aggregating Txflag:1 deferred:1 rsvflags:14
+	}
+	CharsetID [8]byte
+	Blocks    int64
+	Genvalue  uint32
+	Reftim31  [4]byte
+	Fid       [8]byte
+	Filefmt   byte
+	Fspflag2  byte
+	_         [2]byte // rsrvd2
+	Ctimemsec int32
+	Seclabel  [8]byte
+	_         [4]byte // rsrvd3
+	_         [4]byte // rsrvd4
+	Atim      Time_t
+	Mtim      Time_t
+	Ctim      Time_t
+	Creatim   Time_t
+	Reftim    Time_t
+	_         [24]byte // rsrvd5
+}
+
+type Statvfs_t struct {
+	ID          [4]byte
+	Len         int32
+	Bsize       uint64
+	Blocks      uint64
+	Usedspace   uint64
+	Bavail      uint64
+	Flag        uint64
+	Maxfilesize int64
+	_           [16]byte
+	Frsize      uint64
+	Bfree       uint64
+	Files       uint32
+	Ffree       uint32
+	Favail      uint32
+	Namemax31   uint32
+	Invarsec    uint32
+	_           [4]byte
+	Fsid        uint64
+	Namemax     uint64
+}
+
+type Statfs_t struct {
+	Type    uint32
+	Bsize   uint64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint32
+	Ffree   uint32
+	Fsid    uint64
+	Namelen uint64
+	Frsize  uint64
+	Flags   uint64
+}
+
+type Dirent struct {
+	Reclen uint16
+	Namlen uint16
+	Ino    uint32
+	Extra  uintptr
+	Name   [256]byte
+}
+
+type FdSet struct {
+	Bits [64]int32
+}
+
+// This struct is packed on z/OS so it can't be used directly.
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+}
+
+type Termios struct {
+	Cflag uint32
+	Iflag uint32
+	Lflag uint32
+	Oflag uint32
+	Cc    [11]uint8
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type W_Mnth struct {
+	Hid   [4]byte
+	Size  int32
+	Cur1  int32 //32bit pointer
+	Cur2  int32 //^
+	Devno uint32
+	_     [4]byte
+}
+
+type W_Mntent struct {
+	Fstype       uint32
+	Mode         uint32
+	Dev          uint32
+	Parentdev    uint32
+	Rootino      uint32
+	Status       byte
+	Ddname       [9]byte
+	Fstname      [9]byte
+	Fsname       [45]byte
+	Pathlen      uint32
+	Mountpoint   [1024]byte
+	Jobname      [8]byte
+	PID          int32
+	Parmoffset   int32
+	Parmlen      int16
+	Owner        [8]byte
+	Quiesceowner [8]byte
+	_            [38]byte
+}
diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go
new file mode 100644
index 0000000000000..a20ebea63312c
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/aliases.go
@@ -0,0 +1,13 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build windows && go1.9
+// +build windows,go1.9
+
+package windows
+
+import "syscall"
+
+type Errno = syscall.Errno
+type SysProcAttr = syscall.SysProcAttr
diff --git a/vendor/golang.org/x/sys/windows/asm_windows_386.s b/vendor/golang.org/x/sys/windows/asm_windows_386.s
deleted file mode 100644
index 21d994d318a30..0000000000000
--- a/vendor/golang.org/x/sys/windows/asm_windows_386.s
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//
-// System calls for 386, Windows are implemented in runtime/syscall_windows.goc
-//
-
-TEXT ·getprocaddress(SB), 7, $0-16
-	JMP	syscall·getprocaddress(SB)
-
-TEXT ·loadlibrary(SB), 7, $0-12
-	JMP	syscall·loadlibrary(SB)
diff --git a/vendor/golang.org/x/sys/windows/asm_windows_amd64.s b/vendor/golang.org/x/sys/windows/asm_windows_amd64.s
deleted file mode 100644
index 5bfdf797414ce..0000000000000
--- a/vendor/golang.org/x/sys/windows/asm_windows_amd64.s
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//
-// System calls for amd64, Windows are implemented in runtime/syscall_windows.goc
-//
-
-TEXT ·getprocaddress(SB), 7, $0-32
-	JMP	syscall·getprocaddress(SB)
-
-TEXT ·loadlibrary(SB), 7, $0-24
-	JMP	syscall·loadlibrary(SB)
diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go
index e92c05b213c8f..115341fba66da 100644
--- a/vendor/golang.org/x/sys/windows/dll_windows.go
+++ b/vendor/golang.org/x/sys/windows/dll_windows.go
@@ -11,6 +11,18 @@ import (
 	"unsafe"
 )
 
+// We need to use LoadLibrary and GetProcAddress from the Go runtime, because
+// the these symbols are loaded by the system linker and are required to
+// dynamically load additional symbols. Note that in the Go runtime, these
+// return syscall.Handle and syscall.Errno, but these are the same, in fact,
+// as windows.Handle and windows.Errno, and we intend to keep these the same.
+
+//go:linkname syscall_loadlibrary syscall.loadlibrary
+func syscall_loadlibrary(filename *uint16) (handle Handle, err Errno)
+
+//go:linkname syscall_getprocaddress syscall.getprocaddress
+func syscall_getprocaddress(handle Handle, procname *uint8) (proc uintptr, err Errno)
+
 // DLLError describes reasons for DLL load failures.
 type DLLError struct {
 	Err     error
@@ -20,9 +32,7 @@ type DLLError struct {
 
 func (e *DLLError) Error() string { return e.Msg }
 
-// Implemented in runtime/syscall_windows.goc; we provide jumps to them in our assembly file.
-func loadlibrary(filename *uint16) (handle uintptr, err syscall.Errno)
-func getprocaddress(handle uintptr, procname *uint8) (proc uintptr, err syscall.Errno)
+func (e *DLLError) Unwrap() error { return e.Err }
 
 // A DLL implements access to a single DLL.
 type DLL struct {
@@ -40,7 +50,7 @@ func LoadDLL(name string) (dll *DLL, err error) {
 	if err != nil {
 		return nil, err
 	}
-	h, e := loadlibrary(namep)
+	h, e := syscall_loadlibrary(namep)
 	if e != 0 {
 		return nil, &DLLError{
 			Err:     e,
@@ -50,7 +60,7 @@ func LoadDLL(name string) (dll *DLL, err error) {
 	}
 	d := &DLL{
 		Name:   name,
-		Handle: Handle(h),
+		Handle: h,
 	}
 	return d, nil
 }
@@ -71,7 +81,7 @@ func (d *DLL) FindProc(name string) (proc *Proc, err error) {
 	if err != nil {
 		return nil, err
 	}
-	a, e := getprocaddress(uintptr(d.Handle), namep)
+	a, e := syscall_getprocaddress(d.Handle, namep)
 	if e != 0 {
 		return nil, &DLLError{
 			Err:     e,
@@ -96,6 +106,35 @@ func (d *DLL) MustFindProc(name string) *Proc {
 	return p
 }
 
+// FindProcByOrdinal searches DLL d for procedure by ordinal and returns *Proc
+// if found. It returns an error if search fails.
+func (d *DLL) FindProcByOrdinal(ordinal uintptr) (proc *Proc, err error) {
+	a, e := GetProcAddressByOrdinal(d.Handle, ordinal)
+	name := "#" + itoa(int(ordinal))
+	if e != nil {
+		return nil, &DLLError{
+			Err:     e,
+			ObjName: name,
+			Msg:     "Failed to find " + name + " procedure in " + d.Name + ": " + e.Error(),
+		}
+	}
+	p := &Proc{
+		Dll:  d,
+		Name: name,
+		addr: a,
+	}
+	return p, nil
+}
+
+// MustFindProcByOrdinal is like FindProcByOrdinal but panics if search fails.
+func (d *DLL) MustFindProcByOrdinal(ordinal uintptr) *Proc {
+	p, e := d.FindProcByOrdinal(ordinal)
+	if e != nil {
+		panic(e)
+	}
+	return p
+}
+
 // Release unloads DLL d from memory.
 func (d *DLL) Release() (err error) {
 	return FreeLibrary(d.Handle)
@@ -352,18 +391,17 @@ func loadLibraryEx(name string, system bool) (*DLL, error) {
 	var flags uintptr
 	if system {
 		if canDoSearchSystem32() {
-			const LOAD_LIBRARY_SEARCH_SYSTEM32 = 0x00000800
 			flags = LOAD_LIBRARY_SEARCH_SYSTEM32
 		} else if isBaseName(name) {
 			// WindowsXP or unpatched Windows machine
 			// trying to load "foo.dll" out of the system
 			// folder, but LoadLibraryEx doesn't support
 			// that yet on their system, so emulate it.
-			windir, _ := Getenv("WINDIR") // old var; apparently works on XP
-			if windir == "" {
-				return nil, errString("%WINDIR% not defined")
+			systemdir, err := GetSystemDirectory()
+			if err != nil {
+				return nil, err
 			}
-			loadDLL = windir + "\\System32\\" + name
+			loadDLL = systemdir + "\\" + name
 		}
 	}
 	h, err := LoadLibraryEx(loadDLL, 0, flags)
diff --git a/vendor/golang.org/x/sys/windows/empty.s b/vendor/golang.org/x/sys/windows/empty.s
new file mode 100644
index 0000000000000..fdbbbcd31717e
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/empty.s
@@ -0,0 +1,9 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.12
+// +build !go1.12
+
+// This file is here to allow bodyless functions with go:linkname for Go 1.11
+// and earlier (see https://golang.org/issue/23311).
diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go
index bdc71e241e0c6..92ac05ff4ea60 100644
--- a/vendor/golang.org/x/sys/windows/env_windows.go
+++ b/vendor/golang.org/x/sys/windows/env_windows.go
@@ -6,7 +6,10 @@
 
 package windows
 
-import "syscall"
+import (
+	"syscall"
+	"unsafe"
+)
 
 func Getenv(key string) (value string, found bool) {
 	return syscall.Getenv(key)
@@ -24,6 +27,28 @@ func Environ() []string {
 	return syscall.Environ()
 }
 
+// Returns a default environment associated with the token, rather than the current
+// process. If inheritExisting is true, then this environment also inherits the
+// environment of the current process.
+func (token Token) Environ(inheritExisting bool) (env []string, err error) {
+	var block *uint16
+	err = CreateEnvironmentBlock(&block, token, inheritExisting)
+	if err != nil {
+		return nil, err
+	}
+	defer DestroyEnvironmentBlock(block)
+	blockp := uintptr(unsafe.Pointer(block))
+	for {
+		entry := UTF16PtrToString((*uint16)(unsafe.Pointer(blockp)))
+		if len(entry) == 0 {
+			break
+		}
+		env = append(env, entry)
+		blockp += 2 * (uintptr(len(entry)) + 1)
+	}
+	return env, nil
+}
+
 func Unsetenv(key string) error {
 	return syscall.Unsetenv(key)
 }
diff --git a/vendor/golang.org/x/sys/windows/eventlog.go b/vendor/golang.org/x/sys/windows/eventlog.go
index 40af946e162f9..2cd60645ee7d3 100644
--- a/vendor/golang.org/x/sys/windows/eventlog.go
+++ b/vendor/golang.org/x/sys/windows/eventlog.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build windows
 // +build windows
 
 package windows
diff --git a/vendor/golang.org/x/sys/windows/exec_windows.go b/vendor/golang.org/x/sys/windows/exec_windows.go
index 3606c3a8b3690..7a11e83b7ec10 100644
--- a/vendor/golang.org/x/sys/windows/exec_windows.go
+++ b/vendor/golang.org/x/sys/windows/exec_windows.go
@@ -6,6 +6,13 @@
 
 package windows
 
+import (
+	errorspkg "errors"
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
+)
+
 // EscapeArg rewrites command line argument s as prescribed
 // in http://msdn.microsoft.com/en-us/library/ms880421.
 // This function returns "" (2 double quotes) if s is empty.
@@ -73,6 +80,40 @@ func EscapeArg(s string) string {
 	return string(qs[:j])
 }
 
+// ComposeCommandLine escapes and joins the given arguments suitable for use as a Windows command line,
+// in CreateProcess's CommandLine argument, CreateService/ChangeServiceConfig's BinaryPathName argument,
+// or any program that uses CommandLineToArgv.
+func ComposeCommandLine(args []string) string {
+	var commandLine string
+	for i := range args {
+		if i > 0 {
+			commandLine += " "
+		}
+		commandLine += EscapeArg(args[i])
+	}
+	return commandLine
+}
+
+// DecomposeCommandLine breaks apart its argument command line into unescaped parts using CommandLineToArgv,
+// as gathered from GetCommandLine, QUERY_SERVICE_CONFIG's BinaryPathName argument, or elsewhere that
+// command lines are passed around.
+func DecomposeCommandLine(commandLine string) ([]string, error) {
+	if len(commandLine) == 0 {
+		return []string{}, nil
+	}
+	var argc int32
+	argv, err := CommandLineToArgv(StringToUTF16Ptr(commandLine), &argc)
+	if err != nil {
+		return nil, err
+	}
+	defer LocalFree(Handle(unsafe.Pointer(argv)))
+	var args []string
+	for _, v := range (*argv)[:argc] {
+		args = append(args, UTF16ToString((*v)[:]))
+	}
+	return args, nil
+}
+
 func CloseOnExec(fd Handle) {
 	SetHandleInformation(Handle(fd), HANDLE_FLAG_INHERIT, 0)
 }
@@ -95,3 +136,60 @@ func FullPath(name string) (path string, err error) {
 		}
 	}
 }
+
+// NewProcThreadAttributeList allocates a new ProcThreadAttributeListContainer, with the requested maximum number of attributes.
+func NewProcThreadAttributeList(maxAttrCount uint32) (*ProcThreadAttributeListContainer, error) {
+	var size uintptr
+	err := initializeProcThreadAttributeList(nil, maxAttrCount, 0, &size)
+	if err != ERROR_INSUFFICIENT_BUFFER {
+		if err == nil {
+			return nil, errorspkg.New("unable to query buffer size from InitializeProcThreadAttributeList")
+		}
+		return nil, err
+	}
+	// size is guaranteed to be ≥1 by InitializeProcThreadAttributeList.
+	al := &ProcThreadAttributeListContainer{data: (*ProcThreadAttributeList)(unsafe.Pointer(&make([]byte, size)[0]))}
+	err = initializeProcThreadAttributeList(al.data, maxAttrCount, 0, &size)
+	if err != nil {
+		return nil, err
+	}
+	return al, err
+}
+
+// Update modifies the ProcThreadAttributeList using UpdateProcThreadAttribute.
+// Note that the value passed to this function will be copied into memory
+// allocated by LocalAlloc, the contents of which should not contain any
+// Go-managed pointers, even if the passed value itself is a Go-managed
+// pointer.
+func (al *ProcThreadAttributeListContainer) Update(attribute uintptr, value unsafe.Pointer, size uintptr) error {
+	alloc, err := LocalAlloc(LMEM_FIXED, uint32(size))
+	if err != nil {
+		return err
+	}
+	var src, dst []byte
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&src))
+	hdr.Data = value
+	hdr.Cap = int(size)
+	hdr.Len = int(size)
+	hdr = (*unsafeheader.Slice)(unsafe.Pointer(&dst))
+	hdr.Data = unsafe.Pointer(alloc)
+	hdr.Cap = int(size)
+	hdr.Len = int(size)
+	copy(dst, src)
+	al.heapAllocations = append(al.heapAllocations, alloc)
+	return updateProcThreadAttribute(al.data, 0, attribute, unsafe.Pointer(alloc), size, nil, nil)
+}
+
+// Delete frees ProcThreadAttributeList's resources.
+func (al *ProcThreadAttributeListContainer) Delete() {
+	deleteProcThreadAttributeList(al.data)
+	for i := range al.heapAllocations {
+		LocalFree(Handle(al.heapAllocations[i]))
+	}
+	al.heapAllocations = nil
+}
+
+// List returns the actual ProcThreadAttributeList to be passed to StartupInfoEx.
+func (al *ProcThreadAttributeListContainer) List() *ProcThreadAttributeList {
+	return al.data
+}
diff --git a/vendor/golang.org/x/sys/windows/memory_windows.go b/vendor/golang.org/x/sys/windows/memory_windows.go
index f80a4204f097d..6dc0920a84da2 100644
--- a/vendor/golang.org/x/sys/windows/memory_windows.go
+++ b/vendor/golang.org/x/sys/windows/memory_windows.go
@@ -16,11 +16,33 @@ const (
 	MEM_RESET_UNDO  = 0x01000000
 	MEM_LARGE_PAGES = 0x20000000
 
-	PAGE_NOACCESS          = 0x01
-	PAGE_READONLY          = 0x02
-	PAGE_READWRITE         = 0x04
-	PAGE_WRITECOPY         = 0x08
-	PAGE_EXECUTE_READ      = 0x20
-	PAGE_EXECUTE_READWRITE = 0x40
-	PAGE_EXECUTE_WRITECOPY = 0x80
+	PAGE_NOACCESS          = 0x00000001
+	PAGE_READONLY          = 0x00000002
+	PAGE_READWRITE         = 0x00000004
+	PAGE_WRITECOPY         = 0x00000008
+	PAGE_EXECUTE           = 0x00000010
+	PAGE_EXECUTE_READ      = 0x00000020
+	PAGE_EXECUTE_READWRITE = 0x00000040
+	PAGE_EXECUTE_WRITECOPY = 0x00000080
+	PAGE_GUARD             = 0x00000100
+	PAGE_NOCACHE           = 0x00000200
+	PAGE_WRITECOMBINE      = 0x00000400
+	PAGE_TARGETS_INVALID   = 0x40000000
+	PAGE_TARGETS_NO_UPDATE = 0x40000000
+
+	QUOTA_LIMITS_HARDWS_MIN_DISABLE = 0x00000002
+	QUOTA_LIMITS_HARDWS_MIN_ENABLE  = 0x00000001
+	QUOTA_LIMITS_HARDWS_MAX_DISABLE = 0x00000008
+	QUOTA_LIMITS_HARDWS_MAX_ENABLE  = 0x00000004
 )
+
+type MemoryBasicInformation struct {
+	BaseAddress       uintptr
+	AllocationBase    uintptr
+	AllocationProtect uint32
+	PartitionId       uint16
+	RegionSize        uintptr
+	State             uint32
+	Protect           uint32
+	Type              uint32
+}
diff --git a/vendor/golang.org/x/sys/windows/mksyscall.go b/vendor/golang.org/x/sys/windows/mksyscall.go
index fb7db0ef8d4af..6102910989b7a 100644
--- a/vendor/golang.org/x/sys/windows/mksyscall.go
+++ b/vendor/golang.org/x/sys/windows/mksyscall.go
@@ -2,6 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build generate
+// +build generate
+
 package windows
 
-//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go eventlog.go service.go syscall_windows.go security_windows.go
+//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go eventlog.go service.go syscall_windows.go security_windows.go
diff --git a/vendor/golang.org/x/sys/windows/race.go b/vendor/golang.org/x/sys/windows/race.go
index a74e3e24b557e..9196b089ca14c 100644
--- a/vendor/golang.org/x/sys/windows/race.go
+++ b/vendor/golang.org/x/sys/windows/race.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build windows && race
 // +build windows,race
 
 package windows
diff --git a/vendor/golang.org/x/sys/windows/race0.go b/vendor/golang.org/x/sys/windows/race0.go
index e44a3cbf67994..7bae4817a06c6 100644
--- a/vendor/golang.org/x/sys/windows/race0.go
+++ b/vendor/golang.org/x/sys/windows/race0.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build windows && !race
 // +build windows,!race
 
 package windows
diff --git a/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
index 0ac95ffe73125..50c32a3f4e107 100644
--- a/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+++ b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// +build generate
+
 package registry
 
-//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go syscall.go
+//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go syscall.go
diff --git a/vendor/golang.org/x/sys/windows/registry/value.go b/vendor/golang.org/x/sys/windows/registry/value.go
index 71d4e15bab16e..f25e7e97ae5eb 100644
--- a/vendor/golang.org/x/sys/windows/registry/value.go
+++ b/vendor/golang.org/x/sys/windows/registry/value.go
@@ -68,7 +68,7 @@ func (k Key) GetValue(name string, buf []byte) (n int, valtype uint32, err error
 	return int(l), valtype, nil
 }
 
-func (k Key) getValue(name string, buf []byte) (date []byte, valtype uint32, err error) {
+func (k Key) getValue(name string, buf []byte) (data []byte, valtype uint32, err error) {
 	p, err := syscall.UTF16PtrFromString(name)
 	if err != nil {
 		return nil, 0, err
@@ -108,7 +108,7 @@ func (k Key) GetStringValue(name string) (val string, valtype uint32, err error)
 	if len(data) == 0 {
 		return "", typ, nil
 	}
-	u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:]
+	u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[: len(data)/2 : len(data)/2]
 	return syscall.UTF16ToString(u), typ, nil
 }
 
@@ -185,8 +185,7 @@ func ExpandString(value string) (string, error) {
 			return "", err
 		}
 		if n <= uint32(len(r)) {
-			u := (*[1 << 29]uint16)(unsafe.Pointer(&r[0]))[:]
-			return syscall.UTF16ToString(u), nil
+			return syscall.UTF16ToString(r[:n]), nil
 		}
 		r = make([]uint16, n)
 	}
@@ -208,7 +207,7 @@ func (k Key) GetStringsValue(name string) (val []string, valtype uint32, err err
 	if len(data) == 0 {
 		return nil, typ, nil
 	}
-	p := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:len(data)/2]
+	p := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[: len(data)/2 : len(data)/2]
 	if len(p) == 0 {
 		return nil, typ, nil
 	}
@@ -241,12 +240,15 @@ func (k Key) GetIntegerValue(name string) (val uint64, valtype uint32, err error
 		if len(data) != 4 {
 			return 0, typ, errors.New("DWORD value is not 4 bytes long")
 		}
-		return uint64(*(*uint32)(unsafe.Pointer(&data[0]))), DWORD, nil
+		var val32 uint32
+		copy((*[4]byte)(unsafe.Pointer(&val32))[:], data)
+		return uint64(val32), DWORD, nil
 	case QWORD:
 		if len(data) != 8 {
 			return 0, typ, errors.New("QWORD value is not 8 bytes long")
 		}
-		return uint64(*(*uint64)(unsafe.Pointer(&data[0]))), QWORD, nil
+		copy((*[8]byte)(unsafe.Pointer(&val))[:], data)
+		return val, QWORD, nil
 	default:
 		return 0, typ, ErrUnexpectedType
 	}
@@ -296,7 +298,7 @@ func (k Key) setStringValue(name string, valtype uint32, value string) error {
 	if err != nil {
 		return err
 	}
-	buf := (*[1 << 29]byte)(unsafe.Pointer(&v[0]))[:len(v)*2]
+	buf := (*[1 << 29]byte)(unsafe.Pointer(&v[0]))[: len(v)*2 : len(v)*2]
 	return k.setValue(name, valtype, buf)
 }
 
@@ -326,7 +328,7 @@ func (k Key) SetStringsValue(name string, value []string) error {
 		ss += s + "\x00"
 	}
 	v := utf16.Encode([]rune(ss + "\x00"))
-	buf := (*[1 << 29]byte)(unsafe.Pointer(&v[0]))[:len(v)*2]
+	buf := (*[1 << 29]byte)(unsafe.Pointer(&v[0]))[: len(v)*2 : len(v)*2]
 	return k.setValue(name, MULTI_SZ, buf)
 }
 
diff --git a/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
index 3778075da0f54..fc1835d8a233a 100644
--- a/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
@@ -19,6 +19,7 @@ const (
 
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
 )
 
 // errnoErr returns common boxed Errno values, to prevent
@@ -26,7 +27,7 @@ var (
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
-		return nil
+		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
@@ -40,50 +41,50 @@ var (
 	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
 	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
 
+	procRegConnectRegistryW       = modadvapi32.NewProc("RegConnectRegistryW")
 	procRegCreateKeyExW           = modadvapi32.NewProc("RegCreateKeyExW")
 	procRegDeleteKeyW             = modadvapi32.NewProc("RegDeleteKeyW")
-	procRegSetValueExW            = modadvapi32.NewProc("RegSetValueExW")
-	procRegEnumValueW             = modadvapi32.NewProc("RegEnumValueW")
 	procRegDeleteValueW           = modadvapi32.NewProc("RegDeleteValueW")
+	procRegEnumValueW             = modadvapi32.NewProc("RegEnumValueW")
 	procRegLoadMUIStringW         = modadvapi32.NewProc("RegLoadMUIStringW")
-	procRegConnectRegistryW       = modadvapi32.NewProc("RegConnectRegistryW")
+	procRegSetValueExW            = modadvapi32.NewProc("RegSetValueExW")
 	procExpandEnvironmentStringsW = modkernel32.NewProc("ExpandEnvironmentStringsW")
 )
 
-func regCreateKeyEx(key syscall.Handle, subkey *uint16, reserved uint32, class *uint16, options uint32, desired uint32, sa *syscall.SecurityAttributes, result *syscall.Handle, disposition *uint32) (regerrno error) {
-	r0, _, _ := syscall.Syscall9(procRegCreateKeyExW.Addr(), 9, uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(reserved), uintptr(unsafe.Pointer(class)), uintptr(options), uintptr(desired), uintptr(unsafe.Pointer(sa)), uintptr(unsafe.Pointer(result)), uintptr(unsafe.Pointer(disposition)))
+func regConnectRegistry(machinename *uint16, key syscall.Handle, result *syscall.Handle) (regerrno error) {
+	r0, _, _ := syscall.Syscall(procRegConnectRegistryW.Addr(), 3, uintptr(unsafe.Pointer(machinename)), uintptr(key), uintptr(unsafe.Pointer(result)))
 	if r0 != 0 {
 		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func regDeleteKey(key syscall.Handle, subkey *uint16) (regerrno error) {
-	r0, _, _ := syscall.Syscall(procRegDeleteKeyW.Addr(), 2, uintptr(key), uintptr(unsafe.Pointer(subkey)), 0)
+func regCreateKeyEx(key syscall.Handle, subkey *uint16, reserved uint32, class *uint16, options uint32, desired uint32, sa *syscall.SecurityAttributes, result *syscall.Handle, disposition *uint32) (regerrno error) {
+	r0, _, _ := syscall.Syscall9(procRegCreateKeyExW.Addr(), 9, uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(reserved), uintptr(unsafe.Pointer(class)), uintptr(options), uintptr(desired), uintptr(unsafe.Pointer(sa)), uintptr(unsafe.Pointer(result)), uintptr(unsafe.Pointer(disposition)))
 	if r0 != 0 {
 		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func regSetValueEx(key syscall.Handle, valueName *uint16, reserved uint32, vtype uint32, buf *byte, bufsize uint32) (regerrno error) {
-	r0, _, _ := syscall.Syscall6(procRegSetValueExW.Addr(), 6, uintptr(key), uintptr(unsafe.Pointer(valueName)), uintptr(reserved), uintptr(vtype), uintptr(unsafe.Pointer(buf)), uintptr(bufsize))
+func regDeleteKey(key syscall.Handle, subkey *uint16) (regerrno error) {
+	r0, _, _ := syscall.Syscall(procRegDeleteKeyW.Addr(), 2, uintptr(key), uintptr(unsafe.Pointer(subkey)), 0)
 	if r0 != 0 {
 		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func regEnumValue(key syscall.Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) {
-	r0, _, _ := syscall.Syscall9(procRegEnumValueW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen)), 0)
+func regDeleteValue(key syscall.Handle, name *uint16) (regerrno error) {
+	r0, _, _ := syscall.Syscall(procRegDeleteValueW.Addr(), 2, uintptr(key), uintptr(unsafe.Pointer(name)), 0)
 	if r0 != 0 {
 		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func regDeleteValue(key syscall.Handle, name *uint16) (regerrno error) {
-	r0, _, _ := syscall.Syscall(procRegDeleteValueW.Addr(), 2, uintptr(key), uintptr(unsafe.Pointer(name)), 0)
+func regEnumValue(key syscall.Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) {
+	r0, _, _ := syscall.Syscall9(procRegEnumValueW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen)), 0)
 	if r0 != 0 {
 		regerrno = syscall.Errno(r0)
 	}
@@ -98,8 +99,8 @@ func regLoadMUIString(key syscall.Handle, name *uint16, buf *uint16, buflen uint
 	return
 }
 
-func regConnectRegistry(machinename *uint16, key syscall.Handle, result *syscall.Handle) (regerrno error) {
-	r0, _, _ := syscall.Syscall(procRegConnectRegistryW.Addr(), 3, uintptr(unsafe.Pointer(machinename)), uintptr(key), uintptr(unsafe.Pointer(result)))
+func regSetValueEx(key syscall.Handle, valueName *uint16, reserved uint32, vtype uint32, buf *byte, bufsize uint32) (regerrno error) {
+	r0, _, _ := syscall.Syscall6(procRegSetValueExW.Addr(), 6, uintptr(key), uintptr(unsafe.Pointer(valueName)), uintptr(reserved), uintptr(vtype), uintptr(unsafe.Pointer(buf)), uintptr(bufsize))
 	if r0 != 0 {
 		regerrno = syscall.Errno(r0)
 	}
@@ -110,11 +111,7 @@ func expandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32,
 	r0, _, e1 := syscall.Syscall(procExpandEnvironmentStringsW.Addr(), 3, uintptr(unsafe.Pointer(src)), uintptr(unsafe.Pointer(dst)), uintptr(size))
 	n = uint32(r0)
 	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index 4f17a3331fd04..d414ef13bef04 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -7,14 +7,8 @@ package windows
 import (
 	"syscall"
 	"unsafe"
-)
 
-const (
-	STANDARD_RIGHTS_REQUIRED = 0xf0000
-	STANDARD_RIGHTS_READ     = 0x20000
-	STANDARD_RIGHTS_WRITE    = 0x20000
-	STANDARD_RIGHTS_EXECUTE  = 0x20000
-	STANDARD_RIGHTS_ALL      = 0x1F0000
+	"golang.org/x/sys/internal/unsafeheader"
 )
 
 const (
@@ -149,7 +143,7 @@ const (
 	DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS           = 0x22b
 	DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS      = 0x22c
 	DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS = 0x22d
-	DOMAIN_ALIAS_RID_MONITORING_USERS               = 0X22e
+	DOMAIN_ALIAS_RID_MONITORING_USERS               = 0x22e
 	DOMAIN_ALIAS_RID_LOGGING_USERS                  = 0x22f
 	DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS            = 0x230
 	DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS             = 0x231
@@ -169,15 +163,21 @@ const (
 //sys	GetLengthSid(sid *SID) (len uint32) = advapi32.GetLengthSid
 //sys	CopySid(destSidLen uint32, destSid *SID, srcSid *SID) (err error) = advapi32.CopySid
 //sys	AllocateAndInitializeSid(identAuth *SidIdentifierAuthority, subAuth byte, subAuth0 uint32, subAuth1 uint32, subAuth2 uint32, subAuth3 uint32, subAuth4 uint32, subAuth5 uint32, subAuth6 uint32, subAuth7 uint32, sid **SID) (err error) = advapi32.AllocateAndInitializeSid
+//sys	createWellKnownSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID, sid *SID, sizeSid *uint32) (err error) = advapi32.CreateWellKnownSid
+//sys	isWellKnownSid(sid *SID, sidType WELL_KNOWN_SID_TYPE) (isWellKnown bool) = advapi32.IsWellKnownSid
 //sys	FreeSid(sid *SID) (err error) [failretval!=0] = advapi32.FreeSid
 //sys	EqualSid(sid1 *SID, sid2 *SID) (isEqual bool) = advapi32.EqualSid
+//sys	getSidIdentifierAuthority(sid *SID) (authority *SidIdentifierAuthority) = advapi32.GetSidIdentifierAuthority
+//sys	getSidSubAuthorityCount(sid *SID) (count *uint8) = advapi32.GetSidSubAuthorityCount
+//sys	getSidSubAuthority(sid *SID, index uint32) (subAuthority *uint32) = advapi32.GetSidSubAuthority
+//sys	isValidSid(sid *SID) (isValid bool) = advapi32.IsValidSid
 
 // The security identifier (SID) structure is a variable-length
 // structure used to uniquely identify users or groups.
 type SID struct{}
 
 // StringToSid converts a string-format security identifier
-// sid into a valid, functional sid.
+// SID into a valid, functional SID.
 func StringToSid(s string) (*SID, error) {
 	var sid *SID
 	p, e := UTF16PtrFromString(s)
@@ -192,7 +192,7 @@ func StringToSid(s string) (*SID, error) {
 	return sid.Copy()
 }
 
-// LookupSID retrieves a security identifier sid for the account
+// LookupSID retrieves a security identifier SID for the account
 // and the name of the domain on which the account was found.
 // System specify target computer to search.
 func LookupSID(system, account string) (sid *SID, domain string, accType uint32, err error) {
@@ -229,24 +229,23 @@ func LookupSID(system, account string) (sid *SID, domain string, accType uint32,
 	}
 }
 
-// String converts sid to a string format
-// suitable for display, storage, or transmission.
-func (sid *SID) String() (string, error) {
+// String converts SID to a string format suitable for display, storage, or transmission.
+func (sid *SID) String() string {
 	var s *uint16
 	e := ConvertSidToStringSid(sid, &s)
 	if e != nil {
-		return "", e
+		return ""
 	}
 	defer LocalFree((Handle)(unsafe.Pointer(s)))
-	return UTF16ToString((*[256]uint16)(unsafe.Pointer(s))[:]), nil
+	return UTF16ToString((*[256]uint16)(unsafe.Pointer(s))[:])
 }
 
-// Len returns the length, in bytes, of a valid security identifier sid.
+// Len returns the length, in bytes, of a valid security identifier SID.
 func (sid *SID) Len() int {
 	return int(GetLengthSid(sid))
 }
 
-// Copy creates a duplicate of security identifier sid.
+// Copy creates a duplicate of security identifier SID.
 func (sid *SID) Copy() (*SID, error) {
 	b := make([]byte, sid.Len())
 	sid2 := (*SID)(unsafe.Pointer(&b[0]))
@@ -257,8 +256,42 @@ func (sid *SID) Copy() (*SID, error) {
 	return sid2, nil
 }
 
-// LookupAccount retrieves the name of the account for this sid
-// and the name of the first domain on which this sid is found.
+// IdentifierAuthority returns the identifier authority of the SID.
+func (sid *SID) IdentifierAuthority() SidIdentifierAuthority {
+	return *getSidIdentifierAuthority(sid)
+}
+
+// SubAuthorityCount returns the number of sub-authorities in the SID.
+func (sid *SID) SubAuthorityCount() uint8 {
+	return *getSidSubAuthorityCount(sid)
+}
+
+// SubAuthority returns the sub-authority of the SID as specified by
+// the index, which must be less than sid.SubAuthorityCount().
+func (sid *SID) SubAuthority(idx uint32) uint32 {
+	if idx >= uint32(sid.SubAuthorityCount()) {
+		panic("sub-authority index out of range")
+	}
+	return *getSidSubAuthority(sid, idx)
+}
+
+// IsValid returns whether the SID has a valid revision and length.
+func (sid *SID) IsValid() bool {
+	return isValidSid(sid)
+}
+
+// Equals compares two SIDs for equality.
+func (sid *SID) Equals(sid2 *SID) bool {
+	return EqualSid(sid, sid2)
+}
+
+// IsWellKnown determines whether the SID matches the well-known sidType.
+func (sid *SID) IsWellKnown(sidType WELL_KNOWN_SID_TYPE) bool {
+	return isWellKnownSid(sid, sidType)
+}
+
+// LookupAccount retrieves the name of the account for this SID
+// and the name of the first domain on which this SID is found.
 // System specify target computer to search for.
 func (sid *SID) LookupAccount(system string) (account, domain string, accType uint32, err error) {
 	var sys *uint16
@@ -286,6 +319,158 @@ func (sid *SID) LookupAccount(system string) (account, domain string, accType ui
 	}
 }
 
+// Various types of pre-specified SIDs that can be synthesized and compared at runtime.
+type WELL_KNOWN_SID_TYPE uint32
+
+const (
+	WinNullSid                                    = 0
+	WinWorldSid                                   = 1
+	WinLocalSid                                   = 2
+	WinCreatorOwnerSid                            = 3
+	WinCreatorGroupSid                            = 4
+	WinCreatorOwnerServerSid                      = 5
+	WinCreatorGroupServerSid                      = 6
+	WinNtAuthoritySid                             = 7
+	WinDialupSid                                  = 8
+	WinNetworkSid                                 = 9
+	WinBatchSid                                   = 10
+	WinInteractiveSid                             = 11
+	WinServiceSid                                 = 12
+	WinAnonymousSid                               = 13
+	WinProxySid                                   = 14
+	WinEnterpriseControllersSid                   = 15
+	WinSelfSid                                    = 16
+	WinAuthenticatedUserSid                       = 17
+	WinRestrictedCodeSid                          = 18
+	WinTerminalServerSid                          = 19
+	WinRemoteLogonIdSid                           = 20
+	WinLogonIdsSid                                = 21
+	WinLocalSystemSid                             = 22
+	WinLocalServiceSid                            = 23
+	WinNetworkServiceSid                          = 24
+	WinBuiltinDomainSid                           = 25
+	WinBuiltinAdministratorsSid                   = 26
+	WinBuiltinUsersSid                            = 27
+	WinBuiltinGuestsSid                           = 28
+	WinBuiltinPowerUsersSid                       = 29
+	WinBuiltinAccountOperatorsSid                 = 30
+	WinBuiltinSystemOperatorsSid                  = 31
+	WinBuiltinPrintOperatorsSid                   = 32
+	WinBuiltinBackupOperatorsSid                  = 33
+	WinBuiltinReplicatorSid                       = 34
+	WinBuiltinPreWindows2000CompatibleAccessSid   = 35
+	WinBuiltinRemoteDesktopUsersSid               = 36
+	WinBuiltinNetworkConfigurationOperatorsSid    = 37
+	WinAccountAdministratorSid                    = 38
+	WinAccountGuestSid                            = 39
+	WinAccountKrbtgtSid                           = 40
+	WinAccountDomainAdminsSid                     = 41
+	WinAccountDomainUsersSid                      = 42
+	WinAccountDomainGuestsSid                     = 43
+	WinAccountComputersSid                        = 44
+	WinAccountControllersSid                      = 45
+	WinAccountCertAdminsSid                       = 46
+	WinAccountSchemaAdminsSid                     = 47
+	WinAccountEnterpriseAdminsSid                 = 48
+	WinAccountPolicyAdminsSid                     = 49
+	WinAccountRasAndIasServersSid                 = 50
+	WinNTLMAuthenticationSid                      = 51
+	WinDigestAuthenticationSid                    = 52
+	WinSChannelAuthenticationSid                  = 53
+	WinThisOrganizationSid                        = 54
+	WinOtherOrganizationSid                       = 55
+	WinBuiltinIncomingForestTrustBuildersSid      = 56
+	WinBuiltinPerfMonitoringUsersSid              = 57
+	WinBuiltinPerfLoggingUsersSid                 = 58
+	WinBuiltinAuthorizationAccessSid              = 59
+	WinBuiltinTerminalServerLicenseServersSid     = 60
+	WinBuiltinDCOMUsersSid                        = 61
+	WinBuiltinIUsersSid                           = 62
+	WinIUserSid                                   = 63
+	WinBuiltinCryptoOperatorsSid                  = 64
+	WinUntrustedLabelSid                          = 65
+	WinLowLabelSid                                = 66
+	WinMediumLabelSid                             = 67
+	WinHighLabelSid                               = 68
+	WinSystemLabelSid                             = 69
+	WinWriteRestrictedCodeSid                     = 70
+	WinCreatorOwnerRightsSid                      = 71
+	WinCacheablePrincipalsGroupSid                = 72
+	WinNonCacheablePrincipalsGroupSid             = 73
+	WinEnterpriseReadonlyControllersSid           = 74
+	WinAccountReadonlyControllersSid              = 75
+	WinBuiltinEventLogReadersGroup                = 76
+	WinNewEnterpriseReadonlyControllersSid        = 77
+	WinBuiltinCertSvcDComAccessGroup              = 78
+	WinMediumPlusLabelSid                         = 79
+	WinLocalLogonSid                              = 80
+	WinConsoleLogonSid                            = 81
+	WinThisOrganizationCertificateSid             = 82
+	WinApplicationPackageAuthoritySid             = 83
+	WinBuiltinAnyPackageSid                       = 84
+	WinCapabilityInternetClientSid                = 85
+	WinCapabilityInternetClientServerSid          = 86
+	WinCapabilityPrivateNetworkClientServerSid    = 87
+	WinCapabilityPicturesLibrarySid               = 88
+	WinCapabilityVideosLibrarySid                 = 89
+	WinCapabilityMusicLibrarySid                  = 90
+	WinCapabilityDocumentsLibrarySid              = 91
+	WinCapabilitySharedUserCertificatesSid        = 92
+	WinCapabilityEnterpriseAuthenticationSid      = 93
+	WinCapabilityRemovableStorageSid              = 94
+	WinBuiltinRDSRemoteAccessServersSid           = 95
+	WinBuiltinRDSEndpointServersSid               = 96
+	WinBuiltinRDSManagementServersSid             = 97
+	WinUserModeDriversSid                         = 98
+	WinBuiltinHyperVAdminsSid                     = 99
+	WinAccountCloneableControllersSid             = 100
+	WinBuiltinAccessControlAssistanceOperatorsSid = 101
+	WinBuiltinRemoteManagementUsersSid            = 102
+	WinAuthenticationAuthorityAssertedSid         = 103
+	WinAuthenticationServiceAssertedSid           = 104
+	WinLocalAccountSid                            = 105
+	WinLocalAccountAndAdministratorSid            = 106
+	WinAccountProtectedUsersSid                   = 107
+	WinCapabilityAppointmentsSid                  = 108
+	WinCapabilityContactsSid                      = 109
+	WinAccountDefaultSystemManagedSid             = 110
+	WinBuiltinDefaultSystemManagedGroupSid        = 111
+	WinBuiltinStorageReplicaAdminsSid             = 112
+	WinAccountKeyAdminsSid                        = 113
+	WinAccountEnterpriseKeyAdminsSid              = 114
+	WinAuthenticationKeyTrustSid                  = 115
+	WinAuthenticationKeyPropertyMFASid            = 116
+	WinAuthenticationKeyPropertyAttestationSid    = 117
+	WinAuthenticationFreshKeyAuthSid              = 118
+	WinBuiltinDeviceOwnersSid                     = 119
+)
+
+// Creates a SID for a well-known predefined alias, generally using the constants of the form
+// Win*Sid, for the local machine.
+func CreateWellKnownSid(sidType WELL_KNOWN_SID_TYPE) (*SID, error) {
+	return CreateWellKnownDomainSid(sidType, nil)
+}
+
+// Creates a SID for a well-known predefined alias, generally using the constants of the form
+// Win*Sid, for the domain specified by the domainSid parameter.
+func CreateWellKnownDomainSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID) (*SID, error) {
+	n := uint32(50)
+	for {
+		b := make([]byte, n)
+		sid := (*SID)(unsafe.Pointer(&b[0]))
+		err := createWellKnownSid(sidType, domainSid, sid, &n)
+		if err == nil {
+			return sid, nil
+		}
+		if err != ERROR_INSUFFICIENT_BUFFER {
+			return nil, err
+		}
+		if n <= uint32(len(b)) {
+			return nil, err
+		}
+	}
+}
+
 const (
 	// do not reorder
 	TOKEN_ASSIGN_PRIMARY = 1 << iota
@@ -349,6 +534,53 @@ const (
 	MaxTokenInfoClass
 )
 
+// Group attributes inside of Tokengroups.Groups[i].Attributes
+const (
+	SE_GROUP_MANDATORY          = 0x00000001
+	SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002
+	SE_GROUP_ENABLED            = 0x00000004
+	SE_GROUP_OWNER              = 0x00000008
+	SE_GROUP_USE_FOR_DENY_ONLY  = 0x00000010
+	SE_GROUP_INTEGRITY          = 0x00000020
+	SE_GROUP_INTEGRITY_ENABLED  = 0x00000040
+	SE_GROUP_LOGON_ID           = 0xC0000000
+	SE_GROUP_RESOURCE           = 0x20000000
+	SE_GROUP_VALID_ATTRIBUTES   = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED | SE_GROUP_OWNER | SE_GROUP_USE_FOR_DENY_ONLY | SE_GROUP_LOGON_ID | SE_GROUP_RESOURCE | SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED
+)
+
+// Privilege attributes
+const (
+	SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001
+	SE_PRIVILEGE_ENABLED            = 0x00000002
+	SE_PRIVILEGE_REMOVED            = 0x00000004
+	SE_PRIVILEGE_USED_FOR_ACCESS    = 0x80000000
+	SE_PRIVILEGE_VALID_ATTRIBUTES   = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED | SE_PRIVILEGE_USED_FOR_ACCESS
+)
+
+// Token types
+const (
+	TokenPrimary       = 1
+	TokenImpersonation = 2
+)
+
+// Impersonation levels
+const (
+	SecurityAnonymous      = 0
+	SecurityIdentification = 1
+	SecurityImpersonation  = 2
+	SecurityDelegation     = 3
+)
+
+type LUID struct {
+	LowPart  uint32
+	HighPart int32
+}
+
+type LUIDAndAttributes struct {
+	Luid       LUID
+	Attributes uint32
+}
+
 type SIDAndAttributes struct {
 	Sid        *SID
 	Attributes uint32
@@ -364,14 +596,50 @@ type Tokenprimarygroup struct {
 
 type Tokengroups struct {
 	GroupCount uint32
-	Groups     [1]SIDAndAttributes
+	Groups     [1]SIDAndAttributes // Use AllGroups() for iterating.
+}
+
+// AllGroups returns a slice that can be used to iterate over the groups in g.
+func (g *Tokengroups) AllGroups() []SIDAndAttributes {
+	return (*[(1 << 28) - 1]SIDAndAttributes)(unsafe.Pointer(&g.Groups[0]))[:g.GroupCount:g.GroupCount]
+}
+
+type Tokenprivileges struct {
+	PrivilegeCount uint32
+	Privileges     [1]LUIDAndAttributes // Use AllPrivileges() for iterating.
+}
+
+// AllPrivileges returns a slice that can be used to iterate over the privileges in p.
+func (p *Tokenprivileges) AllPrivileges() []LUIDAndAttributes {
+	return (*[(1 << 27) - 1]LUIDAndAttributes)(unsafe.Pointer(&p.Privileges[0]))[:p.PrivilegeCount:p.PrivilegeCount]
+}
+
+type Tokenmandatorylabel struct {
+	Label SIDAndAttributes
+}
+
+func (tml *Tokenmandatorylabel) Size() uint32 {
+	return uint32(unsafe.Sizeof(Tokenmandatorylabel{})) + GetLengthSid(tml.Label.Sid)
 }
 
 // Authorization Functions
-//sys checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) = advapi32.CheckTokenMembership
-//sys	OpenProcessToken(h Handle, access uint32, token *Token) (err error) = advapi32.OpenProcessToken
-//sys	GetTokenInformation(t Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) = advapi32.GetTokenInformation
+//sys	checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) = advapi32.CheckTokenMembership
+//sys	isTokenRestricted(tokenHandle Token) (ret bool, err error) [!failretval] = advapi32.IsTokenRestricted
+//sys	OpenProcessToken(process Handle, access uint32, token *Token) (err error) = advapi32.OpenProcessToken
+//sys	OpenThreadToken(thread Handle, access uint32, openAsSelf bool, token *Token) (err error) = advapi32.OpenThreadToken
+//sys	ImpersonateSelf(impersonationlevel uint32) (err error) = advapi32.ImpersonateSelf
+//sys	RevertToSelf() (err error) = advapi32.RevertToSelf
+//sys	SetThreadToken(thread *Handle, token Token) (err error) = advapi32.SetThreadToken
+//sys	LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) = advapi32.LookupPrivilegeValueW
+//sys	AdjustTokenPrivileges(token Token, disableAllPrivileges bool, newstate *Tokenprivileges, buflen uint32, prevstate *Tokenprivileges, returnlen *uint32) (err error) = advapi32.AdjustTokenPrivileges
+//sys	AdjustTokenGroups(token Token, resetToDefault bool, newstate *Tokengroups, buflen uint32, prevstate *Tokengroups, returnlen *uint32) (err error) = advapi32.AdjustTokenGroups
+//sys	GetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) = advapi32.GetTokenInformation
+//sys	SetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32) (err error) = advapi32.SetTokenInformation
+//sys	DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes *SecurityAttributes, impersonationLevel uint32, tokenType uint32, newToken *Token) (err error) = advapi32.DuplicateTokenEx
 //sys	GetUserProfileDirectory(t Token, dir *uint16, dirLen *uint32) (err error) = userenv.GetUserProfileDirectoryW
+//sys	getSystemDirectory(dir *uint16, dirLen uint32) (len uint32, err error) = kernel32.GetSystemDirectoryW
+//sys	getWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) = kernel32.GetWindowsDirectoryW
+//sys	getSystemWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) = kernel32.GetSystemWindowsDirectoryW
 
 // An access token contains the security information for a logon session.
 // The system creates an access token when a user logs on, and every
@@ -382,19 +650,37 @@ type Tokengroups struct {
 // system-related operations on the local computer.
 type Token Handle
 
-// OpenCurrentProcessToken opens the access token
-// associated with current process.
+// OpenCurrentProcessToken opens an access token associated with current
+// process with TOKEN_QUERY access. It is a real token that needs to be closed.
+//
+// Deprecated: Explicitly call OpenProcessToken(CurrentProcess(), ...)
+// with the desired access instead, or use GetCurrentProcessToken for a
+// TOKEN_QUERY token.
 func OpenCurrentProcessToken() (Token, error) {
-	p, e := GetCurrentProcess()
-	if e != nil {
-		return 0, e
-	}
-	var t Token
-	e = OpenProcessToken(p, TOKEN_QUERY, &t)
-	if e != nil {
-		return 0, e
-	}
-	return t, nil
+	var token Token
+	err := OpenProcessToken(CurrentProcess(), TOKEN_QUERY, &token)
+	return token, err
+}
+
+// GetCurrentProcessToken returns the access token associated with
+// the current process. It is a pseudo token that does not need
+// to be closed.
+func GetCurrentProcessToken() Token {
+	return Token(^uintptr(4 - 1))
+}
+
+// GetCurrentThreadToken return the access token associated with
+// the current thread. It is a pseudo token that does not need
+// to be closed.
+func GetCurrentThreadToken() Token {
+	return Token(^uintptr(5 - 1))
+}
+
+// GetCurrentThreadEffectiveToken returns the effective access token
+// associated with the current thread. It is a pseudo token that does
+// not need to be closed.
+func GetCurrentThreadEffectiveToken() Token {
+	return Token(^uintptr(6 - 1))
 }
 
 // Close releases access to access token.
@@ -468,6 +754,81 @@ func (t Token) GetUserProfileDirectory() (string, error) {
 	}
 }
 
+// IsElevated returns whether the current token is elevated from a UAC perspective.
+func (token Token) IsElevated() bool {
+	var isElevated uint32
+	var outLen uint32
+	err := GetTokenInformation(token, TokenElevation, (*byte)(unsafe.Pointer(&isElevated)), uint32(unsafe.Sizeof(isElevated)), &outLen)
+	if err != nil {
+		return false
+	}
+	return outLen == uint32(unsafe.Sizeof(isElevated)) && isElevated != 0
+}
+
+// GetLinkedToken returns the linked token, which may be an elevated UAC token.
+func (token Token) GetLinkedToken() (Token, error) {
+	var linkedToken Token
+	var outLen uint32
+	err := GetTokenInformation(token, TokenLinkedToken, (*byte)(unsafe.Pointer(&linkedToken)), uint32(unsafe.Sizeof(linkedToken)), &outLen)
+	if err != nil {
+		return Token(0), err
+	}
+	return linkedToken, nil
+}
+
+// GetSystemDirectory retrieves the path to current location of the system
+// directory, which is typically, though not always, `C:\Windows\System32`.
+func GetSystemDirectory() (string, error) {
+	n := uint32(MAX_PATH)
+	for {
+		b := make([]uint16, n)
+		l, e := getSystemDirectory(&b[0], n)
+		if e != nil {
+			return "", e
+		}
+		if l <= n {
+			return UTF16ToString(b[:l]), nil
+		}
+		n = l
+	}
+}
+
+// GetWindowsDirectory retrieves the path to current location of the Windows
+// directory, which is typically, though not always, `C:\Windows`. This may
+// be a private user directory in the case that the application is running
+// under a terminal server.
+func GetWindowsDirectory() (string, error) {
+	n := uint32(MAX_PATH)
+	for {
+		b := make([]uint16, n)
+		l, e := getWindowsDirectory(&b[0], n)
+		if e != nil {
+			return "", e
+		}
+		if l <= n {
+			return UTF16ToString(b[:l]), nil
+		}
+		n = l
+	}
+}
+
+// GetSystemWindowsDirectory retrieves the path to current location of the
+// Windows directory, which is typically, though not always, `C:\Windows`.
+func GetSystemWindowsDirectory() (string, error) {
+	n := uint32(MAX_PATH)
+	for {
+		b := make([]uint16, n)
+		l, e := getSystemWindowsDirectory(&b[0], n)
+		if e != nil {
+			return "", e
+		}
+		if l <= n {
+			return UTF16ToString(b[:l]), nil
+		}
+		n = l
+	}
+}
+
 // IsMember reports whether the access token t is a member of the provided SID.
 func (t Token) IsMember(sid *SID) (bool, error) {
 	var b int32
@@ -476,3 +837,608 @@ func (t Token) IsMember(sid *SID) (bool, error) {
 	}
 	return b != 0, nil
 }
+
+// IsRestricted reports whether the access token t is a restricted token.
+func (t Token) IsRestricted() (isRestricted bool, err error) {
+	isRestricted, err = isTokenRestricted(t)
+	if !isRestricted && err == syscall.EINVAL {
+		// If err is EINVAL, this returned ERROR_SUCCESS indicating a non-restricted token.
+		err = nil
+	}
+	return
+}
+
+const (
+	WTS_CONSOLE_CONNECT        = 0x1
+	WTS_CONSOLE_DISCONNECT     = 0x2
+	WTS_REMOTE_CONNECT         = 0x3
+	WTS_REMOTE_DISCONNECT      = 0x4
+	WTS_SESSION_LOGON          = 0x5
+	WTS_SESSION_LOGOFF         = 0x6
+	WTS_SESSION_LOCK           = 0x7
+	WTS_SESSION_UNLOCK         = 0x8
+	WTS_SESSION_REMOTE_CONTROL = 0x9
+	WTS_SESSION_CREATE         = 0xa
+	WTS_SESSION_TERMINATE      = 0xb
+)
+
+const (
+	WTSActive       = 0
+	WTSConnected    = 1
+	WTSConnectQuery = 2
+	WTSShadow       = 3
+	WTSDisconnected = 4
+	WTSIdle         = 5
+	WTSListen       = 6
+	WTSReset        = 7
+	WTSDown         = 8
+	WTSInit         = 9
+)
+
+type WTSSESSION_NOTIFICATION struct {
+	Size      uint32
+	SessionID uint32
+}
+
+type WTS_SESSION_INFO struct {
+	SessionID         uint32
+	WindowStationName *uint16
+	State             uint32
+}
+
+//sys WTSQueryUserToken(session uint32, token *Token) (err error) = wtsapi32.WTSQueryUserToken
+//sys WTSEnumerateSessions(handle Handle, reserved uint32, version uint32, sessions **WTS_SESSION_INFO, count *uint32) (err error) = wtsapi32.WTSEnumerateSessionsW
+//sys WTSFreeMemory(ptr uintptr) = wtsapi32.WTSFreeMemory
+//sys WTSGetActiveConsoleSessionId() (sessionID uint32)
+
+type ACL struct {
+	aclRevision byte
+	sbz1        byte
+	aclSize     uint16
+	aceCount    uint16
+	sbz2        uint16
+}
+
+type SECURITY_DESCRIPTOR struct {
+	revision byte
+	sbz1     byte
+	control  SECURITY_DESCRIPTOR_CONTROL
+	owner    *SID
+	group    *SID
+	sacl     *ACL
+	dacl     *ACL
+}
+
+type SECURITY_QUALITY_OF_SERVICE struct {
+	Length              uint32
+	ImpersonationLevel  uint32
+	ContextTrackingMode byte
+	EffectiveOnly       byte
+}
+
+// Constants for the ContextTrackingMode field of SECURITY_QUALITY_OF_SERVICE.
+const (
+	SECURITY_STATIC_TRACKING  = 0
+	SECURITY_DYNAMIC_TRACKING = 1
+)
+
+type SecurityAttributes struct {
+	Length             uint32
+	SecurityDescriptor *SECURITY_DESCRIPTOR
+	InheritHandle      uint32
+}
+
+type SE_OBJECT_TYPE uint32
+
+// Constants for type SE_OBJECT_TYPE
+const (
+	SE_UNKNOWN_OBJECT_TYPE     = 0
+	SE_FILE_OBJECT             = 1
+	SE_SERVICE                 = 2
+	SE_PRINTER                 = 3
+	SE_REGISTRY_KEY            = 4
+	SE_LMSHARE                 = 5
+	SE_KERNEL_OBJECT           = 6
+	SE_WINDOW_OBJECT           = 7
+	SE_DS_OBJECT               = 8
+	SE_DS_OBJECT_ALL           = 9
+	SE_PROVIDER_DEFINED_OBJECT = 10
+	SE_WMIGUID_OBJECT          = 11
+	SE_REGISTRY_WOW64_32KEY    = 12
+	SE_REGISTRY_WOW64_64KEY    = 13
+)
+
+type SECURITY_INFORMATION uint32
+
+// Constants for type SECURITY_INFORMATION
+const (
+	OWNER_SECURITY_INFORMATION            = 0x00000001
+	GROUP_SECURITY_INFORMATION            = 0x00000002
+	DACL_SECURITY_INFORMATION             = 0x00000004
+	SACL_SECURITY_INFORMATION             = 0x00000008
+	LABEL_SECURITY_INFORMATION            = 0x00000010
+	ATTRIBUTE_SECURITY_INFORMATION        = 0x00000020
+	SCOPE_SECURITY_INFORMATION            = 0x00000040
+	BACKUP_SECURITY_INFORMATION           = 0x00010000
+	PROTECTED_DACL_SECURITY_INFORMATION   = 0x80000000
+	PROTECTED_SACL_SECURITY_INFORMATION   = 0x40000000
+	UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
+	UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000
+)
+
+type SECURITY_DESCRIPTOR_CONTROL uint16
+
+// Constants for type SECURITY_DESCRIPTOR_CONTROL
+const (
+	SE_OWNER_DEFAULTED       = 0x0001
+	SE_GROUP_DEFAULTED       = 0x0002
+	SE_DACL_PRESENT          = 0x0004
+	SE_DACL_DEFAULTED        = 0x0008
+	SE_SACL_PRESENT          = 0x0010
+	SE_SACL_DEFAULTED        = 0x0020
+	SE_DACL_AUTO_INHERIT_REQ = 0x0100
+	SE_SACL_AUTO_INHERIT_REQ = 0x0200
+	SE_DACL_AUTO_INHERITED   = 0x0400
+	SE_SACL_AUTO_INHERITED   = 0x0800
+	SE_DACL_PROTECTED        = 0x1000
+	SE_SACL_PROTECTED        = 0x2000
+	SE_RM_CONTROL_VALID      = 0x4000
+	SE_SELF_RELATIVE         = 0x8000
+)
+
+type ACCESS_MASK uint32
+
+// Constants for type ACCESS_MASK
+const (
+	DELETE                   = 0x00010000
+	READ_CONTROL             = 0x00020000
+	WRITE_DAC                = 0x00040000
+	WRITE_OWNER              = 0x00080000
+	SYNCHRONIZE              = 0x00100000
+	STANDARD_RIGHTS_REQUIRED = 0x000F0000
+	STANDARD_RIGHTS_READ     = READ_CONTROL
+	STANDARD_RIGHTS_WRITE    = READ_CONTROL
+	STANDARD_RIGHTS_EXECUTE  = READ_CONTROL
+	STANDARD_RIGHTS_ALL      = 0x001F0000
+	SPECIFIC_RIGHTS_ALL      = 0x0000FFFF
+	ACCESS_SYSTEM_SECURITY   = 0x01000000
+	MAXIMUM_ALLOWED          = 0x02000000
+	GENERIC_READ             = 0x80000000
+	GENERIC_WRITE            = 0x40000000
+	GENERIC_EXECUTE          = 0x20000000
+	GENERIC_ALL              = 0x10000000
+)
+
+type ACCESS_MODE uint32
+
+// Constants for type ACCESS_MODE
+const (
+	NOT_USED_ACCESS   = 0
+	GRANT_ACCESS      = 1
+	SET_ACCESS        = 2
+	DENY_ACCESS       = 3
+	REVOKE_ACCESS     = 4
+	SET_AUDIT_SUCCESS = 5
+	SET_AUDIT_FAILURE = 6
+)
+
+// Constants for AceFlags and Inheritance fields
+const (
+	NO_INHERITANCE                     = 0x0
+	SUB_OBJECTS_ONLY_INHERIT           = 0x1
+	SUB_CONTAINERS_ONLY_INHERIT        = 0x2
+	SUB_CONTAINERS_AND_OBJECTS_INHERIT = 0x3
+	INHERIT_NO_PROPAGATE               = 0x4
+	INHERIT_ONLY                       = 0x8
+	INHERITED_ACCESS_ENTRY             = 0x10
+	INHERITED_PARENT                   = 0x10000000
+	INHERITED_GRANDPARENT              = 0x20000000
+	OBJECT_INHERIT_ACE                 = 0x1
+	CONTAINER_INHERIT_ACE              = 0x2
+	NO_PROPAGATE_INHERIT_ACE           = 0x4
+	INHERIT_ONLY_ACE                   = 0x8
+	INHERITED_ACE                      = 0x10
+	VALID_INHERIT_FLAGS                = 0x1F
+)
+
+type MULTIPLE_TRUSTEE_OPERATION uint32
+
+// Constants for MULTIPLE_TRUSTEE_OPERATION
+const (
+	NO_MULTIPLE_TRUSTEE    = 0
+	TRUSTEE_IS_IMPERSONATE = 1
+)
+
+type TRUSTEE_FORM uint32
+
+// Constants for TRUSTEE_FORM
+const (
+	TRUSTEE_IS_SID              = 0
+	TRUSTEE_IS_NAME             = 1
+	TRUSTEE_BAD_FORM            = 2
+	TRUSTEE_IS_OBJECTS_AND_SID  = 3
+	TRUSTEE_IS_OBJECTS_AND_NAME = 4
+)
+
+type TRUSTEE_TYPE uint32
+
+// Constants for TRUSTEE_TYPE
+const (
+	TRUSTEE_IS_UNKNOWN          = 0
+	TRUSTEE_IS_USER             = 1
+	TRUSTEE_IS_GROUP            = 2
+	TRUSTEE_IS_DOMAIN           = 3
+	TRUSTEE_IS_ALIAS            = 4
+	TRUSTEE_IS_WELL_KNOWN_GROUP = 5
+	TRUSTEE_IS_DELETED          = 6
+	TRUSTEE_IS_INVALID          = 7
+	TRUSTEE_IS_COMPUTER         = 8
+)
+
+// Constants for ObjectsPresent field
+const (
+	ACE_OBJECT_TYPE_PRESENT           = 0x1
+	ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x2
+)
+
+type EXPLICIT_ACCESS struct {
+	AccessPermissions ACCESS_MASK
+	AccessMode        ACCESS_MODE
+	Inheritance       uint32
+	Trustee           TRUSTEE
+}
+
+// This type is the union inside of TRUSTEE and must be created using one of the TrusteeValueFrom* functions.
+type TrusteeValue uintptr
+
+func TrusteeValueFromString(str string) TrusteeValue {
+	return TrusteeValue(unsafe.Pointer(StringToUTF16Ptr(str)))
+}
+func TrusteeValueFromSID(sid *SID) TrusteeValue {
+	return TrusteeValue(unsafe.Pointer(sid))
+}
+func TrusteeValueFromObjectsAndSid(objectsAndSid *OBJECTS_AND_SID) TrusteeValue {
+	return TrusteeValue(unsafe.Pointer(objectsAndSid))
+}
+func TrusteeValueFromObjectsAndName(objectsAndName *OBJECTS_AND_NAME) TrusteeValue {
+	return TrusteeValue(unsafe.Pointer(objectsAndName))
+}
+
+type TRUSTEE struct {
+	MultipleTrustee          *TRUSTEE
+	MultipleTrusteeOperation MULTIPLE_TRUSTEE_OPERATION
+	TrusteeForm              TRUSTEE_FORM
+	TrusteeType              TRUSTEE_TYPE
+	TrusteeValue             TrusteeValue
+}
+
+type OBJECTS_AND_SID struct {
+	ObjectsPresent          uint32
+	ObjectTypeGuid          GUID
+	InheritedObjectTypeGuid GUID
+	Sid                     *SID
+}
+
+type OBJECTS_AND_NAME struct {
+	ObjectsPresent          uint32
+	ObjectType              SE_OBJECT_TYPE
+	ObjectTypeName          *uint16
+	InheritedObjectTypeName *uint16
+	Name                    *uint16
+}
+
+//sys	getSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetSecurityInfo
+//sys	SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetSecurityInfo
+//sys	getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetNamedSecurityInfoW
+//sys	SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetNamedSecurityInfoW
+//sys	SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) = advapi32.SetKernelObjectSecurity
+
+//sys	buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) = advapi32.BuildSecurityDescriptorW
+//sys	initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) = advapi32.InitializeSecurityDescriptor
+
+//sys	getSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, control *SECURITY_DESCRIPTOR_CONTROL, revision *uint32) (err error) = advapi32.GetSecurityDescriptorControl
+//sys	getSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent *bool, dacl **ACL, daclDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorDacl
+//sys	getSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent *bool, sacl **ACL, saclDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorSacl
+//sys	getSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner **SID, ownerDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorOwner
+//sys	getSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group **SID, groupDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorGroup
+//sys	getSecurityDescriptorLength(sd *SECURITY_DESCRIPTOR) (len uint32) = advapi32.GetSecurityDescriptorLength
+//sys	getSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) (ret error) [failretval!=0] = advapi32.GetSecurityDescriptorRMControl
+//sys	isValidSecurityDescriptor(sd *SECURITY_DESCRIPTOR) (isValid bool) = advapi32.IsValidSecurityDescriptor
+
+//sys	setSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, controlBitsOfInterest SECURITY_DESCRIPTOR_CONTROL, controlBitsToSet SECURITY_DESCRIPTOR_CONTROL) (err error) = advapi32.SetSecurityDescriptorControl
+//sys	setSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent bool, dacl *ACL, daclDefaulted bool) (err error) = advapi32.SetSecurityDescriptorDacl
+//sys	setSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent bool, sacl *ACL, saclDefaulted bool) (err error) = advapi32.SetSecurityDescriptorSacl
+//sys	setSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner *SID, ownerDefaulted bool) (err error) = advapi32.SetSecurityDescriptorOwner
+//sys	setSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group *SID, groupDefaulted bool) (err error) = advapi32.SetSecurityDescriptorGroup
+//sys	setSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) = advapi32.SetSecurityDescriptorRMControl
+
+//sys	convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd **SECURITY_DESCRIPTOR, size *uint32) (err error) = advapi32.ConvertStringSecurityDescriptorToSecurityDescriptorW
+//sys	convertSecurityDescriptorToStringSecurityDescriptor(sd *SECURITY_DESCRIPTOR, revision uint32, securityInformation SECURITY_INFORMATION, str **uint16, strLen *uint32) (err error) = advapi32.ConvertSecurityDescriptorToStringSecurityDescriptorW
+
+//sys	makeAbsoluteSD(selfRelativeSD *SECURITY_DESCRIPTOR, absoluteSD *SECURITY_DESCRIPTOR, absoluteSDSize *uint32, dacl *ACL, daclSize *uint32, sacl *ACL, saclSize *uint32, owner *SID, ownerSize *uint32, group *SID, groupSize *uint32) (err error) = advapi32.MakeAbsoluteSD
+//sys	makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) = advapi32.MakeSelfRelativeSD
+
+//sys	setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) = advapi32.SetEntriesInAclW
+
+// Control returns the security descriptor control bits.
+func (sd *SECURITY_DESCRIPTOR) Control() (control SECURITY_DESCRIPTOR_CONTROL, revision uint32, err error) {
+	err = getSecurityDescriptorControl(sd, &control, &revision)
+	return
+}
+
+// SetControl sets the security descriptor control bits.
+func (sd *SECURITY_DESCRIPTOR) SetControl(controlBitsOfInterest SECURITY_DESCRIPTOR_CONTROL, controlBitsToSet SECURITY_DESCRIPTOR_CONTROL) error {
+	return setSecurityDescriptorControl(sd, controlBitsOfInterest, controlBitsToSet)
+}
+
+// RMControl returns the security descriptor resource manager control bits.
+func (sd *SECURITY_DESCRIPTOR) RMControl() (control uint8, err error) {
+	err = getSecurityDescriptorRMControl(sd, &control)
+	return
+}
+
+// SetRMControl sets the security descriptor resource manager control bits.
+func (sd *SECURITY_DESCRIPTOR) SetRMControl(rmControl uint8) {
+	setSecurityDescriptorRMControl(sd, &rmControl)
+}
+
+// DACL returns the security descriptor DACL and whether it was defaulted. The dacl return value may be nil
+// if a DACL exists but is an "empty DACL", meaning fully permissive. If the DACL does not exist, err returns
+// ERROR_OBJECT_NOT_FOUND.
+func (sd *SECURITY_DESCRIPTOR) DACL() (dacl *ACL, defaulted bool, err error) {
+	var present bool
+	err = getSecurityDescriptorDacl(sd, &present, &dacl, &defaulted)
+	if !present {
+		err = ERROR_OBJECT_NOT_FOUND
+	}
+	return
+}
+
+// SetDACL sets the absolute security descriptor DACL.
+func (absoluteSD *SECURITY_DESCRIPTOR) SetDACL(dacl *ACL, present, defaulted bool) error {
+	return setSecurityDescriptorDacl(absoluteSD, present, dacl, defaulted)
+}
+
+// SACL returns the security descriptor SACL and whether it was defaulted. The sacl return value may be nil
+// if a SACL exists but is an "empty SACL", meaning fully permissive. If the SACL does not exist, err returns
+// ERROR_OBJECT_NOT_FOUND.
+func (sd *SECURITY_DESCRIPTOR) SACL() (sacl *ACL, defaulted bool, err error) {
+	var present bool
+	err = getSecurityDescriptorSacl(sd, &present, &sacl, &defaulted)
+	if !present {
+		err = ERROR_OBJECT_NOT_FOUND
+	}
+	return
+}
+
+// SetSACL sets the absolute security descriptor SACL.
+func (absoluteSD *SECURITY_DESCRIPTOR) SetSACL(sacl *ACL, present, defaulted bool) error {
+	return setSecurityDescriptorSacl(absoluteSD, present, sacl, defaulted)
+}
+
+// Owner returns the security descriptor owner and whether it was defaulted.
+func (sd *SECURITY_DESCRIPTOR) Owner() (owner *SID, defaulted bool, err error) {
+	err = getSecurityDescriptorOwner(sd, &owner, &defaulted)
+	return
+}
+
+// SetOwner sets the absolute security descriptor owner.
+func (absoluteSD *SECURITY_DESCRIPTOR) SetOwner(owner *SID, defaulted bool) error {
+	return setSecurityDescriptorOwner(absoluteSD, owner, defaulted)
+}
+
+// Group returns the security descriptor group and whether it was defaulted.
+func (sd *SECURITY_DESCRIPTOR) Group() (group *SID, defaulted bool, err error) {
+	err = getSecurityDescriptorGroup(sd, &group, &defaulted)
+	return
+}
+
+// SetGroup sets the absolute security descriptor owner.
+func (absoluteSD *SECURITY_DESCRIPTOR) SetGroup(group *SID, defaulted bool) error {
+	return setSecurityDescriptorGroup(absoluteSD, group, defaulted)
+}
+
+// Length returns the length of the security descriptor.
+func (sd *SECURITY_DESCRIPTOR) Length() uint32 {
+	return getSecurityDescriptorLength(sd)
+}
+
+// IsValid returns whether the security descriptor is valid.
+func (sd *SECURITY_DESCRIPTOR) IsValid() bool {
+	return isValidSecurityDescriptor(sd)
+}
+
+// String returns the SDDL form of the security descriptor, with a function signature that can be
+// used with %v formatting directives.
+func (sd *SECURITY_DESCRIPTOR) String() string {
+	var sddl *uint16
+	err := convertSecurityDescriptorToStringSecurityDescriptor(sd, 1, 0xff, &sddl, nil)
+	if err != nil {
+		return ""
+	}
+	defer LocalFree(Handle(unsafe.Pointer(sddl)))
+	return UTF16PtrToString(sddl)
+}
+
+// ToAbsolute converts a self-relative security descriptor into an absolute one.
+func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DESCRIPTOR, err error) {
+	control, _, err := selfRelativeSD.Control()
+	if err != nil {
+		return
+	}
+	if control&SE_SELF_RELATIVE == 0 {
+		err = ERROR_INVALID_PARAMETER
+		return
+	}
+	var absoluteSDSize, daclSize, saclSize, ownerSize, groupSize uint32
+	err = makeAbsoluteSD(selfRelativeSD, nil, &absoluteSDSize,
+		nil, &daclSize, nil, &saclSize, nil, &ownerSize, nil, &groupSize)
+	switch err {
+	case ERROR_INSUFFICIENT_BUFFER:
+	case nil:
+		// makeAbsoluteSD is expected to fail, but it succeeds.
+		return nil, ERROR_INTERNAL_ERROR
+	default:
+		return nil, err
+	}
+	if absoluteSDSize > 0 {
+		absoluteSD = (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&make([]byte, absoluteSDSize)[0]))
+	}
+	var (
+		dacl  *ACL
+		sacl  *ACL
+		owner *SID
+		group *SID
+	)
+	if daclSize > 0 {
+		dacl = (*ACL)(unsafe.Pointer(&make([]byte, daclSize)[0]))
+	}
+	if saclSize > 0 {
+		sacl = (*ACL)(unsafe.Pointer(&make([]byte, saclSize)[0]))
+	}
+	if ownerSize > 0 {
+		owner = (*SID)(unsafe.Pointer(&make([]byte, ownerSize)[0]))
+	}
+	if groupSize > 0 {
+		group = (*SID)(unsafe.Pointer(&make([]byte, groupSize)[0]))
+	}
+	err = makeAbsoluteSD(selfRelativeSD, absoluteSD, &absoluteSDSize,
+		dacl, &daclSize, sacl, &saclSize, owner, &ownerSize, group, &groupSize)
+	return
+}
+
+// ToSelfRelative converts an absolute security descriptor into a self-relative one.
+func (absoluteSD *SECURITY_DESCRIPTOR) ToSelfRelative() (selfRelativeSD *SECURITY_DESCRIPTOR, err error) {
+	control, _, err := absoluteSD.Control()
+	if err != nil {
+		return
+	}
+	if control&SE_SELF_RELATIVE != 0 {
+		err = ERROR_INVALID_PARAMETER
+		return
+	}
+	var selfRelativeSDSize uint32
+	err = makeSelfRelativeSD(absoluteSD, nil, &selfRelativeSDSize)
+	switch err {
+	case ERROR_INSUFFICIENT_BUFFER:
+	case nil:
+		// makeSelfRelativeSD is expected to fail, but it succeeds.
+		return nil, ERROR_INTERNAL_ERROR
+	default:
+		return nil, err
+	}
+	if selfRelativeSDSize > 0 {
+		selfRelativeSD = (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&make([]byte, selfRelativeSDSize)[0]))
+	}
+	err = makeSelfRelativeSD(absoluteSD, selfRelativeSD, &selfRelativeSDSize)
+	return
+}
+
+func (selfRelativeSD *SECURITY_DESCRIPTOR) copySelfRelativeSecurityDescriptor() *SECURITY_DESCRIPTOR {
+	sdLen := int(selfRelativeSD.Length())
+	const min = int(unsafe.Sizeof(SECURITY_DESCRIPTOR{}))
+	if sdLen < min {
+		sdLen = min
+	}
+
+	var src []byte
+	h := (*unsafeheader.Slice)(unsafe.Pointer(&src))
+	h.Data = unsafe.Pointer(selfRelativeSD)
+	h.Len = sdLen
+	h.Cap = sdLen
+
+	const psize = int(unsafe.Sizeof(uintptr(0)))
+
+	var dst []byte
+	h = (*unsafeheader.Slice)(unsafe.Pointer(&dst))
+	alloc := make([]uintptr, (sdLen+psize-1)/psize)
+	h.Data = (*unsafeheader.Slice)(unsafe.Pointer(&alloc)).Data
+	h.Len = sdLen
+	h.Cap = sdLen
+
+	copy(dst, src)
+	return (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&dst[0]))
+}
+
+// SecurityDescriptorFromString converts an SDDL string describing a security descriptor into a
+// self-relative security descriptor object allocated on the Go heap.
+func SecurityDescriptorFromString(sddl string) (sd *SECURITY_DESCRIPTOR, err error) {
+	var winHeapSD *SECURITY_DESCRIPTOR
+	err = convertStringSecurityDescriptorToSecurityDescriptor(sddl, 1, &winHeapSD, nil)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapSD)))
+	return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
+}
+
+// GetSecurityInfo queries the security information for a given handle and returns the self-relative security
+// descriptor result on the Go heap.
+func GetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION) (sd *SECURITY_DESCRIPTOR, err error) {
+	var winHeapSD *SECURITY_DESCRIPTOR
+	err = getSecurityInfo(handle, objectType, securityInformation, nil, nil, nil, nil, &winHeapSD)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapSD)))
+	return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
+}
+
+// GetNamedSecurityInfo queries the security information for a given named object and returns the self-relative security
+// descriptor result on the Go heap.
+func GetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION) (sd *SECURITY_DESCRIPTOR, err error) {
+	var winHeapSD *SECURITY_DESCRIPTOR
+	err = getNamedSecurityInfo(objectName, objectType, securityInformation, nil, nil, nil, nil, &winHeapSD)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapSD)))
+	return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
+}
+
+// BuildSecurityDescriptor makes a new security descriptor using the input trustees, explicit access lists, and
+// prior security descriptor to be merged, any of which can be nil, returning the self-relative security descriptor
+// result on the Go heap.
+func BuildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, accessEntries []EXPLICIT_ACCESS, auditEntries []EXPLICIT_ACCESS, mergedSecurityDescriptor *SECURITY_DESCRIPTOR) (sd *SECURITY_DESCRIPTOR, err error) {
+	var winHeapSD *SECURITY_DESCRIPTOR
+	var winHeapSDSize uint32
+	var firstAccessEntry *EXPLICIT_ACCESS
+	if len(accessEntries) > 0 {
+		firstAccessEntry = &accessEntries[0]
+	}
+	var firstAuditEntry *EXPLICIT_ACCESS
+	if len(auditEntries) > 0 {
+		firstAuditEntry = &auditEntries[0]
+	}
+	err = buildSecurityDescriptor(owner, group, uint32(len(accessEntries)), firstAccessEntry, uint32(len(auditEntries)), firstAuditEntry, mergedSecurityDescriptor, &winHeapSDSize, &winHeapSD)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapSD)))
+	return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
+}
+
+// NewSecurityDescriptor creates and initializes a new absolute security descriptor.
+func NewSecurityDescriptor() (absoluteSD *SECURITY_DESCRIPTOR, err error) {
+	absoluteSD = &SECURITY_DESCRIPTOR{}
+	err = initializeSecurityDescriptor(absoluteSD, 1)
+	return
+}
+
+// ACLFromEntries returns a new ACL on the Go heap containing a list of explicit entries as well as those of another ACL.
+// Both explicitEntries and mergedACL are optional and can be nil.
+func ACLFromEntries(explicitEntries []EXPLICIT_ACCESS, mergedACL *ACL) (acl *ACL, err error) {
+	var firstExplicitEntry *EXPLICIT_ACCESS
+	if len(explicitEntries) > 0 {
+		firstExplicitEntry = &explicitEntries[0]
+	}
+	var winHeapACL *ACL
+	err = setEntriesInAcl(uint32(len(explicitEntries)), firstExplicitEntry, mergedACL, &winHeapACL)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapACL)))
+	aclBytes := make([]byte, winHeapACL.aclSize)
+	copy(aclBytes, (*[(1 << 31) - 1]byte)(unsafe.Pointer(winHeapACL))[:len(aclBytes):len(aclBytes)])
+	return (*ACL)(unsafe.Pointer(&aclBytes[0])), nil
+}
diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go
index 62fc31b40bd92..5b28ae168ae23 100644
--- a/vendor/golang.org/x/sys/windows/service.go
+++ b/vendor/golang.org/x/sys/windows/service.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build windows
 // +build windows
 
 package windows
@@ -65,6 +66,7 @@ const (
 	SERVICE_ACCEPT_HARDWAREPROFILECHANGE = 32
 	SERVICE_ACCEPT_POWEREVENT            = 64
 	SERVICE_ACCEPT_SESSIONCHANGE         = 128
+	SERVICE_ACCEPT_PRESHUTDOWN           = 256
 
 	SERVICE_CONTROL_STOP                  = 1
 	SERVICE_CONTROL_PAUSE                 = 2
@@ -80,28 +82,57 @@ const (
 	SERVICE_CONTROL_HARDWAREPROFILECHANGE = 12
 	SERVICE_CONTROL_POWEREVENT            = 13
 	SERVICE_CONTROL_SESSIONCHANGE         = 14
+	SERVICE_CONTROL_PRESHUTDOWN           = 15
 
 	SERVICE_ACTIVE    = 1
 	SERVICE_INACTIVE  = 2
 	SERVICE_STATE_ALL = 3
 
-	SERVICE_QUERY_CONFIG           = 1
-	SERVICE_CHANGE_CONFIG          = 2
-	SERVICE_QUERY_STATUS           = 4
-	SERVICE_ENUMERATE_DEPENDENTS   = 8
-	SERVICE_START                  = 16
-	SERVICE_STOP                   = 32
-	SERVICE_PAUSE_CONTINUE         = 64
-	SERVICE_INTERROGATE            = 128
-	SERVICE_USER_DEFINED_CONTROL   = 256
-	SERVICE_ALL_ACCESS             = STANDARD_RIGHTS_REQUIRED | SERVICE_QUERY_CONFIG | SERVICE_CHANGE_CONFIG | SERVICE_QUERY_STATUS | SERVICE_ENUMERATE_DEPENDENTS | SERVICE_START | SERVICE_STOP | SERVICE_PAUSE_CONTINUE | SERVICE_INTERROGATE | SERVICE_USER_DEFINED_CONTROL
+	SERVICE_QUERY_CONFIG         = 1
+	SERVICE_CHANGE_CONFIG        = 2
+	SERVICE_QUERY_STATUS         = 4
+	SERVICE_ENUMERATE_DEPENDENTS = 8
+	SERVICE_START                = 16
+	SERVICE_STOP                 = 32
+	SERVICE_PAUSE_CONTINUE       = 64
+	SERVICE_INTERROGATE          = 128
+	SERVICE_USER_DEFINED_CONTROL = 256
+	SERVICE_ALL_ACCESS           = STANDARD_RIGHTS_REQUIRED | SERVICE_QUERY_CONFIG | SERVICE_CHANGE_CONFIG | SERVICE_QUERY_STATUS | SERVICE_ENUMERATE_DEPENDENTS | SERVICE_START | SERVICE_STOP | SERVICE_PAUSE_CONTINUE | SERVICE_INTERROGATE | SERVICE_USER_DEFINED_CONTROL
+
 	SERVICE_RUNS_IN_SYSTEM_PROCESS = 1
-	SERVICE_CONFIG_DESCRIPTION     = 1
-	SERVICE_CONFIG_FAILURE_ACTIONS = 2
 
-	NO_ERROR = 0
+	SERVICE_CONFIG_DESCRIPTION              = 1
+	SERVICE_CONFIG_FAILURE_ACTIONS          = 2
+	SERVICE_CONFIG_DELAYED_AUTO_START_INFO  = 3
+	SERVICE_CONFIG_FAILURE_ACTIONS_FLAG     = 4
+	SERVICE_CONFIG_SERVICE_SID_INFO         = 5
+	SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO = 6
+	SERVICE_CONFIG_PRESHUTDOWN_INFO         = 7
+	SERVICE_CONFIG_TRIGGER_INFO             = 8
+	SERVICE_CONFIG_PREFERRED_NODE           = 9
+	SERVICE_CONFIG_LAUNCH_PROTECTED         = 12
+
+	SERVICE_SID_TYPE_NONE         = 0
+	SERVICE_SID_TYPE_UNRESTRICTED = 1
+	SERVICE_SID_TYPE_RESTRICTED   = 2 | SERVICE_SID_TYPE_UNRESTRICTED
 
 	SC_ENUM_PROCESS_INFO = 0
+
+	SERVICE_NOTIFY_STATUS_CHANGE    = 2
+	SERVICE_NOTIFY_STOPPED          = 0x00000001
+	SERVICE_NOTIFY_START_PENDING    = 0x00000002
+	SERVICE_NOTIFY_STOP_PENDING     = 0x00000004
+	SERVICE_NOTIFY_RUNNING          = 0x00000008
+	SERVICE_NOTIFY_CONTINUE_PENDING = 0x00000010
+	SERVICE_NOTIFY_PAUSE_PENDING    = 0x00000020
+	SERVICE_NOTIFY_PAUSED           = 0x00000040
+	SERVICE_NOTIFY_CREATED          = 0x00000080
+	SERVICE_NOTIFY_DELETED          = 0x00000100
+	SERVICE_NOTIFY_DELETE_PENDING   = 0x00000200
+
+	SC_EVENT_DATABASE_CHANGE = 0
+	SC_EVENT_PROPERTY_CHANGE = 1
+	SC_EVENT_STATUS_CHANGE   = 2
 )
 
 type SERVICE_STATUS struct {
@@ -135,6 +166,10 @@ type SERVICE_DESCRIPTION struct {
 	Description *uint16
 }
 
+type SERVICE_DELAYED_AUTO_START_INFO struct {
+	IsDelayedAutoStartUp uint32
+}
+
 type SERVICE_STATUS_PROCESS struct {
 	ServiceType             uint32
 	CurrentState            uint32
@@ -153,6 +188,16 @@ type ENUM_SERVICE_STATUS_PROCESS struct {
 	ServiceStatusProcess SERVICE_STATUS_PROCESS
 }
 
+type SERVICE_NOTIFY struct {
+	Version               uint32
+	NotifyCallback        uintptr
+	Context               uintptr
+	NotificationStatus    uint32
+	ServiceStatus         SERVICE_STATUS_PROCESS
+	NotificationTriggered uint32
+	ServiceNames          *uint16
+}
+
 type SERVICE_FAILURE_ACTIONS struct {
 	ResetPeriod  uint32
 	RebootMsg    *uint16
@@ -166,12 +211,19 @@ type SC_ACTION struct {
 	Delay uint32
 }
 
+type QUERY_SERVICE_LOCK_STATUS struct {
+	IsLocked     uint32
+	LockOwner    *uint16
+	LockDuration uint32
+}
+
 //sys	CloseServiceHandle(handle Handle) (err error) = advapi32.CloseServiceHandle
 //sys	CreateService(mgr Handle, serviceName *uint16, displayName *uint16, access uint32, srvType uint32, startType uint32, errCtl uint32, pathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16) (handle Handle, err error) [failretval==0] = advapi32.CreateServiceW
 //sys	OpenService(mgr Handle, serviceName *uint16, access uint32) (handle Handle, err error) [failretval==0] = advapi32.OpenServiceW
 //sys	DeleteService(service Handle) (err error) = advapi32.DeleteService
 //sys	StartService(service Handle, numArgs uint32, argVectors **uint16) (err error) = advapi32.StartServiceW
 //sys	QueryServiceStatus(service Handle, status *SERVICE_STATUS) (err error) = advapi32.QueryServiceStatus
+//sys	QueryServiceLockStatus(mgr Handle, lockStatus *QUERY_SERVICE_LOCK_STATUS, bufSize uint32, bytesNeeded *uint32) (err error) = advapi32.QueryServiceLockStatusW
 //sys	ControlService(service Handle, control uint32, status *SERVICE_STATUS) (err error) = advapi32.ControlService
 //sys	StartServiceCtrlDispatcher(serviceTable *SERVICE_TABLE_ENTRY) (err error) = advapi32.StartServiceCtrlDispatcherW
 //sys	SetServiceStatus(service Handle, serviceStatus *SERVICE_STATUS) (err error) = advapi32.SetServiceStatus
@@ -180,4 +232,8 @@ type SC_ACTION struct {
 //sys	ChangeServiceConfig2(service Handle, infoLevel uint32, info *byte) (err error) = advapi32.ChangeServiceConfig2W
 //sys	QueryServiceConfig2(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) = advapi32.QueryServiceConfig2W
 //sys	EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) = advapi32.EnumServicesStatusExW
-//sys   QueryServiceStatusEx(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) = advapi32.QueryServiceStatusEx
+//sys	QueryServiceStatusEx(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) = advapi32.QueryServiceStatusEx
+//sys	NotifyServiceStatusChange(service Handle, notifyMask uint32, notifier *SERVICE_NOTIFY) (ret error) = advapi32.NotifyServiceStatusChangeW
+//sys	SubscribeServiceChangeNotifications(service Handle, eventType uint32, callback uintptr, callbackCtx uintptr, subscription *uintptr) (ret error) = sechost.SubscribeServiceChangeNotifications?
+//sys	UnsubscribeServiceChangeNotifications(subscription uintptr) = sechost.UnsubscribeServiceChangeNotifications?
+//sys	RegisterServiceCtrlHandlerEx(serviceName *uint16, handlerProc uintptr, context uintptr) (handle Handle, err error) = advapi32.RegisterServiceCtrlHandlerExW
diff --git a/vendor/golang.org/x/sys/windows/setupapierrors_windows.go b/vendor/golang.org/x/sys/windows/setupapierrors_windows.go
new file mode 100644
index 0000000000000..1681810e04888
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/setupapierrors_windows.go
@@ -0,0 +1,100 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+import "syscall"
+
+const (
+	ERROR_EXPECTED_SECTION_NAME                  syscall.Errno = 0x20000000 | 0xC0000000 | 0
+	ERROR_BAD_SECTION_NAME_LINE                  syscall.Errno = 0x20000000 | 0xC0000000 | 1
+	ERROR_SECTION_NAME_TOO_LONG                  syscall.Errno = 0x20000000 | 0xC0000000 | 2
+	ERROR_GENERAL_SYNTAX                         syscall.Errno = 0x20000000 | 0xC0000000 | 3
+	ERROR_WRONG_INF_STYLE                        syscall.Errno = 0x20000000 | 0xC0000000 | 0x100
+	ERROR_SECTION_NOT_FOUND                      syscall.Errno = 0x20000000 | 0xC0000000 | 0x101
+	ERROR_LINE_NOT_FOUND                         syscall.Errno = 0x20000000 | 0xC0000000 | 0x102
+	ERROR_NO_BACKUP                              syscall.Errno = 0x20000000 | 0xC0000000 | 0x103
+	ERROR_NO_ASSOCIATED_CLASS                    syscall.Errno = 0x20000000 | 0xC0000000 | 0x200
+	ERROR_CLASS_MISMATCH                         syscall.Errno = 0x20000000 | 0xC0000000 | 0x201
+	ERROR_DUPLICATE_FOUND                        syscall.Errno = 0x20000000 | 0xC0000000 | 0x202
+	ERROR_NO_DRIVER_SELECTED                     syscall.Errno = 0x20000000 | 0xC0000000 | 0x203
+	ERROR_KEY_DOES_NOT_EXIST                     syscall.Errno = 0x20000000 | 0xC0000000 | 0x204
+	ERROR_INVALID_DEVINST_NAME                   syscall.Errno = 0x20000000 | 0xC0000000 | 0x205
+	ERROR_INVALID_CLASS                          syscall.Errno = 0x20000000 | 0xC0000000 | 0x206
+	ERROR_DEVINST_ALREADY_EXISTS                 syscall.Errno = 0x20000000 | 0xC0000000 | 0x207
+	ERROR_DEVINFO_NOT_REGISTERED                 syscall.Errno = 0x20000000 | 0xC0000000 | 0x208
+	ERROR_INVALID_REG_PROPERTY                   syscall.Errno = 0x20000000 | 0xC0000000 | 0x209
+	ERROR_NO_INF                                 syscall.Errno = 0x20000000 | 0xC0000000 | 0x20A
+	ERROR_NO_SUCH_DEVINST                        syscall.Errno = 0x20000000 | 0xC0000000 | 0x20B
+	ERROR_CANT_LOAD_CLASS_ICON                   syscall.Errno = 0x20000000 | 0xC0000000 | 0x20C
+	ERROR_INVALID_CLASS_INSTALLER                syscall.Errno = 0x20000000 | 0xC0000000 | 0x20D
+	ERROR_DI_DO_DEFAULT                          syscall.Errno = 0x20000000 | 0xC0000000 | 0x20E
+	ERROR_DI_NOFILECOPY                          syscall.Errno = 0x20000000 | 0xC0000000 | 0x20F
+	ERROR_INVALID_HWPROFILE                      syscall.Errno = 0x20000000 | 0xC0000000 | 0x210
+	ERROR_NO_DEVICE_SELECTED                     syscall.Errno = 0x20000000 | 0xC0000000 | 0x211
+	ERROR_DEVINFO_LIST_LOCKED                    syscall.Errno = 0x20000000 | 0xC0000000 | 0x212
+	ERROR_DEVINFO_DATA_LOCKED                    syscall.Errno = 0x20000000 | 0xC0000000 | 0x213
+	ERROR_DI_BAD_PATH                            syscall.Errno = 0x20000000 | 0xC0000000 | 0x214
+	ERROR_NO_CLASSINSTALL_PARAMS                 syscall.Errno = 0x20000000 | 0xC0000000 | 0x215
+	ERROR_FILEQUEUE_LOCKED                       syscall.Errno = 0x20000000 | 0xC0000000 | 0x216
+	ERROR_BAD_SERVICE_INSTALLSECT                syscall.Errno = 0x20000000 | 0xC0000000 | 0x217
+	ERROR_NO_CLASS_DRIVER_LIST                   syscall.Errno = 0x20000000 | 0xC0000000 | 0x218
+	ERROR_NO_ASSOCIATED_SERVICE                  syscall.Errno = 0x20000000 | 0xC0000000 | 0x219
+	ERROR_NO_DEFAULT_DEVICE_INTERFACE            syscall.Errno = 0x20000000 | 0xC0000000 | 0x21A
+	ERROR_DEVICE_INTERFACE_ACTIVE                syscall.Errno = 0x20000000 | 0xC0000000 | 0x21B
+	ERROR_DEVICE_INTERFACE_REMOVED               syscall.Errno = 0x20000000 | 0xC0000000 | 0x21C
+	ERROR_BAD_INTERFACE_INSTALLSECT              syscall.Errno = 0x20000000 | 0xC0000000 | 0x21D
+	ERROR_NO_SUCH_INTERFACE_CLASS                syscall.Errno = 0x20000000 | 0xC0000000 | 0x21E
+	ERROR_INVALID_REFERENCE_STRING               syscall.Errno = 0x20000000 | 0xC0000000 | 0x21F
+	ERROR_INVALID_MACHINENAME                    syscall.Errno = 0x20000000 | 0xC0000000 | 0x220
+	ERROR_REMOTE_COMM_FAILURE                    syscall.Errno = 0x20000000 | 0xC0000000 | 0x221
+	ERROR_MACHINE_UNAVAILABLE                    syscall.Errno = 0x20000000 | 0xC0000000 | 0x222
+	ERROR_NO_CONFIGMGR_SERVICES                  syscall.Errno = 0x20000000 | 0xC0000000 | 0x223
+	ERROR_INVALID_PROPPAGE_PROVIDER              syscall.Errno = 0x20000000 | 0xC0000000 | 0x224
+	ERROR_NO_SUCH_DEVICE_INTERFACE               syscall.Errno = 0x20000000 | 0xC0000000 | 0x225
+	ERROR_DI_POSTPROCESSING_REQUIRED             syscall.Errno = 0x20000000 | 0xC0000000 | 0x226
+	ERROR_INVALID_COINSTALLER                    syscall.Errno = 0x20000000 | 0xC0000000 | 0x227
+	ERROR_NO_COMPAT_DRIVERS                      syscall.Errno = 0x20000000 | 0xC0000000 | 0x228
+	ERROR_NO_DEVICE_ICON                         syscall.Errno = 0x20000000 | 0xC0000000 | 0x229
+	ERROR_INVALID_INF_LOGCONFIG                  syscall.Errno = 0x20000000 | 0xC0000000 | 0x22A
+	ERROR_DI_DONT_INSTALL                        syscall.Errno = 0x20000000 | 0xC0000000 | 0x22B
+	ERROR_INVALID_FILTER_DRIVER                  syscall.Errno = 0x20000000 | 0xC0000000 | 0x22C
+	ERROR_NON_WINDOWS_NT_DRIVER                  syscall.Errno = 0x20000000 | 0xC0000000 | 0x22D
+	ERROR_NON_WINDOWS_DRIVER                     syscall.Errno = 0x20000000 | 0xC0000000 | 0x22E
+	ERROR_NO_CATALOG_FOR_OEM_INF                 syscall.Errno = 0x20000000 | 0xC0000000 | 0x22F
+	ERROR_DEVINSTALL_QUEUE_NONNATIVE             syscall.Errno = 0x20000000 | 0xC0000000 | 0x230
+	ERROR_NOT_DISABLEABLE                        syscall.Errno = 0x20000000 | 0xC0000000 | 0x231
+	ERROR_CANT_REMOVE_DEVINST                    syscall.Errno = 0x20000000 | 0xC0000000 | 0x232
+	ERROR_INVALID_TARGET                         syscall.Errno = 0x20000000 | 0xC0000000 | 0x233
+	ERROR_DRIVER_NONNATIVE                       syscall.Errno = 0x20000000 | 0xC0000000 | 0x234
+	ERROR_IN_WOW64                               syscall.Errno = 0x20000000 | 0xC0000000 | 0x235
+	ERROR_SET_SYSTEM_RESTORE_POINT               syscall.Errno = 0x20000000 | 0xC0000000 | 0x236
+	ERROR_SCE_DISABLED                           syscall.Errno = 0x20000000 | 0xC0000000 | 0x238
+	ERROR_UNKNOWN_EXCEPTION                      syscall.Errno = 0x20000000 | 0xC0000000 | 0x239
+	ERROR_PNP_REGISTRY_ERROR                     syscall.Errno = 0x20000000 | 0xC0000000 | 0x23A
+	ERROR_REMOTE_REQUEST_UNSUPPORTED             syscall.Errno = 0x20000000 | 0xC0000000 | 0x23B
+	ERROR_NOT_AN_INSTALLED_OEM_INF               syscall.Errno = 0x20000000 | 0xC0000000 | 0x23C
+	ERROR_INF_IN_USE_BY_DEVICES                  syscall.Errno = 0x20000000 | 0xC0000000 | 0x23D
+	ERROR_DI_FUNCTION_OBSOLETE                   syscall.Errno = 0x20000000 | 0xC0000000 | 0x23E
+	ERROR_NO_AUTHENTICODE_CATALOG                syscall.Errno = 0x20000000 | 0xC0000000 | 0x23F
+	ERROR_AUTHENTICODE_DISALLOWED                syscall.Errno = 0x20000000 | 0xC0000000 | 0x240
+	ERROR_AUTHENTICODE_TRUSTED_PUBLISHER         syscall.Errno = 0x20000000 | 0xC0000000 | 0x241
+	ERROR_AUTHENTICODE_TRUST_NOT_ESTABLISHED     syscall.Errno = 0x20000000 | 0xC0000000 | 0x242
+	ERROR_AUTHENTICODE_PUBLISHER_NOT_TRUSTED     syscall.Errno = 0x20000000 | 0xC0000000 | 0x243
+	ERROR_SIGNATURE_OSATTRIBUTE_MISMATCH         syscall.Errno = 0x20000000 | 0xC0000000 | 0x244
+	ERROR_ONLY_VALIDATE_VIA_AUTHENTICODE         syscall.Errno = 0x20000000 | 0xC0000000 | 0x245
+	ERROR_DEVICE_INSTALLER_NOT_READY             syscall.Errno = 0x20000000 | 0xC0000000 | 0x246
+	ERROR_DRIVER_STORE_ADD_FAILED                syscall.Errno = 0x20000000 | 0xC0000000 | 0x247
+	ERROR_DEVICE_INSTALL_BLOCKED                 syscall.Errno = 0x20000000 | 0xC0000000 | 0x248
+	ERROR_DRIVER_INSTALL_BLOCKED                 syscall.Errno = 0x20000000 | 0xC0000000 | 0x249
+	ERROR_WRONG_INF_TYPE                         syscall.Errno = 0x20000000 | 0xC0000000 | 0x24A
+	ERROR_FILE_HASH_NOT_IN_CATALOG               syscall.Errno = 0x20000000 | 0xC0000000 | 0x24B
+	ERROR_DRIVER_STORE_DELETE_FAILED             syscall.Errno = 0x20000000 | 0xC0000000 | 0x24C
+	ERROR_UNRECOVERABLE_STACK_OVERFLOW           syscall.Errno = 0x20000000 | 0xC0000000 | 0x300
+	EXCEPTION_SPAPI_UNRECOVERABLE_STACK_OVERFLOW syscall.Errno = ERROR_UNRECOVERABLE_STACK_OVERFLOW
+	ERROR_NO_DEFAULT_INTERFACE_DEVICE            syscall.Errno = ERROR_NO_DEFAULT_DEVICE_INTERFACE
+	ERROR_INTERFACE_DEVICE_ACTIVE                syscall.Errno = ERROR_DEVICE_INTERFACE_ACTIVE
+	ERROR_INTERFACE_DEVICE_REMOVED               syscall.Errno = ERROR_DEVICE_INTERFACE_REMOVED
+	ERROR_NO_SUCH_INTERFACE_DEVICE               syscall.Errno = ERROR_NO_SUCH_DEVICE_INTERFACE
+)
diff --git a/vendor/golang.org/x/sys/windows/str.go b/vendor/golang.org/x/sys/windows/str.go
index 917cc2aae4e1b..4fc01434e4a2a 100644
--- a/vendor/golang.org/x/sys/windows/str.go
+++ b/vendor/golang.org/x/sys/windows/str.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build windows
 // +build windows
 
 package windows
diff --git a/vendor/golang.org/x/sys/windows/svc/event.go b/vendor/golang.org/x/sys/windows/svc/event.go
deleted file mode 100644
index 0508e22881843..0000000000000
--- a/vendor/golang.org/x/sys/windows/svc/event.go
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-package svc
-
-import (
-	"errors"
-
-	"golang.org/x/sys/windows"
-)
-
-// event represents auto-reset, initially non-signaled Windows event.
-// It is used to communicate between go and asm parts of this package.
-type event struct {
-	h windows.Handle
-}
-
-func newEvent() (*event, error) {
-	h, err := windows.CreateEvent(nil, 0, 0, nil)
-	if err != nil {
-		return nil, err
-	}
-	return &event{h: h}, nil
-}
-
-func (e *event) Close() error {
-	return windows.CloseHandle(e.h)
-}
-
-func (e *event) Set() error {
-	return windows.SetEvent(e.h)
-}
-
-func (e *event) Wait() error {
-	s, err := windows.WaitForSingleObject(e.h, windows.INFINITE)
-	switch s {
-	case windows.WAIT_OBJECT_0:
-		break
-	case windows.WAIT_FAILED:
-		return err
-	default:
-		return errors.New("unexpected result from WaitForSingleObject")
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/sys/windows/svc/go12.c b/vendor/golang.org/x/sys/windows/svc/go12.c
deleted file mode 100644
index 6f1be1fa3bcb7..0000000000000
--- a/vendor/golang.org/x/sys/windows/svc/go12.c
+++ /dev/null
@@ -1,24 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-// +build !go1.3
-
-// copied from pkg/runtime
-typedef	unsigned int	uint32;
-typedef	unsigned long long int	uint64;
-#ifdef _64BIT
-typedef	uint64		uintptr;
-#else
-typedef	uint32		uintptr;
-#endif
-
-// from sys_386.s or sys_amd64.s
-void ·servicemain(void);
-
-void
-·getServiceMain(uintptr *r)
-{
-	*r = (uintptr)·servicemain;
-}
diff --git a/vendor/golang.org/x/sys/windows/svc/go12.go b/vendor/golang.org/x/sys/windows/svc/go12.go
deleted file mode 100644
index cd8b913c99d46..0000000000000
--- a/vendor/golang.org/x/sys/windows/svc/go12.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-// +build !go1.3
-
-package svc
-
-// from go12.c
-func getServiceMain(r *uintptr)
diff --git a/vendor/golang.org/x/sys/windows/svc/go13.go b/vendor/golang.org/x/sys/windows/svc/go13.go
deleted file mode 100644
index 9d7f3cec54cd0..0000000000000
--- a/vendor/golang.org/x/sys/windows/svc/go13.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-// +build go1.3
-
-package svc
-
-import "unsafe"
-
-const ptrSize = 4 << (^uintptr(0) >> 63) // unsafe.Sizeof(uintptr(0)) but an ideal const
-
-// Should be a built-in for unsafe.Pointer?
-func add(p unsafe.Pointer, x uintptr) unsafe.Pointer {
-	return unsafe.Pointer(uintptr(p) + x)
-}
-
-// funcPC returns the entry PC of the function f.
-// It assumes that f is a func value. Otherwise the behavior is undefined.
-func funcPC(f interface{}) uintptr {
-	return **(**uintptr)(add(unsafe.Pointer(&f), ptrSize))
-}
-
-// from sys_386.s and sys_amd64.s
-func servicectlhandler(ctl uint32) uintptr
-func servicemain(argc uint32, argv **uint16)
-
-func getServiceMain(r *uintptr) {
-	*r = funcPC(servicemain)
-}
diff --git a/vendor/golang.org/x/sys/windows/svc/mgr/config.go b/vendor/golang.org/x/sys/windows/svc/mgr/config.go
index d804e31f1f3e7..da4df6383db2d 100644
--- a/vendor/golang.org/x/sys/windows/svc/mgr/config.go
+++ b/vendor/golang.org/x/sys/windows/svc/mgr/config.go
@@ -8,7 +8,6 @@ package mgr
 
 import (
 	"syscall"
-	"unicode/utf16"
 	"unsafe"
 
 	"golang.org/x/sys/windows"
@@ -42,30 +41,25 @@ type Config struct {
 	DisplayName      string
 	Password         string
 	Description      string
-}
-
-func toString(p *uint16) string {
-	if p == nil {
-		return ""
-	}
-	return syscall.UTF16ToString((*[4096]uint16)(unsafe.Pointer(p))[:])
+	SidType          uint32 // one of SERVICE_SID_TYPE, the type of sid to use for the service
+	DelayedAutoStart bool   // the service is started after other auto-start services are started plus a short delay
 }
 
 func toStringSlice(ps *uint16) []string {
-	if ps == nil {
-		return nil
-	}
 	r := make([]string, 0)
-	for from, i, p := 0, 0, (*[1 << 24]uint16)(unsafe.Pointer(ps)); true; i++ {
-		if p[i] == 0 {
-			// empty string marks the end
-			if i <= from {
-				break
-			}
-			r = append(r, string(utf16.Decode(p[from:i])))
-			from = i + 1
+	p := unsafe.Pointer(ps)
+
+	for {
+		s := windows.UTF16PtrToString((*uint16)(p))
+		if len(s) == 0 {
+			break
 		}
+
+		r = append(r, s)
+		offset := unsafe.Sizeof(uint16(0)) * (uintptr)(len(s)+1)
+		p = unsafe.Pointer(uintptr(p) + offset)
 	}
+
 	return r
 }
 
@@ -94,17 +88,35 @@ func (s *Service) Config() (Config, error) {
 	}
 	p2 := (*windows.SERVICE_DESCRIPTION)(unsafe.Pointer(&b[0]))
 
+	b, err = s.queryServiceConfig2(windows.SERVICE_CONFIG_DELAYED_AUTO_START_INFO)
+	if err != nil {
+		return Config{}, err
+	}
+	p3 := (*windows.SERVICE_DELAYED_AUTO_START_INFO)(unsafe.Pointer(&b[0]))
+	delayedStart := false
+	if p3.IsDelayedAutoStartUp != 0 {
+		delayedStart = true
+	}
+
+	b, err = s.queryServiceConfig2(windows.SERVICE_CONFIG_SERVICE_SID_INFO)
+	if err != nil {
+		return Config{}, err
+	}
+	sidType := *(*uint32)(unsafe.Pointer(&b[0]))
+
 	return Config{
 		ServiceType:      p.ServiceType,
 		StartType:        p.StartType,
 		ErrorControl:     p.ErrorControl,
-		BinaryPathName:   toString(p.BinaryPathName),
-		LoadOrderGroup:   toString(p.LoadOrderGroup),
+		BinaryPathName:   windows.UTF16PtrToString(p.BinaryPathName),
+		LoadOrderGroup:   windows.UTF16PtrToString(p.LoadOrderGroup),
 		TagId:            p.TagId,
 		Dependencies:     toStringSlice(p.Dependencies),
-		ServiceStartName: toString(p.ServiceStartName),
-		DisplayName:      toString(p.DisplayName),
-		Description:      toString(p2.Description),
+		ServiceStartName: windows.UTF16PtrToString(p.ServiceStartName),
+		DisplayName:      windows.UTF16PtrToString(p.DisplayName),
+		Description:      windows.UTF16PtrToString(p2.Description),
+		DelayedAutoStart: delayedStart,
+		SidType:          sidType,
 	}, nil
 }
 
@@ -114,6 +126,19 @@ func updateDescription(handle windows.Handle, desc string) error {
 		windows.SERVICE_CONFIG_DESCRIPTION, (*byte)(unsafe.Pointer(&d)))
 }
 
+func updateSidType(handle windows.Handle, sidType uint32) error {
+	return windows.ChangeServiceConfig2(handle, windows.SERVICE_CONFIG_SERVICE_SID_INFO, (*byte)(unsafe.Pointer(&sidType)))
+}
+
+func updateStartUp(handle windows.Handle, isDelayed bool) error {
+	var d windows.SERVICE_DELAYED_AUTO_START_INFO
+	if isDelayed {
+		d.IsDelayedAutoStartUp = 1
+	}
+	return windows.ChangeServiceConfig2(handle,
+		windows.SERVICE_CONFIG_DELAYED_AUTO_START_INFO, (*byte)(unsafe.Pointer(&d)))
+}
+
 // UpdateConfig updates service s configuration parameters.
 func (s *Service) UpdateConfig(c Config) error {
 	err := windows.ChangeServiceConfig(s.Handle, c.ServiceType, c.StartType,
@@ -123,6 +148,16 @@ func (s *Service) UpdateConfig(c Config) error {
 	if err != nil {
 		return err
 	}
+	err = updateSidType(s.Handle, c.SidType)
+	if err != nil {
+		return err
+	}
+
+	err = updateStartUp(s.Handle, c.DelayedAutoStart)
+	if err != nil {
+		return err
+	}
+
 	return updateDescription(s.Handle, c.Description)
 }
 
diff --git a/vendor/golang.org/x/sys/windows/svc/mgr/mgr.go b/vendor/golang.org/x/sys/windows/svc/mgr/mgr.go
index 76965b560182a..8e78daf3d01dd 100644
--- a/vendor/golang.org/x/sys/windows/svc/mgr/mgr.go
+++ b/vendor/golang.org/x/sys/windows/svc/mgr/mgr.go
@@ -13,9 +13,11 @@ package mgr
 
 import (
 	"syscall"
+	"time"
 	"unicode/utf16"
 	"unsafe"
 
+	"golang.org/x/sys/internal/unsafeheader"
 	"golang.org/x/sys/windows"
 )
 
@@ -48,6 +50,36 @@ func (m *Mgr) Disconnect() error {
 	return windows.CloseServiceHandle(m.Handle)
 }
 
+type LockStatus struct {
+	IsLocked bool          // Whether the SCM has been locked.
+	Age      time.Duration // For how long the SCM has been locked.
+	Owner    string        // The name of the user who has locked the SCM.
+}
+
+// LockStatus returns whether the service control manager is locked by
+// the system, for how long, and by whom. A locked SCM indicates that
+// most service actions will block until the system unlocks the SCM.
+func (m *Mgr) LockStatus() (*LockStatus, error) {
+	bytesNeeded := uint32(unsafe.Sizeof(windows.QUERY_SERVICE_LOCK_STATUS{}) + 1024)
+	for {
+		bytes := make([]byte, bytesNeeded)
+		lockStatus := (*windows.QUERY_SERVICE_LOCK_STATUS)(unsafe.Pointer(&bytes[0]))
+		err := windows.QueryServiceLockStatus(m.Handle, lockStatus, uint32(len(bytes)), &bytesNeeded)
+		if err == windows.ERROR_INSUFFICIENT_BUFFER && bytesNeeded >= uint32(unsafe.Sizeof(windows.QUERY_SERVICE_LOCK_STATUS{})) {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+		status := &LockStatus{
+			IsLocked: lockStatus.IsLocked != 0,
+			Age:      time.Duration(lockStatus.LockDuration) * time.Second,
+			Owner:    windows.UTF16PtrToString(lockStatus.LockOwner),
+		}
+		return status, nil
+	}
+}
+
 func toPtr(s string) *uint16 {
 	if len(s) == 0 {
 		return nil
@@ -85,9 +117,6 @@ func (m *Mgr) CreateService(name, exepath string, c Config, args ...string) (*Se
 	if c.StartType == 0 {
 		c.StartType = StartManual
 	}
-	if c.ErrorControl == 0 {
-		c.ErrorControl = ErrorNormal
-	}
 	if c.ServiceType == 0 {
 		c.ServiceType = windows.SERVICE_WIN32_OWN_PROCESS
 	}
@@ -102,9 +131,27 @@ func (m *Mgr) CreateService(name, exepath string, c Config, args ...string) (*Se
 	if err != nil {
 		return nil, err
 	}
+	if c.SidType != windows.SERVICE_SID_TYPE_NONE {
+		err = updateSidType(h, c.SidType)
+		if err != nil {
+			windows.DeleteService(h)
+			windows.CloseServiceHandle(h)
+			return nil, err
+		}
+	}
 	if c.Description != "" {
 		err = updateDescription(h, c.Description)
 		if err != nil {
+			windows.DeleteService(h)
+			windows.CloseServiceHandle(h)
+			return nil, err
+		}
+	}
+	if c.DelayedAutoStart {
+		err = updateStartUp(h, c.DelayedAutoStart)
+		if err != nil {
+			windows.DeleteService(h)
+			windows.CloseServiceHandle(h)
 			return nil, err
 		}
 	}
@@ -152,10 +199,16 @@ func (m *Mgr) ListServices() ([]string, error) {
 	if servicesReturned == 0 {
 		return nil, nil
 	}
-	services := (*[1 << 20]windows.ENUM_SERVICE_STATUS_PROCESS)(unsafe.Pointer(&buf[0]))[:servicesReturned]
+
+	var services []windows.ENUM_SERVICE_STATUS_PROCESS
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&services))
+	hdr.Data = unsafe.Pointer(&buf[0])
+	hdr.Len = int(servicesReturned)
+	hdr.Cap = int(servicesReturned)
+
 	var names []string
 	for _, s := range services {
-		name := syscall.UTF16ToString((*[1 << 20]uint16)(unsafe.Pointer(s.ServiceName))[:])
+		name := windows.UTF16PtrToString(s.ServiceName)
 		names = append(names, name)
 	}
 	return names, nil
diff --git a/vendor/golang.org/x/sys/windows/svc/mgr/recovery.go b/vendor/golang.org/x/sys/windows/svc/mgr/recovery.go
index 71ce2b8199fa6..e465cbbd32713 100644
--- a/vendor/golang.org/x/sys/windows/svc/mgr/recovery.go
+++ b/vendor/golang.org/x/sys/windows/svc/mgr/recovery.go
@@ -12,6 +12,7 @@ import (
 	"time"
 	"unsafe"
 
+	"golang.org/x/sys/internal/unsafeheader"
 	"golang.org/x/sys/windows"
 )
 
@@ -68,8 +69,13 @@ func (s *Service) RecoveryActions() ([]RecoveryAction, error) {
 		return nil, err
 	}
 
+	var actions []windows.SC_ACTION
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&actions))
+	hdr.Data = unsafe.Pointer(p.Actions)
+	hdr.Len = int(p.ActionsCount)
+	hdr.Cap = int(p.ActionsCount)
+
 	var recoveryActions []RecoveryAction
-	actions := (*[1024]windows.SC_ACTION)(unsafe.Pointer(p.Actions))[:p.ActionsCount]
 	for _, action := range actions {
 		recoveryActions = append(recoveryActions, RecoveryAction{Type: int(action.Type), Delay: time.Duration(action.Delay) * time.Millisecond})
 	}
@@ -112,7 +118,7 @@ func (s *Service) RebootMessage() (string, error) {
 		return "", err
 	}
 	p := (*windows.SERVICE_FAILURE_ACTIONS)(unsafe.Pointer(&b[0]))
-	return toString(p.RebootMsg), nil
+	return windows.UTF16PtrToString(p.RebootMsg), nil
 }
 
 // SetRecoveryCommand sets the command line of the process to execute in response to the RunCommand service controller action.
@@ -131,5 +137,5 @@ func (s *Service) RecoveryCommand() (string, error) {
 		return "", err
 	}
 	p := (*windows.SERVICE_FAILURE_ACTIONS)(unsafe.Pointer(&b[0]))
-	return toString(p.Command), nil
+	return windows.UTF16PtrToString(p.Command), nil
 }
diff --git a/vendor/golang.org/x/sys/windows/svc/mgr/service.go b/vendor/golang.org/x/sys/windows/svc/mgr/service.go
index fdc46af5fcbf7..7d735ca226ce6 100644
--- a/vendor/golang.org/x/sys/windows/svc/mgr/service.go
+++ b/vendor/golang.org/x/sys/windows/svc/mgr/service.go
@@ -8,6 +8,7 @@ package mgr
 
 import (
 	"syscall"
+	"unsafe"
 
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/svc"
@@ -45,7 +46,7 @@ func (s *Service) Start(args ...string) error {
 	return windows.StartService(s.Handle, uint32(len(args)), p)
 }
 
-// Control sends state change request c to the servce s.
+// Control sends state change request c to the service s.
 func (s *Service) Control(c svc.Cmd) (svc.Status, error) {
 	var t windows.SERVICE_STATUS
 	err := windows.ControlService(s.Handle, uint32(c), &t)
@@ -60,13 +61,17 @@ func (s *Service) Control(c svc.Cmd) (svc.Status, error) {
 
 // Query returns current status of service s.
 func (s *Service) Query() (svc.Status, error) {
-	var t windows.SERVICE_STATUS
-	err := windows.QueryServiceStatus(s.Handle, &t)
+	var t windows.SERVICE_STATUS_PROCESS
+	var needed uint32
+	err := windows.QueryServiceStatusEx(s.Handle, windows.SC_STATUS_PROCESS_INFO, (*byte)(unsafe.Pointer(&t)), uint32(unsafe.Sizeof(t)), &needed)
 	if err != nil {
 		return svc.Status{}, err
 	}
 	return svc.Status{
-		State:   svc.State(t.CurrentState),
-		Accepts: svc.Accepted(t.ControlsAccepted),
+		State:                   svc.State(t.CurrentState),
+		Accepts:                 svc.Accepted(t.ControlsAccepted),
+		ProcessId:               t.ProcessId,
+		Win32ExitCode:           t.Win32ExitCode,
+		ServiceSpecificExitCode: t.ServiceSpecificExitCode,
 	}, nil
 }
diff --git a/vendor/golang.org/x/sys/windows/svc/security.go b/vendor/golang.org/x/sys/windows/svc/security.go
index 6fbc9236ed533..351d286fb2da0 100644
--- a/vendor/golang.org/x/sys/windows/svc/security.go
+++ b/vendor/golang.org/x/sys/windows/svc/security.go
@@ -2,11 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build windows
 // +build windows
 
 package svc
 
 import (
+	"path/filepath"
+	"strings"
 	"unsafe"
 
 	"golang.org/x/sys/windows"
@@ -25,6 +28,8 @@ func allocSid(subAuth0 uint32) (*windows.SID, error) {
 // IsAnInteractiveSession determines if calling process is running interactively.
 // It queries the process token for membership in the Interactive group.
 // http://stackoverflow.com/questions/2668851/how-do-i-detect-that-my-application-is-running-as-service-or-in-an-interactive-s
+//
+// Deprecated: Use IsWindowsService instead.
 func IsAnInteractiveSession() (bool, error) {
 	interSid, err := allocSid(windows.SECURITY_INTERACTIVE_RID)
 	if err != nil {
@@ -48,9 +53,8 @@ func IsAnInteractiveSession() (bool, error) {
 	if err != nil {
 		return false, err
 	}
-	p := unsafe.Pointer(&gs.Groups[0])
-	groups := (*[2 << 20]windows.SIDAndAttributes)(p)[:gs.GroupCount]
-	for _, g := range groups {
+
+	for _, g := range gs.AllGroups() {
 		if windows.EqualSid(g.Sid, interSid) {
 			return true, nil
 		}
@@ -60,3 +64,46 @@ func IsAnInteractiveSession() (bool, error) {
 	}
 	return false, nil
 }
+
+// IsWindowsService reports whether the process is currently executing
+// as a Windows service.
+func IsWindowsService() (bool, error) {
+	// The below technique looks a bit hairy, but it's actually
+	// exactly what the .NET framework does for the similarly named function:
+	// https://github.com/dotnet/extensions/blob/f4066026ca06984b07e90e61a6390ac38152ba93/src/Hosting/WindowsServices/src/WindowsServiceHelpers.cs#L26-L31
+	// Specifically, it looks up whether the parent process has session ID zero
+	// and is called "services".
+
+	var pbi windows.PROCESS_BASIC_INFORMATION
+	pbiLen := uint32(unsafe.Sizeof(pbi))
+	err := windows.NtQueryInformationProcess(windows.CurrentProcess(), windows.ProcessBasicInformation, unsafe.Pointer(&pbi), pbiLen, &pbiLen)
+	if err != nil {
+		return false, err
+	}
+	var psid uint32
+	err = windows.ProcessIdToSessionId(uint32(pbi.InheritedFromUniqueProcessId), &psid)
+	if err != nil || psid != 0 {
+		return false, nil
+	}
+	pproc, err := windows.OpenProcess(windows.PROCESS_QUERY_LIMITED_INFORMATION, false, uint32(pbi.InheritedFromUniqueProcessId))
+	if err != nil {
+		return false, err
+	}
+	defer windows.CloseHandle(pproc)
+	var exeNameBuf [261]uint16
+	exeNameLen := uint32(len(exeNameBuf) - 1)
+	err = windows.QueryFullProcessImageName(pproc, 0, &exeNameBuf[0], &exeNameLen)
+	if err != nil {
+		return false, err
+	}
+	exeName := windows.UTF16ToString(exeNameBuf[:exeNameLen])
+	if !strings.EqualFold(filepath.Base(exeName), "services.exe") {
+		return false, nil
+	}
+	system32, err := windows.GetSystemDirectory()
+	if err != nil {
+		return false, err
+	}
+	targetExeName := filepath.Join(system32, "services.exe")
+	return strings.EqualFold(exeName, targetExeName), nil
+}
diff --git a/vendor/golang.org/x/sys/windows/svc/service.go b/vendor/golang.org/x/sys/windows/svc/service.go
index cda26b54b3912..9ad6eb4dca0c9 100644
--- a/vendor/golang.org/x/sys/windows/svc/service.go
+++ b/vendor/golang.org/x/sys/windows/svc/service.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build windows
 // +build windows
 
 // Package svc provides everything required to build Windows service.
@@ -10,10 +11,10 @@ package svc
 
 import (
 	"errors"
-	"runtime"
-	"syscall"
+	"sync"
 	"unsafe"
 
+	"golang.org/x/sys/internal/unsafeheader"
 	"golang.org/x/sys/windows"
 )
 
@@ -49,6 +50,7 @@ const (
 	HardwareProfileChange = Cmd(windows.SERVICE_CONTROL_HARDWAREPROFILECHANGE)
 	PowerEvent            = Cmd(windows.SERVICE_CONTROL_POWEREVENT)
 	SessionChange         = Cmd(windows.SERVICE_CONTROL_SESSIONCHANGE)
+	PreShutdown           = Cmd(windows.SERVICE_CONTROL_PRESHUTDOWN)
 )
 
 // Accepted is used to describe commands accepted by the service.
@@ -64,14 +66,18 @@ const (
 	AcceptHardwareProfileChange = Accepted(windows.SERVICE_ACCEPT_HARDWAREPROFILECHANGE)
 	AcceptPowerEvent            = Accepted(windows.SERVICE_ACCEPT_POWEREVENT)
 	AcceptSessionChange         = Accepted(windows.SERVICE_ACCEPT_SESSIONCHANGE)
+	AcceptPreShutdown           = Accepted(windows.SERVICE_ACCEPT_PRESHUTDOWN)
 )
 
 // Status combines State and Accepted commands to fully describe running service.
 type Status struct {
-	State      State
-	Accepts    Accepted
-	CheckPoint uint32 // used to report progress during a lengthy operation
-	WaitHint   uint32 // estimated time required for a pending operation, in milliseconds
+	State                   State
+	Accepts                 Accepted
+	CheckPoint              uint32 // used to report progress during a lengthy operation
+	WaitHint                uint32 // estimated time required for a pending operation, in milliseconds
+	ProcessId               uint32 // if the service is running, the process identifier of it, and otherwise zero
+	Win32ExitCode           uint32 // set if the service has exited with a win32 exit code
+	ServiceSpecificExitCode uint32 // set if the service has exited with a service-specific exit code
 }
 
 // ChangeRequest is sent to the service Handler to request service status change.
@@ -80,11 +86,11 @@ type ChangeRequest struct {
 	EventType     uint32
 	EventData     uintptr
 	CurrentStatus Status
+	Context       uintptr
 }
 
 // Handler is the interface that must be implemented to build Windows service.
 type Handler interface {
-
 	// Execute will be called by the package code at the start of
 	// the service, and the service will exit once Execute completes.
 	// Inside Execute you must read service change requests from r and
@@ -99,34 +105,11 @@ type Handler interface {
 	Execute(args []string, r <-chan ChangeRequest, s chan<- Status) (svcSpecificEC bool, exitCode uint32)
 }
 
-var (
-	// These are used by asm code.
-	goWaitsH                       uintptr
-	cWaitsH                        uintptr
-	ssHandle                       uintptr
-	sName                          *uint16
-	sArgc                          uintptr
-	sArgv                          **uint16
-	ctlHandlerExProc               uintptr
-	cSetEvent                      uintptr
-	cWaitForSingleObject           uintptr
-	cRegisterServiceCtrlHandlerExW uintptr
-)
-
-func init() {
-	k := syscall.MustLoadDLL("kernel32.dll")
-	cSetEvent = k.MustFindProc("SetEvent").Addr()
-	cWaitForSingleObject = k.MustFindProc("WaitForSingleObject").Addr()
-	a := syscall.MustLoadDLL("advapi32.dll")
-	cRegisterServiceCtrlHandlerExW = a.MustFindProc("RegisterServiceCtrlHandlerExW").Addr()
-}
-
-// The HandlerEx prototype also has a context pointer but since we don't use
-// it at start-up time we don't have to pass it over either.
 type ctlEvent struct {
 	cmd       Cmd
 	eventType uint32
 	eventData uintptr
+	context   uintptr
 	errno     uint32
 }
 
@@ -134,36 +117,10 @@ type ctlEvent struct {
 type service struct {
 	name    string
 	h       windows.Handle
-	cWaits  *event
-	goWaits *event
 	c       chan ctlEvent
 	handler Handler
 }
 
-func newService(name string, handler Handler) (*service, error) {
-	var s service
-	var err error
-	s.name = name
-	s.c = make(chan ctlEvent)
-	s.handler = handler
-	s.cWaits, err = newEvent()
-	if err != nil {
-		return nil, err
-	}
-	s.goWaits, err = newEvent()
-	if err != nil {
-		s.cWaits.Close()
-		return nil, err
-	}
-	return &s, nil
-}
-
-func (s *service) close() error {
-	s.cWaits.Close()
-	s.goWaits.Close()
-	return nil
-}
-
 type exitCode struct {
 	isSvcSpecific bool
 	errno         uint32
@@ -200,6 +157,9 @@ func (s *service) updateStatus(status *Status, ec *exitCode) error {
 	if status.Accepts&AcceptSessionChange != 0 {
 		t.ControlsAccepted |= windows.SERVICE_ACCEPT_SESSIONCHANGE
 	}
+	if status.Accepts&AcceptPreShutdown != 0 {
+		t.ControlsAccepted |= windows.SERVICE_ACCEPT_PRESHUTDOWN
+	}
 	if ec.errno == 0 {
 		t.Win32ExitCode = windows.NO_ERROR
 		t.ServiceSpecificExitCode = windows.NO_ERROR
@@ -215,18 +175,43 @@ func (s *service) updateStatus(status *Status, ec *exitCode) error {
 	return windows.SetServiceStatus(s.h, &t)
 }
 
-const (
-	sysErrSetServiceStatusFailed = uint32(syscall.APPLICATION_ERROR) + iota
-	sysErrNewThreadInCallback
+var (
+	initCallbacks       sync.Once
+	ctlHandlerCallback  uintptr
+	serviceMainCallback uintptr
 )
 
-func (s *service) run() {
-	s.goWaits.Wait()
-	s.h = windows.Handle(ssHandle)
-	argv := (*[100]*int16)(unsafe.Pointer(sArgv))[:sArgc]
-	args := make([]string, len(argv))
-	for i, a := range argv {
-		args[i] = syscall.UTF16ToString((*[1 << 20]uint16)(unsafe.Pointer(a))[:])
+func ctlHandler(ctl, evtype, evdata, context uintptr) uintptr {
+	s := (*service)(unsafe.Pointer(context))
+	e := ctlEvent{cmd: Cmd(ctl), eventType: uint32(evtype), eventData: evdata, context: 123456} // Set context to 123456 to test issue #25660.
+	s.c <- e
+	return 0
+}
+
+var theService service // This is, unfortunately, a global, which means only one service per process.
+
+// serviceMain is the entry point called by the service manager, registered earlier by
+// the call to StartServiceCtrlDispatcher.
+func serviceMain(argc uint32, argv **uint16) uintptr {
+	handle, err := windows.RegisterServiceCtrlHandlerEx(windows.StringToUTF16Ptr(theService.name), ctlHandlerCallback, uintptr(unsafe.Pointer(&theService)))
+	if sysErr, ok := err.(windows.Errno); ok {
+		return uintptr(sysErr)
+	} else if err != nil {
+		return uintptr(windows.ERROR_UNKNOWN_EXCEPTION)
+	}
+	theService.h = handle
+	defer func() {
+		theService.h = 0
+	}()
+	var args16 []*uint16
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&args16))
+	hdr.Data = unsafe.Pointer(argv)
+	hdr.Len = int(argc)
+	hdr.Cap = int(argc)
+
+	args := make([]string, len(args16))
+	for i, a := range args16 {
+		args[i] = windows.UTF16PtrToString(a)
 	}
 
 	cmdsToHandler := make(chan ChangeRequest)
@@ -234,17 +219,16 @@ func (s *service) run() {
 	exitFromHandler := make(chan exitCode)
 
 	go func() {
-		ss, errno := s.handler.Execute(args, cmdsToHandler, changesFromHandler)
+		ss, errno := theService.handler.Execute(args, cmdsToHandler, changesFromHandler)
 		exitFromHandler <- exitCode{ss, errno}
 	}()
 
-	status := Status{State: Stopped}
 	ec := exitCode{isSvcSpecific: true, errno: 0}
+	outcr := ChangeRequest{
+		CurrentStatus: Status{State: Stopped},
+	}
 	var outch chan ChangeRequest
-	inch := s.c
-	var cmd Cmd
-	var evtype uint32
-	var evdata uintptr
+	inch := theService.c
 loop:
 	for {
 		select {
@@ -255,109 +239,52 @@ loop:
 			}
 			inch = nil
 			outch = cmdsToHandler
-			cmd = r.cmd
-			evtype = r.eventType
-			evdata = r.eventData
-		case outch <- ChangeRequest{cmd, evtype, evdata, status}:
-			inch = s.c
+			outcr.Cmd = r.cmd
+			outcr.EventType = r.eventType
+			outcr.EventData = r.eventData
+			outcr.Context = r.context
+		case outch <- outcr:
+			inch = theService.c
 			outch = nil
 		case c := <-changesFromHandler:
-			err := s.updateStatus(&c, &ec)
+			err := theService.updateStatus(&c, &ec)
 			if err != nil {
-				// best suitable error number
-				ec.errno = sysErrSetServiceStatusFailed
-				if err2, ok := err.(syscall.Errno); ok {
+				ec.errno = uint32(windows.ERROR_EXCEPTION_IN_SERVICE)
+				if err2, ok := err.(windows.Errno); ok {
 					ec.errno = uint32(err2)
 				}
 				break loop
 			}
-			status = c
+			outcr.CurrentStatus = c
 		case ec = <-exitFromHandler:
 			break loop
 		}
 	}
 
-	s.updateStatus(&Status{State: Stopped}, &ec)
-	s.cWaits.Set()
-}
+	theService.updateStatus(&Status{State: Stopped}, &ec)
 
-func newCallback(fn interface{}) (cb uintptr, err error) {
-	defer func() {
-		r := recover()
-		if r == nil {
-			return
-		}
-		cb = 0
-		switch v := r.(type) {
-		case string:
-			err = errors.New(v)
-		case error:
-			err = v
-		default:
-			err = errors.New("unexpected panic in syscall.NewCallback")
-		}
-	}()
-	return syscall.NewCallback(fn), nil
+	return windows.NO_ERROR
 }
 
-// BUG(brainman): There is no mechanism to run multiple services
-// inside one single executable. Perhaps, it can be overcome by
-// using RegisterServiceCtrlHandlerEx Windows api.
-
 // Run executes service name by calling appropriate handler function.
 func Run(name string, handler Handler) error {
-	runtime.LockOSThread()
-
-	tid := windows.GetCurrentThreadId()
-
-	s, err := newService(name, handler)
-	if err != nil {
-		return err
-	}
-
-	ctlHandler := func(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr {
-		e := ctlEvent{cmd: Cmd(ctl), eventType: evtype, eventData: evdata}
-		// We assume that this callback function is running on
-		// the same thread as Run. Nowhere in MS documentation
-		// I could find statement to guarantee that. So putting
-		// check here to verify, otherwise things will go bad
-		// quickly, if ignored.
-		i := windows.GetCurrentThreadId()
-		if i != tid {
-			e.errno = sysErrNewThreadInCallback
-		}
-		s.c <- e
-		// Always return NO_ERROR (0) for now.
-		return 0
-	}
-
-	var svcmain uintptr
-	getServiceMain(&svcmain)
+	initCallbacks.Do(func() {
+		ctlHandlerCallback = windows.NewCallback(ctlHandler)
+		serviceMainCallback = windows.NewCallback(serviceMain)
+	})
+	theService.name = name
+	theService.handler = handler
+	theService.c = make(chan ctlEvent)
 	t := []windows.SERVICE_TABLE_ENTRY{
-		{ServiceName: syscall.StringToUTF16Ptr(s.name), ServiceProc: svcmain},
+		{ServiceName: windows.StringToUTF16Ptr(theService.name), ServiceProc: serviceMainCallback},
 		{ServiceName: nil, ServiceProc: 0},
 	}
-
-	goWaitsH = uintptr(s.goWaits.h)
-	cWaitsH = uintptr(s.cWaits.h)
-	sName = t[0].ServiceName
-	ctlHandlerExProc, err = newCallback(ctlHandler)
-	if err != nil {
-		return err
-	}
-
-	go s.run()
-
-	err = windows.StartServiceCtrlDispatcher(&t[0])
-	if err != nil {
-		return err
-	}
-	return nil
+	return windows.StartServiceCtrlDispatcher(&t[0])
 }
 
 // StatusHandle returns service status handle. It is safe to call this function
 // from inside the Handler.Execute because then it is guaranteed to be set.
 // This code will have to change once multiple services are possible per process.
 func StatusHandle() windows.Handle {
-	return windows.Handle(ssHandle)
+	return theService.h
 }
diff --git a/vendor/golang.org/x/sys/windows/svc/sys_386.s b/vendor/golang.org/x/sys/windows/svc/sys_386.s
deleted file mode 100644
index 2c82a9d91d7f2..0000000000000
--- a/vendor/golang.org/x/sys/windows/svc/sys_386.s
+++ /dev/null
@@ -1,68 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-// func servicemain(argc uint32, argv **uint16)
-TEXT ·servicemain(SB),7,$0
-	MOVL	argc+0(FP), AX
-	MOVL	AX, ·sArgc(SB)
-	MOVL	argv+4(FP), AX
-	MOVL	AX, ·sArgv(SB)
-
-	PUSHL	BP
-	PUSHL	BX
-	PUSHL	SI
-	PUSHL	DI
-
-	SUBL	$12, SP
-
-	MOVL	·sName(SB), AX
-	MOVL	AX, (SP)
-	MOVL	$·servicectlhandler(SB), AX
-	MOVL	AX, 4(SP)
-	MOVL	$0, 8(SP)
-	MOVL	·cRegisterServiceCtrlHandlerExW(SB), AX
-	MOVL	SP, BP
-	CALL	AX
-	MOVL	BP, SP
-	CMPL	AX, $0
-	JE	exit
-	MOVL	AX, ·ssHandle(SB)
-
-	MOVL	·goWaitsH(SB), AX
-	MOVL	AX, (SP)
-	MOVL	·cSetEvent(SB), AX
-	MOVL	SP, BP
-	CALL	AX
-	MOVL	BP, SP
-
-	MOVL	·cWaitsH(SB), AX
-	MOVL	AX, (SP)
-	MOVL	$-1, AX
-	MOVL	AX, 4(SP)
-	MOVL	·cWaitForSingleObject(SB), AX
-	MOVL	SP, BP
-	CALL	AX
-	MOVL	BP, SP
-
-exit:
-	ADDL	$12, SP
-
-	POPL	DI
-	POPL	SI
-	POPL	BX
-	POPL	BP
-
-	MOVL	0(SP), CX
-	ADDL	$12, SP
-	JMP	CX
-
-// I do not know why, but this seems to be the only way to call
-// ctlHandlerProc on Windows 7.
-
-// func servicectlhandler(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr {
-TEXT ·servicectlhandler(SB),7,$0
-	MOVL	·ctlHandlerExProc(SB), CX
-	JMP	CX
diff --git a/vendor/golang.org/x/sys/windows/svc/sys_amd64.s b/vendor/golang.org/x/sys/windows/svc/sys_amd64.s
deleted file mode 100644
index bde25e9c48580..0000000000000
--- a/vendor/golang.org/x/sys/windows/svc/sys_amd64.s
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-// func servicemain(argc uint32, argv **uint16)
-TEXT ·servicemain(SB),7,$0
-	MOVL	CX, ·sArgc(SB)
-	MOVQ	DX, ·sArgv(SB)
-
-	SUBQ	$32, SP		// stack for the first 4 syscall params
-
-	MOVQ	·sName(SB), CX
-	MOVQ	$·servicectlhandler(SB), DX
-	// BUG(pastarmovj): Figure out a way to pass in context in R8.
-	MOVQ	·cRegisterServiceCtrlHandlerExW(SB), AX
-	CALL	AX
-	CMPQ	AX, $0
-	JE	exit
-	MOVQ	AX, ·ssHandle(SB)
-
-	MOVQ	·goWaitsH(SB), CX
-	MOVQ	·cSetEvent(SB), AX
-	CALL	AX
-
-	MOVQ	·cWaitsH(SB), CX
-	MOVQ	$4294967295, DX
-	MOVQ	·cWaitForSingleObject(SB), AX
-	CALL	AX
-
-exit:
-	ADDQ	$32, SP
-	RET
-
-// I do not know why, but this seems to be the only way to call
-// ctlHandlerProc on Windows 7.
-
-// func ·servicectlhandler(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr {
-TEXT ·servicectlhandler(SB),7,$0
-	MOVQ	·ctlHandlerExProc(SB), AX
-	JMP	AX
diff --git a/vendor/golang.org/x/sys/windows/syscall.go b/vendor/golang.org/x/sys/windows/syscall.go
index af828a91bcf3f..72074d582f10c 100644
--- a/vendor/golang.org/x/sys/windows/syscall.go
+++ b/vendor/golang.org/x/sys/windows/syscall.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build windows
 // +build windows
 
 // Package windows contains an interface to the low-level operating system
@@ -25,17 +26,20 @@
 package windows // import "golang.org/x/sys/windows"
 
 import (
+	"bytes"
+	"strings"
 	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
 )
 
 // ByteSliceFromString returns a NUL-terminated slice of bytes
 // containing the text of s. If s contains a NUL byte at any
 // location, it returns (nil, syscall.EINVAL).
 func ByteSliceFromString(s string) ([]byte, error) {
-	for i := 0; i < len(s); i++ {
-		if s[i] == 0 {
-			return nil, syscall.EINVAL
-		}
+	if strings.IndexByte(s, 0) != -1 {
+		return nil, syscall.EINVAL
 	}
 	a := make([]byte, len(s)+1)
 	copy(a, s)
@@ -53,6 +57,41 @@ func BytePtrFromString(s string) (*byte, error) {
 	return &a[0], nil
 }
 
+// ByteSliceToString returns a string form of the text represented by the slice s, with a terminating NUL and any
+// bytes after the NUL removed.
+func ByteSliceToString(s []byte) string {
+	if i := bytes.IndexByte(s, 0); i != -1 {
+		s = s[:i]
+	}
+	return string(s)
+}
+
+// BytePtrToString takes a pointer to a sequence of text and returns the corresponding string.
+// If the pointer is nil, it returns the empty string. It assumes that the text sequence is terminated
+// at a zero byte; if the zero byte is not present, the program may crash.
+func BytePtrToString(p *byte) string {
+	if p == nil {
+		return ""
+	}
+	if *p == 0 {
+		return ""
+	}
+
+	// Find NUL terminator.
+	n := 0
+	for ptr := unsafe.Pointer(p); *(*byte)(ptr) != 0; n++ {
+		ptr = unsafe.Pointer(uintptr(ptr) + 1)
+	}
+
+	var s []byte
+	h := (*unsafeheader.Slice)(unsafe.Pointer(&s))
+	h.Data = unsafe.Pointer(p)
+	h.Len = n
+	h.Cap = n
+
+	return string(s)
+}
+
 // Single-word zero for use when we need a valid pointer to 0 bytes.
 // See mksyscall.pl.
 var _zero uintptr
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 1e9f4bb4a3762..53ee74e08b587 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -8,16 +8,23 @@ package windows
 
 import (
 	errorspkg "errors"
+	"fmt"
+	"runtime"
 	"sync"
 	"syscall"
+	"time"
 	"unicode/utf16"
 	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
 )
 
 type Handle uintptr
+type HWND uintptr
 
 const (
 	InvalidHandle = ^Handle(0)
+	InvalidHWND   = ^HWND(0)
 
 	// Flags for DefineDosDevice.
 	DDD_EXACT_MATCH_ON_REMOVE = 0x00000004
@@ -55,6 +62,13 @@ const (
 	FILE_UNICODE_ON_DISK              = 0x00000004
 	FILE_VOLUME_IS_COMPRESSED         = 0x00008000
 	FILE_VOLUME_QUOTAS                = 0x00000020
+
+	// Flags for LockFileEx.
+	LOCKFILE_FAIL_IMMEDIATELY = 0x00000001
+	LOCKFILE_EXCLUSIVE_LOCK   = 0x00000002
+
+	// Return value of SleepEx and other APC functions
+	WAIT_IO_COMPLETION = 0x000000C0
 )
 
 // StringToUTF16 is deprecated. Use UTF16FromString instead.
@@ -81,11 +95,11 @@ func UTF16FromString(s string) ([]uint16, error) {
 }
 
 // UTF16ToString returns the UTF-8 encoding of the UTF-16 sequence s,
-// with a terminating NUL removed.
+// with a terminating NUL and any bytes after the NUL removed.
 func UTF16ToString(s []uint16) string {
 	for i, v := range s {
 		if v == 0 {
-			s = s[0:i]
+			s = s[:i]
 			break
 		}
 	}
@@ -108,16 +122,44 @@ func UTF16PtrFromString(s string) (*uint16, error) {
 	return &a[0], nil
 }
 
+// UTF16PtrToString takes a pointer to a UTF-16 sequence and returns the corresponding UTF-8 encoded string.
+// If the pointer is nil, it returns the empty string. It assumes that the UTF-16 sequence is terminated
+// at a zero word; if the zero word is not present, the program may crash.
+func UTF16PtrToString(p *uint16) string {
+	if p == nil {
+		return ""
+	}
+	if *p == 0 {
+		return ""
+	}
+
+	// Find NUL terminator.
+	n := 0
+	for ptr := unsafe.Pointer(p); *(*uint16)(ptr) != 0; n++ {
+		ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p))
+	}
+
+	var s []uint16
+	h := (*unsafeheader.Slice)(unsafe.Pointer(&s))
+	h.Data = unsafe.Pointer(p)
+	h.Len = n
+	h.Cap = n
+
+	return string(utf16.Decode(s))
+}
+
 func Getpagesize() int { return 4096 }
 
 // NewCallback converts a Go function to a function pointer conforming to the stdcall calling convention.
 // This is useful when interoperating with Windows code requiring callbacks.
+// The argument is expected to be a function with with one uintptr-sized result. The function must not have arguments with size larger than the size of uintptr.
 func NewCallback(fn interface{}) uintptr {
 	return syscall.NewCallback(fn)
 }
 
 // NewCallbackCDecl converts a Go function to a function pointer conforming to the cdecl calling convention.
 // This is useful when interoperating with Windows code requiring callbacks.
+// The argument is expected to be a function with with one uintptr-sized result. The function must not have arguments with size larger than the size of uintptr.
 func NewCallbackCDecl(fn interface{}) uintptr {
 	return syscall.NewCallbackCDecl(fn)
 }
@@ -129,12 +171,24 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, err error) = LoadLibraryExW
 //sys	FreeLibrary(handle Handle) (err error)
 //sys	GetProcAddress(module Handle, procname string) (proc uintptr, err error)
+//sys	GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) = kernel32.GetModuleFileNameW
+//sys	GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) = kernel32.GetModuleHandleExW
+//sys	SetDefaultDllDirectories(directoryFlags uint32) (err error)
+//sys	SetDllDirectory(path string) (err error) = kernel32.SetDllDirectoryW
 //sys	GetVersion() (ver uint32, err error)
 //sys	FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW
 //sys	ExitProcess(exitcode uint32)
-//sys	CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile int32) (handle Handle, err error) [failretval==InvalidHandle] = CreateFileW
+//sys	IsWow64Process(handle Handle, isWow64 *bool) (err error) = IsWow64Process
+//sys	IsWow64Process2(handle Handle, processMachine *uint16, nativeMachine *uint16) (err error) = IsWow64Process2?
+//sys	CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) [failretval==InvalidHandle] = CreateFileW
+//sys	CreateNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *SecurityAttributes) (handle Handle, err error)  [failretval==InvalidHandle] = CreateNamedPipeW
+//sys	ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error)
+//sys	GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error)
+//sys	GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
+//sys	SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32) (err error) = SetNamedPipeHandleState
 //sys	ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error)
 //sys	WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error)
+//sys	GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error)
 //sys	SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) [failretval==0xffffffff]
 //sys	CloseHandle(handle Handle) (err error)
 //sys	GetStdHandle(stdhandle uint32) (handle Handle, err error) [failretval==InvalidHandle]
@@ -143,6 +197,8 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	findNextFile1(handle Handle, data *win32finddata1) (err error) = FindNextFileW
 //sys	FindClose(handle Handle) (err error)
 //sys	GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (err error)
+//sys	GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, outBufferLen uint32) (err error)
+//sys	SetFileInformationByHandle(handle Handle, class uint32, inBuffer *byte, inBufferLen uint32) (err error)
 //sys	GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) = GetCurrentDirectoryW
 //sys	SetCurrentDirectory(path *uint16) (err error) = SetCurrentDirectoryW
 //sys	CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) = CreateDirectoryW
@@ -150,26 +206,38 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	DeleteFile(path *uint16) (err error) = DeleteFileW
 //sys	MoveFile(from *uint16, to *uint16) (err error) = MoveFileW
 //sys	MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) = MoveFileExW
+//sys	LockFileEx(file Handle, flags uint32, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error)
+//sys	UnlockFileEx(file Handle, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error)
 //sys	GetComputerName(buf *uint16, n *uint32) (err error) = GetComputerNameW
 //sys	GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) = GetComputerNameExW
 //sys	SetEndOfFile(handle Handle) (err error)
 //sys	GetSystemTimeAsFileTime(time *Filetime)
 //sys	GetSystemTimePreciseAsFileTime(time *Filetime)
 //sys	GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) [failretval==0xffffffff]
-//sys	CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uint32, threadcnt uint32) (handle Handle, err error)
-//sys	GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uint32, overlapped **Overlapped, timeout uint32) (err error)
-//sys	PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uint32, overlapped *Overlapped) (err error)
+//sys	CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uintptr, threadcnt uint32) (handle Handle, err error)
+//sys	GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uintptr, overlapped **Overlapped, timeout uint32) (err error)
+//sys	PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uintptr, overlapped *Overlapped) (err error)
 //sys	CancelIo(s Handle) (err error)
 //sys	CancelIoEx(s Handle, o *Overlapped) (err error)
 //sys	CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) = CreateProcessW
-//sys	OpenProcess(da uint32, inheritHandle bool, pid uint32) (handle Handle, err error)
+//sys	CreateProcessAsUser(token Token, appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) = advapi32.CreateProcessAsUserW
+//sys   initializeProcThreadAttributeList(attrlist *ProcThreadAttributeList, attrcount uint32, flags uint32, size *uintptr) (err error) = InitializeProcThreadAttributeList
+//sys   deleteProcThreadAttributeList(attrlist *ProcThreadAttributeList) = DeleteProcThreadAttributeList
+//sys   updateProcThreadAttribute(attrlist *ProcThreadAttributeList, flags uint32, attr uintptr, value unsafe.Pointer, size uintptr, prevvalue unsafe.Pointer, returnedsize *uintptr) (err error) = UpdateProcThreadAttribute
+//sys	OpenProcess(desiredAccess uint32, inheritHandle bool, processId uint32) (handle Handle, err error)
+//sys	ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int32) (err error) [failretval<=32] = shell32.ShellExecuteW
+//sys	GetWindowThreadProcessId(hwnd HWND, pid *uint32) (tid uint32, err error) = user32.GetWindowThreadProcessId
+//sys	GetShellWindow() (shellWindow HWND) = user32.GetShellWindow
+//sys	MessageBox(hwnd HWND, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) [failretval==0] = user32.MessageBoxW
+//sys	ExitWindowsEx(flags uint32, reason uint32) (err error) = user32.ExitWindowsEx
+//sys	shGetKnownFolderPath(id *KNOWNFOLDERID, flags uint32, token Token, path **uint16) (ret error) = shell32.SHGetKnownFolderPath
 //sys	TerminateProcess(handle Handle, exitcode uint32) (err error)
 //sys	GetExitCodeProcess(handle Handle, exitcode *uint32) (err error)
 //sys	GetStartupInfo(startupInfo *StartupInfo) (err error) = GetStartupInfoW
-//sys	GetCurrentProcess() (pseudoHandle Handle, err error)
 //sys	GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, kernelTime *Filetime, userTime *Filetime) (err error)
 //sys	DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error)
 //sys	WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, err error) [failretval==0xffffffff]
+//sys	waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMilliseconds uint32) (event uint32, err error) [failretval==0xffffffff] = WaitForMultipleObjects
 //sys	GetTempPath(buflen uint32, buf *uint16) (n uint32, err error) = GetTempPathW
 //sys	CreatePipe(readhandle *Handle, writehandle *Handle, sa *SecurityAttributes, size uint32) (err error)
 //sys	GetFileType(filehandle Handle) (n uint32, err error)
@@ -180,6 +248,9 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	FreeEnvironmentStrings(envs *uint16) (err error) = kernel32.FreeEnvironmentStringsW
 //sys	GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32, err error) = kernel32.GetEnvironmentVariableW
 //sys	SetEnvironmentVariable(name *uint16, value *uint16) (err error) = kernel32.SetEnvironmentVariableW
+//sys	CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
+//sys	DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
+//sys	getTickCount64() (ms uint64) = kernel32.GetTickCount64
 //sys	SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
 //sys	SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
@@ -187,12 +258,14 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	GetCommandLine() (cmd *uint16) = kernel32.GetCommandLineW
 //sys	CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) [failretval==nil] = shell32.CommandLineToArgvW
 //sys	LocalFree(hmem Handle) (handle Handle, err error) [failretval!=0]
+//sys	LocalAlloc(flags uint32, length uint32) (ptr uintptr, err error)
 //sys	SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error)
 //sys	FlushFileBuffers(handle Handle) (err error)
 //sys	GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (n uint32, err error) = kernel32.GetFullPathNameW
 //sys	GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err error) = kernel32.GetLongPathNameW
 //sys	GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uint32, err error) = kernel32.GetShortPathNameW
-//sys	CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) = kernel32.CreateFileMappingW
+//sys	GetFinalPathNameByHandle(file Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) = kernel32.GetFinalPathNameByHandleW
+//sys	CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) [failretval == 0 || e1 == ERROR_ALREADY_EXISTS] = kernel32.CreateFileMappingW
 //sys	MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow uint32, length uintptr) (addr uintptr, err error)
 //sys	UnmapViewOfFile(addr uintptr) (err error)
 //sys	FlushViewOfFile(addr uintptr, length uintptr) (err error)
@@ -201,43 +274,92 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	VirtualAlloc(address uintptr, size uintptr, alloctype uint32, protect uint32) (value uintptr, err error) = kernel32.VirtualAlloc
 //sys	VirtualFree(address uintptr, size uintptr, freetype uint32) (err error) = kernel32.VirtualFree
 //sys	VirtualProtect(address uintptr, size uintptr, newprotect uint32, oldprotect *uint32) (err error) = kernel32.VirtualProtect
+//sys	VirtualProtectEx(process Handle, address uintptr, size uintptr, newProtect uint32, oldProtect *uint32) (err error) = kernel32.VirtualProtectEx
+//sys	VirtualQuery(address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) = kernel32.VirtualQuery
+//sys	VirtualQueryEx(process Handle, address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) = kernel32.VirtualQueryEx
+//sys	ReadProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesRead *uintptr) (err error) = kernel32.ReadProcessMemory
+//sys	WriteProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesWritten *uintptr) (err error) = kernel32.WriteProcessMemory
 //sys	TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) = mswsock.TransmitFile
 //sys	ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) = kernel32.ReadDirectoryChangesW
+//sys	FindFirstChangeNotification(path string, watchSubtree bool, notifyFilter uint32) (handle Handle, err error) [failretval==InvalidHandle] = kernel32.FindFirstChangeNotificationW
+//sys	FindNextChangeNotification(handle Handle) (err error)
+//sys	FindCloseChangeNotification(handle Handle) (err error)
 //sys	CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) = crypt32.CertOpenSystemStoreW
-//sys   CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) [failretval==InvalidHandle] = crypt32.CertOpenStore
+//sys	CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) = crypt32.CertOpenStore
 //sys	CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) [failretval==nil] = crypt32.CertEnumCertificatesInStore
-//sys   CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore
+//sys	CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore
 //sys	CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore
-//sys   CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) = crypt32.CertGetCertificateChain
-//sys   CertFreeCertificateChain(ctx *CertChainContext) = crypt32.CertFreeCertificateChain
-//sys   CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) [failretval==nil] = crypt32.CertCreateCertificateContext
-//sys   CertFreeCertificateContext(ctx *CertContext) (err error) = crypt32.CertFreeCertificateContext
-//sys   CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) = crypt32.CertVerifyCertificateChainPolicy
+//sys	CertDeleteCertificateFromStore(certContext *CertContext) (err error) = crypt32.CertDeleteCertificateFromStore
+//sys	CertDuplicateCertificateContext(certContext *CertContext) (dupContext *CertContext) = crypt32.CertDuplicateCertificateContext
+//sys	PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) = crypt32.PFXImportCertStore
+//sys	CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) = crypt32.CertGetCertificateChain
+//sys	CertFreeCertificateChain(ctx *CertChainContext) = crypt32.CertFreeCertificateChain
+//sys	CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) [failretval==nil] = crypt32.CertCreateCertificateContext
+//sys	CertFreeCertificateContext(ctx *CertContext) (err error) = crypt32.CertFreeCertificateContext
+//sys	CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) = crypt32.CertVerifyCertificateChainPolicy
+//sys	CertGetNameString(certContext *CertContext, nameType uint32, flags uint32, typePara unsafe.Pointer, name *uint16, size uint32) (chars uint32) = crypt32.CertGetNameStringW
+//sys	CertFindExtension(objId *byte, countExtensions uint32, extensions *CertExtension) (ret *CertExtension) = crypt32.CertFindExtension
+//sys   CertFindCertificateInStore(store Handle, certEncodingType uint32, findFlags uint32, findType uint32, findPara unsafe.Pointer, prevCertContext *CertContext) (cert *CertContext, err error) [failretval==nil] = crypt32.CertFindCertificateInStore
+//sys   CertFindChainInStore(store Handle, certEncodingType uint32, findFlags uint32, findType uint32, findPara unsafe.Pointer, prevChainContext *CertChainContext) (certchain *CertChainContext, err error) [failretval==nil] = crypt32.CertFindChainInStore
+//sys   CryptAcquireCertificatePrivateKey(cert *CertContext, flags uint32, parameters unsafe.Pointer, cryptProvOrNCryptKey *Handle, keySpec *uint32, callerFreeProvOrNCryptKey *bool) (err error) = crypt32.CryptAcquireCertificatePrivateKey
+//sys	CryptQueryObject(objectType uint32, object unsafe.Pointer, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *Handle, msg *Handle, context *unsafe.Pointer) (err error) = crypt32.CryptQueryObject
+//sys	CryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) = crypt32.CryptDecodeObject
+//sys	CryptProtectData(dataIn *DataBlob, name *uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) = crypt32.CryptProtectData
+//sys	CryptUnprotectData(dataIn *DataBlob, name **uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) = crypt32.CryptUnprotectData
+//sys	WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) = wintrust.WinVerifyTrustEx
 //sys	RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) = advapi32.RegOpenKeyExW
 //sys	RegCloseKey(key Handle) (regerrno error) = advapi32.RegCloseKey
 //sys	RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) = advapi32.RegQueryInfoKeyW
 //sys	RegEnumKeyEx(key Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, class *uint16, classLen *uint32, lastWriteTime *Filetime) (regerrno error) = advapi32.RegEnumKeyExW
 //sys	RegQueryValueEx(key Handle, name *uint16, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) = advapi32.RegQueryValueExW
-//sys	getCurrentProcessId() (pid uint32) = kernel32.GetCurrentProcessId
+//sys	RegNotifyChangeKeyValue(key Handle, watchSubtree bool, notifyFilter uint32, event Handle, asynchronous bool) (regerrno error) = advapi32.RegNotifyChangeKeyValue
+//sys	GetCurrentProcessId() (pid uint32) = kernel32.GetCurrentProcessId
+//sys	ProcessIdToSessionId(pid uint32, sessionid *uint32) (err error) = kernel32.ProcessIdToSessionId
 //sys	GetConsoleMode(console Handle, mode *uint32) (err error) = kernel32.GetConsoleMode
 //sys	SetConsoleMode(console Handle, mode uint32) (err error) = kernel32.SetConsoleMode
 //sys	GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) = kernel32.GetConsoleScreenBufferInfo
+//sys	setConsoleCursorPosition(console Handle, position uint32) (err error) = kernel32.SetConsoleCursorPosition
 //sys	WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) = kernel32.WriteConsoleW
 //sys	ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) = kernel32.ReadConsoleW
 //sys	CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) [failretval==InvalidHandle] = kernel32.CreateToolhelp32Snapshot
 //sys	Process32First(snapshot Handle, procEntry *ProcessEntry32) (err error) = kernel32.Process32FirstW
 //sys	Process32Next(snapshot Handle, procEntry *ProcessEntry32) (err error) = kernel32.Process32NextW
+//sys	Thread32First(snapshot Handle, threadEntry *ThreadEntry32) (err error)
+//sys	Thread32Next(snapshot Handle, threadEntry *ThreadEntry32) (err error)
 //sys	DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, outBufferSize uint32, bytesReturned *uint32, overlapped *Overlapped) (err error)
 // This function returns 1 byte BOOLEAN rather than the 4 byte BOOL.
 //sys	CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags uint32) (err error) [failretval&0xff==0] = CreateSymbolicLinkW
 //sys	CreateHardLink(filename *uint16, existingfilename *uint16, reserved uintptr) (err error) [failretval&0xff==0] = CreateHardLinkW
 //sys	GetCurrentThreadId() (id uint32)
-//sys	CreateEvent(eventAttrs *SecurityAttributes, manualReset uint32, initialState uint32, name *uint16) (handle Handle, err error) = kernel32.CreateEventW
-//sys	CreateEventEx(eventAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) = kernel32.CreateEventExW
+//sys	CreateEvent(eventAttrs *SecurityAttributes, manualReset uint32, initialState uint32, name *uint16) (handle Handle, err error) [failretval == 0 || e1 == ERROR_ALREADY_EXISTS] = kernel32.CreateEventW
+//sys	CreateEventEx(eventAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) [failretval == 0 || e1 == ERROR_ALREADY_EXISTS] = kernel32.CreateEventExW
 //sys	OpenEvent(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) = kernel32.OpenEventW
 //sys	SetEvent(event Handle) (err error) = kernel32.SetEvent
 //sys	ResetEvent(event Handle) (err error) = kernel32.ResetEvent
 //sys	PulseEvent(event Handle) (err error) = kernel32.PulseEvent
+//sys	CreateMutex(mutexAttrs *SecurityAttributes, initialOwner bool, name *uint16) (handle Handle, err error) [failretval == 0 || e1 == ERROR_ALREADY_EXISTS] = kernel32.CreateMutexW
+//sys	CreateMutexEx(mutexAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) [failretval == 0 || e1 == ERROR_ALREADY_EXISTS] = kernel32.CreateMutexExW
+//sys	OpenMutex(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) = kernel32.OpenMutexW
+//sys	ReleaseMutex(mutex Handle) (err error) = kernel32.ReleaseMutex
+//sys	SleepEx(milliseconds uint32, alertable bool) (ret uint32) = kernel32.SleepEx
+//sys	CreateJobObject(jobAttr *SecurityAttributes, name *uint16) (handle Handle, err error) = kernel32.CreateJobObjectW
+//sys	AssignProcessToJobObject(job Handle, process Handle) (err error) = kernel32.AssignProcessToJobObject
+//sys	TerminateJobObject(job Handle, exitCode uint32) (err error) = kernel32.TerminateJobObject
+//sys	SetErrorMode(mode uint32) (ret uint32) = kernel32.SetErrorMode
+//sys	ResumeThread(thread Handle) (ret uint32, err error) [failretval==0xffffffff] = kernel32.ResumeThread
+//sys	SetPriorityClass(process Handle, priorityClass uint32) (err error) = kernel32.SetPriorityClass
+//sys	GetPriorityClass(process Handle) (ret uint32, err error) = kernel32.GetPriorityClass
+//sys	QueryInformationJobObject(job Handle, JobObjectInformationClass int32, JobObjectInformation uintptr, JobObjectInformationLength uint32, retlen *uint32) (err error) = kernel32.QueryInformationJobObject
+//sys	SetInformationJobObject(job Handle, JobObjectInformationClass uint32, JobObjectInformation uintptr, JobObjectInformationLength uint32) (ret int, err error)
+//sys	GenerateConsoleCtrlEvent(ctrlEvent uint32, processGroupID uint32) (err error)
+//sys	GetProcessId(process Handle) (id uint32, err error)
+//sys	QueryFullProcessImageName(proc Handle, flags uint32, exeName *uint16, size *uint32) (err error) = kernel32.QueryFullProcessImageNameW
+//sys	OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (handle Handle, err error)
+//sys	SetProcessPriorityBoost(process Handle, disable bool) (err error) = kernel32.SetProcessPriorityBoost
+//sys	GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32)
+//sys	SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error)
+//sys	GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error)
+//sys	SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error)
 
 // Volume Management Functions
 //sys	DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW
@@ -248,6 +370,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uint16, bufferLength uint32) (err error) = FindNextVolumeMountPointW
 //sys	FindVolumeClose(findVolume Handle) (err error)
 //sys	FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error)
+//sys	GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint64, totalNumberOfBytes *uint64, totalNumberOfFreeBytes *uint64) (err error) = GetDiskFreeSpaceExW
 //sys	GetDriveType(rootPathName *uint16) (driveType uint32) = GetDriveTypeW
 //sys	GetLogicalDrives() (drivesBitMask uint32, err error) [failretval==0]
 //sys	GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err error) [failretval==0] = GetLogicalDriveStringsW
@@ -259,20 +382,95 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) [failretval==0] = QueryDosDeviceW
 //sys	SetVolumeLabel(rootPathName *uint16, volumeName *uint16) (err error) = SetVolumeLabelW
 //sys	SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err error) = SetVolumeMountPointW
+//sys	InitiateSystemShutdownEx(machineName *uint16, message *uint16, timeout uint32, forceAppsClosed bool, rebootAfterShutdown bool, reason uint32) (err error) = advapi32.InitiateSystemShutdownExW
+//sys	SetProcessShutdownParameters(level uint32, flags uint32) (err error) = kernel32.SetProcessShutdownParameters
+//sys	GetProcessShutdownParameters(level *uint32, flags *uint32) (err error) = kernel32.GetProcessShutdownParameters
+//sys	clsidFromString(lpsz *uint16, pclsid *GUID) (ret error) = ole32.CLSIDFromString
+//sys	stringFromGUID2(rguid *GUID, lpsz *uint16, cchMax int32) (chars int32) = ole32.StringFromGUID2
+//sys	coCreateGuid(pguid *GUID) (ret error) = ole32.CoCreateGuid
+//sys	CoTaskMemFree(address unsafe.Pointer) = ole32.CoTaskMemFree
+//sys	CoInitializeEx(reserved uintptr, coInit uint32) (ret error) = ole32.CoInitializeEx
+//sys	CoUninitialize() = ole32.CoUninitialize
+//sys	CoGetObject(name *uint16, bindOpts *BIND_OPTS3, guid *GUID, functionTable **uintptr) (ret error) = ole32.CoGetObject
+//sys	getProcessPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetProcessPreferredUILanguages
+//sys	getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetThreadPreferredUILanguages
+//sys	getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetUserPreferredUILanguages
+//sys	getSystemPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetSystemPreferredUILanguages
+//sys	findResource(module Handle, name uintptr, resType uintptr) (resInfo Handle, err error) = kernel32.FindResourceW
+//sys	SizeofResource(module Handle, resInfo Handle) (size uint32, err error) = kernel32.SizeofResource
+//sys	LoadResource(module Handle, resInfo Handle) (resData Handle, err error) = kernel32.LoadResource
+//sys	LockResource(resData Handle) (addr uintptr, err error) = kernel32.LockResource
+
+// Version APIs
+//sys	GetFileVersionInfoSize(filename string, zeroHandle *Handle) (bufSize uint32, err error) = version.GetFileVersionInfoSizeW
+//sys	GetFileVersionInfo(filename string, handle uint32, bufSize uint32, buffer unsafe.Pointer) (err error) = version.GetFileVersionInfoW
+//sys	VerQueryValue(block unsafe.Pointer, subBlock string, pointerToBufferPointer unsafe.Pointer, bufSize *uint32) (err error) = version.VerQueryValueW
+
+// Process Status API (PSAPI)
+//sys	EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses
+//sys	EnumProcessModules(process Handle, module *Handle, cb uint32, cbNeeded *uint32) (err error) = psapi.EnumProcessModules
+//sys	EnumProcessModulesEx(process Handle, module *Handle, cb uint32, cbNeeded *uint32, filterFlag uint32) (err error) = psapi.EnumProcessModulesEx
+//sys	GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb uint32) (err error) = psapi.GetModuleInformation
+//sys	GetModuleFileNameEx(process Handle, module Handle, filename *uint16, size uint32) (err error) = psapi.GetModuleFileNameExW
+//sys	GetModuleBaseName(process Handle, module Handle, baseName *uint16, size uint32) (err error) = psapi.GetModuleBaseNameW
+
+// NT Native APIs
+//sys	rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) = ntdll.RtlNtStatusToDosErrorNoTeb
+//sys	rtlGetVersion(info *OsVersionInfoEx) (ntstatus error) = ntdll.RtlGetVersion
+//sys	rtlGetNtVersionNumbers(majorVersion *uint32, minorVersion *uint32, buildNumber *uint32) = ntdll.RtlGetNtVersionNumbers
+//sys	RtlGetCurrentPeb() (peb *PEB) = ntdll.RtlGetCurrentPeb
+//sys	RtlInitUnicodeString(destinationString *NTUnicodeString, sourceString *uint16) = ntdll.RtlInitUnicodeString
+//sys	RtlInitString(destinationString *NTString, sourceString *byte) = ntdll.RtlInitString
+//sys	NtCreateFile(handle *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, allocationSize *int64, attributes uint32, share uint32, disposition uint32, options uint32, eabuffer uintptr, ealength uint32) (ntstatus error) = ntdll.NtCreateFile
+//sys	NtCreateNamedPipeFile(pipe *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (ntstatus error) = ntdll.NtCreateNamedPipeFile
+//sys	NtSetInformationFile(handle Handle, iosb *IO_STATUS_BLOCK, inBuffer *byte, inBufferLen uint32, class uint32) (ntstatus error) = ntdll.NtSetInformationFile
+//sys	RtlDosPathNameToNtPathName(dosName *uint16, ntName *NTUnicodeString, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) = ntdll.RtlDosPathNameToNtPathName_U_WithStatus
+//sys	RtlDosPathNameToRelativeNtPathName(dosName *uint16, ntName *NTUnicodeString, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) = ntdll.RtlDosPathNameToRelativeNtPathName_U_WithStatus
+//sys	RtlDefaultNpAcl(acl **ACL) (ntstatus error) = ntdll.RtlDefaultNpAcl
+//sys	NtQueryInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32, retLen *uint32) (ntstatus error) = ntdll.NtQueryInformationProcess
+//sys	NtSetInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32) (ntstatus error) = ntdll.NtSetInformationProcess
+//sys	NtQuerySystemInformation(sysInfoClass int32, sysInfo unsafe.Pointer, sysInfoLen uint32, retLen *uint32) (ntstatus error) = ntdll.NtQuerySystemInformation
+//sys	NtSetSystemInformation(sysInfoClass int32, sysInfo unsafe.Pointer, sysInfoLen uint32) (ntstatus error) = ntdll.NtSetSystemInformation
+//sys	RtlAddFunctionTable(functionTable *RUNTIME_FUNCTION, entryCount uint32, baseAddress uintptr) (ret bool) = ntdll.RtlAddFunctionTable
+//sys	RtlDeleteFunctionTable(functionTable *RUNTIME_FUNCTION) (ret bool) = ntdll.RtlDeleteFunctionTable
 
 // syscall interface implementation for other packages
 
+// GetCurrentProcess returns the handle for the current process.
+// It is a pseudo handle that does not need to be closed.
+// The returned error is always nil.
+//
+// Deprecated: use CurrentProcess for the same Handle without the nil
+// error.
+func GetCurrentProcess() (Handle, error) {
+	return CurrentProcess(), nil
+}
+
+// CurrentProcess returns the handle for the current process.
+// It is a pseudo handle that does not need to be closed.
+func CurrentProcess() Handle { return Handle(^uintptr(1 - 1)) }
+
+// GetCurrentThread returns the handle for the current thread.
+// It is a pseudo handle that does not need to be closed.
+// The returned error is always nil.
+//
+// Deprecated: use CurrentThread for the same Handle without the nil
+// error.
+func GetCurrentThread() (Handle, error) {
+	return CurrentThread(), nil
+}
+
+// CurrentThread returns the handle for the current thread.
+// It is a pseudo handle that does not need to be closed.
+func CurrentThread() Handle { return Handle(^uintptr(2 - 1)) }
+
 // GetProcAddressByOrdinal retrieves the address of the exported
 // function from module by ordinal.
 func GetProcAddressByOrdinal(module Handle, ordinal uintptr) (proc uintptr, err error) {
 	r0, _, e1 := syscall.Syscall(procGetProcAddress.Addr(), 2, uintptr(module), ordinal, 0)
 	proc = uintptr(r0)
 	if proc == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
@@ -328,7 +526,11 @@ func Open(path string, mode int, perm uint32) (fd Handle, err error) {
 	default:
 		createmode = OPEN_EXISTING
 	}
-	h, e := CreateFile(pathp, access, sharemode, sa, createmode, FILE_ATTRIBUTE_NORMAL, 0)
+	var attrs uint32 = FILE_ATTRIBUTE_NORMAL
+	if perm&S_IWRITE == 0 {
+		attrs = FILE_ATTRIBUTE_READONLY
+	}
+	h, e := CreateFile(pathp, access, sharemode, sa, createmode, attrs, 0)
 	return h, e
 }
 
@@ -473,6 +675,10 @@ func ComputerName() (name string, err error) {
 	return string(utf16.Decode(b[0:n])), nil
 }
 
+func DurationSinceBoot() time.Duration {
+	return time.Duration(getTickCount64()) * time.Millisecond
+}
+
 func Ftruncate(fd Handle, length int64) (err error) {
 	curoffset, e := Seek(fd, 0, 1)
 	if e != nil {
@@ -556,9 +762,6 @@ func Fsync(fd Handle) (err error) {
 }
 
 func Chmod(path string, mode uint32) (err error) {
-	if mode == 0 {
-		return syscall.EINVAL
-	}
 	p, e := UTF16PtrFromString(path)
 	if e != nil {
 		return e
@@ -587,6 +790,18 @@ func LoadSetFileCompletionNotificationModes() error {
 	return procSetFileCompletionNotificationModes.Find()
 }
 
+func WaitForMultipleObjects(handles []Handle, waitAll bool, waitMilliseconds uint32) (event uint32, err error) {
+	// Every other win32 array API takes arguments as "pointer, count", except for this function. So we
+	// can't declare it as a usual [] type, because mksyscall will use the opposite order. We therefore
+	// trivially stub this ourselves.
+
+	var handlePtr *Handle
+	if len(handles) > 0 {
+		handlePtr = &handles[0]
+	}
+	return waitForMultipleObjects(uint32(len(handles)), uintptr(unsafe.Pointer(handlePtr)), waitAll, waitMilliseconds)
+}
+
 // net api calls
 
 const socket_error = uintptr(^uint32(0))
@@ -595,6 +810,8 @@ const socket_error = uintptr(^uint32(0))
 //sys	WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup
 //sys	WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl
 //sys	socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket
+//sys	sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto
+//sys	recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom
 //sys	Setsockopt(s Handle, level int32, optname int32, optval *byte, optlen int32) (err error) [failretval==socket_error] = ws2_32.setsockopt
 //sys	Getsockopt(s Handle, level int32, optname int32, optval *byte, optlen *int32) (err error) [failretval==socket_error] = ws2_32.getsockopt
 //sys	bind(s Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socket_error] = ws2_32.bind
@@ -610,6 +827,7 @@ const socket_error = uintptr(^uint32(0))
 //sys	WSASend(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSASend
 //sys	WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32,  from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSARecvFrom
 //sys	WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32,  overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSASendTo
+//sys	WSASocket(af int32, typ int32, protocol int32, protoInfo *WSAProtocolInfo, group uint32, flags uint32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.WSASocketW
 //sys	GetHostByName(name string) (h *Hostent, err error) [failretval==nil] = ws2_32.gethostbyname
 //sys	GetServByName(name string, proto string) (s *Servent, err error) [failretval==nil] = ws2_32.getservbyname
 //sys	Ntohs(netshort uint16) (u uint16) = ws2_32.ntohs
@@ -623,6 +841,7 @@ const socket_error = uintptr(^uint32(0))
 //sys	GetAdaptersInfo(ai *IpAdapterInfo, ol *uint32) (errcode error) = iphlpapi.GetAdaptersInfo
 //sys	SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error) = kernel32.SetFileCompletionNotificationModes
 //sys	WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) [failretval==-1] = ws2_32.WSAEnumProtocolsW
+//sys	WSAGetOverlappedResult(h Handle, o *Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) = ws2_32.WSAGetOverlappedResult
 //sys	GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) = iphlpapi.GetAdaptersAddresses
 //sys	GetACP() (acp uint32) = kernel32.GetACP
 //sys	MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar
@@ -653,7 +872,7 @@ type RawSockaddr struct {
 
 type RawSockaddrAny struct {
 	Addr RawSockaddr
-	Pad  [96]int8
+	Pad  [100]int8
 }
 
 type Sockaddr interface {
@@ -702,19 +921,69 @@ func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, int32, error) {
 	return unsafe.Pointer(&sa.raw), int32(unsafe.Sizeof(sa.raw)), nil
 }
 
+type RawSockaddrUnix struct {
+	Family uint16
+	Path   [UNIX_PATH_MAX]int8
+}
+
 type SockaddrUnix struct {
 	Name string
+	raw  RawSockaddrUnix
 }
 
 func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
-	// TODO(brainman): implement SockaddrUnix.sockaddr()
-	return nil, 0, syscall.EWINDOWS
+	name := sa.Name
+	n := len(name)
+	if n > len(sa.raw.Path) {
+		return nil, 0, syscall.EINVAL
+	}
+	if n == len(sa.raw.Path) && name[0] != '@' {
+		return nil, 0, syscall.EINVAL
+	}
+	sa.raw.Family = AF_UNIX
+	for i := 0; i < n; i++ {
+		sa.raw.Path[i] = int8(name[i])
+	}
+	// length is family (uint16), name, NUL.
+	sl := int32(2)
+	if n > 0 {
+		sl += int32(n) + 1
+	}
+	if sa.raw.Path[0] == '@' {
+		sa.raw.Path[0] = 0
+		// Don't count trailing NUL for abstract address.
+		sl--
+	}
+
+	return unsafe.Pointer(&sa.raw), sl, nil
 }
 
 func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) {
 	switch rsa.Addr.Family {
 	case AF_UNIX:
-		return nil, syscall.EWINDOWS
+		pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa))
+		sa := new(SockaddrUnix)
+		if pp.Path[0] == 0 {
+			// "Abstract" Unix domain socket.
+			// Rewrite leading NUL as @ for textual display.
+			// (This is the standard convention.)
+			// Not friendly to overwrite in place,
+			// but the callers below don't care.
+			pp.Path[0] = '@'
+		}
+
+		// Assume path ends at NUL.
+		// This is not technically the Linux semantics for
+		// abstract Unix domain sockets--they are supposed
+		// to be uninterpreted fixed-size binary blobs--but
+		// everyone uses this convention.
+		n := 0
+		for n < len(pp.Path) && pp.Path[n] != 0 {
+			n++
+		}
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		sa.Name = string(bytes)
+		return sa, nil
 
 	case AF_INET:
 		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
@@ -900,11 +1169,7 @@ func WSASendMsg(fd Handle, msg *WSAMsg, flags uint32, bytesSent *uint32, overlap
 	}
 	r1, _, e1 := syscall.Syscall6(sendRecvMsgFunc.sendAddr, 6, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags), uintptr(unsafe.Pointer(bytesSent)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)))
 	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return err
 }
@@ -916,11 +1181,7 @@ func WSARecvMsg(fd Handle, msg *WSAMsg, bytesReceived *uint32, overlapped *Overl
 	}
 	r1, _, e1 := syscall.Syscall6(sendRecvMsgFunc.recvAddr, 5, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(unsafe.Pointer(bytesReceived)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0)
 	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return err
 }
@@ -973,10 +1234,27 @@ func NsecToTimespec(nsec int64) (ts Timespec) {
 // TODO(brainman): fix all needed for net
 
 func Accept(fd Handle) (nfd Handle, sa Sockaddr, err error) { return 0, nil, syscall.EWINDOWS }
+
 func Recvfrom(fd Handle, p []byte, flags int) (n int, from Sockaddr, err error) {
-	return 0, nil, syscall.EWINDOWS
+	var rsa RawSockaddrAny
+	l := int32(unsafe.Sizeof(rsa))
+	n32, err := recvfrom(fd, p, int32(flags), &rsa, &l)
+	n = int(n32)
+	if err != nil {
+		return
+	}
+	from, err = rsa.Sockaddr()
+	return
+}
+
+func Sendto(fd Handle, p []byte, flags int, to Sockaddr) (err error) {
+	ptr, l, err := to.sockaddr()
+	if err != nil {
+		return err
+	}
+	return sendto(fd, p, int32(flags), ptr, l)
 }
-func Sendto(fd Handle, p []byte, flags int, to Sockaddr) (err error)       { return syscall.EWINDOWS }
+
 func SetsockoptTimeval(fd Handle, level, opt int, tv *Timeval) (err error) { return syscall.EWINDOWS }
 
 // The Linger struct is wrong but we only noticed after Go 1.
@@ -1006,7 +1284,12 @@ type IPv6Mreq struct {
 	Interface uint32
 }
 
-func GetsockoptInt(fd Handle, level, opt int) (int, error) { return -1, syscall.EWINDOWS }
+func GetsockoptInt(fd Handle, level, opt int) (int, error) {
+	v := int32(0)
+	l := int32(unsafe.Sizeof(v))
+	err := Getsockopt(fd, int32(level), int32(opt), (*byte)(unsafe.Pointer(&v)), &l)
+	return int(v), err
+}
 
 func SetsockoptLinger(fd Handle, level, opt int, l *Linger) (err error) {
 	sys := sysLinger{Onoff: uint16(l.Onoff), Linger: uint16(l.Linger)}
@@ -1023,7 +1306,7 @@ func SetsockoptIPv6Mreq(fd Handle, level, opt int, mreq *IPv6Mreq) (err error) {
 	return syscall.EWINDOWS
 }
 
-func Getpid() (pid int) { return int(getCurrentProcessId()) }
+func Getpid() (pid int) { return int(GetCurrentProcessId()) }
 
 func FindFirstFile(name *uint16, data *Win32finddata) (handle Handle, err error) {
 	// NOTE(rsc): The Win32finddata struct is wrong for the system call:
@@ -1151,3 +1434,259 @@ func Readlink(path string, buf []byte) (n int, err error) {
 
 	return n, nil
 }
+
+// GUIDFromString parses a string in the form of
+// "{XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" into a GUID.
+func GUIDFromString(str string) (GUID, error) {
+	guid := GUID{}
+	str16, err := syscall.UTF16PtrFromString(str)
+	if err != nil {
+		return guid, err
+	}
+	err = clsidFromString(str16, &guid)
+	if err != nil {
+		return guid, err
+	}
+	return guid, nil
+}
+
+// GenerateGUID creates a new random GUID.
+func GenerateGUID() (GUID, error) {
+	guid := GUID{}
+	err := coCreateGuid(&guid)
+	if err != nil {
+		return guid, err
+	}
+	return guid, nil
+}
+
+// String returns the canonical string form of the GUID,
+// in the form of "{XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}".
+func (guid GUID) String() string {
+	var str [100]uint16
+	chars := stringFromGUID2(&guid, &str[0], int32(len(str)))
+	if chars <= 1 {
+		return ""
+	}
+	return string(utf16.Decode(str[:chars-1]))
+}
+
+// KnownFolderPath returns a well-known folder path for the current user, specified by one of
+// the FOLDERID_ constants, and chosen and optionally created based on a KF_ flag.
+func KnownFolderPath(folderID *KNOWNFOLDERID, flags uint32) (string, error) {
+	return Token(0).KnownFolderPath(folderID, flags)
+}
+
+// KnownFolderPath returns a well-known folder path for the user token, specified by one of
+// the FOLDERID_ constants, and chosen and optionally created based on a KF_ flag.
+func (t Token) KnownFolderPath(folderID *KNOWNFOLDERID, flags uint32) (string, error) {
+	var p *uint16
+	err := shGetKnownFolderPath(folderID, flags, t, &p)
+	if err != nil {
+		return "", err
+	}
+	defer CoTaskMemFree(unsafe.Pointer(p))
+	return UTF16PtrToString(p), nil
+}
+
+// RtlGetVersion returns the version of the underlying operating system, ignoring
+// manifest semantics but is affected by the application compatibility layer.
+func RtlGetVersion() *OsVersionInfoEx {
+	info := &OsVersionInfoEx{}
+	info.osVersionInfoSize = uint32(unsafe.Sizeof(*info))
+	// According to documentation, this function always succeeds.
+	// The function doesn't even check the validity of the
+	// osVersionInfoSize member. Disassembling ntdll.dll indicates
+	// that the documentation is indeed correct about that.
+	_ = rtlGetVersion(info)
+	return info
+}
+
+// RtlGetNtVersionNumbers returns the version of the underlying operating system,
+// ignoring manifest semantics and the application compatibility layer.
+func RtlGetNtVersionNumbers() (majorVersion, minorVersion, buildNumber uint32) {
+	rtlGetNtVersionNumbers(&majorVersion, &minorVersion, &buildNumber)
+	buildNumber &= 0xffff
+	return
+}
+
+// GetProcessPreferredUILanguages retrieves the process preferred UI languages.
+func GetProcessPreferredUILanguages(flags uint32) ([]string, error) {
+	return getUILanguages(flags, getProcessPreferredUILanguages)
+}
+
+// GetThreadPreferredUILanguages retrieves the thread preferred UI languages for the current thread.
+func GetThreadPreferredUILanguages(flags uint32) ([]string, error) {
+	return getUILanguages(flags, getThreadPreferredUILanguages)
+}
+
+// GetUserPreferredUILanguages retrieves information about the user preferred UI languages.
+func GetUserPreferredUILanguages(flags uint32) ([]string, error) {
+	return getUILanguages(flags, getUserPreferredUILanguages)
+}
+
+// GetSystemPreferredUILanguages retrieves the system preferred UI languages.
+func GetSystemPreferredUILanguages(flags uint32) ([]string, error) {
+	return getUILanguages(flags, getSystemPreferredUILanguages)
+}
+
+func getUILanguages(flags uint32, f func(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) error) ([]string, error) {
+	size := uint32(128)
+	for {
+		var numLanguages uint32
+		buf := make([]uint16, size)
+		err := f(flags, &numLanguages, &buf[0], &size)
+		if err == ERROR_INSUFFICIENT_BUFFER {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+		buf = buf[:size]
+		if numLanguages == 0 || len(buf) == 0 { // GetProcessPreferredUILanguages may return numLanguages==0 with "\0\0"
+			return []string{}, nil
+		}
+		if buf[len(buf)-1] == 0 {
+			buf = buf[:len(buf)-1] // remove terminating null
+		}
+		languages := make([]string, 0, numLanguages)
+		from := 0
+		for i, c := range buf {
+			if c == 0 {
+				languages = append(languages, string(utf16.Decode(buf[from:i])))
+				from = i + 1
+			}
+		}
+		return languages, nil
+	}
+}
+
+func SetConsoleCursorPosition(console Handle, position Coord) error {
+	return setConsoleCursorPosition(console, *((*uint32)(unsafe.Pointer(&position))))
+}
+
+func (s NTStatus) Errno() syscall.Errno {
+	return rtlNtStatusToDosErrorNoTeb(s)
+}
+
+func langID(pri, sub uint16) uint32 { return uint32(sub)<<10 | uint32(pri) }
+
+func (s NTStatus) Error() string {
+	b := make([]uint16, 300)
+	n, err := FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_FROM_HMODULE|FORMAT_MESSAGE_ARGUMENT_ARRAY, modntdll.Handle(), uint32(s), langID(LANG_ENGLISH, SUBLANG_ENGLISH_US), b, nil)
+	if err != nil {
+		return fmt.Sprintf("NTSTATUS 0x%08x", uint32(s))
+	}
+	// trim terminating \r and \n
+	for ; n > 0 && (b[n-1] == '\n' || b[n-1] == '\r'); n-- {
+	}
+	return string(utf16.Decode(b[:n]))
+}
+
+// NewNTUnicodeString returns a new NTUnicodeString structure for use with native
+// NT APIs that work over the NTUnicodeString type. Note that most Windows APIs
+// do not use NTUnicodeString, and instead UTF16PtrFromString should be used for
+// the more common *uint16 string type.
+func NewNTUnicodeString(s string) (*NTUnicodeString, error) {
+	var u NTUnicodeString
+	s16, err := UTF16PtrFromString(s)
+	if err != nil {
+		return nil, err
+	}
+	RtlInitUnicodeString(&u, s16)
+	return &u, nil
+}
+
+// Slice returns a uint16 slice that aliases the data in the NTUnicodeString.
+func (s *NTUnicodeString) Slice() []uint16 {
+	var slice []uint16
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&slice))
+	hdr.Data = unsafe.Pointer(s.Buffer)
+	hdr.Len = int(s.Length)
+	hdr.Cap = int(s.MaximumLength)
+	return slice
+}
+
+func (s *NTUnicodeString) String() string {
+	return UTF16ToString(s.Slice())
+}
+
+// NewNTString returns a new NTString structure for use with native
+// NT APIs that work over the NTString type. Note that most Windows APIs
+// do not use NTString, and instead UTF16PtrFromString should be used for
+// the more common *uint16 string type.
+func NewNTString(s string) (*NTString, error) {
+	var nts NTString
+	s8, err := BytePtrFromString(s)
+	if err != nil {
+		return nil, err
+	}
+	RtlInitString(&nts, s8)
+	return &nts, nil
+}
+
+// Slice returns a byte slice that aliases the data in the NTString.
+func (s *NTString) Slice() []byte {
+	var slice []byte
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&slice))
+	hdr.Data = unsafe.Pointer(s.Buffer)
+	hdr.Len = int(s.Length)
+	hdr.Cap = int(s.MaximumLength)
+	return slice
+}
+
+func (s *NTString) String() string {
+	return ByteSliceToString(s.Slice())
+}
+
+// FindResource resolves a resource of the given name and resource type.
+func FindResource(module Handle, name, resType ResourceIDOrString) (Handle, error) {
+	var namePtr, resTypePtr uintptr
+	var name16, resType16 *uint16
+	var err error
+	resolvePtr := func(i interface{}, keep **uint16) (uintptr, error) {
+		switch v := i.(type) {
+		case string:
+			*keep, err = UTF16PtrFromString(v)
+			if err != nil {
+				return 0, err
+			}
+			return uintptr(unsafe.Pointer(*keep)), nil
+		case ResourceID:
+			return uintptr(v), nil
+		}
+		return 0, errorspkg.New("parameter must be a ResourceID or a string")
+	}
+	namePtr, err = resolvePtr(name, &name16)
+	if err != nil {
+		return 0, err
+	}
+	resTypePtr, err = resolvePtr(resType, &resType16)
+	if err != nil {
+		return 0, err
+	}
+	resInfo, err := findResource(module, namePtr, resTypePtr)
+	runtime.KeepAlive(name16)
+	runtime.KeepAlive(resType16)
+	return resInfo, err
+}
+
+func LoadResourceData(module, resInfo Handle) (data []byte, err error) {
+	size, err := SizeofResource(module, resInfo)
+	if err != nil {
+		return
+	}
+	resData, err := LoadResource(module, resInfo)
+	if err != nil {
+		return
+	}
+	ptr, err := LockResource(resData)
+	if err != nil {
+		return
+	}
+	h := (*unsafeheader.Slice)(unsafe.Pointer(&data))
+	h.Data = unsafe.Pointer(ptr)
+	h.Len = int(size)
+	h.Cap = int(size)
+	return
+}
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index 7d2a6794db846..286dd1eab9517 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -4,35 +4,16 @@
 
 package windows
 
-import "syscall"
-
-const (
-	// Windows errors.
-	ERROR_FILE_NOT_FOUND         syscall.Errno = 2
-	ERROR_PATH_NOT_FOUND         syscall.Errno = 3
-	ERROR_ACCESS_DENIED          syscall.Errno = 5
-	ERROR_NO_MORE_FILES          syscall.Errno = 18
-	ERROR_HANDLE_EOF             syscall.Errno = 38
-	ERROR_NETNAME_DELETED        syscall.Errno = 64
-	ERROR_FILE_EXISTS            syscall.Errno = 80
-	ERROR_BROKEN_PIPE            syscall.Errno = 109
-	ERROR_BUFFER_OVERFLOW        syscall.Errno = 111
-	ERROR_INSUFFICIENT_BUFFER    syscall.Errno = 122
-	ERROR_MOD_NOT_FOUND          syscall.Errno = 126
-	ERROR_PROC_NOT_FOUND         syscall.Errno = 127
-	ERROR_ALREADY_EXISTS         syscall.Errno = 183
-	ERROR_ENVVAR_NOT_FOUND       syscall.Errno = 203
-	ERROR_MORE_DATA              syscall.Errno = 234
-	ERROR_OPERATION_ABORTED      syscall.Errno = 995
-	ERROR_IO_PENDING             syscall.Errno = 997
-	ERROR_SERVICE_SPECIFIC_ERROR syscall.Errno = 1066
-	ERROR_NOT_FOUND              syscall.Errno = 1168
-	ERROR_PRIVILEGE_NOT_HELD     syscall.Errno = 1314
-	WSAEACCES                    syscall.Errno = 10013
-	WSAEMSGSIZE                  syscall.Errno = 10040
-	WSAECONNRESET                syscall.Errno = 10054
+import (
+	"net"
+	"syscall"
+	"unsafe"
 )
 
+// NTStatus corresponds with NTSTATUS, error values returned by ntdll.dll and
+// other native functions.
+type NTStatus uint32
+
 const (
 	// Invented values to support what package os expects.
 	O_RDONLY   = 0x00000
@@ -85,14 +66,21 @@ var signals = [...]string{
 }
 
 const (
-	GENERIC_READ    = 0x80000000
-	GENERIC_WRITE   = 0x40000000
-	GENERIC_EXECUTE = 0x20000000
-	GENERIC_ALL     = 0x10000000
-
-	FILE_LIST_DIRECTORY   = 0x00000001
-	FILE_APPEND_DATA      = 0x00000004
+	FILE_READ_DATA        = 0x00000001
+	FILE_READ_ATTRIBUTES  = 0x00000080
+	FILE_READ_EA          = 0x00000008
+	FILE_WRITE_DATA       = 0x00000002
 	FILE_WRITE_ATTRIBUTES = 0x00000100
+	FILE_WRITE_EA         = 0x00000010
+	FILE_APPEND_DATA      = 0x00000004
+	FILE_EXECUTE          = 0x00000020
+
+	FILE_GENERIC_READ    = STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE
+	FILE_GENERIC_WRITE   = STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE
+	FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE
+
+	FILE_LIST_DIRECTORY = 0x00000001
+	FILE_TRAVERSE       = 0x00000020
 
 	FILE_SHARE_READ   = 0x00000001
 	FILE_SHARE_WRITE  = 0x00000002
@@ -126,9 +114,19 @@ const (
 	OPEN_ALWAYS       = 4
 	TRUNCATE_EXISTING = 5
 
-	FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000
-	FILE_FLAG_BACKUP_SEMANTICS   = 0x02000000
-	FILE_FLAG_OVERLAPPED         = 0x40000000
+	FILE_FLAG_OPEN_REQUIRING_OPLOCK = 0x00040000
+	FILE_FLAG_FIRST_PIPE_INSTANCE   = 0x00080000
+	FILE_FLAG_OPEN_NO_RECALL        = 0x00100000
+	FILE_FLAG_OPEN_REPARSE_POINT    = 0x00200000
+	FILE_FLAG_SESSION_AWARE         = 0x00800000
+	FILE_FLAG_POSIX_SEMANTICS       = 0x01000000
+	FILE_FLAG_BACKUP_SEMANTICS      = 0x02000000
+	FILE_FLAG_DELETE_ON_CLOSE       = 0x04000000
+	FILE_FLAG_SEQUENTIAL_SCAN       = 0x08000000
+	FILE_FLAG_RANDOM_ACCESS         = 0x10000000
+	FILE_FLAG_NO_BUFFERING          = 0x20000000
+	FILE_FLAG_OVERLAPPED            = 0x40000000
+	FILE_FLAG_WRITE_THROUGH         = 0x80000000
 
 	HANDLE_FLAG_INHERIT    = 0x00000001
 	STARTF_USESTDHANDLES   = 0x00000100
@@ -167,22 +165,47 @@ const (
 	IGNORE                = 0
 	INFINITE              = 0xffffffff
 
-	WAIT_TIMEOUT   = 258
 	WAIT_ABANDONED = 0x00000080
 	WAIT_OBJECT_0  = 0x00000000
 	WAIT_FAILED    = 0xFFFFFFFF
 
-	PROCESS_TERMINATE         = 1
-	PROCESS_QUERY_INFORMATION = 0x00000400
-	SYNCHRONIZE               = 0x00100000
+	// Access rights for process.
+	PROCESS_CREATE_PROCESS            = 0x0080
+	PROCESS_CREATE_THREAD             = 0x0002
+	PROCESS_DUP_HANDLE                = 0x0040
+	PROCESS_QUERY_INFORMATION         = 0x0400
+	PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
+	PROCESS_SET_INFORMATION           = 0x0200
+	PROCESS_SET_QUOTA                 = 0x0100
+	PROCESS_SUSPEND_RESUME            = 0x0800
+	PROCESS_TERMINATE                 = 0x0001
+	PROCESS_VM_OPERATION              = 0x0008
+	PROCESS_VM_READ                   = 0x0010
+	PROCESS_VM_WRITE                  = 0x0020
+
+	// Access rights for thread.
+	THREAD_DIRECT_IMPERSONATION      = 0x0200
+	THREAD_GET_CONTEXT               = 0x0008
+	THREAD_IMPERSONATE               = 0x0100
+	THREAD_QUERY_INFORMATION         = 0x0040
+	THREAD_QUERY_LIMITED_INFORMATION = 0x0800
+	THREAD_SET_CONTEXT               = 0x0010
+	THREAD_SET_INFORMATION           = 0x0020
+	THREAD_SET_LIMITED_INFORMATION   = 0x0400
+	THREAD_SET_THREAD_TOKEN          = 0x0080
+	THREAD_SUSPEND_RESUME            = 0x0002
+	THREAD_TERMINATE                 = 0x0001
 
 	FILE_MAP_COPY    = 0x01
 	FILE_MAP_WRITE   = 0x02
 	FILE_MAP_READ    = 0x04
 	FILE_MAP_EXECUTE = 0x20
 
-	CTRL_C_EVENT     = 0
-	CTRL_BREAK_EVENT = 1
+	CTRL_C_EVENT        = 0
+	CTRL_BREAK_EVENT    = 1
+	CTRL_CLOSE_EVENT    = 2
+	CTRL_LOGOFF_EVENT   = 5
+	CTRL_SHUTDOWN_EVENT = 6
 
 	// Windows reserves errors >= 1<<29 for application use.
 	APPLICATION_ERROR = 1 << 29
@@ -208,6 +231,18 @@ const (
 	INHERIT_PARENT_AFFINITY          = 0x00010000
 )
 
+const (
+	// attributes for ProcThreadAttributeList
+	PROC_THREAD_ATTRIBUTE_PARENT_PROCESS    = 0x00020000
+	PROC_THREAD_ATTRIBUTE_HANDLE_LIST       = 0x00020002
+	PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY    = 0x00030003
+	PROC_THREAD_ATTRIBUTE_PREFERRED_NODE    = 0x00020004
+	PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR   = 0x00030005
+	PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY = 0x00020007
+	PROC_THREAD_ATTRIBUTE_UMS_THREAD        = 0x00030006
+	PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL  = 0x0002000b
+)
+
 const (
 	// flags for CreateToolhelp32Snapshot
 	TH32CS_SNAPHEAPLIST = 0x01
@@ -220,7 +255,15 @@ const (
 )
 
 const (
-	// filters for ReadDirectoryChangesW
+	// flags for EnumProcessModulesEx
+	LIST_MODULES_32BIT   = 0x01
+	LIST_MODULES_64BIT   = 0x02
+	LIST_MODULES_ALL     = 0x03
+	LIST_MODULES_DEFAULT = 0x00
+)
+
+const (
+	// filters for ReadDirectoryChangesW and FindFirstChangeNotificationW
 	FILE_NOTIFY_CHANGE_FILE_NAME   = 0x001
 	FILE_NOTIFY_CHANGE_DIR_NAME    = 0x002
 	FILE_NOTIFY_CHANGE_ATTRIBUTES  = 0x004
@@ -242,24 +285,27 @@ const (
 
 const (
 	// wincrypt.h
-	PROV_RSA_FULL                    = 1
-	PROV_RSA_SIG                     = 2
-	PROV_DSS                         = 3
-	PROV_FORTEZZA                    = 4
-	PROV_MS_EXCHANGE                 = 5
-	PROV_SSL                         = 6
-	PROV_RSA_SCHANNEL                = 12
-	PROV_DSS_DH                      = 13
-	PROV_EC_ECDSA_SIG                = 14
-	PROV_EC_ECNRA_SIG                = 15
-	PROV_EC_ECDSA_FULL               = 16
-	PROV_EC_ECNRA_FULL               = 17
-	PROV_DH_SCHANNEL                 = 18
-	PROV_SPYRUS_LYNKS                = 20
-	PROV_RNG                         = 21
-	PROV_INTEL_SEC                   = 22
-	PROV_REPLACE_OWF                 = 23
-	PROV_RSA_AES                     = 24
+	/* certenrolld_begin -- PROV_RSA_*/
+	PROV_RSA_FULL      = 1
+	PROV_RSA_SIG       = 2
+	PROV_DSS           = 3
+	PROV_FORTEZZA      = 4
+	PROV_MS_EXCHANGE   = 5
+	PROV_SSL           = 6
+	PROV_RSA_SCHANNEL  = 12
+	PROV_DSS_DH        = 13
+	PROV_EC_ECDSA_SIG  = 14
+	PROV_EC_ECNRA_SIG  = 15
+	PROV_EC_ECDSA_FULL = 16
+	PROV_EC_ECNRA_FULL = 17
+	PROV_DH_SCHANNEL   = 18
+	PROV_SPYRUS_LYNKS  = 20
+	PROV_RNG           = 21
+	PROV_INTEL_SEC     = 22
+	PROV_REPLACE_OWF   = 23
+	PROV_RSA_AES       = 24
+
+	/* dwFlags definitions for CryptAcquireContext */
 	CRYPT_VERIFYCONTEXT              = 0xF0000000
 	CRYPT_NEWKEYSET                  = 0x00000008
 	CRYPT_DELETEKEYSET               = 0x00000010
@@ -267,18 +313,118 @@ const (
 	CRYPT_SILENT                     = 0x00000040
 	CRYPT_DEFAULT_CONTAINER_OPTIONAL = 0x00000080
 
+	/* Flags for PFXImportCertStore */
+	CRYPT_EXPORTABLE                   = 0x00000001
+	CRYPT_USER_PROTECTED               = 0x00000002
+	CRYPT_USER_KEYSET                  = 0x00001000
+	PKCS12_PREFER_CNG_KSP              = 0x00000100
+	PKCS12_ALWAYS_CNG_KSP              = 0x00000200
+	PKCS12_ALLOW_OVERWRITE_KEY         = 0x00004000
+	PKCS12_NO_PERSIST_KEY              = 0x00008000
+	PKCS12_INCLUDE_EXTENDED_PROPERTIES = 0x00000010
+
+	/* Flags for CryptAcquireCertificatePrivateKey */
+	CRYPT_ACQUIRE_CACHE_FLAG             = 0x00000001
+	CRYPT_ACQUIRE_USE_PROV_INFO_FLAG     = 0x00000002
+	CRYPT_ACQUIRE_COMPARE_KEY_FLAG       = 0x00000004
+	CRYPT_ACQUIRE_NO_HEALING             = 0x00000008
+	CRYPT_ACQUIRE_SILENT_FLAG            = 0x00000040
+	CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG     = 0x00000080
+	CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS_MASK  = 0x00070000
+	CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG  = 0x00010000
+	CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG = 0x00020000
+	CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG   = 0x00040000
+
+	/* pdwKeySpec for CryptAcquireCertificatePrivateKey */
+	AT_KEYEXCHANGE       = 1
+	AT_SIGNATURE         = 2
+	CERT_NCRYPT_KEY_SPEC = 0xFFFFFFFF
+
+	/* Default usage match type is AND with value zero */
 	USAGE_MATCH_TYPE_AND = 0
 	USAGE_MATCH_TYPE_OR  = 1
 
+	/* msgAndCertEncodingType values for CertOpenStore function */
 	X509_ASN_ENCODING   = 0x00000001
 	PKCS_7_ASN_ENCODING = 0x00010000
 
-	CERT_STORE_PROV_MEMORY = 2
-
-	CERT_STORE_ADD_ALWAYS = 4
-
+	/* storeProvider values for CertOpenStore function */
+	CERT_STORE_PROV_MSG               = 1
+	CERT_STORE_PROV_MEMORY            = 2
+	CERT_STORE_PROV_FILE              = 3
+	CERT_STORE_PROV_REG               = 4
+	CERT_STORE_PROV_PKCS7             = 5
+	CERT_STORE_PROV_SERIALIZED        = 6
+	CERT_STORE_PROV_FILENAME_A        = 7
+	CERT_STORE_PROV_FILENAME_W        = 8
+	CERT_STORE_PROV_FILENAME          = CERT_STORE_PROV_FILENAME_W
+	CERT_STORE_PROV_SYSTEM_A          = 9
+	CERT_STORE_PROV_SYSTEM_W          = 10
+	CERT_STORE_PROV_SYSTEM            = CERT_STORE_PROV_SYSTEM_W
+	CERT_STORE_PROV_COLLECTION        = 11
+	CERT_STORE_PROV_SYSTEM_REGISTRY_A = 12
+	CERT_STORE_PROV_SYSTEM_REGISTRY_W = 13
+	CERT_STORE_PROV_SYSTEM_REGISTRY   = CERT_STORE_PROV_SYSTEM_REGISTRY_W
+	CERT_STORE_PROV_PHYSICAL_W        = 14
+	CERT_STORE_PROV_PHYSICAL          = CERT_STORE_PROV_PHYSICAL_W
+	CERT_STORE_PROV_SMART_CARD_W      = 15
+	CERT_STORE_PROV_SMART_CARD        = CERT_STORE_PROV_SMART_CARD_W
+	CERT_STORE_PROV_LDAP_W            = 16
+	CERT_STORE_PROV_LDAP              = CERT_STORE_PROV_LDAP_W
+	CERT_STORE_PROV_PKCS12            = 17
+
+	/* store characteristics (low WORD of flag) for CertOpenStore function */
+	CERT_STORE_NO_CRYPT_RELEASE_FLAG            = 0x00000001
+	CERT_STORE_SET_LOCALIZED_NAME_FLAG          = 0x00000002
 	CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG = 0x00000004
-
+	CERT_STORE_DELETE_FLAG                      = 0x00000010
+	CERT_STORE_UNSAFE_PHYSICAL_FLAG             = 0x00000020
+	CERT_STORE_SHARE_STORE_FLAG                 = 0x00000040
+	CERT_STORE_SHARE_CONTEXT_FLAG               = 0x00000080
+	CERT_STORE_MANIFOLD_FLAG                    = 0x00000100
+	CERT_STORE_ENUM_ARCHIVED_FLAG               = 0x00000200
+	CERT_STORE_UPDATE_KEYID_FLAG                = 0x00000400
+	CERT_STORE_BACKUP_RESTORE_FLAG              = 0x00000800
+	CERT_STORE_MAXIMUM_ALLOWED_FLAG             = 0x00001000
+	CERT_STORE_CREATE_NEW_FLAG                  = 0x00002000
+	CERT_STORE_OPEN_EXISTING_FLAG               = 0x00004000
+	CERT_STORE_READONLY_FLAG                    = 0x00008000
+
+	/* store locations (high WORD of flag) for CertOpenStore function */
+	CERT_SYSTEM_STORE_CURRENT_USER               = 0x00010000
+	CERT_SYSTEM_STORE_LOCAL_MACHINE              = 0x00020000
+	CERT_SYSTEM_STORE_CURRENT_SERVICE            = 0x00040000
+	CERT_SYSTEM_STORE_SERVICES                   = 0x00050000
+	CERT_SYSTEM_STORE_USERS                      = 0x00060000
+	CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY  = 0x00070000
+	CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY = 0x00080000
+	CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE   = 0x00090000
+	CERT_SYSTEM_STORE_UNPROTECTED_FLAG           = 0x40000000
+	CERT_SYSTEM_STORE_RELOCATE_FLAG              = 0x80000000
+
+	/* Miscellaneous high-WORD flags for CertOpenStore function */
+	CERT_REGISTRY_STORE_REMOTE_FLAG      = 0x00010000
+	CERT_REGISTRY_STORE_SERIALIZED_FLAG  = 0x00020000
+	CERT_REGISTRY_STORE_ROAMING_FLAG     = 0x00040000
+	CERT_REGISTRY_STORE_MY_IE_DIRTY_FLAG = 0x00080000
+	CERT_REGISTRY_STORE_LM_GPT_FLAG      = 0x01000000
+	CERT_REGISTRY_STORE_CLIENT_GPT_FLAG  = 0x80000000
+	CERT_FILE_STORE_COMMIT_ENABLE_FLAG   = 0x00010000
+	CERT_LDAP_STORE_SIGN_FLAG            = 0x00010000
+	CERT_LDAP_STORE_AREC_EXCLUSIVE_FLAG  = 0x00020000
+	CERT_LDAP_STORE_OPENED_FLAG          = 0x00040000
+	CERT_LDAP_STORE_UNBIND_FLAG          = 0x00080000
+
+	/* addDisposition values for CertAddCertificateContextToStore function */
+	CERT_STORE_ADD_NEW                                 = 1
+	CERT_STORE_ADD_USE_EXISTING                        = 2
+	CERT_STORE_ADD_REPLACE_EXISTING                    = 3
+	CERT_STORE_ADD_ALWAYS                              = 4
+	CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES = 5
+	CERT_STORE_ADD_NEWER                               = 6
+	CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES            = 7
+
+	/* ErrorStatus values for CertTrustStatus struct */
 	CERT_TRUST_NO_ERROR                          = 0x00000000
 	CERT_TRUST_IS_NOT_TIME_VALID                 = 0x00000001
 	CERT_TRUST_IS_REVOKED                        = 0x00000004
@@ -295,11 +441,114 @@ const (
 	CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT   = 0x00002000
 	CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT = 0x00004000
 	CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT      = 0x00008000
+	CERT_TRUST_IS_PARTIAL_CHAIN                  = 0x00010000
+	CERT_TRUST_CTL_IS_NOT_TIME_VALID             = 0x00020000
+	CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID        = 0x00040000
+	CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE        = 0x00080000
+	CERT_TRUST_HAS_WEAK_SIGNATURE                = 0x00100000
 	CERT_TRUST_IS_OFFLINE_REVOCATION             = 0x01000000
 	CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY          = 0x02000000
 	CERT_TRUST_IS_EXPLICIT_DISTRUST              = 0x04000000
 	CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT    = 0x08000000
 
+	/* InfoStatus values for CertTrustStatus struct */
+	CERT_TRUST_HAS_EXACT_MATCH_ISSUER        = 0x00000001
+	CERT_TRUST_HAS_KEY_MATCH_ISSUER          = 0x00000002
+	CERT_TRUST_HAS_NAME_MATCH_ISSUER         = 0x00000004
+	CERT_TRUST_IS_SELF_SIGNED                = 0x00000008
+	CERT_TRUST_HAS_PREFERRED_ISSUER          = 0x00000100
+	CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY     = 0x00000400
+	CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS    = 0x00000400
+	CERT_TRUST_IS_PEER_TRUSTED               = 0x00000800
+	CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED     = 0x00001000
+	CERT_TRUST_IS_FROM_EXCLUSIVE_TRUST_STORE = 0x00002000
+	CERT_TRUST_IS_CA_TRUSTED                 = 0x00004000
+	CERT_TRUST_IS_COMPLEX_CHAIN              = 0x00010000
+
+	/* Certificate Information Flags */
+	CERT_INFO_VERSION_FLAG                 = 1
+	CERT_INFO_SERIAL_NUMBER_FLAG           = 2
+	CERT_INFO_SIGNATURE_ALGORITHM_FLAG     = 3
+	CERT_INFO_ISSUER_FLAG                  = 4
+	CERT_INFO_NOT_BEFORE_FLAG              = 5
+	CERT_INFO_NOT_AFTER_FLAG               = 6
+	CERT_INFO_SUBJECT_FLAG                 = 7
+	CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG = 8
+	CERT_INFO_ISSUER_UNIQUE_ID_FLAG        = 9
+	CERT_INFO_SUBJECT_UNIQUE_ID_FLAG       = 10
+	CERT_INFO_EXTENSION_FLAG               = 11
+
+	/* dwFindType for CertFindCertificateInStore  */
+	CERT_COMPARE_MASK                     = 0xFFFF
+	CERT_COMPARE_SHIFT                    = 16
+	CERT_COMPARE_ANY                      = 0
+	CERT_COMPARE_SHA1_HASH                = 1
+	CERT_COMPARE_NAME                     = 2
+	CERT_COMPARE_ATTR                     = 3
+	CERT_COMPARE_MD5_HASH                 = 4
+	CERT_COMPARE_PROPERTY                 = 5
+	CERT_COMPARE_PUBLIC_KEY               = 6
+	CERT_COMPARE_HASH                     = CERT_COMPARE_SHA1_HASH
+	CERT_COMPARE_NAME_STR_A               = 7
+	CERT_COMPARE_NAME_STR_W               = 8
+	CERT_COMPARE_KEY_SPEC                 = 9
+	CERT_COMPARE_ENHKEY_USAGE             = 10
+	CERT_COMPARE_CTL_USAGE                = CERT_COMPARE_ENHKEY_USAGE
+	CERT_COMPARE_SUBJECT_CERT             = 11
+	CERT_COMPARE_ISSUER_OF                = 12
+	CERT_COMPARE_EXISTING                 = 13
+	CERT_COMPARE_SIGNATURE_HASH           = 14
+	CERT_COMPARE_KEY_IDENTIFIER           = 15
+	CERT_COMPARE_CERT_ID                  = 16
+	CERT_COMPARE_CROSS_CERT_DIST_POINTS   = 17
+	CERT_COMPARE_PUBKEY_MD5_HASH          = 18
+	CERT_COMPARE_SUBJECT_INFO_ACCESS      = 19
+	CERT_COMPARE_HASH_STR                 = 20
+	CERT_COMPARE_HAS_PRIVATE_KEY          = 21
+	CERT_FIND_ANY                         = (CERT_COMPARE_ANY << CERT_COMPARE_SHIFT)
+	CERT_FIND_SHA1_HASH                   = (CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT)
+	CERT_FIND_MD5_HASH                    = (CERT_COMPARE_MD5_HASH << CERT_COMPARE_SHIFT)
+	CERT_FIND_SIGNATURE_HASH              = (CERT_COMPARE_SIGNATURE_HASH << CERT_COMPARE_SHIFT)
+	CERT_FIND_KEY_IDENTIFIER              = (CERT_COMPARE_KEY_IDENTIFIER << CERT_COMPARE_SHIFT)
+	CERT_FIND_HASH                        = CERT_FIND_SHA1_HASH
+	CERT_FIND_PROPERTY                    = (CERT_COMPARE_PROPERTY << CERT_COMPARE_SHIFT)
+	CERT_FIND_PUBLIC_KEY                  = (CERT_COMPARE_PUBLIC_KEY << CERT_COMPARE_SHIFT)
+	CERT_FIND_SUBJECT_NAME                = (CERT_COMPARE_NAME<<CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
+	CERT_FIND_SUBJECT_ATTR                = (CERT_COMPARE_ATTR<<CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
+	CERT_FIND_ISSUER_NAME                 = (CERT_COMPARE_NAME<<CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
+	CERT_FIND_ISSUER_ATTR                 = (CERT_COMPARE_ATTR<<CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
+	CERT_FIND_SUBJECT_STR_A               = (CERT_COMPARE_NAME_STR_A<<CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
+	CERT_FIND_SUBJECT_STR_W               = (CERT_COMPARE_NAME_STR_W<<CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
+	CERT_FIND_SUBJECT_STR                 = CERT_FIND_SUBJECT_STR_W
+	CERT_FIND_ISSUER_STR_A                = (CERT_COMPARE_NAME_STR_A<<CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
+	CERT_FIND_ISSUER_STR_W                = (CERT_COMPARE_NAME_STR_W<<CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
+	CERT_FIND_ISSUER_STR                  = CERT_FIND_ISSUER_STR_W
+	CERT_FIND_KEY_SPEC                    = (CERT_COMPARE_KEY_SPEC << CERT_COMPARE_SHIFT)
+	CERT_FIND_ENHKEY_USAGE                = (CERT_COMPARE_ENHKEY_USAGE << CERT_COMPARE_SHIFT)
+	CERT_FIND_CTL_USAGE                   = CERT_FIND_ENHKEY_USAGE
+	CERT_FIND_SUBJECT_CERT                = (CERT_COMPARE_SUBJECT_CERT << CERT_COMPARE_SHIFT)
+	CERT_FIND_ISSUER_OF                   = (CERT_COMPARE_ISSUER_OF << CERT_COMPARE_SHIFT)
+	CERT_FIND_EXISTING                    = (CERT_COMPARE_EXISTING << CERT_COMPARE_SHIFT)
+	CERT_FIND_CERT_ID                     = (CERT_COMPARE_CERT_ID << CERT_COMPARE_SHIFT)
+	CERT_FIND_CROSS_CERT_DIST_POINTS      = (CERT_COMPARE_CROSS_CERT_DIST_POINTS << CERT_COMPARE_SHIFT)
+	CERT_FIND_PUBKEY_MD5_HASH             = (CERT_COMPARE_PUBKEY_MD5_HASH << CERT_COMPARE_SHIFT)
+	CERT_FIND_SUBJECT_INFO_ACCESS         = (CERT_COMPARE_SUBJECT_INFO_ACCESS << CERT_COMPARE_SHIFT)
+	CERT_FIND_HASH_STR                    = (CERT_COMPARE_HASH_STR << CERT_COMPARE_SHIFT)
+	CERT_FIND_HAS_PRIVATE_KEY             = (CERT_COMPARE_HAS_PRIVATE_KEY << CERT_COMPARE_SHIFT)
+	CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG  = 0x1
+	CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG  = 0x2
+	CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG = 0x4
+	CERT_FIND_NO_ENHKEY_USAGE_FLAG        = 0x8
+	CERT_FIND_OR_ENHKEY_USAGE_FLAG        = 0x10
+	CERT_FIND_VALID_ENHKEY_USAGE_FLAG     = 0x20
+	CERT_FIND_OPTIONAL_CTL_USAGE_FLAG     = CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG
+	CERT_FIND_EXT_ONLY_CTL_USAGE_FLAG     = CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG
+	CERT_FIND_PROP_ONLY_CTL_USAGE_FLAG    = CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG
+	CERT_FIND_NO_CTL_USAGE_FLAG           = CERT_FIND_NO_ENHKEY_USAGE_FLAG
+	CERT_FIND_OR_CTL_USAGE_FLAG           = CERT_FIND_OR_ENHKEY_USAGE_FLAG
+	CERT_FIND_VALID_CTL_USAGE_FLAG        = CERT_FIND_VALID_ENHKEY_USAGE_FLAG
+
+	/* policyOID values for CertVerifyCertificateChainPolicy function */
 	CERT_CHAIN_POLICY_BASE              = 1
 	CERT_CHAIN_POLICY_AUTHENTICODE      = 2
 	CERT_CHAIN_POLICY_AUTHENTICODE_TS   = 3
@@ -308,21 +557,184 @@ const (
 	CERT_CHAIN_POLICY_NT_AUTH           = 6
 	CERT_CHAIN_POLICY_MICROSOFT_ROOT    = 7
 	CERT_CHAIN_POLICY_EV                = 8
-
-	CERT_E_EXPIRED       = 0x800B0101
-	CERT_E_ROLE          = 0x800B0103
-	CERT_E_PURPOSE       = 0x800B0106
-	CERT_E_UNTRUSTEDROOT = 0x800B0109
-	CERT_E_CN_NO_MATCH   = 0x800B010F
-
+	CERT_CHAIN_POLICY_SSL_F12           = 9
+
+	/* flag for dwFindType CertFindChainInStore  */
+	CERT_CHAIN_FIND_BY_ISSUER = 1
+
+	/* dwFindFlags for CertFindChainInStore when dwFindType == CERT_CHAIN_FIND_BY_ISSUER */
+	CERT_CHAIN_FIND_BY_ISSUER_COMPARE_KEY_FLAG    = 0x0001
+	CERT_CHAIN_FIND_BY_ISSUER_COMPLEX_CHAIN_FLAG  = 0x0002
+	CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG = 0x0004
+	CERT_CHAIN_FIND_BY_ISSUER_LOCAL_MACHINE_FLAG  = 0x0008
+	CERT_CHAIN_FIND_BY_ISSUER_NO_KEY_FLAG         = 0x4000
+	CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG     = 0x8000
+
+	/* Certificate Store close flags */
+	CERT_CLOSE_STORE_FORCE_FLAG = 0x00000001
+	CERT_CLOSE_STORE_CHECK_FLAG = 0x00000002
+
+	/* CryptQueryObject object type */
+	CERT_QUERY_OBJECT_FILE = 1
+	CERT_QUERY_OBJECT_BLOB = 2
+
+	/* CryptQueryObject content type flags */
+	CERT_QUERY_CONTENT_CERT                    = 1
+	CERT_QUERY_CONTENT_CTL                     = 2
+	CERT_QUERY_CONTENT_CRL                     = 3
+	CERT_QUERY_CONTENT_SERIALIZED_STORE        = 4
+	CERT_QUERY_CONTENT_SERIALIZED_CERT         = 5
+	CERT_QUERY_CONTENT_SERIALIZED_CTL          = 6
+	CERT_QUERY_CONTENT_SERIALIZED_CRL          = 7
+	CERT_QUERY_CONTENT_PKCS7_SIGNED            = 8
+	CERT_QUERY_CONTENT_PKCS7_UNSIGNED          = 9
+	CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED      = 10
+	CERT_QUERY_CONTENT_PKCS10                  = 11
+	CERT_QUERY_CONTENT_PFX                     = 12
+	CERT_QUERY_CONTENT_CERT_PAIR               = 13
+	CERT_QUERY_CONTENT_PFX_AND_LOAD            = 14
+	CERT_QUERY_CONTENT_FLAG_CERT               = (1 << CERT_QUERY_CONTENT_CERT)
+	CERT_QUERY_CONTENT_FLAG_CTL                = (1 << CERT_QUERY_CONTENT_CTL)
+	CERT_QUERY_CONTENT_FLAG_CRL                = (1 << CERT_QUERY_CONTENT_CRL)
+	CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE   = (1 << CERT_QUERY_CONTENT_SERIALIZED_STORE)
+	CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT    = (1 << CERT_QUERY_CONTENT_SERIALIZED_CERT)
+	CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL     = (1 << CERT_QUERY_CONTENT_SERIALIZED_CTL)
+	CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL     = (1 << CERT_QUERY_CONTENT_SERIALIZED_CRL)
+	CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED       = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED)
+	CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED     = (1 << CERT_QUERY_CONTENT_PKCS7_UNSIGNED)
+	CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED)
+	CERT_QUERY_CONTENT_FLAG_PKCS10             = (1 << CERT_QUERY_CONTENT_PKCS10)
+	CERT_QUERY_CONTENT_FLAG_PFX                = (1 << CERT_QUERY_CONTENT_PFX)
+	CERT_QUERY_CONTENT_FLAG_CERT_PAIR          = (1 << CERT_QUERY_CONTENT_CERT_PAIR)
+	CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD       = (1 << CERT_QUERY_CONTENT_PFX_AND_LOAD)
+	CERT_QUERY_CONTENT_FLAG_ALL                = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_CTL | CERT_QUERY_CONTENT_FLAG_CRL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | CERT_QUERY_CONTENT_FLAG_PKCS10 | CERT_QUERY_CONTENT_FLAG_PFX | CERT_QUERY_CONTENT_FLAG_CERT_PAIR)
+	CERT_QUERY_CONTENT_FLAG_ALL_ISSUER_CERT    = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED)
+
+	/* CryptQueryObject format type flags */
+	CERT_QUERY_FORMAT_BINARY                     = 1
+	CERT_QUERY_FORMAT_BASE64_ENCODED             = 2
+	CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED      = 3
+	CERT_QUERY_FORMAT_FLAG_BINARY                = (1 << CERT_QUERY_FORMAT_BINARY)
+	CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED        = (1 << CERT_QUERY_FORMAT_BASE64_ENCODED)
+	CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED = (1 << CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED)
+	CERT_QUERY_FORMAT_FLAG_ALL                   = (CERT_QUERY_FORMAT_FLAG_BINARY | CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED | CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED)
+
+	/* CertGetNameString name types */
+	CERT_NAME_EMAIL_TYPE            = 1
+	CERT_NAME_RDN_TYPE              = 2
+	CERT_NAME_ATTR_TYPE             = 3
+	CERT_NAME_SIMPLE_DISPLAY_TYPE   = 4
+	CERT_NAME_FRIENDLY_DISPLAY_TYPE = 5
+	CERT_NAME_DNS_TYPE              = 6
+	CERT_NAME_URL_TYPE              = 7
+	CERT_NAME_UPN_TYPE              = 8
+
+	/* CertGetNameString flags */
+	CERT_NAME_ISSUER_FLAG              = 0x1
+	CERT_NAME_DISABLE_IE4_UTF8_FLAG    = 0x10000
+	CERT_NAME_SEARCH_ALL_NAMES_FLAG    = 0x2
+	CERT_NAME_STR_ENABLE_PUNYCODE_FLAG = 0x00200000
+
+	/* AuthType values for SSLExtraCertChainPolicyPara struct */
 	AUTHTYPE_CLIENT = 1
 	AUTHTYPE_SERVER = 2
+
+	/* Checks values for SSLExtraCertChainPolicyPara struct */
+	SECURITY_FLAG_IGNORE_REVOCATION        = 0x00000080
+	SECURITY_FLAG_IGNORE_UNKNOWN_CA        = 0x00000100
+	SECURITY_FLAG_IGNORE_WRONG_USAGE       = 0x00000200
+	SECURITY_FLAG_IGNORE_CERT_CN_INVALID   = 0x00001000
+	SECURITY_FLAG_IGNORE_CERT_DATE_INVALID = 0x00002000
+
+	/* Flags for Crypt[Un]ProtectData */
+	CRYPTPROTECT_UI_FORBIDDEN      = 0x1
+	CRYPTPROTECT_LOCAL_MACHINE     = 0x4
+	CRYPTPROTECT_CRED_SYNC         = 0x8
+	CRYPTPROTECT_AUDIT             = 0x10
+	CRYPTPROTECT_NO_RECOVERY       = 0x20
+	CRYPTPROTECT_VERIFY_PROTECTION = 0x40
+	CRYPTPROTECT_CRED_REGENERATE   = 0x80
+
+	/* Flags for CryptProtectPromptStruct */
+	CRYPTPROTECT_PROMPT_ON_UNPROTECT   = 1
+	CRYPTPROTECT_PROMPT_ON_PROTECT     = 2
+	CRYPTPROTECT_PROMPT_RESERVED       = 4
+	CRYPTPROTECT_PROMPT_STRONG         = 8
+	CRYPTPROTECT_PROMPT_REQUIRE_STRONG = 16
+)
+
+const (
+	// flags for SetErrorMode
+	SEM_FAILCRITICALERRORS     = 0x0001
+	SEM_NOALIGNMENTFAULTEXCEPT = 0x0004
+	SEM_NOGPFAULTERRORBOX      = 0x0002
+	SEM_NOOPENFILEERRORBOX     = 0x8000
+)
+
+const (
+	// Priority class.
+	ABOVE_NORMAL_PRIORITY_CLASS   = 0x00008000
+	BELOW_NORMAL_PRIORITY_CLASS   = 0x00004000
+	HIGH_PRIORITY_CLASS           = 0x00000080
+	IDLE_PRIORITY_CLASS           = 0x00000040
+	NORMAL_PRIORITY_CLASS         = 0x00000020
+	PROCESS_MODE_BACKGROUND_BEGIN = 0x00100000
+	PROCESS_MODE_BACKGROUND_END   = 0x00200000
+	REALTIME_PRIORITY_CLASS       = 0x00000100
+)
+
+/* wintrust.h constants for WinVerifyTrustEx */
+const (
+	WTD_UI_ALL    = 1
+	WTD_UI_NONE   = 2
+	WTD_UI_NOBAD  = 3
+	WTD_UI_NOGOOD = 4
+
+	WTD_REVOKE_NONE       = 0
+	WTD_REVOKE_WHOLECHAIN = 1
+
+	WTD_CHOICE_FILE    = 1
+	WTD_CHOICE_CATALOG = 2
+	WTD_CHOICE_BLOB    = 3
+	WTD_CHOICE_SIGNER  = 4
+	WTD_CHOICE_CERT    = 5
+
+	WTD_STATEACTION_IGNORE           = 0x00000000
+	WTD_STATEACTION_VERIFY           = 0x00000001
+	WTD_STATEACTION_CLOSE            = 0x00000002
+	WTD_STATEACTION_AUTO_CACHE       = 0x00000003
+	WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004
+
+	WTD_USE_IE4_TRUST_FLAG                  = 0x1
+	WTD_NO_IE4_CHAIN_FLAG                   = 0x2
+	WTD_NO_POLICY_USAGE_FLAG                = 0x4
+	WTD_REVOCATION_CHECK_NONE               = 0x10
+	WTD_REVOCATION_CHECK_END_CERT           = 0x20
+	WTD_REVOCATION_CHECK_CHAIN              = 0x40
+	WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x80
+	WTD_SAFER_FLAG                          = 0x100
+	WTD_HASH_ONLY_FLAG                      = 0x200
+	WTD_USE_DEFAULT_OSVER_CHECK             = 0x400
+	WTD_LIFETIME_SIGNING_FLAG               = 0x800
+	WTD_CACHE_ONLY_URL_RETRIEVAL            = 0x1000
+	WTD_DISABLE_MD2_MD4                     = 0x2000
+	WTD_MOTW                                = 0x4000
+
+	WTD_UICONTEXT_EXECUTE = 0
+	WTD_UICONTEXT_INSTALL = 1
 )
 
 var (
 	OID_PKIX_KP_SERVER_AUTH = []byte("1.3.6.1.5.5.7.3.1\x00")
 	OID_SERVER_GATED_CRYPTO = []byte("1.3.6.1.4.1.311.10.3.3\x00")
 	OID_SGC_NETSCAPE        = []byte("2.16.840.1.113730.4.1\x00")
+
+	WINTRUST_ACTION_GENERIC_VERIFY_V2 = GUID{
+		Data1: 0xaac56b,
+		Data2: 0xcd44,
+		Data3: 0x11d0,
+		Data4: [8]byte{0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee},
+	}
 )
 
 // Pointer represents a pointer to an arbitrary Windows type.
@@ -349,12 +761,6 @@ func NsecToTimeval(nsec int64) (tv Timeval) {
 	return
 }
 
-type SecurityAttributes struct {
-	Length             uint32
-	SecurityDescriptor uintptr
-	InheritHandle      uint32
-}
-
 type Overlapped struct {
 	Internal     uintptr
 	InternalHigh uintptr
@@ -424,6 +830,14 @@ type win32finddata1 struct {
 	Reserved1         uint32
 	FileName          [MAX_PATH]uint16
 	AlternateFileName [14]uint16
+
+	// The Microsoft documentation for this struct¹ describes three additional
+	// fields: dwFileType, dwCreatorType, and wFinderFlags. However, those fields
+	// are empirically only present in the macOS port of the Win32 API,² and thus
+	// not needed for binaries built for Windows.
+	//
+	// ¹ https://docs.microsoft.com/en-us/windows/win32/api/minwinbase/ns-minwinbase-win32_find_dataw describe
+	// ² https://golang.org/issue/42637#issuecomment-760715755.
 }
 
 func copyFindData(dst *Win32finddata, src *win32finddata1) {
@@ -508,6 +922,24 @@ type StartupInfo struct {
 	StdErr        Handle
 }
 
+type StartupInfoEx struct {
+	StartupInfo
+	ProcThreadAttributeList *ProcThreadAttributeList
+}
+
+// ProcThreadAttributeList is a placeholder type to represent a PROC_THREAD_ATTRIBUTE_LIST.
+//
+// To create a *ProcThreadAttributeList, use NewProcThreadAttributeList, update
+// it with ProcThreadAttributeListContainer.Update, free its memory using
+// ProcThreadAttributeListContainer.Delete, and access the list itself using
+// ProcThreadAttributeListContainer.List.
+type ProcThreadAttributeList struct{}
+
+type ProcThreadAttributeListContainer struct {
+	data            *ProcThreadAttributeList
+	heapAllocations []uintptr
+}
+
 type ProcessInformation struct {
 	Process   Handle
 	Thread    Handle
@@ -528,6 +960,16 @@ type ProcessEntry32 struct {
 	ExeFile         [MAX_PATH]uint16
 }
 
+type ThreadEntry32 struct {
+	Size           uint32
+	Usage          uint32
+	ThreadID       uint32
+	OwnerProcessID uint32
+	BasePri        int32
+	DeltaPri       int32
+	Flags          uint32
+}
+
 type Systemtime struct {
 	Year         uint16
 	Month        uint16
@@ -555,18 +997,26 @@ const (
 	AF_UNSPEC  = 0
 	AF_UNIX    = 1
 	AF_INET    = 2
-	AF_INET6   = 23
 	AF_NETBIOS = 17
+	AF_INET6   = 23
+	AF_IRDA    = 26
+	AF_BTH     = 32
 
 	SOCK_STREAM    = 1
 	SOCK_DGRAM     = 2
 	SOCK_RAW       = 3
+	SOCK_RDM       = 4
 	SOCK_SEQPACKET = 5
 
-	IPPROTO_IP   = 0
-	IPPROTO_IPV6 = 0x29
-	IPPROTO_TCP  = 6
-	IPPROTO_UDP  = 17
+	IPPROTO_IP      = 0
+	IPPROTO_ICMP    = 1
+	IPPROTO_IGMP    = 2
+	BTHPROTO_RFCOMM = 3
+	IPPROTO_TCP     = 6
+	IPPROTO_UDP     = 17
+	IPPROTO_IPV6    = 41
+	IPPROTO_ICMPV6  = 58
+	IPPROTO_RM      = 113
 
 	SOL_SOCKET                = 0xffff
 	SO_REUSEADDR              = 4
@@ -575,6 +1025,7 @@ const (
 	SO_BROADCAST              = 32
 	SO_LINGER                 = 128
 	SO_RCVBUF                 = 0x1002
+	SO_RCVTIMEO               = 0x1006
 	SO_SNDBUF                 = 0x1001
 	SO_UPDATE_ACCEPT_CONTEXT  = 0x700b
 	SO_UPDATE_CONNECT_CONTEXT = 0x7010
@@ -590,6 +1041,7 @@ const (
 
 	// cf. http://support.microsoft.com/default.aspx?scid=kb;en-us;257460
 
+	IP_HDRINCL         = 0x2
 	IP_TOS             = 0x3
 	IP_TTL             = 0x4
 	IP_MULTICAST_IF    = 0x9
@@ -597,6 +1049,7 @@ const (
 	IP_MULTICAST_LOOP  = 0xb
 	IP_ADD_MEMBERSHIP  = 0xc
 	IP_DROP_MEMBERSHIP = 0xd
+	IP_PKTINFO         = 0x13
 
 	IPV6_V6ONLY         = 0x1b
 	IPV6_UNICAST_HOPS   = 0x4
@@ -605,6 +1058,7 @@ const (
 	IPV6_MULTICAST_LOOP = 0xb
 	IPV6_JOIN_GROUP     = 0xc
 	IPV6_LEAVE_GROUP    = 0xd
+	IPV6_PKTINFO        = 0x13
 
 	MSG_OOB       = 0x1
 	MSG_PEEK      = 0x2
@@ -642,6 +1096,18 @@ type WSAMsg struct {
 	Flags       uint32
 }
 
+// Flags for WSASocket
+const (
+	WSA_FLAG_OVERLAPPED             = 0x01
+	WSA_FLAG_MULTIPOINT_C_ROOT      = 0x02
+	WSA_FLAG_MULTIPOINT_C_LEAF      = 0x04
+	WSA_FLAG_MULTIPOINT_D_ROOT      = 0x08
+	WSA_FLAG_MULTIPOINT_D_LEAF      = 0x10
+	WSA_FLAG_ACCESS_SYSTEM_SECURITY = 0x40
+	WSA_FLAG_NO_HANDLE_INHERIT      = 0x80
+	WSA_FLAG_REGISTERED_IO          = 0x100
+)
+
 // Invented values to support what package os expects.
 const (
 	S_IFMT   = 0x1f000
@@ -748,10 +1214,6 @@ const (
 	DNS_TYPE_NBSTAT  = 0xff01
 )
 
-const (
-	DNS_INFO_NO_RECORDS = 0x251D
-)
-
 const (
 	// flags inside DNSRecord.Dw
 	DnsSectionQuestion   = 0x0000
@@ -902,7 +1364,57 @@ type MibIfRow struct {
 }
 
 type CertInfo struct {
-	// Not implemented
+	Version              uint32
+	SerialNumber         CryptIntegerBlob
+	SignatureAlgorithm   CryptAlgorithmIdentifier
+	Issuer               CertNameBlob
+	NotBefore            Filetime
+	NotAfter             Filetime
+	Subject              CertNameBlob
+	SubjectPublicKeyInfo CertPublicKeyInfo
+	IssuerUniqueId       CryptBitBlob
+	SubjectUniqueId      CryptBitBlob
+	CountExtensions      uint32
+	Extensions           *CertExtension
+}
+
+type CertExtension struct {
+	ObjId    *byte
+	Critical int32
+	Value    CryptObjidBlob
+}
+
+type CryptAlgorithmIdentifier struct {
+	ObjId      *byte
+	Parameters CryptObjidBlob
+}
+
+type CertPublicKeyInfo struct {
+	Algorithm CryptAlgorithmIdentifier
+	PublicKey CryptBitBlob
+}
+
+type DataBlob struct {
+	Size uint32
+	Data *byte
+}
+type CryptIntegerBlob DataBlob
+type CryptUintBlob DataBlob
+type CryptObjidBlob DataBlob
+type CertNameBlob DataBlob
+type CertRdnValueBlob DataBlob
+type CertBlob DataBlob
+type CrlBlob DataBlob
+type CryptDataBlob DataBlob
+type CryptHashBlob DataBlob
+type CryptDigestBlob DataBlob
+type CryptDerBlob DataBlob
+type CryptAttrBlob DataBlob
+
+type CryptBitBlob struct {
+	Size       uint32
+	Data       *byte
+	UnusedBits uint32
 }
 
 type CertContext struct {
@@ -1008,6 +1520,79 @@ type CertChainPolicyStatus struct {
 	ExtraPolicyStatus Pointer
 }
 
+type CertPolicyInfo struct {
+	Identifier      *byte
+	CountQualifiers uint32
+	Qualifiers      *CertPolicyQualifierInfo
+}
+
+type CertPoliciesInfo struct {
+	Count       uint32
+	PolicyInfos *CertPolicyInfo
+}
+
+type CertPolicyQualifierInfo struct {
+	// Not implemented
+}
+
+type CertStrongSignPara struct {
+	Size                      uint32
+	InfoChoice                uint32
+	InfoOrSerializedInfoOrOID unsafe.Pointer
+}
+
+type CryptProtectPromptStruct struct {
+	Size        uint32
+	PromptFlags uint32
+	App         HWND
+	Prompt      *uint16
+}
+
+type CertChainFindByIssuerPara struct {
+	Size                   uint32
+	UsageIdentifier        *byte
+	KeySpec                uint32
+	AcquirePrivateKeyFlags uint32
+	IssuerCount            uint32
+	Issuer                 Pointer
+	FindCallback           Pointer
+	FindArg                Pointer
+	IssuerChainIndex       *uint32
+	IssuerElementIndex     *uint32
+}
+
+type WinTrustData struct {
+	Size                            uint32
+	PolicyCallbackData              uintptr
+	SIPClientData                   uintptr
+	UIChoice                        uint32
+	RevocationChecks                uint32
+	UnionChoice                     uint32
+	FileOrCatalogOrBlobOrSgnrOrCert unsafe.Pointer
+	StateAction                     uint32
+	StateData                       Handle
+	URLReference                    *uint16
+	ProvFlags                       uint32
+	UIContext                       uint32
+	SignatureSettings               *WinTrustSignatureSettings
+}
+
+type WinTrustFileInfo struct {
+	Size         uint32
+	FilePath     *uint16
+	File         Handle
+	KnownSubject *GUID
+}
+
+type WinTrustSignatureSettings struct {
+	Size             uint32
+	Index            uint32
+	Flags            uint32
+	SecondarySigs    uint32
+	VerifiedSigIndex uint32
+	CryptoPolicy     *CertStrongSignPara
+}
+
 const (
 	// do not reorder
 	HKEY_CLASSES_ROOT = 0x80000000 + iota
@@ -1050,6 +1635,28 @@ const (
 	REG_QWORD = REG_QWORD_LITTLE_ENDIAN
 )
 
+const (
+	EVENT_MODIFY_STATE = 0x0002
+	EVENT_ALL_ACCESS   = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3
+
+	MUTANT_QUERY_STATE = 0x0001
+	MUTANT_ALL_ACCESS  = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | MUTANT_QUERY_STATE
+
+	SEMAPHORE_MODIFY_STATE = 0x0002
+	SEMAPHORE_ALL_ACCESS   = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3
+
+	TIMER_QUERY_STATE  = 0x0001
+	TIMER_MODIFY_STATE = 0x0002
+	TIMER_ALL_ACCESS   = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | TIMER_QUERY_STATE | TIMER_MODIFY_STATE
+
+	MUTEX_MODIFY_STATE = MUTANT_QUERY_STATE
+	MUTEX_ALL_ACCESS   = MUTANT_ALL_ACCESS
+
+	CREATE_EVENT_MANUAL_RESET  = 0x1
+	CREATE_EVENT_INITIAL_SET   = 0x2
+	CREATE_MUTEX_INITIAL_OWNER = 0x1
+)
+
 type AddrinfoW struct {
 	Flags     int32
 	Family    int32
@@ -1194,7 +1801,53 @@ type reparseDataBuffer struct {
 }
 
 const (
-	FSCTL_GET_REPARSE_POINT          = 0x900A8
+	FSCTL_CREATE_OR_GET_OBJECT_ID             = 0x0900C0
+	FSCTL_DELETE_OBJECT_ID                    = 0x0900A0
+	FSCTL_DELETE_REPARSE_POINT                = 0x0900AC
+	FSCTL_DUPLICATE_EXTENTS_TO_FILE           = 0x098344
+	FSCTL_DUPLICATE_EXTENTS_TO_FILE_EX        = 0x0983E8
+	FSCTL_FILESYSTEM_GET_STATISTICS           = 0x090060
+	FSCTL_FILE_LEVEL_TRIM                     = 0x098208
+	FSCTL_FIND_FILES_BY_SID                   = 0x09008F
+	FSCTL_GET_COMPRESSION                     = 0x09003C
+	FSCTL_GET_INTEGRITY_INFORMATION           = 0x09027C
+	FSCTL_GET_NTFS_VOLUME_DATA                = 0x090064
+	FSCTL_GET_REFS_VOLUME_DATA                = 0x0902D8
+	FSCTL_GET_OBJECT_ID                       = 0x09009C
+	FSCTL_GET_REPARSE_POINT                   = 0x0900A8
+	FSCTL_GET_RETRIEVAL_POINTER_COUNT         = 0x09042B
+	FSCTL_GET_RETRIEVAL_POINTERS              = 0x090073
+	FSCTL_GET_RETRIEVAL_POINTERS_AND_REFCOUNT = 0x0903D3
+	FSCTL_IS_PATHNAME_VALID                   = 0x09002C
+	FSCTL_LMR_SET_LINK_TRACKING_INFORMATION   = 0x1400EC
+	FSCTL_MARK_HANDLE                         = 0x0900FC
+	FSCTL_OFFLOAD_READ                        = 0x094264
+	FSCTL_OFFLOAD_WRITE                       = 0x098268
+	FSCTL_PIPE_PEEK                           = 0x11400C
+	FSCTL_PIPE_TRANSCEIVE                     = 0x11C017
+	FSCTL_PIPE_WAIT                           = 0x110018
+	FSCTL_QUERY_ALLOCATED_RANGES              = 0x0940CF
+	FSCTL_QUERY_FAT_BPB                       = 0x090058
+	FSCTL_QUERY_FILE_REGIONS                  = 0x090284
+	FSCTL_QUERY_ON_DISK_VOLUME_INFO           = 0x09013C
+	FSCTL_QUERY_SPARING_INFO                  = 0x090138
+	FSCTL_READ_FILE_USN_DATA                  = 0x0900EB
+	FSCTL_RECALL_FILE                         = 0x090117
+	FSCTL_REFS_STREAM_SNAPSHOT_MANAGEMENT     = 0x090440
+	FSCTL_SET_COMPRESSION                     = 0x09C040
+	FSCTL_SET_DEFECT_MANAGEMENT               = 0x098134
+	FSCTL_SET_ENCRYPTION                      = 0x0900D7
+	FSCTL_SET_INTEGRITY_INFORMATION           = 0x09C280
+	FSCTL_SET_INTEGRITY_INFORMATION_EX        = 0x090380
+	FSCTL_SET_OBJECT_ID                       = 0x090098
+	FSCTL_SET_OBJECT_ID_EXTENDED              = 0x0900BC
+	FSCTL_SET_REPARSE_POINT                   = 0x0900A4
+	FSCTL_SET_SPARSE                          = 0x0900C4
+	FSCTL_SET_ZERO_DATA                       = 0x0980C8
+	FSCTL_SET_ZERO_ON_DEALLOCATION            = 0x090194
+	FSCTL_SIS_COPYFILE                        = 0x090100
+	FSCTL_WRITE_USN_CLOSE_RECORD              = 0x0900EF
+
 	MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 16 * 1024
 	IO_REPARSE_TAG_MOUNT_POINT       = 0xA0000003
 	IO_REPARSE_TAG_SYMLINK           = 0xA000000C
@@ -1213,6 +1866,41 @@ const (
 	ComputerNameMax                       = 8
 )
 
+// For MessageBox()
+const (
+	MB_OK                   = 0x00000000
+	MB_OKCANCEL             = 0x00000001
+	MB_ABORTRETRYIGNORE     = 0x00000002
+	MB_YESNOCANCEL          = 0x00000003
+	MB_YESNO                = 0x00000004
+	MB_RETRYCANCEL          = 0x00000005
+	MB_CANCELTRYCONTINUE    = 0x00000006
+	MB_ICONHAND             = 0x00000010
+	MB_ICONQUESTION         = 0x00000020
+	MB_ICONEXCLAMATION      = 0x00000030
+	MB_ICONASTERISK         = 0x00000040
+	MB_USERICON             = 0x00000080
+	MB_ICONWARNING          = MB_ICONEXCLAMATION
+	MB_ICONERROR            = MB_ICONHAND
+	MB_ICONINFORMATION      = MB_ICONASTERISK
+	MB_ICONSTOP             = MB_ICONHAND
+	MB_DEFBUTTON1           = 0x00000000
+	MB_DEFBUTTON2           = 0x00000100
+	MB_DEFBUTTON3           = 0x00000200
+	MB_DEFBUTTON4           = 0x00000300
+	MB_APPLMODAL            = 0x00000000
+	MB_SYSTEMMODAL          = 0x00001000
+	MB_TASKMODAL            = 0x00002000
+	MB_HELP                 = 0x00004000
+	MB_NOFOCUS              = 0x00008000
+	MB_SETFOREGROUND        = 0x00010000
+	MB_DEFAULT_DESKTOP_ONLY = 0x00020000
+	MB_TOPMOST              = 0x00040000
+	MB_RIGHT                = 0x00080000
+	MB_RTLREADING           = 0x00100000
+	MB_SERVICE_NOTIFICATION = 0x00200000
+)
+
 const (
 	MOVEFILE_REPLACE_EXISTING      = 0x1
 	MOVEFILE_COPY_ALLOWED          = 0x2
@@ -1241,6 +1929,16 @@ type SocketAddress struct {
 	SockaddrLength int32
 }
 
+// IP returns an IPv4 or IPv6 address, or nil if the underlying SocketAddress is neither.
+func (addr *SocketAddress) IP() net.IP {
+	if uintptr(addr.SockaddrLength) >= unsafe.Sizeof(RawSockaddrInet4{}) && addr.Sockaddr.Addr.Family == AF_INET {
+		return (*RawSockaddrInet4)(unsafe.Pointer(addr.Sockaddr)).Addr[:]
+	} else if uintptr(addr.SockaddrLength) >= unsafe.Sizeof(RawSockaddrInet6{}) && addr.Sockaddr.Addr.Family == AF_INET6 {
+		return (*RawSockaddrInet6)(unsafe.Pointer(addr.Sockaddr)).Addr[:]
+	}
+	return nil
+}
+
 type IpAdapterUnicastAddress struct {
 	Length             uint32
 	Flags              uint32
@@ -1352,7 +2050,7 @@ type SmallRect struct {
 	Bottom int16
 }
 
-// Used with GetConsoleScreenBuffer to retreive information about a console
+// Used with GetConsoleScreenBuffer to retrieve information about a console
 // screen buffer. See
 // https://docs.microsoft.com/en-us/windows/console/console-screen-buffer-info-str
 // for details.
@@ -1364,3 +2062,1059 @@ type ConsoleScreenBufferInfo struct {
 	Window            SmallRect
 	MaximumWindowSize Coord
 }
+
+const UNIX_PATH_MAX = 108 // defined in afunix.h
+
+const (
+	// flags for JOBOBJECT_BASIC_LIMIT_INFORMATION.LimitFlags
+	JOB_OBJECT_LIMIT_ACTIVE_PROCESS             = 0x00000008
+	JOB_OBJECT_LIMIT_AFFINITY                   = 0x00000010
+	JOB_OBJECT_LIMIT_BREAKAWAY_OK               = 0x00000800
+	JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION = 0x00000400
+	JOB_OBJECT_LIMIT_JOB_MEMORY                 = 0x00000200
+	JOB_OBJECT_LIMIT_JOB_TIME                   = 0x00000004
+	JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE          = 0x00002000
+	JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME          = 0x00000040
+	JOB_OBJECT_LIMIT_PRIORITY_CLASS             = 0x00000020
+	JOB_OBJECT_LIMIT_PROCESS_MEMORY             = 0x00000100
+	JOB_OBJECT_LIMIT_PROCESS_TIME               = 0x00000002
+	JOB_OBJECT_LIMIT_SCHEDULING_CLASS           = 0x00000080
+	JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK        = 0x00001000
+	JOB_OBJECT_LIMIT_SUBSET_AFFINITY            = 0x00004000
+	JOB_OBJECT_LIMIT_WORKINGSET                 = 0x00000001
+)
+
+type IO_COUNTERS struct {
+	ReadOperationCount  uint64
+	WriteOperationCount uint64
+	OtherOperationCount uint64
+	ReadTransferCount   uint64
+	WriteTransferCount  uint64
+	OtherTransferCount  uint64
+}
+
+type JOBOBJECT_EXTENDED_LIMIT_INFORMATION struct {
+	BasicLimitInformation JOBOBJECT_BASIC_LIMIT_INFORMATION
+	IoInfo                IO_COUNTERS
+	ProcessMemoryLimit    uintptr
+	JobMemoryLimit        uintptr
+	PeakProcessMemoryUsed uintptr
+	PeakJobMemoryUsed     uintptr
+}
+
+const (
+	// UIRestrictionsClass
+	JOB_OBJECT_UILIMIT_DESKTOP          = 0x00000040
+	JOB_OBJECT_UILIMIT_DISPLAYSETTINGS  = 0x00000010
+	JOB_OBJECT_UILIMIT_EXITWINDOWS      = 0x00000080
+	JOB_OBJECT_UILIMIT_GLOBALATOMS      = 0x00000020
+	JOB_OBJECT_UILIMIT_HANDLES          = 0x00000001
+	JOB_OBJECT_UILIMIT_READCLIPBOARD    = 0x00000002
+	JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS = 0x00000008
+	JOB_OBJECT_UILIMIT_WRITECLIPBOARD   = 0x00000004
+)
+
+type JOBOBJECT_BASIC_UI_RESTRICTIONS struct {
+	UIRestrictionsClass uint32
+}
+
+const (
+	// JobObjectInformationClass
+	JobObjectAssociateCompletionPortInformation = 7
+	JobObjectBasicLimitInformation              = 2
+	JobObjectBasicUIRestrictions                = 4
+	JobObjectCpuRateControlInformation          = 15
+	JobObjectEndOfJobTimeInformation            = 6
+	JobObjectExtendedLimitInformation           = 9
+	JobObjectGroupInformation                   = 11
+	JobObjectGroupInformationEx                 = 14
+	JobObjectLimitViolationInformation2         = 35
+	JobObjectNetRateControlInformation          = 32
+	JobObjectNotificationLimitInformation       = 12
+	JobObjectNotificationLimitInformation2      = 34
+	JobObjectSecurityLimitInformation           = 5
+)
+
+const (
+	KF_FLAG_DEFAULT                          = 0x00000000
+	KF_FLAG_FORCE_APP_DATA_REDIRECTION       = 0x00080000
+	KF_FLAG_RETURN_FILTER_REDIRECTION_TARGET = 0x00040000
+	KF_FLAG_FORCE_PACKAGE_REDIRECTION        = 0x00020000
+	KF_FLAG_NO_PACKAGE_REDIRECTION           = 0x00010000
+	KF_FLAG_FORCE_APPCONTAINER_REDIRECTION   = 0x00020000
+	KF_FLAG_NO_APPCONTAINER_REDIRECTION      = 0x00010000
+	KF_FLAG_CREATE                           = 0x00008000
+	KF_FLAG_DONT_VERIFY                      = 0x00004000
+	KF_FLAG_DONT_UNEXPAND                    = 0x00002000
+	KF_FLAG_NO_ALIAS                         = 0x00001000
+	KF_FLAG_INIT                             = 0x00000800
+	KF_FLAG_DEFAULT_PATH                     = 0x00000400
+	KF_FLAG_NOT_PARENT_RELATIVE              = 0x00000200
+	KF_FLAG_SIMPLE_IDLIST                    = 0x00000100
+	KF_FLAG_ALIAS_ONLY                       = 0x80000000
+)
+
+type OsVersionInfoEx struct {
+	osVersionInfoSize uint32
+	MajorVersion      uint32
+	MinorVersion      uint32
+	BuildNumber       uint32
+	PlatformId        uint32
+	CsdVersion        [128]uint16
+	ServicePackMajor  uint16
+	ServicePackMinor  uint16
+	SuiteMask         uint16
+	ProductType       byte
+	_                 byte
+}
+
+const (
+	EWX_LOGOFF          = 0x00000000
+	EWX_SHUTDOWN        = 0x00000001
+	EWX_REBOOT          = 0x00000002
+	EWX_FORCE           = 0x00000004
+	EWX_POWEROFF        = 0x00000008
+	EWX_FORCEIFHUNG     = 0x00000010
+	EWX_QUICKRESOLVE    = 0x00000020
+	EWX_RESTARTAPPS     = 0x00000040
+	EWX_HYBRID_SHUTDOWN = 0x00400000
+	EWX_BOOTOPTIONS     = 0x01000000
+
+	SHTDN_REASON_FLAG_COMMENT_REQUIRED          = 0x01000000
+	SHTDN_REASON_FLAG_DIRTY_PROBLEM_ID_REQUIRED = 0x02000000
+	SHTDN_REASON_FLAG_CLEAN_UI                  = 0x04000000
+	SHTDN_REASON_FLAG_DIRTY_UI                  = 0x08000000
+	SHTDN_REASON_FLAG_USER_DEFINED              = 0x40000000
+	SHTDN_REASON_FLAG_PLANNED                   = 0x80000000
+	SHTDN_REASON_MAJOR_OTHER                    = 0x00000000
+	SHTDN_REASON_MAJOR_NONE                     = 0x00000000
+	SHTDN_REASON_MAJOR_HARDWARE                 = 0x00010000
+	SHTDN_REASON_MAJOR_OPERATINGSYSTEM          = 0x00020000
+	SHTDN_REASON_MAJOR_SOFTWARE                 = 0x00030000
+	SHTDN_REASON_MAJOR_APPLICATION              = 0x00040000
+	SHTDN_REASON_MAJOR_SYSTEM                   = 0x00050000
+	SHTDN_REASON_MAJOR_POWER                    = 0x00060000
+	SHTDN_REASON_MAJOR_LEGACY_API               = 0x00070000
+	SHTDN_REASON_MINOR_OTHER                    = 0x00000000
+	SHTDN_REASON_MINOR_NONE                     = 0x000000ff
+	SHTDN_REASON_MINOR_MAINTENANCE              = 0x00000001
+	SHTDN_REASON_MINOR_INSTALLATION             = 0x00000002
+	SHTDN_REASON_MINOR_UPGRADE                  = 0x00000003
+	SHTDN_REASON_MINOR_RECONFIG                 = 0x00000004
+	SHTDN_REASON_MINOR_HUNG                     = 0x00000005
+	SHTDN_REASON_MINOR_UNSTABLE                 = 0x00000006
+	SHTDN_REASON_MINOR_DISK                     = 0x00000007
+	SHTDN_REASON_MINOR_PROCESSOR                = 0x00000008
+	SHTDN_REASON_MINOR_NETWORKCARD              = 0x00000009
+	SHTDN_REASON_MINOR_POWER_SUPPLY             = 0x0000000a
+	SHTDN_REASON_MINOR_CORDUNPLUGGED            = 0x0000000b
+	SHTDN_REASON_MINOR_ENVIRONMENT              = 0x0000000c
+	SHTDN_REASON_MINOR_HARDWARE_DRIVER          = 0x0000000d
+	SHTDN_REASON_MINOR_OTHERDRIVER              = 0x0000000e
+	SHTDN_REASON_MINOR_BLUESCREEN               = 0x0000000F
+	SHTDN_REASON_MINOR_SERVICEPACK              = 0x00000010
+	SHTDN_REASON_MINOR_HOTFIX                   = 0x00000011
+	SHTDN_REASON_MINOR_SECURITYFIX              = 0x00000012
+	SHTDN_REASON_MINOR_SECURITY                 = 0x00000013
+	SHTDN_REASON_MINOR_NETWORK_CONNECTIVITY     = 0x00000014
+	SHTDN_REASON_MINOR_WMI                      = 0x00000015
+	SHTDN_REASON_MINOR_SERVICEPACK_UNINSTALL    = 0x00000016
+	SHTDN_REASON_MINOR_HOTFIX_UNINSTALL         = 0x00000017
+	SHTDN_REASON_MINOR_SECURITYFIX_UNINSTALL    = 0x00000018
+	SHTDN_REASON_MINOR_MMC                      = 0x00000019
+	SHTDN_REASON_MINOR_SYSTEMRESTORE            = 0x0000001a
+	SHTDN_REASON_MINOR_TERMSRV                  = 0x00000020
+	SHTDN_REASON_MINOR_DC_PROMOTION             = 0x00000021
+	SHTDN_REASON_MINOR_DC_DEMOTION              = 0x00000022
+	SHTDN_REASON_UNKNOWN                        = SHTDN_REASON_MINOR_NONE
+	SHTDN_REASON_LEGACY_API                     = SHTDN_REASON_MAJOR_LEGACY_API | SHTDN_REASON_FLAG_PLANNED
+	SHTDN_REASON_VALID_BIT_MASK                 = 0xc0ffffff
+
+	SHUTDOWN_NORETRY = 0x1
+)
+
+// Flags used for GetModuleHandleEx
+const (
+	GET_MODULE_HANDLE_EX_FLAG_PIN                = 1
+	GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT = 2
+	GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS       = 4
+)
+
+// MUI function flag values
+const (
+	MUI_LANGUAGE_ID                    = 0x4
+	MUI_LANGUAGE_NAME                  = 0x8
+	MUI_MERGE_SYSTEM_FALLBACK          = 0x10
+	MUI_MERGE_USER_FALLBACK            = 0x20
+	MUI_UI_FALLBACK                    = MUI_MERGE_SYSTEM_FALLBACK | MUI_MERGE_USER_FALLBACK
+	MUI_THREAD_LANGUAGES               = 0x40
+	MUI_CONSOLE_FILTER                 = 0x100
+	MUI_COMPLEX_SCRIPT_FILTER          = 0x200
+	MUI_RESET_FILTERS                  = 0x001
+	MUI_USER_PREFERRED_UI_LANGUAGES    = 0x10
+	MUI_USE_INSTALLED_LANGUAGES        = 0x20
+	MUI_USE_SEARCH_ALL_LANGUAGES       = 0x40
+	MUI_LANG_NEUTRAL_PE_FILE           = 0x100
+	MUI_NON_LANG_NEUTRAL_FILE          = 0x200
+	MUI_MACHINE_LANGUAGE_SETTINGS      = 0x400
+	MUI_FILETYPE_NOT_LANGUAGE_NEUTRAL  = 0x001
+	MUI_FILETYPE_LANGUAGE_NEUTRAL_MAIN = 0x002
+	MUI_FILETYPE_LANGUAGE_NEUTRAL_MUI  = 0x004
+	MUI_QUERY_TYPE                     = 0x001
+	MUI_QUERY_CHECKSUM                 = 0x002
+	MUI_QUERY_LANGUAGE_NAME            = 0x004
+	MUI_QUERY_RESOURCE_TYPES           = 0x008
+	MUI_FILEINFO_VERSION               = 0x001
+
+	MUI_FULL_LANGUAGE      = 0x01
+	MUI_PARTIAL_LANGUAGE   = 0x02
+	MUI_LIP_LANGUAGE       = 0x04
+	MUI_LANGUAGE_INSTALLED = 0x20
+	MUI_LANGUAGE_LICENSED  = 0x40
+)
+
+// FILE_INFO_BY_HANDLE_CLASS constants for SetFileInformationByHandle/GetFileInformationByHandleEx
+const (
+	FileBasicInfo                  = 0
+	FileStandardInfo               = 1
+	FileNameInfo                   = 2
+	FileRenameInfo                 = 3
+	FileDispositionInfo            = 4
+	FileAllocationInfo             = 5
+	FileEndOfFileInfo              = 6
+	FileStreamInfo                 = 7
+	FileCompressionInfo            = 8
+	FileAttributeTagInfo           = 9
+	FileIdBothDirectoryInfo        = 10
+	FileIdBothDirectoryRestartInfo = 11
+	FileIoPriorityHintInfo         = 12
+	FileRemoteProtocolInfo         = 13
+	FileFullDirectoryInfo          = 14
+	FileFullDirectoryRestartInfo   = 15
+	FileStorageInfo                = 16
+	FileAlignmentInfo              = 17
+	FileIdInfo                     = 18
+	FileIdExtdDirectoryInfo        = 19
+	FileIdExtdDirectoryRestartInfo = 20
+	FileDispositionInfoEx          = 21
+	FileRenameInfoEx               = 22
+	FileCaseSensitiveInfo          = 23
+	FileNormalizedNameInfo         = 24
+)
+
+// LoadLibrary flags for determining from where to search for a DLL
+const (
+	DONT_RESOLVE_DLL_REFERENCES               = 0x1
+	LOAD_LIBRARY_AS_DATAFILE                  = 0x2
+	LOAD_WITH_ALTERED_SEARCH_PATH             = 0x8
+	LOAD_IGNORE_CODE_AUTHZ_LEVEL              = 0x10
+	LOAD_LIBRARY_AS_IMAGE_RESOURCE            = 0x20
+	LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE        = 0x40
+	LOAD_LIBRARY_REQUIRE_SIGNED_TARGET        = 0x80
+	LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR          = 0x100
+	LOAD_LIBRARY_SEARCH_APPLICATION_DIR       = 0x200
+	LOAD_LIBRARY_SEARCH_USER_DIRS             = 0x400
+	LOAD_LIBRARY_SEARCH_SYSTEM32              = 0x800
+	LOAD_LIBRARY_SEARCH_DEFAULT_DIRS          = 0x1000
+	LOAD_LIBRARY_SAFE_CURRENT_DIRS            = 0x00002000
+	LOAD_LIBRARY_SEARCH_SYSTEM32_NO_FORWARDER = 0x00004000
+	LOAD_LIBRARY_OS_INTEGRITY_CONTINUITY      = 0x00008000
+)
+
+// RegNotifyChangeKeyValue notifyFilter flags.
+const (
+	// REG_NOTIFY_CHANGE_NAME notifies the caller if a subkey is added or deleted.
+	REG_NOTIFY_CHANGE_NAME = 0x00000001
+
+	// REG_NOTIFY_CHANGE_ATTRIBUTES notifies the caller of changes to the attributes of the key, such as the security descriptor information.
+	REG_NOTIFY_CHANGE_ATTRIBUTES = 0x00000002
+
+	// REG_NOTIFY_CHANGE_LAST_SET notifies the caller of changes to a value of the key. This can include adding or deleting a value, or changing an existing value.
+	REG_NOTIFY_CHANGE_LAST_SET = 0x00000004
+
+	// REG_NOTIFY_CHANGE_SECURITY notifies the caller of changes to the security descriptor of the key.
+	REG_NOTIFY_CHANGE_SECURITY = 0x00000008
+
+	// REG_NOTIFY_THREAD_AGNOSTIC indicates that the lifetime of the registration must not be tied to the lifetime of the thread issuing the RegNotifyChangeKeyValue call. Note: This flag value is only supported in Windows 8 and later.
+	REG_NOTIFY_THREAD_AGNOSTIC = 0x10000000
+)
+
+type CommTimeouts struct {
+	ReadIntervalTimeout         uint32
+	ReadTotalTimeoutMultiplier  uint32
+	ReadTotalTimeoutConstant    uint32
+	WriteTotalTimeoutMultiplier uint32
+	WriteTotalTimeoutConstant   uint32
+}
+
+// NTUnicodeString is a UTF-16 string for NT native APIs, corresponding to UNICODE_STRING.
+type NTUnicodeString struct {
+	Length        uint16
+	MaximumLength uint16
+	Buffer        *uint16
+}
+
+// NTString is an ANSI string for NT native APIs, corresponding to STRING.
+type NTString struct {
+	Length        uint16
+	MaximumLength uint16
+	Buffer        *byte
+}
+
+type LIST_ENTRY struct {
+	Flink *LIST_ENTRY
+	Blink *LIST_ENTRY
+}
+
+type RUNTIME_FUNCTION struct {
+	BeginAddress uint32
+	EndAddress   uint32
+	UnwindData   uint32
+}
+
+type LDR_DATA_TABLE_ENTRY struct {
+	reserved1          [2]uintptr
+	InMemoryOrderLinks LIST_ENTRY
+	reserved2          [2]uintptr
+	DllBase            uintptr
+	reserved3          [2]uintptr
+	FullDllName        NTUnicodeString
+	reserved4          [8]byte
+	reserved5          [3]uintptr
+	reserved6          uintptr
+	TimeDateStamp      uint32
+}
+
+type PEB_LDR_DATA struct {
+	reserved1               [8]byte
+	reserved2               [3]uintptr
+	InMemoryOrderModuleList LIST_ENTRY
+}
+
+type CURDIR struct {
+	DosPath NTUnicodeString
+	Handle  Handle
+}
+
+type RTL_DRIVE_LETTER_CURDIR struct {
+	Flags     uint16
+	Length    uint16
+	TimeStamp uint32
+	DosPath   NTString
+}
+
+type RTL_USER_PROCESS_PARAMETERS struct {
+	MaximumLength, Length uint32
+
+	Flags, DebugFlags uint32
+
+	ConsoleHandle                                Handle
+	ConsoleFlags                                 uint32
+	StandardInput, StandardOutput, StandardError Handle
+
+	CurrentDirectory CURDIR
+	DllPath          NTUnicodeString
+	ImagePathName    NTUnicodeString
+	CommandLine      NTUnicodeString
+	Environment      unsafe.Pointer
+
+	StartingX, StartingY, CountX, CountY, CountCharsX, CountCharsY, FillAttribute uint32
+
+	WindowFlags, ShowWindowFlags                     uint32
+	WindowTitle, DesktopInfo, ShellInfo, RuntimeData NTUnicodeString
+	CurrentDirectories                               [32]RTL_DRIVE_LETTER_CURDIR
+
+	EnvironmentSize, EnvironmentVersion uintptr
+
+	PackageDependencyData unsafe.Pointer
+	ProcessGroupId        uint32
+	LoaderThreads         uint32
+
+	RedirectionDllName               NTUnicodeString
+	HeapPartitionName                NTUnicodeString
+	DefaultThreadpoolCpuSetMasks     uintptr
+	DefaultThreadpoolCpuSetMaskCount uint32
+}
+
+type PEB struct {
+	reserved1              [2]byte
+	BeingDebugged          byte
+	BitField               byte
+	reserved3              uintptr
+	ImageBaseAddress       uintptr
+	Ldr                    *PEB_LDR_DATA
+	ProcessParameters      *RTL_USER_PROCESS_PARAMETERS
+	reserved4              [3]uintptr
+	AtlThunkSListPtr       uintptr
+	reserved5              uintptr
+	reserved6              uint32
+	reserved7              uintptr
+	reserved8              uint32
+	AtlThunkSListPtr32     uint32
+	reserved9              [45]uintptr
+	reserved10             [96]byte
+	PostProcessInitRoutine uintptr
+	reserved11             [128]byte
+	reserved12             [1]uintptr
+	SessionId              uint32
+}
+
+type OBJECT_ATTRIBUTES struct {
+	Length             uint32
+	RootDirectory      Handle
+	ObjectName         *NTUnicodeString
+	Attributes         uint32
+	SecurityDescriptor *SECURITY_DESCRIPTOR
+	SecurityQoS        *SECURITY_QUALITY_OF_SERVICE
+}
+
+// Values for the Attributes member of OBJECT_ATTRIBUTES.
+const (
+	OBJ_INHERIT                       = 0x00000002
+	OBJ_PERMANENT                     = 0x00000010
+	OBJ_EXCLUSIVE                     = 0x00000020
+	OBJ_CASE_INSENSITIVE              = 0x00000040
+	OBJ_OPENIF                        = 0x00000080
+	OBJ_OPENLINK                      = 0x00000100
+	OBJ_KERNEL_HANDLE                 = 0x00000200
+	OBJ_FORCE_ACCESS_CHECK            = 0x00000400
+	OBJ_IGNORE_IMPERSONATED_DEVICEMAP = 0x00000800
+	OBJ_DONT_REPARSE                  = 0x00001000
+	OBJ_VALID_ATTRIBUTES              = 0x00001FF2
+)
+
+type IO_STATUS_BLOCK struct {
+	Status      NTStatus
+	Information uintptr
+}
+
+type RTLP_CURDIR_REF struct {
+	RefCount int32
+	Handle   Handle
+}
+
+type RTL_RELATIVE_NAME struct {
+	RelativeName        NTUnicodeString
+	ContainingDirectory Handle
+	CurDirRef           *RTLP_CURDIR_REF
+}
+
+const (
+	// CreateDisposition flags for NtCreateFile and NtCreateNamedPipeFile.
+	FILE_SUPERSEDE           = 0x00000000
+	FILE_OPEN                = 0x00000001
+	FILE_CREATE              = 0x00000002
+	FILE_OPEN_IF             = 0x00000003
+	FILE_OVERWRITE           = 0x00000004
+	FILE_OVERWRITE_IF        = 0x00000005
+	FILE_MAXIMUM_DISPOSITION = 0x00000005
+
+	// CreateOptions flags for NtCreateFile and NtCreateNamedPipeFile.
+	FILE_DIRECTORY_FILE            = 0x00000001
+	FILE_WRITE_THROUGH             = 0x00000002
+	FILE_SEQUENTIAL_ONLY           = 0x00000004
+	FILE_NO_INTERMEDIATE_BUFFERING = 0x00000008
+	FILE_SYNCHRONOUS_IO_ALERT      = 0x00000010
+	FILE_SYNCHRONOUS_IO_NONALERT   = 0x00000020
+	FILE_NON_DIRECTORY_FILE        = 0x00000040
+	FILE_CREATE_TREE_CONNECTION    = 0x00000080
+	FILE_COMPLETE_IF_OPLOCKED      = 0x00000100
+	FILE_NO_EA_KNOWLEDGE           = 0x00000200
+	FILE_OPEN_REMOTE_INSTANCE      = 0x00000400
+	FILE_RANDOM_ACCESS             = 0x00000800
+	FILE_DELETE_ON_CLOSE           = 0x00001000
+	FILE_OPEN_BY_FILE_ID           = 0x00002000
+	FILE_OPEN_FOR_BACKUP_INTENT    = 0x00004000
+	FILE_NO_COMPRESSION            = 0x00008000
+	FILE_OPEN_REQUIRING_OPLOCK     = 0x00010000
+	FILE_DISALLOW_EXCLUSIVE        = 0x00020000
+	FILE_RESERVE_OPFILTER          = 0x00100000
+	FILE_OPEN_REPARSE_POINT        = 0x00200000
+	FILE_OPEN_NO_RECALL            = 0x00400000
+	FILE_OPEN_FOR_FREE_SPACE_QUERY = 0x00800000
+
+	// Parameter constants for NtCreateNamedPipeFile.
+
+	FILE_PIPE_BYTE_STREAM_TYPE = 0x00000000
+	FILE_PIPE_MESSAGE_TYPE     = 0x00000001
+
+	FILE_PIPE_ACCEPT_REMOTE_CLIENTS = 0x00000000
+	FILE_PIPE_REJECT_REMOTE_CLIENTS = 0x00000002
+
+	FILE_PIPE_TYPE_VALID_MASK = 0x00000003
+
+	FILE_PIPE_BYTE_STREAM_MODE = 0x00000000
+	FILE_PIPE_MESSAGE_MODE     = 0x00000001
+
+	FILE_PIPE_QUEUE_OPERATION    = 0x00000000
+	FILE_PIPE_COMPLETE_OPERATION = 0x00000001
+
+	FILE_PIPE_INBOUND     = 0x00000000
+	FILE_PIPE_OUTBOUND    = 0x00000001
+	FILE_PIPE_FULL_DUPLEX = 0x00000002
+
+	FILE_PIPE_DISCONNECTED_STATE = 0x00000001
+	FILE_PIPE_LISTENING_STATE    = 0x00000002
+	FILE_PIPE_CONNECTED_STATE    = 0x00000003
+	FILE_PIPE_CLOSING_STATE      = 0x00000004
+
+	FILE_PIPE_CLIENT_END = 0x00000000
+	FILE_PIPE_SERVER_END = 0x00000001
+)
+
+const (
+	// FileInformationClass for NtSetInformationFile
+	FileBasicInformation                         = 4
+	FileRenameInformation                        = 10
+	FileDispositionInformation                   = 13
+	FilePositionInformation                      = 14
+	FileEndOfFileInformation                     = 20
+	FileValidDataLengthInformation               = 39
+	FileShortNameInformation                     = 40
+	FileIoPriorityHintInformation                = 43
+	FileReplaceCompletionInformation             = 61
+	FileDispositionInformationEx                 = 64
+	FileCaseSensitiveInformation                 = 71
+	FileLinkInformation                          = 72
+	FileCaseSensitiveInformationForceAccessCheck = 75
+	FileKnownFolderInformation                   = 76
+
+	// Flags for FILE_RENAME_INFORMATION
+	FILE_RENAME_REPLACE_IF_EXISTS                    = 0x00000001
+	FILE_RENAME_POSIX_SEMANTICS                      = 0x00000002
+	FILE_RENAME_SUPPRESS_PIN_STATE_INHERITANCE       = 0x00000004
+	FILE_RENAME_SUPPRESS_STORAGE_RESERVE_INHERITANCE = 0x00000008
+	FILE_RENAME_NO_INCREASE_AVAILABLE_SPACE          = 0x00000010
+	FILE_RENAME_NO_DECREASE_AVAILABLE_SPACE          = 0x00000020
+	FILE_RENAME_PRESERVE_AVAILABLE_SPACE             = 0x00000030
+	FILE_RENAME_IGNORE_READONLY_ATTRIBUTE            = 0x00000040
+	FILE_RENAME_FORCE_RESIZE_TARGET_SR               = 0x00000080
+	FILE_RENAME_FORCE_RESIZE_SOURCE_SR               = 0x00000100
+	FILE_RENAME_FORCE_RESIZE_SR                      = 0x00000180
+
+	// Flags for FILE_DISPOSITION_INFORMATION_EX
+	FILE_DISPOSITION_DO_NOT_DELETE             = 0x00000000
+	FILE_DISPOSITION_DELETE                    = 0x00000001
+	FILE_DISPOSITION_POSIX_SEMANTICS           = 0x00000002
+	FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK = 0x00000004
+	FILE_DISPOSITION_ON_CLOSE                  = 0x00000008
+	FILE_DISPOSITION_IGNORE_READONLY_ATTRIBUTE = 0x00000010
+
+	// Flags for FILE_CASE_SENSITIVE_INFORMATION
+	FILE_CS_FLAG_CASE_SENSITIVE_DIR = 0x00000001
+
+	// Flags for FILE_LINK_INFORMATION
+	FILE_LINK_REPLACE_IF_EXISTS                    = 0x00000001
+	FILE_LINK_POSIX_SEMANTICS                      = 0x00000002
+	FILE_LINK_SUPPRESS_STORAGE_RESERVE_INHERITANCE = 0x00000008
+	FILE_LINK_NO_INCREASE_AVAILABLE_SPACE          = 0x00000010
+	FILE_LINK_NO_DECREASE_AVAILABLE_SPACE          = 0x00000020
+	FILE_LINK_PRESERVE_AVAILABLE_SPACE             = 0x00000030
+	FILE_LINK_IGNORE_READONLY_ATTRIBUTE            = 0x00000040
+	FILE_LINK_FORCE_RESIZE_TARGET_SR               = 0x00000080
+	FILE_LINK_FORCE_RESIZE_SOURCE_SR               = 0x00000100
+	FILE_LINK_FORCE_RESIZE_SR                      = 0x00000180
+)
+
+// ProcessInformationClasses for NtQueryInformationProcess and NtSetInformationProcess.
+const (
+	ProcessBasicInformation = iota
+	ProcessQuotaLimits
+	ProcessIoCounters
+	ProcessVmCounters
+	ProcessTimes
+	ProcessBasePriority
+	ProcessRaisePriority
+	ProcessDebugPort
+	ProcessExceptionPort
+	ProcessAccessToken
+	ProcessLdtInformation
+	ProcessLdtSize
+	ProcessDefaultHardErrorMode
+	ProcessIoPortHandlers
+	ProcessPooledUsageAndLimits
+	ProcessWorkingSetWatch
+	ProcessUserModeIOPL
+	ProcessEnableAlignmentFaultFixup
+	ProcessPriorityClass
+	ProcessWx86Information
+	ProcessHandleCount
+	ProcessAffinityMask
+	ProcessPriorityBoost
+	ProcessDeviceMap
+	ProcessSessionInformation
+	ProcessForegroundInformation
+	ProcessWow64Information
+	ProcessImageFileName
+	ProcessLUIDDeviceMapsEnabled
+	ProcessBreakOnTermination
+	ProcessDebugObjectHandle
+	ProcessDebugFlags
+	ProcessHandleTracing
+	ProcessIoPriority
+	ProcessExecuteFlags
+	ProcessTlsInformation
+	ProcessCookie
+	ProcessImageInformation
+	ProcessCycleTime
+	ProcessPagePriority
+	ProcessInstrumentationCallback
+	ProcessThreadStackAllocation
+	ProcessWorkingSetWatchEx
+	ProcessImageFileNameWin32
+	ProcessImageFileMapping
+	ProcessAffinityUpdateMode
+	ProcessMemoryAllocationMode
+	ProcessGroupInformation
+	ProcessTokenVirtualizationEnabled
+	ProcessConsoleHostProcess
+	ProcessWindowInformation
+	ProcessHandleInformation
+	ProcessMitigationPolicy
+	ProcessDynamicFunctionTableInformation
+	ProcessHandleCheckingMode
+	ProcessKeepAliveCount
+	ProcessRevokeFileHandles
+	ProcessWorkingSetControl
+	ProcessHandleTable
+	ProcessCheckStackExtentsMode
+	ProcessCommandLineInformation
+	ProcessProtectionInformation
+	ProcessMemoryExhaustion
+	ProcessFaultInformation
+	ProcessTelemetryIdInformation
+	ProcessCommitReleaseInformation
+	ProcessDefaultCpuSetsInformation
+	ProcessAllowedCpuSetsInformation
+	ProcessSubsystemProcess
+	ProcessJobMemoryInformation
+	ProcessInPrivate
+	ProcessRaiseUMExceptionOnInvalidHandleClose
+	ProcessIumChallengeResponse
+	ProcessChildProcessInformation
+	ProcessHighGraphicsPriorityInformation
+	ProcessSubsystemInformation
+	ProcessEnergyValues
+	ProcessActivityThrottleState
+	ProcessActivityThrottlePolicy
+	ProcessWin32kSyscallFilterInformation
+	ProcessDisableSystemAllowedCpuSets
+	ProcessWakeInformation
+	ProcessEnergyTrackingState
+	ProcessManageWritesToExecutableMemory
+	ProcessCaptureTrustletLiveDump
+	ProcessTelemetryCoverage
+	ProcessEnclaveInformation
+	ProcessEnableReadWriteVmLogging
+	ProcessUptimeInformation
+	ProcessImageSection
+	ProcessDebugAuthInformation
+	ProcessSystemResourceManagement
+	ProcessSequenceNumber
+	ProcessLoaderDetour
+	ProcessSecurityDomainInformation
+	ProcessCombineSecurityDomainsInformation
+	ProcessEnableLogging
+	ProcessLeapSecondInformation
+	ProcessFiberShadowStackAllocation
+	ProcessFreeFiberShadowStackAllocation
+	ProcessAltSystemCallInformation
+	ProcessDynamicEHContinuationTargets
+	ProcessDynamicEnforcedCetCompatibleRanges
+)
+
+type PROCESS_BASIC_INFORMATION struct {
+	ExitStatus                   NTStatus
+	PebBaseAddress               *PEB
+	AffinityMask                 uintptr
+	BasePriority                 int32
+	UniqueProcessId              uintptr
+	InheritedFromUniqueProcessId uintptr
+}
+
+// SystemInformationClasses for NtQuerySystemInformation and NtSetSystemInformation
+const (
+	SystemBasicInformation = iota
+	SystemProcessorInformation
+	SystemPerformanceInformation
+	SystemTimeOfDayInformation
+	SystemPathInformation
+	SystemProcessInformation
+	SystemCallCountInformation
+	SystemDeviceInformation
+	SystemProcessorPerformanceInformation
+	SystemFlagsInformation
+	SystemCallTimeInformation
+	SystemModuleInformation
+	SystemLocksInformation
+	SystemStackTraceInformation
+	SystemPagedPoolInformation
+	SystemNonPagedPoolInformation
+	SystemHandleInformation
+	SystemObjectInformation
+	SystemPageFileInformation
+	SystemVdmInstemulInformation
+	SystemVdmBopInformation
+	SystemFileCacheInformation
+	SystemPoolTagInformation
+	SystemInterruptInformation
+	SystemDpcBehaviorInformation
+	SystemFullMemoryInformation
+	SystemLoadGdiDriverInformation
+	SystemUnloadGdiDriverInformation
+	SystemTimeAdjustmentInformation
+	SystemSummaryMemoryInformation
+	SystemMirrorMemoryInformation
+	SystemPerformanceTraceInformation
+	systemObsolete0
+	SystemExceptionInformation
+	SystemCrashDumpStateInformation
+	SystemKernelDebuggerInformation
+	SystemContextSwitchInformation
+	SystemRegistryQuotaInformation
+	SystemExtendServiceTableInformation
+	SystemPrioritySeperation
+	SystemVerifierAddDriverInformation
+	SystemVerifierRemoveDriverInformation
+	SystemProcessorIdleInformation
+	SystemLegacyDriverInformation
+	SystemCurrentTimeZoneInformation
+	SystemLookasideInformation
+	SystemTimeSlipNotification
+	SystemSessionCreate
+	SystemSessionDetach
+	SystemSessionInformation
+	SystemRangeStartInformation
+	SystemVerifierInformation
+	SystemVerifierThunkExtend
+	SystemSessionProcessInformation
+	SystemLoadGdiDriverInSystemSpace
+	SystemNumaProcessorMap
+	SystemPrefetcherInformation
+	SystemExtendedProcessInformation
+	SystemRecommendedSharedDataAlignment
+	SystemComPlusPackage
+	SystemNumaAvailableMemory
+	SystemProcessorPowerInformation
+	SystemEmulationBasicInformation
+	SystemEmulationProcessorInformation
+	SystemExtendedHandleInformation
+	SystemLostDelayedWriteInformation
+	SystemBigPoolInformation
+	SystemSessionPoolTagInformation
+	SystemSessionMappedViewInformation
+	SystemHotpatchInformation
+	SystemObjectSecurityMode
+	SystemWatchdogTimerHandler
+	SystemWatchdogTimerInformation
+	SystemLogicalProcessorInformation
+	SystemWow64SharedInformationObsolete
+	SystemRegisterFirmwareTableInformationHandler
+	SystemFirmwareTableInformation
+	SystemModuleInformationEx
+	SystemVerifierTriageInformation
+	SystemSuperfetchInformation
+	SystemMemoryListInformation
+	SystemFileCacheInformationEx
+	SystemThreadPriorityClientIdInformation
+	SystemProcessorIdleCycleTimeInformation
+	SystemVerifierCancellationInformation
+	SystemProcessorPowerInformationEx
+	SystemRefTraceInformation
+	SystemSpecialPoolInformation
+	SystemProcessIdInformation
+	SystemErrorPortInformation
+	SystemBootEnvironmentInformation
+	SystemHypervisorInformation
+	SystemVerifierInformationEx
+	SystemTimeZoneInformation
+	SystemImageFileExecutionOptionsInformation
+	SystemCoverageInformation
+	SystemPrefetchPatchInformation
+	SystemVerifierFaultsInformation
+	SystemSystemPartitionInformation
+	SystemSystemDiskInformation
+	SystemProcessorPerformanceDistribution
+	SystemNumaProximityNodeInformation
+	SystemDynamicTimeZoneInformation
+	SystemCodeIntegrityInformation
+	SystemProcessorMicrocodeUpdateInformation
+	SystemProcessorBrandString
+	SystemVirtualAddressInformation
+	SystemLogicalProcessorAndGroupInformation
+	SystemProcessorCycleTimeInformation
+	SystemStoreInformation
+	SystemRegistryAppendString
+	SystemAitSamplingValue
+	SystemVhdBootInformation
+	SystemCpuQuotaInformation
+	SystemNativeBasicInformation
+	systemSpare1
+	SystemLowPriorityIoInformation
+	SystemTpmBootEntropyInformation
+	SystemVerifierCountersInformation
+	SystemPagedPoolInformationEx
+	SystemSystemPtesInformationEx
+	SystemNodeDistanceInformation
+	SystemAcpiAuditInformation
+	SystemBasicPerformanceInformation
+	SystemQueryPerformanceCounterInformation
+	SystemSessionBigPoolInformation
+	SystemBootGraphicsInformation
+	SystemScrubPhysicalMemoryInformation
+	SystemBadPageInformation
+	SystemProcessorProfileControlArea
+	SystemCombinePhysicalMemoryInformation
+	SystemEntropyInterruptTimingCallback
+	SystemConsoleInformation
+	SystemPlatformBinaryInformation
+	SystemThrottleNotificationInformation
+	SystemHypervisorProcessorCountInformation
+	SystemDeviceDataInformation
+	SystemDeviceDataEnumerationInformation
+	SystemMemoryTopologyInformation
+	SystemMemoryChannelInformation
+	SystemBootLogoInformation
+	SystemProcessorPerformanceInformationEx
+	systemSpare0
+	SystemSecureBootPolicyInformation
+	SystemPageFileInformationEx
+	SystemSecureBootInformation
+	SystemEntropyInterruptTimingRawInformation
+	SystemPortableWorkspaceEfiLauncherInformation
+	SystemFullProcessInformation
+	SystemKernelDebuggerInformationEx
+	SystemBootMetadataInformation
+	SystemSoftRebootInformation
+	SystemElamCertificateInformation
+	SystemOfflineDumpConfigInformation
+	SystemProcessorFeaturesInformation
+	SystemRegistryReconciliationInformation
+	SystemEdidInformation
+	SystemManufacturingInformation
+	SystemEnergyEstimationConfigInformation
+	SystemHypervisorDetailInformation
+	SystemProcessorCycleStatsInformation
+	SystemVmGenerationCountInformation
+	SystemTrustedPlatformModuleInformation
+	SystemKernelDebuggerFlags
+	SystemCodeIntegrityPolicyInformation
+	SystemIsolatedUserModeInformation
+	SystemHardwareSecurityTestInterfaceResultsInformation
+	SystemSingleModuleInformation
+	SystemAllowedCpuSetsInformation
+	SystemDmaProtectionInformation
+	SystemInterruptCpuSetsInformation
+	SystemSecureBootPolicyFullInformation
+	SystemCodeIntegrityPolicyFullInformation
+	SystemAffinitizedInterruptProcessorInformation
+	SystemRootSiloInformation
+)
+
+type RTL_PROCESS_MODULE_INFORMATION struct {
+	Section          Handle
+	MappedBase       uintptr
+	ImageBase        uintptr
+	ImageSize        uint32
+	Flags            uint32
+	LoadOrderIndex   uint16
+	InitOrderIndex   uint16
+	LoadCount        uint16
+	OffsetToFileName uint16
+	FullPathName     [256]byte
+}
+
+type RTL_PROCESS_MODULES struct {
+	NumberOfModules uint32
+	Modules         [1]RTL_PROCESS_MODULE_INFORMATION
+}
+
+// Constants for LocalAlloc flags.
+const (
+	LMEM_FIXED          = 0x0
+	LMEM_MOVEABLE       = 0x2
+	LMEM_NOCOMPACT      = 0x10
+	LMEM_NODISCARD      = 0x20
+	LMEM_ZEROINIT       = 0x40
+	LMEM_MODIFY         = 0x80
+	LMEM_DISCARDABLE    = 0xf00
+	LMEM_VALID_FLAGS    = 0xf72
+	LMEM_INVALID_HANDLE = 0x8000
+	LHND                = LMEM_MOVEABLE | LMEM_ZEROINIT
+	LPTR                = LMEM_FIXED | LMEM_ZEROINIT
+	NONZEROLHND         = LMEM_MOVEABLE
+	NONZEROLPTR         = LMEM_FIXED
+)
+
+// Constants for the CreateNamedPipe-family of functions.
+const (
+	PIPE_ACCESS_INBOUND  = 0x1
+	PIPE_ACCESS_OUTBOUND = 0x2
+	PIPE_ACCESS_DUPLEX   = 0x3
+
+	PIPE_CLIENT_END = 0x0
+	PIPE_SERVER_END = 0x1
+
+	PIPE_WAIT                  = 0x0
+	PIPE_NOWAIT                = 0x1
+	PIPE_READMODE_BYTE         = 0x0
+	PIPE_READMODE_MESSAGE      = 0x2
+	PIPE_TYPE_BYTE             = 0x0
+	PIPE_TYPE_MESSAGE          = 0x4
+	PIPE_ACCEPT_REMOTE_CLIENTS = 0x0
+	PIPE_REJECT_REMOTE_CLIENTS = 0x8
+
+	PIPE_UNLIMITED_INSTANCES = 255
+)
+
+// Constants for security attributes when opening named pipes.
+const (
+	SECURITY_ANONYMOUS      = SecurityAnonymous << 16
+	SECURITY_IDENTIFICATION = SecurityIdentification << 16
+	SECURITY_IMPERSONATION  = SecurityImpersonation << 16
+	SECURITY_DELEGATION     = SecurityDelegation << 16
+
+	SECURITY_CONTEXT_TRACKING = 0x40000
+	SECURITY_EFFECTIVE_ONLY   = 0x80000
+
+	SECURITY_SQOS_PRESENT     = 0x100000
+	SECURITY_VALID_SQOS_FLAGS = 0x1f0000
+)
+
+// ResourceID represents a 16-bit resource identifier, traditionally created with the MAKEINTRESOURCE macro.
+type ResourceID uint16
+
+// ResourceIDOrString must be either a ResourceID, to specify a resource or resource type by ID,
+// or a string, to specify a resource or resource type by name.
+type ResourceIDOrString interface{}
+
+// Predefined resource names and types.
+var (
+	// Predefined names.
+	CREATEPROCESS_MANIFEST_RESOURCE_ID                 ResourceID = 1
+	ISOLATIONAWARE_MANIFEST_RESOURCE_ID                ResourceID = 2
+	ISOLATIONAWARE_NOSTATICIMPORT_MANIFEST_RESOURCE_ID ResourceID = 3
+	ISOLATIONPOLICY_MANIFEST_RESOURCE_ID               ResourceID = 4
+	ISOLATIONPOLICY_BROWSER_MANIFEST_RESOURCE_ID       ResourceID = 5
+	MINIMUM_RESERVED_MANIFEST_RESOURCE_ID              ResourceID = 1  // inclusive
+	MAXIMUM_RESERVED_MANIFEST_RESOURCE_ID              ResourceID = 16 // inclusive
+
+	// Predefined types.
+	RT_CURSOR       ResourceID = 1
+	RT_BITMAP       ResourceID = 2
+	RT_ICON         ResourceID = 3
+	RT_MENU         ResourceID = 4
+	RT_DIALOG       ResourceID = 5
+	RT_STRING       ResourceID = 6
+	RT_FONTDIR      ResourceID = 7
+	RT_FONT         ResourceID = 8
+	RT_ACCELERATOR  ResourceID = 9
+	RT_RCDATA       ResourceID = 10
+	RT_MESSAGETABLE ResourceID = 11
+	RT_GROUP_CURSOR ResourceID = 12
+	RT_GROUP_ICON   ResourceID = 14
+	RT_VERSION      ResourceID = 16
+	RT_DLGINCLUDE   ResourceID = 17
+	RT_PLUGPLAY     ResourceID = 19
+	RT_VXD          ResourceID = 20
+	RT_ANICURSOR    ResourceID = 21
+	RT_ANIICON      ResourceID = 22
+	RT_HTML         ResourceID = 23
+	RT_MANIFEST     ResourceID = 24
+)
+
+type VS_FIXEDFILEINFO struct {
+	Signature        uint32
+	StrucVersion     uint32
+	FileVersionMS    uint32
+	FileVersionLS    uint32
+	ProductVersionMS uint32
+	ProductVersionLS uint32
+	FileFlagsMask    uint32
+	FileFlags        uint32
+	FileOS           uint32
+	FileType         uint32
+	FileSubtype      uint32
+	FileDateMS       uint32
+	FileDateLS       uint32
+}
+
+type COAUTHIDENTITY struct {
+	User           *uint16
+	UserLength     uint32
+	Domain         *uint16
+	DomainLength   uint32
+	Password       *uint16
+	PasswordLength uint32
+	Flags          uint32
+}
+
+type COAUTHINFO struct {
+	AuthnSvc           uint32
+	AuthzSvc           uint32
+	ServerPrincName    *uint16
+	AuthnLevel         uint32
+	ImpersonationLevel uint32
+	AuthIdentityData   *COAUTHIDENTITY
+	Capabilities       uint32
+}
+
+type COSERVERINFO struct {
+	Reserved1 uint32
+	Aame      *uint16
+	AuthInfo  *COAUTHINFO
+	Reserved2 uint32
+}
+
+type BIND_OPTS3 struct {
+	CbStruct          uint32
+	Flags             uint32
+	Mode              uint32
+	TickCountDeadline uint32
+	TrackFlags        uint32
+	ClassContext      uint32
+	Locale            uint32
+	ServerInfo        *COSERVERINFO
+	Hwnd              HWND
+}
+
+const (
+	CLSCTX_INPROC_SERVER          = 0x1
+	CLSCTX_INPROC_HANDLER         = 0x2
+	CLSCTX_LOCAL_SERVER           = 0x4
+	CLSCTX_INPROC_SERVER16        = 0x8
+	CLSCTX_REMOTE_SERVER          = 0x10
+	CLSCTX_INPROC_HANDLER16       = 0x20
+	CLSCTX_RESERVED1              = 0x40
+	CLSCTX_RESERVED2              = 0x80
+	CLSCTX_RESERVED3              = 0x100
+	CLSCTX_RESERVED4              = 0x200
+	CLSCTX_NO_CODE_DOWNLOAD       = 0x400
+	CLSCTX_RESERVED5              = 0x800
+	CLSCTX_NO_CUSTOM_MARSHAL      = 0x1000
+	CLSCTX_ENABLE_CODE_DOWNLOAD   = 0x2000
+	CLSCTX_NO_FAILURE_LOG         = 0x4000
+	CLSCTX_DISABLE_AAA            = 0x8000
+	CLSCTX_ENABLE_AAA             = 0x10000
+	CLSCTX_FROM_DEFAULT_CONTEXT   = 0x20000
+	CLSCTX_ACTIVATE_32_BIT_SERVER = 0x40000
+	CLSCTX_ACTIVATE_64_BIT_SERVER = 0x80000
+	CLSCTX_ENABLE_CLOAKING        = 0x100000
+	CLSCTX_APPCONTAINER           = 0x400000
+	CLSCTX_ACTIVATE_AAA_AS_IU     = 0x800000
+	CLSCTX_PS_DLL                 = 0x80000000
+
+	COINIT_MULTITHREADED     = 0x0
+	COINIT_APARTMENTTHREADED = 0x2
+	COINIT_DISABLE_OLE1DDE   = 0x4
+	COINIT_SPEED_OVER_MEMORY = 0x8
+)
+
+// Flag for QueryFullProcessImageName.
+const PROCESS_NAME_NATIVE = 1
+
+type ModuleInfo struct {
+	BaseOfDll   uintptr
+	SizeOfImage uint32
+	EntryPoint  uintptr
+}
diff --git a/vendor/golang.org/x/sys/windows/types_windows_386.go b/vendor/golang.org/x/sys/windows/types_windows_386.go
index fe0ddd0316019..8bce3e2fc1b0f 100644
--- a/vendor/golang.org/x/sys/windows/types_windows_386.go
+++ b/vendor/golang.org/x/sys/windows/types_windows_386.go
@@ -20,3 +20,16 @@ type Servent struct {
 	Port    uint16
 	Proto   *byte
 }
+
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+	PerProcessUserTimeLimit int64
+	PerJobUserTimeLimit     int64
+	LimitFlags              uint32
+	MinimumWorkingSetSize   uintptr
+	MaximumWorkingSetSize   uintptr
+	ActiveProcessLimit      uint32
+	Affinity                uintptr
+	PriorityClass           uint32
+	SchedulingClass         uint32
+	_                       uint32 // pad to 8 byte boundary
+}
diff --git a/vendor/golang.org/x/sys/windows/types_windows_amd64.go b/vendor/golang.org/x/sys/windows/types_windows_amd64.go
index 7e154c2df2df6..fdddc0c70abd0 100644
--- a/vendor/golang.org/x/sys/windows/types_windows_amd64.go
+++ b/vendor/golang.org/x/sys/windows/types_windows_amd64.go
@@ -20,3 +20,15 @@ type Servent struct {
 	Proto   *byte
 	Port    uint16
 }
+
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+	PerProcessUserTimeLimit int64
+	PerJobUserTimeLimit     int64
+	LimitFlags              uint32
+	MinimumWorkingSetSize   uintptr
+	MaximumWorkingSetSize   uintptr
+	ActiveProcessLimit      uint32
+	Affinity                uintptr
+	PriorityClass           uint32
+	SchedulingClass         uint32
+}
diff --git a/vendor/golang.org/x/sys/windows/types_windows_arm.go b/vendor/golang.org/x/sys/windows/types_windows_arm.go
new file mode 100644
index 0000000000000..321872c3e04fa
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/types_windows_arm.go
@@ -0,0 +1,35 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+type WSAData struct {
+	Version      uint16
+	HighVersion  uint16
+	Description  [WSADESCRIPTION_LEN + 1]byte
+	SystemStatus [WSASYS_STATUS_LEN + 1]byte
+	MaxSockets   uint16
+	MaxUdpDg     uint16
+	VendorInfo   *byte
+}
+
+type Servent struct {
+	Name    *byte
+	Aliases **byte
+	Port    uint16
+	Proto   *byte
+}
+
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+	PerProcessUserTimeLimit int64
+	PerJobUserTimeLimit     int64
+	LimitFlags              uint32
+	MinimumWorkingSetSize   uintptr
+	MaximumWorkingSetSize   uintptr
+	ActiveProcessLimit      uint32
+	Affinity                uintptr
+	PriorityClass           uint32
+	SchedulingClass         uint32
+	_                       uint32 // pad to 8 byte boundary
+}
diff --git a/vendor/golang.org/x/sys/windows/types_windows_arm64.go b/vendor/golang.org/x/sys/windows/types_windows_arm64.go
new file mode 100644
index 0000000000000..fdddc0c70abd0
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/types_windows_arm64.go
@@ -0,0 +1,34 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+type WSAData struct {
+	Version      uint16
+	HighVersion  uint16
+	MaxSockets   uint16
+	MaxUdpDg     uint16
+	VendorInfo   *byte
+	Description  [WSADESCRIPTION_LEN + 1]byte
+	SystemStatus [WSASYS_STATUS_LEN + 1]byte
+}
+
+type Servent struct {
+	Name    *byte
+	Aliases **byte
+	Proto   *byte
+	Port    uint16
+}
+
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+	PerProcessUserTimeLimit int64
+	PerJobUserTimeLimit     int64
+	LimitFlags              uint32
+	MinimumWorkingSetSize   uintptr
+	MaximumWorkingSetSize   uintptr
+	ActiveProcessLimit      uint32
+	Affinity                uintptr
+	PriorityClass           uint32
+	SchedulingClass         uint32
+}
diff --git a/vendor/golang.org/x/sys/windows/zerrors_windows.go b/vendor/golang.org/x/sys/windows/zerrors_windows.go
new file mode 100644
index 0000000000000..0cf658fbd5d77
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/zerrors_windows.go
@@ -0,0 +1,9468 @@
+// Code generated by 'mkerrors.bash'; DO NOT EDIT.
+
+package windows
+
+import "syscall"
+
+const (
+	FACILITY_NULL                                                                           = 0
+	FACILITY_RPC                                                                            = 1
+	FACILITY_DISPATCH                                                                       = 2
+	FACILITY_STORAGE                                                                        = 3
+	FACILITY_ITF                                                                            = 4
+	FACILITY_WIN32                                                                          = 7
+	FACILITY_WINDOWS                                                                        = 8
+	FACILITY_SSPI                                                                           = 9
+	FACILITY_SECURITY                                                                       = 9
+	FACILITY_CONTROL                                                                        = 10
+	FACILITY_CERT                                                                           = 11
+	FACILITY_INTERNET                                                                       = 12
+	FACILITY_MEDIASERVER                                                                    = 13
+	FACILITY_MSMQ                                                                           = 14
+	FACILITY_SETUPAPI                                                                       = 15
+	FACILITY_SCARD                                                                          = 16
+	FACILITY_COMPLUS                                                                        = 17
+	FACILITY_AAF                                                                            = 18
+	FACILITY_URT                                                                            = 19
+	FACILITY_ACS                                                                            = 20
+	FACILITY_DPLAY                                                                          = 21
+	FACILITY_UMI                                                                            = 22
+	FACILITY_SXS                                                                            = 23
+	FACILITY_WINDOWS_CE                                                                     = 24
+	FACILITY_HTTP                                                                           = 25
+	FACILITY_USERMODE_COMMONLOG                                                             = 26
+	FACILITY_WER                                                                            = 27
+	FACILITY_USERMODE_FILTER_MANAGER                                                        = 31
+	FACILITY_BACKGROUNDCOPY                                                                 = 32
+	FACILITY_CONFIGURATION                                                                  = 33
+	FACILITY_WIA                                                                            = 33
+	FACILITY_STATE_MANAGEMENT                                                               = 34
+	FACILITY_METADIRECTORY                                                                  = 35
+	FACILITY_WINDOWSUPDATE                                                                  = 36
+	FACILITY_DIRECTORYSERVICE                                                               = 37
+	FACILITY_GRAPHICS                                                                       = 38
+	FACILITY_SHELL                                                                          = 39
+	FACILITY_NAP                                                                            = 39
+	FACILITY_TPM_SERVICES                                                                   = 40
+	FACILITY_TPM_SOFTWARE                                                                   = 41
+	FACILITY_UI                                                                             = 42
+	FACILITY_XAML                                                                           = 43
+	FACILITY_ACTION_QUEUE                                                                   = 44
+	FACILITY_PLA                                                                            = 48
+	FACILITY_WINDOWS_SETUP                                                                  = 48
+	FACILITY_FVE                                                                            = 49
+	FACILITY_FWP                                                                            = 50
+	FACILITY_WINRM                                                                          = 51
+	FACILITY_NDIS                                                                           = 52
+	FACILITY_USERMODE_HYPERVISOR                                                            = 53
+	FACILITY_CMI                                                                            = 54
+	FACILITY_USERMODE_VIRTUALIZATION                                                        = 55
+	FACILITY_USERMODE_VOLMGR                                                                = 56
+	FACILITY_BCD                                                                            = 57
+	FACILITY_USERMODE_VHD                                                                   = 58
+	FACILITY_USERMODE_HNS                                                                   = 59
+	FACILITY_SDIAG                                                                          = 60
+	FACILITY_WEBSERVICES                                                                    = 61
+	FACILITY_WINPE                                                                          = 61
+	FACILITY_WPN                                                                            = 62
+	FACILITY_WINDOWS_STORE                                                                  = 63
+	FACILITY_INPUT                                                                          = 64
+	FACILITY_EAP                                                                            = 66
+	FACILITY_WINDOWS_DEFENDER                                                               = 80
+	FACILITY_OPC                                                                            = 81
+	FACILITY_XPS                                                                            = 82
+	FACILITY_MBN                                                                            = 84
+	FACILITY_POWERSHELL                                                                     = 84
+	FACILITY_RAS                                                                            = 83
+	FACILITY_P2P_INT                                                                        = 98
+	FACILITY_P2P                                                                            = 99
+	FACILITY_DAF                                                                            = 100
+	FACILITY_BLUETOOTH_ATT                                                                  = 101
+	FACILITY_AUDIO                                                                          = 102
+	FACILITY_STATEREPOSITORY                                                                = 103
+	FACILITY_VISUALCPP                                                                      = 109
+	FACILITY_SCRIPT                                                                         = 112
+	FACILITY_PARSE                                                                          = 113
+	FACILITY_BLB                                                                            = 120
+	FACILITY_BLB_CLI                                                                        = 121
+	FACILITY_WSBAPP                                                                         = 122
+	FACILITY_BLBUI                                                                          = 128
+	FACILITY_USN                                                                            = 129
+	FACILITY_USERMODE_VOLSNAP                                                               = 130
+	FACILITY_TIERING                                                                        = 131
+	FACILITY_WSB_ONLINE                                                                     = 133
+	FACILITY_ONLINE_ID                                                                      = 134
+	FACILITY_DEVICE_UPDATE_AGENT                                                            = 135
+	FACILITY_DRVSERVICING                                                                   = 136
+	FACILITY_DLS                                                                            = 153
+	FACILITY_DELIVERY_OPTIMIZATION                                                          = 208
+	FACILITY_USERMODE_SPACES                                                                = 231
+	FACILITY_USER_MODE_SECURITY_CORE                                                        = 232
+	FACILITY_USERMODE_LICENSING                                                             = 234
+	FACILITY_SOS                                                                            = 160
+	FACILITY_DEBUGGERS                                                                      = 176
+	FACILITY_SPP                                                                            = 256
+	FACILITY_RESTORE                                                                        = 256
+	FACILITY_DMSERVER                                                                       = 256
+	FACILITY_DEPLOYMENT_SERVICES_SERVER                                                     = 257
+	FACILITY_DEPLOYMENT_SERVICES_IMAGING                                                    = 258
+	FACILITY_DEPLOYMENT_SERVICES_MANAGEMENT                                                 = 259
+	FACILITY_DEPLOYMENT_SERVICES_UTIL                                                       = 260
+	FACILITY_DEPLOYMENT_SERVICES_BINLSVC                                                    = 261
+	FACILITY_DEPLOYMENT_SERVICES_PXE                                                        = 263
+	FACILITY_DEPLOYMENT_SERVICES_TFTP                                                       = 264
+	FACILITY_DEPLOYMENT_SERVICES_TRANSPORT_MANAGEMENT                                       = 272
+	FACILITY_DEPLOYMENT_SERVICES_DRIVER_PROVISIONING                                        = 278
+	FACILITY_DEPLOYMENT_SERVICES_MULTICAST_SERVER                                           = 289
+	FACILITY_DEPLOYMENT_SERVICES_MULTICAST_CLIENT                                           = 290
+	FACILITY_DEPLOYMENT_SERVICES_CONTENT_PROVIDER                                           = 293
+	FACILITY_LINGUISTIC_SERVICES                                                            = 305
+	FACILITY_AUDIOSTREAMING                                                                 = 1094
+	FACILITY_ACCELERATOR                                                                    = 1536
+	FACILITY_WMAAECMA                                                                       = 1996
+	FACILITY_DIRECTMUSIC                                                                    = 2168
+	FACILITY_DIRECT3D10                                                                     = 2169
+	FACILITY_DXGI                                                                           = 2170
+	FACILITY_DXGI_DDI                                                                       = 2171
+	FACILITY_DIRECT3D11                                                                     = 2172
+	FACILITY_DIRECT3D11_DEBUG                                                               = 2173
+	FACILITY_DIRECT3D12                                                                     = 2174
+	FACILITY_DIRECT3D12_DEBUG                                                               = 2175
+	FACILITY_LEAP                                                                           = 2184
+	FACILITY_AUDCLNT                                                                        = 2185
+	FACILITY_WINCODEC_DWRITE_DWM                                                            = 2200
+	FACILITY_WINML                                                                          = 2192
+	FACILITY_DIRECT2D                                                                       = 2201
+	FACILITY_DEFRAG                                                                         = 2304
+	FACILITY_USERMODE_SDBUS                                                                 = 2305
+	FACILITY_JSCRIPT                                                                        = 2306
+	FACILITY_PIDGENX                                                                        = 2561
+	FACILITY_EAS                                                                            = 85
+	FACILITY_WEB                                                                            = 885
+	FACILITY_WEB_SOCKET                                                                     = 886
+	FACILITY_MOBILE                                                                         = 1793
+	FACILITY_SQLITE                                                                         = 1967
+	FACILITY_UTC                                                                            = 1989
+	FACILITY_WEP                                                                            = 2049
+	FACILITY_SYNCENGINE                                                                     = 2050
+	FACILITY_XBOX                                                                           = 2339
+	FACILITY_GAME                                                                           = 2340
+	FACILITY_PIX                                                                            = 2748
+	ERROR_SUCCESS                                                             syscall.Errno = 0
+	NO_ERROR                                                                                = 0
+	SEC_E_OK                                                                  Handle        = 0x00000000
+	ERROR_INVALID_FUNCTION                                                    syscall.Errno = 1
+	ERROR_FILE_NOT_FOUND                                                      syscall.Errno = 2
+	ERROR_PATH_NOT_FOUND                                                      syscall.Errno = 3
+	ERROR_TOO_MANY_OPEN_FILES                                                 syscall.Errno = 4
+	ERROR_ACCESS_DENIED                                                       syscall.Errno = 5
+	ERROR_INVALID_HANDLE                                                      syscall.Errno = 6
+	ERROR_ARENA_TRASHED                                                       syscall.Errno = 7
+	ERROR_NOT_ENOUGH_MEMORY                                                   syscall.Errno = 8
+	ERROR_INVALID_BLOCK                                                       syscall.Errno = 9
+	ERROR_BAD_ENVIRONMENT                                                     syscall.Errno = 10
+	ERROR_BAD_FORMAT                                                          syscall.Errno = 11
+	ERROR_INVALID_ACCESS                                                      syscall.Errno = 12
+	ERROR_INVALID_DATA                                                        syscall.Errno = 13
+	ERROR_OUTOFMEMORY                                                         syscall.Errno = 14
+	ERROR_INVALID_DRIVE                                                       syscall.Errno = 15
+	ERROR_CURRENT_DIRECTORY                                                   syscall.Errno = 16
+	ERROR_NOT_SAME_DEVICE                                                     syscall.Errno = 17
+	ERROR_NO_MORE_FILES                                                       syscall.Errno = 18
+	ERROR_WRITE_PROTECT                                                       syscall.Errno = 19
+	ERROR_BAD_UNIT                                                            syscall.Errno = 20
+	ERROR_NOT_READY                                                           syscall.Errno = 21
+	ERROR_BAD_COMMAND                                                         syscall.Errno = 22
+	ERROR_CRC                                                                 syscall.Errno = 23
+	ERROR_BAD_LENGTH                                                          syscall.Errno = 24
+	ERROR_SEEK                                                                syscall.Errno = 25
+	ERROR_NOT_DOS_DISK                                                        syscall.Errno = 26
+	ERROR_SECTOR_NOT_FOUND                                                    syscall.Errno = 27
+	ERROR_OUT_OF_PAPER                                                        syscall.Errno = 28
+	ERROR_WRITE_FAULT                                                         syscall.Errno = 29
+	ERROR_READ_FAULT                                                          syscall.Errno = 30
+	ERROR_GEN_FAILURE                                                         syscall.Errno = 31
+	ERROR_SHARING_VIOLATION                                                   syscall.Errno = 32
+	ERROR_LOCK_VIOLATION                                                      syscall.Errno = 33
+	ERROR_WRONG_DISK                                                          syscall.Errno = 34
+	ERROR_SHARING_BUFFER_EXCEEDED                                             syscall.Errno = 36
+	ERROR_HANDLE_EOF                                                          syscall.Errno = 38
+	ERROR_HANDLE_DISK_FULL                                                    syscall.Errno = 39
+	ERROR_NOT_SUPPORTED                                                       syscall.Errno = 50
+	ERROR_REM_NOT_LIST                                                        syscall.Errno = 51
+	ERROR_DUP_NAME                                                            syscall.Errno = 52
+	ERROR_BAD_NETPATH                                                         syscall.Errno = 53
+	ERROR_NETWORK_BUSY                                                        syscall.Errno = 54
+	ERROR_DEV_NOT_EXIST                                                       syscall.Errno = 55
+	ERROR_TOO_MANY_CMDS                                                       syscall.Errno = 56
+	ERROR_ADAP_HDW_ERR                                                        syscall.Errno = 57
+	ERROR_BAD_NET_RESP                                                        syscall.Errno = 58
+	ERROR_UNEXP_NET_ERR                                                       syscall.Errno = 59
+	ERROR_BAD_REM_ADAP                                                        syscall.Errno = 60
+	ERROR_PRINTQ_FULL                                                         syscall.Errno = 61
+	ERROR_NO_SPOOL_SPACE                                                      syscall.Errno = 62
+	ERROR_PRINT_CANCELLED                                                     syscall.Errno = 63
+	ERROR_NETNAME_DELETED                                                     syscall.Errno = 64
+	ERROR_NETWORK_ACCESS_DENIED                                               syscall.Errno = 65
+	ERROR_BAD_DEV_TYPE                                                        syscall.Errno = 66
+	ERROR_BAD_NET_NAME                                                        syscall.Errno = 67
+	ERROR_TOO_MANY_NAMES                                                      syscall.Errno = 68
+	ERROR_TOO_MANY_SESS                                                       syscall.Errno = 69
+	ERROR_SHARING_PAUSED                                                      syscall.Errno = 70
+	ERROR_REQ_NOT_ACCEP                                                       syscall.Errno = 71
+	ERROR_REDIR_PAUSED                                                        syscall.Errno = 72
+	ERROR_FILE_EXISTS                                                         syscall.Errno = 80
+	ERROR_CANNOT_MAKE                                                         syscall.Errno = 82
+	ERROR_FAIL_I24                                                            syscall.Errno = 83
+	ERROR_OUT_OF_STRUCTURES                                                   syscall.Errno = 84
+	ERROR_ALREADY_ASSIGNED                                                    syscall.Errno = 85
+	ERROR_INVALID_PASSWORD                                                    syscall.Errno = 86
+	ERROR_INVALID_PARAMETER                                                   syscall.Errno = 87
+	ERROR_NET_WRITE_FAULT                                                     syscall.Errno = 88
+	ERROR_NO_PROC_SLOTS                                                       syscall.Errno = 89
+	ERROR_TOO_MANY_SEMAPHORES                                                 syscall.Errno = 100
+	ERROR_EXCL_SEM_ALREADY_OWNED                                              syscall.Errno = 101
+	ERROR_SEM_IS_SET                                                          syscall.Errno = 102
+	ERROR_TOO_MANY_SEM_REQUESTS                                               syscall.Errno = 103
+	ERROR_INVALID_AT_INTERRUPT_TIME                                           syscall.Errno = 104
+	ERROR_SEM_OWNER_DIED                                                      syscall.Errno = 105
+	ERROR_SEM_USER_LIMIT                                                      syscall.Errno = 106
+	ERROR_DISK_CHANGE                                                         syscall.Errno = 107
+	ERROR_DRIVE_LOCKED                                                        syscall.Errno = 108
+	ERROR_BROKEN_PIPE                                                         syscall.Errno = 109
+	ERROR_OPEN_FAILED                                                         syscall.Errno = 110
+	ERROR_BUFFER_OVERFLOW                                                     syscall.Errno = 111
+	ERROR_DISK_FULL                                                           syscall.Errno = 112
+	ERROR_NO_MORE_SEARCH_HANDLES                                              syscall.Errno = 113
+	ERROR_INVALID_TARGET_HANDLE                                               syscall.Errno = 114
+	ERROR_INVALID_CATEGORY                                                    syscall.Errno = 117
+	ERROR_INVALID_VERIFY_SWITCH                                               syscall.Errno = 118
+	ERROR_BAD_DRIVER_LEVEL                                                    syscall.Errno = 119
+	ERROR_CALL_NOT_IMPLEMENTED                                                syscall.Errno = 120
+	ERROR_SEM_TIMEOUT                                                         syscall.Errno = 121
+	ERROR_INSUFFICIENT_BUFFER                                                 syscall.Errno = 122
+	ERROR_INVALID_NAME                                                        syscall.Errno = 123
+	ERROR_INVALID_LEVEL                                                       syscall.Errno = 124
+	ERROR_NO_VOLUME_LABEL                                                     syscall.Errno = 125
+	ERROR_MOD_NOT_FOUND                                                       syscall.Errno = 126
+	ERROR_PROC_NOT_FOUND                                                      syscall.Errno = 127
+	ERROR_WAIT_NO_CHILDREN                                                    syscall.Errno = 128
+	ERROR_CHILD_NOT_COMPLETE                                                  syscall.Errno = 129
+	ERROR_DIRECT_ACCESS_HANDLE                                                syscall.Errno = 130
+	ERROR_NEGATIVE_SEEK                                                       syscall.Errno = 131
+	ERROR_SEEK_ON_DEVICE                                                      syscall.Errno = 132
+	ERROR_IS_JOIN_TARGET                                                      syscall.Errno = 133
+	ERROR_IS_JOINED                                                           syscall.Errno = 134
+	ERROR_IS_SUBSTED                                                          syscall.Errno = 135
+	ERROR_NOT_JOINED                                                          syscall.Errno = 136
+	ERROR_NOT_SUBSTED                                                         syscall.Errno = 137
+	ERROR_JOIN_TO_JOIN                                                        syscall.Errno = 138
+	ERROR_SUBST_TO_SUBST                                                      syscall.Errno = 139
+	ERROR_JOIN_TO_SUBST                                                       syscall.Errno = 140
+	ERROR_SUBST_TO_JOIN                                                       syscall.Errno = 141
+	ERROR_BUSY_DRIVE                                                          syscall.Errno = 142
+	ERROR_SAME_DRIVE                                                          syscall.Errno = 143
+	ERROR_DIR_NOT_ROOT                                                        syscall.Errno = 144
+	ERROR_DIR_NOT_EMPTY                                                       syscall.Errno = 145
+	ERROR_IS_SUBST_PATH                                                       syscall.Errno = 146
+	ERROR_IS_JOIN_PATH                                                        syscall.Errno = 147
+	ERROR_PATH_BUSY                                                           syscall.Errno = 148
+	ERROR_IS_SUBST_TARGET                                                     syscall.Errno = 149
+	ERROR_SYSTEM_TRACE                                                        syscall.Errno = 150
+	ERROR_INVALID_EVENT_COUNT                                                 syscall.Errno = 151
+	ERROR_TOO_MANY_MUXWAITERS                                                 syscall.Errno = 152
+	ERROR_INVALID_LIST_FORMAT                                                 syscall.Errno = 153
+	ERROR_LABEL_TOO_LONG                                                      syscall.Errno = 154
+	ERROR_TOO_MANY_TCBS                                                       syscall.Errno = 155
+	ERROR_SIGNAL_REFUSED                                                      syscall.Errno = 156
+	ERROR_DISCARDED                                                           syscall.Errno = 157
+	ERROR_NOT_LOCKED                                                          syscall.Errno = 158
+	ERROR_BAD_THREADID_ADDR                                                   syscall.Errno = 159
+	ERROR_BAD_ARGUMENTS                                                       syscall.Errno = 160
+	ERROR_BAD_PATHNAME                                                        syscall.Errno = 161
+	ERROR_SIGNAL_PENDING                                                      syscall.Errno = 162
+	ERROR_MAX_THRDS_REACHED                                                   syscall.Errno = 164
+	ERROR_LOCK_FAILED                                                         syscall.Errno = 167
+	ERROR_BUSY                                                                syscall.Errno = 170
+	ERROR_DEVICE_SUPPORT_IN_PROGRESS                                          syscall.Errno = 171
+	ERROR_CANCEL_VIOLATION                                                    syscall.Errno = 173
+	ERROR_ATOMIC_LOCKS_NOT_SUPPORTED                                          syscall.Errno = 174
+	ERROR_INVALID_SEGMENT_NUMBER                                              syscall.Errno = 180
+	ERROR_INVALID_ORDINAL                                                     syscall.Errno = 182
+	ERROR_ALREADY_EXISTS                                                      syscall.Errno = 183
+	ERROR_INVALID_FLAG_NUMBER                                                 syscall.Errno = 186
+	ERROR_SEM_NOT_FOUND                                                       syscall.Errno = 187
+	ERROR_INVALID_STARTING_CODESEG                                            syscall.Errno = 188
+	ERROR_INVALID_STACKSEG                                                    syscall.Errno = 189
+	ERROR_INVALID_MODULETYPE                                                  syscall.Errno = 190
+	ERROR_INVALID_EXE_SIGNATURE                                               syscall.Errno = 191
+	ERROR_EXE_MARKED_INVALID                                                  syscall.Errno = 192
+	ERROR_BAD_EXE_FORMAT                                                      syscall.Errno = 193
+	ERROR_ITERATED_DATA_EXCEEDS_64k                                           syscall.Errno = 194
+	ERROR_INVALID_MINALLOCSIZE                                                syscall.Errno = 195
+	ERROR_DYNLINK_FROM_INVALID_RING                                           syscall.Errno = 196
+	ERROR_IOPL_NOT_ENABLED                                                    syscall.Errno = 197
+	ERROR_INVALID_SEGDPL                                                      syscall.Errno = 198
+	ERROR_AUTODATASEG_EXCEEDS_64k                                             syscall.Errno = 199
+	ERROR_RING2SEG_MUST_BE_MOVABLE                                            syscall.Errno = 200
+	ERROR_RELOC_CHAIN_XEEDS_SEGLIM                                            syscall.Errno = 201
+	ERROR_INFLOOP_IN_RELOC_CHAIN                                              syscall.Errno = 202
+	ERROR_ENVVAR_NOT_FOUND                                                    syscall.Errno = 203
+	ERROR_NO_SIGNAL_SENT                                                      syscall.Errno = 205
+	ERROR_FILENAME_EXCED_RANGE                                                syscall.Errno = 206
+	ERROR_RING2_STACK_IN_USE                                                  syscall.Errno = 207
+	ERROR_META_EXPANSION_TOO_LONG                                             syscall.Errno = 208
+	ERROR_INVALID_SIGNAL_NUMBER                                               syscall.Errno = 209
+	ERROR_THREAD_1_INACTIVE                                                   syscall.Errno = 210
+	ERROR_LOCKED                                                              syscall.Errno = 212
+	ERROR_TOO_MANY_MODULES                                                    syscall.Errno = 214
+	ERROR_NESTING_NOT_ALLOWED                                                 syscall.Errno = 215
+	ERROR_EXE_MACHINE_TYPE_MISMATCH                                           syscall.Errno = 216
+	ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY                                     syscall.Errno = 217
+	ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY                              syscall.Errno = 218
+	ERROR_FILE_CHECKED_OUT                                                    syscall.Errno = 220
+	ERROR_CHECKOUT_REQUIRED                                                   syscall.Errno = 221
+	ERROR_BAD_FILE_TYPE                                                       syscall.Errno = 222
+	ERROR_FILE_TOO_LARGE                                                      syscall.Errno = 223
+	ERROR_FORMS_AUTH_REQUIRED                                                 syscall.Errno = 224
+	ERROR_VIRUS_INFECTED                                                      syscall.Errno = 225
+	ERROR_VIRUS_DELETED                                                       syscall.Errno = 226
+	ERROR_PIPE_LOCAL                                                          syscall.Errno = 229
+	ERROR_BAD_PIPE                                                            syscall.Errno = 230
+	ERROR_PIPE_BUSY                                                           syscall.Errno = 231
+	ERROR_NO_DATA                                                             syscall.Errno = 232
+	ERROR_PIPE_NOT_CONNECTED                                                  syscall.Errno = 233
+	ERROR_MORE_DATA                                                           syscall.Errno = 234
+	ERROR_NO_WORK_DONE                                                        syscall.Errno = 235
+	ERROR_VC_DISCONNECTED                                                     syscall.Errno = 240
+	ERROR_INVALID_EA_NAME                                                     syscall.Errno = 254
+	ERROR_EA_LIST_INCONSISTENT                                                syscall.Errno = 255
+	WAIT_TIMEOUT                                                              syscall.Errno = 258
+	ERROR_NO_MORE_ITEMS                                                       syscall.Errno = 259
+	ERROR_CANNOT_COPY                                                         syscall.Errno = 266
+	ERROR_DIRECTORY                                                           syscall.Errno = 267
+	ERROR_EAS_DIDNT_FIT                                                       syscall.Errno = 275
+	ERROR_EA_FILE_CORRUPT                                                     syscall.Errno = 276
+	ERROR_EA_TABLE_FULL                                                       syscall.Errno = 277
+	ERROR_INVALID_EA_HANDLE                                                   syscall.Errno = 278
+	ERROR_EAS_NOT_SUPPORTED                                                   syscall.Errno = 282
+	ERROR_NOT_OWNER                                                           syscall.Errno = 288
+	ERROR_TOO_MANY_POSTS                                                      syscall.Errno = 298
+	ERROR_PARTIAL_COPY                                                        syscall.Errno = 299
+	ERROR_OPLOCK_NOT_GRANTED                                                  syscall.Errno = 300
+	ERROR_INVALID_OPLOCK_PROTOCOL                                             syscall.Errno = 301
+	ERROR_DISK_TOO_FRAGMENTED                                                 syscall.Errno = 302
+	ERROR_DELETE_PENDING                                                      syscall.Errno = 303
+	ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING                syscall.Errno = 304
+	ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME                                   syscall.Errno = 305
+	ERROR_SECURITY_STREAM_IS_INCONSISTENT                                     syscall.Errno = 306
+	ERROR_INVALID_LOCK_RANGE                                                  syscall.Errno = 307
+	ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT                                         syscall.Errno = 308
+	ERROR_NOTIFICATION_GUID_ALREADY_DEFINED                                   syscall.Errno = 309
+	ERROR_INVALID_EXCEPTION_HANDLER                                           syscall.Errno = 310
+	ERROR_DUPLICATE_PRIVILEGES                                                syscall.Errno = 311
+	ERROR_NO_RANGES_PROCESSED                                                 syscall.Errno = 312
+	ERROR_NOT_ALLOWED_ON_SYSTEM_FILE                                          syscall.Errno = 313
+	ERROR_DISK_RESOURCES_EXHAUSTED                                            syscall.Errno = 314
+	ERROR_INVALID_TOKEN                                                       syscall.Errno = 315
+	ERROR_DEVICE_FEATURE_NOT_SUPPORTED                                        syscall.Errno = 316
+	ERROR_MR_MID_NOT_FOUND                                                    syscall.Errno = 317
+	ERROR_SCOPE_NOT_FOUND                                                     syscall.Errno = 318
+	ERROR_UNDEFINED_SCOPE                                                     syscall.Errno = 319
+	ERROR_INVALID_CAP                                                         syscall.Errno = 320
+	ERROR_DEVICE_UNREACHABLE                                                  syscall.Errno = 321
+	ERROR_DEVICE_NO_RESOURCES                                                 syscall.Errno = 322
+	ERROR_DATA_CHECKSUM_ERROR                                                 syscall.Errno = 323
+	ERROR_INTERMIXED_KERNEL_EA_OPERATION                                      syscall.Errno = 324
+	ERROR_FILE_LEVEL_TRIM_NOT_SUPPORTED                                       syscall.Errno = 326
+	ERROR_OFFSET_ALIGNMENT_VIOLATION                                          syscall.Errno = 327
+	ERROR_INVALID_FIELD_IN_PARAMETER_LIST                                     syscall.Errno = 328
+	ERROR_OPERATION_IN_PROGRESS                                               syscall.Errno = 329
+	ERROR_BAD_DEVICE_PATH                                                     syscall.Errno = 330
+	ERROR_TOO_MANY_DESCRIPTORS                                                syscall.Errno = 331
+	ERROR_SCRUB_DATA_DISABLED                                                 syscall.Errno = 332
+	ERROR_NOT_REDUNDANT_STORAGE                                               syscall.Errno = 333
+	ERROR_RESIDENT_FILE_NOT_SUPPORTED                                         syscall.Errno = 334
+	ERROR_COMPRESSED_FILE_NOT_SUPPORTED                                       syscall.Errno = 335
+	ERROR_DIRECTORY_NOT_SUPPORTED                                             syscall.Errno = 336
+	ERROR_NOT_READ_FROM_COPY                                                  syscall.Errno = 337
+	ERROR_FT_WRITE_FAILURE                                                    syscall.Errno = 338
+	ERROR_FT_DI_SCAN_REQUIRED                                                 syscall.Errno = 339
+	ERROR_INVALID_KERNEL_INFO_VERSION                                         syscall.Errno = 340
+	ERROR_INVALID_PEP_INFO_VERSION                                            syscall.Errno = 341
+	ERROR_OBJECT_NOT_EXTERNALLY_BACKED                                        syscall.Errno = 342
+	ERROR_EXTERNAL_BACKING_PROVIDER_UNKNOWN                                   syscall.Errno = 343
+	ERROR_COMPRESSION_NOT_BENEFICIAL                                          syscall.Errno = 344
+	ERROR_STORAGE_TOPOLOGY_ID_MISMATCH                                        syscall.Errno = 345
+	ERROR_BLOCKED_BY_PARENTAL_CONTROLS                                        syscall.Errno = 346
+	ERROR_BLOCK_TOO_MANY_REFERENCES                                           syscall.Errno = 347
+	ERROR_MARKED_TO_DISALLOW_WRITES                                           syscall.Errno = 348
+	ERROR_ENCLAVE_FAILURE                                                     syscall.Errno = 349
+	ERROR_FAIL_NOACTION_REBOOT                                                syscall.Errno = 350
+	ERROR_FAIL_SHUTDOWN                                                       syscall.Errno = 351
+	ERROR_FAIL_RESTART                                                        syscall.Errno = 352
+	ERROR_MAX_SESSIONS_REACHED                                                syscall.Errno = 353
+	ERROR_NETWORK_ACCESS_DENIED_EDP                                           syscall.Errno = 354
+	ERROR_DEVICE_HINT_NAME_BUFFER_TOO_SMALL                                   syscall.Errno = 355
+	ERROR_EDP_POLICY_DENIES_OPERATION                                         syscall.Errno = 356
+	ERROR_EDP_DPL_POLICY_CANT_BE_SATISFIED                                    syscall.Errno = 357
+	ERROR_CLOUD_FILE_SYNC_ROOT_METADATA_CORRUPT                               syscall.Errno = 358
+	ERROR_DEVICE_IN_MAINTENANCE                                               syscall.Errno = 359
+	ERROR_NOT_SUPPORTED_ON_DAX                                                syscall.Errno = 360
+	ERROR_DAX_MAPPING_EXISTS                                                  syscall.Errno = 361
+	ERROR_CLOUD_FILE_PROVIDER_NOT_RUNNING                                     syscall.Errno = 362
+	ERROR_CLOUD_FILE_METADATA_CORRUPT                                         syscall.Errno = 363
+	ERROR_CLOUD_FILE_METADATA_TOO_LARGE                                       syscall.Errno = 364
+	ERROR_CLOUD_FILE_PROPERTY_BLOB_TOO_LARGE                                  syscall.Errno = 365
+	ERROR_CLOUD_FILE_PROPERTY_BLOB_CHECKSUM_MISMATCH                          syscall.Errno = 366
+	ERROR_CHILD_PROCESS_BLOCKED                                               syscall.Errno = 367
+	ERROR_STORAGE_LOST_DATA_PERSISTENCE                                       syscall.Errno = 368
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_UNAVAILABLE                              syscall.Errno = 369
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_METADATA_CORRUPT                         syscall.Errno = 370
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_BUSY                                     syscall.Errno = 371
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_PROVIDER_UNKNOWN                         syscall.Errno = 372
+	ERROR_GDI_HANDLE_LEAK                                                     syscall.Errno = 373
+	ERROR_CLOUD_FILE_TOO_MANY_PROPERTY_BLOBS                                  syscall.Errno = 374
+	ERROR_CLOUD_FILE_PROPERTY_VERSION_NOT_SUPPORTED                           syscall.Errno = 375
+	ERROR_NOT_A_CLOUD_FILE                                                    syscall.Errno = 376
+	ERROR_CLOUD_FILE_NOT_IN_SYNC                                              syscall.Errno = 377
+	ERROR_CLOUD_FILE_ALREADY_CONNECTED                                        syscall.Errno = 378
+	ERROR_CLOUD_FILE_NOT_SUPPORTED                                            syscall.Errno = 379
+	ERROR_CLOUD_FILE_INVALID_REQUEST                                          syscall.Errno = 380
+	ERROR_CLOUD_FILE_READ_ONLY_VOLUME                                         syscall.Errno = 381
+	ERROR_CLOUD_FILE_CONNECTED_PROVIDER_ONLY                                  syscall.Errno = 382
+	ERROR_CLOUD_FILE_VALIDATION_FAILED                                        syscall.Errno = 383
+	ERROR_SMB1_NOT_AVAILABLE                                                  syscall.Errno = 384
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_INVALID_OPERATION                        syscall.Errno = 385
+	ERROR_CLOUD_FILE_AUTHENTICATION_FAILED                                    syscall.Errno = 386
+	ERROR_CLOUD_FILE_INSUFFICIENT_RESOURCES                                   syscall.Errno = 387
+	ERROR_CLOUD_FILE_NETWORK_UNAVAILABLE                                      syscall.Errno = 388
+	ERROR_CLOUD_FILE_UNSUCCESSFUL                                             syscall.Errno = 389
+	ERROR_CLOUD_FILE_NOT_UNDER_SYNC_ROOT                                      syscall.Errno = 390
+	ERROR_CLOUD_FILE_IN_USE                                                   syscall.Errno = 391
+	ERROR_CLOUD_FILE_PINNED                                                   syscall.Errno = 392
+	ERROR_CLOUD_FILE_REQUEST_ABORTED                                          syscall.Errno = 393
+	ERROR_CLOUD_FILE_PROPERTY_CORRUPT                                         syscall.Errno = 394
+	ERROR_CLOUD_FILE_ACCESS_DENIED                                            syscall.Errno = 395
+	ERROR_CLOUD_FILE_INCOMPATIBLE_HARDLINKS                                   syscall.Errno = 396
+	ERROR_CLOUD_FILE_PROPERTY_LOCK_CONFLICT                                   syscall.Errno = 397
+	ERROR_CLOUD_FILE_REQUEST_CANCELED                                         syscall.Errno = 398
+	ERROR_EXTERNAL_SYSKEY_NOT_SUPPORTED                                       syscall.Errno = 399
+	ERROR_THREAD_MODE_ALREADY_BACKGROUND                                      syscall.Errno = 400
+	ERROR_THREAD_MODE_NOT_BACKGROUND                                          syscall.Errno = 401
+	ERROR_PROCESS_MODE_ALREADY_BACKGROUND                                     syscall.Errno = 402
+	ERROR_PROCESS_MODE_NOT_BACKGROUND                                         syscall.Errno = 403
+	ERROR_CLOUD_FILE_PROVIDER_TERMINATED                                      syscall.Errno = 404
+	ERROR_NOT_A_CLOUD_SYNC_ROOT                                               syscall.Errno = 405
+	ERROR_FILE_PROTECTED_UNDER_DPL                                            syscall.Errno = 406
+	ERROR_VOLUME_NOT_CLUSTER_ALIGNED                                          syscall.Errno = 407
+	ERROR_NO_PHYSICALLY_ALIGNED_FREE_SPACE_FOUND                              syscall.Errno = 408
+	ERROR_APPX_FILE_NOT_ENCRYPTED                                             syscall.Errno = 409
+	ERROR_RWRAW_ENCRYPTED_FILE_NOT_ENCRYPTED                                  syscall.Errno = 410
+	ERROR_RWRAW_ENCRYPTED_INVALID_EDATAINFO_FILEOFFSET                        syscall.Errno = 411
+	ERROR_RWRAW_ENCRYPTED_INVALID_EDATAINFO_FILERANGE                         syscall.Errno = 412
+	ERROR_RWRAW_ENCRYPTED_INVALID_EDATAINFO_PARAMETER                         syscall.Errno = 413
+	ERROR_LINUX_SUBSYSTEM_NOT_PRESENT                                         syscall.Errno = 414
+	ERROR_FT_READ_FAILURE                                                     syscall.Errno = 415
+	ERROR_STORAGE_RESERVE_ID_INVALID                                          syscall.Errno = 416
+	ERROR_STORAGE_RESERVE_DOES_NOT_EXIST                                      syscall.Errno = 417
+	ERROR_STORAGE_RESERVE_ALREADY_EXISTS                                      syscall.Errno = 418
+	ERROR_STORAGE_RESERVE_NOT_EMPTY                                           syscall.Errno = 419
+	ERROR_NOT_A_DAX_VOLUME                                                    syscall.Errno = 420
+	ERROR_NOT_DAX_MAPPABLE                                                    syscall.Errno = 421
+	ERROR_TIME_SENSITIVE_THREAD                                               syscall.Errno = 422
+	ERROR_DPL_NOT_SUPPORTED_FOR_USER                                          syscall.Errno = 423
+	ERROR_CASE_DIFFERING_NAMES_IN_DIR                                         syscall.Errno = 424
+	ERROR_FILE_NOT_SUPPORTED                                                  syscall.Errno = 425
+	ERROR_CLOUD_FILE_REQUEST_TIMEOUT                                          syscall.Errno = 426
+	ERROR_NO_TASK_QUEUE                                                       syscall.Errno = 427
+	ERROR_SRC_SRV_DLL_LOAD_FAILED                                             syscall.Errno = 428
+	ERROR_NOT_SUPPORTED_WITH_BTT                                              syscall.Errno = 429
+	ERROR_ENCRYPTION_DISABLED                                                 syscall.Errno = 430
+	ERROR_ENCRYPTING_METADATA_DISALLOWED                                      syscall.Errno = 431
+	ERROR_CANT_CLEAR_ENCRYPTION_FLAG                                          syscall.Errno = 432
+	ERROR_NO_SUCH_DEVICE                                                      syscall.Errno = 433
+	ERROR_CAPAUTHZ_NOT_DEVUNLOCKED                                            syscall.Errno = 450
+	ERROR_CAPAUTHZ_CHANGE_TYPE                                                syscall.Errno = 451
+	ERROR_CAPAUTHZ_NOT_PROVISIONED                                            syscall.Errno = 452
+	ERROR_CAPAUTHZ_NOT_AUTHORIZED                                             syscall.Errno = 453
+	ERROR_CAPAUTHZ_NO_POLICY                                                  syscall.Errno = 454
+	ERROR_CAPAUTHZ_DB_CORRUPTED                                               syscall.Errno = 455
+	ERROR_CAPAUTHZ_SCCD_INVALID_CATALOG                                       syscall.Errno = 456
+	ERROR_CAPAUTHZ_SCCD_NO_AUTH_ENTITY                                        syscall.Errno = 457
+	ERROR_CAPAUTHZ_SCCD_PARSE_ERROR                                           syscall.Errno = 458
+	ERROR_CAPAUTHZ_SCCD_DEV_MODE_REQUIRED                                     syscall.Errno = 459
+	ERROR_CAPAUTHZ_SCCD_NO_CAPABILITY_MATCH                                   syscall.Errno = 460
+	ERROR_PNP_QUERY_REMOVE_DEVICE_TIMEOUT                                     syscall.Errno = 480
+	ERROR_PNP_QUERY_REMOVE_RELATED_DEVICE_TIMEOUT                             syscall.Errno = 481
+	ERROR_PNP_QUERY_REMOVE_UNRELATED_DEVICE_TIMEOUT                           syscall.Errno = 482
+	ERROR_DEVICE_HARDWARE_ERROR                                               syscall.Errno = 483
+	ERROR_INVALID_ADDRESS                                                     syscall.Errno = 487
+	ERROR_VRF_CFG_ENABLED                                                     syscall.Errno = 1183
+	ERROR_PARTITION_TERMINATING                                               syscall.Errno = 1184
+	ERROR_USER_PROFILE_LOAD                                                   syscall.Errno = 500
+	ERROR_ARITHMETIC_OVERFLOW                                                 syscall.Errno = 534
+	ERROR_PIPE_CONNECTED                                                      syscall.Errno = 535
+	ERROR_PIPE_LISTENING                                                      syscall.Errno = 536
+	ERROR_VERIFIER_STOP                                                       syscall.Errno = 537
+	ERROR_ABIOS_ERROR                                                         syscall.Errno = 538
+	ERROR_WX86_WARNING                                                        syscall.Errno = 539
+	ERROR_WX86_ERROR                                                          syscall.Errno = 540
+	ERROR_TIMER_NOT_CANCELED                                                  syscall.Errno = 541
+	ERROR_UNWIND                                                              syscall.Errno = 542
+	ERROR_BAD_STACK                                                           syscall.Errno = 543
+	ERROR_INVALID_UNWIND_TARGET                                               syscall.Errno = 544
+	ERROR_INVALID_PORT_ATTRIBUTES                                             syscall.Errno = 545
+	ERROR_PORT_MESSAGE_TOO_LONG                                               syscall.Errno = 546
+	ERROR_INVALID_QUOTA_LOWER                                                 syscall.Errno = 547
+	ERROR_DEVICE_ALREADY_ATTACHED                                             syscall.Errno = 548
+	ERROR_INSTRUCTION_MISALIGNMENT                                            syscall.Errno = 549
+	ERROR_PROFILING_NOT_STARTED                                               syscall.Errno = 550
+	ERROR_PROFILING_NOT_STOPPED                                               syscall.Errno = 551
+	ERROR_COULD_NOT_INTERPRET                                                 syscall.Errno = 552
+	ERROR_PROFILING_AT_LIMIT                                                  syscall.Errno = 553
+	ERROR_CANT_WAIT                                                           syscall.Errno = 554
+	ERROR_CANT_TERMINATE_SELF                                                 syscall.Errno = 555
+	ERROR_UNEXPECTED_MM_CREATE_ERR                                            syscall.Errno = 556
+	ERROR_UNEXPECTED_MM_MAP_ERROR                                             syscall.Errno = 557
+	ERROR_UNEXPECTED_MM_EXTEND_ERR                                            syscall.Errno = 558
+	ERROR_BAD_FUNCTION_TABLE                                                  syscall.Errno = 559
+	ERROR_NO_GUID_TRANSLATION                                                 syscall.Errno = 560
+	ERROR_INVALID_LDT_SIZE                                                    syscall.Errno = 561
+	ERROR_INVALID_LDT_OFFSET                                                  syscall.Errno = 563
+	ERROR_INVALID_LDT_DESCRIPTOR                                              syscall.Errno = 564
+	ERROR_TOO_MANY_THREADS                                                    syscall.Errno = 565
+	ERROR_THREAD_NOT_IN_PROCESS                                               syscall.Errno = 566
+	ERROR_PAGEFILE_QUOTA_EXCEEDED                                             syscall.Errno = 567
+	ERROR_LOGON_SERVER_CONFLICT                                               syscall.Errno = 568
+	ERROR_SYNCHRONIZATION_REQUIRED                                            syscall.Errno = 569
+	ERROR_NET_OPEN_FAILED                                                     syscall.Errno = 570
+	ERROR_IO_PRIVILEGE_FAILED                                                 syscall.Errno = 571
+	ERROR_CONTROL_C_EXIT                                                      syscall.Errno = 572
+	ERROR_MISSING_SYSTEMFILE                                                  syscall.Errno = 573
+	ERROR_UNHANDLED_EXCEPTION                                                 syscall.Errno = 574
+	ERROR_APP_INIT_FAILURE                                                    syscall.Errno = 575
+	ERROR_PAGEFILE_CREATE_FAILED                                              syscall.Errno = 576
+	ERROR_INVALID_IMAGE_HASH                                                  syscall.Errno = 577
+	ERROR_NO_PAGEFILE                                                         syscall.Errno = 578
+	ERROR_ILLEGAL_FLOAT_CONTEXT                                               syscall.Errno = 579
+	ERROR_NO_EVENT_PAIR                                                       syscall.Errno = 580
+	ERROR_DOMAIN_CTRLR_CONFIG_ERROR                                           syscall.Errno = 581
+	ERROR_ILLEGAL_CHARACTER                                                   syscall.Errno = 582
+	ERROR_UNDEFINED_CHARACTER                                                 syscall.Errno = 583
+	ERROR_FLOPPY_VOLUME                                                       syscall.Errno = 584
+	ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT                                    syscall.Errno = 585
+	ERROR_BACKUP_CONTROLLER                                                   syscall.Errno = 586
+	ERROR_MUTANT_LIMIT_EXCEEDED                                               syscall.Errno = 587
+	ERROR_FS_DRIVER_REQUIRED                                                  syscall.Errno = 588
+	ERROR_CANNOT_LOAD_REGISTRY_FILE                                           syscall.Errno = 589
+	ERROR_DEBUG_ATTACH_FAILED                                                 syscall.Errno = 590
+	ERROR_SYSTEM_PROCESS_TERMINATED                                           syscall.Errno = 591
+	ERROR_DATA_NOT_ACCEPTED                                                   syscall.Errno = 592
+	ERROR_VDM_HARD_ERROR                                                      syscall.Errno = 593
+	ERROR_DRIVER_CANCEL_TIMEOUT                                               syscall.Errno = 594
+	ERROR_REPLY_MESSAGE_MISMATCH                                              syscall.Errno = 595
+	ERROR_LOST_WRITEBEHIND_DATA                                               syscall.Errno = 596
+	ERROR_CLIENT_SERVER_PARAMETERS_INVALID                                    syscall.Errno = 597
+	ERROR_NOT_TINY_STREAM                                                     syscall.Errno = 598
+	ERROR_STACK_OVERFLOW_READ                                                 syscall.Errno = 599
+	ERROR_CONVERT_TO_LARGE                                                    syscall.Errno = 600
+	ERROR_FOUND_OUT_OF_SCOPE                                                  syscall.Errno = 601
+	ERROR_ALLOCATE_BUCKET                                                     syscall.Errno = 602
+	ERROR_MARSHALL_OVERFLOW                                                   syscall.Errno = 603
+	ERROR_INVALID_VARIANT                                                     syscall.Errno = 604
+	ERROR_BAD_COMPRESSION_BUFFER                                              syscall.Errno = 605
+	ERROR_AUDIT_FAILED                                                        syscall.Errno = 606
+	ERROR_TIMER_RESOLUTION_NOT_SET                                            syscall.Errno = 607
+	ERROR_INSUFFICIENT_LOGON_INFO                                             syscall.Errno = 608
+	ERROR_BAD_DLL_ENTRYPOINT                                                  syscall.Errno = 609
+	ERROR_BAD_SERVICE_ENTRYPOINT                                              syscall.Errno = 610
+	ERROR_IP_ADDRESS_CONFLICT1                                                syscall.Errno = 611
+	ERROR_IP_ADDRESS_CONFLICT2                                                syscall.Errno = 612
+	ERROR_REGISTRY_QUOTA_LIMIT                                                syscall.Errno = 613
+	ERROR_NO_CALLBACK_ACTIVE                                                  syscall.Errno = 614
+	ERROR_PWD_TOO_SHORT                                                       syscall.Errno = 615
+	ERROR_PWD_TOO_RECENT                                                      syscall.Errno = 616
+	ERROR_PWD_HISTORY_CONFLICT                                                syscall.Errno = 617
+	ERROR_UNSUPPORTED_COMPRESSION                                             syscall.Errno = 618
+	ERROR_INVALID_HW_PROFILE                                                  syscall.Errno = 619
+	ERROR_INVALID_PLUGPLAY_DEVICE_PATH                                        syscall.Errno = 620
+	ERROR_QUOTA_LIST_INCONSISTENT                                             syscall.Errno = 621
+	ERROR_EVALUATION_EXPIRATION                                               syscall.Errno = 622
+	ERROR_ILLEGAL_DLL_RELOCATION                                              syscall.Errno = 623
+	ERROR_DLL_INIT_FAILED_LOGOFF                                              syscall.Errno = 624
+	ERROR_VALIDATE_CONTINUE                                                   syscall.Errno = 625
+	ERROR_NO_MORE_MATCHES                                                     syscall.Errno = 626
+	ERROR_RANGE_LIST_CONFLICT                                                 syscall.Errno = 627
+	ERROR_SERVER_SID_MISMATCH                                                 syscall.Errno = 628
+	ERROR_CANT_ENABLE_DENY_ONLY                                               syscall.Errno = 629
+	ERROR_FLOAT_MULTIPLE_FAULTS                                               syscall.Errno = 630
+	ERROR_FLOAT_MULTIPLE_TRAPS                                                syscall.Errno = 631
+	ERROR_NOINTERFACE                                                         syscall.Errno = 632
+	ERROR_DRIVER_FAILED_SLEEP                                                 syscall.Errno = 633
+	ERROR_CORRUPT_SYSTEM_FILE                                                 syscall.Errno = 634
+	ERROR_COMMITMENT_MINIMUM                                                  syscall.Errno = 635
+	ERROR_PNP_RESTART_ENUMERATION                                             syscall.Errno = 636
+	ERROR_SYSTEM_IMAGE_BAD_SIGNATURE                                          syscall.Errno = 637
+	ERROR_PNP_REBOOT_REQUIRED                                                 syscall.Errno = 638
+	ERROR_INSUFFICIENT_POWER                                                  syscall.Errno = 639
+	ERROR_MULTIPLE_FAULT_VIOLATION                                            syscall.Errno = 640
+	ERROR_SYSTEM_SHUTDOWN                                                     syscall.Errno = 641
+	ERROR_PORT_NOT_SET                                                        syscall.Errno = 642
+	ERROR_DS_VERSION_CHECK_FAILURE                                            syscall.Errno = 643
+	ERROR_RANGE_NOT_FOUND                                                     syscall.Errno = 644
+	ERROR_NOT_SAFE_MODE_DRIVER                                                syscall.Errno = 646
+	ERROR_FAILED_DRIVER_ENTRY                                                 syscall.Errno = 647
+	ERROR_DEVICE_ENUMERATION_ERROR                                            syscall.Errno = 648
+	ERROR_MOUNT_POINT_NOT_RESOLVED                                            syscall.Errno = 649
+	ERROR_INVALID_DEVICE_OBJECT_PARAMETER                                     syscall.Errno = 650
+	ERROR_MCA_OCCURED                                                         syscall.Errno = 651
+	ERROR_DRIVER_DATABASE_ERROR                                               syscall.Errno = 652
+	ERROR_SYSTEM_HIVE_TOO_LARGE                                               syscall.Errno = 653
+	ERROR_DRIVER_FAILED_PRIOR_UNLOAD                                          syscall.Errno = 654
+	ERROR_VOLSNAP_PREPARE_HIBERNATE                                           syscall.Errno = 655
+	ERROR_HIBERNATION_FAILURE                                                 syscall.Errno = 656
+	ERROR_PWD_TOO_LONG                                                        syscall.Errno = 657
+	ERROR_FILE_SYSTEM_LIMITATION                                              syscall.Errno = 665
+	ERROR_ASSERTION_FAILURE                                                   syscall.Errno = 668
+	ERROR_ACPI_ERROR                                                          syscall.Errno = 669
+	ERROR_WOW_ASSERTION                                                       syscall.Errno = 670
+	ERROR_PNP_BAD_MPS_TABLE                                                   syscall.Errno = 671
+	ERROR_PNP_TRANSLATION_FAILED                                              syscall.Errno = 672
+	ERROR_PNP_IRQ_TRANSLATION_FAILED                                          syscall.Errno = 673
+	ERROR_PNP_INVALID_ID                                                      syscall.Errno = 674
+	ERROR_WAKE_SYSTEM_DEBUGGER                                                syscall.Errno = 675
+	ERROR_HANDLES_CLOSED                                                      syscall.Errno = 676
+	ERROR_EXTRANEOUS_INFORMATION                                              syscall.Errno = 677
+	ERROR_RXACT_COMMIT_NECESSARY                                              syscall.Errno = 678
+	ERROR_MEDIA_CHECK                                                         syscall.Errno = 679
+	ERROR_GUID_SUBSTITUTION_MADE                                              syscall.Errno = 680
+	ERROR_STOPPED_ON_SYMLINK                                                  syscall.Errno = 681
+	ERROR_LONGJUMP                                                            syscall.Errno = 682
+	ERROR_PLUGPLAY_QUERY_VETOED                                               syscall.Errno = 683
+	ERROR_UNWIND_CONSOLIDATE                                                  syscall.Errno = 684
+	ERROR_REGISTRY_HIVE_RECOVERED                                             syscall.Errno = 685
+	ERROR_DLL_MIGHT_BE_INSECURE                                               syscall.Errno = 686
+	ERROR_DLL_MIGHT_BE_INCOMPATIBLE                                           syscall.Errno = 687
+	ERROR_DBG_EXCEPTION_NOT_HANDLED                                           syscall.Errno = 688
+	ERROR_DBG_REPLY_LATER                                                     syscall.Errno = 689
+	ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE                                        syscall.Errno = 690
+	ERROR_DBG_TERMINATE_THREAD                                                syscall.Errno = 691
+	ERROR_DBG_TERMINATE_PROCESS                                               syscall.Errno = 692
+	ERROR_DBG_CONTROL_C                                                       syscall.Errno = 693
+	ERROR_DBG_PRINTEXCEPTION_C                                                syscall.Errno = 694
+	ERROR_DBG_RIPEXCEPTION                                                    syscall.Errno = 695
+	ERROR_DBG_CONTROL_BREAK                                                   syscall.Errno = 696
+	ERROR_DBG_COMMAND_EXCEPTION                                               syscall.Errno = 697
+	ERROR_OBJECT_NAME_EXISTS                                                  syscall.Errno = 698
+	ERROR_THREAD_WAS_SUSPENDED                                                syscall.Errno = 699
+	ERROR_IMAGE_NOT_AT_BASE                                                   syscall.Errno = 700
+	ERROR_RXACT_STATE_CREATED                                                 syscall.Errno = 701
+	ERROR_SEGMENT_NOTIFICATION                                                syscall.Errno = 702
+	ERROR_BAD_CURRENT_DIRECTORY                                               syscall.Errno = 703
+	ERROR_FT_READ_RECOVERY_FROM_BACKUP                                        syscall.Errno = 704
+	ERROR_FT_WRITE_RECOVERY                                                   syscall.Errno = 705
+	ERROR_IMAGE_MACHINE_TYPE_MISMATCH                                         syscall.Errno = 706
+	ERROR_RECEIVE_PARTIAL                                                     syscall.Errno = 707
+	ERROR_RECEIVE_EXPEDITED                                                   syscall.Errno = 708
+	ERROR_RECEIVE_PARTIAL_EXPEDITED                                           syscall.Errno = 709
+	ERROR_EVENT_DONE                                                          syscall.Errno = 710
+	ERROR_EVENT_PENDING                                                       syscall.Errno = 711
+	ERROR_CHECKING_FILE_SYSTEM                                                syscall.Errno = 712
+	ERROR_FATAL_APP_EXIT                                                      syscall.Errno = 713
+	ERROR_PREDEFINED_HANDLE                                                   syscall.Errno = 714
+	ERROR_WAS_UNLOCKED                                                        syscall.Errno = 715
+	ERROR_SERVICE_NOTIFICATION                                                syscall.Errno = 716
+	ERROR_WAS_LOCKED                                                          syscall.Errno = 717
+	ERROR_LOG_HARD_ERROR                                                      syscall.Errno = 718
+	ERROR_ALREADY_WIN32                                                       syscall.Errno = 719
+	ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE                                     syscall.Errno = 720
+	ERROR_NO_YIELD_PERFORMED                                                  syscall.Errno = 721
+	ERROR_TIMER_RESUME_IGNORED                                                syscall.Errno = 722
+	ERROR_ARBITRATION_UNHANDLED                                               syscall.Errno = 723
+	ERROR_CARDBUS_NOT_SUPPORTED                                               syscall.Errno = 724
+	ERROR_MP_PROCESSOR_MISMATCH                                               syscall.Errno = 725
+	ERROR_HIBERNATED                                                          syscall.Errno = 726
+	ERROR_RESUME_HIBERNATION                                                  syscall.Errno = 727
+	ERROR_FIRMWARE_UPDATED                                                    syscall.Errno = 728
+	ERROR_DRIVERS_LEAKING_LOCKED_PAGES                                        syscall.Errno = 729
+	ERROR_WAKE_SYSTEM                                                         syscall.Errno = 730
+	ERROR_WAIT_1                                                              syscall.Errno = 731
+	ERROR_WAIT_2                                                              syscall.Errno = 732
+	ERROR_WAIT_3                                                              syscall.Errno = 733
+	ERROR_WAIT_63                                                             syscall.Errno = 734
+	ERROR_ABANDONED_WAIT_0                                                    syscall.Errno = 735
+	ERROR_ABANDONED_WAIT_63                                                   syscall.Errno = 736
+	ERROR_USER_APC                                                            syscall.Errno = 737
+	ERROR_KERNEL_APC                                                          syscall.Errno = 738
+	ERROR_ALERTED                                                             syscall.Errno = 739
+	ERROR_ELEVATION_REQUIRED                                                  syscall.Errno = 740
+	ERROR_REPARSE                                                             syscall.Errno = 741
+	ERROR_OPLOCK_BREAK_IN_PROGRESS                                            syscall.Errno = 742
+	ERROR_VOLUME_MOUNTED                                                      syscall.Errno = 743
+	ERROR_RXACT_COMMITTED                                                     syscall.Errno = 744
+	ERROR_NOTIFY_CLEANUP                                                      syscall.Errno = 745
+	ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED                                    syscall.Errno = 746
+	ERROR_PAGE_FAULT_TRANSITION                                               syscall.Errno = 747
+	ERROR_PAGE_FAULT_DEMAND_ZERO                                              syscall.Errno = 748
+	ERROR_PAGE_FAULT_COPY_ON_WRITE                                            syscall.Errno = 749
+	ERROR_PAGE_FAULT_GUARD_PAGE                                               syscall.Errno = 750
+	ERROR_PAGE_FAULT_PAGING_FILE                                              syscall.Errno = 751
+	ERROR_CACHE_PAGE_LOCKED                                                   syscall.Errno = 752
+	ERROR_CRASH_DUMP                                                          syscall.Errno = 753
+	ERROR_BUFFER_ALL_ZEROS                                                    syscall.Errno = 754
+	ERROR_REPARSE_OBJECT                                                      syscall.Errno = 755
+	ERROR_RESOURCE_REQUIREMENTS_CHANGED                                       syscall.Errno = 756
+	ERROR_TRANSLATION_COMPLETE                                                syscall.Errno = 757
+	ERROR_NOTHING_TO_TERMINATE                                                syscall.Errno = 758
+	ERROR_PROCESS_NOT_IN_JOB                                                  syscall.Errno = 759
+	ERROR_PROCESS_IN_JOB                                                      syscall.Errno = 760
+	ERROR_VOLSNAP_HIBERNATE_READY                                             syscall.Errno = 761
+	ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY                                  syscall.Errno = 762
+	ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED                                  syscall.Errno = 763
+	ERROR_INTERRUPT_STILL_CONNECTED                                           syscall.Errno = 764
+	ERROR_WAIT_FOR_OPLOCK                                                     syscall.Errno = 765
+	ERROR_DBG_EXCEPTION_HANDLED                                               syscall.Errno = 766
+	ERROR_DBG_CONTINUE                                                        syscall.Errno = 767
+	ERROR_CALLBACK_POP_STACK                                                  syscall.Errno = 768
+	ERROR_COMPRESSION_DISABLED                                                syscall.Errno = 769
+	ERROR_CANTFETCHBACKWARDS                                                  syscall.Errno = 770
+	ERROR_CANTSCROLLBACKWARDS                                                 syscall.Errno = 771
+	ERROR_ROWSNOTRELEASED                                                     syscall.Errno = 772
+	ERROR_BAD_ACCESSOR_FLAGS                                                  syscall.Errno = 773
+	ERROR_ERRORS_ENCOUNTERED                                                  syscall.Errno = 774
+	ERROR_NOT_CAPABLE                                                         syscall.Errno = 775
+	ERROR_REQUEST_OUT_OF_SEQUENCE                                             syscall.Errno = 776
+	ERROR_VERSION_PARSE_ERROR                                                 syscall.Errno = 777
+	ERROR_BADSTARTPOSITION                                                    syscall.Errno = 778
+	ERROR_MEMORY_HARDWARE                                                     syscall.Errno = 779
+	ERROR_DISK_REPAIR_DISABLED                                                syscall.Errno = 780
+	ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE             syscall.Errno = 781
+	ERROR_SYSTEM_POWERSTATE_TRANSITION                                        syscall.Errno = 782
+	ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION                                syscall.Errno = 783
+	ERROR_MCA_EXCEPTION                                                       syscall.Errno = 784
+	ERROR_ACCESS_AUDIT_BY_POLICY                                              syscall.Errno = 785
+	ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY                               syscall.Errno = 786
+	ERROR_ABANDON_HIBERFILE                                                   syscall.Errno = 787
+	ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED                          syscall.Errno = 788
+	ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR                          syscall.Errno = 789
+	ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR                              syscall.Errno = 790
+	ERROR_BAD_MCFG_TABLE                                                      syscall.Errno = 791
+	ERROR_DISK_REPAIR_REDIRECTED                                              syscall.Errno = 792
+	ERROR_DISK_REPAIR_UNSUCCESSFUL                                            syscall.Errno = 793
+	ERROR_CORRUPT_LOG_OVERFULL                                                syscall.Errno = 794
+	ERROR_CORRUPT_LOG_CORRUPTED                                               syscall.Errno = 795
+	ERROR_CORRUPT_LOG_UNAVAILABLE                                             syscall.Errno = 796
+	ERROR_CORRUPT_LOG_DELETED_FULL                                            syscall.Errno = 797
+	ERROR_CORRUPT_LOG_CLEARED                                                 syscall.Errno = 798
+	ERROR_ORPHAN_NAME_EXHAUSTED                                               syscall.Errno = 799
+	ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE                                       syscall.Errno = 800
+	ERROR_CANNOT_GRANT_REQUESTED_OPLOCK                                       syscall.Errno = 801
+	ERROR_CANNOT_BREAK_OPLOCK                                                 syscall.Errno = 802
+	ERROR_OPLOCK_HANDLE_CLOSED                                                syscall.Errno = 803
+	ERROR_NO_ACE_CONDITION                                                    syscall.Errno = 804
+	ERROR_INVALID_ACE_CONDITION                                               syscall.Errno = 805
+	ERROR_FILE_HANDLE_REVOKED                                                 syscall.Errno = 806
+	ERROR_IMAGE_AT_DIFFERENT_BASE                                             syscall.Errno = 807
+	ERROR_ENCRYPTED_IO_NOT_POSSIBLE                                           syscall.Errno = 808
+	ERROR_FILE_METADATA_OPTIMIZATION_IN_PROGRESS                              syscall.Errno = 809
+	ERROR_QUOTA_ACTIVITY                                                      syscall.Errno = 810
+	ERROR_HANDLE_REVOKED                                                      syscall.Errno = 811
+	ERROR_CALLBACK_INVOKE_INLINE                                              syscall.Errno = 812
+	ERROR_CPU_SET_INVALID                                                     syscall.Errno = 813
+	ERROR_ENCLAVE_NOT_TERMINATED                                              syscall.Errno = 814
+	ERROR_ENCLAVE_VIOLATION                                                   syscall.Errno = 815
+	ERROR_EA_ACCESS_DENIED                                                    syscall.Errno = 994
+	ERROR_OPERATION_ABORTED                                                   syscall.Errno = 995
+	ERROR_IO_INCOMPLETE                                                       syscall.Errno = 996
+	ERROR_IO_PENDING                                                          syscall.Errno = 997
+	ERROR_NOACCESS                                                            syscall.Errno = 998
+	ERROR_SWAPERROR                                                           syscall.Errno = 999
+	ERROR_STACK_OVERFLOW                                                      syscall.Errno = 1001
+	ERROR_INVALID_MESSAGE                                                     syscall.Errno = 1002
+	ERROR_CAN_NOT_COMPLETE                                                    syscall.Errno = 1003
+	ERROR_INVALID_FLAGS                                                       syscall.Errno = 1004
+	ERROR_UNRECOGNIZED_VOLUME                                                 syscall.Errno = 1005
+	ERROR_FILE_INVALID                                                        syscall.Errno = 1006
+	ERROR_FULLSCREEN_MODE                                                     syscall.Errno = 1007
+	ERROR_NO_TOKEN                                                            syscall.Errno = 1008
+	ERROR_BADDB                                                               syscall.Errno = 1009
+	ERROR_BADKEY                                                              syscall.Errno = 1010
+	ERROR_CANTOPEN                                                            syscall.Errno = 1011
+	ERROR_CANTREAD                                                            syscall.Errno = 1012
+	ERROR_CANTWRITE                                                           syscall.Errno = 1013
+	ERROR_REGISTRY_RECOVERED                                                  syscall.Errno = 1014
+	ERROR_REGISTRY_CORRUPT                                                    syscall.Errno = 1015
+	ERROR_REGISTRY_IO_FAILED                                                  syscall.Errno = 1016
+	ERROR_NOT_REGISTRY_FILE                                                   syscall.Errno = 1017
+	ERROR_KEY_DELETED                                                         syscall.Errno = 1018
+	ERROR_NO_LOG_SPACE                                                        syscall.Errno = 1019
+	ERROR_KEY_HAS_CHILDREN                                                    syscall.Errno = 1020
+	ERROR_CHILD_MUST_BE_VOLATILE                                              syscall.Errno = 1021
+	ERROR_NOTIFY_ENUM_DIR                                                     syscall.Errno = 1022
+	ERROR_DEPENDENT_SERVICES_RUNNING                                          syscall.Errno = 1051
+	ERROR_INVALID_SERVICE_CONTROL                                             syscall.Errno = 1052
+	ERROR_SERVICE_REQUEST_TIMEOUT                                             syscall.Errno = 1053
+	ERROR_SERVICE_NO_THREAD                                                   syscall.Errno = 1054
+	ERROR_SERVICE_DATABASE_LOCKED                                             syscall.Errno = 1055
+	ERROR_SERVICE_ALREADY_RUNNING                                             syscall.Errno = 1056
+	ERROR_INVALID_SERVICE_ACCOUNT                                             syscall.Errno = 1057
+	ERROR_SERVICE_DISABLED                                                    syscall.Errno = 1058
+	ERROR_CIRCULAR_DEPENDENCY                                                 syscall.Errno = 1059
+	ERROR_SERVICE_DOES_NOT_EXIST                                              syscall.Errno = 1060
+	ERROR_SERVICE_CANNOT_ACCEPT_CTRL                                          syscall.Errno = 1061
+	ERROR_SERVICE_NOT_ACTIVE                                                  syscall.Errno = 1062
+	ERROR_FAILED_SERVICE_CONTROLLER_CONNECT                                   syscall.Errno = 1063
+	ERROR_EXCEPTION_IN_SERVICE                                                syscall.Errno = 1064
+	ERROR_DATABASE_DOES_NOT_EXIST                                             syscall.Errno = 1065
+	ERROR_SERVICE_SPECIFIC_ERROR                                              syscall.Errno = 1066
+	ERROR_PROCESS_ABORTED                                                     syscall.Errno = 1067
+	ERROR_SERVICE_DEPENDENCY_FAIL                                             syscall.Errno = 1068
+	ERROR_SERVICE_LOGON_FAILED                                                syscall.Errno = 1069
+	ERROR_SERVICE_START_HANG                                                  syscall.Errno = 1070
+	ERROR_INVALID_SERVICE_LOCK                                                syscall.Errno = 1071
+	ERROR_SERVICE_MARKED_FOR_DELETE                                           syscall.Errno = 1072
+	ERROR_SERVICE_EXISTS                                                      syscall.Errno = 1073
+	ERROR_ALREADY_RUNNING_LKG                                                 syscall.Errno = 1074
+	ERROR_SERVICE_DEPENDENCY_DELETED                                          syscall.Errno = 1075
+	ERROR_BOOT_ALREADY_ACCEPTED                                               syscall.Errno = 1076
+	ERROR_SERVICE_NEVER_STARTED                                               syscall.Errno = 1077
+	ERROR_DUPLICATE_SERVICE_NAME                                              syscall.Errno = 1078
+	ERROR_DIFFERENT_SERVICE_ACCOUNT                                           syscall.Errno = 1079
+	ERROR_CANNOT_DETECT_DRIVER_FAILURE                                        syscall.Errno = 1080
+	ERROR_CANNOT_DETECT_PROCESS_ABORT                                         syscall.Errno = 1081
+	ERROR_NO_RECOVERY_PROGRAM                                                 syscall.Errno = 1082
+	ERROR_SERVICE_NOT_IN_EXE                                                  syscall.Errno = 1083
+	ERROR_NOT_SAFEBOOT_SERVICE                                                syscall.Errno = 1084
+	ERROR_END_OF_MEDIA                                                        syscall.Errno = 1100
+	ERROR_FILEMARK_DETECTED                                                   syscall.Errno = 1101
+	ERROR_BEGINNING_OF_MEDIA                                                  syscall.Errno = 1102
+	ERROR_SETMARK_DETECTED                                                    syscall.Errno = 1103
+	ERROR_NO_DATA_DETECTED                                                    syscall.Errno = 1104
+	ERROR_PARTITION_FAILURE                                                   syscall.Errno = 1105
+	ERROR_INVALID_BLOCK_LENGTH                                                syscall.Errno = 1106
+	ERROR_DEVICE_NOT_PARTITIONED                                              syscall.Errno = 1107
+	ERROR_UNABLE_TO_LOCK_MEDIA                                                syscall.Errno = 1108
+	ERROR_UNABLE_TO_UNLOAD_MEDIA                                              syscall.Errno = 1109
+	ERROR_MEDIA_CHANGED                                                       syscall.Errno = 1110
+	ERROR_BUS_RESET                                                           syscall.Errno = 1111
+	ERROR_NO_MEDIA_IN_DRIVE                                                   syscall.Errno = 1112
+	ERROR_NO_UNICODE_TRANSLATION                                              syscall.Errno = 1113
+	ERROR_DLL_INIT_FAILED                                                     syscall.Errno = 1114
+	ERROR_SHUTDOWN_IN_PROGRESS                                                syscall.Errno = 1115
+	ERROR_NO_SHUTDOWN_IN_PROGRESS                                             syscall.Errno = 1116
+	ERROR_IO_DEVICE                                                           syscall.Errno = 1117
+	ERROR_SERIAL_NO_DEVICE                                                    syscall.Errno = 1118
+	ERROR_IRQ_BUSY                                                            syscall.Errno = 1119
+	ERROR_MORE_WRITES                                                         syscall.Errno = 1120
+	ERROR_COUNTER_TIMEOUT                                                     syscall.Errno = 1121
+	ERROR_FLOPPY_ID_MARK_NOT_FOUND                                            syscall.Errno = 1122
+	ERROR_FLOPPY_WRONG_CYLINDER                                               syscall.Errno = 1123
+	ERROR_FLOPPY_UNKNOWN_ERROR                                                syscall.Errno = 1124
+	ERROR_FLOPPY_BAD_REGISTERS                                                syscall.Errno = 1125
+	ERROR_DISK_RECALIBRATE_FAILED                                             syscall.Errno = 1126
+	ERROR_DISK_OPERATION_FAILED                                               syscall.Errno = 1127
+	ERROR_DISK_RESET_FAILED                                                   syscall.Errno = 1128
+	ERROR_EOM_OVERFLOW                                                        syscall.Errno = 1129
+	ERROR_NOT_ENOUGH_SERVER_MEMORY                                            syscall.Errno = 1130
+	ERROR_POSSIBLE_DEADLOCK                                                   syscall.Errno = 1131
+	ERROR_MAPPED_ALIGNMENT                                                    syscall.Errno = 1132
+	ERROR_SET_POWER_STATE_VETOED                                              syscall.Errno = 1140
+	ERROR_SET_POWER_STATE_FAILED                                              syscall.Errno = 1141
+	ERROR_TOO_MANY_LINKS                                                      syscall.Errno = 1142
+	ERROR_OLD_WIN_VERSION                                                     syscall.Errno = 1150
+	ERROR_APP_WRONG_OS                                                        syscall.Errno = 1151
+	ERROR_SINGLE_INSTANCE_APP                                                 syscall.Errno = 1152
+	ERROR_RMODE_APP                                                           syscall.Errno = 1153
+	ERROR_INVALID_DLL                                                         syscall.Errno = 1154
+	ERROR_NO_ASSOCIATION                                                      syscall.Errno = 1155
+	ERROR_DDE_FAIL                                                            syscall.Errno = 1156
+	ERROR_DLL_NOT_FOUND                                                       syscall.Errno = 1157
+	ERROR_NO_MORE_USER_HANDLES                                                syscall.Errno = 1158
+	ERROR_MESSAGE_SYNC_ONLY                                                   syscall.Errno = 1159
+	ERROR_SOURCE_ELEMENT_EMPTY                                                syscall.Errno = 1160
+	ERROR_DESTINATION_ELEMENT_FULL                                            syscall.Errno = 1161
+	ERROR_ILLEGAL_ELEMENT_ADDRESS                                             syscall.Errno = 1162
+	ERROR_MAGAZINE_NOT_PRESENT                                                syscall.Errno = 1163
+	ERROR_DEVICE_REINITIALIZATION_NEEDED                                      syscall.Errno = 1164
+	ERROR_DEVICE_REQUIRES_CLEANING                                            syscall.Errno = 1165
+	ERROR_DEVICE_DOOR_OPEN                                                    syscall.Errno = 1166
+	ERROR_DEVICE_NOT_CONNECTED                                                syscall.Errno = 1167
+	ERROR_NOT_FOUND                                                           syscall.Errno = 1168
+	ERROR_NO_MATCH                                                            syscall.Errno = 1169
+	ERROR_SET_NOT_FOUND                                                       syscall.Errno = 1170
+	ERROR_POINT_NOT_FOUND                                                     syscall.Errno = 1171
+	ERROR_NO_TRACKING_SERVICE                                                 syscall.Errno = 1172
+	ERROR_NO_VOLUME_ID                                                        syscall.Errno = 1173
+	ERROR_UNABLE_TO_REMOVE_REPLACED                                           syscall.Errno = 1175
+	ERROR_UNABLE_TO_MOVE_REPLACEMENT                                          syscall.Errno = 1176
+	ERROR_UNABLE_TO_MOVE_REPLACEMENT_2                                        syscall.Errno = 1177
+	ERROR_JOURNAL_DELETE_IN_PROGRESS                                          syscall.Errno = 1178
+	ERROR_JOURNAL_NOT_ACTIVE                                                  syscall.Errno = 1179
+	ERROR_POTENTIAL_FILE_FOUND                                                syscall.Errno = 1180
+	ERROR_JOURNAL_ENTRY_DELETED                                               syscall.Errno = 1181
+	ERROR_SHUTDOWN_IS_SCHEDULED                                               syscall.Errno = 1190
+	ERROR_SHUTDOWN_USERS_LOGGED_ON                                            syscall.Errno = 1191
+	ERROR_BAD_DEVICE                                                          syscall.Errno = 1200
+	ERROR_CONNECTION_UNAVAIL                                                  syscall.Errno = 1201
+	ERROR_DEVICE_ALREADY_REMEMBERED                                           syscall.Errno = 1202
+	ERROR_NO_NET_OR_BAD_PATH                                                  syscall.Errno = 1203
+	ERROR_BAD_PROVIDER                                                        syscall.Errno = 1204
+	ERROR_CANNOT_OPEN_PROFILE                                                 syscall.Errno = 1205
+	ERROR_BAD_PROFILE                                                         syscall.Errno = 1206
+	ERROR_NOT_CONTAINER                                                       syscall.Errno = 1207
+	ERROR_EXTENDED_ERROR                                                      syscall.Errno = 1208
+	ERROR_INVALID_GROUPNAME                                                   syscall.Errno = 1209
+	ERROR_INVALID_COMPUTERNAME                                                syscall.Errno = 1210
+	ERROR_INVALID_EVENTNAME                                                   syscall.Errno = 1211
+	ERROR_INVALID_DOMAINNAME                                                  syscall.Errno = 1212
+	ERROR_INVALID_SERVICENAME                                                 syscall.Errno = 1213
+	ERROR_INVALID_NETNAME                                                     syscall.Errno = 1214
+	ERROR_INVALID_SHARENAME                                                   syscall.Errno = 1215
+	ERROR_INVALID_PASSWORDNAME                                                syscall.Errno = 1216
+	ERROR_INVALID_MESSAGENAME                                                 syscall.Errno = 1217
+	ERROR_INVALID_MESSAGEDEST                                                 syscall.Errno = 1218
+	ERROR_SESSION_CREDENTIAL_CONFLICT                                         syscall.Errno = 1219
+	ERROR_REMOTE_SESSION_LIMIT_EXCEEDED                                       syscall.Errno = 1220
+	ERROR_DUP_DOMAINNAME                                                      syscall.Errno = 1221
+	ERROR_NO_NETWORK                                                          syscall.Errno = 1222
+	ERROR_CANCELLED                                                           syscall.Errno = 1223
+	ERROR_USER_MAPPED_FILE                                                    syscall.Errno = 1224
+	ERROR_CONNECTION_REFUSED                                                  syscall.Errno = 1225
+	ERROR_GRACEFUL_DISCONNECT                                                 syscall.Errno = 1226
+	ERROR_ADDRESS_ALREADY_ASSOCIATED                                          syscall.Errno = 1227
+	ERROR_ADDRESS_NOT_ASSOCIATED                                              syscall.Errno = 1228
+	ERROR_CONNECTION_INVALID                                                  syscall.Errno = 1229
+	ERROR_CONNECTION_ACTIVE                                                   syscall.Errno = 1230
+	ERROR_NETWORK_UNREACHABLE                                                 syscall.Errno = 1231
+	ERROR_HOST_UNREACHABLE                                                    syscall.Errno = 1232
+	ERROR_PROTOCOL_UNREACHABLE                                                syscall.Errno = 1233
+	ERROR_PORT_UNREACHABLE                                                    syscall.Errno = 1234
+	ERROR_REQUEST_ABORTED                                                     syscall.Errno = 1235
+	ERROR_CONNECTION_ABORTED                                                  syscall.Errno = 1236
+	ERROR_RETRY                                                               syscall.Errno = 1237
+	ERROR_CONNECTION_COUNT_LIMIT                                              syscall.Errno = 1238
+	ERROR_LOGIN_TIME_RESTRICTION                                              syscall.Errno = 1239
+	ERROR_LOGIN_WKSTA_RESTRICTION                                             syscall.Errno = 1240
+	ERROR_INCORRECT_ADDRESS                                                   syscall.Errno = 1241
+	ERROR_ALREADY_REGISTERED                                                  syscall.Errno = 1242
+	ERROR_SERVICE_NOT_FOUND                                                   syscall.Errno = 1243
+	ERROR_NOT_AUTHENTICATED                                                   syscall.Errno = 1244
+	ERROR_NOT_LOGGED_ON                                                       syscall.Errno = 1245
+	ERROR_CONTINUE                                                            syscall.Errno = 1246
+	ERROR_ALREADY_INITIALIZED                                                 syscall.Errno = 1247
+	ERROR_NO_MORE_DEVICES                                                     syscall.Errno = 1248
+	ERROR_NO_SUCH_SITE                                                        syscall.Errno = 1249
+	ERROR_DOMAIN_CONTROLLER_EXISTS                                            syscall.Errno = 1250
+	ERROR_ONLY_IF_CONNECTED                                                   syscall.Errno = 1251
+	ERROR_OVERRIDE_NOCHANGES                                                  syscall.Errno = 1252
+	ERROR_BAD_USER_PROFILE                                                    syscall.Errno = 1253
+	ERROR_NOT_SUPPORTED_ON_SBS                                                syscall.Errno = 1254
+	ERROR_SERVER_SHUTDOWN_IN_PROGRESS                                         syscall.Errno = 1255
+	ERROR_HOST_DOWN                                                           syscall.Errno = 1256
+	ERROR_NON_ACCOUNT_SID                                                     syscall.Errno = 1257
+	ERROR_NON_DOMAIN_SID                                                      syscall.Errno = 1258
+	ERROR_APPHELP_BLOCK                                                       syscall.Errno = 1259
+	ERROR_ACCESS_DISABLED_BY_POLICY                                           syscall.Errno = 1260
+	ERROR_REG_NAT_CONSUMPTION                                                 syscall.Errno = 1261
+	ERROR_CSCSHARE_OFFLINE                                                    syscall.Errno = 1262
+	ERROR_PKINIT_FAILURE                                                      syscall.Errno = 1263
+	ERROR_SMARTCARD_SUBSYSTEM_FAILURE                                         syscall.Errno = 1264
+	ERROR_DOWNGRADE_DETECTED                                                  syscall.Errno = 1265
+	ERROR_MACHINE_LOCKED                                                      syscall.Errno = 1271
+	ERROR_SMB_GUEST_LOGON_BLOCKED                                             syscall.Errno = 1272
+	ERROR_CALLBACK_SUPPLIED_INVALID_DATA                                      syscall.Errno = 1273
+	ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED                                    syscall.Errno = 1274
+	ERROR_DRIVER_BLOCKED                                                      syscall.Errno = 1275
+	ERROR_INVALID_IMPORT_OF_NON_DLL                                           syscall.Errno = 1276
+	ERROR_ACCESS_DISABLED_WEBBLADE                                            syscall.Errno = 1277
+	ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER                                     syscall.Errno = 1278
+	ERROR_RECOVERY_FAILURE                                                    syscall.Errno = 1279
+	ERROR_ALREADY_FIBER                                                       syscall.Errno = 1280
+	ERROR_ALREADY_THREAD                                                      syscall.Errno = 1281
+	ERROR_STACK_BUFFER_OVERRUN                                                syscall.Errno = 1282
+	ERROR_PARAMETER_QUOTA_EXCEEDED                                            syscall.Errno = 1283
+	ERROR_DEBUGGER_INACTIVE                                                   syscall.Errno = 1284
+	ERROR_DELAY_LOAD_FAILED                                                   syscall.Errno = 1285
+	ERROR_VDM_DISALLOWED                                                      syscall.Errno = 1286
+	ERROR_UNIDENTIFIED_ERROR                                                  syscall.Errno = 1287
+	ERROR_INVALID_CRUNTIME_PARAMETER                                          syscall.Errno = 1288
+	ERROR_BEYOND_VDL                                                          syscall.Errno = 1289
+	ERROR_INCOMPATIBLE_SERVICE_SID_TYPE                                       syscall.Errno = 1290
+	ERROR_DRIVER_PROCESS_TERMINATED                                           syscall.Errno = 1291
+	ERROR_IMPLEMENTATION_LIMIT                                                syscall.Errno = 1292
+	ERROR_PROCESS_IS_PROTECTED                                                syscall.Errno = 1293
+	ERROR_SERVICE_NOTIFY_CLIENT_LAGGING                                       syscall.Errno = 1294
+	ERROR_DISK_QUOTA_EXCEEDED                                                 syscall.Errno = 1295
+	ERROR_CONTENT_BLOCKED                                                     syscall.Errno = 1296
+	ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE                                      syscall.Errno = 1297
+	ERROR_APP_HANG                                                            syscall.Errno = 1298
+	ERROR_INVALID_LABEL                                                       syscall.Errno = 1299
+	ERROR_NOT_ALL_ASSIGNED                                                    syscall.Errno = 1300
+	ERROR_SOME_NOT_MAPPED                                                     syscall.Errno = 1301
+	ERROR_NO_QUOTAS_FOR_ACCOUNT                                               syscall.Errno = 1302
+	ERROR_LOCAL_USER_SESSION_KEY                                              syscall.Errno = 1303
+	ERROR_NULL_LM_PASSWORD                                                    syscall.Errno = 1304
+	ERROR_UNKNOWN_REVISION                                                    syscall.Errno = 1305
+	ERROR_REVISION_MISMATCH                                                   syscall.Errno = 1306
+	ERROR_INVALID_OWNER                                                       syscall.Errno = 1307
+	ERROR_INVALID_PRIMARY_GROUP                                               syscall.Errno = 1308
+	ERROR_NO_IMPERSONATION_TOKEN                                              syscall.Errno = 1309
+	ERROR_CANT_DISABLE_MANDATORY                                              syscall.Errno = 1310
+	ERROR_NO_LOGON_SERVERS                                                    syscall.Errno = 1311
+	ERROR_NO_SUCH_LOGON_SESSION                                               syscall.Errno = 1312
+	ERROR_NO_SUCH_PRIVILEGE                                                   syscall.Errno = 1313
+	ERROR_PRIVILEGE_NOT_HELD                                                  syscall.Errno = 1314
+	ERROR_INVALID_ACCOUNT_NAME                                                syscall.Errno = 1315
+	ERROR_USER_EXISTS                                                         syscall.Errno = 1316
+	ERROR_NO_SUCH_USER                                                        syscall.Errno = 1317
+	ERROR_GROUP_EXISTS                                                        syscall.Errno = 1318
+	ERROR_NO_SUCH_GROUP                                                       syscall.Errno = 1319
+	ERROR_MEMBER_IN_GROUP                                                     syscall.Errno = 1320
+	ERROR_MEMBER_NOT_IN_GROUP                                                 syscall.Errno = 1321
+	ERROR_LAST_ADMIN                                                          syscall.Errno = 1322
+	ERROR_WRONG_PASSWORD                                                      syscall.Errno = 1323
+	ERROR_ILL_FORMED_PASSWORD                                                 syscall.Errno = 1324
+	ERROR_PASSWORD_RESTRICTION                                                syscall.Errno = 1325
+	ERROR_LOGON_FAILURE                                                       syscall.Errno = 1326
+	ERROR_ACCOUNT_RESTRICTION                                                 syscall.Errno = 1327
+	ERROR_INVALID_LOGON_HOURS                                                 syscall.Errno = 1328
+	ERROR_INVALID_WORKSTATION                                                 syscall.Errno = 1329
+	ERROR_PASSWORD_EXPIRED                                                    syscall.Errno = 1330
+	ERROR_ACCOUNT_DISABLED                                                    syscall.Errno = 1331
+	ERROR_NONE_MAPPED                                                         syscall.Errno = 1332
+	ERROR_TOO_MANY_LUIDS_REQUESTED                                            syscall.Errno = 1333
+	ERROR_LUIDS_EXHAUSTED                                                     syscall.Errno = 1334
+	ERROR_INVALID_SUB_AUTHORITY                                               syscall.Errno = 1335
+	ERROR_INVALID_ACL                                                         syscall.Errno = 1336
+	ERROR_INVALID_SID                                                         syscall.Errno = 1337
+	ERROR_INVALID_SECURITY_DESCR                                              syscall.Errno = 1338
+	ERROR_BAD_INHERITANCE_ACL                                                 syscall.Errno = 1340
+	ERROR_SERVER_DISABLED                                                     syscall.Errno = 1341
+	ERROR_SERVER_NOT_DISABLED                                                 syscall.Errno = 1342
+	ERROR_INVALID_ID_AUTHORITY                                                syscall.Errno = 1343
+	ERROR_ALLOTTED_SPACE_EXCEEDED                                             syscall.Errno = 1344
+	ERROR_INVALID_GROUP_ATTRIBUTES                                            syscall.Errno = 1345
+	ERROR_BAD_IMPERSONATION_LEVEL                                             syscall.Errno = 1346
+	ERROR_CANT_OPEN_ANONYMOUS                                                 syscall.Errno = 1347
+	ERROR_BAD_VALIDATION_CLASS                                                syscall.Errno = 1348
+	ERROR_BAD_TOKEN_TYPE                                                      syscall.Errno = 1349
+	ERROR_NO_SECURITY_ON_OBJECT                                               syscall.Errno = 1350
+	ERROR_CANT_ACCESS_DOMAIN_INFO                                             syscall.Errno = 1351
+	ERROR_INVALID_SERVER_STATE                                                syscall.Errno = 1352
+	ERROR_INVALID_DOMAIN_STATE                                                syscall.Errno = 1353
+	ERROR_INVALID_DOMAIN_ROLE                                                 syscall.Errno = 1354
+	ERROR_NO_SUCH_DOMAIN                                                      syscall.Errno = 1355
+	ERROR_DOMAIN_EXISTS                                                       syscall.Errno = 1356
+	ERROR_DOMAIN_LIMIT_EXCEEDED                                               syscall.Errno = 1357
+	ERROR_INTERNAL_DB_CORRUPTION                                              syscall.Errno = 1358
+	ERROR_INTERNAL_ERROR                                                      syscall.Errno = 1359
+	ERROR_GENERIC_NOT_MAPPED                                                  syscall.Errno = 1360
+	ERROR_BAD_DESCRIPTOR_FORMAT                                               syscall.Errno = 1361
+	ERROR_NOT_LOGON_PROCESS                                                   syscall.Errno = 1362
+	ERROR_LOGON_SESSION_EXISTS                                                syscall.Errno = 1363
+	ERROR_NO_SUCH_PACKAGE                                                     syscall.Errno = 1364
+	ERROR_BAD_LOGON_SESSION_STATE                                             syscall.Errno = 1365
+	ERROR_LOGON_SESSION_COLLISION                                             syscall.Errno = 1366
+	ERROR_INVALID_LOGON_TYPE                                                  syscall.Errno = 1367
+	ERROR_CANNOT_IMPERSONATE                                                  syscall.Errno = 1368
+	ERROR_RXACT_INVALID_STATE                                                 syscall.Errno = 1369
+	ERROR_RXACT_COMMIT_FAILURE                                                syscall.Errno = 1370
+	ERROR_SPECIAL_ACCOUNT                                                     syscall.Errno = 1371
+	ERROR_SPECIAL_GROUP                                                       syscall.Errno = 1372
+	ERROR_SPECIAL_USER                                                        syscall.Errno = 1373
+	ERROR_MEMBERS_PRIMARY_GROUP                                               syscall.Errno = 1374
+	ERROR_TOKEN_ALREADY_IN_USE                                                syscall.Errno = 1375
+	ERROR_NO_SUCH_ALIAS                                                       syscall.Errno = 1376
+	ERROR_MEMBER_NOT_IN_ALIAS                                                 syscall.Errno = 1377
+	ERROR_MEMBER_IN_ALIAS                                                     syscall.Errno = 1378
+	ERROR_ALIAS_EXISTS                                                        syscall.Errno = 1379
+	ERROR_LOGON_NOT_GRANTED                                                   syscall.Errno = 1380
+	ERROR_TOO_MANY_SECRETS                                                    syscall.Errno = 1381
+	ERROR_SECRET_TOO_LONG                                                     syscall.Errno = 1382
+	ERROR_INTERNAL_DB_ERROR                                                   syscall.Errno = 1383
+	ERROR_TOO_MANY_CONTEXT_IDS                                                syscall.Errno = 1384
+	ERROR_LOGON_TYPE_NOT_GRANTED                                              syscall.Errno = 1385
+	ERROR_NT_CROSS_ENCRYPTION_REQUIRED                                        syscall.Errno = 1386
+	ERROR_NO_SUCH_MEMBER                                                      syscall.Errno = 1387
+	ERROR_INVALID_MEMBER                                                      syscall.Errno = 1388
+	ERROR_TOO_MANY_SIDS                                                       syscall.Errno = 1389
+	ERROR_LM_CROSS_ENCRYPTION_REQUIRED                                        syscall.Errno = 1390
+	ERROR_NO_INHERITANCE                                                      syscall.Errno = 1391
+	ERROR_FILE_CORRUPT                                                        syscall.Errno = 1392
+	ERROR_DISK_CORRUPT                                                        syscall.Errno = 1393
+	ERROR_NO_USER_SESSION_KEY                                                 syscall.Errno = 1394
+	ERROR_LICENSE_QUOTA_EXCEEDED                                              syscall.Errno = 1395
+	ERROR_WRONG_TARGET_NAME                                                   syscall.Errno = 1396
+	ERROR_MUTUAL_AUTH_FAILED                                                  syscall.Errno = 1397
+	ERROR_TIME_SKEW                                                           syscall.Errno = 1398
+	ERROR_CURRENT_DOMAIN_NOT_ALLOWED                                          syscall.Errno = 1399
+	ERROR_INVALID_WINDOW_HANDLE                                               syscall.Errno = 1400
+	ERROR_INVALID_MENU_HANDLE                                                 syscall.Errno = 1401
+	ERROR_INVALID_CURSOR_HANDLE                                               syscall.Errno = 1402
+	ERROR_INVALID_ACCEL_HANDLE                                                syscall.Errno = 1403
+	ERROR_INVALID_HOOK_HANDLE                                                 syscall.Errno = 1404
+	ERROR_INVALID_DWP_HANDLE                                                  syscall.Errno = 1405
+	ERROR_TLW_WITH_WSCHILD                                                    syscall.Errno = 1406
+	ERROR_CANNOT_FIND_WND_CLASS                                               syscall.Errno = 1407
+	ERROR_WINDOW_OF_OTHER_THREAD                                              syscall.Errno = 1408
+	ERROR_HOTKEY_ALREADY_REGISTERED                                           syscall.Errno = 1409
+	ERROR_CLASS_ALREADY_EXISTS                                                syscall.Errno = 1410
+	ERROR_CLASS_DOES_NOT_EXIST                                                syscall.Errno = 1411
+	ERROR_CLASS_HAS_WINDOWS                                                   syscall.Errno = 1412
+	ERROR_INVALID_INDEX                                                       syscall.Errno = 1413
+	ERROR_INVALID_ICON_HANDLE                                                 syscall.Errno = 1414
+	ERROR_PRIVATE_DIALOG_INDEX                                                syscall.Errno = 1415
+	ERROR_LISTBOX_ID_NOT_FOUND                                                syscall.Errno = 1416
+	ERROR_NO_WILDCARD_CHARACTERS                                              syscall.Errno = 1417
+	ERROR_CLIPBOARD_NOT_OPEN                                                  syscall.Errno = 1418
+	ERROR_HOTKEY_NOT_REGISTERED                                               syscall.Errno = 1419
+	ERROR_WINDOW_NOT_DIALOG                                                   syscall.Errno = 1420
+	ERROR_CONTROL_ID_NOT_FOUND                                                syscall.Errno = 1421
+	ERROR_INVALID_COMBOBOX_MESSAGE                                            syscall.Errno = 1422
+	ERROR_WINDOW_NOT_COMBOBOX                                                 syscall.Errno = 1423
+	ERROR_INVALID_EDIT_HEIGHT                                                 syscall.Errno = 1424
+	ERROR_DC_NOT_FOUND                                                        syscall.Errno = 1425
+	ERROR_INVALID_HOOK_FILTER                                                 syscall.Errno = 1426
+	ERROR_INVALID_FILTER_PROC                                                 syscall.Errno = 1427
+	ERROR_HOOK_NEEDS_HMOD                                                     syscall.Errno = 1428
+	ERROR_GLOBAL_ONLY_HOOK                                                    syscall.Errno = 1429
+	ERROR_JOURNAL_HOOK_SET                                                    syscall.Errno = 1430
+	ERROR_HOOK_NOT_INSTALLED                                                  syscall.Errno = 1431
+	ERROR_INVALID_LB_MESSAGE                                                  syscall.Errno = 1432
+	ERROR_SETCOUNT_ON_BAD_LB                                                  syscall.Errno = 1433
+	ERROR_LB_WITHOUT_TABSTOPS                                                 syscall.Errno = 1434
+	ERROR_DESTROY_OBJECT_OF_OTHER_THREAD                                      syscall.Errno = 1435
+	ERROR_CHILD_WINDOW_MENU                                                   syscall.Errno = 1436
+	ERROR_NO_SYSTEM_MENU                                                      syscall.Errno = 1437
+	ERROR_INVALID_MSGBOX_STYLE                                                syscall.Errno = 1438
+	ERROR_INVALID_SPI_VALUE                                                   syscall.Errno = 1439
+	ERROR_SCREEN_ALREADY_LOCKED                                               syscall.Errno = 1440
+	ERROR_HWNDS_HAVE_DIFF_PARENT                                              syscall.Errno = 1441
+	ERROR_NOT_CHILD_WINDOW                                                    syscall.Errno = 1442
+	ERROR_INVALID_GW_COMMAND                                                  syscall.Errno = 1443
+	ERROR_INVALID_THREAD_ID                                                   syscall.Errno = 1444
+	ERROR_NON_MDICHILD_WINDOW                                                 syscall.Errno = 1445
+	ERROR_POPUP_ALREADY_ACTIVE                                                syscall.Errno = 1446
+	ERROR_NO_SCROLLBARS                                                       syscall.Errno = 1447
+	ERROR_INVALID_SCROLLBAR_RANGE                                             syscall.Errno = 1448
+	ERROR_INVALID_SHOWWIN_COMMAND                                             syscall.Errno = 1449
+	ERROR_NO_SYSTEM_RESOURCES                                                 syscall.Errno = 1450
+	ERROR_NONPAGED_SYSTEM_RESOURCES                                           syscall.Errno = 1451
+	ERROR_PAGED_SYSTEM_RESOURCES                                              syscall.Errno = 1452
+	ERROR_WORKING_SET_QUOTA                                                   syscall.Errno = 1453
+	ERROR_PAGEFILE_QUOTA                                                      syscall.Errno = 1454
+	ERROR_COMMITMENT_LIMIT                                                    syscall.Errno = 1455
+	ERROR_MENU_ITEM_NOT_FOUND                                                 syscall.Errno = 1456
+	ERROR_INVALID_KEYBOARD_HANDLE                                             syscall.Errno = 1457
+	ERROR_HOOK_TYPE_NOT_ALLOWED                                               syscall.Errno = 1458
+	ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION                                  syscall.Errno = 1459
+	ERROR_TIMEOUT                                                             syscall.Errno = 1460
+	ERROR_INVALID_MONITOR_HANDLE                                              syscall.Errno = 1461
+	ERROR_INCORRECT_SIZE                                                      syscall.Errno = 1462
+	ERROR_SYMLINK_CLASS_DISABLED                                              syscall.Errno = 1463
+	ERROR_SYMLINK_NOT_SUPPORTED                                               syscall.Errno = 1464
+	ERROR_XML_PARSE_ERROR                                                     syscall.Errno = 1465
+	ERROR_XMLDSIG_ERROR                                                       syscall.Errno = 1466
+	ERROR_RESTART_APPLICATION                                                 syscall.Errno = 1467
+	ERROR_WRONG_COMPARTMENT                                                   syscall.Errno = 1468
+	ERROR_AUTHIP_FAILURE                                                      syscall.Errno = 1469
+	ERROR_NO_NVRAM_RESOURCES                                                  syscall.Errno = 1470
+	ERROR_NOT_GUI_PROCESS                                                     syscall.Errno = 1471
+	ERROR_EVENTLOG_FILE_CORRUPT                                               syscall.Errno = 1500
+	ERROR_EVENTLOG_CANT_START                                                 syscall.Errno = 1501
+	ERROR_LOG_FILE_FULL                                                       syscall.Errno = 1502
+	ERROR_EVENTLOG_FILE_CHANGED                                               syscall.Errno = 1503
+	ERROR_CONTAINER_ASSIGNED                                                  syscall.Errno = 1504
+	ERROR_JOB_NO_CONTAINER                                                    syscall.Errno = 1505
+	ERROR_INVALID_TASK_NAME                                                   syscall.Errno = 1550
+	ERROR_INVALID_TASK_INDEX                                                  syscall.Errno = 1551
+	ERROR_THREAD_ALREADY_IN_TASK                                              syscall.Errno = 1552
+	ERROR_INSTALL_SERVICE_FAILURE                                             syscall.Errno = 1601
+	ERROR_INSTALL_USEREXIT                                                    syscall.Errno = 1602
+	ERROR_INSTALL_FAILURE                                                     syscall.Errno = 1603
+	ERROR_INSTALL_SUSPEND                                                     syscall.Errno = 1604
+	ERROR_UNKNOWN_PRODUCT                                                     syscall.Errno = 1605
+	ERROR_UNKNOWN_FEATURE                                                     syscall.Errno = 1606
+	ERROR_UNKNOWN_COMPONENT                                                   syscall.Errno = 1607
+	ERROR_UNKNOWN_PROPERTY                                                    syscall.Errno = 1608
+	ERROR_INVALID_HANDLE_STATE                                                syscall.Errno = 1609
+	ERROR_BAD_CONFIGURATION                                                   syscall.Errno = 1610
+	ERROR_INDEX_ABSENT                                                        syscall.Errno = 1611
+	ERROR_INSTALL_SOURCE_ABSENT                                               syscall.Errno = 1612
+	ERROR_INSTALL_PACKAGE_VERSION                                             syscall.Errno = 1613
+	ERROR_PRODUCT_UNINSTALLED                                                 syscall.Errno = 1614
+	ERROR_BAD_QUERY_SYNTAX                                                    syscall.Errno = 1615
+	ERROR_INVALID_FIELD                                                       syscall.Errno = 1616
+	ERROR_DEVICE_REMOVED                                                      syscall.Errno = 1617
+	ERROR_INSTALL_ALREADY_RUNNING                                             syscall.Errno = 1618
+	ERROR_INSTALL_PACKAGE_OPEN_FAILED                                         syscall.Errno = 1619
+	ERROR_INSTALL_PACKAGE_INVALID                                             syscall.Errno = 1620
+	ERROR_INSTALL_UI_FAILURE                                                  syscall.Errno = 1621
+	ERROR_INSTALL_LOG_FAILURE                                                 syscall.Errno = 1622
+	ERROR_INSTALL_LANGUAGE_UNSUPPORTED                                        syscall.Errno = 1623
+	ERROR_INSTALL_TRANSFORM_FAILURE                                           syscall.Errno = 1624
+	ERROR_INSTALL_PACKAGE_REJECTED                                            syscall.Errno = 1625
+	ERROR_FUNCTION_NOT_CALLED                                                 syscall.Errno = 1626
+	ERROR_FUNCTION_FAILED                                                     syscall.Errno = 1627
+	ERROR_INVALID_TABLE                                                       syscall.Errno = 1628
+	ERROR_DATATYPE_MISMATCH                                                   syscall.Errno = 1629
+	ERROR_UNSUPPORTED_TYPE                                                    syscall.Errno = 1630
+	ERROR_CREATE_FAILED                                                       syscall.Errno = 1631
+	ERROR_INSTALL_TEMP_UNWRITABLE                                             syscall.Errno = 1632
+	ERROR_INSTALL_PLATFORM_UNSUPPORTED                                        syscall.Errno = 1633
+	ERROR_INSTALL_NOTUSED                                                     syscall.Errno = 1634
+	ERROR_PATCH_PACKAGE_OPEN_FAILED                                           syscall.Errno = 1635
+	ERROR_PATCH_PACKAGE_INVALID                                               syscall.Errno = 1636
+	ERROR_PATCH_PACKAGE_UNSUPPORTED                                           syscall.Errno = 1637
+	ERROR_PRODUCT_VERSION                                                     syscall.Errno = 1638
+	ERROR_INVALID_COMMAND_LINE                                                syscall.Errno = 1639
+	ERROR_INSTALL_REMOTE_DISALLOWED                                           syscall.Errno = 1640
+	ERROR_SUCCESS_REBOOT_INITIATED                                            syscall.Errno = 1641
+	ERROR_PATCH_TARGET_NOT_FOUND                                              syscall.Errno = 1642
+	ERROR_PATCH_PACKAGE_REJECTED                                              syscall.Errno = 1643
+	ERROR_INSTALL_TRANSFORM_REJECTED                                          syscall.Errno = 1644
+	ERROR_INSTALL_REMOTE_PROHIBITED                                           syscall.Errno = 1645
+	ERROR_PATCH_REMOVAL_UNSUPPORTED                                           syscall.Errno = 1646
+	ERROR_UNKNOWN_PATCH                                                       syscall.Errno = 1647
+	ERROR_PATCH_NO_SEQUENCE                                                   syscall.Errno = 1648
+	ERROR_PATCH_REMOVAL_DISALLOWED                                            syscall.Errno = 1649
+	ERROR_INVALID_PATCH_XML                                                   syscall.Errno = 1650
+	ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT                                    syscall.Errno = 1651
+	ERROR_INSTALL_SERVICE_SAFEBOOT                                            syscall.Errno = 1652
+	ERROR_FAIL_FAST_EXCEPTION                                                 syscall.Errno = 1653
+	ERROR_INSTALL_REJECTED                                                    syscall.Errno = 1654
+	ERROR_DYNAMIC_CODE_BLOCKED                                                syscall.Errno = 1655
+	ERROR_NOT_SAME_OBJECT                                                     syscall.Errno = 1656
+	ERROR_STRICT_CFG_VIOLATION                                                syscall.Errno = 1657
+	ERROR_SET_CONTEXT_DENIED                                                  syscall.Errno = 1660
+	ERROR_CROSS_PARTITION_VIOLATION                                           syscall.Errno = 1661
+	RPC_S_INVALID_STRING_BINDING                                              syscall.Errno = 1700
+	RPC_S_WRONG_KIND_OF_BINDING                                               syscall.Errno = 1701
+	RPC_S_INVALID_BINDING                                                     syscall.Errno = 1702
+	RPC_S_PROTSEQ_NOT_SUPPORTED                                               syscall.Errno = 1703
+	RPC_S_INVALID_RPC_PROTSEQ                                                 syscall.Errno = 1704
+	RPC_S_INVALID_STRING_UUID                                                 syscall.Errno = 1705
+	RPC_S_INVALID_ENDPOINT_FORMAT                                             syscall.Errno = 1706
+	RPC_S_INVALID_NET_ADDR                                                    syscall.Errno = 1707
+	RPC_S_NO_ENDPOINT_FOUND                                                   syscall.Errno = 1708
+	RPC_S_INVALID_TIMEOUT                                                     syscall.Errno = 1709
+	RPC_S_OBJECT_NOT_FOUND                                                    syscall.Errno = 1710
+	RPC_S_ALREADY_REGISTERED                                                  syscall.Errno = 1711
+	RPC_S_TYPE_ALREADY_REGISTERED                                             syscall.Errno = 1712
+	RPC_S_ALREADY_LISTENING                                                   syscall.Errno = 1713
+	RPC_S_NO_PROTSEQS_REGISTERED                                              syscall.Errno = 1714
+	RPC_S_NOT_LISTENING                                                       syscall.Errno = 1715
+	RPC_S_UNKNOWN_MGR_TYPE                                                    syscall.Errno = 1716
+	RPC_S_UNKNOWN_IF                                                          syscall.Errno = 1717
+	RPC_S_NO_BINDINGS                                                         syscall.Errno = 1718
+	RPC_S_NO_PROTSEQS                                                         syscall.Errno = 1719
+	RPC_S_CANT_CREATE_ENDPOINT                                                syscall.Errno = 1720
+	RPC_S_OUT_OF_RESOURCES                                                    syscall.Errno = 1721
+	RPC_S_SERVER_UNAVAILABLE                                                  syscall.Errno = 1722
+	RPC_S_SERVER_TOO_BUSY                                                     syscall.Errno = 1723
+	RPC_S_INVALID_NETWORK_OPTIONS                                             syscall.Errno = 1724
+	RPC_S_NO_CALL_ACTIVE                                                      syscall.Errno = 1725
+	RPC_S_CALL_FAILED                                                         syscall.Errno = 1726
+	RPC_S_CALL_FAILED_DNE                                                     syscall.Errno = 1727
+	RPC_S_PROTOCOL_ERROR                                                      syscall.Errno = 1728
+	RPC_S_PROXY_ACCESS_DENIED                                                 syscall.Errno = 1729
+	RPC_S_UNSUPPORTED_TRANS_SYN                                               syscall.Errno = 1730
+	RPC_S_UNSUPPORTED_TYPE                                                    syscall.Errno = 1732
+	RPC_S_INVALID_TAG                                                         syscall.Errno = 1733
+	RPC_S_INVALID_BOUND                                                       syscall.Errno = 1734
+	RPC_S_NO_ENTRY_NAME                                                       syscall.Errno = 1735
+	RPC_S_INVALID_NAME_SYNTAX                                                 syscall.Errno = 1736
+	RPC_S_UNSUPPORTED_NAME_SYNTAX                                             syscall.Errno = 1737
+	RPC_S_UUID_NO_ADDRESS                                                     syscall.Errno = 1739
+	RPC_S_DUPLICATE_ENDPOINT                                                  syscall.Errno = 1740
+	RPC_S_UNKNOWN_AUTHN_TYPE                                                  syscall.Errno = 1741
+	RPC_S_MAX_CALLS_TOO_SMALL                                                 syscall.Errno = 1742
+	RPC_S_STRING_TOO_LONG                                                     syscall.Errno = 1743
+	RPC_S_PROTSEQ_NOT_FOUND                                                   syscall.Errno = 1744
+	RPC_S_PROCNUM_OUT_OF_RANGE                                                syscall.Errno = 1745
+	RPC_S_BINDING_HAS_NO_AUTH                                                 syscall.Errno = 1746
+	RPC_S_UNKNOWN_AUTHN_SERVICE                                               syscall.Errno = 1747
+	RPC_S_UNKNOWN_AUTHN_LEVEL                                                 syscall.Errno = 1748
+	RPC_S_INVALID_AUTH_IDENTITY                                               syscall.Errno = 1749
+	RPC_S_UNKNOWN_AUTHZ_SERVICE                                               syscall.Errno = 1750
+	EPT_S_INVALID_ENTRY                                                       syscall.Errno = 1751
+	EPT_S_CANT_PERFORM_OP                                                     syscall.Errno = 1752
+	EPT_S_NOT_REGISTERED                                                      syscall.Errno = 1753
+	RPC_S_NOTHING_TO_EXPORT                                                   syscall.Errno = 1754
+	RPC_S_INCOMPLETE_NAME                                                     syscall.Errno = 1755
+	RPC_S_INVALID_VERS_OPTION                                                 syscall.Errno = 1756
+	RPC_S_NO_MORE_MEMBERS                                                     syscall.Errno = 1757
+	RPC_S_NOT_ALL_OBJS_UNEXPORTED                                             syscall.Errno = 1758
+	RPC_S_INTERFACE_NOT_FOUND                                                 syscall.Errno = 1759
+	RPC_S_ENTRY_ALREADY_EXISTS                                                syscall.Errno = 1760
+	RPC_S_ENTRY_NOT_FOUND                                                     syscall.Errno = 1761
+	RPC_S_NAME_SERVICE_UNAVAILABLE                                            syscall.Errno = 1762
+	RPC_S_INVALID_NAF_ID                                                      syscall.Errno = 1763
+	RPC_S_CANNOT_SUPPORT                                                      syscall.Errno = 1764
+	RPC_S_NO_CONTEXT_AVAILABLE                                                syscall.Errno = 1765
+	RPC_S_INTERNAL_ERROR                                                      syscall.Errno = 1766
+	RPC_S_ZERO_DIVIDE                                                         syscall.Errno = 1767
+	RPC_S_ADDRESS_ERROR                                                       syscall.Errno = 1768
+	RPC_S_FP_DIV_ZERO                                                         syscall.Errno = 1769
+	RPC_S_FP_UNDERFLOW                                                        syscall.Errno = 1770
+	RPC_S_FP_OVERFLOW                                                         syscall.Errno = 1771
+	RPC_X_NO_MORE_ENTRIES                                                     syscall.Errno = 1772
+	RPC_X_SS_CHAR_TRANS_OPEN_FAIL                                             syscall.Errno = 1773
+	RPC_X_SS_CHAR_TRANS_SHORT_FILE                                            syscall.Errno = 1774
+	RPC_X_SS_IN_NULL_CONTEXT                                                  syscall.Errno = 1775
+	RPC_X_SS_CONTEXT_DAMAGED                                                  syscall.Errno = 1777
+	RPC_X_SS_HANDLES_MISMATCH                                                 syscall.Errno = 1778
+	RPC_X_SS_CANNOT_GET_CALL_HANDLE                                           syscall.Errno = 1779
+	RPC_X_NULL_REF_POINTER                                                    syscall.Errno = 1780
+	RPC_X_ENUM_VALUE_OUT_OF_RANGE                                             syscall.Errno = 1781
+	RPC_X_BYTE_COUNT_TOO_SMALL                                                syscall.Errno = 1782
+	RPC_X_BAD_STUB_DATA                                                       syscall.Errno = 1783
+	ERROR_INVALID_USER_BUFFER                                                 syscall.Errno = 1784
+	ERROR_UNRECOGNIZED_MEDIA                                                  syscall.Errno = 1785
+	ERROR_NO_TRUST_LSA_SECRET                                                 syscall.Errno = 1786
+	ERROR_NO_TRUST_SAM_ACCOUNT                                                syscall.Errno = 1787
+	ERROR_TRUSTED_DOMAIN_FAILURE                                              syscall.Errno = 1788
+	ERROR_TRUSTED_RELATIONSHIP_FAILURE                                        syscall.Errno = 1789
+	ERROR_TRUST_FAILURE                                                       syscall.Errno = 1790
+	RPC_S_CALL_IN_PROGRESS                                                    syscall.Errno = 1791
+	ERROR_NETLOGON_NOT_STARTED                                                syscall.Errno = 1792
+	ERROR_ACCOUNT_EXPIRED                                                     syscall.Errno = 1793
+	ERROR_REDIRECTOR_HAS_OPEN_HANDLES                                         syscall.Errno = 1794
+	ERROR_PRINTER_DRIVER_ALREADY_INSTALLED                                    syscall.Errno = 1795
+	ERROR_UNKNOWN_PORT                                                        syscall.Errno = 1796
+	ERROR_UNKNOWN_PRINTER_DRIVER                                              syscall.Errno = 1797
+	ERROR_UNKNOWN_PRINTPROCESSOR                                              syscall.Errno = 1798
+	ERROR_INVALID_SEPARATOR_FILE                                              syscall.Errno = 1799
+	ERROR_INVALID_PRIORITY                                                    syscall.Errno = 1800
+	ERROR_INVALID_PRINTER_NAME                                                syscall.Errno = 1801
+	ERROR_PRINTER_ALREADY_EXISTS                                              syscall.Errno = 1802
+	ERROR_INVALID_PRINTER_COMMAND                                             syscall.Errno = 1803
+	ERROR_INVALID_DATATYPE                                                    syscall.Errno = 1804
+	ERROR_INVALID_ENVIRONMENT                                                 syscall.Errno = 1805
+	RPC_S_NO_MORE_BINDINGS                                                    syscall.Errno = 1806
+	ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT                                   syscall.Errno = 1807
+	ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT                                   syscall.Errno = 1808
+	ERROR_NOLOGON_SERVER_TRUST_ACCOUNT                                        syscall.Errno = 1809
+	ERROR_DOMAIN_TRUST_INCONSISTENT                                           syscall.Errno = 1810
+	ERROR_SERVER_HAS_OPEN_HANDLES                                             syscall.Errno = 1811
+	ERROR_RESOURCE_DATA_NOT_FOUND                                             syscall.Errno = 1812
+	ERROR_RESOURCE_TYPE_NOT_FOUND                                             syscall.Errno = 1813
+	ERROR_RESOURCE_NAME_NOT_FOUND                                             syscall.Errno = 1814
+	ERROR_RESOURCE_LANG_NOT_FOUND                                             syscall.Errno = 1815
+	ERROR_NOT_ENOUGH_QUOTA                                                    syscall.Errno = 1816
+	RPC_S_NO_INTERFACES                                                       syscall.Errno = 1817
+	RPC_S_CALL_CANCELLED                                                      syscall.Errno = 1818
+	RPC_S_BINDING_INCOMPLETE                                                  syscall.Errno = 1819
+	RPC_S_COMM_FAILURE                                                        syscall.Errno = 1820
+	RPC_S_UNSUPPORTED_AUTHN_LEVEL                                             syscall.Errno = 1821
+	RPC_S_NO_PRINC_NAME                                                       syscall.Errno = 1822
+	RPC_S_NOT_RPC_ERROR                                                       syscall.Errno = 1823
+	RPC_S_UUID_LOCAL_ONLY                                                     syscall.Errno = 1824
+	RPC_S_SEC_PKG_ERROR                                                       syscall.Errno = 1825
+	RPC_S_NOT_CANCELLED                                                       syscall.Errno = 1826
+	RPC_X_INVALID_ES_ACTION                                                   syscall.Errno = 1827
+	RPC_X_WRONG_ES_VERSION                                                    syscall.Errno = 1828
+	RPC_X_WRONG_STUB_VERSION                                                  syscall.Errno = 1829
+	RPC_X_INVALID_PIPE_OBJECT                                                 syscall.Errno = 1830
+	RPC_X_WRONG_PIPE_ORDER                                                    syscall.Errno = 1831
+	RPC_X_WRONG_PIPE_VERSION                                                  syscall.Errno = 1832
+	RPC_S_COOKIE_AUTH_FAILED                                                  syscall.Errno = 1833
+	RPC_S_DO_NOT_DISTURB                                                      syscall.Errno = 1834
+	RPC_S_SYSTEM_HANDLE_COUNT_EXCEEDED                                        syscall.Errno = 1835
+	RPC_S_SYSTEM_HANDLE_TYPE_MISMATCH                                         syscall.Errno = 1836
+	RPC_S_GROUP_MEMBER_NOT_FOUND                                              syscall.Errno = 1898
+	EPT_S_CANT_CREATE                                                         syscall.Errno = 1899
+	RPC_S_INVALID_OBJECT                                                      syscall.Errno = 1900
+	ERROR_INVALID_TIME                                                        syscall.Errno = 1901
+	ERROR_INVALID_FORM_NAME                                                   syscall.Errno = 1902
+	ERROR_INVALID_FORM_SIZE                                                   syscall.Errno = 1903
+	ERROR_ALREADY_WAITING                                                     syscall.Errno = 1904
+	ERROR_PRINTER_DELETED                                                     syscall.Errno = 1905
+	ERROR_INVALID_PRINTER_STATE                                               syscall.Errno = 1906
+	ERROR_PASSWORD_MUST_CHANGE                                                syscall.Errno = 1907
+	ERROR_DOMAIN_CONTROLLER_NOT_FOUND                                         syscall.Errno = 1908
+	ERROR_ACCOUNT_LOCKED_OUT                                                  syscall.Errno = 1909
+	OR_INVALID_OXID                                                           syscall.Errno = 1910
+	OR_INVALID_OID                                                            syscall.Errno = 1911
+	OR_INVALID_SET                                                            syscall.Errno = 1912
+	RPC_S_SEND_INCOMPLETE                                                     syscall.Errno = 1913
+	RPC_S_INVALID_ASYNC_HANDLE                                                syscall.Errno = 1914
+	RPC_S_INVALID_ASYNC_CALL                                                  syscall.Errno = 1915
+	RPC_X_PIPE_CLOSED                                                         syscall.Errno = 1916
+	RPC_X_PIPE_DISCIPLINE_ERROR                                               syscall.Errno = 1917
+	RPC_X_PIPE_EMPTY                                                          syscall.Errno = 1918
+	ERROR_NO_SITENAME                                                         syscall.Errno = 1919
+	ERROR_CANT_ACCESS_FILE                                                    syscall.Errno = 1920
+	ERROR_CANT_RESOLVE_FILENAME                                               syscall.Errno = 1921
+	RPC_S_ENTRY_TYPE_MISMATCH                                                 syscall.Errno = 1922
+	RPC_S_NOT_ALL_OBJS_EXPORTED                                               syscall.Errno = 1923
+	RPC_S_INTERFACE_NOT_EXPORTED                                              syscall.Errno = 1924
+	RPC_S_PROFILE_NOT_ADDED                                                   syscall.Errno = 1925
+	RPC_S_PRF_ELT_NOT_ADDED                                                   syscall.Errno = 1926
+	RPC_S_PRF_ELT_NOT_REMOVED                                                 syscall.Errno = 1927
+	RPC_S_GRP_ELT_NOT_ADDED                                                   syscall.Errno = 1928
+	RPC_S_GRP_ELT_NOT_REMOVED                                                 syscall.Errno = 1929
+	ERROR_KM_DRIVER_BLOCKED                                                   syscall.Errno = 1930
+	ERROR_CONTEXT_EXPIRED                                                     syscall.Errno = 1931
+	ERROR_PER_USER_TRUST_QUOTA_EXCEEDED                                       syscall.Errno = 1932
+	ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED                                       syscall.Errno = 1933
+	ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED                                    syscall.Errno = 1934
+	ERROR_AUTHENTICATION_FIREWALL_FAILED                                      syscall.Errno = 1935
+	ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED                                    syscall.Errno = 1936
+	ERROR_NTLM_BLOCKED                                                        syscall.Errno = 1937
+	ERROR_PASSWORD_CHANGE_REQUIRED                                            syscall.Errno = 1938
+	ERROR_LOST_MODE_LOGON_RESTRICTION                                         syscall.Errno = 1939
+	ERROR_INVALID_PIXEL_FORMAT                                                syscall.Errno = 2000
+	ERROR_BAD_DRIVER                                                          syscall.Errno = 2001
+	ERROR_INVALID_WINDOW_STYLE                                                syscall.Errno = 2002
+	ERROR_METAFILE_NOT_SUPPORTED                                              syscall.Errno = 2003
+	ERROR_TRANSFORM_NOT_SUPPORTED                                             syscall.Errno = 2004
+	ERROR_CLIPPING_NOT_SUPPORTED                                              syscall.Errno = 2005
+	ERROR_INVALID_CMM                                                         syscall.Errno = 2010
+	ERROR_INVALID_PROFILE                                                     syscall.Errno = 2011
+	ERROR_TAG_NOT_FOUND                                                       syscall.Errno = 2012
+	ERROR_TAG_NOT_PRESENT                                                     syscall.Errno = 2013
+	ERROR_DUPLICATE_TAG                                                       syscall.Errno = 2014
+	ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE                                  syscall.Errno = 2015
+	ERROR_PROFILE_NOT_FOUND                                                   syscall.Errno = 2016
+	ERROR_INVALID_COLORSPACE                                                  syscall.Errno = 2017
+	ERROR_ICM_NOT_ENABLED                                                     syscall.Errno = 2018
+	ERROR_DELETING_ICM_XFORM                                                  syscall.Errno = 2019
+	ERROR_INVALID_TRANSFORM                                                   syscall.Errno = 2020
+	ERROR_COLORSPACE_MISMATCH                                                 syscall.Errno = 2021
+	ERROR_INVALID_COLORINDEX                                                  syscall.Errno = 2022
+	ERROR_PROFILE_DOES_NOT_MATCH_DEVICE                                       syscall.Errno = 2023
+	ERROR_CONNECTED_OTHER_PASSWORD                                            syscall.Errno = 2108
+	ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT                                    syscall.Errno = 2109
+	ERROR_BAD_USERNAME                                                        syscall.Errno = 2202
+	ERROR_NOT_CONNECTED                                                       syscall.Errno = 2250
+	ERROR_OPEN_FILES                                                          syscall.Errno = 2401
+	ERROR_ACTIVE_CONNECTIONS                                                  syscall.Errno = 2402
+	ERROR_DEVICE_IN_USE                                                       syscall.Errno = 2404
+	ERROR_UNKNOWN_PRINT_MONITOR                                               syscall.Errno = 3000
+	ERROR_PRINTER_DRIVER_IN_USE                                               syscall.Errno = 3001
+	ERROR_SPOOL_FILE_NOT_FOUND                                                syscall.Errno = 3002
+	ERROR_SPL_NO_STARTDOC                                                     syscall.Errno = 3003
+	ERROR_SPL_NO_ADDJOB                                                       syscall.Errno = 3004
+	ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED                                   syscall.Errno = 3005
+	ERROR_PRINT_MONITOR_ALREADY_INSTALLED                                     syscall.Errno = 3006
+	ERROR_INVALID_PRINT_MONITOR                                               syscall.Errno = 3007
+	ERROR_PRINT_MONITOR_IN_USE                                                syscall.Errno = 3008
+	ERROR_PRINTER_HAS_JOBS_QUEUED                                             syscall.Errno = 3009
+	ERROR_SUCCESS_REBOOT_REQUIRED                                             syscall.Errno = 3010
+	ERROR_SUCCESS_RESTART_REQUIRED                                            syscall.Errno = 3011
+	ERROR_PRINTER_NOT_FOUND                                                   syscall.Errno = 3012
+	ERROR_PRINTER_DRIVER_WARNED                                               syscall.Errno = 3013
+	ERROR_PRINTER_DRIVER_BLOCKED                                              syscall.Errno = 3014
+	ERROR_PRINTER_DRIVER_PACKAGE_IN_USE                                       syscall.Errno = 3015
+	ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND                                       syscall.Errno = 3016
+	ERROR_FAIL_REBOOT_REQUIRED                                                syscall.Errno = 3017
+	ERROR_FAIL_REBOOT_INITIATED                                               syscall.Errno = 3018
+	ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED                                      syscall.Errno = 3019
+	ERROR_PRINT_JOB_RESTART_REQUIRED                                          syscall.Errno = 3020
+	ERROR_INVALID_PRINTER_DRIVER_MANIFEST                                     syscall.Errno = 3021
+	ERROR_PRINTER_NOT_SHAREABLE                                               syscall.Errno = 3022
+	ERROR_REQUEST_PAUSED                                                      syscall.Errno = 3050
+	ERROR_APPEXEC_CONDITION_NOT_SATISFIED                                     syscall.Errno = 3060
+	ERROR_APPEXEC_HANDLE_INVALIDATED                                          syscall.Errno = 3061
+	ERROR_APPEXEC_INVALID_HOST_GENERATION                                     syscall.Errno = 3062
+	ERROR_APPEXEC_UNEXPECTED_PROCESS_REGISTRATION                             syscall.Errno = 3063
+	ERROR_APPEXEC_INVALID_HOST_STATE                                          syscall.Errno = 3064
+	ERROR_APPEXEC_NO_DONOR                                                    syscall.Errno = 3065
+	ERROR_APPEXEC_HOST_ID_MISMATCH                                            syscall.Errno = 3066
+	ERROR_APPEXEC_UNKNOWN_USER                                                syscall.Errno = 3067
+	ERROR_IO_REISSUE_AS_CACHED                                                syscall.Errno = 3950
+	ERROR_WINS_INTERNAL                                                       syscall.Errno = 4000
+	ERROR_CAN_NOT_DEL_LOCAL_WINS                                              syscall.Errno = 4001
+	ERROR_STATIC_INIT                                                         syscall.Errno = 4002
+	ERROR_INC_BACKUP                                                          syscall.Errno = 4003
+	ERROR_FULL_BACKUP                                                         syscall.Errno = 4004
+	ERROR_REC_NON_EXISTENT                                                    syscall.Errno = 4005
+	ERROR_RPL_NOT_ALLOWED                                                     syscall.Errno = 4006
+	PEERDIST_ERROR_CONTENTINFO_VERSION_UNSUPPORTED                            syscall.Errno = 4050
+	PEERDIST_ERROR_CANNOT_PARSE_CONTENTINFO                                   syscall.Errno = 4051
+	PEERDIST_ERROR_MISSING_DATA                                               syscall.Errno = 4052
+	PEERDIST_ERROR_NO_MORE                                                    syscall.Errno = 4053
+	PEERDIST_ERROR_NOT_INITIALIZED                                            syscall.Errno = 4054
+	PEERDIST_ERROR_ALREADY_INITIALIZED                                        syscall.Errno = 4055
+	PEERDIST_ERROR_SHUTDOWN_IN_PROGRESS                                       syscall.Errno = 4056
+	PEERDIST_ERROR_INVALIDATED                                                syscall.Errno = 4057
+	PEERDIST_ERROR_ALREADY_EXISTS                                             syscall.Errno = 4058
+	PEERDIST_ERROR_OPERATION_NOTFOUND                                         syscall.Errno = 4059
+	PEERDIST_ERROR_ALREADY_COMPLETED                                          syscall.Errno = 4060
+	PEERDIST_ERROR_OUT_OF_BOUNDS                                              syscall.Errno = 4061
+	PEERDIST_ERROR_VERSION_UNSUPPORTED                                        syscall.Errno = 4062
+	PEERDIST_ERROR_INVALID_CONFIGURATION                                      syscall.Errno = 4063
+	PEERDIST_ERROR_NOT_LICENSED                                               syscall.Errno = 4064
+	PEERDIST_ERROR_SERVICE_UNAVAILABLE                                        syscall.Errno = 4065
+	PEERDIST_ERROR_TRUST_FAILURE                                              syscall.Errno = 4066
+	ERROR_DHCP_ADDRESS_CONFLICT                                               syscall.Errno = 4100
+	ERROR_WMI_GUID_NOT_FOUND                                                  syscall.Errno = 4200
+	ERROR_WMI_INSTANCE_NOT_FOUND                                              syscall.Errno = 4201
+	ERROR_WMI_ITEMID_NOT_FOUND                                                syscall.Errno = 4202
+	ERROR_WMI_TRY_AGAIN                                                       syscall.Errno = 4203
+	ERROR_WMI_DP_NOT_FOUND                                                    syscall.Errno = 4204
+	ERROR_WMI_UNRESOLVED_INSTANCE_REF                                         syscall.Errno = 4205
+	ERROR_WMI_ALREADY_ENABLED                                                 syscall.Errno = 4206
+	ERROR_WMI_GUID_DISCONNECTED                                               syscall.Errno = 4207
+	ERROR_WMI_SERVER_UNAVAILABLE                                              syscall.Errno = 4208
+	ERROR_WMI_DP_FAILED                                                       syscall.Errno = 4209
+	ERROR_WMI_INVALID_MOF                                                     syscall.Errno = 4210
+	ERROR_WMI_INVALID_REGINFO                                                 syscall.Errno = 4211
+	ERROR_WMI_ALREADY_DISABLED                                                syscall.Errno = 4212
+	ERROR_WMI_READ_ONLY                                                       syscall.Errno = 4213
+	ERROR_WMI_SET_FAILURE                                                     syscall.Errno = 4214
+	ERROR_NOT_APPCONTAINER                                                    syscall.Errno = 4250
+	ERROR_APPCONTAINER_REQUIRED                                               syscall.Errno = 4251
+	ERROR_NOT_SUPPORTED_IN_APPCONTAINER                                       syscall.Errno = 4252
+	ERROR_INVALID_PACKAGE_SID_LENGTH                                          syscall.Errno = 4253
+	ERROR_INVALID_MEDIA                                                       syscall.Errno = 4300
+	ERROR_INVALID_LIBRARY                                                     syscall.Errno = 4301
+	ERROR_INVALID_MEDIA_POOL                                                  syscall.Errno = 4302
+	ERROR_DRIVE_MEDIA_MISMATCH                                                syscall.Errno = 4303
+	ERROR_MEDIA_OFFLINE                                                       syscall.Errno = 4304
+	ERROR_LIBRARY_OFFLINE                                                     syscall.Errno = 4305
+	ERROR_EMPTY                                                               syscall.Errno = 4306
+	ERROR_NOT_EMPTY                                                           syscall.Errno = 4307
+	ERROR_MEDIA_UNAVAILABLE                                                   syscall.Errno = 4308
+	ERROR_RESOURCE_DISABLED                                                   syscall.Errno = 4309
+	ERROR_INVALID_CLEANER                                                     syscall.Errno = 4310
+	ERROR_UNABLE_TO_CLEAN                                                     syscall.Errno = 4311
+	ERROR_OBJECT_NOT_FOUND                                                    syscall.Errno = 4312
+	ERROR_DATABASE_FAILURE                                                    syscall.Errno = 4313
+	ERROR_DATABASE_FULL                                                       syscall.Errno = 4314
+	ERROR_MEDIA_INCOMPATIBLE                                                  syscall.Errno = 4315
+	ERROR_RESOURCE_NOT_PRESENT                                                syscall.Errno = 4316
+	ERROR_INVALID_OPERATION                                                   syscall.Errno = 4317
+	ERROR_MEDIA_NOT_AVAILABLE                                                 syscall.Errno = 4318
+	ERROR_DEVICE_NOT_AVAILABLE                                                syscall.Errno = 4319
+	ERROR_REQUEST_REFUSED                                                     syscall.Errno = 4320
+	ERROR_INVALID_DRIVE_OBJECT                                                syscall.Errno = 4321
+	ERROR_LIBRARY_FULL                                                        syscall.Errno = 4322
+	ERROR_MEDIUM_NOT_ACCESSIBLE                                               syscall.Errno = 4323
+	ERROR_UNABLE_TO_LOAD_MEDIUM                                               syscall.Errno = 4324
+	ERROR_UNABLE_TO_INVENTORY_DRIVE                                           syscall.Errno = 4325
+	ERROR_UNABLE_TO_INVENTORY_SLOT                                            syscall.Errno = 4326
+	ERROR_UNABLE_TO_INVENTORY_TRANSPORT                                       syscall.Errno = 4327
+	ERROR_TRANSPORT_FULL                                                      syscall.Errno = 4328
+	ERROR_CONTROLLING_IEPORT                                                  syscall.Errno = 4329
+	ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA                                       syscall.Errno = 4330
+	ERROR_CLEANER_SLOT_SET                                                    syscall.Errno = 4331
+	ERROR_CLEANER_SLOT_NOT_SET                                                syscall.Errno = 4332
+	ERROR_CLEANER_CARTRIDGE_SPENT                                             syscall.Errno = 4333
+	ERROR_UNEXPECTED_OMID                                                     syscall.Errno = 4334
+	ERROR_CANT_DELETE_LAST_ITEM                                               syscall.Errno = 4335
+	ERROR_MESSAGE_EXCEEDS_MAX_SIZE                                            syscall.Errno = 4336
+	ERROR_VOLUME_CONTAINS_SYS_FILES                                           syscall.Errno = 4337
+	ERROR_INDIGENOUS_TYPE                                                     syscall.Errno = 4338
+	ERROR_NO_SUPPORTING_DRIVES                                                syscall.Errno = 4339
+	ERROR_CLEANER_CARTRIDGE_INSTALLED                                         syscall.Errno = 4340
+	ERROR_IEPORT_FULL                                                         syscall.Errno = 4341
+	ERROR_FILE_OFFLINE                                                        syscall.Errno = 4350
+	ERROR_REMOTE_STORAGE_NOT_ACTIVE                                           syscall.Errno = 4351
+	ERROR_REMOTE_STORAGE_MEDIA_ERROR                                          syscall.Errno = 4352
+	ERROR_NOT_A_REPARSE_POINT                                                 syscall.Errno = 4390
+	ERROR_REPARSE_ATTRIBUTE_CONFLICT                                          syscall.Errno = 4391
+	ERROR_INVALID_REPARSE_DATA                                                syscall.Errno = 4392
+	ERROR_REPARSE_TAG_INVALID                                                 syscall.Errno = 4393
+	ERROR_REPARSE_TAG_MISMATCH                                                syscall.Errno = 4394
+	ERROR_REPARSE_POINT_ENCOUNTERED                                           syscall.Errno = 4395
+	ERROR_APP_DATA_NOT_FOUND                                                  syscall.Errno = 4400
+	ERROR_APP_DATA_EXPIRED                                                    syscall.Errno = 4401
+	ERROR_APP_DATA_CORRUPT                                                    syscall.Errno = 4402
+	ERROR_APP_DATA_LIMIT_EXCEEDED                                             syscall.Errno = 4403
+	ERROR_APP_DATA_REBOOT_REQUIRED                                            syscall.Errno = 4404
+	ERROR_SECUREBOOT_ROLLBACK_DETECTED                                        syscall.Errno = 4420
+	ERROR_SECUREBOOT_POLICY_VIOLATION                                         syscall.Errno = 4421
+	ERROR_SECUREBOOT_INVALID_POLICY                                           syscall.Errno = 4422
+	ERROR_SECUREBOOT_POLICY_PUBLISHER_NOT_FOUND                               syscall.Errno = 4423
+	ERROR_SECUREBOOT_POLICY_NOT_SIGNED                                        syscall.Errno = 4424
+	ERROR_SECUREBOOT_NOT_ENABLED                                              syscall.Errno = 4425
+	ERROR_SECUREBOOT_FILE_REPLACED                                            syscall.Errno = 4426
+	ERROR_SECUREBOOT_POLICY_NOT_AUTHORIZED                                    syscall.Errno = 4427
+	ERROR_SECUREBOOT_POLICY_UNKNOWN                                           syscall.Errno = 4428
+	ERROR_SECUREBOOT_POLICY_MISSING_ANTIROLLBACKVERSION                       syscall.Errno = 4429
+	ERROR_SECUREBOOT_PLATFORM_ID_MISMATCH                                     syscall.Errno = 4430
+	ERROR_SECUREBOOT_POLICY_ROLLBACK_DETECTED                                 syscall.Errno = 4431
+	ERROR_SECUREBOOT_POLICY_UPGRADE_MISMATCH                                  syscall.Errno = 4432
+	ERROR_SECUREBOOT_REQUIRED_POLICY_FILE_MISSING                             syscall.Errno = 4433
+	ERROR_SECUREBOOT_NOT_BASE_POLICY                                          syscall.Errno = 4434
+	ERROR_SECUREBOOT_NOT_SUPPLEMENTAL_POLICY                                  syscall.Errno = 4435
+	ERROR_OFFLOAD_READ_FLT_NOT_SUPPORTED                                      syscall.Errno = 4440
+	ERROR_OFFLOAD_WRITE_FLT_NOT_SUPPORTED                                     syscall.Errno = 4441
+	ERROR_OFFLOAD_READ_FILE_NOT_SUPPORTED                                     syscall.Errno = 4442
+	ERROR_OFFLOAD_WRITE_FILE_NOT_SUPPORTED                                    syscall.Errno = 4443
+	ERROR_ALREADY_HAS_STREAM_ID                                               syscall.Errno = 4444
+	ERROR_SMR_GARBAGE_COLLECTION_REQUIRED                                     syscall.Errno = 4445
+	ERROR_WOF_WIM_HEADER_CORRUPT                                              syscall.Errno = 4446
+	ERROR_WOF_WIM_RESOURCE_TABLE_CORRUPT                                      syscall.Errno = 4447
+	ERROR_WOF_FILE_RESOURCE_TABLE_CORRUPT                                     syscall.Errno = 4448
+	ERROR_VOLUME_NOT_SIS_ENABLED                                              syscall.Errno = 4500
+	ERROR_SYSTEM_INTEGRITY_ROLLBACK_DETECTED                                  syscall.Errno = 4550
+	ERROR_SYSTEM_INTEGRITY_POLICY_VIOLATION                                   syscall.Errno = 4551
+	ERROR_SYSTEM_INTEGRITY_INVALID_POLICY                                     syscall.Errno = 4552
+	ERROR_SYSTEM_INTEGRITY_POLICY_NOT_SIGNED                                  syscall.Errno = 4553
+	ERROR_SYSTEM_INTEGRITY_TOO_MANY_POLICIES                                  syscall.Errno = 4554
+	ERROR_SYSTEM_INTEGRITY_SUPPLEMENTAL_POLICY_NOT_AUTHORIZED                 syscall.Errno = 4555
+	ERROR_VSM_NOT_INITIALIZED                                                 syscall.Errno = 4560
+	ERROR_VSM_DMA_PROTECTION_NOT_IN_USE                                       syscall.Errno = 4561
+	ERROR_PLATFORM_MANIFEST_NOT_AUTHORIZED                                    syscall.Errno = 4570
+	ERROR_PLATFORM_MANIFEST_INVALID                                           syscall.Errno = 4571
+	ERROR_PLATFORM_MANIFEST_FILE_NOT_AUTHORIZED                               syscall.Errno = 4572
+	ERROR_PLATFORM_MANIFEST_CATALOG_NOT_AUTHORIZED                            syscall.Errno = 4573
+	ERROR_PLATFORM_MANIFEST_BINARY_ID_NOT_FOUND                               syscall.Errno = 4574
+	ERROR_PLATFORM_MANIFEST_NOT_ACTIVE                                        syscall.Errno = 4575
+	ERROR_PLATFORM_MANIFEST_NOT_SIGNED                                        syscall.Errno = 4576
+	ERROR_DEPENDENT_RESOURCE_EXISTS                                           syscall.Errno = 5001
+	ERROR_DEPENDENCY_NOT_FOUND                                                syscall.Errno = 5002
+	ERROR_DEPENDENCY_ALREADY_EXISTS                                           syscall.Errno = 5003
+	ERROR_RESOURCE_NOT_ONLINE                                                 syscall.Errno = 5004
+	ERROR_HOST_NODE_NOT_AVAILABLE                                             syscall.Errno = 5005
+	ERROR_RESOURCE_NOT_AVAILABLE                                              syscall.Errno = 5006
+	ERROR_RESOURCE_NOT_FOUND                                                  syscall.Errno = 5007
+	ERROR_SHUTDOWN_CLUSTER                                                    syscall.Errno = 5008
+	ERROR_CANT_EVICT_ACTIVE_NODE                                              syscall.Errno = 5009
+	ERROR_OBJECT_ALREADY_EXISTS                                               syscall.Errno = 5010
+	ERROR_OBJECT_IN_LIST                                                      syscall.Errno = 5011
+	ERROR_GROUP_NOT_AVAILABLE                                                 syscall.Errno = 5012
+	ERROR_GROUP_NOT_FOUND                                                     syscall.Errno = 5013
+	ERROR_GROUP_NOT_ONLINE                                                    syscall.Errno = 5014
+	ERROR_HOST_NODE_NOT_RESOURCE_OWNER                                        syscall.Errno = 5015
+	ERROR_HOST_NODE_NOT_GROUP_OWNER                                           syscall.Errno = 5016
+	ERROR_RESMON_CREATE_FAILED                                                syscall.Errno = 5017
+	ERROR_RESMON_ONLINE_FAILED                                                syscall.Errno = 5018
+	ERROR_RESOURCE_ONLINE                                                     syscall.Errno = 5019
+	ERROR_QUORUM_RESOURCE                                                     syscall.Errno = 5020
+	ERROR_NOT_QUORUM_CAPABLE                                                  syscall.Errno = 5021
+	ERROR_CLUSTER_SHUTTING_DOWN                                               syscall.Errno = 5022
+	ERROR_INVALID_STATE                                                       syscall.Errno = 5023
+	ERROR_RESOURCE_PROPERTIES_STORED                                          syscall.Errno = 5024
+	ERROR_NOT_QUORUM_CLASS                                                    syscall.Errno = 5025
+	ERROR_CORE_RESOURCE                                                       syscall.Errno = 5026
+	ERROR_QUORUM_RESOURCE_ONLINE_FAILED                                       syscall.Errno = 5027
+	ERROR_QUORUMLOG_OPEN_FAILED                                               syscall.Errno = 5028
+	ERROR_CLUSTERLOG_CORRUPT                                                  syscall.Errno = 5029
+	ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE                                   syscall.Errno = 5030
+	ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE                                          syscall.Errno = 5031
+	ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND                                       syscall.Errno = 5032
+	ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE                                         syscall.Errno = 5033
+	ERROR_QUORUM_OWNER_ALIVE                                                  syscall.Errno = 5034
+	ERROR_NETWORK_NOT_AVAILABLE                                               syscall.Errno = 5035
+	ERROR_NODE_NOT_AVAILABLE                                                  syscall.Errno = 5036
+	ERROR_ALL_NODES_NOT_AVAILABLE                                             syscall.Errno = 5037
+	ERROR_RESOURCE_FAILED                                                     syscall.Errno = 5038
+	ERROR_CLUSTER_INVALID_NODE                                                syscall.Errno = 5039
+	ERROR_CLUSTER_NODE_EXISTS                                                 syscall.Errno = 5040
+	ERROR_CLUSTER_JOIN_IN_PROGRESS                                            syscall.Errno = 5041
+	ERROR_CLUSTER_NODE_NOT_FOUND                                              syscall.Errno = 5042
+	ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND                                        syscall.Errno = 5043
+	ERROR_CLUSTER_NETWORK_EXISTS                                              syscall.Errno = 5044
+	ERROR_CLUSTER_NETWORK_NOT_FOUND                                           syscall.Errno = 5045
+	ERROR_CLUSTER_NETINTERFACE_EXISTS                                         syscall.Errno = 5046
+	ERROR_CLUSTER_NETINTERFACE_NOT_FOUND                                      syscall.Errno = 5047
+	ERROR_CLUSTER_INVALID_REQUEST                                             syscall.Errno = 5048
+	ERROR_CLUSTER_INVALID_NETWORK_PROVIDER                                    syscall.Errno = 5049
+	ERROR_CLUSTER_NODE_DOWN                                                   syscall.Errno = 5050
+	ERROR_CLUSTER_NODE_UNREACHABLE                                            syscall.Errno = 5051
+	ERROR_CLUSTER_NODE_NOT_MEMBER                                             syscall.Errno = 5052
+	ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS                                        syscall.Errno = 5053
+	ERROR_CLUSTER_INVALID_NETWORK                                             syscall.Errno = 5054
+	ERROR_CLUSTER_NODE_UP                                                     syscall.Errno = 5056
+	ERROR_CLUSTER_IPADDR_IN_USE                                               syscall.Errno = 5057
+	ERROR_CLUSTER_NODE_NOT_PAUSED                                             syscall.Errno = 5058
+	ERROR_CLUSTER_NO_SECURITY_CONTEXT                                         syscall.Errno = 5059
+	ERROR_CLUSTER_NETWORK_NOT_INTERNAL                                        syscall.Errno = 5060
+	ERROR_CLUSTER_NODE_ALREADY_UP                                             syscall.Errno = 5061
+	ERROR_CLUSTER_NODE_ALREADY_DOWN                                           syscall.Errno = 5062
+	ERROR_CLUSTER_NETWORK_ALREADY_ONLINE                                      syscall.Errno = 5063
+	ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE                                     syscall.Errno = 5064
+	ERROR_CLUSTER_NODE_ALREADY_MEMBER                                         syscall.Errno = 5065
+	ERROR_CLUSTER_LAST_INTERNAL_NETWORK                                       syscall.Errno = 5066
+	ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS                                      syscall.Errno = 5067
+	ERROR_INVALID_OPERATION_ON_QUORUM                                         syscall.Errno = 5068
+	ERROR_DEPENDENCY_NOT_ALLOWED                                              syscall.Errno = 5069
+	ERROR_CLUSTER_NODE_PAUSED                                                 syscall.Errno = 5070
+	ERROR_NODE_CANT_HOST_RESOURCE                                             syscall.Errno = 5071
+	ERROR_CLUSTER_NODE_NOT_READY                                              syscall.Errno = 5072
+	ERROR_CLUSTER_NODE_SHUTTING_DOWN                                          syscall.Errno = 5073
+	ERROR_CLUSTER_JOIN_ABORTED                                                syscall.Errno = 5074
+	ERROR_CLUSTER_INCOMPATIBLE_VERSIONS                                       syscall.Errno = 5075
+	ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED                                syscall.Errno = 5076
+	ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED                                       syscall.Errno = 5077
+	ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND                                     syscall.Errno = 5078
+	ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED                                       syscall.Errno = 5079
+	ERROR_CLUSTER_RESNAME_NOT_FOUND                                           syscall.Errno = 5080
+	ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED                                  syscall.Errno = 5081
+	ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST                                       syscall.Errno = 5082
+	ERROR_CLUSTER_DATABASE_SEQMISMATCH                                        syscall.Errno = 5083
+	ERROR_RESMON_INVALID_STATE                                                syscall.Errno = 5084
+	ERROR_CLUSTER_GUM_NOT_LOCKER                                              syscall.Errno = 5085
+	ERROR_QUORUM_DISK_NOT_FOUND                                               syscall.Errno = 5086
+	ERROR_DATABASE_BACKUP_CORRUPT                                             syscall.Errno = 5087
+	ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT                                   syscall.Errno = 5088
+	ERROR_RESOURCE_PROPERTY_UNCHANGEABLE                                      syscall.Errno = 5089
+	ERROR_NO_ADMIN_ACCESS_POINT                                               syscall.Errno = 5090
+	ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE                                    syscall.Errno = 5890
+	ERROR_CLUSTER_QUORUMLOG_NOT_FOUND                                         syscall.Errno = 5891
+	ERROR_CLUSTER_MEMBERSHIP_HALT                                             syscall.Errno = 5892
+	ERROR_CLUSTER_INSTANCE_ID_MISMATCH                                        syscall.Errno = 5893
+	ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP                                    syscall.Errno = 5894
+	ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH                                 syscall.Errno = 5895
+	ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP                                       syscall.Errno = 5896
+	ERROR_CLUSTER_PARAMETER_MISMATCH                                          syscall.Errno = 5897
+	ERROR_NODE_CANNOT_BE_CLUSTERED                                            syscall.Errno = 5898
+	ERROR_CLUSTER_WRONG_OS_VERSION                                            syscall.Errno = 5899
+	ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME                                syscall.Errno = 5900
+	ERROR_CLUSCFG_ALREADY_COMMITTED                                           syscall.Errno = 5901
+	ERROR_CLUSCFG_ROLLBACK_FAILED                                             syscall.Errno = 5902
+	ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT                           syscall.Errno = 5903
+	ERROR_CLUSTER_OLD_VERSION                                                 syscall.Errno = 5904
+	ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME                               syscall.Errno = 5905
+	ERROR_CLUSTER_NO_NET_ADAPTERS                                             syscall.Errno = 5906
+	ERROR_CLUSTER_POISONED                                                    syscall.Errno = 5907
+	ERROR_CLUSTER_GROUP_MOVING                                                syscall.Errno = 5908
+	ERROR_CLUSTER_RESOURCE_TYPE_BUSY                                          syscall.Errno = 5909
+	ERROR_RESOURCE_CALL_TIMED_OUT                                             syscall.Errno = 5910
+	ERROR_INVALID_CLUSTER_IPV6_ADDRESS                                        syscall.Errno = 5911
+	ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION                                   syscall.Errno = 5912
+	ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS                                     syscall.Errno = 5913
+	ERROR_CLUSTER_PARTIAL_SEND                                                syscall.Errno = 5914
+	ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION                                   syscall.Errno = 5915
+	ERROR_CLUSTER_INVALID_STRING_TERMINATION                                  syscall.Errno = 5916
+	ERROR_CLUSTER_INVALID_STRING_FORMAT                                       syscall.Errno = 5917
+	ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS                            syscall.Errno = 5918
+	ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS                        syscall.Errno = 5919
+	ERROR_CLUSTER_NULL_DATA                                                   syscall.Errno = 5920
+	ERROR_CLUSTER_PARTIAL_READ                                                syscall.Errno = 5921
+	ERROR_CLUSTER_PARTIAL_WRITE                                               syscall.Errno = 5922
+	ERROR_CLUSTER_CANT_DESERIALIZE_DATA                                       syscall.Errno = 5923
+	ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT                                syscall.Errno = 5924
+	ERROR_CLUSTER_NO_QUORUM                                                   syscall.Errno = 5925
+	ERROR_CLUSTER_INVALID_IPV6_NETWORK                                        syscall.Errno = 5926
+	ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK                                 syscall.Errno = 5927
+	ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP                                    syscall.Errno = 5928
+	ERROR_DEPENDENCY_TREE_TOO_COMPLEX                                         syscall.Errno = 5929
+	ERROR_EXCEPTION_IN_RESOURCE_CALL                                          syscall.Errno = 5930
+	ERROR_CLUSTER_RHS_FAILED_INITIALIZATION                                   syscall.Errno = 5931
+	ERROR_CLUSTER_NOT_INSTALLED                                               syscall.Errno = 5932
+	ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE                   syscall.Errno = 5933
+	ERROR_CLUSTER_MAX_NODES_IN_CLUSTER                                        syscall.Errno = 5934
+	ERROR_CLUSTER_TOO_MANY_NODES                                              syscall.Errno = 5935
+	ERROR_CLUSTER_OBJECT_ALREADY_USED                                         syscall.Errno = 5936
+	ERROR_NONCORE_GROUPS_FOUND                                                syscall.Errno = 5937
+	ERROR_FILE_SHARE_RESOURCE_CONFLICT                                        syscall.Errno = 5938
+	ERROR_CLUSTER_EVICT_INVALID_REQUEST                                       syscall.Errno = 5939
+	ERROR_CLUSTER_SINGLETON_RESOURCE                                          syscall.Errno = 5940
+	ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE                                    syscall.Errno = 5941
+	ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED                                    syscall.Errno = 5942
+	ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR                                syscall.Errno = 5943
+	ERROR_CLUSTER_GROUP_BUSY                                                  syscall.Errno = 5944
+	ERROR_CLUSTER_NOT_SHARED_VOLUME                                           syscall.Errno = 5945
+	ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR                                 syscall.Errno = 5946
+	ERROR_CLUSTER_SHARED_VOLUMES_IN_USE                                       syscall.Errno = 5947
+	ERROR_CLUSTER_USE_SHARED_VOLUMES_API                                      syscall.Errno = 5948
+	ERROR_CLUSTER_BACKUP_IN_PROGRESS                                          syscall.Errno = 5949
+	ERROR_NON_CSV_PATH                                                        syscall.Errno = 5950
+	ERROR_CSV_VOLUME_NOT_LOCAL                                                syscall.Errno = 5951
+	ERROR_CLUSTER_WATCHDOG_TERMINATING                                        syscall.Errno = 5952
+	ERROR_CLUSTER_RESOURCE_VETOED_MOVE_INCOMPATIBLE_NODES                     syscall.Errno = 5953
+	ERROR_CLUSTER_INVALID_NODE_WEIGHT                                         syscall.Errno = 5954
+	ERROR_CLUSTER_RESOURCE_VETOED_CALL                                        syscall.Errno = 5955
+	ERROR_RESMON_SYSTEM_RESOURCES_LACKING                                     syscall.Errno = 5956
+	ERROR_CLUSTER_RESOURCE_VETOED_MOVE_NOT_ENOUGH_RESOURCES_ON_DESTINATION    syscall.Errno = 5957
+	ERROR_CLUSTER_RESOURCE_VETOED_MOVE_NOT_ENOUGH_RESOURCES_ON_SOURCE         syscall.Errno = 5958
+	ERROR_CLUSTER_GROUP_QUEUED                                                syscall.Errno = 5959
+	ERROR_CLUSTER_RESOURCE_LOCKED_STATUS                                      syscall.Errno = 5960
+	ERROR_CLUSTER_SHARED_VOLUME_FAILOVER_NOT_ALLOWED                          syscall.Errno = 5961
+	ERROR_CLUSTER_NODE_DRAIN_IN_PROGRESS                                      syscall.Errno = 5962
+	ERROR_CLUSTER_DISK_NOT_CONNECTED                                          syscall.Errno = 5963
+	ERROR_DISK_NOT_CSV_CAPABLE                                                syscall.Errno = 5964
+	ERROR_RESOURCE_NOT_IN_AVAILABLE_STORAGE                                   syscall.Errno = 5965
+	ERROR_CLUSTER_SHARED_VOLUME_REDIRECTED                                    syscall.Errno = 5966
+	ERROR_CLUSTER_SHARED_VOLUME_NOT_REDIRECTED                                syscall.Errno = 5967
+	ERROR_CLUSTER_CANNOT_RETURN_PROPERTIES                                    syscall.Errno = 5968
+	ERROR_CLUSTER_RESOURCE_CONTAINS_UNSUPPORTED_DIFF_AREA_FOR_SHARED_VOLUMES  syscall.Errno = 5969
+	ERROR_CLUSTER_RESOURCE_IS_IN_MAINTENANCE_MODE                             syscall.Errno = 5970
+	ERROR_CLUSTER_AFFINITY_CONFLICT                                           syscall.Errno = 5971
+	ERROR_CLUSTER_RESOURCE_IS_REPLICA_VIRTUAL_MACHINE                         syscall.Errno = 5972
+	ERROR_CLUSTER_UPGRADE_INCOMPATIBLE_VERSIONS                               syscall.Errno = 5973
+	ERROR_CLUSTER_UPGRADE_FIX_QUORUM_NOT_SUPPORTED                            syscall.Errno = 5974
+	ERROR_CLUSTER_UPGRADE_RESTART_REQUIRED                                    syscall.Errno = 5975
+	ERROR_CLUSTER_UPGRADE_IN_PROGRESS                                         syscall.Errno = 5976
+	ERROR_CLUSTER_UPGRADE_INCOMPLETE                                          syscall.Errno = 5977
+	ERROR_CLUSTER_NODE_IN_GRACE_PERIOD                                        syscall.Errno = 5978
+	ERROR_CLUSTER_CSV_IO_PAUSE_TIMEOUT                                        syscall.Errno = 5979
+	ERROR_NODE_NOT_ACTIVE_CLUSTER_MEMBER                                      syscall.Errno = 5980
+	ERROR_CLUSTER_RESOURCE_NOT_MONITORED                                      syscall.Errno = 5981
+	ERROR_CLUSTER_RESOURCE_DOES_NOT_SUPPORT_UNMONITORED                       syscall.Errno = 5982
+	ERROR_CLUSTER_RESOURCE_IS_REPLICATED                                      syscall.Errno = 5983
+	ERROR_CLUSTER_NODE_ISOLATED                                               syscall.Errno = 5984
+	ERROR_CLUSTER_NODE_QUARANTINED                                            syscall.Errno = 5985
+	ERROR_CLUSTER_DATABASE_UPDATE_CONDITION_FAILED                            syscall.Errno = 5986
+	ERROR_CLUSTER_SPACE_DEGRADED                                              syscall.Errno = 5987
+	ERROR_CLUSTER_TOKEN_DELEGATION_NOT_SUPPORTED                              syscall.Errno = 5988
+	ERROR_CLUSTER_CSV_INVALID_HANDLE                                          syscall.Errno = 5989
+	ERROR_CLUSTER_CSV_SUPPORTED_ONLY_ON_COORDINATOR                           syscall.Errno = 5990
+	ERROR_GROUPSET_NOT_AVAILABLE                                              syscall.Errno = 5991
+	ERROR_GROUPSET_NOT_FOUND                                                  syscall.Errno = 5992
+	ERROR_GROUPSET_CANT_PROVIDE                                               syscall.Errno = 5993
+	ERROR_CLUSTER_FAULT_DOMAIN_PARENT_NOT_FOUND                               syscall.Errno = 5994
+	ERROR_CLUSTER_FAULT_DOMAIN_INVALID_HIERARCHY                              syscall.Errno = 5995
+	ERROR_CLUSTER_FAULT_DOMAIN_FAILED_S2D_VALIDATION                          syscall.Errno = 5996
+	ERROR_CLUSTER_FAULT_DOMAIN_S2D_CONNECTIVITY_LOSS                          syscall.Errno = 5997
+	ERROR_CLUSTER_INVALID_INFRASTRUCTURE_FILESERVER_NAME                      syscall.Errno = 5998
+	ERROR_CLUSTERSET_MANAGEMENT_CLUSTER_UNREACHABLE                           syscall.Errno = 5999
+	ERROR_ENCRYPTION_FAILED                                                   syscall.Errno = 6000
+	ERROR_DECRYPTION_FAILED                                                   syscall.Errno = 6001
+	ERROR_FILE_ENCRYPTED                                                      syscall.Errno = 6002
+	ERROR_NO_RECOVERY_POLICY                                                  syscall.Errno = 6003
+	ERROR_NO_EFS                                                              syscall.Errno = 6004
+	ERROR_WRONG_EFS                                                           syscall.Errno = 6005
+	ERROR_NO_USER_KEYS                                                        syscall.Errno = 6006
+	ERROR_FILE_NOT_ENCRYPTED                                                  syscall.Errno = 6007
+	ERROR_NOT_EXPORT_FORMAT                                                   syscall.Errno = 6008
+	ERROR_FILE_READ_ONLY                                                      syscall.Errno = 6009
+	ERROR_DIR_EFS_DISALLOWED                                                  syscall.Errno = 6010
+	ERROR_EFS_SERVER_NOT_TRUSTED                                              syscall.Errno = 6011
+	ERROR_BAD_RECOVERY_POLICY                                                 syscall.Errno = 6012
+	ERROR_EFS_ALG_BLOB_TOO_BIG                                                syscall.Errno = 6013
+	ERROR_VOLUME_NOT_SUPPORT_EFS                                              syscall.Errno = 6014
+	ERROR_EFS_DISABLED                                                        syscall.Errno = 6015
+	ERROR_EFS_VERSION_NOT_SUPPORT                                             syscall.Errno = 6016
+	ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE                               syscall.Errno = 6017
+	ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER                                    syscall.Errno = 6018
+	ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE                               syscall.Errno = 6019
+	ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE                                    syscall.Errno = 6020
+	ERROR_CS_ENCRYPTION_FILE_NOT_CSE                                          syscall.Errno = 6021
+	ERROR_ENCRYPTION_POLICY_DENIES_OPERATION                                  syscall.Errno = 6022
+	ERROR_WIP_ENCRYPTION_FAILED                                               syscall.Errno = 6023
+	ERROR_NO_BROWSER_SERVERS_FOUND                                            syscall.Errno = 6118
+	SCHED_E_SERVICE_NOT_LOCALSYSTEM                                           syscall.Errno = 6200
+	ERROR_LOG_SECTOR_INVALID                                                  syscall.Errno = 6600
+	ERROR_LOG_SECTOR_PARITY_INVALID                                           syscall.Errno = 6601
+	ERROR_LOG_SECTOR_REMAPPED                                                 syscall.Errno = 6602
+	ERROR_LOG_BLOCK_INCOMPLETE                                                syscall.Errno = 6603
+	ERROR_LOG_INVALID_RANGE                                                   syscall.Errno = 6604
+	ERROR_LOG_BLOCKS_EXHAUSTED                                                syscall.Errno = 6605
+	ERROR_LOG_READ_CONTEXT_INVALID                                            syscall.Errno = 6606
+	ERROR_LOG_RESTART_INVALID                                                 syscall.Errno = 6607
+	ERROR_LOG_BLOCK_VERSION                                                   syscall.Errno = 6608
+	ERROR_LOG_BLOCK_INVALID                                                   syscall.Errno = 6609
+	ERROR_LOG_READ_MODE_INVALID                                               syscall.Errno = 6610
+	ERROR_LOG_NO_RESTART                                                      syscall.Errno = 6611
+	ERROR_LOG_METADATA_CORRUPT                                                syscall.Errno = 6612
+	ERROR_LOG_METADATA_INVALID                                                syscall.Errno = 6613
+	ERROR_LOG_METADATA_INCONSISTENT                                           syscall.Errno = 6614
+	ERROR_LOG_RESERVATION_INVALID                                             syscall.Errno = 6615
+	ERROR_LOG_CANT_DELETE                                                     syscall.Errno = 6616
+	ERROR_LOG_CONTAINER_LIMIT_EXCEEDED                                        syscall.Errno = 6617
+	ERROR_LOG_START_OF_LOG                                                    syscall.Errno = 6618
+	ERROR_LOG_POLICY_ALREADY_INSTALLED                                        syscall.Errno = 6619
+	ERROR_LOG_POLICY_NOT_INSTALLED                                            syscall.Errno = 6620
+	ERROR_LOG_POLICY_INVALID                                                  syscall.Errno = 6621
+	ERROR_LOG_POLICY_CONFLICT                                                 syscall.Errno = 6622
+	ERROR_LOG_PINNED_ARCHIVE_TAIL                                             syscall.Errno = 6623
+	ERROR_LOG_RECORD_NONEXISTENT                                              syscall.Errno = 6624
+	ERROR_LOG_RECORDS_RESERVED_INVALID                                        syscall.Errno = 6625
+	ERROR_LOG_SPACE_RESERVED_INVALID                                          syscall.Errno = 6626
+	ERROR_LOG_TAIL_INVALID                                                    syscall.Errno = 6627
+	ERROR_LOG_FULL                                                            syscall.Errno = 6628
+	ERROR_COULD_NOT_RESIZE_LOG                                                syscall.Errno = 6629
+	ERROR_LOG_MULTIPLEXED                                                     syscall.Errno = 6630
+	ERROR_LOG_DEDICATED                                                       syscall.Errno = 6631
+	ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS                                         syscall.Errno = 6632
+	ERROR_LOG_ARCHIVE_IN_PROGRESS                                             syscall.Errno = 6633
+	ERROR_LOG_EPHEMERAL                                                       syscall.Errno = 6634
+	ERROR_LOG_NOT_ENOUGH_CONTAINERS                                           syscall.Errno = 6635
+	ERROR_LOG_CLIENT_ALREADY_REGISTERED                                       syscall.Errno = 6636
+	ERROR_LOG_CLIENT_NOT_REGISTERED                                           syscall.Errno = 6637
+	ERROR_LOG_FULL_HANDLER_IN_PROGRESS                                        syscall.Errno = 6638
+	ERROR_LOG_CONTAINER_READ_FAILED                                           syscall.Errno = 6639
+	ERROR_LOG_CONTAINER_WRITE_FAILED                                          syscall.Errno = 6640
+	ERROR_LOG_CONTAINER_OPEN_FAILED                                           syscall.Errno = 6641
+	ERROR_LOG_CONTAINER_STATE_INVALID                                         syscall.Errno = 6642
+	ERROR_LOG_STATE_INVALID                                                   syscall.Errno = 6643
+	ERROR_LOG_PINNED                                                          syscall.Errno = 6644
+	ERROR_LOG_METADATA_FLUSH_FAILED                                           syscall.Errno = 6645
+	ERROR_LOG_INCONSISTENT_SECURITY                                           syscall.Errno = 6646
+	ERROR_LOG_APPENDED_FLUSH_FAILED                                           syscall.Errno = 6647
+	ERROR_LOG_PINNED_RESERVATION                                              syscall.Errno = 6648
+	ERROR_INVALID_TRANSACTION                                                 syscall.Errno = 6700
+	ERROR_TRANSACTION_NOT_ACTIVE                                              syscall.Errno = 6701
+	ERROR_TRANSACTION_REQUEST_NOT_VALID                                       syscall.Errno = 6702
+	ERROR_TRANSACTION_NOT_REQUESTED                                           syscall.Errno = 6703
+	ERROR_TRANSACTION_ALREADY_ABORTED                                         syscall.Errno = 6704
+	ERROR_TRANSACTION_ALREADY_COMMITTED                                       syscall.Errno = 6705
+	ERROR_TM_INITIALIZATION_FAILED                                            syscall.Errno = 6706
+	ERROR_RESOURCEMANAGER_READ_ONLY                                           syscall.Errno = 6707
+	ERROR_TRANSACTION_NOT_JOINED                                              syscall.Errno = 6708
+	ERROR_TRANSACTION_SUPERIOR_EXISTS                                         syscall.Errno = 6709
+	ERROR_CRM_PROTOCOL_ALREADY_EXISTS                                         syscall.Errno = 6710
+	ERROR_TRANSACTION_PROPAGATION_FAILED                                      syscall.Errno = 6711
+	ERROR_CRM_PROTOCOL_NOT_FOUND                                              syscall.Errno = 6712
+	ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER                                 syscall.Errno = 6713
+	ERROR_CURRENT_TRANSACTION_NOT_VALID                                       syscall.Errno = 6714
+	ERROR_TRANSACTION_NOT_FOUND                                               syscall.Errno = 6715
+	ERROR_RESOURCEMANAGER_NOT_FOUND                                           syscall.Errno = 6716
+	ERROR_ENLISTMENT_NOT_FOUND                                                syscall.Errno = 6717
+	ERROR_TRANSACTIONMANAGER_NOT_FOUND                                        syscall.Errno = 6718
+	ERROR_TRANSACTIONMANAGER_NOT_ONLINE                                       syscall.Errno = 6719
+	ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION                          syscall.Errno = 6720
+	ERROR_TRANSACTION_NOT_ROOT                                                syscall.Errno = 6721
+	ERROR_TRANSACTION_OBJECT_EXPIRED                                          syscall.Errno = 6722
+	ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED                                   syscall.Errno = 6723
+	ERROR_TRANSACTION_RECORD_TOO_LONG                                         syscall.Errno = 6724
+	ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED                                  syscall.Errno = 6725
+	ERROR_TRANSACTION_INTEGRITY_VIOLATED                                      syscall.Errno = 6726
+	ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH                                syscall.Errno = 6727
+	ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT                                    syscall.Errno = 6728
+	ERROR_TRANSACTION_MUST_WRITETHROUGH                                       syscall.Errno = 6729
+	ERROR_TRANSACTION_NO_SUPERIOR                                             syscall.Errno = 6730
+	ERROR_HEURISTIC_DAMAGE_POSSIBLE                                           syscall.Errno = 6731
+	ERROR_TRANSACTIONAL_CONFLICT                                              syscall.Errno = 6800
+	ERROR_RM_NOT_ACTIVE                                                       syscall.Errno = 6801
+	ERROR_RM_METADATA_CORRUPT                                                 syscall.Errno = 6802
+	ERROR_DIRECTORY_NOT_RM                                                    syscall.Errno = 6803
+	ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE                                     syscall.Errno = 6805
+	ERROR_LOG_RESIZE_INVALID_SIZE                                             syscall.Errno = 6806
+	ERROR_OBJECT_NO_LONGER_EXISTS                                             syscall.Errno = 6807
+	ERROR_STREAM_MINIVERSION_NOT_FOUND                                        syscall.Errno = 6808
+	ERROR_STREAM_MINIVERSION_NOT_VALID                                        syscall.Errno = 6809
+	ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION                 syscall.Errno = 6810
+	ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT                            syscall.Errno = 6811
+	ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS                                syscall.Errno = 6812
+	ERROR_REMOTE_FILE_VERSION_MISMATCH                                        syscall.Errno = 6814
+	ERROR_HANDLE_NO_LONGER_VALID                                              syscall.Errno = 6815
+	ERROR_NO_TXF_METADATA                                                     syscall.Errno = 6816
+	ERROR_LOG_CORRUPTION_DETECTED                                             syscall.Errno = 6817
+	ERROR_CANT_RECOVER_WITH_HANDLE_OPEN                                       syscall.Errno = 6818
+	ERROR_RM_DISCONNECTED                                                     syscall.Errno = 6819
+	ERROR_ENLISTMENT_NOT_SUPERIOR                                             syscall.Errno = 6820
+	ERROR_RECOVERY_NOT_NEEDED                                                 syscall.Errno = 6821
+	ERROR_RM_ALREADY_STARTED                                                  syscall.Errno = 6822
+	ERROR_FILE_IDENTITY_NOT_PERSISTENT                                        syscall.Errno = 6823
+	ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY                                 syscall.Errno = 6824
+	ERROR_CANT_CROSS_RM_BOUNDARY                                              syscall.Errno = 6825
+	ERROR_TXF_DIR_NOT_EMPTY                                                   syscall.Errno = 6826
+	ERROR_INDOUBT_TRANSACTIONS_EXIST                                          syscall.Errno = 6827
+	ERROR_TM_VOLATILE                                                         syscall.Errno = 6828
+	ERROR_ROLLBACK_TIMER_EXPIRED                                              syscall.Errno = 6829
+	ERROR_TXF_ATTRIBUTE_CORRUPT                                               syscall.Errno = 6830
+	ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION                                      syscall.Errno = 6831
+	ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED                                      syscall.Errno = 6832
+	ERROR_LOG_GROWTH_FAILED                                                   syscall.Errno = 6833
+	ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE                               syscall.Errno = 6834
+	ERROR_TXF_METADATA_ALREADY_PRESENT                                        syscall.Errno = 6835
+	ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET                                 syscall.Errno = 6836
+	ERROR_TRANSACTION_REQUIRED_PROMOTION                                      syscall.Errno = 6837
+	ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION                                  syscall.Errno = 6838
+	ERROR_TRANSACTIONS_NOT_FROZEN                                             syscall.Errno = 6839
+	ERROR_TRANSACTION_FREEZE_IN_PROGRESS                                      syscall.Errno = 6840
+	ERROR_NOT_SNAPSHOT_VOLUME                                                 syscall.Errno = 6841
+	ERROR_NO_SAVEPOINT_WITH_OPEN_FILES                                        syscall.Errno = 6842
+	ERROR_DATA_LOST_REPAIR                                                    syscall.Errno = 6843
+	ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION                                   syscall.Errno = 6844
+	ERROR_TM_IDENTITY_MISMATCH                                                syscall.Errno = 6845
+	ERROR_FLOATED_SECTION                                                     syscall.Errno = 6846
+	ERROR_CANNOT_ACCEPT_TRANSACTED_WORK                                       syscall.Errno = 6847
+	ERROR_CANNOT_ABORT_TRANSACTIONS                                           syscall.Errno = 6848
+	ERROR_BAD_CLUSTERS                                                        syscall.Errno = 6849
+	ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION                              syscall.Errno = 6850
+	ERROR_VOLUME_DIRTY                                                        syscall.Errno = 6851
+	ERROR_NO_LINK_TRACKING_IN_TRANSACTION                                     syscall.Errno = 6852
+	ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION                              syscall.Errno = 6853
+	ERROR_EXPIRED_HANDLE                                                      syscall.Errno = 6854
+	ERROR_TRANSACTION_NOT_ENLISTED                                            syscall.Errno = 6855
+	ERROR_CTX_WINSTATION_NAME_INVALID                                         syscall.Errno = 7001
+	ERROR_CTX_INVALID_PD                                                      syscall.Errno = 7002
+	ERROR_CTX_PD_NOT_FOUND                                                    syscall.Errno = 7003
+	ERROR_CTX_WD_NOT_FOUND                                                    syscall.Errno = 7004
+	ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY                                      syscall.Errno = 7005
+	ERROR_CTX_SERVICE_NAME_COLLISION                                          syscall.Errno = 7006
+	ERROR_CTX_CLOSE_PENDING                                                   syscall.Errno = 7007
+	ERROR_CTX_NO_OUTBUF                                                       syscall.Errno = 7008
+	ERROR_CTX_MODEM_INF_NOT_FOUND                                             syscall.Errno = 7009
+	ERROR_CTX_INVALID_MODEMNAME                                               syscall.Errno = 7010
+	ERROR_CTX_MODEM_RESPONSE_ERROR                                            syscall.Errno = 7011
+	ERROR_CTX_MODEM_RESPONSE_TIMEOUT                                          syscall.Errno = 7012
+	ERROR_CTX_MODEM_RESPONSE_NO_CARRIER                                       syscall.Errno = 7013
+	ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE                                      syscall.Errno = 7014
+	ERROR_CTX_MODEM_RESPONSE_BUSY                                             syscall.Errno = 7015
+	ERROR_CTX_MODEM_RESPONSE_VOICE                                            syscall.Errno = 7016
+	ERROR_CTX_TD_ERROR                                                        syscall.Errno = 7017
+	ERROR_CTX_WINSTATION_NOT_FOUND                                            syscall.Errno = 7022
+	ERROR_CTX_WINSTATION_ALREADY_EXISTS                                       syscall.Errno = 7023
+	ERROR_CTX_WINSTATION_BUSY                                                 syscall.Errno = 7024
+	ERROR_CTX_BAD_VIDEO_MODE                                                  syscall.Errno = 7025
+	ERROR_CTX_GRAPHICS_INVALID                                                syscall.Errno = 7035
+	ERROR_CTX_LOGON_DISABLED                                                  syscall.Errno = 7037
+	ERROR_CTX_NOT_CONSOLE                                                     syscall.Errno = 7038
+	ERROR_CTX_CLIENT_QUERY_TIMEOUT                                            syscall.Errno = 7040
+	ERROR_CTX_CONSOLE_DISCONNECT                                              syscall.Errno = 7041
+	ERROR_CTX_CONSOLE_CONNECT                                                 syscall.Errno = 7042
+	ERROR_CTX_SHADOW_DENIED                                                   syscall.Errno = 7044
+	ERROR_CTX_WINSTATION_ACCESS_DENIED                                        syscall.Errno = 7045
+	ERROR_CTX_INVALID_WD                                                      syscall.Errno = 7049
+	ERROR_CTX_SHADOW_INVALID                                                  syscall.Errno = 7050
+	ERROR_CTX_SHADOW_DISABLED                                                 syscall.Errno = 7051
+	ERROR_CTX_CLIENT_LICENSE_IN_USE                                           syscall.Errno = 7052
+	ERROR_CTX_CLIENT_LICENSE_NOT_SET                                          syscall.Errno = 7053
+	ERROR_CTX_LICENSE_NOT_AVAILABLE                                           syscall.Errno = 7054
+	ERROR_CTX_LICENSE_CLIENT_INVALID                                          syscall.Errno = 7055
+	ERROR_CTX_LICENSE_EXPIRED                                                 syscall.Errno = 7056
+	ERROR_CTX_SHADOW_NOT_RUNNING                                              syscall.Errno = 7057
+	ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE                                     syscall.Errno = 7058
+	ERROR_ACTIVATION_COUNT_EXCEEDED                                           syscall.Errno = 7059
+	ERROR_CTX_WINSTATIONS_DISABLED                                            syscall.Errno = 7060
+	ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED                                       syscall.Errno = 7061
+	ERROR_CTX_SESSION_IN_USE                                                  syscall.Errno = 7062
+	ERROR_CTX_NO_FORCE_LOGOFF                                                 syscall.Errno = 7063
+	ERROR_CTX_ACCOUNT_RESTRICTION                                             syscall.Errno = 7064
+	ERROR_RDP_PROTOCOL_ERROR                                                  syscall.Errno = 7065
+	ERROR_CTX_CDM_CONNECT                                                     syscall.Errno = 7066
+	ERROR_CTX_CDM_DISCONNECT                                                  syscall.Errno = 7067
+	ERROR_CTX_SECURITY_LAYER_ERROR                                            syscall.Errno = 7068
+	ERROR_TS_INCOMPATIBLE_SESSIONS                                            syscall.Errno = 7069
+	ERROR_TS_VIDEO_SUBSYSTEM_ERROR                                            syscall.Errno = 7070
+	FRS_ERR_INVALID_API_SEQUENCE                                              syscall.Errno = 8001
+	FRS_ERR_STARTING_SERVICE                                                  syscall.Errno = 8002
+	FRS_ERR_STOPPING_SERVICE                                                  syscall.Errno = 8003
+	FRS_ERR_INTERNAL_API                                                      syscall.Errno = 8004
+	FRS_ERR_INTERNAL                                                          syscall.Errno = 8005
+	FRS_ERR_SERVICE_COMM                                                      syscall.Errno = 8006
+	FRS_ERR_INSUFFICIENT_PRIV                                                 syscall.Errno = 8007
+	FRS_ERR_AUTHENTICATION                                                    syscall.Errno = 8008
+	FRS_ERR_PARENT_INSUFFICIENT_PRIV                                          syscall.Errno = 8009
+	FRS_ERR_PARENT_AUTHENTICATION                                             syscall.Errno = 8010
+	FRS_ERR_CHILD_TO_PARENT_COMM                                              syscall.Errno = 8011
+	FRS_ERR_PARENT_TO_CHILD_COMM                                              syscall.Errno = 8012
+	FRS_ERR_SYSVOL_POPULATE                                                   syscall.Errno = 8013
+	FRS_ERR_SYSVOL_POPULATE_TIMEOUT                                           syscall.Errno = 8014
+	FRS_ERR_SYSVOL_IS_BUSY                                                    syscall.Errno = 8015
+	FRS_ERR_SYSVOL_DEMOTE                                                     syscall.Errno = 8016
+	FRS_ERR_INVALID_SERVICE_PARAMETER                                         syscall.Errno = 8017
+	DS_S_SUCCESS                                                                            = ERROR_SUCCESS
+	ERROR_DS_NOT_INSTALLED                                                    syscall.Errno = 8200
+	ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY                                     syscall.Errno = 8201
+	ERROR_DS_NO_ATTRIBUTE_OR_VALUE                                            syscall.Errno = 8202
+	ERROR_DS_INVALID_ATTRIBUTE_SYNTAX                                         syscall.Errno = 8203
+	ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED                                         syscall.Errno = 8204
+	ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS                                        syscall.Errno = 8205
+	ERROR_DS_BUSY                                                             syscall.Errno = 8206
+	ERROR_DS_UNAVAILABLE                                                      syscall.Errno = 8207
+	ERROR_DS_NO_RIDS_ALLOCATED                                                syscall.Errno = 8208
+	ERROR_DS_NO_MORE_RIDS                                                     syscall.Errno = 8209
+	ERROR_DS_INCORRECT_ROLE_OWNER                                             syscall.Errno = 8210
+	ERROR_DS_RIDMGR_INIT_ERROR                                                syscall.Errno = 8211
+	ERROR_DS_OBJ_CLASS_VIOLATION                                              syscall.Errno = 8212
+	ERROR_DS_CANT_ON_NON_LEAF                                                 syscall.Errno = 8213
+	ERROR_DS_CANT_ON_RDN                                                      syscall.Errno = 8214
+	ERROR_DS_CANT_MOD_OBJ_CLASS                                               syscall.Errno = 8215
+	ERROR_DS_CROSS_DOM_MOVE_ERROR                                             syscall.Errno = 8216
+	ERROR_DS_GC_NOT_AVAILABLE                                                 syscall.Errno = 8217
+	ERROR_SHARED_POLICY                                                       syscall.Errno = 8218
+	ERROR_POLICY_OBJECT_NOT_FOUND                                             syscall.Errno = 8219
+	ERROR_POLICY_ONLY_IN_DS                                                   syscall.Errno = 8220
+	ERROR_PROMOTION_ACTIVE                                                    syscall.Errno = 8221
+	ERROR_NO_PROMOTION_ACTIVE                                                 syscall.Errno = 8222
+	ERROR_DS_OPERATIONS_ERROR                                                 syscall.Errno = 8224
+	ERROR_DS_PROTOCOL_ERROR                                                   syscall.Errno = 8225
+	ERROR_DS_TIMELIMIT_EXCEEDED                                               syscall.Errno = 8226
+	ERROR_DS_SIZELIMIT_EXCEEDED                                               syscall.Errno = 8227
+	ERROR_DS_ADMIN_LIMIT_EXCEEDED                                             syscall.Errno = 8228
+	ERROR_DS_COMPARE_FALSE                                                    syscall.Errno = 8229
+	ERROR_DS_COMPARE_TRUE                                                     syscall.Errno = 8230
+	ERROR_DS_AUTH_METHOD_NOT_SUPPORTED                                        syscall.Errno = 8231
+	ERROR_DS_STRONG_AUTH_REQUIRED                                             syscall.Errno = 8232
+	ERROR_DS_INAPPROPRIATE_AUTH                                               syscall.Errno = 8233
+	ERROR_DS_AUTH_UNKNOWN                                                     syscall.Errno = 8234
+	ERROR_DS_REFERRAL                                                         syscall.Errno = 8235
+	ERROR_DS_UNAVAILABLE_CRIT_EXTENSION                                       syscall.Errno = 8236
+	ERROR_DS_CONFIDENTIALITY_REQUIRED                                         syscall.Errno = 8237
+	ERROR_DS_INAPPROPRIATE_MATCHING                                           syscall.Errno = 8238
+	ERROR_DS_CONSTRAINT_VIOLATION                                             syscall.Errno = 8239
+	ERROR_DS_NO_SUCH_OBJECT                                                   syscall.Errno = 8240
+	ERROR_DS_ALIAS_PROBLEM                                                    syscall.Errno = 8241
+	ERROR_DS_INVALID_DN_SYNTAX                                                syscall.Errno = 8242
+	ERROR_DS_IS_LEAF                                                          syscall.Errno = 8243
+	ERROR_DS_ALIAS_DEREF_PROBLEM                                              syscall.Errno = 8244
+	ERROR_DS_UNWILLING_TO_PERFORM                                             syscall.Errno = 8245
+	ERROR_DS_LOOP_DETECT                                                      syscall.Errno = 8246
+	ERROR_DS_NAMING_VIOLATION                                                 syscall.Errno = 8247
+	ERROR_DS_OBJECT_RESULTS_TOO_LARGE                                         syscall.Errno = 8248
+	ERROR_DS_AFFECTS_MULTIPLE_DSAS                                            syscall.Errno = 8249
+	ERROR_DS_SERVER_DOWN                                                      syscall.Errno = 8250
+	ERROR_DS_LOCAL_ERROR                                                      syscall.Errno = 8251
+	ERROR_DS_ENCODING_ERROR                                                   syscall.Errno = 8252
+	ERROR_DS_DECODING_ERROR                                                   syscall.Errno = 8253
+	ERROR_DS_FILTER_UNKNOWN                                                   syscall.Errno = 8254
+	ERROR_DS_PARAM_ERROR                                                      syscall.Errno = 8255
+	ERROR_DS_NOT_SUPPORTED                                                    syscall.Errno = 8256
+	ERROR_DS_NO_RESULTS_RETURNED                                              syscall.Errno = 8257
+	ERROR_DS_CONTROL_NOT_FOUND                                                syscall.Errno = 8258
+	ERROR_DS_CLIENT_LOOP                                                      syscall.Errno = 8259
+	ERROR_DS_REFERRAL_LIMIT_EXCEEDED                                          syscall.Errno = 8260
+	ERROR_DS_SORT_CONTROL_MISSING                                             syscall.Errno = 8261
+	ERROR_DS_OFFSET_RANGE_ERROR                                               syscall.Errno = 8262
+	ERROR_DS_RIDMGR_DISABLED                                                  syscall.Errno = 8263
+	ERROR_DS_ROOT_MUST_BE_NC                                                  syscall.Errno = 8301
+	ERROR_DS_ADD_REPLICA_INHIBITED                                            syscall.Errno = 8302
+	ERROR_DS_ATT_NOT_DEF_IN_SCHEMA                                            syscall.Errno = 8303
+	ERROR_DS_MAX_OBJ_SIZE_EXCEEDED                                            syscall.Errno = 8304
+	ERROR_DS_OBJ_STRING_NAME_EXISTS                                           syscall.Errno = 8305
+	ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA                                         syscall.Errno = 8306
+	ERROR_DS_RDN_DOESNT_MATCH_SCHEMA                                          syscall.Errno = 8307
+	ERROR_DS_NO_REQUESTED_ATTS_FOUND                                          syscall.Errno = 8308
+	ERROR_DS_USER_BUFFER_TO_SMALL                                             syscall.Errno = 8309
+	ERROR_DS_ATT_IS_NOT_ON_OBJ                                                syscall.Errno = 8310
+	ERROR_DS_ILLEGAL_MOD_OPERATION                                            syscall.Errno = 8311
+	ERROR_DS_OBJ_TOO_LARGE                                                    syscall.Errno = 8312
+	ERROR_DS_BAD_INSTANCE_TYPE                                                syscall.Errno = 8313
+	ERROR_DS_MASTERDSA_REQUIRED                                               syscall.Errno = 8314
+	ERROR_DS_OBJECT_CLASS_REQUIRED                                            syscall.Errno = 8315
+	ERROR_DS_MISSING_REQUIRED_ATT                                             syscall.Errno = 8316
+	ERROR_DS_ATT_NOT_DEF_FOR_CLASS                                            syscall.Errno = 8317
+	ERROR_DS_ATT_ALREADY_EXISTS                                               syscall.Errno = 8318
+	ERROR_DS_CANT_ADD_ATT_VALUES                                              syscall.Errno = 8320
+	ERROR_DS_SINGLE_VALUE_CONSTRAINT                                          syscall.Errno = 8321
+	ERROR_DS_RANGE_CONSTRAINT                                                 syscall.Errno = 8322
+	ERROR_DS_ATT_VAL_ALREADY_EXISTS                                           syscall.Errno = 8323
+	ERROR_DS_CANT_REM_MISSING_ATT                                             syscall.Errno = 8324
+	ERROR_DS_CANT_REM_MISSING_ATT_VAL                                         syscall.Errno = 8325
+	ERROR_DS_ROOT_CANT_BE_SUBREF                                              syscall.Errno = 8326
+	ERROR_DS_NO_CHAINING                                                      syscall.Errno = 8327
+	ERROR_DS_NO_CHAINED_EVAL                                                  syscall.Errno = 8328
+	ERROR_DS_NO_PARENT_OBJECT                                                 syscall.Errno = 8329
+	ERROR_DS_PARENT_IS_AN_ALIAS                                               syscall.Errno = 8330
+	ERROR_DS_CANT_MIX_MASTER_AND_REPS                                         syscall.Errno = 8331
+	ERROR_DS_CHILDREN_EXIST                                                   syscall.Errno = 8332
+	ERROR_DS_OBJ_NOT_FOUND                                                    syscall.Errno = 8333
+	ERROR_DS_ALIASED_OBJ_MISSING                                              syscall.Errno = 8334
+	ERROR_DS_BAD_NAME_SYNTAX                                                  syscall.Errno = 8335
+	ERROR_DS_ALIAS_POINTS_TO_ALIAS                                            syscall.Errno = 8336
+	ERROR_DS_CANT_DEREF_ALIAS                                                 syscall.Errno = 8337
+	ERROR_DS_OUT_OF_SCOPE                                                     syscall.Errno = 8338
+	ERROR_DS_OBJECT_BEING_REMOVED                                             syscall.Errno = 8339
+	ERROR_DS_CANT_DELETE_DSA_OBJ                                              syscall.Errno = 8340
+	ERROR_DS_GENERIC_ERROR                                                    syscall.Errno = 8341
+	ERROR_DS_DSA_MUST_BE_INT_MASTER                                           syscall.Errno = 8342
+	ERROR_DS_CLASS_NOT_DSA                                                    syscall.Errno = 8343
+	ERROR_DS_INSUFF_ACCESS_RIGHTS                                             syscall.Errno = 8344
+	ERROR_DS_ILLEGAL_SUPERIOR                                                 syscall.Errno = 8345
+	ERROR_DS_ATTRIBUTE_OWNED_BY_SAM                                           syscall.Errno = 8346
+	ERROR_DS_NAME_TOO_MANY_PARTS                                              syscall.Errno = 8347
+	ERROR_DS_NAME_TOO_LONG                                                    syscall.Errno = 8348
+	ERROR_DS_NAME_VALUE_TOO_LONG                                              syscall.Errno = 8349
+	ERROR_DS_NAME_UNPARSEABLE                                                 syscall.Errno = 8350
+	ERROR_DS_NAME_TYPE_UNKNOWN                                                syscall.Errno = 8351
+	ERROR_DS_NOT_AN_OBJECT                                                    syscall.Errno = 8352
+	ERROR_DS_SEC_DESC_TOO_SHORT                                               syscall.Errno = 8353
+	ERROR_DS_SEC_DESC_INVALID                                                 syscall.Errno = 8354
+	ERROR_DS_NO_DELETED_NAME                                                  syscall.Errno = 8355
+	ERROR_DS_SUBREF_MUST_HAVE_PARENT                                          syscall.Errno = 8356
+	ERROR_DS_NCNAME_MUST_BE_NC                                                syscall.Errno = 8357
+	ERROR_DS_CANT_ADD_SYSTEM_ONLY                                             syscall.Errno = 8358
+	ERROR_DS_CLASS_MUST_BE_CONCRETE                                           syscall.Errno = 8359
+	ERROR_DS_INVALID_DMD                                                      syscall.Errno = 8360
+	ERROR_DS_OBJ_GUID_EXISTS                                                  syscall.Errno = 8361
+	ERROR_DS_NOT_ON_BACKLINK                                                  syscall.Errno = 8362
+	ERROR_DS_NO_CROSSREF_FOR_NC                                               syscall.Errno = 8363
+	ERROR_DS_SHUTTING_DOWN                                                    syscall.Errno = 8364
+	ERROR_DS_UNKNOWN_OPERATION                                                syscall.Errno = 8365
+	ERROR_DS_INVALID_ROLE_OWNER                                               syscall.Errno = 8366
+	ERROR_DS_COULDNT_CONTACT_FSMO                                             syscall.Errno = 8367
+	ERROR_DS_CROSS_NC_DN_RENAME                                               syscall.Errno = 8368
+	ERROR_DS_CANT_MOD_SYSTEM_ONLY                                             syscall.Errno = 8369
+	ERROR_DS_REPLICATOR_ONLY                                                  syscall.Errno = 8370
+	ERROR_DS_OBJ_CLASS_NOT_DEFINED                                            syscall.Errno = 8371
+	ERROR_DS_OBJ_CLASS_NOT_SUBCLASS                                           syscall.Errno = 8372
+	ERROR_DS_NAME_REFERENCE_INVALID                                           syscall.Errno = 8373
+	ERROR_DS_CROSS_REF_EXISTS                                                 syscall.Errno = 8374
+	ERROR_DS_CANT_DEL_MASTER_CROSSREF                                         syscall.Errno = 8375
+	ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD                                       syscall.Errno = 8376
+	ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX                                        syscall.Errno = 8377
+	ERROR_DS_DUP_RDN                                                          syscall.Errno = 8378
+	ERROR_DS_DUP_OID                                                          syscall.Errno = 8379
+	ERROR_DS_DUP_MAPI_ID                                                      syscall.Errno = 8380
+	ERROR_DS_DUP_SCHEMA_ID_GUID                                               syscall.Errno = 8381
+	ERROR_DS_DUP_LDAP_DISPLAY_NAME                                            syscall.Errno = 8382
+	ERROR_DS_SEMANTIC_ATT_TEST                                                syscall.Errno = 8383
+	ERROR_DS_SYNTAX_MISMATCH                                                  syscall.Errno = 8384
+	ERROR_DS_EXISTS_IN_MUST_HAVE                                              syscall.Errno = 8385
+	ERROR_DS_EXISTS_IN_MAY_HAVE                                               syscall.Errno = 8386
+	ERROR_DS_NONEXISTENT_MAY_HAVE                                             syscall.Errno = 8387
+	ERROR_DS_NONEXISTENT_MUST_HAVE                                            syscall.Errno = 8388
+	ERROR_DS_AUX_CLS_TEST_FAIL                                                syscall.Errno = 8389
+	ERROR_DS_NONEXISTENT_POSS_SUP                                             syscall.Errno = 8390
+	ERROR_DS_SUB_CLS_TEST_FAIL                                                syscall.Errno = 8391
+	ERROR_DS_BAD_RDN_ATT_ID_SYNTAX                                            syscall.Errno = 8392
+	ERROR_DS_EXISTS_IN_AUX_CLS                                                syscall.Errno = 8393
+	ERROR_DS_EXISTS_IN_SUB_CLS                                                syscall.Errno = 8394
+	ERROR_DS_EXISTS_IN_POSS_SUP                                               syscall.Errno = 8395
+	ERROR_DS_RECALCSCHEMA_FAILED                                              syscall.Errno = 8396
+	ERROR_DS_TREE_DELETE_NOT_FINISHED                                         syscall.Errno = 8397
+	ERROR_DS_CANT_DELETE                                                      syscall.Errno = 8398
+	ERROR_DS_ATT_SCHEMA_REQ_ID                                                syscall.Errno = 8399
+	ERROR_DS_BAD_ATT_SCHEMA_SYNTAX                                            syscall.Errno = 8400
+	ERROR_DS_CANT_CACHE_ATT                                                   syscall.Errno = 8401
+	ERROR_DS_CANT_CACHE_CLASS                                                 syscall.Errno = 8402
+	ERROR_DS_CANT_REMOVE_ATT_CACHE                                            syscall.Errno = 8403
+	ERROR_DS_CANT_REMOVE_CLASS_CACHE                                          syscall.Errno = 8404
+	ERROR_DS_CANT_RETRIEVE_DN                                                 syscall.Errno = 8405
+	ERROR_DS_MISSING_SUPREF                                                   syscall.Errno = 8406
+	ERROR_DS_CANT_RETRIEVE_INSTANCE                                           syscall.Errno = 8407
+	ERROR_DS_CODE_INCONSISTENCY                                               syscall.Errno = 8408
+	ERROR_DS_DATABASE_ERROR                                                   syscall.Errno = 8409
+	ERROR_DS_GOVERNSID_MISSING                                                syscall.Errno = 8410
+	ERROR_DS_MISSING_EXPECTED_ATT                                             syscall.Errno = 8411
+	ERROR_DS_NCNAME_MISSING_CR_REF                                            syscall.Errno = 8412
+	ERROR_DS_SECURITY_CHECKING_ERROR                                          syscall.Errno = 8413
+	ERROR_DS_SCHEMA_NOT_LOADED                                                syscall.Errno = 8414
+	ERROR_DS_SCHEMA_ALLOC_FAILED                                              syscall.Errno = 8415
+	ERROR_DS_ATT_SCHEMA_REQ_SYNTAX                                            syscall.Errno = 8416
+	ERROR_DS_GCVERIFY_ERROR                                                   syscall.Errno = 8417
+	ERROR_DS_DRA_SCHEMA_MISMATCH                                              syscall.Errno = 8418
+	ERROR_DS_CANT_FIND_DSA_OBJ                                                syscall.Errno = 8419
+	ERROR_DS_CANT_FIND_EXPECTED_NC                                            syscall.Errno = 8420
+	ERROR_DS_CANT_FIND_NC_IN_CACHE                                            syscall.Errno = 8421
+	ERROR_DS_CANT_RETRIEVE_CHILD                                              syscall.Errno = 8422
+	ERROR_DS_SECURITY_ILLEGAL_MODIFY                                          syscall.Errno = 8423
+	ERROR_DS_CANT_REPLACE_HIDDEN_REC                                          syscall.Errno = 8424
+	ERROR_DS_BAD_HIERARCHY_FILE                                               syscall.Errno = 8425
+	ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED                                     syscall.Errno = 8426
+	ERROR_DS_CONFIG_PARAM_MISSING                                             syscall.Errno = 8427
+	ERROR_DS_COUNTING_AB_INDICES_FAILED                                       syscall.Errno = 8428
+	ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED                                    syscall.Errno = 8429
+	ERROR_DS_INTERNAL_FAILURE                                                 syscall.Errno = 8430
+	ERROR_DS_UNKNOWN_ERROR                                                    syscall.Errno = 8431
+	ERROR_DS_ROOT_REQUIRES_CLASS_TOP                                          syscall.Errno = 8432
+	ERROR_DS_REFUSING_FSMO_ROLES                                              syscall.Errno = 8433
+	ERROR_DS_MISSING_FSMO_SETTINGS                                            syscall.Errno = 8434
+	ERROR_DS_UNABLE_TO_SURRENDER_ROLES                                        syscall.Errno = 8435
+	ERROR_DS_DRA_GENERIC                                                      syscall.Errno = 8436
+	ERROR_DS_DRA_INVALID_PARAMETER                                            syscall.Errno = 8437
+	ERROR_DS_DRA_BUSY                                                         syscall.Errno = 8438
+	ERROR_DS_DRA_BAD_DN                                                       syscall.Errno = 8439
+	ERROR_DS_DRA_BAD_NC                                                       syscall.Errno = 8440
+	ERROR_DS_DRA_DN_EXISTS                                                    syscall.Errno = 8441
+	ERROR_DS_DRA_INTERNAL_ERROR                                               syscall.Errno = 8442
+	ERROR_DS_DRA_INCONSISTENT_DIT                                             syscall.Errno = 8443
+	ERROR_DS_DRA_CONNECTION_FAILED                                            syscall.Errno = 8444
+	ERROR_DS_DRA_BAD_INSTANCE_TYPE                                            syscall.Errno = 8445
+	ERROR_DS_DRA_OUT_OF_MEM                                                   syscall.Errno = 8446
+	ERROR_DS_DRA_MAIL_PROBLEM                                                 syscall.Errno = 8447
+	ERROR_DS_DRA_REF_ALREADY_EXISTS                                           syscall.Errno = 8448
+	ERROR_DS_DRA_REF_NOT_FOUND                                                syscall.Errno = 8449
+	ERROR_DS_DRA_OBJ_IS_REP_SOURCE                                            syscall.Errno = 8450
+	ERROR_DS_DRA_DB_ERROR                                                     syscall.Errno = 8451
+	ERROR_DS_DRA_NO_REPLICA                                                   syscall.Errno = 8452
+	ERROR_DS_DRA_ACCESS_DENIED                                                syscall.Errno = 8453
+	ERROR_DS_DRA_NOT_SUPPORTED                                                syscall.Errno = 8454
+	ERROR_DS_DRA_RPC_CANCELLED                                                syscall.Errno = 8455
+	ERROR_DS_DRA_SOURCE_DISABLED                                              syscall.Errno = 8456
+	ERROR_DS_DRA_SINK_DISABLED                                                syscall.Errno = 8457
+	ERROR_DS_DRA_NAME_COLLISION                                               syscall.Errno = 8458
+	ERROR_DS_DRA_SOURCE_REINSTALLED                                           syscall.Errno = 8459
+	ERROR_DS_DRA_MISSING_PARENT                                               syscall.Errno = 8460
+	ERROR_DS_DRA_PREEMPTED                                                    syscall.Errno = 8461
+	ERROR_DS_DRA_ABANDON_SYNC                                                 syscall.Errno = 8462
+	ERROR_DS_DRA_SHUTDOWN                                                     syscall.Errno = 8463
+	ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET                                     syscall.Errno = 8464
+	ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA                                    syscall.Errno = 8465
+	ERROR_DS_DRA_EXTN_CONNECTION_FAILED                                       syscall.Errno = 8466
+	ERROR_DS_INSTALL_SCHEMA_MISMATCH                                          syscall.Errno = 8467
+	ERROR_DS_DUP_LINK_ID                                                      syscall.Errno = 8468
+	ERROR_DS_NAME_ERROR_RESOLVING                                             syscall.Errno = 8469
+	ERROR_DS_NAME_ERROR_NOT_FOUND                                             syscall.Errno = 8470
+	ERROR_DS_NAME_ERROR_NOT_UNIQUE                                            syscall.Errno = 8471
+	ERROR_DS_NAME_ERROR_NO_MAPPING                                            syscall.Errno = 8472
+	ERROR_DS_NAME_ERROR_DOMAIN_ONLY                                           syscall.Errno = 8473
+	ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING                                syscall.Errno = 8474
+	ERROR_DS_CONSTRUCTED_ATT_MOD                                              syscall.Errno = 8475
+	ERROR_DS_WRONG_OM_OBJ_CLASS                                               syscall.Errno = 8476
+	ERROR_DS_DRA_REPL_PENDING                                                 syscall.Errno = 8477
+	ERROR_DS_DS_REQUIRED                                                      syscall.Errno = 8478
+	ERROR_DS_INVALID_LDAP_DISPLAY_NAME                                        syscall.Errno = 8479
+	ERROR_DS_NON_BASE_SEARCH                                                  syscall.Errno = 8480
+	ERROR_DS_CANT_RETRIEVE_ATTS                                               syscall.Errno = 8481
+	ERROR_DS_BACKLINK_WITHOUT_LINK                                            syscall.Errno = 8482
+	ERROR_DS_EPOCH_MISMATCH                                                   syscall.Errno = 8483
+	ERROR_DS_SRC_NAME_MISMATCH                                                syscall.Errno = 8484
+	ERROR_DS_SRC_AND_DST_NC_IDENTICAL                                         syscall.Errno = 8485
+	ERROR_DS_DST_NC_MISMATCH                                                  syscall.Errno = 8486
+	ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC                                       syscall.Errno = 8487
+	ERROR_DS_SRC_GUID_MISMATCH                                                syscall.Errno = 8488
+	ERROR_DS_CANT_MOVE_DELETED_OBJECT                                         syscall.Errno = 8489
+	ERROR_DS_PDC_OPERATION_IN_PROGRESS                                        syscall.Errno = 8490
+	ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD                                        syscall.Errno = 8491
+	ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION                                      syscall.Errno = 8492
+	ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS                                  syscall.Errno = 8493
+	ERROR_DS_NC_MUST_HAVE_NC_PARENT                                           syscall.Errno = 8494
+	ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE                                        syscall.Errno = 8495
+	ERROR_DS_DST_DOMAIN_NOT_NATIVE                                            syscall.Errno = 8496
+	ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER                                 syscall.Errno = 8497
+	ERROR_DS_CANT_MOVE_ACCOUNT_GROUP                                          syscall.Errno = 8498
+	ERROR_DS_CANT_MOVE_RESOURCE_GROUP                                         syscall.Errno = 8499
+	ERROR_DS_INVALID_SEARCH_FLAG                                              syscall.Errno = 8500
+	ERROR_DS_NO_TREE_DELETE_ABOVE_NC                                          syscall.Errno = 8501
+	ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE                                     syscall.Errno = 8502
+	ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE                         syscall.Errno = 8503
+	ERROR_DS_SAM_INIT_FAILURE                                                 syscall.Errno = 8504
+	ERROR_DS_SENSITIVE_GROUP_VIOLATION                                        syscall.Errno = 8505
+	ERROR_DS_CANT_MOD_PRIMARYGROUPID                                          syscall.Errno = 8506
+	ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD                                          syscall.Errno = 8507
+	ERROR_DS_NONSAFE_SCHEMA_CHANGE                                            syscall.Errno = 8508
+	ERROR_DS_SCHEMA_UPDATE_DISALLOWED                                         syscall.Errno = 8509
+	ERROR_DS_CANT_CREATE_UNDER_SCHEMA                                         syscall.Errno = 8510
+	ERROR_DS_INSTALL_NO_SRC_SCH_VERSION                                       syscall.Errno = 8511
+	ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE                                syscall.Errno = 8512
+	ERROR_DS_INVALID_GROUP_TYPE                                               syscall.Errno = 8513
+	ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN                               syscall.Errno = 8514
+	ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN                                syscall.Errno = 8515
+	ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER                                    syscall.Errno = 8516
+	ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER                                syscall.Errno = 8517
+	ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER                                 syscall.Errno = 8518
+	ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER                              syscall.Errno = 8519
+	ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER                         syscall.Errno = 8520
+	ERROR_DS_HAVE_PRIMARY_MEMBERS                                             syscall.Errno = 8521
+	ERROR_DS_STRING_SD_CONVERSION_FAILED                                      syscall.Errno = 8522
+	ERROR_DS_NAMING_MASTER_GC                                                 syscall.Errno = 8523
+	ERROR_DS_DNS_LOOKUP_FAILURE                                               syscall.Errno = 8524
+	ERROR_DS_COULDNT_UPDATE_SPNS                                              syscall.Errno = 8525
+	ERROR_DS_CANT_RETRIEVE_SD                                                 syscall.Errno = 8526
+	ERROR_DS_KEY_NOT_UNIQUE                                                   syscall.Errno = 8527
+	ERROR_DS_WRONG_LINKED_ATT_SYNTAX                                          syscall.Errno = 8528
+	ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD                                        syscall.Errno = 8529
+	ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY                                          syscall.Errno = 8530
+	ERROR_DS_CANT_START                                                       syscall.Errno = 8531
+	ERROR_DS_INIT_FAILURE                                                     syscall.Errno = 8532
+	ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION                                     syscall.Errno = 8533
+	ERROR_DS_SOURCE_DOMAIN_IN_FOREST                                          syscall.Errno = 8534
+	ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST                                 syscall.Errno = 8535
+	ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED                                 syscall.Errno = 8536
+	ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN                                      syscall.Errno = 8537
+	ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER                                        syscall.Errno = 8538
+	ERROR_DS_SRC_SID_EXISTS_IN_FOREST                                         syscall.Errno = 8539
+	ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH                                syscall.Errno = 8540
+	ERROR_SAM_INIT_FAILURE                                                    syscall.Errno = 8541
+	ERROR_DS_DRA_SCHEMA_INFO_SHIP                                             syscall.Errno = 8542
+	ERROR_DS_DRA_SCHEMA_CONFLICT                                              syscall.Errno = 8543
+	ERROR_DS_DRA_EARLIER_SCHEMA_CONFLICT                                      syscall.Errno = 8544
+	ERROR_DS_DRA_OBJ_NC_MISMATCH                                              syscall.Errno = 8545
+	ERROR_DS_NC_STILL_HAS_DSAS                                                syscall.Errno = 8546
+	ERROR_DS_GC_REQUIRED                                                      syscall.Errno = 8547
+	ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY                                       syscall.Errno = 8548
+	ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS                                       syscall.Errno = 8549
+	ERROR_DS_CANT_ADD_TO_GC                                                   syscall.Errno = 8550
+	ERROR_DS_NO_CHECKPOINT_WITH_PDC                                           syscall.Errno = 8551
+	ERROR_DS_SOURCE_AUDITING_NOT_ENABLED                                      syscall.Errno = 8552
+	ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC                                      syscall.Errno = 8553
+	ERROR_DS_INVALID_NAME_FOR_SPN                                             syscall.Errno = 8554
+	ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS                                     syscall.Errno = 8555
+	ERROR_DS_UNICODEPWD_NOT_IN_QUOTES                                         syscall.Errno = 8556
+	ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED                                   syscall.Errno = 8557
+	ERROR_DS_MUST_BE_RUN_ON_DST_DC                                            syscall.Errno = 8558
+	ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER                                    syscall.Errno = 8559
+	ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ                                    syscall.Errno = 8560
+	ERROR_DS_INIT_FAILURE_CONSOLE                                             syscall.Errno = 8561
+	ERROR_DS_SAM_INIT_FAILURE_CONSOLE                                         syscall.Errno = 8562
+	ERROR_DS_FOREST_VERSION_TOO_HIGH                                          syscall.Errno = 8563
+	ERROR_DS_DOMAIN_VERSION_TOO_HIGH                                          syscall.Errno = 8564
+	ERROR_DS_FOREST_VERSION_TOO_LOW                                           syscall.Errno = 8565
+	ERROR_DS_DOMAIN_VERSION_TOO_LOW                                           syscall.Errno = 8566
+	ERROR_DS_INCOMPATIBLE_VERSION                                             syscall.Errno = 8567
+	ERROR_DS_LOW_DSA_VERSION                                                  syscall.Errno = 8568
+	ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN                               syscall.Errno = 8569
+	ERROR_DS_NOT_SUPPORTED_SORT_ORDER                                         syscall.Errno = 8570
+	ERROR_DS_NAME_NOT_UNIQUE                                                  syscall.Errno = 8571
+	ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4                                   syscall.Errno = 8572
+	ERROR_DS_OUT_OF_VERSION_STORE                                             syscall.Errno = 8573
+	ERROR_DS_INCOMPATIBLE_CONTROLS_USED                                       syscall.Errno = 8574
+	ERROR_DS_NO_REF_DOMAIN                                                    syscall.Errno = 8575
+	ERROR_DS_RESERVED_LINK_ID                                                 syscall.Errno = 8576
+	ERROR_DS_LINK_ID_NOT_AVAILABLE                                            syscall.Errno = 8577
+	ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER                                    syscall.Errno = 8578
+	ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE                             syscall.Errno = 8579
+	ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC                                      syscall.Errno = 8580
+	ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG                                      syscall.Errno = 8581
+	ERROR_DS_MODIFYDN_WRONG_GRANDPARENT                                       syscall.Errno = 8582
+	ERROR_DS_NAME_ERROR_TRUST_REFERRAL                                        syscall.Errno = 8583
+	ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER                                    syscall.Errno = 8584
+	ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD                                    syscall.Errno = 8585
+	ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2                                     syscall.Errno = 8586
+	ERROR_DS_THREAD_LIMIT_EXCEEDED                                            syscall.Errno = 8587
+	ERROR_DS_NOT_CLOSEST                                                      syscall.Errno = 8588
+	ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF                               syscall.Errno = 8589
+	ERROR_DS_SINGLE_USER_MODE_FAILED                                          syscall.Errno = 8590
+	ERROR_DS_NTDSCRIPT_SYNTAX_ERROR                                           syscall.Errno = 8591
+	ERROR_DS_NTDSCRIPT_PROCESS_ERROR                                          syscall.Errno = 8592
+	ERROR_DS_DIFFERENT_REPL_EPOCHS                                            syscall.Errno = 8593
+	ERROR_DS_DRS_EXTENSIONS_CHANGED                                           syscall.Errno = 8594
+	ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR                    syscall.Errno = 8595
+	ERROR_DS_NO_MSDS_INTID                                                    syscall.Errno = 8596
+	ERROR_DS_DUP_MSDS_INTID                                                   syscall.Errno = 8597
+	ERROR_DS_EXISTS_IN_RDNATTID                                               syscall.Errno = 8598
+	ERROR_DS_AUTHORIZATION_FAILED                                             syscall.Errno = 8599
+	ERROR_DS_INVALID_SCRIPT                                                   syscall.Errno = 8600
+	ERROR_DS_REMOTE_CROSSREF_OP_FAILED                                        syscall.Errno = 8601
+	ERROR_DS_CROSS_REF_BUSY                                                   syscall.Errno = 8602
+	ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN                               syscall.Errno = 8603
+	ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC                                    syscall.Errno = 8604
+	ERROR_DS_DUPLICATE_ID_FOUND                                               syscall.Errno = 8605
+	ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT                               syscall.Errno = 8606
+	ERROR_DS_GROUP_CONVERSION_ERROR                                           syscall.Errno = 8607
+	ERROR_DS_CANT_MOVE_APP_BASIC_GROUP                                        syscall.Errno = 8608
+	ERROR_DS_CANT_MOVE_APP_QUERY_GROUP                                        syscall.Errno = 8609
+	ERROR_DS_ROLE_NOT_VERIFIED                                                syscall.Errno = 8610
+	ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL                                  syscall.Errno = 8611
+	ERROR_DS_DOMAIN_RENAME_IN_PROGRESS                                        syscall.Errno = 8612
+	ERROR_DS_EXISTING_AD_CHILD_NC                                             syscall.Errno = 8613
+	ERROR_DS_REPL_LIFETIME_EXCEEDED                                           syscall.Errno = 8614
+	ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER                                   syscall.Errno = 8615
+	ERROR_DS_LDAP_SEND_QUEUE_FULL                                             syscall.Errno = 8616
+	ERROR_DS_DRA_OUT_SCHEDULE_WINDOW                                          syscall.Errno = 8617
+	ERROR_DS_POLICY_NOT_KNOWN                                                 syscall.Errno = 8618
+	ERROR_NO_SITE_SETTINGS_OBJECT                                             syscall.Errno = 8619
+	ERROR_NO_SECRETS                                                          syscall.Errno = 8620
+	ERROR_NO_WRITABLE_DC_FOUND                                                syscall.Errno = 8621
+	ERROR_DS_NO_SERVER_OBJECT                                                 syscall.Errno = 8622
+	ERROR_DS_NO_NTDSA_OBJECT                                                  syscall.Errno = 8623
+	ERROR_DS_NON_ASQ_SEARCH                                                   syscall.Errno = 8624
+	ERROR_DS_AUDIT_FAILURE                                                    syscall.Errno = 8625
+	ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE                                      syscall.Errno = 8626
+	ERROR_DS_INVALID_SEARCH_FLAG_TUPLE                                        syscall.Errno = 8627
+	ERROR_DS_HIERARCHY_TABLE_TOO_DEEP                                         syscall.Errno = 8628
+	ERROR_DS_DRA_CORRUPT_UTD_VECTOR                                           syscall.Errno = 8629
+	ERROR_DS_DRA_SECRETS_DENIED                                               syscall.Errno = 8630
+	ERROR_DS_RESERVED_MAPI_ID                                                 syscall.Errno = 8631
+	ERROR_DS_MAPI_ID_NOT_AVAILABLE                                            syscall.Errno = 8632
+	ERROR_DS_DRA_MISSING_KRBTGT_SECRET                                        syscall.Errno = 8633
+	ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST                                     syscall.Errno = 8634
+	ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST                                       syscall.Errno = 8635
+	ERROR_INVALID_USER_PRINCIPAL_NAME                                         syscall.Errno = 8636
+	ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS                               syscall.Errno = 8637
+	ERROR_DS_OID_NOT_FOUND                                                    syscall.Errno = 8638
+	ERROR_DS_DRA_RECYCLED_TARGET                                              syscall.Errno = 8639
+	ERROR_DS_DISALLOWED_NC_REDIRECT                                           syscall.Errno = 8640
+	ERROR_DS_HIGH_ADLDS_FFL                                                   syscall.Errno = 8641
+	ERROR_DS_HIGH_DSA_VERSION                                                 syscall.Errno = 8642
+	ERROR_DS_LOW_ADLDS_FFL                                                    syscall.Errno = 8643
+	ERROR_DOMAIN_SID_SAME_AS_LOCAL_WORKSTATION                                syscall.Errno = 8644
+	ERROR_DS_UNDELETE_SAM_VALIDATION_FAILED                                   syscall.Errno = 8645
+	ERROR_INCORRECT_ACCOUNT_TYPE                                              syscall.Errno = 8646
+	ERROR_DS_SPN_VALUE_NOT_UNIQUE_IN_FOREST                                   syscall.Errno = 8647
+	ERROR_DS_UPN_VALUE_NOT_UNIQUE_IN_FOREST                                   syscall.Errno = 8648
+	ERROR_DS_MISSING_FOREST_TRUST                                             syscall.Errno = 8649
+	ERROR_DS_VALUE_KEY_NOT_UNIQUE                                             syscall.Errno = 8650
+	DNS_ERROR_RESPONSE_CODES_BASE                                             syscall.Errno = 9000
+	DNS_ERROR_RCODE_NO_ERROR                                                                = ERROR_SUCCESS
+	DNS_ERROR_MASK                                                            syscall.Errno = 0x00002328
+	DNS_ERROR_RCODE_FORMAT_ERROR                                              syscall.Errno = 9001
+	DNS_ERROR_RCODE_SERVER_FAILURE                                            syscall.Errno = 9002
+	DNS_ERROR_RCODE_NAME_ERROR                                                syscall.Errno = 9003
+	DNS_ERROR_RCODE_NOT_IMPLEMENTED                                           syscall.Errno = 9004
+	DNS_ERROR_RCODE_REFUSED                                                   syscall.Errno = 9005
+	DNS_ERROR_RCODE_YXDOMAIN                                                  syscall.Errno = 9006
+	DNS_ERROR_RCODE_YXRRSET                                                   syscall.Errno = 9007
+	DNS_ERROR_RCODE_NXRRSET                                                   syscall.Errno = 9008
+	DNS_ERROR_RCODE_NOTAUTH                                                   syscall.Errno = 9009
+	DNS_ERROR_RCODE_NOTZONE                                                   syscall.Errno = 9010
+	DNS_ERROR_RCODE_BADSIG                                                    syscall.Errno = 9016
+	DNS_ERROR_RCODE_BADKEY                                                    syscall.Errno = 9017
+	DNS_ERROR_RCODE_BADTIME                                                   syscall.Errno = 9018
+	DNS_ERROR_RCODE_LAST                                                                    = DNS_ERROR_RCODE_BADTIME
+	DNS_ERROR_DNSSEC_BASE                                                     syscall.Errno = 9100
+	DNS_ERROR_KEYMASTER_REQUIRED                                              syscall.Errno = 9101
+	DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE                                      syscall.Errno = 9102
+	DNS_ERROR_NSEC3_INCOMPATIBLE_WITH_RSA_SHA1                                syscall.Errno = 9103
+	DNS_ERROR_NOT_ENOUGH_SIGNING_KEY_DESCRIPTORS                              syscall.Errno = 9104
+	DNS_ERROR_UNSUPPORTED_ALGORITHM                                           syscall.Errno = 9105
+	DNS_ERROR_INVALID_KEY_SIZE                                                syscall.Errno = 9106
+	DNS_ERROR_SIGNING_KEY_NOT_ACCESSIBLE                                      syscall.Errno = 9107
+	DNS_ERROR_KSP_DOES_NOT_SUPPORT_PROTECTION                                 syscall.Errno = 9108
+	DNS_ERROR_UNEXPECTED_DATA_PROTECTION_ERROR                                syscall.Errno = 9109
+	DNS_ERROR_UNEXPECTED_CNG_ERROR                                            syscall.Errno = 9110
+	DNS_ERROR_UNKNOWN_SIGNING_PARAMETER_VERSION                               syscall.Errno = 9111
+	DNS_ERROR_KSP_NOT_ACCESSIBLE                                              syscall.Errno = 9112
+	DNS_ERROR_TOO_MANY_SKDS                                                   syscall.Errno = 9113
+	DNS_ERROR_INVALID_ROLLOVER_PERIOD                                         syscall.Errno = 9114
+	DNS_ERROR_INVALID_INITIAL_ROLLOVER_OFFSET                                 syscall.Errno = 9115
+	DNS_ERROR_ROLLOVER_IN_PROGRESS                                            syscall.Errno = 9116
+	DNS_ERROR_STANDBY_KEY_NOT_PRESENT                                         syscall.Errno = 9117
+	DNS_ERROR_NOT_ALLOWED_ON_ZSK                                              syscall.Errno = 9118
+	DNS_ERROR_NOT_ALLOWED_ON_ACTIVE_SKD                                       syscall.Errno = 9119
+	DNS_ERROR_ROLLOVER_ALREADY_QUEUED                                         syscall.Errno = 9120
+	DNS_ERROR_NOT_ALLOWED_ON_UNSIGNED_ZONE                                    syscall.Errno = 9121
+	DNS_ERROR_BAD_KEYMASTER                                                   syscall.Errno = 9122
+	DNS_ERROR_INVALID_SIGNATURE_VALIDITY_PERIOD                               syscall.Errno = 9123
+	DNS_ERROR_INVALID_NSEC3_ITERATION_COUNT                                   syscall.Errno = 9124
+	DNS_ERROR_DNSSEC_IS_DISABLED                                              syscall.Errno = 9125
+	DNS_ERROR_INVALID_XML                                                     syscall.Errno = 9126
+	DNS_ERROR_NO_VALID_TRUST_ANCHORS                                          syscall.Errno = 9127
+	DNS_ERROR_ROLLOVER_NOT_POKEABLE                                           syscall.Errno = 9128
+	DNS_ERROR_NSEC3_NAME_COLLISION                                            syscall.Errno = 9129
+	DNS_ERROR_NSEC_INCOMPATIBLE_WITH_NSEC3_RSA_SHA1                           syscall.Errno = 9130
+	DNS_ERROR_PACKET_FMT_BASE                                                 syscall.Errno = 9500
+	DNS_INFO_NO_RECORDS                                                       syscall.Errno = 9501
+	DNS_ERROR_BAD_PACKET                                                      syscall.Errno = 9502
+	DNS_ERROR_NO_PACKET                                                       syscall.Errno = 9503
+	DNS_ERROR_RCODE                                                           syscall.Errno = 9504
+	DNS_ERROR_UNSECURE_PACKET                                                 syscall.Errno = 9505
+	DNS_STATUS_PACKET_UNSECURE                                                              = DNS_ERROR_UNSECURE_PACKET
+	DNS_REQUEST_PENDING                                                       syscall.Errno = 9506
+	DNS_ERROR_NO_MEMORY                                                                     = ERROR_OUTOFMEMORY
+	DNS_ERROR_INVALID_NAME                                                                  = ERROR_INVALID_NAME
+	DNS_ERROR_INVALID_DATA                                                                  = ERROR_INVALID_DATA
+	DNS_ERROR_GENERAL_API_BASE                                                syscall.Errno = 9550
+	DNS_ERROR_INVALID_TYPE                                                    syscall.Errno = 9551
+	DNS_ERROR_INVALID_IP_ADDRESS                                              syscall.Errno = 9552
+	DNS_ERROR_INVALID_PROPERTY                                                syscall.Errno = 9553
+	DNS_ERROR_TRY_AGAIN_LATER                                                 syscall.Errno = 9554
+	DNS_ERROR_NOT_UNIQUE                                                      syscall.Errno = 9555
+	DNS_ERROR_NON_RFC_NAME                                                    syscall.Errno = 9556
+	DNS_STATUS_FQDN                                                           syscall.Errno = 9557
+	DNS_STATUS_DOTTED_NAME                                                    syscall.Errno = 9558
+	DNS_STATUS_SINGLE_PART_NAME                                               syscall.Errno = 9559
+	DNS_ERROR_INVALID_NAME_CHAR                                               syscall.Errno = 9560
+	DNS_ERROR_NUMERIC_NAME                                                    syscall.Errno = 9561
+	DNS_ERROR_NOT_ALLOWED_ON_ROOT_SERVER                                      syscall.Errno = 9562
+	DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION                                    syscall.Errno = 9563
+	DNS_ERROR_CANNOT_FIND_ROOT_HINTS                                          syscall.Errno = 9564
+	DNS_ERROR_INCONSISTENT_ROOT_HINTS                                         syscall.Errno = 9565
+	DNS_ERROR_DWORD_VALUE_TOO_SMALL                                           syscall.Errno = 9566
+	DNS_ERROR_DWORD_VALUE_TOO_LARGE                                           syscall.Errno = 9567
+	DNS_ERROR_BACKGROUND_LOADING                                              syscall.Errno = 9568
+	DNS_ERROR_NOT_ALLOWED_ON_RODC                                             syscall.Errno = 9569
+	DNS_ERROR_NOT_ALLOWED_UNDER_DNAME                                         syscall.Errno = 9570
+	DNS_ERROR_DELEGATION_REQUIRED                                             syscall.Errno = 9571
+	DNS_ERROR_INVALID_POLICY_TABLE                                            syscall.Errno = 9572
+	DNS_ERROR_ADDRESS_REQUIRED                                                syscall.Errno = 9573
+	DNS_ERROR_ZONE_BASE                                                       syscall.Errno = 9600
+	DNS_ERROR_ZONE_DOES_NOT_EXIST                                             syscall.Errno = 9601
+	DNS_ERROR_NO_ZONE_INFO                                                    syscall.Errno = 9602
+	DNS_ERROR_INVALID_ZONE_OPERATION                                          syscall.Errno = 9603
+	DNS_ERROR_ZONE_CONFIGURATION_ERROR                                        syscall.Errno = 9604
+	DNS_ERROR_ZONE_HAS_NO_SOA_RECORD                                          syscall.Errno = 9605
+	DNS_ERROR_ZONE_HAS_NO_NS_RECORDS                                          syscall.Errno = 9606
+	DNS_ERROR_ZONE_LOCKED                                                     syscall.Errno = 9607
+	DNS_ERROR_ZONE_CREATION_FAILED                                            syscall.Errno = 9608
+	DNS_ERROR_ZONE_ALREADY_EXISTS                                             syscall.Errno = 9609
+	DNS_ERROR_AUTOZONE_ALREADY_EXISTS                                         syscall.Errno = 9610
+	DNS_ERROR_INVALID_ZONE_TYPE                                               syscall.Errno = 9611
+	DNS_ERROR_SECONDARY_REQUIRES_MASTER_IP                                    syscall.Errno = 9612
+	DNS_ERROR_ZONE_NOT_SECONDARY                                              syscall.Errno = 9613
+	DNS_ERROR_NEED_SECONDARY_ADDRESSES                                        syscall.Errno = 9614
+	DNS_ERROR_WINS_INIT_FAILED                                                syscall.Errno = 9615
+	DNS_ERROR_NEED_WINS_SERVERS                                               syscall.Errno = 9616
+	DNS_ERROR_NBSTAT_INIT_FAILED                                              syscall.Errno = 9617
+	DNS_ERROR_SOA_DELETE_INVALID                                              syscall.Errno = 9618
+	DNS_ERROR_FORWARDER_ALREADY_EXISTS                                        syscall.Errno = 9619
+	DNS_ERROR_ZONE_REQUIRES_MASTER_IP                                         syscall.Errno = 9620
+	DNS_ERROR_ZONE_IS_SHUTDOWN                                                syscall.Errno = 9621
+	DNS_ERROR_ZONE_LOCKED_FOR_SIGNING                                         syscall.Errno = 9622
+	DNS_ERROR_DATAFILE_BASE                                                   syscall.Errno = 9650
+	DNS_ERROR_PRIMARY_REQUIRES_DATAFILE                                       syscall.Errno = 9651
+	DNS_ERROR_INVALID_DATAFILE_NAME                                           syscall.Errno = 9652
+	DNS_ERROR_DATAFILE_OPEN_FAILURE                                           syscall.Errno = 9653
+	DNS_ERROR_FILE_WRITEBACK_FAILED                                           syscall.Errno = 9654
+	DNS_ERROR_DATAFILE_PARSING                                                syscall.Errno = 9655
+	DNS_ERROR_DATABASE_BASE                                                   syscall.Errno = 9700
+	DNS_ERROR_RECORD_DOES_NOT_EXIST                                           syscall.Errno = 9701
+	DNS_ERROR_RECORD_FORMAT                                                   syscall.Errno = 9702
+	DNS_ERROR_NODE_CREATION_FAILED                                            syscall.Errno = 9703
+	DNS_ERROR_UNKNOWN_RECORD_TYPE                                             syscall.Errno = 9704
+	DNS_ERROR_RECORD_TIMED_OUT                                                syscall.Errno = 9705
+	DNS_ERROR_NAME_NOT_IN_ZONE                                                syscall.Errno = 9706
+	DNS_ERROR_CNAME_LOOP                                                      syscall.Errno = 9707
+	DNS_ERROR_NODE_IS_CNAME                                                   syscall.Errno = 9708
+	DNS_ERROR_CNAME_COLLISION                                                 syscall.Errno = 9709
+	DNS_ERROR_RECORD_ONLY_AT_ZONE_ROOT                                        syscall.Errno = 9710
+	DNS_ERROR_RECORD_ALREADY_EXISTS                                           syscall.Errno = 9711
+	DNS_ERROR_SECONDARY_DATA                                                  syscall.Errno = 9712
+	DNS_ERROR_NO_CREATE_CACHE_DATA                                            syscall.Errno = 9713
+	DNS_ERROR_NAME_DOES_NOT_EXIST                                             syscall.Errno = 9714
+	DNS_WARNING_PTR_CREATE_FAILED                                             syscall.Errno = 9715
+	DNS_WARNING_DOMAIN_UNDELETED                                              syscall.Errno = 9716
+	DNS_ERROR_DS_UNAVAILABLE                                                  syscall.Errno = 9717
+	DNS_ERROR_DS_ZONE_ALREADY_EXISTS                                          syscall.Errno = 9718
+	DNS_ERROR_NO_BOOTFILE_IF_DS_ZONE                                          syscall.Errno = 9719
+	DNS_ERROR_NODE_IS_DNAME                                                   syscall.Errno = 9720
+	DNS_ERROR_DNAME_COLLISION                                                 syscall.Errno = 9721
+	DNS_ERROR_ALIAS_LOOP                                                      syscall.Errno = 9722
+	DNS_ERROR_OPERATION_BASE                                                  syscall.Errno = 9750
+	DNS_INFO_AXFR_COMPLETE                                                    syscall.Errno = 9751
+	DNS_ERROR_AXFR                                                            syscall.Errno = 9752
+	DNS_INFO_ADDED_LOCAL_WINS                                                 syscall.Errno = 9753
+	DNS_ERROR_SECURE_BASE                                                     syscall.Errno = 9800
+	DNS_STATUS_CONTINUE_NEEDED                                                syscall.Errno = 9801
+	DNS_ERROR_SETUP_BASE                                                      syscall.Errno = 9850
+	DNS_ERROR_NO_TCPIP                                                        syscall.Errno = 9851
+	DNS_ERROR_NO_DNS_SERVERS                                                  syscall.Errno = 9852
+	DNS_ERROR_DP_BASE                                                         syscall.Errno = 9900
+	DNS_ERROR_DP_DOES_NOT_EXIST                                               syscall.Errno = 9901
+	DNS_ERROR_DP_ALREADY_EXISTS                                               syscall.Errno = 9902
+	DNS_ERROR_DP_NOT_ENLISTED                                                 syscall.Errno = 9903
+	DNS_ERROR_DP_ALREADY_ENLISTED                                             syscall.Errno = 9904
+	DNS_ERROR_DP_NOT_AVAILABLE                                                syscall.Errno = 9905
+	DNS_ERROR_DP_FSMO_ERROR                                                   syscall.Errno = 9906
+	DNS_ERROR_RRL_NOT_ENABLED                                                 syscall.Errno = 9911
+	DNS_ERROR_RRL_INVALID_WINDOW_SIZE                                         syscall.Errno = 9912
+	DNS_ERROR_RRL_INVALID_IPV4_PREFIX                                         syscall.Errno = 9913
+	DNS_ERROR_RRL_INVALID_IPV6_PREFIX                                         syscall.Errno = 9914
+	DNS_ERROR_RRL_INVALID_TC_RATE                                             syscall.Errno = 9915
+	DNS_ERROR_RRL_INVALID_LEAK_RATE                                           syscall.Errno = 9916
+	DNS_ERROR_RRL_LEAK_RATE_LESSTHAN_TC_RATE                                  syscall.Errno = 9917
+	DNS_ERROR_VIRTUALIZATION_INSTANCE_ALREADY_EXISTS                          syscall.Errno = 9921
+	DNS_ERROR_VIRTUALIZATION_INSTANCE_DOES_NOT_EXIST                          syscall.Errno = 9922
+	DNS_ERROR_VIRTUALIZATION_TREE_LOCKED                                      syscall.Errno = 9923
+	DNS_ERROR_INVAILD_VIRTUALIZATION_INSTANCE_NAME                            syscall.Errno = 9924
+	DNS_ERROR_DEFAULT_VIRTUALIZATION_INSTANCE                                 syscall.Errno = 9925
+	DNS_ERROR_ZONESCOPE_ALREADY_EXISTS                                        syscall.Errno = 9951
+	DNS_ERROR_ZONESCOPE_DOES_NOT_EXIST                                        syscall.Errno = 9952
+	DNS_ERROR_DEFAULT_ZONESCOPE                                               syscall.Errno = 9953
+	DNS_ERROR_INVALID_ZONESCOPE_NAME                                          syscall.Errno = 9954
+	DNS_ERROR_NOT_ALLOWED_WITH_ZONESCOPES                                     syscall.Errno = 9955
+	DNS_ERROR_LOAD_ZONESCOPE_FAILED                                           syscall.Errno = 9956
+	DNS_ERROR_ZONESCOPE_FILE_WRITEBACK_FAILED                                 syscall.Errno = 9957
+	DNS_ERROR_INVALID_SCOPE_NAME                                              syscall.Errno = 9958
+	DNS_ERROR_SCOPE_DOES_NOT_EXIST                                            syscall.Errno = 9959
+	DNS_ERROR_DEFAULT_SCOPE                                                   syscall.Errno = 9960
+	DNS_ERROR_INVALID_SCOPE_OPERATION                                         syscall.Errno = 9961
+	DNS_ERROR_SCOPE_LOCKED                                                    syscall.Errno = 9962
+	DNS_ERROR_SCOPE_ALREADY_EXISTS                                            syscall.Errno = 9963
+	DNS_ERROR_POLICY_ALREADY_EXISTS                                           syscall.Errno = 9971
+	DNS_ERROR_POLICY_DOES_NOT_EXIST                                           syscall.Errno = 9972
+	DNS_ERROR_POLICY_INVALID_CRITERIA                                         syscall.Errno = 9973
+	DNS_ERROR_POLICY_INVALID_SETTINGS                                         syscall.Errno = 9974
+	DNS_ERROR_CLIENT_SUBNET_IS_ACCESSED                                       syscall.Errno = 9975
+	DNS_ERROR_CLIENT_SUBNET_DOES_NOT_EXIST                                    syscall.Errno = 9976
+	DNS_ERROR_CLIENT_SUBNET_ALREADY_EXISTS                                    syscall.Errno = 9977
+	DNS_ERROR_SUBNET_DOES_NOT_EXIST                                           syscall.Errno = 9978
+	DNS_ERROR_SUBNET_ALREADY_EXISTS                                           syscall.Errno = 9979
+	DNS_ERROR_POLICY_LOCKED                                                   syscall.Errno = 9980
+	DNS_ERROR_POLICY_INVALID_WEIGHT                                           syscall.Errno = 9981
+	DNS_ERROR_POLICY_INVALID_NAME                                             syscall.Errno = 9982
+	DNS_ERROR_POLICY_MISSING_CRITERIA                                         syscall.Errno = 9983
+	DNS_ERROR_INVALID_CLIENT_SUBNET_NAME                                      syscall.Errno = 9984
+	DNS_ERROR_POLICY_PROCESSING_ORDER_INVALID                                 syscall.Errno = 9985
+	DNS_ERROR_POLICY_SCOPE_MISSING                                            syscall.Errno = 9986
+	DNS_ERROR_POLICY_SCOPE_NOT_ALLOWED                                        syscall.Errno = 9987
+	DNS_ERROR_SERVERSCOPE_IS_REFERENCED                                       syscall.Errno = 9988
+	DNS_ERROR_ZONESCOPE_IS_REFERENCED                                         syscall.Errno = 9989
+	DNS_ERROR_POLICY_INVALID_CRITERIA_CLIENT_SUBNET                           syscall.Errno = 9990
+	DNS_ERROR_POLICY_INVALID_CRITERIA_TRANSPORT_PROTOCOL                      syscall.Errno = 9991
+	DNS_ERROR_POLICY_INVALID_CRITERIA_NETWORK_PROTOCOL                        syscall.Errno = 9992
+	DNS_ERROR_POLICY_INVALID_CRITERIA_INTERFACE                               syscall.Errno = 9993
+	DNS_ERROR_POLICY_INVALID_CRITERIA_FQDN                                    syscall.Errno = 9994
+	DNS_ERROR_POLICY_INVALID_CRITERIA_QUERY_TYPE                              syscall.Errno = 9995
+	DNS_ERROR_POLICY_INVALID_CRITERIA_TIME_OF_DAY                             syscall.Errno = 9996
+	WSABASEERR                                                                syscall.Errno = 10000
+	WSAEINTR                                                                  syscall.Errno = 10004
+	WSAEBADF                                                                  syscall.Errno = 10009
+	WSAEACCES                                                                 syscall.Errno = 10013
+	WSAEFAULT                                                                 syscall.Errno = 10014
+	WSAEINVAL                                                                 syscall.Errno = 10022
+	WSAEMFILE                                                                 syscall.Errno = 10024
+	WSAEWOULDBLOCK                                                            syscall.Errno = 10035
+	WSAEINPROGRESS                                                            syscall.Errno = 10036
+	WSAEALREADY                                                               syscall.Errno = 10037
+	WSAENOTSOCK                                                               syscall.Errno = 10038
+	WSAEDESTADDRREQ                                                           syscall.Errno = 10039
+	WSAEMSGSIZE                                                               syscall.Errno = 10040
+	WSAEPROTOTYPE                                                             syscall.Errno = 10041
+	WSAENOPROTOOPT                                                            syscall.Errno = 10042
+	WSAEPROTONOSUPPORT                                                        syscall.Errno = 10043
+	WSAESOCKTNOSUPPORT                                                        syscall.Errno = 10044
+	WSAEOPNOTSUPP                                                             syscall.Errno = 10045
+	WSAEPFNOSUPPORT                                                           syscall.Errno = 10046
+	WSAEAFNOSUPPORT                                                           syscall.Errno = 10047
+	WSAEADDRINUSE                                                             syscall.Errno = 10048
+	WSAEADDRNOTAVAIL                                                          syscall.Errno = 10049
+	WSAENETDOWN                                                               syscall.Errno = 10050
+	WSAENETUNREACH                                                            syscall.Errno = 10051
+	WSAENETRESET                                                              syscall.Errno = 10052
+	WSAECONNABORTED                                                           syscall.Errno = 10053
+	WSAECONNRESET                                                             syscall.Errno = 10054
+	WSAENOBUFS                                                                syscall.Errno = 10055
+	WSAEISCONN                                                                syscall.Errno = 10056
+	WSAENOTCONN                                                               syscall.Errno = 10057
+	WSAESHUTDOWN                                                              syscall.Errno = 10058
+	WSAETOOMANYREFS                                                           syscall.Errno = 10059
+	WSAETIMEDOUT                                                              syscall.Errno = 10060
+	WSAECONNREFUSED                                                           syscall.Errno = 10061
+	WSAELOOP                                                                  syscall.Errno = 10062
+	WSAENAMETOOLONG                                                           syscall.Errno = 10063
+	WSAEHOSTDOWN                                                              syscall.Errno = 10064
+	WSAEHOSTUNREACH                                                           syscall.Errno = 10065
+	WSAENOTEMPTY                                                              syscall.Errno = 10066
+	WSAEPROCLIM                                                               syscall.Errno = 10067
+	WSAEUSERS                                                                 syscall.Errno = 10068
+	WSAEDQUOT                                                                 syscall.Errno = 10069
+	WSAESTALE                                                                 syscall.Errno = 10070
+	WSAEREMOTE                                                                syscall.Errno = 10071
+	WSASYSNOTREADY                                                            syscall.Errno = 10091
+	WSAVERNOTSUPPORTED                                                        syscall.Errno = 10092
+	WSANOTINITIALISED                                                         syscall.Errno = 10093
+	WSAEDISCON                                                                syscall.Errno = 10101
+	WSAENOMORE                                                                syscall.Errno = 10102
+	WSAECANCELLED                                                             syscall.Errno = 10103
+	WSAEINVALIDPROCTABLE                                                      syscall.Errno = 10104
+	WSAEINVALIDPROVIDER                                                       syscall.Errno = 10105
+	WSAEPROVIDERFAILEDINIT                                                    syscall.Errno = 10106
+	WSASYSCALLFAILURE                                                         syscall.Errno = 10107
+	WSASERVICE_NOT_FOUND                                                      syscall.Errno = 10108
+	WSATYPE_NOT_FOUND                                                         syscall.Errno = 10109
+	WSA_E_NO_MORE                                                             syscall.Errno = 10110
+	WSA_E_CANCELLED                                                           syscall.Errno = 10111
+	WSAEREFUSED                                                               syscall.Errno = 10112
+	WSAHOST_NOT_FOUND                                                         syscall.Errno = 11001
+	WSATRY_AGAIN                                                              syscall.Errno = 11002
+	WSANO_RECOVERY                                                            syscall.Errno = 11003
+	WSANO_DATA                                                                syscall.Errno = 11004
+	WSA_QOS_RECEIVERS                                                         syscall.Errno = 11005
+	WSA_QOS_SENDERS                                                           syscall.Errno = 11006
+	WSA_QOS_NO_SENDERS                                                        syscall.Errno = 11007
+	WSA_QOS_NO_RECEIVERS                                                      syscall.Errno = 11008
+	WSA_QOS_REQUEST_CONFIRMED                                                 syscall.Errno = 11009
+	WSA_QOS_ADMISSION_FAILURE                                                 syscall.Errno = 11010
+	WSA_QOS_POLICY_FAILURE                                                    syscall.Errno = 11011
+	WSA_QOS_BAD_STYLE                                                         syscall.Errno = 11012
+	WSA_QOS_BAD_OBJECT                                                        syscall.Errno = 11013
+	WSA_QOS_TRAFFIC_CTRL_ERROR                                                syscall.Errno = 11014
+	WSA_QOS_GENERIC_ERROR                                                     syscall.Errno = 11015
+	WSA_QOS_ESERVICETYPE                                                      syscall.Errno = 11016
+	WSA_QOS_EFLOWSPEC                                                         syscall.Errno = 11017
+	WSA_QOS_EPROVSPECBUF                                                      syscall.Errno = 11018
+	WSA_QOS_EFILTERSTYLE                                                      syscall.Errno = 11019
+	WSA_QOS_EFILTERTYPE                                                       syscall.Errno = 11020
+	WSA_QOS_EFILTERCOUNT                                                      syscall.Errno = 11021
+	WSA_QOS_EOBJLENGTH                                                        syscall.Errno = 11022
+	WSA_QOS_EFLOWCOUNT                                                        syscall.Errno = 11023
+	WSA_QOS_EUNKOWNPSOBJ                                                      syscall.Errno = 11024
+	WSA_QOS_EPOLICYOBJ                                                        syscall.Errno = 11025
+	WSA_QOS_EFLOWDESC                                                         syscall.Errno = 11026
+	WSA_QOS_EPSFLOWSPEC                                                       syscall.Errno = 11027
+	WSA_QOS_EPSFILTERSPEC                                                     syscall.Errno = 11028
+	WSA_QOS_ESDMODEOBJ                                                        syscall.Errno = 11029
+	WSA_QOS_ESHAPERATEOBJ                                                     syscall.Errno = 11030
+	WSA_QOS_RESERVED_PETYPE                                                   syscall.Errno = 11031
+	WSA_SECURE_HOST_NOT_FOUND                                                 syscall.Errno = 11032
+	WSA_IPSEC_NAME_POLICY_ERROR                                               syscall.Errno = 11033
+	ERROR_IPSEC_QM_POLICY_EXISTS                                              syscall.Errno = 13000
+	ERROR_IPSEC_QM_POLICY_NOT_FOUND                                           syscall.Errno = 13001
+	ERROR_IPSEC_QM_POLICY_IN_USE                                              syscall.Errno = 13002
+	ERROR_IPSEC_MM_POLICY_EXISTS                                              syscall.Errno = 13003
+	ERROR_IPSEC_MM_POLICY_NOT_FOUND                                           syscall.Errno = 13004
+	ERROR_IPSEC_MM_POLICY_IN_USE                                              syscall.Errno = 13005
+	ERROR_IPSEC_MM_FILTER_EXISTS                                              syscall.Errno = 13006
+	ERROR_IPSEC_MM_FILTER_NOT_FOUND                                           syscall.Errno = 13007
+	ERROR_IPSEC_TRANSPORT_FILTER_EXISTS                                       syscall.Errno = 13008
+	ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND                                    syscall.Errno = 13009
+	ERROR_IPSEC_MM_AUTH_EXISTS                                                syscall.Errno = 13010
+	ERROR_IPSEC_MM_AUTH_NOT_FOUND                                             syscall.Errno = 13011
+	ERROR_IPSEC_MM_AUTH_IN_USE                                                syscall.Errno = 13012
+	ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND                                   syscall.Errno = 13013
+	ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND                                     syscall.Errno = 13014
+	ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND                                   syscall.Errno = 13015
+	ERROR_IPSEC_TUNNEL_FILTER_EXISTS                                          syscall.Errno = 13016
+	ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND                                       syscall.Errno = 13017
+	ERROR_IPSEC_MM_FILTER_PENDING_DELETION                                    syscall.Errno = 13018
+	ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION                             syscall.Errno = 13019
+	ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION                                syscall.Errno = 13020
+	ERROR_IPSEC_MM_POLICY_PENDING_DELETION                                    syscall.Errno = 13021
+	ERROR_IPSEC_MM_AUTH_PENDING_DELETION                                      syscall.Errno = 13022
+	ERROR_IPSEC_QM_POLICY_PENDING_DELETION                                    syscall.Errno = 13023
+	WARNING_IPSEC_MM_POLICY_PRUNED                                            syscall.Errno = 13024
+	WARNING_IPSEC_QM_POLICY_PRUNED                                            syscall.Errno = 13025
+	ERROR_IPSEC_IKE_NEG_STATUS_BEGIN                                          syscall.Errno = 13800
+	ERROR_IPSEC_IKE_AUTH_FAIL                                                 syscall.Errno = 13801
+	ERROR_IPSEC_IKE_ATTRIB_FAIL                                               syscall.Errno = 13802
+	ERROR_IPSEC_IKE_NEGOTIATION_PENDING                                       syscall.Errno = 13803
+	ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR                                  syscall.Errno = 13804
+	ERROR_IPSEC_IKE_TIMED_OUT                                                 syscall.Errno = 13805
+	ERROR_IPSEC_IKE_NO_CERT                                                   syscall.Errno = 13806
+	ERROR_IPSEC_IKE_SA_DELETED                                                syscall.Errno = 13807
+	ERROR_IPSEC_IKE_SA_REAPED                                                 syscall.Errno = 13808
+	ERROR_IPSEC_IKE_MM_ACQUIRE_DROP                                           syscall.Errno = 13809
+	ERROR_IPSEC_IKE_QM_ACQUIRE_DROP                                           syscall.Errno = 13810
+	ERROR_IPSEC_IKE_QUEUE_DROP_MM                                             syscall.Errno = 13811
+	ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM                                          syscall.Errno = 13812
+	ERROR_IPSEC_IKE_DROP_NO_RESPONSE                                          syscall.Errno = 13813
+	ERROR_IPSEC_IKE_MM_DELAY_DROP                                             syscall.Errno = 13814
+	ERROR_IPSEC_IKE_QM_DELAY_DROP                                             syscall.Errno = 13815
+	ERROR_IPSEC_IKE_ERROR                                                     syscall.Errno = 13816
+	ERROR_IPSEC_IKE_CRL_FAILED                                                syscall.Errno = 13817
+	ERROR_IPSEC_IKE_INVALID_KEY_USAGE                                         syscall.Errno = 13818
+	ERROR_IPSEC_IKE_INVALID_CERT_TYPE                                         syscall.Errno = 13819
+	ERROR_IPSEC_IKE_NO_PRIVATE_KEY                                            syscall.Errno = 13820
+	ERROR_IPSEC_IKE_SIMULTANEOUS_REKEY                                        syscall.Errno = 13821
+	ERROR_IPSEC_IKE_DH_FAIL                                                   syscall.Errno = 13822
+	ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED                           syscall.Errno = 13823
+	ERROR_IPSEC_IKE_INVALID_HEADER                                            syscall.Errno = 13824
+	ERROR_IPSEC_IKE_NO_POLICY                                                 syscall.Errno = 13825
+	ERROR_IPSEC_IKE_INVALID_SIGNATURE                                         syscall.Errno = 13826
+	ERROR_IPSEC_IKE_KERBEROS_ERROR                                            syscall.Errno = 13827
+	ERROR_IPSEC_IKE_NO_PUBLIC_KEY                                             syscall.Errno = 13828
+	ERROR_IPSEC_IKE_PROCESS_ERR                                               syscall.Errno = 13829
+	ERROR_IPSEC_IKE_PROCESS_ERR_SA                                            syscall.Errno = 13830
+	ERROR_IPSEC_IKE_PROCESS_ERR_PROP                                          syscall.Errno = 13831
+	ERROR_IPSEC_IKE_PROCESS_ERR_TRANS                                         syscall.Errno = 13832
+	ERROR_IPSEC_IKE_PROCESS_ERR_KE                                            syscall.Errno = 13833
+	ERROR_IPSEC_IKE_PROCESS_ERR_ID                                            syscall.Errno = 13834
+	ERROR_IPSEC_IKE_PROCESS_ERR_CERT                                          syscall.Errno = 13835
+	ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ                                      syscall.Errno = 13836
+	ERROR_IPSEC_IKE_PROCESS_ERR_HASH                                          syscall.Errno = 13837
+	ERROR_IPSEC_IKE_PROCESS_ERR_SIG                                           syscall.Errno = 13838
+	ERROR_IPSEC_IKE_PROCESS_ERR_NONCE                                         syscall.Errno = 13839
+	ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY                                        syscall.Errno = 13840
+	ERROR_IPSEC_IKE_PROCESS_ERR_DELETE                                        syscall.Errno = 13841
+	ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR                                        syscall.Errno = 13842
+	ERROR_IPSEC_IKE_INVALID_PAYLOAD                                           syscall.Errno = 13843
+	ERROR_IPSEC_IKE_LOAD_SOFT_SA                                              syscall.Errno = 13844
+	ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN                                         syscall.Errno = 13845
+	ERROR_IPSEC_IKE_INVALID_COOKIE                                            syscall.Errno = 13846
+	ERROR_IPSEC_IKE_NO_PEER_CERT                                              syscall.Errno = 13847
+	ERROR_IPSEC_IKE_PEER_CRL_FAILED                                           syscall.Errno = 13848
+	ERROR_IPSEC_IKE_POLICY_CHANGE                                             syscall.Errno = 13849
+	ERROR_IPSEC_IKE_NO_MM_POLICY                                              syscall.Errno = 13850
+	ERROR_IPSEC_IKE_NOTCBPRIV                                                 syscall.Errno = 13851
+	ERROR_IPSEC_IKE_SECLOADFAIL                                               syscall.Errno = 13852
+	ERROR_IPSEC_IKE_FAILSSPINIT                                               syscall.Errno = 13853
+	ERROR_IPSEC_IKE_FAILQUERYSSP                                              syscall.Errno = 13854
+	ERROR_IPSEC_IKE_SRVACQFAIL                                                syscall.Errno = 13855
+	ERROR_IPSEC_IKE_SRVQUERYCRED                                              syscall.Errno = 13856
+	ERROR_IPSEC_IKE_GETSPIFAIL                                                syscall.Errno = 13857
+	ERROR_IPSEC_IKE_INVALID_FILTER                                            syscall.Errno = 13858
+	ERROR_IPSEC_IKE_OUT_OF_MEMORY                                             syscall.Errno = 13859
+	ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED                                     syscall.Errno = 13860
+	ERROR_IPSEC_IKE_INVALID_POLICY                                            syscall.Errno = 13861
+	ERROR_IPSEC_IKE_UNKNOWN_DOI                                               syscall.Errno = 13862
+	ERROR_IPSEC_IKE_INVALID_SITUATION                                         syscall.Errno = 13863
+	ERROR_IPSEC_IKE_DH_FAILURE                                                syscall.Errno = 13864
+	ERROR_IPSEC_IKE_INVALID_GROUP                                             syscall.Errno = 13865
+	ERROR_IPSEC_IKE_ENCRYPT                                                   syscall.Errno = 13866
+	ERROR_IPSEC_IKE_DECRYPT                                                   syscall.Errno = 13867
+	ERROR_IPSEC_IKE_POLICY_MATCH                                              syscall.Errno = 13868
+	ERROR_IPSEC_IKE_UNSUPPORTED_ID                                            syscall.Errno = 13869
+	ERROR_IPSEC_IKE_INVALID_HASH                                              syscall.Errno = 13870
+	ERROR_IPSEC_IKE_INVALID_HASH_ALG                                          syscall.Errno = 13871
+	ERROR_IPSEC_IKE_INVALID_HASH_SIZE                                         syscall.Errno = 13872
+	ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG                                       syscall.Errno = 13873
+	ERROR_IPSEC_IKE_INVALID_AUTH_ALG                                          syscall.Errno = 13874
+	ERROR_IPSEC_IKE_INVALID_SIG                                               syscall.Errno = 13875
+	ERROR_IPSEC_IKE_LOAD_FAILED                                               syscall.Errno = 13876
+	ERROR_IPSEC_IKE_RPC_DELETE                                                syscall.Errno = 13877
+	ERROR_IPSEC_IKE_BENIGN_REINIT                                             syscall.Errno = 13878
+	ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY                         syscall.Errno = 13879
+	ERROR_IPSEC_IKE_INVALID_MAJOR_VERSION                                     syscall.Errno = 13880
+	ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN                                       syscall.Errno = 13881
+	ERROR_IPSEC_IKE_MM_LIMIT                                                  syscall.Errno = 13882
+	ERROR_IPSEC_IKE_NEGOTIATION_DISABLED                                      syscall.Errno = 13883
+	ERROR_IPSEC_IKE_QM_LIMIT                                                  syscall.Errno = 13884
+	ERROR_IPSEC_IKE_MM_EXPIRED                                                syscall.Errno = 13885
+	ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID                                   syscall.Errno = 13886
+	ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH                                syscall.Errno = 13887
+	ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID                                     syscall.Errno = 13888
+	ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD                                      syscall.Errno = 13889
+	ERROR_IPSEC_IKE_DOS_COOKIE_SENT                                           syscall.Errno = 13890
+	ERROR_IPSEC_IKE_SHUTTING_DOWN                                             syscall.Errno = 13891
+	ERROR_IPSEC_IKE_CGA_AUTH_FAILED                                           syscall.Errno = 13892
+	ERROR_IPSEC_IKE_PROCESS_ERR_NATOA                                         syscall.Errno = 13893
+	ERROR_IPSEC_IKE_INVALID_MM_FOR_QM                                         syscall.Errno = 13894
+	ERROR_IPSEC_IKE_QM_EXPIRED                                                syscall.Errno = 13895
+	ERROR_IPSEC_IKE_TOO_MANY_FILTERS                                          syscall.Errno = 13896
+	ERROR_IPSEC_IKE_NEG_STATUS_END                                            syscall.Errno = 13897
+	ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL                                     syscall.Errno = 13898
+	ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE                               syscall.Errno = 13899
+	ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING                                syscall.Errno = 13900
+	ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING                  syscall.Errno = 13901
+	ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS                                      syscall.Errno = 13902
+	ERROR_IPSEC_IKE_RATELIMIT_DROP                                            syscall.Errno = 13903
+	ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE                                syscall.Errno = 13904
+	ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE                                     syscall.Errno = 13905
+	ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE                         syscall.Errno = 13906
+	ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY                 syscall.Errno = 13907
+	ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE             syscall.Errno = 13908
+	ERROR_IPSEC_IKE_NEG_STATUS_EXTENDED_END                                   syscall.Errno = 13909
+	ERROR_IPSEC_BAD_SPI                                                       syscall.Errno = 13910
+	ERROR_IPSEC_SA_LIFETIME_EXPIRED                                           syscall.Errno = 13911
+	ERROR_IPSEC_WRONG_SA                                                      syscall.Errno = 13912
+	ERROR_IPSEC_REPLAY_CHECK_FAILED                                           syscall.Errno = 13913
+	ERROR_IPSEC_INVALID_PACKET                                                syscall.Errno = 13914
+	ERROR_IPSEC_INTEGRITY_CHECK_FAILED                                        syscall.Errno = 13915
+	ERROR_IPSEC_CLEAR_TEXT_DROP                                               syscall.Errno = 13916
+	ERROR_IPSEC_AUTH_FIREWALL_DROP                                            syscall.Errno = 13917
+	ERROR_IPSEC_THROTTLE_DROP                                                 syscall.Errno = 13918
+	ERROR_IPSEC_DOSP_BLOCK                                                    syscall.Errno = 13925
+	ERROR_IPSEC_DOSP_RECEIVED_MULTICAST                                       syscall.Errno = 13926
+	ERROR_IPSEC_DOSP_INVALID_PACKET                                           syscall.Errno = 13927
+	ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED                                      syscall.Errno = 13928
+	ERROR_IPSEC_DOSP_MAX_ENTRIES                                              syscall.Errno = 13929
+	ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED                                       syscall.Errno = 13930
+	ERROR_IPSEC_DOSP_NOT_INSTALLED                                            syscall.Errno = 13931
+	ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES                              syscall.Errno = 13932
+	ERROR_SXS_SECTION_NOT_FOUND                                               syscall.Errno = 14000
+	ERROR_SXS_CANT_GEN_ACTCTX                                                 syscall.Errno = 14001
+	ERROR_SXS_INVALID_ACTCTXDATA_FORMAT                                       syscall.Errno = 14002
+	ERROR_SXS_ASSEMBLY_NOT_FOUND                                              syscall.Errno = 14003
+	ERROR_SXS_MANIFEST_FORMAT_ERROR                                           syscall.Errno = 14004
+	ERROR_SXS_MANIFEST_PARSE_ERROR                                            syscall.Errno = 14005
+	ERROR_SXS_ACTIVATION_CONTEXT_DISABLED                                     syscall.Errno = 14006
+	ERROR_SXS_KEY_NOT_FOUND                                                   syscall.Errno = 14007
+	ERROR_SXS_VERSION_CONFLICT                                                syscall.Errno = 14008
+	ERROR_SXS_WRONG_SECTION_TYPE                                              syscall.Errno = 14009
+	ERROR_SXS_THREAD_QUERIES_DISABLED                                         syscall.Errno = 14010
+	ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET                                     syscall.Errno = 14011
+	ERROR_SXS_UNKNOWN_ENCODING_GROUP                                          syscall.Errno = 14012
+	ERROR_SXS_UNKNOWN_ENCODING                                                syscall.Errno = 14013
+	ERROR_SXS_INVALID_XML_NAMESPACE_URI                                       syscall.Errno = 14014
+	ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED                          syscall.Errno = 14015
+	ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED                          syscall.Errno = 14016
+	ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE                             syscall.Errno = 14017
+	ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE                     syscall.Errno = 14018
+	ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE                     syscall.Errno = 14019
+	ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT                  syscall.Errno = 14020
+	ERROR_SXS_DUPLICATE_DLL_NAME                                              syscall.Errno = 14021
+	ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME                                      syscall.Errno = 14022
+	ERROR_SXS_DUPLICATE_CLSID                                                 syscall.Errno = 14023
+	ERROR_SXS_DUPLICATE_IID                                                   syscall.Errno = 14024
+	ERROR_SXS_DUPLICATE_TLBID                                                 syscall.Errno = 14025
+	ERROR_SXS_DUPLICATE_PROGID                                                syscall.Errno = 14026
+	ERROR_SXS_DUPLICATE_ASSEMBLY_NAME                                         syscall.Errno = 14027
+	ERROR_SXS_FILE_HASH_MISMATCH                                              syscall.Errno = 14028
+	ERROR_SXS_POLICY_PARSE_ERROR                                              syscall.Errno = 14029
+	ERROR_SXS_XML_E_MISSINGQUOTE                                              syscall.Errno = 14030
+	ERROR_SXS_XML_E_COMMENTSYNTAX                                             syscall.Errno = 14031
+	ERROR_SXS_XML_E_BADSTARTNAMECHAR                                          syscall.Errno = 14032
+	ERROR_SXS_XML_E_BADNAMECHAR                                               syscall.Errno = 14033
+	ERROR_SXS_XML_E_BADCHARINSTRING                                           syscall.Errno = 14034
+	ERROR_SXS_XML_E_XMLDECLSYNTAX                                             syscall.Errno = 14035
+	ERROR_SXS_XML_E_BADCHARDATA                                               syscall.Errno = 14036
+	ERROR_SXS_XML_E_MISSINGWHITESPACE                                         syscall.Errno = 14037
+	ERROR_SXS_XML_E_EXPECTINGTAGEND                                           syscall.Errno = 14038
+	ERROR_SXS_XML_E_MISSINGSEMICOLON                                          syscall.Errno = 14039
+	ERROR_SXS_XML_E_UNBALANCEDPAREN                                           syscall.Errno = 14040
+	ERROR_SXS_XML_E_INTERNALERROR                                             syscall.Errno = 14041
+	ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE                                     syscall.Errno = 14042
+	ERROR_SXS_XML_E_INCOMPLETE_ENCODING                                       syscall.Errno = 14043
+	ERROR_SXS_XML_E_MISSING_PAREN                                             syscall.Errno = 14044
+	ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE                                       syscall.Errno = 14045
+	ERROR_SXS_XML_E_MULTIPLE_COLONS                                           syscall.Errno = 14046
+	ERROR_SXS_XML_E_INVALID_DECIMAL                                           syscall.Errno = 14047
+	ERROR_SXS_XML_E_INVALID_HEXIDECIMAL                                       syscall.Errno = 14048
+	ERROR_SXS_XML_E_INVALID_UNICODE                                           syscall.Errno = 14049
+	ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK                                  syscall.Errno = 14050
+	ERROR_SXS_XML_E_UNEXPECTEDENDTAG                                          syscall.Errno = 14051
+	ERROR_SXS_XML_E_UNCLOSEDTAG                                               syscall.Errno = 14052
+	ERROR_SXS_XML_E_DUPLICATEATTRIBUTE                                        syscall.Errno = 14053
+	ERROR_SXS_XML_E_MULTIPLEROOTS                                             syscall.Errno = 14054
+	ERROR_SXS_XML_E_INVALIDATROOTLEVEL                                        syscall.Errno = 14055
+	ERROR_SXS_XML_E_BADXMLDECL                                                syscall.Errno = 14056
+	ERROR_SXS_XML_E_MISSINGROOT                                               syscall.Errno = 14057
+	ERROR_SXS_XML_E_UNEXPECTEDEOF                                             syscall.Errno = 14058
+	ERROR_SXS_XML_E_BADPEREFINSUBSET                                          syscall.Errno = 14059
+	ERROR_SXS_XML_E_UNCLOSEDSTARTTAG                                          syscall.Errno = 14060
+	ERROR_SXS_XML_E_UNCLOSEDENDTAG                                            syscall.Errno = 14061
+	ERROR_SXS_XML_E_UNCLOSEDSTRING                                            syscall.Errno = 14062
+	ERROR_SXS_XML_E_UNCLOSEDCOMMENT                                           syscall.Errno = 14063
+	ERROR_SXS_XML_E_UNCLOSEDDECL                                              syscall.Errno = 14064
+	ERROR_SXS_XML_E_UNCLOSEDCDATA                                             syscall.Errno = 14065
+	ERROR_SXS_XML_E_RESERVEDNAMESPACE                                         syscall.Errno = 14066
+	ERROR_SXS_XML_E_INVALIDENCODING                                           syscall.Errno = 14067
+	ERROR_SXS_XML_E_INVALIDSWITCH                                             syscall.Errno = 14068
+	ERROR_SXS_XML_E_BADXMLCASE                                                syscall.Errno = 14069
+	ERROR_SXS_XML_E_INVALID_STANDALONE                                        syscall.Errno = 14070
+	ERROR_SXS_XML_E_UNEXPECTED_STANDALONE                                     syscall.Errno = 14071
+	ERROR_SXS_XML_E_INVALID_VERSION                                           syscall.Errno = 14072
+	ERROR_SXS_XML_E_MISSINGEQUALS                                             syscall.Errno = 14073
+	ERROR_SXS_PROTECTION_RECOVERY_FAILED                                      syscall.Errno = 14074
+	ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT                                 syscall.Errno = 14075
+	ERROR_SXS_PROTECTION_CATALOG_NOT_VALID                                    syscall.Errno = 14076
+	ERROR_SXS_UNTRANSLATABLE_HRESULT                                          syscall.Errno = 14077
+	ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING                                 syscall.Errno = 14078
+	ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE                             syscall.Errno = 14079
+	ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME                        syscall.Errno = 14080
+	ERROR_SXS_ASSEMBLY_MISSING                                                syscall.Errno = 14081
+	ERROR_SXS_CORRUPT_ACTIVATION_STACK                                        syscall.Errno = 14082
+	ERROR_SXS_CORRUPTION                                                      syscall.Errno = 14083
+	ERROR_SXS_EARLY_DEACTIVATION                                              syscall.Errno = 14084
+	ERROR_SXS_INVALID_DEACTIVATION                                            syscall.Errno = 14085
+	ERROR_SXS_MULTIPLE_DEACTIVATION                                           syscall.Errno = 14086
+	ERROR_SXS_PROCESS_TERMINATION_REQUESTED                                   syscall.Errno = 14087
+	ERROR_SXS_RELEASE_ACTIVATION_CONTEXT                                      syscall.Errno = 14088
+	ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY                         syscall.Errno = 14089
+	ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE                                syscall.Errno = 14090
+	ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME                                 syscall.Errno = 14091
+	ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE                                    syscall.Errno = 14092
+	ERROR_SXS_IDENTITY_PARSE_ERROR                                            syscall.Errno = 14093
+	ERROR_MALFORMED_SUBSTITUTION_STRING                                       syscall.Errno = 14094
+	ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN                                      syscall.Errno = 14095
+	ERROR_UNMAPPED_SUBSTITUTION_STRING                                        syscall.Errno = 14096
+	ERROR_SXS_ASSEMBLY_NOT_LOCKED                                             syscall.Errno = 14097
+	ERROR_SXS_COMPONENT_STORE_CORRUPT                                         syscall.Errno = 14098
+	ERROR_ADVANCED_INSTALLER_FAILED                                           syscall.Errno = 14099
+	ERROR_XML_ENCODING_MISMATCH                                               syscall.Errno = 14100
+	ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT                   syscall.Errno = 14101
+	ERROR_SXS_IDENTITIES_DIFFERENT                                            syscall.Errno = 14102
+	ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT                                    syscall.Errno = 14103
+	ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY                                       syscall.Errno = 14104
+	ERROR_SXS_MANIFEST_TOO_BIG                                                syscall.Errno = 14105
+	ERROR_SXS_SETTING_NOT_REGISTERED                                          syscall.Errno = 14106
+	ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE                                  syscall.Errno = 14107
+	ERROR_SMI_PRIMITIVE_INSTALLER_FAILED                                      syscall.Errno = 14108
+	ERROR_GENERIC_COMMAND_FAILED                                              syscall.Errno = 14109
+	ERROR_SXS_FILE_HASH_MISSING                                               syscall.Errno = 14110
+	ERROR_SXS_DUPLICATE_ACTIVATABLE_CLASS                                     syscall.Errno = 14111
+	ERROR_EVT_INVALID_CHANNEL_PATH                                            syscall.Errno = 15000
+	ERROR_EVT_INVALID_QUERY                                                   syscall.Errno = 15001
+	ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND                                    syscall.Errno = 15002
+	ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND                                        syscall.Errno = 15003
+	ERROR_EVT_INVALID_PUBLISHER_NAME                                          syscall.Errno = 15004
+	ERROR_EVT_INVALID_EVENT_DATA                                              syscall.Errno = 15005
+	ERROR_EVT_CHANNEL_NOT_FOUND                                               syscall.Errno = 15007
+	ERROR_EVT_MALFORMED_XML_TEXT                                              syscall.Errno = 15008
+	ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL                                  syscall.Errno = 15009
+	ERROR_EVT_CONFIGURATION_ERROR                                             syscall.Errno = 15010
+	ERROR_EVT_QUERY_RESULT_STALE                                              syscall.Errno = 15011
+	ERROR_EVT_QUERY_RESULT_INVALID_POSITION                                   syscall.Errno = 15012
+	ERROR_EVT_NON_VALIDATING_MSXML                                            syscall.Errno = 15013
+	ERROR_EVT_FILTER_ALREADYSCOPED                                            syscall.Errno = 15014
+	ERROR_EVT_FILTER_NOTELTSET                                                syscall.Errno = 15015
+	ERROR_EVT_FILTER_INVARG                                                   syscall.Errno = 15016
+	ERROR_EVT_FILTER_INVTEST                                                  syscall.Errno = 15017
+	ERROR_EVT_FILTER_INVTYPE                                                  syscall.Errno = 15018
+	ERROR_EVT_FILTER_PARSEERR                                                 syscall.Errno = 15019
+	ERROR_EVT_FILTER_UNSUPPORTEDOP                                            syscall.Errno = 15020
+	ERROR_EVT_FILTER_UNEXPECTEDTOKEN                                          syscall.Errno = 15021
+	ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL                   syscall.Errno = 15022
+	ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE                                  syscall.Errno = 15023
+	ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE                                syscall.Errno = 15024
+	ERROR_EVT_CHANNEL_CANNOT_ACTIVATE                                         syscall.Errno = 15025
+	ERROR_EVT_FILTER_TOO_COMPLEX                                              syscall.Errno = 15026
+	ERROR_EVT_MESSAGE_NOT_FOUND                                               syscall.Errno = 15027
+	ERROR_EVT_MESSAGE_ID_NOT_FOUND                                            syscall.Errno = 15028
+	ERROR_EVT_UNRESOLVED_VALUE_INSERT                                         syscall.Errno = 15029
+	ERROR_EVT_UNRESOLVED_PARAMETER_INSERT                                     syscall.Errno = 15030
+	ERROR_EVT_MAX_INSERTS_REACHED                                             syscall.Errno = 15031
+	ERROR_EVT_EVENT_DEFINITION_NOT_FOUND                                      syscall.Errno = 15032
+	ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND                                        syscall.Errno = 15033
+	ERROR_EVT_VERSION_TOO_OLD                                                 syscall.Errno = 15034
+	ERROR_EVT_VERSION_TOO_NEW                                                 syscall.Errno = 15035
+	ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY                                    syscall.Errno = 15036
+	ERROR_EVT_PUBLISHER_DISABLED                                              syscall.Errno = 15037
+	ERROR_EVT_FILTER_OUT_OF_RANGE                                             syscall.Errno = 15038
+	ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE                                     syscall.Errno = 15080
+	ERROR_EC_LOG_DISABLED                                                     syscall.Errno = 15081
+	ERROR_EC_CIRCULAR_FORWARDING                                              syscall.Errno = 15082
+	ERROR_EC_CREDSTORE_FULL                                                   syscall.Errno = 15083
+	ERROR_EC_CRED_NOT_FOUND                                                   syscall.Errno = 15084
+	ERROR_EC_NO_ACTIVE_CHANNEL                                                syscall.Errno = 15085
+	ERROR_MUI_FILE_NOT_FOUND                                                  syscall.Errno = 15100
+	ERROR_MUI_INVALID_FILE                                                    syscall.Errno = 15101
+	ERROR_MUI_INVALID_RC_CONFIG                                               syscall.Errno = 15102
+	ERROR_MUI_INVALID_LOCALE_NAME                                             syscall.Errno = 15103
+	ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME                                   syscall.Errno = 15104
+	ERROR_MUI_FILE_NOT_LOADED                                                 syscall.Errno = 15105
+	ERROR_RESOURCE_ENUM_USER_STOP                                             syscall.Errno = 15106
+	ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED                               syscall.Errno = 15107
+	ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME                                syscall.Errno = 15108
+	ERROR_MRM_RUNTIME_NO_DEFAULT_OR_NEUTRAL_RESOURCE                          syscall.Errno = 15110
+	ERROR_MRM_INVALID_PRICONFIG                                               syscall.Errno = 15111
+	ERROR_MRM_INVALID_FILE_TYPE                                               syscall.Errno = 15112
+	ERROR_MRM_UNKNOWN_QUALIFIER                                               syscall.Errno = 15113
+	ERROR_MRM_INVALID_QUALIFIER_VALUE                                         syscall.Errno = 15114
+	ERROR_MRM_NO_CANDIDATE                                                    syscall.Errno = 15115
+	ERROR_MRM_NO_MATCH_OR_DEFAULT_CANDIDATE                                   syscall.Errno = 15116
+	ERROR_MRM_RESOURCE_TYPE_MISMATCH                                          syscall.Errno = 15117
+	ERROR_MRM_DUPLICATE_MAP_NAME                                              syscall.Errno = 15118
+	ERROR_MRM_DUPLICATE_ENTRY                                                 syscall.Errno = 15119
+	ERROR_MRM_INVALID_RESOURCE_IDENTIFIER                                     syscall.Errno = 15120
+	ERROR_MRM_FILEPATH_TOO_LONG                                               syscall.Errno = 15121
+	ERROR_MRM_UNSUPPORTED_DIRECTORY_TYPE                                      syscall.Errno = 15122
+	ERROR_MRM_INVALID_PRI_FILE                                                syscall.Errno = 15126
+	ERROR_MRM_NAMED_RESOURCE_NOT_FOUND                                        syscall.Errno = 15127
+	ERROR_MRM_MAP_NOT_FOUND                                                   syscall.Errno = 15135
+	ERROR_MRM_UNSUPPORTED_PROFILE_TYPE                                        syscall.Errno = 15136
+	ERROR_MRM_INVALID_QUALIFIER_OPERATOR                                      syscall.Errno = 15137
+	ERROR_MRM_INDETERMINATE_QUALIFIER_VALUE                                   syscall.Errno = 15138
+	ERROR_MRM_AUTOMERGE_ENABLED                                               syscall.Errno = 15139
+	ERROR_MRM_TOO_MANY_RESOURCES                                              syscall.Errno = 15140
+	ERROR_MRM_UNSUPPORTED_FILE_TYPE_FOR_MERGE                                 syscall.Errno = 15141
+	ERROR_MRM_UNSUPPORTED_FILE_TYPE_FOR_LOAD_UNLOAD_PRI_FILE                  syscall.Errno = 15142
+	ERROR_MRM_NO_CURRENT_VIEW_ON_THREAD                                       syscall.Errno = 15143
+	ERROR_DIFFERENT_PROFILE_RESOURCE_MANAGER_EXIST                            syscall.Errno = 15144
+	ERROR_OPERATION_NOT_ALLOWED_FROM_SYSTEM_COMPONENT                         syscall.Errno = 15145
+	ERROR_MRM_DIRECT_REF_TO_NON_DEFAULT_RESOURCE                              syscall.Errno = 15146
+	ERROR_MRM_GENERATION_COUNT_MISMATCH                                       syscall.Errno = 15147
+	ERROR_PRI_MERGE_VERSION_MISMATCH                                          syscall.Errno = 15148
+	ERROR_PRI_MERGE_MISSING_SCHEMA                                            syscall.Errno = 15149
+	ERROR_PRI_MERGE_LOAD_FILE_FAILED                                          syscall.Errno = 15150
+	ERROR_PRI_MERGE_ADD_FILE_FAILED                                           syscall.Errno = 15151
+	ERROR_PRI_MERGE_WRITE_FILE_FAILED                                         syscall.Errno = 15152
+	ERROR_PRI_MERGE_MULTIPLE_PACKAGE_FAMILIES_NOT_ALLOWED                     syscall.Errno = 15153
+	ERROR_PRI_MERGE_MULTIPLE_MAIN_PACKAGES_NOT_ALLOWED                        syscall.Errno = 15154
+	ERROR_PRI_MERGE_BUNDLE_PACKAGES_NOT_ALLOWED                               syscall.Errno = 15155
+	ERROR_PRI_MERGE_MAIN_PACKAGE_REQUIRED                                     syscall.Errno = 15156
+	ERROR_PRI_MERGE_RESOURCE_PACKAGE_REQUIRED                                 syscall.Errno = 15157
+	ERROR_PRI_MERGE_INVALID_FILE_NAME                                         syscall.Errno = 15158
+	ERROR_MRM_PACKAGE_NOT_FOUND                                               syscall.Errno = 15159
+	ERROR_MRM_MISSING_DEFAULT_LANGUAGE                                        syscall.Errno = 15160
+	ERROR_MCA_INVALID_CAPABILITIES_STRING                                     syscall.Errno = 15200
+	ERROR_MCA_INVALID_VCP_VERSION                                             syscall.Errno = 15201
+	ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION                             syscall.Errno = 15202
+	ERROR_MCA_MCCS_VERSION_MISMATCH                                           syscall.Errno = 15203
+	ERROR_MCA_UNSUPPORTED_MCCS_VERSION                                        syscall.Errno = 15204
+	ERROR_MCA_INTERNAL_ERROR                                                  syscall.Errno = 15205
+	ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED                                syscall.Errno = 15206
+	ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE                                   syscall.Errno = 15207
+	ERROR_AMBIGUOUS_SYSTEM_DEVICE                                             syscall.Errno = 15250
+	ERROR_SYSTEM_DEVICE_NOT_FOUND                                             syscall.Errno = 15299
+	ERROR_HASH_NOT_SUPPORTED                                                  syscall.Errno = 15300
+	ERROR_HASH_NOT_PRESENT                                                    syscall.Errno = 15301
+	ERROR_SECONDARY_IC_PROVIDER_NOT_REGISTERED                                syscall.Errno = 15321
+	ERROR_GPIO_CLIENT_INFORMATION_INVALID                                     syscall.Errno = 15322
+	ERROR_GPIO_VERSION_NOT_SUPPORTED                                          syscall.Errno = 15323
+	ERROR_GPIO_INVALID_REGISTRATION_PACKET                                    syscall.Errno = 15324
+	ERROR_GPIO_OPERATION_DENIED                                               syscall.Errno = 15325
+	ERROR_GPIO_INCOMPATIBLE_CONNECT_MODE                                      syscall.Errno = 15326
+	ERROR_GPIO_INTERRUPT_ALREADY_UNMASKED                                     syscall.Errno = 15327
+	ERROR_CANNOT_SWITCH_RUNLEVEL                                              syscall.Errno = 15400
+	ERROR_INVALID_RUNLEVEL_SETTING                                            syscall.Errno = 15401
+	ERROR_RUNLEVEL_SWITCH_TIMEOUT                                             syscall.Errno = 15402
+	ERROR_RUNLEVEL_SWITCH_AGENT_TIMEOUT                                       syscall.Errno = 15403
+	ERROR_RUNLEVEL_SWITCH_IN_PROGRESS                                         syscall.Errno = 15404
+	ERROR_SERVICES_FAILED_AUTOSTART                                           syscall.Errno = 15405
+	ERROR_COM_TASK_STOP_PENDING                                               syscall.Errno = 15501
+	ERROR_INSTALL_OPEN_PACKAGE_FAILED                                         syscall.Errno = 15600
+	ERROR_INSTALL_PACKAGE_NOT_FOUND                                           syscall.Errno = 15601
+	ERROR_INSTALL_INVALID_PACKAGE                                             syscall.Errno = 15602
+	ERROR_INSTALL_RESOLVE_DEPENDENCY_FAILED                                   syscall.Errno = 15603
+	ERROR_INSTALL_OUT_OF_DISK_SPACE                                           syscall.Errno = 15604
+	ERROR_INSTALL_NETWORK_FAILURE                                             syscall.Errno = 15605
+	ERROR_INSTALL_REGISTRATION_FAILURE                                        syscall.Errno = 15606
+	ERROR_INSTALL_DEREGISTRATION_FAILURE                                      syscall.Errno = 15607
+	ERROR_INSTALL_CANCEL                                                      syscall.Errno = 15608
+	ERROR_INSTALL_FAILED                                                      syscall.Errno = 15609
+	ERROR_REMOVE_FAILED                                                       syscall.Errno = 15610
+	ERROR_PACKAGE_ALREADY_EXISTS                                              syscall.Errno = 15611
+	ERROR_NEEDS_REMEDIATION                                                   syscall.Errno = 15612
+	ERROR_INSTALL_PREREQUISITE_FAILED                                         syscall.Errno = 15613
+	ERROR_PACKAGE_REPOSITORY_CORRUPTED                                        syscall.Errno = 15614
+	ERROR_INSTALL_POLICY_FAILURE                                              syscall.Errno = 15615
+	ERROR_PACKAGE_UPDATING                                                    syscall.Errno = 15616
+	ERROR_DEPLOYMENT_BLOCKED_BY_POLICY                                        syscall.Errno = 15617
+	ERROR_PACKAGES_IN_USE                                                     syscall.Errno = 15618
+	ERROR_RECOVERY_FILE_CORRUPT                                               syscall.Errno = 15619
+	ERROR_INVALID_STAGED_SIGNATURE                                            syscall.Errno = 15620
+	ERROR_DELETING_EXISTING_APPLICATIONDATA_STORE_FAILED                      syscall.Errno = 15621
+	ERROR_INSTALL_PACKAGE_DOWNGRADE                                           syscall.Errno = 15622
+	ERROR_SYSTEM_NEEDS_REMEDIATION                                            syscall.Errno = 15623
+	ERROR_APPX_INTEGRITY_FAILURE_CLR_NGEN                                     syscall.Errno = 15624
+	ERROR_RESILIENCY_FILE_CORRUPT                                             syscall.Errno = 15625
+	ERROR_INSTALL_FIREWALL_SERVICE_NOT_RUNNING                                syscall.Errno = 15626
+	ERROR_PACKAGE_MOVE_FAILED                                                 syscall.Errno = 15627
+	ERROR_INSTALL_VOLUME_NOT_EMPTY                                            syscall.Errno = 15628
+	ERROR_INSTALL_VOLUME_OFFLINE                                              syscall.Errno = 15629
+	ERROR_INSTALL_VOLUME_CORRUPT                                              syscall.Errno = 15630
+	ERROR_NEEDS_REGISTRATION                                                  syscall.Errno = 15631
+	ERROR_INSTALL_WRONG_PROCESSOR_ARCHITECTURE                                syscall.Errno = 15632
+	ERROR_DEV_SIDELOAD_LIMIT_EXCEEDED                                         syscall.Errno = 15633
+	ERROR_INSTALL_OPTIONAL_PACKAGE_REQUIRES_MAIN_PACKAGE                      syscall.Errno = 15634
+	ERROR_PACKAGE_NOT_SUPPORTED_ON_FILESYSTEM                                 syscall.Errno = 15635
+	ERROR_PACKAGE_MOVE_BLOCKED_BY_STREAMING                                   syscall.Errno = 15636
+	ERROR_INSTALL_OPTIONAL_PACKAGE_APPLICATIONID_NOT_UNIQUE                   syscall.Errno = 15637
+	ERROR_PACKAGE_STAGING_ONHOLD                                              syscall.Errno = 15638
+	ERROR_INSTALL_INVALID_RELATED_SET_UPDATE                                  syscall.Errno = 15639
+	ERROR_INSTALL_OPTIONAL_PACKAGE_REQUIRES_MAIN_PACKAGE_FULLTRUST_CAPABILITY syscall.Errno = 15640
+	ERROR_DEPLOYMENT_BLOCKED_BY_USER_LOG_OFF                                  syscall.Errno = 15641
+	ERROR_PROVISION_OPTIONAL_PACKAGE_REQUIRES_MAIN_PACKAGE_PROVISIONED        syscall.Errno = 15642
+	ERROR_PACKAGES_REPUTATION_CHECK_FAILED                                    syscall.Errno = 15643
+	ERROR_PACKAGES_REPUTATION_CHECK_TIMEDOUT                                  syscall.Errno = 15644
+	ERROR_DEPLOYMENT_OPTION_NOT_SUPPORTED                                     syscall.Errno = 15645
+	ERROR_APPINSTALLER_ACTIVATION_BLOCKED                                     syscall.Errno = 15646
+	ERROR_REGISTRATION_FROM_REMOTE_DRIVE_NOT_SUPPORTED                        syscall.Errno = 15647
+	ERROR_APPX_RAW_DATA_WRITE_FAILED                                          syscall.Errno = 15648
+	ERROR_DEPLOYMENT_BLOCKED_BY_VOLUME_POLICY_PACKAGE                         syscall.Errno = 15649
+	ERROR_DEPLOYMENT_BLOCKED_BY_VOLUME_POLICY_MACHINE                         syscall.Errno = 15650
+	ERROR_DEPLOYMENT_BLOCKED_BY_PROFILE_POLICY                                syscall.Errno = 15651
+	ERROR_DEPLOYMENT_FAILED_CONFLICTING_MUTABLE_PACKAGE_DIRECTORY             syscall.Errno = 15652
+	ERROR_SINGLETON_RESOURCE_INSTALLED_IN_ACTIVE_USER                         syscall.Errno = 15653
+	ERROR_DIFFERENT_VERSION_OF_PACKAGED_SERVICE_INSTALLED                     syscall.Errno = 15654
+	ERROR_SERVICE_EXISTS_AS_NON_PACKAGED_SERVICE                              syscall.Errno = 15655
+	ERROR_PACKAGED_SERVICE_REQUIRES_ADMIN_PRIVILEGES                          syscall.Errno = 15656
+	APPMODEL_ERROR_NO_PACKAGE                                                 syscall.Errno = 15700
+	APPMODEL_ERROR_PACKAGE_RUNTIME_CORRUPT                                    syscall.Errno = 15701
+	APPMODEL_ERROR_PACKAGE_IDENTITY_CORRUPT                                   syscall.Errno = 15702
+	APPMODEL_ERROR_NO_APPLICATION                                             syscall.Errno = 15703
+	APPMODEL_ERROR_DYNAMIC_PROPERTY_READ_FAILED                               syscall.Errno = 15704
+	APPMODEL_ERROR_DYNAMIC_PROPERTY_INVALID                                   syscall.Errno = 15705
+	APPMODEL_ERROR_PACKAGE_NOT_AVAILABLE                                      syscall.Errno = 15706
+	APPMODEL_ERROR_NO_MUTABLE_DIRECTORY                                       syscall.Errno = 15707
+	ERROR_STATE_LOAD_STORE_FAILED                                             syscall.Errno = 15800
+	ERROR_STATE_GET_VERSION_FAILED                                            syscall.Errno = 15801
+	ERROR_STATE_SET_VERSION_FAILED                                            syscall.Errno = 15802
+	ERROR_STATE_STRUCTURED_RESET_FAILED                                       syscall.Errno = 15803
+	ERROR_STATE_OPEN_CONTAINER_FAILED                                         syscall.Errno = 15804
+	ERROR_STATE_CREATE_CONTAINER_FAILED                                       syscall.Errno = 15805
+	ERROR_STATE_DELETE_CONTAINER_FAILED                                       syscall.Errno = 15806
+	ERROR_STATE_READ_SETTING_FAILED                                           syscall.Errno = 15807
+	ERROR_STATE_WRITE_SETTING_FAILED                                          syscall.Errno = 15808
+	ERROR_STATE_DELETE_SETTING_FAILED                                         syscall.Errno = 15809
+	ERROR_STATE_QUERY_SETTING_FAILED                                          syscall.Errno = 15810
+	ERROR_STATE_READ_COMPOSITE_SETTING_FAILED                                 syscall.Errno = 15811
+	ERROR_STATE_WRITE_COMPOSITE_SETTING_FAILED                                syscall.Errno = 15812
+	ERROR_STATE_ENUMERATE_CONTAINER_FAILED                                    syscall.Errno = 15813
+	ERROR_STATE_ENUMERATE_SETTINGS_FAILED                                     syscall.Errno = 15814
+	ERROR_STATE_COMPOSITE_SETTING_VALUE_SIZE_LIMIT_EXCEEDED                   syscall.Errno = 15815
+	ERROR_STATE_SETTING_VALUE_SIZE_LIMIT_EXCEEDED                             syscall.Errno = 15816
+	ERROR_STATE_SETTING_NAME_SIZE_LIMIT_EXCEEDED                              syscall.Errno = 15817
+	ERROR_STATE_CONTAINER_NAME_SIZE_LIMIT_EXCEEDED                            syscall.Errno = 15818
+	ERROR_API_UNAVAILABLE                                                     syscall.Errno = 15841
+	STORE_ERROR_UNLICENSED                                                    syscall.Errno = 15861
+	STORE_ERROR_UNLICENSED_USER                                               syscall.Errno = 15862
+	STORE_ERROR_PENDING_COM_TRANSACTION                                       syscall.Errno = 15863
+	STORE_ERROR_LICENSE_REVOKED                                               syscall.Errno = 15864
+	SEVERITY_SUCCESS                                                          syscall.Errno = 0
+	SEVERITY_ERROR                                                            syscall.Errno = 1
+	FACILITY_NT_BIT                                                                         = 0x10000000
+	E_NOT_SET                                                                               = ERROR_NOT_FOUND
+	E_NOT_VALID_STATE                                                                       = ERROR_INVALID_STATE
+	E_NOT_SUFFICIENT_BUFFER                                                                 = ERROR_INSUFFICIENT_BUFFER
+	E_TIME_SENSITIVE_THREAD                                                                 = ERROR_TIME_SENSITIVE_THREAD
+	E_NO_TASK_QUEUE                                                                         = ERROR_NO_TASK_QUEUE
+	NOERROR                                                                   syscall.Errno = 0
+	E_UNEXPECTED                                                              Handle        = 0x8000FFFF
+	E_NOTIMPL                                                                 Handle        = 0x80004001
+	E_OUTOFMEMORY                                                             Handle        = 0x8007000E
+	E_INVALIDARG                                                              Handle        = 0x80070057
+	E_NOINTERFACE                                                             Handle        = 0x80004002
+	E_POINTER                                                                 Handle        = 0x80004003
+	E_HANDLE                                                                  Handle        = 0x80070006
+	E_ABORT                                                                   Handle        = 0x80004004
+	E_FAIL                                                                    Handle        = 0x80004005
+	E_ACCESSDENIED                                                            Handle        = 0x80070005
+	E_PENDING                                                                 Handle        = 0x8000000A
+	E_BOUNDS                                                                  Handle        = 0x8000000B
+	E_CHANGED_STATE                                                           Handle        = 0x8000000C
+	E_ILLEGAL_STATE_CHANGE                                                    Handle        = 0x8000000D
+	E_ILLEGAL_METHOD_CALL                                                     Handle        = 0x8000000E
+	RO_E_METADATA_NAME_NOT_FOUND                                              Handle        = 0x8000000F
+	RO_E_METADATA_NAME_IS_NAMESPACE                                           Handle        = 0x80000010
+	RO_E_METADATA_INVALID_TYPE_FORMAT                                         Handle        = 0x80000011
+	RO_E_INVALID_METADATA_FILE                                                Handle        = 0x80000012
+	RO_E_CLOSED                                                               Handle        = 0x80000013
+	RO_E_EXCLUSIVE_WRITE                                                      Handle        = 0x80000014
+	RO_E_CHANGE_NOTIFICATION_IN_PROGRESS                                      Handle        = 0x80000015
+	RO_E_ERROR_STRING_NOT_FOUND                                               Handle        = 0x80000016
+	E_STRING_NOT_NULL_TERMINATED                                              Handle        = 0x80000017
+	E_ILLEGAL_DELEGATE_ASSIGNMENT                                             Handle        = 0x80000018
+	E_ASYNC_OPERATION_NOT_STARTED                                             Handle        = 0x80000019
+	E_APPLICATION_EXITING                                                     Handle        = 0x8000001A
+	E_APPLICATION_VIEW_EXITING                                                Handle        = 0x8000001B
+	RO_E_MUST_BE_AGILE                                                        Handle        = 0x8000001C
+	RO_E_UNSUPPORTED_FROM_MTA                                                 Handle        = 0x8000001D
+	RO_E_COMMITTED                                                            Handle        = 0x8000001E
+	RO_E_BLOCKED_CROSS_ASTA_CALL                                              Handle        = 0x8000001F
+	RO_E_CANNOT_ACTIVATE_FULL_TRUST_SERVER                                    Handle        = 0x80000020
+	RO_E_CANNOT_ACTIVATE_UNIVERSAL_APPLICATION_SERVER                         Handle        = 0x80000021
+	CO_E_INIT_TLS                                                             Handle        = 0x80004006
+	CO_E_INIT_SHARED_ALLOCATOR                                                Handle        = 0x80004007
+	CO_E_INIT_MEMORY_ALLOCATOR                                                Handle        = 0x80004008
+	CO_E_INIT_CLASS_CACHE                                                     Handle        = 0x80004009
+	CO_E_INIT_RPC_CHANNEL                                                     Handle        = 0x8000400A
+	CO_E_INIT_TLS_SET_CHANNEL_CONTROL                                         Handle        = 0x8000400B
+	CO_E_INIT_TLS_CHANNEL_CONTROL                                             Handle        = 0x8000400C
+	CO_E_INIT_UNACCEPTED_USER_ALLOCATOR                                       Handle        = 0x8000400D
+	CO_E_INIT_SCM_MUTEX_EXISTS                                                Handle        = 0x8000400E
+	CO_E_INIT_SCM_FILE_MAPPING_EXISTS                                         Handle        = 0x8000400F
+	CO_E_INIT_SCM_MAP_VIEW_OF_FILE                                            Handle        = 0x80004010
+	CO_E_INIT_SCM_EXEC_FAILURE                                                Handle        = 0x80004011
+	CO_E_INIT_ONLY_SINGLE_THREADED                                            Handle        = 0x80004012
+	CO_E_CANT_REMOTE                                                          Handle        = 0x80004013
+	CO_E_BAD_SERVER_NAME                                                      Handle        = 0x80004014
+	CO_E_WRONG_SERVER_IDENTITY                                                Handle        = 0x80004015
+	CO_E_OLE1DDE_DISABLED                                                     Handle        = 0x80004016
+	CO_E_RUNAS_SYNTAX                                                         Handle        = 0x80004017
+	CO_E_CREATEPROCESS_FAILURE                                                Handle        = 0x80004018
+	CO_E_RUNAS_CREATEPROCESS_FAILURE                                          Handle        = 0x80004019
+	CO_E_RUNAS_LOGON_FAILURE                                                  Handle        = 0x8000401A
+	CO_E_LAUNCH_PERMSSION_DENIED                                              Handle        = 0x8000401B
+	CO_E_START_SERVICE_FAILURE                                                Handle        = 0x8000401C
+	CO_E_REMOTE_COMMUNICATION_FAILURE                                         Handle        = 0x8000401D
+	CO_E_SERVER_START_TIMEOUT                                                 Handle        = 0x8000401E
+	CO_E_CLSREG_INCONSISTENT                                                  Handle        = 0x8000401F
+	CO_E_IIDREG_INCONSISTENT                                                  Handle        = 0x80004020
+	CO_E_NOT_SUPPORTED                                                        Handle        = 0x80004021
+	CO_E_RELOAD_DLL                                                           Handle        = 0x80004022
+	CO_E_MSI_ERROR                                                            Handle        = 0x80004023
+	CO_E_ATTEMPT_TO_CREATE_OUTSIDE_CLIENT_CONTEXT                             Handle        = 0x80004024
+	CO_E_SERVER_PAUSED                                                        Handle        = 0x80004025
+	CO_E_SERVER_NOT_PAUSED                                                    Handle        = 0x80004026
+	CO_E_CLASS_DISABLED                                                       Handle        = 0x80004027
+	CO_E_CLRNOTAVAILABLE                                                      Handle        = 0x80004028
+	CO_E_ASYNC_WORK_REJECTED                                                  Handle        = 0x80004029
+	CO_E_SERVER_INIT_TIMEOUT                                                  Handle        = 0x8000402A
+	CO_E_NO_SECCTX_IN_ACTIVATE                                                Handle        = 0x8000402B
+	CO_E_TRACKER_CONFIG                                                       Handle        = 0x80004030
+	CO_E_THREADPOOL_CONFIG                                                    Handle        = 0x80004031
+	CO_E_SXS_CONFIG                                                           Handle        = 0x80004032
+	CO_E_MALFORMED_SPN                                                        Handle        = 0x80004033
+	CO_E_UNREVOKED_REGISTRATION_ON_APARTMENT_SHUTDOWN                         Handle        = 0x80004034
+	CO_E_PREMATURE_STUB_RUNDOWN                                               Handle        = 0x80004035
+	S_OK                                                                      Handle        = 0
+	S_FALSE                                                                   Handle        = 1
+	OLE_E_FIRST                                                               Handle        = 0x80040000
+	OLE_E_LAST                                                                Handle        = 0x800400FF
+	OLE_S_FIRST                                                               Handle        = 0x00040000
+	OLE_S_LAST                                                                Handle        = 0x000400FF
+	OLE_E_OLEVERB                                                             Handle        = 0x80040000
+	OLE_E_ADVF                                                                Handle        = 0x80040001
+	OLE_E_ENUM_NOMORE                                                         Handle        = 0x80040002
+	OLE_E_ADVISENOTSUPPORTED                                                  Handle        = 0x80040003
+	OLE_E_NOCONNECTION                                                        Handle        = 0x80040004
+	OLE_E_NOTRUNNING                                                          Handle        = 0x80040005
+	OLE_E_NOCACHE                                                             Handle        = 0x80040006
+	OLE_E_BLANK                                                               Handle        = 0x80040007
+	OLE_E_CLASSDIFF                                                           Handle        = 0x80040008
+	OLE_E_CANT_GETMONIKER                                                     Handle        = 0x80040009
+	OLE_E_CANT_BINDTOSOURCE                                                   Handle        = 0x8004000A
+	OLE_E_STATIC                                                              Handle        = 0x8004000B
+	OLE_E_PROMPTSAVECANCELLED                                                 Handle        = 0x8004000C
+	OLE_E_INVALIDRECT                                                         Handle        = 0x8004000D
+	OLE_E_WRONGCOMPOBJ                                                        Handle        = 0x8004000E
+	OLE_E_INVALIDHWND                                                         Handle        = 0x8004000F
+	OLE_E_NOT_INPLACEACTIVE                                                   Handle        = 0x80040010
+	OLE_E_CANTCONVERT                                                         Handle        = 0x80040011
+	OLE_E_NOSTORAGE                                                           Handle        = 0x80040012
+	DV_E_FORMATETC                                                            Handle        = 0x80040064
+	DV_E_DVTARGETDEVICE                                                       Handle        = 0x80040065
+	DV_E_STGMEDIUM                                                            Handle        = 0x80040066
+	DV_E_STATDATA                                                             Handle        = 0x80040067
+	DV_E_LINDEX                                                               Handle        = 0x80040068
+	DV_E_TYMED                                                                Handle        = 0x80040069
+	DV_E_CLIPFORMAT                                                           Handle        = 0x8004006A
+	DV_E_DVASPECT                                                             Handle        = 0x8004006B
+	DV_E_DVTARGETDEVICE_SIZE                                                  Handle        = 0x8004006C
+	DV_E_NOIVIEWOBJECT                                                        Handle        = 0x8004006D
+	DRAGDROP_E_FIRST                                                          syscall.Errno = 0x80040100
+	DRAGDROP_E_LAST                                                           syscall.Errno = 0x8004010F
+	DRAGDROP_S_FIRST                                                          syscall.Errno = 0x00040100
+	DRAGDROP_S_LAST                                                           syscall.Errno = 0x0004010F
+	DRAGDROP_E_NOTREGISTERED                                                  Handle        = 0x80040100
+	DRAGDROP_E_ALREADYREGISTERED                                              Handle        = 0x80040101
+	DRAGDROP_E_INVALIDHWND                                                    Handle        = 0x80040102
+	DRAGDROP_E_CONCURRENT_DRAG_ATTEMPTED                                      Handle        = 0x80040103
+	CLASSFACTORY_E_FIRST                                                      syscall.Errno = 0x80040110
+	CLASSFACTORY_E_LAST                                                       syscall.Errno = 0x8004011F
+	CLASSFACTORY_S_FIRST                                                      syscall.Errno = 0x00040110
+	CLASSFACTORY_S_LAST                                                       syscall.Errno = 0x0004011F
+	CLASS_E_NOAGGREGATION                                                     Handle        = 0x80040110
+	CLASS_E_CLASSNOTAVAILABLE                                                 Handle        = 0x80040111
+	CLASS_E_NOTLICENSED                                                       Handle        = 0x80040112
+	MARSHAL_E_FIRST                                                           syscall.Errno = 0x80040120
+	MARSHAL_E_LAST                                                            syscall.Errno = 0x8004012F
+	MARSHAL_S_FIRST                                                           syscall.Errno = 0x00040120
+	MARSHAL_S_LAST                                                            syscall.Errno = 0x0004012F
+	DATA_E_FIRST                                                              syscall.Errno = 0x80040130
+	DATA_E_LAST                                                               syscall.Errno = 0x8004013F
+	DATA_S_FIRST                                                              syscall.Errno = 0x00040130
+	DATA_S_LAST                                                               syscall.Errno = 0x0004013F
+	VIEW_E_FIRST                                                              syscall.Errno = 0x80040140
+	VIEW_E_LAST                                                               syscall.Errno = 0x8004014F
+	VIEW_S_FIRST                                                              syscall.Errno = 0x00040140
+	VIEW_S_LAST                                                               syscall.Errno = 0x0004014F
+	VIEW_E_DRAW                                                               Handle        = 0x80040140
+	REGDB_E_FIRST                                                             syscall.Errno = 0x80040150
+	REGDB_E_LAST                                                              syscall.Errno = 0x8004015F
+	REGDB_S_FIRST                                                             syscall.Errno = 0x00040150
+	REGDB_S_LAST                                                              syscall.Errno = 0x0004015F
+	REGDB_E_READREGDB                                                         Handle        = 0x80040150
+	REGDB_E_WRITEREGDB                                                        Handle        = 0x80040151
+	REGDB_E_KEYMISSING                                                        Handle        = 0x80040152
+	REGDB_E_INVALIDVALUE                                                      Handle        = 0x80040153
+	REGDB_E_CLASSNOTREG                                                       Handle        = 0x80040154
+	REGDB_E_IIDNOTREG                                                         Handle        = 0x80040155
+	REGDB_E_BADTHREADINGMODEL                                                 Handle        = 0x80040156
+	REGDB_E_PACKAGEPOLICYVIOLATION                                            Handle        = 0x80040157
+	CAT_E_FIRST                                                               syscall.Errno = 0x80040160
+	CAT_E_LAST                                                                syscall.Errno = 0x80040161
+	CAT_E_CATIDNOEXIST                                                        Handle        = 0x80040160
+	CAT_E_NODESCRIPTION                                                       Handle        = 0x80040161
+	CS_E_FIRST                                                                syscall.Errno = 0x80040164
+	CS_E_LAST                                                                 syscall.Errno = 0x8004016F
+	CS_E_PACKAGE_NOTFOUND                                                     Handle        = 0x80040164
+	CS_E_NOT_DELETABLE                                                        Handle        = 0x80040165
+	CS_E_CLASS_NOTFOUND                                                       Handle        = 0x80040166
+	CS_E_INVALID_VERSION                                                      Handle        = 0x80040167
+	CS_E_NO_CLASSSTORE                                                        Handle        = 0x80040168
+	CS_E_OBJECT_NOTFOUND                                                      Handle        = 0x80040169
+	CS_E_OBJECT_ALREADY_EXISTS                                                Handle        = 0x8004016A
+	CS_E_INVALID_PATH                                                         Handle        = 0x8004016B
+	CS_E_NETWORK_ERROR                                                        Handle        = 0x8004016C
+	CS_E_ADMIN_LIMIT_EXCEEDED                                                 Handle        = 0x8004016D
+	CS_E_SCHEMA_MISMATCH                                                      Handle        = 0x8004016E
+	CS_E_INTERNAL_ERROR                                                       Handle        = 0x8004016F
+	CACHE_E_FIRST                                                             syscall.Errno = 0x80040170
+	CACHE_E_LAST                                                              syscall.Errno = 0x8004017F
+	CACHE_S_FIRST                                                             syscall.Errno = 0x00040170
+	CACHE_S_LAST                                                              syscall.Errno = 0x0004017F
+	CACHE_E_NOCACHE_UPDATED                                                   Handle        = 0x80040170
+	OLEOBJ_E_FIRST                                                            syscall.Errno = 0x80040180
+	OLEOBJ_E_LAST                                                             syscall.Errno = 0x8004018F
+	OLEOBJ_S_FIRST                                                            syscall.Errno = 0x00040180
+	OLEOBJ_S_LAST                                                             syscall.Errno = 0x0004018F
+	OLEOBJ_E_NOVERBS                                                          Handle        = 0x80040180
+	OLEOBJ_E_INVALIDVERB                                                      Handle        = 0x80040181
+	CLIENTSITE_E_FIRST                                                        syscall.Errno = 0x80040190
+	CLIENTSITE_E_LAST                                                         syscall.Errno = 0x8004019F
+	CLIENTSITE_S_FIRST                                                        syscall.Errno = 0x00040190
+	CLIENTSITE_S_LAST                                                         syscall.Errno = 0x0004019F
+	INPLACE_E_NOTUNDOABLE                                                     Handle        = 0x800401A0
+	INPLACE_E_NOTOOLSPACE                                                     Handle        = 0x800401A1
+	INPLACE_E_FIRST                                                           syscall.Errno = 0x800401A0
+	INPLACE_E_LAST                                                            syscall.Errno = 0x800401AF
+	INPLACE_S_FIRST                                                           syscall.Errno = 0x000401A0
+	INPLACE_S_LAST                                                            syscall.Errno = 0x000401AF
+	ENUM_E_FIRST                                                              syscall.Errno = 0x800401B0
+	ENUM_E_LAST                                                               syscall.Errno = 0x800401BF
+	ENUM_S_FIRST                                                              syscall.Errno = 0x000401B0
+	ENUM_S_LAST                                                               syscall.Errno = 0x000401BF
+	CONVERT10_E_FIRST                                                         syscall.Errno = 0x800401C0
+	CONVERT10_E_LAST                                                          syscall.Errno = 0x800401CF
+	CONVERT10_S_FIRST                                                         syscall.Errno = 0x000401C0
+	CONVERT10_S_LAST                                                          syscall.Errno = 0x000401CF
+	CONVERT10_E_OLESTREAM_GET                                                 Handle        = 0x800401C0
+	CONVERT10_E_OLESTREAM_PUT                                                 Handle        = 0x800401C1
+	CONVERT10_E_OLESTREAM_FMT                                                 Handle        = 0x800401C2
+	CONVERT10_E_OLESTREAM_BITMAP_TO_DIB                                       Handle        = 0x800401C3
+	CONVERT10_E_STG_FMT                                                       Handle        = 0x800401C4
+	CONVERT10_E_STG_NO_STD_STREAM                                             Handle        = 0x800401C5
+	CONVERT10_E_STG_DIB_TO_BITMAP                                             Handle        = 0x800401C6
+	CLIPBRD_E_FIRST                                                           syscall.Errno = 0x800401D0
+	CLIPBRD_E_LAST                                                            syscall.Errno = 0x800401DF
+	CLIPBRD_S_FIRST                                                           syscall.Errno = 0x000401D0
+	CLIPBRD_S_LAST                                                            syscall.Errno = 0x000401DF
+	CLIPBRD_E_CANT_OPEN                                                       Handle        = 0x800401D0
+	CLIPBRD_E_CANT_EMPTY                                                      Handle        = 0x800401D1
+	CLIPBRD_E_CANT_SET                                                        Handle        = 0x800401D2
+	CLIPBRD_E_BAD_DATA                                                        Handle        = 0x800401D3
+	CLIPBRD_E_CANT_CLOSE                                                      Handle        = 0x800401D4
+	MK_E_FIRST                                                                syscall.Errno = 0x800401E0
+	MK_E_LAST                                                                 syscall.Errno = 0x800401EF
+	MK_S_FIRST                                                                syscall.Errno = 0x000401E0
+	MK_S_LAST                                                                 syscall.Errno = 0x000401EF
+	MK_E_CONNECTMANUALLY                                                      Handle        = 0x800401E0
+	MK_E_EXCEEDEDDEADLINE                                                     Handle        = 0x800401E1
+	MK_E_NEEDGENERIC                                                          Handle        = 0x800401E2
+	MK_E_UNAVAILABLE                                                          Handle        = 0x800401E3
+	MK_E_SYNTAX                                                               Handle        = 0x800401E4
+	MK_E_NOOBJECT                                                             Handle        = 0x800401E5
+	MK_E_INVALIDEXTENSION                                                     Handle        = 0x800401E6
+	MK_E_INTERMEDIATEINTERFACENOTSUPPORTED                                    Handle        = 0x800401E7
+	MK_E_NOTBINDABLE                                                          Handle        = 0x800401E8
+	MK_E_NOTBOUND                                                             Handle        = 0x800401E9
+	MK_E_CANTOPENFILE                                                         Handle        = 0x800401EA
+	MK_E_MUSTBOTHERUSER                                                       Handle        = 0x800401EB
+	MK_E_NOINVERSE                                                            Handle        = 0x800401EC
+	MK_E_NOSTORAGE                                                            Handle        = 0x800401ED
+	MK_E_NOPREFIX                                                             Handle        = 0x800401EE
+	MK_E_ENUMERATION_FAILED                                                   Handle        = 0x800401EF
+	CO_E_FIRST                                                                syscall.Errno = 0x800401F0
+	CO_E_LAST                                                                 syscall.Errno = 0x800401FF
+	CO_S_FIRST                                                                syscall.Errno = 0x000401F0
+	CO_S_LAST                                                                 syscall.Errno = 0x000401FF
+	CO_E_NOTINITIALIZED                                                       Handle        = 0x800401F0
+	CO_E_ALREADYINITIALIZED                                                   Handle        = 0x800401F1
+	CO_E_CANTDETERMINECLASS                                                   Handle        = 0x800401F2
+	CO_E_CLASSSTRING                                                          Handle        = 0x800401F3
+	CO_E_IIDSTRING                                                            Handle        = 0x800401F4
+	CO_E_APPNOTFOUND                                                          Handle        = 0x800401F5
+	CO_E_APPSINGLEUSE                                                         Handle        = 0x800401F6
+	CO_E_ERRORINAPP                                                           Handle        = 0x800401F7
+	CO_E_DLLNOTFOUND                                                          Handle        = 0x800401F8
+	CO_E_ERRORINDLL                                                           Handle        = 0x800401F9
+	CO_E_WRONGOSFORAPP                                                        Handle        = 0x800401FA
+	CO_E_OBJNOTREG                                                            Handle        = 0x800401FB
+	CO_E_OBJISREG                                                             Handle        = 0x800401FC
+	CO_E_OBJNOTCONNECTED                                                      Handle        = 0x800401FD
+	CO_E_APPDIDNTREG                                                          Handle        = 0x800401FE
+	CO_E_RELEASED                                                             Handle        = 0x800401FF
+	EVENT_E_FIRST                                                             syscall.Errno = 0x80040200
+	EVENT_E_LAST                                                              syscall.Errno = 0x8004021F
+	EVENT_S_FIRST                                                             syscall.Errno = 0x00040200
+	EVENT_S_LAST                                                              syscall.Errno = 0x0004021F
+	EVENT_S_SOME_SUBSCRIBERS_FAILED                                           Handle        = 0x00040200
+	EVENT_E_ALL_SUBSCRIBERS_FAILED                                            Handle        = 0x80040201
+	EVENT_S_NOSUBSCRIBERS                                                     Handle        = 0x00040202
+	EVENT_E_QUERYSYNTAX                                                       Handle        = 0x80040203
+	EVENT_E_QUERYFIELD                                                        Handle        = 0x80040204
+	EVENT_E_INTERNALEXCEPTION                                                 Handle        = 0x80040205
+	EVENT_E_INTERNALERROR                                                     Handle        = 0x80040206
+	EVENT_E_INVALID_PER_USER_SID                                              Handle        = 0x80040207
+	EVENT_E_USER_EXCEPTION                                                    Handle        = 0x80040208
+	EVENT_E_TOO_MANY_METHODS                                                  Handle        = 0x80040209
+	EVENT_E_MISSING_EVENTCLASS                                                Handle        = 0x8004020A
+	EVENT_E_NOT_ALL_REMOVED                                                   Handle        = 0x8004020B
+	EVENT_E_COMPLUS_NOT_INSTALLED                                             Handle        = 0x8004020C
+	EVENT_E_CANT_MODIFY_OR_DELETE_UNCONFIGURED_OBJECT                         Handle        = 0x8004020D
+	EVENT_E_CANT_MODIFY_OR_DELETE_CONFIGURED_OBJECT                           Handle        = 0x8004020E
+	EVENT_E_INVALID_EVENT_CLASS_PARTITION                                     Handle        = 0x8004020F
+	EVENT_E_PER_USER_SID_NOT_LOGGED_ON                                        Handle        = 0x80040210
+	TPC_E_INVALID_PROPERTY                                                    Handle        = 0x80040241
+	TPC_E_NO_DEFAULT_TABLET                                                   Handle        = 0x80040212
+	TPC_E_UNKNOWN_PROPERTY                                                    Handle        = 0x8004021B
+	TPC_E_INVALID_INPUT_RECT                                                  Handle        = 0x80040219
+	TPC_E_INVALID_STROKE                                                      Handle        = 0x80040222
+	TPC_E_INITIALIZE_FAIL                                                     Handle        = 0x80040223
+	TPC_E_NOT_RELEVANT                                                        Handle        = 0x80040232
+	TPC_E_INVALID_PACKET_DESCRIPTION                                          Handle        = 0x80040233
+	TPC_E_RECOGNIZER_NOT_REGISTERED                                           Handle        = 0x80040235
+	TPC_E_INVALID_RIGHTS                                                      Handle        = 0x80040236
+	TPC_E_OUT_OF_ORDER_CALL                                                   Handle        = 0x80040237
+	TPC_E_QUEUE_FULL                                                          Handle        = 0x80040238
+	TPC_E_INVALID_CONFIGURATION                                               Handle        = 0x80040239
+	TPC_E_INVALID_DATA_FROM_RECOGNIZER                                        Handle        = 0x8004023A
+	TPC_S_TRUNCATED                                                           Handle        = 0x00040252
+	TPC_S_INTERRUPTED                                                         Handle        = 0x00040253
+	TPC_S_NO_DATA_TO_PROCESS                                                  Handle        = 0x00040254
+	XACT_E_FIRST                                                              syscall.Errno = 0x8004D000
+	XACT_E_LAST                                                               syscall.Errno = 0x8004D02B
+	XACT_S_FIRST                                                              syscall.Errno = 0x0004D000
+	XACT_S_LAST                                                               syscall.Errno = 0x0004D010
+	XACT_E_ALREADYOTHERSINGLEPHASE                                            Handle        = 0x8004D000
+	XACT_E_CANTRETAIN                                                         Handle        = 0x8004D001
+	XACT_E_COMMITFAILED                                                       Handle        = 0x8004D002
+	XACT_E_COMMITPREVENTED                                                    Handle        = 0x8004D003
+	XACT_E_HEURISTICABORT                                                     Handle        = 0x8004D004
+	XACT_E_HEURISTICCOMMIT                                                    Handle        = 0x8004D005
+	XACT_E_HEURISTICDAMAGE                                                    Handle        = 0x8004D006
+	XACT_E_HEURISTICDANGER                                                    Handle        = 0x8004D007
+	XACT_E_ISOLATIONLEVEL                                                     Handle        = 0x8004D008
+	XACT_E_NOASYNC                                                            Handle        = 0x8004D009
+	XACT_E_NOENLIST                                                           Handle        = 0x8004D00A
+	XACT_E_NOISORETAIN                                                        Handle        = 0x8004D00B
+	XACT_E_NORESOURCE                                                         Handle        = 0x8004D00C
+	XACT_E_NOTCURRENT                                                         Handle        = 0x8004D00D
+	XACT_E_NOTRANSACTION                                                      Handle        = 0x8004D00E
+	XACT_E_NOTSUPPORTED                                                       Handle        = 0x8004D00F
+	XACT_E_UNKNOWNRMGRID                                                      Handle        = 0x8004D010
+	XACT_E_WRONGSTATE                                                         Handle        = 0x8004D011
+	XACT_E_WRONGUOW                                                           Handle        = 0x8004D012
+	XACT_E_XTIONEXISTS                                                        Handle        = 0x8004D013
+	XACT_E_NOIMPORTOBJECT                                                     Handle        = 0x8004D014
+	XACT_E_INVALIDCOOKIE                                                      Handle        = 0x8004D015
+	XACT_E_INDOUBT                                                            Handle        = 0x8004D016
+	XACT_E_NOTIMEOUT                                                          Handle        = 0x8004D017
+	XACT_E_ALREADYINPROGRESS                                                  Handle        = 0x8004D018
+	XACT_E_ABORTED                                                            Handle        = 0x8004D019
+	XACT_E_LOGFULL                                                            Handle        = 0x8004D01A
+	XACT_E_TMNOTAVAILABLE                                                     Handle        = 0x8004D01B
+	XACT_E_CONNECTION_DOWN                                                    Handle        = 0x8004D01C
+	XACT_E_CONNECTION_DENIED                                                  Handle        = 0x8004D01D
+	XACT_E_REENLISTTIMEOUT                                                    Handle        = 0x8004D01E
+	XACT_E_TIP_CONNECT_FAILED                                                 Handle        = 0x8004D01F
+	XACT_E_TIP_PROTOCOL_ERROR                                                 Handle        = 0x8004D020
+	XACT_E_TIP_PULL_FAILED                                                    Handle        = 0x8004D021
+	XACT_E_DEST_TMNOTAVAILABLE                                                Handle        = 0x8004D022
+	XACT_E_TIP_DISABLED                                                       Handle        = 0x8004D023
+	XACT_E_NETWORK_TX_DISABLED                                                Handle        = 0x8004D024
+	XACT_E_PARTNER_NETWORK_TX_DISABLED                                        Handle        = 0x8004D025
+	XACT_E_XA_TX_DISABLED                                                     Handle        = 0x8004D026
+	XACT_E_UNABLE_TO_READ_DTC_CONFIG                                          Handle        = 0x8004D027
+	XACT_E_UNABLE_TO_LOAD_DTC_PROXY                                           Handle        = 0x8004D028
+	XACT_E_ABORTING                                                           Handle        = 0x8004D029
+	XACT_E_PUSH_COMM_FAILURE                                                  Handle        = 0x8004D02A
+	XACT_E_PULL_COMM_FAILURE                                                  Handle        = 0x8004D02B
+	XACT_E_LU_TX_DISABLED                                                     Handle        = 0x8004D02C
+	XACT_E_CLERKNOTFOUND                                                      Handle        = 0x8004D080
+	XACT_E_CLERKEXISTS                                                        Handle        = 0x8004D081
+	XACT_E_RECOVERYINPROGRESS                                                 Handle        = 0x8004D082
+	XACT_E_TRANSACTIONCLOSED                                                  Handle        = 0x8004D083
+	XACT_E_INVALIDLSN                                                         Handle        = 0x8004D084
+	XACT_E_REPLAYREQUEST                                                      Handle        = 0x8004D085
+	XACT_S_ASYNC                                                              Handle        = 0x0004D000
+	XACT_S_DEFECT                                                             Handle        = 0x0004D001
+	XACT_S_READONLY                                                           Handle        = 0x0004D002
+	XACT_S_SOMENORETAIN                                                       Handle        = 0x0004D003
+	XACT_S_OKINFORM                                                           Handle        = 0x0004D004
+	XACT_S_MADECHANGESCONTENT                                                 Handle        = 0x0004D005
+	XACT_S_MADECHANGESINFORM                                                  Handle        = 0x0004D006
+	XACT_S_ALLNORETAIN                                                        Handle        = 0x0004D007
+	XACT_S_ABORTING                                                           Handle        = 0x0004D008
+	XACT_S_SINGLEPHASE                                                        Handle        = 0x0004D009
+	XACT_S_LOCALLY_OK                                                         Handle        = 0x0004D00A
+	XACT_S_LASTRESOURCEMANAGER                                                Handle        = 0x0004D010
+	CONTEXT_E_FIRST                                                           syscall.Errno = 0x8004E000
+	CONTEXT_E_LAST                                                            syscall.Errno = 0x8004E02F
+	CONTEXT_S_FIRST                                                           syscall.Errno = 0x0004E000
+	CONTEXT_S_LAST                                                            syscall.Errno = 0x0004E02F
+	CONTEXT_E_ABORTED                                                         Handle        = 0x8004E002
+	CONTEXT_E_ABORTING                                                        Handle        = 0x8004E003
+	CONTEXT_E_NOCONTEXT                                                       Handle        = 0x8004E004
+	CONTEXT_E_WOULD_DEADLOCK                                                  Handle        = 0x8004E005
+	CONTEXT_E_SYNCH_TIMEOUT                                                   Handle        = 0x8004E006
+	CONTEXT_E_OLDREF                                                          Handle        = 0x8004E007
+	CONTEXT_E_ROLENOTFOUND                                                    Handle        = 0x8004E00C
+	CONTEXT_E_TMNOTAVAILABLE                                                  Handle        = 0x8004E00F
+	CO_E_ACTIVATIONFAILED                                                     Handle        = 0x8004E021
+	CO_E_ACTIVATIONFAILED_EVENTLOGGED                                         Handle        = 0x8004E022
+	CO_E_ACTIVATIONFAILED_CATALOGERROR                                        Handle        = 0x8004E023
+	CO_E_ACTIVATIONFAILED_TIMEOUT                                             Handle        = 0x8004E024
+	CO_E_INITIALIZATIONFAILED                                                 Handle        = 0x8004E025
+	CONTEXT_E_NOJIT                                                           Handle        = 0x8004E026
+	CONTEXT_E_NOTRANSACTION                                                   Handle        = 0x8004E027
+	CO_E_THREADINGMODEL_CHANGED                                               Handle        = 0x8004E028
+	CO_E_NOIISINTRINSICS                                                      Handle        = 0x8004E029
+	CO_E_NOCOOKIES                                                            Handle        = 0x8004E02A
+	CO_E_DBERROR                                                              Handle        = 0x8004E02B
+	CO_E_NOTPOOLED                                                            Handle        = 0x8004E02C
+	CO_E_NOTCONSTRUCTED                                                       Handle        = 0x8004E02D
+	CO_E_NOSYNCHRONIZATION                                                    Handle        = 0x8004E02E
+	CO_E_ISOLEVELMISMATCH                                                     Handle        = 0x8004E02F
+	CO_E_CALL_OUT_OF_TX_SCOPE_NOT_ALLOWED                                     Handle        = 0x8004E030
+	CO_E_EXIT_TRANSACTION_SCOPE_NOT_CALLED                                    Handle        = 0x8004E031
+	OLE_S_USEREG                                                              Handle        = 0x00040000
+	OLE_S_STATIC                                                              Handle        = 0x00040001
+	OLE_S_MAC_CLIPFORMAT                                                      Handle        = 0x00040002
+	DRAGDROP_S_DROP                                                           Handle        = 0x00040100
+	DRAGDROP_S_CANCEL                                                         Handle        = 0x00040101
+	DRAGDROP_S_USEDEFAULTCURSORS                                              Handle        = 0x00040102
+	DATA_S_SAMEFORMATETC                                                      Handle        = 0x00040130
+	VIEW_S_ALREADY_FROZEN                                                     Handle        = 0x00040140
+	CACHE_S_FORMATETC_NOTSUPPORTED                                            Handle        = 0x00040170
+	CACHE_S_SAMECACHE                                                         Handle        = 0x00040171
+	CACHE_S_SOMECACHES_NOTUPDATED                                             Handle        = 0x00040172
+	OLEOBJ_S_INVALIDVERB                                                      Handle        = 0x00040180
+	OLEOBJ_S_CANNOT_DOVERB_NOW                                                Handle        = 0x00040181
+	OLEOBJ_S_INVALIDHWND                                                      Handle        = 0x00040182
+	INPLACE_S_TRUNCATED                                                       Handle        = 0x000401A0
+	CONVERT10_S_NO_PRESENTATION                                               Handle        = 0x000401C0
+	MK_S_REDUCED_TO_SELF                                                      Handle        = 0x000401E2
+	MK_S_ME                                                                   Handle        = 0x000401E4
+	MK_S_HIM                                                                  Handle        = 0x000401E5
+	MK_S_US                                                                   Handle        = 0x000401E6
+	MK_S_MONIKERALREADYREGISTERED                                             Handle        = 0x000401E7
+	SCHED_S_TASK_READY                                                        Handle        = 0x00041300
+	SCHED_S_TASK_RUNNING                                                      Handle        = 0x00041301
+	SCHED_S_TASK_DISABLED                                                     Handle        = 0x00041302
+	SCHED_S_TASK_HAS_NOT_RUN                                                  Handle        = 0x00041303
+	SCHED_S_TASK_NO_MORE_RUNS                                                 Handle        = 0x00041304
+	SCHED_S_TASK_NOT_SCHEDULED                                                Handle        = 0x00041305
+	SCHED_S_TASK_TERMINATED                                                   Handle        = 0x00041306
+	SCHED_S_TASK_NO_VALID_TRIGGERS                                            Handle        = 0x00041307
+	SCHED_S_EVENT_TRIGGER                                                     Handle        = 0x00041308
+	SCHED_E_TRIGGER_NOT_FOUND                                                 Handle        = 0x80041309
+	SCHED_E_TASK_NOT_READY                                                    Handle        = 0x8004130A
+	SCHED_E_TASK_NOT_RUNNING                                                  Handle        = 0x8004130B
+	SCHED_E_SERVICE_NOT_INSTALLED                                             Handle        = 0x8004130C
+	SCHED_E_CANNOT_OPEN_TASK                                                  Handle        = 0x8004130D
+	SCHED_E_INVALID_TASK                                                      Handle        = 0x8004130E
+	SCHED_E_ACCOUNT_INFORMATION_NOT_SET                                       Handle        = 0x8004130F
+	SCHED_E_ACCOUNT_NAME_NOT_FOUND                                            Handle        = 0x80041310
+	SCHED_E_ACCOUNT_DBASE_CORRUPT                                             Handle        = 0x80041311
+	SCHED_E_NO_SECURITY_SERVICES                                              Handle        = 0x80041312
+	SCHED_E_UNKNOWN_OBJECT_VERSION                                            Handle        = 0x80041313
+	SCHED_E_UNSUPPORTED_ACCOUNT_OPTION                                        Handle        = 0x80041314
+	SCHED_E_SERVICE_NOT_RUNNING                                               Handle        = 0x80041315
+	SCHED_E_UNEXPECTEDNODE                                                    Handle        = 0x80041316
+	SCHED_E_NAMESPACE                                                         Handle        = 0x80041317
+	SCHED_E_INVALIDVALUE                                                      Handle        = 0x80041318
+	SCHED_E_MISSINGNODE                                                       Handle        = 0x80041319
+	SCHED_E_MALFORMEDXML                                                      Handle        = 0x8004131A
+	SCHED_S_SOME_TRIGGERS_FAILED                                              Handle        = 0x0004131B
+	SCHED_S_BATCH_LOGON_PROBLEM                                               Handle        = 0x0004131C
+	SCHED_E_TOO_MANY_NODES                                                    Handle        = 0x8004131D
+	SCHED_E_PAST_END_BOUNDARY                                                 Handle        = 0x8004131E
+	SCHED_E_ALREADY_RUNNING                                                   Handle        = 0x8004131F
+	SCHED_E_USER_NOT_LOGGED_ON                                                Handle        = 0x80041320
+	SCHED_E_INVALID_TASK_HASH                                                 Handle        = 0x80041321
+	SCHED_E_SERVICE_NOT_AVAILABLE                                             Handle        = 0x80041322
+	SCHED_E_SERVICE_TOO_BUSY                                                  Handle        = 0x80041323
+	SCHED_E_TASK_ATTEMPTED                                                    Handle        = 0x80041324
+	SCHED_S_TASK_QUEUED                                                       Handle        = 0x00041325
+	SCHED_E_TASK_DISABLED                                                     Handle        = 0x80041326
+	SCHED_E_TASK_NOT_V1_COMPAT                                                Handle        = 0x80041327
+	SCHED_E_START_ON_DEMAND                                                   Handle        = 0x80041328
+	SCHED_E_TASK_NOT_UBPM_COMPAT                                              Handle        = 0x80041329
+	SCHED_E_DEPRECATED_FEATURE_USED                                           Handle        = 0x80041330
+	CO_E_CLASS_CREATE_FAILED                                                  Handle        = 0x80080001
+	CO_E_SCM_ERROR                                                            Handle        = 0x80080002
+	CO_E_SCM_RPC_FAILURE                                                      Handle        = 0x80080003
+	CO_E_BAD_PATH                                                             Handle        = 0x80080004
+	CO_E_SERVER_EXEC_FAILURE                                                  Handle        = 0x80080005
+	CO_E_OBJSRV_RPC_FAILURE                                                   Handle        = 0x80080006
+	MK_E_NO_NORMALIZED                                                        Handle        = 0x80080007
+	CO_E_SERVER_STOPPING                                                      Handle        = 0x80080008
+	MEM_E_INVALID_ROOT                                                        Handle        = 0x80080009
+	MEM_E_INVALID_LINK                                                        Handle        = 0x80080010
+	MEM_E_INVALID_SIZE                                                        Handle        = 0x80080011
+	CO_S_NOTALLINTERFACES                                                     Handle        = 0x00080012
+	CO_S_MACHINENAMENOTFOUND                                                  Handle        = 0x00080013
+	CO_E_MISSING_DISPLAYNAME                                                  Handle        = 0x80080015
+	CO_E_RUNAS_VALUE_MUST_BE_AAA                                              Handle        = 0x80080016
+	CO_E_ELEVATION_DISABLED                                                   Handle        = 0x80080017
+	APPX_E_PACKAGING_INTERNAL                                                 Handle        = 0x80080200
+	APPX_E_INTERLEAVING_NOT_ALLOWED                                           Handle        = 0x80080201
+	APPX_E_RELATIONSHIPS_NOT_ALLOWED                                          Handle        = 0x80080202
+	APPX_E_MISSING_REQUIRED_FILE                                              Handle        = 0x80080203
+	APPX_E_INVALID_MANIFEST                                                   Handle        = 0x80080204
+	APPX_E_INVALID_BLOCKMAP                                                   Handle        = 0x80080205
+	APPX_E_CORRUPT_CONTENT                                                    Handle        = 0x80080206
+	APPX_E_BLOCK_HASH_INVALID                                                 Handle        = 0x80080207
+	APPX_E_REQUESTED_RANGE_TOO_LARGE                                          Handle        = 0x80080208
+	APPX_E_INVALID_SIP_CLIENT_DATA                                            Handle        = 0x80080209
+	APPX_E_INVALID_KEY_INFO                                                   Handle        = 0x8008020A
+	APPX_E_INVALID_CONTENTGROUPMAP                                            Handle        = 0x8008020B
+	APPX_E_INVALID_APPINSTALLER                                               Handle        = 0x8008020C
+	APPX_E_DELTA_BASELINE_VERSION_MISMATCH                                    Handle        = 0x8008020D
+	APPX_E_DELTA_PACKAGE_MISSING_FILE                                         Handle        = 0x8008020E
+	APPX_E_INVALID_DELTA_PACKAGE                                              Handle        = 0x8008020F
+	APPX_E_DELTA_APPENDED_PACKAGE_NOT_ALLOWED                                 Handle        = 0x80080210
+	APPX_E_INVALID_PACKAGING_LAYOUT                                           Handle        = 0x80080211
+	APPX_E_INVALID_PACKAGESIGNCONFIG                                          Handle        = 0x80080212
+	APPX_E_RESOURCESPRI_NOT_ALLOWED                                           Handle        = 0x80080213
+	APPX_E_FILE_COMPRESSION_MISMATCH                                          Handle        = 0x80080214
+	APPX_E_INVALID_PAYLOAD_PACKAGE_EXTENSION                                  Handle        = 0x80080215
+	APPX_E_INVALID_ENCRYPTION_EXCLUSION_FILE_LIST                             Handle        = 0x80080216
+	BT_E_SPURIOUS_ACTIVATION                                                  Handle        = 0x80080300
+	DISP_E_UNKNOWNINTERFACE                                                   Handle        = 0x80020001
+	DISP_E_MEMBERNOTFOUND                                                     Handle        = 0x80020003
+	DISP_E_PARAMNOTFOUND                                                      Handle        = 0x80020004
+	DISP_E_TYPEMISMATCH                                                       Handle        = 0x80020005
+	DISP_E_UNKNOWNNAME                                                        Handle        = 0x80020006
+	DISP_E_NONAMEDARGS                                                        Handle        = 0x80020007
+	DISP_E_BADVARTYPE                                                         Handle        = 0x80020008
+	DISP_E_EXCEPTION                                                          Handle        = 0x80020009
+	DISP_E_OVERFLOW                                                           Handle        = 0x8002000A
+	DISP_E_BADINDEX                                                           Handle        = 0x8002000B
+	DISP_E_UNKNOWNLCID                                                        Handle        = 0x8002000C
+	DISP_E_ARRAYISLOCKED                                                      Handle        = 0x8002000D
+	DISP_E_BADPARAMCOUNT                                                      Handle        = 0x8002000E
+	DISP_E_PARAMNOTOPTIONAL                                                   Handle        = 0x8002000F
+	DISP_E_BADCALLEE                                                          Handle        = 0x80020010
+	DISP_E_NOTACOLLECTION                                                     Handle        = 0x80020011
+	DISP_E_DIVBYZERO                                                          Handle        = 0x80020012
+	DISP_E_BUFFERTOOSMALL                                                     Handle        = 0x80020013
+	TYPE_E_BUFFERTOOSMALL                                                     Handle        = 0x80028016
+	TYPE_E_FIELDNOTFOUND                                                      Handle        = 0x80028017
+	TYPE_E_INVDATAREAD                                                        Handle        = 0x80028018
+	TYPE_E_UNSUPFORMAT                                                        Handle        = 0x80028019
+	TYPE_E_REGISTRYACCESS                                                     Handle        = 0x8002801C
+	TYPE_E_LIBNOTREGISTERED                                                   Handle        = 0x8002801D
+	TYPE_E_UNDEFINEDTYPE                                                      Handle        = 0x80028027
+	TYPE_E_QUALIFIEDNAMEDISALLOWED                                            Handle        = 0x80028028
+	TYPE_E_INVALIDSTATE                                                       Handle        = 0x80028029
+	TYPE_E_WRONGTYPEKIND                                                      Handle        = 0x8002802A
+	TYPE_E_ELEMENTNOTFOUND                                                    Handle        = 0x8002802B
+	TYPE_E_AMBIGUOUSNAME                                                      Handle        = 0x8002802C
+	TYPE_E_NAMECONFLICT                                                       Handle        = 0x8002802D
+	TYPE_E_UNKNOWNLCID                                                        Handle        = 0x8002802E
+	TYPE_E_DLLFUNCTIONNOTFOUND                                                Handle        = 0x8002802F
+	TYPE_E_BADMODULEKIND                                                      Handle        = 0x800288BD
+	TYPE_E_SIZETOOBIG                                                         Handle        = 0x800288C5
+	TYPE_E_DUPLICATEID                                                        Handle        = 0x800288C6
+	TYPE_E_INVALIDID                                                          Handle        = 0x800288CF
+	TYPE_E_TYPEMISMATCH                                                       Handle        = 0x80028CA0
+	TYPE_E_OUTOFBOUNDS                                                        Handle        = 0x80028CA1
+	TYPE_E_IOERROR                                                            Handle        = 0x80028CA2
+	TYPE_E_CANTCREATETMPFILE                                                  Handle        = 0x80028CA3
+	TYPE_E_CANTLOADLIBRARY                                                    Handle        = 0x80029C4A
+	TYPE_E_INCONSISTENTPROPFUNCS                                              Handle        = 0x80029C83
+	TYPE_E_CIRCULARTYPE                                                       Handle        = 0x80029C84
+	STG_E_INVALIDFUNCTION                                                     Handle        = 0x80030001
+	STG_E_FILENOTFOUND                                                        Handle        = 0x80030002
+	STG_E_PATHNOTFOUND                                                        Handle        = 0x80030003
+	STG_E_TOOMANYOPENFILES                                                    Handle        = 0x80030004
+	STG_E_ACCESSDENIED                                                        Handle        = 0x80030005
+	STG_E_INVALIDHANDLE                                                       Handle        = 0x80030006
+	STG_E_INSUFFICIENTMEMORY                                                  Handle        = 0x80030008
+	STG_E_INVALIDPOINTER                                                      Handle        = 0x80030009
+	STG_E_NOMOREFILES                                                         Handle        = 0x80030012
+	STG_E_DISKISWRITEPROTECTED                                                Handle        = 0x80030013
+	STG_E_SEEKERROR                                                           Handle        = 0x80030019
+	STG_E_WRITEFAULT                                                          Handle        = 0x8003001D
+	STG_E_READFAULT                                                           Handle        = 0x8003001E
+	STG_E_SHAREVIOLATION                                                      Handle        = 0x80030020
+	STG_E_LOCKVIOLATION                                                       Handle        = 0x80030021
+	STG_E_FILEALREADYEXISTS                                                   Handle        = 0x80030050
+	STG_E_INVALIDPARAMETER                                                    Handle        = 0x80030057
+	STG_E_MEDIUMFULL                                                          Handle        = 0x80030070
+	STG_E_PROPSETMISMATCHED                                                   Handle        = 0x800300F0
+	STG_E_ABNORMALAPIEXIT                                                     Handle        = 0x800300FA
+	STG_E_INVALIDHEADER                                                       Handle        = 0x800300FB
+	STG_E_INVALIDNAME                                                         Handle        = 0x800300FC
+	STG_E_UNKNOWN                                                             Handle        = 0x800300FD
+	STG_E_UNIMPLEMENTEDFUNCTION                                               Handle        = 0x800300FE
+	STG_E_INVALIDFLAG                                                         Handle        = 0x800300FF
+	STG_E_INUSE                                                               Handle        = 0x80030100
+	STG_E_NOTCURRENT                                                          Handle        = 0x80030101
+	STG_E_REVERTED                                                            Handle        = 0x80030102
+	STG_E_CANTSAVE                                                            Handle        = 0x80030103
+	STG_E_OLDFORMAT                                                           Handle        = 0x80030104
+	STG_E_OLDDLL                                                              Handle        = 0x80030105
+	STG_E_SHAREREQUIRED                                                       Handle        = 0x80030106
+	STG_E_NOTFILEBASEDSTORAGE                                                 Handle        = 0x80030107
+	STG_E_EXTANTMARSHALLINGS                                                  Handle        = 0x80030108
+	STG_E_DOCFILECORRUPT                                                      Handle        = 0x80030109
+	STG_E_BADBASEADDRESS                                                      Handle        = 0x80030110
+	STG_E_DOCFILETOOLARGE                                                     Handle        = 0x80030111
+	STG_E_NOTSIMPLEFORMAT                                                     Handle        = 0x80030112
+	STG_E_INCOMPLETE                                                          Handle        = 0x80030201
+	STG_E_TERMINATED                                                          Handle        = 0x80030202
+	STG_S_CONVERTED                                                           Handle        = 0x00030200
+	STG_S_BLOCK                                                               Handle        = 0x00030201
+	STG_S_RETRYNOW                                                            Handle        = 0x00030202
+	STG_S_MONITORING                                                          Handle        = 0x00030203
+	STG_S_MULTIPLEOPENS                                                       Handle        = 0x00030204
+	STG_S_CONSOLIDATIONFAILED                                                 Handle        = 0x00030205
+	STG_S_CANNOTCONSOLIDATE                                                   Handle        = 0x00030206
+	STG_S_POWER_CYCLE_REQUIRED                                                Handle        = 0x00030207
+	STG_E_FIRMWARE_SLOT_INVALID                                               Handle        = 0x80030208
+	STG_E_FIRMWARE_IMAGE_INVALID                                              Handle        = 0x80030209
+	STG_E_DEVICE_UNRESPONSIVE                                                 Handle        = 0x8003020A
+	STG_E_STATUS_COPY_PROTECTION_FAILURE                                      Handle        = 0x80030305
+	STG_E_CSS_AUTHENTICATION_FAILURE                                          Handle        = 0x80030306
+	STG_E_CSS_KEY_NOT_PRESENT                                                 Handle        = 0x80030307
+	STG_E_CSS_KEY_NOT_ESTABLISHED                                             Handle        = 0x80030308
+	STG_E_CSS_SCRAMBLED_SECTOR                                                Handle        = 0x80030309
+	STG_E_CSS_REGION_MISMATCH                                                 Handle        = 0x8003030A
+	STG_E_RESETS_EXHAUSTED                                                    Handle        = 0x8003030B
+	RPC_E_CALL_REJECTED                                                       Handle        = 0x80010001
+	RPC_E_CALL_CANCELED                                                       Handle        = 0x80010002
+	RPC_E_CANTPOST_INSENDCALL                                                 Handle        = 0x80010003
+	RPC_E_CANTCALLOUT_INASYNCCALL                                             Handle        = 0x80010004
+	RPC_E_CANTCALLOUT_INEXTERNALCALL                                          Handle        = 0x80010005
+	RPC_E_CONNECTION_TERMINATED                                               Handle        = 0x80010006
+	RPC_E_SERVER_DIED                                                         Handle        = 0x80010007
+	RPC_E_CLIENT_DIED                                                         Handle        = 0x80010008
+	RPC_E_INVALID_DATAPACKET                                                  Handle        = 0x80010009
+	RPC_E_CANTTRANSMIT_CALL                                                   Handle        = 0x8001000A
+	RPC_E_CLIENT_CANTMARSHAL_DATA                                             Handle        = 0x8001000B
+	RPC_E_CLIENT_CANTUNMARSHAL_DATA                                           Handle        = 0x8001000C
+	RPC_E_SERVER_CANTMARSHAL_DATA                                             Handle        = 0x8001000D
+	RPC_E_SERVER_CANTUNMARSHAL_DATA                                           Handle        = 0x8001000E
+	RPC_E_INVALID_DATA                                                        Handle        = 0x8001000F
+	RPC_E_INVALID_PARAMETER                                                   Handle        = 0x80010010
+	RPC_E_CANTCALLOUT_AGAIN                                                   Handle        = 0x80010011
+	RPC_E_SERVER_DIED_DNE                                                     Handle        = 0x80010012
+	RPC_E_SYS_CALL_FAILED                                                     Handle        = 0x80010100
+	RPC_E_OUT_OF_RESOURCES                                                    Handle        = 0x80010101
+	RPC_E_ATTEMPTED_MULTITHREAD                                               Handle        = 0x80010102
+	RPC_E_NOT_REGISTERED                                                      Handle        = 0x80010103
+	RPC_E_FAULT                                                               Handle        = 0x80010104
+	RPC_E_SERVERFAULT                                                         Handle        = 0x80010105
+	RPC_E_CHANGED_MODE                                                        Handle        = 0x80010106
+	RPC_E_INVALIDMETHOD                                                       Handle        = 0x80010107
+	RPC_E_DISCONNECTED                                                        Handle        = 0x80010108
+	RPC_E_RETRY                                                               Handle        = 0x80010109
+	RPC_E_SERVERCALL_RETRYLATER                                               Handle        = 0x8001010A
+	RPC_E_SERVERCALL_REJECTED                                                 Handle        = 0x8001010B
+	RPC_E_INVALID_CALLDATA                                                    Handle        = 0x8001010C
+	RPC_E_CANTCALLOUT_ININPUTSYNCCALL                                         Handle        = 0x8001010D
+	RPC_E_WRONG_THREAD                                                        Handle        = 0x8001010E
+	RPC_E_THREAD_NOT_INIT                                                     Handle        = 0x8001010F
+	RPC_E_VERSION_MISMATCH                                                    Handle        = 0x80010110
+	RPC_E_INVALID_HEADER                                                      Handle        = 0x80010111
+	RPC_E_INVALID_EXTENSION                                                   Handle        = 0x80010112
+	RPC_E_INVALID_IPID                                                        Handle        = 0x80010113
+	RPC_E_INVALID_OBJECT                                                      Handle        = 0x80010114
+	RPC_S_CALLPENDING                                                         Handle        = 0x80010115
+	RPC_S_WAITONTIMER                                                         Handle        = 0x80010116
+	RPC_E_CALL_COMPLETE                                                       Handle        = 0x80010117
+	RPC_E_UNSECURE_CALL                                                       Handle        = 0x80010118
+	RPC_E_TOO_LATE                                                            Handle        = 0x80010119
+	RPC_E_NO_GOOD_SECURITY_PACKAGES                                           Handle        = 0x8001011A
+	RPC_E_ACCESS_DENIED                                                       Handle        = 0x8001011B
+	RPC_E_REMOTE_DISABLED                                                     Handle        = 0x8001011C
+	RPC_E_INVALID_OBJREF                                                      Handle        = 0x8001011D
+	RPC_E_NO_CONTEXT                                                          Handle        = 0x8001011E
+	RPC_E_TIMEOUT                                                             Handle        = 0x8001011F
+	RPC_E_NO_SYNC                                                             Handle        = 0x80010120
+	RPC_E_FULLSIC_REQUIRED                                                    Handle        = 0x80010121
+	RPC_E_INVALID_STD_NAME                                                    Handle        = 0x80010122
+	CO_E_FAILEDTOIMPERSONATE                                                  Handle        = 0x80010123
+	CO_E_FAILEDTOGETSECCTX                                                    Handle        = 0x80010124
+	CO_E_FAILEDTOOPENTHREADTOKEN                                              Handle        = 0x80010125
+	CO_E_FAILEDTOGETTOKENINFO                                                 Handle        = 0x80010126
+	CO_E_TRUSTEEDOESNTMATCHCLIENT                                             Handle        = 0x80010127
+	CO_E_FAILEDTOQUERYCLIENTBLANKET                                           Handle        = 0x80010128
+	CO_E_FAILEDTOSETDACL                                                      Handle        = 0x80010129
+	CO_E_ACCESSCHECKFAILED                                                    Handle        = 0x8001012A
+	CO_E_NETACCESSAPIFAILED                                                   Handle        = 0x8001012B
+	CO_E_WRONGTRUSTEENAMESYNTAX                                               Handle        = 0x8001012C
+	CO_E_INVALIDSID                                                           Handle        = 0x8001012D
+	CO_E_CONVERSIONFAILED                                                     Handle        = 0x8001012E
+	CO_E_NOMATCHINGSIDFOUND                                                   Handle        = 0x8001012F
+	CO_E_LOOKUPACCSIDFAILED                                                   Handle        = 0x80010130
+	CO_E_NOMATCHINGNAMEFOUND                                                  Handle        = 0x80010131
+	CO_E_LOOKUPACCNAMEFAILED                                                  Handle        = 0x80010132
+	CO_E_SETSERLHNDLFAILED                                                    Handle        = 0x80010133
+	CO_E_FAILEDTOGETWINDIR                                                    Handle        = 0x80010134
+	CO_E_PATHTOOLONG                                                          Handle        = 0x80010135
+	CO_E_FAILEDTOGENUUID                                                      Handle        = 0x80010136
+	CO_E_FAILEDTOCREATEFILE                                                   Handle        = 0x80010137
+	CO_E_FAILEDTOCLOSEHANDLE                                                  Handle        = 0x80010138
+	CO_E_EXCEEDSYSACLLIMIT                                                    Handle        = 0x80010139
+	CO_E_ACESINWRONGORDER                                                     Handle        = 0x8001013A
+	CO_E_INCOMPATIBLESTREAMVERSION                                            Handle        = 0x8001013B
+	CO_E_FAILEDTOOPENPROCESSTOKEN                                             Handle        = 0x8001013C
+	CO_E_DECODEFAILED                                                         Handle        = 0x8001013D
+	CO_E_ACNOTINITIALIZED                                                     Handle        = 0x8001013F
+	CO_E_CANCEL_DISABLED                                                      Handle        = 0x80010140
+	RPC_E_UNEXPECTED                                                          Handle        = 0x8001FFFF
+	ERROR_AUDITING_DISABLED                                                   Handle        = 0xC0090001
+	ERROR_ALL_SIDS_FILTERED                                                   Handle        = 0xC0090002
+	ERROR_BIZRULES_NOT_ENABLED                                                Handle        = 0xC0090003
+	NTE_BAD_UID                                                               Handle        = 0x80090001
+	NTE_BAD_HASH                                                              Handle        = 0x80090002
+	NTE_BAD_KEY                                                               Handle        = 0x80090003
+	NTE_BAD_LEN                                                               Handle        = 0x80090004
+	NTE_BAD_DATA                                                              Handle        = 0x80090005
+	NTE_BAD_SIGNATURE                                                         Handle        = 0x80090006
+	NTE_BAD_VER                                                               Handle        = 0x80090007
+	NTE_BAD_ALGID                                                             Handle        = 0x80090008
+	NTE_BAD_FLAGS                                                             Handle        = 0x80090009
+	NTE_BAD_TYPE                                                              Handle        = 0x8009000A
+	NTE_BAD_KEY_STATE                                                         Handle        = 0x8009000B
+	NTE_BAD_HASH_STATE                                                        Handle        = 0x8009000C
+	NTE_NO_KEY                                                                Handle        = 0x8009000D
+	NTE_NO_MEMORY                                                             Handle        = 0x8009000E
+	NTE_EXISTS                                                                Handle        = 0x8009000F
+	NTE_PERM                                                                  Handle        = 0x80090010
+	NTE_NOT_FOUND                                                             Handle        = 0x80090011
+	NTE_DOUBLE_ENCRYPT                                                        Handle        = 0x80090012
+	NTE_BAD_PROVIDER                                                          Handle        = 0x80090013
+	NTE_BAD_PROV_TYPE                                                         Handle        = 0x80090014
+	NTE_BAD_PUBLIC_KEY                                                        Handle        = 0x80090015
+	NTE_BAD_KEYSET                                                            Handle        = 0x80090016
+	NTE_PROV_TYPE_NOT_DEF                                                     Handle        = 0x80090017
+	NTE_PROV_TYPE_ENTRY_BAD                                                   Handle        = 0x80090018
+	NTE_KEYSET_NOT_DEF                                                        Handle        = 0x80090019
+	NTE_KEYSET_ENTRY_BAD                                                      Handle        = 0x8009001A
+	NTE_PROV_TYPE_NO_MATCH                                                    Handle        = 0x8009001B
+	NTE_SIGNATURE_FILE_BAD                                                    Handle        = 0x8009001C
+	NTE_PROVIDER_DLL_FAIL                                                     Handle        = 0x8009001D
+	NTE_PROV_DLL_NOT_FOUND                                                    Handle        = 0x8009001E
+	NTE_BAD_KEYSET_PARAM                                                      Handle        = 0x8009001F
+	NTE_FAIL                                                                  Handle        = 0x80090020
+	NTE_SYS_ERR                                                               Handle        = 0x80090021
+	NTE_SILENT_CONTEXT                                                        Handle        = 0x80090022
+	NTE_TOKEN_KEYSET_STORAGE_FULL                                             Handle        = 0x80090023
+	NTE_TEMPORARY_PROFILE                                                     Handle        = 0x80090024
+	NTE_FIXEDPARAMETER                                                        Handle        = 0x80090025
+	NTE_INVALID_HANDLE                                                        Handle        = 0x80090026
+	NTE_INVALID_PARAMETER                                                     Handle        = 0x80090027
+	NTE_BUFFER_TOO_SMALL                                                      Handle        = 0x80090028
+	NTE_NOT_SUPPORTED                                                         Handle        = 0x80090029
+	NTE_NO_MORE_ITEMS                                                         Handle        = 0x8009002A
+	NTE_BUFFERS_OVERLAP                                                       Handle        = 0x8009002B
+	NTE_DECRYPTION_FAILURE                                                    Handle        = 0x8009002C
+	NTE_INTERNAL_ERROR                                                        Handle        = 0x8009002D
+	NTE_UI_REQUIRED                                                           Handle        = 0x8009002E
+	NTE_HMAC_NOT_SUPPORTED                                                    Handle        = 0x8009002F
+	NTE_DEVICE_NOT_READY                                                      Handle        = 0x80090030
+	NTE_AUTHENTICATION_IGNORED                                                Handle        = 0x80090031
+	NTE_VALIDATION_FAILED                                                     Handle        = 0x80090032
+	NTE_INCORRECT_PASSWORD                                                    Handle        = 0x80090033
+	NTE_ENCRYPTION_FAILURE                                                    Handle        = 0x80090034
+	NTE_DEVICE_NOT_FOUND                                                      Handle        = 0x80090035
+	NTE_USER_CANCELLED                                                        Handle        = 0x80090036
+	NTE_PASSWORD_CHANGE_REQUIRED                                              Handle        = 0x80090037
+	NTE_NOT_ACTIVE_CONSOLE                                                    Handle        = 0x80090038
+	SEC_E_INSUFFICIENT_MEMORY                                                 Handle        = 0x80090300
+	SEC_E_INVALID_HANDLE                                                      Handle        = 0x80090301
+	SEC_E_UNSUPPORTED_FUNCTION                                                Handle        = 0x80090302
+	SEC_E_TARGET_UNKNOWN                                                      Handle        = 0x80090303
+	SEC_E_INTERNAL_ERROR                                                      Handle        = 0x80090304
+	SEC_E_SECPKG_NOT_FOUND                                                    Handle        = 0x80090305
+	SEC_E_NOT_OWNER                                                           Handle        = 0x80090306
+	SEC_E_CANNOT_INSTALL                                                      Handle        = 0x80090307
+	SEC_E_INVALID_TOKEN                                                       Handle        = 0x80090308
+	SEC_E_CANNOT_PACK                                                         Handle        = 0x80090309
+	SEC_E_QOP_NOT_SUPPORTED                                                   Handle        = 0x8009030A
+	SEC_E_NO_IMPERSONATION                                                    Handle        = 0x8009030B
+	SEC_E_LOGON_DENIED                                                        Handle        = 0x8009030C
+	SEC_E_UNKNOWN_CREDENTIALS                                                 Handle        = 0x8009030D
+	SEC_E_NO_CREDENTIALS                                                      Handle        = 0x8009030E
+	SEC_E_MESSAGE_ALTERED                                                     Handle        = 0x8009030F
+	SEC_E_OUT_OF_SEQUENCE                                                     Handle        = 0x80090310
+	SEC_E_NO_AUTHENTICATING_AUTHORITY                                         Handle        = 0x80090311
+	SEC_I_CONTINUE_NEEDED                                                     Handle        = 0x00090312
+	SEC_I_COMPLETE_NEEDED                                                     Handle        = 0x00090313
+	SEC_I_COMPLETE_AND_CONTINUE                                               Handle        = 0x00090314
+	SEC_I_LOCAL_LOGON                                                         Handle        = 0x00090315
+	SEC_I_GENERIC_EXTENSION_RECEIVED                                          Handle        = 0x00090316
+	SEC_E_BAD_PKGID                                                           Handle        = 0x80090316
+	SEC_E_CONTEXT_EXPIRED                                                     Handle        = 0x80090317
+	SEC_I_CONTEXT_EXPIRED                                                     Handle        = 0x00090317
+	SEC_E_INCOMPLETE_MESSAGE                                                  Handle        = 0x80090318
+	SEC_E_INCOMPLETE_CREDENTIALS                                              Handle        = 0x80090320
+	SEC_E_BUFFER_TOO_SMALL                                                    Handle        = 0x80090321
+	SEC_I_INCOMPLETE_CREDENTIALS                                              Handle        = 0x00090320
+	SEC_I_RENEGOTIATE                                                         Handle        = 0x00090321
+	SEC_E_WRONG_PRINCIPAL                                                     Handle        = 0x80090322
+	SEC_I_NO_LSA_CONTEXT                                                      Handle        = 0x00090323
+	SEC_E_TIME_SKEW                                                           Handle        = 0x80090324
+	SEC_E_UNTRUSTED_ROOT                                                      Handle        = 0x80090325
+	SEC_E_ILLEGAL_MESSAGE                                                     Handle        = 0x80090326
+	SEC_E_CERT_UNKNOWN                                                        Handle        = 0x80090327
+	SEC_E_CERT_EXPIRED                                                        Handle        = 0x80090328
+	SEC_E_ENCRYPT_FAILURE                                                     Handle        = 0x80090329
+	SEC_E_DECRYPT_FAILURE                                                     Handle        = 0x80090330
+	SEC_E_ALGORITHM_MISMATCH                                                  Handle        = 0x80090331
+	SEC_E_SECURITY_QOS_FAILED                                                 Handle        = 0x80090332
+	SEC_E_UNFINISHED_CONTEXT_DELETED                                          Handle        = 0x80090333
+	SEC_E_NO_TGT_REPLY                                                        Handle        = 0x80090334
+	SEC_E_NO_IP_ADDRESSES                                                     Handle        = 0x80090335
+	SEC_E_WRONG_CREDENTIAL_HANDLE                                             Handle        = 0x80090336
+	SEC_E_CRYPTO_SYSTEM_INVALID                                               Handle        = 0x80090337
+	SEC_E_MAX_REFERRALS_EXCEEDED                                              Handle        = 0x80090338
+	SEC_E_MUST_BE_KDC                                                         Handle        = 0x80090339
+	SEC_E_STRONG_CRYPTO_NOT_SUPPORTED                                         Handle        = 0x8009033A
+	SEC_E_TOO_MANY_PRINCIPALS                                                 Handle        = 0x8009033B
+	SEC_E_NO_PA_DATA                                                          Handle        = 0x8009033C
+	SEC_E_PKINIT_NAME_MISMATCH                                                Handle        = 0x8009033D
+	SEC_E_SMARTCARD_LOGON_REQUIRED                                            Handle        = 0x8009033E
+	SEC_E_SHUTDOWN_IN_PROGRESS                                                Handle        = 0x8009033F
+	SEC_E_KDC_INVALID_REQUEST                                                 Handle        = 0x80090340
+	SEC_E_KDC_UNABLE_TO_REFER                                                 Handle        = 0x80090341
+	SEC_E_KDC_UNKNOWN_ETYPE                                                   Handle        = 0x80090342
+	SEC_E_UNSUPPORTED_PREAUTH                                                 Handle        = 0x80090343
+	SEC_E_DELEGATION_REQUIRED                                                 Handle        = 0x80090345
+	SEC_E_BAD_BINDINGS                                                        Handle        = 0x80090346
+	SEC_E_MULTIPLE_ACCOUNTS                                                   Handle        = 0x80090347
+	SEC_E_NO_KERB_KEY                                                         Handle        = 0x80090348
+	SEC_E_CERT_WRONG_USAGE                                                    Handle        = 0x80090349
+	SEC_E_DOWNGRADE_DETECTED                                                  Handle        = 0x80090350
+	SEC_E_SMARTCARD_CERT_REVOKED                                              Handle        = 0x80090351
+	SEC_E_ISSUING_CA_UNTRUSTED                                                Handle        = 0x80090352
+	SEC_E_REVOCATION_OFFLINE_C                                                Handle        = 0x80090353
+	SEC_E_PKINIT_CLIENT_FAILURE                                               Handle        = 0x80090354
+	SEC_E_SMARTCARD_CERT_EXPIRED                                              Handle        = 0x80090355
+	SEC_E_NO_S4U_PROT_SUPPORT                                                 Handle        = 0x80090356
+	SEC_E_CROSSREALM_DELEGATION_FAILURE                                       Handle        = 0x80090357
+	SEC_E_REVOCATION_OFFLINE_KDC                                              Handle        = 0x80090358
+	SEC_E_ISSUING_CA_UNTRUSTED_KDC                                            Handle        = 0x80090359
+	SEC_E_KDC_CERT_EXPIRED                                                    Handle        = 0x8009035A
+	SEC_E_KDC_CERT_REVOKED                                                    Handle        = 0x8009035B
+	SEC_I_SIGNATURE_NEEDED                                                    Handle        = 0x0009035C
+	SEC_E_INVALID_PARAMETER                                                   Handle        = 0x8009035D
+	SEC_E_DELEGATION_POLICY                                                   Handle        = 0x8009035E
+	SEC_E_POLICY_NLTM_ONLY                                                    Handle        = 0x8009035F
+	SEC_I_NO_RENEGOTIATION                                                    Handle        = 0x00090360
+	SEC_E_NO_CONTEXT                                                          Handle        = 0x80090361
+	SEC_E_PKU2U_CERT_FAILURE                                                  Handle        = 0x80090362
+	SEC_E_MUTUAL_AUTH_FAILED                                                  Handle        = 0x80090363
+	SEC_I_MESSAGE_FRAGMENT                                                    Handle        = 0x00090364
+	SEC_E_ONLY_HTTPS_ALLOWED                                                  Handle        = 0x80090365
+	SEC_I_CONTINUE_NEEDED_MESSAGE_OK                                          Handle        = 0x00090366
+	SEC_E_APPLICATION_PROTOCOL_MISMATCH                                       Handle        = 0x80090367
+	SEC_I_ASYNC_CALL_PENDING                                                  Handle        = 0x00090368
+	SEC_E_INVALID_UPN_NAME                                                    Handle        = 0x80090369
+	SEC_E_EXT_BUFFER_TOO_SMALL                                                Handle        = 0x8009036A
+	SEC_E_INSUFFICIENT_BUFFERS                                                Handle        = 0x8009036B
+	SEC_E_NO_SPM                                                                            = SEC_E_INTERNAL_ERROR
+	SEC_E_NOT_SUPPORTED                                                                     = SEC_E_UNSUPPORTED_FUNCTION
+	CRYPT_E_MSG_ERROR                                                         Handle        = 0x80091001
+	CRYPT_E_UNKNOWN_ALGO                                                      Handle        = 0x80091002
+	CRYPT_E_OID_FORMAT                                                        Handle        = 0x80091003
+	CRYPT_E_INVALID_MSG_TYPE                                                  Handle        = 0x80091004
+	CRYPT_E_UNEXPECTED_ENCODING                                               Handle        = 0x80091005
+	CRYPT_E_AUTH_ATTR_MISSING                                                 Handle        = 0x80091006
+	CRYPT_E_HASH_VALUE                                                        Handle        = 0x80091007
+	CRYPT_E_INVALID_INDEX                                                     Handle        = 0x80091008
+	CRYPT_E_ALREADY_DECRYPTED                                                 Handle        = 0x80091009
+	CRYPT_E_NOT_DECRYPTED                                                     Handle        = 0x8009100A
+	CRYPT_E_RECIPIENT_NOT_FOUND                                               Handle        = 0x8009100B
+	CRYPT_E_CONTROL_TYPE                                                      Handle        = 0x8009100C
+	CRYPT_E_ISSUER_SERIALNUMBER                                               Handle        = 0x8009100D
+	CRYPT_E_SIGNER_NOT_FOUND                                                  Handle        = 0x8009100E
+	CRYPT_E_ATTRIBUTES_MISSING                                                Handle        = 0x8009100F
+	CRYPT_E_STREAM_MSG_NOT_READY                                              Handle        = 0x80091010
+	CRYPT_E_STREAM_INSUFFICIENT_DATA                                          Handle        = 0x80091011
+	CRYPT_I_NEW_PROTECTION_REQUIRED                                           Handle        = 0x00091012
+	CRYPT_E_BAD_LEN                                                           Handle        = 0x80092001
+	CRYPT_E_BAD_ENCODE                                                        Handle        = 0x80092002
+	CRYPT_E_FILE_ERROR                                                        Handle        = 0x80092003
+	CRYPT_E_NOT_FOUND                                                         Handle        = 0x80092004
+	CRYPT_E_EXISTS                                                            Handle        = 0x80092005
+	CRYPT_E_NO_PROVIDER                                                       Handle        = 0x80092006
+	CRYPT_E_SELF_SIGNED                                                       Handle        = 0x80092007
+	CRYPT_E_DELETED_PREV                                                      Handle        = 0x80092008
+	CRYPT_E_NO_MATCH                                                          Handle        = 0x80092009
+	CRYPT_E_UNEXPECTED_MSG_TYPE                                               Handle        = 0x8009200A
+	CRYPT_E_NO_KEY_PROPERTY                                                   Handle        = 0x8009200B
+	CRYPT_E_NO_DECRYPT_CERT                                                   Handle        = 0x8009200C
+	CRYPT_E_BAD_MSG                                                           Handle        = 0x8009200D
+	CRYPT_E_NO_SIGNER                                                         Handle        = 0x8009200E
+	CRYPT_E_PENDING_CLOSE                                                     Handle        = 0x8009200F
+	CRYPT_E_REVOKED                                                           Handle        = 0x80092010
+	CRYPT_E_NO_REVOCATION_DLL                                                 Handle        = 0x80092011
+	CRYPT_E_NO_REVOCATION_CHECK                                               Handle        = 0x80092012
+	CRYPT_E_REVOCATION_OFFLINE                                                Handle        = 0x80092013
+	CRYPT_E_NOT_IN_REVOCATION_DATABASE                                        Handle        = 0x80092014
+	CRYPT_E_INVALID_NUMERIC_STRING                                            Handle        = 0x80092020
+	CRYPT_E_INVALID_PRINTABLE_STRING                                          Handle        = 0x80092021
+	CRYPT_E_INVALID_IA5_STRING                                                Handle        = 0x80092022
+	CRYPT_E_INVALID_X500_STRING                                               Handle        = 0x80092023
+	CRYPT_E_NOT_CHAR_STRING                                                   Handle        = 0x80092024
+	CRYPT_E_FILERESIZED                                                       Handle        = 0x80092025
+	CRYPT_E_SECURITY_SETTINGS                                                 Handle        = 0x80092026
+	CRYPT_E_NO_VERIFY_USAGE_DLL                                               Handle        = 0x80092027
+	CRYPT_E_NO_VERIFY_USAGE_CHECK                                             Handle        = 0x80092028
+	CRYPT_E_VERIFY_USAGE_OFFLINE                                              Handle        = 0x80092029
+	CRYPT_E_NOT_IN_CTL                                                        Handle        = 0x8009202A
+	CRYPT_E_NO_TRUSTED_SIGNER                                                 Handle        = 0x8009202B
+	CRYPT_E_MISSING_PUBKEY_PARA                                               Handle        = 0x8009202C
+	CRYPT_E_OBJECT_LOCATOR_OBJECT_NOT_FOUND                                   Handle        = 0x8009202D
+	CRYPT_E_OSS_ERROR                                                         Handle        = 0x80093000
+	OSS_MORE_BUF                                                              Handle        = 0x80093001
+	OSS_NEGATIVE_UINTEGER                                                     Handle        = 0x80093002
+	OSS_PDU_RANGE                                                             Handle        = 0x80093003
+	OSS_MORE_INPUT                                                            Handle        = 0x80093004
+	OSS_DATA_ERROR                                                            Handle        = 0x80093005
+	OSS_BAD_ARG                                                               Handle        = 0x80093006
+	OSS_BAD_VERSION                                                           Handle        = 0x80093007
+	OSS_OUT_MEMORY                                                            Handle        = 0x80093008
+	OSS_PDU_MISMATCH                                                          Handle        = 0x80093009
+	OSS_LIMITED                                                               Handle        = 0x8009300A
+	OSS_BAD_PTR                                                               Handle        = 0x8009300B
+	OSS_BAD_TIME                                                              Handle        = 0x8009300C
+	OSS_INDEFINITE_NOT_SUPPORTED                                              Handle        = 0x8009300D
+	OSS_MEM_ERROR                                                             Handle        = 0x8009300E
+	OSS_BAD_TABLE                                                             Handle        = 0x8009300F
+	OSS_TOO_LONG                                                              Handle        = 0x80093010
+	OSS_CONSTRAINT_VIOLATED                                                   Handle        = 0x80093011
+	OSS_FATAL_ERROR                                                           Handle        = 0x80093012
+	OSS_ACCESS_SERIALIZATION_ERROR                                            Handle        = 0x80093013
+	OSS_NULL_TBL                                                              Handle        = 0x80093014
+	OSS_NULL_FCN                                                              Handle        = 0x80093015
+	OSS_BAD_ENCRULES                                                          Handle        = 0x80093016
+	OSS_UNAVAIL_ENCRULES                                                      Handle        = 0x80093017
+	OSS_CANT_OPEN_TRACE_WINDOW                                                Handle        = 0x80093018
+	OSS_UNIMPLEMENTED                                                         Handle        = 0x80093019
+	OSS_OID_DLL_NOT_LINKED                                                    Handle        = 0x8009301A
+	OSS_CANT_OPEN_TRACE_FILE                                                  Handle        = 0x8009301B
+	OSS_TRACE_FILE_ALREADY_OPEN                                               Handle        = 0x8009301C
+	OSS_TABLE_MISMATCH                                                        Handle        = 0x8009301D
+	OSS_TYPE_NOT_SUPPORTED                                                    Handle        = 0x8009301E
+	OSS_REAL_DLL_NOT_LINKED                                                   Handle        = 0x8009301F
+	OSS_REAL_CODE_NOT_LINKED                                                  Handle        = 0x80093020
+	OSS_OUT_OF_RANGE                                                          Handle        = 0x80093021
+	OSS_COPIER_DLL_NOT_LINKED                                                 Handle        = 0x80093022
+	OSS_CONSTRAINT_DLL_NOT_LINKED                                             Handle        = 0x80093023
+	OSS_COMPARATOR_DLL_NOT_LINKED                                             Handle        = 0x80093024
+	OSS_COMPARATOR_CODE_NOT_LINKED                                            Handle        = 0x80093025
+	OSS_MEM_MGR_DLL_NOT_LINKED                                                Handle        = 0x80093026
+	OSS_PDV_DLL_NOT_LINKED                                                    Handle        = 0x80093027
+	OSS_PDV_CODE_NOT_LINKED                                                   Handle        = 0x80093028
+	OSS_API_DLL_NOT_LINKED                                                    Handle        = 0x80093029
+	OSS_BERDER_DLL_NOT_LINKED                                                 Handle        = 0x8009302A
+	OSS_PER_DLL_NOT_LINKED                                                    Handle        = 0x8009302B
+	OSS_OPEN_TYPE_ERROR                                                       Handle        = 0x8009302C
+	OSS_MUTEX_NOT_CREATED                                                     Handle        = 0x8009302D
+	OSS_CANT_CLOSE_TRACE_FILE                                                 Handle        = 0x8009302E
+	CRYPT_E_ASN1_ERROR                                                        Handle        = 0x80093100
+	CRYPT_E_ASN1_INTERNAL                                                     Handle        = 0x80093101
+	CRYPT_E_ASN1_EOD                                                          Handle        = 0x80093102
+	CRYPT_E_ASN1_CORRUPT                                                      Handle        = 0x80093103
+	CRYPT_E_ASN1_LARGE                                                        Handle        = 0x80093104
+	CRYPT_E_ASN1_CONSTRAINT                                                   Handle        = 0x80093105
+	CRYPT_E_ASN1_MEMORY                                                       Handle        = 0x80093106
+	CRYPT_E_ASN1_OVERFLOW                                                     Handle        = 0x80093107
+	CRYPT_E_ASN1_BADPDU                                                       Handle        = 0x80093108
+	CRYPT_E_ASN1_BADARGS                                                      Handle        = 0x80093109
+	CRYPT_E_ASN1_BADREAL                                                      Handle        = 0x8009310A
+	CRYPT_E_ASN1_BADTAG                                                       Handle        = 0x8009310B
+	CRYPT_E_ASN1_CHOICE                                                       Handle        = 0x8009310C
+	CRYPT_E_ASN1_RULE                                                         Handle        = 0x8009310D
+	CRYPT_E_ASN1_UTF8                                                         Handle        = 0x8009310E
+	CRYPT_E_ASN1_PDU_TYPE                                                     Handle        = 0x80093133
+	CRYPT_E_ASN1_NYI                                                          Handle        = 0x80093134
+	CRYPT_E_ASN1_EXTENDED                                                     Handle        = 0x80093201
+	CRYPT_E_ASN1_NOEOD                                                        Handle        = 0x80093202
+	CERTSRV_E_BAD_REQUESTSUBJECT                                              Handle        = 0x80094001
+	CERTSRV_E_NO_REQUEST                                                      Handle        = 0x80094002
+	CERTSRV_E_BAD_REQUESTSTATUS                                               Handle        = 0x80094003
+	CERTSRV_E_PROPERTY_EMPTY                                                  Handle        = 0x80094004
+	CERTSRV_E_INVALID_CA_CERTIFICATE                                          Handle        = 0x80094005
+	CERTSRV_E_SERVER_SUSPENDED                                                Handle        = 0x80094006
+	CERTSRV_E_ENCODING_LENGTH                                                 Handle        = 0x80094007
+	CERTSRV_E_ROLECONFLICT                                                    Handle        = 0x80094008
+	CERTSRV_E_RESTRICTEDOFFICER                                               Handle        = 0x80094009
+	CERTSRV_E_KEY_ARCHIVAL_NOT_CONFIGURED                                     Handle        = 0x8009400A
+	CERTSRV_E_NO_VALID_KRA                                                    Handle        = 0x8009400B
+	CERTSRV_E_BAD_REQUEST_KEY_ARCHIVAL                                        Handle        = 0x8009400C
+	CERTSRV_E_NO_CAADMIN_DEFINED                                              Handle        = 0x8009400D
+	CERTSRV_E_BAD_RENEWAL_CERT_ATTRIBUTE                                      Handle        = 0x8009400E
+	CERTSRV_E_NO_DB_SESSIONS                                                  Handle        = 0x8009400F
+	CERTSRV_E_ALIGNMENT_FAULT                                                 Handle        = 0x80094010
+	CERTSRV_E_ENROLL_DENIED                                                   Handle        = 0x80094011
+	CERTSRV_E_TEMPLATE_DENIED                                                 Handle        = 0x80094012
+	CERTSRV_E_DOWNLEVEL_DC_SSL_OR_UPGRADE                                     Handle        = 0x80094013
+	CERTSRV_E_ADMIN_DENIED_REQUEST                                            Handle        = 0x80094014
+	CERTSRV_E_NO_POLICY_SERVER                                                Handle        = 0x80094015
+	CERTSRV_E_WEAK_SIGNATURE_OR_KEY                                           Handle        = 0x80094016
+	CERTSRV_E_KEY_ATTESTATION_NOT_SUPPORTED                                   Handle        = 0x80094017
+	CERTSRV_E_ENCRYPTION_CERT_REQUIRED                                        Handle        = 0x80094018
+	CERTSRV_E_UNSUPPORTED_CERT_TYPE                                           Handle        = 0x80094800
+	CERTSRV_E_NO_CERT_TYPE                                                    Handle        = 0x80094801
+	CERTSRV_E_TEMPLATE_CONFLICT                                               Handle        = 0x80094802
+	CERTSRV_E_SUBJECT_ALT_NAME_REQUIRED                                       Handle        = 0x80094803
+	CERTSRV_E_ARCHIVED_KEY_REQUIRED                                           Handle        = 0x80094804
+	CERTSRV_E_SMIME_REQUIRED                                                  Handle        = 0x80094805
+	CERTSRV_E_BAD_RENEWAL_SUBJECT                                             Handle        = 0x80094806
+	CERTSRV_E_BAD_TEMPLATE_VERSION                                            Handle        = 0x80094807
+	CERTSRV_E_TEMPLATE_POLICY_REQUIRED                                        Handle        = 0x80094808
+	CERTSRV_E_SIGNATURE_POLICY_REQUIRED                                       Handle        = 0x80094809
+	CERTSRV_E_SIGNATURE_COUNT                                                 Handle        = 0x8009480A
+	CERTSRV_E_SIGNATURE_REJECTED                                              Handle        = 0x8009480B
+	CERTSRV_E_ISSUANCE_POLICY_REQUIRED                                        Handle        = 0x8009480C
+	CERTSRV_E_SUBJECT_UPN_REQUIRED                                            Handle        = 0x8009480D
+	CERTSRV_E_SUBJECT_DIRECTORY_GUID_REQUIRED                                 Handle        = 0x8009480E
+	CERTSRV_E_SUBJECT_DNS_REQUIRED                                            Handle        = 0x8009480F
+	CERTSRV_E_ARCHIVED_KEY_UNEXPECTED                                         Handle        = 0x80094810
+	CERTSRV_E_KEY_LENGTH                                                      Handle        = 0x80094811
+	CERTSRV_E_SUBJECT_EMAIL_REQUIRED                                          Handle        = 0x80094812
+	CERTSRV_E_UNKNOWN_CERT_TYPE                                               Handle        = 0x80094813
+	CERTSRV_E_CERT_TYPE_OVERLAP                                               Handle        = 0x80094814
+	CERTSRV_E_TOO_MANY_SIGNATURES                                             Handle        = 0x80094815
+	CERTSRV_E_RENEWAL_BAD_PUBLIC_KEY                                          Handle        = 0x80094816
+	CERTSRV_E_INVALID_EK                                                      Handle        = 0x80094817
+	CERTSRV_E_INVALID_IDBINDING                                               Handle        = 0x80094818
+	CERTSRV_E_INVALID_ATTESTATION                                             Handle        = 0x80094819
+	CERTSRV_E_KEY_ATTESTATION                                                 Handle        = 0x8009481A
+	CERTSRV_E_CORRUPT_KEY_ATTESTATION                                         Handle        = 0x8009481B
+	CERTSRV_E_EXPIRED_CHALLENGE                                               Handle        = 0x8009481C
+	CERTSRV_E_INVALID_RESPONSE                                                Handle        = 0x8009481D
+	CERTSRV_E_INVALID_REQUESTID                                               Handle        = 0x8009481E
+	CERTSRV_E_REQUEST_PRECERTIFICATE_MISMATCH                                 Handle        = 0x8009481F
+	CERTSRV_E_PENDING_CLIENT_RESPONSE                                         Handle        = 0x80094820
+	XENROLL_E_KEY_NOT_EXPORTABLE                                              Handle        = 0x80095000
+	XENROLL_E_CANNOT_ADD_ROOT_CERT                                            Handle        = 0x80095001
+	XENROLL_E_RESPONSE_KA_HASH_NOT_FOUND                                      Handle        = 0x80095002
+	XENROLL_E_RESPONSE_UNEXPECTED_KA_HASH                                     Handle        = 0x80095003
+	XENROLL_E_RESPONSE_KA_HASH_MISMATCH                                       Handle        = 0x80095004
+	XENROLL_E_KEYSPEC_SMIME_MISMATCH                                          Handle        = 0x80095005
+	TRUST_E_SYSTEM_ERROR                                                      Handle        = 0x80096001
+	TRUST_E_NO_SIGNER_CERT                                                    Handle        = 0x80096002
+	TRUST_E_COUNTER_SIGNER                                                    Handle        = 0x80096003
+	TRUST_E_CERT_SIGNATURE                                                    Handle        = 0x80096004
+	TRUST_E_TIME_STAMP                                                        Handle        = 0x80096005
+	TRUST_E_BAD_DIGEST                                                        Handle        = 0x80096010
+	TRUST_E_MALFORMED_SIGNATURE                                               Handle        = 0x80096011
+	TRUST_E_BASIC_CONSTRAINTS                                                 Handle        = 0x80096019
+	TRUST_E_FINANCIAL_CRITERIA                                                Handle        = 0x8009601E
+	MSSIPOTF_E_OUTOFMEMRANGE                                                  Handle        = 0x80097001
+	MSSIPOTF_E_CANTGETOBJECT                                                  Handle        = 0x80097002
+	MSSIPOTF_E_NOHEADTABLE                                                    Handle        = 0x80097003
+	MSSIPOTF_E_BAD_MAGICNUMBER                                                Handle        = 0x80097004
+	MSSIPOTF_E_BAD_OFFSET_TABLE                                               Handle        = 0x80097005
+	MSSIPOTF_E_TABLE_TAGORDER                                                 Handle        = 0x80097006
+	MSSIPOTF_E_TABLE_LONGWORD                                                 Handle        = 0x80097007
+	MSSIPOTF_E_BAD_FIRST_TABLE_PLACEMENT                                      Handle        = 0x80097008
+	MSSIPOTF_E_TABLES_OVERLAP                                                 Handle        = 0x80097009
+	MSSIPOTF_E_TABLE_PADBYTES                                                 Handle        = 0x8009700A
+	MSSIPOTF_E_FILETOOSMALL                                                   Handle        = 0x8009700B
+	MSSIPOTF_E_TABLE_CHECKSUM                                                 Handle        = 0x8009700C
+	MSSIPOTF_E_FILE_CHECKSUM                                                  Handle        = 0x8009700D
+	MSSIPOTF_E_FAILED_POLICY                                                  Handle        = 0x80097010
+	MSSIPOTF_E_FAILED_HINTS_CHECK                                             Handle        = 0x80097011
+	MSSIPOTF_E_NOT_OPENTYPE                                                   Handle        = 0x80097012
+	MSSIPOTF_E_FILE                                                           Handle        = 0x80097013
+	MSSIPOTF_E_CRYPT                                                          Handle        = 0x80097014
+	MSSIPOTF_E_BADVERSION                                                     Handle        = 0x80097015
+	MSSIPOTF_E_DSIG_STRUCTURE                                                 Handle        = 0x80097016
+	MSSIPOTF_E_PCONST_CHECK                                                   Handle        = 0x80097017
+	MSSIPOTF_E_STRUCTURE                                                      Handle        = 0x80097018
+	ERROR_CRED_REQUIRES_CONFIRMATION                                          Handle        = 0x80097019
+	NTE_OP_OK                                                                 syscall.Errno = 0
+	TRUST_E_PROVIDER_UNKNOWN                                                  Handle        = 0x800B0001
+	TRUST_E_ACTION_UNKNOWN                                                    Handle        = 0x800B0002
+	TRUST_E_SUBJECT_FORM_UNKNOWN                                              Handle        = 0x800B0003
+	TRUST_E_SUBJECT_NOT_TRUSTED                                               Handle        = 0x800B0004
+	DIGSIG_E_ENCODE                                                           Handle        = 0x800B0005
+	DIGSIG_E_DECODE                                                           Handle        = 0x800B0006
+	DIGSIG_E_EXTENSIBILITY                                                    Handle        = 0x800B0007
+	DIGSIG_E_CRYPTO                                                           Handle        = 0x800B0008
+	PERSIST_E_SIZEDEFINITE                                                    Handle        = 0x800B0009
+	PERSIST_E_SIZEINDEFINITE                                                  Handle        = 0x800B000A
+	PERSIST_E_NOTSELFSIZING                                                   Handle        = 0x800B000B
+	TRUST_E_NOSIGNATURE                                                       Handle        = 0x800B0100
+	CERT_E_EXPIRED                                                            Handle        = 0x800B0101
+	CERT_E_VALIDITYPERIODNESTING                                              Handle        = 0x800B0102
+	CERT_E_ROLE                                                               Handle        = 0x800B0103
+	CERT_E_PATHLENCONST                                                       Handle        = 0x800B0104
+	CERT_E_CRITICAL                                                           Handle        = 0x800B0105
+	CERT_E_PURPOSE                                                            Handle        = 0x800B0106
+	CERT_E_ISSUERCHAINING                                                     Handle        = 0x800B0107
+	CERT_E_MALFORMED                                                          Handle        = 0x800B0108
+	CERT_E_UNTRUSTEDROOT                                                      Handle        = 0x800B0109
+	CERT_E_CHAINING                                                           Handle        = 0x800B010A
+	TRUST_E_FAIL                                                              Handle        = 0x800B010B
+	CERT_E_REVOKED                                                            Handle        = 0x800B010C
+	CERT_E_UNTRUSTEDTESTROOT                                                  Handle        = 0x800B010D
+	CERT_E_REVOCATION_FAILURE                                                 Handle        = 0x800B010E
+	CERT_E_CN_NO_MATCH                                                        Handle        = 0x800B010F
+	CERT_E_WRONG_USAGE                                                        Handle        = 0x800B0110
+	TRUST_E_EXPLICIT_DISTRUST                                                 Handle        = 0x800B0111
+	CERT_E_UNTRUSTEDCA                                                        Handle        = 0x800B0112
+	CERT_E_INVALID_POLICY                                                     Handle        = 0x800B0113
+	CERT_E_INVALID_NAME                                                       Handle        = 0x800B0114
+	SPAPI_E_EXPECTED_SECTION_NAME                                             Handle        = 0x800F0000
+	SPAPI_E_BAD_SECTION_NAME_LINE                                             Handle        = 0x800F0001
+	SPAPI_E_SECTION_NAME_TOO_LONG                                             Handle        = 0x800F0002
+	SPAPI_E_GENERAL_SYNTAX                                                    Handle        = 0x800F0003
+	SPAPI_E_WRONG_INF_STYLE                                                   Handle        = 0x800F0100
+	SPAPI_E_SECTION_NOT_FOUND                                                 Handle        = 0x800F0101
+	SPAPI_E_LINE_NOT_FOUND                                                    Handle        = 0x800F0102
+	SPAPI_E_NO_BACKUP                                                         Handle        = 0x800F0103
+	SPAPI_E_NO_ASSOCIATED_CLASS                                               Handle        = 0x800F0200
+	SPAPI_E_CLASS_MISMATCH                                                    Handle        = 0x800F0201
+	SPAPI_E_DUPLICATE_FOUND                                                   Handle        = 0x800F0202
+	SPAPI_E_NO_DRIVER_SELECTED                                                Handle        = 0x800F0203
+	SPAPI_E_KEY_DOES_NOT_EXIST                                                Handle        = 0x800F0204
+	SPAPI_E_INVALID_DEVINST_NAME                                              Handle        = 0x800F0205
+	SPAPI_E_INVALID_CLASS                                                     Handle        = 0x800F0206
+	SPAPI_E_DEVINST_ALREADY_EXISTS                                            Handle        = 0x800F0207
+	SPAPI_E_DEVINFO_NOT_REGISTERED                                            Handle        = 0x800F0208
+	SPAPI_E_INVALID_REG_PROPERTY                                              Handle        = 0x800F0209
+	SPAPI_E_NO_INF                                                            Handle        = 0x800F020A
+	SPAPI_E_NO_SUCH_DEVINST                                                   Handle        = 0x800F020B
+	SPAPI_E_CANT_LOAD_CLASS_ICON                                              Handle        = 0x800F020C
+	SPAPI_E_INVALID_CLASS_INSTALLER                                           Handle        = 0x800F020D
+	SPAPI_E_DI_DO_DEFAULT                                                     Handle        = 0x800F020E
+	SPAPI_E_DI_NOFILECOPY                                                     Handle        = 0x800F020F
+	SPAPI_E_INVALID_HWPROFILE                                                 Handle        = 0x800F0210
+	SPAPI_E_NO_DEVICE_SELECTED                                                Handle        = 0x800F0211
+	SPAPI_E_DEVINFO_LIST_LOCKED                                               Handle        = 0x800F0212
+	SPAPI_E_DEVINFO_DATA_LOCKED                                               Handle        = 0x800F0213
+	SPAPI_E_DI_BAD_PATH                                                       Handle        = 0x800F0214
+	SPAPI_E_NO_CLASSINSTALL_PARAMS                                            Handle        = 0x800F0215
+	SPAPI_E_FILEQUEUE_LOCKED                                                  Handle        = 0x800F0216
+	SPAPI_E_BAD_SERVICE_INSTALLSECT                                           Handle        = 0x800F0217
+	SPAPI_E_NO_CLASS_DRIVER_LIST                                              Handle        = 0x800F0218
+	SPAPI_E_NO_ASSOCIATED_SERVICE                                             Handle        = 0x800F0219
+	SPAPI_E_NO_DEFAULT_DEVICE_INTERFACE                                       Handle        = 0x800F021A
+	SPAPI_E_DEVICE_INTERFACE_ACTIVE                                           Handle        = 0x800F021B
+	SPAPI_E_DEVICE_INTERFACE_REMOVED                                          Handle        = 0x800F021C
+	SPAPI_E_BAD_INTERFACE_INSTALLSECT                                         Handle        = 0x800F021D
+	SPAPI_E_NO_SUCH_INTERFACE_CLASS                                           Handle        = 0x800F021E
+	SPAPI_E_INVALID_REFERENCE_STRING                                          Handle        = 0x800F021F
+	SPAPI_E_INVALID_MACHINENAME                                               Handle        = 0x800F0220
+	SPAPI_E_REMOTE_COMM_FAILURE                                               Handle        = 0x800F0221
+	SPAPI_E_MACHINE_UNAVAILABLE                                               Handle        = 0x800F0222
+	SPAPI_E_NO_CONFIGMGR_SERVICES                                             Handle        = 0x800F0223
+	SPAPI_E_INVALID_PROPPAGE_PROVIDER                                         Handle        = 0x800F0224
+	SPAPI_E_NO_SUCH_DEVICE_INTERFACE                                          Handle        = 0x800F0225
+	SPAPI_E_DI_POSTPROCESSING_REQUIRED                                        Handle        = 0x800F0226
+	SPAPI_E_INVALID_COINSTALLER                                               Handle        = 0x800F0227
+	SPAPI_E_NO_COMPAT_DRIVERS                                                 Handle        = 0x800F0228
+	SPAPI_E_NO_DEVICE_ICON                                                    Handle        = 0x800F0229
+	SPAPI_E_INVALID_INF_LOGCONFIG                                             Handle        = 0x800F022A
+	SPAPI_E_DI_DONT_INSTALL                                                   Handle        = 0x800F022B
+	SPAPI_E_INVALID_FILTER_DRIVER                                             Handle        = 0x800F022C
+	SPAPI_E_NON_WINDOWS_NT_DRIVER                                             Handle        = 0x800F022D
+	SPAPI_E_NON_WINDOWS_DRIVER                                                Handle        = 0x800F022E
+	SPAPI_E_NO_CATALOG_FOR_OEM_INF                                            Handle        = 0x800F022F
+	SPAPI_E_DEVINSTALL_QUEUE_NONNATIVE                                        Handle        = 0x800F0230
+	SPAPI_E_NOT_DISABLEABLE                                                   Handle        = 0x800F0231
+	SPAPI_E_CANT_REMOVE_DEVINST                                               Handle        = 0x800F0232
+	SPAPI_E_INVALID_TARGET                                                    Handle        = 0x800F0233
+	SPAPI_E_DRIVER_NONNATIVE                                                  Handle        = 0x800F0234
+	SPAPI_E_IN_WOW64                                                          Handle        = 0x800F0235
+	SPAPI_E_SET_SYSTEM_RESTORE_POINT                                          Handle        = 0x800F0236
+	SPAPI_E_INCORRECTLY_COPIED_INF                                            Handle        = 0x800F0237
+	SPAPI_E_SCE_DISABLED                                                      Handle        = 0x800F0238
+	SPAPI_E_UNKNOWN_EXCEPTION                                                 Handle        = 0x800F0239
+	SPAPI_E_PNP_REGISTRY_ERROR                                                Handle        = 0x800F023A
+	SPAPI_E_REMOTE_REQUEST_UNSUPPORTED                                        Handle        = 0x800F023B
+	SPAPI_E_NOT_AN_INSTALLED_OEM_INF                                          Handle        = 0x800F023C
+	SPAPI_E_INF_IN_USE_BY_DEVICES                                             Handle        = 0x800F023D
+	SPAPI_E_DI_FUNCTION_OBSOLETE                                              Handle        = 0x800F023E
+	SPAPI_E_NO_AUTHENTICODE_CATALOG                                           Handle        = 0x800F023F
+	SPAPI_E_AUTHENTICODE_DISALLOWED                                           Handle        = 0x800F0240
+	SPAPI_E_AUTHENTICODE_TRUSTED_PUBLISHER                                    Handle        = 0x800F0241
+	SPAPI_E_AUTHENTICODE_TRUST_NOT_ESTABLISHED                                Handle        = 0x800F0242
+	SPAPI_E_AUTHENTICODE_PUBLISHER_NOT_TRUSTED                                Handle        = 0x800F0243
+	SPAPI_E_SIGNATURE_OSATTRIBUTE_MISMATCH                                    Handle        = 0x800F0244
+	SPAPI_E_ONLY_VALIDATE_VIA_AUTHENTICODE                                    Handle        = 0x800F0245
+	SPAPI_E_DEVICE_INSTALLER_NOT_READY                                        Handle        = 0x800F0246
+	SPAPI_E_DRIVER_STORE_ADD_FAILED                                           Handle        = 0x800F0247
+	SPAPI_E_DEVICE_INSTALL_BLOCKED                                            Handle        = 0x800F0248
+	SPAPI_E_DRIVER_INSTALL_BLOCKED                                            Handle        = 0x800F0249
+	SPAPI_E_WRONG_INF_TYPE                                                    Handle        = 0x800F024A
+	SPAPI_E_FILE_HASH_NOT_IN_CATALOG                                          Handle        = 0x800F024B
+	SPAPI_E_DRIVER_STORE_DELETE_FAILED                                        Handle        = 0x800F024C
+	SPAPI_E_UNRECOVERABLE_STACK_OVERFLOW                                      Handle        = 0x800F0300
+	SPAPI_E_ERROR_NOT_INSTALLED                                               Handle        = 0x800F1000
+	SCARD_S_SUCCESS                                                                         = S_OK
+	SCARD_F_INTERNAL_ERROR                                                    Handle        = 0x80100001
+	SCARD_E_CANCELLED                                                         Handle        = 0x80100002
+	SCARD_E_INVALID_HANDLE                                                    Handle        = 0x80100003
+	SCARD_E_INVALID_PARAMETER                                                 Handle        = 0x80100004
+	SCARD_E_INVALID_TARGET                                                    Handle        = 0x80100005
+	SCARD_E_NO_MEMORY                                                         Handle        = 0x80100006
+	SCARD_F_WAITED_TOO_LONG                                                   Handle        = 0x80100007
+	SCARD_E_INSUFFICIENT_BUFFER                                               Handle        = 0x80100008
+	SCARD_E_UNKNOWN_READER                                                    Handle        = 0x80100009
+	SCARD_E_TIMEOUT                                                           Handle        = 0x8010000A
+	SCARD_E_SHARING_VIOLATION                                                 Handle        = 0x8010000B
+	SCARD_E_NO_SMARTCARD                                                      Handle        = 0x8010000C
+	SCARD_E_UNKNOWN_CARD                                                      Handle        = 0x8010000D
+	SCARD_E_CANT_DISPOSE                                                      Handle        = 0x8010000E
+	SCARD_E_PROTO_MISMATCH                                                    Handle        = 0x8010000F
+	SCARD_E_NOT_READY                                                         Handle        = 0x80100010
+	SCARD_E_INVALID_VALUE                                                     Handle        = 0x80100011
+	SCARD_E_SYSTEM_CANCELLED                                                  Handle        = 0x80100012
+	SCARD_F_COMM_ERROR                                                        Handle        = 0x80100013
+	SCARD_F_UNKNOWN_ERROR                                                     Handle        = 0x80100014
+	SCARD_E_INVALID_ATR                                                       Handle        = 0x80100015
+	SCARD_E_NOT_TRANSACTED                                                    Handle        = 0x80100016
+	SCARD_E_READER_UNAVAILABLE                                                Handle        = 0x80100017
+	SCARD_P_SHUTDOWN                                                          Handle        = 0x80100018
+	SCARD_E_PCI_TOO_SMALL                                                     Handle        = 0x80100019
+	SCARD_E_READER_UNSUPPORTED                                                Handle        = 0x8010001A
+	SCARD_E_DUPLICATE_READER                                                  Handle        = 0x8010001B
+	SCARD_E_CARD_UNSUPPORTED                                                  Handle        = 0x8010001C
+	SCARD_E_NO_SERVICE                                                        Handle        = 0x8010001D
+	SCARD_E_SERVICE_STOPPED                                                   Handle        = 0x8010001E
+	SCARD_E_UNEXPECTED                                                        Handle        = 0x8010001F
+	SCARD_E_ICC_INSTALLATION                                                  Handle        = 0x80100020
+	SCARD_E_ICC_CREATEORDER                                                   Handle        = 0x80100021
+	SCARD_E_UNSUPPORTED_FEATURE                                               Handle        = 0x80100022
+	SCARD_E_DIR_NOT_FOUND                                                     Handle        = 0x80100023
+	SCARD_E_FILE_NOT_FOUND                                                    Handle        = 0x80100024
+	SCARD_E_NO_DIR                                                            Handle        = 0x80100025
+	SCARD_E_NO_FILE                                                           Handle        = 0x80100026
+	SCARD_E_NO_ACCESS                                                         Handle        = 0x80100027
+	SCARD_E_WRITE_TOO_MANY                                                    Handle        = 0x80100028
+	SCARD_E_BAD_SEEK                                                          Handle        = 0x80100029
+	SCARD_E_INVALID_CHV                                                       Handle        = 0x8010002A
+	SCARD_E_UNKNOWN_RES_MNG                                                   Handle        = 0x8010002B
+	SCARD_E_NO_SUCH_CERTIFICATE                                               Handle        = 0x8010002C
+	SCARD_E_CERTIFICATE_UNAVAILABLE                                           Handle        = 0x8010002D
+	SCARD_E_NO_READERS_AVAILABLE                                              Handle        = 0x8010002E
+	SCARD_E_COMM_DATA_LOST                                                    Handle        = 0x8010002F
+	SCARD_E_NO_KEY_CONTAINER                                                  Handle        = 0x80100030
+	SCARD_E_SERVER_TOO_BUSY                                                   Handle        = 0x80100031
+	SCARD_E_PIN_CACHE_EXPIRED                                                 Handle        = 0x80100032
+	SCARD_E_NO_PIN_CACHE                                                      Handle        = 0x80100033
+	SCARD_E_READ_ONLY_CARD                                                    Handle        = 0x80100034
+	SCARD_W_UNSUPPORTED_CARD                                                  Handle        = 0x80100065
+	SCARD_W_UNRESPONSIVE_CARD                                                 Handle        = 0x80100066
+	SCARD_W_UNPOWERED_CARD                                                    Handle        = 0x80100067
+	SCARD_W_RESET_CARD                                                        Handle        = 0x80100068
+	SCARD_W_REMOVED_CARD                                                      Handle        = 0x80100069
+	SCARD_W_SECURITY_VIOLATION                                                Handle        = 0x8010006A
+	SCARD_W_WRONG_CHV                                                         Handle        = 0x8010006B
+	SCARD_W_CHV_BLOCKED                                                       Handle        = 0x8010006C
+	SCARD_W_EOF                                                               Handle        = 0x8010006D
+	SCARD_W_CANCELLED_BY_USER                                                 Handle        = 0x8010006E
+	SCARD_W_CARD_NOT_AUTHENTICATED                                            Handle        = 0x8010006F
+	SCARD_W_CACHE_ITEM_NOT_FOUND                                              Handle        = 0x80100070
+	SCARD_W_CACHE_ITEM_STALE                                                  Handle        = 0x80100071
+	SCARD_W_CACHE_ITEM_TOO_BIG                                                Handle        = 0x80100072
+	COMADMIN_E_OBJECTERRORS                                                   Handle        = 0x80110401
+	COMADMIN_E_OBJECTINVALID                                                  Handle        = 0x80110402
+	COMADMIN_E_KEYMISSING                                                     Handle        = 0x80110403
+	COMADMIN_E_ALREADYINSTALLED                                               Handle        = 0x80110404
+	COMADMIN_E_APP_FILE_WRITEFAIL                                             Handle        = 0x80110407
+	COMADMIN_E_APP_FILE_READFAIL                                              Handle        = 0x80110408
+	COMADMIN_E_APP_FILE_VERSION                                               Handle        = 0x80110409
+	COMADMIN_E_BADPATH                                                        Handle        = 0x8011040A
+	COMADMIN_E_APPLICATIONEXISTS                                              Handle        = 0x8011040B
+	COMADMIN_E_ROLEEXISTS                                                     Handle        = 0x8011040C
+	COMADMIN_E_CANTCOPYFILE                                                   Handle        = 0x8011040D
+	COMADMIN_E_NOUSER                                                         Handle        = 0x8011040F
+	COMADMIN_E_INVALIDUSERIDS                                                 Handle        = 0x80110410
+	COMADMIN_E_NOREGISTRYCLSID                                                Handle        = 0x80110411
+	COMADMIN_E_BADREGISTRYPROGID                                              Handle        = 0x80110412
+	COMADMIN_E_AUTHENTICATIONLEVEL                                            Handle        = 0x80110413
+	COMADMIN_E_USERPASSWDNOTVALID                                             Handle        = 0x80110414
+	COMADMIN_E_CLSIDORIIDMISMATCH                                             Handle        = 0x80110418
+	COMADMIN_E_REMOTEINTERFACE                                                Handle        = 0x80110419
+	COMADMIN_E_DLLREGISTERSERVER                                              Handle        = 0x8011041A
+	COMADMIN_E_NOSERVERSHARE                                                  Handle        = 0x8011041B
+	COMADMIN_E_DLLLOADFAILED                                                  Handle        = 0x8011041D
+	COMADMIN_E_BADREGISTRYLIBID                                               Handle        = 0x8011041E
+	COMADMIN_E_APPDIRNOTFOUND                                                 Handle        = 0x8011041F
+	COMADMIN_E_REGISTRARFAILED                                                Handle        = 0x80110423
+	COMADMIN_E_COMPFILE_DOESNOTEXIST                                          Handle        = 0x80110424
+	COMADMIN_E_COMPFILE_LOADDLLFAIL                                           Handle        = 0x80110425
+	COMADMIN_E_COMPFILE_GETCLASSOBJ                                           Handle        = 0x80110426
+	COMADMIN_E_COMPFILE_CLASSNOTAVAIL                                         Handle        = 0x80110427
+	COMADMIN_E_COMPFILE_BADTLB                                                Handle        = 0x80110428
+	COMADMIN_E_COMPFILE_NOTINSTALLABLE                                        Handle        = 0x80110429
+	COMADMIN_E_NOTCHANGEABLE                                                  Handle        = 0x8011042A
+	COMADMIN_E_NOTDELETEABLE                                                  Handle        = 0x8011042B
+	COMADMIN_E_SESSION                                                        Handle        = 0x8011042C
+	COMADMIN_E_COMP_MOVE_LOCKED                                               Handle        = 0x8011042D
+	COMADMIN_E_COMP_MOVE_BAD_DEST                                             Handle        = 0x8011042E
+	COMADMIN_E_REGISTERTLB                                                    Handle        = 0x80110430
+	COMADMIN_E_SYSTEMAPP                                                      Handle        = 0x80110433
+	COMADMIN_E_COMPFILE_NOREGISTRAR                                           Handle        = 0x80110434
+	COMADMIN_E_COREQCOMPINSTALLED                                             Handle        = 0x80110435
+	COMADMIN_E_SERVICENOTINSTALLED                                            Handle        = 0x80110436
+	COMADMIN_E_PROPERTYSAVEFAILED                                             Handle        = 0x80110437
+	COMADMIN_E_OBJECTEXISTS                                                   Handle        = 0x80110438
+	COMADMIN_E_COMPONENTEXISTS                                                Handle        = 0x80110439
+	COMADMIN_E_REGFILE_CORRUPT                                                Handle        = 0x8011043B
+	COMADMIN_E_PROPERTY_OVERFLOW                                              Handle        = 0x8011043C
+	COMADMIN_E_NOTINREGISTRY                                                  Handle        = 0x8011043E
+	COMADMIN_E_OBJECTNOTPOOLABLE                                              Handle        = 0x8011043F
+	COMADMIN_E_APPLID_MATCHES_CLSID                                           Handle        = 0x80110446
+	COMADMIN_E_ROLE_DOES_NOT_EXIST                                            Handle        = 0x80110447
+	COMADMIN_E_START_APP_NEEDS_COMPONENTS                                     Handle        = 0x80110448
+	COMADMIN_E_REQUIRES_DIFFERENT_PLATFORM                                    Handle        = 0x80110449
+	COMADMIN_E_CAN_NOT_EXPORT_APP_PROXY                                       Handle        = 0x8011044A
+	COMADMIN_E_CAN_NOT_START_APP                                              Handle        = 0x8011044B
+	COMADMIN_E_CAN_NOT_EXPORT_SYS_APP                                         Handle        = 0x8011044C
+	COMADMIN_E_CANT_SUBSCRIBE_TO_COMPONENT                                    Handle        = 0x8011044D
+	COMADMIN_E_EVENTCLASS_CANT_BE_SUBSCRIBER                                  Handle        = 0x8011044E
+	COMADMIN_E_LIB_APP_PROXY_INCOMPATIBLE                                     Handle        = 0x8011044F
+	COMADMIN_E_BASE_PARTITION_ONLY                                            Handle        = 0x80110450
+	COMADMIN_E_START_APP_DISABLED                                             Handle        = 0x80110451
+	COMADMIN_E_CAT_DUPLICATE_PARTITION_NAME                                   Handle        = 0x80110457
+	COMADMIN_E_CAT_INVALID_PARTITION_NAME                                     Handle        = 0x80110458
+	COMADMIN_E_CAT_PARTITION_IN_USE                                           Handle        = 0x80110459
+	COMADMIN_E_FILE_PARTITION_DUPLICATE_FILES                                 Handle        = 0x8011045A
+	COMADMIN_E_CAT_IMPORTED_COMPONENTS_NOT_ALLOWED                            Handle        = 0x8011045B
+	COMADMIN_E_AMBIGUOUS_APPLICATION_NAME                                     Handle        = 0x8011045C
+	COMADMIN_E_AMBIGUOUS_PARTITION_NAME                                       Handle        = 0x8011045D
+	COMADMIN_E_REGDB_NOTINITIALIZED                                           Handle        = 0x80110472
+	COMADMIN_E_REGDB_NOTOPEN                                                  Handle        = 0x80110473
+	COMADMIN_E_REGDB_SYSTEMERR                                                Handle        = 0x80110474
+	COMADMIN_E_REGDB_ALREADYRUNNING                                           Handle        = 0x80110475
+	COMADMIN_E_MIG_VERSIONNOTSUPPORTED                                        Handle        = 0x80110480
+	COMADMIN_E_MIG_SCHEMANOTFOUND                                             Handle        = 0x80110481
+	COMADMIN_E_CAT_BITNESSMISMATCH                                            Handle        = 0x80110482
+	COMADMIN_E_CAT_UNACCEPTABLEBITNESS                                        Handle        = 0x80110483
+	COMADMIN_E_CAT_WRONGAPPBITNESS                                            Handle        = 0x80110484
+	COMADMIN_E_CAT_PAUSE_RESUME_NOT_SUPPORTED                                 Handle        = 0x80110485
+	COMADMIN_E_CAT_SERVERFAULT                                                Handle        = 0x80110486
+	COMQC_E_APPLICATION_NOT_QUEUED                                            Handle        = 0x80110600
+	COMQC_E_NO_QUEUEABLE_INTERFACES                                           Handle        = 0x80110601
+	COMQC_E_QUEUING_SERVICE_NOT_AVAILABLE                                     Handle        = 0x80110602
+	COMQC_E_NO_IPERSISTSTREAM                                                 Handle        = 0x80110603
+	COMQC_E_BAD_MESSAGE                                                       Handle        = 0x80110604
+	COMQC_E_UNAUTHENTICATED                                                   Handle        = 0x80110605
+	COMQC_E_UNTRUSTED_ENQUEUER                                                Handle        = 0x80110606
+	MSDTC_E_DUPLICATE_RESOURCE                                                Handle        = 0x80110701
+	COMADMIN_E_OBJECT_PARENT_MISSING                                          Handle        = 0x80110808
+	COMADMIN_E_OBJECT_DOES_NOT_EXIST                                          Handle        = 0x80110809
+	COMADMIN_E_APP_NOT_RUNNING                                                Handle        = 0x8011080A
+	COMADMIN_E_INVALID_PARTITION                                              Handle        = 0x8011080B
+	COMADMIN_E_SVCAPP_NOT_POOLABLE_OR_RECYCLABLE                              Handle        = 0x8011080D
+	COMADMIN_E_USER_IN_SET                                                    Handle        = 0x8011080E
+	COMADMIN_E_CANTRECYCLELIBRARYAPPS                                         Handle        = 0x8011080F
+	COMADMIN_E_CANTRECYCLESERVICEAPPS                                         Handle        = 0x80110811
+	COMADMIN_E_PROCESSALREADYRECYCLED                                         Handle        = 0x80110812
+	COMADMIN_E_PAUSEDPROCESSMAYNOTBERECYCLED                                  Handle        = 0x80110813
+	COMADMIN_E_CANTMAKEINPROCSERVICE                                          Handle        = 0x80110814
+	COMADMIN_E_PROGIDINUSEBYCLSID                                             Handle        = 0x80110815
+	COMADMIN_E_DEFAULT_PARTITION_NOT_IN_SET                                   Handle        = 0x80110816
+	COMADMIN_E_RECYCLEDPROCESSMAYNOTBEPAUSED                                  Handle        = 0x80110817
+	COMADMIN_E_PARTITION_ACCESSDENIED                                         Handle        = 0x80110818
+	COMADMIN_E_PARTITION_MSI_ONLY                                             Handle        = 0x80110819
+	COMADMIN_E_LEGACYCOMPS_NOT_ALLOWED_IN_1_0_FORMAT                          Handle        = 0x8011081A
+	COMADMIN_E_LEGACYCOMPS_NOT_ALLOWED_IN_NONBASE_PARTITIONS                  Handle        = 0x8011081B
+	COMADMIN_E_COMP_MOVE_SOURCE                                               Handle        = 0x8011081C
+	COMADMIN_E_COMP_MOVE_DEST                                                 Handle        = 0x8011081D
+	COMADMIN_E_COMP_MOVE_PRIVATE                                              Handle        = 0x8011081E
+	COMADMIN_E_BASEPARTITION_REQUIRED_IN_SET                                  Handle        = 0x8011081F
+	COMADMIN_E_CANNOT_ALIAS_EVENTCLASS                                        Handle        = 0x80110820
+	COMADMIN_E_PRIVATE_ACCESSDENIED                                           Handle        = 0x80110821
+	COMADMIN_E_SAFERINVALID                                                   Handle        = 0x80110822
+	COMADMIN_E_REGISTRY_ACCESSDENIED                                          Handle        = 0x80110823
+	COMADMIN_E_PARTITIONS_DISABLED                                            Handle        = 0x80110824
+	WER_S_REPORT_DEBUG                                                        Handle        = 0x001B0000
+	WER_S_REPORT_UPLOADED                                                     Handle        = 0x001B0001
+	WER_S_REPORT_QUEUED                                                       Handle        = 0x001B0002
+	WER_S_DISABLED                                                            Handle        = 0x001B0003
+	WER_S_SUSPENDED_UPLOAD                                                    Handle        = 0x001B0004
+	WER_S_DISABLED_QUEUE                                                      Handle        = 0x001B0005
+	WER_S_DISABLED_ARCHIVE                                                    Handle        = 0x001B0006
+	WER_S_REPORT_ASYNC                                                        Handle        = 0x001B0007
+	WER_S_IGNORE_ASSERT_INSTANCE                                              Handle        = 0x001B0008
+	WER_S_IGNORE_ALL_ASSERTS                                                  Handle        = 0x001B0009
+	WER_S_ASSERT_CONTINUE                                                     Handle        = 0x001B000A
+	WER_S_THROTTLED                                                           Handle        = 0x001B000B
+	WER_S_REPORT_UPLOADED_CAB                                                 Handle        = 0x001B000C
+	WER_E_CRASH_FAILURE                                                       Handle        = 0x801B8000
+	WER_E_CANCELED                                                            Handle        = 0x801B8001
+	WER_E_NETWORK_FAILURE                                                     Handle        = 0x801B8002
+	WER_E_NOT_INITIALIZED                                                     Handle        = 0x801B8003
+	WER_E_ALREADY_REPORTING                                                   Handle        = 0x801B8004
+	WER_E_DUMP_THROTTLED                                                      Handle        = 0x801B8005
+	WER_E_INSUFFICIENT_CONSENT                                                Handle        = 0x801B8006
+	WER_E_TOO_HEAVY                                                           Handle        = 0x801B8007
+	ERROR_FLT_IO_COMPLETE                                                     Handle        = 0x001F0001
+	ERROR_FLT_NO_HANDLER_DEFINED                                              Handle        = 0x801F0001
+	ERROR_FLT_CONTEXT_ALREADY_DEFINED                                         Handle        = 0x801F0002
+	ERROR_FLT_INVALID_ASYNCHRONOUS_REQUEST                                    Handle        = 0x801F0003
+	ERROR_FLT_DISALLOW_FAST_IO                                                Handle        = 0x801F0004
+	ERROR_FLT_INVALID_NAME_REQUEST                                            Handle        = 0x801F0005
+	ERROR_FLT_NOT_SAFE_TO_POST_OPERATION                                      Handle        = 0x801F0006
+	ERROR_FLT_NOT_INITIALIZED                                                 Handle        = 0x801F0007
+	ERROR_FLT_FILTER_NOT_READY                                                Handle        = 0x801F0008
+	ERROR_FLT_POST_OPERATION_CLEANUP                                          Handle        = 0x801F0009
+	ERROR_FLT_INTERNAL_ERROR                                                  Handle        = 0x801F000A
+	ERROR_FLT_DELETING_OBJECT                                                 Handle        = 0x801F000B
+	ERROR_FLT_MUST_BE_NONPAGED_POOL                                           Handle        = 0x801F000C
+	ERROR_FLT_DUPLICATE_ENTRY                                                 Handle        = 0x801F000D
+	ERROR_FLT_CBDQ_DISABLED                                                   Handle        = 0x801F000E
+	ERROR_FLT_DO_NOT_ATTACH                                                   Handle        = 0x801F000F
+	ERROR_FLT_DO_NOT_DETACH                                                   Handle        = 0x801F0010
+	ERROR_FLT_INSTANCE_ALTITUDE_COLLISION                                     Handle        = 0x801F0011
+	ERROR_FLT_INSTANCE_NAME_COLLISION                                         Handle        = 0x801F0012
+	ERROR_FLT_FILTER_NOT_FOUND                                                Handle        = 0x801F0013
+	ERROR_FLT_VOLUME_NOT_FOUND                                                Handle        = 0x801F0014
+	ERROR_FLT_INSTANCE_NOT_FOUND                                              Handle        = 0x801F0015
+	ERROR_FLT_CONTEXT_ALLOCATION_NOT_FOUND                                    Handle        = 0x801F0016
+	ERROR_FLT_INVALID_CONTEXT_REGISTRATION                                    Handle        = 0x801F0017
+	ERROR_FLT_NAME_CACHE_MISS                                                 Handle        = 0x801F0018
+	ERROR_FLT_NO_DEVICE_OBJECT                                                Handle        = 0x801F0019
+	ERROR_FLT_VOLUME_ALREADY_MOUNTED                                          Handle        = 0x801F001A
+	ERROR_FLT_ALREADY_ENLISTED                                                Handle        = 0x801F001B
+	ERROR_FLT_CONTEXT_ALREADY_LINKED                                          Handle        = 0x801F001C
+	ERROR_FLT_NO_WAITER_FOR_REPLY                                             Handle        = 0x801F0020
+	ERROR_FLT_REGISTRATION_BUSY                                               Handle        = 0x801F0023
+	ERROR_HUNG_DISPLAY_DRIVER_THREAD                                          Handle        = 0x80260001
+	DWM_E_COMPOSITIONDISABLED                                                 Handle        = 0x80263001
+	DWM_E_REMOTING_NOT_SUPPORTED                                              Handle        = 0x80263002
+	DWM_E_NO_REDIRECTION_SURFACE_AVAILABLE                                    Handle        = 0x80263003
+	DWM_E_NOT_QUEUING_PRESENTS                                                Handle        = 0x80263004
+	DWM_E_ADAPTER_NOT_FOUND                                                   Handle        = 0x80263005
+	DWM_S_GDI_REDIRECTION_SURFACE                                             Handle        = 0x00263005
+	DWM_E_TEXTURE_TOO_LARGE                                                   Handle        = 0x80263007
+	DWM_S_GDI_REDIRECTION_SURFACE_BLT_VIA_GDI                                 Handle        = 0x00263008
+	ERROR_MONITOR_NO_DESCRIPTOR                                               Handle        = 0x00261001
+	ERROR_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT                                   Handle        = 0x00261002
+	ERROR_MONITOR_INVALID_DESCRIPTOR_CHECKSUM                                 Handle        = 0xC0261003
+	ERROR_MONITOR_INVALID_STANDARD_TIMING_BLOCK                               Handle        = 0xC0261004
+	ERROR_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED                           Handle        = 0xC0261005
+	ERROR_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK                          Handle        = 0xC0261006
+	ERROR_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK                          Handle        = 0xC0261007
+	ERROR_MONITOR_NO_MORE_DESCRIPTOR_DATA                                     Handle        = 0xC0261008
+	ERROR_MONITOR_INVALID_DETAILED_TIMING_BLOCK                               Handle        = 0xC0261009
+	ERROR_MONITOR_INVALID_MANUFACTURE_DATE                                    Handle        = 0xC026100A
+	ERROR_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER                                   Handle        = 0xC0262000
+	ERROR_GRAPHICS_INSUFFICIENT_DMA_BUFFER                                    Handle        = 0xC0262001
+	ERROR_GRAPHICS_INVALID_DISPLAY_ADAPTER                                    Handle        = 0xC0262002
+	ERROR_GRAPHICS_ADAPTER_WAS_RESET                                          Handle        = 0xC0262003
+	ERROR_GRAPHICS_INVALID_DRIVER_MODEL                                       Handle        = 0xC0262004
+	ERROR_GRAPHICS_PRESENT_MODE_CHANGED                                       Handle        = 0xC0262005
+	ERROR_GRAPHICS_PRESENT_OCCLUDED                                           Handle        = 0xC0262006
+	ERROR_GRAPHICS_PRESENT_DENIED                                             Handle        = 0xC0262007
+	ERROR_GRAPHICS_CANNOTCOLORCONVERT                                         Handle        = 0xC0262008
+	ERROR_GRAPHICS_DRIVER_MISMATCH                                            Handle        = 0xC0262009
+	ERROR_GRAPHICS_PARTIAL_DATA_POPULATED                                     Handle        = 0x4026200A
+	ERROR_GRAPHICS_PRESENT_REDIRECTION_DISABLED                               Handle        = 0xC026200B
+	ERROR_GRAPHICS_PRESENT_UNOCCLUDED                                         Handle        = 0xC026200C
+	ERROR_GRAPHICS_WINDOWDC_NOT_AVAILABLE                                     Handle        = 0xC026200D
+	ERROR_GRAPHICS_WINDOWLESS_PRESENT_DISABLED                                Handle        = 0xC026200E
+	ERROR_GRAPHICS_PRESENT_INVALID_WINDOW                                     Handle        = 0xC026200F
+	ERROR_GRAPHICS_PRESENT_BUFFER_NOT_BOUND                                   Handle        = 0xC0262010
+	ERROR_GRAPHICS_VAIL_STATE_CHANGED                                         Handle        = 0xC0262011
+	ERROR_GRAPHICS_INDIRECT_DISPLAY_ABANDON_SWAPCHAIN                         Handle        = 0xC0262012
+	ERROR_GRAPHICS_INDIRECT_DISPLAY_DEVICE_STOPPED                            Handle        = 0xC0262013
+	ERROR_GRAPHICS_NO_VIDEO_MEMORY                                            Handle        = 0xC0262100
+	ERROR_GRAPHICS_CANT_LOCK_MEMORY                                           Handle        = 0xC0262101
+	ERROR_GRAPHICS_ALLOCATION_BUSY                                            Handle        = 0xC0262102
+	ERROR_GRAPHICS_TOO_MANY_REFERENCES                                        Handle        = 0xC0262103
+	ERROR_GRAPHICS_TRY_AGAIN_LATER                                            Handle        = 0xC0262104
+	ERROR_GRAPHICS_TRY_AGAIN_NOW                                              Handle        = 0xC0262105
+	ERROR_GRAPHICS_ALLOCATION_INVALID                                         Handle        = 0xC0262106
+	ERROR_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE                           Handle        = 0xC0262107
+	ERROR_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED                           Handle        = 0xC0262108
+	ERROR_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION                               Handle        = 0xC0262109
+	ERROR_GRAPHICS_INVALID_ALLOCATION_USAGE                                   Handle        = 0xC0262110
+	ERROR_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION                              Handle        = 0xC0262111
+	ERROR_GRAPHICS_ALLOCATION_CLOSED                                          Handle        = 0xC0262112
+	ERROR_GRAPHICS_INVALID_ALLOCATION_INSTANCE                                Handle        = 0xC0262113
+	ERROR_GRAPHICS_INVALID_ALLOCATION_HANDLE                                  Handle        = 0xC0262114
+	ERROR_GRAPHICS_WRONG_ALLOCATION_DEVICE                                    Handle        = 0xC0262115
+	ERROR_GRAPHICS_ALLOCATION_CONTENT_LOST                                    Handle        = 0xC0262116
+	ERROR_GRAPHICS_GPU_EXCEPTION_ON_DEVICE                                    Handle        = 0xC0262200
+	ERROR_GRAPHICS_SKIP_ALLOCATION_PREPARATION                                Handle        = 0x40262201
+	ERROR_GRAPHICS_INVALID_VIDPN_TOPOLOGY                                     Handle        = 0xC0262300
+	ERROR_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED                               Handle        = 0xC0262301
+	ERROR_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED                     Handle        = 0xC0262302
+	ERROR_GRAPHICS_INVALID_VIDPN                                              Handle        = 0xC0262303
+	ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE                               Handle        = 0xC0262304
+	ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET                               Handle        = 0xC0262305
+	ERROR_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED                               Handle        = 0xC0262306
+	ERROR_GRAPHICS_MODE_NOT_PINNED                                            Handle        = 0x00262307
+	ERROR_GRAPHICS_INVALID_VIDPN_SOURCEMODESET                                Handle        = 0xC0262308
+	ERROR_GRAPHICS_INVALID_VIDPN_TARGETMODESET                                Handle        = 0xC0262309
+	ERROR_GRAPHICS_INVALID_FREQUENCY                                          Handle        = 0xC026230A
+	ERROR_GRAPHICS_INVALID_ACTIVE_REGION                                      Handle        = 0xC026230B
+	ERROR_GRAPHICS_INVALID_TOTAL_REGION                                       Handle        = 0xC026230C
+	ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE                          Handle        = 0xC0262310
+	ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE                          Handle        = 0xC0262311
+	ERROR_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET                             Handle        = 0xC0262312
+	ERROR_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY                                   Handle        = 0xC0262313
+	ERROR_GRAPHICS_MODE_ALREADY_IN_MODESET                                    Handle        = 0xC0262314
+	ERROR_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET                              Handle        = 0xC0262315
+	ERROR_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET                              Handle        = 0xC0262316
+	ERROR_GRAPHICS_SOURCE_ALREADY_IN_SET                                      Handle        = 0xC0262317
+	ERROR_GRAPHICS_TARGET_ALREADY_IN_SET                                      Handle        = 0xC0262318
+	ERROR_GRAPHICS_INVALID_VIDPN_PRESENT_PATH                                 Handle        = 0xC0262319
+	ERROR_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY                              Handle        = 0xC026231A
+	ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET                          Handle        = 0xC026231B
+	ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE                             Handle        = 0xC026231C
+	ERROR_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET                                  Handle        = 0xC026231D
+	ERROR_GRAPHICS_NO_PREFERRED_MODE                                          Handle        = 0x0026231E
+	ERROR_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET                              Handle        = 0xC026231F
+	ERROR_GRAPHICS_STALE_MODESET                                              Handle        = 0xC0262320
+	ERROR_GRAPHICS_INVALID_MONITOR_SOURCEMODESET                              Handle        = 0xC0262321
+	ERROR_GRAPHICS_INVALID_MONITOR_SOURCE_MODE                                Handle        = 0xC0262322
+	ERROR_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN                            Handle        = 0xC0262323
+	ERROR_GRAPHICS_MODE_ID_MUST_BE_UNIQUE                                     Handle        = 0xC0262324
+	ERROR_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION            Handle        = 0xC0262325
+	ERROR_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES                    Handle        = 0xC0262326
+	ERROR_GRAPHICS_PATH_NOT_IN_TOPOLOGY                                       Handle        = 0xC0262327
+	ERROR_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE                      Handle        = 0xC0262328
+	ERROR_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET                      Handle        = 0xC0262329
+	ERROR_GRAPHICS_INVALID_MONITORDESCRIPTORSET                               Handle        = 0xC026232A
+	ERROR_GRAPHICS_INVALID_MONITORDESCRIPTOR                                  Handle        = 0xC026232B
+	ERROR_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET                               Handle        = 0xC026232C
+	ERROR_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET                           Handle        = 0xC026232D
+	ERROR_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE                        Handle        = 0xC026232E
+	ERROR_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE                           Handle        = 0xC026232F
+	ERROR_GRAPHICS_RESOURCES_NOT_RELATED                                      Handle        = 0xC0262330
+	ERROR_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE                                   Handle        = 0xC0262331
+	ERROR_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE                                   Handle        = 0xC0262332
+	ERROR_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET                                  Handle        = 0xC0262333
+	ERROR_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER               Handle        = 0xC0262334
+	ERROR_GRAPHICS_NO_VIDPNMGR                                                Handle        = 0xC0262335
+	ERROR_GRAPHICS_NO_ACTIVE_VIDPN                                            Handle        = 0xC0262336
+	ERROR_GRAPHICS_STALE_VIDPN_TOPOLOGY                                       Handle        = 0xC0262337
+	ERROR_GRAPHICS_MONITOR_NOT_CONNECTED                                      Handle        = 0xC0262338
+	ERROR_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY                                     Handle        = 0xC0262339
+	ERROR_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE                                Handle        = 0xC026233A
+	ERROR_GRAPHICS_INVALID_VISIBLEREGION_SIZE                                 Handle        = 0xC026233B
+	ERROR_GRAPHICS_INVALID_STRIDE                                             Handle        = 0xC026233C
+	ERROR_GRAPHICS_INVALID_PIXELFORMAT                                        Handle        = 0xC026233D
+	ERROR_GRAPHICS_INVALID_COLORBASIS                                         Handle        = 0xC026233E
+	ERROR_GRAPHICS_INVALID_PIXELVALUEACCESSMODE                               Handle        = 0xC026233F
+	ERROR_GRAPHICS_TARGET_NOT_IN_TOPOLOGY                                     Handle        = 0xC0262340
+	ERROR_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT                         Handle        = 0xC0262341
+	ERROR_GRAPHICS_VIDPN_SOURCE_IN_USE                                        Handle        = 0xC0262342
+	ERROR_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN                                   Handle        = 0xC0262343
+	ERROR_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL                            Handle        = 0xC0262344
+	ERROR_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION               Handle        = 0xC0262345
+	ERROR_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED         Handle        = 0xC0262346
+	ERROR_GRAPHICS_INVALID_GAMMA_RAMP                                         Handle        = 0xC0262347
+	ERROR_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED                                   Handle        = 0xC0262348
+	ERROR_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED                                Handle        = 0xC0262349
+	ERROR_GRAPHICS_MODE_NOT_IN_MODESET                                        Handle        = 0xC026234A
+	ERROR_GRAPHICS_DATASET_IS_EMPTY                                           Handle        = 0x0026234B
+	ERROR_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET                                Handle        = 0x0026234C
+	ERROR_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON               Handle        = 0xC026234D
+	ERROR_GRAPHICS_INVALID_PATH_CONTENT_TYPE                                  Handle        = 0xC026234E
+	ERROR_GRAPHICS_INVALID_COPYPROTECTION_TYPE                                Handle        = 0xC026234F
+	ERROR_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS                          Handle        = 0xC0262350
+	ERROR_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED            Handle        = 0x00262351
+	ERROR_GRAPHICS_INVALID_SCANLINE_ORDERING                                  Handle        = 0xC0262352
+	ERROR_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED                               Handle        = 0xC0262353
+	ERROR_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS                           Handle        = 0xC0262354
+	ERROR_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT                                Handle        = 0xC0262355
+	ERROR_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM                             Handle        = 0xC0262356
+	ERROR_GRAPHICS_INVALID_MONITOR_CAPABILITY_ORIGIN                          Handle        = 0xC0262357
+	ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE_CONSTRAINT                  Handle        = 0xC0262358
+	ERROR_GRAPHICS_MAX_NUM_PATHS_REACHED                                      Handle        = 0xC0262359
+	ERROR_GRAPHICS_CANCEL_VIDPN_TOPOLOGY_AUGMENTATION                         Handle        = 0xC026235A
+	ERROR_GRAPHICS_INVALID_CLIENT_TYPE                                        Handle        = 0xC026235B
+	ERROR_GRAPHICS_CLIENTVIDPN_NOT_SET                                        Handle        = 0xC026235C
+	ERROR_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED                          Handle        = 0xC0262400
+	ERROR_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED                             Handle        = 0xC0262401
+	ERROR_GRAPHICS_UNKNOWN_CHILD_STATUS                                       Handle        = 0x4026242F
+	ERROR_GRAPHICS_NOT_A_LINKED_ADAPTER                                       Handle        = 0xC0262430
+	ERROR_GRAPHICS_LEADLINK_NOT_ENUMERATED                                    Handle        = 0xC0262431
+	ERROR_GRAPHICS_CHAINLINKS_NOT_ENUMERATED                                  Handle        = 0xC0262432
+	ERROR_GRAPHICS_ADAPTER_CHAIN_NOT_READY                                    Handle        = 0xC0262433
+	ERROR_GRAPHICS_CHAINLINKS_NOT_STARTED                                     Handle        = 0xC0262434
+	ERROR_GRAPHICS_CHAINLINKS_NOT_POWERED_ON                                  Handle        = 0xC0262435
+	ERROR_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE                             Handle        = 0xC0262436
+	ERROR_GRAPHICS_LEADLINK_START_DEFERRED                                    Handle        = 0x40262437
+	ERROR_GRAPHICS_NOT_POST_DEVICE_DRIVER                                     Handle        = 0xC0262438
+	ERROR_GRAPHICS_POLLING_TOO_FREQUENTLY                                     Handle        = 0x40262439
+	ERROR_GRAPHICS_START_DEFERRED                                             Handle        = 0x4026243A
+	ERROR_GRAPHICS_ADAPTER_ACCESS_NOT_EXCLUDED                                Handle        = 0xC026243B
+	ERROR_GRAPHICS_DEPENDABLE_CHILD_STATUS                                    Handle        = 0x4026243C
+	ERROR_GRAPHICS_OPM_NOT_SUPPORTED                                          Handle        = 0xC0262500
+	ERROR_GRAPHICS_COPP_NOT_SUPPORTED                                         Handle        = 0xC0262501
+	ERROR_GRAPHICS_UAB_NOT_SUPPORTED                                          Handle        = 0xC0262502
+	ERROR_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS                           Handle        = 0xC0262503
+	ERROR_GRAPHICS_OPM_NO_VIDEO_OUTPUTS_EXIST                                 Handle        = 0xC0262505
+	ERROR_GRAPHICS_OPM_INTERNAL_ERROR                                         Handle        = 0xC026250B
+	ERROR_GRAPHICS_OPM_INVALID_HANDLE                                         Handle        = 0xC026250C
+	ERROR_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH                             Handle        = 0xC026250E
+	ERROR_GRAPHICS_OPM_SPANNING_MODE_ENABLED                                  Handle        = 0xC026250F
+	ERROR_GRAPHICS_OPM_THEATER_MODE_ENABLED                                   Handle        = 0xC0262510
+	ERROR_GRAPHICS_PVP_HFS_FAILED                                             Handle        = 0xC0262511
+	ERROR_GRAPHICS_OPM_INVALID_SRM                                            Handle        = 0xC0262512
+	ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP                           Handle        = 0xC0262513
+	ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP                            Handle        = 0xC0262514
+	ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA                          Handle        = 0xC0262515
+	ERROR_GRAPHICS_OPM_HDCP_SRM_NEVER_SET                                     Handle        = 0xC0262516
+	ERROR_GRAPHICS_OPM_RESOLUTION_TOO_HIGH                                    Handle        = 0xC0262517
+	ERROR_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE                       Handle        = 0xC0262518
+	ERROR_GRAPHICS_OPM_VIDEO_OUTPUT_NO_LONGER_EXISTS                          Handle        = 0xC026251A
+	ERROR_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS                        Handle        = 0xC026251B
+	ERROR_GRAPHICS_OPM_VIDEO_OUTPUT_DOES_NOT_HAVE_COPP_SEMANTICS              Handle        = 0xC026251C
+	ERROR_GRAPHICS_OPM_INVALID_INFORMATION_REQUEST                            Handle        = 0xC026251D
+	ERROR_GRAPHICS_OPM_DRIVER_INTERNAL_ERROR                                  Handle        = 0xC026251E
+	ERROR_GRAPHICS_OPM_VIDEO_OUTPUT_DOES_NOT_HAVE_OPM_SEMANTICS               Handle        = 0xC026251F
+	ERROR_GRAPHICS_OPM_SIGNALING_NOT_SUPPORTED                                Handle        = 0xC0262520
+	ERROR_GRAPHICS_OPM_INVALID_CONFIGURATION_REQUEST                          Handle        = 0xC0262521
+	ERROR_GRAPHICS_I2C_NOT_SUPPORTED                                          Handle        = 0xC0262580
+	ERROR_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST                                  Handle        = 0xC0262581
+	ERROR_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA                                Handle        = 0xC0262582
+	ERROR_GRAPHICS_I2C_ERROR_RECEIVING_DATA                                   Handle        = 0xC0262583
+	ERROR_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED                                    Handle        = 0xC0262584
+	ERROR_GRAPHICS_DDCCI_INVALID_DATA                                         Handle        = 0xC0262585
+	ERROR_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE          Handle        = 0xC0262586
+	ERROR_GRAPHICS_MCA_INVALID_CAPABILITIES_STRING                            Handle        = 0xC0262587
+	ERROR_GRAPHICS_MCA_INTERNAL_ERROR                                         Handle        = 0xC0262588
+	ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND                              Handle        = 0xC0262589
+	ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH                               Handle        = 0xC026258A
+	ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM                             Handle        = 0xC026258B
+	ERROR_GRAPHICS_INVALID_PHYSICAL_MONITOR_HANDLE                            Handle        = 0xC026258C
+	ERROR_GRAPHICS_MONITOR_NO_LONGER_EXISTS                                   Handle        = 0xC026258D
+	ERROR_GRAPHICS_DDCCI_CURRENT_CURRENT_VALUE_GREATER_THAN_MAXIMUM_VALUE     Handle        = 0xC02625D8
+	ERROR_GRAPHICS_MCA_INVALID_VCP_VERSION                                    Handle        = 0xC02625D9
+	ERROR_GRAPHICS_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION                    Handle        = 0xC02625DA
+	ERROR_GRAPHICS_MCA_MCCS_VERSION_MISMATCH                                  Handle        = 0xC02625DB
+	ERROR_GRAPHICS_MCA_UNSUPPORTED_MCCS_VERSION                               Handle        = 0xC02625DC
+	ERROR_GRAPHICS_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED                       Handle        = 0xC02625DE
+	ERROR_GRAPHICS_MCA_UNSUPPORTED_COLOR_TEMPERATURE                          Handle        = 0xC02625DF
+	ERROR_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED                             Handle        = 0xC02625E0
+	ERROR_GRAPHICS_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME                      Handle        = 0xC02625E1
+	ERROR_GRAPHICS_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP                     Handle        = 0xC02625E2
+	ERROR_GRAPHICS_MIRRORING_DEVICES_NOT_SUPPORTED                            Handle        = 0xC02625E3
+	ERROR_GRAPHICS_INVALID_POINTER                                            Handle        = 0xC02625E4
+	ERROR_GRAPHICS_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE                   Handle        = 0xC02625E5
+	ERROR_GRAPHICS_PARAMETER_ARRAY_TOO_SMALL                                  Handle        = 0xC02625E6
+	ERROR_GRAPHICS_INTERNAL_ERROR                                             Handle        = 0xC02625E7
+	ERROR_GRAPHICS_SESSION_TYPE_CHANGE_IN_PROGRESS                            Handle        = 0xC02605E8
+	NAP_E_INVALID_PACKET                                                      Handle        = 0x80270001
+	NAP_E_MISSING_SOH                                                         Handle        = 0x80270002
+	NAP_E_CONFLICTING_ID                                                      Handle        = 0x80270003
+	NAP_E_NO_CACHED_SOH                                                       Handle        = 0x80270004
+	NAP_E_STILL_BOUND                                                         Handle        = 0x80270005
+	NAP_E_NOT_REGISTERED                                                      Handle        = 0x80270006
+	NAP_E_NOT_INITIALIZED                                                     Handle        = 0x80270007
+	NAP_E_MISMATCHED_ID                                                       Handle        = 0x80270008
+	NAP_E_NOT_PENDING                                                         Handle        = 0x80270009
+	NAP_E_ID_NOT_FOUND                                                        Handle        = 0x8027000A
+	NAP_E_MAXSIZE_TOO_SMALL                                                   Handle        = 0x8027000B
+	NAP_E_SERVICE_NOT_RUNNING                                                 Handle        = 0x8027000C
+	NAP_S_CERT_ALREADY_PRESENT                                                Handle        = 0x0027000D
+	NAP_E_ENTITY_DISABLED                                                     Handle        = 0x8027000E
+	NAP_E_NETSH_GROUPPOLICY_ERROR                                             Handle        = 0x8027000F
+	NAP_E_TOO_MANY_CALLS                                                      Handle        = 0x80270010
+	NAP_E_SHV_CONFIG_EXISTED                                                  Handle        = 0x80270011
+	NAP_E_SHV_CONFIG_NOT_FOUND                                                Handle        = 0x80270012
+	NAP_E_SHV_TIMEOUT                                                         Handle        = 0x80270013
+	TPM_E_ERROR_MASK                                                          Handle        = 0x80280000
+	TPM_E_AUTHFAIL                                                            Handle        = 0x80280001
+	TPM_E_BADINDEX                                                            Handle        = 0x80280002
+	TPM_E_BAD_PARAMETER                                                       Handle        = 0x80280003
+	TPM_E_AUDITFAILURE                                                        Handle        = 0x80280004
+	TPM_E_CLEAR_DISABLED                                                      Handle        = 0x80280005
+	TPM_E_DEACTIVATED                                                         Handle        = 0x80280006
+	TPM_E_DISABLED                                                            Handle        = 0x80280007
+	TPM_E_DISABLED_CMD                                                        Handle        = 0x80280008
+	TPM_E_FAIL                                                                Handle        = 0x80280009
+	TPM_E_BAD_ORDINAL                                                         Handle        = 0x8028000A
+	TPM_E_INSTALL_DISABLED                                                    Handle        = 0x8028000B
+	TPM_E_INVALID_KEYHANDLE                                                   Handle        = 0x8028000C
+	TPM_E_KEYNOTFOUND                                                         Handle        = 0x8028000D
+	TPM_E_INAPPROPRIATE_ENC                                                   Handle        = 0x8028000E
+	TPM_E_MIGRATEFAIL                                                         Handle        = 0x8028000F
+	TPM_E_INVALID_PCR_INFO                                                    Handle        = 0x80280010
+	TPM_E_NOSPACE                                                             Handle        = 0x80280011
+	TPM_E_NOSRK                                                               Handle        = 0x80280012
+	TPM_E_NOTSEALED_BLOB                                                      Handle        = 0x80280013
+	TPM_E_OWNER_SET                                                           Handle        = 0x80280014
+	TPM_E_RESOURCES                                                           Handle        = 0x80280015
+	TPM_E_SHORTRANDOM                                                         Handle        = 0x80280016
+	TPM_E_SIZE                                                                Handle        = 0x80280017
+	TPM_E_WRONGPCRVAL                                                         Handle        = 0x80280018
+	TPM_E_BAD_PARAM_SIZE                                                      Handle        = 0x80280019
+	TPM_E_SHA_THREAD                                                          Handle        = 0x8028001A
+	TPM_E_SHA_ERROR                                                           Handle        = 0x8028001B
+	TPM_E_FAILEDSELFTEST                                                      Handle        = 0x8028001C
+	TPM_E_AUTH2FAIL                                                           Handle        = 0x8028001D
+	TPM_E_BADTAG                                                              Handle        = 0x8028001E
+	TPM_E_IOERROR                                                             Handle        = 0x8028001F
+	TPM_E_ENCRYPT_ERROR                                                       Handle        = 0x80280020
+	TPM_E_DECRYPT_ERROR                                                       Handle        = 0x80280021
+	TPM_E_INVALID_AUTHHANDLE                                                  Handle        = 0x80280022
+	TPM_E_NO_ENDORSEMENT                                                      Handle        = 0x80280023
+	TPM_E_INVALID_KEYUSAGE                                                    Handle        = 0x80280024
+	TPM_E_WRONG_ENTITYTYPE                                                    Handle        = 0x80280025
+	TPM_E_INVALID_POSTINIT                                                    Handle        = 0x80280026
+	TPM_E_INAPPROPRIATE_SIG                                                   Handle        = 0x80280027
+	TPM_E_BAD_KEY_PROPERTY                                                    Handle        = 0x80280028
+	TPM_E_BAD_MIGRATION                                                       Handle        = 0x80280029
+	TPM_E_BAD_SCHEME                                                          Handle        = 0x8028002A
+	TPM_E_BAD_DATASIZE                                                        Handle        = 0x8028002B
+	TPM_E_BAD_MODE                                                            Handle        = 0x8028002C
+	TPM_E_BAD_PRESENCE                                                        Handle        = 0x8028002D
+	TPM_E_BAD_VERSION                                                         Handle        = 0x8028002E
+	TPM_E_NO_WRAP_TRANSPORT                                                   Handle        = 0x8028002F
+	TPM_E_AUDITFAIL_UNSUCCESSFUL                                              Handle        = 0x80280030
+	TPM_E_AUDITFAIL_SUCCESSFUL                                                Handle        = 0x80280031
+	TPM_E_NOTRESETABLE                                                        Handle        = 0x80280032
+	TPM_E_NOTLOCAL                                                            Handle        = 0x80280033
+	TPM_E_BAD_TYPE                                                            Handle        = 0x80280034
+	TPM_E_INVALID_RESOURCE                                                    Handle        = 0x80280035
+	TPM_E_NOTFIPS                                                             Handle        = 0x80280036
+	TPM_E_INVALID_FAMILY                                                      Handle        = 0x80280037
+	TPM_E_NO_NV_PERMISSION                                                    Handle        = 0x80280038
+	TPM_E_REQUIRES_SIGN                                                       Handle        = 0x80280039
+	TPM_E_KEY_NOTSUPPORTED                                                    Handle        = 0x8028003A
+	TPM_E_AUTH_CONFLICT                                                       Handle        = 0x8028003B
+	TPM_E_AREA_LOCKED                                                         Handle        = 0x8028003C
+	TPM_E_BAD_LOCALITY                                                        Handle        = 0x8028003D
+	TPM_E_READ_ONLY                                                           Handle        = 0x8028003E
+	TPM_E_PER_NOWRITE                                                         Handle        = 0x8028003F
+	TPM_E_FAMILYCOUNT                                                         Handle        = 0x80280040
+	TPM_E_WRITE_LOCKED                                                        Handle        = 0x80280041
+	TPM_E_BAD_ATTRIBUTES                                                      Handle        = 0x80280042
+	TPM_E_INVALID_STRUCTURE                                                   Handle        = 0x80280043
+	TPM_E_KEY_OWNER_CONTROL                                                   Handle        = 0x80280044
+	TPM_E_BAD_COUNTER                                                         Handle        = 0x80280045
+	TPM_E_NOT_FULLWRITE                                                       Handle        = 0x80280046
+	TPM_E_CONTEXT_GAP                                                         Handle        = 0x80280047
+	TPM_E_MAXNVWRITES                                                         Handle        = 0x80280048
+	TPM_E_NOOPERATOR                                                          Handle        = 0x80280049
+	TPM_E_RESOURCEMISSING                                                     Handle        = 0x8028004A
+	TPM_E_DELEGATE_LOCK                                                       Handle        = 0x8028004B
+	TPM_E_DELEGATE_FAMILY                                                     Handle        = 0x8028004C
+	TPM_E_DELEGATE_ADMIN                                                      Handle        = 0x8028004D
+	TPM_E_TRANSPORT_NOTEXCLUSIVE                                              Handle        = 0x8028004E
+	TPM_E_OWNER_CONTROL                                                       Handle        = 0x8028004F
+	TPM_E_DAA_RESOURCES                                                       Handle        = 0x80280050
+	TPM_E_DAA_INPUT_DATA0                                                     Handle        = 0x80280051
+	TPM_E_DAA_INPUT_DATA1                                                     Handle        = 0x80280052
+	TPM_E_DAA_ISSUER_SETTINGS                                                 Handle        = 0x80280053
+	TPM_E_DAA_TPM_SETTINGS                                                    Handle        = 0x80280054
+	TPM_E_DAA_STAGE                                                           Handle        = 0x80280055
+	TPM_E_DAA_ISSUER_VALIDITY                                                 Handle        = 0x80280056
+	TPM_E_DAA_WRONG_W                                                         Handle        = 0x80280057
+	TPM_E_BAD_HANDLE                                                          Handle        = 0x80280058
+	TPM_E_BAD_DELEGATE                                                        Handle        = 0x80280059
+	TPM_E_BADCONTEXT                                                          Handle        = 0x8028005A
+	TPM_E_TOOMANYCONTEXTS                                                     Handle        = 0x8028005B
+	TPM_E_MA_TICKET_SIGNATURE                                                 Handle        = 0x8028005C
+	TPM_E_MA_DESTINATION                                                      Handle        = 0x8028005D
+	TPM_E_MA_SOURCE                                                           Handle        = 0x8028005E
+	TPM_E_MA_AUTHORITY                                                        Handle        = 0x8028005F
+	TPM_E_PERMANENTEK                                                         Handle        = 0x80280061
+	TPM_E_BAD_SIGNATURE                                                       Handle        = 0x80280062
+	TPM_E_NOCONTEXTSPACE                                                      Handle        = 0x80280063
+	TPM_20_E_ASYMMETRIC                                                       Handle        = 0x80280081
+	TPM_20_E_ATTRIBUTES                                                       Handle        = 0x80280082
+	TPM_20_E_HASH                                                             Handle        = 0x80280083
+	TPM_20_E_VALUE                                                            Handle        = 0x80280084
+	TPM_20_E_HIERARCHY                                                        Handle        = 0x80280085
+	TPM_20_E_KEY_SIZE                                                         Handle        = 0x80280087
+	TPM_20_E_MGF                                                              Handle        = 0x80280088
+	TPM_20_E_MODE                                                             Handle        = 0x80280089
+	TPM_20_E_TYPE                                                             Handle        = 0x8028008A
+	TPM_20_E_HANDLE                                                           Handle        = 0x8028008B
+	TPM_20_E_KDF                                                              Handle        = 0x8028008C
+	TPM_20_E_RANGE                                                            Handle        = 0x8028008D
+	TPM_20_E_AUTH_FAIL                                                        Handle        = 0x8028008E
+	TPM_20_E_NONCE                                                            Handle        = 0x8028008F
+	TPM_20_E_PP                                                               Handle        = 0x80280090
+	TPM_20_E_SCHEME                                                           Handle        = 0x80280092
+	TPM_20_E_SIZE                                                             Handle        = 0x80280095
+	TPM_20_E_SYMMETRIC                                                        Handle        = 0x80280096
+	TPM_20_E_TAG                                                              Handle        = 0x80280097
+	TPM_20_E_SELECTOR                                                         Handle        = 0x80280098
+	TPM_20_E_INSUFFICIENT                                                     Handle        = 0x8028009A
+	TPM_20_E_SIGNATURE                                                        Handle        = 0x8028009B
+	TPM_20_E_KEY                                                              Handle        = 0x8028009C
+	TPM_20_E_POLICY_FAIL                                                      Handle        = 0x8028009D
+	TPM_20_E_INTEGRITY                                                        Handle        = 0x8028009F
+	TPM_20_E_TICKET                                                           Handle        = 0x802800A0
+	TPM_20_E_RESERVED_BITS                                                    Handle        = 0x802800A1
+	TPM_20_E_BAD_AUTH                                                         Handle        = 0x802800A2
+	TPM_20_E_EXPIRED                                                          Handle        = 0x802800A3
+	TPM_20_E_POLICY_CC                                                        Handle        = 0x802800A4
+	TPM_20_E_BINDING                                                          Handle        = 0x802800A5
+	TPM_20_E_CURVE                                                            Handle        = 0x802800A6
+	TPM_20_E_ECC_POINT                                                        Handle        = 0x802800A7
+	TPM_20_E_INITIALIZE                                                       Handle        = 0x80280100
+	TPM_20_E_FAILURE                                                          Handle        = 0x80280101
+	TPM_20_E_SEQUENCE                                                         Handle        = 0x80280103
+	TPM_20_E_PRIVATE                                                          Handle        = 0x8028010B
+	TPM_20_E_HMAC                                                             Handle        = 0x80280119
+	TPM_20_E_DISABLED                                                         Handle        = 0x80280120
+	TPM_20_E_EXCLUSIVE                                                        Handle        = 0x80280121
+	TPM_20_E_ECC_CURVE                                                        Handle        = 0x80280123
+	TPM_20_E_AUTH_TYPE                                                        Handle        = 0x80280124
+	TPM_20_E_AUTH_MISSING                                                     Handle        = 0x80280125
+	TPM_20_E_POLICY                                                           Handle        = 0x80280126
+	TPM_20_E_PCR                                                              Handle        = 0x80280127
+	TPM_20_E_PCR_CHANGED                                                      Handle        = 0x80280128
+	TPM_20_E_UPGRADE                                                          Handle        = 0x8028012D
+	TPM_20_E_TOO_MANY_CONTEXTS                                                Handle        = 0x8028012E
+	TPM_20_E_AUTH_UNAVAILABLE                                                 Handle        = 0x8028012F
+	TPM_20_E_REBOOT                                                           Handle        = 0x80280130
+	TPM_20_E_UNBALANCED                                                       Handle        = 0x80280131
+	TPM_20_E_COMMAND_SIZE                                                     Handle        = 0x80280142
+	TPM_20_E_COMMAND_CODE                                                     Handle        = 0x80280143
+	TPM_20_E_AUTHSIZE                                                         Handle        = 0x80280144
+	TPM_20_E_AUTH_CONTEXT                                                     Handle        = 0x80280145
+	TPM_20_E_NV_RANGE                                                         Handle        = 0x80280146
+	TPM_20_E_NV_SIZE                                                          Handle        = 0x80280147
+	TPM_20_E_NV_LOCKED                                                        Handle        = 0x80280148
+	TPM_20_E_NV_AUTHORIZATION                                                 Handle        = 0x80280149
+	TPM_20_E_NV_UNINITIALIZED                                                 Handle        = 0x8028014A
+	TPM_20_E_NV_SPACE                                                         Handle        = 0x8028014B
+	TPM_20_E_NV_DEFINED                                                       Handle        = 0x8028014C
+	TPM_20_E_BAD_CONTEXT                                                      Handle        = 0x80280150
+	TPM_20_E_CPHASH                                                           Handle        = 0x80280151
+	TPM_20_E_PARENT                                                           Handle        = 0x80280152
+	TPM_20_E_NEEDS_TEST                                                       Handle        = 0x80280153
+	TPM_20_E_NO_RESULT                                                        Handle        = 0x80280154
+	TPM_20_E_SENSITIVE                                                        Handle        = 0x80280155
+	TPM_E_COMMAND_BLOCKED                                                     Handle        = 0x80280400
+	TPM_E_INVALID_HANDLE                                                      Handle        = 0x80280401
+	TPM_E_DUPLICATE_VHANDLE                                                   Handle        = 0x80280402
+	TPM_E_EMBEDDED_COMMAND_BLOCKED                                            Handle        = 0x80280403
+	TPM_E_EMBEDDED_COMMAND_UNSUPPORTED                                        Handle        = 0x80280404
+	TPM_E_RETRY                                                               Handle        = 0x80280800
+	TPM_E_NEEDS_SELFTEST                                                      Handle        = 0x80280801
+	TPM_E_DOING_SELFTEST                                                      Handle        = 0x80280802
+	TPM_E_DEFEND_LOCK_RUNNING                                                 Handle        = 0x80280803
+	TPM_20_E_CONTEXT_GAP                                                      Handle        = 0x80280901
+	TPM_20_E_OBJECT_MEMORY                                                    Handle        = 0x80280902
+	TPM_20_E_SESSION_MEMORY                                                   Handle        = 0x80280903
+	TPM_20_E_MEMORY                                                           Handle        = 0x80280904
+	TPM_20_E_SESSION_HANDLES                                                  Handle        = 0x80280905
+	TPM_20_E_OBJECT_HANDLES                                                   Handle        = 0x80280906
+	TPM_20_E_LOCALITY                                                         Handle        = 0x80280907
+	TPM_20_E_YIELDED                                                          Handle        = 0x80280908
+	TPM_20_E_CANCELED                                                         Handle        = 0x80280909
+	TPM_20_E_TESTING                                                          Handle        = 0x8028090A
+	TPM_20_E_NV_RATE                                                          Handle        = 0x80280920
+	TPM_20_E_LOCKOUT                                                          Handle        = 0x80280921
+	TPM_20_E_RETRY                                                            Handle        = 0x80280922
+	TPM_20_E_NV_UNAVAILABLE                                                   Handle        = 0x80280923
+	TBS_E_INTERNAL_ERROR                                                      Handle        = 0x80284001
+	TBS_E_BAD_PARAMETER                                                       Handle        = 0x80284002
+	TBS_E_INVALID_OUTPUT_POINTER                                              Handle        = 0x80284003
+	TBS_E_INVALID_CONTEXT                                                     Handle        = 0x80284004
+	TBS_E_INSUFFICIENT_BUFFER                                                 Handle        = 0x80284005
+	TBS_E_IOERROR                                                             Handle        = 0x80284006
+	TBS_E_INVALID_CONTEXT_PARAM                                               Handle        = 0x80284007
+	TBS_E_SERVICE_NOT_RUNNING                                                 Handle        = 0x80284008
+	TBS_E_TOO_MANY_TBS_CONTEXTS                                               Handle        = 0x80284009
+	TBS_E_TOO_MANY_RESOURCES                                                  Handle        = 0x8028400A
+	TBS_E_SERVICE_START_PENDING                                               Handle        = 0x8028400B
+	TBS_E_PPI_NOT_SUPPORTED                                                   Handle        = 0x8028400C
+	TBS_E_COMMAND_CANCELED                                                    Handle        = 0x8028400D
+	TBS_E_BUFFER_TOO_LARGE                                                    Handle        = 0x8028400E
+	TBS_E_TPM_NOT_FOUND                                                       Handle        = 0x8028400F
+	TBS_E_SERVICE_DISABLED                                                    Handle        = 0x80284010
+	TBS_E_NO_EVENT_LOG                                                        Handle        = 0x80284011
+	TBS_E_ACCESS_DENIED                                                       Handle        = 0x80284012
+	TBS_E_PROVISIONING_NOT_ALLOWED                                            Handle        = 0x80284013
+	TBS_E_PPI_FUNCTION_UNSUPPORTED                                            Handle        = 0x80284014
+	TBS_E_OWNERAUTH_NOT_FOUND                                                 Handle        = 0x80284015
+	TBS_E_PROVISIONING_INCOMPLETE                                             Handle        = 0x80284016
+	TPMAPI_E_INVALID_STATE                                                    Handle        = 0x80290100
+	TPMAPI_E_NOT_ENOUGH_DATA                                                  Handle        = 0x80290101
+	TPMAPI_E_TOO_MUCH_DATA                                                    Handle        = 0x80290102
+	TPMAPI_E_INVALID_OUTPUT_POINTER                                           Handle        = 0x80290103
+	TPMAPI_E_INVALID_PARAMETER                                                Handle        = 0x80290104
+	TPMAPI_E_OUT_OF_MEMORY                                                    Handle        = 0x80290105
+	TPMAPI_E_BUFFER_TOO_SMALL                                                 Handle        = 0x80290106
+	TPMAPI_E_INTERNAL_ERROR                                                   Handle        = 0x80290107
+	TPMAPI_E_ACCESS_DENIED                                                    Handle        = 0x80290108
+	TPMAPI_E_AUTHORIZATION_FAILED                                             Handle        = 0x80290109
+	TPMAPI_E_INVALID_CONTEXT_HANDLE                                           Handle        = 0x8029010A
+	TPMAPI_E_TBS_COMMUNICATION_ERROR                                          Handle        = 0x8029010B
+	TPMAPI_E_TPM_COMMAND_ERROR                                                Handle        = 0x8029010C
+	TPMAPI_E_MESSAGE_TOO_LARGE                                                Handle        = 0x8029010D
+	TPMAPI_E_INVALID_ENCODING                                                 Handle        = 0x8029010E
+	TPMAPI_E_INVALID_KEY_SIZE                                                 Handle        = 0x8029010F
+	TPMAPI_E_ENCRYPTION_FAILED                                                Handle        = 0x80290110
+	TPMAPI_E_INVALID_KEY_PARAMS                                               Handle        = 0x80290111
+	TPMAPI_E_INVALID_MIGRATION_AUTHORIZATION_BLOB                             Handle        = 0x80290112
+	TPMAPI_E_INVALID_PCR_INDEX                                                Handle        = 0x80290113
+	TPMAPI_E_INVALID_DELEGATE_BLOB                                            Handle        = 0x80290114
+	TPMAPI_E_INVALID_CONTEXT_PARAMS                                           Handle        = 0x80290115
+	TPMAPI_E_INVALID_KEY_BLOB                                                 Handle        = 0x80290116
+	TPMAPI_E_INVALID_PCR_DATA                                                 Handle        = 0x80290117
+	TPMAPI_E_INVALID_OWNER_AUTH                                               Handle        = 0x80290118
+	TPMAPI_E_FIPS_RNG_CHECK_FAILED                                            Handle        = 0x80290119
+	TPMAPI_E_EMPTY_TCG_LOG                                                    Handle        = 0x8029011A
+	TPMAPI_E_INVALID_TCG_LOG_ENTRY                                            Handle        = 0x8029011B
+	TPMAPI_E_TCG_SEPARATOR_ABSENT                                             Handle        = 0x8029011C
+	TPMAPI_E_TCG_INVALID_DIGEST_ENTRY                                         Handle        = 0x8029011D
+	TPMAPI_E_POLICY_DENIES_OPERATION                                          Handle        = 0x8029011E
+	TPMAPI_E_NV_BITS_NOT_DEFINED                                              Handle        = 0x8029011F
+	TPMAPI_E_NV_BITS_NOT_READY                                                Handle        = 0x80290120
+	TPMAPI_E_SEALING_KEY_NOT_AVAILABLE                                        Handle        = 0x80290121
+	TPMAPI_E_NO_AUTHORIZATION_CHAIN_FOUND                                     Handle        = 0x80290122
+	TPMAPI_E_SVN_COUNTER_NOT_AVAILABLE                                        Handle        = 0x80290123
+	TPMAPI_E_OWNER_AUTH_NOT_NULL                                              Handle        = 0x80290124
+	TPMAPI_E_ENDORSEMENT_AUTH_NOT_NULL                                        Handle        = 0x80290125
+	TPMAPI_E_AUTHORIZATION_REVOKED                                            Handle        = 0x80290126
+	TPMAPI_E_MALFORMED_AUTHORIZATION_KEY                                      Handle        = 0x80290127
+	TPMAPI_E_AUTHORIZING_KEY_NOT_SUPPORTED                                    Handle        = 0x80290128
+	TPMAPI_E_INVALID_AUTHORIZATION_SIGNATURE                                  Handle        = 0x80290129
+	TPMAPI_E_MALFORMED_AUTHORIZATION_POLICY                                   Handle        = 0x8029012A
+	TPMAPI_E_MALFORMED_AUTHORIZATION_OTHER                                    Handle        = 0x8029012B
+	TPMAPI_E_SEALING_KEY_CHANGED                                              Handle        = 0x8029012C
+	TBSIMP_E_BUFFER_TOO_SMALL                                                 Handle        = 0x80290200
+	TBSIMP_E_CLEANUP_FAILED                                                   Handle        = 0x80290201
+	TBSIMP_E_INVALID_CONTEXT_HANDLE                                           Handle        = 0x80290202
+	TBSIMP_E_INVALID_CONTEXT_PARAM                                            Handle        = 0x80290203
+	TBSIMP_E_TPM_ERROR                                                        Handle        = 0x80290204
+	TBSIMP_E_HASH_BAD_KEY                                                     Handle        = 0x80290205
+	TBSIMP_E_DUPLICATE_VHANDLE                                                Handle        = 0x80290206
+	TBSIMP_E_INVALID_OUTPUT_POINTER                                           Handle        = 0x80290207
+	TBSIMP_E_INVALID_PARAMETER                                                Handle        = 0x80290208
+	TBSIMP_E_RPC_INIT_FAILED                                                  Handle        = 0x80290209
+	TBSIMP_E_SCHEDULER_NOT_RUNNING                                            Handle        = 0x8029020A
+	TBSIMP_E_COMMAND_CANCELED                                                 Handle        = 0x8029020B
+	TBSIMP_E_OUT_OF_MEMORY                                                    Handle        = 0x8029020C
+	TBSIMP_E_LIST_NO_MORE_ITEMS                                               Handle        = 0x8029020D
+	TBSIMP_E_LIST_NOT_FOUND                                                   Handle        = 0x8029020E
+	TBSIMP_E_NOT_ENOUGH_SPACE                                                 Handle        = 0x8029020F
+	TBSIMP_E_NOT_ENOUGH_TPM_CONTEXTS                                          Handle        = 0x80290210
+	TBSIMP_E_COMMAND_FAILED                                                   Handle        = 0x80290211
+	TBSIMP_E_UNKNOWN_ORDINAL                                                  Handle        = 0x80290212
+	TBSIMP_E_RESOURCE_EXPIRED                                                 Handle        = 0x80290213
+	TBSIMP_E_INVALID_RESOURCE                                                 Handle        = 0x80290214
+	TBSIMP_E_NOTHING_TO_UNLOAD                                                Handle        = 0x80290215
+	TBSIMP_E_HASH_TABLE_FULL                                                  Handle        = 0x80290216
+	TBSIMP_E_TOO_MANY_TBS_CONTEXTS                                            Handle        = 0x80290217
+	TBSIMP_E_TOO_MANY_RESOURCES                                               Handle        = 0x80290218
+	TBSIMP_E_PPI_NOT_SUPPORTED                                                Handle        = 0x80290219
+	TBSIMP_E_TPM_INCOMPATIBLE                                                 Handle        = 0x8029021A
+	TBSIMP_E_NO_EVENT_LOG                                                     Handle        = 0x8029021B
+	TPM_E_PPI_ACPI_FAILURE                                                    Handle        = 0x80290300
+	TPM_E_PPI_USER_ABORT                                                      Handle        = 0x80290301
+	TPM_E_PPI_BIOS_FAILURE                                                    Handle        = 0x80290302
+	TPM_E_PPI_NOT_SUPPORTED                                                   Handle        = 0x80290303
+	TPM_E_PPI_BLOCKED_IN_BIOS                                                 Handle        = 0x80290304
+	TPM_E_PCP_ERROR_MASK                                                      Handle        = 0x80290400
+	TPM_E_PCP_DEVICE_NOT_READY                                                Handle        = 0x80290401
+	TPM_E_PCP_INVALID_HANDLE                                                  Handle        = 0x80290402
+	TPM_E_PCP_INVALID_PARAMETER                                               Handle        = 0x80290403
+	TPM_E_PCP_FLAG_NOT_SUPPORTED                                              Handle        = 0x80290404
+	TPM_E_PCP_NOT_SUPPORTED                                                   Handle        = 0x80290405
+	TPM_E_PCP_BUFFER_TOO_SMALL                                                Handle        = 0x80290406
+	TPM_E_PCP_INTERNAL_ERROR                                                  Handle        = 0x80290407
+	TPM_E_PCP_AUTHENTICATION_FAILED                                           Handle        = 0x80290408
+	TPM_E_PCP_AUTHENTICATION_IGNORED                                          Handle        = 0x80290409
+	TPM_E_PCP_POLICY_NOT_FOUND                                                Handle        = 0x8029040A
+	TPM_E_PCP_PROFILE_NOT_FOUND                                               Handle        = 0x8029040B
+	TPM_E_PCP_VALIDATION_FAILED                                               Handle        = 0x8029040C
+	TPM_E_PCP_WRONG_PARENT                                                    Handle        = 0x8029040E
+	TPM_E_KEY_NOT_LOADED                                                      Handle        = 0x8029040F
+	TPM_E_NO_KEY_CERTIFICATION                                                Handle        = 0x80290410
+	TPM_E_KEY_NOT_FINALIZED                                                   Handle        = 0x80290411
+	TPM_E_ATTESTATION_CHALLENGE_NOT_SET                                       Handle        = 0x80290412
+	TPM_E_NOT_PCR_BOUND                                                       Handle        = 0x80290413
+	TPM_E_KEY_ALREADY_FINALIZED                                               Handle        = 0x80290414
+	TPM_E_KEY_USAGE_POLICY_NOT_SUPPORTED                                      Handle        = 0x80290415
+	TPM_E_KEY_USAGE_POLICY_INVALID                                            Handle        = 0x80290416
+	TPM_E_SOFT_KEY_ERROR                                                      Handle        = 0x80290417
+	TPM_E_KEY_NOT_AUTHENTICATED                                               Handle        = 0x80290418
+	TPM_E_PCP_KEY_NOT_AIK                                                     Handle        = 0x80290419
+	TPM_E_KEY_NOT_SIGNING_KEY                                                 Handle        = 0x8029041A
+	TPM_E_LOCKED_OUT                                                          Handle        = 0x8029041B
+	TPM_E_CLAIM_TYPE_NOT_SUPPORTED                                            Handle        = 0x8029041C
+	TPM_E_VERSION_NOT_SUPPORTED                                               Handle        = 0x8029041D
+	TPM_E_BUFFER_LENGTH_MISMATCH                                              Handle        = 0x8029041E
+	TPM_E_PCP_IFX_RSA_KEY_CREATION_BLOCKED                                    Handle        = 0x8029041F
+	TPM_E_PCP_TICKET_MISSING                                                  Handle        = 0x80290420
+	TPM_E_PCP_RAW_POLICY_NOT_SUPPORTED                                        Handle        = 0x80290421
+	TPM_E_PCP_KEY_HANDLE_INVALIDATED                                          Handle        = 0x80290422
+	TPM_E_PCP_UNSUPPORTED_PSS_SALT                                            Handle        = 0x40290423
+	TPM_E_ZERO_EXHAUST_ENABLED                                                Handle        = 0x80290500
+	PLA_E_DCS_NOT_FOUND                                                       Handle        = 0x80300002
+	PLA_E_DCS_IN_USE                                                          Handle        = 0x803000AA
+	PLA_E_TOO_MANY_FOLDERS                                                    Handle        = 0x80300045
+	PLA_E_NO_MIN_DISK                                                         Handle        = 0x80300070
+	PLA_E_DCS_ALREADY_EXISTS                                                  Handle        = 0x803000B7
+	PLA_S_PROPERTY_IGNORED                                                    Handle        = 0x00300100
+	PLA_E_PROPERTY_CONFLICT                                                   Handle        = 0x80300101
+	PLA_E_DCS_SINGLETON_REQUIRED                                              Handle        = 0x80300102
+	PLA_E_CREDENTIALS_REQUIRED                                                Handle        = 0x80300103
+	PLA_E_DCS_NOT_RUNNING                                                     Handle        = 0x80300104
+	PLA_E_CONFLICT_INCL_EXCL_API                                              Handle        = 0x80300105
+	PLA_E_NETWORK_EXE_NOT_VALID                                               Handle        = 0x80300106
+	PLA_E_EXE_ALREADY_CONFIGURED                                              Handle        = 0x80300107
+	PLA_E_EXE_PATH_NOT_VALID                                                  Handle        = 0x80300108
+	PLA_E_DC_ALREADY_EXISTS                                                   Handle        = 0x80300109
+	PLA_E_DCS_START_WAIT_TIMEOUT                                              Handle        = 0x8030010A
+	PLA_E_DC_START_WAIT_TIMEOUT                                               Handle        = 0x8030010B
+	PLA_E_REPORT_WAIT_TIMEOUT                                                 Handle        = 0x8030010C
+	PLA_E_NO_DUPLICATES                                                       Handle        = 0x8030010D
+	PLA_E_EXE_FULL_PATH_REQUIRED                                              Handle        = 0x8030010E
+	PLA_E_INVALID_SESSION_NAME                                                Handle        = 0x8030010F
+	PLA_E_PLA_CHANNEL_NOT_ENABLED                                             Handle        = 0x80300110
+	PLA_E_TASKSCHED_CHANNEL_NOT_ENABLED                                       Handle        = 0x80300111
+	PLA_E_RULES_MANAGER_FAILED                                                Handle        = 0x80300112
+	PLA_E_CABAPI_FAILURE                                                      Handle        = 0x80300113
+	FVE_E_LOCKED_VOLUME                                                       Handle        = 0x80310000
+	FVE_E_NOT_ENCRYPTED                                                       Handle        = 0x80310001
+	FVE_E_NO_TPM_BIOS                                                         Handle        = 0x80310002
+	FVE_E_NO_MBR_METRIC                                                       Handle        = 0x80310003
+	FVE_E_NO_BOOTSECTOR_METRIC                                                Handle        = 0x80310004
+	FVE_E_NO_BOOTMGR_METRIC                                                   Handle        = 0x80310005
+	FVE_E_WRONG_BOOTMGR                                                       Handle        = 0x80310006
+	FVE_E_SECURE_KEY_REQUIRED                                                 Handle        = 0x80310007
+	FVE_E_NOT_ACTIVATED                                                       Handle        = 0x80310008
+	FVE_E_ACTION_NOT_ALLOWED                                                  Handle        = 0x80310009
+	FVE_E_AD_SCHEMA_NOT_INSTALLED                                             Handle        = 0x8031000A
+	FVE_E_AD_INVALID_DATATYPE                                                 Handle        = 0x8031000B
+	FVE_E_AD_INVALID_DATASIZE                                                 Handle        = 0x8031000C
+	FVE_E_AD_NO_VALUES                                                        Handle        = 0x8031000D
+	FVE_E_AD_ATTR_NOT_SET                                                     Handle        = 0x8031000E
+	FVE_E_AD_GUID_NOT_FOUND                                                   Handle        = 0x8031000F
+	FVE_E_BAD_INFORMATION                                                     Handle        = 0x80310010
+	FVE_E_TOO_SMALL                                                           Handle        = 0x80310011
+	FVE_E_SYSTEM_VOLUME                                                       Handle        = 0x80310012
+	FVE_E_FAILED_WRONG_FS                                                     Handle        = 0x80310013
+	FVE_E_BAD_PARTITION_SIZE                                                  Handle        = 0x80310014
+	FVE_E_NOT_SUPPORTED                                                       Handle        = 0x80310015
+	FVE_E_BAD_DATA                                                            Handle        = 0x80310016
+	FVE_E_VOLUME_NOT_BOUND                                                    Handle        = 0x80310017
+	FVE_E_TPM_NOT_OWNED                                                       Handle        = 0x80310018
+	FVE_E_NOT_DATA_VOLUME                                                     Handle        = 0x80310019
+	FVE_E_AD_INSUFFICIENT_BUFFER                                              Handle        = 0x8031001A
+	FVE_E_CONV_READ                                                           Handle        = 0x8031001B
+	FVE_E_CONV_WRITE                                                          Handle        = 0x8031001C
+	FVE_E_KEY_REQUIRED                                                        Handle        = 0x8031001D
+	FVE_E_CLUSTERING_NOT_SUPPORTED                                            Handle        = 0x8031001E
+	FVE_E_VOLUME_BOUND_ALREADY                                                Handle        = 0x8031001F
+	FVE_E_OS_NOT_PROTECTED                                                    Handle        = 0x80310020
+	FVE_E_PROTECTION_DISABLED                                                 Handle        = 0x80310021
+	FVE_E_RECOVERY_KEY_REQUIRED                                               Handle        = 0x80310022
+	FVE_E_FOREIGN_VOLUME                                                      Handle        = 0x80310023
+	FVE_E_OVERLAPPED_UPDATE                                                   Handle        = 0x80310024
+	FVE_E_TPM_SRK_AUTH_NOT_ZERO                                               Handle        = 0x80310025
+	FVE_E_FAILED_SECTOR_SIZE                                                  Handle        = 0x80310026
+	FVE_E_FAILED_AUTHENTICATION                                               Handle        = 0x80310027
+	FVE_E_NOT_OS_VOLUME                                                       Handle        = 0x80310028
+	FVE_E_AUTOUNLOCK_ENABLED                                                  Handle        = 0x80310029
+	FVE_E_WRONG_BOOTSECTOR                                                    Handle        = 0x8031002A
+	FVE_E_WRONG_SYSTEM_FS                                                     Handle        = 0x8031002B
+	FVE_E_POLICY_PASSWORD_REQUIRED                                            Handle        = 0x8031002C
+	FVE_E_CANNOT_SET_FVEK_ENCRYPTED                                           Handle        = 0x8031002D
+	FVE_E_CANNOT_ENCRYPT_NO_KEY                                               Handle        = 0x8031002E
+	FVE_E_BOOTABLE_CDDVD                                                      Handle        = 0x80310030
+	FVE_E_PROTECTOR_EXISTS                                                    Handle        = 0x80310031
+	FVE_E_RELATIVE_PATH                                                       Handle        = 0x80310032
+	FVE_E_PROTECTOR_NOT_FOUND                                                 Handle        = 0x80310033
+	FVE_E_INVALID_KEY_FORMAT                                                  Handle        = 0x80310034
+	FVE_E_INVALID_PASSWORD_FORMAT                                             Handle        = 0x80310035
+	FVE_E_FIPS_RNG_CHECK_FAILED                                               Handle        = 0x80310036
+	FVE_E_FIPS_PREVENTS_RECOVERY_PASSWORD                                     Handle        = 0x80310037
+	FVE_E_FIPS_PREVENTS_EXTERNAL_KEY_EXPORT                                   Handle        = 0x80310038
+	FVE_E_NOT_DECRYPTED                                                       Handle        = 0x80310039
+	FVE_E_INVALID_PROTECTOR_TYPE                                              Handle        = 0x8031003A
+	FVE_E_NO_PROTECTORS_TO_TEST                                               Handle        = 0x8031003B
+	FVE_E_KEYFILE_NOT_FOUND                                                   Handle        = 0x8031003C
+	FVE_E_KEYFILE_INVALID                                                     Handle        = 0x8031003D
+	FVE_E_KEYFILE_NO_VMK                                                      Handle        = 0x8031003E
+	FVE_E_TPM_DISABLED                                                        Handle        = 0x8031003F
+	FVE_E_NOT_ALLOWED_IN_SAFE_MODE                                            Handle        = 0x80310040
+	FVE_E_TPM_INVALID_PCR                                                     Handle        = 0x80310041
+	FVE_E_TPM_NO_VMK                                                          Handle        = 0x80310042
+	FVE_E_PIN_INVALID                                                         Handle        = 0x80310043
+	FVE_E_AUTH_INVALID_APPLICATION                                            Handle        = 0x80310044
+	FVE_E_AUTH_INVALID_CONFIG                                                 Handle        = 0x80310045
+	FVE_E_FIPS_DISABLE_PROTECTION_NOT_ALLOWED                                 Handle        = 0x80310046
+	FVE_E_FS_NOT_EXTENDED                                                     Handle        = 0x80310047
+	FVE_E_FIRMWARE_TYPE_NOT_SUPPORTED                                         Handle        = 0x80310048
+	FVE_E_NO_LICENSE                                                          Handle        = 0x80310049
+	FVE_E_NOT_ON_STACK                                                        Handle        = 0x8031004A
+	FVE_E_FS_MOUNTED                                                          Handle        = 0x8031004B
+	FVE_E_TOKEN_NOT_IMPERSONATED                                              Handle        = 0x8031004C
+	FVE_E_DRY_RUN_FAILED                                                      Handle        = 0x8031004D
+	FVE_E_REBOOT_REQUIRED                                                     Handle        = 0x8031004E
+	FVE_E_DEBUGGER_ENABLED                                                    Handle        = 0x8031004F
+	FVE_E_RAW_ACCESS                                                          Handle        = 0x80310050
+	FVE_E_RAW_BLOCKED                                                         Handle        = 0x80310051
+	FVE_E_BCD_APPLICATIONS_PATH_INCORRECT                                     Handle        = 0x80310052
+	FVE_E_NOT_ALLOWED_IN_VERSION                                              Handle        = 0x80310053
+	FVE_E_NO_AUTOUNLOCK_MASTER_KEY                                            Handle        = 0x80310054
+	FVE_E_MOR_FAILED                                                          Handle        = 0x80310055
+	FVE_E_HIDDEN_VOLUME                                                       Handle        = 0x80310056
+	FVE_E_TRANSIENT_STATE                                                     Handle        = 0x80310057
+	FVE_E_PUBKEY_NOT_ALLOWED                                                  Handle        = 0x80310058
+	FVE_E_VOLUME_HANDLE_OPEN                                                  Handle        = 0x80310059
+	FVE_E_NO_FEATURE_LICENSE                                                  Handle        = 0x8031005A
+	FVE_E_INVALID_STARTUP_OPTIONS                                             Handle        = 0x8031005B
+	FVE_E_POLICY_RECOVERY_PASSWORD_NOT_ALLOWED                                Handle        = 0x8031005C
+	FVE_E_POLICY_RECOVERY_PASSWORD_REQUIRED                                   Handle        = 0x8031005D
+	FVE_E_POLICY_RECOVERY_KEY_NOT_ALLOWED                                     Handle        = 0x8031005E
+	FVE_E_POLICY_RECOVERY_KEY_REQUIRED                                        Handle        = 0x8031005F
+	FVE_E_POLICY_STARTUP_PIN_NOT_ALLOWED                                      Handle        = 0x80310060
+	FVE_E_POLICY_STARTUP_PIN_REQUIRED                                         Handle        = 0x80310061
+	FVE_E_POLICY_STARTUP_KEY_NOT_ALLOWED                                      Handle        = 0x80310062
+	FVE_E_POLICY_STARTUP_KEY_REQUIRED                                         Handle        = 0x80310063
+	FVE_E_POLICY_STARTUP_PIN_KEY_NOT_ALLOWED                                  Handle        = 0x80310064
+	FVE_E_POLICY_STARTUP_PIN_KEY_REQUIRED                                     Handle        = 0x80310065
+	FVE_E_POLICY_STARTUP_TPM_NOT_ALLOWED                                      Handle        = 0x80310066
+	FVE_E_POLICY_STARTUP_TPM_REQUIRED                                         Handle        = 0x80310067
+	FVE_E_POLICY_INVALID_PIN_LENGTH                                           Handle        = 0x80310068
+	FVE_E_KEY_PROTECTOR_NOT_SUPPORTED                                         Handle        = 0x80310069
+	FVE_E_POLICY_PASSPHRASE_NOT_ALLOWED                                       Handle        = 0x8031006A
+	FVE_E_POLICY_PASSPHRASE_REQUIRED                                          Handle        = 0x8031006B
+	FVE_E_FIPS_PREVENTS_PASSPHRASE                                            Handle        = 0x8031006C
+	FVE_E_OS_VOLUME_PASSPHRASE_NOT_ALLOWED                                    Handle        = 0x8031006D
+	FVE_E_INVALID_BITLOCKER_OID                                               Handle        = 0x8031006E
+	FVE_E_VOLUME_TOO_SMALL                                                    Handle        = 0x8031006F
+	FVE_E_DV_NOT_SUPPORTED_ON_FS                                              Handle        = 0x80310070
+	FVE_E_DV_NOT_ALLOWED_BY_GP                                                Handle        = 0x80310071
+	FVE_E_POLICY_USER_CERTIFICATE_NOT_ALLOWED                                 Handle        = 0x80310072
+	FVE_E_POLICY_USER_CERTIFICATE_REQUIRED                                    Handle        = 0x80310073
+	FVE_E_POLICY_USER_CERT_MUST_BE_HW                                         Handle        = 0x80310074
+	FVE_E_POLICY_USER_CONFIGURE_FDV_AUTOUNLOCK_NOT_ALLOWED                    Handle        = 0x80310075
+	FVE_E_POLICY_USER_CONFIGURE_RDV_AUTOUNLOCK_NOT_ALLOWED                    Handle        = 0x80310076
+	FVE_E_POLICY_USER_CONFIGURE_RDV_NOT_ALLOWED                               Handle        = 0x80310077
+	FVE_E_POLICY_USER_ENABLE_RDV_NOT_ALLOWED                                  Handle        = 0x80310078
+	FVE_E_POLICY_USER_DISABLE_RDV_NOT_ALLOWED                                 Handle        = 0x80310079
+	FVE_E_POLICY_INVALID_PASSPHRASE_LENGTH                                    Handle        = 0x80310080
+	FVE_E_POLICY_PASSPHRASE_TOO_SIMPLE                                        Handle        = 0x80310081
+	FVE_E_RECOVERY_PARTITION                                                  Handle        = 0x80310082
+	FVE_E_POLICY_CONFLICT_FDV_RK_OFF_AUK_ON                                   Handle        = 0x80310083
+	FVE_E_POLICY_CONFLICT_RDV_RK_OFF_AUK_ON                                   Handle        = 0x80310084
+	FVE_E_NON_BITLOCKER_OID                                                   Handle        = 0x80310085
+	FVE_E_POLICY_PROHIBITS_SELFSIGNED                                         Handle        = 0x80310086
+	FVE_E_POLICY_CONFLICT_RO_AND_STARTUP_KEY_REQUIRED                         Handle        = 0x80310087
+	FVE_E_CONV_RECOVERY_FAILED                                                Handle        = 0x80310088
+	FVE_E_VIRTUALIZED_SPACE_TOO_BIG                                           Handle        = 0x80310089
+	FVE_E_POLICY_CONFLICT_OSV_RP_OFF_ADB_ON                                   Handle        = 0x80310090
+	FVE_E_POLICY_CONFLICT_FDV_RP_OFF_ADB_ON                                   Handle        = 0x80310091
+	FVE_E_POLICY_CONFLICT_RDV_RP_OFF_ADB_ON                                   Handle        = 0x80310092
+	FVE_E_NON_BITLOCKER_KU                                                    Handle        = 0x80310093
+	FVE_E_PRIVATEKEY_AUTH_FAILED                                              Handle        = 0x80310094
+	FVE_E_REMOVAL_OF_DRA_FAILED                                               Handle        = 0x80310095
+	FVE_E_OPERATION_NOT_SUPPORTED_ON_VISTA_VOLUME                             Handle        = 0x80310096
+	FVE_E_CANT_LOCK_AUTOUNLOCK_ENABLED_VOLUME                                 Handle        = 0x80310097
+	FVE_E_FIPS_HASH_KDF_NOT_ALLOWED                                           Handle        = 0x80310098
+	FVE_E_ENH_PIN_INVALID                                                     Handle        = 0x80310099
+	FVE_E_INVALID_PIN_CHARS                                                   Handle        = 0x8031009A
+	FVE_E_INVALID_DATUM_TYPE                                                  Handle        = 0x8031009B
+	FVE_E_EFI_ONLY                                                            Handle        = 0x8031009C
+	FVE_E_MULTIPLE_NKP_CERTS                                                  Handle        = 0x8031009D
+	FVE_E_REMOVAL_OF_NKP_FAILED                                               Handle        = 0x8031009E
+	FVE_E_INVALID_NKP_CERT                                                    Handle        = 0x8031009F
+	FVE_E_NO_EXISTING_PIN                                                     Handle        = 0x803100A0
+	FVE_E_PROTECTOR_CHANGE_PIN_MISMATCH                                       Handle        = 0x803100A1
+	FVE_E_PIN_PROTECTOR_CHANGE_BY_STD_USER_DISALLOWED                         Handle        = 0x803100A2
+	FVE_E_PROTECTOR_CHANGE_MAX_PIN_CHANGE_ATTEMPTS_REACHED                    Handle        = 0x803100A3
+	FVE_E_POLICY_PASSPHRASE_REQUIRES_ASCII                                    Handle        = 0x803100A4
+	FVE_E_FULL_ENCRYPTION_NOT_ALLOWED_ON_TP_STORAGE                           Handle        = 0x803100A5
+	FVE_E_WIPE_NOT_ALLOWED_ON_TP_STORAGE                                      Handle        = 0x803100A6
+	FVE_E_KEY_LENGTH_NOT_SUPPORTED_BY_EDRIVE                                  Handle        = 0x803100A7
+	FVE_E_NO_EXISTING_PASSPHRASE                                              Handle        = 0x803100A8
+	FVE_E_PROTECTOR_CHANGE_PASSPHRASE_MISMATCH                                Handle        = 0x803100A9
+	FVE_E_PASSPHRASE_TOO_LONG                                                 Handle        = 0x803100AA
+	FVE_E_NO_PASSPHRASE_WITH_TPM                                              Handle        = 0x803100AB
+	FVE_E_NO_TPM_WITH_PASSPHRASE                                              Handle        = 0x803100AC
+	FVE_E_NOT_ALLOWED_ON_CSV_STACK                                            Handle        = 0x803100AD
+	FVE_E_NOT_ALLOWED_ON_CLUSTER                                              Handle        = 0x803100AE
+	FVE_E_EDRIVE_NO_FAILOVER_TO_SW                                            Handle        = 0x803100AF
+	FVE_E_EDRIVE_BAND_IN_USE                                                  Handle        = 0x803100B0
+	FVE_E_EDRIVE_DISALLOWED_BY_GP                                             Handle        = 0x803100B1
+	FVE_E_EDRIVE_INCOMPATIBLE_VOLUME                                          Handle        = 0x803100B2
+	FVE_E_NOT_ALLOWED_TO_UPGRADE_WHILE_CONVERTING                             Handle        = 0x803100B3
+	FVE_E_EDRIVE_DV_NOT_SUPPORTED                                             Handle        = 0x803100B4
+	FVE_E_NO_PREBOOT_KEYBOARD_DETECTED                                        Handle        = 0x803100B5
+	FVE_E_NO_PREBOOT_KEYBOARD_OR_WINRE_DETECTED                               Handle        = 0x803100B6
+	FVE_E_POLICY_REQUIRES_STARTUP_PIN_ON_TOUCH_DEVICE                         Handle        = 0x803100B7
+	FVE_E_POLICY_REQUIRES_RECOVERY_PASSWORD_ON_TOUCH_DEVICE                   Handle        = 0x803100B8
+	FVE_E_WIPE_CANCEL_NOT_APPLICABLE                                          Handle        = 0x803100B9
+	FVE_E_SECUREBOOT_DISABLED                                                 Handle        = 0x803100BA
+	FVE_E_SECUREBOOT_CONFIGURATION_INVALID                                    Handle        = 0x803100BB
+	FVE_E_EDRIVE_DRY_RUN_FAILED                                               Handle        = 0x803100BC
+	FVE_E_SHADOW_COPY_PRESENT                                                 Handle        = 0x803100BD
+	FVE_E_POLICY_INVALID_ENHANCED_BCD_SETTINGS                                Handle        = 0x803100BE
+	FVE_E_EDRIVE_INCOMPATIBLE_FIRMWARE                                        Handle        = 0x803100BF
+	FVE_E_PROTECTOR_CHANGE_MAX_PASSPHRASE_CHANGE_ATTEMPTS_REACHED             Handle        = 0x803100C0
+	FVE_E_PASSPHRASE_PROTECTOR_CHANGE_BY_STD_USER_DISALLOWED                  Handle        = 0x803100C1
+	FVE_E_LIVEID_ACCOUNT_SUSPENDED                                            Handle        = 0x803100C2
+	FVE_E_LIVEID_ACCOUNT_BLOCKED                                              Handle        = 0x803100C3
+	FVE_E_NOT_PROVISIONED_ON_ALL_VOLUMES                                      Handle        = 0x803100C4
+	FVE_E_DE_FIXED_DATA_NOT_SUPPORTED                                         Handle        = 0x803100C5
+	FVE_E_DE_HARDWARE_NOT_COMPLIANT                                           Handle        = 0x803100C6
+	FVE_E_DE_WINRE_NOT_CONFIGURED                                             Handle        = 0x803100C7
+	FVE_E_DE_PROTECTION_SUSPENDED                                             Handle        = 0x803100C8
+	FVE_E_DE_OS_VOLUME_NOT_PROTECTED                                          Handle        = 0x803100C9
+	FVE_E_DE_DEVICE_LOCKEDOUT                                                 Handle        = 0x803100CA
+	FVE_E_DE_PROTECTION_NOT_YET_ENABLED                                       Handle        = 0x803100CB
+	FVE_E_INVALID_PIN_CHARS_DETAILED                                          Handle        = 0x803100CC
+	FVE_E_DEVICE_LOCKOUT_COUNTER_UNAVAILABLE                                  Handle        = 0x803100CD
+	FVE_E_DEVICELOCKOUT_COUNTER_MISMATCH                                      Handle        = 0x803100CE
+	FVE_E_BUFFER_TOO_LARGE                                                    Handle        = 0x803100CF
+	FVE_E_NO_SUCH_CAPABILITY_ON_TARGET                                        Handle        = 0x803100D0
+	FVE_E_DE_PREVENTED_FOR_OS                                                 Handle        = 0x803100D1
+	FVE_E_DE_VOLUME_OPTED_OUT                                                 Handle        = 0x803100D2
+	FVE_E_DE_VOLUME_NOT_SUPPORTED                                             Handle        = 0x803100D3
+	FVE_E_EOW_NOT_SUPPORTED_IN_VERSION                                        Handle        = 0x803100D4
+	FVE_E_ADBACKUP_NOT_ENABLED                                                Handle        = 0x803100D5
+	FVE_E_VOLUME_EXTEND_PREVENTS_EOW_DECRYPT                                  Handle        = 0x803100D6
+	FVE_E_NOT_DE_VOLUME                                                       Handle        = 0x803100D7
+	FVE_E_PROTECTION_CANNOT_BE_DISABLED                                       Handle        = 0x803100D8
+	FVE_E_OSV_KSR_NOT_ALLOWED                                                 Handle        = 0x803100D9
+	FVE_E_AD_BACKUP_REQUIRED_POLICY_NOT_SET_OS_DRIVE                          Handle        = 0x803100DA
+	FVE_E_AD_BACKUP_REQUIRED_POLICY_NOT_SET_FIXED_DRIVE                       Handle        = 0x803100DB
+	FVE_E_AD_BACKUP_REQUIRED_POLICY_NOT_SET_REMOVABLE_DRIVE                   Handle        = 0x803100DC
+	FVE_E_KEY_ROTATION_NOT_SUPPORTED                                          Handle        = 0x803100DD
+	FVE_E_EXECUTE_REQUEST_SENT_TOO_SOON                                       Handle        = 0x803100DE
+	FVE_E_KEY_ROTATION_NOT_ENABLED                                            Handle        = 0x803100DF
+	FVE_E_DEVICE_NOT_JOINED                                                   Handle        = 0x803100E0
+	FWP_E_CALLOUT_NOT_FOUND                                                   Handle        = 0x80320001
+	FWP_E_CONDITION_NOT_FOUND                                                 Handle        = 0x80320002
+	FWP_E_FILTER_NOT_FOUND                                                    Handle        = 0x80320003
+	FWP_E_LAYER_NOT_FOUND                                                     Handle        = 0x80320004
+	FWP_E_PROVIDER_NOT_FOUND                                                  Handle        = 0x80320005
+	FWP_E_PROVIDER_CONTEXT_NOT_FOUND                                          Handle        = 0x80320006
+	FWP_E_SUBLAYER_NOT_FOUND                                                  Handle        = 0x80320007
+	FWP_E_NOT_FOUND                                                           Handle        = 0x80320008
+	FWP_E_ALREADY_EXISTS                                                      Handle        = 0x80320009
+	FWP_E_IN_USE                                                              Handle        = 0x8032000A
+	FWP_E_DYNAMIC_SESSION_IN_PROGRESS                                         Handle        = 0x8032000B
+	FWP_E_WRONG_SESSION                                                       Handle        = 0x8032000C
+	FWP_E_NO_TXN_IN_PROGRESS                                                  Handle        = 0x8032000D
+	FWP_E_TXN_IN_PROGRESS                                                     Handle        = 0x8032000E
+	FWP_E_TXN_ABORTED                                                         Handle        = 0x8032000F
+	FWP_E_SESSION_ABORTED                                                     Handle        = 0x80320010
+	FWP_E_INCOMPATIBLE_TXN                                                    Handle        = 0x80320011
+	FWP_E_TIMEOUT                                                             Handle        = 0x80320012
+	FWP_E_NET_EVENTS_DISABLED                                                 Handle        = 0x80320013
+	FWP_E_INCOMPATIBLE_LAYER                                                  Handle        = 0x80320014
+	FWP_E_KM_CLIENTS_ONLY                                                     Handle        = 0x80320015
+	FWP_E_LIFETIME_MISMATCH                                                   Handle        = 0x80320016
+	FWP_E_BUILTIN_OBJECT                                                      Handle        = 0x80320017
+	FWP_E_TOO_MANY_CALLOUTS                                                   Handle        = 0x80320018
+	FWP_E_NOTIFICATION_DROPPED                                                Handle        = 0x80320019
+	FWP_E_TRAFFIC_MISMATCH                                                    Handle        = 0x8032001A
+	FWP_E_INCOMPATIBLE_SA_STATE                                               Handle        = 0x8032001B
+	FWP_E_NULL_POINTER                                                        Handle        = 0x8032001C
+	FWP_E_INVALID_ENUMERATOR                                                  Handle        = 0x8032001D
+	FWP_E_INVALID_FLAGS                                                       Handle        = 0x8032001E
+	FWP_E_INVALID_NET_MASK                                                    Handle        = 0x8032001F
+	FWP_E_INVALID_RANGE                                                       Handle        = 0x80320020
+	FWP_E_INVALID_INTERVAL                                                    Handle        = 0x80320021
+	FWP_E_ZERO_LENGTH_ARRAY                                                   Handle        = 0x80320022
+	FWP_E_NULL_DISPLAY_NAME                                                   Handle        = 0x80320023
+	FWP_E_INVALID_ACTION_TYPE                                                 Handle        = 0x80320024
+	FWP_E_INVALID_WEIGHT                                                      Handle        = 0x80320025
+	FWP_E_MATCH_TYPE_MISMATCH                                                 Handle        = 0x80320026
+	FWP_E_TYPE_MISMATCH                                                       Handle        = 0x80320027
+	FWP_E_OUT_OF_BOUNDS                                                       Handle        = 0x80320028
+	FWP_E_RESERVED                                                            Handle        = 0x80320029
+	FWP_E_DUPLICATE_CONDITION                                                 Handle        = 0x8032002A
+	FWP_E_DUPLICATE_KEYMOD                                                    Handle        = 0x8032002B
+	FWP_E_ACTION_INCOMPATIBLE_WITH_LAYER                                      Handle        = 0x8032002C
+	FWP_E_ACTION_INCOMPATIBLE_WITH_SUBLAYER                                   Handle        = 0x8032002D
+	FWP_E_CONTEXT_INCOMPATIBLE_WITH_LAYER                                     Handle        = 0x8032002E
+	FWP_E_CONTEXT_INCOMPATIBLE_WITH_CALLOUT                                   Handle        = 0x8032002F
+	FWP_E_INCOMPATIBLE_AUTH_METHOD                                            Handle        = 0x80320030
+	FWP_E_INCOMPATIBLE_DH_GROUP                                               Handle        = 0x80320031
+	FWP_E_EM_NOT_SUPPORTED                                                    Handle        = 0x80320032
+	FWP_E_NEVER_MATCH                                                         Handle        = 0x80320033
+	FWP_E_PROVIDER_CONTEXT_MISMATCH                                           Handle        = 0x80320034
+	FWP_E_INVALID_PARAMETER                                                   Handle        = 0x80320035
+	FWP_E_TOO_MANY_SUBLAYERS                                                  Handle        = 0x80320036
+	FWP_E_CALLOUT_NOTIFICATION_FAILED                                         Handle        = 0x80320037
+	FWP_E_INVALID_AUTH_TRANSFORM                                              Handle        = 0x80320038
+	FWP_E_INVALID_CIPHER_TRANSFORM                                            Handle        = 0x80320039
+	FWP_E_INCOMPATIBLE_CIPHER_TRANSFORM                                       Handle        = 0x8032003A
+	FWP_E_INVALID_TRANSFORM_COMBINATION                                       Handle        = 0x8032003B
+	FWP_E_DUPLICATE_AUTH_METHOD                                               Handle        = 0x8032003C
+	FWP_E_INVALID_TUNNEL_ENDPOINT                                             Handle        = 0x8032003D
+	FWP_E_L2_DRIVER_NOT_READY                                                 Handle        = 0x8032003E
+	FWP_E_KEY_DICTATOR_ALREADY_REGISTERED                                     Handle        = 0x8032003F
+	FWP_E_KEY_DICTATION_INVALID_KEYING_MATERIAL                               Handle        = 0x80320040
+	FWP_E_CONNECTIONS_DISABLED                                                Handle        = 0x80320041
+	FWP_E_INVALID_DNS_NAME                                                    Handle        = 0x80320042
+	FWP_E_STILL_ON                                                            Handle        = 0x80320043
+	FWP_E_IKEEXT_NOT_RUNNING                                                  Handle        = 0x80320044
+	FWP_E_DROP_NOICMP                                                         Handle        = 0x80320104
+	WS_S_ASYNC                                                                Handle        = 0x003D0000
+	WS_S_END                                                                  Handle        = 0x003D0001
+	WS_E_INVALID_FORMAT                                                       Handle        = 0x803D0000
+	WS_E_OBJECT_FAULTED                                                       Handle        = 0x803D0001
+	WS_E_NUMERIC_OVERFLOW                                                     Handle        = 0x803D0002
+	WS_E_INVALID_OPERATION                                                    Handle        = 0x803D0003
+	WS_E_OPERATION_ABORTED                                                    Handle        = 0x803D0004
+	WS_E_ENDPOINT_ACCESS_DENIED                                               Handle        = 0x803D0005
+	WS_E_OPERATION_TIMED_OUT                                                  Handle        = 0x803D0006
+	WS_E_OPERATION_ABANDONED                                                  Handle        = 0x803D0007
+	WS_E_QUOTA_EXCEEDED                                                       Handle        = 0x803D0008
+	WS_E_NO_TRANSLATION_AVAILABLE                                             Handle        = 0x803D0009
+	WS_E_SECURITY_VERIFICATION_FAILURE                                        Handle        = 0x803D000A
+	WS_E_ADDRESS_IN_USE                                                       Handle        = 0x803D000B
+	WS_E_ADDRESS_NOT_AVAILABLE                                                Handle        = 0x803D000C
+	WS_E_ENDPOINT_NOT_FOUND                                                   Handle        = 0x803D000D
+	WS_E_ENDPOINT_NOT_AVAILABLE                                               Handle        = 0x803D000E
+	WS_E_ENDPOINT_FAILURE                                                     Handle        = 0x803D000F
+	WS_E_ENDPOINT_UNREACHABLE                                                 Handle        = 0x803D0010
+	WS_E_ENDPOINT_ACTION_NOT_SUPPORTED                                        Handle        = 0x803D0011
+	WS_E_ENDPOINT_TOO_BUSY                                                    Handle        = 0x803D0012
+	WS_E_ENDPOINT_FAULT_RECEIVED                                              Handle        = 0x803D0013
+	WS_E_ENDPOINT_DISCONNECTED                                                Handle        = 0x803D0014
+	WS_E_PROXY_FAILURE                                                        Handle        = 0x803D0015
+	WS_E_PROXY_ACCESS_DENIED                                                  Handle        = 0x803D0016
+	WS_E_NOT_SUPPORTED                                                        Handle        = 0x803D0017
+	WS_E_PROXY_REQUIRES_BASIC_AUTH                                            Handle        = 0x803D0018
+	WS_E_PROXY_REQUIRES_DIGEST_AUTH                                           Handle        = 0x803D0019
+	WS_E_PROXY_REQUIRES_NTLM_AUTH                                             Handle        = 0x803D001A
+	WS_E_PROXY_REQUIRES_NEGOTIATE_AUTH                                        Handle        = 0x803D001B
+	WS_E_SERVER_REQUIRES_BASIC_AUTH                                           Handle        = 0x803D001C
+	WS_E_SERVER_REQUIRES_DIGEST_AUTH                                          Handle        = 0x803D001D
+	WS_E_SERVER_REQUIRES_NTLM_AUTH                                            Handle        = 0x803D001E
+	WS_E_SERVER_REQUIRES_NEGOTIATE_AUTH                                       Handle        = 0x803D001F
+	WS_E_INVALID_ENDPOINT_URL                                                 Handle        = 0x803D0020
+	WS_E_OTHER                                                                Handle        = 0x803D0021
+	WS_E_SECURITY_TOKEN_EXPIRED                                               Handle        = 0x803D0022
+	WS_E_SECURITY_SYSTEM_FAILURE                                              Handle        = 0x803D0023
+	ERROR_NDIS_INTERFACE_CLOSING                                              syscall.Errno = 0x80340002
+	ERROR_NDIS_BAD_VERSION                                                    syscall.Errno = 0x80340004
+	ERROR_NDIS_BAD_CHARACTERISTICS                                            syscall.Errno = 0x80340005
+	ERROR_NDIS_ADAPTER_NOT_FOUND                                              syscall.Errno = 0x80340006
+	ERROR_NDIS_OPEN_FAILED                                                    syscall.Errno = 0x80340007
+	ERROR_NDIS_DEVICE_FAILED                                                  syscall.Errno = 0x80340008
+	ERROR_NDIS_MULTICAST_FULL                                                 syscall.Errno = 0x80340009
+	ERROR_NDIS_MULTICAST_EXISTS                                               syscall.Errno = 0x8034000A
+	ERROR_NDIS_MULTICAST_NOT_FOUND                                            syscall.Errno = 0x8034000B
+	ERROR_NDIS_REQUEST_ABORTED                                                syscall.Errno = 0x8034000C
+	ERROR_NDIS_RESET_IN_PROGRESS                                              syscall.Errno = 0x8034000D
+	ERROR_NDIS_NOT_SUPPORTED                                                  syscall.Errno = 0x803400BB
+	ERROR_NDIS_INVALID_PACKET                                                 syscall.Errno = 0x8034000F
+	ERROR_NDIS_ADAPTER_NOT_READY                                              syscall.Errno = 0x80340011
+	ERROR_NDIS_INVALID_LENGTH                                                 syscall.Errno = 0x80340014
+	ERROR_NDIS_INVALID_DATA                                                   syscall.Errno = 0x80340015
+	ERROR_NDIS_BUFFER_TOO_SHORT                                               syscall.Errno = 0x80340016
+	ERROR_NDIS_INVALID_OID                                                    syscall.Errno = 0x80340017
+	ERROR_NDIS_ADAPTER_REMOVED                                                syscall.Errno = 0x80340018
+	ERROR_NDIS_UNSUPPORTED_MEDIA                                              syscall.Errno = 0x80340019
+	ERROR_NDIS_GROUP_ADDRESS_IN_USE                                           syscall.Errno = 0x8034001A
+	ERROR_NDIS_FILE_NOT_FOUND                                                 syscall.Errno = 0x8034001B
+	ERROR_NDIS_ERROR_READING_FILE                                             syscall.Errno = 0x8034001C
+	ERROR_NDIS_ALREADY_MAPPED                                                 syscall.Errno = 0x8034001D
+	ERROR_NDIS_RESOURCE_CONFLICT                                              syscall.Errno = 0x8034001E
+	ERROR_NDIS_MEDIA_DISCONNECTED                                             syscall.Errno = 0x8034001F
+	ERROR_NDIS_INVALID_ADDRESS                                                syscall.Errno = 0x80340022
+	ERROR_NDIS_INVALID_DEVICE_REQUEST                                         syscall.Errno = 0x80340010
+	ERROR_NDIS_PAUSED                                                         syscall.Errno = 0x8034002A
+	ERROR_NDIS_INTERFACE_NOT_FOUND                                            syscall.Errno = 0x8034002B
+	ERROR_NDIS_UNSUPPORTED_REVISION                                           syscall.Errno = 0x8034002C
+	ERROR_NDIS_INVALID_PORT                                                   syscall.Errno = 0x8034002D
+	ERROR_NDIS_INVALID_PORT_STATE                                             syscall.Errno = 0x8034002E
+	ERROR_NDIS_LOW_POWER_STATE                                                syscall.Errno = 0x8034002F
+	ERROR_NDIS_REINIT_REQUIRED                                                syscall.Errno = 0x80340030
+	ERROR_NDIS_NO_QUEUES                                                      syscall.Errno = 0x80340031
+	ERROR_NDIS_DOT11_AUTO_CONFIG_ENABLED                                      syscall.Errno = 0x80342000
+	ERROR_NDIS_DOT11_MEDIA_IN_USE                                             syscall.Errno = 0x80342001
+	ERROR_NDIS_DOT11_POWER_STATE_INVALID                                      syscall.Errno = 0x80342002
+	ERROR_NDIS_PM_WOL_PATTERN_LIST_FULL                                       syscall.Errno = 0x80342003
+	ERROR_NDIS_PM_PROTOCOL_OFFLOAD_LIST_FULL                                  syscall.Errno = 0x80342004
+	ERROR_NDIS_DOT11_AP_CHANNEL_CURRENTLY_NOT_AVAILABLE                       syscall.Errno = 0x80342005
+	ERROR_NDIS_DOT11_AP_BAND_CURRENTLY_NOT_AVAILABLE                          syscall.Errno = 0x80342006
+	ERROR_NDIS_DOT11_AP_CHANNEL_NOT_ALLOWED                                   syscall.Errno = 0x80342007
+	ERROR_NDIS_DOT11_AP_BAND_NOT_ALLOWED                                      syscall.Errno = 0x80342008
+	ERROR_NDIS_INDICATION_REQUIRED                                            syscall.Errno = 0x00340001
+	ERROR_NDIS_OFFLOAD_POLICY                                                 syscall.Errno = 0xC034100F
+	ERROR_NDIS_OFFLOAD_CONNECTION_REJECTED                                    syscall.Errno = 0xC0341012
+	ERROR_NDIS_OFFLOAD_PATH_REJECTED                                          syscall.Errno = 0xC0341013
+	ERROR_HV_INVALID_HYPERCALL_CODE                                           syscall.Errno = 0xC0350002
+	ERROR_HV_INVALID_HYPERCALL_INPUT                                          syscall.Errno = 0xC0350003
+	ERROR_HV_INVALID_ALIGNMENT                                                syscall.Errno = 0xC0350004
+	ERROR_HV_INVALID_PARAMETER                                                syscall.Errno = 0xC0350005
+	ERROR_HV_ACCESS_DENIED                                                    syscall.Errno = 0xC0350006
+	ERROR_HV_INVALID_PARTITION_STATE                                          syscall.Errno = 0xC0350007
+	ERROR_HV_OPERATION_DENIED                                                 syscall.Errno = 0xC0350008
+	ERROR_HV_UNKNOWN_PROPERTY                                                 syscall.Errno = 0xC0350009
+	ERROR_HV_PROPERTY_VALUE_OUT_OF_RANGE                                      syscall.Errno = 0xC035000A
+	ERROR_HV_INSUFFICIENT_MEMORY                                              syscall.Errno = 0xC035000B
+	ERROR_HV_PARTITION_TOO_DEEP                                               syscall.Errno = 0xC035000C
+	ERROR_HV_INVALID_PARTITION_ID                                             syscall.Errno = 0xC035000D
+	ERROR_HV_INVALID_VP_INDEX                                                 syscall.Errno = 0xC035000E
+	ERROR_HV_INVALID_PORT_ID                                                  syscall.Errno = 0xC0350011
+	ERROR_HV_INVALID_CONNECTION_ID                                            syscall.Errno = 0xC0350012
+	ERROR_HV_INSUFFICIENT_BUFFERS                                             syscall.Errno = 0xC0350013
+	ERROR_HV_NOT_ACKNOWLEDGED                                                 syscall.Errno = 0xC0350014
+	ERROR_HV_INVALID_VP_STATE                                                 syscall.Errno = 0xC0350015
+	ERROR_HV_ACKNOWLEDGED                                                     syscall.Errno = 0xC0350016
+	ERROR_HV_INVALID_SAVE_RESTORE_STATE                                       syscall.Errno = 0xC0350017
+	ERROR_HV_INVALID_SYNIC_STATE                                              syscall.Errno = 0xC0350018
+	ERROR_HV_OBJECT_IN_USE                                                    syscall.Errno = 0xC0350019
+	ERROR_HV_INVALID_PROXIMITY_DOMAIN_INFO                                    syscall.Errno = 0xC035001A
+	ERROR_HV_NO_DATA                                                          syscall.Errno = 0xC035001B
+	ERROR_HV_INACTIVE                                                         syscall.Errno = 0xC035001C
+	ERROR_HV_NO_RESOURCES                                                     syscall.Errno = 0xC035001D
+	ERROR_HV_FEATURE_UNAVAILABLE                                              syscall.Errno = 0xC035001E
+	ERROR_HV_INSUFFICIENT_BUFFER                                              syscall.Errno = 0xC0350033
+	ERROR_HV_INSUFFICIENT_DEVICE_DOMAINS                                      syscall.Errno = 0xC0350038
+	ERROR_HV_CPUID_FEATURE_VALIDATION                                         syscall.Errno = 0xC035003C
+	ERROR_HV_CPUID_XSAVE_FEATURE_VALIDATION                                   syscall.Errno = 0xC035003D
+	ERROR_HV_PROCESSOR_STARTUP_TIMEOUT                                        syscall.Errno = 0xC035003E
+	ERROR_HV_SMX_ENABLED                                                      syscall.Errno = 0xC035003F
+	ERROR_HV_INVALID_LP_INDEX                                                 syscall.Errno = 0xC0350041
+	ERROR_HV_INVALID_REGISTER_VALUE                                           syscall.Errno = 0xC0350050
+	ERROR_HV_INVALID_VTL_STATE                                                syscall.Errno = 0xC0350051
+	ERROR_HV_NX_NOT_DETECTED                                                  syscall.Errno = 0xC0350055
+	ERROR_HV_INVALID_DEVICE_ID                                                syscall.Errno = 0xC0350057
+	ERROR_HV_INVALID_DEVICE_STATE                                             syscall.Errno = 0xC0350058
+	ERROR_HV_PENDING_PAGE_REQUESTS                                            syscall.Errno = 0x00350059
+	ERROR_HV_PAGE_REQUEST_INVALID                                             syscall.Errno = 0xC0350060
+	ERROR_HV_INVALID_CPU_GROUP_ID                                             syscall.Errno = 0xC035006F
+	ERROR_HV_INVALID_CPU_GROUP_STATE                                          syscall.Errno = 0xC0350070
+	ERROR_HV_OPERATION_FAILED                                                 syscall.Errno = 0xC0350071
+	ERROR_HV_NOT_ALLOWED_WITH_NESTED_VIRT_ACTIVE                              syscall.Errno = 0xC0350072
+	ERROR_HV_INSUFFICIENT_ROOT_MEMORY                                         syscall.Errno = 0xC0350073
+	ERROR_HV_NOT_PRESENT                                                      syscall.Errno = 0xC0351000
+	ERROR_VID_DUPLICATE_HANDLER                                               syscall.Errno = 0xC0370001
+	ERROR_VID_TOO_MANY_HANDLERS                                               syscall.Errno = 0xC0370002
+	ERROR_VID_QUEUE_FULL                                                      syscall.Errno = 0xC0370003
+	ERROR_VID_HANDLER_NOT_PRESENT                                             syscall.Errno = 0xC0370004
+	ERROR_VID_INVALID_OBJECT_NAME                                             syscall.Errno = 0xC0370005
+	ERROR_VID_PARTITION_NAME_TOO_LONG                                         syscall.Errno = 0xC0370006
+	ERROR_VID_MESSAGE_QUEUE_NAME_TOO_LONG                                     syscall.Errno = 0xC0370007
+	ERROR_VID_PARTITION_ALREADY_EXISTS                                        syscall.Errno = 0xC0370008
+	ERROR_VID_PARTITION_DOES_NOT_EXIST                                        syscall.Errno = 0xC0370009
+	ERROR_VID_PARTITION_NAME_NOT_FOUND                                        syscall.Errno = 0xC037000A
+	ERROR_VID_MESSAGE_QUEUE_ALREADY_EXISTS                                    syscall.Errno = 0xC037000B
+	ERROR_VID_EXCEEDED_MBP_ENTRY_MAP_LIMIT                                    syscall.Errno = 0xC037000C
+	ERROR_VID_MB_STILL_REFERENCED                                             syscall.Errno = 0xC037000D
+	ERROR_VID_CHILD_GPA_PAGE_SET_CORRUPTED                                    syscall.Errno = 0xC037000E
+	ERROR_VID_INVALID_NUMA_SETTINGS                                           syscall.Errno = 0xC037000F
+	ERROR_VID_INVALID_NUMA_NODE_INDEX                                         syscall.Errno = 0xC0370010
+	ERROR_VID_NOTIFICATION_QUEUE_ALREADY_ASSOCIATED                           syscall.Errno = 0xC0370011
+	ERROR_VID_INVALID_MEMORY_BLOCK_HANDLE                                     syscall.Errno = 0xC0370012
+	ERROR_VID_PAGE_RANGE_OVERFLOW                                             syscall.Errno = 0xC0370013
+	ERROR_VID_INVALID_MESSAGE_QUEUE_HANDLE                                    syscall.Errno = 0xC0370014
+	ERROR_VID_INVALID_GPA_RANGE_HANDLE                                        syscall.Errno = 0xC0370015
+	ERROR_VID_NO_MEMORY_BLOCK_NOTIFICATION_QUEUE                              syscall.Errno = 0xC0370016
+	ERROR_VID_MEMORY_BLOCK_LOCK_COUNT_EXCEEDED                                syscall.Errno = 0xC0370017
+	ERROR_VID_INVALID_PPM_HANDLE                                              syscall.Errno = 0xC0370018
+	ERROR_VID_MBPS_ARE_LOCKED                                                 syscall.Errno = 0xC0370019
+	ERROR_VID_MESSAGE_QUEUE_CLOSED                                            syscall.Errno = 0xC037001A
+	ERROR_VID_VIRTUAL_PROCESSOR_LIMIT_EXCEEDED                                syscall.Errno = 0xC037001B
+	ERROR_VID_STOP_PENDING                                                    syscall.Errno = 0xC037001C
+	ERROR_VID_INVALID_PROCESSOR_STATE                                         syscall.Errno = 0xC037001D
+	ERROR_VID_EXCEEDED_KM_CONTEXT_COUNT_LIMIT                                 syscall.Errno = 0xC037001E
+	ERROR_VID_KM_INTERFACE_ALREADY_INITIALIZED                                syscall.Errno = 0xC037001F
+	ERROR_VID_MB_PROPERTY_ALREADY_SET_RESET                                   syscall.Errno = 0xC0370020
+	ERROR_VID_MMIO_RANGE_DESTROYED                                            syscall.Errno = 0xC0370021
+	ERROR_VID_INVALID_CHILD_GPA_PAGE_SET                                      syscall.Errno = 0xC0370022
+	ERROR_VID_RESERVE_PAGE_SET_IS_BEING_USED                                  syscall.Errno = 0xC0370023
+	ERROR_VID_RESERVE_PAGE_SET_TOO_SMALL                                      syscall.Errno = 0xC0370024
+	ERROR_VID_MBP_ALREADY_LOCKED_USING_RESERVED_PAGE                          syscall.Errno = 0xC0370025
+	ERROR_VID_MBP_COUNT_EXCEEDED_LIMIT                                        syscall.Errno = 0xC0370026
+	ERROR_VID_SAVED_STATE_CORRUPT                                             syscall.Errno = 0xC0370027
+	ERROR_VID_SAVED_STATE_UNRECOGNIZED_ITEM                                   syscall.Errno = 0xC0370028
+	ERROR_VID_SAVED_STATE_INCOMPATIBLE                                        syscall.Errno = 0xC0370029
+	ERROR_VID_VTL_ACCESS_DENIED                                               syscall.Errno = 0xC037002A
+	ERROR_VMCOMPUTE_TERMINATED_DURING_START                                   syscall.Errno = 0xC0370100
+	ERROR_VMCOMPUTE_IMAGE_MISMATCH                                            syscall.Errno = 0xC0370101
+	ERROR_VMCOMPUTE_HYPERV_NOT_INSTALLED                                      syscall.Errno = 0xC0370102
+	ERROR_VMCOMPUTE_OPERATION_PENDING                                         syscall.Errno = 0xC0370103
+	ERROR_VMCOMPUTE_TOO_MANY_NOTIFICATIONS                                    syscall.Errno = 0xC0370104
+	ERROR_VMCOMPUTE_INVALID_STATE                                             syscall.Errno = 0xC0370105
+	ERROR_VMCOMPUTE_UNEXPECTED_EXIT                                           syscall.Errno = 0xC0370106
+	ERROR_VMCOMPUTE_TERMINATED                                                syscall.Errno = 0xC0370107
+	ERROR_VMCOMPUTE_CONNECT_FAILED                                            syscall.Errno = 0xC0370108
+	ERROR_VMCOMPUTE_TIMEOUT                                                   syscall.Errno = 0xC0370109
+	ERROR_VMCOMPUTE_CONNECTION_CLOSED                                         syscall.Errno = 0xC037010A
+	ERROR_VMCOMPUTE_UNKNOWN_MESSAGE                                           syscall.Errno = 0xC037010B
+	ERROR_VMCOMPUTE_UNSUPPORTED_PROTOCOL_VERSION                              syscall.Errno = 0xC037010C
+	ERROR_VMCOMPUTE_INVALID_JSON                                              syscall.Errno = 0xC037010D
+	ERROR_VMCOMPUTE_SYSTEM_NOT_FOUND                                          syscall.Errno = 0xC037010E
+	ERROR_VMCOMPUTE_SYSTEM_ALREADY_EXISTS                                     syscall.Errno = 0xC037010F
+	ERROR_VMCOMPUTE_SYSTEM_ALREADY_STOPPED                                    syscall.Errno = 0xC0370110
+	ERROR_VMCOMPUTE_PROTOCOL_ERROR                                            syscall.Errno = 0xC0370111
+	ERROR_VMCOMPUTE_INVALID_LAYER                                             syscall.Errno = 0xC0370112
+	ERROR_VMCOMPUTE_WINDOWS_INSIDER_REQUIRED                                  syscall.Errno = 0xC0370113
+	HCS_E_TERMINATED_DURING_START                                             Handle        = 0x80370100
+	HCS_E_IMAGE_MISMATCH                                                      Handle        = 0x80370101
+	HCS_E_HYPERV_NOT_INSTALLED                                                Handle        = 0x80370102
+	HCS_E_INVALID_STATE                                                       Handle        = 0x80370105
+	HCS_E_UNEXPECTED_EXIT                                                     Handle        = 0x80370106
+	HCS_E_TERMINATED                                                          Handle        = 0x80370107
+	HCS_E_CONNECT_FAILED                                                      Handle        = 0x80370108
+	HCS_E_CONNECTION_TIMEOUT                                                  Handle        = 0x80370109
+	HCS_E_CONNECTION_CLOSED                                                   Handle        = 0x8037010A
+	HCS_E_UNKNOWN_MESSAGE                                                     Handle        = 0x8037010B
+	HCS_E_UNSUPPORTED_PROTOCOL_VERSION                                        Handle        = 0x8037010C
+	HCS_E_INVALID_JSON                                                        Handle        = 0x8037010D
+	HCS_E_SYSTEM_NOT_FOUND                                                    Handle        = 0x8037010E
+	HCS_E_SYSTEM_ALREADY_EXISTS                                               Handle        = 0x8037010F
+	HCS_E_SYSTEM_ALREADY_STOPPED                                              Handle        = 0x80370110
+	HCS_E_PROTOCOL_ERROR                                                      Handle        = 0x80370111
+	HCS_E_INVALID_LAYER                                                       Handle        = 0x80370112
+	HCS_E_WINDOWS_INSIDER_REQUIRED                                            Handle        = 0x80370113
+	HCS_E_SERVICE_NOT_AVAILABLE                                               Handle        = 0x80370114
+	HCS_E_OPERATION_NOT_STARTED                                               Handle        = 0x80370115
+	HCS_E_OPERATION_ALREADY_STARTED                                           Handle        = 0x80370116
+	HCS_E_OPERATION_PENDING                                                   Handle        = 0x80370117
+	HCS_E_OPERATION_TIMEOUT                                                   Handle        = 0x80370118
+	HCS_E_OPERATION_SYSTEM_CALLBACK_ALREADY_SET                               Handle        = 0x80370119
+	HCS_E_OPERATION_RESULT_ALLOCATION_FAILED                                  Handle        = 0x8037011A
+	HCS_E_ACCESS_DENIED                                                       Handle        = 0x8037011B
+	HCS_E_GUEST_CRITICAL_ERROR                                                Handle        = 0x8037011C
+	ERROR_VNET_VIRTUAL_SWITCH_NAME_NOT_FOUND                                  syscall.Errno = 0xC0370200
+	ERROR_VID_REMOTE_NODE_PARENT_GPA_PAGES_USED                               syscall.Errno = 0x80370001
+	WHV_E_UNKNOWN_CAPABILITY                                                  Handle        = 0x80370300
+	WHV_E_INSUFFICIENT_BUFFER                                                 Handle        = 0x80370301
+	WHV_E_UNKNOWN_PROPERTY                                                    Handle        = 0x80370302
+	WHV_E_UNSUPPORTED_HYPERVISOR_CONFIG                                       Handle        = 0x80370303
+	WHV_E_INVALID_PARTITION_CONFIG                                            Handle        = 0x80370304
+	WHV_E_GPA_RANGE_NOT_FOUND                                                 Handle        = 0x80370305
+	WHV_E_VP_ALREADY_EXISTS                                                   Handle        = 0x80370306
+	WHV_E_VP_DOES_NOT_EXIST                                                   Handle        = 0x80370307
+	WHV_E_INVALID_VP_STATE                                                    Handle        = 0x80370308
+	WHV_E_INVALID_VP_REGISTER_NAME                                            Handle        = 0x80370309
+	ERROR_VSMB_SAVED_STATE_FILE_NOT_FOUND                                     syscall.Errno = 0xC0370400
+	ERROR_VSMB_SAVED_STATE_CORRUPT                                            syscall.Errno = 0xC0370401
+	ERROR_VOLMGR_INCOMPLETE_REGENERATION                                      syscall.Errno = 0x80380001
+	ERROR_VOLMGR_INCOMPLETE_DISK_MIGRATION                                    syscall.Errno = 0x80380002
+	ERROR_VOLMGR_DATABASE_FULL                                                syscall.Errno = 0xC0380001
+	ERROR_VOLMGR_DISK_CONFIGURATION_CORRUPTED                                 syscall.Errno = 0xC0380002
+	ERROR_VOLMGR_DISK_CONFIGURATION_NOT_IN_SYNC                               syscall.Errno = 0xC0380003
+	ERROR_VOLMGR_PACK_CONFIG_UPDATE_FAILED                                    syscall.Errno = 0xC0380004
+	ERROR_VOLMGR_DISK_CONTAINS_NON_SIMPLE_VOLUME                              syscall.Errno = 0xC0380005
+	ERROR_VOLMGR_DISK_DUPLICATE                                               syscall.Errno = 0xC0380006
+	ERROR_VOLMGR_DISK_DYNAMIC                                                 syscall.Errno = 0xC0380007
+	ERROR_VOLMGR_DISK_ID_INVALID                                              syscall.Errno = 0xC0380008
+	ERROR_VOLMGR_DISK_INVALID                                                 syscall.Errno = 0xC0380009
+	ERROR_VOLMGR_DISK_LAST_VOTER                                              syscall.Errno = 0xC038000A
+	ERROR_VOLMGR_DISK_LAYOUT_INVALID                                          syscall.Errno = 0xC038000B
+	ERROR_VOLMGR_DISK_LAYOUT_NON_BASIC_BETWEEN_BASIC_PARTITIONS               syscall.Errno = 0xC038000C
+	ERROR_VOLMGR_DISK_LAYOUT_NOT_CYLINDER_ALIGNED                             syscall.Errno = 0xC038000D
+	ERROR_VOLMGR_DISK_LAYOUT_PARTITIONS_TOO_SMALL                             syscall.Errno = 0xC038000E
+	ERROR_VOLMGR_DISK_LAYOUT_PRIMARY_BETWEEN_LOGICAL_PARTITIONS               syscall.Errno = 0xC038000F
+	ERROR_VOLMGR_DISK_LAYOUT_TOO_MANY_PARTITIONS                              syscall.Errno = 0xC0380010
+	ERROR_VOLMGR_DISK_MISSING                                                 syscall.Errno = 0xC0380011
+	ERROR_VOLMGR_DISK_NOT_EMPTY                                               syscall.Errno = 0xC0380012
+	ERROR_VOLMGR_DISK_NOT_ENOUGH_SPACE                                        syscall.Errno = 0xC0380013
+	ERROR_VOLMGR_DISK_REVECTORING_FAILED                                      syscall.Errno = 0xC0380014
+	ERROR_VOLMGR_DISK_SECTOR_SIZE_INVALID                                     syscall.Errno = 0xC0380015
+	ERROR_VOLMGR_DISK_SET_NOT_CONTAINED                                       syscall.Errno = 0xC0380016
+	ERROR_VOLMGR_DISK_USED_BY_MULTIPLE_MEMBERS                                syscall.Errno = 0xC0380017
+	ERROR_VOLMGR_DISK_USED_BY_MULTIPLE_PLEXES                                 syscall.Errno = 0xC0380018
+	ERROR_VOLMGR_DYNAMIC_DISK_NOT_SUPPORTED                                   syscall.Errno = 0xC0380019
+	ERROR_VOLMGR_EXTENT_ALREADY_USED                                          syscall.Errno = 0xC038001A
+	ERROR_VOLMGR_EXTENT_NOT_CONTIGUOUS                                        syscall.Errno = 0xC038001B
+	ERROR_VOLMGR_EXTENT_NOT_IN_PUBLIC_REGION                                  syscall.Errno = 0xC038001C
+	ERROR_VOLMGR_EXTENT_NOT_SECTOR_ALIGNED                                    syscall.Errno = 0xC038001D
+	ERROR_VOLMGR_EXTENT_OVERLAPS_EBR_PARTITION                                syscall.Errno = 0xC038001E
+	ERROR_VOLMGR_EXTENT_VOLUME_LENGTHS_DO_NOT_MATCH                           syscall.Errno = 0xC038001F
+	ERROR_VOLMGR_FAULT_TOLERANT_NOT_SUPPORTED                                 syscall.Errno = 0xC0380020
+	ERROR_VOLMGR_INTERLEAVE_LENGTH_INVALID                                    syscall.Errno = 0xC0380021
+	ERROR_VOLMGR_MAXIMUM_REGISTERED_USERS                                     syscall.Errno = 0xC0380022
+	ERROR_VOLMGR_MEMBER_IN_SYNC                                               syscall.Errno = 0xC0380023
+	ERROR_VOLMGR_MEMBER_INDEX_DUPLICATE                                       syscall.Errno = 0xC0380024
+	ERROR_VOLMGR_MEMBER_INDEX_INVALID                                         syscall.Errno = 0xC0380025
+	ERROR_VOLMGR_MEMBER_MISSING                                               syscall.Errno = 0xC0380026
+	ERROR_VOLMGR_MEMBER_NOT_DETACHED                                          syscall.Errno = 0xC0380027
+	ERROR_VOLMGR_MEMBER_REGENERATING                                          syscall.Errno = 0xC0380028
+	ERROR_VOLMGR_ALL_DISKS_FAILED                                             syscall.Errno = 0xC0380029
+	ERROR_VOLMGR_NO_REGISTERED_USERS                                          syscall.Errno = 0xC038002A
+	ERROR_VOLMGR_NO_SUCH_USER                                                 syscall.Errno = 0xC038002B
+	ERROR_VOLMGR_NOTIFICATION_RESET                                           syscall.Errno = 0xC038002C
+	ERROR_VOLMGR_NUMBER_OF_MEMBERS_INVALID                                    syscall.Errno = 0xC038002D
+	ERROR_VOLMGR_NUMBER_OF_PLEXES_INVALID                                     syscall.Errno = 0xC038002E
+	ERROR_VOLMGR_PACK_DUPLICATE                                               syscall.Errno = 0xC038002F
+	ERROR_VOLMGR_PACK_ID_INVALID                                              syscall.Errno = 0xC0380030
+	ERROR_VOLMGR_PACK_INVALID                                                 syscall.Errno = 0xC0380031
+	ERROR_VOLMGR_PACK_NAME_INVALID                                            syscall.Errno = 0xC0380032
+	ERROR_VOLMGR_PACK_OFFLINE                                                 syscall.Errno = 0xC0380033
+	ERROR_VOLMGR_PACK_HAS_QUORUM                                              syscall.Errno = 0xC0380034
+	ERROR_VOLMGR_PACK_WITHOUT_QUORUM                                          syscall.Errno = 0xC0380035
+	ERROR_VOLMGR_PARTITION_STYLE_INVALID                                      syscall.Errno = 0xC0380036
+	ERROR_VOLMGR_PARTITION_UPDATE_FAILED                                      syscall.Errno = 0xC0380037
+	ERROR_VOLMGR_PLEX_IN_SYNC                                                 syscall.Errno = 0xC0380038
+	ERROR_VOLMGR_PLEX_INDEX_DUPLICATE                                         syscall.Errno = 0xC0380039
+	ERROR_VOLMGR_PLEX_INDEX_INVALID                                           syscall.Errno = 0xC038003A
+	ERROR_VOLMGR_PLEX_LAST_ACTIVE                                             syscall.Errno = 0xC038003B
+	ERROR_VOLMGR_PLEX_MISSING                                                 syscall.Errno = 0xC038003C
+	ERROR_VOLMGR_PLEX_REGENERATING                                            syscall.Errno = 0xC038003D
+	ERROR_VOLMGR_PLEX_TYPE_INVALID                                            syscall.Errno = 0xC038003E
+	ERROR_VOLMGR_PLEX_NOT_RAID5                                               syscall.Errno = 0xC038003F
+	ERROR_VOLMGR_PLEX_NOT_SIMPLE                                              syscall.Errno = 0xC0380040
+	ERROR_VOLMGR_STRUCTURE_SIZE_INVALID                                       syscall.Errno = 0xC0380041
+	ERROR_VOLMGR_TOO_MANY_NOTIFICATION_REQUESTS                               syscall.Errno = 0xC0380042
+	ERROR_VOLMGR_TRANSACTION_IN_PROGRESS                                      syscall.Errno = 0xC0380043
+	ERROR_VOLMGR_UNEXPECTED_DISK_LAYOUT_CHANGE                                syscall.Errno = 0xC0380044
+	ERROR_VOLMGR_VOLUME_CONTAINS_MISSING_DISK                                 syscall.Errno = 0xC0380045
+	ERROR_VOLMGR_VOLUME_ID_INVALID                                            syscall.Errno = 0xC0380046
+	ERROR_VOLMGR_VOLUME_LENGTH_INVALID                                        syscall.Errno = 0xC0380047
+	ERROR_VOLMGR_VOLUME_LENGTH_NOT_SECTOR_SIZE_MULTIPLE                       syscall.Errno = 0xC0380048
+	ERROR_VOLMGR_VOLUME_NOT_MIRRORED                                          syscall.Errno = 0xC0380049
+	ERROR_VOLMGR_VOLUME_NOT_RETAINED                                          syscall.Errno = 0xC038004A
+	ERROR_VOLMGR_VOLUME_OFFLINE                                               syscall.Errno = 0xC038004B
+	ERROR_VOLMGR_VOLUME_RETAINED                                              syscall.Errno = 0xC038004C
+	ERROR_VOLMGR_NUMBER_OF_EXTENTS_INVALID                                    syscall.Errno = 0xC038004D
+	ERROR_VOLMGR_DIFFERENT_SECTOR_SIZE                                        syscall.Errno = 0xC038004E
+	ERROR_VOLMGR_BAD_BOOT_DISK                                                syscall.Errno = 0xC038004F
+	ERROR_VOLMGR_PACK_CONFIG_OFFLINE                                          syscall.Errno = 0xC0380050
+	ERROR_VOLMGR_PACK_CONFIG_ONLINE                                           syscall.Errno = 0xC0380051
+	ERROR_VOLMGR_NOT_PRIMARY_PACK                                             syscall.Errno = 0xC0380052
+	ERROR_VOLMGR_PACK_LOG_UPDATE_FAILED                                       syscall.Errno = 0xC0380053
+	ERROR_VOLMGR_NUMBER_OF_DISKS_IN_PLEX_INVALID                              syscall.Errno = 0xC0380054
+	ERROR_VOLMGR_NUMBER_OF_DISKS_IN_MEMBER_INVALID                            syscall.Errno = 0xC0380055
+	ERROR_VOLMGR_VOLUME_MIRRORED                                              syscall.Errno = 0xC0380056
+	ERROR_VOLMGR_PLEX_NOT_SIMPLE_SPANNED                                      syscall.Errno = 0xC0380057
+	ERROR_VOLMGR_NO_VALID_LOG_COPIES                                          syscall.Errno = 0xC0380058
+	ERROR_VOLMGR_PRIMARY_PACK_PRESENT                                         syscall.Errno = 0xC0380059
+	ERROR_VOLMGR_NUMBER_OF_DISKS_INVALID                                      syscall.Errno = 0xC038005A
+	ERROR_VOLMGR_MIRROR_NOT_SUPPORTED                                         syscall.Errno = 0xC038005B
+	ERROR_VOLMGR_RAID5_NOT_SUPPORTED                                          syscall.Errno = 0xC038005C
+	ERROR_BCD_NOT_ALL_ENTRIES_IMPORTED                                        syscall.Errno = 0x80390001
+	ERROR_BCD_TOO_MANY_ELEMENTS                                               syscall.Errno = 0xC0390002
+	ERROR_BCD_NOT_ALL_ENTRIES_SYNCHRONIZED                                    syscall.Errno = 0x80390003
+	ERROR_VHD_DRIVE_FOOTER_MISSING                                            syscall.Errno = 0xC03A0001
+	ERROR_VHD_DRIVE_FOOTER_CHECKSUM_MISMATCH                                  syscall.Errno = 0xC03A0002
+	ERROR_VHD_DRIVE_FOOTER_CORRUPT                                            syscall.Errno = 0xC03A0003
+	ERROR_VHD_FORMAT_UNKNOWN                                                  syscall.Errno = 0xC03A0004
+	ERROR_VHD_FORMAT_UNSUPPORTED_VERSION                                      syscall.Errno = 0xC03A0005
+	ERROR_VHD_SPARSE_HEADER_CHECKSUM_MISMATCH                                 syscall.Errno = 0xC03A0006
+	ERROR_VHD_SPARSE_HEADER_UNSUPPORTED_VERSION                               syscall.Errno = 0xC03A0007
+	ERROR_VHD_SPARSE_HEADER_CORRUPT                                           syscall.Errno = 0xC03A0008
+	ERROR_VHD_BLOCK_ALLOCATION_FAILURE                                        syscall.Errno = 0xC03A0009
+	ERROR_VHD_BLOCK_ALLOCATION_TABLE_CORRUPT                                  syscall.Errno = 0xC03A000A
+	ERROR_VHD_INVALID_BLOCK_SIZE                                              syscall.Errno = 0xC03A000B
+	ERROR_VHD_BITMAP_MISMATCH                                                 syscall.Errno = 0xC03A000C
+	ERROR_VHD_PARENT_VHD_NOT_FOUND                                            syscall.Errno = 0xC03A000D
+	ERROR_VHD_CHILD_PARENT_ID_MISMATCH                                        syscall.Errno = 0xC03A000E
+	ERROR_VHD_CHILD_PARENT_TIMESTAMP_MISMATCH                                 syscall.Errno = 0xC03A000F
+	ERROR_VHD_METADATA_READ_FAILURE                                           syscall.Errno = 0xC03A0010
+	ERROR_VHD_METADATA_WRITE_FAILURE                                          syscall.Errno = 0xC03A0011
+	ERROR_VHD_INVALID_SIZE                                                    syscall.Errno = 0xC03A0012
+	ERROR_VHD_INVALID_FILE_SIZE                                               syscall.Errno = 0xC03A0013
+	ERROR_VIRTDISK_PROVIDER_NOT_FOUND                                         syscall.Errno = 0xC03A0014
+	ERROR_VIRTDISK_NOT_VIRTUAL_DISK                                           syscall.Errno = 0xC03A0015
+	ERROR_VHD_PARENT_VHD_ACCESS_DENIED                                        syscall.Errno = 0xC03A0016
+	ERROR_VHD_CHILD_PARENT_SIZE_MISMATCH                                      syscall.Errno = 0xC03A0017
+	ERROR_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED                               syscall.Errno = 0xC03A0018
+	ERROR_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT                              syscall.Errno = 0xC03A0019
+	ERROR_VIRTUAL_DISK_LIMITATION                                             syscall.Errno = 0xC03A001A
+	ERROR_VHD_INVALID_TYPE                                                    syscall.Errno = 0xC03A001B
+	ERROR_VHD_INVALID_STATE                                                   syscall.Errno = 0xC03A001C
+	ERROR_VIRTDISK_UNSUPPORTED_DISK_SECTOR_SIZE                               syscall.Errno = 0xC03A001D
+	ERROR_VIRTDISK_DISK_ALREADY_OWNED                                         syscall.Errno = 0xC03A001E
+	ERROR_VIRTDISK_DISK_ONLINE_AND_WRITABLE                                   syscall.Errno = 0xC03A001F
+	ERROR_CTLOG_TRACKING_NOT_INITIALIZED                                      syscall.Errno = 0xC03A0020
+	ERROR_CTLOG_LOGFILE_SIZE_EXCEEDED_MAXSIZE                                 syscall.Errno = 0xC03A0021
+	ERROR_CTLOG_VHD_CHANGED_OFFLINE                                           syscall.Errno = 0xC03A0022
+	ERROR_CTLOG_INVALID_TRACKING_STATE                                        syscall.Errno = 0xC03A0023
+	ERROR_CTLOG_INCONSISTENT_TRACKING_FILE                                    syscall.Errno = 0xC03A0024
+	ERROR_VHD_RESIZE_WOULD_TRUNCATE_DATA                                      syscall.Errno = 0xC03A0025
+	ERROR_VHD_COULD_NOT_COMPUTE_MINIMUM_VIRTUAL_SIZE                          syscall.Errno = 0xC03A0026
+	ERROR_VHD_ALREADY_AT_OR_BELOW_MINIMUM_VIRTUAL_SIZE                        syscall.Errno = 0xC03A0027
+	ERROR_VHD_METADATA_FULL                                                   syscall.Errno = 0xC03A0028
+	ERROR_VHD_INVALID_CHANGE_TRACKING_ID                                      syscall.Errno = 0xC03A0029
+	ERROR_VHD_CHANGE_TRACKING_DISABLED                                        syscall.Errno = 0xC03A002A
+	ERROR_VHD_MISSING_CHANGE_TRACKING_INFORMATION                             syscall.Errno = 0xC03A0030
+	ERROR_QUERY_STORAGE_ERROR                                                 syscall.Errno = 0x803A0001
+	HCN_E_NETWORK_NOT_FOUND                                                   Handle        = 0x803B0001
+	HCN_E_ENDPOINT_NOT_FOUND                                                  Handle        = 0x803B0002
+	HCN_E_LAYER_NOT_FOUND                                                     Handle        = 0x803B0003
+	HCN_E_SWITCH_NOT_FOUND                                                    Handle        = 0x803B0004
+	HCN_E_SUBNET_NOT_FOUND                                                    Handle        = 0x803B0005
+	HCN_E_ADAPTER_NOT_FOUND                                                   Handle        = 0x803B0006
+	HCN_E_PORT_NOT_FOUND                                                      Handle        = 0x803B0007
+	HCN_E_POLICY_NOT_FOUND                                                    Handle        = 0x803B0008
+	HCN_E_VFP_PORTSETTING_NOT_FOUND                                           Handle        = 0x803B0009
+	HCN_E_INVALID_NETWORK                                                     Handle        = 0x803B000A
+	HCN_E_INVALID_NETWORK_TYPE                                                Handle        = 0x803B000B
+	HCN_E_INVALID_ENDPOINT                                                    Handle        = 0x803B000C
+	HCN_E_INVALID_POLICY                                                      Handle        = 0x803B000D
+	HCN_E_INVALID_POLICY_TYPE                                                 Handle        = 0x803B000E
+	HCN_E_INVALID_REMOTE_ENDPOINT_OPERATION                                   Handle        = 0x803B000F
+	HCN_E_NETWORK_ALREADY_EXISTS                                              Handle        = 0x803B0010
+	HCN_E_LAYER_ALREADY_EXISTS                                                Handle        = 0x803B0011
+	HCN_E_POLICY_ALREADY_EXISTS                                               Handle        = 0x803B0012
+	HCN_E_PORT_ALREADY_EXISTS                                                 Handle        = 0x803B0013
+	HCN_E_ENDPOINT_ALREADY_ATTACHED                                           Handle        = 0x803B0014
+	HCN_E_REQUEST_UNSUPPORTED                                                 Handle        = 0x803B0015
+	HCN_E_MAPPING_NOT_SUPPORTED                                               Handle        = 0x803B0016
+	HCN_E_DEGRADED_OPERATION                                                  Handle        = 0x803B0017
+	HCN_E_SHARED_SWITCH_MODIFICATION                                          Handle        = 0x803B0018
+	HCN_E_GUID_CONVERSION_FAILURE                                             Handle        = 0x803B0019
+	HCN_E_REGKEY_FAILURE                                                      Handle        = 0x803B001A
+	HCN_E_INVALID_JSON                                                        Handle        = 0x803B001B
+	HCN_E_INVALID_JSON_REFERENCE                                              Handle        = 0x803B001C
+	HCN_E_ENDPOINT_SHARING_DISABLED                                           Handle        = 0x803B001D
+	HCN_E_INVALID_IP                                                          Handle        = 0x803B001E
+	HCN_E_SWITCH_EXTENSION_NOT_FOUND                                          Handle        = 0x803B001F
+	HCN_E_MANAGER_STOPPED                                                     Handle        = 0x803B0020
+	GCN_E_MODULE_NOT_FOUND                                                    Handle        = 0x803B0021
+	GCN_E_NO_REQUEST_HANDLERS                                                 Handle        = 0x803B0022
+	GCN_E_REQUEST_UNSUPPORTED                                                 Handle        = 0x803B0023
+	GCN_E_RUNTIMEKEYS_FAILED                                                  Handle        = 0x803B0024
+	GCN_E_NETADAPTER_TIMEOUT                                                  Handle        = 0x803B0025
+	GCN_E_NETADAPTER_NOT_FOUND                                                Handle        = 0x803B0026
+	GCN_E_NETCOMPARTMENT_NOT_FOUND                                            Handle        = 0x803B0027
+	GCN_E_NETINTERFACE_NOT_FOUND                                              Handle        = 0x803B0028
+	GCN_E_DEFAULTNAMESPACE_EXISTS                                             Handle        = 0x803B0029
+	HCN_E_ICS_DISABLED                                                        Handle        = 0x803B002A
+	HCN_E_ENDPOINT_NAMESPACE_ALREADY_EXISTS                                   Handle        = 0x803B002B
+	HCN_E_ENTITY_HAS_REFERENCES                                               Handle        = 0x803B002C
+	HCN_E_INVALID_INTERNAL_PORT                                               Handle        = 0x803B002D
+	HCN_E_NAMESPACE_ATTACH_FAILED                                             Handle        = 0x803B002E
+	HCN_E_ADDR_INVALID_OR_RESERVED                                            Handle        = 0x803B002F
+	SDIAG_E_CANCELLED                                                         syscall.Errno = 0x803C0100
+	SDIAG_E_SCRIPT                                                            syscall.Errno = 0x803C0101
+	SDIAG_E_POWERSHELL                                                        syscall.Errno = 0x803C0102
+	SDIAG_E_MANAGEDHOST                                                       syscall.Errno = 0x803C0103
+	SDIAG_E_NOVERIFIER                                                        syscall.Errno = 0x803C0104
+	SDIAG_S_CANNOTRUN                                                         syscall.Errno = 0x003C0105
+	SDIAG_E_DISABLED                                                          syscall.Errno = 0x803C0106
+	SDIAG_E_TRUST                                                             syscall.Errno = 0x803C0107
+	SDIAG_E_CANNOTRUN                                                         syscall.Errno = 0x803C0108
+	SDIAG_E_VERSION                                                           syscall.Errno = 0x803C0109
+	SDIAG_E_RESOURCE                                                          syscall.Errno = 0x803C010A
+	SDIAG_E_ROOTCAUSE                                                         syscall.Errno = 0x803C010B
+	WPN_E_CHANNEL_CLOSED                                                      Handle        = 0x803E0100
+	WPN_E_CHANNEL_REQUEST_NOT_COMPLETE                                        Handle        = 0x803E0101
+	WPN_E_INVALID_APP                                                         Handle        = 0x803E0102
+	WPN_E_OUTSTANDING_CHANNEL_REQUEST                                         Handle        = 0x803E0103
+	WPN_E_DUPLICATE_CHANNEL                                                   Handle        = 0x803E0104
+	WPN_E_PLATFORM_UNAVAILABLE                                                Handle        = 0x803E0105
+	WPN_E_NOTIFICATION_POSTED                                                 Handle        = 0x803E0106
+	WPN_E_NOTIFICATION_HIDDEN                                                 Handle        = 0x803E0107
+	WPN_E_NOTIFICATION_NOT_POSTED                                             Handle        = 0x803E0108
+	WPN_E_CLOUD_DISABLED                                                      Handle        = 0x803E0109
+	WPN_E_CLOUD_INCAPABLE                                                     Handle        = 0x803E0110
+	WPN_E_CLOUD_AUTH_UNAVAILABLE                                              Handle        = 0x803E011A
+	WPN_E_CLOUD_SERVICE_UNAVAILABLE                                           Handle        = 0x803E011B
+	WPN_E_FAILED_LOCK_SCREEN_UPDATE_INTIALIZATION                             Handle        = 0x803E011C
+	WPN_E_NOTIFICATION_DISABLED                                               Handle        = 0x803E0111
+	WPN_E_NOTIFICATION_INCAPABLE                                              Handle        = 0x803E0112
+	WPN_E_INTERNET_INCAPABLE                                                  Handle        = 0x803E0113
+	WPN_E_NOTIFICATION_TYPE_DISABLED                                          Handle        = 0x803E0114
+	WPN_E_NOTIFICATION_SIZE                                                   Handle        = 0x803E0115
+	WPN_E_TAG_SIZE                                                            Handle        = 0x803E0116
+	WPN_E_ACCESS_DENIED                                                       Handle        = 0x803E0117
+	WPN_E_DUPLICATE_REGISTRATION                                              Handle        = 0x803E0118
+	WPN_E_PUSH_NOTIFICATION_INCAPABLE                                         Handle        = 0x803E0119
+	WPN_E_DEV_ID_SIZE                                                         Handle        = 0x803E0120
+	WPN_E_TAG_ALPHANUMERIC                                                    Handle        = 0x803E012A
+	WPN_E_INVALID_HTTP_STATUS_CODE                                            Handle        = 0x803E012B
+	WPN_E_OUT_OF_SESSION                                                      Handle        = 0x803E0200
+	WPN_E_POWER_SAVE                                                          Handle        = 0x803E0201
+	WPN_E_IMAGE_NOT_FOUND_IN_CACHE                                            Handle        = 0x803E0202
+	WPN_E_ALL_URL_NOT_COMPLETED                                               Handle        = 0x803E0203
+	WPN_E_INVALID_CLOUD_IMAGE                                                 Handle        = 0x803E0204
+	WPN_E_NOTIFICATION_ID_MATCHED                                             Handle        = 0x803E0205
+	WPN_E_CALLBACK_ALREADY_REGISTERED                                         Handle        = 0x803E0206
+	WPN_E_TOAST_NOTIFICATION_DROPPED                                          Handle        = 0x803E0207
+	WPN_E_STORAGE_LOCKED                                                      Handle        = 0x803E0208
+	WPN_E_GROUP_SIZE                                                          Handle        = 0x803E0209
+	WPN_E_GROUP_ALPHANUMERIC                                                  Handle        = 0x803E020A
+	WPN_E_CLOUD_DISABLED_FOR_APP                                              Handle        = 0x803E020B
+	E_MBN_CONTEXT_NOT_ACTIVATED                                               Handle        = 0x80548201
+	E_MBN_BAD_SIM                                                             Handle        = 0x80548202
+	E_MBN_DATA_CLASS_NOT_AVAILABLE                                            Handle        = 0x80548203
+	E_MBN_INVALID_ACCESS_STRING                                               Handle        = 0x80548204
+	E_MBN_MAX_ACTIVATED_CONTEXTS                                              Handle        = 0x80548205
+	E_MBN_PACKET_SVC_DETACHED                                                 Handle        = 0x80548206
+	E_MBN_PROVIDER_NOT_VISIBLE                                                Handle        = 0x80548207
+	E_MBN_RADIO_POWER_OFF                                                     Handle        = 0x80548208
+	E_MBN_SERVICE_NOT_ACTIVATED                                               Handle        = 0x80548209
+	E_MBN_SIM_NOT_INSERTED                                                    Handle        = 0x8054820A
+	E_MBN_VOICE_CALL_IN_PROGRESS                                              Handle        = 0x8054820B
+	E_MBN_INVALID_CACHE                                                       Handle        = 0x8054820C
+	E_MBN_NOT_REGISTERED                                                      Handle        = 0x8054820D
+	E_MBN_PROVIDERS_NOT_FOUND                                                 Handle        = 0x8054820E
+	E_MBN_PIN_NOT_SUPPORTED                                                   Handle        = 0x8054820F
+	E_MBN_PIN_REQUIRED                                                        Handle        = 0x80548210
+	E_MBN_PIN_DISABLED                                                        Handle        = 0x80548211
+	E_MBN_FAILURE                                                             Handle        = 0x80548212
+	E_MBN_INVALID_PROFILE                                                     Handle        = 0x80548218
+	E_MBN_DEFAULT_PROFILE_EXIST                                               Handle        = 0x80548219
+	E_MBN_SMS_ENCODING_NOT_SUPPORTED                                          Handle        = 0x80548220
+	E_MBN_SMS_FILTER_NOT_SUPPORTED                                            Handle        = 0x80548221
+	E_MBN_SMS_INVALID_MEMORY_INDEX                                            Handle        = 0x80548222
+	E_MBN_SMS_LANG_NOT_SUPPORTED                                              Handle        = 0x80548223
+	E_MBN_SMS_MEMORY_FAILURE                                                  Handle        = 0x80548224
+	E_MBN_SMS_NETWORK_TIMEOUT                                                 Handle        = 0x80548225
+	E_MBN_SMS_UNKNOWN_SMSC_ADDRESS                                            Handle        = 0x80548226
+	E_MBN_SMS_FORMAT_NOT_SUPPORTED                                            Handle        = 0x80548227
+	E_MBN_SMS_OPERATION_NOT_ALLOWED                                           Handle        = 0x80548228
+	E_MBN_SMS_MEMORY_FULL                                                     Handle        = 0x80548229
+	PEER_E_IPV6_NOT_INSTALLED                                                 Handle        = 0x80630001
+	PEER_E_NOT_INITIALIZED                                                    Handle        = 0x80630002
+	PEER_E_CANNOT_START_SERVICE                                               Handle        = 0x80630003
+	PEER_E_NOT_LICENSED                                                       Handle        = 0x80630004
+	PEER_E_INVALID_GRAPH                                                      Handle        = 0x80630010
+	PEER_E_DBNAME_CHANGED                                                     Handle        = 0x80630011
+	PEER_E_DUPLICATE_GRAPH                                                    Handle        = 0x80630012
+	PEER_E_GRAPH_NOT_READY                                                    Handle        = 0x80630013
+	PEER_E_GRAPH_SHUTTING_DOWN                                                Handle        = 0x80630014
+	PEER_E_GRAPH_IN_USE                                                       Handle        = 0x80630015
+	PEER_E_INVALID_DATABASE                                                   Handle        = 0x80630016
+	PEER_E_TOO_MANY_ATTRIBUTES                                                Handle        = 0x80630017
+	PEER_E_CONNECTION_NOT_FOUND                                               Handle        = 0x80630103
+	PEER_E_CONNECT_SELF                                                       Handle        = 0x80630106
+	PEER_E_ALREADY_LISTENING                                                  Handle        = 0x80630107
+	PEER_E_NODE_NOT_FOUND                                                     Handle        = 0x80630108
+	PEER_E_CONNECTION_FAILED                                                  Handle        = 0x80630109
+	PEER_E_CONNECTION_NOT_AUTHENTICATED                                       Handle        = 0x8063010A
+	PEER_E_CONNECTION_REFUSED                                                 Handle        = 0x8063010B
+	PEER_E_CLASSIFIER_TOO_LONG                                                Handle        = 0x80630201
+	PEER_E_TOO_MANY_IDENTITIES                                                Handle        = 0x80630202
+	PEER_E_NO_KEY_ACCESS                                                      Handle        = 0x80630203
+	PEER_E_GROUPS_EXIST                                                       Handle        = 0x80630204
+	PEER_E_RECORD_NOT_FOUND                                                   Handle        = 0x80630301
+	PEER_E_DATABASE_ACCESSDENIED                                              Handle        = 0x80630302
+	PEER_E_DBINITIALIZATION_FAILED                                            Handle        = 0x80630303
+	PEER_E_MAX_RECORD_SIZE_EXCEEDED                                           Handle        = 0x80630304
+	PEER_E_DATABASE_ALREADY_PRESENT                                           Handle        = 0x80630305
+	PEER_E_DATABASE_NOT_PRESENT                                               Handle        = 0x80630306
+	PEER_E_IDENTITY_NOT_FOUND                                                 Handle        = 0x80630401
+	PEER_E_EVENT_HANDLE_NOT_FOUND                                             Handle        = 0x80630501
+	PEER_E_INVALID_SEARCH                                                     Handle        = 0x80630601
+	PEER_E_INVALID_ATTRIBUTES                                                 Handle        = 0x80630602
+	PEER_E_INVITATION_NOT_TRUSTED                                             Handle        = 0x80630701
+	PEER_E_CHAIN_TOO_LONG                                                     Handle        = 0x80630703
+	PEER_E_INVALID_TIME_PERIOD                                                Handle        = 0x80630705
+	PEER_E_CIRCULAR_CHAIN_DETECTED                                            Handle        = 0x80630706
+	PEER_E_CERT_STORE_CORRUPTED                                               Handle        = 0x80630801
+	PEER_E_NO_CLOUD                                                           Handle        = 0x80631001
+	PEER_E_CLOUD_NAME_AMBIGUOUS                                               Handle        = 0x80631005
+	PEER_E_INVALID_RECORD                                                     Handle        = 0x80632010
+	PEER_E_NOT_AUTHORIZED                                                     Handle        = 0x80632020
+	PEER_E_PASSWORD_DOES_NOT_MEET_POLICY                                      Handle        = 0x80632021
+	PEER_E_DEFERRED_VALIDATION                                                Handle        = 0x80632030
+	PEER_E_INVALID_GROUP_PROPERTIES                                           Handle        = 0x80632040
+	PEER_E_INVALID_PEER_NAME                                                  Handle        = 0x80632050
+	PEER_E_INVALID_CLASSIFIER                                                 Handle        = 0x80632060
+	PEER_E_INVALID_FRIENDLY_NAME                                              Handle        = 0x80632070
+	PEER_E_INVALID_ROLE_PROPERTY                                              Handle        = 0x80632071
+	PEER_E_INVALID_CLASSIFIER_PROPERTY                                        Handle        = 0x80632072
+	PEER_E_INVALID_RECORD_EXPIRATION                                          Handle        = 0x80632080
+	PEER_E_INVALID_CREDENTIAL_INFO                                            Handle        = 0x80632081
+	PEER_E_INVALID_CREDENTIAL                                                 Handle        = 0x80632082
+	PEER_E_INVALID_RECORD_SIZE                                                Handle        = 0x80632083
+	PEER_E_UNSUPPORTED_VERSION                                                Handle        = 0x80632090
+	PEER_E_GROUP_NOT_READY                                                    Handle        = 0x80632091
+	PEER_E_GROUP_IN_USE                                                       Handle        = 0x80632092
+	PEER_E_INVALID_GROUP                                                      Handle        = 0x80632093
+	PEER_E_NO_MEMBERS_FOUND                                                   Handle        = 0x80632094
+	PEER_E_NO_MEMBER_CONNECTIONS                                              Handle        = 0x80632095
+	PEER_E_UNABLE_TO_LISTEN                                                   Handle        = 0x80632096
+	PEER_E_IDENTITY_DELETED                                                   Handle        = 0x806320A0
+	PEER_E_SERVICE_NOT_AVAILABLE                                              Handle        = 0x806320A1
+	PEER_E_CONTACT_NOT_FOUND                                                  Handle        = 0x80636001
+	PEER_S_GRAPH_DATA_CREATED                                                 Handle        = 0x00630001
+	PEER_S_NO_EVENT_DATA                                                      Handle        = 0x00630002
+	PEER_S_ALREADY_CONNECTED                                                  Handle        = 0x00632000
+	PEER_S_SUBSCRIPTION_EXISTS                                                Handle        = 0x00636000
+	PEER_S_NO_CONNECTIVITY                                                    Handle        = 0x00630005
+	PEER_S_ALREADY_A_MEMBER                                                   Handle        = 0x00630006
+	PEER_E_CANNOT_CONVERT_PEER_NAME                                           Handle        = 0x80634001
+	PEER_E_INVALID_PEER_HOST_NAME                                             Handle        = 0x80634002
+	PEER_E_NO_MORE                                                            Handle        = 0x80634003
+	PEER_E_PNRP_DUPLICATE_PEER_NAME                                           Handle        = 0x80634005
+	PEER_E_INVITE_CANCELLED                                                   Handle        = 0x80637000
+	PEER_E_INVITE_RESPONSE_NOT_AVAILABLE                                      Handle        = 0x80637001
+	PEER_E_NOT_SIGNED_IN                                                      Handle        = 0x80637003
+	PEER_E_PRIVACY_DECLINED                                                   Handle        = 0x80637004
+	PEER_E_TIMEOUT                                                            Handle        = 0x80637005
+	PEER_E_INVALID_ADDRESS                                                    Handle        = 0x80637007
+	PEER_E_FW_EXCEPTION_DISABLED                                              Handle        = 0x80637008
+	PEER_E_FW_BLOCKED_BY_POLICY                                               Handle        = 0x80637009
+	PEER_E_FW_BLOCKED_BY_SHIELDS_UP                                           Handle        = 0x8063700A
+	PEER_E_FW_DECLINED                                                        Handle        = 0x8063700B
+	UI_E_CREATE_FAILED                                                        Handle        = 0x802A0001
+	UI_E_SHUTDOWN_CALLED                                                      Handle        = 0x802A0002
+	UI_E_ILLEGAL_REENTRANCY                                                   Handle        = 0x802A0003
+	UI_E_OBJECT_SEALED                                                        Handle        = 0x802A0004
+	UI_E_VALUE_NOT_SET                                                        Handle        = 0x802A0005
+	UI_E_VALUE_NOT_DETERMINED                                                 Handle        = 0x802A0006
+	UI_E_INVALID_OUTPUT                                                       Handle        = 0x802A0007
+	UI_E_BOOLEAN_EXPECTED                                                     Handle        = 0x802A0008
+	UI_E_DIFFERENT_OWNER                                                      Handle        = 0x802A0009
+	UI_E_AMBIGUOUS_MATCH                                                      Handle        = 0x802A000A
+	UI_E_FP_OVERFLOW                                                          Handle        = 0x802A000B
+	UI_E_WRONG_THREAD                                                         Handle        = 0x802A000C
+	UI_E_STORYBOARD_ACTIVE                                                    Handle        = 0x802A0101
+	UI_E_STORYBOARD_NOT_PLAYING                                               Handle        = 0x802A0102
+	UI_E_START_KEYFRAME_AFTER_END                                             Handle        = 0x802A0103
+	UI_E_END_KEYFRAME_NOT_DETERMINED                                          Handle        = 0x802A0104
+	UI_E_LOOPS_OVERLAP                                                        Handle        = 0x802A0105
+	UI_E_TRANSITION_ALREADY_USED                                              Handle        = 0x802A0106
+	UI_E_TRANSITION_NOT_IN_STORYBOARD                                         Handle        = 0x802A0107
+	UI_E_TRANSITION_ECLIPSED                                                  Handle        = 0x802A0108
+	UI_E_TIME_BEFORE_LAST_UPDATE                                              Handle        = 0x802A0109
+	UI_E_TIMER_CLIENT_ALREADY_CONNECTED                                       Handle        = 0x802A010A
+	UI_E_INVALID_DIMENSION                                                    Handle        = 0x802A010B
+	UI_E_PRIMITIVE_OUT_OF_BOUNDS                                              Handle        = 0x802A010C
+	UI_E_WINDOW_CLOSED                                                        Handle        = 0x802A0201
+	E_BLUETOOTH_ATT_INVALID_HANDLE                                            Handle        = 0x80650001
+	E_BLUETOOTH_ATT_READ_NOT_PERMITTED                                        Handle        = 0x80650002
+	E_BLUETOOTH_ATT_WRITE_NOT_PERMITTED                                       Handle        = 0x80650003
+	E_BLUETOOTH_ATT_INVALID_PDU                                               Handle        = 0x80650004
+	E_BLUETOOTH_ATT_INSUFFICIENT_AUTHENTICATION                               Handle        = 0x80650005
+	E_BLUETOOTH_ATT_REQUEST_NOT_SUPPORTED                                     Handle        = 0x80650006
+	E_BLUETOOTH_ATT_INVALID_OFFSET                                            Handle        = 0x80650007
+	E_BLUETOOTH_ATT_INSUFFICIENT_AUTHORIZATION                                Handle        = 0x80650008
+	E_BLUETOOTH_ATT_PREPARE_QUEUE_FULL                                        Handle        = 0x80650009
+	E_BLUETOOTH_ATT_ATTRIBUTE_NOT_FOUND                                       Handle        = 0x8065000A
+	E_BLUETOOTH_ATT_ATTRIBUTE_NOT_LONG                                        Handle        = 0x8065000B
+	E_BLUETOOTH_ATT_INSUFFICIENT_ENCRYPTION_KEY_SIZE                          Handle        = 0x8065000C
+	E_BLUETOOTH_ATT_INVALID_ATTRIBUTE_VALUE_LENGTH                            Handle        = 0x8065000D
+	E_BLUETOOTH_ATT_UNLIKELY                                                  Handle        = 0x8065000E
+	E_BLUETOOTH_ATT_INSUFFICIENT_ENCRYPTION                                   Handle        = 0x8065000F
+	E_BLUETOOTH_ATT_UNSUPPORTED_GROUP_TYPE                                    Handle        = 0x80650010
+	E_BLUETOOTH_ATT_INSUFFICIENT_RESOURCES                                    Handle        = 0x80650011
+	E_BLUETOOTH_ATT_UNKNOWN_ERROR                                             Handle        = 0x80651000
+	E_AUDIO_ENGINE_NODE_NOT_FOUND                                             Handle        = 0x80660001
+	E_HDAUDIO_EMPTY_CONNECTION_LIST                                           Handle        = 0x80660002
+	E_HDAUDIO_CONNECTION_LIST_NOT_SUPPORTED                                   Handle        = 0x80660003
+	E_HDAUDIO_NO_LOGICAL_DEVICES_CREATED                                      Handle        = 0x80660004
+	E_HDAUDIO_NULL_LINKED_LIST_ENTRY                                          Handle        = 0x80660005
+	STATEREPOSITORY_E_CONCURRENCY_LOCKING_FAILURE                             Handle        = 0x80670001
+	STATEREPOSITORY_E_STATEMENT_INPROGRESS                                    Handle        = 0x80670002
+	STATEREPOSITORY_E_CONFIGURATION_INVALID                                   Handle        = 0x80670003
+	STATEREPOSITORY_E_UNKNOWN_SCHEMA_VERSION                                  Handle        = 0x80670004
+	STATEREPOSITORY_ERROR_DICTIONARY_CORRUPTED                                Handle        = 0x80670005
+	STATEREPOSITORY_E_BLOCKED                                                 Handle        = 0x80670006
+	STATEREPOSITORY_E_BUSY_RETRY                                              Handle        = 0x80670007
+	STATEREPOSITORY_E_BUSY_RECOVERY_RETRY                                     Handle        = 0x80670008
+	STATEREPOSITORY_E_LOCKED_RETRY                                            Handle        = 0x80670009
+	STATEREPOSITORY_E_LOCKED_SHAREDCACHE_RETRY                                Handle        = 0x8067000A
+	STATEREPOSITORY_E_TRANSACTION_REQUIRED                                    Handle        = 0x8067000B
+	STATEREPOSITORY_E_BUSY_TIMEOUT_EXCEEDED                                   Handle        = 0x8067000C
+	STATEREPOSITORY_E_BUSY_RECOVERY_TIMEOUT_EXCEEDED                          Handle        = 0x8067000D
+	STATEREPOSITORY_E_LOCKED_TIMEOUT_EXCEEDED                                 Handle        = 0x8067000E
+	STATEREPOSITORY_E_LOCKED_SHAREDCACHE_TIMEOUT_EXCEEDED                     Handle        = 0x8067000F
+	STATEREPOSITORY_E_SERVICE_STOP_IN_PROGRESS                                Handle        = 0x80670010
+	STATEREPOSTORY_E_NESTED_TRANSACTION_NOT_SUPPORTED                         Handle        = 0x80670011
+	STATEREPOSITORY_ERROR_CACHE_CORRUPTED                                     Handle        = 0x80670012
+	STATEREPOSITORY_TRANSACTION_CALLER_ID_CHANGED                             Handle        = 0x00670013
+	STATEREPOSITORY_TRANSACTION_IN_PROGRESS                                   Handle        = 0x00670014
+	ERROR_SPACES_POOL_WAS_DELETED                                             Handle        = 0x00E70001
+	ERROR_SPACES_FAULT_DOMAIN_TYPE_INVALID                                    Handle        = 0x80E70001
+	ERROR_SPACES_INTERNAL_ERROR                                               Handle        = 0x80E70002
+	ERROR_SPACES_RESILIENCY_TYPE_INVALID                                      Handle        = 0x80E70003
+	ERROR_SPACES_DRIVE_SECTOR_SIZE_INVALID                                    Handle        = 0x80E70004
+	ERROR_SPACES_DRIVE_REDUNDANCY_INVALID                                     Handle        = 0x80E70006
+	ERROR_SPACES_NUMBER_OF_DATA_COPIES_INVALID                                Handle        = 0x80E70007
+	ERROR_SPACES_PARITY_LAYOUT_INVALID                                        Handle        = 0x80E70008
+	ERROR_SPACES_INTERLEAVE_LENGTH_INVALID                                    Handle        = 0x80E70009
+	ERROR_SPACES_NUMBER_OF_COLUMNS_INVALID                                    Handle        = 0x80E7000A
+	ERROR_SPACES_NOT_ENOUGH_DRIVES                                            Handle        = 0x80E7000B
+	ERROR_SPACES_EXTENDED_ERROR                                               Handle        = 0x80E7000C
+	ERROR_SPACES_PROVISIONING_TYPE_INVALID                                    Handle        = 0x80E7000D
+	ERROR_SPACES_ALLOCATION_SIZE_INVALID                                      Handle        = 0x80E7000E
+	ERROR_SPACES_ENCLOSURE_AWARE_INVALID                                      Handle        = 0x80E7000F
+	ERROR_SPACES_WRITE_CACHE_SIZE_INVALID                                     Handle        = 0x80E70010
+	ERROR_SPACES_NUMBER_OF_GROUPS_INVALID                                     Handle        = 0x80E70011
+	ERROR_SPACES_DRIVE_OPERATIONAL_STATE_INVALID                              Handle        = 0x80E70012
+	ERROR_SPACES_ENTRY_INCOMPLETE                                             Handle        = 0x80E70013
+	ERROR_SPACES_ENTRY_INVALID                                                Handle        = 0x80E70014
+	ERROR_VOLSNAP_BOOTFILE_NOT_VALID                                          Handle        = 0x80820001
+	ERROR_VOLSNAP_ACTIVATION_TIMEOUT                                          Handle        = 0x80820002
+	ERROR_TIERING_NOT_SUPPORTED_ON_VOLUME                                     Handle        = 0x80830001
+	ERROR_TIERING_VOLUME_DISMOUNT_IN_PROGRESS                                 Handle        = 0x80830002
+	ERROR_TIERING_STORAGE_TIER_NOT_FOUND                                      Handle        = 0x80830003
+	ERROR_TIERING_INVALID_FILE_ID                                             Handle        = 0x80830004
+	ERROR_TIERING_WRONG_CLUSTER_NODE                                          Handle        = 0x80830005
+	ERROR_TIERING_ALREADY_PROCESSING                                          Handle        = 0x80830006
+	ERROR_TIERING_CANNOT_PIN_OBJECT                                           Handle        = 0x80830007
+	ERROR_TIERING_FILE_IS_NOT_PINNED                                          Handle        = 0x80830008
+	ERROR_NOT_A_TIERED_VOLUME                                                 Handle        = 0x80830009
+	ERROR_ATTRIBUTE_NOT_PRESENT                                               Handle        = 0x8083000A
+	ERROR_SECCORE_INVALID_COMMAND                                             Handle        = 0xC0E80000
+	ERROR_NO_APPLICABLE_APP_LICENSES_FOUND                                    Handle        = 0xC0EA0001
+	ERROR_CLIP_LICENSE_NOT_FOUND                                              Handle        = 0xC0EA0002
+	ERROR_CLIP_DEVICE_LICENSE_MISSING                                         Handle        = 0xC0EA0003
+	ERROR_CLIP_LICENSE_INVALID_SIGNATURE                                      Handle        = 0xC0EA0004
+	ERROR_CLIP_KEYHOLDER_LICENSE_MISSING_OR_INVALID                           Handle        = 0xC0EA0005
+	ERROR_CLIP_LICENSE_EXPIRED                                                Handle        = 0xC0EA0006
+	ERROR_CLIP_LICENSE_SIGNED_BY_UNKNOWN_SOURCE                               Handle        = 0xC0EA0007
+	ERROR_CLIP_LICENSE_NOT_SIGNED                                             Handle        = 0xC0EA0008
+	ERROR_CLIP_LICENSE_HARDWARE_ID_OUT_OF_TOLERANCE                           Handle        = 0xC0EA0009
+	ERROR_CLIP_LICENSE_DEVICE_ID_MISMATCH                                     Handle        = 0xC0EA000A
+	DXGI_STATUS_OCCLUDED                                                      Handle        = 0x087A0001
+	DXGI_STATUS_CLIPPED                                                       Handle        = 0x087A0002
+	DXGI_STATUS_NO_REDIRECTION                                                Handle        = 0x087A0004
+	DXGI_STATUS_NO_DESKTOP_ACCESS                                             Handle        = 0x087A0005
+	DXGI_STATUS_GRAPHICS_VIDPN_SOURCE_IN_USE                                  Handle        = 0x087A0006
+	DXGI_STATUS_MODE_CHANGED                                                  Handle        = 0x087A0007
+	DXGI_STATUS_MODE_CHANGE_IN_PROGRESS                                       Handle        = 0x087A0008
+	DXGI_ERROR_INVALID_CALL                                                   Handle        = 0x887A0001
+	DXGI_ERROR_NOT_FOUND                                                      Handle        = 0x887A0002
+	DXGI_ERROR_MORE_DATA                                                      Handle        = 0x887A0003
+	DXGI_ERROR_UNSUPPORTED                                                    Handle        = 0x887A0004
+	DXGI_ERROR_DEVICE_REMOVED                                                 Handle        = 0x887A0005
+	DXGI_ERROR_DEVICE_HUNG                                                    Handle        = 0x887A0006
+	DXGI_ERROR_DEVICE_RESET                                                   Handle        = 0x887A0007
+	DXGI_ERROR_WAS_STILL_DRAWING                                              Handle        = 0x887A000A
+	DXGI_ERROR_FRAME_STATISTICS_DISJOINT                                      Handle        = 0x887A000B
+	DXGI_ERROR_GRAPHICS_VIDPN_SOURCE_IN_USE                                   Handle        = 0x887A000C
+	DXGI_ERROR_DRIVER_INTERNAL_ERROR                                          Handle        = 0x887A0020
+	DXGI_ERROR_NONEXCLUSIVE                                                   Handle        = 0x887A0021
+	DXGI_ERROR_NOT_CURRENTLY_AVAILABLE                                        Handle        = 0x887A0022
+	DXGI_ERROR_REMOTE_CLIENT_DISCONNECTED                                     Handle        = 0x887A0023
+	DXGI_ERROR_REMOTE_OUTOFMEMORY                                             Handle        = 0x887A0024
+	DXGI_ERROR_ACCESS_LOST                                                    Handle        = 0x887A0026
+	DXGI_ERROR_WAIT_TIMEOUT                                                   Handle        = 0x887A0027
+	DXGI_ERROR_SESSION_DISCONNECTED                                           Handle        = 0x887A0028
+	DXGI_ERROR_RESTRICT_TO_OUTPUT_STALE                                       Handle        = 0x887A0029
+	DXGI_ERROR_CANNOT_PROTECT_CONTENT                                         Handle        = 0x887A002A
+	DXGI_ERROR_ACCESS_DENIED                                                  Handle        = 0x887A002B
+	DXGI_ERROR_NAME_ALREADY_EXISTS                                            Handle        = 0x887A002C
+	DXGI_ERROR_SDK_COMPONENT_MISSING                                          Handle        = 0x887A002D
+	DXGI_ERROR_NOT_CURRENT                                                    Handle        = 0x887A002E
+	DXGI_ERROR_HW_PROTECTION_OUTOFMEMORY                                      Handle        = 0x887A0030
+	DXGI_ERROR_DYNAMIC_CODE_POLICY_VIOLATION                                  Handle        = 0x887A0031
+	DXGI_ERROR_NON_COMPOSITED_UI                                              Handle        = 0x887A0032
+	DXGI_STATUS_UNOCCLUDED                                                    Handle        = 0x087A0009
+	DXGI_STATUS_DDA_WAS_STILL_DRAWING                                         Handle        = 0x087A000A
+	DXGI_ERROR_MODE_CHANGE_IN_PROGRESS                                        Handle        = 0x887A0025
+	DXGI_STATUS_PRESENT_REQUIRED                                              Handle        = 0x087A002F
+	DXGI_ERROR_CACHE_CORRUPT                                                  Handle        = 0x887A0033
+	DXGI_ERROR_CACHE_FULL                                                     Handle        = 0x887A0034
+	DXGI_ERROR_CACHE_HASH_COLLISION                                           Handle        = 0x887A0035
+	DXGI_ERROR_ALREADY_EXISTS                                                 Handle        = 0x887A0036
+	DXGI_DDI_ERR_WASSTILLDRAWING                                              Handle        = 0x887B0001
+	DXGI_DDI_ERR_UNSUPPORTED                                                  Handle        = 0x887B0002
+	DXGI_DDI_ERR_NONEXCLUSIVE                                                 Handle        = 0x887B0003
+	D3D10_ERROR_TOO_MANY_UNIQUE_STATE_OBJECTS                                 Handle        = 0x88790001
+	D3D10_ERROR_FILE_NOT_FOUND                                                Handle        = 0x88790002
+	D3D11_ERROR_TOO_MANY_UNIQUE_STATE_OBJECTS                                 Handle        = 0x887C0001
+	D3D11_ERROR_FILE_NOT_FOUND                                                Handle        = 0x887C0002
+	D3D11_ERROR_TOO_MANY_UNIQUE_VIEW_OBJECTS                                  Handle        = 0x887C0003
+	D3D11_ERROR_DEFERRED_CONTEXT_MAP_WITHOUT_INITIAL_DISCARD                  Handle        = 0x887C0004
+	D3D12_ERROR_ADAPTER_NOT_FOUND                                             Handle        = 0x887E0001
+	D3D12_ERROR_DRIVER_VERSION_MISMATCH                                       Handle        = 0x887E0002
+	D2DERR_WRONG_STATE                                                        Handle        = 0x88990001
+	D2DERR_NOT_INITIALIZED                                                    Handle        = 0x88990002
+	D2DERR_UNSUPPORTED_OPERATION                                              Handle        = 0x88990003
+	D2DERR_SCANNER_FAILED                                                     Handle        = 0x88990004
+	D2DERR_SCREEN_ACCESS_DENIED                                               Handle        = 0x88990005
+	D2DERR_DISPLAY_STATE_INVALID                                              Handle        = 0x88990006
+	D2DERR_ZERO_VECTOR                                                        Handle        = 0x88990007
+	D2DERR_INTERNAL_ERROR                                                     Handle        = 0x88990008
+	D2DERR_DISPLAY_FORMAT_NOT_SUPPORTED                                       Handle        = 0x88990009
+	D2DERR_INVALID_CALL                                                       Handle        = 0x8899000A
+	D2DERR_NO_HARDWARE_DEVICE                                                 Handle        = 0x8899000B
+	D2DERR_RECREATE_TARGET                                                    Handle        = 0x8899000C
+	D2DERR_TOO_MANY_SHADER_ELEMENTS                                           Handle        = 0x8899000D
+	D2DERR_SHADER_COMPILE_FAILED                                              Handle        = 0x8899000E
+	D2DERR_MAX_TEXTURE_SIZE_EXCEEDED                                          Handle        = 0x8899000F
+	D2DERR_UNSUPPORTED_VERSION                                                Handle        = 0x88990010
+	D2DERR_BAD_NUMBER                                                         Handle        = 0x88990011
+	D2DERR_WRONG_FACTORY                                                      Handle        = 0x88990012
+	D2DERR_LAYER_ALREADY_IN_USE                                               Handle        = 0x88990013
+	D2DERR_POP_CALL_DID_NOT_MATCH_PUSH                                        Handle        = 0x88990014
+	D2DERR_WRONG_RESOURCE_DOMAIN                                              Handle        = 0x88990015
+	D2DERR_PUSH_POP_UNBALANCED                                                Handle        = 0x88990016
+	D2DERR_RENDER_TARGET_HAS_LAYER_OR_CLIPRECT                                Handle        = 0x88990017
+	D2DERR_INCOMPATIBLE_BRUSH_TYPES                                           Handle        = 0x88990018
+	D2DERR_WIN32_ERROR                                                        Handle        = 0x88990019
+	D2DERR_TARGET_NOT_GDI_COMPATIBLE                                          Handle        = 0x8899001A
+	D2DERR_TEXT_EFFECT_IS_WRONG_TYPE                                          Handle        = 0x8899001B
+	D2DERR_TEXT_RENDERER_NOT_RELEASED                                         Handle        = 0x8899001C
+	D2DERR_EXCEEDS_MAX_BITMAP_SIZE                                            Handle        = 0x8899001D
+	D2DERR_INVALID_GRAPH_CONFIGURATION                                        Handle        = 0x8899001E
+	D2DERR_INVALID_INTERNAL_GRAPH_CONFIGURATION                               Handle        = 0x8899001F
+	D2DERR_CYCLIC_GRAPH                                                       Handle        = 0x88990020
+	D2DERR_BITMAP_CANNOT_DRAW                                                 Handle        = 0x88990021
+	D2DERR_OUTSTANDING_BITMAP_REFERENCES                                      Handle        = 0x88990022
+	D2DERR_ORIGINAL_TARGET_NOT_BOUND                                          Handle        = 0x88990023
+	D2DERR_INVALID_TARGET                                                     Handle        = 0x88990024
+	D2DERR_BITMAP_BOUND_AS_TARGET                                             Handle        = 0x88990025
+	D2DERR_INSUFFICIENT_DEVICE_CAPABILITIES                                   Handle        = 0x88990026
+	D2DERR_INTERMEDIATE_TOO_LARGE                                             Handle        = 0x88990027
+	D2DERR_EFFECT_IS_NOT_REGISTERED                                           Handle        = 0x88990028
+	D2DERR_INVALID_PROPERTY                                                   Handle        = 0x88990029
+	D2DERR_NO_SUBPROPERTIES                                                   Handle        = 0x8899002A
+	D2DERR_PRINT_JOB_CLOSED                                                   Handle        = 0x8899002B
+	D2DERR_PRINT_FORMAT_NOT_SUPPORTED                                         Handle        = 0x8899002C
+	D2DERR_TOO_MANY_TRANSFORM_INPUTS                                          Handle        = 0x8899002D
+	D2DERR_INVALID_GLYPH_IMAGE                                                Handle        = 0x8899002E
+	DWRITE_E_FILEFORMAT                                                       Handle        = 0x88985000
+	DWRITE_E_UNEXPECTED                                                       Handle        = 0x88985001
+	DWRITE_E_NOFONT                                                           Handle        = 0x88985002
+	DWRITE_E_FILENOTFOUND                                                     Handle        = 0x88985003
+	DWRITE_E_FILEACCESS                                                       Handle        = 0x88985004
+	DWRITE_E_FONTCOLLECTIONOBSOLETE                                           Handle        = 0x88985005
+	DWRITE_E_ALREADYREGISTERED                                                Handle        = 0x88985006
+	DWRITE_E_CACHEFORMAT                                                      Handle        = 0x88985007
+	DWRITE_E_CACHEVERSION                                                     Handle        = 0x88985008
+	DWRITE_E_UNSUPPORTEDOPERATION                                             Handle        = 0x88985009
+	DWRITE_E_TEXTRENDERERINCOMPATIBLE                                         Handle        = 0x8898500A
+	DWRITE_E_FLOWDIRECTIONCONFLICTS                                           Handle        = 0x8898500B
+	DWRITE_E_NOCOLOR                                                          Handle        = 0x8898500C
+	DWRITE_E_REMOTEFONT                                                       Handle        = 0x8898500D
+	DWRITE_E_DOWNLOADCANCELLED                                                Handle        = 0x8898500E
+	DWRITE_E_DOWNLOADFAILED                                                   Handle        = 0x8898500F
+	DWRITE_E_TOOMANYDOWNLOADS                                                 Handle        = 0x88985010
+	WINCODEC_ERR_WRONGSTATE                                                   Handle        = 0x88982F04
+	WINCODEC_ERR_VALUEOUTOFRANGE                                              Handle        = 0x88982F05
+	WINCODEC_ERR_UNKNOWNIMAGEFORMAT                                           Handle        = 0x88982F07
+	WINCODEC_ERR_UNSUPPORTEDVERSION                                           Handle        = 0x88982F0B
+	WINCODEC_ERR_NOTINITIALIZED                                               Handle        = 0x88982F0C
+	WINCODEC_ERR_ALREADYLOCKED                                                Handle        = 0x88982F0D
+	WINCODEC_ERR_PROPERTYNOTFOUND                                             Handle        = 0x88982F40
+	WINCODEC_ERR_PROPERTYNOTSUPPORTED                                         Handle        = 0x88982F41
+	WINCODEC_ERR_PROPERTYSIZE                                                 Handle        = 0x88982F42
+	WINCODEC_ERR_CODECPRESENT                                                 Handle        = 0x88982F43
+	WINCODEC_ERR_CODECNOTHUMBNAIL                                             Handle        = 0x88982F44
+	WINCODEC_ERR_PALETTEUNAVAILABLE                                           Handle        = 0x88982F45
+	WINCODEC_ERR_CODECTOOMANYSCANLINES                                        Handle        = 0x88982F46
+	WINCODEC_ERR_INTERNALERROR                                                Handle        = 0x88982F48
+	WINCODEC_ERR_SOURCERECTDOESNOTMATCHDIMENSIONS                             Handle        = 0x88982F49
+	WINCODEC_ERR_COMPONENTNOTFOUND                                            Handle        = 0x88982F50
+	WINCODEC_ERR_IMAGESIZEOUTOFRANGE                                          Handle        = 0x88982F51
+	WINCODEC_ERR_TOOMUCHMETADATA                                              Handle        = 0x88982F52
+	WINCODEC_ERR_BADIMAGE                                                     Handle        = 0x88982F60
+	WINCODEC_ERR_BADHEADER                                                    Handle        = 0x88982F61
+	WINCODEC_ERR_FRAMEMISSING                                                 Handle        = 0x88982F62
+	WINCODEC_ERR_BADMETADATAHEADER                                            Handle        = 0x88982F63
+	WINCODEC_ERR_BADSTREAMDATA                                                Handle        = 0x88982F70
+	WINCODEC_ERR_STREAMWRITE                                                  Handle        = 0x88982F71
+	WINCODEC_ERR_STREAMREAD                                                   Handle        = 0x88982F72
+	WINCODEC_ERR_STREAMNOTAVAILABLE                                           Handle        = 0x88982F73
+	WINCODEC_ERR_UNSUPPORTEDPIXELFORMAT                                       Handle        = 0x88982F80
+	WINCODEC_ERR_UNSUPPORTEDOPERATION                                         Handle        = 0x88982F81
+	WINCODEC_ERR_INVALIDREGISTRATION                                          Handle        = 0x88982F8A
+	WINCODEC_ERR_COMPONENTINITIALIZEFAILURE                                   Handle        = 0x88982F8B
+	WINCODEC_ERR_INSUFFICIENTBUFFER                                           Handle        = 0x88982F8C
+	WINCODEC_ERR_DUPLICATEMETADATAPRESENT                                     Handle        = 0x88982F8D
+	WINCODEC_ERR_PROPERTYUNEXPECTEDTYPE                                       Handle        = 0x88982F8E
+	WINCODEC_ERR_UNEXPECTEDSIZE                                               Handle        = 0x88982F8F
+	WINCODEC_ERR_INVALIDQUERYREQUEST                                          Handle        = 0x88982F90
+	WINCODEC_ERR_UNEXPECTEDMETADATATYPE                                       Handle        = 0x88982F91
+	WINCODEC_ERR_REQUESTONLYVALIDATMETADATAROOT                               Handle        = 0x88982F92
+	WINCODEC_ERR_INVALIDQUERYCHARACTER                                        Handle        = 0x88982F93
+	WINCODEC_ERR_WIN32ERROR                                                   Handle        = 0x88982F94
+	WINCODEC_ERR_INVALIDPROGRESSIVELEVEL                                      Handle        = 0x88982F95
+	WINCODEC_ERR_INVALIDJPEGSCANINDEX                                         Handle        = 0x88982F96
+	MILERR_OBJECTBUSY                                                         Handle        = 0x88980001
+	MILERR_INSUFFICIENTBUFFER                                                 Handle        = 0x88980002
+	MILERR_WIN32ERROR                                                         Handle        = 0x88980003
+	MILERR_SCANNER_FAILED                                                     Handle        = 0x88980004
+	MILERR_SCREENACCESSDENIED                                                 Handle        = 0x88980005
+	MILERR_DISPLAYSTATEINVALID                                                Handle        = 0x88980006
+	MILERR_NONINVERTIBLEMATRIX                                                Handle        = 0x88980007
+	MILERR_ZEROVECTOR                                                         Handle        = 0x88980008
+	MILERR_TERMINATED                                                         Handle        = 0x88980009
+	MILERR_BADNUMBER                                                          Handle        = 0x8898000A
+	MILERR_INTERNALERROR                                                      Handle        = 0x88980080
+	MILERR_DISPLAYFORMATNOTSUPPORTED                                          Handle        = 0x88980084
+	MILERR_INVALIDCALL                                                        Handle        = 0x88980085
+	MILERR_ALREADYLOCKED                                                      Handle        = 0x88980086
+	MILERR_NOTLOCKED                                                          Handle        = 0x88980087
+	MILERR_DEVICECANNOTRENDERTEXT                                             Handle        = 0x88980088
+	MILERR_GLYPHBITMAPMISSED                                                  Handle        = 0x88980089
+	MILERR_MALFORMEDGLYPHCACHE                                                Handle        = 0x8898008A
+	MILERR_GENERIC_IGNORE                                                     Handle        = 0x8898008B
+	MILERR_MALFORMED_GUIDELINE_DATA                                           Handle        = 0x8898008C
+	MILERR_NO_HARDWARE_DEVICE                                                 Handle        = 0x8898008D
+	MILERR_NEED_RECREATE_AND_PRESENT                                          Handle        = 0x8898008E
+	MILERR_ALREADY_INITIALIZED                                                Handle        = 0x8898008F
+	MILERR_MISMATCHED_SIZE                                                    Handle        = 0x88980090
+	MILERR_NO_REDIRECTION_SURFACE_AVAILABLE                                   Handle        = 0x88980091
+	MILERR_REMOTING_NOT_SUPPORTED                                             Handle        = 0x88980092
+	MILERR_QUEUED_PRESENT_NOT_SUPPORTED                                       Handle        = 0x88980093
+	MILERR_NOT_QUEUING_PRESENTS                                               Handle        = 0x88980094
+	MILERR_NO_REDIRECTION_SURFACE_RETRY_LATER                                 Handle        = 0x88980095
+	MILERR_TOOMANYSHADERELEMNTS                                               Handle        = 0x88980096
+	MILERR_MROW_READLOCK_FAILED                                               Handle        = 0x88980097
+	MILERR_MROW_UPDATE_FAILED                                                 Handle        = 0x88980098
+	MILERR_SHADER_COMPILE_FAILED                                              Handle        = 0x88980099
+	MILERR_MAX_TEXTURE_SIZE_EXCEEDED                                          Handle        = 0x8898009A
+	MILERR_QPC_TIME_WENT_BACKWARD                                             Handle        = 0x8898009B
+	MILERR_DXGI_ENUMERATION_OUT_OF_SYNC                                       Handle        = 0x8898009D
+	MILERR_ADAPTER_NOT_FOUND                                                  Handle        = 0x8898009E
+	MILERR_COLORSPACE_NOT_SUPPORTED                                           Handle        = 0x8898009F
+	MILERR_PREFILTER_NOT_SUPPORTED                                            Handle        = 0x889800A0
+	MILERR_DISPLAYID_ACCESS_DENIED                                            Handle        = 0x889800A1
+	UCEERR_INVALIDPACKETHEADER                                                Handle        = 0x88980400
+	UCEERR_UNKNOWNPACKET                                                      Handle        = 0x88980401
+	UCEERR_ILLEGALPACKET                                                      Handle        = 0x88980402
+	UCEERR_MALFORMEDPACKET                                                    Handle        = 0x88980403
+	UCEERR_ILLEGALHANDLE                                                      Handle        = 0x88980404
+	UCEERR_HANDLELOOKUPFAILED                                                 Handle        = 0x88980405
+	UCEERR_RENDERTHREADFAILURE                                                Handle        = 0x88980406
+	UCEERR_CTXSTACKFRSTTARGETNULL                                             Handle        = 0x88980407
+	UCEERR_CONNECTIONIDLOOKUPFAILED                                           Handle        = 0x88980408
+	UCEERR_BLOCKSFULL                                                         Handle        = 0x88980409
+	UCEERR_MEMORYFAILURE                                                      Handle        = 0x8898040A
+	UCEERR_PACKETRECORDOUTOFRANGE                                             Handle        = 0x8898040B
+	UCEERR_ILLEGALRECORDTYPE                                                  Handle        = 0x8898040C
+	UCEERR_OUTOFHANDLES                                                       Handle        = 0x8898040D
+	UCEERR_UNCHANGABLE_UPDATE_ATTEMPTED                                       Handle        = 0x8898040E
+	UCEERR_NO_MULTIPLE_WORKER_THREADS                                         Handle        = 0x8898040F
+	UCEERR_REMOTINGNOTSUPPORTED                                               Handle        = 0x88980410
+	UCEERR_MISSINGENDCOMMAND                                                  Handle        = 0x88980411
+	UCEERR_MISSINGBEGINCOMMAND                                                Handle        = 0x88980412
+	UCEERR_CHANNELSYNCTIMEDOUT                                                Handle        = 0x88980413
+	UCEERR_CHANNELSYNCABANDONED                                               Handle        = 0x88980414
+	UCEERR_UNSUPPORTEDTRANSPORTVERSION                                        Handle        = 0x88980415
+	UCEERR_TRANSPORTUNAVAILABLE                                               Handle        = 0x88980416
+	UCEERR_FEEDBACK_UNSUPPORTED                                               Handle        = 0x88980417
+	UCEERR_COMMANDTRANSPORTDENIED                                             Handle        = 0x88980418
+	UCEERR_GRAPHICSSTREAMUNAVAILABLE                                          Handle        = 0x88980419
+	UCEERR_GRAPHICSSTREAMALREADYOPEN                                          Handle        = 0x88980420
+	UCEERR_TRANSPORTDISCONNECTED                                              Handle        = 0x88980421
+	UCEERR_TRANSPORTOVERLOADED                                                Handle        = 0x88980422
+	UCEERR_PARTITION_ZOMBIED                                                  Handle        = 0x88980423
+	MILAVERR_NOCLOCK                                                          Handle        = 0x88980500
+	MILAVERR_NOMEDIATYPE                                                      Handle        = 0x88980501
+	MILAVERR_NOVIDEOMIXER                                                     Handle        = 0x88980502
+	MILAVERR_NOVIDEOPRESENTER                                                 Handle        = 0x88980503
+	MILAVERR_NOREADYFRAMES                                                    Handle        = 0x88980504
+	MILAVERR_MODULENOTLOADED                                                  Handle        = 0x88980505
+	MILAVERR_WMPFACTORYNOTREGISTERED                                          Handle        = 0x88980506
+	MILAVERR_INVALIDWMPVERSION                                                Handle        = 0x88980507
+	MILAVERR_INSUFFICIENTVIDEORESOURCES                                       Handle        = 0x88980508
+	MILAVERR_VIDEOACCELERATIONNOTAVAILABLE                                    Handle        = 0x88980509
+	MILAVERR_REQUESTEDTEXTURETOOBIG                                           Handle        = 0x8898050A
+	MILAVERR_SEEKFAILED                                                       Handle        = 0x8898050B
+	MILAVERR_UNEXPECTEDWMPFAILURE                                             Handle        = 0x8898050C
+	MILAVERR_MEDIAPLAYERCLOSED                                                Handle        = 0x8898050D
+	MILAVERR_UNKNOWNHARDWAREERROR                                             Handle        = 0x8898050E
+	MILEFFECTSERR_UNKNOWNPROPERTY                                             Handle        = 0x8898060E
+	MILEFFECTSERR_EFFECTNOTPARTOFGROUP                                        Handle        = 0x8898060F
+	MILEFFECTSERR_NOINPUTSOURCEATTACHED                                       Handle        = 0x88980610
+	MILEFFECTSERR_CONNECTORNOTCONNECTED                                       Handle        = 0x88980611
+	MILEFFECTSERR_CONNECTORNOTASSOCIATEDWITHEFFECT                            Handle        = 0x88980612
+	MILEFFECTSERR_RESERVED                                                    Handle        = 0x88980613
+	MILEFFECTSERR_CYCLEDETECTED                                               Handle        = 0x88980614
+	MILEFFECTSERR_EFFECTINMORETHANONEGRAPH                                    Handle        = 0x88980615
+	MILEFFECTSERR_EFFECTALREADYINAGRAPH                                       Handle        = 0x88980616
+	MILEFFECTSERR_EFFECTHASNOCHILDREN                                         Handle        = 0x88980617
+	MILEFFECTSERR_ALREADYATTACHEDTOLISTENER                                   Handle        = 0x88980618
+	MILEFFECTSERR_NOTAFFINETRANSFORM                                          Handle        = 0x88980619
+	MILEFFECTSERR_EMPTYBOUNDS                                                 Handle        = 0x8898061A
+	MILEFFECTSERR_OUTPUTSIZETOOLARGE                                          Handle        = 0x8898061B
+	DWMERR_STATE_TRANSITION_FAILED                                            Handle        = 0x88980700
+	DWMERR_THEME_FAILED                                                       Handle        = 0x88980701
+	DWMERR_CATASTROPHIC_FAILURE                                               Handle        = 0x88980702
+	DCOMPOSITION_ERROR_WINDOW_ALREADY_COMPOSED                                Handle        = 0x88980800
+	DCOMPOSITION_ERROR_SURFACE_BEING_RENDERED                                 Handle        = 0x88980801
+	DCOMPOSITION_ERROR_SURFACE_NOT_BEING_RENDERED                             Handle        = 0x88980802
+	ONL_E_INVALID_AUTHENTICATION_TARGET                                       Handle        = 0x80860001
+	ONL_E_ACCESS_DENIED_BY_TOU                                                Handle        = 0x80860002
+	ONL_E_INVALID_APPLICATION                                                 Handle        = 0x80860003
+	ONL_E_PASSWORD_UPDATE_REQUIRED                                            Handle        = 0x80860004
+	ONL_E_ACCOUNT_UPDATE_REQUIRED                                             Handle        = 0x80860005
+	ONL_E_FORCESIGNIN                                                         Handle        = 0x80860006
+	ONL_E_ACCOUNT_LOCKED                                                      Handle        = 0x80860007
+	ONL_E_PARENTAL_CONSENT_REQUIRED                                           Handle        = 0x80860008
+	ONL_E_EMAIL_VERIFICATION_REQUIRED                                         Handle        = 0x80860009
+	ONL_E_ACCOUNT_SUSPENDED_COMPROIMISE                                       Handle        = 0x8086000A
+	ONL_E_ACCOUNT_SUSPENDED_ABUSE                                             Handle        = 0x8086000B
+	ONL_E_ACTION_REQUIRED                                                     Handle        = 0x8086000C
+	ONL_CONNECTION_COUNT_LIMIT                                                Handle        = 0x8086000D
+	ONL_E_CONNECTED_ACCOUNT_CAN_NOT_SIGNOUT                                   Handle        = 0x8086000E
+	ONL_E_USER_AUTHENTICATION_REQUIRED                                        Handle        = 0x8086000F
+	ONL_E_REQUEST_THROTTLED                                                   Handle        = 0x80860010
+	FA_E_MAX_PERSISTED_ITEMS_REACHED                                          Handle        = 0x80270220
+	FA_E_HOMEGROUP_NOT_AVAILABLE                                              Handle        = 0x80270222
+	E_MONITOR_RESOLUTION_TOO_LOW                                              Handle        = 0x80270250
+	E_ELEVATED_ACTIVATION_NOT_SUPPORTED                                       Handle        = 0x80270251
+	E_UAC_DISABLED                                                            Handle        = 0x80270252
+	E_FULL_ADMIN_NOT_SUPPORTED                                                Handle        = 0x80270253
+	E_APPLICATION_NOT_REGISTERED                                              Handle        = 0x80270254
+	E_MULTIPLE_EXTENSIONS_FOR_APPLICATION                                     Handle        = 0x80270255
+	E_MULTIPLE_PACKAGES_FOR_FAMILY                                            Handle        = 0x80270256
+	E_APPLICATION_MANAGER_NOT_RUNNING                                         Handle        = 0x80270257
+	S_STORE_LAUNCHED_FOR_REMEDIATION                                          Handle        = 0x00270258
+	S_APPLICATION_ACTIVATION_ERROR_HANDLED_BY_DIALOG                          Handle        = 0x00270259
+	E_APPLICATION_ACTIVATION_TIMED_OUT                                        Handle        = 0x8027025A
+	E_APPLICATION_ACTIVATION_EXEC_FAILURE                                     Handle        = 0x8027025B
+	E_APPLICATION_TEMPORARY_LICENSE_ERROR                                     Handle        = 0x8027025C
+	E_APPLICATION_TRIAL_LICENSE_EXPIRED                                       Handle        = 0x8027025D
+	E_SKYDRIVE_ROOT_TARGET_FILE_SYSTEM_NOT_SUPPORTED                          Handle        = 0x80270260
+	E_SKYDRIVE_ROOT_TARGET_OVERLAP                                            Handle        = 0x80270261
+	E_SKYDRIVE_ROOT_TARGET_CANNOT_INDEX                                       Handle        = 0x80270262
+	E_SKYDRIVE_FILE_NOT_UPLOADED                                              Handle        = 0x80270263
+	E_SKYDRIVE_UPDATE_AVAILABILITY_FAIL                                       Handle        = 0x80270264
+	E_SKYDRIVE_ROOT_TARGET_VOLUME_ROOT_NOT_SUPPORTED                          Handle        = 0x80270265
+	E_SYNCENGINE_FILE_SIZE_OVER_LIMIT                                         Handle        = 0x8802B001
+	E_SYNCENGINE_FILE_SIZE_EXCEEDS_REMAINING_QUOTA                            Handle        = 0x8802B002
+	E_SYNCENGINE_UNSUPPORTED_FILE_NAME                                        Handle        = 0x8802B003
+	E_SYNCENGINE_FOLDER_ITEM_COUNT_LIMIT_EXCEEDED                             Handle        = 0x8802B004
+	E_SYNCENGINE_FILE_SYNC_PARTNER_ERROR                                      Handle        = 0x8802B005
+	E_SYNCENGINE_SYNC_PAUSED_BY_SERVICE                                       Handle        = 0x8802B006
+	E_SYNCENGINE_FILE_IDENTIFIER_UNKNOWN                                      Handle        = 0x8802C002
+	E_SYNCENGINE_SERVICE_AUTHENTICATION_FAILED                                Handle        = 0x8802C003
+	E_SYNCENGINE_UNKNOWN_SERVICE_ERROR                                        Handle        = 0x8802C004
+	E_SYNCENGINE_SERVICE_RETURNED_UNEXPECTED_SIZE                             Handle        = 0x8802C005
+	E_SYNCENGINE_REQUEST_BLOCKED_BY_SERVICE                                   Handle        = 0x8802C006
+	E_SYNCENGINE_REQUEST_BLOCKED_DUE_TO_CLIENT_ERROR                          Handle        = 0x8802C007
+	E_SYNCENGINE_FOLDER_INACCESSIBLE                                          Handle        = 0x8802D001
+	E_SYNCENGINE_UNSUPPORTED_FOLDER_NAME                                      Handle        = 0x8802D002
+	E_SYNCENGINE_UNSUPPORTED_MARKET                                           Handle        = 0x8802D003
+	E_SYNCENGINE_PATH_LENGTH_LIMIT_EXCEEDED                                   Handle        = 0x8802D004
+	E_SYNCENGINE_REMOTE_PATH_LENGTH_LIMIT_EXCEEDED                            Handle        = 0x8802D005
+	E_SYNCENGINE_CLIENT_UPDATE_NEEDED                                         Handle        = 0x8802D006
+	E_SYNCENGINE_PROXY_AUTHENTICATION_REQUIRED                                Handle        = 0x8802D007
+	E_SYNCENGINE_STORAGE_SERVICE_PROVISIONING_FAILED                          Handle        = 0x8802D008
+	E_SYNCENGINE_UNSUPPORTED_REPARSE_POINT                                    Handle        = 0x8802D009
+	E_SYNCENGINE_STORAGE_SERVICE_BLOCKED                                      Handle        = 0x8802D00A
+	E_SYNCENGINE_FOLDER_IN_REDIRECTION                                        Handle        = 0x8802D00B
+	EAS_E_POLICY_NOT_MANAGED_BY_OS                                            Handle        = 0x80550001
+	EAS_E_POLICY_COMPLIANT_WITH_ACTIONS                                       Handle        = 0x80550002
+	EAS_E_REQUESTED_POLICY_NOT_ENFORCEABLE                                    Handle        = 0x80550003
+	EAS_E_CURRENT_USER_HAS_BLANK_PASSWORD                                     Handle        = 0x80550004
+	EAS_E_REQUESTED_POLICY_PASSWORD_EXPIRATION_INCOMPATIBLE                   Handle        = 0x80550005
+	EAS_E_USER_CANNOT_CHANGE_PASSWORD                                         Handle        = 0x80550006
+	EAS_E_ADMINS_HAVE_BLANK_PASSWORD                                          Handle        = 0x80550007
+	EAS_E_ADMINS_CANNOT_CHANGE_PASSWORD                                       Handle        = 0x80550008
+	EAS_E_LOCAL_CONTROLLED_USERS_CANNOT_CHANGE_PASSWORD                       Handle        = 0x80550009
+	EAS_E_PASSWORD_POLICY_NOT_ENFORCEABLE_FOR_CONNECTED_ADMINS                Handle        = 0x8055000A
+	EAS_E_CONNECTED_ADMINS_NEED_TO_CHANGE_PASSWORD                            Handle        = 0x8055000B
+	EAS_E_PASSWORD_POLICY_NOT_ENFORCEABLE_FOR_CURRENT_CONNECTED_USER          Handle        = 0x8055000C
+	EAS_E_CURRENT_CONNECTED_USER_NEED_TO_CHANGE_PASSWORD                      Handle        = 0x8055000D
+	WEB_E_UNSUPPORTED_FORMAT                                                  Handle        = 0x83750001
+	WEB_E_INVALID_XML                                                         Handle        = 0x83750002
+	WEB_E_MISSING_REQUIRED_ELEMENT                                            Handle        = 0x83750003
+	WEB_E_MISSING_REQUIRED_ATTRIBUTE                                          Handle        = 0x83750004
+	WEB_E_UNEXPECTED_CONTENT                                                  Handle        = 0x83750005
+	WEB_E_RESOURCE_TOO_LARGE                                                  Handle        = 0x83750006
+	WEB_E_INVALID_JSON_STRING                                                 Handle        = 0x83750007
+	WEB_E_INVALID_JSON_NUMBER                                                 Handle        = 0x83750008
+	WEB_E_JSON_VALUE_NOT_FOUND                                                Handle        = 0x83750009
+	HTTP_E_STATUS_UNEXPECTED                                                  Handle        = 0x80190001
+	HTTP_E_STATUS_UNEXPECTED_REDIRECTION                                      Handle        = 0x80190003
+	HTTP_E_STATUS_UNEXPECTED_CLIENT_ERROR                                     Handle        = 0x80190004
+	HTTP_E_STATUS_UNEXPECTED_SERVER_ERROR                                     Handle        = 0x80190005
+	HTTP_E_STATUS_AMBIGUOUS                                                   Handle        = 0x8019012C
+	HTTP_E_STATUS_MOVED                                                       Handle        = 0x8019012D
+	HTTP_E_STATUS_REDIRECT                                                    Handle        = 0x8019012E
+	HTTP_E_STATUS_REDIRECT_METHOD                                             Handle        = 0x8019012F
+	HTTP_E_STATUS_NOT_MODIFIED                                                Handle        = 0x80190130
+	HTTP_E_STATUS_USE_PROXY                                                   Handle        = 0x80190131
+	HTTP_E_STATUS_REDIRECT_KEEP_VERB                                          Handle        = 0x80190133
+	HTTP_E_STATUS_BAD_REQUEST                                                 Handle        = 0x80190190
+	HTTP_E_STATUS_DENIED                                                      Handle        = 0x80190191
+	HTTP_E_STATUS_PAYMENT_REQ                                                 Handle        = 0x80190192
+	HTTP_E_STATUS_FORBIDDEN                                                   Handle        = 0x80190193
+	HTTP_E_STATUS_NOT_FOUND                                                   Handle        = 0x80190194
+	HTTP_E_STATUS_BAD_METHOD                                                  Handle        = 0x80190195
+	HTTP_E_STATUS_NONE_ACCEPTABLE                                             Handle        = 0x80190196
+	HTTP_E_STATUS_PROXY_AUTH_REQ                                              Handle        = 0x80190197
+	HTTP_E_STATUS_REQUEST_TIMEOUT                                             Handle        = 0x80190198
+	HTTP_E_STATUS_CONFLICT                                                    Handle        = 0x80190199
+	HTTP_E_STATUS_GONE                                                        Handle        = 0x8019019A
+	HTTP_E_STATUS_LENGTH_REQUIRED                                             Handle        = 0x8019019B
+	HTTP_E_STATUS_PRECOND_FAILED                                              Handle        = 0x8019019C
+	HTTP_E_STATUS_REQUEST_TOO_LARGE                                           Handle        = 0x8019019D
+	HTTP_E_STATUS_URI_TOO_LONG                                                Handle        = 0x8019019E
+	HTTP_E_STATUS_UNSUPPORTED_MEDIA                                           Handle        = 0x8019019F
+	HTTP_E_STATUS_RANGE_NOT_SATISFIABLE                                       Handle        = 0x801901A0
+	HTTP_E_STATUS_EXPECTATION_FAILED                                          Handle        = 0x801901A1
+	HTTP_E_STATUS_SERVER_ERROR                                                Handle        = 0x801901F4
+	HTTP_E_STATUS_NOT_SUPPORTED                                               Handle        = 0x801901F5
+	HTTP_E_STATUS_BAD_GATEWAY                                                 Handle        = 0x801901F6
+	HTTP_E_STATUS_SERVICE_UNAVAIL                                             Handle        = 0x801901F7
+	HTTP_E_STATUS_GATEWAY_TIMEOUT                                             Handle        = 0x801901F8
+	HTTP_E_STATUS_VERSION_NOT_SUP                                             Handle        = 0x801901F9
+	E_INVALID_PROTOCOL_OPERATION                                              Handle        = 0x83760001
+	E_INVALID_PROTOCOL_FORMAT                                                 Handle        = 0x83760002
+	E_PROTOCOL_EXTENSIONS_NOT_SUPPORTED                                       Handle        = 0x83760003
+	E_SUBPROTOCOL_NOT_SUPPORTED                                               Handle        = 0x83760004
+	E_PROTOCOL_VERSION_NOT_SUPPORTED                                          Handle        = 0x83760005
+	INPUT_E_OUT_OF_ORDER                                                      Handle        = 0x80400000
+	INPUT_E_REENTRANCY                                                        Handle        = 0x80400001
+	INPUT_E_MULTIMODAL                                                        Handle        = 0x80400002
+	INPUT_E_PACKET                                                            Handle        = 0x80400003
+	INPUT_E_FRAME                                                             Handle        = 0x80400004
+	INPUT_E_HISTORY                                                           Handle        = 0x80400005
+	INPUT_E_DEVICE_INFO                                                       Handle        = 0x80400006
+	INPUT_E_TRANSFORM                                                         Handle        = 0x80400007
+	INPUT_E_DEVICE_PROPERTY                                                   Handle        = 0x80400008
+	INET_E_INVALID_URL                                                        Handle        = 0x800C0002
+	INET_E_NO_SESSION                                                         Handle        = 0x800C0003
+	INET_E_CANNOT_CONNECT                                                     Handle        = 0x800C0004
+	INET_E_RESOURCE_NOT_FOUND                                                 Handle        = 0x800C0005
+	INET_E_OBJECT_NOT_FOUND                                                   Handle        = 0x800C0006
+	INET_E_DATA_NOT_AVAILABLE                                                 Handle        = 0x800C0007
+	INET_E_DOWNLOAD_FAILURE                                                   Handle        = 0x800C0008
+	INET_E_AUTHENTICATION_REQUIRED                                            Handle        = 0x800C0009
+	INET_E_NO_VALID_MEDIA                                                     Handle        = 0x800C000A
+	INET_E_CONNECTION_TIMEOUT                                                 Handle        = 0x800C000B
+	INET_E_INVALID_REQUEST                                                    Handle        = 0x800C000C
+	INET_E_UNKNOWN_PROTOCOL                                                   Handle        = 0x800C000D
+	INET_E_SECURITY_PROBLEM                                                   Handle        = 0x800C000E
+	INET_E_CANNOT_LOAD_DATA                                                   Handle        = 0x800C000F
+	INET_E_CANNOT_INSTANTIATE_OBJECT                                          Handle        = 0x800C0010
+	INET_E_INVALID_CERTIFICATE                                                Handle        = 0x800C0019
+	INET_E_REDIRECT_FAILED                                                    Handle        = 0x800C0014
+	INET_E_REDIRECT_TO_DIR                                                    Handle        = 0x800C0015
+	ERROR_DBG_CREATE_PROCESS_FAILURE_LOCKDOWN                                 Handle        = 0x80B00001
+	ERROR_DBG_ATTACH_PROCESS_FAILURE_LOCKDOWN                                 Handle        = 0x80B00002
+	ERROR_DBG_CONNECT_SERVER_FAILURE_LOCKDOWN                                 Handle        = 0x80B00003
+	ERROR_DBG_START_SERVER_FAILURE_LOCKDOWN                                   Handle        = 0x80B00004
+	ERROR_IO_PREEMPTED                                                        Handle        = 0x89010001
+	JSCRIPT_E_CANTEXECUTE                                                     Handle        = 0x89020001
+	WEP_E_NOT_PROVISIONED_ON_ALL_VOLUMES                                      Handle        = 0x88010001
+	WEP_E_FIXED_DATA_NOT_SUPPORTED                                            Handle        = 0x88010002
+	WEP_E_HARDWARE_NOT_COMPLIANT                                              Handle        = 0x88010003
+	WEP_E_LOCK_NOT_CONFIGURED                                                 Handle        = 0x88010004
+	WEP_E_PROTECTION_SUSPENDED                                                Handle        = 0x88010005
+	WEP_E_NO_LICENSE                                                          Handle        = 0x88010006
+	WEP_E_OS_NOT_PROTECTED                                                    Handle        = 0x88010007
+	WEP_E_UNEXPECTED_FAIL                                                     Handle        = 0x88010008
+	WEP_E_BUFFER_TOO_LARGE                                                    Handle        = 0x88010009
+	ERROR_SVHDX_ERROR_STORED                                                  Handle        = 0xC05C0000
+	ERROR_SVHDX_ERROR_NOT_AVAILABLE                                           Handle        = 0xC05CFF00
+	ERROR_SVHDX_UNIT_ATTENTION_AVAILABLE                                      Handle        = 0xC05CFF01
+	ERROR_SVHDX_UNIT_ATTENTION_CAPACITY_DATA_CHANGED                          Handle        = 0xC05CFF02
+	ERROR_SVHDX_UNIT_ATTENTION_RESERVATIONS_PREEMPTED                         Handle        = 0xC05CFF03
+	ERROR_SVHDX_UNIT_ATTENTION_RESERVATIONS_RELEASED                          Handle        = 0xC05CFF04
+	ERROR_SVHDX_UNIT_ATTENTION_REGISTRATIONS_PREEMPTED                        Handle        = 0xC05CFF05
+	ERROR_SVHDX_UNIT_ATTENTION_OPERATING_DEFINITION_CHANGED                   Handle        = 0xC05CFF06
+	ERROR_SVHDX_RESERVATION_CONFLICT                                          Handle        = 0xC05CFF07
+	ERROR_SVHDX_WRONG_FILE_TYPE                                               Handle        = 0xC05CFF08
+	ERROR_SVHDX_VERSION_MISMATCH                                              Handle        = 0xC05CFF09
+	ERROR_VHD_SHARED                                                          Handle        = 0xC05CFF0A
+	ERROR_SVHDX_NO_INITIATOR                                                  Handle        = 0xC05CFF0B
+	ERROR_VHDSET_BACKING_STORAGE_NOT_FOUND                                    Handle        = 0xC05CFF0C
+	ERROR_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP                               Handle        = 0xC05D0000
+	ERROR_SMB_BAD_CLUSTER_DIALECT                                             Handle        = 0xC05D0001
+	WININET_E_OUT_OF_HANDLES                                                  Handle        = 0x80072EE1
+	WININET_E_TIMEOUT                                                         Handle        = 0x80072EE2
+	WININET_E_EXTENDED_ERROR                                                  Handle        = 0x80072EE3
+	WININET_E_INTERNAL_ERROR                                                  Handle        = 0x80072EE4
+	WININET_E_INVALID_URL                                                     Handle        = 0x80072EE5
+	WININET_E_UNRECOGNIZED_SCHEME                                             Handle        = 0x80072EE6
+	WININET_E_NAME_NOT_RESOLVED                                               Handle        = 0x80072EE7
+	WININET_E_PROTOCOL_NOT_FOUND                                              Handle        = 0x80072EE8
+	WININET_E_INVALID_OPTION                                                  Handle        = 0x80072EE9
+	WININET_E_BAD_OPTION_LENGTH                                               Handle        = 0x80072EEA
+	WININET_E_OPTION_NOT_SETTABLE                                             Handle        = 0x80072EEB
+	WININET_E_SHUTDOWN                                                        Handle        = 0x80072EEC
+	WININET_E_INCORRECT_USER_NAME                                             Handle        = 0x80072EED
+	WININET_E_INCORRECT_PASSWORD                                              Handle        = 0x80072EEE
+	WININET_E_LOGIN_FAILURE                                                   Handle        = 0x80072EEF
+	WININET_E_INVALID_OPERATION                                               Handle        = 0x80072EF0
+	WININET_E_OPERATION_CANCELLED                                             Handle        = 0x80072EF1
+	WININET_E_INCORRECT_HANDLE_TYPE                                           Handle        = 0x80072EF2
+	WININET_E_INCORRECT_HANDLE_STATE                                          Handle        = 0x80072EF3
+	WININET_E_NOT_PROXY_REQUEST                                               Handle        = 0x80072EF4
+	WININET_E_REGISTRY_VALUE_NOT_FOUND                                        Handle        = 0x80072EF5
+	WININET_E_BAD_REGISTRY_PARAMETER                                          Handle        = 0x80072EF6
+	WININET_E_NO_DIRECT_ACCESS                                                Handle        = 0x80072EF7
+	WININET_E_NO_CONTEXT                                                      Handle        = 0x80072EF8
+	WININET_E_NO_CALLBACK                                                     Handle        = 0x80072EF9
+	WININET_E_REQUEST_PENDING                                                 Handle        = 0x80072EFA
+	WININET_E_INCORRECT_FORMAT                                                Handle        = 0x80072EFB
+	WININET_E_ITEM_NOT_FOUND                                                  Handle        = 0x80072EFC
+	WININET_E_CANNOT_CONNECT                                                  Handle        = 0x80072EFD
+	WININET_E_CONNECTION_ABORTED                                              Handle        = 0x80072EFE
+	WININET_E_CONNECTION_RESET                                                Handle        = 0x80072EFF
+	WININET_E_FORCE_RETRY                                                     Handle        = 0x80072F00
+	WININET_E_INVALID_PROXY_REQUEST                                           Handle        = 0x80072F01
+	WININET_E_NEED_UI                                                         Handle        = 0x80072F02
+	WININET_E_HANDLE_EXISTS                                                   Handle        = 0x80072F04
+	WININET_E_SEC_CERT_DATE_INVALID                                           Handle        = 0x80072F05
+	WININET_E_SEC_CERT_CN_INVALID                                             Handle        = 0x80072F06
+	WININET_E_HTTP_TO_HTTPS_ON_REDIR                                          Handle        = 0x80072F07
+	WININET_E_HTTPS_TO_HTTP_ON_REDIR                                          Handle        = 0x80072F08
+	WININET_E_MIXED_SECURITY                                                  Handle        = 0x80072F09
+	WININET_E_CHG_POST_IS_NON_SECURE                                          Handle        = 0x80072F0A
+	WININET_E_POST_IS_NON_SECURE                                              Handle        = 0x80072F0B
+	WININET_E_CLIENT_AUTH_CERT_NEEDED                                         Handle        = 0x80072F0C
+	WININET_E_INVALID_CA                                                      Handle        = 0x80072F0D
+	WININET_E_CLIENT_AUTH_NOT_SETUP                                           Handle        = 0x80072F0E
+	WININET_E_ASYNC_THREAD_FAILED                                             Handle        = 0x80072F0F
+	WININET_E_REDIRECT_SCHEME_CHANGE                                          Handle        = 0x80072F10
+	WININET_E_DIALOG_PENDING                                                  Handle        = 0x80072F11
+	WININET_E_RETRY_DIALOG                                                    Handle        = 0x80072F12
+	WININET_E_NO_NEW_CONTAINERS                                               Handle        = 0x80072F13
+	WININET_E_HTTPS_HTTP_SUBMIT_REDIR                                         Handle        = 0x80072F14
+	WININET_E_SEC_CERT_ERRORS                                                 Handle        = 0x80072F17
+	WININET_E_SEC_CERT_REV_FAILED                                             Handle        = 0x80072F19
+	WININET_E_HEADER_NOT_FOUND                                                Handle        = 0x80072F76
+	WININET_E_DOWNLEVEL_SERVER                                                Handle        = 0x80072F77
+	WININET_E_INVALID_SERVER_RESPONSE                                         Handle        = 0x80072F78
+	WININET_E_INVALID_HEADER                                                  Handle        = 0x80072F79
+	WININET_E_INVALID_QUERY_REQUEST                                           Handle        = 0x80072F7A
+	WININET_E_HEADER_ALREADY_EXISTS                                           Handle        = 0x80072F7B
+	WININET_E_REDIRECT_FAILED                                                 Handle        = 0x80072F7C
+	WININET_E_SECURITY_CHANNEL_ERROR                                          Handle        = 0x80072F7D
+	WININET_E_UNABLE_TO_CACHE_FILE                                            Handle        = 0x80072F7E
+	WININET_E_TCPIP_NOT_INSTALLED                                             Handle        = 0x80072F7F
+	WININET_E_DISCONNECTED                                                    Handle        = 0x80072F83
+	WININET_E_SERVER_UNREACHABLE                                              Handle        = 0x80072F84
+	WININET_E_PROXY_SERVER_UNREACHABLE                                        Handle        = 0x80072F85
+	WININET_E_BAD_AUTO_PROXY_SCRIPT                                           Handle        = 0x80072F86
+	WININET_E_UNABLE_TO_DOWNLOAD_SCRIPT                                       Handle        = 0x80072F87
+	WININET_E_SEC_INVALID_CERT                                                Handle        = 0x80072F89
+	WININET_E_SEC_CERT_REVOKED                                                Handle        = 0x80072F8A
+	WININET_E_FAILED_DUETOSECURITYCHECK                                       Handle        = 0x80072F8B
+	WININET_E_NOT_INITIALIZED                                                 Handle        = 0x80072F8C
+	WININET_E_LOGIN_FAILURE_DISPLAY_ENTITY_BODY                               Handle        = 0x80072F8E
+	WININET_E_DECODING_FAILED                                                 Handle        = 0x80072F8F
+	WININET_E_NOT_REDIRECTED                                                  Handle        = 0x80072F80
+	WININET_E_COOKIE_NEEDS_CONFIRMATION                                       Handle        = 0x80072F81
+	WININET_E_COOKIE_DECLINED                                                 Handle        = 0x80072F82
+	WININET_E_REDIRECT_NEEDS_CONFIRMATION                                     Handle        = 0x80072F88
+	SQLITE_E_ERROR                                                            Handle        = 0x87AF0001
+	SQLITE_E_INTERNAL                                                         Handle        = 0x87AF0002
+	SQLITE_E_PERM                                                             Handle        = 0x87AF0003
+	SQLITE_E_ABORT                                                            Handle        = 0x87AF0004
+	SQLITE_E_BUSY                                                             Handle        = 0x87AF0005
+	SQLITE_E_LOCKED                                                           Handle        = 0x87AF0006
+	SQLITE_E_NOMEM                                                            Handle        = 0x87AF0007
+	SQLITE_E_READONLY                                                         Handle        = 0x87AF0008
+	SQLITE_E_INTERRUPT                                                        Handle        = 0x87AF0009
+	SQLITE_E_IOERR                                                            Handle        = 0x87AF000A
+	SQLITE_E_CORRUPT                                                          Handle        = 0x87AF000B
+	SQLITE_E_NOTFOUND                                                         Handle        = 0x87AF000C
+	SQLITE_E_FULL                                                             Handle        = 0x87AF000D
+	SQLITE_E_CANTOPEN                                                         Handle        = 0x87AF000E
+	SQLITE_E_PROTOCOL                                                         Handle        = 0x87AF000F
+	SQLITE_E_EMPTY                                                            Handle        = 0x87AF0010
+	SQLITE_E_SCHEMA                                                           Handle        = 0x87AF0011
+	SQLITE_E_TOOBIG                                                           Handle        = 0x87AF0012
+	SQLITE_E_CONSTRAINT                                                       Handle        = 0x87AF0013
+	SQLITE_E_MISMATCH                                                         Handle        = 0x87AF0014
+	SQLITE_E_MISUSE                                                           Handle        = 0x87AF0015
+	SQLITE_E_NOLFS                                                            Handle        = 0x87AF0016
+	SQLITE_E_AUTH                                                             Handle        = 0x87AF0017
+	SQLITE_E_FORMAT                                                           Handle        = 0x87AF0018
+	SQLITE_E_RANGE                                                            Handle        = 0x87AF0019
+	SQLITE_E_NOTADB                                                           Handle        = 0x87AF001A
+	SQLITE_E_NOTICE                                                           Handle        = 0x87AF001B
+	SQLITE_E_WARNING                                                          Handle        = 0x87AF001C
+	SQLITE_E_ROW                                                              Handle        = 0x87AF0064
+	SQLITE_E_DONE                                                             Handle        = 0x87AF0065
+	SQLITE_E_IOERR_READ                                                       Handle        = 0x87AF010A
+	SQLITE_E_IOERR_SHORT_READ                                                 Handle        = 0x87AF020A
+	SQLITE_E_IOERR_WRITE                                                      Handle        = 0x87AF030A
+	SQLITE_E_IOERR_FSYNC                                                      Handle        = 0x87AF040A
+	SQLITE_E_IOERR_DIR_FSYNC                                                  Handle        = 0x87AF050A
+	SQLITE_E_IOERR_TRUNCATE                                                   Handle        = 0x87AF060A
+	SQLITE_E_IOERR_FSTAT                                                      Handle        = 0x87AF070A
+	SQLITE_E_IOERR_UNLOCK                                                     Handle        = 0x87AF080A
+	SQLITE_E_IOERR_RDLOCK                                                     Handle        = 0x87AF090A
+	SQLITE_E_IOERR_DELETE                                                     Handle        = 0x87AF0A0A
+	SQLITE_E_IOERR_BLOCKED                                                    Handle        = 0x87AF0B0A
+	SQLITE_E_IOERR_NOMEM                                                      Handle        = 0x87AF0C0A
+	SQLITE_E_IOERR_ACCESS                                                     Handle        = 0x87AF0D0A
+	SQLITE_E_IOERR_CHECKRESERVEDLOCK                                          Handle        = 0x87AF0E0A
+	SQLITE_E_IOERR_LOCK                                                       Handle        = 0x87AF0F0A
+	SQLITE_E_IOERR_CLOSE                                                      Handle        = 0x87AF100A
+	SQLITE_E_IOERR_DIR_CLOSE                                                  Handle        = 0x87AF110A
+	SQLITE_E_IOERR_SHMOPEN                                                    Handle        = 0x87AF120A
+	SQLITE_E_IOERR_SHMSIZE                                                    Handle        = 0x87AF130A
+	SQLITE_E_IOERR_SHMLOCK                                                    Handle        = 0x87AF140A
+	SQLITE_E_IOERR_SHMMAP                                                     Handle        = 0x87AF150A
+	SQLITE_E_IOERR_SEEK                                                       Handle        = 0x87AF160A
+	SQLITE_E_IOERR_DELETE_NOENT                                               Handle        = 0x87AF170A
+	SQLITE_E_IOERR_MMAP                                                       Handle        = 0x87AF180A
+	SQLITE_E_IOERR_GETTEMPPATH                                                Handle        = 0x87AF190A
+	SQLITE_E_IOERR_CONVPATH                                                   Handle        = 0x87AF1A0A
+	SQLITE_E_IOERR_VNODE                                                      Handle        = 0x87AF1A02
+	SQLITE_E_IOERR_AUTH                                                       Handle        = 0x87AF1A03
+	SQLITE_E_LOCKED_SHAREDCACHE                                               Handle        = 0x87AF0106
+	SQLITE_E_BUSY_RECOVERY                                                    Handle        = 0x87AF0105
+	SQLITE_E_BUSY_SNAPSHOT                                                    Handle        = 0x87AF0205
+	SQLITE_E_CANTOPEN_NOTEMPDIR                                               Handle        = 0x87AF010E
+	SQLITE_E_CANTOPEN_ISDIR                                                   Handle        = 0x87AF020E
+	SQLITE_E_CANTOPEN_FULLPATH                                                Handle        = 0x87AF030E
+	SQLITE_E_CANTOPEN_CONVPATH                                                Handle        = 0x87AF040E
+	SQLITE_E_CORRUPT_VTAB                                                     Handle        = 0x87AF010B
+	SQLITE_E_READONLY_RECOVERY                                                Handle        = 0x87AF0108
+	SQLITE_E_READONLY_CANTLOCK                                                Handle        = 0x87AF0208
+	SQLITE_E_READONLY_ROLLBACK                                                Handle        = 0x87AF0308
+	SQLITE_E_READONLY_DBMOVED                                                 Handle        = 0x87AF0408
+	SQLITE_E_ABORT_ROLLBACK                                                   Handle        = 0x87AF0204
+	SQLITE_E_CONSTRAINT_CHECK                                                 Handle        = 0x87AF0113
+	SQLITE_E_CONSTRAINT_COMMITHOOK                                            Handle        = 0x87AF0213
+	SQLITE_E_CONSTRAINT_FOREIGNKEY                                            Handle        = 0x87AF0313
+	SQLITE_E_CONSTRAINT_FUNCTION                                              Handle        = 0x87AF0413
+	SQLITE_E_CONSTRAINT_NOTNULL                                               Handle        = 0x87AF0513
+	SQLITE_E_CONSTRAINT_PRIMARYKEY                                            Handle        = 0x87AF0613
+	SQLITE_E_CONSTRAINT_TRIGGER                                               Handle        = 0x87AF0713
+	SQLITE_E_CONSTRAINT_UNIQUE                                                Handle        = 0x87AF0813
+	SQLITE_E_CONSTRAINT_VTAB                                                  Handle        = 0x87AF0913
+	SQLITE_E_CONSTRAINT_ROWID                                                 Handle        = 0x87AF0A13
+	SQLITE_E_NOTICE_RECOVER_WAL                                               Handle        = 0x87AF011B
+	SQLITE_E_NOTICE_RECOVER_ROLLBACK                                          Handle        = 0x87AF021B
+	SQLITE_E_WARNING_AUTOINDEX                                                Handle        = 0x87AF011C
+	UTC_E_TOGGLE_TRACE_STARTED                                                Handle        = 0x87C51001
+	UTC_E_ALTERNATIVE_TRACE_CANNOT_PREEMPT                                    Handle        = 0x87C51002
+	UTC_E_AOT_NOT_RUNNING                                                     Handle        = 0x87C51003
+	UTC_E_SCRIPT_TYPE_INVALID                                                 Handle        = 0x87C51004
+	UTC_E_SCENARIODEF_NOT_FOUND                                               Handle        = 0x87C51005
+	UTC_E_TRACEPROFILE_NOT_FOUND                                              Handle        = 0x87C51006
+	UTC_E_FORWARDER_ALREADY_ENABLED                                           Handle        = 0x87C51007
+	UTC_E_FORWARDER_ALREADY_DISABLED                                          Handle        = 0x87C51008
+	UTC_E_EVENTLOG_ENTRY_MALFORMED                                            Handle        = 0x87C51009
+	UTC_E_DIAGRULES_SCHEMAVERSION_MISMATCH                                    Handle        = 0x87C5100A
+	UTC_E_SCRIPT_TERMINATED                                                   Handle        = 0x87C5100B
+	UTC_E_INVALID_CUSTOM_FILTER                                               Handle        = 0x87C5100C
+	UTC_E_TRACE_NOT_RUNNING                                                   Handle        = 0x87C5100D
+	UTC_E_REESCALATED_TOO_QUICKLY                                             Handle        = 0x87C5100E
+	UTC_E_ESCALATION_ALREADY_RUNNING                                          Handle        = 0x87C5100F
+	UTC_E_PERFTRACK_ALREADY_TRACING                                           Handle        = 0x87C51010
+	UTC_E_REACHED_MAX_ESCALATIONS                                             Handle        = 0x87C51011
+	UTC_E_FORWARDER_PRODUCER_MISMATCH                                         Handle        = 0x87C51012
+	UTC_E_INTENTIONAL_SCRIPT_FAILURE                                          Handle        = 0x87C51013
+	UTC_E_SQM_INIT_FAILED                                                     Handle        = 0x87C51014
+	UTC_E_NO_WER_LOGGER_SUPPORTED                                             Handle        = 0x87C51015
+	UTC_E_TRACERS_DONT_EXIST                                                  Handle        = 0x87C51016
+	UTC_E_WINRT_INIT_FAILED                                                   Handle        = 0x87C51017
+	UTC_E_SCENARIODEF_SCHEMAVERSION_MISMATCH                                  Handle        = 0x87C51018
+	UTC_E_INVALID_FILTER                                                      Handle        = 0x87C51019
+	UTC_E_EXE_TERMINATED                                                      Handle        = 0x87C5101A
+	UTC_E_ESCALATION_NOT_AUTHORIZED                                           Handle        = 0x87C5101B
+	UTC_E_SETUP_NOT_AUTHORIZED                                                Handle        = 0x87C5101C
+	UTC_E_CHILD_PROCESS_FAILED                                                Handle        = 0x87C5101D
+	UTC_E_COMMAND_LINE_NOT_AUTHORIZED                                         Handle        = 0x87C5101E
+	UTC_E_CANNOT_LOAD_SCENARIO_EDITOR_XML                                     Handle        = 0x87C5101F
+	UTC_E_ESCALATION_TIMED_OUT                                                Handle        = 0x87C51020
+	UTC_E_SETUP_TIMED_OUT                                                     Handle        = 0x87C51021
+	UTC_E_TRIGGER_MISMATCH                                                    Handle        = 0x87C51022
+	UTC_E_TRIGGER_NOT_FOUND                                                   Handle        = 0x87C51023
+	UTC_E_SIF_NOT_SUPPORTED                                                   Handle        = 0x87C51024
+	UTC_E_DELAY_TERMINATED                                                    Handle        = 0x87C51025
+	UTC_E_DEVICE_TICKET_ERROR                                                 Handle        = 0x87C51026
+	UTC_E_TRACE_BUFFER_LIMIT_EXCEEDED                                         Handle        = 0x87C51027
+	UTC_E_API_RESULT_UNAVAILABLE                                              Handle        = 0x87C51028
+	UTC_E_RPC_TIMEOUT                                                         Handle        = 0x87C51029
+	UTC_E_RPC_WAIT_FAILED                                                     Handle        = 0x87C5102A
+	UTC_E_API_BUSY                                                            Handle        = 0x87C5102B
+	UTC_E_TRACE_MIN_DURATION_REQUIREMENT_NOT_MET                              Handle        = 0x87C5102C
+	UTC_E_EXCLUSIVITY_NOT_AVAILABLE                                           Handle        = 0x87C5102D
+	UTC_E_GETFILE_FILE_PATH_NOT_APPROVED                                      Handle        = 0x87C5102E
+	UTC_E_ESCALATION_DIRECTORY_ALREADY_EXISTS                                 Handle        = 0x87C5102F
+	UTC_E_TIME_TRIGGER_ON_START_INVALID                                       Handle        = 0x87C51030
+	UTC_E_TIME_TRIGGER_ONLY_VALID_ON_SINGLE_TRANSITION                        Handle        = 0x87C51031
+	UTC_E_TIME_TRIGGER_INVALID_TIME_RANGE                                     Handle        = 0x87C51032
+	UTC_E_MULTIPLE_TIME_TRIGGER_ON_SINGLE_STATE                               Handle        = 0x87C51033
+	UTC_E_BINARY_MISSING                                                      Handle        = 0x87C51034
+	UTC_E_NETWORK_CAPTURE_NOT_ALLOWED                                         Handle        = 0x87C51035
+	UTC_E_FAILED_TO_RESOLVE_CONTAINER_ID                                      Handle        = 0x87C51036
+	UTC_E_UNABLE_TO_RESOLVE_SESSION                                           Handle        = 0x87C51037
+	UTC_E_THROTTLED                                                           Handle        = 0x87C51038
+	UTC_E_UNAPPROVED_SCRIPT                                                   Handle        = 0x87C51039
+	UTC_E_SCRIPT_MISSING                                                      Handle        = 0x87C5103A
+	UTC_E_SCENARIO_THROTTLED                                                  Handle        = 0x87C5103B
+	UTC_E_API_NOT_SUPPORTED                                                   Handle        = 0x87C5103C
+	UTC_E_GETFILE_EXTERNAL_PATH_NOT_APPROVED                                  Handle        = 0x87C5103D
+	UTC_E_TRY_GET_SCENARIO_TIMEOUT_EXCEEDED                                   Handle        = 0x87C5103E
+	UTC_E_CERT_REV_FAILED                                                     Handle        = 0x87C5103F
+	UTC_E_FAILED_TO_START_NDISCAP                                             Handle        = 0x87C51040
+	UTC_E_KERNELDUMP_LIMIT_REACHED                                            Handle        = 0x87C51041
+	UTC_E_MISSING_AGGREGATE_EVENT_TAG                                         Handle        = 0x87C51042
+	UTC_E_INVALID_AGGREGATION_STRUCT                                          Handle        = 0x87C51043
+	UTC_E_ACTION_NOT_SUPPORTED_IN_DESTINATION                                 Handle        = 0x87C51044
+	UTC_E_FILTER_MISSING_ATTRIBUTE                                            Handle        = 0x87C51045
+	UTC_E_FILTER_INVALID_TYPE                                                 Handle        = 0x87C51046
+	UTC_E_FILTER_VARIABLE_NOT_FOUND                                           Handle        = 0x87C51047
+	UTC_E_FILTER_FUNCTION_RESTRICTED                                          Handle        = 0x87C51048
+	UTC_E_FILTER_VERSION_MISMATCH                                             Handle        = 0x87C51049
+	UTC_E_FILTER_INVALID_FUNCTION                                             Handle        = 0x87C51050
+	UTC_E_FILTER_INVALID_FUNCTION_PARAMS                                      Handle        = 0x87C51051
+	UTC_E_FILTER_INVALID_COMMAND                                              Handle        = 0x87C51052
+	UTC_E_FILTER_ILLEGAL_EVAL                                                 Handle        = 0x87C51053
+	UTC_E_TTTRACER_RETURNED_ERROR                                             Handle        = 0x87C51054
+	UTC_E_AGENT_DIAGNOSTICS_TOO_LARGE                                         Handle        = 0x87C51055
+	UTC_E_FAILED_TO_RECEIVE_AGENT_DIAGNOSTICS                                 Handle        = 0x87C51056
+	UTC_E_SCENARIO_HAS_NO_ACTIONS                                             Handle        = 0x87C51057
+	UTC_E_TTTRACER_STORAGE_FULL                                               Handle        = 0x87C51058
+	UTC_E_INSUFFICIENT_SPACE_TO_START_TRACE                                   Handle        = 0x87C51059
+	UTC_E_ESCALATION_CANCELLED_AT_SHUTDOWN                                    Handle        = 0x87C5105A
+	UTC_E_GETFILEINFOACTION_FILE_NOT_APPROVED                                 Handle        = 0x87C5105B
+	UTC_E_SETREGKEYACTION_TYPE_NOT_APPROVED                                   Handle        = 0x87C5105C
+	WINML_ERR_INVALID_DEVICE                                                  Handle        = 0x88900001
+	WINML_ERR_INVALID_BINDING                                                 Handle        = 0x88900002
+	WINML_ERR_VALUE_NOTFOUND                                                  Handle        = 0x88900003
+	WINML_ERR_SIZE_MISMATCH                                                   Handle        = 0x88900004
+	STATUS_WAIT_0                                                             NTStatus      = 0x00000000
+	STATUS_SUCCESS                                                            NTStatus      = 0x00000000
+	STATUS_WAIT_1                                                             NTStatus      = 0x00000001
+	STATUS_WAIT_2                                                             NTStatus      = 0x00000002
+	STATUS_WAIT_3                                                             NTStatus      = 0x00000003
+	STATUS_WAIT_63                                                            NTStatus      = 0x0000003F
+	STATUS_ABANDONED                                                          NTStatus      = 0x00000080
+	STATUS_ABANDONED_WAIT_0                                                   NTStatus      = 0x00000080
+	STATUS_ABANDONED_WAIT_63                                                  NTStatus      = 0x000000BF
+	STATUS_USER_APC                                                           NTStatus      = 0x000000C0
+	STATUS_ALREADY_COMPLETE                                                   NTStatus      = 0x000000FF
+	STATUS_KERNEL_APC                                                         NTStatus      = 0x00000100
+	STATUS_ALERTED                                                            NTStatus      = 0x00000101
+	STATUS_TIMEOUT                                                            NTStatus      = 0x00000102
+	STATUS_PENDING                                                            NTStatus      = 0x00000103
+	STATUS_REPARSE                                                            NTStatus      = 0x00000104
+	STATUS_MORE_ENTRIES                                                       NTStatus      = 0x00000105
+	STATUS_NOT_ALL_ASSIGNED                                                   NTStatus      = 0x00000106
+	STATUS_SOME_NOT_MAPPED                                                    NTStatus      = 0x00000107
+	STATUS_OPLOCK_BREAK_IN_PROGRESS                                           NTStatus      = 0x00000108
+	STATUS_VOLUME_MOUNTED                                                     NTStatus      = 0x00000109
+	STATUS_RXACT_COMMITTED                                                    NTStatus      = 0x0000010A
+	STATUS_NOTIFY_CLEANUP                                                     NTStatus      = 0x0000010B
+	STATUS_NOTIFY_ENUM_DIR                                                    NTStatus      = 0x0000010C
+	STATUS_NO_QUOTAS_FOR_ACCOUNT                                              NTStatus      = 0x0000010D
+	STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED                                   NTStatus      = 0x0000010E
+	STATUS_PAGE_FAULT_TRANSITION                                              NTStatus      = 0x00000110
+	STATUS_PAGE_FAULT_DEMAND_ZERO                                             NTStatus      = 0x00000111
+	STATUS_PAGE_FAULT_COPY_ON_WRITE                                           NTStatus      = 0x00000112
+	STATUS_PAGE_FAULT_GUARD_PAGE                                              NTStatus      = 0x00000113
+	STATUS_PAGE_FAULT_PAGING_FILE                                             NTStatus      = 0x00000114
+	STATUS_CACHE_PAGE_LOCKED                                                  NTStatus      = 0x00000115
+	STATUS_CRASH_DUMP                                                         NTStatus      = 0x00000116
+	STATUS_BUFFER_ALL_ZEROS                                                   NTStatus      = 0x00000117
+	STATUS_REPARSE_OBJECT                                                     NTStatus      = 0x00000118
+	STATUS_RESOURCE_REQUIREMENTS_CHANGED                                      NTStatus      = 0x00000119
+	STATUS_TRANSLATION_COMPLETE                                               NTStatus      = 0x00000120
+	STATUS_DS_MEMBERSHIP_EVALUATED_LOCALLY                                    NTStatus      = 0x00000121
+	STATUS_NOTHING_TO_TERMINATE                                               NTStatus      = 0x00000122
+	STATUS_PROCESS_NOT_IN_JOB                                                 NTStatus      = 0x00000123
+	STATUS_PROCESS_IN_JOB                                                     NTStatus      = 0x00000124
+	STATUS_VOLSNAP_HIBERNATE_READY                                            NTStatus      = 0x00000125
+	STATUS_FSFILTER_OP_COMPLETED_SUCCESSFULLY                                 NTStatus      = 0x00000126
+	STATUS_INTERRUPT_VECTOR_ALREADY_CONNECTED                                 NTStatus      = 0x00000127
+	STATUS_INTERRUPT_STILL_CONNECTED                                          NTStatus      = 0x00000128
+	STATUS_PROCESS_CLONED                                                     NTStatus      = 0x00000129
+	STATUS_FILE_LOCKED_WITH_ONLY_READERS                                      NTStatus      = 0x0000012A
+	STATUS_FILE_LOCKED_WITH_WRITERS                                           NTStatus      = 0x0000012B
+	STATUS_VALID_IMAGE_HASH                                                   NTStatus      = 0x0000012C
+	STATUS_VALID_CATALOG_HASH                                                 NTStatus      = 0x0000012D
+	STATUS_VALID_STRONG_CODE_HASH                                             NTStatus      = 0x0000012E
+	STATUS_GHOSTED                                                            NTStatus      = 0x0000012F
+	STATUS_DATA_OVERWRITTEN                                                   NTStatus      = 0x00000130
+	STATUS_RESOURCEMANAGER_READ_ONLY                                          NTStatus      = 0x00000202
+	STATUS_RING_PREVIOUSLY_EMPTY                                              NTStatus      = 0x00000210
+	STATUS_RING_PREVIOUSLY_FULL                                               NTStatus      = 0x00000211
+	STATUS_RING_PREVIOUSLY_ABOVE_QUOTA                                        NTStatus      = 0x00000212
+	STATUS_RING_NEWLY_EMPTY                                                   NTStatus      = 0x00000213
+	STATUS_RING_SIGNAL_OPPOSITE_ENDPOINT                                      NTStatus      = 0x00000214
+	STATUS_OPLOCK_SWITCHED_TO_NEW_HANDLE                                      NTStatus      = 0x00000215
+	STATUS_OPLOCK_HANDLE_CLOSED                                               NTStatus      = 0x00000216
+	STATUS_WAIT_FOR_OPLOCK                                                    NTStatus      = 0x00000367
+	STATUS_REPARSE_GLOBAL                                                     NTStatus      = 0x00000368
+	STATUS_FLT_IO_COMPLETE                                                    NTStatus      = 0x001C0001
+	STATUS_OBJECT_NAME_EXISTS                                                 NTStatus      = 0x40000000
+	STATUS_THREAD_WAS_SUSPENDED                                               NTStatus      = 0x40000001
+	STATUS_WORKING_SET_LIMIT_RANGE                                            NTStatus      = 0x40000002
+	STATUS_IMAGE_NOT_AT_BASE                                                  NTStatus      = 0x40000003
+	STATUS_RXACT_STATE_CREATED                                                NTStatus      = 0x40000004
+	STATUS_SEGMENT_NOTIFICATION                                               NTStatus      = 0x40000005
+	STATUS_LOCAL_USER_SESSION_KEY                                             NTStatus      = 0x40000006
+	STATUS_BAD_CURRENT_DIRECTORY                                              NTStatus      = 0x40000007
+	STATUS_SERIAL_MORE_WRITES                                                 NTStatus      = 0x40000008
+	STATUS_REGISTRY_RECOVERED                                                 NTStatus      = 0x40000009
+	STATUS_FT_READ_RECOVERY_FROM_BACKUP                                       NTStatus      = 0x4000000A
+	STATUS_FT_WRITE_RECOVERY                                                  NTStatus      = 0x4000000B
+	STATUS_SERIAL_COUNTER_TIMEOUT                                             NTStatus      = 0x4000000C
+	STATUS_NULL_LM_PASSWORD                                                   NTStatus      = 0x4000000D
+	STATUS_IMAGE_MACHINE_TYPE_MISMATCH                                        NTStatus      = 0x4000000E
+	STATUS_RECEIVE_PARTIAL                                                    NTStatus      = 0x4000000F
+	STATUS_RECEIVE_EXPEDITED                                                  NTStatus      = 0x40000010
+	STATUS_RECEIVE_PARTIAL_EXPEDITED                                          NTStatus      = 0x40000011
+	STATUS_EVENT_DONE                                                         NTStatus      = 0x40000012
+	STATUS_EVENT_PENDING                                                      NTStatus      = 0x40000013
+	STATUS_CHECKING_FILE_SYSTEM                                               NTStatus      = 0x40000014
+	STATUS_FATAL_APP_EXIT                                                     NTStatus      = 0x40000015
+	STATUS_PREDEFINED_HANDLE                                                  NTStatus      = 0x40000016
+	STATUS_WAS_UNLOCKED                                                       NTStatus      = 0x40000017
+	STATUS_SERVICE_NOTIFICATION                                               NTStatus      = 0x40000018
+	STATUS_WAS_LOCKED                                                         NTStatus      = 0x40000019
+	STATUS_LOG_HARD_ERROR                                                     NTStatus      = 0x4000001A
+	STATUS_ALREADY_WIN32                                                      NTStatus      = 0x4000001B
+	STATUS_WX86_UNSIMULATE                                                    NTStatus      = 0x4000001C
+	STATUS_WX86_CONTINUE                                                      NTStatus      = 0x4000001D
+	STATUS_WX86_SINGLE_STEP                                                   NTStatus      = 0x4000001E
+	STATUS_WX86_BREAKPOINT                                                    NTStatus      = 0x4000001F
+	STATUS_WX86_EXCEPTION_CONTINUE                                            NTStatus      = 0x40000020
+	STATUS_WX86_EXCEPTION_LASTCHANCE                                          NTStatus      = 0x40000021
+	STATUS_WX86_EXCEPTION_CHAIN                                               NTStatus      = 0x40000022
+	STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE                                    NTStatus      = 0x40000023
+	STATUS_NO_YIELD_PERFORMED                                                 NTStatus      = 0x40000024
+	STATUS_TIMER_RESUME_IGNORED                                               NTStatus      = 0x40000025
+	STATUS_ARBITRATION_UNHANDLED                                              NTStatus      = 0x40000026
+	STATUS_CARDBUS_NOT_SUPPORTED                                              NTStatus      = 0x40000027
+	STATUS_WX86_CREATEWX86TIB                                                 NTStatus      = 0x40000028
+	STATUS_MP_PROCESSOR_MISMATCH                                              NTStatus      = 0x40000029
+	STATUS_HIBERNATED                                                         NTStatus      = 0x4000002A
+	STATUS_RESUME_HIBERNATION                                                 NTStatus      = 0x4000002B
+	STATUS_FIRMWARE_UPDATED                                                   NTStatus      = 0x4000002C
+	STATUS_DRIVERS_LEAKING_LOCKED_PAGES                                       NTStatus      = 0x4000002D
+	STATUS_MESSAGE_RETRIEVED                                                  NTStatus      = 0x4000002E
+	STATUS_SYSTEM_POWERSTATE_TRANSITION                                       NTStatus      = 0x4000002F
+	STATUS_ALPC_CHECK_COMPLETION_LIST                                         NTStatus      = 0x40000030
+	STATUS_SYSTEM_POWERSTATE_COMPLEX_TRANSITION                               NTStatus      = 0x40000031
+	STATUS_ACCESS_AUDIT_BY_POLICY                                             NTStatus      = 0x40000032
+	STATUS_ABANDON_HIBERFILE                                                  NTStatus      = 0x40000033
+	STATUS_BIZRULES_NOT_ENABLED                                               NTStatus      = 0x40000034
+	STATUS_FT_READ_FROM_COPY                                                  NTStatus      = 0x40000035
+	STATUS_IMAGE_AT_DIFFERENT_BASE                                            NTStatus      = 0x40000036
+	STATUS_PATCH_DEFERRED                                                     NTStatus      = 0x40000037
+	STATUS_HEURISTIC_DAMAGE_POSSIBLE                                          NTStatus      = 0x40190001
+	STATUS_GUARD_PAGE_VIOLATION                                               NTStatus      = 0x80000001
+	STATUS_DATATYPE_MISALIGNMENT                                              NTStatus      = 0x80000002
+	STATUS_BREAKPOINT                                                         NTStatus      = 0x80000003
+	STATUS_SINGLE_STEP                                                        NTStatus      = 0x80000004
+	STATUS_BUFFER_OVERFLOW                                                    NTStatus      = 0x80000005
+	STATUS_NO_MORE_FILES                                                      NTStatus      = 0x80000006
+	STATUS_WAKE_SYSTEM_DEBUGGER                                               NTStatus      = 0x80000007
+	STATUS_HANDLES_CLOSED                                                     NTStatus      = 0x8000000A
+	STATUS_NO_INHERITANCE                                                     NTStatus      = 0x8000000B
+	STATUS_GUID_SUBSTITUTION_MADE                                             NTStatus      = 0x8000000C
+	STATUS_PARTIAL_COPY                                                       NTStatus      = 0x8000000D
+	STATUS_DEVICE_PAPER_EMPTY                                                 NTStatus      = 0x8000000E
+	STATUS_DEVICE_POWERED_OFF                                                 NTStatus      = 0x8000000F
+	STATUS_DEVICE_OFF_LINE                                                    NTStatus      = 0x80000010
+	STATUS_DEVICE_BUSY                                                        NTStatus      = 0x80000011
+	STATUS_NO_MORE_EAS                                                        NTStatus      = 0x80000012
+	STATUS_INVALID_EA_NAME                                                    NTStatus      = 0x80000013
+	STATUS_EA_LIST_INCONSISTENT                                               NTStatus      = 0x80000014
+	STATUS_INVALID_EA_FLAG                                                    NTStatus      = 0x80000015
+	STATUS_VERIFY_REQUIRED                                                    NTStatus      = 0x80000016
+	STATUS_EXTRANEOUS_INFORMATION                                             NTStatus      = 0x80000017
+	STATUS_RXACT_COMMIT_NECESSARY                                             NTStatus      = 0x80000018
+	STATUS_NO_MORE_ENTRIES                                                    NTStatus      = 0x8000001A
+	STATUS_FILEMARK_DETECTED                                                  NTStatus      = 0x8000001B
+	STATUS_MEDIA_CHANGED                                                      NTStatus      = 0x8000001C
+	STATUS_BUS_RESET                                                          NTStatus      = 0x8000001D
+	STATUS_END_OF_MEDIA                                                       NTStatus      = 0x8000001E
+	STATUS_BEGINNING_OF_MEDIA                                                 NTStatus      = 0x8000001F
+	STATUS_MEDIA_CHECK                                                        NTStatus      = 0x80000020
+	STATUS_SETMARK_DETECTED                                                   NTStatus      = 0x80000021
+	STATUS_NO_DATA_DETECTED                                                   NTStatus      = 0x80000022
+	STATUS_REDIRECTOR_HAS_OPEN_HANDLES                                        NTStatus      = 0x80000023
+	STATUS_SERVER_HAS_OPEN_HANDLES                                            NTStatus      = 0x80000024
+	STATUS_ALREADY_DISCONNECTED                                               NTStatus      = 0x80000025
+	STATUS_LONGJUMP                                                           NTStatus      = 0x80000026
+	STATUS_CLEANER_CARTRIDGE_INSTALLED                                        NTStatus      = 0x80000027
+	STATUS_PLUGPLAY_QUERY_VETOED                                              NTStatus      = 0x80000028
+	STATUS_UNWIND_CONSOLIDATE                                                 NTStatus      = 0x80000029
+	STATUS_REGISTRY_HIVE_RECOVERED                                            NTStatus      = 0x8000002A
+	STATUS_DLL_MIGHT_BE_INSECURE                                              NTStatus      = 0x8000002B
+	STATUS_DLL_MIGHT_BE_INCOMPATIBLE                                          NTStatus      = 0x8000002C
+	STATUS_STOPPED_ON_SYMLINK                                                 NTStatus      = 0x8000002D
+	STATUS_CANNOT_GRANT_REQUESTED_OPLOCK                                      NTStatus      = 0x8000002E
+	STATUS_NO_ACE_CONDITION                                                   NTStatus      = 0x8000002F
+	STATUS_DEVICE_SUPPORT_IN_PROGRESS                                         NTStatus      = 0x80000030
+	STATUS_DEVICE_POWER_CYCLE_REQUIRED                                        NTStatus      = 0x80000031
+	STATUS_NO_WORK_DONE                                                       NTStatus      = 0x80000032
+	STATUS_CLUSTER_NODE_ALREADY_UP                                            NTStatus      = 0x80130001
+	STATUS_CLUSTER_NODE_ALREADY_DOWN                                          NTStatus      = 0x80130002
+	STATUS_CLUSTER_NETWORK_ALREADY_ONLINE                                     NTStatus      = 0x80130003
+	STATUS_CLUSTER_NETWORK_ALREADY_OFFLINE                                    NTStatus      = 0x80130004
+	STATUS_CLUSTER_NODE_ALREADY_MEMBER                                        NTStatus      = 0x80130005
+	STATUS_FLT_BUFFER_TOO_SMALL                                               NTStatus      = 0x801C0001
+	STATUS_FVE_PARTIAL_METADATA                                               NTStatus      = 0x80210001
+	STATUS_FVE_TRANSIENT_STATE                                                NTStatus      = 0x80210002
+	STATUS_CLOUD_FILE_PROPERTY_BLOB_CHECKSUM_MISMATCH                         NTStatus      = 0x8000CF00
+	STATUS_UNSUCCESSFUL                                                       NTStatus      = 0xC0000001
+	STATUS_NOT_IMPLEMENTED                                                    NTStatus      = 0xC0000002
+	STATUS_INVALID_INFO_CLASS                                                 NTStatus      = 0xC0000003
+	STATUS_INFO_LENGTH_MISMATCH                                               NTStatus      = 0xC0000004
+	STATUS_ACCESS_VIOLATION                                                   NTStatus      = 0xC0000005
+	STATUS_IN_PAGE_ERROR                                                      NTStatus      = 0xC0000006
+	STATUS_PAGEFILE_QUOTA                                                     NTStatus      = 0xC0000007
+	STATUS_INVALID_HANDLE                                                     NTStatus      = 0xC0000008
+	STATUS_BAD_INITIAL_STACK                                                  NTStatus      = 0xC0000009
+	STATUS_BAD_INITIAL_PC                                                     NTStatus      = 0xC000000A
+	STATUS_INVALID_CID                                                        NTStatus      = 0xC000000B
+	STATUS_TIMER_NOT_CANCELED                                                 NTStatus      = 0xC000000C
+	STATUS_INVALID_PARAMETER                                                  NTStatus      = 0xC000000D
+	STATUS_NO_SUCH_DEVICE                                                     NTStatus      = 0xC000000E
+	STATUS_NO_SUCH_FILE                                                       NTStatus      = 0xC000000F
+	STATUS_INVALID_DEVICE_REQUEST                                             NTStatus      = 0xC0000010
+	STATUS_END_OF_FILE                                                        NTStatus      = 0xC0000011
+	STATUS_WRONG_VOLUME                                                       NTStatus      = 0xC0000012
+	STATUS_NO_MEDIA_IN_DEVICE                                                 NTStatus      = 0xC0000013
+	STATUS_UNRECOGNIZED_MEDIA                                                 NTStatus      = 0xC0000014
+	STATUS_NONEXISTENT_SECTOR                                                 NTStatus      = 0xC0000015
+	STATUS_MORE_PROCESSING_REQUIRED                                           NTStatus      = 0xC0000016
+	STATUS_NO_MEMORY                                                          NTStatus      = 0xC0000017
+	STATUS_CONFLICTING_ADDRESSES                                              NTStatus      = 0xC0000018
+	STATUS_NOT_MAPPED_VIEW                                                    NTStatus      = 0xC0000019
+	STATUS_UNABLE_TO_FREE_VM                                                  NTStatus      = 0xC000001A
+	STATUS_UNABLE_TO_DELETE_SECTION                                           NTStatus      = 0xC000001B
+	STATUS_INVALID_SYSTEM_SERVICE                                             NTStatus      = 0xC000001C
+	STATUS_ILLEGAL_INSTRUCTION                                                NTStatus      = 0xC000001D
+	STATUS_INVALID_LOCK_SEQUENCE                                              NTStatus      = 0xC000001E
+	STATUS_INVALID_VIEW_SIZE                                                  NTStatus      = 0xC000001F
+	STATUS_INVALID_FILE_FOR_SECTION                                           NTStatus      = 0xC0000020
+	STATUS_ALREADY_COMMITTED                                                  NTStatus      = 0xC0000021
+	STATUS_ACCESS_DENIED                                                      NTStatus      = 0xC0000022
+	STATUS_BUFFER_TOO_SMALL                                                   NTStatus      = 0xC0000023
+	STATUS_OBJECT_TYPE_MISMATCH                                               NTStatus      = 0xC0000024
+	STATUS_NONCONTINUABLE_EXCEPTION                                           NTStatus      = 0xC0000025
+	STATUS_INVALID_DISPOSITION                                                NTStatus      = 0xC0000026
+	STATUS_UNWIND                                                             NTStatus      = 0xC0000027
+	STATUS_BAD_STACK                                                          NTStatus      = 0xC0000028
+	STATUS_INVALID_UNWIND_TARGET                                              NTStatus      = 0xC0000029
+	STATUS_NOT_LOCKED                                                         NTStatus      = 0xC000002A
+	STATUS_PARITY_ERROR                                                       NTStatus      = 0xC000002B
+	STATUS_UNABLE_TO_DECOMMIT_VM                                              NTStatus      = 0xC000002C
+	STATUS_NOT_COMMITTED                                                      NTStatus      = 0xC000002D
+	STATUS_INVALID_PORT_ATTRIBUTES                                            NTStatus      = 0xC000002E
+	STATUS_PORT_MESSAGE_TOO_LONG                                              NTStatus      = 0xC000002F
+	STATUS_INVALID_PARAMETER_MIX                                              NTStatus      = 0xC0000030
+	STATUS_INVALID_QUOTA_LOWER                                                NTStatus      = 0xC0000031
+	STATUS_DISK_CORRUPT_ERROR                                                 NTStatus      = 0xC0000032
+	STATUS_OBJECT_NAME_INVALID                                                NTStatus      = 0xC0000033
+	STATUS_OBJECT_NAME_NOT_FOUND                                              NTStatus      = 0xC0000034
+	STATUS_OBJECT_NAME_COLLISION                                              NTStatus      = 0xC0000035
+	STATUS_PORT_DO_NOT_DISTURB                                                NTStatus      = 0xC0000036
+	STATUS_PORT_DISCONNECTED                                                  NTStatus      = 0xC0000037
+	STATUS_DEVICE_ALREADY_ATTACHED                                            NTStatus      = 0xC0000038
+	STATUS_OBJECT_PATH_INVALID                                                NTStatus      = 0xC0000039
+	STATUS_OBJECT_PATH_NOT_FOUND                                              NTStatus      = 0xC000003A
+	STATUS_OBJECT_PATH_SYNTAX_BAD                                             NTStatus      = 0xC000003B
+	STATUS_DATA_OVERRUN                                                       NTStatus      = 0xC000003C
+	STATUS_DATA_LATE_ERROR                                                    NTStatus      = 0xC000003D
+	STATUS_DATA_ERROR                                                         NTStatus      = 0xC000003E
+	STATUS_CRC_ERROR                                                          NTStatus      = 0xC000003F
+	STATUS_SECTION_TOO_BIG                                                    NTStatus      = 0xC0000040
+	STATUS_PORT_CONNECTION_REFUSED                                            NTStatus      = 0xC0000041
+	STATUS_INVALID_PORT_HANDLE                                                NTStatus      = 0xC0000042
+	STATUS_SHARING_VIOLATION                                                  NTStatus      = 0xC0000043
+	STATUS_QUOTA_EXCEEDED                                                     NTStatus      = 0xC0000044
+	STATUS_INVALID_PAGE_PROTECTION                                            NTStatus      = 0xC0000045
+	STATUS_MUTANT_NOT_OWNED                                                   NTStatus      = 0xC0000046
+	STATUS_SEMAPHORE_LIMIT_EXCEEDED                                           NTStatus      = 0xC0000047
+	STATUS_PORT_ALREADY_SET                                                   NTStatus      = 0xC0000048
+	STATUS_SECTION_NOT_IMAGE                                                  NTStatus      = 0xC0000049
+	STATUS_SUSPEND_COUNT_EXCEEDED                                             NTStatus      = 0xC000004A
+	STATUS_THREAD_IS_TERMINATING                                              NTStatus      = 0xC000004B
+	STATUS_BAD_WORKING_SET_LIMIT                                              NTStatus      = 0xC000004C
+	STATUS_INCOMPATIBLE_FILE_MAP                                              NTStatus      = 0xC000004D
+	STATUS_SECTION_PROTECTION                                                 NTStatus      = 0xC000004E
+	STATUS_EAS_NOT_SUPPORTED                                                  NTStatus      = 0xC000004F
+	STATUS_EA_TOO_LARGE                                                       NTStatus      = 0xC0000050
+	STATUS_NONEXISTENT_EA_ENTRY                                               NTStatus      = 0xC0000051
+	STATUS_NO_EAS_ON_FILE                                                     NTStatus      = 0xC0000052
+	STATUS_EA_CORRUPT_ERROR                                                   NTStatus      = 0xC0000053
+	STATUS_FILE_LOCK_CONFLICT                                                 NTStatus      = 0xC0000054
+	STATUS_LOCK_NOT_GRANTED                                                   NTStatus      = 0xC0000055
+	STATUS_DELETE_PENDING                                                     NTStatus      = 0xC0000056
+	STATUS_CTL_FILE_NOT_SUPPORTED                                             NTStatus      = 0xC0000057
+	STATUS_UNKNOWN_REVISION                                                   NTStatus      = 0xC0000058
+	STATUS_REVISION_MISMATCH                                                  NTStatus      = 0xC0000059
+	STATUS_INVALID_OWNER                                                      NTStatus      = 0xC000005A
+	STATUS_INVALID_PRIMARY_GROUP                                              NTStatus      = 0xC000005B
+	STATUS_NO_IMPERSONATION_TOKEN                                             NTStatus      = 0xC000005C
+	STATUS_CANT_DISABLE_MANDATORY                                             NTStatus      = 0xC000005D
+	STATUS_NO_LOGON_SERVERS                                                   NTStatus      = 0xC000005E
+	STATUS_NO_SUCH_LOGON_SESSION                                              NTStatus      = 0xC000005F
+	STATUS_NO_SUCH_PRIVILEGE                                                  NTStatus      = 0xC0000060
+	STATUS_PRIVILEGE_NOT_HELD                                                 NTStatus      = 0xC0000061
+	STATUS_INVALID_ACCOUNT_NAME                                               NTStatus      = 0xC0000062
+	STATUS_USER_EXISTS                                                        NTStatus      = 0xC0000063
+	STATUS_NO_SUCH_USER                                                       NTStatus      = 0xC0000064
+	STATUS_GROUP_EXISTS                                                       NTStatus      = 0xC0000065
+	STATUS_NO_SUCH_GROUP                                                      NTStatus      = 0xC0000066
+	STATUS_MEMBER_IN_GROUP                                                    NTStatus      = 0xC0000067
+	STATUS_MEMBER_NOT_IN_GROUP                                                NTStatus      = 0xC0000068
+	STATUS_LAST_ADMIN                                                         NTStatus      = 0xC0000069
+	STATUS_WRONG_PASSWORD                                                     NTStatus      = 0xC000006A
+	STATUS_ILL_FORMED_PASSWORD                                                NTStatus      = 0xC000006B
+	STATUS_PASSWORD_RESTRICTION                                               NTStatus      = 0xC000006C
+	STATUS_LOGON_FAILURE                                                      NTStatus      = 0xC000006D
+	STATUS_ACCOUNT_RESTRICTION                                                NTStatus      = 0xC000006E
+	STATUS_INVALID_LOGON_HOURS                                                NTStatus      = 0xC000006F
+	STATUS_INVALID_WORKSTATION                                                NTStatus      = 0xC0000070
+	STATUS_PASSWORD_EXPIRED                                                   NTStatus      = 0xC0000071
+	STATUS_ACCOUNT_DISABLED                                                   NTStatus      = 0xC0000072
+	STATUS_NONE_MAPPED                                                        NTStatus      = 0xC0000073
+	STATUS_TOO_MANY_LUIDS_REQUESTED                                           NTStatus      = 0xC0000074
+	STATUS_LUIDS_EXHAUSTED                                                    NTStatus      = 0xC0000075
+	STATUS_INVALID_SUB_AUTHORITY                                              NTStatus      = 0xC0000076
+	STATUS_INVALID_ACL                                                        NTStatus      = 0xC0000077
+	STATUS_INVALID_SID                                                        NTStatus      = 0xC0000078
+	STATUS_INVALID_SECURITY_DESCR                                             NTStatus      = 0xC0000079
+	STATUS_PROCEDURE_NOT_FOUND                                                NTStatus      = 0xC000007A
+	STATUS_INVALID_IMAGE_FORMAT                                               NTStatus      = 0xC000007B
+	STATUS_NO_TOKEN                                                           NTStatus      = 0xC000007C
+	STATUS_BAD_INHERITANCE_ACL                                                NTStatus      = 0xC000007D
+	STATUS_RANGE_NOT_LOCKED                                                   NTStatus      = 0xC000007E
+	STATUS_DISK_FULL                                                          NTStatus      = 0xC000007F
+	STATUS_SERVER_DISABLED                                                    NTStatus      = 0xC0000080
+	STATUS_SERVER_NOT_DISABLED                                                NTStatus      = 0xC0000081
+	STATUS_TOO_MANY_GUIDS_REQUESTED                                           NTStatus      = 0xC0000082
+	STATUS_GUIDS_EXHAUSTED                                                    NTStatus      = 0xC0000083
+	STATUS_INVALID_ID_AUTHORITY                                               NTStatus      = 0xC0000084
+	STATUS_AGENTS_EXHAUSTED                                                   NTStatus      = 0xC0000085
+	STATUS_INVALID_VOLUME_LABEL                                               NTStatus      = 0xC0000086
+	STATUS_SECTION_NOT_EXTENDED                                               NTStatus      = 0xC0000087
+	STATUS_NOT_MAPPED_DATA                                                    NTStatus      = 0xC0000088
+	STATUS_RESOURCE_DATA_NOT_FOUND                                            NTStatus      = 0xC0000089
+	STATUS_RESOURCE_TYPE_NOT_FOUND                                            NTStatus      = 0xC000008A
+	STATUS_RESOURCE_NAME_NOT_FOUND                                            NTStatus      = 0xC000008B
+	STATUS_ARRAY_BOUNDS_EXCEEDED                                              NTStatus      = 0xC000008C
+	STATUS_FLOAT_DENORMAL_OPERAND                                             NTStatus      = 0xC000008D
+	STATUS_FLOAT_DIVIDE_BY_ZERO                                               NTStatus      = 0xC000008E
+	STATUS_FLOAT_INEXACT_RESULT                                               NTStatus      = 0xC000008F
+	STATUS_FLOAT_INVALID_OPERATION                                            NTStatus      = 0xC0000090
+	STATUS_FLOAT_OVERFLOW                                                     NTStatus      = 0xC0000091
+	STATUS_FLOAT_STACK_CHECK                                                  NTStatus      = 0xC0000092
+	STATUS_FLOAT_UNDERFLOW                                                    NTStatus      = 0xC0000093
+	STATUS_INTEGER_DIVIDE_BY_ZERO                                             NTStatus      = 0xC0000094
+	STATUS_INTEGER_OVERFLOW                                                   NTStatus      = 0xC0000095
+	STATUS_PRIVILEGED_INSTRUCTION                                             NTStatus      = 0xC0000096
+	STATUS_TOO_MANY_PAGING_FILES                                              NTStatus      = 0xC0000097
+	STATUS_FILE_INVALID                                                       NTStatus      = 0xC0000098
+	STATUS_ALLOTTED_SPACE_EXCEEDED                                            NTStatus      = 0xC0000099
+	STATUS_INSUFFICIENT_RESOURCES                                             NTStatus      = 0xC000009A
+	STATUS_DFS_EXIT_PATH_FOUND                                                NTStatus      = 0xC000009B
+	STATUS_DEVICE_DATA_ERROR                                                  NTStatus      = 0xC000009C
+	STATUS_DEVICE_NOT_CONNECTED                                               NTStatus      = 0xC000009D
+	STATUS_DEVICE_POWER_FAILURE                                               NTStatus      = 0xC000009E
+	STATUS_FREE_VM_NOT_AT_BASE                                                NTStatus      = 0xC000009F
+	STATUS_MEMORY_NOT_ALLOCATED                                               NTStatus      = 0xC00000A0
+	STATUS_WORKING_SET_QUOTA                                                  NTStatus      = 0xC00000A1
+	STATUS_MEDIA_WRITE_PROTECTED                                              NTStatus      = 0xC00000A2
+	STATUS_DEVICE_NOT_READY                                                   NTStatus      = 0xC00000A3
+	STATUS_INVALID_GROUP_ATTRIBUTES                                           NTStatus      = 0xC00000A4
+	STATUS_BAD_IMPERSONATION_LEVEL                                            NTStatus      = 0xC00000A5
+	STATUS_CANT_OPEN_ANONYMOUS                                                NTStatus      = 0xC00000A6
+	STATUS_BAD_VALIDATION_CLASS                                               NTStatus      = 0xC00000A7
+	STATUS_BAD_TOKEN_TYPE                                                     NTStatus      = 0xC00000A8
+	STATUS_BAD_MASTER_BOOT_RECORD                                             NTStatus      = 0xC00000A9
+	STATUS_INSTRUCTION_MISALIGNMENT                                           NTStatus      = 0xC00000AA
+	STATUS_INSTANCE_NOT_AVAILABLE                                             NTStatus      = 0xC00000AB
+	STATUS_PIPE_NOT_AVAILABLE                                                 NTStatus      = 0xC00000AC
+	STATUS_INVALID_PIPE_STATE                                                 NTStatus      = 0xC00000AD
+	STATUS_PIPE_BUSY                                                          NTStatus      = 0xC00000AE
+	STATUS_ILLEGAL_FUNCTION                                                   NTStatus      = 0xC00000AF
+	STATUS_PIPE_DISCONNECTED                                                  NTStatus      = 0xC00000B0
+	STATUS_PIPE_CLOSING                                                       NTStatus      = 0xC00000B1
+	STATUS_PIPE_CONNECTED                                                     NTStatus      = 0xC00000B2
+	STATUS_PIPE_LISTENING                                                     NTStatus      = 0xC00000B3
+	STATUS_INVALID_READ_MODE                                                  NTStatus      = 0xC00000B4
+	STATUS_IO_TIMEOUT                                                         NTStatus      = 0xC00000B5
+	STATUS_FILE_FORCED_CLOSED                                                 NTStatus      = 0xC00000B6
+	STATUS_PROFILING_NOT_STARTED                                              NTStatus      = 0xC00000B7
+	STATUS_PROFILING_NOT_STOPPED                                              NTStatus      = 0xC00000B8
+	STATUS_COULD_NOT_INTERPRET                                                NTStatus      = 0xC00000B9
+	STATUS_FILE_IS_A_DIRECTORY                                                NTStatus      = 0xC00000BA
+	STATUS_NOT_SUPPORTED                                                      NTStatus      = 0xC00000BB
+	STATUS_REMOTE_NOT_LISTENING                                               NTStatus      = 0xC00000BC
+	STATUS_DUPLICATE_NAME                                                     NTStatus      = 0xC00000BD
+	STATUS_BAD_NETWORK_PATH                                                   NTStatus      = 0xC00000BE
+	STATUS_NETWORK_BUSY                                                       NTStatus      = 0xC00000BF
+	STATUS_DEVICE_DOES_NOT_EXIST                                              NTStatus      = 0xC00000C0
+	STATUS_TOO_MANY_COMMANDS                                                  NTStatus      = 0xC00000C1
+	STATUS_ADAPTER_HARDWARE_ERROR                                             NTStatus      = 0xC00000C2
+	STATUS_INVALID_NETWORK_RESPONSE                                           NTStatus      = 0xC00000C3
+	STATUS_UNEXPECTED_NETWORK_ERROR                                           NTStatus      = 0xC00000C4
+	STATUS_BAD_REMOTE_ADAPTER                                                 NTStatus      = 0xC00000C5
+	STATUS_PRINT_QUEUE_FULL                                                   NTStatus      = 0xC00000C6
+	STATUS_NO_SPOOL_SPACE                                                     NTStatus      = 0xC00000C7
+	STATUS_PRINT_CANCELLED                                                    NTStatus      = 0xC00000C8
+	STATUS_NETWORK_NAME_DELETED                                               NTStatus      = 0xC00000C9
+	STATUS_NETWORK_ACCESS_DENIED                                              NTStatus      = 0xC00000CA
+	STATUS_BAD_DEVICE_TYPE                                                    NTStatus      = 0xC00000CB
+	STATUS_BAD_NETWORK_NAME                                                   NTStatus      = 0xC00000CC
+	STATUS_TOO_MANY_NAMES                                                     NTStatus      = 0xC00000CD
+	STATUS_TOO_MANY_SESSIONS                                                  NTStatus      = 0xC00000CE
+	STATUS_SHARING_PAUSED                                                     NTStatus      = 0xC00000CF
+	STATUS_REQUEST_NOT_ACCEPTED                                               NTStatus      = 0xC00000D0
+	STATUS_REDIRECTOR_PAUSED                                                  NTStatus      = 0xC00000D1
+	STATUS_NET_WRITE_FAULT                                                    NTStatus      = 0xC00000D2
+	STATUS_PROFILING_AT_LIMIT                                                 NTStatus      = 0xC00000D3
+	STATUS_NOT_SAME_DEVICE                                                    NTStatus      = 0xC00000D4
+	STATUS_FILE_RENAMED                                                       NTStatus      = 0xC00000D5
+	STATUS_VIRTUAL_CIRCUIT_CLOSED                                             NTStatus      = 0xC00000D6
+	STATUS_NO_SECURITY_ON_OBJECT                                              NTStatus      = 0xC00000D7
+	STATUS_CANT_WAIT                                                          NTStatus      = 0xC00000D8
+	STATUS_PIPE_EMPTY                                                         NTStatus      = 0xC00000D9
+	STATUS_CANT_ACCESS_DOMAIN_INFO                                            NTStatus      = 0xC00000DA
+	STATUS_CANT_TERMINATE_SELF                                                NTStatus      = 0xC00000DB
+	STATUS_INVALID_SERVER_STATE                                               NTStatus      = 0xC00000DC
+	STATUS_INVALID_DOMAIN_STATE                                               NTStatus      = 0xC00000DD
+	STATUS_INVALID_DOMAIN_ROLE                                                NTStatus      = 0xC00000DE
+	STATUS_NO_SUCH_DOMAIN                                                     NTStatus      = 0xC00000DF
+	STATUS_DOMAIN_EXISTS                                                      NTStatus      = 0xC00000E0
+	STATUS_DOMAIN_LIMIT_EXCEEDED                                              NTStatus      = 0xC00000E1
+	STATUS_OPLOCK_NOT_GRANTED                                                 NTStatus      = 0xC00000E2
+	STATUS_INVALID_OPLOCK_PROTOCOL                                            NTStatus      = 0xC00000E3
+	STATUS_INTERNAL_DB_CORRUPTION                                             NTStatus      = 0xC00000E4
+	STATUS_INTERNAL_ERROR                                                     NTStatus      = 0xC00000E5
+	STATUS_GENERIC_NOT_MAPPED                                                 NTStatus      = 0xC00000E6
+	STATUS_BAD_DESCRIPTOR_FORMAT                                              NTStatus      = 0xC00000E7
+	STATUS_INVALID_USER_BUFFER                                                NTStatus      = 0xC00000E8
+	STATUS_UNEXPECTED_IO_ERROR                                                NTStatus      = 0xC00000E9
+	STATUS_UNEXPECTED_MM_CREATE_ERR                                           NTStatus      = 0xC00000EA
+	STATUS_UNEXPECTED_MM_MAP_ERROR                                            NTStatus      = 0xC00000EB
+	STATUS_UNEXPECTED_MM_EXTEND_ERR                                           NTStatus      = 0xC00000EC
+	STATUS_NOT_LOGON_PROCESS                                                  NTStatus      = 0xC00000ED
+	STATUS_LOGON_SESSION_EXISTS                                               NTStatus      = 0xC00000EE
+	STATUS_INVALID_PARAMETER_1                                                NTStatus      = 0xC00000EF
+	STATUS_INVALID_PARAMETER_2                                                NTStatus      = 0xC00000F0
+	STATUS_INVALID_PARAMETER_3                                                NTStatus      = 0xC00000F1
+	STATUS_INVALID_PARAMETER_4                                                NTStatus      = 0xC00000F2
+	STATUS_INVALID_PARAMETER_5                                                NTStatus      = 0xC00000F3
+	STATUS_INVALID_PARAMETER_6                                                NTStatus      = 0xC00000F4
+	STATUS_INVALID_PARAMETER_7                                                NTStatus      = 0xC00000F5
+	STATUS_INVALID_PARAMETER_8                                                NTStatus      = 0xC00000F6
+	STATUS_INVALID_PARAMETER_9                                                NTStatus      = 0xC00000F7
+	STATUS_INVALID_PARAMETER_10                                               NTStatus      = 0xC00000F8
+	STATUS_INVALID_PARAMETER_11                                               NTStatus      = 0xC00000F9
+	STATUS_INVALID_PARAMETER_12                                               NTStatus      = 0xC00000FA
+	STATUS_REDIRECTOR_NOT_STARTED                                             NTStatus      = 0xC00000FB
+	STATUS_REDIRECTOR_STARTED                                                 NTStatus      = 0xC00000FC
+	STATUS_STACK_OVERFLOW                                                     NTStatus      = 0xC00000FD
+	STATUS_NO_SUCH_PACKAGE                                                    NTStatus      = 0xC00000FE
+	STATUS_BAD_FUNCTION_TABLE                                                 NTStatus      = 0xC00000FF
+	STATUS_VARIABLE_NOT_FOUND                                                 NTStatus      = 0xC0000100
+	STATUS_DIRECTORY_NOT_EMPTY                                                NTStatus      = 0xC0000101
+	STATUS_FILE_CORRUPT_ERROR                                                 NTStatus      = 0xC0000102
+	STATUS_NOT_A_DIRECTORY                                                    NTStatus      = 0xC0000103
+	STATUS_BAD_LOGON_SESSION_STATE                                            NTStatus      = 0xC0000104
+	STATUS_LOGON_SESSION_COLLISION                                            NTStatus      = 0xC0000105
+	STATUS_NAME_TOO_LONG                                                      NTStatus      = 0xC0000106
+	STATUS_FILES_OPEN                                                         NTStatus      = 0xC0000107
+	STATUS_CONNECTION_IN_USE                                                  NTStatus      = 0xC0000108
+	STATUS_MESSAGE_NOT_FOUND                                                  NTStatus      = 0xC0000109
+	STATUS_PROCESS_IS_TERMINATING                                             NTStatus      = 0xC000010A
+	STATUS_INVALID_LOGON_TYPE                                                 NTStatus      = 0xC000010B
+	STATUS_NO_GUID_TRANSLATION                                                NTStatus      = 0xC000010C
+	STATUS_CANNOT_IMPERSONATE                                                 NTStatus      = 0xC000010D
+	STATUS_IMAGE_ALREADY_LOADED                                               NTStatus      = 0xC000010E
+	STATUS_ABIOS_NOT_PRESENT                                                  NTStatus      = 0xC000010F
+	STATUS_ABIOS_LID_NOT_EXIST                                                NTStatus      = 0xC0000110
+	STATUS_ABIOS_LID_ALREADY_OWNED                                            NTStatus      = 0xC0000111
+	STATUS_ABIOS_NOT_LID_OWNER                                                NTStatus      = 0xC0000112
+	STATUS_ABIOS_INVALID_COMMAND                                              NTStatus      = 0xC0000113
+	STATUS_ABIOS_INVALID_LID                                                  NTStatus      = 0xC0000114
+	STATUS_ABIOS_SELECTOR_NOT_AVAILABLE                                       NTStatus      = 0xC0000115
+	STATUS_ABIOS_INVALID_SELECTOR                                             NTStatus      = 0xC0000116
+	STATUS_NO_LDT                                                             NTStatus      = 0xC0000117
+	STATUS_INVALID_LDT_SIZE                                                   NTStatus      = 0xC0000118
+	STATUS_INVALID_LDT_OFFSET                                                 NTStatus      = 0xC0000119
+	STATUS_INVALID_LDT_DESCRIPTOR                                             NTStatus      = 0xC000011A
+	STATUS_INVALID_IMAGE_NE_FORMAT                                            NTStatus      = 0xC000011B
+	STATUS_RXACT_INVALID_STATE                                                NTStatus      = 0xC000011C
+	STATUS_RXACT_COMMIT_FAILURE                                               NTStatus      = 0xC000011D
+	STATUS_MAPPED_FILE_SIZE_ZERO                                              NTStatus      = 0xC000011E
+	STATUS_TOO_MANY_OPENED_FILES                                              NTStatus      = 0xC000011F
+	STATUS_CANCELLED                                                          NTStatus      = 0xC0000120
+	STATUS_CANNOT_DELETE                                                      NTStatus      = 0xC0000121
+	STATUS_INVALID_COMPUTER_NAME                                              NTStatus      = 0xC0000122
+	STATUS_FILE_DELETED                                                       NTStatus      = 0xC0000123
+	STATUS_SPECIAL_ACCOUNT                                                    NTStatus      = 0xC0000124
+	STATUS_SPECIAL_GROUP                                                      NTStatus      = 0xC0000125
+	STATUS_SPECIAL_USER                                                       NTStatus      = 0xC0000126
+	STATUS_MEMBERS_PRIMARY_GROUP                                              NTStatus      = 0xC0000127
+	STATUS_FILE_CLOSED                                                        NTStatus      = 0xC0000128
+	STATUS_TOO_MANY_THREADS                                                   NTStatus      = 0xC0000129
+	STATUS_THREAD_NOT_IN_PROCESS                                              NTStatus      = 0xC000012A
+	STATUS_TOKEN_ALREADY_IN_USE                                               NTStatus      = 0xC000012B
+	STATUS_PAGEFILE_QUOTA_EXCEEDED                                            NTStatus      = 0xC000012C
+	STATUS_COMMITMENT_LIMIT                                                   NTStatus      = 0xC000012D
+	STATUS_INVALID_IMAGE_LE_FORMAT                                            NTStatus      = 0xC000012E
+	STATUS_INVALID_IMAGE_NOT_MZ                                               NTStatus      = 0xC000012F
+	STATUS_INVALID_IMAGE_PROTECT                                              NTStatus      = 0xC0000130
+	STATUS_INVALID_IMAGE_WIN_16                                               NTStatus      = 0xC0000131
+	STATUS_LOGON_SERVER_CONFLICT                                              NTStatus      = 0xC0000132
+	STATUS_TIME_DIFFERENCE_AT_DC                                              NTStatus      = 0xC0000133
+	STATUS_SYNCHRONIZATION_REQUIRED                                           NTStatus      = 0xC0000134
+	STATUS_DLL_NOT_FOUND                                                      NTStatus      = 0xC0000135
+	STATUS_OPEN_FAILED                                                        NTStatus      = 0xC0000136
+	STATUS_IO_PRIVILEGE_FAILED                                                NTStatus      = 0xC0000137
+	STATUS_ORDINAL_NOT_FOUND                                                  NTStatus      = 0xC0000138
+	STATUS_ENTRYPOINT_NOT_FOUND                                               NTStatus      = 0xC0000139
+	STATUS_CONTROL_C_EXIT                                                     NTStatus      = 0xC000013A
+	STATUS_LOCAL_DISCONNECT                                                   NTStatus      = 0xC000013B
+	STATUS_REMOTE_DISCONNECT                                                  NTStatus      = 0xC000013C
+	STATUS_REMOTE_RESOURCES                                                   NTStatus      = 0xC000013D
+	STATUS_LINK_FAILED                                                        NTStatus      = 0xC000013E
+	STATUS_LINK_TIMEOUT                                                       NTStatus      = 0xC000013F
+	STATUS_INVALID_CONNECTION                                                 NTStatus      = 0xC0000140
+	STATUS_INVALID_ADDRESS                                                    NTStatus      = 0xC0000141
+	STATUS_DLL_INIT_FAILED                                                    NTStatus      = 0xC0000142
+	STATUS_MISSING_SYSTEMFILE                                                 NTStatus      = 0xC0000143
+	STATUS_UNHANDLED_EXCEPTION                                                NTStatus      = 0xC0000144
+	STATUS_APP_INIT_FAILURE                                                   NTStatus      = 0xC0000145
+	STATUS_PAGEFILE_CREATE_FAILED                                             NTStatus      = 0xC0000146
+	STATUS_NO_PAGEFILE                                                        NTStatus      = 0xC0000147
+	STATUS_INVALID_LEVEL                                                      NTStatus      = 0xC0000148
+	STATUS_WRONG_PASSWORD_CORE                                                NTStatus      = 0xC0000149
+	STATUS_ILLEGAL_FLOAT_CONTEXT                                              NTStatus      = 0xC000014A
+	STATUS_PIPE_BROKEN                                                        NTStatus      = 0xC000014B
+	STATUS_REGISTRY_CORRUPT                                                   NTStatus      = 0xC000014C
+	STATUS_REGISTRY_IO_FAILED                                                 NTStatus      = 0xC000014D
+	STATUS_NO_EVENT_PAIR                                                      NTStatus      = 0xC000014E
+	STATUS_UNRECOGNIZED_VOLUME                                                NTStatus      = 0xC000014F
+	STATUS_SERIAL_NO_DEVICE_INITED                                            NTStatus      = 0xC0000150
+	STATUS_NO_SUCH_ALIAS                                                      NTStatus      = 0xC0000151
+	STATUS_MEMBER_NOT_IN_ALIAS                                                NTStatus      = 0xC0000152
+	STATUS_MEMBER_IN_ALIAS                                                    NTStatus      = 0xC0000153
+	STATUS_ALIAS_EXISTS                                                       NTStatus      = 0xC0000154
+	STATUS_LOGON_NOT_GRANTED                                                  NTStatus      = 0xC0000155
+	STATUS_TOO_MANY_SECRETS                                                   NTStatus      = 0xC0000156
+	STATUS_SECRET_TOO_LONG                                                    NTStatus      = 0xC0000157
+	STATUS_INTERNAL_DB_ERROR                                                  NTStatus      = 0xC0000158
+	STATUS_FULLSCREEN_MODE                                                    NTStatus      = 0xC0000159
+	STATUS_TOO_MANY_CONTEXT_IDS                                               NTStatus      = 0xC000015A
+	STATUS_LOGON_TYPE_NOT_GRANTED                                             NTStatus      = 0xC000015B
+	STATUS_NOT_REGISTRY_FILE                                                  NTStatus      = 0xC000015C
+	STATUS_NT_CROSS_ENCRYPTION_REQUIRED                                       NTStatus      = 0xC000015D
+	STATUS_DOMAIN_CTRLR_CONFIG_ERROR                                          NTStatus      = 0xC000015E
+	STATUS_FT_MISSING_MEMBER                                                  NTStatus      = 0xC000015F
+	STATUS_ILL_FORMED_SERVICE_ENTRY                                           NTStatus      = 0xC0000160
+	STATUS_ILLEGAL_CHARACTER                                                  NTStatus      = 0xC0000161
+	STATUS_UNMAPPABLE_CHARACTER                                               NTStatus      = 0xC0000162
+	STATUS_UNDEFINED_CHARACTER                                                NTStatus      = 0xC0000163
+	STATUS_FLOPPY_VOLUME                                                      NTStatus      = 0xC0000164
+	STATUS_FLOPPY_ID_MARK_NOT_FOUND                                           NTStatus      = 0xC0000165
+	STATUS_FLOPPY_WRONG_CYLINDER                                              NTStatus      = 0xC0000166
+	STATUS_FLOPPY_UNKNOWN_ERROR                                               NTStatus      = 0xC0000167
+	STATUS_FLOPPY_BAD_REGISTERS                                               NTStatus      = 0xC0000168
+	STATUS_DISK_RECALIBRATE_FAILED                                            NTStatus      = 0xC0000169
+	STATUS_DISK_OPERATION_FAILED                                              NTStatus      = 0xC000016A
+	STATUS_DISK_RESET_FAILED                                                  NTStatus      = 0xC000016B
+	STATUS_SHARED_IRQ_BUSY                                                    NTStatus      = 0xC000016C
+	STATUS_FT_ORPHANING                                                       NTStatus      = 0xC000016D
+	STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT                                   NTStatus      = 0xC000016E
+	STATUS_PARTITION_FAILURE                                                  NTStatus      = 0xC0000172
+	STATUS_INVALID_BLOCK_LENGTH                                               NTStatus      = 0xC0000173
+	STATUS_DEVICE_NOT_PARTITIONED                                             NTStatus      = 0xC0000174
+	STATUS_UNABLE_TO_LOCK_MEDIA                                               NTStatus      = 0xC0000175
+	STATUS_UNABLE_TO_UNLOAD_MEDIA                                             NTStatus      = 0xC0000176
+	STATUS_EOM_OVERFLOW                                                       NTStatus      = 0xC0000177
+	STATUS_NO_MEDIA                                                           NTStatus      = 0xC0000178
+	STATUS_NO_SUCH_MEMBER                                                     NTStatus      = 0xC000017A
+	STATUS_INVALID_MEMBER                                                     NTStatus      = 0xC000017B
+	STATUS_KEY_DELETED                                                        NTStatus      = 0xC000017C
+	STATUS_NO_LOG_SPACE                                                       NTStatus      = 0xC000017D
+	STATUS_TOO_MANY_SIDS                                                      NTStatus      = 0xC000017E
+	STATUS_LM_CROSS_ENCRYPTION_REQUIRED                                       NTStatus      = 0xC000017F
+	STATUS_KEY_HAS_CHILDREN                                                   NTStatus      = 0xC0000180
+	STATUS_CHILD_MUST_BE_VOLATILE                                             NTStatus      = 0xC0000181
+	STATUS_DEVICE_CONFIGURATION_ERROR                                         NTStatus      = 0xC0000182
+	STATUS_DRIVER_INTERNAL_ERROR                                              NTStatus      = 0xC0000183
+	STATUS_INVALID_DEVICE_STATE                                               NTStatus      = 0xC0000184
+	STATUS_IO_DEVICE_ERROR                                                    NTStatus      = 0xC0000185
+	STATUS_DEVICE_PROTOCOL_ERROR                                              NTStatus      = 0xC0000186
+	STATUS_BACKUP_CONTROLLER                                                  NTStatus      = 0xC0000187
+	STATUS_LOG_FILE_FULL                                                      NTStatus      = 0xC0000188
+	STATUS_TOO_LATE                                                           NTStatus      = 0xC0000189
+	STATUS_NO_TRUST_LSA_SECRET                                                NTStatus      = 0xC000018A
+	STATUS_NO_TRUST_SAM_ACCOUNT                                               NTStatus      = 0xC000018B
+	STATUS_TRUSTED_DOMAIN_FAILURE                                             NTStatus      = 0xC000018C
+	STATUS_TRUSTED_RELATIONSHIP_FAILURE                                       NTStatus      = 0xC000018D
+	STATUS_EVENTLOG_FILE_CORRUPT                                              NTStatus      = 0xC000018E
+	STATUS_EVENTLOG_CANT_START                                                NTStatus      = 0xC000018F
+	STATUS_TRUST_FAILURE                                                      NTStatus      = 0xC0000190
+	STATUS_MUTANT_LIMIT_EXCEEDED                                              NTStatus      = 0xC0000191
+	STATUS_NETLOGON_NOT_STARTED                                               NTStatus      = 0xC0000192
+	STATUS_ACCOUNT_EXPIRED                                                    NTStatus      = 0xC0000193
+	STATUS_POSSIBLE_DEADLOCK                                                  NTStatus      = 0xC0000194
+	STATUS_NETWORK_CREDENTIAL_CONFLICT                                        NTStatus      = 0xC0000195
+	STATUS_REMOTE_SESSION_LIMIT                                               NTStatus      = 0xC0000196
+	STATUS_EVENTLOG_FILE_CHANGED                                              NTStatus      = 0xC0000197
+	STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT                                  NTStatus      = 0xC0000198
+	STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT                                  NTStatus      = 0xC0000199
+	STATUS_NOLOGON_SERVER_TRUST_ACCOUNT                                       NTStatus      = 0xC000019A
+	STATUS_DOMAIN_TRUST_INCONSISTENT                                          NTStatus      = 0xC000019B
+	STATUS_FS_DRIVER_REQUIRED                                                 NTStatus      = 0xC000019C
+	STATUS_IMAGE_ALREADY_LOADED_AS_DLL                                        NTStatus      = 0xC000019D
+	STATUS_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING               NTStatus      = 0xC000019E
+	STATUS_SHORT_NAMES_NOT_ENABLED_ON_VOLUME                                  NTStatus      = 0xC000019F
+	STATUS_SECURITY_STREAM_IS_INCONSISTENT                                    NTStatus      = 0xC00001A0
+	STATUS_INVALID_LOCK_RANGE                                                 NTStatus      = 0xC00001A1
+	STATUS_INVALID_ACE_CONDITION                                              NTStatus      = 0xC00001A2
+	STATUS_IMAGE_SUBSYSTEM_NOT_PRESENT                                        NTStatus      = 0xC00001A3
+	STATUS_NOTIFICATION_GUID_ALREADY_DEFINED                                  NTStatus      = 0xC00001A4
+	STATUS_INVALID_EXCEPTION_HANDLER                                          NTStatus      = 0xC00001A5
+	STATUS_DUPLICATE_PRIVILEGES                                               NTStatus      = 0xC00001A6
+	STATUS_NOT_ALLOWED_ON_SYSTEM_FILE                                         NTStatus      = 0xC00001A7
+	STATUS_REPAIR_NEEDED                                                      NTStatus      = 0xC00001A8
+	STATUS_QUOTA_NOT_ENABLED                                                  NTStatus      = 0xC00001A9
+	STATUS_NO_APPLICATION_PACKAGE                                             NTStatus      = 0xC00001AA
+	STATUS_FILE_METADATA_OPTIMIZATION_IN_PROGRESS                             NTStatus      = 0xC00001AB
+	STATUS_NOT_SAME_OBJECT                                                    NTStatus      = 0xC00001AC
+	STATUS_FATAL_MEMORY_EXHAUSTION                                            NTStatus      = 0xC00001AD
+	STATUS_ERROR_PROCESS_NOT_IN_JOB                                           NTStatus      = 0xC00001AE
+	STATUS_CPU_SET_INVALID                                                    NTStatus      = 0xC00001AF
+	STATUS_IO_DEVICE_INVALID_DATA                                             NTStatus      = 0xC00001B0
+	STATUS_IO_UNALIGNED_WRITE                                                 NTStatus      = 0xC00001B1
+	STATUS_NETWORK_OPEN_RESTRICTION                                           NTStatus      = 0xC0000201
+	STATUS_NO_USER_SESSION_KEY                                                NTStatus      = 0xC0000202
+	STATUS_USER_SESSION_DELETED                                               NTStatus      = 0xC0000203
+	STATUS_RESOURCE_LANG_NOT_FOUND                                            NTStatus      = 0xC0000204
+	STATUS_INSUFF_SERVER_RESOURCES                                            NTStatus      = 0xC0000205
+	STATUS_INVALID_BUFFER_SIZE                                                NTStatus      = 0xC0000206
+	STATUS_INVALID_ADDRESS_COMPONENT                                          NTStatus      = 0xC0000207
+	STATUS_INVALID_ADDRESS_WILDCARD                                           NTStatus      = 0xC0000208
+	STATUS_TOO_MANY_ADDRESSES                                                 NTStatus      = 0xC0000209
+	STATUS_ADDRESS_ALREADY_EXISTS                                             NTStatus      = 0xC000020A
+	STATUS_ADDRESS_CLOSED                                                     NTStatus      = 0xC000020B
+	STATUS_CONNECTION_DISCONNECTED                                            NTStatus      = 0xC000020C
+	STATUS_CONNECTION_RESET                                                   NTStatus      = 0xC000020D
+	STATUS_TOO_MANY_NODES                                                     NTStatus      = 0xC000020E
+	STATUS_TRANSACTION_ABORTED                                                NTStatus      = 0xC000020F
+	STATUS_TRANSACTION_TIMED_OUT                                              NTStatus      = 0xC0000210
+	STATUS_TRANSACTION_NO_RELEASE                                             NTStatus      = 0xC0000211
+	STATUS_TRANSACTION_NO_MATCH                                               NTStatus      = 0xC0000212
+	STATUS_TRANSACTION_RESPONDED                                              NTStatus      = 0xC0000213
+	STATUS_TRANSACTION_INVALID_ID                                             NTStatus      = 0xC0000214
+	STATUS_TRANSACTION_INVALID_TYPE                                           NTStatus      = 0xC0000215
+	STATUS_NOT_SERVER_SESSION                                                 NTStatus      = 0xC0000216
+	STATUS_NOT_CLIENT_SESSION                                                 NTStatus      = 0xC0000217
+	STATUS_CANNOT_LOAD_REGISTRY_FILE                                          NTStatus      = 0xC0000218
+	STATUS_DEBUG_ATTACH_FAILED                                                NTStatus      = 0xC0000219
+	STATUS_SYSTEM_PROCESS_TERMINATED                                          NTStatus      = 0xC000021A
+	STATUS_DATA_NOT_ACCEPTED                                                  NTStatus      = 0xC000021B
+	STATUS_NO_BROWSER_SERVERS_FOUND                                           NTStatus      = 0xC000021C
+	STATUS_VDM_HARD_ERROR                                                     NTStatus      = 0xC000021D
+	STATUS_DRIVER_CANCEL_TIMEOUT                                              NTStatus      = 0xC000021E
+	STATUS_REPLY_MESSAGE_MISMATCH                                             NTStatus      = 0xC000021F
+	STATUS_MAPPED_ALIGNMENT                                                   NTStatus      = 0xC0000220
+	STATUS_IMAGE_CHECKSUM_MISMATCH                                            NTStatus      = 0xC0000221
+	STATUS_LOST_WRITEBEHIND_DATA                                              NTStatus      = 0xC0000222
+	STATUS_CLIENT_SERVER_PARAMETERS_INVALID                                   NTStatus      = 0xC0000223
+	STATUS_PASSWORD_MUST_CHANGE                                               NTStatus      = 0xC0000224
+	STATUS_NOT_FOUND                                                          NTStatus      = 0xC0000225
+	STATUS_NOT_TINY_STREAM                                                    NTStatus      = 0xC0000226
+	STATUS_RECOVERY_FAILURE                                                   NTStatus      = 0xC0000227
+	STATUS_STACK_OVERFLOW_READ                                                NTStatus      = 0xC0000228
+	STATUS_FAIL_CHECK                                                         NTStatus      = 0xC0000229
+	STATUS_DUPLICATE_OBJECTID                                                 NTStatus      = 0xC000022A
+	STATUS_OBJECTID_EXISTS                                                    NTStatus      = 0xC000022B
+	STATUS_CONVERT_TO_LARGE                                                   NTStatus      = 0xC000022C
+	STATUS_RETRY                                                              NTStatus      = 0xC000022D
+	STATUS_FOUND_OUT_OF_SCOPE                                                 NTStatus      = 0xC000022E
+	STATUS_ALLOCATE_BUCKET                                                    NTStatus      = 0xC000022F
+	STATUS_PROPSET_NOT_FOUND                                                  NTStatus      = 0xC0000230
+	STATUS_MARSHALL_OVERFLOW                                                  NTStatus      = 0xC0000231
+	STATUS_INVALID_VARIANT                                                    NTStatus      = 0xC0000232
+	STATUS_DOMAIN_CONTROLLER_NOT_FOUND                                        NTStatus      = 0xC0000233
+	STATUS_ACCOUNT_LOCKED_OUT                                                 NTStatus      = 0xC0000234
+	STATUS_HANDLE_NOT_CLOSABLE                                                NTStatus      = 0xC0000235
+	STATUS_CONNECTION_REFUSED                                                 NTStatus      = 0xC0000236
+	STATUS_GRACEFUL_DISCONNECT                                                NTStatus      = 0xC0000237
+	STATUS_ADDRESS_ALREADY_ASSOCIATED                                         NTStatus      = 0xC0000238
+	STATUS_ADDRESS_NOT_ASSOCIATED                                             NTStatus      = 0xC0000239
+	STATUS_CONNECTION_INVALID                                                 NTStatus      = 0xC000023A
+	STATUS_CONNECTION_ACTIVE                                                  NTStatus      = 0xC000023B
+	STATUS_NETWORK_UNREACHABLE                                                NTStatus      = 0xC000023C
+	STATUS_HOST_UNREACHABLE                                                   NTStatus      = 0xC000023D
+	STATUS_PROTOCOL_UNREACHABLE                                               NTStatus      = 0xC000023E
+	STATUS_PORT_UNREACHABLE                                                   NTStatus      = 0xC000023F
+	STATUS_REQUEST_ABORTED                                                    NTStatus      = 0xC0000240
+	STATUS_CONNECTION_ABORTED                                                 NTStatus      = 0xC0000241
+	STATUS_BAD_COMPRESSION_BUFFER                                             NTStatus      = 0xC0000242
+	STATUS_USER_MAPPED_FILE                                                   NTStatus      = 0xC0000243
+	STATUS_AUDIT_FAILED                                                       NTStatus      = 0xC0000244
+	STATUS_TIMER_RESOLUTION_NOT_SET                                           NTStatus      = 0xC0000245
+	STATUS_CONNECTION_COUNT_LIMIT                                             NTStatus      = 0xC0000246
+	STATUS_LOGIN_TIME_RESTRICTION                                             NTStatus      = 0xC0000247
+	STATUS_LOGIN_WKSTA_RESTRICTION                                            NTStatus      = 0xC0000248
+	STATUS_IMAGE_MP_UP_MISMATCH                                               NTStatus      = 0xC0000249
+	STATUS_INSUFFICIENT_LOGON_INFO                                            NTStatus      = 0xC0000250
+	STATUS_BAD_DLL_ENTRYPOINT                                                 NTStatus      = 0xC0000251
+	STATUS_BAD_SERVICE_ENTRYPOINT                                             NTStatus      = 0xC0000252
+	STATUS_LPC_REPLY_LOST                                                     NTStatus      = 0xC0000253
+	STATUS_IP_ADDRESS_CONFLICT1                                               NTStatus      = 0xC0000254
+	STATUS_IP_ADDRESS_CONFLICT2                                               NTStatus      = 0xC0000255
+	STATUS_REGISTRY_QUOTA_LIMIT                                               NTStatus      = 0xC0000256
+	STATUS_PATH_NOT_COVERED                                                   NTStatus      = 0xC0000257
+	STATUS_NO_CALLBACK_ACTIVE                                                 NTStatus      = 0xC0000258
+	STATUS_LICENSE_QUOTA_EXCEEDED                                             NTStatus      = 0xC0000259
+	STATUS_PWD_TOO_SHORT                                                      NTStatus      = 0xC000025A
+	STATUS_PWD_TOO_RECENT                                                     NTStatus      = 0xC000025B
+	STATUS_PWD_HISTORY_CONFLICT                                               NTStatus      = 0xC000025C
+	STATUS_PLUGPLAY_NO_DEVICE                                                 NTStatus      = 0xC000025E
+	STATUS_UNSUPPORTED_COMPRESSION                                            NTStatus      = 0xC000025F
+	STATUS_INVALID_HW_PROFILE                                                 NTStatus      = 0xC0000260
+	STATUS_INVALID_PLUGPLAY_DEVICE_PATH                                       NTStatus      = 0xC0000261
+	STATUS_DRIVER_ORDINAL_NOT_FOUND                                           NTStatus      = 0xC0000262
+	STATUS_DRIVER_ENTRYPOINT_NOT_FOUND                                        NTStatus      = 0xC0000263
+	STATUS_RESOURCE_NOT_OWNED                                                 NTStatus      = 0xC0000264
+	STATUS_TOO_MANY_LINKS                                                     NTStatus      = 0xC0000265
+	STATUS_QUOTA_LIST_INCONSISTENT                                            NTStatus      = 0xC0000266
+	STATUS_FILE_IS_OFFLINE                                                    NTStatus      = 0xC0000267
+	STATUS_EVALUATION_EXPIRATION                                              NTStatus      = 0xC0000268
+	STATUS_ILLEGAL_DLL_RELOCATION                                             NTStatus      = 0xC0000269
+	STATUS_LICENSE_VIOLATION                                                  NTStatus      = 0xC000026A
+	STATUS_DLL_INIT_FAILED_LOGOFF                                             NTStatus      = 0xC000026B
+	STATUS_DRIVER_UNABLE_TO_LOAD                                              NTStatus      = 0xC000026C
+	STATUS_DFS_UNAVAILABLE                                                    NTStatus      = 0xC000026D
+	STATUS_VOLUME_DISMOUNTED                                                  NTStatus      = 0xC000026E
+	STATUS_WX86_INTERNAL_ERROR                                                NTStatus      = 0xC000026F
+	STATUS_WX86_FLOAT_STACK_CHECK                                             NTStatus      = 0xC0000270
+	STATUS_VALIDATE_CONTINUE                                                  NTStatus      = 0xC0000271
+	STATUS_NO_MATCH                                                           NTStatus      = 0xC0000272
+	STATUS_NO_MORE_MATCHES                                                    NTStatus      = 0xC0000273
+	STATUS_NOT_A_REPARSE_POINT                                                NTStatus      = 0xC0000275
+	STATUS_IO_REPARSE_TAG_INVALID                                             NTStatus      = 0xC0000276
+	STATUS_IO_REPARSE_TAG_MISMATCH                                            NTStatus      = 0xC0000277
+	STATUS_IO_REPARSE_DATA_INVALID                                            NTStatus      = 0xC0000278
+	STATUS_IO_REPARSE_TAG_NOT_HANDLED                                         NTStatus      = 0xC0000279
+	STATUS_PWD_TOO_LONG                                                       NTStatus      = 0xC000027A
+	STATUS_STOWED_EXCEPTION                                                   NTStatus      = 0xC000027B
+	STATUS_CONTEXT_STOWED_EXCEPTION                                           NTStatus      = 0xC000027C
+	STATUS_REPARSE_POINT_NOT_RESOLVED                                         NTStatus      = 0xC0000280
+	STATUS_DIRECTORY_IS_A_REPARSE_POINT                                       NTStatus      = 0xC0000281
+	STATUS_RANGE_LIST_CONFLICT                                                NTStatus      = 0xC0000282
+	STATUS_SOURCE_ELEMENT_EMPTY                                               NTStatus      = 0xC0000283
+	STATUS_DESTINATION_ELEMENT_FULL                                           NTStatus      = 0xC0000284
+	STATUS_ILLEGAL_ELEMENT_ADDRESS                                            NTStatus      = 0xC0000285
+	STATUS_MAGAZINE_NOT_PRESENT                                               NTStatus      = 0xC0000286
+	STATUS_REINITIALIZATION_NEEDED                                            NTStatus      = 0xC0000287
+	STATUS_DEVICE_REQUIRES_CLEANING                                           NTStatus      = 0x80000288
+	STATUS_DEVICE_DOOR_OPEN                                                   NTStatus      = 0x80000289
+	STATUS_ENCRYPTION_FAILED                                                  NTStatus      = 0xC000028A
+	STATUS_DECRYPTION_FAILED                                                  NTStatus      = 0xC000028B
+	STATUS_RANGE_NOT_FOUND                                                    NTStatus      = 0xC000028C
+	STATUS_NO_RECOVERY_POLICY                                                 NTStatus      = 0xC000028D
+	STATUS_NO_EFS                                                             NTStatus      = 0xC000028E
+	STATUS_WRONG_EFS                                                          NTStatus      = 0xC000028F
+	STATUS_NO_USER_KEYS                                                       NTStatus      = 0xC0000290
+	STATUS_FILE_NOT_ENCRYPTED                                                 NTStatus      = 0xC0000291
+	STATUS_NOT_EXPORT_FORMAT                                                  NTStatus      = 0xC0000292
+	STATUS_FILE_ENCRYPTED                                                     NTStatus      = 0xC0000293
+	STATUS_WAKE_SYSTEM                                                        NTStatus      = 0x40000294
+	STATUS_WMI_GUID_NOT_FOUND                                                 NTStatus      = 0xC0000295
+	STATUS_WMI_INSTANCE_NOT_FOUND                                             NTStatus      = 0xC0000296
+	STATUS_WMI_ITEMID_NOT_FOUND                                               NTStatus      = 0xC0000297
+	STATUS_WMI_TRY_AGAIN                                                      NTStatus      = 0xC0000298
+	STATUS_SHARED_POLICY                                                      NTStatus      = 0xC0000299
+	STATUS_POLICY_OBJECT_NOT_FOUND                                            NTStatus      = 0xC000029A
+	STATUS_POLICY_ONLY_IN_DS                                                  NTStatus      = 0xC000029B
+	STATUS_VOLUME_NOT_UPGRADED                                                NTStatus      = 0xC000029C
+	STATUS_REMOTE_STORAGE_NOT_ACTIVE                                          NTStatus      = 0xC000029D
+	STATUS_REMOTE_STORAGE_MEDIA_ERROR                                         NTStatus      = 0xC000029E
+	STATUS_NO_TRACKING_SERVICE                                                NTStatus      = 0xC000029F
+	STATUS_SERVER_SID_MISMATCH                                                NTStatus      = 0xC00002A0
+	STATUS_DS_NO_ATTRIBUTE_OR_VALUE                                           NTStatus      = 0xC00002A1
+	STATUS_DS_INVALID_ATTRIBUTE_SYNTAX                                        NTStatus      = 0xC00002A2
+	STATUS_DS_ATTRIBUTE_TYPE_UNDEFINED                                        NTStatus      = 0xC00002A3
+	STATUS_DS_ATTRIBUTE_OR_VALUE_EXISTS                                       NTStatus      = 0xC00002A4
+	STATUS_DS_BUSY                                                            NTStatus      = 0xC00002A5
+	STATUS_DS_UNAVAILABLE                                                     NTStatus      = 0xC00002A6
+	STATUS_DS_NO_RIDS_ALLOCATED                                               NTStatus      = 0xC00002A7
+	STATUS_DS_NO_MORE_RIDS                                                    NTStatus      = 0xC00002A8
+	STATUS_DS_INCORRECT_ROLE_OWNER                                            NTStatus      = 0xC00002A9
+	STATUS_DS_RIDMGR_INIT_ERROR                                               NTStatus      = 0xC00002AA
+	STATUS_DS_OBJ_CLASS_VIOLATION                                             NTStatus      = 0xC00002AB
+	STATUS_DS_CANT_ON_NON_LEAF                                                NTStatus      = 0xC00002AC
+	STATUS_DS_CANT_ON_RDN                                                     NTStatus      = 0xC00002AD
+	STATUS_DS_CANT_MOD_OBJ_CLASS                                              NTStatus      = 0xC00002AE
+	STATUS_DS_CROSS_DOM_MOVE_FAILED                                           NTStatus      = 0xC00002AF
+	STATUS_DS_GC_NOT_AVAILABLE                                                NTStatus      = 0xC00002B0
+	STATUS_DIRECTORY_SERVICE_REQUIRED                                         NTStatus      = 0xC00002B1
+	STATUS_REPARSE_ATTRIBUTE_CONFLICT                                         NTStatus      = 0xC00002B2
+	STATUS_CANT_ENABLE_DENY_ONLY                                              NTStatus      = 0xC00002B3
+	STATUS_FLOAT_MULTIPLE_FAULTS                                              NTStatus      = 0xC00002B4
+	STATUS_FLOAT_MULTIPLE_TRAPS                                               NTStatus      = 0xC00002B5
+	STATUS_DEVICE_REMOVED                                                     NTStatus      = 0xC00002B6
+	STATUS_JOURNAL_DELETE_IN_PROGRESS                                         NTStatus      = 0xC00002B7
+	STATUS_JOURNAL_NOT_ACTIVE                                                 NTStatus      = 0xC00002B8
+	STATUS_NOINTERFACE                                                        NTStatus      = 0xC00002B9
+	STATUS_DS_RIDMGR_DISABLED                                                 NTStatus      = 0xC00002BA
+	STATUS_DS_ADMIN_LIMIT_EXCEEDED                                            NTStatus      = 0xC00002C1
+	STATUS_DRIVER_FAILED_SLEEP                                                NTStatus      = 0xC00002C2
+	STATUS_MUTUAL_AUTHENTICATION_FAILED                                       NTStatus      = 0xC00002C3
+	STATUS_CORRUPT_SYSTEM_FILE                                                NTStatus      = 0xC00002C4
+	STATUS_DATATYPE_MISALIGNMENT_ERROR                                        NTStatus      = 0xC00002C5
+	STATUS_WMI_READ_ONLY                                                      NTStatus      = 0xC00002C6
+	STATUS_WMI_SET_FAILURE                                                    NTStatus      = 0xC00002C7
+	STATUS_COMMITMENT_MINIMUM                                                 NTStatus      = 0xC00002C8
+	STATUS_REG_NAT_CONSUMPTION                                                NTStatus      = 0xC00002C9
+	STATUS_TRANSPORT_FULL                                                     NTStatus      = 0xC00002CA
+	STATUS_DS_SAM_INIT_FAILURE                                                NTStatus      = 0xC00002CB
+	STATUS_ONLY_IF_CONNECTED                                                  NTStatus      = 0xC00002CC
+	STATUS_DS_SENSITIVE_GROUP_VIOLATION                                       NTStatus      = 0xC00002CD
+	STATUS_PNP_RESTART_ENUMERATION                                            NTStatus      = 0xC00002CE
+	STATUS_JOURNAL_ENTRY_DELETED                                              NTStatus      = 0xC00002CF
+	STATUS_DS_CANT_MOD_PRIMARYGROUPID                                         NTStatus      = 0xC00002D0
+	STATUS_SYSTEM_IMAGE_BAD_SIGNATURE                                         NTStatus      = 0xC00002D1
+	STATUS_PNP_REBOOT_REQUIRED                                                NTStatus      = 0xC00002D2
+	STATUS_POWER_STATE_INVALID                                                NTStatus      = 0xC00002D3
+	STATUS_DS_INVALID_GROUP_TYPE                                              NTStatus      = 0xC00002D4
+	STATUS_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN                              NTStatus      = 0xC00002D5
+	STATUS_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN                               NTStatus      = 0xC00002D6
+	STATUS_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER                                   NTStatus      = 0xC00002D7
+	STATUS_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER                               NTStatus      = 0xC00002D8
+	STATUS_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER                                NTStatus      = 0xC00002D9
+	STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER                             NTStatus      = 0xC00002DA
+	STATUS_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER                        NTStatus      = 0xC00002DB
+	STATUS_DS_HAVE_PRIMARY_MEMBERS                                            NTStatus      = 0xC00002DC
+	STATUS_WMI_NOT_SUPPORTED                                                  NTStatus      = 0xC00002DD
+	STATUS_INSUFFICIENT_POWER                                                 NTStatus      = 0xC00002DE
+	STATUS_SAM_NEED_BOOTKEY_PASSWORD                                          NTStatus      = 0xC00002DF
+	STATUS_SAM_NEED_BOOTKEY_FLOPPY                                            NTStatus      = 0xC00002E0
+	STATUS_DS_CANT_START                                                      NTStatus      = 0xC00002E1
+	STATUS_DS_INIT_FAILURE                                                    NTStatus      = 0xC00002E2
+	STATUS_SAM_INIT_FAILURE                                                   NTStatus      = 0xC00002E3
+	STATUS_DS_GC_REQUIRED                                                     NTStatus      = 0xC00002E4
+	STATUS_DS_LOCAL_MEMBER_OF_LOCAL_ONLY                                      NTStatus      = 0xC00002E5
+	STATUS_DS_NO_FPO_IN_UNIVERSAL_GROUPS                                      NTStatus      = 0xC00002E6
+	STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED                                  NTStatus      = 0xC00002E7
+	STATUS_MULTIPLE_FAULT_VIOLATION                                           NTStatus      = 0xC00002E8
+	STATUS_CURRENT_DOMAIN_NOT_ALLOWED                                         NTStatus      = 0xC00002E9
+	STATUS_CANNOT_MAKE                                                        NTStatus      = 0xC00002EA
+	STATUS_SYSTEM_SHUTDOWN                                                    NTStatus      = 0xC00002EB
+	STATUS_DS_INIT_FAILURE_CONSOLE                                            NTStatus      = 0xC00002EC
+	STATUS_DS_SAM_INIT_FAILURE_CONSOLE                                        NTStatus      = 0xC00002ED
+	STATUS_UNFINISHED_CONTEXT_DELETED                                         NTStatus      = 0xC00002EE
+	STATUS_NO_TGT_REPLY                                                       NTStatus      = 0xC00002EF
+	STATUS_OBJECTID_NOT_FOUND                                                 NTStatus      = 0xC00002F0
+	STATUS_NO_IP_ADDRESSES                                                    NTStatus      = 0xC00002F1
+	STATUS_WRONG_CREDENTIAL_HANDLE                                            NTStatus      = 0xC00002F2
+	STATUS_CRYPTO_SYSTEM_INVALID                                              NTStatus      = 0xC00002F3
+	STATUS_MAX_REFERRALS_EXCEEDED                                             NTStatus      = 0xC00002F4
+	STATUS_MUST_BE_KDC                                                        NTStatus      = 0xC00002F5
+	STATUS_STRONG_CRYPTO_NOT_SUPPORTED                                        NTStatus      = 0xC00002F6
+	STATUS_TOO_MANY_PRINCIPALS                                                NTStatus      = 0xC00002F7
+	STATUS_NO_PA_DATA                                                         NTStatus      = 0xC00002F8
+	STATUS_PKINIT_NAME_MISMATCH                                               NTStatus      = 0xC00002F9
+	STATUS_SMARTCARD_LOGON_REQUIRED                                           NTStatus      = 0xC00002FA
+	STATUS_KDC_INVALID_REQUEST                                                NTStatus      = 0xC00002FB
+	STATUS_KDC_UNABLE_TO_REFER                                                NTStatus      = 0xC00002FC
+	STATUS_KDC_UNKNOWN_ETYPE                                                  NTStatus      = 0xC00002FD
+	STATUS_SHUTDOWN_IN_PROGRESS                                               NTStatus      = 0xC00002FE
+	STATUS_SERVER_SHUTDOWN_IN_PROGRESS                                        NTStatus      = 0xC00002FF
+	STATUS_NOT_SUPPORTED_ON_SBS                                               NTStatus      = 0xC0000300
+	STATUS_WMI_GUID_DISCONNECTED                                              NTStatus      = 0xC0000301
+	STATUS_WMI_ALREADY_DISABLED                                               NTStatus      = 0xC0000302
+	STATUS_WMI_ALREADY_ENABLED                                                NTStatus      = 0xC0000303
+	STATUS_MFT_TOO_FRAGMENTED                                                 NTStatus      = 0xC0000304
+	STATUS_COPY_PROTECTION_FAILURE                                            NTStatus      = 0xC0000305
+	STATUS_CSS_AUTHENTICATION_FAILURE                                         NTStatus      = 0xC0000306
+	STATUS_CSS_KEY_NOT_PRESENT                                                NTStatus      = 0xC0000307
+	STATUS_CSS_KEY_NOT_ESTABLISHED                                            NTStatus      = 0xC0000308
+	STATUS_CSS_SCRAMBLED_SECTOR                                               NTStatus      = 0xC0000309
+	STATUS_CSS_REGION_MISMATCH                                                NTStatus      = 0xC000030A
+	STATUS_CSS_RESETS_EXHAUSTED                                               NTStatus      = 0xC000030B
+	STATUS_PASSWORD_CHANGE_REQUIRED                                           NTStatus      = 0xC000030C
+	STATUS_LOST_MODE_LOGON_RESTRICTION                                        NTStatus      = 0xC000030D
+	STATUS_PKINIT_FAILURE                                                     NTStatus      = 0xC0000320
+	STATUS_SMARTCARD_SUBSYSTEM_FAILURE                                        NTStatus      = 0xC0000321
+	STATUS_NO_KERB_KEY                                                        NTStatus      = 0xC0000322
+	STATUS_HOST_DOWN                                                          NTStatus      = 0xC0000350
+	STATUS_UNSUPPORTED_PREAUTH                                                NTStatus      = 0xC0000351
+	STATUS_EFS_ALG_BLOB_TOO_BIG                                               NTStatus      = 0xC0000352
+	STATUS_PORT_NOT_SET                                                       NTStatus      = 0xC0000353
+	STATUS_DEBUGGER_INACTIVE                                                  NTStatus      = 0xC0000354
+	STATUS_DS_VERSION_CHECK_FAILURE                                           NTStatus      = 0xC0000355
+	STATUS_AUDITING_DISABLED                                                  NTStatus      = 0xC0000356
+	STATUS_PRENT4_MACHINE_ACCOUNT                                             NTStatus      = 0xC0000357
+	STATUS_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER                                   NTStatus      = 0xC0000358
+	STATUS_INVALID_IMAGE_WIN_32                                               NTStatus      = 0xC0000359
+	STATUS_INVALID_IMAGE_WIN_64                                               NTStatus      = 0xC000035A
+	STATUS_BAD_BINDINGS                                                       NTStatus      = 0xC000035B
+	STATUS_NETWORK_SESSION_EXPIRED                                            NTStatus      = 0xC000035C
+	STATUS_APPHELP_BLOCK                                                      NTStatus      = 0xC000035D
+	STATUS_ALL_SIDS_FILTERED                                                  NTStatus      = 0xC000035E
+	STATUS_NOT_SAFE_MODE_DRIVER                                               NTStatus      = 0xC000035F
+	STATUS_ACCESS_DISABLED_BY_POLICY_DEFAULT                                  NTStatus      = 0xC0000361
+	STATUS_ACCESS_DISABLED_BY_POLICY_PATH                                     NTStatus      = 0xC0000362
+	STATUS_ACCESS_DISABLED_BY_POLICY_PUBLISHER                                NTStatus      = 0xC0000363
+	STATUS_ACCESS_DISABLED_BY_POLICY_OTHER                                    NTStatus      = 0xC0000364
+	STATUS_FAILED_DRIVER_ENTRY                                                NTStatus      = 0xC0000365
+	STATUS_DEVICE_ENUMERATION_ERROR                                           NTStatus      = 0xC0000366
+	STATUS_MOUNT_POINT_NOT_RESOLVED                                           NTStatus      = 0xC0000368
+	STATUS_INVALID_DEVICE_OBJECT_PARAMETER                                    NTStatus      = 0xC0000369
+	STATUS_MCA_OCCURED                                                        NTStatus      = 0xC000036A
+	STATUS_DRIVER_BLOCKED_CRITICAL                                            NTStatus      = 0xC000036B
+	STATUS_DRIVER_BLOCKED                                                     NTStatus      = 0xC000036C
+	STATUS_DRIVER_DATABASE_ERROR                                              NTStatus      = 0xC000036D
+	STATUS_SYSTEM_HIVE_TOO_LARGE                                              NTStatus      = 0xC000036E
+	STATUS_INVALID_IMPORT_OF_NON_DLL                                          NTStatus      = 0xC000036F
+	STATUS_DS_SHUTTING_DOWN                                                   NTStatus      = 0x40000370
+	STATUS_NO_SECRETS                                                         NTStatus      = 0xC0000371
+	STATUS_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY                              NTStatus      = 0xC0000372
+	STATUS_FAILED_STACK_SWITCH                                                NTStatus      = 0xC0000373
+	STATUS_HEAP_CORRUPTION                                                    NTStatus      = 0xC0000374
+	STATUS_SMARTCARD_WRONG_PIN                                                NTStatus      = 0xC0000380
+	STATUS_SMARTCARD_CARD_BLOCKED                                             NTStatus      = 0xC0000381
+	STATUS_SMARTCARD_CARD_NOT_AUTHENTICATED                                   NTStatus      = 0xC0000382
+	STATUS_SMARTCARD_NO_CARD                                                  NTStatus      = 0xC0000383
+	STATUS_SMARTCARD_NO_KEY_CONTAINER                                         NTStatus      = 0xC0000384
+	STATUS_SMARTCARD_NO_CERTIFICATE                                           NTStatus      = 0xC0000385
+	STATUS_SMARTCARD_NO_KEYSET                                                NTStatus      = 0xC0000386
+	STATUS_SMARTCARD_IO_ERROR                                                 NTStatus      = 0xC0000387
+	STATUS_DOWNGRADE_DETECTED                                                 NTStatus      = 0xC0000388
+	STATUS_SMARTCARD_CERT_REVOKED                                             NTStatus      = 0xC0000389
+	STATUS_ISSUING_CA_UNTRUSTED                                               NTStatus      = 0xC000038A
+	STATUS_REVOCATION_OFFLINE_C                                               NTStatus      = 0xC000038B
+	STATUS_PKINIT_CLIENT_FAILURE                                              NTStatus      = 0xC000038C
+	STATUS_SMARTCARD_CERT_EXPIRED                                             NTStatus      = 0xC000038D
+	STATUS_DRIVER_FAILED_PRIOR_UNLOAD                                         NTStatus      = 0xC000038E
+	STATUS_SMARTCARD_SILENT_CONTEXT                                           NTStatus      = 0xC000038F
+	STATUS_PER_USER_TRUST_QUOTA_EXCEEDED                                      NTStatus      = 0xC0000401
+	STATUS_ALL_USER_TRUST_QUOTA_EXCEEDED                                      NTStatus      = 0xC0000402
+	STATUS_USER_DELETE_TRUST_QUOTA_EXCEEDED                                   NTStatus      = 0xC0000403
+	STATUS_DS_NAME_NOT_UNIQUE                                                 NTStatus      = 0xC0000404
+	STATUS_DS_DUPLICATE_ID_FOUND                                              NTStatus      = 0xC0000405
+	STATUS_DS_GROUP_CONVERSION_ERROR                                          NTStatus      = 0xC0000406
+	STATUS_VOLSNAP_PREPARE_HIBERNATE                                          NTStatus      = 0xC0000407
+	STATUS_USER2USER_REQUIRED                                                 NTStatus      = 0xC0000408
+	STATUS_STACK_BUFFER_OVERRUN                                               NTStatus      = 0xC0000409
+	STATUS_NO_S4U_PROT_SUPPORT                                                NTStatus      = 0xC000040A
+	STATUS_CROSSREALM_DELEGATION_FAILURE                                      NTStatus      = 0xC000040B
+	STATUS_REVOCATION_OFFLINE_KDC                                             NTStatus      = 0xC000040C
+	STATUS_ISSUING_CA_UNTRUSTED_KDC                                           NTStatus      = 0xC000040D
+	STATUS_KDC_CERT_EXPIRED                                                   NTStatus      = 0xC000040E
+	STATUS_KDC_CERT_REVOKED                                                   NTStatus      = 0xC000040F
+	STATUS_PARAMETER_QUOTA_EXCEEDED                                           NTStatus      = 0xC0000410
+	STATUS_HIBERNATION_FAILURE                                                NTStatus      = 0xC0000411
+	STATUS_DELAY_LOAD_FAILED                                                  NTStatus      = 0xC0000412
+	STATUS_AUTHENTICATION_FIREWALL_FAILED                                     NTStatus      = 0xC0000413
+	STATUS_VDM_DISALLOWED                                                     NTStatus      = 0xC0000414
+	STATUS_HUNG_DISPLAY_DRIVER_THREAD                                         NTStatus      = 0xC0000415
+	STATUS_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE            NTStatus      = 0xC0000416
+	STATUS_INVALID_CRUNTIME_PARAMETER                                         NTStatus      = 0xC0000417
+	STATUS_NTLM_BLOCKED                                                       NTStatus      = 0xC0000418
+	STATUS_DS_SRC_SID_EXISTS_IN_FOREST                                        NTStatus      = 0xC0000419
+	STATUS_DS_DOMAIN_NAME_EXISTS_IN_FOREST                                    NTStatus      = 0xC000041A
+	STATUS_DS_FLAT_NAME_EXISTS_IN_FOREST                                      NTStatus      = 0xC000041B
+	STATUS_INVALID_USER_PRINCIPAL_NAME                                        NTStatus      = 0xC000041C
+	STATUS_FATAL_USER_CALLBACK_EXCEPTION                                      NTStatus      = 0xC000041D
+	STATUS_ASSERTION_FAILURE                                                  NTStatus      = 0xC0000420
+	STATUS_VERIFIER_STOP                                                      NTStatus      = 0xC0000421
+	STATUS_CALLBACK_POP_STACK                                                 NTStatus      = 0xC0000423
+	STATUS_INCOMPATIBLE_DRIVER_BLOCKED                                        NTStatus      = 0xC0000424
+	STATUS_HIVE_UNLOADED                                                      NTStatus      = 0xC0000425
+	STATUS_COMPRESSION_DISABLED                                               NTStatus      = 0xC0000426
+	STATUS_FILE_SYSTEM_LIMITATION                                             NTStatus      = 0xC0000427
+	STATUS_INVALID_IMAGE_HASH                                                 NTStatus      = 0xC0000428
+	STATUS_NOT_CAPABLE                                                        NTStatus      = 0xC0000429
+	STATUS_REQUEST_OUT_OF_SEQUENCE                                            NTStatus      = 0xC000042A
+	STATUS_IMPLEMENTATION_LIMIT                                               NTStatus      = 0xC000042B
+	STATUS_ELEVATION_REQUIRED                                                 NTStatus      = 0xC000042C
+	STATUS_NO_SECURITY_CONTEXT                                                NTStatus      = 0xC000042D
+	STATUS_PKU2U_CERT_FAILURE                                                 NTStatus      = 0xC000042F
+	STATUS_BEYOND_VDL                                                         NTStatus      = 0xC0000432
+	STATUS_ENCOUNTERED_WRITE_IN_PROGRESS                                      NTStatus      = 0xC0000433
+	STATUS_PTE_CHANGED                                                        NTStatus      = 0xC0000434
+	STATUS_PURGE_FAILED                                                       NTStatus      = 0xC0000435
+	STATUS_CRED_REQUIRES_CONFIRMATION                                         NTStatus      = 0xC0000440
+	STATUS_CS_ENCRYPTION_INVALID_SERVER_RESPONSE                              NTStatus      = 0xC0000441
+	STATUS_CS_ENCRYPTION_UNSUPPORTED_SERVER                                   NTStatus      = 0xC0000442
+	STATUS_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE                              NTStatus      = 0xC0000443
+	STATUS_CS_ENCRYPTION_NEW_ENCRYPTED_FILE                                   NTStatus      = 0xC0000444
+	STATUS_CS_ENCRYPTION_FILE_NOT_CSE                                         NTStatus      = 0xC0000445
+	STATUS_INVALID_LABEL                                                      NTStatus      = 0xC0000446
+	STATUS_DRIVER_PROCESS_TERMINATED                                          NTStatus      = 0xC0000450
+	STATUS_AMBIGUOUS_SYSTEM_DEVICE                                            NTStatus      = 0xC0000451
+	STATUS_SYSTEM_DEVICE_NOT_FOUND                                            NTStatus      = 0xC0000452
+	STATUS_RESTART_BOOT_APPLICATION                                           NTStatus      = 0xC0000453
+	STATUS_INSUFFICIENT_NVRAM_RESOURCES                                       NTStatus      = 0xC0000454
+	STATUS_INVALID_SESSION                                                    NTStatus      = 0xC0000455
+	STATUS_THREAD_ALREADY_IN_SESSION                                          NTStatus      = 0xC0000456
+	STATUS_THREAD_NOT_IN_SESSION                                              NTStatus      = 0xC0000457
+	STATUS_INVALID_WEIGHT                                                     NTStatus      = 0xC0000458
+	STATUS_REQUEST_PAUSED                                                     NTStatus      = 0xC0000459
+	STATUS_NO_RANGES_PROCESSED                                                NTStatus      = 0xC0000460
+	STATUS_DISK_RESOURCES_EXHAUSTED                                           NTStatus      = 0xC0000461
+	STATUS_NEEDS_REMEDIATION                                                  NTStatus      = 0xC0000462
+	STATUS_DEVICE_FEATURE_NOT_SUPPORTED                                       NTStatus      = 0xC0000463
+	STATUS_DEVICE_UNREACHABLE                                                 NTStatus      = 0xC0000464
+	STATUS_INVALID_TOKEN                                                      NTStatus      = 0xC0000465
+	STATUS_SERVER_UNAVAILABLE                                                 NTStatus      = 0xC0000466
+	STATUS_FILE_NOT_AVAILABLE                                                 NTStatus      = 0xC0000467
+	STATUS_DEVICE_INSUFFICIENT_RESOURCES                                      NTStatus      = 0xC0000468
+	STATUS_PACKAGE_UPDATING                                                   NTStatus      = 0xC0000469
+	STATUS_NOT_READ_FROM_COPY                                                 NTStatus      = 0xC000046A
+	STATUS_FT_WRITE_FAILURE                                                   NTStatus      = 0xC000046B
+	STATUS_FT_DI_SCAN_REQUIRED                                                NTStatus      = 0xC000046C
+	STATUS_OBJECT_NOT_EXTERNALLY_BACKED                                       NTStatus      = 0xC000046D
+	STATUS_EXTERNAL_BACKING_PROVIDER_UNKNOWN                                  NTStatus      = 0xC000046E
+	STATUS_COMPRESSION_NOT_BENEFICIAL                                         NTStatus      = 0xC000046F
+	STATUS_DATA_CHECKSUM_ERROR                                                NTStatus      = 0xC0000470
+	STATUS_INTERMIXED_KERNEL_EA_OPERATION                                     NTStatus      = 0xC0000471
+	STATUS_TRIM_READ_ZERO_NOT_SUPPORTED                                       NTStatus      = 0xC0000472
+	STATUS_TOO_MANY_SEGMENT_DESCRIPTORS                                       NTStatus      = 0xC0000473
+	STATUS_INVALID_OFFSET_ALIGNMENT                                           NTStatus      = 0xC0000474
+	STATUS_INVALID_FIELD_IN_PARAMETER_LIST                                    NTStatus      = 0xC0000475
+	STATUS_OPERATION_IN_PROGRESS                                              NTStatus      = 0xC0000476
+	STATUS_INVALID_INITIATOR_TARGET_PATH                                      NTStatus      = 0xC0000477
+	STATUS_SCRUB_DATA_DISABLED                                                NTStatus      = 0xC0000478
+	STATUS_NOT_REDUNDANT_STORAGE                                              NTStatus      = 0xC0000479
+	STATUS_RESIDENT_FILE_NOT_SUPPORTED                                        NTStatus      = 0xC000047A
+	STATUS_COMPRESSED_FILE_NOT_SUPPORTED                                      NTStatus      = 0xC000047B
+	STATUS_DIRECTORY_NOT_SUPPORTED                                            NTStatus      = 0xC000047C
+	STATUS_IO_OPERATION_TIMEOUT                                               NTStatus      = 0xC000047D
+	STATUS_SYSTEM_NEEDS_REMEDIATION                                           NTStatus      = 0xC000047E
+	STATUS_APPX_INTEGRITY_FAILURE_CLR_NGEN                                    NTStatus      = 0xC000047F
+	STATUS_SHARE_UNAVAILABLE                                                  NTStatus      = 0xC0000480
+	STATUS_APISET_NOT_HOSTED                                                  NTStatus      = 0xC0000481
+	STATUS_APISET_NOT_PRESENT                                                 NTStatus      = 0xC0000482
+	STATUS_DEVICE_HARDWARE_ERROR                                              NTStatus      = 0xC0000483
+	STATUS_FIRMWARE_SLOT_INVALID                                              NTStatus      = 0xC0000484
+	STATUS_FIRMWARE_IMAGE_INVALID                                             NTStatus      = 0xC0000485
+	STATUS_STORAGE_TOPOLOGY_ID_MISMATCH                                       NTStatus      = 0xC0000486
+	STATUS_WIM_NOT_BOOTABLE                                                   NTStatus      = 0xC0000487
+	STATUS_BLOCKED_BY_PARENTAL_CONTROLS                                       NTStatus      = 0xC0000488
+	STATUS_NEEDS_REGISTRATION                                                 NTStatus      = 0xC0000489
+	STATUS_QUOTA_ACTIVITY                                                     NTStatus      = 0xC000048A
+	STATUS_CALLBACK_INVOKE_INLINE                                             NTStatus      = 0xC000048B
+	STATUS_BLOCK_TOO_MANY_REFERENCES                                          NTStatus      = 0xC000048C
+	STATUS_MARKED_TO_DISALLOW_WRITES                                          NTStatus      = 0xC000048D
+	STATUS_NETWORK_ACCESS_DENIED_EDP                                          NTStatus      = 0xC000048E
+	STATUS_ENCLAVE_FAILURE                                                    NTStatus      = 0xC000048F
+	STATUS_PNP_NO_COMPAT_DRIVERS                                              NTStatus      = 0xC0000490
+	STATUS_PNP_DRIVER_PACKAGE_NOT_FOUND                                       NTStatus      = 0xC0000491
+	STATUS_PNP_DRIVER_CONFIGURATION_NOT_FOUND                                 NTStatus      = 0xC0000492
+	STATUS_PNP_DRIVER_CONFIGURATION_INCOMPLETE                                NTStatus      = 0xC0000493
+	STATUS_PNP_FUNCTION_DRIVER_REQUIRED                                       NTStatus      = 0xC0000494
+	STATUS_PNP_DEVICE_CONFIGURATION_PENDING                                   NTStatus      = 0xC0000495
+	STATUS_DEVICE_HINT_NAME_BUFFER_TOO_SMALL                                  NTStatus      = 0xC0000496
+	STATUS_PACKAGE_NOT_AVAILABLE                                              NTStatus      = 0xC0000497
+	STATUS_DEVICE_IN_MAINTENANCE                                              NTStatus      = 0xC0000499
+	STATUS_NOT_SUPPORTED_ON_DAX                                               NTStatus      = 0xC000049A
+	STATUS_FREE_SPACE_TOO_FRAGMENTED                                          NTStatus      = 0xC000049B
+	STATUS_DAX_MAPPING_EXISTS                                                 NTStatus      = 0xC000049C
+	STATUS_CHILD_PROCESS_BLOCKED                                              NTStatus      = 0xC000049D
+	STATUS_STORAGE_LOST_DATA_PERSISTENCE                                      NTStatus      = 0xC000049E
+	STATUS_VRF_CFG_ENABLED                                                    NTStatus      = 0xC000049F
+	STATUS_PARTITION_TERMINATING                                              NTStatus      = 0xC00004A0
+	STATUS_EXTERNAL_SYSKEY_NOT_SUPPORTED                                      NTStatus      = 0xC00004A1
+	STATUS_ENCLAVE_VIOLATION                                                  NTStatus      = 0xC00004A2
+	STATUS_FILE_PROTECTED_UNDER_DPL                                           NTStatus      = 0xC00004A3
+	STATUS_VOLUME_NOT_CLUSTER_ALIGNED                                         NTStatus      = 0xC00004A4
+	STATUS_NO_PHYSICALLY_ALIGNED_FREE_SPACE_FOUND                             NTStatus      = 0xC00004A5
+	STATUS_APPX_FILE_NOT_ENCRYPTED                                            NTStatus      = 0xC00004A6
+	STATUS_RWRAW_ENCRYPTED_FILE_NOT_ENCRYPTED                                 NTStatus      = 0xC00004A7
+	STATUS_RWRAW_ENCRYPTED_INVALID_EDATAINFO_FILEOFFSET                       NTStatus      = 0xC00004A8
+	STATUS_RWRAW_ENCRYPTED_INVALID_EDATAINFO_FILERANGE                        NTStatus      = 0xC00004A9
+	STATUS_RWRAW_ENCRYPTED_INVALID_EDATAINFO_PARAMETER                        NTStatus      = 0xC00004AA
+	STATUS_FT_READ_FAILURE                                                    NTStatus      = 0xC00004AB
+	STATUS_PATCH_CONFLICT                                                     NTStatus      = 0xC00004AC
+	STATUS_STORAGE_RESERVE_ID_INVALID                                         NTStatus      = 0xC00004AD
+	STATUS_STORAGE_RESERVE_DOES_NOT_EXIST                                     NTStatus      = 0xC00004AE
+	STATUS_STORAGE_RESERVE_ALREADY_EXISTS                                     NTStatus      = 0xC00004AF
+	STATUS_STORAGE_RESERVE_NOT_EMPTY                                          NTStatus      = 0xC00004B0
+	STATUS_NOT_A_DAX_VOLUME                                                   NTStatus      = 0xC00004B1
+	STATUS_NOT_DAX_MAPPABLE                                                   NTStatus      = 0xC00004B2
+	STATUS_CASE_DIFFERING_NAMES_IN_DIR                                        NTStatus      = 0xC00004B3
+	STATUS_FILE_NOT_SUPPORTED                                                 NTStatus      = 0xC00004B4
+	STATUS_NOT_SUPPORTED_WITH_BTT                                             NTStatus      = 0xC00004B5
+	STATUS_ENCRYPTION_DISABLED                                                NTStatus      = 0xC00004B6
+	STATUS_ENCRYPTING_METADATA_DISALLOWED                                     NTStatus      = 0xC00004B7
+	STATUS_CANT_CLEAR_ENCRYPTION_FLAG                                         NTStatus      = 0xC00004B8
+	STATUS_INVALID_TASK_NAME                                                  NTStatus      = 0xC0000500
+	STATUS_INVALID_TASK_INDEX                                                 NTStatus      = 0xC0000501
+	STATUS_THREAD_ALREADY_IN_TASK                                             NTStatus      = 0xC0000502
+	STATUS_CALLBACK_BYPASS                                                    NTStatus      = 0xC0000503
+	STATUS_UNDEFINED_SCOPE                                                    NTStatus      = 0xC0000504
+	STATUS_INVALID_CAP                                                        NTStatus      = 0xC0000505
+	STATUS_NOT_GUI_PROCESS                                                    NTStatus      = 0xC0000506
+	STATUS_DEVICE_HUNG                                                        NTStatus      = 0xC0000507
+	STATUS_CONTAINER_ASSIGNED                                                 NTStatus      = 0xC0000508
+	STATUS_JOB_NO_CONTAINER                                                   NTStatus      = 0xC0000509
+	STATUS_DEVICE_UNRESPONSIVE                                                NTStatus      = 0xC000050A
+	STATUS_REPARSE_POINT_ENCOUNTERED                                          NTStatus      = 0xC000050B
+	STATUS_ATTRIBUTE_NOT_PRESENT                                              NTStatus      = 0xC000050C
+	STATUS_NOT_A_TIERED_VOLUME                                                NTStatus      = 0xC000050D
+	STATUS_ALREADY_HAS_STREAM_ID                                              NTStatus      = 0xC000050E
+	STATUS_JOB_NOT_EMPTY                                                      NTStatus      = 0xC000050F
+	STATUS_ALREADY_INITIALIZED                                                NTStatus      = 0xC0000510
+	STATUS_ENCLAVE_NOT_TERMINATED                                             NTStatus      = 0xC0000511
+	STATUS_ENCLAVE_IS_TERMINATING                                             NTStatus      = 0xC0000512
+	STATUS_SMB1_NOT_AVAILABLE                                                 NTStatus      = 0xC0000513
+	STATUS_SMR_GARBAGE_COLLECTION_REQUIRED                                    NTStatus      = 0xC0000514
+	STATUS_INTERRUPTED                                                        NTStatus      = 0xC0000515
+	STATUS_THREAD_NOT_RUNNING                                                 NTStatus      = 0xC0000516
+	STATUS_FAIL_FAST_EXCEPTION                                                NTStatus      = 0xC0000602
+	STATUS_IMAGE_CERT_REVOKED                                                 NTStatus      = 0xC0000603
+	STATUS_DYNAMIC_CODE_BLOCKED                                               NTStatus      = 0xC0000604
+	STATUS_IMAGE_CERT_EXPIRED                                                 NTStatus      = 0xC0000605
+	STATUS_STRICT_CFG_VIOLATION                                               NTStatus      = 0xC0000606
+	STATUS_SET_CONTEXT_DENIED                                                 NTStatus      = 0xC000060A
+	STATUS_CROSS_PARTITION_VIOLATION                                          NTStatus      = 0xC000060B
+	STATUS_PORT_CLOSED                                                        NTStatus      = 0xC0000700
+	STATUS_MESSAGE_LOST                                                       NTStatus      = 0xC0000701
+	STATUS_INVALID_MESSAGE                                                    NTStatus      = 0xC0000702
+	STATUS_REQUEST_CANCELED                                                   NTStatus      = 0xC0000703
+	STATUS_RECURSIVE_DISPATCH                                                 NTStatus      = 0xC0000704
+	STATUS_LPC_RECEIVE_BUFFER_EXPECTED                                        NTStatus      = 0xC0000705
+	STATUS_LPC_INVALID_CONNECTION_USAGE                                       NTStatus      = 0xC0000706
+	STATUS_LPC_REQUESTS_NOT_ALLOWED                                           NTStatus      = 0xC0000707
+	STATUS_RESOURCE_IN_USE                                                    NTStatus      = 0xC0000708
+	STATUS_HARDWARE_MEMORY_ERROR                                              NTStatus      = 0xC0000709
+	STATUS_THREADPOOL_HANDLE_EXCEPTION                                        NTStatus      = 0xC000070A
+	STATUS_THREADPOOL_SET_EVENT_ON_COMPLETION_FAILED                          NTStatus      = 0xC000070B
+	STATUS_THREADPOOL_RELEASE_SEMAPHORE_ON_COMPLETION_FAILED                  NTStatus      = 0xC000070C
+	STATUS_THREADPOOL_RELEASE_MUTEX_ON_COMPLETION_FAILED                      NTStatus      = 0xC000070D
+	STATUS_THREADPOOL_FREE_LIBRARY_ON_COMPLETION_FAILED                       NTStatus      = 0xC000070E
+	STATUS_THREADPOOL_RELEASED_DURING_OPERATION                               NTStatus      = 0xC000070F
+	STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING                              NTStatus      = 0xC0000710
+	STATUS_APC_RETURNED_WHILE_IMPERSONATING                                   NTStatus      = 0xC0000711
+	STATUS_PROCESS_IS_PROTECTED                                               NTStatus      = 0xC0000712
+	STATUS_MCA_EXCEPTION                                                      NTStatus      = 0xC0000713
+	STATUS_CERTIFICATE_MAPPING_NOT_UNIQUE                                     NTStatus      = 0xC0000714
+	STATUS_SYMLINK_CLASS_DISABLED                                             NTStatus      = 0xC0000715
+	STATUS_INVALID_IDN_NORMALIZATION                                          NTStatus      = 0xC0000716
+	STATUS_NO_UNICODE_TRANSLATION                                             NTStatus      = 0xC0000717
+	STATUS_ALREADY_REGISTERED                                                 NTStatus      = 0xC0000718
+	STATUS_CONTEXT_MISMATCH                                                   NTStatus      = 0xC0000719
+	STATUS_PORT_ALREADY_HAS_COMPLETION_LIST                                   NTStatus      = 0xC000071A
+	STATUS_CALLBACK_RETURNED_THREAD_PRIORITY                                  NTStatus      = 0xC000071B
+	STATUS_INVALID_THREAD                                                     NTStatus      = 0xC000071C
+	STATUS_CALLBACK_RETURNED_TRANSACTION                                      NTStatus      = 0xC000071D
+	STATUS_CALLBACK_RETURNED_LDR_LOCK                                         NTStatus      = 0xC000071E
+	STATUS_CALLBACK_RETURNED_LANG                                             NTStatus      = 0xC000071F
+	STATUS_CALLBACK_RETURNED_PRI_BACK                                         NTStatus      = 0xC0000720
+	STATUS_CALLBACK_RETURNED_THREAD_AFFINITY                                  NTStatus      = 0xC0000721
+	STATUS_LPC_HANDLE_COUNT_EXCEEDED                                          NTStatus      = 0xC0000722
+	STATUS_EXECUTABLE_MEMORY_WRITE                                            NTStatus      = 0xC0000723
+	STATUS_KERNEL_EXECUTABLE_MEMORY_WRITE                                     NTStatus      = 0xC0000724
+	STATUS_ATTACHED_EXECUTABLE_MEMORY_WRITE                                   NTStatus      = 0xC0000725
+	STATUS_TRIGGERED_EXECUTABLE_MEMORY_WRITE                                  NTStatus      = 0xC0000726
+	STATUS_DISK_REPAIR_DISABLED                                               NTStatus      = 0xC0000800
+	STATUS_DS_DOMAIN_RENAME_IN_PROGRESS                                       NTStatus      = 0xC0000801
+	STATUS_DISK_QUOTA_EXCEEDED                                                NTStatus      = 0xC0000802
+	STATUS_DATA_LOST_REPAIR                                                   NTStatus      = 0x80000803
+	STATUS_CONTENT_BLOCKED                                                    NTStatus      = 0xC0000804
+	STATUS_BAD_CLUSTERS                                                       NTStatus      = 0xC0000805
+	STATUS_VOLUME_DIRTY                                                       NTStatus      = 0xC0000806
+	STATUS_DISK_REPAIR_REDIRECTED                                             NTStatus      = 0x40000807
+	STATUS_DISK_REPAIR_UNSUCCESSFUL                                           NTStatus      = 0xC0000808
+	STATUS_CORRUPT_LOG_OVERFULL                                               NTStatus      = 0xC0000809
+	STATUS_CORRUPT_LOG_CORRUPTED                                              NTStatus      = 0xC000080A
+	STATUS_CORRUPT_LOG_UNAVAILABLE                                            NTStatus      = 0xC000080B
+	STATUS_CORRUPT_LOG_DELETED_FULL                                           NTStatus      = 0xC000080C
+	STATUS_CORRUPT_LOG_CLEARED                                                NTStatus      = 0xC000080D
+	STATUS_ORPHAN_NAME_EXHAUSTED                                              NTStatus      = 0xC000080E
+	STATUS_PROACTIVE_SCAN_IN_PROGRESS                                         NTStatus      = 0xC000080F
+	STATUS_ENCRYPTED_IO_NOT_POSSIBLE                                          NTStatus      = 0xC0000810
+	STATUS_CORRUPT_LOG_UPLEVEL_RECORDS                                        NTStatus      = 0xC0000811
+	STATUS_FILE_CHECKED_OUT                                                   NTStatus      = 0xC0000901
+	STATUS_CHECKOUT_REQUIRED                                                  NTStatus      = 0xC0000902
+	STATUS_BAD_FILE_TYPE                                                      NTStatus      = 0xC0000903
+	STATUS_FILE_TOO_LARGE                                                     NTStatus      = 0xC0000904
+	STATUS_FORMS_AUTH_REQUIRED                                                NTStatus      = 0xC0000905
+	STATUS_VIRUS_INFECTED                                                     NTStatus      = 0xC0000906
+	STATUS_VIRUS_DELETED                                                      NTStatus      = 0xC0000907
+	STATUS_BAD_MCFG_TABLE                                                     NTStatus      = 0xC0000908
+	STATUS_CANNOT_BREAK_OPLOCK                                                NTStatus      = 0xC0000909
+	STATUS_BAD_KEY                                                            NTStatus      = 0xC000090A
+	STATUS_BAD_DATA                                                           NTStatus      = 0xC000090B
+	STATUS_NO_KEY                                                             NTStatus      = 0xC000090C
+	STATUS_FILE_HANDLE_REVOKED                                                NTStatus      = 0xC0000910
+	STATUS_WOW_ASSERTION                                                      NTStatus      = 0xC0009898
+	STATUS_INVALID_SIGNATURE                                                  NTStatus      = 0xC000A000
+	STATUS_HMAC_NOT_SUPPORTED                                                 NTStatus      = 0xC000A001
+	STATUS_AUTH_TAG_MISMATCH                                                  NTStatus      = 0xC000A002
+	STATUS_INVALID_STATE_TRANSITION                                           NTStatus      = 0xC000A003
+	STATUS_INVALID_KERNEL_INFO_VERSION                                        NTStatus      = 0xC000A004
+	STATUS_INVALID_PEP_INFO_VERSION                                           NTStatus      = 0xC000A005
+	STATUS_HANDLE_REVOKED                                                     NTStatus      = 0xC000A006
+	STATUS_EOF_ON_GHOSTED_RANGE                                               NTStatus      = 0xC000A007
+	STATUS_IPSEC_QUEUE_OVERFLOW                                               NTStatus      = 0xC000A010
+	STATUS_ND_QUEUE_OVERFLOW                                                  NTStatus      = 0xC000A011
+	STATUS_HOPLIMIT_EXCEEDED                                                  NTStatus      = 0xC000A012
+	STATUS_PROTOCOL_NOT_SUPPORTED                                             NTStatus      = 0xC000A013
+	STATUS_FASTPATH_REJECTED                                                  NTStatus      = 0xC000A014
+	STATUS_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED                         NTStatus      = 0xC000A080
+	STATUS_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR                         NTStatus      = 0xC000A081
+	STATUS_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR                             NTStatus      = 0xC000A082
+	STATUS_XML_PARSE_ERROR                                                    NTStatus      = 0xC000A083
+	STATUS_XMLDSIG_ERROR                                                      NTStatus      = 0xC000A084
+	STATUS_WRONG_COMPARTMENT                                                  NTStatus      = 0xC000A085
+	STATUS_AUTHIP_FAILURE                                                     NTStatus      = 0xC000A086
+	STATUS_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS                              NTStatus      = 0xC000A087
+	STATUS_DS_OID_NOT_FOUND                                                   NTStatus      = 0xC000A088
+	STATUS_INCORRECT_ACCOUNT_TYPE                                             NTStatus      = 0xC000A089
+	STATUS_HASH_NOT_SUPPORTED                                                 NTStatus      = 0xC000A100
+	STATUS_HASH_NOT_PRESENT                                                   NTStatus      = 0xC000A101
+	STATUS_SECONDARY_IC_PROVIDER_NOT_REGISTERED                               NTStatus      = 0xC000A121
+	STATUS_GPIO_CLIENT_INFORMATION_INVALID                                    NTStatus      = 0xC000A122
+	STATUS_GPIO_VERSION_NOT_SUPPORTED                                         NTStatus      = 0xC000A123
+	STATUS_GPIO_INVALID_REGISTRATION_PACKET                                   NTStatus      = 0xC000A124
+	STATUS_GPIO_OPERATION_DENIED                                              NTStatus      = 0xC000A125
+	STATUS_GPIO_INCOMPATIBLE_CONNECT_MODE                                     NTStatus      = 0xC000A126
+	STATUS_GPIO_INTERRUPT_ALREADY_UNMASKED                                    NTStatus      = 0x8000A127
+	STATUS_CANNOT_SWITCH_RUNLEVEL                                             NTStatus      = 0xC000A141
+	STATUS_INVALID_RUNLEVEL_SETTING                                           NTStatus      = 0xC000A142
+	STATUS_RUNLEVEL_SWITCH_TIMEOUT                                            NTStatus      = 0xC000A143
+	STATUS_SERVICES_FAILED_AUTOSTART                                          NTStatus      = 0x4000A144
+	STATUS_RUNLEVEL_SWITCH_AGENT_TIMEOUT                                      NTStatus      = 0xC000A145
+	STATUS_RUNLEVEL_SWITCH_IN_PROGRESS                                        NTStatus      = 0xC000A146
+	STATUS_NOT_APPCONTAINER                                                   NTStatus      = 0xC000A200
+	STATUS_NOT_SUPPORTED_IN_APPCONTAINER                                      NTStatus      = 0xC000A201
+	STATUS_INVALID_PACKAGE_SID_LENGTH                                         NTStatus      = 0xC000A202
+	STATUS_LPAC_ACCESS_DENIED                                                 NTStatus      = 0xC000A203
+	STATUS_ADMINLESS_ACCESS_DENIED                                            NTStatus      = 0xC000A204
+	STATUS_APP_DATA_NOT_FOUND                                                 NTStatus      = 0xC000A281
+	STATUS_APP_DATA_EXPIRED                                                   NTStatus      = 0xC000A282
+	STATUS_APP_DATA_CORRUPT                                                   NTStatus      = 0xC000A283
+	STATUS_APP_DATA_LIMIT_EXCEEDED                                            NTStatus      = 0xC000A284
+	STATUS_APP_DATA_REBOOT_REQUIRED                                           NTStatus      = 0xC000A285
+	STATUS_OFFLOAD_READ_FLT_NOT_SUPPORTED                                     NTStatus      = 0xC000A2A1
+	STATUS_OFFLOAD_WRITE_FLT_NOT_SUPPORTED                                    NTStatus      = 0xC000A2A2
+	STATUS_OFFLOAD_READ_FILE_NOT_SUPPORTED                                    NTStatus      = 0xC000A2A3
+	STATUS_OFFLOAD_WRITE_FILE_NOT_SUPPORTED                                   NTStatus      = 0xC000A2A4
+	STATUS_WOF_WIM_HEADER_CORRUPT                                             NTStatus      = 0xC000A2A5
+	STATUS_WOF_WIM_RESOURCE_TABLE_CORRUPT                                     NTStatus      = 0xC000A2A6
+	STATUS_WOF_FILE_RESOURCE_TABLE_CORRUPT                                    NTStatus      = 0xC000A2A7
+	STATUS_FILE_SYSTEM_VIRTUALIZATION_UNAVAILABLE                             NTStatus      = 0xC000CE01
+	STATUS_FILE_SYSTEM_VIRTUALIZATION_METADATA_CORRUPT                        NTStatus      = 0xC000CE02
+	STATUS_FILE_SYSTEM_VIRTUALIZATION_BUSY                                    NTStatus      = 0xC000CE03
+	STATUS_FILE_SYSTEM_VIRTUALIZATION_PROVIDER_UNKNOWN                        NTStatus      = 0xC000CE04
+	STATUS_FILE_SYSTEM_VIRTUALIZATION_INVALID_OPERATION                       NTStatus      = 0xC000CE05
+	STATUS_CLOUD_FILE_SYNC_ROOT_METADATA_CORRUPT                              NTStatus      = 0xC000CF00
+	STATUS_CLOUD_FILE_PROVIDER_NOT_RUNNING                                    NTStatus      = 0xC000CF01
+	STATUS_CLOUD_FILE_METADATA_CORRUPT                                        NTStatus      = 0xC000CF02
+	STATUS_CLOUD_FILE_METADATA_TOO_LARGE                                      NTStatus      = 0xC000CF03
+	STATUS_CLOUD_FILE_PROPERTY_BLOB_TOO_LARGE                                 NTStatus      = 0x8000CF04
+	STATUS_CLOUD_FILE_TOO_MANY_PROPERTY_BLOBS                                 NTStatus      = 0x8000CF05
+	STATUS_CLOUD_FILE_PROPERTY_VERSION_NOT_SUPPORTED                          NTStatus      = 0xC000CF06
+	STATUS_NOT_A_CLOUD_FILE                                                   NTStatus      = 0xC000CF07
+	STATUS_CLOUD_FILE_NOT_IN_SYNC                                             NTStatus      = 0xC000CF08
+	STATUS_CLOUD_FILE_ALREADY_CONNECTED                                       NTStatus      = 0xC000CF09
+	STATUS_CLOUD_FILE_NOT_SUPPORTED                                           NTStatus      = 0xC000CF0A
+	STATUS_CLOUD_FILE_INVALID_REQUEST                                         NTStatus      = 0xC000CF0B
+	STATUS_CLOUD_FILE_READ_ONLY_VOLUME                                        NTStatus      = 0xC000CF0C
+	STATUS_CLOUD_FILE_CONNECTED_PROVIDER_ONLY                                 NTStatus      = 0xC000CF0D
+	STATUS_CLOUD_FILE_VALIDATION_FAILED                                       NTStatus      = 0xC000CF0E
+	STATUS_CLOUD_FILE_AUTHENTICATION_FAILED                                   NTStatus      = 0xC000CF0F
+	STATUS_CLOUD_FILE_INSUFFICIENT_RESOURCES                                  NTStatus      = 0xC000CF10
+	STATUS_CLOUD_FILE_NETWORK_UNAVAILABLE                                     NTStatus      = 0xC000CF11
+	STATUS_CLOUD_FILE_UNSUCCESSFUL                                            NTStatus      = 0xC000CF12
+	STATUS_CLOUD_FILE_NOT_UNDER_SYNC_ROOT                                     NTStatus      = 0xC000CF13
+	STATUS_CLOUD_FILE_IN_USE                                                  NTStatus      = 0xC000CF14
+	STATUS_CLOUD_FILE_PINNED                                                  NTStatus      = 0xC000CF15
+	STATUS_CLOUD_FILE_REQUEST_ABORTED                                         NTStatus      = 0xC000CF16
+	STATUS_CLOUD_FILE_PROPERTY_CORRUPT                                        NTStatus      = 0xC000CF17
+	STATUS_CLOUD_FILE_ACCESS_DENIED                                           NTStatus      = 0xC000CF18
+	STATUS_CLOUD_FILE_INCOMPATIBLE_HARDLINKS                                  NTStatus      = 0xC000CF19
+	STATUS_CLOUD_FILE_PROPERTY_LOCK_CONFLICT                                  NTStatus      = 0xC000CF1A
+	STATUS_CLOUD_FILE_REQUEST_CANCELED                                        NTStatus      = 0xC000CF1B
+	STATUS_CLOUD_FILE_PROVIDER_TERMINATED                                     NTStatus      = 0xC000CF1D
+	STATUS_NOT_A_CLOUD_SYNC_ROOT                                              NTStatus      = 0xC000CF1E
+	STATUS_CLOUD_FILE_REQUEST_TIMEOUT                                         NTStatus      = 0xC000CF1F
+	STATUS_ACPI_INVALID_OPCODE                                                NTStatus      = 0xC0140001
+	STATUS_ACPI_STACK_OVERFLOW                                                NTStatus      = 0xC0140002
+	STATUS_ACPI_ASSERT_FAILED                                                 NTStatus      = 0xC0140003
+	STATUS_ACPI_INVALID_INDEX                                                 NTStatus      = 0xC0140004
+	STATUS_ACPI_INVALID_ARGUMENT                                              NTStatus      = 0xC0140005
+	STATUS_ACPI_FATAL                                                         NTStatus      = 0xC0140006
+	STATUS_ACPI_INVALID_SUPERNAME                                             NTStatus      = 0xC0140007
+	STATUS_ACPI_INVALID_ARGTYPE                                               NTStatus      = 0xC0140008
+	STATUS_ACPI_INVALID_OBJTYPE                                               NTStatus      = 0xC0140009
+	STATUS_ACPI_INVALID_TARGETTYPE                                            NTStatus      = 0xC014000A
+	STATUS_ACPI_INCORRECT_ARGUMENT_COUNT                                      NTStatus      = 0xC014000B
+	STATUS_ACPI_ADDRESS_NOT_MAPPED                                            NTStatus      = 0xC014000C
+	STATUS_ACPI_INVALID_EVENTTYPE                                             NTStatus      = 0xC014000D
+	STATUS_ACPI_HANDLER_COLLISION                                             NTStatus      = 0xC014000E
+	STATUS_ACPI_INVALID_DATA                                                  NTStatus      = 0xC014000F
+	STATUS_ACPI_INVALID_REGION                                                NTStatus      = 0xC0140010
+	STATUS_ACPI_INVALID_ACCESS_SIZE                                           NTStatus      = 0xC0140011
+	STATUS_ACPI_ACQUIRE_GLOBAL_LOCK                                           NTStatus      = 0xC0140012
+	STATUS_ACPI_ALREADY_INITIALIZED                                           NTStatus      = 0xC0140013
+	STATUS_ACPI_NOT_INITIALIZED                                               NTStatus      = 0xC0140014
+	STATUS_ACPI_INVALID_MUTEX_LEVEL                                           NTStatus      = 0xC0140015
+	STATUS_ACPI_MUTEX_NOT_OWNED                                               NTStatus      = 0xC0140016
+	STATUS_ACPI_MUTEX_NOT_OWNER                                               NTStatus      = 0xC0140017
+	STATUS_ACPI_RS_ACCESS                                                     NTStatus      = 0xC0140018
+	STATUS_ACPI_INVALID_TABLE                                                 NTStatus      = 0xC0140019
+	STATUS_ACPI_REG_HANDLER_FAILED                                            NTStatus      = 0xC0140020
+	STATUS_ACPI_POWER_REQUEST_FAILED                                          NTStatus      = 0xC0140021
+	STATUS_CTX_WINSTATION_NAME_INVALID                                        NTStatus      = 0xC00A0001
+	STATUS_CTX_INVALID_PD                                                     NTStatus      = 0xC00A0002
+	STATUS_CTX_PD_NOT_FOUND                                                   NTStatus      = 0xC00A0003
+	STATUS_CTX_CDM_CONNECT                                                    NTStatus      = 0x400A0004
+	STATUS_CTX_CDM_DISCONNECT                                                 NTStatus      = 0x400A0005
+	STATUS_CTX_CLOSE_PENDING                                                  NTStatus      = 0xC00A0006
+	STATUS_CTX_NO_OUTBUF                                                      NTStatus      = 0xC00A0007
+	STATUS_CTX_MODEM_INF_NOT_FOUND                                            NTStatus      = 0xC00A0008
+	STATUS_CTX_INVALID_MODEMNAME                                              NTStatus      = 0xC00A0009
+	STATUS_CTX_RESPONSE_ERROR                                                 NTStatus      = 0xC00A000A
+	STATUS_CTX_MODEM_RESPONSE_TIMEOUT                                         NTStatus      = 0xC00A000B
+	STATUS_CTX_MODEM_RESPONSE_NO_CARRIER                                      NTStatus      = 0xC00A000C
+	STATUS_CTX_MODEM_RESPONSE_NO_DIALTONE                                     NTStatus      = 0xC00A000D
+	STATUS_CTX_MODEM_RESPONSE_BUSY                                            NTStatus      = 0xC00A000E
+	STATUS_CTX_MODEM_RESPONSE_VOICE                                           NTStatus      = 0xC00A000F
+	STATUS_CTX_TD_ERROR                                                       NTStatus      = 0xC00A0010
+	STATUS_CTX_LICENSE_CLIENT_INVALID                                         NTStatus      = 0xC00A0012
+	STATUS_CTX_LICENSE_NOT_AVAILABLE                                          NTStatus      = 0xC00A0013
+	STATUS_CTX_LICENSE_EXPIRED                                                NTStatus      = 0xC00A0014
+	STATUS_CTX_WINSTATION_NOT_FOUND                                           NTStatus      = 0xC00A0015
+	STATUS_CTX_WINSTATION_NAME_COLLISION                                      NTStatus      = 0xC00A0016
+	STATUS_CTX_WINSTATION_BUSY                                                NTStatus      = 0xC00A0017
+	STATUS_CTX_BAD_VIDEO_MODE                                                 NTStatus      = 0xC00A0018
+	STATUS_CTX_GRAPHICS_INVALID                                               NTStatus      = 0xC00A0022
+	STATUS_CTX_NOT_CONSOLE                                                    NTStatus      = 0xC00A0024
+	STATUS_CTX_CLIENT_QUERY_TIMEOUT                                           NTStatus      = 0xC00A0026
+	STATUS_CTX_CONSOLE_DISCONNECT                                             NTStatus      = 0xC00A0027
+	STATUS_CTX_CONSOLE_CONNECT                                                NTStatus      = 0xC00A0028
+	STATUS_CTX_SHADOW_DENIED                                                  NTStatus      = 0xC00A002A
+	STATUS_CTX_WINSTATION_ACCESS_DENIED                                       NTStatus      = 0xC00A002B
+	STATUS_CTX_INVALID_WD                                                     NTStatus      = 0xC00A002E
+	STATUS_CTX_WD_NOT_FOUND                                                   NTStatus      = 0xC00A002F
+	STATUS_CTX_SHADOW_INVALID                                                 NTStatus      = 0xC00A0030
+	STATUS_CTX_SHADOW_DISABLED                                                NTStatus      = 0xC00A0031
+	STATUS_RDP_PROTOCOL_ERROR                                                 NTStatus      = 0xC00A0032
+	STATUS_CTX_CLIENT_LICENSE_NOT_SET                                         NTStatus      = 0xC00A0033
+	STATUS_CTX_CLIENT_LICENSE_IN_USE                                          NTStatus      = 0xC00A0034
+	STATUS_CTX_SHADOW_ENDED_BY_MODE_CHANGE                                    NTStatus      = 0xC00A0035
+	STATUS_CTX_SHADOW_NOT_RUNNING                                             NTStatus      = 0xC00A0036
+	STATUS_CTX_LOGON_DISABLED                                                 NTStatus      = 0xC00A0037
+	STATUS_CTX_SECURITY_LAYER_ERROR                                           NTStatus      = 0xC00A0038
+	STATUS_TS_INCOMPATIBLE_SESSIONS                                           NTStatus      = 0xC00A0039
+	STATUS_TS_VIDEO_SUBSYSTEM_ERROR                                           NTStatus      = 0xC00A003A
+	STATUS_PNP_BAD_MPS_TABLE                                                  NTStatus      = 0xC0040035
+	STATUS_PNP_TRANSLATION_FAILED                                             NTStatus      = 0xC0040036
+	STATUS_PNP_IRQ_TRANSLATION_FAILED                                         NTStatus      = 0xC0040037
+	STATUS_PNP_INVALID_ID                                                     NTStatus      = 0xC0040038
+	STATUS_IO_REISSUE_AS_CACHED                                               NTStatus      = 0xC0040039
+	STATUS_MUI_FILE_NOT_FOUND                                                 NTStatus      = 0xC00B0001
+	STATUS_MUI_INVALID_FILE                                                   NTStatus      = 0xC00B0002
+	STATUS_MUI_INVALID_RC_CONFIG                                              NTStatus      = 0xC00B0003
+	STATUS_MUI_INVALID_LOCALE_NAME                                            NTStatus      = 0xC00B0004
+	STATUS_MUI_INVALID_ULTIMATEFALLBACK_NAME                                  NTStatus      = 0xC00B0005
+	STATUS_MUI_FILE_NOT_LOADED                                                NTStatus      = 0xC00B0006
+	STATUS_RESOURCE_ENUM_USER_STOP                                            NTStatus      = 0xC00B0007
+	STATUS_FLT_NO_HANDLER_DEFINED                                             NTStatus      = 0xC01C0001
+	STATUS_FLT_CONTEXT_ALREADY_DEFINED                                        NTStatus      = 0xC01C0002
+	STATUS_FLT_INVALID_ASYNCHRONOUS_REQUEST                                   NTStatus      = 0xC01C0003
+	STATUS_FLT_DISALLOW_FAST_IO                                               NTStatus      = 0xC01C0004
+	STATUS_FLT_INVALID_NAME_REQUEST                                           NTStatus      = 0xC01C0005
+	STATUS_FLT_NOT_SAFE_TO_POST_OPERATION                                     NTStatus      = 0xC01C0006
+	STATUS_FLT_NOT_INITIALIZED                                                NTStatus      = 0xC01C0007
+	STATUS_FLT_FILTER_NOT_READY                                               NTStatus      = 0xC01C0008
+	STATUS_FLT_POST_OPERATION_CLEANUP                                         NTStatus      = 0xC01C0009
+	STATUS_FLT_INTERNAL_ERROR                                                 NTStatus      = 0xC01C000A
+	STATUS_FLT_DELETING_OBJECT                                                NTStatus      = 0xC01C000B
+	STATUS_FLT_MUST_BE_NONPAGED_POOL                                          NTStatus      = 0xC01C000C
+	STATUS_FLT_DUPLICATE_ENTRY                                                NTStatus      = 0xC01C000D
+	STATUS_FLT_CBDQ_DISABLED                                                  NTStatus      = 0xC01C000E
+	STATUS_FLT_DO_NOT_ATTACH                                                  NTStatus      = 0xC01C000F
+	STATUS_FLT_DO_NOT_DETACH                                                  NTStatus      = 0xC01C0010
+	STATUS_FLT_INSTANCE_ALTITUDE_COLLISION                                    NTStatus      = 0xC01C0011
+	STATUS_FLT_INSTANCE_NAME_COLLISION                                        NTStatus      = 0xC01C0012
+	STATUS_FLT_FILTER_NOT_FOUND                                               NTStatus      = 0xC01C0013
+	STATUS_FLT_VOLUME_NOT_FOUND                                               NTStatus      = 0xC01C0014
+	STATUS_FLT_INSTANCE_NOT_FOUND                                             NTStatus      = 0xC01C0015
+	STATUS_FLT_CONTEXT_ALLOCATION_NOT_FOUND                                   NTStatus      = 0xC01C0016
+	STATUS_FLT_INVALID_CONTEXT_REGISTRATION                                   NTStatus      = 0xC01C0017
+	STATUS_FLT_NAME_CACHE_MISS                                                NTStatus      = 0xC01C0018
+	STATUS_FLT_NO_DEVICE_OBJECT                                               NTStatus      = 0xC01C0019
+	STATUS_FLT_VOLUME_ALREADY_MOUNTED                                         NTStatus      = 0xC01C001A
+	STATUS_FLT_ALREADY_ENLISTED                                               NTStatus      = 0xC01C001B
+	STATUS_FLT_CONTEXT_ALREADY_LINKED                                         NTStatus      = 0xC01C001C
+	STATUS_FLT_NO_WAITER_FOR_REPLY                                            NTStatus      = 0xC01C0020
+	STATUS_FLT_REGISTRATION_BUSY                                              NTStatus      = 0xC01C0023
+	STATUS_SXS_SECTION_NOT_FOUND                                              NTStatus      = 0xC0150001
+	STATUS_SXS_CANT_GEN_ACTCTX                                                NTStatus      = 0xC0150002
+	STATUS_SXS_INVALID_ACTCTXDATA_FORMAT                                      NTStatus      = 0xC0150003
+	STATUS_SXS_ASSEMBLY_NOT_FOUND                                             NTStatus      = 0xC0150004
+	STATUS_SXS_MANIFEST_FORMAT_ERROR                                          NTStatus      = 0xC0150005
+	STATUS_SXS_MANIFEST_PARSE_ERROR                                           NTStatus      = 0xC0150006
+	STATUS_SXS_ACTIVATION_CONTEXT_DISABLED                                    NTStatus      = 0xC0150007
+	STATUS_SXS_KEY_NOT_FOUND                                                  NTStatus      = 0xC0150008
+	STATUS_SXS_VERSION_CONFLICT                                               NTStatus      = 0xC0150009
+	STATUS_SXS_WRONG_SECTION_TYPE                                             NTStatus      = 0xC015000A
+	STATUS_SXS_THREAD_QUERIES_DISABLED                                        NTStatus      = 0xC015000B
+	STATUS_SXS_ASSEMBLY_MISSING                                               NTStatus      = 0xC015000C
+	STATUS_SXS_RELEASE_ACTIVATION_CONTEXT                                     NTStatus      = 0x4015000D
+	STATUS_SXS_PROCESS_DEFAULT_ALREADY_SET                                    NTStatus      = 0xC015000E
+	STATUS_SXS_EARLY_DEACTIVATION                                             NTStatus      = 0xC015000F
+	STATUS_SXS_INVALID_DEACTIVATION                                           NTStatus      = 0xC0150010
+	STATUS_SXS_MULTIPLE_DEACTIVATION                                          NTStatus      = 0xC0150011
+	STATUS_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY                        NTStatus      = 0xC0150012
+	STATUS_SXS_PROCESS_TERMINATION_REQUESTED                                  NTStatus      = 0xC0150013
+	STATUS_SXS_CORRUPT_ACTIVATION_STACK                                       NTStatus      = 0xC0150014
+	STATUS_SXS_CORRUPTION                                                     NTStatus      = 0xC0150015
+	STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE                               NTStatus      = 0xC0150016
+	STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME                                NTStatus      = 0xC0150017
+	STATUS_SXS_IDENTITY_DUPLICATE_ATTRIBUTE                                   NTStatus      = 0xC0150018
+	STATUS_SXS_IDENTITY_PARSE_ERROR                                           NTStatus      = 0xC0150019
+	STATUS_SXS_COMPONENT_STORE_CORRUPT                                        NTStatus      = 0xC015001A
+	STATUS_SXS_FILE_HASH_MISMATCH                                             NTStatus      = 0xC015001B
+	STATUS_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT                  NTStatus      = 0xC015001C
+	STATUS_SXS_IDENTITIES_DIFFERENT                                           NTStatus      = 0xC015001D
+	STATUS_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT                                   NTStatus      = 0xC015001E
+	STATUS_SXS_FILE_NOT_PART_OF_ASSEMBLY                                      NTStatus      = 0xC015001F
+	STATUS_ADVANCED_INSTALLER_FAILED                                          NTStatus      = 0xC0150020
+	STATUS_XML_ENCODING_MISMATCH                                              NTStatus      = 0xC0150021
+	STATUS_SXS_MANIFEST_TOO_BIG                                               NTStatus      = 0xC0150022
+	STATUS_SXS_SETTING_NOT_REGISTERED                                         NTStatus      = 0xC0150023
+	STATUS_SXS_TRANSACTION_CLOSURE_INCOMPLETE                                 NTStatus      = 0xC0150024
+	STATUS_SMI_PRIMITIVE_INSTALLER_FAILED                                     NTStatus      = 0xC0150025
+	STATUS_GENERIC_COMMAND_FAILED                                             NTStatus      = 0xC0150026
+	STATUS_SXS_FILE_HASH_MISSING                                              NTStatus      = 0xC0150027
+	STATUS_CLUSTER_INVALID_NODE                                               NTStatus      = 0xC0130001
+	STATUS_CLUSTER_NODE_EXISTS                                                NTStatus      = 0xC0130002
+	STATUS_CLUSTER_JOIN_IN_PROGRESS                                           NTStatus      = 0xC0130003
+	STATUS_CLUSTER_NODE_NOT_FOUND                                             NTStatus      = 0xC0130004
+	STATUS_CLUSTER_LOCAL_NODE_NOT_FOUND                                       NTStatus      = 0xC0130005
+	STATUS_CLUSTER_NETWORK_EXISTS                                             NTStatus      = 0xC0130006
+	STATUS_CLUSTER_NETWORK_NOT_FOUND                                          NTStatus      = 0xC0130007
+	STATUS_CLUSTER_NETINTERFACE_EXISTS                                        NTStatus      = 0xC0130008
+	STATUS_CLUSTER_NETINTERFACE_NOT_FOUND                                     NTStatus      = 0xC0130009
+	STATUS_CLUSTER_INVALID_REQUEST                                            NTStatus      = 0xC013000A
+	STATUS_CLUSTER_INVALID_NETWORK_PROVIDER                                   NTStatus      = 0xC013000B
+	STATUS_CLUSTER_NODE_DOWN                                                  NTStatus      = 0xC013000C
+	STATUS_CLUSTER_NODE_UNREACHABLE                                           NTStatus      = 0xC013000D
+	STATUS_CLUSTER_NODE_NOT_MEMBER                                            NTStatus      = 0xC013000E
+	STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS                                       NTStatus      = 0xC013000F
+	STATUS_CLUSTER_INVALID_NETWORK                                            NTStatus      = 0xC0130010
+	STATUS_CLUSTER_NO_NET_ADAPTERS                                            NTStatus      = 0xC0130011
+	STATUS_CLUSTER_NODE_UP                                                    NTStatus      = 0xC0130012
+	STATUS_CLUSTER_NODE_PAUSED                                                NTStatus      = 0xC0130013
+	STATUS_CLUSTER_NODE_NOT_PAUSED                                            NTStatus      = 0xC0130014
+	STATUS_CLUSTER_NO_SECURITY_CONTEXT                                        NTStatus      = 0xC0130015
+	STATUS_CLUSTER_NETWORK_NOT_INTERNAL                                       NTStatus      = 0xC0130016
+	STATUS_CLUSTER_POISONED                                                   NTStatus      = 0xC0130017
+	STATUS_CLUSTER_NON_CSV_PATH                                               NTStatus      = 0xC0130018
+	STATUS_CLUSTER_CSV_VOLUME_NOT_LOCAL                                       NTStatus      = 0xC0130019
+	STATUS_CLUSTER_CSV_READ_OPLOCK_BREAK_IN_PROGRESS                          NTStatus      = 0xC0130020
+	STATUS_CLUSTER_CSV_AUTO_PAUSE_ERROR                                       NTStatus      = 0xC0130021
+	STATUS_CLUSTER_CSV_REDIRECTED                                             NTStatus      = 0xC0130022
+	STATUS_CLUSTER_CSV_NOT_REDIRECTED                                         NTStatus      = 0xC0130023
+	STATUS_CLUSTER_CSV_VOLUME_DRAINING                                        NTStatus      = 0xC0130024
+	STATUS_CLUSTER_CSV_SNAPSHOT_CREATION_IN_PROGRESS                          NTStatus      = 0xC0130025
+	STATUS_CLUSTER_CSV_VOLUME_DRAINING_SUCCEEDED_DOWNLEVEL                    NTStatus      = 0xC0130026
+	STATUS_CLUSTER_CSV_NO_SNAPSHOTS                                           NTStatus      = 0xC0130027
+	STATUS_CSV_IO_PAUSE_TIMEOUT                                               NTStatus      = 0xC0130028
+	STATUS_CLUSTER_CSV_INVALID_HANDLE                                         NTStatus      = 0xC0130029
+	STATUS_CLUSTER_CSV_SUPPORTED_ONLY_ON_COORDINATOR                          NTStatus      = 0xC0130030
+	STATUS_CLUSTER_CAM_TICKET_REPLAY_DETECTED                                 NTStatus      = 0xC0130031
+	STATUS_TRANSACTIONAL_CONFLICT                                             NTStatus      = 0xC0190001
+	STATUS_INVALID_TRANSACTION                                                NTStatus      = 0xC0190002
+	STATUS_TRANSACTION_NOT_ACTIVE                                             NTStatus      = 0xC0190003
+	STATUS_TM_INITIALIZATION_FAILED                                           NTStatus      = 0xC0190004
+	STATUS_RM_NOT_ACTIVE                                                      NTStatus      = 0xC0190005
+	STATUS_RM_METADATA_CORRUPT                                                NTStatus      = 0xC0190006
+	STATUS_TRANSACTION_NOT_JOINED                                             NTStatus      = 0xC0190007
+	STATUS_DIRECTORY_NOT_RM                                                   NTStatus      = 0xC0190008
+	STATUS_COULD_NOT_RESIZE_LOG                                               NTStatus      = 0x80190009
+	STATUS_TRANSACTIONS_UNSUPPORTED_REMOTE                                    NTStatus      = 0xC019000A
+	STATUS_LOG_RESIZE_INVALID_SIZE                                            NTStatus      = 0xC019000B
+	STATUS_REMOTE_FILE_VERSION_MISMATCH                                       NTStatus      = 0xC019000C
+	STATUS_CRM_PROTOCOL_ALREADY_EXISTS                                        NTStatus      = 0xC019000F
+	STATUS_TRANSACTION_PROPAGATION_FAILED                                     NTStatus      = 0xC0190010
+	STATUS_CRM_PROTOCOL_NOT_FOUND                                             NTStatus      = 0xC0190011
+	STATUS_TRANSACTION_SUPERIOR_EXISTS                                        NTStatus      = 0xC0190012
+	STATUS_TRANSACTION_REQUEST_NOT_VALID                                      NTStatus      = 0xC0190013
+	STATUS_TRANSACTION_NOT_REQUESTED                                          NTStatus      = 0xC0190014
+	STATUS_TRANSACTION_ALREADY_ABORTED                                        NTStatus      = 0xC0190015
+	STATUS_TRANSACTION_ALREADY_COMMITTED                                      NTStatus      = 0xC0190016
+	STATUS_TRANSACTION_INVALID_MARSHALL_BUFFER                                NTStatus      = 0xC0190017
+	STATUS_CURRENT_TRANSACTION_NOT_VALID                                      NTStatus      = 0xC0190018
+	STATUS_LOG_GROWTH_FAILED                                                  NTStatus      = 0xC0190019
+	STATUS_OBJECT_NO_LONGER_EXISTS                                            NTStatus      = 0xC0190021
+	STATUS_STREAM_MINIVERSION_NOT_FOUND                                       NTStatus      = 0xC0190022
+	STATUS_STREAM_MINIVERSION_NOT_VALID                                       NTStatus      = 0xC0190023
+	STATUS_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION                NTStatus      = 0xC0190024
+	STATUS_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT                           NTStatus      = 0xC0190025
+	STATUS_CANT_CREATE_MORE_STREAM_MINIVERSIONS                               NTStatus      = 0xC0190026
+	STATUS_HANDLE_NO_LONGER_VALID                                             NTStatus      = 0xC0190028
+	STATUS_NO_TXF_METADATA                                                    NTStatus      = 0x80190029
+	STATUS_LOG_CORRUPTION_DETECTED                                            NTStatus      = 0xC0190030
+	STATUS_CANT_RECOVER_WITH_HANDLE_OPEN                                      NTStatus      = 0x80190031
+	STATUS_RM_DISCONNECTED                                                    NTStatus      = 0xC0190032
+	STATUS_ENLISTMENT_NOT_SUPERIOR                                            NTStatus      = 0xC0190033
+	STATUS_RECOVERY_NOT_NEEDED                                                NTStatus      = 0x40190034
+	STATUS_RM_ALREADY_STARTED                                                 NTStatus      = 0x40190035
+	STATUS_FILE_IDENTITY_NOT_PERSISTENT                                       NTStatus      = 0xC0190036
+	STATUS_CANT_BREAK_TRANSACTIONAL_DEPENDENCY                                NTStatus      = 0xC0190037
+	STATUS_CANT_CROSS_RM_BOUNDARY                                             NTStatus      = 0xC0190038
+	STATUS_TXF_DIR_NOT_EMPTY                                                  NTStatus      = 0xC0190039
+	STATUS_INDOUBT_TRANSACTIONS_EXIST                                         NTStatus      = 0xC019003A
+	STATUS_TM_VOLATILE                                                        NTStatus      = 0xC019003B
+	STATUS_ROLLBACK_TIMER_EXPIRED                                             NTStatus      = 0xC019003C
+	STATUS_TXF_ATTRIBUTE_CORRUPT                                              NTStatus      = 0xC019003D
+	STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION                                     NTStatus      = 0xC019003E
+	STATUS_TRANSACTIONAL_OPEN_NOT_ALLOWED                                     NTStatus      = 0xC019003F
+	STATUS_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE                              NTStatus      = 0xC0190040
+	STATUS_TXF_METADATA_ALREADY_PRESENT                                       NTStatus      = 0x80190041
+	STATUS_TRANSACTION_SCOPE_CALLBACKS_NOT_SET                                NTStatus      = 0x80190042
+	STATUS_TRANSACTION_REQUIRED_PROMOTION                                     NTStatus      = 0xC0190043
+	STATUS_CANNOT_EXECUTE_FILE_IN_TRANSACTION                                 NTStatus      = 0xC0190044
+	STATUS_TRANSACTIONS_NOT_FROZEN                                            NTStatus      = 0xC0190045
+	STATUS_TRANSACTION_FREEZE_IN_PROGRESS                                     NTStatus      = 0xC0190046
+	STATUS_NOT_SNAPSHOT_VOLUME                                                NTStatus      = 0xC0190047
+	STATUS_NO_SAVEPOINT_WITH_OPEN_FILES                                       NTStatus      = 0xC0190048
+	STATUS_SPARSE_NOT_ALLOWED_IN_TRANSACTION                                  NTStatus      = 0xC0190049
+	STATUS_TM_IDENTITY_MISMATCH                                               NTStatus      = 0xC019004A
+	STATUS_FLOATED_SECTION                                                    NTStatus      = 0xC019004B
+	STATUS_CANNOT_ACCEPT_TRANSACTED_WORK                                      NTStatus      = 0xC019004C
+	STATUS_CANNOT_ABORT_TRANSACTIONS                                          NTStatus      = 0xC019004D
+	STATUS_TRANSACTION_NOT_FOUND                                              NTStatus      = 0xC019004E
+	STATUS_RESOURCEMANAGER_NOT_FOUND                                          NTStatus      = 0xC019004F
+	STATUS_ENLISTMENT_NOT_FOUND                                               NTStatus      = 0xC0190050
+	STATUS_TRANSACTIONMANAGER_NOT_FOUND                                       NTStatus      = 0xC0190051
+	STATUS_TRANSACTIONMANAGER_NOT_ONLINE                                      NTStatus      = 0xC0190052
+	STATUS_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION                         NTStatus      = 0xC0190053
+	STATUS_TRANSACTION_NOT_ROOT                                               NTStatus      = 0xC0190054
+	STATUS_TRANSACTION_OBJECT_EXPIRED                                         NTStatus      = 0xC0190055
+	STATUS_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION                             NTStatus      = 0xC0190056
+	STATUS_TRANSACTION_RESPONSE_NOT_ENLISTED                                  NTStatus      = 0xC0190057
+	STATUS_TRANSACTION_RECORD_TOO_LONG                                        NTStatus      = 0xC0190058
+	STATUS_NO_LINK_TRACKING_IN_TRANSACTION                                    NTStatus      = 0xC0190059
+	STATUS_OPERATION_NOT_SUPPORTED_IN_TRANSACTION                             NTStatus      = 0xC019005A
+	STATUS_TRANSACTION_INTEGRITY_VIOLATED                                     NTStatus      = 0xC019005B
+	STATUS_TRANSACTIONMANAGER_IDENTITY_MISMATCH                               NTStatus      = 0xC019005C
+	STATUS_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT                                   NTStatus      = 0xC019005D
+	STATUS_TRANSACTION_MUST_WRITETHROUGH                                      NTStatus      = 0xC019005E
+	STATUS_TRANSACTION_NO_SUPERIOR                                            NTStatus      = 0xC019005F
+	STATUS_EXPIRED_HANDLE                                                     NTStatus      = 0xC0190060
+	STATUS_TRANSACTION_NOT_ENLISTED                                           NTStatus      = 0xC0190061
+	STATUS_LOG_SECTOR_INVALID                                                 NTStatus      = 0xC01A0001
+	STATUS_LOG_SECTOR_PARITY_INVALID                                          NTStatus      = 0xC01A0002
+	STATUS_LOG_SECTOR_REMAPPED                                                NTStatus      = 0xC01A0003
+	STATUS_LOG_BLOCK_INCOMPLETE                                               NTStatus      = 0xC01A0004
+	STATUS_LOG_INVALID_RANGE                                                  NTStatus      = 0xC01A0005
+	STATUS_LOG_BLOCKS_EXHAUSTED                                               NTStatus      = 0xC01A0006
+	STATUS_LOG_READ_CONTEXT_INVALID                                           NTStatus      = 0xC01A0007
+	STATUS_LOG_RESTART_INVALID                                                NTStatus      = 0xC01A0008
+	STATUS_LOG_BLOCK_VERSION                                                  NTStatus      = 0xC01A0009
+	STATUS_LOG_BLOCK_INVALID                                                  NTStatus      = 0xC01A000A
+	STATUS_LOG_READ_MODE_INVALID                                              NTStatus      = 0xC01A000B
+	STATUS_LOG_NO_RESTART                                                     NTStatus      = 0x401A000C
+	STATUS_LOG_METADATA_CORRUPT                                               NTStatus      = 0xC01A000D
+	STATUS_LOG_METADATA_INVALID                                               NTStatus      = 0xC01A000E
+	STATUS_LOG_METADATA_INCONSISTENT                                          NTStatus      = 0xC01A000F
+	STATUS_LOG_RESERVATION_INVALID                                            NTStatus      = 0xC01A0010
+	STATUS_LOG_CANT_DELETE                                                    NTStatus      = 0xC01A0011
+	STATUS_LOG_CONTAINER_LIMIT_EXCEEDED                                       NTStatus      = 0xC01A0012
+	STATUS_LOG_START_OF_LOG                                                   NTStatus      = 0xC01A0013
+	STATUS_LOG_POLICY_ALREADY_INSTALLED                                       NTStatus      = 0xC01A0014
+	STATUS_LOG_POLICY_NOT_INSTALLED                                           NTStatus      = 0xC01A0015
+	STATUS_LOG_POLICY_INVALID                                                 NTStatus      = 0xC01A0016
+	STATUS_LOG_POLICY_CONFLICT                                                NTStatus      = 0xC01A0017
+	STATUS_LOG_PINNED_ARCHIVE_TAIL                                            NTStatus      = 0xC01A0018
+	STATUS_LOG_RECORD_NONEXISTENT                                             NTStatus      = 0xC01A0019
+	STATUS_LOG_RECORDS_RESERVED_INVALID                                       NTStatus      = 0xC01A001A
+	STATUS_LOG_SPACE_RESERVED_INVALID                                         NTStatus      = 0xC01A001B
+	STATUS_LOG_TAIL_INVALID                                                   NTStatus      = 0xC01A001C
+	STATUS_LOG_FULL                                                           NTStatus      = 0xC01A001D
+	STATUS_LOG_MULTIPLEXED                                                    NTStatus      = 0xC01A001E
+	STATUS_LOG_DEDICATED                                                      NTStatus      = 0xC01A001F
+	STATUS_LOG_ARCHIVE_NOT_IN_PROGRESS                                        NTStatus      = 0xC01A0020
+	STATUS_LOG_ARCHIVE_IN_PROGRESS                                            NTStatus      = 0xC01A0021
+	STATUS_LOG_EPHEMERAL                                                      NTStatus      = 0xC01A0022
+	STATUS_LOG_NOT_ENOUGH_CONTAINERS                                          NTStatus      = 0xC01A0023
+	STATUS_LOG_CLIENT_ALREADY_REGISTERED                                      NTStatus      = 0xC01A0024
+	STATUS_LOG_CLIENT_NOT_REGISTERED                                          NTStatus      = 0xC01A0025
+	STATUS_LOG_FULL_HANDLER_IN_PROGRESS                                       NTStatus      = 0xC01A0026
+	STATUS_LOG_CONTAINER_READ_FAILED                                          NTStatus      = 0xC01A0027
+	STATUS_LOG_CONTAINER_WRITE_FAILED                                         NTStatus      = 0xC01A0028
+	STATUS_LOG_CONTAINER_OPEN_FAILED                                          NTStatus      = 0xC01A0029
+	STATUS_LOG_CONTAINER_STATE_INVALID                                        NTStatus      = 0xC01A002A
+	STATUS_LOG_STATE_INVALID                                                  NTStatus      = 0xC01A002B
+	STATUS_LOG_PINNED                                                         NTStatus      = 0xC01A002C
+	STATUS_LOG_METADATA_FLUSH_FAILED                                          NTStatus      = 0xC01A002D
+	STATUS_LOG_INCONSISTENT_SECURITY                                          NTStatus      = 0xC01A002E
+	STATUS_LOG_APPENDED_FLUSH_FAILED                                          NTStatus      = 0xC01A002F
+	STATUS_LOG_PINNED_RESERVATION                                             NTStatus      = 0xC01A0030
+	STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD                                   NTStatus      = 0xC01B00EA
+	STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD_RECOVERED                         NTStatus      = 0x801B00EB
+	STATUS_VIDEO_DRIVER_DEBUG_REPORT_REQUEST                                  NTStatus      = 0x401B00EC
+	STATUS_MONITOR_NO_DESCRIPTOR                                              NTStatus      = 0xC01D0001
+	STATUS_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT                                  NTStatus      = 0xC01D0002
+	STATUS_MONITOR_INVALID_DESCRIPTOR_CHECKSUM                                NTStatus      = 0xC01D0003
+	STATUS_MONITOR_INVALID_STANDARD_TIMING_BLOCK                              NTStatus      = 0xC01D0004
+	STATUS_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED                          NTStatus      = 0xC01D0005
+	STATUS_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK                         NTStatus      = 0xC01D0006
+	STATUS_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK                         NTStatus      = 0xC01D0007
+	STATUS_MONITOR_NO_MORE_DESCRIPTOR_DATA                                    NTStatus      = 0xC01D0008
+	STATUS_MONITOR_INVALID_DETAILED_TIMING_BLOCK                              NTStatus      = 0xC01D0009
+	STATUS_MONITOR_INVALID_MANUFACTURE_DATE                                   NTStatus      = 0xC01D000A
+	STATUS_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER                                  NTStatus      = 0xC01E0000
+	STATUS_GRAPHICS_INSUFFICIENT_DMA_BUFFER                                   NTStatus      = 0xC01E0001
+	STATUS_GRAPHICS_INVALID_DISPLAY_ADAPTER                                   NTStatus      = 0xC01E0002
+	STATUS_GRAPHICS_ADAPTER_WAS_RESET                                         NTStatus      = 0xC01E0003
+	STATUS_GRAPHICS_INVALID_DRIVER_MODEL                                      NTStatus      = 0xC01E0004
+	STATUS_GRAPHICS_PRESENT_MODE_CHANGED                                      NTStatus      = 0xC01E0005
+	STATUS_GRAPHICS_PRESENT_OCCLUDED                                          NTStatus      = 0xC01E0006
+	STATUS_GRAPHICS_PRESENT_DENIED                                            NTStatus      = 0xC01E0007
+	STATUS_GRAPHICS_CANNOTCOLORCONVERT                                        NTStatus      = 0xC01E0008
+	STATUS_GRAPHICS_DRIVER_MISMATCH                                           NTStatus      = 0xC01E0009
+	STATUS_GRAPHICS_PARTIAL_DATA_POPULATED                                    NTStatus      = 0x401E000A
+	STATUS_GRAPHICS_PRESENT_REDIRECTION_DISABLED                              NTStatus      = 0xC01E000B
+	STATUS_GRAPHICS_PRESENT_UNOCCLUDED                                        NTStatus      = 0xC01E000C
+	STATUS_GRAPHICS_WINDOWDC_NOT_AVAILABLE                                    NTStatus      = 0xC01E000D
+	STATUS_GRAPHICS_WINDOWLESS_PRESENT_DISABLED                               NTStatus      = 0xC01E000E
+	STATUS_GRAPHICS_PRESENT_INVALID_WINDOW                                    NTStatus      = 0xC01E000F
+	STATUS_GRAPHICS_PRESENT_BUFFER_NOT_BOUND                                  NTStatus      = 0xC01E0010
+	STATUS_GRAPHICS_VAIL_STATE_CHANGED                                        NTStatus      = 0xC01E0011
+	STATUS_GRAPHICS_INDIRECT_DISPLAY_ABANDON_SWAPCHAIN                        NTStatus      = 0xC01E0012
+	STATUS_GRAPHICS_INDIRECT_DISPLAY_DEVICE_STOPPED                           NTStatus      = 0xC01E0013
+	STATUS_GRAPHICS_NO_VIDEO_MEMORY                                           NTStatus      = 0xC01E0100
+	STATUS_GRAPHICS_CANT_LOCK_MEMORY                                          NTStatus      = 0xC01E0101
+	STATUS_GRAPHICS_ALLOCATION_BUSY                                           NTStatus      = 0xC01E0102
+	STATUS_GRAPHICS_TOO_MANY_REFERENCES                                       NTStatus      = 0xC01E0103
+	STATUS_GRAPHICS_TRY_AGAIN_LATER                                           NTStatus      = 0xC01E0104
+	STATUS_GRAPHICS_TRY_AGAIN_NOW                                             NTStatus      = 0xC01E0105
+	STATUS_GRAPHICS_ALLOCATION_INVALID                                        NTStatus      = 0xC01E0106
+	STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE                          NTStatus      = 0xC01E0107
+	STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED                          NTStatus      = 0xC01E0108
+	STATUS_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION                              NTStatus      = 0xC01E0109
+	STATUS_GRAPHICS_INVALID_ALLOCATION_USAGE                                  NTStatus      = 0xC01E0110
+	STATUS_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION                             NTStatus      = 0xC01E0111
+	STATUS_GRAPHICS_ALLOCATION_CLOSED                                         NTStatus      = 0xC01E0112
+	STATUS_GRAPHICS_INVALID_ALLOCATION_INSTANCE                               NTStatus      = 0xC01E0113
+	STATUS_GRAPHICS_INVALID_ALLOCATION_HANDLE                                 NTStatus      = 0xC01E0114
+	STATUS_GRAPHICS_WRONG_ALLOCATION_DEVICE                                   NTStatus      = 0xC01E0115
+	STATUS_GRAPHICS_ALLOCATION_CONTENT_LOST                                   NTStatus      = 0xC01E0116
+	STATUS_GRAPHICS_GPU_EXCEPTION_ON_DEVICE                                   NTStatus      = 0xC01E0200
+	STATUS_GRAPHICS_SKIP_ALLOCATION_PREPARATION                               NTStatus      = 0x401E0201
+	STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY                                    NTStatus      = 0xC01E0300
+	STATUS_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED                              NTStatus      = 0xC01E0301
+	STATUS_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED                    NTStatus      = 0xC01E0302
+	STATUS_GRAPHICS_INVALID_VIDPN                                             NTStatus      = 0xC01E0303
+	STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE                              NTStatus      = 0xC01E0304
+	STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET                              NTStatus      = 0xC01E0305
+	STATUS_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED                              NTStatus      = 0xC01E0306
+	STATUS_GRAPHICS_MODE_NOT_PINNED                                           NTStatus      = 0x401E0307
+	STATUS_GRAPHICS_INVALID_VIDPN_SOURCEMODESET                               NTStatus      = 0xC01E0308
+	STATUS_GRAPHICS_INVALID_VIDPN_TARGETMODESET                               NTStatus      = 0xC01E0309
+	STATUS_GRAPHICS_INVALID_FREQUENCY                                         NTStatus      = 0xC01E030A
+	STATUS_GRAPHICS_INVALID_ACTIVE_REGION                                     NTStatus      = 0xC01E030B
+	STATUS_GRAPHICS_INVALID_TOTAL_REGION                                      NTStatus      = 0xC01E030C
+	STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE                         NTStatus      = 0xC01E0310
+	STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE                         NTStatus      = 0xC01E0311
+	STATUS_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET                            NTStatus      = 0xC01E0312
+	STATUS_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY                                  NTStatus      = 0xC01E0313
+	STATUS_GRAPHICS_MODE_ALREADY_IN_MODESET                                   NTStatus      = 0xC01E0314
+	STATUS_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET                             NTStatus      = 0xC01E0315
+	STATUS_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET                             NTStatus      = 0xC01E0316
+	STATUS_GRAPHICS_SOURCE_ALREADY_IN_SET                                     NTStatus      = 0xC01E0317
+	STATUS_GRAPHICS_TARGET_ALREADY_IN_SET                                     NTStatus      = 0xC01E0318
+	STATUS_GRAPHICS_INVALID_VIDPN_PRESENT_PATH                                NTStatus      = 0xC01E0319
+	STATUS_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY                             NTStatus      = 0xC01E031A
+	STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET                         NTStatus      = 0xC01E031B
+	STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE                            NTStatus      = 0xC01E031C
+	STATUS_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET                                 NTStatus      = 0xC01E031D
+	STATUS_GRAPHICS_NO_PREFERRED_MODE                                         NTStatus      = 0x401E031E
+	STATUS_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET                             NTStatus      = 0xC01E031F
+	STATUS_GRAPHICS_STALE_MODESET                                             NTStatus      = 0xC01E0320
+	STATUS_GRAPHICS_INVALID_MONITOR_SOURCEMODESET                             NTStatus      = 0xC01E0321
+	STATUS_GRAPHICS_INVALID_MONITOR_SOURCE_MODE                               NTStatus      = 0xC01E0322
+	STATUS_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN                           NTStatus      = 0xC01E0323
+	STATUS_GRAPHICS_MODE_ID_MUST_BE_UNIQUE                                    NTStatus      = 0xC01E0324
+	STATUS_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION           NTStatus      = 0xC01E0325
+	STATUS_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES                   NTStatus      = 0xC01E0326
+	STATUS_GRAPHICS_PATH_NOT_IN_TOPOLOGY                                      NTStatus      = 0xC01E0327
+	STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE                     NTStatus      = 0xC01E0328
+	STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET                     NTStatus      = 0xC01E0329
+	STATUS_GRAPHICS_INVALID_MONITORDESCRIPTORSET                              NTStatus      = 0xC01E032A
+	STATUS_GRAPHICS_INVALID_MONITORDESCRIPTOR                                 NTStatus      = 0xC01E032B
+	STATUS_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET                              NTStatus      = 0xC01E032C
+	STATUS_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET                          NTStatus      = 0xC01E032D
+	STATUS_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE                       NTStatus      = 0xC01E032E
+	STATUS_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE                          NTStatus      = 0xC01E032F
+	STATUS_GRAPHICS_RESOURCES_NOT_RELATED                                     NTStatus      = 0xC01E0330
+	STATUS_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE                                  NTStatus      = 0xC01E0331
+	STATUS_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE                                  NTStatus      = 0xC01E0332
+	STATUS_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET                                 NTStatus      = 0xC01E0333
+	STATUS_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER              NTStatus      = 0xC01E0334
+	STATUS_GRAPHICS_NO_VIDPNMGR                                               NTStatus      = 0xC01E0335
+	STATUS_GRAPHICS_NO_ACTIVE_VIDPN                                           NTStatus      = 0xC01E0336
+	STATUS_GRAPHICS_STALE_VIDPN_TOPOLOGY                                      NTStatus      = 0xC01E0337
+	STATUS_GRAPHICS_MONITOR_NOT_CONNECTED                                     NTStatus      = 0xC01E0338
+	STATUS_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY                                    NTStatus      = 0xC01E0339
+	STATUS_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE                               NTStatus      = 0xC01E033A
+	STATUS_GRAPHICS_INVALID_VISIBLEREGION_SIZE                                NTStatus      = 0xC01E033B
+	STATUS_GRAPHICS_INVALID_STRIDE                                            NTStatus      = 0xC01E033C
+	STATUS_GRAPHICS_INVALID_PIXELFORMAT                                       NTStatus      = 0xC01E033D
+	STATUS_GRAPHICS_INVALID_COLORBASIS                                        NTStatus      = 0xC01E033E
+	STATUS_GRAPHICS_INVALID_PIXELVALUEACCESSMODE                              NTStatus      = 0xC01E033F
+	STATUS_GRAPHICS_TARGET_NOT_IN_TOPOLOGY                                    NTStatus      = 0xC01E0340
+	STATUS_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT                        NTStatus      = 0xC01E0341
+	STATUS_GRAPHICS_VIDPN_SOURCE_IN_USE                                       NTStatus      = 0xC01E0342
+	STATUS_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN                                  NTStatus      = 0xC01E0343
+	STATUS_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL                           NTStatus      = 0xC01E0344
+	STATUS_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION              NTStatus      = 0xC01E0345
+	STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED        NTStatus      = 0xC01E0346
+	STATUS_GRAPHICS_INVALID_GAMMA_RAMP                                        NTStatus      = 0xC01E0347
+	STATUS_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED                                  NTStatus      = 0xC01E0348
+	STATUS_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED                               NTStatus      = 0xC01E0349
+	STATUS_GRAPHICS_MODE_NOT_IN_MODESET                                       NTStatus      = 0xC01E034A
+	STATUS_GRAPHICS_DATASET_IS_EMPTY                                          NTStatus      = 0x401E034B
+	STATUS_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET                               NTStatus      = 0x401E034C
+	STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON              NTStatus      = 0xC01E034D
+	STATUS_GRAPHICS_INVALID_PATH_CONTENT_TYPE                                 NTStatus      = 0xC01E034E
+	STATUS_GRAPHICS_INVALID_COPYPROTECTION_TYPE                               NTStatus      = 0xC01E034F
+	STATUS_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS                         NTStatus      = 0xC01E0350
+	STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED           NTStatus      = 0x401E0351
+	STATUS_GRAPHICS_INVALID_SCANLINE_ORDERING                                 NTStatus      = 0xC01E0352
+	STATUS_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED                              NTStatus      = 0xC01E0353
+	STATUS_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS                          NTStatus      = 0xC01E0354
+	STATUS_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT                               NTStatus      = 0xC01E0355
+	STATUS_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM                            NTStatus      = 0xC01E0356
+	STATUS_GRAPHICS_INVALID_MONITOR_CAPABILITY_ORIGIN                         NTStatus      = 0xC01E0357
+	STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE_CONSTRAINT                 NTStatus      = 0xC01E0358
+	STATUS_GRAPHICS_MAX_NUM_PATHS_REACHED                                     NTStatus      = 0xC01E0359
+	STATUS_GRAPHICS_CANCEL_VIDPN_TOPOLOGY_AUGMENTATION                        NTStatus      = 0xC01E035A
+	STATUS_GRAPHICS_INVALID_CLIENT_TYPE                                       NTStatus      = 0xC01E035B
+	STATUS_GRAPHICS_CLIENTVIDPN_NOT_SET                                       NTStatus      = 0xC01E035C
+	STATUS_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED                         NTStatus      = 0xC01E0400
+	STATUS_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED                            NTStatus      = 0xC01E0401
+	STATUS_GRAPHICS_UNKNOWN_CHILD_STATUS                                      NTStatus      = 0x401E042F
+	STATUS_GRAPHICS_NOT_A_LINKED_ADAPTER                                      NTStatus      = 0xC01E0430
+	STATUS_GRAPHICS_LEADLINK_NOT_ENUMERATED                                   NTStatus      = 0xC01E0431
+	STATUS_GRAPHICS_CHAINLINKS_NOT_ENUMERATED                                 NTStatus      = 0xC01E0432
+	STATUS_GRAPHICS_ADAPTER_CHAIN_NOT_READY                                   NTStatus      = 0xC01E0433
+	STATUS_GRAPHICS_CHAINLINKS_NOT_STARTED                                    NTStatus      = 0xC01E0434
+	STATUS_GRAPHICS_CHAINLINKS_NOT_POWERED_ON                                 NTStatus      = 0xC01E0435
+	STATUS_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE                            NTStatus      = 0xC01E0436
+	STATUS_GRAPHICS_LEADLINK_START_DEFERRED                                   NTStatus      = 0x401E0437
+	STATUS_GRAPHICS_NOT_POST_DEVICE_DRIVER                                    NTStatus      = 0xC01E0438
+	STATUS_GRAPHICS_POLLING_TOO_FREQUENTLY                                    NTStatus      = 0x401E0439
+	STATUS_GRAPHICS_START_DEFERRED                                            NTStatus      = 0x401E043A
+	STATUS_GRAPHICS_ADAPTER_ACCESS_NOT_EXCLUDED                               NTStatus      = 0xC01E043B
+	STATUS_GRAPHICS_DEPENDABLE_CHILD_STATUS                                   NTStatus      = 0x401E043C
+	STATUS_GRAPHICS_OPM_NOT_SUPPORTED                                         NTStatus      = 0xC01E0500
+	STATUS_GRAPHICS_COPP_NOT_SUPPORTED                                        NTStatus      = 0xC01E0501
+	STATUS_GRAPHICS_UAB_NOT_SUPPORTED                                         NTStatus      = 0xC01E0502
+	STATUS_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS                          NTStatus      = 0xC01E0503
+	STATUS_GRAPHICS_OPM_NO_PROTECTED_OUTPUTS_EXIST                            NTStatus      = 0xC01E0505
+	STATUS_GRAPHICS_OPM_INTERNAL_ERROR                                        NTStatus      = 0xC01E050B
+	STATUS_GRAPHICS_OPM_INVALID_HANDLE                                        NTStatus      = 0xC01E050C
+	STATUS_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH                            NTStatus      = 0xC01E050E
+	STATUS_GRAPHICS_OPM_SPANNING_MODE_ENABLED                                 NTStatus      = 0xC01E050F
+	STATUS_GRAPHICS_OPM_THEATER_MODE_ENABLED                                  NTStatus      = 0xC01E0510
+	STATUS_GRAPHICS_PVP_HFS_FAILED                                            NTStatus      = 0xC01E0511
+	STATUS_GRAPHICS_OPM_INVALID_SRM                                           NTStatus      = 0xC01E0512
+	STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP                          NTStatus      = 0xC01E0513
+	STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP                           NTStatus      = 0xC01E0514
+	STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA                         NTStatus      = 0xC01E0515
+	STATUS_GRAPHICS_OPM_HDCP_SRM_NEVER_SET                                    NTStatus      = 0xC01E0516
+	STATUS_GRAPHICS_OPM_RESOLUTION_TOO_HIGH                                   NTStatus      = 0xC01E0517
+	STATUS_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE                      NTStatus      = 0xC01E0518
+	STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_NO_LONGER_EXISTS                     NTStatus      = 0xC01E051A
+	STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_COPP_SEMANTICS         NTStatus      = 0xC01E051C
+	STATUS_GRAPHICS_OPM_INVALID_INFORMATION_REQUEST                           NTStatus      = 0xC01E051D
+	STATUS_GRAPHICS_OPM_DRIVER_INTERNAL_ERROR                                 NTStatus      = 0xC01E051E
+	STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_OPM_SEMANTICS          NTStatus      = 0xC01E051F
+	STATUS_GRAPHICS_OPM_SIGNALING_NOT_SUPPORTED                               NTStatus      = 0xC01E0520
+	STATUS_GRAPHICS_OPM_INVALID_CONFIGURATION_REQUEST                         NTStatus      = 0xC01E0521
+	STATUS_GRAPHICS_I2C_NOT_SUPPORTED                                         NTStatus      = 0xC01E0580
+	STATUS_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST                                 NTStatus      = 0xC01E0581
+	STATUS_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA                               NTStatus      = 0xC01E0582
+	STATUS_GRAPHICS_I2C_ERROR_RECEIVING_DATA                                  NTStatus      = 0xC01E0583
+	STATUS_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED                                   NTStatus      = 0xC01E0584
+	STATUS_GRAPHICS_DDCCI_INVALID_DATA                                        NTStatus      = 0xC01E0585
+	STATUS_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE         NTStatus      = 0xC01E0586
+	STATUS_GRAPHICS_DDCCI_INVALID_CAPABILITIES_STRING                         NTStatus      = 0xC01E0587
+	STATUS_GRAPHICS_MCA_INTERNAL_ERROR                                        NTStatus      = 0xC01E0588
+	STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND                             NTStatus      = 0xC01E0589
+	STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH                              NTStatus      = 0xC01E058A
+	STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM                            NTStatus      = 0xC01E058B
+	STATUS_GRAPHICS_INVALID_PHYSICAL_MONITOR_HANDLE                           NTStatus      = 0xC01E058C
+	STATUS_GRAPHICS_MONITOR_NO_LONGER_EXISTS                                  NTStatus      = 0xC01E058D
+	STATUS_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED                            NTStatus      = 0xC01E05E0
+	STATUS_GRAPHICS_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME                     NTStatus      = 0xC01E05E1
+	STATUS_GRAPHICS_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP                    NTStatus      = 0xC01E05E2
+	STATUS_GRAPHICS_MIRRORING_DEVICES_NOT_SUPPORTED                           NTStatus      = 0xC01E05E3
+	STATUS_GRAPHICS_INVALID_POINTER                                           NTStatus      = 0xC01E05E4
+	STATUS_GRAPHICS_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE                  NTStatus      = 0xC01E05E5
+	STATUS_GRAPHICS_PARAMETER_ARRAY_TOO_SMALL                                 NTStatus      = 0xC01E05E6
+	STATUS_GRAPHICS_INTERNAL_ERROR                                            NTStatus      = 0xC01E05E7
+	STATUS_GRAPHICS_SESSION_TYPE_CHANGE_IN_PROGRESS                           NTStatus      = 0xC01E05E8
+	STATUS_FVE_LOCKED_VOLUME                                                  NTStatus      = 0xC0210000
+	STATUS_FVE_NOT_ENCRYPTED                                                  NTStatus      = 0xC0210001
+	STATUS_FVE_BAD_INFORMATION                                                NTStatus      = 0xC0210002
+	STATUS_FVE_TOO_SMALL                                                      NTStatus      = 0xC0210003
+	STATUS_FVE_FAILED_WRONG_FS                                                NTStatus      = 0xC0210004
+	STATUS_FVE_BAD_PARTITION_SIZE                                             NTStatus      = 0xC0210005
+	STATUS_FVE_FS_NOT_EXTENDED                                                NTStatus      = 0xC0210006
+	STATUS_FVE_FS_MOUNTED                                                     NTStatus      = 0xC0210007
+	STATUS_FVE_NO_LICENSE                                                     NTStatus      = 0xC0210008
+	STATUS_FVE_ACTION_NOT_ALLOWED                                             NTStatus      = 0xC0210009
+	STATUS_FVE_BAD_DATA                                                       NTStatus      = 0xC021000A
+	STATUS_FVE_VOLUME_NOT_BOUND                                               NTStatus      = 0xC021000B
+	STATUS_FVE_NOT_DATA_VOLUME                                                NTStatus      = 0xC021000C
+	STATUS_FVE_CONV_READ_ERROR                                                NTStatus      = 0xC021000D
+	STATUS_FVE_CONV_WRITE_ERROR                                               NTStatus      = 0xC021000E
+	STATUS_FVE_OVERLAPPED_UPDATE                                              NTStatus      = 0xC021000F
+	STATUS_FVE_FAILED_SECTOR_SIZE                                             NTStatus      = 0xC0210010
+	STATUS_FVE_FAILED_AUTHENTICATION                                          NTStatus      = 0xC0210011
+	STATUS_FVE_NOT_OS_VOLUME                                                  NTStatus      = 0xC0210012
+	STATUS_FVE_KEYFILE_NOT_FOUND                                              NTStatus      = 0xC0210013
+	STATUS_FVE_KEYFILE_INVALID                                                NTStatus      = 0xC0210014
+	STATUS_FVE_KEYFILE_NO_VMK                                                 NTStatus      = 0xC0210015
+	STATUS_FVE_TPM_DISABLED                                                   NTStatus      = 0xC0210016
+	STATUS_FVE_TPM_SRK_AUTH_NOT_ZERO                                          NTStatus      = 0xC0210017
+	STATUS_FVE_TPM_INVALID_PCR                                                NTStatus      = 0xC0210018
+	STATUS_FVE_TPM_NO_VMK                                                     NTStatus      = 0xC0210019
+	STATUS_FVE_PIN_INVALID                                                    NTStatus      = 0xC021001A
+	STATUS_FVE_AUTH_INVALID_APPLICATION                                       NTStatus      = 0xC021001B
+	STATUS_FVE_AUTH_INVALID_CONFIG                                            NTStatus      = 0xC021001C
+	STATUS_FVE_DEBUGGER_ENABLED                                               NTStatus      = 0xC021001D
+	STATUS_FVE_DRY_RUN_FAILED                                                 NTStatus      = 0xC021001E
+	STATUS_FVE_BAD_METADATA_POINTER                                           NTStatus      = 0xC021001F
+	STATUS_FVE_OLD_METADATA_COPY                                              NTStatus      = 0xC0210020
+	STATUS_FVE_REBOOT_REQUIRED                                                NTStatus      = 0xC0210021
+	STATUS_FVE_RAW_ACCESS                                                     NTStatus      = 0xC0210022
+	STATUS_FVE_RAW_BLOCKED                                                    NTStatus      = 0xC0210023
+	STATUS_FVE_NO_AUTOUNLOCK_MASTER_KEY                                       NTStatus      = 0xC0210024
+	STATUS_FVE_MOR_FAILED                                                     NTStatus      = 0xC0210025
+	STATUS_FVE_NO_FEATURE_LICENSE                                             NTStatus      = 0xC0210026
+	STATUS_FVE_POLICY_USER_DISABLE_RDV_NOT_ALLOWED                            NTStatus      = 0xC0210027
+	STATUS_FVE_CONV_RECOVERY_FAILED                                           NTStatus      = 0xC0210028
+	STATUS_FVE_VIRTUALIZED_SPACE_TOO_BIG                                      NTStatus      = 0xC0210029
+	STATUS_FVE_INVALID_DATUM_TYPE                                             NTStatus      = 0xC021002A
+	STATUS_FVE_VOLUME_TOO_SMALL                                               NTStatus      = 0xC0210030
+	STATUS_FVE_ENH_PIN_INVALID                                                NTStatus      = 0xC0210031
+	STATUS_FVE_FULL_ENCRYPTION_NOT_ALLOWED_ON_TP_STORAGE                      NTStatus      = 0xC0210032
+	STATUS_FVE_WIPE_NOT_ALLOWED_ON_TP_STORAGE                                 NTStatus      = 0xC0210033
+	STATUS_FVE_NOT_ALLOWED_ON_CSV_STACK                                       NTStatus      = 0xC0210034
+	STATUS_FVE_NOT_ALLOWED_ON_CLUSTER                                         NTStatus      = 0xC0210035
+	STATUS_FVE_NOT_ALLOWED_TO_UPGRADE_WHILE_CONVERTING                        NTStatus      = 0xC0210036
+	STATUS_FVE_WIPE_CANCEL_NOT_APPLICABLE                                     NTStatus      = 0xC0210037
+	STATUS_FVE_EDRIVE_DRY_RUN_FAILED                                          NTStatus      = 0xC0210038
+	STATUS_FVE_SECUREBOOT_DISABLED                                            NTStatus      = 0xC0210039
+	STATUS_FVE_SECUREBOOT_CONFIG_CHANGE                                       NTStatus      = 0xC021003A
+	STATUS_FVE_DEVICE_LOCKEDOUT                                               NTStatus      = 0xC021003B
+	STATUS_FVE_VOLUME_EXTEND_PREVENTS_EOW_DECRYPT                             NTStatus      = 0xC021003C
+	STATUS_FVE_NOT_DE_VOLUME                                                  NTStatus      = 0xC021003D
+	STATUS_FVE_PROTECTION_DISABLED                                            NTStatus      = 0xC021003E
+	STATUS_FVE_PROTECTION_CANNOT_BE_DISABLED                                  NTStatus      = 0xC021003F
+	STATUS_FVE_OSV_KSR_NOT_ALLOWED                                            NTStatus      = 0xC0210040
+	STATUS_FWP_CALLOUT_NOT_FOUND                                              NTStatus      = 0xC0220001
+	STATUS_FWP_CONDITION_NOT_FOUND                                            NTStatus      = 0xC0220002
+	STATUS_FWP_FILTER_NOT_FOUND                                               NTStatus      = 0xC0220003
+	STATUS_FWP_LAYER_NOT_FOUND                                                NTStatus      = 0xC0220004
+	STATUS_FWP_PROVIDER_NOT_FOUND                                             NTStatus      = 0xC0220005
+	STATUS_FWP_PROVIDER_CONTEXT_NOT_FOUND                                     NTStatus      = 0xC0220006
+	STATUS_FWP_SUBLAYER_NOT_FOUND                                             NTStatus      = 0xC0220007
+	STATUS_FWP_NOT_FOUND                                                      NTStatus      = 0xC0220008
+	STATUS_FWP_ALREADY_EXISTS                                                 NTStatus      = 0xC0220009
+	STATUS_FWP_IN_USE                                                         NTStatus      = 0xC022000A
+	STATUS_FWP_DYNAMIC_SESSION_IN_PROGRESS                                    NTStatus      = 0xC022000B
+	STATUS_FWP_WRONG_SESSION                                                  NTStatus      = 0xC022000C
+	STATUS_FWP_NO_TXN_IN_PROGRESS                                             NTStatus      = 0xC022000D
+	STATUS_FWP_TXN_IN_PROGRESS                                                NTStatus      = 0xC022000E
+	STATUS_FWP_TXN_ABORTED                                                    NTStatus      = 0xC022000F
+	STATUS_FWP_SESSION_ABORTED                                                NTStatus      = 0xC0220010
+	STATUS_FWP_INCOMPATIBLE_TXN                                               NTStatus      = 0xC0220011
+	STATUS_FWP_TIMEOUT                                                        NTStatus      = 0xC0220012
+	STATUS_FWP_NET_EVENTS_DISABLED                                            NTStatus      = 0xC0220013
+	STATUS_FWP_INCOMPATIBLE_LAYER                                             NTStatus      = 0xC0220014
+	STATUS_FWP_KM_CLIENTS_ONLY                                                NTStatus      = 0xC0220015
+	STATUS_FWP_LIFETIME_MISMATCH                                              NTStatus      = 0xC0220016
+	STATUS_FWP_BUILTIN_OBJECT                                                 NTStatus      = 0xC0220017
+	STATUS_FWP_TOO_MANY_CALLOUTS                                              NTStatus      = 0xC0220018
+	STATUS_FWP_NOTIFICATION_DROPPED                                           NTStatus      = 0xC0220019
+	STATUS_FWP_TRAFFIC_MISMATCH                                               NTStatus      = 0xC022001A
+	STATUS_FWP_INCOMPATIBLE_SA_STATE                                          NTStatus      = 0xC022001B
+	STATUS_FWP_NULL_POINTER                                                   NTStatus      = 0xC022001C
+	STATUS_FWP_INVALID_ENUMERATOR                                             NTStatus      = 0xC022001D
+	STATUS_FWP_INVALID_FLAGS                                                  NTStatus      = 0xC022001E
+	STATUS_FWP_INVALID_NET_MASK                                               NTStatus      = 0xC022001F
+	STATUS_FWP_INVALID_RANGE                                                  NTStatus      = 0xC0220020
+	STATUS_FWP_INVALID_INTERVAL                                               NTStatus      = 0xC0220021
+	STATUS_FWP_ZERO_LENGTH_ARRAY                                              NTStatus      = 0xC0220022
+	STATUS_FWP_NULL_DISPLAY_NAME                                              NTStatus      = 0xC0220023
+	STATUS_FWP_INVALID_ACTION_TYPE                                            NTStatus      = 0xC0220024
+	STATUS_FWP_INVALID_WEIGHT                                                 NTStatus      = 0xC0220025
+	STATUS_FWP_MATCH_TYPE_MISMATCH                                            NTStatus      = 0xC0220026
+	STATUS_FWP_TYPE_MISMATCH                                                  NTStatus      = 0xC0220027
+	STATUS_FWP_OUT_OF_BOUNDS                                                  NTStatus      = 0xC0220028
+	STATUS_FWP_RESERVED                                                       NTStatus      = 0xC0220029
+	STATUS_FWP_DUPLICATE_CONDITION                                            NTStatus      = 0xC022002A
+	STATUS_FWP_DUPLICATE_KEYMOD                                               NTStatus      = 0xC022002B
+	STATUS_FWP_ACTION_INCOMPATIBLE_WITH_LAYER                                 NTStatus      = 0xC022002C
+	STATUS_FWP_ACTION_INCOMPATIBLE_WITH_SUBLAYER                              NTStatus      = 0xC022002D
+	STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_LAYER                                NTStatus      = 0xC022002E
+	STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_CALLOUT                              NTStatus      = 0xC022002F
+	STATUS_FWP_INCOMPATIBLE_AUTH_METHOD                                       NTStatus      = 0xC0220030
+	STATUS_FWP_INCOMPATIBLE_DH_GROUP                                          NTStatus      = 0xC0220031
+	STATUS_FWP_EM_NOT_SUPPORTED                                               NTStatus      = 0xC0220032
+	STATUS_FWP_NEVER_MATCH                                                    NTStatus      = 0xC0220033
+	STATUS_FWP_PROVIDER_CONTEXT_MISMATCH                                      NTStatus      = 0xC0220034
+	STATUS_FWP_INVALID_PARAMETER                                              NTStatus      = 0xC0220035
+	STATUS_FWP_TOO_MANY_SUBLAYERS                                             NTStatus      = 0xC0220036
+	STATUS_FWP_CALLOUT_NOTIFICATION_FAILED                                    NTStatus      = 0xC0220037
+	STATUS_FWP_INVALID_AUTH_TRANSFORM                                         NTStatus      = 0xC0220038
+	STATUS_FWP_INVALID_CIPHER_TRANSFORM                                       NTStatus      = 0xC0220039
+	STATUS_FWP_INCOMPATIBLE_CIPHER_TRANSFORM                                  NTStatus      = 0xC022003A
+	STATUS_FWP_INVALID_TRANSFORM_COMBINATION                                  NTStatus      = 0xC022003B
+	STATUS_FWP_DUPLICATE_AUTH_METHOD                                          NTStatus      = 0xC022003C
+	STATUS_FWP_INVALID_TUNNEL_ENDPOINT                                        NTStatus      = 0xC022003D
+	STATUS_FWP_L2_DRIVER_NOT_READY                                            NTStatus      = 0xC022003E
+	STATUS_FWP_KEY_DICTATOR_ALREADY_REGISTERED                                NTStatus      = 0xC022003F
+	STATUS_FWP_KEY_DICTATION_INVALID_KEYING_MATERIAL                          NTStatus      = 0xC0220040
+	STATUS_FWP_CONNECTIONS_DISABLED                                           NTStatus      = 0xC0220041
+	STATUS_FWP_INVALID_DNS_NAME                                               NTStatus      = 0xC0220042
+	STATUS_FWP_STILL_ON                                                       NTStatus      = 0xC0220043
+	STATUS_FWP_IKEEXT_NOT_RUNNING                                             NTStatus      = 0xC0220044
+	STATUS_FWP_TCPIP_NOT_READY                                                NTStatus      = 0xC0220100
+	STATUS_FWP_INJECT_HANDLE_CLOSING                                          NTStatus      = 0xC0220101
+	STATUS_FWP_INJECT_HANDLE_STALE                                            NTStatus      = 0xC0220102
+	STATUS_FWP_CANNOT_PEND                                                    NTStatus      = 0xC0220103
+	STATUS_FWP_DROP_NOICMP                                                    NTStatus      = 0xC0220104
+	STATUS_NDIS_CLOSING                                                       NTStatus      = 0xC0230002
+	STATUS_NDIS_BAD_VERSION                                                   NTStatus      = 0xC0230004
+	STATUS_NDIS_BAD_CHARACTERISTICS                                           NTStatus      = 0xC0230005
+	STATUS_NDIS_ADAPTER_NOT_FOUND                                             NTStatus      = 0xC0230006
+	STATUS_NDIS_OPEN_FAILED                                                   NTStatus      = 0xC0230007
+	STATUS_NDIS_DEVICE_FAILED                                                 NTStatus      = 0xC0230008
+	STATUS_NDIS_MULTICAST_FULL                                                NTStatus      = 0xC0230009
+	STATUS_NDIS_MULTICAST_EXISTS                                              NTStatus      = 0xC023000A
+	STATUS_NDIS_MULTICAST_NOT_FOUND                                           NTStatus      = 0xC023000B
+	STATUS_NDIS_REQUEST_ABORTED                                               NTStatus      = 0xC023000C
+	STATUS_NDIS_RESET_IN_PROGRESS                                             NTStatus      = 0xC023000D
+	STATUS_NDIS_NOT_SUPPORTED                                                 NTStatus      = 0xC02300BB
+	STATUS_NDIS_INVALID_PACKET                                                NTStatus      = 0xC023000F
+	STATUS_NDIS_ADAPTER_NOT_READY                                             NTStatus      = 0xC0230011
+	STATUS_NDIS_INVALID_LENGTH                                                NTStatus      = 0xC0230014
+	STATUS_NDIS_INVALID_DATA                                                  NTStatus      = 0xC0230015
+	STATUS_NDIS_BUFFER_TOO_SHORT                                              NTStatus      = 0xC0230016
+	STATUS_NDIS_INVALID_OID                                                   NTStatus      = 0xC0230017
+	STATUS_NDIS_ADAPTER_REMOVED                                               NTStatus      = 0xC0230018
+	STATUS_NDIS_UNSUPPORTED_MEDIA                                             NTStatus      = 0xC0230019
+	STATUS_NDIS_GROUP_ADDRESS_IN_USE                                          NTStatus      = 0xC023001A
+	STATUS_NDIS_FILE_NOT_FOUND                                                NTStatus      = 0xC023001B
+	STATUS_NDIS_ERROR_READING_FILE                                            NTStatus      = 0xC023001C
+	STATUS_NDIS_ALREADY_MAPPED                                                NTStatus      = 0xC023001D
+	STATUS_NDIS_RESOURCE_CONFLICT                                             NTStatus      = 0xC023001E
+	STATUS_NDIS_MEDIA_DISCONNECTED                                            NTStatus      = 0xC023001F
+	STATUS_NDIS_INVALID_ADDRESS                                               NTStatus      = 0xC0230022
+	STATUS_NDIS_INVALID_DEVICE_REQUEST                                        NTStatus      = 0xC0230010
+	STATUS_NDIS_PAUSED                                                        NTStatus      = 0xC023002A
+	STATUS_NDIS_INTERFACE_NOT_FOUND                                           NTStatus      = 0xC023002B
+	STATUS_NDIS_UNSUPPORTED_REVISION                                          NTStatus      = 0xC023002C
+	STATUS_NDIS_INVALID_PORT                                                  NTStatus      = 0xC023002D
+	STATUS_NDIS_INVALID_PORT_STATE                                            NTStatus      = 0xC023002E
+	STATUS_NDIS_LOW_POWER_STATE                                               NTStatus      = 0xC023002F
+	STATUS_NDIS_REINIT_REQUIRED                                               NTStatus      = 0xC0230030
+	STATUS_NDIS_NO_QUEUES                                                     NTStatus      = 0xC0230031
+	STATUS_NDIS_DOT11_AUTO_CONFIG_ENABLED                                     NTStatus      = 0xC0232000
+	STATUS_NDIS_DOT11_MEDIA_IN_USE                                            NTStatus      = 0xC0232001
+	STATUS_NDIS_DOT11_POWER_STATE_INVALID                                     NTStatus      = 0xC0232002
+	STATUS_NDIS_PM_WOL_PATTERN_LIST_FULL                                      NTStatus      = 0xC0232003
+	STATUS_NDIS_PM_PROTOCOL_OFFLOAD_LIST_FULL                                 NTStatus      = 0xC0232004
+	STATUS_NDIS_DOT11_AP_CHANNEL_CURRENTLY_NOT_AVAILABLE                      NTStatus      = 0xC0232005
+	STATUS_NDIS_DOT11_AP_BAND_CURRENTLY_NOT_AVAILABLE                         NTStatus      = 0xC0232006
+	STATUS_NDIS_DOT11_AP_CHANNEL_NOT_ALLOWED                                  NTStatus      = 0xC0232007
+	STATUS_NDIS_DOT11_AP_BAND_NOT_ALLOWED                                     NTStatus      = 0xC0232008
+	STATUS_NDIS_INDICATION_REQUIRED                                           NTStatus      = 0x40230001
+	STATUS_NDIS_OFFLOAD_POLICY                                                NTStatus      = 0xC023100F
+	STATUS_NDIS_OFFLOAD_CONNECTION_REJECTED                                   NTStatus      = 0xC0231012
+	STATUS_NDIS_OFFLOAD_PATH_REJECTED                                         NTStatus      = 0xC0231013
+	STATUS_TPM_ERROR_MASK                                                     NTStatus      = 0xC0290000
+	STATUS_TPM_AUTHFAIL                                                       NTStatus      = 0xC0290001
+	STATUS_TPM_BADINDEX                                                       NTStatus      = 0xC0290002
+	STATUS_TPM_BAD_PARAMETER                                                  NTStatus      = 0xC0290003
+	STATUS_TPM_AUDITFAILURE                                                   NTStatus      = 0xC0290004
+	STATUS_TPM_CLEAR_DISABLED                                                 NTStatus      = 0xC0290005
+	STATUS_TPM_DEACTIVATED                                                    NTStatus      = 0xC0290006
+	STATUS_TPM_DISABLED                                                       NTStatus      = 0xC0290007
+	STATUS_TPM_DISABLED_CMD                                                   NTStatus      = 0xC0290008
+	STATUS_TPM_FAIL                                                           NTStatus      = 0xC0290009
+	STATUS_TPM_BAD_ORDINAL                                                    NTStatus      = 0xC029000A
+	STATUS_TPM_INSTALL_DISABLED                                               NTStatus      = 0xC029000B
+	STATUS_TPM_INVALID_KEYHANDLE                                              NTStatus      = 0xC029000C
+	STATUS_TPM_KEYNOTFOUND                                                    NTStatus      = 0xC029000D
+	STATUS_TPM_INAPPROPRIATE_ENC                                              NTStatus      = 0xC029000E
+	STATUS_TPM_MIGRATEFAIL                                                    NTStatus      = 0xC029000F
+	STATUS_TPM_INVALID_PCR_INFO                                               NTStatus      = 0xC0290010
+	STATUS_TPM_NOSPACE                                                        NTStatus      = 0xC0290011
+	STATUS_TPM_NOSRK                                                          NTStatus      = 0xC0290012
+	STATUS_TPM_NOTSEALED_BLOB                                                 NTStatus      = 0xC0290013
+	STATUS_TPM_OWNER_SET                                                      NTStatus      = 0xC0290014
+	STATUS_TPM_RESOURCES                                                      NTStatus      = 0xC0290015
+	STATUS_TPM_SHORTRANDOM                                                    NTStatus      = 0xC0290016
+	STATUS_TPM_SIZE                                                           NTStatus      = 0xC0290017
+	STATUS_TPM_WRONGPCRVAL                                                    NTStatus      = 0xC0290018
+	STATUS_TPM_BAD_PARAM_SIZE                                                 NTStatus      = 0xC0290019
+	STATUS_TPM_SHA_THREAD                                                     NTStatus      = 0xC029001A
+	STATUS_TPM_SHA_ERROR                                                      NTStatus      = 0xC029001B
+	STATUS_TPM_FAILEDSELFTEST                                                 NTStatus      = 0xC029001C
+	STATUS_TPM_AUTH2FAIL                                                      NTStatus      = 0xC029001D
+	STATUS_TPM_BADTAG                                                         NTStatus      = 0xC029001E
+	STATUS_TPM_IOERROR                                                        NTStatus      = 0xC029001F
+	STATUS_TPM_ENCRYPT_ERROR                                                  NTStatus      = 0xC0290020
+	STATUS_TPM_DECRYPT_ERROR                                                  NTStatus      = 0xC0290021
+	STATUS_TPM_INVALID_AUTHHANDLE                                             NTStatus      = 0xC0290022
+	STATUS_TPM_NO_ENDORSEMENT                                                 NTStatus      = 0xC0290023
+	STATUS_TPM_INVALID_KEYUSAGE                                               NTStatus      = 0xC0290024
+	STATUS_TPM_WRONG_ENTITYTYPE                                               NTStatus      = 0xC0290025
+	STATUS_TPM_INVALID_POSTINIT                                               NTStatus      = 0xC0290026
+	STATUS_TPM_INAPPROPRIATE_SIG                                              NTStatus      = 0xC0290027
+	STATUS_TPM_BAD_KEY_PROPERTY                                               NTStatus      = 0xC0290028
+	STATUS_TPM_BAD_MIGRATION                                                  NTStatus      = 0xC0290029
+	STATUS_TPM_BAD_SCHEME                                                     NTStatus      = 0xC029002A
+	STATUS_TPM_BAD_DATASIZE                                                   NTStatus      = 0xC029002B
+	STATUS_TPM_BAD_MODE                                                       NTStatus      = 0xC029002C
+	STATUS_TPM_BAD_PRESENCE                                                   NTStatus      = 0xC029002D
+	STATUS_TPM_BAD_VERSION                                                    NTStatus      = 0xC029002E
+	STATUS_TPM_NO_WRAP_TRANSPORT                                              NTStatus      = 0xC029002F
+	STATUS_TPM_AUDITFAIL_UNSUCCESSFUL                                         NTStatus      = 0xC0290030
+	STATUS_TPM_AUDITFAIL_SUCCESSFUL                                           NTStatus      = 0xC0290031
+	STATUS_TPM_NOTRESETABLE                                                   NTStatus      = 0xC0290032
+	STATUS_TPM_NOTLOCAL                                                       NTStatus      = 0xC0290033
+	STATUS_TPM_BAD_TYPE                                                       NTStatus      = 0xC0290034
+	STATUS_TPM_INVALID_RESOURCE                                               NTStatus      = 0xC0290035
+	STATUS_TPM_NOTFIPS                                                        NTStatus      = 0xC0290036
+	STATUS_TPM_INVALID_FAMILY                                                 NTStatus      = 0xC0290037
+	STATUS_TPM_NO_NV_PERMISSION                                               NTStatus      = 0xC0290038
+	STATUS_TPM_REQUIRES_SIGN                                                  NTStatus      = 0xC0290039
+	STATUS_TPM_KEY_NOTSUPPORTED                                               NTStatus      = 0xC029003A
+	STATUS_TPM_AUTH_CONFLICT                                                  NTStatus      = 0xC029003B
+	STATUS_TPM_AREA_LOCKED                                                    NTStatus      = 0xC029003C
+	STATUS_TPM_BAD_LOCALITY                                                   NTStatus      = 0xC029003D
+	STATUS_TPM_READ_ONLY                                                      NTStatus      = 0xC029003E
+	STATUS_TPM_PER_NOWRITE                                                    NTStatus      = 0xC029003F
+	STATUS_TPM_FAMILYCOUNT                                                    NTStatus      = 0xC0290040
+	STATUS_TPM_WRITE_LOCKED                                                   NTStatus      = 0xC0290041
+	STATUS_TPM_BAD_ATTRIBUTES                                                 NTStatus      = 0xC0290042
+	STATUS_TPM_INVALID_STRUCTURE                                              NTStatus      = 0xC0290043
+	STATUS_TPM_KEY_OWNER_CONTROL                                              NTStatus      = 0xC0290044
+	STATUS_TPM_BAD_COUNTER                                                    NTStatus      = 0xC0290045
+	STATUS_TPM_NOT_FULLWRITE                                                  NTStatus      = 0xC0290046
+	STATUS_TPM_CONTEXT_GAP                                                    NTStatus      = 0xC0290047
+	STATUS_TPM_MAXNVWRITES                                                    NTStatus      = 0xC0290048
+	STATUS_TPM_NOOPERATOR                                                     NTStatus      = 0xC0290049
+	STATUS_TPM_RESOURCEMISSING                                                NTStatus      = 0xC029004A
+	STATUS_TPM_DELEGATE_LOCK                                                  NTStatus      = 0xC029004B
+	STATUS_TPM_DELEGATE_FAMILY                                                NTStatus      = 0xC029004C
+	STATUS_TPM_DELEGATE_ADMIN                                                 NTStatus      = 0xC029004D
+	STATUS_TPM_TRANSPORT_NOTEXCLUSIVE                                         NTStatus      = 0xC029004E
+	STATUS_TPM_OWNER_CONTROL                                                  NTStatus      = 0xC029004F
+	STATUS_TPM_DAA_RESOURCES                                                  NTStatus      = 0xC0290050
+	STATUS_TPM_DAA_INPUT_DATA0                                                NTStatus      = 0xC0290051
+	STATUS_TPM_DAA_INPUT_DATA1                                                NTStatus      = 0xC0290052
+	STATUS_TPM_DAA_ISSUER_SETTINGS                                            NTStatus      = 0xC0290053
+	STATUS_TPM_DAA_TPM_SETTINGS                                               NTStatus      = 0xC0290054
+	STATUS_TPM_DAA_STAGE                                                      NTStatus      = 0xC0290055
+	STATUS_TPM_DAA_ISSUER_VALIDITY                                            NTStatus      = 0xC0290056
+	STATUS_TPM_DAA_WRONG_W                                                    NTStatus      = 0xC0290057
+	STATUS_TPM_BAD_HANDLE                                                     NTStatus      = 0xC0290058
+	STATUS_TPM_BAD_DELEGATE                                                   NTStatus      = 0xC0290059
+	STATUS_TPM_BADCONTEXT                                                     NTStatus      = 0xC029005A
+	STATUS_TPM_TOOMANYCONTEXTS                                                NTStatus      = 0xC029005B
+	STATUS_TPM_MA_TICKET_SIGNATURE                                            NTStatus      = 0xC029005C
+	STATUS_TPM_MA_DESTINATION                                                 NTStatus      = 0xC029005D
+	STATUS_TPM_MA_SOURCE                                                      NTStatus      = 0xC029005E
+	STATUS_TPM_MA_AUTHORITY                                                   NTStatus      = 0xC029005F
+	STATUS_TPM_PERMANENTEK                                                    NTStatus      = 0xC0290061
+	STATUS_TPM_BAD_SIGNATURE                                                  NTStatus      = 0xC0290062
+	STATUS_TPM_NOCONTEXTSPACE                                                 NTStatus      = 0xC0290063
+	STATUS_TPM_20_E_ASYMMETRIC                                                NTStatus      = 0xC0290081
+	STATUS_TPM_20_E_ATTRIBUTES                                                NTStatus      = 0xC0290082
+	STATUS_TPM_20_E_HASH                                                      NTStatus      = 0xC0290083
+	STATUS_TPM_20_E_VALUE                                                     NTStatus      = 0xC0290084
+	STATUS_TPM_20_E_HIERARCHY                                                 NTStatus      = 0xC0290085
+	STATUS_TPM_20_E_KEY_SIZE                                                  NTStatus      = 0xC0290087
+	STATUS_TPM_20_E_MGF                                                       NTStatus      = 0xC0290088
+	STATUS_TPM_20_E_MODE                                                      NTStatus      = 0xC0290089
+	STATUS_TPM_20_E_TYPE                                                      NTStatus      = 0xC029008A
+	STATUS_TPM_20_E_HANDLE                                                    NTStatus      = 0xC029008B
+	STATUS_TPM_20_E_KDF                                                       NTStatus      = 0xC029008C
+	STATUS_TPM_20_E_RANGE                                                     NTStatus      = 0xC029008D
+	STATUS_TPM_20_E_AUTH_FAIL                                                 NTStatus      = 0xC029008E
+	STATUS_TPM_20_E_NONCE                                                     NTStatus      = 0xC029008F
+	STATUS_TPM_20_E_PP                                                        NTStatus      = 0xC0290090
+	STATUS_TPM_20_E_SCHEME                                                    NTStatus      = 0xC0290092
+	STATUS_TPM_20_E_SIZE                                                      NTStatus      = 0xC0290095
+	STATUS_TPM_20_E_SYMMETRIC                                                 NTStatus      = 0xC0290096
+	STATUS_TPM_20_E_TAG                                                       NTStatus      = 0xC0290097
+	STATUS_TPM_20_E_SELECTOR                                                  NTStatus      = 0xC0290098
+	STATUS_TPM_20_E_INSUFFICIENT                                              NTStatus      = 0xC029009A
+	STATUS_TPM_20_E_SIGNATURE                                                 NTStatus      = 0xC029009B
+	STATUS_TPM_20_E_KEY                                                       NTStatus      = 0xC029009C
+	STATUS_TPM_20_E_POLICY_FAIL                                               NTStatus      = 0xC029009D
+	STATUS_TPM_20_E_INTEGRITY                                                 NTStatus      = 0xC029009F
+	STATUS_TPM_20_E_TICKET                                                    NTStatus      = 0xC02900A0
+	STATUS_TPM_20_E_RESERVED_BITS                                             NTStatus      = 0xC02900A1
+	STATUS_TPM_20_E_BAD_AUTH                                                  NTStatus      = 0xC02900A2
+	STATUS_TPM_20_E_EXPIRED                                                   NTStatus      = 0xC02900A3
+	STATUS_TPM_20_E_POLICY_CC                                                 NTStatus      = 0xC02900A4
+	STATUS_TPM_20_E_BINDING                                                   NTStatus      = 0xC02900A5
+	STATUS_TPM_20_E_CURVE                                                     NTStatus      = 0xC02900A6
+	STATUS_TPM_20_E_ECC_POINT                                                 NTStatus      = 0xC02900A7
+	STATUS_TPM_20_E_INITIALIZE                                                NTStatus      = 0xC0290100
+	STATUS_TPM_20_E_FAILURE                                                   NTStatus      = 0xC0290101
+	STATUS_TPM_20_E_SEQUENCE                                                  NTStatus      = 0xC0290103
+	STATUS_TPM_20_E_PRIVATE                                                   NTStatus      = 0xC029010B
+	STATUS_TPM_20_E_HMAC                                                      NTStatus      = 0xC0290119
+	STATUS_TPM_20_E_DISABLED                                                  NTStatus      = 0xC0290120
+	STATUS_TPM_20_E_EXCLUSIVE                                                 NTStatus      = 0xC0290121
+	STATUS_TPM_20_E_ECC_CURVE                                                 NTStatus      = 0xC0290123
+	STATUS_TPM_20_E_AUTH_TYPE                                                 NTStatus      = 0xC0290124
+	STATUS_TPM_20_E_AUTH_MISSING                                              NTStatus      = 0xC0290125
+	STATUS_TPM_20_E_POLICY                                                    NTStatus      = 0xC0290126
+	STATUS_TPM_20_E_PCR                                                       NTStatus      = 0xC0290127
+	STATUS_TPM_20_E_PCR_CHANGED                                               NTStatus      = 0xC0290128
+	STATUS_TPM_20_E_UPGRADE                                                   NTStatus      = 0xC029012D
+	STATUS_TPM_20_E_TOO_MANY_CONTEXTS                                         NTStatus      = 0xC029012E
+	STATUS_TPM_20_E_AUTH_UNAVAILABLE                                          NTStatus      = 0xC029012F
+	STATUS_TPM_20_E_REBOOT                                                    NTStatus      = 0xC0290130
+	STATUS_TPM_20_E_UNBALANCED                                                NTStatus      = 0xC0290131
+	STATUS_TPM_20_E_COMMAND_SIZE                                              NTStatus      = 0xC0290142
+	STATUS_TPM_20_E_COMMAND_CODE                                              NTStatus      = 0xC0290143
+	STATUS_TPM_20_E_AUTHSIZE                                                  NTStatus      = 0xC0290144
+	STATUS_TPM_20_E_AUTH_CONTEXT                                              NTStatus      = 0xC0290145
+	STATUS_TPM_20_E_NV_RANGE                                                  NTStatus      = 0xC0290146
+	STATUS_TPM_20_E_NV_SIZE                                                   NTStatus      = 0xC0290147
+	STATUS_TPM_20_E_NV_LOCKED                                                 NTStatus      = 0xC0290148
+	STATUS_TPM_20_E_NV_AUTHORIZATION                                          NTStatus      = 0xC0290149
+	STATUS_TPM_20_E_NV_UNINITIALIZED                                          NTStatus      = 0xC029014A
+	STATUS_TPM_20_E_NV_SPACE                                                  NTStatus      = 0xC029014B
+	STATUS_TPM_20_E_NV_DEFINED                                                NTStatus      = 0xC029014C
+	STATUS_TPM_20_E_BAD_CONTEXT                                               NTStatus      = 0xC0290150
+	STATUS_TPM_20_E_CPHASH                                                    NTStatus      = 0xC0290151
+	STATUS_TPM_20_E_PARENT                                                    NTStatus      = 0xC0290152
+	STATUS_TPM_20_E_NEEDS_TEST                                                NTStatus      = 0xC0290153
+	STATUS_TPM_20_E_NO_RESULT                                                 NTStatus      = 0xC0290154
+	STATUS_TPM_20_E_SENSITIVE                                                 NTStatus      = 0xC0290155
+	STATUS_TPM_COMMAND_BLOCKED                                                NTStatus      = 0xC0290400
+	STATUS_TPM_INVALID_HANDLE                                                 NTStatus      = 0xC0290401
+	STATUS_TPM_DUPLICATE_VHANDLE                                              NTStatus      = 0xC0290402
+	STATUS_TPM_EMBEDDED_COMMAND_BLOCKED                                       NTStatus      = 0xC0290403
+	STATUS_TPM_EMBEDDED_COMMAND_UNSUPPORTED                                   NTStatus      = 0xC0290404
+	STATUS_TPM_RETRY                                                          NTStatus      = 0xC0290800
+	STATUS_TPM_NEEDS_SELFTEST                                                 NTStatus      = 0xC0290801
+	STATUS_TPM_DOING_SELFTEST                                                 NTStatus      = 0xC0290802
+	STATUS_TPM_DEFEND_LOCK_RUNNING                                            NTStatus      = 0xC0290803
+	STATUS_TPM_COMMAND_CANCELED                                               NTStatus      = 0xC0291001
+	STATUS_TPM_TOO_MANY_CONTEXTS                                              NTStatus      = 0xC0291002
+	STATUS_TPM_NOT_FOUND                                                      NTStatus      = 0xC0291003
+	STATUS_TPM_ACCESS_DENIED                                                  NTStatus      = 0xC0291004
+	STATUS_TPM_INSUFFICIENT_BUFFER                                            NTStatus      = 0xC0291005
+	STATUS_TPM_PPI_FUNCTION_UNSUPPORTED                                       NTStatus      = 0xC0291006
+	STATUS_PCP_ERROR_MASK                                                     NTStatus      = 0xC0292000
+	STATUS_PCP_DEVICE_NOT_READY                                               NTStatus      = 0xC0292001
+	STATUS_PCP_INVALID_HANDLE                                                 NTStatus      = 0xC0292002
+	STATUS_PCP_INVALID_PARAMETER                                              NTStatus      = 0xC0292003
+	STATUS_PCP_FLAG_NOT_SUPPORTED                                             NTStatus      = 0xC0292004
+	STATUS_PCP_NOT_SUPPORTED                                                  NTStatus      = 0xC0292005
+	STATUS_PCP_BUFFER_TOO_SMALL                                               NTStatus      = 0xC0292006
+	STATUS_PCP_INTERNAL_ERROR                                                 NTStatus      = 0xC0292007
+	STATUS_PCP_AUTHENTICATION_FAILED                                          NTStatus      = 0xC0292008
+	STATUS_PCP_AUTHENTICATION_IGNORED                                         NTStatus      = 0xC0292009
+	STATUS_PCP_POLICY_NOT_FOUND                                               NTStatus      = 0xC029200A
+	STATUS_PCP_PROFILE_NOT_FOUND                                              NTStatus      = 0xC029200B
+	STATUS_PCP_VALIDATION_FAILED                                              NTStatus      = 0xC029200C
+	STATUS_PCP_DEVICE_NOT_FOUND                                               NTStatus      = 0xC029200D
+	STATUS_PCP_WRONG_PARENT                                                   NTStatus      = 0xC029200E
+	STATUS_PCP_KEY_NOT_LOADED                                                 NTStatus      = 0xC029200F
+	STATUS_PCP_NO_KEY_CERTIFICATION                                           NTStatus      = 0xC0292010
+	STATUS_PCP_KEY_NOT_FINALIZED                                              NTStatus      = 0xC0292011
+	STATUS_PCP_ATTESTATION_CHALLENGE_NOT_SET                                  NTStatus      = 0xC0292012
+	STATUS_PCP_NOT_PCR_BOUND                                                  NTStatus      = 0xC0292013
+	STATUS_PCP_KEY_ALREADY_FINALIZED                                          NTStatus      = 0xC0292014
+	STATUS_PCP_KEY_USAGE_POLICY_NOT_SUPPORTED                                 NTStatus      = 0xC0292015
+	STATUS_PCP_KEY_USAGE_POLICY_INVALID                                       NTStatus      = 0xC0292016
+	STATUS_PCP_SOFT_KEY_ERROR                                                 NTStatus      = 0xC0292017
+	STATUS_PCP_KEY_NOT_AUTHENTICATED                                          NTStatus      = 0xC0292018
+	STATUS_PCP_KEY_NOT_AIK                                                    NTStatus      = 0xC0292019
+	STATUS_PCP_KEY_NOT_SIGNING_KEY                                            NTStatus      = 0xC029201A
+	STATUS_PCP_LOCKED_OUT                                                     NTStatus      = 0xC029201B
+	STATUS_PCP_CLAIM_TYPE_NOT_SUPPORTED                                       NTStatus      = 0xC029201C
+	STATUS_PCP_TPM_VERSION_NOT_SUPPORTED                                      NTStatus      = 0xC029201D
+	STATUS_PCP_BUFFER_LENGTH_MISMATCH                                         NTStatus      = 0xC029201E
+	STATUS_PCP_IFX_RSA_KEY_CREATION_BLOCKED                                   NTStatus      = 0xC029201F
+	STATUS_PCP_TICKET_MISSING                                                 NTStatus      = 0xC0292020
+	STATUS_PCP_RAW_POLICY_NOT_SUPPORTED                                       NTStatus      = 0xC0292021
+	STATUS_PCP_KEY_HANDLE_INVALIDATED                                         NTStatus      = 0xC0292022
+	STATUS_PCP_UNSUPPORTED_PSS_SALT                                           NTStatus      = 0x40292023
+	STATUS_RTPM_CONTEXT_CONTINUE                                              NTStatus      = 0x00293000
+	STATUS_RTPM_CONTEXT_COMPLETE                                              NTStatus      = 0x00293001
+	STATUS_RTPM_NO_RESULT                                                     NTStatus      = 0xC0293002
+	STATUS_RTPM_PCR_READ_INCOMPLETE                                           NTStatus      = 0xC0293003
+	STATUS_RTPM_INVALID_CONTEXT                                               NTStatus      = 0xC0293004
+	STATUS_RTPM_UNSUPPORTED_CMD                                               NTStatus      = 0xC0293005
+	STATUS_TPM_ZERO_EXHAUST_ENABLED                                           NTStatus      = 0xC0294000
+	STATUS_HV_INVALID_HYPERCALL_CODE                                          NTStatus      = 0xC0350002
+	STATUS_HV_INVALID_HYPERCALL_INPUT                                         NTStatus      = 0xC0350003
+	STATUS_HV_INVALID_ALIGNMENT                                               NTStatus      = 0xC0350004
+	STATUS_HV_INVALID_PARAMETER                                               NTStatus      = 0xC0350005
+	STATUS_HV_ACCESS_DENIED                                                   NTStatus      = 0xC0350006
+	STATUS_HV_INVALID_PARTITION_STATE                                         NTStatus      = 0xC0350007
+	STATUS_HV_OPERATION_DENIED                                                NTStatus      = 0xC0350008
+	STATUS_HV_UNKNOWN_PROPERTY                                                NTStatus      = 0xC0350009
+	STATUS_HV_PROPERTY_VALUE_OUT_OF_RANGE                                     NTStatus      = 0xC035000A
+	STATUS_HV_INSUFFICIENT_MEMORY                                             NTStatus      = 0xC035000B
+	STATUS_HV_PARTITION_TOO_DEEP                                              NTStatus      = 0xC035000C
+	STATUS_HV_INVALID_PARTITION_ID                                            NTStatus      = 0xC035000D
+	STATUS_HV_INVALID_VP_INDEX                                                NTStatus      = 0xC035000E
+	STATUS_HV_INVALID_PORT_ID                                                 NTStatus      = 0xC0350011
+	STATUS_HV_INVALID_CONNECTION_ID                                           NTStatus      = 0xC0350012
+	STATUS_HV_INSUFFICIENT_BUFFERS                                            NTStatus      = 0xC0350013
+	STATUS_HV_NOT_ACKNOWLEDGED                                                NTStatus      = 0xC0350014
+	STATUS_HV_INVALID_VP_STATE                                                NTStatus      = 0xC0350015
+	STATUS_HV_ACKNOWLEDGED                                                    NTStatus      = 0xC0350016
+	STATUS_HV_INVALID_SAVE_RESTORE_STATE                                      NTStatus      = 0xC0350017
+	STATUS_HV_INVALID_SYNIC_STATE                                             NTStatus      = 0xC0350018
+	STATUS_HV_OBJECT_IN_USE                                                   NTStatus      = 0xC0350019
+	STATUS_HV_INVALID_PROXIMITY_DOMAIN_INFO                                   NTStatus      = 0xC035001A
+	STATUS_HV_NO_DATA                                                         NTStatus      = 0xC035001B
+	STATUS_HV_INACTIVE                                                        NTStatus      = 0xC035001C
+	STATUS_HV_NO_RESOURCES                                                    NTStatus      = 0xC035001D
+	STATUS_HV_FEATURE_UNAVAILABLE                                             NTStatus      = 0xC035001E
+	STATUS_HV_INSUFFICIENT_BUFFER                                             NTStatus      = 0xC0350033
+	STATUS_HV_INSUFFICIENT_DEVICE_DOMAINS                                     NTStatus      = 0xC0350038
+	STATUS_HV_CPUID_FEATURE_VALIDATION_ERROR                                  NTStatus      = 0xC035003C
+	STATUS_HV_CPUID_XSAVE_FEATURE_VALIDATION_ERROR                            NTStatus      = 0xC035003D
+	STATUS_HV_PROCESSOR_STARTUP_TIMEOUT                                       NTStatus      = 0xC035003E
+	STATUS_HV_SMX_ENABLED                                                     NTStatus      = 0xC035003F
+	STATUS_HV_INVALID_LP_INDEX                                                NTStatus      = 0xC0350041
+	STATUS_HV_INVALID_REGISTER_VALUE                                          NTStatus      = 0xC0350050
+	STATUS_HV_INVALID_VTL_STATE                                               NTStatus      = 0xC0350051
+	STATUS_HV_NX_NOT_DETECTED                                                 NTStatus      = 0xC0350055
+	STATUS_HV_INVALID_DEVICE_ID                                               NTStatus      = 0xC0350057
+	STATUS_HV_INVALID_DEVICE_STATE                                            NTStatus      = 0xC0350058
+	STATUS_HV_PENDING_PAGE_REQUESTS                                           NTStatus      = 0x00350059
+	STATUS_HV_PAGE_REQUEST_INVALID                                            NTStatus      = 0xC0350060
+	STATUS_HV_INVALID_CPU_GROUP_ID                                            NTStatus      = 0xC035006F
+	STATUS_HV_INVALID_CPU_GROUP_STATE                                         NTStatus      = 0xC0350070
+	STATUS_HV_OPERATION_FAILED                                                NTStatus      = 0xC0350071
+	STATUS_HV_NOT_ALLOWED_WITH_NESTED_VIRT_ACTIVE                             NTStatus      = 0xC0350072
+	STATUS_HV_INSUFFICIENT_ROOT_MEMORY                                        NTStatus      = 0xC0350073
+	STATUS_HV_NOT_PRESENT                                                     NTStatus      = 0xC0351000
+	STATUS_VID_DUPLICATE_HANDLER                                              NTStatus      = 0xC0370001
+	STATUS_VID_TOO_MANY_HANDLERS                                              NTStatus      = 0xC0370002
+	STATUS_VID_QUEUE_FULL                                                     NTStatus      = 0xC0370003
+	STATUS_VID_HANDLER_NOT_PRESENT                                            NTStatus      = 0xC0370004
+	STATUS_VID_INVALID_OBJECT_NAME                                            NTStatus      = 0xC0370005
+	STATUS_VID_PARTITION_NAME_TOO_LONG                                        NTStatus      = 0xC0370006
+	STATUS_VID_MESSAGE_QUEUE_NAME_TOO_LONG                                    NTStatus      = 0xC0370007
+	STATUS_VID_PARTITION_ALREADY_EXISTS                                       NTStatus      = 0xC0370008
+	STATUS_VID_PARTITION_DOES_NOT_EXIST                                       NTStatus      = 0xC0370009
+	STATUS_VID_PARTITION_NAME_NOT_FOUND                                       NTStatus      = 0xC037000A
+	STATUS_VID_MESSAGE_QUEUE_ALREADY_EXISTS                                   NTStatus      = 0xC037000B
+	STATUS_VID_EXCEEDED_MBP_ENTRY_MAP_LIMIT                                   NTStatus      = 0xC037000C
+	STATUS_VID_MB_STILL_REFERENCED                                            NTStatus      = 0xC037000D
+	STATUS_VID_CHILD_GPA_PAGE_SET_CORRUPTED                                   NTStatus      = 0xC037000E
+	STATUS_VID_INVALID_NUMA_SETTINGS                                          NTStatus      = 0xC037000F
+	STATUS_VID_INVALID_NUMA_NODE_INDEX                                        NTStatus      = 0xC0370010
+	STATUS_VID_NOTIFICATION_QUEUE_ALREADY_ASSOCIATED                          NTStatus      = 0xC0370011
+	STATUS_VID_INVALID_MEMORY_BLOCK_HANDLE                                    NTStatus      = 0xC0370012
+	STATUS_VID_PAGE_RANGE_OVERFLOW                                            NTStatus      = 0xC0370013
+	STATUS_VID_INVALID_MESSAGE_QUEUE_HANDLE                                   NTStatus      = 0xC0370014
+	STATUS_VID_INVALID_GPA_RANGE_HANDLE                                       NTStatus      = 0xC0370015
+	STATUS_VID_NO_MEMORY_BLOCK_NOTIFICATION_QUEUE                             NTStatus      = 0xC0370016
+	STATUS_VID_MEMORY_BLOCK_LOCK_COUNT_EXCEEDED                               NTStatus      = 0xC0370017
+	STATUS_VID_INVALID_PPM_HANDLE                                             NTStatus      = 0xC0370018
+	STATUS_VID_MBPS_ARE_LOCKED                                                NTStatus      = 0xC0370019
+	STATUS_VID_MESSAGE_QUEUE_CLOSED                                           NTStatus      = 0xC037001A
+	STATUS_VID_VIRTUAL_PROCESSOR_LIMIT_EXCEEDED                               NTStatus      = 0xC037001B
+	STATUS_VID_STOP_PENDING                                                   NTStatus      = 0xC037001C
+	STATUS_VID_INVALID_PROCESSOR_STATE                                        NTStatus      = 0xC037001D
+	STATUS_VID_EXCEEDED_KM_CONTEXT_COUNT_LIMIT                                NTStatus      = 0xC037001E
+	STATUS_VID_KM_INTERFACE_ALREADY_INITIALIZED                               NTStatus      = 0xC037001F
+	STATUS_VID_MB_PROPERTY_ALREADY_SET_RESET                                  NTStatus      = 0xC0370020
+	STATUS_VID_MMIO_RANGE_DESTROYED                                           NTStatus      = 0xC0370021
+	STATUS_VID_INVALID_CHILD_GPA_PAGE_SET                                     NTStatus      = 0xC0370022
+	STATUS_VID_RESERVE_PAGE_SET_IS_BEING_USED                                 NTStatus      = 0xC0370023
+	STATUS_VID_RESERVE_PAGE_SET_TOO_SMALL                                     NTStatus      = 0xC0370024
+	STATUS_VID_MBP_ALREADY_LOCKED_USING_RESERVED_PAGE                         NTStatus      = 0xC0370025
+	STATUS_VID_MBP_COUNT_EXCEEDED_LIMIT                                       NTStatus      = 0xC0370026
+	STATUS_VID_SAVED_STATE_CORRUPT                                            NTStatus      = 0xC0370027
+	STATUS_VID_SAVED_STATE_UNRECOGNIZED_ITEM                                  NTStatus      = 0xC0370028
+	STATUS_VID_SAVED_STATE_INCOMPATIBLE                                       NTStatus      = 0xC0370029
+	STATUS_VID_VTL_ACCESS_DENIED                                              NTStatus      = 0xC037002A
+	STATUS_VID_REMOTE_NODE_PARENT_GPA_PAGES_USED                              NTStatus      = 0x80370001
+	STATUS_IPSEC_BAD_SPI                                                      NTStatus      = 0xC0360001
+	STATUS_IPSEC_SA_LIFETIME_EXPIRED                                          NTStatus      = 0xC0360002
+	STATUS_IPSEC_WRONG_SA                                                     NTStatus      = 0xC0360003
+	STATUS_IPSEC_REPLAY_CHECK_FAILED                                          NTStatus      = 0xC0360004
+	STATUS_IPSEC_INVALID_PACKET                                               NTStatus      = 0xC0360005
+	STATUS_IPSEC_INTEGRITY_CHECK_FAILED                                       NTStatus      = 0xC0360006
+	STATUS_IPSEC_CLEAR_TEXT_DROP                                              NTStatus      = 0xC0360007
+	STATUS_IPSEC_AUTH_FIREWALL_DROP                                           NTStatus      = 0xC0360008
+	STATUS_IPSEC_THROTTLE_DROP                                                NTStatus      = 0xC0360009
+	STATUS_IPSEC_DOSP_BLOCK                                                   NTStatus      = 0xC0368000
+	STATUS_IPSEC_DOSP_RECEIVED_MULTICAST                                      NTStatus      = 0xC0368001
+	STATUS_IPSEC_DOSP_INVALID_PACKET                                          NTStatus      = 0xC0368002
+	STATUS_IPSEC_DOSP_STATE_LOOKUP_FAILED                                     NTStatus      = 0xC0368003
+	STATUS_IPSEC_DOSP_MAX_ENTRIES                                             NTStatus      = 0xC0368004
+	STATUS_IPSEC_DOSP_KEYMOD_NOT_ALLOWED                                      NTStatus      = 0xC0368005
+	STATUS_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES                             NTStatus      = 0xC0368006
+	STATUS_VOLMGR_INCOMPLETE_REGENERATION                                     NTStatus      = 0x80380001
+	STATUS_VOLMGR_INCOMPLETE_DISK_MIGRATION                                   NTStatus      = 0x80380002
+	STATUS_VOLMGR_DATABASE_FULL                                               NTStatus      = 0xC0380001
+	STATUS_VOLMGR_DISK_CONFIGURATION_CORRUPTED                                NTStatus      = 0xC0380002
+	STATUS_VOLMGR_DISK_CONFIGURATION_NOT_IN_SYNC                              NTStatus      = 0xC0380003
+	STATUS_VOLMGR_PACK_CONFIG_UPDATE_FAILED                                   NTStatus      = 0xC0380004
+	STATUS_VOLMGR_DISK_CONTAINS_NON_SIMPLE_VOLUME                             NTStatus      = 0xC0380005
+	STATUS_VOLMGR_DISK_DUPLICATE                                              NTStatus      = 0xC0380006
+	STATUS_VOLMGR_DISK_DYNAMIC                                                NTStatus      = 0xC0380007
+	STATUS_VOLMGR_DISK_ID_INVALID                                             NTStatus      = 0xC0380008
+	STATUS_VOLMGR_DISK_INVALID                                                NTStatus      = 0xC0380009
+	STATUS_VOLMGR_DISK_LAST_VOTER                                             NTStatus      = 0xC038000A
+	STATUS_VOLMGR_DISK_LAYOUT_INVALID                                         NTStatus      = 0xC038000B
+	STATUS_VOLMGR_DISK_LAYOUT_NON_BASIC_BETWEEN_BASIC_PARTITIONS              NTStatus      = 0xC038000C
+	STATUS_VOLMGR_DISK_LAYOUT_NOT_CYLINDER_ALIGNED                            NTStatus      = 0xC038000D
+	STATUS_VOLMGR_DISK_LAYOUT_PARTITIONS_TOO_SMALL                            NTStatus      = 0xC038000E
+	STATUS_VOLMGR_DISK_LAYOUT_PRIMARY_BETWEEN_LOGICAL_PARTITIONS              NTStatus      = 0xC038000F
+	STATUS_VOLMGR_DISK_LAYOUT_TOO_MANY_PARTITIONS                             NTStatus      = 0xC0380010
+	STATUS_VOLMGR_DISK_MISSING                                                NTStatus      = 0xC0380011
+	STATUS_VOLMGR_DISK_NOT_EMPTY                                              NTStatus      = 0xC0380012
+	STATUS_VOLMGR_DISK_NOT_ENOUGH_SPACE                                       NTStatus      = 0xC0380013
+	STATUS_VOLMGR_DISK_REVECTORING_FAILED                                     NTStatus      = 0xC0380014
+	STATUS_VOLMGR_DISK_SECTOR_SIZE_INVALID                                    NTStatus      = 0xC0380015
+	STATUS_VOLMGR_DISK_SET_NOT_CONTAINED                                      NTStatus      = 0xC0380016
+	STATUS_VOLMGR_DISK_USED_BY_MULTIPLE_MEMBERS                               NTStatus      = 0xC0380017
+	STATUS_VOLMGR_DISK_USED_BY_MULTIPLE_PLEXES                                NTStatus      = 0xC0380018
+	STATUS_VOLMGR_DYNAMIC_DISK_NOT_SUPPORTED                                  NTStatus      = 0xC0380019
+	STATUS_VOLMGR_EXTENT_ALREADY_USED                                         NTStatus      = 0xC038001A
+	STATUS_VOLMGR_EXTENT_NOT_CONTIGUOUS                                       NTStatus      = 0xC038001B
+	STATUS_VOLMGR_EXTENT_NOT_IN_PUBLIC_REGION                                 NTStatus      = 0xC038001C
+	STATUS_VOLMGR_EXTENT_NOT_SECTOR_ALIGNED                                   NTStatus      = 0xC038001D
+	STATUS_VOLMGR_EXTENT_OVERLAPS_EBR_PARTITION                               NTStatus      = 0xC038001E
+	STATUS_VOLMGR_EXTENT_VOLUME_LENGTHS_DO_NOT_MATCH                          NTStatus      = 0xC038001F
+	STATUS_VOLMGR_FAULT_TOLERANT_NOT_SUPPORTED                                NTStatus      = 0xC0380020
+	STATUS_VOLMGR_INTERLEAVE_LENGTH_INVALID                                   NTStatus      = 0xC0380021
+	STATUS_VOLMGR_MAXIMUM_REGISTERED_USERS                                    NTStatus      = 0xC0380022
+	STATUS_VOLMGR_MEMBER_IN_SYNC                                              NTStatus      = 0xC0380023
+	STATUS_VOLMGR_MEMBER_INDEX_DUPLICATE                                      NTStatus      = 0xC0380024
+	STATUS_VOLMGR_MEMBER_INDEX_INVALID                                        NTStatus      = 0xC0380025
+	STATUS_VOLMGR_MEMBER_MISSING                                              NTStatus      = 0xC0380026
+	STATUS_VOLMGR_MEMBER_NOT_DETACHED                                         NTStatus      = 0xC0380027
+	STATUS_VOLMGR_MEMBER_REGENERATING                                         NTStatus      = 0xC0380028
+	STATUS_VOLMGR_ALL_DISKS_FAILED                                            NTStatus      = 0xC0380029
+	STATUS_VOLMGR_NO_REGISTERED_USERS                                         NTStatus      = 0xC038002A
+	STATUS_VOLMGR_NO_SUCH_USER                                                NTStatus      = 0xC038002B
+	STATUS_VOLMGR_NOTIFICATION_RESET                                          NTStatus      = 0xC038002C
+	STATUS_VOLMGR_NUMBER_OF_MEMBERS_INVALID                                   NTStatus      = 0xC038002D
+	STATUS_VOLMGR_NUMBER_OF_PLEXES_INVALID                                    NTStatus      = 0xC038002E
+	STATUS_VOLMGR_PACK_DUPLICATE                                              NTStatus      = 0xC038002F
+	STATUS_VOLMGR_PACK_ID_INVALID                                             NTStatus      = 0xC0380030
+	STATUS_VOLMGR_PACK_INVALID                                                NTStatus      = 0xC0380031
+	STATUS_VOLMGR_PACK_NAME_INVALID                                           NTStatus      = 0xC0380032
+	STATUS_VOLMGR_PACK_OFFLINE                                                NTStatus      = 0xC0380033
+	STATUS_VOLMGR_PACK_HAS_QUORUM                                             NTStatus      = 0xC0380034
+	STATUS_VOLMGR_PACK_WITHOUT_QUORUM                                         NTStatus      = 0xC0380035
+	STATUS_VOLMGR_PARTITION_STYLE_INVALID                                     NTStatus      = 0xC0380036
+	STATUS_VOLMGR_PARTITION_UPDATE_FAILED                                     NTStatus      = 0xC0380037
+	STATUS_VOLMGR_PLEX_IN_SYNC                                                NTStatus      = 0xC0380038
+	STATUS_VOLMGR_PLEX_INDEX_DUPLICATE                                        NTStatus      = 0xC0380039
+	STATUS_VOLMGR_PLEX_INDEX_INVALID                                          NTStatus      = 0xC038003A
+	STATUS_VOLMGR_PLEX_LAST_ACTIVE                                            NTStatus      = 0xC038003B
+	STATUS_VOLMGR_PLEX_MISSING                                                NTStatus      = 0xC038003C
+	STATUS_VOLMGR_PLEX_REGENERATING                                           NTStatus      = 0xC038003D
+	STATUS_VOLMGR_PLEX_TYPE_INVALID                                           NTStatus      = 0xC038003E
+	STATUS_VOLMGR_PLEX_NOT_RAID5                                              NTStatus      = 0xC038003F
+	STATUS_VOLMGR_PLEX_NOT_SIMPLE                                             NTStatus      = 0xC0380040
+	STATUS_VOLMGR_STRUCTURE_SIZE_INVALID                                      NTStatus      = 0xC0380041
+	STATUS_VOLMGR_TOO_MANY_NOTIFICATION_REQUESTS                              NTStatus      = 0xC0380042
+	STATUS_VOLMGR_TRANSACTION_IN_PROGRESS                                     NTStatus      = 0xC0380043
+	STATUS_VOLMGR_UNEXPECTED_DISK_LAYOUT_CHANGE                               NTStatus      = 0xC0380044
+	STATUS_VOLMGR_VOLUME_CONTAINS_MISSING_DISK                                NTStatus      = 0xC0380045
+	STATUS_VOLMGR_VOLUME_ID_INVALID                                           NTStatus      = 0xC0380046
+	STATUS_VOLMGR_VOLUME_LENGTH_INVALID                                       NTStatus      = 0xC0380047
+	STATUS_VOLMGR_VOLUME_LENGTH_NOT_SECTOR_SIZE_MULTIPLE                      NTStatus      = 0xC0380048
+	STATUS_VOLMGR_VOLUME_NOT_MIRRORED                                         NTStatus      = 0xC0380049
+	STATUS_VOLMGR_VOLUME_NOT_RETAINED                                         NTStatus      = 0xC038004A
+	STATUS_VOLMGR_VOLUME_OFFLINE                                              NTStatus      = 0xC038004B
+	STATUS_VOLMGR_VOLUME_RETAINED                                             NTStatus      = 0xC038004C
+	STATUS_VOLMGR_NUMBER_OF_EXTENTS_INVALID                                   NTStatus      = 0xC038004D
+	STATUS_VOLMGR_DIFFERENT_SECTOR_SIZE                                       NTStatus      = 0xC038004E
+	STATUS_VOLMGR_BAD_BOOT_DISK                                               NTStatus      = 0xC038004F
+	STATUS_VOLMGR_PACK_CONFIG_OFFLINE                                         NTStatus      = 0xC0380050
+	STATUS_VOLMGR_PACK_CONFIG_ONLINE                                          NTStatus      = 0xC0380051
+	STATUS_VOLMGR_NOT_PRIMARY_PACK                                            NTStatus      = 0xC0380052
+	STATUS_VOLMGR_PACK_LOG_UPDATE_FAILED                                      NTStatus      = 0xC0380053
+	STATUS_VOLMGR_NUMBER_OF_DISKS_IN_PLEX_INVALID                             NTStatus      = 0xC0380054
+	STATUS_VOLMGR_NUMBER_OF_DISKS_IN_MEMBER_INVALID                           NTStatus      = 0xC0380055
+	STATUS_VOLMGR_VOLUME_MIRRORED                                             NTStatus      = 0xC0380056
+	STATUS_VOLMGR_PLEX_NOT_SIMPLE_SPANNED                                     NTStatus      = 0xC0380057
+	STATUS_VOLMGR_NO_VALID_LOG_COPIES                                         NTStatus      = 0xC0380058
+	STATUS_VOLMGR_PRIMARY_PACK_PRESENT                                        NTStatus      = 0xC0380059
+	STATUS_VOLMGR_NUMBER_OF_DISKS_INVALID                                     NTStatus      = 0xC038005A
+	STATUS_VOLMGR_MIRROR_NOT_SUPPORTED                                        NTStatus      = 0xC038005B
+	STATUS_VOLMGR_RAID5_NOT_SUPPORTED                                         NTStatus      = 0xC038005C
+	STATUS_BCD_NOT_ALL_ENTRIES_IMPORTED                                       NTStatus      = 0x80390001
+	STATUS_BCD_TOO_MANY_ELEMENTS                                              NTStatus      = 0xC0390002
+	STATUS_BCD_NOT_ALL_ENTRIES_SYNCHRONIZED                                   NTStatus      = 0x80390003
+	STATUS_VHD_DRIVE_FOOTER_MISSING                                           NTStatus      = 0xC03A0001
+	STATUS_VHD_DRIVE_FOOTER_CHECKSUM_MISMATCH                                 NTStatus      = 0xC03A0002
+	STATUS_VHD_DRIVE_FOOTER_CORRUPT                                           NTStatus      = 0xC03A0003
+	STATUS_VHD_FORMAT_UNKNOWN                                                 NTStatus      = 0xC03A0004
+	STATUS_VHD_FORMAT_UNSUPPORTED_VERSION                                     NTStatus      = 0xC03A0005
+	STATUS_VHD_SPARSE_HEADER_CHECKSUM_MISMATCH                                NTStatus      = 0xC03A0006
+	STATUS_VHD_SPARSE_HEADER_UNSUPPORTED_VERSION                              NTStatus      = 0xC03A0007
+	STATUS_VHD_SPARSE_HEADER_CORRUPT                                          NTStatus      = 0xC03A0008
+	STATUS_VHD_BLOCK_ALLOCATION_FAILURE                                       NTStatus      = 0xC03A0009
+	STATUS_VHD_BLOCK_ALLOCATION_TABLE_CORRUPT                                 NTStatus      = 0xC03A000A
+	STATUS_VHD_INVALID_BLOCK_SIZE                                             NTStatus      = 0xC03A000B
+	STATUS_VHD_BITMAP_MISMATCH                                                NTStatus      = 0xC03A000C
+	STATUS_VHD_PARENT_VHD_NOT_FOUND                                           NTStatus      = 0xC03A000D
+	STATUS_VHD_CHILD_PARENT_ID_MISMATCH                                       NTStatus      = 0xC03A000E
+	STATUS_VHD_CHILD_PARENT_TIMESTAMP_MISMATCH                                NTStatus      = 0xC03A000F
+	STATUS_VHD_METADATA_READ_FAILURE                                          NTStatus      = 0xC03A0010
+	STATUS_VHD_METADATA_WRITE_FAILURE                                         NTStatus      = 0xC03A0011
+	STATUS_VHD_INVALID_SIZE                                                   NTStatus      = 0xC03A0012
+	STATUS_VHD_INVALID_FILE_SIZE                                              NTStatus      = 0xC03A0013
+	STATUS_VIRTDISK_PROVIDER_NOT_FOUND                                        NTStatus      = 0xC03A0014
+	STATUS_VIRTDISK_NOT_VIRTUAL_DISK                                          NTStatus      = 0xC03A0015
+	STATUS_VHD_PARENT_VHD_ACCESS_DENIED                                       NTStatus      = 0xC03A0016
+	STATUS_VHD_CHILD_PARENT_SIZE_MISMATCH                                     NTStatus      = 0xC03A0017
+	STATUS_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED                              NTStatus      = 0xC03A0018
+	STATUS_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT                             NTStatus      = 0xC03A0019
+	STATUS_VIRTUAL_DISK_LIMITATION                                            NTStatus      = 0xC03A001A
+	STATUS_VHD_INVALID_TYPE                                                   NTStatus      = 0xC03A001B
+	STATUS_VHD_INVALID_STATE                                                  NTStatus      = 0xC03A001C
+	STATUS_VIRTDISK_UNSUPPORTED_DISK_SECTOR_SIZE                              NTStatus      = 0xC03A001D
+	STATUS_VIRTDISK_DISK_ALREADY_OWNED                                        NTStatus      = 0xC03A001E
+	STATUS_VIRTDISK_DISK_ONLINE_AND_WRITABLE                                  NTStatus      = 0xC03A001F
+	STATUS_CTLOG_TRACKING_NOT_INITIALIZED                                     NTStatus      = 0xC03A0020
+	STATUS_CTLOG_LOGFILE_SIZE_EXCEEDED_MAXSIZE                                NTStatus      = 0xC03A0021
+	STATUS_CTLOG_VHD_CHANGED_OFFLINE                                          NTStatus      = 0xC03A0022
+	STATUS_CTLOG_INVALID_TRACKING_STATE                                       NTStatus      = 0xC03A0023
+	STATUS_CTLOG_INCONSISTENT_TRACKING_FILE                                   NTStatus      = 0xC03A0024
+	STATUS_VHD_METADATA_FULL                                                  NTStatus      = 0xC03A0028
+	STATUS_VHD_INVALID_CHANGE_TRACKING_ID                                     NTStatus      = 0xC03A0029
+	STATUS_VHD_CHANGE_TRACKING_DISABLED                                       NTStatus      = 0xC03A002A
+	STATUS_VHD_MISSING_CHANGE_TRACKING_INFORMATION                            NTStatus      = 0xC03A0030
+	STATUS_VHD_RESIZE_WOULD_TRUNCATE_DATA                                     NTStatus      = 0xC03A0031
+	STATUS_VHD_COULD_NOT_COMPUTE_MINIMUM_VIRTUAL_SIZE                         NTStatus      = 0xC03A0032
+	STATUS_VHD_ALREADY_AT_OR_BELOW_MINIMUM_VIRTUAL_SIZE                       NTStatus      = 0xC03A0033
+	STATUS_QUERY_STORAGE_ERROR                                                NTStatus      = 0x803A0001
+	STATUS_GDI_HANDLE_LEAK                                                    NTStatus      = 0x803F0001
+	STATUS_RKF_KEY_NOT_FOUND                                                  NTStatus      = 0xC0400001
+	STATUS_RKF_DUPLICATE_KEY                                                  NTStatus      = 0xC0400002
+	STATUS_RKF_BLOB_FULL                                                      NTStatus      = 0xC0400003
+	STATUS_RKF_STORE_FULL                                                     NTStatus      = 0xC0400004
+	STATUS_RKF_FILE_BLOCKED                                                   NTStatus      = 0xC0400005
+	STATUS_RKF_ACTIVE_KEY                                                     NTStatus      = 0xC0400006
+	STATUS_RDBSS_RESTART_OPERATION                                            NTStatus      = 0xC0410001
+	STATUS_RDBSS_CONTINUE_OPERATION                                           NTStatus      = 0xC0410002
+	STATUS_RDBSS_POST_OPERATION                                               NTStatus      = 0xC0410003
+	STATUS_RDBSS_RETRY_LOOKUP                                                 NTStatus      = 0xC0410004
+	STATUS_BTH_ATT_INVALID_HANDLE                                             NTStatus      = 0xC0420001
+	STATUS_BTH_ATT_READ_NOT_PERMITTED                                         NTStatus      = 0xC0420002
+	STATUS_BTH_ATT_WRITE_NOT_PERMITTED                                        NTStatus      = 0xC0420003
+	STATUS_BTH_ATT_INVALID_PDU                                                NTStatus      = 0xC0420004
+	STATUS_BTH_ATT_INSUFFICIENT_AUTHENTICATION                                NTStatus      = 0xC0420005
+	STATUS_BTH_ATT_REQUEST_NOT_SUPPORTED                                      NTStatus      = 0xC0420006
+	STATUS_BTH_ATT_INVALID_OFFSET                                             NTStatus      = 0xC0420007
+	STATUS_BTH_ATT_INSUFFICIENT_AUTHORIZATION                                 NTStatus      = 0xC0420008
+	STATUS_BTH_ATT_PREPARE_QUEUE_FULL                                         NTStatus      = 0xC0420009
+	STATUS_BTH_ATT_ATTRIBUTE_NOT_FOUND                                        NTStatus      = 0xC042000A
+	STATUS_BTH_ATT_ATTRIBUTE_NOT_LONG                                         NTStatus      = 0xC042000B
+	STATUS_BTH_ATT_INSUFFICIENT_ENCRYPTION_KEY_SIZE                           NTStatus      = 0xC042000C
+	STATUS_BTH_ATT_INVALID_ATTRIBUTE_VALUE_LENGTH                             NTStatus      = 0xC042000D
+	STATUS_BTH_ATT_UNLIKELY                                                   NTStatus      = 0xC042000E
+	STATUS_BTH_ATT_INSUFFICIENT_ENCRYPTION                                    NTStatus      = 0xC042000F
+	STATUS_BTH_ATT_UNSUPPORTED_GROUP_TYPE                                     NTStatus      = 0xC0420010
+	STATUS_BTH_ATT_INSUFFICIENT_RESOURCES                                     NTStatus      = 0xC0420011
+	STATUS_BTH_ATT_UNKNOWN_ERROR                                              NTStatus      = 0xC0421000
+	STATUS_SECUREBOOT_ROLLBACK_DETECTED                                       NTStatus      = 0xC0430001
+	STATUS_SECUREBOOT_POLICY_VIOLATION                                        NTStatus      = 0xC0430002
+	STATUS_SECUREBOOT_INVALID_POLICY                                          NTStatus      = 0xC0430003
+	STATUS_SECUREBOOT_POLICY_PUBLISHER_NOT_FOUND                              NTStatus      = 0xC0430004
+	STATUS_SECUREBOOT_POLICY_NOT_SIGNED                                       NTStatus      = 0xC0430005
+	STATUS_SECUREBOOT_NOT_ENABLED                                             NTStatus      = 0x80430006
+	STATUS_SECUREBOOT_FILE_REPLACED                                           NTStatus      = 0xC0430007
+	STATUS_SECUREBOOT_POLICY_NOT_AUTHORIZED                                   NTStatus      = 0xC0430008
+	STATUS_SECUREBOOT_POLICY_UNKNOWN                                          NTStatus      = 0xC0430009
+	STATUS_SECUREBOOT_POLICY_MISSING_ANTIROLLBACKVERSION                      NTStatus      = 0xC043000A
+	STATUS_SECUREBOOT_PLATFORM_ID_MISMATCH                                    NTStatus      = 0xC043000B
+	STATUS_SECUREBOOT_POLICY_ROLLBACK_DETECTED                                NTStatus      = 0xC043000C
+	STATUS_SECUREBOOT_POLICY_UPGRADE_MISMATCH                                 NTStatus      = 0xC043000D
+	STATUS_SECUREBOOT_REQUIRED_POLICY_FILE_MISSING                            NTStatus      = 0xC043000E
+	STATUS_SECUREBOOT_NOT_BASE_POLICY                                         NTStatus      = 0xC043000F
+	STATUS_SECUREBOOT_NOT_SUPPLEMENTAL_POLICY                                 NTStatus      = 0xC0430010
+	STATUS_PLATFORM_MANIFEST_NOT_AUTHORIZED                                   NTStatus      = 0xC0EB0001
+	STATUS_PLATFORM_MANIFEST_INVALID                                          NTStatus      = 0xC0EB0002
+	STATUS_PLATFORM_MANIFEST_FILE_NOT_AUTHORIZED                              NTStatus      = 0xC0EB0003
+	STATUS_PLATFORM_MANIFEST_CATALOG_NOT_AUTHORIZED                           NTStatus      = 0xC0EB0004
+	STATUS_PLATFORM_MANIFEST_BINARY_ID_NOT_FOUND                              NTStatus      = 0xC0EB0005
+	STATUS_PLATFORM_MANIFEST_NOT_ACTIVE                                       NTStatus      = 0xC0EB0006
+	STATUS_PLATFORM_MANIFEST_NOT_SIGNED                                       NTStatus      = 0xC0EB0007
+	STATUS_SYSTEM_INTEGRITY_ROLLBACK_DETECTED                                 NTStatus      = 0xC0E90001
+	STATUS_SYSTEM_INTEGRITY_POLICY_VIOLATION                                  NTStatus      = 0xC0E90002
+	STATUS_SYSTEM_INTEGRITY_INVALID_POLICY                                    NTStatus      = 0xC0E90003
+	STATUS_SYSTEM_INTEGRITY_POLICY_NOT_SIGNED                                 NTStatus      = 0xC0E90004
+	STATUS_SYSTEM_INTEGRITY_TOO_MANY_POLICIES                                 NTStatus      = 0xC0E90005
+	STATUS_SYSTEM_INTEGRITY_SUPPLEMENTAL_POLICY_NOT_AUTHORIZED                NTStatus      = 0xC0E90006
+	STATUS_NO_APPLICABLE_APP_LICENSES_FOUND                                   NTStatus      = 0xC0EA0001
+	STATUS_CLIP_LICENSE_NOT_FOUND                                             NTStatus      = 0xC0EA0002
+	STATUS_CLIP_DEVICE_LICENSE_MISSING                                        NTStatus      = 0xC0EA0003
+	STATUS_CLIP_LICENSE_INVALID_SIGNATURE                                     NTStatus      = 0xC0EA0004
+	STATUS_CLIP_KEYHOLDER_LICENSE_MISSING_OR_INVALID                          NTStatus      = 0xC0EA0005
+	STATUS_CLIP_LICENSE_EXPIRED                                               NTStatus      = 0xC0EA0006
+	STATUS_CLIP_LICENSE_SIGNED_BY_UNKNOWN_SOURCE                              NTStatus      = 0xC0EA0007
+	STATUS_CLIP_LICENSE_NOT_SIGNED                                            NTStatus      = 0xC0EA0008
+	STATUS_CLIP_LICENSE_HARDWARE_ID_OUT_OF_TOLERANCE                          NTStatus      = 0xC0EA0009
+	STATUS_CLIP_LICENSE_DEVICE_ID_MISMATCH                                    NTStatus      = 0xC0EA000A
+	STATUS_AUDIO_ENGINE_NODE_NOT_FOUND                                        NTStatus      = 0xC0440001
+	STATUS_HDAUDIO_EMPTY_CONNECTION_LIST                                      NTStatus      = 0xC0440002
+	STATUS_HDAUDIO_CONNECTION_LIST_NOT_SUPPORTED                              NTStatus      = 0xC0440003
+	STATUS_HDAUDIO_NO_LOGICAL_DEVICES_CREATED                                 NTStatus      = 0xC0440004
+	STATUS_HDAUDIO_NULL_LINKED_LIST_ENTRY                                     NTStatus      = 0xC0440005
+	STATUS_SPACES_REPAIRED                                                    NTStatus      = 0x00E70000
+	STATUS_SPACES_PAUSE                                                       NTStatus      = 0x00E70001
+	STATUS_SPACES_COMPLETE                                                    NTStatus      = 0x00E70002
+	STATUS_SPACES_REDIRECT                                                    NTStatus      = 0x00E70003
+	STATUS_SPACES_FAULT_DOMAIN_TYPE_INVALID                                   NTStatus      = 0xC0E70001
+	STATUS_SPACES_RESILIENCY_TYPE_INVALID                                     NTStatus      = 0xC0E70003
+	STATUS_SPACES_DRIVE_SECTOR_SIZE_INVALID                                   NTStatus      = 0xC0E70004
+	STATUS_SPACES_DRIVE_REDUNDANCY_INVALID                                    NTStatus      = 0xC0E70006
+	STATUS_SPACES_NUMBER_OF_DATA_COPIES_INVALID                               NTStatus      = 0xC0E70007
+	STATUS_SPACES_INTERLEAVE_LENGTH_INVALID                                   NTStatus      = 0xC0E70009
+	STATUS_SPACES_NUMBER_OF_COLUMNS_INVALID                                   NTStatus      = 0xC0E7000A
+	STATUS_SPACES_NOT_ENOUGH_DRIVES                                           NTStatus      = 0xC0E7000B
+	STATUS_SPACES_EXTENDED_ERROR                                              NTStatus      = 0xC0E7000C
+	STATUS_SPACES_PROVISIONING_TYPE_INVALID                                   NTStatus      = 0xC0E7000D
+	STATUS_SPACES_ALLOCATION_SIZE_INVALID                                     NTStatus      = 0xC0E7000E
+	STATUS_SPACES_ENCLOSURE_AWARE_INVALID                                     NTStatus      = 0xC0E7000F
+	STATUS_SPACES_WRITE_CACHE_SIZE_INVALID                                    NTStatus      = 0xC0E70010
+	STATUS_SPACES_NUMBER_OF_GROUPS_INVALID                                    NTStatus      = 0xC0E70011
+	STATUS_SPACES_DRIVE_OPERATIONAL_STATE_INVALID                             NTStatus      = 0xC0E70012
+	STATUS_SPACES_UPDATE_COLUMN_STATE                                         NTStatus      = 0xC0E70013
+	STATUS_SPACES_MAP_REQUIRED                                                NTStatus      = 0xC0E70014
+	STATUS_SPACES_UNSUPPORTED_VERSION                                         NTStatus      = 0xC0E70015
+	STATUS_SPACES_CORRUPT_METADATA                                            NTStatus      = 0xC0E70016
+	STATUS_SPACES_DRT_FULL                                                    NTStatus      = 0xC0E70017
+	STATUS_SPACES_INCONSISTENCY                                               NTStatus      = 0xC0E70018
+	STATUS_SPACES_LOG_NOT_READY                                               NTStatus      = 0xC0E70019
+	STATUS_SPACES_NO_REDUNDANCY                                               NTStatus      = 0xC0E7001A
+	STATUS_SPACES_DRIVE_NOT_READY                                             NTStatus      = 0xC0E7001B
+	STATUS_SPACES_DRIVE_SPLIT                                                 NTStatus      = 0xC0E7001C
+	STATUS_SPACES_DRIVE_LOST_DATA                                             NTStatus      = 0xC0E7001D
+	STATUS_SPACES_ENTRY_INCOMPLETE                                            NTStatus      = 0xC0E7001E
+	STATUS_SPACES_ENTRY_INVALID                                               NTStatus      = 0xC0E7001F
+	STATUS_SPACES_MARK_DIRTY                                                  NTStatus      = 0xC0E70020
+	STATUS_VOLSNAP_BOOTFILE_NOT_VALID                                         NTStatus      = 0xC0500003
+	STATUS_VOLSNAP_ACTIVATION_TIMEOUT                                         NTStatus      = 0xC0500004
+	STATUS_IO_PREEMPTED                                                       NTStatus      = 0xC0510001
+	STATUS_SVHDX_ERROR_STORED                                                 NTStatus      = 0xC05C0000
+	STATUS_SVHDX_ERROR_NOT_AVAILABLE                                          NTStatus      = 0xC05CFF00
+	STATUS_SVHDX_UNIT_ATTENTION_AVAILABLE                                     NTStatus      = 0xC05CFF01
+	STATUS_SVHDX_UNIT_ATTENTION_CAPACITY_DATA_CHANGED                         NTStatus      = 0xC05CFF02
+	STATUS_SVHDX_UNIT_ATTENTION_RESERVATIONS_PREEMPTED                        NTStatus      = 0xC05CFF03
+	STATUS_SVHDX_UNIT_ATTENTION_RESERVATIONS_RELEASED                         NTStatus      = 0xC05CFF04
+	STATUS_SVHDX_UNIT_ATTENTION_REGISTRATIONS_PREEMPTED                       NTStatus      = 0xC05CFF05
+	STATUS_SVHDX_UNIT_ATTENTION_OPERATING_DEFINITION_CHANGED                  NTStatus      = 0xC05CFF06
+	STATUS_SVHDX_RESERVATION_CONFLICT                                         NTStatus      = 0xC05CFF07
+	STATUS_SVHDX_WRONG_FILE_TYPE                                              NTStatus      = 0xC05CFF08
+	STATUS_SVHDX_VERSION_MISMATCH                                             NTStatus      = 0xC05CFF09
+	STATUS_VHD_SHARED                                                         NTStatus      = 0xC05CFF0A
+	STATUS_SVHDX_NO_INITIATOR                                                 NTStatus      = 0xC05CFF0B
+	STATUS_VHDSET_BACKING_STORAGE_NOT_FOUND                                   NTStatus      = 0xC05CFF0C
+	STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP                              NTStatus      = 0xC05D0000
+	STATUS_SMB_BAD_CLUSTER_DIALECT                                            NTStatus      = 0xC05D0001
+	STATUS_SMB_GUEST_LOGON_BLOCKED                                            NTStatus      = 0xC05D0002
+	STATUS_SECCORE_INVALID_COMMAND                                            NTStatus      = 0xC0E80000
+	STATUS_VSM_NOT_INITIALIZED                                                NTStatus      = 0xC0450000
+	STATUS_VSM_DMA_PROTECTION_NOT_IN_USE                                      NTStatus      = 0xC0450001
+	STATUS_APPEXEC_CONDITION_NOT_SATISFIED                                    NTStatus      = 0xC0EC0000
+	STATUS_APPEXEC_HANDLE_INVALIDATED                                         NTStatus      = 0xC0EC0001
+	STATUS_APPEXEC_INVALID_HOST_GENERATION                                    NTStatus      = 0xC0EC0002
+	STATUS_APPEXEC_UNEXPECTED_PROCESS_REGISTRATION                            NTStatus      = 0xC0EC0003
+	STATUS_APPEXEC_INVALID_HOST_STATE                                         NTStatus      = 0xC0EC0004
+	STATUS_APPEXEC_NO_DONOR                                                   NTStatus      = 0xC0EC0005
+	STATUS_APPEXEC_HOST_ID_MISMATCH                                           NTStatus      = 0xC0EC0006
+	STATUS_APPEXEC_UNKNOWN_USER                                               NTStatus      = 0xC0EC0007
+)
diff --git a/vendor/golang.org/x/sys/windows/zknownfolderids_windows.go b/vendor/golang.org/x/sys/windows/zknownfolderids_windows.go
new file mode 100644
index 0000000000000..6048ac679fa53
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/zknownfolderids_windows.go
@@ -0,0 +1,149 @@
+// Code generated by 'mkknownfolderids.bash'; DO NOT EDIT.
+
+package windows
+
+type KNOWNFOLDERID GUID
+
+var (
+	FOLDERID_NetworkFolder          = &KNOWNFOLDERID{0xd20beec4, 0x5ca8, 0x4905, [8]byte{0xae, 0x3b, 0xbf, 0x25, 0x1e, 0xa0, 0x9b, 0x53}}
+	FOLDERID_ComputerFolder         = &KNOWNFOLDERID{0x0ac0837c, 0xbbf8, 0x452a, [8]byte{0x85, 0x0d, 0x79, 0xd0, 0x8e, 0x66, 0x7c, 0xa7}}
+	FOLDERID_InternetFolder         = &KNOWNFOLDERID{0x4d9f7874, 0x4e0c, 0x4904, [8]byte{0x96, 0x7b, 0x40, 0xb0, 0xd2, 0x0c, 0x3e, 0x4b}}
+	FOLDERID_ControlPanelFolder     = &KNOWNFOLDERID{0x82a74aeb, 0xaeb4, 0x465c, [8]byte{0xa0, 0x14, 0xd0, 0x97, 0xee, 0x34, 0x6d, 0x63}}
+	FOLDERID_PrintersFolder         = &KNOWNFOLDERID{0x76fc4e2d, 0xd6ad, 0x4519, [8]byte{0xa6, 0x63, 0x37, 0xbd, 0x56, 0x06, 0x81, 0x85}}
+	FOLDERID_SyncManagerFolder      = &KNOWNFOLDERID{0x43668bf8, 0xc14e, 0x49b2, [8]byte{0x97, 0xc9, 0x74, 0x77, 0x84, 0xd7, 0x84, 0xb7}}
+	FOLDERID_SyncSetupFolder        = &KNOWNFOLDERID{0x0f214138, 0xb1d3, 0x4a90, [8]byte{0xbb, 0xa9, 0x27, 0xcb, 0xc0, 0xc5, 0x38, 0x9a}}
+	FOLDERID_ConflictFolder         = &KNOWNFOLDERID{0x4bfefb45, 0x347d, 0x4006, [8]byte{0xa5, 0xbe, 0xac, 0x0c, 0xb0, 0x56, 0x71, 0x92}}
+	FOLDERID_SyncResultsFolder      = &KNOWNFOLDERID{0x289a9a43, 0xbe44, 0x4057, [8]byte{0xa4, 0x1b, 0x58, 0x7a, 0x76, 0xd7, 0xe7, 0xf9}}
+	FOLDERID_RecycleBinFolder       = &KNOWNFOLDERID{0xb7534046, 0x3ecb, 0x4c18, [8]byte{0xbe, 0x4e, 0x64, 0xcd, 0x4c, 0xb7, 0xd6, 0xac}}
+	FOLDERID_ConnectionsFolder      = &KNOWNFOLDERID{0x6f0cd92b, 0x2e97, 0x45d1, [8]byte{0x88, 0xff, 0xb0, 0xd1, 0x86, 0xb8, 0xde, 0xdd}}
+	FOLDERID_Fonts                  = &KNOWNFOLDERID{0xfd228cb7, 0xae11, 0x4ae3, [8]byte{0x86, 0x4c, 0x16, 0xf3, 0x91, 0x0a, 0xb8, 0xfe}}
+	FOLDERID_Desktop                = &KNOWNFOLDERID{0xb4bfcc3a, 0xdb2c, 0x424c, [8]byte{0xb0, 0x29, 0x7f, 0xe9, 0x9a, 0x87, 0xc6, 0x41}}
+	FOLDERID_Startup                = &KNOWNFOLDERID{0xb97d20bb, 0xf46a, 0x4c97, [8]byte{0xba, 0x10, 0x5e, 0x36, 0x08, 0x43, 0x08, 0x54}}
+	FOLDERID_Programs               = &KNOWNFOLDERID{0xa77f5d77, 0x2e2b, 0x44c3, [8]byte{0xa6, 0xa2, 0xab, 0xa6, 0x01, 0x05, 0x4a, 0x51}}
+	FOLDERID_StartMenu              = &KNOWNFOLDERID{0x625b53c3, 0xab48, 0x4ec1, [8]byte{0xba, 0x1f, 0xa1, 0xef, 0x41, 0x46, 0xfc, 0x19}}
+	FOLDERID_Recent                 = &KNOWNFOLDERID{0xae50c081, 0xebd2, 0x438a, [8]byte{0x86, 0x55, 0x8a, 0x09, 0x2e, 0x34, 0x98, 0x7a}}
+	FOLDERID_SendTo                 = &KNOWNFOLDERID{0x8983036c, 0x27c0, 0x404b, [8]byte{0x8f, 0x08, 0x10, 0x2d, 0x10, 0xdc, 0xfd, 0x74}}
+	FOLDERID_Documents              = &KNOWNFOLDERID{0xfdd39ad0, 0x238f, 0x46af, [8]byte{0xad, 0xb4, 0x6c, 0x85, 0x48, 0x03, 0x69, 0xc7}}
+	FOLDERID_Favorites              = &KNOWNFOLDERID{0x1777f761, 0x68ad, 0x4d8a, [8]byte{0x87, 0xbd, 0x30, 0xb7, 0x59, 0xfa, 0x33, 0xdd}}
+	FOLDERID_NetHood                = &KNOWNFOLDERID{0xc5abbf53, 0xe17f, 0x4121, [8]byte{0x89, 0x00, 0x86, 0x62, 0x6f, 0xc2, 0xc9, 0x73}}
+	FOLDERID_PrintHood              = &KNOWNFOLDERID{0x9274bd8d, 0xcfd1, 0x41c3, [8]byte{0xb3, 0x5e, 0xb1, 0x3f, 0x55, 0xa7, 0x58, 0xf4}}
+	FOLDERID_Templates              = &KNOWNFOLDERID{0xa63293e8, 0x664e, 0x48db, [8]byte{0xa0, 0x79, 0xdf, 0x75, 0x9e, 0x05, 0x09, 0xf7}}
+	FOLDERID_CommonStartup          = &KNOWNFOLDERID{0x82a5ea35, 0xd9cd, 0x47c5, [8]byte{0x96, 0x29, 0xe1, 0x5d, 0x2f, 0x71, 0x4e, 0x6e}}
+	FOLDERID_CommonPrograms         = &KNOWNFOLDERID{0x0139d44e, 0x6afe, 0x49f2, [8]byte{0x86, 0x90, 0x3d, 0xaf, 0xca, 0xe6, 0xff, 0xb8}}
+	FOLDERID_CommonStartMenu        = &KNOWNFOLDERID{0xa4115719, 0xd62e, 0x491d, [8]byte{0xaa, 0x7c, 0xe7, 0x4b, 0x8b, 0xe3, 0xb0, 0x67}}
+	FOLDERID_PublicDesktop          = &KNOWNFOLDERID{0xc4aa340d, 0xf20f, 0x4863, [8]byte{0xaf, 0xef, 0xf8, 0x7e, 0xf2, 0xe6, 0xba, 0x25}}
+	FOLDERID_ProgramData            = &KNOWNFOLDERID{0x62ab5d82, 0xfdc1, 0x4dc3, [8]byte{0xa9, 0xdd, 0x07, 0x0d, 0x1d, 0x49, 0x5d, 0x97}}
+	FOLDERID_CommonTemplates        = &KNOWNFOLDERID{0xb94237e7, 0x57ac, 0x4347, [8]byte{0x91, 0x51, 0xb0, 0x8c, 0x6c, 0x32, 0xd1, 0xf7}}
+	FOLDERID_PublicDocuments        = &KNOWNFOLDERID{0xed4824af, 0xdce4, 0x45a8, [8]byte{0x81, 0xe2, 0xfc, 0x79, 0x65, 0x08, 0x36, 0x34}}
+	FOLDERID_RoamingAppData         = &KNOWNFOLDERID{0x3eb685db, 0x65f9, 0x4cf6, [8]byte{0xa0, 0x3a, 0xe3, 0xef, 0x65, 0x72, 0x9f, 0x3d}}
+	FOLDERID_LocalAppData           = &KNOWNFOLDERID{0xf1b32785, 0x6fba, 0x4fcf, [8]byte{0x9d, 0x55, 0x7b, 0x8e, 0x7f, 0x15, 0x70, 0x91}}
+	FOLDERID_LocalAppDataLow        = &KNOWNFOLDERID{0xa520a1a4, 0x1780, 0x4ff6, [8]byte{0xbd, 0x18, 0x16, 0x73, 0x43, 0xc5, 0xaf, 0x16}}
+	FOLDERID_InternetCache          = &KNOWNFOLDERID{0x352481e8, 0x33be, 0x4251, [8]byte{0xba, 0x85, 0x60, 0x07, 0xca, 0xed, 0xcf, 0x9d}}
+	FOLDERID_Cookies                = &KNOWNFOLDERID{0x2b0f765d, 0xc0e9, 0x4171, [8]byte{0x90, 0x8e, 0x08, 0xa6, 0x11, 0xb8, 0x4f, 0xf6}}
+	FOLDERID_History                = &KNOWNFOLDERID{0xd9dc8a3b, 0xb784, 0x432e, [8]byte{0xa7, 0x81, 0x5a, 0x11, 0x30, 0xa7, 0x59, 0x63}}
+	FOLDERID_System                 = &KNOWNFOLDERID{0x1ac14e77, 0x02e7, 0x4e5d, [8]byte{0xb7, 0x44, 0x2e, 0xb1, 0xae, 0x51, 0x98, 0xb7}}
+	FOLDERID_SystemX86              = &KNOWNFOLDERID{0xd65231b0, 0xb2f1, 0x4857, [8]byte{0xa4, 0xce, 0xa8, 0xe7, 0xc6, 0xea, 0x7d, 0x27}}
+	FOLDERID_Windows                = &KNOWNFOLDERID{0xf38bf404, 0x1d43, 0x42f2, [8]byte{0x93, 0x05, 0x67, 0xde, 0x0b, 0x28, 0xfc, 0x23}}
+	FOLDERID_Profile                = &KNOWNFOLDERID{0x5e6c858f, 0x0e22, 0x4760, [8]byte{0x9a, 0xfe, 0xea, 0x33, 0x17, 0xb6, 0x71, 0x73}}
+	FOLDERID_Pictures               = &KNOWNFOLDERID{0x33e28130, 0x4e1e, 0x4676, [8]byte{0x83, 0x5a, 0x98, 0x39, 0x5c, 0x3b, 0xc3, 0xbb}}
+	FOLDERID_ProgramFilesX86        = &KNOWNFOLDERID{0x7c5a40ef, 0xa0fb, 0x4bfc, [8]byte{0x87, 0x4a, 0xc0, 0xf2, 0xe0, 0xb9, 0xfa, 0x8e}}
+	FOLDERID_ProgramFilesCommonX86  = &KNOWNFOLDERID{0xde974d24, 0xd9c6, 0x4d3e, [8]byte{0xbf, 0x91, 0xf4, 0x45, 0x51, 0x20, 0xb9, 0x17}}
+	FOLDERID_ProgramFilesX64        = &KNOWNFOLDERID{0x6d809377, 0x6af0, 0x444b, [8]byte{0x89, 0x57, 0xa3, 0x77, 0x3f, 0x02, 0x20, 0x0e}}
+	FOLDERID_ProgramFilesCommonX64  = &KNOWNFOLDERID{0x6365d5a7, 0x0f0d, 0x45e5, [8]byte{0x87, 0xf6, 0x0d, 0xa5, 0x6b, 0x6a, 0x4f, 0x7d}}
+	FOLDERID_ProgramFiles           = &KNOWNFOLDERID{0x905e63b6, 0xc1bf, 0x494e, [8]byte{0xb2, 0x9c, 0x65, 0xb7, 0x32, 0xd3, 0xd2, 0x1a}}
+	FOLDERID_ProgramFilesCommon     = &KNOWNFOLDERID{0xf7f1ed05, 0x9f6d, 0x47a2, [8]byte{0xaa, 0xae, 0x29, 0xd3, 0x17, 0xc6, 0xf0, 0x66}}
+	FOLDERID_UserProgramFiles       = &KNOWNFOLDERID{0x5cd7aee2, 0x2219, 0x4a67, [8]byte{0xb8, 0x5d, 0x6c, 0x9c, 0xe1, 0x56, 0x60, 0xcb}}
+	FOLDERID_UserProgramFilesCommon = &KNOWNFOLDERID{0xbcbd3057, 0xca5c, 0x4622, [8]byte{0xb4, 0x2d, 0xbc, 0x56, 0xdb, 0x0a, 0xe5, 0x16}}
+	FOLDERID_AdminTools             = &KNOWNFOLDERID{0x724ef170, 0xa42d, 0x4fef, [8]byte{0x9f, 0x26, 0xb6, 0x0e, 0x84, 0x6f, 0xba, 0x4f}}
+	FOLDERID_CommonAdminTools       = &KNOWNFOLDERID{0xd0384e7d, 0xbac3, 0x4797, [8]byte{0x8f, 0x14, 0xcb, 0xa2, 0x29, 0xb3, 0x92, 0xb5}}
+	FOLDERID_Music                  = &KNOWNFOLDERID{0x4bd8d571, 0x6d19, 0x48d3, [8]byte{0xbe, 0x97, 0x42, 0x22, 0x20, 0x08, 0x0e, 0x43}}
+	FOLDERID_Videos                 = &KNOWNFOLDERID{0x18989b1d, 0x99b5, 0x455b, [8]byte{0x84, 0x1c, 0xab, 0x7c, 0x74, 0xe4, 0xdd, 0xfc}}
+	FOLDERID_Ringtones              = &KNOWNFOLDERID{0xc870044b, 0xf49e, 0x4126, [8]byte{0xa9, 0xc3, 0xb5, 0x2a, 0x1f, 0xf4, 0x11, 0xe8}}
+	FOLDERID_PublicPictures         = &KNOWNFOLDERID{0xb6ebfb86, 0x6907, 0x413c, [8]byte{0x9a, 0xf7, 0x4f, 0xc2, 0xab, 0xf0, 0x7c, 0xc5}}
+	FOLDERID_PublicMusic            = &KNOWNFOLDERID{0x3214fab5, 0x9757, 0x4298, [8]byte{0xbb, 0x61, 0x92, 0xa9, 0xde, 0xaa, 0x44, 0xff}}
+	FOLDERID_PublicVideos           = &KNOWNFOLDERID{0x2400183a, 0x6185, 0x49fb, [8]byte{0xa2, 0xd8, 0x4a, 0x39, 0x2a, 0x60, 0x2b, 0xa3}}
+	FOLDERID_PublicRingtones        = &KNOWNFOLDERID{0xe555ab60, 0x153b, 0x4d17, [8]byte{0x9f, 0x04, 0xa5, 0xfe, 0x99, 0xfc, 0x15, 0xec}}
+	FOLDERID_ResourceDir            = &KNOWNFOLDERID{0x8ad10c31, 0x2adb, 0x4296, [8]byte{0xa8, 0xf7, 0xe4, 0x70, 0x12, 0x32, 0xc9, 0x72}}
+	FOLDERID_LocalizedResourcesDir  = &KNOWNFOLDERID{0x2a00375e, 0x224c, 0x49de, [8]byte{0xb8, 0xd1, 0x44, 0x0d, 0xf7, 0xef, 0x3d, 0xdc}}
+	FOLDERID_CommonOEMLinks         = &KNOWNFOLDERID{0xc1bae2d0, 0x10df, 0x4334, [8]byte{0xbe, 0xdd, 0x7a, 0xa2, 0x0b, 0x22, 0x7a, 0x9d}}
+	FOLDERID_CDBurning              = &KNOWNFOLDERID{0x9e52ab10, 0xf80d, 0x49df, [8]byte{0xac, 0xb8, 0x43, 0x30, 0xf5, 0x68, 0x78, 0x55}}
+	FOLDERID_UserProfiles           = &KNOWNFOLDERID{0x0762d272, 0xc50a, 0x4bb0, [8]byte{0xa3, 0x82, 0x69, 0x7d, 0xcd, 0x72, 0x9b, 0x80}}
+	FOLDERID_Playlists              = &KNOWNFOLDERID{0xde92c1c7, 0x837f, 0x4f69, [8]byte{0xa3, 0xbb, 0x86, 0xe6, 0x31, 0x20, 0x4a, 0x23}}
+	FOLDERID_SamplePlaylists        = &KNOWNFOLDERID{0x15ca69b3, 0x30ee, 0x49c1, [8]byte{0xac, 0xe1, 0x6b, 0x5e, 0xc3, 0x72, 0xaf, 0xb5}}
+	FOLDERID_SampleMusic            = &KNOWNFOLDERID{0xb250c668, 0xf57d, 0x4ee1, [8]byte{0xa6, 0x3c, 0x29, 0x0e, 0xe7, 0xd1, 0xaa, 0x1f}}
+	FOLDERID_SamplePictures         = &KNOWNFOLDERID{0xc4900540, 0x2379, 0x4c75, [8]byte{0x84, 0x4b, 0x64, 0xe6, 0xfa, 0xf8, 0x71, 0x6b}}
+	FOLDERID_SampleVideos           = &KNOWNFOLDERID{0x859ead94, 0x2e85, 0x48ad, [8]byte{0xa7, 0x1a, 0x09, 0x69, 0xcb, 0x56, 0xa6, 0xcd}}
+	FOLDERID_PhotoAlbums            = &KNOWNFOLDERID{0x69d2cf90, 0xfc33, 0x4fb7, [8]byte{0x9a, 0x0c, 0xeb, 0xb0, 0xf0, 0xfc, 0xb4, 0x3c}}
+	FOLDERID_Public                 = &KNOWNFOLDERID{0xdfdf76a2, 0xc82a, 0x4d63, [8]byte{0x90, 0x6a, 0x56, 0x44, 0xac, 0x45, 0x73, 0x85}}
+	FOLDERID_ChangeRemovePrograms   = &KNOWNFOLDERID{0xdf7266ac, 0x9274, 0x4867, [8]byte{0x8d, 0x55, 0x3b, 0xd6, 0x61, 0xde, 0x87, 0x2d}}
+	FOLDERID_AppUpdates             = &KNOWNFOLDERID{0xa305ce99, 0xf527, 0x492b, [8]byte{0x8b, 0x1a, 0x7e, 0x76, 0xfa, 0x98, 0xd6, 0xe4}}
+	FOLDERID_AddNewPrograms         = &KNOWNFOLDERID{0xde61d971, 0x5ebc, 0x4f02, [8]byte{0xa3, 0xa9, 0x6c, 0x82, 0x89, 0x5e, 0x5c, 0x04}}
+	FOLDERID_Downloads              = &KNOWNFOLDERID{0x374de290, 0x123f, 0x4565, [8]byte{0x91, 0x64, 0x39, 0xc4, 0x92, 0x5e, 0x46, 0x7b}}
+	FOLDERID_PublicDownloads        = &KNOWNFOLDERID{0x3d644c9b, 0x1fb8, 0x4f30, [8]byte{0x9b, 0x45, 0xf6, 0x70, 0x23, 0x5f, 0x79, 0xc0}}
+	FOLDERID_SavedSearches          = &KNOWNFOLDERID{0x7d1d3a04, 0xdebb, 0x4115, [8]byte{0x95, 0xcf, 0x2f, 0x29, 0xda, 0x29, 0x20, 0xda}}
+	FOLDERID_QuickLaunch            = &KNOWNFOLDERID{0x52a4f021, 0x7b75, 0x48a9, [8]byte{0x9f, 0x6b, 0x4b, 0x87, 0xa2, 0x10, 0xbc, 0x8f}}
+	FOLDERID_Contacts               = &KNOWNFOLDERID{0x56784854, 0xc6cb, 0x462b, [8]byte{0x81, 0x69, 0x88, 0xe3, 0x50, 0xac, 0xb8, 0x82}}
+	FOLDERID_SidebarParts           = &KNOWNFOLDERID{0xa75d362e, 0x50fc, 0x4fb7, [8]byte{0xac, 0x2c, 0xa8, 0xbe, 0xaa, 0x31, 0x44, 0x93}}
+	FOLDERID_SidebarDefaultParts    = &KNOWNFOLDERID{0x7b396e54, 0x9ec5, 0x4300, [8]byte{0xbe, 0x0a, 0x24, 0x82, 0xeb, 0xae, 0x1a, 0x26}}
+	FOLDERID_PublicGameTasks        = &KNOWNFOLDERID{0xdebf2536, 0xe1a8, 0x4c59, [8]byte{0xb6, 0xa2, 0x41, 0x45, 0x86, 0x47, 0x6a, 0xea}}
+	FOLDERID_GameTasks              = &KNOWNFOLDERID{0x054fae61, 0x4dd8, 0x4787, [8]byte{0x80, 0xb6, 0x09, 0x02, 0x20, 0xc4, 0xb7, 0x00}}
+	FOLDERID_SavedGames             = &KNOWNFOLDERID{0x4c5c32ff, 0xbb9d, 0x43b0, [8]byte{0xb5, 0xb4, 0x2d, 0x72, 0xe5, 0x4e, 0xaa, 0xa4}}
+	FOLDERID_Games                  = &KNOWNFOLDERID{0xcac52c1a, 0xb53d, 0x4edc, [8]byte{0x92, 0xd7, 0x6b, 0x2e, 0x8a, 0xc1, 0x94, 0x34}}
+	FOLDERID_SEARCH_MAPI            = &KNOWNFOLDERID{0x98ec0e18, 0x2098, 0x4d44, [8]byte{0x86, 0x44, 0x66, 0x97, 0x93, 0x15, 0xa2, 0x81}}
+	FOLDERID_SEARCH_CSC             = &KNOWNFOLDERID{0xee32e446, 0x31ca, 0x4aba, [8]byte{0x81, 0x4f, 0xa5, 0xeb, 0xd2, 0xfd, 0x6d, 0x5e}}
+	FOLDERID_Links                  = &KNOWNFOLDERID{0xbfb9d5e0, 0xc6a9, 0x404c, [8]byte{0xb2, 0xb2, 0xae, 0x6d, 0xb6, 0xaf, 0x49, 0x68}}
+	FOLDERID_UsersFiles             = &KNOWNFOLDERID{0xf3ce0f7c, 0x4901, 0x4acc, [8]byte{0x86, 0x48, 0xd5, 0xd4, 0x4b, 0x04, 0xef, 0x8f}}
+	FOLDERID_UsersLibraries         = &KNOWNFOLDERID{0xa302545d, 0xdeff, 0x464b, [8]byte{0xab, 0xe8, 0x61, 0xc8, 0x64, 0x8d, 0x93, 0x9b}}
+	FOLDERID_SearchHome             = &KNOWNFOLDERID{0x190337d1, 0xb8ca, 0x4121, [8]byte{0xa6, 0x39, 0x6d, 0x47, 0x2d, 0x16, 0x97, 0x2a}}
+	FOLDERID_OriginalImages         = &KNOWNFOLDERID{0x2c36c0aa, 0x5812, 0x4b87, [8]byte{0xbf, 0xd0, 0x4c, 0xd0, 0xdf, 0xb1, 0x9b, 0x39}}
+	FOLDERID_DocumentsLibrary       = &KNOWNFOLDERID{0x7b0db17d, 0x9cd2, 0x4a93, [8]byte{0x97, 0x33, 0x46, 0xcc, 0x89, 0x02, 0x2e, 0x7c}}
+	FOLDERID_MusicLibrary           = &KNOWNFOLDERID{0x2112ab0a, 0xc86a, 0x4ffe, [8]byte{0xa3, 0x68, 0x0d, 0xe9, 0x6e, 0x47, 0x01, 0x2e}}
+	FOLDERID_PicturesLibrary        = &KNOWNFOLDERID{0xa990ae9f, 0xa03b, 0x4e80, [8]byte{0x94, 0xbc, 0x99, 0x12, 0xd7, 0x50, 0x41, 0x04}}
+	FOLDERID_VideosLibrary          = &KNOWNFOLDERID{0x491e922f, 0x5643, 0x4af4, [8]byte{0xa7, 0xeb, 0x4e, 0x7a, 0x13, 0x8d, 0x81, 0x74}}
+	FOLDERID_RecordedTVLibrary      = &KNOWNFOLDERID{0x1a6fdba2, 0xf42d, 0x4358, [8]byte{0xa7, 0x98, 0xb7, 0x4d, 0x74, 0x59, 0x26, 0xc5}}
+	FOLDERID_HomeGroup              = &KNOWNFOLDERID{0x52528a6b, 0xb9e3, 0x4add, [8]byte{0xb6, 0x0d, 0x58, 0x8c, 0x2d, 0xba, 0x84, 0x2d}}
+	FOLDERID_HomeGroupCurrentUser   = &KNOWNFOLDERID{0x9b74b6a3, 0x0dfd, 0x4f11, [8]byte{0x9e, 0x78, 0x5f, 0x78, 0x00, 0xf2, 0xe7, 0x72}}
+	FOLDERID_DeviceMetadataStore    = &KNOWNFOLDERID{0x5ce4a5e9, 0xe4eb, 0x479d, [8]byte{0xb8, 0x9f, 0x13, 0x0c, 0x02, 0x88, 0x61, 0x55}}
+	FOLDERID_Libraries              = &KNOWNFOLDERID{0x1b3ea5dc, 0xb587, 0x4786, [8]byte{0xb4, 0xef, 0xbd, 0x1d, 0xc3, 0x32, 0xae, 0xae}}
+	FOLDERID_PublicLibraries        = &KNOWNFOLDERID{0x48daf80b, 0xe6cf, 0x4f4e, [8]byte{0xb8, 0x00, 0x0e, 0x69, 0xd8, 0x4e, 0xe3, 0x84}}
+	FOLDERID_UserPinned             = &KNOWNFOLDERID{0x9e3995ab, 0x1f9c, 0x4f13, [8]byte{0xb8, 0x27, 0x48, 0xb2, 0x4b, 0x6c, 0x71, 0x74}}
+	FOLDERID_ImplicitAppShortcuts   = &KNOWNFOLDERID{0xbcb5256f, 0x79f6, 0x4cee, [8]byte{0xb7, 0x25, 0xdc, 0x34, 0xe4, 0x02, 0xfd, 0x46}}
+	FOLDERID_AccountPictures        = &KNOWNFOLDERID{0x008ca0b1, 0x55b4, 0x4c56, [8]byte{0xb8, 0xa8, 0x4d, 0xe4, 0xb2, 0x99, 0xd3, 0xbe}}
+	FOLDERID_PublicUserTiles        = &KNOWNFOLDERID{0x0482af6c, 0x08f1, 0x4c34, [8]byte{0x8c, 0x90, 0xe1, 0x7e, 0xc9, 0x8b, 0x1e, 0x17}}
+	FOLDERID_AppsFolder             = &KNOWNFOLDERID{0x1e87508d, 0x89c2, 0x42f0, [8]byte{0x8a, 0x7e, 0x64, 0x5a, 0x0f, 0x50, 0xca, 0x58}}
+	FOLDERID_StartMenuAllPrograms   = &KNOWNFOLDERID{0xf26305ef, 0x6948, 0x40b9, [8]byte{0xb2, 0x55, 0x81, 0x45, 0x3d, 0x09, 0xc7, 0x85}}
+	FOLDERID_CommonStartMenuPlaces  = &KNOWNFOLDERID{0xa440879f, 0x87a0, 0x4f7d, [8]byte{0xb7, 0x00, 0x02, 0x07, 0xb9, 0x66, 0x19, 0x4a}}
+	FOLDERID_ApplicationShortcuts   = &KNOWNFOLDERID{0xa3918781, 0xe5f2, 0x4890, [8]byte{0xb3, 0xd9, 0xa7, 0xe5, 0x43, 0x32, 0x32, 0x8c}}
+	FOLDERID_RoamingTiles           = &KNOWNFOLDERID{0x00bcfc5a, 0xed94, 0x4e48, [8]byte{0x96, 0xa1, 0x3f, 0x62, 0x17, 0xf2, 0x19, 0x90}}
+	FOLDERID_RoamedTileImages       = &KNOWNFOLDERID{0xaaa8d5a5, 0xf1d6, 0x4259, [8]byte{0xba, 0xa8, 0x78, 0xe7, 0xef, 0x60, 0x83, 0x5e}}
+	FOLDERID_Screenshots            = &KNOWNFOLDERID{0xb7bede81, 0xdf94, 0x4682, [8]byte{0xa7, 0xd8, 0x57, 0xa5, 0x26, 0x20, 0xb8, 0x6f}}
+	FOLDERID_CameraRoll             = &KNOWNFOLDERID{0xab5fb87b, 0x7ce2, 0x4f83, [8]byte{0x91, 0x5d, 0x55, 0x08, 0x46, 0xc9, 0x53, 0x7b}}
+	FOLDERID_SkyDrive               = &KNOWNFOLDERID{0xa52bba46, 0xe9e1, 0x435f, [8]byte{0xb3, 0xd9, 0x28, 0xda, 0xa6, 0x48, 0xc0, 0xf6}}
+	FOLDERID_OneDrive               = &KNOWNFOLDERID{0xa52bba46, 0xe9e1, 0x435f, [8]byte{0xb3, 0xd9, 0x28, 0xda, 0xa6, 0x48, 0xc0, 0xf6}}
+	FOLDERID_SkyDriveDocuments      = &KNOWNFOLDERID{0x24d89e24, 0x2f19, 0x4534, [8]byte{0x9d, 0xde, 0x6a, 0x66, 0x71, 0xfb, 0xb8, 0xfe}}
+	FOLDERID_SkyDrivePictures       = &KNOWNFOLDERID{0x339719b5, 0x8c47, 0x4894, [8]byte{0x94, 0xc2, 0xd8, 0xf7, 0x7a, 0xdd, 0x44, 0xa6}}
+	FOLDERID_SkyDriveMusic          = &KNOWNFOLDERID{0xc3f2459e, 0x80d6, 0x45dc, [8]byte{0xbf, 0xef, 0x1f, 0x76, 0x9f, 0x2b, 0xe7, 0x30}}
+	FOLDERID_SkyDriveCameraRoll     = &KNOWNFOLDERID{0x767e6811, 0x49cb, 0x4273, [8]byte{0x87, 0xc2, 0x20, 0xf3, 0x55, 0xe1, 0x08, 0x5b}}
+	FOLDERID_SearchHistory          = &KNOWNFOLDERID{0x0d4c3db6, 0x03a3, 0x462f, [8]byte{0xa0, 0xe6, 0x08, 0x92, 0x4c, 0x41, 0xb5, 0xd4}}
+	FOLDERID_SearchTemplates        = &KNOWNFOLDERID{0x7e636bfe, 0xdfa9, 0x4d5e, [8]byte{0xb4, 0x56, 0xd7, 0xb3, 0x98, 0x51, 0xd8, 0xa9}}
+	FOLDERID_CameraRollLibrary      = &KNOWNFOLDERID{0x2b20df75, 0x1eda, 0x4039, [8]byte{0x80, 0x97, 0x38, 0x79, 0x82, 0x27, 0xd5, 0xb7}}
+	FOLDERID_SavedPictures          = &KNOWNFOLDERID{0x3b193882, 0xd3ad, 0x4eab, [8]byte{0x96, 0x5a, 0x69, 0x82, 0x9d, 0x1f, 0xb5, 0x9f}}
+	FOLDERID_SavedPicturesLibrary   = &KNOWNFOLDERID{0xe25b5812, 0xbe88, 0x4bd9, [8]byte{0x94, 0xb0, 0x29, 0x23, 0x34, 0x77, 0xb6, 0xc3}}
+	FOLDERID_RetailDemo             = &KNOWNFOLDERID{0x12d4c69e, 0x24ad, 0x4923, [8]byte{0xbe, 0x19, 0x31, 0x32, 0x1c, 0x43, 0xa7, 0x67}}
+	FOLDERID_Device                 = &KNOWNFOLDERID{0x1c2ac1dc, 0x4358, 0x4b6c, [8]byte{0x97, 0x33, 0xaf, 0x21, 0x15, 0x65, 0x76, 0xf0}}
+	FOLDERID_DevelopmentFiles       = &KNOWNFOLDERID{0xdbe8e08e, 0x3053, 0x4bbc, [8]byte{0xb1, 0x83, 0x2a, 0x7b, 0x2b, 0x19, 0x1e, 0x59}}
+	FOLDERID_Objects3D              = &KNOWNFOLDERID{0x31c0dd25, 0x9439, 0x4f12, [8]byte{0xbf, 0x41, 0x7f, 0xf4, 0xed, 0xa3, 0x87, 0x22}}
+	FOLDERID_AppCaptures            = &KNOWNFOLDERID{0xedc0fe71, 0x98d8, 0x4f4a, [8]byte{0xb9, 0x20, 0xc8, 0xdc, 0x13, 0x3c, 0xb1, 0x65}}
+	FOLDERID_LocalDocuments         = &KNOWNFOLDERID{0xf42ee2d3, 0x909f, 0x4907, [8]byte{0x88, 0x71, 0x4c, 0x22, 0xfc, 0x0b, 0xf7, 0x56}}
+	FOLDERID_LocalPictures          = &KNOWNFOLDERID{0x0ddd015d, 0xb06c, 0x45d5, [8]byte{0x8c, 0x4c, 0xf5, 0x97, 0x13, 0x85, 0x46, 0x39}}
+	FOLDERID_LocalVideos            = &KNOWNFOLDERID{0x35286a68, 0x3c57, 0x41a1, [8]byte{0xbb, 0xb1, 0x0e, 0xae, 0x73, 0xd7, 0x6c, 0x95}}
+	FOLDERID_LocalMusic             = &KNOWNFOLDERID{0xa0c69a99, 0x21c8, 0x4671, [8]byte{0x87, 0x03, 0x79, 0x34, 0x16, 0x2f, 0xcf, 0x1d}}
+	FOLDERID_LocalDownloads         = &KNOWNFOLDERID{0x7d83ee9b, 0x2244, 0x4e70, [8]byte{0xb1, 0xf5, 0x53, 0x93, 0x04, 0x2a, 0xf1, 0xe4}}
+	FOLDERID_RecordedCalls          = &KNOWNFOLDERID{0x2f8b40c2, 0x83ed, 0x48ee, [8]byte{0xb3, 0x83, 0xa1, 0xf1, 0x57, 0xec, 0x6f, 0x9a}}
+	FOLDERID_AllAppMods             = &KNOWNFOLDERID{0x7ad67899, 0x66af, 0x43ba, [8]byte{0x91, 0x56, 0x6a, 0xad, 0x42, 0xe6, 0xc5, 0x96}}
+	FOLDERID_CurrentAppMods         = &KNOWNFOLDERID{0x3db40b20, 0x2a30, 0x4dbe, [8]byte{0x91, 0x7e, 0x77, 0x1d, 0xd2, 0x1d, 0xd0, 0x99}}
+	FOLDERID_AppDataDesktop         = &KNOWNFOLDERID{0xb2c5e279, 0x7add, 0x439f, [8]byte{0xb2, 0x8c, 0xc4, 0x1f, 0xe1, 0xbb, 0xf6, 0x72}}
+	FOLDERID_AppDataDocuments       = &KNOWNFOLDERID{0x7be16610, 0x1f7f, 0x44ac, [8]byte{0xbf, 0xf0, 0x83, 0xe1, 0x5f, 0x2f, 0xfc, 0xa1}}
+	FOLDERID_AppDataFavorites       = &KNOWNFOLDERID{0x7cfbefbc, 0xde1f, 0x45aa, [8]byte{0xb8, 0x43, 0xa5, 0x42, 0xac, 0x53, 0x6c, 0xc9}}
+	FOLDERID_AppDataProgramData     = &KNOWNFOLDERID{0x559d40a3, 0xa036, 0x40fa, [8]byte{0xaf, 0x61, 0x84, 0xcb, 0x43, 0x0a, 0x4d, 0x34}}
+)
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index fc56aec035b08..ef3cfcfb2b280 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -17,6 +17,7 @@ const (
 
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
 )
 
 // errnoErr returns common boxed Errno values, to prevent
@@ -24,7 +25,7 @@ var (
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
-		return nil
+		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
@@ -36,1743 +37,1520 @@ func errnoErr(e syscall.Errno) error {
 
 var (
 	modadvapi32 = NewLazySystemDLL("advapi32.dll")
-	modkernel32 = NewLazySystemDLL("kernel32.dll")
-	modshell32  = NewLazySystemDLL("shell32.dll")
-	modmswsock  = NewLazySystemDLL("mswsock.dll")
 	modcrypt32  = NewLazySystemDLL("crypt32.dll")
-	modws2_32   = NewLazySystemDLL("ws2_32.dll")
 	moddnsapi   = NewLazySystemDLL("dnsapi.dll")
 	modiphlpapi = NewLazySystemDLL("iphlpapi.dll")
-	modsecur32  = NewLazySystemDLL("secur32.dll")
+	modkernel32 = NewLazySystemDLL("kernel32.dll")
+	modmswsock  = NewLazySystemDLL("mswsock.dll")
 	modnetapi32 = NewLazySystemDLL("netapi32.dll")
+	modntdll    = NewLazySystemDLL("ntdll.dll")
+	modole32    = NewLazySystemDLL("ole32.dll")
+	modpsapi    = NewLazySystemDLL("psapi.dll")
+	modsechost  = NewLazySystemDLL("sechost.dll")
+	modsecur32  = NewLazySystemDLL("secur32.dll")
+	modshell32  = NewLazySystemDLL("shell32.dll")
+	moduser32   = NewLazySystemDLL("user32.dll")
 	moduserenv  = NewLazySystemDLL("userenv.dll")
-
-	procRegisterEventSourceW               = modadvapi32.NewProc("RegisterEventSourceW")
-	procDeregisterEventSource              = modadvapi32.NewProc("DeregisterEventSource")
-	procReportEventW                       = modadvapi32.NewProc("ReportEventW")
-	procOpenSCManagerW                     = modadvapi32.NewProc("OpenSCManagerW")
-	procCloseServiceHandle                 = modadvapi32.NewProc("CloseServiceHandle")
-	procCreateServiceW                     = modadvapi32.NewProc("CreateServiceW")
-	procOpenServiceW                       = modadvapi32.NewProc("OpenServiceW")
-	procDeleteService                      = modadvapi32.NewProc("DeleteService")
-	procStartServiceW                      = modadvapi32.NewProc("StartServiceW")
-	procQueryServiceStatus                 = modadvapi32.NewProc("QueryServiceStatus")
-	procControlService                     = modadvapi32.NewProc("ControlService")
-	procStartServiceCtrlDispatcherW        = modadvapi32.NewProc("StartServiceCtrlDispatcherW")
-	procSetServiceStatus                   = modadvapi32.NewProc("SetServiceStatus")
-	procChangeServiceConfigW               = modadvapi32.NewProc("ChangeServiceConfigW")
-	procQueryServiceConfigW                = modadvapi32.NewProc("QueryServiceConfigW")
-	procChangeServiceConfig2W              = modadvapi32.NewProc("ChangeServiceConfig2W")
-	procQueryServiceConfig2W               = modadvapi32.NewProc("QueryServiceConfig2W")
-	procEnumServicesStatusExW              = modadvapi32.NewProc("EnumServicesStatusExW")
-	procQueryServiceStatusEx               = modadvapi32.NewProc("QueryServiceStatusEx")
-	procGetLastError                       = modkernel32.NewProc("GetLastError")
-	procLoadLibraryW                       = modkernel32.NewProc("LoadLibraryW")
-	procLoadLibraryExW                     = modkernel32.NewProc("LoadLibraryExW")
-	procFreeLibrary                        = modkernel32.NewProc("FreeLibrary")
-	procGetProcAddress                     = modkernel32.NewProc("GetProcAddress")
-	procGetVersion                         = modkernel32.NewProc("GetVersion")
-	procFormatMessageW                     = modkernel32.NewProc("FormatMessageW")
-	procExitProcess                        = modkernel32.NewProc("ExitProcess")
-	procCreateFileW                        = modkernel32.NewProc("CreateFileW")
-	procReadFile                           = modkernel32.NewProc("ReadFile")
-	procWriteFile                          = modkernel32.NewProc("WriteFile")
-	procSetFilePointer                     = modkernel32.NewProc("SetFilePointer")
-	procCloseHandle                        = modkernel32.NewProc("CloseHandle")
-	procGetStdHandle                       = modkernel32.NewProc("GetStdHandle")
-	procSetStdHandle                       = modkernel32.NewProc("SetStdHandle")
-	procFindFirstFileW                     = modkernel32.NewProc("FindFirstFileW")
-	procFindNextFileW                      = modkernel32.NewProc("FindNextFileW")
-	procFindClose                          = modkernel32.NewProc("FindClose")
-	procGetFileInformationByHandle         = modkernel32.NewProc("GetFileInformationByHandle")
-	procGetCurrentDirectoryW               = modkernel32.NewProc("GetCurrentDirectoryW")
-	procSetCurrentDirectoryW               = modkernel32.NewProc("SetCurrentDirectoryW")
-	procCreateDirectoryW                   = modkernel32.NewProc("CreateDirectoryW")
-	procRemoveDirectoryW                   = modkernel32.NewProc("RemoveDirectoryW")
-	procDeleteFileW                        = modkernel32.NewProc("DeleteFileW")
-	procMoveFileW                          = modkernel32.NewProc("MoveFileW")
-	procMoveFileExW                        = modkernel32.NewProc("MoveFileExW")
-	procGetComputerNameW                   = modkernel32.NewProc("GetComputerNameW")
-	procGetComputerNameExW                 = modkernel32.NewProc("GetComputerNameExW")
-	procSetEndOfFile                       = modkernel32.NewProc("SetEndOfFile")
-	procGetSystemTimeAsFileTime            = modkernel32.NewProc("GetSystemTimeAsFileTime")
-	procGetSystemTimePreciseAsFileTime     = modkernel32.NewProc("GetSystemTimePreciseAsFileTime")
-	procGetTimeZoneInformation             = modkernel32.NewProc("GetTimeZoneInformation")
-	procCreateIoCompletionPort             = modkernel32.NewProc("CreateIoCompletionPort")
-	procGetQueuedCompletionStatus          = modkernel32.NewProc("GetQueuedCompletionStatus")
-	procPostQueuedCompletionStatus         = modkernel32.NewProc("PostQueuedCompletionStatus")
-	procCancelIo                           = modkernel32.NewProc("CancelIo")
-	procCancelIoEx                         = modkernel32.NewProc("CancelIoEx")
-	procCreateProcessW                     = modkernel32.NewProc("CreateProcessW")
-	procOpenProcess                        = modkernel32.NewProc("OpenProcess")
-	procTerminateProcess                   = modkernel32.NewProc("TerminateProcess")
-	procGetExitCodeProcess                 = modkernel32.NewProc("GetExitCodeProcess")
-	procGetStartupInfoW                    = modkernel32.NewProc("GetStartupInfoW")
-	procGetCurrentProcess                  = modkernel32.NewProc("GetCurrentProcess")
-	procGetProcessTimes                    = modkernel32.NewProc("GetProcessTimes")
-	procDuplicateHandle                    = modkernel32.NewProc("DuplicateHandle")
-	procWaitForSingleObject                = modkernel32.NewProc("WaitForSingleObject")
-	procGetTempPathW                       = modkernel32.NewProc("GetTempPathW")
-	procCreatePipe                         = modkernel32.NewProc("CreatePipe")
-	procGetFileType                        = modkernel32.NewProc("GetFileType")
-	procCryptAcquireContextW               = modadvapi32.NewProc("CryptAcquireContextW")
-	procCryptReleaseContext                = modadvapi32.NewProc("CryptReleaseContext")
-	procCryptGenRandom                     = modadvapi32.NewProc("CryptGenRandom")
-	procGetEnvironmentStringsW             = modkernel32.NewProc("GetEnvironmentStringsW")
-	procFreeEnvironmentStringsW            = modkernel32.NewProc("FreeEnvironmentStringsW")
-	procGetEnvironmentVariableW            = modkernel32.NewProc("GetEnvironmentVariableW")
-	procSetEnvironmentVariableW            = modkernel32.NewProc("SetEnvironmentVariableW")
-	procSetFileTime                        = modkernel32.NewProc("SetFileTime")
-	procGetFileAttributesW                 = modkernel32.NewProc("GetFileAttributesW")
-	procSetFileAttributesW                 = modkernel32.NewProc("SetFileAttributesW")
-	procGetFileAttributesExW               = modkernel32.NewProc("GetFileAttributesExW")
-	procGetCommandLineW                    = modkernel32.NewProc("GetCommandLineW")
-	procCommandLineToArgvW                 = modshell32.NewProc("CommandLineToArgvW")
-	procLocalFree                          = modkernel32.NewProc("LocalFree")
-	procSetHandleInformation               = modkernel32.NewProc("SetHandleInformation")
-	procFlushFileBuffers                   = modkernel32.NewProc("FlushFileBuffers")
-	procGetFullPathNameW                   = modkernel32.NewProc("GetFullPathNameW")
-	procGetLongPathNameW                   = modkernel32.NewProc("GetLongPathNameW")
-	procGetShortPathNameW                  = modkernel32.NewProc("GetShortPathNameW")
-	procCreateFileMappingW                 = modkernel32.NewProc("CreateFileMappingW")
-	procMapViewOfFile                      = modkernel32.NewProc("MapViewOfFile")
-	procUnmapViewOfFile                    = modkernel32.NewProc("UnmapViewOfFile")
-	procFlushViewOfFile                    = modkernel32.NewProc("FlushViewOfFile")
-	procVirtualLock                        = modkernel32.NewProc("VirtualLock")
-	procVirtualUnlock                      = modkernel32.NewProc("VirtualUnlock")
-	procVirtualAlloc                       = modkernel32.NewProc("VirtualAlloc")
-	procVirtualFree                        = modkernel32.NewProc("VirtualFree")
-	procVirtualProtect                     = modkernel32.NewProc("VirtualProtect")
-	procTransmitFile                       = modmswsock.NewProc("TransmitFile")
-	procReadDirectoryChangesW              = modkernel32.NewProc("ReadDirectoryChangesW")
-	procCertOpenSystemStoreW               = modcrypt32.NewProc("CertOpenSystemStoreW")
-	procCertOpenStore                      = modcrypt32.NewProc("CertOpenStore")
-	procCertEnumCertificatesInStore        = modcrypt32.NewProc("CertEnumCertificatesInStore")
-	procCertAddCertificateContextToStore   = modcrypt32.NewProc("CertAddCertificateContextToStore")
-	procCertCloseStore                     = modcrypt32.NewProc("CertCloseStore")
-	procCertGetCertificateChain            = modcrypt32.NewProc("CertGetCertificateChain")
-	procCertFreeCertificateChain           = modcrypt32.NewProc("CertFreeCertificateChain")
-	procCertCreateCertificateContext       = modcrypt32.NewProc("CertCreateCertificateContext")
-	procCertFreeCertificateContext         = modcrypt32.NewProc("CertFreeCertificateContext")
-	procCertVerifyCertificateChainPolicy   = modcrypt32.NewProc("CertVerifyCertificateChainPolicy")
-	procRegOpenKeyExW                      = modadvapi32.NewProc("RegOpenKeyExW")
-	procRegCloseKey                        = modadvapi32.NewProc("RegCloseKey")
-	procRegQueryInfoKeyW                   = modadvapi32.NewProc("RegQueryInfoKeyW")
-	procRegEnumKeyExW                      = modadvapi32.NewProc("RegEnumKeyExW")
-	procRegQueryValueExW                   = modadvapi32.NewProc("RegQueryValueExW")
-	procGetCurrentProcessId                = modkernel32.NewProc("GetCurrentProcessId")
-	procGetConsoleMode                     = modkernel32.NewProc("GetConsoleMode")
-	procSetConsoleMode                     = modkernel32.NewProc("SetConsoleMode")
-	procGetConsoleScreenBufferInfo         = modkernel32.NewProc("GetConsoleScreenBufferInfo")
-	procWriteConsoleW                      = modkernel32.NewProc("WriteConsoleW")
-	procReadConsoleW                       = modkernel32.NewProc("ReadConsoleW")
-	procCreateToolhelp32Snapshot           = modkernel32.NewProc("CreateToolhelp32Snapshot")
-	procProcess32FirstW                    = modkernel32.NewProc("Process32FirstW")
-	procProcess32NextW                     = modkernel32.NewProc("Process32NextW")
-	procDeviceIoControl                    = modkernel32.NewProc("DeviceIoControl")
-	procCreateSymbolicLinkW                = modkernel32.NewProc("CreateSymbolicLinkW")
-	procCreateHardLinkW                    = modkernel32.NewProc("CreateHardLinkW")
-	procGetCurrentThreadId                 = modkernel32.NewProc("GetCurrentThreadId")
-	procCreateEventW                       = modkernel32.NewProc("CreateEventW")
-	procCreateEventExW                     = modkernel32.NewProc("CreateEventExW")
-	procOpenEventW                         = modkernel32.NewProc("OpenEventW")
-	procSetEvent                           = modkernel32.NewProc("SetEvent")
-	procResetEvent                         = modkernel32.NewProc("ResetEvent")
-	procPulseEvent                         = modkernel32.NewProc("PulseEvent")
-	procDefineDosDeviceW                   = modkernel32.NewProc("DefineDosDeviceW")
-	procDeleteVolumeMountPointW            = modkernel32.NewProc("DeleteVolumeMountPointW")
-	procFindFirstVolumeW                   = modkernel32.NewProc("FindFirstVolumeW")
-	procFindFirstVolumeMountPointW         = modkernel32.NewProc("FindFirstVolumeMountPointW")
-	procFindNextVolumeW                    = modkernel32.NewProc("FindNextVolumeW")
-	procFindNextVolumeMountPointW          = modkernel32.NewProc("FindNextVolumeMountPointW")
-	procFindVolumeClose                    = modkernel32.NewProc("FindVolumeClose")
-	procFindVolumeMountPointClose          = modkernel32.NewProc("FindVolumeMountPointClose")
-	procGetDriveTypeW                      = modkernel32.NewProc("GetDriveTypeW")
-	procGetLogicalDrives                   = modkernel32.NewProc("GetLogicalDrives")
-	procGetLogicalDriveStringsW            = modkernel32.NewProc("GetLogicalDriveStringsW")
-	procGetVolumeInformationW              = modkernel32.NewProc("GetVolumeInformationW")
-	procGetVolumeInformationByHandleW      = modkernel32.NewProc("GetVolumeInformationByHandleW")
-	procGetVolumeNameForVolumeMountPointW  = modkernel32.NewProc("GetVolumeNameForVolumeMountPointW")
-	procGetVolumePathNameW                 = modkernel32.NewProc("GetVolumePathNameW")
-	procGetVolumePathNamesForVolumeNameW   = modkernel32.NewProc("GetVolumePathNamesForVolumeNameW")
-	procQueryDosDeviceW                    = modkernel32.NewProc("QueryDosDeviceW")
-	procSetVolumeLabelW                    = modkernel32.NewProc("SetVolumeLabelW")
-	procSetVolumeMountPointW               = modkernel32.NewProc("SetVolumeMountPointW")
-	procWSAStartup                         = modws2_32.NewProc("WSAStartup")
-	procWSACleanup                         = modws2_32.NewProc("WSACleanup")
-	procWSAIoctl                           = modws2_32.NewProc("WSAIoctl")
-	procsocket                             = modws2_32.NewProc("socket")
-	procsetsockopt                         = modws2_32.NewProc("setsockopt")
-	procgetsockopt                         = modws2_32.NewProc("getsockopt")
-	procbind                               = modws2_32.NewProc("bind")
-	procconnect                            = modws2_32.NewProc("connect")
-	procgetsockname                        = modws2_32.NewProc("getsockname")
-	procgetpeername                        = modws2_32.NewProc("getpeername")
-	proclisten                             = modws2_32.NewProc("listen")
-	procshutdown                           = modws2_32.NewProc("shutdown")
-	procclosesocket                        = modws2_32.NewProc("closesocket")
-	procAcceptEx                           = modmswsock.NewProc("AcceptEx")
-	procGetAcceptExSockaddrs               = modmswsock.NewProc("GetAcceptExSockaddrs")
-	procWSARecv                            = modws2_32.NewProc("WSARecv")
-	procWSASend                            = modws2_32.NewProc("WSASend")
-	procWSARecvFrom                        = modws2_32.NewProc("WSARecvFrom")
-	procWSASendTo                          = modws2_32.NewProc("WSASendTo")
-	procgethostbyname                      = modws2_32.NewProc("gethostbyname")
-	procgetservbyname                      = modws2_32.NewProc("getservbyname")
-	procntohs                              = modws2_32.NewProc("ntohs")
-	procgetprotobyname                     = modws2_32.NewProc("getprotobyname")
-	procDnsQuery_W                         = moddnsapi.NewProc("DnsQuery_W")
-	procDnsRecordListFree                  = moddnsapi.NewProc("DnsRecordListFree")
-	procDnsNameCompare_W                   = moddnsapi.NewProc("DnsNameCompare_W")
-	procGetAddrInfoW                       = modws2_32.NewProc("GetAddrInfoW")
-	procFreeAddrInfoW                      = modws2_32.NewProc("FreeAddrInfoW")
-	procGetIfEntry                         = modiphlpapi.NewProc("GetIfEntry")
-	procGetAdaptersInfo                    = modiphlpapi.NewProc("GetAdaptersInfo")
-	procSetFileCompletionNotificationModes = modkernel32.NewProc("SetFileCompletionNotificationModes")
-	procWSAEnumProtocolsW                  = modws2_32.NewProc("WSAEnumProtocolsW")
-	procGetAdaptersAddresses               = modiphlpapi.NewProc("GetAdaptersAddresses")
-	procGetACP                             = modkernel32.NewProc("GetACP")
-	procMultiByteToWideChar                = modkernel32.NewProc("MultiByteToWideChar")
-	procTranslateNameW                     = modsecur32.NewProc("TranslateNameW")
-	procGetUserNameExW                     = modsecur32.NewProc("GetUserNameExW")
-	procNetUserGetInfo                     = modnetapi32.NewProc("NetUserGetInfo")
-	procNetGetJoinInformation              = modnetapi32.NewProc("NetGetJoinInformation")
-	procNetApiBufferFree                   = modnetapi32.NewProc("NetApiBufferFree")
-	procLookupAccountSidW                  = modadvapi32.NewProc("LookupAccountSidW")
-	procLookupAccountNameW                 = modadvapi32.NewProc("LookupAccountNameW")
-	procConvertSidToStringSidW             = modadvapi32.NewProc("ConvertSidToStringSidW")
-	procConvertStringSidToSidW             = modadvapi32.NewProc("ConvertStringSidToSidW")
-	procGetLengthSid                       = modadvapi32.NewProc("GetLengthSid")
-	procCopySid                            = modadvapi32.NewProc("CopySid")
-	procAllocateAndInitializeSid           = modadvapi32.NewProc("AllocateAndInitializeSid")
-	procFreeSid                            = modadvapi32.NewProc("FreeSid")
-	procEqualSid                           = modadvapi32.NewProc("EqualSid")
-	procCheckTokenMembership               = modadvapi32.NewProc("CheckTokenMembership")
-	procOpenProcessToken                   = modadvapi32.NewProc("OpenProcessToken")
-	procGetTokenInformation                = modadvapi32.NewProc("GetTokenInformation")
-	procGetUserProfileDirectoryW           = moduserenv.NewProc("GetUserProfileDirectoryW")
+	modversion  = NewLazySystemDLL("version.dll")
+	modwintrust = NewLazySystemDLL("wintrust.dll")
+	modws2_32   = NewLazySystemDLL("ws2_32.dll")
+	modwtsapi32 = NewLazySystemDLL("wtsapi32.dll")
+
+	procAdjustTokenGroups                                    = modadvapi32.NewProc("AdjustTokenGroups")
+	procAdjustTokenPrivileges                                = modadvapi32.NewProc("AdjustTokenPrivileges")
+	procAllocateAndInitializeSid                             = modadvapi32.NewProc("AllocateAndInitializeSid")
+	procBuildSecurityDescriptorW                             = modadvapi32.NewProc("BuildSecurityDescriptorW")
+	procChangeServiceConfig2W                                = modadvapi32.NewProc("ChangeServiceConfig2W")
+	procChangeServiceConfigW                                 = modadvapi32.NewProc("ChangeServiceConfigW")
+	procCheckTokenMembership                                 = modadvapi32.NewProc("CheckTokenMembership")
+	procCloseServiceHandle                                   = modadvapi32.NewProc("CloseServiceHandle")
+	procControlService                                       = modadvapi32.NewProc("ControlService")
+	procConvertSecurityDescriptorToStringSecurityDescriptorW = modadvapi32.NewProc("ConvertSecurityDescriptorToStringSecurityDescriptorW")
+	procConvertSidToStringSidW                               = modadvapi32.NewProc("ConvertSidToStringSidW")
+	procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
+	procConvertStringSidToSidW                               = modadvapi32.NewProc("ConvertStringSidToSidW")
+	procCopySid                                              = modadvapi32.NewProc("CopySid")
+	procCreateProcessAsUserW                                 = modadvapi32.NewProc("CreateProcessAsUserW")
+	procCreateServiceW                                       = modadvapi32.NewProc("CreateServiceW")
+	procCreateWellKnownSid                                   = modadvapi32.NewProc("CreateWellKnownSid")
+	procCryptAcquireContextW                                 = modadvapi32.NewProc("CryptAcquireContextW")
+	procCryptGenRandom                                       = modadvapi32.NewProc("CryptGenRandom")
+	procCryptReleaseContext                                  = modadvapi32.NewProc("CryptReleaseContext")
+	procDeleteService                                        = modadvapi32.NewProc("DeleteService")
+	procDeregisterEventSource                                = modadvapi32.NewProc("DeregisterEventSource")
+	procDuplicateTokenEx                                     = modadvapi32.NewProc("DuplicateTokenEx")
+	procEnumServicesStatusExW                                = modadvapi32.NewProc("EnumServicesStatusExW")
+	procEqualSid                                             = modadvapi32.NewProc("EqualSid")
+	procFreeSid                                              = modadvapi32.NewProc("FreeSid")
+	procGetLengthSid                                         = modadvapi32.NewProc("GetLengthSid")
+	procGetNamedSecurityInfoW                                = modadvapi32.NewProc("GetNamedSecurityInfoW")
+	procGetSecurityDescriptorControl                         = modadvapi32.NewProc("GetSecurityDescriptorControl")
+	procGetSecurityDescriptorDacl                            = modadvapi32.NewProc("GetSecurityDescriptorDacl")
+	procGetSecurityDescriptorGroup                           = modadvapi32.NewProc("GetSecurityDescriptorGroup")
+	procGetSecurityDescriptorLength                          = modadvapi32.NewProc("GetSecurityDescriptorLength")
+	procGetSecurityDescriptorOwner                           = modadvapi32.NewProc("GetSecurityDescriptorOwner")
+	procGetSecurityDescriptorRMControl                       = modadvapi32.NewProc("GetSecurityDescriptorRMControl")
+	procGetSecurityDescriptorSacl                            = modadvapi32.NewProc("GetSecurityDescriptorSacl")
+	procGetSecurityInfo                                      = modadvapi32.NewProc("GetSecurityInfo")
+	procGetSidIdentifierAuthority                            = modadvapi32.NewProc("GetSidIdentifierAuthority")
+	procGetSidSubAuthority                                   = modadvapi32.NewProc("GetSidSubAuthority")
+	procGetSidSubAuthorityCount                              = modadvapi32.NewProc("GetSidSubAuthorityCount")
+	procGetTokenInformation                                  = modadvapi32.NewProc("GetTokenInformation")
+	procImpersonateSelf                                      = modadvapi32.NewProc("ImpersonateSelf")
+	procInitializeSecurityDescriptor                         = modadvapi32.NewProc("InitializeSecurityDescriptor")
+	procInitiateSystemShutdownExW                            = modadvapi32.NewProc("InitiateSystemShutdownExW")
+	procIsTokenRestricted                                    = modadvapi32.NewProc("IsTokenRestricted")
+	procIsValidSecurityDescriptor                            = modadvapi32.NewProc("IsValidSecurityDescriptor")
+	procIsValidSid                                           = modadvapi32.NewProc("IsValidSid")
+	procIsWellKnownSid                                       = modadvapi32.NewProc("IsWellKnownSid")
+	procLookupAccountNameW                                   = modadvapi32.NewProc("LookupAccountNameW")
+	procLookupAccountSidW                                    = modadvapi32.NewProc("LookupAccountSidW")
+	procLookupPrivilegeValueW                                = modadvapi32.NewProc("LookupPrivilegeValueW")
+	procMakeAbsoluteSD                                       = modadvapi32.NewProc("MakeAbsoluteSD")
+	procMakeSelfRelativeSD                                   = modadvapi32.NewProc("MakeSelfRelativeSD")
+	procNotifyServiceStatusChangeW                           = modadvapi32.NewProc("NotifyServiceStatusChangeW")
+	procOpenProcessToken                                     = modadvapi32.NewProc("OpenProcessToken")
+	procOpenSCManagerW                                       = modadvapi32.NewProc("OpenSCManagerW")
+	procOpenServiceW                                         = modadvapi32.NewProc("OpenServiceW")
+	procOpenThreadToken                                      = modadvapi32.NewProc("OpenThreadToken")
+	procQueryServiceConfig2W                                 = modadvapi32.NewProc("QueryServiceConfig2W")
+	procQueryServiceConfigW                                  = modadvapi32.NewProc("QueryServiceConfigW")
+	procQueryServiceLockStatusW                              = modadvapi32.NewProc("QueryServiceLockStatusW")
+	procQueryServiceStatus                                   = modadvapi32.NewProc("QueryServiceStatus")
+	procQueryServiceStatusEx                                 = modadvapi32.NewProc("QueryServiceStatusEx")
+	procRegCloseKey                                          = modadvapi32.NewProc("RegCloseKey")
+	procRegEnumKeyExW                                        = modadvapi32.NewProc("RegEnumKeyExW")
+	procRegNotifyChangeKeyValue                              = modadvapi32.NewProc("RegNotifyChangeKeyValue")
+	procRegOpenKeyExW                                        = modadvapi32.NewProc("RegOpenKeyExW")
+	procRegQueryInfoKeyW                                     = modadvapi32.NewProc("RegQueryInfoKeyW")
+	procRegQueryValueExW                                     = modadvapi32.NewProc("RegQueryValueExW")
+	procRegisterEventSourceW                                 = modadvapi32.NewProc("RegisterEventSourceW")
+	procRegisterServiceCtrlHandlerExW                        = modadvapi32.NewProc("RegisterServiceCtrlHandlerExW")
+	procReportEventW                                         = modadvapi32.NewProc("ReportEventW")
+	procRevertToSelf                                         = modadvapi32.NewProc("RevertToSelf")
+	procSetEntriesInAclW                                     = modadvapi32.NewProc("SetEntriesInAclW")
+	procSetKernelObjectSecurity                              = modadvapi32.NewProc("SetKernelObjectSecurity")
+	procSetNamedSecurityInfoW                                = modadvapi32.NewProc("SetNamedSecurityInfoW")
+	procSetSecurityDescriptorControl                         = modadvapi32.NewProc("SetSecurityDescriptorControl")
+	procSetSecurityDescriptorDacl                            = modadvapi32.NewProc("SetSecurityDescriptorDacl")
+	procSetSecurityDescriptorGroup                           = modadvapi32.NewProc("SetSecurityDescriptorGroup")
+	procSetSecurityDescriptorOwner                           = modadvapi32.NewProc("SetSecurityDescriptorOwner")
+	procSetSecurityDescriptorRMControl                       = modadvapi32.NewProc("SetSecurityDescriptorRMControl")
+	procSetSecurityDescriptorSacl                            = modadvapi32.NewProc("SetSecurityDescriptorSacl")
+	procSetSecurityInfo                                      = modadvapi32.NewProc("SetSecurityInfo")
+	procSetServiceStatus                                     = modadvapi32.NewProc("SetServiceStatus")
+	procSetThreadToken                                       = modadvapi32.NewProc("SetThreadToken")
+	procSetTokenInformation                                  = modadvapi32.NewProc("SetTokenInformation")
+	procStartServiceCtrlDispatcherW                          = modadvapi32.NewProc("StartServiceCtrlDispatcherW")
+	procStartServiceW                                        = modadvapi32.NewProc("StartServiceW")
+	procCertAddCertificateContextToStore                     = modcrypt32.NewProc("CertAddCertificateContextToStore")
+	procCertCloseStore                                       = modcrypt32.NewProc("CertCloseStore")
+	procCertCreateCertificateContext                         = modcrypt32.NewProc("CertCreateCertificateContext")
+	procCertDeleteCertificateFromStore                       = modcrypt32.NewProc("CertDeleteCertificateFromStore")
+	procCertDuplicateCertificateContext                      = modcrypt32.NewProc("CertDuplicateCertificateContext")
+	procCertEnumCertificatesInStore                          = modcrypt32.NewProc("CertEnumCertificatesInStore")
+	procCertFindCertificateInStore                           = modcrypt32.NewProc("CertFindCertificateInStore")
+	procCertFindChainInStore                                 = modcrypt32.NewProc("CertFindChainInStore")
+	procCertFindExtension                                    = modcrypt32.NewProc("CertFindExtension")
+	procCertFreeCertificateChain                             = modcrypt32.NewProc("CertFreeCertificateChain")
+	procCertFreeCertificateContext                           = modcrypt32.NewProc("CertFreeCertificateContext")
+	procCertGetCertificateChain                              = modcrypt32.NewProc("CertGetCertificateChain")
+	procCertGetNameStringW                                   = modcrypt32.NewProc("CertGetNameStringW")
+	procCertOpenStore                                        = modcrypt32.NewProc("CertOpenStore")
+	procCertOpenSystemStoreW                                 = modcrypt32.NewProc("CertOpenSystemStoreW")
+	procCertVerifyCertificateChainPolicy                     = modcrypt32.NewProc("CertVerifyCertificateChainPolicy")
+	procCryptAcquireCertificatePrivateKey                    = modcrypt32.NewProc("CryptAcquireCertificatePrivateKey")
+	procCryptDecodeObject                                    = modcrypt32.NewProc("CryptDecodeObject")
+	procCryptProtectData                                     = modcrypt32.NewProc("CryptProtectData")
+	procCryptQueryObject                                     = modcrypt32.NewProc("CryptQueryObject")
+	procCryptUnprotectData                                   = modcrypt32.NewProc("CryptUnprotectData")
+	procPFXImportCertStore                                   = modcrypt32.NewProc("PFXImportCertStore")
+	procDnsNameCompare_W                                     = moddnsapi.NewProc("DnsNameCompare_W")
+	procDnsQuery_W                                           = moddnsapi.NewProc("DnsQuery_W")
+	procDnsRecordListFree                                    = moddnsapi.NewProc("DnsRecordListFree")
+	procGetAdaptersAddresses                                 = modiphlpapi.NewProc("GetAdaptersAddresses")
+	procGetAdaptersInfo                                      = modiphlpapi.NewProc("GetAdaptersInfo")
+	procGetIfEntry                                           = modiphlpapi.NewProc("GetIfEntry")
+	procAssignProcessToJobObject                             = modkernel32.NewProc("AssignProcessToJobObject")
+	procCancelIo                                             = modkernel32.NewProc("CancelIo")
+	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
+	procCloseHandle                                          = modkernel32.NewProc("CloseHandle")
+	procConnectNamedPipe                                     = modkernel32.NewProc("ConnectNamedPipe")
+	procCreateDirectoryW                                     = modkernel32.NewProc("CreateDirectoryW")
+	procCreateEventExW                                       = modkernel32.NewProc("CreateEventExW")
+	procCreateEventW                                         = modkernel32.NewProc("CreateEventW")
+	procCreateFileMappingW                                   = modkernel32.NewProc("CreateFileMappingW")
+	procCreateFileW                                          = modkernel32.NewProc("CreateFileW")
+	procCreateHardLinkW                                      = modkernel32.NewProc("CreateHardLinkW")
+	procCreateIoCompletionPort                               = modkernel32.NewProc("CreateIoCompletionPort")
+	procCreateJobObjectW                                     = modkernel32.NewProc("CreateJobObjectW")
+	procCreateMutexExW                                       = modkernel32.NewProc("CreateMutexExW")
+	procCreateMutexW                                         = modkernel32.NewProc("CreateMutexW")
+	procCreateNamedPipeW                                     = modkernel32.NewProc("CreateNamedPipeW")
+	procCreatePipe                                           = modkernel32.NewProc("CreatePipe")
+	procCreateProcessW                                       = modkernel32.NewProc("CreateProcessW")
+	procCreateSymbolicLinkW                                  = modkernel32.NewProc("CreateSymbolicLinkW")
+	procCreateToolhelp32Snapshot                             = modkernel32.NewProc("CreateToolhelp32Snapshot")
+	procDefineDosDeviceW                                     = modkernel32.NewProc("DefineDosDeviceW")
+	procDeleteFileW                                          = modkernel32.NewProc("DeleteFileW")
+	procDeleteProcThreadAttributeList                        = modkernel32.NewProc("DeleteProcThreadAttributeList")
+	procDeleteVolumeMountPointW                              = modkernel32.NewProc("DeleteVolumeMountPointW")
+	procDeviceIoControl                                      = modkernel32.NewProc("DeviceIoControl")
+	procDuplicateHandle                                      = modkernel32.NewProc("DuplicateHandle")
+	procExitProcess                                          = modkernel32.NewProc("ExitProcess")
+	procFindClose                                            = modkernel32.NewProc("FindClose")
+	procFindCloseChangeNotification                          = modkernel32.NewProc("FindCloseChangeNotification")
+	procFindFirstChangeNotificationW                         = modkernel32.NewProc("FindFirstChangeNotificationW")
+	procFindFirstFileW                                       = modkernel32.NewProc("FindFirstFileW")
+	procFindFirstVolumeMountPointW                           = modkernel32.NewProc("FindFirstVolumeMountPointW")
+	procFindFirstVolumeW                                     = modkernel32.NewProc("FindFirstVolumeW")
+	procFindNextChangeNotification                           = modkernel32.NewProc("FindNextChangeNotification")
+	procFindNextFileW                                        = modkernel32.NewProc("FindNextFileW")
+	procFindNextVolumeMountPointW                            = modkernel32.NewProc("FindNextVolumeMountPointW")
+	procFindNextVolumeW                                      = modkernel32.NewProc("FindNextVolumeW")
+	procFindResourceW                                        = modkernel32.NewProc("FindResourceW")
+	procFindVolumeClose                                      = modkernel32.NewProc("FindVolumeClose")
+	procFindVolumeMountPointClose                            = modkernel32.NewProc("FindVolumeMountPointClose")
+	procFlushFileBuffers                                     = modkernel32.NewProc("FlushFileBuffers")
+	procFlushViewOfFile                                      = modkernel32.NewProc("FlushViewOfFile")
+	procFormatMessageW                                       = modkernel32.NewProc("FormatMessageW")
+	procFreeEnvironmentStringsW                              = modkernel32.NewProc("FreeEnvironmentStringsW")
+	procFreeLibrary                                          = modkernel32.NewProc("FreeLibrary")
+	procGenerateConsoleCtrlEvent                             = modkernel32.NewProc("GenerateConsoleCtrlEvent")
+	procGetACP                                               = modkernel32.NewProc("GetACP")
+	procGetCommTimeouts                                      = modkernel32.NewProc("GetCommTimeouts")
+	procGetCommandLineW                                      = modkernel32.NewProc("GetCommandLineW")
+	procGetComputerNameExW                                   = modkernel32.NewProc("GetComputerNameExW")
+	procGetComputerNameW                                     = modkernel32.NewProc("GetComputerNameW")
+	procGetConsoleMode                                       = modkernel32.NewProc("GetConsoleMode")
+	procGetConsoleScreenBufferInfo                           = modkernel32.NewProc("GetConsoleScreenBufferInfo")
+	procGetCurrentDirectoryW                                 = modkernel32.NewProc("GetCurrentDirectoryW")
+	procGetCurrentProcessId                                  = modkernel32.NewProc("GetCurrentProcessId")
+	procGetCurrentThreadId                                   = modkernel32.NewProc("GetCurrentThreadId")
+	procGetDiskFreeSpaceExW                                  = modkernel32.NewProc("GetDiskFreeSpaceExW")
+	procGetDriveTypeW                                        = modkernel32.NewProc("GetDriveTypeW")
+	procGetEnvironmentStringsW                               = modkernel32.NewProc("GetEnvironmentStringsW")
+	procGetEnvironmentVariableW                              = modkernel32.NewProc("GetEnvironmentVariableW")
+	procGetExitCodeProcess                                   = modkernel32.NewProc("GetExitCodeProcess")
+	procGetFileAttributesExW                                 = modkernel32.NewProc("GetFileAttributesExW")
+	procGetFileAttributesW                                   = modkernel32.NewProc("GetFileAttributesW")
+	procGetFileInformationByHandle                           = modkernel32.NewProc("GetFileInformationByHandle")
+	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
+	procGetFileType                                          = modkernel32.NewProc("GetFileType")
+	procGetFinalPathNameByHandleW                            = modkernel32.NewProc("GetFinalPathNameByHandleW")
+	procGetFullPathNameW                                     = modkernel32.NewProc("GetFullPathNameW")
+	procGetLastError                                         = modkernel32.NewProc("GetLastError")
+	procGetLogicalDriveStringsW                              = modkernel32.NewProc("GetLogicalDriveStringsW")
+	procGetLogicalDrives                                     = modkernel32.NewProc("GetLogicalDrives")
+	procGetLongPathNameW                                     = modkernel32.NewProc("GetLongPathNameW")
+	procGetModuleFileNameW                                   = modkernel32.NewProc("GetModuleFileNameW")
+	procGetModuleHandleExW                                   = modkernel32.NewProc("GetModuleHandleExW")
+	procGetNamedPipeHandleStateW                             = modkernel32.NewProc("GetNamedPipeHandleStateW")
+	procGetNamedPipeInfo                                     = modkernel32.NewProc("GetNamedPipeInfo")
+	procGetOverlappedResult                                  = modkernel32.NewProc("GetOverlappedResult")
+	procGetPriorityClass                                     = modkernel32.NewProc("GetPriorityClass")
+	procGetProcAddress                                       = modkernel32.NewProc("GetProcAddress")
+	procGetProcessId                                         = modkernel32.NewProc("GetProcessId")
+	procGetProcessPreferredUILanguages                       = modkernel32.NewProc("GetProcessPreferredUILanguages")
+	procGetProcessShutdownParameters                         = modkernel32.NewProc("GetProcessShutdownParameters")
+	procGetProcessTimes                                      = modkernel32.NewProc("GetProcessTimes")
+	procGetProcessWorkingSetSizeEx                           = modkernel32.NewProc("GetProcessWorkingSetSizeEx")
+	procGetQueuedCompletionStatus                            = modkernel32.NewProc("GetQueuedCompletionStatus")
+	procGetShortPathNameW                                    = modkernel32.NewProc("GetShortPathNameW")
+	procGetStartupInfoW                                      = modkernel32.NewProc("GetStartupInfoW")
+	procGetStdHandle                                         = modkernel32.NewProc("GetStdHandle")
+	procGetSystemDirectoryW                                  = modkernel32.NewProc("GetSystemDirectoryW")
+	procGetSystemPreferredUILanguages                        = modkernel32.NewProc("GetSystemPreferredUILanguages")
+	procGetSystemTimeAsFileTime                              = modkernel32.NewProc("GetSystemTimeAsFileTime")
+	procGetSystemTimePreciseAsFileTime                       = modkernel32.NewProc("GetSystemTimePreciseAsFileTime")
+	procGetSystemWindowsDirectoryW                           = modkernel32.NewProc("GetSystemWindowsDirectoryW")
+	procGetTempPathW                                         = modkernel32.NewProc("GetTempPathW")
+	procGetThreadPreferredUILanguages                        = modkernel32.NewProc("GetThreadPreferredUILanguages")
+	procGetTickCount64                                       = modkernel32.NewProc("GetTickCount64")
+	procGetTimeZoneInformation                               = modkernel32.NewProc("GetTimeZoneInformation")
+	procGetUserPreferredUILanguages                          = modkernel32.NewProc("GetUserPreferredUILanguages")
+	procGetVersion                                           = modkernel32.NewProc("GetVersion")
+	procGetVolumeInformationByHandleW                        = modkernel32.NewProc("GetVolumeInformationByHandleW")
+	procGetVolumeInformationW                                = modkernel32.NewProc("GetVolumeInformationW")
+	procGetVolumeNameForVolumeMountPointW                    = modkernel32.NewProc("GetVolumeNameForVolumeMountPointW")
+	procGetVolumePathNameW                                   = modkernel32.NewProc("GetVolumePathNameW")
+	procGetVolumePathNamesForVolumeNameW                     = modkernel32.NewProc("GetVolumePathNamesForVolumeNameW")
+	procGetWindowsDirectoryW                                 = modkernel32.NewProc("GetWindowsDirectoryW")
+	procInitializeProcThreadAttributeList                    = modkernel32.NewProc("InitializeProcThreadAttributeList")
+	procIsWow64Process                                       = modkernel32.NewProc("IsWow64Process")
+	procIsWow64Process2                                      = modkernel32.NewProc("IsWow64Process2")
+	procLoadLibraryExW                                       = modkernel32.NewProc("LoadLibraryExW")
+	procLoadLibraryW                                         = modkernel32.NewProc("LoadLibraryW")
+	procLoadResource                                         = modkernel32.NewProc("LoadResource")
+	procLocalAlloc                                           = modkernel32.NewProc("LocalAlloc")
+	procLocalFree                                            = modkernel32.NewProc("LocalFree")
+	procLockFileEx                                           = modkernel32.NewProc("LockFileEx")
+	procLockResource                                         = modkernel32.NewProc("LockResource")
+	procMapViewOfFile                                        = modkernel32.NewProc("MapViewOfFile")
+	procMoveFileExW                                          = modkernel32.NewProc("MoveFileExW")
+	procMoveFileW                                            = modkernel32.NewProc("MoveFileW")
+	procMultiByteToWideChar                                  = modkernel32.NewProc("MultiByteToWideChar")
+	procOpenEventW                                           = modkernel32.NewProc("OpenEventW")
+	procOpenMutexW                                           = modkernel32.NewProc("OpenMutexW")
+	procOpenProcess                                          = modkernel32.NewProc("OpenProcess")
+	procOpenThread                                           = modkernel32.NewProc("OpenThread")
+	procPostQueuedCompletionStatus                           = modkernel32.NewProc("PostQueuedCompletionStatus")
+	procProcess32FirstW                                      = modkernel32.NewProc("Process32FirstW")
+	procProcess32NextW                                       = modkernel32.NewProc("Process32NextW")
+	procProcessIdToSessionId                                 = modkernel32.NewProc("ProcessIdToSessionId")
+	procPulseEvent                                           = modkernel32.NewProc("PulseEvent")
+	procQueryDosDeviceW                                      = modkernel32.NewProc("QueryDosDeviceW")
+	procQueryFullProcessImageNameW                           = modkernel32.NewProc("QueryFullProcessImageNameW")
+	procQueryInformationJobObject                            = modkernel32.NewProc("QueryInformationJobObject")
+	procReadConsoleW                                         = modkernel32.NewProc("ReadConsoleW")
+	procReadDirectoryChangesW                                = modkernel32.NewProc("ReadDirectoryChangesW")
+	procReadFile                                             = modkernel32.NewProc("ReadFile")
+	procReadProcessMemory                                    = modkernel32.NewProc("ReadProcessMemory")
+	procReleaseMutex                                         = modkernel32.NewProc("ReleaseMutex")
+	procRemoveDirectoryW                                     = modkernel32.NewProc("RemoveDirectoryW")
+	procResetEvent                                           = modkernel32.NewProc("ResetEvent")
+	procResumeThread                                         = modkernel32.NewProc("ResumeThread")
+	procSetCommTimeouts                                      = modkernel32.NewProc("SetCommTimeouts")
+	procSetConsoleCursorPosition                             = modkernel32.NewProc("SetConsoleCursorPosition")
+	procSetConsoleMode                                       = modkernel32.NewProc("SetConsoleMode")
+	procSetCurrentDirectoryW                                 = modkernel32.NewProc("SetCurrentDirectoryW")
+	procSetDefaultDllDirectories                             = modkernel32.NewProc("SetDefaultDllDirectories")
+	procSetDllDirectoryW                                     = modkernel32.NewProc("SetDllDirectoryW")
+	procSetEndOfFile                                         = modkernel32.NewProc("SetEndOfFile")
+	procSetEnvironmentVariableW                              = modkernel32.NewProc("SetEnvironmentVariableW")
+	procSetErrorMode                                         = modkernel32.NewProc("SetErrorMode")
+	procSetEvent                                             = modkernel32.NewProc("SetEvent")
+	procSetFileAttributesW                                   = modkernel32.NewProc("SetFileAttributesW")
+	procSetFileCompletionNotificationModes                   = modkernel32.NewProc("SetFileCompletionNotificationModes")
+	procSetFileInformationByHandle                           = modkernel32.NewProc("SetFileInformationByHandle")
+	procSetFilePointer                                       = modkernel32.NewProc("SetFilePointer")
+	procSetFileTime                                          = modkernel32.NewProc("SetFileTime")
+	procSetHandleInformation                                 = modkernel32.NewProc("SetHandleInformation")
+	procSetInformationJobObject                              = modkernel32.NewProc("SetInformationJobObject")
+	procSetNamedPipeHandleState                              = modkernel32.NewProc("SetNamedPipeHandleState")
+	procSetPriorityClass                                     = modkernel32.NewProc("SetPriorityClass")
+	procSetProcessPriorityBoost                              = modkernel32.NewProc("SetProcessPriorityBoost")
+	procSetProcessShutdownParameters                         = modkernel32.NewProc("SetProcessShutdownParameters")
+	procSetProcessWorkingSetSizeEx                           = modkernel32.NewProc("SetProcessWorkingSetSizeEx")
+	procSetStdHandle                                         = modkernel32.NewProc("SetStdHandle")
+	procSetVolumeLabelW                                      = modkernel32.NewProc("SetVolumeLabelW")
+	procSetVolumeMountPointW                                 = modkernel32.NewProc("SetVolumeMountPointW")
+	procSizeofResource                                       = modkernel32.NewProc("SizeofResource")
+	procSleepEx                                              = modkernel32.NewProc("SleepEx")
+	procTerminateJobObject                                   = modkernel32.NewProc("TerminateJobObject")
+	procTerminateProcess                                     = modkernel32.NewProc("TerminateProcess")
+	procThread32First                                        = modkernel32.NewProc("Thread32First")
+	procThread32Next                                         = modkernel32.NewProc("Thread32Next")
+	procUnlockFileEx                                         = modkernel32.NewProc("UnlockFileEx")
+	procUnmapViewOfFile                                      = modkernel32.NewProc("UnmapViewOfFile")
+	procUpdateProcThreadAttribute                            = modkernel32.NewProc("UpdateProcThreadAttribute")
+	procVirtualAlloc                                         = modkernel32.NewProc("VirtualAlloc")
+	procVirtualFree                                          = modkernel32.NewProc("VirtualFree")
+	procVirtualLock                                          = modkernel32.NewProc("VirtualLock")
+	procVirtualProtect                                       = modkernel32.NewProc("VirtualProtect")
+	procVirtualProtectEx                                     = modkernel32.NewProc("VirtualProtectEx")
+	procVirtualQuery                                         = modkernel32.NewProc("VirtualQuery")
+	procVirtualQueryEx                                       = modkernel32.NewProc("VirtualQueryEx")
+	procVirtualUnlock                                        = modkernel32.NewProc("VirtualUnlock")
+	procWTSGetActiveConsoleSessionId                         = modkernel32.NewProc("WTSGetActiveConsoleSessionId")
+	procWaitForMultipleObjects                               = modkernel32.NewProc("WaitForMultipleObjects")
+	procWaitForSingleObject                                  = modkernel32.NewProc("WaitForSingleObject")
+	procWriteConsoleW                                        = modkernel32.NewProc("WriteConsoleW")
+	procWriteFile                                            = modkernel32.NewProc("WriteFile")
+	procWriteProcessMemory                                   = modkernel32.NewProc("WriteProcessMemory")
+	procAcceptEx                                             = modmswsock.NewProc("AcceptEx")
+	procGetAcceptExSockaddrs                                 = modmswsock.NewProc("GetAcceptExSockaddrs")
+	procTransmitFile                                         = modmswsock.NewProc("TransmitFile")
+	procNetApiBufferFree                                     = modnetapi32.NewProc("NetApiBufferFree")
+	procNetGetJoinInformation                                = modnetapi32.NewProc("NetGetJoinInformation")
+	procNetUserGetInfo                                       = modnetapi32.NewProc("NetUserGetInfo")
+	procNtCreateFile                                         = modntdll.NewProc("NtCreateFile")
+	procNtCreateNamedPipeFile                                = modntdll.NewProc("NtCreateNamedPipeFile")
+	procNtSetInformationFile                                 = modntdll.NewProc("NtSetInformationFile")
+	procNtQueryInformationProcess                            = modntdll.NewProc("NtQueryInformationProcess")
+	procNtQuerySystemInformation                             = modntdll.NewProc("NtQuerySystemInformation")
+	procNtSetInformationProcess                              = modntdll.NewProc("NtSetInformationProcess")
+	procNtSetSystemInformation                               = modntdll.NewProc("NtSetSystemInformation")
+	procRtlAddFunctionTable                                  = modntdll.NewProc("RtlAddFunctionTable")
+	procRtlDefaultNpAcl                                      = modntdll.NewProc("RtlDefaultNpAcl")
+	procRtlDeleteFunctionTable                               = modntdll.NewProc("RtlDeleteFunctionTable")
+	procRtlDosPathNameToNtPathName_U_WithStatus              = modntdll.NewProc("RtlDosPathNameToNtPathName_U_WithStatus")
+	procRtlDosPathNameToRelativeNtPathName_U_WithStatus      = modntdll.NewProc("RtlDosPathNameToRelativeNtPathName_U_WithStatus")
+	procRtlGetCurrentPeb                                     = modntdll.NewProc("RtlGetCurrentPeb")
+	procRtlGetNtVersionNumbers                               = modntdll.NewProc("RtlGetNtVersionNumbers")
+	procRtlGetVersion                                        = modntdll.NewProc("RtlGetVersion")
+	procRtlInitString                                        = modntdll.NewProc("RtlInitString")
+	procRtlInitUnicodeString                                 = modntdll.NewProc("RtlInitUnicodeString")
+	procRtlNtStatusToDosErrorNoTeb                           = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
+	procCLSIDFromString                                      = modole32.NewProc("CLSIDFromString")
+	procCoCreateGuid                                         = modole32.NewProc("CoCreateGuid")
+	procCoGetObject                                          = modole32.NewProc("CoGetObject")
+	procCoInitializeEx                                       = modole32.NewProc("CoInitializeEx")
+	procCoTaskMemFree                                        = modole32.NewProc("CoTaskMemFree")
+	procCoUninitialize                                       = modole32.NewProc("CoUninitialize")
+	procStringFromGUID2                                      = modole32.NewProc("StringFromGUID2")
+	procEnumProcessModules                                   = modpsapi.NewProc("EnumProcessModules")
+	procEnumProcessModulesEx                                 = modpsapi.NewProc("EnumProcessModulesEx")
+	procEnumProcesses                                        = modpsapi.NewProc("EnumProcesses")
+	procGetModuleBaseNameW                                   = modpsapi.NewProc("GetModuleBaseNameW")
+	procGetModuleFileNameExW                                 = modpsapi.NewProc("GetModuleFileNameExW")
+	procGetModuleInformation                                 = modpsapi.NewProc("GetModuleInformation")
+	procSubscribeServiceChangeNotifications                  = modsechost.NewProc("SubscribeServiceChangeNotifications")
+	procUnsubscribeServiceChangeNotifications                = modsechost.NewProc("UnsubscribeServiceChangeNotifications")
+	procGetUserNameExW                                       = modsecur32.NewProc("GetUserNameExW")
+	procTranslateNameW                                       = modsecur32.NewProc("TranslateNameW")
+	procCommandLineToArgvW                                   = modshell32.NewProc("CommandLineToArgvW")
+	procSHGetKnownFolderPath                                 = modshell32.NewProc("SHGetKnownFolderPath")
+	procShellExecuteW                                        = modshell32.NewProc("ShellExecuteW")
+	procExitWindowsEx                                        = moduser32.NewProc("ExitWindowsEx")
+	procGetShellWindow                                       = moduser32.NewProc("GetShellWindow")
+	procGetWindowThreadProcessId                             = moduser32.NewProc("GetWindowThreadProcessId")
+	procMessageBoxW                                          = moduser32.NewProc("MessageBoxW")
+	procCreateEnvironmentBlock                               = moduserenv.NewProc("CreateEnvironmentBlock")
+	procDestroyEnvironmentBlock                              = moduserenv.NewProc("DestroyEnvironmentBlock")
+	procGetUserProfileDirectoryW                             = moduserenv.NewProc("GetUserProfileDirectoryW")
+	procGetFileVersionInfoSizeW                              = modversion.NewProc("GetFileVersionInfoSizeW")
+	procGetFileVersionInfoW                                  = modversion.NewProc("GetFileVersionInfoW")
+	procVerQueryValueW                                       = modversion.NewProc("VerQueryValueW")
+	procWinVerifyTrustEx                                     = modwintrust.NewProc("WinVerifyTrustEx")
+	procFreeAddrInfoW                                        = modws2_32.NewProc("FreeAddrInfoW")
+	procGetAddrInfoW                                         = modws2_32.NewProc("GetAddrInfoW")
+	procWSACleanup                                           = modws2_32.NewProc("WSACleanup")
+	procWSAEnumProtocolsW                                    = modws2_32.NewProc("WSAEnumProtocolsW")
+	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
+	procWSAIoctl                                             = modws2_32.NewProc("WSAIoctl")
+	procWSARecv                                              = modws2_32.NewProc("WSARecv")
+	procWSARecvFrom                                          = modws2_32.NewProc("WSARecvFrom")
+	procWSASend                                              = modws2_32.NewProc("WSASend")
+	procWSASendTo                                            = modws2_32.NewProc("WSASendTo")
+	procWSASocketW                                           = modws2_32.NewProc("WSASocketW")
+	procWSAStartup                                           = modws2_32.NewProc("WSAStartup")
+	procbind                                                 = modws2_32.NewProc("bind")
+	procclosesocket                                          = modws2_32.NewProc("closesocket")
+	procconnect                                              = modws2_32.NewProc("connect")
+	procgethostbyname                                        = modws2_32.NewProc("gethostbyname")
+	procgetpeername                                          = modws2_32.NewProc("getpeername")
+	procgetprotobyname                                       = modws2_32.NewProc("getprotobyname")
+	procgetservbyname                                        = modws2_32.NewProc("getservbyname")
+	procgetsockname                                          = modws2_32.NewProc("getsockname")
+	procgetsockopt                                           = modws2_32.NewProc("getsockopt")
+	proclisten                                               = modws2_32.NewProc("listen")
+	procntohs                                                = modws2_32.NewProc("ntohs")
+	procrecvfrom                                             = modws2_32.NewProc("recvfrom")
+	procsendto                                               = modws2_32.NewProc("sendto")
+	procsetsockopt                                           = modws2_32.NewProc("setsockopt")
+	procshutdown                                             = modws2_32.NewProc("shutdown")
+	procsocket                                               = modws2_32.NewProc("socket")
+	procWTSEnumerateSessionsW                                = modwtsapi32.NewProc("WTSEnumerateSessionsW")
+	procWTSFreeMemory                                        = modwtsapi32.NewProc("WTSFreeMemory")
+	procWTSQueryUserToken                                    = modwtsapi32.NewProc("WTSQueryUserToken")
 )
 
-func RegisterEventSource(uncServerName *uint16, sourceName *uint16) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procRegisterEventSourceW.Addr(), 2, uintptr(unsafe.Pointer(uncServerName)), uintptr(unsafe.Pointer(sourceName)), 0)
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func AdjustTokenGroups(token Token, resetToDefault bool, newstate *Tokengroups, buflen uint32, prevstate *Tokengroups, returnlen *uint32) (err error) {
+	var _p0 uint32
+	if resetToDefault {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procAdjustTokenGroups.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func DeregisterEventSource(handle Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procDeregisterEventSource.Addr(), 1, uintptr(handle), 0, 0)
+func AdjustTokenPrivileges(token Token, disableAllPrivileges bool, newstate *Tokenprivileges, buflen uint32, prevstate *Tokenprivileges, returnlen *uint32) (err error) {
+	var _p0 uint32
+	if disableAllPrivileges {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen)))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ReportEvent(log Handle, etype uint16, category uint16, eventId uint32, usrSId uintptr, numStrings uint16, dataSize uint32, strings **uint16, rawData *byte) (err error) {
-	r1, _, e1 := syscall.Syscall9(procReportEventW.Addr(), 9, uintptr(log), uintptr(etype), uintptr(category), uintptr(eventId), uintptr(usrSId), uintptr(numStrings), uintptr(dataSize), uintptr(unsafe.Pointer(strings)), uintptr(unsafe.Pointer(rawData)))
+func AllocateAndInitializeSid(identAuth *SidIdentifierAuthority, subAuth byte, subAuth0 uint32, subAuth1 uint32, subAuth2 uint32, subAuth3 uint32, subAuth4 uint32, subAuth5 uint32, subAuth6 uint32, subAuth7 uint32, sid **SID) (err error) {
+	r1, _, e1 := syscall.Syscall12(procAllocateAndInitializeSid.Addr(), 11, uintptr(unsafe.Pointer(identAuth)), uintptr(subAuth), uintptr(subAuth0), uintptr(subAuth1), uintptr(subAuth2), uintptr(subAuth3), uintptr(subAuth4), uintptr(subAuth5), uintptr(subAuth6), uintptr(subAuth7), uintptr(unsafe.Pointer(sid)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func OpenSCManager(machineName *uint16, databaseName *uint16, access uint32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procOpenSCManagerW.Addr(), 3, uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(databaseName)), uintptr(access))
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) {
+	r0, _, _ := syscall.Syscall9(procBuildSecurityDescriptorW.Addr(), 9, uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(countAccessEntries), uintptr(unsafe.Pointer(accessEntries)), uintptr(countAuditEntries), uintptr(unsafe.Pointer(auditEntries)), uintptr(unsafe.Pointer(oldSecurityDescriptor)), uintptr(unsafe.Pointer(sizeNewSecurityDescriptor)), uintptr(unsafe.Pointer(newSecurityDescriptor)))
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
 	}
 	return
 }
 
-func CloseServiceHandle(handle Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procCloseServiceHandle.Addr(), 1, uintptr(handle), 0, 0)
+func ChangeServiceConfig2(service Handle, infoLevel uint32, info *byte) (err error) {
+	r1, _, e1 := syscall.Syscall(procChangeServiceConfig2W.Addr(), 3, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(info)))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CreateService(mgr Handle, serviceName *uint16, displayName *uint16, access uint32, srvType uint32, startType uint32, errCtl uint32, pathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall15(procCreateServiceW.Addr(), 13, uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(unsafe.Pointer(displayName)), uintptr(access), uintptr(srvType), uintptr(startType), uintptr(errCtl), uintptr(unsafe.Pointer(pathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), 0, 0)
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func ChangeServiceConfig(service Handle, serviceType uint32, startType uint32, errorControl uint32, binaryPathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16, displayName *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall12(procChangeServiceConfigW.Addr(), 11, uintptr(service), uintptr(serviceType), uintptr(startType), uintptr(errorControl), uintptr(unsafe.Pointer(binaryPathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), uintptr(unsafe.Pointer(displayName)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func OpenService(mgr Handle, serviceName *uint16, access uint32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procOpenServiceW.Addr(), 3, uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(access))
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procCheckTokenMembership.Addr(), 3, uintptr(tokenHandle), uintptr(unsafe.Pointer(sidToCheck)), uintptr(unsafe.Pointer(isMember)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func DeleteService(service Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procDeleteService.Addr(), 1, uintptr(service), 0, 0)
+func CloseServiceHandle(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procCloseServiceHandle.Addr(), 1, uintptr(handle), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func StartService(service Handle, numArgs uint32, argVectors **uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procStartServiceW.Addr(), 3, uintptr(service), uintptr(numArgs), uintptr(unsafe.Pointer(argVectors)))
+func ControlService(service Handle, control uint32, status *SERVICE_STATUS) (err error) {
+	r1, _, e1 := syscall.Syscall(procControlService.Addr(), 3, uintptr(service), uintptr(control), uintptr(unsafe.Pointer(status)))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func QueryServiceStatus(service Handle, status *SERVICE_STATUS) (err error) {
-	r1, _, e1 := syscall.Syscall(procQueryServiceStatus.Addr(), 2, uintptr(service), uintptr(unsafe.Pointer(status)), 0)
+func convertSecurityDescriptorToStringSecurityDescriptor(sd *SECURITY_DESCRIPTOR, revision uint32, securityInformation SECURITY_INFORMATION, str **uint16, strLen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procConvertSecurityDescriptorToStringSecurityDescriptorW.Addr(), 5, uintptr(unsafe.Pointer(sd)), uintptr(revision), uintptr(securityInformation), uintptr(unsafe.Pointer(str)), uintptr(unsafe.Pointer(strLen)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ControlService(service Handle, control uint32, status *SERVICE_STATUS) (err error) {
-	r1, _, e1 := syscall.Syscall(procControlService.Addr(), 3, uintptr(service), uintptr(control), uintptr(unsafe.Pointer(status)))
+func ConvertSidToStringSid(sid *SID, stringSid **uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procConvertSidToStringSidW.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(stringSid)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func StartServiceCtrlDispatcher(serviceTable *SERVICE_TABLE_ENTRY) (err error) {
-	r1, _, e1 := syscall.Syscall(procStartServiceCtrlDispatcherW.Addr(), 1, uintptr(unsafe.Pointer(serviceTable)), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd **SECURITY_DESCRIPTOR, size *uint32) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(str)
+	if err != nil {
+		return
 	}
-	return
+	return _convertStringSecurityDescriptorToSecurityDescriptor(_p0, revision, sd, size)
 }
 
-func SetServiceStatus(service Handle, serviceStatus *SERVICE_STATUS) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetServiceStatus.Addr(), 2, uintptr(service), uintptr(unsafe.Pointer(serviceStatus)), 0)
+func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision uint32, sd **SECURITY_DESCRIPTOR, size *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procConvertStringSecurityDescriptorToSecurityDescriptorW.Addr(), 4, uintptr(unsafe.Pointer(str)), uintptr(revision), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(size)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ChangeServiceConfig(service Handle, serviceType uint32, startType uint32, errorControl uint32, binaryPathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16, displayName *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall12(procChangeServiceConfigW.Addr(), 11, uintptr(service), uintptr(serviceType), uintptr(startType), uintptr(errorControl), uintptr(unsafe.Pointer(binaryPathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), uintptr(unsafe.Pointer(displayName)), 0)
+func ConvertStringSidToSid(stringSid *uint16, sid **SID) (err error) {
+	r1, _, e1 := syscall.Syscall(procConvertStringSidToSidW.Addr(), 2, uintptr(unsafe.Pointer(stringSid)), uintptr(unsafe.Pointer(sid)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func QueryServiceConfig(service Handle, serviceConfig *QUERY_SERVICE_CONFIG, bufSize uint32, bytesNeeded *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procQueryServiceConfigW.Addr(), 4, uintptr(service), uintptr(unsafe.Pointer(serviceConfig)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), 0, 0)
+func CopySid(destSidLen uint32, destSid *SID, srcSid *SID) (err error) {
+	r1, _, e1 := syscall.Syscall(procCopySid.Addr(), 3, uintptr(destSidLen), uintptr(unsafe.Pointer(destSid)), uintptr(unsafe.Pointer(srcSid)))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ChangeServiceConfig2(service Handle, infoLevel uint32, info *byte) (err error) {
-	r1, _, e1 := syscall.Syscall(procChangeServiceConfig2W.Addr(), 3, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(info)))
+func CreateProcessAsUser(token Token, appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) {
+	var _p0 uint32
+	if inheritHandles {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall12(procCreateProcessAsUserW.Addr(), 11, uintptr(token), uintptr(unsafe.Pointer(appName)), uintptr(unsafe.Pointer(commandLine)), uintptr(unsafe.Pointer(procSecurity)), uintptr(unsafe.Pointer(threadSecurity)), uintptr(_p0), uintptr(creationFlags), uintptr(unsafe.Pointer(env)), uintptr(unsafe.Pointer(currentDir)), uintptr(unsafe.Pointer(startupInfo)), uintptr(unsafe.Pointer(outProcInfo)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func QueryServiceConfig2(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procQueryServiceConfig2W.Addr(), 5, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateService(mgr Handle, serviceName *uint16, displayName *uint16, access uint32, srvType uint32, startType uint32, errCtl uint32, pathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall15(procCreateServiceW.Addr(), 13, uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(unsafe.Pointer(displayName)), uintptr(access), uintptr(srvType), uintptr(startType), uintptr(errCtl), uintptr(unsafe.Pointer(pathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall12(procEnumServicesStatusExW.Addr(), 10, uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName)), 0, 0)
+func createWellKnownSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID, sid *SID, sizeSid *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCreateWellKnownSid.Addr(), 4, uintptr(sidType), uintptr(unsafe.Pointer(domainSid)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sizeSid)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func QueryServiceStatusEx(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procQueryServiceStatusEx.Addr(), 5, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), 0)
+func CryptAcquireContext(provhandle *Handle, container *uint16, provider *uint16, provtype uint32, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCryptAcquireContextW.Addr(), 5, uintptr(unsafe.Pointer(provhandle)), uintptr(unsafe.Pointer(container)), uintptr(unsafe.Pointer(provider)), uintptr(provtype), uintptr(flags), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetLastError() (lasterr error) {
-	r0, _, _ := syscall.Syscall(procGetLastError.Addr(), 0, 0, 0, 0)
-	if r0 != 0 {
-		lasterr = syscall.Errno(r0)
+func CryptGenRandom(provhandle Handle, buflen uint32, buf *byte) (err error) {
+	r1, _, e1 := syscall.Syscall(procCryptGenRandom.Addr(), 3, uintptr(provhandle), uintptr(buflen), uintptr(unsafe.Pointer(buf)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func LoadLibrary(libname string) (handle Handle, err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(libname)
-	if err != nil {
-		return
+func CryptReleaseContext(provhandle Handle, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procCryptReleaseContext.Addr(), 2, uintptr(provhandle), uintptr(flags), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
-	return _LoadLibrary(_p0)
+	return
 }
 
-func _LoadLibrary(libname *uint16) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procLoadLibraryW.Addr(), 1, uintptr(unsafe.Pointer(libname)), 0, 0)
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func DeleteService(service Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procDeleteService.Addr(), 1, uintptr(service), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(libname)
-	if err != nil {
-		return
+func DeregisterEventSource(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procDeregisterEventSource.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
-	return _LoadLibraryEx(_p0, zero, flags)
+	return
 }
 
-func _LoadLibraryEx(libname *uint16, zero Handle, flags uintptr) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procLoadLibraryExW.Addr(), 3, uintptr(unsafe.Pointer(libname)), uintptr(zero), uintptr(flags))
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes *SecurityAttributes, impersonationLevel uint32, tokenType uint32, newToken *Token) (err error) {
+	r1, _, e1 := syscall.Syscall6(procDuplicateTokenEx.Addr(), 6, uintptr(existingToken), uintptr(desiredAccess), uintptr(unsafe.Pointer(tokenAttributes)), uintptr(impersonationLevel), uintptr(tokenType), uintptr(unsafe.Pointer(newToken)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FreeLibrary(handle Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procFreeLibrary.Addr(), 1, uintptr(handle), 0, 0)
+func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall12(procEnumServicesStatusExW.Addr(), 10, uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetProcAddress(module Handle, procname string) (proc uintptr, err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(procname)
-	if err != nil {
-		return
-	}
-	return _GetProcAddress(module, _p0)
+func EqualSid(sid1 *SID, sid2 *SID) (isEqual bool) {
+	r0, _, _ := syscall.Syscall(procEqualSid.Addr(), 2, uintptr(unsafe.Pointer(sid1)), uintptr(unsafe.Pointer(sid2)), 0)
+	isEqual = r0 != 0
+	return
 }
 
-func _GetProcAddress(module Handle, procname *byte) (proc uintptr, err error) {
-	r0, _, e1 := syscall.Syscall(procGetProcAddress.Addr(), 2, uintptr(module), uintptr(unsafe.Pointer(procname)), 0)
-	proc = uintptr(r0)
-	if proc == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FreeSid(sid *SID) (err error) {
+	r1, _, e1 := syscall.Syscall(procFreeSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	if r1 != 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetVersion() (ver uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetVersion.Addr(), 0, 0, 0, 0)
-	ver = uint32(r0)
-	if ver == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func GetLengthSid(sid *SID) (len uint32) {
+	r0, _, _ := syscall.Syscall(procGetLengthSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	len = uint32(r0)
 	return
 }
 
-func FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) {
+func getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) {
 	var _p0 *uint16
-	if len(buf) > 0 {
-		_p0 = &buf[0]
-	}
-	r0, _, e1 := syscall.Syscall9(procFormatMessageW.Addr(), 7, uintptr(flags), uintptr(msgsrc), uintptr(msgid), uintptr(langid), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(args)), 0, 0)
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+	_p0, ret = syscall.UTF16PtrFromString(objectName)
+	if ret != nil {
+		return
 	}
-	return
+	return _getNamedSecurityInfo(_p0, objectType, securityInformation, owner, group, dacl, sacl, sd)
 }
 
-func ExitProcess(exitcode uint32) {
-	syscall.Syscall(procExitProcess.Addr(), 1, uintptr(exitcode), 0, 0)
+func _getNamedSecurityInfo(objectName *uint16, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) {
+	r0, _, _ := syscall.Syscall9(procGetNamedSecurityInfoW.Addr(), 8, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
 	return
 }
 
-func CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile int32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
-	handle = Handle(r0)
-	if handle == InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func getSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, control *SECURITY_DESCRIPTOR_CONTROL, revision *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorControl.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(control)), uintptr(unsafe.Pointer(revision)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) {
-	var _p0 *byte
-	if len(buf) > 0 {
-		_p0 = &buf[0]
+func getSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent *bool, dacl **ACL, daclDefaulted *bool) (err error) {
+	var _p0 uint32
+	if *daclPresent {
+		_p0 = 1
 	}
-	r1, _, e1 := syscall.Syscall6(procReadFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped)), 0)
+	var _p1 uint32
+	if *daclDefaulted {
+		_p1 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(&_p0)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(&_p1)), 0, 0)
+	*daclPresent = _p0 != 0
+	*daclDefaulted = _p1 != 0
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) {
-	var _p0 *byte
-	if len(buf) > 0 {
-		_p0 = &buf[0]
+func getSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group **SID, groupDefaulted *bool) (err error) {
+	var _p0 uint32
+	if *groupDefaulted {
+		_p0 = 1
 	}
-	r1, _, e1 := syscall.Syscall6(procWriteFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped)), 0)
+	r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorGroup.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(&_p0)))
+	*groupDefaulted = _p0 != 0
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) {
-	r0, _, e1 := syscall.Syscall6(procSetFilePointer.Addr(), 4, uintptr(handle), uintptr(lowoffset), uintptr(unsafe.Pointer(highoffsetptr)), uintptr(whence), 0, 0)
-	newlowoffset = uint32(r0)
-	if newlowoffset == 0xffffffff {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func getSecurityDescriptorLength(sd *SECURITY_DESCRIPTOR) (len uint32) {
+	r0, _, _ := syscall.Syscall(procGetSecurityDescriptorLength.Addr(), 1, uintptr(unsafe.Pointer(sd)), 0, 0)
+	len = uint32(r0)
 	return
 }
 
-func CloseHandle(handle Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procCloseHandle.Addr(), 1, uintptr(handle), 0, 0)
+func getSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner **SID, ownerDefaulted *bool) (err error) {
+	var _p0 uint32
+	if *ownerDefaulted {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorOwner.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(&_p0)))
+	*ownerDefaulted = _p0 != 0
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetStdHandle(stdhandle uint32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procGetStdHandle.Addr(), 1, uintptr(stdhandle), 0, 0)
-	handle = Handle(r0)
-	if handle == InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func getSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) (ret error) {
+	r0, _, _ := syscall.Syscall(procGetSecurityDescriptorRMControl.Addr(), 2, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(rmControl)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
 	}
 	return
 }
 
-func SetStdHandle(stdhandle uint32, handle Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetStdHandle.Addr(), 2, uintptr(stdhandle), uintptr(handle), 0)
+func getSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent *bool, sacl **ACL, saclDefaulted *bool) (err error) {
+	var _p0 uint32
+	if *saclPresent {
+		_p0 = 1
+	}
+	var _p1 uint32
+	if *saclDefaulted {
+		_p1 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorSacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(&_p0)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(&_p1)), 0, 0)
+	*saclPresent = _p0 != 0
+	*saclDefaulted = _p1 != 0
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func findFirstFile1(name *uint16, data *win32finddata1) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procFindFirstFileW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(data)), 0)
-	handle = Handle(r0)
-	if handle == InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func getSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) {
+	r0, _, _ := syscall.Syscall9(procGetSecurityInfo.Addr(), 8, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
 	}
 	return
 }
 
-func findNextFile1(handle Handle, data *win32finddata1) (err error) {
-	r1, _, e1 := syscall.Syscall(procFindNextFileW.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(data)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func getSidIdentifierAuthority(sid *SID) (authority *SidIdentifierAuthority) {
+	r0, _, _ := syscall.Syscall(procGetSidIdentifierAuthority.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	authority = (*SidIdentifierAuthority)(unsafe.Pointer(r0))
 	return
 }
 
-func FindClose(handle Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procFindClose.Addr(), 1, uintptr(handle), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func getSidSubAuthority(sid *SID, index uint32) (subAuthority *uint32) {
+	r0, _, _ := syscall.Syscall(procGetSidSubAuthority.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(index), 0)
+	subAuthority = (*uint32)(unsafe.Pointer(r0))
 	return
 }
 
-func GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetFileInformationByHandle.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(data)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func getSidSubAuthorityCount(sid *SID) (count *uint8) {
+	r0, _, _ := syscall.Syscall(procGetSidSubAuthorityCount.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	count = (*uint8)(unsafe.Pointer(r0))
 	return
 }
 
-func GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetCurrentDirectoryW.Addr(), 2, uintptr(buflen), uintptr(unsafe.Pointer(buf)), 0)
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetTokenInformation.Addr(), 5, uintptr(token), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen), uintptr(unsafe.Pointer(returnedLen)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetCurrentDirectory(path *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetCurrentDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+func ImpersonateSelf(impersonationlevel uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procImpersonateSelf.Addr(), 1, uintptr(impersonationlevel), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) {
-	r1, _, e1 := syscall.Syscall(procCreateDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(sa)), 0)
+func initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procInitializeSecurityDescriptor.Addr(), 2, uintptr(unsafe.Pointer(absoluteSD)), uintptr(revision), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func RemoveDirectory(path *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procRemoveDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+func InitiateSystemShutdownEx(machineName *uint16, message *uint16, timeout uint32, forceAppsClosed bool, rebootAfterShutdown bool, reason uint32) (err error) {
+	var _p0 uint32
+	if forceAppsClosed {
+		_p0 = 1
+	}
+	var _p1 uint32
+	if rebootAfterShutdown {
+		_p1 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procInitiateSystemShutdownExW.Addr(), 6, uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(message)), uintptr(timeout), uintptr(_p0), uintptr(_p1), uintptr(reason))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func DeleteFile(path *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procDeleteFileW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func isTokenRestricted(tokenHandle Token) (ret bool, err error) {
+	r0, _, e1 := syscall.Syscall(procIsTokenRestricted.Addr(), 1, uintptr(tokenHandle), 0, 0)
+	ret = r0 != 0
+	if !ret {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func MoveFile(from *uint16, to *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procMoveFileW.Addr(), 2, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func isValidSecurityDescriptor(sd *SECURITY_DESCRIPTOR) (isValid bool) {
+	r0, _, _ := syscall.Syscall(procIsValidSecurityDescriptor.Addr(), 1, uintptr(unsafe.Pointer(sd)), 0, 0)
+	isValid = r0 != 0
 	return
 }
 
-func MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procMoveFileExW.Addr(), 3, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), uintptr(flags))
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func isValidSid(sid *SID) (isValid bool) {
+	r0, _, _ := syscall.Syscall(procIsValidSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	isValid = r0 != 0
 	return
 }
 
-func GetComputerName(buf *uint16, n *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetComputerNameW.Addr(), 2, uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func isWellKnownSid(sid *SID, sidType WELL_KNOWN_SID_TYPE) (isWellKnown bool) {
+	r0, _, _ := syscall.Syscall(procIsWellKnownSid.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(sidType), 0)
+	isWellKnown = r0 != 0
 	return
 }
 
-func GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetComputerNameExW.Addr(), 3, uintptr(nametype), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n)))
+func LookupAccountName(systemName *uint16, accountName *uint16, sid *SID, sidLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procLookupAccountNameW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetEndOfFile(handle Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetEndOfFile.Addr(), 1, uintptr(handle), 0, 0)
+func LookupAccountSid(systemName *uint16, sid *SID, name *uint16, nameLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procLookupAccountSidW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetSystemTimeAsFileTime(time *Filetime) {
-	syscall.Syscall(procGetSystemTimeAsFileTime.Addr(), 1, uintptr(unsafe.Pointer(time)), 0, 0)
-	return
-}
-
-func GetSystemTimePreciseAsFileTime(time *Filetime) {
-	syscall.Syscall(procGetSystemTimePreciseAsFileTime.Addr(), 1, uintptr(unsafe.Pointer(time)), 0, 0)
+func LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) {
+	r1, _, e1 := syscall.Syscall(procLookupPrivilegeValueW.Addr(), 3, uintptr(unsafe.Pointer(systemname)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetTimeZoneInformation.Addr(), 1, uintptr(unsafe.Pointer(tzi)), 0, 0)
-	rc = uint32(r0)
-	if rc == 0xffffffff {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func makeAbsoluteSD(selfRelativeSD *SECURITY_DESCRIPTOR, absoluteSD *SECURITY_DESCRIPTOR, absoluteSDSize *uint32, dacl *ACL, daclSize *uint32, sacl *ACL, saclSize *uint32, owner *SID, ownerSize *uint32, group *SID, groupSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall12(procMakeAbsoluteSD.Addr(), 11, uintptr(unsafe.Pointer(selfRelativeSD)), uintptr(unsafe.Pointer(absoluteSD)), uintptr(unsafe.Pointer(absoluteSDSize)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclSize)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(saclSize)), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(ownerSize)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(groupSize)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uint32, threadcnt uint32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(filehandle), uintptr(cphandle), uintptr(key), uintptr(threadcnt), 0, 0)
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procMakeSelfRelativeSD.Addr(), 3, uintptr(unsafe.Pointer(absoluteSD)), uintptr(unsafe.Pointer(selfRelativeSD)), uintptr(unsafe.Pointer(selfRelativeSDSize)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uint32, overlapped **Overlapped, timeout uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(cphandle), uintptr(unsafe.Pointer(qty)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(overlapped)), uintptr(timeout), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func NotifyServiceStatusChange(service Handle, notifyMask uint32, notifier *SERVICE_NOTIFY) (ret error) {
+	r0, _, _ := syscall.Syscall(procNotifyServiceStatusChangeW.Addr(), 3, uintptr(service), uintptr(notifyMask), uintptr(unsafe.Pointer(notifier)))
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
 	}
 	return
 }
 
-func PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uint32, overlapped *Overlapped) (err error) {
-	r1, _, e1 := syscall.Syscall6(procPostQueuedCompletionStatus.Addr(), 4, uintptr(cphandle), uintptr(qty), uintptr(key), uintptr(unsafe.Pointer(overlapped)), 0, 0)
+func OpenProcessToken(process Handle, access uint32, token *Token) (err error) {
+	r1, _, e1 := syscall.Syscall(procOpenProcessToken.Addr(), 3, uintptr(process), uintptr(access), uintptr(unsafe.Pointer(token)))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CancelIo(s Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procCancelIo.Addr(), 1, uintptr(s), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func OpenSCManager(machineName *uint16, databaseName *uint16, access uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procOpenSCManagerW.Addr(), 3, uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(databaseName)), uintptr(access))
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CancelIoEx(s Handle, o *Overlapped) (err error) {
-	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(s), uintptr(unsafe.Pointer(o)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func OpenService(mgr Handle, serviceName *uint16, access uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procOpenServiceW.Addr(), 3, uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(access))
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) {
+func OpenThreadToken(thread Handle, access uint32, openAsSelf bool, token *Token) (err error) {
 	var _p0 uint32
-	if inheritHandles {
+	if openAsSelf {
 		_p0 = 1
-	} else {
-		_p0 = 0
 	}
-	r1, _, e1 := syscall.Syscall12(procCreateProcessW.Addr(), 10, uintptr(unsafe.Pointer(appName)), uintptr(unsafe.Pointer(commandLine)), uintptr(unsafe.Pointer(procSecurity)), uintptr(unsafe.Pointer(threadSecurity)), uintptr(_p0), uintptr(creationFlags), uintptr(unsafe.Pointer(env)), uintptr(unsafe.Pointer(currentDir)), uintptr(unsafe.Pointer(startupInfo)), uintptr(unsafe.Pointer(outProcInfo)), 0, 0)
+	r1, _, e1 := syscall.Syscall6(procOpenThreadToken.Addr(), 4, uintptr(thread), uintptr(access), uintptr(_p0), uintptr(unsafe.Pointer(token)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func OpenProcess(da uint32, inheritHandle bool, pid uint32) (handle Handle, err error) {
-	var _p0 uint32
-	if inheritHandle {
-		_p0 = 1
-	} else {
-		_p0 = 0
+func QueryServiceConfig2(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryServiceConfig2W.Addr(), 5, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
-	r0, _, e1 := syscall.Syscall(procOpenProcess.Addr(), 3, uintptr(da), uintptr(_p0), uintptr(pid))
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+	return
+}
+
+func QueryServiceConfig(service Handle, serviceConfig *QUERY_SERVICE_CONFIG, bufSize uint32, bytesNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryServiceConfigW.Addr(), 4, uintptr(service), uintptr(unsafe.Pointer(serviceConfig)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func TerminateProcess(handle Handle, exitcode uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procTerminateProcess.Addr(), 2, uintptr(handle), uintptr(exitcode), 0)
+func QueryServiceLockStatus(mgr Handle, lockStatus *QUERY_SERVICE_LOCK_STATUS, bufSize uint32, bytesNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryServiceLockStatusW.Addr(), 4, uintptr(mgr), uintptr(unsafe.Pointer(lockStatus)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetExitCodeProcess(handle Handle, exitcode *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetExitCodeProcess.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(exitcode)), 0)
+func QueryServiceStatus(service Handle, status *SERVICE_STATUS) (err error) {
+	r1, _, e1 := syscall.Syscall(procQueryServiceStatus.Addr(), 2, uintptr(service), uintptr(unsafe.Pointer(status)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetStartupInfo(startupInfo *StartupInfo) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetStartupInfoW.Addr(), 1, uintptr(unsafe.Pointer(startupInfo)), 0, 0)
+func QueryServiceStatusEx(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryServiceStatusEx.Addr(), 5, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetCurrentProcess() (pseudoHandle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procGetCurrentProcess.Addr(), 0, 0, 0, 0)
-	pseudoHandle = Handle(r0)
-	if pseudoHandle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func RegCloseKey(key Handle) (regerrno error) {
+	r0, _, _ := syscall.Syscall(procRegCloseKey.Addr(), 1, uintptr(key), 0, 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, kernelTime *Filetime, userTime *Filetime) (err error) {
-	r1, _, e1 := syscall.Syscall6(procGetProcessTimes.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(creationTime)), uintptr(unsafe.Pointer(exitTime)), uintptr(unsafe.Pointer(kernelTime)), uintptr(unsafe.Pointer(userTime)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func RegEnumKeyEx(key Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, class *uint16, classLen *uint32, lastWriteTime *Filetime) (regerrno error) {
+	r0, _, _ := syscall.Syscall9(procRegEnumKeyExW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(lastWriteTime)), 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error) {
+func RegNotifyChangeKeyValue(key Handle, watchSubtree bool, notifyFilter uint32, event Handle, asynchronous bool) (regerrno error) {
 	var _p0 uint32
-	if bInheritHandle {
+	if watchSubtree {
 		_p0 = 1
-	} else {
-		_p0 = 0
 	}
-	r1, _, e1 := syscall.Syscall9(procDuplicateHandle.Addr(), 7, uintptr(hSourceProcessHandle), uintptr(hSourceHandle), uintptr(hTargetProcessHandle), uintptr(unsafe.Pointer(lpTargetHandle)), uintptr(dwDesiredAccess), uintptr(_p0), uintptr(dwOptions), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+	var _p1 uint32
+	if asynchronous {
+		_p1 = 1
+	}
+	r0, _, _ := syscall.Syscall6(procRegNotifyChangeKeyValue.Addr(), 5, uintptr(key), uintptr(_p0), uintptr(notifyFilter), uintptr(event), uintptr(_p1), 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procWaitForSingleObject.Addr(), 2, uintptr(handle), uintptr(waitMilliseconds), 0)
-	event = uint32(r0)
-	if event == 0xffffffff {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) {
+	r0, _, _ := syscall.Syscall6(procRegOpenKeyExW.Addr(), 5, uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(options), uintptr(desiredAccess), uintptr(unsafe.Pointer(result)), 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func GetTempPath(buflen uint32, buf *uint16) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetTempPathW.Addr(), 2, uintptr(buflen), uintptr(unsafe.Pointer(buf)), 0)
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) {
+	r0, _, _ := syscall.Syscall12(procRegQueryInfoKeyW.Addr(), 12, uintptr(key), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(subkeysLen)), uintptr(unsafe.Pointer(maxSubkeyLen)), uintptr(unsafe.Pointer(maxClassLen)), uintptr(unsafe.Pointer(valuesLen)), uintptr(unsafe.Pointer(maxValueNameLen)), uintptr(unsafe.Pointer(maxValueLen)), uintptr(unsafe.Pointer(saLen)), uintptr(unsafe.Pointer(lastWriteTime)))
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func CreatePipe(readhandle *Handle, writehandle *Handle, sa *SecurityAttributes, size uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procCreatePipe.Addr(), 4, uintptr(unsafe.Pointer(readhandle)), uintptr(unsafe.Pointer(writehandle)), uintptr(unsafe.Pointer(sa)), uintptr(size), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func RegQueryValueEx(key Handle, name *uint16, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) {
+	r0, _, _ := syscall.Syscall6(procRegQueryValueExW.Addr(), 6, uintptr(key), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen)))
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
 	}
 	return
 }
 
-func GetFileType(filehandle Handle) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func RegisterEventSource(uncServerName *uint16, sourceName *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procRegisterEventSourceW.Addr(), 2, uintptr(unsafe.Pointer(uncServerName)), uintptr(unsafe.Pointer(sourceName)), 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CryptAcquireContext(provhandle *Handle, container *uint16, provider *uint16, provtype uint32, flags uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procCryptAcquireContextW.Addr(), 5, uintptr(unsafe.Pointer(provhandle)), uintptr(unsafe.Pointer(container)), uintptr(unsafe.Pointer(provider)), uintptr(provtype), uintptr(flags), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func RegisterServiceCtrlHandlerEx(serviceName *uint16, handlerProc uintptr, context uintptr) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procRegisterServiceCtrlHandlerExW.Addr(), 3, uintptr(unsafe.Pointer(serviceName)), uintptr(handlerProc), uintptr(context))
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CryptReleaseContext(provhandle Handle, flags uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procCryptReleaseContext.Addr(), 2, uintptr(provhandle), uintptr(flags), 0)
+func ReportEvent(log Handle, etype uint16, category uint16, eventId uint32, usrSId uintptr, numStrings uint16, dataSize uint32, strings **uint16, rawData *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procReportEventW.Addr(), 9, uintptr(log), uintptr(etype), uintptr(category), uintptr(eventId), uintptr(usrSId), uintptr(numStrings), uintptr(dataSize), uintptr(unsafe.Pointer(strings)), uintptr(unsafe.Pointer(rawData)))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CryptGenRandom(provhandle Handle, buflen uint32, buf *byte) (err error) {
-	r1, _, e1 := syscall.Syscall(procCryptGenRandom.Addr(), 3, uintptr(provhandle), uintptr(buflen), uintptr(unsafe.Pointer(buf)))
+func RevertToSelf() (err error) {
+	r1, _, e1 := syscall.Syscall(procRevertToSelf.Addr(), 0, 0, 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetEnvironmentStrings() (envs *uint16, err error) {
-	r0, _, e1 := syscall.Syscall(procGetEnvironmentStringsW.Addr(), 0, 0, 0, 0)
-	envs = (*uint16)(unsafe.Pointer(r0))
-	if envs == nil {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) {
+	r0, _, _ := syscall.Syscall6(procSetEntriesInAclW.Addr(), 4, uintptr(countExplicitEntries), uintptr(unsafe.Pointer(explicitEntries)), uintptr(unsafe.Pointer(oldACL)), uintptr(unsafe.Pointer(newACL)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
 	}
 	return
 }
 
-func FreeEnvironmentStrings(envs *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procFreeEnvironmentStringsW.Addr(), 1, uintptr(unsafe.Pointer(envs)), 0, 0)
+func SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetKernelObjectSecurity.Addr(), 3, uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor)))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetEnvironmentVariableW.Addr(), 3, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(size))
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
+	var _p0 *uint16
+	_p0, ret = syscall.UTF16PtrFromString(objectName)
+	if ret != nil {
+		return
 	}
-	return
+	return _SetNamedSecurityInfo(_p0, objectType, securityInformation, owner, group, dacl, sacl)
 }
 
-func SetEnvironmentVariable(name *uint16, value *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetEnvironmentVariableW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func _SetNamedSecurityInfo(objectName *uint16, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
+	r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfoW.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
 	}
 	return
 }
 
-func SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
-	r1, _, e1 := syscall.Syscall6(procSetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
+func setSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, controlBitsOfInterest SECURITY_DESCRIPTOR_CONTROL, controlBitsToSet SECURITY_DESCRIPTOR_CONTROL) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorControl.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(controlBitsOfInterest), uintptr(controlBitsToSet))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetFileAttributes(name *uint16) (attrs uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetFileAttributesW.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
-	attrs = uint32(r0)
-	if attrs == INVALID_FILE_ATTRIBUTES {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func setSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent bool, dacl *ACL, daclDefaulted bool) (err error) {
+	var _p0 uint32
+	if daclPresent {
+		_p0 = 1
+	}
+	var _p1 uint32
+	if daclDefaulted {
+		_p1 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procSetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(_p0), uintptr(unsafe.Pointer(dacl)), uintptr(_p1), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetFileAttributes(name *uint16, attrs uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetFileAttributesW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(attrs), 0)
+func setSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group *SID, groupDefaulted bool) (err error) {
+	var _p0 uint32
+	if groupDefaulted {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorGroup.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(group)), uintptr(_p0))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetFileAttributesEx(name *uint16, level uint32, info *byte) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetFileAttributesExW.Addr(), 3, uintptr(unsafe.Pointer(name)), uintptr(level), uintptr(unsafe.Pointer(info)))
+func setSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner *SID, ownerDefaulted bool) (err error) {
+	var _p0 uint32
+	if ownerDefaulted {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorOwner.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(owner)), uintptr(_p0))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetCommandLine() (cmd *uint16) {
-	r0, _, _ := syscall.Syscall(procGetCommandLineW.Addr(), 0, 0, 0, 0)
-	cmd = (*uint16)(unsafe.Pointer(r0))
+func setSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) {
+	syscall.Syscall(procSetSecurityDescriptorRMControl.Addr(), 2, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(rmControl)), 0)
 	return
 }
 
-func CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) {
-	r0, _, e1 := syscall.Syscall(procCommandLineToArgvW.Addr(), 2, uintptr(unsafe.Pointer(cmd)), uintptr(unsafe.Pointer(argc)), 0)
-	argv = (*[8192]*[8192]uint16)(unsafe.Pointer(r0))
-	if argv == nil {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func setSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent bool, sacl *ACL, saclDefaulted bool) (err error) {
+	var _p0 uint32
+	if saclPresent {
+		_p0 = 1
+	}
+	var _p1 uint32
+	if saclDefaulted {
+		_p1 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procSetSecurityDescriptorSacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(_p0), uintptr(unsafe.Pointer(sacl)), uintptr(_p1), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func LocalFree(hmem Handle) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procLocalFree.Addr(), 1, uintptr(hmem), 0, 0)
-	handle = Handle(r0)
-	if handle != 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
+	r0, _, _ := syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
 	}
 	return
 }
 
-func SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetHandleInformation.Addr(), 3, uintptr(handle), uintptr(mask), uintptr(flags))
+func SetServiceStatus(service Handle, serviceStatus *SERVICE_STATUS) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetServiceStatus.Addr(), 2, uintptr(service), uintptr(unsafe.Pointer(serviceStatus)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FlushFileBuffers(handle Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procFlushFileBuffers.Addr(), 1, uintptr(handle), 0, 0)
+func SetThreadToken(thread *Handle, token Token) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetThreadToken.Addr(), 2, uintptr(unsafe.Pointer(thread)), uintptr(token), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall6(procGetFullPathNameW.Addr(), 4, uintptr(unsafe.Pointer(path)), uintptr(buflen), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(fname)), 0, 0)
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func SetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procSetTokenInformation.Addr(), 4, uintptr(token), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetLongPathNameW.Addr(), 3, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(buf)), uintptr(buflen))
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func StartServiceCtrlDispatcher(serviceTable *SERVICE_TABLE_ENTRY) (err error) {
+	r1, _, e1 := syscall.Syscall(procStartServiceCtrlDispatcherW.Addr(), 1, uintptr(unsafe.Pointer(serviceTable)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetShortPathNameW.Addr(), 3, uintptr(unsafe.Pointer(longpath)), uintptr(unsafe.Pointer(shortpath)), uintptr(buflen))
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func StartService(service Handle, numArgs uint32, argVectors **uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procStartServiceW.Addr(), 3, uintptr(service), uintptr(numArgs), uintptr(unsafe.Pointer(argVectors)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall6(procCreateFileMappingW.Addr(), 6, uintptr(fhandle), uintptr(unsafe.Pointer(sa)), uintptr(prot), uintptr(maxSizeHigh), uintptr(maxSizeLow), uintptr(unsafe.Pointer(name)))
-	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCertAddCertificateContextToStore.Addr(), 4, uintptr(store), uintptr(unsafe.Pointer(certContext)), uintptr(addDisposition), uintptr(unsafe.Pointer(storeContext)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow uint32, length uintptr) (addr uintptr, err error) {
-	r0, _, e1 := syscall.Syscall6(procMapViewOfFile.Addr(), 5, uintptr(handle), uintptr(access), uintptr(offsetHigh), uintptr(offsetLow), uintptr(length), 0)
-	addr = uintptr(r0)
-	if addr == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CertCloseStore(store Handle, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procCertCloseStore.Addr(), 2, uintptr(store), uintptr(flags), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func UnmapViewOfFile(addr uintptr) (err error) {
-	r1, _, e1 := syscall.Syscall(procUnmapViewOfFile.Addr(), 1, uintptr(addr), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) {
+	r0, _, e1 := syscall.Syscall(procCertCreateCertificateContext.Addr(), 3, uintptr(certEncodingType), uintptr(unsafe.Pointer(certEncoded)), uintptr(encodedLen))
+	context = (*CertContext)(unsafe.Pointer(r0))
+	if context == nil {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FlushViewOfFile(addr uintptr, length uintptr) (err error) {
-	r1, _, e1 := syscall.Syscall(procFlushViewOfFile.Addr(), 2, uintptr(addr), uintptr(length), 0)
+func CertDeleteCertificateFromStore(certContext *CertContext) (err error) {
+	r1, _, e1 := syscall.Syscall(procCertDeleteCertificateFromStore.Addr(), 1, uintptr(unsafe.Pointer(certContext)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func VirtualLock(addr uintptr, length uintptr) (err error) {
-	r1, _, e1 := syscall.Syscall(procVirtualLock.Addr(), 2, uintptr(addr), uintptr(length), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func CertDuplicateCertificateContext(certContext *CertContext) (dupContext *CertContext) {
+	r0, _, _ := syscall.Syscall(procCertDuplicateCertificateContext.Addr(), 1, uintptr(unsafe.Pointer(certContext)), 0, 0)
+	dupContext = (*CertContext)(unsafe.Pointer(r0))
 	return
 }
 
-func VirtualUnlock(addr uintptr, length uintptr) (err error) {
-	r1, _, e1 := syscall.Syscall(procVirtualUnlock.Addr(), 2, uintptr(addr), uintptr(length), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) {
+	r0, _, e1 := syscall.Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
+	context = (*CertContext)(unsafe.Pointer(r0))
+	if context == nil {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func VirtualAlloc(address uintptr, size uintptr, alloctype uint32, protect uint32) (value uintptr, err error) {
-	r0, _, e1 := syscall.Syscall6(procVirtualAlloc.Addr(), 4, uintptr(address), uintptr(size), uintptr(alloctype), uintptr(protect), 0, 0)
-	value = uintptr(r0)
-	if value == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CertFindCertificateInStore(store Handle, certEncodingType uint32, findFlags uint32, findType uint32, findPara unsafe.Pointer, prevCertContext *CertContext) (cert *CertContext, err error) {
+	r0, _, e1 := syscall.Syscall6(procCertFindCertificateInStore.Addr(), 6, uintptr(store), uintptr(certEncodingType), uintptr(findFlags), uintptr(findType), uintptr(findPara), uintptr(unsafe.Pointer(prevCertContext)))
+	cert = (*CertContext)(unsafe.Pointer(r0))
+	if cert == nil {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func VirtualFree(address uintptr, size uintptr, freetype uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procVirtualFree.Addr(), 3, uintptr(address), uintptr(size), uintptr(freetype))
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CertFindChainInStore(store Handle, certEncodingType uint32, findFlags uint32, findType uint32, findPara unsafe.Pointer, prevChainContext *CertChainContext) (certchain *CertChainContext, err error) {
+	r0, _, e1 := syscall.Syscall6(procCertFindChainInStore.Addr(), 6, uintptr(store), uintptr(certEncodingType), uintptr(findFlags), uintptr(findType), uintptr(findPara), uintptr(unsafe.Pointer(prevChainContext)))
+	certchain = (*CertChainContext)(unsafe.Pointer(r0))
+	if certchain == nil {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func VirtualProtect(address uintptr, size uintptr, newprotect uint32, oldprotect *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procVirtualProtect.Addr(), 4, uintptr(address), uintptr(size), uintptr(newprotect), uintptr(unsafe.Pointer(oldprotect)), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func CertFindExtension(objId *byte, countExtensions uint32, extensions *CertExtension) (ret *CertExtension) {
+	r0, _, _ := syscall.Syscall(procCertFindExtension.Addr(), 3, uintptr(unsafe.Pointer(objId)), uintptr(countExtensions), uintptr(unsafe.Pointer(extensions)))
+	ret = (*CertExtension)(unsafe.Pointer(r0))
 	return
 }
 
-func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procTransmitFile.Addr(), 7, uintptr(s), uintptr(handle), uintptr(bytesToWrite), uintptr(bytsPerSend), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(transmitFileBuf)), uintptr(flags), 0, 0)
+func CertFreeCertificateChain(ctx *CertChainContext) {
+	syscall.Syscall(procCertFreeCertificateChain.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0)
+	return
+}
+
+func CertFreeCertificateContext(ctx *CertContext) (err error) {
+	r1, _, e1 := syscall.Syscall(procCertFreeCertificateContext.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) {
-	var _p0 uint32
-	if watchSubTree {
-		_p0 = 1
-	} else {
-		_p0 = 0
-	}
-	r1, _, e1 := syscall.Syscall9(procReadDirectoryChangesW.Addr(), 8, uintptr(handle), uintptr(unsafe.Pointer(buf)), uintptr(buflen), uintptr(_p0), uintptr(mask), uintptr(unsafe.Pointer(retlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine), 0)
+func CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) {
+	r1, _, e1 := syscall.Syscall9(procCertGetCertificateChain.Addr(), 8, uintptr(engine), uintptr(unsafe.Pointer(leaf)), uintptr(unsafe.Pointer(time)), uintptr(additionalStore), uintptr(unsafe.Pointer(para)), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(chainCtx)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procCertOpenSystemStoreW.Addr(), 2, uintptr(hprov), uintptr(unsafe.Pointer(name)), 0)
-	store = Handle(r0)
-	if store == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func CertGetNameString(certContext *CertContext, nameType uint32, flags uint32, typePara unsafe.Pointer, name *uint16, size uint32) (chars uint32) {
+	r0, _, _ := syscall.Syscall6(procCertGetNameStringW.Addr(), 6, uintptr(unsafe.Pointer(certContext)), uintptr(nameType), uintptr(flags), uintptr(typePara), uintptr(unsafe.Pointer(name)), uintptr(size))
+	chars = uint32(r0)
 	return
 }
 
 func CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) {
 	r0, _, e1 := syscall.Syscall6(procCertOpenStore.Addr(), 5, uintptr(storeProvider), uintptr(msgAndCertEncodingType), uintptr(cryptProv), uintptr(flags), uintptr(para), 0)
 	handle = Handle(r0)
-	if handle == InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+	if handle == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) {
-	r0, _, e1 := syscall.Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
-	context = (*CertContext)(unsafe.Pointer(r0))
-	if context == nil {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procCertOpenSystemStoreW.Addr(), 2, uintptr(hprov), uintptr(unsafe.Pointer(name)), 0)
+	store = Handle(r0)
+	if store == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) {
-	r1, _, e1 := syscall.Syscall6(procCertAddCertificateContextToStore.Addr(), 4, uintptr(store), uintptr(unsafe.Pointer(certContext)), uintptr(addDisposition), uintptr(unsafe.Pointer(storeContext)), 0, 0)
+func CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCertVerifyCertificateChainPolicy.Addr(), 4, uintptr(policyOID), uintptr(unsafe.Pointer(chain)), uintptr(unsafe.Pointer(para)), uintptr(unsafe.Pointer(status)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CertCloseStore(store Handle, flags uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procCertCloseStore.Addr(), 2, uintptr(store), uintptr(flags), 0)
+func CryptAcquireCertificatePrivateKey(cert *CertContext, flags uint32, parameters unsafe.Pointer, cryptProvOrNCryptKey *Handle, keySpec *uint32, callerFreeProvOrNCryptKey *bool) (err error) {
+	var _p0 uint32
+	if *callerFreeProvOrNCryptKey {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procCryptAcquireCertificatePrivateKey.Addr(), 6, uintptr(unsafe.Pointer(cert)), uintptr(flags), uintptr(parameters), uintptr(unsafe.Pointer(cryptProvOrNCryptKey)), uintptr(unsafe.Pointer(keySpec)), uintptr(unsafe.Pointer(&_p0)))
+	*callerFreeProvOrNCryptKey = _p0 != 0
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) {
-	r1, _, e1 := syscall.Syscall9(procCertGetCertificateChain.Addr(), 8, uintptr(engine), uintptr(unsafe.Pointer(leaf)), uintptr(unsafe.Pointer(time)), uintptr(additionalStore), uintptr(unsafe.Pointer(para)), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(chainCtx)), 0)
+func CryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procCryptDecodeObject.Addr(), 7, uintptr(encodingType), uintptr(unsafe.Pointer(structType)), uintptr(unsafe.Pointer(encodedBytes)), uintptr(lenEncodedBytes), uintptr(flags), uintptr(decoded), uintptr(unsafe.Pointer(decodedLen)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CertFreeCertificateChain(ctx *CertChainContext) {
-	syscall.Syscall(procCertFreeCertificateChain.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0)
+func CryptProtectData(dataIn *DataBlob, name *uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) {
+	r1, _, e1 := syscall.Syscall9(procCryptProtectData.Addr(), 7, uintptr(unsafe.Pointer(dataIn)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(optionalEntropy)), uintptr(reserved), uintptr(unsafe.Pointer(promptStruct)), uintptr(flags), uintptr(unsafe.Pointer(dataOut)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) {
-	r0, _, e1 := syscall.Syscall(procCertCreateCertificateContext.Addr(), 3, uintptr(certEncodingType), uintptr(unsafe.Pointer(certEncoded)), uintptr(encodedLen))
-	context = (*CertContext)(unsafe.Pointer(r0))
-	if context == nil {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CryptQueryObject(objectType uint32, object unsafe.Pointer, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *Handle, msg *Handle, context *unsafe.Pointer) (err error) {
+	r1, _, e1 := syscall.Syscall12(procCryptQueryObject.Addr(), 11, uintptr(objectType), uintptr(object), uintptr(expectedContentTypeFlags), uintptr(expectedFormatTypeFlags), uintptr(flags), uintptr(unsafe.Pointer(msgAndCertEncodingType)), uintptr(unsafe.Pointer(contentType)), uintptr(unsafe.Pointer(formatType)), uintptr(unsafe.Pointer(certStore)), uintptr(unsafe.Pointer(msg)), uintptr(unsafe.Pointer(context)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CertFreeCertificateContext(ctx *CertContext) (err error) {
-	r1, _, e1 := syscall.Syscall(procCertFreeCertificateContext.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0)
+func CryptUnprotectData(dataIn *DataBlob, name **uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) {
+	r1, _, e1 := syscall.Syscall9(procCryptUnprotectData.Addr(), 7, uintptr(unsafe.Pointer(dataIn)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(optionalEntropy)), uintptr(reserved), uintptr(unsafe.Pointer(promptStruct)), uintptr(flags), uintptr(unsafe.Pointer(dataOut)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) {
-	r1, _, e1 := syscall.Syscall6(procCertVerifyCertificateChainPolicy.Addr(), 4, uintptr(policyOID), uintptr(unsafe.Pointer(chain)), uintptr(unsafe.Pointer(para)), uintptr(unsafe.Pointer(status)), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procPFXImportCertStore.Addr(), 3, uintptr(unsafe.Pointer(pfx)), uintptr(unsafe.Pointer(password)), uintptr(flags))
+	store = Handle(r0)
+	if store == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) {
-	r0, _, _ := syscall.Syscall6(procRegOpenKeyExW.Addr(), 5, uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(options), uintptr(desiredAccess), uintptr(unsafe.Pointer(result)), 0)
-	if r0 != 0 {
-		regerrno = syscall.Errno(r0)
-	}
+func DnsNameCompare(name1 *uint16, name2 *uint16) (same bool) {
+	r0, _, _ := syscall.Syscall(procDnsNameCompare_W.Addr(), 2, uintptr(unsafe.Pointer(name1)), uintptr(unsafe.Pointer(name2)), 0)
+	same = r0 != 0
 	return
 }
 
-func RegCloseKey(key Handle) (regerrno error) {
-	r0, _, _ := syscall.Syscall(procRegCloseKey.Addr(), 1, uintptr(key), 0, 0)
-	if r0 != 0 {
-		regerrno = syscall.Errno(r0)
+func DnsQuery(name string, qtype uint16, options uint32, extra *byte, qrs **DNSRecord, pr *byte) (status error) {
+	var _p0 *uint16
+	_p0, status = syscall.UTF16PtrFromString(name)
+	if status != nil {
+		return
 	}
-	return
+	return _DnsQuery(_p0, qtype, options, extra, qrs, pr)
 }
 
-func RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) {
-	r0, _, _ := syscall.Syscall12(procRegQueryInfoKeyW.Addr(), 12, uintptr(key), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(subkeysLen)), uintptr(unsafe.Pointer(maxSubkeyLen)), uintptr(unsafe.Pointer(maxClassLen)), uintptr(unsafe.Pointer(valuesLen)), uintptr(unsafe.Pointer(maxValueNameLen)), uintptr(unsafe.Pointer(maxValueLen)), uintptr(unsafe.Pointer(saLen)), uintptr(unsafe.Pointer(lastWriteTime)))
+func _DnsQuery(name *uint16, qtype uint16, options uint32, extra *byte, qrs **DNSRecord, pr *byte) (status error) {
+	r0, _, _ := syscall.Syscall6(procDnsQuery_W.Addr(), 6, uintptr(unsafe.Pointer(name)), uintptr(qtype), uintptr(options), uintptr(unsafe.Pointer(extra)), uintptr(unsafe.Pointer(qrs)), uintptr(unsafe.Pointer(pr)))
 	if r0 != 0 {
-		regerrno = syscall.Errno(r0)
+		status = syscall.Errno(r0)
 	}
 	return
 }
 
-func RegEnumKeyEx(key Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, class *uint16, classLen *uint32, lastWriteTime *Filetime) (regerrno error) {
-	r0, _, _ := syscall.Syscall9(procRegEnumKeyExW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(lastWriteTime)), 0)
+func DnsRecordListFree(rl *DNSRecord, freetype uint32) {
+	syscall.Syscall(procDnsRecordListFree.Addr(), 2, uintptr(unsafe.Pointer(rl)), uintptr(freetype), 0)
+	return
+}
+
+func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) {
+	r0, _, _ := syscall.Syscall6(procGetAdaptersAddresses.Addr(), 5, uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer)), 0)
 	if r0 != 0 {
-		regerrno = syscall.Errno(r0)
+		errcode = syscall.Errno(r0)
 	}
 	return
 }
 
-func RegQueryValueEx(key Handle, name *uint16, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) {
-	r0, _, _ := syscall.Syscall6(procRegQueryValueExW.Addr(), 6, uintptr(key), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen)))
+func GetAdaptersInfo(ai *IpAdapterInfo, ol *uint32) (errcode error) {
+	r0, _, _ := syscall.Syscall(procGetAdaptersInfo.Addr(), 2, uintptr(unsafe.Pointer(ai)), uintptr(unsafe.Pointer(ol)), 0)
 	if r0 != 0 {
-		regerrno = syscall.Errno(r0)
+		errcode = syscall.Errno(r0)
 	}
 	return
 }
 
-func getCurrentProcessId() (pid uint32) {
-	r0, _, _ := syscall.Syscall(procGetCurrentProcessId.Addr(), 0, 0, 0, 0)
-	pid = uint32(r0)
+func GetIfEntry(pIfRow *MibIfRow) (errcode error) {
+	r0, _, _ := syscall.Syscall(procGetIfEntry.Addr(), 1, uintptr(unsafe.Pointer(pIfRow)), 0, 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
 	return
 }
 
-func GetConsoleMode(console Handle, mode *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(mode)), 0)
+func AssignProcessToJobObject(job Handle, process Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procAssignProcessToJobObject.Addr(), 2, uintptr(job), uintptr(process), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetConsoleMode(console Handle, mode uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(console), uintptr(mode), 0)
+func CancelIo(s Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procCancelIo.Addr(), 1, uintptr(s), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetConsoleScreenBufferInfo.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(info)), 0)
+func CancelIoEx(s Handle, o *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(s), uintptr(unsafe.Pointer(o)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) {
-	r1, _, e1 := syscall.Syscall6(procWriteConsoleW.Addr(), 5, uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(towrite), uintptr(unsafe.Pointer(written)), uintptr(unsafe.Pointer(reserved)), 0)
+func CloseHandle(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procCloseHandle.Addr(), 1, uintptr(handle), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) {
-	r1, _, e1 := syscall.Syscall6(procReadConsoleW.Addr(), 5, uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(toread), uintptr(unsafe.Pointer(read)), uintptr(unsafe.Pointer(inputControl)), 0)
+func ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(overlapped)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procCreateToolhelp32Snapshot.Addr(), 2, uintptr(flags), uintptr(processId), 0)
-	handle = Handle(r0)
-	if handle == InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) {
+	r1, _, e1 := syscall.Syscall(procCreateDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(sa)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func Process32First(snapshot Handle, procEntry *ProcessEntry32) (err error) {
-	r1, _, e1 := syscall.Syscall(procProcess32FirstW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(procEntry)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateEventEx(eventAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateEventExW.Addr(), 4, uintptr(unsafe.Pointer(eventAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 || e1 == ERROR_ALREADY_EXISTS {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func Process32Next(snapshot Handle, procEntry *ProcessEntry32) (err error) {
-	r1, _, e1 := syscall.Syscall(procProcess32NextW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(procEntry)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateEvent(eventAttrs *SecurityAttributes, manualReset uint32, initialState uint32, name *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateEventW.Addr(), 4, uintptr(unsafe.Pointer(eventAttrs)), uintptr(manualReset), uintptr(initialState), uintptr(unsafe.Pointer(name)), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 || e1 == ERROR_ALREADY_EXISTS {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, outBufferSize uint32, bytesReturned *uint32, overlapped *Overlapped) (err error) {
-	r1, _, e1 := syscall.Syscall9(procDeviceIoControl.Addr(), 8, uintptr(handle), uintptr(ioControlCode), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferSize), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferSize), uintptr(unsafe.Pointer(bytesReturned)), uintptr(unsafe.Pointer(overlapped)), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateFileMappingW.Addr(), 6, uintptr(fhandle), uintptr(unsafe.Pointer(sa)), uintptr(prot), uintptr(maxSizeHigh), uintptr(maxSizeLow), uintptr(unsafe.Pointer(name)))
+	handle = Handle(r0)
+	if handle == 0 || e1 == ERROR_ALREADY_EXISTS {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procCreateSymbolicLinkW.Addr(), 3, uintptr(unsafe.Pointer(symlinkfilename)), uintptr(unsafe.Pointer(targetfilename)), uintptr(flags))
-	if r1&0xff == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
 	}
 	return
 }
@@ -1780,921 +1558,2299 @@ func CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags u
 func CreateHardLink(filename *uint16, existingfilename *uint16, reserved uintptr) (err error) {
 	r1, _, e1 := syscall.Syscall(procCreateHardLinkW.Addr(), 3, uintptr(unsafe.Pointer(filename)), uintptr(unsafe.Pointer(existingfilename)), uintptr(reserved))
 	if r1&0xff == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetCurrentThreadId() (id uint32) {
-	r0, _, _ := syscall.Syscall(procGetCurrentThreadId.Addr(), 0, 0, 0, 0)
-	id = uint32(r0)
+func CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uintptr, threadcnt uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(filehandle), uintptr(cphandle), uintptr(key), uintptr(threadcnt), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func CreateEvent(eventAttrs *SecurityAttributes, manualReset uint32, initialState uint32, name *uint16) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall6(procCreateEventW.Addr(), 4, uintptr(unsafe.Pointer(eventAttrs)), uintptr(manualReset), uintptr(initialState), uintptr(unsafe.Pointer(name)), 0, 0)
+func CreateJobObject(jobAttr *SecurityAttributes, name *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procCreateJobObjectW.Addr(), 2, uintptr(unsafe.Pointer(jobAttr)), uintptr(unsafe.Pointer(name)), 0)
 	handle = Handle(r0)
 	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func CreateEventEx(eventAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall6(procCreateEventExW.Addr(), 4, uintptr(unsafe.Pointer(eventAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess), 0, 0)
+func CreateMutexEx(mutexAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateMutexExW.Addr(), 4, uintptr(unsafe.Pointer(mutexAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess), 0, 0)
 	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+	if handle == 0 || e1 == ERROR_ALREADY_EXISTS {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func OpenEvent(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) {
+func CreateMutex(mutexAttrs *SecurityAttributes, initialOwner bool, name *uint16) (handle Handle, err error) {
 	var _p0 uint32
-	if inheritHandle {
+	if initialOwner {
 		_p0 = 1
-	} else {
-		_p0 = 0
 	}
-	r0, _, e1 := syscall.Syscall(procOpenEventW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name)))
+	r0, _, e1 := syscall.Syscall(procCreateMutexW.Addr(), 3, uintptr(unsafe.Pointer(mutexAttrs)), uintptr(_p0), uintptr(unsafe.Pointer(name)))
 	handle = Handle(r0)
-	if handle == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+	if handle == 0 || e1 == ERROR_ALREADY_EXISTS {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetEvent(event Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetEvent.Addr(), 1, uintptr(event), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *SecurityAttributes) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ResetEvent(event Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0)
+func CreatePipe(readhandle *Handle, writehandle *Handle, sa *SecurityAttributes, size uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCreatePipe.Addr(), 4, uintptr(unsafe.Pointer(readhandle)), uintptr(unsafe.Pointer(writehandle)), uintptr(unsafe.Pointer(sa)), uintptr(size), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func PulseEvent(event Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procPulseEvent.Addr(), 1, uintptr(event), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) {
+	var _p0 uint32
+	if inheritHandles {
+		_p0 = 1
 	}
-	return
-}
-
-func DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procDefineDosDeviceW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)))
+	r1, _, e1 := syscall.Syscall12(procCreateProcessW.Addr(), 10, uintptr(unsafe.Pointer(appName)), uintptr(unsafe.Pointer(commandLine)), uintptr(unsafe.Pointer(procSecurity)), uintptr(unsafe.Pointer(threadSecurity)), uintptr(_p0), uintptr(creationFlags), uintptr(unsafe.Pointer(env)), uintptr(unsafe.Pointer(currentDir)), uintptr(unsafe.Pointer(startupInfo)), uintptr(unsafe.Pointer(outProcInfo)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func DeleteVolumeMountPoint(volumeMountPoint *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procDeleteVolumeMountPointW.Addr(), 1, uintptr(unsafe.Pointer(volumeMountPoint)), 0, 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procCreateSymbolicLinkW.Addr(), 3, uintptr(unsafe.Pointer(symlinkfilename)), uintptr(unsafe.Pointer(targetfilename)), uintptr(flags))
+	if r1&0xff == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FindFirstVolume(volumeName *uint16, bufferLength uint32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procFindFirstVolumeW.Addr(), 2, uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength), 0)
+func CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procCreateToolhelp32Snapshot.Addr(), 2, uintptr(flags), uintptr(processId), 0)
 	handle = Handle(r0)
 	if handle == InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FindFirstVolumeMountPoint(rootPathName *uint16, volumeMountPoint *uint16, bufferLength uint32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procFindFirstVolumeMountPointW.Addr(), 3, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength))
-	handle = Handle(r0)
-	if handle == InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procDefineDosDeviceW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FindNextVolume(findVolume Handle, volumeName *uint16, bufferLength uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procFindNextVolumeW.Addr(), 3, uintptr(findVolume), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength))
+func DeleteFile(path *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procDeleteFileW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uint16, bufferLength uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procFindNextVolumeMountPointW.Addr(), 3, uintptr(findVolumeMountPoint), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength))
+func deleteProcThreadAttributeList(attrlist *ProcThreadAttributeList) {
+	syscall.Syscall(procDeleteProcThreadAttributeList.Addr(), 1, uintptr(unsafe.Pointer(attrlist)), 0, 0)
+	return
+}
+
+func DeleteVolumeMountPoint(volumeMountPoint *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procDeleteVolumeMountPointW.Addr(), 1, uintptr(unsafe.Pointer(volumeMountPoint)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FindVolumeClose(findVolume Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procFindVolumeClose.Addr(), 1, uintptr(findVolume), 0, 0)
+func DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, outBufferSize uint32, bytesReturned *uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall9(procDeviceIoControl.Addr(), 8, uintptr(handle), uintptr(ioControlCode), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferSize), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferSize), uintptr(unsafe.Pointer(bytesReturned)), uintptr(unsafe.Pointer(overlapped)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procFindVolumeMountPointClose.Addr(), 1, uintptr(findVolumeMountPoint), 0, 0)
+func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error) {
+	var _p0 uint32
+	if bInheritHandle {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall9(procDuplicateHandle.Addr(), 7, uintptr(hSourceProcessHandle), uintptr(hSourceHandle), uintptr(hTargetProcessHandle), uintptr(unsafe.Pointer(lpTargetHandle)), uintptr(dwDesiredAccess), uintptr(_p0), uintptr(dwOptions), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetDriveType(rootPathName *uint16) (driveType uint32) {
-	r0, _, _ := syscall.Syscall(procGetDriveTypeW.Addr(), 1, uintptr(unsafe.Pointer(rootPathName)), 0, 0)
-	driveType = uint32(r0)
+func ExitProcess(exitcode uint32) {
+	syscall.Syscall(procExitProcess.Addr(), 1, uintptr(exitcode), 0, 0)
 	return
 }
 
-func GetLogicalDrives() (drivesBitMask uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetLogicalDrives.Addr(), 0, 0, 0, 0)
-	drivesBitMask = uint32(r0)
-	if drivesBitMask == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FindClose(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindClose.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procGetLogicalDriveStringsW.Addr(), 2, uintptr(bufferLength), uintptr(unsafe.Pointer(buffer)), 0)
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FindCloseChangeNotification(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindCloseChangeNotification.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetVolumeInformation(rootPathName *uint16, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procGetVolumeInformationW.Addr(), 8, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FindFirstChangeNotification(path string, watchSubtree bool, notifyFilter uint32) (handle Handle, err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return
+	}
+	return _FindFirstChangeNotification(_p0, watchSubtree, notifyFilter)
+}
+
+func _FindFirstChangeNotification(path *uint16, watchSubtree bool, notifyFilter uint32) (handle Handle, err error) {
+	var _p1 uint32
+	if watchSubtree {
+		_p1 = 1
+	}
+	r0, _, e1 := syscall.Syscall(procFindFirstChangeNotificationW.Addr(), 3, uintptr(unsafe.Pointer(path)), uintptr(_p1), uintptr(notifyFilter))
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetVolumeInformationByHandle(file Handle, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procGetVolumeInformationByHandleW.Addr(), 8, uintptr(file), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func findFirstFile1(name *uint16, data *win32finddata1) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procFindFirstFileW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(data)), 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetVolumeNameForVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16, bufferlength uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetVolumeNameForVolumeMountPointW.Addr(), 3, uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferlength))
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FindFirstVolumeMountPoint(rootPathName *uint16, volumeMountPoint *uint16, bufferLength uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procFindFirstVolumeMountPointW.Addr(), 3, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength))
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetVolumePathName(fileName *uint16, volumePathName *uint16, bufferLength uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetVolumePathNameW.Addr(), 3, uintptr(unsafe.Pointer(fileName)), uintptr(unsafe.Pointer(volumePathName)), uintptr(bufferLength))
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FindFirstVolume(volumeName *uint16, bufferLength uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procFindFirstVolumeW.Addr(), 2, uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength), 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetVolumePathNamesForVolumeName(volumeName *uint16, volumePathNames *uint16, bufferLength uint32, returnLength *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procGetVolumePathNamesForVolumeNameW.Addr(), 4, uintptr(unsafe.Pointer(volumeName)), uintptr(unsafe.Pointer(volumePathNames)), uintptr(bufferLength), uintptr(unsafe.Pointer(returnLength)), 0, 0)
+func FindNextChangeNotification(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindNextChangeNotification.Addr(), 1, uintptr(handle), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) {
-	r0, _, e1 := syscall.Syscall(procQueryDosDeviceW.Addr(), 3, uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)), uintptr(max))
-	n = uint32(r0)
-	if n == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func findNextFile1(handle Handle, data *win32finddata1) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindNextFileW.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(data)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetVolumeLabel(rootPathName *uint16, volumeName *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetVolumeLabelW.Addr(), 2, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeName)), 0)
+func FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uint16, bufferLength uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindNextVolumeMountPointW.Addr(), 3, uintptr(findVolumeMountPoint), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetVolumeMountPointW.Addr(), 2, uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), 0)
+func FindNextVolume(findVolume Handle, volumeName *uint16, bufferLength uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindNextVolumeW.Addr(), 3, uintptr(findVolume), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func WSAStartup(verreq uint32, data *WSAData) (sockerr error) {
-	r0, _, _ := syscall.Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0)
-	if r0 != 0 {
-		sockerr = syscall.Errno(r0)
+func findResource(module Handle, name uintptr, resType uintptr) (resInfo Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procFindResourceW.Addr(), 3, uintptr(module), uintptr(name), uintptr(resType))
+	resInfo = Handle(r0)
+	if resInfo == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func WSACleanup() (err error) {
-	r1, _, e1 := syscall.Syscall(procWSACleanup.Addr(), 0, 0, 0, 0)
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FindVolumeClose(findVolume Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindVolumeClose.Addr(), 1, uintptr(findVolume), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) {
-	r1, _, e1 := syscall.Syscall9(procWSAIoctl.Addr(), 9, uintptr(s), uintptr(iocc), uintptr(unsafe.Pointer(inbuf)), uintptr(cbif), uintptr(unsafe.Pointer(outbuf)), uintptr(cbob), uintptr(unsafe.Pointer(cbbr)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine))
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindVolumeMountPointClose.Addr(), 1, uintptr(findVolumeMountPoint), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func socket(af int32, typ int32, protocol int32) (handle Handle, err error) {
-	r0, _, e1 := syscall.Syscall(procsocket.Addr(), 3, uintptr(af), uintptr(typ), uintptr(protocol))
-	handle = Handle(r0)
-	if handle == InvalidHandle {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FlushFileBuffers(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFlushFileBuffers.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func Setsockopt(s Handle, level int32, optname int32, optval *byte, optlen int32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procsetsockopt.Addr(), 5, uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(optlen), 0)
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FlushViewOfFile(addr uintptr, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procFlushViewOfFile.Addr(), 2, uintptr(addr), uintptr(length), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func Getsockopt(s Handle, level int32, optname int32, optval *byte, optlen *int32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procgetsockopt.Addr(), 5, uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(unsafe.Pointer(optlen)), 0)
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) {
+	var _p0 *uint16
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, _, e1 := syscall.Syscall9(procFormatMessageW.Addr(), 7, uintptr(flags), uintptr(msgsrc), uintptr(msgid), uintptr(langid), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(args)), 0, 0)
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func bind(s Handle, name unsafe.Pointer, namelen int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FreeEnvironmentStrings(envs *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procFreeEnvironmentStringsW.Addr(), 1, uintptr(unsafe.Pointer(envs)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func connect(s Handle, name unsafe.Pointer, namelen int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procconnect.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func FreeLibrary(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFreeLibrary.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func getsockname(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procgetsockname.Addr(), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GenerateConsoleCtrlEvent(ctrlEvent uint32, processGroupID uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGenerateConsoleCtrlEvent.Addr(), 2, uintptr(ctrlEvent), uintptr(processGroupID), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func getpeername(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procgetpeername.Addr(), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func GetACP() (acp uint32) {
+	r0, _, _ := syscall.Syscall(procGetACP.Addr(), 0, 0, 0, 0)
+	acp = uint32(r0)
 	return
 }
 
-func listen(s Handle, backlog int32) (err error) {
-	r1, _, e1 := syscall.Syscall(proclisten.Addr(), 2, uintptr(s), uintptr(backlog), 0)
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func shutdown(s Handle, how int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procshutdown.Addr(), 2, uintptr(s), uintptr(how), 0)
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func GetCommandLine() (cmd *uint16) {
+	r0, _, _ := syscall.Syscall(procGetCommandLineW.Addr(), 0, 0, 0, 0)
+	cmd = (*uint16)(unsafe.Pointer(r0))
 	return
 }
 
-func Closesocket(s Handle) (err error) {
-	r1, _, e1 := syscall.Syscall(procclosesocket.Addr(), 1, uintptr(s), 0, 0)
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetComputerNameExW.Addr(), 3, uintptr(nametype), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func AcceptEx(ls Handle, as Handle, buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, recvd *uint32, overlapped *Overlapped) (err error) {
-	r1, _, e1 := syscall.Syscall9(procAcceptEx.Addr(), 8, uintptr(ls), uintptr(as), uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(overlapped)), 0)
+func GetComputerName(buf *uint16, n *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetComputerNameW.Addr(), 2, uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetAcceptExSockaddrs(buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, lrsa **RawSockaddrAny, lrsalen *int32, rrsa **RawSockaddrAny, rrsalen *int32) {
-	syscall.Syscall9(procGetAcceptExSockaddrs.Addr(), 8, uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(lrsa)), uintptr(unsafe.Pointer(lrsalen)), uintptr(unsafe.Pointer(rrsa)), uintptr(unsafe.Pointer(rrsalen)), 0)
+func GetConsoleMode(console Handle, mode *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(mode)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) {
-	r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetConsoleScreenBufferInfo.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(info)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func WSASend(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, overlapped *Overlapped, croutine *byte) (err error) {
-	r1, _, e1 := syscall.Syscall9(procWSASend.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetCurrentDirectoryW.Addr(), 2, uintptr(buflen), uintptr(unsafe.Pointer(buf)), 0)
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) {
-	r1, _, e1 := syscall.Syscall9(procWSARecvFrom.Addr(), 9, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)))
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func GetCurrentProcessId() (pid uint32) {
+	r0, _, _ := syscall.Syscall(procGetCurrentProcessId.Addr(), 0, 0, 0, 0)
+	pid = uint32(r0)
 	return
 }
 
-func WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32, overlapped *Overlapped, croutine *byte) (err error) {
-	r1, _, e1 := syscall.Syscall9(procWSASendTo.Addr(), 9, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(to)), uintptr(tolen), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)))
-	if r1 == socket_error {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func GetCurrentThreadId() (id uint32) {
+	r0, _, _ := syscall.Syscall(procGetCurrentThreadId.Addr(), 0, 0, 0, 0)
+	id = uint32(r0)
 	return
 }
 
-func GetHostByName(name string) (h *Hostent, err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(name)
-	if err != nil {
-		return
+func GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint64, totalNumberOfBytes *uint64, totalNumberOfFreeBytes *uint64) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetDiskFreeSpaceExW.Addr(), 4, uintptr(unsafe.Pointer(directoryName)), uintptr(unsafe.Pointer(freeBytesAvailableToCaller)), uintptr(unsafe.Pointer(totalNumberOfBytes)), uintptr(unsafe.Pointer(totalNumberOfFreeBytes)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
-	return _GetHostByName(_p0)
+	return
 }
 
-func _GetHostByName(name *byte) (h *Hostent, err error) {
-	r0, _, e1 := syscall.Syscall(procgethostbyname.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
-	h = (*Hostent)(unsafe.Pointer(r0))
-	if h == nil {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
+func GetDriveType(rootPathName *uint16) (driveType uint32) {
+	r0, _, _ := syscall.Syscall(procGetDriveTypeW.Addr(), 1, uintptr(unsafe.Pointer(rootPathName)), 0, 0)
+	driveType = uint32(r0)
 	return
 }
 
-func GetServByName(name string, proto string) (s *Servent, err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(name)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = syscall.BytePtrFromString(proto)
-	if err != nil {
-		return
+func GetEnvironmentStrings() (envs *uint16, err error) {
+	r0, _, e1 := syscall.Syscall(procGetEnvironmentStringsW.Addr(), 0, 0, 0, 0)
+	envs = (*uint16)(unsafe.Pointer(r0))
+	if envs == nil {
+		err = errnoErr(e1)
 	}
-	return _GetServByName(_p0, _p1)
+	return
 }
 
-func _GetServByName(name *byte, proto *byte) (s *Servent, err error) {
-	r0, _, e1 := syscall.Syscall(procgetservbyname.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(proto)), 0)
-	s = (*Servent)(unsafe.Pointer(r0))
-	if s == nil {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetEnvironmentVariableW.Addr(), 3, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(size))
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func Ntohs(netshort uint16) (u uint16) {
-	r0, _, _ := syscall.Syscall(procntohs.Addr(), 1, uintptr(netshort), 0, 0)
-	u = uint16(r0)
+func GetExitCodeProcess(handle Handle, exitcode *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetExitCodeProcess.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(exitcode)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func GetProtoByName(name string) (p *Protoent, err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(name)
-	if err != nil {
-		return
+func GetFileAttributesEx(name *uint16, level uint32, info *byte) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetFileAttributesExW.Addr(), 3, uintptr(unsafe.Pointer(name)), uintptr(level), uintptr(unsafe.Pointer(info)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
-	return _GetProtoByName(_p0)
+	return
 }
 
-func _GetProtoByName(name *byte) (p *Protoent, err error) {
-	r0, _, e1 := syscall.Syscall(procgetprotobyname.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
-	p = (*Protoent)(unsafe.Pointer(r0))
-	if p == nil {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetFileAttributes(name *uint16) (attrs uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetFileAttributesW.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
+	attrs = uint32(r0)
+	if attrs == INVALID_FILE_ATTRIBUTES {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func DnsQuery(name string, qtype uint16, options uint32, extra *byte, qrs **DNSRecord, pr *byte) (status error) {
-	var _p0 *uint16
-	_p0, status = syscall.UTF16PtrFromString(name)
-	if status != nil {
-		return
+func GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetFileInformationByHandle.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(data)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
-	return _DnsQuery(_p0, qtype, options, extra, qrs, pr)
+	return
 }
 
-func _DnsQuery(name *uint16, qtype uint16, options uint32, extra *byte, qrs **DNSRecord, pr *byte) (status error) {
-	r0, _, _ := syscall.Syscall6(procDnsQuery_W.Addr(), 6, uintptr(unsafe.Pointer(name)), uintptr(qtype), uintptr(options), uintptr(unsafe.Pointer(extra)), uintptr(unsafe.Pointer(qrs)), uintptr(unsafe.Pointer(pr)))
-	if r0 != 0 {
-		status = syscall.Errno(r0)
+func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, outBufferLen uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetFileInformationByHandleEx.Addr(), 4, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferLen), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func DnsRecordListFree(rl *DNSRecord, freetype uint32) {
-	syscall.Syscall(procDnsRecordListFree.Addr(), 2, uintptr(unsafe.Pointer(rl)), uintptr(freetype), 0)
+func GetFileType(filehandle Handle) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func DnsNameCompare(name1 *uint16, name2 *uint16) (same bool) {
-	r0, _, _ := syscall.Syscall(procDnsNameCompare_W.Addr(), 2, uintptr(unsafe.Pointer(name1)), uintptr(unsafe.Pointer(name2)), 0)
-	same = r0 != 0
+func GetFinalPathNameByHandle(file Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall6(procGetFinalPathNameByHandleW.Addr(), 4, uintptr(file), uintptr(unsafe.Pointer(filePath)), uintptr(filePathSize), uintptr(flags), 0, 0)
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func GetAddrInfoW(nodename *uint16, servicename *uint16, hints *AddrinfoW, result **AddrinfoW) (sockerr error) {
-	r0, _, _ := syscall.Syscall6(procGetAddrInfoW.Addr(), 4, uintptr(unsafe.Pointer(nodename)), uintptr(unsafe.Pointer(servicename)), uintptr(unsafe.Pointer(hints)), uintptr(unsafe.Pointer(result)), 0, 0)
+func GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall6(procGetFullPathNameW.Addr(), 4, uintptr(unsafe.Pointer(path)), uintptr(buflen), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(fname)), 0, 0)
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetLastError() (lasterr error) {
+	r0, _, _ := syscall.Syscall(procGetLastError.Addr(), 0, 0, 0, 0)
 	if r0 != 0 {
-		sockerr = syscall.Errno(r0)
+		lasterr = syscall.Errno(r0)
 	}
 	return
 }
 
-func FreeAddrInfoW(addrinfo *AddrinfoW) {
-	syscall.Syscall(procFreeAddrInfoW.Addr(), 1, uintptr(unsafe.Pointer(addrinfo)), 0, 0)
+func GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetLogicalDriveStringsW.Addr(), 2, uintptr(bufferLength), uintptr(unsafe.Pointer(buffer)), 0)
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func GetIfEntry(pIfRow *MibIfRow) (errcode error) {
-	r0, _, _ := syscall.Syscall(procGetIfEntry.Addr(), 1, uintptr(unsafe.Pointer(pIfRow)), 0, 0)
-	if r0 != 0 {
-		errcode = syscall.Errno(r0)
+func GetLogicalDrives() (drivesBitMask uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetLogicalDrives.Addr(), 0, 0, 0, 0)
+	drivesBitMask = uint32(r0)
+	if drivesBitMask == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetAdaptersInfo(ai *IpAdapterInfo, ol *uint32) (errcode error) {
-	r0, _, _ := syscall.Syscall(procGetAdaptersInfo.Addr(), 2, uintptr(unsafe.Pointer(ai)), uintptr(unsafe.Pointer(ol)), 0)
-	if r0 != 0 {
-		errcode = syscall.Errno(r0)
+func GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetLongPathNameW.Addr(), 3, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(buf)), uintptr(buflen))
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetFileCompletionNotificationModes.Addr(), 2, uintptr(handle), uintptr(flags), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetModuleFileNameW.Addr(), 3, uintptr(module), uintptr(unsafe.Pointer(filename)), uintptr(size))
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) {
-	r0, _, e1 := syscall.Syscall(procWSAEnumProtocolsW.Addr(), 3, uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength)))
-	n = int32(r0)
-	if n == -1 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetModuleHandleExW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(moduleName)), uintptr(unsafe.Pointer(module)))
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) {
-	r0, _, _ := syscall.Syscall6(procGetAdaptersAddresses.Addr(), 5, uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer)), 0)
-	if r0 != 0 {
-		errcode = syscall.Errno(r0)
+func GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procGetNamedPipeHandleStateW.Addr(), 7, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetACP() (acp uint32) {
-	r0, _, _ := syscall.Syscall(procGetACP.Addr(), 0, 0, 0, 0)
-	acp = uint32(r0)
+func GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetNamedPipeInfo.Addr(), 5, uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) {
-	r0, _, e1 := syscall.Syscall6(procMultiByteToWideChar.Addr(), 6, uintptr(codePage), uintptr(dwFlags), uintptr(unsafe.Pointer(str)), uintptr(nstr), uintptr(unsafe.Pointer(wchar)), uintptr(nwchar))
-	nwrite = int32(r0)
-	if nwrite == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error) {
+	var _p0 uint32
+	if wait {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procGetOverlappedResult.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(done)), uintptr(_p0), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func TranslateName(accName *uint16, accNameFormat uint32, desiredNameFormat uint32, translatedName *uint16, nSize *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procTranslateNameW.Addr(), 5, uintptr(unsafe.Pointer(accName)), uintptr(accNameFormat), uintptr(desiredNameFormat), uintptr(unsafe.Pointer(translatedName)), uintptr(unsafe.Pointer(nSize)), 0)
-	if r1&0xff == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetPriorityClass(process Handle) (ret uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetPriorityClass.Addr(), 1, uintptr(process), 0, 0)
+	ret = uint32(r0)
+	if ret == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetUserNameEx(nameFormat uint32, nameBuffre *uint16, nSize *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetUserNameExW.Addr(), 3, uintptr(nameFormat), uintptr(unsafe.Pointer(nameBuffre)), uintptr(unsafe.Pointer(nSize)))
-	if r1&0xff == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetProcAddress(module Handle, procname string) (proc uintptr, err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(procname)
+	if err != nil {
+		return
+	}
+	return _GetProcAddress(module, _p0)
+}
+
+func _GetProcAddress(module Handle, procname *byte) (proc uintptr, err error) {
+	r0, _, e1 := syscall.Syscall(procGetProcAddress.Addr(), 2, uintptr(module), uintptr(unsafe.Pointer(procname)), 0)
+	proc = uintptr(r0)
+	if proc == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) {
-	r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0)
-	if r0 != 0 {
-		neterr = syscall.Errno(r0)
+func GetProcessId(process Handle) (id uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetProcessId.Addr(), 1, uintptr(process), 0, 0)
+	id = uint32(r0)
+	if id == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) {
-	r0, _, _ := syscall.Syscall(procNetGetJoinInformation.Addr(), 3, uintptr(unsafe.Pointer(server)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(bufType)))
-	if r0 != 0 {
-		neterr = syscall.Errno(r0)
+func getProcessPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetProcessPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func NetApiBufferFree(buf *byte) (neterr error) {
-	r0, _, _ := syscall.Syscall(procNetApiBufferFree.Addr(), 1, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if r0 != 0 {
-		neterr = syscall.Errno(r0)
+func GetProcessShutdownParameters(level *uint32, flags *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetProcessShutdownParameters.Addr(), 2, uintptr(unsafe.Pointer(level)), uintptr(unsafe.Pointer(flags)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func LookupAccountSid(systemName *uint16, sid *SID, name *uint16, nameLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procLookupAccountSidW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use)), 0, 0)
+func GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, kernelTime *Filetime, userTime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetProcessTimes.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(creationTime)), uintptr(unsafe.Pointer(exitTime)), uintptr(unsafe.Pointer(kernelTime)), uintptr(unsafe.Pointer(userTime)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func LookupAccountName(systemName *uint16, accountName *uint16, sid *SID, sidLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procLookupAccountNameW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use)), 0, 0)
+func GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32) {
+	syscall.Syscall6(procGetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(unsafe.Pointer(lpMinimumWorkingSetSize)), uintptr(unsafe.Pointer(lpMaximumWorkingSetSize)), uintptr(unsafe.Pointer(flags)), 0, 0)
+	return
+}
+
+func GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uintptr, overlapped **Overlapped, timeout uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(cphandle), uintptr(unsafe.Pointer(qty)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(overlapped)), uintptr(timeout), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ConvertSidToStringSid(sid *SID, stringSid **uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procConvertSidToStringSidW.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(stringSid)), 0)
+func GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetShortPathNameW.Addr(), 3, uintptr(unsafe.Pointer(longpath)), uintptr(unsafe.Pointer(shortpath)), uintptr(buflen))
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetStartupInfo(startupInfo *StartupInfo) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetStartupInfoW.Addr(), 1, uintptr(unsafe.Pointer(startupInfo)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func ConvertStringSidToSid(stringSid *uint16, sid **SID) (err error) {
-	r1, _, e1 := syscall.Syscall(procConvertStringSidToSidW.Addr(), 2, uintptr(unsafe.Pointer(stringSid)), uintptr(unsafe.Pointer(sid)), 0)
+func GetStdHandle(stdhandle uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procGetStdHandle.Addr(), 1, uintptr(stdhandle), 0, 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func getSystemDirectory(dir *uint16, dirLen uint32) (len uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetSystemDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0)
+	len = uint32(r0)
+	if len == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func getSystemPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetSystemPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetLengthSid(sid *SID) (len uint32) {
-	r0, _, _ := syscall.Syscall(procGetLengthSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+func GetSystemTimeAsFileTime(time *Filetime) {
+	syscall.Syscall(procGetSystemTimeAsFileTime.Addr(), 1, uintptr(unsafe.Pointer(time)), 0, 0)
+	return
+}
+
+func GetSystemTimePreciseAsFileTime(time *Filetime) {
+	syscall.Syscall(procGetSystemTimePreciseAsFileTime.Addr(), 1, uintptr(unsafe.Pointer(time)), 0, 0)
+	return
+}
+
+func getSystemWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetSystemWindowsDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0)
 	len = uint32(r0)
+	if len == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func CopySid(destSidLen uint32, destSid *SID, srcSid *SID) (err error) {
-	r1, _, e1 := syscall.Syscall(procCopySid.Addr(), 3, uintptr(destSidLen), uintptr(unsafe.Pointer(destSid)), uintptr(unsafe.Pointer(srcSid)))
+func GetTempPath(buflen uint32, buf *uint16) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetTempPathW.Addr(), 2, uintptr(buflen), uintptr(unsafe.Pointer(buf)), 0)
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetThreadPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func AllocateAndInitializeSid(identAuth *SidIdentifierAuthority, subAuth byte, subAuth0 uint32, subAuth1 uint32, subAuth2 uint32, subAuth3 uint32, subAuth4 uint32, subAuth5 uint32, subAuth6 uint32, subAuth7 uint32, sid **SID) (err error) {
-	r1, _, e1 := syscall.Syscall12(procAllocateAndInitializeSid.Addr(), 11, uintptr(unsafe.Pointer(identAuth)), uintptr(subAuth), uintptr(subAuth0), uintptr(subAuth1), uintptr(subAuth2), uintptr(subAuth3), uintptr(subAuth4), uintptr(subAuth5), uintptr(subAuth6), uintptr(subAuth7), uintptr(unsafe.Pointer(sid)), 0)
+func getTickCount64() (ms uint64) {
+	r0, _, _ := syscall.Syscall(procGetTickCount64.Addr(), 0, 0, 0, 0)
+	ms = uint64(r0)
+	return
+}
+
+func GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetTimeZoneInformation.Addr(), 1, uintptr(unsafe.Pointer(tzi)), 0, 0)
+	rc = uint32(r0)
+	if rc == 0xffffffff {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetUserPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func FreeSid(sid *SID) (err error) {
-	r1, _, e1 := syscall.Syscall(procFreeSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
-	if r1 != 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+func GetVersion() (ver uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetVersion.Addr(), 0, 0, 0, 0)
+	ver = uint32(r0)
+	if ver == 0 {
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func EqualSid(sid1 *SID, sid2 *SID) (isEqual bool) {
-	r0, _, _ := syscall.Syscall(procEqualSid.Addr(), 2, uintptr(unsafe.Pointer(sid1)), uintptr(unsafe.Pointer(sid2)), 0)
-	isEqual = r0 != 0
+func GetVolumeInformationByHandle(file Handle, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procGetVolumeInformationByHandleW.Addr(), 8, uintptr(file), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
 	return
 }
 
-func checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procCheckTokenMembership.Addr(), 3, uintptr(tokenHandle), uintptr(unsafe.Pointer(sidToCheck)), uintptr(unsafe.Pointer(isMember)))
+func GetVolumeInformation(rootPathName *uint16, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procGetVolumeInformationW.Addr(), 8, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func OpenProcessToken(h Handle, access uint32, token *Token) (err error) {
-	r1, _, e1 := syscall.Syscall(procOpenProcessToken.Addr(), 3, uintptr(h), uintptr(access), uintptr(unsafe.Pointer(token)))
+func GetVolumeNameForVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16, bufferlength uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetVolumeNameForVolumeMountPointW.Addr(), 3, uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferlength))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetTokenInformation(t Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procGetTokenInformation.Addr(), 5, uintptr(t), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen), uintptr(unsafe.Pointer(returnedLen)), 0)
+func GetVolumePathName(fileName *uint16, volumePathName *uint16, bufferLength uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetVolumePathNameW.Addr(), 3, uintptr(unsafe.Pointer(fileName)), uintptr(unsafe.Pointer(volumePathName)), uintptr(bufferLength))
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
 
-func GetUserProfileDirectory(t Token, dir *uint16, dirLen *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procGetUserProfileDirectoryW.Addr(), 3, uintptr(t), uintptr(unsafe.Pointer(dir)), uintptr(unsafe.Pointer(dirLen)))
+func GetVolumePathNamesForVolumeName(volumeName *uint16, volumePathNames *uint16, bufferLength uint32, returnLength *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetVolumePathNamesForVolumeNameW.Addr(), 4, uintptr(unsafe.Pointer(volumeName)), uintptr(unsafe.Pointer(volumePathNames)), uintptr(bufferLength), uintptr(unsafe.Pointer(returnLength)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func getWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetWindowsDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0)
+	len = uint32(r0)
+	if len == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func initializeProcThreadAttributeList(attrlist *ProcThreadAttributeList, attrcount uint32, flags uint32, size *uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall6(procInitializeProcThreadAttributeList.Addr(), 4, uintptr(unsafe.Pointer(attrlist)), uintptr(attrcount), uintptr(flags), uintptr(unsafe.Pointer(size)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func IsWow64Process(handle Handle, isWow64 *bool) (err error) {
+	var _p0 uint32
+	if *isWow64 {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall(procIsWow64Process.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(&_p0)), 0)
+	*isWow64 = _p0 != 0
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func IsWow64Process2(handle Handle, processMachine *uint16, nativeMachine *uint16) (err error) {
+	err = procIsWow64Process2.Find()
+	if err != nil {
+		return
+	}
+	r1, _, e1 := syscall.Syscall(procIsWow64Process2.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(processMachine)), uintptr(unsafe.Pointer(nativeMachine)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(libname)
+	if err != nil {
+		return
+	}
+	return _LoadLibraryEx(_p0, zero, flags)
+}
+
+func _LoadLibraryEx(libname *uint16, zero Handle, flags uintptr) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procLoadLibraryExW.Addr(), 3, uintptr(unsafe.Pointer(libname)), uintptr(zero), uintptr(flags))
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func LoadLibrary(libname string) (handle Handle, err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(libname)
+	if err != nil {
+		return
+	}
+	return _LoadLibrary(_p0)
+}
+
+func _LoadLibrary(libname *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procLoadLibraryW.Addr(), 1, uintptr(unsafe.Pointer(libname)), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func LoadResource(module Handle, resInfo Handle) (resData Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procLoadResource.Addr(), 2, uintptr(module), uintptr(resInfo), 0)
+	resData = Handle(r0)
+	if resData == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func LocalAlloc(flags uint32, length uint32) (ptr uintptr, err error) {
+	r0, _, e1 := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(flags), uintptr(length), 0)
+	ptr = uintptr(r0)
+	if ptr == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func LocalFree(hmem Handle) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procLocalFree.Addr(), 1, uintptr(hmem), 0, 0)
+	handle = Handle(r0)
+	if handle != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func LockFileEx(file Handle, flags uint32, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall6(procLockFileEx.Addr(), 6, uintptr(file), uintptr(flags), uintptr(reserved), uintptr(bytesLow), uintptr(bytesHigh), uintptr(unsafe.Pointer(overlapped)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func LockResource(resData Handle) (addr uintptr, err error) {
+	r0, _, e1 := syscall.Syscall(procLockResource.Addr(), 1, uintptr(resData), 0, 0)
+	addr = uintptr(r0)
+	if addr == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow uint32, length uintptr) (addr uintptr, err error) {
+	r0, _, e1 := syscall.Syscall6(procMapViewOfFile.Addr(), 5, uintptr(handle), uintptr(access), uintptr(offsetHigh), uintptr(offsetLow), uintptr(length), 0)
+	addr = uintptr(r0)
+	if addr == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procMoveFileExW.Addr(), 3, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), uintptr(flags))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func MoveFile(from *uint16, to *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procMoveFileW.Addr(), 2, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) {
+	r0, _, e1 := syscall.Syscall6(procMultiByteToWideChar.Addr(), 6, uintptr(codePage), uintptr(dwFlags), uintptr(unsafe.Pointer(str)), uintptr(nstr), uintptr(unsafe.Pointer(wchar)), uintptr(nwchar))
+	nwrite = int32(r0)
+	if nwrite == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func OpenEvent(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	}
+	r0, _, e1 := syscall.Syscall(procOpenEventW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name)))
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func OpenMutex(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	}
+	r0, _, e1 := syscall.Syscall(procOpenMutexW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name)))
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func OpenProcess(desiredAccess uint32, inheritHandle bool, processId uint32) (handle Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	}
+	r0, _, e1 := syscall.Syscall(procOpenProcess.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(processId))
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (handle Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	}
+	r0, _, e1 := syscall.Syscall(procOpenThread.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(threadId))
+	handle = Handle(r0)
+	if handle == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uintptr, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall6(procPostQueuedCompletionStatus.Addr(), 4, uintptr(cphandle), uintptr(qty), uintptr(key), uintptr(unsafe.Pointer(overlapped)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Process32First(snapshot Handle, procEntry *ProcessEntry32) (err error) {
+	r1, _, e1 := syscall.Syscall(procProcess32FirstW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(procEntry)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Process32Next(snapshot Handle, procEntry *ProcessEntry32) (err error) {
+	r1, _, e1 := syscall.Syscall(procProcess32NextW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(procEntry)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ProcessIdToSessionId(pid uint32, sessionid *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procProcessIdToSessionId.Addr(), 2, uintptr(pid), uintptr(unsafe.Pointer(sessionid)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func PulseEvent(event Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procPulseEvent.Addr(), 1, uintptr(event), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procQueryDosDeviceW.Addr(), 3, uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)), uintptr(max))
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func QueryFullProcessImageName(proc Handle, flags uint32, exeName *uint16, size *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryFullProcessImageNameW.Addr(), 4, uintptr(proc), uintptr(flags), uintptr(unsafe.Pointer(exeName)), uintptr(unsafe.Pointer(size)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func QueryInformationJobObject(job Handle, JobObjectInformationClass int32, JobObjectInformation uintptr, JobObjectInformationLength uint32, retlen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(job), uintptr(JobObjectInformationClass), uintptr(JobObjectInformation), uintptr(JobObjectInformationLength), uintptr(unsafe.Pointer(retlen)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) {
+	r1, _, e1 := syscall.Syscall6(procReadConsoleW.Addr(), 5, uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(toread), uintptr(unsafe.Pointer(read)), uintptr(unsafe.Pointer(inputControl)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) {
+	var _p0 uint32
+	if watchSubTree {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall9(procReadDirectoryChangesW.Addr(), 8, uintptr(handle), uintptr(unsafe.Pointer(buf)), uintptr(buflen), uintptr(_p0), uintptr(mask), uintptr(unsafe.Pointer(retlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r1, _, e1 := syscall.Syscall6(procReadFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ReadProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesRead *uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall6(procReadProcessMemory.Addr(), 5, uintptr(process), uintptr(baseAddress), uintptr(unsafe.Pointer(buffer)), uintptr(size), uintptr(unsafe.Pointer(numberOfBytesRead)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ReleaseMutex(mutex Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procReleaseMutex.Addr(), 1, uintptr(mutex), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func RemoveDirectory(path *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procRemoveDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ResetEvent(event Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ResumeThread(thread Handle) (ret uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procResumeThread.Addr(), 1, uintptr(thread), 0, 0)
+	ret = uint32(r0)
+	if ret == 0xffffffff {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func setConsoleCursorPosition(console Handle, position uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetConsoleCursorPosition.Addr(), 2, uintptr(console), uintptr(position), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetConsoleMode(console Handle, mode uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(console), uintptr(mode), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetCurrentDirectory(path *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCurrentDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetDefaultDllDirectories(directoryFlags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetDefaultDllDirectories.Addr(), 1, uintptr(directoryFlags), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetDllDirectory(path string) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return
+	}
+	return _SetDllDirectory(_p0)
+}
+
+func _SetDllDirectory(path *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetDllDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetEndOfFile(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetEndOfFile.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetEnvironmentVariable(name *uint16, value *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetEnvironmentVariableW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetErrorMode(mode uint32) (ret uint32) {
+	r0, _, _ := syscall.Syscall(procSetErrorMode.Addr(), 1, uintptr(mode), 0, 0)
+	ret = uint32(r0)
+	return
+}
+
+func SetEvent(event Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetEvent.Addr(), 1, uintptr(event), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetFileAttributes(name *uint16, attrs uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetFileAttributesW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(attrs), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetFileCompletionNotificationModes.Addr(), 2, uintptr(handle), uintptr(flags), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetFileInformationByHandle(handle Handle, class uint32, inBuffer *byte, inBufferLen uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procSetFileInformationByHandle.Addr(), 4, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferLen), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) {
+	r0, _, e1 := syscall.Syscall6(procSetFilePointer.Addr(), 4, uintptr(handle), uintptr(lowoffset), uintptr(unsafe.Pointer(highoffsetptr)), uintptr(whence), 0, 0)
+	newlowoffset = uint32(r0)
+	if newlowoffset == 0xffffffff {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procSetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetHandleInformation.Addr(), 3, uintptr(handle), uintptr(mask), uintptr(flags))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetInformationJobObject(job Handle, JobObjectInformationClass uint32, JobObjectInformation uintptr, JobObjectInformationLength uint32) (ret int, err error) {
+	r0, _, e1 := syscall.Syscall6(procSetInformationJobObject.Addr(), 4, uintptr(job), uintptr(JobObjectInformationClass), uintptr(JobObjectInformation), uintptr(JobObjectInformationLength), 0, 0)
+	ret = int(r0)
+	if ret == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procSetNamedPipeHandleState.Addr(), 4, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetPriorityClass(process Handle, priorityClass uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetPriorityClass.Addr(), 2, uintptr(process), uintptr(priorityClass), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetProcessPriorityBoost(process Handle, disable bool) (err error) {
+	var _p0 uint32
+	if disable {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall(procSetProcessPriorityBoost.Addr(), 2, uintptr(process), uintptr(_p0), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetProcessShutdownParameters(level uint32, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetProcessShutdownParameters.Addr(), 2, uintptr(level), uintptr(flags), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procSetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(dwMinimumWorkingSetSize), uintptr(dwMaximumWorkingSetSize), uintptr(flags), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetStdHandle(stdhandle uint32, handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetStdHandle.Addr(), 2, uintptr(stdhandle), uintptr(handle), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetVolumeLabel(rootPathName *uint16, volumeName *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetVolumeLabelW.Addr(), 2, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeName)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetVolumeMountPointW.Addr(), 2, uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SizeofResource(module Handle, resInfo Handle) (size uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procSizeofResource.Addr(), 2, uintptr(module), uintptr(resInfo), 0)
+	size = uint32(r0)
+	if size == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SleepEx(milliseconds uint32, alertable bool) (ret uint32) {
+	var _p0 uint32
+	if alertable {
+		_p0 = 1
+	}
+	r0, _, _ := syscall.Syscall(procSleepEx.Addr(), 2, uintptr(milliseconds), uintptr(_p0), 0)
+	ret = uint32(r0)
+	return
+}
+
+func TerminateJobObject(job Handle, exitCode uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procTerminateJobObject.Addr(), 2, uintptr(job), uintptr(exitCode), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func TerminateProcess(handle Handle, exitcode uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procTerminateProcess.Addr(), 2, uintptr(handle), uintptr(exitcode), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Thread32First(snapshot Handle, threadEntry *ThreadEntry32) (err error) {
+	r1, _, e1 := syscall.Syscall(procThread32First.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(threadEntry)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Thread32Next(snapshot Handle, threadEntry *ThreadEntry32) (err error) {
+	r1, _, e1 := syscall.Syscall(procThread32Next.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(threadEntry)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func UnlockFileEx(file Handle, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall6(procUnlockFileEx.Addr(), 5, uintptr(file), uintptr(reserved), uintptr(bytesLow), uintptr(bytesHigh), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func UnmapViewOfFile(addr uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procUnmapViewOfFile.Addr(), 1, uintptr(addr), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func updateProcThreadAttribute(attrlist *ProcThreadAttributeList, flags uint32, attr uintptr, value unsafe.Pointer, size uintptr, prevvalue unsafe.Pointer, returnedsize *uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall9(procUpdateProcThreadAttribute.Addr(), 7, uintptr(unsafe.Pointer(attrlist)), uintptr(flags), uintptr(attr), uintptr(value), uintptr(size), uintptr(prevvalue), uintptr(unsafe.Pointer(returnedsize)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VirtualAlloc(address uintptr, size uintptr, alloctype uint32, protect uint32) (value uintptr, err error) {
+	r0, _, e1 := syscall.Syscall6(procVirtualAlloc.Addr(), 4, uintptr(address), uintptr(size), uintptr(alloctype), uintptr(protect), 0, 0)
+	value = uintptr(r0)
+	if value == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VirtualFree(address uintptr, size uintptr, freetype uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procVirtualFree.Addr(), 3, uintptr(address), uintptr(size), uintptr(freetype))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VirtualLock(addr uintptr, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procVirtualLock.Addr(), 2, uintptr(addr), uintptr(length), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VirtualProtect(address uintptr, size uintptr, newprotect uint32, oldprotect *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procVirtualProtect.Addr(), 4, uintptr(address), uintptr(size), uintptr(newprotect), uintptr(unsafe.Pointer(oldprotect)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VirtualProtectEx(process Handle, address uintptr, size uintptr, newProtect uint32, oldProtect *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procVirtualProtectEx.Addr(), 5, uintptr(process), uintptr(address), uintptr(size), uintptr(newProtect), uintptr(unsafe.Pointer(oldProtect)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VirtualQuery(address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procVirtualQuery.Addr(), 3, uintptr(address), uintptr(unsafe.Pointer(buffer)), uintptr(length))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VirtualQueryEx(process Handle, address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall6(procVirtualQueryEx.Addr(), 4, uintptr(process), uintptr(address), uintptr(unsafe.Pointer(buffer)), uintptr(length), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VirtualUnlock(addr uintptr, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procVirtualUnlock.Addr(), 2, uintptr(addr), uintptr(length), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WTSGetActiveConsoleSessionId() (sessionID uint32) {
+	r0, _, _ := syscall.Syscall(procWTSGetActiveConsoleSessionId.Addr(), 0, 0, 0, 0)
+	sessionID = uint32(r0)
+	return
+}
+
+func waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMilliseconds uint32) (event uint32, err error) {
+	var _p0 uint32
+	if waitAll {
+		_p0 = 1
+	}
+	r0, _, e1 := syscall.Syscall6(procWaitForMultipleObjects.Addr(), 4, uintptr(count), uintptr(handles), uintptr(_p0), uintptr(waitMilliseconds), 0, 0)
+	event = uint32(r0)
+	if event == 0xffffffff {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procWaitForSingleObject.Addr(), 2, uintptr(handle), uintptr(waitMilliseconds), 0)
+	event = uint32(r0)
+	if event == 0xffffffff {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) {
+	r1, _, e1 := syscall.Syscall6(procWriteConsoleW.Addr(), 5, uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(towrite), uintptr(unsafe.Pointer(written)), uintptr(unsafe.Pointer(reserved)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r1, _, e1 := syscall.Syscall6(procWriteFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WriteProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesWritten *uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall6(procWriteProcessMemory.Addr(), 5, uintptr(process), uintptr(baseAddress), uintptr(unsafe.Pointer(buffer)), uintptr(size), uintptr(unsafe.Pointer(numberOfBytesWritten)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func AcceptEx(ls Handle, as Handle, buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, recvd *uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall9(procAcceptEx.Addr(), 8, uintptr(ls), uintptr(as), uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetAcceptExSockaddrs(buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, lrsa **RawSockaddrAny, lrsalen *int32, rrsa **RawSockaddrAny, rrsalen *int32) {
+	syscall.Syscall9(procGetAcceptExSockaddrs.Addr(), 8, uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(lrsa)), uintptr(unsafe.Pointer(lrsalen)), uintptr(unsafe.Pointer(rrsa)), uintptr(unsafe.Pointer(rrsalen)), 0)
+	return
+}
+
+func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procTransmitFile.Addr(), 7, uintptr(s), uintptr(handle), uintptr(bytesToWrite), uintptr(bytsPerSend), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(transmitFileBuf)), uintptr(flags), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func NetApiBufferFree(buf *byte) (neterr error) {
+	r0, _, _ := syscall.Syscall(procNetApiBufferFree.Addr(), 1, uintptr(unsafe.Pointer(buf)), 0, 0)
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
+func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) {
+	r0, _, _ := syscall.Syscall(procNetGetJoinInformation.Addr(), 3, uintptr(unsafe.Pointer(server)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(bufType)))
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
+func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) {
+	r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0)
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
+func NtCreateFile(handle *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, allocationSize *int64, attributes uint32, share uint32, disposition uint32, options uint32, eabuffer uintptr, ealength uint32) (ntstatus error) {
+	r0, _, _ := syscall.Syscall12(procNtCreateFile.Addr(), 11, uintptr(unsafe.Pointer(handle)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(attributes), uintptr(share), uintptr(disposition), uintptr(options), uintptr(eabuffer), uintptr(ealength), 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func NtCreateNamedPipeFile(pipe *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (ntstatus error) {
+	r0, _, _ := syscall.Syscall15(procNtCreateNamedPipeFile.Addr(), 14, uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)), 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func NtSetInformationFile(handle Handle, iosb *IO_STATUS_BLOCK, inBuffer *byte, inBufferLen uint32, class uint32) (ntstatus error) {
+	r0, _, _ := syscall.Syscall6(procNtSetInformationFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferLen), uintptr(class), 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func NtQueryInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32, retLen *uint32) (ntstatus error) {
+	r0, _, _ := syscall.Syscall6(procNtQueryInformationProcess.Addr(), 5, uintptr(proc), uintptr(procInfoClass), uintptr(procInfo), uintptr(procInfoLen), uintptr(unsafe.Pointer(retLen)), 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func NtQuerySystemInformation(sysInfoClass int32, sysInfo unsafe.Pointer, sysInfoLen uint32, retLen *uint32) (ntstatus error) {
+	r0, _, _ := syscall.Syscall6(procNtQuerySystemInformation.Addr(), 4, uintptr(sysInfoClass), uintptr(sysInfo), uintptr(sysInfoLen), uintptr(unsafe.Pointer(retLen)), 0, 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func NtSetInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32) (ntstatus error) {
+	r0, _, _ := syscall.Syscall6(procNtSetInformationProcess.Addr(), 4, uintptr(proc), uintptr(procInfoClass), uintptr(procInfo), uintptr(procInfoLen), 0, 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func NtSetSystemInformation(sysInfoClass int32, sysInfo unsafe.Pointer, sysInfoLen uint32) (ntstatus error) {
+	r0, _, _ := syscall.Syscall(procNtSetSystemInformation.Addr(), 3, uintptr(sysInfoClass), uintptr(sysInfo), uintptr(sysInfoLen))
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func RtlAddFunctionTable(functionTable *RUNTIME_FUNCTION, entryCount uint32, baseAddress uintptr) (ret bool) {
+	r0, _, _ := syscall.Syscall(procRtlAddFunctionTable.Addr(), 3, uintptr(unsafe.Pointer(functionTable)), uintptr(entryCount), uintptr(baseAddress))
+	ret = r0 != 0
+	return
+}
+
+func RtlDefaultNpAcl(acl **ACL) (ntstatus error) {
+	r0, _, _ := syscall.Syscall(procRtlDefaultNpAcl.Addr(), 1, uintptr(unsafe.Pointer(acl)), 0, 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func RtlDeleteFunctionTable(functionTable *RUNTIME_FUNCTION) (ret bool) {
+	r0, _, _ := syscall.Syscall(procRtlDeleteFunctionTable.Addr(), 1, uintptr(unsafe.Pointer(functionTable)), 0, 0)
+	ret = r0 != 0
+	return
+}
+
+func RtlDosPathNameToNtPathName(dosName *uint16, ntName *NTUnicodeString, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) {
+	r0, _, _ := syscall.Syscall6(procRtlDosPathNameToNtPathName_U_WithStatus.Addr(), 4, uintptr(unsafe.Pointer(dosName)), uintptr(unsafe.Pointer(ntName)), uintptr(unsafe.Pointer(ntFileNamePart)), uintptr(unsafe.Pointer(relativeName)), 0, 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func RtlDosPathNameToRelativeNtPathName(dosName *uint16, ntName *NTUnicodeString, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) {
+	r0, _, _ := syscall.Syscall6(procRtlDosPathNameToRelativeNtPathName_U_WithStatus.Addr(), 4, uintptr(unsafe.Pointer(dosName)), uintptr(unsafe.Pointer(ntName)), uintptr(unsafe.Pointer(ntFileNamePart)), uintptr(unsafe.Pointer(relativeName)), 0, 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func RtlGetCurrentPeb() (peb *PEB) {
+	r0, _, _ := syscall.Syscall(procRtlGetCurrentPeb.Addr(), 0, 0, 0, 0)
+	peb = (*PEB)(unsafe.Pointer(r0))
+	return
+}
+
+func rtlGetNtVersionNumbers(majorVersion *uint32, minorVersion *uint32, buildNumber *uint32) {
+	syscall.Syscall(procRtlGetNtVersionNumbers.Addr(), 3, uintptr(unsafe.Pointer(majorVersion)), uintptr(unsafe.Pointer(minorVersion)), uintptr(unsafe.Pointer(buildNumber)))
+	return
+}
+
+func rtlGetVersion(info *OsVersionInfoEx) (ntstatus error) {
+	r0, _, _ := syscall.Syscall(procRtlGetVersion.Addr(), 1, uintptr(unsafe.Pointer(info)), 0, 0)
+	if r0 != 0 {
+		ntstatus = NTStatus(r0)
+	}
+	return
+}
+
+func RtlInitString(destinationString *NTString, sourceString *byte) {
+	syscall.Syscall(procRtlInitString.Addr(), 2, uintptr(unsafe.Pointer(destinationString)), uintptr(unsafe.Pointer(sourceString)), 0)
+	return
+}
+
+func RtlInitUnicodeString(destinationString *NTUnicodeString, sourceString *uint16) {
+	syscall.Syscall(procRtlInitUnicodeString.Addr(), 2, uintptr(unsafe.Pointer(destinationString)), uintptr(unsafe.Pointer(sourceString)), 0)
+	return
+}
+
+func rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) {
+	r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(ntstatus), 0, 0)
+	ret = syscall.Errno(r0)
+	return
+}
+
+func clsidFromString(lpsz *uint16, pclsid *GUID) (ret error) {
+	r0, _, _ := syscall.Syscall(procCLSIDFromString.Addr(), 2, uintptr(unsafe.Pointer(lpsz)), uintptr(unsafe.Pointer(pclsid)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func coCreateGuid(pguid *GUID) (ret error) {
+	r0, _, _ := syscall.Syscall(procCoCreateGuid.Addr(), 1, uintptr(unsafe.Pointer(pguid)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func CoGetObject(name *uint16, bindOpts *BIND_OPTS3, guid *GUID, functionTable **uintptr) (ret error) {
+	r0, _, _ := syscall.Syscall6(procCoGetObject.Addr(), 4, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(bindOpts)), uintptr(unsafe.Pointer(guid)), uintptr(unsafe.Pointer(functionTable)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func CoInitializeEx(reserved uintptr, coInit uint32) (ret error) {
+	r0, _, _ := syscall.Syscall(procCoInitializeEx.Addr(), 2, uintptr(reserved), uintptr(coInit), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func CoTaskMemFree(address unsafe.Pointer) {
+	syscall.Syscall(procCoTaskMemFree.Addr(), 1, uintptr(address), 0, 0)
+	return
+}
+
+func CoUninitialize() {
+	syscall.Syscall(procCoUninitialize.Addr(), 0, 0, 0, 0)
+	return
+}
+
+func stringFromGUID2(rguid *GUID, lpsz *uint16, cchMax int32) (chars int32) {
+	r0, _, _ := syscall.Syscall(procStringFromGUID2.Addr(), 3, uintptr(unsafe.Pointer(rguid)), uintptr(unsafe.Pointer(lpsz)), uintptr(cchMax))
+	chars = int32(r0)
+	return
+}
+
+func EnumProcessModules(process Handle, module *Handle, cb uint32, cbNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procEnumProcessModules.Addr(), 4, uintptr(process), uintptr(unsafe.Pointer(module)), uintptr(cb), uintptr(unsafe.Pointer(cbNeeded)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func EnumProcessModulesEx(process Handle, module *Handle, cb uint32, cbNeeded *uint32, filterFlag uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procEnumProcessModulesEx.Addr(), 5, uintptr(process), uintptr(unsafe.Pointer(module)), uintptr(cb), uintptr(unsafe.Pointer(cbNeeded)), uintptr(filterFlag), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) {
+	var _p0 *uint32
+	if len(processIds) > 0 {
+		_p0 = &processIds[0]
+	}
+	r1, _, e1 := syscall.Syscall(procEnumProcesses.Addr(), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(processIds)), uintptr(unsafe.Pointer(bytesReturned)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetModuleBaseName(process Handle, module Handle, baseName *uint16, size uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetModuleBaseNameW.Addr(), 4, uintptr(process), uintptr(module), uintptr(unsafe.Pointer(baseName)), uintptr(size), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetModuleFileNameEx(process Handle, module Handle, filename *uint16, size uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetModuleFileNameExW.Addr(), 4, uintptr(process), uintptr(module), uintptr(unsafe.Pointer(filename)), uintptr(size), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetModuleInformation.Addr(), 4, uintptr(process), uintptr(module), uintptr(unsafe.Pointer(modinfo)), uintptr(cb), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SubscribeServiceChangeNotifications(service Handle, eventType uint32, callback uintptr, callbackCtx uintptr, subscription *uintptr) (ret error) {
+	ret = procSubscribeServiceChangeNotifications.Find()
+	if ret != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procSubscribeServiceChangeNotifications.Addr(), 5, uintptr(service), uintptr(eventType), uintptr(callback), uintptr(callbackCtx), uintptr(unsafe.Pointer(subscription)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func UnsubscribeServiceChangeNotifications(subscription uintptr) (err error) {
+	err = procUnsubscribeServiceChangeNotifications.Find()
+	if err != nil {
+		return
+	}
+	syscall.Syscall(procUnsubscribeServiceChangeNotifications.Addr(), 1, uintptr(subscription), 0, 0)
+	return
+}
+
+func GetUserNameEx(nameFormat uint32, nameBuffre *uint16, nSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetUserNameExW.Addr(), 3, uintptr(nameFormat), uintptr(unsafe.Pointer(nameBuffre)), uintptr(unsafe.Pointer(nSize)))
+	if r1&0xff == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func TranslateName(accName *uint16, accNameFormat uint32, desiredNameFormat uint32, translatedName *uint16, nSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procTranslateNameW.Addr(), 5, uintptr(unsafe.Pointer(accName)), uintptr(accNameFormat), uintptr(desiredNameFormat), uintptr(unsafe.Pointer(translatedName)), uintptr(unsafe.Pointer(nSize)), 0)
+	if r1&0xff == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) {
+	r0, _, e1 := syscall.Syscall(procCommandLineToArgvW.Addr(), 2, uintptr(unsafe.Pointer(cmd)), uintptr(unsafe.Pointer(argc)), 0)
+	argv = (*[8192]*[8192]uint16)(unsafe.Pointer(r0))
+	if argv == nil {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func shGetKnownFolderPath(id *KNOWNFOLDERID, flags uint32, token Token, path **uint16) (ret error) {
+	r0, _, _ := syscall.Syscall6(procSHGetKnownFolderPath.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(flags), uintptr(token), uintptr(unsafe.Pointer(path)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procShellExecuteW.Addr(), 6, uintptr(hwnd), uintptr(unsafe.Pointer(verb)), uintptr(unsafe.Pointer(file)), uintptr(unsafe.Pointer(args)), uintptr(unsafe.Pointer(cwd)), uintptr(showCmd))
+	if r1 <= 32 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ExitWindowsEx(flags uint32, reason uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procExitWindowsEx.Addr(), 2, uintptr(flags), uintptr(reason), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetShellWindow() (shellWindow HWND) {
+	r0, _, _ := syscall.Syscall(procGetShellWindow.Addr(), 0, 0, 0, 0)
+	shellWindow = HWND(r0)
+	return
+}
+
+func GetWindowThreadProcessId(hwnd HWND, pid *uint32) (tid uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetWindowThreadProcessId.Addr(), 2, uintptr(hwnd), uintptr(unsafe.Pointer(pid)), 0)
+	tid = uint32(r0)
+	if tid == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func MessageBox(hwnd HWND, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) {
+	r0, _, e1 := syscall.Syscall6(procMessageBoxW.Addr(), 4, uintptr(hwnd), uintptr(unsafe.Pointer(text)), uintptr(unsafe.Pointer(caption)), uintptr(boxtype), 0, 0)
+	ret = int32(r0)
+	if ret == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) {
+	var _p0 uint32
+	if inheritExisting {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall(procCreateEnvironmentBlock.Addr(), 3, uintptr(unsafe.Pointer(block)), uintptr(token), uintptr(_p0))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func DestroyEnvironmentBlock(block *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procDestroyEnvironmentBlock.Addr(), 1, uintptr(unsafe.Pointer(block)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetUserProfileDirectory(t Token, dir *uint16, dirLen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetUserProfileDirectoryW.Addr(), 3, uintptr(t), uintptr(unsafe.Pointer(dir)), uintptr(unsafe.Pointer(dirLen)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetFileVersionInfoSize(filename string, zeroHandle *Handle) (bufSize uint32, err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(filename)
+	if err != nil {
+		return
+	}
+	return _GetFileVersionInfoSize(_p0, zeroHandle)
+}
+
+func _GetFileVersionInfoSize(filename *uint16, zeroHandle *Handle) (bufSize uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetFileVersionInfoSizeW.Addr(), 2, uintptr(unsafe.Pointer(filename)), uintptr(unsafe.Pointer(zeroHandle)), 0)
+	bufSize = uint32(r0)
+	if bufSize == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetFileVersionInfo(filename string, handle uint32, bufSize uint32, buffer unsafe.Pointer) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(filename)
+	if err != nil {
+		return
+	}
+	return _GetFileVersionInfo(_p0, handle, bufSize, buffer)
+}
+
+func _GetFileVersionInfo(filename *uint16, handle uint32, bufSize uint32, buffer unsafe.Pointer) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetFileVersionInfoW.Addr(), 4, uintptr(unsafe.Pointer(filename)), uintptr(handle), uintptr(bufSize), uintptr(buffer), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func VerQueryValue(block unsafe.Pointer, subBlock string, pointerToBufferPointer unsafe.Pointer, bufSize *uint32) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(subBlock)
+	if err != nil {
+		return
+	}
+	return _VerQueryValue(block, _p0, pointerToBufferPointer, bufSize)
+}
+
+func _VerQueryValue(block unsafe.Pointer, subBlock *uint16, pointerToBufferPointer unsafe.Pointer, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procVerQueryValueW.Addr(), 4, uintptr(block), uintptr(unsafe.Pointer(subBlock)), uintptr(pointerToBufferPointer), uintptr(unsafe.Pointer(bufSize)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) {
+	r0, _, _ := syscall.Syscall(procWinVerifyTrustEx.Addr(), 3, uintptr(hwnd), uintptr(unsafe.Pointer(actionId)), uintptr(unsafe.Pointer(data)))
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func FreeAddrInfoW(addrinfo *AddrinfoW) {
+	syscall.Syscall(procFreeAddrInfoW.Addr(), 1, uintptr(unsafe.Pointer(addrinfo)), 0, 0)
+	return
+}
+
+func GetAddrInfoW(nodename *uint16, servicename *uint16, hints *AddrinfoW, result **AddrinfoW) (sockerr error) {
+	r0, _, _ := syscall.Syscall6(procGetAddrInfoW.Addr(), 4, uintptr(unsafe.Pointer(nodename)), uintptr(unsafe.Pointer(servicename)), uintptr(unsafe.Pointer(hints)), uintptr(unsafe.Pointer(result)), 0, 0)
+	if r0 != 0 {
+		sockerr = syscall.Errno(r0)
+	}
+	return
+}
+
+func WSACleanup() (err error) {
+	r1, _, e1 := syscall.Syscall(procWSACleanup.Addr(), 0, 0, 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) {
+	r0, _, e1 := syscall.Syscall(procWSAEnumProtocolsW.Addr(), 3, uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength)))
+	n = int32(r0)
+	if n == -1 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSAGetOverlappedResult(h Handle, o *Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) {
+	var _p0 uint32
+	if wait {
+		_p0 = 1
+	}
+	r1, _, e1 := syscall.Syscall6(procWSAGetOverlappedResult.Addr(), 5, uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSAIoctl.Addr(), 9, uintptr(s), uintptr(iocc), uintptr(unsafe.Pointer(inbuf)), uintptr(cbif), uintptr(unsafe.Pointer(outbuf)), uintptr(cbob), uintptr(unsafe.Pointer(cbbr)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSARecvFrom.Addr(), 9, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSASend(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, overlapped *Overlapped, croutine *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSASend.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32, overlapped *Overlapped, croutine *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSASendTo.Addr(), 9, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(to)), uintptr(tolen), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSASocket(af int32, typ int32, protocol int32, protoInfo *WSAProtocolInfo, group uint32, flags uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procWSASocketW.Addr(), 6, uintptr(af), uintptr(typ), uintptr(protocol), uintptr(unsafe.Pointer(protoInfo)), uintptr(group), uintptr(flags))
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSAStartup(verreq uint32, data *WSAData) (sockerr error) {
+	r0, _, _ := syscall.Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0)
+	if r0 != 0 {
+		sockerr = syscall.Errno(r0)
+	}
+	return
+}
+
+func bind(s Handle, name unsafe.Pointer, namelen int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Closesocket(s Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procclosesocket.Addr(), 1, uintptr(s), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func connect(s Handle, name unsafe.Pointer, namelen int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procconnect.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetHostByName(name string) (h *Hostent, err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	return _GetHostByName(_p0)
+}
+
+func _GetHostByName(name *byte) (h *Hostent, err error) {
+	r0, _, e1 := syscall.Syscall(procgethostbyname.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
+	h = (*Hostent)(unsafe.Pointer(r0))
+	if h == nil {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func getpeername(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procgetpeername.Addr(), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetProtoByName(name string) (p *Protoent, err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	return _GetProtoByName(_p0)
+}
+
+func _GetProtoByName(name *byte) (p *Protoent, err error) {
+	r0, _, e1 := syscall.Syscall(procgetprotobyname.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
+	p = (*Protoent)(unsafe.Pointer(r0))
+	if p == nil {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetServByName(name string, proto string) (s *Servent, err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = syscall.BytePtrFromString(proto)
+	if err != nil {
+		return
+	}
+	return _GetServByName(_p0, _p1)
+}
+
+func _GetServByName(name *byte, proto *byte) (s *Servent, err error) {
+	r0, _, e1 := syscall.Syscall(procgetservbyname.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(proto)), 0)
+	s = (*Servent)(unsafe.Pointer(r0))
+	if s == nil {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func getsockname(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procgetsockname.Addr(), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Getsockopt(s Handle, level int32, optname int32, optval *byte, optlen *int32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procgetsockopt.Addr(), 5, uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(unsafe.Pointer(optlen)), 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func listen(s Handle, backlog int32) (err error) {
+	r1, _, e1 := syscall.Syscall(proclisten.Addr(), 2, uintptr(s), uintptr(backlog), 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Ntohs(netshort uint16) (u uint16) {
+	r0, _, _ := syscall.Syscall(procntohs.Addr(), 1, uintptr(netshort), 0, 0)
+	u = uint16(r0)
+	return
+}
+
+func recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, _, e1 := syscall.Syscall6(procrecvfrom.Addr(), 6, uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int32(r0)
+	if n == -1 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r1, _, e1 := syscall.Syscall6(procsendto.Addr(), 6, uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(tolen))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func Setsockopt(s Handle, level int32, optname int32, optval *byte, optlen int32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procsetsockopt.Addr(), 5, uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(optlen), 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func shutdown(s Handle, how int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procshutdown.Addr(), 2, uintptr(s), uintptr(how), 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func socket(af int32, typ int32, protocol int32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procsocket.Addr(), 3, uintptr(af), uintptr(typ), uintptr(protocol))
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WTSEnumerateSessions(handle Handle, reserved uint32, version uint32, sessions **WTS_SESSION_INFO, count *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procWTSEnumerateSessionsW.Addr(), 5, uintptr(handle), uintptr(reserved), uintptr(version), uintptr(unsafe.Pointer(sessions)), uintptr(unsafe.Pointer(count)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WTSFreeMemory(ptr uintptr) {
+	syscall.Syscall(procWTSFreeMemory.Addr(), 1, uintptr(ptr), 0, 0)
+	return
+}
+
+func WTSQueryUserToken(session uint32, token *Token) (err error) {
+	r1, _, e1 := syscall.Syscall(procWTSQueryUserToken.Addr(), 2, uintptr(session), uintptr(unsafe.Pointer(token)), 0)
 	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
+		err = errnoErr(e1)
 	}
 	return
 }
diff --git a/vendor/golang.org/x/text/README.md b/vendor/golang.org/x/text/README.md
index b3f365eed48bf..61d5ee4d1d7c6 100644
--- a/vendor/golang.org/x/text/README.md
+++ b/vendor/golang.org/x/text/README.md
@@ -66,7 +66,7 @@ To update a Unicode version run
 
     UNICODE_VERSION=x.x.x go generate
 
-where `x.x.x` must correspond to a directory in http://www.unicode.org/Public/.
+where `x.x.x` must correspond to a directory in https://www.unicode.org/Public/.
 If this version is newer than the version in core it will also update the
 relevant packages there. The idna package in x/net will always be updated.
 
@@ -75,7 +75,7 @@ To update a CLDR version run
     CLDR_VERSION=version go generate
 
 where `version` must correspond to a directory in
-http://www.unicode.org/Public/cldr/.
+https://www.unicode.org/Public/cldr/.
 
 Note that the code gets adapted over time to changes in the data and that
 backwards compatibility is not maintained.
@@ -89,5 +89,5 @@ This repository uses Gerrit for code changes. To learn how to submit changes to
 this repository, see https://golang.org/doc/contribute.html.
 
 The main issue tracker for the image repository is located at
-https://github.com/golang/go/issues. Prefix your issue with "x/image:" in the
+https://github.com/golang/go/issues. Prefix your issue with "x/text:" in the
 subject line, so it is easy to find.
diff --git a/vendor/golang.org/x/text/go.mod b/vendor/golang.org/x/text/go.mod
new file mode 100644
index 0000000000000..8ff7ecb6fdefb
--- /dev/null
+++ b/vendor/golang.org/x/text/go.mod
@@ -0,0 +1,5 @@
+module golang.org/x/text
+
+require golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e
+
+go 1.11
diff --git a/vendor/golang.org/x/text/transform/transform.go b/vendor/golang.org/x/text/transform/transform.go
index fe47b9b35f054..48ec64b40ca6a 100644
--- a/vendor/golang.org/x/text/transform/transform.go
+++ b/vendor/golang.org/x/text/transform/transform.go
@@ -78,8 +78,8 @@ type SpanningTransformer interface {
 	// considering the error err.
 	//
 	// A nil error means that all input bytes are known to be identical to the
-	// output produced by the Transformer. A nil error can be be returned
-	// regardless of whether atEOF is true. If err is nil, then then n must
+	// output produced by the Transformer. A nil error can be returned
+	// regardless of whether atEOF is true. If err is nil, then n must
 	// equal len(src); the converse is not necessarily true.
 	//
 	// ErrEndOfSpan means that the Transformer output may differ from the
@@ -493,7 +493,7 @@ func (c *chain) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err erro
 	return dstL.n, srcL.p, err
 }
 
-// Deprecated: use runes.Remove instead.
+// Deprecated: Use runes.Remove instead.
 func RemoveFunc(f func(r rune) bool) Transformer {
 	return removeF(f)
 }
@@ -648,7 +648,8 @@ func String(t Transformer, s string) (result string, n int, err error) {
 	// Transform the remaining input, growing dst and src buffers as necessary.
 	for {
 		n := copy(src, s[pSrc:])
-		nDst, nSrc, err := t.Transform(dst[pDst:], src[:n], pSrc+n == len(s))
+		atEOF := pSrc+n == len(s)
+		nDst, nSrc, err := t.Transform(dst[pDst:], src[:n], atEOF)
 		pDst += nDst
 		pSrc += nSrc
 
@@ -659,6 +660,9 @@ func String(t Transformer, s string) (result string, n int, err error) {
 				dst = grow(dst, pDst)
 			}
 		} else if err == ErrShortSrc {
+			if atEOF {
+				return string(dst[:pDst]), pSrc, err
+			}
 			if nSrc == 0 {
 				src = grow(src, 0)
 			}
diff --git a/vendor/golang.org/x/text/unicode/bidi/bidi.go b/vendor/golang.org/x/text/unicode/bidi/bidi.go
index 3fc4a62521a4d..e8edc54cc28d2 100644
--- a/vendor/golang.org/x/text/unicode/bidi/bidi.go
+++ b/vendor/golang.org/x/text/unicode/bidi/bidi.go
@@ -6,7 +6,7 @@
 
 // Package bidi contains functionality for bidirectional text support.
 //
-// See http://www.unicode.org/reports/tr9.
+// See https://www.unicode.org/reports/tr9.
 //
 // NOTE: UNDER CONSTRUCTION. This API may change in backwards incompatible ways
 // and without notice.
diff --git a/vendor/golang.org/x/text/unicode/bidi/bracket.go b/vendor/golang.org/x/text/unicode/bidi/bracket.go
index 601e259203ebb..18539397914bf 100644
--- a/vendor/golang.org/x/text/unicode/bidi/bracket.go
+++ b/vendor/golang.org/x/text/unicode/bidi/bracket.go
@@ -12,7 +12,7 @@ import (
 
 // This file contains a port of the reference implementation of the
 // Bidi Parentheses Algorithm:
-// http://www.unicode.org/Public/PROGRAMS/BidiReferenceJava/BidiPBAReference.java
+// https://www.unicode.org/Public/PROGRAMS/BidiReferenceJava/BidiPBAReference.java
 //
 // The implementation in this file covers definitions BD14-BD16 and rule N0
 // of UAX#9.
@@ -246,7 +246,7 @@ func (p *bracketPairer) getStrongTypeN0(index int) Class {
 // assuming the given embedding direction.
 //
 // It returns ON if no strong type is found. If a single strong type is found,
-// it returns this this type. Otherwise it returns the embedding direction.
+// it returns this type. Otherwise it returns the embedding direction.
 //
 // TODO: use separate type for "strong" directionality.
 func (p *bracketPairer) classifyPairContent(loc bracketPair, dirEmbed Class) Class {
diff --git a/vendor/golang.org/x/text/unicode/bidi/core.go b/vendor/golang.org/x/text/unicode/bidi/core.go
index d4c1399f0da01..50deb6600a3c0 100644
--- a/vendor/golang.org/x/text/unicode/bidi/core.go
+++ b/vendor/golang.org/x/text/unicode/bidi/core.go
@@ -7,7 +7,7 @@ package bidi
 import "log"
 
 // This implementation is a port based on the reference implementation found at:
-// http://www.unicode.org/Public/PROGRAMS/BidiReferenceJava/
+// https://www.unicode.org/Public/PROGRAMS/BidiReferenceJava/
 //
 // described in Unicode Bidirectional Algorithm (UAX #9).
 //
@@ -480,15 +480,15 @@ func (s *isolatingRunSequence) resolveWeakTypes() {
 
 	// Rule W1.
 	// Changes all NSMs.
-	preceedingCharacterType := s.sos
+	precedingCharacterType := s.sos
 	for i, t := range s.types {
 		if t == NSM {
-			s.types[i] = preceedingCharacterType
+			s.types[i] = precedingCharacterType
 		} else {
 			if t.in(LRI, RLI, FSI, PDI) {
-				preceedingCharacterType = ON
+				precedingCharacterType = ON
 			}
-			preceedingCharacterType = t
+			precedingCharacterType = t
 		}
 	}
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
index 2e1ff19599dca..d8c94e1bd1a65 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
@@ -1,6 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
-// +build go1.10
+// +build go1.10,!go1.13
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
new file mode 100644
index 0000000000000..16b11db538838
--- /dev/null
+++ b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
@@ -0,0 +1,1887 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+// +build go1.13,!go1.14
+
+package bidi
+
+// UnicodeVersion is the Unicode version from which the tables in this package are derived.
+const UnicodeVersion = "11.0.0"
+
+// xorMasks contains masks to be xor-ed with brackets to get the reverse
+// version.
+var xorMasks = []int32{ // 8 elements
+	0, 1, 6, 7, 3, 15, 29, 63,
+} // Size: 56 bytes
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *bidiTrie) lookup(s []byte) (v uint8, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return bidiValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = bidiIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = bidiIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = bidiIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *bidiTrie) lookupUnsafe(s []byte) uint8 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return bidiValues[c0]
+	}
+	i := bidiIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = bidiIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = bidiIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *bidiTrie) lookupString(s string) (v uint8, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return bidiValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = bidiIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = bidiIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = bidiIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *bidiTrie) lookupStringUnsafe(s string) uint8 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return bidiValues[c0]
+	}
+	i := bidiIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = bidiIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = bidiIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// bidiTrie. Total size: 16512 bytes (16.12 KiB). Checksum: 2a9cf1317f2ffaa.
+type bidiTrie struct{}
+
+func newBidiTrie(i int) *bidiTrie {
+	return &bidiTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *bidiTrie) lookupValue(n uint32, b byte) uint8 {
+	switch {
+	default:
+		return uint8(bidiValues[n<<6+uint32(b)])
+	}
+}
+
+// bidiValues: 234 blocks, 14976 entries, 14976 bytes
+// The third block is the zero block.
+var bidiValues = [14976]uint8{
+	// Block 0x0, offset 0x0
+	0x00: 0x000b, 0x01: 0x000b, 0x02: 0x000b, 0x03: 0x000b, 0x04: 0x000b, 0x05: 0x000b,
+	0x06: 0x000b, 0x07: 0x000b, 0x08: 0x000b, 0x09: 0x0008, 0x0a: 0x0007, 0x0b: 0x0008,
+	0x0c: 0x0009, 0x0d: 0x0007, 0x0e: 0x000b, 0x0f: 0x000b, 0x10: 0x000b, 0x11: 0x000b,
+	0x12: 0x000b, 0x13: 0x000b, 0x14: 0x000b, 0x15: 0x000b, 0x16: 0x000b, 0x17: 0x000b,
+	0x18: 0x000b, 0x19: 0x000b, 0x1a: 0x000b, 0x1b: 0x000b, 0x1c: 0x0007, 0x1d: 0x0007,
+	0x1e: 0x0007, 0x1f: 0x0008, 0x20: 0x0009, 0x21: 0x000a, 0x22: 0x000a, 0x23: 0x0004,
+	0x24: 0x0004, 0x25: 0x0004, 0x26: 0x000a, 0x27: 0x000a, 0x28: 0x003a, 0x29: 0x002a,
+	0x2a: 0x000a, 0x2b: 0x0003, 0x2c: 0x0006, 0x2d: 0x0003, 0x2e: 0x0006, 0x2f: 0x0006,
+	0x30: 0x0002, 0x31: 0x0002, 0x32: 0x0002, 0x33: 0x0002, 0x34: 0x0002, 0x35: 0x0002,
+	0x36: 0x0002, 0x37: 0x0002, 0x38: 0x0002, 0x39: 0x0002, 0x3a: 0x0006, 0x3b: 0x000a,
+	0x3c: 0x000a, 0x3d: 0x000a, 0x3e: 0x000a, 0x3f: 0x000a,
+	// Block 0x1, offset 0x40
+	0x40: 0x000a,
+	0x5b: 0x005a, 0x5c: 0x000a, 0x5d: 0x004a,
+	0x5e: 0x000a, 0x5f: 0x000a, 0x60: 0x000a,
+	0x7b: 0x005a,
+	0x7c: 0x000a, 0x7d: 0x004a, 0x7e: 0x000a, 0x7f: 0x000b,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x000b, 0xc1: 0x000b, 0xc2: 0x000b, 0xc3: 0x000b, 0xc4: 0x000b, 0xc5: 0x0007,
+	0xc6: 0x000b, 0xc7: 0x000b, 0xc8: 0x000b, 0xc9: 0x000b, 0xca: 0x000b, 0xcb: 0x000b,
+	0xcc: 0x000b, 0xcd: 0x000b, 0xce: 0x000b, 0xcf: 0x000b, 0xd0: 0x000b, 0xd1: 0x000b,
+	0xd2: 0x000b, 0xd3: 0x000b, 0xd4: 0x000b, 0xd5: 0x000b, 0xd6: 0x000b, 0xd7: 0x000b,
+	0xd8: 0x000b, 0xd9: 0x000b, 0xda: 0x000b, 0xdb: 0x000b, 0xdc: 0x000b, 0xdd: 0x000b,
+	0xde: 0x000b, 0xdf: 0x000b, 0xe0: 0x0006, 0xe1: 0x000a, 0xe2: 0x0004, 0xe3: 0x0004,
+	0xe4: 0x0004, 0xe5: 0x0004, 0xe6: 0x000a, 0xe7: 0x000a, 0xe8: 0x000a, 0xe9: 0x000a,
+	0xeb: 0x000a, 0xec: 0x000a, 0xed: 0x000b, 0xee: 0x000a, 0xef: 0x000a,
+	0xf0: 0x0004, 0xf1: 0x0004, 0xf2: 0x0002, 0xf3: 0x0002, 0xf4: 0x000a,
+	0xf6: 0x000a, 0xf7: 0x000a, 0xf8: 0x000a, 0xf9: 0x0002, 0xfb: 0x000a,
+	0xfc: 0x000a, 0xfd: 0x000a, 0xfe: 0x000a, 0xff: 0x000a,
+	// Block 0x4, offset 0x100
+	0x117: 0x000a,
+	0x137: 0x000a,
+	// Block 0x5, offset 0x140
+	0x179: 0x000a, 0x17a: 0x000a,
+	// Block 0x6, offset 0x180
+	0x182: 0x000a, 0x183: 0x000a, 0x184: 0x000a, 0x185: 0x000a,
+	0x186: 0x000a, 0x187: 0x000a, 0x188: 0x000a, 0x189: 0x000a, 0x18a: 0x000a, 0x18b: 0x000a,
+	0x18c: 0x000a, 0x18d: 0x000a, 0x18e: 0x000a, 0x18f: 0x000a,
+	0x192: 0x000a, 0x193: 0x000a, 0x194: 0x000a, 0x195: 0x000a, 0x196: 0x000a, 0x197: 0x000a,
+	0x198: 0x000a, 0x199: 0x000a, 0x19a: 0x000a, 0x19b: 0x000a, 0x19c: 0x000a, 0x19d: 0x000a,
+	0x19e: 0x000a, 0x19f: 0x000a,
+	0x1a5: 0x000a, 0x1a6: 0x000a, 0x1a7: 0x000a, 0x1a8: 0x000a, 0x1a9: 0x000a,
+	0x1aa: 0x000a, 0x1ab: 0x000a, 0x1ac: 0x000a, 0x1ad: 0x000a, 0x1af: 0x000a,
+	0x1b0: 0x000a, 0x1b1: 0x000a, 0x1b2: 0x000a, 0x1b3: 0x000a, 0x1b4: 0x000a, 0x1b5: 0x000a,
+	0x1b6: 0x000a, 0x1b7: 0x000a, 0x1b8: 0x000a, 0x1b9: 0x000a, 0x1ba: 0x000a, 0x1bb: 0x000a,
+	0x1bc: 0x000a, 0x1bd: 0x000a, 0x1be: 0x000a, 0x1bf: 0x000a,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x000c, 0x1c1: 0x000c, 0x1c2: 0x000c, 0x1c3: 0x000c, 0x1c4: 0x000c, 0x1c5: 0x000c,
+	0x1c6: 0x000c, 0x1c7: 0x000c, 0x1c8: 0x000c, 0x1c9: 0x000c, 0x1ca: 0x000c, 0x1cb: 0x000c,
+	0x1cc: 0x000c, 0x1cd: 0x000c, 0x1ce: 0x000c, 0x1cf: 0x000c, 0x1d0: 0x000c, 0x1d1: 0x000c,
+	0x1d2: 0x000c, 0x1d3: 0x000c, 0x1d4: 0x000c, 0x1d5: 0x000c, 0x1d6: 0x000c, 0x1d7: 0x000c,
+	0x1d8: 0x000c, 0x1d9: 0x000c, 0x1da: 0x000c, 0x1db: 0x000c, 0x1dc: 0x000c, 0x1dd: 0x000c,
+	0x1de: 0x000c, 0x1df: 0x000c, 0x1e0: 0x000c, 0x1e1: 0x000c, 0x1e2: 0x000c, 0x1e3: 0x000c,
+	0x1e4: 0x000c, 0x1e5: 0x000c, 0x1e6: 0x000c, 0x1e7: 0x000c, 0x1e8: 0x000c, 0x1e9: 0x000c,
+	0x1ea: 0x000c, 0x1eb: 0x000c, 0x1ec: 0x000c, 0x1ed: 0x000c, 0x1ee: 0x000c, 0x1ef: 0x000c,
+	0x1f0: 0x000c, 0x1f1: 0x000c, 0x1f2: 0x000c, 0x1f3: 0x000c, 0x1f4: 0x000c, 0x1f5: 0x000c,
+	0x1f6: 0x000c, 0x1f7: 0x000c, 0x1f8: 0x000c, 0x1f9: 0x000c, 0x1fa: 0x000c, 0x1fb: 0x000c,
+	0x1fc: 0x000c, 0x1fd: 0x000c, 0x1fe: 0x000c, 0x1ff: 0x000c,
+	// Block 0x8, offset 0x200
+	0x200: 0x000c, 0x201: 0x000c, 0x202: 0x000c, 0x203: 0x000c, 0x204: 0x000c, 0x205: 0x000c,
+	0x206: 0x000c, 0x207: 0x000c, 0x208: 0x000c, 0x209: 0x000c, 0x20a: 0x000c, 0x20b: 0x000c,
+	0x20c: 0x000c, 0x20d: 0x000c, 0x20e: 0x000c, 0x20f: 0x000c, 0x210: 0x000c, 0x211: 0x000c,
+	0x212: 0x000c, 0x213: 0x000c, 0x214: 0x000c, 0x215: 0x000c, 0x216: 0x000c, 0x217: 0x000c,
+	0x218: 0x000c, 0x219: 0x000c, 0x21a: 0x000c, 0x21b: 0x000c, 0x21c: 0x000c, 0x21d: 0x000c,
+	0x21e: 0x000c, 0x21f: 0x000c, 0x220: 0x000c, 0x221: 0x000c, 0x222: 0x000c, 0x223: 0x000c,
+	0x224: 0x000c, 0x225: 0x000c, 0x226: 0x000c, 0x227: 0x000c, 0x228: 0x000c, 0x229: 0x000c,
+	0x22a: 0x000c, 0x22b: 0x000c, 0x22c: 0x000c, 0x22d: 0x000c, 0x22e: 0x000c, 0x22f: 0x000c,
+	0x234: 0x000a, 0x235: 0x000a,
+	0x23e: 0x000a,
+	// Block 0x9, offset 0x240
+	0x244: 0x000a, 0x245: 0x000a,
+	0x247: 0x000a,
+	// Block 0xa, offset 0x280
+	0x2b6: 0x000a,
+	// Block 0xb, offset 0x2c0
+	0x2c3: 0x000c, 0x2c4: 0x000c, 0x2c5: 0x000c,
+	0x2c6: 0x000c, 0x2c7: 0x000c, 0x2c8: 0x000c, 0x2c9: 0x000c,
+	// Block 0xc, offset 0x300
+	0x30a: 0x000a,
+	0x30d: 0x000a, 0x30e: 0x000a, 0x30f: 0x0004, 0x310: 0x0001, 0x311: 0x000c,
+	0x312: 0x000c, 0x313: 0x000c, 0x314: 0x000c, 0x315: 0x000c, 0x316: 0x000c, 0x317: 0x000c,
+	0x318: 0x000c, 0x319: 0x000c, 0x31a: 0x000c, 0x31b: 0x000c, 0x31c: 0x000c, 0x31d: 0x000c,
+	0x31e: 0x000c, 0x31f: 0x000c, 0x320: 0x000c, 0x321: 0x000c, 0x322: 0x000c, 0x323: 0x000c,
+	0x324: 0x000c, 0x325: 0x000c, 0x326: 0x000c, 0x327: 0x000c, 0x328: 0x000c, 0x329: 0x000c,
+	0x32a: 0x000c, 0x32b: 0x000c, 0x32c: 0x000c, 0x32d: 0x000c, 0x32e: 0x000c, 0x32f: 0x000c,
+	0x330: 0x000c, 0x331: 0x000c, 0x332: 0x000c, 0x333: 0x000c, 0x334: 0x000c, 0x335: 0x000c,
+	0x336: 0x000c, 0x337: 0x000c, 0x338: 0x000c, 0x339: 0x000c, 0x33a: 0x000c, 0x33b: 0x000c,
+	0x33c: 0x000c, 0x33d: 0x000c, 0x33e: 0x0001, 0x33f: 0x000c,
+	// Block 0xd, offset 0x340
+	0x340: 0x0001, 0x341: 0x000c, 0x342: 0x000c, 0x343: 0x0001, 0x344: 0x000c, 0x345: 0x000c,
+	0x346: 0x0001, 0x347: 0x000c, 0x348: 0x0001, 0x349: 0x0001, 0x34a: 0x0001, 0x34b: 0x0001,
+	0x34c: 0x0001, 0x34d: 0x0001, 0x34e: 0x0001, 0x34f: 0x0001, 0x350: 0x0001, 0x351: 0x0001,
+	0x352: 0x0001, 0x353: 0x0001, 0x354: 0x0001, 0x355: 0x0001, 0x356: 0x0001, 0x357: 0x0001,
+	0x358: 0x0001, 0x359: 0x0001, 0x35a: 0x0001, 0x35b: 0x0001, 0x35c: 0x0001, 0x35d: 0x0001,
+	0x35e: 0x0001, 0x35f: 0x0001, 0x360: 0x0001, 0x361: 0x0001, 0x362: 0x0001, 0x363: 0x0001,
+	0x364: 0x0001, 0x365: 0x0001, 0x366: 0x0001, 0x367: 0x0001, 0x368: 0x0001, 0x369: 0x0001,
+	0x36a: 0x0001, 0x36b: 0x0001, 0x36c: 0x0001, 0x36d: 0x0001, 0x36e: 0x0001, 0x36f: 0x0001,
+	0x370: 0x0001, 0x371: 0x0001, 0x372: 0x0001, 0x373: 0x0001, 0x374: 0x0001, 0x375: 0x0001,
+	0x376: 0x0001, 0x377: 0x0001, 0x378: 0x0001, 0x379: 0x0001, 0x37a: 0x0001, 0x37b: 0x0001,
+	0x37c: 0x0001, 0x37d: 0x0001, 0x37e: 0x0001, 0x37f: 0x0001,
+	// Block 0xe, offset 0x380
+	0x380: 0x0005, 0x381: 0x0005, 0x382: 0x0005, 0x383: 0x0005, 0x384: 0x0005, 0x385: 0x0005,
+	0x386: 0x000a, 0x387: 0x000a, 0x388: 0x000d, 0x389: 0x0004, 0x38a: 0x0004, 0x38b: 0x000d,
+	0x38c: 0x0006, 0x38d: 0x000d, 0x38e: 0x000a, 0x38f: 0x000a, 0x390: 0x000c, 0x391: 0x000c,
+	0x392: 0x000c, 0x393: 0x000c, 0x394: 0x000c, 0x395: 0x000c, 0x396: 0x000c, 0x397: 0x000c,
+	0x398: 0x000c, 0x399: 0x000c, 0x39a: 0x000c, 0x39b: 0x000d, 0x39c: 0x000d, 0x39d: 0x000d,
+	0x39e: 0x000d, 0x39f: 0x000d, 0x3a0: 0x000d, 0x3a1: 0x000d, 0x3a2: 0x000d, 0x3a3: 0x000d,
+	0x3a4: 0x000d, 0x3a5: 0x000d, 0x3a6: 0x000d, 0x3a7: 0x000d, 0x3a8: 0x000d, 0x3a9: 0x000d,
+	0x3aa: 0x000d, 0x3ab: 0x000d, 0x3ac: 0x000d, 0x3ad: 0x000d, 0x3ae: 0x000d, 0x3af: 0x000d,
+	0x3b0: 0x000d, 0x3b1: 0x000d, 0x3b2: 0x000d, 0x3b3: 0x000d, 0x3b4: 0x000d, 0x3b5: 0x000d,
+	0x3b6: 0x000d, 0x3b7: 0x000d, 0x3b8: 0x000d, 0x3b9: 0x000d, 0x3ba: 0x000d, 0x3bb: 0x000d,
+	0x3bc: 0x000d, 0x3bd: 0x000d, 0x3be: 0x000d, 0x3bf: 0x000d,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x000d, 0x3c1: 0x000d, 0x3c2: 0x000d, 0x3c3: 0x000d, 0x3c4: 0x000d, 0x3c5: 0x000d,
+	0x3c6: 0x000d, 0x3c7: 0x000d, 0x3c8: 0x000d, 0x3c9: 0x000d, 0x3ca: 0x000d, 0x3cb: 0x000c,
+	0x3cc: 0x000c, 0x3cd: 0x000c, 0x3ce: 0x000c, 0x3cf: 0x000c, 0x3d0: 0x000c, 0x3d1: 0x000c,
+	0x3d2: 0x000c, 0x3d3: 0x000c, 0x3d4: 0x000c, 0x3d5: 0x000c, 0x3d6: 0x000c, 0x3d7: 0x000c,
+	0x3d8: 0x000c, 0x3d9: 0x000c, 0x3da: 0x000c, 0x3db: 0x000c, 0x3dc: 0x000c, 0x3dd: 0x000c,
+	0x3de: 0x000c, 0x3df: 0x000c, 0x3e0: 0x0005, 0x3e1: 0x0005, 0x3e2: 0x0005, 0x3e3: 0x0005,
+	0x3e4: 0x0005, 0x3e5: 0x0005, 0x3e6: 0x0005, 0x3e7: 0x0005, 0x3e8: 0x0005, 0x3e9: 0x0005,
+	0x3ea: 0x0004, 0x3eb: 0x0005, 0x3ec: 0x0005, 0x3ed: 0x000d, 0x3ee: 0x000d, 0x3ef: 0x000d,
+	0x3f0: 0x000c, 0x3f1: 0x000d, 0x3f2: 0x000d, 0x3f3: 0x000d, 0x3f4: 0x000d, 0x3f5: 0x000d,
+	0x3f6: 0x000d, 0x3f7: 0x000d, 0x3f8: 0x000d, 0x3f9: 0x000d, 0x3fa: 0x000d, 0x3fb: 0x000d,
+	0x3fc: 0x000d, 0x3fd: 0x000d, 0x3fe: 0x000d, 0x3ff: 0x000d,
+	// Block 0x10, offset 0x400
+	0x400: 0x000d, 0x401: 0x000d, 0x402: 0x000d, 0x403: 0x000d, 0x404: 0x000d, 0x405: 0x000d,
+	0x406: 0x000d, 0x407: 0x000d, 0x408: 0x000d, 0x409: 0x000d, 0x40a: 0x000d, 0x40b: 0x000d,
+	0x40c: 0x000d, 0x40d: 0x000d, 0x40e: 0x000d, 0x40f: 0x000d, 0x410: 0x000d, 0x411: 0x000d,
+	0x412: 0x000d, 0x413: 0x000d, 0x414: 0x000d, 0x415: 0x000d, 0x416: 0x000d, 0x417: 0x000d,
+	0x418: 0x000d, 0x419: 0x000d, 0x41a: 0x000d, 0x41b: 0x000d, 0x41c: 0x000d, 0x41d: 0x000d,
+	0x41e: 0x000d, 0x41f: 0x000d, 0x420: 0x000d, 0x421: 0x000d, 0x422: 0x000d, 0x423: 0x000d,
+	0x424: 0x000d, 0x425: 0x000d, 0x426: 0x000d, 0x427: 0x000d, 0x428: 0x000d, 0x429: 0x000d,
+	0x42a: 0x000d, 0x42b: 0x000d, 0x42c: 0x000d, 0x42d: 0x000d, 0x42e: 0x000d, 0x42f: 0x000d,
+	0x430: 0x000d, 0x431: 0x000d, 0x432: 0x000d, 0x433: 0x000d, 0x434: 0x000d, 0x435: 0x000d,
+	0x436: 0x000d, 0x437: 0x000d, 0x438: 0x000d, 0x439: 0x000d, 0x43a: 0x000d, 0x43b: 0x000d,
+	0x43c: 0x000d, 0x43d: 0x000d, 0x43e: 0x000d, 0x43f: 0x000d,
+	// Block 0x11, offset 0x440
+	0x440: 0x000d, 0x441: 0x000d, 0x442: 0x000d, 0x443: 0x000d, 0x444: 0x000d, 0x445: 0x000d,
+	0x446: 0x000d, 0x447: 0x000d, 0x448: 0x000d, 0x449: 0x000d, 0x44a: 0x000d, 0x44b: 0x000d,
+	0x44c: 0x000d, 0x44d: 0x000d, 0x44e: 0x000d, 0x44f: 0x000d, 0x450: 0x000d, 0x451: 0x000d,
+	0x452: 0x000d, 0x453: 0x000d, 0x454: 0x000d, 0x455: 0x000d, 0x456: 0x000c, 0x457: 0x000c,
+	0x458: 0x000c, 0x459: 0x000c, 0x45a: 0x000c, 0x45b: 0x000c, 0x45c: 0x000c, 0x45d: 0x0005,
+	0x45e: 0x000a, 0x45f: 0x000c, 0x460: 0x000c, 0x461: 0x000c, 0x462: 0x000c, 0x463: 0x000c,
+	0x464: 0x000c, 0x465: 0x000d, 0x466: 0x000d, 0x467: 0x000c, 0x468: 0x000c, 0x469: 0x000a,
+	0x46a: 0x000c, 0x46b: 0x000c, 0x46c: 0x000c, 0x46d: 0x000c, 0x46e: 0x000d, 0x46f: 0x000d,
+	0x470: 0x0002, 0x471: 0x0002, 0x472: 0x0002, 0x473: 0x0002, 0x474: 0x0002, 0x475: 0x0002,
+	0x476: 0x0002, 0x477: 0x0002, 0x478: 0x0002, 0x479: 0x0002, 0x47a: 0x000d, 0x47b: 0x000d,
+	0x47c: 0x000d, 0x47d: 0x000d, 0x47e: 0x000d, 0x47f: 0x000d,
+	// Block 0x12, offset 0x480
+	0x480: 0x000d, 0x481: 0x000d, 0x482: 0x000d, 0x483: 0x000d, 0x484: 0x000d, 0x485: 0x000d,
+	0x486: 0x000d, 0x487: 0x000d, 0x488: 0x000d, 0x489: 0x000d, 0x48a: 0x000d, 0x48b: 0x000d,
+	0x48c: 0x000d, 0x48d: 0x000d, 0x48e: 0x000d, 0x48f: 0x000d, 0x490: 0x000d, 0x491: 0x000c,
+	0x492: 0x000d, 0x493: 0x000d, 0x494: 0x000d, 0x495: 0x000d, 0x496: 0x000d, 0x497: 0x000d,
+	0x498: 0x000d, 0x499: 0x000d, 0x49a: 0x000d, 0x49b: 0x000d, 0x49c: 0x000d, 0x49d: 0x000d,
+	0x49e: 0x000d, 0x49f: 0x000d, 0x4a0: 0x000d, 0x4a1: 0x000d, 0x4a2: 0x000d, 0x4a3: 0x000d,
+	0x4a4: 0x000d, 0x4a5: 0x000d, 0x4a6: 0x000d, 0x4a7: 0x000d, 0x4a8: 0x000d, 0x4a9: 0x000d,
+	0x4aa: 0x000d, 0x4ab: 0x000d, 0x4ac: 0x000d, 0x4ad: 0x000d, 0x4ae: 0x000d, 0x4af: 0x000d,
+	0x4b0: 0x000c, 0x4b1: 0x000c, 0x4b2: 0x000c, 0x4b3: 0x000c, 0x4b4: 0x000c, 0x4b5: 0x000c,
+	0x4b6: 0x000c, 0x4b7: 0x000c, 0x4b8: 0x000c, 0x4b9: 0x000c, 0x4ba: 0x000c, 0x4bb: 0x000c,
+	0x4bc: 0x000c, 0x4bd: 0x000c, 0x4be: 0x000c, 0x4bf: 0x000c,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x000c, 0x4c1: 0x000c, 0x4c2: 0x000c, 0x4c3: 0x000c, 0x4c4: 0x000c, 0x4c5: 0x000c,
+	0x4c6: 0x000c, 0x4c7: 0x000c, 0x4c8: 0x000c, 0x4c9: 0x000c, 0x4ca: 0x000c, 0x4cb: 0x000d,
+	0x4cc: 0x000d, 0x4cd: 0x000d, 0x4ce: 0x000d, 0x4cf: 0x000d, 0x4d0: 0x000d, 0x4d1: 0x000d,
+	0x4d2: 0x000d, 0x4d3: 0x000d, 0x4d4: 0x000d, 0x4d5: 0x000d, 0x4d6: 0x000d, 0x4d7: 0x000d,
+	0x4d8: 0x000d, 0x4d9: 0x000d, 0x4da: 0x000d, 0x4db: 0x000d, 0x4dc: 0x000d, 0x4dd: 0x000d,
+	0x4de: 0x000d, 0x4df: 0x000d, 0x4e0: 0x000d, 0x4e1: 0x000d, 0x4e2: 0x000d, 0x4e3: 0x000d,
+	0x4e4: 0x000d, 0x4e5: 0x000d, 0x4e6: 0x000d, 0x4e7: 0x000d, 0x4e8: 0x000d, 0x4e9: 0x000d,
+	0x4ea: 0x000d, 0x4eb: 0x000d, 0x4ec: 0x000d, 0x4ed: 0x000d, 0x4ee: 0x000d, 0x4ef: 0x000d,
+	0x4f0: 0x000d, 0x4f1: 0x000d, 0x4f2: 0x000d, 0x4f3: 0x000d, 0x4f4: 0x000d, 0x4f5: 0x000d,
+	0x4f6: 0x000d, 0x4f7: 0x000d, 0x4f8: 0x000d, 0x4f9: 0x000d, 0x4fa: 0x000d, 0x4fb: 0x000d,
+	0x4fc: 0x000d, 0x4fd: 0x000d, 0x4fe: 0x000d, 0x4ff: 0x000d,
+	// Block 0x14, offset 0x500
+	0x500: 0x000d, 0x501: 0x000d, 0x502: 0x000d, 0x503: 0x000d, 0x504: 0x000d, 0x505: 0x000d,
+	0x506: 0x000d, 0x507: 0x000d, 0x508: 0x000d, 0x509: 0x000d, 0x50a: 0x000d, 0x50b: 0x000d,
+	0x50c: 0x000d, 0x50d: 0x000d, 0x50e: 0x000d, 0x50f: 0x000d, 0x510: 0x000d, 0x511: 0x000d,
+	0x512: 0x000d, 0x513: 0x000d, 0x514: 0x000d, 0x515: 0x000d, 0x516: 0x000d, 0x517: 0x000d,
+	0x518: 0x000d, 0x519: 0x000d, 0x51a: 0x000d, 0x51b: 0x000d, 0x51c: 0x000d, 0x51d: 0x000d,
+	0x51e: 0x000d, 0x51f: 0x000d, 0x520: 0x000d, 0x521: 0x000d, 0x522: 0x000d, 0x523: 0x000d,
+	0x524: 0x000d, 0x525: 0x000d, 0x526: 0x000c, 0x527: 0x000c, 0x528: 0x000c, 0x529: 0x000c,
+	0x52a: 0x000c, 0x52b: 0x000c, 0x52c: 0x000c, 0x52d: 0x000c, 0x52e: 0x000c, 0x52f: 0x000c,
+	0x530: 0x000c, 0x531: 0x000d, 0x532: 0x000d, 0x533: 0x000d, 0x534: 0x000d, 0x535: 0x000d,
+	0x536: 0x000d, 0x537: 0x000d, 0x538: 0x000d, 0x539: 0x000d, 0x53a: 0x000d, 0x53b: 0x000d,
+	0x53c: 0x000d, 0x53d: 0x000d, 0x53e: 0x000d, 0x53f: 0x000d,
+	// Block 0x15, offset 0x540
+	0x540: 0x0001, 0x541: 0x0001, 0x542: 0x0001, 0x543: 0x0001, 0x544: 0x0001, 0x545: 0x0001,
+	0x546: 0x0001, 0x547: 0x0001, 0x548: 0x0001, 0x549: 0x0001, 0x54a: 0x0001, 0x54b: 0x0001,
+	0x54c: 0x0001, 0x54d: 0x0001, 0x54e: 0x0001, 0x54f: 0x0001, 0x550: 0x0001, 0x551: 0x0001,
+	0x552: 0x0001, 0x553: 0x0001, 0x554: 0x0001, 0x555: 0x0001, 0x556: 0x0001, 0x557: 0x0001,
+	0x558: 0x0001, 0x559: 0x0001, 0x55a: 0x0001, 0x55b: 0x0001, 0x55c: 0x0001, 0x55d: 0x0001,
+	0x55e: 0x0001, 0x55f: 0x0001, 0x560: 0x0001, 0x561: 0x0001, 0x562: 0x0001, 0x563: 0x0001,
+	0x564: 0x0001, 0x565: 0x0001, 0x566: 0x0001, 0x567: 0x0001, 0x568: 0x0001, 0x569: 0x0001,
+	0x56a: 0x0001, 0x56b: 0x000c, 0x56c: 0x000c, 0x56d: 0x000c, 0x56e: 0x000c, 0x56f: 0x000c,
+	0x570: 0x000c, 0x571: 0x000c, 0x572: 0x000c, 0x573: 0x000c, 0x574: 0x0001, 0x575: 0x0001,
+	0x576: 0x000a, 0x577: 0x000a, 0x578: 0x000a, 0x579: 0x000a, 0x57a: 0x0001, 0x57b: 0x0001,
+	0x57c: 0x0001, 0x57d: 0x000c, 0x57e: 0x0001, 0x57f: 0x0001,
+	// Block 0x16, offset 0x580
+	0x580: 0x0001, 0x581: 0x0001, 0x582: 0x0001, 0x583: 0x0001, 0x584: 0x0001, 0x585: 0x0001,
+	0x586: 0x0001, 0x587: 0x0001, 0x588: 0x0001, 0x589: 0x0001, 0x58a: 0x0001, 0x58b: 0x0001,
+	0x58c: 0x0001, 0x58d: 0x0001, 0x58e: 0x0001, 0x58f: 0x0001, 0x590: 0x0001, 0x591: 0x0001,
+	0x592: 0x0001, 0x593: 0x0001, 0x594: 0x0001, 0x595: 0x0001, 0x596: 0x000c, 0x597: 0x000c,
+	0x598: 0x000c, 0x599: 0x000c, 0x59a: 0x0001, 0x59b: 0x000c, 0x59c: 0x000c, 0x59d: 0x000c,
+	0x59e: 0x000c, 0x59f: 0x000c, 0x5a0: 0x000c, 0x5a1: 0x000c, 0x5a2: 0x000c, 0x5a3: 0x000c,
+	0x5a4: 0x0001, 0x5a5: 0x000c, 0x5a6: 0x000c, 0x5a7: 0x000c, 0x5a8: 0x0001, 0x5a9: 0x000c,
+	0x5aa: 0x000c, 0x5ab: 0x000c, 0x5ac: 0x000c, 0x5ad: 0x000c, 0x5ae: 0x0001, 0x5af: 0x0001,
+	0x5b0: 0x0001, 0x5b1: 0x0001, 0x5b2: 0x0001, 0x5b3: 0x0001, 0x5b4: 0x0001, 0x5b5: 0x0001,
+	0x5b6: 0x0001, 0x5b7: 0x0001, 0x5b8: 0x0001, 0x5b9: 0x0001, 0x5ba: 0x0001, 0x5bb: 0x0001,
+	0x5bc: 0x0001, 0x5bd: 0x0001, 0x5be: 0x0001, 0x5bf: 0x0001,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x0001, 0x5c1: 0x0001, 0x5c2: 0x0001, 0x5c3: 0x0001, 0x5c4: 0x0001, 0x5c5: 0x0001,
+	0x5c6: 0x0001, 0x5c7: 0x0001, 0x5c8: 0x0001, 0x5c9: 0x0001, 0x5ca: 0x0001, 0x5cb: 0x0001,
+	0x5cc: 0x0001, 0x5cd: 0x0001, 0x5ce: 0x0001, 0x5cf: 0x0001, 0x5d0: 0x0001, 0x5d1: 0x0001,
+	0x5d2: 0x0001, 0x5d3: 0x0001, 0x5d4: 0x0001, 0x5d5: 0x0001, 0x5d6: 0x0001, 0x5d7: 0x0001,
+	0x5d8: 0x0001, 0x5d9: 0x000c, 0x5da: 0x000c, 0x5db: 0x000c, 0x5dc: 0x0001, 0x5dd: 0x0001,
+	0x5de: 0x0001, 0x5df: 0x0001, 0x5e0: 0x000d, 0x5e1: 0x000d, 0x5e2: 0x000d, 0x5e3: 0x000d,
+	0x5e4: 0x000d, 0x5e5: 0x000d, 0x5e6: 0x000d, 0x5e7: 0x000d, 0x5e8: 0x000d, 0x5e9: 0x000d,
+	0x5ea: 0x000d, 0x5eb: 0x000d, 0x5ec: 0x000d, 0x5ed: 0x000d, 0x5ee: 0x000d, 0x5ef: 0x000d,
+	0x5f0: 0x0001, 0x5f1: 0x0001, 0x5f2: 0x0001, 0x5f3: 0x0001, 0x5f4: 0x0001, 0x5f5: 0x0001,
+	0x5f6: 0x0001, 0x5f7: 0x0001, 0x5f8: 0x0001, 0x5f9: 0x0001, 0x5fa: 0x0001, 0x5fb: 0x0001,
+	0x5fc: 0x0001, 0x5fd: 0x0001, 0x5fe: 0x0001, 0x5ff: 0x0001,
+	// Block 0x18, offset 0x600
+	0x600: 0x0001, 0x601: 0x0001, 0x602: 0x0001, 0x603: 0x0001, 0x604: 0x0001, 0x605: 0x0001,
+	0x606: 0x0001, 0x607: 0x0001, 0x608: 0x0001, 0x609: 0x0001, 0x60a: 0x0001, 0x60b: 0x0001,
+	0x60c: 0x0001, 0x60d: 0x0001, 0x60e: 0x0001, 0x60f: 0x0001, 0x610: 0x0001, 0x611: 0x0001,
+	0x612: 0x0001, 0x613: 0x0001, 0x614: 0x0001, 0x615: 0x0001, 0x616: 0x0001, 0x617: 0x0001,
+	0x618: 0x0001, 0x619: 0x0001, 0x61a: 0x0001, 0x61b: 0x0001, 0x61c: 0x0001, 0x61d: 0x0001,
+	0x61e: 0x0001, 0x61f: 0x0001, 0x620: 0x000d, 0x621: 0x000d, 0x622: 0x000d, 0x623: 0x000d,
+	0x624: 0x000d, 0x625: 0x000d, 0x626: 0x000d, 0x627: 0x000d, 0x628: 0x000d, 0x629: 0x000d,
+	0x62a: 0x000d, 0x62b: 0x000d, 0x62c: 0x000d, 0x62d: 0x000d, 0x62e: 0x000d, 0x62f: 0x000d,
+	0x630: 0x000d, 0x631: 0x000d, 0x632: 0x000d, 0x633: 0x000d, 0x634: 0x000d, 0x635: 0x000d,
+	0x636: 0x000d, 0x637: 0x000d, 0x638: 0x000d, 0x639: 0x000d, 0x63a: 0x000d, 0x63b: 0x000d,
+	0x63c: 0x000d, 0x63d: 0x000d, 0x63e: 0x000d, 0x63f: 0x000d,
+	// Block 0x19, offset 0x640
+	0x640: 0x000d, 0x641: 0x000d, 0x642: 0x000d, 0x643: 0x000d, 0x644: 0x000d, 0x645: 0x000d,
+	0x646: 0x000d, 0x647: 0x000d, 0x648: 0x000d, 0x649: 0x000d, 0x64a: 0x000d, 0x64b: 0x000d,
+	0x64c: 0x000d, 0x64d: 0x000d, 0x64e: 0x000d, 0x64f: 0x000d, 0x650: 0x000d, 0x651: 0x000d,
+	0x652: 0x000d, 0x653: 0x000c, 0x654: 0x000c, 0x655: 0x000c, 0x656: 0x000c, 0x657: 0x000c,
+	0x658: 0x000c, 0x659: 0x000c, 0x65a: 0x000c, 0x65b: 0x000c, 0x65c: 0x000c, 0x65d: 0x000c,
+	0x65e: 0x000c, 0x65f: 0x000c, 0x660: 0x000c, 0x661: 0x000c, 0x662: 0x0005, 0x663: 0x000c,
+	0x664: 0x000c, 0x665: 0x000c, 0x666: 0x000c, 0x667: 0x000c, 0x668: 0x000c, 0x669: 0x000c,
+	0x66a: 0x000c, 0x66b: 0x000c, 0x66c: 0x000c, 0x66d: 0x000c, 0x66e: 0x000c, 0x66f: 0x000c,
+	0x670: 0x000c, 0x671: 0x000c, 0x672: 0x000c, 0x673: 0x000c, 0x674: 0x000c, 0x675: 0x000c,
+	0x676: 0x000c, 0x677: 0x000c, 0x678: 0x000c, 0x679: 0x000c, 0x67a: 0x000c, 0x67b: 0x000c,
+	0x67c: 0x000c, 0x67d: 0x000c, 0x67e: 0x000c, 0x67f: 0x000c,
+	// Block 0x1a, offset 0x680
+	0x680: 0x000c, 0x681: 0x000c, 0x682: 0x000c,
+	0x6ba: 0x000c,
+	0x6bc: 0x000c,
+	// Block 0x1b, offset 0x6c0
+	0x6c1: 0x000c, 0x6c2: 0x000c, 0x6c3: 0x000c, 0x6c4: 0x000c, 0x6c5: 0x000c,
+	0x6c6: 0x000c, 0x6c7: 0x000c, 0x6c8: 0x000c,
+	0x6cd: 0x000c, 0x6d1: 0x000c,
+	0x6d2: 0x000c, 0x6d3: 0x000c, 0x6d4: 0x000c, 0x6d5: 0x000c, 0x6d6: 0x000c, 0x6d7: 0x000c,
+	0x6e2: 0x000c, 0x6e3: 0x000c,
+	// Block 0x1c, offset 0x700
+	0x701: 0x000c,
+	0x73c: 0x000c,
+	// Block 0x1d, offset 0x740
+	0x741: 0x000c, 0x742: 0x000c, 0x743: 0x000c, 0x744: 0x000c,
+	0x74d: 0x000c,
+	0x762: 0x000c, 0x763: 0x000c,
+	0x772: 0x0004, 0x773: 0x0004,
+	0x77b: 0x0004,
+	0x77e: 0x000c,
+	// Block 0x1e, offset 0x780
+	0x781: 0x000c, 0x782: 0x000c,
+	0x7bc: 0x000c,
+	// Block 0x1f, offset 0x7c0
+	0x7c1: 0x000c, 0x7c2: 0x000c,
+	0x7c7: 0x000c, 0x7c8: 0x000c, 0x7cb: 0x000c,
+	0x7cc: 0x000c, 0x7cd: 0x000c, 0x7d1: 0x000c,
+	0x7f0: 0x000c, 0x7f1: 0x000c, 0x7f5: 0x000c,
+	// Block 0x20, offset 0x800
+	0x801: 0x000c, 0x802: 0x000c, 0x803: 0x000c, 0x804: 0x000c, 0x805: 0x000c,
+	0x807: 0x000c, 0x808: 0x000c,
+	0x80d: 0x000c,
+	0x822: 0x000c, 0x823: 0x000c,
+	0x831: 0x0004,
+	0x83a: 0x000c, 0x83b: 0x000c,
+	0x83c: 0x000c, 0x83d: 0x000c, 0x83e: 0x000c, 0x83f: 0x000c,
+	// Block 0x21, offset 0x840
+	0x841: 0x000c,
+	0x87c: 0x000c, 0x87f: 0x000c,
+	// Block 0x22, offset 0x880
+	0x881: 0x000c, 0x882: 0x000c, 0x883: 0x000c, 0x884: 0x000c,
+	0x88d: 0x000c,
+	0x896: 0x000c,
+	0x8a2: 0x000c, 0x8a3: 0x000c,
+	// Block 0x23, offset 0x8c0
+	0x8c2: 0x000c,
+	// Block 0x24, offset 0x900
+	0x900: 0x000c,
+	0x90d: 0x000c,
+	0x933: 0x000a, 0x934: 0x000a, 0x935: 0x000a,
+	0x936: 0x000a, 0x937: 0x000a, 0x938: 0x000a, 0x939: 0x0004, 0x93a: 0x000a,
+	// Block 0x25, offset 0x940
+	0x940: 0x000c, 0x944: 0x000c,
+	0x97e: 0x000c, 0x97f: 0x000c,
+	// Block 0x26, offset 0x980
+	0x980: 0x000c,
+	0x986: 0x000c, 0x987: 0x000c, 0x988: 0x000c, 0x98a: 0x000c, 0x98b: 0x000c,
+	0x98c: 0x000c, 0x98d: 0x000c,
+	0x995: 0x000c, 0x996: 0x000c,
+	0x9a2: 0x000c, 0x9a3: 0x000c,
+	0x9b8: 0x000a, 0x9b9: 0x000a, 0x9ba: 0x000a, 0x9bb: 0x000a,
+	0x9bc: 0x000a, 0x9bd: 0x000a, 0x9be: 0x000a,
+	// Block 0x27, offset 0x9c0
+	0x9cc: 0x000c, 0x9cd: 0x000c,
+	0x9e2: 0x000c, 0x9e3: 0x000c,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x000c, 0xa01: 0x000c,
+	0xa3b: 0x000c,
+	0xa3c: 0x000c,
+	// Block 0x29, offset 0xa40
+	0xa41: 0x000c, 0xa42: 0x000c, 0xa43: 0x000c, 0xa44: 0x000c,
+	0xa4d: 0x000c,
+	0xa62: 0x000c, 0xa63: 0x000c,
+	// Block 0x2a, offset 0xa80
+	0xa8a: 0x000c,
+	0xa92: 0x000c, 0xa93: 0x000c, 0xa94: 0x000c, 0xa96: 0x000c,
+	// Block 0x2b, offset 0xac0
+	0xaf1: 0x000c, 0xaf4: 0x000c, 0xaf5: 0x000c,
+	0xaf6: 0x000c, 0xaf7: 0x000c, 0xaf8: 0x000c, 0xaf9: 0x000c, 0xafa: 0x000c,
+	0xaff: 0x0004,
+	// Block 0x2c, offset 0xb00
+	0xb07: 0x000c, 0xb08: 0x000c, 0xb09: 0x000c, 0xb0a: 0x000c, 0xb0b: 0x000c,
+	0xb0c: 0x000c, 0xb0d: 0x000c, 0xb0e: 0x000c,
+	// Block 0x2d, offset 0xb40
+	0xb71: 0x000c, 0xb74: 0x000c, 0xb75: 0x000c,
+	0xb76: 0x000c, 0xb77: 0x000c, 0xb78: 0x000c, 0xb79: 0x000c, 0xb7b: 0x000c,
+	0xb7c: 0x000c,
+	// Block 0x2e, offset 0xb80
+	0xb88: 0x000c, 0xb89: 0x000c, 0xb8a: 0x000c, 0xb8b: 0x000c,
+	0xb8c: 0x000c, 0xb8d: 0x000c,
+	// Block 0x2f, offset 0xbc0
+	0xbd8: 0x000c, 0xbd9: 0x000c,
+	0xbf5: 0x000c,
+	0xbf7: 0x000c, 0xbf9: 0x000c, 0xbfa: 0x003a, 0xbfb: 0x002a,
+	0xbfc: 0x003a, 0xbfd: 0x002a,
+	// Block 0x30, offset 0xc00
+	0xc31: 0x000c, 0xc32: 0x000c, 0xc33: 0x000c, 0xc34: 0x000c, 0xc35: 0x000c,
+	0xc36: 0x000c, 0xc37: 0x000c, 0xc38: 0x000c, 0xc39: 0x000c, 0xc3a: 0x000c, 0xc3b: 0x000c,
+	0xc3c: 0x000c, 0xc3d: 0x000c, 0xc3e: 0x000c,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x000c, 0xc41: 0x000c, 0xc42: 0x000c, 0xc43: 0x000c, 0xc44: 0x000c,
+	0xc46: 0x000c, 0xc47: 0x000c,
+	0xc4d: 0x000c, 0xc4e: 0x000c, 0xc4f: 0x000c, 0xc50: 0x000c, 0xc51: 0x000c,
+	0xc52: 0x000c, 0xc53: 0x000c, 0xc54: 0x000c, 0xc55: 0x000c, 0xc56: 0x000c, 0xc57: 0x000c,
+	0xc59: 0x000c, 0xc5a: 0x000c, 0xc5b: 0x000c, 0xc5c: 0x000c, 0xc5d: 0x000c,
+	0xc5e: 0x000c, 0xc5f: 0x000c, 0xc60: 0x000c, 0xc61: 0x000c, 0xc62: 0x000c, 0xc63: 0x000c,
+	0xc64: 0x000c, 0xc65: 0x000c, 0xc66: 0x000c, 0xc67: 0x000c, 0xc68: 0x000c, 0xc69: 0x000c,
+	0xc6a: 0x000c, 0xc6b: 0x000c, 0xc6c: 0x000c, 0xc6d: 0x000c, 0xc6e: 0x000c, 0xc6f: 0x000c,
+	0xc70: 0x000c, 0xc71: 0x000c, 0xc72: 0x000c, 0xc73: 0x000c, 0xc74: 0x000c, 0xc75: 0x000c,
+	0xc76: 0x000c, 0xc77: 0x000c, 0xc78: 0x000c, 0xc79: 0x000c, 0xc7a: 0x000c, 0xc7b: 0x000c,
+	0xc7c: 0x000c,
+	// Block 0x32, offset 0xc80
+	0xc86: 0x000c,
+	// Block 0x33, offset 0xcc0
+	0xced: 0x000c, 0xcee: 0x000c, 0xcef: 0x000c,
+	0xcf0: 0x000c, 0xcf2: 0x000c, 0xcf3: 0x000c, 0xcf4: 0x000c, 0xcf5: 0x000c,
+	0xcf6: 0x000c, 0xcf7: 0x000c, 0xcf9: 0x000c, 0xcfa: 0x000c,
+	0xcfd: 0x000c, 0xcfe: 0x000c,
+	// Block 0x34, offset 0xd00
+	0xd18: 0x000c, 0xd19: 0x000c,
+	0xd1e: 0x000c, 0xd1f: 0x000c, 0xd20: 0x000c,
+	0xd31: 0x000c, 0xd32: 0x000c, 0xd33: 0x000c, 0xd34: 0x000c,
+	// Block 0x35, offset 0xd40
+	0xd42: 0x000c, 0xd45: 0x000c,
+	0xd46: 0x000c,
+	0xd4d: 0x000c,
+	0xd5d: 0x000c,
+	// Block 0x36, offset 0xd80
+	0xd9d: 0x000c,
+	0xd9e: 0x000c, 0xd9f: 0x000c,
+	// Block 0x37, offset 0xdc0
+	0xdd0: 0x000a, 0xdd1: 0x000a,
+	0xdd2: 0x000a, 0xdd3: 0x000a, 0xdd4: 0x000a, 0xdd5: 0x000a, 0xdd6: 0x000a, 0xdd7: 0x000a,
+	0xdd8: 0x000a, 0xdd9: 0x000a,
+	// Block 0x38, offset 0xe00
+	0xe00: 0x000a,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x0009,
+	0xe5b: 0x007a, 0xe5c: 0x006a,
+	// Block 0x3a, offset 0xe80
+	0xe92: 0x000c, 0xe93: 0x000c, 0xe94: 0x000c,
+	0xeb2: 0x000c, 0xeb3: 0x000c, 0xeb4: 0x000c,
+	// Block 0x3b, offset 0xec0
+	0xed2: 0x000c, 0xed3: 0x000c,
+	0xef2: 0x000c, 0xef3: 0x000c,
+	// Block 0x3c, offset 0xf00
+	0xf34: 0x000c, 0xf35: 0x000c,
+	0xf37: 0x000c, 0xf38: 0x000c, 0xf39: 0x000c, 0xf3a: 0x000c, 0xf3b: 0x000c,
+	0xf3c: 0x000c, 0xf3d: 0x000c,
+	// Block 0x3d, offset 0xf40
+	0xf46: 0x000c, 0xf49: 0x000c, 0xf4a: 0x000c, 0xf4b: 0x000c,
+	0xf4c: 0x000c, 0xf4d: 0x000c, 0xf4e: 0x000c, 0xf4f: 0x000c, 0xf50: 0x000c, 0xf51: 0x000c,
+	0xf52: 0x000c, 0xf53: 0x000c,
+	0xf5b: 0x0004, 0xf5d: 0x000c,
+	0xf70: 0x000a, 0xf71: 0x000a, 0xf72: 0x000a, 0xf73: 0x000a, 0xf74: 0x000a, 0xf75: 0x000a,
+	0xf76: 0x000a, 0xf77: 0x000a, 0xf78: 0x000a, 0xf79: 0x000a,
+	// Block 0x3e, offset 0xf80
+	0xf80: 0x000a, 0xf81: 0x000a, 0xf82: 0x000a, 0xf83: 0x000a, 0xf84: 0x000a, 0xf85: 0x000a,
+	0xf86: 0x000a, 0xf87: 0x000a, 0xf88: 0x000a, 0xf89: 0x000a, 0xf8a: 0x000a, 0xf8b: 0x000c,
+	0xf8c: 0x000c, 0xf8d: 0x000c, 0xf8e: 0x000b,
+	// Block 0x3f, offset 0xfc0
+	0xfc5: 0x000c,
+	0xfc6: 0x000c,
+	0xfe9: 0x000c,
+	// Block 0x40, offset 0x1000
+	0x1020: 0x000c, 0x1021: 0x000c, 0x1022: 0x000c,
+	0x1027: 0x000c, 0x1028: 0x000c,
+	0x1032: 0x000c,
+	0x1039: 0x000c, 0x103a: 0x000c, 0x103b: 0x000c,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x000a, 0x1044: 0x000a, 0x1045: 0x000a,
+	// Block 0x42, offset 0x1080
+	0x109e: 0x000a, 0x109f: 0x000a, 0x10a0: 0x000a, 0x10a1: 0x000a, 0x10a2: 0x000a, 0x10a3: 0x000a,
+	0x10a4: 0x000a, 0x10a5: 0x000a, 0x10a6: 0x000a, 0x10a7: 0x000a, 0x10a8: 0x000a, 0x10a9: 0x000a,
+	0x10aa: 0x000a, 0x10ab: 0x000a, 0x10ac: 0x000a, 0x10ad: 0x000a, 0x10ae: 0x000a, 0x10af: 0x000a,
+	0x10b0: 0x000a, 0x10b1: 0x000a, 0x10b2: 0x000a, 0x10b3: 0x000a, 0x10b4: 0x000a, 0x10b5: 0x000a,
+	0x10b6: 0x000a, 0x10b7: 0x000a, 0x10b8: 0x000a, 0x10b9: 0x000a, 0x10ba: 0x000a, 0x10bb: 0x000a,
+	0x10bc: 0x000a, 0x10bd: 0x000a, 0x10be: 0x000a, 0x10bf: 0x000a,
+	// Block 0x43, offset 0x10c0
+	0x10d7: 0x000c,
+	0x10d8: 0x000c, 0x10db: 0x000c,
+	// Block 0x44, offset 0x1100
+	0x1116: 0x000c,
+	0x1118: 0x000c, 0x1119: 0x000c, 0x111a: 0x000c, 0x111b: 0x000c, 0x111c: 0x000c, 0x111d: 0x000c,
+	0x111e: 0x000c, 0x1120: 0x000c, 0x1122: 0x000c,
+	0x1125: 0x000c, 0x1126: 0x000c, 0x1127: 0x000c, 0x1128: 0x000c, 0x1129: 0x000c,
+	0x112a: 0x000c, 0x112b: 0x000c, 0x112c: 0x000c,
+	0x1133: 0x000c, 0x1134: 0x000c, 0x1135: 0x000c,
+	0x1136: 0x000c, 0x1137: 0x000c, 0x1138: 0x000c, 0x1139: 0x000c, 0x113a: 0x000c, 0x113b: 0x000c,
+	0x113c: 0x000c, 0x113f: 0x000c,
+	// Block 0x45, offset 0x1140
+	0x1170: 0x000c, 0x1171: 0x000c, 0x1172: 0x000c, 0x1173: 0x000c, 0x1174: 0x000c, 0x1175: 0x000c,
+	0x1176: 0x000c, 0x1177: 0x000c, 0x1178: 0x000c, 0x1179: 0x000c, 0x117a: 0x000c, 0x117b: 0x000c,
+	0x117c: 0x000c, 0x117d: 0x000c, 0x117e: 0x000c,
+	// Block 0x46, offset 0x1180
+	0x1180: 0x000c, 0x1181: 0x000c, 0x1182: 0x000c, 0x1183: 0x000c,
+	0x11b4: 0x000c,
+	0x11b6: 0x000c, 0x11b7: 0x000c, 0x11b8: 0x000c, 0x11b9: 0x000c, 0x11ba: 0x000c,
+	0x11bc: 0x000c,
+	// Block 0x47, offset 0x11c0
+	0x11c2: 0x000c,
+	0x11eb: 0x000c, 0x11ec: 0x000c, 0x11ed: 0x000c, 0x11ee: 0x000c, 0x11ef: 0x000c,
+	0x11f0: 0x000c, 0x11f1: 0x000c, 0x11f2: 0x000c, 0x11f3: 0x000c,
+	// Block 0x48, offset 0x1200
+	0x1200: 0x000c, 0x1201: 0x000c,
+	0x1222: 0x000c, 0x1223: 0x000c,
+	0x1224: 0x000c, 0x1225: 0x000c, 0x1228: 0x000c, 0x1229: 0x000c,
+	0x122b: 0x000c, 0x122c: 0x000c, 0x122d: 0x000c,
+	// Block 0x49, offset 0x1240
+	0x1266: 0x000c, 0x1268: 0x000c, 0x1269: 0x000c,
+	0x126d: 0x000c, 0x126f: 0x000c,
+	0x1270: 0x000c, 0x1271: 0x000c,
+	// Block 0x4a, offset 0x1280
+	0x12ac: 0x000c, 0x12ad: 0x000c, 0x12ae: 0x000c, 0x12af: 0x000c,
+	0x12b0: 0x000c, 0x12b1: 0x000c, 0x12b2: 0x000c, 0x12b3: 0x000c,
+	0x12b6: 0x000c, 0x12b7: 0x000c,
+	// Block 0x4b, offset 0x12c0
+	0x12d0: 0x000c, 0x12d1: 0x000c,
+	0x12d2: 0x000c, 0x12d4: 0x000c, 0x12d5: 0x000c, 0x12d6: 0x000c, 0x12d7: 0x000c,
+	0x12d8: 0x000c, 0x12d9: 0x000c, 0x12da: 0x000c, 0x12db: 0x000c, 0x12dc: 0x000c, 0x12dd: 0x000c,
+	0x12de: 0x000c, 0x12df: 0x000c, 0x12e0: 0x000c, 0x12e2: 0x000c, 0x12e3: 0x000c,
+	0x12e4: 0x000c, 0x12e5: 0x000c, 0x12e6: 0x000c, 0x12e7: 0x000c, 0x12e8: 0x000c,
+	0x12ed: 0x000c,
+	0x12f4: 0x000c,
+	0x12f8: 0x000c, 0x12f9: 0x000c,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x000c, 0x1301: 0x000c, 0x1302: 0x000c, 0x1303: 0x000c, 0x1304: 0x000c, 0x1305: 0x000c,
+	0x1306: 0x000c, 0x1307: 0x000c, 0x1308: 0x000c, 0x1309: 0x000c, 0x130a: 0x000c, 0x130b: 0x000c,
+	0x130c: 0x000c, 0x130d: 0x000c, 0x130e: 0x000c, 0x130f: 0x000c, 0x1310: 0x000c, 0x1311: 0x000c,
+	0x1312: 0x000c, 0x1313: 0x000c, 0x1314: 0x000c, 0x1315: 0x000c, 0x1316: 0x000c, 0x1317: 0x000c,
+	0x1318: 0x000c, 0x1319: 0x000c, 0x131a: 0x000c, 0x131b: 0x000c, 0x131c: 0x000c, 0x131d: 0x000c,
+	0x131e: 0x000c, 0x131f: 0x000c, 0x1320: 0x000c, 0x1321: 0x000c, 0x1322: 0x000c, 0x1323: 0x000c,
+	0x1324: 0x000c, 0x1325: 0x000c, 0x1326: 0x000c, 0x1327: 0x000c, 0x1328: 0x000c, 0x1329: 0x000c,
+	0x132a: 0x000c, 0x132b: 0x000c, 0x132c: 0x000c, 0x132d: 0x000c, 0x132e: 0x000c, 0x132f: 0x000c,
+	0x1330: 0x000c, 0x1331: 0x000c, 0x1332: 0x000c, 0x1333: 0x000c, 0x1334: 0x000c, 0x1335: 0x000c,
+	0x1336: 0x000c, 0x1337: 0x000c, 0x1338: 0x000c, 0x1339: 0x000c, 0x133b: 0x000c,
+	0x133c: 0x000c, 0x133d: 0x000c, 0x133e: 0x000c, 0x133f: 0x000c,
+	// Block 0x4d, offset 0x1340
+	0x137d: 0x000a, 0x137f: 0x000a,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x000a, 0x1381: 0x000a,
+	0x138d: 0x000a, 0x138e: 0x000a, 0x138f: 0x000a,
+	0x139d: 0x000a,
+	0x139e: 0x000a, 0x139f: 0x000a,
+	0x13ad: 0x000a, 0x13ae: 0x000a, 0x13af: 0x000a,
+	0x13bd: 0x000a, 0x13be: 0x000a,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x0009, 0x13c1: 0x0009, 0x13c2: 0x0009, 0x13c3: 0x0009, 0x13c4: 0x0009, 0x13c5: 0x0009,
+	0x13c6: 0x0009, 0x13c7: 0x0009, 0x13c8: 0x0009, 0x13c9: 0x0009, 0x13ca: 0x0009, 0x13cb: 0x000b,
+	0x13cc: 0x000b, 0x13cd: 0x000b, 0x13cf: 0x0001, 0x13d0: 0x000a, 0x13d1: 0x000a,
+	0x13d2: 0x000a, 0x13d3: 0x000a, 0x13d4: 0x000a, 0x13d5: 0x000a, 0x13d6: 0x000a, 0x13d7: 0x000a,
+	0x13d8: 0x000a, 0x13d9: 0x000a, 0x13da: 0x000a, 0x13db: 0x000a, 0x13dc: 0x000a, 0x13dd: 0x000a,
+	0x13de: 0x000a, 0x13df: 0x000a, 0x13e0: 0x000a, 0x13e1: 0x000a, 0x13e2: 0x000a, 0x13e3: 0x000a,
+	0x13e4: 0x000a, 0x13e5: 0x000a, 0x13e6: 0x000a, 0x13e7: 0x000a, 0x13e8: 0x0009, 0x13e9: 0x0007,
+	0x13ea: 0x000e, 0x13eb: 0x000e, 0x13ec: 0x000e, 0x13ed: 0x000e, 0x13ee: 0x000e, 0x13ef: 0x0006,
+	0x13f0: 0x0004, 0x13f1: 0x0004, 0x13f2: 0x0004, 0x13f3: 0x0004, 0x13f4: 0x0004, 0x13f5: 0x000a,
+	0x13f6: 0x000a, 0x13f7: 0x000a, 0x13f8: 0x000a, 0x13f9: 0x000a, 0x13fa: 0x000a, 0x13fb: 0x000a,
+	0x13fc: 0x000a, 0x13fd: 0x000a, 0x13fe: 0x000a, 0x13ff: 0x000a,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x000a, 0x1401: 0x000a, 0x1402: 0x000a, 0x1403: 0x000a, 0x1404: 0x0006, 0x1405: 0x009a,
+	0x1406: 0x008a, 0x1407: 0x000a, 0x1408: 0x000a, 0x1409: 0x000a, 0x140a: 0x000a, 0x140b: 0x000a,
+	0x140c: 0x000a, 0x140d: 0x000a, 0x140e: 0x000a, 0x140f: 0x000a, 0x1410: 0x000a, 0x1411: 0x000a,
+	0x1412: 0x000a, 0x1413: 0x000a, 0x1414: 0x000a, 0x1415: 0x000a, 0x1416: 0x000a, 0x1417: 0x000a,
+	0x1418: 0x000a, 0x1419: 0x000a, 0x141a: 0x000a, 0x141b: 0x000a, 0x141c: 0x000a, 0x141d: 0x000a,
+	0x141e: 0x000a, 0x141f: 0x0009, 0x1420: 0x000b, 0x1421: 0x000b, 0x1422: 0x000b, 0x1423: 0x000b,
+	0x1424: 0x000b, 0x1425: 0x000b, 0x1426: 0x000e, 0x1427: 0x000e, 0x1428: 0x000e, 0x1429: 0x000e,
+	0x142a: 0x000b, 0x142b: 0x000b, 0x142c: 0x000b, 0x142d: 0x000b, 0x142e: 0x000b, 0x142f: 0x000b,
+	0x1430: 0x0002, 0x1434: 0x0002, 0x1435: 0x0002,
+	0x1436: 0x0002, 0x1437: 0x0002, 0x1438: 0x0002, 0x1439: 0x0002, 0x143a: 0x0003, 0x143b: 0x0003,
+	0x143c: 0x000a, 0x143d: 0x009a, 0x143e: 0x008a,
+	// Block 0x51, offset 0x1440
+	0x1440: 0x0002, 0x1441: 0x0002, 0x1442: 0x0002, 0x1443: 0x0002, 0x1444: 0x0002, 0x1445: 0x0002,
+	0x1446: 0x0002, 0x1447: 0x0002, 0x1448: 0x0002, 0x1449: 0x0002, 0x144a: 0x0003, 0x144b: 0x0003,
+	0x144c: 0x000a, 0x144d: 0x009a, 0x144e: 0x008a,
+	0x1460: 0x0004, 0x1461: 0x0004, 0x1462: 0x0004, 0x1463: 0x0004,
+	0x1464: 0x0004, 0x1465: 0x0004, 0x1466: 0x0004, 0x1467: 0x0004, 0x1468: 0x0004, 0x1469: 0x0004,
+	0x146a: 0x0004, 0x146b: 0x0004, 0x146c: 0x0004, 0x146d: 0x0004, 0x146e: 0x0004, 0x146f: 0x0004,
+	0x1470: 0x0004, 0x1471: 0x0004, 0x1472: 0x0004, 0x1473: 0x0004, 0x1474: 0x0004, 0x1475: 0x0004,
+	0x1476: 0x0004, 0x1477: 0x0004, 0x1478: 0x0004, 0x1479: 0x0004, 0x147a: 0x0004, 0x147b: 0x0004,
+	0x147c: 0x0004, 0x147d: 0x0004, 0x147e: 0x0004, 0x147f: 0x0004,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x0004, 0x1481: 0x0004, 0x1482: 0x0004, 0x1483: 0x0004, 0x1484: 0x0004, 0x1485: 0x0004,
+	0x1486: 0x0004, 0x1487: 0x0004, 0x1488: 0x0004, 0x1489: 0x0004, 0x148a: 0x0004, 0x148b: 0x0004,
+	0x148c: 0x0004, 0x148d: 0x0004, 0x148e: 0x0004, 0x148f: 0x0004, 0x1490: 0x000c, 0x1491: 0x000c,
+	0x1492: 0x000c, 0x1493: 0x000c, 0x1494: 0x000c, 0x1495: 0x000c, 0x1496: 0x000c, 0x1497: 0x000c,
+	0x1498: 0x000c, 0x1499: 0x000c, 0x149a: 0x000c, 0x149b: 0x000c, 0x149c: 0x000c, 0x149d: 0x000c,
+	0x149e: 0x000c, 0x149f: 0x000c, 0x14a0: 0x000c, 0x14a1: 0x000c, 0x14a2: 0x000c, 0x14a3: 0x000c,
+	0x14a4: 0x000c, 0x14a5: 0x000c, 0x14a6: 0x000c, 0x14a7: 0x000c, 0x14a8: 0x000c, 0x14a9: 0x000c,
+	0x14aa: 0x000c, 0x14ab: 0x000c, 0x14ac: 0x000c, 0x14ad: 0x000c, 0x14ae: 0x000c, 0x14af: 0x000c,
+	0x14b0: 0x000c,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0x000a, 0x14c1: 0x000a, 0x14c3: 0x000a, 0x14c4: 0x000a, 0x14c5: 0x000a,
+	0x14c6: 0x000a, 0x14c8: 0x000a, 0x14c9: 0x000a,
+	0x14d4: 0x000a, 0x14d6: 0x000a, 0x14d7: 0x000a,
+	0x14d8: 0x000a,
+	0x14de: 0x000a, 0x14df: 0x000a, 0x14e0: 0x000a, 0x14e1: 0x000a, 0x14e2: 0x000a, 0x14e3: 0x000a,
+	0x14e5: 0x000a, 0x14e7: 0x000a, 0x14e9: 0x000a,
+	0x14ee: 0x0004,
+	0x14fa: 0x000a, 0x14fb: 0x000a,
+	// Block 0x54, offset 0x1500
+	0x1500: 0x000a, 0x1501: 0x000a, 0x1502: 0x000a, 0x1503: 0x000a, 0x1504: 0x000a,
+	0x150a: 0x000a, 0x150b: 0x000a,
+	0x150c: 0x000a, 0x150d: 0x000a, 0x1510: 0x000a, 0x1511: 0x000a,
+	0x1512: 0x000a, 0x1513: 0x000a, 0x1514: 0x000a, 0x1515: 0x000a, 0x1516: 0x000a, 0x1517: 0x000a,
+	0x1518: 0x000a, 0x1519: 0x000a, 0x151a: 0x000a, 0x151b: 0x000a, 0x151c: 0x000a, 0x151d: 0x000a,
+	0x151e: 0x000a, 0x151f: 0x000a,
+	// Block 0x55, offset 0x1540
+	0x1549: 0x000a, 0x154a: 0x000a, 0x154b: 0x000a,
+	0x1550: 0x000a, 0x1551: 0x000a,
+	0x1552: 0x000a, 0x1553: 0x000a, 0x1554: 0x000a, 0x1555: 0x000a, 0x1556: 0x000a, 0x1557: 0x000a,
+	0x1558: 0x000a, 0x1559: 0x000a, 0x155a: 0x000a, 0x155b: 0x000a, 0x155c: 0x000a, 0x155d: 0x000a,
+	0x155e: 0x000a, 0x155f: 0x000a, 0x1560: 0x000a, 0x1561: 0x000a, 0x1562: 0x000a, 0x1563: 0x000a,
+	0x1564: 0x000a, 0x1565: 0x000a, 0x1566: 0x000a, 0x1567: 0x000a, 0x1568: 0x000a, 0x1569: 0x000a,
+	0x156a: 0x000a, 0x156b: 0x000a, 0x156c: 0x000a, 0x156d: 0x000a, 0x156e: 0x000a, 0x156f: 0x000a,
+	0x1570: 0x000a, 0x1571: 0x000a, 0x1572: 0x000a, 0x1573: 0x000a, 0x1574: 0x000a, 0x1575: 0x000a,
+	0x1576: 0x000a, 0x1577: 0x000a, 0x1578: 0x000a, 0x1579: 0x000a, 0x157a: 0x000a, 0x157b: 0x000a,
+	0x157c: 0x000a, 0x157d: 0x000a, 0x157e: 0x000a, 0x157f: 0x000a,
+	// Block 0x56, offset 0x1580
+	0x1580: 0x000a, 0x1581: 0x000a, 0x1582: 0x000a, 0x1583: 0x000a, 0x1584: 0x000a, 0x1585: 0x000a,
+	0x1586: 0x000a, 0x1587: 0x000a, 0x1588: 0x000a, 0x1589: 0x000a, 0x158a: 0x000a, 0x158b: 0x000a,
+	0x158c: 0x000a, 0x158d: 0x000a, 0x158e: 0x000a, 0x158f: 0x000a, 0x1590: 0x000a, 0x1591: 0x000a,
+	0x1592: 0x000a, 0x1593: 0x000a, 0x1594: 0x000a, 0x1595: 0x000a, 0x1596: 0x000a, 0x1597: 0x000a,
+	0x1598: 0x000a, 0x1599: 0x000a, 0x159a: 0x000a, 0x159b: 0x000a, 0x159c: 0x000a, 0x159d: 0x000a,
+	0x159e: 0x000a, 0x159f: 0x000a, 0x15a0: 0x000a, 0x15a1: 0x000a, 0x15a2: 0x000a, 0x15a3: 0x000a,
+	0x15a4: 0x000a, 0x15a5: 0x000a, 0x15a6: 0x000a, 0x15a7: 0x000a, 0x15a8: 0x000a, 0x15a9: 0x000a,
+	0x15aa: 0x000a, 0x15ab: 0x000a, 0x15ac: 0x000a, 0x15ad: 0x000a, 0x15ae: 0x000a, 0x15af: 0x000a,
+	0x15b0: 0x000a, 0x15b1: 0x000a, 0x15b2: 0x000a, 0x15b3: 0x000a, 0x15b4: 0x000a, 0x15b5: 0x000a,
+	0x15b6: 0x000a, 0x15b7: 0x000a, 0x15b8: 0x000a, 0x15b9: 0x000a, 0x15ba: 0x000a, 0x15bb: 0x000a,
+	0x15bc: 0x000a, 0x15bd: 0x000a, 0x15be: 0x000a, 0x15bf: 0x000a,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0x000a, 0x15c1: 0x000a, 0x15c2: 0x000a, 0x15c3: 0x000a, 0x15c4: 0x000a, 0x15c5: 0x000a,
+	0x15c6: 0x000a, 0x15c7: 0x000a, 0x15c8: 0x000a, 0x15c9: 0x000a, 0x15ca: 0x000a, 0x15cb: 0x000a,
+	0x15cc: 0x000a, 0x15cd: 0x000a, 0x15ce: 0x000a, 0x15cf: 0x000a, 0x15d0: 0x000a, 0x15d1: 0x000a,
+	0x15d2: 0x0003, 0x15d3: 0x0004, 0x15d4: 0x000a, 0x15d5: 0x000a, 0x15d6: 0x000a, 0x15d7: 0x000a,
+	0x15d8: 0x000a, 0x15d9: 0x000a, 0x15da: 0x000a, 0x15db: 0x000a, 0x15dc: 0x000a, 0x15dd: 0x000a,
+	0x15de: 0x000a, 0x15df: 0x000a, 0x15e0: 0x000a, 0x15e1: 0x000a, 0x15e2: 0x000a, 0x15e3: 0x000a,
+	0x15e4: 0x000a, 0x15e5: 0x000a, 0x15e6: 0x000a, 0x15e7: 0x000a, 0x15e8: 0x000a, 0x15e9: 0x000a,
+	0x15ea: 0x000a, 0x15eb: 0x000a, 0x15ec: 0x000a, 0x15ed: 0x000a, 0x15ee: 0x000a, 0x15ef: 0x000a,
+	0x15f0: 0x000a, 0x15f1: 0x000a, 0x15f2: 0x000a, 0x15f3: 0x000a, 0x15f4: 0x000a, 0x15f5: 0x000a,
+	0x15f6: 0x000a, 0x15f7: 0x000a, 0x15f8: 0x000a, 0x15f9: 0x000a, 0x15fa: 0x000a, 0x15fb: 0x000a,
+	0x15fc: 0x000a, 0x15fd: 0x000a, 0x15fe: 0x000a, 0x15ff: 0x000a,
+	// Block 0x58, offset 0x1600
+	0x1600: 0x000a, 0x1601: 0x000a, 0x1602: 0x000a, 0x1603: 0x000a, 0x1604: 0x000a, 0x1605: 0x000a,
+	0x1606: 0x000a, 0x1607: 0x000a, 0x1608: 0x003a, 0x1609: 0x002a, 0x160a: 0x003a, 0x160b: 0x002a,
+	0x160c: 0x000a, 0x160d: 0x000a, 0x160e: 0x000a, 0x160f: 0x000a, 0x1610: 0x000a, 0x1611: 0x000a,
+	0x1612: 0x000a, 0x1613: 0x000a, 0x1614: 0x000a, 0x1615: 0x000a, 0x1616: 0x000a, 0x1617: 0x000a,
+	0x1618: 0x000a, 0x1619: 0x000a, 0x161a: 0x000a, 0x161b: 0x000a, 0x161c: 0x000a, 0x161d: 0x000a,
+	0x161e: 0x000a, 0x161f: 0x000a, 0x1620: 0x000a, 0x1621: 0x000a, 0x1622: 0x000a, 0x1623: 0x000a,
+	0x1624: 0x000a, 0x1625: 0x000a, 0x1626: 0x000a, 0x1627: 0x000a, 0x1628: 0x000a, 0x1629: 0x009a,
+	0x162a: 0x008a, 0x162b: 0x000a, 0x162c: 0x000a, 0x162d: 0x000a, 0x162e: 0x000a, 0x162f: 0x000a,
+	0x1630: 0x000a, 0x1631: 0x000a, 0x1632: 0x000a, 0x1633: 0x000a, 0x1634: 0x000a, 0x1635: 0x000a,
+	// Block 0x59, offset 0x1640
+	0x167b: 0x000a,
+	0x167c: 0x000a, 0x167d: 0x000a, 0x167e: 0x000a, 0x167f: 0x000a,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x000a, 0x1681: 0x000a, 0x1682: 0x000a, 0x1683: 0x000a, 0x1684: 0x000a, 0x1685: 0x000a,
+	0x1686: 0x000a, 0x1687: 0x000a, 0x1688: 0x000a, 0x1689: 0x000a, 0x168a: 0x000a, 0x168b: 0x000a,
+	0x168c: 0x000a, 0x168d: 0x000a, 0x168e: 0x000a, 0x168f: 0x000a, 0x1690: 0x000a, 0x1691: 0x000a,
+	0x1692: 0x000a, 0x1693: 0x000a, 0x1694: 0x000a, 0x1696: 0x000a, 0x1697: 0x000a,
+	0x1698: 0x000a, 0x1699: 0x000a, 0x169a: 0x000a, 0x169b: 0x000a, 0x169c: 0x000a, 0x169d: 0x000a,
+	0x169e: 0x000a, 0x169f: 0x000a, 0x16a0: 0x000a, 0x16a1: 0x000a, 0x16a2: 0x000a, 0x16a3: 0x000a,
+	0x16a4: 0x000a, 0x16a5: 0x000a, 0x16a6: 0x000a, 0x16a7: 0x000a, 0x16a8: 0x000a, 0x16a9: 0x000a,
+	0x16aa: 0x000a, 0x16ab: 0x000a, 0x16ac: 0x000a, 0x16ad: 0x000a, 0x16ae: 0x000a, 0x16af: 0x000a,
+	0x16b0: 0x000a, 0x16b1: 0x000a, 0x16b2: 0x000a, 0x16b3: 0x000a, 0x16b4: 0x000a, 0x16b5: 0x000a,
+	0x16b6: 0x000a, 0x16b7: 0x000a, 0x16b8: 0x000a, 0x16b9: 0x000a, 0x16ba: 0x000a, 0x16bb: 0x000a,
+	0x16bc: 0x000a, 0x16bd: 0x000a, 0x16be: 0x000a, 0x16bf: 0x000a,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x000a, 0x16c1: 0x000a, 0x16c2: 0x000a, 0x16c3: 0x000a, 0x16c4: 0x000a, 0x16c5: 0x000a,
+	0x16c6: 0x000a, 0x16c7: 0x000a, 0x16c8: 0x000a, 0x16c9: 0x000a, 0x16ca: 0x000a, 0x16cb: 0x000a,
+	0x16cc: 0x000a, 0x16cd: 0x000a, 0x16ce: 0x000a, 0x16cf: 0x000a, 0x16d0: 0x000a, 0x16d1: 0x000a,
+	0x16d2: 0x000a, 0x16d3: 0x000a, 0x16d4: 0x000a, 0x16d5: 0x000a, 0x16d6: 0x000a, 0x16d7: 0x000a,
+	0x16d8: 0x000a, 0x16d9: 0x000a, 0x16da: 0x000a, 0x16db: 0x000a, 0x16dc: 0x000a, 0x16dd: 0x000a,
+	0x16de: 0x000a, 0x16df: 0x000a, 0x16e0: 0x000a, 0x16e1: 0x000a, 0x16e2: 0x000a, 0x16e3: 0x000a,
+	0x16e4: 0x000a, 0x16e5: 0x000a, 0x16e6: 0x000a,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x000a, 0x1701: 0x000a, 0x1702: 0x000a, 0x1703: 0x000a, 0x1704: 0x000a, 0x1705: 0x000a,
+	0x1706: 0x000a, 0x1707: 0x000a, 0x1708: 0x000a, 0x1709: 0x000a, 0x170a: 0x000a,
+	0x1720: 0x000a, 0x1721: 0x000a, 0x1722: 0x000a, 0x1723: 0x000a,
+	0x1724: 0x000a, 0x1725: 0x000a, 0x1726: 0x000a, 0x1727: 0x000a, 0x1728: 0x000a, 0x1729: 0x000a,
+	0x172a: 0x000a, 0x172b: 0x000a, 0x172c: 0x000a, 0x172d: 0x000a, 0x172e: 0x000a, 0x172f: 0x000a,
+	0x1730: 0x000a, 0x1731: 0x000a, 0x1732: 0x000a, 0x1733: 0x000a, 0x1734: 0x000a, 0x1735: 0x000a,
+	0x1736: 0x000a, 0x1737: 0x000a, 0x1738: 0x000a, 0x1739: 0x000a, 0x173a: 0x000a, 0x173b: 0x000a,
+	0x173c: 0x000a, 0x173d: 0x000a, 0x173e: 0x000a, 0x173f: 0x000a,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x000a, 0x1741: 0x000a, 0x1742: 0x000a, 0x1743: 0x000a, 0x1744: 0x000a, 0x1745: 0x000a,
+	0x1746: 0x000a, 0x1747: 0x000a, 0x1748: 0x0002, 0x1749: 0x0002, 0x174a: 0x0002, 0x174b: 0x0002,
+	0x174c: 0x0002, 0x174d: 0x0002, 0x174e: 0x0002, 0x174f: 0x0002, 0x1750: 0x0002, 0x1751: 0x0002,
+	0x1752: 0x0002, 0x1753: 0x0002, 0x1754: 0x0002, 0x1755: 0x0002, 0x1756: 0x0002, 0x1757: 0x0002,
+	0x1758: 0x0002, 0x1759: 0x0002, 0x175a: 0x0002, 0x175b: 0x0002,
+	// Block 0x5e, offset 0x1780
+	0x17aa: 0x000a, 0x17ab: 0x000a, 0x17ac: 0x000a, 0x17ad: 0x000a, 0x17ae: 0x000a, 0x17af: 0x000a,
+	0x17b0: 0x000a, 0x17b1: 0x000a, 0x17b2: 0x000a, 0x17b3: 0x000a, 0x17b4: 0x000a, 0x17b5: 0x000a,
+	0x17b6: 0x000a, 0x17b7: 0x000a, 0x17b8: 0x000a, 0x17b9: 0x000a, 0x17ba: 0x000a, 0x17bb: 0x000a,
+	0x17bc: 0x000a, 0x17bd: 0x000a, 0x17be: 0x000a, 0x17bf: 0x000a,
+	// Block 0x5f, offset 0x17c0
+	0x17c0: 0x000a, 0x17c1: 0x000a, 0x17c2: 0x000a, 0x17c3: 0x000a, 0x17c4: 0x000a, 0x17c5: 0x000a,
+	0x17c6: 0x000a, 0x17c7: 0x000a, 0x17c8: 0x000a, 0x17c9: 0x000a, 0x17ca: 0x000a, 0x17cb: 0x000a,
+	0x17cc: 0x000a, 0x17cd: 0x000a, 0x17ce: 0x000a, 0x17cf: 0x000a, 0x17d0: 0x000a, 0x17d1: 0x000a,
+	0x17d2: 0x000a, 0x17d3: 0x000a, 0x17d4: 0x000a, 0x17d5: 0x000a, 0x17d6: 0x000a, 0x17d7: 0x000a,
+	0x17d8: 0x000a, 0x17d9: 0x000a, 0x17da: 0x000a, 0x17db: 0x000a, 0x17dc: 0x000a, 0x17dd: 0x000a,
+	0x17de: 0x000a, 0x17df: 0x000a, 0x17e0: 0x000a, 0x17e1: 0x000a, 0x17e2: 0x000a, 0x17e3: 0x000a,
+	0x17e4: 0x000a, 0x17e5: 0x000a, 0x17e6: 0x000a, 0x17e7: 0x000a, 0x17e8: 0x000a, 0x17e9: 0x000a,
+	0x17ea: 0x000a, 0x17eb: 0x000a, 0x17ed: 0x000a, 0x17ee: 0x000a, 0x17ef: 0x000a,
+	0x17f0: 0x000a, 0x17f1: 0x000a, 0x17f2: 0x000a, 0x17f3: 0x000a, 0x17f4: 0x000a, 0x17f5: 0x000a,
+	0x17f6: 0x000a, 0x17f7: 0x000a, 0x17f8: 0x000a, 0x17f9: 0x000a, 0x17fa: 0x000a, 0x17fb: 0x000a,
+	0x17fc: 0x000a, 0x17fd: 0x000a, 0x17fe: 0x000a, 0x17ff: 0x000a,
+	// Block 0x60, offset 0x1800
+	0x1800: 0x000a, 0x1801: 0x000a, 0x1802: 0x000a, 0x1803: 0x000a, 0x1804: 0x000a, 0x1805: 0x000a,
+	0x1806: 0x000a, 0x1807: 0x000a, 0x1808: 0x000a, 0x1809: 0x000a, 0x180a: 0x000a, 0x180b: 0x000a,
+	0x180c: 0x000a, 0x180d: 0x000a, 0x180e: 0x000a, 0x180f: 0x000a, 0x1810: 0x000a, 0x1811: 0x000a,
+	0x1812: 0x000a, 0x1813: 0x000a, 0x1814: 0x000a, 0x1815: 0x000a, 0x1816: 0x000a, 0x1817: 0x000a,
+	0x1818: 0x000a, 0x1819: 0x000a, 0x181a: 0x000a, 0x181b: 0x000a, 0x181c: 0x000a, 0x181d: 0x000a,
+	0x181e: 0x000a, 0x181f: 0x000a, 0x1820: 0x000a, 0x1821: 0x000a, 0x1822: 0x000a, 0x1823: 0x000a,
+	0x1824: 0x000a, 0x1825: 0x000a, 0x1826: 0x000a, 0x1827: 0x000a, 0x1828: 0x003a, 0x1829: 0x002a,
+	0x182a: 0x003a, 0x182b: 0x002a, 0x182c: 0x003a, 0x182d: 0x002a, 0x182e: 0x003a, 0x182f: 0x002a,
+	0x1830: 0x003a, 0x1831: 0x002a, 0x1832: 0x003a, 0x1833: 0x002a, 0x1834: 0x003a, 0x1835: 0x002a,
+	0x1836: 0x000a, 0x1837: 0x000a, 0x1838: 0x000a, 0x1839: 0x000a, 0x183a: 0x000a, 0x183b: 0x000a,
+	0x183c: 0x000a, 0x183d: 0x000a, 0x183e: 0x000a, 0x183f: 0x000a,
+	// Block 0x61, offset 0x1840
+	0x1840: 0x000a, 0x1841: 0x000a, 0x1842: 0x000a, 0x1843: 0x000a, 0x1844: 0x000a, 0x1845: 0x009a,
+	0x1846: 0x008a, 0x1847: 0x000a, 0x1848: 0x000a, 0x1849: 0x000a, 0x184a: 0x000a, 0x184b: 0x000a,
+	0x184c: 0x000a, 0x184d: 0x000a, 0x184e: 0x000a, 0x184f: 0x000a, 0x1850: 0x000a, 0x1851: 0x000a,
+	0x1852: 0x000a, 0x1853: 0x000a, 0x1854: 0x000a, 0x1855: 0x000a, 0x1856: 0x000a, 0x1857: 0x000a,
+	0x1858: 0x000a, 0x1859: 0x000a, 0x185a: 0x000a, 0x185b: 0x000a, 0x185c: 0x000a, 0x185d: 0x000a,
+	0x185e: 0x000a, 0x185f: 0x000a, 0x1860: 0x000a, 0x1861: 0x000a, 0x1862: 0x000a, 0x1863: 0x000a,
+	0x1864: 0x000a, 0x1865: 0x000a, 0x1866: 0x003a, 0x1867: 0x002a, 0x1868: 0x003a, 0x1869: 0x002a,
+	0x186a: 0x003a, 0x186b: 0x002a, 0x186c: 0x003a, 0x186d: 0x002a, 0x186e: 0x003a, 0x186f: 0x002a,
+	0x1870: 0x000a, 0x1871: 0x000a, 0x1872: 0x000a, 0x1873: 0x000a, 0x1874: 0x000a, 0x1875: 0x000a,
+	0x1876: 0x000a, 0x1877: 0x000a, 0x1878: 0x000a, 0x1879: 0x000a, 0x187a: 0x000a, 0x187b: 0x000a,
+	0x187c: 0x000a, 0x187d: 0x000a, 0x187e: 0x000a, 0x187f: 0x000a,
+	// Block 0x62, offset 0x1880
+	0x1880: 0x000a, 0x1881: 0x000a, 0x1882: 0x000a, 0x1883: 0x007a, 0x1884: 0x006a, 0x1885: 0x009a,
+	0x1886: 0x008a, 0x1887: 0x00ba, 0x1888: 0x00aa, 0x1889: 0x009a, 0x188a: 0x008a, 0x188b: 0x007a,
+	0x188c: 0x006a, 0x188d: 0x00da, 0x188e: 0x002a, 0x188f: 0x003a, 0x1890: 0x00ca, 0x1891: 0x009a,
+	0x1892: 0x008a, 0x1893: 0x007a, 0x1894: 0x006a, 0x1895: 0x009a, 0x1896: 0x008a, 0x1897: 0x00ba,
+	0x1898: 0x00aa, 0x1899: 0x000a, 0x189a: 0x000a, 0x189b: 0x000a, 0x189c: 0x000a, 0x189d: 0x000a,
+	0x189e: 0x000a, 0x189f: 0x000a, 0x18a0: 0x000a, 0x18a1: 0x000a, 0x18a2: 0x000a, 0x18a3: 0x000a,
+	0x18a4: 0x000a, 0x18a5: 0x000a, 0x18a6: 0x000a, 0x18a7: 0x000a, 0x18a8: 0x000a, 0x18a9: 0x000a,
+	0x18aa: 0x000a, 0x18ab: 0x000a, 0x18ac: 0x000a, 0x18ad: 0x000a, 0x18ae: 0x000a, 0x18af: 0x000a,
+	0x18b0: 0x000a, 0x18b1: 0x000a, 0x18b2: 0x000a, 0x18b3: 0x000a, 0x18b4: 0x000a, 0x18b5: 0x000a,
+	0x18b6: 0x000a, 0x18b7: 0x000a, 0x18b8: 0x000a, 0x18b9: 0x000a, 0x18ba: 0x000a, 0x18bb: 0x000a,
+	0x18bc: 0x000a, 0x18bd: 0x000a, 0x18be: 0x000a, 0x18bf: 0x000a,
+	// Block 0x63, offset 0x18c0
+	0x18c0: 0x000a, 0x18c1: 0x000a, 0x18c2: 0x000a, 0x18c3: 0x000a, 0x18c4: 0x000a, 0x18c5: 0x000a,
+	0x18c6: 0x000a, 0x18c7: 0x000a, 0x18c8: 0x000a, 0x18c9: 0x000a, 0x18ca: 0x000a, 0x18cb: 0x000a,
+	0x18cc: 0x000a, 0x18cd: 0x000a, 0x18ce: 0x000a, 0x18cf: 0x000a, 0x18d0: 0x000a, 0x18d1: 0x000a,
+	0x18d2: 0x000a, 0x18d3: 0x000a, 0x18d4: 0x000a, 0x18d5: 0x000a, 0x18d6: 0x000a, 0x18d7: 0x000a,
+	0x18d8: 0x003a, 0x18d9: 0x002a, 0x18da: 0x003a, 0x18db: 0x002a, 0x18dc: 0x000a, 0x18dd: 0x000a,
+	0x18de: 0x000a, 0x18df: 0x000a, 0x18e0: 0x000a, 0x18e1: 0x000a, 0x18e2: 0x000a, 0x18e3: 0x000a,
+	0x18e4: 0x000a, 0x18e5: 0x000a, 0x18e6: 0x000a, 0x18e7: 0x000a, 0x18e8: 0x000a, 0x18e9: 0x000a,
+	0x18ea: 0x000a, 0x18eb: 0x000a, 0x18ec: 0x000a, 0x18ed: 0x000a, 0x18ee: 0x000a, 0x18ef: 0x000a,
+	0x18f0: 0x000a, 0x18f1: 0x000a, 0x18f2: 0x000a, 0x18f3: 0x000a, 0x18f4: 0x000a, 0x18f5: 0x000a,
+	0x18f6: 0x000a, 0x18f7: 0x000a, 0x18f8: 0x000a, 0x18f9: 0x000a, 0x18fa: 0x000a, 0x18fb: 0x000a,
+	0x18fc: 0x003a, 0x18fd: 0x002a, 0x18fe: 0x000a, 0x18ff: 0x000a,
+	// Block 0x64, offset 0x1900
+	0x1900: 0x000a, 0x1901: 0x000a, 0x1902: 0x000a, 0x1903: 0x000a, 0x1904: 0x000a, 0x1905: 0x000a,
+	0x1906: 0x000a, 0x1907: 0x000a, 0x1908: 0x000a, 0x1909: 0x000a, 0x190a: 0x000a, 0x190b: 0x000a,
+	0x190c: 0x000a, 0x190d: 0x000a, 0x190e: 0x000a, 0x190f: 0x000a, 0x1910: 0x000a, 0x1911: 0x000a,
+	0x1912: 0x000a, 0x1913: 0x000a, 0x1914: 0x000a, 0x1915: 0x000a, 0x1916: 0x000a, 0x1917: 0x000a,
+	0x1918: 0x000a, 0x1919: 0x000a, 0x191a: 0x000a, 0x191b: 0x000a, 0x191c: 0x000a, 0x191d: 0x000a,
+	0x191e: 0x000a, 0x191f: 0x000a, 0x1920: 0x000a, 0x1921: 0x000a, 0x1922: 0x000a, 0x1923: 0x000a,
+	0x1924: 0x000a, 0x1925: 0x000a, 0x1926: 0x000a, 0x1927: 0x000a, 0x1928: 0x000a, 0x1929: 0x000a,
+	0x192a: 0x000a, 0x192b: 0x000a, 0x192c: 0x000a, 0x192d: 0x000a, 0x192e: 0x000a, 0x192f: 0x000a,
+	0x1930: 0x000a, 0x1931: 0x000a, 0x1932: 0x000a, 0x1933: 0x000a,
+	0x1936: 0x000a, 0x1937: 0x000a, 0x1938: 0x000a, 0x1939: 0x000a, 0x193a: 0x000a, 0x193b: 0x000a,
+	0x193c: 0x000a, 0x193d: 0x000a, 0x193e: 0x000a, 0x193f: 0x000a,
+	// Block 0x65, offset 0x1940
+	0x1940: 0x000a, 0x1941: 0x000a, 0x1942: 0x000a, 0x1943: 0x000a, 0x1944: 0x000a, 0x1945: 0x000a,
+	0x1946: 0x000a, 0x1947: 0x000a, 0x1948: 0x000a, 0x1949: 0x000a, 0x194a: 0x000a, 0x194b: 0x000a,
+	0x194c: 0x000a, 0x194d: 0x000a, 0x194e: 0x000a, 0x194f: 0x000a, 0x1950: 0x000a, 0x1951: 0x000a,
+	0x1952: 0x000a, 0x1953: 0x000a, 0x1954: 0x000a, 0x1955: 0x000a,
+	0x1958: 0x000a, 0x1959: 0x000a, 0x195a: 0x000a, 0x195b: 0x000a, 0x195c: 0x000a, 0x195d: 0x000a,
+	0x195e: 0x000a, 0x195f: 0x000a, 0x1960: 0x000a, 0x1961: 0x000a, 0x1962: 0x000a, 0x1963: 0x000a,
+	0x1964: 0x000a, 0x1965: 0x000a, 0x1966: 0x000a, 0x1967: 0x000a, 0x1968: 0x000a, 0x1969: 0x000a,
+	0x196a: 0x000a, 0x196b: 0x000a, 0x196c: 0x000a, 0x196d: 0x000a, 0x196e: 0x000a, 0x196f: 0x000a,
+	0x1970: 0x000a, 0x1971: 0x000a, 0x1972: 0x000a, 0x1973: 0x000a, 0x1974: 0x000a, 0x1975: 0x000a,
+	0x1976: 0x000a, 0x1977: 0x000a, 0x1978: 0x000a, 0x1979: 0x000a, 0x197a: 0x000a, 0x197b: 0x000a,
+	0x197c: 0x000a, 0x197d: 0x000a, 0x197e: 0x000a, 0x197f: 0x000a,
+	// Block 0x66, offset 0x1980
+	0x1980: 0x000a, 0x1981: 0x000a, 0x1982: 0x000a, 0x1983: 0x000a, 0x1984: 0x000a, 0x1985: 0x000a,
+	0x1986: 0x000a, 0x1987: 0x000a, 0x1988: 0x000a, 0x198a: 0x000a, 0x198b: 0x000a,
+	0x198c: 0x000a, 0x198d: 0x000a, 0x198e: 0x000a, 0x198f: 0x000a, 0x1990: 0x000a, 0x1991: 0x000a,
+	0x1992: 0x000a, 0x1993: 0x000a, 0x1994: 0x000a, 0x1995: 0x000a, 0x1996: 0x000a, 0x1997: 0x000a,
+	0x1998: 0x000a, 0x1999: 0x000a, 0x199a: 0x000a, 0x199b: 0x000a, 0x199c: 0x000a, 0x199d: 0x000a,
+	0x199e: 0x000a, 0x199f: 0x000a, 0x19a0: 0x000a, 0x19a1: 0x000a, 0x19a2: 0x000a, 0x19a3: 0x000a,
+	0x19a4: 0x000a, 0x19a5: 0x000a, 0x19a6: 0x000a, 0x19a7: 0x000a, 0x19a8: 0x000a, 0x19a9: 0x000a,
+	0x19aa: 0x000a, 0x19ab: 0x000a, 0x19ac: 0x000a, 0x19ad: 0x000a, 0x19ae: 0x000a, 0x19af: 0x000a,
+	0x19b0: 0x000a, 0x19b1: 0x000a, 0x19b2: 0x000a, 0x19b3: 0x000a, 0x19b4: 0x000a, 0x19b5: 0x000a,
+	0x19b6: 0x000a, 0x19b7: 0x000a, 0x19b8: 0x000a, 0x19b9: 0x000a, 0x19ba: 0x000a, 0x19bb: 0x000a,
+	0x19bc: 0x000a, 0x19bd: 0x000a, 0x19be: 0x000a,
+	// Block 0x67, offset 0x19c0
+	0x19e5: 0x000a, 0x19e6: 0x000a, 0x19e7: 0x000a, 0x19e8: 0x000a, 0x19e9: 0x000a,
+	0x19ea: 0x000a, 0x19ef: 0x000c,
+	0x19f0: 0x000c, 0x19f1: 0x000c,
+	0x19f9: 0x000a, 0x19fa: 0x000a, 0x19fb: 0x000a,
+	0x19fc: 0x000a, 0x19fd: 0x000a, 0x19fe: 0x000a, 0x19ff: 0x000a,
+	// Block 0x68, offset 0x1a00
+	0x1a3f: 0x000c,
+	// Block 0x69, offset 0x1a40
+	0x1a60: 0x000c, 0x1a61: 0x000c, 0x1a62: 0x000c, 0x1a63: 0x000c,
+	0x1a64: 0x000c, 0x1a65: 0x000c, 0x1a66: 0x000c, 0x1a67: 0x000c, 0x1a68: 0x000c, 0x1a69: 0x000c,
+	0x1a6a: 0x000c, 0x1a6b: 0x000c, 0x1a6c: 0x000c, 0x1a6d: 0x000c, 0x1a6e: 0x000c, 0x1a6f: 0x000c,
+	0x1a70: 0x000c, 0x1a71: 0x000c, 0x1a72: 0x000c, 0x1a73: 0x000c, 0x1a74: 0x000c, 0x1a75: 0x000c,
+	0x1a76: 0x000c, 0x1a77: 0x000c, 0x1a78: 0x000c, 0x1a79: 0x000c, 0x1a7a: 0x000c, 0x1a7b: 0x000c,
+	0x1a7c: 0x000c, 0x1a7d: 0x000c, 0x1a7e: 0x000c, 0x1a7f: 0x000c,
+	// Block 0x6a, offset 0x1a80
+	0x1a80: 0x000a, 0x1a81: 0x000a, 0x1a82: 0x000a, 0x1a83: 0x000a, 0x1a84: 0x000a, 0x1a85: 0x000a,
+	0x1a86: 0x000a, 0x1a87: 0x000a, 0x1a88: 0x000a, 0x1a89: 0x000a, 0x1a8a: 0x000a, 0x1a8b: 0x000a,
+	0x1a8c: 0x000a, 0x1a8d: 0x000a, 0x1a8e: 0x000a, 0x1a8f: 0x000a, 0x1a90: 0x000a, 0x1a91: 0x000a,
+	0x1a92: 0x000a, 0x1a93: 0x000a, 0x1a94: 0x000a, 0x1a95: 0x000a, 0x1a96: 0x000a, 0x1a97: 0x000a,
+	0x1a98: 0x000a, 0x1a99: 0x000a, 0x1a9a: 0x000a, 0x1a9b: 0x000a, 0x1a9c: 0x000a, 0x1a9d: 0x000a,
+	0x1a9e: 0x000a, 0x1a9f: 0x000a, 0x1aa0: 0x000a, 0x1aa1: 0x000a, 0x1aa2: 0x003a, 0x1aa3: 0x002a,
+	0x1aa4: 0x003a, 0x1aa5: 0x002a, 0x1aa6: 0x003a, 0x1aa7: 0x002a, 0x1aa8: 0x003a, 0x1aa9: 0x002a,
+	0x1aaa: 0x000a, 0x1aab: 0x000a, 0x1aac: 0x000a, 0x1aad: 0x000a, 0x1aae: 0x000a, 0x1aaf: 0x000a,
+	0x1ab0: 0x000a, 0x1ab1: 0x000a, 0x1ab2: 0x000a, 0x1ab3: 0x000a, 0x1ab4: 0x000a, 0x1ab5: 0x000a,
+	0x1ab6: 0x000a, 0x1ab7: 0x000a, 0x1ab8: 0x000a, 0x1ab9: 0x000a, 0x1aba: 0x000a, 0x1abb: 0x000a,
+	0x1abc: 0x000a, 0x1abd: 0x000a, 0x1abe: 0x000a, 0x1abf: 0x000a,
+	// Block 0x6b, offset 0x1ac0
+	0x1ac0: 0x000a, 0x1ac1: 0x000a, 0x1ac2: 0x000a, 0x1ac3: 0x000a, 0x1ac4: 0x000a, 0x1ac5: 0x000a,
+	0x1ac6: 0x000a, 0x1ac7: 0x000a, 0x1ac8: 0x000a, 0x1ac9: 0x000a, 0x1aca: 0x000a, 0x1acb: 0x000a,
+	0x1acc: 0x000a, 0x1acd: 0x000a, 0x1ace: 0x000a,
+	// Block 0x6c, offset 0x1b00
+	0x1b00: 0x000a, 0x1b01: 0x000a, 0x1b02: 0x000a, 0x1b03: 0x000a, 0x1b04: 0x000a, 0x1b05: 0x000a,
+	0x1b06: 0x000a, 0x1b07: 0x000a, 0x1b08: 0x000a, 0x1b09: 0x000a, 0x1b0a: 0x000a, 0x1b0b: 0x000a,
+	0x1b0c: 0x000a, 0x1b0d: 0x000a, 0x1b0e: 0x000a, 0x1b0f: 0x000a, 0x1b10: 0x000a, 0x1b11: 0x000a,
+	0x1b12: 0x000a, 0x1b13: 0x000a, 0x1b14: 0x000a, 0x1b15: 0x000a, 0x1b16: 0x000a, 0x1b17: 0x000a,
+	0x1b18: 0x000a, 0x1b19: 0x000a, 0x1b1b: 0x000a, 0x1b1c: 0x000a, 0x1b1d: 0x000a,
+	0x1b1e: 0x000a, 0x1b1f: 0x000a, 0x1b20: 0x000a, 0x1b21: 0x000a, 0x1b22: 0x000a, 0x1b23: 0x000a,
+	0x1b24: 0x000a, 0x1b25: 0x000a, 0x1b26: 0x000a, 0x1b27: 0x000a, 0x1b28: 0x000a, 0x1b29: 0x000a,
+	0x1b2a: 0x000a, 0x1b2b: 0x000a, 0x1b2c: 0x000a, 0x1b2d: 0x000a, 0x1b2e: 0x000a, 0x1b2f: 0x000a,
+	0x1b30: 0x000a, 0x1b31: 0x000a, 0x1b32: 0x000a, 0x1b33: 0x000a, 0x1b34: 0x000a, 0x1b35: 0x000a,
+	0x1b36: 0x000a, 0x1b37: 0x000a, 0x1b38: 0x000a, 0x1b39: 0x000a, 0x1b3a: 0x000a, 0x1b3b: 0x000a,
+	0x1b3c: 0x000a, 0x1b3d: 0x000a, 0x1b3e: 0x000a, 0x1b3f: 0x000a,
+	// Block 0x6d, offset 0x1b40
+	0x1b40: 0x000a, 0x1b41: 0x000a, 0x1b42: 0x000a, 0x1b43: 0x000a, 0x1b44: 0x000a, 0x1b45: 0x000a,
+	0x1b46: 0x000a, 0x1b47: 0x000a, 0x1b48: 0x000a, 0x1b49: 0x000a, 0x1b4a: 0x000a, 0x1b4b: 0x000a,
+	0x1b4c: 0x000a, 0x1b4d: 0x000a, 0x1b4e: 0x000a, 0x1b4f: 0x000a, 0x1b50: 0x000a, 0x1b51: 0x000a,
+	0x1b52: 0x000a, 0x1b53: 0x000a, 0x1b54: 0x000a, 0x1b55: 0x000a, 0x1b56: 0x000a, 0x1b57: 0x000a,
+	0x1b58: 0x000a, 0x1b59: 0x000a, 0x1b5a: 0x000a, 0x1b5b: 0x000a, 0x1b5c: 0x000a, 0x1b5d: 0x000a,
+	0x1b5e: 0x000a, 0x1b5f: 0x000a, 0x1b60: 0x000a, 0x1b61: 0x000a, 0x1b62: 0x000a, 0x1b63: 0x000a,
+	0x1b64: 0x000a, 0x1b65: 0x000a, 0x1b66: 0x000a, 0x1b67: 0x000a, 0x1b68: 0x000a, 0x1b69: 0x000a,
+	0x1b6a: 0x000a, 0x1b6b: 0x000a, 0x1b6c: 0x000a, 0x1b6d: 0x000a, 0x1b6e: 0x000a, 0x1b6f: 0x000a,
+	0x1b70: 0x000a, 0x1b71: 0x000a, 0x1b72: 0x000a, 0x1b73: 0x000a,
+	// Block 0x6e, offset 0x1b80
+	0x1b80: 0x000a, 0x1b81: 0x000a, 0x1b82: 0x000a, 0x1b83: 0x000a, 0x1b84: 0x000a, 0x1b85: 0x000a,
+	0x1b86: 0x000a, 0x1b87: 0x000a, 0x1b88: 0x000a, 0x1b89: 0x000a, 0x1b8a: 0x000a, 0x1b8b: 0x000a,
+	0x1b8c: 0x000a, 0x1b8d: 0x000a, 0x1b8e: 0x000a, 0x1b8f: 0x000a, 0x1b90: 0x000a, 0x1b91: 0x000a,
+	0x1b92: 0x000a, 0x1b93: 0x000a, 0x1b94: 0x000a, 0x1b95: 0x000a,
+	0x1bb0: 0x000a, 0x1bb1: 0x000a, 0x1bb2: 0x000a, 0x1bb3: 0x000a, 0x1bb4: 0x000a, 0x1bb5: 0x000a,
+	0x1bb6: 0x000a, 0x1bb7: 0x000a, 0x1bb8: 0x000a, 0x1bb9: 0x000a, 0x1bba: 0x000a, 0x1bbb: 0x000a,
+	// Block 0x6f, offset 0x1bc0
+	0x1bc0: 0x0009, 0x1bc1: 0x000a, 0x1bc2: 0x000a, 0x1bc3: 0x000a, 0x1bc4: 0x000a,
+	0x1bc8: 0x003a, 0x1bc9: 0x002a, 0x1bca: 0x003a, 0x1bcb: 0x002a,
+	0x1bcc: 0x003a, 0x1bcd: 0x002a, 0x1bce: 0x003a, 0x1bcf: 0x002a, 0x1bd0: 0x003a, 0x1bd1: 0x002a,
+	0x1bd2: 0x000a, 0x1bd3: 0x000a, 0x1bd4: 0x003a, 0x1bd5: 0x002a, 0x1bd6: 0x003a, 0x1bd7: 0x002a,
+	0x1bd8: 0x003a, 0x1bd9: 0x002a, 0x1bda: 0x003a, 0x1bdb: 0x002a, 0x1bdc: 0x000a, 0x1bdd: 0x000a,
+	0x1bde: 0x000a, 0x1bdf: 0x000a, 0x1be0: 0x000a,
+	0x1bea: 0x000c, 0x1beb: 0x000c, 0x1bec: 0x000c, 0x1bed: 0x000c,
+	0x1bf0: 0x000a,
+	0x1bf6: 0x000a, 0x1bf7: 0x000a,
+	0x1bfd: 0x000a, 0x1bfe: 0x000a, 0x1bff: 0x000a,
+	// Block 0x70, offset 0x1c00
+	0x1c19: 0x000c, 0x1c1a: 0x000c, 0x1c1b: 0x000a, 0x1c1c: 0x000a,
+	0x1c20: 0x000a,
+	// Block 0x71, offset 0x1c40
+	0x1c7b: 0x000a,
+	// Block 0x72, offset 0x1c80
+	0x1c80: 0x000a, 0x1c81: 0x000a, 0x1c82: 0x000a, 0x1c83: 0x000a, 0x1c84: 0x000a, 0x1c85: 0x000a,
+	0x1c86: 0x000a, 0x1c87: 0x000a, 0x1c88: 0x000a, 0x1c89: 0x000a, 0x1c8a: 0x000a, 0x1c8b: 0x000a,
+	0x1c8c: 0x000a, 0x1c8d: 0x000a, 0x1c8e: 0x000a, 0x1c8f: 0x000a, 0x1c90: 0x000a, 0x1c91: 0x000a,
+	0x1c92: 0x000a, 0x1c93: 0x000a, 0x1c94: 0x000a, 0x1c95: 0x000a, 0x1c96: 0x000a, 0x1c97: 0x000a,
+	0x1c98: 0x000a, 0x1c99: 0x000a, 0x1c9a: 0x000a, 0x1c9b: 0x000a, 0x1c9c: 0x000a, 0x1c9d: 0x000a,
+	0x1c9e: 0x000a, 0x1c9f: 0x000a, 0x1ca0: 0x000a, 0x1ca1: 0x000a, 0x1ca2: 0x000a, 0x1ca3: 0x000a,
+	// Block 0x73, offset 0x1cc0
+	0x1cdd: 0x000a,
+	0x1cde: 0x000a,
+	// Block 0x74, offset 0x1d00
+	0x1d10: 0x000a, 0x1d11: 0x000a,
+	0x1d12: 0x000a, 0x1d13: 0x000a, 0x1d14: 0x000a, 0x1d15: 0x000a, 0x1d16: 0x000a, 0x1d17: 0x000a,
+	0x1d18: 0x000a, 0x1d19: 0x000a, 0x1d1a: 0x000a, 0x1d1b: 0x000a, 0x1d1c: 0x000a, 0x1d1d: 0x000a,
+	0x1d1e: 0x000a, 0x1d1f: 0x000a,
+	0x1d3c: 0x000a, 0x1d3d: 0x000a, 0x1d3e: 0x000a,
+	// Block 0x75, offset 0x1d40
+	0x1d71: 0x000a, 0x1d72: 0x000a, 0x1d73: 0x000a, 0x1d74: 0x000a, 0x1d75: 0x000a,
+	0x1d76: 0x000a, 0x1d77: 0x000a, 0x1d78: 0x000a, 0x1d79: 0x000a, 0x1d7a: 0x000a, 0x1d7b: 0x000a,
+	0x1d7c: 0x000a, 0x1d7d: 0x000a, 0x1d7e: 0x000a, 0x1d7f: 0x000a,
+	// Block 0x76, offset 0x1d80
+	0x1d8c: 0x000a, 0x1d8d: 0x000a, 0x1d8e: 0x000a, 0x1d8f: 0x000a,
+	// Block 0x77, offset 0x1dc0
+	0x1df7: 0x000a, 0x1df8: 0x000a, 0x1df9: 0x000a, 0x1dfa: 0x000a,
+	// Block 0x78, offset 0x1e00
+	0x1e1e: 0x000a, 0x1e1f: 0x000a,
+	0x1e3f: 0x000a,
+	// Block 0x79, offset 0x1e40
+	0x1e50: 0x000a, 0x1e51: 0x000a,
+	0x1e52: 0x000a, 0x1e53: 0x000a, 0x1e54: 0x000a, 0x1e55: 0x000a, 0x1e56: 0x000a, 0x1e57: 0x000a,
+	0x1e58: 0x000a, 0x1e59: 0x000a, 0x1e5a: 0x000a, 0x1e5b: 0x000a, 0x1e5c: 0x000a, 0x1e5d: 0x000a,
+	0x1e5e: 0x000a, 0x1e5f: 0x000a, 0x1e60: 0x000a, 0x1e61: 0x000a, 0x1e62: 0x000a, 0x1e63: 0x000a,
+	0x1e64: 0x000a, 0x1e65: 0x000a, 0x1e66: 0x000a, 0x1e67: 0x000a, 0x1e68: 0x000a, 0x1e69: 0x000a,
+	0x1e6a: 0x000a, 0x1e6b: 0x000a, 0x1e6c: 0x000a, 0x1e6d: 0x000a, 0x1e6e: 0x000a, 0x1e6f: 0x000a,
+	0x1e70: 0x000a, 0x1e71: 0x000a, 0x1e72: 0x000a, 0x1e73: 0x000a, 0x1e74: 0x000a, 0x1e75: 0x000a,
+	0x1e76: 0x000a, 0x1e77: 0x000a, 0x1e78: 0x000a, 0x1e79: 0x000a, 0x1e7a: 0x000a, 0x1e7b: 0x000a,
+	0x1e7c: 0x000a, 0x1e7d: 0x000a, 0x1e7e: 0x000a, 0x1e7f: 0x000a,
+	// Block 0x7a, offset 0x1e80
+	0x1e80: 0x000a, 0x1e81: 0x000a, 0x1e82: 0x000a, 0x1e83: 0x000a, 0x1e84: 0x000a, 0x1e85: 0x000a,
+	0x1e86: 0x000a,
+	// Block 0x7b, offset 0x1ec0
+	0x1ecd: 0x000a, 0x1ece: 0x000a, 0x1ecf: 0x000a,
+	// Block 0x7c, offset 0x1f00
+	0x1f2f: 0x000c,
+	0x1f30: 0x000c, 0x1f31: 0x000c, 0x1f32: 0x000c, 0x1f33: 0x000a, 0x1f34: 0x000c, 0x1f35: 0x000c,
+	0x1f36: 0x000c, 0x1f37: 0x000c, 0x1f38: 0x000c, 0x1f39: 0x000c, 0x1f3a: 0x000c, 0x1f3b: 0x000c,
+	0x1f3c: 0x000c, 0x1f3d: 0x000c, 0x1f3e: 0x000a, 0x1f3f: 0x000a,
+	// Block 0x7d, offset 0x1f40
+	0x1f5e: 0x000c, 0x1f5f: 0x000c,
+	// Block 0x7e, offset 0x1f80
+	0x1fb0: 0x000c, 0x1fb1: 0x000c,
+	// Block 0x7f, offset 0x1fc0
+	0x1fc0: 0x000a, 0x1fc1: 0x000a, 0x1fc2: 0x000a, 0x1fc3: 0x000a, 0x1fc4: 0x000a, 0x1fc5: 0x000a,
+	0x1fc6: 0x000a, 0x1fc7: 0x000a, 0x1fc8: 0x000a, 0x1fc9: 0x000a, 0x1fca: 0x000a, 0x1fcb: 0x000a,
+	0x1fcc: 0x000a, 0x1fcd: 0x000a, 0x1fce: 0x000a, 0x1fcf: 0x000a, 0x1fd0: 0x000a, 0x1fd1: 0x000a,
+	0x1fd2: 0x000a, 0x1fd3: 0x000a, 0x1fd4: 0x000a, 0x1fd5: 0x000a, 0x1fd6: 0x000a, 0x1fd7: 0x000a,
+	0x1fd8: 0x000a, 0x1fd9: 0x000a, 0x1fda: 0x000a, 0x1fdb: 0x000a, 0x1fdc: 0x000a, 0x1fdd: 0x000a,
+	0x1fde: 0x000a, 0x1fdf: 0x000a, 0x1fe0: 0x000a, 0x1fe1: 0x000a,
+	// Block 0x80, offset 0x2000
+	0x2008: 0x000a,
+	// Block 0x81, offset 0x2040
+	0x2042: 0x000c,
+	0x2046: 0x000c, 0x204b: 0x000c,
+	0x2065: 0x000c, 0x2066: 0x000c, 0x2068: 0x000a, 0x2069: 0x000a,
+	0x206a: 0x000a, 0x206b: 0x000a,
+	0x2078: 0x0004, 0x2079: 0x0004,
+	// Block 0x82, offset 0x2080
+	0x20b4: 0x000a, 0x20b5: 0x000a,
+	0x20b6: 0x000a, 0x20b7: 0x000a,
+	// Block 0x83, offset 0x20c0
+	0x20c4: 0x000c, 0x20c5: 0x000c,
+	0x20e0: 0x000c, 0x20e1: 0x000c, 0x20e2: 0x000c, 0x20e3: 0x000c,
+	0x20e4: 0x000c, 0x20e5: 0x000c, 0x20e6: 0x000c, 0x20e7: 0x000c, 0x20e8: 0x000c, 0x20e9: 0x000c,
+	0x20ea: 0x000c, 0x20eb: 0x000c, 0x20ec: 0x000c, 0x20ed: 0x000c, 0x20ee: 0x000c, 0x20ef: 0x000c,
+	0x20f0: 0x000c, 0x20f1: 0x000c,
+	0x20ff: 0x000c,
+	// Block 0x84, offset 0x2100
+	0x2126: 0x000c, 0x2127: 0x000c, 0x2128: 0x000c, 0x2129: 0x000c,
+	0x212a: 0x000c, 0x212b: 0x000c, 0x212c: 0x000c, 0x212d: 0x000c,
+	// Block 0x85, offset 0x2140
+	0x2147: 0x000c, 0x2148: 0x000c, 0x2149: 0x000c, 0x214a: 0x000c, 0x214b: 0x000c,
+	0x214c: 0x000c, 0x214d: 0x000c, 0x214e: 0x000c, 0x214f: 0x000c, 0x2150: 0x000c, 0x2151: 0x000c,
+	// Block 0x86, offset 0x2180
+	0x2180: 0x000c, 0x2181: 0x000c, 0x2182: 0x000c,
+	0x21b3: 0x000c,
+	0x21b6: 0x000c, 0x21b7: 0x000c, 0x21b8: 0x000c, 0x21b9: 0x000c,
+	0x21bc: 0x000c,
+	// Block 0x87, offset 0x21c0
+	0x21e5: 0x000c,
+	// Block 0x88, offset 0x2200
+	0x2229: 0x000c,
+	0x222a: 0x000c, 0x222b: 0x000c, 0x222c: 0x000c, 0x222d: 0x000c, 0x222e: 0x000c,
+	0x2231: 0x000c, 0x2232: 0x000c, 0x2235: 0x000c,
+	0x2236: 0x000c,
+	// Block 0x89, offset 0x2240
+	0x2243: 0x000c,
+	0x224c: 0x000c,
+	0x227c: 0x000c,
+	// Block 0x8a, offset 0x2280
+	0x22b0: 0x000c, 0x22b2: 0x000c, 0x22b3: 0x000c, 0x22b4: 0x000c,
+	0x22b7: 0x000c, 0x22b8: 0x000c,
+	0x22be: 0x000c, 0x22bf: 0x000c,
+	// Block 0x8b, offset 0x22c0
+	0x22c1: 0x000c,
+	0x22ec: 0x000c, 0x22ed: 0x000c,
+	0x22f6: 0x000c,
+	// Block 0x8c, offset 0x2300
+	0x2325: 0x000c, 0x2328: 0x000c,
+	0x232d: 0x000c,
+	// Block 0x8d, offset 0x2340
+	0x235d: 0x0001,
+	0x235e: 0x000c, 0x235f: 0x0001, 0x2360: 0x0001, 0x2361: 0x0001, 0x2362: 0x0001, 0x2363: 0x0001,
+	0x2364: 0x0001, 0x2365: 0x0001, 0x2366: 0x0001, 0x2367: 0x0001, 0x2368: 0x0001, 0x2369: 0x0003,
+	0x236a: 0x0001, 0x236b: 0x0001, 0x236c: 0x0001, 0x236d: 0x0001, 0x236e: 0x0001, 0x236f: 0x0001,
+	0x2370: 0x0001, 0x2371: 0x0001, 0x2372: 0x0001, 0x2373: 0x0001, 0x2374: 0x0001, 0x2375: 0x0001,
+	0x2376: 0x0001, 0x2377: 0x0001, 0x2378: 0x0001, 0x2379: 0x0001, 0x237a: 0x0001, 0x237b: 0x0001,
+	0x237c: 0x0001, 0x237d: 0x0001, 0x237e: 0x0001, 0x237f: 0x0001,
+	// Block 0x8e, offset 0x2380
+	0x2380: 0x0001, 0x2381: 0x0001, 0x2382: 0x0001, 0x2383: 0x0001, 0x2384: 0x0001, 0x2385: 0x0001,
+	0x2386: 0x0001, 0x2387: 0x0001, 0x2388: 0x0001, 0x2389: 0x0001, 0x238a: 0x0001, 0x238b: 0x0001,
+	0x238c: 0x0001, 0x238d: 0x0001, 0x238e: 0x0001, 0x238f: 0x0001, 0x2390: 0x000d, 0x2391: 0x000d,
+	0x2392: 0x000d, 0x2393: 0x000d, 0x2394: 0x000d, 0x2395: 0x000d, 0x2396: 0x000d, 0x2397: 0x000d,
+	0x2398: 0x000d, 0x2399: 0x000d, 0x239a: 0x000d, 0x239b: 0x000d, 0x239c: 0x000d, 0x239d: 0x000d,
+	0x239e: 0x000d, 0x239f: 0x000d, 0x23a0: 0x000d, 0x23a1: 0x000d, 0x23a2: 0x000d, 0x23a3: 0x000d,
+	0x23a4: 0x000d, 0x23a5: 0x000d, 0x23a6: 0x000d, 0x23a7: 0x000d, 0x23a8: 0x000d, 0x23a9: 0x000d,
+	0x23aa: 0x000d, 0x23ab: 0x000d, 0x23ac: 0x000d, 0x23ad: 0x000d, 0x23ae: 0x000d, 0x23af: 0x000d,
+	0x23b0: 0x000d, 0x23b1: 0x000d, 0x23b2: 0x000d, 0x23b3: 0x000d, 0x23b4: 0x000d, 0x23b5: 0x000d,
+	0x23b6: 0x000d, 0x23b7: 0x000d, 0x23b8: 0x000d, 0x23b9: 0x000d, 0x23ba: 0x000d, 0x23bb: 0x000d,
+	0x23bc: 0x000d, 0x23bd: 0x000d, 0x23be: 0x000d, 0x23bf: 0x000d,
+	// Block 0x8f, offset 0x23c0
+	0x23c0: 0x000d, 0x23c1: 0x000d, 0x23c2: 0x000d, 0x23c3: 0x000d, 0x23c4: 0x000d, 0x23c5: 0x000d,
+	0x23c6: 0x000d, 0x23c7: 0x000d, 0x23c8: 0x000d, 0x23c9: 0x000d, 0x23ca: 0x000d, 0x23cb: 0x000d,
+	0x23cc: 0x000d, 0x23cd: 0x000d, 0x23ce: 0x000d, 0x23cf: 0x000d, 0x23d0: 0x000d, 0x23d1: 0x000d,
+	0x23d2: 0x000d, 0x23d3: 0x000d, 0x23d4: 0x000d, 0x23d5: 0x000d, 0x23d6: 0x000d, 0x23d7: 0x000d,
+	0x23d8: 0x000d, 0x23d9: 0x000d, 0x23da: 0x000d, 0x23db: 0x000d, 0x23dc: 0x000d, 0x23dd: 0x000d,
+	0x23de: 0x000d, 0x23df: 0x000d, 0x23e0: 0x000d, 0x23e1: 0x000d, 0x23e2: 0x000d, 0x23e3: 0x000d,
+	0x23e4: 0x000d, 0x23e5: 0x000d, 0x23e6: 0x000d, 0x23e7: 0x000d, 0x23e8: 0x000d, 0x23e9: 0x000d,
+	0x23ea: 0x000d, 0x23eb: 0x000d, 0x23ec: 0x000d, 0x23ed: 0x000d, 0x23ee: 0x000d, 0x23ef: 0x000d,
+	0x23f0: 0x000d, 0x23f1: 0x000d, 0x23f2: 0x000d, 0x23f3: 0x000d, 0x23f4: 0x000d, 0x23f5: 0x000d,
+	0x23f6: 0x000d, 0x23f7: 0x000d, 0x23f8: 0x000d, 0x23f9: 0x000d, 0x23fa: 0x000d, 0x23fb: 0x000d,
+	0x23fc: 0x000d, 0x23fd: 0x000d, 0x23fe: 0x000a, 0x23ff: 0x000a,
+	// Block 0x90, offset 0x2400
+	0x2400: 0x000d, 0x2401: 0x000d, 0x2402: 0x000d, 0x2403: 0x000d, 0x2404: 0x000d, 0x2405: 0x000d,
+	0x2406: 0x000d, 0x2407: 0x000d, 0x2408: 0x000d, 0x2409: 0x000d, 0x240a: 0x000d, 0x240b: 0x000d,
+	0x240c: 0x000d, 0x240d: 0x000d, 0x240e: 0x000d, 0x240f: 0x000d, 0x2410: 0x000b, 0x2411: 0x000b,
+	0x2412: 0x000b, 0x2413: 0x000b, 0x2414: 0x000b, 0x2415: 0x000b, 0x2416: 0x000b, 0x2417: 0x000b,
+	0x2418: 0x000b, 0x2419: 0x000b, 0x241a: 0x000b, 0x241b: 0x000b, 0x241c: 0x000b, 0x241d: 0x000b,
+	0x241e: 0x000b, 0x241f: 0x000b, 0x2420: 0x000b, 0x2421: 0x000b, 0x2422: 0x000b, 0x2423: 0x000b,
+	0x2424: 0x000b, 0x2425: 0x000b, 0x2426: 0x000b, 0x2427: 0x000b, 0x2428: 0x000b, 0x2429: 0x000b,
+	0x242a: 0x000b, 0x242b: 0x000b, 0x242c: 0x000b, 0x242d: 0x000b, 0x242e: 0x000b, 0x242f: 0x000b,
+	0x2430: 0x000d, 0x2431: 0x000d, 0x2432: 0x000d, 0x2433: 0x000d, 0x2434: 0x000d, 0x2435: 0x000d,
+	0x2436: 0x000d, 0x2437: 0x000d, 0x2438: 0x000d, 0x2439: 0x000d, 0x243a: 0x000d, 0x243b: 0x000d,
+	0x243c: 0x000d, 0x243d: 0x000a, 0x243e: 0x000d, 0x243f: 0x000d,
+	// Block 0x91, offset 0x2440
+	0x2440: 0x000c, 0x2441: 0x000c, 0x2442: 0x000c, 0x2443: 0x000c, 0x2444: 0x000c, 0x2445: 0x000c,
+	0x2446: 0x000c, 0x2447: 0x000c, 0x2448: 0x000c, 0x2449: 0x000c, 0x244a: 0x000c, 0x244b: 0x000c,
+	0x244c: 0x000c, 0x244d: 0x000c, 0x244e: 0x000c, 0x244f: 0x000c, 0x2450: 0x000a, 0x2451: 0x000a,
+	0x2452: 0x000a, 0x2453: 0x000a, 0x2454: 0x000a, 0x2455: 0x000a, 0x2456: 0x000a, 0x2457: 0x000a,
+	0x2458: 0x000a, 0x2459: 0x000a,
+	0x2460: 0x000c, 0x2461: 0x000c, 0x2462: 0x000c, 0x2463: 0x000c,
+	0x2464: 0x000c, 0x2465: 0x000c, 0x2466: 0x000c, 0x2467: 0x000c, 0x2468: 0x000c, 0x2469: 0x000c,
+	0x246a: 0x000c, 0x246b: 0x000c, 0x246c: 0x000c, 0x246d: 0x000c, 0x246e: 0x000c, 0x246f: 0x000c,
+	0x2470: 0x000a, 0x2471: 0x000a, 0x2472: 0x000a, 0x2473: 0x000a, 0x2474: 0x000a, 0x2475: 0x000a,
+	0x2476: 0x000a, 0x2477: 0x000a, 0x2478: 0x000a, 0x2479: 0x000a, 0x247a: 0x000a, 0x247b: 0x000a,
+	0x247c: 0x000a, 0x247d: 0x000a, 0x247e: 0x000a, 0x247f: 0x000a,
+	// Block 0x92, offset 0x2480
+	0x2480: 0x000a, 0x2481: 0x000a, 0x2482: 0x000a, 0x2483: 0x000a, 0x2484: 0x000a, 0x2485: 0x000a,
+	0x2486: 0x000a, 0x2487: 0x000a, 0x2488: 0x000a, 0x2489: 0x000a, 0x248a: 0x000a, 0x248b: 0x000a,
+	0x248c: 0x000a, 0x248d: 0x000a, 0x248e: 0x000a, 0x248f: 0x000a, 0x2490: 0x0006, 0x2491: 0x000a,
+	0x2492: 0x0006, 0x2494: 0x000a, 0x2495: 0x0006, 0x2496: 0x000a, 0x2497: 0x000a,
+	0x2498: 0x000a, 0x2499: 0x009a, 0x249a: 0x008a, 0x249b: 0x007a, 0x249c: 0x006a, 0x249d: 0x009a,
+	0x249e: 0x008a, 0x249f: 0x0004, 0x24a0: 0x000a, 0x24a1: 0x000a, 0x24a2: 0x0003, 0x24a3: 0x0003,
+	0x24a4: 0x000a, 0x24a5: 0x000a, 0x24a6: 0x000a, 0x24a8: 0x000a, 0x24a9: 0x0004,
+	0x24aa: 0x0004, 0x24ab: 0x000a,
+	0x24b0: 0x000d, 0x24b1: 0x000d, 0x24b2: 0x000d, 0x24b3: 0x000d, 0x24b4: 0x000d, 0x24b5: 0x000d,
+	0x24b6: 0x000d, 0x24b7: 0x000d, 0x24b8: 0x000d, 0x24b9: 0x000d, 0x24ba: 0x000d, 0x24bb: 0x000d,
+	0x24bc: 0x000d, 0x24bd: 0x000d, 0x24be: 0x000d, 0x24bf: 0x000d,
+	// Block 0x93, offset 0x24c0
+	0x24c0: 0x000d, 0x24c1: 0x000d, 0x24c2: 0x000d, 0x24c3: 0x000d, 0x24c4: 0x000d, 0x24c5: 0x000d,
+	0x24c6: 0x000d, 0x24c7: 0x000d, 0x24c8: 0x000d, 0x24c9: 0x000d, 0x24ca: 0x000d, 0x24cb: 0x000d,
+	0x24cc: 0x000d, 0x24cd: 0x000d, 0x24ce: 0x000d, 0x24cf: 0x000d, 0x24d0: 0x000d, 0x24d1: 0x000d,
+	0x24d2: 0x000d, 0x24d3: 0x000d, 0x24d4: 0x000d, 0x24d5: 0x000d, 0x24d6: 0x000d, 0x24d7: 0x000d,
+	0x24d8: 0x000d, 0x24d9: 0x000d, 0x24da: 0x000d, 0x24db: 0x000d, 0x24dc: 0x000d, 0x24dd: 0x000d,
+	0x24de: 0x000d, 0x24df: 0x000d, 0x24e0: 0x000d, 0x24e1: 0x000d, 0x24e2: 0x000d, 0x24e3: 0x000d,
+	0x24e4: 0x000d, 0x24e5: 0x000d, 0x24e6: 0x000d, 0x24e7: 0x000d, 0x24e8: 0x000d, 0x24e9: 0x000d,
+	0x24ea: 0x000d, 0x24eb: 0x000d, 0x24ec: 0x000d, 0x24ed: 0x000d, 0x24ee: 0x000d, 0x24ef: 0x000d,
+	0x24f0: 0x000d, 0x24f1: 0x000d, 0x24f2: 0x000d, 0x24f3: 0x000d, 0x24f4: 0x000d, 0x24f5: 0x000d,
+	0x24f6: 0x000d, 0x24f7: 0x000d, 0x24f8: 0x000d, 0x24f9: 0x000d, 0x24fa: 0x000d, 0x24fb: 0x000d,
+	0x24fc: 0x000d, 0x24fd: 0x000d, 0x24fe: 0x000d, 0x24ff: 0x000b,
+	// Block 0x94, offset 0x2500
+	0x2501: 0x000a, 0x2502: 0x000a, 0x2503: 0x0004, 0x2504: 0x0004, 0x2505: 0x0004,
+	0x2506: 0x000a, 0x2507: 0x000a, 0x2508: 0x003a, 0x2509: 0x002a, 0x250a: 0x000a, 0x250b: 0x0003,
+	0x250c: 0x0006, 0x250d: 0x0003, 0x250e: 0x0006, 0x250f: 0x0006, 0x2510: 0x0002, 0x2511: 0x0002,
+	0x2512: 0x0002, 0x2513: 0x0002, 0x2514: 0x0002, 0x2515: 0x0002, 0x2516: 0x0002, 0x2517: 0x0002,
+	0x2518: 0x0002, 0x2519: 0x0002, 0x251a: 0x0006, 0x251b: 0x000a, 0x251c: 0x000a, 0x251d: 0x000a,
+	0x251e: 0x000a, 0x251f: 0x000a, 0x2520: 0x000a,
+	0x253b: 0x005a,
+	0x253c: 0x000a, 0x253d: 0x004a, 0x253e: 0x000a, 0x253f: 0x000a,
+	// Block 0x95, offset 0x2540
+	0x2540: 0x000a,
+	0x255b: 0x005a, 0x255c: 0x000a, 0x255d: 0x004a,
+	0x255e: 0x000a, 0x255f: 0x00fa, 0x2560: 0x00ea, 0x2561: 0x000a, 0x2562: 0x003a, 0x2563: 0x002a,
+	0x2564: 0x000a, 0x2565: 0x000a,
+	// Block 0x96, offset 0x2580
+	0x25a0: 0x0004, 0x25a1: 0x0004, 0x25a2: 0x000a, 0x25a3: 0x000a,
+	0x25a4: 0x000a, 0x25a5: 0x0004, 0x25a6: 0x0004, 0x25a8: 0x000a, 0x25a9: 0x000a,
+	0x25aa: 0x000a, 0x25ab: 0x000a, 0x25ac: 0x000a, 0x25ad: 0x000a, 0x25ae: 0x000a,
+	0x25b0: 0x000b, 0x25b1: 0x000b, 0x25b2: 0x000b, 0x25b3: 0x000b, 0x25b4: 0x000b, 0x25b5: 0x000b,
+	0x25b6: 0x000b, 0x25b7: 0x000b, 0x25b8: 0x000b, 0x25b9: 0x000a, 0x25ba: 0x000a, 0x25bb: 0x000a,
+	0x25bc: 0x000a, 0x25bd: 0x000a, 0x25be: 0x000b, 0x25bf: 0x000b,
+	// Block 0x97, offset 0x25c0
+	0x25c1: 0x000a,
+	// Block 0x98, offset 0x2600
+	0x2600: 0x000a, 0x2601: 0x000a, 0x2602: 0x000a, 0x2603: 0x000a, 0x2604: 0x000a, 0x2605: 0x000a,
+	0x2606: 0x000a, 0x2607: 0x000a, 0x2608: 0x000a, 0x2609: 0x000a, 0x260a: 0x000a, 0x260b: 0x000a,
+	0x260c: 0x000a, 0x2610: 0x000a, 0x2611: 0x000a,
+	0x2612: 0x000a, 0x2613: 0x000a, 0x2614: 0x000a, 0x2615: 0x000a, 0x2616: 0x000a, 0x2617: 0x000a,
+	0x2618: 0x000a, 0x2619: 0x000a, 0x261a: 0x000a, 0x261b: 0x000a,
+	0x2620: 0x000a,
+	// Block 0x99, offset 0x2640
+	0x267d: 0x000c,
+	// Block 0x9a, offset 0x2680
+	0x26a0: 0x000c, 0x26a1: 0x0002, 0x26a2: 0x0002, 0x26a3: 0x0002,
+	0x26a4: 0x0002, 0x26a5: 0x0002, 0x26a6: 0x0002, 0x26a7: 0x0002, 0x26a8: 0x0002, 0x26a9: 0x0002,
+	0x26aa: 0x0002, 0x26ab: 0x0002, 0x26ac: 0x0002, 0x26ad: 0x0002, 0x26ae: 0x0002, 0x26af: 0x0002,
+	0x26b0: 0x0002, 0x26b1: 0x0002, 0x26b2: 0x0002, 0x26b3: 0x0002, 0x26b4: 0x0002, 0x26b5: 0x0002,
+	0x26b6: 0x0002, 0x26b7: 0x0002, 0x26b8: 0x0002, 0x26b9: 0x0002, 0x26ba: 0x0002, 0x26bb: 0x0002,
+	// Block 0x9b, offset 0x26c0
+	0x26f6: 0x000c, 0x26f7: 0x000c, 0x26f8: 0x000c, 0x26f9: 0x000c, 0x26fa: 0x000c,
+	// Block 0x9c, offset 0x2700
+	0x2700: 0x0001, 0x2701: 0x0001, 0x2702: 0x0001, 0x2703: 0x0001, 0x2704: 0x0001, 0x2705: 0x0001,
+	0x2706: 0x0001, 0x2707: 0x0001, 0x2708: 0x0001, 0x2709: 0x0001, 0x270a: 0x0001, 0x270b: 0x0001,
+	0x270c: 0x0001, 0x270d: 0x0001, 0x270e: 0x0001, 0x270f: 0x0001, 0x2710: 0x0001, 0x2711: 0x0001,
+	0x2712: 0x0001, 0x2713: 0x0001, 0x2714: 0x0001, 0x2715: 0x0001, 0x2716: 0x0001, 0x2717: 0x0001,
+	0x2718: 0x0001, 0x2719: 0x0001, 0x271a: 0x0001, 0x271b: 0x0001, 0x271c: 0x0001, 0x271d: 0x0001,
+	0x271e: 0x0001, 0x271f: 0x0001, 0x2720: 0x0001, 0x2721: 0x0001, 0x2722: 0x0001, 0x2723: 0x0001,
+	0x2724: 0x0001, 0x2725: 0x0001, 0x2726: 0x0001, 0x2727: 0x0001, 0x2728: 0x0001, 0x2729: 0x0001,
+	0x272a: 0x0001, 0x272b: 0x0001, 0x272c: 0x0001, 0x272d: 0x0001, 0x272e: 0x0001, 0x272f: 0x0001,
+	0x2730: 0x0001, 0x2731: 0x0001, 0x2732: 0x0001, 0x2733: 0x0001, 0x2734: 0x0001, 0x2735: 0x0001,
+	0x2736: 0x0001, 0x2737: 0x0001, 0x2738: 0x0001, 0x2739: 0x0001, 0x273a: 0x0001, 0x273b: 0x0001,
+	0x273c: 0x0001, 0x273d: 0x0001, 0x273e: 0x0001, 0x273f: 0x0001,
+	// Block 0x9d, offset 0x2740
+	0x2740: 0x0001, 0x2741: 0x0001, 0x2742: 0x0001, 0x2743: 0x0001, 0x2744: 0x0001, 0x2745: 0x0001,
+	0x2746: 0x0001, 0x2747: 0x0001, 0x2748: 0x0001, 0x2749: 0x0001, 0x274a: 0x0001, 0x274b: 0x0001,
+	0x274c: 0x0001, 0x274d: 0x0001, 0x274e: 0x0001, 0x274f: 0x0001, 0x2750: 0x0001, 0x2751: 0x0001,
+	0x2752: 0x0001, 0x2753: 0x0001, 0x2754: 0x0001, 0x2755: 0x0001, 0x2756: 0x0001, 0x2757: 0x0001,
+	0x2758: 0x0001, 0x2759: 0x0001, 0x275a: 0x0001, 0x275b: 0x0001, 0x275c: 0x0001, 0x275d: 0x0001,
+	0x275e: 0x0001, 0x275f: 0x000a, 0x2760: 0x0001, 0x2761: 0x0001, 0x2762: 0x0001, 0x2763: 0x0001,
+	0x2764: 0x0001, 0x2765: 0x0001, 0x2766: 0x0001, 0x2767: 0x0001, 0x2768: 0x0001, 0x2769: 0x0001,
+	0x276a: 0x0001, 0x276b: 0x0001, 0x276c: 0x0001, 0x276d: 0x0001, 0x276e: 0x0001, 0x276f: 0x0001,
+	0x2770: 0x0001, 0x2771: 0x0001, 0x2772: 0x0001, 0x2773: 0x0001, 0x2774: 0x0001, 0x2775: 0x0001,
+	0x2776: 0x0001, 0x2777: 0x0001, 0x2778: 0x0001, 0x2779: 0x0001, 0x277a: 0x0001, 0x277b: 0x0001,
+	0x277c: 0x0001, 0x277d: 0x0001, 0x277e: 0x0001, 0x277f: 0x0001,
+	// Block 0x9e, offset 0x2780
+	0x2780: 0x0001, 0x2781: 0x000c, 0x2782: 0x000c, 0x2783: 0x000c, 0x2784: 0x0001, 0x2785: 0x000c,
+	0x2786: 0x000c, 0x2787: 0x0001, 0x2788: 0x0001, 0x2789: 0x0001, 0x278a: 0x0001, 0x278b: 0x0001,
+	0x278c: 0x000c, 0x278d: 0x000c, 0x278e: 0x000c, 0x278f: 0x000c, 0x2790: 0x0001, 0x2791: 0x0001,
+	0x2792: 0x0001, 0x2793: 0x0001, 0x2794: 0x0001, 0x2795: 0x0001, 0x2796: 0x0001, 0x2797: 0x0001,
+	0x2798: 0x0001, 0x2799: 0x0001, 0x279a: 0x0001, 0x279b: 0x0001, 0x279c: 0x0001, 0x279d: 0x0001,
+	0x279e: 0x0001, 0x279f: 0x0001, 0x27a0: 0x0001, 0x27a1: 0x0001, 0x27a2: 0x0001, 0x27a3: 0x0001,
+	0x27a4: 0x0001, 0x27a5: 0x0001, 0x27a6: 0x0001, 0x27a7: 0x0001, 0x27a8: 0x0001, 0x27a9: 0x0001,
+	0x27aa: 0x0001, 0x27ab: 0x0001, 0x27ac: 0x0001, 0x27ad: 0x0001, 0x27ae: 0x0001, 0x27af: 0x0001,
+	0x27b0: 0x0001, 0x27b1: 0x0001, 0x27b2: 0x0001, 0x27b3: 0x0001, 0x27b4: 0x0001, 0x27b5: 0x0001,
+	0x27b6: 0x0001, 0x27b7: 0x0001, 0x27b8: 0x000c, 0x27b9: 0x000c, 0x27ba: 0x000c, 0x27bb: 0x0001,
+	0x27bc: 0x0001, 0x27bd: 0x0001, 0x27be: 0x0001, 0x27bf: 0x000c,
+	// Block 0x9f, offset 0x27c0
+	0x27c0: 0x0001, 0x27c1: 0x0001, 0x27c2: 0x0001, 0x27c3: 0x0001, 0x27c4: 0x0001, 0x27c5: 0x0001,
+	0x27c6: 0x0001, 0x27c7: 0x0001, 0x27c8: 0x0001, 0x27c9: 0x0001, 0x27ca: 0x0001, 0x27cb: 0x0001,
+	0x27cc: 0x0001, 0x27cd: 0x0001, 0x27ce: 0x0001, 0x27cf: 0x0001, 0x27d0: 0x0001, 0x27d1: 0x0001,
+	0x27d2: 0x0001, 0x27d3: 0x0001, 0x27d4: 0x0001, 0x27d5: 0x0001, 0x27d6: 0x0001, 0x27d7: 0x0001,
+	0x27d8: 0x0001, 0x27d9: 0x0001, 0x27da: 0x0001, 0x27db: 0x0001, 0x27dc: 0x0001, 0x27dd: 0x0001,
+	0x27de: 0x0001, 0x27df: 0x0001, 0x27e0: 0x0001, 0x27e1: 0x0001, 0x27e2: 0x0001, 0x27e3: 0x0001,
+	0x27e4: 0x0001, 0x27e5: 0x000c, 0x27e6: 0x000c, 0x27e7: 0x0001, 0x27e8: 0x0001, 0x27e9: 0x0001,
+	0x27ea: 0x0001, 0x27eb: 0x0001, 0x27ec: 0x0001, 0x27ed: 0x0001, 0x27ee: 0x0001, 0x27ef: 0x0001,
+	0x27f0: 0x0001, 0x27f1: 0x0001, 0x27f2: 0x0001, 0x27f3: 0x0001, 0x27f4: 0x0001, 0x27f5: 0x0001,
+	0x27f6: 0x0001, 0x27f7: 0x0001, 0x27f8: 0x0001, 0x27f9: 0x0001, 0x27fa: 0x0001, 0x27fb: 0x0001,
+	0x27fc: 0x0001, 0x27fd: 0x0001, 0x27fe: 0x0001, 0x27ff: 0x0001,
+	// Block 0xa0, offset 0x2800
+	0x2800: 0x0001, 0x2801: 0x0001, 0x2802: 0x0001, 0x2803: 0x0001, 0x2804: 0x0001, 0x2805: 0x0001,
+	0x2806: 0x0001, 0x2807: 0x0001, 0x2808: 0x0001, 0x2809: 0x0001, 0x280a: 0x0001, 0x280b: 0x0001,
+	0x280c: 0x0001, 0x280d: 0x0001, 0x280e: 0x0001, 0x280f: 0x0001, 0x2810: 0x0001, 0x2811: 0x0001,
+	0x2812: 0x0001, 0x2813: 0x0001, 0x2814: 0x0001, 0x2815: 0x0001, 0x2816: 0x0001, 0x2817: 0x0001,
+	0x2818: 0x0001, 0x2819: 0x0001, 0x281a: 0x0001, 0x281b: 0x0001, 0x281c: 0x0001, 0x281d: 0x0001,
+	0x281e: 0x0001, 0x281f: 0x0001, 0x2820: 0x0001, 0x2821: 0x0001, 0x2822: 0x0001, 0x2823: 0x0001,
+	0x2824: 0x0001, 0x2825: 0x0001, 0x2826: 0x0001, 0x2827: 0x0001, 0x2828: 0x0001, 0x2829: 0x0001,
+	0x282a: 0x0001, 0x282b: 0x0001, 0x282c: 0x0001, 0x282d: 0x0001, 0x282e: 0x0001, 0x282f: 0x0001,
+	0x2830: 0x0001, 0x2831: 0x0001, 0x2832: 0x0001, 0x2833: 0x0001, 0x2834: 0x0001, 0x2835: 0x0001,
+	0x2836: 0x0001, 0x2837: 0x0001, 0x2838: 0x0001, 0x2839: 0x000a, 0x283a: 0x000a, 0x283b: 0x000a,
+	0x283c: 0x000a, 0x283d: 0x000a, 0x283e: 0x000a, 0x283f: 0x000a,
+	// Block 0xa1, offset 0x2840
+	0x2840: 0x000d, 0x2841: 0x000d, 0x2842: 0x000d, 0x2843: 0x000d, 0x2844: 0x000d, 0x2845: 0x000d,
+	0x2846: 0x000d, 0x2847: 0x000d, 0x2848: 0x000d, 0x2849: 0x000d, 0x284a: 0x000d, 0x284b: 0x000d,
+	0x284c: 0x000d, 0x284d: 0x000d, 0x284e: 0x000d, 0x284f: 0x000d, 0x2850: 0x000d, 0x2851: 0x000d,
+	0x2852: 0x000d, 0x2853: 0x000d, 0x2854: 0x000d, 0x2855: 0x000d, 0x2856: 0x000d, 0x2857: 0x000d,
+	0x2858: 0x000d, 0x2859: 0x000d, 0x285a: 0x000d, 0x285b: 0x000d, 0x285c: 0x000d, 0x285d: 0x000d,
+	0x285e: 0x000d, 0x285f: 0x000d, 0x2860: 0x000d, 0x2861: 0x000d, 0x2862: 0x000d, 0x2863: 0x000d,
+	0x2864: 0x000c, 0x2865: 0x000c, 0x2866: 0x000c, 0x2867: 0x000c, 0x2868: 0x000d, 0x2869: 0x000d,
+	0x286a: 0x000d, 0x286b: 0x000d, 0x286c: 0x000d, 0x286d: 0x000d, 0x286e: 0x000d, 0x286f: 0x000d,
+	0x2870: 0x0005, 0x2871: 0x0005, 0x2872: 0x0005, 0x2873: 0x0005, 0x2874: 0x0005, 0x2875: 0x0005,
+	0x2876: 0x0005, 0x2877: 0x0005, 0x2878: 0x0005, 0x2879: 0x0005, 0x287a: 0x000d, 0x287b: 0x000d,
+	0x287c: 0x000d, 0x287d: 0x000d, 0x287e: 0x000d, 0x287f: 0x000d,
+	// Block 0xa2, offset 0x2880
+	0x2880: 0x0001, 0x2881: 0x0001, 0x2882: 0x0001, 0x2883: 0x0001, 0x2884: 0x0001, 0x2885: 0x0001,
+	0x2886: 0x0001, 0x2887: 0x0001, 0x2888: 0x0001, 0x2889: 0x0001, 0x288a: 0x0001, 0x288b: 0x0001,
+	0x288c: 0x0001, 0x288d: 0x0001, 0x288e: 0x0001, 0x288f: 0x0001, 0x2890: 0x0001, 0x2891: 0x0001,
+	0x2892: 0x0001, 0x2893: 0x0001, 0x2894: 0x0001, 0x2895: 0x0001, 0x2896: 0x0001, 0x2897: 0x0001,
+	0x2898: 0x0001, 0x2899: 0x0001, 0x289a: 0x0001, 0x289b: 0x0001, 0x289c: 0x0001, 0x289d: 0x0001,
+	0x289e: 0x0001, 0x289f: 0x0001, 0x28a0: 0x0005, 0x28a1: 0x0005, 0x28a2: 0x0005, 0x28a3: 0x0005,
+	0x28a4: 0x0005, 0x28a5: 0x0005, 0x28a6: 0x0005, 0x28a7: 0x0005, 0x28a8: 0x0005, 0x28a9: 0x0005,
+	0x28aa: 0x0005, 0x28ab: 0x0005, 0x28ac: 0x0005, 0x28ad: 0x0005, 0x28ae: 0x0005, 0x28af: 0x0005,
+	0x28b0: 0x0005, 0x28b1: 0x0005, 0x28b2: 0x0005, 0x28b3: 0x0005, 0x28b4: 0x0005, 0x28b5: 0x0005,
+	0x28b6: 0x0005, 0x28b7: 0x0005, 0x28b8: 0x0005, 0x28b9: 0x0005, 0x28ba: 0x0005, 0x28bb: 0x0005,
+	0x28bc: 0x0005, 0x28bd: 0x0005, 0x28be: 0x0005, 0x28bf: 0x0001,
+	// Block 0xa3, offset 0x28c0
+	0x28c0: 0x0001, 0x28c1: 0x0001, 0x28c2: 0x0001, 0x28c3: 0x0001, 0x28c4: 0x0001, 0x28c5: 0x0001,
+	0x28c6: 0x0001, 0x28c7: 0x0001, 0x28c8: 0x0001, 0x28c9: 0x0001, 0x28ca: 0x0001, 0x28cb: 0x0001,
+	0x28cc: 0x0001, 0x28cd: 0x0001, 0x28ce: 0x0001, 0x28cf: 0x0001, 0x28d0: 0x0001, 0x28d1: 0x0001,
+	0x28d2: 0x0001, 0x28d3: 0x0001, 0x28d4: 0x0001, 0x28d5: 0x0001, 0x28d6: 0x0001, 0x28d7: 0x0001,
+	0x28d8: 0x0001, 0x28d9: 0x0001, 0x28da: 0x0001, 0x28db: 0x0001, 0x28dc: 0x0001, 0x28dd: 0x0001,
+	0x28de: 0x0001, 0x28df: 0x0001, 0x28e0: 0x0001, 0x28e1: 0x0001, 0x28e2: 0x0001, 0x28e3: 0x0001,
+	0x28e4: 0x0001, 0x28e5: 0x0001, 0x28e6: 0x0001, 0x28e7: 0x0001, 0x28e8: 0x0001, 0x28e9: 0x0001,
+	0x28ea: 0x0001, 0x28eb: 0x0001, 0x28ec: 0x0001, 0x28ed: 0x0001, 0x28ee: 0x0001, 0x28ef: 0x0001,
+	0x28f0: 0x000d, 0x28f1: 0x000d, 0x28f2: 0x000d, 0x28f3: 0x000d, 0x28f4: 0x000d, 0x28f5: 0x000d,
+	0x28f6: 0x000d, 0x28f7: 0x000d, 0x28f8: 0x000d, 0x28f9: 0x000d, 0x28fa: 0x000d, 0x28fb: 0x000d,
+	0x28fc: 0x000d, 0x28fd: 0x000d, 0x28fe: 0x000d, 0x28ff: 0x000d,
+	// Block 0xa4, offset 0x2900
+	0x2900: 0x000d, 0x2901: 0x000d, 0x2902: 0x000d, 0x2903: 0x000d, 0x2904: 0x000d, 0x2905: 0x000d,
+	0x2906: 0x000c, 0x2907: 0x000c, 0x2908: 0x000c, 0x2909: 0x000c, 0x290a: 0x000c, 0x290b: 0x000c,
+	0x290c: 0x000c, 0x290d: 0x000c, 0x290e: 0x000c, 0x290f: 0x000c, 0x2910: 0x000c, 0x2911: 0x000d,
+	0x2912: 0x000d, 0x2913: 0x000d, 0x2914: 0x000d, 0x2915: 0x000d, 0x2916: 0x000d, 0x2917: 0x000d,
+	0x2918: 0x000d, 0x2919: 0x000d, 0x291a: 0x000d, 0x291b: 0x000d, 0x291c: 0x000d, 0x291d: 0x000d,
+	0x291e: 0x000d, 0x291f: 0x000d, 0x2920: 0x000d, 0x2921: 0x000d, 0x2922: 0x000d, 0x2923: 0x000d,
+	0x2924: 0x000d, 0x2925: 0x000d, 0x2926: 0x000d, 0x2927: 0x000d, 0x2928: 0x000d, 0x2929: 0x000d,
+	0x292a: 0x000d, 0x292b: 0x000d, 0x292c: 0x000d, 0x292d: 0x000d, 0x292e: 0x000d, 0x292f: 0x000d,
+	0x2930: 0x0001, 0x2931: 0x0001, 0x2932: 0x0001, 0x2933: 0x0001, 0x2934: 0x0001, 0x2935: 0x0001,
+	0x2936: 0x0001, 0x2937: 0x0001, 0x2938: 0x0001, 0x2939: 0x0001, 0x293a: 0x0001, 0x293b: 0x0001,
+	0x293c: 0x0001, 0x293d: 0x0001, 0x293e: 0x0001, 0x293f: 0x0001,
+	// Block 0xa5, offset 0x2940
+	0x2941: 0x000c,
+	0x2978: 0x000c, 0x2979: 0x000c, 0x297a: 0x000c, 0x297b: 0x000c,
+	0x297c: 0x000c, 0x297d: 0x000c, 0x297e: 0x000c, 0x297f: 0x000c,
+	// Block 0xa6, offset 0x2980
+	0x2980: 0x000c, 0x2981: 0x000c, 0x2982: 0x000c, 0x2983: 0x000c, 0x2984: 0x000c, 0x2985: 0x000c,
+	0x2986: 0x000c,
+	0x2992: 0x000a, 0x2993: 0x000a, 0x2994: 0x000a, 0x2995: 0x000a, 0x2996: 0x000a, 0x2997: 0x000a,
+	0x2998: 0x000a, 0x2999: 0x000a, 0x299a: 0x000a, 0x299b: 0x000a, 0x299c: 0x000a, 0x299d: 0x000a,
+	0x299e: 0x000a, 0x299f: 0x000a, 0x29a0: 0x000a, 0x29a1: 0x000a, 0x29a2: 0x000a, 0x29a3: 0x000a,
+	0x29a4: 0x000a, 0x29a5: 0x000a,
+	0x29bf: 0x000c,
+	// Block 0xa7, offset 0x29c0
+	0x29c0: 0x000c, 0x29c1: 0x000c,
+	0x29f3: 0x000c, 0x29f4: 0x000c, 0x29f5: 0x000c,
+	0x29f6: 0x000c, 0x29f9: 0x000c, 0x29fa: 0x000c,
+	// Block 0xa8, offset 0x2a00
+	0x2a00: 0x000c, 0x2a01: 0x000c, 0x2a02: 0x000c,
+	0x2a27: 0x000c, 0x2a28: 0x000c, 0x2a29: 0x000c,
+	0x2a2a: 0x000c, 0x2a2b: 0x000c, 0x2a2d: 0x000c, 0x2a2e: 0x000c, 0x2a2f: 0x000c,
+	0x2a30: 0x000c, 0x2a31: 0x000c, 0x2a32: 0x000c, 0x2a33: 0x000c, 0x2a34: 0x000c,
+	// Block 0xa9, offset 0x2a40
+	0x2a73: 0x000c,
+	// Block 0xaa, offset 0x2a80
+	0x2a80: 0x000c, 0x2a81: 0x000c,
+	0x2ab6: 0x000c, 0x2ab7: 0x000c, 0x2ab8: 0x000c, 0x2ab9: 0x000c, 0x2aba: 0x000c, 0x2abb: 0x000c,
+	0x2abc: 0x000c, 0x2abd: 0x000c, 0x2abe: 0x000c,
+	// Block 0xab, offset 0x2ac0
+	0x2ac9: 0x000c, 0x2aca: 0x000c, 0x2acb: 0x000c,
+	0x2acc: 0x000c,
+	// Block 0xac, offset 0x2b00
+	0x2b2f: 0x000c,
+	0x2b30: 0x000c, 0x2b31: 0x000c, 0x2b34: 0x000c,
+	0x2b36: 0x000c, 0x2b37: 0x000c,
+	0x2b3e: 0x000c,
+	// Block 0xad, offset 0x2b40
+	0x2b5f: 0x000c, 0x2b63: 0x000c,
+	0x2b64: 0x000c, 0x2b65: 0x000c, 0x2b66: 0x000c, 0x2b67: 0x000c, 0x2b68: 0x000c, 0x2b69: 0x000c,
+	0x2b6a: 0x000c,
+	// Block 0xae, offset 0x2b80
+	0x2b80: 0x000c,
+	0x2ba6: 0x000c, 0x2ba7: 0x000c, 0x2ba8: 0x000c, 0x2ba9: 0x000c,
+	0x2baa: 0x000c, 0x2bab: 0x000c, 0x2bac: 0x000c,
+	0x2bb0: 0x000c, 0x2bb1: 0x000c, 0x2bb2: 0x000c, 0x2bb3: 0x000c, 0x2bb4: 0x000c,
+	// Block 0xaf, offset 0x2bc0
+	0x2bf8: 0x000c, 0x2bf9: 0x000c, 0x2bfa: 0x000c, 0x2bfb: 0x000c,
+	0x2bfc: 0x000c, 0x2bfd: 0x000c, 0x2bfe: 0x000c, 0x2bff: 0x000c,
+	// Block 0xb0, offset 0x2c00
+	0x2c02: 0x000c, 0x2c03: 0x000c, 0x2c04: 0x000c,
+	0x2c06: 0x000c,
+	0x2c1e: 0x000c,
+	// Block 0xb1, offset 0x2c40
+	0x2c73: 0x000c, 0x2c74: 0x000c, 0x2c75: 0x000c,
+	0x2c76: 0x000c, 0x2c77: 0x000c, 0x2c78: 0x000c, 0x2c7a: 0x000c,
+	0x2c7f: 0x000c,
+	// Block 0xb2, offset 0x2c80
+	0x2c80: 0x000c, 0x2c82: 0x000c, 0x2c83: 0x000c,
+	// Block 0xb3, offset 0x2cc0
+	0x2cf2: 0x000c, 0x2cf3: 0x000c, 0x2cf4: 0x000c, 0x2cf5: 0x000c,
+	0x2cfc: 0x000c, 0x2cfd: 0x000c, 0x2cff: 0x000c,
+	// Block 0xb4, offset 0x2d00
+	0x2d00: 0x000c,
+	0x2d1c: 0x000c, 0x2d1d: 0x000c,
+	// Block 0xb5, offset 0x2d40
+	0x2d73: 0x000c, 0x2d74: 0x000c, 0x2d75: 0x000c,
+	0x2d76: 0x000c, 0x2d77: 0x000c, 0x2d78: 0x000c, 0x2d79: 0x000c, 0x2d7a: 0x000c,
+	0x2d7d: 0x000c, 0x2d7f: 0x000c,
+	// Block 0xb6, offset 0x2d80
+	0x2d80: 0x000c,
+	0x2da0: 0x000a, 0x2da1: 0x000a, 0x2da2: 0x000a, 0x2da3: 0x000a,
+	0x2da4: 0x000a, 0x2da5: 0x000a, 0x2da6: 0x000a, 0x2da7: 0x000a, 0x2da8: 0x000a, 0x2da9: 0x000a,
+	0x2daa: 0x000a, 0x2dab: 0x000a, 0x2dac: 0x000a,
+	// Block 0xb7, offset 0x2dc0
+	0x2deb: 0x000c, 0x2ded: 0x000c,
+	0x2df0: 0x000c, 0x2df1: 0x000c, 0x2df2: 0x000c, 0x2df3: 0x000c, 0x2df4: 0x000c, 0x2df5: 0x000c,
+	0x2df7: 0x000c,
+	// Block 0xb8, offset 0x2e00
+	0x2e1d: 0x000c,
+	0x2e1e: 0x000c, 0x2e1f: 0x000c, 0x2e22: 0x000c, 0x2e23: 0x000c,
+	0x2e24: 0x000c, 0x2e25: 0x000c, 0x2e27: 0x000c, 0x2e28: 0x000c, 0x2e29: 0x000c,
+	0x2e2a: 0x000c, 0x2e2b: 0x000c,
+	// Block 0xb9, offset 0x2e40
+	0x2e6f: 0x000c,
+	0x2e70: 0x000c, 0x2e71: 0x000c, 0x2e72: 0x000c, 0x2e73: 0x000c, 0x2e74: 0x000c, 0x2e75: 0x000c,
+	0x2e76: 0x000c, 0x2e77: 0x000c, 0x2e79: 0x000c, 0x2e7a: 0x000c,
+	// Block 0xba, offset 0x2e80
+	0x2e81: 0x000c, 0x2e82: 0x000c, 0x2e83: 0x000c, 0x2e84: 0x000c, 0x2e85: 0x000c,
+	0x2e86: 0x000c, 0x2e89: 0x000c, 0x2e8a: 0x000c,
+	0x2eb3: 0x000c, 0x2eb4: 0x000c, 0x2eb5: 0x000c,
+	0x2eb6: 0x000c, 0x2eb7: 0x000c, 0x2eb8: 0x000c, 0x2ebb: 0x000c,
+	0x2ebc: 0x000c, 0x2ebd: 0x000c, 0x2ebe: 0x000c,
+	// Block 0xbb, offset 0x2ec0
+	0x2ec7: 0x000c,
+	0x2ed1: 0x000c,
+	0x2ed2: 0x000c, 0x2ed3: 0x000c, 0x2ed4: 0x000c, 0x2ed5: 0x000c, 0x2ed6: 0x000c,
+	0x2ed9: 0x000c, 0x2eda: 0x000c, 0x2edb: 0x000c,
+	// Block 0xbc, offset 0x2f00
+	0x2f0a: 0x000c, 0x2f0b: 0x000c,
+	0x2f0c: 0x000c, 0x2f0d: 0x000c, 0x2f0e: 0x000c, 0x2f0f: 0x000c, 0x2f10: 0x000c, 0x2f11: 0x000c,
+	0x2f12: 0x000c, 0x2f13: 0x000c, 0x2f14: 0x000c, 0x2f15: 0x000c, 0x2f16: 0x000c,
+	0x2f18: 0x000c, 0x2f19: 0x000c,
+	// Block 0xbd, offset 0x2f40
+	0x2f70: 0x000c, 0x2f71: 0x000c, 0x2f72: 0x000c, 0x2f73: 0x000c, 0x2f74: 0x000c, 0x2f75: 0x000c,
+	0x2f76: 0x000c, 0x2f78: 0x000c, 0x2f79: 0x000c, 0x2f7a: 0x000c, 0x2f7b: 0x000c,
+	0x2f7c: 0x000c, 0x2f7d: 0x000c,
+	// Block 0xbe, offset 0x2f80
+	0x2f92: 0x000c, 0x2f93: 0x000c, 0x2f94: 0x000c, 0x2f95: 0x000c, 0x2f96: 0x000c, 0x2f97: 0x000c,
+	0x2f98: 0x000c, 0x2f99: 0x000c, 0x2f9a: 0x000c, 0x2f9b: 0x000c, 0x2f9c: 0x000c, 0x2f9d: 0x000c,
+	0x2f9e: 0x000c, 0x2f9f: 0x000c, 0x2fa0: 0x000c, 0x2fa1: 0x000c, 0x2fa2: 0x000c, 0x2fa3: 0x000c,
+	0x2fa4: 0x000c, 0x2fa5: 0x000c, 0x2fa6: 0x000c, 0x2fa7: 0x000c,
+	0x2faa: 0x000c, 0x2fab: 0x000c, 0x2fac: 0x000c, 0x2fad: 0x000c, 0x2fae: 0x000c, 0x2faf: 0x000c,
+	0x2fb0: 0x000c, 0x2fb2: 0x000c, 0x2fb3: 0x000c, 0x2fb5: 0x000c,
+	0x2fb6: 0x000c,
+	// Block 0xbf, offset 0x2fc0
+	0x2ff1: 0x000c, 0x2ff2: 0x000c, 0x2ff3: 0x000c, 0x2ff4: 0x000c, 0x2ff5: 0x000c,
+	0x2ff6: 0x000c, 0x2ffa: 0x000c,
+	0x2ffc: 0x000c, 0x2ffd: 0x000c, 0x2fff: 0x000c,
+	// Block 0xc0, offset 0x3000
+	0x3000: 0x000c, 0x3001: 0x000c, 0x3002: 0x000c, 0x3003: 0x000c, 0x3004: 0x000c, 0x3005: 0x000c,
+	0x3007: 0x000c,
+	// Block 0xc1, offset 0x3040
+	0x3050: 0x000c, 0x3051: 0x000c,
+	0x3055: 0x000c, 0x3057: 0x000c,
+	// Block 0xc2, offset 0x3080
+	0x30b3: 0x000c, 0x30b4: 0x000c,
+	// Block 0xc3, offset 0x30c0
+	0x30f0: 0x000c, 0x30f1: 0x000c, 0x30f2: 0x000c, 0x30f3: 0x000c, 0x30f4: 0x000c,
+	// Block 0xc4, offset 0x3100
+	0x3130: 0x000c, 0x3131: 0x000c, 0x3132: 0x000c, 0x3133: 0x000c, 0x3134: 0x000c, 0x3135: 0x000c,
+	0x3136: 0x000c,
+	// Block 0xc5, offset 0x3140
+	0x314f: 0x000c, 0x3150: 0x000c, 0x3151: 0x000c,
+	0x3152: 0x000c,
+	// Block 0xc6, offset 0x3180
+	0x319d: 0x000c,
+	0x319e: 0x000c, 0x31a0: 0x000b, 0x31a1: 0x000b, 0x31a2: 0x000b, 0x31a3: 0x000b,
+	// Block 0xc7, offset 0x31c0
+	0x31e7: 0x000c, 0x31e8: 0x000c, 0x31e9: 0x000c,
+	0x31f3: 0x000b, 0x31f4: 0x000b, 0x31f5: 0x000b,
+	0x31f6: 0x000b, 0x31f7: 0x000b, 0x31f8: 0x000b, 0x31f9: 0x000b, 0x31fa: 0x000b, 0x31fb: 0x000c,
+	0x31fc: 0x000c, 0x31fd: 0x000c, 0x31fe: 0x000c, 0x31ff: 0x000c,
+	// Block 0xc8, offset 0x3200
+	0x3200: 0x000c, 0x3201: 0x000c, 0x3202: 0x000c, 0x3205: 0x000c,
+	0x3206: 0x000c, 0x3207: 0x000c, 0x3208: 0x000c, 0x3209: 0x000c, 0x320a: 0x000c, 0x320b: 0x000c,
+	0x322a: 0x000c, 0x322b: 0x000c, 0x322c: 0x000c, 0x322d: 0x000c,
+	// Block 0xc9, offset 0x3240
+	0x3240: 0x000a, 0x3241: 0x000a, 0x3242: 0x000c, 0x3243: 0x000c, 0x3244: 0x000c, 0x3245: 0x000a,
+	// Block 0xca, offset 0x3280
+	0x3280: 0x000a, 0x3281: 0x000a, 0x3282: 0x000a, 0x3283: 0x000a, 0x3284: 0x000a, 0x3285: 0x000a,
+	0x3286: 0x000a, 0x3287: 0x000a, 0x3288: 0x000a, 0x3289: 0x000a, 0x328a: 0x000a, 0x328b: 0x000a,
+	0x328c: 0x000a, 0x328d: 0x000a, 0x328e: 0x000a, 0x328f: 0x000a, 0x3290: 0x000a, 0x3291: 0x000a,
+	0x3292: 0x000a, 0x3293: 0x000a, 0x3294: 0x000a, 0x3295: 0x000a, 0x3296: 0x000a,
+	// Block 0xcb, offset 0x32c0
+	0x32db: 0x000a,
+	// Block 0xcc, offset 0x3300
+	0x3315: 0x000a,
+	// Block 0xcd, offset 0x3340
+	0x334f: 0x000a,
+	// Block 0xce, offset 0x3380
+	0x3389: 0x000a,
+	// Block 0xcf, offset 0x33c0
+	0x33c3: 0x000a,
+	0x33ce: 0x0002, 0x33cf: 0x0002, 0x33d0: 0x0002, 0x33d1: 0x0002,
+	0x33d2: 0x0002, 0x33d3: 0x0002, 0x33d4: 0x0002, 0x33d5: 0x0002, 0x33d6: 0x0002, 0x33d7: 0x0002,
+	0x33d8: 0x0002, 0x33d9: 0x0002, 0x33da: 0x0002, 0x33db: 0x0002, 0x33dc: 0x0002, 0x33dd: 0x0002,
+	0x33de: 0x0002, 0x33df: 0x0002, 0x33e0: 0x0002, 0x33e1: 0x0002, 0x33e2: 0x0002, 0x33e3: 0x0002,
+	0x33e4: 0x0002, 0x33e5: 0x0002, 0x33e6: 0x0002, 0x33e7: 0x0002, 0x33e8: 0x0002, 0x33e9: 0x0002,
+	0x33ea: 0x0002, 0x33eb: 0x0002, 0x33ec: 0x0002, 0x33ed: 0x0002, 0x33ee: 0x0002, 0x33ef: 0x0002,
+	0x33f0: 0x0002, 0x33f1: 0x0002, 0x33f2: 0x0002, 0x33f3: 0x0002, 0x33f4: 0x0002, 0x33f5: 0x0002,
+	0x33f6: 0x0002, 0x33f7: 0x0002, 0x33f8: 0x0002, 0x33f9: 0x0002, 0x33fa: 0x0002, 0x33fb: 0x0002,
+	0x33fc: 0x0002, 0x33fd: 0x0002, 0x33fe: 0x0002, 0x33ff: 0x0002,
+	// Block 0xd0, offset 0x3400
+	0x3400: 0x000c, 0x3401: 0x000c, 0x3402: 0x000c, 0x3403: 0x000c, 0x3404: 0x000c, 0x3405: 0x000c,
+	0x3406: 0x000c, 0x3407: 0x000c, 0x3408: 0x000c, 0x3409: 0x000c, 0x340a: 0x000c, 0x340b: 0x000c,
+	0x340c: 0x000c, 0x340d: 0x000c, 0x340e: 0x000c, 0x340f: 0x000c, 0x3410: 0x000c, 0x3411: 0x000c,
+	0x3412: 0x000c, 0x3413: 0x000c, 0x3414: 0x000c, 0x3415: 0x000c, 0x3416: 0x000c, 0x3417: 0x000c,
+	0x3418: 0x000c, 0x3419: 0x000c, 0x341a: 0x000c, 0x341b: 0x000c, 0x341c: 0x000c, 0x341d: 0x000c,
+	0x341e: 0x000c, 0x341f: 0x000c, 0x3420: 0x000c, 0x3421: 0x000c, 0x3422: 0x000c, 0x3423: 0x000c,
+	0x3424: 0x000c, 0x3425: 0x000c, 0x3426: 0x000c, 0x3427: 0x000c, 0x3428: 0x000c, 0x3429: 0x000c,
+	0x342a: 0x000c, 0x342b: 0x000c, 0x342c: 0x000c, 0x342d: 0x000c, 0x342e: 0x000c, 0x342f: 0x000c,
+	0x3430: 0x000c, 0x3431: 0x000c, 0x3432: 0x000c, 0x3433: 0x000c, 0x3434: 0x000c, 0x3435: 0x000c,
+	0x3436: 0x000c, 0x343b: 0x000c,
+	0x343c: 0x000c, 0x343d: 0x000c, 0x343e: 0x000c, 0x343f: 0x000c,
+	// Block 0xd1, offset 0x3440
+	0x3440: 0x000c, 0x3441: 0x000c, 0x3442: 0x000c, 0x3443: 0x000c, 0x3444: 0x000c, 0x3445: 0x000c,
+	0x3446: 0x000c, 0x3447: 0x000c, 0x3448: 0x000c, 0x3449: 0x000c, 0x344a: 0x000c, 0x344b: 0x000c,
+	0x344c: 0x000c, 0x344d: 0x000c, 0x344e: 0x000c, 0x344f: 0x000c, 0x3450: 0x000c, 0x3451: 0x000c,
+	0x3452: 0x000c, 0x3453: 0x000c, 0x3454: 0x000c, 0x3455: 0x000c, 0x3456: 0x000c, 0x3457: 0x000c,
+	0x3458: 0x000c, 0x3459: 0x000c, 0x345a: 0x000c, 0x345b: 0x000c, 0x345c: 0x000c, 0x345d: 0x000c,
+	0x345e: 0x000c, 0x345f: 0x000c, 0x3460: 0x000c, 0x3461: 0x000c, 0x3462: 0x000c, 0x3463: 0x000c,
+	0x3464: 0x000c, 0x3465: 0x000c, 0x3466: 0x000c, 0x3467: 0x000c, 0x3468: 0x000c, 0x3469: 0x000c,
+	0x346a: 0x000c, 0x346b: 0x000c, 0x346c: 0x000c,
+	0x3475: 0x000c,
+	// Block 0xd2, offset 0x3480
+	0x3484: 0x000c,
+	0x349b: 0x000c, 0x349c: 0x000c, 0x349d: 0x000c,
+	0x349e: 0x000c, 0x349f: 0x000c, 0x34a1: 0x000c, 0x34a2: 0x000c, 0x34a3: 0x000c,
+	0x34a4: 0x000c, 0x34a5: 0x000c, 0x34a6: 0x000c, 0x34a7: 0x000c, 0x34a8: 0x000c, 0x34a9: 0x000c,
+	0x34aa: 0x000c, 0x34ab: 0x000c, 0x34ac: 0x000c, 0x34ad: 0x000c, 0x34ae: 0x000c, 0x34af: 0x000c,
+	// Block 0xd3, offset 0x34c0
+	0x34c0: 0x000c, 0x34c1: 0x000c, 0x34c2: 0x000c, 0x34c3: 0x000c, 0x34c4: 0x000c, 0x34c5: 0x000c,
+	0x34c6: 0x000c, 0x34c8: 0x000c, 0x34c9: 0x000c, 0x34ca: 0x000c, 0x34cb: 0x000c,
+	0x34cc: 0x000c, 0x34cd: 0x000c, 0x34ce: 0x000c, 0x34cf: 0x000c, 0x34d0: 0x000c, 0x34d1: 0x000c,
+	0x34d2: 0x000c, 0x34d3: 0x000c, 0x34d4: 0x000c, 0x34d5: 0x000c, 0x34d6: 0x000c, 0x34d7: 0x000c,
+	0x34d8: 0x000c, 0x34db: 0x000c, 0x34dc: 0x000c, 0x34dd: 0x000c,
+	0x34de: 0x000c, 0x34df: 0x000c, 0x34e0: 0x000c, 0x34e1: 0x000c, 0x34e3: 0x000c,
+	0x34e4: 0x000c, 0x34e6: 0x000c, 0x34e7: 0x000c, 0x34e8: 0x000c, 0x34e9: 0x000c,
+	0x34ea: 0x000c,
+	// Block 0xd4, offset 0x3500
+	0x3500: 0x0001, 0x3501: 0x0001, 0x3502: 0x0001, 0x3503: 0x0001, 0x3504: 0x0001, 0x3505: 0x0001,
+	0x3506: 0x0001, 0x3507: 0x0001, 0x3508: 0x0001, 0x3509: 0x0001, 0x350a: 0x0001, 0x350b: 0x0001,
+	0x350c: 0x0001, 0x350d: 0x0001, 0x350e: 0x0001, 0x350f: 0x0001, 0x3510: 0x000c, 0x3511: 0x000c,
+	0x3512: 0x000c, 0x3513: 0x000c, 0x3514: 0x000c, 0x3515: 0x000c, 0x3516: 0x000c, 0x3517: 0x0001,
+	0x3518: 0x0001, 0x3519: 0x0001, 0x351a: 0x0001, 0x351b: 0x0001, 0x351c: 0x0001, 0x351d: 0x0001,
+	0x351e: 0x0001, 0x351f: 0x0001, 0x3520: 0x0001, 0x3521: 0x0001, 0x3522: 0x0001, 0x3523: 0x0001,
+	0x3524: 0x0001, 0x3525: 0x0001, 0x3526: 0x0001, 0x3527: 0x0001, 0x3528: 0x0001, 0x3529: 0x0001,
+	0x352a: 0x0001, 0x352b: 0x0001, 0x352c: 0x0001, 0x352d: 0x0001, 0x352e: 0x0001, 0x352f: 0x0001,
+	0x3530: 0x0001, 0x3531: 0x0001, 0x3532: 0x0001, 0x3533: 0x0001, 0x3534: 0x0001, 0x3535: 0x0001,
+	0x3536: 0x0001, 0x3537: 0x0001, 0x3538: 0x0001, 0x3539: 0x0001, 0x353a: 0x0001, 0x353b: 0x0001,
+	0x353c: 0x0001, 0x353d: 0x0001, 0x353e: 0x0001, 0x353f: 0x0001,
+	// Block 0xd5, offset 0x3540
+	0x3540: 0x0001, 0x3541: 0x0001, 0x3542: 0x0001, 0x3543: 0x0001, 0x3544: 0x000c, 0x3545: 0x000c,
+	0x3546: 0x000c, 0x3547: 0x000c, 0x3548: 0x000c, 0x3549: 0x000c, 0x354a: 0x000c, 0x354b: 0x0001,
+	0x354c: 0x0001, 0x354d: 0x0001, 0x354e: 0x0001, 0x354f: 0x0001, 0x3550: 0x0001, 0x3551: 0x0001,
+	0x3552: 0x0001, 0x3553: 0x0001, 0x3554: 0x0001, 0x3555: 0x0001, 0x3556: 0x0001, 0x3557: 0x0001,
+	0x3558: 0x0001, 0x3559: 0x0001, 0x355a: 0x0001, 0x355b: 0x0001, 0x355c: 0x0001, 0x355d: 0x0001,
+	0x355e: 0x0001, 0x355f: 0x0001, 0x3560: 0x0001, 0x3561: 0x0001, 0x3562: 0x0001, 0x3563: 0x0001,
+	0x3564: 0x0001, 0x3565: 0x0001, 0x3566: 0x0001, 0x3567: 0x0001, 0x3568: 0x0001, 0x3569: 0x0001,
+	0x356a: 0x0001, 0x356b: 0x0001, 0x356c: 0x0001, 0x356d: 0x0001, 0x356e: 0x0001, 0x356f: 0x0001,
+	0x3570: 0x0001, 0x3571: 0x0001, 0x3572: 0x0001, 0x3573: 0x0001, 0x3574: 0x0001, 0x3575: 0x0001,
+	0x3576: 0x0001, 0x3577: 0x0001, 0x3578: 0x0001, 0x3579: 0x0001, 0x357a: 0x0001, 0x357b: 0x0001,
+	0x357c: 0x0001, 0x357d: 0x0001, 0x357e: 0x0001, 0x357f: 0x0001,
+	// Block 0xd6, offset 0x3580
+	0x3580: 0x000d, 0x3581: 0x000d, 0x3582: 0x000d, 0x3583: 0x000d, 0x3584: 0x000d, 0x3585: 0x000d,
+	0x3586: 0x000d, 0x3587: 0x000d, 0x3588: 0x000d, 0x3589: 0x000d, 0x358a: 0x000d, 0x358b: 0x000d,
+	0x358c: 0x000d, 0x358d: 0x000d, 0x358e: 0x000d, 0x358f: 0x000d, 0x3590: 0x000d, 0x3591: 0x000d,
+	0x3592: 0x000d, 0x3593: 0x000d, 0x3594: 0x000d, 0x3595: 0x000d, 0x3596: 0x000d, 0x3597: 0x000d,
+	0x3598: 0x000d, 0x3599: 0x000d, 0x359a: 0x000d, 0x359b: 0x000d, 0x359c: 0x000d, 0x359d: 0x000d,
+	0x359e: 0x000d, 0x359f: 0x000d, 0x35a0: 0x000d, 0x35a1: 0x000d, 0x35a2: 0x000d, 0x35a3: 0x000d,
+	0x35a4: 0x000d, 0x35a5: 0x000d, 0x35a6: 0x000d, 0x35a7: 0x000d, 0x35a8: 0x000d, 0x35a9: 0x000d,
+	0x35aa: 0x000d, 0x35ab: 0x000d, 0x35ac: 0x000d, 0x35ad: 0x000d, 0x35ae: 0x000d, 0x35af: 0x000d,
+	0x35b0: 0x000a, 0x35b1: 0x000a, 0x35b2: 0x000d, 0x35b3: 0x000d, 0x35b4: 0x000d, 0x35b5: 0x000d,
+	0x35b6: 0x000d, 0x35b7: 0x000d, 0x35b8: 0x000d, 0x35b9: 0x000d, 0x35ba: 0x000d, 0x35bb: 0x000d,
+	0x35bc: 0x000d, 0x35bd: 0x000d, 0x35be: 0x000d, 0x35bf: 0x000d,
+	// Block 0xd7, offset 0x35c0
+	0x35c0: 0x000a, 0x35c1: 0x000a, 0x35c2: 0x000a, 0x35c3: 0x000a, 0x35c4: 0x000a, 0x35c5: 0x000a,
+	0x35c6: 0x000a, 0x35c7: 0x000a, 0x35c8: 0x000a, 0x35c9: 0x000a, 0x35ca: 0x000a, 0x35cb: 0x000a,
+	0x35cc: 0x000a, 0x35cd: 0x000a, 0x35ce: 0x000a, 0x35cf: 0x000a, 0x35d0: 0x000a, 0x35d1: 0x000a,
+	0x35d2: 0x000a, 0x35d3: 0x000a, 0x35d4: 0x000a, 0x35d5: 0x000a, 0x35d6: 0x000a, 0x35d7: 0x000a,
+	0x35d8: 0x000a, 0x35d9: 0x000a, 0x35da: 0x000a, 0x35db: 0x000a, 0x35dc: 0x000a, 0x35dd: 0x000a,
+	0x35de: 0x000a, 0x35df: 0x000a, 0x35e0: 0x000a, 0x35e1: 0x000a, 0x35e2: 0x000a, 0x35e3: 0x000a,
+	0x35e4: 0x000a, 0x35e5: 0x000a, 0x35e6: 0x000a, 0x35e7: 0x000a, 0x35e8: 0x000a, 0x35e9: 0x000a,
+	0x35ea: 0x000a, 0x35eb: 0x000a,
+	0x35f0: 0x000a, 0x35f1: 0x000a, 0x35f2: 0x000a, 0x35f3: 0x000a, 0x35f4: 0x000a, 0x35f5: 0x000a,
+	0x35f6: 0x000a, 0x35f7: 0x000a, 0x35f8: 0x000a, 0x35f9: 0x000a, 0x35fa: 0x000a, 0x35fb: 0x000a,
+	0x35fc: 0x000a, 0x35fd: 0x000a, 0x35fe: 0x000a, 0x35ff: 0x000a,
+	// Block 0xd8, offset 0x3600
+	0x3600: 0x000a, 0x3601: 0x000a, 0x3602: 0x000a, 0x3603: 0x000a, 0x3604: 0x000a, 0x3605: 0x000a,
+	0x3606: 0x000a, 0x3607: 0x000a, 0x3608: 0x000a, 0x3609: 0x000a, 0x360a: 0x000a, 0x360b: 0x000a,
+	0x360c: 0x000a, 0x360d: 0x000a, 0x360e: 0x000a, 0x360f: 0x000a, 0x3610: 0x000a, 0x3611: 0x000a,
+	0x3612: 0x000a, 0x3613: 0x000a,
+	0x3620: 0x000a, 0x3621: 0x000a, 0x3622: 0x000a, 0x3623: 0x000a,
+	0x3624: 0x000a, 0x3625: 0x000a, 0x3626: 0x000a, 0x3627: 0x000a, 0x3628: 0x000a, 0x3629: 0x000a,
+	0x362a: 0x000a, 0x362b: 0x000a, 0x362c: 0x000a, 0x362d: 0x000a, 0x362e: 0x000a,
+	0x3631: 0x000a, 0x3632: 0x000a, 0x3633: 0x000a, 0x3634: 0x000a, 0x3635: 0x000a,
+	0x3636: 0x000a, 0x3637: 0x000a, 0x3638: 0x000a, 0x3639: 0x000a, 0x363a: 0x000a, 0x363b: 0x000a,
+	0x363c: 0x000a, 0x363d: 0x000a, 0x363e: 0x000a, 0x363f: 0x000a,
+	// Block 0xd9, offset 0x3640
+	0x3641: 0x000a, 0x3642: 0x000a, 0x3643: 0x000a, 0x3644: 0x000a, 0x3645: 0x000a,
+	0x3646: 0x000a, 0x3647: 0x000a, 0x3648: 0x000a, 0x3649: 0x000a, 0x364a: 0x000a, 0x364b: 0x000a,
+	0x364c: 0x000a, 0x364d: 0x000a, 0x364e: 0x000a, 0x364f: 0x000a, 0x3651: 0x000a,
+	0x3652: 0x000a, 0x3653: 0x000a, 0x3654: 0x000a, 0x3655: 0x000a, 0x3656: 0x000a, 0x3657: 0x000a,
+	0x3658: 0x000a, 0x3659: 0x000a, 0x365a: 0x000a, 0x365b: 0x000a, 0x365c: 0x000a, 0x365d: 0x000a,
+	0x365e: 0x000a, 0x365f: 0x000a, 0x3660: 0x000a, 0x3661: 0x000a, 0x3662: 0x000a, 0x3663: 0x000a,
+	0x3664: 0x000a, 0x3665: 0x000a, 0x3666: 0x000a, 0x3667: 0x000a, 0x3668: 0x000a, 0x3669: 0x000a,
+	0x366a: 0x000a, 0x366b: 0x000a, 0x366c: 0x000a, 0x366d: 0x000a, 0x366e: 0x000a, 0x366f: 0x000a,
+	0x3670: 0x000a, 0x3671: 0x000a, 0x3672: 0x000a, 0x3673: 0x000a, 0x3674: 0x000a, 0x3675: 0x000a,
+	// Block 0xda, offset 0x3680
+	0x3680: 0x0002, 0x3681: 0x0002, 0x3682: 0x0002, 0x3683: 0x0002, 0x3684: 0x0002, 0x3685: 0x0002,
+	0x3686: 0x0002, 0x3687: 0x0002, 0x3688: 0x0002, 0x3689: 0x0002, 0x368a: 0x0002, 0x368b: 0x000a,
+	0x368c: 0x000a,
+	0x36af: 0x000a,
+	// Block 0xdb, offset 0x36c0
+	0x36ea: 0x000a, 0x36eb: 0x000a,
+	// Block 0xdc, offset 0x3700
+	0x3720: 0x000a, 0x3721: 0x000a, 0x3722: 0x000a, 0x3723: 0x000a,
+	0x3724: 0x000a, 0x3725: 0x000a,
+	// Block 0xdd, offset 0x3740
+	0x3740: 0x000a, 0x3741: 0x000a, 0x3742: 0x000a, 0x3743: 0x000a, 0x3744: 0x000a, 0x3745: 0x000a,
+	0x3746: 0x000a, 0x3747: 0x000a, 0x3748: 0x000a, 0x3749: 0x000a, 0x374a: 0x000a, 0x374b: 0x000a,
+	0x374c: 0x000a, 0x374d: 0x000a, 0x374e: 0x000a, 0x374f: 0x000a, 0x3750: 0x000a, 0x3751: 0x000a,
+	0x3752: 0x000a, 0x3753: 0x000a, 0x3754: 0x000a,
+	0x3760: 0x000a, 0x3761: 0x000a, 0x3762: 0x000a, 0x3763: 0x000a,
+	0x3764: 0x000a, 0x3765: 0x000a, 0x3766: 0x000a, 0x3767: 0x000a, 0x3768: 0x000a, 0x3769: 0x000a,
+	0x376a: 0x000a, 0x376b: 0x000a, 0x376c: 0x000a,
+	0x3770: 0x000a, 0x3771: 0x000a, 0x3772: 0x000a, 0x3773: 0x000a, 0x3774: 0x000a, 0x3775: 0x000a,
+	0x3776: 0x000a, 0x3777: 0x000a, 0x3778: 0x000a, 0x3779: 0x000a,
+	// Block 0xde, offset 0x3780
+	0x3780: 0x000a, 0x3781: 0x000a, 0x3782: 0x000a, 0x3783: 0x000a, 0x3784: 0x000a, 0x3785: 0x000a,
+	0x3786: 0x000a, 0x3787: 0x000a, 0x3788: 0x000a, 0x3789: 0x000a, 0x378a: 0x000a, 0x378b: 0x000a,
+	0x378c: 0x000a, 0x378d: 0x000a, 0x378e: 0x000a, 0x378f: 0x000a, 0x3790: 0x000a, 0x3791: 0x000a,
+	0x3792: 0x000a, 0x3793: 0x000a, 0x3794: 0x000a, 0x3795: 0x000a, 0x3796: 0x000a, 0x3797: 0x000a,
+	0x3798: 0x000a,
+	// Block 0xdf, offset 0x37c0
+	0x37c0: 0x000a, 0x37c1: 0x000a, 0x37c2: 0x000a, 0x37c3: 0x000a, 0x37c4: 0x000a, 0x37c5: 0x000a,
+	0x37c6: 0x000a, 0x37c7: 0x000a, 0x37c8: 0x000a, 0x37c9: 0x000a, 0x37ca: 0x000a, 0x37cb: 0x000a,
+	0x37d0: 0x000a, 0x37d1: 0x000a,
+	0x37d2: 0x000a, 0x37d3: 0x000a, 0x37d4: 0x000a, 0x37d5: 0x000a, 0x37d6: 0x000a, 0x37d7: 0x000a,
+	0x37d8: 0x000a, 0x37d9: 0x000a, 0x37da: 0x000a, 0x37db: 0x000a, 0x37dc: 0x000a, 0x37dd: 0x000a,
+	0x37de: 0x000a, 0x37df: 0x000a, 0x37e0: 0x000a, 0x37e1: 0x000a, 0x37e2: 0x000a, 0x37e3: 0x000a,
+	0x37e4: 0x000a, 0x37e5: 0x000a, 0x37e6: 0x000a, 0x37e7: 0x000a, 0x37e8: 0x000a, 0x37e9: 0x000a,
+	0x37ea: 0x000a, 0x37eb: 0x000a, 0x37ec: 0x000a, 0x37ed: 0x000a, 0x37ee: 0x000a, 0x37ef: 0x000a,
+	0x37f0: 0x000a, 0x37f1: 0x000a, 0x37f2: 0x000a, 0x37f3: 0x000a, 0x37f4: 0x000a, 0x37f5: 0x000a,
+	0x37f6: 0x000a, 0x37f7: 0x000a, 0x37f8: 0x000a, 0x37f9: 0x000a, 0x37fa: 0x000a, 0x37fb: 0x000a,
+	0x37fc: 0x000a, 0x37fd: 0x000a, 0x37fe: 0x000a, 0x37ff: 0x000a,
+	// Block 0xe0, offset 0x3800
+	0x3800: 0x000a, 0x3801: 0x000a, 0x3802: 0x000a, 0x3803: 0x000a, 0x3804: 0x000a, 0x3805: 0x000a,
+	0x3806: 0x000a, 0x3807: 0x000a,
+	0x3810: 0x000a, 0x3811: 0x000a,
+	0x3812: 0x000a, 0x3813: 0x000a, 0x3814: 0x000a, 0x3815: 0x000a, 0x3816: 0x000a, 0x3817: 0x000a,
+	0x3818: 0x000a, 0x3819: 0x000a,
+	0x3820: 0x000a, 0x3821: 0x000a, 0x3822: 0x000a, 0x3823: 0x000a,
+	0x3824: 0x000a, 0x3825: 0x000a, 0x3826: 0x000a, 0x3827: 0x000a, 0x3828: 0x000a, 0x3829: 0x000a,
+	0x382a: 0x000a, 0x382b: 0x000a, 0x382c: 0x000a, 0x382d: 0x000a, 0x382e: 0x000a, 0x382f: 0x000a,
+	0x3830: 0x000a, 0x3831: 0x000a, 0x3832: 0x000a, 0x3833: 0x000a, 0x3834: 0x000a, 0x3835: 0x000a,
+	0x3836: 0x000a, 0x3837: 0x000a, 0x3838: 0x000a, 0x3839: 0x000a, 0x383a: 0x000a, 0x383b: 0x000a,
+	0x383c: 0x000a, 0x383d: 0x000a, 0x383e: 0x000a, 0x383f: 0x000a,
+	// Block 0xe1, offset 0x3840
+	0x3840: 0x000a, 0x3841: 0x000a, 0x3842: 0x000a, 0x3843: 0x000a, 0x3844: 0x000a, 0x3845: 0x000a,
+	0x3846: 0x000a, 0x3847: 0x000a,
+	0x3850: 0x000a, 0x3851: 0x000a,
+	0x3852: 0x000a, 0x3853: 0x000a, 0x3854: 0x000a, 0x3855: 0x000a, 0x3856: 0x000a, 0x3857: 0x000a,
+	0x3858: 0x000a, 0x3859: 0x000a, 0x385a: 0x000a, 0x385b: 0x000a, 0x385c: 0x000a, 0x385d: 0x000a,
+	0x385e: 0x000a, 0x385f: 0x000a, 0x3860: 0x000a, 0x3861: 0x000a, 0x3862: 0x000a, 0x3863: 0x000a,
+	0x3864: 0x000a, 0x3865: 0x000a, 0x3866: 0x000a, 0x3867: 0x000a, 0x3868: 0x000a, 0x3869: 0x000a,
+	0x386a: 0x000a, 0x386b: 0x000a, 0x386c: 0x000a, 0x386d: 0x000a,
+	// Block 0xe2, offset 0x3880
+	0x3880: 0x000a, 0x3881: 0x000a, 0x3882: 0x000a, 0x3883: 0x000a, 0x3884: 0x000a, 0x3885: 0x000a,
+	0x3886: 0x000a, 0x3887: 0x000a, 0x3888: 0x000a, 0x3889: 0x000a, 0x388a: 0x000a, 0x388b: 0x000a,
+	0x3890: 0x000a, 0x3891: 0x000a,
+	0x3892: 0x000a, 0x3893: 0x000a, 0x3894: 0x000a, 0x3895: 0x000a, 0x3896: 0x000a, 0x3897: 0x000a,
+	0x3898: 0x000a, 0x3899: 0x000a, 0x389a: 0x000a, 0x389b: 0x000a, 0x389c: 0x000a, 0x389d: 0x000a,
+	0x389e: 0x000a, 0x389f: 0x000a, 0x38a0: 0x000a, 0x38a1: 0x000a, 0x38a2: 0x000a, 0x38a3: 0x000a,
+	0x38a4: 0x000a, 0x38a5: 0x000a, 0x38a6: 0x000a, 0x38a7: 0x000a, 0x38a8: 0x000a, 0x38a9: 0x000a,
+	0x38aa: 0x000a, 0x38ab: 0x000a, 0x38ac: 0x000a, 0x38ad: 0x000a, 0x38ae: 0x000a, 0x38af: 0x000a,
+	0x38b0: 0x000a, 0x38b1: 0x000a, 0x38b2: 0x000a, 0x38b3: 0x000a, 0x38b4: 0x000a, 0x38b5: 0x000a,
+	0x38b6: 0x000a, 0x38b7: 0x000a, 0x38b8: 0x000a, 0x38b9: 0x000a, 0x38ba: 0x000a, 0x38bb: 0x000a,
+	0x38bc: 0x000a, 0x38bd: 0x000a, 0x38be: 0x000a,
+	// Block 0xe3, offset 0x38c0
+	0x38c0: 0x000a, 0x38c1: 0x000a, 0x38c2: 0x000a, 0x38c3: 0x000a, 0x38c4: 0x000a, 0x38c5: 0x000a,
+	0x38c6: 0x000a, 0x38c7: 0x000a, 0x38c8: 0x000a, 0x38c9: 0x000a, 0x38ca: 0x000a, 0x38cb: 0x000a,
+	0x38cc: 0x000a, 0x38cd: 0x000a, 0x38ce: 0x000a, 0x38cf: 0x000a, 0x38d0: 0x000a, 0x38d1: 0x000a,
+	0x38d2: 0x000a, 0x38d3: 0x000a, 0x38d4: 0x000a, 0x38d5: 0x000a, 0x38d6: 0x000a, 0x38d7: 0x000a,
+	0x38d8: 0x000a, 0x38d9: 0x000a, 0x38da: 0x000a, 0x38db: 0x000a, 0x38dc: 0x000a, 0x38dd: 0x000a,
+	0x38de: 0x000a, 0x38df: 0x000a, 0x38e0: 0x000a, 0x38e1: 0x000a, 0x38e2: 0x000a, 0x38e3: 0x000a,
+	0x38e4: 0x000a, 0x38e5: 0x000a, 0x38e6: 0x000a, 0x38e7: 0x000a, 0x38e8: 0x000a, 0x38e9: 0x000a,
+	0x38ea: 0x000a, 0x38eb: 0x000a, 0x38ec: 0x000a, 0x38ed: 0x000a, 0x38ee: 0x000a, 0x38ef: 0x000a,
+	0x38f0: 0x000a, 0x38f3: 0x000a, 0x38f4: 0x000a, 0x38f5: 0x000a,
+	0x38f6: 0x000a, 0x38fa: 0x000a,
+	0x38fc: 0x000a, 0x38fd: 0x000a, 0x38fe: 0x000a, 0x38ff: 0x000a,
+	// Block 0xe4, offset 0x3900
+	0x3900: 0x000a, 0x3901: 0x000a, 0x3902: 0x000a, 0x3903: 0x000a, 0x3904: 0x000a, 0x3905: 0x000a,
+	0x3906: 0x000a, 0x3907: 0x000a, 0x3908: 0x000a, 0x3909: 0x000a, 0x390a: 0x000a, 0x390b: 0x000a,
+	0x390c: 0x000a, 0x390d: 0x000a, 0x390e: 0x000a, 0x390f: 0x000a, 0x3910: 0x000a, 0x3911: 0x000a,
+	0x3912: 0x000a, 0x3913: 0x000a, 0x3914: 0x000a, 0x3915: 0x000a, 0x3916: 0x000a, 0x3917: 0x000a,
+	0x3918: 0x000a, 0x3919: 0x000a, 0x391a: 0x000a, 0x391b: 0x000a, 0x391c: 0x000a, 0x391d: 0x000a,
+	0x391e: 0x000a, 0x391f: 0x000a, 0x3920: 0x000a, 0x3921: 0x000a, 0x3922: 0x000a,
+	0x3930: 0x000a, 0x3931: 0x000a, 0x3932: 0x000a, 0x3933: 0x000a, 0x3934: 0x000a, 0x3935: 0x000a,
+	0x3936: 0x000a, 0x3937: 0x000a, 0x3938: 0x000a, 0x3939: 0x000a,
+	// Block 0xe5, offset 0x3940
+	0x3940: 0x000a, 0x3941: 0x000a, 0x3942: 0x000a,
+	0x3950: 0x000a, 0x3951: 0x000a,
+	0x3952: 0x000a, 0x3953: 0x000a, 0x3954: 0x000a, 0x3955: 0x000a, 0x3956: 0x000a, 0x3957: 0x000a,
+	0x3958: 0x000a, 0x3959: 0x000a, 0x395a: 0x000a, 0x395b: 0x000a, 0x395c: 0x000a, 0x395d: 0x000a,
+	0x395e: 0x000a, 0x395f: 0x000a, 0x3960: 0x000a, 0x3961: 0x000a, 0x3962: 0x000a, 0x3963: 0x000a,
+	0x3964: 0x000a, 0x3965: 0x000a, 0x3966: 0x000a, 0x3967: 0x000a, 0x3968: 0x000a, 0x3969: 0x000a,
+	0x396a: 0x000a, 0x396b: 0x000a, 0x396c: 0x000a, 0x396d: 0x000a, 0x396e: 0x000a, 0x396f: 0x000a,
+	0x3970: 0x000a, 0x3971: 0x000a, 0x3972: 0x000a, 0x3973: 0x000a, 0x3974: 0x000a, 0x3975: 0x000a,
+	0x3976: 0x000a, 0x3977: 0x000a, 0x3978: 0x000a, 0x3979: 0x000a, 0x397a: 0x000a, 0x397b: 0x000a,
+	0x397c: 0x000a, 0x397d: 0x000a, 0x397e: 0x000a, 0x397f: 0x000a,
+	// Block 0xe6, offset 0x3980
+	0x39a0: 0x000a, 0x39a1: 0x000a, 0x39a2: 0x000a, 0x39a3: 0x000a,
+	0x39a4: 0x000a, 0x39a5: 0x000a, 0x39a6: 0x000a, 0x39a7: 0x000a, 0x39a8: 0x000a, 0x39a9: 0x000a,
+	0x39aa: 0x000a, 0x39ab: 0x000a, 0x39ac: 0x000a, 0x39ad: 0x000a,
+	// Block 0xe7, offset 0x39c0
+	0x39fe: 0x000b, 0x39ff: 0x000b,
+	// Block 0xe8, offset 0x3a00
+	0x3a00: 0x000b, 0x3a01: 0x000b, 0x3a02: 0x000b, 0x3a03: 0x000b, 0x3a04: 0x000b, 0x3a05: 0x000b,
+	0x3a06: 0x000b, 0x3a07: 0x000b, 0x3a08: 0x000b, 0x3a09: 0x000b, 0x3a0a: 0x000b, 0x3a0b: 0x000b,
+	0x3a0c: 0x000b, 0x3a0d: 0x000b, 0x3a0e: 0x000b, 0x3a0f: 0x000b, 0x3a10: 0x000b, 0x3a11: 0x000b,
+	0x3a12: 0x000b, 0x3a13: 0x000b, 0x3a14: 0x000b, 0x3a15: 0x000b, 0x3a16: 0x000b, 0x3a17: 0x000b,
+	0x3a18: 0x000b, 0x3a19: 0x000b, 0x3a1a: 0x000b, 0x3a1b: 0x000b, 0x3a1c: 0x000b, 0x3a1d: 0x000b,
+	0x3a1e: 0x000b, 0x3a1f: 0x000b, 0x3a20: 0x000b, 0x3a21: 0x000b, 0x3a22: 0x000b, 0x3a23: 0x000b,
+	0x3a24: 0x000b, 0x3a25: 0x000b, 0x3a26: 0x000b, 0x3a27: 0x000b, 0x3a28: 0x000b, 0x3a29: 0x000b,
+	0x3a2a: 0x000b, 0x3a2b: 0x000b, 0x3a2c: 0x000b, 0x3a2d: 0x000b, 0x3a2e: 0x000b, 0x3a2f: 0x000b,
+	0x3a30: 0x000b, 0x3a31: 0x000b, 0x3a32: 0x000b, 0x3a33: 0x000b, 0x3a34: 0x000b, 0x3a35: 0x000b,
+	0x3a36: 0x000b, 0x3a37: 0x000b, 0x3a38: 0x000b, 0x3a39: 0x000b, 0x3a3a: 0x000b, 0x3a3b: 0x000b,
+	0x3a3c: 0x000b, 0x3a3d: 0x000b, 0x3a3e: 0x000b, 0x3a3f: 0x000b,
+	// Block 0xe9, offset 0x3a40
+	0x3a40: 0x000c, 0x3a41: 0x000c, 0x3a42: 0x000c, 0x3a43: 0x000c, 0x3a44: 0x000c, 0x3a45: 0x000c,
+	0x3a46: 0x000c, 0x3a47: 0x000c, 0x3a48: 0x000c, 0x3a49: 0x000c, 0x3a4a: 0x000c, 0x3a4b: 0x000c,
+	0x3a4c: 0x000c, 0x3a4d: 0x000c, 0x3a4e: 0x000c, 0x3a4f: 0x000c, 0x3a50: 0x000c, 0x3a51: 0x000c,
+	0x3a52: 0x000c, 0x3a53: 0x000c, 0x3a54: 0x000c, 0x3a55: 0x000c, 0x3a56: 0x000c, 0x3a57: 0x000c,
+	0x3a58: 0x000c, 0x3a59: 0x000c, 0x3a5a: 0x000c, 0x3a5b: 0x000c, 0x3a5c: 0x000c, 0x3a5d: 0x000c,
+	0x3a5e: 0x000c, 0x3a5f: 0x000c, 0x3a60: 0x000c, 0x3a61: 0x000c, 0x3a62: 0x000c, 0x3a63: 0x000c,
+	0x3a64: 0x000c, 0x3a65: 0x000c, 0x3a66: 0x000c, 0x3a67: 0x000c, 0x3a68: 0x000c, 0x3a69: 0x000c,
+	0x3a6a: 0x000c, 0x3a6b: 0x000c, 0x3a6c: 0x000c, 0x3a6d: 0x000c, 0x3a6e: 0x000c, 0x3a6f: 0x000c,
+	0x3a70: 0x000b, 0x3a71: 0x000b, 0x3a72: 0x000b, 0x3a73: 0x000b, 0x3a74: 0x000b, 0x3a75: 0x000b,
+	0x3a76: 0x000b, 0x3a77: 0x000b, 0x3a78: 0x000b, 0x3a79: 0x000b, 0x3a7a: 0x000b, 0x3a7b: 0x000b,
+	0x3a7c: 0x000b, 0x3a7d: 0x000b, 0x3a7e: 0x000b, 0x3a7f: 0x000b,
+}
+
+// bidiIndex: 24 blocks, 1536 entries, 1536 bytes
+// Block 0 is the zero block.
+var bidiIndex = [1536]uint8{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x01, 0xc3: 0x02,
+	0xca: 0x03, 0xcb: 0x04, 0xcc: 0x05, 0xcd: 0x06, 0xce: 0x07, 0xcf: 0x08,
+	0xd2: 0x09, 0xd6: 0x0a, 0xd7: 0x0b,
+	0xd8: 0x0c, 0xd9: 0x0d, 0xda: 0x0e, 0xdb: 0x0f, 0xdc: 0x10, 0xdd: 0x11, 0xde: 0x12, 0xdf: 0x13,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06,
+	0xea: 0x07, 0xef: 0x08,
+	0xf0: 0x11, 0xf1: 0x12, 0xf2: 0x12, 0xf3: 0x14, 0xf4: 0x15,
+	// Block 0x4, offset 0x100
+	0x120: 0x14, 0x121: 0x15, 0x122: 0x16, 0x123: 0x17, 0x124: 0x18, 0x125: 0x19, 0x126: 0x1a, 0x127: 0x1b,
+	0x128: 0x1c, 0x129: 0x1d, 0x12a: 0x1c, 0x12b: 0x1e, 0x12c: 0x1f, 0x12d: 0x20, 0x12e: 0x21, 0x12f: 0x22,
+	0x130: 0x23, 0x131: 0x24, 0x132: 0x1a, 0x133: 0x25, 0x134: 0x26, 0x135: 0x27, 0x137: 0x28,
+	0x138: 0x29, 0x139: 0x2a, 0x13a: 0x2b, 0x13b: 0x2c, 0x13c: 0x2d, 0x13d: 0x2e, 0x13e: 0x2f, 0x13f: 0x30,
+	// Block 0x5, offset 0x140
+	0x140: 0x31, 0x141: 0x32, 0x142: 0x33,
+	0x14d: 0x34, 0x14e: 0x35,
+	0x150: 0x36,
+	0x15a: 0x37, 0x15c: 0x38, 0x15d: 0x39, 0x15e: 0x3a, 0x15f: 0x3b,
+	0x160: 0x3c, 0x162: 0x3d, 0x164: 0x3e, 0x165: 0x3f, 0x167: 0x40,
+	0x168: 0x41, 0x169: 0x42, 0x16a: 0x43, 0x16c: 0x44, 0x16d: 0x45, 0x16e: 0x46, 0x16f: 0x47,
+	0x170: 0x48, 0x173: 0x49, 0x177: 0x4a,
+	0x17e: 0x4b, 0x17f: 0x4c,
+	// Block 0x6, offset 0x180
+	0x180: 0x4d, 0x181: 0x4e, 0x182: 0x4f, 0x183: 0x50, 0x184: 0x51, 0x185: 0x52, 0x186: 0x53, 0x187: 0x54,
+	0x188: 0x55, 0x189: 0x54, 0x18a: 0x54, 0x18b: 0x54, 0x18c: 0x56, 0x18d: 0x57, 0x18e: 0x58, 0x18f: 0x54,
+	0x190: 0x59, 0x191: 0x5a, 0x192: 0x5b, 0x193: 0x5c, 0x194: 0x54, 0x195: 0x54, 0x196: 0x54, 0x197: 0x54,
+	0x198: 0x54, 0x199: 0x54, 0x19a: 0x5d, 0x19b: 0x54, 0x19c: 0x54, 0x19d: 0x5e, 0x19e: 0x54, 0x19f: 0x5f,
+	0x1a4: 0x54, 0x1a5: 0x54, 0x1a6: 0x60, 0x1a7: 0x61,
+	0x1a8: 0x54, 0x1a9: 0x54, 0x1aa: 0x54, 0x1ab: 0x54, 0x1ac: 0x54, 0x1ad: 0x62, 0x1ae: 0x63, 0x1af: 0x64,
+	0x1b3: 0x65, 0x1b5: 0x66, 0x1b7: 0x67,
+	0x1b8: 0x68, 0x1b9: 0x69, 0x1ba: 0x6a, 0x1bb: 0x6b, 0x1bc: 0x54, 0x1bd: 0x54, 0x1be: 0x54, 0x1bf: 0x6c,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x6d, 0x1c2: 0x6e, 0x1c3: 0x6f, 0x1c7: 0x70,
+	0x1c8: 0x71, 0x1c9: 0x72, 0x1ca: 0x73, 0x1cb: 0x74, 0x1cd: 0x75, 0x1cf: 0x76,
+	// Block 0x8, offset 0x200
+	0x237: 0x54,
+	// Block 0x9, offset 0x240
+	0x252: 0x77, 0x253: 0x78,
+	0x258: 0x79, 0x259: 0x7a, 0x25a: 0x7b, 0x25b: 0x7c, 0x25c: 0x7d, 0x25e: 0x7e,
+	0x260: 0x7f, 0x261: 0x80, 0x263: 0x81, 0x264: 0x82, 0x265: 0x83, 0x266: 0x84, 0x267: 0x85,
+	0x268: 0x86, 0x269: 0x87, 0x26a: 0x88, 0x26b: 0x89, 0x26f: 0x8a,
+	// Block 0xa, offset 0x280
+	0x2ac: 0x8b, 0x2ad: 0x8c, 0x2ae: 0x0e, 0x2af: 0x0e,
+	0x2b0: 0x0e, 0x2b1: 0x0e, 0x2b2: 0x0e, 0x2b3: 0x0e, 0x2b4: 0x8d, 0x2b5: 0x0e, 0x2b6: 0x0e, 0x2b7: 0x8e,
+	0x2b8: 0x8f, 0x2b9: 0x90, 0x2ba: 0x0e, 0x2bb: 0x91, 0x2bc: 0x92, 0x2bd: 0x93, 0x2bf: 0x94,
+	// Block 0xb, offset 0x2c0
+	0x2c4: 0x95, 0x2c5: 0x54, 0x2c6: 0x96, 0x2c7: 0x97,
+	0x2cb: 0x98, 0x2cd: 0x99,
+	0x2e0: 0x9a, 0x2e1: 0x9a, 0x2e2: 0x9a, 0x2e3: 0x9a, 0x2e4: 0x9b, 0x2e5: 0x9a, 0x2e6: 0x9a, 0x2e7: 0x9a,
+	0x2e8: 0x9c, 0x2e9: 0x9a, 0x2ea: 0x9a, 0x2eb: 0x9d, 0x2ec: 0x9e, 0x2ed: 0x9a, 0x2ee: 0x9a, 0x2ef: 0x9a,
+	0x2f0: 0x9a, 0x2f1: 0x9a, 0x2f2: 0x9a, 0x2f3: 0x9a, 0x2f4: 0x9f, 0x2f5: 0x9a, 0x2f6: 0x9a, 0x2f7: 0x9a,
+	0x2f8: 0x9a, 0x2f9: 0xa0, 0x2fa: 0x9a, 0x2fb: 0x9a, 0x2fc: 0xa1, 0x2fd: 0xa2, 0x2fe: 0x9a, 0x2ff: 0x9a,
+	// Block 0xc, offset 0x300
+	0x300: 0xa3, 0x301: 0xa4, 0x302: 0xa5, 0x304: 0xa6, 0x305: 0xa7, 0x306: 0xa8, 0x307: 0xa9,
+	0x308: 0xaa, 0x30b: 0xab, 0x30c: 0x26, 0x30d: 0xac,
+	0x310: 0xad, 0x311: 0xae, 0x312: 0xaf, 0x313: 0xb0, 0x316: 0xb1, 0x317: 0xb2,
+	0x318: 0xb3, 0x319: 0xb4, 0x31a: 0xb5, 0x31c: 0xb6,
+	0x320: 0xb7,
+	0x328: 0xb8, 0x329: 0xb9, 0x32a: 0xba,
+	0x330: 0xbb, 0x332: 0xbc, 0x334: 0xbd, 0x335: 0xbe, 0x336: 0xbf,
+	0x33b: 0xc0,
+	// Block 0xd, offset 0x340
+	0x36b: 0xc1, 0x36c: 0xc2,
+	0x37e: 0xc3,
+	// Block 0xe, offset 0x380
+	0x3b2: 0xc4,
+	// Block 0xf, offset 0x3c0
+	0x3c5: 0xc5, 0x3c6: 0xc6,
+	0x3c8: 0x54, 0x3c9: 0xc7, 0x3cc: 0x54, 0x3cd: 0xc8,
+	0x3db: 0xc9, 0x3dc: 0xca, 0x3dd: 0xcb, 0x3de: 0xcc, 0x3df: 0xcd,
+	0x3e8: 0xce, 0x3e9: 0xcf, 0x3ea: 0xd0,
+	// Block 0x10, offset 0x400
+	0x400: 0xd1,
+	0x420: 0x9a, 0x421: 0x9a, 0x422: 0x9a, 0x423: 0xd2, 0x424: 0x9a, 0x425: 0xd3, 0x426: 0x9a, 0x427: 0x9a,
+	0x428: 0x9a, 0x429: 0x9a, 0x42a: 0x9a, 0x42b: 0x9a, 0x42c: 0x9a, 0x42d: 0x9a, 0x42e: 0x9a, 0x42f: 0x9a,
+	0x430: 0x9a, 0x431: 0xa1, 0x432: 0x0e, 0x433: 0x9a, 0x434: 0x9a, 0x435: 0x9a, 0x436: 0x9a, 0x437: 0x9a,
+	0x438: 0x0e, 0x439: 0x0e, 0x43a: 0x0e, 0x43b: 0xd4, 0x43c: 0x9a, 0x43d: 0x9a, 0x43e: 0x9a, 0x43f: 0x9a,
+	// Block 0x11, offset 0x440
+	0x440: 0xd5, 0x441: 0x54, 0x442: 0xd6, 0x443: 0xd7, 0x444: 0xd8, 0x445: 0xd9,
+	0x449: 0xda, 0x44c: 0x54, 0x44d: 0x54, 0x44e: 0x54, 0x44f: 0x54,
+	0x450: 0x54, 0x451: 0x54, 0x452: 0x54, 0x453: 0x54, 0x454: 0x54, 0x455: 0x54, 0x456: 0x54, 0x457: 0x54,
+	0x458: 0x54, 0x459: 0x54, 0x45a: 0x54, 0x45b: 0xdb, 0x45c: 0x54, 0x45d: 0x6b, 0x45e: 0x54, 0x45f: 0xdc,
+	0x460: 0xdd, 0x461: 0xde, 0x462: 0xdf, 0x464: 0xe0, 0x465: 0xe1, 0x466: 0xe2, 0x467: 0xe3,
+	0x469: 0xe4,
+	0x47f: 0xe5,
+	// Block 0x12, offset 0x480
+	0x4bf: 0xe5,
+	// Block 0x13, offset 0x4c0
+	0x4d0: 0x09, 0x4d1: 0x0a, 0x4d6: 0x0b,
+	0x4db: 0x0c, 0x4dd: 0x0d, 0x4de: 0x0e, 0x4df: 0x0f,
+	0x4ef: 0x10,
+	0x4ff: 0x10,
+	// Block 0x14, offset 0x500
+	0x50f: 0x10,
+	0x51f: 0x10,
+	0x52f: 0x10,
+	0x53f: 0x10,
+	// Block 0x15, offset 0x540
+	0x540: 0xe6, 0x541: 0xe6, 0x542: 0xe6, 0x543: 0xe6, 0x544: 0x05, 0x545: 0x05, 0x546: 0x05, 0x547: 0xe7,
+	0x548: 0xe6, 0x549: 0xe6, 0x54a: 0xe6, 0x54b: 0xe6, 0x54c: 0xe6, 0x54d: 0xe6, 0x54e: 0xe6, 0x54f: 0xe6,
+	0x550: 0xe6, 0x551: 0xe6, 0x552: 0xe6, 0x553: 0xe6, 0x554: 0xe6, 0x555: 0xe6, 0x556: 0xe6, 0x557: 0xe6,
+	0x558: 0xe6, 0x559: 0xe6, 0x55a: 0xe6, 0x55b: 0xe6, 0x55c: 0xe6, 0x55d: 0xe6, 0x55e: 0xe6, 0x55f: 0xe6,
+	0x560: 0xe6, 0x561: 0xe6, 0x562: 0xe6, 0x563: 0xe6, 0x564: 0xe6, 0x565: 0xe6, 0x566: 0xe6, 0x567: 0xe6,
+	0x568: 0xe6, 0x569: 0xe6, 0x56a: 0xe6, 0x56b: 0xe6, 0x56c: 0xe6, 0x56d: 0xe6, 0x56e: 0xe6, 0x56f: 0xe6,
+	0x570: 0xe6, 0x571: 0xe6, 0x572: 0xe6, 0x573: 0xe6, 0x574: 0xe6, 0x575: 0xe6, 0x576: 0xe6, 0x577: 0xe6,
+	0x578: 0xe6, 0x579: 0xe6, 0x57a: 0xe6, 0x57b: 0xe6, 0x57c: 0xe6, 0x57d: 0xe6, 0x57e: 0xe6, 0x57f: 0xe6,
+	// Block 0x16, offset 0x580
+	0x58f: 0x10,
+	0x59f: 0x10,
+	0x5a0: 0x13,
+	0x5af: 0x10,
+	0x5bf: 0x10,
+	// Block 0x17, offset 0x5c0
+	0x5cf: 0x10,
+}
+
+// Total table size 16568 bytes (16KiB); checksum: F50EF68C
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
new file mode 100644
index 0000000000000..7ffa365121cbf
--- /dev/null
+++ b/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
@@ -0,0 +1,1923 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+// +build go1.14
+
+package bidi
+
+// UnicodeVersion is the Unicode version from which the tables in this package are derived.
+const UnicodeVersion = "12.0.0"
+
+// xorMasks contains masks to be xor-ed with brackets to get the reverse
+// version.
+var xorMasks = []int32{ // 8 elements
+	0, 1, 6, 7, 3, 15, 29, 63,
+} // Size: 56 bytes
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *bidiTrie) lookup(s []byte) (v uint8, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return bidiValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = bidiIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = bidiIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = bidiIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *bidiTrie) lookupUnsafe(s []byte) uint8 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return bidiValues[c0]
+	}
+	i := bidiIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = bidiIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = bidiIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *bidiTrie) lookupString(s string) (v uint8, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return bidiValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = bidiIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := bidiIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = bidiIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = bidiIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *bidiTrie) lookupStringUnsafe(s string) uint8 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return bidiValues[c0]
+	}
+	i := bidiIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = bidiIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = bidiIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// bidiTrie. Total size: 16896 bytes (16.50 KiB). Checksum: 6f0927067913dc6d.
+type bidiTrie struct{}
+
+func newBidiTrie(i int) *bidiTrie {
+	return &bidiTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *bidiTrie) lookupValue(n uint32, b byte) uint8 {
+	switch {
+	default:
+		return uint8(bidiValues[n<<6+uint32(b)])
+	}
+}
+
+// bidiValues: 240 blocks, 15360 entries, 15360 bytes
+// The third block is the zero block.
+var bidiValues = [15360]uint8{
+	// Block 0x0, offset 0x0
+	0x00: 0x000b, 0x01: 0x000b, 0x02: 0x000b, 0x03: 0x000b, 0x04: 0x000b, 0x05: 0x000b,
+	0x06: 0x000b, 0x07: 0x000b, 0x08: 0x000b, 0x09: 0x0008, 0x0a: 0x0007, 0x0b: 0x0008,
+	0x0c: 0x0009, 0x0d: 0x0007, 0x0e: 0x000b, 0x0f: 0x000b, 0x10: 0x000b, 0x11: 0x000b,
+	0x12: 0x000b, 0x13: 0x000b, 0x14: 0x000b, 0x15: 0x000b, 0x16: 0x000b, 0x17: 0x000b,
+	0x18: 0x000b, 0x19: 0x000b, 0x1a: 0x000b, 0x1b: 0x000b, 0x1c: 0x0007, 0x1d: 0x0007,
+	0x1e: 0x0007, 0x1f: 0x0008, 0x20: 0x0009, 0x21: 0x000a, 0x22: 0x000a, 0x23: 0x0004,
+	0x24: 0x0004, 0x25: 0x0004, 0x26: 0x000a, 0x27: 0x000a, 0x28: 0x003a, 0x29: 0x002a,
+	0x2a: 0x000a, 0x2b: 0x0003, 0x2c: 0x0006, 0x2d: 0x0003, 0x2e: 0x0006, 0x2f: 0x0006,
+	0x30: 0x0002, 0x31: 0x0002, 0x32: 0x0002, 0x33: 0x0002, 0x34: 0x0002, 0x35: 0x0002,
+	0x36: 0x0002, 0x37: 0x0002, 0x38: 0x0002, 0x39: 0x0002, 0x3a: 0x0006, 0x3b: 0x000a,
+	0x3c: 0x000a, 0x3d: 0x000a, 0x3e: 0x000a, 0x3f: 0x000a,
+	// Block 0x1, offset 0x40
+	0x40: 0x000a,
+	0x5b: 0x005a, 0x5c: 0x000a, 0x5d: 0x004a,
+	0x5e: 0x000a, 0x5f: 0x000a, 0x60: 0x000a,
+	0x7b: 0x005a,
+	0x7c: 0x000a, 0x7d: 0x004a, 0x7e: 0x000a, 0x7f: 0x000b,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x000b, 0xc1: 0x000b, 0xc2: 0x000b, 0xc3: 0x000b, 0xc4: 0x000b, 0xc5: 0x0007,
+	0xc6: 0x000b, 0xc7: 0x000b, 0xc8: 0x000b, 0xc9: 0x000b, 0xca: 0x000b, 0xcb: 0x000b,
+	0xcc: 0x000b, 0xcd: 0x000b, 0xce: 0x000b, 0xcf: 0x000b, 0xd0: 0x000b, 0xd1: 0x000b,
+	0xd2: 0x000b, 0xd3: 0x000b, 0xd4: 0x000b, 0xd5: 0x000b, 0xd6: 0x000b, 0xd7: 0x000b,
+	0xd8: 0x000b, 0xd9: 0x000b, 0xda: 0x000b, 0xdb: 0x000b, 0xdc: 0x000b, 0xdd: 0x000b,
+	0xde: 0x000b, 0xdf: 0x000b, 0xe0: 0x0006, 0xe1: 0x000a, 0xe2: 0x0004, 0xe3: 0x0004,
+	0xe4: 0x0004, 0xe5: 0x0004, 0xe6: 0x000a, 0xe7: 0x000a, 0xe8: 0x000a, 0xe9: 0x000a,
+	0xeb: 0x000a, 0xec: 0x000a, 0xed: 0x000b, 0xee: 0x000a, 0xef: 0x000a,
+	0xf0: 0x0004, 0xf1: 0x0004, 0xf2: 0x0002, 0xf3: 0x0002, 0xf4: 0x000a,
+	0xf6: 0x000a, 0xf7: 0x000a, 0xf8: 0x000a, 0xf9: 0x0002, 0xfb: 0x000a,
+	0xfc: 0x000a, 0xfd: 0x000a, 0xfe: 0x000a, 0xff: 0x000a,
+	// Block 0x4, offset 0x100
+	0x117: 0x000a,
+	0x137: 0x000a,
+	// Block 0x5, offset 0x140
+	0x179: 0x000a, 0x17a: 0x000a,
+	// Block 0x6, offset 0x180
+	0x182: 0x000a, 0x183: 0x000a, 0x184: 0x000a, 0x185: 0x000a,
+	0x186: 0x000a, 0x187: 0x000a, 0x188: 0x000a, 0x189: 0x000a, 0x18a: 0x000a, 0x18b: 0x000a,
+	0x18c: 0x000a, 0x18d: 0x000a, 0x18e: 0x000a, 0x18f: 0x000a,
+	0x192: 0x000a, 0x193: 0x000a, 0x194: 0x000a, 0x195: 0x000a, 0x196: 0x000a, 0x197: 0x000a,
+	0x198: 0x000a, 0x199: 0x000a, 0x19a: 0x000a, 0x19b: 0x000a, 0x19c: 0x000a, 0x19d: 0x000a,
+	0x19e: 0x000a, 0x19f: 0x000a,
+	0x1a5: 0x000a, 0x1a6: 0x000a, 0x1a7: 0x000a, 0x1a8: 0x000a, 0x1a9: 0x000a,
+	0x1aa: 0x000a, 0x1ab: 0x000a, 0x1ac: 0x000a, 0x1ad: 0x000a, 0x1af: 0x000a,
+	0x1b0: 0x000a, 0x1b1: 0x000a, 0x1b2: 0x000a, 0x1b3: 0x000a, 0x1b4: 0x000a, 0x1b5: 0x000a,
+	0x1b6: 0x000a, 0x1b7: 0x000a, 0x1b8: 0x000a, 0x1b9: 0x000a, 0x1ba: 0x000a, 0x1bb: 0x000a,
+	0x1bc: 0x000a, 0x1bd: 0x000a, 0x1be: 0x000a, 0x1bf: 0x000a,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x000c, 0x1c1: 0x000c, 0x1c2: 0x000c, 0x1c3: 0x000c, 0x1c4: 0x000c, 0x1c5: 0x000c,
+	0x1c6: 0x000c, 0x1c7: 0x000c, 0x1c8: 0x000c, 0x1c9: 0x000c, 0x1ca: 0x000c, 0x1cb: 0x000c,
+	0x1cc: 0x000c, 0x1cd: 0x000c, 0x1ce: 0x000c, 0x1cf: 0x000c, 0x1d0: 0x000c, 0x1d1: 0x000c,
+	0x1d2: 0x000c, 0x1d3: 0x000c, 0x1d4: 0x000c, 0x1d5: 0x000c, 0x1d6: 0x000c, 0x1d7: 0x000c,
+	0x1d8: 0x000c, 0x1d9: 0x000c, 0x1da: 0x000c, 0x1db: 0x000c, 0x1dc: 0x000c, 0x1dd: 0x000c,
+	0x1de: 0x000c, 0x1df: 0x000c, 0x1e0: 0x000c, 0x1e1: 0x000c, 0x1e2: 0x000c, 0x1e3: 0x000c,
+	0x1e4: 0x000c, 0x1e5: 0x000c, 0x1e6: 0x000c, 0x1e7: 0x000c, 0x1e8: 0x000c, 0x1e9: 0x000c,
+	0x1ea: 0x000c, 0x1eb: 0x000c, 0x1ec: 0x000c, 0x1ed: 0x000c, 0x1ee: 0x000c, 0x1ef: 0x000c,
+	0x1f0: 0x000c, 0x1f1: 0x000c, 0x1f2: 0x000c, 0x1f3: 0x000c, 0x1f4: 0x000c, 0x1f5: 0x000c,
+	0x1f6: 0x000c, 0x1f7: 0x000c, 0x1f8: 0x000c, 0x1f9: 0x000c, 0x1fa: 0x000c, 0x1fb: 0x000c,
+	0x1fc: 0x000c, 0x1fd: 0x000c, 0x1fe: 0x000c, 0x1ff: 0x000c,
+	// Block 0x8, offset 0x200
+	0x200: 0x000c, 0x201: 0x000c, 0x202: 0x000c, 0x203: 0x000c, 0x204: 0x000c, 0x205: 0x000c,
+	0x206: 0x000c, 0x207: 0x000c, 0x208: 0x000c, 0x209: 0x000c, 0x20a: 0x000c, 0x20b: 0x000c,
+	0x20c: 0x000c, 0x20d: 0x000c, 0x20e: 0x000c, 0x20f: 0x000c, 0x210: 0x000c, 0x211: 0x000c,
+	0x212: 0x000c, 0x213: 0x000c, 0x214: 0x000c, 0x215: 0x000c, 0x216: 0x000c, 0x217: 0x000c,
+	0x218: 0x000c, 0x219: 0x000c, 0x21a: 0x000c, 0x21b: 0x000c, 0x21c: 0x000c, 0x21d: 0x000c,
+	0x21e: 0x000c, 0x21f: 0x000c, 0x220: 0x000c, 0x221: 0x000c, 0x222: 0x000c, 0x223: 0x000c,
+	0x224: 0x000c, 0x225: 0x000c, 0x226: 0x000c, 0x227: 0x000c, 0x228: 0x000c, 0x229: 0x000c,
+	0x22a: 0x000c, 0x22b: 0x000c, 0x22c: 0x000c, 0x22d: 0x000c, 0x22e: 0x000c, 0x22f: 0x000c,
+	0x234: 0x000a, 0x235: 0x000a,
+	0x23e: 0x000a,
+	// Block 0x9, offset 0x240
+	0x244: 0x000a, 0x245: 0x000a,
+	0x247: 0x000a,
+	// Block 0xa, offset 0x280
+	0x2b6: 0x000a,
+	// Block 0xb, offset 0x2c0
+	0x2c3: 0x000c, 0x2c4: 0x000c, 0x2c5: 0x000c,
+	0x2c6: 0x000c, 0x2c7: 0x000c, 0x2c8: 0x000c, 0x2c9: 0x000c,
+	// Block 0xc, offset 0x300
+	0x30a: 0x000a,
+	0x30d: 0x000a, 0x30e: 0x000a, 0x30f: 0x0004, 0x310: 0x0001, 0x311: 0x000c,
+	0x312: 0x000c, 0x313: 0x000c, 0x314: 0x000c, 0x315: 0x000c, 0x316: 0x000c, 0x317: 0x000c,
+	0x318: 0x000c, 0x319: 0x000c, 0x31a: 0x000c, 0x31b: 0x000c, 0x31c: 0x000c, 0x31d: 0x000c,
+	0x31e: 0x000c, 0x31f: 0x000c, 0x320: 0x000c, 0x321: 0x000c, 0x322: 0x000c, 0x323: 0x000c,
+	0x324: 0x000c, 0x325: 0x000c, 0x326: 0x000c, 0x327: 0x000c, 0x328: 0x000c, 0x329: 0x000c,
+	0x32a: 0x000c, 0x32b: 0x000c, 0x32c: 0x000c, 0x32d: 0x000c, 0x32e: 0x000c, 0x32f: 0x000c,
+	0x330: 0x000c, 0x331: 0x000c, 0x332: 0x000c, 0x333: 0x000c, 0x334: 0x000c, 0x335: 0x000c,
+	0x336: 0x000c, 0x337: 0x000c, 0x338: 0x000c, 0x339: 0x000c, 0x33a: 0x000c, 0x33b: 0x000c,
+	0x33c: 0x000c, 0x33d: 0x000c, 0x33e: 0x0001, 0x33f: 0x000c,
+	// Block 0xd, offset 0x340
+	0x340: 0x0001, 0x341: 0x000c, 0x342: 0x000c, 0x343: 0x0001, 0x344: 0x000c, 0x345: 0x000c,
+	0x346: 0x0001, 0x347: 0x000c, 0x348: 0x0001, 0x349: 0x0001, 0x34a: 0x0001, 0x34b: 0x0001,
+	0x34c: 0x0001, 0x34d: 0x0001, 0x34e: 0x0001, 0x34f: 0x0001, 0x350: 0x0001, 0x351: 0x0001,
+	0x352: 0x0001, 0x353: 0x0001, 0x354: 0x0001, 0x355: 0x0001, 0x356: 0x0001, 0x357: 0x0001,
+	0x358: 0x0001, 0x359: 0x0001, 0x35a: 0x0001, 0x35b: 0x0001, 0x35c: 0x0001, 0x35d: 0x0001,
+	0x35e: 0x0001, 0x35f: 0x0001, 0x360: 0x0001, 0x361: 0x0001, 0x362: 0x0001, 0x363: 0x0001,
+	0x364: 0x0001, 0x365: 0x0001, 0x366: 0x0001, 0x367: 0x0001, 0x368: 0x0001, 0x369: 0x0001,
+	0x36a: 0x0001, 0x36b: 0x0001, 0x36c: 0x0001, 0x36d: 0x0001, 0x36e: 0x0001, 0x36f: 0x0001,
+	0x370: 0x0001, 0x371: 0x0001, 0x372: 0x0001, 0x373: 0x0001, 0x374: 0x0001, 0x375: 0x0001,
+	0x376: 0x0001, 0x377: 0x0001, 0x378: 0x0001, 0x379: 0x0001, 0x37a: 0x0001, 0x37b: 0x0001,
+	0x37c: 0x0001, 0x37d: 0x0001, 0x37e: 0x0001, 0x37f: 0x0001,
+	// Block 0xe, offset 0x380
+	0x380: 0x0005, 0x381: 0x0005, 0x382: 0x0005, 0x383: 0x0005, 0x384: 0x0005, 0x385: 0x0005,
+	0x386: 0x000a, 0x387: 0x000a, 0x388: 0x000d, 0x389: 0x0004, 0x38a: 0x0004, 0x38b: 0x000d,
+	0x38c: 0x0006, 0x38d: 0x000d, 0x38e: 0x000a, 0x38f: 0x000a, 0x390: 0x000c, 0x391: 0x000c,
+	0x392: 0x000c, 0x393: 0x000c, 0x394: 0x000c, 0x395: 0x000c, 0x396: 0x000c, 0x397: 0x000c,
+	0x398: 0x000c, 0x399: 0x000c, 0x39a: 0x000c, 0x39b: 0x000d, 0x39c: 0x000d, 0x39d: 0x000d,
+	0x39e: 0x000d, 0x39f: 0x000d, 0x3a0: 0x000d, 0x3a1: 0x000d, 0x3a2: 0x000d, 0x3a3: 0x000d,
+	0x3a4: 0x000d, 0x3a5: 0x000d, 0x3a6: 0x000d, 0x3a7: 0x000d, 0x3a8: 0x000d, 0x3a9: 0x000d,
+	0x3aa: 0x000d, 0x3ab: 0x000d, 0x3ac: 0x000d, 0x3ad: 0x000d, 0x3ae: 0x000d, 0x3af: 0x000d,
+	0x3b0: 0x000d, 0x3b1: 0x000d, 0x3b2: 0x000d, 0x3b3: 0x000d, 0x3b4: 0x000d, 0x3b5: 0x000d,
+	0x3b6: 0x000d, 0x3b7: 0x000d, 0x3b8: 0x000d, 0x3b9: 0x000d, 0x3ba: 0x000d, 0x3bb: 0x000d,
+	0x3bc: 0x000d, 0x3bd: 0x000d, 0x3be: 0x000d, 0x3bf: 0x000d,
+	// Block 0xf, offset 0x3c0
+	0x3c0: 0x000d, 0x3c1: 0x000d, 0x3c2: 0x000d, 0x3c3: 0x000d, 0x3c4: 0x000d, 0x3c5: 0x000d,
+	0x3c6: 0x000d, 0x3c7: 0x000d, 0x3c8: 0x000d, 0x3c9: 0x000d, 0x3ca: 0x000d, 0x3cb: 0x000c,
+	0x3cc: 0x000c, 0x3cd: 0x000c, 0x3ce: 0x000c, 0x3cf: 0x000c, 0x3d0: 0x000c, 0x3d1: 0x000c,
+	0x3d2: 0x000c, 0x3d3: 0x000c, 0x3d4: 0x000c, 0x3d5: 0x000c, 0x3d6: 0x000c, 0x3d7: 0x000c,
+	0x3d8: 0x000c, 0x3d9: 0x000c, 0x3da: 0x000c, 0x3db: 0x000c, 0x3dc: 0x000c, 0x3dd: 0x000c,
+	0x3de: 0x000c, 0x3df: 0x000c, 0x3e0: 0x0005, 0x3e1: 0x0005, 0x3e2: 0x0005, 0x3e3: 0x0005,
+	0x3e4: 0x0005, 0x3e5: 0x0005, 0x3e6: 0x0005, 0x3e7: 0x0005, 0x3e8: 0x0005, 0x3e9: 0x0005,
+	0x3ea: 0x0004, 0x3eb: 0x0005, 0x3ec: 0x0005, 0x3ed: 0x000d, 0x3ee: 0x000d, 0x3ef: 0x000d,
+	0x3f0: 0x000c, 0x3f1: 0x000d, 0x3f2: 0x000d, 0x3f3: 0x000d, 0x3f4: 0x000d, 0x3f5: 0x000d,
+	0x3f6: 0x000d, 0x3f7: 0x000d, 0x3f8: 0x000d, 0x3f9: 0x000d, 0x3fa: 0x000d, 0x3fb: 0x000d,
+	0x3fc: 0x000d, 0x3fd: 0x000d, 0x3fe: 0x000d, 0x3ff: 0x000d,
+	// Block 0x10, offset 0x400
+	0x400: 0x000d, 0x401: 0x000d, 0x402: 0x000d, 0x403: 0x000d, 0x404: 0x000d, 0x405: 0x000d,
+	0x406: 0x000d, 0x407: 0x000d, 0x408: 0x000d, 0x409: 0x000d, 0x40a: 0x000d, 0x40b: 0x000d,
+	0x40c: 0x000d, 0x40d: 0x000d, 0x40e: 0x000d, 0x40f: 0x000d, 0x410: 0x000d, 0x411: 0x000d,
+	0x412: 0x000d, 0x413: 0x000d, 0x414: 0x000d, 0x415: 0x000d, 0x416: 0x000d, 0x417: 0x000d,
+	0x418: 0x000d, 0x419: 0x000d, 0x41a: 0x000d, 0x41b: 0x000d, 0x41c: 0x000d, 0x41d: 0x000d,
+	0x41e: 0x000d, 0x41f: 0x000d, 0x420: 0x000d, 0x421: 0x000d, 0x422: 0x000d, 0x423: 0x000d,
+	0x424: 0x000d, 0x425: 0x000d, 0x426: 0x000d, 0x427: 0x000d, 0x428: 0x000d, 0x429: 0x000d,
+	0x42a: 0x000d, 0x42b: 0x000d, 0x42c: 0x000d, 0x42d: 0x000d, 0x42e: 0x000d, 0x42f: 0x000d,
+	0x430: 0x000d, 0x431: 0x000d, 0x432: 0x000d, 0x433: 0x000d, 0x434: 0x000d, 0x435: 0x000d,
+	0x436: 0x000d, 0x437: 0x000d, 0x438: 0x000d, 0x439: 0x000d, 0x43a: 0x000d, 0x43b: 0x000d,
+	0x43c: 0x000d, 0x43d: 0x000d, 0x43e: 0x000d, 0x43f: 0x000d,
+	// Block 0x11, offset 0x440
+	0x440: 0x000d, 0x441: 0x000d, 0x442: 0x000d, 0x443: 0x000d, 0x444: 0x000d, 0x445: 0x000d,
+	0x446: 0x000d, 0x447: 0x000d, 0x448: 0x000d, 0x449: 0x000d, 0x44a: 0x000d, 0x44b: 0x000d,
+	0x44c: 0x000d, 0x44d: 0x000d, 0x44e: 0x000d, 0x44f: 0x000d, 0x450: 0x000d, 0x451: 0x000d,
+	0x452: 0x000d, 0x453: 0x000d, 0x454: 0x000d, 0x455: 0x000d, 0x456: 0x000c, 0x457: 0x000c,
+	0x458: 0x000c, 0x459: 0x000c, 0x45a: 0x000c, 0x45b: 0x000c, 0x45c: 0x000c, 0x45d: 0x0005,
+	0x45e: 0x000a, 0x45f: 0x000c, 0x460: 0x000c, 0x461: 0x000c, 0x462: 0x000c, 0x463: 0x000c,
+	0x464: 0x000c, 0x465: 0x000d, 0x466: 0x000d, 0x467: 0x000c, 0x468: 0x000c, 0x469: 0x000a,
+	0x46a: 0x000c, 0x46b: 0x000c, 0x46c: 0x000c, 0x46d: 0x000c, 0x46e: 0x000d, 0x46f: 0x000d,
+	0x470: 0x0002, 0x471: 0x0002, 0x472: 0x0002, 0x473: 0x0002, 0x474: 0x0002, 0x475: 0x0002,
+	0x476: 0x0002, 0x477: 0x0002, 0x478: 0x0002, 0x479: 0x0002, 0x47a: 0x000d, 0x47b: 0x000d,
+	0x47c: 0x000d, 0x47d: 0x000d, 0x47e: 0x000d, 0x47f: 0x000d,
+	// Block 0x12, offset 0x480
+	0x480: 0x000d, 0x481: 0x000d, 0x482: 0x000d, 0x483: 0x000d, 0x484: 0x000d, 0x485: 0x000d,
+	0x486: 0x000d, 0x487: 0x000d, 0x488: 0x000d, 0x489: 0x000d, 0x48a: 0x000d, 0x48b: 0x000d,
+	0x48c: 0x000d, 0x48d: 0x000d, 0x48e: 0x000d, 0x48f: 0x000d, 0x490: 0x000d, 0x491: 0x000c,
+	0x492: 0x000d, 0x493: 0x000d, 0x494: 0x000d, 0x495: 0x000d, 0x496: 0x000d, 0x497: 0x000d,
+	0x498: 0x000d, 0x499: 0x000d, 0x49a: 0x000d, 0x49b: 0x000d, 0x49c: 0x000d, 0x49d: 0x000d,
+	0x49e: 0x000d, 0x49f: 0x000d, 0x4a0: 0x000d, 0x4a1: 0x000d, 0x4a2: 0x000d, 0x4a3: 0x000d,
+	0x4a4: 0x000d, 0x4a5: 0x000d, 0x4a6: 0x000d, 0x4a7: 0x000d, 0x4a8: 0x000d, 0x4a9: 0x000d,
+	0x4aa: 0x000d, 0x4ab: 0x000d, 0x4ac: 0x000d, 0x4ad: 0x000d, 0x4ae: 0x000d, 0x4af: 0x000d,
+	0x4b0: 0x000c, 0x4b1: 0x000c, 0x4b2: 0x000c, 0x4b3: 0x000c, 0x4b4: 0x000c, 0x4b5: 0x000c,
+	0x4b6: 0x000c, 0x4b7: 0x000c, 0x4b8: 0x000c, 0x4b9: 0x000c, 0x4ba: 0x000c, 0x4bb: 0x000c,
+	0x4bc: 0x000c, 0x4bd: 0x000c, 0x4be: 0x000c, 0x4bf: 0x000c,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x000c, 0x4c1: 0x000c, 0x4c2: 0x000c, 0x4c3: 0x000c, 0x4c4: 0x000c, 0x4c5: 0x000c,
+	0x4c6: 0x000c, 0x4c7: 0x000c, 0x4c8: 0x000c, 0x4c9: 0x000c, 0x4ca: 0x000c, 0x4cb: 0x000d,
+	0x4cc: 0x000d, 0x4cd: 0x000d, 0x4ce: 0x000d, 0x4cf: 0x000d, 0x4d0: 0x000d, 0x4d1: 0x000d,
+	0x4d2: 0x000d, 0x4d3: 0x000d, 0x4d4: 0x000d, 0x4d5: 0x000d, 0x4d6: 0x000d, 0x4d7: 0x000d,
+	0x4d8: 0x000d, 0x4d9: 0x000d, 0x4da: 0x000d, 0x4db: 0x000d, 0x4dc: 0x000d, 0x4dd: 0x000d,
+	0x4de: 0x000d, 0x4df: 0x000d, 0x4e0: 0x000d, 0x4e1: 0x000d, 0x4e2: 0x000d, 0x4e3: 0x000d,
+	0x4e4: 0x000d, 0x4e5: 0x000d, 0x4e6: 0x000d, 0x4e7: 0x000d, 0x4e8: 0x000d, 0x4e9: 0x000d,
+	0x4ea: 0x000d, 0x4eb: 0x000d, 0x4ec: 0x000d, 0x4ed: 0x000d, 0x4ee: 0x000d, 0x4ef: 0x000d,
+	0x4f0: 0x000d, 0x4f1: 0x000d, 0x4f2: 0x000d, 0x4f3: 0x000d, 0x4f4: 0x000d, 0x4f5: 0x000d,
+	0x4f6: 0x000d, 0x4f7: 0x000d, 0x4f8: 0x000d, 0x4f9: 0x000d, 0x4fa: 0x000d, 0x4fb: 0x000d,
+	0x4fc: 0x000d, 0x4fd: 0x000d, 0x4fe: 0x000d, 0x4ff: 0x000d,
+	// Block 0x14, offset 0x500
+	0x500: 0x000d, 0x501: 0x000d, 0x502: 0x000d, 0x503: 0x000d, 0x504: 0x000d, 0x505: 0x000d,
+	0x506: 0x000d, 0x507: 0x000d, 0x508: 0x000d, 0x509: 0x000d, 0x50a: 0x000d, 0x50b: 0x000d,
+	0x50c: 0x000d, 0x50d: 0x000d, 0x50e: 0x000d, 0x50f: 0x000d, 0x510: 0x000d, 0x511: 0x000d,
+	0x512: 0x000d, 0x513: 0x000d, 0x514: 0x000d, 0x515: 0x000d, 0x516: 0x000d, 0x517: 0x000d,
+	0x518: 0x000d, 0x519: 0x000d, 0x51a: 0x000d, 0x51b: 0x000d, 0x51c: 0x000d, 0x51d: 0x000d,
+	0x51e: 0x000d, 0x51f: 0x000d, 0x520: 0x000d, 0x521: 0x000d, 0x522: 0x000d, 0x523: 0x000d,
+	0x524: 0x000d, 0x525: 0x000d, 0x526: 0x000c, 0x527: 0x000c, 0x528: 0x000c, 0x529: 0x000c,
+	0x52a: 0x000c, 0x52b: 0x000c, 0x52c: 0x000c, 0x52d: 0x000c, 0x52e: 0x000c, 0x52f: 0x000c,
+	0x530: 0x000c, 0x531: 0x000d, 0x532: 0x000d, 0x533: 0x000d, 0x534: 0x000d, 0x535: 0x000d,
+	0x536: 0x000d, 0x537: 0x000d, 0x538: 0x000d, 0x539: 0x000d, 0x53a: 0x000d, 0x53b: 0x000d,
+	0x53c: 0x000d, 0x53d: 0x000d, 0x53e: 0x000d, 0x53f: 0x000d,
+	// Block 0x15, offset 0x540
+	0x540: 0x0001, 0x541: 0x0001, 0x542: 0x0001, 0x543: 0x0001, 0x544: 0x0001, 0x545: 0x0001,
+	0x546: 0x0001, 0x547: 0x0001, 0x548: 0x0001, 0x549: 0x0001, 0x54a: 0x0001, 0x54b: 0x0001,
+	0x54c: 0x0001, 0x54d: 0x0001, 0x54e: 0x0001, 0x54f: 0x0001, 0x550: 0x0001, 0x551: 0x0001,
+	0x552: 0x0001, 0x553: 0x0001, 0x554: 0x0001, 0x555: 0x0001, 0x556: 0x0001, 0x557: 0x0001,
+	0x558: 0x0001, 0x559: 0x0001, 0x55a: 0x0001, 0x55b: 0x0001, 0x55c: 0x0001, 0x55d: 0x0001,
+	0x55e: 0x0001, 0x55f: 0x0001, 0x560: 0x0001, 0x561: 0x0001, 0x562: 0x0001, 0x563: 0x0001,
+	0x564: 0x0001, 0x565: 0x0001, 0x566: 0x0001, 0x567: 0x0001, 0x568: 0x0001, 0x569: 0x0001,
+	0x56a: 0x0001, 0x56b: 0x000c, 0x56c: 0x000c, 0x56d: 0x000c, 0x56e: 0x000c, 0x56f: 0x000c,
+	0x570: 0x000c, 0x571: 0x000c, 0x572: 0x000c, 0x573: 0x000c, 0x574: 0x0001, 0x575: 0x0001,
+	0x576: 0x000a, 0x577: 0x000a, 0x578: 0x000a, 0x579: 0x000a, 0x57a: 0x0001, 0x57b: 0x0001,
+	0x57c: 0x0001, 0x57d: 0x000c, 0x57e: 0x0001, 0x57f: 0x0001,
+	// Block 0x16, offset 0x580
+	0x580: 0x0001, 0x581: 0x0001, 0x582: 0x0001, 0x583: 0x0001, 0x584: 0x0001, 0x585: 0x0001,
+	0x586: 0x0001, 0x587: 0x0001, 0x588: 0x0001, 0x589: 0x0001, 0x58a: 0x0001, 0x58b: 0x0001,
+	0x58c: 0x0001, 0x58d: 0x0001, 0x58e: 0x0001, 0x58f: 0x0001, 0x590: 0x0001, 0x591: 0x0001,
+	0x592: 0x0001, 0x593: 0x0001, 0x594: 0x0001, 0x595: 0x0001, 0x596: 0x000c, 0x597: 0x000c,
+	0x598: 0x000c, 0x599: 0x000c, 0x59a: 0x0001, 0x59b: 0x000c, 0x59c: 0x000c, 0x59d: 0x000c,
+	0x59e: 0x000c, 0x59f: 0x000c, 0x5a0: 0x000c, 0x5a1: 0x000c, 0x5a2: 0x000c, 0x5a3: 0x000c,
+	0x5a4: 0x0001, 0x5a5: 0x000c, 0x5a6: 0x000c, 0x5a7: 0x000c, 0x5a8: 0x0001, 0x5a9: 0x000c,
+	0x5aa: 0x000c, 0x5ab: 0x000c, 0x5ac: 0x000c, 0x5ad: 0x000c, 0x5ae: 0x0001, 0x5af: 0x0001,
+	0x5b0: 0x0001, 0x5b1: 0x0001, 0x5b2: 0x0001, 0x5b3: 0x0001, 0x5b4: 0x0001, 0x5b5: 0x0001,
+	0x5b6: 0x0001, 0x5b7: 0x0001, 0x5b8: 0x0001, 0x5b9: 0x0001, 0x5ba: 0x0001, 0x5bb: 0x0001,
+	0x5bc: 0x0001, 0x5bd: 0x0001, 0x5be: 0x0001, 0x5bf: 0x0001,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x0001, 0x5c1: 0x0001, 0x5c2: 0x0001, 0x5c3: 0x0001, 0x5c4: 0x0001, 0x5c5: 0x0001,
+	0x5c6: 0x0001, 0x5c7: 0x0001, 0x5c8: 0x0001, 0x5c9: 0x0001, 0x5ca: 0x0001, 0x5cb: 0x0001,
+	0x5cc: 0x0001, 0x5cd: 0x0001, 0x5ce: 0x0001, 0x5cf: 0x0001, 0x5d0: 0x0001, 0x5d1: 0x0001,
+	0x5d2: 0x0001, 0x5d3: 0x0001, 0x5d4: 0x0001, 0x5d5: 0x0001, 0x5d6: 0x0001, 0x5d7: 0x0001,
+	0x5d8: 0x0001, 0x5d9: 0x000c, 0x5da: 0x000c, 0x5db: 0x000c, 0x5dc: 0x0001, 0x5dd: 0x0001,
+	0x5de: 0x0001, 0x5df: 0x0001, 0x5e0: 0x000d, 0x5e1: 0x000d, 0x5e2: 0x000d, 0x5e3: 0x000d,
+	0x5e4: 0x000d, 0x5e5: 0x000d, 0x5e6: 0x000d, 0x5e7: 0x000d, 0x5e8: 0x000d, 0x5e9: 0x000d,
+	0x5ea: 0x000d, 0x5eb: 0x000d, 0x5ec: 0x000d, 0x5ed: 0x000d, 0x5ee: 0x000d, 0x5ef: 0x000d,
+	0x5f0: 0x0001, 0x5f1: 0x0001, 0x5f2: 0x0001, 0x5f3: 0x0001, 0x5f4: 0x0001, 0x5f5: 0x0001,
+	0x5f6: 0x0001, 0x5f7: 0x0001, 0x5f8: 0x0001, 0x5f9: 0x0001, 0x5fa: 0x0001, 0x5fb: 0x0001,
+	0x5fc: 0x0001, 0x5fd: 0x0001, 0x5fe: 0x0001, 0x5ff: 0x0001,
+	// Block 0x18, offset 0x600
+	0x600: 0x0001, 0x601: 0x0001, 0x602: 0x0001, 0x603: 0x0001, 0x604: 0x0001, 0x605: 0x0001,
+	0x606: 0x0001, 0x607: 0x0001, 0x608: 0x0001, 0x609: 0x0001, 0x60a: 0x0001, 0x60b: 0x0001,
+	0x60c: 0x0001, 0x60d: 0x0001, 0x60e: 0x0001, 0x60f: 0x0001, 0x610: 0x0001, 0x611: 0x0001,
+	0x612: 0x0001, 0x613: 0x0001, 0x614: 0x0001, 0x615: 0x0001, 0x616: 0x0001, 0x617: 0x0001,
+	0x618: 0x0001, 0x619: 0x0001, 0x61a: 0x0001, 0x61b: 0x0001, 0x61c: 0x0001, 0x61d: 0x0001,
+	0x61e: 0x0001, 0x61f: 0x0001, 0x620: 0x000d, 0x621: 0x000d, 0x622: 0x000d, 0x623: 0x000d,
+	0x624: 0x000d, 0x625: 0x000d, 0x626: 0x000d, 0x627: 0x000d, 0x628: 0x000d, 0x629: 0x000d,
+	0x62a: 0x000d, 0x62b: 0x000d, 0x62c: 0x000d, 0x62d: 0x000d, 0x62e: 0x000d, 0x62f: 0x000d,
+	0x630: 0x000d, 0x631: 0x000d, 0x632: 0x000d, 0x633: 0x000d, 0x634: 0x000d, 0x635: 0x000d,
+	0x636: 0x000d, 0x637: 0x000d, 0x638: 0x000d, 0x639: 0x000d, 0x63a: 0x000d, 0x63b: 0x000d,
+	0x63c: 0x000d, 0x63d: 0x000d, 0x63e: 0x000d, 0x63f: 0x000d,
+	// Block 0x19, offset 0x640
+	0x640: 0x000d, 0x641: 0x000d, 0x642: 0x000d, 0x643: 0x000d, 0x644: 0x000d, 0x645: 0x000d,
+	0x646: 0x000d, 0x647: 0x000d, 0x648: 0x000d, 0x649: 0x000d, 0x64a: 0x000d, 0x64b: 0x000d,
+	0x64c: 0x000d, 0x64d: 0x000d, 0x64e: 0x000d, 0x64f: 0x000d, 0x650: 0x000d, 0x651: 0x000d,
+	0x652: 0x000d, 0x653: 0x000c, 0x654: 0x000c, 0x655: 0x000c, 0x656: 0x000c, 0x657: 0x000c,
+	0x658: 0x000c, 0x659: 0x000c, 0x65a: 0x000c, 0x65b: 0x000c, 0x65c: 0x000c, 0x65d: 0x000c,
+	0x65e: 0x000c, 0x65f: 0x000c, 0x660: 0x000c, 0x661: 0x000c, 0x662: 0x0005, 0x663: 0x000c,
+	0x664: 0x000c, 0x665: 0x000c, 0x666: 0x000c, 0x667: 0x000c, 0x668: 0x000c, 0x669: 0x000c,
+	0x66a: 0x000c, 0x66b: 0x000c, 0x66c: 0x000c, 0x66d: 0x000c, 0x66e: 0x000c, 0x66f: 0x000c,
+	0x670: 0x000c, 0x671: 0x000c, 0x672: 0x000c, 0x673: 0x000c, 0x674: 0x000c, 0x675: 0x000c,
+	0x676: 0x000c, 0x677: 0x000c, 0x678: 0x000c, 0x679: 0x000c, 0x67a: 0x000c, 0x67b: 0x000c,
+	0x67c: 0x000c, 0x67d: 0x000c, 0x67e: 0x000c, 0x67f: 0x000c,
+	// Block 0x1a, offset 0x680
+	0x680: 0x000c, 0x681: 0x000c, 0x682: 0x000c,
+	0x6ba: 0x000c,
+	0x6bc: 0x000c,
+	// Block 0x1b, offset 0x6c0
+	0x6c1: 0x000c, 0x6c2: 0x000c, 0x6c3: 0x000c, 0x6c4: 0x000c, 0x6c5: 0x000c,
+	0x6c6: 0x000c, 0x6c7: 0x000c, 0x6c8: 0x000c,
+	0x6cd: 0x000c, 0x6d1: 0x000c,
+	0x6d2: 0x000c, 0x6d3: 0x000c, 0x6d4: 0x000c, 0x6d5: 0x000c, 0x6d6: 0x000c, 0x6d7: 0x000c,
+	0x6e2: 0x000c, 0x6e3: 0x000c,
+	// Block 0x1c, offset 0x700
+	0x701: 0x000c,
+	0x73c: 0x000c,
+	// Block 0x1d, offset 0x740
+	0x741: 0x000c, 0x742: 0x000c, 0x743: 0x000c, 0x744: 0x000c,
+	0x74d: 0x000c,
+	0x762: 0x000c, 0x763: 0x000c,
+	0x772: 0x0004, 0x773: 0x0004,
+	0x77b: 0x0004,
+	0x77e: 0x000c,
+	// Block 0x1e, offset 0x780
+	0x781: 0x000c, 0x782: 0x000c,
+	0x7bc: 0x000c,
+	// Block 0x1f, offset 0x7c0
+	0x7c1: 0x000c, 0x7c2: 0x000c,
+	0x7c7: 0x000c, 0x7c8: 0x000c, 0x7cb: 0x000c,
+	0x7cc: 0x000c, 0x7cd: 0x000c, 0x7d1: 0x000c,
+	0x7f0: 0x000c, 0x7f1: 0x000c, 0x7f5: 0x000c,
+	// Block 0x20, offset 0x800
+	0x801: 0x000c, 0x802: 0x000c, 0x803: 0x000c, 0x804: 0x000c, 0x805: 0x000c,
+	0x807: 0x000c, 0x808: 0x000c,
+	0x80d: 0x000c,
+	0x822: 0x000c, 0x823: 0x000c,
+	0x831: 0x0004,
+	0x83a: 0x000c, 0x83b: 0x000c,
+	0x83c: 0x000c, 0x83d: 0x000c, 0x83e: 0x000c, 0x83f: 0x000c,
+	// Block 0x21, offset 0x840
+	0x841: 0x000c,
+	0x87c: 0x000c, 0x87f: 0x000c,
+	// Block 0x22, offset 0x880
+	0x881: 0x000c, 0x882: 0x000c, 0x883: 0x000c, 0x884: 0x000c,
+	0x88d: 0x000c,
+	0x896: 0x000c,
+	0x8a2: 0x000c, 0x8a3: 0x000c,
+	// Block 0x23, offset 0x8c0
+	0x8c2: 0x000c,
+	// Block 0x24, offset 0x900
+	0x900: 0x000c,
+	0x90d: 0x000c,
+	0x933: 0x000a, 0x934: 0x000a, 0x935: 0x000a,
+	0x936: 0x000a, 0x937: 0x000a, 0x938: 0x000a, 0x939: 0x0004, 0x93a: 0x000a,
+	// Block 0x25, offset 0x940
+	0x940: 0x000c, 0x944: 0x000c,
+	0x97e: 0x000c, 0x97f: 0x000c,
+	// Block 0x26, offset 0x980
+	0x980: 0x000c,
+	0x986: 0x000c, 0x987: 0x000c, 0x988: 0x000c, 0x98a: 0x000c, 0x98b: 0x000c,
+	0x98c: 0x000c, 0x98d: 0x000c,
+	0x995: 0x000c, 0x996: 0x000c,
+	0x9a2: 0x000c, 0x9a3: 0x000c,
+	0x9b8: 0x000a, 0x9b9: 0x000a, 0x9ba: 0x000a, 0x9bb: 0x000a,
+	0x9bc: 0x000a, 0x9bd: 0x000a, 0x9be: 0x000a,
+	// Block 0x27, offset 0x9c0
+	0x9cc: 0x000c, 0x9cd: 0x000c,
+	0x9e2: 0x000c, 0x9e3: 0x000c,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x000c, 0xa01: 0x000c,
+	0xa3b: 0x000c,
+	0xa3c: 0x000c,
+	// Block 0x29, offset 0xa40
+	0xa41: 0x000c, 0xa42: 0x000c, 0xa43: 0x000c, 0xa44: 0x000c,
+	0xa4d: 0x000c,
+	0xa62: 0x000c, 0xa63: 0x000c,
+	// Block 0x2a, offset 0xa80
+	0xa8a: 0x000c,
+	0xa92: 0x000c, 0xa93: 0x000c, 0xa94: 0x000c, 0xa96: 0x000c,
+	// Block 0x2b, offset 0xac0
+	0xaf1: 0x000c, 0xaf4: 0x000c, 0xaf5: 0x000c,
+	0xaf6: 0x000c, 0xaf7: 0x000c, 0xaf8: 0x000c, 0xaf9: 0x000c, 0xafa: 0x000c,
+	0xaff: 0x0004,
+	// Block 0x2c, offset 0xb00
+	0xb07: 0x000c, 0xb08: 0x000c, 0xb09: 0x000c, 0xb0a: 0x000c, 0xb0b: 0x000c,
+	0xb0c: 0x000c, 0xb0d: 0x000c, 0xb0e: 0x000c,
+	// Block 0x2d, offset 0xb40
+	0xb71: 0x000c, 0xb74: 0x000c, 0xb75: 0x000c,
+	0xb76: 0x000c, 0xb77: 0x000c, 0xb78: 0x000c, 0xb79: 0x000c, 0xb7a: 0x000c, 0xb7b: 0x000c,
+	0xb7c: 0x000c,
+	// Block 0x2e, offset 0xb80
+	0xb88: 0x000c, 0xb89: 0x000c, 0xb8a: 0x000c, 0xb8b: 0x000c,
+	0xb8c: 0x000c, 0xb8d: 0x000c,
+	// Block 0x2f, offset 0xbc0
+	0xbd8: 0x000c, 0xbd9: 0x000c,
+	0xbf5: 0x000c,
+	0xbf7: 0x000c, 0xbf9: 0x000c, 0xbfa: 0x003a, 0xbfb: 0x002a,
+	0xbfc: 0x003a, 0xbfd: 0x002a,
+	// Block 0x30, offset 0xc00
+	0xc31: 0x000c, 0xc32: 0x000c, 0xc33: 0x000c, 0xc34: 0x000c, 0xc35: 0x000c,
+	0xc36: 0x000c, 0xc37: 0x000c, 0xc38: 0x000c, 0xc39: 0x000c, 0xc3a: 0x000c, 0xc3b: 0x000c,
+	0xc3c: 0x000c, 0xc3d: 0x000c, 0xc3e: 0x000c,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x000c, 0xc41: 0x000c, 0xc42: 0x000c, 0xc43: 0x000c, 0xc44: 0x000c,
+	0xc46: 0x000c, 0xc47: 0x000c,
+	0xc4d: 0x000c, 0xc4e: 0x000c, 0xc4f: 0x000c, 0xc50: 0x000c, 0xc51: 0x000c,
+	0xc52: 0x000c, 0xc53: 0x000c, 0xc54: 0x000c, 0xc55: 0x000c, 0xc56: 0x000c, 0xc57: 0x000c,
+	0xc59: 0x000c, 0xc5a: 0x000c, 0xc5b: 0x000c, 0xc5c: 0x000c, 0xc5d: 0x000c,
+	0xc5e: 0x000c, 0xc5f: 0x000c, 0xc60: 0x000c, 0xc61: 0x000c, 0xc62: 0x000c, 0xc63: 0x000c,
+	0xc64: 0x000c, 0xc65: 0x000c, 0xc66: 0x000c, 0xc67: 0x000c, 0xc68: 0x000c, 0xc69: 0x000c,
+	0xc6a: 0x000c, 0xc6b: 0x000c, 0xc6c: 0x000c, 0xc6d: 0x000c, 0xc6e: 0x000c, 0xc6f: 0x000c,
+	0xc70: 0x000c, 0xc71: 0x000c, 0xc72: 0x000c, 0xc73: 0x000c, 0xc74: 0x000c, 0xc75: 0x000c,
+	0xc76: 0x000c, 0xc77: 0x000c, 0xc78: 0x000c, 0xc79: 0x000c, 0xc7a: 0x000c, 0xc7b: 0x000c,
+	0xc7c: 0x000c,
+	// Block 0x32, offset 0xc80
+	0xc86: 0x000c,
+	// Block 0x33, offset 0xcc0
+	0xced: 0x000c, 0xcee: 0x000c, 0xcef: 0x000c,
+	0xcf0: 0x000c, 0xcf2: 0x000c, 0xcf3: 0x000c, 0xcf4: 0x000c, 0xcf5: 0x000c,
+	0xcf6: 0x000c, 0xcf7: 0x000c, 0xcf9: 0x000c, 0xcfa: 0x000c,
+	0xcfd: 0x000c, 0xcfe: 0x000c,
+	// Block 0x34, offset 0xd00
+	0xd18: 0x000c, 0xd19: 0x000c,
+	0xd1e: 0x000c, 0xd1f: 0x000c, 0xd20: 0x000c,
+	0xd31: 0x000c, 0xd32: 0x000c, 0xd33: 0x000c, 0xd34: 0x000c,
+	// Block 0x35, offset 0xd40
+	0xd42: 0x000c, 0xd45: 0x000c,
+	0xd46: 0x000c,
+	0xd4d: 0x000c,
+	0xd5d: 0x000c,
+	// Block 0x36, offset 0xd80
+	0xd9d: 0x000c,
+	0xd9e: 0x000c, 0xd9f: 0x000c,
+	// Block 0x37, offset 0xdc0
+	0xdd0: 0x000a, 0xdd1: 0x000a,
+	0xdd2: 0x000a, 0xdd3: 0x000a, 0xdd4: 0x000a, 0xdd5: 0x000a, 0xdd6: 0x000a, 0xdd7: 0x000a,
+	0xdd8: 0x000a, 0xdd9: 0x000a,
+	// Block 0x38, offset 0xe00
+	0xe00: 0x000a,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x0009,
+	0xe5b: 0x007a, 0xe5c: 0x006a,
+	// Block 0x3a, offset 0xe80
+	0xe92: 0x000c, 0xe93: 0x000c, 0xe94: 0x000c,
+	0xeb2: 0x000c, 0xeb3: 0x000c, 0xeb4: 0x000c,
+	// Block 0x3b, offset 0xec0
+	0xed2: 0x000c, 0xed3: 0x000c,
+	0xef2: 0x000c, 0xef3: 0x000c,
+	// Block 0x3c, offset 0xf00
+	0xf34: 0x000c, 0xf35: 0x000c,
+	0xf37: 0x000c, 0xf38: 0x000c, 0xf39: 0x000c, 0xf3a: 0x000c, 0xf3b: 0x000c,
+	0xf3c: 0x000c, 0xf3d: 0x000c,
+	// Block 0x3d, offset 0xf40
+	0xf46: 0x000c, 0xf49: 0x000c, 0xf4a: 0x000c, 0xf4b: 0x000c,
+	0xf4c: 0x000c, 0xf4d: 0x000c, 0xf4e: 0x000c, 0xf4f: 0x000c, 0xf50: 0x000c, 0xf51: 0x000c,
+	0xf52: 0x000c, 0xf53: 0x000c,
+	0xf5b: 0x0004, 0xf5d: 0x000c,
+	0xf70: 0x000a, 0xf71: 0x000a, 0xf72: 0x000a, 0xf73: 0x000a, 0xf74: 0x000a, 0xf75: 0x000a,
+	0xf76: 0x000a, 0xf77: 0x000a, 0xf78: 0x000a, 0xf79: 0x000a,
+	// Block 0x3e, offset 0xf80
+	0xf80: 0x000a, 0xf81: 0x000a, 0xf82: 0x000a, 0xf83: 0x000a, 0xf84: 0x000a, 0xf85: 0x000a,
+	0xf86: 0x000a, 0xf87: 0x000a, 0xf88: 0x000a, 0xf89: 0x000a, 0xf8a: 0x000a, 0xf8b: 0x000c,
+	0xf8c: 0x000c, 0xf8d: 0x000c, 0xf8e: 0x000b,
+	// Block 0x3f, offset 0xfc0
+	0xfc5: 0x000c,
+	0xfc6: 0x000c,
+	0xfe9: 0x000c,
+	// Block 0x40, offset 0x1000
+	0x1020: 0x000c, 0x1021: 0x000c, 0x1022: 0x000c,
+	0x1027: 0x000c, 0x1028: 0x000c,
+	0x1032: 0x000c,
+	0x1039: 0x000c, 0x103a: 0x000c, 0x103b: 0x000c,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x000a, 0x1044: 0x000a, 0x1045: 0x000a,
+	// Block 0x42, offset 0x1080
+	0x109e: 0x000a, 0x109f: 0x000a, 0x10a0: 0x000a, 0x10a1: 0x000a, 0x10a2: 0x000a, 0x10a3: 0x000a,
+	0x10a4: 0x000a, 0x10a5: 0x000a, 0x10a6: 0x000a, 0x10a7: 0x000a, 0x10a8: 0x000a, 0x10a9: 0x000a,
+	0x10aa: 0x000a, 0x10ab: 0x000a, 0x10ac: 0x000a, 0x10ad: 0x000a, 0x10ae: 0x000a, 0x10af: 0x000a,
+	0x10b0: 0x000a, 0x10b1: 0x000a, 0x10b2: 0x000a, 0x10b3: 0x000a, 0x10b4: 0x000a, 0x10b5: 0x000a,
+	0x10b6: 0x000a, 0x10b7: 0x000a, 0x10b8: 0x000a, 0x10b9: 0x000a, 0x10ba: 0x000a, 0x10bb: 0x000a,
+	0x10bc: 0x000a, 0x10bd: 0x000a, 0x10be: 0x000a, 0x10bf: 0x000a,
+	// Block 0x43, offset 0x10c0
+	0x10d7: 0x000c,
+	0x10d8: 0x000c, 0x10db: 0x000c,
+	// Block 0x44, offset 0x1100
+	0x1116: 0x000c,
+	0x1118: 0x000c, 0x1119: 0x000c, 0x111a: 0x000c, 0x111b: 0x000c, 0x111c: 0x000c, 0x111d: 0x000c,
+	0x111e: 0x000c, 0x1120: 0x000c, 0x1122: 0x000c,
+	0x1125: 0x000c, 0x1126: 0x000c, 0x1127: 0x000c, 0x1128: 0x000c, 0x1129: 0x000c,
+	0x112a: 0x000c, 0x112b: 0x000c, 0x112c: 0x000c,
+	0x1133: 0x000c, 0x1134: 0x000c, 0x1135: 0x000c,
+	0x1136: 0x000c, 0x1137: 0x000c, 0x1138: 0x000c, 0x1139: 0x000c, 0x113a: 0x000c, 0x113b: 0x000c,
+	0x113c: 0x000c, 0x113f: 0x000c,
+	// Block 0x45, offset 0x1140
+	0x1170: 0x000c, 0x1171: 0x000c, 0x1172: 0x000c, 0x1173: 0x000c, 0x1174: 0x000c, 0x1175: 0x000c,
+	0x1176: 0x000c, 0x1177: 0x000c, 0x1178: 0x000c, 0x1179: 0x000c, 0x117a: 0x000c, 0x117b: 0x000c,
+	0x117c: 0x000c, 0x117d: 0x000c, 0x117e: 0x000c,
+	// Block 0x46, offset 0x1180
+	0x1180: 0x000c, 0x1181: 0x000c, 0x1182: 0x000c, 0x1183: 0x000c,
+	0x11b4: 0x000c,
+	0x11b6: 0x000c, 0x11b7: 0x000c, 0x11b8: 0x000c, 0x11b9: 0x000c, 0x11ba: 0x000c,
+	0x11bc: 0x000c,
+	// Block 0x47, offset 0x11c0
+	0x11c2: 0x000c,
+	0x11eb: 0x000c, 0x11ec: 0x000c, 0x11ed: 0x000c, 0x11ee: 0x000c, 0x11ef: 0x000c,
+	0x11f0: 0x000c, 0x11f1: 0x000c, 0x11f2: 0x000c, 0x11f3: 0x000c,
+	// Block 0x48, offset 0x1200
+	0x1200: 0x000c, 0x1201: 0x000c,
+	0x1222: 0x000c, 0x1223: 0x000c,
+	0x1224: 0x000c, 0x1225: 0x000c, 0x1228: 0x000c, 0x1229: 0x000c,
+	0x122b: 0x000c, 0x122c: 0x000c, 0x122d: 0x000c,
+	// Block 0x49, offset 0x1240
+	0x1266: 0x000c, 0x1268: 0x000c, 0x1269: 0x000c,
+	0x126d: 0x000c, 0x126f: 0x000c,
+	0x1270: 0x000c, 0x1271: 0x000c,
+	// Block 0x4a, offset 0x1280
+	0x12ac: 0x000c, 0x12ad: 0x000c, 0x12ae: 0x000c, 0x12af: 0x000c,
+	0x12b0: 0x000c, 0x12b1: 0x000c, 0x12b2: 0x000c, 0x12b3: 0x000c,
+	0x12b6: 0x000c, 0x12b7: 0x000c,
+	// Block 0x4b, offset 0x12c0
+	0x12d0: 0x000c, 0x12d1: 0x000c,
+	0x12d2: 0x000c, 0x12d4: 0x000c, 0x12d5: 0x000c, 0x12d6: 0x000c, 0x12d7: 0x000c,
+	0x12d8: 0x000c, 0x12d9: 0x000c, 0x12da: 0x000c, 0x12db: 0x000c, 0x12dc: 0x000c, 0x12dd: 0x000c,
+	0x12de: 0x000c, 0x12df: 0x000c, 0x12e0: 0x000c, 0x12e2: 0x000c, 0x12e3: 0x000c,
+	0x12e4: 0x000c, 0x12e5: 0x000c, 0x12e6: 0x000c, 0x12e7: 0x000c, 0x12e8: 0x000c,
+	0x12ed: 0x000c,
+	0x12f4: 0x000c,
+	0x12f8: 0x000c, 0x12f9: 0x000c,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x000c, 0x1301: 0x000c, 0x1302: 0x000c, 0x1303: 0x000c, 0x1304: 0x000c, 0x1305: 0x000c,
+	0x1306: 0x000c, 0x1307: 0x000c, 0x1308: 0x000c, 0x1309: 0x000c, 0x130a: 0x000c, 0x130b: 0x000c,
+	0x130c: 0x000c, 0x130d: 0x000c, 0x130e: 0x000c, 0x130f: 0x000c, 0x1310: 0x000c, 0x1311: 0x000c,
+	0x1312: 0x000c, 0x1313: 0x000c, 0x1314: 0x000c, 0x1315: 0x000c, 0x1316: 0x000c, 0x1317: 0x000c,
+	0x1318: 0x000c, 0x1319: 0x000c, 0x131a: 0x000c, 0x131b: 0x000c, 0x131c: 0x000c, 0x131d: 0x000c,
+	0x131e: 0x000c, 0x131f: 0x000c, 0x1320: 0x000c, 0x1321: 0x000c, 0x1322: 0x000c, 0x1323: 0x000c,
+	0x1324: 0x000c, 0x1325: 0x000c, 0x1326: 0x000c, 0x1327: 0x000c, 0x1328: 0x000c, 0x1329: 0x000c,
+	0x132a: 0x000c, 0x132b: 0x000c, 0x132c: 0x000c, 0x132d: 0x000c, 0x132e: 0x000c, 0x132f: 0x000c,
+	0x1330: 0x000c, 0x1331: 0x000c, 0x1332: 0x000c, 0x1333: 0x000c, 0x1334: 0x000c, 0x1335: 0x000c,
+	0x1336: 0x000c, 0x1337: 0x000c, 0x1338: 0x000c, 0x1339: 0x000c, 0x133b: 0x000c,
+	0x133c: 0x000c, 0x133d: 0x000c, 0x133e: 0x000c, 0x133f: 0x000c,
+	// Block 0x4d, offset 0x1340
+	0x137d: 0x000a, 0x137f: 0x000a,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x000a, 0x1381: 0x000a,
+	0x138d: 0x000a, 0x138e: 0x000a, 0x138f: 0x000a,
+	0x139d: 0x000a,
+	0x139e: 0x000a, 0x139f: 0x000a,
+	0x13ad: 0x000a, 0x13ae: 0x000a, 0x13af: 0x000a,
+	0x13bd: 0x000a, 0x13be: 0x000a,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x0009, 0x13c1: 0x0009, 0x13c2: 0x0009, 0x13c3: 0x0009, 0x13c4: 0x0009, 0x13c5: 0x0009,
+	0x13c6: 0x0009, 0x13c7: 0x0009, 0x13c8: 0x0009, 0x13c9: 0x0009, 0x13ca: 0x0009, 0x13cb: 0x000b,
+	0x13cc: 0x000b, 0x13cd: 0x000b, 0x13cf: 0x0001, 0x13d0: 0x000a, 0x13d1: 0x000a,
+	0x13d2: 0x000a, 0x13d3: 0x000a, 0x13d4: 0x000a, 0x13d5: 0x000a, 0x13d6: 0x000a, 0x13d7: 0x000a,
+	0x13d8: 0x000a, 0x13d9: 0x000a, 0x13da: 0x000a, 0x13db: 0x000a, 0x13dc: 0x000a, 0x13dd: 0x000a,
+	0x13de: 0x000a, 0x13df: 0x000a, 0x13e0: 0x000a, 0x13e1: 0x000a, 0x13e2: 0x000a, 0x13e3: 0x000a,
+	0x13e4: 0x000a, 0x13e5: 0x000a, 0x13e6: 0x000a, 0x13e7: 0x000a, 0x13e8: 0x0009, 0x13e9: 0x0007,
+	0x13ea: 0x000e, 0x13eb: 0x000e, 0x13ec: 0x000e, 0x13ed: 0x000e, 0x13ee: 0x000e, 0x13ef: 0x0006,
+	0x13f0: 0x0004, 0x13f1: 0x0004, 0x13f2: 0x0004, 0x13f3: 0x0004, 0x13f4: 0x0004, 0x13f5: 0x000a,
+	0x13f6: 0x000a, 0x13f7: 0x000a, 0x13f8: 0x000a, 0x13f9: 0x000a, 0x13fa: 0x000a, 0x13fb: 0x000a,
+	0x13fc: 0x000a, 0x13fd: 0x000a, 0x13fe: 0x000a, 0x13ff: 0x000a,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x000a, 0x1401: 0x000a, 0x1402: 0x000a, 0x1403: 0x000a, 0x1404: 0x0006, 0x1405: 0x009a,
+	0x1406: 0x008a, 0x1407: 0x000a, 0x1408: 0x000a, 0x1409: 0x000a, 0x140a: 0x000a, 0x140b: 0x000a,
+	0x140c: 0x000a, 0x140d: 0x000a, 0x140e: 0x000a, 0x140f: 0x000a, 0x1410: 0x000a, 0x1411: 0x000a,
+	0x1412: 0x000a, 0x1413: 0x000a, 0x1414: 0x000a, 0x1415: 0x000a, 0x1416: 0x000a, 0x1417: 0x000a,
+	0x1418: 0x000a, 0x1419: 0x000a, 0x141a: 0x000a, 0x141b: 0x000a, 0x141c: 0x000a, 0x141d: 0x000a,
+	0x141e: 0x000a, 0x141f: 0x0009, 0x1420: 0x000b, 0x1421: 0x000b, 0x1422: 0x000b, 0x1423: 0x000b,
+	0x1424: 0x000b, 0x1425: 0x000b, 0x1426: 0x000e, 0x1427: 0x000e, 0x1428: 0x000e, 0x1429: 0x000e,
+	0x142a: 0x000b, 0x142b: 0x000b, 0x142c: 0x000b, 0x142d: 0x000b, 0x142e: 0x000b, 0x142f: 0x000b,
+	0x1430: 0x0002, 0x1434: 0x0002, 0x1435: 0x0002,
+	0x1436: 0x0002, 0x1437: 0x0002, 0x1438: 0x0002, 0x1439: 0x0002, 0x143a: 0x0003, 0x143b: 0x0003,
+	0x143c: 0x000a, 0x143d: 0x009a, 0x143e: 0x008a,
+	// Block 0x51, offset 0x1440
+	0x1440: 0x0002, 0x1441: 0x0002, 0x1442: 0x0002, 0x1443: 0x0002, 0x1444: 0x0002, 0x1445: 0x0002,
+	0x1446: 0x0002, 0x1447: 0x0002, 0x1448: 0x0002, 0x1449: 0x0002, 0x144a: 0x0003, 0x144b: 0x0003,
+	0x144c: 0x000a, 0x144d: 0x009a, 0x144e: 0x008a,
+	0x1460: 0x0004, 0x1461: 0x0004, 0x1462: 0x0004, 0x1463: 0x0004,
+	0x1464: 0x0004, 0x1465: 0x0004, 0x1466: 0x0004, 0x1467: 0x0004, 0x1468: 0x0004, 0x1469: 0x0004,
+	0x146a: 0x0004, 0x146b: 0x0004, 0x146c: 0x0004, 0x146d: 0x0004, 0x146e: 0x0004, 0x146f: 0x0004,
+	0x1470: 0x0004, 0x1471: 0x0004, 0x1472: 0x0004, 0x1473: 0x0004, 0x1474: 0x0004, 0x1475: 0x0004,
+	0x1476: 0x0004, 0x1477: 0x0004, 0x1478: 0x0004, 0x1479: 0x0004, 0x147a: 0x0004, 0x147b: 0x0004,
+	0x147c: 0x0004, 0x147d: 0x0004, 0x147e: 0x0004, 0x147f: 0x0004,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x0004, 0x1481: 0x0004, 0x1482: 0x0004, 0x1483: 0x0004, 0x1484: 0x0004, 0x1485: 0x0004,
+	0x1486: 0x0004, 0x1487: 0x0004, 0x1488: 0x0004, 0x1489: 0x0004, 0x148a: 0x0004, 0x148b: 0x0004,
+	0x148c: 0x0004, 0x148d: 0x0004, 0x148e: 0x0004, 0x148f: 0x0004, 0x1490: 0x000c, 0x1491: 0x000c,
+	0x1492: 0x000c, 0x1493: 0x000c, 0x1494: 0x000c, 0x1495: 0x000c, 0x1496: 0x000c, 0x1497: 0x000c,
+	0x1498: 0x000c, 0x1499: 0x000c, 0x149a: 0x000c, 0x149b: 0x000c, 0x149c: 0x000c, 0x149d: 0x000c,
+	0x149e: 0x000c, 0x149f: 0x000c, 0x14a0: 0x000c, 0x14a1: 0x000c, 0x14a2: 0x000c, 0x14a3: 0x000c,
+	0x14a4: 0x000c, 0x14a5: 0x000c, 0x14a6: 0x000c, 0x14a7: 0x000c, 0x14a8: 0x000c, 0x14a9: 0x000c,
+	0x14aa: 0x000c, 0x14ab: 0x000c, 0x14ac: 0x000c, 0x14ad: 0x000c, 0x14ae: 0x000c, 0x14af: 0x000c,
+	0x14b0: 0x000c,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0x000a, 0x14c1: 0x000a, 0x14c3: 0x000a, 0x14c4: 0x000a, 0x14c5: 0x000a,
+	0x14c6: 0x000a, 0x14c8: 0x000a, 0x14c9: 0x000a,
+	0x14d4: 0x000a, 0x14d6: 0x000a, 0x14d7: 0x000a,
+	0x14d8: 0x000a,
+	0x14de: 0x000a, 0x14df: 0x000a, 0x14e0: 0x000a, 0x14e1: 0x000a, 0x14e2: 0x000a, 0x14e3: 0x000a,
+	0x14e5: 0x000a, 0x14e7: 0x000a, 0x14e9: 0x000a,
+	0x14ee: 0x0004,
+	0x14fa: 0x000a, 0x14fb: 0x000a,
+	// Block 0x54, offset 0x1500
+	0x1500: 0x000a, 0x1501: 0x000a, 0x1502: 0x000a, 0x1503: 0x000a, 0x1504: 0x000a,
+	0x150a: 0x000a, 0x150b: 0x000a,
+	0x150c: 0x000a, 0x150d: 0x000a, 0x1510: 0x000a, 0x1511: 0x000a,
+	0x1512: 0x000a, 0x1513: 0x000a, 0x1514: 0x000a, 0x1515: 0x000a, 0x1516: 0x000a, 0x1517: 0x000a,
+	0x1518: 0x000a, 0x1519: 0x000a, 0x151a: 0x000a, 0x151b: 0x000a, 0x151c: 0x000a, 0x151d: 0x000a,
+	0x151e: 0x000a, 0x151f: 0x000a,
+	// Block 0x55, offset 0x1540
+	0x1549: 0x000a, 0x154a: 0x000a, 0x154b: 0x000a,
+	0x1550: 0x000a, 0x1551: 0x000a,
+	0x1552: 0x000a, 0x1553: 0x000a, 0x1554: 0x000a, 0x1555: 0x000a, 0x1556: 0x000a, 0x1557: 0x000a,
+	0x1558: 0x000a, 0x1559: 0x000a, 0x155a: 0x000a, 0x155b: 0x000a, 0x155c: 0x000a, 0x155d: 0x000a,
+	0x155e: 0x000a, 0x155f: 0x000a, 0x1560: 0x000a, 0x1561: 0x000a, 0x1562: 0x000a, 0x1563: 0x000a,
+	0x1564: 0x000a, 0x1565: 0x000a, 0x1566: 0x000a, 0x1567: 0x000a, 0x1568: 0x000a, 0x1569: 0x000a,
+	0x156a: 0x000a, 0x156b: 0x000a, 0x156c: 0x000a, 0x156d: 0x000a, 0x156e: 0x000a, 0x156f: 0x000a,
+	0x1570: 0x000a, 0x1571: 0x000a, 0x1572: 0x000a, 0x1573: 0x000a, 0x1574: 0x000a, 0x1575: 0x000a,
+	0x1576: 0x000a, 0x1577: 0x000a, 0x1578: 0x000a, 0x1579: 0x000a, 0x157a: 0x000a, 0x157b: 0x000a,
+	0x157c: 0x000a, 0x157d: 0x000a, 0x157e: 0x000a, 0x157f: 0x000a,
+	// Block 0x56, offset 0x1580
+	0x1580: 0x000a, 0x1581: 0x000a, 0x1582: 0x000a, 0x1583: 0x000a, 0x1584: 0x000a, 0x1585: 0x000a,
+	0x1586: 0x000a, 0x1587: 0x000a, 0x1588: 0x000a, 0x1589: 0x000a, 0x158a: 0x000a, 0x158b: 0x000a,
+	0x158c: 0x000a, 0x158d: 0x000a, 0x158e: 0x000a, 0x158f: 0x000a, 0x1590: 0x000a, 0x1591: 0x000a,
+	0x1592: 0x000a, 0x1593: 0x000a, 0x1594: 0x000a, 0x1595: 0x000a, 0x1596: 0x000a, 0x1597: 0x000a,
+	0x1598: 0x000a, 0x1599: 0x000a, 0x159a: 0x000a, 0x159b: 0x000a, 0x159c: 0x000a, 0x159d: 0x000a,
+	0x159e: 0x000a, 0x159f: 0x000a, 0x15a0: 0x000a, 0x15a1: 0x000a, 0x15a2: 0x000a, 0x15a3: 0x000a,
+	0x15a4: 0x000a, 0x15a5: 0x000a, 0x15a6: 0x000a, 0x15a7: 0x000a, 0x15a8: 0x000a, 0x15a9: 0x000a,
+	0x15aa: 0x000a, 0x15ab: 0x000a, 0x15ac: 0x000a, 0x15ad: 0x000a, 0x15ae: 0x000a, 0x15af: 0x000a,
+	0x15b0: 0x000a, 0x15b1: 0x000a, 0x15b2: 0x000a, 0x15b3: 0x000a, 0x15b4: 0x000a, 0x15b5: 0x000a,
+	0x15b6: 0x000a, 0x15b7: 0x000a, 0x15b8: 0x000a, 0x15b9: 0x000a, 0x15ba: 0x000a, 0x15bb: 0x000a,
+	0x15bc: 0x000a, 0x15bd: 0x000a, 0x15be: 0x000a, 0x15bf: 0x000a,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0x000a, 0x15c1: 0x000a, 0x15c2: 0x000a, 0x15c3: 0x000a, 0x15c4: 0x000a, 0x15c5: 0x000a,
+	0x15c6: 0x000a, 0x15c7: 0x000a, 0x15c8: 0x000a, 0x15c9: 0x000a, 0x15ca: 0x000a, 0x15cb: 0x000a,
+	0x15cc: 0x000a, 0x15cd: 0x000a, 0x15ce: 0x000a, 0x15cf: 0x000a, 0x15d0: 0x000a, 0x15d1: 0x000a,
+	0x15d2: 0x0003, 0x15d3: 0x0004, 0x15d4: 0x000a, 0x15d5: 0x000a, 0x15d6: 0x000a, 0x15d7: 0x000a,
+	0x15d8: 0x000a, 0x15d9: 0x000a, 0x15da: 0x000a, 0x15db: 0x000a, 0x15dc: 0x000a, 0x15dd: 0x000a,
+	0x15de: 0x000a, 0x15df: 0x000a, 0x15e0: 0x000a, 0x15e1: 0x000a, 0x15e2: 0x000a, 0x15e3: 0x000a,
+	0x15e4: 0x000a, 0x15e5: 0x000a, 0x15e6: 0x000a, 0x15e7: 0x000a, 0x15e8: 0x000a, 0x15e9: 0x000a,
+	0x15ea: 0x000a, 0x15eb: 0x000a, 0x15ec: 0x000a, 0x15ed: 0x000a, 0x15ee: 0x000a, 0x15ef: 0x000a,
+	0x15f0: 0x000a, 0x15f1: 0x000a, 0x15f2: 0x000a, 0x15f3: 0x000a, 0x15f4: 0x000a, 0x15f5: 0x000a,
+	0x15f6: 0x000a, 0x15f7: 0x000a, 0x15f8: 0x000a, 0x15f9: 0x000a, 0x15fa: 0x000a, 0x15fb: 0x000a,
+	0x15fc: 0x000a, 0x15fd: 0x000a, 0x15fe: 0x000a, 0x15ff: 0x000a,
+	// Block 0x58, offset 0x1600
+	0x1600: 0x000a, 0x1601: 0x000a, 0x1602: 0x000a, 0x1603: 0x000a, 0x1604: 0x000a, 0x1605: 0x000a,
+	0x1606: 0x000a, 0x1607: 0x000a, 0x1608: 0x003a, 0x1609: 0x002a, 0x160a: 0x003a, 0x160b: 0x002a,
+	0x160c: 0x000a, 0x160d: 0x000a, 0x160e: 0x000a, 0x160f: 0x000a, 0x1610: 0x000a, 0x1611: 0x000a,
+	0x1612: 0x000a, 0x1613: 0x000a, 0x1614: 0x000a, 0x1615: 0x000a, 0x1616: 0x000a, 0x1617: 0x000a,
+	0x1618: 0x000a, 0x1619: 0x000a, 0x161a: 0x000a, 0x161b: 0x000a, 0x161c: 0x000a, 0x161d: 0x000a,
+	0x161e: 0x000a, 0x161f: 0x000a, 0x1620: 0x000a, 0x1621: 0x000a, 0x1622: 0x000a, 0x1623: 0x000a,
+	0x1624: 0x000a, 0x1625: 0x000a, 0x1626: 0x000a, 0x1627: 0x000a, 0x1628: 0x000a, 0x1629: 0x009a,
+	0x162a: 0x008a, 0x162b: 0x000a, 0x162c: 0x000a, 0x162d: 0x000a, 0x162e: 0x000a, 0x162f: 0x000a,
+	0x1630: 0x000a, 0x1631: 0x000a, 0x1632: 0x000a, 0x1633: 0x000a, 0x1634: 0x000a, 0x1635: 0x000a,
+	// Block 0x59, offset 0x1640
+	0x167b: 0x000a,
+	0x167c: 0x000a, 0x167d: 0x000a, 0x167e: 0x000a, 0x167f: 0x000a,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x000a, 0x1681: 0x000a, 0x1682: 0x000a, 0x1683: 0x000a, 0x1684: 0x000a, 0x1685: 0x000a,
+	0x1686: 0x000a, 0x1687: 0x000a, 0x1688: 0x000a, 0x1689: 0x000a, 0x168a: 0x000a, 0x168b: 0x000a,
+	0x168c: 0x000a, 0x168d: 0x000a, 0x168e: 0x000a, 0x168f: 0x000a, 0x1690: 0x000a, 0x1691: 0x000a,
+	0x1692: 0x000a, 0x1693: 0x000a, 0x1694: 0x000a, 0x1696: 0x000a, 0x1697: 0x000a,
+	0x1698: 0x000a, 0x1699: 0x000a, 0x169a: 0x000a, 0x169b: 0x000a, 0x169c: 0x000a, 0x169d: 0x000a,
+	0x169e: 0x000a, 0x169f: 0x000a, 0x16a0: 0x000a, 0x16a1: 0x000a, 0x16a2: 0x000a, 0x16a3: 0x000a,
+	0x16a4: 0x000a, 0x16a5: 0x000a, 0x16a6: 0x000a, 0x16a7: 0x000a, 0x16a8: 0x000a, 0x16a9: 0x000a,
+	0x16aa: 0x000a, 0x16ab: 0x000a, 0x16ac: 0x000a, 0x16ad: 0x000a, 0x16ae: 0x000a, 0x16af: 0x000a,
+	0x16b0: 0x000a, 0x16b1: 0x000a, 0x16b2: 0x000a, 0x16b3: 0x000a, 0x16b4: 0x000a, 0x16b5: 0x000a,
+	0x16b6: 0x000a, 0x16b7: 0x000a, 0x16b8: 0x000a, 0x16b9: 0x000a, 0x16ba: 0x000a, 0x16bb: 0x000a,
+	0x16bc: 0x000a, 0x16bd: 0x000a, 0x16be: 0x000a, 0x16bf: 0x000a,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x000a, 0x16c1: 0x000a, 0x16c2: 0x000a, 0x16c3: 0x000a, 0x16c4: 0x000a, 0x16c5: 0x000a,
+	0x16c6: 0x000a, 0x16c7: 0x000a, 0x16c8: 0x000a, 0x16c9: 0x000a, 0x16ca: 0x000a, 0x16cb: 0x000a,
+	0x16cc: 0x000a, 0x16cd: 0x000a, 0x16ce: 0x000a, 0x16cf: 0x000a, 0x16d0: 0x000a, 0x16d1: 0x000a,
+	0x16d2: 0x000a, 0x16d3: 0x000a, 0x16d4: 0x000a, 0x16d5: 0x000a, 0x16d6: 0x000a, 0x16d7: 0x000a,
+	0x16d8: 0x000a, 0x16d9: 0x000a, 0x16da: 0x000a, 0x16db: 0x000a, 0x16dc: 0x000a, 0x16dd: 0x000a,
+	0x16de: 0x000a, 0x16df: 0x000a, 0x16e0: 0x000a, 0x16e1: 0x000a, 0x16e2: 0x000a, 0x16e3: 0x000a,
+	0x16e4: 0x000a, 0x16e5: 0x000a, 0x16e6: 0x000a,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x000a, 0x1701: 0x000a, 0x1702: 0x000a, 0x1703: 0x000a, 0x1704: 0x000a, 0x1705: 0x000a,
+	0x1706: 0x000a, 0x1707: 0x000a, 0x1708: 0x000a, 0x1709: 0x000a, 0x170a: 0x000a,
+	0x1720: 0x000a, 0x1721: 0x000a, 0x1722: 0x000a, 0x1723: 0x000a,
+	0x1724: 0x000a, 0x1725: 0x000a, 0x1726: 0x000a, 0x1727: 0x000a, 0x1728: 0x000a, 0x1729: 0x000a,
+	0x172a: 0x000a, 0x172b: 0x000a, 0x172c: 0x000a, 0x172d: 0x000a, 0x172e: 0x000a, 0x172f: 0x000a,
+	0x1730: 0x000a, 0x1731: 0x000a, 0x1732: 0x000a, 0x1733: 0x000a, 0x1734: 0x000a, 0x1735: 0x000a,
+	0x1736: 0x000a, 0x1737: 0x000a, 0x1738: 0x000a, 0x1739: 0x000a, 0x173a: 0x000a, 0x173b: 0x000a,
+	0x173c: 0x000a, 0x173d: 0x000a, 0x173e: 0x000a, 0x173f: 0x000a,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x000a, 0x1741: 0x000a, 0x1742: 0x000a, 0x1743: 0x000a, 0x1744: 0x000a, 0x1745: 0x000a,
+	0x1746: 0x000a, 0x1747: 0x000a, 0x1748: 0x0002, 0x1749: 0x0002, 0x174a: 0x0002, 0x174b: 0x0002,
+	0x174c: 0x0002, 0x174d: 0x0002, 0x174e: 0x0002, 0x174f: 0x0002, 0x1750: 0x0002, 0x1751: 0x0002,
+	0x1752: 0x0002, 0x1753: 0x0002, 0x1754: 0x0002, 0x1755: 0x0002, 0x1756: 0x0002, 0x1757: 0x0002,
+	0x1758: 0x0002, 0x1759: 0x0002, 0x175a: 0x0002, 0x175b: 0x0002,
+	// Block 0x5e, offset 0x1780
+	0x17aa: 0x000a, 0x17ab: 0x000a, 0x17ac: 0x000a, 0x17ad: 0x000a, 0x17ae: 0x000a, 0x17af: 0x000a,
+	0x17b0: 0x000a, 0x17b1: 0x000a, 0x17b2: 0x000a, 0x17b3: 0x000a, 0x17b4: 0x000a, 0x17b5: 0x000a,
+	0x17b6: 0x000a, 0x17b7: 0x000a, 0x17b8: 0x000a, 0x17b9: 0x000a, 0x17ba: 0x000a, 0x17bb: 0x000a,
+	0x17bc: 0x000a, 0x17bd: 0x000a, 0x17be: 0x000a, 0x17bf: 0x000a,
+	// Block 0x5f, offset 0x17c0
+	0x17c0: 0x000a, 0x17c1: 0x000a, 0x17c2: 0x000a, 0x17c3: 0x000a, 0x17c4: 0x000a, 0x17c5: 0x000a,
+	0x17c6: 0x000a, 0x17c7: 0x000a, 0x17c8: 0x000a, 0x17c9: 0x000a, 0x17ca: 0x000a, 0x17cb: 0x000a,
+	0x17cc: 0x000a, 0x17cd: 0x000a, 0x17ce: 0x000a, 0x17cf: 0x000a, 0x17d0: 0x000a, 0x17d1: 0x000a,
+	0x17d2: 0x000a, 0x17d3: 0x000a, 0x17d4: 0x000a, 0x17d5: 0x000a, 0x17d6: 0x000a, 0x17d7: 0x000a,
+	0x17d8: 0x000a, 0x17d9: 0x000a, 0x17da: 0x000a, 0x17db: 0x000a, 0x17dc: 0x000a, 0x17dd: 0x000a,
+	0x17de: 0x000a, 0x17df: 0x000a, 0x17e0: 0x000a, 0x17e1: 0x000a, 0x17e2: 0x000a, 0x17e3: 0x000a,
+	0x17e4: 0x000a, 0x17e5: 0x000a, 0x17e6: 0x000a, 0x17e7: 0x000a, 0x17e8: 0x000a, 0x17e9: 0x000a,
+	0x17ea: 0x000a, 0x17eb: 0x000a, 0x17ed: 0x000a, 0x17ee: 0x000a, 0x17ef: 0x000a,
+	0x17f0: 0x000a, 0x17f1: 0x000a, 0x17f2: 0x000a, 0x17f3: 0x000a, 0x17f4: 0x000a, 0x17f5: 0x000a,
+	0x17f6: 0x000a, 0x17f7: 0x000a, 0x17f8: 0x000a, 0x17f9: 0x000a, 0x17fa: 0x000a, 0x17fb: 0x000a,
+	0x17fc: 0x000a, 0x17fd: 0x000a, 0x17fe: 0x000a, 0x17ff: 0x000a,
+	// Block 0x60, offset 0x1800
+	0x1800: 0x000a, 0x1801: 0x000a, 0x1802: 0x000a, 0x1803: 0x000a, 0x1804: 0x000a, 0x1805: 0x000a,
+	0x1806: 0x000a, 0x1807: 0x000a, 0x1808: 0x000a, 0x1809: 0x000a, 0x180a: 0x000a, 0x180b: 0x000a,
+	0x180c: 0x000a, 0x180d: 0x000a, 0x180e: 0x000a, 0x180f: 0x000a, 0x1810: 0x000a, 0x1811: 0x000a,
+	0x1812: 0x000a, 0x1813: 0x000a, 0x1814: 0x000a, 0x1815: 0x000a, 0x1816: 0x000a, 0x1817: 0x000a,
+	0x1818: 0x000a, 0x1819: 0x000a, 0x181a: 0x000a, 0x181b: 0x000a, 0x181c: 0x000a, 0x181d: 0x000a,
+	0x181e: 0x000a, 0x181f: 0x000a, 0x1820: 0x000a, 0x1821: 0x000a, 0x1822: 0x000a, 0x1823: 0x000a,
+	0x1824: 0x000a, 0x1825: 0x000a, 0x1826: 0x000a, 0x1827: 0x000a, 0x1828: 0x003a, 0x1829: 0x002a,
+	0x182a: 0x003a, 0x182b: 0x002a, 0x182c: 0x003a, 0x182d: 0x002a, 0x182e: 0x003a, 0x182f: 0x002a,
+	0x1830: 0x003a, 0x1831: 0x002a, 0x1832: 0x003a, 0x1833: 0x002a, 0x1834: 0x003a, 0x1835: 0x002a,
+	0x1836: 0x000a, 0x1837: 0x000a, 0x1838: 0x000a, 0x1839: 0x000a, 0x183a: 0x000a, 0x183b: 0x000a,
+	0x183c: 0x000a, 0x183d: 0x000a, 0x183e: 0x000a, 0x183f: 0x000a,
+	// Block 0x61, offset 0x1840
+	0x1840: 0x000a, 0x1841: 0x000a, 0x1842: 0x000a, 0x1843: 0x000a, 0x1844: 0x000a, 0x1845: 0x009a,
+	0x1846: 0x008a, 0x1847: 0x000a, 0x1848: 0x000a, 0x1849: 0x000a, 0x184a: 0x000a, 0x184b: 0x000a,
+	0x184c: 0x000a, 0x184d: 0x000a, 0x184e: 0x000a, 0x184f: 0x000a, 0x1850: 0x000a, 0x1851: 0x000a,
+	0x1852: 0x000a, 0x1853: 0x000a, 0x1854: 0x000a, 0x1855: 0x000a, 0x1856: 0x000a, 0x1857: 0x000a,
+	0x1858: 0x000a, 0x1859: 0x000a, 0x185a: 0x000a, 0x185b: 0x000a, 0x185c: 0x000a, 0x185d: 0x000a,
+	0x185e: 0x000a, 0x185f: 0x000a, 0x1860: 0x000a, 0x1861: 0x000a, 0x1862: 0x000a, 0x1863: 0x000a,
+	0x1864: 0x000a, 0x1865: 0x000a, 0x1866: 0x003a, 0x1867: 0x002a, 0x1868: 0x003a, 0x1869: 0x002a,
+	0x186a: 0x003a, 0x186b: 0x002a, 0x186c: 0x003a, 0x186d: 0x002a, 0x186e: 0x003a, 0x186f: 0x002a,
+	0x1870: 0x000a, 0x1871: 0x000a, 0x1872: 0x000a, 0x1873: 0x000a, 0x1874: 0x000a, 0x1875: 0x000a,
+	0x1876: 0x000a, 0x1877: 0x000a, 0x1878: 0x000a, 0x1879: 0x000a, 0x187a: 0x000a, 0x187b: 0x000a,
+	0x187c: 0x000a, 0x187d: 0x000a, 0x187e: 0x000a, 0x187f: 0x000a,
+	// Block 0x62, offset 0x1880
+	0x1880: 0x000a, 0x1881: 0x000a, 0x1882: 0x000a, 0x1883: 0x007a, 0x1884: 0x006a, 0x1885: 0x009a,
+	0x1886: 0x008a, 0x1887: 0x00ba, 0x1888: 0x00aa, 0x1889: 0x009a, 0x188a: 0x008a, 0x188b: 0x007a,
+	0x188c: 0x006a, 0x188d: 0x00da, 0x188e: 0x002a, 0x188f: 0x003a, 0x1890: 0x00ca, 0x1891: 0x009a,
+	0x1892: 0x008a, 0x1893: 0x007a, 0x1894: 0x006a, 0x1895: 0x009a, 0x1896: 0x008a, 0x1897: 0x00ba,
+	0x1898: 0x00aa, 0x1899: 0x000a, 0x189a: 0x000a, 0x189b: 0x000a, 0x189c: 0x000a, 0x189d: 0x000a,
+	0x189e: 0x000a, 0x189f: 0x000a, 0x18a0: 0x000a, 0x18a1: 0x000a, 0x18a2: 0x000a, 0x18a3: 0x000a,
+	0x18a4: 0x000a, 0x18a5: 0x000a, 0x18a6: 0x000a, 0x18a7: 0x000a, 0x18a8: 0x000a, 0x18a9: 0x000a,
+	0x18aa: 0x000a, 0x18ab: 0x000a, 0x18ac: 0x000a, 0x18ad: 0x000a, 0x18ae: 0x000a, 0x18af: 0x000a,
+	0x18b0: 0x000a, 0x18b1: 0x000a, 0x18b2: 0x000a, 0x18b3: 0x000a, 0x18b4: 0x000a, 0x18b5: 0x000a,
+	0x18b6: 0x000a, 0x18b7: 0x000a, 0x18b8: 0x000a, 0x18b9: 0x000a, 0x18ba: 0x000a, 0x18bb: 0x000a,
+	0x18bc: 0x000a, 0x18bd: 0x000a, 0x18be: 0x000a, 0x18bf: 0x000a,
+	// Block 0x63, offset 0x18c0
+	0x18c0: 0x000a, 0x18c1: 0x000a, 0x18c2: 0x000a, 0x18c3: 0x000a, 0x18c4: 0x000a, 0x18c5: 0x000a,
+	0x18c6: 0x000a, 0x18c7: 0x000a, 0x18c8: 0x000a, 0x18c9: 0x000a, 0x18ca: 0x000a, 0x18cb: 0x000a,
+	0x18cc: 0x000a, 0x18cd: 0x000a, 0x18ce: 0x000a, 0x18cf: 0x000a, 0x18d0: 0x000a, 0x18d1: 0x000a,
+	0x18d2: 0x000a, 0x18d3: 0x000a, 0x18d4: 0x000a, 0x18d5: 0x000a, 0x18d6: 0x000a, 0x18d7: 0x000a,
+	0x18d8: 0x003a, 0x18d9: 0x002a, 0x18da: 0x003a, 0x18db: 0x002a, 0x18dc: 0x000a, 0x18dd: 0x000a,
+	0x18de: 0x000a, 0x18df: 0x000a, 0x18e0: 0x000a, 0x18e1: 0x000a, 0x18e2: 0x000a, 0x18e3: 0x000a,
+	0x18e4: 0x000a, 0x18e5: 0x000a, 0x18e6: 0x000a, 0x18e7: 0x000a, 0x18e8: 0x000a, 0x18e9: 0x000a,
+	0x18ea: 0x000a, 0x18eb: 0x000a, 0x18ec: 0x000a, 0x18ed: 0x000a, 0x18ee: 0x000a, 0x18ef: 0x000a,
+	0x18f0: 0x000a, 0x18f1: 0x000a, 0x18f2: 0x000a, 0x18f3: 0x000a, 0x18f4: 0x000a, 0x18f5: 0x000a,
+	0x18f6: 0x000a, 0x18f7: 0x000a, 0x18f8: 0x000a, 0x18f9: 0x000a, 0x18fa: 0x000a, 0x18fb: 0x000a,
+	0x18fc: 0x003a, 0x18fd: 0x002a, 0x18fe: 0x000a, 0x18ff: 0x000a,
+	// Block 0x64, offset 0x1900
+	0x1900: 0x000a, 0x1901: 0x000a, 0x1902: 0x000a, 0x1903: 0x000a, 0x1904: 0x000a, 0x1905: 0x000a,
+	0x1906: 0x000a, 0x1907: 0x000a, 0x1908: 0x000a, 0x1909: 0x000a, 0x190a: 0x000a, 0x190b: 0x000a,
+	0x190c: 0x000a, 0x190d: 0x000a, 0x190e: 0x000a, 0x190f: 0x000a, 0x1910: 0x000a, 0x1911: 0x000a,
+	0x1912: 0x000a, 0x1913: 0x000a, 0x1914: 0x000a, 0x1915: 0x000a, 0x1916: 0x000a, 0x1917: 0x000a,
+	0x1918: 0x000a, 0x1919: 0x000a, 0x191a: 0x000a, 0x191b: 0x000a, 0x191c: 0x000a, 0x191d: 0x000a,
+	0x191e: 0x000a, 0x191f: 0x000a, 0x1920: 0x000a, 0x1921: 0x000a, 0x1922: 0x000a, 0x1923: 0x000a,
+	0x1924: 0x000a, 0x1925: 0x000a, 0x1926: 0x000a, 0x1927: 0x000a, 0x1928: 0x000a, 0x1929: 0x000a,
+	0x192a: 0x000a, 0x192b: 0x000a, 0x192c: 0x000a, 0x192d: 0x000a, 0x192e: 0x000a, 0x192f: 0x000a,
+	0x1930: 0x000a, 0x1931: 0x000a, 0x1932: 0x000a, 0x1933: 0x000a,
+	0x1936: 0x000a, 0x1937: 0x000a, 0x1938: 0x000a, 0x1939: 0x000a, 0x193a: 0x000a, 0x193b: 0x000a,
+	0x193c: 0x000a, 0x193d: 0x000a, 0x193e: 0x000a, 0x193f: 0x000a,
+	// Block 0x65, offset 0x1940
+	0x1940: 0x000a, 0x1941: 0x000a, 0x1942: 0x000a, 0x1943: 0x000a, 0x1944: 0x000a, 0x1945: 0x000a,
+	0x1946: 0x000a, 0x1947: 0x000a, 0x1948: 0x000a, 0x1949: 0x000a, 0x194a: 0x000a, 0x194b: 0x000a,
+	0x194c: 0x000a, 0x194d: 0x000a, 0x194e: 0x000a, 0x194f: 0x000a, 0x1950: 0x000a, 0x1951: 0x000a,
+	0x1952: 0x000a, 0x1953: 0x000a, 0x1954: 0x000a, 0x1955: 0x000a,
+	0x1958: 0x000a, 0x1959: 0x000a, 0x195a: 0x000a, 0x195b: 0x000a, 0x195c: 0x000a, 0x195d: 0x000a,
+	0x195e: 0x000a, 0x195f: 0x000a, 0x1960: 0x000a, 0x1961: 0x000a, 0x1962: 0x000a, 0x1963: 0x000a,
+	0x1964: 0x000a, 0x1965: 0x000a, 0x1966: 0x000a, 0x1967: 0x000a, 0x1968: 0x000a, 0x1969: 0x000a,
+	0x196a: 0x000a, 0x196b: 0x000a, 0x196c: 0x000a, 0x196d: 0x000a, 0x196e: 0x000a, 0x196f: 0x000a,
+	0x1970: 0x000a, 0x1971: 0x000a, 0x1972: 0x000a, 0x1973: 0x000a, 0x1974: 0x000a, 0x1975: 0x000a,
+	0x1976: 0x000a, 0x1977: 0x000a, 0x1978: 0x000a, 0x1979: 0x000a, 0x197a: 0x000a, 0x197b: 0x000a,
+	0x197c: 0x000a, 0x197d: 0x000a, 0x197e: 0x000a, 0x197f: 0x000a,
+	// Block 0x66, offset 0x1980
+	0x19a5: 0x000a, 0x19a6: 0x000a, 0x19a7: 0x000a, 0x19a8: 0x000a, 0x19a9: 0x000a,
+	0x19aa: 0x000a, 0x19af: 0x000c,
+	0x19b0: 0x000c, 0x19b1: 0x000c,
+	0x19b9: 0x000a, 0x19ba: 0x000a, 0x19bb: 0x000a,
+	0x19bc: 0x000a, 0x19bd: 0x000a, 0x19be: 0x000a, 0x19bf: 0x000a,
+	// Block 0x67, offset 0x19c0
+	0x19ff: 0x000c,
+	// Block 0x68, offset 0x1a00
+	0x1a20: 0x000c, 0x1a21: 0x000c, 0x1a22: 0x000c, 0x1a23: 0x000c,
+	0x1a24: 0x000c, 0x1a25: 0x000c, 0x1a26: 0x000c, 0x1a27: 0x000c, 0x1a28: 0x000c, 0x1a29: 0x000c,
+	0x1a2a: 0x000c, 0x1a2b: 0x000c, 0x1a2c: 0x000c, 0x1a2d: 0x000c, 0x1a2e: 0x000c, 0x1a2f: 0x000c,
+	0x1a30: 0x000c, 0x1a31: 0x000c, 0x1a32: 0x000c, 0x1a33: 0x000c, 0x1a34: 0x000c, 0x1a35: 0x000c,
+	0x1a36: 0x000c, 0x1a37: 0x000c, 0x1a38: 0x000c, 0x1a39: 0x000c, 0x1a3a: 0x000c, 0x1a3b: 0x000c,
+	0x1a3c: 0x000c, 0x1a3d: 0x000c, 0x1a3e: 0x000c, 0x1a3f: 0x000c,
+	// Block 0x69, offset 0x1a40
+	0x1a40: 0x000a, 0x1a41: 0x000a, 0x1a42: 0x000a, 0x1a43: 0x000a, 0x1a44: 0x000a, 0x1a45: 0x000a,
+	0x1a46: 0x000a, 0x1a47: 0x000a, 0x1a48: 0x000a, 0x1a49: 0x000a, 0x1a4a: 0x000a, 0x1a4b: 0x000a,
+	0x1a4c: 0x000a, 0x1a4d: 0x000a, 0x1a4e: 0x000a, 0x1a4f: 0x000a, 0x1a50: 0x000a, 0x1a51: 0x000a,
+	0x1a52: 0x000a, 0x1a53: 0x000a, 0x1a54: 0x000a, 0x1a55: 0x000a, 0x1a56: 0x000a, 0x1a57: 0x000a,
+	0x1a58: 0x000a, 0x1a59: 0x000a, 0x1a5a: 0x000a, 0x1a5b: 0x000a, 0x1a5c: 0x000a, 0x1a5d: 0x000a,
+	0x1a5e: 0x000a, 0x1a5f: 0x000a, 0x1a60: 0x000a, 0x1a61: 0x000a, 0x1a62: 0x003a, 0x1a63: 0x002a,
+	0x1a64: 0x003a, 0x1a65: 0x002a, 0x1a66: 0x003a, 0x1a67: 0x002a, 0x1a68: 0x003a, 0x1a69: 0x002a,
+	0x1a6a: 0x000a, 0x1a6b: 0x000a, 0x1a6c: 0x000a, 0x1a6d: 0x000a, 0x1a6e: 0x000a, 0x1a6f: 0x000a,
+	0x1a70: 0x000a, 0x1a71: 0x000a, 0x1a72: 0x000a, 0x1a73: 0x000a, 0x1a74: 0x000a, 0x1a75: 0x000a,
+	0x1a76: 0x000a, 0x1a77: 0x000a, 0x1a78: 0x000a, 0x1a79: 0x000a, 0x1a7a: 0x000a, 0x1a7b: 0x000a,
+	0x1a7c: 0x000a, 0x1a7d: 0x000a, 0x1a7e: 0x000a, 0x1a7f: 0x000a,
+	// Block 0x6a, offset 0x1a80
+	0x1a80: 0x000a, 0x1a81: 0x000a, 0x1a82: 0x000a, 0x1a83: 0x000a, 0x1a84: 0x000a, 0x1a85: 0x000a,
+	0x1a86: 0x000a, 0x1a87: 0x000a, 0x1a88: 0x000a, 0x1a89: 0x000a, 0x1a8a: 0x000a, 0x1a8b: 0x000a,
+	0x1a8c: 0x000a, 0x1a8d: 0x000a, 0x1a8e: 0x000a, 0x1a8f: 0x000a,
+	// Block 0x6b, offset 0x1ac0
+	0x1ac0: 0x000a, 0x1ac1: 0x000a, 0x1ac2: 0x000a, 0x1ac3: 0x000a, 0x1ac4: 0x000a, 0x1ac5: 0x000a,
+	0x1ac6: 0x000a, 0x1ac7: 0x000a, 0x1ac8: 0x000a, 0x1ac9: 0x000a, 0x1aca: 0x000a, 0x1acb: 0x000a,
+	0x1acc: 0x000a, 0x1acd: 0x000a, 0x1ace: 0x000a, 0x1acf: 0x000a, 0x1ad0: 0x000a, 0x1ad1: 0x000a,
+	0x1ad2: 0x000a, 0x1ad3: 0x000a, 0x1ad4: 0x000a, 0x1ad5: 0x000a, 0x1ad6: 0x000a, 0x1ad7: 0x000a,
+	0x1ad8: 0x000a, 0x1ad9: 0x000a, 0x1adb: 0x000a, 0x1adc: 0x000a, 0x1add: 0x000a,
+	0x1ade: 0x000a, 0x1adf: 0x000a, 0x1ae0: 0x000a, 0x1ae1: 0x000a, 0x1ae2: 0x000a, 0x1ae3: 0x000a,
+	0x1ae4: 0x000a, 0x1ae5: 0x000a, 0x1ae6: 0x000a, 0x1ae7: 0x000a, 0x1ae8: 0x000a, 0x1ae9: 0x000a,
+	0x1aea: 0x000a, 0x1aeb: 0x000a, 0x1aec: 0x000a, 0x1aed: 0x000a, 0x1aee: 0x000a, 0x1aef: 0x000a,
+	0x1af0: 0x000a, 0x1af1: 0x000a, 0x1af2: 0x000a, 0x1af3: 0x000a, 0x1af4: 0x000a, 0x1af5: 0x000a,
+	0x1af6: 0x000a, 0x1af7: 0x000a, 0x1af8: 0x000a, 0x1af9: 0x000a, 0x1afa: 0x000a, 0x1afb: 0x000a,
+	0x1afc: 0x000a, 0x1afd: 0x000a, 0x1afe: 0x000a, 0x1aff: 0x000a,
+	// Block 0x6c, offset 0x1b00
+	0x1b00: 0x000a, 0x1b01: 0x000a, 0x1b02: 0x000a, 0x1b03: 0x000a, 0x1b04: 0x000a, 0x1b05: 0x000a,
+	0x1b06: 0x000a, 0x1b07: 0x000a, 0x1b08: 0x000a, 0x1b09: 0x000a, 0x1b0a: 0x000a, 0x1b0b: 0x000a,
+	0x1b0c: 0x000a, 0x1b0d: 0x000a, 0x1b0e: 0x000a, 0x1b0f: 0x000a, 0x1b10: 0x000a, 0x1b11: 0x000a,
+	0x1b12: 0x000a, 0x1b13: 0x000a, 0x1b14: 0x000a, 0x1b15: 0x000a, 0x1b16: 0x000a, 0x1b17: 0x000a,
+	0x1b18: 0x000a, 0x1b19: 0x000a, 0x1b1a: 0x000a, 0x1b1b: 0x000a, 0x1b1c: 0x000a, 0x1b1d: 0x000a,
+	0x1b1e: 0x000a, 0x1b1f: 0x000a, 0x1b20: 0x000a, 0x1b21: 0x000a, 0x1b22: 0x000a, 0x1b23: 0x000a,
+	0x1b24: 0x000a, 0x1b25: 0x000a, 0x1b26: 0x000a, 0x1b27: 0x000a, 0x1b28: 0x000a, 0x1b29: 0x000a,
+	0x1b2a: 0x000a, 0x1b2b: 0x000a, 0x1b2c: 0x000a, 0x1b2d: 0x000a, 0x1b2e: 0x000a, 0x1b2f: 0x000a,
+	0x1b30: 0x000a, 0x1b31: 0x000a, 0x1b32: 0x000a, 0x1b33: 0x000a,
+	// Block 0x6d, offset 0x1b40
+	0x1b40: 0x000a, 0x1b41: 0x000a, 0x1b42: 0x000a, 0x1b43: 0x000a, 0x1b44: 0x000a, 0x1b45: 0x000a,
+	0x1b46: 0x000a, 0x1b47: 0x000a, 0x1b48: 0x000a, 0x1b49: 0x000a, 0x1b4a: 0x000a, 0x1b4b: 0x000a,
+	0x1b4c: 0x000a, 0x1b4d: 0x000a, 0x1b4e: 0x000a, 0x1b4f: 0x000a, 0x1b50: 0x000a, 0x1b51: 0x000a,
+	0x1b52: 0x000a, 0x1b53: 0x000a, 0x1b54: 0x000a, 0x1b55: 0x000a,
+	0x1b70: 0x000a, 0x1b71: 0x000a, 0x1b72: 0x000a, 0x1b73: 0x000a, 0x1b74: 0x000a, 0x1b75: 0x000a,
+	0x1b76: 0x000a, 0x1b77: 0x000a, 0x1b78: 0x000a, 0x1b79: 0x000a, 0x1b7a: 0x000a, 0x1b7b: 0x000a,
+	// Block 0x6e, offset 0x1b80
+	0x1b80: 0x0009, 0x1b81: 0x000a, 0x1b82: 0x000a, 0x1b83: 0x000a, 0x1b84: 0x000a,
+	0x1b88: 0x003a, 0x1b89: 0x002a, 0x1b8a: 0x003a, 0x1b8b: 0x002a,
+	0x1b8c: 0x003a, 0x1b8d: 0x002a, 0x1b8e: 0x003a, 0x1b8f: 0x002a, 0x1b90: 0x003a, 0x1b91: 0x002a,
+	0x1b92: 0x000a, 0x1b93: 0x000a, 0x1b94: 0x003a, 0x1b95: 0x002a, 0x1b96: 0x003a, 0x1b97: 0x002a,
+	0x1b98: 0x003a, 0x1b99: 0x002a, 0x1b9a: 0x003a, 0x1b9b: 0x002a, 0x1b9c: 0x000a, 0x1b9d: 0x000a,
+	0x1b9e: 0x000a, 0x1b9f: 0x000a, 0x1ba0: 0x000a,
+	0x1baa: 0x000c, 0x1bab: 0x000c, 0x1bac: 0x000c, 0x1bad: 0x000c,
+	0x1bb0: 0x000a,
+	0x1bb6: 0x000a, 0x1bb7: 0x000a,
+	0x1bbd: 0x000a, 0x1bbe: 0x000a, 0x1bbf: 0x000a,
+	// Block 0x6f, offset 0x1bc0
+	0x1bd9: 0x000c, 0x1bda: 0x000c, 0x1bdb: 0x000a, 0x1bdc: 0x000a,
+	0x1be0: 0x000a,
+	// Block 0x70, offset 0x1c00
+	0x1c3b: 0x000a,
+	// Block 0x71, offset 0x1c40
+	0x1c40: 0x000a, 0x1c41: 0x000a, 0x1c42: 0x000a, 0x1c43: 0x000a, 0x1c44: 0x000a, 0x1c45: 0x000a,
+	0x1c46: 0x000a, 0x1c47: 0x000a, 0x1c48: 0x000a, 0x1c49: 0x000a, 0x1c4a: 0x000a, 0x1c4b: 0x000a,
+	0x1c4c: 0x000a, 0x1c4d: 0x000a, 0x1c4e: 0x000a, 0x1c4f: 0x000a, 0x1c50: 0x000a, 0x1c51: 0x000a,
+	0x1c52: 0x000a, 0x1c53: 0x000a, 0x1c54: 0x000a, 0x1c55: 0x000a, 0x1c56: 0x000a, 0x1c57: 0x000a,
+	0x1c58: 0x000a, 0x1c59: 0x000a, 0x1c5a: 0x000a, 0x1c5b: 0x000a, 0x1c5c: 0x000a, 0x1c5d: 0x000a,
+	0x1c5e: 0x000a, 0x1c5f: 0x000a, 0x1c60: 0x000a, 0x1c61: 0x000a, 0x1c62: 0x000a, 0x1c63: 0x000a,
+	// Block 0x72, offset 0x1c80
+	0x1c9d: 0x000a,
+	0x1c9e: 0x000a,
+	// Block 0x73, offset 0x1cc0
+	0x1cd0: 0x000a, 0x1cd1: 0x000a,
+	0x1cd2: 0x000a, 0x1cd3: 0x000a, 0x1cd4: 0x000a, 0x1cd5: 0x000a, 0x1cd6: 0x000a, 0x1cd7: 0x000a,
+	0x1cd8: 0x000a, 0x1cd9: 0x000a, 0x1cda: 0x000a, 0x1cdb: 0x000a, 0x1cdc: 0x000a, 0x1cdd: 0x000a,
+	0x1cde: 0x000a, 0x1cdf: 0x000a,
+	0x1cfc: 0x000a, 0x1cfd: 0x000a, 0x1cfe: 0x000a,
+	// Block 0x74, offset 0x1d00
+	0x1d31: 0x000a, 0x1d32: 0x000a, 0x1d33: 0x000a, 0x1d34: 0x000a, 0x1d35: 0x000a,
+	0x1d36: 0x000a, 0x1d37: 0x000a, 0x1d38: 0x000a, 0x1d39: 0x000a, 0x1d3a: 0x000a, 0x1d3b: 0x000a,
+	0x1d3c: 0x000a, 0x1d3d: 0x000a, 0x1d3e: 0x000a, 0x1d3f: 0x000a,
+	// Block 0x75, offset 0x1d40
+	0x1d4c: 0x000a, 0x1d4d: 0x000a, 0x1d4e: 0x000a, 0x1d4f: 0x000a,
+	// Block 0x76, offset 0x1d80
+	0x1db7: 0x000a, 0x1db8: 0x000a, 0x1db9: 0x000a, 0x1dba: 0x000a,
+	// Block 0x77, offset 0x1dc0
+	0x1dde: 0x000a, 0x1ddf: 0x000a,
+	0x1dff: 0x000a,
+	// Block 0x78, offset 0x1e00
+	0x1e10: 0x000a, 0x1e11: 0x000a,
+	0x1e12: 0x000a, 0x1e13: 0x000a, 0x1e14: 0x000a, 0x1e15: 0x000a, 0x1e16: 0x000a, 0x1e17: 0x000a,
+	0x1e18: 0x000a, 0x1e19: 0x000a, 0x1e1a: 0x000a, 0x1e1b: 0x000a, 0x1e1c: 0x000a, 0x1e1d: 0x000a,
+	0x1e1e: 0x000a, 0x1e1f: 0x000a, 0x1e20: 0x000a, 0x1e21: 0x000a, 0x1e22: 0x000a, 0x1e23: 0x000a,
+	0x1e24: 0x000a, 0x1e25: 0x000a, 0x1e26: 0x000a, 0x1e27: 0x000a, 0x1e28: 0x000a, 0x1e29: 0x000a,
+	0x1e2a: 0x000a, 0x1e2b: 0x000a, 0x1e2c: 0x000a, 0x1e2d: 0x000a, 0x1e2e: 0x000a, 0x1e2f: 0x000a,
+	0x1e30: 0x000a, 0x1e31: 0x000a, 0x1e32: 0x000a, 0x1e33: 0x000a, 0x1e34: 0x000a, 0x1e35: 0x000a,
+	0x1e36: 0x000a, 0x1e37: 0x000a, 0x1e38: 0x000a, 0x1e39: 0x000a, 0x1e3a: 0x000a, 0x1e3b: 0x000a,
+	0x1e3c: 0x000a, 0x1e3d: 0x000a, 0x1e3e: 0x000a, 0x1e3f: 0x000a,
+	// Block 0x79, offset 0x1e40
+	0x1e40: 0x000a, 0x1e41: 0x000a, 0x1e42: 0x000a, 0x1e43: 0x000a, 0x1e44: 0x000a, 0x1e45: 0x000a,
+	0x1e46: 0x000a,
+	// Block 0x7a, offset 0x1e80
+	0x1e8d: 0x000a, 0x1e8e: 0x000a, 0x1e8f: 0x000a,
+	// Block 0x7b, offset 0x1ec0
+	0x1eef: 0x000c,
+	0x1ef0: 0x000c, 0x1ef1: 0x000c, 0x1ef2: 0x000c, 0x1ef3: 0x000a, 0x1ef4: 0x000c, 0x1ef5: 0x000c,
+	0x1ef6: 0x000c, 0x1ef7: 0x000c, 0x1ef8: 0x000c, 0x1ef9: 0x000c, 0x1efa: 0x000c, 0x1efb: 0x000c,
+	0x1efc: 0x000c, 0x1efd: 0x000c, 0x1efe: 0x000a, 0x1eff: 0x000a,
+	// Block 0x7c, offset 0x1f00
+	0x1f1e: 0x000c, 0x1f1f: 0x000c,
+	// Block 0x7d, offset 0x1f40
+	0x1f70: 0x000c, 0x1f71: 0x000c,
+	// Block 0x7e, offset 0x1f80
+	0x1f80: 0x000a, 0x1f81: 0x000a, 0x1f82: 0x000a, 0x1f83: 0x000a, 0x1f84: 0x000a, 0x1f85: 0x000a,
+	0x1f86: 0x000a, 0x1f87: 0x000a, 0x1f88: 0x000a, 0x1f89: 0x000a, 0x1f8a: 0x000a, 0x1f8b: 0x000a,
+	0x1f8c: 0x000a, 0x1f8d: 0x000a, 0x1f8e: 0x000a, 0x1f8f: 0x000a, 0x1f90: 0x000a, 0x1f91: 0x000a,
+	0x1f92: 0x000a, 0x1f93: 0x000a, 0x1f94: 0x000a, 0x1f95: 0x000a, 0x1f96: 0x000a, 0x1f97: 0x000a,
+	0x1f98: 0x000a, 0x1f99: 0x000a, 0x1f9a: 0x000a, 0x1f9b: 0x000a, 0x1f9c: 0x000a, 0x1f9d: 0x000a,
+	0x1f9e: 0x000a, 0x1f9f: 0x000a, 0x1fa0: 0x000a, 0x1fa1: 0x000a,
+	// Block 0x7f, offset 0x1fc0
+	0x1fc8: 0x000a,
+	// Block 0x80, offset 0x2000
+	0x2002: 0x000c,
+	0x2006: 0x000c, 0x200b: 0x000c,
+	0x2025: 0x000c, 0x2026: 0x000c, 0x2028: 0x000a, 0x2029: 0x000a,
+	0x202a: 0x000a, 0x202b: 0x000a,
+	0x2038: 0x0004, 0x2039: 0x0004,
+	// Block 0x81, offset 0x2040
+	0x2074: 0x000a, 0x2075: 0x000a,
+	0x2076: 0x000a, 0x2077: 0x000a,
+	// Block 0x82, offset 0x2080
+	0x2084: 0x000c, 0x2085: 0x000c,
+	0x20a0: 0x000c, 0x20a1: 0x000c, 0x20a2: 0x000c, 0x20a3: 0x000c,
+	0x20a4: 0x000c, 0x20a5: 0x000c, 0x20a6: 0x000c, 0x20a7: 0x000c, 0x20a8: 0x000c, 0x20a9: 0x000c,
+	0x20aa: 0x000c, 0x20ab: 0x000c, 0x20ac: 0x000c, 0x20ad: 0x000c, 0x20ae: 0x000c, 0x20af: 0x000c,
+	0x20b0: 0x000c, 0x20b1: 0x000c,
+	0x20bf: 0x000c,
+	// Block 0x83, offset 0x20c0
+	0x20e6: 0x000c, 0x20e7: 0x000c, 0x20e8: 0x000c, 0x20e9: 0x000c,
+	0x20ea: 0x000c, 0x20eb: 0x000c, 0x20ec: 0x000c, 0x20ed: 0x000c,
+	// Block 0x84, offset 0x2100
+	0x2107: 0x000c, 0x2108: 0x000c, 0x2109: 0x000c, 0x210a: 0x000c, 0x210b: 0x000c,
+	0x210c: 0x000c, 0x210d: 0x000c, 0x210e: 0x000c, 0x210f: 0x000c, 0x2110: 0x000c, 0x2111: 0x000c,
+	// Block 0x85, offset 0x2140
+	0x2140: 0x000c, 0x2141: 0x000c, 0x2142: 0x000c,
+	0x2173: 0x000c,
+	0x2176: 0x000c, 0x2177: 0x000c, 0x2178: 0x000c, 0x2179: 0x000c,
+	0x217c: 0x000c, 0x217d: 0x000c,
+	// Block 0x86, offset 0x2180
+	0x21a5: 0x000c,
+	// Block 0x87, offset 0x21c0
+	0x21e9: 0x000c,
+	0x21ea: 0x000c, 0x21eb: 0x000c, 0x21ec: 0x000c, 0x21ed: 0x000c, 0x21ee: 0x000c,
+	0x21f1: 0x000c, 0x21f2: 0x000c, 0x21f5: 0x000c,
+	0x21f6: 0x000c,
+	// Block 0x88, offset 0x2200
+	0x2203: 0x000c,
+	0x220c: 0x000c,
+	0x223c: 0x000c,
+	// Block 0x89, offset 0x2240
+	0x2270: 0x000c, 0x2272: 0x000c, 0x2273: 0x000c, 0x2274: 0x000c,
+	0x2277: 0x000c, 0x2278: 0x000c,
+	0x227e: 0x000c, 0x227f: 0x000c,
+	// Block 0x8a, offset 0x2280
+	0x2281: 0x000c,
+	0x22ac: 0x000c, 0x22ad: 0x000c,
+	0x22b6: 0x000c,
+	// Block 0x8b, offset 0x22c0
+	0x22e5: 0x000c, 0x22e8: 0x000c,
+	0x22ed: 0x000c,
+	// Block 0x8c, offset 0x2300
+	0x231d: 0x0001,
+	0x231e: 0x000c, 0x231f: 0x0001, 0x2320: 0x0001, 0x2321: 0x0001, 0x2322: 0x0001, 0x2323: 0x0001,
+	0x2324: 0x0001, 0x2325: 0x0001, 0x2326: 0x0001, 0x2327: 0x0001, 0x2328: 0x0001, 0x2329: 0x0003,
+	0x232a: 0x0001, 0x232b: 0x0001, 0x232c: 0x0001, 0x232d: 0x0001, 0x232e: 0x0001, 0x232f: 0x0001,
+	0x2330: 0x0001, 0x2331: 0x0001, 0x2332: 0x0001, 0x2333: 0x0001, 0x2334: 0x0001, 0x2335: 0x0001,
+	0x2336: 0x0001, 0x2337: 0x0001, 0x2338: 0x0001, 0x2339: 0x0001, 0x233a: 0x0001, 0x233b: 0x0001,
+	0x233c: 0x0001, 0x233d: 0x0001, 0x233e: 0x0001, 0x233f: 0x0001,
+	// Block 0x8d, offset 0x2340
+	0x2340: 0x0001, 0x2341: 0x0001, 0x2342: 0x0001, 0x2343: 0x0001, 0x2344: 0x0001, 0x2345: 0x0001,
+	0x2346: 0x0001, 0x2347: 0x0001, 0x2348: 0x0001, 0x2349: 0x0001, 0x234a: 0x0001, 0x234b: 0x0001,
+	0x234c: 0x0001, 0x234d: 0x0001, 0x234e: 0x0001, 0x234f: 0x0001, 0x2350: 0x000d, 0x2351: 0x000d,
+	0x2352: 0x000d, 0x2353: 0x000d, 0x2354: 0x000d, 0x2355: 0x000d, 0x2356: 0x000d, 0x2357: 0x000d,
+	0x2358: 0x000d, 0x2359: 0x000d, 0x235a: 0x000d, 0x235b: 0x000d, 0x235c: 0x000d, 0x235d: 0x000d,
+	0x235e: 0x000d, 0x235f: 0x000d, 0x2360: 0x000d, 0x2361: 0x000d, 0x2362: 0x000d, 0x2363: 0x000d,
+	0x2364: 0x000d, 0x2365: 0x000d, 0x2366: 0x000d, 0x2367: 0x000d, 0x2368: 0x000d, 0x2369: 0x000d,
+	0x236a: 0x000d, 0x236b: 0x000d, 0x236c: 0x000d, 0x236d: 0x000d, 0x236e: 0x000d, 0x236f: 0x000d,
+	0x2370: 0x000d, 0x2371: 0x000d, 0x2372: 0x000d, 0x2373: 0x000d, 0x2374: 0x000d, 0x2375: 0x000d,
+	0x2376: 0x000d, 0x2377: 0x000d, 0x2378: 0x000d, 0x2379: 0x000d, 0x237a: 0x000d, 0x237b: 0x000d,
+	0x237c: 0x000d, 0x237d: 0x000d, 0x237e: 0x000d, 0x237f: 0x000d,
+	// Block 0x8e, offset 0x2380
+	0x2380: 0x000d, 0x2381: 0x000d, 0x2382: 0x000d, 0x2383: 0x000d, 0x2384: 0x000d, 0x2385: 0x000d,
+	0x2386: 0x000d, 0x2387: 0x000d, 0x2388: 0x000d, 0x2389: 0x000d, 0x238a: 0x000d, 0x238b: 0x000d,
+	0x238c: 0x000d, 0x238d: 0x000d, 0x238e: 0x000d, 0x238f: 0x000d, 0x2390: 0x000d, 0x2391: 0x000d,
+	0x2392: 0x000d, 0x2393: 0x000d, 0x2394: 0x000d, 0x2395: 0x000d, 0x2396: 0x000d, 0x2397: 0x000d,
+	0x2398: 0x000d, 0x2399: 0x000d, 0x239a: 0x000d, 0x239b: 0x000d, 0x239c: 0x000d, 0x239d: 0x000d,
+	0x239e: 0x000d, 0x239f: 0x000d, 0x23a0: 0x000d, 0x23a1: 0x000d, 0x23a2: 0x000d, 0x23a3: 0x000d,
+	0x23a4: 0x000d, 0x23a5: 0x000d, 0x23a6: 0x000d, 0x23a7: 0x000d, 0x23a8: 0x000d, 0x23a9: 0x000d,
+	0x23aa: 0x000d, 0x23ab: 0x000d, 0x23ac: 0x000d, 0x23ad: 0x000d, 0x23ae: 0x000d, 0x23af: 0x000d,
+	0x23b0: 0x000d, 0x23b1: 0x000d, 0x23b2: 0x000d, 0x23b3: 0x000d, 0x23b4: 0x000d, 0x23b5: 0x000d,
+	0x23b6: 0x000d, 0x23b7: 0x000d, 0x23b8: 0x000d, 0x23b9: 0x000d, 0x23ba: 0x000d, 0x23bb: 0x000d,
+	0x23bc: 0x000d, 0x23bd: 0x000d, 0x23be: 0x000a, 0x23bf: 0x000a,
+	// Block 0x8f, offset 0x23c0
+	0x23c0: 0x000d, 0x23c1: 0x000d, 0x23c2: 0x000d, 0x23c3: 0x000d, 0x23c4: 0x000d, 0x23c5: 0x000d,
+	0x23c6: 0x000d, 0x23c7: 0x000d, 0x23c8: 0x000d, 0x23c9: 0x000d, 0x23ca: 0x000d, 0x23cb: 0x000d,
+	0x23cc: 0x000d, 0x23cd: 0x000d, 0x23ce: 0x000d, 0x23cf: 0x000d, 0x23d0: 0x000b, 0x23d1: 0x000b,
+	0x23d2: 0x000b, 0x23d3: 0x000b, 0x23d4: 0x000b, 0x23d5: 0x000b, 0x23d6: 0x000b, 0x23d7: 0x000b,
+	0x23d8: 0x000b, 0x23d9: 0x000b, 0x23da: 0x000b, 0x23db: 0x000b, 0x23dc: 0x000b, 0x23dd: 0x000b,
+	0x23de: 0x000b, 0x23df: 0x000b, 0x23e0: 0x000b, 0x23e1: 0x000b, 0x23e2: 0x000b, 0x23e3: 0x000b,
+	0x23e4: 0x000b, 0x23e5: 0x000b, 0x23e6: 0x000b, 0x23e7: 0x000b, 0x23e8: 0x000b, 0x23e9: 0x000b,
+	0x23ea: 0x000b, 0x23eb: 0x000b, 0x23ec: 0x000b, 0x23ed: 0x000b, 0x23ee: 0x000b, 0x23ef: 0x000b,
+	0x23f0: 0x000d, 0x23f1: 0x000d, 0x23f2: 0x000d, 0x23f3: 0x000d, 0x23f4: 0x000d, 0x23f5: 0x000d,
+	0x23f6: 0x000d, 0x23f7: 0x000d, 0x23f8: 0x000d, 0x23f9: 0x000d, 0x23fa: 0x000d, 0x23fb: 0x000d,
+	0x23fc: 0x000d, 0x23fd: 0x000a, 0x23fe: 0x000d, 0x23ff: 0x000d,
+	// Block 0x90, offset 0x2400
+	0x2400: 0x000c, 0x2401: 0x000c, 0x2402: 0x000c, 0x2403: 0x000c, 0x2404: 0x000c, 0x2405: 0x000c,
+	0x2406: 0x000c, 0x2407: 0x000c, 0x2408: 0x000c, 0x2409: 0x000c, 0x240a: 0x000c, 0x240b: 0x000c,
+	0x240c: 0x000c, 0x240d: 0x000c, 0x240e: 0x000c, 0x240f: 0x000c, 0x2410: 0x000a, 0x2411: 0x000a,
+	0x2412: 0x000a, 0x2413: 0x000a, 0x2414: 0x000a, 0x2415: 0x000a, 0x2416: 0x000a, 0x2417: 0x000a,
+	0x2418: 0x000a, 0x2419: 0x000a,
+	0x2420: 0x000c, 0x2421: 0x000c, 0x2422: 0x000c, 0x2423: 0x000c,
+	0x2424: 0x000c, 0x2425: 0x000c, 0x2426: 0x000c, 0x2427: 0x000c, 0x2428: 0x000c, 0x2429: 0x000c,
+	0x242a: 0x000c, 0x242b: 0x000c, 0x242c: 0x000c, 0x242d: 0x000c, 0x242e: 0x000c, 0x242f: 0x000c,
+	0x2430: 0x000a, 0x2431: 0x000a, 0x2432: 0x000a, 0x2433: 0x000a, 0x2434: 0x000a, 0x2435: 0x000a,
+	0x2436: 0x000a, 0x2437: 0x000a, 0x2438: 0x000a, 0x2439: 0x000a, 0x243a: 0x000a, 0x243b: 0x000a,
+	0x243c: 0x000a, 0x243d: 0x000a, 0x243e: 0x000a, 0x243f: 0x000a,
+	// Block 0x91, offset 0x2440
+	0x2440: 0x000a, 0x2441: 0x000a, 0x2442: 0x000a, 0x2443: 0x000a, 0x2444: 0x000a, 0x2445: 0x000a,
+	0x2446: 0x000a, 0x2447: 0x000a, 0x2448: 0x000a, 0x2449: 0x000a, 0x244a: 0x000a, 0x244b: 0x000a,
+	0x244c: 0x000a, 0x244d: 0x000a, 0x244e: 0x000a, 0x244f: 0x000a, 0x2450: 0x0006, 0x2451: 0x000a,
+	0x2452: 0x0006, 0x2454: 0x000a, 0x2455: 0x0006, 0x2456: 0x000a, 0x2457: 0x000a,
+	0x2458: 0x000a, 0x2459: 0x009a, 0x245a: 0x008a, 0x245b: 0x007a, 0x245c: 0x006a, 0x245d: 0x009a,
+	0x245e: 0x008a, 0x245f: 0x0004, 0x2460: 0x000a, 0x2461: 0x000a, 0x2462: 0x0003, 0x2463: 0x0003,
+	0x2464: 0x000a, 0x2465: 0x000a, 0x2466: 0x000a, 0x2468: 0x000a, 0x2469: 0x0004,
+	0x246a: 0x0004, 0x246b: 0x000a,
+	0x2470: 0x000d, 0x2471: 0x000d, 0x2472: 0x000d, 0x2473: 0x000d, 0x2474: 0x000d, 0x2475: 0x000d,
+	0x2476: 0x000d, 0x2477: 0x000d, 0x2478: 0x000d, 0x2479: 0x000d, 0x247a: 0x000d, 0x247b: 0x000d,
+	0x247c: 0x000d, 0x247d: 0x000d, 0x247e: 0x000d, 0x247f: 0x000d,
+	// Block 0x92, offset 0x2480
+	0x2480: 0x000d, 0x2481: 0x000d, 0x2482: 0x000d, 0x2483: 0x000d, 0x2484: 0x000d, 0x2485: 0x000d,
+	0x2486: 0x000d, 0x2487: 0x000d, 0x2488: 0x000d, 0x2489: 0x000d, 0x248a: 0x000d, 0x248b: 0x000d,
+	0x248c: 0x000d, 0x248d: 0x000d, 0x248e: 0x000d, 0x248f: 0x000d, 0x2490: 0x000d, 0x2491: 0x000d,
+	0x2492: 0x000d, 0x2493: 0x000d, 0x2494: 0x000d, 0x2495: 0x000d, 0x2496: 0x000d, 0x2497: 0x000d,
+	0x2498: 0x000d, 0x2499: 0x000d, 0x249a: 0x000d, 0x249b: 0x000d, 0x249c: 0x000d, 0x249d: 0x000d,
+	0x249e: 0x000d, 0x249f: 0x000d, 0x24a0: 0x000d, 0x24a1: 0x000d, 0x24a2: 0x000d, 0x24a3: 0x000d,
+	0x24a4: 0x000d, 0x24a5: 0x000d, 0x24a6: 0x000d, 0x24a7: 0x000d, 0x24a8: 0x000d, 0x24a9: 0x000d,
+	0x24aa: 0x000d, 0x24ab: 0x000d, 0x24ac: 0x000d, 0x24ad: 0x000d, 0x24ae: 0x000d, 0x24af: 0x000d,
+	0x24b0: 0x000d, 0x24b1: 0x000d, 0x24b2: 0x000d, 0x24b3: 0x000d, 0x24b4: 0x000d, 0x24b5: 0x000d,
+	0x24b6: 0x000d, 0x24b7: 0x000d, 0x24b8: 0x000d, 0x24b9: 0x000d, 0x24ba: 0x000d, 0x24bb: 0x000d,
+	0x24bc: 0x000d, 0x24bd: 0x000d, 0x24be: 0x000d, 0x24bf: 0x000b,
+	// Block 0x93, offset 0x24c0
+	0x24c1: 0x000a, 0x24c2: 0x000a, 0x24c3: 0x0004, 0x24c4: 0x0004, 0x24c5: 0x0004,
+	0x24c6: 0x000a, 0x24c7: 0x000a, 0x24c8: 0x003a, 0x24c9: 0x002a, 0x24ca: 0x000a, 0x24cb: 0x0003,
+	0x24cc: 0x0006, 0x24cd: 0x0003, 0x24ce: 0x0006, 0x24cf: 0x0006, 0x24d0: 0x0002, 0x24d1: 0x0002,
+	0x24d2: 0x0002, 0x24d3: 0x0002, 0x24d4: 0x0002, 0x24d5: 0x0002, 0x24d6: 0x0002, 0x24d7: 0x0002,
+	0x24d8: 0x0002, 0x24d9: 0x0002, 0x24da: 0x0006, 0x24db: 0x000a, 0x24dc: 0x000a, 0x24dd: 0x000a,
+	0x24de: 0x000a, 0x24df: 0x000a, 0x24e0: 0x000a,
+	0x24fb: 0x005a,
+	0x24fc: 0x000a, 0x24fd: 0x004a, 0x24fe: 0x000a, 0x24ff: 0x000a,
+	// Block 0x94, offset 0x2500
+	0x2500: 0x000a,
+	0x251b: 0x005a, 0x251c: 0x000a, 0x251d: 0x004a,
+	0x251e: 0x000a, 0x251f: 0x00fa, 0x2520: 0x00ea, 0x2521: 0x000a, 0x2522: 0x003a, 0x2523: 0x002a,
+	0x2524: 0x000a, 0x2525: 0x000a,
+	// Block 0x95, offset 0x2540
+	0x2560: 0x0004, 0x2561: 0x0004, 0x2562: 0x000a, 0x2563: 0x000a,
+	0x2564: 0x000a, 0x2565: 0x0004, 0x2566: 0x0004, 0x2568: 0x000a, 0x2569: 0x000a,
+	0x256a: 0x000a, 0x256b: 0x000a, 0x256c: 0x000a, 0x256d: 0x000a, 0x256e: 0x000a,
+	0x2570: 0x000b, 0x2571: 0x000b, 0x2572: 0x000b, 0x2573: 0x000b, 0x2574: 0x000b, 0x2575: 0x000b,
+	0x2576: 0x000b, 0x2577: 0x000b, 0x2578: 0x000b, 0x2579: 0x000a, 0x257a: 0x000a, 0x257b: 0x000a,
+	0x257c: 0x000a, 0x257d: 0x000a, 0x257e: 0x000b, 0x257f: 0x000b,
+	// Block 0x96, offset 0x2580
+	0x2581: 0x000a,
+	// Block 0x97, offset 0x25c0
+	0x25c0: 0x000a, 0x25c1: 0x000a, 0x25c2: 0x000a, 0x25c3: 0x000a, 0x25c4: 0x000a, 0x25c5: 0x000a,
+	0x25c6: 0x000a, 0x25c7: 0x000a, 0x25c8: 0x000a, 0x25c9: 0x000a, 0x25ca: 0x000a, 0x25cb: 0x000a,
+	0x25cc: 0x000a, 0x25d0: 0x000a, 0x25d1: 0x000a,
+	0x25d2: 0x000a, 0x25d3: 0x000a, 0x25d4: 0x000a, 0x25d5: 0x000a, 0x25d6: 0x000a, 0x25d7: 0x000a,
+	0x25d8: 0x000a, 0x25d9: 0x000a, 0x25da: 0x000a, 0x25db: 0x000a,
+	0x25e0: 0x000a,
+	// Block 0x98, offset 0x2600
+	0x263d: 0x000c,
+	// Block 0x99, offset 0x2640
+	0x2660: 0x000c, 0x2661: 0x0002, 0x2662: 0x0002, 0x2663: 0x0002,
+	0x2664: 0x0002, 0x2665: 0x0002, 0x2666: 0x0002, 0x2667: 0x0002, 0x2668: 0x0002, 0x2669: 0x0002,
+	0x266a: 0x0002, 0x266b: 0x0002, 0x266c: 0x0002, 0x266d: 0x0002, 0x266e: 0x0002, 0x266f: 0x0002,
+	0x2670: 0x0002, 0x2671: 0x0002, 0x2672: 0x0002, 0x2673: 0x0002, 0x2674: 0x0002, 0x2675: 0x0002,
+	0x2676: 0x0002, 0x2677: 0x0002, 0x2678: 0x0002, 0x2679: 0x0002, 0x267a: 0x0002, 0x267b: 0x0002,
+	// Block 0x9a, offset 0x2680
+	0x26b6: 0x000c, 0x26b7: 0x000c, 0x26b8: 0x000c, 0x26b9: 0x000c, 0x26ba: 0x000c,
+	// Block 0x9b, offset 0x26c0
+	0x26c0: 0x0001, 0x26c1: 0x0001, 0x26c2: 0x0001, 0x26c3: 0x0001, 0x26c4: 0x0001, 0x26c5: 0x0001,
+	0x26c6: 0x0001, 0x26c7: 0x0001, 0x26c8: 0x0001, 0x26c9: 0x0001, 0x26ca: 0x0001, 0x26cb: 0x0001,
+	0x26cc: 0x0001, 0x26cd: 0x0001, 0x26ce: 0x0001, 0x26cf: 0x0001, 0x26d0: 0x0001, 0x26d1: 0x0001,
+	0x26d2: 0x0001, 0x26d3: 0x0001, 0x26d4: 0x0001, 0x26d5: 0x0001, 0x26d6: 0x0001, 0x26d7: 0x0001,
+	0x26d8: 0x0001, 0x26d9: 0x0001, 0x26da: 0x0001, 0x26db: 0x0001, 0x26dc: 0x0001, 0x26dd: 0x0001,
+	0x26de: 0x0001, 0x26df: 0x0001, 0x26e0: 0x0001, 0x26e1: 0x0001, 0x26e2: 0x0001, 0x26e3: 0x0001,
+	0x26e4: 0x0001, 0x26e5: 0x0001, 0x26e6: 0x0001, 0x26e7: 0x0001, 0x26e8: 0x0001, 0x26e9: 0x0001,
+	0x26ea: 0x0001, 0x26eb: 0x0001, 0x26ec: 0x0001, 0x26ed: 0x0001, 0x26ee: 0x0001, 0x26ef: 0x0001,
+	0x26f0: 0x0001, 0x26f1: 0x0001, 0x26f2: 0x0001, 0x26f3: 0x0001, 0x26f4: 0x0001, 0x26f5: 0x0001,
+	0x26f6: 0x0001, 0x26f7: 0x0001, 0x26f8: 0x0001, 0x26f9: 0x0001, 0x26fa: 0x0001, 0x26fb: 0x0001,
+	0x26fc: 0x0001, 0x26fd: 0x0001, 0x26fe: 0x0001, 0x26ff: 0x0001,
+	// Block 0x9c, offset 0x2700
+	0x2700: 0x0001, 0x2701: 0x0001, 0x2702: 0x0001, 0x2703: 0x0001, 0x2704: 0x0001, 0x2705: 0x0001,
+	0x2706: 0x0001, 0x2707: 0x0001, 0x2708: 0x0001, 0x2709: 0x0001, 0x270a: 0x0001, 0x270b: 0x0001,
+	0x270c: 0x0001, 0x270d: 0x0001, 0x270e: 0x0001, 0x270f: 0x0001, 0x2710: 0x0001, 0x2711: 0x0001,
+	0x2712: 0x0001, 0x2713: 0x0001, 0x2714: 0x0001, 0x2715: 0x0001, 0x2716: 0x0001, 0x2717: 0x0001,
+	0x2718: 0x0001, 0x2719: 0x0001, 0x271a: 0x0001, 0x271b: 0x0001, 0x271c: 0x0001, 0x271d: 0x0001,
+	0x271e: 0x0001, 0x271f: 0x000a, 0x2720: 0x0001, 0x2721: 0x0001, 0x2722: 0x0001, 0x2723: 0x0001,
+	0x2724: 0x0001, 0x2725: 0x0001, 0x2726: 0x0001, 0x2727: 0x0001, 0x2728: 0x0001, 0x2729: 0x0001,
+	0x272a: 0x0001, 0x272b: 0x0001, 0x272c: 0x0001, 0x272d: 0x0001, 0x272e: 0x0001, 0x272f: 0x0001,
+	0x2730: 0x0001, 0x2731: 0x0001, 0x2732: 0x0001, 0x2733: 0x0001, 0x2734: 0x0001, 0x2735: 0x0001,
+	0x2736: 0x0001, 0x2737: 0x0001, 0x2738: 0x0001, 0x2739: 0x0001, 0x273a: 0x0001, 0x273b: 0x0001,
+	0x273c: 0x0001, 0x273d: 0x0001, 0x273e: 0x0001, 0x273f: 0x0001,
+	// Block 0x9d, offset 0x2740
+	0x2740: 0x0001, 0x2741: 0x000c, 0x2742: 0x000c, 0x2743: 0x000c, 0x2744: 0x0001, 0x2745: 0x000c,
+	0x2746: 0x000c, 0x2747: 0x0001, 0x2748: 0x0001, 0x2749: 0x0001, 0x274a: 0x0001, 0x274b: 0x0001,
+	0x274c: 0x000c, 0x274d: 0x000c, 0x274e: 0x000c, 0x274f: 0x000c, 0x2750: 0x0001, 0x2751: 0x0001,
+	0x2752: 0x0001, 0x2753: 0x0001, 0x2754: 0x0001, 0x2755: 0x0001, 0x2756: 0x0001, 0x2757: 0x0001,
+	0x2758: 0x0001, 0x2759: 0x0001, 0x275a: 0x0001, 0x275b: 0x0001, 0x275c: 0x0001, 0x275d: 0x0001,
+	0x275e: 0x0001, 0x275f: 0x0001, 0x2760: 0x0001, 0x2761: 0x0001, 0x2762: 0x0001, 0x2763: 0x0001,
+	0x2764: 0x0001, 0x2765: 0x0001, 0x2766: 0x0001, 0x2767: 0x0001, 0x2768: 0x0001, 0x2769: 0x0001,
+	0x276a: 0x0001, 0x276b: 0x0001, 0x276c: 0x0001, 0x276d: 0x0001, 0x276e: 0x0001, 0x276f: 0x0001,
+	0x2770: 0x0001, 0x2771: 0x0001, 0x2772: 0x0001, 0x2773: 0x0001, 0x2774: 0x0001, 0x2775: 0x0001,
+	0x2776: 0x0001, 0x2777: 0x0001, 0x2778: 0x000c, 0x2779: 0x000c, 0x277a: 0x000c, 0x277b: 0x0001,
+	0x277c: 0x0001, 0x277d: 0x0001, 0x277e: 0x0001, 0x277f: 0x000c,
+	// Block 0x9e, offset 0x2780
+	0x2780: 0x0001, 0x2781: 0x0001, 0x2782: 0x0001, 0x2783: 0x0001, 0x2784: 0x0001, 0x2785: 0x0001,
+	0x2786: 0x0001, 0x2787: 0x0001, 0x2788: 0x0001, 0x2789: 0x0001, 0x278a: 0x0001, 0x278b: 0x0001,
+	0x278c: 0x0001, 0x278d: 0x0001, 0x278e: 0x0001, 0x278f: 0x0001, 0x2790: 0x0001, 0x2791: 0x0001,
+	0x2792: 0x0001, 0x2793: 0x0001, 0x2794: 0x0001, 0x2795: 0x0001, 0x2796: 0x0001, 0x2797: 0x0001,
+	0x2798: 0x0001, 0x2799: 0x0001, 0x279a: 0x0001, 0x279b: 0x0001, 0x279c: 0x0001, 0x279d: 0x0001,
+	0x279e: 0x0001, 0x279f: 0x0001, 0x27a0: 0x0001, 0x27a1: 0x0001, 0x27a2: 0x0001, 0x27a3: 0x0001,
+	0x27a4: 0x0001, 0x27a5: 0x000c, 0x27a6: 0x000c, 0x27a7: 0x0001, 0x27a8: 0x0001, 0x27a9: 0x0001,
+	0x27aa: 0x0001, 0x27ab: 0x0001, 0x27ac: 0x0001, 0x27ad: 0x0001, 0x27ae: 0x0001, 0x27af: 0x0001,
+	0x27b0: 0x0001, 0x27b1: 0x0001, 0x27b2: 0x0001, 0x27b3: 0x0001, 0x27b4: 0x0001, 0x27b5: 0x0001,
+	0x27b6: 0x0001, 0x27b7: 0x0001, 0x27b8: 0x0001, 0x27b9: 0x0001, 0x27ba: 0x0001, 0x27bb: 0x0001,
+	0x27bc: 0x0001, 0x27bd: 0x0001, 0x27be: 0x0001, 0x27bf: 0x0001,
+	// Block 0x9f, offset 0x27c0
+	0x27c0: 0x0001, 0x27c1: 0x0001, 0x27c2: 0x0001, 0x27c3: 0x0001, 0x27c4: 0x0001, 0x27c5: 0x0001,
+	0x27c6: 0x0001, 0x27c7: 0x0001, 0x27c8: 0x0001, 0x27c9: 0x0001, 0x27ca: 0x0001, 0x27cb: 0x0001,
+	0x27cc: 0x0001, 0x27cd: 0x0001, 0x27ce: 0x0001, 0x27cf: 0x0001, 0x27d0: 0x0001, 0x27d1: 0x0001,
+	0x27d2: 0x0001, 0x27d3: 0x0001, 0x27d4: 0x0001, 0x27d5: 0x0001, 0x27d6: 0x0001, 0x27d7: 0x0001,
+	0x27d8: 0x0001, 0x27d9: 0x0001, 0x27da: 0x0001, 0x27db: 0x0001, 0x27dc: 0x0001, 0x27dd: 0x0001,
+	0x27de: 0x0001, 0x27df: 0x0001, 0x27e0: 0x0001, 0x27e1: 0x0001, 0x27e2: 0x0001, 0x27e3: 0x0001,
+	0x27e4: 0x0001, 0x27e5: 0x0001, 0x27e6: 0x0001, 0x27e7: 0x0001, 0x27e8: 0x0001, 0x27e9: 0x0001,
+	0x27ea: 0x0001, 0x27eb: 0x0001, 0x27ec: 0x0001, 0x27ed: 0x0001, 0x27ee: 0x0001, 0x27ef: 0x0001,
+	0x27f0: 0x0001, 0x27f1: 0x0001, 0x27f2: 0x0001, 0x27f3: 0x0001, 0x27f4: 0x0001, 0x27f5: 0x0001,
+	0x27f6: 0x0001, 0x27f7: 0x0001, 0x27f8: 0x0001, 0x27f9: 0x000a, 0x27fa: 0x000a, 0x27fb: 0x000a,
+	0x27fc: 0x000a, 0x27fd: 0x000a, 0x27fe: 0x000a, 0x27ff: 0x000a,
+	// Block 0xa0, offset 0x2800
+	0x2800: 0x000d, 0x2801: 0x000d, 0x2802: 0x000d, 0x2803: 0x000d, 0x2804: 0x000d, 0x2805: 0x000d,
+	0x2806: 0x000d, 0x2807: 0x000d, 0x2808: 0x000d, 0x2809: 0x000d, 0x280a: 0x000d, 0x280b: 0x000d,
+	0x280c: 0x000d, 0x280d: 0x000d, 0x280e: 0x000d, 0x280f: 0x000d, 0x2810: 0x000d, 0x2811: 0x000d,
+	0x2812: 0x000d, 0x2813: 0x000d, 0x2814: 0x000d, 0x2815: 0x000d, 0x2816: 0x000d, 0x2817: 0x000d,
+	0x2818: 0x000d, 0x2819: 0x000d, 0x281a: 0x000d, 0x281b: 0x000d, 0x281c: 0x000d, 0x281d: 0x000d,
+	0x281e: 0x000d, 0x281f: 0x000d, 0x2820: 0x000d, 0x2821: 0x000d, 0x2822: 0x000d, 0x2823: 0x000d,
+	0x2824: 0x000c, 0x2825: 0x000c, 0x2826: 0x000c, 0x2827: 0x000c, 0x2828: 0x000d, 0x2829: 0x000d,
+	0x282a: 0x000d, 0x282b: 0x000d, 0x282c: 0x000d, 0x282d: 0x000d, 0x282e: 0x000d, 0x282f: 0x000d,
+	0x2830: 0x0005, 0x2831: 0x0005, 0x2832: 0x0005, 0x2833: 0x0005, 0x2834: 0x0005, 0x2835: 0x0005,
+	0x2836: 0x0005, 0x2837: 0x0005, 0x2838: 0x0005, 0x2839: 0x0005, 0x283a: 0x000d, 0x283b: 0x000d,
+	0x283c: 0x000d, 0x283d: 0x000d, 0x283e: 0x000d, 0x283f: 0x000d,
+	// Block 0xa1, offset 0x2840
+	0x2840: 0x0001, 0x2841: 0x0001, 0x2842: 0x0001, 0x2843: 0x0001, 0x2844: 0x0001, 0x2845: 0x0001,
+	0x2846: 0x0001, 0x2847: 0x0001, 0x2848: 0x0001, 0x2849: 0x0001, 0x284a: 0x0001, 0x284b: 0x0001,
+	0x284c: 0x0001, 0x284d: 0x0001, 0x284e: 0x0001, 0x284f: 0x0001, 0x2850: 0x0001, 0x2851: 0x0001,
+	0x2852: 0x0001, 0x2853: 0x0001, 0x2854: 0x0001, 0x2855: 0x0001, 0x2856: 0x0001, 0x2857: 0x0001,
+	0x2858: 0x0001, 0x2859: 0x0001, 0x285a: 0x0001, 0x285b: 0x0001, 0x285c: 0x0001, 0x285d: 0x0001,
+	0x285e: 0x0001, 0x285f: 0x0001, 0x2860: 0x0005, 0x2861: 0x0005, 0x2862: 0x0005, 0x2863: 0x0005,
+	0x2864: 0x0005, 0x2865: 0x0005, 0x2866: 0x0005, 0x2867: 0x0005, 0x2868: 0x0005, 0x2869: 0x0005,
+	0x286a: 0x0005, 0x286b: 0x0005, 0x286c: 0x0005, 0x286d: 0x0005, 0x286e: 0x0005, 0x286f: 0x0005,
+	0x2870: 0x0005, 0x2871: 0x0005, 0x2872: 0x0005, 0x2873: 0x0005, 0x2874: 0x0005, 0x2875: 0x0005,
+	0x2876: 0x0005, 0x2877: 0x0005, 0x2878: 0x0005, 0x2879: 0x0005, 0x287a: 0x0005, 0x287b: 0x0005,
+	0x287c: 0x0005, 0x287d: 0x0005, 0x287e: 0x0005, 0x287f: 0x0001,
+	// Block 0xa2, offset 0x2880
+	0x2880: 0x0001, 0x2881: 0x0001, 0x2882: 0x0001, 0x2883: 0x0001, 0x2884: 0x0001, 0x2885: 0x0001,
+	0x2886: 0x0001, 0x2887: 0x0001, 0x2888: 0x0001, 0x2889: 0x0001, 0x288a: 0x0001, 0x288b: 0x0001,
+	0x288c: 0x0001, 0x288d: 0x0001, 0x288e: 0x0001, 0x288f: 0x0001, 0x2890: 0x0001, 0x2891: 0x0001,
+	0x2892: 0x0001, 0x2893: 0x0001, 0x2894: 0x0001, 0x2895: 0x0001, 0x2896: 0x0001, 0x2897: 0x0001,
+	0x2898: 0x0001, 0x2899: 0x0001, 0x289a: 0x0001, 0x289b: 0x0001, 0x289c: 0x0001, 0x289d: 0x0001,
+	0x289e: 0x0001, 0x289f: 0x0001, 0x28a0: 0x0001, 0x28a1: 0x0001, 0x28a2: 0x0001, 0x28a3: 0x0001,
+	0x28a4: 0x0001, 0x28a5: 0x0001, 0x28a6: 0x0001, 0x28a7: 0x0001, 0x28a8: 0x0001, 0x28a9: 0x0001,
+	0x28aa: 0x0001, 0x28ab: 0x0001, 0x28ac: 0x0001, 0x28ad: 0x0001, 0x28ae: 0x0001, 0x28af: 0x0001,
+	0x28b0: 0x000d, 0x28b1: 0x000d, 0x28b2: 0x000d, 0x28b3: 0x000d, 0x28b4: 0x000d, 0x28b5: 0x000d,
+	0x28b6: 0x000d, 0x28b7: 0x000d, 0x28b8: 0x000d, 0x28b9: 0x000d, 0x28ba: 0x000d, 0x28bb: 0x000d,
+	0x28bc: 0x000d, 0x28bd: 0x000d, 0x28be: 0x000d, 0x28bf: 0x000d,
+	// Block 0xa3, offset 0x28c0
+	0x28c0: 0x000d, 0x28c1: 0x000d, 0x28c2: 0x000d, 0x28c3: 0x000d, 0x28c4: 0x000d, 0x28c5: 0x000d,
+	0x28c6: 0x000c, 0x28c7: 0x000c, 0x28c8: 0x000c, 0x28c9: 0x000c, 0x28ca: 0x000c, 0x28cb: 0x000c,
+	0x28cc: 0x000c, 0x28cd: 0x000c, 0x28ce: 0x000c, 0x28cf: 0x000c, 0x28d0: 0x000c, 0x28d1: 0x000d,
+	0x28d2: 0x000d, 0x28d3: 0x000d, 0x28d4: 0x000d, 0x28d5: 0x000d, 0x28d6: 0x000d, 0x28d7: 0x000d,
+	0x28d8: 0x000d, 0x28d9: 0x000d, 0x28da: 0x000d, 0x28db: 0x000d, 0x28dc: 0x000d, 0x28dd: 0x000d,
+	0x28de: 0x000d, 0x28df: 0x000d, 0x28e0: 0x000d, 0x28e1: 0x000d, 0x28e2: 0x000d, 0x28e3: 0x000d,
+	0x28e4: 0x000d, 0x28e5: 0x000d, 0x28e6: 0x000d, 0x28e7: 0x000d, 0x28e8: 0x000d, 0x28e9: 0x000d,
+	0x28ea: 0x000d, 0x28eb: 0x000d, 0x28ec: 0x000d, 0x28ed: 0x000d, 0x28ee: 0x000d, 0x28ef: 0x000d,
+	0x28f0: 0x0001, 0x28f1: 0x0001, 0x28f2: 0x0001, 0x28f3: 0x0001, 0x28f4: 0x0001, 0x28f5: 0x0001,
+	0x28f6: 0x0001, 0x28f7: 0x0001, 0x28f8: 0x0001, 0x28f9: 0x0001, 0x28fa: 0x0001, 0x28fb: 0x0001,
+	0x28fc: 0x0001, 0x28fd: 0x0001, 0x28fe: 0x0001, 0x28ff: 0x0001,
+	// Block 0xa4, offset 0x2900
+	0x2901: 0x000c,
+	0x2938: 0x000c, 0x2939: 0x000c, 0x293a: 0x000c, 0x293b: 0x000c,
+	0x293c: 0x000c, 0x293d: 0x000c, 0x293e: 0x000c, 0x293f: 0x000c,
+	// Block 0xa5, offset 0x2940
+	0x2940: 0x000c, 0x2941: 0x000c, 0x2942: 0x000c, 0x2943: 0x000c, 0x2944: 0x000c, 0x2945: 0x000c,
+	0x2946: 0x000c,
+	0x2952: 0x000a, 0x2953: 0x000a, 0x2954: 0x000a, 0x2955: 0x000a, 0x2956: 0x000a, 0x2957: 0x000a,
+	0x2958: 0x000a, 0x2959: 0x000a, 0x295a: 0x000a, 0x295b: 0x000a, 0x295c: 0x000a, 0x295d: 0x000a,
+	0x295e: 0x000a, 0x295f: 0x000a, 0x2960: 0x000a, 0x2961: 0x000a, 0x2962: 0x000a, 0x2963: 0x000a,
+	0x2964: 0x000a, 0x2965: 0x000a,
+	0x297f: 0x000c,
+	// Block 0xa6, offset 0x2980
+	0x2980: 0x000c, 0x2981: 0x000c,
+	0x29b3: 0x000c, 0x29b4: 0x000c, 0x29b5: 0x000c,
+	0x29b6: 0x000c, 0x29b9: 0x000c, 0x29ba: 0x000c,
+	// Block 0xa7, offset 0x29c0
+	0x29c0: 0x000c, 0x29c1: 0x000c, 0x29c2: 0x000c,
+	0x29e7: 0x000c, 0x29e8: 0x000c, 0x29e9: 0x000c,
+	0x29ea: 0x000c, 0x29eb: 0x000c, 0x29ed: 0x000c, 0x29ee: 0x000c, 0x29ef: 0x000c,
+	0x29f0: 0x000c, 0x29f1: 0x000c, 0x29f2: 0x000c, 0x29f3: 0x000c, 0x29f4: 0x000c,
+	// Block 0xa8, offset 0x2a00
+	0x2a33: 0x000c,
+	// Block 0xa9, offset 0x2a40
+	0x2a40: 0x000c, 0x2a41: 0x000c,
+	0x2a76: 0x000c, 0x2a77: 0x000c, 0x2a78: 0x000c, 0x2a79: 0x000c, 0x2a7a: 0x000c, 0x2a7b: 0x000c,
+	0x2a7c: 0x000c, 0x2a7d: 0x000c, 0x2a7e: 0x000c,
+	// Block 0xaa, offset 0x2a80
+	0x2a89: 0x000c, 0x2a8a: 0x000c, 0x2a8b: 0x000c,
+	0x2a8c: 0x000c,
+	// Block 0xab, offset 0x2ac0
+	0x2aef: 0x000c,
+	0x2af0: 0x000c, 0x2af1: 0x000c, 0x2af4: 0x000c,
+	0x2af6: 0x000c, 0x2af7: 0x000c,
+	0x2afe: 0x000c,
+	// Block 0xac, offset 0x2b00
+	0x2b1f: 0x000c, 0x2b23: 0x000c,
+	0x2b24: 0x000c, 0x2b25: 0x000c, 0x2b26: 0x000c, 0x2b27: 0x000c, 0x2b28: 0x000c, 0x2b29: 0x000c,
+	0x2b2a: 0x000c,
+	// Block 0xad, offset 0x2b40
+	0x2b40: 0x000c,
+	0x2b66: 0x000c, 0x2b67: 0x000c, 0x2b68: 0x000c, 0x2b69: 0x000c,
+	0x2b6a: 0x000c, 0x2b6b: 0x000c, 0x2b6c: 0x000c,
+	0x2b70: 0x000c, 0x2b71: 0x000c, 0x2b72: 0x000c, 0x2b73: 0x000c, 0x2b74: 0x000c,
+	// Block 0xae, offset 0x2b80
+	0x2bb8: 0x000c, 0x2bb9: 0x000c, 0x2bba: 0x000c, 0x2bbb: 0x000c,
+	0x2bbc: 0x000c, 0x2bbd: 0x000c, 0x2bbe: 0x000c, 0x2bbf: 0x000c,
+	// Block 0xaf, offset 0x2bc0
+	0x2bc2: 0x000c, 0x2bc3: 0x000c, 0x2bc4: 0x000c,
+	0x2bc6: 0x000c,
+	0x2bde: 0x000c,
+	// Block 0xb0, offset 0x2c00
+	0x2c33: 0x000c, 0x2c34: 0x000c, 0x2c35: 0x000c,
+	0x2c36: 0x000c, 0x2c37: 0x000c, 0x2c38: 0x000c, 0x2c3a: 0x000c,
+	0x2c3f: 0x000c,
+	// Block 0xb1, offset 0x2c40
+	0x2c40: 0x000c, 0x2c42: 0x000c, 0x2c43: 0x000c,
+	// Block 0xb2, offset 0x2c80
+	0x2cb2: 0x000c, 0x2cb3: 0x000c, 0x2cb4: 0x000c, 0x2cb5: 0x000c,
+	0x2cbc: 0x000c, 0x2cbd: 0x000c, 0x2cbf: 0x000c,
+	// Block 0xb3, offset 0x2cc0
+	0x2cc0: 0x000c,
+	0x2cdc: 0x000c, 0x2cdd: 0x000c,
+	// Block 0xb4, offset 0x2d00
+	0x2d33: 0x000c, 0x2d34: 0x000c, 0x2d35: 0x000c,
+	0x2d36: 0x000c, 0x2d37: 0x000c, 0x2d38: 0x000c, 0x2d39: 0x000c, 0x2d3a: 0x000c,
+	0x2d3d: 0x000c, 0x2d3f: 0x000c,
+	// Block 0xb5, offset 0x2d40
+	0x2d40: 0x000c,
+	0x2d60: 0x000a, 0x2d61: 0x000a, 0x2d62: 0x000a, 0x2d63: 0x000a,
+	0x2d64: 0x000a, 0x2d65: 0x000a, 0x2d66: 0x000a, 0x2d67: 0x000a, 0x2d68: 0x000a, 0x2d69: 0x000a,
+	0x2d6a: 0x000a, 0x2d6b: 0x000a, 0x2d6c: 0x000a,
+	// Block 0xb6, offset 0x2d80
+	0x2dab: 0x000c, 0x2dad: 0x000c,
+	0x2db0: 0x000c, 0x2db1: 0x000c, 0x2db2: 0x000c, 0x2db3: 0x000c, 0x2db4: 0x000c, 0x2db5: 0x000c,
+	0x2db7: 0x000c,
+	// Block 0xb7, offset 0x2dc0
+	0x2ddd: 0x000c,
+	0x2dde: 0x000c, 0x2ddf: 0x000c, 0x2de2: 0x000c, 0x2de3: 0x000c,
+	0x2de4: 0x000c, 0x2de5: 0x000c, 0x2de7: 0x000c, 0x2de8: 0x000c, 0x2de9: 0x000c,
+	0x2dea: 0x000c, 0x2deb: 0x000c,
+	// Block 0xb8, offset 0x2e00
+	0x2e2f: 0x000c,
+	0x2e30: 0x000c, 0x2e31: 0x000c, 0x2e32: 0x000c, 0x2e33: 0x000c, 0x2e34: 0x000c, 0x2e35: 0x000c,
+	0x2e36: 0x000c, 0x2e37: 0x000c, 0x2e39: 0x000c, 0x2e3a: 0x000c,
+	// Block 0xb9, offset 0x2e40
+	0x2e54: 0x000c, 0x2e55: 0x000c, 0x2e56: 0x000c, 0x2e57: 0x000c,
+	0x2e5a: 0x000c, 0x2e5b: 0x000c,
+	0x2e60: 0x000c,
+	// Block 0xba, offset 0x2e80
+	0x2e81: 0x000c, 0x2e82: 0x000c, 0x2e83: 0x000c, 0x2e84: 0x000c, 0x2e85: 0x000c,
+	0x2e86: 0x000c, 0x2e89: 0x000c, 0x2e8a: 0x000c,
+	0x2eb3: 0x000c, 0x2eb4: 0x000c, 0x2eb5: 0x000c,
+	0x2eb6: 0x000c, 0x2eb7: 0x000c, 0x2eb8: 0x000c, 0x2ebb: 0x000c,
+	0x2ebc: 0x000c, 0x2ebd: 0x000c, 0x2ebe: 0x000c,
+	// Block 0xbb, offset 0x2ec0
+	0x2ec7: 0x000c,
+	0x2ed1: 0x000c,
+	0x2ed2: 0x000c, 0x2ed3: 0x000c, 0x2ed4: 0x000c, 0x2ed5: 0x000c, 0x2ed6: 0x000c,
+	0x2ed9: 0x000c, 0x2eda: 0x000c, 0x2edb: 0x000c,
+	// Block 0xbc, offset 0x2f00
+	0x2f0a: 0x000c, 0x2f0b: 0x000c,
+	0x2f0c: 0x000c, 0x2f0d: 0x000c, 0x2f0e: 0x000c, 0x2f0f: 0x000c, 0x2f10: 0x000c, 0x2f11: 0x000c,
+	0x2f12: 0x000c, 0x2f13: 0x000c, 0x2f14: 0x000c, 0x2f15: 0x000c, 0x2f16: 0x000c,
+	0x2f18: 0x000c, 0x2f19: 0x000c,
+	// Block 0xbd, offset 0x2f40
+	0x2f70: 0x000c, 0x2f71: 0x000c, 0x2f72: 0x000c, 0x2f73: 0x000c, 0x2f74: 0x000c, 0x2f75: 0x000c,
+	0x2f76: 0x000c, 0x2f78: 0x000c, 0x2f79: 0x000c, 0x2f7a: 0x000c, 0x2f7b: 0x000c,
+	0x2f7c: 0x000c, 0x2f7d: 0x000c,
+	// Block 0xbe, offset 0x2f80
+	0x2f92: 0x000c, 0x2f93: 0x000c, 0x2f94: 0x000c, 0x2f95: 0x000c, 0x2f96: 0x000c, 0x2f97: 0x000c,
+	0x2f98: 0x000c, 0x2f99: 0x000c, 0x2f9a: 0x000c, 0x2f9b: 0x000c, 0x2f9c: 0x000c, 0x2f9d: 0x000c,
+	0x2f9e: 0x000c, 0x2f9f: 0x000c, 0x2fa0: 0x000c, 0x2fa1: 0x000c, 0x2fa2: 0x000c, 0x2fa3: 0x000c,
+	0x2fa4: 0x000c, 0x2fa5: 0x000c, 0x2fa6: 0x000c, 0x2fa7: 0x000c,
+	0x2faa: 0x000c, 0x2fab: 0x000c, 0x2fac: 0x000c, 0x2fad: 0x000c, 0x2fae: 0x000c, 0x2faf: 0x000c,
+	0x2fb0: 0x000c, 0x2fb2: 0x000c, 0x2fb3: 0x000c, 0x2fb5: 0x000c,
+	0x2fb6: 0x000c,
+	// Block 0xbf, offset 0x2fc0
+	0x2ff1: 0x000c, 0x2ff2: 0x000c, 0x2ff3: 0x000c, 0x2ff4: 0x000c, 0x2ff5: 0x000c,
+	0x2ff6: 0x000c, 0x2ffa: 0x000c,
+	0x2ffc: 0x000c, 0x2ffd: 0x000c, 0x2fff: 0x000c,
+	// Block 0xc0, offset 0x3000
+	0x3000: 0x000c, 0x3001: 0x000c, 0x3002: 0x000c, 0x3003: 0x000c, 0x3004: 0x000c, 0x3005: 0x000c,
+	0x3007: 0x000c,
+	// Block 0xc1, offset 0x3040
+	0x3050: 0x000c, 0x3051: 0x000c,
+	0x3055: 0x000c, 0x3057: 0x000c,
+	// Block 0xc2, offset 0x3080
+	0x30b3: 0x000c, 0x30b4: 0x000c,
+	// Block 0xc3, offset 0x30c0
+	0x30d5: 0x000a, 0x30d6: 0x000a, 0x30d7: 0x000a,
+	0x30d8: 0x000a, 0x30d9: 0x000a, 0x30da: 0x000a, 0x30db: 0x000a, 0x30dc: 0x000a, 0x30dd: 0x0004,
+	0x30de: 0x0004, 0x30df: 0x0004, 0x30e0: 0x0004, 0x30e1: 0x000a, 0x30e2: 0x000a, 0x30e3: 0x000a,
+	0x30e4: 0x000a, 0x30e5: 0x000a, 0x30e6: 0x000a, 0x30e7: 0x000a, 0x30e8: 0x000a, 0x30e9: 0x000a,
+	0x30ea: 0x000a, 0x30eb: 0x000a, 0x30ec: 0x000a, 0x30ed: 0x000a, 0x30ee: 0x000a, 0x30ef: 0x000a,
+	0x30f0: 0x000a, 0x30f1: 0x000a,
+	// Block 0xc4, offset 0x3100
+	0x3130: 0x000c, 0x3131: 0x000c, 0x3132: 0x000c, 0x3133: 0x000c, 0x3134: 0x000c,
+	// Block 0xc5, offset 0x3140
+	0x3170: 0x000c, 0x3171: 0x000c, 0x3172: 0x000c, 0x3173: 0x000c, 0x3174: 0x000c, 0x3175: 0x000c,
+	0x3176: 0x000c,
+	// Block 0xc6, offset 0x3180
+	0x318f: 0x000c,
+	// Block 0xc7, offset 0x31c0
+	0x31cf: 0x000c, 0x31d0: 0x000c, 0x31d1: 0x000c,
+	0x31d2: 0x000c,
+	// Block 0xc8, offset 0x3200
+	0x3222: 0x000a,
+	// Block 0xc9, offset 0x3240
+	0x325d: 0x000c,
+	0x325e: 0x000c, 0x3260: 0x000b, 0x3261: 0x000b, 0x3262: 0x000b, 0x3263: 0x000b,
+	// Block 0xca, offset 0x3280
+	0x32a7: 0x000c, 0x32a8: 0x000c, 0x32a9: 0x000c,
+	0x32b3: 0x000b, 0x32b4: 0x000b, 0x32b5: 0x000b,
+	0x32b6: 0x000b, 0x32b7: 0x000b, 0x32b8: 0x000b, 0x32b9: 0x000b, 0x32ba: 0x000b, 0x32bb: 0x000c,
+	0x32bc: 0x000c, 0x32bd: 0x000c, 0x32be: 0x000c, 0x32bf: 0x000c,
+	// Block 0xcb, offset 0x32c0
+	0x32c0: 0x000c, 0x32c1: 0x000c, 0x32c2: 0x000c, 0x32c5: 0x000c,
+	0x32c6: 0x000c, 0x32c7: 0x000c, 0x32c8: 0x000c, 0x32c9: 0x000c, 0x32ca: 0x000c, 0x32cb: 0x000c,
+	0x32ea: 0x000c, 0x32eb: 0x000c, 0x32ec: 0x000c, 0x32ed: 0x000c,
+	// Block 0xcc, offset 0x3300
+	0x3300: 0x000a, 0x3301: 0x000a, 0x3302: 0x000c, 0x3303: 0x000c, 0x3304: 0x000c, 0x3305: 0x000a,
+	// Block 0xcd, offset 0x3340
+	0x3340: 0x000a, 0x3341: 0x000a, 0x3342: 0x000a, 0x3343: 0x000a, 0x3344: 0x000a, 0x3345: 0x000a,
+	0x3346: 0x000a, 0x3347: 0x000a, 0x3348: 0x000a, 0x3349: 0x000a, 0x334a: 0x000a, 0x334b: 0x000a,
+	0x334c: 0x000a, 0x334d: 0x000a, 0x334e: 0x000a, 0x334f: 0x000a, 0x3350: 0x000a, 0x3351: 0x000a,
+	0x3352: 0x000a, 0x3353: 0x000a, 0x3354: 0x000a, 0x3355: 0x000a, 0x3356: 0x000a,
+	// Block 0xce, offset 0x3380
+	0x339b: 0x000a,
+	// Block 0xcf, offset 0x33c0
+	0x33d5: 0x000a,
+	// Block 0xd0, offset 0x3400
+	0x340f: 0x000a,
+	// Block 0xd1, offset 0x3440
+	0x3449: 0x000a,
+	// Block 0xd2, offset 0x3480
+	0x3483: 0x000a,
+	0x348e: 0x0002, 0x348f: 0x0002, 0x3490: 0x0002, 0x3491: 0x0002,
+	0x3492: 0x0002, 0x3493: 0x0002, 0x3494: 0x0002, 0x3495: 0x0002, 0x3496: 0x0002, 0x3497: 0x0002,
+	0x3498: 0x0002, 0x3499: 0x0002, 0x349a: 0x0002, 0x349b: 0x0002, 0x349c: 0x0002, 0x349d: 0x0002,
+	0x349e: 0x0002, 0x349f: 0x0002, 0x34a0: 0x0002, 0x34a1: 0x0002, 0x34a2: 0x0002, 0x34a3: 0x0002,
+	0x34a4: 0x0002, 0x34a5: 0x0002, 0x34a6: 0x0002, 0x34a7: 0x0002, 0x34a8: 0x0002, 0x34a9: 0x0002,
+	0x34aa: 0x0002, 0x34ab: 0x0002, 0x34ac: 0x0002, 0x34ad: 0x0002, 0x34ae: 0x0002, 0x34af: 0x0002,
+	0x34b0: 0x0002, 0x34b1: 0x0002, 0x34b2: 0x0002, 0x34b3: 0x0002, 0x34b4: 0x0002, 0x34b5: 0x0002,
+	0x34b6: 0x0002, 0x34b7: 0x0002, 0x34b8: 0x0002, 0x34b9: 0x0002, 0x34ba: 0x0002, 0x34bb: 0x0002,
+	0x34bc: 0x0002, 0x34bd: 0x0002, 0x34be: 0x0002, 0x34bf: 0x0002,
+	// Block 0xd3, offset 0x34c0
+	0x34c0: 0x000c, 0x34c1: 0x000c, 0x34c2: 0x000c, 0x34c3: 0x000c, 0x34c4: 0x000c, 0x34c5: 0x000c,
+	0x34c6: 0x000c, 0x34c7: 0x000c, 0x34c8: 0x000c, 0x34c9: 0x000c, 0x34ca: 0x000c, 0x34cb: 0x000c,
+	0x34cc: 0x000c, 0x34cd: 0x000c, 0x34ce: 0x000c, 0x34cf: 0x000c, 0x34d0: 0x000c, 0x34d1: 0x000c,
+	0x34d2: 0x000c, 0x34d3: 0x000c, 0x34d4: 0x000c, 0x34d5: 0x000c, 0x34d6: 0x000c, 0x34d7: 0x000c,
+	0x34d8: 0x000c, 0x34d9: 0x000c, 0x34da: 0x000c, 0x34db: 0x000c, 0x34dc: 0x000c, 0x34dd: 0x000c,
+	0x34de: 0x000c, 0x34df: 0x000c, 0x34e0: 0x000c, 0x34e1: 0x000c, 0x34e2: 0x000c, 0x34e3: 0x000c,
+	0x34e4: 0x000c, 0x34e5: 0x000c, 0x34e6: 0x000c, 0x34e7: 0x000c, 0x34e8: 0x000c, 0x34e9: 0x000c,
+	0x34ea: 0x000c, 0x34eb: 0x000c, 0x34ec: 0x000c, 0x34ed: 0x000c, 0x34ee: 0x000c, 0x34ef: 0x000c,
+	0x34f0: 0x000c, 0x34f1: 0x000c, 0x34f2: 0x000c, 0x34f3: 0x000c, 0x34f4: 0x000c, 0x34f5: 0x000c,
+	0x34f6: 0x000c, 0x34fb: 0x000c,
+	0x34fc: 0x000c, 0x34fd: 0x000c, 0x34fe: 0x000c, 0x34ff: 0x000c,
+	// Block 0xd4, offset 0x3500
+	0x3500: 0x000c, 0x3501: 0x000c, 0x3502: 0x000c, 0x3503: 0x000c, 0x3504: 0x000c, 0x3505: 0x000c,
+	0x3506: 0x000c, 0x3507: 0x000c, 0x3508: 0x000c, 0x3509: 0x000c, 0x350a: 0x000c, 0x350b: 0x000c,
+	0x350c: 0x000c, 0x350d: 0x000c, 0x350e: 0x000c, 0x350f: 0x000c, 0x3510: 0x000c, 0x3511: 0x000c,
+	0x3512: 0x000c, 0x3513: 0x000c, 0x3514: 0x000c, 0x3515: 0x000c, 0x3516: 0x000c, 0x3517: 0x000c,
+	0x3518: 0x000c, 0x3519: 0x000c, 0x351a: 0x000c, 0x351b: 0x000c, 0x351c: 0x000c, 0x351d: 0x000c,
+	0x351e: 0x000c, 0x351f: 0x000c, 0x3520: 0x000c, 0x3521: 0x000c, 0x3522: 0x000c, 0x3523: 0x000c,
+	0x3524: 0x000c, 0x3525: 0x000c, 0x3526: 0x000c, 0x3527: 0x000c, 0x3528: 0x000c, 0x3529: 0x000c,
+	0x352a: 0x000c, 0x352b: 0x000c, 0x352c: 0x000c,
+	0x3535: 0x000c,
+	// Block 0xd5, offset 0x3540
+	0x3544: 0x000c,
+	0x355b: 0x000c, 0x355c: 0x000c, 0x355d: 0x000c,
+	0x355e: 0x000c, 0x355f: 0x000c, 0x3561: 0x000c, 0x3562: 0x000c, 0x3563: 0x000c,
+	0x3564: 0x000c, 0x3565: 0x000c, 0x3566: 0x000c, 0x3567: 0x000c, 0x3568: 0x000c, 0x3569: 0x000c,
+	0x356a: 0x000c, 0x356b: 0x000c, 0x356c: 0x000c, 0x356d: 0x000c, 0x356e: 0x000c, 0x356f: 0x000c,
+	// Block 0xd6, offset 0x3580
+	0x3580: 0x000c, 0x3581: 0x000c, 0x3582: 0x000c, 0x3583: 0x000c, 0x3584: 0x000c, 0x3585: 0x000c,
+	0x3586: 0x000c, 0x3588: 0x000c, 0x3589: 0x000c, 0x358a: 0x000c, 0x358b: 0x000c,
+	0x358c: 0x000c, 0x358d: 0x000c, 0x358e: 0x000c, 0x358f: 0x000c, 0x3590: 0x000c, 0x3591: 0x000c,
+	0x3592: 0x000c, 0x3593: 0x000c, 0x3594: 0x000c, 0x3595: 0x000c, 0x3596: 0x000c, 0x3597: 0x000c,
+	0x3598: 0x000c, 0x359b: 0x000c, 0x359c: 0x000c, 0x359d: 0x000c,
+	0x359e: 0x000c, 0x359f: 0x000c, 0x35a0: 0x000c, 0x35a1: 0x000c, 0x35a3: 0x000c,
+	0x35a4: 0x000c, 0x35a6: 0x000c, 0x35a7: 0x000c, 0x35a8: 0x000c, 0x35a9: 0x000c,
+	0x35aa: 0x000c,
+	// Block 0xd7, offset 0x35c0
+	0x35ec: 0x000c, 0x35ed: 0x000c, 0x35ee: 0x000c, 0x35ef: 0x000c,
+	0x35ff: 0x0004,
+	// Block 0xd8, offset 0x3600
+	0x3600: 0x0001, 0x3601: 0x0001, 0x3602: 0x0001, 0x3603: 0x0001, 0x3604: 0x0001, 0x3605: 0x0001,
+	0x3606: 0x0001, 0x3607: 0x0001, 0x3608: 0x0001, 0x3609: 0x0001, 0x360a: 0x0001, 0x360b: 0x0001,
+	0x360c: 0x0001, 0x360d: 0x0001, 0x360e: 0x0001, 0x360f: 0x0001, 0x3610: 0x000c, 0x3611: 0x000c,
+	0x3612: 0x000c, 0x3613: 0x000c, 0x3614: 0x000c, 0x3615: 0x000c, 0x3616: 0x000c, 0x3617: 0x0001,
+	0x3618: 0x0001, 0x3619: 0x0001, 0x361a: 0x0001, 0x361b: 0x0001, 0x361c: 0x0001, 0x361d: 0x0001,
+	0x361e: 0x0001, 0x361f: 0x0001, 0x3620: 0x0001, 0x3621: 0x0001, 0x3622: 0x0001, 0x3623: 0x0001,
+	0x3624: 0x0001, 0x3625: 0x0001, 0x3626: 0x0001, 0x3627: 0x0001, 0x3628: 0x0001, 0x3629: 0x0001,
+	0x362a: 0x0001, 0x362b: 0x0001, 0x362c: 0x0001, 0x362d: 0x0001, 0x362e: 0x0001, 0x362f: 0x0001,
+	0x3630: 0x0001, 0x3631: 0x0001, 0x3632: 0x0001, 0x3633: 0x0001, 0x3634: 0x0001, 0x3635: 0x0001,
+	0x3636: 0x0001, 0x3637: 0x0001, 0x3638: 0x0001, 0x3639: 0x0001, 0x363a: 0x0001, 0x363b: 0x0001,
+	0x363c: 0x0001, 0x363d: 0x0001, 0x363e: 0x0001, 0x363f: 0x0001,
+	// Block 0xd9, offset 0x3640
+	0x3640: 0x0001, 0x3641: 0x0001, 0x3642: 0x0001, 0x3643: 0x0001, 0x3644: 0x000c, 0x3645: 0x000c,
+	0x3646: 0x000c, 0x3647: 0x000c, 0x3648: 0x000c, 0x3649: 0x000c, 0x364a: 0x000c, 0x364b: 0x0001,
+	0x364c: 0x0001, 0x364d: 0x0001, 0x364e: 0x0001, 0x364f: 0x0001, 0x3650: 0x0001, 0x3651: 0x0001,
+	0x3652: 0x0001, 0x3653: 0x0001, 0x3654: 0x0001, 0x3655: 0x0001, 0x3656: 0x0001, 0x3657: 0x0001,
+	0x3658: 0x0001, 0x3659: 0x0001, 0x365a: 0x0001, 0x365b: 0x0001, 0x365c: 0x0001, 0x365d: 0x0001,
+	0x365e: 0x0001, 0x365f: 0x0001, 0x3660: 0x0001, 0x3661: 0x0001, 0x3662: 0x0001, 0x3663: 0x0001,
+	0x3664: 0x0001, 0x3665: 0x0001, 0x3666: 0x0001, 0x3667: 0x0001, 0x3668: 0x0001, 0x3669: 0x0001,
+	0x366a: 0x0001, 0x366b: 0x0001, 0x366c: 0x0001, 0x366d: 0x0001, 0x366e: 0x0001, 0x366f: 0x0001,
+	0x3670: 0x0001, 0x3671: 0x0001, 0x3672: 0x0001, 0x3673: 0x0001, 0x3674: 0x0001, 0x3675: 0x0001,
+	0x3676: 0x0001, 0x3677: 0x0001, 0x3678: 0x0001, 0x3679: 0x0001, 0x367a: 0x0001, 0x367b: 0x0001,
+	0x367c: 0x0001, 0x367d: 0x0001, 0x367e: 0x0001, 0x367f: 0x0001,
+	// Block 0xda, offset 0x3680
+	0x3680: 0x000d, 0x3681: 0x000d, 0x3682: 0x000d, 0x3683: 0x000d, 0x3684: 0x000d, 0x3685: 0x000d,
+	0x3686: 0x000d, 0x3687: 0x000d, 0x3688: 0x000d, 0x3689: 0x000d, 0x368a: 0x000d, 0x368b: 0x000d,
+	0x368c: 0x000d, 0x368d: 0x000d, 0x368e: 0x000d, 0x368f: 0x000d, 0x3690: 0x0001, 0x3691: 0x0001,
+	0x3692: 0x0001, 0x3693: 0x0001, 0x3694: 0x0001, 0x3695: 0x0001, 0x3696: 0x0001, 0x3697: 0x0001,
+	0x3698: 0x0001, 0x3699: 0x0001, 0x369a: 0x0001, 0x369b: 0x0001, 0x369c: 0x0001, 0x369d: 0x0001,
+	0x369e: 0x0001, 0x369f: 0x0001, 0x36a0: 0x0001, 0x36a1: 0x0001, 0x36a2: 0x0001, 0x36a3: 0x0001,
+	0x36a4: 0x0001, 0x36a5: 0x0001, 0x36a6: 0x0001, 0x36a7: 0x0001, 0x36a8: 0x0001, 0x36a9: 0x0001,
+	0x36aa: 0x0001, 0x36ab: 0x0001, 0x36ac: 0x0001, 0x36ad: 0x0001, 0x36ae: 0x0001, 0x36af: 0x0001,
+	0x36b0: 0x0001, 0x36b1: 0x0001, 0x36b2: 0x0001, 0x36b3: 0x0001, 0x36b4: 0x0001, 0x36b5: 0x0001,
+	0x36b6: 0x0001, 0x36b7: 0x0001, 0x36b8: 0x0001, 0x36b9: 0x0001, 0x36ba: 0x0001, 0x36bb: 0x0001,
+	0x36bc: 0x0001, 0x36bd: 0x0001, 0x36be: 0x0001, 0x36bf: 0x0001,
+	// Block 0xdb, offset 0x36c0
+	0x36c0: 0x000d, 0x36c1: 0x000d, 0x36c2: 0x000d, 0x36c3: 0x000d, 0x36c4: 0x000d, 0x36c5: 0x000d,
+	0x36c6: 0x000d, 0x36c7: 0x000d, 0x36c8: 0x000d, 0x36c9: 0x000d, 0x36ca: 0x000d, 0x36cb: 0x000d,
+	0x36cc: 0x000d, 0x36cd: 0x000d, 0x36ce: 0x000d, 0x36cf: 0x000d, 0x36d0: 0x000d, 0x36d1: 0x000d,
+	0x36d2: 0x000d, 0x36d3: 0x000d, 0x36d4: 0x000d, 0x36d5: 0x000d, 0x36d6: 0x000d, 0x36d7: 0x000d,
+	0x36d8: 0x000d, 0x36d9: 0x000d, 0x36da: 0x000d, 0x36db: 0x000d, 0x36dc: 0x000d, 0x36dd: 0x000d,
+	0x36de: 0x000d, 0x36df: 0x000d, 0x36e0: 0x000d, 0x36e1: 0x000d, 0x36e2: 0x000d, 0x36e3: 0x000d,
+	0x36e4: 0x000d, 0x36e5: 0x000d, 0x36e6: 0x000d, 0x36e7: 0x000d, 0x36e8: 0x000d, 0x36e9: 0x000d,
+	0x36ea: 0x000d, 0x36eb: 0x000d, 0x36ec: 0x000d, 0x36ed: 0x000d, 0x36ee: 0x000d, 0x36ef: 0x000d,
+	0x36f0: 0x000a, 0x36f1: 0x000a, 0x36f2: 0x000d, 0x36f3: 0x000d, 0x36f4: 0x000d, 0x36f5: 0x000d,
+	0x36f6: 0x000d, 0x36f7: 0x000d, 0x36f8: 0x000d, 0x36f9: 0x000d, 0x36fa: 0x000d, 0x36fb: 0x000d,
+	0x36fc: 0x000d, 0x36fd: 0x000d, 0x36fe: 0x000d, 0x36ff: 0x000d,
+	// Block 0xdc, offset 0x3700
+	0x3700: 0x000a, 0x3701: 0x000a, 0x3702: 0x000a, 0x3703: 0x000a, 0x3704: 0x000a, 0x3705: 0x000a,
+	0x3706: 0x000a, 0x3707: 0x000a, 0x3708: 0x000a, 0x3709: 0x000a, 0x370a: 0x000a, 0x370b: 0x000a,
+	0x370c: 0x000a, 0x370d: 0x000a, 0x370e: 0x000a, 0x370f: 0x000a, 0x3710: 0x000a, 0x3711: 0x000a,
+	0x3712: 0x000a, 0x3713: 0x000a, 0x3714: 0x000a, 0x3715: 0x000a, 0x3716: 0x000a, 0x3717: 0x000a,
+	0x3718: 0x000a, 0x3719: 0x000a, 0x371a: 0x000a, 0x371b: 0x000a, 0x371c: 0x000a, 0x371d: 0x000a,
+	0x371e: 0x000a, 0x371f: 0x000a, 0x3720: 0x000a, 0x3721: 0x000a, 0x3722: 0x000a, 0x3723: 0x000a,
+	0x3724: 0x000a, 0x3725: 0x000a, 0x3726: 0x000a, 0x3727: 0x000a, 0x3728: 0x000a, 0x3729: 0x000a,
+	0x372a: 0x000a, 0x372b: 0x000a,
+	0x3730: 0x000a, 0x3731: 0x000a, 0x3732: 0x000a, 0x3733: 0x000a, 0x3734: 0x000a, 0x3735: 0x000a,
+	0x3736: 0x000a, 0x3737: 0x000a, 0x3738: 0x000a, 0x3739: 0x000a, 0x373a: 0x000a, 0x373b: 0x000a,
+	0x373c: 0x000a, 0x373d: 0x000a, 0x373e: 0x000a, 0x373f: 0x000a,
+	// Block 0xdd, offset 0x3740
+	0x3740: 0x000a, 0x3741: 0x000a, 0x3742: 0x000a, 0x3743: 0x000a, 0x3744: 0x000a, 0x3745: 0x000a,
+	0x3746: 0x000a, 0x3747: 0x000a, 0x3748: 0x000a, 0x3749: 0x000a, 0x374a: 0x000a, 0x374b: 0x000a,
+	0x374c: 0x000a, 0x374d: 0x000a, 0x374e: 0x000a, 0x374f: 0x000a, 0x3750: 0x000a, 0x3751: 0x000a,
+	0x3752: 0x000a, 0x3753: 0x000a,
+	0x3760: 0x000a, 0x3761: 0x000a, 0x3762: 0x000a, 0x3763: 0x000a,
+	0x3764: 0x000a, 0x3765: 0x000a, 0x3766: 0x000a, 0x3767: 0x000a, 0x3768: 0x000a, 0x3769: 0x000a,
+	0x376a: 0x000a, 0x376b: 0x000a, 0x376c: 0x000a, 0x376d: 0x000a, 0x376e: 0x000a,
+	0x3771: 0x000a, 0x3772: 0x000a, 0x3773: 0x000a, 0x3774: 0x000a, 0x3775: 0x000a,
+	0x3776: 0x000a, 0x3777: 0x000a, 0x3778: 0x000a, 0x3779: 0x000a, 0x377a: 0x000a, 0x377b: 0x000a,
+	0x377c: 0x000a, 0x377d: 0x000a, 0x377e: 0x000a, 0x377f: 0x000a,
+	// Block 0xde, offset 0x3780
+	0x3781: 0x000a, 0x3782: 0x000a, 0x3783: 0x000a, 0x3784: 0x000a, 0x3785: 0x000a,
+	0x3786: 0x000a, 0x3787: 0x000a, 0x3788: 0x000a, 0x3789: 0x000a, 0x378a: 0x000a, 0x378b: 0x000a,
+	0x378c: 0x000a, 0x378d: 0x000a, 0x378e: 0x000a, 0x378f: 0x000a, 0x3791: 0x000a,
+	0x3792: 0x000a, 0x3793: 0x000a, 0x3794: 0x000a, 0x3795: 0x000a, 0x3796: 0x000a, 0x3797: 0x000a,
+	0x3798: 0x000a, 0x3799: 0x000a, 0x379a: 0x000a, 0x379b: 0x000a, 0x379c: 0x000a, 0x379d: 0x000a,
+	0x379e: 0x000a, 0x379f: 0x000a, 0x37a0: 0x000a, 0x37a1: 0x000a, 0x37a2: 0x000a, 0x37a3: 0x000a,
+	0x37a4: 0x000a, 0x37a5: 0x000a, 0x37a6: 0x000a, 0x37a7: 0x000a, 0x37a8: 0x000a, 0x37a9: 0x000a,
+	0x37aa: 0x000a, 0x37ab: 0x000a, 0x37ac: 0x000a, 0x37ad: 0x000a, 0x37ae: 0x000a, 0x37af: 0x000a,
+	0x37b0: 0x000a, 0x37b1: 0x000a, 0x37b2: 0x000a, 0x37b3: 0x000a, 0x37b4: 0x000a, 0x37b5: 0x000a,
+	// Block 0xdf, offset 0x37c0
+	0x37c0: 0x0002, 0x37c1: 0x0002, 0x37c2: 0x0002, 0x37c3: 0x0002, 0x37c4: 0x0002, 0x37c5: 0x0002,
+	0x37c6: 0x0002, 0x37c7: 0x0002, 0x37c8: 0x0002, 0x37c9: 0x0002, 0x37ca: 0x0002, 0x37cb: 0x000a,
+	0x37cc: 0x000a,
+	0x37ef: 0x000a,
+	// Block 0xe0, offset 0x3800
+	0x382a: 0x000a, 0x382b: 0x000a, 0x382c: 0x000a,
+	// Block 0xe1, offset 0x3840
+	0x3860: 0x000a, 0x3861: 0x000a, 0x3862: 0x000a, 0x3863: 0x000a,
+	0x3864: 0x000a, 0x3865: 0x000a,
+	// Block 0xe2, offset 0x3880
+	0x3880: 0x000a, 0x3881: 0x000a, 0x3882: 0x000a, 0x3883: 0x000a, 0x3884: 0x000a, 0x3885: 0x000a,
+	0x3886: 0x000a, 0x3887: 0x000a, 0x3888: 0x000a, 0x3889: 0x000a, 0x388a: 0x000a, 0x388b: 0x000a,
+	0x388c: 0x000a, 0x388d: 0x000a, 0x388e: 0x000a, 0x388f: 0x000a, 0x3890: 0x000a, 0x3891: 0x000a,
+	0x3892: 0x000a, 0x3893: 0x000a, 0x3894: 0x000a, 0x3895: 0x000a,
+	0x38a0: 0x000a, 0x38a1: 0x000a, 0x38a2: 0x000a, 0x38a3: 0x000a,
+	0x38a4: 0x000a, 0x38a5: 0x000a, 0x38a6: 0x000a, 0x38a7: 0x000a, 0x38a8: 0x000a, 0x38a9: 0x000a,
+	0x38aa: 0x000a, 0x38ab: 0x000a, 0x38ac: 0x000a,
+	0x38b0: 0x000a, 0x38b1: 0x000a, 0x38b2: 0x000a, 0x38b3: 0x000a, 0x38b4: 0x000a, 0x38b5: 0x000a,
+	0x38b6: 0x000a, 0x38b7: 0x000a, 0x38b8: 0x000a, 0x38b9: 0x000a, 0x38ba: 0x000a,
+	// Block 0xe3, offset 0x38c0
+	0x38c0: 0x000a, 0x38c1: 0x000a, 0x38c2: 0x000a, 0x38c3: 0x000a, 0x38c4: 0x000a, 0x38c5: 0x000a,
+	0x38c6: 0x000a, 0x38c7: 0x000a, 0x38c8: 0x000a, 0x38c9: 0x000a, 0x38ca: 0x000a, 0x38cb: 0x000a,
+	0x38cc: 0x000a, 0x38cd: 0x000a, 0x38ce: 0x000a, 0x38cf: 0x000a, 0x38d0: 0x000a, 0x38d1: 0x000a,
+	0x38d2: 0x000a, 0x38d3: 0x000a, 0x38d4: 0x000a, 0x38d5: 0x000a, 0x38d6: 0x000a, 0x38d7: 0x000a,
+	0x38d8: 0x000a,
+	0x38e0: 0x000a, 0x38e1: 0x000a, 0x38e2: 0x000a, 0x38e3: 0x000a,
+	0x38e4: 0x000a, 0x38e5: 0x000a, 0x38e6: 0x000a, 0x38e7: 0x000a, 0x38e8: 0x000a, 0x38e9: 0x000a,
+	0x38ea: 0x000a, 0x38eb: 0x000a,
+	// Block 0xe4, offset 0x3900
+	0x3900: 0x000a, 0x3901: 0x000a, 0x3902: 0x000a, 0x3903: 0x000a, 0x3904: 0x000a, 0x3905: 0x000a,
+	0x3906: 0x000a, 0x3907: 0x000a, 0x3908: 0x000a, 0x3909: 0x000a, 0x390a: 0x000a, 0x390b: 0x000a,
+	0x3910: 0x000a, 0x3911: 0x000a,
+	0x3912: 0x000a, 0x3913: 0x000a, 0x3914: 0x000a, 0x3915: 0x000a, 0x3916: 0x000a, 0x3917: 0x000a,
+	0x3918: 0x000a, 0x3919: 0x000a, 0x391a: 0x000a, 0x391b: 0x000a, 0x391c: 0x000a, 0x391d: 0x000a,
+	0x391e: 0x000a, 0x391f: 0x000a, 0x3920: 0x000a, 0x3921: 0x000a, 0x3922: 0x000a, 0x3923: 0x000a,
+	0x3924: 0x000a, 0x3925: 0x000a, 0x3926: 0x000a, 0x3927: 0x000a, 0x3928: 0x000a, 0x3929: 0x000a,
+	0x392a: 0x000a, 0x392b: 0x000a, 0x392c: 0x000a, 0x392d: 0x000a, 0x392e: 0x000a, 0x392f: 0x000a,
+	0x3930: 0x000a, 0x3931: 0x000a, 0x3932: 0x000a, 0x3933: 0x000a, 0x3934: 0x000a, 0x3935: 0x000a,
+	0x3936: 0x000a, 0x3937: 0x000a, 0x3938: 0x000a, 0x3939: 0x000a, 0x393a: 0x000a, 0x393b: 0x000a,
+	0x393c: 0x000a, 0x393d: 0x000a, 0x393e: 0x000a, 0x393f: 0x000a,
+	// Block 0xe5, offset 0x3940
+	0x3940: 0x000a, 0x3941: 0x000a, 0x3942: 0x000a, 0x3943: 0x000a, 0x3944: 0x000a, 0x3945: 0x000a,
+	0x3946: 0x000a, 0x3947: 0x000a,
+	0x3950: 0x000a, 0x3951: 0x000a,
+	0x3952: 0x000a, 0x3953: 0x000a, 0x3954: 0x000a, 0x3955: 0x000a, 0x3956: 0x000a, 0x3957: 0x000a,
+	0x3958: 0x000a, 0x3959: 0x000a,
+	0x3960: 0x000a, 0x3961: 0x000a, 0x3962: 0x000a, 0x3963: 0x000a,
+	0x3964: 0x000a, 0x3965: 0x000a, 0x3966: 0x000a, 0x3967: 0x000a, 0x3968: 0x000a, 0x3969: 0x000a,
+	0x396a: 0x000a, 0x396b: 0x000a, 0x396c: 0x000a, 0x396d: 0x000a, 0x396e: 0x000a, 0x396f: 0x000a,
+	0x3970: 0x000a, 0x3971: 0x000a, 0x3972: 0x000a, 0x3973: 0x000a, 0x3974: 0x000a, 0x3975: 0x000a,
+	0x3976: 0x000a, 0x3977: 0x000a, 0x3978: 0x000a, 0x3979: 0x000a, 0x397a: 0x000a, 0x397b: 0x000a,
+	0x397c: 0x000a, 0x397d: 0x000a, 0x397e: 0x000a, 0x397f: 0x000a,
+	// Block 0xe6, offset 0x3980
+	0x3980: 0x000a, 0x3981: 0x000a, 0x3982: 0x000a, 0x3983: 0x000a, 0x3984: 0x000a, 0x3985: 0x000a,
+	0x3986: 0x000a, 0x3987: 0x000a,
+	0x3990: 0x000a, 0x3991: 0x000a,
+	0x3992: 0x000a, 0x3993: 0x000a, 0x3994: 0x000a, 0x3995: 0x000a, 0x3996: 0x000a, 0x3997: 0x000a,
+	0x3998: 0x000a, 0x3999: 0x000a, 0x399a: 0x000a, 0x399b: 0x000a, 0x399c: 0x000a, 0x399d: 0x000a,
+	0x399e: 0x000a, 0x399f: 0x000a, 0x39a0: 0x000a, 0x39a1: 0x000a, 0x39a2: 0x000a, 0x39a3: 0x000a,
+	0x39a4: 0x000a, 0x39a5: 0x000a, 0x39a6: 0x000a, 0x39a7: 0x000a, 0x39a8: 0x000a, 0x39a9: 0x000a,
+	0x39aa: 0x000a, 0x39ab: 0x000a, 0x39ac: 0x000a, 0x39ad: 0x000a,
+	// Block 0xe7, offset 0x39c0
+	0x39c0: 0x000a, 0x39c1: 0x000a, 0x39c2: 0x000a, 0x39c3: 0x000a, 0x39c4: 0x000a, 0x39c5: 0x000a,
+	0x39c6: 0x000a, 0x39c7: 0x000a, 0x39c8: 0x000a, 0x39c9: 0x000a, 0x39ca: 0x000a, 0x39cb: 0x000a,
+	0x39cd: 0x000a, 0x39ce: 0x000a, 0x39cf: 0x000a, 0x39d0: 0x000a, 0x39d1: 0x000a,
+	0x39d2: 0x000a, 0x39d3: 0x000a, 0x39d4: 0x000a, 0x39d5: 0x000a, 0x39d6: 0x000a, 0x39d7: 0x000a,
+	0x39d8: 0x000a, 0x39d9: 0x000a, 0x39da: 0x000a, 0x39db: 0x000a, 0x39dc: 0x000a, 0x39dd: 0x000a,
+	0x39de: 0x000a, 0x39df: 0x000a, 0x39e0: 0x000a, 0x39e1: 0x000a, 0x39e2: 0x000a, 0x39e3: 0x000a,
+	0x39e4: 0x000a, 0x39e5: 0x000a, 0x39e6: 0x000a, 0x39e7: 0x000a, 0x39e8: 0x000a, 0x39e9: 0x000a,
+	0x39ea: 0x000a, 0x39eb: 0x000a, 0x39ec: 0x000a, 0x39ed: 0x000a, 0x39ee: 0x000a, 0x39ef: 0x000a,
+	0x39f0: 0x000a, 0x39f1: 0x000a, 0x39f2: 0x000a, 0x39f3: 0x000a, 0x39f4: 0x000a, 0x39f5: 0x000a,
+	0x39f6: 0x000a, 0x39f7: 0x000a, 0x39f8: 0x000a, 0x39f9: 0x000a, 0x39fa: 0x000a, 0x39fb: 0x000a,
+	0x39fc: 0x000a, 0x39fd: 0x000a, 0x39fe: 0x000a, 0x39ff: 0x000a,
+	// Block 0xe8, offset 0x3a00
+	0x3a00: 0x000a, 0x3a01: 0x000a, 0x3a02: 0x000a, 0x3a03: 0x000a, 0x3a04: 0x000a, 0x3a05: 0x000a,
+	0x3a06: 0x000a, 0x3a07: 0x000a, 0x3a08: 0x000a, 0x3a09: 0x000a, 0x3a0a: 0x000a, 0x3a0b: 0x000a,
+	0x3a0c: 0x000a, 0x3a0d: 0x000a, 0x3a0e: 0x000a, 0x3a0f: 0x000a, 0x3a10: 0x000a, 0x3a11: 0x000a,
+	0x3a12: 0x000a, 0x3a13: 0x000a, 0x3a14: 0x000a, 0x3a15: 0x000a, 0x3a16: 0x000a, 0x3a17: 0x000a,
+	0x3a18: 0x000a, 0x3a19: 0x000a, 0x3a1a: 0x000a, 0x3a1b: 0x000a, 0x3a1c: 0x000a, 0x3a1d: 0x000a,
+	0x3a1e: 0x000a, 0x3a1f: 0x000a, 0x3a20: 0x000a, 0x3a21: 0x000a, 0x3a22: 0x000a, 0x3a23: 0x000a,
+	0x3a24: 0x000a, 0x3a25: 0x000a, 0x3a26: 0x000a, 0x3a27: 0x000a, 0x3a28: 0x000a, 0x3a29: 0x000a,
+	0x3a2a: 0x000a, 0x3a2b: 0x000a, 0x3a2c: 0x000a, 0x3a2d: 0x000a, 0x3a2e: 0x000a, 0x3a2f: 0x000a,
+	0x3a30: 0x000a, 0x3a31: 0x000a, 0x3a33: 0x000a, 0x3a34: 0x000a, 0x3a35: 0x000a,
+	0x3a36: 0x000a, 0x3a3a: 0x000a, 0x3a3b: 0x000a,
+	0x3a3c: 0x000a, 0x3a3d: 0x000a, 0x3a3e: 0x000a, 0x3a3f: 0x000a,
+	// Block 0xe9, offset 0x3a40
+	0x3a40: 0x000a, 0x3a41: 0x000a, 0x3a42: 0x000a, 0x3a43: 0x000a, 0x3a44: 0x000a, 0x3a45: 0x000a,
+	0x3a46: 0x000a, 0x3a47: 0x000a, 0x3a48: 0x000a, 0x3a49: 0x000a, 0x3a4a: 0x000a, 0x3a4b: 0x000a,
+	0x3a4c: 0x000a, 0x3a4d: 0x000a, 0x3a4e: 0x000a, 0x3a4f: 0x000a, 0x3a50: 0x000a, 0x3a51: 0x000a,
+	0x3a52: 0x000a, 0x3a53: 0x000a, 0x3a54: 0x000a, 0x3a55: 0x000a, 0x3a56: 0x000a, 0x3a57: 0x000a,
+	0x3a58: 0x000a, 0x3a59: 0x000a, 0x3a5a: 0x000a, 0x3a5b: 0x000a, 0x3a5c: 0x000a, 0x3a5d: 0x000a,
+	0x3a5e: 0x000a, 0x3a5f: 0x000a, 0x3a60: 0x000a, 0x3a61: 0x000a, 0x3a62: 0x000a,
+	0x3a65: 0x000a, 0x3a66: 0x000a, 0x3a67: 0x000a, 0x3a68: 0x000a, 0x3a69: 0x000a,
+	0x3a6a: 0x000a, 0x3a6e: 0x000a, 0x3a6f: 0x000a,
+	0x3a70: 0x000a, 0x3a71: 0x000a, 0x3a72: 0x000a, 0x3a73: 0x000a, 0x3a74: 0x000a, 0x3a75: 0x000a,
+	0x3a76: 0x000a, 0x3a77: 0x000a, 0x3a78: 0x000a, 0x3a79: 0x000a, 0x3a7a: 0x000a, 0x3a7b: 0x000a,
+	0x3a7c: 0x000a, 0x3a7d: 0x000a, 0x3a7e: 0x000a, 0x3a7f: 0x000a,
+	// Block 0xea, offset 0x3a80
+	0x3a80: 0x000a, 0x3a81: 0x000a, 0x3a82: 0x000a, 0x3a83: 0x000a, 0x3a84: 0x000a, 0x3a85: 0x000a,
+	0x3a86: 0x000a, 0x3a87: 0x000a, 0x3a88: 0x000a, 0x3a89: 0x000a, 0x3a8a: 0x000a,
+	0x3a8d: 0x000a, 0x3a8e: 0x000a, 0x3a8f: 0x000a, 0x3a90: 0x000a, 0x3a91: 0x000a,
+	0x3a92: 0x000a, 0x3a93: 0x000a, 0x3a94: 0x000a, 0x3a95: 0x000a, 0x3a96: 0x000a, 0x3a97: 0x000a,
+	0x3a98: 0x000a, 0x3a99: 0x000a, 0x3a9a: 0x000a, 0x3a9b: 0x000a, 0x3a9c: 0x000a, 0x3a9d: 0x000a,
+	0x3a9e: 0x000a, 0x3a9f: 0x000a, 0x3aa0: 0x000a, 0x3aa1: 0x000a, 0x3aa2: 0x000a, 0x3aa3: 0x000a,
+	0x3aa4: 0x000a, 0x3aa5: 0x000a, 0x3aa6: 0x000a, 0x3aa7: 0x000a, 0x3aa8: 0x000a, 0x3aa9: 0x000a,
+	0x3aaa: 0x000a, 0x3aab: 0x000a, 0x3aac: 0x000a, 0x3aad: 0x000a, 0x3aae: 0x000a, 0x3aaf: 0x000a,
+	0x3ab0: 0x000a, 0x3ab1: 0x000a, 0x3ab2: 0x000a, 0x3ab3: 0x000a, 0x3ab4: 0x000a, 0x3ab5: 0x000a,
+	0x3ab6: 0x000a, 0x3ab7: 0x000a, 0x3ab8: 0x000a, 0x3ab9: 0x000a, 0x3aba: 0x000a, 0x3abb: 0x000a,
+	0x3abc: 0x000a, 0x3abd: 0x000a, 0x3abe: 0x000a, 0x3abf: 0x000a,
+	// Block 0xeb, offset 0x3ac0
+	0x3ac0: 0x000a, 0x3ac1: 0x000a, 0x3ac2: 0x000a, 0x3ac3: 0x000a, 0x3ac4: 0x000a, 0x3ac5: 0x000a,
+	0x3ac6: 0x000a, 0x3ac7: 0x000a, 0x3ac8: 0x000a, 0x3ac9: 0x000a, 0x3aca: 0x000a, 0x3acb: 0x000a,
+	0x3acc: 0x000a, 0x3acd: 0x000a, 0x3ace: 0x000a, 0x3acf: 0x000a, 0x3ad0: 0x000a, 0x3ad1: 0x000a,
+	0x3ad2: 0x000a, 0x3ad3: 0x000a,
+	0x3ae0: 0x000a, 0x3ae1: 0x000a, 0x3ae2: 0x000a, 0x3ae3: 0x000a,
+	0x3ae4: 0x000a, 0x3ae5: 0x000a, 0x3ae6: 0x000a, 0x3ae7: 0x000a, 0x3ae8: 0x000a, 0x3ae9: 0x000a,
+	0x3aea: 0x000a, 0x3aeb: 0x000a, 0x3aec: 0x000a, 0x3aed: 0x000a,
+	0x3af0: 0x000a, 0x3af1: 0x000a, 0x3af2: 0x000a, 0x3af3: 0x000a,
+	0x3af8: 0x000a, 0x3af9: 0x000a, 0x3afa: 0x000a,
+	// Block 0xec, offset 0x3b00
+	0x3b00: 0x000a, 0x3b01: 0x000a, 0x3b02: 0x000a,
+	0x3b10: 0x000a, 0x3b11: 0x000a,
+	0x3b12: 0x000a, 0x3b13: 0x000a, 0x3b14: 0x000a, 0x3b15: 0x000a,
+	// Block 0xed, offset 0x3b40
+	0x3b7e: 0x000b, 0x3b7f: 0x000b,
+	// Block 0xee, offset 0x3b80
+	0x3b80: 0x000b, 0x3b81: 0x000b, 0x3b82: 0x000b, 0x3b83: 0x000b, 0x3b84: 0x000b, 0x3b85: 0x000b,
+	0x3b86: 0x000b, 0x3b87: 0x000b, 0x3b88: 0x000b, 0x3b89: 0x000b, 0x3b8a: 0x000b, 0x3b8b: 0x000b,
+	0x3b8c: 0x000b, 0x3b8d: 0x000b, 0x3b8e: 0x000b, 0x3b8f: 0x000b, 0x3b90: 0x000b, 0x3b91: 0x000b,
+	0x3b92: 0x000b, 0x3b93: 0x000b, 0x3b94: 0x000b, 0x3b95: 0x000b, 0x3b96: 0x000b, 0x3b97: 0x000b,
+	0x3b98: 0x000b, 0x3b99: 0x000b, 0x3b9a: 0x000b, 0x3b9b: 0x000b, 0x3b9c: 0x000b, 0x3b9d: 0x000b,
+	0x3b9e: 0x000b, 0x3b9f: 0x000b, 0x3ba0: 0x000b, 0x3ba1: 0x000b, 0x3ba2: 0x000b, 0x3ba3: 0x000b,
+	0x3ba4: 0x000b, 0x3ba5: 0x000b, 0x3ba6: 0x000b, 0x3ba7: 0x000b, 0x3ba8: 0x000b, 0x3ba9: 0x000b,
+	0x3baa: 0x000b, 0x3bab: 0x000b, 0x3bac: 0x000b, 0x3bad: 0x000b, 0x3bae: 0x000b, 0x3baf: 0x000b,
+	0x3bb0: 0x000b, 0x3bb1: 0x000b, 0x3bb2: 0x000b, 0x3bb3: 0x000b, 0x3bb4: 0x000b, 0x3bb5: 0x000b,
+	0x3bb6: 0x000b, 0x3bb7: 0x000b, 0x3bb8: 0x000b, 0x3bb9: 0x000b, 0x3bba: 0x000b, 0x3bbb: 0x000b,
+	0x3bbc: 0x000b, 0x3bbd: 0x000b, 0x3bbe: 0x000b, 0x3bbf: 0x000b,
+	// Block 0xef, offset 0x3bc0
+	0x3bc0: 0x000c, 0x3bc1: 0x000c, 0x3bc2: 0x000c, 0x3bc3: 0x000c, 0x3bc4: 0x000c, 0x3bc5: 0x000c,
+	0x3bc6: 0x000c, 0x3bc7: 0x000c, 0x3bc8: 0x000c, 0x3bc9: 0x000c, 0x3bca: 0x000c, 0x3bcb: 0x000c,
+	0x3bcc: 0x000c, 0x3bcd: 0x000c, 0x3bce: 0x000c, 0x3bcf: 0x000c, 0x3bd0: 0x000c, 0x3bd1: 0x000c,
+	0x3bd2: 0x000c, 0x3bd3: 0x000c, 0x3bd4: 0x000c, 0x3bd5: 0x000c, 0x3bd6: 0x000c, 0x3bd7: 0x000c,
+	0x3bd8: 0x000c, 0x3bd9: 0x000c, 0x3bda: 0x000c, 0x3bdb: 0x000c, 0x3bdc: 0x000c, 0x3bdd: 0x000c,
+	0x3bde: 0x000c, 0x3bdf: 0x000c, 0x3be0: 0x000c, 0x3be1: 0x000c, 0x3be2: 0x000c, 0x3be3: 0x000c,
+	0x3be4: 0x000c, 0x3be5: 0x000c, 0x3be6: 0x000c, 0x3be7: 0x000c, 0x3be8: 0x000c, 0x3be9: 0x000c,
+	0x3bea: 0x000c, 0x3beb: 0x000c, 0x3bec: 0x000c, 0x3bed: 0x000c, 0x3bee: 0x000c, 0x3bef: 0x000c,
+	0x3bf0: 0x000b, 0x3bf1: 0x000b, 0x3bf2: 0x000b, 0x3bf3: 0x000b, 0x3bf4: 0x000b, 0x3bf5: 0x000b,
+	0x3bf6: 0x000b, 0x3bf7: 0x000b, 0x3bf8: 0x000b, 0x3bf9: 0x000b, 0x3bfa: 0x000b, 0x3bfb: 0x000b,
+	0x3bfc: 0x000b, 0x3bfd: 0x000b, 0x3bfe: 0x000b, 0x3bff: 0x000b,
+}
+
+// bidiIndex: 24 blocks, 1536 entries, 1536 bytes
+// Block 0 is the zero block.
+var bidiIndex = [1536]uint8{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x01, 0xc3: 0x02,
+	0xca: 0x03, 0xcb: 0x04, 0xcc: 0x05, 0xcd: 0x06, 0xce: 0x07, 0xcf: 0x08,
+	0xd2: 0x09, 0xd6: 0x0a, 0xd7: 0x0b,
+	0xd8: 0x0c, 0xd9: 0x0d, 0xda: 0x0e, 0xdb: 0x0f, 0xdc: 0x10, 0xdd: 0x11, 0xde: 0x12, 0xdf: 0x13,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06,
+	0xea: 0x07, 0xef: 0x08,
+	0xf0: 0x11, 0xf1: 0x12, 0xf2: 0x12, 0xf3: 0x14, 0xf4: 0x15,
+	// Block 0x4, offset 0x100
+	0x120: 0x14, 0x121: 0x15, 0x122: 0x16, 0x123: 0x17, 0x124: 0x18, 0x125: 0x19, 0x126: 0x1a, 0x127: 0x1b,
+	0x128: 0x1c, 0x129: 0x1d, 0x12a: 0x1c, 0x12b: 0x1e, 0x12c: 0x1f, 0x12d: 0x20, 0x12e: 0x21, 0x12f: 0x22,
+	0x130: 0x23, 0x131: 0x24, 0x132: 0x1a, 0x133: 0x25, 0x134: 0x26, 0x135: 0x27, 0x137: 0x28,
+	0x138: 0x29, 0x139: 0x2a, 0x13a: 0x2b, 0x13b: 0x2c, 0x13c: 0x2d, 0x13d: 0x2e, 0x13e: 0x2f, 0x13f: 0x30,
+	// Block 0x5, offset 0x140
+	0x140: 0x31, 0x141: 0x32, 0x142: 0x33,
+	0x14d: 0x34, 0x14e: 0x35,
+	0x150: 0x36,
+	0x15a: 0x37, 0x15c: 0x38, 0x15d: 0x39, 0x15e: 0x3a, 0x15f: 0x3b,
+	0x160: 0x3c, 0x162: 0x3d, 0x164: 0x3e, 0x165: 0x3f, 0x167: 0x40,
+	0x168: 0x41, 0x169: 0x42, 0x16a: 0x43, 0x16c: 0x44, 0x16d: 0x45, 0x16e: 0x46, 0x16f: 0x47,
+	0x170: 0x48, 0x173: 0x49, 0x177: 0x4a,
+	0x17e: 0x4b, 0x17f: 0x4c,
+	// Block 0x6, offset 0x180
+	0x180: 0x4d, 0x181: 0x4e, 0x182: 0x4f, 0x183: 0x50, 0x184: 0x51, 0x185: 0x52, 0x186: 0x53, 0x187: 0x54,
+	0x188: 0x55, 0x189: 0x54, 0x18a: 0x54, 0x18b: 0x54, 0x18c: 0x56, 0x18d: 0x57, 0x18e: 0x58, 0x18f: 0x54,
+	0x190: 0x59, 0x191: 0x5a, 0x192: 0x5b, 0x193: 0x5c, 0x194: 0x54, 0x195: 0x54, 0x196: 0x54, 0x197: 0x54,
+	0x198: 0x54, 0x199: 0x54, 0x19a: 0x5d, 0x19b: 0x54, 0x19c: 0x54, 0x19d: 0x5e, 0x19e: 0x54, 0x19f: 0x5f,
+	0x1a4: 0x54, 0x1a5: 0x54, 0x1a6: 0x60, 0x1a7: 0x61,
+	0x1a8: 0x54, 0x1a9: 0x54, 0x1aa: 0x54, 0x1ab: 0x54, 0x1ac: 0x54, 0x1ad: 0x62, 0x1ae: 0x63, 0x1af: 0x54,
+	0x1b3: 0x64, 0x1b5: 0x65, 0x1b7: 0x66,
+	0x1b8: 0x67, 0x1b9: 0x68, 0x1ba: 0x69, 0x1bb: 0x6a, 0x1bc: 0x54, 0x1bd: 0x54, 0x1be: 0x54, 0x1bf: 0x6b,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x6c, 0x1c2: 0x6d, 0x1c3: 0x6e, 0x1c7: 0x6f,
+	0x1c8: 0x70, 0x1c9: 0x71, 0x1ca: 0x72, 0x1cb: 0x73, 0x1cd: 0x74, 0x1cf: 0x75,
+	// Block 0x8, offset 0x200
+	0x237: 0x54,
+	// Block 0x9, offset 0x240
+	0x252: 0x76, 0x253: 0x77,
+	0x258: 0x78, 0x259: 0x79, 0x25a: 0x7a, 0x25b: 0x7b, 0x25c: 0x7c, 0x25e: 0x7d,
+	0x260: 0x7e, 0x261: 0x7f, 0x263: 0x80, 0x264: 0x81, 0x265: 0x82, 0x266: 0x83, 0x267: 0x84,
+	0x268: 0x85, 0x269: 0x86, 0x26a: 0x87, 0x26b: 0x88, 0x26f: 0x89,
+	// Block 0xa, offset 0x280
+	0x2ac: 0x8a, 0x2ad: 0x8b, 0x2ae: 0x0e, 0x2af: 0x0e,
+	0x2b0: 0x0e, 0x2b1: 0x0e, 0x2b2: 0x0e, 0x2b3: 0x0e, 0x2b4: 0x8c, 0x2b5: 0x0e, 0x2b6: 0x0e, 0x2b7: 0x8d,
+	0x2b8: 0x8e, 0x2b9: 0x8f, 0x2ba: 0x0e, 0x2bb: 0x90, 0x2bc: 0x91, 0x2bd: 0x92, 0x2bf: 0x93,
+	// Block 0xb, offset 0x2c0
+	0x2c4: 0x94, 0x2c5: 0x54, 0x2c6: 0x95, 0x2c7: 0x96,
+	0x2cb: 0x97, 0x2cd: 0x98,
+	0x2e0: 0x99, 0x2e1: 0x99, 0x2e2: 0x99, 0x2e3: 0x99, 0x2e4: 0x9a, 0x2e5: 0x99, 0x2e6: 0x99, 0x2e7: 0x99,
+	0x2e8: 0x9b, 0x2e9: 0x99, 0x2ea: 0x99, 0x2eb: 0x9c, 0x2ec: 0x9d, 0x2ed: 0x99, 0x2ee: 0x99, 0x2ef: 0x99,
+	0x2f0: 0x99, 0x2f1: 0x99, 0x2f2: 0x99, 0x2f3: 0x99, 0x2f4: 0x9e, 0x2f5: 0x99, 0x2f6: 0x99, 0x2f7: 0x99,
+	0x2f8: 0x99, 0x2f9: 0x9f, 0x2fa: 0x99, 0x2fb: 0x99, 0x2fc: 0xa0, 0x2fd: 0xa1, 0x2fe: 0x99, 0x2ff: 0x99,
+	// Block 0xc, offset 0x300
+	0x300: 0xa2, 0x301: 0xa3, 0x302: 0xa4, 0x304: 0xa5, 0x305: 0xa6, 0x306: 0xa7, 0x307: 0xa8,
+	0x308: 0xa9, 0x30b: 0xaa, 0x30c: 0x26, 0x30d: 0xab,
+	0x310: 0xac, 0x311: 0xad, 0x312: 0xae, 0x313: 0xaf, 0x316: 0xb0, 0x317: 0xb1,
+	0x318: 0xb2, 0x319: 0xb3, 0x31a: 0xb4, 0x31c: 0xb5,
+	0x320: 0xb6, 0x327: 0xb7,
+	0x328: 0xb8, 0x329: 0xb9, 0x32a: 0xba,
+	0x330: 0xbb, 0x332: 0xbc, 0x334: 0xbd, 0x335: 0xbe, 0x336: 0xbf,
+	0x33b: 0xc0, 0x33f: 0xc1,
+	// Block 0xd, offset 0x340
+	0x36b: 0xc2, 0x36c: 0xc3,
+	0x37d: 0xc4, 0x37e: 0xc5, 0x37f: 0xc6,
+	// Block 0xe, offset 0x380
+	0x3b2: 0xc7,
+	// Block 0xf, offset 0x3c0
+	0x3c5: 0xc8, 0x3c6: 0xc9,
+	0x3c8: 0x54, 0x3c9: 0xca, 0x3cc: 0x54, 0x3cd: 0xcb,
+	0x3db: 0xcc, 0x3dc: 0xcd, 0x3dd: 0xce, 0x3de: 0xcf, 0x3df: 0xd0,
+	0x3e8: 0xd1, 0x3e9: 0xd2, 0x3ea: 0xd3,
+	// Block 0x10, offset 0x400
+	0x400: 0xd4, 0x404: 0xc3,
+	0x40b: 0xd5,
+	0x420: 0x99, 0x421: 0x99, 0x422: 0x99, 0x423: 0xd6, 0x424: 0x99, 0x425: 0xd7, 0x426: 0x99, 0x427: 0x99,
+	0x428: 0x99, 0x429: 0x99, 0x42a: 0x99, 0x42b: 0x99, 0x42c: 0x99, 0x42d: 0x99, 0x42e: 0x99, 0x42f: 0x99,
+	0x430: 0x99, 0x431: 0xa0, 0x432: 0x0e, 0x433: 0x99, 0x434: 0x0e, 0x435: 0xd8, 0x436: 0x99, 0x437: 0x99,
+	0x438: 0x0e, 0x439: 0x0e, 0x43a: 0x0e, 0x43b: 0xd9, 0x43c: 0x99, 0x43d: 0x99, 0x43e: 0x99, 0x43f: 0x99,
+	// Block 0x11, offset 0x440
+	0x440: 0xda, 0x441: 0x54, 0x442: 0xdb, 0x443: 0xdc, 0x444: 0xdd, 0x445: 0xde,
+	0x449: 0xdf, 0x44c: 0x54, 0x44d: 0x54, 0x44e: 0x54, 0x44f: 0x54,
+	0x450: 0x54, 0x451: 0x54, 0x452: 0x54, 0x453: 0x54, 0x454: 0x54, 0x455: 0x54, 0x456: 0x54, 0x457: 0x54,
+	0x458: 0x54, 0x459: 0x54, 0x45a: 0x54, 0x45b: 0xe0, 0x45c: 0x54, 0x45d: 0x6a, 0x45e: 0x54, 0x45f: 0xe1,
+	0x460: 0xe2, 0x461: 0xe3, 0x462: 0xe4, 0x464: 0xe5, 0x465: 0xe6, 0x466: 0xe7, 0x467: 0xe8,
+	0x468: 0x54, 0x469: 0xe9, 0x46a: 0xea,
+	0x47f: 0xeb,
+	// Block 0x12, offset 0x480
+	0x4bf: 0xeb,
+	// Block 0x13, offset 0x4c0
+	0x4d0: 0x09, 0x4d1: 0x0a, 0x4d6: 0x0b,
+	0x4db: 0x0c, 0x4dd: 0x0d, 0x4de: 0x0e, 0x4df: 0x0f,
+	0x4ef: 0x10,
+	0x4ff: 0x10,
+	// Block 0x14, offset 0x500
+	0x50f: 0x10,
+	0x51f: 0x10,
+	0x52f: 0x10,
+	0x53f: 0x10,
+	// Block 0x15, offset 0x540
+	0x540: 0xec, 0x541: 0xec, 0x542: 0xec, 0x543: 0xec, 0x544: 0x05, 0x545: 0x05, 0x546: 0x05, 0x547: 0xed,
+	0x548: 0xec, 0x549: 0xec, 0x54a: 0xec, 0x54b: 0xec, 0x54c: 0xec, 0x54d: 0xec, 0x54e: 0xec, 0x54f: 0xec,
+	0x550: 0xec, 0x551: 0xec, 0x552: 0xec, 0x553: 0xec, 0x554: 0xec, 0x555: 0xec, 0x556: 0xec, 0x557: 0xec,
+	0x558: 0xec, 0x559: 0xec, 0x55a: 0xec, 0x55b: 0xec, 0x55c: 0xec, 0x55d: 0xec, 0x55e: 0xec, 0x55f: 0xec,
+	0x560: 0xec, 0x561: 0xec, 0x562: 0xec, 0x563: 0xec, 0x564: 0xec, 0x565: 0xec, 0x566: 0xec, 0x567: 0xec,
+	0x568: 0xec, 0x569: 0xec, 0x56a: 0xec, 0x56b: 0xec, 0x56c: 0xec, 0x56d: 0xec, 0x56e: 0xec, 0x56f: 0xec,
+	0x570: 0xec, 0x571: 0xec, 0x572: 0xec, 0x573: 0xec, 0x574: 0xec, 0x575: 0xec, 0x576: 0xec, 0x577: 0xec,
+	0x578: 0xec, 0x579: 0xec, 0x57a: 0xec, 0x57b: 0xec, 0x57c: 0xec, 0x57d: 0xec, 0x57e: 0xec, 0x57f: 0xec,
+	// Block 0x16, offset 0x580
+	0x58f: 0x10,
+	0x59f: 0x10,
+	0x5a0: 0x13,
+	0x5af: 0x10,
+	0x5bf: 0x10,
+	// Block 0x17, offset 0x5c0
+	0x5cf: 0x10,
+}
+
+// Total table size 16952 bytes (16KiB); checksum: F50EF68C
diff --git a/vendor/golang.org/x/text/unicode/norm/composition.go b/vendor/golang.org/x/text/unicode/norm/composition.go
index bab4c5de02f5f..e2087bce52771 100644
--- a/vendor/golang.org/x/text/unicode/norm/composition.go
+++ b/vendor/golang.org/x/text/unicode/norm/composition.go
@@ -407,7 +407,7 @@ func decomposeHangul(buf []byte, r rune) int {
 
 // decomposeHangul algorithmically decomposes a Hangul rune into
 // its Jamo components.
-// See http://unicode.org/reports/tr15/#Hangul for details on decomposing Hangul.
+// See https://unicode.org/reports/tr15/#Hangul for details on decomposing Hangul.
 func (rb *reorderBuffer) decomposeHangul(r rune) {
 	r -= hangulBase
 	x := r % jamoTCount
@@ -420,7 +420,7 @@ func (rb *reorderBuffer) decomposeHangul(r rune) {
 }
 
 // combineHangul algorithmically combines Jamo character components into Hangul.
-// See http://unicode.org/reports/tr15/#Hangul for details on combining Hangul.
+// See https://unicode.org/reports/tr15/#Hangul for details on combining Hangul.
 func (rb *reorderBuffer) combineHangul(s, i, k int) {
 	b := rb.rune[:]
 	bn := rb.nrune
@@ -461,6 +461,10 @@ func (rb *reorderBuffer) combineHangul(s, i, k int) {
 // It should only be used to recompose a single segment, as it will not
 // handle alternations between Hangul and non-Hangul characters correctly.
 func (rb *reorderBuffer) compose() {
+	// Lazily load the map used by the combine func below, but do
+	// it outside of the loop.
+	recompMapOnce.Do(buildRecompMap)
+
 	// UAX #15, section X5 , including Corrigendum #5
 	// "In any character sequence beginning with starter S, a character C is
 	//  blocked from S if and only if there is some character B between S
diff --git a/vendor/golang.org/x/text/unicode/norm/forminfo.go b/vendor/golang.org/x/text/unicode/norm/forminfo.go
index e67e7655c547e..526c7033ac464 100644
--- a/vendor/golang.org/x/text/unicode/norm/forminfo.go
+++ b/vendor/golang.org/x/text/unicode/norm/forminfo.go
@@ -4,6 +4,8 @@
 
 package norm
 
+import "encoding/binary"
+
 // This file contains Form-specific logic and wrappers for data in tables.go.
 
 // Rune info is stored in a separate trie per composing form. A composing form
@@ -178,6 +180,17 @@ func (p Properties) TrailCCC() uint8 {
 	return ccc[p.tccc]
 }
 
+func buildRecompMap() {
+	recompMap = make(map[uint32]rune, len(recompMapPacked)/8)
+	var buf [8]byte
+	for i := 0; i < len(recompMapPacked); i += 8 {
+		copy(buf[:], recompMapPacked[i:i+8])
+		key := binary.BigEndian.Uint32(buf[:4])
+		val := binary.BigEndian.Uint32(buf[4:])
+		recompMap[key] = rune(val)
+	}
+}
+
 // Recomposition
 // We use 32-bit keys instead of 64-bit for the two codepoint keys.
 // This clips off the bits of three entries, but we know this will not
@@ -186,8 +199,14 @@ func (p Properties) TrailCCC() uint8 {
 // Note that the recomposition map for NFC and NFKC are identical.
 
 // combine returns the combined rune or 0 if it doesn't exist.
+//
+// The caller is responsible for calling
+// recompMapOnce.Do(buildRecompMap) sometime before this is called.
 func combine(a, b rune) rune {
 	key := uint32(uint16(a))<<16 + uint32(uint16(b))
+	if recompMap == nil {
+		panic("caller error") // see func comment
+	}
 	return recompMap[key]
 }
 
diff --git a/vendor/golang.org/x/text/unicode/norm/iter.go b/vendor/golang.org/x/text/unicode/norm/iter.go
index ce17f96c2e0ca..417c6b26894da 100644
--- a/vendor/golang.org/x/text/unicode/norm/iter.go
+++ b/vendor/golang.org/x/text/unicode/norm/iter.go
@@ -128,8 +128,9 @@ func (i *Iter) Next() []byte {
 func nextASCIIBytes(i *Iter) []byte {
 	p := i.p + 1
 	if p >= i.rb.nsrc {
+		p0 := i.p
 		i.setDone()
-		return i.rb.src.bytes[i.p:p]
+		return i.rb.src.bytes[p0:p]
 	}
 	if i.rb.src.bytes[p] < utf8.RuneSelf {
 		p0 := i.p
diff --git a/vendor/golang.org/x/text/unicode/norm/normalize.go b/vendor/golang.org/x/text/unicode/norm/normalize.go
index e28ac641acaf0..95efcf26e81d7 100644
--- a/vendor/golang.org/x/text/unicode/norm/normalize.go
+++ b/vendor/golang.org/x/text/unicode/norm/normalize.go
@@ -29,8 +29,8 @@ import (
 // proceed independently on both sides:
 //   f(x) == append(f(x[0:n]), f(x[n:])...)
 //
-// References: http://unicode.org/reports/tr15/ and
-// http://unicode.org/notes/tn5/.
+// References: https://unicode.org/reports/tr15/ and
+// https://unicode.org/notes/tn5/.
 type Form int
 
 const (
diff --git a/vendor/golang.org/x/text/unicode/norm/readwriter.go b/vendor/golang.org/x/text/unicode/norm/readwriter.go
index d926ee903e56f..b38096f5ca92b 100644
--- a/vendor/golang.org/x/text/unicode/norm/readwriter.go
+++ b/vendor/golang.org/x/text/unicode/norm/readwriter.go
@@ -60,8 +60,8 @@ func (w *normWriter) Close() error {
 }
 
 // Writer returns a new writer that implements Write(b)
-// by writing f(b) to w.  The returned writer may use an
-// an internal buffer to maintain state across Write calls.
+// by writing f(b) to w. The returned writer may use an
+// internal buffer to maintain state across Write calls.
 // Calling its Close method writes any buffered data to w.
 func (f Form) Writer(w io.Writer) io.WriteCloser {
 	wr := &normWriter{rb: reorderBuffer{}, w: w}
diff --git a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
index 44dd3978caa5a..26fbd55a1243d 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
@@ -1,9 +1,11 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
-// +build go1.10
+// +build go1.10,!go1.13
 
 package norm
 
+import "sync"
+
 const (
 	// Version is the Unicode edition from which the tables are derived.
 	Version = "10.0.0"
@@ -6707,947 +6709,949 @@ var nfkcSparseValues = [869]valueRange{
 }
 
 // recompMap: 7520 bytes (entries only)
-var recompMap = map[uint32]rune{
-	0x00410300: 0x00C0,
-	0x00410301: 0x00C1,
-	0x00410302: 0x00C2,
-	0x00410303: 0x00C3,
-	0x00410308: 0x00C4,
-	0x0041030A: 0x00C5,
-	0x00430327: 0x00C7,
-	0x00450300: 0x00C8,
-	0x00450301: 0x00C9,
-	0x00450302: 0x00CA,
-	0x00450308: 0x00CB,
-	0x00490300: 0x00CC,
-	0x00490301: 0x00CD,
-	0x00490302: 0x00CE,
-	0x00490308: 0x00CF,
-	0x004E0303: 0x00D1,
-	0x004F0300: 0x00D2,
-	0x004F0301: 0x00D3,
-	0x004F0302: 0x00D4,
-	0x004F0303: 0x00D5,
-	0x004F0308: 0x00D6,
-	0x00550300: 0x00D9,
-	0x00550301: 0x00DA,
-	0x00550302: 0x00DB,
-	0x00550308: 0x00DC,
-	0x00590301: 0x00DD,
-	0x00610300: 0x00E0,
-	0x00610301: 0x00E1,
-	0x00610302: 0x00E2,
-	0x00610303: 0x00E3,
-	0x00610308: 0x00E4,
-	0x0061030A: 0x00E5,
-	0x00630327: 0x00E7,
-	0x00650300: 0x00E8,
-	0x00650301: 0x00E9,
-	0x00650302: 0x00EA,
-	0x00650308: 0x00EB,
-	0x00690300: 0x00EC,
-	0x00690301: 0x00ED,
-	0x00690302: 0x00EE,
-	0x00690308: 0x00EF,
-	0x006E0303: 0x00F1,
-	0x006F0300: 0x00F2,
-	0x006F0301: 0x00F3,
-	0x006F0302: 0x00F4,
-	0x006F0303: 0x00F5,
-	0x006F0308: 0x00F6,
-	0x00750300: 0x00F9,
-	0x00750301: 0x00FA,
-	0x00750302: 0x00FB,
-	0x00750308: 0x00FC,
-	0x00790301: 0x00FD,
-	0x00790308: 0x00FF,
-	0x00410304: 0x0100,
-	0x00610304: 0x0101,
-	0x00410306: 0x0102,
-	0x00610306: 0x0103,
-	0x00410328: 0x0104,
-	0x00610328: 0x0105,
-	0x00430301: 0x0106,
-	0x00630301: 0x0107,
-	0x00430302: 0x0108,
-	0x00630302: 0x0109,
-	0x00430307: 0x010A,
-	0x00630307: 0x010B,
-	0x0043030C: 0x010C,
-	0x0063030C: 0x010D,
-	0x0044030C: 0x010E,
-	0x0064030C: 0x010F,
-	0x00450304: 0x0112,
-	0x00650304: 0x0113,
-	0x00450306: 0x0114,
-	0x00650306: 0x0115,
-	0x00450307: 0x0116,
-	0x00650307: 0x0117,
-	0x00450328: 0x0118,
-	0x00650328: 0x0119,
-	0x0045030C: 0x011A,
-	0x0065030C: 0x011B,
-	0x00470302: 0x011C,
-	0x00670302: 0x011D,
-	0x00470306: 0x011E,
-	0x00670306: 0x011F,
-	0x00470307: 0x0120,
-	0x00670307: 0x0121,
-	0x00470327: 0x0122,
-	0x00670327: 0x0123,
-	0x00480302: 0x0124,
-	0x00680302: 0x0125,
-	0x00490303: 0x0128,
-	0x00690303: 0x0129,
-	0x00490304: 0x012A,
-	0x00690304: 0x012B,
-	0x00490306: 0x012C,
-	0x00690306: 0x012D,
-	0x00490328: 0x012E,
-	0x00690328: 0x012F,
-	0x00490307: 0x0130,
-	0x004A0302: 0x0134,
-	0x006A0302: 0x0135,
-	0x004B0327: 0x0136,
-	0x006B0327: 0x0137,
-	0x004C0301: 0x0139,
-	0x006C0301: 0x013A,
-	0x004C0327: 0x013B,
-	0x006C0327: 0x013C,
-	0x004C030C: 0x013D,
-	0x006C030C: 0x013E,
-	0x004E0301: 0x0143,
-	0x006E0301: 0x0144,
-	0x004E0327: 0x0145,
-	0x006E0327: 0x0146,
-	0x004E030C: 0x0147,
-	0x006E030C: 0x0148,
-	0x004F0304: 0x014C,
-	0x006F0304: 0x014D,
-	0x004F0306: 0x014E,
-	0x006F0306: 0x014F,
-	0x004F030B: 0x0150,
-	0x006F030B: 0x0151,
-	0x00520301: 0x0154,
-	0x00720301: 0x0155,
-	0x00520327: 0x0156,
-	0x00720327: 0x0157,
-	0x0052030C: 0x0158,
-	0x0072030C: 0x0159,
-	0x00530301: 0x015A,
-	0x00730301: 0x015B,
-	0x00530302: 0x015C,
-	0x00730302: 0x015D,
-	0x00530327: 0x015E,
-	0x00730327: 0x015F,
-	0x0053030C: 0x0160,
-	0x0073030C: 0x0161,
-	0x00540327: 0x0162,
-	0x00740327: 0x0163,
-	0x0054030C: 0x0164,
-	0x0074030C: 0x0165,
-	0x00550303: 0x0168,
-	0x00750303: 0x0169,
-	0x00550304: 0x016A,
-	0x00750304: 0x016B,
-	0x00550306: 0x016C,
-	0x00750306: 0x016D,
-	0x0055030A: 0x016E,
-	0x0075030A: 0x016F,
-	0x0055030B: 0x0170,
-	0x0075030B: 0x0171,
-	0x00550328: 0x0172,
-	0x00750328: 0x0173,
-	0x00570302: 0x0174,
-	0x00770302: 0x0175,
-	0x00590302: 0x0176,
-	0x00790302: 0x0177,
-	0x00590308: 0x0178,
-	0x005A0301: 0x0179,
-	0x007A0301: 0x017A,
-	0x005A0307: 0x017B,
-	0x007A0307: 0x017C,
-	0x005A030C: 0x017D,
-	0x007A030C: 0x017E,
-	0x004F031B: 0x01A0,
-	0x006F031B: 0x01A1,
-	0x0055031B: 0x01AF,
-	0x0075031B: 0x01B0,
-	0x0041030C: 0x01CD,
-	0x0061030C: 0x01CE,
-	0x0049030C: 0x01CF,
-	0x0069030C: 0x01D0,
-	0x004F030C: 0x01D1,
-	0x006F030C: 0x01D2,
-	0x0055030C: 0x01D3,
-	0x0075030C: 0x01D4,
-	0x00DC0304: 0x01D5,
-	0x00FC0304: 0x01D6,
-	0x00DC0301: 0x01D7,
-	0x00FC0301: 0x01D8,
-	0x00DC030C: 0x01D9,
-	0x00FC030C: 0x01DA,
-	0x00DC0300: 0x01DB,
-	0x00FC0300: 0x01DC,
-	0x00C40304: 0x01DE,
-	0x00E40304: 0x01DF,
-	0x02260304: 0x01E0,
-	0x02270304: 0x01E1,
-	0x00C60304: 0x01E2,
-	0x00E60304: 0x01E3,
-	0x0047030C: 0x01E6,
-	0x0067030C: 0x01E7,
-	0x004B030C: 0x01E8,
-	0x006B030C: 0x01E9,
-	0x004F0328: 0x01EA,
-	0x006F0328: 0x01EB,
-	0x01EA0304: 0x01EC,
-	0x01EB0304: 0x01ED,
-	0x01B7030C: 0x01EE,
-	0x0292030C: 0x01EF,
-	0x006A030C: 0x01F0,
-	0x00470301: 0x01F4,
-	0x00670301: 0x01F5,
-	0x004E0300: 0x01F8,
-	0x006E0300: 0x01F9,
-	0x00C50301: 0x01FA,
-	0x00E50301: 0x01FB,
-	0x00C60301: 0x01FC,
-	0x00E60301: 0x01FD,
-	0x00D80301: 0x01FE,
-	0x00F80301: 0x01FF,
-	0x0041030F: 0x0200,
-	0x0061030F: 0x0201,
-	0x00410311: 0x0202,
-	0x00610311: 0x0203,
-	0x0045030F: 0x0204,
-	0x0065030F: 0x0205,
-	0x00450311: 0x0206,
-	0x00650311: 0x0207,
-	0x0049030F: 0x0208,
-	0x0069030F: 0x0209,
-	0x00490311: 0x020A,
-	0x00690311: 0x020B,
-	0x004F030F: 0x020C,
-	0x006F030F: 0x020D,
-	0x004F0311: 0x020E,
-	0x006F0311: 0x020F,
-	0x0052030F: 0x0210,
-	0x0072030F: 0x0211,
-	0x00520311: 0x0212,
-	0x00720311: 0x0213,
-	0x0055030F: 0x0214,
-	0x0075030F: 0x0215,
-	0x00550311: 0x0216,
-	0x00750311: 0x0217,
-	0x00530326: 0x0218,
-	0x00730326: 0x0219,
-	0x00540326: 0x021A,
-	0x00740326: 0x021B,
-	0x0048030C: 0x021E,
-	0x0068030C: 0x021F,
-	0x00410307: 0x0226,
-	0x00610307: 0x0227,
-	0x00450327: 0x0228,
-	0x00650327: 0x0229,
-	0x00D60304: 0x022A,
-	0x00F60304: 0x022B,
-	0x00D50304: 0x022C,
-	0x00F50304: 0x022D,
-	0x004F0307: 0x022E,
-	0x006F0307: 0x022F,
-	0x022E0304: 0x0230,
-	0x022F0304: 0x0231,
-	0x00590304: 0x0232,
-	0x00790304: 0x0233,
-	0x00A80301: 0x0385,
-	0x03910301: 0x0386,
-	0x03950301: 0x0388,
-	0x03970301: 0x0389,
-	0x03990301: 0x038A,
-	0x039F0301: 0x038C,
-	0x03A50301: 0x038E,
-	0x03A90301: 0x038F,
-	0x03CA0301: 0x0390,
-	0x03990308: 0x03AA,
-	0x03A50308: 0x03AB,
-	0x03B10301: 0x03AC,
-	0x03B50301: 0x03AD,
-	0x03B70301: 0x03AE,
-	0x03B90301: 0x03AF,
-	0x03CB0301: 0x03B0,
-	0x03B90308: 0x03CA,
-	0x03C50308: 0x03CB,
-	0x03BF0301: 0x03CC,
-	0x03C50301: 0x03CD,
-	0x03C90301: 0x03CE,
-	0x03D20301: 0x03D3,
-	0x03D20308: 0x03D4,
-	0x04150300: 0x0400,
-	0x04150308: 0x0401,
-	0x04130301: 0x0403,
-	0x04060308: 0x0407,
-	0x041A0301: 0x040C,
-	0x04180300: 0x040D,
-	0x04230306: 0x040E,
-	0x04180306: 0x0419,
-	0x04380306: 0x0439,
-	0x04350300: 0x0450,
-	0x04350308: 0x0451,
-	0x04330301: 0x0453,
-	0x04560308: 0x0457,
-	0x043A0301: 0x045C,
-	0x04380300: 0x045D,
-	0x04430306: 0x045E,
-	0x0474030F: 0x0476,
-	0x0475030F: 0x0477,
-	0x04160306: 0x04C1,
-	0x04360306: 0x04C2,
-	0x04100306: 0x04D0,
-	0x04300306: 0x04D1,
-	0x04100308: 0x04D2,
-	0x04300308: 0x04D3,
-	0x04150306: 0x04D6,
-	0x04350306: 0x04D7,
-	0x04D80308: 0x04DA,
-	0x04D90308: 0x04DB,
-	0x04160308: 0x04DC,
-	0x04360308: 0x04DD,
-	0x04170308: 0x04DE,
-	0x04370308: 0x04DF,
-	0x04180304: 0x04E2,
-	0x04380304: 0x04E3,
-	0x04180308: 0x04E4,
-	0x04380308: 0x04E5,
-	0x041E0308: 0x04E6,
-	0x043E0308: 0x04E7,
-	0x04E80308: 0x04EA,
-	0x04E90308: 0x04EB,
-	0x042D0308: 0x04EC,
-	0x044D0308: 0x04ED,
-	0x04230304: 0x04EE,
-	0x04430304: 0x04EF,
-	0x04230308: 0x04F0,
-	0x04430308: 0x04F1,
-	0x0423030B: 0x04F2,
-	0x0443030B: 0x04F3,
-	0x04270308: 0x04F4,
-	0x04470308: 0x04F5,
-	0x042B0308: 0x04F8,
-	0x044B0308: 0x04F9,
-	0x06270653: 0x0622,
-	0x06270654: 0x0623,
-	0x06480654: 0x0624,
-	0x06270655: 0x0625,
-	0x064A0654: 0x0626,
-	0x06D50654: 0x06C0,
-	0x06C10654: 0x06C2,
-	0x06D20654: 0x06D3,
-	0x0928093C: 0x0929,
-	0x0930093C: 0x0931,
-	0x0933093C: 0x0934,
-	0x09C709BE: 0x09CB,
-	0x09C709D7: 0x09CC,
-	0x0B470B56: 0x0B48,
-	0x0B470B3E: 0x0B4B,
-	0x0B470B57: 0x0B4C,
-	0x0B920BD7: 0x0B94,
-	0x0BC60BBE: 0x0BCA,
-	0x0BC70BBE: 0x0BCB,
-	0x0BC60BD7: 0x0BCC,
-	0x0C460C56: 0x0C48,
-	0x0CBF0CD5: 0x0CC0,
-	0x0CC60CD5: 0x0CC7,
-	0x0CC60CD6: 0x0CC8,
-	0x0CC60CC2: 0x0CCA,
-	0x0CCA0CD5: 0x0CCB,
-	0x0D460D3E: 0x0D4A,
-	0x0D470D3E: 0x0D4B,
-	0x0D460D57: 0x0D4C,
-	0x0DD90DCA: 0x0DDA,
-	0x0DD90DCF: 0x0DDC,
-	0x0DDC0DCA: 0x0DDD,
-	0x0DD90DDF: 0x0DDE,
-	0x1025102E: 0x1026,
-	0x1B051B35: 0x1B06,
-	0x1B071B35: 0x1B08,
-	0x1B091B35: 0x1B0A,
-	0x1B0B1B35: 0x1B0C,
-	0x1B0D1B35: 0x1B0E,
-	0x1B111B35: 0x1B12,
-	0x1B3A1B35: 0x1B3B,
-	0x1B3C1B35: 0x1B3D,
-	0x1B3E1B35: 0x1B40,
-	0x1B3F1B35: 0x1B41,
-	0x1B421B35: 0x1B43,
-	0x00410325: 0x1E00,
-	0x00610325: 0x1E01,
-	0x00420307: 0x1E02,
-	0x00620307: 0x1E03,
-	0x00420323: 0x1E04,
-	0x00620323: 0x1E05,
-	0x00420331: 0x1E06,
-	0x00620331: 0x1E07,
-	0x00C70301: 0x1E08,
-	0x00E70301: 0x1E09,
-	0x00440307: 0x1E0A,
-	0x00640307: 0x1E0B,
-	0x00440323: 0x1E0C,
-	0x00640323: 0x1E0D,
-	0x00440331: 0x1E0E,
-	0x00640331: 0x1E0F,
-	0x00440327: 0x1E10,
-	0x00640327: 0x1E11,
-	0x0044032D: 0x1E12,
-	0x0064032D: 0x1E13,
-	0x01120300: 0x1E14,
-	0x01130300: 0x1E15,
-	0x01120301: 0x1E16,
-	0x01130301: 0x1E17,
-	0x0045032D: 0x1E18,
-	0x0065032D: 0x1E19,
-	0x00450330: 0x1E1A,
-	0x00650330: 0x1E1B,
-	0x02280306: 0x1E1C,
-	0x02290306: 0x1E1D,
-	0x00460307: 0x1E1E,
-	0x00660307: 0x1E1F,
-	0x00470304: 0x1E20,
-	0x00670304: 0x1E21,
-	0x00480307: 0x1E22,
-	0x00680307: 0x1E23,
-	0x00480323: 0x1E24,
-	0x00680323: 0x1E25,
-	0x00480308: 0x1E26,
-	0x00680308: 0x1E27,
-	0x00480327: 0x1E28,
-	0x00680327: 0x1E29,
-	0x0048032E: 0x1E2A,
-	0x0068032E: 0x1E2B,
-	0x00490330: 0x1E2C,
-	0x00690330: 0x1E2D,
-	0x00CF0301: 0x1E2E,
-	0x00EF0301: 0x1E2F,
-	0x004B0301: 0x1E30,
-	0x006B0301: 0x1E31,
-	0x004B0323: 0x1E32,
-	0x006B0323: 0x1E33,
-	0x004B0331: 0x1E34,
-	0x006B0331: 0x1E35,
-	0x004C0323: 0x1E36,
-	0x006C0323: 0x1E37,
-	0x1E360304: 0x1E38,
-	0x1E370304: 0x1E39,
-	0x004C0331: 0x1E3A,
-	0x006C0331: 0x1E3B,
-	0x004C032D: 0x1E3C,
-	0x006C032D: 0x1E3D,
-	0x004D0301: 0x1E3E,
-	0x006D0301: 0x1E3F,
-	0x004D0307: 0x1E40,
-	0x006D0307: 0x1E41,
-	0x004D0323: 0x1E42,
-	0x006D0323: 0x1E43,
-	0x004E0307: 0x1E44,
-	0x006E0307: 0x1E45,
-	0x004E0323: 0x1E46,
-	0x006E0323: 0x1E47,
-	0x004E0331: 0x1E48,
-	0x006E0331: 0x1E49,
-	0x004E032D: 0x1E4A,
-	0x006E032D: 0x1E4B,
-	0x00D50301: 0x1E4C,
-	0x00F50301: 0x1E4D,
-	0x00D50308: 0x1E4E,
-	0x00F50308: 0x1E4F,
-	0x014C0300: 0x1E50,
-	0x014D0300: 0x1E51,
-	0x014C0301: 0x1E52,
-	0x014D0301: 0x1E53,
-	0x00500301: 0x1E54,
-	0x00700301: 0x1E55,
-	0x00500307: 0x1E56,
-	0x00700307: 0x1E57,
-	0x00520307: 0x1E58,
-	0x00720307: 0x1E59,
-	0x00520323: 0x1E5A,
-	0x00720323: 0x1E5B,
-	0x1E5A0304: 0x1E5C,
-	0x1E5B0304: 0x1E5D,
-	0x00520331: 0x1E5E,
-	0x00720331: 0x1E5F,
-	0x00530307: 0x1E60,
-	0x00730307: 0x1E61,
-	0x00530323: 0x1E62,
-	0x00730323: 0x1E63,
-	0x015A0307: 0x1E64,
-	0x015B0307: 0x1E65,
-	0x01600307: 0x1E66,
-	0x01610307: 0x1E67,
-	0x1E620307: 0x1E68,
-	0x1E630307: 0x1E69,
-	0x00540307: 0x1E6A,
-	0x00740307: 0x1E6B,
-	0x00540323: 0x1E6C,
-	0x00740323: 0x1E6D,
-	0x00540331: 0x1E6E,
-	0x00740331: 0x1E6F,
-	0x0054032D: 0x1E70,
-	0x0074032D: 0x1E71,
-	0x00550324: 0x1E72,
-	0x00750324: 0x1E73,
-	0x00550330: 0x1E74,
-	0x00750330: 0x1E75,
-	0x0055032D: 0x1E76,
-	0x0075032D: 0x1E77,
-	0x01680301: 0x1E78,
-	0x01690301: 0x1E79,
-	0x016A0308: 0x1E7A,
-	0x016B0308: 0x1E7B,
-	0x00560303: 0x1E7C,
-	0x00760303: 0x1E7D,
-	0x00560323: 0x1E7E,
-	0x00760323: 0x1E7F,
-	0x00570300: 0x1E80,
-	0x00770300: 0x1E81,
-	0x00570301: 0x1E82,
-	0x00770301: 0x1E83,
-	0x00570308: 0x1E84,
-	0x00770308: 0x1E85,
-	0x00570307: 0x1E86,
-	0x00770307: 0x1E87,
-	0x00570323: 0x1E88,
-	0x00770323: 0x1E89,
-	0x00580307: 0x1E8A,
-	0x00780307: 0x1E8B,
-	0x00580308: 0x1E8C,
-	0x00780308: 0x1E8D,
-	0x00590307: 0x1E8E,
-	0x00790307: 0x1E8F,
-	0x005A0302: 0x1E90,
-	0x007A0302: 0x1E91,
-	0x005A0323: 0x1E92,
-	0x007A0323: 0x1E93,
-	0x005A0331: 0x1E94,
-	0x007A0331: 0x1E95,
-	0x00680331: 0x1E96,
-	0x00740308: 0x1E97,
-	0x0077030A: 0x1E98,
-	0x0079030A: 0x1E99,
-	0x017F0307: 0x1E9B,
-	0x00410323: 0x1EA0,
-	0x00610323: 0x1EA1,
-	0x00410309: 0x1EA2,
-	0x00610309: 0x1EA3,
-	0x00C20301: 0x1EA4,
-	0x00E20301: 0x1EA5,
-	0x00C20300: 0x1EA6,
-	0x00E20300: 0x1EA7,
-	0x00C20309: 0x1EA8,
-	0x00E20309: 0x1EA9,
-	0x00C20303: 0x1EAA,
-	0x00E20303: 0x1EAB,
-	0x1EA00302: 0x1EAC,
-	0x1EA10302: 0x1EAD,
-	0x01020301: 0x1EAE,
-	0x01030301: 0x1EAF,
-	0x01020300: 0x1EB0,
-	0x01030300: 0x1EB1,
-	0x01020309: 0x1EB2,
-	0x01030309: 0x1EB3,
-	0x01020303: 0x1EB4,
-	0x01030303: 0x1EB5,
-	0x1EA00306: 0x1EB6,
-	0x1EA10306: 0x1EB7,
-	0x00450323: 0x1EB8,
-	0x00650323: 0x1EB9,
-	0x00450309: 0x1EBA,
-	0x00650309: 0x1EBB,
-	0x00450303: 0x1EBC,
-	0x00650303: 0x1EBD,
-	0x00CA0301: 0x1EBE,
-	0x00EA0301: 0x1EBF,
-	0x00CA0300: 0x1EC0,
-	0x00EA0300: 0x1EC1,
-	0x00CA0309: 0x1EC2,
-	0x00EA0309: 0x1EC3,
-	0x00CA0303: 0x1EC4,
-	0x00EA0303: 0x1EC5,
-	0x1EB80302: 0x1EC6,
-	0x1EB90302: 0x1EC7,
-	0x00490309: 0x1EC8,
-	0x00690309: 0x1EC9,
-	0x00490323: 0x1ECA,
-	0x00690323: 0x1ECB,
-	0x004F0323: 0x1ECC,
-	0x006F0323: 0x1ECD,
-	0x004F0309: 0x1ECE,
-	0x006F0309: 0x1ECF,
-	0x00D40301: 0x1ED0,
-	0x00F40301: 0x1ED1,
-	0x00D40300: 0x1ED2,
-	0x00F40300: 0x1ED3,
-	0x00D40309: 0x1ED4,
-	0x00F40309: 0x1ED5,
-	0x00D40303: 0x1ED6,
-	0x00F40303: 0x1ED7,
-	0x1ECC0302: 0x1ED8,
-	0x1ECD0302: 0x1ED9,
-	0x01A00301: 0x1EDA,
-	0x01A10301: 0x1EDB,
-	0x01A00300: 0x1EDC,
-	0x01A10300: 0x1EDD,
-	0x01A00309: 0x1EDE,
-	0x01A10309: 0x1EDF,
-	0x01A00303: 0x1EE0,
-	0x01A10303: 0x1EE1,
-	0x01A00323: 0x1EE2,
-	0x01A10323: 0x1EE3,
-	0x00550323: 0x1EE4,
-	0x00750323: 0x1EE5,
-	0x00550309: 0x1EE6,
-	0x00750309: 0x1EE7,
-	0x01AF0301: 0x1EE8,
-	0x01B00301: 0x1EE9,
-	0x01AF0300: 0x1EEA,
-	0x01B00300: 0x1EEB,
-	0x01AF0309: 0x1EEC,
-	0x01B00309: 0x1EED,
-	0x01AF0303: 0x1EEE,
-	0x01B00303: 0x1EEF,
-	0x01AF0323: 0x1EF0,
-	0x01B00323: 0x1EF1,
-	0x00590300: 0x1EF2,
-	0x00790300: 0x1EF3,
-	0x00590323: 0x1EF4,
-	0x00790323: 0x1EF5,
-	0x00590309: 0x1EF6,
-	0x00790309: 0x1EF7,
-	0x00590303: 0x1EF8,
-	0x00790303: 0x1EF9,
-	0x03B10313: 0x1F00,
-	0x03B10314: 0x1F01,
-	0x1F000300: 0x1F02,
-	0x1F010300: 0x1F03,
-	0x1F000301: 0x1F04,
-	0x1F010301: 0x1F05,
-	0x1F000342: 0x1F06,
-	0x1F010342: 0x1F07,
-	0x03910313: 0x1F08,
-	0x03910314: 0x1F09,
-	0x1F080300: 0x1F0A,
-	0x1F090300: 0x1F0B,
-	0x1F080301: 0x1F0C,
-	0x1F090301: 0x1F0D,
-	0x1F080342: 0x1F0E,
-	0x1F090342: 0x1F0F,
-	0x03B50313: 0x1F10,
-	0x03B50314: 0x1F11,
-	0x1F100300: 0x1F12,
-	0x1F110300: 0x1F13,
-	0x1F100301: 0x1F14,
-	0x1F110301: 0x1F15,
-	0x03950313: 0x1F18,
-	0x03950314: 0x1F19,
-	0x1F180300: 0x1F1A,
-	0x1F190300: 0x1F1B,
-	0x1F180301: 0x1F1C,
-	0x1F190301: 0x1F1D,
-	0x03B70313: 0x1F20,
-	0x03B70314: 0x1F21,
-	0x1F200300: 0x1F22,
-	0x1F210300: 0x1F23,
-	0x1F200301: 0x1F24,
-	0x1F210301: 0x1F25,
-	0x1F200342: 0x1F26,
-	0x1F210342: 0x1F27,
-	0x03970313: 0x1F28,
-	0x03970314: 0x1F29,
-	0x1F280300: 0x1F2A,
-	0x1F290300: 0x1F2B,
-	0x1F280301: 0x1F2C,
-	0x1F290301: 0x1F2D,
-	0x1F280342: 0x1F2E,
-	0x1F290342: 0x1F2F,
-	0x03B90313: 0x1F30,
-	0x03B90314: 0x1F31,
-	0x1F300300: 0x1F32,
-	0x1F310300: 0x1F33,
-	0x1F300301: 0x1F34,
-	0x1F310301: 0x1F35,
-	0x1F300342: 0x1F36,
-	0x1F310342: 0x1F37,
-	0x03990313: 0x1F38,
-	0x03990314: 0x1F39,
-	0x1F380300: 0x1F3A,
-	0x1F390300: 0x1F3B,
-	0x1F380301: 0x1F3C,
-	0x1F390301: 0x1F3D,
-	0x1F380342: 0x1F3E,
-	0x1F390342: 0x1F3F,
-	0x03BF0313: 0x1F40,
-	0x03BF0314: 0x1F41,
-	0x1F400300: 0x1F42,
-	0x1F410300: 0x1F43,
-	0x1F400301: 0x1F44,
-	0x1F410301: 0x1F45,
-	0x039F0313: 0x1F48,
-	0x039F0314: 0x1F49,
-	0x1F480300: 0x1F4A,
-	0x1F490300: 0x1F4B,
-	0x1F480301: 0x1F4C,
-	0x1F490301: 0x1F4D,
-	0x03C50313: 0x1F50,
-	0x03C50314: 0x1F51,
-	0x1F500300: 0x1F52,
-	0x1F510300: 0x1F53,
-	0x1F500301: 0x1F54,
-	0x1F510301: 0x1F55,
-	0x1F500342: 0x1F56,
-	0x1F510342: 0x1F57,
-	0x03A50314: 0x1F59,
-	0x1F590300: 0x1F5B,
-	0x1F590301: 0x1F5D,
-	0x1F590342: 0x1F5F,
-	0x03C90313: 0x1F60,
-	0x03C90314: 0x1F61,
-	0x1F600300: 0x1F62,
-	0x1F610300: 0x1F63,
-	0x1F600301: 0x1F64,
-	0x1F610301: 0x1F65,
-	0x1F600342: 0x1F66,
-	0x1F610342: 0x1F67,
-	0x03A90313: 0x1F68,
-	0x03A90314: 0x1F69,
-	0x1F680300: 0x1F6A,
-	0x1F690300: 0x1F6B,
-	0x1F680301: 0x1F6C,
-	0x1F690301: 0x1F6D,
-	0x1F680342: 0x1F6E,
-	0x1F690342: 0x1F6F,
-	0x03B10300: 0x1F70,
-	0x03B50300: 0x1F72,
-	0x03B70300: 0x1F74,
-	0x03B90300: 0x1F76,
-	0x03BF0300: 0x1F78,
-	0x03C50300: 0x1F7A,
-	0x03C90300: 0x1F7C,
-	0x1F000345: 0x1F80,
-	0x1F010345: 0x1F81,
-	0x1F020345: 0x1F82,
-	0x1F030345: 0x1F83,
-	0x1F040345: 0x1F84,
-	0x1F050345: 0x1F85,
-	0x1F060345: 0x1F86,
-	0x1F070345: 0x1F87,
-	0x1F080345: 0x1F88,
-	0x1F090345: 0x1F89,
-	0x1F0A0345: 0x1F8A,
-	0x1F0B0345: 0x1F8B,
-	0x1F0C0345: 0x1F8C,
-	0x1F0D0345: 0x1F8D,
-	0x1F0E0345: 0x1F8E,
-	0x1F0F0345: 0x1F8F,
-	0x1F200345: 0x1F90,
-	0x1F210345: 0x1F91,
-	0x1F220345: 0x1F92,
-	0x1F230345: 0x1F93,
-	0x1F240345: 0x1F94,
-	0x1F250345: 0x1F95,
-	0x1F260345: 0x1F96,
-	0x1F270345: 0x1F97,
-	0x1F280345: 0x1F98,
-	0x1F290345: 0x1F99,
-	0x1F2A0345: 0x1F9A,
-	0x1F2B0345: 0x1F9B,
-	0x1F2C0345: 0x1F9C,
-	0x1F2D0345: 0x1F9D,
-	0x1F2E0345: 0x1F9E,
-	0x1F2F0345: 0x1F9F,
-	0x1F600345: 0x1FA0,
-	0x1F610345: 0x1FA1,
-	0x1F620345: 0x1FA2,
-	0x1F630345: 0x1FA3,
-	0x1F640345: 0x1FA4,
-	0x1F650345: 0x1FA5,
-	0x1F660345: 0x1FA6,
-	0x1F670345: 0x1FA7,
-	0x1F680345: 0x1FA8,
-	0x1F690345: 0x1FA9,
-	0x1F6A0345: 0x1FAA,
-	0x1F6B0345: 0x1FAB,
-	0x1F6C0345: 0x1FAC,
-	0x1F6D0345: 0x1FAD,
-	0x1F6E0345: 0x1FAE,
-	0x1F6F0345: 0x1FAF,
-	0x03B10306: 0x1FB0,
-	0x03B10304: 0x1FB1,
-	0x1F700345: 0x1FB2,
-	0x03B10345: 0x1FB3,
-	0x03AC0345: 0x1FB4,
-	0x03B10342: 0x1FB6,
-	0x1FB60345: 0x1FB7,
-	0x03910306: 0x1FB8,
-	0x03910304: 0x1FB9,
-	0x03910300: 0x1FBA,
-	0x03910345: 0x1FBC,
-	0x00A80342: 0x1FC1,
-	0x1F740345: 0x1FC2,
-	0x03B70345: 0x1FC3,
-	0x03AE0345: 0x1FC4,
-	0x03B70342: 0x1FC6,
-	0x1FC60345: 0x1FC7,
-	0x03950300: 0x1FC8,
-	0x03970300: 0x1FCA,
-	0x03970345: 0x1FCC,
-	0x1FBF0300: 0x1FCD,
-	0x1FBF0301: 0x1FCE,
-	0x1FBF0342: 0x1FCF,
-	0x03B90306: 0x1FD0,
-	0x03B90304: 0x1FD1,
-	0x03CA0300: 0x1FD2,
-	0x03B90342: 0x1FD6,
-	0x03CA0342: 0x1FD7,
-	0x03990306: 0x1FD8,
-	0x03990304: 0x1FD9,
-	0x03990300: 0x1FDA,
-	0x1FFE0300: 0x1FDD,
-	0x1FFE0301: 0x1FDE,
-	0x1FFE0342: 0x1FDF,
-	0x03C50306: 0x1FE0,
-	0x03C50304: 0x1FE1,
-	0x03CB0300: 0x1FE2,
-	0x03C10313: 0x1FE4,
-	0x03C10314: 0x1FE5,
-	0x03C50342: 0x1FE6,
-	0x03CB0342: 0x1FE7,
-	0x03A50306: 0x1FE8,
-	0x03A50304: 0x1FE9,
-	0x03A50300: 0x1FEA,
-	0x03A10314: 0x1FEC,
-	0x00A80300: 0x1FED,
-	0x1F7C0345: 0x1FF2,
-	0x03C90345: 0x1FF3,
-	0x03CE0345: 0x1FF4,
-	0x03C90342: 0x1FF6,
-	0x1FF60345: 0x1FF7,
-	0x039F0300: 0x1FF8,
-	0x03A90300: 0x1FFA,
-	0x03A90345: 0x1FFC,
-	0x21900338: 0x219A,
-	0x21920338: 0x219B,
-	0x21940338: 0x21AE,
-	0x21D00338: 0x21CD,
-	0x21D40338: 0x21CE,
-	0x21D20338: 0x21CF,
-	0x22030338: 0x2204,
-	0x22080338: 0x2209,
-	0x220B0338: 0x220C,
-	0x22230338: 0x2224,
-	0x22250338: 0x2226,
-	0x223C0338: 0x2241,
-	0x22430338: 0x2244,
-	0x22450338: 0x2247,
-	0x22480338: 0x2249,
-	0x003D0338: 0x2260,
-	0x22610338: 0x2262,
-	0x224D0338: 0x226D,
-	0x003C0338: 0x226E,
-	0x003E0338: 0x226F,
-	0x22640338: 0x2270,
-	0x22650338: 0x2271,
-	0x22720338: 0x2274,
-	0x22730338: 0x2275,
-	0x22760338: 0x2278,
-	0x22770338: 0x2279,
-	0x227A0338: 0x2280,
-	0x227B0338: 0x2281,
-	0x22820338: 0x2284,
-	0x22830338: 0x2285,
-	0x22860338: 0x2288,
-	0x22870338: 0x2289,
-	0x22A20338: 0x22AC,
-	0x22A80338: 0x22AD,
-	0x22A90338: 0x22AE,
-	0x22AB0338: 0x22AF,
-	0x227C0338: 0x22E0,
-	0x227D0338: 0x22E1,
-	0x22910338: 0x22E2,
-	0x22920338: 0x22E3,
-	0x22B20338: 0x22EA,
-	0x22B30338: 0x22EB,
-	0x22B40338: 0x22EC,
-	0x22B50338: 0x22ED,
-	0x304B3099: 0x304C,
-	0x304D3099: 0x304E,
-	0x304F3099: 0x3050,
-	0x30513099: 0x3052,
-	0x30533099: 0x3054,
-	0x30553099: 0x3056,
-	0x30573099: 0x3058,
-	0x30593099: 0x305A,
-	0x305B3099: 0x305C,
-	0x305D3099: 0x305E,
-	0x305F3099: 0x3060,
-	0x30613099: 0x3062,
-	0x30643099: 0x3065,
-	0x30663099: 0x3067,
-	0x30683099: 0x3069,
-	0x306F3099: 0x3070,
-	0x306F309A: 0x3071,
-	0x30723099: 0x3073,
-	0x3072309A: 0x3074,
-	0x30753099: 0x3076,
-	0x3075309A: 0x3077,
-	0x30783099: 0x3079,
-	0x3078309A: 0x307A,
-	0x307B3099: 0x307C,
-	0x307B309A: 0x307D,
-	0x30463099: 0x3094,
-	0x309D3099: 0x309E,
-	0x30AB3099: 0x30AC,
-	0x30AD3099: 0x30AE,
-	0x30AF3099: 0x30B0,
-	0x30B13099: 0x30B2,
-	0x30B33099: 0x30B4,
-	0x30B53099: 0x30B6,
-	0x30B73099: 0x30B8,
-	0x30B93099: 0x30BA,
-	0x30BB3099: 0x30BC,
-	0x30BD3099: 0x30BE,
-	0x30BF3099: 0x30C0,
-	0x30C13099: 0x30C2,
-	0x30C43099: 0x30C5,
-	0x30C63099: 0x30C7,
-	0x30C83099: 0x30C9,
-	0x30CF3099: 0x30D0,
-	0x30CF309A: 0x30D1,
-	0x30D23099: 0x30D3,
-	0x30D2309A: 0x30D4,
-	0x30D53099: 0x30D6,
-	0x30D5309A: 0x30D7,
-	0x30D83099: 0x30D9,
-	0x30D8309A: 0x30DA,
-	0x30DB3099: 0x30DC,
-	0x30DB309A: 0x30DD,
-	0x30A63099: 0x30F4,
-	0x30EF3099: 0x30F7,
-	0x30F03099: 0x30F8,
-	0x30F13099: 0x30F9,
-	0x30F23099: 0x30FA,
-	0x30FD3099: 0x30FE,
-	0x109910BA: 0x1109A,
-	0x109B10BA: 0x1109C,
-	0x10A510BA: 0x110AB,
-	0x11311127: 0x1112E,
-	0x11321127: 0x1112F,
-	0x1347133E: 0x1134B,
-	0x13471357: 0x1134C,
-	0x14B914BA: 0x114BB,
-	0x14B914B0: 0x114BC,
-	0x14B914BD: 0x114BE,
-	0x15B815AF: 0x115BA,
-	0x15B915AF: 0x115BB,
-}
+var recompMap map[uint32]rune
+var recompMapOnce sync.Once
 
-// Total size of tables: 53KB (54226 bytes)
+const recompMapPacked = "" +
+	"\x00A\x03\x00\x00\x00\x00\xc0" + // 0x00410300: 0x000000C0
+	"\x00A\x03\x01\x00\x00\x00\xc1" + // 0x00410301: 0x000000C1
+	"\x00A\x03\x02\x00\x00\x00\xc2" + // 0x00410302: 0x000000C2
+	"\x00A\x03\x03\x00\x00\x00\xc3" + // 0x00410303: 0x000000C3
+	"\x00A\x03\b\x00\x00\x00\xc4" + // 0x00410308: 0x000000C4
+	"\x00A\x03\n\x00\x00\x00\xc5" + // 0x0041030A: 0x000000C5
+	"\x00C\x03'\x00\x00\x00\xc7" + // 0x00430327: 0x000000C7
+	"\x00E\x03\x00\x00\x00\x00\xc8" + // 0x00450300: 0x000000C8
+	"\x00E\x03\x01\x00\x00\x00\xc9" + // 0x00450301: 0x000000C9
+	"\x00E\x03\x02\x00\x00\x00\xca" + // 0x00450302: 0x000000CA
+	"\x00E\x03\b\x00\x00\x00\xcb" + // 0x00450308: 0x000000CB
+	"\x00I\x03\x00\x00\x00\x00\xcc" + // 0x00490300: 0x000000CC
+	"\x00I\x03\x01\x00\x00\x00\xcd" + // 0x00490301: 0x000000CD
+	"\x00I\x03\x02\x00\x00\x00\xce" + // 0x00490302: 0x000000CE
+	"\x00I\x03\b\x00\x00\x00\xcf" + // 0x00490308: 0x000000CF
+	"\x00N\x03\x03\x00\x00\x00\xd1" + // 0x004E0303: 0x000000D1
+	"\x00O\x03\x00\x00\x00\x00\xd2" + // 0x004F0300: 0x000000D2
+	"\x00O\x03\x01\x00\x00\x00\xd3" + // 0x004F0301: 0x000000D3
+	"\x00O\x03\x02\x00\x00\x00\xd4" + // 0x004F0302: 0x000000D4
+	"\x00O\x03\x03\x00\x00\x00\xd5" + // 0x004F0303: 0x000000D5
+	"\x00O\x03\b\x00\x00\x00\xd6" + // 0x004F0308: 0x000000D6
+	"\x00U\x03\x00\x00\x00\x00\xd9" + // 0x00550300: 0x000000D9
+	"\x00U\x03\x01\x00\x00\x00\xda" + // 0x00550301: 0x000000DA
+	"\x00U\x03\x02\x00\x00\x00\xdb" + // 0x00550302: 0x000000DB
+	"\x00U\x03\b\x00\x00\x00\xdc" + // 0x00550308: 0x000000DC
+	"\x00Y\x03\x01\x00\x00\x00\xdd" + // 0x00590301: 0x000000DD
+	"\x00a\x03\x00\x00\x00\x00\xe0" + // 0x00610300: 0x000000E0
+	"\x00a\x03\x01\x00\x00\x00\xe1" + // 0x00610301: 0x000000E1
+	"\x00a\x03\x02\x00\x00\x00\xe2" + // 0x00610302: 0x000000E2
+	"\x00a\x03\x03\x00\x00\x00\xe3" + // 0x00610303: 0x000000E3
+	"\x00a\x03\b\x00\x00\x00\xe4" + // 0x00610308: 0x000000E4
+	"\x00a\x03\n\x00\x00\x00\xe5" + // 0x0061030A: 0x000000E5
+	"\x00c\x03'\x00\x00\x00\xe7" + // 0x00630327: 0x000000E7
+	"\x00e\x03\x00\x00\x00\x00\xe8" + // 0x00650300: 0x000000E8
+	"\x00e\x03\x01\x00\x00\x00\xe9" + // 0x00650301: 0x000000E9
+	"\x00e\x03\x02\x00\x00\x00\xea" + // 0x00650302: 0x000000EA
+	"\x00e\x03\b\x00\x00\x00\xeb" + // 0x00650308: 0x000000EB
+	"\x00i\x03\x00\x00\x00\x00\xec" + // 0x00690300: 0x000000EC
+	"\x00i\x03\x01\x00\x00\x00\xed" + // 0x00690301: 0x000000ED
+	"\x00i\x03\x02\x00\x00\x00\xee" + // 0x00690302: 0x000000EE
+	"\x00i\x03\b\x00\x00\x00\xef" + // 0x00690308: 0x000000EF
+	"\x00n\x03\x03\x00\x00\x00\xf1" + // 0x006E0303: 0x000000F1
+	"\x00o\x03\x00\x00\x00\x00\xf2" + // 0x006F0300: 0x000000F2
+	"\x00o\x03\x01\x00\x00\x00\xf3" + // 0x006F0301: 0x000000F3
+	"\x00o\x03\x02\x00\x00\x00\xf4" + // 0x006F0302: 0x000000F4
+	"\x00o\x03\x03\x00\x00\x00\xf5" + // 0x006F0303: 0x000000F5
+	"\x00o\x03\b\x00\x00\x00\xf6" + // 0x006F0308: 0x000000F6
+	"\x00u\x03\x00\x00\x00\x00\xf9" + // 0x00750300: 0x000000F9
+	"\x00u\x03\x01\x00\x00\x00\xfa" + // 0x00750301: 0x000000FA
+	"\x00u\x03\x02\x00\x00\x00\xfb" + // 0x00750302: 0x000000FB
+	"\x00u\x03\b\x00\x00\x00\xfc" + // 0x00750308: 0x000000FC
+	"\x00y\x03\x01\x00\x00\x00\xfd" + // 0x00790301: 0x000000FD
+	"\x00y\x03\b\x00\x00\x00\xff" + // 0x00790308: 0x000000FF
+	"\x00A\x03\x04\x00\x00\x01\x00" + // 0x00410304: 0x00000100
+	"\x00a\x03\x04\x00\x00\x01\x01" + // 0x00610304: 0x00000101
+	"\x00A\x03\x06\x00\x00\x01\x02" + // 0x00410306: 0x00000102
+	"\x00a\x03\x06\x00\x00\x01\x03" + // 0x00610306: 0x00000103
+	"\x00A\x03(\x00\x00\x01\x04" + // 0x00410328: 0x00000104
+	"\x00a\x03(\x00\x00\x01\x05" + // 0x00610328: 0x00000105
+	"\x00C\x03\x01\x00\x00\x01\x06" + // 0x00430301: 0x00000106
+	"\x00c\x03\x01\x00\x00\x01\a" + // 0x00630301: 0x00000107
+	"\x00C\x03\x02\x00\x00\x01\b" + // 0x00430302: 0x00000108
+	"\x00c\x03\x02\x00\x00\x01\t" + // 0x00630302: 0x00000109
+	"\x00C\x03\a\x00\x00\x01\n" + // 0x00430307: 0x0000010A
+	"\x00c\x03\a\x00\x00\x01\v" + // 0x00630307: 0x0000010B
+	"\x00C\x03\f\x00\x00\x01\f" + // 0x0043030C: 0x0000010C
+	"\x00c\x03\f\x00\x00\x01\r" + // 0x0063030C: 0x0000010D
+	"\x00D\x03\f\x00\x00\x01\x0e" + // 0x0044030C: 0x0000010E
+	"\x00d\x03\f\x00\x00\x01\x0f" + // 0x0064030C: 0x0000010F
+	"\x00E\x03\x04\x00\x00\x01\x12" + // 0x00450304: 0x00000112
+	"\x00e\x03\x04\x00\x00\x01\x13" + // 0x00650304: 0x00000113
+	"\x00E\x03\x06\x00\x00\x01\x14" + // 0x00450306: 0x00000114
+	"\x00e\x03\x06\x00\x00\x01\x15" + // 0x00650306: 0x00000115
+	"\x00E\x03\a\x00\x00\x01\x16" + // 0x00450307: 0x00000116
+	"\x00e\x03\a\x00\x00\x01\x17" + // 0x00650307: 0x00000117
+	"\x00E\x03(\x00\x00\x01\x18" + // 0x00450328: 0x00000118
+	"\x00e\x03(\x00\x00\x01\x19" + // 0x00650328: 0x00000119
+	"\x00E\x03\f\x00\x00\x01\x1a" + // 0x0045030C: 0x0000011A
+	"\x00e\x03\f\x00\x00\x01\x1b" + // 0x0065030C: 0x0000011B
+	"\x00G\x03\x02\x00\x00\x01\x1c" + // 0x00470302: 0x0000011C
+	"\x00g\x03\x02\x00\x00\x01\x1d" + // 0x00670302: 0x0000011D
+	"\x00G\x03\x06\x00\x00\x01\x1e" + // 0x00470306: 0x0000011E
+	"\x00g\x03\x06\x00\x00\x01\x1f" + // 0x00670306: 0x0000011F
+	"\x00G\x03\a\x00\x00\x01 " + // 0x00470307: 0x00000120
+	"\x00g\x03\a\x00\x00\x01!" + // 0x00670307: 0x00000121
+	"\x00G\x03'\x00\x00\x01\"" + // 0x00470327: 0x00000122
+	"\x00g\x03'\x00\x00\x01#" + // 0x00670327: 0x00000123
+	"\x00H\x03\x02\x00\x00\x01$" + // 0x00480302: 0x00000124
+	"\x00h\x03\x02\x00\x00\x01%" + // 0x00680302: 0x00000125
+	"\x00I\x03\x03\x00\x00\x01(" + // 0x00490303: 0x00000128
+	"\x00i\x03\x03\x00\x00\x01)" + // 0x00690303: 0x00000129
+	"\x00I\x03\x04\x00\x00\x01*" + // 0x00490304: 0x0000012A
+	"\x00i\x03\x04\x00\x00\x01+" + // 0x00690304: 0x0000012B
+	"\x00I\x03\x06\x00\x00\x01," + // 0x00490306: 0x0000012C
+	"\x00i\x03\x06\x00\x00\x01-" + // 0x00690306: 0x0000012D
+	"\x00I\x03(\x00\x00\x01." + // 0x00490328: 0x0000012E
+	"\x00i\x03(\x00\x00\x01/" + // 0x00690328: 0x0000012F
+	"\x00I\x03\a\x00\x00\x010" + // 0x00490307: 0x00000130
+	"\x00J\x03\x02\x00\x00\x014" + // 0x004A0302: 0x00000134
+	"\x00j\x03\x02\x00\x00\x015" + // 0x006A0302: 0x00000135
+	"\x00K\x03'\x00\x00\x016" + // 0x004B0327: 0x00000136
+	"\x00k\x03'\x00\x00\x017" + // 0x006B0327: 0x00000137
+	"\x00L\x03\x01\x00\x00\x019" + // 0x004C0301: 0x00000139
+	"\x00l\x03\x01\x00\x00\x01:" + // 0x006C0301: 0x0000013A
+	"\x00L\x03'\x00\x00\x01;" + // 0x004C0327: 0x0000013B
+	"\x00l\x03'\x00\x00\x01<" + // 0x006C0327: 0x0000013C
+	"\x00L\x03\f\x00\x00\x01=" + // 0x004C030C: 0x0000013D
+	"\x00l\x03\f\x00\x00\x01>" + // 0x006C030C: 0x0000013E
+	"\x00N\x03\x01\x00\x00\x01C" + // 0x004E0301: 0x00000143
+	"\x00n\x03\x01\x00\x00\x01D" + // 0x006E0301: 0x00000144
+	"\x00N\x03'\x00\x00\x01E" + // 0x004E0327: 0x00000145
+	"\x00n\x03'\x00\x00\x01F" + // 0x006E0327: 0x00000146
+	"\x00N\x03\f\x00\x00\x01G" + // 0x004E030C: 0x00000147
+	"\x00n\x03\f\x00\x00\x01H" + // 0x006E030C: 0x00000148
+	"\x00O\x03\x04\x00\x00\x01L" + // 0x004F0304: 0x0000014C
+	"\x00o\x03\x04\x00\x00\x01M" + // 0x006F0304: 0x0000014D
+	"\x00O\x03\x06\x00\x00\x01N" + // 0x004F0306: 0x0000014E
+	"\x00o\x03\x06\x00\x00\x01O" + // 0x006F0306: 0x0000014F
+	"\x00O\x03\v\x00\x00\x01P" + // 0x004F030B: 0x00000150
+	"\x00o\x03\v\x00\x00\x01Q" + // 0x006F030B: 0x00000151
+	"\x00R\x03\x01\x00\x00\x01T" + // 0x00520301: 0x00000154
+	"\x00r\x03\x01\x00\x00\x01U" + // 0x00720301: 0x00000155
+	"\x00R\x03'\x00\x00\x01V" + // 0x00520327: 0x00000156
+	"\x00r\x03'\x00\x00\x01W" + // 0x00720327: 0x00000157
+	"\x00R\x03\f\x00\x00\x01X" + // 0x0052030C: 0x00000158
+	"\x00r\x03\f\x00\x00\x01Y" + // 0x0072030C: 0x00000159
+	"\x00S\x03\x01\x00\x00\x01Z" + // 0x00530301: 0x0000015A
+	"\x00s\x03\x01\x00\x00\x01[" + // 0x00730301: 0x0000015B
+	"\x00S\x03\x02\x00\x00\x01\\" + // 0x00530302: 0x0000015C
+	"\x00s\x03\x02\x00\x00\x01]" + // 0x00730302: 0x0000015D
+	"\x00S\x03'\x00\x00\x01^" + // 0x00530327: 0x0000015E
+	"\x00s\x03'\x00\x00\x01_" + // 0x00730327: 0x0000015F
+	"\x00S\x03\f\x00\x00\x01`" + // 0x0053030C: 0x00000160
+	"\x00s\x03\f\x00\x00\x01a" + // 0x0073030C: 0x00000161
+	"\x00T\x03'\x00\x00\x01b" + // 0x00540327: 0x00000162
+	"\x00t\x03'\x00\x00\x01c" + // 0x00740327: 0x00000163
+	"\x00T\x03\f\x00\x00\x01d" + // 0x0054030C: 0x00000164
+	"\x00t\x03\f\x00\x00\x01e" + // 0x0074030C: 0x00000165
+	"\x00U\x03\x03\x00\x00\x01h" + // 0x00550303: 0x00000168
+	"\x00u\x03\x03\x00\x00\x01i" + // 0x00750303: 0x00000169
+	"\x00U\x03\x04\x00\x00\x01j" + // 0x00550304: 0x0000016A
+	"\x00u\x03\x04\x00\x00\x01k" + // 0x00750304: 0x0000016B
+	"\x00U\x03\x06\x00\x00\x01l" + // 0x00550306: 0x0000016C
+	"\x00u\x03\x06\x00\x00\x01m" + // 0x00750306: 0x0000016D
+	"\x00U\x03\n\x00\x00\x01n" + // 0x0055030A: 0x0000016E
+	"\x00u\x03\n\x00\x00\x01o" + // 0x0075030A: 0x0000016F
+	"\x00U\x03\v\x00\x00\x01p" + // 0x0055030B: 0x00000170
+	"\x00u\x03\v\x00\x00\x01q" + // 0x0075030B: 0x00000171
+	"\x00U\x03(\x00\x00\x01r" + // 0x00550328: 0x00000172
+	"\x00u\x03(\x00\x00\x01s" + // 0x00750328: 0x00000173
+	"\x00W\x03\x02\x00\x00\x01t" + // 0x00570302: 0x00000174
+	"\x00w\x03\x02\x00\x00\x01u" + // 0x00770302: 0x00000175
+	"\x00Y\x03\x02\x00\x00\x01v" + // 0x00590302: 0x00000176
+	"\x00y\x03\x02\x00\x00\x01w" + // 0x00790302: 0x00000177
+	"\x00Y\x03\b\x00\x00\x01x" + // 0x00590308: 0x00000178
+	"\x00Z\x03\x01\x00\x00\x01y" + // 0x005A0301: 0x00000179
+	"\x00z\x03\x01\x00\x00\x01z" + // 0x007A0301: 0x0000017A
+	"\x00Z\x03\a\x00\x00\x01{" + // 0x005A0307: 0x0000017B
+	"\x00z\x03\a\x00\x00\x01|" + // 0x007A0307: 0x0000017C
+	"\x00Z\x03\f\x00\x00\x01}" + // 0x005A030C: 0x0000017D
+	"\x00z\x03\f\x00\x00\x01~" + // 0x007A030C: 0x0000017E
+	"\x00O\x03\x1b\x00\x00\x01\xa0" + // 0x004F031B: 0x000001A0
+	"\x00o\x03\x1b\x00\x00\x01\xa1" + // 0x006F031B: 0x000001A1
+	"\x00U\x03\x1b\x00\x00\x01\xaf" + // 0x0055031B: 0x000001AF
+	"\x00u\x03\x1b\x00\x00\x01\xb0" + // 0x0075031B: 0x000001B0
+	"\x00A\x03\f\x00\x00\x01\xcd" + // 0x0041030C: 0x000001CD
+	"\x00a\x03\f\x00\x00\x01\xce" + // 0x0061030C: 0x000001CE
+	"\x00I\x03\f\x00\x00\x01\xcf" + // 0x0049030C: 0x000001CF
+	"\x00i\x03\f\x00\x00\x01\xd0" + // 0x0069030C: 0x000001D0
+	"\x00O\x03\f\x00\x00\x01\xd1" + // 0x004F030C: 0x000001D1
+	"\x00o\x03\f\x00\x00\x01\xd2" + // 0x006F030C: 0x000001D2
+	"\x00U\x03\f\x00\x00\x01\xd3" + // 0x0055030C: 0x000001D3
+	"\x00u\x03\f\x00\x00\x01\xd4" + // 0x0075030C: 0x000001D4
+	"\x00\xdc\x03\x04\x00\x00\x01\xd5" + // 0x00DC0304: 0x000001D5
+	"\x00\xfc\x03\x04\x00\x00\x01\xd6" + // 0x00FC0304: 0x000001D6
+	"\x00\xdc\x03\x01\x00\x00\x01\xd7" + // 0x00DC0301: 0x000001D7
+	"\x00\xfc\x03\x01\x00\x00\x01\xd8" + // 0x00FC0301: 0x000001D8
+	"\x00\xdc\x03\f\x00\x00\x01\xd9" + // 0x00DC030C: 0x000001D9
+	"\x00\xfc\x03\f\x00\x00\x01\xda" + // 0x00FC030C: 0x000001DA
+	"\x00\xdc\x03\x00\x00\x00\x01\xdb" + // 0x00DC0300: 0x000001DB
+	"\x00\xfc\x03\x00\x00\x00\x01\xdc" + // 0x00FC0300: 0x000001DC
+	"\x00\xc4\x03\x04\x00\x00\x01\xde" + // 0x00C40304: 0x000001DE
+	"\x00\xe4\x03\x04\x00\x00\x01\xdf" + // 0x00E40304: 0x000001DF
+	"\x02&\x03\x04\x00\x00\x01\xe0" + // 0x02260304: 0x000001E0
+	"\x02'\x03\x04\x00\x00\x01\xe1" + // 0x02270304: 0x000001E1
+	"\x00\xc6\x03\x04\x00\x00\x01\xe2" + // 0x00C60304: 0x000001E2
+	"\x00\xe6\x03\x04\x00\x00\x01\xe3" + // 0x00E60304: 0x000001E3
+	"\x00G\x03\f\x00\x00\x01\xe6" + // 0x0047030C: 0x000001E6
+	"\x00g\x03\f\x00\x00\x01\xe7" + // 0x0067030C: 0x000001E7
+	"\x00K\x03\f\x00\x00\x01\xe8" + // 0x004B030C: 0x000001E8
+	"\x00k\x03\f\x00\x00\x01\xe9" + // 0x006B030C: 0x000001E9
+	"\x00O\x03(\x00\x00\x01\xea" + // 0x004F0328: 0x000001EA
+	"\x00o\x03(\x00\x00\x01\xeb" + // 0x006F0328: 0x000001EB
+	"\x01\xea\x03\x04\x00\x00\x01\xec" + // 0x01EA0304: 0x000001EC
+	"\x01\xeb\x03\x04\x00\x00\x01\xed" + // 0x01EB0304: 0x000001ED
+	"\x01\xb7\x03\f\x00\x00\x01\xee" + // 0x01B7030C: 0x000001EE
+	"\x02\x92\x03\f\x00\x00\x01\xef" + // 0x0292030C: 0x000001EF
+	"\x00j\x03\f\x00\x00\x01\xf0" + // 0x006A030C: 0x000001F0
+	"\x00G\x03\x01\x00\x00\x01\xf4" + // 0x00470301: 0x000001F4
+	"\x00g\x03\x01\x00\x00\x01\xf5" + // 0x00670301: 0x000001F5
+	"\x00N\x03\x00\x00\x00\x01\xf8" + // 0x004E0300: 0x000001F8
+	"\x00n\x03\x00\x00\x00\x01\xf9" + // 0x006E0300: 0x000001F9
+	"\x00\xc5\x03\x01\x00\x00\x01\xfa" + // 0x00C50301: 0x000001FA
+	"\x00\xe5\x03\x01\x00\x00\x01\xfb" + // 0x00E50301: 0x000001FB
+	"\x00\xc6\x03\x01\x00\x00\x01\xfc" + // 0x00C60301: 0x000001FC
+	"\x00\xe6\x03\x01\x00\x00\x01\xfd" + // 0x00E60301: 0x000001FD
+	"\x00\xd8\x03\x01\x00\x00\x01\xfe" + // 0x00D80301: 0x000001FE
+	"\x00\xf8\x03\x01\x00\x00\x01\xff" + // 0x00F80301: 0x000001FF
+	"\x00A\x03\x0f\x00\x00\x02\x00" + // 0x0041030F: 0x00000200
+	"\x00a\x03\x0f\x00\x00\x02\x01" + // 0x0061030F: 0x00000201
+	"\x00A\x03\x11\x00\x00\x02\x02" + // 0x00410311: 0x00000202
+	"\x00a\x03\x11\x00\x00\x02\x03" + // 0x00610311: 0x00000203
+	"\x00E\x03\x0f\x00\x00\x02\x04" + // 0x0045030F: 0x00000204
+	"\x00e\x03\x0f\x00\x00\x02\x05" + // 0x0065030F: 0x00000205
+	"\x00E\x03\x11\x00\x00\x02\x06" + // 0x00450311: 0x00000206
+	"\x00e\x03\x11\x00\x00\x02\a" + // 0x00650311: 0x00000207
+	"\x00I\x03\x0f\x00\x00\x02\b" + // 0x0049030F: 0x00000208
+	"\x00i\x03\x0f\x00\x00\x02\t" + // 0x0069030F: 0x00000209
+	"\x00I\x03\x11\x00\x00\x02\n" + // 0x00490311: 0x0000020A
+	"\x00i\x03\x11\x00\x00\x02\v" + // 0x00690311: 0x0000020B
+	"\x00O\x03\x0f\x00\x00\x02\f" + // 0x004F030F: 0x0000020C
+	"\x00o\x03\x0f\x00\x00\x02\r" + // 0x006F030F: 0x0000020D
+	"\x00O\x03\x11\x00\x00\x02\x0e" + // 0x004F0311: 0x0000020E
+	"\x00o\x03\x11\x00\x00\x02\x0f" + // 0x006F0311: 0x0000020F
+	"\x00R\x03\x0f\x00\x00\x02\x10" + // 0x0052030F: 0x00000210
+	"\x00r\x03\x0f\x00\x00\x02\x11" + // 0x0072030F: 0x00000211
+	"\x00R\x03\x11\x00\x00\x02\x12" + // 0x00520311: 0x00000212
+	"\x00r\x03\x11\x00\x00\x02\x13" + // 0x00720311: 0x00000213
+	"\x00U\x03\x0f\x00\x00\x02\x14" + // 0x0055030F: 0x00000214
+	"\x00u\x03\x0f\x00\x00\x02\x15" + // 0x0075030F: 0x00000215
+	"\x00U\x03\x11\x00\x00\x02\x16" + // 0x00550311: 0x00000216
+	"\x00u\x03\x11\x00\x00\x02\x17" + // 0x00750311: 0x00000217
+	"\x00S\x03&\x00\x00\x02\x18" + // 0x00530326: 0x00000218
+	"\x00s\x03&\x00\x00\x02\x19" + // 0x00730326: 0x00000219
+	"\x00T\x03&\x00\x00\x02\x1a" + // 0x00540326: 0x0000021A
+	"\x00t\x03&\x00\x00\x02\x1b" + // 0x00740326: 0x0000021B
+	"\x00H\x03\f\x00\x00\x02\x1e" + // 0x0048030C: 0x0000021E
+	"\x00h\x03\f\x00\x00\x02\x1f" + // 0x0068030C: 0x0000021F
+	"\x00A\x03\a\x00\x00\x02&" + // 0x00410307: 0x00000226
+	"\x00a\x03\a\x00\x00\x02'" + // 0x00610307: 0x00000227
+	"\x00E\x03'\x00\x00\x02(" + // 0x00450327: 0x00000228
+	"\x00e\x03'\x00\x00\x02)" + // 0x00650327: 0x00000229
+	"\x00\xd6\x03\x04\x00\x00\x02*" + // 0x00D60304: 0x0000022A
+	"\x00\xf6\x03\x04\x00\x00\x02+" + // 0x00F60304: 0x0000022B
+	"\x00\xd5\x03\x04\x00\x00\x02," + // 0x00D50304: 0x0000022C
+	"\x00\xf5\x03\x04\x00\x00\x02-" + // 0x00F50304: 0x0000022D
+	"\x00O\x03\a\x00\x00\x02." + // 0x004F0307: 0x0000022E
+	"\x00o\x03\a\x00\x00\x02/" + // 0x006F0307: 0x0000022F
+	"\x02.\x03\x04\x00\x00\x020" + // 0x022E0304: 0x00000230
+	"\x02/\x03\x04\x00\x00\x021" + // 0x022F0304: 0x00000231
+	"\x00Y\x03\x04\x00\x00\x022" + // 0x00590304: 0x00000232
+	"\x00y\x03\x04\x00\x00\x023" + // 0x00790304: 0x00000233
+	"\x00\xa8\x03\x01\x00\x00\x03\x85" + // 0x00A80301: 0x00000385
+	"\x03\x91\x03\x01\x00\x00\x03\x86" + // 0x03910301: 0x00000386
+	"\x03\x95\x03\x01\x00\x00\x03\x88" + // 0x03950301: 0x00000388
+	"\x03\x97\x03\x01\x00\x00\x03\x89" + // 0x03970301: 0x00000389
+	"\x03\x99\x03\x01\x00\x00\x03\x8a" + // 0x03990301: 0x0000038A
+	"\x03\x9f\x03\x01\x00\x00\x03\x8c" + // 0x039F0301: 0x0000038C
+	"\x03\xa5\x03\x01\x00\x00\x03\x8e" + // 0x03A50301: 0x0000038E
+	"\x03\xa9\x03\x01\x00\x00\x03\x8f" + // 0x03A90301: 0x0000038F
+	"\x03\xca\x03\x01\x00\x00\x03\x90" + // 0x03CA0301: 0x00000390
+	"\x03\x99\x03\b\x00\x00\x03\xaa" + // 0x03990308: 0x000003AA
+	"\x03\xa5\x03\b\x00\x00\x03\xab" + // 0x03A50308: 0x000003AB
+	"\x03\xb1\x03\x01\x00\x00\x03\xac" + // 0x03B10301: 0x000003AC
+	"\x03\xb5\x03\x01\x00\x00\x03\xad" + // 0x03B50301: 0x000003AD
+	"\x03\xb7\x03\x01\x00\x00\x03\xae" + // 0x03B70301: 0x000003AE
+	"\x03\xb9\x03\x01\x00\x00\x03\xaf" + // 0x03B90301: 0x000003AF
+	"\x03\xcb\x03\x01\x00\x00\x03\xb0" + // 0x03CB0301: 0x000003B0
+	"\x03\xb9\x03\b\x00\x00\x03\xca" + // 0x03B90308: 0x000003CA
+	"\x03\xc5\x03\b\x00\x00\x03\xcb" + // 0x03C50308: 0x000003CB
+	"\x03\xbf\x03\x01\x00\x00\x03\xcc" + // 0x03BF0301: 0x000003CC
+	"\x03\xc5\x03\x01\x00\x00\x03\xcd" + // 0x03C50301: 0x000003CD
+	"\x03\xc9\x03\x01\x00\x00\x03\xce" + // 0x03C90301: 0x000003CE
+	"\x03\xd2\x03\x01\x00\x00\x03\xd3" + // 0x03D20301: 0x000003D3
+	"\x03\xd2\x03\b\x00\x00\x03\xd4" + // 0x03D20308: 0x000003D4
+	"\x04\x15\x03\x00\x00\x00\x04\x00" + // 0x04150300: 0x00000400
+	"\x04\x15\x03\b\x00\x00\x04\x01" + // 0x04150308: 0x00000401
+	"\x04\x13\x03\x01\x00\x00\x04\x03" + // 0x04130301: 0x00000403
+	"\x04\x06\x03\b\x00\x00\x04\a" + // 0x04060308: 0x00000407
+	"\x04\x1a\x03\x01\x00\x00\x04\f" + // 0x041A0301: 0x0000040C
+	"\x04\x18\x03\x00\x00\x00\x04\r" + // 0x04180300: 0x0000040D
+	"\x04#\x03\x06\x00\x00\x04\x0e" + // 0x04230306: 0x0000040E
+	"\x04\x18\x03\x06\x00\x00\x04\x19" + // 0x04180306: 0x00000419
+	"\x048\x03\x06\x00\x00\x049" + // 0x04380306: 0x00000439
+	"\x045\x03\x00\x00\x00\x04P" + // 0x04350300: 0x00000450
+	"\x045\x03\b\x00\x00\x04Q" + // 0x04350308: 0x00000451
+	"\x043\x03\x01\x00\x00\x04S" + // 0x04330301: 0x00000453
+	"\x04V\x03\b\x00\x00\x04W" + // 0x04560308: 0x00000457
+	"\x04:\x03\x01\x00\x00\x04\\" + // 0x043A0301: 0x0000045C
+	"\x048\x03\x00\x00\x00\x04]" + // 0x04380300: 0x0000045D
+	"\x04C\x03\x06\x00\x00\x04^" + // 0x04430306: 0x0000045E
+	"\x04t\x03\x0f\x00\x00\x04v" + // 0x0474030F: 0x00000476
+	"\x04u\x03\x0f\x00\x00\x04w" + // 0x0475030F: 0x00000477
+	"\x04\x16\x03\x06\x00\x00\x04\xc1" + // 0x04160306: 0x000004C1
+	"\x046\x03\x06\x00\x00\x04\xc2" + // 0x04360306: 0x000004C2
+	"\x04\x10\x03\x06\x00\x00\x04\xd0" + // 0x04100306: 0x000004D0
+	"\x040\x03\x06\x00\x00\x04\xd1" + // 0x04300306: 0x000004D1
+	"\x04\x10\x03\b\x00\x00\x04\xd2" + // 0x04100308: 0x000004D2
+	"\x040\x03\b\x00\x00\x04\xd3" + // 0x04300308: 0x000004D3
+	"\x04\x15\x03\x06\x00\x00\x04\xd6" + // 0x04150306: 0x000004D6
+	"\x045\x03\x06\x00\x00\x04\xd7" + // 0x04350306: 0x000004D7
+	"\x04\xd8\x03\b\x00\x00\x04\xda" + // 0x04D80308: 0x000004DA
+	"\x04\xd9\x03\b\x00\x00\x04\xdb" + // 0x04D90308: 0x000004DB
+	"\x04\x16\x03\b\x00\x00\x04\xdc" + // 0x04160308: 0x000004DC
+	"\x046\x03\b\x00\x00\x04\xdd" + // 0x04360308: 0x000004DD
+	"\x04\x17\x03\b\x00\x00\x04\xde" + // 0x04170308: 0x000004DE
+	"\x047\x03\b\x00\x00\x04\xdf" + // 0x04370308: 0x000004DF
+	"\x04\x18\x03\x04\x00\x00\x04\xe2" + // 0x04180304: 0x000004E2
+	"\x048\x03\x04\x00\x00\x04\xe3" + // 0x04380304: 0x000004E3
+	"\x04\x18\x03\b\x00\x00\x04\xe4" + // 0x04180308: 0x000004E4
+	"\x048\x03\b\x00\x00\x04\xe5" + // 0x04380308: 0x000004E5
+	"\x04\x1e\x03\b\x00\x00\x04\xe6" + // 0x041E0308: 0x000004E6
+	"\x04>\x03\b\x00\x00\x04\xe7" + // 0x043E0308: 0x000004E7
+	"\x04\xe8\x03\b\x00\x00\x04\xea" + // 0x04E80308: 0x000004EA
+	"\x04\xe9\x03\b\x00\x00\x04\xeb" + // 0x04E90308: 0x000004EB
+	"\x04-\x03\b\x00\x00\x04\xec" + // 0x042D0308: 0x000004EC
+	"\x04M\x03\b\x00\x00\x04\xed" + // 0x044D0308: 0x000004ED
+	"\x04#\x03\x04\x00\x00\x04\xee" + // 0x04230304: 0x000004EE
+	"\x04C\x03\x04\x00\x00\x04\xef" + // 0x04430304: 0x000004EF
+	"\x04#\x03\b\x00\x00\x04\xf0" + // 0x04230308: 0x000004F0
+	"\x04C\x03\b\x00\x00\x04\xf1" + // 0x04430308: 0x000004F1
+	"\x04#\x03\v\x00\x00\x04\xf2" + // 0x0423030B: 0x000004F2
+	"\x04C\x03\v\x00\x00\x04\xf3" + // 0x0443030B: 0x000004F3
+	"\x04'\x03\b\x00\x00\x04\xf4" + // 0x04270308: 0x000004F4
+	"\x04G\x03\b\x00\x00\x04\xf5" + // 0x04470308: 0x000004F5
+	"\x04+\x03\b\x00\x00\x04\xf8" + // 0x042B0308: 0x000004F8
+	"\x04K\x03\b\x00\x00\x04\xf9" + // 0x044B0308: 0x000004F9
+	"\x06'\x06S\x00\x00\x06\"" + // 0x06270653: 0x00000622
+	"\x06'\x06T\x00\x00\x06#" + // 0x06270654: 0x00000623
+	"\x06H\x06T\x00\x00\x06$" + // 0x06480654: 0x00000624
+	"\x06'\x06U\x00\x00\x06%" + // 0x06270655: 0x00000625
+	"\x06J\x06T\x00\x00\x06&" + // 0x064A0654: 0x00000626
+	"\x06\xd5\x06T\x00\x00\x06\xc0" + // 0x06D50654: 0x000006C0
+	"\x06\xc1\x06T\x00\x00\x06\xc2" + // 0x06C10654: 0x000006C2
+	"\x06\xd2\x06T\x00\x00\x06\xd3" + // 0x06D20654: 0x000006D3
+	"\t(\t<\x00\x00\t)" + // 0x0928093C: 0x00000929
+	"\t0\t<\x00\x00\t1" + // 0x0930093C: 0x00000931
+	"\t3\t<\x00\x00\t4" + // 0x0933093C: 0x00000934
+	"\t\xc7\t\xbe\x00\x00\t\xcb" + // 0x09C709BE: 0x000009CB
+	"\t\xc7\t\xd7\x00\x00\t\xcc" + // 0x09C709D7: 0x000009CC
+	"\vG\vV\x00\x00\vH" + // 0x0B470B56: 0x00000B48
+	"\vG\v>\x00\x00\vK" + // 0x0B470B3E: 0x00000B4B
+	"\vG\vW\x00\x00\vL" + // 0x0B470B57: 0x00000B4C
+	"\v\x92\v\xd7\x00\x00\v\x94" + // 0x0B920BD7: 0x00000B94
+	"\v\xc6\v\xbe\x00\x00\v\xca" + // 0x0BC60BBE: 0x00000BCA
+	"\v\xc7\v\xbe\x00\x00\v\xcb" + // 0x0BC70BBE: 0x00000BCB
+	"\v\xc6\v\xd7\x00\x00\v\xcc" + // 0x0BC60BD7: 0x00000BCC
+	"\fF\fV\x00\x00\fH" + // 0x0C460C56: 0x00000C48
+	"\f\xbf\f\xd5\x00\x00\f\xc0" + // 0x0CBF0CD5: 0x00000CC0
+	"\f\xc6\f\xd5\x00\x00\f\xc7" + // 0x0CC60CD5: 0x00000CC7
+	"\f\xc6\f\xd6\x00\x00\f\xc8" + // 0x0CC60CD6: 0x00000CC8
+	"\f\xc6\f\xc2\x00\x00\f\xca" + // 0x0CC60CC2: 0x00000CCA
+	"\f\xca\f\xd5\x00\x00\f\xcb" + // 0x0CCA0CD5: 0x00000CCB
+	"\rF\r>\x00\x00\rJ" + // 0x0D460D3E: 0x00000D4A
+	"\rG\r>\x00\x00\rK" + // 0x0D470D3E: 0x00000D4B
+	"\rF\rW\x00\x00\rL" + // 0x0D460D57: 0x00000D4C
+	"\r\xd9\r\xca\x00\x00\r\xda" + // 0x0DD90DCA: 0x00000DDA
+	"\r\xd9\r\xcf\x00\x00\r\xdc" + // 0x0DD90DCF: 0x00000DDC
+	"\r\xdc\r\xca\x00\x00\r\xdd" + // 0x0DDC0DCA: 0x00000DDD
+	"\r\xd9\r\xdf\x00\x00\r\xde" + // 0x0DD90DDF: 0x00000DDE
+	"\x10%\x10.\x00\x00\x10&" + // 0x1025102E: 0x00001026
+	"\x1b\x05\x1b5\x00\x00\x1b\x06" + // 0x1B051B35: 0x00001B06
+	"\x1b\a\x1b5\x00\x00\x1b\b" + // 0x1B071B35: 0x00001B08
+	"\x1b\t\x1b5\x00\x00\x1b\n" + // 0x1B091B35: 0x00001B0A
+	"\x1b\v\x1b5\x00\x00\x1b\f" + // 0x1B0B1B35: 0x00001B0C
+	"\x1b\r\x1b5\x00\x00\x1b\x0e" + // 0x1B0D1B35: 0x00001B0E
+	"\x1b\x11\x1b5\x00\x00\x1b\x12" + // 0x1B111B35: 0x00001B12
+	"\x1b:\x1b5\x00\x00\x1b;" + // 0x1B3A1B35: 0x00001B3B
+	"\x1b<\x1b5\x00\x00\x1b=" + // 0x1B3C1B35: 0x00001B3D
+	"\x1b>\x1b5\x00\x00\x1b@" + // 0x1B3E1B35: 0x00001B40
+	"\x1b?\x1b5\x00\x00\x1bA" + // 0x1B3F1B35: 0x00001B41
+	"\x1bB\x1b5\x00\x00\x1bC" + // 0x1B421B35: 0x00001B43
+	"\x00A\x03%\x00\x00\x1e\x00" + // 0x00410325: 0x00001E00
+	"\x00a\x03%\x00\x00\x1e\x01" + // 0x00610325: 0x00001E01
+	"\x00B\x03\a\x00\x00\x1e\x02" + // 0x00420307: 0x00001E02
+	"\x00b\x03\a\x00\x00\x1e\x03" + // 0x00620307: 0x00001E03
+	"\x00B\x03#\x00\x00\x1e\x04" + // 0x00420323: 0x00001E04
+	"\x00b\x03#\x00\x00\x1e\x05" + // 0x00620323: 0x00001E05
+	"\x00B\x031\x00\x00\x1e\x06" + // 0x00420331: 0x00001E06
+	"\x00b\x031\x00\x00\x1e\a" + // 0x00620331: 0x00001E07
+	"\x00\xc7\x03\x01\x00\x00\x1e\b" + // 0x00C70301: 0x00001E08
+	"\x00\xe7\x03\x01\x00\x00\x1e\t" + // 0x00E70301: 0x00001E09
+	"\x00D\x03\a\x00\x00\x1e\n" + // 0x00440307: 0x00001E0A
+	"\x00d\x03\a\x00\x00\x1e\v" + // 0x00640307: 0x00001E0B
+	"\x00D\x03#\x00\x00\x1e\f" + // 0x00440323: 0x00001E0C
+	"\x00d\x03#\x00\x00\x1e\r" + // 0x00640323: 0x00001E0D
+	"\x00D\x031\x00\x00\x1e\x0e" + // 0x00440331: 0x00001E0E
+	"\x00d\x031\x00\x00\x1e\x0f" + // 0x00640331: 0x00001E0F
+	"\x00D\x03'\x00\x00\x1e\x10" + // 0x00440327: 0x00001E10
+	"\x00d\x03'\x00\x00\x1e\x11" + // 0x00640327: 0x00001E11
+	"\x00D\x03-\x00\x00\x1e\x12" + // 0x0044032D: 0x00001E12
+	"\x00d\x03-\x00\x00\x1e\x13" + // 0x0064032D: 0x00001E13
+	"\x01\x12\x03\x00\x00\x00\x1e\x14" + // 0x01120300: 0x00001E14
+	"\x01\x13\x03\x00\x00\x00\x1e\x15" + // 0x01130300: 0x00001E15
+	"\x01\x12\x03\x01\x00\x00\x1e\x16" + // 0x01120301: 0x00001E16
+	"\x01\x13\x03\x01\x00\x00\x1e\x17" + // 0x01130301: 0x00001E17
+	"\x00E\x03-\x00\x00\x1e\x18" + // 0x0045032D: 0x00001E18
+	"\x00e\x03-\x00\x00\x1e\x19" + // 0x0065032D: 0x00001E19
+	"\x00E\x030\x00\x00\x1e\x1a" + // 0x00450330: 0x00001E1A
+	"\x00e\x030\x00\x00\x1e\x1b" + // 0x00650330: 0x00001E1B
+	"\x02(\x03\x06\x00\x00\x1e\x1c" + // 0x02280306: 0x00001E1C
+	"\x02)\x03\x06\x00\x00\x1e\x1d" + // 0x02290306: 0x00001E1D
+	"\x00F\x03\a\x00\x00\x1e\x1e" + // 0x00460307: 0x00001E1E
+	"\x00f\x03\a\x00\x00\x1e\x1f" + // 0x00660307: 0x00001E1F
+	"\x00G\x03\x04\x00\x00\x1e " + // 0x00470304: 0x00001E20
+	"\x00g\x03\x04\x00\x00\x1e!" + // 0x00670304: 0x00001E21
+	"\x00H\x03\a\x00\x00\x1e\"" + // 0x00480307: 0x00001E22
+	"\x00h\x03\a\x00\x00\x1e#" + // 0x00680307: 0x00001E23
+	"\x00H\x03#\x00\x00\x1e$" + // 0x00480323: 0x00001E24
+	"\x00h\x03#\x00\x00\x1e%" + // 0x00680323: 0x00001E25
+	"\x00H\x03\b\x00\x00\x1e&" + // 0x00480308: 0x00001E26
+	"\x00h\x03\b\x00\x00\x1e'" + // 0x00680308: 0x00001E27
+	"\x00H\x03'\x00\x00\x1e(" + // 0x00480327: 0x00001E28
+	"\x00h\x03'\x00\x00\x1e)" + // 0x00680327: 0x00001E29
+	"\x00H\x03.\x00\x00\x1e*" + // 0x0048032E: 0x00001E2A
+	"\x00h\x03.\x00\x00\x1e+" + // 0x0068032E: 0x00001E2B
+	"\x00I\x030\x00\x00\x1e," + // 0x00490330: 0x00001E2C
+	"\x00i\x030\x00\x00\x1e-" + // 0x00690330: 0x00001E2D
+	"\x00\xcf\x03\x01\x00\x00\x1e." + // 0x00CF0301: 0x00001E2E
+	"\x00\xef\x03\x01\x00\x00\x1e/" + // 0x00EF0301: 0x00001E2F
+	"\x00K\x03\x01\x00\x00\x1e0" + // 0x004B0301: 0x00001E30
+	"\x00k\x03\x01\x00\x00\x1e1" + // 0x006B0301: 0x00001E31
+	"\x00K\x03#\x00\x00\x1e2" + // 0x004B0323: 0x00001E32
+	"\x00k\x03#\x00\x00\x1e3" + // 0x006B0323: 0x00001E33
+	"\x00K\x031\x00\x00\x1e4" + // 0x004B0331: 0x00001E34
+	"\x00k\x031\x00\x00\x1e5" + // 0x006B0331: 0x00001E35
+	"\x00L\x03#\x00\x00\x1e6" + // 0x004C0323: 0x00001E36
+	"\x00l\x03#\x00\x00\x1e7" + // 0x006C0323: 0x00001E37
+	"\x1e6\x03\x04\x00\x00\x1e8" + // 0x1E360304: 0x00001E38
+	"\x1e7\x03\x04\x00\x00\x1e9" + // 0x1E370304: 0x00001E39
+	"\x00L\x031\x00\x00\x1e:" + // 0x004C0331: 0x00001E3A
+	"\x00l\x031\x00\x00\x1e;" + // 0x006C0331: 0x00001E3B
+	"\x00L\x03-\x00\x00\x1e<" + // 0x004C032D: 0x00001E3C
+	"\x00l\x03-\x00\x00\x1e=" + // 0x006C032D: 0x00001E3D
+	"\x00M\x03\x01\x00\x00\x1e>" + // 0x004D0301: 0x00001E3E
+	"\x00m\x03\x01\x00\x00\x1e?" + // 0x006D0301: 0x00001E3F
+	"\x00M\x03\a\x00\x00\x1e@" + // 0x004D0307: 0x00001E40
+	"\x00m\x03\a\x00\x00\x1eA" + // 0x006D0307: 0x00001E41
+	"\x00M\x03#\x00\x00\x1eB" + // 0x004D0323: 0x00001E42
+	"\x00m\x03#\x00\x00\x1eC" + // 0x006D0323: 0x00001E43
+	"\x00N\x03\a\x00\x00\x1eD" + // 0x004E0307: 0x00001E44
+	"\x00n\x03\a\x00\x00\x1eE" + // 0x006E0307: 0x00001E45
+	"\x00N\x03#\x00\x00\x1eF" + // 0x004E0323: 0x00001E46
+	"\x00n\x03#\x00\x00\x1eG" + // 0x006E0323: 0x00001E47
+	"\x00N\x031\x00\x00\x1eH" + // 0x004E0331: 0x00001E48
+	"\x00n\x031\x00\x00\x1eI" + // 0x006E0331: 0x00001E49
+	"\x00N\x03-\x00\x00\x1eJ" + // 0x004E032D: 0x00001E4A
+	"\x00n\x03-\x00\x00\x1eK" + // 0x006E032D: 0x00001E4B
+	"\x00\xd5\x03\x01\x00\x00\x1eL" + // 0x00D50301: 0x00001E4C
+	"\x00\xf5\x03\x01\x00\x00\x1eM" + // 0x00F50301: 0x00001E4D
+	"\x00\xd5\x03\b\x00\x00\x1eN" + // 0x00D50308: 0x00001E4E
+	"\x00\xf5\x03\b\x00\x00\x1eO" + // 0x00F50308: 0x00001E4F
+	"\x01L\x03\x00\x00\x00\x1eP" + // 0x014C0300: 0x00001E50
+	"\x01M\x03\x00\x00\x00\x1eQ" + // 0x014D0300: 0x00001E51
+	"\x01L\x03\x01\x00\x00\x1eR" + // 0x014C0301: 0x00001E52
+	"\x01M\x03\x01\x00\x00\x1eS" + // 0x014D0301: 0x00001E53
+	"\x00P\x03\x01\x00\x00\x1eT" + // 0x00500301: 0x00001E54
+	"\x00p\x03\x01\x00\x00\x1eU" + // 0x00700301: 0x00001E55
+	"\x00P\x03\a\x00\x00\x1eV" + // 0x00500307: 0x00001E56
+	"\x00p\x03\a\x00\x00\x1eW" + // 0x00700307: 0x00001E57
+	"\x00R\x03\a\x00\x00\x1eX" + // 0x00520307: 0x00001E58
+	"\x00r\x03\a\x00\x00\x1eY" + // 0x00720307: 0x00001E59
+	"\x00R\x03#\x00\x00\x1eZ" + // 0x00520323: 0x00001E5A
+	"\x00r\x03#\x00\x00\x1e[" + // 0x00720323: 0x00001E5B
+	"\x1eZ\x03\x04\x00\x00\x1e\\" + // 0x1E5A0304: 0x00001E5C
+	"\x1e[\x03\x04\x00\x00\x1e]" + // 0x1E5B0304: 0x00001E5D
+	"\x00R\x031\x00\x00\x1e^" + // 0x00520331: 0x00001E5E
+	"\x00r\x031\x00\x00\x1e_" + // 0x00720331: 0x00001E5F
+	"\x00S\x03\a\x00\x00\x1e`" + // 0x00530307: 0x00001E60
+	"\x00s\x03\a\x00\x00\x1ea" + // 0x00730307: 0x00001E61
+	"\x00S\x03#\x00\x00\x1eb" + // 0x00530323: 0x00001E62
+	"\x00s\x03#\x00\x00\x1ec" + // 0x00730323: 0x00001E63
+	"\x01Z\x03\a\x00\x00\x1ed" + // 0x015A0307: 0x00001E64
+	"\x01[\x03\a\x00\x00\x1ee" + // 0x015B0307: 0x00001E65
+	"\x01`\x03\a\x00\x00\x1ef" + // 0x01600307: 0x00001E66
+	"\x01a\x03\a\x00\x00\x1eg" + // 0x01610307: 0x00001E67
+	"\x1eb\x03\a\x00\x00\x1eh" + // 0x1E620307: 0x00001E68
+	"\x1ec\x03\a\x00\x00\x1ei" + // 0x1E630307: 0x00001E69
+	"\x00T\x03\a\x00\x00\x1ej" + // 0x00540307: 0x00001E6A
+	"\x00t\x03\a\x00\x00\x1ek" + // 0x00740307: 0x00001E6B
+	"\x00T\x03#\x00\x00\x1el" + // 0x00540323: 0x00001E6C
+	"\x00t\x03#\x00\x00\x1em" + // 0x00740323: 0x00001E6D
+	"\x00T\x031\x00\x00\x1en" + // 0x00540331: 0x00001E6E
+	"\x00t\x031\x00\x00\x1eo" + // 0x00740331: 0x00001E6F
+	"\x00T\x03-\x00\x00\x1ep" + // 0x0054032D: 0x00001E70
+	"\x00t\x03-\x00\x00\x1eq" + // 0x0074032D: 0x00001E71
+	"\x00U\x03$\x00\x00\x1er" + // 0x00550324: 0x00001E72
+	"\x00u\x03$\x00\x00\x1es" + // 0x00750324: 0x00001E73
+	"\x00U\x030\x00\x00\x1et" + // 0x00550330: 0x00001E74
+	"\x00u\x030\x00\x00\x1eu" + // 0x00750330: 0x00001E75
+	"\x00U\x03-\x00\x00\x1ev" + // 0x0055032D: 0x00001E76
+	"\x00u\x03-\x00\x00\x1ew" + // 0x0075032D: 0x00001E77
+	"\x01h\x03\x01\x00\x00\x1ex" + // 0x01680301: 0x00001E78
+	"\x01i\x03\x01\x00\x00\x1ey" + // 0x01690301: 0x00001E79
+	"\x01j\x03\b\x00\x00\x1ez" + // 0x016A0308: 0x00001E7A
+	"\x01k\x03\b\x00\x00\x1e{" + // 0x016B0308: 0x00001E7B
+	"\x00V\x03\x03\x00\x00\x1e|" + // 0x00560303: 0x00001E7C
+	"\x00v\x03\x03\x00\x00\x1e}" + // 0x00760303: 0x00001E7D
+	"\x00V\x03#\x00\x00\x1e~" + // 0x00560323: 0x00001E7E
+	"\x00v\x03#\x00\x00\x1e\u007f" + // 0x00760323: 0x00001E7F
+	"\x00W\x03\x00\x00\x00\x1e\x80" + // 0x00570300: 0x00001E80
+	"\x00w\x03\x00\x00\x00\x1e\x81" + // 0x00770300: 0x00001E81
+	"\x00W\x03\x01\x00\x00\x1e\x82" + // 0x00570301: 0x00001E82
+	"\x00w\x03\x01\x00\x00\x1e\x83" + // 0x00770301: 0x00001E83
+	"\x00W\x03\b\x00\x00\x1e\x84" + // 0x00570308: 0x00001E84
+	"\x00w\x03\b\x00\x00\x1e\x85" + // 0x00770308: 0x00001E85
+	"\x00W\x03\a\x00\x00\x1e\x86" + // 0x00570307: 0x00001E86
+	"\x00w\x03\a\x00\x00\x1e\x87" + // 0x00770307: 0x00001E87
+	"\x00W\x03#\x00\x00\x1e\x88" + // 0x00570323: 0x00001E88
+	"\x00w\x03#\x00\x00\x1e\x89" + // 0x00770323: 0x00001E89
+	"\x00X\x03\a\x00\x00\x1e\x8a" + // 0x00580307: 0x00001E8A
+	"\x00x\x03\a\x00\x00\x1e\x8b" + // 0x00780307: 0x00001E8B
+	"\x00X\x03\b\x00\x00\x1e\x8c" + // 0x00580308: 0x00001E8C
+	"\x00x\x03\b\x00\x00\x1e\x8d" + // 0x00780308: 0x00001E8D
+	"\x00Y\x03\a\x00\x00\x1e\x8e" + // 0x00590307: 0x00001E8E
+	"\x00y\x03\a\x00\x00\x1e\x8f" + // 0x00790307: 0x00001E8F
+	"\x00Z\x03\x02\x00\x00\x1e\x90" + // 0x005A0302: 0x00001E90
+	"\x00z\x03\x02\x00\x00\x1e\x91" + // 0x007A0302: 0x00001E91
+	"\x00Z\x03#\x00\x00\x1e\x92" + // 0x005A0323: 0x00001E92
+	"\x00z\x03#\x00\x00\x1e\x93" + // 0x007A0323: 0x00001E93
+	"\x00Z\x031\x00\x00\x1e\x94" + // 0x005A0331: 0x00001E94
+	"\x00z\x031\x00\x00\x1e\x95" + // 0x007A0331: 0x00001E95
+	"\x00h\x031\x00\x00\x1e\x96" + // 0x00680331: 0x00001E96
+	"\x00t\x03\b\x00\x00\x1e\x97" + // 0x00740308: 0x00001E97
+	"\x00w\x03\n\x00\x00\x1e\x98" + // 0x0077030A: 0x00001E98
+	"\x00y\x03\n\x00\x00\x1e\x99" + // 0x0079030A: 0x00001E99
+	"\x01\u007f\x03\a\x00\x00\x1e\x9b" + // 0x017F0307: 0x00001E9B
+	"\x00A\x03#\x00\x00\x1e\xa0" + // 0x00410323: 0x00001EA0
+	"\x00a\x03#\x00\x00\x1e\xa1" + // 0x00610323: 0x00001EA1
+	"\x00A\x03\t\x00\x00\x1e\xa2" + // 0x00410309: 0x00001EA2
+	"\x00a\x03\t\x00\x00\x1e\xa3" + // 0x00610309: 0x00001EA3
+	"\x00\xc2\x03\x01\x00\x00\x1e\xa4" + // 0x00C20301: 0x00001EA4
+	"\x00\xe2\x03\x01\x00\x00\x1e\xa5" + // 0x00E20301: 0x00001EA5
+	"\x00\xc2\x03\x00\x00\x00\x1e\xa6" + // 0x00C20300: 0x00001EA6
+	"\x00\xe2\x03\x00\x00\x00\x1e\xa7" + // 0x00E20300: 0x00001EA7
+	"\x00\xc2\x03\t\x00\x00\x1e\xa8" + // 0x00C20309: 0x00001EA8
+	"\x00\xe2\x03\t\x00\x00\x1e\xa9" + // 0x00E20309: 0x00001EA9
+	"\x00\xc2\x03\x03\x00\x00\x1e\xaa" + // 0x00C20303: 0x00001EAA
+	"\x00\xe2\x03\x03\x00\x00\x1e\xab" + // 0x00E20303: 0x00001EAB
+	"\x1e\xa0\x03\x02\x00\x00\x1e\xac" + // 0x1EA00302: 0x00001EAC
+	"\x1e\xa1\x03\x02\x00\x00\x1e\xad" + // 0x1EA10302: 0x00001EAD
+	"\x01\x02\x03\x01\x00\x00\x1e\xae" + // 0x01020301: 0x00001EAE
+	"\x01\x03\x03\x01\x00\x00\x1e\xaf" + // 0x01030301: 0x00001EAF
+	"\x01\x02\x03\x00\x00\x00\x1e\xb0" + // 0x01020300: 0x00001EB0
+	"\x01\x03\x03\x00\x00\x00\x1e\xb1" + // 0x01030300: 0x00001EB1
+	"\x01\x02\x03\t\x00\x00\x1e\xb2" + // 0x01020309: 0x00001EB2
+	"\x01\x03\x03\t\x00\x00\x1e\xb3" + // 0x01030309: 0x00001EB3
+	"\x01\x02\x03\x03\x00\x00\x1e\xb4" + // 0x01020303: 0x00001EB4
+	"\x01\x03\x03\x03\x00\x00\x1e\xb5" + // 0x01030303: 0x00001EB5
+	"\x1e\xa0\x03\x06\x00\x00\x1e\xb6" + // 0x1EA00306: 0x00001EB6
+	"\x1e\xa1\x03\x06\x00\x00\x1e\xb7" + // 0x1EA10306: 0x00001EB7
+	"\x00E\x03#\x00\x00\x1e\xb8" + // 0x00450323: 0x00001EB8
+	"\x00e\x03#\x00\x00\x1e\xb9" + // 0x00650323: 0x00001EB9
+	"\x00E\x03\t\x00\x00\x1e\xba" + // 0x00450309: 0x00001EBA
+	"\x00e\x03\t\x00\x00\x1e\xbb" + // 0x00650309: 0x00001EBB
+	"\x00E\x03\x03\x00\x00\x1e\xbc" + // 0x00450303: 0x00001EBC
+	"\x00e\x03\x03\x00\x00\x1e\xbd" + // 0x00650303: 0x00001EBD
+	"\x00\xca\x03\x01\x00\x00\x1e\xbe" + // 0x00CA0301: 0x00001EBE
+	"\x00\xea\x03\x01\x00\x00\x1e\xbf" + // 0x00EA0301: 0x00001EBF
+	"\x00\xca\x03\x00\x00\x00\x1e\xc0" + // 0x00CA0300: 0x00001EC0
+	"\x00\xea\x03\x00\x00\x00\x1e\xc1" + // 0x00EA0300: 0x00001EC1
+	"\x00\xca\x03\t\x00\x00\x1e\xc2" + // 0x00CA0309: 0x00001EC2
+	"\x00\xea\x03\t\x00\x00\x1e\xc3" + // 0x00EA0309: 0x00001EC3
+	"\x00\xca\x03\x03\x00\x00\x1e\xc4" + // 0x00CA0303: 0x00001EC4
+	"\x00\xea\x03\x03\x00\x00\x1e\xc5" + // 0x00EA0303: 0x00001EC5
+	"\x1e\xb8\x03\x02\x00\x00\x1e\xc6" + // 0x1EB80302: 0x00001EC6
+	"\x1e\xb9\x03\x02\x00\x00\x1e\xc7" + // 0x1EB90302: 0x00001EC7
+	"\x00I\x03\t\x00\x00\x1e\xc8" + // 0x00490309: 0x00001EC8
+	"\x00i\x03\t\x00\x00\x1e\xc9" + // 0x00690309: 0x00001EC9
+	"\x00I\x03#\x00\x00\x1e\xca" + // 0x00490323: 0x00001ECA
+	"\x00i\x03#\x00\x00\x1e\xcb" + // 0x00690323: 0x00001ECB
+	"\x00O\x03#\x00\x00\x1e\xcc" + // 0x004F0323: 0x00001ECC
+	"\x00o\x03#\x00\x00\x1e\xcd" + // 0x006F0323: 0x00001ECD
+	"\x00O\x03\t\x00\x00\x1e\xce" + // 0x004F0309: 0x00001ECE
+	"\x00o\x03\t\x00\x00\x1e\xcf" + // 0x006F0309: 0x00001ECF
+	"\x00\xd4\x03\x01\x00\x00\x1e\xd0" + // 0x00D40301: 0x00001ED0
+	"\x00\xf4\x03\x01\x00\x00\x1e\xd1" + // 0x00F40301: 0x00001ED1
+	"\x00\xd4\x03\x00\x00\x00\x1e\xd2" + // 0x00D40300: 0x00001ED2
+	"\x00\xf4\x03\x00\x00\x00\x1e\xd3" + // 0x00F40300: 0x00001ED3
+	"\x00\xd4\x03\t\x00\x00\x1e\xd4" + // 0x00D40309: 0x00001ED4
+	"\x00\xf4\x03\t\x00\x00\x1e\xd5" + // 0x00F40309: 0x00001ED5
+	"\x00\xd4\x03\x03\x00\x00\x1e\xd6" + // 0x00D40303: 0x00001ED6
+	"\x00\xf4\x03\x03\x00\x00\x1e\xd7" + // 0x00F40303: 0x00001ED7
+	"\x1e\xcc\x03\x02\x00\x00\x1e\xd8" + // 0x1ECC0302: 0x00001ED8
+	"\x1e\xcd\x03\x02\x00\x00\x1e\xd9" + // 0x1ECD0302: 0x00001ED9
+	"\x01\xa0\x03\x01\x00\x00\x1e\xda" + // 0x01A00301: 0x00001EDA
+	"\x01\xa1\x03\x01\x00\x00\x1e\xdb" + // 0x01A10301: 0x00001EDB
+	"\x01\xa0\x03\x00\x00\x00\x1e\xdc" + // 0x01A00300: 0x00001EDC
+	"\x01\xa1\x03\x00\x00\x00\x1e\xdd" + // 0x01A10300: 0x00001EDD
+	"\x01\xa0\x03\t\x00\x00\x1e\xde" + // 0x01A00309: 0x00001EDE
+	"\x01\xa1\x03\t\x00\x00\x1e\xdf" + // 0x01A10309: 0x00001EDF
+	"\x01\xa0\x03\x03\x00\x00\x1e\xe0" + // 0x01A00303: 0x00001EE0
+	"\x01\xa1\x03\x03\x00\x00\x1e\xe1" + // 0x01A10303: 0x00001EE1
+	"\x01\xa0\x03#\x00\x00\x1e\xe2" + // 0x01A00323: 0x00001EE2
+	"\x01\xa1\x03#\x00\x00\x1e\xe3" + // 0x01A10323: 0x00001EE3
+	"\x00U\x03#\x00\x00\x1e\xe4" + // 0x00550323: 0x00001EE4
+	"\x00u\x03#\x00\x00\x1e\xe5" + // 0x00750323: 0x00001EE5
+	"\x00U\x03\t\x00\x00\x1e\xe6" + // 0x00550309: 0x00001EE6
+	"\x00u\x03\t\x00\x00\x1e\xe7" + // 0x00750309: 0x00001EE7
+	"\x01\xaf\x03\x01\x00\x00\x1e\xe8" + // 0x01AF0301: 0x00001EE8
+	"\x01\xb0\x03\x01\x00\x00\x1e\xe9" + // 0x01B00301: 0x00001EE9
+	"\x01\xaf\x03\x00\x00\x00\x1e\xea" + // 0x01AF0300: 0x00001EEA
+	"\x01\xb0\x03\x00\x00\x00\x1e\xeb" + // 0x01B00300: 0x00001EEB
+	"\x01\xaf\x03\t\x00\x00\x1e\xec" + // 0x01AF0309: 0x00001EEC
+	"\x01\xb0\x03\t\x00\x00\x1e\xed" + // 0x01B00309: 0x00001EED
+	"\x01\xaf\x03\x03\x00\x00\x1e\xee" + // 0x01AF0303: 0x00001EEE
+	"\x01\xb0\x03\x03\x00\x00\x1e\xef" + // 0x01B00303: 0x00001EEF
+	"\x01\xaf\x03#\x00\x00\x1e\xf0" + // 0x01AF0323: 0x00001EF0
+	"\x01\xb0\x03#\x00\x00\x1e\xf1" + // 0x01B00323: 0x00001EF1
+	"\x00Y\x03\x00\x00\x00\x1e\xf2" + // 0x00590300: 0x00001EF2
+	"\x00y\x03\x00\x00\x00\x1e\xf3" + // 0x00790300: 0x00001EF3
+	"\x00Y\x03#\x00\x00\x1e\xf4" + // 0x00590323: 0x00001EF4
+	"\x00y\x03#\x00\x00\x1e\xf5" + // 0x00790323: 0x00001EF5
+	"\x00Y\x03\t\x00\x00\x1e\xf6" + // 0x00590309: 0x00001EF6
+	"\x00y\x03\t\x00\x00\x1e\xf7" + // 0x00790309: 0x00001EF7
+	"\x00Y\x03\x03\x00\x00\x1e\xf8" + // 0x00590303: 0x00001EF8
+	"\x00y\x03\x03\x00\x00\x1e\xf9" + // 0x00790303: 0x00001EF9
+	"\x03\xb1\x03\x13\x00\x00\x1f\x00" + // 0x03B10313: 0x00001F00
+	"\x03\xb1\x03\x14\x00\x00\x1f\x01" + // 0x03B10314: 0x00001F01
+	"\x1f\x00\x03\x00\x00\x00\x1f\x02" + // 0x1F000300: 0x00001F02
+	"\x1f\x01\x03\x00\x00\x00\x1f\x03" + // 0x1F010300: 0x00001F03
+	"\x1f\x00\x03\x01\x00\x00\x1f\x04" + // 0x1F000301: 0x00001F04
+	"\x1f\x01\x03\x01\x00\x00\x1f\x05" + // 0x1F010301: 0x00001F05
+	"\x1f\x00\x03B\x00\x00\x1f\x06" + // 0x1F000342: 0x00001F06
+	"\x1f\x01\x03B\x00\x00\x1f\a" + // 0x1F010342: 0x00001F07
+	"\x03\x91\x03\x13\x00\x00\x1f\b" + // 0x03910313: 0x00001F08
+	"\x03\x91\x03\x14\x00\x00\x1f\t" + // 0x03910314: 0x00001F09
+	"\x1f\b\x03\x00\x00\x00\x1f\n" + // 0x1F080300: 0x00001F0A
+	"\x1f\t\x03\x00\x00\x00\x1f\v" + // 0x1F090300: 0x00001F0B
+	"\x1f\b\x03\x01\x00\x00\x1f\f" + // 0x1F080301: 0x00001F0C
+	"\x1f\t\x03\x01\x00\x00\x1f\r" + // 0x1F090301: 0x00001F0D
+	"\x1f\b\x03B\x00\x00\x1f\x0e" + // 0x1F080342: 0x00001F0E
+	"\x1f\t\x03B\x00\x00\x1f\x0f" + // 0x1F090342: 0x00001F0F
+	"\x03\xb5\x03\x13\x00\x00\x1f\x10" + // 0x03B50313: 0x00001F10
+	"\x03\xb5\x03\x14\x00\x00\x1f\x11" + // 0x03B50314: 0x00001F11
+	"\x1f\x10\x03\x00\x00\x00\x1f\x12" + // 0x1F100300: 0x00001F12
+	"\x1f\x11\x03\x00\x00\x00\x1f\x13" + // 0x1F110300: 0x00001F13
+	"\x1f\x10\x03\x01\x00\x00\x1f\x14" + // 0x1F100301: 0x00001F14
+	"\x1f\x11\x03\x01\x00\x00\x1f\x15" + // 0x1F110301: 0x00001F15
+	"\x03\x95\x03\x13\x00\x00\x1f\x18" + // 0x03950313: 0x00001F18
+	"\x03\x95\x03\x14\x00\x00\x1f\x19" + // 0x03950314: 0x00001F19
+	"\x1f\x18\x03\x00\x00\x00\x1f\x1a" + // 0x1F180300: 0x00001F1A
+	"\x1f\x19\x03\x00\x00\x00\x1f\x1b" + // 0x1F190300: 0x00001F1B
+	"\x1f\x18\x03\x01\x00\x00\x1f\x1c" + // 0x1F180301: 0x00001F1C
+	"\x1f\x19\x03\x01\x00\x00\x1f\x1d" + // 0x1F190301: 0x00001F1D
+	"\x03\xb7\x03\x13\x00\x00\x1f " + // 0x03B70313: 0x00001F20
+	"\x03\xb7\x03\x14\x00\x00\x1f!" + // 0x03B70314: 0x00001F21
+	"\x1f \x03\x00\x00\x00\x1f\"" + // 0x1F200300: 0x00001F22
+	"\x1f!\x03\x00\x00\x00\x1f#" + // 0x1F210300: 0x00001F23
+	"\x1f \x03\x01\x00\x00\x1f$" + // 0x1F200301: 0x00001F24
+	"\x1f!\x03\x01\x00\x00\x1f%" + // 0x1F210301: 0x00001F25
+	"\x1f \x03B\x00\x00\x1f&" + // 0x1F200342: 0x00001F26
+	"\x1f!\x03B\x00\x00\x1f'" + // 0x1F210342: 0x00001F27
+	"\x03\x97\x03\x13\x00\x00\x1f(" + // 0x03970313: 0x00001F28
+	"\x03\x97\x03\x14\x00\x00\x1f)" + // 0x03970314: 0x00001F29
+	"\x1f(\x03\x00\x00\x00\x1f*" + // 0x1F280300: 0x00001F2A
+	"\x1f)\x03\x00\x00\x00\x1f+" + // 0x1F290300: 0x00001F2B
+	"\x1f(\x03\x01\x00\x00\x1f," + // 0x1F280301: 0x00001F2C
+	"\x1f)\x03\x01\x00\x00\x1f-" + // 0x1F290301: 0x00001F2D
+	"\x1f(\x03B\x00\x00\x1f." + // 0x1F280342: 0x00001F2E
+	"\x1f)\x03B\x00\x00\x1f/" + // 0x1F290342: 0x00001F2F
+	"\x03\xb9\x03\x13\x00\x00\x1f0" + // 0x03B90313: 0x00001F30
+	"\x03\xb9\x03\x14\x00\x00\x1f1" + // 0x03B90314: 0x00001F31
+	"\x1f0\x03\x00\x00\x00\x1f2" + // 0x1F300300: 0x00001F32
+	"\x1f1\x03\x00\x00\x00\x1f3" + // 0x1F310300: 0x00001F33
+	"\x1f0\x03\x01\x00\x00\x1f4" + // 0x1F300301: 0x00001F34
+	"\x1f1\x03\x01\x00\x00\x1f5" + // 0x1F310301: 0x00001F35
+	"\x1f0\x03B\x00\x00\x1f6" + // 0x1F300342: 0x00001F36
+	"\x1f1\x03B\x00\x00\x1f7" + // 0x1F310342: 0x00001F37
+	"\x03\x99\x03\x13\x00\x00\x1f8" + // 0x03990313: 0x00001F38
+	"\x03\x99\x03\x14\x00\x00\x1f9" + // 0x03990314: 0x00001F39
+	"\x1f8\x03\x00\x00\x00\x1f:" + // 0x1F380300: 0x00001F3A
+	"\x1f9\x03\x00\x00\x00\x1f;" + // 0x1F390300: 0x00001F3B
+	"\x1f8\x03\x01\x00\x00\x1f<" + // 0x1F380301: 0x00001F3C
+	"\x1f9\x03\x01\x00\x00\x1f=" + // 0x1F390301: 0x00001F3D
+	"\x1f8\x03B\x00\x00\x1f>" + // 0x1F380342: 0x00001F3E
+	"\x1f9\x03B\x00\x00\x1f?" + // 0x1F390342: 0x00001F3F
+	"\x03\xbf\x03\x13\x00\x00\x1f@" + // 0x03BF0313: 0x00001F40
+	"\x03\xbf\x03\x14\x00\x00\x1fA" + // 0x03BF0314: 0x00001F41
+	"\x1f@\x03\x00\x00\x00\x1fB" + // 0x1F400300: 0x00001F42
+	"\x1fA\x03\x00\x00\x00\x1fC" + // 0x1F410300: 0x00001F43
+	"\x1f@\x03\x01\x00\x00\x1fD" + // 0x1F400301: 0x00001F44
+	"\x1fA\x03\x01\x00\x00\x1fE" + // 0x1F410301: 0x00001F45
+	"\x03\x9f\x03\x13\x00\x00\x1fH" + // 0x039F0313: 0x00001F48
+	"\x03\x9f\x03\x14\x00\x00\x1fI" + // 0x039F0314: 0x00001F49
+	"\x1fH\x03\x00\x00\x00\x1fJ" + // 0x1F480300: 0x00001F4A
+	"\x1fI\x03\x00\x00\x00\x1fK" + // 0x1F490300: 0x00001F4B
+	"\x1fH\x03\x01\x00\x00\x1fL" + // 0x1F480301: 0x00001F4C
+	"\x1fI\x03\x01\x00\x00\x1fM" + // 0x1F490301: 0x00001F4D
+	"\x03\xc5\x03\x13\x00\x00\x1fP" + // 0x03C50313: 0x00001F50
+	"\x03\xc5\x03\x14\x00\x00\x1fQ" + // 0x03C50314: 0x00001F51
+	"\x1fP\x03\x00\x00\x00\x1fR" + // 0x1F500300: 0x00001F52
+	"\x1fQ\x03\x00\x00\x00\x1fS" + // 0x1F510300: 0x00001F53
+	"\x1fP\x03\x01\x00\x00\x1fT" + // 0x1F500301: 0x00001F54
+	"\x1fQ\x03\x01\x00\x00\x1fU" + // 0x1F510301: 0x00001F55
+	"\x1fP\x03B\x00\x00\x1fV" + // 0x1F500342: 0x00001F56
+	"\x1fQ\x03B\x00\x00\x1fW" + // 0x1F510342: 0x00001F57
+	"\x03\xa5\x03\x14\x00\x00\x1fY" + // 0x03A50314: 0x00001F59
+	"\x1fY\x03\x00\x00\x00\x1f[" + // 0x1F590300: 0x00001F5B
+	"\x1fY\x03\x01\x00\x00\x1f]" + // 0x1F590301: 0x00001F5D
+	"\x1fY\x03B\x00\x00\x1f_" + // 0x1F590342: 0x00001F5F
+	"\x03\xc9\x03\x13\x00\x00\x1f`" + // 0x03C90313: 0x00001F60
+	"\x03\xc9\x03\x14\x00\x00\x1fa" + // 0x03C90314: 0x00001F61
+	"\x1f`\x03\x00\x00\x00\x1fb" + // 0x1F600300: 0x00001F62
+	"\x1fa\x03\x00\x00\x00\x1fc" + // 0x1F610300: 0x00001F63
+	"\x1f`\x03\x01\x00\x00\x1fd" + // 0x1F600301: 0x00001F64
+	"\x1fa\x03\x01\x00\x00\x1fe" + // 0x1F610301: 0x00001F65
+	"\x1f`\x03B\x00\x00\x1ff" + // 0x1F600342: 0x00001F66
+	"\x1fa\x03B\x00\x00\x1fg" + // 0x1F610342: 0x00001F67
+	"\x03\xa9\x03\x13\x00\x00\x1fh" + // 0x03A90313: 0x00001F68
+	"\x03\xa9\x03\x14\x00\x00\x1fi" + // 0x03A90314: 0x00001F69
+	"\x1fh\x03\x00\x00\x00\x1fj" + // 0x1F680300: 0x00001F6A
+	"\x1fi\x03\x00\x00\x00\x1fk" + // 0x1F690300: 0x00001F6B
+	"\x1fh\x03\x01\x00\x00\x1fl" + // 0x1F680301: 0x00001F6C
+	"\x1fi\x03\x01\x00\x00\x1fm" + // 0x1F690301: 0x00001F6D
+	"\x1fh\x03B\x00\x00\x1fn" + // 0x1F680342: 0x00001F6E
+	"\x1fi\x03B\x00\x00\x1fo" + // 0x1F690342: 0x00001F6F
+	"\x03\xb1\x03\x00\x00\x00\x1fp" + // 0x03B10300: 0x00001F70
+	"\x03\xb5\x03\x00\x00\x00\x1fr" + // 0x03B50300: 0x00001F72
+	"\x03\xb7\x03\x00\x00\x00\x1ft" + // 0x03B70300: 0x00001F74
+	"\x03\xb9\x03\x00\x00\x00\x1fv" + // 0x03B90300: 0x00001F76
+	"\x03\xbf\x03\x00\x00\x00\x1fx" + // 0x03BF0300: 0x00001F78
+	"\x03\xc5\x03\x00\x00\x00\x1fz" + // 0x03C50300: 0x00001F7A
+	"\x03\xc9\x03\x00\x00\x00\x1f|" + // 0x03C90300: 0x00001F7C
+	"\x1f\x00\x03E\x00\x00\x1f\x80" + // 0x1F000345: 0x00001F80
+	"\x1f\x01\x03E\x00\x00\x1f\x81" + // 0x1F010345: 0x00001F81
+	"\x1f\x02\x03E\x00\x00\x1f\x82" + // 0x1F020345: 0x00001F82
+	"\x1f\x03\x03E\x00\x00\x1f\x83" + // 0x1F030345: 0x00001F83
+	"\x1f\x04\x03E\x00\x00\x1f\x84" + // 0x1F040345: 0x00001F84
+	"\x1f\x05\x03E\x00\x00\x1f\x85" + // 0x1F050345: 0x00001F85
+	"\x1f\x06\x03E\x00\x00\x1f\x86" + // 0x1F060345: 0x00001F86
+	"\x1f\a\x03E\x00\x00\x1f\x87" + // 0x1F070345: 0x00001F87
+	"\x1f\b\x03E\x00\x00\x1f\x88" + // 0x1F080345: 0x00001F88
+	"\x1f\t\x03E\x00\x00\x1f\x89" + // 0x1F090345: 0x00001F89
+	"\x1f\n\x03E\x00\x00\x1f\x8a" + // 0x1F0A0345: 0x00001F8A
+	"\x1f\v\x03E\x00\x00\x1f\x8b" + // 0x1F0B0345: 0x00001F8B
+	"\x1f\f\x03E\x00\x00\x1f\x8c" + // 0x1F0C0345: 0x00001F8C
+	"\x1f\r\x03E\x00\x00\x1f\x8d" + // 0x1F0D0345: 0x00001F8D
+	"\x1f\x0e\x03E\x00\x00\x1f\x8e" + // 0x1F0E0345: 0x00001F8E
+	"\x1f\x0f\x03E\x00\x00\x1f\x8f" + // 0x1F0F0345: 0x00001F8F
+	"\x1f \x03E\x00\x00\x1f\x90" + // 0x1F200345: 0x00001F90
+	"\x1f!\x03E\x00\x00\x1f\x91" + // 0x1F210345: 0x00001F91
+	"\x1f\"\x03E\x00\x00\x1f\x92" + // 0x1F220345: 0x00001F92
+	"\x1f#\x03E\x00\x00\x1f\x93" + // 0x1F230345: 0x00001F93
+	"\x1f$\x03E\x00\x00\x1f\x94" + // 0x1F240345: 0x00001F94
+	"\x1f%\x03E\x00\x00\x1f\x95" + // 0x1F250345: 0x00001F95
+	"\x1f&\x03E\x00\x00\x1f\x96" + // 0x1F260345: 0x00001F96
+	"\x1f'\x03E\x00\x00\x1f\x97" + // 0x1F270345: 0x00001F97
+	"\x1f(\x03E\x00\x00\x1f\x98" + // 0x1F280345: 0x00001F98
+	"\x1f)\x03E\x00\x00\x1f\x99" + // 0x1F290345: 0x00001F99
+	"\x1f*\x03E\x00\x00\x1f\x9a" + // 0x1F2A0345: 0x00001F9A
+	"\x1f+\x03E\x00\x00\x1f\x9b" + // 0x1F2B0345: 0x00001F9B
+	"\x1f,\x03E\x00\x00\x1f\x9c" + // 0x1F2C0345: 0x00001F9C
+	"\x1f-\x03E\x00\x00\x1f\x9d" + // 0x1F2D0345: 0x00001F9D
+	"\x1f.\x03E\x00\x00\x1f\x9e" + // 0x1F2E0345: 0x00001F9E
+	"\x1f/\x03E\x00\x00\x1f\x9f" + // 0x1F2F0345: 0x00001F9F
+	"\x1f`\x03E\x00\x00\x1f\xa0" + // 0x1F600345: 0x00001FA0
+	"\x1fa\x03E\x00\x00\x1f\xa1" + // 0x1F610345: 0x00001FA1
+	"\x1fb\x03E\x00\x00\x1f\xa2" + // 0x1F620345: 0x00001FA2
+	"\x1fc\x03E\x00\x00\x1f\xa3" + // 0x1F630345: 0x00001FA3
+	"\x1fd\x03E\x00\x00\x1f\xa4" + // 0x1F640345: 0x00001FA4
+	"\x1fe\x03E\x00\x00\x1f\xa5" + // 0x1F650345: 0x00001FA5
+	"\x1ff\x03E\x00\x00\x1f\xa6" + // 0x1F660345: 0x00001FA6
+	"\x1fg\x03E\x00\x00\x1f\xa7" + // 0x1F670345: 0x00001FA7
+	"\x1fh\x03E\x00\x00\x1f\xa8" + // 0x1F680345: 0x00001FA8
+	"\x1fi\x03E\x00\x00\x1f\xa9" + // 0x1F690345: 0x00001FA9
+	"\x1fj\x03E\x00\x00\x1f\xaa" + // 0x1F6A0345: 0x00001FAA
+	"\x1fk\x03E\x00\x00\x1f\xab" + // 0x1F6B0345: 0x00001FAB
+	"\x1fl\x03E\x00\x00\x1f\xac" + // 0x1F6C0345: 0x00001FAC
+	"\x1fm\x03E\x00\x00\x1f\xad" + // 0x1F6D0345: 0x00001FAD
+	"\x1fn\x03E\x00\x00\x1f\xae" + // 0x1F6E0345: 0x00001FAE
+	"\x1fo\x03E\x00\x00\x1f\xaf" + // 0x1F6F0345: 0x00001FAF
+	"\x03\xb1\x03\x06\x00\x00\x1f\xb0" + // 0x03B10306: 0x00001FB0
+	"\x03\xb1\x03\x04\x00\x00\x1f\xb1" + // 0x03B10304: 0x00001FB1
+	"\x1fp\x03E\x00\x00\x1f\xb2" + // 0x1F700345: 0x00001FB2
+	"\x03\xb1\x03E\x00\x00\x1f\xb3" + // 0x03B10345: 0x00001FB3
+	"\x03\xac\x03E\x00\x00\x1f\xb4" + // 0x03AC0345: 0x00001FB4
+	"\x03\xb1\x03B\x00\x00\x1f\xb6" + // 0x03B10342: 0x00001FB6
+	"\x1f\xb6\x03E\x00\x00\x1f\xb7" + // 0x1FB60345: 0x00001FB7
+	"\x03\x91\x03\x06\x00\x00\x1f\xb8" + // 0x03910306: 0x00001FB8
+	"\x03\x91\x03\x04\x00\x00\x1f\xb9" + // 0x03910304: 0x00001FB9
+	"\x03\x91\x03\x00\x00\x00\x1f\xba" + // 0x03910300: 0x00001FBA
+	"\x03\x91\x03E\x00\x00\x1f\xbc" + // 0x03910345: 0x00001FBC
+	"\x00\xa8\x03B\x00\x00\x1f\xc1" + // 0x00A80342: 0x00001FC1
+	"\x1ft\x03E\x00\x00\x1f\xc2" + // 0x1F740345: 0x00001FC2
+	"\x03\xb7\x03E\x00\x00\x1f\xc3" + // 0x03B70345: 0x00001FC3
+	"\x03\xae\x03E\x00\x00\x1f\xc4" + // 0x03AE0345: 0x00001FC4
+	"\x03\xb7\x03B\x00\x00\x1f\xc6" + // 0x03B70342: 0x00001FC6
+	"\x1f\xc6\x03E\x00\x00\x1f\xc7" + // 0x1FC60345: 0x00001FC7
+	"\x03\x95\x03\x00\x00\x00\x1f\xc8" + // 0x03950300: 0x00001FC8
+	"\x03\x97\x03\x00\x00\x00\x1f\xca" + // 0x03970300: 0x00001FCA
+	"\x03\x97\x03E\x00\x00\x1f\xcc" + // 0x03970345: 0x00001FCC
+	"\x1f\xbf\x03\x00\x00\x00\x1f\xcd" + // 0x1FBF0300: 0x00001FCD
+	"\x1f\xbf\x03\x01\x00\x00\x1f\xce" + // 0x1FBF0301: 0x00001FCE
+	"\x1f\xbf\x03B\x00\x00\x1f\xcf" + // 0x1FBF0342: 0x00001FCF
+	"\x03\xb9\x03\x06\x00\x00\x1f\xd0" + // 0x03B90306: 0x00001FD0
+	"\x03\xb9\x03\x04\x00\x00\x1f\xd1" + // 0x03B90304: 0x00001FD1
+	"\x03\xca\x03\x00\x00\x00\x1f\xd2" + // 0x03CA0300: 0x00001FD2
+	"\x03\xb9\x03B\x00\x00\x1f\xd6" + // 0x03B90342: 0x00001FD6
+	"\x03\xca\x03B\x00\x00\x1f\xd7" + // 0x03CA0342: 0x00001FD7
+	"\x03\x99\x03\x06\x00\x00\x1f\xd8" + // 0x03990306: 0x00001FD8
+	"\x03\x99\x03\x04\x00\x00\x1f\xd9" + // 0x03990304: 0x00001FD9
+	"\x03\x99\x03\x00\x00\x00\x1f\xda" + // 0x03990300: 0x00001FDA
+	"\x1f\xfe\x03\x00\x00\x00\x1f\xdd" + // 0x1FFE0300: 0x00001FDD
+	"\x1f\xfe\x03\x01\x00\x00\x1f\xde" + // 0x1FFE0301: 0x00001FDE
+	"\x1f\xfe\x03B\x00\x00\x1f\xdf" + // 0x1FFE0342: 0x00001FDF
+	"\x03\xc5\x03\x06\x00\x00\x1f\xe0" + // 0x03C50306: 0x00001FE0
+	"\x03\xc5\x03\x04\x00\x00\x1f\xe1" + // 0x03C50304: 0x00001FE1
+	"\x03\xcb\x03\x00\x00\x00\x1f\xe2" + // 0x03CB0300: 0x00001FE2
+	"\x03\xc1\x03\x13\x00\x00\x1f\xe4" + // 0x03C10313: 0x00001FE4
+	"\x03\xc1\x03\x14\x00\x00\x1f\xe5" + // 0x03C10314: 0x00001FE5
+	"\x03\xc5\x03B\x00\x00\x1f\xe6" + // 0x03C50342: 0x00001FE6
+	"\x03\xcb\x03B\x00\x00\x1f\xe7" + // 0x03CB0342: 0x00001FE7
+	"\x03\xa5\x03\x06\x00\x00\x1f\xe8" + // 0x03A50306: 0x00001FE8
+	"\x03\xa5\x03\x04\x00\x00\x1f\xe9" + // 0x03A50304: 0x00001FE9
+	"\x03\xa5\x03\x00\x00\x00\x1f\xea" + // 0x03A50300: 0x00001FEA
+	"\x03\xa1\x03\x14\x00\x00\x1f\xec" + // 0x03A10314: 0x00001FEC
+	"\x00\xa8\x03\x00\x00\x00\x1f\xed" + // 0x00A80300: 0x00001FED
+	"\x1f|\x03E\x00\x00\x1f\xf2" + // 0x1F7C0345: 0x00001FF2
+	"\x03\xc9\x03E\x00\x00\x1f\xf3" + // 0x03C90345: 0x00001FF3
+	"\x03\xce\x03E\x00\x00\x1f\xf4" + // 0x03CE0345: 0x00001FF4
+	"\x03\xc9\x03B\x00\x00\x1f\xf6" + // 0x03C90342: 0x00001FF6
+	"\x1f\xf6\x03E\x00\x00\x1f\xf7" + // 0x1FF60345: 0x00001FF7
+	"\x03\x9f\x03\x00\x00\x00\x1f\xf8" + // 0x039F0300: 0x00001FF8
+	"\x03\xa9\x03\x00\x00\x00\x1f\xfa" + // 0x03A90300: 0x00001FFA
+	"\x03\xa9\x03E\x00\x00\x1f\xfc" + // 0x03A90345: 0x00001FFC
+	"!\x90\x038\x00\x00!\x9a" + // 0x21900338: 0x0000219A
+	"!\x92\x038\x00\x00!\x9b" + // 0x21920338: 0x0000219B
+	"!\x94\x038\x00\x00!\xae" + // 0x21940338: 0x000021AE
+	"!\xd0\x038\x00\x00!\xcd" + // 0x21D00338: 0x000021CD
+	"!\xd4\x038\x00\x00!\xce" + // 0x21D40338: 0x000021CE
+	"!\xd2\x038\x00\x00!\xcf" + // 0x21D20338: 0x000021CF
+	"\"\x03\x038\x00\x00\"\x04" + // 0x22030338: 0x00002204
+	"\"\b\x038\x00\x00\"\t" + // 0x22080338: 0x00002209
+	"\"\v\x038\x00\x00\"\f" + // 0x220B0338: 0x0000220C
+	"\"#\x038\x00\x00\"$" + // 0x22230338: 0x00002224
+	"\"%\x038\x00\x00\"&" + // 0x22250338: 0x00002226
+	"\"<\x038\x00\x00\"A" + // 0x223C0338: 0x00002241
+	"\"C\x038\x00\x00\"D" + // 0x22430338: 0x00002244
+	"\"E\x038\x00\x00\"G" + // 0x22450338: 0x00002247
+	"\"H\x038\x00\x00\"I" + // 0x22480338: 0x00002249
+	"\x00=\x038\x00\x00\"`" + // 0x003D0338: 0x00002260
+	"\"a\x038\x00\x00\"b" + // 0x22610338: 0x00002262
+	"\"M\x038\x00\x00\"m" + // 0x224D0338: 0x0000226D
+	"\x00<\x038\x00\x00\"n" + // 0x003C0338: 0x0000226E
+	"\x00>\x038\x00\x00\"o" + // 0x003E0338: 0x0000226F
+	"\"d\x038\x00\x00\"p" + // 0x22640338: 0x00002270
+	"\"e\x038\x00\x00\"q" + // 0x22650338: 0x00002271
+	"\"r\x038\x00\x00\"t" + // 0x22720338: 0x00002274
+	"\"s\x038\x00\x00\"u" + // 0x22730338: 0x00002275
+	"\"v\x038\x00\x00\"x" + // 0x22760338: 0x00002278
+	"\"w\x038\x00\x00\"y" + // 0x22770338: 0x00002279
+	"\"z\x038\x00\x00\"\x80" + // 0x227A0338: 0x00002280
+	"\"{\x038\x00\x00\"\x81" + // 0x227B0338: 0x00002281
+	"\"\x82\x038\x00\x00\"\x84" + // 0x22820338: 0x00002284
+	"\"\x83\x038\x00\x00\"\x85" + // 0x22830338: 0x00002285
+	"\"\x86\x038\x00\x00\"\x88" + // 0x22860338: 0x00002288
+	"\"\x87\x038\x00\x00\"\x89" + // 0x22870338: 0x00002289
+	"\"\xa2\x038\x00\x00\"\xac" + // 0x22A20338: 0x000022AC
+	"\"\xa8\x038\x00\x00\"\xad" + // 0x22A80338: 0x000022AD
+	"\"\xa9\x038\x00\x00\"\xae" + // 0x22A90338: 0x000022AE
+	"\"\xab\x038\x00\x00\"\xaf" + // 0x22AB0338: 0x000022AF
+	"\"|\x038\x00\x00\"\xe0" + // 0x227C0338: 0x000022E0
+	"\"}\x038\x00\x00\"\xe1" + // 0x227D0338: 0x000022E1
+	"\"\x91\x038\x00\x00\"\xe2" + // 0x22910338: 0x000022E2
+	"\"\x92\x038\x00\x00\"\xe3" + // 0x22920338: 0x000022E3
+	"\"\xb2\x038\x00\x00\"\xea" + // 0x22B20338: 0x000022EA
+	"\"\xb3\x038\x00\x00\"\xeb" + // 0x22B30338: 0x000022EB
+	"\"\xb4\x038\x00\x00\"\xec" + // 0x22B40338: 0x000022EC
+	"\"\xb5\x038\x00\x00\"\xed" + // 0x22B50338: 0x000022ED
+	"0K0\x99\x00\x000L" + // 0x304B3099: 0x0000304C
+	"0M0\x99\x00\x000N" + // 0x304D3099: 0x0000304E
+	"0O0\x99\x00\x000P" + // 0x304F3099: 0x00003050
+	"0Q0\x99\x00\x000R" + // 0x30513099: 0x00003052
+	"0S0\x99\x00\x000T" + // 0x30533099: 0x00003054
+	"0U0\x99\x00\x000V" + // 0x30553099: 0x00003056
+	"0W0\x99\x00\x000X" + // 0x30573099: 0x00003058
+	"0Y0\x99\x00\x000Z" + // 0x30593099: 0x0000305A
+	"0[0\x99\x00\x000\\" + // 0x305B3099: 0x0000305C
+	"0]0\x99\x00\x000^" + // 0x305D3099: 0x0000305E
+	"0_0\x99\x00\x000`" + // 0x305F3099: 0x00003060
+	"0a0\x99\x00\x000b" + // 0x30613099: 0x00003062
+	"0d0\x99\x00\x000e" + // 0x30643099: 0x00003065
+	"0f0\x99\x00\x000g" + // 0x30663099: 0x00003067
+	"0h0\x99\x00\x000i" + // 0x30683099: 0x00003069
+	"0o0\x99\x00\x000p" + // 0x306F3099: 0x00003070
+	"0o0\x9a\x00\x000q" + // 0x306F309A: 0x00003071
+	"0r0\x99\x00\x000s" + // 0x30723099: 0x00003073
+	"0r0\x9a\x00\x000t" + // 0x3072309A: 0x00003074
+	"0u0\x99\x00\x000v" + // 0x30753099: 0x00003076
+	"0u0\x9a\x00\x000w" + // 0x3075309A: 0x00003077
+	"0x0\x99\x00\x000y" + // 0x30783099: 0x00003079
+	"0x0\x9a\x00\x000z" + // 0x3078309A: 0x0000307A
+	"0{0\x99\x00\x000|" + // 0x307B3099: 0x0000307C
+	"0{0\x9a\x00\x000}" + // 0x307B309A: 0x0000307D
+	"0F0\x99\x00\x000\x94" + // 0x30463099: 0x00003094
+	"0\x9d0\x99\x00\x000\x9e" + // 0x309D3099: 0x0000309E
+	"0\xab0\x99\x00\x000\xac" + // 0x30AB3099: 0x000030AC
+	"0\xad0\x99\x00\x000\xae" + // 0x30AD3099: 0x000030AE
+	"0\xaf0\x99\x00\x000\xb0" + // 0x30AF3099: 0x000030B0
+	"0\xb10\x99\x00\x000\xb2" + // 0x30B13099: 0x000030B2
+	"0\xb30\x99\x00\x000\xb4" + // 0x30B33099: 0x000030B4
+	"0\xb50\x99\x00\x000\xb6" + // 0x30B53099: 0x000030B6
+	"0\xb70\x99\x00\x000\xb8" + // 0x30B73099: 0x000030B8
+	"0\xb90\x99\x00\x000\xba" + // 0x30B93099: 0x000030BA
+	"0\xbb0\x99\x00\x000\xbc" + // 0x30BB3099: 0x000030BC
+	"0\xbd0\x99\x00\x000\xbe" + // 0x30BD3099: 0x000030BE
+	"0\xbf0\x99\x00\x000\xc0" + // 0x30BF3099: 0x000030C0
+	"0\xc10\x99\x00\x000\xc2" + // 0x30C13099: 0x000030C2
+	"0\xc40\x99\x00\x000\xc5" + // 0x30C43099: 0x000030C5
+	"0\xc60\x99\x00\x000\xc7" + // 0x30C63099: 0x000030C7
+	"0\xc80\x99\x00\x000\xc9" + // 0x30C83099: 0x000030C9
+	"0\xcf0\x99\x00\x000\xd0" + // 0x30CF3099: 0x000030D0
+	"0\xcf0\x9a\x00\x000\xd1" + // 0x30CF309A: 0x000030D1
+	"0\xd20\x99\x00\x000\xd3" + // 0x30D23099: 0x000030D3
+	"0\xd20\x9a\x00\x000\xd4" + // 0x30D2309A: 0x000030D4
+	"0\xd50\x99\x00\x000\xd6" + // 0x30D53099: 0x000030D6
+	"0\xd50\x9a\x00\x000\xd7" + // 0x30D5309A: 0x000030D7
+	"0\xd80\x99\x00\x000\xd9" + // 0x30D83099: 0x000030D9
+	"0\xd80\x9a\x00\x000\xda" + // 0x30D8309A: 0x000030DA
+	"0\xdb0\x99\x00\x000\xdc" + // 0x30DB3099: 0x000030DC
+	"0\xdb0\x9a\x00\x000\xdd" + // 0x30DB309A: 0x000030DD
+	"0\xa60\x99\x00\x000\xf4" + // 0x30A63099: 0x000030F4
+	"0\xef0\x99\x00\x000\xf7" + // 0x30EF3099: 0x000030F7
+	"0\xf00\x99\x00\x000\xf8" + // 0x30F03099: 0x000030F8
+	"0\xf10\x99\x00\x000\xf9" + // 0x30F13099: 0x000030F9
+	"0\xf20\x99\x00\x000\xfa" + // 0x30F23099: 0x000030FA
+	"0\xfd0\x99\x00\x000\xfe" + // 0x30FD3099: 0x000030FE
+	"\x10\x99\x10\xba\x00\x01\x10\x9a" + // 0x109910BA: 0x0001109A
+	"\x10\x9b\x10\xba\x00\x01\x10\x9c" + // 0x109B10BA: 0x0001109C
+	"\x10\xa5\x10\xba\x00\x01\x10\xab" + // 0x10A510BA: 0x000110AB
+	"\x111\x11'\x00\x01\x11." + // 0x11311127: 0x0001112E
+	"\x112\x11'\x00\x01\x11/" + // 0x11321127: 0x0001112F
+	"\x13G\x13>\x00\x01\x13K" + // 0x1347133E: 0x0001134B
+	"\x13G\x13W\x00\x01\x13L" + // 0x13471357: 0x0001134C
+	"\x14\xb9\x14\xba\x00\x01\x14\xbb" + // 0x14B914BA: 0x000114BB
+	"\x14\xb9\x14\xb0\x00\x01\x14\xbc" + // 0x14B914B0: 0x000114BC
+	"\x14\xb9\x14\xbd\x00\x01\x14\xbe" + // 0x14B914BD: 0x000114BE
+	"\x15\xb8\x15\xaf\x00\x01\x15\xba" + // 0x15B815AF: 0x000115BA
+	"\x15\xb9\x15\xaf\x00\x01\x15\xbb" + // 0x15B915AF: 0x000115BB
+	""
+	// Total size of tables: 53KB (54226 bytes)
diff --git a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
new file mode 100644
index 0000000000000..2c58f09baa495
--- /dev/null
+++ b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
@@ -0,0 +1,7693 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+// +build go1.13,!go1.14
+
+package norm
+
+import "sync"
+
+const (
+	// Version is the Unicode edition from which the tables are derived.
+	Version = "11.0.0"
+
+	// MaxTransformChunkSize indicates the maximum number of bytes that Transform
+	// may need to write atomically for any Form. Making a destination buffer at
+	// least this size ensures that Transform can always make progress and that
+	// the user does not need to grow the buffer on an ErrShortDst.
+	MaxTransformChunkSize = 35 + maxNonStarters*4
+)
+
+var ccc = [55]uint8{
+	0, 1, 7, 8, 9, 10, 11, 12,
+	13, 14, 15, 16, 17, 18, 19, 20,
+	21, 22, 23, 24, 25, 26, 27, 28,
+	29, 30, 31, 32, 33, 34, 35, 36,
+	84, 91, 103, 107, 118, 122, 129, 130,
+	132, 202, 214, 216, 218, 220, 222, 224,
+	226, 228, 230, 232, 233, 234, 240,
+}
+
+const (
+	firstMulti            = 0x186D
+	firstCCC              = 0x2C9E
+	endMulti              = 0x2F60
+	firstLeadingCCC       = 0x49AE
+	firstCCCZeroExcept    = 0x4A78
+	firstStarterWithNLead = 0x4A9F
+	lastDecomp            = 0x4AA1
+	maxDecomp             = 0x8000
+)
+
+// decomps: 19105 bytes
+var decomps = [...]byte{
+	// Bytes 0 - 3f
+	0x00, 0x41, 0x20, 0x41, 0x21, 0x41, 0x22, 0x41,
+	0x23, 0x41, 0x24, 0x41, 0x25, 0x41, 0x26, 0x41,
+	0x27, 0x41, 0x28, 0x41, 0x29, 0x41, 0x2A, 0x41,
+	0x2B, 0x41, 0x2C, 0x41, 0x2D, 0x41, 0x2E, 0x41,
+	0x2F, 0x41, 0x30, 0x41, 0x31, 0x41, 0x32, 0x41,
+	0x33, 0x41, 0x34, 0x41, 0x35, 0x41, 0x36, 0x41,
+	0x37, 0x41, 0x38, 0x41, 0x39, 0x41, 0x3A, 0x41,
+	0x3B, 0x41, 0x3C, 0x41, 0x3D, 0x41, 0x3E, 0x41,
+	// Bytes 40 - 7f
+	0x3F, 0x41, 0x40, 0x41, 0x41, 0x41, 0x42, 0x41,
+	0x43, 0x41, 0x44, 0x41, 0x45, 0x41, 0x46, 0x41,
+	0x47, 0x41, 0x48, 0x41, 0x49, 0x41, 0x4A, 0x41,
+	0x4B, 0x41, 0x4C, 0x41, 0x4D, 0x41, 0x4E, 0x41,
+	0x4F, 0x41, 0x50, 0x41, 0x51, 0x41, 0x52, 0x41,
+	0x53, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41,
+	0x57, 0x41, 0x58, 0x41, 0x59, 0x41, 0x5A, 0x41,
+	0x5B, 0x41, 0x5C, 0x41, 0x5D, 0x41, 0x5E, 0x41,
+	// Bytes 80 - bf
+	0x5F, 0x41, 0x60, 0x41, 0x61, 0x41, 0x62, 0x41,
+	0x63, 0x41, 0x64, 0x41, 0x65, 0x41, 0x66, 0x41,
+	0x67, 0x41, 0x68, 0x41, 0x69, 0x41, 0x6A, 0x41,
+	0x6B, 0x41, 0x6C, 0x41, 0x6D, 0x41, 0x6E, 0x41,
+	0x6F, 0x41, 0x70, 0x41, 0x71, 0x41, 0x72, 0x41,
+	0x73, 0x41, 0x74, 0x41, 0x75, 0x41, 0x76, 0x41,
+	0x77, 0x41, 0x78, 0x41, 0x79, 0x41, 0x7A, 0x41,
+	0x7B, 0x41, 0x7C, 0x41, 0x7D, 0x41, 0x7E, 0x42,
+	// Bytes c0 - ff
+	0xC2, 0xA2, 0x42, 0xC2, 0xA3, 0x42, 0xC2, 0xA5,
+	0x42, 0xC2, 0xA6, 0x42, 0xC2, 0xAC, 0x42, 0xC2,
+	0xB7, 0x42, 0xC3, 0x86, 0x42, 0xC3, 0xB0, 0x42,
+	0xC4, 0xA6, 0x42, 0xC4, 0xA7, 0x42, 0xC4, 0xB1,
+	0x42, 0xC5, 0x8B, 0x42, 0xC5, 0x93, 0x42, 0xC6,
+	0x8E, 0x42, 0xC6, 0x90, 0x42, 0xC6, 0xAB, 0x42,
+	0xC8, 0xA2, 0x42, 0xC8, 0xB7, 0x42, 0xC9, 0x90,
+	0x42, 0xC9, 0x91, 0x42, 0xC9, 0x92, 0x42, 0xC9,
+	// Bytes 100 - 13f
+	0x94, 0x42, 0xC9, 0x95, 0x42, 0xC9, 0x99, 0x42,
+	0xC9, 0x9B, 0x42, 0xC9, 0x9C, 0x42, 0xC9, 0x9F,
+	0x42, 0xC9, 0xA1, 0x42, 0xC9, 0xA3, 0x42, 0xC9,
+	0xA5, 0x42, 0xC9, 0xA6, 0x42, 0xC9, 0xA8, 0x42,
+	0xC9, 0xA9, 0x42, 0xC9, 0xAA, 0x42, 0xC9, 0xAB,
+	0x42, 0xC9, 0xAD, 0x42, 0xC9, 0xAF, 0x42, 0xC9,
+	0xB0, 0x42, 0xC9, 0xB1, 0x42, 0xC9, 0xB2, 0x42,
+	0xC9, 0xB3, 0x42, 0xC9, 0xB4, 0x42, 0xC9, 0xB5,
+	// Bytes 140 - 17f
+	0x42, 0xC9, 0xB8, 0x42, 0xC9, 0xB9, 0x42, 0xC9,
+	0xBB, 0x42, 0xCA, 0x81, 0x42, 0xCA, 0x82, 0x42,
+	0xCA, 0x83, 0x42, 0xCA, 0x89, 0x42, 0xCA, 0x8A,
+	0x42, 0xCA, 0x8B, 0x42, 0xCA, 0x8C, 0x42, 0xCA,
+	0x90, 0x42, 0xCA, 0x91, 0x42, 0xCA, 0x92, 0x42,
+	0xCA, 0x95, 0x42, 0xCA, 0x9D, 0x42, 0xCA, 0x9F,
+	0x42, 0xCA, 0xB9, 0x42, 0xCE, 0x91, 0x42, 0xCE,
+	0x92, 0x42, 0xCE, 0x93, 0x42, 0xCE, 0x94, 0x42,
+	// Bytes 180 - 1bf
+	0xCE, 0x95, 0x42, 0xCE, 0x96, 0x42, 0xCE, 0x97,
+	0x42, 0xCE, 0x98, 0x42, 0xCE, 0x99, 0x42, 0xCE,
+	0x9A, 0x42, 0xCE, 0x9B, 0x42, 0xCE, 0x9C, 0x42,
+	0xCE, 0x9D, 0x42, 0xCE, 0x9E, 0x42, 0xCE, 0x9F,
+	0x42, 0xCE, 0xA0, 0x42, 0xCE, 0xA1, 0x42, 0xCE,
+	0xA3, 0x42, 0xCE, 0xA4, 0x42, 0xCE, 0xA5, 0x42,
+	0xCE, 0xA6, 0x42, 0xCE, 0xA7, 0x42, 0xCE, 0xA8,
+	0x42, 0xCE, 0xA9, 0x42, 0xCE, 0xB1, 0x42, 0xCE,
+	// Bytes 1c0 - 1ff
+	0xB2, 0x42, 0xCE, 0xB3, 0x42, 0xCE, 0xB4, 0x42,
+	0xCE, 0xB5, 0x42, 0xCE, 0xB6, 0x42, 0xCE, 0xB7,
+	0x42, 0xCE, 0xB8, 0x42, 0xCE, 0xB9, 0x42, 0xCE,
+	0xBA, 0x42, 0xCE, 0xBB, 0x42, 0xCE, 0xBC, 0x42,
+	0xCE, 0xBD, 0x42, 0xCE, 0xBE, 0x42, 0xCE, 0xBF,
+	0x42, 0xCF, 0x80, 0x42, 0xCF, 0x81, 0x42, 0xCF,
+	0x82, 0x42, 0xCF, 0x83, 0x42, 0xCF, 0x84, 0x42,
+	0xCF, 0x85, 0x42, 0xCF, 0x86, 0x42, 0xCF, 0x87,
+	// Bytes 200 - 23f
+	0x42, 0xCF, 0x88, 0x42, 0xCF, 0x89, 0x42, 0xCF,
+	0x9C, 0x42, 0xCF, 0x9D, 0x42, 0xD0, 0xBD, 0x42,
+	0xD1, 0x8A, 0x42, 0xD1, 0x8C, 0x42, 0xD7, 0x90,
+	0x42, 0xD7, 0x91, 0x42, 0xD7, 0x92, 0x42, 0xD7,
+	0x93, 0x42, 0xD7, 0x94, 0x42, 0xD7, 0x9B, 0x42,
+	0xD7, 0x9C, 0x42, 0xD7, 0x9D, 0x42, 0xD7, 0xA2,
+	0x42, 0xD7, 0xA8, 0x42, 0xD7, 0xAA, 0x42, 0xD8,
+	0xA1, 0x42, 0xD8, 0xA7, 0x42, 0xD8, 0xA8, 0x42,
+	// Bytes 240 - 27f
+	0xD8, 0xA9, 0x42, 0xD8, 0xAA, 0x42, 0xD8, 0xAB,
+	0x42, 0xD8, 0xAC, 0x42, 0xD8, 0xAD, 0x42, 0xD8,
+	0xAE, 0x42, 0xD8, 0xAF, 0x42, 0xD8, 0xB0, 0x42,
+	0xD8, 0xB1, 0x42, 0xD8, 0xB2, 0x42, 0xD8, 0xB3,
+	0x42, 0xD8, 0xB4, 0x42, 0xD8, 0xB5, 0x42, 0xD8,
+	0xB6, 0x42, 0xD8, 0xB7, 0x42, 0xD8, 0xB8, 0x42,
+	0xD8, 0xB9, 0x42, 0xD8, 0xBA, 0x42, 0xD9, 0x81,
+	0x42, 0xD9, 0x82, 0x42, 0xD9, 0x83, 0x42, 0xD9,
+	// Bytes 280 - 2bf
+	0x84, 0x42, 0xD9, 0x85, 0x42, 0xD9, 0x86, 0x42,
+	0xD9, 0x87, 0x42, 0xD9, 0x88, 0x42, 0xD9, 0x89,
+	0x42, 0xD9, 0x8A, 0x42, 0xD9, 0xAE, 0x42, 0xD9,
+	0xAF, 0x42, 0xD9, 0xB1, 0x42, 0xD9, 0xB9, 0x42,
+	0xD9, 0xBA, 0x42, 0xD9, 0xBB, 0x42, 0xD9, 0xBE,
+	0x42, 0xD9, 0xBF, 0x42, 0xDA, 0x80, 0x42, 0xDA,
+	0x83, 0x42, 0xDA, 0x84, 0x42, 0xDA, 0x86, 0x42,
+	0xDA, 0x87, 0x42, 0xDA, 0x88, 0x42, 0xDA, 0x8C,
+	// Bytes 2c0 - 2ff
+	0x42, 0xDA, 0x8D, 0x42, 0xDA, 0x8E, 0x42, 0xDA,
+	0x91, 0x42, 0xDA, 0x98, 0x42, 0xDA, 0xA1, 0x42,
+	0xDA, 0xA4, 0x42, 0xDA, 0xA6, 0x42, 0xDA, 0xA9,
+	0x42, 0xDA, 0xAD, 0x42, 0xDA, 0xAF, 0x42, 0xDA,
+	0xB1, 0x42, 0xDA, 0xB3, 0x42, 0xDA, 0xBA, 0x42,
+	0xDA, 0xBB, 0x42, 0xDA, 0xBE, 0x42, 0xDB, 0x81,
+	0x42, 0xDB, 0x85, 0x42, 0xDB, 0x86, 0x42, 0xDB,
+	0x87, 0x42, 0xDB, 0x88, 0x42, 0xDB, 0x89, 0x42,
+	// Bytes 300 - 33f
+	0xDB, 0x8B, 0x42, 0xDB, 0x8C, 0x42, 0xDB, 0x90,
+	0x42, 0xDB, 0x92, 0x43, 0xE0, 0xBC, 0x8B, 0x43,
+	0xE1, 0x83, 0x9C, 0x43, 0xE1, 0x84, 0x80, 0x43,
+	0xE1, 0x84, 0x81, 0x43, 0xE1, 0x84, 0x82, 0x43,
+	0xE1, 0x84, 0x83, 0x43, 0xE1, 0x84, 0x84, 0x43,
+	0xE1, 0x84, 0x85, 0x43, 0xE1, 0x84, 0x86, 0x43,
+	0xE1, 0x84, 0x87, 0x43, 0xE1, 0x84, 0x88, 0x43,
+	0xE1, 0x84, 0x89, 0x43, 0xE1, 0x84, 0x8A, 0x43,
+	// Bytes 340 - 37f
+	0xE1, 0x84, 0x8B, 0x43, 0xE1, 0x84, 0x8C, 0x43,
+	0xE1, 0x84, 0x8D, 0x43, 0xE1, 0x84, 0x8E, 0x43,
+	0xE1, 0x84, 0x8F, 0x43, 0xE1, 0x84, 0x90, 0x43,
+	0xE1, 0x84, 0x91, 0x43, 0xE1, 0x84, 0x92, 0x43,
+	0xE1, 0x84, 0x94, 0x43, 0xE1, 0x84, 0x95, 0x43,
+	0xE1, 0x84, 0x9A, 0x43, 0xE1, 0x84, 0x9C, 0x43,
+	0xE1, 0x84, 0x9D, 0x43, 0xE1, 0x84, 0x9E, 0x43,
+	0xE1, 0x84, 0xA0, 0x43, 0xE1, 0x84, 0xA1, 0x43,
+	// Bytes 380 - 3bf
+	0xE1, 0x84, 0xA2, 0x43, 0xE1, 0x84, 0xA3, 0x43,
+	0xE1, 0x84, 0xA7, 0x43, 0xE1, 0x84, 0xA9, 0x43,
+	0xE1, 0x84, 0xAB, 0x43, 0xE1, 0x84, 0xAC, 0x43,
+	0xE1, 0x84, 0xAD, 0x43, 0xE1, 0x84, 0xAE, 0x43,
+	0xE1, 0x84, 0xAF, 0x43, 0xE1, 0x84, 0xB2, 0x43,
+	0xE1, 0x84, 0xB6, 0x43, 0xE1, 0x85, 0x80, 0x43,
+	0xE1, 0x85, 0x87, 0x43, 0xE1, 0x85, 0x8C, 0x43,
+	0xE1, 0x85, 0x97, 0x43, 0xE1, 0x85, 0x98, 0x43,
+	// Bytes 3c0 - 3ff
+	0xE1, 0x85, 0x99, 0x43, 0xE1, 0x85, 0xA0, 0x43,
+	0xE1, 0x86, 0x84, 0x43, 0xE1, 0x86, 0x85, 0x43,
+	0xE1, 0x86, 0x88, 0x43, 0xE1, 0x86, 0x91, 0x43,
+	0xE1, 0x86, 0x92, 0x43, 0xE1, 0x86, 0x94, 0x43,
+	0xE1, 0x86, 0x9E, 0x43, 0xE1, 0x86, 0xA1, 0x43,
+	0xE1, 0x87, 0x87, 0x43, 0xE1, 0x87, 0x88, 0x43,
+	0xE1, 0x87, 0x8C, 0x43, 0xE1, 0x87, 0x8E, 0x43,
+	0xE1, 0x87, 0x93, 0x43, 0xE1, 0x87, 0x97, 0x43,
+	// Bytes 400 - 43f
+	0xE1, 0x87, 0x99, 0x43, 0xE1, 0x87, 0x9D, 0x43,
+	0xE1, 0x87, 0x9F, 0x43, 0xE1, 0x87, 0xB1, 0x43,
+	0xE1, 0x87, 0xB2, 0x43, 0xE1, 0xB4, 0x82, 0x43,
+	0xE1, 0xB4, 0x96, 0x43, 0xE1, 0xB4, 0x97, 0x43,
+	0xE1, 0xB4, 0x9C, 0x43, 0xE1, 0xB4, 0x9D, 0x43,
+	0xE1, 0xB4, 0xA5, 0x43, 0xE1, 0xB5, 0xBB, 0x43,
+	0xE1, 0xB6, 0x85, 0x43, 0xE2, 0x80, 0x82, 0x43,
+	0xE2, 0x80, 0x83, 0x43, 0xE2, 0x80, 0x90, 0x43,
+	// Bytes 440 - 47f
+	0xE2, 0x80, 0x93, 0x43, 0xE2, 0x80, 0x94, 0x43,
+	0xE2, 0x82, 0xA9, 0x43, 0xE2, 0x86, 0x90, 0x43,
+	0xE2, 0x86, 0x91, 0x43, 0xE2, 0x86, 0x92, 0x43,
+	0xE2, 0x86, 0x93, 0x43, 0xE2, 0x88, 0x82, 0x43,
+	0xE2, 0x88, 0x87, 0x43, 0xE2, 0x88, 0x91, 0x43,
+	0xE2, 0x88, 0x92, 0x43, 0xE2, 0x94, 0x82, 0x43,
+	0xE2, 0x96, 0xA0, 0x43, 0xE2, 0x97, 0x8B, 0x43,
+	0xE2, 0xA6, 0x85, 0x43, 0xE2, 0xA6, 0x86, 0x43,
+	// Bytes 480 - 4bf
+	0xE2, 0xB5, 0xA1, 0x43, 0xE3, 0x80, 0x81, 0x43,
+	0xE3, 0x80, 0x82, 0x43, 0xE3, 0x80, 0x88, 0x43,
+	0xE3, 0x80, 0x89, 0x43, 0xE3, 0x80, 0x8A, 0x43,
+	0xE3, 0x80, 0x8B, 0x43, 0xE3, 0x80, 0x8C, 0x43,
+	0xE3, 0x80, 0x8D, 0x43, 0xE3, 0x80, 0x8E, 0x43,
+	0xE3, 0x80, 0x8F, 0x43, 0xE3, 0x80, 0x90, 0x43,
+	0xE3, 0x80, 0x91, 0x43, 0xE3, 0x80, 0x92, 0x43,
+	0xE3, 0x80, 0x94, 0x43, 0xE3, 0x80, 0x95, 0x43,
+	// Bytes 4c0 - 4ff
+	0xE3, 0x80, 0x96, 0x43, 0xE3, 0x80, 0x97, 0x43,
+	0xE3, 0x82, 0xA1, 0x43, 0xE3, 0x82, 0xA2, 0x43,
+	0xE3, 0x82, 0xA3, 0x43, 0xE3, 0x82, 0xA4, 0x43,
+	0xE3, 0x82, 0xA5, 0x43, 0xE3, 0x82, 0xA6, 0x43,
+	0xE3, 0x82, 0xA7, 0x43, 0xE3, 0x82, 0xA8, 0x43,
+	0xE3, 0x82, 0xA9, 0x43, 0xE3, 0x82, 0xAA, 0x43,
+	0xE3, 0x82, 0xAB, 0x43, 0xE3, 0x82, 0xAD, 0x43,
+	0xE3, 0x82, 0xAF, 0x43, 0xE3, 0x82, 0xB1, 0x43,
+	// Bytes 500 - 53f
+	0xE3, 0x82, 0xB3, 0x43, 0xE3, 0x82, 0xB5, 0x43,
+	0xE3, 0x82, 0xB7, 0x43, 0xE3, 0x82, 0xB9, 0x43,
+	0xE3, 0x82, 0xBB, 0x43, 0xE3, 0x82, 0xBD, 0x43,
+	0xE3, 0x82, 0xBF, 0x43, 0xE3, 0x83, 0x81, 0x43,
+	0xE3, 0x83, 0x83, 0x43, 0xE3, 0x83, 0x84, 0x43,
+	0xE3, 0x83, 0x86, 0x43, 0xE3, 0x83, 0x88, 0x43,
+	0xE3, 0x83, 0x8A, 0x43, 0xE3, 0x83, 0x8B, 0x43,
+	0xE3, 0x83, 0x8C, 0x43, 0xE3, 0x83, 0x8D, 0x43,
+	// Bytes 540 - 57f
+	0xE3, 0x83, 0x8E, 0x43, 0xE3, 0x83, 0x8F, 0x43,
+	0xE3, 0x83, 0x92, 0x43, 0xE3, 0x83, 0x95, 0x43,
+	0xE3, 0x83, 0x98, 0x43, 0xE3, 0x83, 0x9B, 0x43,
+	0xE3, 0x83, 0x9E, 0x43, 0xE3, 0x83, 0x9F, 0x43,
+	0xE3, 0x83, 0xA0, 0x43, 0xE3, 0x83, 0xA1, 0x43,
+	0xE3, 0x83, 0xA2, 0x43, 0xE3, 0x83, 0xA3, 0x43,
+	0xE3, 0x83, 0xA4, 0x43, 0xE3, 0x83, 0xA5, 0x43,
+	0xE3, 0x83, 0xA6, 0x43, 0xE3, 0x83, 0xA7, 0x43,
+	// Bytes 580 - 5bf
+	0xE3, 0x83, 0xA8, 0x43, 0xE3, 0x83, 0xA9, 0x43,
+	0xE3, 0x83, 0xAA, 0x43, 0xE3, 0x83, 0xAB, 0x43,
+	0xE3, 0x83, 0xAC, 0x43, 0xE3, 0x83, 0xAD, 0x43,
+	0xE3, 0x83, 0xAF, 0x43, 0xE3, 0x83, 0xB0, 0x43,
+	0xE3, 0x83, 0xB1, 0x43, 0xE3, 0x83, 0xB2, 0x43,
+	0xE3, 0x83, 0xB3, 0x43, 0xE3, 0x83, 0xBB, 0x43,
+	0xE3, 0x83, 0xBC, 0x43, 0xE3, 0x92, 0x9E, 0x43,
+	0xE3, 0x92, 0xB9, 0x43, 0xE3, 0x92, 0xBB, 0x43,
+	// Bytes 5c0 - 5ff
+	0xE3, 0x93, 0x9F, 0x43, 0xE3, 0x94, 0x95, 0x43,
+	0xE3, 0x9B, 0xAE, 0x43, 0xE3, 0x9B, 0xBC, 0x43,
+	0xE3, 0x9E, 0x81, 0x43, 0xE3, 0xA0, 0xAF, 0x43,
+	0xE3, 0xA1, 0xA2, 0x43, 0xE3, 0xA1, 0xBC, 0x43,
+	0xE3, 0xA3, 0x87, 0x43, 0xE3, 0xA3, 0xA3, 0x43,
+	0xE3, 0xA4, 0x9C, 0x43, 0xE3, 0xA4, 0xBA, 0x43,
+	0xE3, 0xA8, 0xAE, 0x43, 0xE3, 0xA9, 0xAC, 0x43,
+	0xE3, 0xAB, 0xA4, 0x43, 0xE3, 0xAC, 0x88, 0x43,
+	// Bytes 600 - 63f
+	0xE3, 0xAC, 0x99, 0x43, 0xE3, 0xAD, 0x89, 0x43,
+	0xE3, 0xAE, 0x9D, 0x43, 0xE3, 0xB0, 0x98, 0x43,
+	0xE3, 0xB1, 0x8E, 0x43, 0xE3, 0xB4, 0xB3, 0x43,
+	0xE3, 0xB6, 0x96, 0x43, 0xE3, 0xBA, 0xAC, 0x43,
+	0xE3, 0xBA, 0xB8, 0x43, 0xE3, 0xBC, 0x9B, 0x43,
+	0xE3, 0xBF, 0xBC, 0x43, 0xE4, 0x80, 0x88, 0x43,
+	0xE4, 0x80, 0x98, 0x43, 0xE4, 0x80, 0xB9, 0x43,
+	0xE4, 0x81, 0x86, 0x43, 0xE4, 0x82, 0x96, 0x43,
+	// Bytes 640 - 67f
+	0xE4, 0x83, 0xA3, 0x43, 0xE4, 0x84, 0xAF, 0x43,
+	0xE4, 0x88, 0x82, 0x43, 0xE4, 0x88, 0xA7, 0x43,
+	0xE4, 0x8A, 0xA0, 0x43, 0xE4, 0x8C, 0x81, 0x43,
+	0xE4, 0x8C, 0xB4, 0x43, 0xE4, 0x8D, 0x99, 0x43,
+	0xE4, 0x8F, 0x95, 0x43, 0xE4, 0x8F, 0x99, 0x43,
+	0xE4, 0x90, 0x8B, 0x43, 0xE4, 0x91, 0xAB, 0x43,
+	0xE4, 0x94, 0xAB, 0x43, 0xE4, 0x95, 0x9D, 0x43,
+	0xE4, 0x95, 0xA1, 0x43, 0xE4, 0x95, 0xAB, 0x43,
+	// Bytes 680 - 6bf
+	0xE4, 0x97, 0x97, 0x43, 0xE4, 0x97, 0xB9, 0x43,
+	0xE4, 0x98, 0xB5, 0x43, 0xE4, 0x9A, 0xBE, 0x43,
+	0xE4, 0x9B, 0x87, 0x43, 0xE4, 0xA6, 0x95, 0x43,
+	0xE4, 0xA7, 0xA6, 0x43, 0xE4, 0xA9, 0xAE, 0x43,
+	0xE4, 0xA9, 0xB6, 0x43, 0xE4, 0xAA, 0xB2, 0x43,
+	0xE4, 0xAC, 0xB3, 0x43, 0xE4, 0xAF, 0x8E, 0x43,
+	0xE4, 0xB3, 0x8E, 0x43, 0xE4, 0xB3, 0xAD, 0x43,
+	0xE4, 0xB3, 0xB8, 0x43, 0xE4, 0xB5, 0x96, 0x43,
+	// Bytes 6c0 - 6ff
+	0xE4, 0xB8, 0x80, 0x43, 0xE4, 0xB8, 0x81, 0x43,
+	0xE4, 0xB8, 0x83, 0x43, 0xE4, 0xB8, 0x89, 0x43,
+	0xE4, 0xB8, 0x8A, 0x43, 0xE4, 0xB8, 0x8B, 0x43,
+	0xE4, 0xB8, 0x8D, 0x43, 0xE4, 0xB8, 0x99, 0x43,
+	0xE4, 0xB8, 0xA6, 0x43, 0xE4, 0xB8, 0xA8, 0x43,
+	0xE4, 0xB8, 0xAD, 0x43, 0xE4, 0xB8, 0xB2, 0x43,
+	0xE4, 0xB8, 0xB6, 0x43, 0xE4, 0xB8, 0xB8, 0x43,
+	0xE4, 0xB8, 0xB9, 0x43, 0xE4, 0xB8, 0xBD, 0x43,
+	// Bytes 700 - 73f
+	0xE4, 0xB8, 0xBF, 0x43, 0xE4, 0xB9, 0x81, 0x43,
+	0xE4, 0xB9, 0x99, 0x43, 0xE4, 0xB9, 0x9D, 0x43,
+	0xE4, 0xBA, 0x82, 0x43, 0xE4, 0xBA, 0x85, 0x43,
+	0xE4, 0xBA, 0x86, 0x43, 0xE4, 0xBA, 0x8C, 0x43,
+	0xE4, 0xBA, 0x94, 0x43, 0xE4, 0xBA, 0xA0, 0x43,
+	0xE4, 0xBA, 0xA4, 0x43, 0xE4, 0xBA, 0xAE, 0x43,
+	0xE4, 0xBA, 0xBA, 0x43, 0xE4, 0xBB, 0x80, 0x43,
+	0xE4, 0xBB, 0x8C, 0x43, 0xE4, 0xBB, 0xA4, 0x43,
+	// Bytes 740 - 77f
+	0xE4, 0xBC, 0x81, 0x43, 0xE4, 0xBC, 0x91, 0x43,
+	0xE4, 0xBD, 0xA0, 0x43, 0xE4, 0xBE, 0x80, 0x43,
+	0xE4, 0xBE, 0x86, 0x43, 0xE4, 0xBE, 0x8B, 0x43,
+	0xE4, 0xBE, 0xAE, 0x43, 0xE4, 0xBE, 0xBB, 0x43,
+	0xE4, 0xBE, 0xBF, 0x43, 0xE5, 0x80, 0x82, 0x43,
+	0xE5, 0x80, 0xAB, 0x43, 0xE5, 0x81, 0xBA, 0x43,
+	0xE5, 0x82, 0x99, 0x43, 0xE5, 0x83, 0x8F, 0x43,
+	0xE5, 0x83, 0x9A, 0x43, 0xE5, 0x83, 0xA7, 0x43,
+	// Bytes 780 - 7bf
+	0xE5, 0x84, 0xAA, 0x43, 0xE5, 0x84, 0xBF, 0x43,
+	0xE5, 0x85, 0x80, 0x43, 0xE5, 0x85, 0x85, 0x43,
+	0xE5, 0x85, 0x8D, 0x43, 0xE5, 0x85, 0x94, 0x43,
+	0xE5, 0x85, 0xA4, 0x43, 0xE5, 0x85, 0xA5, 0x43,
+	0xE5, 0x85, 0xA7, 0x43, 0xE5, 0x85, 0xA8, 0x43,
+	0xE5, 0x85, 0xA9, 0x43, 0xE5, 0x85, 0xAB, 0x43,
+	0xE5, 0x85, 0xAD, 0x43, 0xE5, 0x85, 0xB7, 0x43,
+	0xE5, 0x86, 0x80, 0x43, 0xE5, 0x86, 0x82, 0x43,
+	// Bytes 7c0 - 7ff
+	0xE5, 0x86, 0x8D, 0x43, 0xE5, 0x86, 0x92, 0x43,
+	0xE5, 0x86, 0x95, 0x43, 0xE5, 0x86, 0x96, 0x43,
+	0xE5, 0x86, 0x97, 0x43, 0xE5, 0x86, 0x99, 0x43,
+	0xE5, 0x86, 0xA4, 0x43, 0xE5, 0x86, 0xAB, 0x43,
+	0xE5, 0x86, 0xAC, 0x43, 0xE5, 0x86, 0xB5, 0x43,
+	0xE5, 0x86, 0xB7, 0x43, 0xE5, 0x87, 0x89, 0x43,
+	0xE5, 0x87, 0x8C, 0x43, 0xE5, 0x87, 0x9C, 0x43,
+	0xE5, 0x87, 0x9E, 0x43, 0xE5, 0x87, 0xA0, 0x43,
+	// Bytes 800 - 83f
+	0xE5, 0x87, 0xB5, 0x43, 0xE5, 0x88, 0x80, 0x43,
+	0xE5, 0x88, 0x83, 0x43, 0xE5, 0x88, 0x87, 0x43,
+	0xE5, 0x88, 0x97, 0x43, 0xE5, 0x88, 0x9D, 0x43,
+	0xE5, 0x88, 0xA9, 0x43, 0xE5, 0x88, 0xBA, 0x43,
+	0xE5, 0x88, 0xBB, 0x43, 0xE5, 0x89, 0x86, 0x43,
+	0xE5, 0x89, 0x8D, 0x43, 0xE5, 0x89, 0xB2, 0x43,
+	0xE5, 0x89, 0xB7, 0x43, 0xE5, 0x8A, 0x89, 0x43,
+	0xE5, 0x8A, 0x9B, 0x43, 0xE5, 0x8A, 0xA3, 0x43,
+	// Bytes 840 - 87f
+	0xE5, 0x8A, 0xB3, 0x43, 0xE5, 0x8A, 0xB4, 0x43,
+	0xE5, 0x8B, 0x87, 0x43, 0xE5, 0x8B, 0x89, 0x43,
+	0xE5, 0x8B, 0x92, 0x43, 0xE5, 0x8B, 0x9E, 0x43,
+	0xE5, 0x8B, 0xA4, 0x43, 0xE5, 0x8B, 0xB5, 0x43,
+	0xE5, 0x8B, 0xB9, 0x43, 0xE5, 0x8B, 0xBA, 0x43,
+	0xE5, 0x8C, 0x85, 0x43, 0xE5, 0x8C, 0x86, 0x43,
+	0xE5, 0x8C, 0x95, 0x43, 0xE5, 0x8C, 0x97, 0x43,
+	0xE5, 0x8C, 0x9A, 0x43, 0xE5, 0x8C, 0xB8, 0x43,
+	// Bytes 880 - 8bf
+	0xE5, 0x8C, 0xBB, 0x43, 0xE5, 0x8C, 0xBF, 0x43,
+	0xE5, 0x8D, 0x81, 0x43, 0xE5, 0x8D, 0x84, 0x43,
+	0xE5, 0x8D, 0x85, 0x43, 0xE5, 0x8D, 0x89, 0x43,
+	0xE5, 0x8D, 0x91, 0x43, 0xE5, 0x8D, 0x94, 0x43,
+	0xE5, 0x8D, 0x9A, 0x43, 0xE5, 0x8D, 0x9C, 0x43,
+	0xE5, 0x8D, 0xA9, 0x43, 0xE5, 0x8D, 0xB0, 0x43,
+	0xE5, 0x8D, 0xB3, 0x43, 0xE5, 0x8D, 0xB5, 0x43,
+	0xE5, 0x8D, 0xBD, 0x43, 0xE5, 0x8D, 0xBF, 0x43,
+	// Bytes 8c0 - 8ff
+	0xE5, 0x8E, 0x82, 0x43, 0xE5, 0x8E, 0xB6, 0x43,
+	0xE5, 0x8F, 0x83, 0x43, 0xE5, 0x8F, 0x88, 0x43,
+	0xE5, 0x8F, 0x8A, 0x43, 0xE5, 0x8F, 0x8C, 0x43,
+	0xE5, 0x8F, 0x9F, 0x43, 0xE5, 0x8F, 0xA3, 0x43,
+	0xE5, 0x8F, 0xA5, 0x43, 0xE5, 0x8F, 0xAB, 0x43,
+	0xE5, 0x8F, 0xAF, 0x43, 0xE5, 0x8F, 0xB1, 0x43,
+	0xE5, 0x8F, 0xB3, 0x43, 0xE5, 0x90, 0x86, 0x43,
+	0xE5, 0x90, 0x88, 0x43, 0xE5, 0x90, 0x8D, 0x43,
+	// Bytes 900 - 93f
+	0xE5, 0x90, 0x8F, 0x43, 0xE5, 0x90, 0x9D, 0x43,
+	0xE5, 0x90, 0xB8, 0x43, 0xE5, 0x90, 0xB9, 0x43,
+	0xE5, 0x91, 0x82, 0x43, 0xE5, 0x91, 0x88, 0x43,
+	0xE5, 0x91, 0xA8, 0x43, 0xE5, 0x92, 0x9E, 0x43,
+	0xE5, 0x92, 0xA2, 0x43, 0xE5, 0x92, 0xBD, 0x43,
+	0xE5, 0x93, 0xB6, 0x43, 0xE5, 0x94, 0x90, 0x43,
+	0xE5, 0x95, 0x8F, 0x43, 0xE5, 0x95, 0x93, 0x43,
+	0xE5, 0x95, 0x95, 0x43, 0xE5, 0x95, 0xA3, 0x43,
+	// Bytes 940 - 97f
+	0xE5, 0x96, 0x84, 0x43, 0xE5, 0x96, 0x87, 0x43,
+	0xE5, 0x96, 0x99, 0x43, 0xE5, 0x96, 0x9D, 0x43,
+	0xE5, 0x96, 0xAB, 0x43, 0xE5, 0x96, 0xB3, 0x43,
+	0xE5, 0x96, 0xB6, 0x43, 0xE5, 0x97, 0x80, 0x43,
+	0xE5, 0x97, 0x82, 0x43, 0xE5, 0x97, 0xA2, 0x43,
+	0xE5, 0x98, 0x86, 0x43, 0xE5, 0x99, 0x91, 0x43,
+	0xE5, 0x99, 0xA8, 0x43, 0xE5, 0x99, 0xB4, 0x43,
+	0xE5, 0x9B, 0x97, 0x43, 0xE5, 0x9B, 0x9B, 0x43,
+	// Bytes 980 - 9bf
+	0xE5, 0x9B, 0xB9, 0x43, 0xE5, 0x9C, 0x96, 0x43,
+	0xE5, 0x9C, 0x97, 0x43, 0xE5, 0x9C, 0x9F, 0x43,
+	0xE5, 0x9C, 0xB0, 0x43, 0xE5, 0x9E, 0x8B, 0x43,
+	0xE5, 0x9F, 0x8E, 0x43, 0xE5, 0x9F, 0xB4, 0x43,
+	0xE5, 0xA0, 0x8D, 0x43, 0xE5, 0xA0, 0xB1, 0x43,
+	0xE5, 0xA0, 0xB2, 0x43, 0xE5, 0xA1, 0x80, 0x43,
+	0xE5, 0xA1, 0x9A, 0x43, 0xE5, 0xA1, 0x9E, 0x43,
+	0xE5, 0xA2, 0xA8, 0x43, 0xE5, 0xA2, 0xAC, 0x43,
+	// Bytes 9c0 - 9ff
+	0xE5, 0xA2, 0xB3, 0x43, 0xE5, 0xA3, 0x98, 0x43,
+	0xE5, 0xA3, 0x9F, 0x43, 0xE5, 0xA3, 0xAB, 0x43,
+	0xE5, 0xA3, 0xAE, 0x43, 0xE5, 0xA3, 0xB0, 0x43,
+	0xE5, 0xA3, 0xB2, 0x43, 0xE5, 0xA3, 0xB7, 0x43,
+	0xE5, 0xA4, 0x82, 0x43, 0xE5, 0xA4, 0x86, 0x43,
+	0xE5, 0xA4, 0x8A, 0x43, 0xE5, 0xA4, 0x95, 0x43,
+	0xE5, 0xA4, 0x9A, 0x43, 0xE5, 0xA4, 0x9C, 0x43,
+	0xE5, 0xA4, 0xA2, 0x43, 0xE5, 0xA4, 0xA7, 0x43,
+	// Bytes a00 - a3f
+	0xE5, 0xA4, 0xA9, 0x43, 0xE5, 0xA5, 0x84, 0x43,
+	0xE5, 0xA5, 0x88, 0x43, 0xE5, 0xA5, 0x91, 0x43,
+	0xE5, 0xA5, 0x94, 0x43, 0xE5, 0xA5, 0xA2, 0x43,
+	0xE5, 0xA5, 0xB3, 0x43, 0xE5, 0xA7, 0x98, 0x43,
+	0xE5, 0xA7, 0xAC, 0x43, 0xE5, 0xA8, 0x9B, 0x43,
+	0xE5, 0xA8, 0xA7, 0x43, 0xE5, 0xA9, 0xA2, 0x43,
+	0xE5, 0xA9, 0xA6, 0x43, 0xE5, 0xAA, 0xB5, 0x43,
+	0xE5, 0xAC, 0x88, 0x43, 0xE5, 0xAC, 0xA8, 0x43,
+	// Bytes a40 - a7f
+	0xE5, 0xAC, 0xBE, 0x43, 0xE5, 0xAD, 0x90, 0x43,
+	0xE5, 0xAD, 0x97, 0x43, 0xE5, 0xAD, 0xA6, 0x43,
+	0xE5, 0xAE, 0x80, 0x43, 0xE5, 0xAE, 0x85, 0x43,
+	0xE5, 0xAE, 0x97, 0x43, 0xE5, 0xAF, 0x83, 0x43,
+	0xE5, 0xAF, 0x98, 0x43, 0xE5, 0xAF, 0xA7, 0x43,
+	0xE5, 0xAF, 0xAE, 0x43, 0xE5, 0xAF, 0xB3, 0x43,
+	0xE5, 0xAF, 0xB8, 0x43, 0xE5, 0xAF, 0xBF, 0x43,
+	0xE5, 0xB0, 0x86, 0x43, 0xE5, 0xB0, 0x8F, 0x43,
+	// Bytes a80 - abf
+	0xE5, 0xB0, 0xA2, 0x43, 0xE5, 0xB0, 0xB8, 0x43,
+	0xE5, 0xB0, 0xBF, 0x43, 0xE5, 0xB1, 0xA0, 0x43,
+	0xE5, 0xB1, 0xA2, 0x43, 0xE5, 0xB1, 0xA4, 0x43,
+	0xE5, 0xB1, 0xA5, 0x43, 0xE5, 0xB1, 0xAE, 0x43,
+	0xE5, 0xB1, 0xB1, 0x43, 0xE5, 0xB2, 0x8D, 0x43,
+	0xE5, 0xB3, 0x80, 0x43, 0xE5, 0xB4, 0x99, 0x43,
+	0xE5, 0xB5, 0x83, 0x43, 0xE5, 0xB5, 0x90, 0x43,
+	0xE5, 0xB5, 0xAB, 0x43, 0xE5, 0xB5, 0xAE, 0x43,
+	// Bytes ac0 - aff
+	0xE5, 0xB5, 0xBC, 0x43, 0xE5, 0xB6, 0xB2, 0x43,
+	0xE5, 0xB6, 0xBA, 0x43, 0xE5, 0xB7, 0x9B, 0x43,
+	0xE5, 0xB7, 0xA1, 0x43, 0xE5, 0xB7, 0xA2, 0x43,
+	0xE5, 0xB7, 0xA5, 0x43, 0xE5, 0xB7, 0xA6, 0x43,
+	0xE5, 0xB7, 0xB1, 0x43, 0xE5, 0xB7, 0xBD, 0x43,
+	0xE5, 0xB7, 0xBE, 0x43, 0xE5, 0xB8, 0xA8, 0x43,
+	0xE5, 0xB8, 0xBD, 0x43, 0xE5, 0xB9, 0xA9, 0x43,
+	0xE5, 0xB9, 0xB2, 0x43, 0xE5, 0xB9, 0xB4, 0x43,
+	// Bytes b00 - b3f
+	0xE5, 0xB9, 0xBA, 0x43, 0xE5, 0xB9, 0xBC, 0x43,
+	0xE5, 0xB9, 0xBF, 0x43, 0xE5, 0xBA, 0xA6, 0x43,
+	0xE5, 0xBA, 0xB0, 0x43, 0xE5, 0xBA, 0xB3, 0x43,
+	0xE5, 0xBA, 0xB6, 0x43, 0xE5, 0xBB, 0x89, 0x43,
+	0xE5, 0xBB, 0x8A, 0x43, 0xE5, 0xBB, 0x92, 0x43,
+	0xE5, 0xBB, 0x93, 0x43, 0xE5, 0xBB, 0x99, 0x43,
+	0xE5, 0xBB, 0xAC, 0x43, 0xE5, 0xBB, 0xB4, 0x43,
+	0xE5, 0xBB, 0xBE, 0x43, 0xE5, 0xBC, 0x84, 0x43,
+	// Bytes b40 - b7f
+	0xE5, 0xBC, 0x8B, 0x43, 0xE5, 0xBC, 0x93, 0x43,
+	0xE5, 0xBC, 0xA2, 0x43, 0xE5, 0xBD, 0x90, 0x43,
+	0xE5, 0xBD, 0x93, 0x43, 0xE5, 0xBD, 0xA1, 0x43,
+	0xE5, 0xBD, 0xA2, 0x43, 0xE5, 0xBD, 0xA9, 0x43,
+	0xE5, 0xBD, 0xAB, 0x43, 0xE5, 0xBD, 0xB3, 0x43,
+	0xE5, 0xBE, 0x8B, 0x43, 0xE5, 0xBE, 0x8C, 0x43,
+	0xE5, 0xBE, 0x97, 0x43, 0xE5, 0xBE, 0x9A, 0x43,
+	0xE5, 0xBE, 0xA9, 0x43, 0xE5, 0xBE, 0xAD, 0x43,
+	// Bytes b80 - bbf
+	0xE5, 0xBF, 0x83, 0x43, 0xE5, 0xBF, 0x8D, 0x43,
+	0xE5, 0xBF, 0x97, 0x43, 0xE5, 0xBF, 0xB5, 0x43,
+	0xE5, 0xBF, 0xB9, 0x43, 0xE6, 0x80, 0x92, 0x43,
+	0xE6, 0x80, 0x9C, 0x43, 0xE6, 0x81, 0xB5, 0x43,
+	0xE6, 0x82, 0x81, 0x43, 0xE6, 0x82, 0x94, 0x43,
+	0xE6, 0x83, 0x87, 0x43, 0xE6, 0x83, 0x98, 0x43,
+	0xE6, 0x83, 0xA1, 0x43, 0xE6, 0x84, 0x88, 0x43,
+	0xE6, 0x85, 0x84, 0x43, 0xE6, 0x85, 0x88, 0x43,
+	// Bytes bc0 - bff
+	0xE6, 0x85, 0x8C, 0x43, 0xE6, 0x85, 0x8E, 0x43,
+	0xE6, 0x85, 0xA0, 0x43, 0xE6, 0x85, 0xA8, 0x43,
+	0xE6, 0x85, 0xBA, 0x43, 0xE6, 0x86, 0x8E, 0x43,
+	0xE6, 0x86, 0x90, 0x43, 0xE6, 0x86, 0xA4, 0x43,
+	0xE6, 0x86, 0xAF, 0x43, 0xE6, 0x86, 0xB2, 0x43,
+	0xE6, 0x87, 0x9E, 0x43, 0xE6, 0x87, 0xB2, 0x43,
+	0xE6, 0x87, 0xB6, 0x43, 0xE6, 0x88, 0x80, 0x43,
+	0xE6, 0x88, 0x88, 0x43, 0xE6, 0x88, 0x90, 0x43,
+	// Bytes c00 - c3f
+	0xE6, 0x88, 0x9B, 0x43, 0xE6, 0x88, 0xAE, 0x43,
+	0xE6, 0x88, 0xB4, 0x43, 0xE6, 0x88, 0xB6, 0x43,
+	0xE6, 0x89, 0x8B, 0x43, 0xE6, 0x89, 0x93, 0x43,
+	0xE6, 0x89, 0x9D, 0x43, 0xE6, 0x8A, 0x95, 0x43,
+	0xE6, 0x8A, 0xB1, 0x43, 0xE6, 0x8B, 0x89, 0x43,
+	0xE6, 0x8B, 0x8F, 0x43, 0xE6, 0x8B, 0x93, 0x43,
+	0xE6, 0x8B, 0x94, 0x43, 0xE6, 0x8B, 0xBC, 0x43,
+	0xE6, 0x8B, 0xBE, 0x43, 0xE6, 0x8C, 0x87, 0x43,
+	// Bytes c40 - c7f
+	0xE6, 0x8C, 0xBD, 0x43, 0xE6, 0x8D, 0x90, 0x43,
+	0xE6, 0x8D, 0x95, 0x43, 0xE6, 0x8D, 0xA8, 0x43,
+	0xE6, 0x8D, 0xBB, 0x43, 0xE6, 0x8E, 0x83, 0x43,
+	0xE6, 0x8E, 0xA0, 0x43, 0xE6, 0x8E, 0xA9, 0x43,
+	0xE6, 0x8F, 0x84, 0x43, 0xE6, 0x8F, 0x85, 0x43,
+	0xE6, 0x8F, 0xA4, 0x43, 0xE6, 0x90, 0x9C, 0x43,
+	0xE6, 0x90, 0xA2, 0x43, 0xE6, 0x91, 0x92, 0x43,
+	0xE6, 0x91, 0xA9, 0x43, 0xE6, 0x91, 0xB7, 0x43,
+	// Bytes c80 - cbf
+	0xE6, 0x91, 0xBE, 0x43, 0xE6, 0x92, 0x9A, 0x43,
+	0xE6, 0x92, 0x9D, 0x43, 0xE6, 0x93, 0x84, 0x43,
+	0xE6, 0x94, 0xAF, 0x43, 0xE6, 0x94, 0xB4, 0x43,
+	0xE6, 0x95, 0x8F, 0x43, 0xE6, 0x95, 0x96, 0x43,
+	0xE6, 0x95, 0xAC, 0x43, 0xE6, 0x95, 0xB8, 0x43,
+	0xE6, 0x96, 0x87, 0x43, 0xE6, 0x96, 0x97, 0x43,
+	0xE6, 0x96, 0x99, 0x43, 0xE6, 0x96, 0xA4, 0x43,
+	0xE6, 0x96, 0xB0, 0x43, 0xE6, 0x96, 0xB9, 0x43,
+	// Bytes cc0 - cff
+	0xE6, 0x97, 0x85, 0x43, 0xE6, 0x97, 0xA0, 0x43,
+	0xE6, 0x97, 0xA2, 0x43, 0xE6, 0x97, 0xA3, 0x43,
+	0xE6, 0x97, 0xA5, 0x43, 0xE6, 0x98, 0x93, 0x43,
+	0xE6, 0x98, 0xA0, 0x43, 0xE6, 0x99, 0x89, 0x43,
+	0xE6, 0x99, 0xB4, 0x43, 0xE6, 0x9A, 0x88, 0x43,
+	0xE6, 0x9A, 0x91, 0x43, 0xE6, 0x9A, 0x9C, 0x43,
+	0xE6, 0x9A, 0xB4, 0x43, 0xE6, 0x9B, 0x86, 0x43,
+	0xE6, 0x9B, 0xB0, 0x43, 0xE6, 0x9B, 0xB4, 0x43,
+	// Bytes d00 - d3f
+	0xE6, 0x9B, 0xB8, 0x43, 0xE6, 0x9C, 0x80, 0x43,
+	0xE6, 0x9C, 0x88, 0x43, 0xE6, 0x9C, 0x89, 0x43,
+	0xE6, 0x9C, 0x97, 0x43, 0xE6, 0x9C, 0x9B, 0x43,
+	0xE6, 0x9C, 0xA1, 0x43, 0xE6, 0x9C, 0xA8, 0x43,
+	0xE6, 0x9D, 0x8E, 0x43, 0xE6, 0x9D, 0x93, 0x43,
+	0xE6, 0x9D, 0x96, 0x43, 0xE6, 0x9D, 0x9E, 0x43,
+	0xE6, 0x9D, 0xBB, 0x43, 0xE6, 0x9E, 0x85, 0x43,
+	0xE6, 0x9E, 0x97, 0x43, 0xE6, 0x9F, 0xB3, 0x43,
+	// Bytes d40 - d7f
+	0xE6, 0x9F, 0xBA, 0x43, 0xE6, 0xA0, 0x97, 0x43,
+	0xE6, 0xA0, 0x9F, 0x43, 0xE6, 0xA0, 0xAA, 0x43,
+	0xE6, 0xA1, 0x92, 0x43, 0xE6, 0xA2, 0x81, 0x43,
+	0xE6, 0xA2, 0x85, 0x43, 0xE6, 0xA2, 0x8E, 0x43,
+	0xE6, 0xA2, 0xA8, 0x43, 0xE6, 0xA4, 0x94, 0x43,
+	0xE6, 0xA5, 0x82, 0x43, 0xE6, 0xA6, 0xA3, 0x43,
+	0xE6, 0xA7, 0xAA, 0x43, 0xE6, 0xA8, 0x82, 0x43,
+	0xE6, 0xA8, 0x93, 0x43, 0xE6, 0xAA, 0xA8, 0x43,
+	// Bytes d80 - dbf
+	0xE6, 0xAB, 0x93, 0x43, 0xE6, 0xAB, 0x9B, 0x43,
+	0xE6, 0xAC, 0x84, 0x43, 0xE6, 0xAC, 0xA0, 0x43,
+	0xE6, 0xAC, 0xA1, 0x43, 0xE6, 0xAD, 0x94, 0x43,
+	0xE6, 0xAD, 0xA2, 0x43, 0xE6, 0xAD, 0xA3, 0x43,
+	0xE6, 0xAD, 0xB2, 0x43, 0xE6, 0xAD, 0xB7, 0x43,
+	0xE6, 0xAD, 0xB9, 0x43, 0xE6, 0xAE, 0x9F, 0x43,
+	0xE6, 0xAE, 0xAE, 0x43, 0xE6, 0xAE, 0xB3, 0x43,
+	0xE6, 0xAE, 0xBA, 0x43, 0xE6, 0xAE, 0xBB, 0x43,
+	// Bytes dc0 - dff
+	0xE6, 0xAF, 0x8B, 0x43, 0xE6, 0xAF, 0x8D, 0x43,
+	0xE6, 0xAF, 0x94, 0x43, 0xE6, 0xAF, 0x9B, 0x43,
+	0xE6, 0xB0, 0x8F, 0x43, 0xE6, 0xB0, 0x94, 0x43,
+	0xE6, 0xB0, 0xB4, 0x43, 0xE6, 0xB1, 0x8E, 0x43,
+	0xE6, 0xB1, 0xA7, 0x43, 0xE6, 0xB2, 0x88, 0x43,
+	0xE6, 0xB2, 0xBF, 0x43, 0xE6, 0xB3, 0x8C, 0x43,
+	0xE6, 0xB3, 0x8D, 0x43, 0xE6, 0xB3, 0xA5, 0x43,
+	0xE6, 0xB3, 0xA8, 0x43, 0xE6, 0xB4, 0x96, 0x43,
+	// Bytes e00 - e3f
+	0xE6, 0xB4, 0x9B, 0x43, 0xE6, 0xB4, 0x9E, 0x43,
+	0xE6, 0xB4, 0xB4, 0x43, 0xE6, 0xB4, 0xBE, 0x43,
+	0xE6, 0xB5, 0x81, 0x43, 0xE6, 0xB5, 0xA9, 0x43,
+	0xE6, 0xB5, 0xAA, 0x43, 0xE6, 0xB5, 0xB7, 0x43,
+	0xE6, 0xB5, 0xB8, 0x43, 0xE6, 0xB6, 0x85, 0x43,
+	0xE6, 0xB7, 0x8B, 0x43, 0xE6, 0xB7, 0x9A, 0x43,
+	0xE6, 0xB7, 0xAA, 0x43, 0xE6, 0xB7, 0xB9, 0x43,
+	0xE6, 0xB8, 0x9A, 0x43, 0xE6, 0xB8, 0xAF, 0x43,
+	// Bytes e40 - e7f
+	0xE6, 0xB9, 0xAE, 0x43, 0xE6, 0xBA, 0x80, 0x43,
+	0xE6, 0xBA, 0x9C, 0x43, 0xE6, 0xBA, 0xBA, 0x43,
+	0xE6, 0xBB, 0x87, 0x43, 0xE6, 0xBB, 0x8B, 0x43,
+	0xE6, 0xBB, 0x91, 0x43, 0xE6, 0xBB, 0x9B, 0x43,
+	0xE6, 0xBC, 0x8F, 0x43, 0xE6, 0xBC, 0x94, 0x43,
+	0xE6, 0xBC, 0xA2, 0x43, 0xE6, 0xBC, 0xA3, 0x43,
+	0xE6, 0xBD, 0xAE, 0x43, 0xE6, 0xBF, 0x86, 0x43,
+	0xE6, 0xBF, 0xAB, 0x43, 0xE6, 0xBF, 0xBE, 0x43,
+	// Bytes e80 - ebf
+	0xE7, 0x80, 0x9B, 0x43, 0xE7, 0x80, 0x9E, 0x43,
+	0xE7, 0x80, 0xB9, 0x43, 0xE7, 0x81, 0x8A, 0x43,
+	0xE7, 0x81, 0xAB, 0x43, 0xE7, 0x81, 0xB0, 0x43,
+	0xE7, 0x81, 0xB7, 0x43, 0xE7, 0x81, 0xBD, 0x43,
+	0xE7, 0x82, 0x99, 0x43, 0xE7, 0x82, 0xAD, 0x43,
+	0xE7, 0x83, 0x88, 0x43, 0xE7, 0x83, 0x99, 0x43,
+	0xE7, 0x84, 0xA1, 0x43, 0xE7, 0x85, 0x85, 0x43,
+	0xE7, 0x85, 0x89, 0x43, 0xE7, 0x85, 0xAE, 0x43,
+	// Bytes ec0 - eff
+	0xE7, 0x86, 0x9C, 0x43, 0xE7, 0x87, 0x8E, 0x43,
+	0xE7, 0x87, 0x90, 0x43, 0xE7, 0x88, 0x90, 0x43,
+	0xE7, 0x88, 0x9B, 0x43, 0xE7, 0x88, 0xA8, 0x43,
+	0xE7, 0x88, 0xAA, 0x43, 0xE7, 0x88, 0xAB, 0x43,
+	0xE7, 0x88, 0xB5, 0x43, 0xE7, 0x88, 0xB6, 0x43,
+	0xE7, 0x88, 0xBB, 0x43, 0xE7, 0x88, 0xBF, 0x43,
+	0xE7, 0x89, 0x87, 0x43, 0xE7, 0x89, 0x90, 0x43,
+	0xE7, 0x89, 0x99, 0x43, 0xE7, 0x89, 0x9B, 0x43,
+	// Bytes f00 - f3f
+	0xE7, 0x89, 0xA2, 0x43, 0xE7, 0x89, 0xB9, 0x43,
+	0xE7, 0x8A, 0x80, 0x43, 0xE7, 0x8A, 0x95, 0x43,
+	0xE7, 0x8A, 0xAC, 0x43, 0xE7, 0x8A, 0xAF, 0x43,
+	0xE7, 0x8B, 0x80, 0x43, 0xE7, 0x8B, 0xBC, 0x43,
+	0xE7, 0x8C, 0xAA, 0x43, 0xE7, 0x8D, 0xB5, 0x43,
+	0xE7, 0x8D, 0xBA, 0x43, 0xE7, 0x8E, 0x84, 0x43,
+	0xE7, 0x8E, 0x87, 0x43, 0xE7, 0x8E, 0x89, 0x43,
+	0xE7, 0x8E, 0x8B, 0x43, 0xE7, 0x8E, 0xA5, 0x43,
+	// Bytes f40 - f7f
+	0xE7, 0x8E, 0xB2, 0x43, 0xE7, 0x8F, 0x9E, 0x43,
+	0xE7, 0x90, 0x86, 0x43, 0xE7, 0x90, 0x89, 0x43,
+	0xE7, 0x90, 0xA2, 0x43, 0xE7, 0x91, 0x87, 0x43,
+	0xE7, 0x91, 0x9C, 0x43, 0xE7, 0x91, 0xA9, 0x43,
+	0xE7, 0x91, 0xB1, 0x43, 0xE7, 0x92, 0x85, 0x43,
+	0xE7, 0x92, 0x89, 0x43, 0xE7, 0x92, 0x98, 0x43,
+	0xE7, 0x93, 0x8A, 0x43, 0xE7, 0x93, 0x9C, 0x43,
+	0xE7, 0x93, 0xA6, 0x43, 0xE7, 0x94, 0x86, 0x43,
+	// Bytes f80 - fbf
+	0xE7, 0x94, 0x98, 0x43, 0xE7, 0x94, 0x9F, 0x43,
+	0xE7, 0x94, 0xA4, 0x43, 0xE7, 0x94, 0xA8, 0x43,
+	0xE7, 0x94, 0xB0, 0x43, 0xE7, 0x94, 0xB2, 0x43,
+	0xE7, 0x94, 0xB3, 0x43, 0xE7, 0x94, 0xB7, 0x43,
+	0xE7, 0x94, 0xBB, 0x43, 0xE7, 0x94, 0xBE, 0x43,
+	0xE7, 0x95, 0x99, 0x43, 0xE7, 0x95, 0xA5, 0x43,
+	0xE7, 0x95, 0xB0, 0x43, 0xE7, 0x96, 0x8B, 0x43,
+	0xE7, 0x96, 0x92, 0x43, 0xE7, 0x97, 0xA2, 0x43,
+	// Bytes fc0 - fff
+	0xE7, 0x98, 0x90, 0x43, 0xE7, 0x98, 0x9D, 0x43,
+	0xE7, 0x98, 0x9F, 0x43, 0xE7, 0x99, 0x82, 0x43,
+	0xE7, 0x99, 0xA9, 0x43, 0xE7, 0x99, 0xB6, 0x43,
+	0xE7, 0x99, 0xBD, 0x43, 0xE7, 0x9A, 0xAE, 0x43,
+	0xE7, 0x9A, 0xBF, 0x43, 0xE7, 0x9B, 0x8A, 0x43,
+	0xE7, 0x9B, 0x9B, 0x43, 0xE7, 0x9B, 0xA3, 0x43,
+	0xE7, 0x9B, 0xA7, 0x43, 0xE7, 0x9B, 0xAE, 0x43,
+	0xE7, 0x9B, 0xB4, 0x43, 0xE7, 0x9C, 0x81, 0x43,
+	// Bytes 1000 - 103f
+	0xE7, 0x9C, 0x9E, 0x43, 0xE7, 0x9C, 0x9F, 0x43,
+	0xE7, 0x9D, 0x80, 0x43, 0xE7, 0x9D, 0x8A, 0x43,
+	0xE7, 0x9E, 0x8B, 0x43, 0xE7, 0x9E, 0xA7, 0x43,
+	0xE7, 0x9F, 0x9B, 0x43, 0xE7, 0x9F, 0xA2, 0x43,
+	0xE7, 0x9F, 0xB3, 0x43, 0xE7, 0xA1, 0x8E, 0x43,
+	0xE7, 0xA1, 0xAB, 0x43, 0xE7, 0xA2, 0x8C, 0x43,
+	0xE7, 0xA2, 0x91, 0x43, 0xE7, 0xA3, 0x8A, 0x43,
+	0xE7, 0xA3, 0x8C, 0x43, 0xE7, 0xA3, 0xBB, 0x43,
+	// Bytes 1040 - 107f
+	0xE7, 0xA4, 0xAA, 0x43, 0xE7, 0xA4, 0xBA, 0x43,
+	0xE7, 0xA4, 0xBC, 0x43, 0xE7, 0xA4, 0xBE, 0x43,
+	0xE7, 0xA5, 0x88, 0x43, 0xE7, 0xA5, 0x89, 0x43,
+	0xE7, 0xA5, 0x90, 0x43, 0xE7, 0xA5, 0x96, 0x43,
+	0xE7, 0xA5, 0x9D, 0x43, 0xE7, 0xA5, 0x9E, 0x43,
+	0xE7, 0xA5, 0xA5, 0x43, 0xE7, 0xA5, 0xBF, 0x43,
+	0xE7, 0xA6, 0x81, 0x43, 0xE7, 0xA6, 0x8D, 0x43,
+	0xE7, 0xA6, 0x8E, 0x43, 0xE7, 0xA6, 0x8F, 0x43,
+	// Bytes 1080 - 10bf
+	0xE7, 0xA6, 0xAE, 0x43, 0xE7, 0xA6, 0xB8, 0x43,
+	0xE7, 0xA6, 0xBE, 0x43, 0xE7, 0xA7, 0x8A, 0x43,
+	0xE7, 0xA7, 0x98, 0x43, 0xE7, 0xA7, 0xAB, 0x43,
+	0xE7, 0xA8, 0x9C, 0x43, 0xE7, 0xA9, 0x80, 0x43,
+	0xE7, 0xA9, 0x8A, 0x43, 0xE7, 0xA9, 0x8F, 0x43,
+	0xE7, 0xA9, 0xB4, 0x43, 0xE7, 0xA9, 0xBA, 0x43,
+	0xE7, 0xAA, 0x81, 0x43, 0xE7, 0xAA, 0xB1, 0x43,
+	0xE7, 0xAB, 0x8B, 0x43, 0xE7, 0xAB, 0xAE, 0x43,
+	// Bytes 10c0 - 10ff
+	0xE7, 0xAB, 0xB9, 0x43, 0xE7, 0xAC, 0xA0, 0x43,
+	0xE7, 0xAE, 0x8F, 0x43, 0xE7, 0xAF, 0x80, 0x43,
+	0xE7, 0xAF, 0x86, 0x43, 0xE7, 0xAF, 0x89, 0x43,
+	0xE7, 0xB0, 0xBE, 0x43, 0xE7, 0xB1, 0xA0, 0x43,
+	0xE7, 0xB1, 0xB3, 0x43, 0xE7, 0xB1, 0xBB, 0x43,
+	0xE7, 0xB2, 0x92, 0x43, 0xE7, 0xB2, 0xBE, 0x43,
+	0xE7, 0xB3, 0x92, 0x43, 0xE7, 0xB3, 0x96, 0x43,
+	0xE7, 0xB3, 0xA3, 0x43, 0xE7, 0xB3, 0xA7, 0x43,
+	// Bytes 1100 - 113f
+	0xE7, 0xB3, 0xA8, 0x43, 0xE7, 0xB3, 0xB8, 0x43,
+	0xE7, 0xB4, 0x80, 0x43, 0xE7, 0xB4, 0x90, 0x43,
+	0xE7, 0xB4, 0xA2, 0x43, 0xE7, 0xB4, 0xAF, 0x43,
+	0xE7, 0xB5, 0x82, 0x43, 0xE7, 0xB5, 0x9B, 0x43,
+	0xE7, 0xB5, 0xA3, 0x43, 0xE7, 0xB6, 0xA0, 0x43,
+	0xE7, 0xB6, 0xBE, 0x43, 0xE7, 0xB7, 0x87, 0x43,
+	0xE7, 0xB7, 0xB4, 0x43, 0xE7, 0xB8, 0x82, 0x43,
+	0xE7, 0xB8, 0x89, 0x43, 0xE7, 0xB8, 0xB7, 0x43,
+	// Bytes 1140 - 117f
+	0xE7, 0xB9, 0x81, 0x43, 0xE7, 0xB9, 0x85, 0x43,
+	0xE7, 0xBC, 0xB6, 0x43, 0xE7, 0xBC, 0xBE, 0x43,
+	0xE7, 0xBD, 0x91, 0x43, 0xE7, 0xBD, 0xB2, 0x43,
+	0xE7, 0xBD, 0xB9, 0x43, 0xE7, 0xBD, 0xBA, 0x43,
+	0xE7, 0xBE, 0x85, 0x43, 0xE7, 0xBE, 0x8A, 0x43,
+	0xE7, 0xBE, 0x95, 0x43, 0xE7, 0xBE, 0x9A, 0x43,
+	0xE7, 0xBE, 0xBD, 0x43, 0xE7, 0xBF, 0xBA, 0x43,
+	0xE8, 0x80, 0x81, 0x43, 0xE8, 0x80, 0x85, 0x43,
+	// Bytes 1180 - 11bf
+	0xE8, 0x80, 0x8C, 0x43, 0xE8, 0x80, 0x92, 0x43,
+	0xE8, 0x80, 0xB3, 0x43, 0xE8, 0x81, 0x86, 0x43,
+	0xE8, 0x81, 0xA0, 0x43, 0xE8, 0x81, 0xAF, 0x43,
+	0xE8, 0x81, 0xB0, 0x43, 0xE8, 0x81, 0xBE, 0x43,
+	0xE8, 0x81, 0xBF, 0x43, 0xE8, 0x82, 0x89, 0x43,
+	0xE8, 0x82, 0x8B, 0x43, 0xE8, 0x82, 0xAD, 0x43,
+	0xE8, 0x82, 0xB2, 0x43, 0xE8, 0x84, 0x83, 0x43,
+	0xE8, 0x84, 0xBE, 0x43, 0xE8, 0x87, 0x98, 0x43,
+	// Bytes 11c0 - 11ff
+	0xE8, 0x87, 0xA3, 0x43, 0xE8, 0x87, 0xA8, 0x43,
+	0xE8, 0x87, 0xAA, 0x43, 0xE8, 0x87, 0xAD, 0x43,
+	0xE8, 0x87, 0xB3, 0x43, 0xE8, 0x87, 0xBC, 0x43,
+	0xE8, 0x88, 0x81, 0x43, 0xE8, 0x88, 0x84, 0x43,
+	0xE8, 0x88, 0x8C, 0x43, 0xE8, 0x88, 0x98, 0x43,
+	0xE8, 0x88, 0x9B, 0x43, 0xE8, 0x88, 0x9F, 0x43,
+	0xE8, 0x89, 0xAE, 0x43, 0xE8, 0x89, 0xAF, 0x43,
+	0xE8, 0x89, 0xB2, 0x43, 0xE8, 0x89, 0xB8, 0x43,
+	// Bytes 1200 - 123f
+	0xE8, 0x89, 0xB9, 0x43, 0xE8, 0x8A, 0x8B, 0x43,
+	0xE8, 0x8A, 0x91, 0x43, 0xE8, 0x8A, 0x9D, 0x43,
+	0xE8, 0x8A, 0xB1, 0x43, 0xE8, 0x8A, 0xB3, 0x43,
+	0xE8, 0x8A, 0xBD, 0x43, 0xE8, 0x8B, 0xA5, 0x43,
+	0xE8, 0x8B, 0xA6, 0x43, 0xE8, 0x8C, 0x9D, 0x43,
+	0xE8, 0x8C, 0xA3, 0x43, 0xE8, 0x8C, 0xB6, 0x43,
+	0xE8, 0x8D, 0x92, 0x43, 0xE8, 0x8D, 0x93, 0x43,
+	0xE8, 0x8D, 0xA3, 0x43, 0xE8, 0x8E, 0xAD, 0x43,
+	// Bytes 1240 - 127f
+	0xE8, 0x8E, 0xBD, 0x43, 0xE8, 0x8F, 0x89, 0x43,
+	0xE8, 0x8F, 0x8A, 0x43, 0xE8, 0x8F, 0x8C, 0x43,
+	0xE8, 0x8F, 0x9C, 0x43, 0xE8, 0x8F, 0xA7, 0x43,
+	0xE8, 0x8F, 0xAF, 0x43, 0xE8, 0x8F, 0xB1, 0x43,
+	0xE8, 0x90, 0xBD, 0x43, 0xE8, 0x91, 0x89, 0x43,
+	0xE8, 0x91, 0x97, 0x43, 0xE8, 0x93, 0xAE, 0x43,
+	0xE8, 0x93, 0xB1, 0x43, 0xE8, 0x93, 0xB3, 0x43,
+	0xE8, 0x93, 0xBC, 0x43, 0xE8, 0x94, 0x96, 0x43,
+	// Bytes 1280 - 12bf
+	0xE8, 0x95, 0xA4, 0x43, 0xE8, 0x97, 0x8D, 0x43,
+	0xE8, 0x97, 0xBA, 0x43, 0xE8, 0x98, 0x86, 0x43,
+	0xE8, 0x98, 0x92, 0x43, 0xE8, 0x98, 0xAD, 0x43,
+	0xE8, 0x98, 0xBF, 0x43, 0xE8, 0x99, 0x8D, 0x43,
+	0xE8, 0x99, 0x90, 0x43, 0xE8, 0x99, 0x9C, 0x43,
+	0xE8, 0x99, 0xA7, 0x43, 0xE8, 0x99, 0xA9, 0x43,
+	0xE8, 0x99, 0xAB, 0x43, 0xE8, 0x9A, 0x88, 0x43,
+	0xE8, 0x9A, 0xA9, 0x43, 0xE8, 0x9B, 0xA2, 0x43,
+	// Bytes 12c0 - 12ff
+	0xE8, 0x9C, 0x8E, 0x43, 0xE8, 0x9C, 0xA8, 0x43,
+	0xE8, 0x9D, 0xAB, 0x43, 0xE8, 0x9D, 0xB9, 0x43,
+	0xE8, 0x9E, 0x86, 0x43, 0xE8, 0x9E, 0xBA, 0x43,
+	0xE8, 0x9F, 0xA1, 0x43, 0xE8, 0xA0, 0x81, 0x43,
+	0xE8, 0xA0, 0x9F, 0x43, 0xE8, 0xA1, 0x80, 0x43,
+	0xE8, 0xA1, 0x8C, 0x43, 0xE8, 0xA1, 0xA0, 0x43,
+	0xE8, 0xA1, 0xA3, 0x43, 0xE8, 0xA3, 0x82, 0x43,
+	0xE8, 0xA3, 0x8F, 0x43, 0xE8, 0xA3, 0x97, 0x43,
+	// Bytes 1300 - 133f
+	0xE8, 0xA3, 0x9E, 0x43, 0xE8, 0xA3, 0xA1, 0x43,
+	0xE8, 0xA3, 0xB8, 0x43, 0xE8, 0xA3, 0xBA, 0x43,
+	0xE8, 0xA4, 0x90, 0x43, 0xE8, 0xA5, 0x81, 0x43,
+	0xE8, 0xA5, 0xA4, 0x43, 0xE8, 0xA5, 0xBE, 0x43,
+	0xE8, 0xA6, 0x86, 0x43, 0xE8, 0xA6, 0x8B, 0x43,
+	0xE8, 0xA6, 0x96, 0x43, 0xE8, 0xA7, 0x92, 0x43,
+	0xE8, 0xA7, 0xA3, 0x43, 0xE8, 0xA8, 0x80, 0x43,
+	0xE8, 0xAA, 0xA0, 0x43, 0xE8, 0xAA, 0xAA, 0x43,
+	// Bytes 1340 - 137f
+	0xE8, 0xAA, 0xBF, 0x43, 0xE8, 0xAB, 0x8B, 0x43,
+	0xE8, 0xAB, 0x92, 0x43, 0xE8, 0xAB, 0x96, 0x43,
+	0xE8, 0xAB, 0xAD, 0x43, 0xE8, 0xAB, 0xB8, 0x43,
+	0xE8, 0xAB, 0xBE, 0x43, 0xE8, 0xAC, 0x81, 0x43,
+	0xE8, 0xAC, 0xB9, 0x43, 0xE8, 0xAD, 0x98, 0x43,
+	0xE8, 0xAE, 0x80, 0x43, 0xE8, 0xAE, 0x8A, 0x43,
+	0xE8, 0xB0, 0xB7, 0x43, 0xE8, 0xB1, 0x86, 0x43,
+	0xE8, 0xB1, 0x88, 0x43, 0xE8, 0xB1, 0x95, 0x43,
+	// Bytes 1380 - 13bf
+	0xE8, 0xB1, 0xB8, 0x43, 0xE8, 0xB2, 0x9D, 0x43,
+	0xE8, 0xB2, 0xA1, 0x43, 0xE8, 0xB2, 0xA9, 0x43,
+	0xE8, 0xB2, 0xAB, 0x43, 0xE8, 0xB3, 0x81, 0x43,
+	0xE8, 0xB3, 0x82, 0x43, 0xE8, 0xB3, 0x87, 0x43,
+	0xE8, 0xB3, 0x88, 0x43, 0xE8, 0xB3, 0x93, 0x43,
+	0xE8, 0xB4, 0x88, 0x43, 0xE8, 0xB4, 0x9B, 0x43,
+	0xE8, 0xB5, 0xA4, 0x43, 0xE8, 0xB5, 0xB0, 0x43,
+	0xE8, 0xB5, 0xB7, 0x43, 0xE8, 0xB6, 0xB3, 0x43,
+	// Bytes 13c0 - 13ff
+	0xE8, 0xB6, 0xBC, 0x43, 0xE8, 0xB7, 0x8B, 0x43,
+	0xE8, 0xB7, 0xAF, 0x43, 0xE8, 0xB7, 0xB0, 0x43,
+	0xE8, 0xBA, 0xAB, 0x43, 0xE8, 0xBB, 0x8A, 0x43,
+	0xE8, 0xBB, 0x94, 0x43, 0xE8, 0xBC, 0xA6, 0x43,
+	0xE8, 0xBC, 0xAA, 0x43, 0xE8, 0xBC, 0xB8, 0x43,
+	0xE8, 0xBC, 0xBB, 0x43, 0xE8, 0xBD, 0xA2, 0x43,
+	0xE8, 0xBE, 0x9B, 0x43, 0xE8, 0xBE, 0x9E, 0x43,
+	0xE8, 0xBE, 0xB0, 0x43, 0xE8, 0xBE, 0xB5, 0x43,
+	// Bytes 1400 - 143f
+	0xE8, 0xBE, 0xB6, 0x43, 0xE9, 0x80, 0xA3, 0x43,
+	0xE9, 0x80, 0xB8, 0x43, 0xE9, 0x81, 0x8A, 0x43,
+	0xE9, 0x81, 0xA9, 0x43, 0xE9, 0x81, 0xB2, 0x43,
+	0xE9, 0x81, 0xBC, 0x43, 0xE9, 0x82, 0x8F, 0x43,
+	0xE9, 0x82, 0x91, 0x43, 0xE9, 0x82, 0x94, 0x43,
+	0xE9, 0x83, 0x8E, 0x43, 0xE9, 0x83, 0x9E, 0x43,
+	0xE9, 0x83, 0xB1, 0x43, 0xE9, 0x83, 0xBD, 0x43,
+	0xE9, 0x84, 0x91, 0x43, 0xE9, 0x84, 0x9B, 0x43,
+	// Bytes 1440 - 147f
+	0xE9, 0x85, 0x89, 0x43, 0xE9, 0x85, 0x8D, 0x43,
+	0xE9, 0x85, 0xAA, 0x43, 0xE9, 0x86, 0x99, 0x43,
+	0xE9, 0x86, 0xB4, 0x43, 0xE9, 0x87, 0x86, 0x43,
+	0xE9, 0x87, 0x8C, 0x43, 0xE9, 0x87, 0x8F, 0x43,
+	0xE9, 0x87, 0x91, 0x43, 0xE9, 0x88, 0xB4, 0x43,
+	0xE9, 0x88, 0xB8, 0x43, 0xE9, 0x89, 0xB6, 0x43,
+	0xE9, 0x89, 0xBC, 0x43, 0xE9, 0x8B, 0x97, 0x43,
+	0xE9, 0x8B, 0x98, 0x43, 0xE9, 0x8C, 0x84, 0x43,
+	// Bytes 1480 - 14bf
+	0xE9, 0x8D, 0x8A, 0x43, 0xE9, 0x8F, 0xB9, 0x43,
+	0xE9, 0x90, 0x95, 0x43, 0xE9, 0x95, 0xB7, 0x43,
+	0xE9, 0x96, 0x80, 0x43, 0xE9, 0x96, 0x8B, 0x43,
+	0xE9, 0x96, 0xAD, 0x43, 0xE9, 0x96, 0xB7, 0x43,
+	0xE9, 0x98, 0x9C, 0x43, 0xE9, 0x98, 0xAE, 0x43,
+	0xE9, 0x99, 0x8B, 0x43, 0xE9, 0x99, 0x8D, 0x43,
+	0xE9, 0x99, 0xB5, 0x43, 0xE9, 0x99, 0xB8, 0x43,
+	0xE9, 0x99, 0xBC, 0x43, 0xE9, 0x9A, 0x86, 0x43,
+	// Bytes 14c0 - 14ff
+	0xE9, 0x9A, 0xA3, 0x43, 0xE9, 0x9A, 0xB6, 0x43,
+	0xE9, 0x9A, 0xB7, 0x43, 0xE9, 0x9A, 0xB8, 0x43,
+	0xE9, 0x9A, 0xB9, 0x43, 0xE9, 0x9B, 0x83, 0x43,
+	0xE9, 0x9B, 0xA2, 0x43, 0xE9, 0x9B, 0xA3, 0x43,
+	0xE9, 0x9B, 0xA8, 0x43, 0xE9, 0x9B, 0xB6, 0x43,
+	0xE9, 0x9B, 0xB7, 0x43, 0xE9, 0x9C, 0xA3, 0x43,
+	0xE9, 0x9C, 0xB2, 0x43, 0xE9, 0x9D, 0x88, 0x43,
+	0xE9, 0x9D, 0x91, 0x43, 0xE9, 0x9D, 0x96, 0x43,
+	// Bytes 1500 - 153f
+	0xE9, 0x9D, 0x9E, 0x43, 0xE9, 0x9D, 0xA2, 0x43,
+	0xE9, 0x9D, 0xA9, 0x43, 0xE9, 0x9F, 0x8B, 0x43,
+	0xE9, 0x9F, 0x9B, 0x43, 0xE9, 0x9F, 0xA0, 0x43,
+	0xE9, 0x9F, 0xAD, 0x43, 0xE9, 0x9F, 0xB3, 0x43,
+	0xE9, 0x9F, 0xBF, 0x43, 0xE9, 0xA0, 0x81, 0x43,
+	0xE9, 0xA0, 0x85, 0x43, 0xE9, 0xA0, 0x8B, 0x43,
+	0xE9, 0xA0, 0x98, 0x43, 0xE9, 0xA0, 0xA9, 0x43,
+	0xE9, 0xA0, 0xBB, 0x43, 0xE9, 0xA1, 0x9E, 0x43,
+	// Bytes 1540 - 157f
+	0xE9, 0xA2, 0xA8, 0x43, 0xE9, 0xA3, 0x9B, 0x43,
+	0xE9, 0xA3, 0x9F, 0x43, 0xE9, 0xA3, 0xA2, 0x43,
+	0xE9, 0xA3, 0xAF, 0x43, 0xE9, 0xA3, 0xBC, 0x43,
+	0xE9, 0xA4, 0xA8, 0x43, 0xE9, 0xA4, 0xA9, 0x43,
+	0xE9, 0xA6, 0x96, 0x43, 0xE9, 0xA6, 0x99, 0x43,
+	0xE9, 0xA6, 0xA7, 0x43, 0xE9, 0xA6, 0xAC, 0x43,
+	0xE9, 0xA7, 0x82, 0x43, 0xE9, 0xA7, 0xB1, 0x43,
+	0xE9, 0xA7, 0xBE, 0x43, 0xE9, 0xA9, 0xAA, 0x43,
+	// Bytes 1580 - 15bf
+	0xE9, 0xAA, 0xA8, 0x43, 0xE9, 0xAB, 0x98, 0x43,
+	0xE9, 0xAB, 0x9F, 0x43, 0xE9, 0xAC, 0x92, 0x43,
+	0xE9, 0xAC, 0xA5, 0x43, 0xE9, 0xAC, 0xAF, 0x43,
+	0xE9, 0xAC, 0xB2, 0x43, 0xE9, 0xAC, 0xBC, 0x43,
+	0xE9, 0xAD, 0x9A, 0x43, 0xE9, 0xAD, 0xAF, 0x43,
+	0xE9, 0xB1, 0x80, 0x43, 0xE9, 0xB1, 0x97, 0x43,
+	0xE9, 0xB3, 0xA5, 0x43, 0xE9, 0xB3, 0xBD, 0x43,
+	0xE9, 0xB5, 0xA7, 0x43, 0xE9, 0xB6, 0xB4, 0x43,
+	// Bytes 15c0 - 15ff
+	0xE9, 0xB7, 0xBA, 0x43, 0xE9, 0xB8, 0x9E, 0x43,
+	0xE9, 0xB9, 0xB5, 0x43, 0xE9, 0xB9, 0xBF, 0x43,
+	0xE9, 0xBA, 0x97, 0x43, 0xE9, 0xBA, 0x9F, 0x43,
+	0xE9, 0xBA, 0xA5, 0x43, 0xE9, 0xBA, 0xBB, 0x43,
+	0xE9, 0xBB, 0x83, 0x43, 0xE9, 0xBB, 0x8D, 0x43,
+	0xE9, 0xBB, 0x8E, 0x43, 0xE9, 0xBB, 0x91, 0x43,
+	0xE9, 0xBB, 0xB9, 0x43, 0xE9, 0xBB, 0xBD, 0x43,
+	0xE9, 0xBB, 0xBE, 0x43, 0xE9, 0xBC, 0x85, 0x43,
+	// Bytes 1600 - 163f
+	0xE9, 0xBC, 0x8E, 0x43, 0xE9, 0xBC, 0x8F, 0x43,
+	0xE9, 0xBC, 0x93, 0x43, 0xE9, 0xBC, 0x96, 0x43,
+	0xE9, 0xBC, 0xA0, 0x43, 0xE9, 0xBC, 0xBB, 0x43,
+	0xE9, 0xBD, 0x83, 0x43, 0xE9, 0xBD, 0x8A, 0x43,
+	0xE9, 0xBD, 0x92, 0x43, 0xE9, 0xBE, 0x8D, 0x43,
+	0xE9, 0xBE, 0x8E, 0x43, 0xE9, 0xBE, 0x9C, 0x43,
+	0xE9, 0xBE, 0x9F, 0x43, 0xE9, 0xBE, 0xA0, 0x43,
+	0xEA, 0x9C, 0xA7, 0x43, 0xEA, 0x9D, 0xAF, 0x43,
+	// Bytes 1640 - 167f
+	0xEA, 0xAC, 0xB7, 0x43, 0xEA, 0xAD, 0x92, 0x44,
+	0xF0, 0xA0, 0x84, 0xA2, 0x44, 0xF0, 0xA0, 0x94,
+	0x9C, 0x44, 0xF0, 0xA0, 0x94, 0xA5, 0x44, 0xF0,
+	0xA0, 0x95, 0x8B, 0x44, 0xF0, 0xA0, 0x98, 0xBA,
+	0x44, 0xF0, 0xA0, 0xA0, 0x84, 0x44, 0xF0, 0xA0,
+	0xA3, 0x9E, 0x44, 0xF0, 0xA0, 0xA8, 0xAC, 0x44,
+	0xF0, 0xA0, 0xAD, 0xA3, 0x44, 0xF0, 0xA1, 0x93,
+	0xA4, 0x44, 0xF0, 0xA1, 0x9A, 0xA8, 0x44, 0xF0,
+	// Bytes 1680 - 16bf
+	0xA1, 0x9B, 0xAA, 0x44, 0xF0, 0xA1, 0xA7, 0x88,
+	0x44, 0xF0, 0xA1, 0xAC, 0x98, 0x44, 0xF0, 0xA1,
+	0xB4, 0x8B, 0x44, 0xF0, 0xA1, 0xB7, 0xA4, 0x44,
+	0xF0, 0xA1, 0xB7, 0xA6, 0x44, 0xF0, 0xA2, 0x86,
+	0x83, 0x44, 0xF0, 0xA2, 0x86, 0x9F, 0x44, 0xF0,
+	0xA2, 0x8C, 0xB1, 0x44, 0xF0, 0xA2, 0x9B, 0x94,
+	0x44, 0xF0, 0xA2, 0xA1, 0x84, 0x44, 0xF0, 0xA2,
+	0xA1, 0x8A, 0x44, 0xF0, 0xA2, 0xAC, 0x8C, 0x44,
+	// Bytes 16c0 - 16ff
+	0xF0, 0xA2, 0xAF, 0xB1, 0x44, 0xF0, 0xA3, 0x80,
+	0x8A, 0x44, 0xF0, 0xA3, 0x8A, 0xB8, 0x44, 0xF0,
+	0xA3, 0x8D, 0x9F, 0x44, 0xF0, 0xA3, 0x8E, 0x93,
+	0x44, 0xF0, 0xA3, 0x8E, 0x9C, 0x44, 0xF0, 0xA3,
+	0x8F, 0x83, 0x44, 0xF0, 0xA3, 0x8F, 0x95, 0x44,
+	0xF0, 0xA3, 0x91, 0xAD, 0x44, 0xF0, 0xA3, 0x9A,
+	0xA3, 0x44, 0xF0, 0xA3, 0xA2, 0xA7, 0x44, 0xF0,
+	0xA3, 0xAA, 0x8D, 0x44, 0xF0, 0xA3, 0xAB, 0xBA,
+	// Bytes 1700 - 173f
+	0x44, 0xF0, 0xA3, 0xB2, 0xBC, 0x44, 0xF0, 0xA3,
+	0xB4, 0x9E, 0x44, 0xF0, 0xA3, 0xBB, 0x91, 0x44,
+	0xF0, 0xA3, 0xBD, 0x9E, 0x44, 0xF0, 0xA3, 0xBE,
+	0x8E, 0x44, 0xF0, 0xA4, 0x89, 0xA3, 0x44, 0xF0,
+	0xA4, 0x8B, 0xAE, 0x44, 0xF0, 0xA4, 0x8E, 0xAB,
+	0x44, 0xF0, 0xA4, 0x98, 0x88, 0x44, 0xF0, 0xA4,
+	0x9C, 0xB5, 0x44, 0xF0, 0xA4, 0xA0, 0x94, 0x44,
+	0xF0, 0xA4, 0xB0, 0xB6, 0x44, 0xF0, 0xA4, 0xB2,
+	// Bytes 1740 - 177f
+	0x92, 0x44, 0xF0, 0xA4, 0xBE, 0xA1, 0x44, 0xF0,
+	0xA4, 0xBE, 0xB8, 0x44, 0xF0, 0xA5, 0x81, 0x84,
+	0x44, 0xF0, 0xA5, 0x83, 0xB2, 0x44, 0xF0, 0xA5,
+	0x83, 0xB3, 0x44, 0xF0, 0xA5, 0x84, 0x99, 0x44,
+	0xF0, 0xA5, 0x84, 0xB3, 0x44, 0xF0, 0xA5, 0x89,
+	0x89, 0x44, 0xF0, 0xA5, 0x90, 0x9D, 0x44, 0xF0,
+	0xA5, 0x98, 0xA6, 0x44, 0xF0, 0xA5, 0x9A, 0x9A,
+	0x44, 0xF0, 0xA5, 0x9B, 0x85, 0x44, 0xF0, 0xA5,
+	// Bytes 1780 - 17bf
+	0xA5, 0xBC, 0x44, 0xF0, 0xA5, 0xAA, 0xA7, 0x44,
+	0xF0, 0xA5, 0xAE, 0xAB, 0x44, 0xF0, 0xA5, 0xB2,
+	0x80, 0x44, 0xF0, 0xA5, 0xB3, 0x90, 0x44, 0xF0,
+	0xA5, 0xBE, 0x86, 0x44, 0xF0, 0xA6, 0x87, 0x9A,
+	0x44, 0xF0, 0xA6, 0x88, 0xA8, 0x44, 0xF0, 0xA6,
+	0x89, 0x87, 0x44, 0xF0, 0xA6, 0x8B, 0x99, 0x44,
+	0xF0, 0xA6, 0x8C, 0xBE, 0x44, 0xF0, 0xA6, 0x93,
+	0x9A, 0x44, 0xF0, 0xA6, 0x94, 0xA3, 0x44, 0xF0,
+	// Bytes 17c0 - 17ff
+	0xA6, 0x96, 0xA8, 0x44, 0xF0, 0xA6, 0x9E, 0xA7,
+	0x44, 0xF0, 0xA6, 0x9E, 0xB5, 0x44, 0xF0, 0xA6,
+	0xAC, 0xBC, 0x44, 0xF0, 0xA6, 0xB0, 0xB6, 0x44,
+	0xF0, 0xA6, 0xB3, 0x95, 0x44, 0xF0, 0xA6, 0xB5,
+	0xAB, 0x44, 0xF0, 0xA6, 0xBC, 0xAC, 0x44, 0xF0,
+	0xA6, 0xBE, 0xB1, 0x44, 0xF0, 0xA7, 0x83, 0x92,
+	0x44, 0xF0, 0xA7, 0x8F, 0x8A, 0x44, 0xF0, 0xA7,
+	0x99, 0xA7, 0x44, 0xF0, 0xA7, 0xA2, 0xAE, 0x44,
+	// Bytes 1800 - 183f
+	0xF0, 0xA7, 0xA5, 0xA6, 0x44, 0xF0, 0xA7, 0xB2,
+	0xA8, 0x44, 0xF0, 0xA7, 0xBB, 0x93, 0x44, 0xF0,
+	0xA7, 0xBC, 0xAF, 0x44, 0xF0, 0xA8, 0x97, 0x92,
+	0x44, 0xF0, 0xA8, 0x97, 0xAD, 0x44, 0xF0, 0xA8,
+	0x9C, 0xAE, 0x44, 0xF0, 0xA8, 0xAF, 0xBA, 0x44,
+	0xF0, 0xA8, 0xB5, 0xB7, 0x44, 0xF0, 0xA9, 0x85,
+	0x85, 0x44, 0xF0, 0xA9, 0x87, 0x9F, 0x44, 0xF0,
+	0xA9, 0x88, 0x9A, 0x44, 0xF0, 0xA9, 0x90, 0x8A,
+	// Bytes 1840 - 187f
+	0x44, 0xF0, 0xA9, 0x92, 0x96, 0x44, 0xF0, 0xA9,
+	0x96, 0xB6, 0x44, 0xF0, 0xA9, 0xAC, 0xB0, 0x44,
+	0xF0, 0xAA, 0x83, 0x8E, 0x44, 0xF0, 0xAA, 0x84,
+	0x85, 0x44, 0xF0, 0xAA, 0x88, 0x8E, 0x44, 0xF0,
+	0xAA, 0x8A, 0x91, 0x44, 0xF0, 0xAA, 0x8E, 0x92,
+	0x44, 0xF0, 0xAA, 0x98, 0x80, 0x42, 0x21, 0x21,
+	0x42, 0x21, 0x3F, 0x42, 0x2E, 0x2E, 0x42, 0x30,
+	0x2C, 0x42, 0x30, 0x2E, 0x42, 0x31, 0x2C, 0x42,
+	// Bytes 1880 - 18bf
+	0x31, 0x2E, 0x42, 0x31, 0x30, 0x42, 0x31, 0x31,
+	0x42, 0x31, 0x32, 0x42, 0x31, 0x33, 0x42, 0x31,
+	0x34, 0x42, 0x31, 0x35, 0x42, 0x31, 0x36, 0x42,
+	0x31, 0x37, 0x42, 0x31, 0x38, 0x42, 0x31, 0x39,
+	0x42, 0x32, 0x2C, 0x42, 0x32, 0x2E, 0x42, 0x32,
+	0x30, 0x42, 0x32, 0x31, 0x42, 0x32, 0x32, 0x42,
+	0x32, 0x33, 0x42, 0x32, 0x34, 0x42, 0x32, 0x35,
+	0x42, 0x32, 0x36, 0x42, 0x32, 0x37, 0x42, 0x32,
+	// Bytes 18c0 - 18ff
+	0x38, 0x42, 0x32, 0x39, 0x42, 0x33, 0x2C, 0x42,
+	0x33, 0x2E, 0x42, 0x33, 0x30, 0x42, 0x33, 0x31,
+	0x42, 0x33, 0x32, 0x42, 0x33, 0x33, 0x42, 0x33,
+	0x34, 0x42, 0x33, 0x35, 0x42, 0x33, 0x36, 0x42,
+	0x33, 0x37, 0x42, 0x33, 0x38, 0x42, 0x33, 0x39,
+	0x42, 0x34, 0x2C, 0x42, 0x34, 0x2E, 0x42, 0x34,
+	0x30, 0x42, 0x34, 0x31, 0x42, 0x34, 0x32, 0x42,
+	0x34, 0x33, 0x42, 0x34, 0x34, 0x42, 0x34, 0x35,
+	// Bytes 1900 - 193f
+	0x42, 0x34, 0x36, 0x42, 0x34, 0x37, 0x42, 0x34,
+	0x38, 0x42, 0x34, 0x39, 0x42, 0x35, 0x2C, 0x42,
+	0x35, 0x2E, 0x42, 0x35, 0x30, 0x42, 0x36, 0x2C,
+	0x42, 0x36, 0x2E, 0x42, 0x37, 0x2C, 0x42, 0x37,
+	0x2E, 0x42, 0x38, 0x2C, 0x42, 0x38, 0x2E, 0x42,
+	0x39, 0x2C, 0x42, 0x39, 0x2E, 0x42, 0x3D, 0x3D,
+	0x42, 0x3F, 0x21, 0x42, 0x3F, 0x3F, 0x42, 0x41,
+	0x55, 0x42, 0x42, 0x71, 0x42, 0x43, 0x44, 0x42,
+	// Bytes 1940 - 197f
+	0x44, 0x4A, 0x42, 0x44, 0x5A, 0x42, 0x44, 0x7A,
+	0x42, 0x47, 0x42, 0x42, 0x47, 0x79, 0x42, 0x48,
+	0x50, 0x42, 0x48, 0x56, 0x42, 0x48, 0x67, 0x42,
+	0x48, 0x7A, 0x42, 0x49, 0x49, 0x42, 0x49, 0x4A,
+	0x42, 0x49, 0x55, 0x42, 0x49, 0x56, 0x42, 0x49,
+	0x58, 0x42, 0x4B, 0x42, 0x42, 0x4B, 0x4B, 0x42,
+	0x4B, 0x4D, 0x42, 0x4C, 0x4A, 0x42, 0x4C, 0x6A,
+	0x42, 0x4D, 0x42, 0x42, 0x4D, 0x43, 0x42, 0x4D,
+	// Bytes 1980 - 19bf
+	0x44, 0x42, 0x4D, 0x56, 0x42, 0x4D, 0x57, 0x42,
+	0x4E, 0x4A, 0x42, 0x4E, 0x6A, 0x42, 0x4E, 0x6F,
+	0x42, 0x50, 0x48, 0x42, 0x50, 0x52, 0x42, 0x50,
+	0x61, 0x42, 0x52, 0x73, 0x42, 0x53, 0x44, 0x42,
+	0x53, 0x4D, 0x42, 0x53, 0x53, 0x42, 0x53, 0x76,
+	0x42, 0x54, 0x4D, 0x42, 0x56, 0x49, 0x42, 0x57,
+	0x43, 0x42, 0x57, 0x5A, 0x42, 0x57, 0x62, 0x42,
+	0x58, 0x49, 0x42, 0x63, 0x63, 0x42, 0x63, 0x64,
+	// Bytes 19c0 - 19ff
+	0x42, 0x63, 0x6D, 0x42, 0x64, 0x42, 0x42, 0x64,
+	0x61, 0x42, 0x64, 0x6C, 0x42, 0x64, 0x6D, 0x42,
+	0x64, 0x7A, 0x42, 0x65, 0x56, 0x42, 0x66, 0x66,
+	0x42, 0x66, 0x69, 0x42, 0x66, 0x6C, 0x42, 0x66,
+	0x6D, 0x42, 0x68, 0x61, 0x42, 0x69, 0x69, 0x42,
+	0x69, 0x6A, 0x42, 0x69, 0x6E, 0x42, 0x69, 0x76,
+	0x42, 0x69, 0x78, 0x42, 0x6B, 0x41, 0x42, 0x6B,
+	0x56, 0x42, 0x6B, 0x57, 0x42, 0x6B, 0x67, 0x42,
+	// Bytes 1a00 - 1a3f
+	0x6B, 0x6C, 0x42, 0x6B, 0x6D, 0x42, 0x6B, 0x74,
+	0x42, 0x6C, 0x6A, 0x42, 0x6C, 0x6D, 0x42, 0x6C,
+	0x6E, 0x42, 0x6C, 0x78, 0x42, 0x6D, 0x32, 0x42,
+	0x6D, 0x33, 0x42, 0x6D, 0x41, 0x42, 0x6D, 0x56,
+	0x42, 0x6D, 0x57, 0x42, 0x6D, 0x62, 0x42, 0x6D,
+	0x67, 0x42, 0x6D, 0x6C, 0x42, 0x6D, 0x6D, 0x42,
+	0x6D, 0x73, 0x42, 0x6E, 0x41, 0x42, 0x6E, 0x46,
+	0x42, 0x6E, 0x56, 0x42, 0x6E, 0x57, 0x42, 0x6E,
+	// Bytes 1a40 - 1a7f
+	0x6A, 0x42, 0x6E, 0x6D, 0x42, 0x6E, 0x73, 0x42,
+	0x6F, 0x56, 0x42, 0x70, 0x41, 0x42, 0x70, 0x46,
+	0x42, 0x70, 0x56, 0x42, 0x70, 0x57, 0x42, 0x70,
+	0x63, 0x42, 0x70, 0x73, 0x42, 0x73, 0x72, 0x42,
+	0x73, 0x74, 0x42, 0x76, 0x69, 0x42, 0x78, 0x69,
+	0x43, 0x28, 0x31, 0x29, 0x43, 0x28, 0x32, 0x29,
+	0x43, 0x28, 0x33, 0x29, 0x43, 0x28, 0x34, 0x29,
+	0x43, 0x28, 0x35, 0x29, 0x43, 0x28, 0x36, 0x29,
+	// Bytes 1a80 - 1abf
+	0x43, 0x28, 0x37, 0x29, 0x43, 0x28, 0x38, 0x29,
+	0x43, 0x28, 0x39, 0x29, 0x43, 0x28, 0x41, 0x29,
+	0x43, 0x28, 0x42, 0x29, 0x43, 0x28, 0x43, 0x29,
+	0x43, 0x28, 0x44, 0x29, 0x43, 0x28, 0x45, 0x29,
+	0x43, 0x28, 0x46, 0x29, 0x43, 0x28, 0x47, 0x29,
+	0x43, 0x28, 0x48, 0x29, 0x43, 0x28, 0x49, 0x29,
+	0x43, 0x28, 0x4A, 0x29, 0x43, 0x28, 0x4B, 0x29,
+	0x43, 0x28, 0x4C, 0x29, 0x43, 0x28, 0x4D, 0x29,
+	// Bytes 1ac0 - 1aff
+	0x43, 0x28, 0x4E, 0x29, 0x43, 0x28, 0x4F, 0x29,
+	0x43, 0x28, 0x50, 0x29, 0x43, 0x28, 0x51, 0x29,
+	0x43, 0x28, 0x52, 0x29, 0x43, 0x28, 0x53, 0x29,
+	0x43, 0x28, 0x54, 0x29, 0x43, 0x28, 0x55, 0x29,
+	0x43, 0x28, 0x56, 0x29, 0x43, 0x28, 0x57, 0x29,
+	0x43, 0x28, 0x58, 0x29, 0x43, 0x28, 0x59, 0x29,
+	0x43, 0x28, 0x5A, 0x29, 0x43, 0x28, 0x61, 0x29,
+	0x43, 0x28, 0x62, 0x29, 0x43, 0x28, 0x63, 0x29,
+	// Bytes 1b00 - 1b3f
+	0x43, 0x28, 0x64, 0x29, 0x43, 0x28, 0x65, 0x29,
+	0x43, 0x28, 0x66, 0x29, 0x43, 0x28, 0x67, 0x29,
+	0x43, 0x28, 0x68, 0x29, 0x43, 0x28, 0x69, 0x29,
+	0x43, 0x28, 0x6A, 0x29, 0x43, 0x28, 0x6B, 0x29,
+	0x43, 0x28, 0x6C, 0x29, 0x43, 0x28, 0x6D, 0x29,
+	0x43, 0x28, 0x6E, 0x29, 0x43, 0x28, 0x6F, 0x29,
+	0x43, 0x28, 0x70, 0x29, 0x43, 0x28, 0x71, 0x29,
+	0x43, 0x28, 0x72, 0x29, 0x43, 0x28, 0x73, 0x29,
+	// Bytes 1b40 - 1b7f
+	0x43, 0x28, 0x74, 0x29, 0x43, 0x28, 0x75, 0x29,
+	0x43, 0x28, 0x76, 0x29, 0x43, 0x28, 0x77, 0x29,
+	0x43, 0x28, 0x78, 0x29, 0x43, 0x28, 0x79, 0x29,
+	0x43, 0x28, 0x7A, 0x29, 0x43, 0x2E, 0x2E, 0x2E,
+	0x43, 0x31, 0x30, 0x2E, 0x43, 0x31, 0x31, 0x2E,
+	0x43, 0x31, 0x32, 0x2E, 0x43, 0x31, 0x33, 0x2E,
+	0x43, 0x31, 0x34, 0x2E, 0x43, 0x31, 0x35, 0x2E,
+	0x43, 0x31, 0x36, 0x2E, 0x43, 0x31, 0x37, 0x2E,
+	// Bytes 1b80 - 1bbf
+	0x43, 0x31, 0x38, 0x2E, 0x43, 0x31, 0x39, 0x2E,
+	0x43, 0x32, 0x30, 0x2E, 0x43, 0x3A, 0x3A, 0x3D,
+	0x43, 0x3D, 0x3D, 0x3D, 0x43, 0x43, 0x6F, 0x2E,
+	0x43, 0x46, 0x41, 0x58, 0x43, 0x47, 0x48, 0x7A,
+	0x43, 0x47, 0x50, 0x61, 0x43, 0x49, 0x49, 0x49,
+	0x43, 0x4C, 0x54, 0x44, 0x43, 0x4C, 0xC2, 0xB7,
+	0x43, 0x4D, 0x48, 0x7A, 0x43, 0x4D, 0x50, 0x61,
+	0x43, 0x4D, 0xCE, 0xA9, 0x43, 0x50, 0x50, 0x4D,
+	// Bytes 1bc0 - 1bff
+	0x43, 0x50, 0x50, 0x56, 0x43, 0x50, 0x54, 0x45,
+	0x43, 0x54, 0x45, 0x4C, 0x43, 0x54, 0x48, 0x7A,
+	0x43, 0x56, 0x49, 0x49, 0x43, 0x58, 0x49, 0x49,
+	0x43, 0x61, 0x2F, 0x63, 0x43, 0x61, 0x2F, 0x73,
+	0x43, 0x61, 0xCA, 0xBE, 0x43, 0x62, 0x61, 0x72,
+	0x43, 0x63, 0x2F, 0x6F, 0x43, 0x63, 0x2F, 0x75,
+	0x43, 0x63, 0x61, 0x6C, 0x43, 0x63, 0x6D, 0x32,
+	0x43, 0x63, 0x6D, 0x33, 0x43, 0x64, 0x6D, 0x32,
+	// Bytes 1c00 - 1c3f
+	0x43, 0x64, 0x6D, 0x33, 0x43, 0x65, 0x72, 0x67,
+	0x43, 0x66, 0x66, 0x69, 0x43, 0x66, 0x66, 0x6C,
+	0x43, 0x67, 0x61, 0x6C, 0x43, 0x68, 0x50, 0x61,
+	0x43, 0x69, 0x69, 0x69, 0x43, 0x6B, 0x48, 0x7A,
+	0x43, 0x6B, 0x50, 0x61, 0x43, 0x6B, 0x6D, 0x32,
+	0x43, 0x6B, 0x6D, 0x33, 0x43, 0x6B, 0xCE, 0xA9,
+	0x43, 0x6C, 0x6F, 0x67, 0x43, 0x6C, 0xC2, 0xB7,
+	0x43, 0x6D, 0x69, 0x6C, 0x43, 0x6D, 0x6D, 0x32,
+	// Bytes 1c40 - 1c7f
+	0x43, 0x6D, 0x6D, 0x33, 0x43, 0x6D, 0x6F, 0x6C,
+	0x43, 0x72, 0x61, 0x64, 0x43, 0x76, 0x69, 0x69,
+	0x43, 0x78, 0x69, 0x69, 0x43, 0xC2, 0xB0, 0x43,
+	0x43, 0xC2, 0xB0, 0x46, 0x43, 0xCA, 0xBC, 0x6E,
+	0x43, 0xCE, 0xBC, 0x41, 0x43, 0xCE, 0xBC, 0x46,
+	0x43, 0xCE, 0xBC, 0x56, 0x43, 0xCE, 0xBC, 0x57,
+	0x43, 0xCE, 0xBC, 0x67, 0x43, 0xCE, 0xBC, 0x6C,
+	0x43, 0xCE, 0xBC, 0x6D, 0x43, 0xCE, 0xBC, 0x73,
+	// Bytes 1c80 - 1cbf
+	0x44, 0x28, 0x31, 0x30, 0x29, 0x44, 0x28, 0x31,
+	0x31, 0x29, 0x44, 0x28, 0x31, 0x32, 0x29, 0x44,
+	0x28, 0x31, 0x33, 0x29, 0x44, 0x28, 0x31, 0x34,
+	0x29, 0x44, 0x28, 0x31, 0x35, 0x29, 0x44, 0x28,
+	0x31, 0x36, 0x29, 0x44, 0x28, 0x31, 0x37, 0x29,
+	0x44, 0x28, 0x31, 0x38, 0x29, 0x44, 0x28, 0x31,
+	0x39, 0x29, 0x44, 0x28, 0x32, 0x30, 0x29, 0x44,
+	0x30, 0xE7, 0x82, 0xB9, 0x44, 0x31, 0xE2, 0x81,
+	// Bytes 1cc0 - 1cff
+	0x84, 0x44, 0x31, 0xE6, 0x97, 0xA5, 0x44, 0x31,
+	0xE6, 0x9C, 0x88, 0x44, 0x31, 0xE7, 0x82, 0xB9,
+	0x44, 0x32, 0xE6, 0x97, 0xA5, 0x44, 0x32, 0xE6,
+	0x9C, 0x88, 0x44, 0x32, 0xE7, 0x82, 0xB9, 0x44,
+	0x33, 0xE6, 0x97, 0xA5, 0x44, 0x33, 0xE6, 0x9C,
+	0x88, 0x44, 0x33, 0xE7, 0x82, 0xB9, 0x44, 0x34,
+	0xE6, 0x97, 0xA5, 0x44, 0x34, 0xE6, 0x9C, 0x88,
+	0x44, 0x34, 0xE7, 0x82, 0xB9, 0x44, 0x35, 0xE6,
+	// Bytes 1d00 - 1d3f
+	0x97, 0xA5, 0x44, 0x35, 0xE6, 0x9C, 0x88, 0x44,
+	0x35, 0xE7, 0x82, 0xB9, 0x44, 0x36, 0xE6, 0x97,
+	0xA5, 0x44, 0x36, 0xE6, 0x9C, 0x88, 0x44, 0x36,
+	0xE7, 0x82, 0xB9, 0x44, 0x37, 0xE6, 0x97, 0xA5,
+	0x44, 0x37, 0xE6, 0x9C, 0x88, 0x44, 0x37, 0xE7,
+	0x82, 0xB9, 0x44, 0x38, 0xE6, 0x97, 0xA5, 0x44,
+	0x38, 0xE6, 0x9C, 0x88, 0x44, 0x38, 0xE7, 0x82,
+	0xB9, 0x44, 0x39, 0xE6, 0x97, 0xA5, 0x44, 0x39,
+	// Bytes 1d40 - 1d7f
+	0xE6, 0x9C, 0x88, 0x44, 0x39, 0xE7, 0x82, 0xB9,
+	0x44, 0x56, 0x49, 0x49, 0x49, 0x44, 0x61, 0x2E,
+	0x6D, 0x2E, 0x44, 0x6B, 0x63, 0x61, 0x6C, 0x44,
+	0x70, 0x2E, 0x6D, 0x2E, 0x44, 0x76, 0x69, 0x69,
+	0x69, 0x44, 0xD5, 0xA5, 0xD6, 0x82, 0x44, 0xD5,
+	0xB4, 0xD5, 0xA5, 0x44, 0xD5, 0xB4, 0xD5, 0xAB,
+	0x44, 0xD5, 0xB4, 0xD5, 0xAD, 0x44, 0xD5, 0xB4,
+	0xD5, 0xB6, 0x44, 0xD5, 0xBE, 0xD5, 0xB6, 0x44,
+	// Bytes 1d80 - 1dbf
+	0xD7, 0x90, 0xD7, 0x9C, 0x44, 0xD8, 0xA7, 0xD9,
+	0xB4, 0x44, 0xD8, 0xA8, 0xD8, 0xAC, 0x44, 0xD8,
+	0xA8, 0xD8, 0xAD, 0x44, 0xD8, 0xA8, 0xD8, 0xAE,
+	0x44, 0xD8, 0xA8, 0xD8, 0xB1, 0x44, 0xD8, 0xA8,
+	0xD8, 0xB2, 0x44, 0xD8, 0xA8, 0xD9, 0x85, 0x44,
+	0xD8, 0xA8, 0xD9, 0x86, 0x44, 0xD8, 0xA8, 0xD9,
+	0x87, 0x44, 0xD8, 0xA8, 0xD9, 0x89, 0x44, 0xD8,
+	0xA8, 0xD9, 0x8A, 0x44, 0xD8, 0xAA, 0xD8, 0xAC,
+	// Bytes 1dc0 - 1dff
+	0x44, 0xD8, 0xAA, 0xD8, 0xAD, 0x44, 0xD8, 0xAA,
+	0xD8, 0xAE, 0x44, 0xD8, 0xAA, 0xD8, 0xB1, 0x44,
+	0xD8, 0xAA, 0xD8, 0xB2, 0x44, 0xD8, 0xAA, 0xD9,
+	0x85, 0x44, 0xD8, 0xAA, 0xD9, 0x86, 0x44, 0xD8,
+	0xAA, 0xD9, 0x87, 0x44, 0xD8, 0xAA, 0xD9, 0x89,
+	0x44, 0xD8, 0xAA, 0xD9, 0x8A, 0x44, 0xD8, 0xAB,
+	0xD8, 0xAC, 0x44, 0xD8, 0xAB, 0xD8, 0xB1, 0x44,
+	0xD8, 0xAB, 0xD8, 0xB2, 0x44, 0xD8, 0xAB, 0xD9,
+	// Bytes 1e00 - 1e3f
+	0x85, 0x44, 0xD8, 0xAB, 0xD9, 0x86, 0x44, 0xD8,
+	0xAB, 0xD9, 0x87, 0x44, 0xD8, 0xAB, 0xD9, 0x89,
+	0x44, 0xD8, 0xAB, 0xD9, 0x8A, 0x44, 0xD8, 0xAC,
+	0xD8, 0xAD, 0x44, 0xD8, 0xAC, 0xD9, 0x85, 0x44,
+	0xD8, 0xAC, 0xD9, 0x89, 0x44, 0xD8, 0xAC, 0xD9,
+	0x8A, 0x44, 0xD8, 0xAD, 0xD8, 0xAC, 0x44, 0xD8,
+	0xAD, 0xD9, 0x85, 0x44, 0xD8, 0xAD, 0xD9, 0x89,
+	0x44, 0xD8, 0xAD, 0xD9, 0x8A, 0x44, 0xD8, 0xAE,
+	// Bytes 1e40 - 1e7f
+	0xD8, 0xAC, 0x44, 0xD8, 0xAE, 0xD8, 0xAD, 0x44,
+	0xD8, 0xAE, 0xD9, 0x85, 0x44, 0xD8, 0xAE, 0xD9,
+	0x89, 0x44, 0xD8, 0xAE, 0xD9, 0x8A, 0x44, 0xD8,
+	0xB3, 0xD8, 0xAC, 0x44, 0xD8, 0xB3, 0xD8, 0xAD,
+	0x44, 0xD8, 0xB3, 0xD8, 0xAE, 0x44, 0xD8, 0xB3,
+	0xD8, 0xB1, 0x44, 0xD8, 0xB3, 0xD9, 0x85, 0x44,
+	0xD8, 0xB3, 0xD9, 0x87, 0x44, 0xD8, 0xB3, 0xD9,
+	0x89, 0x44, 0xD8, 0xB3, 0xD9, 0x8A, 0x44, 0xD8,
+	// Bytes 1e80 - 1ebf
+	0xB4, 0xD8, 0xAC, 0x44, 0xD8, 0xB4, 0xD8, 0xAD,
+	0x44, 0xD8, 0xB4, 0xD8, 0xAE, 0x44, 0xD8, 0xB4,
+	0xD8, 0xB1, 0x44, 0xD8, 0xB4, 0xD9, 0x85, 0x44,
+	0xD8, 0xB4, 0xD9, 0x87, 0x44, 0xD8, 0xB4, 0xD9,
+	0x89, 0x44, 0xD8, 0xB4, 0xD9, 0x8A, 0x44, 0xD8,
+	0xB5, 0xD8, 0xAD, 0x44, 0xD8, 0xB5, 0xD8, 0xAE,
+	0x44, 0xD8, 0xB5, 0xD8, 0xB1, 0x44, 0xD8, 0xB5,
+	0xD9, 0x85, 0x44, 0xD8, 0xB5, 0xD9, 0x89, 0x44,
+	// Bytes 1ec0 - 1eff
+	0xD8, 0xB5, 0xD9, 0x8A, 0x44, 0xD8, 0xB6, 0xD8,
+	0xAC, 0x44, 0xD8, 0xB6, 0xD8, 0xAD, 0x44, 0xD8,
+	0xB6, 0xD8, 0xAE, 0x44, 0xD8, 0xB6, 0xD8, 0xB1,
+	0x44, 0xD8, 0xB6, 0xD9, 0x85, 0x44, 0xD8, 0xB6,
+	0xD9, 0x89, 0x44, 0xD8, 0xB6, 0xD9, 0x8A, 0x44,
+	0xD8, 0xB7, 0xD8, 0xAD, 0x44, 0xD8, 0xB7, 0xD9,
+	0x85, 0x44, 0xD8, 0xB7, 0xD9, 0x89, 0x44, 0xD8,
+	0xB7, 0xD9, 0x8A, 0x44, 0xD8, 0xB8, 0xD9, 0x85,
+	// Bytes 1f00 - 1f3f
+	0x44, 0xD8, 0xB9, 0xD8, 0xAC, 0x44, 0xD8, 0xB9,
+	0xD9, 0x85, 0x44, 0xD8, 0xB9, 0xD9, 0x89, 0x44,
+	0xD8, 0xB9, 0xD9, 0x8A, 0x44, 0xD8, 0xBA, 0xD8,
+	0xAC, 0x44, 0xD8, 0xBA, 0xD9, 0x85, 0x44, 0xD8,
+	0xBA, 0xD9, 0x89, 0x44, 0xD8, 0xBA, 0xD9, 0x8A,
+	0x44, 0xD9, 0x81, 0xD8, 0xAC, 0x44, 0xD9, 0x81,
+	0xD8, 0xAD, 0x44, 0xD9, 0x81, 0xD8, 0xAE, 0x44,
+	0xD9, 0x81, 0xD9, 0x85, 0x44, 0xD9, 0x81, 0xD9,
+	// Bytes 1f40 - 1f7f
+	0x89, 0x44, 0xD9, 0x81, 0xD9, 0x8A, 0x44, 0xD9,
+	0x82, 0xD8, 0xAD, 0x44, 0xD9, 0x82, 0xD9, 0x85,
+	0x44, 0xD9, 0x82, 0xD9, 0x89, 0x44, 0xD9, 0x82,
+	0xD9, 0x8A, 0x44, 0xD9, 0x83, 0xD8, 0xA7, 0x44,
+	0xD9, 0x83, 0xD8, 0xAC, 0x44, 0xD9, 0x83, 0xD8,
+	0xAD, 0x44, 0xD9, 0x83, 0xD8, 0xAE, 0x44, 0xD9,
+	0x83, 0xD9, 0x84, 0x44, 0xD9, 0x83, 0xD9, 0x85,
+	0x44, 0xD9, 0x83, 0xD9, 0x89, 0x44, 0xD9, 0x83,
+	// Bytes 1f80 - 1fbf
+	0xD9, 0x8A, 0x44, 0xD9, 0x84, 0xD8, 0xA7, 0x44,
+	0xD9, 0x84, 0xD8, 0xAC, 0x44, 0xD9, 0x84, 0xD8,
+	0xAD, 0x44, 0xD9, 0x84, 0xD8, 0xAE, 0x44, 0xD9,
+	0x84, 0xD9, 0x85, 0x44, 0xD9, 0x84, 0xD9, 0x87,
+	0x44, 0xD9, 0x84, 0xD9, 0x89, 0x44, 0xD9, 0x84,
+	0xD9, 0x8A, 0x44, 0xD9, 0x85, 0xD8, 0xA7, 0x44,
+	0xD9, 0x85, 0xD8, 0xAC, 0x44, 0xD9, 0x85, 0xD8,
+	0xAD, 0x44, 0xD9, 0x85, 0xD8, 0xAE, 0x44, 0xD9,
+	// Bytes 1fc0 - 1fff
+	0x85, 0xD9, 0x85, 0x44, 0xD9, 0x85, 0xD9, 0x89,
+	0x44, 0xD9, 0x85, 0xD9, 0x8A, 0x44, 0xD9, 0x86,
+	0xD8, 0xAC, 0x44, 0xD9, 0x86, 0xD8, 0xAD, 0x44,
+	0xD9, 0x86, 0xD8, 0xAE, 0x44, 0xD9, 0x86, 0xD8,
+	0xB1, 0x44, 0xD9, 0x86, 0xD8, 0xB2, 0x44, 0xD9,
+	0x86, 0xD9, 0x85, 0x44, 0xD9, 0x86, 0xD9, 0x86,
+	0x44, 0xD9, 0x86, 0xD9, 0x87, 0x44, 0xD9, 0x86,
+	0xD9, 0x89, 0x44, 0xD9, 0x86, 0xD9, 0x8A, 0x44,
+	// Bytes 2000 - 203f
+	0xD9, 0x87, 0xD8, 0xAC, 0x44, 0xD9, 0x87, 0xD9,
+	0x85, 0x44, 0xD9, 0x87, 0xD9, 0x89, 0x44, 0xD9,
+	0x87, 0xD9, 0x8A, 0x44, 0xD9, 0x88, 0xD9, 0xB4,
+	0x44, 0xD9, 0x8A, 0xD8, 0xAC, 0x44, 0xD9, 0x8A,
+	0xD8, 0xAD, 0x44, 0xD9, 0x8A, 0xD8, 0xAE, 0x44,
+	0xD9, 0x8A, 0xD8, 0xB1, 0x44, 0xD9, 0x8A, 0xD8,
+	0xB2, 0x44, 0xD9, 0x8A, 0xD9, 0x85, 0x44, 0xD9,
+	0x8A, 0xD9, 0x86, 0x44, 0xD9, 0x8A, 0xD9, 0x87,
+	// Bytes 2040 - 207f
+	0x44, 0xD9, 0x8A, 0xD9, 0x89, 0x44, 0xD9, 0x8A,
+	0xD9, 0x8A, 0x44, 0xD9, 0x8A, 0xD9, 0xB4, 0x44,
+	0xDB, 0x87, 0xD9, 0xB4, 0x45, 0x28, 0xE1, 0x84,
+	0x80, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x82, 0x29,
+	0x45, 0x28, 0xE1, 0x84, 0x83, 0x29, 0x45, 0x28,
+	0xE1, 0x84, 0x85, 0x29, 0x45, 0x28, 0xE1, 0x84,
+	0x86, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x87, 0x29,
+	0x45, 0x28, 0xE1, 0x84, 0x89, 0x29, 0x45, 0x28,
+	// Bytes 2080 - 20bf
+	0xE1, 0x84, 0x8B, 0x29, 0x45, 0x28, 0xE1, 0x84,
+	0x8C, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x8E, 0x29,
+	0x45, 0x28, 0xE1, 0x84, 0x8F, 0x29, 0x45, 0x28,
+	0xE1, 0x84, 0x90, 0x29, 0x45, 0x28, 0xE1, 0x84,
+	0x91, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x92, 0x29,
+	0x45, 0x28, 0xE4, 0xB8, 0x80, 0x29, 0x45, 0x28,
+	0xE4, 0xB8, 0x83, 0x29, 0x45, 0x28, 0xE4, 0xB8,
+	0x89, 0x29, 0x45, 0x28, 0xE4, 0xB9, 0x9D, 0x29,
+	// Bytes 20c0 - 20ff
+	0x45, 0x28, 0xE4, 0xBA, 0x8C, 0x29, 0x45, 0x28,
+	0xE4, 0xBA, 0x94, 0x29, 0x45, 0x28, 0xE4, 0xBB,
+	0xA3, 0x29, 0x45, 0x28, 0xE4, 0xBC, 0x81, 0x29,
+	0x45, 0x28, 0xE4, 0xBC, 0x91, 0x29, 0x45, 0x28,
+	0xE5, 0x85, 0xAB, 0x29, 0x45, 0x28, 0xE5, 0x85,
+	0xAD, 0x29, 0x45, 0x28, 0xE5, 0x8A, 0xB4, 0x29,
+	0x45, 0x28, 0xE5, 0x8D, 0x81, 0x29, 0x45, 0x28,
+	0xE5, 0x8D, 0x94, 0x29, 0x45, 0x28, 0xE5, 0x90,
+	// Bytes 2100 - 213f
+	0x8D, 0x29, 0x45, 0x28, 0xE5, 0x91, 0xBC, 0x29,
+	0x45, 0x28, 0xE5, 0x9B, 0x9B, 0x29, 0x45, 0x28,
+	0xE5, 0x9C, 0x9F, 0x29, 0x45, 0x28, 0xE5, 0xAD,
+	0xA6, 0x29, 0x45, 0x28, 0xE6, 0x97, 0xA5, 0x29,
+	0x45, 0x28, 0xE6, 0x9C, 0x88, 0x29, 0x45, 0x28,
+	0xE6, 0x9C, 0x89, 0x29, 0x45, 0x28, 0xE6, 0x9C,
+	0xA8, 0x29, 0x45, 0x28, 0xE6, 0xA0, 0xAA, 0x29,
+	0x45, 0x28, 0xE6, 0xB0, 0xB4, 0x29, 0x45, 0x28,
+	// Bytes 2140 - 217f
+	0xE7, 0x81, 0xAB, 0x29, 0x45, 0x28, 0xE7, 0x89,
+	0xB9, 0x29, 0x45, 0x28, 0xE7, 0x9B, 0xA3, 0x29,
+	0x45, 0x28, 0xE7, 0xA4, 0xBE, 0x29, 0x45, 0x28,
+	0xE7, 0xA5, 0x9D, 0x29, 0x45, 0x28, 0xE7, 0xA5,
+	0xAD, 0x29, 0x45, 0x28, 0xE8, 0x87, 0xAA, 0x29,
+	0x45, 0x28, 0xE8, 0x87, 0xB3, 0x29, 0x45, 0x28,
+	0xE8, 0xB2, 0xA1, 0x29, 0x45, 0x28, 0xE8, 0xB3,
+	0x87, 0x29, 0x45, 0x28, 0xE9, 0x87, 0x91, 0x29,
+	// Bytes 2180 - 21bf
+	0x45, 0x30, 0xE2, 0x81, 0x84, 0x33, 0x45, 0x31,
+	0x30, 0xE6, 0x97, 0xA5, 0x45, 0x31, 0x30, 0xE6,
+	0x9C, 0x88, 0x45, 0x31, 0x30, 0xE7, 0x82, 0xB9,
+	0x45, 0x31, 0x31, 0xE6, 0x97, 0xA5, 0x45, 0x31,
+	0x31, 0xE6, 0x9C, 0x88, 0x45, 0x31, 0x31, 0xE7,
+	0x82, 0xB9, 0x45, 0x31, 0x32, 0xE6, 0x97, 0xA5,
+	0x45, 0x31, 0x32, 0xE6, 0x9C, 0x88, 0x45, 0x31,
+	0x32, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x33, 0xE6,
+	// Bytes 21c0 - 21ff
+	0x97, 0xA5, 0x45, 0x31, 0x33, 0xE7, 0x82, 0xB9,
+	0x45, 0x31, 0x34, 0xE6, 0x97, 0xA5, 0x45, 0x31,
+	0x34, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x35, 0xE6,
+	0x97, 0xA5, 0x45, 0x31, 0x35, 0xE7, 0x82, 0xB9,
+	0x45, 0x31, 0x36, 0xE6, 0x97, 0xA5, 0x45, 0x31,
+	0x36, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x37, 0xE6,
+	0x97, 0xA5, 0x45, 0x31, 0x37, 0xE7, 0x82, 0xB9,
+	0x45, 0x31, 0x38, 0xE6, 0x97, 0xA5, 0x45, 0x31,
+	// Bytes 2200 - 223f
+	0x38, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x39, 0xE6,
+	0x97, 0xA5, 0x45, 0x31, 0x39, 0xE7, 0x82, 0xB9,
+	0x45, 0x31, 0xE2, 0x81, 0x84, 0x32, 0x45, 0x31,
+	0xE2, 0x81, 0x84, 0x33, 0x45, 0x31, 0xE2, 0x81,
+	0x84, 0x34, 0x45, 0x31, 0xE2, 0x81, 0x84, 0x35,
+	0x45, 0x31, 0xE2, 0x81, 0x84, 0x36, 0x45, 0x31,
+	0xE2, 0x81, 0x84, 0x37, 0x45, 0x31, 0xE2, 0x81,
+	0x84, 0x38, 0x45, 0x31, 0xE2, 0x81, 0x84, 0x39,
+	// Bytes 2240 - 227f
+	0x45, 0x32, 0x30, 0xE6, 0x97, 0xA5, 0x45, 0x32,
+	0x30, 0xE7, 0x82, 0xB9, 0x45, 0x32, 0x31, 0xE6,
+	0x97, 0xA5, 0x45, 0x32, 0x31, 0xE7, 0x82, 0xB9,
+	0x45, 0x32, 0x32, 0xE6, 0x97, 0xA5, 0x45, 0x32,
+	0x32, 0xE7, 0x82, 0xB9, 0x45, 0x32, 0x33, 0xE6,
+	0x97, 0xA5, 0x45, 0x32, 0x33, 0xE7, 0x82, 0xB9,
+	0x45, 0x32, 0x34, 0xE6, 0x97, 0xA5, 0x45, 0x32,
+	0x34, 0xE7, 0x82, 0xB9, 0x45, 0x32, 0x35, 0xE6,
+	// Bytes 2280 - 22bf
+	0x97, 0xA5, 0x45, 0x32, 0x36, 0xE6, 0x97, 0xA5,
+	0x45, 0x32, 0x37, 0xE6, 0x97, 0xA5, 0x45, 0x32,
+	0x38, 0xE6, 0x97, 0xA5, 0x45, 0x32, 0x39, 0xE6,
+	0x97, 0xA5, 0x45, 0x32, 0xE2, 0x81, 0x84, 0x33,
+	0x45, 0x32, 0xE2, 0x81, 0x84, 0x35, 0x45, 0x33,
+	0x30, 0xE6, 0x97, 0xA5, 0x45, 0x33, 0x31, 0xE6,
+	0x97, 0xA5, 0x45, 0x33, 0xE2, 0x81, 0x84, 0x34,
+	0x45, 0x33, 0xE2, 0x81, 0x84, 0x35, 0x45, 0x33,
+	// Bytes 22c0 - 22ff
+	0xE2, 0x81, 0x84, 0x38, 0x45, 0x34, 0xE2, 0x81,
+	0x84, 0x35, 0x45, 0x35, 0xE2, 0x81, 0x84, 0x36,
+	0x45, 0x35, 0xE2, 0x81, 0x84, 0x38, 0x45, 0x37,
+	0xE2, 0x81, 0x84, 0x38, 0x45, 0x41, 0xE2, 0x88,
+	0x95, 0x6D, 0x45, 0x56, 0xE2, 0x88, 0x95, 0x6D,
+	0x45, 0x6D, 0xE2, 0x88, 0x95, 0x73, 0x46, 0x31,
+	0xE2, 0x81, 0x84, 0x31, 0x30, 0x46, 0x43, 0xE2,
+	0x88, 0x95, 0x6B, 0x67, 0x46, 0x6D, 0xE2, 0x88,
+	// Bytes 2300 - 233f
+	0x95, 0x73, 0x32, 0x46, 0xD8, 0xA8, 0xD8, 0xAD,
+	0xD9, 0x8A, 0x46, 0xD8, 0xA8, 0xD8, 0xAE, 0xD9,
+	0x8A, 0x46, 0xD8, 0xAA, 0xD8, 0xAC, 0xD9, 0x85,
+	0x46, 0xD8, 0xAA, 0xD8, 0xAC, 0xD9, 0x89, 0x46,
+	0xD8, 0xAA, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD8,
+	0xAA, 0xD8, 0xAD, 0xD8, 0xAC, 0x46, 0xD8, 0xAA,
+	0xD8, 0xAD, 0xD9, 0x85, 0x46, 0xD8, 0xAA, 0xD8,
+	0xAE, 0xD9, 0x85, 0x46, 0xD8, 0xAA, 0xD8, 0xAE,
+	// Bytes 2340 - 237f
+	0xD9, 0x89, 0x46, 0xD8, 0xAA, 0xD8, 0xAE, 0xD9,
+	0x8A, 0x46, 0xD8, 0xAA, 0xD9, 0x85, 0xD8, 0xAC,
+	0x46, 0xD8, 0xAA, 0xD9, 0x85, 0xD8, 0xAD, 0x46,
+	0xD8, 0xAA, 0xD9, 0x85, 0xD8, 0xAE, 0x46, 0xD8,
+	0xAA, 0xD9, 0x85, 0xD9, 0x89, 0x46, 0xD8, 0xAA,
+	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD8, 0xAC, 0xD8,
+	0xAD, 0xD9, 0x89, 0x46, 0xD8, 0xAC, 0xD8, 0xAD,
+	0xD9, 0x8A, 0x46, 0xD8, 0xAC, 0xD9, 0x85, 0xD8,
+	// Bytes 2380 - 23bf
+	0xAD, 0x46, 0xD8, 0xAC, 0xD9, 0x85, 0xD9, 0x89,
+	0x46, 0xD8, 0xAC, 0xD9, 0x85, 0xD9, 0x8A, 0x46,
+	0xD8, 0xAD, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD8,
+	0xAD, 0xD9, 0x85, 0xD9, 0x89, 0x46, 0xD8, 0xAD,
+	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD8, 0xB3, 0xD8,
+	0xAC, 0xD8, 0xAD, 0x46, 0xD8, 0xB3, 0xD8, 0xAC,
+	0xD9, 0x89, 0x46, 0xD8, 0xB3, 0xD8, 0xAD, 0xD8,
+	0xAC, 0x46, 0xD8, 0xB3, 0xD8, 0xAE, 0xD9, 0x89,
+	// Bytes 23c0 - 23ff
+	0x46, 0xD8, 0xB3, 0xD8, 0xAE, 0xD9, 0x8A, 0x46,
+	0xD8, 0xB3, 0xD9, 0x85, 0xD8, 0xAC, 0x46, 0xD8,
+	0xB3, 0xD9, 0x85, 0xD8, 0xAD, 0x46, 0xD8, 0xB3,
+	0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD8, 0xB4, 0xD8,
+	0xAC, 0xD9, 0x8A, 0x46, 0xD8, 0xB4, 0xD8, 0xAD,
+	0xD9, 0x85, 0x46, 0xD8, 0xB4, 0xD8, 0xAD, 0xD9,
+	0x8A, 0x46, 0xD8, 0xB4, 0xD9, 0x85, 0xD8, 0xAE,
+	0x46, 0xD8, 0xB4, 0xD9, 0x85, 0xD9, 0x85, 0x46,
+	// Bytes 2400 - 243f
+	0xD8, 0xB5, 0xD8, 0xAD, 0xD8, 0xAD, 0x46, 0xD8,
+	0xB5, 0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD8, 0xB5,
+	0xD9, 0x84, 0xD9, 0x89, 0x46, 0xD8, 0xB5, 0xD9,
+	0x84, 0xDB, 0x92, 0x46, 0xD8, 0xB5, 0xD9, 0x85,
+	0xD9, 0x85, 0x46, 0xD8, 0xB6, 0xD8, 0xAD, 0xD9,
+	0x89, 0x46, 0xD8, 0xB6, 0xD8, 0xAD, 0xD9, 0x8A,
+	0x46, 0xD8, 0xB6, 0xD8, 0xAE, 0xD9, 0x85, 0x46,
+	0xD8, 0xB7, 0xD9, 0x85, 0xD8, 0xAD, 0x46, 0xD8,
+	// Bytes 2440 - 247f
+	0xB7, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD8, 0xB7,
+	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD8, 0xB9, 0xD8,
+	0xAC, 0xD9, 0x85, 0x46, 0xD8, 0xB9, 0xD9, 0x85,
+	0xD9, 0x85, 0x46, 0xD8, 0xB9, 0xD9, 0x85, 0xD9,
+	0x89, 0x46, 0xD8, 0xB9, 0xD9, 0x85, 0xD9, 0x8A,
+	0x46, 0xD8, 0xBA, 0xD9, 0x85, 0xD9, 0x85, 0x46,
+	0xD8, 0xBA, 0xD9, 0x85, 0xD9, 0x89, 0x46, 0xD8,
+	0xBA, 0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x81,
+	// Bytes 2480 - 24bf
+	0xD8, 0xAE, 0xD9, 0x85, 0x46, 0xD9, 0x81, 0xD9,
+	0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x82, 0xD9, 0x84,
+	0xDB, 0x92, 0x46, 0xD9, 0x82, 0xD9, 0x85, 0xD8,
+	0xAD, 0x46, 0xD9, 0x82, 0xD9, 0x85, 0xD9, 0x85,
+	0x46, 0xD9, 0x82, 0xD9, 0x85, 0xD9, 0x8A, 0x46,
+	0xD9, 0x83, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD9,
+	0x83, 0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x84,
+	0xD8, 0xAC, 0xD8, 0xAC, 0x46, 0xD9, 0x84, 0xD8,
+	// Bytes 24c0 - 24ff
+	0xAC, 0xD9, 0x85, 0x46, 0xD9, 0x84, 0xD8, 0xAC,
+	0xD9, 0x8A, 0x46, 0xD9, 0x84, 0xD8, 0xAD, 0xD9,
+	0x85, 0x46, 0xD9, 0x84, 0xD8, 0xAD, 0xD9, 0x89,
+	0x46, 0xD9, 0x84, 0xD8, 0xAD, 0xD9, 0x8A, 0x46,
+	0xD9, 0x84, 0xD8, 0xAE, 0xD9, 0x85, 0x46, 0xD9,
+	0x84, 0xD9, 0x85, 0xD8, 0xAD, 0x46, 0xD9, 0x84,
+	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x85, 0xD8,
+	0xAC, 0xD8, 0xAD, 0x46, 0xD9, 0x85, 0xD8, 0xAC,
+	// Bytes 2500 - 253f
+	0xD8, 0xAE, 0x46, 0xD9, 0x85, 0xD8, 0xAC, 0xD9,
+	0x85, 0x46, 0xD9, 0x85, 0xD8, 0xAC, 0xD9, 0x8A,
+	0x46, 0xD9, 0x85, 0xD8, 0xAD, 0xD8, 0xAC, 0x46,
+	0xD9, 0x85, 0xD8, 0xAD, 0xD9, 0x85, 0x46, 0xD9,
+	0x85, 0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD9, 0x85,
+	0xD8, 0xAE, 0xD8, 0xAC, 0x46, 0xD9, 0x85, 0xD8,
+	0xAE, 0xD9, 0x85, 0x46, 0xD9, 0x85, 0xD8, 0xAE,
+	0xD9, 0x8A, 0x46, 0xD9, 0x85, 0xD9, 0x85, 0xD9,
+	// Bytes 2540 - 257f
+	0x8A, 0x46, 0xD9, 0x86, 0xD8, 0xAC, 0xD8, 0xAD,
+	0x46, 0xD9, 0x86, 0xD8, 0xAC, 0xD9, 0x85, 0x46,
+	0xD9, 0x86, 0xD8, 0xAC, 0xD9, 0x89, 0x46, 0xD9,
+	0x86, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD9, 0x86,
+	0xD8, 0xAD, 0xD9, 0x85, 0x46, 0xD9, 0x86, 0xD8,
+	0xAD, 0xD9, 0x89, 0x46, 0xD9, 0x86, 0xD8, 0xAD,
+	0xD9, 0x8A, 0x46, 0xD9, 0x86, 0xD9, 0x85, 0xD9,
+	0x89, 0x46, 0xD9, 0x86, 0xD9, 0x85, 0xD9, 0x8A,
+	// Bytes 2580 - 25bf
+	0x46, 0xD9, 0x87, 0xD9, 0x85, 0xD8, 0xAC, 0x46,
+	0xD9, 0x87, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD9,
+	0x8A, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD9, 0x8A,
+	0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD9, 0x8A, 0xD9,
+	0x85, 0xD9, 0x85, 0x46, 0xD9, 0x8A, 0xD9, 0x85,
+	0xD9, 0x8A, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8,
+	0xA7, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8, 0xAC,
+	0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8, 0xAD, 0x46,
+	// Bytes 25c0 - 25ff
+	0xD9, 0x8A, 0xD9, 0x94, 0xD8, 0xAE, 0x46, 0xD9,
+	0x8A, 0xD9, 0x94, 0xD8, 0xB1, 0x46, 0xD9, 0x8A,
+	0xD9, 0x94, 0xD8, 0xB2, 0x46, 0xD9, 0x8A, 0xD9,
+	0x94, 0xD9, 0x85, 0x46, 0xD9, 0x8A, 0xD9, 0x94,
+	0xD9, 0x86, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD9,
+	0x87, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD9, 0x88,
+	0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD9, 0x89, 0x46,
+	0xD9, 0x8A, 0xD9, 0x94, 0xD9, 0x8A, 0x46, 0xD9,
+	// Bytes 2600 - 263f
+	0x8A, 0xD9, 0x94, 0xDB, 0x86, 0x46, 0xD9, 0x8A,
+	0xD9, 0x94, 0xDB, 0x87, 0x46, 0xD9, 0x8A, 0xD9,
+	0x94, 0xDB, 0x88, 0x46, 0xD9, 0x8A, 0xD9, 0x94,
+	0xDB, 0x90, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xDB,
+	0x95, 0x46, 0xE0, 0xB9, 0x8D, 0xE0, 0xB8, 0xB2,
+	0x46, 0xE0, 0xBA, 0xAB, 0xE0, 0xBA, 0x99, 0x46,
+	0xE0, 0xBA, 0xAB, 0xE0, 0xBA, 0xA1, 0x46, 0xE0,
+	0xBB, 0x8D, 0xE0, 0xBA, 0xB2, 0x46, 0xE0, 0xBD,
+	// Bytes 2640 - 267f
+	0x80, 0xE0, 0xBE, 0xB5, 0x46, 0xE0, 0xBD, 0x82,
+	0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBD, 0x8C, 0xE0,
+	0xBE, 0xB7, 0x46, 0xE0, 0xBD, 0x91, 0xE0, 0xBE,
+	0xB7, 0x46, 0xE0, 0xBD, 0x96, 0xE0, 0xBE, 0xB7,
+	0x46, 0xE0, 0xBD, 0x9B, 0xE0, 0xBE, 0xB7, 0x46,
+	0xE0, 0xBE, 0x90, 0xE0, 0xBE, 0xB5, 0x46, 0xE0,
+	0xBE, 0x92, 0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBE,
+	0x9C, 0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBE, 0xA1,
+	// Bytes 2680 - 26bf
+	0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBE, 0xA6, 0xE0,
+	0xBE, 0xB7, 0x46, 0xE0, 0xBE, 0xAB, 0xE0, 0xBE,
+	0xB7, 0x46, 0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2,
+	0x46, 0xE2, 0x80, 0xB5, 0xE2, 0x80, 0xB5, 0x46,
+	0xE2, 0x88, 0xAB, 0xE2, 0x88, 0xAB, 0x46, 0xE2,
+	0x88, 0xAE, 0xE2, 0x88, 0xAE, 0x46, 0xE3, 0x81,
+	0xBB, 0xE3, 0x81, 0x8B, 0x46, 0xE3, 0x82, 0x88,
+	0xE3, 0x82, 0x8A, 0x46, 0xE3, 0x82, 0xAD, 0xE3,
+	// Bytes 26c0 - 26ff
+	0x83, 0xAD, 0x46, 0xE3, 0x82, 0xB3, 0xE3, 0x82,
+	0xB3, 0x46, 0xE3, 0x82, 0xB3, 0xE3, 0x83, 0x88,
+	0x46, 0xE3, 0x83, 0x88, 0xE3, 0x83, 0xB3, 0x46,
+	0xE3, 0x83, 0x8A, 0xE3, 0x83, 0x8E, 0x46, 0xE3,
+	0x83, 0x9B, 0xE3, 0x83, 0xB3, 0x46, 0xE3, 0x83,
+	0x9F, 0xE3, 0x83, 0xAA, 0x46, 0xE3, 0x83, 0xAA,
+	0xE3, 0x83, 0xA9, 0x46, 0xE3, 0x83, 0xAC, 0xE3,
+	0x83, 0xA0, 0x46, 0xE5, 0xA4, 0xA7, 0xE6, 0xAD,
+	// Bytes 2700 - 273f
+	0xA3, 0x46, 0xE5, 0xB9, 0xB3, 0xE6, 0x88, 0x90,
+	0x46, 0xE6, 0x98, 0x8E, 0xE6, 0xB2, 0xBB, 0x46,
+	0xE6, 0x98, 0xAD, 0xE5, 0x92, 0x8C, 0x47, 0x72,
+	0x61, 0x64, 0xE2, 0x88, 0x95, 0x73, 0x47, 0xE3,
+	0x80, 0x94, 0x53, 0xE3, 0x80, 0x95, 0x48, 0x28,
+	0xE1, 0x84, 0x80, 0xE1, 0x85, 0xA1, 0x29, 0x48,
+	0x28, 0xE1, 0x84, 0x82, 0xE1, 0x85, 0xA1, 0x29,
+	0x48, 0x28, 0xE1, 0x84, 0x83, 0xE1, 0x85, 0xA1,
+	// Bytes 2740 - 277f
+	0x29, 0x48, 0x28, 0xE1, 0x84, 0x85, 0xE1, 0x85,
+	0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x86, 0xE1,
+	0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x87,
+	0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84,
+	0x89, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1,
+	0x84, 0x8B, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28,
+	0xE1, 0x84, 0x8C, 0xE1, 0x85, 0xA1, 0x29, 0x48,
+	0x28, 0xE1, 0x84, 0x8C, 0xE1, 0x85, 0xAE, 0x29,
+	// Bytes 2780 - 27bf
+	0x48, 0x28, 0xE1, 0x84, 0x8E, 0xE1, 0x85, 0xA1,
+	0x29, 0x48, 0x28, 0xE1, 0x84, 0x8F, 0xE1, 0x85,
+	0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x90, 0xE1,
+	0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x91,
+	0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84,
+	0x92, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x72, 0x61,
+	0x64, 0xE2, 0x88, 0x95, 0x73, 0x32, 0x48, 0xD8,
+	0xA7, 0xD9, 0x83, 0xD8, 0xA8, 0xD8, 0xB1, 0x48,
+	// Bytes 27c0 - 27ff
+	0xD8, 0xA7, 0xD9, 0x84, 0xD9, 0x84, 0xD9, 0x87,
+	0x48, 0xD8, 0xB1, 0xD8, 0xB3, 0xD9, 0x88, 0xD9,
+	0x84, 0x48, 0xD8, 0xB1, 0xDB, 0x8C, 0xD8, 0xA7,
+	0xD9, 0x84, 0x48, 0xD8, 0xB5, 0xD9, 0x84, 0xD8,
+	0xB9, 0xD9, 0x85, 0x48, 0xD8, 0xB9, 0xD9, 0x84,
+	0xD9, 0x8A, 0xD9, 0x87, 0x48, 0xD9, 0x85, 0xD8,
+	0xAD, 0xD9, 0x85, 0xD8, 0xAF, 0x48, 0xD9, 0x88,
+	0xD8, 0xB3, 0xD9, 0x84, 0xD9, 0x85, 0x49, 0xE2,
+	// Bytes 2800 - 283f
+	0x80, 0xB2, 0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2,
+	0x49, 0xE2, 0x80, 0xB5, 0xE2, 0x80, 0xB5, 0xE2,
+	0x80, 0xB5, 0x49, 0xE2, 0x88, 0xAB, 0xE2, 0x88,
+	0xAB, 0xE2, 0x88, 0xAB, 0x49, 0xE2, 0x88, 0xAE,
+	0xE2, 0x88, 0xAE, 0xE2, 0x88, 0xAE, 0x49, 0xE3,
+	0x80, 0x94, 0xE4, 0xB8, 0x89, 0xE3, 0x80, 0x95,
+	0x49, 0xE3, 0x80, 0x94, 0xE4, 0xBA, 0x8C, 0xE3,
+	0x80, 0x95, 0x49, 0xE3, 0x80, 0x94, 0xE5, 0x8B,
+	// Bytes 2840 - 287f
+	0x9D, 0xE3, 0x80, 0x95, 0x49, 0xE3, 0x80, 0x94,
+	0xE5, 0xAE, 0x89, 0xE3, 0x80, 0x95, 0x49, 0xE3,
+	0x80, 0x94, 0xE6, 0x89, 0x93, 0xE3, 0x80, 0x95,
+	0x49, 0xE3, 0x80, 0x94, 0xE6, 0x95, 0x97, 0xE3,
+	0x80, 0x95, 0x49, 0xE3, 0x80, 0x94, 0xE6, 0x9C,
+	0xAC, 0xE3, 0x80, 0x95, 0x49, 0xE3, 0x80, 0x94,
+	0xE7, 0x82, 0xB9, 0xE3, 0x80, 0x95, 0x49, 0xE3,
+	0x80, 0x94, 0xE7, 0x9B, 0x97, 0xE3, 0x80, 0x95,
+	// Bytes 2880 - 28bf
+	0x49, 0xE3, 0x82, 0xA2, 0xE3, 0x83, 0xBC, 0xE3,
+	0x83, 0xAB, 0x49, 0xE3, 0x82, 0xA4, 0xE3, 0x83,
+	0xB3, 0xE3, 0x83, 0x81, 0x49, 0xE3, 0x82, 0xA6,
+	0xE3, 0x82, 0xA9, 0xE3, 0x83, 0xB3, 0x49, 0xE3,
+	0x82, 0xAA, 0xE3, 0x83, 0xB3, 0xE3, 0x82, 0xB9,
+	0x49, 0xE3, 0x82, 0xAA, 0xE3, 0x83, 0xBC, 0xE3,
+	0x83, 0xA0, 0x49, 0xE3, 0x82, 0xAB, 0xE3, 0x82,
+	0xA4, 0xE3, 0x83, 0xAA, 0x49, 0xE3, 0x82, 0xB1,
+	// Bytes 28c0 - 28ff
+	0xE3, 0x83, 0xBC, 0xE3, 0x82, 0xB9, 0x49, 0xE3,
+	0x82, 0xB3, 0xE3, 0x83, 0xAB, 0xE3, 0x83, 0x8A,
+	0x49, 0xE3, 0x82, 0xBB, 0xE3, 0x83, 0xB3, 0xE3,
+	0x83, 0x81, 0x49, 0xE3, 0x82, 0xBB, 0xE3, 0x83,
+	0xB3, 0xE3, 0x83, 0x88, 0x49, 0xE3, 0x83, 0x86,
+	0xE3, 0x82, 0x99, 0xE3, 0x82, 0xB7, 0x49, 0xE3,
+	0x83, 0x88, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAB,
+	0x49, 0xE3, 0x83, 0x8E, 0xE3, 0x83, 0x83, 0xE3,
+	// Bytes 2900 - 293f
+	0x83, 0x88, 0x49, 0xE3, 0x83, 0x8F, 0xE3, 0x82,
+	0xA4, 0xE3, 0x83, 0x84, 0x49, 0xE3, 0x83, 0x92,
+	0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAB, 0x49, 0xE3,
+	0x83, 0x92, 0xE3, 0x82, 0x9A, 0xE3, 0x82, 0xB3,
+	0x49, 0xE3, 0x83, 0x95, 0xE3, 0x83, 0xA9, 0xE3,
+	0x83, 0xB3, 0x49, 0xE3, 0x83, 0x98, 0xE3, 0x82,
+	0x9A, 0xE3, 0x82, 0xBD, 0x49, 0xE3, 0x83, 0x98,
+	0xE3, 0x83, 0xAB, 0xE3, 0x83, 0x84, 0x49, 0xE3,
+	// Bytes 2940 - 297f
+	0x83, 0x9B, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0xAB,
+	0x49, 0xE3, 0x83, 0x9B, 0xE3, 0x83, 0xBC, 0xE3,
+	0x83, 0xB3, 0x49, 0xE3, 0x83, 0x9E, 0xE3, 0x82,
+	0xA4, 0xE3, 0x83, 0xAB, 0x49, 0xE3, 0x83, 0x9E,
+	0xE3, 0x83, 0x83, 0xE3, 0x83, 0x8F, 0x49, 0xE3,
+	0x83, 0x9E, 0xE3, 0x83, 0xAB, 0xE3, 0x82, 0xAF,
+	0x49, 0xE3, 0x83, 0xA4, 0xE3, 0x83, 0xBC, 0xE3,
+	0x83, 0xAB, 0x49, 0xE3, 0x83, 0xA6, 0xE3, 0x82,
+	// Bytes 2980 - 29bf
+	0xA2, 0xE3, 0x83, 0xB3, 0x49, 0xE3, 0x83, 0xAF,
+	0xE3, 0x83, 0x83, 0xE3, 0x83, 0x88, 0x4C, 0xE2,
+	0x80, 0xB2, 0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2,
+	0xE2, 0x80, 0xB2, 0x4C, 0xE2, 0x88, 0xAB, 0xE2,
+	0x88, 0xAB, 0xE2, 0x88, 0xAB, 0xE2, 0x88, 0xAB,
+	0x4C, 0xE3, 0x82, 0xA2, 0xE3, 0x83, 0xAB, 0xE3,
+	0x83, 0x95, 0xE3, 0x82, 0xA1, 0x4C, 0xE3, 0x82,
+	0xA8, 0xE3, 0x83, 0xBC, 0xE3, 0x82, 0xAB, 0xE3,
+	// Bytes 29c0 - 29ff
+	0x83, 0xBC, 0x4C, 0xE3, 0x82, 0xAB, 0xE3, 0x82,
+	0x99, 0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xB3, 0x4C,
+	0xE3, 0x82, 0xAB, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	0xB3, 0xE3, 0x83, 0x9E, 0x4C, 0xE3, 0x82, 0xAB,
+	0xE3, 0x83, 0xA9, 0xE3, 0x83, 0x83, 0xE3, 0x83,
+	0x88, 0x4C, 0xE3, 0x82, 0xAB, 0xE3, 0x83, 0xAD,
+	0xE3, 0x83, 0xAA, 0xE3, 0x83, 0xBC, 0x4C, 0xE3,
+	0x82, 0xAD, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0x8B,
+	// Bytes 2a00 - 2a3f
+	0xE3, 0x83, 0xBC, 0x4C, 0xE3, 0x82, 0xAD, 0xE3,
+	0x83, 0xA5, 0xE3, 0x83, 0xAA, 0xE3, 0x83, 0xBC,
+	0x4C, 0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0xE3,
+	0x83, 0xA9, 0xE3, 0x83, 0xA0, 0x4C, 0xE3, 0x82,
+	0xAF, 0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xBC, 0xE3,
+	0x83, 0x8D, 0x4C, 0xE3, 0x82, 0xB5, 0xE3, 0x82,
+	0xA4, 0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xAB, 0x4C,
+	0xE3, 0x82, 0xBF, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	// Bytes 2a40 - 2a7f
+	0xBC, 0xE3, 0x82, 0xB9, 0x4C, 0xE3, 0x83, 0x8F,
+	0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
+	0x84, 0x4C, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x9A,
+	0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xAB, 0x4C, 0xE3,
+	0x83, 0x95, 0xE3, 0x82, 0xA3, 0xE3, 0x83, 0xBC,
+	0xE3, 0x83, 0x88, 0x4C, 0xE3, 0x83, 0x98, 0xE3,
+	0x82, 0x99, 0xE3, 0x83, 0xBC, 0xE3, 0x82, 0xBF,
+	0x4C, 0xE3, 0x83, 0x98, 0xE3, 0x82, 0x9A, 0xE3,
+	// Bytes 2a80 - 2abf
+	0x83, 0x8B, 0xE3, 0x83, 0x92, 0x4C, 0xE3, 0x83,
+	0x98, 0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xB3, 0xE3,
+	0x82, 0xB9, 0x4C, 0xE3, 0x83, 0x9B, 0xE3, 0x82,
+	0x99, 0xE3, 0x83, 0xAB, 0xE3, 0x83, 0x88, 0x4C,
+	0xE3, 0x83, 0x9E, 0xE3, 0x82, 0xA4, 0xE3, 0x82,
+	0xAF, 0xE3, 0x83, 0xAD, 0x4C, 0xE3, 0x83, 0x9F,
+	0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xAD, 0xE3, 0x83,
+	0xB3, 0x4C, 0xE3, 0x83, 0xA1, 0xE3, 0x83, 0xBC,
+	// Bytes 2ac0 - 2aff
+	0xE3, 0x83, 0x88, 0xE3, 0x83, 0xAB, 0x4C, 0xE3,
+	0x83, 0xAA, 0xE3, 0x83, 0x83, 0xE3, 0x83, 0x88,
+	0xE3, 0x83, 0xAB, 0x4C, 0xE3, 0x83, 0xAB, 0xE3,
+	0x83, 0x92, 0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xBC,
+	0x4C, 0xE6, 0xA0, 0xAA, 0xE5, 0xBC, 0x8F, 0xE4,
+	0xBC, 0x9A, 0xE7, 0xA4, 0xBE, 0x4E, 0x28, 0xE1,
+	0x84, 0x8B, 0xE1, 0x85, 0xA9, 0xE1, 0x84, 0x92,
+	0xE1, 0x85, 0xAE, 0x29, 0x4F, 0xD8, 0xAC, 0xD9,
+	// Bytes 2b00 - 2b3f
+	0x84, 0x20, 0xD8, 0xAC, 0xD9, 0x84, 0xD8, 0xA7,
+	0xD9, 0x84, 0xD9, 0x87, 0x4F, 0xE3, 0x82, 0xA2,
+	0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x9A, 0xE3, 0x83,
+	0xBC, 0xE3, 0x83, 0x88, 0x4F, 0xE3, 0x82, 0xA2,
+	0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x98, 0xE3, 0x82,
+	0x9A, 0xE3, 0x82, 0xA2, 0x4F, 0xE3, 0x82, 0xAD,
+	0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xAF, 0xE3, 0x83,
+	0x83, 0xE3, 0x83, 0x88, 0x4F, 0xE3, 0x82, 0xB5,
+	// Bytes 2b40 - 2b7f
+	0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x81, 0xE3, 0x83,
+	0xBC, 0xE3, 0x83, 0xA0, 0x4F, 0xE3, 0x83, 0x8F,
+	0xE3, 0x82, 0x99, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
+	0xAC, 0xE3, 0x83, 0xAB, 0x4F, 0xE3, 0x83, 0x98,
+	0xE3, 0x82, 0xAF, 0xE3, 0x82, 0xBF, 0xE3, 0x83,
+	0xBC, 0xE3, 0x83, 0xAB, 0x4F, 0xE3, 0x83, 0x9B,
+	0xE3, 0x82, 0x9A, 0xE3, 0x82, 0xA4, 0xE3, 0x83,
+	0xB3, 0xE3, 0x83, 0x88, 0x4F, 0xE3, 0x83, 0x9E,
+	// Bytes 2b80 - 2bbf
+	0xE3, 0x83, 0xB3, 0xE3, 0x82, 0xB7, 0xE3, 0x83,
+	0xA7, 0xE3, 0x83, 0xB3, 0x4F, 0xE3, 0x83, 0xA1,
+	0xE3, 0x82, 0xAB, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	0x88, 0xE3, 0x83, 0xB3, 0x4F, 0xE3, 0x83, 0xAB,
+	0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x95, 0xE3, 0x82,
+	0x99, 0xE3, 0x83, 0xAB, 0x51, 0x28, 0xE1, 0x84,
+	0x8B, 0xE1, 0x85, 0xA9, 0xE1, 0x84, 0x8C, 0xE1,
+	0x85, 0xA5, 0xE1, 0x86, 0xAB, 0x29, 0x52, 0xE3,
+	// Bytes 2bc0 - 2bff
+	0x82, 0xAD, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAB,
+	0xE3, 0x82, 0xBF, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	0xBC, 0x52, 0xE3, 0x82, 0xAD, 0xE3, 0x83, 0xAD,
+	0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	0xA9, 0xE3, 0x83, 0xA0, 0x52, 0xE3, 0x82, 0xAD,
+	0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xA1, 0xE3, 0x83,
+	0xBC, 0xE3, 0x83, 0x88, 0xE3, 0x83, 0xAB, 0x52,
+	0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	// Bytes 2c00 - 2c3f
+	0xA9, 0xE3, 0x83, 0xA0, 0xE3, 0x83, 0x88, 0xE3,
+	0x83, 0xB3, 0x52, 0xE3, 0x82, 0xAF, 0xE3, 0x83,
+	0xAB, 0xE3, 0x82, 0xBB, 0xE3, 0x82, 0x99, 0xE3,
+	0x82, 0xA4, 0xE3, 0x83, 0xAD, 0x52, 0xE3, 0x83,
+	0x8F, 0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xBC, 0xE3,
+	0x82, 0xBB, 0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x88,
+	0x52, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x9A, 0xE3,
+	0x82, 0xA2, 0xE3, 0x82, 0xB9, 0xE3, 0x83, 0x88,
+	// Bytes 2c40 - 2c7f
+	0xE3, 0x83, 0xAB, 0x52, 0xE3, 0x83, 0x95, 0xE3,
+	0x82, 0x99, 0xE3, 0x83, 0x83, 0xE3, 0x82, 0xB7,
+	0xE3, 0x82, 0xA7, 0xE3, 0x83, 0xAB, 0x52, 0xE3,
+	0x83, 0x9F, 0xE3, 0x83, 0xAA, 0xE3, 0x83, 0x8F,
+	0xE3, 0x82, 0x99, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
+	0xAB, 0x52, 0xE3, 0x83, 0xAC, 0xE3, 0x83, 0xB3,
+	0xE3, 0x83, 0x88, 0xE3, 0x82, 0xB1, 0xE3, 0x82,
+	0x99, 0xE3, 0x83, 0xB3, 0x61, 0xD8, 0xB5, 0xD9,
+	// Bytes 2c80 - 2cbf
+	0x84, 0xD9, 0x89, 0x20, 0xD8, 0xA7, 0xD9, 0x84,
+	0xD9, 0x84, 0xD9, 0x87, 0x20, 0xD8, 0xB9, 0xD9,
+	0x84, 0xD9, 0x8A, 0xD9, 0x87, 0x20, 0xD9, 0x88,
+	0xD8, 0xB3, 0xD9, 0x84, 0xD9, 0x85, 0x06, 0xE0,
+	0xA7, 0x87, 0xE0, 0xA6, 0xBE, 0x01, 0x06, 0xE0,
+	0xA7, 0x87, 0xE0, 0xA7, 0x97, 0x01, 0x06, 0xE0,
+	0xAD, 0x87, 0xE0, 0xAC, 0xBE, 0x01, 0x06, 0xE0,
+	0xAD, 0x87, 0xE0, 0xAD, 0x96, 0x01, 0x06, 0xE0,
+	// Bytes 2cc0 - 2cff
+	0xAD, 0x87, 0xE0, 0xAD, 0x97, 0x01, 0x06, 0xE0,
+	0xAE, 0x92, 0xE0, 0xAF, 0x97, 0x01, 0x06, 0xE0,
+	0xAF, 0x86, 0xE0, 0xAE, 0xBE, 0x01, 0x06, 0xE0,
+	0xAF, 0x86, 0xE0, 0xAF, 0x97, 0x01, 0x06, 0xE0,
+	0xAF, 0x87, 0xE0, 0xAE, 0xBE, 0x01, 0x06, 0xE0,
+	0xB2, 0xBF, 0xE0, 0xB3, 0x95, 0x01, 0x06, 0xE0,
+	0xB3, 0x86, 0xE0, 0xB3, 0x95, 0x01, 0x06, 0xE0,
+	0xB3, 0x86, 0xE0, 0xB3, 0x96, 0x01, 0x06, 0xE0,
+	// Bytes 2d00 - 2d3f
+	0xB5, 0x86, 0xE0, 0xB4, 0xBE, 0x01, 0x06, 0xE0,
+	0xB5, 0x86, 0xE0, 0xB5, 0x97, 0x01, 0x06, 0xE0,
+	0xB5, 0x87, 0xE0, 0xB4, 0xBE, 0x01, 0x06, 0xE0,
+	0xB7, 0x99, 0xE0, 0xB7, 0x9F, 0x01, 0x06, 0xE1,
+	0x80, 0xA5, 0xE1, 0x80, 0xAE, 0x01, 0x06, 0xE1,
+	0xAC, 0x85, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAC, 0x87, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAC, 0x89, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	// Bytes 2d40 - 2d7f
+	0xAC, 0x8B, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAC, 0x8D, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAC, 0x91, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAC, 0xBA, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAC, 0xBC, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAC, 0xBE, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAC, 0xBF, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
+	0xAD, 0x82, 0xE1, 0xAC, 0xB5, 0x01, 0x08, 0xF0,
+	// Bytes 2d80 - 2dbf
+	0x91, 0x84, 0xB1, 0xF0, 0x91, 0x84, 0xA7, 0x01,
+	0x08, 0xF0, 0x91, 0x84, 0xB2, 0xF0, 0x91, 0x84,
+	0xA7, 0x01, 0x08, 0xF0, 0x91, 0x8D, 0x87, 0xF0,
+	0x91, 0x8C, 0xBE, 0x01, 0x08, 0xF0, 0x91, 0x8D,
+	0x87, 0xF0, 0x91, 0x8D, 0x97, 0x01, 0x08, 0xF0,
+	0x91, 0x92, 0xB9, 0xF0, 0x91, 0x92, 0xB0, 0x01,
+	0x08, 0xF0, 0x91, 0x92, 0xB9, 0xF0, 0x91, 0x92,
+	0xBA, 0x01, 0x08, 0xF0, 0x91, 0x92, 0xB9, 0xF0,
+	// Bytes 2dc0 - 2dff
+	0x91, 0x92, 0xBD, 0x01, 0x08, 0xF0, 0x91, 0x96,
+	0xB8, 0xF0, 0x91, 0x96, 0xAF, 0x01, 0x08, 0xF0,
+	0x91, 0x96, 0xB9, 0xF0, 0x91, 0x96, 0xAF, 0x01,
+	0x09, 0xE0, 0xB3, 0x86, 0xE0, 0xB3, 0x82, 0xE0,
+	0xB3, 0x95, 0x02, 0x09, 0xE0, 0xB7, 0x99, 0xE0,
+	0xB7, 0x8F, 0xE0, 0xB7, 0x8A, 0x12, 0x44, 0x44,
+	0x5A, 0xCC, 0x8C, 0xC9, 0x44, 0x44, 0x7A, 0xCC,
+	0x8C, 0xC9, 0x44, 0x64, 0x7A, 0xCC, 0x8C, 0xC9,
+	// Bytes 2e00 - 2e3f
+	0x46, 0xD9, 0x84, 0xD8, 0xA7, 0xD9, 0x93, 0xC9,
+	0x46, 0xD9, 0x84, 0xD8, 0xA7, 0xD9, 0x94, 0xC9,
+	0x46, 0xD9, 0x84, 0xD8, 0xA7, 0xD9, 0x95, 0xB5,
+	0x46, 0xE1, 0x84, 0x80, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x82, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x83, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x85, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x86, 0xE1, 0x85, 0xA1, 0x01,
+	// Bytes 2e40 - 2e7f
+	0x46, 0xE1, 0x84, 0x87, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x89, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xAE, 0x01,
+	0x46, 0xE1, 0x84, 0x8C, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x8E, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x8F, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x90, 0xE1, 0x85, 0xA1, 0x01,
+	// Bytes 2e80 - 2ebf
+	0x46, 0xE1, 0x84, 0x91, 0xE1, 0x85, 0xA1, 0x01,
+	0x46, 0xE1, 0x84, 0x92, 0xE1, 0x85, 0xA1, 0x01,
+	0x49, 0xE3, 0x83, 0xA1, 0xE3, 0x82, 0xAB, 0xE3,
+	0x82, 0x99, 0x0D, 0x4C, 0xE1, 0x84, 0x8C, 0xE1,
+	0x85, 0xAE, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xB4,
+	0x01, 0x4C, 0xE3, 0x82, 0xAD, 0xE3, 0x82, 0x99,
+	0xE3, 0x82, 0xAB, 0xE3, 0x82, 0x99, 0x0D, 0x4C,
+	0xE3, 0x82, 0xB3, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
+	// Bytes 2ec0 - 2eff
+	0x9B, 0xE3, 0x82, 0x9A, 0x0D, 0x4C, 0xE3, 0x83,
+	0xA4, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x88, 0xE3,
+	0x82, 0x99, 0x0D, 0x4F, 0xE1, 0x84, 0x8E, 0xE1,
+	0x85, 0xA1, 0xE1, 0x86, 0xB7, 0xE1, 0x84, 0x80,
+	0xE1, 0x85, 0xA9, 0x01, 0x4F, 0xE3, 0x82, 0xA4,
+	0xE3, 0x83, 0x8B, 0xE3, 0x83, 0xB3, 0xE3, 0x82,
+	0xAF, 0xE3, 0x82, 0x99, 0x0D, 0x4F, 0xE3, 0x82,
+	0xB7, 0xE3, 0x83, 0xAA, 0xE3, 0x83, 0xB3, 0xE3,
+	// Bytes 2f00 - 2f3f
+	0x82, 0xAF, 0xE3, 0x82, 0x99, 0x0D, 0x4F, 0xE3,
+	0x83, 0x98, 0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xBC,
+	0xE3, 0x82, 0xB7, 0xE3, 0x82, 0x99, 0x0D, 0x4F,
+	0xE3, 0x83, 0x9B, 0xE3, 0x82, 0x9A, 0xE3, 0x83,
+	0xB3, 0xE3, 0x83, 0x88, 0xE3, 0x82, 0x99, 0x0D,
+	0x52, 0xE3, 0x82, 0xA8, 0xE3, 0x82, 0xB9, 0xE3,
+	0x82, 0xAF, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x88,
+	0xE3, 0x82, 0x99, 0x0D, 0x52, 0xE3, 0x83, 0x95,
+	// Bytes 2f40 - 2f7f
+	0xE3, 0x82, 0xA1, 0xE3, 0x83, 0xA9, 0xE3, 0x83,
+	0x83, 0xE3, 0x83, 0x88, 0xE3, 0x82, 0x99, 0x0D,
+	0x86, 0xE0, 0xB3, 0x86, 0xE0, 0xB3, 0x82, 0x01,
+	0x86, 0xE0, 0xB7, 0x99, 0xE0, 0xB7, 0x8F, 0x01,
+	0x03, 0x3C, 0xCC, 0xB8, 0x05, 0x03, 0x3D, 0xCC,
+	0xB8, 0x05, 0x03, 0x3E, 0xCC, 0xB8, 0x05, 0x03,
+	0x41, 0xCC, 0x80, 0xC9, 0x03, 0x41, 0xCC, 0x81,
+	0xC9, 0x03, 0x41, 0xCC, 0x83, 0xC9, 0x03, 0x41,
+	// Bytes 2f80 - 2fbf
+	0xCC, 0x84, 0xC9, 0x03, 0x41, 0xCC, 0x89, 0xC9,
+	0x03, 0x41, 0xCC, 0x8C, 0xC9, 0x03, 0x41, 0xCC,
+	0x8F, 0xC9, 0x03, 0x41, 0xCC, 0x91, 0xC9, 0x03,
+	0x41, 0xCC, 0xA5, 0xB5, 0x03, 0x41, 0xCC, 0xA8,
+	0xA5, 0x03, 0x42, 0xCC, 0x87, 0xC9, 0x03, 0x42,
+	0xCC, 0xA3, 0xB5, 0x03, 0x42, 0xCC, 0xB1, 0xB5,
+	0x03, 0x43, 0xCC, 0x81, 0xC9, 0x03, 0x43, 0xCC,
+	0x82, 0xC9, 0x03, 0x43, 0xCC, 0x87, 0xC9, 0x03,
+	// Bytes 2fc0 - 2fff
+	0x43, 0xCC, 0x8C, 0xC9, 0x03, 0x44, 0xCC, 0x87,
+	0xC9, 0x03, 0x44, 0xCC, 0x8C, 0xC9, 0x03, 0x44,
+	0xCC, 0xA3, 0xB5, 0x03, 0x44, 0xCC, 0xA7, 0xA5,
+	0x03, 0x44, 0xCC, 0xAD, 0xB5, 0x03, 0x44, 0xCC,
+	0xB1, 0xB5, 0x03, 0x45, 0xCC, 0x80, 0xC9, 0x03,
+	0x45, 0xCC, 0x81, 0xC9, 0x03, 0x45, 0xCC, 0x83,
+	0xC9, 0x03, 0x45, 0xCC, 0x86, 0xC9, 0x03, 0x45,
+	0xCC, 0x87, 0xC9, 0x03, 0x45, 0xCC, 0x88, 0xC9,
+	// Bytes 3000 - 303f
+	0x03, 0x45, 0xCC, 0x89, 0xC9, 0x03, 0x45, 0xCC,
+	0x8C, 0xC9, 0x03, 0x45, 0xCC, 0x8F, 0xC9, 0x03,
+	0x45, 0xCC, 0x91, 0xC9, 0x03, 0x45, 0xCC, 0xA8,
+	0xA5, 0x03, 0x45, 0xCC, 0xAD, 0xB5, 0x03, 0x45,
+	0xCC, 0xB0, 0xB5, 0x03, 0x46, 0xCC, 0x87, 0xC9,
+	0x03, 0x47, 0xCC, 0x81, 0xC9, 0x03, 0x47, 0xCC,
+	0x82, 0xC9, 0x03, 0x47, 0xCC, 0x84, 0xC9, 0x03,
+	0x47, 0xCC, 0x86, 0xC9, 0x03, 0x47, 0xCC, 0x87,
+	// Bytes 3040 - 307f
+	0xC9, 0x03, 0x47, 0xCC, 0x8C, 0xC9, 0x03, 0x47,
+	0xCC, 0xA7, 0xA5, 0x03, 0x48, 0xCC, 0x82, 0xC9,
+	0x03, 0x48, 0xCC, 0x87, 0xC9, 0x03, 0x48, 0xCC,
+	0x88, 0xC9, 0x03, 0x48, 0xCC, 0x8C, 0xC9, 0x03,
+	0x48, 0xCC, 0xA3, 0xB5, 0x03, 0x48, 0xCC, 0xA7,
+	0xA5, 0x03, 0x48, 0xCC, 0xAE, 0xB5, 0x03, 0x49,
+	0xCC, 0x80, 0xC9, 0x03, 0x49, 0xCC, 0x81, 0xC9,
+	0x03, 0x49, 0xCC, 0x82, 0xC9, 0x03, 0x49, 0xCC,
+	// Bytes 3080 - 30bf
+	0x83, 0xC9, 0x03, 0x49, 0xCC, 0x84, 0xC9, 0x03,
+	0x49, 0xCC, 0x86, 0xC9, 0x03, 0x49, 0xCC, 0x87,
+	0xC9, 0x03, 0x49, 0xCC, 0x89, 0xC9, 0x03, 0x49,
+	0xCC, 0x8C, 0xC9, 0x03, 0x49, 0xCC, 0x8F, 0xC9,
+	0x03, 0x49, 0xCC, 0x91, 0xC9, 0x03, 0x49, 0xCC,
+	0xA3, 0xB5, 0x03, 0x49, 0xCC, 0xA8, 0xA5, 0x03,
+	0x49, 0xCC, 0xB0, 0xB5, 0x03, 0x4A, 0xCC, 0x82,
+	0xC9, 0x03, 0x4B, 0xCC, 0x81, 0xC9, 0x03, 0x4B,
+	// Bytes 30c0 - 30ff
+	0xCC, 0x8C, 0xC9, 0x03, 0x4B, 0xCC, 0xA3, 0xB5,
+	0x03, 0x4B, 0xCC, 0xA7, 0xA5, 0x03, 0x4B, 0xCC,
+	0xB1, 0xB5, 0x03, 0x4C, 0xCC, 0x81, 0xC9, 0x03,
+	0x4C, 0xCC, 0x8C, 0xC9, 0x03, 0x4C, 0xCC, 0xA7,
+	0xA5, 0x03, 0x4C, 0xCC, 0xAD, 0xB5, 0x03, 0x4C,
+	0xCC, 0xB1, 0xB5, 0x03, 0x4D, 0xCC, 0x81, 0xC9,
+	0x03, 0x4D, 0xCC, 0x87, 0xC9, 0x03, 0x4D, 0xCC,
+	0xA3, 0xB5, 0x03, 0x4E, 0xCC, 0x80, 0xC9, 0x03,
+	// Bytes 3100 - 313f
+	0x4E, 0xCC, 0x81, 0xC9, 0x03, 0x4E, 0xCC, 0x83,
+	0xC9, 0x03, 0x4E, 0xCC, 0x87, 0xC9, 0x03, 0x4E,
+	0xCC, 0x8C, 0xC9, 0x03, 0x4E, 0xCC, 0xA3, 0xB5,
+	0x03, 0x4E, 0xCC, 0xA7, 0xA5, 0x03, 0x4E, 0xCC,
+	0xAD, 0xB5, 0x03, 0x4E, 0xCC, 0xB1, 0xB5, 0x03,
+	0x4F, 0xCC, 0x80, 0xC9, 0x03, 0x4F, 0xCC, 0x81,
+	0xC9, 0x03, 0x4F, 0xCC, 0x86, 0xC9, 0x03, 0x4F,
+	0xCC, 0x89, 0xC9, 0x03, 0x4F, 0xCC, 0x8B, 0xC9,
+	// Bytes 3140 - 317f
+	0x03, 0x4F, 0xCC, 0x8C, 0xC9, 0x03, 0x4F, 0xCC,
+	0x8F, 0xC9, 0x03, 0x4F, 0xCC, 0x91, 0xC9, 0x03,
+	0x50, 0xCC, 0x81, 0xC9, 0x03, 0x50, 0xCC, 0x87,
+	0xC9, 0x03, 0x52, 0xCC, 0x81, 0xC9, 0x03, 0x52,
+	0xCC, 0x87, 0xC9, 0x03, 0x52, 0xCC, 0x8C, 0xC9,
+	0x03, 0x52, 0xCC, 0x8F, 0xC9, 0x03, 0x52, 0xCC,
+	0x91, 0xC9, 0x03, 0x52, 0xCC, 0xA7, 0xA5, 0x03,
+	0x52, 0xCC, 0xB1, 0xB5, 0x03, 0x53, 0xCC, 0x82,
+	// Bytes 3180 - 31bf
+	0xC9, 0x03, 0x53, 0xCC, 0x87, 0xC9, 0x03, 0x53,
+	0xCC, 0xA6, 0xB5, 0x03, 0x53, 0xCC, 0xA7, 0xA5,
+	0x03, 0x54, 0xCC, 0x87, 0xC9, 0x03, 0x54, 0xCC,
+	0x8C, 0xC9, 0x03, 0x54, 0xCC, 0xA3, 0xB5, 0x03,
+	0x54, 0xCC, 0xA6, 0xB5, 0x03, 0x54, 0xCC, 0xA7,
+	0xA5, 0x03, 0x54, 0xCC, 0xAD, 0xB5, 0x03, 0x54,
+	0xCC, 0xB1, 0xB5, 0x03, 0x55, 0xCC, 0x80, 0xC9,
+	0x03, 0x55, 0xCC, 0x81, 0xC9, 0x03, 0x55, 0xCC,
+	// Bytes 31c0 - 31ff
+	0x82, 0xC9, 0x03, 0x55, 0xCC, 0x86, 0xC9, 0x03,
+	0x55, 0xCC, 0x89, 0xC9, 0x03, 0x55, 0xCC, 0x8A,
+	0xC9, 0x03, 0x55, 0xCC, 0x8B, 0xC9, 0x03, 0x55,
+	0xCC, 0x8C, 0xC9, 0x03, 0x55, 0xCC, 0x8F, 0xC9,
+	0x03, 0x55, 0xCC, 0x91, 0xC9, 0x03, 0x55, 0xCC,
+	0xA3, 0xB5, 0x03, 0x55, 0xCC, 0xA4, 0xB5, 0x03,
+	0x55, 0xCC, 0xA8, 0xA5, 0x03, 0x55, 0xCC, 0xAD,
+	0xB5, 0x03, 0x55, 0xCC, 0xB0, 0xB5, 0x03, 0x56,
+	// Bytes 3200 - 323f
+	0xCC, 0x83, 0xC9, 0x03, 0x56, 0xCC, 0xA3, 0xB5,
+	0x03, 0x57, 0xCC, 0x80, 0xC9, 0x03, 0x57, 0xCC,
+	0x81, 0xC9, 0x03, 0x57, 0xCC, 0x82, 0xC9, 0x03,
+	0x57, 0xCC, 0x87, 0xC9, 0x03, 0x57, 0xCC, 0x88,
+	0xC9, 0x03, 0x57, 0xCC, 0xA3, 0xB5, 0x03, 0x58,
+	0xCC, 0x87, 0xC9, 0x03, 0x58, 0xCC, 0x88, 0xC9,
+	0x03, 0x59, 0xCC, 0x80, 0xC9, 0x03, 0x59, 0xCC,
+	0x81, 0xC9, 0x03, 0x59, 0xCC, 0x82, 0xC9, 0x03,
+	// Bytes 3240 - 327f
+	0x59, 0xCC, 0x83, 0xC9, 0x03, 0x59, 0xCC, 0x84,
+	0xC9, 0x03, 0x59, 0xCC, 0x87, 0xC9, 0x03, 0x59,
+	0xCC, 0x88, 0xC9, 0x03, 0x59, 0xCC, 0x89, 0xC9,
+	0x03, 0x59, 0xCC, 0xA3, 0xB5, 0x03, 0x5A, 0xCC,
+	0x81, 0xC9, 0x03, 0x5A, 0xCC, 0x82, 0xC9, 0x03,
+	0x5A, 0xCC, 0x87, 0xC9, 0x03, 0x5A, 0xCC, 0x8C,
+	0xC9, 0x03, 0x5A, 0xCC, 0xA3, 0xB5, 0x03, 0x5A,
+	0xCC, 0xB1, 0xB5, 0x03, 0x61, 0xCC, 0x80, 0xC9,
+	// Bytes 3280 - 32bf
+	0x03, 0x61, 0xCC, 0x81, 0xC9, 0x03, 0x61, 0xCC,
+	0x83, 0xC9, 0x03, 0x61, 0xCC, 0x84, 0xC9, 0x03,
+	0x61, 0xCC, 0x89, 0xC9, 0x03, 0x61, 0xCC, 0x8C,
+	0xC9, 0x03, 0x61, 0xCC, 0x8F, 0xC9, 0x03, 0x61,
+	0xCC, 0x91, 0xC9, 0x03, 0x61, 0xCC, 0xA5, 0xB5,
+	0x03, 0x61, 0xCC, 0xA8, 0xA5, 0x03, 0x62, 0xCC,
+	0x87, 0xC9, 0x03, 0x62, 0xCC, 0xA3, 0xB5, 0x03,
+	0x62, 0xCC, 0xB1, 0xB5, 0x03, 0x63, 0xCC, 0x81,
+	// Bytes 32c0 - 32ff
+	0xC9, 0x03, 0x63, 0xCC, 0x82, 0xC9, 0x03, 0x63,
+	0xCC, 0x87, 0xC9, 0x03, 0x63, 0xCC, 0x8C, 0xC9,
+	0x03, 0x64, 0xCC, 0x87, 0xC9, 0x03, 0x64, 0xCC,
+	0x8C, 0xC9, 0x03, 0x64, 0xCC, 0xA3, 0xB5, 0x03,
+	0x64, 0xCC, 0xA7, 0xA5, 0x03, 0x64, 0xCC, 0xAD,
+	0xB5, 0x03, 0x64, 0xCC, 0xB1, 0xB5, 0x03, 0x65,
+	0xCC, 0x80, 0xC9, 0x03, 0x65, 0xCC, 0x81, 0xC9,
+	0x03, 0x65, 0xCC, 0x83, 0xC9, 0x03, 0x65, 0xCC,
+	// Bytes 3300 - 333f
+	0x86, 0xC9, 0x03, 0x65, 0xCC, 0x87, 0xC9, 0x03,
+	0x65, 0xCC, 0x88, 0xC9, 0x03, 0x65, 0xCC, 0x89,
+	0xC9, 0x03, 0x65, 0xCC, 0x8C, 0xC9, 0x03, 0x65,
+	0xCC, 0x8F, 0xC9, 0x03, 0x65, 0xCC, 0x91, 0xC9,
+	0x03, 0x65, 0xCC, 0xA8, 0xA5, 0x03, 0x65, 0xCC,
+	0xAD, 0xB5, 0x03, 0x65, 0xCC, 0xB0, 0xB5, 0x03,
+	0x66, 0xCC, 0x87, 0xC9, 0x03, 0x67, 0xCC, 0x81,
+	0xC9, 0x03, 0x67, 0xCC, 0x82, 0xC9, 0x03, 0x67,
+	// Bytes 3340 - 337f
+	0xCC, 0x84, 0xC9, 0x03, 0x67, 0xCC, 0x86, 0xC9,
+	0x03, 0x67, 0xCC, 0x87, 0xC9, 0x03, 0x67, 0xCC,
+	0x8C, 0xC9, 0x03, 0x67, 0xCC, 0xA7, 0xA5, 0x03,
+	0x68, 0xCC, 0x82, 0xC9, 0x03, 0x68, 0xCC, 0x87,
+	0xC9, 0x03, 0x68, 0xCC, 0x88, 0xC9, 0x03, 0x68,
+	0xCC, 0x8C, 0xC9, 0x03, 0x68, 0xCC, 0xA3, 0xB5,
+	0x03, 0x68, 0xCC, 0xA7, 0xA5, 0x03, 0x68, 0xCC,
+	0xAE, 0xB5, 0x03, 0x68, 0xCC, 0xB1, 0xB5, 0x03,
+	// Bytes 3380 - 33bf
+	0x69, 0xCC, 0x80, 0xC9, 0x03, 0x69, 0xCC, 0x81,
+	0xC9, 0x03, 0x69, 0xCC, 0x82, 0xC9, 0x03, 0x69,
+	0xCC, 0x83, 0xC9, 0x03, 0x69, 0xCC, 0x84, 0xC9,
+	0x03, 0x69, 0xCC, 0x86, 0xC9, 0x03, 0x69, 0xCC,
+	0x89, 0xC9, 0x03, 0x69, 0xCC, 0x8C, 0xC9, 0x03,
+	0x69, 0xCC, 0x8F, 0xC9, 0x03, 0x69, 0xCC, 0x91,
+	0xC9, 0x03, 0x69, 0xCC, 0xA3, 0xB5, 0x03, 0x69,
+	0xCC, 0xA8, 0xA5, 0x03, 0x69, 0xCC, 0xB0, 0xB5,
+	// Bytes 33c0 - 33ff
+	0x03, 0x6A, 0xCC, 0x82, 0xC9, 0x03, 0x6A, 0xCC,
+	0x8C, 0xC9, 0x03, 0x6B, 0xCC, 0x81, 0xC9, 0x03,
+	0x6B, 0xCC, 0x8C, 0xC9, 0x03, 0x6B, 0xCC, 0xA3,
+	0xB5, 0x03, 0x6B, 0xCC, 0xA7, 0xA5, 0x03, 0x6B,
+	0xCC, 0xB1, 0xB5, 0x03, 0x6C, 0xCC, 0x81, 0xC9,
+	0x03, 0x6C, 0xCC, 0x8C, 0xC9, 0x03, 0x6C, 0xCC,
+	0xA7, 0xA5, 0x03, 0x6C, 0xCC, 0xAD, 0xB5, 0x03,
+	0x6C, 0xCC, 0xB1, 0xB5, 0x03, 0x6D, 0xCC, 0x81,
+	// Bytes 3400 - 343f
+	0xC9, 0x03, 0x6D, 0xCC, 0x87, 0xC9, 0x03, 0x6D,
+	0xCC, 0xA3, 0xB5, 0x03, 0x6E, 0xCC, 0x80, 0xC9,
+	0x03, 0x6E, 0xCC, 0x81, 0xC9, 0x03, 0x6E, 0xCC,
+	0x83, 0xC9, 0x03, 0x6E, 0xCC, 0x87, 0xC9, 0x03,
+	0x6E, 0xCC, 0x8C, 0xC9, 0x03, 0x6E, 0xCC, 0xA3,
+	0xB5, 0x03, 0x6E, 0xCC, 0xA7, 0xA5, 0x03, 0x6E,
+	0xCC, 0xAD, 0xB5, 0x03, 0x6E, 0xCC, 0xB1, 0xB5,
+	0x03, 0x6F, 0xCC, 0x80, 0xC9, 0x03, 0x6F, 0xCC,
+	// Bytes 3440 - 347f
+	0x81, 0xC9, 0x03, 0x6F, 0xCC, 0x86, 0xC9, 0x03,
+	0x6F, 0xCC, 0x89, 0xC9, 0x03, 0x6F, 0xCC, 0x8B,
+	0xC9, 0x03, 0x6F, 0xCC, 0x8C, 0xC9, 0x03, 0x6F,
+	0xCC, 0x8F, 0xC9, 0x03, 0x6F, 0xCC, 0x91, 0xC9,
+	0x03, 0x70, 0xCC, 0x81, 0xC9, 0x03, 0x70, 0xCC,
+	0x87, 0xC9, 0x03, 0x72, 0xCC, 0x81, 0xC9, 0x03,
+	0x72, 0xCC, 0x87, 0xC9, 0x03, 0x72, 0xCC, 0x8C,
+	0xC9, 0x03, 0x72, 0xCC, 0x8F, 0xC9, 0x03, 0x72,
+	// Bytes 3480 - 34bf
+	0xCC, 0x91, 0xC9, 0x03, 0x72, 0xCC, 0xA7, 0xA5,
+	0x03, 0x72, 0xCC, 0xB1, 0xB5, 0x03, 0x73, 0xCC,
+	0x82, 0xC9, 0x03, 0x73, 0xCC, 0x87, 0xC9, 0x03,
+	0x73, 0xCC, 0xA6, 0xB5, 0x03, 0x73, 0xCC, 0xA7,
+	0xA5, 0x03, 0x74, 0xCC, 0x87, 0xC9, 0x03, 0x74,
+	0xCC, 0x88, 0xC9, 0x03, 0x74, 0xCC, 0x8C, 0xC9,
+	0x03, 0x74, 0xCC, 0xA3, 0xB5, 0x03, 0x74, 0xCC,
+	0xA6, 0xB5, 0x03, 0x74, 0xCC, 0xA7, 0xA5, 0x03,
+	// Bytes 34c0 - 34ff
+	0x74, 0xCC, 0xAD, 0xB5, 0x03, 0x74, 0xCC, 0xB1,
+	0xB5, 0x03, 0x75, 0xCC, 0x80, 0xC9, 0x03, 0x75,
+	0xCC, 0x81, 0xC9, 0x03, 0x75, 0xCC, 0x82, 0xC9,
+	0x03, 0x75, 0xCC, 0x86, 0xC9, 0x03, 0x75, 0xCC,
+	0x89, 0xC9, 0x03, 0x75, 0xCC, 0x8A, 0xC9, 0x03,
+	0x75, 0xCC, 0x8B, 0xC9, 0x03, 0x75, 0xCC, 0x8C,
+	0xC9, 0x03, 0x75, 0xCC, 0x8F, 0xC9, 0x03, 0x75,
+	0xCC, 0x91, 0xC9, 0x03, 0x75, 0xCC, 0xA3, 0xB5,
+	// Bytes 3500 - 353f
+	0x03, 0x75, 0xCC, 0xA4, 0xB5, 0x03, 0x75, 0xCC,
+	0xA8, 0xA5, 0x03, 0x75, 0xCC, 0xAD, 0xB5, 0x03,
+	0x75, 0xCC, 0xB0, 0xB5, 0x03, 0x76, 0xCC, 0x83,
+	0xC9, 0x03, 0x76, 0xCC, 0xA3, 0xB5, 0x03, 0x77,
+	0xCC, 0x80, 0xC9, 0x03, 0x77, 0xCC, 0x81, 0xC9,
+	0x03, 0x77, 0xCC, 0x82, 0xC9, 0x03, 0x77, 0xCC,
+	0x87, 0xC9, 0x03, 0x77, 0xCC, 0x88, 0xC9, 0x03,
+	0x77, 0xCC, 0x8A, 0xC9, 0x03, 0x77, 0xCC, 0xA3,
+	// Bytes 3540 - 357f
+	0xB5, 0x03, 0x78, 0xCC, 0x87, 0xC9, 0x03, 0x78,
+	0xCC, 0x88, 0xC9, 0x03, 0x79, 0xCC, 0x80, 0xC9,
+	0x03, 0x79, 0xCC, 0x81, 0xC9, 0x03, 0x79, 0xCC,
+	0x82, 0xC9, 0x03, 0x79, 0xCC, 0x83, 0xC9, 0x03,
+	0x79, 0xCC, 0x84, 0xC9, 0x03, 0x79, 0xCC, 0x87,
+	0xC9, 0x03, 0x79, 0xCC, 0x88, 0xC9, 0x03, 0x79,
+	0xCC, 0x89, 0xC9, 0x03, 0x79, 0xCC, 0x8A, 0xC9,
+	0x03, 0x79, 0xCC, 0xA3, 0xB5, 0x03, 0x7A, 0xCC,
+	// Bytes 3580 - 35bf
+	0x81, 0xC9, 0x03, 0x7A, 0xCC, 0x82, 0xC9, 0x03,
+	0x7A, 0xCC, 0x87, 0xC9, 0x03, 0x7A, 0xCC, 0x8C,
+	0xC9, 0x03, 0x7A, 0xCC, 0xA3, 0xB5, 0x03, 0x7A,
+	0xCC, 0xB1, 0xB5, 0x04, 0xC2, 0xA8, 0xCC, 0x80,
+	0xCA, 0x04, 0xC2, 0xA8, 0xCC, 0x81, 0xCA, 0x04,
+	0xC2, 0xA8, 0xCD, 0x82, 0xCA, 0x04, 0xC3, 0x86,
+	0xCC, 0x81, 0xC9, 0x04, 0xC3, 0x86, 0xCC, 0x84,
+	0xC9, 0x04, 0xC3, 0x98, 0xCC, 0x81, 0xC9, 0x04,
+	// Bytes 35c0 - 35ff
+	0xC3, 0xA6, 0xCC, 0x81, 0xC9, 0x04, 0xC3, 0xA6,
+	0xCC, 0x84, 0xC9, 0x04, 0xC3, 0xB8, 0xCC, 0x81,
+	0xC9, 0x04, 0xC5, 0xBF, 0xCC, 0x87, 0xC9, 0x04,
+	0xC6, 0xB7, 0xCC, 0x8C, 0xC9, 0x04, 0xCA, 0x92,
+	0xCC, 0x8C, 0xC9, 0x04, 0xCE, 0x91, 0xCC, 0x80,
+	0xC9, 0x04, 0xCE, 0x91, 0xCC, 0x81, 0xC9, 0x04,
+	0xCE, 0x91, 0xCC, 0x84, 0xC9, 0x04, 0xCE, 0x91,
+	0xCC, 0x86, 0xC9, 0x04, 0xCE, 0x91, 0xCD, 0x85,
+	// Bytes 3600 - 363f
+	0xD9, 0x04, 0xCE, 0x95, 0xCC, 0x80, 0xC9, 0x04,
+	0xCE, 0x95, 0xCC, 0x81, 0xC9, 0x04, 0xCE, 0x97,
+	0xCC, 0x80, 0xC9, 0x04, 0xCE, 0x97, 0xCC, 0x81,
+	0xC9, 0x04, 0xCE, 0x97, 0xCD, 0x85, 0xD9, 0x04,
+	0xCE, 0x99, 0xCC, 0x80, 0xC9, 0x04, 0xCE, 0x99,
+	0xCC, 0x81, 0xC9, 0x04, 0xCE, 0x99, 0xCC, 0x84,
+	0xC9, 0x04, 0xCE, 0x99, 0xCC, 0x86, 0xC9, 0x04,
+	0xCE, 0x99, 0xCC, 0x88, 0xC9, 0x04, 0xCE, 0x9F,
+	// Bytes 3640 - 367f
+	0xCC, 0x80, 0xC9, 0x04, 0xCE, 0x9F, 0xCC, 0x81,
+	0xC9, 0x04, 0xCE, 0xA1, 0xCC, 0x94, 0xC9, 0x04,
+	0xCE, 0xA5, 0xCC, 0x80, 0xC9, 0x04, 0xCE, 0xA5,
+	0xCC, 0x81, 0xC9, 0x04, 0xCE, 0xA5, 0xCC, 0x84,
+	0xC9, 0x04, 0xCE, 0xA5, 0xCC, 0x86, 0xC9, 0x04,
+	0xCE, 0xA5, 0xCC, 0x88, 0xC9, 0x04, 0xCE, 0xA9,
+	0xCC, 0x80, 0xC9, 0x04, 0xCE, 0xA9, 0xCC, 0x81,
+	0xC9, 0x04, 0xCE, 0xA9, 0xCD, 0x85, 0xD9, 0x04,
+	// Bytes 3680 - 36bf
+	0xCE, 0xB1, 0xCC, 0x84, 0xC9, 0x04, 0xCE, 0xB1,
+	0xCC, 0x86, 0xC9, 0x04, 0xCE, 0xB1, 0xCD, 0x85,
+	0xD9, 0x04, 0xCE, 0xB5, 0xCC, 0x80, 0xC9, 0x04,
+	0xCE, 0xB5, 0xCC, 0x81, 0xC9, 0x04, 0xCE, 0xB7,
+	0xCD, 0x85, 0xD9, 0x04, 0xCE, 0xB9, 0xCC, 0x80,
+	0xC9, 0x04, 0xCE, 0xB9, 0xCC, 0x81, 0xC9, 0x04,
+	0xCE, 0xB9, 0xCC, 0x84, 0xC9, 0x04, 0xCE, 0xB9,
+	0xCC, 0x86, 0xC9, 0x04, 0xCE, 0xB9, 0xCD, 0x82,
+	// Bytes 36c0 - 36ff
+	0xC9, 0x04, 0xCE, 0xBF, 0xCC, 0x80, 0xC9, 0x04,
+	0xCE, 0xBF, 0xCC, 0x81, 0xC9, 0x04, 0xCF, 0x81,
+	0xCC, 0x93, 0xC9, 0x04, 0xCF, 0x81, 0xCC, 0x94,
+	0xC9, 0x04, 0xCF, 0x85, 0xCC, 0x80, 0xC9, 0x04,
+	0xCF, 0x85, 0xCC, 0x81, 0xC9, 0x04, 0xCF, 0x85,
+	0xCC, 0x84, 0xC9, 0x04, 0xCF, 0x85, 0xCC, 0x86,
+	0xC9, 0x04, 0xCF, 0x85, 0xCD, 0x82, 0xC9, 0x04,
+	0xCF, 0x89, 0xCD, 0x85, 0xD9, 0x04, 0xCF, 0x92,
+	// Bytes 3700 - 373f
+	0xCC, 0x81, 0xC9, 0x04, 0xCF, 0x92, 0xCC, 0x88,
+	0xC9, 0x04, 0xD0, 0x86, 0xCC, 0x88, 0xC9, 0x04,
+	0xD0, 0x90, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0x90,
+	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x93, 0xCC, 0x81,
+	0xC9, 0x04, 0xD0, 0x95, 0xCC, 0x80, 0xC9, 0x04,
+	0xD0, 0x95, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0x95,
+	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x96, 0xCC, 0x86,
+	0xC9, 0x04, 0xD0, 0x96, 0xCC, 0x88, 0xC9, 0x04,
+	// Bytes 3740 - 377f
+	0xD0, 0x97, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x98,
+	0xCC, 0x80, 0xC9, 0x04, 0xD0, 0x98, 0xCC, 0x84,
+	0xC9, 0x04, 0xD0, 0x98, 0xCC, 0x86, 0xC9, 0x04,
+	0xD0, 0x98, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x9A,
+	0xCC, 0x81, 0xC9, 0x04, 0xD0, 0x9E, 0xCC, 0x88,
+	0xC9, 0x04, 0xD0, 0xA3, 0xCC, 0x84, 0xC9, 0x04,
+	0xD0, 0xA3, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0xA3,
+	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xA3, 0xCC, 0x8B,
+	// Bytes 3780 - 37bf
+	0xC9, 0x04, 0xD0, 0xA7, 0xCC, 0x88, 0xC9, 0x04,
+	0xD0, 0xAB, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xAD,
+	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xB0, 0xCC, 0x86,
+	0xC9, 0x04, 0xD0, 0xB0, 0xCC, 0x88, 0xC9, 0x04,
+	0xD0, 0xB3, 0xCC, 0x81, 0xC9, 0x04, 0xD0, 0xB5,
+	0xCC, 0x80, 0xC9, 0x04, 0xD0, 0xB5, 0xCC, 0x86,
+	0xC9, 0x04, 0xD0, 0xB5, 0xCC, 0x88, 0xC9, 0x04,
+	0xD0, 0xB6, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0xB6,
+	// Bytes 37c0 - 37ff
+	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xB7, 0xCC, 0x88,
+	0xC9, 0x04, 0xD0, 0xB8, 0xCC, 0x80, 0xC9, 0x04,
+	0xD0, 0xB8, 0xCC, 0x84, 0xC9, 0x04, 0xD0, 0xB8,
+	0xCC, 0x86, 0xC9, 0x04, 0xD0, 0xB8, 0xCC, 0x88,
+	0xC9, 0x04, 0xD0, 0xBA, 0xCC, 0x81, 0xC9, 0x04,
+	0xD0, 0xBE, 0xCC, 0x88, 0xC9, 0x04, 0xD1, 0x83,
+	0xCC, 0x84, 0xC9, 0x04, 0xD1, 0x83, 0xCC, 0x86,
+	0xC9, 0x04, 0xD1, 0x83, 0xCC, 0x88, 0xC9, 0x04,
+	// Bytes 3800 - 383f
+	0xD1, 0x83, 0xCC, 0x8B, 0xC9, 0x04, 0xD1, 0x87,
+	0xCC, 0x88, 0xC9, 0x04, 0xD1, 0x8B, 0xCC, 0x88,
+	0xC9, 0x04, 0xD1, 0x8D, 0xCC, 0x88, 0xC9, 0x04,
+	0xD1, 0x96, 0xCC, 0x88, 0xC9, 0x04, 0xD1, 0xB4,
+	0xCC, 0x8F, 0xC9, 0x04, 0xD1, 0xB5, 0xCC, 0x8F,
+	0xC9, 0x04, 0xD3, 0x98, 0xCC, 0x88, 0xC9, 0x04,
+	0xD3, 0x99, 0xCC, 0x88, 0xC9, 0x04, 0xD3, 0xA8,
+	0xCC, 0x88, 0xC9, 0x04, 0xD3, 0xA9, 0xCC, 0x88,
+	// Bytes 3840 - 387f
+	0xC9, 0x04, 0xD8, 0xA7, 0xD9, 0x93, 0xC9, 0x04,
+	0xD8, 0xA7, 0xD9, 0x94, 0xC9, 0x04, 0xD8, 0xA7,
+	0xD9, 0x95, 0xB5, 0x04, 0xD9, 0x88, 0xD9, 0x94,
+	0xC9, 0x04, 0xD9, 0x8A, 0xD9, 0x94, 0xC9, 0x04,
+	0xDB, 0x81, 0xD9, 0x94, 0xC9, 0x04, 0xDB, 0x92,
+	0xD9, 0x94, 0xC9, 0x04, 0xDB, 0x95, 0xD9, 0x94,
+	0xC9, 0x05, 0x41, 0xCC, 0x82, 0xCC, 0x80, 0xCA,
+	0x05, 0x41, 0xCC, 0x82, 0xCC, 0x81, 0xCA, 0x05,
+	// Bytes 3880 - 38bf
+	0x41, 0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05, 0x41,
+	0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05, 0x41, 0xCC,
+	0x86, 0xCC, 0x80, 0xCA, 0x05, 0x41, 0xCC, 0x86,
+	0xCC, 0x81, 0xCA, 0x05, 0x41, 0xCC, 0x86, 0xCC,
+	0x83, 0xCA, 0x05, 0x41, 0xCC, 0x86, 0xCC, 0x89,
+	0xCA, 0x05, 0x41, 0xCC, 0x87, 0xCC, 0x84, 0xCA,
+	0x05, 0x41, 0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05,
+	0x41, 0xCC, 0x8A, 0xCC, 0x81, 0xCA, 0x05, 0x41,
+	// Bytes 38c0 - 38ff
+	0xCC, 0xA3, 0xCC, 0x82, 0xCA, 0x05, 0x41, 0xCC,
+	0xA3, 0xCC, 0x86, 0xCA, 0x05, 0x43, 0xCC, 0xA7,
+	0xCC, 0x81, 0xCA, 0x05, 0x45, 0xCC, 0x82, 0xCC,
+	0x80, 0xCA, 0x05, 0x45, 0xCC, 0x82, 0xCC, 0x81,
+	0xCA, 0x05, 0x45, 0xCC, 0x82, 0xCC, 0x83, 0xCA,
+	0x05, 0x45, 0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05,
+	0x45, 0xCC, 0x84, 0xCC, 0x80, 0xCA, 0x05, 0x45,
+	0xCC, 0x84, 0xCC, 0x81, 0xCA, 0x05, 0x45, 0xCC,
+	// Bytes 3900 - 393f
+	0xA3, 0xCC, 0x82, 0xCA, 0x05, 0x45, 0xCC, 0xA7,
+	0xCC, 0x86, 0xCA, 0x05, 0x49, 0xCC, 0x88, 0xCC,
+	0x81, 0xCA, 0x05, 0x4C, 0xCC, 0xA3, 0xCC, 0x84,
+	0xCA, 0x05, 0x4F, 0xCC, 0x82, 0xCC, 0x80, 0xCA,
+	0x05, 0x4F, 0xCC, 0x82, 0xCC, 0x81, 0xCA, 0x05,
+	0x4F, 0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05, 0x4F,
+	0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05, 0x4F, 0xCC,
+	0x83, 0xCC, 0x81, 0xCA, 0x05, 0x4F, 0xCC, 0x83,
+	// Bytes 3940 - 397f
+	0xCC, 0x84, 0xCA, 0x05, 0x4F, 0xCC, 0x83, 0xCC,
+	0x88, 0xCA, 0x05, 0x4F, 0xCC, 0x84, 0xCC, 0x80,
+	0xCA, 0x05, 0x4F, 0xCC, 0x84, 0xCC, 0x81, 0xCA,
+	0x05, 0x4F, 0xCC, 0x87, 0xCC, 0x84, 0xCA, 0x05,
+	0x4F, 0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x4F,
+	0xCC, 0x9B, 0xCC, 0x80, 0xCA, 0x05, 0x4F, 0xCC,
+	0x9B, 0xCC, 0x81, 0xCA, 0x05, 0x4F, 0xCC, 0x9B,
+	0xCC, 0x83, 0xCA, 0x05, 0x4F, 0xCC, 0x9B, 0xCC,
+	// Bytes 3980 - 39bf
+	0x89, 0xCA, 0x05, 0x4F, 0xCC, 0x9B, 0xCC, 0xA3,
+	0xB6, 0x05, 0x4F, 0xCC, 0xA3, 0xCC, 0x82, 0xCA,
+	0x05, 0x4F, 0xCC, 0xA8, 0xCC, 0x84, 0xCA, 0x05,
+	0x52, 0xCC, 0xA3, 0xCC, 0x84, 0xCA, 0x05, 0x53,
+	0xCC, 0x81, 0xCC, 0x87, 0xCA, 0x05, 0x53, 0xCC,
+	0x8C, 0xCC, 0x87, 0xCA, 0x05, 0x53, 0xCC, 0xA3,
+	0xCC, 0x87, 0xCA, 0x05, 0x55, 0xCC, 0x83, 0xCC,
+	0x81, 0xCA, 0x05, 0x55, 0xCC, 0x84, 0xCC, 0x88,
+	// Bytes 39c0 - 39ff
+	0xCA, 0x05, 0x55, 0xCC, 0x88, 0xCC, 0x80, 0xCA,
+	0x05, 0x55, 0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x05,
+	0x55, 0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x55,
+	0xCC, 0x88, 0xCC, 0x8C, 0xCA, 0x05, 0x55, 0xCC,
+	0x9B, 0xCC, 0x80, 0xCA, 0x05, 0x55, 0xCC, 0x9B,
+	0xCC, 0x81, 0xCA, 0x05, 0x55, 0xCC, 0x9B, 0xCC,
+	0x83, 0xCA, 0x05, 0x55, 0xCC, 0x9B, 0xCC, 0x89,
+	0xCA, 0x05, 0x55, 0xCC, 0x9B, 0xCC, 0xA3, 0xB6,
+	// Bytes 3a00 - 3a3f
+	0x05, 0x61, 0xCC, 0x82, 0xCC, 0x80, 0xCA, 0x05,
+	0x61, 0xCC, 0x82, 0xCC, 0x81, 0xCA, 0x05, 0x61,
+	0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05, 0x61, 0xCC,
+	0x82, 0xCC, 0x89, 0xCA, 0x05, 0x61, 0xCC, 0x86,
+	0xCC, 0x80, 0xCA, 0x05, 0x61, 0xCC, 0x86, 0xCC,
+	0x81, 0xCA, 0x05, 0x61, 0xCC, 0x86, 0xCC, 0x83,
+	0xCA, 0x05, 0x61, 0xCC, 0x86, 0xCC, 0x89, 0xCA,
+	0x05, 0x61, 0xCC, 0x87, 0xCC, 0x84, 0xCA, 0x05,
+	// Bytes 3a40 - 3a7f
+	0x61, 0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x61,
+	0xCC, 0x8A, 0xCC, 0x81, 0xCA, 0x05, 0x61, 0xCC,
+	0xA3, 0xCC, 0x82, 0xCA, 0x05, 0x61, 0xCC, 0xA3,
+	0xCC, 0x86, 0xCA, 0x05, 0x63, 0xCC, 0xA7, 0xCC,
+	0x81, 0xCA, 0x05, 0x65, 0xCC, 0x82, 0xCC, 0x80,
+	0xCA, 0x05, 0x65, 0xCC, 0x82, 0xCC, 0x81, 0xCA,
+	0x05, 0x65, 0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05,
+	0x65, 0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05, 0x65,
+	// Bytes 3a80 - 3abf
+	0xCC, 0x84, 0xCC, 0x80, 0xCA, 0x05, 0x65, 0xCC,
+	0x84, 0xCC, 0x81, 0xCA, 0x05, 0x65, 0xCC, 0xA3,
+	0xCC, 0x82, 0xCA, 0x05, 0x65, 0xCC, 0xA7, 0xCC,
+	0x86, 0xCA, 0x05, 0x69, 0xCC, 0x88, 0xCC, 0x81,
+	0xCA, 0x05, 0x6C, 0xCC, 0xA3, 0xCC, 0x84, 0xCA,
+	0x05, 0x6F, 0xCC, 0x82, 0xCC, 0x80, 0xCA, 0x05,
+	0x6F, 0xCC, 0x82, 0xCC, 0x81, 0xCA, 0x05, 0x6F,
+	0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05, 0x6F, 0xCC,
+	// Bytes 3ac0 - 3aff
+	0x82, 0xCC, 0x89, 0xCA, 0x05, 0x6F, 0xCC, 0x83,
+	0xCC, 0x81, 0xCA, 0x05, 0x6F, 0xCC, 0x83, 0xCC,
+	0x84, 0xCA, 0x05, 0x6F, 0xCC, 0x83, 0xCC, 0x88,
+	0xCA, 0x05, 0x6F, 0xCC, 0x84, 0xCC, 0x80, 0xCA,
+	0x05, 0x6F, 0xCC, 0x84, 0xCC, 0x81, 0xCA, 0x05,
+	0x6F, 0xCC, 0x87, 0xCC, 0x84, 0xCA, 0x05, 0x6F,
+	0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x6F, 0xCC,
+	0x9B, 0xCC, 0x80, 0xCA, 0x05, 0x6F, 0xCC, 0x9B,
+	// Bytes 3b00 - 3b3f
+	0xCC, 0x81, 0xCA, 0x05, 0x6F, 0xCC, 0x9B, 0xCC,
+	0x83, 0xCA, 0x05, 0x6F, 0xCC, 0x9B, 0xCC, 0x89,
+	0xCA, 0x05, 0x6F, 0xCC, 0x9B, 0xCC, 0xA3, 0xB6,
+	0x05, 0x6F, 0xCC, 0xA3, 0xCC, 0x82, 0xCA, 0x05,
+	0x6F, 0xCC, 0xA8, 0xCC, 0x84, 0xCA, 0x05, 0x72,
+	0xCC, 0xA3, 0xCC, 0x84, 0xCA, 0x05, 0x73, 0xCC,
+	0x81, 0xCC, 0x87, 0xCA, 0x05, 0x73, 0xCC, 0x8C,
+	0xCC, 0x87, 0xCA, 0x05, 0x73, 0xCC, 0xA3, 0xCC,
+	// Bytes 3b40 - 3b7f
+	0x87, 0xCA, 0x05, 0x75, 0xCC, 0x83, 0xCC, 0x81,
+	0xCA, 0x05, 0x75, 0xCC, 0x84, 0xCC, 0x88, 0xCA,
+	0x05, 0x75, 0xCC, 0x88, 0xCC, 0x80, 0xCA, 0x05,
+	0x75, 0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x05, 0x75,
+	0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x75, 0xCC,
+	0x88, 0xCC, 0x8C, 0xCA, 0x05, 0x75, 0xCC, 0x9B,
+	0xCC, 0x80, 0xCA, 0x05, 0x75, 0xCC, 0x9B, 0xCC,
+	0x81, 0xCA, 0x05, 0x75, 0xCC, 0x9B, 0xCC, 0x83,
+	// Bytes 3b80 - 3bbf
+	0xCA, 0x05, 0x75, 0xCC, 0x9B, 0xCC, 0x89, 0xCA,
+	0x05, 0x75, 0xCC, 0x9B, 0xCC, 0xA3, 0xB6, 0x05,
+	0xE1, 0xBE, 0xBF, 0xCC, 0x80, 0xCA, 0x05, 0xE1,
+	0xBE, 0xBF, 0xCC, 0x81, 0xCA, 0x05, 0xE1, 0xBE,
+	0xBF, 0xCD, 0x82, 0xCA, 0x05, 0xE1, 0xBF, 0xBE,
+	0xCC, 0x80, 0xCA, 0x05, 0xE1, 0xBF, 0xBE, 0xCC,
+	0x81, 0xCA, 0x05, 0xE1, 0xBF, 0xBE, 0xCD, 0x82,
+	0xCA, 0x05, 0xE2, 0x86, 0x90, 0xCC, 0xB8, 0x05,
+	// Bytes 3bc0 - 3bff
+	0x05, 0xE2, 0x86, 0x92, 0xCC, 0xB8, 0x05, 0x05,
+	0xE2, 0x86, 0x94, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x87, 0x90, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x87,
+	0x92, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x87, 0x94,
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x88, 0x83, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x88, 0x88, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x88, 0x8B, 0xCC, 0xB8, 0x05,
+	0x05, 0xE2, 0x88, 0xA3, 0xCC, 0xB8, 0x05, 0x05,
+	// Bytes 3c00 - 3c3f
+	0xE2, 0x88, 0xA5, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x88, 0xBC, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89,
+	0x83, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0x85,
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0x88, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x89, 0x8D, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x89, 0xA1, 0xCC, 0xB8, 0x05,
+	0x05, 0xE2, 0x89, 0xA4, 0xCC, 0xB8, 0x05, 0x05,
+	0xE2, 0x89, 0xA5, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	// Bytes 3c40 - 3c7f
+	0x89, 0xB2, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89,
+	0xB3, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0xB6,
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0xB7, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x89, 0xBA, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x89, 0xBB, 0xCC, 0xB8, 0x05,
+	0x05, 0xE2, 0x89, 0xBC, 0xCC, 0xB8, 0x05, 0x05,
+	0xE2, 0x89, 0xBD, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x8A, 0x82, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A,
+	// Bytes 3c80 - 3cbf
+	0x83, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0x86,
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0x87, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x8A, 0x91, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x8A, 0x92, 0xCC, 0xB8, 0x05,
+	0x05, 0xE2, 0x8A, 0xA2, 0xCC, 0xB8, 0x05, 0x05,
+	0xE2, 0x8A, 0xA8, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x8A, 0xA9, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A,
+	0xAB, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xB2,
+	// Bytes 3cc0 - 3cff
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xB3, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xB4, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x8A, 0xB5, 0xCC, 0xB8, 0x05,
+	0x06, 0xCE, 0x91, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0x91, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0x95, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0x95, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0x95, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	// Bytes 3d00 - 3d3f
+	0x06, 0xCE, 0x95, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0x97, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0x97, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0x99, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0x99, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0x99, 0xCC, 0x93, 0xCD, 0x82, 0xCA,
+	0x06, 0xCE, 0x99, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0x99, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
+	// Bytes 3d40 - 3d7f
+	0x06, 0xCE, 0x99, 0xCC, 0x94, 0xCD, 0x82, 0xCA,
+	0x06, 0xCE, 0x9F, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0x9F, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0x9F, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0x9F, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0xA5, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0xA5, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0xA5, 0xCC, 0x94, 0xCD, 0x82, 0xCA,
+	// Bytes 3d80 - 3dbf
+	0x06, 0xCE, 0xA9, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xA9, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB1, 0xCC, 0x80, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB1, 0xCC, 0x81, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB1, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB1, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB1, 0xCD, 0x82, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB5, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
+	// Bytes 3dc0 - 3dff
+	0x06, 0xCE, 0xB5, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0xB5, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0xB5, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0xB7, 0xCC, 0x80, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB7, 0xCC, 0x81, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB7, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB7, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
+	0x06, 0xCE, 0xB7, 0xCD, 0x82, 0xCD, 0x85, 0xDA,
+	// Bytes 3e00 - 3e3f
+	0x06, 0xCE, 0xB9, 0xCC, 0x88, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0xB9, 0xCC, 0x88, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0xB9, 0xCC, 0x88, 0xCD, 0x82, 0xCA,
+	0x06, 0xCE, 0xB9, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0xB9, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0xB9, 0xCC, 0x93, 0xCD, 0x82, 0xCA,
+	0x06, 0xCE, 0xB9, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0xB9, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
+	// Bytes 3e40 - 3e7f
+	0x06, 0xCE, 0xB9, 0xCC, 0x94, 0xCD, 0x82, 0xCA,
+	0x06, 0xCE, 0xBF, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0xBF, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
+	0x06, 0xCE, 0xBF, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	0x06, 0xCE, 0xBF, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
+	0x06, 0xCF, 0x85, 0xCC, 0x88, 0xCC, 0x80, 0xCA,
+	0x06, 0xCF, 0x85, 0xCC, 0x88, 0xCC, 0x81, 0xCA,
+	0x06, 0xCF, 0x85, 0xCC, 0x88, 0xCD, 0x82, 0xCA,
+	// Bytes 3e80 - 3ebf
+	0x06, 0xCF, 0x85, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
+	0x06, 0xCF, 0x85, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
+	0x06, 0xCF, 0x85, 0xCC, 0x93, 0xCD, 0x82, 0xCA,
+	0x06, 0xCF, 0x85, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	0x06, 0xCF, 0x85, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
+	0x06, 0xCF, 0x85, 0xCC, 0x94, 0xCD, 0x82, 0xCA,
+	0x06, 0xCF, 0x89, 0xCC, 0x80, 0xCD, 0x85, 0xDA,
+	0x06, 0xCF, 0x89, 0xCC, 0x81, 0xCD, 0x85, 0xDA,
+	// Bytes 3ec0 - 3eff
+	0x06, 0xCF, 0x89, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
+	0x06, 0xCF, 0x89, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
+	0x06, 0xCF, 0x89, 0xCD, 0x82, 0xCD, 0x85, 0xDA,
+	0x06, 0xE0, 0xA4, 0xA8, 0xE0, 0xA4, 0xBC, 0x09,
+	0x06, 0xE0, 0xA4, 0xB0, 0xE0, 0xA4, 0xBC, 0x09,
+	0x06, 0xE0, 0xA4, 0xB3, 0xE0, 0xA4, 0xBC, 0x09,
+	0x06, 0xE0, 0xB1, 0x86, 0xE0, 0xB1, 0x96, 0x85,
+	0x06, 0xE0, 0xB7, 0x99, 0xE0, 0xB7, 0x8A, 0x11,
+	// Bytes 3f00 - 3f3f
+	0x06, 0xE3, 0x81, 0x86, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x8B, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x8D, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x8F, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x91, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x93, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x95, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x97, 0xE3, 0x82, 0x99, 0x0D,
+	// Bytes 3f40 - 3f7f
+	0x06, 0xE3, 0x81, 0x99, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x9B, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x9D, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0x9F, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xA1, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xA4, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xA6, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xA8, 0xE3, 0x82, 0x99, 0x0D,
+	// Bytes 3f80 - 3fbf
+	0x06, 0xE3, 0x81, 0xAF, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xAF, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x81, 0xB2, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xB2, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x81, 0xB5, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xB5, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x81, 0xB8, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xB8, 0xE3, 0x82, 0x9A, 0x0D,
+	// Bytes 3fc0 - 3fff
+	0x06, 0xE3, 0x81, 0xBB, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x81, 0xBB, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x82, 0x9D, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xA6, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xAB, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xAD, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xB1, 0xE3, 0x82, 0x99, 0x0D,
+	// Bytes 4000 - 403f
+	0x06, 0xE3, 0x82, 0xB3, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xB5, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xB7, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xB9, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xBB, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xBD, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x82, 0xBF, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0x81, 0xE3, 0x82, 0x99, 0x0D,
+	// Bytes 4040 - 407f
+	0x06, 0xE3, 0x83, 0x84, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0x86, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0x88, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x83, 0x95, 0xE3, 0x82, 0x99, 0x0D,
+	// Bytes 4080 - 40bf
+	0x06, 0xE3, 0x83, 0x95, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x83, 0x98, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0x98, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x83, 0x9B, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0x9B, 0xE3, 0x82, 0x9A, 0x0D,
+	0x06, 0xE3, 0x83, 0xAF, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0xB0, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0xB1, 0xE3, 0x82, 0x99, 0x0D,
+	// Bytes 40c0 - 40ff
+	0x06, 0xE3, 0x83, 0xB2, 0xE3, 0x82, 0x99, 0x0D,
+	0x06, 0xE3, 0x83, 0xBD, 0xE3, 0x82, 0x99, 0x0D,
+	0x08, 0xCE, 0x91, 0xCC, 0x93, 0xCC, 0x80, 0xCD,
+	0x85, 0xDB, 0x08, 0xCE, 0x91, 0xCC, 0x93, 0xCC,
+	0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x91, 0xCC,
+	0x93, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
+	0x91, 0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB,
+	0x08, 0xCE, 0x91, 0xCC, 0x94, 0xCC, 0x81, 0xCD,
+	// Bytes 4100 - 413f
+	0x85, 0xDB, 0x08, 0xCE, 0x91, 0xCC, 0x94, 0xCD,
+	0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x97, 0xCC,
+	0x93, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
+	0x97, 0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB,
+	0x08, 0xCE, 0x97, 0xCC, 0x93, 0xCD, 0x82, 0xCD,
+	0x85, 0xDB, 0x08, 0xCE, 0x97, 0xCC, 0x94, 0xCC,
+	0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x97, 0xCC,
+	0x94, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
+	// Bytes 4140 - 417f
+	0x97, 0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB,
+	0x08, 0xCE, 0xA9, 0xCC, 0x93, 0xCC, 0x80, 0xCD,
+	0x85, 0xDB, 0x08, 0xCE, 0xA9, 0xCC, 0x93, 0xCC,
+	0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xA9, 0xCC,
+	0x93, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
+	0xA9, 0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB,
+	0x08, 0xCE, 0xA9, 0xCC, 0x94, 0xCC, 0x81, 0xCD,
+	0x85, 0xDB, 0x08, 0xCE, 0xA9, 0xCC, 0x94, 0xCD,
+	// Bytes 4180 - 41bf
+	0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB1, 0xCC,
+	0x93, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
+	0xB1, 0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB,
+	0x08, 0xCE, 0xB1, 0xCC, 0x93, 0xCD, 0x82, 0xCD,
+	0x85, 0xDB, 0x08, 0xCE, 0xB1, 0xCC, 0x94, 0xCC,
+	0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB1, 0xCC,
+	0x94, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
+	0xB1, 0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB,
+	// Bytes 41c0 - 41ff
+	0x08, 0xCE, 0xB7, 0xCC, 0x93, 0xCC, 0x80, 0xCD,
+	0x85, 0xDB, 0x08, 0xCE, 0xB7, 0xCC, 0x93, 0xCC,
+	0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB7, 0xCC,
+	0x93, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
+	0xB7, 0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB,
+	0x08, 0xCE, 0xB7, 0xCC, 0x94, 0xCC, 0x81, 0xCD,
+	0x85, 0xDB, 0x08, 0xCE, 0xB7, 0xCC, 0x94, 0xCD,
+	0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCF, 0x89, 0xCC,
+	// Bytes 4200 - 423f
+	0x93, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCF,
+	0x89, 0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB,
+	0x08, 0xCF, 0x89, 0xCC, 0x93, 0xCD, 0x82, 0xCD,
+	0x85, 0xDB, 0x08, 0xCF, 0x89, 0xCC, 0x94, 0xCC,
+	0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCF, 0x89, 0xCC,
+	0x94, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCF,
+	0x89, 0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB,
+	0x08, 0xF0, 0x91, 0x82, 0x99, 0xF0, 0x91, 0x82,
+	// Bytes 4240 - 427f
+	0xBA, 0x09, 0x08, 0xF0, 0x91, 0x82, 0x9B, 0xF0,
+	0x91, 0x82, 0xBA, 0x09, 0x08, 0xF0, 0x91, 0x82,
+	0xA5, 0xF0, 0x91, 0x82, 0xBA, 0x09, 0x42, 0xC2,
+	0xB4, 0x01, 0x43, 0x20, 0xCC, 0x81, 0xC9, 0x43,
+	0x20, 0xCC, 0x83, 0xC9, 0x43, 0x20, 0xCC, 0x84,
+	0xC9, 0x43, 0x20, 0xCC, 0x85, 0xC9, 0x43, 0x20,
+	0xCC, 0x86, 0xC9, 0x43, 0x20, 0xCC, 0x87, 0xC9,
+	0x43, 0x20, 0xCC, 0x88, 0xC9, 0x43, 0x20, 0xCC,
+	// Bytes 4280 - 42bf
+	0x8A, 0xC9, 0x43, 0x20, 0xCC, 0x8B, 0xC9, 0x43,
+	0x20, 0xCC, 0x93, 0xC9, 0x43, 0x20, 0xCC, 0x94,
+	0xC9, 0x43, 0x20, 0xCC, 0xA7, 0xA5, 0x43, 0x20,
+	0xCC, 0xA8, 0xA5, 0x43, 0x20, 0xCC, 0xB3, 0xB5,
+	0x43, 0x20, 0xCD, 0x82, 0xC9, 0x43, 0x20, 0xCD,
+	0x85, 0xD9, 0x43, 0x20, 0xD9, 0x8B, 0x59, 0x43,
+	0x20, 0xD9, 0x8C, 0x5D, 0x43, 0x20, 0xD9, 0x8D,
+	0x61, 0x43, 0x20, 0xD9, 0x8E, 0x65, 0x43, 0x20,
+	// Bytes 42c0 - 42ff
+	0xD9, 0x8F, 0x69, 0x43, 0x20, 0xD9, 0x90, 0x6D,
+	0x43, 0x20, 0xD9, 0x91, 0x71, 0x43, 0x20, 0xD9,
+	0x92, 0x75, 0x43, 0x41, 0xCC, 0x8A, 0xC9, 0x43,
+	0x73, 0xCC, 0x87, 0xC9, 0x44, 0x20, 0xE3, 0x82,
+	0x99, 0x0D, 0x44, 0x20, 0xE3, 0x82, 0x9A, 0x0D,
+	0x44, 0xC2, 0xA8, 0xCC, 0x81, 0xCA, 0x44, 0xCE,
+	0x91, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0x95, 0xCC,
+	0x81, 0xC9, 0x44, 0xCE, 0x97, 0xCC, 0x81, 0xC9,
+	// Bytes 4300 - 433f
+	0x44, 0xCE, 0x99, 0xCC, 0x81, 0xC9, 0x44, 0xCE,
+	0x9F, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0xA5, 0xCC,
+	0x81, 0xC9, 0x44, 0xCE, 0xA5, 0xCC, 0x88, 0xC9,
+	0x44, 0xCE, 0xA9, 0xCC, 0x81, 0xC9, 0x44, 0xCE,
+	0xB1, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0xB5, 0xCC,
+	0x81, 0xC9, 0x44, 0xCE, 0xB7, 0xCC, 0x81, 0xC9,
+	0x44, 0xCE, 0xB9, 0xCC, 0x81, 0xC9, 0x44, 0xCE,
+	0xBF, 0xCC, 0x81, 0xC9, 0x44, 0xCF, 0x85, 0xCC,
+	// Bytes 4340 - 437f
+	0x81, 0xC9, 0x44, 0xCF, 0x89, 0xCC, 0x81, 0xC9,
+	0x44, 0xD7, 0x90, 0xD6, 0xB7, 0x31, 0x44, 0xD7,
+	0x90, 0xD6, 0xB8, 0x35, 0x44, 0xD7, 0x90, 0xD6,
+	0xBC, 0x41, 0x44, 0xD7, 0x91, 0xD6, 0xBC, 0x41,
+	0x44, 0xD7, 0x91, 0xD6, 0xBF, 0x49, 0x44, 0xD7,
+	0x92, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x93, 0xD6,
+	0xBC, 0x41, 0x44, 0xD7, 0x94, 0xD6, 0xBC, 0x41,
+	0x44, 0xD7, 0x95, 0xD6, 0xB9, 0x39, 0x44, 0xD7,
+	// Bytes 4380 - 43bf
+	0x95, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x96, 0xD6,
+	0xBC, 0x41, 0x44, 0xD7, 0x98, 0xD6, 0xBC, 0x41,
+	0x44, 0xD7, 0x99, 0xD6, 0xB4, 0x25, 0x44, 0xD7,
+	0x99, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x9A, 0xD6,
+	0xBC, 0x41, 0x44, 0xD7, 0x9B, 0xD6, 0xBC, 0x41,
+	0x44, 0xD7, 0x9B, 0xD6, 0xBF, 0x49, 0x44, 0xD7,
+	0x9C, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x9E, 0xD6,
+	0xBC, 0x41, 0x44, 0xD7, 0xA0, 0xD6, 0xBC, 0x41,
+	// Bytes 43c0 - 43ff
+	0x44, 0xD7, 0xA1, 0xD6, 0xBC, 0x41, 0x44, 0xD7,
+	0xA3, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA4, 0xD6,
+	0xBC, 0x41, 0x44, 0xD7, 0xA4, 0xD6, 0xBF, 0x49,
+	0x44, 0xD7, 0xA6, 0xD6, 0xBC, 0x41, 0x44, 0xD7,
+	0xA7, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA8, 0xD6,
+	0xBC, 0x41, 0x44, 0xD7, 0xA9, 0xD6, 0xBC, 0x41,
+	0x44, 0xD7, 0xA9, 0xD7, 0x81, 0x4D, 0x44, 0xD7,
+	0xA9, 0xD7, 0x82, 0x51, 0x44, 0xD7, 0xAA, 0xD6,
+	// Bytes 4400 - 443f
+	0xBC, 0x41, 0x44, 0xD7, 0xB2, 0xD6, 0xB7, 0x31,
+	0x44, 0xD8, 0xA7, 0xD9, 0x8B, 0x59, 0x44, 0xD8,
+	0xA7, 0xD9, 0x93, 0xC9, 0x44, 0xD8, 0xA7, 0xD9,
+	0x94, 0xC9, 0x44, 0xD8, 0xA7, 0xD9, 0x95, 0xB5,
+	0x44, 0xD8, 0xB0, 0xD9, 0xB0, 0x79, 0x44, 0xD8,
+	0xB1, 0xD9, 0xB0, 0x79, 0x44, 0xD9, 0x80, 0xD9,
+	0x8B, 0x59, 0x44, 0xD9, 0x80, 0xD9, 0x8E, 0x65,
+	0x44, 0xD9, 0x80, 0xD9, 0x8F, 0x69, 0x44, 0xD9,
+	// Bytes 4440 - 447f
+	0x80, 0xD9, 0x90, 0x6D, 0x44, 0xD9, 0x80, 0xD9,
+	0x91, 0x71, 0x44, 0xD9, 0x80, 0xD9, 0x92, 0x75,
+	0x44, 0xD9, 0x87, 0xD9, 0xB0, 0x79, 0x44, 0xD9,
+	0x88, 0xD9, 0x94, 0xC9, 0x44, 0xD9, 0x89, 0xD9,
+	0xB0, 0x79, 0x44, 0xD9, 0x8A, 0xD9, 0x94, 0xC9,
+	0x44, 0xDB, 0x92, 0xD9, 0x94, 0xC9, 0x44, 0xDB,
+	0x95, 0xD9, 0x94, 0xC9, 0x45, 0x20, 0xCC, 0x88,
+	0xCC, 0x80, 0xCA, 0x45, 0x20, 0xCC, 0x88, 0xCC,
+	// Bytes 4480 - 44bf
+	0x81, 0xCA, 0x45, 0x20, 0xCC, 0x88, 0xCD, 0x82,
+	0xCA, 0x45, 0x20, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
+	0x45, 0x20, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x45,
+	0x20, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x45, 0x20,
+	0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x45, 0x20, 0xCC,
+	0x94, 0xCC, 0x81, 0xCA, 0x45, 0x20, 0xCC, 0x94,
+	0xCD, 0x82, 0xCA, 0x45, 0x20, 0xD9, 0x8C, 0xD9,
+	0x91, 0x72, 0x45, 0x20, 0xD9, 0x8D, 0xD9, 0x91,
+	// Bytes 44c0 - 44ff
+	0x72, 0x45, 0x20, 0xD9, 0x8E, 0xD9, 0x91, 0x72,
+	0x45, 0x20, 0xD9, 0x8F, 0xD9, 0x91, 0x72, 0x45,
+	0x20, 0xD9, 0x90, 0xD9, 0x91, 0x72, 0x45, 0x20,
+	0xD9, 0x91, 0xD9, 0xB0, 0x7A, 0x45, 0xE2, 0xAB,
+	0x9D, 0xCC, 0xB8, 0x05, 0x46, 0xCE, 0xB9, 0xCC,
+	0x88, 0xCC, 0x81, 0xCA, 0x46, 0xCF, 0x85, 0xCC,
+	0x88, 0xCC, 0x81, 0xCA, 0x46, 0xD7, 0xA9, 0xD6,
+	0xBC, 0xD7, 0x81, 0x4E, 0x46, 0xD7, 0xA9, 0xD6,
+	// Bytes 4500 - 453f
+	0xBC, 0xD7, 0x82, 0x52, 0x46, 0xD9, 0x80, 0xD9,
+	0x8E, 0xD9, 0x91, 0x72, 0x46, 0xD9, 0x80, 0xD9,
+	0x8F, 0xD9, 0x91, 0x72, 0x46, 0xD9, 0x80, 0xD9,
+	0x90, 0xD9, 0x91, 0x72, 0x46, 0xE0, 0xA4, 0x95,
+	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0x96,
+	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0x97,
+	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0x9C,
+	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0xA1,
+	// Bytes 4540 - 457f
+	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0xA2,
+	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0xAB,
+	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0xAF,
+	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA6, 0xA1,
+	0xE0, 0xA6, 0xBC, 0x09, 0x46, 0xE0, 0xA6, 0xA2,
+	0xE0, 0xA6, 0xBC, 0x09, 0x46, 0xE0, 0xA6, 0xAF,
+	0xE0, 0xA6, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0x96,
+	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0x97,
+	// Bytes 4580 - 45bf
+	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0x9C,
+	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0xAB,
+	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0xB2,
+	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0xB8,
+	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xAC, 0xA1,
+	0xE0, 0xAC, 0xBC, 0x09, 0x46, 0xE0, 0xAC, 0xA2,
+	0xE0, 0xAC, 0xBC, 0x09, 0x46, 0xE0, 0xBE, 0xB2,
+	0xE0, 0xBE, 0x80, 0x9D, 0x46, 0xE0, 0xBE, 0xB3,
+	// Bytes 45c0 - 45ff
+	0xE0, 0xBE, 0x80, 0x9D, 0x46, 0xE3, 0x83, 0x86,
+	0xE3, 0x82, 0x99, 0x0D, 0x48, 0xF0, 0x9D, 0x85,
+	0x97, 0xF0, 0x9D, 0x85, 0xA5, 0xAD, 0x48, 0xF0,
+	0x9D, 0x85, 0x98, 0xF0, 0x9D, 0x85, 0xA5, 0xAD,
+	0x48, 0xF0, 0x9D, 0x86, 0xB9, 0xF0, 0x9D, 0x85,
+	0xA5, 0xAD, 0x48, 0xF0, 0x9D, 0x86, 0xBA, 0xF0,
+	0x9D, 0x85, 0xA5, 0xAD, 0x49, 0xE0, 0xBE, 0xB2,
+	0xE0, 0xBD, 0xB1, 0xE0, 0xBE, 0x80, 0x9E, 0x49,
+	// Bytes 4600 - 463f
+	0xE0, 0xBE, 0xB3, 0xE0, 0xBD, 0xB1, 0xE0, 0xBE,
+	0x80, 0x9E, 0x4C, 0xF0, 0x9D, 0x85, 0x98, 0xF0,
+	0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xAE, 0xAE,
+	0x4C, 0xF0, 0x9D, 0x85, 0x98, 0xF0, 0x9D, 0x85,
+	0xA5, 0xF0, 0x9D, 0x85, 0xAF, 0xAE, 0x4C, 0xF0,
+	0x9D, 0x85, 0x98, 0xF0, 0x9D, 0x85, 0xA5, 0xF0,
+	0x9D, 0x85, 0xB0, 0xAE, 0x4C, 0xF0, 0x9D, 0x85,
+	0x98, 0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85,
+	// Bytes 4640 - 467f
+	0xB1, 0xAE, 0x4C, 0xF0, 0x9D, 0x85, 0x98, 0xF0,
+	0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xB2, 0xAE,
+	0x4C, 0xF0, 0x9D, 0x86, 0xB9, 0xF0, 0x9D, 0x85,
+	0xA5, 0xF0, 0x9D, 0x85, 0xAE, 0xAE, 0x4C, 0xF0,
+	0x9D, 0x86, 0xB9, 0xF0, 0x9D, 0x85, 0xA5, 0xF0,
+	0x9D, 0x85, 0xAF, 0xAE, 0x4C, 0xF0, 0x9D, 0x86,
+	0xBA, 0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85,
+	0xAE, 0xAE, 0x4C, 0xF0, 0x9D, 0x86, 0xBA, 0xF0,
+	// Bytes 4680 - 46bf
+	0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xAF, 0xAE,
+	0x83, 0x41, 0xCC, 0x82, 0xC9, 0x83, 0x41, 0xCC,
+	0x86, 0xC9, 0x83, 0x41, 0xCC, 0x87, 0xC9, 0x83,
+	0x41, 0xCC, 0x88, 0xC9, 0x83, 0x41, 0xCC, 0x8A,
+	0xC9, 0x83, 0x41, 0xCC, 0xA3, 0xB5, 0x83, 0x43,
+	0xCC, 0xA7, 0xA5, 0x83, 0x45, 0xCC, 0x82, 0xC9,
+	0x83, 0x45, 0xCC, 0x84, 0xC9, 0x83, 0x45, 0xCC,
+	0xA3, 0xB5, 0x83, 0x45, 0xCC, 0xA7, 0xA5, 0x83,
+	// Bytes 46c0 - 46ff
+	0x49, 0xCC, 0x88, 0xC9, 0x83, 0x4C, 0xCC, 0xA3,
+	0xB5, 0x83, 0x4F, 0xCC, 0x82, 0xC9, 0x83, 0x4F,
+	0xCC, 0x83, 0xC9, 0x83, 0x4F, 0xCC, 0x84, 0xC9,
+	0x83, 0x4F, 0xCC, 0x87, 0xC9, 0x83, 0x4F, 0xCC,
+	0x88, 0xC9, 0x83, 0x4F, 0xCC, 0x9B, 0xAD, 0x83,
+	0x4F, 0xCC, 0xA3, 0xB5, 0x83, 0x4F, 0xCC, 0xA8,
+	0xA5, 0x83, 0x52, 0xCC, 0xA3, 0xB5, 0x83, 0x53,
+	0xCC, 0x81, 0xC9, 0x83, 0x53, 0xCC, 0x8C, 0xC9,
+	// Bytes 4700 - 473f
+	0x83, 0x53, 0xCC, 0xA3, 0xB5, 0x83, 0x55, 0xCC,
+	0x83, 0xC9, 0x83, 0x55, 0xCC, 0x84, 0xC9, 0x83,
+	0x55, 0xCC, 0x88, 0xC9, 0x83, 0x55, 0xCC, 0x9B,
+	0xAD, 0x83, 0x61, 0xCC, 0x82, 0xC9, 0x83, 0x61,
+	0xCC, 0x86, 0xC9, 0x83, 0x61, 0xCC, 0x87, 0xC9,
+	0x83, 0x61, 0xCC, 0x88, 0xC9, 0x83, 0x61, 0xCC,
+	0x8A, 0xC9, 0x83, 0x61, 0xCC, 0xA3, 0xB5, 0x83,
+	0x63, 0xCC, 0xA7, 0xA5, 0x83, 0x65, 0xCC, 0x82,
+	// Bytes 4740 - 477f
+	0xC9, 0x83, 0x65, 0xCC, 0x84, 0xC9, 0x83, 0x65,
+	0xCC, 0xA3, 0xB5, 0x83, 0x65, 0xCC, 0xA7, 0xA5,
+	0x83, 0x69, 0xCC, 0x88, 0xC9, 0x83, 0x6C, 0xCC,
+	0xA3, 0xB5, 0x83, 0x6F, 0xCC, 0x82, 0xC9, 0x83,
+	0x6F, 0xCC, 0x83, 0xC9, 0x83, 0x6F, 0xCC, 0x84,
+	0xC9, 0x83, 0x6F, 0xCC, 0x87, 0xC9, 0x83, 0x6F,
+	0xCC, 0x88, 0xC9, 0x83, 0x6F, 0xCC, 0x9B, 0xAD,
+	0x83, 0x6F, 0xCC, 0xA3, 0xB5, 0x83, 0x6F, 0xCC,
+	// Bytes 4780 - 47bf
+	0xA8, 0xA5, 0x83, 0x72, 0xCC, 0xA3, 0xB5, 0x83,
+	0x73, 0xCC, 0x81, 0xC9, 0x83, 0x73, 0xCC, 0x8C,
+	0xC9, 0x83, 0x73, 0xCC, 0xA3, 0xB5, 0x83, 0x75,
+	0xCC, 0x83, 0xC9, 0x83, 0x75, 0xCC, 0x84, 0xC9,
+	0x83, 0x75, 0xCC, 0x88, 0xC9, 0x83, 0x75, 0xCC,
+	0x9B, 0xAD, 0x84, 0xCE, 0x91, 0xCC, 0x93, 0xC9,
+	0x84, 0xCE, 0x91, 0xCC, 0x94, 0xC9, 0x84, 0xCE,
+	0x95, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0x95, 0xCC,
+	// Bytes 47c0 - 47ff
+	0x94, 0xC9, 0x84, 0xCE, 0x97, 0xCC, 0x93, 0xC9,
+	0x84, 0xCE, 0x97, 0xCC, 0x94, 0xC9, 0x84, 0xCE,
+	0x99, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0x99, 0xCC,
+	0x94, 0xC9, 0x84, 0xCE, 0x9F, 0xCC, 0x93, 0xC9,
+	0x84, 0xCE, 0x9F, 0xCC, 0x94, 0xC9, 0x84, 0xCE,
+	0xA5, 0xCC, 0x94, 0xC9, 0x84, 0xCE, 0xA9, 0xCC,
+	0x93, 0xC9, 0x84, 0xCE, 0xA9, 0xCC, 0x94, 0xC9,
+	0x84, 0xCE, 0xB1, 0xCC, 0x80, 0xC9, 0x84, 0xCE,
+	// Bytes 4800 - 483f
+	0xB1, 0xCC, 0x81, 0xC9, 0x84, 0xCE, 0xB1, 0xCC,
+	0x93, 0xC9, 0x84, 0xCE, 0xB1, 0xCC, 0x94, 0xC9,
+	0x84, 0xCE, 0xB1, 0xCD, 0x82, 0xC9, 0x84, 0xCE,
+	0xB5, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xB5, 0xCC,
+	0x94, 0xC9, 0x84, 0xCE, 0xB7, 0xCC, 0x80, 0xC9,
+	0x84, 0xCE, 0xB7, 0xCC, 0x81, 0xC9, 0x84, 0xCE,
+	0xB7, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xB7, 0xCC,
+	0x94, 0xC9, 0x84, 0xCE, 0xB7, 0xCD, 0x82, 0xC9,
+	// Bytes 4840 - 487f
+	0x84, 0xCE, 0xB9, 0xCC, 0x88, 0xC9, 0x84, 0xCE,
+	0xB9, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xB9, 0xCC,
+	0x94, 0xC9, 0x84, 0xCE, 0xBF, 0xCC, 0x93, 0xC9,
+	0x84, 0xCE, 0xBF, 0xCC, 0x94, 0xC9, 0x84, 0xCF,
+	0x85, 0xCC, 0x88, 0xC9, 0x84, 0xCF, 0x85, 0xCC,
+	0x93, 0xC9, 0x84, 0xCF, 0x85, 0xCC, 0x94, 0xC9,
+	0x84, 0xCF, 0x89, 0xCC, 0x80, 0xC9, 0x84, 0xCF,
+	0x89, 0xCC, 0x81, 0xC9, 0x84, 0xCF, 0x89, 0xCC,
+	// Bytes 4880 - 48bf
+	0x93, 0xC9, 0x84, 0xCF, 0x89, 0xCC, 0x94, 0xC9,
+	0x84, 0xCF, 0x89, 0xCD, 0x82, 0xC9, 0x86, 0xCE,
+	0x91, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0x91, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0x91, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	0x91, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0x91, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0x91, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	// Bytes 48c0 - 48ff
+	0x97, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0x97, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0x97, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	0x97, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0x97, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0x97, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	0xA9, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0xA9, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	// Bytes 4900 - 493f
+	0xA9, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	0xA9, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0xA9, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0xA9, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	0xB1, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0xB1, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0xB1, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	0xB1, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	// Bytes 4940 - 497f
+	0xB1, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0xB1, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	0xB7, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0xB7, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0xB7, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
+	0xB7, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
+	0xB7, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
+	0xB7, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCF,
+	// Bytes 4980 - 49bf
+	0x89, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCF,
+	0x89, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCF,
+	0x89, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCF,
+	0x89, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCF,
+	0x89, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCF,
+	0x89, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x42, 0xCC,
+	0x80, 0xC9, 0x32, 0x42, 0xCC, 0x81, 0xC9, 0x32,
+	0x42, 0xCC, 0x93, 0xC9, 0x32, 0x43, 0xE1, 0x85,
+	// Bytes 49c0 - 49ff
+	0xA1, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xA2, 0x01,
+	0x00, 0x43, 0xE1, 0x85, 0xA3, 0x01, 0x00, 0x43,
+	0xE1, 0x85, 0xA4, 0x01, 0x00, 0x43, 0xE1, 0x85,
+	0xA5, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xA6, 0x01,
+	0x00, 0x43, 0xE1, 0x85, 0xA7, 0x01, 0x00, 0x43,
+	0xE1, 0x85, 0xA8, 0x01, 0x00, 0x43, 0xE1, 0x85,
+	0xA9, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xAA, 0x01,
+	0x00, 0x43, 0xE1, 0x85, 0xAB, 0x01, 0x00, 0x43,
+	// Bytes 4a00 - 4a3f
+	0xE1, 0x85, 0xAC, 0x01, 0x00, 0x43, 0xE1, 0x85,
+	0xAD, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xAE, 0x01,
+	0x00, 0x43, 0xE1, 0x85, 0xAF, 0x01, 0x00, 0x43,
+	0xE1, 0x85, 0xB0, 0x01, 0x00, 0x43, 0xE1, 0x85,
+	0xB1, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xB2, 0x01,
+	0x00, 0x43, 0xE1, 0x85, 0xB3, 0x01, 0x00, 0x43,
+	0xE1, 0x85, 0xB4, 0x01, 0x00, 0x43, 0xE1, 0x85,
+	0xB5, 0x01, 0x00, 0x43, 0xE1, 0x86, 0xAA, 0x01,
+	// Bytes 4a40 - 4a7f
+	0x00, 0x43, 0xE1, 0x86, 0xAC, 0x01, 0x00, 0x43,
+	0xE1, 0x86, 0xAD, 0x01, 0x00, 0x43, 0xE1, 0x86,
+	0xB0, 0x01, 0x00, 0x43, 0xE1, 0x86, 0xB1, 0x01,
+	0x00, 0x43, 0xE1, 0x86, 0xB2, 0x01, 0x00, 0x43,
+	0xE1, 0x86, 0xB3, 0x01, 0x00, 0x43, 0xE1, 0x86,
+	0xB4, 0x01, 0x00, 0x43, 0xE1, 0x86, 0xB5, 0x01,
+	0x00, 0x44, 0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x32,
+	0x43, 0xE3, 0x82, 0x99, 0x0D, 0x03, 0x43, 0xE3,
+	// Bytes 4a80 - 4abf
+	0x82, 0x9A, 0x0D, 0x03, 0x46, 0xE0, 0xBD, 0xB1,
+	0xE0, 0xBD, 0xB2, 0x9E, 0x26, 0x46, 0xE0, 0xBD,
+	0xB1, 0xE0, 0xBD, 0xB4, 0xA2, 0x26, 0x46, 0xE0,
+	0xBD, 0xB1, 0xE0, 0xBE, 0x80, 0x9E, 0x26, 0x00,
+	0x01,
+}
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *nfcTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return nfcValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = nfcIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *nfcTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return nfcValues[c0]
+	}
+	i := nfcIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = nfcIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = nfcIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *nfcTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return nfcValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = nfcIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *nfcTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return nfcValues[c0]
+	}
+	i := nfcIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = nfcIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = nfcIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// nfcTrie. Total size: 10586 bytes (10.34 KiB). Checksum: dd926e82067bee11.
+type nfcTrie struct{}
+
+func newNfcTrie(i int) *nfcTrie {
+	return &nfcTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *nfcTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 46:
+		return uint16(nfcValues[n<<6+uint32(b)])
+	default:
+		n -= 46
+		return uint16(nfcSparse.lookup(n, b))
+	}
+}
+
+// nfcValues: 48 blocks, 3072 entries, 6144 bytes
+// The third block is the zero block.
+var nfcValues = [3072]uint16{
+	// Block 0x0, offset 0x0
+	0x3c: 0xa000, 0x3d: 0xa000, 0x3e: 0xa000,
+	// Block 0x1, offset 0x40
+	0x41: 0xa000, 0x42: 0xa000, 0x43: 0xa000, 0x44: 0xa000, 0x45: 0xa000,
+	0x46: 0xa000, 0x47: 0xa000, 0x48: 0xa000, 0x49: 0xa000, 0x4a: 0xa000, 0x4b: 0xa000,
+	0x4c: 0xa000, 0x4d: 0xa000, 0x4e: 0xa000, 0x4f: 0xa000, 0x50: 0xa000,
+	0x52: 0xa000, 0x53: 0xa000, 0x54: 0xa000, 0x55: 0xa000, 0x56: 0xa000, 0x57: 0xa000,
+	0x58: 0xa000, 0x59: 0xa000, 0x5a: 0xa000,
+	0x61: 0xa000, 0x62: 0xa000, 0x63: 0xa000,
+	0x64: 0xa000, 0x65: 0xa000, 0x66: 0xa000, 0x67: 0xa000, 0x68: 0xa000, 0x69: 0xa000,
+	0x6a: 0xa000, 0x6b: 0xa000, 0x6c: 0xa000, 0x6d: 0xa000, 0x6e: 0xa000, 0x6f: 0xa000,
+	0x70: 0xa000, 0x72: 0xa000, 0x73: 0xa000, 0x74: 0xa000, 0x75: 0xa000,
+	0x76: 0xa000, 0x77: 0xa000, 0x78: 0xa000, 0x79: 0xa000, 0x7a: 0xa000,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x2f6f, 0xc1: 0x2f74, 0xc2: 0x4688, 0xc3: 0x2f79, 0xc4: 0x4697, 0xc5: 0x469c,
+	0xc6: 0xa000, 0xc7: 0x46a6, 0xc8: 0x2fe2, 0xc9: 0x2fe7, 0xca: 0x46ab, 0xcb: 0x2ffb,
+	0xcc: 0x306e, 0xcd: 0x3073, 0xce: 0x3078, 0xcf: 0x46bf, 0xd1: 0x3104,
+	0xd2: 0x3127, 0xd3: 0x312c, 0xd4: 0x46c9, 0xd5: 0x46ce, 0xd6: 0x46dd,
+	0xd8: 0xa000, 0xd9: 0x31b3, 0xda: 0x31b8, 0xdb: 0x31bd, 0xdc: 0x470f, 0xdd: 0x3235,
+	0xe0: 0x327b, 0xe1: 0x3280, 0xe2: 0x4719, 0xe3: 0x3285,
+	0xe4: 0x4728, 0xe5: 0x472d, 0xe6: 0xa000, 0xe7: 0x4737, 0xe8: 0x32ee, 0xe9: 0x32f3,
+	0xea: 0x473c, 0xeb: 0x3307, 0xec: 0x337f, 0xed: 0x3384, 0xee: 0x3389, 0xef: 0x4750,
+	0xf1: 0x3415, 0xf2: 0x3438, 0xf3: 0x343d, 0xf4: 0x475a, 0xf5: 0x475f,
+	0xf6: 0x476e, 0xf8: 0xa000, 0xf9: 0x34c9, 0xfa: 0x34ce, 0xfb: 0x34d3,
+	0xfc: 0x47a0, 0xfd: 0x3550, 0xff: 0x3569,
+	// Block 0x4, offset 0x100
+	0x100: 0x2f7e, 0x101: 0x328a, 0x102: 0x468d, 0x103: 0x471e, 0x104: 0x2f9c, 0x105: 0x32a8,
+	0x106: 0x2fb0, 0x107: 0x32bc, 0x108: 0x2fb5, 0x109: 0x32c1, 0x10a: 0x2fba, 0x10b: 0x32c6,
+	0x10c: 0x2fbf, 0x10d: 0x32cb, 0x10e: 0x2fc9, 0x10f: 0x32d5,
+	0x112: 0x46b0, 0x113: 0x4741, 0x114: 0x2ff1, 0x115: 0x32fd, 0x116: 0x2ff6, 0x117: 0x3302,
+	0x118: 0x3014, 0x119: 0x3320, 0x11a: 0x3005, 0x11b: 0x3311, 0x11c: 0x302d, 0x11d: 0x3339,
+	0x11e: 0x3037, 0x11f: 0x3343, 0x120: 0x303c, 0x121: 0x3348, 0x122: 0x3046, 0x123: 0x3352,
+	0x124: 0x304b, 0x125: 0x3357, 0x128: 0x307d, 0x129: 0x338e,
+	0x12a: 0x3082, 0x12b: 0x3393, 0x12c: 0x3087, 0x12d: 0x3398, 0x12e: 0x30aa, 0x12f: 0x33b6,
+	0x130: 0x308c, 0x134: 0x30b4, 0x135: 0x33c0,
+	0x136: 0x30c8, 0x137: 0x33d9, 0x139: 0x30d2, 0x13a: 0x33e3, 0x13b: 0x30dc,
+	0x13c: 0x33ed, 0x13d: 0x30d7, 0x13e: 0x33e8,
+	// Block 0x5, offset 0x140
+	0x143: 0x30ff, 0x144: 0x3410, 0x145: 0x3118,
+	0x146: 0x3429, 0x147: 0x310e, 0x148: 0x341f,
+	0x14c: 0x46d3, 0x14d: 0x4764, 0x14e: 0x3131, 0x14f: 0x3442, 0x150: 0x313b, 0x151: 0x344c,
+	0x154: 0x3159, 0x155: 0x346a, 0x156: 0x3172, 0x157: 0x3483,
+	0x158: 0x3163, 0x159: 0x3474, 0x15a: 0x46f6, 0x15b: 0x4787, 0x15c: 0x317c, 0x15d: 0x348d,
+	0x15e: 0x318b, 0x15f: 0x349c, 0x160: 0x46fb, 0x161: 0x478c, 0x162: 0x31a4, 0x163: 0x34ba,
+	0x164: 0x3195, 0x165: 0x34ab, 0x168: 0x4705, 0x169: 0x4796,
+	0x16a: 0x470a, 0x16b: 0x479b, 0x16c: 0x31c2, 0x16d: 0x34d8, 0x16e: 0x31cc, 0x16f: 0x34e2,
+	0x170: 0x31d1, 0x171: 0x34e7, 0x172: 0x31ef, 0x173: 0x3505, 0x174: 0x3212, 0x175: 0x3528,
+	0x176: 0x323a, 0x177: 0x3555, 0x178: 0x324e, 0x179: 0x325d, 0x17a: 0x357d, 0x17b: 0x3267,
+	0x17c: 0x3587, 0x17d: 0x326c, 0x17e: 0x358c, 0x17f: 0xa000,
+	// Block 0x6, offset 0x180
+	0x184: 0x8100, 0x185: 0x8100,
+	0x186: 0x8100,
+	0x18d: 0x2f88, 0x18e: 0x3294, 0x18f: 0x3096, 0x190: 0x33a2, 0x191: 0x3140,
+	0x192: 0x3451, 0x193: 0x31d6, 0x194: 0x34ec, 0x195: 0x39cf, 0x196: 0x3b5e, 0x197: 0x39c8,
+	0x198: 0x3b57, 0x199: 0x39d6, 0x19a: 0x3b65, 0x19b: 0x39c1, 0x19c: 0x3b50,
+	0x19e: 0x38b0, 0x19f: 0x3a3f, 0x1a0: 0x38a9, 0x1a1: 0x3a38, 0x1a2: 0x35b3, 0x1a3: 0x35c5,
+	0x1a6: 0x3041, 0x1a7: 0x334d, 0x1a8: 0x30be, 0x1a9: 0x33cf,
+	0x1aa: 0x46ec, 0x1ab: 0x477d, 0x1ac: 0x3990, 0x1ad: 0x3b1f, 0x1ae: 0x35d7, 0x1af: 0x35dd,
+	0x1b0: 0x33c5, 0x1b4: 0x3028, 0x1b5: 0x3334,
+	0x1b8: 0x30fa, 0x1b9: 0x340b, 0x1ba: 0x38b7, 0x1bb: 0x3a46,
+	0x1bc: 0x35ad, 0x1bd: 0x35bf, 0x1be: 0x35b9, 0x1bf: 0x35cb,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x2f8d, 0x1c1: 0x3299, 0x1c2: 0x2f92, 0x1c3: 0x329e, 0x1c4: 0x300a, 0x1c5: 0x3316,
+	0x1c6: 0x300f, 0x1c7: 0x331b, 0x1c8: 0x309b, 0x1c9: 0x33a7, 0x1ca: 0x30a0, 0x1cb: 0x33ac,
+	0x1cc: 0x3145, 0x1cd: 0x3456, 0x1ce: 0x314a, 0x1cf: 0x345b, 0x1d0: 0x3168, 0x1d1: 0x3479,
+	0x1d2: 0x316d, 0x1d3: 0x347e, 0x1d4: 0x31db, 0x1d5: 0x34f1, 0x1d6: 0x31e0, 0x1d7: 0x34f6,
+	0x1d8: 0x3186, 0x1d9: 0x3497, 0x1da: 0x319f, 0x1db: 0x34b5,
+	0x1de: 0x305a, 0x1df: 0x3366,
+	0x1e6: 0x4692, 0x1e7: 0x4723, 0x1e8: 0x46ba, 0x1e9: 0x474b,
+	0x1ea: 0x395f, 0x1eb: 0x3aee, 0x1ec: 0x393c, 0x1ed: 0x3acb, 0x1ee: 0x46d8, 0x1ef: 0x4769,
+	0x1f0: 0x3958, 0x1f1: 0x3ae7, 0x1f2: 0x3244, 0x1f3: 0x355f,
+	// Block 0x8, offset 0x200
+	0x200: 0x9932, 0x201: 0x9932, 0x202: 0x9932, 0x203: 0x9932, 0x204: 0x9932, 0x205: 0x8132,
+	0x206: 0x9932, 0x207: 0x9932, 0x208: 0x9932, 0x209: 0x9932, 0x20a: 0x9932, 0x20b: 0x9932,
+	0x20c: 0x9932, 0x20d: 0x8132, 0x20e: 0x8132, 0x20f: 0x9932, 0x210: 0x8132, 0x211: 0x9932,
+	0x212: 0x8132, 0x213: 0x9932, 0x214: 0x9932, 0x215: 0x8133, 0x216: 0x812d, 0x217: 0x812d,
+	0x218: 0x812d, 0x219: 0x812d, 0x21a: 0x8133, 0x21b: 0x992b, 0x21c: 0x812d, 0x21d: 0x812d,
+	0x21e: 0x812d, 0x21f: 0x812d, 0x220: 0x812d, 0x221: 0x8129, 0x222: 0x8129, 0x223: 0x992d,
+	0x224: 0x992d, 0x225: 0x992d, 0x226: 0x992d, 0x227: 0x9929, 0x228: 0x9929, 0x229: 0x812d,
+	0x22a: 0x812d, 0x22b: 0x812d, 0x22c: 0x812d, 0x22d: 0x992d, 0x22e: 0x992d, 0x22f: 0x812d,
+	0x230: 0x992d, 0x231: 0x992d, 0x232: 0x812d, 0x233: 0x812d, 0x234: 0x8101, 0x235: 0x8101,
+	0x236: 0x8101, 0x237: 0x8101, 0x238: 0x9901, 0x239: 0x812d, 0x23a: 0x812d, 0x23b: 0x812d,
+	0x23c: 0x812d, 0x23d: 0x8132, 0x23e: 0x8132, 0x23f: 0x8132,
+	// Block 0x9, offset 0x240
+	0x240: 0x49ae, 0x241: 0x49b3, 0x242: 0x9932, 0x243: 0x49b8, 0x244: 0x4a71, 0x245: 0x9936,
+	0x246: 0x8132, 0x247: 0x812d, 0x248: 0x812d, 0x249: 0x812d, 0x24a: 0x8132, 0x24b: 0x8132,
+	0x24c: 0x8132, 0x24d: 0x812d, 0x24e: 0x812d, 0x250: 0x8132, 0x251: 0x8132,
+	0x252: 0x8132, 0x253: 0x812d, 0x254: 0x812d, 0x255: 0x812d, 0x256: 0x812d, 0x257: 0x8132,
+	0x258: 0x8133, 0x259: 0x812d, 0x25a: 0x812d, 0x25b: 0x8132, 0x25c: 0x8134, 0x25d: 0x8135,
+	0x25e: 0x8135, 0x25f: 0x8134, 0x260: 0x8135, 0x261: 0x8135, 0x262: 0x8134, 0x263: 0x8132,
+	0x264: 0x8132, 0x265: 0x8132, 0x266: 0x8132, 0x267: 0x8132, 0x268: 0x8132, 0x269: 0x8132,
+	0x26a: 0x8132, 0x26b: 0x8132, 0x26c: 0x8132, 0x26d: 0x8132, 0x26e: 0x8132, 0x26f: 0x8132,
+	0x274: 0x0170,
+	0x27a: 0x8100,
+	0x27e: 0x0037,
+	// Block 0xa, offset 0x280
+	0x284: 0x8100, 0x285: 0x35a1,
+	0x286: 0x35e9, 0x287: 0x00ce, 0x288: 0x3607, 0x289: 0x3613, 0x28a: 0x3625,
+	0x28c: 0x3643, 0x28e: 0x3655, 0x28f: 0x3673, 0x290: 0x3e08, 0x291: 0xa000,
+	0x295: 0xa000, 0x297: 0xa000,
+	0x299: 0xa000,
+	0x29f: 0xa000, 0x2a1: 0xa000,
+	0x2a5: 0xa000, 0x2a9: 0xa000,
+	0x2aa: 0x3637, 0x2ab: 0x3667, 0x2ac: 0x47fe, 0x2ad: 0x3697, 0x2ae: 0x4828, 0x2af: 0x36a9,
+	0x2b0: 0x3e70, 0x2b1: 0xa000, 0x2b5: 0xa000,
+	0x2b7: 0xa000, 0x2b9: 0xa000,
+	0x2bf: 0xa000,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x3721, 0x2c1: 0x372d, 0x2c3: 0x371b,
+	0x2c6: 0xa000, 0x2c7: 0x3709,
+	0x2cc: 0x375d, 0x2cd: 0x3745, 0x2ce: 0x376f, 0x2d0: 0xa000,
+	0x2d3: 0xa000, 0x2d5: 0xa000, 0x2d6: 0xa000, 0x2d7: 0xa000,
+	0x2d8: 0xa000, 0x2d9: 0x3751, 0x2da: 0xa000,
+	0x2de: 0xa000, 0x2e3: 0xa000,
+	0x2e7: 0xa000,
+	0x2eb: 0xa000, 0x2ed: 0xa000,
+	0x2f0: 0xa000, 0x2f3: 0xa000, 0x2f5: 0xa000,
+	0x2f6: 0xa000, 0x2f7: 0xa000, 0x2f8: 0xa000, 0x2f9: 0x37d5, 0x2fa: 0xa000,
+	0x2fe: 0xa000,
+	// Block 0xc, offset 0x300
+	0x301: 0x3733, 0x302: 0x37b7,
+	0x310: 0x370f, 0x311: 0x3793,
+	0x312: 0x3715, 0x313: 0x3799, 0x316: 0x3727, 0x317: 0x37ab,
+	0x318: 0xa000, 0x319: 0xa000, 0x31a: 0x3829, 0x31b: 0x382f, 0x31c: 0x3739, 0x31d: 0x37bd,
+	0x31e: 0x373f, 0x31f: 0x37c3, 0x322: 0x374b, 0x323: 0x37cf,
+	0x324: 0x3757, 0x325: 0x37db, 0x326: 0x3763, 0x327: 0x37e7, 0x328: 0xa000, 0x329: 0xa000,
+	0x32a: 0x3835, 0x32b: 0x383b, 0x32c: 0x378d, 0x32d: 0x3811, 0x32e: 0x3769, 0x32f: 0x37ed,
+	0x330: 0x3775, 0x331: 0x37f9, 0x332: 0x377b, 0x333: 0x37ff, 0x334: 0x3781, 0x335: 0x3805,
+	0x338: 0x3787, 0x339: 0x380b,
+	// Block 0xd, offset 0x340
+	0x351: 0x812d,
+	0x352: 0x8132, 0x353: 0x8132, 0x354: 0x8132, 0x355: 0x8132, 0x356: 0x812d, 0x357: 0x8132,
+	0x358: 0x8132, 0x359: 0x8132, 0x35a: 0x812e, 0x35b: 0x812d, 0x35c: 0x8132, 0x35d: 0x8132,
+	0x35e: 0x8132, 0x35f: 0x8132, 0x360: 0x8132, 0x361: 0x8132, 0x362: 0x812d, 0x363: 0x812d,
+	0x364: 0x812d, 0x365: 0x812d, 0x366: 0x812d, 0x367: 0x812d, 0x368: 0x8132, 0x369: 0x8132,
+	0x36a: 0x812d, 0x36b: 0x8132, 0x36c: 0x8132, 0x36d: 0x812e, 0x36e: 0x8131, 0x36f: 0x8132,
+	0x370: 0x8105, 0x371: 0x8106, 0x372: 0x8107, 0x373: 0x8108, 0x374: 0x8109, 0x375: 0x810a,
+	0x376: 0x810b, 0x377: 0x810c, 0x378: 0x810d, 0x379: 0x810e, 0x37a: 0x810e, 0x37b: 0x810f,
+	0x37c: 0x8110, 0x37d: 0x8111, 0x37f: 0x8112,
+	// Block 0xe, offset 0x380
+	0x388: 0xa000, 0x38a: 0xa000, 0x38b: 0x8116,
+	0x38c: 0x8117, 0x38d: 0x8118, 0x38e: 0x8119, 0x38f: 0x811a, 0x390: 0x811b, 0x391: 0x811c,
+	0x392: 0x811d, 0x393: 0x9932, 0x394: 0x9932, 0x395: 0x992d, 0x396: 0x812d, 0x397: 0x8132,
+	0x398: 0x8132, 0x399: 0x8132, 0x39a: 0x8132, 0x39b: 0x8132, 0x39c: 0x812d, 0x39d: 0x8132,
+	0x39e: 0x8132, 0x39f: 0x812d,
+	0x3b0: 0x811e,
+	// Block 0xf, offset 0x3c0
+	0x3d3: 0x812d, 0x3d4: 0x8132, 0x3d5: 0x8132, 0x3d6: 0x8132, 0x3d7: 0x8132,
+	0x3d8: 0x8132, 0x3d9: 0x8132, 0x3da: 0x8132, 0x3db: 0x8132, 0x3dc: 0x8132, 0x3dd: 0x8132,
+	0x3de: 0x8132, 0x3df: 0x8132, 0x3e0: 0x8132, 0x3e1: 0x8132, 0x3e3: 0x812d,
+	0x3e4: 0x8132, 0x3e5: 0x8132, 0x3e6: 0x812d, 0x3e7: 0x8132, 0x3e8: 0x8132, 0x3e9: 0x812d,
+	0x3ea: 0x8132, 0x3eb: 0x8132, 0x3ec: 0x8132, 0x3ed: 0x812d, 0x3ee: 0x812d, 0x3ef: 0x812d,
+	0x3f0: 0x8116, 0x3f1: 0x8117, 0x3f2: 0x8118, 0x3f3: 0x8132, 0x3f4: 0x8132, 0x3f5: 0x8132,
+	0x3f6: 0x812d, 0x3f7: 0x8132, 0x3f8: 0x8132, 0x3f9: 0x812d, 0x3fa: 0x812d, 0x3fb: 0x8132,
+	0x3fc: 0x8132, 0x3fd: 0x8132, 0x3fe: 0x8132, 0x3ff: 0x8132,
+	// Block 0x10, offset 0x400
+	0x405: 0xa000,
+	0x406: 0x2d26, 0x407: 0xa000, 0x408: 0x2d2e, 0x409: 0xa000, 0x40a: 0x2d36, 0x40b: 0xa000,
+	0x40c: 0x2d3e, 0x40d: 0xa000, 0x40e: 0x2d46, 0x411: 0xa000,
+	0x412: 0x2d4e,
+	0x434: 0x8102, 0x435: 0x9900,
+	0x43a: 0xa000, 0x43b: 0x2d56,
+	0x43c: 0xa000, 0x43d: 0x2d5e, 0x43e: 0xa000, 0x43f: 0xa000,
+	// Block 0x11, offset 0x440
+	0x440: 0x8132, 0x441: 0x8132, 0x442: 0x812d, 0x443: 0x8132, 0x444: 0x8132, 0x445: 0x8132,
+	0x446: 0x8132, 0x447: 0x8132, 0x448: 0x8132, 0x449: 0x8132, 0x44a: 0x812d, 0x44b: 0x8132,
+	0x44c: 0x8132, 0x44d: 0x8135, 0x44e: 0x812a, 0x44f: 0x812d, 0x450: 0x8129, 0x451: 0x8132,
+	0x452: 0x8132, 0x453: 0x8132, 0x454: 0x8132, 0x455: 0x8132, 0x456: 0x8132, 0x457: 0x8132,
+	0x458: 0x8132, 0x459: 0x8132, 0x45a: 0x8132, 0x45b: 0x8132, 0x45c: 0x8132, 0x45d: 0x8132,
+	0x45e: 0x8132, 0x45f: 0x8132, 0x460: 0x8132, 0x461: 0x8132, 0x462: 0x8132, 0x463: 0x8132,
+	0x464: 0x8132, 0x465: 0x8132, 0x466: 0x8132, 0x467: 0x8132, 0x468: 0x8132, 0x469: 0x8132,
+	0x46a: 0x8132, 0x46b: 0x8132, 0x46c: 0x8132, 0x46d: 0x8132, 0x46e: 0x8132, 0x46f: 0x8132,
+	0x470: 0x8132, 0x471: 0x8132, 0x472: 0x8132, 0x473: 0x8132, 0x474: 0x8132, 0x475: 0x8132,
+	0x476: 0x8133, 0x477: 0x8131, 0x478: 0x8131, 0x479: 0x812d, 0x47b: 0x8132,
+	0x47c: 0x8134, 0x47d: 0x812d, 0x47e: 0x8132, 0x47f: 0x812d,
+	// Block 0x12, offset 0x480
+	0x480: 0x2f97, 0x481: 0x32a3, 0x482: 0x2fa1, 0x483: 0x32ad, 0x484: 0x2fa6, 0x485: 0x32b2,
+	0x486: 0x2fab, 0x487: 0x32b7, 0x488: 0x38cc, 0x489: 0x3a5b, 0x48a: 0x2fc4, 0x48b: 0x32d0,
+	0x48c: 0x2fce, 0x48d: 0x32da, 0x48e: 0x2fdd, 0x48f: 0x32e9, 0x490: 0x2fd3, 0x491: 0x32df,
+	0x492: 0x2fd8, 0x493: 0x32e4, 0x494: 0x38ef, 0x495: 0x3a7e, 0x496: 0x38f6, 0x497: 0x3a85,
+	0x498: 0x3019, 0x499: 0x3325, 0x49a: 0x301e, 0x49b: 0x332a, 0x49c: 0x3904, 0x49d: 0x3a93,
+	0x49e: 0x3023, 0x49f: 0x332f, 0x4a0: 0x3032, 0x4a1: 0x333e, 0x4a2: 0x3050, 0x4a3: 0x335c,
+	0x4a4: 0x305f, 0x4a5: 0x336b, 0x4a6: 0x3055, 0x4a7: 0x3361, 0x4a8: 0x3064, 0x4a9: 0x3370,
+	0x4aa: 0x3069, 0x4ab: 0x3375, 0x4ac: 0x30af, 0x4ad: 0x33bb, 0x4ae: 0x390b, 0x4af: 0x3a9a,
+	0x4b0: 0x30b9, 0x4b1: 0x33ca, 0x4b2: 0x30c3, 0x4b3: 0x33d4, 0x4b4: 0x30cd, 0x4b5: 0x33de,
+	0x4b6: 0x46c4, 0x4b7: 0x4755, 0x4b8: 0x3912, 0x4b9: 0x3aa1, 0x4ba: 0x30e6, 0x4bb: 0x33f7,
+	0x4bc: 0x30e1, 0x4bd: 0x33f2, 0x4be: 0x30eb, 0x4bf: 0x33fc,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x30f0, 0x4c1: 0x3401, 0x4c2: 0x30f5, 0x4c3: 0x3406, 0x4c4: 0x3109, 0x4c5: 0x341a,
+	0x4c6: 0x3113, 0x4c7: 0x3424, 0x4c8: 0x3122, 0x4c9: 0x3433, 0x4ca: 0x311d, 0x4cb: 0x342e,
+	0x4cc: 0x3935, 0x4cd: 0x3ac4, 0x4ce: 0x3943, 0x4cf: 0x3ad2, 0x4d0: 0x394a, 0x4d1: 0x3ad9,
+	0x4d2: 0x3951, 0x4d3: 0x3ae0, 0x4d4: 0x314f, 0x4d5: 0x3460, 0x4d6: 0x3154, 0x4d7: 0x3465,
+	0x4d8: 0x315e, 0x4d9: 0x346f, 0x4da: 0x46f1, 0x4db: 0x4782, 0x4dc: 0x3997, 0x4dd: 0x3b26,
+	0x4de: 0x3177, 0x4df: 0x3488, 0x4e0: 0x3181, 0x4e1: 0x3492, 0x4e2: 0x4700, 0x4e3: 0x4791,
+	0x4e4: 0x399e, 0x4e5: 0x3b2d, 0x4e6: 0x39a5, 0x4e7: 0x3b34, 0x4e8: 0x39ac, 0x4e9: 0x3b3b,
+	0x4ea: 0x3190, 0x4eb: 0x34a1, 0x4ec: 0x319a, 0x4ed: 0x34b0, 0x4ee: 0x31ae, 0x4ef: 0x34c4,
+	0x4f0: 0x31a9, 0x4f1: 0x34bf, 0x4f2: 0x31ea, 0x4f3: 0x3500, 0x4f4: 0x31f9, 0x4f5: 0x350f,
+	0x4f6: 0x31f4, 0x4f7: 0x350a, 0x4f8: 0x39b3, 0x4f9: 0x3b42, 0x4fa: 0x39ba, 0x4fb: 0x3b49,
+	0x4fc: 0x31fe, 0x4fd: 0x3514, 0x4fe: 0x3203, 0x4ff: 0x3519,
+	// Block 0x14, offset 0x500
+	0x500: 0x3208, 0x501: 0x351e, 0x502: 0x320d, 0x503: 0x3523, 0x504: 0x321c, 0x505: 0x3532,
+	0x506: 0x3217, 0x507: 0x352d, 0x508: 0x3221, 0x509: 0x353c, 0x50a: 0x3226, 0x50b: 0x3541,
+	0x50c: 0x322b, 0x50d: 0x3546, 0x50e: 0x3249, 0x50f: 0x3564, 0x510: 0x3262, 0x511: 0x3582,
+	0x512: 0x3271, 0x513: 0x3591, 0x514: 0x3276, 0x515: 0x3596, 0x516: 0x337a, 0x517: 0x34a6,
+	0x518: 0x3537, 0x519: 0x3573, 0x51b: 0x35d1,
+	0x520: 0x46a1, 0x521: 0x4732, 0x522: 0x2f83, 0x523: 0x328f,
+	0x524: 0x3878, 0x525: 0x3a07, 0x526: 0x3871, 0x527: 0x3a00, 0x528: 0x3886, 0x529: 0x3a15,
+	0x52a: 0x387f, 0x52b: 0x3a0e, 0x52c: 0x38be, 0x52d: 0x3a4d, 0x52e: 0x3894, 0x52f: 0x3a23,
+	0x530: 0x388d, 0x531: 0x3a1c, 0x532: 0x38a2, 0x533: 0x3a31, 0x534: 0x389b, 0x535: 0x3a2a,
+	0x536: 0x38c5, 0x537: 0x3a54, 0x538: 0x46b5, 0x539: 0x4746, 0x53a: 0x3000, 0x53b: 0x330c,
+	0x53c: 0x2fec, 0x53d: 0x32f8, 0x53e: 0x38da, 0x53f: 0x3a69,
+	// Block 0x15, offset 0x540
+	0x540: 0x38d3, 0x541: 0x3a62, 0x542: 0x38e8, 0x543: 0x3a77, 0x544: 0x38e1, 0x545: 0x3a70,
+	0x546: 0x38fd, 0x547: 0x3a8c, 0x548: 0x3091, 0x549: 0x339d, 0x54a: 0x30a5, 0x54b: 0x33b1,
+	0x54c: 0x46e7, 0x54d: 0x4778, 0x54e: 0x3136, 0x54f: 0x3447, 0x550: 0x3920, 0x551: 0x3aaf,
+	0x552: 0x3919, 0x553: 0x3aa8, 0x554: 0x392e, 0x555: 0x3abd, 0x556: 0x3927, 0x557: 0x3ab6,
+	0x558: 0x3989, 0x559: 0x3b18, 0x55a: 0x396d, 0x55b: 0x3afc, 0x55c: 0x3966, 0x55d: 0x3af5,
+	0x55e: 0x397b, 0x55f: 0x3b0a, 0x560: 0x3974, 0x561: 0x3b03, 0x562: 0x3982, 0x563: 0x3b11,
+	0x564: 0x31e5, 0x565: 0x34fb, 0x566: 0x31c7, 0x567: 0x34dd, 0x568: 0x39e4, 0x569: 0x3b73,
+	0x56a: 0x39dd, 0x56b: 0x3b6c, 0x56c: 0x39f2, 0x56d: 0x3b81, 0x56e: 0x39eb, 0x56f: 0x3b7a,
+	0x570: 0x39f9, 0x571: 0x3b88, 0x572: 0x3230, 0x573: 0x354b, 0x574: 0x3258, 0x575: 0x3578,
+	0x576: 0x3253, 0x577: 0x356e, 0x578: 0x323f, 0x579: 0x355a,
+	// Block 0x16, offset 0x580
+	0x580: 0x4804, 0x581: 0x480a, 0x582: 0x491e, 0x583: 0x4936, 0x584: 0x4926, 0x585: 0x493e,
+	0x586: 0x492e, 0x587: 0x4946, 0x588: 0x47aa, 0x589: 0x47b0, 0x58a: 0x488e, 0x58b: 0x48a6,
+	0x58c: 0x4896, 0x58d: 0x48ae, 0x58e: 0x489e, 0x58f: 0x48b6, 0x590: 0x4816, 0x591: 0x481c,
+	0x592: 0x3db8, 0x593: 0x3dc8, 0x594: 0x3dc0, 0x595: 0x3dd0,
+	0x598: 0x47b6, 0x599: 0x47bc, 0x59a: 0x3ce8, 0x59b: 0x3cf8, 0x59c: 0x3cf0, 0x59d: 0x3d00,
+	0x5a0: 0x482e, 0x5a1: 0x4834, 0x5a2: 0x494e, 0x5a3: 0x4966,
+	0x5a4: 0x4956, 0x5a5: 0x496e, 0x5a6: 0x495e, 0x5a7: 0x4976, 0x5a8: 0x47c2, 0x5a9: 0x47c8,
+	0x5aa: 0x48be, 0x5ab: 0x48d6, 0x5ac: 0x48c6, 0x5ad: 0x48de, 0x5ae: 0x48ce, 0x5af: 0x48e6,
+	0x5b0: 0x4846, 0x5b1: 0x484c, 0x5b2: 0x3e18, 0x5b3: 0x3e30, 0x5b4: 0x3e20, 0x5b5: 0x3e38,
+	0x5b6: 0x3e28, 0x5b7: 0x3e40, 0x5b8: 0x47ce, 0x5b9: 0x47d4, 0x5ba: 0x3d18, 0x5bb: 0x3d30,
+	0x5bc: 0x3d20, 0x5bd: 0x3d38, 0x5be: 0x3d28, 0x5bf: 0x3d40,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x4852, 0x5c1: 0x4858, 0x5c2: 0x3e48, 0x5c3: 0x3e58, 0x5c4: 0x3e50, 0x5c5: 0x3e60,
+	0x5c8: 0x47da, 0x5c9: 0x47e0, 0x5ca: 0x3d48, 0x5cb: 0x3d58,
+	0x5cc: 0x3d50, 0x5cd: 0x3d60, 0x5d0: 0x4864, 0x5d1: 0x486a,
+	0x5d2: 0x3e80, 0x5d3: 0x3e98, 0x5d4: 0x3e88, 0x5d5: 0x3ea0, 0x5d6: 0x3e90, 0x5d7: 0x3ea8,
+	0x5d9: 0x47e6, 0x5db: 0x3d68, 0x5dd: 0x3d70,
+	0x5df: 0x3d78, 0x5e0: 0x487c, 0x5e1: 0x4882, 0x5e2: 0x497e, 0x5e3: 0x4996,
+	0x5e4: 0x4986, 0x5e5: 0x499e, 0x5e6: 0x498e, 0x5e7: 0x49a6, 0x5e8: 0x47ec, 0x5e9: 0x47f2,
+	0x5ea: 0x48ee, 0x5eb: 0x4906, 0x5ec: 0x48f6, 0x5ed: 0x490e, 0x5ee: 0x48fe, 0x5ef: 0x4916,
+	0x5f0: 0x47f8, 0x5f1: 0x431e, 0x5f2: 0x3691, 0x5f3: 0x4324, 0x5f4: 0x4822, 0x5f5: 0x432a,
+	0x5f6: 0x36a3, 0x5f7: 0x4330, 0x5f8: 0x36c1, 0x5f9: 0x4336, 0x5fa: 0x36d9, 0x5fb: 0x433c,
+	0x5fc: 0x4870, 0x5fd: 0x4342,
+	// Block 0x18, offset 0x600
+	0x600: 0x3da0, 0x601: 0x3da8, 0x602: 0x4184, 0x603: 0x41a2, 0x604: 0x418e, 0x605: 0x41ac,
+	0x606: 0x4198, 0x607: 0x41b6, 0x608: 0x3cd8, 0x609: 0x3ce0, 0x60a: 0x40d0, 0x60b: 0x40ee,
+	0x60c: 0x40da, 0x60d: 0x40f8, 0x60e: 0x40e4, 0x60f: 0x4102, 0x610: 0x3de8, 0x611: 0x3df0,
+	0x612: 0x41c0, 0x613: 0x41de, 0x614: 0x41ca, 0x615: 0x41e8, 0x616: 0x41d4, 0x617: 0x41f2,
+	0x618: 0x3d08, 0x619: 0x3d10, 0x61a: 0x410c, 0x61b: 0x412a, 0x61c: 0x4116, 0x61d: 0x4134,
+	0x61e: 0x4120, 0x61f: 0x413e, 0x620: 0x3ec0, 0x621: 0x3ec8, 0x622: 0x41fc, 0x623: 0x421a,
+	0x624: 0x4206, 0x625: 0x4224, 0x626: 0x4210, 0x627: 0x422e, 0x628: 0x3d80, 0x629: 0x3d88,
+	0x62a: 0x4148, 0x62b: 0x4166, 0x62c: 0x4152, 0x62d: 0x4170, 0x62e: 0x415c, 0x62f: 0x417a,
+	0x630: 0x3685, 0x631: 0x367f, 0x632: 0x3d90, 0x633: 0x368b, 0x634: 0x3d98,
+	0x636: 0x4810, 0x637: 0x3db0, 0x638: 0x35f5, 0x639: 0x35ef, 0x63a: 0x35e3, 0x63b: 0x42ee,
+	0x63c: 0x35fb, 0x63d: 0x8100, 0x63e: 0x01d3, 0x63f: 0xa100,
+	// Block 0x19, offset 0x640
+	0x640: 0x8100, 0x641: 0x35a7, 0x642: 0x3dd8, 0x643: 0x369d, 0x644: 0x3de0,
+	0x646: 0x483a, 0x647: 0x3df8, 0x648: 0x3601, 0x649: 0x42f4, 0x64a: 0x360d, 0x64b: 0x42fa,
+	0x64c: 0x3619, 0x64d: 0x3b8f, 0x64e: 0x3b96, 0x64f: 0x3b9d, 0x650: 0x36b5, 0x651: 0x36af,
+	0x652: 0x3e00, 0x653: 0x44e4, 0x656: 0x36bb, 0x657: 0x3e10,
+	0x658: 0x3631, 0x659: 0x362b, 0x65a: 0x361f, 0x65b: 0x4300, 0x65d: 0x3ba4,
+	0x65e: 0x3bab, 0x65f: 0x3bb2, 0x660: 0x36eb, 0x661: 0x36e5, 0x662: 0x3e68, 0x663: 0x44ec,
+	0x664: 0x36cd, 0x665: 0x36d3, 0x666: 0x36f1, 0x667: 0x3e78, 0x668: 0x3661, 0x669: 0x365b,
+	0x66a: 0x364f, 0x66b: 0x430c, 0x66c: 0x3649, 0x66d: 0x359b, 0x66e: 0x42e8, 0x66f: 0x0081,
+	0x672: 0x3eb0, 0x673: 0x36f7, 0x674: 0x3eb8,
+	0x676: 0x4888, 0x677: 0x3ed0, 0x678: 0x363d, 0x679: 0x4306, 0x67a: 0x366d, 0x67b: 0x4318,
+	0x67c: 0x3679, 0x67d: 0x4256, 0x67e: 0xa100,
+	// Block 0x1a, offset 0x680
+	0x681: 0x3c06, 0x683: 0xa000, 0x684: 0x3c0d, 0x685: 0xa000,
+	0x687: 0x3c14, 0x688: 0xa000, 0x689: 0x3c1b,
+	0x68d: 0xa000,
+	0x6a0: 0x2f65, 0x6a1: 0xa000, 0x6a2: 0x3c29,
+	0x6a4: 0xa000, 0x6a5: 0xa000,
+	0x6ad: 0x3c22, 0x6ae: 0x2f60, 0x6af: 0x2f6a,
+	0x6b0: 0x3c30, 0x6b1: 0x3c37, 0x6b2: 0xa000, 0x6b3: 0xa000, 0x6b4: 0x3c3e, 0x6b5: 0x3c45,
+	0x6b6: 0xa000, 0x6b7: 0xa000, 0x6b8: 0x3c4c, 0x6b9: 0x3c53, 0x6ba: 0xa000, 0x6bb: 0xa000,
+	0x6bc: 0xa000, 0x6bd: 0xa000,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x3c5a, 0x6c1: 0x3c61, 0x6c2: 0xa000, 0x6c3: 0xa000, 0x6c4: 0x3c76, 0x6c5: 0x3c7d,
+	0x6c6: 0xa000, 0x6c7: 0xa000, 0x6c8: 0x3c84, 0x6c9: 0x3c8b,
+	0x6d1: 0xa000,
+	0x6d2: 0xa000,
+	0x6e2: 0xa000,
+	0x6e8: 0xa000, 0x6e9: 0xa000,
+	0x6eb: 0xa000, 0x6ec: 0x3ca0, 0x6ed: 0x3ca7, 0x6ee: 0x3cae, 0x6ef: 0x3cb5,
+	0x6f2: 0xa000, 0x6f3: 0xa000, 0x6f4: 0xa000, 0x6f5: 0xa000,
+	// Block 0x1c, offset 0x700
+	0x706: 0xa000, 0x70b: 0xa000,
+	0x70c: 0x3f08, 0x70d: 0xa000, 0x70e: 0x3f10, 0x70f: 0xa000, 0x710: 0x3f18, 0x711: 0xa000,
+	0x712: 0x3f20, 0x713: 0xa000, 0x714: 0x3f28, 0x715: 0xa000, 0x716: 0x3f30, 0x717: 0xa000,
+	0x718: 0x3f38, 0x719: 0xa000, 0x71a: 0x3f40, 0x71b: 0xa000, 0x71c: 0x3f48, 0x71d: 0xa000,
+	0x71e: 0x3f50, 0x71f: 0xa000, 0x720: 0x3f58, 0x721: 0xa000, 0x722: 0x3f60,
+	0x724: 0xa000, 0x725: 0x3f68, 0x726: 0xa000, 0x727: 0x3f70, 0x728: 0xa000, 0x729: 0x3f78,
+	0x72f: 0xa000,
+	0x730: 0x3f80, 0x731: 0x3f88, 0x732: 0xa000, 0x733: 0x3f90, 0x734: 0x3f98, 0x735: 0xa000,
+	0x736: 0x3fa0, 0x737: 0x3fa8, 0x738: 0xa000, 0x739: 0x3fb0, 0x73a: 0x3fb8, 0x73b: 0xa000,
+	0x73c: 0x3fc0, 0x73d: 0x3fc8,
+	// Block 0x1d, offset 0x740
+	0x754: 0x3f00,
+	0x759: 0x9903, 0x75a: 0x9903, 0x75b: 0x8100, 0x75c: 0x8100, 0x75d: 0xa000,
+	0x75e: 0x3fd0,
+	0x766: 0xa000,
+	0x76b: 0xa000, 0x76c: 0x3fe0, 0x76d: 0xa000, 0x76e: 0x3fe8, 0x76f: 0xa000,
+	0x770: 0x3ff0, 0x771: 0xa000, 0x772: 0x3ff8, 0x773: 0xa000, 0x774: 0x4000, 0x775: 0xa000,
+	0x776: 0x4008, 0x777: 0xa000, 0x778: 0x4010, 0x779: 0xa000, 0x77a: 0x4018, 0x77b: 0xa000,
+	0x77c: 0x4020, 0x77d: 0xa000, 0x77e: 0x4028, 0x77f: 0xa000,
+	// Block 0x1e, offset 0x780
+	0x780: 0x4030, 0x781: 0xa000, 0x782: 0x4038, 0x784: 0xa000, 0x785: 0x4040,
+	0x786: 0xa000, 0x787: 0x4048, 0x788: 0xa000, 0x789: 0x4050,
+	0x78f: 0xa000, 0x790: 0x4058, 0x791: 0x4060,
+	0x792: 0xa000, 0x793: 0x4068, 0x794: 0x4070, 0x795: 0xa000, 0x796: 0x4078, 0x797: 0x4080,
+	0x798: 0xa000, 0x799: 0x4088, 0x79a: 0x4090, 0x79b: 0xa000, 0x79c: 0x4098, 0x79d: 0x40a0,
+	0x7af: 0xa000,
+	0x7b0: 0xa000, 0x7b1: 0xa000, 0x7b2: 0xa000, 0x7b4: 0x3fd8,
+	0x7b7: 0x40a8, 0x7b8: 0x40b0, 0x7b9: 0x40b8, 0x7ba: 0x40c0,
+	0x7bd: 0xa000, 0x7be: 0x40c8,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0x1377, 0x7c1: 0x0cfb, 0x7c2: 0x13d3, 0x7c3: 0x139f, 0x7c4: 0x0e57, 0x7c5: 0x06eb,
+	0x7c6: 0x08df, 0x7c7: 0x162b, 0x7c8: 0x162b, 0x7c9: 0x0a0b, 0x7ca: 0x145f, 0x7cb: 0x0943,
+	0x7cc: 0x0a07, 0x7cd: 0x0bef, 0x7ce: 0x0fcf, 0x7cf: 0x115f, 0x7d0: 0x1297, 0x7d1: 0x12d3,
+	0x7d2: 0x1307, 0x7d3: 0x141b, 0x7d4: 0x0d73, 0x7d5: 0x0dff, 0x7d6: 0x0eab, 0x7d7: 0x0f43,
+	0x7d8: 0x125f, 0x7d9: 0x1447, 0x7da: 0x1573, 0x7db: 0x070f, 0x7dc: 0x08b3, 0x7dd: 0x0d87,
+	0x7de: 0x0ecf, 0x7df: 0x1293, 0x7e0: 0x15c3, 0x7e1: 0x0ab3, 0x7e2: 0x0e77, 0x7e3: 0x1283,
+	0x7e4: 0x1317, 0x7e5: 0x0c23, 0x7e6: 0x11bb, 0x7e7: 0x12df, 0x7e8: 0x0b1f, 0x7e9: 0x0d0f,
+	0x7ea: 0x0e17, 0x7eb: 0x0f1b, 0x7ec: 0x1427, 0x7ed: 0x074f, 0x7ee: 0x07e7, 0x7ef: 0x0853,
+	0x7f0: 0x0c8b, 0x7f1: 0x0d7f, 0x7f2: 0x0ecb, 0x7f3: 0x0fef, 0x7f4: 0x1177, 0x7f5: 0x128b,
+	0x7f6: 0x12a3, 0x7f7: 0x13c7, 0x7f8: 0x14ef, 0x7f9: 0x15a3, 0x7fa: 0x15bf, 0x7fb: 0x102b,
+	0x7fc: 0x106b, 0x7fd: 0x1123, 0x7fe: 0x1243, 0x7ff: 0x147b,
+	// Block 0x20, offset 0x800
+	0x800: 0x15cb, 0x801: 0x134b, 0x802: 0x09c7, 0x803: 0x0b3b, 0x804: 0x10db, 0x805: 0x119b,
+	0x806: 0x0eff, 0x807: 0x1033, 0x808: 0x1397, 0x809: 0x14e7, 0x80a: 0x09c3, 0x80b: 0x0a8f,
+	0x80c: 0x0d77, 0x80d: 0x0e2b, 0x80e: 0x0e5f, 0x80f: 0x1113, 0x810: 0x113b, 0x811: 0x14a7,
+	0x812: 0x084f, 0x813: 0x11a7, 0x814: 0x07f3, 0x815: 0x07ef, 0x816: 0x1097, 0x817: 0x1127,
+	0x818: 0x125b, 0x819: 0x14af, 0x81a: 0x1367, 0x81b: 0x0c27, 0x81c: 0x0d73, 0x81d: 0x1357,
+	0x81e: 0x06f7, 0x81f: 0x0a63, 0x820: 0x0b93, 0x821: 0x0f2f, 0x822: 0x0faf, 0x823: 0x0873,
+	0x824: 0x103b, 0x825: 0x075f, 0x826: 0x0b77, 0x827: 0x06d7, 0x828: 0x0deb, 0x829: 0x0ca3,
+	0x82a: 0x110f, 0x82b: 0x08c7, 0x82c: 0x09b3, 0x82d: 0x0ffb, 0x82e: 0x1263, 0x82f: 0x133b,
+	0x830: 0x0db7, 0x831: 0x13f7, 0x832: 0x0de3, 0x833: 0x0c37, 0x834: 0x121b, 0x835: 0x0c57,
+	0x836: 0x0fab, 0x837: 0x072b, 0x838: 0x07a7, 0x839: 0x07eb, 0x83a: 0x0d53, 0x83b: 0x10fb,
+	0x83c: 0x11f3, 0x83d: 0x1347, 0x83e: 0x145b, 0x83f: 0x085b,
+	// Block 0x21, offset 0x840
+	0x840: 0x090f, 0x841: 0x0a17, 0x842: 0x0b2f, 0x843: 0x0cbf, 0x844: 0x0e7b, 0x845: 0x103f,
+	0x846: 0x1497, 0x847: 0x157b, 0x848: 0x15cf, 0x849: 0x15e7, 0x84a: 0x0837, 0x84b: 0x0cf3,
+	0x84c: 0x0da3, 0x84d: 0x13eb, 0x84e: 0x0afb, 0x84f: 0x0bd7, 0x850: 0x0bf3, 0x851: 0x0c83,
+	0x852: 0x0e6b, 0x853: 0x0eb7, 0x854: 0x0f67, 0x855: 0x108b, 0x856: 0x112f, 0x857: 0x1193,
+	0x858: 0x13db, 0x859: 0x126b, 0x85a: 0x1403, 0x85b: 0x147f, 0x85c: 0x080f, 0x85d: 0x083b,
+	0x85e: 0x0923, 0x85f: 0x0ea7, 0x860: 0x12f3, 0x861: 0x133b, 0x862: 0x0b1b, 0x863: 0x0b8b,
+	0x864: 0x0c4f, 0x865: 0x0daf, 0x866: 0x10d7, 0x867: 0x0f23, 0x868: 0x073b, 0x869: 0x097f,
+	0x86a: 0x0a63, 0x86b: 0x0ac7, 0x86c: 0x0b97, 0x86d: 0x0f3f, 0x86e: 0x0f5b, 0x86f: 0x116b,
+	0x870: 0x118b, 0x871: 0x1463, 0x872: 0x14e3, 0x873: 0x14f3, 0x874: 0x152f, 0x875: 0x0753,
+	0x876: 0x107f, 0x877: 0x144f, 0x878: 0x14cb, 0x879: 0x0baf, 0x87a: 0x0717, 0x87b: 0x0777,
+	0x87c: 0x0a67, 0x87d: 0x0a87, 0x87e: 0x0caf, 0x87f: 0x0d73,
+	// Block 0x22, offset 0x880
+	0x880: 0x0ec3, 0x881: 0x0fcb, 0x882: 0x1277, 0x883: 0x1417, 0x884: 0x1623, 0x885: 0x0ce3,
+	0x886: 0x14a3, 0x887: 0x0833, 0x888: 0x0d2f, 0x889: 0x0d3b, 0x88a: 0x0e0f, 0x88b: 0x0e47,
+	0x88c: 0x0f4b, 0x88d: 0x0fa7, 0x88e: 0x1027, 0x88f: 0x110b, 0x890: 0x153b, 0x891: 0x07af,
+	0x892: 0x0c03, 0x893: 0x14b3, 0x894: 0x0767, 0x895: 0x0aab, 0x896: 0x0e2f, 0x897: 0x13df,
+	0x898: 0x0b67, 0x899: 0x0bb7, 0x89a: 0x0d43, 0x89b: 0x0f2f, 0x89c: 0x14bb, 0x89d: 0x0817,
+	0x89e: 0x08ff, 0x89f: 0x0a97, 0x8a0: 0x0cd3, 0x8a1: 0x0d1f, 0x8a2: 0x0d5f, 0x8a3: 0x0df3,
+	0x8a4: 0x0f47, 0x8a5: 0x0fbb, 0x8a6: 0x1157, 0x8a7: 0x12f7, 0x8a8: 0x1303, 0x8a9: 0x1457,
+	0x8aa: 0x14d7, 0x8ab: 0x0883, 0x8ac: 0x0e4b, 0x8ad: 0x0903, 0x8ae: 0x0ec7, 0x8af: 0x0f6b,
+	0x8b0: 0x1287, 0x8b1: 0x14bf, 0x8b2: 0x15ab, 0x8b3: 0x15d3, 0x8b4: 0x0d37, 0x8b5: 0x0e27,
+	0x8b6: 0x11c3, 0x8b7: 0x10b7, 0x8b8: 0x10c3, 0x8b9: 0x10e7, 0x8ba: 0x0f17, 0x8bb: 0x0e9f,
+	0x8bc: 0x1363, 0x8bd: 0x0733, 0x8be: 0x122b, 0x8bf: 0x081b,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x080b, 0x8c1: 0x0b0b, 0x8c2: 0x0c2b, 0x8c3: 0x10f3, 0x8c4: 0x0a53, 0x8c5: 0x0e03,
+	0x8c6: 0x0cef, 0x8c7: 0x13e7, 0x8c8: 0x12e7, 0x8c9: 0x14ab, 0x8ca: 0x1323, 0x8cb: 0x0b27,
+	0x8cc: 0x0787, 0x8cd: 0x095b, 0x8d0: 0x09af,
+	0x8d2: 0x0cdf, 0x8d5: 0x07f7, 0x8d6: 0x0f1f, 0x8d7: 0x0fe3,
+	0x8d8: 0x1047, 0x8d9: 0x1063, 0x8da: 0x1067, 0x8db: 0x107b, 0x8dc: 0x14fb, 0x8dd: 0x10eb,
+	0x8de: 0x116f, 0x8e0: 0x128f, 0x8e2: 0x1353,
+	0x8e5: 0x1407, 0x8e6: 0x1433,
+	0x8ea: 0x154f, 0x8eb: 0x1553, 0x8ec: 0x1557, 0x8ed: 0x15bb, 0x8ee: 0x142b, 0x8ef: 0x14c7,
+	0x8f0: 0x0757, 0x8f1: 0x077b, 0x8f2: 0x078f, 0x8f3: 0x084b, 0x8f4: 0x0857, 0x8f5: 0x0897,
+	0x8f6: 0x094b, 0x8f7: 0x0967, 0x8f8: 0x096f, 0x8f9: 0x09ab, 0x8fa: 0x09b7, 0x8fb: 0x0a93,
+	0x8fc: 0x0a9b, 0x8fd: 0x0ba3, 0x8fe: 0x0bcb, 0x8ff: 0x0bd3,
+	// Block 0x24, offset 0x900
+	0x900: 0x0beb, 0x901: 0x0c97, 0x902: 0x0cc7, 0x903: 0x0ce7, 0x904: 0x0d57, 0x905: 0x0e1b,
+	0x906: 0x0e37, 0x907: 0x0e67, 0x908: 0x0ebb, 0x909: 0x0edb, 0x90a: 0x0f4f, 0x90b: 0x102f,
+	0x90c: 0x104b, 0x90d: 0x1053, 0x90e: 0x104f, 0x90f: 0x1057, 0x910: 0x105b, 0x911: 0x105f,
+	0x912: 0x1073, 0x913: 0x1077, 0x914: 0x109b, 0x915: 0x10af, 0x916: 0x10cb, 0x917: 0x112f,
+	0x918: 0x1137, 0x919: 0x113f, 0x91a: 0x1153, 0x91b: 0x117b, 0x91c: 0x11cb, 0x91d: 0x11ff,
+	0x91e: 0x11ff, 0x91f: 0x1267, 0x920: 0x130f, 0x921: 0x1327, 0x922: 0x135b, 0x923: 0x135f,
+	0x924: 0x13a3, 0x925: 0x13a7, 0x926: 0x13ff, 0x927: 0x1407, 0x928: 0x14db, 0x929: 0x151f,
+	0x92a: 0x1537, 0x92b: 0x0b9b, 0x92c: 0x171e, 0x92d: 0x11e3,
+	0x930: 0x06df, 0x931: 0x07e3, 0x932: 0x07a3, 0x933: 0x074b, 0x934: 0x078b, 0x935: 0x07b7,
+	0x936: 0x0847, 0x937: 0x0863, 0x938: 0x094b, 0x939: 0x0937, 0x93a: 0x0947, 0x93b: 0x0963,
+	0x93c: 0x09af, 0x93d: 0x09bf, 0x93e: 0x0a03, 0x93f: 0x0a0f,
+	// Block 0x25, offset 0x940
+	0x940: 0x0a2b, 0x941: 0x0a3b, 0x942: 0x0b23, 0x943: 0x0b2b, 0x944: 0x0b5b, 0x945: 0x0b7b,
+	0x946: 0x0bab, 0x947: 0x0bc3, 0x948: 0x0bb3, 0x949: 0x0bd3, 0x94a: 0x0bc7, 0x94b: 0x0beb,
+	0x94c: 0x0c07, 0x94d: 0x0c5f, 0x94e: 0x0c6b, 0x94f: 0x0c73, 0x950: 0x0c9b, 0x951: 0x0cdf,
+	0x952: 0x0d0f, 0x953: 0x0d13, 0x954: 0x0d27, 0x955: 0x0da7, 0x956: 0x0db7, 0x957: 0x0e0f,
+	0x958: 0x0e5b, 0x959: 0x0e53, 0x95a: 0x0e67, 0x95b: 0x0e83, 0x95c: 0x0ebb, 0x95d: 0x1013,
+	0x95e: 0x0edf, 0x95f: 0x0f13, 0x960: 0x0f1f, 0x961: 0x0f5f, 0x962: 0x0f7b, 0x963: 0x0f9f,
+	0x964: 0x0fc3, 0x965: 0x0fc7, 0x966: 0x0fe3, 0x967: 0x0fe7, 0x968: 0x0ff7, 0x969: 0x100b,
+	0x96a: 0x1007, 0x96b: 0x1037, 0x96c: 0x10b3, 0x96d: 0x10cb, 0x96e: 0x10e3, 0x96f: 0x111b,
+	0x970: 0x112f, 0x971: 0x114b, 0x972: 0x117b, 0x973: 0x122f, 0x974: 0x1257, 0x975: 0x12cb,
+	0x976: 0x1313, 0x977: 0x131f, 0x978: 0x1327, 0x979: 0x133f, 0x97a: 0x1353, 0x97b: 0x1343,
+	0x97c: 0x135b, 0x97d: 0x1357, 0x97e: 0x134f, 0x97f: 0x135f,
+	// Block 0x26, offset 0x980
+	0x980: 0x136b, 0x981: 0x13a7, 0x982: 0x13e3, 0x983: 0x1413, 0x984: 0x144b, 0x985: 0x146b,
+	0x986: 0x14b7, 0x987: 0x14db, 0x988: 0x14fb, 0x989: 0x150f, 0x98a: 0x151f, 0x98b: 0x152b,
+	0x98c: 0x1537, 0x98d: 0x158b, 0x98e: 0x162b, 0x98f: 0x16b5, 0x990: 0x16b0, 0x991: 0x16e2,
+	0x992: 0x0607, 0x993: 0x062f, 0x994: 0x0633, 0x995: 0x1764, 0x996: 0x1791, 0x997: 0x1809,
+	0x998: 0x1617, 0x999: 0x1627,
+	// Block 0x27, offset 0x9c0
+	0x9c0: 0x06fb, 0x9c1: 0x06f3, 0x9c2: 0x0703, 0x9c3: 0x1647, 0x9c4: 0x0747, 0x9c5: 0x0757,
+	0x9c6: 0x075b, 0x9c7: 0x0763, 0x9c8: 0x076b, 0x9c9: 0x076f, 0x9ca: 0x077b, 0x9cb: 0x0773,
+	0x9cc: 0x05b3, 0x9cd: 0x165b, 0x9ce: 0x078f, 0x9cf: 0x0793, 0x9d0: 0x0797, 0x9d1: 0x07b3,
+	0x9d2: 0x164c, 0x9d3: 0x05b7, 0x9d4: 0x079f, 0x9d5: 0x07bf, 0x9d6: 0x1656, 0x9d7: 0x07cf,
+	0x9d8: 0x07d7, 0x9d9: 0x0737, 0x9da: 0x07df, 0x9db: 0x07e3, 0x9dc: 0x1831, 0x9dd: 0x07ff,
+	0x9de: 0x0807, 0x9df: 0x05bf, 0x9e0: 0x081f, 0x9e1: 0x0823, 0x9e2: 0x082b, 0x9e3: 0x082f,
+	0x9e4: 0x05c3, 0x9e5: 0x0847, 0x9e6: 0x084b, 0x9e7: 0x0857, 0x9e8: 0x0863, 0x9e9: 0x0867,
+	0x9ea: 0x086b, 0x9eb: 0x0873, 0x9ec: 0x0893, 0x9ed: 0x0897, 0x9ee: 0x089f, 0x9ef: 0x08af,
+	0x9f0: 0x08b7, 0x9f1: 0x08bb, 0x9f2: 0x08bb, 0x9f3: 0x08bb, 0x9f4: 0x166a, 0x9f5: 0x0e93,
+	0x9f6: 0x08cf, 0x9f7: 0x08d7, 0x9f8: 0x166f, 0x9f9: 0x08e3, 0x9fa: 0x08eb, 0x9fb: 0x08f3,
+	0x9fc: 0x091b, 0x9fd: 0x0907, 0x9fe: 0x0913, 0x9ff: 0x0917,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x091f, 0xa01: 0x0927, 0xa02: 0x092b, 0xa03: 0x0933, 0xa04: 0x093b, 0xa05: 0x093f,
+	0xa06: 0x093f, 0xa07: 0x0947, 0xa08: 0x094f, 0xa09: 0x0953, 0xa0a: 0x095f, 0xa0b: 0x0983,
+	0xa0c: 0x0967, 0xa0d: 0x0987, 0xa0e: 0x096b, 0xa0f: 0x0973, 0xa10: 0x080b, 0xa11: 0x09cf,
+	0xa12: 0x0997, 0xa13: 0x099b, 0xa14: 0x099f, 0xa15: 0x0993, 0xa16: 0x09a7, 0xa17: 0x09a3,
+	0xa18: 0x09bb, 0xa19: 0x1674, 0xa1a: 0x09d7, 0xa1b: 0x09db, 0xa1c: 0x09e3, 0xa1d: 0x09ef,
+	0xa1e: 0x09f7, 0xa1f: 0x0a13, 0xa20: 0x1679, 0xa21: 0x167e, 0xa22: 0x0a1f, 0xa23: 0x0a23,
+	0xa24: 0x0a27, 0xa25: 0x0a1b, 0xa26: 0x0a2f, 0xa27: 0x05c7, 0xa28: 0x05cb, 0xa29: 0x0a37,
+	0xa2a: 0x0a3f, 0xa2b: 0x0a3f, 0xa2c: 0x1683, 0xa2d: 0x0a5b, 0xa2e: 0x0a5f, 0xa2f: 0x0a63,
+	0xa30: 0x0a6b, 0xa31: 0x1688, 0xa32: 0x0a73, 0xa33: 0x0a77, 0xa34: 0x0b4f, 0xa35: 0x0a7f,
+	0xa36: 0x05cf, 0xa37: 0x0a8b, 0xa38: 0x0a9b, 0xa39: 0x0aa7, 0xa3a: 0x0aa3, 0xa3b: 0x1692,
+	0xa3c: 0x0aaf, 0xa3d: 0x1697, 0xa3e: 0x0abb, 0xa3f: 0x0ab7,
+	// Block 0x29, offset 0xa40
+	0xa40: 0x0abf, 0xa41: 0x0acf, 0xa42: 0x0ad3, 0xa43: 0x05d3, 0xa44: 0x0ae3, 0xa45: 0x0aeb,
+	0xa46: 0x0aef, 0xa47: 0x0af3, 0xa48: 0x05d7, 0xa49: 0x169c, 0xa4a: 0x05db, 0xa4b: 0x0b0f,
+	0xa4c: 0x0b13, 0xa4d: 0x0b17, 0xa4e: 0x0b1f, 0xa4f: 0x1863, 0xa50: 0x0b37, 0xa51: 0x16a6,
+	0xa52: 0x16a6, 0xa53: 0x11d7, 0xa54: 0x0b47, 0xa55: 0x0b47, 0xa56: 0x05df, 0xa57: 0x16c9,
+	0xa58: 0x179b, 0xa59: 0x0b57, 0xa5a: 0x0b5f, 0xa5b: 0x05e3, 0xa5c: 0x0b73, 0xa5d: 0x0b83,
+	0xa5e: 0x0b87, 0xa5f: 0x0b8f, 0xa60: 0x0b9f, 0xa61: 0x05eb, 0xa62: 0x05e7, 0xa63: 0x0ba3,
+	0xa64: 0x16ab, 0xa65: 0x0ba7, 0xa66: 0x0bbb, 0xa67: 0x0bbf, 0xa68: 0x0bc3, 0xa69: 0x0bbf,
+	0xa6a: 0x0bcf, 0xa6b: 0x0bd3, 0xa6c: 0x0be3, 0xa6d: 0x0bdb, 0xa6e: 0x0bdf, 0xa6f: 0x0be7,
+	0xa70: 0x0beb, 0xa71: 0x0bef, 0xa72: 0x0bfb, 0xa73: 0x0bff, 0xa74: 0x0c17, 0xa75: 0x0c1f,
+	0xa76: 0x0c2f, 0xa77: 0x0c43, 0xa78: 0x16ba, 0xa79: 0x0c3f, 0xa7a: 0x0c33, 0xa7b: 0x0c4b,
+	0xa7c: 0x0c53, 0xa7d: 0x0c67, 0xa7e: 0x16bf, 0xa7f: 0x0c6f,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0x0c63, 0xa81: 0x0c5b, 0xa82: 0x05ef, 0xa83: 0x0c77, 0xa84: 0x0c7f, 0xa85: 0x0c87,
+	0xa86: 0x0c7b, 0xa87: 0x05f3, 0xa88: 0x0c97, 0xa89: 0x0c9f, 0xa8a: 0x16c4, 0xa8b: 0x0ccb,
+	0xa8c: 0x0cff, 0xa8d: 0x0cdb, 0xa8e: 0x05ff, 0xa8f: 0x0ce7, 0xa90: 0x05fb, 0xa91: 0x05f7,
+	0xa92: 0x07c3, 0xa93: 0x07c7, 0xa94: 0x0d03, 0xa95: 0x0ceb, 0xa96: 0x11ab, 0xa97: 0x0663,
+	0xa98: 0x0d0f, 0xa99: 0x0d13, 0xa9a: 0x0d17, 0xa9b: 0x0d2b, 0xa9c: 0x0d23, 0xa9d: 0x16dd,
+	0xa9e: 0x0603, 0xa9f: 0x0d3f, 0xaa0: 0x0d33, 0xaa1: 0x0d4f, 0xaa2: 0x0d57, 0xaa3: 0x16e7,
+	0xaa4: 0x0d5b, 0xaa5: 0x0d47, 0xaa6: 0x0d63, 0xaa7: 0x0607, 0xaa8: 0x0d67, 0xaa9: 0x0d6b,
+	0xaaa: 0x0d6f, 0xaab: 0x0d7b, 0xaac: 0x16ec, 0xaad: 0x0d83, 0xaae: 0x060b, 0xaaf: 0x0d8f,
+	0xab0: 0x16f1, 0xab1: 0x0d93, 0xab2: 0x060f, 0xab3: 0x0d9f, 0xab4: 0x0dab, 0xab5: 0x0db7,
+	0xab6: 0x0dbb, 0xab7: 0x16f6, 0xab8: 0x168d, 0xab9: 0x16fb, 0xaba: 0x0ddb, 0xabb: 0x1700,
+	0xabc: 0x0de7, 0xabd: 0x0def, 0xabe: 0x0ddf, 0xabf: 0x0dfb,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0x0e0b, 0xac1: 0x0e1b, 0xac2: 0x0e0f, 0xac3: 0x0e13, 0xac4: 0x0e1f, 0xac5: 0x0e23,
+	0xac6: 0x1705, 0xac7: 0x0e07, 0xac8: 0x0e3b, 0xac9: 0x0e3f, 0xaca: 0x0613, 0xacb: 0x0e53,
+	0xacc: 0x0e4f, 0xacd: 0x170a, 0xace: 0x0e33, 0xacf: 0x0e6f, 0xad0: 0x170f, 0xad1: 0x1714,
+	0xad2: 0x0e73, 0xad3: 0x0e87, 0xad4: 0x0e83, 0xad5: 0x0e7f, 0xad6: 0x0617, 0xad7: 0x0e8b,
+	0xad8: 0x0e9b, 0xad9: 0x0e97, 0xada: 0x0ea3, 0xadb: 0x1651, 0xadc: 0x0eb3, 0xadd: 0x1719,
+	0xade: 0x0ebf, 0xadf: 0x1723, 0xae0: 0x0ed3, 0xae1: 0x0edf, 0xae2: 0x0ef3, 0xae3: 0x1728,
+	0xae4: 0x0f07, 0xae5: 0x0f0b, 0xae6: 0x172d, 0xae7: 0x1732, 0xae8: 0x0f27, 0xae9: 0x0f37,
+	0xaea: 0x061b, 0xaeb: 0x0f3b, 0xaec: 0x061f, 0xaed: 0x061f, 0xaee: 0x0f53, 0xaef: 0x0f57,
+	0xaf0: 0x0f5f, 0xaf1: 0x0f63, 0xaf2: 0x0f6f, 0xaf3: 0x0623, 0xaf4: 0x0f87, 0xaf5: 0x1737,
+	0xaf6: 0x0fa3, 0xaf7: 0x173c, 0xaf8: 0x0faf, 0xaf9: 0x16a1, 0xafa: 0x0fbf, 0xafb: 0x1741,
+	0xafc: 0x1746, 0xafd: 0x174b, 0xafe: 0x0627, 0xaff: 0x062b,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x0ff7, 0xb01: 0x1755, 0xb02: 0x1750, 0xb03: 0x175a, 0xb04: 0x175f, 0xb05: 0x0fff,
+	0xb06: 0x1003, 0xb07: 0x1003, 0xb08: 0x100b, 0xb09: 0x0633, 0xb0a: 0x100f, 0xb0b: 0x0637,
+	0xb0c: 0x063b, 0xb0d: 0x1769, 0xb0e: 0x1023, 0xb0f: 0x102b, 0xb10: 0x1037, 0xb11: 0x063f,
+	0xb12: 0x176e, 0xb13: 0x105b, 0xb14: 0x1773, 0xb15: 0x1778, 0xb16: 0x107b, 0xb17: 0x1093,
+	0xb18: 0x0643, 0xb19: 0x109b, 0xb1a: 0x109f, 0xb1b: 0x10a3, 0xb1c: 0x177d, 0xb1d: 0x1782,
+	0xb1e: 0x1782, 0xb1f: 0x10bb, 0xb20: 0x0647, 0xb21: 0x1787, 0xb22: 0x10cf, 0xb23: 0x10d3,
+	0xb24: 0x064b, 0xb25: 0x178c, 0xb26: 0x10ef, 0xb27: 0x064f, 0xb28: 0x10ff, 0xb29: 0x10f7,
+	0xb2a: 0x1107, 0xb2b: 0x1796, 0xb2c: 0x111f, 0xb2d: 0x0653, 0xb2e: 0x112b, 0xb2f: 0x1133,
+	0xb30: 0x1143, 0xb31: 0x0657, 0xb32: 0x17a0, 0xb33: 0x17a5, 0xb34: 0x065b, 0xb35: 0x17aa,
+	0xb36: 0x115b, 0xb37: 0x17af, 0xb38: 0x1167, 0xb39: 0x1173, 0xb3a: 0x117b, 0xb3b: 0x17b4,
+	0xb3c: 0x17b9, 0xb3d: 0x118f, 0xb3e: 0x17be, 0xb3f: 0x1197,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x16ce, 0xb41: 0x065f, 0xb42: 0x11af, 0xb43: 0x11b3, 0xb44: 0x0667, 0xb45: 0x11b7,
+	0xb46: 0x0a33, 0xb47: 0x17c3, 0xb48: 0x17c8, 0xb49: 0x16d3, 0xb4a: 0x16d8, 0xb4b: 0x11d7,
+	0xb4c: 0x11db, 0xb4d: 0x13f3, 0xb4e: 0x066b, 0xb4f: 0x1207, 0xb50: 0x1203, 0xb51: 0x120b,
+	0xb52: 0x083f, 0xb53: 0x120f, 0xb54: 0x1213, 0xb55: 0x1217, 0xb56: 0x121f, 0xb57: 0x17cd,
+	0xb58: 0x121b, 0xb59: 0x1223, 0xb5a: 0x1237, 0xb5b: 0x123b, 0xb5c: 0x1227, 0xb5d: 0x123f,
+	0xb5e: 0x1253, 0xb5f: 0x1267, 0xb60: 0x1233, 0xb61: 0x1247, 0xb62: 0x124b, 0xb63: 0x124f,
+	0xb64: 0x17d2, 0xb65: 0x17dc, 0xb66: 0x17d7, 0xb67: 0x066f, 0xb68: 0x126f, 0xb69: 0x1273,
+	0xb6a: 0x127b, 0xb6b: 0x17f0, 0xb6c: 0x127f, 0xb6d: 0x17e1, 0xb6e: 0x0673, 0xb6f: 0x0677,
+	0xb70: 0x17e6, 0xb71: 0x17eb, 0xb72: 0x067b, 0xb73: 0x129f, 0xb74: 0x12a3, 0xb75: 0x12a7,
+	0xb76: 0x12ab, 0xb77: 0x12b7, 0xb78: 0x12b3, 0xb79: 0x12bf, 0xb7a: 0x12bb, 0xb7b: 0x12cb,
+	0xb7c: 0x12c3, 0xb7d: 0x12c7, 0xb7e: 0x12cf, 0xb7f: 0x067f,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x12d7, 0xb81: 0x12db, 0xb82: 0x0683, 0xb83: 0x12eb, 0xb84: 0x12ef, 0xb85: 0x17f5,
+	0xb86: 0x12fb, 0xb87: 0x12ff, 0xb88: 0x0687, 0xb89: 0x130b, 0xb8a: 0x05bb, 0xb8b: 0x17fa,
+	0xb8c: 0x17ff, 0xb8d: 0x068b, 0xb8e: 0x068f, 0xb8f: 0x1337, 0xb90: 0x134f, 0xb91: 0x136b,
+	0xb92: 0x137b, 0xb93: 0x1804, 0xb94: 0x138f, 0xb95: 0x1393, 0xb96: 0x13ab, 0xb97: 0x13b7,
+	0xb98: 0x180e, 0xb99: 0x1660, 0xb9a: 0x13c3, 0xb9b: 0x13bf, 0xb9c: 0x13cb, 0xb9d: 0x1665,
+	0xb9e: 0x13d7, 0xb9f: 0x13e3, 0xba0: 0x1813, 0xba1: 0x1818, 0xba2: 0x1423, 0xba3: 0x142f,
+	0xba4: 0x1437, 0xba5: 0x181d, 0xba6: 0x143b, 0xba7: 0x1467, 0xba8: 0x1473, 0xba9: 0x1477,
+	0xbaa: 0x146f, 0xbab: 0x1483, 0xbac: 0x1487, 0xbad: 0x1822, 0xbae: 0x1493, 0xbaf: 0x0693,
+	0xbb0: 0x149b, 0xbb1: 0x1827, 0xbb2: 0x0697, 0xbb3: 0x14d3, 0xbb4: 0x0ac3, 0xbb5: 0x14eb,
+	0xbb6: 0x182c, 0xbb7: 0x1836, 0xbb8: 0x069b, 0xbb9: 0x069f, 0xbba: 0x1513, 0xbbb: 0x183b,
+	0xbbc: 0x06a3, 0xbbd: 0x1840, 0xbbe: 0x152b, 0xbbf: 0x152b,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x1533, 0xbc1: 0x1845, 0xbc2: 0x154b, 0xbc3: 0x06a7, 0xbc4: 0x155b, 0xbc5: 0x1567,
+	0xbc6: 0x156f, 0xbc7: 0x1577, 0xbc8: 0x06ab, 0xbc9: 0x184a, 0xbca: 0x158b, 0xbcb: 0x15a7,
+	0xbcc: 0x15b3, 0xbcd: 0x06af, 0xbce: 0x06b3, 0xbcf: 0x15b7, 0xbd0: 0x184f, 0xbd1: 0x06b7,
+	0xbd2: 0x1854, 0xbd3: 0x1859, 0xbd4: 0x185e, 0xbd5: 0x15db, 0xbd6: 0x06bb, 0xbd7: 0x15ef,
+	0xbd8: 0x15f7, 0xbd9: 0x15fb, 0xbda: 0x1603, 0xbdb: 0x160b, 0xbdc: 0x1613, 0xbdd: 0x1868,
+}
+
+// nfcIndex: 22 blocks, 1408 entries, 1408 bytes
+// Block 0 is the zero block.
+var nfcIndex = [1408]uint8{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x2e, 0xc3: 0x01, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x2f, 0xc7: 0x04,
+	0xc8: 0x05, 0xca: 0x30, 0xcb: 0x31, 0xcc: 0x06, 0xcd: 0x07, 0xce: 0x08, 0xcf: 0x32,
+	0xd0: 0x09, 0xd1: 0x33, 0xd2: 0x34, 0xd3: 0x0a, 0xd6: 0x0b, 0xd7: 0x35,
+	0xd8: 0x36, 0xd9: 0x0c, 0xdb: 0x37, 0xdc: 0x38, 0xdd: 0x39, 0xdf: 0x3a,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05,
+	0xea: 0x06, 0xeb: 0x07, 0xec: 0x08, 0xed: 0x09, 0xef: 0x0a,
+	0xf0: 0x13,
+	// Block 0x4, offset 0x100
+	0x120: 0x3b, 0x121: 0x3c, 0x123: 0x0d, 0x124: 0x3d, 0x125: 0x3e, 0x126: 0x3f, 0x127: 0x40,
+	0x128: 0x41, 0x129: 0x42, 0x12a: 0x43, 0x12b: 0x44, 0x12c: 0x3f, 0x12d: 0x45, 0x12e: 0x46, 0x12f: 0x47,
+	0x131: 0x48, 0x132: 0x49, 0x133: 0x4a, 0x134: 0x4b, 0x135: 0x4c, 0x137: 0x4d,
+	0x138: 0x4e, 0x139: 0x4f, 0x13a: 0x50, 0x13b: 0x51, 0x13c: 0x52, 0x13d: 0x53, 0x13e: 0x54, 0x13f: 0x55,
+	// Block 0x5, offset 0x140
+	0x140: 0x56, 0x142: 0x57, 0x144: 0x58, 0x145: 0x59, 0x146: 0x5a, 0x147: 0x5b,
+	0x14d: 0x5c,
+	0x15c: 0x5d, 0x15f: 0x5e,
+	0x162: 0x5f, 0x164: 0x60,
+	0x168: 0x61, 0x169: 0x62, 0x16a: 0x63, 0x16c: 0x0e, 0x16d: 0x64, 0x16e: 0x65, 0x16f: 0x66,
+	0x170: 0x67, 0x173: 0x68, 0x177: 0x0f,
+	0x178: 0x10, 0x179: 0x11, 0x17a: 0x12, 0x17b: 0x13, 0x17c: 0x14, 0x17d: 0x15, 0x17e: 0x16, 0x17f: 0x17,
+	// Block 0x6, offset 0x180
+	0x180: 0x69, 0x183: 0x6a, 0x184: 0x6b, 0x186: 0x6c, 0x187: 0x6d,
+	0x188: 0x6e, 0x189: 0x18, 0x18a: 0x19, 0x18b: 0x6f, 0x18c: 0x70,
+	0x1ab: 0x71,
+	0x1b3: 0x72, 0x1b5: 0x73, 0x1b7: 0x74,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x75, 0x1c1: 0x1a, 0x1c2: 0x1b, 0x1c3: 0x1c, 0x1c4: 0x76, 0x1c5: 0x77,
+	0x1c9: 0x78, 0x1cc: 0x79, 0x1cd: 0x7a,
+	// Block 0x8, offset 0x200
+	0x219: 0x7b, 0x21a: 0x7c, 0x21b: 0x7d,
+	0x220: 0x7e, 0x223: 0x7f, 0x224: 0x80, 0x225: 0x81, 0x226: 0x82, 0x227: 0x83,
+	0x22a: 0x84, 0x22b: 0x85, 0x22f: 0x86,
+	0x230: 0x87, 0x231: 0x88, 0x232: 0x89, 0x233: 0x8a, 0x234: 0x8b, 0x235: 0x8c, 0x236: 0x8d, 0x237: 0x87,
+	0x238: 0x88, 0x239: 0x89, 0x23a: 0x8a, 0x23b: 0x8b, 0x23c: 0x8c, 0x23d: 0x8d, 0x23e: 0x87, 0x23f: 0x88,
+	// Block 0x9, offset 0x240
+	0x240: 0x89, 0x241: 0x8a, 0x242: 0x8b, 0x243: 0x8c, 0x244: 0x8d, 0x245: 0x87, 0x246: 0x88, 0x247: 0x89,
+	0x248: 0x8a, 0x249: 0x8b, 0x24a: 0x8c, 0x24b: 0x8d, 0x24c: 0x87, 0x24d: 0x88, 0x24e: 0x89, 0x24f: 0x8a,
+	0x250: 0x8b, 0x251: 0x8c, 0x252: 0x8d, 0x253: 0x87, 0x254: 0x88, 0x255: 0x89, 0x256: 0x8a, 0x257: 0x8b,
+	0x258: 0x8c, 0x259: 0x8d, 0x25a: 0x87, 0x25b: 0x88, 0x25c: 0x89, 0x25d: 0x8a, 0x25e: 0x8b, 0x25f: 0x8c,
+	0x260: 0x8d, 0x261: 0x87, 0x262: 0x88, 0x263: 0x89, 0x264: 0x8a, 0x265: 0x8b, 0x266: 0x8c, 0x267: 0x8d,
+	0x268: 0x87, 0x269: 0x88, 0x26a: 0x89, 0x26b: 0x8a, 0x26c: 0x8b, 0x26d: 0x8c, 0x26e: 0x8d, 0x26f: 0x87,
+	0x270: 0x88, 0x271: 0x89, 0x272: 0x8a, 0x273: 0x8b, 0x274: 0x8c, 0x275: 0x8d, 0x276: 0x87, 0x277: 0x88,
+	0x278: 0x89, 0x279: 0x8a, 0x27a: 0x8b, 0x27b: 0x8c, 0x27c: 0x8d, 0x27d: 0x87, 0x27e: 0x88, 0x27f: 0x89,
+	// Block 0xa, offset 0x280
+	0x280: 0x8a, 0x281: 0x8b, 0x282: 0x8c, 0x283: 0x8d, 0x284: 0x87, 0x285: 0x88, 0x286: 0x89, 0x287: 0x8a,
+	0x288: 0x8b, 0x289: 0x8c, 0x28a: 0x8d, 0x28b: 0x87, 0x28c: 0x88, 0x28d: 0x89, 0x28e: 0x8a, 0x28f: 0x8b,
+	0x290: 0x8c, 0x291: 0x8d, 0x292: 0x87, 0x293: 0x88, 0x294: 0x89, 0x295: 0x8a, 0x296: 0x8b, 0x297: 0x8c,
+	0x298: 0x8d, 0x299: 0x87, 0x29a: 0x88, 0x29b: 0x89, 0x29c: 0x8a, 0x29d: 0x8b, 0x29e: 0x8c, 0x29f: 0x8d,
+	0x2a0: 0x87, 0x2a1: 0x88, 0x2a2: 0x89, 0x2a3: 0x8a, 0x2a4: 0x8b, 0x2a5: 0x8c, 0x2a6: 0x8d, 0x2a7: 0x87,
+	0x2a8: 0x88, 0x2a9: 0x89, 0x2aa: 0x8a, 0x2ab: 0x8b, 0x2ac: 0x8c, 0x2ad: 0x8d, 0x2ae: 0x87, 0x2af: 0x88,
+	0x2b0: 0x89, 0x2b1: 0x8a, 0x2b2: 0x8b, 0x2b3: 0x8c, 0x2b4: 0x8d, 0x2b5: 0x87, 0x2b6: 0x88, 0x2b7: 0x89,
+	0x2b8: 0x8a, 0x2b9: 0x8b, 0x2ba: 0x8c, 0x2bb: 0x8d, 0x2bc: 0x87, 0x2bd: 0x88, 0x2be: 0x89, 0x2bf: 0x8a,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x8b, 0x2c1: 0x8c, 0x2c2: 0x8d, 0x2c3: 0x87, 0x2c4: 0x88, 0x2c5: 0x89, 0x2c6: 0x8a, 0x2c7: 0x8b,
+	0x2c8: 0x8c, 0x2c9: 0x8d, 0x2ca: 0x87, 0x2cb: 0x88, 0x2cc: 0x89, 0x2cd: 0x8a, 0x2ce: 0x8b, 0x2cf: 0x8c,
+	0x2d0: 0x8d, 0x2d1: 0x87, 0x2d2: 0x88, 0x2d3: 0x89, 0x2d4: 0x8a, 0x2d5: 0x8b, 0x2d6: 0x8c, 0x2d7: 0x8d,
+	0x2d8: 0x87, 0x2d9: 0x88, 0x2da: 0x89, 0x2db: 0x8a, 0x2dc: 0x8b, 0x2dd: 0x8c, 0x2de: 0x8e,
+	// Block 0xc, offset 0x300
+	0x324: 0x1d, 0x325: 0x1e, 0x326: 0x1f, 0x327: 0x20,
+	0x328: 0x21, 0x329: 0x22, 0x32a: 0x23, 0x32b: 0x24, 0x32c: 0x8f, 0x32d: 0x90, 0x32e: 0x91,
+	0x331: 0x92, 0x332: 0x93, 0x333: 0x94, 0x334: 0x95,
+	0x338: 0x96, 0x339: 0x97, 0x33a: 0x98, 0x33b: 0x99, 0x33e: 0x9a, 0x33f: 0x9b,
+	// Block 0xd, offset 0x340
+	0x347: 0x9c,
+	0x34b: 0x9d, 0x34d: 0x9e,
+	0x368: 0x9f, 0x36b: 0xa0,
+	0x374: 0xa1,
+	0x37d: 0xa2,
+	// Block 0xe, offset 0x380
+	0x381: 0xa3, 0x382: 0xa4, 0x384: 0xa5, 0x385: 0x82, 0x387: 0xa6,
+	0x388: 0xa7, 0x38b: 0xa8, 0x38c: 0xa9, 0x38d: 0xaa,
+	0x391: 0xab, 0x392: 0xac, 0x393: 0xad, 0x396: 0xae, 0x397: 0xaf,
+	0x398: 0x73, 0x39a: 0xb0, 0x39c: 0xb1,
+	0x3a0: 0xb2,
+	0x3a8: 0xb3, 0x3a9: 0xb4, 0x3aa: 0xb5,
+	0x3b0: 0x73, 0x3b5: 0xb6, 0x3b6: 0xb7,
+	// Block 0xf, offset 0x3c0
+	0x3eb: 0xb8, 0x3ec: 0xb9,
+	// Block 0x10, offset 0x400
+	0x432: 0xba,
+	// Block 0x11, offset 0x440
+	0x445: 0xbb, 0x446: 0xbc, 0x447: 0xbd,
+	0x449: 0xbe,
+	// Block 0x12, offset 0x480
+	0x480: 0xbf,
+	0x4a3: 0xc0, 0x4a5: 0xc1,
+	// Block 0x13, offset 0x4c0
+	0x4c8: 0xc2,
+	// Block 0x14, offset 0x500
+	0x520: 0x25, 0x521: 0x26, 0x522: 0x27, 0x523: 0x28, 0x524: 0x29, 0x525: 0x2a, 0x526: 0x2b, 0x527: 0x2c,
+	0x528: 0x2d,
+	// Block 0x15, offset 0x540
+	0x550: 0x0b, 0x551: 0x0c, 0x556: 0x0d,
+	0x55b: 0x0e, 0x55d: 0x0f, 0x55e: 0x10, 0x55f: 0x11,
+	0x56f: 0x12,
+}
+
+// nfcSparseOffset: 149 entries, 298 bytes
+var nfcSparseOffset = []uint16{0x0, 0x5, 0x9, 0xb, 0xd, 0x18, 0x28, 0x2a, 0x2f, 0x3a, 0x49, 0x56, 0x5e, 0x63, 0x68, 0x6a, 0x72, 0x79, 0x7c, 0x84, 0x88, 0x8c, 0x8e, 0x90, 0x99, 0x9d, 0xa4, 0xa9, 0xac, 0xb6, 0xb9, 0xc0, 0xc8, 0xcb, 0xcd, 0xcf, 0xd1, 0xd6, 0xe7, 0xf3, 0xf5, 0xfb, 0xfd, 0xff, 0x101, 0x103, 0x105, 0x107, 0x10a, 0x10d, 0x10f, 0x112, 0x115, 0x119, 0x11e, 0x127, 0x129, 0x12c, 0x12e, 0x139, 0x13d, 0x14b, 0x14e, 0x154, 0x15a, 0x165, 0x169, 0x16b, 0x16d, 0x16f, 0x171, 0x173, 0x179, 0x17d, 0x17f, 0x181, 0x189, 0x18d, 0x190, 0x192, 0x194, 0x196, 0x199, 0x19b, 0x19d, 0x19f, 0x1a1, 0x1a7, 0x1aa, 0x1ac, 0x1b3, 0x1b9, 0x1bf, 0x1c7, 0x1cd, 0x1d3, 0x1d9, 0x1dd, 0x1eb, 0x1f4, 0x1f7, 0x1fa, 0x1fc, 0x1ff, 0x201, 0x205, 0x20a, 0x20c, 0x20e, 0x213, 0x219, 0x21b, 0x21d, 0x21f, 0x225, 0x228, 0x22a, 0x230, 0x233, 0x23b, 0x242, 0x245, 0x248, 0x24a, 0x24d, 0x255, 0x259, 0x260, 0x263, 0x269, 0x26b, 0x26e, 0x270, 0x273, 0x275, 0x277, 0x279, 0x27c, 0x27e, 0x280, 0x282, 0x284, 0x291, 0x29b, 0x29d, 0x29f, 0x2a5, 0x2a7, 0x2aa}
+
+// nfcSparseValues: 684 entries, 2736 bytes
+var nfcSparseValues = [684]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0000, lo: 0x04},
+	{value: 0xa100, lo: 0xa8, hi: 0xa8},
+	{value: 0x8100, lo: 0xaf, hi: 0xaf},
+	{value: 0x8100, lo: 0xb4, hi: 0xb4},
+	{value: 0x8100, lo: 0xb8, hi: 0xb8},
+	// Block 0x1, offset 0x5
+	{value: 0x0091, lo: 0x03},
+	{value: 0x46e2, lo: 0xa0, hi: 0xa1},
+	{value: 0x4714, lo: 0xaf, hi: 0xb0},
+	{value: 0xa000, lo: 0xb7, hi: 0xb7},
+	// Block 0x2, offset 0x9
+	{value: 0x0000, lo: 0x01},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	// Block 0x3, offset 0xb
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0x98, hi: 0x9d},
+	// Block 0x4, offset 0xd
+	{value: 0x0006, lo: 0x0a},
+	{value: 0xa000, lo: 0x81, hi: 0x81},
+	{value: 0xa000, lo: 0x85, hi: 0x85},
+	{value: 0xa000, lo: 0x89, hi: 0x89},
+	{value: 0x4840, lo: 0x8a, hi: 0x8a},
+	{value: 0x485e, lo: 0x8b, hi: 0x8b},
+	{value: 0x36c7, lo: 0x8c, hi: 0x8c},
+	{value: 0x36df, lo: 0x8d, hi: 0x8d},
+	{value: 0x4876, lo: 0x8e, hi: 0x8e},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x36fd, lo: 0x93, hi: 0x94},
+	// Block 0x5, offset 0x18
+	{value: 0x0000, lo: 0x0f},
+	{value: 0xa000, lo: 0x83, hi: 0x83},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0xa000, lo: 0x8b, hi: 0x8b},
+	{value: 0xa000, lo: 0x8d, hi: 0x8d},
+	{value: 0x37a5, lo: 0x90, hi: 0x90},
+	{value: 0x37b1, lo: 0x91, hi: 0x91},
+	{value: 0x379f, lo: 0x93, hi: 0x93},
+	{value: 0xa000, lo: 0x96, hi: 0x96},
+	{value: 0x3817, lo: 0x97, hi: 0x97},
+	{value: 0x37e1, lo: 0x9c, hi: 0x9c},
+	{value: 0x37c9, lo: 0x9d, hi: 0x9d},
+	{value: 0x37f3, lo: 0x9e, hi: 0x9e},
+	{value: 0xa000, lo: 0xb4, hi: 0xb5},
+	{value: 0x381d, lo: 0xb6, hi: 0xb6},
+	{value: 0x3823, lo: 0xb7, hi: 0xb7},
+	// Block 0x6, offset 0x28
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x83, hi: 0x87},
+	// Block 0x7, offset 0x2a
+	{value: 0x0001, lo: 0x04},
+	{value: 0x8113, lo: 0x81, hi: 0x82},
+	{value: 0x8132, lo: 0x84, hi: 0x84},
+	{value: 0x812d, lo: 0x85, hi: 0x85},
+	{value: 0x810d, lo: 0x87, hi: 0x87},
+	// Block 0x8, offset 0x2f
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x8132, lo: 0x90, hi: 0x97},
+	{value: 0x8119, lo: 0x98, hi: 0x98},
+	{value: 0x811a, lo: 0x99, hi: 0x99},
+	{value: 0x811b, lo: 0x9a, hi: 0x9a},
+	{value: 0x3841, lo: 0xa2, hi: 0xa2},
+	{value: 0x3847, lo: 0xa3, hi: 0xa3},
+	{value: 0x3853, lo: 0xa4, hi: 0xa4},
+	{value: 0x384d, lo: 0xa5, hi: 0xa5},
+	{value: 0x3859, lo: 0xa6, hi: 0xa6},
+	{value: 0xa000, lo: 0xa7, hi: 0xa7},
+	// Block 0x9, offset 0x3a
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x386b, lo: 0x80, hi: 0x80},
+	{value: 0xa000, lo: 0x81, hi: 0x81},
+	{value: 0x385f, lo: 0x82, hi: 0x82},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x3865, lo: 0x93, hi: 0x93},
+	{value: 0xa000, lo: 0x95, hi: 0x95},
+	{value: 0x8132, lo: 0x96, hi: 0x9c},
+	{value: 0x8132, lo: 0x9f, hi: 0xa2},
+	{value: 0x812d, lo: 0xa3, hi: 0xa3},
+	{value: 0x8132, lo: 0xa4, hi: 0xa4},
+	{value: 0x8132, lo: 0xa7, hi: 0xa8},
+	{value: 0x812d, lo: 0xaa, hi: 0xaa},
+	{value: 0x8132, lo: 0xab, hi: 0xac},
+	{value: 0x812d, lo: 0xad, hi: 0xad},
+	// Block 0xa, offset 0x49
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x811f, lo: 0x91, hi: 0x91},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	{value: 0x812d, lo: 0xb1, hi: 0xb1},
+	{value: 0x8132, lo: 0xb2, hi: 0xb3},
+	{value: 0x812d, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb5, hi: 0xb6},
+	{value: 0x812d, lo: 0xb7, hi: 0xb9},
+	{value: 0x8132, lo: 0xba, hi: 0xba},
+	{value: 0x812d, lo: 0xbb, hi: 0xbc},
+	{value: 0x8132, lo: 0xbd, hi: 0xbd},
+	{value: 0x812d, lo: 0xbe, hi: 0xbe},
+	{value: 0x8132, lo: 0xbf, hi: 0xbf},
+	// Block 0xb, offset 0x56
+	{value: 0x0005, lo: 0x07},
+	{value: 0x8132, lo: 0x80, hi: 0x80},
+	{value: 0x8132, lo: 0x81, hi: 0x81},
+	{value: 0x812d, lo: 0x82, hi: 0x83},
+	{value: 0x812d, lo: 0x84, hi: 0x85},
+	{value: 0x812d, lo: 0x86, hi: 0x87},
+	{value: 0x812d, lo: 0x88, hi: 0x89},
+	{value: 0x8132, lo: 0x8a, hi: 0x8a},
+	// Block 0xc, offset 0x5e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0xab, hi: 0xb1},
+	{value: 0x812d, lo: 0xb2, hi: 0xb2},
+	{value: 0x8132, lo: 0xb3, hi: 0xb3},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0xd, offset 0x63
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0x96, hi: 0x99},
+	{value: 0x8132, lo: 0x9b, hi: 0xa3},
+	{value: 0x8132, lo: 0xa5, hi: 0xa7},
+	{value: 0x8132, lo: 0xa9, hi: 0xad},
+	// Block 0xe, offset 0x68
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x99, hi: 0x9b},
+	// Block 0xf, offset 0x6a
+	{value: 0x0000, lo: 0x07},
+	{value: 0xa000, lo: 0xa8, hi: 0xa8},
+	{value: 0x3ed8, lo: 0xa9, hi: 0xa9},
+	{value: 0xa000, lo: 0xb0, hi: 0xb0},
+	{value: 0x3ee0, lo: 0xb1, hi: 0xb1},
+	{value: 0xa000, lo: 0xb3, hi: 0xb3},
+	{value: 0x3ee8, lo: 0xb4, hi: 0xb4},
+	{value: 0x9902, lo: 0xbc, hi: 0xbc},
+	// Block 0x10, offset 0x72
+	{value: 0x0008, lo: 0x06},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x8132, lo: 0x91, hi: 0x91},
+	{value: 0x812d, lo: 0x92, hi: 0x92},
+	{value: 0x8132, lo: 0x93, hi: 0x93},
+	{value: 0x8132, lo: 0x94, hi: 0x94},
+	{value: 0x451c, lo: 0x98, hi: 0x9f},
+	// Block 0x11, offset 0x79
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x12, offset 0x7c
+	{value: 0x0008, lo: 0x07},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2c9e, lo: 0x8b, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	{value: 0x455c, lo: 0x9c, hi: 0x9d},
+	{value: 0x456c, lo: 0x9f, hi: 0x9f},
+	{value: 0x8132, lo: 0xbe, hi: 0xbe},
+	// Block 0x13, offset 0x84
+	{value: 0x0000, lo: 0x03},
+	{value: 0x4594, lo: 0xb3, hi: 0xb3},
+	{value: 0x459c, lo: 0xb6, hi: 0xb6},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	// Block 0x14, offset 0x88
+	{value: 0x0008, lo: 0x03},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x4574, lo: 0x99, hi: 0x9b},
+	{value: 0x458c, lo: 0x9e, hi: 0x9e},
+	// Block 0x15, offset 0x8c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	// Block 0x16, offset 0x8e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	// Block 0x17, offset 0x90
+	{value: 0x0000, lo: 0x08},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2cb6, lo: 0x88, hi: 0x88},
+	{value: 0x2cae, lo: 0x8b, hi: 0x8b},
+	{value: 0x2cbe, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x96, hi: 0x97},
+	{value: 0x45a4, lo: 0x9c, hi: 0x9c},
+	{value: 0x45ac, lo: 0x9d, hi: 0x9d},
+	// Block 0x18, offset 0x99
+	{value: 0x0000, lo: 0x03},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x2cc6, lo: 0x94, hi: 0x94},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x19, offset 0x9d
+	{value: 0x0000, lo: 0x06},
+	{value: 0xa000, lo: 0x86, hi: 0x87},
+	{value: 0x2cce, lo: 0x8a, hi: 0x8a},
+	{value: 0x2cde, lo: 0x8b, hi: 0x8b},
+	{value: 0x2cd6, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	// Block 0x1a, offset 0xa4
+	{value: 0x1801, lo: 0x04},
+	{value: 0xa000, lo: 0x86, hi: 0x86},
+	{value: 0x3ef0, lo: 0x88, hi: 0x88},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x8120, lo: 0x95, hi: 0x96},
+	// Block 0x1b, offset 0xa9
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	{value: 0xa000, lo: 0xbf, hi: 0xbf},
+	// Block 0x1c, offset 0xac
+	{value: 0x0000, lo: 0x09},
+	{value: 0x2ce6, lo: 0x80, hi: 0x80},
+	{value: 0x9900, lo: 0x82, hi: 0x82},
+	{value: 0xa000, lo: 0x86, hi: 0x86},
+	{value: 0x2cee, lo: 0x87, hi: 0x87},
+	{value: 0x2cf6, lo: 0x88, hi: 0x88},
+	{value: 0x2f50, lo: 0x8a, hi: 0x8a},
+	{value: 0x2dd8, lo: 0x8b, hi: 0x8b},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x95, hi: 0x96},
+	// Block 0x1d, offset 0xb6
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xbb, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x1e, offset 0xb9
+	{value: 0x0000, lo: 0x06},
+	{value: 0xa000, lo: 0x86, hi: 0x87},
+	{value: 0x2cfe, lo: 0x8a, hi: 0x8a},
+	{value: 0x2d0e, lo: 0x8b, hi: 0x8b},
+	{value: 0x2d06, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	// Block 0x1f, offset 0xc0
+	{value: 0x6bea, lo: 0x07},
+	{value: 0x9904, lo: 0x8a, hi: 0x8a},
+	{value: 0x9900, lo: 0x8f, hi: 0x8f},
+	{value: 0xa000, lo: 0x99, hi: 0x99},
+	{value: 0x3ef8, lo: 0x9a, hi: 0x9a},
+	{value: 0x2f58, lo: 0x9c, hi: 0x9c},
+	{value: 0x2de3, lo: 0x9d, hi: 0x9d},
+	{value: 0x2d16, lo: 0x9e, hi: 0x9f},
+	// Block 0x20, offset 0xc8
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8122, lo: 0xb8, hi: 0xb9},
+	{value: 0x8104, lo: 0xba, hi: 0xba},
+	// Block 0x21, offset 0xcb
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8123, lo: 0x88, hi: 0x8b},
+	// Block 0x22, offset 0xcd
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8124, lo: 0xb8, hi: 0xb9},
+	// Block 0x23, offset 0xcf
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8125, lo: 0x88, hi: 0x8b},
+	// Block 0x24, offset 0xd1
+	{value: 0x0000, lo: 0x04},
+	{value: 0x812d, lo: 0x98, hi: 0x99},
+	{value: 0x812d, lo: 0xb5, hi: 0xb5},
+	{value: 0x812d, lo: 0xb7, hi: 0xb7},
+	{value: 0x812b, lo: 0xb9, hi: 0xb9},
+	// Block 0x25, offset 0xd6
+	{value: 0x0000, lo: 0x10},
+	{value: 0x2644, lo: 0x83, hi: 0x83},
+	{value: 0x264b, lo: 0x8d, hi: 0x8d},
+	{value: 0x2652, lo: 0x92, hi: 0x92},
+	{value: 0x2659, lo: 0x97, hi: 0x97},
+	{value: 0x2660, lo: 0x9c, hi: 0x9c},
+	{value: 0x263d, lo: 0xa9, hi: 0xa9},
+	{value: 0x8126, lo: 0xb1, hi: 0xb1},
+	{value: 0x8127, lo: 0xb2, hi: 0xb2},
+	{value: 0x4a84, lo: 0xb3, hi: 0xb3},
+	{value: 0x8128, lo: 0xb4, hi: 0xb4},
+	{value: 0x4a8d, lo: 0xb5, hi: 0xb5},
+	{value: 0x45b4, lo: 0xb6, hi: 0xb6},
+	{value: 0x8200, lo: 0xb7, hi: 0xb7},
+	{value: 0x45bc, lo: 0xb8, hi: 0xb8},
+	{value: 0x8200, lo: 0xb9, hi: 0xb9},
+	{value: 0x8127, lo: 0xba, hi: 0xbd},
+	// Block 0x26, offset 0xe7
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x8127, lo: 0x80, hi: 0x80},
+	{value: 0x4a96, lo: 0x81, hi: 0x81},
+	{value: 0x8132, lo: 0x82, hi: 0x83},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0x86, hi: 0x87},
+	{value: 0x266e, lo: 0x93, hi: 0x93},
+	{value: 0x2675, lo: 0x9d, hi: 0x9d},
+	{value: 0x267c, lo: 0xa2, hi: 0xa2},
+	{value: 0x2683, lo: 0xa7, hi: 0xa7},
+	{value: 0x268a, lo: 0xac, hi: 0xac},
+	{value: 0x2667, lo: 0xb9, hi: 0xb9},
+	// Block 0x27, offset 0xf3
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x86, hi: 0x86},
+	// Block 0x28, offset 0xf5
+	{value: 0x0000, lo: 0x05},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x2d1e, lo: 0xa6, hi: 0xa6},
+	{value: 0x9900, lo: 0xae, hi: 0xae},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	{value: 0x8104, lo: 0xb9, hi: 0xba},
+	// Block 0x29, offset 0xfb
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x8d, hi: 0x8d},
+	// Block 0x2a, offset 0xfd
+	{value: 0x0000, lo: 0x01},
+	{value: 0xa000, lo: 0x80, hi: 0x92},
+	// Block 0x2b, offset 0xff
+	{value: 0x0000, lo: 0x01},
+	{value: 0xb900, lo: 0xa1, hi: 0xb5},
+	// Block 0x2c, offset 0x101
+	{value: 0x0000, lo: 0x01},
+	{value: 0x9900, lo: 0xa8, hi: 0xbf},
+	// Block 0x2d, offset 0x103
+	{value: 0x0000, lo: 0x01},
+	{value: 0x9900, lo: 0x80, hi: 0x82},
+	// Block 0x2e, offset 0x105
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x9d, hi: 0x9f},
+	// Block 0x2f, offset 0x107
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x94, hi: 0x94},
+	{value: 0x8104, lo: 0xb4, hi: 0xb4},
+	// Block 0x30, offset 0x10a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x92, hi: 0x92},
+	{value: 0x8132, lo: 0x9d, hi: 0x9d},
+	// Block 0x31, offset 0x10d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8131, lo: 0xa9, hi: 0xa9},
+	// Block 0x32, offset 0x10f
+	{value: 0x0004, lo: 0x02},
+	{value: 0x812e, lo: 0xb9, hi: 0xba},
+	{value: 0x812d, lo: 0xbb, hi: 0xbb},
+	// Block 0x33, offset 0x112
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x97, hi: 0x97},
+	{value: 0x812d, lo: 0x98, hi: 0x98},
+	// Block 0x34, offset 0x115
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8104, lo: 0xa0, hi: 0xa0},
+	{value: 0x8132, lo: 0xb5, hi: 0xbc},
+	{value: 0x812d, lo: 0xbf, hi: 0xbf},
+	// Block 0x35, offset 0x119
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0xb0, hi: 0xb4},
+	{value: 0x812d, lo: 0xb5, hi: 0xba},
+	{value: 0x8132, lo: 0xbb, hi: 0xbc},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0x36, offset 0x11e
+	{value: 0x0000, lo: 0x08},
+	{value: 0x2d66, lo: 0x80, hi: 0x80},
+	{value: 0x2d6e, lo: 0x81, hi: 0x81},
+	{value: 0xa000, lo: 0x82, hi: 0x82},
+	{value: 0x2d76, lo: 0x83, hi: 0x83},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0xab, hi: 0xab},
+	{value: 0x812d, lo: 0xac, hi: 0xac},
+	{value: 0x8132, lo: 0xad, hi: 0xb3},
+	// Block 0x37, offset 0x127
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xaa, hi: 0xab},
+	// Block 0x38, offset 0x129
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xa6, hi: 0xa6},
+	{value: 0x8104, lo: 0xb2, hi: 0xb3},
+	// Block 0x39, offset 0x12c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	// Block 0x3a, offset 0x12e
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x8132, lo: 0x90, hi: 0x92},
+	{value: 0x8101, lo: 0x94, hi: 0x94},
+	{value: 0x812d, lo: 0x95, hi: 0x99},
+	{value: 0x8132, lo: 0x9a, hi: 0x9b},
+	{value: 0x812d, lo: 0x9c, hi: 0x9f},
+	{value: 0x8132, lo: 0xa0, hi: 0xa0},
+	{value: 0x8101, lo: 0xa2, hi: 0xa8},
+	{value: 0x812d, lo: 0xad, hi: 0xad},
+	{value: 0x8132, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb8, hi: 0xb9},
+	// Block 0x3b, offset 0x139
+	{value: 0x0004, lo: 0x03},
+	{value: 0x0433, lo: 0x80, hi: 0x81},
+	{value: 0x8100, lo: 0x97, hi: 0x97},
+	{value: 0x8100, lo: 0xbe, hi: 0xbe},
+	// Block 0x3c, offset 0x13d
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x8132, lo: 0x90, hi: 0x91},
+	{value: 0x8101, lo: 0x92, hi: 0x93},
+	{value: 0x8132, lo: 0x94, hi: 0x97},
+	{value: 0x8101, lo: 0x98, hi: 0x9a},
+	{value: 0x8132, lo: 0x9b, hi: 0x9c},
+	{value: 0x8132, lo: 0xa1, hi: 0xa1},
+	{value: 0x8101, lo: 0xa5, hi: 0xa6},
+	{value: 0x8132, lo: 0xa7, hi: 0xa7},
+	{value: 0x812d, lo: 0xa8, hi: 0xa8},
+	{value: 0x8132, lo: 0xa9, hi: 0xa9},
+	{value: 0x8101, lo: 0xaa, hi: 0xab},
+	{value: 0x812d, lo: 0xac, hi: 0xaf},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	// Block 0x3d, offset 0x14b
+	{value: 0x427b, lo: 0x02},
+	{value: 0x01b8, lo: 0xa6, hi: 0xa6},
+	{value: 0x0057, lo: 0xaa, hi: 0xab},
+	// Block 0x3e, offset 0x14e
+	{value: 0x0007, lo: 0x05},
+	{value: 0xa000, lo: 0x90, hi: 0x90},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0xa000, lo: 0x94, hi: 0x94},
+	{value: 0x3bb9, lo: 0x9a, hi: 0x9b},
+	{value: 0x3bc7, lo: 0xae, hi: 0xae},
+	// Block 0x3f, offset 0x154
+	{value: 0x000e, lo: 0x05},
+	{value: 0x3bce, lo: 0x8d, hi: 0x8e},
+	{value: 0x3bd5, lo: 0x8f, hi: 0x8f},
+	{value: 0xa000, lo: 0x90, hi: 0x90},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0xa000, lo: 0x94, hi: 0x94},
+	// Block 0x40, offset 0x15a
+	{value: 0x6408, lo: 0x0a},
+	{value: 0xa000, lo: 0x83, hi: 0x83},
+	{value: 0x3be3, lo: 0x84, hi: 0x84},
+	{value: 0xa000, lo: 0x88, hi: 0x88},
+	{value: 0x3bea, lo: 0x89, hi: 0x89},
+	{value: 0xa000, lo: 0x8b, hi: 0x8b},
+	{value: 0x3bf1, lo: 0x8c, hi: 0x8c},
+	{value: 0xa000, lo: 0xa3, hi: 0xa3},
+	{value: 0x3bf8, lo: 0xa4, hi: 0xa5},
+	{value: 0x3bff, lo: 0xa6, hi: 0xa6},
+	{value: 0xa000, lo: 0xbc, hi: 0xbc},
+	// Block 0x41, offset 0x165
+	{value: 0x0007, lo: 0x03},
+	{value: 0x3c68, lo: 0xa0, hi: 0xa1},
+	{value: 0x3c92, lo: 0xa2, hi: 0xa3},
+	{value: 0x3cbc, lo: 0xaa, hi: 0xad},
+	// Block 0x42, offset 0x169
+	{value: 0x0004, lo: 0x01},
+	{value: 0x048b, lo: 0xa9, hi: 0xaa},
+	// Block 0x43, offset 0x16b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x44dd, lo: 0x9c, hi: 0x9c},
+	// Block 0x44, offset 0x16d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xaf, hi: 0xb1},
+	// Block 0x45, offset 0x16f
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x46, offset 0x171
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xa0, hi: 0xbf},
+	// Block 0x47, offset 0x173
+	{value: 0x0000, lo: 0x05},
+	{value: 0x812c, lo: 0xaa, hi: 0xaa},
+	{value: 0x8131, lo: 0xab, hi: 0xab},
+	{value: 0x8133, lo: 0xac, hi: 0xac},
+	{value: 0x812e, lo: 0xad, hi: 0xad},
+	{value: 0x812f, lo: 0xae, hi: 0xaf},
+	// Block 0x48, offset 0x179
+	{value: 0x0000, lo: 0x03},
+	{value: 0x4a9f, lo: 0xb3, hi: 0xb3},
+	{value: 0x4a9f, lo: 0xb5, hi: 0xb6},
+	{value: 0x4a9f, lo: 0xba, hi: 0xbf},
+	// Block 0x49, offset 0x17d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x4a9f, lo: 0x8f, hi: 0xa3},
+	// Block 0x4a, offset 0x17f
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0xae, hi: 0xbe},
+	// Block 0x4b, offset 0x181
+	{value: 0x0000, lo: 0x07},
+	{value: 0x8100, lo: 0x84, hi: 0x84},
+	{value: 0x8100, lo: 0x87, hi: 0x87},
+	{value: 0x8100, lo: 0x90, hi: 0x90},
+	{value: 0x8100, lo: 0x9e, hi: 0x9e},
+	{value: 0x8100, lo: 0xa1, hi: 0xa1},
+	{value: 0x8100, lo: 0xb2, hi: 0xb2},
+	{value: 0x8100, lo: 0xbb, hi: 0xbb},
+	// Block 0x4c, offset 0x189
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8100, lo: 0x80, hi: 0x80},
+	{value: 0x8100, lo: 0x8b, hi: 0x8b},
+	{value: 0x8100, lo: 0x8e, hi: 0x8e},
+	// Block 0x4d, offset 0x18d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0xaf, hi: 0xaf},
+	{value: 0x8132, lo: 0xb4, hi: 0xbd},
+	// Block 0x4e, offset 0x190
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x9e, hi: 0x9f},
+	// Block 0x4f, offset 0x192
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb0, hi: 0xb1},
+	// Block 0x50, offset 0x194
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x86, hi: 0x86},
+	// Block 0x51, offset 0x196
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0xa0, hi: 0xb1},
+	// Block 0x52, offset 0x199
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xab, hi: 0xad},
+	// Block 0x53, offset 0x19b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x93, hi: 0x93},
+	// Block 0x54, offset 0x19d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xb3, hi: 0xb3},
+	// Block 0x55, offset 0x19f
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x80, hi: 0x80},
+	// Block 0x56, offset 0x1a1
+	{value: 0x0000, lo: 0x05},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	{value: 0x8132, lo: 0xb2, hi: 0xb3},
+	{value: 0x812d, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb7, hi: 0xb8},
+	{value: 0x8132, lo: 0xbe, hi: 0xbf},
+	// Block 0x57, offset 0x1a7
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x81, hi: 0x81},
+	{value: 0x8104, lo: 0xb6, hi: 0xb6},
+	// Block 0x58, offset 0x1aa
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xad, hi: 0xad},
+	// Block 0x59, offset 0x1ac
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe500, lo: 0x80, hi: 0x80},
+	{value: 0xc600, lo: 0x81, hi: 0x9b},
+	{value: 0xe500, lo: 0x9c, hi: 0x9c},
+	{value: 0xc600, lo: 0x9d, hi: 0xb7},
+	{value: 0xe500, lo: 0xb8, hi: 0xb8},
+	{value: 0xc600, lo: 0xb9, hi: 0xbf},
+	// Block 0x5a, offset 0x1b3
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x93},
+	{value: 0xe500, lo: 0x94, hi: 0x94},
+	{value: 0xc600, lo: 0x95, hi: 0xaf},
+	{value: 0xe500, lo: 0xb0, hi: 0xb0},
+	{value: 0xc600, lo: 0xb1, hi: 0xbf},
+	// Block 0x5b, offset 0x1b9
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x8b},
+	{value: 0xe500, lo: 0x8c, hi: 0x8c},
+	{value: 0xc600, lo: 0x8d, hi: 0xa7},
+	{value: 0xe500, lo: 0xa8, hi: 0xa8},
+	{value: 0xc600, lo: 0xa9, hi: 0xbf},
+	// Block 0x5c, offset 0x1bf
+	{value: 0x0000, lo: 0x07},
+	{value: 0xc600, lo: 0x80, hi: 0x83},
+	{value: 0xe500, lo: 0x84, hi: 0x84},
+	{value: 0xc600, lo: 0x85, hi: 0x9f},
+	{value: 0xe500, lo: 0xa0, hi: 0xa0},
+	{value: 0xc600, lo: 0xa1, hi: 0xbb},
+	{value: 0xe500, lo: 0xbc, hi: 0xbc},
+	{value: 0xc600, lo: 0xbd, hi: 0xbf},
+	// Block 0x5d, offset 0x1c7
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x97},
+	{value: 0xe500, lo: 0x98, hi: 0x98},
+	{value: 0xc600, lo: 0x99, hi: 0xb3},
+	{value: 0xe500, lo: 0xb4, hi: 0xb4},
+	{value: 0xc600, lo: 0xb5, hi: 0xbf},
+	// Block 0x5e, offset 0x1cd
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x8f},
+	{value: 0xe500, lo: 0x90, hi: 0x90},
+	{value: 0xc600, lo: 0x91, hi: 0xab},
+	{value: 0xe500, lo: 0xac, hi: 0xac},
+	{value: 0xc600, lo: 0xad, hi: 0xbf},
+	// Block 0x5f, offset 0x1d3
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x87},
+	{value: 0xe500, lo: 0x88, hi: 0x88},
+	{value: 0xc600, lo: 0x89, hi: 0xa3},
+	{value: 0xe500, lo: 0xa4, hi: 0xa4},
+	{value: 0xc600, lo: 0xa5, hi: 0xbf},
+	// Block 0x60, offset 0x1d9
+	{value: 0x0000, lo: 0x03},
+	{value: 0xc600, lo: 0x80, hi: 0x87},
+	{value: 0xe500, lo: 0x88, hi: 0x88},
+	{value: 0xc600, lo: 0x89, hi: 0xa3},
+	// Block 0x61, offset 0x1dd
+	{value: 0x0006, lo: 0x0d},
+	{value: 0x4390, lo: 0x9d, hi: 0x9d},
+	{value: 0x8115, lo: 0x9e, hi: 0x9e},
+	{value: 0x4402, lo: 0x9f, hi: 0x9f},
+	{value: 0x43f0, lo: 0xaa, hi: 0xab},
+	{value: 0x44f4, lo: 0xac, hi: 0xac},
+	{value: 0x44fc, lo: 0xad, hi: 0xad},
+	{value: 0x4348, lo: 0xae, hi: 0xb1},
+	{value: 0x4366, lo: 0xb2, hi: 0xb4},
+	{value: 0x437e, lo: 0xb5, hi: 0xb6},
+	{value: 0x438a, lo: 0xb8, hi: 0xb8},
+	{value: 0x4396, lo: 0xb9, hi: 0xbb},
+	{value: 0x43ae, lo: 0xbc, hi: 0xbc},
+	{value: 0x43b4, lo: 0xbe, hi: 0xbe},
+	// Block 0x62, offset 0x1eb
+	{value: 0x0006, lo: 0x08},
+	{value: 0x43ba, lo: 0x80, hi: 0x81},
+	{value: 0x43c6, lo: 0x83, hi: 0x84},
+	{value: 0x43d8, lo: 0x86, hi: 0x89},
+	{value: 0x43fc, lo: 0x8a, hi: 0x8a},
+	{value: 0x4378, lo: 0x8b, hi: 0x8b},
+	{value: 0x4360, lo: 0x8c, hi: 0x8c},
+	{value: 0x43a8, lo: 0x8d, hi: 0x8d},
+	{value: 0x43d2, lo: 0x8e, hi: 0x8e},
+	// Block 0x63, offset 0x1f4
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8100, lo: 0xa4, hi: 0xa5},
+	{value: 0x8100, lo: 0xb0, hi: 0xb1},
+	// Block 0x64, offset 0x1f7
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8100, lo: 0x9b, hi: 0x9d},
+	{value: 0x8200, lo: 0x9e, hi: 0xa3},
+	// Block 0x65, offset 0x1fa
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0x90, hi: 0x90},
+	// Block 0x66, offset 0x1fc
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8100, lo: 0x99, hi: 0x99},
+	{value: 0x8200, lo: 0xb2, hi: 0xb4},
+	// Block 0x67, offset 0x1ff
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0xbc, hi: 0xbd},
+	// Block 0x68, offset 0x201
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8132, lo: 0xa0, hi: 0xa6},
+	{value: 0x812d, lo: 0xa7, hi: 0xad},
+	{value: 0x8132, lo: 0xae, hi: 0xaf},
+	// Block 0x69, offset 0x205
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8100, lo: 0x89, hi: 0x8c},
+	{value: 0x8100, lo: 0xb0, hi: 0xb2},
+	{value: 0x8100, lo: 0xb4, hi: 0xb4},
+	{value: 0x8100, lo: 0xb6, hi: 0xbf},
+	// Block 0x6a, offset 0x20a
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0x81, hi: 0x8c},
+	// Block 0x6b, offset 0x20c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0xb5, hi: 0xba},
+	// Block 0x6c, offset 0x20e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x4a9f, lo: 0x9e, hi: 0x9f},
+	{value: 0x4a9f, lo: 0xa3, hi: 0xa3},
+	{value: 0x4a9f, lo: 0xa5, hi: 0xa6},
+	{value: 0x4a9f, lo: 0xaa, hi: 0xaf},
+	// Block 0x6d, offset 0x213
+	{value: 0x0000, lo: 0x05},
+	{value: 0x4a9f, lo: 0x82, hi: 0x87},
+	{value: 0x4a9f, lo: 0x8a, hi: 0x8f},
+	{value: 0x4a9f, lo: 0x92, hi: 0x97},
+	{value: 0x4a9f, lo: 0x9a, hi: 0x9c},
+	{value: 0x8100, lo: 0xa3, hi: 0xa3},
+	// Block 0x6e, offset 0x219
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0x6f, offset 0x21b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xa0, hi: 0xa0},
+	// Block 0x70, offset 0x21d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb6, hi: 0xba},
+	// Block 0x71, offset 0x21f
+	{value: 0x002c, lo: 0x05},
+	{value: 0x812d, lo: 0x8d, hi: 0x8d},
+	{value: 0x8132, lo: 0x8f, hi: 0x8f},
+	{value: 0x8132, lo: 0xb8, hi: 0xb8},
+	{value: 0x8101, lo: 0xb9, hi: 0xba},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x72, offset 0x225
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0xa5, hi: 0xa5},
+	{value: 0x812d, lo: 0xa6, hi: 0xa6},
+	// Block 0x73, offset 0x228
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xa4, hi: 0xa7},
+	// Block 0x74, offset 0x22a
+	{value: 0x0000, lo: 0x05},
+	{value: 0x812d, lo: 0x86, hi: 0x87},
+	{value: 0x8132, lo: 0x88, hi: 0x8a},
+	{value: 0x812d, lo: 0x8b, hi: 0x8b},
+	{value: 0x8132, lo: 0x8c, hi: 0x8c},
+	{value: 0x812d, lo: 0x8d, hi: 0x90},
+	// Block 0x75, offset 0x230
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x86, hi: 0x86},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x76, offset 0x233
+	{value: 0x17fe, lo: 0x07},
+	{value: 0xa000, lo: 0x99, hi: 0x99},
+	{value: 0x4238, lo: 0x9a, hi: 0x9a},
+	{value: 0xa000, lo: 0x9b, hi: 0x9b},
+	{value: 0x4242, lo: 0x9c, hi: 0x9c},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x424c, lo: 0xab, hi: 0xab},
+	{value: 0x8104, lo: 0xb9, hi: 0xba},
+	// Block 0x77, offset 0x23b
+	{value: 0x0000, lo: 0x06},
+	{value: 0x8132, lo: 0x80, hi: 0x82},
+	{value: 0x9900, lo: 0xa7, hi: 0xa7},
+	{value: 0x2d7e, lo: 0xae, hi: 0xae},
+	{value: 0x2d88, lo: 0xaf, hi: 0xaf},
+	{value: 0xa000, lo: 0xb1, hi: 0xb2},
+	{value: 0x8104, lo: 0xb3, hi: 0xb4},
+	// Block 0x78, offset 0x242
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x80, hi: 0x80},
+	{value: 0x8102, lo: 0x8a, hi: 0x8a},
+	// Block 0x79, offset 0x245
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb5, hi: 0xb5},
+	{value: 0x8102, lo: 0xb6, hi: 0xb6},
+	// Block 0x7a, offset 0x248
+	{value: 0x0002, lo: 0x01},
+	{value: 0x8102, lo: 0xa9, hi: 0xaa},
+	// Block 0x7b, offset 0x24a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbb, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x7c, offset 0x24d
+	{value: 0x0000, lo: 0x07},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2d92, lo: 0x8b, hi: 0x8b},
+	{value: 0x2d9c, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	{value: 0x8132, lo: 0xa6, hi: 0xac},
+	{value: 0x8132, lo: 0xb0, hi: 0xb4},
+	// Block 0x7d, offset 0x255
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8104, lo: 0x82, hi: 0x82},
+	{value: 0x8102, lo: 0x86, hi: 0x86},
+	{value: 0x8132, lo: 0x9e, hi: 0x9e},
+	// Block 0x7e, offset 0x259
+	{value: 0x6b5a, lo: 0x06},
+	{value: 0x9900, lo: 0xb0, hi: 0xb0},
+	{value: 0xa000, lo: 0xb9, hi: 0xb9},
+	{value: 0x9900, lo: 0xba, hi: 0xba},
+	{value: 0x2db0, lo: 0xbb, hi: 0xbb},
+	{value: 0x2da6, lo: 0xbc, hi: 0xbd},
+	{value: 0x2dba, lo: 0xbe, hi: 0xbe},
+	// Block 0x7f, offset 0x260
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x82, hi: 0x82},
+	{value: 0x8102, lo: 0x83, hi: 0x83},
+	// Block 0x80, offset 0x263
+	{value: 0x0000, lo: 0x05},
+	{value: 0x9900, lo: 0xaf, hi: 0xaf},
+	{value: 0xa000, lo: 0xb8, hi: 0xb9},
+	{value: 0x2dc4, lo: 0xba, hi: 0xba},
+	{value: 0x2dce, lo: 0xbb, hi: 0xbb},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x81, offset 0x269
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0x80, hi: 0x80},
+	// Block 0x82, offset 0x26b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb6, hi: 0xb6},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	// Block 0x83, offset 0x26e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xab, hi: 0xab},
+	// Block 0x84, offset 0x270
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb9, hi: 0xb9},
+	{value: 0x8102, lo: 0xba, hi: 0xba},
+	// Block 0x85, offset 0x273
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xb4, hi: 0xb4},
+	// Block 0x86, offset 0x275
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x87, hi: 0x87},
+	// Block 0x87, offset 0x277
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x99, hi: 0x99},
+	// Block 0x88, offset 0x279
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0x82, hi: 0x82},
+	{value: 0x8104, lo: 0x84, hi: 0x85},
+	// Block 0x89, offset 0x27c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x97, hi: 0x97},
+	// Block 0x8a, offset 0x27e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8101, lo: 0xb0, hi: 0xb4},
+	// Block 0x8b, offset 0x280
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb0, hi: 0xb6},
+	// Block 0x8c, offset 0x282
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8101, lo: 0x9e, hi: 0x9e},
+	// Block 0x8d, offset 0x284
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x45cc, lo: 0x9e, hi: 0x9e},
+	{value: 0x45d6, lo: 0x9f, hi: 0x9f},
+	{value: 0x460a, lo: 0xa0, hi: 0xa0},
+	{value: 0x4618, lo: 0xa1, hi: 0xa1},
+	{value: 0x4626, lo: 0xa2, hi: 0xa2},
+	{value: 0x4634, lo: 0xa3, hi: 0xa3},
+	{value: 0x4642, lo: 0xa4, hi: 0xa4},
+	{value: 0x812b, lo: 0xa5, hi: 0xa6},
+	{value: 0x8101, lo: 0xa7, hi: 0xa9},
+	{value: 0x8130, lo: 0xad, hi: 0xad},
+	{value: 0x812b, lo: 0xae, hi: 0xb2},
+	{value: 0x812d, lo: 0xbb, hi: 0xbf},
+	// Block 0x8e, offset 0x291
+	{value: 0x0000, lo: 0x09},
+	{value: 0x812d, lo: 0x80, hi: 0x82},
+	{value: 0x8132, lo: 0x85, hi: 0x89},
+	{value: 0x812d, lo: 0x8a, hi: 0x8b},
+	{value: 0x8132, lo: 0xaa, hi: 0xad},
+	{value: 0x45e0, lo: 0xbb, hi: 0xbb},
+	{value: 0x45ea, lo: 0xbc, hi: 0xbc},
+	{value: 0x4650, lo: 0xbd, hi: 0xbd},
+	{value: 0x466c, lo: 0xbe, hi: 0xbe},
+	{value: 0x465e, lo: 0xbf, hi: 0xbf},
+	// Block 0x8f, offset 0x29b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x467a, lo: 0x80, hi: 0x80},
+	// Block 0x90, offset 0x29d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x82, hi: 0x84},
+	// Block 0x91, offset 0x29f
+	{value: 0x0000, lo: 0x05},
+	{value: 0x8132, lo: 0x80, hi: 0x86},
+	{value: 0x8132, lo: 0x88, hi: 0x98},
+	{value: 0x8132, lo: 0x9b, hi: 0xa1},
+	{value: 0x8132, lo: 0xa3, hi: 0xa4},
+	{value: 0x8132, lo: 0xa6, hi: 0xaa},
+	// Block 0x92, offset 0x2a5
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x90, hi: 0x96},
+	// Block 0x93, offset 0x2a7
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x84, hi: 0x89},
+	{value: 0x8102, lo: 0x8a, hi: 0x8a},
+	// Block 0x94, offset 0x2aa
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0x93, hi: 0x93},
+}
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *nfkcTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return nfkcValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfkcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfkcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = nfkcIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *nfkcTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return nfkcValues[c0]
+	}
+	i := nfkcIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = nfkcIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = nfkcIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *nfkcTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return nfkcValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfkcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfkcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = nfkcIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *nfkcTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return nfkcValues[c0]
+	}
+	i := nfkcIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = nfkcIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = nfkcIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// nfkcTrie. Total size: 17248 bytes (16.84 KiB). Checksum: 4fb368372b6b1b27.
+type nfkcTrie struct{}
+
+func newNfkcTrie(i int) *nfkcTrie {
+	return &nfkcTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *nfkcTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 92:
+		return uint16(nfkcValues[n<<6+uint32(b)])
+	default:
+		n -= 92
+		return uint16(nfkcSparse.lookup(n, b))
+	}
+}
+
+// nfkcValues: 94 blocks, 6016 entries, 12032 bytes
+// The third block is the zero block.
+var nfkcValues = [6016]uint16{
+	// Block 0x0, offset 0x0
+	0x3c: 0xa000, 0x3d: 0xa000, 0x3e: 0xa000,
+	// Block 0x1, offset 0x40
+	0x41: 0xa000, 0x42: 0xa000, 0x43: 0xa000, 0x44: 0xa000, 0x45: 0xa000,
+	0x46: 0xa000, 0x47: 0xa000, 0x48: 0xa000, 0x49: 0xa000, 0x4a: 0xa000, 0x4b: 0xa000,
+	0x4c: 0xa000, 0x4d: 0xa000, 0x4e: 0xa000, 0x4f: 0xa000, 0x50: 0xa000,
+	0x52: 0xa000, 0x53: 0xa000, 0x54: 0xa000, 0x55: 0xa000, 0x56: 0xa000, 0x57: 0xa000,
+	0x58: 0xa000, 0x59: 0xa000, 0x5a: 0xa000,
+	0x61: 0xa000, 0x62: 0xa000, 0x63: 0xa000,
+	0x64: 0xa000, 0x65: 0xa000, 0x66: 0xa000, 0x67: 0xa000, 0x68: 0xa000, 0x69: 0xa000,
+	0x6a: 0xa000, 0x6b: 0xa000, 0x6c: 0xa000, 0x6d: 0xa000, 0x6e: 0xa000, 0x6f: 0xa000,
+	0x70: 0xa000, 0x72: 0xa000, 0x73: 0xa000, 0x74: 0xa000, 0x75: 0xa000,
+	0x76: 0xa000, 0x77: 0xa000, 0x78: 0xa000, 0x79: 0xa000, 0x7a: 0xa000,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x2f6f, 0xc1: 0x2f74, 0xc2: 0x4688, 0xc3: 0x2f79, 0xc4: 0x4697, 0xc5: 0x469c,
+	0xc6: 0xa000, 0xc7: 0x46a6, 0xc8: 0x2fe2, 0xc9: 0x2fe7, 0xca: 0x46ab, 0xcb: 0x2ffb,
+	0xcc: 0x306e, 0xcd: 0x3073, 0xce: 0x3078, 0xcf: 0x46bf, 0xd1: 0x3104,
+	0xd2: 0x3127, 0xd3: 0x312c, 0xd4: 0x46c9, 0xd5: 0x46ce, 0xd6: 0x46dd,
+	0xd8: 0xa000, 0xd9: 0x31b3, 0xda: 0x31b8, 0xdb: 0x31bd, 0xdc: 0x470f, 0xdd: 0x3235,
+	0xe0: 0x327b, 0xe1: 0x3280, 0xe2: 0x4719, 0xe3: 0x3285,
+	0xe4: 0x4728, 0xe5: 0x472d, 0xe6: 0xa000, 0xe7: 0x4737, 0xe8: 0x32ee, 0xe9: 0x32f3,
+	0xea: 0x473c, 0xeb: 0x3307, 0xec: 0x337f, 0xed: 0x3384, 0xee: 0x3389, 0xef: 0x4750,
+	0xf1: 0x3415, 0xf2: 0x3438, 0xf3: 0x343d, 0xf4: 0x475a, 0xf5: 0x475f,
+	0xf6: 0x476e, 0xf8: 0xa000, 0xf9: 0x34c9, 0xfa: 0x34ce, 0xfb: 0x34d3,
+	0xfc: 0x47a0, 0xfd: 0x3550, 0xff: 0x3569,
+	// Block 0x4, offset 0x100
+	0x100: 0x2f7e, 0x101: 0x328a, 0x102: 0x468d, 0x103: 0x471e, 0x104: 0x2f9c, 0x105: 0x32a8,
+	0x106: 0x2fb0, 0x107: 0x32bc, 0x108: 0x2fb5, 0x109: 0x32c1, 0x10a: 0x2fba, 0x10b: 0x32c6,
+	0x10c: 0x2fbf, 0x10d: 0x32cb, 0x10e: 0x2fc9, 0x10f: 0x32d5,
+	0x112: 0x46b0, 0x113: 0x4741, 0x114: 0x2ff1, 0x115: 0x32fd, 0x116: 0x2ff6, 0x117: 0x3302,
+	0x118: 0x3014, 0x119: 0x3320, 0x11a: 0x3005, 0x11b: 0x3311, 0x11c: 0x302d, 0x11d: 0x3339,
+	0x11e: 0x3037, 0x11f: 0x3343, 0x120: 0x303c, 0x121: 0x3348, 0x122: 0x3046, 0x123: 0x3352,
+	0x124: 0x304b, 0x125: 0x3357, 0x128: 0x307d, 0x129: 0x338e,
+	0x12a: 0x3082, 0x12b: 0x3393, 0x12c: 0x3087, 0x12d: 0x3398, 0x12e: 0x30aa, 0x12f: 0x33b6,
+	0x130: 0x308c, 0x132: 0x195d, 0x133: 0x19e7, 0x134: 0x30b4, 0x135: 0x33c0,
+	0x136: 0x30c8, 0x137: 0x33d9, 0x139: 0x30d2, 0x13a: 0x33e3, 0x13b: 0x30dc,
+	0x13c: 0x33ed, 0x13d: 0x30d7, 0x13e: 0x33e8, 0x13f: 0x1bac,
+	// Block 0x5, offset 0x140
+	0x140: 0x1c34, 0x143: 0x30ff, 0x144: 0x3410, 0x145: 0x3118,
+	0x146: 0x3429, 0x147: 0x310e, 0x148: 0x341f, 0x149: 0x1c5c,
+	0x14c: 0x46d3, 0x14d: 0x4764, 0x14e: 0x3131, 0x14f: 0x3442, 0x150: 0x313b, 0x151: 0x344c,
+	0x154: 0x3159, 0x155: 0x346a, 0x156: 0x3172, 0x157: 0x3483,
+	0x158: 0x3163, 0x159: 0x3474, 0x15a: 0x46f6, 0x15b: 0x4787, 0x15c: 0x317c, 0x15d: 0x348d,
+	0x15e: 0x318b, 0x15f: 0x349c, 0x160: 0x46fb, 0x161: 0x478c, 0x162: 0x31a4, 0x163: 0x34ba,
+	0x164: 0x3195, 0x165: 0x34ab, 0x168: 0x4705, 0x169: 0x4796,
+	0x16a: 0x470a, 0x16b: 0x479b, 0x16c: 0x31c2, 0x16d: 0x34d8, 0x16e: 0x31cc, 0x16f: 0x34e2,
+	0x170: 0x31d1, 0x171: 0x34e7, 0x172: 0x31ef, 0x173: 0x3505, 0x174: 0x3212, 0x175: 0x3528,
+	0x176: 0x323a, 0x177: 0x3555, 0x178: 0x324e, 0x179: 0x325d, 0x17a: 0x357d, 0x17b: 0x3267,
+	0x17c: 0x3587, 0x17d: 0x326c, 0x17e: 0x358c, 0x17f: 0x00a7,
+	// Block 0x6, offset 0x180
+	0x184: 0x2dee, 0x185: 0x2df4,
+	0x186: 0x2dfa, 0x187: 0x1972, 0x188: 0x1975, 0x189: 0x1a08, 0x18a: 0x1987, 0x18b: 0x198a,
+	0x18c: 0x1a3e, 0x18d: 0x2f88, 0x18e: 0x3294, 0x18f: 0x3096, 0x190: 0x33a2, 0x191: 0x3140,
+	0x192: 0x3451, 0x193: 0x31d6, 0x194: 0x34ec, 0x195: 0x39cf, 0x196: 0x3b5e, 0x197: 0x39c8,
+	0x198: 0x3b57, 0x199: 0x39d6, 0x19a: 0x3b65, 0x19b: 0x39c1, 0x19c: 0x3b50,
+	0x19e: 0x38b0, 0x19f: 0x3a3f, 0x1a0: 0x38a9, 0x1a1: 0x3a38, 0x1a2: 0x35b3, 0x1a3: 0x35c5,
+	0x1a6: 0x3041, 0x1a7: 0x334d, 0x1a8: 0x30be, 0x1a9: 0x33cf,
+	0x1aa: 0x46ec, 0x1ab: 0x477d, 0x1ac: 0x3990, 0x1ad: 0x3b1f, 0x1ae: 0x35d7, 0x1af: 0x35dd,
+	0x1b0: 0x33c5, 0x1b1: 0x1942, 0x1b2: 0x1945, 0x1b3: 0x19cf, 0x1b4: 0x3028, 0x1b5: 0x3334,
+	0x1b8: 0x30fa, 0x1b9: 0x340b, 0x1ba: 0x38b7, 0x1bb: 0x3a46,
+	0x1bc: 0x35ad, 0x1bd: 0x35bf, 0x1be: 0x35b9, 0x1bf: 0x35cb,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x2f8d, 0x1c1: 0x3299, 0x1c2: 0x2f92, 0x1c3: 0x329e, 0x1c4: 0x300a, 0x1c5: 0x3316,
+	0x1c6: 0x300f, 0x1c7: 0x331b, 0x1c8: 0x309b, 0x1c9: 0x33a7, 0x1ca: 0x30a0, 0x1cb: 0x33ac,
+	0x1cc: 0x3145, 0x1cd: 0x3456, 0x1ce: 0x314a, 0x1cf: 0x345b, 0x1d0: 0x3168, 0x1d1: 0x3479,
+	0x1d2: 0x316d, 0x1d3: 0x347e, 0x1d4: 0x31db, 0x1d5: 0x34f1, 0x1d6: 0x31e0, 0x1d7: 0x34f6,
+	0x1d8: 0x3186, 0x1d9: 0x3497, 0x1da: 0x319f, 0x1db: 0x34b5,
+	0x1de: 0x305a, 0x1df: 0x3366,
+	0x1e6: 0x4692, 0x1e7: 0x4723, 0x1e8: 0x46ba, 0x1e9: 0x474b,
+	0x1ea: 0x395f, 0x1eb: 0x3aee, 0x1ec: 0x393c, 0x1ed: 0x3acb, 0x1ee: 0x46d8, 0x1ef: 0x4769,
+	0x1f0: 0x3958, 0x1f1: 0x3ae7, 0x1f2: 0x3244, 0x1f3: 0x355f,
+	// Block 0x8, offset 0x200
+	0x200: 0x9932, 0x201: 0x9932, 0x202: 0x9932, 0x203: 0x9932, 0x204: 0x9932, 0x205: 0x8132,
+	0x206: 0x9932, 0x207: 0x9932, 0x208: 0x9932, 0x209: 0x9932, 0x20a: 0x9932, 0x20b: 0x9932,
+	0x20c: 0x9932, 0x20d: 0x8132, 0x20e: 0x8132, 0x20f: 0x9932, 0x210: 0x8132, 0x211: 0x9932,
+	0x212: 0x8132, 0x213: 0x9932, 0x214: 0x9932, 0x215: 0x8133, 0x216: 0x812d, 0x217: 0x812d,
+	0x218: 0x812d, 0x219: 0x812d, 0x21a: 0x8133, 0x21b: 0x992b, 0x21c: 0x812d, 0x21d: 0x812d,
+	0x21e: 0x812d, 0x21f: 0x812d, 0x220: 0x812d, 0x221: 0x8129, 0x222: 0x8129, 0x223: 0x992d,
+	0x224: 0x992d, 0x225: 0x992d, 0x226: 0x992d, 0x227: 0x9929, 0x228: 0x9929, 0x229: 0x812d,
+	0x22a: 0x812d, 0x22b: 0x812d, 0x22c: 0x812d, 0x22d: 0x992d, 0x22e: 0x992d, 0x22f: 0x812d,
+	0x230: 0x992d, 0x231: 0x992d, 0x232: 0x812d, 0x233: 0x812d, 0x234: 0x8101, 0x235: 0x8101,
+	0x236: 0x8101, 0x237: 0x8101, 0x238: 0x9901, 0x239: 0x812d, 0x23a: 0x812d, 0x23b: 0x812d,
+	0x23c: 0x812d, 0x23d: 0x8132, 0x23e: 0x8132, 0x23f: 0x8132,
+	// Block 0x9, offset 0x240
+	0x240: 0x49ae, 0x241: 0x49b3, 0x242: 0x9932, 0x243: 0x49b8, 0x244: 0x4a71, 0x245: 0x9936,
+	0x246: 0x8132, 0x247: 0x812d, 0x248: 0x812d, 0x249: 0x812d, 0x24a: 0x8132, 0x24b: 0x8132,
+	0x24c: 0x8132, 0x24d: 0x812d, 0x24e: 0x812d, 0x250: 0x8132, 0x251: 0x8132,
+	0x252: 0x8132, 0x253: 0x812d, 0x254: 0x812d, 0x255: 0x812d, 0x256: 0x812d, 0x257: 0x8132,
+	0x258: 0x8133, 0x259: 0x812d, 0x25a: 0x812d, 0x25b: 0x8132, 0x25c: 0x8134, 0x25d: 0x8135,
+	0x25e: 0x8135, 0x25f: 0x8134, 0x260: 0x8135, 0x261: 0x8135, 0x262: 0x8134, 0x263: 0x8132,
+	0x264: 0x8132, 0x265: 0x8132, 0x266: 0x8132, 0x267: 0x8132, 0x268: 0x8132, 0x269: 0x8132,
+	0x26a: 0x8132, 0x26b: 0x8132, 0x26c: 0x8132, 0x26d: 0x8132, 0x26e: 0x8132, 0x26f: 0x8132,
+	0x274: 0x0170,
+	0x27a: 0x42a5,
+	0x27e: 0x0037,
+	// Block 0xa, offset 0x280
+	0x284: 0x425a, 0x285: 0x447b,
+	0x286: 0x35e9, 0x287: 0x00ce, 0x288: 0x3607, 0x289: 0x3613, 0x28a: 0x3625,
+	0x28c: 0x3643, 0x28e: 0x3655, 0x28f: 0x3673, 0x290: 0x3e08, 0x291: 0xa000,
+	0x295: 0xa000, 0x297: 0xa000,
+	0x299: 0xa000,
+	0x29f: 0xa000, 0x2a1: 0xa000,
+	0x2a5: 0xa000, 0x2a9: 0xa000,
+	0x2aa: 0x3637, 0x2ab: 0x3667, 0x2ac: 0x47fe, 0x2ad: 0x3697, 0x2ae: 0x4828, 0x2af: 0x36a9,
+	0x2b0: 0x3e70, 0x2b1: 0xa000, 0x2b5: 0xa000,
+	0x2b7: 0xa000, 0x2b9: 0xa000,
+	0x2bf: 0xa000,
+	// Block 0xb, offset 0x2c0
+	0x2c1: 0xa000, 0x2c5: 0xa000,
+	0x2c9: 0xa000, 0x2ca: 0x4840, 0x2cb: 0x485e,
+	0x2cc: 0x36c7, 0x2cd: 0x36df, 0x2ce: 0x4876, 0x2d0: 0x01be, 0x2d1: 0x01d0,
+	0x2d2: 0x01ac, 0x2d3: 0x430c, 0x2d4: 0x4312, 0x2d5: 0x01fa, 0x2d6: 0x01e8,
+	0x2f0: 0x01d6, 0x2f1: 0x01eb, 0x2f2: 0x01ee, 0x2f4: 0x0188, 0x2f5: 0x01c7,
+	0x2f9: 0x01a6,
+	// Block 0xc, offset 0x300
+	0x300: 0x3721, 0x301: 0x372d, 0x303: 0x371b,
+	0x306: 0xa000, 0x307: 0x3709,
+	0x30c: 0x375d, 0x30d: 0x3745, 0x30e: 0x376f, 0x310: 0xa000,
+	0x313: 0xa000, 0x315: 0xa000, 0x316: 0xa000, 0x317: 0xa000,
+	0x318: 0xa000, 0x319: 0x3751, 0x31a: 0xa000,
+	0x31e: 0xa000, 0x323: 0xa000,
+	0x327: 0xa000,
+	0x32b: 0xa000, 0x32d: 0xa000,
+	0x330: 0xa000, 0x333: 0xa000, 0x335: 0xa000,
+	0x336: 0xa000, 0x337: 0xa000, 0x338: 0xa000, 0x339: 0x37d5, 0x33a: 0xa000,
+	0x33e: 0xa000,
+	// Block 0xd, offset 0x340
+	0x341: 0x3733, 0x342: 0x37b7,
+	0x350: 0x370f, 0x351: 0x3793,
+	0x352: 0x3715, 0x353: 0x3799, 0x356: 0x3727, 0x357: 0x37ab,
+	0x358: 0xa000, 0x359: 0xa000, 0x35a: 0x3829, 0x35b: 0x382f, 0x35c: 0x3739, 0x35d: 0x37bd,
+	0x35e: 0x373f, 0x35f: 0x37c3, 0x362: 0x374b, 0x363: 0x37cf,
+	0x364: 0x3757, 0x365: 0x37db, 0x366: 0x3763, 0x367: 0x37e7, 0x368: 0xa000, 0x369: 0xa000,
+	0x36a: 0x3835, 0x36b: 0x383b, 0x36c: 0x378d, 0x36d: 0x3811, 0x36e: 0x3769, 0x36f: 0x37ed,
+	0x370: 0x3775, 0x371: 0x37f9, 0x372: 0x377b, 0x373: 0x37ff, 0x374: 0x3781, 0x375: 0x3805,
+	0x378: 0x3787, 0x379: 0x380b,
+	// Block 0xe, offset 0x380
+	0x387: 0x1d61,
+	0x391: 0x812d,
+	0x392: 0x8132, 0x393: 0x8132, 0x394: 0x8132, 0x395: 0x8132, 0x396: 0x812d, 0x397: 0x8132,
+	0x398: 0x8132, 0x399: 0x8132, 0x39a: 0x812e, 0x39b: 0x812d, 0x39c: 0x8132, 0x39d: 0x8132,
+	0x39e: 0x8132, 0x39f: 0x8132, 0x3a0: 0x8132, 0x3a1: 0x8132, 0x3a2: 0x812d, 0x3a3: 0x812d,
+	0x3a4: 0x812d, 0x3a5: 0x812d, 0x3a6: 0x812d, 0x3a7: 0x812d, 0x3a8: 0x8132, 0x3a9: 0x8132,
+	0x3aa: 0x812d, 0x3ab: 0x8132, 0x3ac: 0x8132, 0x3ad: 0x812e, 0x3ae: 0x8131, 0x3af: 0x8132,
+	0x3b0: 0x8105, 0x3b1: 0x8106, 0x3b2: 0x8107, 0x3b3: 0x8108, 0x3b4: 0x8109, 0x3b5: 0x810a,
+	0x3b6: 0x810b, 0x3b7: 0x810c, 0x3b8: 0x810d, 0x3b9: 0x810e, 0x3ba: 0x810e, 0x3bb: 0x810f,
+	0x3bc: 0x8110, 0x3bd: 0x8111, 0x3bf: 0x8112,
+	// Block 0xf, offset 0x3c0
+	0x3c8: 0xa000, 0x3ca: 0xa000, 0x3cb: 0x8116,
+	0x3cc: 0x8117, 0x3cd: 0x8118, 0x3ce: 0x8119, 0x3cf: 0x811a, 0x3d0: 0x811b, 0x3d1: 0x811c,
+	0x3d2: 0x811d, 0x3d3: 0x9932, 0x3d4: 0x9932, 0x3d5: 0x992d, 0x3d6: 0x812d, 0x3d7: 0x8132,
+	0x3d8: 0x8132, 0x3d9: 0x8132, 0x3da: 0x8132, 0x3db: 0x8132, 0x3dc: 0x812d, 0x3dd: 0x8132,
+	0x3de: 0x8132, 0x3df: 0x812d,
+	0x3f0: 0x811e, 0x3f5: 0x1d84,
+	0x3f6: 0x2013, 0x3f7: 0x204f, 0x3f8: 0x204a,
+	// Block 0x10, offset 0x400
+	0x413: 0x812d, 0x414: 0x8132, 0x415: 0x8132, 0x416: 0x8132, 0x417: 0x8132,
+	0x418: 0x8132, 0x419: 0x8132, 0x41a: 0x8132, 0x41b: 0x8132, 0x41c: 0x8132, 0x41d: 0x8132,
+	0x41e: 0x8132, 0x41f: 0x8132, 0x420: 0x8132, 0x421: 0x8132, 0x423: 0x812d,
+	0x424: 0x8132, 0x425: 0x8132, 0x426: 0x812d, 0x427: 0x8132, 0x428: 0x8132, 0x429: 0x812d,
+	0x42a: 0x8132, 0x42b: 0x8132, 0x42c: 0x8132, 0x42d: 0x812d, 0x42e: 0x812d, 0x42f: 0x812d,
+	0x430: 0x8116, 0x431: 0x8117, 0x432: 0x8118, 0x433: 0x8132, 0x434: 0x8132, 0x435: 0x8132,
+	0x436: 0x812d, 0x437: 0x8132, 0x438: 0x8132, 0x439: 0x812d, 0x43a: 0x812d, 0x43b: 0x8132,
+	0x43c: 0x8132, 0x43d: 0x8132, 0x43e: 0x8132, 0x43f: 0x8132,
+	// Block 0x11, offset 0x440
+	0x445: 0xa000,
+	0x446: 0x2d26, 0x447: 0xa000, 0x448: 0x2d2e, 0x449: 0xa000, 0x44a: 0x2d36, 0x44b: 0xa000,
+	0x44c: 0x2d3e, 0x44d: 0xa000, 0x44e: 0x2d46, 0x451: 0xa000,
+	0x452: 0x2d4e,
+	0x474: 0x8102, 0x475: 0x9900,
+	0x47a: 0xa000, 0x47b: 0x2d56,
+	0x47c: 0xa000, 0x47d: 0x2d5e, 0x47e: 0xa000, 0x47f: 0xa000,
+	// Block 0x12, offset 0x480
+	0x480: 0x0069, 0x481: 0x006b, 0x482: 0x006f, 0x483: 0x0083, 0x484: 0x00f5, 0x485: 0x00f8,
+	0x486: 0x0413, 0x487: 0x0085, 0x488: 0x0089, 0x489: 0x008b, 0x48a: 0x0104, 0x48b: 0x0107,
+	0x48c: 0x010a, 0x48d: 0x008f, 0x48f: 0x0097, 0x490: 0x009b, 0x491: 0x00e0,
+	0x492: 0x009f, 0x493: 0x00fe, 0x494: 0x0417, 0x495: 0x041b, 0x496: 0x00a1, 0x497: 0x00a9,
+	0x498: 0x00ab, 0x499: 0x0423, 0x49a: 0x012b, 0x49b: 0x00ad, 0x49c: 0x0427, 0x49d: 0x01be,
+	0x49e: 0x01c1, 0x49f: 0x01c4, 0x4a0: 0x01fa, 0x4a1: 0x01fd, 0x4a2: 0x0093, 0x4a3: 0x00a5,
+	0x4a4: 0x00ab, 0x4a5: 0x00ad, 0x4a6: 0x01be, 0x4a7: 0x01c1, 0x4a8: 0x01eb, 0x4a9: 0x01fa,
+	0x4aa: 0x01fd,
+	0x4b8: 0x020c,
+	// Block 0x13, offset 0x4c0
+	0x4db: 0x00fb, 0x4dc: 0x0087, 0x4dd: 0x0101,
+	0x4de: 0x00d4, 0x4df: 0x010a, 0x4e0: 0x008d, 0x4e1: 0x010d, 0x4e2: 0x0110, 0x4e3: 0x0116,
+	0x4e4: 0x011c, 0x4e5: 0x011f, 0x4e6: 0x0122, 0x4e7: 0x042b, 0x4e8: 0x016a, 0x4e9: 0x0128,
+	0x4ea: 0x042f, 0x4eb: 0x016d, 0x4ec: 0x0131, 0x4ed: 0x012e, 0x4ee: 0x0134, 0x4ef: 0x0137,
+	0x4f0: 0x013a, 0x4f1: 0x013d, 0x4f2: 0x0140, 0x4f3: 0x014c, 0x4f4: 0x014f, 0x4f5: 0x00ec,
+	0x4f6: 0x0152, 0x4f7: 0x0155, 0x4f8: 0x041f, 0x4f9: 0x0158, 0x4fa: 0x015b, 0x4fb: 0x00b5,
+	0x4fc: 0x015e, 0x4fd: 0x0161, 0x4fe: 0x0164, 0x4ff: 0x01d0,
+	// Block 0x14, offset 0x500
+	0x500: 0x8132, 0x501: 0x8132, 0x502: 0x812d, 0x503: 0x8132, 0x504: 0x8132, 0x505: 0x8132,
+	0x506: 0x8132, 0x507: 0x8132, 0x508: 0x8132, 0x509: 0x8132, 0x50a: 0x812d, 0x50b: 0x8132,
+	0x50c: 0x8132, 0x50d: 0x8135, 0x50e: 0x812a, 0x50f: 0x812d, 0x510: 0x8129, 0x511: 0x8132,
+	0x512: 0x8132, 0x513: 0x8132, 0x514: 0x8132, 0x515: 0x8132, 0x516: 0x8132, 0x517: 0x8132,
+	0x518: 0x8132, 0x519: 0x8132, 0x51a: 0x8132, 0x51b: 0x8132, 0x51c: 0x8132, 0x51d: 0x8132,
+	0x51e: 0x8132, 0x51f: 0x8132, 0x520: 0x8132, 0x521: 0x8132, 0x522: 0x8132, 0x523: 0x8132,
+	0x524: 0x8132, 0x525: 0x8132, 0x526: 0x8132, 0x527: 0x8132, 0x528: 0x8132, 0x529: 0x8132,
+	0x52a: 0x8132, 0x52b: 0x8132, 0x52c: 0x8132, 0x52d: 0x8132, 0x52e: 0x8132, 0x52f: 0x8132,
+	0x530: 0x8132, 0x531: 0x8132, 0x532: 0x8132, 0x533: 0x8132, 0x534: 0x8132, 0x535: 0x8132,
+	0x536: 0x8133, 0x537: 0x8131, 0x538: 0x8131, 0x539: 0x812d, 0x53b: 0x8132,
+	0x53c: 0x8134, 0x53d: 0x812d, 0x53e: 0x8132, 0x53f: 0x812d,
+	// Block 0x15, offset 0x540
+	0x540: 0x2f97, 0x541: 0x32a3, 0x542: 0x2fa1, 0x543: 0x32ad, 0x544: 0x2fa6, 0x545: 0x32b2,
+	0x546: 0x2fab, 0x547: 0x32b7, 0x548: 0x38cc, 0x549: 0x3a5b, 0x54a: 0x2fc4, 0x54b: 0x32d0,
+	0x54c: 0x2fce, 0x54d: 0x32da, 0x54e: 0x2fdd, 0x54f: 0x32e9, 0x550: 0x2fd3, 0x551: 0x32df,
+	0x552: 0x2fd8, 0x553: 0x32e4, 0x554: 0x38ef, 0x555: 0x3a7e, 0x556: 0x38f6, 0x557: 0x3a85,
+	0x558: 0x3019, 0x559: 0x3325, 0x55a: 0x301e, 0x55b: 0x332a, 0x55c: 0x3904, 0x55d: 0x3a93,
+	0x55e: 0x3023, 0x55f: 0x332f, 0x560: 0x3032, 0x561: 0x333e, 0x562: 0x3050, 0x563: 0x335c,
+	0x564: 0x305f, 0x565: 0x336b, 0x566: 0x3055, 0x567: 0x3361, 0x568: 0x3064, 0x569: 0x3370,
+	0x56a: 0x3069, 0x56b: 0x3375, 0x56c: 0x30af, 0x56d: 0x33bb, 0x56e: 0x390b, 0x56f: 0x3a9a,
+	0x570: 0x30b9, 0x571: 0x33ca, 0x572: 0x30c3, 0x573: 0x33d4, 0x574: 0x30cd, 0x575: 0x33de,
+	0x576: 0x46c4, 0x577: 0x4755, 0x578: 0x3912, 0x579: 0x3aa1, 0x57a: 0x30e6, 0x57b: 0x33f7,
+	0x57c: 0x30e1, 0x57d: 0x33f2, 0x57e: 0x30eb, 0x57f: 0x33fc,
+	// Block 0x16, offset 0x580
+	0x580: 0x30f0, 0x581: 0x3401, 0x582: 0x30f5, 0x583: 0x3406, 0x584: 0x3109, 0x585: 0x341a,
+	0x586: 0x3113, 0x587: 0x3424, 0x588: 0x3122, 0x589: 0x3433, 0x58a: 0x311d, 0x58b: 0x342e,
+	0x58c: 0x3935, 0x58d: 0x3ac4, 0x58e: 0x3943, 0x58f: 0x3ad2, 0x590: 0x394a, 0x591: 0x3ad9,
+	0x592: 0x3951, 0x593: 0x3ae0, 0x594: 0x314f, 0x595: 0x3460, 0x596: 0x3154, 0x597: 0x3465,
+	0x598: 0x315e, 0x599: 0x346f, 0x59a: 0x46f1, 0x59b: 0x4782, 0x59c: 0x3997, 0x59d: 0x3b26,
+	0x59e: 0x3177, 0x59f: 0x3488, 0x5a0: 0x3181, 0x5a1: 0x3492, 0x5a2: 0x4700, 0x5a3: 0x4791,
+	0x5a4: 0x399e, 0x5a5: 0x3b2d, 0x5a6: 0x39a5, 0x5a7: 0x3b34, 0x5a8: 0x39ac, 0x5a9: 0x3b3b,
+	0x5aa: 0x3190, 0x5ab: 0x34a1, 0x5ac: 0x319a, 0x5ad: 0x34b0, 0x5ae: 0x31ae, 0x5af: 0x34c4,
+	0x5b0: 0x31a9, 0x5b1: 0x34bf, 0x5b2: 0x31ea, 0x5b3: 0x3500, 0x5b4: 0x31f9, 0x5b5: 0x350f,
+	0x5b6: 0x31f4, 0x5b7: 0x350a, 0x5b8: 0x39b3, 0x5b9: 0x3b42, 0x5ba: 0x39ba, 0x5bb: 0x3b49,
+	0x5bc: 0x31fe, 0x5bd: 0x3514, 0x5be: 0x3203, 0x5bf: 0x3519,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x3208, 0x5c1: 0x351e, 0x5c2: 0x320d, 0x5c3: 0x3523, 0x5c4: 0x321c, 0x5c5: 0x3532,
+	0x5c6: 0x3217, 0x5c7: 0x352d, 0x5c8: 0x3221, 0x5c9: 0x353c, 0x5ca: 0x3226, 0x5cb: 0x3541,
+	0x5cc: 0x322b, 0x5cd: 0x3546, 0x5ce: 0x3249, 0x5cf: 0x3564, 0x5d0: 0x3262, 0x5d1: 0x3582,
+	0x5d2: 0x3271, 0x5d3: 0x3591, 0x5d4: 0x3276, 0x5d5: 0x3596, 0x5d6: 0x337a, 0x5d7: 0x34a6,
+	0x5d8: 0x3537, 0x5d9: 0x3573, 0x5da: 0x1be0, 0x5db: 0x42d7,
+	0x5e0: 0x46a1, 0x5e1: 0x4732, 0x5e2: 0x2f83, 0x5e3: 0x328f,
+	0x5e4: 0x3878, 0x5e5: 0x3a07, 0x5e6: 0x3871, 0x5e7: 0x3a00, 0x5e8: 0x3886, 0x5e9: 0x3a15,
+	0x5ea: 0x387f, 0x5eb: 0x3a0e, 0x5ec: 0x38be, 0x5ed: 0x3a4d, 0x5ee: 0x3894, 0x5ef: 0x3a23,
+	0x5f0: 0x388d, 0x5f1: 0x3a1c, 0x5f2: 0x38a2, 0x5f3: 0x3a31, 0x5f4: 0x389b, 0x5f5: 0x3a2a,
+	0x5f6: 0x38c5, 0x5f7: 0x3a54, 0x5f8: 0x46b5, 0x5f9: 0x4746, 0x5fa: 0x3000, 0x5fb: 0x330c,
+	0x5fc: 0x2fec, 0x5fd: 0x32f8, 0x5fe: 0x38da, 0x5ff: 0x3a69,
+	// Block 0x18, offset 0x600
+	0x600: 0x38d3, 0x601: 0x3a62, 0x602: 0x38e8, 0x603: 0x3a77, 0x604: 0x38e1, 0x605: 0x3a70,
+	0x606: 0x38fd, 0x607: 0x3a8c, 0x608: 0x3091, 0x609: 0x339d, 0x60a: 0x30a5, 0x60b: 0x33b1,
+	0x60c: 0x46e7, 0x60d: 0x4778, 0x60e: 0x3136, 0x60f: 0x3447, 0x610: 0x3920, 0x611: 0x3aaf,
+	0x612: 0x3919, 0x613: 0x3aa8, 0x614: 0x392e, 0x615: 0x3abd, 0x616: 0x3927, 0x617: 0x3ab6,
+	0x618: 0x3989, 0x619: 0x3b18, 0x61a: 0x396d, 0x61b: 0x3afc, 0x61c: 0x3966, 0x61d: 0x3af5,
+	0x61e: 0x397b, 0x61f: 0x3b0a, 0x620: 0x3974, 0x621: 0x3b03, 0x622: 0x3982, 0x623: 0x3b11,
+	0x624: 0x31e5, 0x625: 0x34fb, 0x626: 0x31c7, 0x627: 0x34dd, 0x628: 0x39e4, 0x629: 0x3b73,
+	0x62a: 0x39dd, 0x62b: 0x3b6c, 0x62c: 0x39f2, 0x62d: 0x3b81, 0x62e: 0x39eb, 0x62f: 0x3b7a,
+	0x630: 0x39f9, 0x631: 0x3b88, 0x632: 0x3230, 0x633: 0x354b, 0x634: 0x3258, 0x635: 0x3578,
+	0x636: 0x3253, 0x637: 0x356e, 0x638: 0x323f, 0x639: 0x355a,
+	// Block 0x19, offset 0x640
+	0x640: 0x4804, 0x641: 0x480a, 0x642: 0x491e, 0x643: 0x4936, 0x644: 0x4926, 0x645: 0x493e,
+	0x646: 0x492e, 0x647: 0x4946, 0x648: 0x47aa, 0x649: 0x47b0, 0x64a: 0x488e, 0x64b: 0x48a6,
+	0x64c: 0x4896, 0x64d: 0x48ae, 0x64e: 0x489e, 0x64f: 0x48b6, 0x650: 0x4816, 0x651: 0x481c,
+	0x652: 0x3db8, 0x653: 0x3dc8, 0x654: 0x3dc0, 0x655: 0x3dd0,
+	0x658: 0x47b6, 0x659: 0x47bc, 0x65a: 0x3ce8, 0x65b: 0x3cf8, 0x65c: 0x3cf0, 0x65d: 0x3d00,
+	0x660: 0x482e, 0x661: 0x4834, 0x662: 0x494e, 0x663: 0x4966,
+	0x664: 0x4956, 0x665: 0x496e, 0x666: 0x495e, 0x667: 0x4976, 0x668: 0x47c2, 0x669: 0x47c8,
+	0x66a: 0x48be, 0x66b: 0x48d6, 0x66c: 0x48c6, 0x66d: 0x48de, 0x66e: 0x48ce, 0x66f: 0x48e6,
+	0x670: 0x4846, 0x671: 0x484c, 0x672: 0x3e18, 0x673: 0x3e30, 0x674: 0x3e20, 0x675: 0x3e38,
+	0x676: 0x3e28, 0x677: 0x3e40, 0x678: 0x47ce, 0x679: 0x47d4, 0x67a: 0x3d18, 0x67b: 0x3d30,
+	0x67c: 0x3d20, 0x67d: 0x3d38, 0x67e: 0x3d28, 0x67f: 0x3d40,
+	// Block 0x1a, offset 0x680
+	0x680: 0x4852, 0x681: 0x4858, 0x682: 0x3e48, 0x683: 0x3e58, 0x684: 0x3e50, 0x685: 0x3e60,
+	0x688: 0x47da, 0x689: 0x47e0, 0x68a: 0x3d48, 0x68b: 0x3d58,
+	0x68c: 0x3d50, 0x68d: 0x3d60, 0x690: 0x4864, 0x691: 0x486a,
+	0x692: 0x3e80, 0x693: 0x3e98, 0x694: 0x3e88, 0x695: 0x3ea0, 0x696: 0x3e90, 0x697: 0x3ea8,
+	0x699: 0x47e6, 0x69b: 0x3d68, 0x69d: 0x3d70,
+	0x69f: 0x3d78, 0x6a0: 0x487c, 0x6a1: 0x4882, 0x6a2: 0x497e, 0x6a3: 0x4996,
+	0x6a4: 0x4986, 0x6a5: 0x499e, 0x6a6: 0x498e, 0x6a7: 0x49a6, 0x6a8: 0x47ec, 0x6a9: 0x47f2,
+	0x6aa: 0x48ee, 0x6ab: 0x4906, 0x6ac: 0x48f6, 0x6ad: 0x490e, 0x6ae: 0x48fe, 0x6af: 0x4916,
+	0x6b0: 0x47f8, 0x6b1: 0x431e, 0x6b2: 0x3691, 0x6b3: 0x4324, 0x6b4: 0x4822, 0x6b5: 0x432a,
+	0x6b6: 0x36a3, 0x6b7: 0x4330, 0x6b8: 0x36c1, 0x6b9: 0x4336, 0x6ba: 0x36d9, 0x6bb: 0x433c,
+	0x6bc: 0x4870, 0x6bd: 0x4342,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x3da0, 0x6c1: 0x3da8, 0x6c2: 0x4184, 0x6c3: 0x41a2, 0x6c4: 0x418e, 0x6c5: 0x41ac,
+	0x6c6: 0x4198, 0x6c7: 0x41b6, 0x6c8: 0x3cd8, 0x6c9: 0x3ce0, 0x6ca: 0x40d0, 0x6cb: 0x40ee,
+	0x6cc: 0x40da, 0x6cd: 0x40f8, 0x6ce: 0x40e4, 0x6cf: 0x4102, 0x6d0: 0x3de8, 0x6d1: 0x3df0,
+	0x6d2: 0x41c0, 0x6d3: 0x41de, 0x6d4: 0x41ca, 0x6d5: 0x41e8, 0x6d6: 0x41d4, 0x6d7: 0x41f2,
+	0x6d8: 0x3d08, 0x6d9: 0x3d10, 0x6da: 0x410c, 0x6db: 0x412a, 0x6dc: 0x4116, 0x6dd: 0x4134,
+	0x6de: 0x4120, 0x6df: 0x413e, 0x6e0: 0x3ec0, 0x6e1: 0x3ec8, 0x6e2: 0x41fc, 0x6e3: 0x421a,
+	0x6e4: 0x4206, 0x6e5: 0x4224, 0x6e6: 0x4210, 0x6e7: 0x422e, 0x6e8: 0x3d80, 0x6e9: 0x3d88,
+	0x6ea: 0x4148, 0x6eb: 0x4166, 0x6ec: 0x4152, 0x6ed: 0x4170, 0x6ee: 0x415c, 0x6ef: 0x417a,
+	0x6f0: 0x3685, 0x6f1: 0x367f, 0x6f2: 0x3d90, 0x6f3: 0x368b, 0x6f4: 0x3d98,
+	0x6f6: 0x4810, 0x6f7: 0x3db0, 0x6f8: 0x35f5, 0x6f9: 0x35ef, 0x6fa: 0x35e3, 0x6fb: 0x42ee,
+	0x6fc: 0x35fb, 0x6fd: 0x4287, 0x6fe: 0x01d3, 0x6ff: 0x4287,
+	// Block 0x1c, offset 0x700
+	0x700: 0x42a0, 0x701: 0x4482, 0x702: 0x3dd8, 0x703: 0x369d, 0x704: 0x3de0,
+	0x706: 0x483a, 0x707: 0x3df8, 0x708: 0x3601, 0x709: 0x42f4, 0x70a: 0x360d, 0x70b: 0x42fa,
+	0x70c: 0x3619, 0x70d: 0x4489, 0x70e: 0x4490, 0x70f: 0x4497, 0x710: 0x36b5, 0x711: 0x36af,
+	0x712: 0x3e00, 0x713: 0x44e4, 0x716: 0x36bb, 0x717: 0x3e10,
+	0x718: 0x3631, 0x719: 0x362b, 0x71a: 0x361f, 0x71b: 0x4300, 0x71d: 0x449e,
+	0x71e: 0x44a5, 0x71f: 0x44ac, 0x720: 0x36eb, 0x721: 0x36e5, 0x722: 0x3e68, 0x723: 0x44ec,
+	0x724: 0x36cd, 0x725: 0x36d3, 0x726: 0x36f1, 0x727: 0x3e78, 0x728: 0x3661, 0x729: 0x365b,
+	0x72a: 0x364f, 0x72b: 0x430c, 0x72c: 0x3649, 0x72d: 0x4474, 0x72e: 0x447b, 0x72f: 0x0081,
+	0x732: 0x3eb0, 0x733: 0x36f7, 0x734: 0x3eb8,
+	0x736: 0x4888, 0x737: 0x3ed0, 0x738: 0x363d, 0x739: 0x4306, 0x73a: 0x366d, 0x73b: 0x4318,
+	0x73c: 0x3679, 0x73d: 0x425a, 0x73e: 0x428c,
+	// Block 0x1d, offset 0x740
+	0x740: 0x1bd8, 0x741: 0x1bdc, 0x742: 0x0047, 0x743: 0x1c54, 0x745: 0x1be8,
+	0x746: 0x1bec, 0x747: 0x00e9, 0x749: 0x1c58, 0x74a: 0x008f, 0x74b: 0x0051,
+	0x74c: 0x0051, 0x74d: 0x0051, 0x74e: 0x0091, 0x74f: 0x00da, 0x750: 0x0053, 0x751: 0x0053,
+	0x752: 0x0059, 0x753: 0x0099, 0x755: 0x005d, 0x756: 0x198d,
+	0x759: 0x0061, 0x75a: 0x0063, 0x75b: 0x0065, 0x75c: 0x0065, 0x75d: 0x0065,
+	0x760: 0x199f, 0x761: 0x1bc8, 0x762: 0x19a8,
+	0x764: 0x0075, 0x766: 0x01b8, 0x768: 0x0075,
+	0x76a: 0x0057, 0x76b: 0x42d2, 0x76c: 0x0045, 0x76d: 0x0047, 0x76f: 0x008b,
+	0x770: 0x004b, 0x771: 0x004d, 0x773: 0x005b, 0x774: 0x009f, 0x775: 0x0215,
+	0x776: 0x0218, 0x777: 0x021b, 0x778: 0x021e, 0x779: 0x0093, 0x77b: 0x1b98,
+	0x77c: 0x01e8, 0x77d: 0x01c1, 0x77e: 0x0179, 0x77f: 0x01a0,
+	// Block 0x1e, offset 0x780
+	0x780: 0x0463, 0x785: 0x0049,
+	0x786: 0x0089, 0x787: 0x008b, 0x788: 0x0093, 0x789: 0x0095,
+	0x790: 0x222e, 0x791: 0x223a,
+	0x792: 0x22ee, 0x793: 0x2216, 0x794: 0x229a, 0x795: 0x2222, 0x796: 0x22a0, 0x797: 0x22b8,
+	0x798: 0x22c4, 0x799: 0x2228, 0x79a: 0x22ca, 0x79b: 0x2234, 0x79c: 0x22be, 0x79d: 0x22d0,
+	0x79e: 0x22d6, 0x79f: 0x1cbc, 0x7a0: 0x0053, 0x7a1: 0x195a, 0x7a2: 0x1ba4, 0x7a3: 0x1963,
+	0x7a4: 0x006d, 0x7a5: 0x19ab, 0x7a6: 0x1bd0, 0x7a7: 0x1d48, 0x7a8: 0x1966, 0x7a9: 0x0071,
+	0x7aa: 0x19b7, 0x7ab: 0x1bd4, 0x7ac: 0x0059, 0x7ad: 0x0047, 0x7ae: 0x0049, 0x7af: 0x005b,
+	0x7b0: 0x0093, 0x7b1: 0x19e4, 0x7b2: 0x1c18, 0x7b3: 0x19ed, 0x7b4: 0x00ad, 0x7b5: 0x1a62,
+	0x7b6: 0x1c4c, 0x7b7: 0x1d5c, 0x7b8: 0x19f0, 0x7b9: 0x00b1, 0x7ba: 0x1a65, 0x7bb: 0x1c50,
+	0x7bc: 0x0099, 0x7bd: 0x0087, 0x7be: 0x0089, 0x7bf: 0x009b,
+	// Block 0x1f, offset 0x7c0
+	0x7c1: 0x3c06, 0x7c3: 0xa000, 0x7c4: 0x3c0d, 0x7c5: 0xa000,
+	0x7c7: 0x3c14, 0x7c8: 0xa000, 0x7c9: 0x3c1b,
+	0x7cd: 0xa000,
+	0x7e0: 0x2f65, 0x7e1: 0xa000, 0x7e2: 0x3c29,
+	0x7e4: 0xa000, 0x7e5: 0xa000,
+	0x7ed: 0x3c22, 0x7ee: 0x2f60, 0x7ef: 0x2f6a,
+	0x7f0: 0x3c30, 0x7f1: 0x3c37, 0x7f2: 0xa000, 0x7f3: 0xa000, 0x7f4: 0x3c3e, 0x7f5: 0x3c45,
+	0x7f6: 0xa000, 0x7f7: 0xa000, 0x7f8: 0x3c4c, 0x7f9: 0x3c53, 0x7fa: 0xa000, 0x7fb: 0xa000,
+	0x7fc: 0xa000, 0x7fd: 0xa000,
+	// Block 0x20, offset 0x800
+	0x800: 0x3c5a, 0x801: 0x3c61, 0x802: 0xa000, 0x803: 0xa000, 0x804: 0x3c76, 0x805: 0x3c7d,
+	0x806: 0xa000, 0x807: 0xa000, 0x808: 0x3c84, 0x809: 0x3c8b,
+	0x811: 0xa000,
+	0x812: 0xa000,
+	0x822: 0xa000,
+	0x828: 0xa000, 0x829: 0xa000,
+	0x82b: 0xa000, 0x82c: 0x3ca0, 0x82d: 0x3ca7, 0x82e: 0x3cae, 0x82f: 0x3cb5,
+	0x832: 0xa000, 0x833: 0xa000, 0x834: 0xa000, 0x835: 0xa000,
+	// Block 0x21, offset 0x840
+	0x860: 0x0023, 0x861: 0x0025, 0x862: 0x0027, 0x863: 0x0029,
+	0x864: 0x002b, 0x865: 0x002d, 0x866: 0x002f, 0x867: 0x0031, 0x868: 0x0033, 0x869: 0x1882,
+	0x86a: 0x1885, 0x86b: 0x1888, 0x86c: 0x188b, 0x86d: 0x188e, 0x86e: 0x1891, 0x86f: 0x1894,
+	0x870: 0x1897, 0x871: 0x189a, 0x872: 0x189d, 0x873: 0x18a6, 0x874: 0x1a68, 0x875: 0x1a6c,
+	0x876: 0x1a70, 0x877: 0x1a74, 0x878: 0x1a78, 0x879: 0x1a7c, 0x87a: 0x1a80, 0x87b: 0x1a84,
+	0x87c: 0x1a88, 0x87d: 0x1c80, 0x87e: 0x1c85, 0x87f: 0x1c8a,
+	// Block 0x22, offset 0x880
+	0x880: 0x1c8f, 0x881: 0x1c94, 0x882: 0x1c99, 0x883: 0x1c9e, 0x884: 0x1ca3, 0x885: 0x1ca8,
+	0x886: 0x1cad, 0x887: 0x1cb2, 0x888: 0x187f, 0x889: 0x18a3, 0x88a: 0x18c7, 0x88b: 0x18eb,
+	0x88c: 0x190f, 0x88d: 0x1918, 0x88e: 0x191e, 0x88f: 0x1924, 0x890: 0x192a, 0x891: 0x1b60,
+	0x892: 0x1b64, 0x893: 0x1b68, 0x894: 0x1b6c, 0x895: 0x1b70, 0x896: 0x1b74, 0x897: 0x1b78,
+	0x898: 0x1b7c, 0x899: 0x1b80, 0x89a: 0x1b84, 0x89b: 0x1b88, 0x89c: 0x1af4, 0x89d: 0x1af8,
+	0x89e: 0x1afc, 0x89f: 0x1b00, 0x8a0: 0x1b04, 0x8a1: 0x1b08, 0x8a2: 0x1b0c, 0x8a3: 0x1b10,
+	0x8a4: 0x1b14, 0x8a5: 0x1b18, 0x8a6: 0x1b1c, 0x8a7: 0x1b20, 0x8a8: 0x1b24, 0x8a9: 0x1b28,
+	0x8aa: 0x1b2c, 0x8ab: 0x1b30, 0x8ac: 0x1b34, 0x8ad: 0x1b38, 0x8ae: 0x1b3c, 0x8af: 0x1b40,
+	0x8b0: 0x1b44, 0x8b1: 0x1b48, 0x8b2: 0x1b4c, 0x8b3: 0x1b50, 0x8b4: 0x1b54, 0x8b5: 0x1b58,
+	0x8b6: 0x0043, 0x8b7: 0x0045, 0x8b8: 0x0047, 0x8b9: 0x0049, 0x8ba: 0x004b, 0x8bb: 0x004d,
+	0x8bc: 0x004f, 0x8bd: 0x0051, 0x8be: 0x0053, 0x8bf: 0x0055,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x06bf, 0x8c1: 0x06e3, 0x8c2: 0x06ef, 0x8c3: 0x06ff, 0x8c4: 0x0707, 0x8c5: 0x0713,
+	0x8c6: 0x071b, 0x8c7: 0x0723, 0x8c8: 0x072f, 0x8c9: 0x0783, 0x8ca: 0x079b, 0x8cb: 0x07ab,
+	0x8cc: 0x07bb, 0x8cd: 0x07cb, 0x8ce: 0x07db, 0x8cf: 0x07fb, 0x8d0: 0x07ff, 0x8d1: 0x0803,
+	0x8d2: 0x0837, 0x8d3: 0x085f, 0x8d4: 0x086f, 0x8d5: 0x0877, 0x8d6: 0x087b, 0x8d7: 0x0887,
+	0x8d8: 0x08a3, 0x8d9: 0x08a7, 0x8da: 0x08bf, 0x8db: 0x08c3, 0x8dc: 0x08cb, 0x8dd: 0x08db,
+	0x8de: 0x0977, 0x8df: 0x098b, 0x8e0: 0x09cb, 0x8e1: 0x09df, 0x8e2: 0x09e7, 0x8e3: 0x09eb,
+	0x8e4: 0x09fb, 0x8e5: 0x0a17, 0x8e6: 0x0a43, 0x8e7: 0x0a4f, 0x8e8: 0x0a6f, 0x8e9: 0x0a7b,
+	0x8ea: 0x0a7f, 0x8eb: 0x0a83, 0x8ec: 0x0a9b, 0x8ed: 0x0a9f, 0x8ee: 0x0acb, 0x8ef: 0x0ad7,
+	0x8f0: 0x0adf, 0x8f1: 0x0ae7, 0x8f2: 0x0af7, 0x8f3: 0x0aff, 0x8f4: 0x0b07, 0x8f5: 0x0b33,
+	0x8f6: 0x0b37, 0x8f7: 0x0b3f, 0x8f8: 0x0b43, 0x8f9: 0x0b4b, 0x8fa: 0x0b53, 0x8fb: 0x0b63,
+	0x8fc: 0x0b7f, 0x8fd: 0x0bf7, 0x8fe: 0x0c0b, 0x8ff: 0x0c0f,
+	// Block 0x24, offset 0x900
+	0x900: 0x0c8f, 0x901: 0x0c93, 0x902: 0x0ca7, 0x903: 0x0cab, 0x904: 0x0cb3, 0x905: 0x0cbb,
+	0x906: 0x0cc3, 0x907: 0x0ccf, 0x908: 0x0cf7, 0x909: 0x0d07, 0x90a: 0x0d1b, 0x90b: 0x0d8b,
+	0x90c: 0x0d97, 0x90d: 0x0da7, 0x90e: 0x0db3, 0x90f: 0x0dbf, 0x910: 0x0dc7, 0x911: 0x0dcb,
+	0x912: 0x0dcf, 0x913: 0x0dd3, 0x914: 0x0dd7, 0x915: 0x0e8f, 0x916: 0x0ed7, 0x917: 0x0ee3,
+	0x918: 0x0ee7, 0x919: 0x0eeb, 0x91a: 0x0eef, 0x91b: 0x0ef7, 0x91c: 0x0efb, 0x91d: 0x0f0f,
+	0x91e: 0x0f2b, 0x91f: 0x0f33, 0x920: 0x0f73, 0x921: 0x0f77, 0x922: 0x0f7f, 0x923: 0x0f83,
+	0x924: 0x0f8b, 0x925: 0x0f8f, 0x926: 0x0fb3, 0x927: 0x0fb7, 0x928: 0x0fd3, 0x929: 0x0fd7,
+	0x92a: 0x0fdb, 0x92b: 0x0fdf, 0x92c: 0x0ff3, 0x92d: 0x1017, 0x92e: 0x101b, 0x92f: 0x101f,
+	0x930: 0x1043, 0x931: 0x1083, 0x932: 0x1087, 0x933: 0x10a7, 0x934: 0x10b7, 0x935: 0x10bf,
+	0x936: 0x10df, 0x937: 0x1103, 0x938: 0x1147, 0x939: 0x114f, 0x93a: 0x1163, 0x93b: 0x116f,
+	0x93c: 0x1177, 0x93d: 0x117f, 0x93e: 0x1183, 0x93f: 0x1187,
+	// Block 0x25, offset 0x940
+	0x940: 0x119f, 0x941: 0x11a3, 0x942: 0x11bf, 0x943: 0x11c7, 0x944: 0x11cf, 0x945: 0x11d3,
+	0x946: 0x11df, 0x947: 0x11e7, 0x948: 0x11eb, 0x949: 0x11ef, 0x94a: 0x11f7, 0x94b: 0x11fb,
+	0x94c: 0x129b, 0x94d: 0x12af, 0x94e: 0x12e3, 0x94f: 0x12e7, 0x950: 0x12ef, 0x951: 0x131b,
+	0x952: 0x1323, 0x953: 0x132b, 0x954: 0x1333, 0x955: 0x136f, 0x956: 0x1373, 0x957: 0x137b,
+	0x958: 0x137f, 0x959: 0x1383, 0x95a: 0x13af, 0x95b: 0x13b3, 0x95c: 0x13bb, 0x95d: 0x13cf,
+	0x95e: 0x13d3, 0x95f: 0x13ef, 0x960: 0x13f7, 0x961: 0x13fb, 0x962: 0x141f, 0x963: 0x143f,
+	0x964: 0x1453, 0x965: 0x1457, 0x966: 0x145f, 0x967: 0x148b, 0x968: 0x148f, 0x969: 0x149f,
+	0x96a: 0x14c3, 0x96b: 0x14cf, 0x96c: 0x14df, 0x96d: 0x14f7, 0x96e: 0x14ff, 0x96f: 0x1503,
+	0x970: 0x1507, 0x971: 0x150b, 0x972: 0x1517, 0x973: 0x151b, 0x974: 0x1523, 0x975: 0x153f,
+	0x976: 0x1543, 0x977: 0x1547, 0x978: 0x155f, 0x979: 0x1563, 0x97a: 0x156b, 0x97b: 0x157f,
+	0x97c: 0x1583, 0x97d: 0x1587, 0x97e: 0x158f, 0x97f: 0x1593,
+	// Block 0x26, offset 0x980
+	0x986: 0xa000, 0x98b: 0xa000,
+	0x98c: 0x3f08, 0x98d: 0xa000, 0x98e: 0x3f10, 0x98f: 0xa000, 0x990: 0x3f18, 0x991: 0xa000,
+	0x992: 0x3f20, 0x993: 0xa000, 0x994: 0x3f28, 0x995: 0xa000, 0x996: 0x3f30, 0x997: 0xa000,
+	0x998: 0x3f38, 0x999: 0xa000, 0x99a: 0x3f40, 0x99b: 0xa000, 0x99c: 0x3f48, 0x99d: 0xa000,
+	0x99e: 0x3f50, 0x99f: 0xa000, 0x9a0: 0x3f58, 0x9a1: 0xa000, 0x9a2: 0x3f60,
+	0x9a4: 0xa000, 0x9a5: 0x3f68, 0x9a6: 0xa000, 0x9a7: 0x3f70, 0x9a8: 0xa000, 0x9a9: 0x3f78,
+	0x9af: 0xa000,
+	0x9b0: 0x3f80, 0x9b1: 0x3f88, 0x9b2: 0xa000, 0x9b3: 0x3f90, 0x9b4: 0x3f98, 0x9b5: 0xa000,
+	0x9b6: 0x3fa0, 0x9b7: 0x3fa8, 0x9b8: 0xa000, 0x9b9: 0x3fb0, 0x9ba: 0x3fb8, 0x9bb: 0xa000,
+	0x9bc: 0x3fc0, 0x9bd: 0x3fc8,
+	// Block 0x27, offset 0x9c0
+	0x9d4: 0x3f00,
+	0x9d9: 0x9903, 0x9da: 0x9903, 0x9db: 0x42dc, 0x9dc: 0x42e2, 0x9dd: 0xa000,
+	0x9de: 0x3fd0, 0x9df: 0x26b4,
+	0x9e6: 0xa000,
+	0x9eb: 0xa000, 0x9ec: 0x3fe0, 0x9ed: 0xa000, 0x9ee: 0x3fe8, 0x9ef: 0xa000,
+	0x9f0: 0x3ff0, 0x9f1: 0xa000, 0x9f2: 0x3ff8, 0x9f3: 0xa000, 0x9f4: 0x4000, 0x9f5: 0xa000,
+	0x9f6: 0x4008, 0x9f7: 0xa000, 0x9f8: 0x4010, 0x9f9: 0xa000, 0x9fa: 0x4018, 0x9fb: 0xa000,
+	0x9fc: 0x4020, 0x9fd: 0xa000, 0x9fe: 0x4028, 0x9ff: 0xa000,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x4030, 0xa01: 0xa000, 0xa02: 0x4038, 0xa04: 0xa000, 0xa05: 0x4040,
+	0xa06: 0xa000, 0xa07: 0x4048, 0xa08: 0xa000, 0xa09: 0x4050,
+	0xa0f: 0xa000, 0xa10: 0x4058, 0xa11: 0x4060,
+	0xa12: 0xa000, 0xa13: 0x4068, 0xa14: 0x4070, 0xa15: 0xa000, 0xa16: 0x4078, 0xa17: 0x4080,
+	0xa18: 0xa000, 0xa19: 0x4088, 0xa1a: 0x4090, 0xa1b: 0xa000, 0xa1c: 0x4098, 0xa1d: 0x40a0,
+	0xa2f: 0xa000,
+	0xa30: 0xa000, 0xa31: 0xa000, 0xa32: 0xa000, 0xa34: 0x3fd8,
+	0xa37: 0x40a8, 0xa38: 0x40b0, 0xa39: 0x40b8, 0xa3a: 0x40c0,
+	0xa3d: 0xa000, 0xa3e: 0x40c8, 0xa3f: 0x26c9,
+	// Block 0x29, offset 0xa40
+	0xa40: 0x0367, 0xa41: 0x032b, 0xa42: 0x032f, 0xa43: 0x0333, 0xa44: 0x037b, 0xa45: 0x0337,
+	0xa46: 0x033b, 0xa47: 0x033f, 0xa48: 0x0343, 0xa49: 0x0347, 0xa4a: 0x034b, 0xa4b: 0x034f,
+	0xa4c: 0x0353, 0xa4d: 0x0357, 0xa4e: 0x035b, 0xa4f: 0x49bd, 0xa50: 0x49c3, 0xa51: 0x49c9,
+	0xa52: 0x49cf, 0xa53: 0x49d5, 0xa54: 0x49db, 0xa55: 0x49e1, 0xa56: 0x49e7, 0xa57: 0x49ed,
+	0xa58: 0x49f3, 0xa59: 0x49f9, 0xa5a: 0x49ff, 0xa5b: 0x4a05, 0xa5c: 0x4a0b, 0xa5d: 0x4a11,
+	0xa5e: 0x4a17, 0xa5f: 0x4a1d, 0xa60: 0x4a23, 0xa61: 0x4a29, 0xa62: 0x4a2f, 0xa63: 0x4a35,
+	0xa64: 0x03c3, 0xa65: 0x035f, 0xa66: 0x0363, 0xa67: 0x03e7, 0xa68: 0x03eb, 0xa69: 0x03ef,
+	0xa6a: 0x03f3, 0xa6b: 0x03f7, 0xa6c: 0x03fb, 0xa6d: 0x03ff, 0xa6e: 0x036b, 0xa6f: 0x0403,
+	0xa70: 0x0407, 0xa71: 0x036f, 0xa72: 0x0373, 0xa73: 0x0377, 0xa74: 0x037f, 0xa75: 0x0383,
+	0xa76: 0x0387, 0xa77: 0x038b, 0xa78: 0x038f, 0xa79: 0x0393, 0xa7a: 0x0397, 0xa7b: 0x039b,
+	0xa7c: 0x039f, 0xa7d: 0x03a3, 0xa7e: 0x03a7, 0xa7f: 0x03ab,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0x03af, 0xa81: 0x03b3, 0xa82: 0x040b, 0xa83: 0x040f, 0xa84: 0x03b7, 0xa85: 0x03bb,
+	0xa86: 0x03bf, 0xa87: 0x03c7, 0xa88: 0x03cb, 0xa89: 0x03cf, 0xa8a: 0x03d3, 0xa8b: 0x03d7,
+	0xa8c: 0x03db, 0xa8d: 0x03df, 0xa8e: 0x03e3,
+	0xa92: 0x06bf, 0xa93: 0x071b, 0xa94: 0x06cb, 0xa95: 0x097b, 0xa96: 0x06cf, 0xa97: 0x06e7,
+	0xa98: 0x06d3, 0xa99: 0x0f93, 0xa9a: 0x0707, 0xa9b: 0x06db, 0xa9c: 0x06c3, 0xa9d: 0x09ff,
+	0xa9e: 0x098f, 0xa9f: 0x072f,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0x2054, 0xac1: 0x205a, 0xac2: 0x2060, 0xac3: 0x2066, 0xac4: 0x206c, 0xac5: 0x2072,
+	0xac6: 0x2078, 0xac7: 0x207e, 0xac8: 0x2084, 0xac9: 0x208a, 0xaca: 0x2090, 0xacb: 0x2096,
+	0xacc: 0x209c, 0xacd: 0x20a2, 0xace: 0x2726, 0xacf: 0x272f, 0xad0: 0x2738, 0xad1: 0x2741,
+	0xad2: 0x274a, 0xad3: 0x2753, 0xad4: 0x275c, 0xad5: 0x2765, 0xad6: 0x276e, 0xad7: 0x2780,
+	0xad8: 0x2789, 0xad9: 0x2792, 0xada: 0x279b, 0xadb: 0x27a4, 0xadc: 0x2777, 0xadd: 0x2bac,
+	0xade: 0x2aed, 0xae0: 0x20a8, 0xae1: 0x20c0, 0xae2: 0x20b4, 0xae3: 0x2108,
+	0xae4: 0x20c6, 0xae5: 0x20e4, 0xae6: 0x20ae, 0xae7: 0x20de, 0xae8: 0x20ba, 0xae9: 0x20f0,
+	0xaea: 0x2120, 0xaeb: 0x213e, 0xaec: 0x2138, 0xaed: 0x212c, 0xaee: 0x217a, 0xaef: 0x210e,
+	0xaf0: 0x211a, 0xaf1: 0x2132, 0xaf2: 0x2126, 0xaf3: 0x2150, 0xaf4: 0x20fc, 0xaf5: 0x2144,
+	0xaf6: 0x216e, 0xaf7: 0x2156, 0xaf8: 0x20ea, 0xaf9: 0x20cc, 0xafa: 0x2102, 0xafb: 0x2114,
+	0xafc: 0x214a, 0xafd: 0x20d2, 0xafe: 0x2174, 0xaff: 0x20f6,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x215c, 0xb01: 0x20d8, 0xb02: 0x2162, 0xb03: 0x2168, 0xb04: 0x092f, 0xb05: 0x0b03,
+	0xb06: 0x0ca7, 0xb07: 0x10c7,
+	0xb10: 0x1bc4, 0xb11: 0x18a9,
+	0xb12: 0x18ac, 0xb13: 0x18af, 0xb14: 0x18b2, 0xb15: 0x18b5, 0xb16: 0x18b8, 0xb17: 0x18bb,
+	0xb18: 0x18be, 0xb19: 0x18c1, 0xb1a: 0x18ca, 0xb1b: 0x18cd, 0xb1c: 0x18d0, 0xb1d: 0x18d3,
+	0xb1e: 0x18d6, 0xb1f: 0x18d9, 0xb20: 0x0313, 0xb21: 0x031b, 0xb22: 0x031f, 0xb23: 0x0327,
+	0xb24: 0x032b, 0xb25: 0x032f, 0xb26: 0x0337, 0xb27: 0x033f, 0xb28: 0x0343, 0xb29: 0x034b,
+	0xb2a: 0x034f, 0xb2b: 0x0353, 0xb2c: 0x0357, 0xb2d: 0x035b, 0xb2e: 0x2e18, 0xb2f: 0x2e20,
+	0xb30: 0x2e28, 0xb31: 0x2e30, 0xb32: 0x2e38, 0xb33: 0x2e40, 0xb34: 0x2e48, 0xb35: 0x2e50,
+	0xb36: 0x2e60, 0xb37: 0x2e68, 0xb38: 0x2e70, 0xb39: 0x2e78, 0xb3a: 0x2e80, 0xb3b: 0x2e88,
+	0xb3c: 0x2ed3, 0xb3d: 0x2e9b, 0xb3e: 0x2e58,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x06bf, 0xb41: 0x071b, 0xb42: 0x06cb, 0xb43: 0x097b, 0xb44: 0x071f, 0xb45: 0x07af,
+	0xb46: 0x06c7, 0xb47: 0x07ab, 0xb48: 0x070b, 0xb49: 0x0887, 0xb4a: 0x0d07, 0xb4b: 0x0e8f,
+	0xb4c: 0x0dd7, 0xb4d: 0x0d1b, 0xb4e: 0x145f, 0xb4f: 0x098b, 0xb50: 0x0ccf, 0xb51: 0x0d4b,
+	0xb52: 0x0d0b, 0xb53: 0x104b, 0xb54: 0x08fb, 0xb55: 0x0f03, 0xb56: 0x1387, 0xb57: 0x105f,
+	0xb58: 0x0843, 0xb59: 0x108f, 0xb5a: 0x0f9b, 0xb5b: 0x0a17, 0xb5c: 0x140f, 0xb5d: 0x077f,
+	0xb5e: 0x08ab, 0xb5f: 0x0df7, 0xb60: 0x1527, 0xb61: 0x0743, 0xb62: 0x07d3, 0xb63: 0x0d9b,
+	0xb64: 0x06cf, 0xb65: 0x06e7, 0xb66: 0x06d3, 0xb67: 0x0adb, 0xb68: 0x08ef, 0xb69: 0x087f,
+	0xb6a: 0x0a57, 0xb6b: 0x0a4b, 0xb6c: 0x0feb, 0xb6d: 0x073f, 0xb6e: 0x139b, 0xb6f: 0x089b,
+	0xb70: 0x09f3, 0xb71: 0x18dc, 0xb72: 0x18df, 0xb73: 0x18e2, 0xb74: 0x18e5, 0xb75: 0x18ee,
+	0xb76: 0x18f1, 0xb77: 0x18f4, 0xb78: 0x18f7, 0xb79: 0x18fa, 0xb7a: 0x18fd, 0xb7b: 0x1900,
+	0xb7c: 0x1903, 0xb7d: 0x1906, 0xb7e: 0x1909, 0xb7f: 0x1912,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x1cc6, 0xb81: 0x1cd5, 0xb82: 0x1ce4, 0xb83: 0x1cf3, 0xb84: 0x1d02, 0xb85: 0x1d11,
+	0xb86: 0x1d20, 0xb87: 0x1d2f, 0xb88: 0x1d3e, 0xb89: 0x218c, 0xb8a: 0x219e, 0xb8b: 0x21b0,
+	0xb8c: 0x1954, 0xb8d: 0x1c04, 0xb8e: 0x19d2, 0xb8f: 0x1ba8, 0xb90: 0x04cb, 0xb91: 0x04d3,
+	0xb92: 0x04db, 0xb93: 0x04e3, 0xb94: 0x04eb, 0xb95: 0x04ef, 0xb96: 0x04f3, 0xb97: 0x04f7,
+	0xb98: 0x04fb, 0xb99: 0x04ff, 0xb9a: 0x0503, 0xb9b: 0x0507, 0xb9c: 0x050b, 0xb9d: 0x050f,
+	0xb9e: 0x0513, 0xb9f: 0x0517, 0xba0: 0x051b, 0xba1: 0x0523, 0xba2: 0x0527, 0xba3: 0x052b,
+	0xba4: 0x052f, 0xba5: 0x0533, 0xba6: 0x0537, 0xba7: 0x053b, 0xba8: 0x053f, 0xba9: 0x0543,
+	0xbaa: 0x0547, 0xbab: 0x054b, 0xbac: 0x054f, 0xbad: 0x0553, 0xbae: 0x0557, 0xbaf: 0x055b,
+	0xbb0: 0x055f, 0xbb1: 0x0563, 0xbb2: 0x0567, 0xbb3: 0x056f, 0xbb4: 0x0577, 0xbb5: 0x057f,
+	0xbb6: 0x0583, 0xbb7: 0x0587, 0xbb8: 0x058b, 0xbb9: 0x058f, 0xbba: 0x0593, 0xbbb: 0x0597,
+	0xbbc: 0x059b, 0xbbd: 0x059f, 0xbbe: 0x05a3,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x2b0c, 0xbc1: 0x29a8, 0xbc2: 0x2b1c, 0xbc3: 0x2880, 0xbc4: 0x2ee4, 0xbc5: 0x288a,
+	0xbc6: 0x2894, 0xbc7: 0x2f28, 0xbc8: 0x29b5, 0xbc9: 0x289e, 0xbca: 0x28a8, 0xbcb: 0x28b2,
+	0xbcc: 0x29dc, 0xbcd: 0x29e9, 0xbce: 0x29c2, 0xbcf: 0x29cf, 0xbd0: 0x2ea9, 0xbd1: 0x29f6,
+	0xbd2: 0x2a03, 0xbd3: 0x2bbe, 0xbd4: 0x26bb, 0xbd5: 0x2bd1, 0xbd6: 0x2be4, 0xbd7: 0x2b2c,
+	0xbd8: 0x2a10, 0xbd9: 0x2bf7, 0xbda: 0x2c0a, 0xbdb: 0x2a1d, 0xbdc: 0x28bc, 0xbdd: 0x28c6,
+	0xbde: 0x2eb7, 0xbdf: 0x2a2a, 0xbe0: 0x2b3c, 0xbe1: 0x2ef5, 0xbe2: 0x28d0, 0xbe3: 0x28da,
+	0xbe4: 0x2a37, 0xbe5: 0x28e4, 0xbe6: 0x28ee, 0xbe7: 0x26d0, 0xbe8: 0x26d7, 0xbe9: 0x28f8,
+	0xbea: 0x2902, 0xbeb: 0x2c1d, 0xbec: 0x2a44, 0xbed: 0x2b4c, 0xbee: 0x2c30, 0xbef: 0x2a51,
+	0xbf0: 0x2916, 0xbf1: 0x290c, 0xbf2: 0x2f3c, 0xbf3: 0x2a5e, 0xbf4: 0x2c43, 0xbf5: 0x2920,
+	0xbf6: 0x2b5c, 0xbf7: 0x292a, 0xbf8: 0x2a78, 0xbf9: 0x2934, 0xbfa: 0x2a85, 0xbfb: 0x2f06,
+	0xbfc: 0x2a6b, 0xbfd: 0x2b6c, 0xbfe: 0x2a92, 0xbff: 0x26de,
+	// Block 0x30, offset 0xc00
+	0xc00: 0x2f17, 0xc01: 0x293e, 0xc02: 0x2948, 0xc03: 0x2a9f, 0xc04: 0x2952, 0xc05: 0x295c,
+	0xc06: 0x2966, 0xc07: 0x2b7c, 0xc08: 0x2aac, 0xc09: 0x26e5, 0xc0a: 0x2c56, 0xc0b: 0x2e90,
+	0xc0c: 0x2b8c, 0xc0d: 0x2ab9, 0xc0e: 0x2ec5, 0xc0f: 0x2970, 0xc10: 0x297a, 0xc11: 0x2ac6,
+	0xc12: 0x26ec, 0xc13: 0x2ad3, 0xc14: 0x2b9c, 0xc15: 0x26f3, 0xc16: 0x2c69, 0xc17: 0x2984,
+	0xc18: 0x1cb7, 0xc19: 0x1ccb, 0xc1a: 0x1cda, 0xc1b: 0x1ce9, 0xc1c: 0x1cf8, 0xc1d: 0x1d07,
+	0xc1e: 0x1d16, 0xc1f: 0x1d25, 0xc20: 0x1d34, 0xc21: 0x1d43, 0xc22: 0x2192, 0xc23: 0x21a4,
+	0xc24: 0x21b6, 0xc25: 0x21c2, 0xc26: 0x21ce, 0xc27: 0x21da, 0xc28: 0x21e6, 0xc29: 0x21f2,
+	0xc2a: 0x21fe, 0xc2b: 0x220a, 0xc2c: 0x2246, 0xc2d: 0x2252, 0xc2e: 0x225e, 0xc2f: 0x226a,
+	0xc30: 0x2276, 0xc31: 0x1c14, 0xc32: 0x19c6, 0xc33: 0x1936, 0xc34: 0x1be4, 0xc35: 0x1a47,
+	0xc36: 0x1a56, 0xc37: 0x19cc, 0xc38: 0x1bfc, 0xc39: 0x1c00, 0xc3a: 0x1960, 0xc3b: 0x2701,
+	0xc3c: 0x270f, 0xc3d: 0x26fa, 0xc3e: 0x2708, 0xc3f: 0x2ae0,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x1a4a, 0xc41: 0x1a32, 0xc42: 0x1c60, 0xc43: 0x1a1a, 0xc44: 0x19f3, 0xc45: 0x1969,
+	0xc46: 0x1978, 0xc47: 0x1948, 0xc48: 0x1bf0, 0xc49: 0x1d52, 0xc4a: 0x1a4d, 0xc4b: 0x1a35,
+	0xc4c: 0x1c64, 0xc4d: 0x1c70, 0xc4e: 0x1a26, 0xc4f: 0x19fc, 0xc50: 0x1957, 0xc51: 0x1c1c,
+	0xc52: 0x1bb0, 0xc53: 0x1b9c, 0xc54: 0x1bcc, 0xc55: 0x1c74, 0xc56: 0x1a29, 0xc57: 0x19c9,
+	0xc58: 0x19ff, 0xc59: 0x19de, 0xc5a: 0x1a41, 0xc5b: 0x1c78, 0xc5c: 0x1a2c, 0xc5d: 0x19c0,
+	0xc5e: 0x1a02, 0xc5f: 0x1c3c, 0xc60: 0x1bf4, 0xc61: 0x1a14, 0xc62: 0x1c24, 0xc63: 0x1c40,
+	0xc64: 0x1bf8, 0xc65: 0x1a17, 0xc66: 0x1c28, 0xc67: 0x22e8, 0xc68: 0x22fc, 0xc69: 0x1996,
+	0xc6a: 0x1c20, 0xc6b: 0x1bb4, 0xc6c: 0x1ba0, 0xc6d: 0x1c48, 0xc6e: 0x2716, 0xc6f: 0x27ad,
+	0xc70: 0x1a59, 0xc71: 0x1a44, 0xc72: 0x1c7c, 0xc73: 0x1a2f, 0xc74: 0x1a50, 0xc75: 0x1a38,
+	0xc76: 0x1c68, 0xc77: 0x1a1d, 0xc78: 0x19f6, 0xc79: 0x1981, 0xc7a: 0x1a53, 0xc7b: 0x1a3b,
+	0xc7c: 0x1c6c, 0xc7d: 0x1a20, 0xc7e: 0x19f9, 0xc7f: 0x1984,
+	// Block 0x32, offset 0xc80
+	0xc80: 0x1c2c, 0xc81: 0x1bb8, 0xc82: 0x1d4d, 0xc83: 0x1939, 0xc84: 0x19ba, 0xc85: 0x19bd,
+	0xc86: 0x22f5, 0xc87: 0x1b94, 0xc88: 0x19c3, 0xc89: 0x194b, 0xc8a: 0x19e1, 0xc8b: 0x194e,
+	0xc8c: 0x19ea, 0xc8d: 0x196c, 0xc8e: 0x196f, 0xc8f: 0x1a05, 0xc90: 0x1a0b, 0xc91: 0x1a0e,
+	0xc92: 0x1c30, 0xc93: 0x1a11, 0xc94: 0x1a23, 0xc95: 0x1c38, 0xc96: 0x1c44, 0xc97: 0x1990,
+	0xc98: 0x1d57, 0xc99: 0x1bbc, 0xc9a: 0x1993, 0xc9b: 0x1a5c, 0xc9c: 0x19a5, 0xc9d: 0x19b4,
+	0xc9e: 0x22e2, 0xc9f: 0x22dc, 0xca0: 0x1cc1, 0xca1: 0x1cd0, 0xca2: 0x1cdf, 0xca3: 0x1cee,
+	0xca4: 0x1cfd, 0xca5: 0x1d0c, 0xca6: 0x1d1b, 0xca7: 0x1d2a, 0xca8: 0x1d39, 0xca9: 0x2186,
+	0xcaa: 0x2198, 0xcab: 0x21aa, 0xcac: 0x21bc, 0xcad: 0x21c8, 0xcae: 0x21d4, 0xcaf: 0x21e0,
+	0xcb0: 0x21ec, 0xcb1: 0x21f8, 0xcb2: 0x2204, 0xcb3: 0x2240, 0xcb4: 0x224c, 0xcb5: 0x2258,
+	0xcb6: 0x2264, 0xcb7: 0x2270, 0xcb8: 0x227c, 0xcb9: 0x2282, 0xcba: 0x2288, 0xcbb: 0x228e,
+	0xcbc: 0x2294, 0xcbd: 0x22a6, 0xcbe: 0x22ac, 0xcbf: 0x1c10,
+	// Block 0x33, offset 0xcc0
+	0xcc0: 0x1377, 0xcc1: 0x0cfb, 0xcc2: 0x13d3, 0xcc3: 0x139f, 0xcc4: 0x0e57, 0xcc5: 0x06eb,
+	0xcc6: 0x08df, 0xcc7: 0x162b, 0xcc8: 0x162b, 0xcc9: 0x0a0b, 0xcca: 0x145f, 0xccb: 0x0943,
+	0xccc: 0x0a07, 0xccd: 0x0bef, 0xcce: 0x0fcf, 0xccf: 0x115f, 0xcd0: 0x1297, 0xcd1: 0x12d3,
+	0xcd2: 0x1307, 0xcd3: 0x141b, 0xcd4: 0x0d73, 0xcd5: 0x0dff, 0xcd6: 0x0eab, 0xcd7: 0x0f43,
+	0xcd8: 0x125f, 0xcd9: 0x1447, 0xcda: 0x1573, 0xcdb: 0x070f, 0xcdc: 0x08b3, 0xcdd: 0x0d87,
+	0xcde: 0x0ecf, 0xcdf: 0x1293, 0xce0: 0x15c3, 0xce1: 0x0ab3, 0xce2: 0x0e77, 0xce3: 0x1283,
+	0xce4: 0x1317, 0xce5: 0x0c23, 0xce6: 0x11bb, 0xce7: 0x12df, 0xce8: 0x0b1f, 0xce9: 0x0d0f,
+	0xcea: 0x0e17, 0xceb: 0x0f1b, 0xcec: 0x1427, 0xced: 0x074f, 0xcee: 0x07e7, 0xcef: 0x0853,
+	0xcf0: 0x0c8b, 0xcf1: 0x0d7f, 0xcf2: 0x0ecb, 0xcf3: 0x0fef, 0xcf4: 0x1177, 0xcf5: 0x128b,
+	0xcf6: 0x12a3, 0xcf7: 0x13c7, 0xcf8: 0x14ef, 0xcf9: 0x15a3, 0xcfa: 0x15bf, 0xcfb: 0x102b,
+	0xcfc: 0x106b, 0xcfd: 0x1123, 0xcfe: 0x1243, 0xcff: 0x147b,
+	// Block 0x34, offset 0xd00
+	0xd00: 0x15cb, 0xd01: 0x134b, 0xd02: 0x09c7, 0xd03: 0x0b3b, 0xd04: 0x10db, 0xd05: 0x119b,
+	0xd06: 0x0eff, 0xd07: 0x1033, 0xd08: 0x1397, 0xd09: 0x14e7, 0xd0a: 0x09c3, 0xd0b: 0x0a8f,
+	0xd0c: 0x0d77, 0xd0d: 0x0e2b, 0xd0e: 0x0e5f, 0xd0f: 0x1113, 0xd10: 0x113b, 0xd11: 0x14a7,
+	0xd12: 0x084f, 0xd13: 0x11a7, 0xd14: 0x07f3, 0xd15: 0x07ef, 0xd16: 0x1097, 0xd17: 0x1127,
+	0xd18: 0x125b, 0xd19: 0x14af, 0xd1a: 0x1367, 0xd1b: 0x0c27, 0xd1c: 0x0d73, 0xd1d: 0x1357,
+	0xd1e: 0x06f7, 0xd1f: 0x0a63, 0xd20: 0x0b93, 0xd21: 0x0f2f, 0xd22: 0x0faf, 0xd23: 0x0873,
+	0xd24: 0x103b, 0xd25: 0x075f, 0xd26: 0x0b77, 0xd27: 0x06d7, 0xd28: 0x0deb, 0xd29: 0x0ca3,
+	0xd2a: 0x110f, 0xd2b: 0x08c7, 0xd2c: 0x09b3, 0xd2d: 0x0ffb, 0xd2e: 0x1263, 0xd2f: 0x133b,
+	0xd30: 0x0db7, 0xd31: 0x13f7, 0xd32: 0x0de3, 0xd33: 0x0c37, 0xd34: 0x121b, 0xd35: 0x0c57,
+	0xd36: 0x0fab, 0xd37: 0x072b, 0xd38: 0x07a7, 0xd39: 0x07eb, 0xd3a: 0x0d53, 0xd3b: 0x10fb,
+	0xd3c: 0x11f3, 0xd3d: 0x1347, 0xd3e: 0x145b, 0xd3f: 0x085b,
+	// Block 0x35, offset 0xd40
+	0xd40: 0x090f, 0xd41: 0x0a17, 0xd42: 0x0b2f, 0xd43: 0x0cbf, 0xd44: 0x0e7b, 0xd45: 0x103f,
+	0xd46: 0x1497, 0xd47: 0x157b, 0xd48: 0x15cf, 0xd49: 0x15e7, 0xd4a: 0x0837, 0xd4b: 0x0cf3,
+	0xd4c: 0x0da3, 0xd4d: 0x13eb, 0xd4e: 0x0afb, 0xd4f: 0x0bd7, 0xd50: 0x0bf3, 0xd51: 0x0c83,
+	0xd52: 0x0e6b, 0xd53: 0x0eb7, 0xd54: 0x0f67, 0xd55: 0x108b, 0xd56: 0x112f, 0xd57: 0x1193,
+	0xd58: 0x13db, 0xd59: 0x126b, 0xd5a: 0x1403, 0xd5b: 0x147f, 0xd5c: 0x080f, 0xd5d: 0x083b,
+	0xd5e: 0x0923, 0xd5f: 0x0ea7, 0xd60: 0x12f3, 0xd61: 0x133b, 0xd62: 0x0b1b, 0xd63: 0x0b8b,
+	0xd64: 0x0c4f, 0xd65: 0x0daf, 0xd66: 0x10d7, 0xd67: 0x0f23, 0xd68: 0x073b, 0xd69: 0x097f,
+	0xd6a: 0x0a63, 0xd6b: 0x0ac7, 0xd6c: 0x0b97, 0xd6d: 0x0f3f, 0xd6e: 0x0f5b, 0xd6f: 0x116b,
+	0xd70: 0x118b, 0xd71: 0x1463, 0xd72: 0x14e3, 0xd73: 0x14f3, 0xd74: 0x152f, 0xd75: 0x0753,
+	0xd76: 0x107f, 0xd77: 0x144f, 0xd78: 0x14cb, 0xd79: 0x0baf, 0xd7a: 0x0717, 0xd7b: 0x0777,
+	0xd7c: 0x0a67, 0xd7d: 0x0a87, 0xd7e: 0x0caf, 0xd7f: 0x0d73,
+	// Block 0x36, offset 0xd80
+	0xd80: 0x0ec3, 0xd81: 0x0fcb, 0xd82: 0x1277, 0xd83: 0x1417, 0xd84: 0x1623, 0xd85: 0x0ce3,
+	0xd86: 0x14a3, 0xd87: 0x0833, 0xd88: 0x0d2f, 0xd89: 0x0d3b, 0xd8a: 0x0e0f, 0xd8b: 0x0e47,
+	0xd8c: 0x0f4b, 0xd8d: 0x0fa7, 0xd8e: 0x1027, 0xd8f: 0x110b, 0xd90: 0x153b, 0xd91: 0x07af,
+	0xd92: 0x0c03, 0xd93: 0x14b3, 0xd94: 0x0767, 0xd95: 0x0aab, 0xd96: 0x0e2f, 0xd97: 0x13df,
+	0xd98: 0x0b67, 0xd99: 0x0bb7, 0xd9a: 0x0d43, 0xd9b: 0x0f2f, 0xd9c: 0x14bb, 0xd9d: 0x0817,
+	0xd9e: 0x08ff, 0xd9f: 0x0a97, 0xda0: 0x0cd3, 0xda1: 0x0d1f, 0xda2: 0x0d5f, 0xda3: 0x0df3,
+	0xda4: 0x0f47, 0xda5: 0x0fbb, 0xda6: 0x1157, 0xda7: 0x12f7, 0xda8: 0x1303, 0xda9: 0x1457,
+	0xdaa: 0x14d7, 0xdab: 0x0883, 0xdac: 0x0e4b, 0xdad: 0x0903, 0xdae: 0x0ec7, 0xdaf: 0x0f6b,
+	0xdb0: 0x1287, 0xdb1: 0x14bf, 0xdb2: 0x15ab, 0xdb3: 0x15d3, 0xdb4: 0x0d37, 0xdb5: 0x0e27,
+	0xdb6: 0x11c3, 0xdb7: 0x10b7, 0xdb8: 0x10c3, 0xdb9: 0x10e7, 0xdba: 0x0f17, 0xdbb: 0x0e9f,
+	0xdbc: 0x1363, 0xdbd: 0x0733, 0xdbe: 0x122b, 0xdbf: 0x081b,
+	// Block 0x37, offset 0xdc0
+	0xdc0: 0x080b, 0xdc1: 0x0b0b, 0xdc2: 0x0c2b, 0xdc3: 0x10f3, 0xdc4: 0x0a53, 0xdc5: 0x0e03,
+	0xdc6: 0x0cef, 0xdc7: 0x13e7, 0xdc8: 0x12e7, 0xdc9: 0x14ab, 0xdca: 0x1323, 0xdcb: 0x0b27,
+	0xdcc: 0x0787, 0xdcd: 0x095b, 0xdd0: 0x09af,
+	0xdd2: 0x0cdf, 0xdd5: 0x07f7, 0xdd6: 0x0f1f, 0xdd7: 0x0fe3,
+	0xdd8: 0x1047, 0xdd9: 0x1063, 0xdda: 0x1067, 0xddb: 0x107b, 0xddc: 0x14fb, 0xddd: 0x10eb,
+	0xdde: 0x116f, 0xde0: 0x128f, 0xde2: 0x1353,
+	0xde5: 0x1407, 0xde6: 0x1433,
+	0xdea: 0x154f, 0xdeb: 0x1553, 0xdec: 0x1557, 0xded: 0x15bb, 0xdee: 0x142b, 0xdef: 0x14c7,
+	0xdf0: 0x0757, 0xdf1: 0x077b, 0xdf2: 0x078f, 0xdf3: 0x084b, 0xdf4: 0x0857, 0xdf5: 0x0897,
+	0xdf6: 0x094b, 0xdf7: 0x0967, 0xdf8: 0x096f, 0xdf9: 0x09ab, 0xdfa: 0x09b7, 0xdfb: 0x0a93,
+	0xdfc: 0x0a9b, 0xdfd: 0x0ba3, 0xdfe: 0x0bcb, 0xdff: 0x0bd3,
+	// Block 0x38, offset 0xe00
+	0xe00: 0x0beb, 0xe01: 0x0c97, 0xe02: 0x0cc7, 0xe03: 0x0ce7, 0xe04: 0x0d57, 0xe05: 0x0e1b,
+	0xe06: 0x0e37, 0xe07: 0x0e67, 0xe08: 0x0ebb, 0xe09: 0x0edb, 0xe0a: 0x0f4f, 0xe0b: 0x102f,
+	0xe0c: 0x104b, 0xe0d: 0x1053, 0xe0e: 0x104f, 0xe0f: 0x1057, 0xe10: 0x105b, 0xe11: 0x105f,
+	0xe12: 0x1073, 0xe13: 0x1077, 0xe14: 0x109b, 0xe15: 0x10af, 0xe16: 0x10cb, 0xe17: 0x112f,
+	0xe18: 0x1137, 0xe19: 0x113f, 0xe1a: 0x1153, 0xe1b: 0x117b, 0xe1c: 0x11cb, 0xe1d: 0x11ff,
+	0xe1e: 0x11ff, 0xe1f: 0x1267, 0xe20: 0x130f, 0xe21: 0x1327, 0xe22: 0x135b, 0xe23: 0x135f,
+	0xe24: 0x13a3, 0xe25: 0x13a7, 0xe26: 0x13ff, 0xe27: 0x1407, 0xe28: 0x14db, 0xe29: 0x151f,
+	0xe2a: 0x1537, 0xe2b: 0x0b9b, 0xe2c: 0x171e, 0xe2d: 0x11e3,
+	0xe30: 0x06df, 0xe31: 0x07e3, 0xe32: 0x07a3, 0xe33: 0x074b, 0xe34: 0x078b, 0xe35: 0x07b7,
+	0xe36: 0x0847, 0xe37: 0x0863, 0xe38: 0x094b, 0xe39: 0x0937, 0xe3a: 0x0947, 0xe3b: 0x0963,
+	0xe3c: 0x09af, 0xe3d: 0x09bf, 0xe3e: 0x0a03, 0xe3f: 0x0a0f,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x0a2b, 0xe41: 0x0a3b, 0xe42: 0x0b23, 0xe43: 0x0b2b, 0xe44: 0x0b5b, 0xe45: 0x0b7b,
+	0xe46: 0x0bab, 0xe47: 0x0bc3, 0xe48: 0x0bb3, 0xe49: 0x0bd3, 0xe4a: 0x0bc7, 0xe4b: 0x0beb,
+	0xe4c: 0x0c07, 0xe4d: 0x0c5f, 0xe4e: 0x0c6b, 0xe4f: 0x0c73, 0xe50: 0x0c9b, 0xe51: 0x0cdf,
+	0xe52: 0x0d0f, 0xe53: 0x0d13, 0xe54: 0x0d27, 0xe55: 0x0da7, 0xe56: 0x0db7, 0xe57: 0x0e0f,
+	0xe58: 0x0e5b, 0xe59: 0x0e53, 0xe5a: 0x0e67, 0xe5b: 0x0e83, 0xe5c: 0x0ebb, 0xe5d: 0x1013,
+	0xe5e: 0x0edf, 0xe5f: 0x0f13, 0xe60: 0x0f1f, 0xe61: 0x0f5f, 0xe62: 0x0f7b, 0xe63: 0x0f9f,
+	0xe64: 0x0fc3, 0xe65: 0x0fc7, 0xe66: 0x0fe3, 0xe67: 0x0fe7, 0xe68: 0x0ff7, 0xe69: 0x100b,
+	0xe6a: 0x1007, 0xe6b: 0x1037, 0xe6c: 0x10b3, 0xe6d: 0x10cb, 0xe6e: 0x10e3, 0xe6f: 0x111b,
+	0xe70: 0x112f, 0xe71: 0x114b, 0xe72: 0x117b, 0xe73: 0x122f, 0xe74: 0x1257, 0xe75: 0x12cb,
+	0xe76: 0x1313, 0xe77: 0x131f, 0xe78: 0x1327, 0xe79: 0x133f, 0xe7a: 0x1353, 0xe7b: 0x1343,
+	0xe7c: 0x135b, 0xe7d: 0x1357, 0xe7e: 0x134f, 0xe7f: 0x135f,
+	// Block 0x3a, offset 0xe80
+	0xe80: 0x136b, 0xe81: 0x13a7, 0xe82: 0x13e3, 0xe83: 0x1413, 0xe84: 0x144b, 0xe85: 0x146b,
+	0xe86: 0x14b7, 0xe87: 0x14db, 0xe88: 0x14fb, 0xe89: 0x150f, 0xe8a: 0x151f, 0xe8b: 0x152b,
+	0xe8c: 0x1537, 0xe8d: 0x158b, 0xe8e: 0x162b, 0xe8f: 0x16b5, 0xe90: 0x16b0, 0xe91: 0x16e2,
+	0xe92: 0x0607, 0xe93: 0x062f, 0xe94: 0x0633, 0xe95: 0x1764, 0xe96: 0x1791, 0xe97: 0x1809,
+	0xe98: 0x1617, 0xe99: 0x1627,
+	// Block 0x3b, offset 0xec0
+	0xec0: 0x19d5, 0xec1: 0x19d8, 0xec2: 0x19db, 0xec3: 0x1c08, 0xec4: 0x1c0c, 0xec5: 0x1a5f,
+	0xec6: 0x1a5f,
+	0xed3: 0x1d75, 0xed4: 0x1d66, 0xed5: 0x1d6b, 0xed6: 0x1d7a, 0xed7: 0x1d70,
+	0xedd: 0x4390,
+	0xede: 0x8115, 0xedf: 0x4402, 0xee0: 0x022d, 0xee1: 0x0215, 0xee2: 0x021e, 0xee3: 0x0221,
+	0xee4: 0x0224, 0xee5: 0x0227, 0xee6: 0x022a, 0xee7: 0x0230, 0xee8: 0x0233, 0xee9: 0x0017,
+	0xeea: 0x43f0, 0xeeb: 0x43f6, 0xeec: 0x44f4, 0xeed: 0x44fc, 0xeee: 0x4348, 0xeef: 0x434e,
+	0xef0: 0x4354, 0xef1: 0x435a, 0xef2: 0x4366, 0xef3: 0x436c, 0xef4: 0x4372, 0xef5: 0x437e,
+	0xef6: 0x4384, 0xef8: 0x438a, 0xef9: 0x4396, 0xefa: 0x439c, 0xefb: 0x43a2,
+	0xefc: 0x43ae, 0xefe: 0x43b4,
+	// Block 0x3c, offset 0xf00
+	0xf00: 0x43ba, 0xf01: 0x43c0, 0xf03: 0x43c6, 0xf04: 0x43cc,
+	0xf06: 0x43d8, 0xf07: 0x43de, 0xf08: 0x43e4, 0xf09: 0x43ea, 0xf0a: 0x43fc, 0xf0b: 0x4378,
+	0xf0c: 0x4360, 0xf0d: 0x43a8, 0xf0e: 0x43d2, 0xf0f: 0x1d7f, 0xf10: 0x0299, 0xf11: 0x0299,
+	0xf12: 0x02a2, 0xf13: 0x02a2, 0xf14: 0x02a2, 0xf15: 0x02a2, 0xf16: 0x02a5, 0xf17: 0x02a5,
+	0xf18: 0x02a5, 0xf19: 0x02a5, 0xf1a: 0x02ab, 0xf1b: 0x02ab, 0xf1c: 0x02ab, 0xf1d: 0x02ab,
+	0xf1e: 0x029f, 0xf1f: 0x029f, 0xf20: 0x029f, 0xf21: 0x029f, 0xf22: 0x02a8, 0xf23: 0x02a8,
+	0xf24: 0x02a8, 0xf25: 0x02a8, 0xf26: 0x029c, 0xf27: 0x029c, 0xf28: 0x029c, 0xf29: 0x029c,
+	0xf2a: 0x02cf, 0xf2b: 0x02cf, 0xf2c: 0x02cf, 0xf2d: 0x02cf, 0xf2e: 0x02d2, 0xf2f: 0x02d2,
+	0xf30: 0x02d2, 0xf31: 0x02d2, 0xf32: 0x02b1, 0xf33: 0x02b1, 0xf34: 0x02b1, 0xf35: 0x02b1,
+	0xf36: 0x02ae, 0xf37: 0x02ae, 0xf38: 0x02ae, 0xf39: 0x02ae, 0xf3a: 0x02b4, 0xf3b: 0x02b4,
+	0xf3c: 0x02b4, 0xf3d: 0x02b4, 0xf3e: 0x02b7, 0xf3f: 0x02b7,
+	// Block 0x3d, offset 0xf40
+	0xf40: 0x02b7, 0xf41: 0x02b7, 0xf42: 0x02c0, 0xf43: 0x02c0, 0xf44: 0x02bd, 0xf45: 0x02bd,
+	0xf46: 0x02c3, 0xf47: 0x02c3, 0xf48: 0x02ba, 0xf49: 0x02ba, 0xf4a: 0x02c9, 0xf4b: 0x02c9,
+	0xf4c: 0x02c6, 0xf4d: 0x02c6, 0xf4e: 0x02d5, 0xf4f: 0x02d5, 0xf50: 0x02d5, 0xf51: 0x02d5,
+	0xf52: 0x02db, 0xf53: 0x02db, 0xf54: 0x02db, 0xf55: 0x02db, 0xf56: 0x02e1, 0xf57: 0x02e1,
+	0xf58: 0x02e1, 0xf59: 0x02e1, 0xf5a: 0x02de, 0xf5b: 0x02de, 0xf5c: 0x02de, 0xf5d: 0x02de,
+	0xf5e: 0x02e4, 0xf5f: 0x02e4, 0xf60: 0x02e7, 0xf61: 0x02e7, 0xf62: 0x02e7, 0xf63: 0x02e7,
+	0xf64: 0x446e, 0xf65: 0x446e, 0xf66: 0x02ed, 0xf67: 0x02ed, 0xf68: 0x02ed, 0xf69: 0x02ed,
+	0xf6a: 0x02ea, 0xf6b: 0x02ea, 0xf6c: 0x02ea, 0xf6d: 0x02ea, 0xf6e: 0x0308, 0xf6f: 0x0308,
+	0xf70: 0x4468, 0xf71: 0x4468,
+	// Block 0x3e, offset 0xf80
+	0xf93: 0x02d8, 0xf94: 0x02d8, 0xf95: 0x02d8, 0xf96: 0x02d8, 0xf97: 0x02f6,
+	0xf98: 0x02f6, 0xf99: 0x02f3, 0xf9a: 0x02f3, 0xf9b: 0x02f9, 0xf9c: 0x02f9, 0xf9d: 0x204f,
+	0xf9e: 0x02ff, 0xf9f: 0x02ff, 0xfa0: 0x02f0, 0xfa1: 0x02f0, 0xfa2: 0x02fc, 0xfa3: 0x02fc,
+	0xfa4: 0x0305, 0xfa5: 0x0305, 0xfa6: 0x0305, 0xfa7: 0x0305, 0xfa8: 0x028d, 0xfa9: 0x028d,
+	0xfaa: 0x25aa, 0xfab: 0x25aa, 0xfac: 0x261a, 0xfad: 0x261a, 0xfae: 0x25e9, 0xfaf: 0x25e9,
+	0xfb0: 0x2605, 0xfb1: 0x2605, 0xfb2: 0x25fe, 0xfb3: 0x25fe, 0xfb4: 0x260c, 0xfb5: 0x260c,
+	0xfb6: 0x2613, 0xfb7: 0x2613, 0xfb8: 0x2613, 0xfb9: 0x25f0, 0xfba: 0x25f0, 0xfbb: 0x25f0,
+	0xfbc: 0x0302, 0xfbd: 0x0302, 0xfbe: 0x0302, 0xfbf: 0x0302,
+	// Block 0x3f, offset 0xfc0
+	0xfc0: 0x25b1, 0xfc1: 0x25b8, 0xfc2: 0x25d4, 0xfc3: 0x25f0, 0xfc4: 0x25f7, 0xfc5: 0x1d89,
+	0xfc6: 0x1d8e, 0xfc7: 0x1d93, 0xfc8: 0x1da2, 0xfc9: 0x1db1, 0xfca: 0x1db6, 0xfcb: 0x1dbb,
+	0xfcc: 0x1dc0, 0xfcd: 0x1dc5, 0xfce: 0x1dd4, 0xfcf: 0x1de3, 0xfd0: 0x1de8, 0xfd1: 0x1ded,
+	0xfd2: 0x1dfc, 0xfd3: 0x1e0b, 0xfd4: 0x1e10, 0xfd5: 0x1e15, 0xfd6: 0x1e1a, 0xfd7: 0x1e29,
+	0xfd8: 0x1e2e, 0xfd9: 0x1e3d, 0xfda: 0x1e42, 0xfdb: 0x1e47, 0xfdc: 0x1e56, 0xfdd: 0x1e5b,
+	0xfde: 0x1e60, 0xfdf: 0x1e6a, 0xfe0: 0x1ea6, 0xfe1: 0x1eb5, 0xfe2: 0x1ec4, 0xfe3: 0x1ec9,
+	0xfe4: 0x1ece, 0xfe5: 0x1ed8, 0xfe6: 0x1ee7, 0xfe7: 0x1eec, 0xfe8: 0x1efb, 0xfe9: 0x1f00,
+	0xfea: 0x1f05, 0xfeb: 0x1f14, 0xfec: 0x1f19, 0xfed: 0x1f28, 0xfee: 0x1f2d, 0xfef: 0x1f32,
+	0xff0: 0x1f37, 0xff1: 0x1f3c, 0xff2: 0x1f41, 0xff3: 0x1f46, 0xff4: 0x1f4b, 0xff5: 0x1f50,
+	0xff6: 0x1f55, 0xff7: 0x1f5a, 0xff8: 0x1f5f, 0xff9: 0x1f64, 0xffa: 0x1f69, 0xffb: 0x1f6e,
+	0xffc: 0x1f73, 0xffd: 0x1f78, 0xffe: 0x1f7d, 0xfff: 0x1f87,
+	// Block 0x40, offset 0x1000
+	0x1000: 0x1f8c, 0x1001: 0x1f91, 0x1002: 0x1f96, 0x1003: 0x1fa0, 0x1004: 0x1fa5, 0x1005: 0x1faf,
+	0x1006: 0x1fb4, 0x1007: 0x1fb9, 0x1008: 0x1fbe, 0x1009: 0x1fc3, 0x100a: 0x1fc8, 0x100b: 0x1fcd,
+	0x100c: 0x1fd2, 0x100d: 0x1fd7, 0x100e: 0x1fe6, 0x100f: 0x1ff5, 0x1010: 0x1ffa, 0x1011: 0x1fff,
+	0x1012: 0x2004, 0x1013: 0x2009, 0x1014: 0x200e, 0x1015: 0x2018, 0x1016: 0x201d, 0x1017: 0x2022,
+	0x1018: 0x2031, 0x1019: 0x2040, 0x101a: 0x2045, 0x101b: 0x4420, 0x101c: 0x4426, 0x101d: 0x445c,
+	0x101e: 0x44b3, 0x101f: 0x44ba, 0x1020: 0x44c1, 0x1021: 0x44c8, 0x1022: 0x44cf, 0x1023: 0x44d6,
+	0x1024: 0x25c6, 0x1025: 0x25cd, 0x1026: 0x25d4, 0x1027: 0x25db, 0x1028: 0x25f0, 0x1029: 0x25f7,
+	0x102a: 0x1d98, 0x102b: 0x1d9d, 0x102c: 0x1da2, 0x102d: 0x1da7, 0x102e: 0x1db1, 0x102f: 0x1db6,
+	0x1030: 0x1dca, 0x1031: 0x1dcf, 0x1032: 0x1dd4, 0x1033: 0x1dd9, 0x1034: 0x1de3, 0x1035: 0x1de8,
+	0x1036: 0x1df2, 0x1037: 0x1df7, 0x1038: 0x1dfc, 0x1039: 0x1e01, 0x103a: 0x1e0b, 0x103b: 0x1e10,
+	0x103c: 0x1f3c, 0x103d: 0x1f41, 0x103e: 0x1f50, 0x103f: 0x1f55,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x1f5a, 0x1041: 0x1f6e, 0x1042: 0x1f73, 0x1043: 0x1f78, 0x1044: 0x1f7d, 0x1045: 0x1f96,
+	0x1046: 0x1fa0, 0x1047: 0x1fa5, 0x1048: 0x1faa, 0x1049: 0x1fbe, 0x104a: 0x1fdc, 0x104b: 0x1fe1,
+	0x104c: 0x1fe6, 0x104d: 0x1feb, 0x104e: 0x1ff5, 0x104f: 0x1ffa, 0x1050: 0x445c, 0x1051: 0x2027,
+	0x1052: 0x202c, 0x1053: 0x2031, 0x1054: 0x2036, 0x1055: 0x2040, 0x1056: 0x2045, 0x1057: 0x25b1,
+	0x1058: 0x25b8, 0x1059: 0x25bf, 0x105a: 0x25d4, 0x105b: 0x25e2, 0x105c: 0x1d89, 0x105d: 0x1d8e,
+	0x105e: 0x1d93, 0x105f: 0x1da2, 0x1060: 0x1dac, 0x1061: 0x1dbb, 0x1062: 0x1dc0, 0x1063: 0x1dc5,
+	0x1064: 0x1dd4, 0x1065: 0x1dde, 0x1066: 0x1dfc, 0x1067: 0x1e15, 0x1068: 0x1e1a, 0x1069: 0x1e29,
+	0x106a: 0x1e2e, 0x106b: 0x1e3d, 0x106c: 0x1e47, 0x106d: 0x1e56, 0x106e: 0x1e5b, 0x106f: 0x1e60,
+	0x1070: 0x1e6a, 0x1071: 0x1ea6, 0x1072: 0x1eab, 0x1073: 0x1eb5, 0x1074: 0x1ec4, 0x1075: 0x1ec9,
+	0x1076: 0x1ece, 0x1077: 0x1ed8, 0x1078: 0x1ee7, 0x1079: 0x1efb, 0x107a: 0x1f00, 0x107b: 0x1f05,
+	0x107c: 0x1f14, 0x107d: 0x1f19, 0x107e: 0x1f28, 0x107f: 0x1f2d,
+	// Block 0x42, offset 0x1080
+	0x1080: 0x1f32, 0x1081: 0x1f37, 0x1082: 0x1f46, 0x1083: 0x1f4b, 0x1084: 0x1f5f, 0x1085: 0x1f64,
+	0x1086: 0x1f69, 0x1087: 0x1f6e, 0x1088: 0x1f73, 0x1089: 0x1f87, 0x108a: 0x1f8c, 0x108b: 0x1f91,
+	0x108c: 0x1f96, 0x108d: 0x1f9b, 0x108e: 0x1faf, 0x108f: 0x1fb4, 0x1090: 0x1fb9, 0x1091: 0x1fbe,
+	0x1092: 0x1fcd, 0x1093: 0x1fd2, 0x1094: 0x1fd7, 0x1095: 0x1fe6, 0x1096: 0x1ff0, 0x1097: 0x1fff,
+	0x1098: 0x2004, 0x1099: 0x4450, 0x109a: 0x2018, 0x109b: 0x201d, 0x109c: 0x2022, 0x109d: 0x2031,
+	0x109e: 0x203b, 0x109f: 0x25d4, 0x10a0: 0x25e2, 0x10a1: 0x1da2, 0x10a2: 0x1dac, 0x10a3: 0x1dd4,
+	0x10a4: 0x1dde, 0x10a5: 0x1dfc, 0x10a6: 0x1e06, 0x10a7: 0x1e6a, 0x10a8: 0x1e6f, 0x10a9: 0x1e92,
+	0x10aa: 0x1e97, 0x10ab: 0x1f6e, 0x10ac: 0x1f73, 0x10ad: 0x1f96, 0x10ae: 0x1fe6, 0x10af: 0x1ff0,
+	0x10b0: 0x2031, 0x10b1: 0x203b, 0x10b2: 0x4504, 0x10b3: 0x450c, 0x10b4: 0x4514, 0x10b5: 0x1ef1,
+	0x10b6: 0x1ef6, 0x10b7: 0x1f0a, 0x10b8: 0x1f0f, 0x10b9: 0x1f1e, 0x10ba: 0x1f23, 0x10bb: 0x1e74,
+	0x10bc: 0x1e79, 0x10bd: 0x1e9c, 0x10be: 0x1ea1, 0x10bf: 0x1e33,
+	// Block 0x43, offset 0x10c0
+	0x10c0: 0x1e38, 0x10c1: 0x1e1f, 0x10c2: 0x1e24, 0x10c3: 0x1e4c, 0x10c4: 0x1e51, 0x10c5: 0x1eba,
+	0x10c6: 0x1ebf, 0x10c7: 0x1edd, 0x10c8: 0x1ee2, 0x10c9: 0x1e7e, 0x10ca: 0x1e83, 0x10cb: 0x1e88,
+	0x10cc: 0x1e92, 0x10cd: 0x1e8d, 0x10ce: 0x1e65, 0x10cf: 0x1eb0, 0x10d0: 0x1ed3, 0x10d1: 0x1ef1,
+	0x10d2: 0x1ef6, 0x10d3: 0x1f0a, 0x10d4: 0x1f0f, 0x10d5: 0x1f1e, 0x10d6: 0x1f23, 0x10d7: 0x1e74,
+	0x10d8: 0x1e79, 0x10d9: 0x1e9c, 0x10da: 0x1ea1, 0x10db: 0x1e33, 0x10dc: 0x1e38, 0x10dd: 0x1e1f,
+	0x10de: 0x1e24, 0x10df: 0x1e4c, 0x10e0: 0x1e51, 0x10e1: 0x1eba, 0x10e2: 0x1ebf, 0x10e3: 0x1edd,
+	0x10e4: 0x1ee2, 0x10e5: 0x1e7e, 0x10e6: 0x1e83, 0x10e7: 0x1e88, 0x10e8: 0x1e92, 0x10e9: 0x1e8d,
+	0x10ea: 0x1e65, 0x10eb: 0x1eb0, 0x10ec: 0x1ed3, 0x10ed: 0x1e7e, 0x10ee: 0x1e83, 0x10ef: 0x1e88,
+	0x10f0: 0x1e92, 0x10f1: 0x1e6f, 0x10f2: 0x1e97, 0x10f3: 0x1eec, 0x10f4: 0x1e56, 0x10f5: 0x1e5b,
+	0x10f6: 0x1e60, 0x10f7: 0x1e7e, 0x10f8: 0x1e83, 0x10f9: 0x1e88, 0x10fa: 0x1eec, 0x10fb: 0x1efb,
+	0x10fc: 0x4408, 0x10fd: 0x4408,
+	// Block 0x44, offset 0x1100
+	0x1110: 0x2311, 0x1111: 0x2326,
+	0x1112: 0x2326, 0x1113: 0x232d, 0x1114: 0x2334, 0x1115: 0x2349, 0x1116: 0x2350, 0x1117: 0x2357,
+	0x1118: 0x237a, 0x1119: 0x237a, 0x111a: 0x239d, 0x111b: 0x2396, 0x111c: 0x23b2, 0x111d: 0x23a4,
+	0x111e: 0x23ab, 0x111f: 0x23ce, 0x1120: 0x23ce, 0x1121: 0x23c7, 0x1122: 0x23d5, 0x1123: 0x23d5,
+	0x1124: 0x23ff, 0x1125: 0x23ff, 0x1126: 0x241b, 0x1127: 0x23e3, 0x1128: 0x23e3, 0x1129: 0x23dc,
+	0x112a: 0x23f1, 0x112b: 0x23f1, 0x112c: 0x23f8, 0x112d: 0x23f8, 0x112e: 0x2422, 0x112f: 0x2430,
+	0x1130: 0x2430, 0x1131: 0x2437, 0x1132: 0x2437, 0x1133: 0x243e, 0x1134: 0x2445, 0x1135: 0x244c,
+	0x1136: 0x2453, 0x1137: 0x2453, 0x1138: 0x245a, 0x1139: 0x2468, 0x113a: 0x2476, 0x113b: 0x246f,
+	0x113c: 0x247d, 0x113d: 0x247d, 0x113e: 0x2492, 0x113f: 0x2499,
+	// Block 0x45, offset 0x1140
+	0x1140: 0x24ca, 0x1141: 0x24d8, 0x1142: 0x24d1, 0x1143: 0x24b5, 0x1144: 0x24b5, 0x1145: 0x24df,
+	0x1146: 0x24df, 0x1147: 0x24e6, 0x1148: 0x24e6, 0x1149: 0x2510, 0x114a: 0x2517, 0x114b: 0x251e,
+	0x114c: 0x24f4, 0x114d: 0x2502, 0x114e: 0x2525, 0x114f: 0x252c,
+	0x1152: 0x24fb, 0x1153: 0x2580, 0x1154: 0x2587, 0x1155: 0x255d, 0x1156: 0x2564, 0x1157: 0x2548,
+	0x1158: 0x2548, 0x1159: 0x254f, 0x115a: 0x2579, 0x115b: 0x2572, 0x115c: 0x259c, 0x115d: 0x259c,
+	0x115e: 0x230a, 0x115f: 0x231f, 0x1160: 0x2318, 0x1161: 0x2342, 0x1162: 0x233b, 0x1163: 0x2365,
+	0x1164: 0x235e, 0x1165: 0x2388, 0x1166: 0x236c, 0x1167: 0x2381, 0x1168: 0x23b9, 0x1169: 0x2406,
+	0x116a: 0x23ea, 0x116b: 0x2429, 0x116c: 0x24c3, 0x116d: 0x24ed, 0x116e: 0x2595, 0x116f: 0x258e,
+	0x1170: 0x25a3, 0x1171: 0x253a, 0x1172: 0x24a0, 0x1173: 0x256b, 0x1174: 0x2492, 0x1175: 0x24ca,
+	0x1176: 0x2461, 0x1177: 0x24ae, 0x1178: 0x2541, 0x1179: 0x2533, 0x117a: 0x24bc, 0x117b: 0x24a7,
+	0x117c: 0x24bc, 0x117d: 0x2541, 0x117e: 0x2373, 0x117f: 0x238f,
+	// Block 0x46, offset 0x1180
+	0x1180: 0x2509, 0x1181: 0x2484, 0x1182: 0x2303, 0x1183: 0x24a7, 0x1184: 0x244c, 0x1185: 0x241b,
+	0x1186: 0x23c0, 0x1187: 0x2556,
+	0x11b0: 0x2414, 0x11b1: 0x248b, 0x11b2: 0x27bf, 0x11b3: 0x27b6, 0x11b4: 0x27ec, 0x11b5: 0x27da,
+	0x11b6: 0x27c8, 0x11b7: 0x27e3, 0x11b8: 0x27f5, 0x11b9: 0x240d, 0x11ba: 0x2c7c, 0x11bb: 0x2afc,
+	0x11bc: 0x27d1,
+	// Block 0x47, offset 0x11c0
+	0x11d0: 0x0019, 0x11d1: 0x0483,
+	0x11d2: 0x0487, 0x11d3: 0x0035, 0x11d4: 0x0037, 0x11d5: 0x0003, 0x11d6: 0x003f, 0x11d7: 0x04bf,
+	0x11d8: 0x04c3, 0x11d9: 0x1b5c,
+	0x11e0: 0x8132, 0x11e1: 0x8132, 0x11e2: 0x8132, 0x11e3: 0x8132,
+	0x11e4: 0x8132, 0x11e5: 0x8132, 0x11e6: 0x8132, 0x11e7: 0x812d, 0x11e8: 0x812d, 0x11e9: 0x812d,
+	0x11ea: 0x812d, 0x11eb: 0x812d, 0x11ec: 0x812d, 0x11ed: 0x812d, 0x11ee: 0x8132, 0x11ef: 0x8132,
+	0x11f0: 0x1873, 0x11f1: 0x0443, 0x11f2: 0x043f, 0x11f3: 0x007f, 0x11f4: 0x007f, 0x11f5: 0x0011,
+	0x11f6: 0x0013, 0x11f7: 0x00b7, 0x11f8: 0x00bb, 0x11f9: 0x04b7, 0x11fa: 0x04bb, 0x11fb: 0x04ab,
+	0x11fc: 0x04af, 0x11fd: 0x0493, 0x11fe: 0x0497, 0x11ff: 0x048b,
+	// Block 0x48, offset 0x1200
+	0x1200: 0x048f, 0x1201: 0x049b, 0x1202: 0x049f, 0x1203: 0x04a3, 0x1204: 0x04a7,
+	0x1207: 0x0077, 0x1208: 0x007b, 0x1209: 0x4269, 0x120a: 0x4269, 0x120b: 0x4269,
+	0x120c: 0x4269, 0x120d: 0x007f, 0x120e: 0x007f, 0x120f: 0x007f, 0x1210: 0x0019, 0x1211: 0x0483,
+	0x1212: 0x001d, 0x1214: 0x0037, 0x1215: 0x0035, 0x1216: 0x003f, 0x1217: 0x0003,
+	0x1218: 0x0443, 0x1219: 0x0011, 0x121a: 0x0013, 0x121b: 0x00b7, 0x121c: 0x00bb, 0x121d: 0x04b7,
+	0x121e: 0x04bb, 0x121f: 0x0007, 0x1220: 0x000d, 0x1221: 0x0015, 0x1222: 0x0017, 0x1223: 0x001b,
+	0x1224: 0x0039, 0x1225: 0x003d, 0x1226: 0x003b, 0x1228: 0x0079, 0x1229: 0x0009,
+	0x122a: 0x000b, 0x122b: 0x0041,
+	0x1230: 0x42aa, 0x1231: 0x442c, 0x1232: 0x42af, 0x1234: 0x42b4,
+	0x1236: 0x42b9, 0x1237: 0x4432, 0x1238: 0x42be, 0x1239: 0x4438, 0x123a: 0x42c3, 0x123b: 0x443e,
+	0x123c: 0x42c8, 0x123d: 0x4444, 0x123e: 0x42cd, 0x123f: 0x444a,
+	// Block 0x49, offset 0x1240
+	0x1240: 0x0236, 0x1241: 0x440e, 0x1242: 0x440e, 0x1243: 0x4414, 0x1244: 0x4414, 0x1245: 0x4456,
+	0x1246: 0x4456, 0x1247: 0x441a, 0x1248: 0x441a, 0x1249: 0x4462, 0x124a: 0x4462, 0x124b: 0x4462,
+	0x124c: 0x4462, 0x124d: 0x0239, 0x124e: 0x0239, 0x124f: 0x023c, 0x1250: 0x023c, 0x1251: 0x023c,
+	0x1252: 0x023c, 0x1253: 0x023f, 0x1254: 0x023f, 0x1255: 0x0242, 0x1256: 0x0242, 0x1257: 0x0242,
+	0x1258: 0x0242, 0x1259: 0x0245, 0x125a: 0x0245, 0x125b: 0x0245, 0x125c: 0x0245, 0x125d: 0x0248,
+	0x125e: 0x0248, 0x125f: 0x0248, 0x1260: 0x0248, 0x1261: 0x024b, 0x1262: 0x024b, 0x1263: 0x024b,
+	0x1264: 0x024b, 0x1265: 0x024e, 0x1266: 0x024e, 0x1267: 0x024e, 0x1268: 0x024e, 0x1269: 0x0251,
+	0x126a: 0x0251, 0x126b: 0x0254, 0x126c: 0x0254, 0x126d: 0x0257, 0x126e: 0x0257, 0x126f: 0x025a,
+	0x1270: 0x025a, 0x1271: 0x025d, 0x1272: 0x025d, 0x1273: 0x025d, 0x1274: 0x025d, 0x1275: 0x0260,
+	0x1276: 0x0260, 0x1277: 0x0260, 0x1278: 0x0260, 0x1279: 0x0263, 0x127a: 0x0263, 0x127b: 0x0263,
+	0x127c: 0x0263, 0x127d: 0x0266, 0x127e: 0x0266, 0x127f: 0x0266,
+	// Block 0x4a, offset 0x1280
+	0x1280: 0x0266, 0x1281: 0x0269, 0x1282: 0x0269, 0x1283: 0x0269, 0x1284: 0x0269, 0x1285: 0x026c,
+	0x1286: 0x026c, 0x1287: 0x026c, 0x1288: 0x026c, 0x1289: 0x026f, 0x128a: 0x026f, 0x128b: 0x026f,
+	0x128c: 0x026f, 0x128d: 0x0272, 0x128e: 0x0272, 0x128f: 0x0272, 0x1290: 0x0272, 0x1291: 0x0275,
+	0x1292: 0x0275, 0x1293: 0x0275, 0x1294: 0x0275, 0x1295: 0x0278, 0x1296: 0x0278, 0x1297: 0x0278,
+	0x1298: 0x0278, 0x1299: 0x027b, 0x129a: 0x027b, 0x129b: 0x027b, 0x129c: 0x027b, 0x129d: 0x027e,
+	0x129e: 0x027e, 0x129f: 0x027e, 0x12a0: 0x027e, 0x12a1: 0x0281, 0x12a2: 0x0281, 0x12a3: 0x0281,
+	0x12a4: 0x0281, 0x12a5: 0x0284, 0x12a6: 0x0284, 0x12a7: 0x0284, 0x12a8: 0x0284, 0x12a9: 0x0287,
+	0x12aa: 0x0287, 0x12ab: 0x0287, 0x12ac: 0x0287, 0x12ad: 0x028a, 0x12ae: 0x028a, 0x12af: 0x028d,
+	0x12b0: 0x028d, 0x12b1: 0x0290, 0x12b2: 0x0290, 0x12b3: 0x0290, 0x12b4: 0x0290, 0x12b5: 0x2e00,
+	0x12b6: 0x2e00, 0x12b7: 0x2e08, 0x12b8: 0x2e08, 0x12b9: 0x2e10, 0x12ba: 0x2e10, 0x12bb: 0x1f82,
+	0x12bc: 0x1f82,
+	// Block 0x4b, offset 0x12c0
+	0x12c0: 0x0081, 0x12c1: 0x0083, 0x12c2: 0x0085, 0x12c3: 0x0087, 0x12c4: 0x0089, 0x12c5: 0x008b,
+	0x12c6: 0x008d, 0x12c7: 0x008f, 0x12c8: 0x0091, 0x12c9: 0x0093, 0x12ca: 0x0095, 0x12cb: 0x0097,
+	0x12cc: 0x0099, 0x12cd: 0x009b, 0x12ce: 0x009d, 0x12cf: 0x009f, 0x12d0: 0x00a1, 0x12d1: 0x00a3,
+	0x12d2: 0x00a5, 0x12d3: 0x00a7, 0x12d4: 0x00a9, 0x12d5: 0x00ab, 0x12d6: 0x00ad, 0x12d7: 0x00af,
+	0x12d8: 0x00b1, 0x12d9: 0x00b3, 0x12da: 0x00b5, 0x12db: 0x00b7, 0x12dc: 0x00b9, 0x12dd: 0x00bb,
+	0x12de: 0x00bd, 0x12df: 0x0477, 0x12e0: 0x047b, 0x12e1: 0x0487, 0x12e2: 0x049b, 0x12e3: 0x049f,
+	0x12e4: 0x0483, 0x12e5: 0x05ab, 0x12e6: 0x05a3, 0x12e7: 0x04c7, 0x12e8: 0x04cf, 0x12e9: 0x04d7,
+	0x12ea: 0x04df, 0x12eb: 0x04e7, 0x12ec: 0x056b, 0x12ed: 0x0573, 0x12ee: 0x057b, 0x12ef: 0x051f,
+	0x12f0: 0x05af, 0x12f1: 0x04cb, 0x12f2: 0x04d3, 0x12f3: 0x04db, 0x12f4: 0x04e3, 0x12f5: 0x04eb,
+	0x12f6: 0x04ef, 0x12f7: 0x04f3, 0x12f8: 0x04f7, 0x12f9: 0x04fb, 0x12fa: 0x04ff, 0x12fb: 0x0503,
+	0x12fc: 0x0507, 0x12fd: 0x050b, 0x12fe: 0x050f, 0x12ff: 0x0513,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x0517, 0x1301: 0x051b, 0x1302: 0x0523, 0x1303: 0x0527, 0x1304: 0x052b, 0x1305: 0x052f,
+	0x1306: 0x0533, 0x1307: 0x0537, 0x1308: 0x053b, 0x1309: 0x053f, 0x130a: 0x0543, 0x130b: 0x0547,
+	0x130c: 0x054b, 0x130d: 0x054f, 0x130e: 0x0553, 0x130f: 0x0557, 0x1310: 0x055b, 0x1311: 0x055f,
+	0x1312: 0x0563, 0x1313: 0x0567, 0x1314: 0x056f, 0x1315: 0x0577, 0x1316: 0x057f, 0x1317: 0x0583,
+	0x1318: 0x0587, 0x1319: 0x058b, 0x131a: 0x058f, 0x131b: 0x0593, 0x131c: 0x0597, 0x131d: 0x05a7,
+	0x131e: 0x4a78, 0x131f: 0x4a7e, 0x1320: 0x03c3, 0x1321: 0x0313, 0x1322: 0x0317, 0x1323: 0x4a3b,
+	0x1324: 0x031b, 0x1325: 0x4a41, 0x1326: 0x4a47, 0x1327: 0x031f, 0x1328: 0x0323, 0x1329: 0x0327,
+	0x132a: 0x4a4d, 0x132b: 0x4a53, 0x132c: 0x4a59, 0x132d: 0x4a5f, 0x132e: 0x4a65, 0x132f: 0x4a6b,
+	0x1330: 0x0367, 0x1331: 0x032b, 0x1332: 0x032f, 0x1333: 0x0333, 0x1334: 0x037b, 0x1335: 0x0337,
+	0x1336: 0x033b, 0x1337: 0x033f, 0x1338: 0x0343, 0x1339: 0x0347, 0x133a: 0x034b, 0x133b: 0x034f,
+	0x133c: 0x0353, 0x133d: 0x0357, 0x133e: 0x035b,
+	// Block 0x4d, offset 0x1340
+	0x1342: 0x49bd, 0x1343: 0x49c3, 0x1344: 0x49c9, 0x1345: 0x49cf,
+	0x1346: 0x49d5, 0x1347: 0x49db, 0x134a: 0x49e1, 0x134b: 0x49e7,
+	0x134c: 0x49ed, 0x134d: 0x49f3, 0x134e: 0x49f9, 0x134f: 0x49ff,
+	0x1352: 0x4a05, 0x1353: 0x4a0b, 0x1354: 0x4a11, 0x1355: 0x4a17, 0x1356: 0x4a1d, 0x1357: 0x4a23,
+	0x135a: 0x4a29, 0x135b: 0x4a2f, 0x135c: 0x4a35,
+	0x1360: 0x00bf, 0x1361: 0x00c2, 0x1362: 0x00cb, 0x1363: 0x4264,
+	0x1364: 0x00c8, 0x1365: 0x00c5, 0x1366: 0x0447, 0x1368: 0x046b, 0x1369: 0x044b,
+	0x136a: 0x044f, 0x136b: 0x0453, 0x136c: 0x0457, 0x136d: 0x046f, 0x136e: 0x0473,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x0063, 0x1381: 0x0065, 0x1382: 0x0067, 0x1383: 0x0069, 0x1384: 0x006b, 0x1385: 0x006d,
+	0x1386: 0x006f, 0x1387: 0x0071, 0x1388: 0x0073, 0x1389: 0x0075, 0x138a: 0x0083, 0x138b: 0x0085,
+	0x138c: 0x0087, 0x138d: 0x0089, 0x138e: 0x008b, 0x138f: 0x008d, 0x1390: 0x008f, 0x1391: 0x0091,
+	0x1392: 0x0093, 0x1393: 0x0095, 0x1394: 0x0097, 0x1395: 0x0099, 0x1396: 0x009b, 0x1397: 0x009d,
+	0x1398: 0x009f, 0x1399: 0x00a1, 0x139a: 0x00a3, 0x139b: 0x00a5, 0x139c: 0x00a7, 0x139d: 0x00a9,
+	0x139e: 0x00ab, 0x139f: 0x00ad, 0x13a0: 0x00af, 0x13a1: 0x00b1, 0x13a2: 0x00b3, 0x13a3: 0x00b5,
+	0x13a4: 0x00dd, 0x13a5: 0x00f2, 0x13a8: 0x0173, 0x13a9: 0x0176,
+	0x13aa: 0x0179, 0x13ab: 0x017c, 0x13ac: 0x017f, 0x13ad: 0x0182, 0x13ae: 0x0185, 0x13af: 0x0188,
+	0x13b0: 0x018b, 0x13b1: 0x018e, 0x13b2: 0x0191, 0x13b3: 0x0194, 0x13b4: 0x0197, 0x13b5: 0x019a,
+	0x13b6: 0x019d, 0x13b7: 0x01a0, 0x13b8: 0x01a3, 0x13b9: 0x0188, 0x13ba: 0x01a6, 0x13bb: 0x01a9,
+	0x13bc: 0x01ac, 0x13bd: 0x01af, 0x13be: 0x01b2, 0x13bf: 0x01b5,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x01fd, 0x13c1: 0x0200, 0x13c2: 0x0203, 0x13c3: 0x045b, 0x13c4: 0x01c7, 0x13c5: 0x01d0,
+	0x13c6: 0x01d6, 0x13c7: 0x01fa, 0x13c8: 0x01eb, 0x13c9: 0x01e8, 0x13ca: 0x0206, 0x13cb: 0x0209,
+	0x13ce: 0x0021, 0x13cf: 0x0023, 0x13d0: 0x0025, 0x13d1: 0x0027,
+	0x13d2: 0x0029, 0x13d3: 0x002b, 0x13d4: 0x002d, 0x13d5: 0x002f, 0x13d6: 0x0031, 0x13d7: 0x0033,
+	0x13d8: 0x0021, 0x13d9: 0x0023, 0x13da: 0x0025, 0x13db: 0x0027, 0x13dc: 0x0029, 0x13dd: 0x002b,
+	0x13de: 0x002d, 0x13df: 0x002f, 0x13e0: 0x0031, 0x13e1: 0x0033, 0x13e2: 0x0021, 0x13e3: 0x0023,
+	0x13e4: 0x0025, 0x13e5: 0x0027, 0x13e6: 0x0029, 0x13e7: 0x002b, 0x13e8: 0x002d, 0x13e9: 0x002f,
+	0x13ea: 0x0031, 0x13eb: 0x0033, 0x13ec: 0x0021, 0x13ed: 0x0023, 0x13ee: 0x0025, 0x13ef: 0x0027,
+	0x13f0: 0x0029, 0x13f1: 0x002b, 0x13f2: 0x002d, 0x13f3: 0x002f, 0x13f4: 0x0031, 0x13f5: 0x0033,
+	0x13f6: 0x0021, 0x13f7: 0x0023, 0x13f8: 0x0025, 0x13f9: 0x0027, 0x13fa: 0x0029, 0x13fb: 0x002b,
+	0x13fc: 0x002d, 0x13fd: 0x002f, 0x13fe: 0x0031, 0x13ff: 0x0033,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x0239, 0x1401: 0x023c, 0x1402: 0x0248, 0x1403: 0x0251, 0x1405: 0x028a,
+	0x1406: 0x025a, 0x1407: 0x024b, 0x1408: 0x0269, 0x1409: 0x0290, 0x140a: 0x027b, 0x140b: 0x027e,
+	0x140c: 0x0281, 0x140d: 0x0284, 0x140e: 0x025d, 0x140f: 0x026f, 0x1410: 0x0275, 0x1411: 0x0263,
+	0x1412: 0x0278, 0x1413: 0x0257, 0x1414: 0x0260, 0x1415: 0x0242, 0x1416: 0x0245, 0x1417: 0x024e,
+	0x1418: 0x0254, 0x1419: 0x0266, 0x141a: 0x026c, 0x141b: 0x0272, 0x141c: 0x0293, 0x141d: 0x02e4,
+	0x141e: 0x02cc, 0x141f: 0x0296, 0x1421: 0x023c, 0x1422: 0x0248,
+	0x1424: 0x0287, 0x1427: 0x024b, 0x1429: 0x0290,
+	0x142a: 0x027b, 0x142b: 0x027e, 0x142c: 0x0281, 0x142d: 0x0284, 0x142e: 0x025d, 0x142f: 0x026f,
+	0x1430: 0x0275, 0x1431: 0x0263, 0x1432: 0x0278, 0x1434: 0x0260, 0x1435: 0x0242,
+	0x1436: 0x0245, 0x1437: 0x024e, 0x1439: 0x0266, 0x143b: 0x0272,
+	// Block 0x51, offset 0x1440
+	0x1442: 0x0248,
+	0x1447: 0x024b, 0x1449: 0x0290, 0x144b: 0x027e,
+	0x144d: 0x0284, 0x144e: 0x025d, 0x144f: 0x026f, 0x1451: 0x0263,
+	0x1452: 0x0278, 0x1454: 0x0260, 0x1457: 0x024e,
+	0x1459: 0x0266, 0x145b: 0x0272, 0x145d: 0x02e4,
+	0x145f: 0x0296, 0x1461: 0x023c, 0x1462: 0x0248,
+	0x1464: 0x0287, 0x1467: 0x024b, 0x1468: 0x0269, 0x1469: 0x0290,
+	0x146a: 0x027b, 0x146c: 0x0281, 0x146d: 0x0284, 0x146e: 0x025d, 0x146f: 0x026f,
+	0x1470: 0x0275, 0x1471: 0x0263, 0x1472: 0x0278, 0x1474: 0x0260, 0x1475: 0x0242,
+	0x1476: 0x0245, 0x1477: 0x024e, 0x1479: 0x0266, 0x147a: 0x026c, 0x147b: 0x0272,
+	0x147c: 0x0293, 0x147e: 0x02cc,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x0239, 0x1481: 0x023c, 0x1482: 0x0248, 0x1483: 0x0251, 0x1484: 0x0287, 0x1485: 0x028a,
+	0x1486: 0x025a, 0x1487: 0x024b, 0x1488: 0x0269, 0x1489: 0x0290, 0x148b: 0x027e,
+	0x148c: 0x0281, 0x148d: 0x0284, 0x148e: 0x025d, 0x148f: 0x026f, 0x1490: 0x0275, 0x1491: 0x0263,
+	0x1492: 0x0278, 0x1493: 0x0257, 0x1494: 0x0260, 0x1495: 0x0242, 0x1496: 0x0245, 0x1497: 0x024e,
+	0x1498: 0x0254, 0x1499: 0x0266, 0x149a: 0x026c, 0x149b: 0x0272,
+	0x14a1: 0x023c, 0x14a2: 0x0248, 0x14a3: 0x0251,
+	0x14a5: 0x028a, 0x14a6: 0x025a, 0x14a7: 0x024b, 0x14a8: 0x0269, 0x14a9: 0x0290,
+	0x14ab: 0x027e, 0x14ac: 0x0281, 0x14ad: 0x0284, 0x14ae: 0x025d, 0x14af: 0x026f,
+	0x14b0: 0x0275, 0x14b1: 0x0263, 0x14b2: 0x0278, 0x14b3: 0x0257, 0x14b4: 0x0260, 0x14b5: 0x0242,
+	0x14b6: 0x0245, 0x14b7: 0x024e, 0x14b8: 0x0254, 0x14b9: 0x0266, 0x14ba: 0x026c, 0x14bb: 0x0272,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0x1879, 0x14c1: 0x1876, 0x14c2: 0x187c, 0x14c3: 0x18a0, 0x14c4: 0x18c4, 0x14c5: 0x18e8,
+	0x14c6: 0x190c, 0x14c7: 0x1915, 0x14c8: 0x191b, 0x14c9: 0x1921, 0x14ca: 0x1927,
+	0x14d0: 0x1a8c, 0x14d1: 0x1a90,
+	0x14d2: 0x1a94, 0x14d3: 0x1a98, 0x14d4: 0x1a9c, 0x14d5: 0x1aa0, 0x14d6: 0x1aa4, 0x14d7: 0x1aa8,
+	0x14d8: 0x1aac, 0x14d9: 0x1ab0, 0x14da: 0x1ab4, 0x14db: 0x1ab8, 0x14dc: 0x1abc, 0x14dd: 0x1ac0,
+	0x14de: 0x1ac4, 0x14df: 0x1ac8, 0x14e0: 0x1acc, 0x14e1: 0x1ad0, 0x14e2: 0x1ad4, 0x14e3: 0x1ad8,
+	0x14e4: 0x1adc, 0x14e5: 0x1ae0, 0x14e6: 0x1ae4, 0x14e7: 0x1ae8, 0x14e8: 0x1aec, 0x14e9: 0x1af0,
+	0x14ea: 0x271e, 0x14eb: 0x0047, 0x14ec: 0x0065, 0x14ed: 0x193c, 0x14ee: 0x19b1,
+	0x14f0: 0x0043, 0x14f1: 0x0045, 0x14f2: 0x0047, 0x14f3: 0x0049, 0x14f4: 0x004b, 0x14f5: 0x004d,
+	0x14f6: 0x004f, 0x14f7: 0x0051, 0x14f8: 0x0053, 0x14f9: 0x0055, 0x14fa: 0x0057, 0x14fb: 0x0059,
+	0x14fc: 0x005b, 0x14fd: 0x005d, 0x14fe: 0x005f, 0x14ff: 0x0061,
+	// Block 0x54, offset 0x1500
+	0x1500: 0x26ad, 0x1501: 0x26c2, 0x1502: 0x0503,
+	0x1510: 0x0c0f, 0x1511: 0x0a47,
+	0x1512: 0x08d3, 0x1513: 0x45c4, 0x1514: 0x071b, 0x1515: 0x09ef, 0x1516: 0x132f, 0x1517: 0x09ff,
+	0x1518: 0x0727, 0x1519: 0x0cd7, 0x151a: 0x0eaf, 0x151b: 0x0caf, 0x151c: 0x0827, 0x151d: 0x0b6b,
+	0x151e: 0x07bf, 0x151f: 0x0cb7, 0x1520: 0x0813, 0x1521: 0x1117, 0x1522: 0x0f83, 0x1523: 0x138b,
+	0x1524: 0x09d3, 0x1525: 0x090b, 0x1526: 0x0e63, 0x1527: 0x0c1b, 0x1528: 0x0c47, 0x1529: 0x06bf,
+	0x152a: 0x06cb, 0x152b: 0x140b, 0x152c: 0x0adb, 0x152d: 0x06e7, 0x152e: 0x08ef, 0x152f: 0x0c3b,
+	0x1530: 0x13b3, 0x1531: 0x0c13, 0x1532: 0x106f, 0x1533: 0x10ab, 0x1534: 0x08f7, 0x1535: 0x0e43,
+	0x1536: 0x0d0b, 0x1537: 0x0d07, 0x1538: 0x0f97, 0x1539: 0x082b, 0x153a: 0x0957, 0x153b: 0x1443,
+	// Block 0x55, offset 0x1540
+	0x1540: 0x06fb, 0x1541: 0x06f3, 0x1542: 0x0703, 0x1543: 0x1647, 0x1544: 0x0747, 0x1545: 0x0757,
+	0x1546: 0x075b, 0x1547: 0x0763, 0x1548: 0x076b, 0x1549: 0x076f, 0x154a: 0x077b, 0x154b: 0x0773,
+	0x154c: 0x05b3, 0x154d: 0x165b, 0x154e: 0x078f, 0x154f: 0x0793, 0x1550: 0x0797, 0x1551: 0x07b3,
+	0x1552: 0x164c, 0x1553: 0x05b7, 0x1554: 0x079f, 0x1555: 0x07bf, 0x1556: 0x1656, 0x1557: 0x07cf,
+	0x1558: 0x07d7, 0x1559: 0x0737, 0x155a: 0x07df, 0x155b: 0x07e3, 0x155c: 0x1831, 0x155d: 0x07ff,
+	0x155e: 0x0807, 0x155f: 0x05bf, 0x1560: 0x081f, 0x1561: 0x0823, 0x1562: 0x082b, 0x1563: 0x082f,
+	0x1564: 0x05c3, 0x1565: 0x0847, 0x1566: 0x084b, 0x1567: 0x0857, 0x1568: 0x0863, 0x1569: 0x0867,
+	0x156a: 0x086b, 0x156b: 0x0873, 0x156c: 0x0893, 0x156d: 0x0897, 0x156e: 0x089f, 0x156f: 0x08af,
+	0x1570: 0x08b7, 0x1571: 0x08bb, 0x1572: 0x08bb, 0x1573: 0x08bb, 0x1574: 0x166a, 0x1575: 0x0e93,
+	0x1576: 0x08cf, 0x1577: 0x08d7, 0x1578: 0x166f, 0x1579: 0x08e3, 0x157a: 0x08eb, 0x157b: 0x08f3,
+	0x157c: 0x091b, 0x157d: 0x0907, 0x157e: 0x0913, 0x157f: 0x0917,
+	// Block 0x56, offset 0x1580
+	0x1580: 0x091f, 0x1581: 0x0927, 0x1582: 0x092b, 0x1583: 0x0933, 0x1584: 0x093b, 0x1585: 0x093f,
+	0x1586: 0x093f, 0x1587: 0x0947, 0x1588: 0x094f, 0x1589: 0x0953, 0x158a: 0x095f, 0x158b: 0x0983,
+	0x158c: 0x0967, 0x158d: 0x0987, 0x158e: 0x096b, 0x158f: 0x0973, 0x1590: 0x080b, 0x1591: 0x09cf,
+	0x1592: 0x0997, 0x1593: 0x099b, 0x1594: 0x099f, 0x1595: 0x0993, 0x1596: 0x09a7, 0x1597: 0x09a3,
+	0x1598: 0x09bb, 0x1599: 0x1674, 0x159a: 0x09d7, 0x159b: 0x09db, 0x159c: 0x09e3, 0x159d: 0x09ef,
+	0x159e: 0x09f7, 0x159f: 0x0a13, 0x15a0: 0x1679, 0x15a1: 0x167e, 0x15a2: 0x0a1f, 0x15a3: 0x0a23,
+	0x15a4: 0x0a27, 0x15a5: 0x0a1b, 0x15a6: 0x0a2f, 0x15a7: 0x05c7, 0x15a8: 0x05cb, 0x15a9: 0x0a37,
+	0x15aa: 0x0a3f, 0x15ab: 0x0a3f, 0x15ac: 0x1683, 0x15ad: 0x0a5b, 0x15ae: 0x0a5f, 0x15af: 0x0a63,
+	0x15b0: 0x0a6b, 0x15b1: 0x1688, 0x15b2: 0x0a73, 0x15b3: 0x0a77, 0x15b4: 0x0b4f, 0x15b5: 0x0a7f,
+	0x15b6: 0x05cf, 0x15b7: 0x0a8b, 0x15b8: 0x0a9b, 0x15b9: 0x0aa7, 0x15ba: 0x0aa3, 0x15bb: 0x1692,
+	0x15bc: 0x0aaf, 0x15bd: 0x1697, 0x15be: 0x0abb, 0x15bf: 0x0ab7,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0x0abf, 0x15c1: 0x0acf, 0x15c2: 0x0ad3, 0x15c3: 0x05d3, 0x15c4: 0x0ae3, 0x15c5: 0x0aeb,
+	0x15c6: 0x0aef, 0x15c7: 0x0af3, 0x15c8: 0x05d7, 0x15c9: 0x169c, 0x15ca: 0x05db, 0x15cb: 0x0b0f,
+	0x15cc: 0x0b13, 0x15cd: 0x0b17, 0x15ce: 0x0b1f, 0x15cf: 0x1863, 0x15d0: 0x0b37, 0x15d1: 0x16a6,
+	0x15d2: 0x16a6, 0x15d3: 0x11d7, 0x15d4: 0x0b47, 0x15d5: 0x0b47, 0x15d6: 0x05df, 0x15d7: 0x16c9,
+	0x15d8: 0x179b, 0x15d9: 0x0b57, 0x15da: 0x0b5f, 0x15db: 0x05e3, 0x15dc: 0x0b73, 0x15dd: 0x0b83,
+	0x15de: 0x0b87, 0x15df: 0x0b8f, 0x15e0: 0x0b9f, 0x15e1: 0x05eb, 0x15e2: 0x05e7, 0x15e3: 0x0ba3,
+	0x15e4: 0x16ab, 0x15e5: 0x0ba7, 0x15e6: 0x0bbb, 0x15e7: 0x0bbf, 0x15e8: 0x0bc3, 0x15e9: 0x0bbf,
+	0x15ea: 0x0bcf, 0x15eb: 0x0bd3, 0x15ec: 0x0be3, 0x15ed: 0x0bdb, 0x15ee: 0x0bdf, 0x15ef: 0x0be7,
+	0x15f0: 0x0beb, 0x15f1: 0x0bef, 0x15f2: 0x0bfb, 0x15f3: 0x0bff, 0x15f4: 0x0c17, 0x15f5: 0x0c1f,
+	0x15f6: 0x0c2f, 0x15f7: 0x0c43, 0x15f8: 0x16ba, 0x15f9: 0x0c3f, 0x15fa: 0x0c33, 0x15fb: 0x0c4b,
+	0x15fc: 0x0c53, 0x15fd: 0x0c67, 0x15fe: 0x16bf, 0x15ff: 0x0c6f,
+	// Block 0x58, offset 0x1600
+	0x1600: 0x0c63, 0x1601: 0x0c5b, 0x1602: 0x05ef, 0x1603: 0x0c77, 0x1604: 0x0c7f, 0x1605: 0x0c87,
+	0x1606: 0x0c7b, 0x1607: 0x05f3, 0x1608: 0x0c97, 0x1609: 0x0c9f, 0x160a: 0x16c4, 0x160b: 0x0ccb,
+	0x160c: 0x0cff, 0x160d: 0x0cdb, 0x160e: 0x05ff, 0x160f: 0x0ce7, 0x1610: 0x05fb, 0x1611: 0x05f7,
+	0x1612: 0x07c3, 0x1613: 0x07c7, 0x1614: 0x0d03, 0x1615: 0x0ceb, 0x1616: 0x11ab, 0x1617: 0x0663,
+	0x1618: 0x0d0f, 0x1619: 0x0d13, 0x161a: 0x0d17, 0x161b: 0x0d2b, 0x161c: 0x0d23, 0x161d: 0x16dd,
+	0x161e: 0x0603, 0x161f: 0x0d3f, 0x1620: 0x0d33, 0x1621: 0x0d4f, 0x1622: 0x0d57, 0x1623: 0x16e7,
+	0x1624: 0x0d5b, 0x1625: 0x0d47, 0x1626: 0x0d63, 0x1627: 0x0607, 0x1628: 0x0d67, 0x1629: 0x0d6b,
+	0x162a: 0x0d6f, 0x162b: 0x0d7b, 0x162c: 0x16ec, 0x162d: 0x0d83, 0x162e: 0x060b, 0x162f: 0x0d8f,
+	0x1630: 0x16f1, 0x1631: 0x0d93, 0x1632: 0x060f, 0x1633: 0x0d9f, 0x1634: 0x0dab, 0x1635: 0x0db7,
+	0x1636: 0x0dbb, 0x1637: 0x16f6, 0x1638: 0x168d, 0x1639: 0x16fb, 0x163a: 0x0ddb, 0x163b: 0x1700,
+	0x163c: 0x0de7, 0x163d: 0x0def, 0x163e: 0x0ddf, 0x163f: 0x0dfb,
+	// Block 0x59, offset 0x1640
+	0x1640: 0x0e0b, 0x1641: 0x0e1b, 0x1642: 0x0e0f, 0x1643: 0x0e13, 0x1644: 0x0e1f, 0x1645: 0x0e23,
+	0x1646: 0x1705, 0x1647: 0x0e07, 0x1648: 0x0e3b, 0x1649: 0x0e3f, 0x164a: 0x0613, 0x164b: 0x0e53,
+	0x164c: 0x0e4f, 0x164d: 0x170a, 0x164e: 0x0e33, 0x164f: 0x0e6f, 0x1650: 0x170f, 0x1651: 0x1714,
+	0x1652: 0x0e73, 0x1653: 0x0e87, 0x1654: 0x0e83, 0x1655: 0x0e7f, 0x1656: 0x0617, 0x1657: 0x0e8b,
+	0x1658: 0x0e9b, 0x1659: 0x0e97, 0x165a: 0x0ea3, 0x165b: 0x1651, 0x165c: 0x0eb3, 0x165d: 0x1719,
+	0x165e: 0x0ebf, 0x165f: 0x1723, 0x1660: 0x0ed3, 0x1661: 0x0edf, 0x1662: 0x0ef3, 0x1663: 0x1728,
+	0x1664: 0x0f07, 0x1665: 0x0f0b, 0x1666: 0x172d, 0x1667: 0x1732, 0x1668: 0x0f27, 0x1669: 0x0f37,
+	0x166a: 0x061b, 0x166b: 0x0f3b, 0x166c: 0x061f, 0x166d: 0x061f, 0x166e: 0x0f53, 0x166f: 0x0f57,
+	0x1670: 0x0f5f, 0x1671: 0x0f63, 0x1672: 0x0f6f, 0x1673: 0x0623, 0x1674: 0x0f87, 0x1675: 0x1737,
+	0x1676: 0x0fa3, 0x1677: 0x173c, 0x1678: 0x0faf, 0x1679: 0x16a1, 0x167a: 0x0fbf, 0x167b: 0x1741,
+	0x167c: 0x1746, 0x167d: 0x174b, 0x167e: 0x0627, 0x167f: 0x062b,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x0ff7, 0x1681: 0x1755, 0x1682: 0x1750, 0x1683: 0x175a, 0x1684: 0x175f, 0x1685: 0x0fff,
+	0x1686: 0x1003, 0x1687: 0x1003, 0x1688: 0x100b, 0x1689: 0x0633, 0x168a: 0x100f, 0x168b: 0x0637,
+	0x168c: 0x063b, 0x168d: 0x1769, 0x168e: 0x1023, 0x168f: 0x102b, 0x1690: 0x1037, 0x1691: 0x063f,
+	0x1692: 0x176e, 0x1693: 0x105b, 0x1694: 0x1773, 0x1695: 0x1778, 0x1696: 0x107b, 0x1697: 0x1093,
+	0x1698: 0x0643, 0x1699: 0x109b, 0x169a: 0x109f, 0x169b: 0x10a3, 0x169c: 0x177d, 0x169d: 0x1782,
+	0x169e: 0x1782, 0x169f: 0x10bb, 0x16a0: 0x0647, 0x16a1: 0x1787, 0x16a2: 0x10cf, 0x16a3: 0x10d3,
+	0x16a4: 0x064b, 0x16a5: 0x178c, 0x16a6: 0x10ef, 0x16a7: 0x064f, 0x16a8: 0x10ff, 0x16a9: 0x10f7,
+	0x16aa: 0x1107, 0x16ab: 0x1796, 0x16ac: 0x111f, 0x16ad: 0x0653, 0x16ae: 0x112b, 0x16af: 0x1133,
+	0x16b0: 0x1143, 0x16b1: 0x0657, 0x16b2: 0x17a0, 0x16b3: 0x17a5, 0x16b4: 0x065b, 0x16b5: 0x17aa,
+	0x16b6: 0x115b, 0x16b7: 0x17af, 0x16b8: 0x1167, 0x16b9: 0x1173, 0x16ba: 0x117b, 0x16bb: 0x17b4,
+	0x16bc: 0x17b9, 0x16bd: 0x118f, 0x16be: 0x17be, 0x16bf: 0x1197,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x16ce, 0x16c1: 0x065f, 0x16c2: 0x11af, 0x16c3: 0x11b3, 0x16c4: 0x0667, 0x16c5: 0x11b7,
+	0x16c6: 0x0a33, 0x16c7: 0x17c3, 0x16c8: 0x17c8, 0x16c9: 0x16d3, 0x16ca: 0x16d8, 0x16cb: 0x11d7,
+	0x16cc: 0x11db, 0x16cd: 0x13f3, 0x16ce: 0x066b, 0x16cf: 0x1207, 0x16d0: 0x1203, 0x16d1: 0x120b,
+	0x16d2: 0x083f, 0x16d3: 0x120f, 0x16d4: 0x1213, 0x16d5: 0x1217, 0x16d6: 0x121f, 0x16d7: 0x17cd,
+	0x16d8: 0x121b, 0x16d9: 0x1223, 0x16da: 0x1237, 0x16db: 0x123b, 0x16dc: 0x1227, 0x16dd: 0x123f,
+	0x16de: 0x1253, 0x16df: 0x1267, 0x16e0: 0x1233, 0x16e1: 0x1247, 0x16e2: 0x124b, 0x16e3: 0x124f,
+	0x16e4: 0x17d2, 0x16e5: 0x17dc, 0x16e6: 0x17d7, 0x16e7: 0x066f, 0x16e8: 0x126f, 0x16e9: 0x1273,
+	0x16ea: 0x127b, 0x16eb: 0x17f0, 0x16ec: 0x127f, 0x16ed: 0x17e1, 0x16ee: 0x0673, 0x16ef: 0x0677,
+	0x16f0: 0x17e6, 0x16f1: 0x17eb, 0x16f2: 0x067b, 0x16f3: 0x129f, 0x16f4: 0x12a3, 0x16f5: 0x12a7,
+	0x16f6: 0x12ab, 0x16f7: 0x12b7, 0x16f8: 0x12b3, 0x16f9: 0x12bf, 0x16fa: 0x12bb, 0x16fb: 0x12cb,
+	0x16fc: 0x12c3, 0x16fd: 0x12c7, 0x16fe: 0x12cf, 0x16ff: 0x067f,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x12d7, 0x1701: 0x12db, 0x1702: 0x0683, 0x1703: 0x12eb, 0x1704: 0x12ef, 0x1705: 0x17f5,
+	0x1706: 0x12fb, 0x1707: 0x12ff, 0x1708: 0x0687, 0x1709: 0x130b, 0x170a: 0x05bb, 0x170b: 0x17fa,
+	0x170c: 0x17ff, 0x170d: 0x068b, 0x170e: 0x068f, 0x170f: 0x1337, 0x1710: 0x134f, 0x1711: 0x136b,
+	0x1712: 0x137b, 0x1713: 0x1804, 0x1714: 0x138f, 0x1715: 0x1393, 0x1716: 0x13ab, 0x1717: 0x13b7,
+	0x1718: 0x180e, 0x1719: 0x1660, 0x171a: 0x13c3, 0x171b: 0x13bf, 0x171c: 0x13cb, 0x171d: 0x1665,
+	0x171e: 0x13d7, 0x171f: 0x13e3, 0x1720: 0x1813, 0x1721: 0x1818, 0x1722: 0x1423, 0x1723: 0x142f,
+	0x1724: 0x1437, 0x1725: 0x181d, 0x1726: 0x143b, 0x1727: 0x1467, 0x1728: 0x1473, 0x1729: 0x1477,
+	0x172a: 0x146f, 0x172b: 0x1483, 0x172c: 0x1487, 0x172d: 0x1822, 0x172e: 0x1493, 0x172f: 0x0693,
+	0x1730: 0x149b, 0x1731: 0x1827, 0x1732: 0x0697, 0x1733: 0x14d3, 0x1734: 0x0ac3, 0x1735: 0x14eb,
+	0x1736: 0x182c, 0x1737: 0x1836, 0x1738: 0x069b, 0x1739: 0x069f, 0x173a: 0x1513, 0x173b: 0x183b,
+	0x173c: 0x06a3, 0x173d: 0x1840, 0x173e: 0x152b, 0x173f: 0x152b,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x1533, 0x1741: 0x1845, 0x1742: 0x154b, 0x1743: 0x06a7, 0x1744: 0x155b, 0x1745: 0x1567,
+	0x1746: 0x156f, 0x1747: 0x1577, 0x1748: 0x06ab, 0x1749: 0x184a, 0x174a: 0x158b, 0x174b: 0x15a7,
+	0x174c: 0x15b3, 0x174d: 0x06af, 0x174e: 0x06b3, 0x174f: 0x15b7, 0x1750: 0x184f, 0x1751: 0x06b7,
+	0x1752: 0x1854, 0x1753: 0x1859, 0x1754: 0x185e, 0x1755: 0x15db, 0x1756: 0x06bb, 0x1757: 0x15ef,
+	0x1758: 0x15f7, 0x1759: 0x15fb, 0x175a: 0x1603, 0x175b: 0x160b, 0x175c: 0x1613, 0x175d: 0x1868,
+}
+
+// nfkcIndex: 22 blocks, 1408 entries, 1408 bytes
+// Block 0 is the zero block.
+var nfkcIndex = [1408]uint8{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x5c, 0xc3: 0x01, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x5d, 0xc7: 0x04,
+	0xc8: 0x05, 0xca: 0x5e, 0xcb: 0x5f, 0xcc: 0x06, 0xcd: 0x07, 0xce: 0x08, 0xcf: 0x09,
+	0xd0: 0x0a, 0xd1: 0x60, 0xd2: 0x61, 0xd3: 0x0b, 0xd6: 0x0c, 0xd7: 0x62,
+	0xd8: 0x63, 0xd9: 0x0d, 0xdb: 0x64, 0xdc: 0x65, 0xdd: 0x66, 0xdf: 0x67,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05,
+	0xea: 0x06, 0xeb: 0x07, 0xec: 0x08, 0xed: 0x09, 0xef: 0x0a,
+	0xf0: 0x13,
+	// Block 0x4, offset 0x100
+	0x120: 0x68, 0x121: 0x69, 0x123: 0x0e, 0x124: 0x6a, 0x125: 0x6b, 0x126: 0x6c, 0x127: 0x6d,
+	0x128: 0x6e, 0x129: 0x6f, 0x12a: 0x70, 0x12b: 0x71, 0x12c: 0x6c, 0x12d: 0x72, 0x12e: 0x73, 0x12f: 0x74,
+	0x131: 0x75, 0x132: 0x76, 0x133: 0x77, 0x134: 0x78, 0x135: 0x79, 0x137: 0x7a,
+	0x138: 0x7b, 0x139: 0x7c, 0x13a: 0x7d, 0x13b: 0x7e, 0x13c: 0x7f, 0x13d: 0x80, 0x13e: 0x81, 0x13f: 0x82,
+	// Block 0x5, offset 0x140
+	0x140: 0x83, 0x142: 0x84, 0x143: 0x85, 0x144: 0x86, 0x145: 0x87, 0x146: 0x88, 0x147: 0x89,
+	0x14d: 0x8a,
+	0x15c: 0x8b, 0x15f: 0x8c,
+	0x162: 0x8d, 0x164: 0x8e,
+	0x168: 0x8f, 0x169: 0x90, 0x16a: 0x91, 0x16c: 0x0f, 0x16d: 0x92, 0x16e: 0x93, 0x16f: 0x94,
+	0x170: 0x95, 0x173: 0x96, 0x174: 0x97, 0x175: 0x10, 0x176: 0x11, 0x177: 0x12,
+	0x178: 0x13, 0x179: 0x14, 0x17a: 0x15, 0x17b: 0x16, 0x17c: 0x17, 0x17d: 0x18, 0x17e: 0x19, 0x17f: 0x1a,
+	// Block 0x6, offset 0x180
+	0x180: 0x98, 0x181: 0x99, 0x182: 0x9a, 0x183: 0x9b, 0x184: 0x1b, 0x185: 0x1c, 0x186: 0x9c, 0x187: 0x9d,
+	0x188: 0x9e, 0x189: 0x1d, 0x18a: 0x1e, 0x18b: 0x9f, 0x18c: 0xa0,
+	0x191: 0x1f, 0x192: 0x20, 0x193: 0xa1,
+	0x1a8: 0xa2, 0x1a9: 0xa3, 0x1ab: 0xa4,
+	0x1b1: 0xa5, 0x1b3: 0xa6, 0x1b5: 0xa7, 0x1b7: 0xa8,
+	0x1ba: 0xa9, 0x1bb: 0xaa, 0x1bc: 0x21, 0x1bd: 0x22, 0x1be: 0x23, 0x1bf: 0xab,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0xac, 0x1c1: 0x24, 0x1c2: 0x25, 0x1c3: 0x26, 0x1c4: 0xad, 0x1c5: 0x27, 0x1c6: 0x28,
+	0x1c8: 0x29, 0x1c9: 0x2a, 0x1ca: 0x2b, 0x1cb: 0x2c, 0x1cc: 0x2d, 0x1cd: 0x2e, 0x1ce: 0x2f, 0x1cf: 0x30,
+	// Block 0x8, offset 0x200
+	0x219: 0xae, 0x21a: 0xaf, 0x21b: 0xb0, 0x21d: 0xb1, 0x21f: 0xb2,
+	0x220: 0xb3, 0x223: 0xb4, 0x224: 0xb5, 0x225: 0xb6, 0x226: 0xb7, 0x227: 0xb8,
+	0x22a: 0xb9, 0x22b: 0xba, 0x22d: 0xbb, 0x22f: 0xbc,
+	0x230: 0xbd, 0x231: 0xbe, 0x232: 0xbf, 0x233: 0xc0, 0x234: 0xc1, 0x235: 0xc2, 0x236: 0xc3, 0x237: 0xbd,
+	0x238: 0xbe, 0x239: 0xbf, 0x23a: 0xc0, 0x23b: 0xc1, 0x23c: 0xc2, 0x23d: 0xc3, 0x23e: 0xbd, 0x23f: 0xbe,
+	// Block 0x9, offset 0x240
+	0x240: 0xbf, 0x241: 0xc0, 0x242: 0xc1, 0x243: 0xc2, 0x244: 0xc3, 0x245: 0xbd, 0x246: 0xbe, 0x247: 0xbf,
+	0x248: 0xc0, 0x249: 0xc1, 0x24a: 0xc2, 0x24b: 0xc3, 0x24c: 0xbd, 0x24d: 0xbe, 0x24e: 0xbf, 0x24f: 0xc0,
+	0x250: 0xc1, 0x251: 0xc2, 0x252: 0xc3, 0x253: 0xbd, 0x254: 0xbe, 0x255: 0xbf, 0x256: 0xc0, 0x257: 0xc1,
+	0x258: 0xc2, 0x259: 0xc3, 0x25a: 0xbd, 0x25b: 0xbe, 0x25c: 0xbf, 0x25d: 0xc0, 0x25e: 0xc1, 0x25f: 0xc2,
+	0x260: 0xc3, 0x261: 0xbd, 0x262: 0xbe, 0x263: 0xbf, 0x264: 0xc0, 0x265: 0xc1, 0x266: 0xc2, 0x267: 0xc3,
+	0x268: 0xbd, 0x269: 0xbe, 0x26a: 0xbf, 0x26b: 0xc0, 0x26c: 0xc1, 0x26d: 0xc2, 0x26e: 0xc3, 0x26f: 0xbd,
+	0x270: 0xbe, 0x271: 0xbf, 0x272: 0xc0, 0x273: 0xc1, 0x274: 0xc2, 0x275: 0xc3, 0x276: 0xbd, 0x277: 0xbe,
+	0x278: 0xbf, 0x279: 0xc0, 0x27a: 0xc1, 0x27b: 0xc2, 0x27c: 0xc3, 0x27d: 0xbd, 0x27e: 0xbe, 0x27f: 0xbf,
+	// Block 0xa, offset 0x280
+	0x280: 0xc0, 0x281: 0xc1, 0x282: 0xc2, 0x283: 0xc3, 0x284: 0xbd, 0x285: 0xbe, 0x286: 0xbf, 0x287: 0xc0,
+	0x288: 0xc1, 0x289: 0xc2, 0x28a: 0xc3, 0x28b: 0xbd, 0x28c: 0xbe, 0x28d: 0xbf, 0x28e: 0xc0, 0x28f: 0xc1,
+	0x290: 0xc2, 0x291: 0xc3, 0x292: 0xbd, 0x293: 0xbe, 0x294: 0xbf, 0x295: 0xc0, 0x296: 0xc1, 0x297: 0xc2,
+	0x298: 0xc3, 0x299: 0xbd, 0x29a: 0xbe, 0x29b: 0xbf, 0x29c: 0xc0, 0x29d: 0xc1, 0x29e: 0xc2, 0x29f: 0xc3,
+	0x2a0: 0xbd, 0x2a1: 0xbe, 0x2a2: 0xbf, 0x2a3: 0xc0, 0x2a4: 0xc1, 0x2a5: 0xc2, 0x2a6: 0xc3, 0x2a7: 0xbd,
+	0x2a8: 0xbe, 0x2a9: 0xbf, 0x2aa: 0xc0, 0x2ab: 0xc1, 0x2ac: 0xc2, 0x2ad: 0xc3, 0x2ae: 0xbd, 0x2af: 0xbe,
+	0x2b0: 0xbf, 0x2b1: 0xc0, 0x2b2: 0xc1, 0x2b3: 0xc2, 0x2b4: 0xc3, 0x2b5: 0xbd, 0x2b6: 0xbe, 0x2b7: 0xbf,
+	0x2b8: 0xc0, 0x2b9: 0xc1, 0x2ba: 0xc2, 0x2bb: 0xc3, 0x2bc: 0xbd, 0x2bd: 0xbe, 0x2be: 0xbf, 0x2bf: 0xc0,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0xc1, 0x2c1: 0xc2, 0x2c2: 0xc3, 0x2c3: 0xbd, 0x2c4: 0xbe, 0x2c5: 0xbf, 0x2c6: 0xc0, 0x2c7: 0xc1,
+	0x2c8: 0xc2, 0x2c9: 0xc3, 0x2ca: 0xbd, 0x2cb: 0xbe, 0x2cc: 0xbf, 0x2cd: 0xc0, 0x2ce: 0xc1, 0x2cf: 0xc2,
+	0x2d0: 0xc3, 0x2d1: 0xbd, 0x2d2: 0xbe, 0x2d3: 0xbf, 0x2d4: 0xc0, 0x2d5: 0xc1, 0x2d6: 0xc2, 0x2d7: 0xc3,
+	0x2d8: 0xbd, 0x2d9: 0xbe, 0x2da: 0xbf, 0x2db: 0xc0, 0x2dc: 0xc1, 0x2dd: 0xc2, 0x2de: 0xc4,
+	// Block 0xc, offset 0x300
+	0x324: 0x31, 0x325: 0x32, 0x326: 0x33, 0x327: 0x34,
+	0x328: 0x35, 0x329: 0x36, 0x32a: 0x37, 0x32b: 0x38, 0x32c: 0x39, 0x32d: 0x3a, 0x32e: 0x3b, 0x32f: 0x3c,
+	0x330: 0x3d, 0x331: 0x3e, 0x332: 0x3f, 0x333: 0x40, 0x334: 0x41, 0x335: 0x42, 0x336: 0x43, 0x337: 0x44,
+	0x338: 0x45, 0x339: 0x46, 0x33a: 0x47, 0x33b: 0x48, 0x33c: 0xc5, 0x33d: 0x49, 0x33e: 0x4a, 0x33f: 0x4b,
+	// Block 0xd, offset 0x340
+	0x347: 0xc6,
+	0x34b: 0xc7, 0x34d: 0xc8,
+	0x368: 0xc9, 0x36b: 0xca,
+	0x374: 0xcb,
+	0x37d: 0xcc,
+	// Block 0xe, offset 0x380
+	0x381: 0xcd, 0x382: 0xce, 0x384: 0xcf, 0x385: 0xb7, 0x387: 0xd0,
+	0x388: 0xd1, 0x38b: 0xd2, 0x38c: 0xd3, 0x38d: 0xd4,
+	0x391: 0xd5, 0x392: 0xd6, 0x393: 0xd7, 0x396: 0xd8, 0x397: 0xd9,
+	0x398: 0xda, 0x39a: 0xdb, 0x39c: 0xdc,
+	0x3a0: 0xdd,
+	0x3a8: 0xde, 0x3a9: 0xdf, 0x3aa: 0xe0,
+	0x3b0: 0xda, 0x3b5: 0xe1, 0x3b6: 0xe2,
+	// Block 0xf, offset 0x3c0
+	0x3eb: 0xe3, 0x3ec: 0xe4,
+	// Block 0x10, offset 0x400
+	0x432: 0xe5,
+	// Block 0x11, offset 0x440
+	0x445: 0xe6, 0x446: 0xe7, 0x447: 0xe8,
+	0x449: 0xe9,
+	0x450: 0xea, 0x451: 0xeb, 0x452: 0xec, 0x453: 0xed, 0x454: 0xee, 0x455: 0xef, 0x456: 0xf0, 0x457: 0xf1,
+	0x458: 0xf2, 0x459: 0xf3, 0x45a: 0x4c, 0x45b: 0xf4, 0x45c: 0xf5, 0x45d: 0xf6, 0x45e: 0xf7, 0x45f: 0x4d,
+	// Block 0x12, offset 0x480
+	0x480: 0xf8,
+	0x4a3: 0xf9, 0x4a5: 0xfa,
+	0x4b8: 0x4e, 0x4b9: 0x4f, 0x4ba: 0x50,
+	// Block 0x13, offset 0x4c0
+	0x4c4: 0x51, 0x4c5: 0xfb, 0x4c6: 0xfc,
+	0x4c8: 0x52, 0x4c9: 0xfd,
+	// Block 0x14, offset 0x500
+	0x520: 0x53, 0x521: 0x54, 0x522: 0x55, 0x523: 0x56, 0x524: 0x57, 0x525: 0x58, 0x526: 0x59, 0x527: 0x5a,
+	0x528: 0x5b,
+	// Block 0x15, offset 0x540
+	0x550: 0x0b, 0x551: 0x0c, 0x556: 0x0d,
+	0x55b: 0x0e, 0x55d: 0x0f, 0x55e: 0x10, 0x55f: 0x11,
+	0x56f: 0x12,
+}
+
+// nfkcSparseOffset: 162 entries, 324 bytes
+var nfkcSparseOffset = []uint16{0x0, 0xe, 0x12, 0x1b, 0x25, 0x35, 0x37, 0x3c, 0x47, 0x56, 0x63, 0x6b, 0x70, 0x75, 0x77, 0x7f, 0x86, 0x89, 0x91, 0x95, 0x99, 0x9b, 0x9d, 0xa6, 0xaa, 0xb1, 0xb6, 0xb9, 0xc3, 0xc6, 0xcd, 0xd5, 0xd9, 0xdb, 0xde, 0xe2, 0xe8, 0xf9, 0x105, 0x107, 0x10d, 0x10f, 0x111, 0x113, 0x115, 0x117, 0x119, 0x11b, 0x11e, 0x121, 0x123, 0x126, 0x129, 0x12d, 0x132, 0x13b, 0x13d, 0x140, 0x142, 0x14d, 0x158, 0x166, 0x174, 0x184, 0x192, 0x199, 0x19f, 0x1ae, 0x1b2, 0x1b4, 0x1b8, 0x1ba, 0x1bd, 0x1bf, 0x1c2, 0x1c4, 0x1c7, 0x1c9, 0x1cb, 0x1cd, 0x1d9, 0x1e3, 0x1ed, 0x1f0, 0x1f4, 0x1f6, 0x1f8, 0x1fa, 0x1fc, 0x1ff, 0x201, 0x203, 0x205, 0x207, 0x20d, 0x210, 0x214, 0x216, 0x21d, 0x223, 0x229, 0x231, 0x237, 0x23d, 0x243, 0x247, 0x249, 0x24b, 0x24d, 0x24f, 0x255, 0x258, 0x25a, 0x260, 0x263, 0x26b, 0x272, 0x275, 0x278, 0x27a, 0x27d, 0x285, 0x289, 0x290, 0x293, 0x299, 0x29b, 0x29d, 0x2a0, 0x2a2, 0x2a5, 0x2a7, 0x2a9, 0x2ab, 0x2ae, 0x2b0, 0x2b2, 0x2b4, 0x2b6, 0x2c3, 0x2cd, 0x2cf, 0x2d1, 0x2d5, 0x2da, 0x2e6, 0x2eb, 0x2f4, 0x2fa, 0x2ff, 0x303, 0x308, 0x30c, 0x31c, 0x32a, 0x338, 0x346, 0x34c, 0x34e, 0x351, 0x35b, 0x35d}
+
+// nfkcSparseValues: 871 entries, 3484 bytes
+var nfkcSparseValues = [871]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0002, lo: 0x0d},
+	{value: 0x0001, lo: 0xa0, hi: 0xa0},
+	{value: 0x4278, lo: 0xa8, hi: 0xa8},
+	{value: 0x0083, lo: 0xaa, hi: 0xaa},
+	{value: 0x4264, lo: 0xaf, hi: 0xaf},
+	{value: 0x0025, lo: 0xb2, hi: 0xb3},
+	{value: 0x425a, lo: 0xb4, hi: 0xb4},
+	{value: 0x01dc, lo: 0xb5, hi: 0xb5},
+	{value: 0x4291, lo: 0xb8, hi: 0xb8},
+	{value: 0x0023, lo: 0xb9, hi: 0xb9},
+	{value: 0x009f, lo: 0xba, hi: 0xba},
+	{value: 0x221c, lo: 0xbc, hi: 0xbc},
+	{value: 0x2210, lo: 0xbd, hi: 0xbd},
+	{value: 0x22b2, lo: 0xbe, hi: 0xbe},
+	// Block 0x1, offset 0xe
+	{value: 0x0091, lo: 0x03},
+	{value: 0x46e2, lo: 0xa0, hi: 0xa1},
+	{value: 0x4714, lo: 0xaf, hi: 0xb0},
+	{value: 0xa000, lo: 0xb7, hi: 0xb7},
+	// Block 0x2, offset 0x12
+	{value: 0x0003, lo: 0x08},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x0091, lo: 0xb0, hi: 0xb0},
+	{value: 0x0119, lo: 0xb1, hi: 0xb1},
+	{value: 0x0095, lo: 0xb2, hi: 0xb2},
+	{value: 0x00a5, lo: 0xb3, hi: 0xb3},
+	{value: 0x0143, lo: 0xb4, hi: 0xb6},
+	{value: 0x00af, lo: 0xb7, hi: 0xb7},
+	{value: 0x00b3, lo: 0xb8, hi: 0xb8},
+	// Block 0x3, offset 0x1b
+	{value: 0x000a, lo: 0x09},
+	{value: 0x426e, lo: 0x98, hi: 0x98},
+	{value: 0x4273, lo: 0x99, hi: 0x9a},
+	{value: 0x4296, lo: 0x9b, hi: 0x9b},
+	{value: 0x425f, lo: 0x9c, hi: 0x9c},
+	{value: 0x4282, lo: 0x9d, hi: 0x9d},
+	{value: 0x0113, lo: 0xa0, hi: 0xa0},
+	{value: 0x0099, lo: 0xa1, hi: 0xa1},
+	{value: 0x00a7, lo: 0xa2, hi: 0xa3},
+	{value: 0x0167, lo: 0xa4, hi: 0xa4},
+	// Block 0x4, offset 0x25
+	{value: 0x0000, lo: 0x0f},
+	{value: 0xa000, lo: 0x83, hi: 0x83},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0xa000, lo: 0x8b, hi: 0x8b},
+	{value: 0xa000, lo: 0x8d, hi: 0x8d},
+	{value: 0x37a5, lo: 0x90, hi: 0x90},
+	{value: 0x37b1, lo: 0x91, hi: 0x91},
+	{value: 0x379f, lo: 0x93, hi: 0x93},
+	{value: 0xa000, lo: 0x96, hi: 0x96},
+	{value: 0x3817, lo: 0x97, hi: 0x97},
+	{value: 0x37e1, lo: 0x9c, hi: 0x9c},
+	{value: 0x37c9, lo: 0x9d, hi: 0x9d},
+	{value: 0x37f3, lo: 0x9e, hi: 0x9e},
+	{value: 0xa000, lo: 0xb4, hi: 0xb5},
+	{value: 0x381d, lo: 0xb6, hi: 0xb6},
+	{value: 0x3823, lo: 0xb7, hi: 0xb7},
+	// Block 0x5, offset 0x35
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x83, hi: 0x87},
+	// Block 0x6, offset 0x37
+	{value: 0x0001, lo: 0x04},
+	{value: 0x8113, lo: 0x81, hi: 0x82},
+	{value: 0x8132, lo: 0x84, hi: 0x84},
+	{value: 0x812d, lo: 0x85, hi: 0x85},
+	{value: 0x810d, lo: 0x87, hi: 0x87},
+	// Block 0x7, offset 0x3c
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x8132, lo: 0x90, hi: 0x97},
+	{value: 0x8119, lo: 0x98, hi: 0x98},
+	{value: 0x811a, lo: 0x99, hi: 0x99},
+	{value: 0x811b, lo: 0x9a, hi: 0x9a},
+	{value: 0x3841, lo: 0xa2, hi: 0xa2},
+	{value: 0x3847, lo: 0xa3, hi: 0xa3},
+	{value: 0x3853, lo: 0xa4, hi: 0xa4},
+	{value: 0x384d, lo: 0xa5, hi: 0xa5},
+	{value: 0x3859, lo: 0xa6, hi: 0xa6},
+	{value: 0xa000, lo: 0xa7, hi: 0xa7},
+	// Block 0x8, offset 0x47
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x386b, lo: 0x80, hi: 0x80},
+	{value: 0xa000, lo: 0x81, hi: 0x81},
+	{value: 0x385f, lo: 0x82, hi: 0x82},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x3865, lo: 0x93, hi: 0x93},
+	{value: 0xa000, lo: 0x95, hi: 0x95},
+	{value: 0x8132, lo: 0x96, hi: 0x9c},
+	{value: 0x8132, lo: 0x9f, hi: 0xa2},
+	{value: 0x812d, lo: 0xa3, hi: 0xa3},
+	{value: 0x8132, lo: 0xa4, hi: 0xa4},
+	{value: 0x8132, lo: 0xa7, hi: 0xa8},
+	{value: 0x812d, lo: 0xaa, hi: 0xaa},
+	{value: 0x8132, lo: 0xab, hi: 0xac},
+	{value: 0x812d, lo: 0xad, hi: 0xad},
+	// Block 0x9, offset 0x56
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x811f, lo: 0x91, hi: 0x91},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	{value: 0x812d, lo: 0xb1, hi: 0xb1},
+	{value: 0x8132, lo: 0xb2, hi: 0xb3},
+	{value: 0x812d, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb5, hi: 0xb6},
+	{value: 0x812d, lo: 0xb7, hi: 0xb9},
+	{value: 0x8132, lo: 0xba, hi: 0xba},
+	{value: 0x812d, lo: 0xbb, hi: 0xbc},
+	{value: 0x8132, lo: 0xbd, hi: 0xbd},
+	{value: 0x812d, lo: 0xbe, hi: 0xbe},
+	{value: 0x8132, lo: 0xbf, hi: 0xbf},
+	// Block 0xa, offset 0x63
+	{value: 0x0005, lo: 0x07},
+	{value: 0x8132, lo: 0x80, hi: 0x80},
+	{value: 0x8132, lo: 0x81, hi: 0x81},
+	{value: 0x812d, lo: 0x82, hi: 0x83},
+	{value: 0x812d, lo: 0x84, hi: 0x85},
+	{value: 0x812d, lo: 0x86, hi: 0x87},
+	{value: 0x812d, lo: 0x88, hi: 0x89},
+	{value: 0x8132, lo: 0x8a, hi: 0x8a},
+	// Block 0xb, offset 0x6b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0xab, hi: 0xb1},
+	{value: 0x812d, lo: 0xb2, hi: 0xb2},
+	{value: 0x8132, lo: 0xb3, hi: 0xb3},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0xc, offset 0x70
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0x96, hi: 0x99},
+	{value: 0x8132, lo: 0x9b, hi: 0xa3},
+	{value: 0x8132, lo: 0xa5, hi: 0xa7},
+	{value: 0x8132, lo: 0xa9, hi: 0xad},
+	// Block 0xd, offset 0x75
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x99, hi: 0x9b},
+	// Block 0xe, offset 0x77
+	{value: 0x0000, lo: 0x07},
+	{value: 0xa000, lo: 0xa8, hi: 0xa8},
+	{value: 0x3ed8, lo: 0xa9, hi: 0xa9},
+	{value: 0xa000, lo: 0xb0, hi: 0xb0},
+	{value: 0x3ee0, lo: 0xb1, hi: 0xb1},
+	{value: 0xa000, lo: 0xb3, hi: 0xb3},
+	{value: 0x3ee8, lo: 0xb4, hi: 0xb4},
+	{value: 0x9902, lo: 0xbc, hi: 0xbc},
+	// Block 0xf, offset 0x7f
+	{value: 0x0008, lo: 0x06},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x8132, lo: 0x91, hi: 0x91},
+	{value: 0x812d, lo: 0x92, hi: 0x92},
+	{value: 0x8132, lo: 0x93, hi: 0x93},
+	{value: 0x8132, lo: 0x94, hi: 0x94},
+	{value: 0x451c, lo: 0x98, hi: 0x9f},
+	// Block 0x10, offset 0x86
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x11, offset 0x89
+	{value: 0x0008, lo: 0x07},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2c9e, lo: 0x8b, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	{value: 0x455c, lo: 0x9c, hi: 0x9d},
+	{value: 0x456c, lo: 0x9f, hi: 0x9f},
+	{value: 0x8132, lo: 0xbe, hi: 0xbe},
+	// Block 0x12, offset 0x91
+	{value: 0x0000, lo: 0x03},
+	{value: 0x4594, lo: 0xb3, hi: 0xb3},
+	{value: 0x459c, lo: 0xb6, hi: 0xb6},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	// Block 0x13, offset 0x95
+	{value: 0x0008, lo: 0x03},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x4574, lo: 0x99, hi: 0x9b},
+	{value: 0x458c, lo: 0x9e, hi: 0x9e},
+	// Block 0x14, offset 0x99
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	// Block 0x15, offset 0x9b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	// Block 0x16, offset 0x9d
+	{value: 0x0000, lo: 0x08},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2cb6, lo: 0x88, hi: 0x88},
+	{value: 0x2cae, lo: 0x8b, hi: 0x8b},
+	{value: 0x2cbe, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x96, hi: 0x97},
+	{value: 0x45a4, lo: 0x9c, hi: 0x9c},
+	{value: 0x45ac, lo: 0x9d, hi: 0x9d},
+	// Block 0x17, offset 0xa6
+	{value: 0x0000, lo: 0x03},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x2cc6, lo: 0x94, hi: 0x94},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x18, offset 0xaa
+	{value: 0x0000, lo: 0x06},
+	{value: 0xa000, lo: 0x86, hi: 0x87},
+	{value: 0x2cce, lo: 0x8a, hi: 0x8a},
+	{value: 0x2cde, lo: 0x8b, hi: 0x8b},
+	{value: 0x2cd6, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	// Block 0x19, offset 0xb1
+	{value: 0x1801, lo: 0x04},
+	{value: 0xa000, lo: 0x86, hi: 0x86},
+	{value: 0x3ef0, lo: 0x88, hi: 0x88},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x8120, lo: 0x95, hi: 0x96},
+	// Block 0x1a, offset 0xb6
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	{value: 0xa000, lo: 0xbf, hi: 0xbf},
+	// Block 0x1b, offset 0xb9
+	{value: 0x0000, lo: 0x09},
+	{value: 0x2ce6, lo: 0x80, hi: 0x80},
+	{value: 0x9900, lo: 0x82, hi: 0x82},
+	{value: 0xa000, lo: 0x86, hi: 0x86},
+	{value: 0x2cee, lo: 0x87, hi: 0x87},
+	{value: 0x2cf6, lo: 0x88, hi: 0x88},
+	{value: 0x2f50, lo: 0x8a, hi: 0x8a},
+	{value: 0x2dd8, lo: 0x8b, hi: 0x8b},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x95, hi: 0x96},
+	// Block 0x1c, offset 0xc3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xbb, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x1d, offset 0xc6
+	{value: 0x0000, lo: 0x06},
+	{value: 0xa000, lo: 0x86, hi: 0x87},
+	{value: 0x2cfe, lo: 0x8a, hi: 0x8a},
+	{value: 0x2d0e, lo: 0x8b, hi: 0x8b},
+	{value: 0x2d06, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	// Block 0x1e, offset 0xcd
+	{value: 0x6bea, lo: 0x07},
+	{value: 0x9904, lo: 0x8a, hi: 0x8a},
+	{value: 0x9900, lo: 0x8f, hi: 0x8f},
+	{value: 0xa000, lo: 0x99, hi: 0x99},
+	{value: 0x3ef8, lo: 0x9a, hi: 0x9a},
+	{value: 0x2f58, lo: 0x9c, hi: 0x9c},
+	{value: 0x2de3, lo: 0x9d, hi: 0x9d},
+	{value: 0x2d16, lo: 0x9e, hi: 0x9f},
+	// Block 0x1f, offset 0xd5
+	{value: 0x0000, lo: 0x03},
+	{value: 0x2621, lo: 0xb3, hi: 0xb3},
+	{value: 0x8122, lo: 0xb8, hi: 0xb9},
+	{value: 0x8104, lo: 0xba, hi: 0xba},
+	// Block 0x20, offset 0xd9
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8123, lo: 0x88, hi: 0x8b},
+	// Block 0x21, offset 0xdb
+	{value: 0x0000, lo: 0x02},
+	{value: 0x2636, lo: 0xb3, hi: 0xb3},
+	{value: 0x8124, lo: 0xb8, hi: 0xb9},
+	// Block 0x22, offset 0xde
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8125, lo: 0x88, hi: 0x8b},
+	{value: 0x2628, lo: 0x9c, hi: 0x9c},
+	{value: 0x262f, lo: 0x9d, hi: 0x9d},
+	// Block 0x23, offset 0xe2
+	{value: 0x0000, lo: 0x05},
+	{value: 0x030b, lo: 0x8c, hi: 0x8c},
+	{value: 0x812d, lo: 0x98, hi: 0x99},
+	{value: 0x812d, lo: 0xb5, hi: 0xb5},
+	{value: 0x812d, lo: 0xb7, hi: 0xb7},
+	{value: 0x812b, lo: 0xb9, hi: 0xb9},
+	// Block 0x24, offset 0xe8
+	{value: 0x0000, lo: 0x10},
+	{value: 0x2644, lo: 0x83, hi: 0x83},
+	{value: 0x264b, lo: 0x8d, hi: 0x8d},
+	{value: 0x2652, lo: 0x92, hi: 0x92},
+	{value: 0x2659, lo: 0x97, hi: 0x97},
+	{value: 0x2660, lo: 0x9c, hi: 0x9c},
+	{value: 0x263d, lo: 0xa9, hi: 0xa9},
+	{value: 0x8126, lo: 0xb1, hi: 0xb1},
+	{value: 0x8127, lo: 0xb2, hi: 0xb2},
+	{value: 0x4a84, lo: 0xb3, hi: 0xb3},
+	{value: 0x8128, lo: 0xb4, hi: 0xb4},
+	{value: 0x4a8d, lo: 0xb5, hi: 0xb5},
+	{value: 0x45b4, lo: 0xb6, hi: 0xb6},
+	{value: 0x45f4, lo: 0xb7, hi: 0xb7},
+	{value: 0x45bc, lo: 0xb8, hi: 0xb8},
+	{value: 0x45ff, lo: 0xb9, hi: 0xb9},
+	{value: 0x8127, lo: 0xba, hi: 0xbd},
+	// Block 0x25, offset 0xf9
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x8127, lo: 0x80, hi: 0x80},
+	{value: 0x4a96, lo: 0x81, hi: 0x81},
+	{value: 0x8132, lo: 0x82, hi: 0x83},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0x86, hi: 0x87},
+	{value: 0x266e, lo: 0x93, hi: 0x93},
+	{value: 0x2675, lo: 0x9d, hi: 0x9d},
+	{value: 0x267c, lo: 0xa2, hi: 0xa2},
+	{value: 0x2683, lo: 0xa7, hi: 0xa7},
+	{value: 0x268a, lo: 0xac, hi: 0xac},
+	{value: 0x2667, lo: 0xb9, hi: 0xb9},
+	// Block 0x26, offset 0x105
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x86, hi: 0x86},
+	// Block 0x27, offset 0x107
+	{value: 0x0000, lo: 0x05},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x2d1e, lo: 0xa6, hi: 0xa6},
+	{value: 0x9900, lo: 0xae, hi: 0xae},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	{value: 0x8104, lo: 0xb9, hi: 0xba},
+	// Block 0x28, offset 0x10d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x8d, hi: 0x8d},
+	// Block 0x29, offset 0x10f
+	{value: 0x0000, lo: 0x01},
+	{value: 0x030f, lo: 0xbc, hi: 0xbc},
+	// Block 0x2a, offset 0x111
+	{value: 0x0000, lo: 0x01},
+	{value: 0xa000, lo: 0x80, hi: 0x92},
+	// Block 0x2b, offset 0x113
+	{value: 0x0000, lo: 0x01},
+	{value: 0xb900, lo: 0xa1, hi: 0xb5},
+	// Block 0x2c, offset 0x115
+	{value: 0x0000, lo: 0x01},
+	{value: 0x9900, lo: 0xa8, hi: 0xbf},
+	// Block 0x2d, offset 0x117
+	{value: 0x0000, lo: 0x01},
+	{value: 0x9900, lo: 0x80, hi: 0x82},
+	// Block 0x2e, offset 0x119
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x9d, hi: 0x9f},
+	// Block 0x2f, offset 0x11b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x94, hi: 0x94},
+	{value: 0x8104, lo: 0xb4, hi: 0xb4},
+	// Block 0x30, offset 0x11e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x92, hi: 0x92},
+	{value: 0x8132, lo: 0x9d, hi: 0x9d},
+	// Block 0x31, offset 0x121
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8131, lo: 0xa9, hi: 0xa9},
+	// Block 0x32, offset 0x123
+	{value: 0x0004, lo: 0x02},
+	{value: 0x812e, lo: 0xb9, hi: 0xba},
+	{value: 0x812d, lo: 0xbb, hi: 0xbb},
+	// Block 0x33, offset 0x126
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x97, hi: 0x97},
+	{value: 0x812d, lo: 0x98, hi: 0x98},
+	// Block 0x34, offset 0x129
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8104, lo: 0xa0, hi: 0xa0},
+	{value: 0x8132, lo: 0xb5, hi: 0xbc},
+	{value: 0x812d, lo: 0xbf, hi: 0xbf},
+	// Block 0x35, offset 0x12d
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0xb0, hi: 0xb4},
+	{value: 0x812d, lo: 0xb5, hi: 0xba},
+	{value: 0x8132, lo: 0xbb, hi: 0xbc},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0x36, offset 0x132
+	{value: 0x0000, lo: 0x08},
+	{value: 0x2d66, lo: 0x80, hi: 0x80},
+	{value: 0x2d6e, lo: 0x81, hi: 0x81},
+	{value: 0xa000, lo: 0x82, hi: 0x82},
+	{value: 0x2d76, lo: 0x83, hi: 0x83},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0xab, hi: 0xab},
+	{value: 0x812d, lo: 0xac, hi: 0xac},
+	{value: 0x8132, lo: 0xad, hi: 0xb3},
+	// Block 0x37, offset 0x13b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xaa, hi: 0xab},
+	// Block 0x38, offset 0x13d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xa6, hi: 0xa6},
+	{value: 0x8104, lo: 0xb2, hi: 0xb3},
+	// Block 0x39, offset 0x140
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	// Block 0x3a, offset 0x142
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x8132, lo: 0x90, hi: 0x92},
+	{value: 0x8101, lo: 0x94, hi: 0x94},
+	{value: 0x812d, lo: 0x95, hi: 0x99},
+	{value: 0x8132, lo: 0x9a, hi: 0x9b},
+	{value: 0x812d, lo: 0x9c, hi: 0x9f},
+	{value: 0x8132, lo: 0xa0, hi: 0xa0},
+	{value: 0x8101, lo: 0xa2, hi: 0xa8},
+	{value: 0x812d, lo: 0xad, hi: 0xad},
+	{value: 0x8132, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb8, hi: 0xb9},
+	// Block 0x3b, offset 0x14d
+	{value: 0x0002, lo: 0x0a},
+	{value: 0x0043, lo: 0xac, hi: 0xac},
+	{value: 0x00d1, lo: 0xad, hi: 0xad},
+	{value: 0x0045, lo: 0xae, hi: 0xae},
+	{value: 0x0049, lo: 0xb0, hi: 0xb1},
+	{value: 0x00e6, lo: 0xb2, hi: 0xb2},
+	{value: 0x004f, lo: 0xb3, hi: 0xba},
+	{value: 0x005f, lo: 0xbc, hi: 0xbc},
+	{value: 0x00ef, lo: 0xbd, hi: 0xbd},
+	{value: 0x0061, lo: 0xbe, hi: 0xbe},
+	{value: 0x0065, lo: 0xbf, hi: 0xbf},
+	// Block 0x3c, offset 0x158
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0001, lo: 0x80, hi: 0x8a},
+	{value: 0x043b, lo: 0x91, hi: 0x91},
+	{value: 0x429b, lo: 0x97, hi: 0x97},
+	{value: 0x001d, lo: 0xa4, hi: 0xa4},
+	{value: 0x1873, lo: 0xa5, hi: 0xa5},
+	{value: 0x1b5c, lo: 0xa6, hi: 0xa6},
+	{value: 0x0001, lo: 0xaf, hi: 0xaf},
+	{value: 0x2691, lo: 0xb3, hi: 0xb3},
+	{value: 0x27fe, lo: 0xb4, hi: 0xb4},
+	{value: 0x2698, lo: 0xb6, hi: 0xb6},
+	{value: 0x2808, lo: 0xb7, hi: 0xb7},
+	{value: 0x186d, lo: 0xbc, hi: 0xbc},
+	{value: 0x4269, lo: 0xbe, hi: 0xbe},
+	// Block 0x3d, offset 0x166
+	{value: 0x0002, lo: 0x0d},
+	{value: 0x1933, lo: 0x87, hi: 0x87},
+	{value: 0x1930, lo: 0x88, hi: 0x88},
+	{value: 0x1870, lo: 0x89, hi: 0x89},
+	{value: 0x298e, lo: 0x97, hi: 0x97},
+	{value: 0x0001, lo: 0x9f, hi: 0x9f},
+	{value: 0x0021, lo: 0xb0, hi: 0xb0},
+	{value: 0x0093, lo: 0xb1, hi: 0xb1},
+	{value: 0x0029, lo: 0xb4, hi: 0xb9},
+	{value: 0x0017, lo: 0xba, hi: 0xba},
+	{value: 0x0467, lo: 0xbb, hi: 0xbb},
+	{value: 0x003b, lo: 0xbc, hi: 0xbc},
+	{value: 0x0011, lo: 0xbd, hi: 0xbe},
+	{value: 0x009d, lo: 0xbf, hi: 0xbf},
+	// Block 0x3e, offset 0x174
+	{value: 0x0002, lo: 0x0f},
+	{value: 0x0021, lo: 0x80, hi: 0x89},
+	{value: 0x0017, lo: 0x8a, hi: 0x8a},
+	{value: 0x0467, lo: 0x8b, hi: 0x8b},
+	{value: 0x003b, lo: 0x8c, hi: 0x8c},
+	{value: 0x0011, lo: 0x8d, hi: 0x8e},
+	{value: 0x0083, lo: 0x90, hi: 0x90},
+	{value: 0x008b, lo: 0x91, hi: 0x91},
+	{value: 0x009f, lo: 0x92, hi: 0x92},
+	{value: 0x00b1, lo: 0x93, hi: 0x93},
+	{value: 0x0104, lo: 0x94, hi: 0x94},
+	{value: 0x0091, lo: 0x95, hi: 0x95},
+	{value: 0x0097, lo: 0x96, hi: 0x99},
+	{value: 0x00a1, lo: 0x9a, hi: 0x9a},
+	{value: 0x00a7, lo: 0x9b, hi: 0x9c},
+	{value: 0x1999, lo: 0xa8, hi: 0xa8},
+	// Block 0x3f, offset 0x184
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x8132, lo: 0x90, hi: 0x91},
+	{value: 0x8101, lo: 0x92, hi: 0x93},
+	{value: 0x8132, lo: 0x94, hi: 0x97},
+	{value: 0x8101, lo: 0x98, hi: 0x9a},
+	{value: 0x8132, lo: 0x9b, hi: 0x9c},
+	{value: 0x8132, lo: 0xa1, hi: 0xa1},
+	{value: 0x8101, lo: 0xa5, hi: 0xa6},
+	{value: 0x8132, lo: 0xa7, hi: 0xa7},
+	{value: 0x812d, lo: 0xa8, hi: 0xa8},
+	{value: 0x8132, lo: 0xa9, hi: 0xa9},
+	{value: 0x8101, lo: 0xaa, hi: 0xab},
+	{value: 0x812d, lo: 0xac, hi: 0xaf},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	// Block 0x40, offset 0x192
+	{value: 0x0007, lo: 0x06},
+	{value: 0x2180, lo: 0x89, hi: 0x89},
+	{value: 0xa000, lo: 0x90, hi: 0x90},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0xa000, lo: 0x94, hi: 0x94},
+	{value: 0x3bb9, lo: 0x9a, hi: 0x9b},
+	{value: 0x3bc7, lo: 0xae, hi: 0xae},
+	// Block 0x41, offset 0x199
+	{value: 0x000e, lo: 0x05},
+	{value: 0x3bce, lo: 0x8d, hi: 0x8e},
+	{value: 0x3bd5, lo: 0x8f, hi: 0x8f},
+	{value: 0xa000, lo: 0x90, hi: 0x90},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0xa000, lo: 0x94, hi: 0x94},
+	// Block 0x42, offset 0x19f
+	{value: 0x0173, lo: 0x0e},
+	{value: 0xa000, lo: 0x83, hi: 0x83},
+	{value: 0x3be3, lo: 0x84, hi: 0x84},
+	{value: 0xa000, lo: 0x88, hi: 0x88},
+	{value: 0x3bea, lo: 0x89, hi: 0x89},
+	{value: 0xa000, lo: 0x8b, hi: 0x8b},
+	{value: 0x3bf1, lo: 0x8c, hi: 0x8c},
+	{value: 0xa000, lo: 0xa3, hi: 0xa3},
+	{value: 0x3bf8, lo: 0xa4, hi: 0xa4},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x3bff, lo: 0xa6, hi: 0xa6},
+	{value: 0x269f, lo: 0xac, hi: 0xad},
+	{value: 0x26a6, lo: 0xaf, hi: 0xaf},
+	{value: 0x281c, lo: 0xb0, hi: 0xb0},
+	{value: 0xa000, lo: 0xbc, hi: 0xbc},
+	// Block 0x43, offset 0x1ae
+	{value: 0x0007, lo: 0x03},
+	{value: 0x3c68, lo: 0xa0, hi: 0xa1},
+	{value: 0x3c92, lo: 0xa2, hi: 0xa3},
+	{value: 0x3cbc, lo: 0xaa, hi: 0xad},
+	// Block 0x44, offset 0x1b2
+	{value: 0x0004, lo: 0x01},
+	{value: 0x048b, lo: 0xa9, hi: 0xaa},
+	// Block 0x45, offset 0x1b4
+	{value: 0x0002, lo: 0x03},
+	{value: 0x0057, lo: 0x80, hi: 0x8f},
+	{value: 0x0083, lo: 0x90, hi: 0xa9},
+	{value: 0x0021, lo: 0xaa, hi: 0xaa},
+	// Block 0x46, offset 0x1b8
+	{value: 0x0000, lo: 0x01},
+	{value: 0x299b, lo: 0x8c, hi: 0x8c},
+	// Block 0x47, offset 0x1ba
+	{value: 0x0263, lo: 0x02},
+	{value: 0x1b8c, lo: 0xb4, hi: 0xb4},
+	{value: 0x192d, lo: 0xb5, hi: 0xb6},
+	// Block 0x48, offset 0x1bd
+	{value: 0x0000, lo: 0x01},
+	{value: 0x44dd, lo: 0x9c, hi: 0x9c},
+	// Block 0x49, offset 0x1bf
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0095, lo: 0xbc, hi: 0xbc},
+	{value: 0x006d, lo: 0xbd, hi: 0xbd},
+	// Block 0x4a, offset 0x1c2
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xaf, hi: 0xb1},
+	// Block 0x4b, offset 0x1c4
+	{value: 0x0000, lo: 0x02},
+	{value: 0x047f, lo: 0xaf, hi: 0xaf},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x4c, offset 0x1c7
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xa0, hi: 0xbf},
+	// Block 0x4d, offset 0x1c9
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0dc3, lo: 0x9f, hi: 0x9f},
+	// Block 0x4e, offset 0x1cb
+	{value: 0x0000, lo: 0x01},
+	{value: 0x162f, lo: 0xb3, hi: 0xb3},
+	// Block 0x4f, offset 0x1cd
+	{value: 0x0004, lo: 0x0b},
+	{value: 0x1597, lo: 0x80, hi: 0x82},
+	{value: 0x15af, lo: 0x83, hi: 0x83},
+	{value: 0x15c7, lo: 0x84, hi: 0x85},
+	{value: 0x15d7, lo: 0x86, hi: 0x89},
+	{value: 0x15eb, lo: 0x8a, hi: 0x8c},
+	{value: 0x15ff, lo: 0x8d, hi: 0x8d},
+	{value: 0x1607, lo: 0x8e, hi: 0x8e},
+	{value: 0x160f, lo: 0x8f, hi: 0x90},
+	{value: 0x161b, lo: 0x91, hi: 0x93},
+	{value: 0x162b, lo: 0x94, hi: 0x94},
+	{value: 0x1633, lo: 0x95, hi: 0x95},
+	// Block 0x50, offset 0x1d9
+	{value: 0x0004, lo: 0x09},
+	{value: 0x0001, lo: 0x80, hi: 0x80},
+	{value: 0x812c, lo: 0xaa, hi: 0xaa},
+	{value: 0x8131, lo: 0xab, hi: 0xab},
+	{value: 0x8133, lo: 0xac, hi: 0xac},
+	{value: 0x812e, lo: 0xad, hi: 0xad},
+	{value: 0x812f, lo: 0xae, hi: 0xae},
+	{value: 0x812f, lo: 0xaf, hi: 0xaf},
+	{value: 0x04b3, lo: 0xb6, hi: 0xb6},
+	{value: 0x0887, lo: 0xb8, hi: 0xba},
+	// Block 0x51, offset 0x1e3
+	{value: 0x0006, lo: 0x09},
+	{value: 0x0313, lo: 0xb1, hi: 0xb1},
+	{value: 0x0317, lo: 0xb2, hi: 0xb2},
+	{value: 0x4a3b, lo: 0xb3, hi: 0xb3},
+	{value: 0x031b, lo: 0xb4, hi: 0xb4},
+	{value: 0x4a41, lo: 0xb5, hi: 0xb6},
+	{value: 0x031f, lo: 0xb7, hi: 0xb7},
+	{value: 0x0323, lo: 0xb8, hi: 0xb8},
+	{value: 0x0327, lo: 0xb9, hi: 0xb9},
+	{value: 0x4a4d, lo: 0xba, hi: 0xbf},
+	// Block 0x52, offset 0x1ed
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0xaf, hi: 0xaf},
+	{value: 0x8132, lo: 0xb4, hi: 0xbd},
+	// Block 0x53, offset 0x1f0
+	{value: 0x0000, lo: 0x03},
+	{value: 0x020f, lo: 0x9c, hi: 0x9c},
+	{value: 0x0212, lo: 0x9d, hi: 0x9d},
+	{value: 0x8132, lo: 0x9e, hi: 0x9f},
+	// Block 0x54, offset 0x1f4
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb0, hi: 0xb1},
+	// Block 0x55, offset 0x1f6
+	{value: 0x0000, lo: 0x01},
+	{value: 0x163b, lo: 0xb0, hi: 0xb0},
+	// Block 0x56, offset 0x1f8
+	{value: 0x000c, lo: 0x01},
+	{value: 0x00d7, lo: 0xb8, hi: 0xb9},
+	// Block 0x57, offset 0x1fa
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x86, hi: 0x86},
+	// Block 0x58, offset 0x1fc
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0xa0, hi: 0xb1},
+	// Block 0x59, offset 0x1ff
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xab, hi: 0xad},
+	// Block 0x5a, offset 0x201
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x93, hi: 0x93},
+	// Block 0x5b, offset 0x203
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xb3, hi: 0xb3},
+	// Block 0x5c, offset 0x205
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x80, hi: 0x80},
+	// Block 0x5d, offset 0x207
+	{value: 0x0000, lo: 0x05},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	{value: 0x8132, lo: 0xb2, hi: 0xb3},
+	{value: 0x812d, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb7, hi: 0xb8},
+	{value: 0x8132, lo: 0xbe, hi: 0xbf},
+	// Block 0x5e, offset 0x20d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x81, hi: 0x81},
+	{value: 0x8104, lo: 0xb6, hi: 0xb6},
+	// Block 0x5f, offset 0x210
+	{value: 0x0008, lo: 0x03},
+	{value: 0x1637, lo: 0x9c, hi: 0x9d},
+	{value: 0x0125, lo: 0x9e, hi: 0x9e},
+	{value: 0x1643, lo: 0x9f, hi: 0x9f},
+	// Block 0x60, offset 0x214
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xad, hi: 0xad},
+	// Block 0x61, offset 0x216
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe500, lo: 0x80, hi: 0x80},
+	{value: 0xc600, lo: 0x81, hi: 0x9b},
+	{value: 0xe500, lo: 0x9c, hi: 0x9c},
+	{value: 0xc600, lo: 0x9d, hi: 0xb7},
+	{value: 0xe500, lo: 0xb8, hi: 0xb8},
+	{value: 0xc600, lo: 0xb9, hi: 0xbf},
+	// Block 0x62, offset 0x21d
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x93},
+	{value: 0xe500, lo: 0x94, hi: 0x94},
+	{value: 0xc600, lo: 0x95, hi: 0xaf},
+	{value: 0xe500, lo: 0xb0, hi: 0xb0},
+	{value: 0xc600, lo: 0xb1, hi: 0xbf},
+	// Block 0x63, offset 0x223
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x8b},
+	{value: 0xe500, lo: 0x8c, hi: 0x8c},
+	{value: 0xc600, lo: 0x8d, hi: 0xa7},
+	{value: 0xe500, lo: 0xa8, hi: 0xa8},
+	{value: 0xc600, lo: 0xa9, hi: 0xbf},
+	// Block 0x64, offset 0x229
+	{value: 0x0000, lo: 0x07},
+	{value: 0xc600, lo: 0x80, hi: 0x83},
+	{value: 0xe500, lo: 0x84, hi: 0x84},
+	{value: 0xc600, lo: 0x85, hi: 0x9f},
+	{value: 0xe500, lo: 0xa0, hi: 0xa0},
+	{value: 0xc600, lo: 0xa1, hi: 0xbb},
+	{value: 0xe500, lo: 0xbc, hi: 0xbc},
+	{value: 0xc600, lo: 0xbd, hi: 0xbf},
+	// Block 0x65, offset 0x231
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x97},
+	{value: 0xe500, lo: 0x98, hi: 0x98},
+	{value: 0xc600, lo: 0x99, hi: 0xb3},
+	{value: 0xe500, lo: 0xb4, hi: 0xb4},
+	{value: 0xc600, lo: 0xb5, hi: 0xbf},
+	// Block 0x66, offset 0x237
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x8f},
+	{value: 0xe500, lo: 0x90, hi: 0x90},
+	{value: 0xc600, lo: 0x91, hi: 0xab},
+	{value: 0xe500, lo: 0xac, hi: 0xac},
+	{value: 0xc600, lo: 0xad, hi: 0xbf},
+	// Block 0x67, offset 0x23d
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x87},
+	{value: 0xe500, lo: 0x88, hi: 0x88},
+	{value: 0xc600, lo: 0x89, hi: 0xa3},
+	{value: 0xe500, lo: 0xa4, hi: 0xa4},
+	{value: 0xc600, lo: 0xa5, hi: 0xbf},
+	// Block 0x68, offset 0x243
+	{value: 0x0000, lo: 0x03},
+	{value: 0xc600, lo: 0x80, hi: 0x87},
+	{value: 0xe500, lo: 0x88, hi: 0x88},
+	{value: 0xc600, lo: 0x89, hi: 0xa3},
+	// Block 0x69, offset 0x247
+	{value: 0x0002, lo: 0x01},
+	{value: 0x0003, lo: 0x81, hi: 0xbf},
+	// Block 0x6a, offset 0x249
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0x6b, offset 0x24b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xa0, hi: 0xa0},
+	// Block 0x6c, offset 0x24d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb6, hi: 0xba},
+	// Block 0x6d, offset 0x24f
+	{value: 0x002c, lo: 0x05},
+	{value: 0x812d, lo: 0x8d, hi: 0x8d},
+	{value: 0x8132, lo: 0x8f, hi: 0x8f},
+	{value: 0x8132, lo: 0xb8, hi: 0xb8},
+	{value: 0x8101, lo: 0xb9, hi: 0xba},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x6e, offset 0x255
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0xa5, hi: 0xa5},
+	{value: 0x812d, lo: 0xa6, hi: 0xa6},
+	// Block 0x6f, offset 0x258
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xa4, hi: 0xa7},
+	// Block 0x70, offset 0x25a
+	{value: 0x0000, lo: 0x05},
+	{value: 0x812d, lo: 0x86, hi: 0x87},
+	{value: 0x8132, lo: 0x88, hi: 0x8a},
+	{value: 0x812d, lo: 0x8b, hi: 0x8b},
+	{value: 0x8132, lo: 0x8c, hi: 0x8c},
+	{value: 0x812d, lo: 0x8d, hi: 0x90},
+	// Block 0x71, offset 0x260
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x86, hi: 0x86},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x72, offset 0x263
+	{value: 0x17fe, lo: 0x07},
+	{value: 0xa000, lo: 0x99, hi: 0x99},
+	{value: 0x4238, lo: 0x9a, hi: 0x9a},
+	{value: 0xa000, lo: 0x9b, hi: 0x9b},
+	{value: 0x4242, lo: 0x9c, hi: 0x9c},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x424c, lo: 0xab, hi: 0xab},
+	{value: 0x8104, lo: 0xb9, hi: 0xba},
+	// Block 0x73, offset 0x26b
+	{value: 0x0000, lo: 0x06},
+	{value: 0x8132, lo: 0x80, hi: 0x82},
+	{value: 0x9900, lo: 0xa7, hi: 0xa7},
+	{value: 0x2d7e, lo: 0xae, hi: 0xae},
+	{value: 0x2d88, lo: 0xaf, hi: 0xaf},
+	{value: 0xa000, lo: 0xb1, hi: 0xb2},
+	{value: 0x8104, lo: 0xb3, hi: 0xb4},
+	// Block 0x74, offset 0x272
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x80, hi: 0x80},
+	{value: 0x8102, lo: 0x8a, hi: 0x8a},
+	// Block 0x75, offset 0x275
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb5, hi: 0xb5},
+	{value: 0x8102, lo: 0xb6, hi: 0xb6},
+	// Block 0x76, offset 0x278
+	{value: 0x0002, lo: 0x01},
+	{value: 0x8102, lo: 0xa9, hi: 0xaa},
+	// Block 0x77, offset 0x27a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbb, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x78, offset 0x27d
+	{value: 0x0000, lo: 0x07},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2d92, lo: 0x8b, hi: 0x8b},
+	{value: 0x2d9c, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	{value: 0x8132, lo: 0xa6, hi: 0xac},
+	{value: 0x8132, lo: 0xb0, hi: 0xb4},
+	// Block 0x79, offset 0x285
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8104, lo: 0x82, hi: 0x82},
+	{value: 0x8102, lo: 0x86, hi: 0x86},
+	{value: 0x8132, lo: 0x9e, hi: 0x9e},
+	// Block 0x7a, offset 0x289
+	{value: 0x6b5a, lo: 0x06},
+	{value: 0x9900, lo: 0xb0, hi: 0xb0},
+	{value: 0xa000, lo: 0xb9, hi: 0xb9},
+	{value: 0x9900, lo: 0xba, hi: 0xba},
+	{value: 0x2db0, lo: 0xbb, hi: 0xbb},
+	{value: 0x2da6, lo: 0xbc, hi: 0xbd},
+	{value: 0x2dba, lo: 0xbe, hi: 0xbe},
+	// Block 0x7b, offset 0x290
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x82, hi: 0x82},
+	{value: 0x8102, lo: 0x83, hi: 0x83},
+	// Block 0x7c, offset 0x293
+	{value: 0x0000, lo: 0x05},
+	{value: 0x9900, lo: 0xaf, hi: 0xaf},
+	{value: 0xa000, lo: 0xb8, hi: 0xb9},
+	{value: 0x2dc4, lo: 0xba, hi: 0xba},
+	{value: 0x2dce, lo: 0xbb, hi: 0xbb},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x7d, offset 0x299
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0x80, hi: 0x80},
+	// Block 0x7e, offset 0x29b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x7f, offset 0x29d
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb6, hi: 0xb6},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	// Block 0x80, offset 0x2a0
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xab, hi: 0xab},
+	// Block 0x81, offset 0x2a2
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb9, hi: 0xb9},
+	{value: 0x8102, lo: 0xba, hi: 0xba},
+	// Block 0x82, offset 0x2a5
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xb4, hi: 0xb4},
+	// Block 0x83, offset 0x2a7
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x87, hi: 0x87},
+	// Block 0x84, offset 0x2a9
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x99, hi: 0x99},
+	// Block 0x85, offset 0x2ab
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0x82, hi: 0x82},
+	{value: 0x8104, lo: 0x84, hi: 0x85},
+	// Block 0x86, offset 0x2ae
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x97, hi: 0x97},
+	// Block 0x87, offset 0x2b0
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8101, lo: 0xb0, hi: 0xb4},
+	// Block 0x88, offset 0x2b2
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb0, hi: 0xb6},
+	// Block 0x89, offset 0x2b4
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8101, lo: 0x9e, hi: 0x9e},
+	// Block 0x8a, offset 0x2b6
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x45cc, lo: 0x9e, hi: 0x9e},
+	{value: 0x45d6, lo: 0x9f, hi: 0x9f},
+	{value: 0x460a, lo: 0xa0, hi: 0xa0},
+	{value: 0x4618, lo: 0xa1, hi: 0xa1},
+	{value: 0x4626, lo: 0xa2, hi: 0xa2},
+	{value: 0x4634, lo: 0xa3, hi: 0xa3},
+	{value: 0x4642, lo: 0xa4, hi: 0xa4},
+	{value: 0x812b, lo: 0xa5, hi: 0xa6},
+	{value: 0x8101, lo: 0xa7, hi: 0xa9},
+	{value: 0x8130, lo: 0xad, hi: 0xad},
+	{value: 0x812b, lo: 0xae, hi: 0xb2},
+	{value: 0x812d, lo: 0xbb, hi: 0xbf},
+	// Block 0x8b, offset 0x2c3
+	{value: 0x0000, lo: 0x09},
+	{value: 0x812d, lo: 0x80, hi: 0x82},
+	{value: 0x8132, lo: 0x85, hi: 0x89},
+	{value: 0x812d, lo: 0x8a, hi: 0x8b},
+	{value: 0x8132, lo: 0xaa, hi: 0xad},
+	{value: 0x45e0, lo: 0xbb, hi: 0xbb},
+	{value: 0x45ea, lo: 0xbc, hi: 0xbc},
+	{value: 0x4650, lo: 0xbd, hi: 0xbd},
+	{value: 0x466c, lo: 0xbe, hi: 0xbe},
+	{value: 0x465e, lo: 0xbf, hi: 0xbf},
+	// Block 0x8c, offset 0x2cd
+	{value: 0x0000, lo: 0x01},
+	{value: 0x467a, lo: 0x80, hi: 0x80},
+	// Block 0x8d, offset 0x2cf
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x82, hi: 0x84},
+	// Block 0x8e, offset 0x2d1
+	{value: 0x0002, lo: 0x03},
+	{value: 0x0043, lo: 0x80, hi: 0x99},
+	{value: 0x0083, lo: 0x9a, hi: 0xb3},
+	{value: 0x0043, lo: 0xb4, hi: 0xbf},
+	// Block 0x8f, offset 0x2d5
+	{value: 0x0002, lo: 0x04},
+	{value: 0x005b, lo: 0x80, hi: 0x8d},
+	{value: 0x0083, lo: 0x8e, hi: 0x94},
+	{value: 0x0093, lo: 0x96, hi: 0xa7},
+	{value: 0x0043, lo: 0xa8, hi: 0xbf},
+	// Block 0x90, offset 0x2da
+	{value: 0x0002, lo: 0x0b},
+	{value: 0x0073, lo: 0x80, hi: 0x81},
+	{value: 0x0083, lo: 0x82, hi: 0x9b},
+	{value: 0x0043, lo: 0x9c, hi: 0x9c},
+	{value: 0x0047, lo: 0x9e, hi: 0x9f},
+	{value: 0x004f, lo: 0xa2, hi: 0xa2},
+	{value: 0x0055, lo: 0xa5, hi: 0xa6},
+	{value: 0x005d, lo: 0xa9, hi: 0xac},
+	{value: 0x0067, lo: 0xae, hi: 0xb5},
+	{value: 0x0083, lo: 0xb6, hi: 0xb9},
+	{value: 0x008d, lo: 0xbb, hi: 0xbb},
+	{value: 0x0091, lo: 0xbd, hi: 0xbf},
+	// Block 0x91, offset 0x2e6
+	{value: 0x0002, lo: 0x04},
+	{value: 0x0097, lo: 0x80, hi: 0x83},
+	{value: 0x00a1, lo: 0x85, hi: 0x8f},
+	{value: 0x0043, lo: 0x90, hi: 0xa9},
+	{value: 0x0083, lo: 0xaa, hi: 0xbf},
+	// Block 0x92, offset 0x2eb
+	{value: 0x0002, lo: 0x08},
+	{value: 0x00af, lo: 0x80, hi: 0x83},
+	{value: 0x0043, lo: 0x84, hi: 0x85},
+	{value: 0x0049, lo: 0x87, hi: 0x8a},
+	{value: 0x0055, lo: 0x8d, hi: 0x94},
+	{value: 0x0067, lo: 0x96, hi: 0x9c},
+	{value: 0x0083, lo: 0x9e, hi: 0xb7},
+	{value: 0x0043, lo: 0xb8, hi: 0xb9},
+	{value: 0x0049, lo: 0xbb, hi: 0xbe},
+	// Block 0x93, offset 0x2f4
+	{value: 0x0002, lo: 0x05},
+	{value: 0x0053, lo: 0x80, hi: 0x84},
+	{value: 0x005f, lo: 0x86, hi: 0x86},
+	{value: 0x0067, lo: 0x8a, hi: 0x90},
+	{value: 0x0083, lo: 0x92, hi: 0xab},
+	{value: 0x0043, lo: 0xac, hi: 0xbf},
+	// Block 0x94, offset 0x2fa
+	{value: 0x0002, lo: 0x04},
+	{value: 0x006b, lo: 0x80, hi: 0x85},
+	{value: 0x0083, lo: 0x86, hi: 0x9f},
+	{value: 0x0043, lo: 0xa0, hi: 0xb9},
+	{value: 0x0083, lo: 0xba, hi: 0xbf},
+	// Block 0x95, offset 0x2ff
+	{value: 0x0002, lo: 0x03},
+	{value: 0x008f, lo: 0x80, hi: 0x93},
+	{value: 0x0043, lo: 0x94, hi: 0xad},
+	{value: 0x0083, lo: 0xae, hi: 0xbf},
+	// Block 0x96, offset 0x303
+	{value: 0x0002, lo: 0x04},
+	{value: 0x00a7, lo: 0x80, hi: 0x87},
+	{value: 0x0043, lo: 0x88, hi: 0xa1},
+	{value: 0x0083, lo: 0xa2, hi: 0xbb},
+	{value: 0x0043, lo: 0xbc, hi: 0xbf},
+	// Block 0x97, offset 0x308
+	{value: 0x0002, lo: 0x03},
+	{value: 0x004b, lo: 0x80, hi: 0x95},
+	{value: 0x0083, lo: 0x96, hi: 0xaf},
+	{value: 0x0043, lo: 0xb0, hi: 0xbf},
+	// Block 0x98, offset 0x30c
+	{value: 0x0003, lo: 0x0f},
+	{value: 0x01b8, lo: 0x80, hi: 0x80},
+	{value: 0x045f, lo: 0x81, hi: 0x81},
+	{value: 0x01bb, lo: 0x82, hi: 0x9a},
+	{value: 0x045b, lo: 0x9b, hi: 0x9b},
+	{value: 0x01c7, lo: 0x9c, hi: 0x9c},
+	{value: 0x01d0, lo: 0x9d, hi: 0x9d},
+	{value: 0x01d6, lo: 0x9e, hi: 0x9e},
+	{value: 0x01fa, lo: 0x9f, hi: 0x9f},
+	{value: 0x01eb, lo: 0xa0, hi: 0xa0},
+	{value: 0x01e8, lo: 0xa1, hi: 0xa1},
+	{value: 0x0173, lo: 0xa2, hi: 0xb2},
+	{value: 0x0188, lo: 0xb3, hi: 0xb3},
+	{value: 0x01a6, lo: 0xb4, hi: 0xba},
+	{value: 0x045f, lo: 0xbb, hi: 0xbb},
+	{value: 0x01bb, lo: 0xbc, hi: 0xbf},
+	// Block 0x99, offset 0x31c
+	{value: 0x0003, lo: 0x0d},
+	{value: 0x01c7, lo: 0x80, hi: 0x94},
+	{value: 0x045b, lo: 0x95, hi: 0x95},
+	{value: 0x01c7, lo: 0x96, hi: 0x96},
+	{value: 0x01d0, lo: 0x97, hi: 0x97},
+	{value: 0x01d6, lo: 0x98, hi: 0x98},
+	{value: 0x01fa, lo: 0x99, hi: 0x99},
+	{value: 0x01eb, lo: 0x9a, hi: 0x9a},
+	{value: 0x01e8, lo: 0x9b, hi: 0x9b},
+	{value: 0x0173, lo: 0x9c, hi: 0xac},
+	{value: 0x0188, lo: 0xad, hi: 0xad},
+	{value: 0x01a6, lo: 0xae, hi: 0xb4},
+	{value: 0x045f, lo: 0xb5, hi: 0xb5},
+	{value: 0x01bb, lo: 0xb6, hi: 0xbf},
+	// Block 0x9a, offset 0x32a
+	{value: 0x0003, lo: 0x0d},
+	{value: 0x01d9, lo: 0x80, hi: 0x8e},
+	{value: 0x045b, lo: 0x8f, hi: 0x8f},
+	{value: 0x01c7, lo: 0x90, hi: 0x90},
+	{value: 0x01d0, lo: 0x91, hi: 0x91},
+	{value: 0x01d6, lo: 0x92, hi: 0x92},
+	{value: 0x01fa, lo: 0x93, hi: 0x93},
+	{value: 0x01eb, lo: 0x94, hi: 0x94},
+	{value: 0x01e8, lo: 0x95, hi: 0x95},
+	{value: 0x0173, lo: 0x96, hi: 0xa6},
+	{value: 0x0188, lo: 0xa7, hi: 0xa7},
+	{value: 0x01a6, lo: 0xa8, hi: 0xae},
+	{value: 0x045f, lo: 0xaf, hi: 0xaf},
+	{value: 0x01bb, lo: 0xb0, hi: 0xbf},
+	// Block 0x9b, offset 0x338
+	{value: 0x0003, lo: 0x0d},
+	{value: 0x01eb, lo: 0x80, hi: 0x88},
+	{value: 0x045b, lo: 0x89, hi: 0x89},
+	{value: 0x01c7, lo: 0x8a, hi: 0x8a},
+	{value: 0x01d0, lo: 0x8b, hi: 0x8b},
+	{value: 0x01d6, lo: 0x8c, hi: 0x8c},
+	{value: 0x01fa, lo: 0x8d, hi: 0x8d},
+	{value: 0x01eb, lo: 0x8e, hi: 0x8e},
+	{value: 0x01e8, lo: 0x8f, hi: 0x8f},
+	{value: 0x0173, lo: 0x90, hi: 0xa0},
+	{value: 0x0188, lo: 0xa1, hi: 0xa1},
+	{value: 0x01a6, lo: 0xa2, hi: 0xa8},
+	{value: 0x045f, lo: 0xa9, hi: 0xa9},
+	{value: 0x01bb, lo: 0xaa, hi: 0xbf},
+	// Block 0x9c, offset 0x346
+	{value: 0x0000, lo: 0x05},
+	{value: 0x8132, lo: 0x80, hi: 0x86},
+	{value: 0x8132, lo: 0x88, hi: 0x98},
+	{value: 0x8132, lo: 0x9b, hi: 0xa1},
+	{value: 0x8132, lo: 0xa3, hi: 0xa4},
+	{value: 0x8132, lo: 0xa6, hi: 0xaa},
+	// Block 0x9d, offset 0x34c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x90, hi: 0x96},
+	// Block 0x9e, offset 0x34e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x84, hi: 0x89},
+	{value: 0x8102, lo: 0x8a, hi: 0x8a},
+	// Block 0x9f, offset 0x351
+	{value: 0x0002, lo: 0x09},
+	{value: 0x0063, lo: 0x80, hi: 0x89},
+	{value: 0x1951, lo: 0x8a, hi: 0x8a},
+	{value: 0x1981, lo: 0x8b, hi: 0x8b},
+	{value: 0x199c, lo: 0x8c, hi: 0x8c},
+	{value: 0x19a2, lo: 0x8d, hi: 0x8d},
+	{value: 0x1bc0, lo: 0x8e, hi: 0x8e},
+	{value: 0x19ae, lo: 0x8f, hi: 0x8f},
+	{value: 0x197b, lo: 0xaa, hi: 0xaa},
+	{value: 0x197e, lo: 0xab, hi: 0xab},
+	// Block 0xa0, offset 0x35b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x193f, lo: 0x90, hi: 0x90},
+	// Block 0xa1, offset 0x35d
+	{value: 0x0028, lo: 0x09},
+	{value: 0x2862, lo: 0x80, hi: 0x80},
+	{value: 0x2826, lo: 0x81, hi: 0x81},
+	{value: 0x2830, lo: 0x82, hi: 0x82},
+	{value: 0x2844, lo: 0x83, hi: 0x84},
+	{value: 0x284e, lo: 0x85, hi: 0x86},
+	{value: 0x283a, lo: 0x87, hi: 0x87},
+	{value: 0x2858, lo: 0x88, hi: 0x88},
+	{value: 0x0b6f, lo: 0x90, hi: 0x90},
+	{value: 0x08e7, lo: 0x91, hi: 0x91},
+}
+
+// recompMap: 7520 bytes (entries only)
+var recompMap map[uint32]rune
+var recompMapOnce sync.Once
+
+const recompMapPacked = "" +
+	"\x00A\x03\x00\x00\x00\x00\xc0" + // 0x00410300: 0x000000C0
+	"\x00A\x03\x01\x00\x00\x00\xc1" + // 0x00410301: 0x000000C1
+	"\x00A\x03\x02\x00\x00\x00\xc2" + // 0x00410302: 0x000000C2
+	"\x00A\x03\x03\x00\x00\x00\xc3" + // 0x00410303: 0x000000C3
+	"\x00A\x03\b\x00\x00\x00\xc4" + // 0x00410308: 0x000000C4
+	"\x00A\x03\n\x00\x00\x00\xc5" + // 0x0041030A: 0x000000C5
+	"\x00C\x03'\x00\x00\x00\xc7" + // 0x00430327: 0x000000C7
+	"\x00E\x03\x00\x00\x00\x00\xc8" + // 0x00450300: 0x000000C8
+	"\x00E\x03\x01\x00\x00\x00\xc9" + // 0x00450301: 0x000000C9
+	"\x00E\x03\x02\x00\x00\x00\xca" + // 0x00450302: 0x000000CA
+	"\x00E\x03\b\x00\x00\x00\xcb" + // 0x00450308: 0x000000CB
+	"\x00I\x03\x00\x00\x00\x00\xcc" + // 0x00490300: 0x000000CC
+	"\x00I\x03\x01\x00\x00\x00\xcd" + // 0x00490301: 0x000000CD
+	"\x00I\x03\x02\x00\x00\x00\xce" + // 0x00490302: 0x000000CE
+	"\x00I\x03\b\x00\x00\x00\xcf" + // 0x00490308: 0x000000CF
+	"\x00N\x03\x03\x00\x00\x00\xd1" + // 0x004E0303: 0x000000D1
+	"\x00O\x03\x00\x00\x00\x00\xd2" + // 0x004F0300: 0x000000D2
+	"\x00O\x03\x01\x00\x00\x00\xd3" + // 0x004F0301: 0x000000D3
+	"\x00O\x03\x02\x00\x00\x00\xd4" + // 0x004F0302: 0x000000D4
+	"\x00O\x03\x03\x00\x00\x00\xd5" + // 0x004F0303: 0x000000D5
+	"\x00O\x03\b\x00\x00\x00\xd6" + // 0x004F0308: 0x000000D6
+	"\x00U\x03\x00\x00\x00\x00\xd9" + // 0x00550300: 0x000000D9
+	"\x00U\x03\x01\x00\x00\x00\xda" + // 0x00550301: 0x000000DA
+	"\x00U\x03\x02\x00\x00\x00\xdb" + // 0x00550302: 0x000000DB
+	"\x00U\x03\b\x00\x00\x00\xdc" + // 0x00550308: 0x000000DC
+	"\x00Y\x03\x01\x00\x00\x00\xdd" + // 0x00590301: 0x000000DD
+	"\x00a\x03\x00\x00\x00\x00\xe0" + // 0x00610300: 0x000000E0
+	"\x00a\x03\x01\x00\x00\x00\xe1" + // 0x00610301: 0x000000E1
+	"\x00a\x03\x02\x00\x00\x00\xe2" + // 0x00610302: 0x000000E2
+	"\x00a\x03\x03\x00\x00\x00\xe3" + // 0x00610303: 0x000000E3
+	"\x00a\x03\b\x00\x00\x00\xe4" + // 0x00610308: 0x000000E4
+	"\x00a\x03\n\x00\x00\x00\xe5" + // 0x0061030A: 0x000000E5
+	"\x00c\x03'\x00\x00\x00\xe7" + // 0x00630327: 0x000000E7
+	"\x00e\x03\x00\x00\x00\x00\xe8" + // 0x00650300: 0x000000E8
+	"\x00e\x03\x01\x00\x00\x00\xe9" + // 0x00650301: 0x000000E9
+	"\x00e\x03\x02\x00\x00\x00\xea" + // 0x00650302: 0x000000EA
+	"\x00e\x03\b\x00\x00\x00\xeb" + // 0x00650308: 0x000000EB
+	"\x00i\x03\x00\x00\x00\x00\xec" + // 0x00690300: 0x000000EC
+	"\x00i\x03\x01\x00\x00\x00\xed" + // 0x00690301: 0x000000ED
+	"\x00i\x03\x02\x00\x00\x00\xee" + // 0x00690302: 0x000000EE
+	"\x00i\x03\b\x00\x00\x00\xef" + // 0x00690308: 0x000000EF
+	"\x00n\x03\x03\x00\x00\x00\xf1" + // 0x006E0303: 0x000000F1
+	"\x00o\x03\x00\x00\x00\x00\xf2" + // 0x006F0300: 0x000000F2
+	"\x00o\x03\x01\x00\x00\x00\xf3" + // 0x006F0301: 0x000000F3
+	"\x00o\x03\x02\x00\x00\x00\xf4" + // 0x006F0302: 0x000000F4
+	"\x00o\x03\x03\x00\x00\x00\xf5" + // 0x006F0303: 0x000000F5
+	"\x00o\x03\b\x00\x00\x00\xf6" + // 0x006F0308: 0x000000F6
+	"\x00u\x03\x00\x00\x00\x00\xf9" + // 0x00750300: 0x000000F9
+	"\x00u\x03\x01\x00\x00\x00\xfa" + // 0x00750301: 0x000000FA
+	"\x00u\x03\x02\x00\x00\x00\xfb" + // 0x00750302: 0x000000FB
+	"\x00u\x03\b\x00\x00\x00\xfc" + // 0x00750308: 0x000000FC
+	"\x00y\x03\x01\x00\x00\x00\xfd" + // 0x00790301: 0x000000FD
+	"\x00y\x03\b\x00\x00\x00\xff" + // 0x00790308: 0x000000FF
+	"\x00A\x03\x04\x00\x00\x01\x00" + // 0x00410304: 0x00000100
+	"\x00a\x03\x04\x00\x00\x01\x01" + // 0x00610304: 0x00000101
+	"\x00A\x03\x06\x00\x00\x01\x02" + // 0x00410306: 0x00000102
+	"\x00a\x03\x06\x00\x00\x01\x03" + // 0x00610306: 0x00000103
+	"\x00A\x03(\x00\x00\x01\x04" + // 0x00410328: 0x00000104
+	"\x00a\x03(\x00\x00\x01\x05" + // 0x00610328: 0x00000105
+	"\x00C\x03\x01\x00\x00\x01\x06" + // 0x00430301: 0x00000106
+	"\x00c\x03\x01\x00\x00\x01\a" + // 0x00630301: 0x00000107
+	"\x00C\x03\x02\x00\x00\x01\b" + // 0x00430302: 0x00000108
+	"\x00c\x03\x02\x00\x00\x01\t" + // 0x00630302: 0x00000109
+	"\x00C\x03\a\x00\x00\x01\n" + // 0x00430307: 0x0000010A
+	"\x00c\x03\a\x00\x00\x01\v" + // 0x00630307: 0x0000010B
+	"\x00C\x03\f\x00\x00\x01\f" + // 0x0043030C: 0x0000010C
+	"\x00c\x03\f\x00\x00\x01\r" + // 0x0063030C: 0x0000010D
+	"\x00D\x03\f\x00\x00\x01\x0e" + // 0x0044030C: 0x0000010E
+	"\x00d\x03\f\x00\x00\x01\x0f" + // 0x0064030C: 0x0000010F
+	"\x00E\x03\x04\x00\x00\x01\x12" + // 0x00450304: 0x00000112
+	"\x00e\x03\x04\x00\x00\x01\x13" + // 0x00650304: 0x00000113
+	"\x00E\x03\x06\x00\x00\x01\x14" + // 0x00450306: 0x00000114
+	"\x00e\x03\x06\x00\x00\x01\x15" + // 0x00650306: 0x00000115
+	"\x00E\x03\a\x00\x00\x01\x16" + // 0x00450307: 0x00000116
+	"\x00e\x03\a\x00\x00\x01\x17" + // 0x00650307: 0x00000117
+	"\x00E\x03(\x00\x00\x01\x18" + // 0x00450328: 0x00000118
+	"\x00e\x03(\x00\x00\x01\x19" + // 0x00650328: 0x00000119
+	"\x00E\x03\f\x00\x00\x01\x1a" + // 0x0045030C: 0x0000011A
+	"\x00e\x03\f\x00\x00\x01\x1b" + // 0x0065030C: 0x0000011B
+	"\x00G\x03\x02\x00\x00\x01\x1c" + // 0x00470302: 0x0000011C
+	"\x00g\x03\x02\x00\x00\x01\x1d" + // 0x00670302: 0x0000011D
+	"\x00G\x03\x06\x00\x00\x01\x1e" + // 0x00470306: 0x0000011E
+	"\x00g\x03\x06\x00\x00\x01\x1f" + // 0x00670306: 0x0000011F
+	"\x00G\x03\a\x00\x00\x01 " + // 0x00470307: 0x00000120
+	"\x00g\x03\a\x00\x00\x01!" + // 0x00670307: 0x00000121
+	"\x00G\x03'\x00\x00\x01\"" + // 0x00470327: 0x00000122
+	"\x00g\x03'\x00\x00\x01#" + // 0x00670327: 0x00000123
+	"\x00H\x03\x02\x00\x00\x01$" + // 0x00480302: 0x00000124
+	"\x00h\x03\x02\x00\x00\x01%" + // 0x00680302: 0x00000125
+	"\x00I\x03\x03\x00\x00\x01(" + // 0x00490303: 0x00000128
+	"\x00i\x03\x03\x00\x00\x01)" + // 0x00690303: 0x00000129
+	"\x00I\x03\x04\x00\x00\x01*" + // 0x00490304: 0x0000012A
+	"\x00i\x03\x04\x00\x00\x01+" + // 0x00690304: 0x0000012B
+	"\x00I\x03\x06\x00\x00\x01," + // 0x00490306: 0x0000012C
+	"\x00i\x03\x06\x00\x00\x01-" + // 0x00690306: 0x0000012D
+	"\x00I\x03(\x00\x00\x01." + // 0x00490328: 0x0000012E
+	"\x00i\x03(\x00\x00\x01/" + // 0x00690328: 0x0000012F
+	"\x00I\x03\a\x00\x00\x010" + // 0x00490307: 0x00000130
+	"\x00J\x03\x02\x00\x00\x014" + // 0x004A0302: 0x00000134
+	"\x00j\x03\x02\x00\x00\x015" + // 0x006A0302: 0x00000135
+	"\x00K\x03'\x00\x00\x016" + // 0x004B0327: 0x00000136
+	"\x00k\x03'\x00\x00\x017" + // 0x006B0327: 0x00000137
+	"\x00L\x03\x01\x00\x00\x019" + // 0x004C0301: 0x00000139
+	"\x00l\x03\x01\x00\x00\x01:" + // 0x006C0301: 0x0000013A
+	"\x00L\x03'\x00\x00\x01;" + // 0x004C0327: 0x0000013B
+	"\x00l\x03'\x00\x00\x01<" + // 0x006C0327: 0x0000013C
+	"\x00L\x03\f\x00\x00\x01=" + // 0x004C030C: 0x0000013D
+	"\x00l\x03\f\x00\x00\x01>" + // 0x006C030C: 0x0000013E
+	"\x00N\x03\x01\x00\x00\x01C" + // 0x004E0301: 0x00000143
+	"\x00n\x03\x01\x00\x00\x01D" + // 0x006E0301: 0x00000144
+	"\x00N\x03'\x00\x00\x01E" + // 0x004E0327: 0x00000145
+	"\x00n\x03'\x00\x00\x01F" + // 0x006E0327: 0x00000146
+	"\x00N\x03\f\x00\x00\x01G" + // 0x004E030C: 0x00000147
+	"\x00n\x03\f\x00\x00\x01H" + // 0x006E030C: 0x00000148
+	"\x00O\x03\x04\x00\x00\x01L" + // 0x004F0304: 0x0000014C
+	"\x00o\x03\x04\x00\x00\x01M" + // 0x006F0304: 0x0000014D
+	"\x00O\x03\x06\x00\x00\x01N" + // 0x004F0306: 0x0000014E
+	"\x00o\x03\x06\x00\x00\x01O" + // 0x006F0306: 0x0000014F
+	"\x00O\x03\v\x00\x00\x01P" + // 0x004F030B: 0x00000150
+	"\x00o\x03\v\x00\x00\x01Q" + // 0x006F030B: 0x00000151
+	"\x00R\x03\x01\x00\x00\x01T" + // 0x00520301: 0x00000154
+	"\x00r\x03\x01\x00\x00\x01U" + // 0x00720301: 0x00000155
+	"\x00R\x03'\x00\x00\x01V" + // 0x00520327: 0x00000156
+	"\x00r\x03'\x00\x00\x01W" + // 0x00720327: 0x00000157
+	"\x00R\x03\f\x00\x00\x01X" + // 0x0052030C: 0x00000158
+	"\x00r\x03\f\x00\x00\x01Y" + // 0x0072030C: 0x00000159
+	"\x00S\x03\x01\x00\x00\x01Z" + // 0x00530301: 0x0000015A
+	"\x00s\x03\x01\x00\x00\x01[" + // 0x00730301: 0x0000015B
+	"\x00S\x03\x02\x00\x00\x01\\" + // 0x00530302: 0x0000015C
+	"\x00s\x03\x02\x00\x00\x01]" + // 0x00730302: 0x0000015D
+	"\x00S\x03'\x00\x00\x01^" + // 0x00530327: 0x0000015E
+	"\x00s\x03'\x00\x00\x01_" + // 0x00730327: 0x0000015F
+	"\x00S\x03\f\x00\x00\x01`" + // 0x0053030C: 0x00000160
+	"\x00s\x03\f\x00\x00\x01a" + // 0x0073030C: 0x00000161
+	"\x00T\x03'\x00\x00\x01b" + // 0x00540327: 0x00000162
+	"\x00t\x03'\x00\x00\x01c" + // 0x00740327: 0x00000163
+	"\x00T\x03\f\x00\x00\x01d" + // 0x0054030C: 0x00000164
+	"\x00t\x03\f\x00\x00\x01e" + // 0x0074030C: 0x00000165
+	"\x00U\x03\x03\x00\x00\x01h" + // 0x00550303: 0x00000168
+	"\x00u\x03\x03\x00\x00\x01i" + // 0x00750303: 0x00000169
+	"\x00U\x03\x04\x00\x00\x01j" + // 0x00550304: 0x0000016A
+	"\x00u\x03\x04\x00\x00\x01k" + // 0x00750304: 0x0000016B
+	"\x00U\x03\x06\x00\x00\x01l" + // 0x00550306: 0x0000016C
+	"\x00u\x03\x06\x00\x00\x01m" + // 0x00750306: 0x0000016D
+	"\x00U\x03\n\x00\x00\x01n" + // 0x0055030A: 0x0000016E
+	"\x00u\x03\n\x00\x00\x01o" + // 0x0075030A: 0x0000016F
+	"\x00U\x03\v\x00\x00\x01p" + // 0x0055030B: 0x00000170
+	"\x00u\x03\v\x00\x00\x01q" + // 0x0075030B: 0x00000171
+	"\x00U\x03(\x00\x00\x01r" + // 0x00550328: 0x00000172
+	"\x00u\x03(\x00\x00\x01s" + // 0x00750328: 0x00000173
+	"\x00W\x03\x02\x00\x00\x01t" + // 0x00570302: 0x00000174
+	"\x00w\x03\x02\x00\x00\x01u" + // 0x00770302: 0x00000175
+	"\x00Y\x03\x02\x00\x00\x01v" + // 0x00590302: 0x00000176
+	"\x00y\x03\x02\x00\x00\x01w" + // 0x00790302: 0x00000177
+	"\x00Y\x03\b\x00\x00\x01x" + // 0x00590308: 0x00000178
+	"\x00Z\x03\x01\x00\x00\x01y" + // 0x005A0301: 0x00000179
+	"\x00z\x03\x01\x00\x00\x01z" + // 0x007A0301: 0x0000017A
+	"\x00Z\x03\a\x00\x00\x01{" + // 0x005A0307: 0x0000017B
+	"\x00z\x03\a\x00\x00\x01|" + // 0x007A0307: 0x0000017C
+	"\x00Z\x03\f\x00\x00\x01}" + // 0x005A030C: 0x0000017D
+	"\x00z\x03\f\x00\x00\x01~" + // 0x007A030C: 0x0000017E
+	"\x00O\x03\x1b\x00\x00\x01\xa0" + // 0x004F031B: 0x000001A0
+	"\x00o\x03\x1b\x00\x00\x01\xa1" + // 0x006F031B: 0x000001A1
+	"\x00U\x03\x1b\x00\x00\x01\xaf" + // 0x0055031B: 0x000001AF
+	"\x00u\x03\x1b\x00\x00\x01\xb0" + // 0x0075031B: 0x000001B0
+	"\x00A\x03\f\x00\x00\x01\xcd" + // 0x0041030C: 0x000001CD
+	"\x00a\x03\f\x00\x00\x01\xce" + // 0x0061030C: 0x000001CE
+	"\x00I\x03\f\x00\x00\x01\xcf" + // 0x0049030C: 0x000001CF
+	"\x00i\x03\f\x00\x00\x01\xd0" + // 0x0069030C: 0x000001D0
+	"\x00O\x03\f\x00\x00\x01\xd1" + // 0x004F030C: 0x000001D1
+	"\x00o\x03\f\x00\x00\x01\xd2" + // 0x006F030C: 0x000001D2
+	"\x00U\x03\f\x00\x00\x01\xd3" + // 0x0055030C: 0x000001D3
+	"\x00u\x03\f\x00\x00\x01\xd4" + // 0x0075030C: 0x000001D4
+	"\x00\xdc\x03\x04\x00\x00\x01\xd5" + // 0x00DC0304: 0x000001D5
+	"\x00\xfc\x03\x04\x00\x00\x01\xd6" + // 0x00FC0304: 0x000001D6
+	"\x00\xdc\x03\x01\x00\x00\x01\xd7" + // 0x00DC0301: 0x000001D7
+	"\x00\xfc\x03\x01\x00\x00\x01\xd8" + // 0x00FC0301: 0x000001D8
+	"\x00\xdc\x03\f\x00\x00\x01\xd9" + // 0x00DC030C: 0x000001D9
+	"\x00\xfc\x03\f\x00\x00\x01\xda" + // 0x00FC030C: 0x000001DA
+	"\x00\xdc\x03\x00\x00\x00\x01\xdb" + // 0x00DC0300: 0x000001DB
+	"\x00\xfc\x03\x00\x00\x00\x01\xdc" + // 0x00FC0300: 0x000001DC
+	"\x00\xc4\x03\x04\x00\x00\x01\xde" + // 0x00C40304: 0x000001DE
+	"\x00\xe4\x03\x04\x00\x00\x01\xdf" + // 0x00E40304: 0x000001DF
+	"\x02&\x03\x04\x00\x00\x01\xe0" + // 0x02260304: 0x000001E0
+	"\x02'\x03\x04\x00\x00\x01\xe1" + // 0x02270304: 0x000001E1
+	"\x00\xc6\x03\x04\x00\x00\x01\xe2" + // 0x00C60304: 0x000001E2
+	"\x00\xe6\x03\x04\x00\x00\x01\xe3" + // 0x00E60304: 0x000001E3
+	"\x00G\x03\f\x00\x00\x01\xe6" + // 0x0047030C: 0x000001E6
+	"\x00g\x03\f\x00\x00\x01\xe7" + // 0x0067030C: 0x000001E7
+	"\x00K\x03\f\x00\x00\x01\xe8" + // 0x004B030C: 0x000001E8
+	"\x00k\x03\f\x00\x00\x01\xe9" + // 0x006B030C: 0x000001E9
+	"\x00O\x03(\x00\x00\x01\xea" + // 0x004F0328: 0x000001EA
+	"\x00o\x03(\x00\x00\x01\xeb" + // 0x006F0328: 0x000001EB
+	"\x01\xea\x03\x04\x00\x00\x01\xec" + // 0x01EA0304: 0x000001EC
+	"\x01\xeb\x03\x04\x00\x00\x01\xed" + // 0x01EB0304: 0x000001ED
+	"\x01\xb7\x03\f\x00\x00\x01\xee" + // 0x01B7030C: 0x000001EE
+	"\x02\x92\x03\f\x00\x00\x01\xef" + // 0x0292030C: 0x000001EF
+	"\x00j\x03\f\x00\x00\x01\xf0" + // 0x006A030C: 0x000001F0
+	"\x00G\x03\x01\x00\x00\x01\xf4" + // 0x00470301: 0x000001F4
+	"\x00g\x03\x01\x00\x00\x01\xf5" + // 0x00670301: 0x000001F5
+	"\x00N\x03\x00\x00\x00\x01\xf8" + // 0x004E0300: 0x000001F8
+	"\x00n\x03\x00\x00\x00\x01\xf9" + // 0x006E0300: 0x000001F9
+	"\x00\xc5\x03\x01\x00\x00\x01\xfa" + // 0x00C50301: 0x000001FA
+	"\x00\xe5\x03\x01\x00\x00\x01\xfb" + // 0x00E50301: 0x000001FB
+	"\x00\xc6\x03\x01\x00\x00\x01\xfc" + // 0x00C60301: 0x000001FC
+	"\x00\xe6\x03\x01\x00\x00\x01\xfd" + // 0x00E60301: 0x000001FD
+	"\x00\xd8\x03\x01\x00\x00\x01\xfe" + // 0x00D80301: 0x000001FE
+	"\x00\xf8\x03\x01\x00\x00\x01\xff" + // 0x00F80301: 0x000001FF
+	"\x00A\x03\x0f\x00\x00\x02\x00" + // 0x0041030F: 0x00000200
+	"\x00a\x03\x0f\x00\x00\x02\x01" + // 0x0061030F: 0x00000201
+	"\x00A\x03\x11\x00\x00\x02\x02" + // 0x00410311: 0x00000202
+	"\x00a\x03\x11\x00\x00\x02\x03" + // 0x00610311: 0x00000203
+	"\x00E\x03\x0f\x00\x00\x02\x04" + // 0x0045030F: 0x00000204
+	"\x00e\x03\x0f\x00\x00\x02\x05" + // 0x0065030F: 0x00000205
+	"\x00E\x03\x11\x00\x00\x02\x06" + // 0x00450311: 0x00000206
+	"\x00e\x03\x11\x00\x00\x02\a" + // 0x00650311: 0x00000207
+	"\x00I\x03\x0f\x00\x00\x02\b" + // 0x0049030F: 0x00000208
+	"\x00i\x03\x0f\x00\x00\x02\t" + // 0x0069030F: 0x00000209
+	"\x00I\x03\x11\x00\x00\x02\n" + // 0x00490311: 0x0000020A
+	"\x00i\x03\x11\x00\x00\x02\v" + // 0x00690311: 0x0000020B
+	"\x00O\x03\x0f\x00\x00\x02\f" + // 0x004F030F: 0x0000020C
+	"\x00o\x03\x0f\x00\x00\x02\r" + // 0x006F030F: 0x0000020D
+	"\x00O\x03\x11\x00\x00\x02\x0e" + // 0x004F0311: 0x0000020E
+	"\x00o\x03\x11\x00\x00\x02\x0f" + // 0x006F0311: 0x0000020F
+	"\x00R\x03\x0f\x00\x00\x02\x10" + // 0x0052030F: 0x00000210
+	"\x00r\x03\x0f\x00\x00\x02\x11" + // 0x0072030F: 0x00000211
+	"\x00R\x03\x11\x00\x00\x02\x12" + // 0x00520311: 0x00000212
+	"\x00r\x03\x11\x00\x00\x02\x13" + // 0x00720311: 0x00000213
+	"\x00U\x03\x0f\x00\x00\x02\x14" + // 0x0055030F: 0x00000214
+	"\x00u\x03\x0f\x00\x00\x02\x15" + // 0x0075030F: 0x00000215
+	"\x00U\x03\x11\x00\x00\x02\x16" + // 0x00550311: 0x00000216
+	"\x00u\x03\x11\x00\x00\x02\x17" + // 0x00750311: 0x00000217
+	"\x00S\x03&\x00\x00\x02\x18" + // 0x00530326: 0x00000218
+	"\x00s\x03&\x00\x00\x02\x19" + // 0x00730326: 0x00000219
+	"\x00T\x03&\x00\x00\x02\x1a" + // 0x00540326: 0x0000021A
+	"\x00t\x03&\x00\x00\x02\x1b" + // 0x00740326: 0x0000021B
+	"\x00H\x03\f\x00\x00\x02\x1e" + // 0x0048030C: 0x0000021E
+	"\x00h\x03\f\x00\x00\x02\x1f" + // 0x0068030C: 0x0000021F
+	"\x00A\x03\a\x00\x00\x02&" + // 0x00410307: 0x00000226
+	"\x00a\x03\a\x00\x00\x02'" + // 0x00610307: 0x00000227
+	"\x00E\x03'\x00\x00\x02(" + // 0x00450327: 0x00000228
+	"\x00e\x03'\x00\x00\x02)" + // 0x00650327: 0x00000229
+	"\x00\xd6\x03\x04\x00\x00\x02*" + // 0x00D60304: 0x0000022A
+	"\x00\xf6\x03\x04\x00\x00\x02+" + // 0x00F60304: 0x0000022B
+	"\x00\xd5\x03\x04\x00\x00\x02," + // 0x00D50304: 0x0000022C
+	"\x00\xf5\x03\x04\x00\x00\x02-" + // 0x00F50304: 0x0000022D
+	"\x00O\x03\a\x00\x00\x02." + // 0x004F0307: 0x0000022E
+	"\x00o\x03\a\x00\x00\x02/" + // 0x006F0307: 0x0000022F
+	"\x02.\x03\x04\x00\x00\x020" + // 0x022E0304: 0x00000230
+	"\x02/\x03\x04\x00\x00\x021" + // 0x022F0304: 0x00000231
+	"\x00Y\x03\x04\x00\x00\x022" + // 0x00590304: 0x00000232
+	"\x00y\x03\x04\x00\x00\x023" + // 0x00790304: 0x00000233
+	"\x00\xa8\x03\x01\x00\x00\x03\x85" + // 0x00A80301: 0x00000385
+	"\x03\x91\x03\x01\x00\x00\x03\x86" + // 0x03910301: 0x00000386
+	"\x03\x95\x03\x01\x00\x00\x03\x88" + // 0x03950301: 0x00000388
+	"\x03\x97\x03\x01\x00\x00\x03\x89" + // 0x03970301: 0x00000389
+	"\x03\x99\x03\x01\x00\x00\x03\x8a" + // 0x03990301: 0x0000038A
+	"\x03\x9f\x03\x01\x00\x00\x03\x8c" + // 0x039F0301: 0x0000038C
+	"\x03\xa5\x03\x01\x00\x00\x03\x8e" + // 0x03A50301: 0x0000038E
+	"\x03\xa9\x03\x01\x00\x00\x03\x8f" + // 0x03A90301: 0x0000038F
+	"\x03\xca\x03\x01\x00\x00\x03\x90" + // 0x03CA0301: 0x00000390
+	"\x03\x99\x03\b\x00\x00\x03\xaa" + // 0x03990308: 0x000003AA
+	"\x03\xa5\x03\b\x00\x00\x03\xab" + // 0x03A50308: 0x000003AB
+	"\x03\xb1\x03\x01\x00\x00\x03\xac" + // 0x03B10301: 0x000003AC
+	"\x03\xb5\x03\x01\x00\x00\x03\xad" + // 0x03B50301: 0x000003AD
+	"\x03\xb7\x03\x01\x00\x00\x03\xae" + // 0x03B70301: 0x000003AE
+	"\x03\xb9\x03\x01\x00\x00\x03\xaf" + // 0x03B90301: 0x000003AF
+	"\x03\xcb\x03\x01\x00\x00\x03\xb0" + // 0x03CB0301: 0x000003B0
+	"\x03\xb9\x03\b\x00\x00\x03\xca" + // 0x03B90308: 0x000003CA
+	"\x03\xc5\x03\b\x00\x00\x03\xcb" + // 0x03C50308: 0x000003CB
+	"\x03\xbf\x03\x01\x00\x00\x03\xcc" + // 0x03BF0301: 0x000003CC
+	"\x03\xc5\x03\x01\x00\x00\x03\xcd" + // 0x03C50301: 0x000003CD
+	"\x03\xc9\x03\x01\x00\x00\x03\xce" + // 0x03C90301: 0x000003CE
+	"\x03\xd2\x03\x01\x00\x00\x03\xd3" + // 0x03D20301: 0x000003D3
+	"\x03\xd2\x03\b\x00\x00\x03\xd4" + // 0x03D20308: 0x000003D4
+	"\x04\x15\x03\x00\x00\x00\x04\x00" + // 0x04150300: 0x00000400
+	"\x04\x15\x03\b\x00\x00\x04\x01" + // 0x04150308: 0x00000401
+	"\x04\x13\x03\x01\x00\x00\x04\x03" + // 0x04130301: 0x00000403
+	"\x04\x06\x03\b\x00\x00\x04\a" + // 0x04060308: 0x00000407
+	"\x04\x1a\x03\x01\x00\x00\x04\f" + // 0x041A0301: 0x0000040C
+	"\x04\x18\x03\x00\x00\x00\x04\r" + // 0x04180300: 0x0000040D
+	"\x04#\x03\x06\x00\x00\x04\x0e" + // 0x04230306: 0x0000040E
+	"\x04\x18\x03\x06\x00\x00\x04\x19" + // 0x04180306: 0x00000419
+	"\x048\x03\x06\x00\x00\x049" + // 0x04380306: 0x00000439
+	"\x045\x03\x00\x00\x00\x04P" + // 0x04350300: 0x00000450
+	"\x045\x03\b\x00\x00\x04Q" + // 0x04350308: 0x00000451
+	"\x043\x03\x01\x00\x00\x04S" + // 0x04330301: 0x00000453
+	"\x04V\x03\b\x00\x00\x04W" + // 0x04560308: 0x00000457
+	"\x04:\x03\x01\x00\x00\x04\\" + // 0x043A0301: 0x0000045C
+	"\x048\x03\x00\x00\x00\x04]" + // 0x04380300: 0x0000045D
+	"\x04C\x03\x06\x00\x00\x04^" + // 0x04430306: 0x0000045E
+	"\x04t\x03\x0f\x00\x00\x04v" + // 0x0474030F: 0x00000476
+	"\x04u\x03\x0f\x00\x00\x04w" + // 0x0475030F: 0x00000477
+	"\x04\x16\x03\x06\x00\x00\x04\xc1" + // 0x04160306: 0x000004C1
+	"\x046\x03\x06\x00\x00\x04\xc2" + // 0x04360306: 0x000004C2
+	"\x04\x10\x03\x06\x00\x00\x04\xd0" + // 0x04100306: 0x000004D0
+	"\x040\x03\x06\x00\x00\x04\xd1" + // 0x04300306: 0x000004D1
+	"\x04\x10\x03\b\x00\x00\x04\xd2" + // 0x04100308: 0x000004D2
+	"\x040\x03\b\x00\x00\x04\xd3" + // 0x04300308: 0x000004D3
+	"\x04\x15\x03\x06\x00\x00\x04\xd6" + // 0x04150306: 0x000004D6
+	"\x045\x03\x06\x00\x00\x04\xd7" + // 0x04350306: 0x000004D7
+	"\x04\xd8\x03\b\x00\x00\x04\xda" + // 0x04D80308: 0x000004DA
+	"\x04\xd9\x03\b\x00\x00\x04\xdb" + // 0x04D90308: 0x000004DB
+	"\x04\x16\x03\b\x00\x00\x04\xdc" + // 0x04160308: 0x000004DC
+	"\x046\x03\b\x00\x00\x04\xdd" + // 0x04360308: 0x000004DD
+	"\x04\x17\x03\b\x00\x00\x04\xde" + // 0x04170308: 0x000004DE
+	"\x047\x03\b\x00\x00\x04\xdf" + // 0x04370308: 0x000004DF
+	"\x04\x18\x03\x04\x00\x00\x04\xe2" + // 0x04180304: 0x000004E2
+	"\x048\x03\x04\x00\x00\x04\xe3" + // 0x04380304: 0x000004E3
+	"\x04\x18\x03\b\x00\x00\x04\xe4" + // 0x04180308: 0x000004E4
+	"\x048\x03\b\x00\x00\x04\xe5" + // 0x04380308: 0x000004E5
+	"\x04\x1e\x03\b\x00\x00\x04\xe6" + // 0x041E0308: 0x000004E6
+	"\x04>\x03\b\x00\x00\x04\xe7" + // 0x043E0308: 0x000004E7
+	"\x04\xe8\x03\b\x00\x00\x04\xea" + // 0x04E80308: 0x000004EA
+	"\x04\xe9\x03\b\x00\x00\x04\xeb" + // 0x04E90308: 0x000004EB
+	"\x04-\x03\b\x00\x00\x04\xec" + // 0x042D0308: 0x000004EC
+	"\x04M\x03\b\x00\x00\x04\xed" + // 0x044D0308: 0x000004ED
+	"\x04#\x03\x04\x00\x00\x04\xee" + // 0x04230304: 0x000004EE
+	"\x04C\x03\x04\x00\x00\x04\xef" + // 0x04430304: 0x000004EF
+	"\x04#\x03\b\x00\x00\x04\xf0" + // 0x04230308: 0x000004F0
+	"\x04C\x03\b\x00\x00\x04\xf1" + // 0x04430308: 0x000004F1
+	"\x04#\x03\v\x00\x00\x04\xf2" + // 0x0423030B: 0x000004F2
+	"\x04C\x03\v\x00\x00\x04\xf3" + // 0x0443030B: 0x000004F3
+	"\x04'\x03\b\x00\x00\x04\xf4" + // 0x04270308: 0x000004F4
+	"\x04G\x03\b\x00\x00\x04\xf5" + // 0x04470308: 0x000004F5
+	"\x04+\x03\b\x00\x00\x04\xf8" + // 0x042B0308: 0x000004F8
+	"\x04K\x03\b\x00\x00\x04\xf9" + // 0x044B0308: 0x000004F9
+	"\x06'\x06S\x00\x00\x06\"" + // 0x06270653: 0x00000622
+	"\x06'\x06T\x00\x00\x06#" + // 0x06270654: 0x00000623
+	"\x06H\x06T\x00\x00\x06$" + // 0x06480654: 0x00000624
+	"\x06'\x06U\x00\x00\x06%" + // 0x06270655: 0x00000625
+	"\x06J\x06T\x00\x00\x06&" + // 0x064A0654: 0x00000626
+	"\x06\xd5\x06T\x00\x00\x06\xc0" + // 0x06D50654: 0x000006C0
+	"\x06\xc1\x06T\x00\x00\x06\xc2" + // 0x06C10654: 0x000006C2
+	"\x06\xd2\x06T\x00\x00\x06\xd3" + // 0x06D20654: 0x000006D3
+	"\t(\t<\x00\x00\t)" + // 0x0928093C: 0x00000929
+	"\t0\t<\x00\x00\t1" + // 0x0930093C: 0x00000931
+	"\t3\t<\x00\x00\t4" + // 0x0933093C: 0x00000934
+	"\t\xc7\t\xbe\x00\x00\t\xcb" + // 0x09C709BE: 0x000009CB
+	"\t\xc7\t\xd7\x00\x00\t\xcc" + // 0x09C709D7: 0x000009CC
+	"\vG\vV\x00\x00\vH" + // 0x0B470B56: 0x00000B48
+	"\vG\v>\x00\x00\vK" + // 0x0B470B3E: 0x00000B4B
+	"\vG\vW\x00\x00\vL" + // 0x0B470B57: 0x00000B4C
+	"\v\x92\v\xd7\x00\x00\v\x94" + // 0x0B920BD7: 0x00000B94
+	"\v\xc6\v\xbe\x00\x00\v\xca" + // 0x0BC60BBE: 0x00000BCA
+	"\v\xc7\v\xbe\x00\x00\v\xcb" + // 0x0BC70BBE: 0x00000BCB
+	"\v\xc6\v\xd7\x00\x00\v\xcc" + // 0x0BC60BD7: 0x00000BCC
+	"\fF\fV\x00\x00\fH" + // 0x0C460C56: 0x00000C48
+	"\f\xbf\f\xd5\x00\x00\f\xc0" + // 0x0CBF0CD5: 0x00000CC0
+	"\f\xc6\f\xd5\x00\x00\f\xc7" + // 0x0CC60CD5: 0x00000CC7
+	"\f\xc6\f\xd6\x00\x00\f\xc8" + // 0x0CC60CD6: 0x00000CC8
+	"\f\xc6\f\xc2\x00\x00\f\xca" + // 0x0CC60CC2: 0x00000CCA
+	"\f\xca\f\xd5\x00\x00\f\xcb" + // 0x0CCA0CD5: 0x00000CCB
+	"\rF\r>\x00\x00\rJ" + // 0x0D460D3E: 0x00000D4A
+	"\rG\r>\x00\x00\rK" + // 0x0D470D3E: 0x00000D4B
+	"\rF\rW\x00\x00\rL" + // 0x0D460D57: 0x00000D4C
+	"\r\xd9\r\xca\x00\x00\r\xda" + // 0x0DD90DCA: 0x00000DDA
+	"\r\xd9\r\xcf\x00\x00\r\xdc" + // 0x0DD90DCF: 0x00000DDC
+	"\r\xdc\r\xca\x00\x00\r\xdd" + // 0x0DDC0DCA: 0x00000DDD
+	"\r\xd9\r\xdf\x00\x00\r\xde" + // 0x0DD90DDF: 0x00000DDE
+	"\x10%\x10.\x00\x00\x10&" + // 0x1025102E: 0x00001026
+	"\x1b\x05\x1b5\x00\x00\x1b\x06" + // 0x1B051B35: 0x00001B06
+	"\x1b\a\x1b5\x00\x00\x1b\b" + // 0x1B071B35: 0x00001B08
+	"\x1b\t\x1b5\x00\x00\x1b\n" + // 0x1B091B35: 0x00001B0A
+	"\x1b\v\x1b5\x00\x00\x1b\f" + // 0x1B0B1B35: 0x00001B0C
+	"\x1b\r\x1b5\x00\x00\x1b\x0e" + // 0x1B0D1B35: 0x00001B0E
+	"\x1b\x11\x1b5\x00\x00\x1b\x12" + // 0x1B111B35: 0x00001B12
+	"\x1b:\x1b5\x00\x00\x1b;" + // 0x1B3A1B35: 0x00001B3B
+	"\x1b<\x1b5\x00\x00\x1b=" + // 0x1B3C1B35: 0x00001B3D
+	"\x1b>\x1b5\x00\x00\x1b@" + // 0x1B3E1B35: 0x00001B40
+	"\x1b?\x1b5\x00\x00\x1bA" + // 0x1B3F1B35: 0x00001B41
+	"\x1bB\x1b5\x00\x00\x1bC" + // 0x1B421B35: 0x00001B43
+	"\x00A\x03%\x00\x00\x1e\x00" + // 0x00410325: 0x00001E00
+	"\x00a\x03%\x00\x00\x1e\x01" + // 0x00610325: 0x00001E01
+	"\x00B\x03\a\x00\x00\x1e\x02" + // 0x00420307: 0x00001E02
+	"\x00b\x03\a\x00\x00\x1e\x03" + // 0x00620307: 0x00001E03
+	"\x00B\x03#\x00\x00\x1e\x04" + // 0x00420323: 0x00001E04
+	"\x00b\x03#\x00\x00\x1e\x05" + // 0x00620323: 0x00001E05
+	"\x00B\x031\x00\x00\x1e\x06" + // 0x00420331: 0x00001E06
+	"\x00b\x031\x00\x00\x1e\a" + // 0x00620331: 0x00001E07
+	"\x00\xc7\x03\x01\x00\x00\x1e\b" + // 0x00C70301: 0x00001E08
+	"\x00\xe7\x03\x01\x00\x00\x1e\t" + // 0x00E70301: 0x00001E09
+	"\x00D\x03\a\x00\x00\x1e\n" + // 0x00440307: 0x00001E0A
+	"\x00d\x03\a\x00\x00\x1e\v" + // 0x00640307: 0x00001E0B
+	"\x00D\x03#\x00\x00\x1e\f" + // 0x00440323: 0x00001E0C
+	"\x00d\x03#\x00\x00\x1e\r" + // 0x00640323: 0x00001E0D
+	"\x00D\x031\x00\x00\x1e\x0e" + // 0x00440331: 0x00001E0E
+	"\x00d\x031\x00\x00\x1e\x0f" + // 0x00640331: 0x00001E0F
+	"\x00D\x03'\x00\x00\x1e\x10" + // 0x00440327: 0x00001E10
+	"\x00d\x03'\x00\x00\x1e\x11" + // 0x00640327: 0x00001E11
+	"\x00D\x03-\x00\x00\x1e\x12" + // 0x0044032D: 0x00001E12
+	"\x00d\x03-\x00\x00\x1e\x13" + // 0x0064032D: 0x00001E13
+	"\x01\x12\x03\x00\x00\x00\x1e\x14" + // 0x01120300: 0x00001E14
+	"\x01\x13\x03\x00\x00\x00\x1e\x15" + // 0x01130300: 0x00001E15
+	"\x01\x12\x03\x01\x00\x00\x1e\x16" + // 0x01120301: 0x00001E16
+	"\x01\x13\x03\x01\x00\x00\x1e\x17" + // 0x01130301: 0x00001E17
+	"\x00E\x03-\x00\x00\x1e\x18" + // 0x0045032D: 0x00001E18
+	"\x00e\x03-\x00\x00\x1e\x19" + // 0x0065032D: 0x00001E19
+	"\x00E\x030\x00\x00\x1e\x1a" + // 0x00450330: 0x00001E1A
+	"\x00e\x030\x00\x00\x1e\x1b" + // 0x00650330: 0x00001E1B
+	"\x02(\x03\x06\x00\x00\x1e\x1c" + // 0x02280306: 0x00001E1C
+	"\x02)\x03\x06\x00\x00\x1e\x1d" + // 0x02290306: 0x00001E1D
+	"\x00F\x03\a\x00\x00\x1e\x1e" + // 0x00460307: 0x00001E1E
+	"\x00f\x03\a\x00\x00\x1e\x1f" + // 0x00660307: 0x00001E1F
+	"\x00G\x03\x04\x00\x00\x1e " + // 0x00470304: 0x00001E20
+	"\x00g\x03\x04\x00\x00\x1e!" + // 0x00670304: 0x00001E21
+	"\x00H\x03\a\x00\x00\x1e\"" + // 0x00480307: 0x00001E22
+	"\x00h\x03\a\x00\x00\x1e#" + // 0x00680307: 0x00001E23
+	"\x00H\x03#\x00\x00\x1e$" + // 0x00480323: 0x00001E24
+	"\x00h\x03#\x00\x00\x1e%" + // 0x00680323: 0x00001E25
+	"\x00H\x03\b\x00\x00\x1e&" + // 0x00480308: 0x00001E26
+	"\x00h\x03\b\x00\x00\x1e'" + // 0x00680308: 0x00001E27
+	"\x00H\x03'\x00\x00\x1e(" + // 0x00480327: 0x00001E28
+	"\x00h\x03'\x00\x00\x1e)" + // 0x00680327: 0x00001E29
+	"\x00H\x03.\x00\x00\x1e*" + // 0x0048032E: 0x00001E2A
+	"\x00h\x03.\x00\x00\x1e+" + // 0x0068032E: 0x00001E2B
+	"\x00I\x030\x00\x00\x1e," + // 0x00490330: 0x00001E2C
+	"\x00i\x030\x00\x00\x1e-" + // 0x00690330: 0x00001E2D
+	"\x00\xcf\x03\x01\x00\x00\x1e." + // 0x00CF0301: 0x00001E2E
+	"\x00\xef\x03\x01\x00\x00\x1e/" + // 0x00EF0301: 0x00001E2F
+	"\x00K\x03\x01\x00\x00\x1e0" + // 0x004B0301: 0x00001E30
+	"\x00k\x03\x01\x00\x00\x1e1" + // 0x006B0301: 0x00001E31
+	"\x00K\x03#\x00\x00\x1e2" + // 0x004B0323: 0x00001E32
+	"\x00k\x03#\x00\x00\x1e3" + // 0x006B0323: 0x00001E33
+	"\x00K\x031\x00\x00\x1e4" + // 0x004B0331: 0x00001E34
+	"\x00k\x031\x00\x00\x1e5" + // 0x006B0331: 0x00001E35
+	"\x00L\x03#\x00\x00\x1e6" + // 0x004C0323: 0x00001E36
+	"\x00l\x03#\x00\x00\x1e7" + // 0x006C0323: 0x00001E37
+	"\x1e6\x03\x04\x00\x00\x1e8" + // 0x1E360304: 0x00001E38
+	"\x1e7\x03\x04\x00\x00\x1e9" + // 0x1E370304: 0x00001E39
+	"\x00L\x031\x00\x00\x1e:" + // 0x004C0331: 0x00001E3A
+	"\x00l\x031\x00\x00\x1e;" + // 0x006C0331: 0x00001E3B
+	"\x00L\x03-\x00\x00\x1e<" + // 0x004C032D: 0x00001E3C
+	"\x00l\x03-\x00\x00\x1e=" + // 0x006C032D: 0x00001E3D
+	"\x00M\x03\x01\x00\x00\x1e>" + // 0x004D0301: 0x00001E3E
+	"\x00m\x03\x01\x00\x00\x1e?" + // 0x006D0301: 0x00001E3F
+	"\x00M\x03\a\x00\x00\x1e@" + // 0x004D0307: 0x00001E40
+	"\x00m\x03\a\x00\x00\x1eA" + // 0x006D0307: 0x00001E41
+	"\x00M\x03#\x00\x00\x1eB" + // 0x004D0323: 0x00001E42
+	"\x00m\x03#\x00\x00\x1eC" + // 0x006D0323: 0x00001E43
+	"\x00N\x03\a\x00\x00\x1eD" + // 0x004E0307: 0x00001E44
+	"\x00n\x03\a\x00\x00\x1eE" + // 0x006E0307: 0x00001E45
+	"\x00N\x03#\x00\x00\x1eF" + // 0x004E0323: 0x00001E46
+	"\x00n\x03#\x00\x00\x1eG" + // 0x006E0323: 0x00001E47
+	"\x00N\x031\x00\x00\x1eH" + // 0x004E0331: 0x00001E48
+	"\x00n\x031\x00\x00\x1eI" + // 0x006E0331: 0x00001E49
+	"\x00N\x03-\x00\x00\x1eJ" + // 0x004E032D: 0x00001E4A
+	"\x00n\x03-\x00\x00\x1eK" + // 0x006E032D: 0x00001E4B
+	"\x00\xd5\x03\x01\x00\x00\x1eL" + // 0x00D50301: 0x00001E4C
+	"\x00\xf5\x03\x01\x00\x00\x1eM" + // 0x00F50301: 0x00001E4D
+	"\x00\xd5\x03\b\x00\x00\x1eN" + // 0x00D50308: 0x00001E4E
+	"\x00\xf5\x03\b\x00\x00\x1eO" + // 0x00F50308: 0x00001E4F
+	"\x01L\x03\x00\x00\x00\x1eP" + // 0x014C0300: 0x00001E50
+	"\x01M\x03\x00\x00\x00\x1eQ" + // 0x014D0300: 0x00001E51
+	"\x01L\x03\x01\x00\x00\x1eR" + // 0x014C0301: 0x00001E52
+	"\x01M\x03\x01\x00\x00\x1eS" + // 0x014D0301: 0x00001E53
+	"\x00P\x03\x01\x00\x00\x1eT" + // 0x00500301: 0x00001E54
+	"\x00p\x03\x01\x00\x00\x1eU" + // 0x00700301: 0x00001E55
+	"\x00P\x03\a\x00\x00\x1eV" + // 0x00500307: 0x00001E56
+	"\x00p\x03\a\x00\x00\x1eW" + // 0x00700307: 0x00001E57
+	"\x00R\x03\a\x00\x00\x1eX" + // 0x00520307: 0x00001E58
+	"\x00r\x03\a\x00\x00\x1eY" + // 0x00720307: 0x00001E59
+	"\x00R\x03#\x00\x00\x1eZ" + // 0x00520323: 0x00001E5A
+	"\x00r\x03#\x00\x00\x1e[" + // 0x00720323: 0x00001E5B
+	"\x1eZ\x03\x04\x00\x00\x1e\\" + // 0x1E5A0304: 0x00001E5C
+	"\x1e[\x03\x04\x00\x00\x1e]" + // 0x1E5B0304: 0x00001E5D
+	"\x00R\x031\x00\x00\x1e^" + // 0x00520331: 0x00001E5E
+	"\x00r\x031\x00\x00\x1e_" + // 0x00720331: 0x00001E5F
+	"\x00S\x03\a\x00\x00\x1e`" + // 0x00530307: 0x00001E60
+	"\x00s\x03\a\x00\x00\x1ea" + // 0x00730307: 0x00001E61
+	"\x00S\x03#\x00\x00\x1eb" + // 0x00530323: 0x00001E62
+	"\x00s\x03#\x00\x00\x1ec" + // 0x00730323: 0x00001E63
+	"\x01Z\x03\a\x00\x00\x1ed" + // 0x015A0307: 0x00001E64
+	"\x01[\x03\a\x00\x00\x1ee" + // 0x015B0307: 0x00001E65
+	"\x01`\x03\a\x00\x00\x1ef" + // 0x01600307: 0x00001E66
+	"\x01a\x03\a\x00\x00\x1eg" + // 0x01610307: 0x00001E67
+	"\x1eb\x03\a\x00\x00\x1eh" + // 0x1E620307: 0x00001E68
+	"\x1ec\x03\a\x00\x00\x1ei" + // 0x1E630307: 0x00001E69
+	"\x00T\x03\a\x00\x00\x1ej" + // 0x00540307: 0x00001E6A
+	"\x00t\x03\a\x00\x00\x1ek" + // 0x00740307: 0x00001E6B
+	"\x00T\x03#\x00\x00\x1el" + // 0x00540323: 0x00001E6C
+	"\x00t\x03#\x00\x00\x1em" + // 0x00740323: 0x00001E6D
+	"\x00T\x031\x00\x00\x1en" + // 0x00540331: 0x00001E6E
+	"\x00t\x031\x00\x00\x1eo" + // 0x00740331: 0x00001E6F
+	"\x00T\x03-\x00\x00\x1ep" + // 0x0054032D: 0x00001E70
+	"\x00t\x03-\x00\x00\x1eq" + // 0x0074032D: 0x00001E71
+	"\x00U\x03$\x00\x00\x1er" + // 0x00550324: 0x00001E72
+	"\x00u\x03$\x00\x00\x1es" + // 0x00750324: 0x00001E73
+	"\x00U\x030\x00\x00\x1et" + // 0x00550330: 0x00001E74
+	"\x00u\x030\x00\x00\x1eu" + // 0x00750330: 0x00001E75
+	"\x00U\x03-\x00\x00\x1ev" + // 0x0055032D: 0x00001E76
+	"\x00u\x03-\x00\x00\x1ew" + // 0x0075032D: 0x00001E77
+	"\x01h\x03\x01\x00\x00\x1ex" + // 0x01680301: 0x00001E78
+	"\x01i\x03\x01\x00\x00\x1ey" + // 0x01690301: 0x00001E79
+	"\x01j\x03\b\x00\x00\x1ez" + // 0x016A0308: 0x00001E7A
+	"\x01k\x03\b\x00\x00\x1e{" + // 0x016B0308: 0x00001E7B
+	"\x00V\x03\x03\x00\x00\x1e|" + // 0x00560303: 0x00001E7C
+	"\x00v\x03\x03\x00\x00\x1e}" + // 0x00760303: 0x00001E7D
+	"\x00V\x03#\x00\x00\x1e~" + // 0x00560323: 0x00001E7E
+	"\x00v\x03#\x00\x00\x1e\u007f" + // 0x00760323: 0x00001E7F
+	"\x00W\x03\x00\x00\x00\x1e\x80" + // 0x00570300: 0x00001E80
+	"\x00w\x03\x00\x00\x00\x1e\x81" + // 0x00770300: 0x00001E81
+	"\x00W\x03\x01\x00\x00\x1e\x82" + // 0x00570301: 0x00001E82
+	"\x00w\x03\x01\x00\x00\x1e\x83" + // 0x00770301: 0x00001E83
+	"\x00W\x03\b\x00\x00\x1e\x84" + // 0x00570308: 0x00001E84
+	"\x00w\x03\b\x00\x00\x1e\x85" + // 0x00770308: 0x00001E85
+	"\x00W\x03\a\x00\x00\x1e\x86" + // 0x00570307: 0x00001E86
+	"\x00w\x03\a\x00\x00\x1e\x87" + // 0x00770307: 0x00001E87
+	"\x00W\x03#\x00\x00\x1e\x88" + // 0x00570323: 0x00001E88
+	"\x00w\x03#\x00\x00\x1e\x89" + // 0x00770323: 0x00001E89
+	"\x00X\x03\a\x00\x00\x1e\x8a" + // 0x00580307: 0x00001E8A
+	"\x00x\x03\a\x00\x00\x1e\x8b" + // 0x00780307: 0x00001E8B
+	"\x00X\x03\b\x00\x00\x1e\x8c" + // 0x00580308: 0x00001E8C
+	"\x00x\x03\b\x00\x00\x1e\x8d" + // 0x00780308: 0x00001E8D
+	"\x00Y\x03\a\x00\x00\x1e\x8e" + // 0x00590307: 0x00001E8E
+	"\x00y\x03\a\x00\x00\x1e\x8f" + // 0x00790307: 0x00001E8F
+	"\x00Z\x03\x02\x00\x00\x1e\x90" + // 0x005A0302: 0x00001E90
+	"\x00z\x03\x02\x00\x00\x1e\x91" + // 0x007A0302: 0x00001E91
+	"\x00Z\x03#\x00\x00\x1e\x92" + // 0x005A0323: 0x00001E92
+	"\x00z\x03#\x00\x00\x1e\x93" + // 0x007A0323: 0x00001E93
+	"\x00Z\x031\x00\x00\x1e\x94" + // 0x005A0331: 0x00001E94
+	"\x00z\x031\x00\x00\x1e\x95" + // 0x007A0331: 0x00001E95
+	"\x00h\x031\x00\x00\x1e\x96" + // 0x00680331: 0x00001E96
+	"\x00t\x03\b\x00\x00\x1e\x97" + // 0x00740308: 0x00001E97
+	"\x00w\x03\n\x00\x00\x1e\x98" + // 0x0077030A: 0x00001E98
+	"\x00y\x03\n\x00\x00\x1e\x99" + // 0x0079030A: 0x00001E99
+	"\x01\u007f\x03\a\x00\x00\x1e\x9b" + // 0x017F0307: 0x00001E9B
+	"\x00A\x03#\x00\x00\x1e\xa0" + // 0x00410323: 0x00001EA0
+	"\x00a\x03#\x00\x00\x1e\xa1" + // 0x00610323: 0x00001EA1
+	"\x00A\x03\t\x00\x00\x1e\xa2" + // 0x00410309: 0x00001EA2
+	"\x00a\x03\t\x00\x00\x1e\xa3" + // 0x00610309: 0x00001EA3
+	"\x00\xc2\x03\x01\x00\x00\x1e\xa4" + // 0x00C20301: 0x00001EA4
+	"\x00\xe2\x03\x01\x00\x00\x1e\xa5" + // 0x00E20301: 0x00001EA5
+	"\x00\xc2\x03\x00\x00\x00\x1e\xa6" + // 0x00C20300: 0x00001EA6
+	"\x00\xe2\x03\x00\x00\x00\x1e\xa7" + // 0x00E20300: 0x00001EA7
+	"\x00\xc2\x03\t\x00\x00\x1e\xa8" + // 0x00C20309: 0x00001EA8
+	"\x00\xe2\x03\t\x00\x00\x1e\xa9" + // 0x00E20309: 0x00001EA9
+	"\x00\xc2\x03\x03\x00\x00\x1e\xaa" + // 0x00C20303: 0x00001EAA
+	"\x00\xe2\x03\x03\x00\x00\x1e\xab" + // 0x00E20303: 0x00001EAB
+	"\x1e\xa0\x03\x02\x00\x00\x1e\xac" + // 0x1EA00302: 0x00001EAC
+	"\x1e\xa1\x03\x02\x00\x00\x1e\xad" + // 0x1EA10302: 0x00001EAD
+	"\x01\x02\x03\x01\x00\x00\x1e\xae" + // 0x01020301: 0x00001EAE
+	"\x01\x03\x03\x01\x00\x00\x1e\xaf" + // 0x01030301: 0x00001EAF
+	"\x01\x02\x03\x00\x00\x00\x1e\xb0" + // 0x01020300: 0x00001EB0
+	"\x01\x03\x03\x00\x00\x00\x1e\xb1" + // 0x01030300: 0x00001EB1
+	"\x01\x02\x03\t\x00\x00\x1e\xb2" + // 0x01020309: 0x00001EB2
+	"\x01\x03\x03\t\x00\x00\x1e\xb3" + // 0x01030309: 0x00001EB3
+	"\x01\x02\x03\x03\x00\x00\x1e\xb4" + // 0x01020303: 0x00001EB4
+	"\x01\x03\x03\x03\x00\x00\x1e\xb5" + // 0x01030303: 0x00001EB5
+	"\x1e\xa0\x03\x06\x00\x00\x1e\xb6" + // 0x1EA00306: 0x00001EB6
+	"\x1e\xa1\x03\x06\x00\x00\x1e\xb7" + // 0x1EA10306: 0x00001EB7
+	"\x00E\x03#\x00\x00\x1e\xb8" + // 0x00450323: 0x00001EB8
+	"\x00e\x03#\x00\x00\x1e\xb9" + // 0x00650323: 0x00001EB9
+	"\x00E\x03\t\x00\x00\x1e\xba" + // 0x00450309: 0x00001EBA
+	"\x00e\x03\t\x00\x00\x1e\xbb" + // 0x00650309: 0x00001EBB
+	"\x00E\x03\x03\x00\x00\x1e\xbc" + // 0x00450303: 0x00001EBC
+	"\x00e\x03\x03\x00\x00\x1e\xbd" + // 0x00650303: 0x00001EBD
+	"\x00\xca\x03\x01\x00\x00\x1e\xbe" + // 0x00CA0301: 0x00001EBE
+	"\x00\xea\x03\x01\x00\x00\x1e\xbf" + // 0x00EA0301: 0x00001EBF
+	"\x00\xca\x03\x00\x00\x00\x1e\xc0" + // 0x00CA0300: 0x00001EC0
+	"\x00\xea\x03\x00\x00\x00\x1e\xc1" + // 0x00EA0300: 0x00001EC1
+	"\x00\xca\x03\t\x00\x00\x1e\xc2" + // 0x00CA0309: 0x00001EC2
+	"\x00\xea\x03\t\x00\x00\x1e\xc3" + // 0x00EA0309: 0x00001EC3
+	"\x00\xca\x03\x03\x00\x00\x1e\xc4" + // 0x00CA0303: 0x00001EC4
+	"\x00\xea\x03\x03\x00\x00\x1e\xc5" + // 0x00EA0303: 0x00001EC5
+	"\x1e\xb8\x03\x02\x00\x00\x1e\xc6" + // 0x1EB80302: 0x00001EC6
+	"\x1e\xb9\x03\x02\x00\x00\x1e\xc7" + // 0x1EB90302: 0x00001EC7
+	"\x00I\x03\t\x00\x00\x1e\xc8" + // 0x00490309: 0x00001EC8
+	"\x00i\x03\t\x00\x00\x1e\xc9" + // 0x00690309: 0x00001EC9
+	"\x00I\x03#\x00\x00\x1e\xca" + // 0x00490323: 0x00001ECA
+	"\x00i\x03#\x00\x00\x1e\xcb" + // 0x00690323: 0x00001ECB
+	"\x00O\x03#\x00\x00\x1e\xcc" + // 0x004F0323: 0x00001ECC
+	"\x00o\x03#\x00\x00\x1e\xcd" + // 0x006F0323: 0x00001ECD
+	"\x00O\x03\t\x00\x00\x1e\xce" + // 0x004F0309: 0x00001ECE
+	"\x00o\x03\t\x00\x00\x1e\xcf" + // 0x006F0309: 0x00001ECF
+	"\x00\xd4\x03\x01\x00\x00\x1e\xd0" + // 0x00D40301: 0x00001ED0
+	"\x00\xf4\x03\x01\x00\x00\x1e\xd1" + // 0x00F40301: 0x00001ED1
+	"\x00\xd4\x03\x00\x00\x00\x1e\xd2" + // 0x00D40300: 0x00001ED2
+	"\x00\xf4\x03\x00\x00\x00\x1e\xd3" + // 0x00F40300: 0x00001ED3
+	"\x00\xd4\x03\t\x00\x00\x1e\xd4" + // 0x00D40309: 0x00001ED4
+	"\x00\xf4\x03\t\x00\x00\x1e\xd5" + // 0x00F40309: 0x00001ED5
+	"\x00\xd4\x03\x03\x00\x00\x1e\xd6" + // 0x00D40303: 0x00001ED6
+	"\x00\xf4\x03\x03\x00\x00\x1e\xd7" + // 0x00F40303: 0x00001ED7
+	"\x1e\xcc\x03\x02\x00\x00\x1e\xd8" + // 0x1ECC0302: 0x00001ED8
+	"\x1e\xcd\x03\x02\x00\x00\x1e\xd9" + // 0x1ECD0302: 0x00001ED9
+	"\x01\xa0\x03\x01\x00\x00\x1e\xda" + // 0x01A00301: 0x00001EDA
+	"\x01\xa1\x03\x01\x00\x00\x1e\xdb" + // 0x01A10301: 0x00001EDB
+	"\x01\xa0\x03\x00\x00\x00\x1e\xdc" + // 0x01A00300: 0x00001EDC
+	"\x01\xa1\x03\x00\x00\x00\x1e\xdd" + // 0x01A10300: 0x00001EDD
+	"\x01\xa0\x03\t\x00\x00\x1e\xde" + // 0x01A00309: 0x00001EDE
+	"\x01\xa1\x03\t\x00\x00\x1e\xdf" + // 0x01A10309: 0x00001EDF
+	"\x01\xa0\x03\x03\x00\x00\x1e\xe0" + // 0x01A00303: 0x00001EE0
+	"\x01\xa1\x03\x03\x00\x00\x1e\xe1" + // 0x01A10303: 0x00001EE1
+	"\x01\xa0\x03#\x00\x00\x1e\xe2" + // 0x01A00323: 0x00001EE2
+	"\x01\xa1\x03#\x00\x00\x1e\xe3" + // 0x01A10323: 0x00001EE3
+	"\x00U\x03#\x00\x00\x1e\xe4" + // 0x00550323: 0x00001EE4
+	"\x00u\x03#\x00\x00\x1e\xe5" + // 0x00750323: 0x00001EE5
+	"\x00U\x03\t\x00\x00\x1e\xe6" + // 0x00550309: 0x00001EE6
+	"\x00u\x03\t\x00\x00\x1e\xe7" + // 0x00750309: 0x00001EE7
+	"\x01\xaf\x03\x01\x00\x00\x1e\xe8" + // 0x01AF0301: 0x00001EE8
+	"\x01\xb0\x03\x01\x00\x00\x1e\xe9" + // 0x01B00301: 0x00001EE9
+	"\x01\xaf\x03\x00\x00\x00\x1e\xea" + // 0x01AF0300: 0x00001EEA
+	"\x01\xb0\x03\x00\x00\x00\x1e\xeb" + // 0x01B00300: 0x00001EEB
+	"\x01\xaf\x03\t\x00\x00\x1e\xec" + // 0x01AF0309: 0x00001EEC
+	"\x01\xb0\x03\t\x00\x00\x1e\xed" + // 0x01B00309: 0x00001EED
+	"\x01\xaf\x03\x03\x00\x00\x1e\xee" + // 0x01AF0303: 0x00001EEE
+	"\x01\xb0\x03\x03\x00\x00\x1e\xef" + // 0x01B00303: 0x00001EEF
+	"\x01\xaf\x03#\x00\x00\x1e\xf0" + // 0x01AF0323: 0x00001EF0
+	"\x01\xb0\x03#\x00\x00\x1e\xf1" + // 0x01B00323: 0x00001EF1
+	"\x00Y\x03\x00\x00\x00\x1e\xf2" + // 0x00590300: 0x00001EF2
+	"\x00y\x03\x00\x00\x00\x1e\xf3" + // 0x00790300: 0x00001EF3
+	"\x00Y\x03#\x00\x00\x1e\xf4" + // 0x00590323: 0x00001EF4
+	"\x00y\x03#\x00\x00\x1e\xf5" + // 0x00790323: 0x00001EF5
+	"\x00Y\x03\t\x00\x00\x1e\xf6" + // 0x00590309: 0x00001EF6
+	"\x00y\x03\t\x00\x00\x1e\xf7" + // 0x00790309: 0x00001EF7
+	"\x00Y\x03\x03\x00\x00\x1e\xf8" + // 0x00590303: 0x00001EF8
+	"\x00y\x03\x03\x00\x00\x1e\xf9" + // 0x00790303: 0x00001EF9
+	"\x03\xb1\x03\x13\x00\x00\x1f\x00" + // 0x03B10313: 0x00001F00
+	"\x03\xb1\x03\x14\x00\x00\x1f\x01" + // 0x03B10314: 0x00001F01
+	"\x1f\x00\x03\x00\x00\x00\x1f\x02" + // 0x1F000300: 0x00001F02
+	"\x1f\x01\x03\x00\x00\x00\x1f\x03" + // 0x1F010300: 0x00001F03
+	"\x1f\x00\x03\x01\x00\x00\x1f\x04" + // 0x1F000301: 0x00001F04
+	"\x1f\x01\x03\x01\x00\x00\x1f\x05" + // 0x1F010301: 0x00001F05
+	"\x1f\x00\x03B\x00\x00\x1f\x06" + // 0x1F000342: 0x00001F06
+	"\x1f\x01\x03B\x00\x00\x1f\a" + // 0x1F010342: 0x00001F07
+	"\x03\x91\x03\x13\x00\x00\x1f\b" + // 0x03910313: 0x00001F08
+	"\x03\x91\x03\x14\x00\x00\x1f\t" + // 0x03910314: 0x00001F09
+	"\x1f\b\x03\x00\x00\x00\x1f\n" + // 0x1F080300: 0x00001F0A
+	"\x1f\t\x03\x00\x00\x00\x1f\v" + // 0x1F090300: 0x00001F0B
+	"\x1f\b\x03\x01\x00\x00\x1f\f" + // 0x1F080301: 0x00001F0C
+	"\x1f\t\x03\x01\x00\x00\x1f\r" + // 0x1F090301: 0x00001F0D
+	"\x1f\b\x03B\x00\x00\x1f\x0e" + // 0x1F080342: 0x00001F0E
+	"\x1f\t\x03B\x00\x00\x1f\x0f" + // 0x1F090342: 0x00001F0F
+	"\x03\xb5\x03\x13\x00\x00\x1f\x10" + // 0x03B50313: 0x00001F10
+	"\x03\xb5\x03\x14\x00\x00\x1f\x11" + // 0x03B50314: 0x00001F11
+	"\x1f\x10\x03\x00\x00\x00\x1f\x12" + // 0x1F100300: 0x00001F12
+	"\x1f\x11\x03\x00\x00\x00\x1f\x13" + // 0x1F110300: 0x00001F13
+	"\x1f\x10\x03\x01\x00\x00\x1f\x14" + // 0x1F100301: 0x00001F14
+	"\x1f\x11\x03\x01\x00\x00\x1f\x15" + // 0x1F110301: 0x00001F15
+	"\x03\x95\x03\x13\x00\x00\x1f\x18" + // 0x03950313: 0x00001F18
+	"\x03\x95\x03\x14\x00\x00\x1f\x19" + // 0x03950314: 0x00001F19
+	"\x1f\x18\x03\x00\x00\x00\x1f\x1a" + // 0x1F180300: 0x00001F1A
+	"\x1f\x19\x03\x00\x00\x00\x1f\x1b" + // 0x1F190300: 0x00001F1B
+	"\x1f\x18\x03\x01\x00\x00\x1f\x1c" + // 0x1F180301: 0x00001F1C
+	"\x1f\x19\x03\x01\x00\x00\x1f\x1d" + // 0x1F190301: 0x00001F1D
+	"\x03\xb7\x03\x13\x00\x00\x1f " + // 0x03B70313: 0x00001F20
+	"\x03\xb7\x03\x14\x00\x00\x1f!" + // 0x03B70314: 0x00001F21
+	"\x1f \x03\x00\x00\x00\x1f\"" + // 0x1F200300: 0x00001F22
+	"\x1f!\x03\x00\x00\x00\x1f#" + // 0x1F210300: 0x00001F23
+	"\x1f \x03\x01\x00\x00\x1f$" + // 0x1F200301: 0x00001F24
+	"\x1f!\x03\x01\x00\x00\x1f%" + // 0x1F210301: 0x00001F25
+	"\x1f \x03B\x00\x00\x1f&" + // 0x1F200342: 0x00001F26
+	"\x1f!\x03B\x00\x00\x1f'" + // 0x1F210342: 0x00001F27
+	"\x03\x97\x03\x13\x00\x00\x1f(" + // 0x03970313: 0x00001F28
+	"\x03\x97\x03\x14\x00\x00\x1f)" + // 0x03970314: 0x00001F29
+	"\x1f(\x03\x00\x00\x00\x1f*" + // 0x1F280300: 0x00001F2A
+	"\x1f)\x03\x00\x00\x00\x1f+" + // 0x1F290300: 0x00001F2B
+	"\x1f(\x03\x01\x00\x00\x1f," + // 0x1F280301: 0x00001F2C
+	"\x1f)\x03\x01\x00\x00\x1f-" + // 0x1F290301: 0x00001F2D
+	"\x1f(\x03B\x00\x00\x1f." + // 0x1F280342: 0x00001F2E
+	"\x1f)\x03B\x00\x00\x1f/" + // 0x1F290342: 0x00001F2F
+	"\x03\xb9\x03\x13\x00\x00\x1f0" + // 0x03B90313: 0x00001F30
+	"\x03\xb9\x03\x14\x00\x00\x1f1" + // 0x03B90314: 0x00001F31
+	"\x1f0\x03\x00\x00\x00\x1f2" + // 0x1F300300: 0x00001F32
+	"\x1f1\x03\x00\x00\x00\x1f3" + // 0x1F310300: 0x00001F33
+	"\x1f0\x03\x01\x00\x00\x1f4" + // 0x1F300301: 0x00001F34
+	"\x1f1\x03\x01\x00\x00\x1f5" + // 0x1F310301: 0x00001F35
+	"\x1f0\x03B\x00\x00\x1f6" + // 0x1F300342: 0x00001F36
+	"\x1f1\x03B\x00\x00\x1f7" + // 0x1F310342: 0x00001F37
+	"\x03\x99\x03\x13\x00\x00\x1f8" + // 0x03990313: 0x00001F38
+	"\x03\x99\x03\x14\x00\x00\x1f9" + // 0x03990314: 0x00001F39
+	"\x1f8\x03\x00\x00\x00\x1f:" + // 0x1F380300: 0x00001F3A
+	"\x1f9\x03\x00\x00\x00\x1f;" + // 0x1F390300: 0x00001F3B
+	"\x1f8\x03\x01\x00\x00\x1f<" + // 0x1F380301: 0x00001F3C
+	"\x1f9\x03\x01\x00\x00\x1f=" + // 0x1F390301: 0x00001F3D
+	"\x1f8\x03B\x00\x00\x1f>" + // 0x1F380342: 0x00001F3E
+	"\x1f9\x03B\x00\x00\x1f?" + // 0x1F390342: 0x00001F3F
+	"\x03\xbf\x03\x13\x00\x00\x1f@" + // 0x03BF0313: 0x00001F40
+	"\x03\xbf\x03\x14\x00\x00\x1fA" + // 0x03BF0314: 0x00001F41
+	"\x1f@\x03\x00\x00\x00\x1fB" + // 0x1F400300: 0x00001F42
+	"\x1fA\x03\x00\x00\x00\x1fC" + // 0x1F410300: 0x00001F43
+	"\x1f@\x03\x01\x00\x00\x1fD" + // 0x1F400301: 0x00001F44
+	"\x1fA\x03\x01\x00\x00\x1fE" + // 0x1F410301: 0x00001F45
+	"\x03\x9f\x03\x13\x00\x00\x1fH" + // 0x039F0313: 0x00001F48
+	"\x03\x9f\x03\x14\x00\x00\x1fI" + // 0x039F0314: 0x00001F49
+	"\x1fH\x03\x00\x00\x00\x1fJ" + // 0x1F480300: 0x00001F4A
+	"\x1fI\x03\x00\x00\x00\x1fK" + // 0x1F490300: 0x00001F4B
+	"\x1fH\x03\x01\x00\x00\x1fL" + // 0x1F480301: 0x00001F4C
+	"\x1fI\x03\x01\x00\x00\x1fM" + // 0x1F490301: 0x00001F4D
+	"\x03\xc5\x03\x13\x00\x00\x1fP" + // 0x03C50313: 0x00001F50
+	"\x03\xc5\x03\x14\x00\x00\x1fQ" + // 0x03C50314: 0x00001F51
+	"\x1fP\x03\x00\x00\x00\x1fR" + // 0x1F500300: 0x00001F52
+	"\x1fQ\x03\x00\x00\x00\x1fS" + // 0x1F510300: 0x00001F53
+	"\x1fP\x03\x01\x00\x00\x1fT" + // 0x1F500301: 0x00001F54
+	"\x1fQ\x03\x01\x00\x00\x1fU" + // 0x1F510301: 0x00001F55
+	"\x1fP\x03B\x00\x00\x1fV" + // 0x1F500342: 0x00001F56
+	"\x1fQ\x03B\x00\x00\x1fW" + // 0x1F510342: 0x00001F57
+	"\x03\xa5\x03\x14\x00\x00\x1fY" + // 0x03A50314: 0x00001F59
+	"\x1fY\x03\x00\x00\x00\x1f[" + // 0x1F590300: 0x00001F5B
+	"\x1fY\x03\x01\x00\x00\x1f]" + // 0x1F590301: 0x00001F5D
+	"\x1fY\x03B\x00\x00\x1f_" + // 0x1F590342: 0x00001F5F
+	"\x03\xc9\x03\x13\x00\x00\x1f`" + // 0x03C90313: 0x00001F60
+	"\x03\xc9\x03\x14\x00\x00\x1fa" + // 0x03C90314: 0x00001F61
+	"\x1f`\x03\x00\x00\x00\x1fb" + // 0x1F600300: 0x00001F62
+	"\x1fa\x03\x00\x00\x00\x1fc" + // 0x1F610300: 0x00001F63
+	"\x1f`\x03\x01\x00\x00\x1fd" + // 0x1F600301: 0x00001F64
+	"\x1fa\x03\x01\x00\x00\x1fe" + // 0x1F610301: 0x00001F65
+	"\x1f`\x03B\x00\x00\x1ff" + // 0x1F600342: 0x00001F66
+	"\x1fa\x03B\x00\x00\x1fg" + // 0x1F610342: 0x00001F67
+	"\x03\xa9\x03\x13\x00\x00\x1fh" + // 0x03A90313: 0x00001F68
+	"\x03\xa9\x03\x14\x00\x00\x1fi" + // 0x03A90314: 0x00001F69
+	"\x1fh\x03\x00\x00\x00\x1fj" + // 0x1F680300: 0x00001F6A
+	"\x1fi\x03\x00\x00\x00\x1fk" + // 0x1F690300: 0x00001F6B
+	"\x1fh\x03\x01\x00\x00\x1fl" + // 0x1F680301: 0x00001F6C
+	"\x1fi\x03\x01\x00\x00\x1fm" + // 0x1F690301: 0x00001F6D
+	"\x1fh\x03B\x00\x00\x1fn" + // 0x1F680342: 0x00001F6E
+	"\x1fi\x03B\x00\x00\x1fo" + // 0x1F690342: 0x00001F6F
+	"\x03\xb1\x03\x00\x00\x00\x1fp" + // 0x03B10300: 0x00001F70
+	"\x03\xb5\x03\x00\x00\x00\x1fr" + // 0x03B50300: 0x00001F72
+	"\x03\xb7\x03\x00\x00\x00\x1ft" + // 0x03B70300: 0x00001F74
+	"\x03\xb9\x03\x00\x00\x00\x1fv" + // 0x03B90300: 0x00001F76
+	"\x03\xbf\x03\x00\x00\x00\x1fx" + // 0x03BF0300: 0x00001F78
+	"\x03\xc5\x03\x00\x00\x00\x1fz" + // 0x03C50300: 0x00001F7A
+	"\x03\xc9\x03\x00\x00\x00\x1f|" + // 0x03C90300: 0x00001F7C
+	"\x1f\x00\x03E\x00\x00\x1f\x80" + // 0x1F000345: 0x00001F80
+	"\x1f\x01\x03E\x00\x00\x1f\x81" + // 0x1F010345: 0x00001F81
+	"\x1f\x02\x03E\x00\x00\x1f\x82" + // 0x1F020345: 0x00001F82
+	"\x1f\x03\x03E\x00\x00\x1f\x83" + // 0x1F030345: 0x00001F83
+	"\x1f\x04\x03E\x00\x00\x1f\x84" + // 0x1F040345: 0x00001F84
+	"\x1f\x05\x03E\x00\x00\x1f\x85" + // 0x1F050345: 0x00001F85
+	"\x1f\x06\x03E\x00\x00\x1f\x86" + // 0x1F060345: 0x00001F86
+	"\x1f\a\x03E\x00\x00\x1f\x87" + // 0x1F070345: 0x00001F87
+	"\x1f\b\x03E\x00\x00\x1f\x88" + // 0x1F080345: 0x00001F88
+	"\x1f\t\x03E\x00\x00\x1f\x89" + // 0x1F090345: 0x00001F89
+	"\x1f\n\x03E\x00\x00\x1f\x8a" + // 0x1F0A0345: 0x00001F8A
+	"\x1f\v\x03E\x00\x00\x1f\x8b" + // 0x1F0B0345: 0x00001F8B
+	"\x1f\f\x03E\x00\x00\x1f\x8c" + // 0x1F0C0345: 0x00001F8C
+	"\x1f\r\x03E\x00\x00\x1f\x8d" + // 0x1F0D0345: 0x00001F8D
+	"\x1f\x0e\x03E\x00\x00\x1f\x8e" + // 0x1F0E0345: 0x00001F8E
+	"\x1f\x0f\x03E\x00\x00\x1f\x8f" + // 0x1F0F0345: 0x00001F8F
+	"\x1f \x03E\x00\x00\x1f\x90" + // 0x1F200345: 0x00001F90
+	"\x1f!\x03E\x00\x00\x1f\x91" + // 0x1F210345: 0x00001F91
+	"\x1f\"\x03E\x00\x00\x1f\x92" + // 0x1F220345: 0x00001F92
+	"\x1f#\x03E\x00\x00\x1f\x93" + // 0x1F230345: 0x00001F93
+	"\x1f$\x03E\x00\x00\x1f\x94" + // 0x1F240345: 0x00001F94
+	"\x1f%\x03E\x00\x00\x1f\x95" + // 0x1F250345: 0x00001F95
+	"\x1f&\x03E\x00\x00\x1f\x96" + // 0x1F260345: 0x00001F96
+	"\x1f'\x03E\x00\x00\x1f\x97" + // 0x1F270345: 0x00001F97
+	"\x1f(\x03E\x00\x00\x1f\x98" + // 0x1F280345: 0x00001F98
+	"\x1f)\x03E\x00\x00\x1f\x99" + // 0x1F290345: 0x00001F99
+	"\x1f*\x03E\x00\x00\x1f\x9a" + // 0x1F2A0345: 0x00001F9A
+	"\x1f+\x03E\x00\x00\x1f\x9b" + // 0x1F2B0345: 0x00001F9B
+	"\x1f,\x03E\x00\x00\x1f\x9c" + // 0x1F2C0345: 0x00001F9C
+	"\x1f-\x03E\x00\x00\x1f\x9d" + // 0x1F2D0345: 0x00001F9D
+	"\x1f.\x03E\x00\x00\x1f\x9e" + // 0x1F2E0345: 0x00001F9E
+	"\x1f/\x03E\x00\x00\x1f\x9f" + // 0x1F2F0345: 0x00001F9F
+	"\x1f`\x03E\x00\x00\x1f\xa0" + // 0x1F600345: 0x00001FA0
+	"\x1fa\x03E\x00\x00\x1f\xa1" + // 0x1F610345: 0x00001FA1
+	"\x1fb\x03E\x00\x00\x1f\xa2" + // 0x1F620345: 0x00001FA2
+	"\x1fc\x03E\x00\x00\x1f\xa3" + // 0x1F630345: 0x00001FA3
+	"\x1fd\x03E\x00\x00\x1f\xa4" + // 0x1F640345: 0x00001FA4
+	"\x1fe\x03E\x00\x00\x1f\xa5" + // 0x1F650345: 0x00001FA5
+	"\x1ff\x03E\x00\x00\x1f\xa6" + // 0x1F660345: 0x00001FA6
+	"\x1fg\x03E\x00\x00\x1f\xa7" + // 0x1F670345: 0x00001FA7
+	"\x1fh\x03E\x00\x00\x1f\xa8" + // 0x1F680345: 0x00001FA8
+	"\x1fi\x03E\x00\x00\x1f\xa9" + // 0x1F690345: 0x00001FA9
+	"\x1fj\x03E\x00\x00\x1f\xaa" + // 0x1F6A0345: 0x00001FAA
+	"\x1fk\x03E\x00\x00\x1f\xab" + // 0x1F6B0345: 0x00001FAB
+	"\x1fl\x03E\x00\x00\x1f\xac" + // 0x1F6C0345: 0x00001FAC
+	"\x1fm\x03E\x00\x00\x1f\xad" + // 0x1F6D0345: 0x00001FAD
+	"\x1fn\x03E\x00\x00\x1f\xae" + // 0x1F6E0345: 0x00001FAE
+	"\x1fo\x03E\x00\x00\x1f\xaf" + // 0x1F6F0345: 0x00001FAF
+	"\x03\xb1\x03\x06\x00\x00\x1f\xb0" + // 0x03B10306: 0x00001FB0
+	"\x03\xb1\x03\x04\x00\x00\x1f\xb1" + // 0x03B10304: 0x00001FB1
+	"\x1fp\x03E\x00\x00\x1f\xb2" + // 0x1F700345: 0x00001FB2
+	"\x03\xb1\x03E\x00\x00\x1f\xb3" + // 0x03B10345: 0x00001FB3
+	"\x03\xac\x03E\x00\x00\x1f\xb4" + // 0x03AC0345: 0x00001FB4
+	"\x03\xb1\x03B\x00\x00\x1f\xb6" + // 0x03B10342: 0x00001FB6
+	"\x1f\xb6\x03E\x00\x00\x1f\xb7" + // 0x1FB60345: 0x00001FB7
+	"\x03\x91\x03\x06\x00\x00\x1f\xb8" + // 0x03910306: 0x00001FB8
+	"\x03\x91\x03\x04\x00\x00\x1f\xb9" + // 0x03910304: 0x00001FB9
+	"\x03\x91\x03\x00\x00\x00\x1f\xba" + // 0x03910300: 0x00001FBA
+	"\x03\x91\x03E\x00\x00\x1f\xbc" + // 0x03910345: 0x00001FBC
+	"\x00\xa8\x03B\x00\x00\x1f\xc1" + // 0x00A80342: 0x00001FC1
+	"\x1ft\x03E\x00\x00\x1f\xc2" + // 0x1F740345: 0x00001FC2
+	"\x03\xb7\x03E\x00\x00\x1f\xc3" + // 0x03B70345: 0x00001FC3
+	"\x03\xae\x03E\x00\x00\x1f\xc4" + // 0x03AE0345: 0x00001FC4
+	"\x03\xb7\x03B\x00\x00\x1f\xc6" + // 0x03B70342: 0x00001FC6
+	"\x1f\xc6\x03E\x00\x00\x1f\xc7" + // 0x1FC60345: 0x00001FC7
+	"\x03\x95\x03\x00\x00\x00\x1f\xc8" + // 0x03950300: 0x00001FC8
+	"\x03\x97\x03\x00\x00\x00\x1f\xca" + // 0x03970300: 0x00001FCA
+	"\x03\x97\x03E\x00\x00\x1f\xcc" + // 0x03970345: 0x00001FCC
+	"\x1f\xbf\x03\x00\x00\x00\x1f\xcd" + // 0x1FBF0300: 0x00001FCD
+	"\x1f\xbf\x03\x01\x00\x00\x1f\xce" + // 0x1FBF0301: 0x00001FCE
+	"\x1f\xbf\x03B\x00\x00\x1f\xcf" + // 0x1FBF0342: 0x00001FCF
+	"\x03\xb9\x03\x06\x00\x00\x1f\xd0" + // 0x03B90306: 0x00001FD0
+	"\x03\xb9\x03\x04\x00\x00\x1f\xd1" + // 0x03B90304: 0x00001FD1
+	"\x03\xca\x03\x00\x00\x00\x1f\xd2" + // 0x03CA0300: 0x00001FD2
+	"\x03\xb9\x03B\x00\x00\x1f\xd6" + // 0x03B90342: 0x00001FD6
+	"\x03\xca\x03B\x00\x00\x1f\xd7" + // 0x03CA0342: 0x00001FD7
+	"\x03\x99\x03\x06\x00\x00\x1f\xd8" + // 0x03990306: 0x00001FD8
+	"\x03\x99\x03\x04\x00\x00\x1f\xd9" + // 0x03990304: 0x00001FD9
+	"\x03\x99\x03\x00\x00\x00\x1f\xda" + // 0x03990300: 0x00001FDA
+	"\x1f\xfe\x03\x00\x00\x00\x1f\xdd" + // 0x1FFE0300: 0x00001FDD
+	"\x1f\xfe\x03\x01\x00\x00\x1f\xde" + // 0x1FFE0301: 0x00001FDE
+	"\x1f\xfe\x03B\x00\x00\x1f\xdf" + // 0x1FFE0342: 0x00001FDF
+	"\x03\xc5\x03\x06\x00\x00\x1f\xe0" + // 0x03C50306: 0x00001FE0
+	"\x03\xc5\x03\x04\x00\x00\x1f\xe1" + // 0x03C50304: 0x00001FE1
+	"\x03\xcb\x03\x00\x00\x00\x1f\xe2" + // 0x03CB0300: 0x00001FE2
+	"\x03\xc1\x03\x13\x00\x00\x1f\xe4" + // 0x03C10313: 0x00001FE4
+	"\x03\xc1\x03\x14\x00\x00\x1f\xe5" + // 0x03C10314: 0x00001FE5
+	"\x03\xc5\x03B\x00\x00\x1f\xe6" + // 0x03C50342: 0x00001FE6
+	"\x03\xcb\x03B\x00\x00\x1f\xe7" + // 0x03CB0342: 0x00001FE7
+	"\x03\xa5\x03\x06\x00\x00\x1f\xe8" + // 0x03A50306: 0x00001FE8
+	"\x03\xa5\x03\x04\x00\x00\x1f\xe9" + // 0x03A50304: 0x00001FE9
+	"\x03\xa5\x03\x00\x00\x00\x1f\xea" + // 0x03A50300: 0x00001FEA
+	"\x03\xa1\x03\x14\x00\x00\x1f\xec" + // 0x03A10314: 0x00001FEC
+	"\x00\xa8\x03\x00\x00\x00\x1f\xed" + // 0x00A80300: 0x00001FED
+	"\x1f|\x03E\x00\x00\x1f\xf2" + // 0x1F7C0345: 0x00001FF2
+	"\x03\xc9\x03E\x00\x00\x1f\xf3" + // 0x03C90345: 0x00001FF3
+	"\x03\xce\x03E\x00\x00\x1f\xf4" + // 0x03CE0345: 0x00001FF4
+	"\x03\xc9\x03B\x00\x00\x1f\xf6" + // 0x03C90342: 0x00001FF6
+	"\x1f\xf6\x03E\x00\x00\x1f\xf7" + // 0x1FF60345: 0x00001FF7
+	"\x03\x9f\x03\x00\x00\x00\x1f\xf8" + // 0x039F0300: 0x00001FF8
+	"\x03\xa9\x03\x00\x00\x00\x1f\xfa" + // 0x03A90300: 0x00001FFA
+	"\x03\xa9\x03E\x00\x00\x1f\xfc" + // 0x03A90345: 0x00001FFC
+	"!\x90\x038\x00\x00!\x9a" + // 0x21900338: 0x0000219A
+	"!\x92\x038\x00\x00!\x9b" + // 0x21920338: 0x0000219B
+	"!\x94\x038\x00\x00!\xae" + // 0x21940338: 0x000021AE
+	"!\xd0\x038\x00\x00!\xcd" + // 0x21D00338: 0x000021CD
+	"!\xd4\x038\x00\x00!\xce" + // 0x21D40338: 0x000021CE
+	"!\xd2\x038\x00\x00!\xcf" + // 0x21D20338: 0x000021CF
+	"\"\x03\x038\x00\x00\"\x04" + // 0x22030338: 0x00002204
+	"\"\b\x038\x00\x00\"\t" + // 0x22080338: 0x00002209
+	"\"\v\x038\x00\x00\"\f" + // 0x220B0338: 0x0000220C
+	"\"#\x038\x00\x00\"$" + // 0x22230338: 0x00002224
+	"\"%\x038\x00\x00\"&" + // 0x22250338: 0x00002226
+	"\"<\x038\x00\x00\"A" + // 0x223C0338: 0x00002241
+	"\"C\x038\x00\x00\"D" + // 0x22430338: 0x00002244
+	"\"E\x038\x00\x00\"G" + // 0x22450338: 0x00002247
+	"\"H\x038\x00\x00\"I" + // 0x22480338: 0x00002249
+	"\x00=\x038\x00\x00\"`" + // 0x003D0338: 0x00002260
+	"\"a\x038\x00\x00\"b" + // 0x22610338: 0x00002262
+	"\"M\x038\x00\x00\"m" + // 0x224D0338: 0x0000226D
+	"\x00<\x038\x00\x00\"n" + // 0x003C0338: 0x0000226E
+	"\x00>\x038\x00\x00\"o" + // 0x003E0338: 0x0000226F
+	"\"d\x038\x00\x00\"p" + // 0x22640338: 0x00002270
+	"\"e\x038\x00\x00\"q" + // 0x22650338: 0x00002271
+	"\"r\x038\x00\x00\"t" + // 0x22720338: 0x00002274
+	"\"s\x038\x00\x00\"u" + // 0x22730338: 0x00002275
+	"\"v\x038\x00\x00\"x" + // 0x22760338: 0x00002278
+	"\"w\x038\x00\x00\"y" + // 0x22770338: 0x00002279
+	"\"z\x038\x00\x00\"\x80" + // 0x227A0338: 0x00002280
+	"\"{\x038\x00\x00\"\x81" + // 0x227B0338: 0x00002281
+	"\"\x82\x038\x00\x00\"\x84" + // 0x22820338: 0x00002284
+	"\"\x83\x038\x00\x00\"\x85" + // 0x22830338: 0x00002285
+	"\"\x86\x038\x00\x00\"\x88" + // 0x22860338: 0x00002288
+	"\"\x87\x038\x00\x00\"\x89" + // 0x22870338: 0x00002289
+	"\"\xa2\x038\x00\x00\"\xac" + // 0x22A20338: 0x000022AC
+	"\"\xa8\x038\x00\x00\"\xad" + // 0x22A80338: 0x000022AD
+	"\"\xa9\x038\x00\x00\"\xae" + // 0x22A90338: 0x000022AE
+	"\"\xab\x038\x00\x00\"\xaf" + // 0x22AB0338: 0x000022AF
+	"\"|\x038\x00\x00\"\xe0" + // 0x227C0338: 0x000022E0
+	"\"}\x038\x00\x00\"\xe1" + // 0x227D0338: 0x000022E1
+	"\"\x91\x038\x00\x00\"\xe2" + // 0x22910338: 0x000022E2
+	"\"\x92\x038\x00\x00\"\xe3" + // 0x22920338: 0x000022E3
+	"\"\xb2\x038\x00\x00\"\xea" + // 0x22B20338: 0x000022EA
+	"\"\xb3\x038\x00\x00\"\xeb" + // 0x22B30338: 0x000022EB
+	"\"\xb4\x038\x00\x00\"\xec" + // 0x22B40338: 0x000022EC
+	"\"\xb5\x038\x00\x00\"\xed" + // 0x22B50338: 0x000022ED
+	"0K0\x99\x00\x000L" + // 0x304B3099: 0x0000304C
+	"0M0\x99\x00\x000N" + // 0x304D3099: 0x0000304E
+	"0O0\x99\x00\x000P" + // 0x304F3099: 0x00003050
+	"0Q0\x99\x00\x000R" + // 0x30513099: 0x00003052
+	"0S0\x99\x00\x000T" + // 0x30533099: 0x00003054
+	"0U0\x99\x00\x000V" + // 0x30553099: 0x00003056
+	"0W0\x99\x00\x000X" + // 0x30573099: 0x00003058
+	"0Y0\x99\x00\x000Z" + // 0x30593099: 0x0000305A
+	"0[0\x99\x00\x000\\" + // 0x305B3099: 0x0000305C
+	"0]0\x99\x00\x000^" + // 0x305D3099: 0x0000305E
+	"0_0\x99\x00\x000`" + // 0x305F3099: 0x00003060
+	"0a0\x99\x00\x000b" + // 0x30613099: 0x00003062
+	"0d0\x99\x00\x000e" + // 0x30643099: 0x00003065
+	"0f0\x99\x00\x000g" + // 0x30663099: 0x00003067
+	"0h0\x99\x00\x000i" + // 0x30683099: 0x00003069
+	"0o0\x99\x00\x000p" + // 0x306F3099: 0x00003070
+	"0o0\x9a\x00\x000q" + // 0x306F309A: 0x00003071
+	"0r0\x99\x00\x000s" + // 0x30723099: 0x00003073
+	"0r0\x9a\x00\x000t" + // 0x3072309A: 0x00003074
+	"0u0\x99\x00\x000v" + // 0x30753099: 0x00003076
+	"0u0\x9a\x00\x000w" + // 0x3075309A: 0x00003077
+	"0x0\x99\x00\x000y" + // 0x30783099: 0x00003079
+	"0x0\x9a\x00\x000z" + // 0x3078309A: 0x0000307A
+	"0{0\x99\x00\x000|" + // 0x307B3099: 0x0000307C
+	"0{0\x9a\x00\x000}" + // 0x307B309A: 0x0000307D
+	"0F0\x99\x00\x000\x94" + // 0x30463099: 0x00003094
+	"0\x9d0\x99\x00\x000\x9e" + // 0x309D3099: 0x0000309E
+	"0\xab0\x99\x00\x000\xac" + // 0x30AB3099: 0x000030AC
+	"0\xad0\x99\x00\x000\xae" + // 0x30AD3099: 0x000030AE
+	"0\xaf0\x99\x00\x000\xb0" + // 0x30AF3099: 0x000030B0
+	"0\xb10\x99\x00\x000\xb2" + // 0x30B13099: 0x000030B2
+	"0\xb30\x99\x00\x000\xb4" + // 0x30B33099: 0x000030B4
+	"0\xb50\x99\x00\x000\xb6" + // 0x30B53099: 0x000030B6
+	"0\xb70\x99\x00\x000\xb8" + // 0x30B73099: 0x000030B8
+	"0\xb90\x99\x00\x000\xba" + // 0x30B93099: 0x000030BA
+	"0\xbb0\x99\x00\x000\xbc" + // 0x30BB3099: 0x000030BC
+	"0\xbd0\x99\x00\x000\xbe" + // 0x30BD3099: 0x000030BE
+	"0\xbf0\x99\x00\x000\xc0" + // 0x30BF3099: 0x000030C0
+	"0\xc10\x99\x00\x000\xc2" + // 0x30C13099: 0x000030C2
+	"0\xc40\x99\x00\x000\xc5" + // 0x30C43099: 0x000030C5
+	"0\xc60\x99\x00\x000\xc7" + // 0x30C63099: 0x000030C7
+	"0\xc80\x99\x00\x000\xc9" + // 0x30C83099: 0x000030C9
+	"0\xcf0\x99\x00\x000\xd0" + // 0x30CF3099: 0x000030D0
+	"0\xcf0\x9a\x00\x000\xd1" + // 0x30CF309A: 0x000030D1
+	"0\xd20\x99\x00\x000\xd3" + // 0x30D23099: 0x000030D3
+	"0\xd20\x9a\x00\x000\xd4" + // 0x30D2309A: 0x000030D4
+	"0\xd50\x99\x00\x000\xd6" + // 0x30D53099: 0x000030D6
+	"0\xd50\x9a\x00\x000\xd7" + // 0x30D5309A: 0x000030D7
+	"0\xd80\x99\x00\x000\xd9" + // 0x30D83099: 0x000030D9
+	"0\xd80\x9a\x00\x000\xda" + // 0x30D8309A: 0x000030DA
+	"0\xdb0\x99\x00\x000\xdc" + // 0x30DB3099: 0x000030DC
+	"0\xdb0\x9a\x00\x000\xdd" + // 0x30DB309A: 0x000030DD
+	"0\xa60\x99\x00\x000\xf4" + // 0x30A63099: 0x000030F4
+	"0\xef0\x99\x00\x000\xf7" + // 0x30EF3099: 0x000030F7
+	"0\xf00\x99\x00\x000\xf8" + // 0x30F03099: 0x000030F8
+	"0\xf10\x99\x00\x000\xf9" + // 0x30F13099: 0x000030F9
+	"0\xf20\x99\x00\x000\xfa" + // 0x30F23099: 0x000030FA
+	"0\xfd0\x99\x00\x000\xfe" + // 0x30FD3099: 0x000030FE
+	"\x10\x99\x10\xba\x00\x01\x10\x9a" + // 0x109910BA: 0x0001109A
+	"\x10\x9b\x10\xba\x00\x01\x10\x9c" + // 0x109B10BA: 0x0001109C
+	"\x10\xa5\x10\xba\x00\x01\x10\xab" + // 0x10A510BA: 0x000110AB
+	"\x111\x11'\x00\x01\x11." + // 0x11311127: 0x0001112E
+	"\x112\x11'\x00\x01\x11/" + // 0x11321127: 0x0001112F
+	"\x13G\x13>\x00\x01\x13K" + // 0x1347133E: 0x0001134B
+	"\x13G\x13W\x00\x01\x13L" + // 0x13471357: 0x0001134C
+	"\x14\xb9\x14\xba\x00\x01\x14\xbb" + // 0x14B914BA: 0x000114BB
+	"\x14\xb9\x14\xb0\x00\x01\x14\xbc" + // 0x14B914B0: 0x000114BC
+	"\x14\xb9\x14\xbd\x00\x01\x14\xbe" + // 0x14B914BD: 0x000114BE
+	"\x15\xb8\x15\xaf\x00\x01\x15\xba" + // 0x15B815AF: 0x000115BA
+	"\x15\xb9\x15\xaf\x00\x01\x15\xbb" + // 0x15B915AF: 0x000115BB
+	""
+	// Total size of tables: 53KB (54514 bytes)
diff --git a/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
new file mode 100644
index 0000000000000..10f5202c693fd
--- /dev/null
+++ b/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
@@ -0,0 +1,7710 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+// +build go1.14
+
+package norm
+
+import "sync"
+
+const (
+	// Version is the Unicode edition from which the tables are derived.
+	Version = "12.0.0"
+
+	// MaxTransformChunkSize indicates the maximum number of bytes that Transform
+	// may need to write atomically for any Form. Making a destination buffer at
+	// least this size ensures that Transform can always make progress and that
+	// the user does not need to grow the buffer on an ErrShortDst.
+	MaxTransformChunkSize = 35 + maxNonStarters*4
+)
+
+var ccc = [55]uint8{
+	0, 1, 7, 8, 9, 10, 11, 12,
+	13, 14, 15, 16, 17, 18, 19, 20,
+	21, 22, 23, 24, 25, 26, 27, 28,
+	29, 30, 31, 32, 33, 34, 35, 36,
+	84, 91, 103, 107, 118, 122, 129, 130,
+	132, 202, 214, 216, 218, 220, 222, 224,
+	226, 228, 230, 232, 233, 234, 240,
+}
+
+const (
+	firstMulti            = 0x186D
+	firstCCC              = 0x2CA1
+	endMulti              = 0x2F63
+	firstLeadingCCC       = 0x49B1
+	firstCCCZeroExcept    = 0x4A7B
+	firstStarterWithNLead = 0x4AA2
+	lastDecomp            = 0x4AA4
+	maxDecomp             = 0x8000
+)
+
+// decomps: 19108 bytes
+var decomps = [...]byte{
+	// Bytes 0 - 3f
+	0x00, 0x41, 0x20, 0x41, 0x21, 0x41, 0x22, 0x41,
+	0x23, 0x41, 0x24, 0x41, 0x25, 0x41, 0x26, 0x41,
+	0x27, 0x41, 0x28, 0x41, 0x29, 0x41, 0x2A, 0x41,
+	0x2B, 0x41, 0x2C, 0x41, 0x2D, 0x41, 0x2E, 0x41,
+	0x2F, 0x41, 0x30, 0x41, 0x31, 0x41, 0x32, 0x41,
+	0x33, 0x41, 0x34, 0x41, 0x35, 0x41, 0x36, 0x41,
+	0x37, 0x41, 0x38, 0x41, 0x39, 0x41, 0x3A, 0x41,
+	0x3B, 0x41, 0x3C, 0x41, 0x3D, 0x41, 0x3E, 0x41,
+	// Bytes 40 - 7f
+	0x3F, 0x41, 0x40, 0x41, 0x41, 0x41, 0x42, 0x41,
+	0x43, 0x41, 0x44, 0x41, 0x45, 0x41, 0x46, 0x41,
+	0x47, 0x41, 0x48, 0x41, 0x49, 0x41, 0x4A, 0x41,
+	0x4B, 0x41, 0x4C, 0x41, 0x4D, 0x41, 0x4E, 0x41,
+	0x4F, 0x41, 0x50, 0x41, 0x51, 0x41, 0x52, 0x41,
+	0x53, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41,
+	0x57, 0x41, 0x58, 0x41, 0x59, 0x41, 0x5A, 0x41,
+	0x5B, 0x41, 0x5C, 0x41, 0x5D, 0x41, 0x5E, 0x41,
+	// Bytes 80 - bf
+	0x5F, 0x41, 0x60, 0x41, 0x61, 0x41, 0x62, 0x41,
+	0x63, 0x41, 0x64, 0x41, 0x65, 0x41, 0x66, 0x41,
+	0x67, 0x41, 0x68, 0x41, 0x69, 0x41, 0x6A, 0x41,
+	0x6B, 0x41, 0x6C, 0x41, 0x6D, 0x41, 0x6E, 0x41,
+	0x6F, 0x41, 0x70, 0x41, 0x71, 0x41, 0x72, 0x41,
+	0x73, 0x41, 0x74, 0x41, 0x75, 0x41, 0x76, 0x41,
+	0x77, 0x41, 0x78, 0x41, 0x79, 0x41, 0x7A, 0x41,
+	0x7B, 0x41, 0x7C, 0x41, 0x7D, 0x41, 0x7E, 0x42,
+	// Bytes c0 - ff
+	0xC2, 0xA2, 0x42, 0xC2, 0xA3, 0x42, 0xC2, 0xA5,
+	0x42, 0xC2, 0xA6, 0x42, 0xC2, 0xAC, 0x42, 0xC2,
+	0xB7, 0x42, 0xC3, 0x86, 0x42, 0xC3, 0xB0, 0x42,
+	0xC4, 0xA6, 0x42, 0xC4, 0xA7, 0x42, 0xC4, 0xB1,
+	0x42, 0xC5, 0x8B, 0x42, 0xC5, 0x93, 0x42, 0xC6,
+	0x8E, 0x42, 0xC6, 0x90, 0x42, 0xC6, 0xAB, 0x42,
+	0xC8, 0xA2, 0x42, 0xC8, 0xB7, 0x42, 0xC9, 0x90,
+	0x42, 0xC9, 0x91, 0x42, 0xC9, 0x92, 0x42, 0xC9,
+	// Bytes 100 - 13f
+	0x94, 0x42, 0xC9, 0x95, 0x42, 0xC9, 0x99, 0x42,
+	0xC9, 0x9B, 0x42, 0xC9, 0x9C, 0x42, 0xC9, 0x9F,
+	0x42, 0xC9, 0xA1, 0x42, 0xC9, 0xA3, 0x42, 0xC9,
+	0xA5, 0x42, 0xC9, 0xA6, 0x42, 0xC9, 0xA8, 0x42,
+	0xC9, 0xA9, 0x42, 0xC9, 0xAA, 0x42, 0xC9, 0xAB,
+	0x42, 0xC9, 0xAD, 0x42, 0xC9, 0xAF, 0x42, 0xC9,
+	0xB0, 0x42, 0xC9, 0xB1, 0x42, 0xC9, 0xB2, 0x42,
+	0xC9, 0xB3, 0x42, 0xC9, 0xB4, 0x42, 0xC9, 0xB5,
+	// Bytes 140 - 17f
+	0x42, 0xC9, 0xB8, 0x42, 0xC9, 0xB9, 0x42, 0xC9,
+	0xBB, 0x42, 0xCA, 0x81, 0x42, 0xCA, 0x82, 0x42,
+	0xCA, 0x83, 0x42, 0xCA, 0x89, 0x42, 0xCA, 0x8A,
+	0x42, 0xCA, 0x8B, 0x42, 0xCA, 0x8C, 0x42, 0xCA,
+	0x90, 0x42, 0xCA, 0x91, 0x42, 0xCA, 0x92, 0x42,
+	0xCA, 0x95, 0x42, 0xCA, 0x9D, 0x42, 0xCA, 0x9F,
+	0x42, 0xCA, 0xB9, 0x42, 0xCE, 0x91, 0x42, 0xCE,
+	0x92, 0x42, 0xCE, 0x93, 0x42, 0xCE, 0x94, 0x42,
+	// Bytes 180 - 1bf
+	0xCE, 0x95, 0x42, 0xCE, 0x96, 0x42, 0xCE, 0x97,
+	0x42, 0xCE, 0x98, 0x42, 0xCE, 0x99, 0x42, 0xCE,
+	0x9A, 0x42, 0xCE, 0x9B, 0x42, 0xCE, 0x9C, 0x42,
+	0xCE, 0x9D, 0x42, 0xCE, 0x9E, 0x42, 0xCE, 0x9F,
+	0x42, 0xCE, 0xA0, 0x42, 0xCE, 0xA1, 0x42, 0xCE,
+	0xA3, 0x42, 0xCE, 0xA4, 0x42, 0xCE, 0xA5, 0x42,
+	0xCE, 0xA6, 0x42, 0xCE, 0xA7, 0x42, 0xCE, 0xA8,
+	0x42, 0xCE, 0xA9, 0x42, 0xCE, 0xB1, 0x42, 0xCE,
+	// Bytes 1c0 - 1ff
+	0xB2, 0x42, 0xCE, 0xB3, 0x42, 0xCE, 0xB4, 0x42,
+	0xCE, 0xB5, 0x42, 0xCE, 0xB6, 0x42, 0xCE, 0xB7,
+	0x42, 0xCE, 0xB8, 0x42, 0xCE, 0xB9, 0x42, 0xCE,
+	0xBA, 0x42, 0xCE, 0xBB, 0x42, 0xCE, 0xBC, 0x42,
+	0xCE, 0xBD, 0x42, 0xCE, 0xBE, 0x42, 0xCE, 0xBF,
+	0x42, 0xCF, 0x80, 0x42, 0xCF, 0x81, 0x42, 0xCF,
+	0x82, 0x42, 0xCF, 0x83, 0x42, 0xCF, 0x84, 0x42,
+	0xCF, 0x85, 0x42, 0xCF, 0x86, 0x42, 0xCF, 0x87,
+	// Bytes 200 - 23f
+	0x42, 0xCF, 0x88, 0x42, 0xCF, 0x89, 0x42, 0xCF,
+	0x9C, 0x42, 0xCF, 0x9D, 0x42, 0xD0, 0xBD, 0x42,
+	0xD1, 0x8A, 0x42, 0xD1, 0x8C, 0x42, 0xD7, 0x90,
+	0x42, 0xD7, 0x91, 0x42, 0xD7, 0x92, 0x42, 0xD7,
+	0x93, 0x42, 0xD7, 0x94, 0x42, 0xD7, 0x9B, 0x42,
+	0xD7, 0x9C, 0x42, 0xD7, 0x9D, 0x42, 0xD7, 0xA2,
+	0x42, 0xD7, 0xA8, 0x42, 0xD7, 0xAA, 0x42, 0xD8,
+	0xA1, 0x42, 0xD8, 0xA7, 0x42, 0xD8, 0xA8, 0x42,
+	// Bytes 240 - 27f
+	0xD8, 0xA9, 0x42, 0xD8, 0xAA, 0x42, 0xD8, 0xAB,
+	0x42, 0xD8, 0xAC, 0x42, 0xD8, 0xAD, 0x42, 0xD8,
+	0xAE, 0x42, 0xD8, 0xAF, 0x42, 0xD8, 0xB0, 0x42,
+	0xD8, 0xB1, 0x42, 0xD8, 0xB2, 0x42, 0xD8, 0xB3,
+	0x42, 0xD8, 0xB4, 0x42, 0xD8, 0xB5, 0x42, 0xD8,
+	0xB6, 0x42, 0xD8, 0xB7, 0x42, 0xD8, 0xB8, 0x42,
+	0xD8, 0xB9, 0x42, 0xD8, 0xBA, 0x42, 0xD9, 0x81,
+	0x42, 0xD9, 0x82, 0x42, 0xD9, 0x83, 0x42, 0xD9,
+	// Bytes 280 - 2bf
+	0x84, 0x42, 0xD9, 0x85, 0x42, 0xD9, 0x86, 0x42,
+	0xD9, 0x87, 0x42, 0xD9, 0x88, 0x42, 0xD9, 0x89,
+	0x42, 0xD9, 0x8A, 0x42, 0xD9, 0xAE, 0x42, 0xD9,
+	0xAF, 0x42, 0xD9, 0xB1, 0x42, 0xD9, 0xB9, 0x42,
+	0xD9, 0xBA, 0x42, 0xD9, 0xBB, 0x42, 0xD9, 0xBE,
+	0x42, 0xD9, 0xBF, 0x42, 0xDA, 0x80, 0x42, 0xDA,
+	0x83, 0x42, 0xDA, 0x84, 0x42, 0xDA, 0x86, 0x42,
+	0xDA, 0x87, 0x42, 0xDA, 0x88, 0x42, 0xDA, 0x8C,
+	// Bytes 2c0 - 2ff
+	0x42, 0xDA, 0x8D, 0x42, 0xDA, 0x8E, 0x42, 0xDA,
+	0x91, 0x42, 0xDA, 0x98, 0x42, 0xDA, 0xA1, 0x42,
+	0xDA, 0xA4, 0x42, 0xDA, 0xA6, 0x42, 0xDA, 0xA9,
+	0x42, 0xDA, 0xAD, 0x42, 0xDA, 0xAF, 0x42, 0xDA,
+	0xB1, 0x42, 0xDA, 0xB3, 0x42, 0xDA, 0xBA, 0x42,
+	0xDA, 0xBB, 0x42, 0xDA, 0xBE, 0x42, 0xDB, 0x81,
+	0x42, 0xDB, 0x85, 0x42, 0xDB, 0x86, 0x42, 0xDB,
+	0x87, 0x42, 0xDB, 0x88, 0x42, 0xDB, 0x89, 0x42,
+	// Bytes 300 - 33f
+	0xDB, 0x8B, 0x42, 0xDB, 0x8C, 0x42, 0xDB, 0x90,
+	0x42, 0xDB, 0x92, 0x43, 0xE0, 0xBC, 0x8B, 0x43,
+	0xE1, 0x83, 0x9C, 0x43, 0xE1, 0x84, 0x80, 0x43,
+	0xE1, 0x84, 0x81, 0x43, 0xE1, 0x84, 0x82, 0x43,
+	0xE1, 0x84, 0x83, 0x43, 0xE1, 0x84, 0x84, 0x43,
+	0xE1, 0x84, 0x85, 0x43, 0xE1, 0x84, 0x86, 0x43,
+	0xE1, 0x84, 0x87, 0x43, 0xE1, 0x84, 0x88, 0x43,
+	0xE1, 0x84, 0x89, 0x43, 0xE1, 0x84, 0x8A, 0x43,
+	// Bytes 340 - 37f
+	0xE1, 0x84, 0x8B, 0x43, 0xE1, 0x84, 0x8C, 0x43,
+	0xE1, 0x84, 0x8D, 0x43, 0xE1, 0x84, 0x8E, 0x43,
+	0xE1, 0x84, 0x8F, 0x43, 0xE1, 0x84, 0x90, 0x43,
+	0xE1, 0x84, 0x91, 0x43, 0xE1, 0x84, 0x92, 0x43,
+	0xE1, 0x84, 0x94, 0x43, 0xE1, 0x84, 0x95, 0x43,
+	0xE1, 0x84, 0x9A, 0x43, 0xE1, 0x84, 0x9C, 0x43,
+	0xE1, 0x84, 0x9D, 0x43, 0xE1, 0x84, 0x9E, 0x43,
+	0xE1, 0x84, 0xA0, 0x43, 0xE1, 0x84, 0xA1, 0x43,
+	// Bytes 380 - 3bf
+	0xE1, 0x84, 0xA2, 0x43, 0xE1, 0x84, 0xA3, 0x43,
+	0xE1, 0x84, 0xA7, 0x43, 0xE1, 0x84, 0xA9, 0x43,
+	0xE1, 0x84, 0xAB, 0x43, 0xE1, 0x84, 0xAC, 0x43,
+	0xE1, 0x84, 0xAD, 0x43, 0xE1, 0x84, 0xAE, 0x43,
+	0xE1, 0x84, 0xAF, 0x43, 0xE1, 0x84, 0xB2, 0x43,
+	0xE1, 0x84, 0xB6, 0x43, 0xE1, 0x85, 0x80, 0x43,
+	0xE1, 0x85, 0x87, 0x43, 0xE1, 0x85, 0x8C, 0x43,
+	0xE1, 0x85, 0x97, 0x43, 0xE1, 0x85, 0x98, 0x43,
+	// Bytes 3c0 - 3ff
+	0xE1, 0x85, 0x99, 0x43, 0xE1, 0x85, 0xA0, 0x43,
+	0xE1, 0x86, 0x84, 0x43, 0xE1, 0x86, 0x85, 0x43,
+	0xE1, 0x86, 0x88, 0x43, 0xE1, 0x86, 0x91, 0x43,
+	0xE1, 0x86, 0x92, 0x43, 0xE1, 0x86, 0x94, 0x43,
+	0xE1, 0x86, 0x9E, 0x43, 0xE1, 0x86, 0xA1, 0x43,
+	0xE1, 0x87, 0x87, 0x43, 0xE1, 0x87, 0x88, 0x43,
+	0xE1, 0x87, 0x8C, 0x43, 0xE1, 0x87, 0x8E, 0x43,
+	0xE1, 0x87, 0x93, 0x43, 0xE1, 0x87, 0x97, 0x43,
+	// Bytes 400 - 43f
+	0xE1, 0x87, 0x99, 0x43, 0xE1, 0x87, 0x9D, 0x43,
+	0xE1, 0x87, 0x9F, 0x43, 0xE1, 0x87, 0xB1, 0x43,
+	0xE1, 0x87, 0xB2, 0x43, 0xE1, 0xB4, 0x82, 0x43,
+	0xE1, 0xB4, 0x96, 0x43, 0xE1, 0xB4, 0x97, 0x43,
+	0xE1, 0xB4, 0x9C, 0x43, 0xE1, 0xB4, 0x9D, 0x43,
+	0xE1, 0xB4, 0xA5, 0x43, 0xE1, 0xB5, 0xBB, 0x43,
+	0xE1, 0xB6, 0x85, 0x43, 0xE2, 0x80, 0x82, 0x43,
+	0xE2, 0x80, 0x83, 0x43, 0xE2, 0x80, 0x90, 0x43,
+	// Bytes 440 - 47f
+	0xE2, 0x80, 0x93, 0x43, 0xE2, 0x80, 0x94, 0x43,
+	0xE2, 0x82, 0xA9, 0x43, 0xE2, 0x86, 0x90, 0x43,
+	0xE2, 0x86, 0x91, 0x43, 0xE2, 0x86, 0x92, 0x43,
+	0xE2, 0x86, 0x93, 0x43, 0xE2, 0x88, 0x82, 0x43,
+	0xE2, 0x88, 0x87, 0x43, 0xE2, 0x88, 0x91, 0x43,
+	0xE2, 0x88, 0x92, 0x43, 0xE2, 0x94, 0x82, 0x43,
+	0xE2, 0x96, 0xA0, 0x43, 0xE2, 0x97, 0x8B, 0x43,
+	0xE2, 0xA6, 0x85, 0x43, 0xE2, 0xA6, 0x86, 0x43,
+	// Bytes 480 - 4bf
+	0xE2, 0xB5, 0xA1, 0x43, 0xE3, 0x80, 0x81, 0x43,
+	0xE3, 0x80, 0x82, 0x43, 0xE3, 0x80, 0x88, 0x43,
+	0xE3, 0x80, 0x89, 0x43, 0xE3, 0x80, 0x8A, 0x43,
+	0xE3, 0x80, 0x8B, 0x43, 0xE3, 0x80, 0x8C, 0x43,
+	0xE3, 0x80, 0x8D, 0x43, 0xE3, 0x80, 0x8E, 0x43,
+	0xE3, 0x80, 0x8F, 0x43, 0xE3, 0x80, 0x90, 0x43,
+	0xE3, 0x80, 0x91, 0x43, 0xE3, 0x80, 0x92, 0x43,
+	0xE3, 0x80, 0x94, 0x43, 0xE3, 0x80, 0x95, 0x43,
+	// Bytes 4c0 - 4ff
+	0xE3, 0x80, 0x96, 0x43, 0xE3, 0x80, 0x97, 0x43,
+	0xE3, 0x82, 0xA1, 0x43, 0xE3, 0x82, 0xA2, 0x43,
+	0xE3, 0x82, 0xA3, 0x43, 0xE3, 0x82, 0xA4, 0x43,
+	0xE3, 0x82, 0xA5, 0x43, 0xE3, 0x82, 0xA6, 0x43,
+	0xE3, 0x82, 0xA7, 0x43, 0xE3, 0x82, 0xA8, 0x43,
+	0xE3, 0x82, 0xA9, 0x43, 0xE3, 0x82, 0xAA, 0x43,
+	0xE3, 0x82, 0xAB, 0x43, 0xE3, 0x82, 0xAD, 0x43,
+	0xE3, 0x82, 0xAF, 0x43, 0xE3, 0x82, 0xB1, 0x43,
+	// Bytes 500 - 53f
+	0xE3, 0x82, 0xB3, 0x43, 0xE3, 0x82, 0xB5, 0x43,
+	0xE3, 0x82, 0xB7, 0x43, 0xE3, 0x82, 0xB9, 0x43,
+	0xE3, 0x82, 0xBB, 0x43, 0xE3, 0x82, 0xBD, 0x43,
+	0xE3, 0x82, 0xBF, 0x43, 0xE3, 0x83, 0x81, 0x43,
+	0xE3, 0x83, 0x83, 0x43, 0xE3, 0x83, 0x84, 0x43,
+	0xE3, 0x83, 0x86, 0x43, 0xE3, 0x83, 0x88, 0x43,
+	0xE3, 0x83, 0x8A, 0x43, 0xE3, 0x83, 0x8B, 0x43,
+	0xE3, 0x83, 0x8C, 0x43, 0xE3, 0x83, 0x8D, 0x43,
+	// Bytes 540 - 57f
+	0xE3, 0x83, 0x8E, 0x43, 0xE3, 0x83, 0x8F, 0x43,
+	0xE3, 0x83, 0x92, 0x43, 0xE3, 0x83, 0x95, 0x43,
+	0xE3, 0x83, 0x98, 0x43, 0xE3, 0x83, 0x9B, 0x43,
+	0xE3, 0x83, 0x9E, 0x43, 0xE3, 0x83, 0x9F, 0x43,
+	0xE3, 0x83, 0xA0, 0x43, 0xE3, 0x83, 0xA1, 0x43,
+	0xE3, 0x83, 0xA2, 0x43, 0xE3, 0x83, 0xA3, 0x43,
+	0xE3, 0x83, 0xA4, 0x43, 0xE3, 0x83, 0xA5, 0x43,
+	0xE3, 0x83, 0xA6, 0x43, 0xE3, 0x83, 0xA7, 0x43,
+	// Bytes 580 - 5bf
+	0xE3, 0x83, 0xA8, 0x43, 0xE3, 0x83, 0xA9, 0x43,
+	0xE3, 0x83, 0xAA, 0x43, 0xE3, 0x83, 0xAB, 0x43,
+	0xE3, 0x83, 0xAC, 0x43, 0xE3, 0x83, 0xAD, 0x43,
+	0xE3, 0x83, 0xAF, 0x43, 0xE3, 0x83, 0xB0, 0x43,
+	0xE3, 0x83, 0xB1, 0x43, 0xE3, 0x83, 0xB2, 0x43,
+	0xE3, 0x83, 0xB3, 0x43, 0xE3, 0x83, 0xBB, 0x43,
+	0xE3, 0x83, 0xBC, 0x43, 0xE3, 0x92, 0x9E, 0x43,
+	0xE3, 0x92, 0xB9, 0x43, 0xE3, 0x92, 0xBB, 0x43,
+	// Bytes 5c0 - 5ff
+	0xE3, 0x93, 0x9F, 0x43, 0xE3, 0x94, 0x95, 0x43,
+	0xE3, 0x9B, 0xAE, 0x43, 0xE3, 0x9B, 0xBC, 0x43,
+	0xE3, 0x9E, 0x81, 0x43, 0xE3, 0xA0, 0xAF, 0x43,
+	0xE3, 0xA1, 0xA2, 0x43, 0xE3, 0xA1, 0xBC, 0x43,
+	0xE3, 0xA3, 0x87, 0x43, 0xE3, 0xA3, 0xA3, 0x43,
+	0xE3, 0xA4, 0x9C, 0x43, 0xE3, 0xA4, 0xBA, 0x43,
+	0xE3, 0xA8, 0xAE, 0x43, 0xE3, 0xA9, 0xAC, 0x43,
+	0xE3, 0xAB, 0xA4, 0x43, 0xE3, 0xAC, 0x88, 0x43,
+	// Bytes 600 - 63f
+	0xE3, 0xAC, 0x99, 0x43, 0xE3, 0xAD, 0x89, 0x43,
+	0xE3, 0xAE, 0x9D, 0x43, 0xE3, 0xB0, 0x98, 0x43,
+	0xE3, 0xB1, 0x8E, 0x43, 0xE3, 0xB4, 0xB3, 0x43,
+	0xE3, 0xB6, 0x96, 0x43, 0xE3, 0xBA, 0xAC, 0x43,
+	0xE3, 0xBA, 0xB8, 0x43, 0xE3, 0xBC, 0x9B, 0x43,
+	0xE3, 0xBF, 0xBC, 0x43, 0xE4, 0x80, 0x88, 0x43,
+	0xE4, 0x80, 0x98, 0x43, 0xE4, 0x80, 0xB9, 0x43,
+	0xE4, 0x81, 0x86, 0x43, 0xE4, 0x82, 0x96, 0x43,
+	// Bytes 640 - 67f
+	0xE4, 0x83, 0xA3, 0x43, 0xE4, 0x84, 0xAF, 0x43,
+	0xE4, 0x88, 0x82, 0x43, 0xE4, 0x88, 0xA7, 0x43,
+	0xE4, 0x8A, 0xA0, 0x43, 0xE4, 0x8C, 0x81, 0x43,
+	0xE4, 0x8C, 0xB4, 0x43, 0xE4, 0x8D, 0x99, 0x43,
+	0xE4, 0x8F, 0x95, 0x43, 0xE4, 0x8F, 0x99, 0x43,
+	0xE4, 0x90, 0x8B, 0x43, 0xE4, 0x91, 0xAB, 0x43,
+	0xE4, 0x94, 0xAB, 0x43, 0xE4, 0x95, 0x9D, 0x43,
+	0xE4, 0x95, 0xA1, 0x43, 0xE4, 0x95, 0xAB, 0x43,
+	// Bytes 680 - 6bf
+	0xE4, 0x97, 0x97, 0x43, 0xE4, 0x97, 0xB9, 0x43,
+	0xE4, 0x98, 0xB5, 0x43, 0xE4, 0x9A, 0xBE, 0x43,
+	0xE4, 0x9B, 0x87, 0x43, 0xE4, 0xA6, 0x95, 0x43,
+	0xE4, 0xA7, 0xA6, 0x43, 0xE4, 0xA9, 0xAE, 0x43,
+	0xE4, 0xA9, 0xB6, 0x43, 0xE4, 0xAA, 0xB2, 0x43,
+	0xE4, 0xAC, 0xB3, 0x43, 0xE4, 0xAF, 0x8E, 0x43,
+	0xE4, 0xB3, 0x8E, 0x43, 0xE4, 0xB3, 0xAD, 0x43,
+	0xE4, 0xB3, 0xB8, 0x43, 0xE4, 0xB5, 0x96, 0x43,
+	// Bytes 6c0 - 6ff
+	0xE4, 0xB8, 0x80, 0x43, 0xE4, 0xB8, 0x81, 0x43,
+	0xE4, 0xB8, 0x83, 0x43, 0xE4, 0xB8, 0x89, 0x43,
+	0xE4, 0xB8, 0x8A, 0x43, 0xE4, 0xB8, 0x8B, 0x43,
+	0xE4, 0xB8, 0x8D, 0x43, 0xE4, 0xB8, 0x99, 0x43,
+	0xE4, 0xB8, 0xA6, 0x43, 0xE4, 0xB8, 0xA8, 0x43,
+	0xE4, 0xB8, 0xAD, 0x43, 0xE4, 0xB8, 0xB2, 0x43,
+	0xE4, 0xB8, 0xB6, 0x43, 0xE4, 0xB8, 0xB8, 0x43,
+	0xE4, 0xB8, 0xB9, 0x43, 0xE4, 0xB8, 0xBD, 0x43,
+	// Bytes 700 - 73f
+	0xE4, 0xB8, 0xBF, 0x43, 0xE4, 0xB9, 0x81, 0x43,
+	0xE4, 0xB9, 0x99, 0x43, 0xE4, 0xB9, 0x9D, 0x43,
+	0xE4, 0xBA, 0x82, 0x43, 0xE4, 0xBA, 0x85, 0x43,
+	0xE4, 0xBA, 0x86, 0x43, 0xE4, 0xBA, 0x8C, 0x43,
+	0xE4, 0xBA, 0x94, 0x43, 0xE4, 0xBA, 0xA0, 0x43,
+	0xE4, 0xBA, 0xA4, 0x43, 0xE4, 0xBA, 0xAE, 0x43,
+	0xE4, 0xBA, 0xBA, 0x43, 0xE4, 0xBB, 0x80, 0x43,
+	0xE4, 0xBB, 0x8C, 0x43, 0xE4, 0xBB, 0xA4, 0x43,
+	// Bytes 740 - 77f
+	0xE4, 0xBC, 0x81, 0x43, 0xE4, 0xBC, 0x91, 0x43,
+	0xE4, 0xBD, 0xA0, 0x43, 0xE4, 0xBE, 0x80, 0x43,
+	0xE4, 0xBE, 0x86, 0x43, 0xE4, 0xBE, 0x8B, 0x43,
+	0xE4, 0xBE, 0xAE, 0x43, 0xE4, 0xBE, 0xBB, 0x43,
+	0xE4, 0xBE, 0xBF, 0x43, 0xE5, 0x80, 0x82, 0x43,
+	0xE5, 0x80, 0xAB, 0x43, 0xE5, 0x81, 0xBA, 0x43,
+	0xE5, 0x82, 0x99, 0x43, 0xE5, 0x83, 0x8F, 0x43,
+	0xE5, 0x83, 0x9A, 0x43, 0xE5, 0x83, 0xA7, 0x43,
+	// Bytes 780 - 7bf
+	0xE5, 0x84, 0xAA, 0x43, 0xE5, 0x84, 0xBF, 0x43,
+	0xE5, 0x85, 0x80, 0x43, 0xE5, 0x85, 0x85, 0x43,
+	0xE5, 0x85, 0x8D, 0x43, 0xE5, 0x85, 0x94, 0x43,
+	0xE5, 0x85, 0xA4, 0x43, 0xE5, 0x85, 0xA5, 0x43,
+	0xE5, 0x85, 0xA7, 0x43, 0xE5, 0x85, 0xA8, 0x43,
+	0xE5, 0x85, 0xA9, 0x43, 0xE5, 0x85, 0xAB, 0x43,
+	0xE5, 0x85, 0xAD, 0x43, 0xE5, 0x85, 0xB7, 0x43,
+	0xE5, 0x86, 0x80, 0x43, 0xE5, 0x86, 0x82, 0x43,
+	// Bytes 7c0 - 7ff
+	0xE5, 0x86, 0x8D, 0x43, 0xE5, 0x86, 0x92, 0x43,
+	0xE5, 0x86, 0x95, 0x43, 0xE5, 0x86, 0x96, 0x43,
+	0xE5, 0x86, 0x97, 0x43, 0xE5, 0x86, 0x99, 0x43,
+	0xE5, 0x86, 0xA4, 0x43, 0xE5, 0x86, 0xAB, 0x43,
+	0xE5, 0x86, 0xAC, 0x43, 0xE5, 0x86, 0xB5, 0x43,
+	0xE5, 0x86, 0xB7, 0x43, 0xE5, 0x87, 0x89, 0x43,
+	0xE5, 0x87, 0x8C, 0x43, 0xE5, 0x87, 0x9C, 0x43,
+	0xE5, 0x87, 0x9E, 0x43, 0xE5, 0x87, 0xA0, 0x43,
+	// Bytes 800 - 83f
+	0xE5, 0x87, 0xB5, 0x43, 0xE5, 0x88, 0x80, 0x43,
+	0xE5, 0x88, 0x83, 0x43, 0xE5, 0x88, 0x87, 0x43,
+	0xE5, 0x88, 0x97, 0x43, 0xE5, 0x88, 0x9D, 0x43,
+	0xE5, 0x88, 0xA9, 0x43, 0xE5, 0x88, 0xBA, 0x43,
+	0xE5, 0x88, 0xBB, 0x43, 0xE5, 0x89, 0x86, 0x43,
+	0xE5, 0x89, 0x8D, 0x43, 0xE5, 0x89, 0xB2, 0x43,
+	0xE5, 0x89, 0xB7, 0x43, 0xE5, 0x8A, 0x89, 0x43,
+	0xE5, 0x8A, 0x9B, 0x43, 0xE5, 0x8A, 0xA3, 0x43,
+	// Bytes 840 - 87f
+	0xE5, 0x8A, 0xB3, 0x43, 0xE5, 0x8A, 0xB4, 0x43,
+	0xE5, 0x8B, 0x87, 0x43, 0xE5, 0x8B, 0x89, 0x43,
+	0xE5, 0x8B, 0x92, 0x43, 0xE5, 0x8B, 0x9E, 0x43,
+	0xE5, 0x8B, 0xA4, 0x43, 0xE5, 0x8B, 0xB5, 0x43,
+	0xE5, 0x8B, 0xB9, 0x43, 0xE5, 0x8B, 0xBA, 0x43,
+	0xE5, 0x8C, 0x85, 0x43, 0xE5, 0x8C, 0x86, 0x43,
+	0xE5, 0x8C, 0x95, 0x43, 0xE5, 0x8C, 0x97, 0x43,
+	0xE5, 0x8C, 0x9A, 0x43, 0xE5, 0x8C, 0xB8, 0x43,
+	// Bytes 880 - 8bf
+	0xE5, 0x8C, 0xBB, 0x43, 0xE5, 0x8C, 0xBF, 0x43,
+	0xE5, 0x8D, 0x81, 0x43, 0xE5, 0x8D, 0x84, 0x43,
+	0xE5, 0x8D, 0x85, 0x43, 0xE5, 0x8D, 0x89, 0x43,
+	0xE5, 0x8D, 0x91, 0x43, 0xE5, 0x8D, 0x94, 0x43,
+	0xE5, 0x8D, 0x9A, 0x43, 0xE5, 0x8D, 0x9C, 0x43,
+	0xE5, 0x8D, 0xA9, 0x43, 0xE5, 0x8D, 0xB0, 0x43,
+	0xE5, 0x8D, 0xB3, 0x43, 0xE5, 0x8D, 0xB5, 0x43,
+	0xE5, 0x8D, 0xBD, 0x43, 0xE5, 0x8D, 0xBF, 0x43,
+	// Bytes 8c0 - 8ff
+	0xE5, 0x8E, 0x82, 0x43, 0xE5, 0x8E, 0xB6, 0x43,
+	0xE5, 0x8F, 0x83, 0x43, 0xE5, 0x8F, 0x88, 0x43,
+	0xE5, 0x8F, 0x8A, 0x43, 0xE5, 0x8F, 0x8C, 0x43,
+	0xE5, 0x8F, 0x9F, 0x43, 0xE5, 0x8F, 0xA3, 0x43,
+	0xE5, 0x8F, 0xA5, 0x43, 0xE5, 0x8F, 0xAB, 0x43,
+	0xE5, 0x8F, 0xAF, 0x43, 0xE5, 0x8F, 0xB1, 0x43,
+	0xE5, 0x8F, 0xB3, 0x43, 0xE5, 0x90, 0x86, 0x43,
+	0xE5, 0x90, 0x88, 0x43, 0xE5, 0x90, 0x8D, 0x43,
+	// Bytes 900 - 93f
+	0xE5, 0x90, 0x8F, 0x43, 0xE5, 0x90, 0x9D, 0x43,
+	0xE5, 0x90, 0xB8, 0x43, 0xE5, 0x90, 0xB9, 0x43,
+	0xE5, 0x91, 0x82, 0x43, 0xE5, 0x91, 0x88, 0x43,
+	0xE5, 0x91, 0xA8, 0x43, 0xE5, 0x92, 0x9E, 0x43,
+	0xE5, 0x92, 0xA2, 0x43, 0xE5, 0x92, 0xBD, 0x43,
+	0xE5, 0x93, 0xB6, 0x43, 0xE5, 0x94, 0x90, 0x43,
+	0xE5, 0x95, 0x8F, 0x43, 0xE5, 0x95, 0x93, 0x43,
+	0xE5, 0x95, 0x95, 0x43, 0xE5, 0x95, 0xA3, 0x43,
+	// Bytes 940 - 97f
+	0xE5, 0x96, 0x84, 0x43, 0xE5, 0x96, 0x87, 0x43,
+	0xE5, 0x96, 0x99, 0x43, 0xE5, 0x96, 0x9D, 0x43,
+	0xE5, 0x96, 0xAB, 0x43, 0xE5, 0x96, 0xB3, 0x43,
+	0xE5, 0x96, 0xB6, 0x43, 0xE5, 0x97, 0x80, 0x43,
+	0xE5, 0x97, 0x82, 0x43, 0xE5, 0x97, 0xA2, 0x43,
+	0xE5, 0x98, 0x86, 0x43, 0xE5, 0x99, 0x91, 0x43,
+	0xE5, 0x99, 0xA8, 0x43, 0xE5, 0x99, 0xB4, 0x43,
+	0xE5, 0x9B, 0x97, 0x43, 0xE5, 0x9B, 0x9B, 0x43,
+	// Bytes 980 - 9bf
+	0xE5, 0x9B, 0xB9, 0x43, 0xE5, 0x9C, 0x96, 0x43,
+	0xE5, 0x9C, 0x97, 0x43, 0xE5, 0x9C, 0x9F, 0x43,
+	0xE5, 0x9C, 0xB0, 0x43, 0xE5, 0x9E, 0x8B, 0x43,
+	0xE5, 0x9F, 0x8E, 0x43, 0xE5, 0x9F, 0xB4, 0x43,
+	0xE5, 0xA0, 0x8D, 0x43, 0xE5, 0xA0, 0xB1, 0x43,
+	0xE5, 0xA0, 0xB2, 0x43, 0xE5, 0xA1, 0x80, 0x43,
+	0xE5, 0xA1, 0x9A, 0x43, 0xE5, 0xA1, 0x9E, 0x43,
+	0xE5, 0xA2, 0xA8, 0x43, 0xE5, 0xA2, 0xAC, 0x43,
+	// Bytes 9c0 - 9ff
+	0xE5, 0xA2, 0xB3, 0x43, 0xE5, 0xA3, 0x98, 0x43,
+	0xE5, 0xA3, 0x9F, 0x43, 0xE5, 0xA3, 0xAB, 0x43,
+	0xE5, 0xA3, 0xAE, 0x43, 0xE5, 0xA3, 0xB0, 0x43,
+	0xE5, 0xA3, 0xB2, 0x43, 0xE5, 0xA3, 0xB7, 0x43,
+	0xE5, 0xA4, 0x82, 0x43, 0xE5, 0xA4, 0x86, 0x43,
+	0xE5, 0xA4, 0x8A, 0x43, 0xE5, 0xA4, 0x95, 0x43,
+	0xE5, 0xA4, 0x9A, 0x43, 0xE5, 0xA4, 0x9C, 0x43,
+	0xE5, 0xA4, 0xA2, 0x43, 0xE5, 0xA4, 0xA7, 0x43,
+	// Bytes a00 - a3f
+	0xE5, 0xA4, 0xA9, 0x43, 0xE5, 0xA5, 0x84, 0x43,
+	0xE5, 0xA5, 0x88, 0x43, 0xE5, 0xA5, 0x91, 0x43,
+	0xE5, 0xA5, 0x94, 0x43, 0xE5, 0xA5, 0xA2, 0x43,
+	0xE5, 0xA5, 0xB3, 0x43, 0xE5, 0xA7, 0x98, 0x43,
+	0xE5, 0xA7, 0xAC, 0x43, 0xE5, 0xA8, 0x9B, 0x43,
+	0xE5, 0xA8, 0xA7, 0x43, 0xE5, 0xA9, 0xA2, 0x43,
+	0xE5, 0xA9, 0xA6, 0x43, 0xE5, 0xAA, 0xB5, 0x43,
+	0xE5, 0xAC, 0x88, 0x43, 0xE5, 0xAC, 0xA8, 0x43,
+	// Bytes a40 - a7f
+	0xE5, 0xAC, 0xBE, 0x43, 0xE5, 0xAD, 0x90, 0x43,
+	0xE5, 0xAD, 0x97, 0x43, 0xE5, 0xAD, 0xA6, 0x43,
+	0xE5, 0xAE, 0x80, 0x43, 0xE5, 0xAE, 0x85, 0x43,
+	0xE5, 0xAE, 0x97, 0x43, 0xE5, 0xAF, 0x83, 0x43,
+	0xE5, 0xAF, 0x98, 0x43, 0xE5, 0xAF, 0xA7, 0x43,
+	0xE5, 0xAF, 0xAE, 0x43, 0xE5, 0xAF, 0xB3, 0x43,
+	0xE5, 0xAF, 0xB8, 0x43, 0xE5, 0xAF, 0xBF, 0x43,
+	0xE5, 0xB0, 0x86, 0x43, 0xE5, 0xB0, 0x8F, 0x43,
+	// Bytes a80 - abf
+	0xE5, 0xB0, 0xA2, 0x43, 0xE5, 0xB0, 0xB8, 0x43,
+	0xE5, 0xB0, 0xBF, 0x43, 0xE5, 0xB1, 0xA0, 0x43,
+	0xE5, 0xB1, 0xA2, 0x43, 0xE5, 0xB1, 0xA4, 0x43,
+	0xE5, 0xB1, 0xA5, 0x43, 0xE5, 0xB1, 0xAE, 0x43,
+	0xE5, 0xB1, 0xB1, 0x43, 0xE5, 0xB2, 0x8D, 0x43,
+	0xE5, 0xB3, 0x80, 0x43, 0xE5, 0xB4, 0x99, 0x43,
+	0xE5, 0xB5, 0x83, 0x43, 0xE5, 0xB5, 0x90, 0x43,
+	0xE5, 0xB5, 0xAB, 0x43, 0xE5, 0xB5, 0xAE, 0x43,
+	// Bytes ac0 - aff
+	0xE5, 0xB5, 0xBC, 0x43, 0xE5, 0xB6, 0xB2, 0x43,
+	0xE5, 0xB6, 0xBA, 0x43, 0xE5, 0xB7, 0x9B, 0x43,
+	0xE5, 0xB7, 0xA1, 0x43, 0xE5, 0xB7, 0xA2, 0x43,
+	0xE5, 0xB7, 0xA5, 0x43, 0xE5, 0xB7, 0xA6, 0x43,
+	0xE5, 0xB7, 0xB1, 0x43, 0xE5, 0xB7, 0xBD, 0x43,
+	0xE5, 0xB7, 0xBE, 0x43, 0xE5, 0xB8, 0xA8, 0x43,
+	0xE5, 0xB8, 0xBD, 0x43, 0xE5, 0xB9, 0xA9, 0x43,
+	0xE5, 0xB9, 0xB2, 0x43, 0xE5, 0xB9, 0xB4, 0x43,
+	// Bytes b00 - b3f
+	0xE5, 0xB9, 0xBA, 0x43, 0xE5, 0xB9, 0xBC, 0x43,
+	0xE5, 0xB9, 0xBF, 0x43, 0xE5, 0xBA, 0xA6, 0x43,
+	0xE5, 0xBA, 0xB0, 0x43, 0xE5, 0xBA, 0xB3, 0x43,
+	0xE5, 0xBA, 0xB6, 0x43, 0xE5, 0xBB, 0x89, 0x43,
+	0xE5, 0xBB, 0x8A, 0x43, 0xE5, 0xBB, 0x92, 0x43,
+	0xE5, 0xBB, 0x93, 0x43, 0xE5, 0xBB, 0x99, 0x43,
+	0xE5, 0xBB, 0xAC, 0x43, 0xE5, 0xBB, 0xB4, 0x43,
+	0xE5, 0xBB, 0xBE, 0x43, 0xE5, 0xBC, 0x84, 0x43,
+	// Bytes b40 - b7f
+	0xE5, 0xBC, 0x8B, 0x43, 0xE5, 0xBC, 0x93, 0x43,
+	0xE5, 0xBC, 0xA2, 0x43, 0xE5, 0xBD, 0x90, 0x43,
+	0xE5, 0xBD, 0x93, 0x43, 0xE5, 0xBD, 0xA1, 0x43,
+	0xE5, 0xBD, 0xA2, 0x43, 0xE5, 0xBD, 0xA9, 0x43,
+	0xE5, 0xBD, 0xAB, 0x43, 0xE5, 0xBD, 0xB3, 0x43,
+	0xE5, 0xBE, 0x8B, 0x43, 0xE5, 0xBE, 0x8C, 0x43,
+	0xE5, 0xBE, 0x97, 0x43, 0xE5, 0xBE, 0x9A, 0x43,
+	0xE5, 0xBE, 0xA9, 0x43, 0xE5, 0xBE, 0xAD, 0x43,
+	// Bytes b80 - bbf
+	0xE5, 0xBF, 0x83, 0x43, 0xE5, 0xBF, 0x8D, 0x43,
+	0xE5, 0xBF, 0x97, 0x43, 0xE5, 0xBF, 0xB5, 0x43,
+	0xE5, 0xBF, 0xB9, 0x43, 0xE6, 0x80, 0x92, 0x43,
+	0xE6, 0x80, 0x9C, 0x43, 0xE6, 0x81, 0xB5, 0x43,
+	0xE6, 0x82, 0x81, 0x43, 0xE6, 0x82, 0x94, 0x43,
+	0xE6, 0x83, 0x87, 0x43, 0xE6, 0x83, 0x98, 0x43,
+	0xE6, 0x83, 0xA1, 0x43, 0xE6, 0x84, 0x88, 0x43,
+	0xE6, 0x85, 0x84, 0x43, 0xE6, 0x85, 0x88, 0x43,
+	// Bytes bc0 - bff
+	0xE6, 0x85, 0x8C, 0x43, 0xE6, 0x85, 0x8E, 0x43,
+	0xE6, 0x85, 0xA0, 0x43, 0xE6, 0x85, 0xA8, 0x43,
+	0xE6, 0x85, 0xBA, 0x43, 0xE6, 0x86, 0x8E, 0x43,
+	0xE6, 0x86, 0x90, 0x43, 0xE6, 0x86, 0xA4, 0x43,
+	0xE6, 0x86, 0xAF, 0x43, 0xE6, 0x86, 0xB2, 0x43,
+	0xE6, 0x87, 0x9E, 0x43, 0xE6, 0x87, 0xB2, 0x43,
+	0xE6, 0x87, 0xB6, 0x43, 0xE6, 0x88, 0x80, 0x43,
+	0xE6, 0x88, 0x88, 0x43, 0xE6, 0x88, 0x90, 0x43,
+	// Bytes c00 - c3f
+	0xE6, 0x88, 0x9B, 0x43, 0xE6, 0x88, 0xAE, 0x43,
+	0xE6, 0x88, 0xB4, 0x43, 0xE6, 0x88, 0xB6, 0x43,
+	0xE6, 0x89, 0x8B, 0x43, 0xE6, 0x89, 0x93, 0x43,
+	0xE6, 0x89, 0x9D, 0x43, 0xE6, 0x8A, 0x95, 0x43,
+	0xE6, 0x8A, 0xB1, 0x43, 0xE6, 0x8B, 0x89, 0x43,
+	0xE6, 0x8B, 0x8F, 0x43, 0xE6, 0x8B, 0x93, 0x43,
+	0xE6, 0x8B, 0x94, 0x43, 0xE6, 0x8B, 0xBC, 0x43,
+	0xE6, 0x8B, 0xBE, 0x43, 0xE6, 0x8C, 0x87, 0x43,
+	// Bytes c40 - c7f
+	0xE6, 0x8C, 0xBD, 0x43, 0xE6, 0x8D, 0x90, 0x43,
+	0xE6, 0x8D, 0x95, 0x43, 0xE6, 0x8D, 0xA8, 0x43,
+	0xE6, 0x8D, 0xBB, 0x43, 0xE6, 0x8E, 0x83, 0x43,
+	0xE6, 0x8E, 0xA0, 0x43, 0xE6, 0x8E, 0xA9, 0x43,
+	0xE6, 0x8F, 0x84, 0x43, 0xE6, 0x8F, 0x85, 0x43,
+	0xE6, 0x8F, 0xA4, 0x43, 0xE6, 0x90, 0x9C, 0x43,
+	0xE6, 0x90, 0xA2, 0x43, 0xE6, 0x91, 0x92, 0x43,
+	0xE6, 0x91, 0xA9, 0x43, 0xE6, 0x91, 0xB7, 0x43,
+	// Bytes c80 - cbf
+	0xE6, 0x91, 0xBE, 0x43, 0xE6, 0x92, 0x9A, 0x43,
+	0xE6, 0x92, 0x9D, 0x43, 0xE6, 0x93, 0x84, 0x43,
+	0xE6, 0x94, 0xAF, 0x43, 0xE6, 0x94, 0xB4, 0x43,
+	0xE6, 0x95, 0x8F, 0x43, 0xE6, 0x95, 0x96, 0x43,
+	0xE6, 0x95, 0xAC, 0x43, 0xE6, 0x95, 0xB8, 0x43,
+	0xE6, 0x96, 0x87, 0x43, 0xE6, 0x96, 0x97, 0x43,
+	0xE6, 0x96, 0x99, 0x43, 0xE6, 0x96, 0xA4, 0x43,
+	0xE6, 0x96, 0xB0, 0x43, 0xE6, 0x96, 0xB9, 0x43,
+	// Bytes cc0 - cff
+	0xE6, 0x97, 0x85, 0x43, 0xE6, 0x97, 0xA0, 0x43,
+	0xE6, 0x97, 0xA2, 0x43, 0xE6, 0x97, 0xA3, 0x43,
+	0xE6, 0x97, 0xA5, 0x43, 0xE6, 0x98, 0x93, 0x43,
+	0xE6, 0x98, 0xA0, 0x43, 0xE6, 0x99, 0x89, 0x43,
+	0xE6, 0x99, 0xB4, 0x43, 0xE6, 0x9A, 0x88, 0x43,
+	0xE6, 0x9A, 0x91, 0x43, 0xE6, 0x9A, 0x9C, 0x43,
+	0xE6, 0x9A, 0xB4, 0x43, 0xE6, 0x9B, 0x86, 0x43,
+	0xE6, 0x9B, 0xB0, 0x43, 0xE6, 0x9B, 0xB4, 0x43,
+	// Bytes d00 - d3f
+	0xE6, 0x9B, 0xB8, 0x43, 0xE6, 0x9C, 0x80, 0x43,
+	0xE6, 0x9C, 0x88, 0x43, 0xE6, 0x9C, 0x89, 0x43,
+	0xE6, 0x9C, 0x97, 0x43, 0xE6, 0x9C, 0x9B, 0x43,
+	0xE6, 0x9C, 0xA1, 0x43, 0xE6, 0x9C, 0xA8, 0x43,
+	0xE6, 0x9D, 0x8E, 0x43, 0xE6, 0x9D, 0x93, 0x43,
+	0xE6, 0x9D, 0x96, 0x43, 0xE6, 0x9D, 0x9E, 0x43,
+	0xE6, 0x9D, 0xBB, 0x43, 0xE6, 0x9E, 0x85, 0x43,
+	0xE6, 0x9E, 0x97, 0x43, 0xE6, 0x9F, 0xB3, 0x43,
+	// Bytes d40 - d7f
+	0xE6, 0x9F, 0xBA, 0x43, 0xE6, 0xA0, 0x97, 0x43,
+	0xE6, 0xA0, 0x9F, 0x43, 0xE6, 0xA0, 0xAA, 0x43,
+	0xE6, 0xA1, 0x92, 0x43, 0xE6, 0xA2, 0x81, 0x43,
+	0xE6, 0xA2, 0x85, 0x43, 0xE6, 0xA2, 0x8E, 0x43,
+	0xE6, 0xA2, 0xA8, 0x43, 0xE6, 0xA4, 0x94, 0x43,
+	0xE6, 0xA5, 0x82, 0x43, 0xE6, 0xA6, 0xA3, 0x43,
+	0xE6, 0xA7, 0xAA, 0x43, 0xE6, 0xA8, 0x82, 0x43,
+	0xE6, 0xA8, 0x93, 0x43, 0xE6, 0xAA, 0xA8, 0x43,
+	// Bytes d80 - dbf
+	0xE6, 0xAB, 0x93, 0x43, 0xE6, 0xAB, 0x9B, 0x43,
+	0xE6, 0xAC, 0x84, 0x43, 0xE6, 0xAC, 0xA0, 0x43,
+	0xE6, 0xAC, 0xA1, 0x43, 0xE6, 0xAD, 0x94, 0x43,
+	0xE6, 0xAD, 0xA2, 0x43, 0xE6, 0xAD, 0xA3, 0x43,
+	0xE6, 0xAD, 0xB2, 0x43, 0xE6, 0xAD, 0xB7, 0x43,
+	0xE6, 0xAD, 0xB9, 0x43, 0xE6, 0xAE, 0x9F, 0x43,
+	0xE6, 0xAE, 0xAE, 0x43, 0xE6, 0xAE, 0xB3, 0x43,
+	0xE6, 0xAE, 0xBA, 0x43, 0xE6, 0xAE, 0xBB, 0x43,
+	// Bytes dc0 - dff
+	0xE6, 0xAF, 0x8B, 0x43, 0xE6, 0xAF, 0x8D, 0x43,
+	0xE6, 0xAF, 0x94, 0x43, 0xE6, 0xAF, 0x9B, 0x43,
+	0xE6, 0xB0, 0x8F, 0x43, 0xE6, 0xB0, 0x94, 0x43,
+	0xE6, 0xB0, 0xB4, 0x43, 0xE6, 0xB1, 0x8E, 0x43,
+	0xE6, 0xB1, 0xA7, 0x43, 0xE6, 0xB2, 0x88, 0x43,
+	0xE6, 0xB2, 0xBF, 0x43, 0xE6, 0xB3, 0x8C, 0x43,
+	0xE6, 0xB3, 0x8D, 0x43, 0xE6, 0xB3, 0xA5, 0x43,
+	0xE6, 0xB3, 0xA8, 0x43, 0xE6, 0xB4, 0x96, 0x43,
+	// Bytes e00 - e3f
+	0xE6, 0xB4, 0x9B, 0x43, 0xE6, 0xB4, 0x9E, 0x43,
+	0xE6, 0xB4, 0xB4, 0x43, 0xE6, 0xB4, 0xBE, 0x43,
+	0xE6, 0xB5, 0x81, 0x43, 0xE6, 0xB5, 0xA9, 0x43,
+	0xE6, 0xB5, 0xAA, 0x43, 0xE6, 0xB5, 0xB7, 0x43,
+	0xE6, 0xB5, 0xB8, 0x43, 0xE6, 0xB6, 0x85, 0x43,
+	0xE6, 0xB7, 0x8B, 0x43, 0xE6, 0xB7, 0x9A, 0x43,
+	0xE6, 0xB7, 0xAA, 0x43, 0xE6, 0xB7, 0xB9, 0x43,
+	0xE6, 0xB8, 0x9A, 0x43, 0xE6, 0xB8, 0xAF, 0x43,
+	// Bytes e40 - e7f
+	0xE6, 0xB9, 0xAE, 0x43, 0xE6, 0xBA, 0x80, 0x43,
+	0xE6, 0xBA, 0x9C, 0x43, 0xE6, 0xBA, 0xBA, 0x43,
+	0xE6, 0xBB, 0x87, 0x43, 0xE6, 0xBB, 0x8B, 0x43,
+	0xE6, 0xBB, 0x91, 0x43, 0xE6, 0xBB, 0x9B, 0x43,
+	0xE6, 0xBC, 0x8F, 0x43, 0xE6, 0xBC, 0x94, 0x43,
+	0xE6, 0xBC, 0xA2, 0x43, 0xE6, 0xBC, 0xA3, 0x43,
+	0xE6, 0xBD, 0xAE, 0x43, 0xE6, 0xBF, 0x86, 0x43,
+	0xE6, 0xBF, 0xAB, 0x43, 0xE6, 0xBF, 0xBE, 0x43,
+	// Bytes e80 - ebf
+	0xE7, 0x80, 0x9B, 0x43, 0xE7, 0x80, 0x9E, 0x43,
+	0xE7, 0x80, 0xB9, 0x43, 0xE7, 0x81, 0x8A, 0x43,
+	0xE7, 0x81, 0xAB, 0x43, 0xE7, 0x81, 0xB0, 0x43,
+	0xE7, 0x81, 0xB7, 0x43, 0xE7, 0x81, 0xBD, 0x43,
+	0xE7, 0x82, 0x99, 0x43, 0xE7, 0x82, 0xAD, 0x43,
+	0xE7, 0x83, 0x88, 0x43, 0xE7, 0x83, 0x99, 0x43,
+	0xE7, 0x84, 0xA1, 0x43, 0xE7, 0x85, 0x85, 0x43,
+	0xE7, 0x85, 0x89, 0x43, 0xE7, 0x85, 0xAE, 0x43,
+	// Bytes ec0 - eff
+	0xE7, 0x86, 0x9C, 0x43, 0xE7, 0x87, 0x8E, 0x43,
+	0xE7, 0x87, 0x90, 0x43, 0xE7, 0x88, 0x90, 0x43,
+	0xE7, 0x88, 0x9B, 0x43, 0xE7, 0x88, 0xA8, 0x43,
+	0xE7, 0x88, 0xAA, 0x43, 0xE7, 0x88, 0xAB, 0x43,
+	0xE7, 0x88, 0xB5, 0x43, 0xE7, 0x88, 0xB6, 0x43,
+	0xE7, 0x88, 0xBB, 0x43, 0xE7, 0x88, 0xBF, 0x43,
+	0xE7, 0x89, 0x87, 0x43, 0xE7, 0x89, 0x90, 0x43,
+	0xE7, 0x89, 0x99, 0x43, 0xE7, 0x89, 0x9B, 0x43,
+	// Bytes f00 - f3f
+	0xE7, 0x89, 0xA2, 0x43, 0xE7, 0x89, 0xB9, 0x43,
+	0xE7, 0x8A, 0x80, 0x43, 0xE7, 0x8A, 0x95, 0x43,
+	0xE7, 0x8A, 0xAC, 0x43, 0xE7, 0x8A, 0xAF, 0x43,
+	0xE7, 0x8B, 0x80, 0x43, 0xE7, 0x8B, 0xBC, 0x43,
+	0xE7, 0x8C, 0xAA, 0x43, 0xE7, 0x8D, 0xB5, 0x43,
+	0xE7, 0x8D, 0xBA, 0x43, 0xE7, 0x8E, 0x84, 0x43,
+	0xE7, 0x8E, 0x87, 0x43, 0xE7, 0x8E, 0x89, 0x43,
+	0xE7, 0x8E, 0x8B, 0x43, 0xE7, 0x8E, 0xA5, 0x43,
+	// Bytes f40 - f7f
+	0xE7, 0x8E, 0xB2, 0x43, 0xE7, 0x8F, 0x9E, 0x43,
+	0xE7, 0x90, 0x86, 0x43, 0xE7, 0x90, 0x89, 0x43,
+	0xE7, 0x90, 0xA2, 0x43, 0xE7, 0x91, 0x87, 0x43,
+	0xE7, 0x91, 0x9C, 0x43, 0xE7, 0x91, 0xA9, 0x43,
+	0xE7, 0x91, 0xB1, 0x43, 0xE7, 0x92, 0x85, 0x43,
+	0xE7, 0x92, 0x89, 0x43, 0xE7, 0x92, 0x98, 0x43,
+	0xE7, 0x93, 0x8A, 0x43, 0xE7, 0x93, 0x9C, 0x43,
+	0xE7, 0x93, 0xA6, 0x43, 0xE7, 0x94, 0x86, 0x43,
+	// Bytes f80 - fbf
+	0xE7, 0x94, 0x98, 0x43, 0xE7, 0x94, 0x9F, 0x43,
+	0xE7, 0x94, 0xA4, 0x43, 0xE7, 0x94, 0xA8, 0x43,
+	0xE7, 0x94, 0xB0, 0x43, 0xE7, 0x94, 0xB2, 0x43,
+	0xE7, 0x94, 0xB3, 0x43, 0xE7, 0x94, 0xB7, 0x43,
+	0xE7, 0x94, 0xBB, 0x43, 0xE7, 0x94, 0xBE, 0x43,
+	0xE7, 0x95, 0x99, 0x43, 0xE7, 0x95, 0xA5, 0x43,
+	0xE7, 0x95, 0xB0, 0x43, 0xE7, 0x96, 0x8B, 0x43,
+	0xE7, 0x96, 0x92, 0x43, 0xE7, 0x97, 0xA2, 0x43,
+	// Bytes fc0 - fff
+	0xE7, 0x98, 0x90, 0x43, 0xE7, 0x98, 0x9D, 0x43,
+	0xE7, 0x98, 0x9F, 0x43, 0xE7, 0x99, 0x82, 0x43,
+	0xE7, 0x99, 0xA9, 0x43, 0xE7, 0x99, 0xB6, 0x43,
+	0xE7, 0x99, 0xBD, 0x43, 0xE7, 0x9A, 0xAE, 0x43,
+	0xE7, 0x9A, 0xBF, 0x43, 0xE7, 0x9B, 0x8A, 0x43,
+	0xE7, 0x9B, 0x9B, 0x43, 0xE7, 0x9B, 0xA3, 0x43,
+	0xE7, 0x9B, 0xA7, 0x43, 0xE7, 0x9B, 0xAE, 0x43,
+	0xE7, 0x9B, 0xB4, 0x43, 0xE7, 0x9C, 0x81, 0x43,
+	// Bytes 1000 - 103f
+	0xE7, 0x9C, 0x9E, 0x43, 0xE7, 0x9C, 0x9F, 0x43,
+	0xE7, 0x9D, 0x80, 0x43, 0xE7, 0x9D, 0x8A, 0x43,
+	0xE7, 0x9E, 0x8B, 0x43, 0xE7, 0x9E, 0xA7, 0x43,
+	0xE7, 0x9F, 0x9B, 0x43, 0xE7, 0x9F, 0xA2, 0x43,
+	0xE7, 0x9F, 0xB3, 0x43, 0xE7, 0xA1, 0x8E, 0x43,
+	0xE7, 0xA1, 0xAB, 0x43, 0xE7, 0xA2, 0x8C, 0x43,
+	0xE7, 0xA2, 0x91, 0x43, 0xE7, 0xA3, 0x8A, 0x43,
+	0xE7, 0xA3, 0x8C, 0x43, 0xE7, 0xA3, 0xBB, 0x43,
+	// Bytes 1040 - 107f
+	0xE7, 0xA4, 0xAA, 0x43, 0xE7, 0xA4, 0xBA, 0x43,
+	0xE7, 0xA4, 0xBC, 0x43, 0xE7, 0xA4, 0xBE, 0x43,
+	0xE7, 0xA5, 0x88, 0x43, 0xE7, 0xA5, 0x89, 0x43,
+	0xE7, 0xA5, 0x90, 0x43, 0xE7, 0xA5, 0x96, 0x43,
+	0xE7, 0xA5, 0x9D, 0x43, 0xE7, 0xA5, 0x9E, 0x43,
+	0xE7, 0xA5, 0xA5, 0x43, 0xE7, 0xA5, 0xBF, 0x43,
+	0xE7, 0xA6, 0x81, 0x43, 0xE7, 0xA6, 0x8D, 0x43,
+	0xE7, 0xA6, 0x8E, 0x43, 0xE7, 0xA6, 0x8F, 0x43,
+	// Bytes 1080 - 10bf
+	0xE7, 0xA6, 0xAE, 0x43, 0xE7, 0xA6, 0xB8, 0x43,
+	0xE7, 0xA6, 0xBE, 0x43, 0xE7, 0xA7, 0x8A, 0x43,
+	0xE7, 0xA7, 0x98, 0x43, 0xE7, 0xA7, 0xAB, 0x43,
+	0xE7, 0xA8, 0x9C, 0x43, 0xE7, 0xA9, 0x80, 0x43,
+	0xE7, 0xA9, 0x8A, 0x43, 0xE7, 0xA9, 0x8F, 0x43,
+	0xE7, 0xA9, 0xB4, 0x43, 0xE7, 0xA9, 0xBA, 0x43,
+	0xE7, 0xAA, 0x81, 0x43, 0xE7, 0xAA, 0xB1, 0x43,
+	0xE7, 0xAB, 0x8B, 0x43, 0xE7, 0xAB, 0xAE, 0x43,
+	// Bytes 10c0 - 10ff
+	0xE7, 0xAB, 0xB9, 0x43, 0xE7, 0xAC, 0xA0, 0x43,
+	0xE7, 0xAE, 0x8F, 0x43, 0xE7, 0xAF, 0x80, 0x43,
+	0xE7, 0xAF, 0x86, 0x43, 0xE7, 0xAF, 0x89, 0x43,
+	0xE7, 0xB0, 0xBE, 0x43, 0xE7, 0xB1, 0xA0, 0x43,
+	0xE7, 0xB1, 0xB3, 0x43, 0xE7, 0xB1, 0xBB, 0x43,
+	0xE7, 0xB2, 0x92, 0x43, 0xE7, 0xB2, 0xBE, 0x43,
+	0xE7, 0xB3, 0x92, 0x43, 0xE7, 0xB3, 0x96, 0x43,
+	0xE7, 0xB3, 0xA3, 0x43, 0xE7, 0xB3, 0xA7, 0x43,
+	// Bytes 1100 - 113f
+	0xE7, 0xB3, 0xA8, 0x43, 0xE7, 0xB3, 0xB8, 0x43,
+	0xE7, 0xB4, 0x80, 0x43, 0xE7, 0xB4, 0x90, 0x43,
+	0xE7, 0xB4, 0xA2, 0x43, 0xE7, 0xB4, 0xAF, 0x43,
+	0xE7, 0xB5, 0x82, 0x43, 0xE7, 0xB5, 0x9B, 0x43,
+	0xE7, 0xB5, 0xA3, 0x43, 0xE7, 0xB6, 0xA0, 0x43,
+	0xE7, 0xB6, 0xBE, 0x43, 0xE7, 0xB7, 0x87, 0x43,
+	0xE7, 0xB7, 0xB4, 0x43, 0xE7, 0xB8, 0x82, 0x43,
+	0xE7, 0xB8, 0x89, 0x43, 0xE7, 0xB8, 0xB7, 0x43,
+	// Bytes 1140 - 117f
+	0xE7, 0xB9, 0x81, 0x43, 0xE7, 0xB9, 0x85, 0x43,
+	0xE7, 0xBC, 0xB6, 0x43, 0xE7, 0xBC, 0xBE, 0x43,
+	0xE7, 0xBD, 0x91, 0x43, 0xE7, 0xBD, 0xB2, 0x43,
+	0xE7, 0xBD, 0xB9, 0x43, 0xE7, 0xBD, 0xBA, 0x43,
+	0xE7, 0xBE, 0x85, 0x43, 0xE7, 0xBE, 0x8A, 0x43,
+	0xE7, 0xBE, 0x95, 0x43, 0xE7, 0xBE, 0x9A, 0x43,
+	0xE7, 0xBE, 0xBD, 0x43, 0xE7, 0xBF, 0xBA, 0x43,
+	0xE8, 0x80, 0x81, 0x43, 0xE8, 0x80, 0x85, 0x43,
+	// Bytes 1180 - 11bf
+	0xE8, 0x80, 0x8C, 0x43, 0xE8, 0x80, 0x92, 0x43,
+	0xE8, 0x80, 0xB3, 0x43, 0xE8, 0x81, 0x86, 0x43,
+	0xE8, 0x81, 0xA0, 0x43, 0xE8, 0x81, 0xAF, 0x43,
+	0xE8, 0x81, 0xB0, 0x43, 0xE8, 0x81, 0xBE, 0x43,
+	0xE8, 0x81, 0xBF, 0x43, 0xE8, 0x82, 0x89, 0x43,
+	0xE8, 0x82, 0x8B, 0x43, 0xE8, 0x82, 0xAD, 0x43,
+	0xE8, 0x82, 0xB2, 0x43, 0xE8, 0x84, 0x83, 0x43,
+	0xE8, 0x84, 0xBE, 0x43, 0xE8, 0x87, 0x98, 0x43,
+	// Bytes 11c0 - 11ff
+	0xE8, 0x87, 0xA3, 0x43, 0xE8, 0x87, 0xA8, 0x43,
+	0xE8, 0x87, 0xAA, 0x43, 0xE8, 0x87, 0xAD, 0x43,
+	0xE8, 0x87, 0xB3, 0x43, 0xE8, 0x87, 0xBC, 0x43,
+	0xE8, 0x88, 0x81, 0x43, 0xE8, 0x88, 0x84, 0x43,
+	0xE8, 0x88, 0x8C, 0x43, 0xE8, 0x88, 0x98, 0x43,
+	0xE8, 0x88, 0x9B, 0x43, 0xE8, 0x88, 0x9F, 0x43,
+	0xE8, 0x89, 0xAE, 0x43, 0xE8, 0x89, 0xAF, 0x43,
+	0xE8, 0x89, 0xB2, 0x43, 0xE8, 0x89, 0xB8, 0x43,
+	// Bytes 1200 - 123f
+	0xE8, 0x89, 0xB9, 0x43, 0xE8, 0x8A, 0x8B, 0x43,
+	0xE8, 0x8A, 0x91, 0x43, 0xE8, 0x8A, 0x9D, 0x43,
+	0xE8, 0x8A, 0xB1, 0x43, 0xE8, 0x8A, 0xB3, 0x43,
+	0xE8, 0x8A, 0xBD, 0x43, 0xE8, 0x8B, 0xA5, 0x43,
+	0xE8, 0x8B, 0xA6, 0x43, 0xE8, 0x8C, 0x9D, 0x43,
+	0xE8, 0x8C, 0xA3, 0x43, 0xE8, 0x8C, 0xB6, 0x43,
+	0xE8, 0x8D, 0x92, 0x43, 0xE8, 0x8D, 0x93, 0x43,
+	0xE8, 0x8D, 0xA3, 0x43, 0xE8, 0x8E, 0xAD, 0x43,
+	// Bytes 1240 - 127f
+	0xE8, 0x8E, 0xBD, 0x43, 0xE8, 0x8F, 0x89, 0x43,
+	0xE8, 0x8F, 0x8A, 0x43, 0xE8, 0x8F, 0x8C, 0x43,
+	0xE8, 0x8F, 0x9C, 0x43, 0xE8, 0x8F, 0xA7, 0x43,
+	0xE8, 0x8F, 0xAF, 0x43, 0xE8, 0x8F, 0xB1, 0x43,
+	0xE8, 0x90, 0xBD, 0x43, 0xE8, 0x91, 0x89, 0x43,
+	0xE8, 0x91, 0x97, 0x43, 0xE8, 0x93, 0xAE, 0x43,
+	0xE8, 0x93, 0xB1, 0x43, 0xE8, 0x93, 0xB3, 0x43,
+	0xE8, 0x93, 0xBC, 0x43, 0xE8, 0x94, 0x96, 0x43,
+	// Bytes 1280 - 12bf
+	0xE8, 0x95, 0xA4, 0x43, 0xE8, 0x97, 0x8D, 0x43,
+	0xE8, 0x97, 0xBA, 0x43, 0xE8, 0x98, 0x86, 0x43,
+	0xE8, 0x98, 0x92, 0x43, 0xE8, 0x98, 0xAD, 0x43,
+	0xE8, 0x98, 0xBF, 0x43, 0xE8, 0x99, 0x8D, 0x43,
+	0xE8, 0x99, 0x90, 0x43, 0xE8, 0x99, 0x9C, 0x43,
+	0xE8, 0x99, 0xA7, 0x43, 0xE8, 0x99, 0xA9, 0x43,
+	0xE8, 0x99, 0xAB, 0x43, 0xE8, 0x9A, 0x88, 0x43,
+	0xE8, 0x9A, 0xA9, 0x43, 0xE8, 0x9B, 0xA2, 0x43,
+	// Bytes 12c0 - 12ff
+	0xE8, 0x9C, 0x8E, 0x43, 0xE8, 0x9C, 0xA8, 0x43,
+	0xE8, 0x9D, 0xAB, 0x43, 0xE8, 0x9D, 0xB9, 0x43,
+	0xE8, 0x9E, 0x86, 0x43, 0xE8, 0x9E, 0xBA, 0x43,
+	0xE8, 0x9F, 0xA1, 0x43, 0xE8, 0xA0, 0x81, 0x43,
+	0xE8, 0xA0, 0x9F, 0x43, 0xE8, 0xA1, 0x80, 0x43,
+	0xE8, 0xA1, 0x8C, 0x43, 0xE8, 0xA1, 0xA0, 0x43,
+	0xE8, 0xA1, 0xA3, 0x43, 0xE8, 0xA3, 0x82, 0x43,
+	0xE8, 0xA3, 0x8F, 0x43, 0xE8, 0xA3, 0x97, 0x43,
+	// Bytes 1300 - 133f
+	0xE8, 0xA3, 0x9E, 0x43, 0xE8, 0xA3, 0xA1, 0x43,
+	0xE8, 0xA3, 0xB8, 0x43, 0xE8, 0xA3, 0xBA, 0x43,
+	0xE8, 0xA4, 0x90, 0x43, 0xE8, 0xA5, 0x81, 0x43,
+	0xE8, 0xA5, 0xA4, 0x43, 0xE8, 0xA5, 0xBE, 0x43,
+	0xE8, 0xA6, 0x86, 0x43, 0xE8, 0xA6, 0x8B, 0x43,
+	0xE8, 0xA6, 0x96, 0x43, 0xE8, 0xA7, 0x92, 0x43,
+	0xE8, 0xA7, 0xA3, 0x43, 0xE8, 0xA8, 0x80, 0x43,
+	0xE8, 0xAA, 0xA0, 0x43, 0xE8, 0xAA, 0xAA, 0x43,
+	// Bytes 1340 - 137f
+	0xE8, 0xAA, 0xBF, 0x43, 0xE8, 0xAB, 0x8B, 0x43,
+	0xE8, 0xAB, 0x92, 0x43, 0xE8, 0xAB, 0x96, 0x43,
+	0xE8, 0xAB, 0xAD, 0x43, 0xE8, 0xAB, 0xB8, 0x43,
+	0xE8, 0xAB, 0xBE, 0x43, 0xE8, 0xAC, 0x81, 0x43,
+	0xE8, 0xAC, 0xB9, 0x43, 0xE8, 0xAD, 0x98, 0x43,
+	0xE8, 0xAE, 0x80, 0x43, 0xE8, 0xAE, 0x8A, 0x43,
+	0xE8, 0xB0, 0xB7, 0x43, 0xE8, 0xB1, 0x86, 0x43,
+	0xE8, 0xB1, 0x88, 0x43, 0xE8, 0xB1, 0x95, 0x43,
+	// Bytes 1380 - 13bf
+	0xE8, 0xB1, 0xB8, 0x43, 0xE8, 0xB2, 0x9D, 0x43,
+	0xE8, 0xB2, 0xA1, 0x43, 0xE8, 0xB2, 0xA9, 0x43,
+	0xE8, 0xB2, 0xAB, 0x43, 0xE8, 0xB3, 0x81, 0x43,
+	0xE8, 0xB3, 0x82, 0x43, 0xE8, 0xB3, 0x87, 0x43,
+	0xE8, 0xB3, 0x88, 0x43, 0xE8, 0xB3, 0x93, 0x43,
+	0xE8, 0xB4, 0x88, 0x43, 0xE8, 0xB4, 0x9B, 0x43,
+	0xE8, 0xB5, 0xA4, 0x43, 0xE8, 0xB5, 0xB0, 0x43,
+	0xE8, 0xB5, 0xB7, 0x43, 0xE8, 0xB6, 0xB3, 0x43,
+	// Bytes 13c0 - 13ff
+	0xE8, 0xB6, 0xBC, 0x43, 0xE8, 0xB7, 0x8B, 0x43,
+	0xE8, 0xB7, 0xAF, 0x43, 0xE8, 0xB7, 0xB0, 0x43,
+	0xE8, 0xBA, 0xAB, 0x43, 0xE8, 0xBB, 0x8A, 0x43,
+	0xE8, 0xBB, 0x94, 0x43, 0xE8, 0xBC, 0xA6, 0x43,
+	0xE8, 0xBC, 0xAA, 0x43, 0xE8, 0xBC, 0xB8, 0x43,
+	0xE8, 0xBC, 0xBB, 0x43, 0xE8, 0xBD, 0xA2, 0x43,
+	0xE8, 0xBE, 0x9B, 0x43, 0xE8, 0xBE, 0x9E, 0x43,
+	0xE8, 0xBE, 0xB0, 0x43, 0xE8, 0xBE, 0xB5, 0x43,
+	// Bytes 1400 - 143f
+	0xE8, 0xBE, 0xB6, 0x43, 0xE9, 0x80, 0xA3, 0x43,
+	0xE9, 0x80, 0xB8, 0x43, 0xE9, 0x81, 0x8A, 0x43,
+	0xE9, 0x81, 0xA9, 0x43, 0xE9, 0x81, 0xB2, 0x43,
+	0xE9, 0x81, 0xBC, 0x43, 0xE9, 0x82, 0x8F, 0x43,
+	0xE9, 0x82, 0x91, 0x43, 0xE9, 0x82, 0x94, 0x43,
+	0xE9, 0x83, 0x8E, 0x43, 0xE9, 0x83, 0x9E, 0x43,
+	0xE9, 0x83, 0xB1, 0x43, 0xE9, 0x83, 0xBD, 0x43,
+	0xE9, 0x84, 0x91, 0x43, 0xE9, 0x84, 0x9B, 0x43,
+	// Bytes 1440 - 147f
+	0xE9, 0x85, 0x89, 0x43, 0xE9, 0x85, 0x8D, 0x43,
+	0xE9, 0x85, 0xAA, 0x43, 0xE9, 0x86, 0x99, 0x43,
+	0xE9, 0x86, 0xB4, 0x43, 0xE9, 0x87, 0x86, 0x43,
+	0xE9, 0x87, 0x8C, 0x43, 0xE9, 0x87, 0x8F, 0x43,
+	0xE9, 0x87, 0x91, 0x43, 0xE9, 0x88, 0xB4, 0x43,
+	0xE9, 0x88, 0xB8, 0x43, 0xE9, 0x89, 0xB6, 0x43,
+	0xE9, 0x89, 0xBC, 0x43, 0xE9, 0x8B, 0x97, 0x43,
+	0xE9, 0x8B, 0x98, 0x43, 0xE9, 0x8C, 0x84, 0x43,
+	// Bytes 1480 - 14bf
+	0xE9, 0x8D, 0x8A, 0x43, 0xE9, 0x8F, 0xB9, 0x43,
+	0xE9, 0x90, 0x95, 0x43, 0xE9, 0x95, 0xB7, 0x43,
+	0xE9, 0x96, 0x80, 0x43, 0xE9, 0x96, 0x8B, 0x43,
+	0xE9, 0x96, 0xAD, 0x43, 0xE9, 0x96, 0xB7, 0x43,
+	0xE9, 0x98, 0x9C, 0x43, 0xE9, 0x98, 0xAE, 0x43,
+	0xE9, 0x99, 0x8B, 0x43, 0xE9, 0x99, 0x8D, 0x43,
+	0xE9, 0x99, 0xB5, 0x43, 0xE9, 0x99, 0xB8, 0x43,
+	0xE9, 0x99, 0xBC, 0x43, 0xE9, 0x9A, 0x86, 0x43,
+	// Bytes 14c0 - 14ff
+	0xE9, 0x9A, 0xA3, 0x43, 0xE9, 0x9A, 0xB6, 0x43,
+	0xE9, 0x9A, 0xB7, 0x43, 0xE9, 0x9A, 0xB8, 0x43,
+	0xE9, 0x9A, 0xB9, 0x43, 0xE9, 0x9B, 0x83, 0x43,
+	0xE9, 0x9B, 0xA2, 0x43, 0xE9, 0x9B, 0xA3, 0x43,
+	0xE9, 0x9B, 0xA8, 0x43, 0xE9, 0x9B, 0xB6, 0x43,
+	0xE9, 0x9B, 0xB7, 0x43, 0xE9, 0x9C, 0xA3, 0x43,
+	0xE9, 0x9C, 0xB2, 0x43, 0xE9, 0x9D, 0x88, 0x43,
+	0xE9, 0x9D, 0x91, 0x43, 0xE9, 0x9D, 0x96, 0x43,
+	// Bytes 1500 - 153f
+	0xE9, 0x9D, 0x9E, 0x43, 0xE9, 0x9D, 0xA2, 0x43,
+	0xE9, 0x9D, 0xA9, 0x43, 0xE9, 0x9F, 0x8B, 0x43,
+	0xE9, 0x9F, 0x9B, 0x43, 0xE9, 0x9F, 0xA0, 0x43,
+	0xE9, 0x9F, 0xAD, 0x43, 0xE9, 0x9F, 0xB3, 0x43,
+	0xE9, 0x9F, 0xBF, 0x43, 0xE9, 0xA0, 0x81, 0x43,
+	0xE9, 0xA0, 0x85, 0x43, 0xE9, 0xA0, 0x8B, 0x43,
+	0xE9, 0xA0, 0x98, 0x43, 0xE9, 0xA0, 0xA9, 0x43,
+	0xE9, 0xA0, 0xBB, 0x43, 0xE9, 0xA1, 0x9E, 0x43,
+	// Bytes 1540 - 157f
+	0xE9, 0xA2, 0xA8, 0x43, 0xE9, 0xA3, 0x9B, 0x43,
+	0xE9, 0xA3, 0x9F, 0x43, 0xE9, 0xA3, 0xA2, 0x43,
+	0xE9, 0xA3, 0xAF, 0x43, 0xE9, 0xA3, 0xBC, 0x43,
+	0xE9, 0xA4, 0xA8, 0x43, 0xE9, 0xA4, 0xA9, 0x43,
+	0xE9, 0xA6, 0x96, 0x43, 0xE9, 0xA6, 0x99, 0x43,
+	0xE9, 0xA6, 0xA7, 0x43, 0xE9, 0xA6, 0xAC, 0x43,
+	0xE9, 0xA7, 0x82, 0x43, 0xE9, 0xA7, 0xB1, 0x43,
+	0xE9, 0xA7, 0xBE, 0x43, 0xE9, 0xA9, 0xAA, 0x43,
+	// Bytes 1580 - 15bf
+	0xE9, 0xAA, 0xA8, 0x43, 0xE9, 0xAB, 0x98, 0x43,
+	0xE9, 0xAB, 0x9F, 0x43, 0xE9, 0xAC, 0x92, 0x43,
+	0xE9, 0xAC, 0xA5, 0x43, 0xE9, 0xAC, 0xAF, 0x43,
+	0xE9, 0xAC, 0xB2, 0x43, 0xE9, 0xAC, 0xBC, 0x43,
+	0xE9, 0xAD, 0x9A, 0x43, 0xE9, 0xAD, 0xAF, 0x43,
+	0xE9, 0xB1, 0x80, 0x43, 0xE9, 0xB1, 0x97, 0x43,
+	0xE9, 0xB3, 0xA5, 0x43, 0xE9, 0xB3, 0xBD, 0x43,
+	0xE9, 0xB5, 0xA7, 0x43, 0xE9, 0xB6, 0xB4, 0x43,
+	// Bytes 15c0 - 15ff
+	0xE9, 0xB7, 0xBA, 0x43, 0xE9, 0xB8, 0x9E, 0x43,
+	0xE9, 0xB9, 0xB5, 0x43, 0xE9, 0xB9, 0xBF, 0x43,
+	0xE9, 0xBA, 0x97, 0x43, 0xE9, 0xBA, 0x9F, 0x43,
+	0xE9, 0xBA, 0xA5, 0x43, 0xE9, 0xBA, 0xBB, 0x43,
+	0xE9, 0xBB, 0x83, 0x43, 0xE9, 0xBB, 0x8D, 0x43,
+	0xE9, 0xBB, 0x8E, 0x43, 0xE9, 0xBB, 0x91, 0x43,
+	0xE9, 0xBB, 0xB9, 0x43, 0xE9, 0xBB, 0xBD, 0x43,
+	0xE9, 0xBB, 0xBE, 0x43, 0xE9, 0xBC, 0x85, 0x43,
+	// Bytes 1600 - 163f
+	0xE9, 0xBC, 0x8E, 0x43, 0xE9, 0xBC, 0x8F, 0x43,
+	0xE9, 0xBC, 0x93, 0x43, 0xE9, 0xBC, 0x96, 0x43,
+	0xE9, 0xBC, 0xA0, 0x43, 0xE9, 0xBC, 0xBB, 0x43,
+	0xE9, 0xBD, 0x83, 0x43, 0xE9, 0xBD, 0x8A, 0x43,
+	0xE9, 0xBD, 0x92, 0x43, 0xE9, 0xBE, 0x8D, 0x43,
+	0xE9, 0xBE, 0x8E, 0x43, 0xE9, 0xBE, 0x9C, 0x43,
+	0xE9, 0xBE, 0x9F, 0x43, 0xE9, 0xBE, 0xA0, 0x43,
+	0xEA, 0x9C, 0xA7, 0x43, 0xEA, 0x9D, 0xAF, 0x43,
+	// Bytes 1640 - 167f
+	0xEA, 0xAC, 0xB7, 0x43, 0xEA, 0xAD, 0x92, 0x44,
+	0xF0, 0xA0, 0x84, 0xA2, 0x44, 0xF0, 0xA0, 0x94,
+	0x9C, 0x44, 0xF0, 0xA0, 0x94, 0xA5, 0x44, 0xF0,
+	0xA0, 0x95, 0x8B, 0x44, 0xF0, 0xA0, 0x98, 0xBA,
+	0x44, 0xF0, 0xA0, 0xA0, 0x84, 0x44, 0xF0, 0xA0,
+	0xA3, 0x9E, 0x44, 0xF0, 0xA0, 0xA8, 0xAC, 0x44,
+	0xF0, 0xA0, 0xAD, 0xA3, 0x44, 0xF0, 0xA1, 0x93,
+	0xA4, 0x44, 0xF0, 0xA1, 0x9A, 0xA8, 0x44, 0xF0,
+	// Bytes 1680 - 16bf
+	0xA1, 0x9B, 0xAA, 0x44, 0xF0, 0xA1, 0xA7, 0x88,
+	0x44, 0xF0, 0xA1, 0xAC, 0x98, 0x44, 0xF0, 0xA1,
+	0xB4, 0x8B, 0x44, 0xF0, 0xA1, 0xB7, 0xA4, 0x44,
+	0xF0, 0xA1, 0xB7, 0xA6, 0x44, 0xF0, 0xA2, 0x86,
+	0x83, 0x44, 0xF0, 0xA2, 0x86, 0x9F, 0x44, 0xF0,
+	0xA2, 0x8C, 0xB1, 0x44, 0xF0, 0xA2, 0x9B, 0x94,
+	0x44, 0xF0, 0xA2, 0xA1, 0x84, 0x44, 0xF0, 0xA2,
+	0xA1, 0x8A, 0x44, 0xF0, 0xA2, 0xAC, 0x8C, 0x44,
+	// Bytes 16c0 - 16ff
+	0xF0, 0xA2, 0xAF, 0xB1, 0x44, 0xF0, 0xA3, 0x80,
+	0x8A, 0x44, 0xF0, 0xA3, 0x8A, 0xB8, 0x44, 0xF0,
+	0xA3, 0x8D, 0x9F, 0x44, 0xF0, 0xA3, 0x8E, 0x93,
+	0x44, 0xF0, 0xA3, 0x8E, 0x9C, 0x44, 0xF0, 0xA3,
+	0x8F, 0x83, 0x44, 0xF0, 0xA3, 0x8F, 0x95, 0x44,
+	0xF0, 0xA3, 0x91, 0xAD, 0x44, 0xF0, 0xA3, 0x9A,
+	0xA3, 0x44, 0xF0, 0xA3, 0xA2, 0xA7, 0x44, 0xF0,
+	0xA3, 0xAA, 0x8D, 0x44, 0xF0, 0xA3, 0xAB, 0xBA,
+	// Bytes 1700 - 173f
+	0x44, 0xF0, 0xA3, 0xB2, 0xBC, 0x44, 0xF0, 0xA3,
+	0xB4, 0x9E, 0x44, 0xF0, 0xA3, 0xBB, 0x91, 0x44,
+	0xF0, 0xA3, 0xBD, 0x9E, 0x44, 0xF0, 0xA3, 0xBE,
+	0x8E, 0x44, 0xF0, 0xA4, 0x89, 0xA3, 0x44, 0xF0,
+	0xA4, 0x8B, 0xAE, 0x44, 0xF0, 0xA4, 0x8E, 0xAB,
+	0x44, 0xF0, 0xA4, 0x98, 0x88, 0x44, 0xF0, 0xA4,
+	0x9C, 0xB5, 0x44, 0xF0, 0xA4, 0xA0, 0x94, 0x44,
+	0xF0, 0xA4, 0xB0, 0xB6, 0x44, 0xF0, 0xA4, 0xB2,
+	// Bytes 1740 - 177f
+	0x92, 0x44, 0xF0, 0xA4, 0xBE, 0xA1, 0x44, 0xF0,
+	0xA4, 0xBE, 0xB8, 0x44, 0xF0, 0xA5, 0x81, 0x84,
+	0x44, 0xF0, 0xA5, 0x83, 0xB2, 0x44, 0xF0, 0xA5,
+	0x83, 0xB3, 0x44, 0xF0, 0xA5, 0x84, 0x99, 0x44,
+	0xF0, 0xA5, 0x84, 0xB3, 0x44, 0xF0, 0xA5, 0x89,
+	0x89, 0x44, 0xF0, 0xA5, 0x90, 0x9D, 0x44, 0xF0,
+	0xA5, 0x98, 0xA6, 0x44, 0xF0, 0xA5, 0x9A, 0x9A,
+	0x44, 0xF0, 0xA5, 0x9B, 0x85, 0x44, 0xF0, 0xA5,
+	// Bytes 1780 - 17bf
+	0xA5, 0xBC, 0x44, 0xF0, 0xA5, 0xAA, 0xA7, 0x44,
+	0xF0, 0xA5, 0xAE, 0xAB, 0x44, 0xF0, 0xA5, 0xB2,
+	0x80, 0x44, 0xF0, 0xA5, 0xB3, 0x90, 0x44, 0xF0,
+	0xA5, 0xBE, 0x86, 0x44, 0xF0, 0xA6, 0x87, 0x9A,
+	0x44, 0xF0, 0xA6, 0x88, 0xA8, 0x44, 0xF0, 0xA6,
+	0x89, 0x87, 0x44, 0xF0, 0xA6, 0x8B, 0x99, 0x44,
+	0xF0, 0xA6, 0x8C, 0xBE, 0x44, 0xF0, 0xA6, 0x93,
+	0x9A, 0x44, 0xF0, 0xA6, 0x94, 0xA3, 0x44, 0xF0,
+	// Bytes 17c0 - 17ff
+	0xA6, 0x96, 0xA8, 0x44, 0xF0, 0xA6, 0x9E, 0xA7,
+	0x44, 0xF0, 0xA6, 0x9E, 0xB5, 0x44, 0xF0, 0xA6,
+	0xAC, 0xBC, 0x44, 0xF0, 0xA6, 0xB0, 0xB6, 0x44,
+	0xF0, 0xA6, 0xB3, 0x95, 0x44, 0xF0, 0xA6, 0xB5,
+	0xAB, 0x44, 0xF0, 0xA6, 0xBC, 0xAC, 0x44, 0xF0,
+	0xA6, 0xBE, 0xB1, 0x44, 0xF0, 0xA7, 0x83, 0x92,
+	0x44, 0xF0, 0xA7, 0x8F, 0x8A, 0x44, 0xF0, 0xA7,
+	0x99, 0xA7, 0x44, 0xF0, 0xA7, 0xA2, 0xAE, 0x44,
+	// Bytes 1800 - 183f
+	0xF0, 0xA7, 0xA5, 0xA6, 0x44, 0xF0, 0xA7, 0xB2,
+	0xA8, 0x44, 0xF0, 0xA7, 0xBB, 0x93, 0x44, 0xF0,
+	0xA7, 0xBC, 0xAF, 0x44, 0xF0, 0xA8, 0x97, 0x92,
+	0x44, 0xF0, 0xA8, 0x97, 0xAD, 0x44, 0xF0, 0xA8,
+	0x9C, 0xAE, 0x44, 0xF0, 0xA8, 0xAF, 0xBA, 0x44,
+	0xF0, 0xA8, 0xB5, 0xB7, 0x44, 0xF0, 0xA9, 0x85,
+	0x85, 0x44, 0xF0, 0xA9, 0x87, 0x9F, 0x44, 0xF0,
+	0xA9, 0x88, 0x9A, 0x44, 0xF0, 0xA9, 0x90, 0x8A,
+	// Bytes 1840 - 187f
+	0x44, 0xF0, 0xA9, 0x92, 0x96, 0x44, 0xF0, 0xA9,
+	0x96, 0xB6, 0x44, 0xF0, 0xA9, 0xAC, 0xB0, 0x44,
+	0xF0, 0xAA, 0x83, 0x8E, 0x44, 0xF0, 0xAA, 0x84,
+	0x85, 0x44, 0xF0, 0xAA, 0x88, 0x8E, 0x44, 0xF0,
+	0xAA, 0x8A, 0x91, 0x44, 0xF0, 0xAA, 0x8E, 0x92,
+	0x44, 0xF0, 0xAA, 0x98, 0x80, 0x42, 0x21, 0x21,
+	0x42, 0x21, 0x3F, 0x42, 0x2E, 0x2E, 0x42, 0x30,
+	0x2C, 0x42, 0x30, 0x2E, 0x42, 0x31, 0x2C, 0x42,
+	// Bytes 1880 - 18bf
+	0x31, 0x2E, 0x42, 0x31, 0x30, 0x42, 0x31, 0x31,
+	0x42, 0x31, 0x32, 0x42, 0x31, 0x33, 0x42, 0x31,
+	0x34, 0x42, 0x31, 0x35, 0x42, 0x31, 0x36, 0x42,
+	0x31, 0x37, 0x42, 0x31, 0x38, 0x42, 0x31, 0x39,
+	0x42, 0x32, 0x2C, 0x42, 0x32, 0x2E, 0x42, 0x32,
+	0x30, 0x42, 0x32, 0x31, 0x42, 0x32, 0x32, 0x42,
+	0x32, 0x33, 0x42, 0x32, 0x34, 0x42, 0x32, 0x35,
+	0x42, 0x32, 0x36, 0x42, 0x32, 0x37, 0x42, 0x32,
+	// Bytes 18c0 - 18ff
+	0x38, 0x42, 0x32, 0x39, 0x42, 0x33, 0x2C, 0x42,
+	0x33, 0x2E, 0x42, 0x33, 0x30, 0x42, 0x33, 0x31,
+	0x42, 0x33, 0x32, 0x42, 0x33, 0x33, 0x42, 0x33,
+	0x34, 0x42, 0x33, 0x35, 0x42, 0x33, 0x36, 0x42,
+	0x33, 0x37, 0x42, 0x33, 0x38, 0x42, 0x33, 0x39,
+	0x42, 0x34, 0x2C, 0x42, 0x34, 0x2E, 0x42, 0x34,
+	0x30, 0x42, 0x34, 0x31, 0x42, 0x34, 0x32, 0x42,
+	0x34, 0x33, 0x42, 0x34, 0x34, 0x42, 0x34, 0x35,
+	// Bytes 1900 - 193f
+	0x42, 0x34, 0x36, 0x42, 0x34, 0x37, 0x42, 0x34,
+	0x38, 0x42, 0x34, 0x39, 0x42, 0x35, 0x2C, 0x42,
+	0x35, 0x2E, 0x42, 0x35, 0x30, 0x42, 0x36, 0x2C,
+	0x42, 0x36, 0x2E, 0x42, 0x37, 0x2C, 0x42, 0x37,
+	0x2E, 0x42, 0x38, 0x2C, 0x42, 0x38, 0x2E, 0x42,
+	0x39, 0x2C, 0x42, 0x39, 0x2E, 0x42, 0x3D, 0x3D,
+	0x42, 0x3F, 0x21, 0x42, 0x3F, 0x3F, 0x42, 0x41,
+	0x55, 0x42, 0x42, 0x71, 0x42, 0x43, 0x44, 0x42,
+	// Bytes 1940 - 197f
+	0x44, 0x4A, 0x42, 0x44, 0x5A, 0x42, 0x44, 0x7A,
+	0x42, 0x47, 0x42, 0x42, 0x47, 0x79, 0x42, 0x48,
+	0x50, 0x42, 0x48, 0x56, 0x42, 0x48, 0x67, 0x42,
+	0x48, 0x7A, 0x42, 0x49, 0x49, 0x42, 0x49, 0x4A,
+	0x42, 0x49, 0x55, 0x42, 0x49, 0x56, 0x42, 0x49,
+	0x58, 0x42, 0x4B, 0x42, 0x42, 0x4B, 0x4B, 0x42,
+	0x4B, 0x4D, 0x42, 0x4C, 0x4A, 0x42, 0x4C, 0x6A,
+	0x42, 0x4D, 0x42, 0x42, 0x4D, 0x43, 0x42, 0x4D,
+	// Bytes 1980 - 19bf
+	0x44, 0x42, 0x4D, 0x52, 0x42, 0x4D, 0x56, 0x42,
+	0x4D, 0x57, 0x42, 0x4E, 0x4A, 0x42, 0x4E, 0x6A,
+	0x42, 0x4E, 0x6F, 0x42, 0x50, 0x48, 0x42, 0x50,
+	0x52, 0x42, 0x50, 0x61, 0x42, 0x52, 0x73, 0x42,
+	0x53, 0x44, 0x42, 0x53, 0x4D, 0x42, 0x53, 0x53,
+	0x42, 0x53, 0x76, 0x42, 0x54, 0x4D, 0x42, 0x56,
+	0x49, 0x42, 0x57, 0x43, 0x42, 0x57, 0x5A, 0x42,
+	0x57, 0x62, 0x42, 0x58, 0x49, 0x42, 0x63, 0x63,
+	// Bytes 19c0 - 19ff
+	0x42, 0x63, 0x64, 0x42, 0x63, 0x6D, 0x42, 0x64,
+	0x42, 0x42, 0x64, 0x61, 0x42, 0x64, 0x6C, 0x42,
+	0x64, 0x6D, 0x42, 0x64, 0x7A, 0x42, 0x65, 0x56,
+	0x42, 0x66, 0x66, 0x42, 0x66, 0x69, 0x42, 0x66,
+	0x6C, 0x42, 0x66, 0x6D, 0x42, 0x68, 0x61, 0x42,
+	0x69, 0x69, 0x42, 0x69, 0x6A, 0x42, 0x69, 0x6E,
+	0x42, 0x69, 0x76, 0x42, 0x69, 0x78, 0x42, 0x6B,
+	0x41, 0x42, 0x6B, 0x56, 0x42, 0x6B, 0x57, 0x42,
+	// Bytes 1a00 - 1a3f
+	0x6B, 0x67, 0x42, 0x6B, 0x6C, 0x42, 0x6B, 0x6D,
+	0x42, 0x6B, 0x74, 0x42, 0x6C, 0x6A, 0x42, 0x6C,
+	0x6D, 0x42, 0x6C, 0x6E, 0x42, 0x6C, 0x78, 0x42,
+	0x6D, 0x32, 0x42, 0x6D, 0x33, 0x42, 0x6D, 0x41,
+	0x42, 0x6D, 0x56, 0x42, 0x6D, 0x57, 0x42, 0x6D,
+	0x62, 0x42, 0x6D, 0x67, 0x42, 0x6D, 0x6C, 0x42,
+	0x6D, 0x6D, 0x42, 0x6D, 0x73, 0x42, 0x6E, 0x41,
+	0x42, 0x6E, 0x46, 0x42, 0x6E, 0x56, 0x42, 0x6E,
+	// Bytes 1a40 - 1a7f
+	0x57, 0x42, 0x6E, 0x6A, 0x42, 0x6E, 0x6D, 0x42,
+	0x6E, 0x73, 0x42, 0x6F, 0x56, 0x42, 0x70, 0x41,
+	0x42, 0x70, 0x46, 0x42, 0x70, 0x56, 0x42, 0x70,
+	0x57, 0x42, 0x70, 0x63, 0x42, 0x70, 0x73, 0x42,
+	0x73, 0x72, 0x42, 0x73, 0x74, 0x42, 0x76, 0x69,
+	0x42, 0x78, 0x69, 0x43, 0x28, 0x31, 0x29, 0x43,
+	0x28, 0x32, 0x29, 0x43, 0x28, 0x33, 0x29, 0x43,
+	0x28, 0x34, 0x29, 0x43, 0x28, 0x35, 0x29, 0x43,
+	// Bytes 1a80 - 1abf
+	0x28, 0x36, 0x29, 0x43, 0x28, 0x37, 0x29, 0x43,
+	0x28, 0x38, 0x29, 0x43, 0x28, 0x39, 0x29, 0x43,
+	0x28, 0x41, 0x29, 0x43, 0x28, 0x42, 0x29, 0x43,
+	0x28, 0x43, 0x29, 0x43, 0x28, 0x44, 0x29, 0x43,
+	0x28, 0x45, 0x29, 0x43, 0x28, 0x46, 0x29, 0x43,
+	0x28, 0x47, 0x29, 0x43, 0x28, 0x48, 0x29, 0x43,
+	0x28, 0x49, 0x29, 0x43, 0x28, 0x4A, 0x29, 0x43,
+	0x28, 0x4B, 0x29, 0x43, 0x28, 0x4C, 0x29, 0x43,
+	// Bytes 1ac0 - 1aff
+	0x28, 0x4D, 0x29, 0x43, 0x28, 0x4E, 0x29, 0x43,
+	0x28, 0x4F, 0x29, 0x43, 0x28, 0x50, 0x29, 0x43,
+	0x28, 0x51, 0x29, 0x43, 0x28, 0x52, 0x29, 0x43,
+	0x28, 0x53, 0x29, 0x43, 0x28, 0x54, 0x29, 0x43,
+	0x28, 0x55, 0x29, 0x43, 0x28, 0x56, 0x29, 0x43,
+	0x28, 0x57, 0x29, 0x43, 0x28, 0x58, 0x29, 0x43,
+	0x28, 0x59, 0x29, 0x43, 0x28, 0x5A, 0x29, 0x43,
+	0x28, 0x61, 0x29, 0x43, 0x28, 0x62, 0x29, 0x43,
+	// Bytes 1b00 - 1b3f
+	0x28, 0x63, 0x29, 0x43, 0x28, 0x64, 0x29, 0x43,
+	0x28, 0x65, 0x29, 0x43, 0x28, 0x66, 0x29, 0x43,
+	0x28, 0x67, 0x29, 0x43, 0x28, 0x68, 0x29, 0x43,
+	0x28, 0x69, 0x29, 0x43, 0x28, 0x6A, 0x29, 0x43,
+	0x28, 0x6B, 0x29, 0x43, 0x28, 0x6C, 0x29, 0x43,
+	0x28, 0x6D, 0x29, 0x43, 0x28, 0x6E, 0x29, 0x43,
+	0x28, 0x6F, 0x29, 0x43, 0x28, 0x70, 0x29, 0x43,
+	0x28, 0x71, 0x29, 0x43, 0x28, 0x72, 0x29, 0x43,
+	// Bytes 1b40 - 1b7f
+	0x28, 0x73, 0x29, 0x43, 0x28, 0x74, 0x29, 0x43,
+	0x28, 0x75, 0x29, 0x43, 0x28, 0x76, 0x29, 0x43,
+	0x28, 0x77, 0x29, 0x43, 0x28, 0x78, 0x29, 0x43,
+	0x28, 0x79, 0x29, 0x43, 0x28, 0x7A, 0x29, 0x43,
+	0x2E, 0x2E, 0x2E, 0x43, 0x31, 0x30, 0x2E, 0x43,
+	0x31, 0x31, 0x2E, 0x43, 0x31, 0x32, 0x2E, 0x43,
+	0x31, 0x33, 0x2E, 0x43, 0x31, 0x34, 0x2E, 0x43,
+	0x31, 0x35, 0x2E, 0x43, 0x31, 0x36, 0x2E, 0x43,
+	// Bytes 1b80 - 1bbf
+	0x31, 0x37, 0x2E, 0x43, 0x31, 0x38, 0x2E, 0x43,
+	0x31, 0x39, 0x2E, 0x43, 0x32, 0x30, 0x2E, 0x43,
+	0x3A, 0x3A, 0x3D, 0x43, 0x3D, 0x3D, 0x3D, 0x43,
+	0x43, 0x6F, 0x2E, 0x43, 0x46, 0x41, 0x58, 0x43,
+	0x47, 0x48, 0x7A, 0x43, 0x47, 0x50, 0x61, 0x43,
+	0x49, 0x49, 0x49, 0x43, 0x4C, 0x54, 0x44, 0x43,
+	0x4C, 0xC2, 0xB7, 0x43, 0x4D, 0x48, 0x7A, 0x43,
+	0x4D, 0x50, 0x61, 0x43, 0x4D, 0xCE, 0xA9, 0x43,
+	// Bytes 1bc0 - 1bff
+	0x50, 0x50, 0x4D, 0x43, 0x50, 0x50, 0x56, 0x43,
+	0x50, 0x54, 0x45, 0x43, 0x54, 0x45, 0x4C, 0x43,
+	0x54, 0x48, 0x7A, 0x43, 0x56, 0x49, 0x49, 0x43,
+	0x58, 0x49, 0x49, 0x43, 0x61, 0x2F, 0x63, 0x43,
+	0x61, 0x2F, 0x73, 0x43, 0x61, 0xCA, 0xBE, 0x43,
+	0x62, 0x61, 0x72, 0x43, 0x63, 0x2F, 0x6F, 0x43,
+	0x63, 0x2F, 0x75, 0x43, 0x63, 0x61, 0x6C, 0x43,
+	0x63, 0x6D, 0x32, 0x43, 0x63, 0x6D, 0x33, 0x43,
+	// Bytes 1c00 - 1c3f
+	0x64, 0x6D, 0x32, 0x43, 0x64, 0x6D, 0x33, 0x43,
+	0x65, 0x72, 0x67, 0x43, 0x66, 0x66, 0x69, 0x43,
+	0x66, 0x66, 0x6C, 0x43, 0x67, 0x61, 0x6C, 0x43,
+	0x68, 0x50, 0x61, 0x43, 0x69, 0x69, 0x69, 0x43,
+	0x6B, 0x48, 0x7A, 0x43, 0x6B, 0x50, 0x61, 0x43,
+	0x6B, 0x6D, 0x32, 0x43, 0x6B, 0x6D, 0x33, 0x43,
+	0x6B, 0xCE, 0xA9, 0x43, 0x6C, 0x6F, 0x67, 0x43,
+	0x6C, 0xC2, 0xB7, 0x43, 0x6D, 0x69, 0x6C, 0x43,
+	// Bytes 1c40 - 1c7f
+	0x6D, 0x6D, 0x32, 0x43, 0x6D, 0x6D, 0x33, 0x43,
+	0x6D, 0x6F, 0x6C, 0x43, 0x72, 0x61, 0x64, 0x43,
+	0x76, 0x69, 0x69, 0x43, 0x78, 0x69, 0x69, 0x43,
+	0xC2, 0xB0, 0x43, 0x43, 0xC2, 0xB0, 0x46, 0x43,
+	0xCA, 0xBC, 0x6E, 0x43, 0xCE, 0xBC, 0x41, 0x43,
+	0xCE, 0xBC, 0x46, 0x43, 0xCE, 0xBC, 0x56, 0x43,
+	0xCE, 0xBC, 0x57, 0x43, 0xCE, 0xBC, 0x67, 0x43,
+	0xCE, 0xBC, 0x6C, 0x43, 0xCE, 0xBC, 0x6D, 0x43,
+	// Bytes 1c80 - 1cbf
+	0xCE, 0xBC, 0x73, 0x44, 0x28, 0x31, 0x30, 0x29,
+	0x44, 0x28, 0x31, 0x31, 0x29, 0x44, 0x28, 0x31,
+	0x32, 0x29, 0x44, 0x28, 0x31, 0x33, 0x29, 0x44,
+	0x28, 0x31, 0x34, 0x29, 0x44, 0x28, 0x31, 0x35,
+	0x29, 0x44, 0x28, 0x31, 0x36, 0x29, 0x44, 0x28,
+	0x31, 0x37, 0x29, 0x44, 0x28, 0x31, 0x38, 0x29,
+	0x44, 0x28, 0x31, 0x39, 0x29, 0x44, 0x28, 0x32,
+	0x30, 0x29, 0x44, 0x30, 0xE7, 0x82, 0xB9, 0x44,
+	// Bytes 1cc0 - 1cff
+	0x31, 0xE2, 0x81, 0x84, 0x44, 0x31, 0xE6, 0x97,
+	0xA5, 0x44, 0x31, 0xE6, 0x9C, 0x88, 0x44, 0x31,
+	0xE7, 0x82, 0xB9, 0x44, 0x32, 0xE6, 0x97, 0xA5,
+	0x44, 0x32, 0xE6, 0x9C, 0x88, 0x44, 0x32, 0xE7,
+	0x82, 0xB9, 0x44, 0x33, 0xE6, 0x97, 0xA5, 0x44,
+	0x33, 0xE6, 0x9C, 0x88, 0x44, 0x33, 0xE7, 0x82,
+	0xB9, 0x44, 0x34, 0xE6, 0x97, 0xA5, 0x44, 0x34,
+	0xE6, 0x9C, 0x88, 0x44, 0x34, 0xE7, 0x82, 0xB9,
+	// Bytes 1d00 - 1d3f
+	0x44, 0x35, 0xE6, 0x97, 0xA5, 0x44, 0x35, 0xE6,
+	0x9C, 0x88, 0x44, 0x35, 0xE7, 0x82, 0xB9, 0x44,
+	0x36, 0xE6, 0x97, 0xA5, 0x44, 0x36, 0xE6, 0x9C,
+	0x88, 0x44, 0x36, 0xE7, 0x82, 0xB9, 0x44, 0x37,
+	0xE6, 0x97, 0xA5, 0x44, 0x37, 0xE6, 0x9C, 0x88,
+	0x44, 0x37, 0xE7, 0x82, 0xB9, 0x44, 0x38, 0xE6,
+	0x97, 0xA5, 0x44, 0x38, 0xE6, 0x9C, 0x88, 0x44,
+	0x38, 0xE7, 0x82, 0xB9, 0x44, 0x39, 0xE6, 0x97,
+	// Bytes 1d40 - 1d7f
+	0xA5, 0x44, 0x39, 0xE6, 0x9C, 0x88, 0x44, 0x39,
+	0xE7, 0x82, 0xB9, 0x44, 0x56, 0x49, 0x49, 0x49,
+	0x44, 0x61, 0x2E, 0x6D, 0x2E, 0x44, 0x6B, 0x63,
+	0x61, 0x6C, 0x44, 0x70, 0x2E, 0x6D, 0x2E, 0x44,
+	0x76, 0x69, 0x69, 0x69, 0x44, 0xD5, 0xA5, 0xD6,
+	0x82, 0x44, 0xD5, 0xB4, 0xD5, 0xA5, 0x44, 0xD5,
+	0xB4, 0xD5, 0xAB, 0x44, 0xD5, 0xB4, 0xD5, 0xAD,
+	0x44, 0xD5, 0xB4, 0xD5, 0xB6, 0x44, 0xD5, 0xBE,
+	// Bytes 1d80 - 1dbf
+	0xD5, 0xB6, 0x44, 0xD7, 0x90, 0xD7, 0x9C, 0x44,
+	0xD8, 0xA7, 0xD9, 0xB4, 0x44, 0xD8, 0xA8, 0xD8,
+	0xAC, 0x44, 0xD8, 0xA8, 0xD8, 0xAD, 0x44, 0xD8,
+	0xA8, 0xD8, 0xAE, 0x44, 0xD8, 0xA8, 0xD8, 0xB1,
+	0x44, 0xD8, 0xA8, 0xD8, 0xB2, 0x44, 0xD8, 0xA8,
+	0xD9, 0x85, 0x44, 0xD8, 0xA8, 0xD9, 0x86, 0x44,
+	0xD8, 0xA8, 0xD9, 0x87, 0x44, 0xD8, 0xA8, 0xD9,
+	0x89, 0x44, 0xD8, 0xA8, 0xD9, 0x8A, 0x44, 0xD8,
+	// Bytes 1dc0 - 1dff
+	0xAA, 0xD8, 0xAC, 0x44, 0xD8, 0xAA, 0xD8, 0xAD,
+	0x44, 0xD8, 0xAA, 0xD8, 0xAE, 0x44, 0xD8, 0xAA,
+	0xD8, 0xB1, 0x44, 0xD8, 0xAA, 0xD8, 0xB2, 0x44,
+	0xD8, 0xAA, 0xD9, 0x85, 0x44, 0xD8, 0xAA, 0xD9,
+	0x86, 0x44, 0xD8, 0xAA, 0xD9, 0x87, 0x44, 0xD8,
+	0xAA, 0xD9, 0x89, 0x44, 0xD8, 0xAA, 0xD9, 0x8A,
+	0x44, 0xD8, 0xAB, 0xD8, 0xAC, 0x44, 0xD8, 0xAB,
+	0xD8, 0xB1, 0x44, 0xD8, 0xAB, 0xD8, 0xB2, 0x44,
+	// Bytes 1e00 - 1e3f
+	0xD8, 0xAB, 0xD9, 0x85, 0x44, 0xD8, 0xAB, 0xD9,
+	0x86, 0x44, 0xD8, 0xAB, 0xD9, 0x87, 0x44, 0xD8,
+	0xAB, 0xD9, 0x89, 0x44, 0xD8, 0xAB, 0xD9, 0x8A,
+	0x44, 0xD8, 0xAC, 0xD8, 0xAD, 0x44, 0xD8, 0xAC,
+	0xD9, 0x85, 0x44, 0xD8, 0xAC, 0xD9, 0x89, 0x44,
+	0xD8, 0xAC, 0xD9, 0x8A, 0x44, 0xD8, 0xAD, 0xD8,
+	0xAC, 0x44, 0xD8, 0xAD, 0xD9, 0x85, 0x44, 0xD8,
+	0xAD, 0xD9, 0x89, 0x44, 0xD8, 0xAD, 0xD9, 0x8A,
+	// Bytes 1e40 - 1e7f
+	0x44, 0xD8, 0xAE, 0xD8, 0xAC, 0x44, 0xD8, 0xAE,
+	0xD8, 0xAD, 0x44, 0xD8, 0xAE, 0xD9, 0x85, 0x44,
+	0xD8, 0xAE, 0xD9, 0x89, 0x44, 0xD8, 0xAE, 0xD9,
+	0x8A, 0x44, 0xD8, 0xB3, 0xD8, 0xAC, 0x44, 0xD8,
+	0xB3, 0xD8, 0xAD, 0x44, 0xD8, 0xB3, 0xD8, 0xAE,
+	0x44, 0xD8, 0xB3, 0xD8, 0xB1, 0x44, 0xD8, 0xB3,
+	0xD9, 0x85, 0x44, 0xD8, 0xB3, 0xD9, 0x87, 0x44,
+	0xD8, 0xB3, 0xD9, 0x89, 0x44, 0xD8, 0xB3, 0xD9,
+	// Bytes 1e80 - 1ebf
+	0x8A, 0x44, 0xD8, 0xB4, 0xD8, 0xAC, 0x44, 0xD8,
+	0xB4, 0xD8, 0xAD, 0x44, 0xD8, 0xB4, 0xD8, 0xAE,
+	0x44, 0xD8, 0xB4, 0xD8, 0xB1, 0x44, 0xD8, 0xB4,
+	0xD9, 0x85, 0x44, 0xD8, 0xB4, 0xD9, 0x87, 0x44,
+	0xD8, 0xB4, 0xD9, 0x89, 0x44, 0xD8, 0xB4, 0xD9,
+	0x8A, 0x44, 0xD8, 0xB5, 0xD8, 0xAD, 0x44, 0xD8,
+	0xB5, 0xD8, 0xAE, 0x44, 0xD8, 0xB5, 0xD8, 0xB1,
+	0x44, 0xD8, 0xB5, 0xD9, 0x85, 0x44, 0xD8, 0xB5,
+	// Bytes 1ec0 - 1eff
+	0xD9, 0x89, 0x44, 0xD8, 0xB5, 0xD9, 0x8A, 0x44,
+	0xD8, 0xB6, 0xD8, 0xAC, 0x44, 0xD8, 0xB6, 0xD8,
+	0xAD, 0x44, 0xD8, 0xB6, 0xD8, 0xAE, 0x44, 0xD8,
+	0xB6, 0xD8, 0xB1, 0x44, 0xD8, 0xB6, 0xD9, 0x85,
+	0x44, 0xD8, 0xB6, 0xD9, 0x89, 0x44, 0xD8, 0xB6,
+	0xD9, 0x8A, 0x44, 0xD8, 0xB7, 0xD8, 0xAD, 0x44,
+	0xD8, 0xB7, 0xD9, 0x85, 0x44, 0xD8, 0xB7, 0xD9,
+	0x89, 0x44, 0xD8, 0xB7, 0xD9, 0x8A, 0x44, 0xD8,
+	// Bytes 1f00 - 1f3f
+	0xB8, 0xD9, 0x85, 0x44, 0xD8, 0xB9, 0xD8, 0xAC,
+	0x44, 0xD8, 0xB9, 0xD9, 0x85, 0x44, 0xD8, 0xB9,
+	0xD9, 0x89, 0x44, 0xD8, 0xB9, 0xD9, 0x8A, 0x44,
+	0xD8, 0xBA, 0xD8, 0xAC, 0x44, 0xD8, 0xBA, 0xD9,
+	0x85, 0x44, 0xD8, 0xBA, 0xD9, 0x89, 0x44, 0xD8,
+	0xBA, 0xD9, 0x8A, 0x44, 0xD9, 0x81, 0xD8, 0xAC,
+	0x44, 0xD9, 0x81, 0xD8, 0xAD, 0x44, 0xD9, 0x81,
+	0xD8, 0xAE, 0x44, 0xD9, 0x81, 0xD9, 0x85, 0x44,
+	// Bytes 1f40 - 1f7f
+	0xD9, 0x81, 0xD9, 0x89, 0x44, 0xD9, 0x81, 0xD9,
+	0x8A, 0x44, 0xD9, 0x82, 0xD8, 0xAD, 0x44, 0xD9,
+	0x82, 0xD9, 0x85, 0x44, 0xD9, 0x82, 0xD9, 0x89,
+	0x44, 0xD9, 0x82, 0xD9, 0x8A, 0x44, 0xD9, 0x83,
+	0xD8, 0xA7, 0x44, 0xD9, 0x83, 0xD8, 0xAC, 0x44,
+	0xD9, 0x83, 0xD8, 0xAD, 0x44, 0xD9, 0x83, 0xD8,
+	0xAE, 0x44, 0xD9, 0x83, 0xD9, 0x84, 0x44, 0xD9,
+	0x83, 0xD9, 0x85, 0x44, 0xD9, 0x83, 0xD9, 0x89,
+	// Bytes 1f80 - 1fbf
+	0x44, 0xD9, 0x83, 0xD9, 0x8A, 0x44, 0xD9, 0x84,
+	0xD8, 0xA7, 0x44, 0xD9, 0x84, 0xD8, 0xAC, 0x44,
+	0xD9, 0x84, 0xD8, 0xAD, 0x44, 0xD9, 0x84, 0xD8,
+	0xAE, 0x44, 0xD9, 0x84, 0xD9, 0x85, 0x44, 0xD9,
+	0x84, 0xD9, 0x87, 0x44, 0xD9, 0x84, 0xD9, 0x89,
+	0x44, 0xD9, 0x84, 0xD9, 0x8A, 0x44, 0xD9, 0x85,
+	0xD8, 0xA7, 0x44, 0xD9, 0x85, 0xD8, 0xAC, 0x44,
+	0xD9, 0x85, 0xD8, 0xAD, 0x44, 0xD9, 0x85, 0xD8,
+	// Bytes 1fc0 - 1fff
+	0xAE, 0x44, 0xD9, 0x85, 0xD9, 0x85, 0x44, 0xD9,
+	0x85, 0xD9, 0x89, 0x44, 0xD9, 0x85, 0xD9, 0x8A,
+	0x44, 0xD9, 0x86, 0xD8, 0xAC, 0x44, 0xD9, 0x86,
+	0xD8, 0xAD, 0x44, 0xD9, 0x86, 0xD8, 0xAE, 0x44,
+	0xD9, 0x86, 0xD8, 0xB1, 0x44, 0xD9, 0x86, 0xD8,
+	0xB2, 0x44, 0xD9, 0x86, 0xD9, 0x85, 0x44, 0xD9,
+	0x86, 0xD9, 0x86, 0x44, 0xD9, 0x86, 0xD9, 0x87,
+	0x44, 0xD9, 0x86, 0xD9, 0x89, 0x44, 0xD9, 0x86,
+	// Bytes 2000 - 203f
+	0xD9, 0x8A, 0x44, 0xD9, 0x87, 0xD8, 0xAC, 0x44,
+	0xD9, 0x87, 0xD9, 0x85, 0x44, 0xD9, 0x87, 0xD9,
+	0x89, 0x44, 0xD9, 0x87, 0xD9, 0x8A, 0x44, 0xD9,
+	0x88, 0xD9, 0xB4, 0x44, 0xD9, 0x8A, 0xD8, 0xAC,
+	0x44, 0xD9, 0x8A, 0xD8, 0xAD, 0x44, 0xD9, 0x8A,
+	0xD8, 0xAE, 0x44, 0xD9, 0x8A, 0xD8, 0xB1, 0x44,
+	0xD9, 0x8A, 0xD8, 0xB2, 0x44, 0xD9, 0x8A, 0xD9,
+	0x85, 0x44, 0xD9, 0x8A, 0xD9, 0x86, 0x44, 0xD9,
+	// Bytes 2040 - 207f
+	0x8A, 0xD9, 0x87, 0x44, 0xD9, 0x8A, 0xD9, 0x89,
+	0x44, 0xD9, 0x8A, 0xD9, 0x8A, 0x44, 0xD9, 0x8A,
+	0xD9, 0xB4, 0x44, 0xDB, 0x87, 0xD9, 0xB4, 0x45,
+	0x28, 0xE1, 0x84, 0x80, 0x29, 0x45, 0x28, 0xE1,
+	0x84, 0x82, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x83,
+	0x29, 0x45, 0x28, 0xE1, 0x84, 0x85, 0x29, 0x45,
+	0x28, 0xE1, 0x84, 0x86, 0x29, 0x45, 0x28, 0xE1,
+	0x84, 0x87, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x89,
+	// Bytes 2080 - 20bf
+	0x29, 0x45, 0x28, 0xE1, 0x84, 0x8B, 0x29, 0x45,
+	0x28, 0xE1, 0x84, 0x8C, 0x29, 0x45, 0x28, 0xE1,
+	0x84, 0x8E, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x8F,
+	0x29, 0x45, 0x28, 0xE1, 0x84, 0x90, 0x29, 0x45,
+	0x28, 0xE1, 0x84, 0x91, 0x29, 0x45, 0x28, 0xE1,
+	0x84, 0x92, 0x29, 0x45, 0x28, 0xE4, 0xB8, 0x80,
+	0x29, 0x45, 0x28, 0xE4, 0xB8, 0x83, 0x29, 0x45,
+	0x28, 0xE4, 0xB8, 0x89, 0x29, 0x45, 0x28, 0xE4,
+	// Bytes 20c0 - 20ff
+	0xB9, 0x9D, 0x29, 0x45, 0x28, 0xE4, 0xBA, 0x8C,
+	0x29, 0x45, 0x28, 0xE4, 0xBA, 0x94, 0x29, 0x45,
+	0x28, 0xE4, 0xBB, 0xA3, 0x29, 0x45, 0x28, 0xE4,
+	0xBC, 0x81, 0x29, 0x45, 0x28, 0xE4, 0xBC, 0x91,
+	0x29, 0x45, 0x28, 0xE5, 0x85, 0xAB, 0x29, 0x45,
+	0x28, 0xE5, 0x85, 0xAD, 0x29, 0x45, 0x28, 0xE5,
+	0x8A, 0xB4, 0x29, 0x45, 0x28, 0xE5, 0x8D, 0x81,
+	0x29, 0x45, 0x28, 0xE5, 0x8D, 0x94, 0x29, 0x45,
+	// Bytes 2100 - 213f
+	0x28, 0xE5, 0x90, 0x8D, 0x29, 0x45, 0x28, 0xE5,
+	0x91, 0xBC, 0x29, 0x45, 0x28, 0xE5, 0x9B, 0x9B,
+	0x29, 0x45, 0x28, 0xE5, 0x9C, 0x9F, 0x29, 0x45,
+	0x28, 0xE5, 0xAD, 0xA6, 0x29, 0x45, 0x28, 0xE6,
+	0x97, 0xA5, 0x29, 0x45, 0x28, 0xE6, 0x9C, 0x88,
+	0x29, 0x45, 0x28, 0xE6, 0x9C, 0x89, 0x29, 0x45,
+	0x28, 0xE6, 0x9C, 0xA8, 0x29, 0x45, 0x28, 0xE6,
+	0xA0, 0xAA, 0x29, 0x45, 0x28, 0xE6, 0xB0, 0xB4,
+	// Bytes 2140 - 217f
+	0x29, 0x45, 0x28, 0xE7, 0x81, 0xAB, 0x29, 0x45,
+	0x28, 0xE7, 0x89, 0xB9, 0x29, 0x45, 0x28, 0xE7,
+	0x9B, 0xA3, 0x29, 0x45, 0x28, 0xE7, 0xA4, 0xBE,
+	0x29, 0x45, 0x28, 0xE7, 0xA5, 0x9D, 0x29, 0x45,
+	0x28, 0xE7, 0xA5, 0xAD, 0x29, 0x45, 0x28, 0xE8,
+	0x87, 0xAA, 0x29, 0x45, 0x28, 0xE8, 0x87, 0xB3,
+	0x29, 0x45, 0x28, 0xE8, 0xB2, 0xA1, 0x29, 0x45,
+	0x28, 0xE8, 0xB3, 0x87, 0x29, 0x45, 0x28, 0xE9,
+	// Bytes 2180 - 21bf
+	0x87, 0x91, 0x29, 0x45, 0x30, 0xE2, 0x81, 0x84,
+	0x33, 0x45, 0x31, 0x30, 0xE6, 0x97, 0xA5, 0x45,
+	0x31, 0x30, 0xE6, 0x9C, 0x88, 0x45, 0x31, 0x30,
+	0xE7, 0x82, 0xB9, 0x45, 0x31, 0x31, 0xE6, 0x97,
+	0xA5, 0x45, 0x31, 0x31, 0xE6, 0x9C, 0x88, 0x45,
+	0x31, 0x31, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x32,
+	0xE6, 0x97, 0xA5, 0x45, 0x31, 0x32, 0xE6, 0x9C,
+	0x88, 0x45, 0x31, 0x32, 0xE7, 0x82, 0xB9, 0x45,
+	// Bytes 21c0 - 21ff
+	0x31, 0x33, 0xE6, 0x97, 0xA5, 0x45, 0x31, 0x33,
+	0xE7, 0x82, 0xB9, 0x45, 0x31, 0x34, 0xE6, 0x97,
+	0xA5, 0x45, 0x31, 0x34, 0xE7, 0x82, 0xB9, 0x45,
+	0x31, 0x35, 0xE6, 0x97, 0xA5, 0x45, 0x31, 0x35,
+	0xE7, 0x82, 0xB9, 0x45, 0x31, 0x36, 0xE6, 0x97,
+	0xA5, 0x45, 0x31, 0x36, 0xE7, 0x82, 0xB9, 0x45,
+	0x31, 0x37, 0xE6, 0x97, 0xA5, 0x45, 0x31, 0x37,
+	0xE7, 0x82, 0xB9, 0x45, 0x31, 0x38, 0xE6, 0x97,
+	// Bytes 2200 - 223f
+	0xA5, 0x45, 0x31, 0x38, 0xE7, 0x82, 0xB9, 0x45,
+	0x31, 0x39, 0xE6, 0x97, 0xA5, 0x45, 0x31, 0x39,
+	0xE7, 0x82, 0xB9, 0x45, 0x31, 0xE2, 0x81, 0x84,
+	0x32, 0x45, 0x31, 0xE2, 0x81, 0x84, 0x33, 0x45,
+	0x31, 0xE2, 0x81, 0x84, 0x34, 0x45, 0x31, 0xE2,
+	0x81, 0x84, 0x35, 0x45, 0x31, 0xE2, 0x81, 0x84,
+	0x36, 0x45, 0x31, 0xE2, 0x81, 0x84, 0x37, 0x45,
+	0x31, 0xE2, 0x81, 0x84, 0x38, 0x45, 0x31, 0xE2,
+	// Bytes 2240 - 227f
+	0x81, 0x84, 0x39, 0x45, 0x32, 0x30, 0xE6, 0x97,
+	0xA5, 0x45, 0x32, 0x30, 0xE7, 0x82, 0xB9, 0x45,
+	0x32, 0x31, 0xE6, 0x97, 0xA5, 0x45, 0x32, 0x31,
+	0xE7, 0x82, 0xB9, 0x45, 0x32, 0x32, 0xE6, 0x97,
+	0xA5, 0x45, 0x32, 0x32, 0xE7, 0x82, 0xB9, 0x45,
+	0x32, 0x33, 0xE6, 0x97, 0xA5, 0x45, 0x32, 0x33,
+	0xE7, 0x82, 0xB9, 0x45, 0x32, 0x34, 0xE6, 0x97,
+	0xA5, 0x45, 0x32, 0x34, 0xE7, 0x82, 0xB9, 0x45,
+	// Bytes 2280 - 22bf
+	0x32, 0x35, 0xE6, 0x97, 0xA5, 0x45, 0x32, 0x36,
+	0xE6, 0x97, 0xA5, 0x45, 0x32, 0x37, 0xE6, 0x97,
+	0xA5, 0x45, 0x32, 0x38, 0xE6, 0x97, 0xA5, 0x45,
+	0x32, 0x39, 0xE6, 0x97, 0xA5, 0x45, 0x32, 0xE2,
+	0x81, 0x84, 0x33, 0x45, 0x32, 0xE2, 0x81, 0x84,
+	0x35, 0x45, 0x33, 0x30, 0xE6, 0x97, 0xA5, 0x45,
+	0x33, 0x31, 0xE6, 0x97, 0xA5, 0x45, 0x33, 0xE2,
+	0x81, 0x84, 0x34, 0x45, 0x33, 0xE2, 0x81, 0x84,
+	// Bytes 22c0 - 22ff
+	0x35, 0x45, 0x33, 0xE2, 0x81, 0x84, 0x38, 0x45,
+	0x34, 0xE2, 0x81, 0x84, 0x35, 0x45, 0x35, 0xE2,
+	0x81, 0x84, 0x36, 0x45, 0x35, 0xE2, 0x81, 0x84,
+	0x38, 0x45, 0x37, 0xE2, 0x81, 0x84, 0x38, 0x45,
+	0x41, 0xE2, 0x88, 0x95, 0x6D, 0x45, 0x56, 0xE2,
+	0x88, 0x95, 0x6D, 0x45, 0x6D, 0xE2, 0x88, 0x95,
+	0x73, 0x46, 0x31, 0xE2, 0x81, 0x84, 0x31, 0x30,
+	0x46, 0x43, 0xE2, 0x88, 0x95, 0x6B, 0x67, 0x46,
+	// Bytes 2300 - 233f
+	0x6D, 0xE2, 0x88, 0x95, 0x73, 0x32, 0x46, 0xD8,
+	0xA8, 0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD8, 0xA8,
+	0xD8, 0xAE, 0xD9, 0x8A, 0x46, 0xD8, 0xAA, 0xD8,
+	0xAC, 0xD9, 0x85, 0x46, 0xD8, 0xAA, 0xD8, 0xAC,
+	0xD9, 0x89, 0x46, 0xD8, 0xAA, 0xD8, 0xAC, 0xD9,
+	0x8A, 0x46, 0xD8, 0xAA, 0xD8, 0xAD, 0xD8, 0xAC,
+	0x46, 0xD8, 0xAA, 0xD8, 0xAD, 0xD9, 0x85, 0x46,
+	0xD8, 0xAA, 0xD8, 0xAE, 0xD9, 0x85, 0x46, 0xD8,
+	// Bytes 2340 - 237f
+	0xAA, 0xD8, 0xAE, 0xD9, 0x89, 0x46, 0xD8, 0xAA,
+	0xD8, 0xAE, 0xD9, 0x8A, 0x46, 0xD8, 0xAA, 0xD9,
+	0x85, 0xD8, 0xAC, 0x46, 0xD8, 0xAA, 0xD9, 0x85,
+	0xD8, 0xAD, 0x46, 0xD8, 0xAA, 0xD9, 0x85, 0xD8,
+	0xAE, 0x46, 0xD8, 0xAA, 0xD9, 0x85, 0xD9, 0x89,
+	0x46, 0xD8, 0xAA, 0xD9, 0x85, 0xD9, 0x8A, 0x46,
+	0xD8, 0xAC, 0xD8, 0xAD, 0xD9, 0x89, 0x46, 0xD8,
+	0xAC, 0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD8, 0xAC,
+	// Bytes 2380 - 23bf
+	0xD9, 0x85, 0xD8, 0xAD, 0x46, 0xD8, 0xAC, 0xD9,
+	0x85, 0xD9, 0x89, 0x46, 0xD8, 0xAC, 0xD9, 0x85,
+	0xD9, 0x8A, 0x46, 0xD8, 0xAD, 0xD8, 0xAC, 0xD9,
+	0x8A, 0x46, 0xD8, 0xAD, 0xD9, 0x85, 0xD9, 0x89,
+	0x46, 0xD8, 0xAD, 0xD9, 0x85, 0xD9, 0x8A, 0x46,
+	0xD8, 0xB3, 0xD8, 0xAC, 0xD8, 0xAD, 0x46, 0xD8,
+	0xB3, 0xD8, 0xAC, 0xD9, 0x89, 0x46, 0xD8, 0xB3,
+	0xD8, 0xAD, 0xD8, 0xAC, 0x46, 0xD8, 0xB3, 0xD8,
+	// Bytes 23c0 - 23ff
+	0xAE, 0xD9, 0x89, 0x46, 0xD8, 0xB3, 0xD8, 0xAE,
+	0xD9, 0x8A, 0x46, 0xD8, 0xB3, 0xD9, 0x85, 0xD8,
+	0xAC, 0x46, 0xD8, 0xB3, 0xD9, 0x85, 0xD8, 0xAD,
+	0x46, 0xD8, 0xB3, 0xD9, 0x85, 0xD9, 0x85, 0x46,
+	0xD8, 0xB4, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD8,
+	0xB4, 0xD8, 0xAD, 0xD9, 0x85, 0x46, 0xD8, 0xB4,
+	0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD8, 0xB4, 0xD9,
+	0x85, 0xD8, 0xAE, 0x46, 0xD8, 0xB4, 0xD9, 0x85,
+	// Bytes 2400 - 243f
+	0xD9, 0x85, 0x46, 0xD8, 0xB5, 0xD8, 0xAD, 0xD8,
+	0xAD, 0x46, 0xD8, 0xB5, 0xD8, 0xAD, 0xD9, 0x8A,
+	0x46, 0xD8, 0xB5, 0xD9, 0x84, 0xD9, 0x89, 0x46,
+	0xD8, 0xB5, 0xD9, 0x84, 0xDB, 0x92, 0x46, 0xD8,
+	0xB5, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD8, 0xB6,
+	0xD8, 0xAD, 0xD9, 0x89, 0x46, 0xD8, 0xB6, 0xD8,
+	0xAD, 0xD9, 0x8A, 0x46, 0xD8, 0xB6, 0xD8, 0xAE,
+	0xD9, 0x85, 0x46, 0xD8, 0xB7, 0xD9, 0x85, 0xD8,
+	// Bytes 2440 - 247f
+	0xAD, 0x46, 0xD8, 0xB7, 0xD9, 0x85, 0xD9, 0x85,
+	0x46, 0xD8, 0xB7, 0xD9, 0x85, 0xD9, 0x8A, 0x46,
+	0xD8, 0xB9, 0xD8, 0xAC, 0xD9, 0x85, 0x46, 0xD8,
+	0xB9, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD8, 0xB9,
+	0xD9, 0x85, 0xD9, 0x89, 0x46, 0xD8, 0xB9, 0xD9,
+	0x85, 0xD9, 0x8A, 0x46, 0xD8, 0xBA, 0xD9, 0x85,
+	0xD9, 0x85, 0x46, 0xD8, 0xBA, 0xD9, 0x85, 0xD9,
+	0x89, 0x46, 0xD8, 0xBA, 0xD9, 0x85, 0xD9, 0x8A,
+	// Bytes 2480 - 24bf
+	0x46, 0xD9, 0x81, 0xD8, 0xAE, 0xD9, 0x85, 0x46,
+	0xD9, 0x81, 0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9,
+	0x82, 0xD9, 0x84, 0xDB, 0x92, 0x46, 0xD9, 0x82,
+	0xD9, 0x85, 0xD8, 0xAD, 0x46, 0xD9, 0x82, 0xD9,
+	0x85, 0xD9, 0x85, 0x46, 0xD9, 0x82, 0xD9, 0x85,
+	0xD9, 0x8A, 0x46, 0xD9, 0x83, 0xD9, 0x85, 0xD9,
+	0x85, 0x46, 0xD9, 0x83, 0xD9, 0x85, 0xD9, 0x8A,
+	0x46, 0xD9, 0x84, 0xD8, 0xAC, 0xD8, 0xAC, 0x46,
+	// Bytes 24c0 - 24ff
+	0xD9, 0x84, 0xD8, 0xAC, 0xD9, 0x85, 0x46, 0xD9,
+	0x84, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD9, 0x84,
+	0xD8, 0xAD, 0xD9, 0x85, 0x46, 0xD9, 0x84, 0xD8,
+	0xAD, 0xD9, 0x89, 0x46, 0xD9, 0x84, 0xD8, 0xAD,
+	0xD9, 0x8A, 0x46, 0xD9, 0x84, 0xD8, 0xAE, 0xD9,
+	0x85, 0x46, 0xD9, 0x84, 0xD9, 0x85, 0xD8, 0xAD,
+	0x46, 0xD9, 0x84, 0xD9, 0x85, 0xD9, 0x8A, 0x46,
+	0xD9, 0x85, 0xD8, 0xAC, 0xD8, 0xAD, 0x46, 0xD9,
+	// Bytes 2500 - 253f
+	0x85, 0xD8, 0xAC, 0xD8, 0xAE, 0x46, 0xD9, 0x85,
+	0xD8, 0xAC, 0xD9, 0x85, 0x46, 0xD9, 0x85, 0xD8,
+	0xAC, 0xD9, 0x8A, 0x46, 0xD9, 0x85, 0xD8, 0xAD,
+	0xD8, 0xAC, 0x46, 0xD9, 0x85, 0xD8, 0xAD, 0xD9,
+	0x85, 0x46, 0xD9, 0x85, 0xD8, 0xAD, 0xD9, 0x8A,
+	0x46, 0xD9, 0x85, 0xD8, 0xAE, 0xD8, 0xAC, 0x46,
+	0xD9, 0x85, 0xD8, 0xAE, 0xD9, 0x85, 0x46, 0xD9,
+	0x85, 0xD8, 0xAE, 0xD9, 0x8A, 0x46, 0xD9, 0x85,
+	// Bytes 2540 - 257f
+	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x86, 0xD8,
+	0xAC, 0xD8, 0xAD, 0x46, 0xD9, 0x86, 0xD8, 0xAC,
+	0xD9, 0x85, 0x46, 0xD9, 0x86, 0xD8, 0xAC, 0xD9,
+	0x89, 0x46, 0xD9, 0x86, 0xD8, 0xAC, 0xD9, 0x8A,
+	0x46, 0xD9, 0x86, 0xD8, 0xAD, 0xD9, 0x85, 0x46,
+	0xD9, 0x86, 0xD8, 0xAD, 0xD9, 0x89, 0x46, 0xD9,
+	0x86, 0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD9, 0x86,
+	0xD9, 0x85, 0xD9, 0x89, 0x46, 0xD9, 0x86, 0xD9,
+	// Bytes 2580 - 25bf
+	0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x87, 0xD9, 0x85,
+	0xD8, 0xAC, 0x46, 0xD9, 0x87, 0xD9, 0x85, 0xD9,
+	0x85, 0x46, 0xD9, 0x8A, 0xD8, 0xAC, 0xD9, 0x8A,
+	0x46, 0xD9, 0x8A, 0xD8, 0xAD, 0xD9, 0x8A, 0x46,
+	0xD9, 0x8A, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD9,
+	0x8A, 0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x8A,
+	0xD9, 0x94, 0xD8, 0xA7, 0x46, 0xD9, 0x8A, 0xD9,
+	0x94, 0xD8, 0xAC, 0x46, 0xD9, 0x8A, 0xD9, 0x94,
+	// Bytes 25c0 - 25ff
+	0xD8, 0xAD, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8,
+	0xAE, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8, 0xB1,
+	0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8, 0xB2, 0x46,
+	0xD9, 0x8A, 0xD9, 0x94, 0xD9, 0x85, 0x46, 0xD9,
+	0x8A, 0xD9, 0x94, 0xD9, 0x86, 0x46, 0xD9, 0x8A,
+	0xD9, 0x94, 0xD9, 0x87, 0x46, 0xD9, 0x8A, 0xD9,
+	0x94, 0xD9, 0x88, 0x46, 0xD9, 0x8A, 0xD9, 0x94,
+	0xD9, 0x89, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD9,
+	// Bytes 2600 - 263f
+	0x8A, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xDB, 0x86,
+	0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xDB, 0x87, 0x46,
+	0xD9, 0x8A, 0xD9, 0x94, 0xDB, 0x88, 0x46, 0xD9,
+	0x8A, 0xD9, 0x94, 0xDB, 0x90, 0x46, 0xD9, 0x8A,
+	0xD9, 0x94, 0xDB, 0x95, 0x46, 0xE0, 0xB9, 0x8D,
+	0xE0, 0xB8, 0xB2, 0x46, 0xE0, 0xBA, 0xAB, 0xE0,
+	0xBA, 0x99, 0x46, 0xE0, 0xBA, 0xAB, 0xE0, 0xBA,
+	0xA1, 0x46, 0xE0, 0xBB, 0x8D, 0xE0, 0xBA, 0xB2,
+	// Bytes 2640 - 267f
+	0x46, 0xE0, 0xBD, 0x80, 0xE0, 0xBE, 0xB5, 0x46,
+	0xE0, 0xBD, 0x82, 0xE0, 0xBE, 0xB7, 0x46, 0xE0,
+	0xBD, 0x8C, 0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBD,
+	0x91, 0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBD, 0x96,
+	0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBD, 0x9B, 0xE0,
+	0xBE, 0xB7, 0x46, 0xE0, 0xBE, 0x90, 0xE0, 0xBE,
+	0xB5, 0x46, 0xE0, 0xBE, 0x92, 0xE0, 0xBE, 0xB7,
+	0x46, 0xE0, 0xBE, 0x9C, 0xE0, 0xBE, 0xB7, 0x46,
+	// Bytes 2680 - 26bf
+	0xE0, 0xBE, 0xA1, 0xE0, 0xBE, 0xB7, 0x46, 0xE0,
+	0xBE, 0xA6, 0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBE,
+	0xAB, 0xE0, 0xBE, 0xB7, 0x46, 0xE2, 0x80, 0xB2,
+	0xE2, 0x80, 0xB2, 0x46, 0xE2, 0x80, 0xB5, 0xE2,
+	0x80, 0xB5, 0x46, 0xE2, 0x88, 0xAB, 0xE2, 0x88,
+	0xAB, 0x46, 0xE2, 0x88, 0xAE, 0xE2, 0x88, 0xAE,
+	0x46, 0xE3, 0x81, 0xBB, 0xE3, 0x81, 0x8B, 0x46,
+	0xE3, 0x82, 0x88, 0xE3, 0x82, 0x8A, 0x46, 0xE3,
+	// Bytes 26c0 - 26ff
+	0x82, 0xAD, 0xE3, 0x83, 0xAD, 0x46, 0xE3, 0x82,
+	0xB3, 0xE3, 0x82, 0xB3, 0x46, 0xE3, 0x82, 0xB3,
+	0xE3, 0x83, 0x88, 0x46, 0xE3, 0x83, 0x88, 0xE3,
+	0x83, 0xB3, 0x46, 0xE3, 0x83, 0x8A, 0xE3, 0x83,
+	0x8E, 0x46, 0xE3, 0x83, 0x9B, 0xE3, 0x83, 0xB3,
+	0x46, 0xE3, 0x83, 0x9F, 0xE3, 0x83, 0xAA, 0x46,
+	0xE3, 0x83, 0xAA, 0xE3, 0x83, 0xA9, 0x46, 0xE3,
+	0x83, 0xAC, 0xE3, 0x83, 0xA0, 0x46, 0xE5, 0xA4,
+	// Bytes 2700 - 273f
+	0xA7, 0xE6, 0xAD, 0xA3, 0x46, 0xE5, 0xB9, 0xB3,
+	0xE6, 0x88, 0x90, 0x46, 0xE6, 0x98, 0x8E, 0xE6,
+	0xB2, 0xBB, 0x46, 0xE6, 0x98, 0xAD, 0xE5, 0x92,
+	0x8C, 0x47, 0x72, 0x61, 0x64, 0xE2, 0x88, 0x95,
+	0x73, 0x47, 0xE3, 0x80, 0x94, 0x53, 0xE3, 0x80,
+	0x95, 0x48, 0x28, 0xE1, 0x84, 0x80, 0xE1, 0x85,
+	0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x82, 0xE1,
+	0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x83,
+	// Bytes 2740 - 277f
+	0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84,
+	0x85, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1,
+	0x84, 0x86, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28,
+	0xE1, 0x84, 0x87, 0xE1, 0x85, 0xA1, 0x29, 0x48,
+	0x28, 0xE1, 0x84, 0x89, 0xE1, 0x85, 0xA1, 0x29,
+	0x48, 0x28, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xA1,
+	0x29, 0x48, 0x28, 0xE1, 0x84, 0x8C, 0xE1, 0x85,
+	0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x8C, 0xE1,
+	// Bytes 2780 - 27bf
+	0x85, 0xAE, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x8E,
+	0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84,
+	0x8F, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1,
+	0x84, 0x90, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28,
+	0xE1, 0x84, 0x91, 0xE1, 0x85, 0xA1, 0x29, 0x48,
+	0x28, 0xE1, 0x84, 0x92, 0xE1, 0x85, 0xA1, 0x29,
+	0x48, 0x72, 0x61, 0x64, 0xE2, 0x88, 0x95, 0x73,
+	0x32, 0x48, 0xD8, 0xA7, 0xD9, 0x83, 0xD8, 0xA8,
+	// Bytes 27c0 - 27ff
+	0xD8, 0xB1, 0x48, 0xD8, 0xA7, 0xD9, 0x84, 0xD9,
+	0x84, 0xD9, 0x87, 0x48, 0xD8, 0xB1, 0xD8, 0xB3,
+	0xD9, 0x88, 0xD9, 0x84, 0x48, 0xD8, 0xB1, 0xDB,
+	0x8C, 0xD8, 0xA7, 0xD9, 0x84, 0x48, 0xD8, 0xB5,
+	0xD9, 0x84, 0xD8, 0xB9, 0xD9, 0x85, 0x48, 0xD8,
+	0xB9, 0xD9, 0x84, 0xD9, 0x8A, 0xD9, 0x87, 0x48,
+	0xD9, 0x85, 0xD8, 0xAD, 0xD9, 0x85, 0xD8, 0xAF,
+	0x48, 0xD9, 0x88, 0xD8, 0xB3, 0xD9, 0x84, 0xD9,
+	// Bytes 2800 - 283f
+	0x85, 0x49, 0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2,
+	0xE2, 0x80, 0xB2, 0x49, 0xE2, 0x80, 0xB5, 0xE2,
+	0x80, 0xB5, 0xE2, 0x80, 0xB5, 0x49, 0xE2, 0x88,
+	0xAB, 0xE2, 0x88, 0xAB, 0xE2, 0x88, 0xAB, 0x49,
+	0xE2, 0x88, 0xAE, 0xE2, 0x88, 0xAE, 0xE2, 0x88,
+	0xAE, 0x49, 0xE3, 0x80, 0x94, 0xE4, 0xB8, 0x89,
+	0xE3, 0x80, 0x95, 0x49, 0xE3, 0x80, 0x94, 0xE4,
+	0xBA, 0x8C, 0xE3, 0x80, 0x95, 0x49, 0xE3, 0x80,
+	// Bytes 2840 - 287f
+	0x94, 0xE5, 0x8B, 0x9D, 0xE3, 0x80, 0x95, 0x49,
+	0xE3, 0x80, 0x94, 0xE5, 0xAE, 0x89, 0xE3, 0x80,
+	0x95, 0x49, 0xE3, 0x80, 0x94, 0xE6, 0x89, 0x93,
+	0xE3, 0x80, 0x95, 0x49, 0xE3, 0x80, 0x94, 0xE6,
+	0x95, 0x97, 0xE3, 0x80, 0x95, 0x49, 0xE3, 0x80,
+	0x94, 0xE6, 0x9C, 0xAC, 0xE3, 0x80, 0x95, 0x49,
+	0xE3, 0x80, 0x94, 0xE7, 0x82, 0xB9, 0xE3, 0x80,
+	0x95, 0x49, 0xE3, 0x80, 0x94, 0xE7, 0x9B, 0x97,
+	// Bytes 2880 - 28bf
+	0xE3, 0x80, 0x95, 0x49, 0xE3, 0x82, 0xA2, 0xE3,
+	0x83, 0xBC, 0xE3, 0x83, 0xAB, 0x49, 0xE3, 0x82,
+	0xA4, 0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x81, 0x49,
+	0xE3, 0x82, 0xA6, 0xE3, 0x82, 0xA9, 0xE3, 0x83,
+	0xB3, 0x49, 0xE3, 0x82, 0xAA, 0xE3, 0x83, 0xB3,
+	0xE3, 0x82, 0xB9, 0x49, 0xE3, 0x82, 0xAA, 0xE3,
+	0x83, 0xBC, 0xE3, 0x83, 0xA0, 0x49, 0xE3, 0x82,
+	0xAB, 0xE3, 0x82, 0xA4, 0xE3, 0x83, 0xAA, 0x49,
+	// Bytes 28c0 - 28ff
+	0xE3, 0x82, 0xB1, 0xE3, 0x83, 0xBC, 0xE3, 0x82,
+	0xB9, 0x49, 0xE3, 0x82, 0xB3, 0xE3, 0x83, 0xAB,
+	0xE3, 0x83, 0x8A, 0x49, 0xE3, 0x82, 0xBB, 0xE3,
+	0x83, 0xB3, 0xE3, 0x83, 0x81, 0x49, 0xE3, 0x82,
+	0xBB, 0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x88, 0x49,
+	0xE3, 0x83, 0x86, 0xE3, 0x82, 0x99, 0xE3, 0x82,
+	0xB7, 0x49, 0xE3, 0x83, 0x88, 0xE3, 0x82, 0x99,
+	0xE3, 0x83, 0xAB, 0x49, 0xE3, 0x83, 0x8E, 0xE3,
+	// Bytes 2900 - 293f
+	0x83, 0x83, 0xE3, 0x83, 0x88, 0x49, 0xE3, 0x83,
+	0x8F, 0xE3, 0x82, 0xA4, 0xE3, 0x83, 0x84, 0x49,
+	0xE3, 0x83, 0x92, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	0xAB, 0x49, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x9A,
+	0xE3, 0x82, 0xB3, 0x49, 0xE3, 0x83, 0x95, 0xE3,
+	0x83, 0xA9, 0xE3, 0x83, 0xB3, 0x49, 0xE3, 0x83,
+	0x98, 0xE3, 0x82, 0x9A, 0xE3, 0x82, 0xBD, 0x49,
+	0xE3, 0x83, 0x98, 0xE3, 0x83, 0xAB, 0xE3, 0x83,
+	// Bytes 2940 - 297f
+	0x84, 0x49, 0xE3, 0x83, 0x9B, 0xE3, 0x83, 0xBC,
+	0xE3, 0x83, 0xAB, 0x49, 0xE3, 0x83, 0x9B, 0xE3,
+	0x83, 0xBC, 0xE3, 0x83, 0xB3, 0x49, 0xE3, 0x83,
+	0x9E, 0xE3, 0x82, 0xA4, 0xE3, 0x83, 0xAB, 0x49,
+	0xE3, 0x83, 0x9E, 0xE3, 0x83, 0x83, 0xE3, 0x83,
+	0x8F, 0x49, 0xE3, 0x83, 0x9E, 0xE3, 0x83, 0xAB,
+	0xE3, 0x82, 0xAF, 0x49, 0xE3, 0x83, 0xA4, 0xE3,
+	0x83, 0xBC, 0xE3, 0x83, 0xAB, 0x49, 0xE3, 0x83,
+	// Bytes 2980 - 29bf
+	0xA6, 0xE3, 0x82, 0xA2, 0xE3, 0x83, 0xB3, 0x49,
+	0xE3, 0x83, 0xAF, 0xE3, 0x83, 0x83, 0xE3, 0x83,
+	0x88, 0x4C, 0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2,
+	0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2, 0x4C, 0xE2,
+	0x88, 0xAB, 0xE2, 0x88, 0xAB, 0xE2, 0x88, 0xAB,
+	0xE2, 0x88, 0xAB, 0x4C, 0xE3, 0x82, 0xA2, 0xE3,
+	0x83, 0xAB, 0xE3, 0x83, 0x95, 0xE3, 0x82, 0xA1,
+	0x4C, 0xE3, 0x82, 0xA8, 0xE3, 0x83, 0xBC, 0xE3,
+	// Bytes 29c0 - 29ff
+	0x82, 0xAB, 0xE3, 0x83, 0xBC, 0x4C, 0xE3, 0x82,
+	0xAB, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAD, 0xE3,
+	0x83, 0xB3, 0x4C, 0xE3, 0x82, 0xAB, 0xE3, 0x82,
+	0x99, 0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x9E, 0x4C,
+	0xE3, 0x82, 0xAB, 0xE3, 0x83, 0xA9, 0xE3, 0x83,
+	0x83, 0xE3, 0x83, 0x88, 0x4C, 0xE3, 0x82, 0xAB,
+	0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xAA, 0xE3, 0x83,
+	0xBC, 0x4C, 0xE3, 0x82, 0xAD, 0xE3, 0x82, 0x99,
+	// Bytes 2a00 - 2a3f
+	0xE3, 0x83, 0x8B, 0xE3, 0x83, 0xBC, 0x4C, 0xE3,
+	0x82, 0xAD, 0xE3, 0x83, 0xA5, 0xE3, 0x83, 0xAA,
+	0xE3, 0x83, 0xBC, 0x4C, 0xE3, 0x82, 0xAF, 0xE3,
+	0x82, 0x99, 0xE3, 0x83, 0xA9, 0xE3, 0x83, 0xA0,
+	0x4C, 0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xAD, 0xE3,
+	0x83, 0xBC, 0xE3, 0x83, 0x8D, 0x4C, 0xE3, 0x82,
+	0xB5, 0xE3, 0x82, 0xA4, 0xE3, 0x82, 0xAF, 0xE3,
+	0x83, 0xAB, 0x4C, 0xE3, 0x82, 0xBF, 0xE3, 0x82,
+	// Bytes 2a40 - 2a7f
+	0x99, 0xE3, 0x83, 0xBC, 0xE3, 0x82, 0xB9, 0x4C,
+	0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x9A, 0xE3, 0x83,
+	0xBC, 0xE3, 0x83, 0x84, 0x4C, 0xE3, 0x83, 0x92,
+	0xE3, 0x82, 0x9A, 0xE3, 0x82, 0xAF, 0xE3, 0x83,
+	0xAB, 0x4C, 0xE3, 0x83, 0x95, 0xE3, 0x82, 0xA3,
+	0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x88, 0x4C, 0xE3,
+	0x83, 0x98, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xBC,
+	0xE3, 0x82, 0xBF, 0x4C, 0xE3, 0x83, 0x98, 0xE3,
+	// Bytes 2a80 - 2abf
+	0x82, 0x9A, 0xE3, 0x83, 0x8B, 0xE3, 0x83, 0x92,
+	0x4C, 0xE3, 0x83, 0x98, 0xE3, 0x82, 0x9A, 0xE3,
+	0x83, 0xB3, 0xE3, 0x82, 0xB9, 0x4C, 0xE3, 0x83,
+	0x9B, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAB, 0xE3,
+	0x83, 0x88, 0x4C, 0xE3, 0x83, 0x9E, 0xE3, 0x82,
+	0xA4, 0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xAD, 0x4C,
+	0xE3, 0x83, 0x9F, 0xE3, 0x82, 0xAF, 0xE3, 0x83,
+	0xAD, 0xE3, 0x83, 0xB3, 0x4C, 0xE3, 0x83, 0xA1,
+	// Bytes 2ac0 - 2aff
+	0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x88, 0xE3, 0x83,
+	0xAB, 0x4C, 0xE3, 0x83, 0xAA, 0xE3, 0x83, 0x83,
+	0xE3, 0x83, 0x88, 0xE3, 0x83, 0xAB, 0x4C, 0xE3,
+	0x83, 0xAB, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x9A,
+	0xE3, 0x83, 0xBC, 0x4C, 0xE6, 0xA0, 0xAA, 0xE5,
+	0xBC, 0x8F, 0xE4, 0xBC, 0x9A, 0xE7, 0xA4, 0xBE,
+	0x4E, 0x28, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xA9,
+	0xE1, 0x84, 0x92, 0xE1, 0x85, 0xAE, 0x29, 0x4F,
+	// Bytes 2b00 - 2b3f
+	0xD8, 0xAC, 0xD9, 0x84, 0x20, 0xD8, 0xAC, 0xD9,
+	0x84, 0xD8, 0xA7, 0xD9, 0x84, 0xD9, 0x87, 0x4F,
+	0xE3, 0x82, 0xA2, 0xE3, 0x83, 0x8F, 0xE3, 0x82,
+	0x9A, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x88, 0x4F,
+	0xE3, 0x82, 0xA2, 0xE3, 0x83, 0xB3, 0xE3, 0x83,
+	0x98, 0xE3, 0x82, 0x9A, 0xE3, 0x82, 0xA2, 0x4F,
+	0xE3, 0x82, 0xAD, 0xE3, 0x83, 0xAD, 0xE3, 0x83,
+	0xAF, 0xE3, 0x83, 0x83, 0xE3, 0x83, 0x88, 0x4F,
+	// Bytes 2b40 - 2b7f
+	0xE3, 0x82, 0xB5, 0xE3, 0x83, 0xB3, 0xE3, 0x83,
+	0x81, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0xA0, 0x4F,
+	0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	0xBC, 0xE3, 0x83, 0xAC, 0xE3, 0x83, 0xAB, 0x4F,
+	0xE3, 0x83, 0x98, 0xE3, 0x82, 0xAF, 0xE3, 0x82,
+	0xBF, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0xAB, 0x4F,
+	0xE3, 0x83, 0x9B, 0xE3, 0x82, 0x9A, 0xE3, 0x82,
+	0xA4, 0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x88, 0x4F,
+	// Bytes 2b80 - 2bbf
+	0xE3, 0x83, 0x9E, 0xE3, 0x83, 0xB3, 0xE3, 0x82,
+	0xB7, 0xE3, 0x83, 0xA7, 0xE3, 0x83, 0xB3, 0x4F,
+	0xE3, 0x83, 0xA1, 0xE3, 0x82, 0xAB, 0xE3, 0x82,
+	0x99, 0xE3, 0x83, 0x88, 0xE3, 0x83, 0xB3, 0x4F,
+	0xE3, 0x83, 0xAB, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
+	0x95, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAB, 0x51,
+	0x28, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xA9, 0xE1,
+	0x84, 0x8C, 0xE1, 0x85, 0xA5, 0xE1, 0x86, 0xAB,
+	// Bytes 2bc0 - 2bff
+	0x29, 0x52, 0xE3, 0x82, 0xAD, 0xE3, 0x82, 0x99,
+	0xE3, 0x83, 0xAB, 0xE3, 0x82, 0xBF, 0xE3, 0x82,
+	0x99, 0xE3, 0x83, 0xBC, 0x52, 0xE3, 0x82, 0xAD,
+	0xE3, 0x83, 0xAD, 0xE3, 0x82, 0xAF, 0xE3, 0x82,
+	0x99, 0xE3, 0x83, 0xA9, 0xE3, 0x83, 0xA0, 0x52,
+	0xE3, 0x82, 0xAD, 0xE3, 0x83, 0xAD, 0xE3, 0x83,
+	0xA1, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x88, 0xE3,
+	0x83, 0xAB, 0x52, 0xE3, 0x82, 0xAF, 0xE3, 0x82,
+	// Bytes 2c00 - 2c3f
+	0x99, 0xE3, 0x83, 0xA9, 0xE3, 0x83, 0xA0, 0xE3,
+	0x83, 0x88, 0xE3, 0x83, 0xB3, 0x52, 0xE3, 0x82,
+	0xAF, 0xE3, 0x83, 0xAB, 0xE3, 0x82, 0xBB, 0xE3,
+	0x82, 0x99, 0xE3, 0x82, 0xA4, 0xE3, 0x83, 0xAD,
+	0x52, 0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x9A, 0xE3,
+	0x83, 0xBC, 0xE3, 0x82, 0xBB, 0xE3, 0x83, 0xB3,
+	0xE3, 0x83, 0x88, 0x52, 0xE3, 0x83, 0x92, 0xE3,
+	0x82, 0x9A, 0xE3, 0x82, 0xA2, 0xE3, 0x82, 0xB9,
+	// Bytes 2c40 - 2c7f
+	0xE3, 0x83, 0x88, 0xE3, 0x83, 0xAB, 0x52, 0xE3,
+	0x83, 0x95, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0x83,
+	0xE3, 0x82, 0xB7, 0xE3, 0x82, 0xA7, 0xE3, 0x83,
+	0xAB, 0x52, 0xE3, 0x83, 0x9F, 0xE3, 0x83, 0xAA,
+	0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x99, 0xE3, 0x83,
+	0xBC, 0xE3, 0x83, 0xAB, 0x52, 0xE3, 0x83, 0xAC,
+	0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x88, 0xE3, 0x82,
+	0xB1, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xB3, 0x61,
+	// Bytes 2c80 - 2cbf
+	0xD8, 0xB5, 0xD9, 0x84, 0xD9, 0x89, 0x20, 0xD8,
+	0xA7, 0xD9, 0x84, 0xD9, 0x84, 0xD9, 0x87, 0x20,
+	0xD8, 0xB9, 0xD9, 0x84, 0xD9, 0x8A, 0xD9, 0x87,
+	0x20, 0xD9, 0x88, 0xD8, 0xB3, 0xD9, 0x84, 0xD9,
+	0x85, 0x06, 0xE0, 0xA7, 0x87, 0xE0, 0xA6, 0xBE,
+	0x01, 0x06, 0xE0, 0xA7, 0x87, 0xE0, 0xA7, 0x97,
+	0x01, 0x06, 0xE0, 0xAD, 0x87, 0xE0, 0xAC, 0xBE,
+	0x01, 0x06, 0xE0, 0xAD, 0x87, 0xE0, 0xAD, 0x96,
+	// Bytes 2cc0 - 2cff
+	0x01, 0x06, 0xE0, 0xAD, 0x87, 0xE0, 0xAD, 0x97,
+	0x01, 0x06, 0xE0, 0xAE, 0x92, 0xE0, 0xAF, 0x97,
+	0x01, 0x06, 0xE0, 0xAF, 0x86, 0xE0, 0xAE, 0xBE,
+	0x01, 0x06, 0xE0, 0xAF, 0x86, 0xE0, 0xAF, 0x97,
+	0x01, 0x06, 0xE0, 0xAF, 0x87, 0xE0, 0xAE, 0xBE,
+	0x01, 0x06, 0xE0, 0xB2, 0xBF, 0xE0, 0xB3, 0x95,
+	0x01, 0x06, 0xE0, 0xB3, 0x86, 0xE0, 0xB3, 0x95,
+	0x01, 0x06, 0xE0, 0xB3, 0x86, 0xE0, 0xB3, 0x96,
+	// Bytes 2d00 - 2d3f
+	0x01, 0x06, 0xE0, 0xB5, 0x86, 0xE0, 0xB4, 0xBE,
+	0x01, 0x06, 0xE0, 0xB5, 0x86, 0xE0, 0xB5, 0x97,
+	0x01, 0x06, 0xE0, 0xB5, 0x87, 0xE0, 0xB4, 0xBE,
+	0x01, 0x06, 0xE0, 0xB7, 0x99, 0xE0, 0xB7, 0x9F,
+	0x01, 0x06, 0xE1, 0x80, 0xA5, 0xE1, 0x80, 0xAE,
+	0x01, 0x06, 0xE1, 0xAC, 0x85, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAC, 0x87, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAC, 0x89, 0xE1, 0xAC, 0xB5,
+	// Bytes 2d40 - 2d7f
+	0x01, 0x06, 0xE1, 0xAC, 0x8B, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAC, 0x8D, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAC, 0x91, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAC, 0xBA, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAC, 0xBC, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAC, 0xBE, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAC, 0xBF, 0xE1, 0xAC, 0xB5,
+	0x01, 0x06, 0xE1, 0xAD, 0x82, 0xE1, 0xAC, 0xB5,
+	// Bytes 2d80 - 2dbf
+	0x01, 0x08, 0xF0, 0x91, 0x84, 0xB1, 0xF0, 0x91,
+	0x84, 0xA7, 0x01, 0x08, 0xF0, 0x91, 0x84, 0xB2,
+	0xF0, 0x91, 0x84, 0xA7, 0x01, 0x08, 0xF0, 0x91,
+	0x8D, 0x87, 0xF0, 0x91, 0x8C, 0xBE, 0x01, 0x08,
+	0xF0, 0x91, 0x8D, 0x87, 0xF0, 0x91, 0x8D, 0x97,
+	0x01, 0x08, 0xF0, 0x91, 0x92, 0xB9, 0xF0, 0x91,
+	0x92, 0xB0, 0x01, 0x08, 0xF0, 0x91, 0x92, 0xB9,
+	0xF0, 0x91, 0x92, 0xBA, 0x01, 0x08, 0xF0, 0x91,
+	// Bytes 2dc0 - 2dff
+	0x92, 0xB9, 0xF0, 0x91, 0x92, 0xBD, 0x01, 0x08,
+	0xF0, 0x91, 0x96, 0xB8, 0xF0, 0x91, 0x96, 0xAF,
+	0x01, 0x08, 0xF0, 0x91, 0x96, 0xB9, 0xF0, 0x91,
+	0x96, 0xAF, 0x01, 0x09, 0xE0, 0xB3, 0x86, 0xE0,
+	0xB3, 0x82, 0xE0, 0xB3, 0x95, 0x02, 0x09, 0xE0,
+	0xB7, 0x99, 0xE0, 0xB7, 0x8F, 0xE0, 0xB7, 0x8A,
+	0x12, 0x44, 0x44, 0x5A, 0xCC, 0x8C, 0xC9, 0x44,
+	0x44, 0x7A, 0xCC, 0x8C, 0xC9, 0x44, 0x64, 0x7A,
+	// Bytes 2e00 - 2e3f
+	0xCC, 0x8C, 0xC9, 0x46, 0xD9, 0x84, 0xD8, 0xA7,
+	0xD9, 0x93, 0xC9, 0x46, 0xD9, 0x84, 0xD8, 0xA7,
+	0xD9, 0x94, 0xC9, 0x46, 0xD9, 0x84, 0xD8, 0xA7,
+	0xD9, 0x95, 0xB5, 0x46, 0xE1, 0x84, 0x80, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x82, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x83, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x85, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x86, 0xE1,
+	// Bytes 2e40 - 2e7f
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x87, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x89, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x8B, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x8B, 0xE1,
+	0x85, 0xAE, 0x01, 0x46, 0xE1, 0x84, 0x8C, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x8E, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x8F, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x90, 0xE1,
+	// Bytes 2e80 - 2ebf
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x91, 0xE1,
+	0x85, 0xA1, 0x01, 0x46, 0xE1, 0x84, 0x92, 0xE1,
+	0x85, 0xA1, 0x01, 0x49, 0xE3, 0x83, 0xA1, 0xE3,
+	0x82, 0xAB, 0xE3, 0x82, 0x99, 0x0D, 0x4C, 0xE1,
+	0x84, 0x8C, 0xE1, 0x85, 0xAE, 0xE1, 0x84, 0x8B,
+	0xE1, 0x85, 0xB4, 0x01, 0x4C, 0xE3, 0x82, 0xAD,
+	0xE3, 0x82, 0x99, 0xE3, 0x82, 0xAB, 0xE3, 0x82,
+	0x99, 0x0D, 0x4C, 0xE3, 0x82, 0xB3, 0xE3, 0x83,
+	// Bytes 2ec0 - 2eff
+	0xBC, 0xE3, 0x83, 0x9B, 0xE3, 0x82, 0x9A, 0x0D,
+	0x4C, 0xE3, 0x83, 0xA4, 0xE3, 0x83, 0xBC, 0xE3,
+	0x83, 0x88, 0xE3, 0x82, 0x99, 0x0D, 0x4F, 0xE1,
+	0x84, 0x8E, 0xE1, 0x85, 0xA1, 0xE1, 0x86, 0xB7,
+	0xE1, 0x84, 0x80, 0xE1, 0x85, 0xA9, 0x01, 0x4F,
+	0xE3, 0x82, 0xA4, 0xE3, 0x83, 0x8B, 0xE3, 0x83,
+	0xB3, 0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0x0D,
+	0x4F, 0xE3, 0x82, 0xB7, 0xE3, 0x83, 0xAA, 0xE3,
+	// Bytes 2f00 - 2f3f
+	0x83, 0xB3, 0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99,
+	0x0D, 0x4F, 0xE3, 0x83, 0x98, 0xE3, 0x82, 0x9A,
+	0xE3, 0x83, 0xBC, 0xE3, 0x82, 0xB7, 0xE3, 0x82,
+	0x99, 0x0D, 0x4F, 0xE3, 0x83, 0x9B, 0xE3, 0x82,
+	0x9A, 0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x88, 0xE3,
+	0x82, 0x99, 0x0D, 0x52, 0xE3, 0x82, 0xA8, 0xE3,
+	0x82, 0xB9, 0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xBC,
+	0xE3, 0x83, 0x88, 0xE3, 0x82, 0x99, 0x0D, 0x52,
+	// Bytes 2f40 - 2f7f
+	0xE3, 0x83, 0x95, 0xE3, 0x82, 0xA1, 0xE3, 0x83,
+	0xA9, 0xE3, 0x83, 0x83, 0xE3, 0x83, 0x88, 0xE3,
+	0x82, 0x99, 0x0D, 0x86, 0xE0, 0xB3, 0x86, 0xE0,
+	0xB3, 0x82, 0x01, 0x86, 0xE0, 0xB7, 0x99, 0xE0,
+	0xB7, 0x8F, 0x01, 0x03, 0x3C, 0xCC, 0xB8, 0x05,
+	0x03, 0x3D, 0xCC, 0xB8, 0x05, 0x03, 0x3E, 0xCC,
+	0xB8, 0x05, 0x03, 0x41, 0xCC, 0x80, 0xC9, 0x03,
+	0x41, 0xCC, 0x81, 0xC9, 0x03, 0x41, 0xCC, 0x83,
+	// Bytes 2f80 - 2fbf
+	0xC9, 0x03, 0x41, 0xCC, 0x84, 0xC9, 0x03, 0x41,
+	0xCC, 0x89, 0xC9, 0x03, 0x41, 0xCC, 0x8C, 0xC9,
+	0x03, 0x41, 0xCC, 0x8F, 0xC9, 0x03, 0x41, 0xCC,
+	0x91, 0xC9, 0x03, 0x41, 0xCC, 0xA5, 0xB5, 0x03,
+	0x41, 0xCC, 0xA8, 0xA5, 0x03, 0x42, 0xCC, 0x87,
+	0xC9, 0x03, 0x42, 0xCC, 0xA3, 0xB5, 0x03, 0x42,
+	0xCC, 0xB1, 0xB5, 0x03, 0x43, 0xCC, 0x81, 0xC9,
+	0x03, 0x43, 0xCC, 0x82, 0xC9, 0x03, 0x43, 0xCC,
+	// Bytes 2fc0 - 2fff
+	0x87, 0xC9, 0x03, 0x43, 0xCC, 0x8C, 0xC9, 0x03,
+	0x44, 0xCC, 0x87, 0xC9, 0x03, 0x44, 0xCC, 0x8C,
+	0xC9, 0x03, 0x44, 0xCC, 0xA3, 0xB5, 0x03, 0x44,
+	0xCC, 0xA7, 0xA5, 0x03, 0x44, 0xCC, 0xAD, 0xB5,
+	0x03, 0x44, 0xCC, 0xB1, 0xB5, 0x03, 0x45, 0xCC,
+	0x80, 0xC9, 0x03, 0x45, 0xCC, 0x81, 0xC9, 0x03,
+	0x45, 0xCC, 0x83, 0xC9, 0x03, 0x45, 0xCC, 0x86,
+	0xC9, 0x03, 0x45, 0xCC, 0x87, 0xC9, 0x03, 0x45,
+	// Bytes 3000 - 303f
+	0xCC, 0x88, 0xC9, 0x03, 0x45, 0xCC, 0x89, 0xC9,
+	0x03, 0x45, 0xCC, 0x8C, 0xC9, 0x03, 0x45, 0xCC,
+	0x8F, 0xC9, 0x03, 0x45, 0xCC, 0x91, 0xC9, 0x03,
+	0x45, 0xCC, 0xA8, 0xA5, 0x03, 0x45, 0xCC, 0xAD,
+	0xB5, 0x03, 0x45, 0xCC, 0xB0, 0xB5, 0x03, 0x46,
+	0xCC, 0x87, 0xC9, 0x03, 0x47, 0xCC, 0x81, 0xC9,
+	0x03, 0x47, 0xCC, 0x82, 0xC9, 0x03, 0x47, 0xCC,
+	0x84, 0xC9, 0x03, 0x47, 0xCC, 0x86, 0xC9, 0x03,
+	// Bytes 3040 - 307f
+	0x47, 0xCC, 0x87, 0xC9, 0x03, 0x47, 0xCC, 0x8C,
+	0xC9, 0x03, 0x47, 0xCC, 0xA7, 0xA5, 0x03, 0x48,
+	0xCC, 0x82, 0xC9, 0x03, 0x48, 0xCC, 0x87, 0xC9,
+	0x03, 0x48, 0xCC, 0x88, 0xC9, 0x03, 0x48, 0xCC,
+	0x8C, 0xC9, 0x03, 0x48, 0xCC, 0xA3, 0xB5, 0x03,
+	0x48, 0xCC, 0xA7, 0xA5, 0x03, 0x48, 0xCC, 0xAE,
+	0xB5, 0x03, 0x49, 0xCC, 0x80, 0xC9, 0x03, 0x49,
+	0xCC, 0x81, 0xC9, 0x03, 0x49, 0xCC, 0x82, 0xC9,
+	// Bytes 3080 - 30bf
+	0x03, 0x49, 0xCC, 0x83, 0xC9, 0x03, 0x49, 0xCC,
+	0x84, 0xC9, 0x03, 0x49, 0xCC, 0x86, 0xC9, 0x03,
+	0x49, 0xCC, 0x87, 0xC9, 0x03, 0x49, 0xCC, 0x89,
+	0xC9, 0x03, 0x49, 0xCC, 0x8C, 0xC9, 0x03, 0x49,
+	0xCC, 0x8F, 0xC9, 0x03, 0x49, 0xCC, 0x91, 0xC9,
+	0x03, 0x49, 0xCC, 0xA3, 0xB5, 0x03, 0x49, 0xCC,
+	0xA8, 0xA5, 0x03, 0x49, 0xCC, 0xB0, 0xB5, 0x03,
+	0x4A, 0xCC, 0x82, 0xC9, 0x03, 0x4B, 0xCC, 0x81,
+	// Bytes 30c0 - 30ff
+	0xC9, 0x03, 0x4B, 0xCC, 0x8C, 0xC9, 0x03, 0x4B,
+	0xCC, 0xA3, 0xB5, 0x03, 0x4B, 0xCC, 0xA7, 0xA5,
+	0x03, 0x4B, 0xCC, 0xB1, 0xB5, 0x03, 0x4C, 0xCC,
+	0x81, 0xC9, 0x03, 0x4C, 0xCC, 0x8C, 0xC9, 0x03,
+	0x4C, 0xCC, 0xA7, 0xA5, 0x03, 0x4C, 0xCC, 0xAD,
+	0xB5, 0x03, 0x4C, 0xCC, 0xB1, 0xB5, 0x03, 0x4D,
+	0xCC, 0x81, 0xC9, 0x03, 0x4D, 0xCC, 0x87, 0xC9,
+	0x03, 0x4D, 0xCC, 0xA3, 0xB5, 0x03, 0x4E, 0xCC,
+	// Bytes 3100 - 313f
+	0x80, 0xC9, 0x03, 0x4E, 0xCC, 0x81, 0xC9, 0x03,
+	0x4E, 0xCC, 0x83, 0xC9, 0x03, 0x4E, 0xCC, 0x87,
+	0xC9, 0x03, 0x4E, 0xCC, 0x8C, 0xC9, 0x03, 0x4E,
+	0xCC, 0xA3, 0xB5, 0x03, 0x4E, 0xCC, 0xA7, 0xA5,
+	0x03, 0x4E, 0xCC, 0xAD, 0xB5, 0x03, 0x4E, 0xCC,
+	0xB1, 0xB5, 0x03, 0x4F, 0xCC, 0x80, 0xC9, 0x03,
+	0x4F, 0xCC, 0x81, 0xC9, 0x03, 0x4F, 0xCC, 0x86,
+	0xC9, 0x03, 0x4F, 0xCC, 0x89, 0xC9, 0x03, 0x4F,
+	// Bytes 3140 - 317f
+	0xCC, 0x8B, 0xC9, 0x03, 0x4F, 0xCC, 0x8C, 0xC9,
+	0x03, 0x4F, 0xCC, 0x8F, 0xC9, 0x03, 0x4F, 0xCC,
+	0x91, 0xC9, 0x03, 0x50, 0xCC, 0x81, 0xC9, 0x03,
+	0x50, 0xCC, 0x87, 0xC9, 0x03, 0x52, 0xCC, 0x81,
+	0xC9, 0x03, 0x52, 0xCC, 0x87, 0xC9, 0x03, 0x52,
+	0xCC, 0x8C, 0xC9, 0x03, 0x52, 0xCC, 0x8F, 0xC9,
+	0x03, 0x52, 0xCC, 0x91, 0xC9, 0x03, 0x52, 0xCC,
+	0xA7, 0xA5, 0x03, 0x52, 0xCC, 0xB1, 0xB5, 0x03,
+	// Bytes 3180 - 31bf
+	0x53, 0xCC, 0x82, 0xC9, 0x03, 0x53, 0xCC, 0x87,
+	0xC9, 0x03, 0x53, 0xCC, 0xA6, 0xB5, 0x03, 0x53,
+	0xCC, 0xA7, 0xA5, 0x03, 0x54, 0xCC, 0x87, 0xC9,
+	0x03, 0x54, 0xCC, 0x8C, 0xC9, 0x03, 0x54, 0xCC,
+	0xA3, 0xB5, 0x03, 0x54, 0xCC, 0xA6, 0xB5, 0x03,
+	0x54, 0xCC, 0xA7, 0xA5, 0x03, 0x54, 0xCC, 0xAD,
+	0xB5, 0x03, 0x54, 0xCC, 0xB1, 0xB5, 0x03, 0x55,
+	0xCC, 0x80, 0xC9, 0x03, 0x55, 0xCC, 0x81, 0xC9,
+	// Bytes 31c0 - 31ff
+	0x03, 0x55, 0xCC, 0x82, 0xC9, 0x03, 0x55, 0xCC,
+	0x86, 0xC9, 0x03, 0x55, 0xCC, 0x89, 0xC9, 0x03,
+	0x55, 0xCC, 0x8A, 0xC9, 0x03, 0x55, 0xCC, 0x8B,
+	0xC9, 0x03, 0x55, 0xCC, 0x8C, 0xC9, 0x03, 0x55,
+	0xCC, 0x8F, 0xC9, 0x03, 0x55, 0xCC, 0x91, 0xC9,
+	0x03, 0x55, 0xCC, 0xA3, 0xB5, 0x03, 0x55, 0xCC,
+	0xA4, 0xB5, 0x03, 0x55, 0xCC, 0xA8, 0xA5, 0x03,
+	0x55, 0xCC, 0xAD, 0xB5, 0x03, 0x55, 0xCC, 0xB0,
+	// Bytes 3200 - 323f
+	0xB5, 0x03, 0x56, 0xCC, 0x83, 0xC9, 0x03, 0x56,
+	0xCC, 0xA3, 0xB5, 0x03, 0x57, 0xCC, 0x80, 0xC9,
+	0x03, 0x57, 0xCC, 0x81, 0xC9, 0x03, 0x57, 0xCC,
+	0x82, 0xC9, 0x03, 0x57, 0xCC, 0x87, 0xC9, 0x03,
+	0x57, 0xCC, 0x88, 0xC9, 0x03, 0x57, 0xCC, 0xA3,
+	0xB5, 0x03, 0x58, 0xCC, 0x87, 0xC9, 0x03, 0x58,
+	0xCC, 0x88, 0xC9, 0x03, 0x59, 0xCC, 0x80, 0xC9,
+	0x03, 0x59, 0xCC, 0x81, 0xC9, 0x03, 0x59, 0xCC,
+	// Bytes 3240 - 327f
+	0x82, 0xC9, 0x03, 0x59, 0xCC, 0x83, 0xC9, 0x03,
+	0x59, 0xCC, 0x84, 0xC9, 0x03, 0x59, 0xCC, 0x87,
+	0xC9, 0x03, 0x59, 0xCC, 0x88, 0xC9, 0x03, 0x59,
+	0xCC, 0x89, 0xC9, 0x03, 0x59, 0xCC, 0xA3, 0xB5,
+	0x03, 0x5A, 0xCC, 0x81, 0xC9, 0x03, 0x5A, 0xCC,
+	0x82, 0xC9, 0x03, 0x5A, 0xCC, 0x87, 0xC9, 0x03,
+	0x5A, 0xCC, 0x8C, 0xC9, 0x03, 0x5A, 0xCC, 0xA3,
+	0xB5, 0x03, 0x5A, 0xCC, 0xB1, 0xB5, 0x03, 0x61,
+	// Bytes 3280 - 32bf
+	0xCC, 0x80, 0xC9, 0x03, 0x61, 0xCC, 0x81, 0xC9,
+	0x03, 0x61, 0xCC, 0x83, 0xC9, 0x03, 0x61, 0xCC,
+	0x84, 0xC9, 0x03, 0x61, 0xCC, 0x89, 0xC9, 0x03,
+	0x61, 0xCC, 0x8C, 0xC9, 0x03, 0x61, 0xCC, 0x8F,
+	0xC9, 0x03, 0x61, 0xCC, 0x91, 0xC9, 0x03, 0x61,
+	0xCC, 0xA5, 0xB5, 0x03, 0x61, 0xCC, 0xA8, 0xA5,
+	0x03, 0x62, 0xCC, 0x87, 0xC9, 0x03, 0x62, 0xCC,
+	0xA3, 0xB5, 0x03, 0x62, 0xCC, 0xB1, 0xB5, 0x03,
+	// Bytes 32c0 - 32ff
+	0x63, 0xCC, 0x81, 0xC9, 0x03, 0x63, 0xCC, 0x82,
+	0xC9, 0x03, 0x63, 0xCC, 0x87, 0xC9, 0x03, 0x63,
+	0xCC, 0x8C, 0xC9, 0x03, 0x64, 0xCC, 0x87, 0xC9,
+	0x03, 0x64, 0xCC, 0x8C, 0xC9, 0x03, 0x64, 0xCC,
+	0xA3, 0xB5, 0x03, 0x64, 0xCC, 0xA7, 0xA5, 0x03,
+	0x64, 0xCC, 0xAD, 0xB5, 0x03, 0x64, 0xCC, 0xB1,
+	0xB5, 0x03, 0x65, 0xCC, 0x80, 0xC9, 0x03, 0x65,
+	0xCC, 0x81, 0xC9, 0x03, 0x65, 0xCC, 0x83, 0xC9,
+	// Bytes 3300 - 333f
+	0x03, 0x65, 0xCC, 0x86, 0xC9, 0x03, 0x65, 0xCC,
+	0x87, 0xC9, 0x03, 0x65, 0xCC, 0x88, 0xC9, 0x03,
+	0x65, 0xCC, 0x89, 0xC9, 0x03, 0x65, 0xCC, 0x8C,
+	0xC9, 0x03, 0x65, 0xCC, 0x8F, 0xC9, 0x03, 0x65,
+	0xCC, 0x91, 0xC9, 0x03, 0x65, 0xCC, 0xA8, 0xA5,
+	0x03, 0x65, 0xCC, 0xAD, 0xB5, 0x03, 0x65, 0xCC,
+	0xB0, 0xB5, 0x03, 0x66, 0xCC, 0x87, 0xC9, 0x03,
+	0x67, 0xCC, 0x81, 0xC9, 0x03, 0x67, 0xCC, 0x82,
+	// Bytes 3340 - 337f
+	0xC9, 0x03, 0x67, 0xCC, 0x84, 0xC9, 0x03, 0x67,
+	0xCC, 0x86, 0xC9, 0x03, 0x67, 0xCC, 0x87, 0xC9,
+	0x03, 0x67, 0xCC, 0x8C, 0xC9, 0x03, 0x67, 0xCC,
+	0xA7, 0xA5, 0x03, 0x68, 0xCC, 0x82, 0xC9, 0x03,
+	0x68, 0xCC, 0x87, 0xC9, 0x03, 0x68, 0xCC, 0x88,
+	0xC9, 0x03, 0x68, 0xCC, 0x8C, 0xC9, 0x03, 0x68,
+	0xCC, 0xA3, 0xB5, 0x03, 0x68, 0xCC, 0xA7, 0xA5,
+	0x03, 0x68, 0xCC, 0xAE, 0xB5, 0x03, 0x68, 0xCC,
+	// Bytes 3380 - 33bf
+	0xB1, 0xB5, 0x03, 0x69, 0xCC, 0x80, 0xC9, 0x03,
+	0x69, 0xCC, 0x81, 0xC9, 0x03, 0x69, 0xCC, 0x82,
+	0xC9, 0x03, 0x69, 0xCC, 0x83, 0xC9, 0x03, 0x69,
+	0xCC, 0x84, 0xC9, 0x03, 0x69, 0xCC, 0x86, 0xC9,
+	0x03, 0x69, 0xCC, 0x89, 0xC9, 0x03, 0x69, 0xCC,
+	0x8C, 0xC9, 0x03, 0x69, 0xCC, 0x8F, 0xC9, 0x03,
+	0x69, 0xCC, 0x91, 0xC9, 0x03, 0x69, 0xCC, 0xA3,
+	0xB5, 0x03, 0x69, 0xCC, 0xA8, 0xA5, 0x03, 0x69,
+	// Bytes 33c0 - 33ff
+	0xCC, 0xB0, 0xB5, 0x03, 0x6A, 0xCC, 0x82, 0xC9,
+	0x03, 0x6A, 0xCC, 0x8C, 0xC9, 0x03, 0x6B, 0xCC,
+	0x81, 0xC9, 0x03, 0x6B, 0xCC, 0x8C, 0xC9, 0x03,
+	0x6B, 0xCC, 0xA3, 0xB5, 0x03, 0x6B, 0xCC, 0xA7,
+	0xA5, 0x03, 0x6B, 0xCC, 0xB1, 0xB5, 0x03, 0x6C,
+	0xCC, 0x81, 0xC9, 0x03, 0x6C, 0xCC, 0x8C, 0xC9,
+	0x03, 0x6C, 0xCC, 0xA7, 0xA5, 0x03, 0x6C, 0xCC,
+	0xAD, 0xB5, 0x03, 0x6C, 0xCC, 0xB1, 0xB5, 0x03,
+	// Bytes 3400 - 343f
+	0x6D, 0xCC, 0x81, 0xC9, 0x03, 0x6D, 0xCC, 0x87,
+	0xC9, 0x03, 0x6D, 0xCC, 0xA3, 0xB5, 0x03, 0x6E,
+	0xCC, 0x80, 0xC9, 0x03, 0x6E, 0xCC, 0x81, 0xC9,
+	0x03, 0x6E, 0xCC, 0x83, 0xC9, 0x03, 0x6E, 0xCC,
+	0x87, 0xC9, 0x03, 0x6E, 0xCC, 0x8C, 0xC9, 0x03,
+	0x6E, 0xCC, 0xA3, 0xB5, 0x03, 0x6E, 0xCC, 0xA7,
+	0xA5, 0x03, 0x6E, 0xCC, 0xAD, 0xB5, 0x03, 0x6E,
+	0xCC, 0xB1, 0xB5, 0x03, 0x6F, 0xCC, 0x80, 0xC9,
+	// Bytes 3440 - 347f
+	0x03, 0x6F, 0xCC, 0x81, 0xC9, 0x03, 0x6F, 0xCC,
+	0x86, 0xC9, 0x03, 0x6F, 0xCC, 0x89, 0xC9, 0x03,
+	0x6F, 0xCC, 0x8B, 0xC9, 0x03, 0x6F, 0xCC, 0x8C,
+	0xC9, 0x03, 0x6F, 0xCC, 0x8F, 0xC9, 0x03, 0x6F,
+	0xCC, 0x91, 0xC9, 0x03, 0x70, 0xCC, 0x81, 0xC9,
+	0x03, 0x70, 0xCC, 0x87, 0xC9, 0x03, 0x72, 0xCC,
+	0x81, 0xC9, 0x03, 0x72, 0xCC, 0x87, 0xC9, 0x03,
+	0x72, 0xCC, 0x8C, 0xC9, 0x03, 0x72, 0xCC, 0x8F,
+	// Bytes 3480 - 34bf
+	0xC9, 0x03, 0x72, 0xCC, 0x91, 0xC9, 0x03, 0x72,
+	0xCC, 0xA7, 0xA5, 0x03, 0x72, 0xCC, 0xB1, 0xB5,
+	0x03, 0x73, 0xCC, 0x82, 0xC9, 0x03, 0x73, 0xCC,
+	0x87, 0xC9, 0x03, 0x73, 0xCC, 0xA6, 0xB5, 0x03,
+	0x73, 0xCC, 0xA7, 0xA5, 0x03, 0x74, 0xCC, 0x87,
+	0xC9, 0x03, 0x74, 0xCC, 0x88, 0xC9, 0x03, 0x74,
+	0xCC, 0x8C, 0xC9, 0x03, 0x74, 0xCC, 0xA3, 0xB5,
+	0x03, 0x74, 0xCC, 0xA6, 0xB5, 0x03, 0x74, 0xCC,
+	// Bytes 34c0 - 34ff
+	0xA7, 0xA5, 0x03, 0x74, 0xCC, 0xAD, 0xB5, 0x03,
+	0x74, 0xCC, 0xB1, 0xB5, 0x03, 0x75, 0xCC, 0x80,
+	0xC9, 0x03, 0x75, 0xCC, 0x81, 0xC9, 0x03, 0x75,
+	0xCC, 0x82, 0xC9, 0x03, 0x75, 0xCC, 0x86, 0xC9,
+	0x03, 0x75, 0xCC, 0x89, 0xC9, 0x03, 0x75, 0xCC,
+	0x8A, 0xC9, 0x03, 0x75, 0xCC, 0x8B, 0xC9, 0x03,
+	0x75, 0xCC, 0x8C, 0xC9, 0x03, 0x75, 0xCC, 0x8F,
+	0xC9, 0x03, 0x75, 0xCC, 0x91, 0xC9, 0x03, 0x75,
+	// Bytes 3500 - 353f
+	0xCC, 0xA3, 0xB5, 0x03, 0x75, 0xCC, 0xA4, 0xB5,
+	0x03, 0x75, 0xCC, 0xA8, 0xA5, 0x03, 0x75, 0xCC,
+	0xAD, 0xB5, 0x03, 0x75, 0xCC, 0xB0, 0xB5, 0x03,
+	0x76, 0xCC, 0x83, 0xC9, 0x03, 0x76, 0xCC, 0xA3,
+	0xB5, 0x03, 0x77, 0xCC, 0x80, 0xC9, 0x03, 0x77,
+	0xCC, 0x81, 0xC9, 0x03, 0x77, 0xCC, 0x82, 0xC9,
+	0x03, 0x77, 0xCC, 0x87, 0xC9, 0x03, 0x77, 0xCC,
+	0x88, 0xC9, 0x03, 0x77, 0xCC, 0x8A, 0xC9, 0x03,
+	// Bytes 3540 - 357f
+	0x77, 0xCC, 0xA3, 0xB5, 0x03, 0x78, 0xCC, 0x87,
+	0xC9, 0x03, 0x78, 0xCC, 0x88, 0xC9, 0x03, 0x79,
+	0xCC, 0x80, 0xC9, 0x03, 0x79, 0xCC, 0x81, 0xC9,
+	0x03, 0x79, 0xCC, 0x82, 0xC9, 0x03, 0x79, 0xCC,
+	0x83, 0xC9, 0x03, 0x79, 0xCC, 0x84, 0xC9, 0x03,
+	0x79, 0xCC, 0x87, 0xC9, 0x03, 0x79, 0xCC, 0x88,
+	0xC9, 0x03, 0x79, 0xCC, 0x89, 0xC9, 0x03, 0x79,
+	0xCC, 0x8A, 0xC9, 0x03, 0x79, 0xCC, 0xA3, 0xB5,
+	// Bytes 3580 - 35bf
+	0x03, 0x7A, 0xCC, 0x81, 0xC9, 0x03, 0x7A, 0xCC,
+	0x82, 0xC9, 0x03, 0x7A, 0xCC, 0x87, 0xC9, 0x03,
+	0x7A, 0xCC, 0x8C, 0xC9, 0x03, 0x7A, 0xCC, 0xA3,
+	0xB5, 0x03, 0x7A, 0xCC, 0xB1, 0xB5, 0x04, 0xC2,
+	0xA8, 0xCC, 0x80, 0xCA, 0x04, 0xC2, 0xA8, 0xCC,
+	0x81, 0xCA, 0x04, 0xC2, 0xA8, 0xCD, 0x82, 0xCA,
+	0x04, 0xC3, 0x86, 0xCC, 0x81, 0xC9, 0x04, 0xC3,
+	0x86, 0xCC, 0x84, 0xC9, 0x04, 0xC3, 0x98, 0xCC,
+	// Bytes 35c0 - 35ff
+	0x81, 0xC9, 0x04, 0xC3, 0xA6, 0xCC, 0x81, 0xC9,
+	0x04, 0xC3, 0xA6, 0xCC, 0x84, 0xC9, 0x04, 0xC3,
+	0xB8, 0xCC, 0x81, 0xC9, 0x04, 0xC5, 0xBF, 0xCC,
+	0x87, 0xC9, 0x04, 0xC6, 0xB7, 0xCC, 0x8C, 0xC9,
+	0x04, 0xCA, 0x92, 0xCC, 0x8C, 0xC9, 0x04, 0xCE,
+	0x91, 0xCC, 0x80, 0xC9, 0x04, 0xCE, 0x91, 0xCC,
+	0x81, 0xC9, 0x04, 0xCE, 0x91, 0xCC, 0x84, 0xC9,
+	0x04, 0xCE, 0x91, 0xCC, 0x86, 0xC9, 0x04, 0xCE,
+	// Bytes 3600 - 363f
+	0x91, 0xCD, 0x85, 0xD9, 0x04, 0xCE, 0x95, 0xCC,
+	0x80, 0xC9, 0x04, 0xCE, 0x95, 0xCC, 0x81, 0xC9,
+	0x04, 0xCE, 0x97, 0xCC, 0x80, 0xC9, 0x04, 0xCE,
+	0x97, 0xCC, 0x81, 0xC9, 0x04, 0xCE, 0x97, 0xCD,
+	0x85, 0xD9, 0x04, 0xCE, 0x99, 0xCC, 0x80, 0xC9,
+	0x04, 0xCE, 0x99, 0xCC, 0x81, 0xC9, 0x04, 0xCE,
+	0x99, 0xCC, 0x84, 0xC9, 0x04, 0xCE, 0x99, 0xCC,
+	0x86, 0xC9, 0x04, 0xCE, 0x99, 0xCC, 0x88, 0xC9,
+	// Bytes 3640 - 367f
+	0x04, 0xCE, 0x9F, 0xCC, 0x80, 0xC9, 0x04, 0xCE,
+	0x9F, 0xCC, 0x81, 0xC9, 0x04, 0xCE, 0xA1, 0xCC,
+	0x94, 0xC9, 0x04, 0xCE, 0xA5, 0xCC, 0x80, 0xC9,
+	0x04, 0xCE, 0xA5, 0xCC, 0x81, 0xC9, 0x04, 0xCE,
+	0xA5, 0xCC, 0x84, 0xC9, 0x04, 0xCE, 0xA5, 0xCC,
+	0x86, 0xC9, 0x04, 0xCE, 0xA5, 0xCC, 0x88, 0xC9,
+	0x04, 0xCE, 0xA9, 0xCC, 0x80, 0xC9, 0x04, 0xCE,
+	0xA9, 0xCC, 0x81, 0xC9, 0x04, 0xCE, 0xA9, 0xCD,
+	// Bytes 3680 - 36bf
+	0x85, 0xD9, 0x04, 0xCE, 0xB1, 0xCC, 0x84, 0xC9,
+	0x04, 0xCE, 0xB1, 0xCC, 0x86, 0xC9, 0x04, 0xCE,
+	0xB1, 0xCD, 0x85, 0xD9, 0x04, 0xCE, 0xB5, 0xCC,
+	0x80, 0xC9, 0x04, 0xCE, 0xB5, 0xCC, 0x81, 0xC9,
+	0x04, 0xCE, 0xB7, 0xCD, 0x85, 0xD9, 0x04, 0xCE,
+	0xB9, 0xCC, 0x80, 0xC9, 0x04, 0xCE, 0xB9, 0xCC,
+	0x81, 0xC9, 0x04, 0xCE, 0xB9, 0xCC, 0x84, 0xC9,
+	0x04, 0xCE, 0xB9, 0xCC, 0x86, 0xC9, 0x04, 0xCE,
+	// Bytes 36c0 - 36ff
+	0xB9, 0xCD, 0x82, 0xC9, 0x04, 0xCE, 0xBF, 0xCC,
+	0x80, 0xC9, 0x04, 0xCE, 0xBF, 0xCC, 0x81, 0xC9,
+	0x04, 0xCF, 0x81, 0xCC, 0x93, 0xC9, 0x04, 0xCF,
+	0x81, 0xCC, 0x94, 0xC9, 0x04, 0xCF, 0x85, 0xCC,
+	0x80, 0xC9, 0x04, 0xCF, 0x85, 0xCC, 0x81, 0xC9,
+	0x04, 0xCF, 0x85, 0xCC, 0x84, 0xC9, 0x04, 0xCF,
+	0x85, 0xCC, 0x86, 0xC9, 0x04, 0xCF, 0x85, 0xCD,
+	0x82, 0xC9, 0x04, 0xCF, 0x89, 0xCD, 0x85, 0xD9,
+	// Bytes 3700 - 373f
+	0x04, 0xCF, 0x92, 0xCC, 0x81, 0xC9, 0x04, 0xCF,
+	0x92, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x86, 0xCC,
+	0x88, 0xC9, 0x04, 0xD0, 0x90, 0xCC, 0x86, 0xC9,
+	0x04, 0xD0, 0x90, 0xCC, 0x88, 0xC9, 0x04, 0xD0,
+	0x93, 0xCC, 0x81, 0xC9, 0x04, 0xD0, 0x95, 0xCC,
+	0x80, 0xC9, 0x04, 0xD0, 0x95, 0xCC, 0x86, 0xC9,
+	0x04, 0xD0, 0x95, 0xCC, 0x88, 0xC9, 0x04, 0xD0,
+	0x96, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0x96, 0xCC,
+	// Bytes 3740 - 377f
+	0x88, 0xC9, 0x04, 0xD0, 0x97, 0xCC, 0x88, 0xC9,
+	0x04, 0xD0, 0x98, 0xCC, 0x80, 0xC9, 0x04, 0xD0,
+	0x98, 0xCC, 0x84, 0xC9, 0x04, 0xD0, 0x98, 0xCC,
+	0x86, 0xC9, 0x04, 0xD0, 0x98, 0xCC, 0x88, 0xC9,
+	0x04, 0xD0, 0x9A, 0xCC, 0x81, 0xC9, 0x04, 0xD0,
+	0x9E, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xA3, 0xCC,
+	0x84, 0xC9, 0x04, 0xD0, 0xA3, 0xCC, 0x86, 0xC9,
+	0x04, 0xD0, 0xA3, 0xCC, 0x88, 0xC9, 0x04, 0xD0,
+	// Bytes 3780 - 37bf
+	0xA3, 0xCC, 0x8B, 0xC9, 0x04, 0xD0, 0xA7, 0xCC,
+	0x88, 0xC9, 0x04, 0xD0, 0xAB, 0xCC, 0x88, 0xC9,
+	0x04, 0xD0, 0xAD, 0xCC, 0x88, 0xC9, 0x04, 0xD0,
+	0xB0, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0xB0, 0xCC,
+	0x88, 0xC9, 0x04, 0xD0, 0xB3, 0xCC, 0x81, 0xC9,
+	0x04, 0xD0, 0xB5, 0xCC, 0x80, 0xC9, 0x04, 0xD0,
+	0xB5, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0xB5, 0xCC,
+	0x88, 0xC9, 0x04, 0xD0, 0xB6, 0xCC, 0x86, 0xC9,
+	// Bytes 37c0 - 37ff
+	0x04, 0xD0, 0xB6, 0xCC, 0x88, 0xC9, 0x04, 0xD0,
+	0xB7, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xB8, 0xCC,
+	0x80, 0xC9, 0x04, 0xD0, 0xB8, 0xCC, 0x84, 0xC9,
+	0x04, 0xD0, 0xB8, 0xCC, 0x86, 0xC9, 0x04, 0xD0,
+	0xB8, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xBA, 0xCC,
+	0x81, 0xC9, 0x04, 0xD0, 0xBE, 0xCC, 0x88, 0xC9,
+	0x04, 0xD1, 0x83, 0xCC, 0x84, 0xC9, 0x04, 0xD1,
+	0x83, 0xCC, 0x86, 0xC9, 0x04, 0xD1, 0x83, 0xCC,
+	// Bytes 3800 - 383f
+	0x88, 0xC9, 0x04, 0xD1, 0x83, 0xCC, 0x8B, 0xC9,
+	0x04, 0xD1, 0x87, 0xCC, 0x88, 0xC9, 0x04, 0xD1,
+	0x8B, 0xCC, 0x88, 0xC9, 0x04, 0xD1, 0x8D, 0xCC,
+	0x88, 0xC9, 0x04, 0xD1, 0x96, 0xCC, 0x88, 0xC9,
+	0x04, 0xD1, 0xB4, 0xCC, 0x8F, 0xC9, 0x04, 0xD1,
+	0xB5, 0xCC, 0x8F, 0xC9, 0x04, 0xD3, 0x98, 0xCC,
+	0x88, 0xC9, 0x04, 0xD3, 0x99, 0xCC, 0x88, 0xC9,
+	0x04, 0xD3, 0xA8, 0xCC, 0x88, 0xC9, 0x04, 0xD3,
+	// Bytes 3840 - 387f
+	0xA9, 0xCC, 0x88, 0xC9, 0x04, 0xD8, 0xA7, 0xD9,
+	0x93, 0xC9, 0x04, 0xD8, 0xA7, 0xD9, 0x94, 0xC9,
+	0x04, 0xD8, 0xA7, 0xD9, 0x95, 0xB5, 0x04, 0xD9,
+	0x88, 0xD9, 0x94, 0xC9, 0x04, 0xD9, 0x8A, 0xD9,
+	0x94, 0xC9, 0x04, 0xDB, 0x81, 0xD9, 0x94, 0xC9,
+	0x04, 0xDB, 0x92, 0xD9, 0x94, 0xC9, 0x04, 0xDB,
+	0x95, 0xD9, 0x94, 0xC9, 0x05, 0x41, 0xCC, 0x82,
+	0xCC, 0x80, 0xCA, 0x05, 0x41, 0xCC, 0x82, 0xCC,
+	// Bytes 3880 - 38bf
+	0x81, 0xCA, 0x05, 0x41, 0xCC, 0x82, 0xCC, 0x83,
+	0xCA, 0x05, 0x41, 0xCC, 0x82, 0xCC, 0x89, 0xCA,
+	0x05, 0x41, 0xCC, 0x86, 0xCC, 0x80, 0xCA, 0x05,
+	0x41, 0xCC, 0x86, 0xCC, 0x81, 0xCA, 0x05, 0x41,
+	0xCC, 0x86, 0xCC, 0x83, 0xCA, 0x05, 0x41, 0xCC,
+	0x86, 0xCC, 0x89, 0xCA, 0x05, 0x41, 0xCC, 0x87,
+	0xCC, 0x84, 0xCA, 0x05, 0x41, 0xCC, 0x88, 0xCC,
+	0x84, 0xCA, 0x05, 0x41, 0xCC, 0x8A, 0xCC, 0x81,
+	// Bytes 38c0 - 38ff
+	0xCA, 0x05, 0x41, 0xCC, 0xA3, 0xCC, 0x82, 0xCA,
+	0x05, 0x41, 0xCC, 0xA3, 0xCC, 0x86, 0xCA, 0x05,
+	0x43, 0xCC, 0xA7, 0xCC, 0x81, 0xCA, 0x05, 0x45,
+	0xCC, 0x82, 0xCC, 0x80, 0xCA, 0x05, 0x45, 0xCC,
+	0x82, 0xCC, 0x81, 0xCA, 0x05, 0x45, 0xCC, 0x82,
+	0xCC, 0x83, 0xCA, 0x05, 0x45, 0xCC, 0x82, 0xCC,
+	0x89, 0xCA, 0x05, 0x45, 0xCC, 0x84, 0xCC, 0x80,
+	0xCA, 0x05, 0x45, 0xCC, 0x84, 0xCC, 0x81, 0xCA,
+	// Bytes 3900 - 393f
+	0x05, 0x45, 0xCC, 0xA3, 0xCC, 0x82, 0xCA, 0x05,
+	0x45, 0xCC, 0xA7, 0xCC, 0x86, 0xCA, 0x05, 0x49,
+	0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x05, 0x4C, 0xCC,
+	0xA3, 0xCC, 0x84, 0xCA, 0x05, 0x4F, 0xCC, 0x82,
+	0xCC, 0x80, 0xCA, 0x05, 0x4F, 0xCC, 0x82, 0xCC,
+	0x81, 0xCA, 0x05, 0x4F, 0xCC, 0x82, 0xCC, 0x83,
+	0xCA, 0x05, 0x4F, 0xCC, 0x82, 0xCC, 0x89, 0xCA,
+	0x05, 0x4F, 0xCC, 0x83, 0xCC, 0x81, 0xCA, 0x05,
+	// Bytes 3940 - 397f
+	0x4F, 0xCC, 0x83, 0xCC, 0x84, 0xCA, 0x05, 0x4F,
+	0xCC, 0x83, 0xCC, 0x88, 0xCA, 0x05, 0x4F, 0xCC,
+	0x84, 0xCC, 0x80, 0xCA, 0x05, 0x4F, 0xCC, 0x84,
+	0xCC, 0x81, 0xCA, 0x05, 0x4F, 0xCC, 0x87, 0xCC,
+	0x84, 0xCA, 0x05, 0x4F, 0xCC, 0x88, 0xCC, 0x84,
+	0xCA, 0x05, 0x4F, 0xCC, 0x9B, 0xCC, 0x80, 0xCA,
+	0x05, 0x4F, 0xCC, 0x9B, 0xCC, 0x81, 0xCA, 0x05,
+	0x4F, 0xCC, 0x9B, 0xCC, 0x83, 0xCA, 0x05, 0x4F,
+	// Bytes 3980 - 39bf
+	0xCC, 0x9B, 0xCC, 0x89, 0xCA, 0x05, 0x4F, 0xCC,
+	0x9B, 0xCC, 0xA3, 0xB6, 0x05, 0x4F, 0xCC, 0xA3,
+	0xCC, 0x82, 0xCA, 0x05, 0x4F, 0xCC, 0xA8, 0xCC,
+	0x84, 0xCA, 0x05, 0x52, 0xCC, 0xA3, 0xCC, 0x84,
+	0xCA, 0x05, 0x53, 0xCC, 0x81, 0xCC, 0x87, 0xCA,
+	0x05, 0x53, 0xCC, 0x8C, 0xCC, 0x87, 0xCA, 0x05,
+	0x53, 0xCC, 0xA3, 0xCC, 0x87, 0xCA, 0x05, 0x55,
+	0xCC, 0x83, 0xCC, 0x81, 0xCA, 0x05, 0x55, 0xCC,
+	// Bytes 39c0 - 39ff
+	0x84, 0xCC, 0x88, 0xCA, 0x05, 0x55, 0xCC, 0x88,
+	0xCC, 0x80, 0xCA, 0x05, 0x55, 0xCC, 0x88, 0xCC,
+	0x81, 0xCA, 0x05, 0x55, 0xCC, 0x88, 0xCC, 0x84,
+	0xCA, 0x05, 0x55, 0xCC, 0x88, 0xCC, 0x8C, 0xCA,
+	0x05, 0x55, 0xCC, 0x9B, 0xCC, 0x80, 0xCA, 0x05,
+	0x55, 0xCC, 0x9B, 0xCC, 0x81, 0xCA, 0x05, 0x55,
+	0xCC, 0x9B, 0xCC, 0x83, 0xCA, 0x05, 0x55, 0xCC,
+	0x9B, 0xCC, 0x89, 0xCA, 0x05, 0x55, 0xCC, 0x9B,
+	// Bytes 3a00 - 3a3f
+	0xCC, 0xA3, 0xB6, 0x05, 0x61, 0xCC, 0x82, 0xCC,
+	0x80, 0xCA, 0x05, 0x61, 0xCC, 0x82, 0xCC, 0x81,
+	0xCA, 0x05, 0x61, 0xCC, 0x82, 0xCC, 0x83, 0xCA,
+	0x05, 0x61, 0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05,
+	0x61, 0xCC, 0x86, 0xCC, 0x80, 0xCA, 0x05, 0x61,
+	0xCC, 0x86, 0xCC, 0x81, 0xCA, 0x05, 0x61, 0xCC,
+	0x86, 0xCC, 0x83, 0xCA, 0x05, 0x61, 0xCC, 0x86,
+	0xCC, 0x89, 0xCA, 0x05, 0x61, 0xCC, 0x87, 0xCC,
+	// Bytes 3a40 - 3a7f
+	0x84, 0xCA, 0x05, 0x61, 0xCC, 0x88, 0xCC, 0x84,
+	0xCA, 0x05, 0x61, 0xCC, 0x8A, 0xCC, 0x81, 0xCA,
+	0x05, 0x61, 0xCC, 0xA3, 0xCC, 0x82, 0xCA, 0x05,
+	0x61, 0xCC, 0xA3, 0xCC, 0x86, 0xCA, 0x05, 0x63,
+	0xCC, 0xA7, 0xCC, 0x81, 0xCA, 0x05, 0x65, 0xCC,
+	0x82, 0xCC, 0x80, 0xCA, 0x05, 0x65, 0xCC, 0x82,
+	0xCC, 0x81, 0xCA, 0x05, 0x65, 0xCC, 0x82, 0xCC,
+	0x83, 0xCA, 0x05, 0x65, 0xCC, 0x82, 0xCC, 0x89,
+	// Bytes 3a80 - 3abf
+	0xCA, 0x05, 0x65, 0xCC, 0x84, 0xCC, 0x80, 0xCA,
+	0x05, 0x65, 0xCC, 0x84, 0xCC, 0x81, 0xCA, 0x05,
+	0x65, 0xCC, 0xA3, 0xCC, 0x82, 0xCA, 0x05, 0x65,
+	0xCC, 0xA7, 0xCC, 0x86, 0xCA, 0x05, 0x69, 0xCC,
+	0x88, 0xCC, 0x81, 0xCA, 0x05, 0x6C, 0xCC, 0xA3,
+	0xCC, 0x84, 0xCA, 0x05, 0x6F, 0xCC, 0x82, 0xCC,
+	0x80, 0xCA, 0x05, 0x6F, 0xCC, 0x82, 0xCC, 0x81,
+	0xCA, 0x05, 0x6F, 0xCC, 0x82, 0xCC, 0x83, 0xCA,
+	// Bytes 3ac0 - 3aff
+	0x05, 0x6F, 0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05,
+	0x6F, 0xCC, 0x83, 0xCC, 0x81, 0xCA, 0x05, 0x6F,
+	0xCC, 0x83, 0xCC, 0x84, 0xCA, 0x05, 0x6F, 0xCC,
+	0x83, 0xCC, 0x88, 0xCA, 0x05, 0x6F, 0xCC, 0x84,
+	0xCC, 0x80, 0xCA, 0x05, 0x6F, 0xCC, 0x84, 0xCC,
+	0x81, 0xCA, 0x05, 0x6F, 0xCC, 0x87, 0xCC, 0x84,
+	0xCA, 0x05, 0x6F, 0xCC, 0x88, 0xCC, 0x84, 0xCA,
+	0x05, 0x6F, 0xCC, 0x9B, 0xCC, 0x80, 0xCA, 0x05,
+	// Bytes 3b00 - 3b3f
+	0x6F, 0xCC, 0x9B, 0xCC, 0x81, 0xCA, 0x05, 0x6F,
+	0xCC, 0x9B, 0xCC, 0x83, 0xCA, 0x05, 0x6F, 0xCC,
+	0x9B, 0xCC, 0x89, 0xCA, 0x05, 0x6F, 0xCC, 0x9B,
+	0xCC, 0xA3, 0xB6, 0x05, 0x6F, 0xCC, 0xA3, 0xCC,
+	0x82, 0xCA, 0x05, 0x6F, 0xCC, 0xA8, 0xCC, 0x84,
+	0xCA, 0x05, 0x72, 0xCC, 0xA3, 0xCC, 0x84, 0xCA,
+	0x05, 0x73, 0xCC, 0x81, 0xCC, 0x87, 0xCA, 0x05,
+	0x73, 0xCC, 0x8C, 0xCC, 0x87, 0xCA, 0x05, 0x73,
+	// Bytes 3b40 - 3b7f
+	0xCC, 0xA3, 0xCC, 0x87, 0xCA, 0x05, 0x75, 0xCC,
+	0x83, 0xCC, 0x81, 0xCA, 0x05, 0x75, 0xCC, 0x84,
+	0xCC, 0x88, 0xCA, 0x05, 0x75, 0xCC, 0x88, 0xCC,
+	0x80, 0xCA, 0x05, 0x75, 0xCC, 0x88, 0xCC, 0x81,
+	0xCA, 0x05, 0x75, 0xCC, 0x88, 0xCC, 0x84, 0xCA,
+	0x05, 0x75, 0xCC, 0x88, 0xCC, 0x8C, 0xCA, 0x05,
+	0x75, 0xCC, 0x9B, 0xCC, 0x80, 0xCA, 0x05, 0x75,
+	0xCC, 0x9B, 0xCC, 0x81, 0xCA, 0x05, 0x75, 0xCC,
+	// Bytes 3b80 - 3bbf
+	0x9B, 0xCC, 0x83, 0xCA, 0x05, 0x75, 0xCC, 0x9B,
+	0xCC, 0x89, 0xCA, 0x05, 0x75, 0xCC, 0x9B, 0xCC,
+	0xA3, 0xB6, 0x05, 0xE1, 0xBE, 0xBF, 0xCC, 0x80,
+	0xCA, 0x05, 0xE1, 0xBE, 0xBF, 0xCC, 0x81, 0xCA,
+	0x05, 0xE1, 0xBE, 0xBF, 0xCD, 0x82, 0xCA, 0x05,
+	0xE1, 0xBF, 0xBE, 0xCC, 0x80, 0xCA, 0x05, 0xE1,
+	0xBF, 0xBE, 0xCC, 0x81, 0xCA, 0x05, 0xE1, 0xBF,
+	0xBE, 0xCD, 0x82, 0xCA, 0x05, 0xE2, 0x86, 0x90,
+	// Bytes 3bc0 - 3bff
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x86, 0x92, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x86, 0x94, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x87, 0x90, 0xCC, 0xB8, 0x05,
+	0x05, 0xE2, 0x87, 0x92, 0xCC, 0xB8, 0x05, 0x05,
+	0xE2, 0x87, 0x94, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x88, 0x83, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x88,
+	0x88, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x88, 0x8B,
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x88, 0xA3, 0xCC,
+	// Bytes 3c00 - 3c3f
+	0xB8, 0x05, 0x05, 0xE2, 0x88, 0xA5, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x88, 0xBC, 0xCC, 0xB8, 0x05,
+	0x05, 0xE2, 0x89, 0x83, 0xCC, 0xB8, 0x05, 0x05,
+	0xE2, 0x89, 0x85, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x89, 0x88, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89,
+	0x8D, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0xA1,
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0xA4, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x89, 0xA5, 0xCC, 0xB8,
+	// Bytes 3c40 - 3c7f
+	0x05, 0x05, 0xE2, 0x89, 0xB2, 0xCC, 0xB8, 0x05,
+	0x05, 0xE2, 0x89, 0xB3, 0xCC, 0xB8, 0x05, 0x05,
+	0xE2, 0x89, 0xB6, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x89, 0xB7, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89,
+	0xBA, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0xBB,
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0xBC, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x89, 0xBD, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x8A, 0x82, 0xCC, 0xB8, 0x05,
+	// Bytes 3c80 - 3cbf
+	0x05, 0xE2, 0x8A, 0x83, 0xCC, 0xB8, 0x05, 0x05,
+	0xE2, 0x8A, 0x86, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x8A, 0x87, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A,
+	0x91, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0x92,
+	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xA2, 0xCC,
+	0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xA8, 0xCC, 0xB8,
+	0x05, 0x05, 0xE2, 0x8A, 0xA9, 0xCC, 0xB8, 0x05,
+	0x05, 0xE2, 0x8A, 0xAB, 0xCC, 0xB8, 0x05, 0x05,
+	// Bytes 3cc0 - 3cff
+	0xE2, 0x8A, 0xB2, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
+	0x8A, 0xB3, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A,
+	0xB4, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xB5,
+	0xCC, 0xB8, 0x05, 0x06, 0xCE, 0x91, 0xCC, 0x93,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0x91, 0xCC, 0x94,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0x95, 0xCC, 0x93,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0x95, 0xCC, 0x93,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0x95, 0xCC, 0x94,
+	// Bytes 3d00 - 3d3f
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0x95, 0xCC, 0x94,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0x97, 0xCC, 0x93,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0x97, 0xCC, 0x94,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0x99, 0xCC, 0x93,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0x99, 0xCC, 0x93,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0x99, 0xCC, 0x93,
+	0xCD, 0x82, 0xCA, 0x06, 0xCE, 0x99, 0xCC, 0x94,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0x99, 0xCC, 0x94,
+	// Bytes 3d40 - 3d7f
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0x99, 0xCC, 0x94,
+	0xCD, 0x82, 0xCA, 0x06, 0xCE, 0x9F, 0xCC, 0x93,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0x9F, 0xCC, 0x93,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0x9F, 0xCC, 0x94,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0x9F, 0xCC, 0x94,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0xA5, 0xCC, 0x94,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0xA5, 0xCC, 0x94,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0xA5, 0xCC, 0x94,
+	// Bytes 3d80 - 3dbf
+	0xCD, 0x82, 0xCA, 0x06, 0xCE, 0xA9, 0xCC, 0x93,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xA9, 0xCC, 0x94,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB1, 0xCC, 0x80,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB1, 0xCC, 0x81,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB1, 0xCC, 0x93,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB1, 0xCC, 0x94,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB1, 0xCD, 0x82,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB5, 0xCC, 0x93,
+	// Bytes 3dc0 - 3dff
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0xB5, 0xCC, 0x93,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0xB5, 0xCC, 0x94,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0xB5, 0xCC, 0x94,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0xB7, 0xCC, 0x80,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB7, 0xCC, 0x81,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB7, 0xCC, 0x93,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB7, 0xCC, 0x94,
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB7, 0xCD, 0x82,
+	// Bytes 3e00 - 3e3f
+	0xCD, 0x85, 0xDA, 0x06, 0xCE, 0xB9, 0xCC, 0x88,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0xB9, 0xCC, 0x88,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0xB9, 0xCC, 0x88,
+	0xCD, 0x82, 0xCA, 0x06, 0xCE, 0xB9, 0xCC, 0x93,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0xB9, 0xCC, 0x93,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0xB9, 0xCC, 0x93,
+	0xCD, 0x82, 0xCA, 0x06, 0xCE, 0xB9, 0xCC, 0x94,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0xB9, 0xCC, 0x94,
+	// Bytes 3e40 - 3e7f
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0xB9, 0xCC, 0x94,
+	0xCD, 0x82, 0xCA, 0x06, 0xCE, 0xBF, 0xCC, 0x93,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0xBF, 0xCC, 0x93,
+	0xCC, 0x81, 0xCA, 0x06, 0xCE, 0xBF, 0xCC, 0x94,
+	0xCC, 0x80, 0xCA, 0x06, 0xCE, 0xBF, 0xCC, 0x94,
+	0xCC, 0x81, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x88,
+	0xCC, 0x80, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x88,
+	0xCC, 0x81, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x88,
+	// Bytes 3e80 - 3ebf
+	0xCD, 0x82, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x93,
+	0xCC, 0x80, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x93,
+	0xCC, 0x81, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x93,
+	0xCD, 0x82, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x94,
+	0xCC, 0x80, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x94,
+	0xCC, 0x81, 0xCA, 0x06, 0xCF, 0x85, 0xCC, 0x94,
+	0xCD, 0x82, 0xCA, 0x06, 0xCF, 0x89, 0xCC, 0x80,
+	0xCD, 0x85, 0xDA, 0x06, 0xCF, 0x89, 0xCC, 0x81,
+	// Bytes 3ec0 - 3eff
+	0xCD, 0x85, 0xDA, 0x06, 0xCF, 0x89, 0xCC, 0x93,
+	0xCD, 0x85, 0xDA, 0x06, 0xCF, 0x89, 0xCC, 0x94,
+	0xCD, 0x85, 0xDA, 0x06, 0xCF, 0x89, 0xCD, 0x82,
+	0xCD, 0x85, 0xDA, 0x06, 0xE0, 0xA4, 0xA8, 0xE0,
+	0xA4, 0xBC, 0x09, 0x06, 0xE0, 0xA4, 0xB0, 0xE0,
+	0xA4, 0xBC, 0x09, 0x06, 0xE0, 0xA4, 0xB3, 0xE0,
+	0xA4, 0xBC, 0x09, 0x06, 0xE0, 0xB1, 0x86, 0xE0,
+	0xB1, 0x96, 0x85, 0x06, 0xE0, 0xB7, 0x99, 0xE0,
+	// Bytes 3f00 - 3f3f
+	0xB7, 0x8A, 0x11, 0x06, 0xE3, 0x81, 0x86, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x8B, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x8D, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x8F, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x91, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x93, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x95, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x97, 0xE3,
+	// Bytes 3f40 - 3f7f
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x99, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x9B, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x9D, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0x9F, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xA1, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xA4, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xA6, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xA8, 0xE3,
+	// Bytes 3f80 - 3fbf
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xAF, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xAF, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x81, 0xB2, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xB2, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x81, 0xB5, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xB5, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x81, 0xB8, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xB8, 0xE3,
+	// Bytes 3fc0 - 3fff
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x81, 0xBB, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x81, 0xBB, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x82, 0x9D, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xA6, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xAB, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xAD, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xAF, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xB1, 0xE3,
+	// Bytes 4000 - 403f
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xB3, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xB5, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xB7, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xB9, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xBB, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xBD, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x82, 0xBF, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x81, 0xE3,
+	// Bytes 4040 - 407f
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x84, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x86, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x88, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x8F, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x8F, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x83, 0x92, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x92, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x83, 0x95, 0xE3,
+	// Bytes 4080 - 40bf
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x95, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x83, 0x98, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x98, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x83, 0x9B, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0x9B, 0xE3,
+	0x82, 0x9A, 0x0D, 0x06, 0xE3, 0x83, 0xAF, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0xB0, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0xB1, 0xE3,
+	// Bytes 40c0 - 40ff
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0xB2, 0xE3,
+	0x82, 0x99, 0x0D, 0x06, 0xE3, 0x83, 0xBD, 0xE3,
+	0x82, 0x99, 0x0D, 0x08, 0xCE, 0x91, 0xCC, 0x93,
+	0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x91,
+	0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08,
+	0xCE, 0x91, 0xCC, 0x93, 0xCD, 0x82, 0xCD, 0x85,
+	0xDB, 0x08, 0xCE, 0x91, 0xCC, 0x94, 0xCC, 0x80,
+	0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x91, 0xCC, 0x94,
+	// Bytes 4100 - 413f
+	0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x91,
+	0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08,
+	0xCE, 0x97, 0xCC, 0x93, 0xCC, 0x80, 0xCD, 0x85,
+	0xDB, 0x08, 0xCE, 0x97, 0xCC, 0x93, 0xCC, 0x81,
+	0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x97, 0xCC, 0x93,
+	0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x97,
+	0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08,
+	0xCE, 0x97, 0xCC, 0x94, 0xCC, 0x81, 0xCD, 0x85,
+	// Bytes 4140 - 417f
+	0xDB, 0x08, 0xCE, 0x97, 0xCC, 0x94, 0xCD, 0x82,
+	0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xA9, 0xCC, 0x93,
+	0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xA9,
+	0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08,
+	0xCE, 0xA9, 0xCC, 0x93, 0xCD, 0x82, 0xCD, 0x85,
+	0xDB, 0x08, 0xCE, 0xA9, 0xCC, 0x94, 0xCC, 0x80,
+	0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xA9, 0xCC, 0x94,
+	0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xA9,
+	// Bytes 4180 - 41bf
+	0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08,
+	0xCE, 0xB1, 0xCC, 0x93, 0xCC, 0x80, 0xCD, 0x85,
+	0xDB, 0x08, 0xCE, 0xB1, 0xCC, 0x93, 0xCC, 0x81,
+	0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB1, 0xCC, 0x93,
+	0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB1,
+	0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08,
+	0xCE, 0xB1, 0xCC, 0x94, 0xCC, 0x81, 0xCD, 0x85,
+	0xDB, 0x08, 0xCE, 0xB1, 0xCC, 0x94, 0xCD, 0x82,
+	// Bytes 41c0 - 41ff
+	0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB7, 0xCC, 0x93,
+	0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB7,
+	0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08,
+	0xCE, 0xB7, 0xCC, 0x93, 0xCD, 0x82, 0xCD, 0x85,
+	0xDB, 0x08, 0xCE, 0xB7, 0xCC, 0x94, 0xCC, 0x80,
+	0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB7, 0xCC, 0x94,
+	0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB7,
+	0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08,
+	// Bytes 4200 - 423f
+	0xCF, 0x89, 0xCC, 0x93, 0xCC, 0x80, 0xCD, 0x85,
+	0xDB, 0x08, 0xCF, 0x89, 0xCC, 0x93, 0xCC, 0x81,
+	0xCD, 0x85, 0xDB, 0x08, 0xCF, 0x89, 0xCC, 0x93,
+	0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCF, 0x89,
+	0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08,
+	0xCF, 0x89, 0xCC, 0x94, 0xCC, 0x81, 0xCD, 0x85,
+	0xDB, 0x08, 0xCF, 0x89, 0xCC, 0x94, 0xCD, 0x82,
+	0xCD, 0x85, 0xDB, 0x08, 0xF0, 0x91, 0x82, 0x99,
+	// Bytes 4240 - 427f
+	0xF0, 0x91, 0x82, 0xBA, 0x09, 0x08, 0xF0, 0x91,
+	0x82, 0x9B, 0xF0, 0x91, 0x82, 0xBA, 0x09, 0x08,
+	0xF0, 0x91, 0x82, 0xA5, 0xF0, 0x91, 0x82, 0xBA,
+	0x09, 0x42, 0xC2, 0xB4, 0x01, 0x43, 0x20, 0xCC,
+	0x81, 0xC9, 0x43, 0x20, 0xCC, 0x83, 0xC9, 0x43,
+	0x20, 0xCC, 0x84, 0xC9, 0x43, 0x20, 0xCC, 0x85,
+	0xC9, 0x43, 0x20, 0xCC, 0x86, 0xC9, 0x43, 0x20,
+	0xCC, 0x87, 0xC9, 0x43, 0x20, 0xCC, 0x88, 0xC9,
+	// Bytes 4280 - 42bf
+	0x43, 0x20, 0xCC, 0x8A, 0xC9, 0x43, 0x20, 0xCC,
+	0x8B, 0xC9, 0x43, 0x20, 0xCC, 0x93, 0xC9, 0x43,
+	0x20, 0xCC, 0x94, 0xC9, 0x43, 0x20, 0xCC, 0xA7,
+	0xA5, 0x43, 0x20, 0xCC, 0xA8, 0xA5, 0x43, 0x20,
+	0xCC, 0xB3, 0xB5, 0x43, 0x20, 0xCD, 0x82, 0xC9,
+	0x43, 0x20, 0xCD, 0x85, 0xD9, 0x43, 0x20, 0xD9,
+	0x8B, 0x59, 0x43, 0x20, 0xD9, 0x8C, 0x5D, 0x43,
+	0x20, 0xD9, 0x8D, 0x61, 0x43, 0x20, 0xD9, 0x8E,
+	// Bytes 42c0 - 42ff
+	0x65, 0x43, 0x20, 0xD9, 0x8F, 0x69, 0x43, 0x20,
+	0xD9, 0x90, 0x6D, 0x43, 0x20, 0xD9, 0x91, 0x71,
+	0x43, 0x20, 0xD9, 0x92, 0x75, 0x43, 0x41, 0xCC,
+	0x8A, 0xC9, 0x43, 0x73, 0xCC, 0x87, 0xC9, 0x44,
+	0x20, 0xE3, 0x82, 0x99, 0x0D, 0x44, 0x20, 0xE3,
+	0x82, 0x9A, 0x0D, 0x44, 0xC2, 0xA8, 0xCC, 0x81,
+	0xCA, 0x44, 0xCE, 0x91, 0xCC, 0x81, 0xC9, 0x44,
+	0xCE, 0x95, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0x97,
+	// Bytes 4300 - 433f
+	0xCC, 0x81, 0xC9, 0x44, 0xCE, 0x99, 0xCC, 0x81,
+	0xC9, 0x44, 0xCE, 0x9F, 0xCC, 0x81, 0xC9, 0x44,
+	0xCE, 0xA5, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0xA5,
+	0xCC, 0x88, 0xC9, 0x44, 0xCE, 0xA9, 0xCC, 0x81,
+	0xC9, 0x44, 0xCE, 0xB1, 0xCC, 0x81, 0xC9, 0x44,
+	0xCE, 0xB5, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0xB7,
+	0xCC, 0x81, 0xC9, 0x44, 0xCE, 0xB9, 0xCC, 0x81,
+	0xC9, 0x44, 0xCE, 0xBF, 0xCC, 0x81, 0xC9, 0x44,
+	// Bytes 4340 - 437f
+	0xCF, 0x85, 0xCC, 0x81, 0xC9, 0x44, 0xCF, 0x89,
+	0xCC, 0x81, 0xC9, 0x44, 0xD7, 0x90, 0xD6, 0xB7,
+	0x31, 0x44, 0xD7, 0x90, 0xD6, 0xB8, 0x35, 0x44,
+	0xD7, 0x90, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x91,
+	0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x91, 0xD6, 0xBF,
+	0x49, 0x44, 0xD7, 0x92, 0xD6, 0xBC, 0x41, 0x44,
+	0xD7, 0x93, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x94,
+	0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x95, 0xD6, 0xB9,
+	// Bytes 4380 - 43bf
+	0x39, 0x44, 0xD7, 0x95, 0xD6, 0xBC, 0x41, 0x44,
+	0xD7, 0x96, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x98,
+	0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x99, 0xD6, 0xB4,
+	0x25, 0x44, 0xD7, 0x99, 0xD6, 0xBC, 0x41, 0x44,
+	0xD7, 0x9A, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x9B,
+	0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x9B, 0xD6, 0xBF,
+	0x49, 0x44, 0xD7, 0x9C, 0xD6, 0xBC, 0x41, 0x44,
+	0xD7, 0x9E, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA0,
+	// Bytes 43c0 - 43ff
+	0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA1, 0xD6, 0xBC,
+	0x41, 0x44, 0xD7, 0xA3, 0xD6, 0xBC, 0x41, 0x44,
+	0xD7, 0xA4, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA4,
+	0xD6, 0xBF, 0x49, 0x44, 0xD7, 0xA6, 0xD6, 0xBC,
+	0x41, 0x44, 0xD7, 0xA7, 0xD6, 0xBC, 0x41, 0x44,
+	0xD7, 0xA8, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA9,
+	0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA9, 0xD7, 0x81,
+	0x4D, 0x44, 0xD7, 0xA9, 0xD7, 0x82, 0x51, 0x44,
+	// Bytes 4400 - 443f
+	0xD7, 0xAA, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xB2,
+	0xD6, 0xB7, 0x31, 0x44, 0xD8, 0xA7, 0xD9, 0x8B,
+	0x59, 0x44, 0xD8, 0xA7, 0xD9, 0x93, 0xC9, 0x44,
+	0xD8, 0xA7, 0xD9, 0x94, 0xC9, 0x44, 0xD8, 0xA7,
+	0xD9, 0x95, 0xB5, 0x44, 0xD8, 0xB0, 0xD9, 0xB0,
+	0x79, 0x44, 0xD8, 0xB1, 0xD9, 0xB0, 0x79, 0x44,
+	0xD9, 0x80, 0xD9, 0x8B, 0x59, 0x44, 0xD9, 0x80,
+	0xD9, 0x8E, 0x65, 0x44, 0xD9, 0x80, 0xD9, 0x8F,
+	// Bytes 4440 - 447f
+	0x69, 0x44, 0xD9, 0x80, 0xD9, 0x90, 0x6D, 0x44,
+	0xD9, 0x80, 0xD9, 0x91, 0x71, 0x44, 0xD9, 0x80,
+	0xD9, 0x92, 0x75, 0x44, 0xD9, 0x87, 0xD9, 0xB0,
+	0x79, 0x44, 0xD9, 0x88, 0xD9, 0x94, 0xC9, 0x44,
+	0xD9, 0x89, 0xD9, 0xB0, 0x79, 0x44, 0xD9, 0x8A,
+	0xD9, 0x94, 0xC9, 0x44, 0xDB, 0x92, 0xD9, 0x94,
+	0xC9, 0x44, 0xDB, 0x95, 0xD9, 0x94, 0xC9, 0x45,
+	0x20, 0xCC, 0x88, 0xCC, 0x80, 0xCA, 0x45, 0x20,
+	// Bytes 4480 - 44bf
+	0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x45, 0x20, 0xCC,
+	0x88, 0xCD, 0x82, 0xCA, 0x45, 0x20, 0xCC, 0x93,
+	0xCC, 0x80, 0xCA, 0x45, 0x20, 0xCC, 0x93, 0xCC,
+	0x81, 0xCA, 0x45, 0x20, 0xCC, 0x93, 0xCD, 0x82,
+	0xCA, 0x45, 0x20, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
+	0x45, 0x20, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x45,
+	0x20, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x45, 0x20,
+	0xD9, 0x8C, 0xD9, 0x91, 0x72, 0x45, 0x20, 0xD9,
+	// Bytes 44c0 - 44ff
+	0x8D, 0xD9, 0x91, 0x72, 0x45, 0x20, 0xD9, 0x8E,
+	0xD9, 0x91, 0x72, 0x45, 0x20, 0xD9, 0x8F, 0xD9,
+	0x91, 0x72, 0x45, 0x20, 0xD9, 0x90, 0xD9, 0x91,
+	0x72, 0x45, 0x20, 0xD9, 0x91, 0xD9, 0xB0, 0x7A,
+	0x45, 0xE2, 0xAB, 0x9D, 0xCC, 0xB8, 0x05, 0x46,
+	0xCE, 0xB9, 0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x46,
+	0xCF, 0x85, 0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x46,
+	0xD7, 0xA9, 0xD6, 0xBC, 0xD7, 0x81, 0x4E, 0x46,
+	// Bytes 4500 - 453f
+	0xD7, 0xA9, 0xD6, 0xBC, 0xD7, 0x82, 0x52, 0x46,
+	0xD9, 0x80, 0xD9, 0x8E, 0xD9, 0x91, 0x72, 0x46,
+	0xD9, 0x80, 0xD9, 0x8F, 0xD9, 0x91, 0x72, 0x46,
+	0xD9, 0x80, 0xD9, 0x90, 0xD9, 0x91, 0x72, 0x46,
+	0xE0, 0xA4, 0x95, 0xE0, 0xA4, 0xBC, 0x09, 0x46,
+	0xE0, 0xA4, 0x96, 0xE0, 0xA4, 0xBC, 0x09, 0x46,
+	0xE0, 0xA4, 0x97, 0xE0, 0xA4, 0xBC, 0x09, 0x46,
+	0xE0, 0xA4, 0x9C, 0xE0, 0xA4, 0xBC, 0x09, 0x46,
+	// Bytes 4540 - 457f
+	0xE0, 0xA4, 0xA1, 0xE0, 0xA4, 0xBC, 0x09, 0x46,
+	0xE0, 0xA4, 0xA2, 0xE0, 0xA4, 0xBC, 0x09, 0x46,
+	0xE0, 0xA4, 0xAB, 0xE0, 0xA4, 0xBC, 0x09, 0x46,
+	0xE0, 0xA4, 0xAF, 0xE0, 0xA4, 0xBC, 0x09, 0x46,
+	0xE0, 0xA6, 0xA1, 0xE0, 0xA6, 0xBC, 0x09, 0x46,
+	0xE0, 0xA6, 0xA2, 0xE0, 0xA6, 0xBC, 0x09, 0x46,
+	0xE0, 0xA6, 0xAF, 0xE0, 0xA6, 0xBC, 0x09, 0x46,
+	0xE0, 0xA8, 0x96, 0xE0, 0xA8, 0xBC, 0x09, 0x46,
+	// Bytes 4580 - 45bf
+	0xE0, 0xA8, 0x97, 0xE0, 0xA8, 0xBC, 0x09, 0x46,
+	0xE0, 0xA8, 0x9C, 0xE0, 0xA8, 0xBC, 0x09, 0x46,
+	0xE0, 0xA8, 0xAB, 0xE0, 0xA8, 0xBC, 0x09, 0x46,
+	0xE0, 0xA8, 0xB2, 0xE0, 0xA8, 0xBC, 0x09, 0x46,
+	0xE0, 0xA8, 0xB8, 0xE0, 0xA8, 0xBC, 0x09, 0x46,
+	0xE0, 0xAC, 0xA1, 0xE0, 0xAC, 0xBC, 0x09, 0x46,
+	0xE0, 0xAC, 0xA2, 0xE0, 0xAC, 0xBC, 0x09, 0x46,
+	0xE0, 0xBE, 0xB2, 0xE0, 0xBE, 0x80, 0x9D, 0x46,
+	// Bytes 45c0 - 45ff
+	0xE0, 0xBE, 0xB3, 0xE0, 0xBE, 0x80, 0x9D, 0x46,
+	0xE3, 0x83, 0x86, 0xE3, 0x82, 0x99, 0x0D, 0x48,
+	0xF0, 0x9D, 0x85, 0x97, 0xF0, 0x9D, 0x85, 0xA5,
+	0xAD, 0x48, 0xF0, 0x9D, 0x85, 0x98, 0xF0, 0x9D,
+	0x85, 0xA5, 0xAD, 0x48, 0xF0, 0x9D, 0x86, 0xB9,
+	0xF0, 0x9D, 0x85, 0xA5, 0xAD, 0x48, 0xF0, 0x9D,
+	0x86, 0xBA, 0xF0, 0x9D, 0x85, 0xA5, 0xAD, 0x49,
+	0xE0, 0xBE, 0xB2, 0xE0, 0xBD, 0xB1, 0xE0, 0xBE,
+	// Bytes 4600 - 463f
+	0x80, 0x9E, 0x49, 0xE0, 0xBE, 0xB3, 0xE0, 0xBD,
+	0xB1, 0xE0, 0xBE, 0x80, 0x9E, 0x4C, 0xF0, 0x9D,
+	0x85, 0x98, 0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D,
+	0x85, 0xAE, 0xAE, 0x4C, 0xF0, 0x9D, 0x85, 0x98,
+	0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xAF,
+	0xAE, 0x4C, 0xF0, 0x9D, 0x85, 0x98, 0xF0, 0x9D,
+	0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xB0, 0xAE, 0x4C,
+	0xF0, 0x9D, 0x85, 0x98, 0xF0, 0x9D, 0x85, 0xA5,
+	// Bytes 4640 - 467f
+	0xF0, 0x9D, 0x85, 0xB1, 0xAE, 0x4C, 0xF0, 0x9D,
+	0x85, 0x98, 0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D,
+	0x85, 0xB2, 0xAE, 0x4C, 0xF0, 0x9D, 0x86, 0xB9,
+	0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xAE,
+	0xAE, 0x4C, 0xF0, 0x9D, 0x86, 0xB9, 0xF0, 0x9D,
+	0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xAF, 0xAE, 0x4C,
+	0xF0, 0x9D, 0x86, 0xBA, 0xF0, 0x9D, 0x85, 0xA5,
+	0xF0, 0x9D, 0x85, 0xAE, 0xAE, 0x4C, 0xF0, 0x9D,
+	// Bytes 4680 - 46bf
+	0x86, 0xBA, 0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D,
+	0x85, 0xAF, 0xAE, 0x83, 0x41, 0xCC, 0x82, 0xC9,
+	0x83, 0x41, 0xCC, 0x86, 0xC9, 0x83, 0x41, 0xCC,
+	0x87, 0xC9, 0x83, 0x41, 0xCC, 0x88, 0xC9, 0x83,
+	0x41, 0xCC, 0x8A, 0xC9, 0x83, 0x41, 0xCC, 0xA3,
+	0xB5, 0x83, 0x43, 0xCC, 0xA7, 0xA5, 0x83, 0x45,
+	0xCC, 0x82, 0xC9, 0x83, 0x45, 0xCC, 0x84, 0xC9,
+	0x83, 0x45, 0xCC, 0xA3, 0xB5, 0x83, 0x45, 0xCC,
+	// Bytes 46c0 - 46ff
+	0xA7, 0xA5, 0x83, 0x49, 0xCC, 0x88, 0xC9, 0x83,
+	0x4C, 0xCC, 0xA3, 0xB5, 0x83, 0x4F, 0xCC, 0x82,
+	0xC9, 0x83, 0x4F, 0xCC, 0x83, 0xC9, 0x83, 0x4F,
+	0xCC, 0x84, 0xC9, 0x83, 0x4F, 0xCC, 0x87, 0xC9,
+	0x83, 0x4F, 0xCC, 0x88, 0xC9, 0x83, 0x4F, 0xCC,
+	0x9B, 0xAD, 0x83, 0x4F, 0xCC, 0xA3, 0xB5, 0x83,
+	0x4F, 0xCC, 0xA8, 0xA5, 0x83, 0x52, 0xCC, 0xA3,
+	0xB5, 0x83, 0x53, 0xCC, 0x81, 0xC9, 0x83, 0x53,
+	// Bytes 4700 - 473f
+	0xCC, 0x8C, 0xC9, 0x83, 0x53, 0xCC, 0xA3, 0xB5,
+	0x83, 0x55, 0xCC, 0x83, 0xC9, 0x83, 0x55, 0xCC,
+	0x84, 0xC9, 0x83, 0x55, 0xCC, 0x88, 0xC9, 0x83,
+	0x55, 0xCC, 0x9B, 0xAD, 0x83, 0x61, 0xCC, 0x82,
+	0xC9, 0x83, 0x61, 0xCC, 0x86, 0xC9, 0x83, 0x61,
+	0xCC, 0x87, 0xC9, 0x83, 0x61, 0xCC, 0x88, 0xC9,
+	0x83, 0x61, 0xCC, 0x8A, 0xC9, 0x83, 0x61, 0xCC,
+	0xA3, 0xB5, 0x83, 0x63, 0xCC, 0xA7, 0xA5, 0x83,
+	// Bytes 4740 - 477f
+	0x65, 0xCC, 0x82, 0xC9, 0x83, 0x65, 0xCC, 0x84,
+	0xC9, 0x83, 0x65, 0xCC, 0xA3, 0xB5, 0x83, 0x65,
+	0xCC, 0xA7, 0xA5, 0x83, 0x69, 0xCC, 0x88, 0xC9,
+	0x83, 0x6C, 0xCC, 0xA3, 0xB5, 0x83, 0x6F, 0xCC,
+	0x82, 0xC9, 0x83, 0x6F, 0xCC, 0x83, 0xC9, 0x83,
+	0x6F, 0xCC, 0x84, 0xC9, 0x83, 0x6F, 0xCC, 0x87,
+	0xC9, 0x83, 0x6F, 0xCC, 0x88, 0xC9, 0x83, 0x6F,
+	0xCC, 0x9B, 0xAD, 0x83, 0x6F, 0xCC, 0xA3, 0xB5,
+	// Bytes 4780 - 47bf
+	0x83, 0x6F, 0xCC, 0xA8, 0xA5, 0x83, 0x72, 0xCC,
+	0xA3, 0xB5, 0x83, 0x73, 0xCC, 0x81, 0xC9, 0x83,
+	0x73, 0xCC, 0x8C, 0xC9, 0x83, 0x73, 0xCC, 0xA3,
+	0xB5, 0x83, 0x75, 0xCC, 0x83, 0xC9, 0x83, 0x75,
+	0xCC, 0x84, 0xC9, 0x83, 0x75, 0xCC, 0x88, 0xC9,
+	0x83, 0x75, 0xCC, 0x9B, 0xAD, 0x84, 0xCE, 0x91,
+	0xCC, 0x93, 0xC9, 0x84, 0xCE, 0x91, 0xCC, 0x94,
+	0xC9, 0x84, 0xCE, 0x95, 0xCC, 0x93, 0xC9, 0x84,
+	// Bytes 47c0 - 47ff
+	0xCE, 0x95, 0xCC, 0x94, 0xC9, 0x84, 0xCE, 0x97,
+	0xCC, 0x93, 0xC9, 0x84, 0xCE, 0x97, 0xCC, 0x94,
+	0xC9, 0x84, 0xCE, 0x99, 0xCC, 0x93, 0xC9, 0x84,
+	0xCE, 0x99, 0xCC, 0x94, 0xC9, 0x84, 0xCE, 0x9F,
+	0xCC, 0x93, 0xC9, 0x84, 0xCE, 0x9F, 0xCC, 0x94,
+	0xC9, 0x84, 0xCE, 0xA5, 0xCC, 0x94, 0xC9, 0x84,
+	0xCE, 0xA9, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xA9,
+	0xCC, 0x94, 0xC9, 0x84, 0xCE, 0xB1, 0xCC, 0x80,
+	// Bytes 4800 - 483f
+	0xC9, 0x84, 0xCE, 0xB1, 0xCC, 0x81, 0xC9, 0x84,
+	0xCE, 0xB1, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xB1,
+	0xCC, 0x94, 0xC9, 0x84, 0xCE, 0xB1, 0xCD, 0x82,
+	0xC9, 0x84, 0xCE, 0xB5, 0xCC, 0x93, 0xC9, 0x84,
+	0xCE, 0xB5, 0xCC, 0x94, 0xC9, 0x84, 0xCE, 0xB7,
+	0xCC, 0x80, 0xC9, 0x84, 0xCE, 0xB7, 0xCC, 0x81,
+	0xC9, 0x84, 0xCE, 0xB7, 0xCC, 0x93, 0xC9, 0x84,
+	0xCE, 0xB7, 0xCC, 0x94, 0xC9, 0x84, 0xCE, 0xB7,
+	// Bytes 4840 - 487f
+	0xCD, 0x82, 0xC9, 0x84, 0xCE, 0xB9, 0xCC, 0x88,
+	0xC9, 0x84, 0xCE, 0xB9, 0xCC, 0x93, 0xC9, 0x84,
+	0xCE, 0xB9, 0xCC, 0x94, 0xC9, 0x84, 0xCE, 0xBF,
+	0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xBF, 0xCC, 0x94,
+	0xC9, 0x84, 0xCF, 0x85, 0xCC, 0x88, 0xC9, 0x84,
+	0xCF, 0x85, 0xCC, 0x93, 0xC9, 0x84, 0xCF, 0x85,
+	0xCC, 0x94, 0xC9, 0x84, 0xCF, 0x89, 0xCC, 0x80,
+	0xC9, 0x84, 0xCF, 0x89, 0xCC, 0x81, 0xC9, 0x84,
+	// Bytes 4880 - 48bf
+	0xCF, 0x89, 0xCC, 0x93, 0xC9, 0x84, 0xCF, 0x89,
+	0xCC, 0x94, 0xC9, 0x84, 0xCF, 0x89, 0xCD, 0x82,
+	0xC9, 0x86, 0xCE, 0x91, 0xCC, 0x93, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0x91, 0xCC, 0x93, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0x91, 0xCC, 0x93, 0xCD, 0x82,
+	0xCA, 0x86, 0xCE, 0x91, 0xCC, 0x94, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0x91, 0xCC, 0x94, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0x91, 0xCC, 0x94, 0xCD, 0x82,
+	// Bytes 48c0 - 48ff
+	0xCA, 0x86, 0xCE, 0x97, 0xCC, 0x93, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0x97, 0xCC, 0x93, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0x97, 0xCC, 0x93, 0xCD, 0x82,
+	0xCA, 0x86, 0xCE, 0x97, 0xCC, 0x94, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0x97, 0xCC, 0x94, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0x97, 0xCC, 0x94, 0xCD, 0x82,
+	0xCA, 0x86, 0xCE, 0xA9, 0xCC, 0x93, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0xA9, 0xCC, 0x93, 0xCC, 0x81,
+	// Bytes 4900 - 493f
+	0xCA, 0x86, 0xCE, 0xA9, 0xCC, 0x93, 0xCD, 0x82,
+	0xCA, 0x86, 0xCE, 0xA9, 0xCC, 0x94, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0xA9, 0xCC, 0x94, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0xA9, 0xCC, 0x94, 0xCD, 0x82,
+	0xCA, 0x86, 0xCE, 0xB1, 0xCC, 0x93, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0xB1, 0xCC, 0x93, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0xB1, 0xCC, 0x93, 0xCD, 0x82,
+	0xCA, 0x86, 0xCE, 0xB1, 0xCC, 0x94, 0xCC, 0x80,
+	// Bytes 4940 - 497f
+	0xCA, 0x86, 0xCE, 0xB1, 0xCC, 0x94, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0xB1, 0xCC, 0x94, 0xCD, 0x82,
+	0xCA, 0x86, 0xCE, 0xB7, 0xCC, 0x93, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0xB7, 0xCC, 0x93, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0xB7, 0xCC, 0x93, 0xCD, 0x82,
+	0xCA, 0x86, 0xCE, 0xB7, 0xCC, 0x94, 0xCC, 0x80,
+	0xCA, 0x86, 0xCE, 0xB7, 0xCC, 0x94, 0xCC, 0x81,
+	0xCA, 0x86, 0xCE, 0xB7, 0xCC, 0x94, 0xCD, 0x82,
+	// Bytes 4980 - 49bf
+	0xCA, 0x86, 0xCF, 0x89, 0xCC, 0x93, 0xCC, 0x80,
+	0xCA, 0x86, 0xCF, 0x89, 0xCC, 0x93, 0xCC, 0x81,
+	0xCA, 0x86, 0xCF, 0x89, 0xCC, 0x93, 0xCD, 0x82,
+	0xCA, 0x86, 0xCF, 0x89, 0xCC, 0x94, 0xCC, 0x80,
+	0xCA, 0x86, 0xCF, 0x89, 0xCC, 0x94, 0xCC, 0x81,
+	0xCA, 0x86, 0xCF, 0x89, 0xCC, 0x94, 0xCD, 0x82,
+	0xCA, 0x42, 0xCC, 0x80, 0xC9, 0x32, 0x42, 0xCC,
+	0x81, 0xC9, 0x32, 0x42, 0xCC, 0x93, 0xC9, 0x32,
+	// Bytes 49c0 - 49ff
+	0x43, 0xE1, 0x85, 0xA1, 0x01, 0x00, 0x43, 0xE1,
+	0x85, 0xA2, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xA3,
+	0x01, 0x00, 0x43, 0xE1, 0x85, 0xA4, 0x01, 0x00,
+	0x43, 0xE1, 0x85, 0xA5, 0x01, 0x00, 0x43, 0xE1,
+	0x85, 0xA6, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xA7,
+	0x01, 0x00, 0x43, 0xE1, 0x85, 0xA8, 0x01, 0x00,
+	0x43, 0xE1, 0x85, 0xA9, 0x01, 0x00, 0x43, 0xE1,
+	0x85, 0xAA, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xAB,
+	// Bytes 4a00 - 4a3f
+	0x01, 0x00, 0x43, 0xE1, 0x85, 0xAC, 0x01, 0x00,
+	0x43, 0xE1, 0x85, 0xAD, 0x01, 0x00, 0x43, 0xE1,
+	0x85, 0xAE, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xAF,
+	0x01, 0x00, 0x43, 0xE1, 0x85, 0xB0, 0x01, 0x00,
+	0x43, 0xE1, 0x85, 0xB1, 0x01, 0x00, 0x43, 0xE1,
+	0x85, 0xB2, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xB3,
+	0x01, 0x00, 0x43, 0xE1, 0x85, 0xB4, 0x01, 0x00,
+	0x43, 0xE1, 0x85, 0xB5, 0x01, 0x00, 0x43, 0xE1,
+	// Bytes 4a40 - 4a7f
+	0x86, 0xAA, 0x01, 0x00, 0x43, 0xE1, 0x86, 0xAC,
+	0x01, 0x00, 0x43, 0xE1, 0x86, 0xAD, 0x01, 0x00,
+	0x43, 0xE1, 0x86, 0xB0, 0x01, 0x00, 0x43, 0xE1,
+	0x86, 0xB1, 0x01, 0x00, 0x43, 0xE1, 0x86, 0xB2,
+	0x01, 0x00, 0x43, 0xE1, 0x86, 0xB3, 0x01, 0x00,
+	0x43, 0xE1, 0x86, 0xB4, 0x01, 0x00, 0x43, 0xE1,
+	0x86, 0xB5, 0x01, 0x00, 0x44, 0xCC, 0x88, 0xCC,
+	0x81, 0xCA, 0x32, 0x43, 0xE3, 0x82, 0x99, 0x0D,
+	// Bytes 4a80 - 4abf
+	0x03, 0x43, 0xE3, 0x82, 0x9A, 0x0D, 0x03, 0x46,
+	0xE0, 0xBD, 0xB1, 0xE0, 0xBD, 0xB2, 0x9E, 0x26,
+	0x46, 0xE0, 0xBD, 0xB1, 0xE0, 0xBD, 0xB4, 0xA2,
+	0x26, 0x46, 0xE0, 0xBD, 0xB1, 0xE0, 0xBE, 0x80,
+	0x9E, 0x26, 0x00, 0x01,
+}
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *nfcTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return nfcValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = nfcIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *nfcTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return nfcValues[c0]
+	}
+	i := nfcIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = nfcIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = nfcIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *nfcTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return nfcValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := nfcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = nfcIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *nfcTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return nfcValues[c0]
+	}
+	i := nfcIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = nfcIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = nfcIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// nfcTrie. Total size: 10610 bytes (10.36 KiB). Checksum: 95e8869a9f81e5e6.
+type nfcTrie struct{}
+
+func newNfcTrie(i int) *nfcTrie {
+	return &nfcTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *nfcTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 46:
+		return uint16(nfcValues[n<<6+uint32(b)])
+	default:
+		n -= 46
+		return uint16(nfcSparse.lookup(n, b))
+	}
+}
+
+// nfcValues: 48 blocks, 3072 entries, 6144 bytes
+// The third block is the zero block.
+var nfcValues = [3072]uint16{
+	// Block 0x0, offset 0x0
+	0x3c: 0xa000, 0x3d: 0xa000, 0x3e: 0xa000,
+	// Block 0x1, offset 0x40
+	0x41: 0xa000, 0x42: 0xa000, 0x43: 0xa000, 0x44: 0xa000, 0x45: 0xa000,
+	0x46: 0xa000, 0x47: 0xa000, 0x48: 0xa000, 0x49: 0xa000, 0x4a: 0xa000, 0x4b: 0xa000,
+	0x4c: 0xa000, 0x4d: 0xa000, 0x4e: 0xa000, 0x4f: 0xa000, 0x50: 0xa000,
+	0x52: 0xa000, 0x53: 0xa000, 0x54: 0xa000, 0x55: 0xa000, 0x56: 0xa000, 0x57: 0xa000,
+	0x58: 0xa000, 0x59: 0xa000, 0x5a: 0xa000,
+	0x61: 0xa000, 0x62: 0xa000, 0x63: 0xa000,
+	0x64: 0xa000, 0x65: 0xa000, 0x66: 0xa000, 0x67: 0xa000, 0x68: 0xa000, 0x69: 0xa000,
+	0x6a: 0xa000, 0x6b: 0xa000, 0x6c: 0xa000, 0x6d: 0xa000, 0x6e: 0xa000, 0x6f: 0xa000,
+	0x70: 0xa000, 0x72: 0xa000, 0x73: 0xa000, 0x74: 0xa000, 0x75: 0xa000,
+	0x76: 0xa000, 0x77: 0xa000, 0x78: 0xa000, 0x79: 0xa000, 0x7a: 0xa000,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x2f72, 0xc1: 0x2f77, 0xc2: 0x468b, 0xc3: 0x2f7c, 0xc4: 0x469a, 0xc5: 0x469f,
+	0xc6: 0xa000, 0xc7: 0x46a9, 0xc8: 0x2fe5, 0xc9: 0x2fea, 0xca: 0x46ae, 0xcb: 0x2ffe,
+	0xcc: 0x3071, 0xcd: 0x3076, 0xce: 0x307b, 0xcf: 0x46c2, 0xd1: 0x3107,
+	0xd2: 0x312a, 0xd3: 0x312f, 0xd4: 0x46cc, 0xd5: 0x46d1, 0xd6: 0x46e0,
+	0xd8: 0xa000, 0xd9: 0x31b6, 0xda: 0x31bb, 0xdb: 0x31c0, 0xdc: 0x4712, 0xdd: 0x3238,
+	0xe0: 0x327e, 0xe1: 0x3283, 0xe2: 0x471c, 0xe3: 0x3288,
+	0xe4: 0x472b, 0xe5: 0x4730, 0xe6: 0xa000, 0xe7: 0x473a, 0xe8: 0x32f1, 0xe9: 0x32f6,
+	0xea: 0x473f, 0xeb: 0x330a, 0xec: 0x3382, 0xed: 0x3387, 0xee: 0x338c, 0xef: 0x4753,
+	0xf1: 0x3418, 0xf2: 0x343b, 0xf3: 0x3440, 0xf4: 0x475d, 0xf5: 0x4762,
+	0xf6: 0x4771, 0xf8: 0xa000, 0xf9: 0x34cc, 0xfa: 0x34d1, 0xfb: 0x34d6,
+	0xfc: 0x47a3, 0xfd: 0x3553, 0xff: 0x356c,
+	// Block 0x4, offset 0x100
+	0x100: 0x2f81, 0x101: 0x328d, 0x102: 0x4690, 0x103: 0x4721, 0x104: 0x2f9f, 0x105: 0x32ab,
+	0x106: 0x2fb3, 0x107: 0x32bf, 0x108: 0x2fb8, 0x109: 0x32c4, 0x10a: 0x2fbd, 0x10b: 0x32c9,
+	0x10c: 0x2fc2, 0x10d: 0x32ce, 0x10e: 0x2fcc, 0x10f: 0x32d8,
+	0x112: 0x46b3, 0x113: 0x4744, 0x114: 0x2ff4, 0x115: 0x3300, 0x116: 0x2ff9, 0x117: 0x3305,
+	0x118: 0x3017, 0x119: 0x3323, 0x11a: 0x3008, 0x11b: 0x3314, 0x11c: 0x3030, 0x11d: 0x333c,
+	0x11e: 0x303a, 0x11f: 0x3346, 0x120: 0x303f, 0x121: 0x334b, 0x122: 0x3049, 0x123: 0x3355,
+	0x124: 0x304e, 0x125: 0x335a, 0x128: 0x3080, 0x129: 0x3391,
+	0x12a: 0x3085, 0x12b: 0x3396, 0x12c: 0x308a, 0x12d: 0x339b, 0x12e: 0x30ad, 0x12f: 0x33b9,
+	0x130: 0x308f, 0x134: 0x30b7, 0x135: 0x33c3,
+	0x136: 0x30cb, 0x137: 0x33dc, 0x139: 0x30d5, 0x13a: 0x33e6, 0x13b: 0x30df,
+	0x13c: 0x33f0, 0x13d: 0x30da, 0x13e: 0x33eb,
+	// Block 0x5, offset 0x140
+	0x143: 0x3102, 0x144: 0x3413, 0x145: 0x311b,
+	0x146: 0x342c, 0x147: 0x3111, 0x148: 0x3422,
+	0x14c: 0x46d6, 0x14d: 0x4767, 0x14e: 0x3134, 0x14f: 0x3445, 0x150: 0x313e, 0x151: 0x344f,
+	0x154: 0x315c, 0x155: 0x346d, 0x156: 0x3175, 0x157: 0x3486,
+	0x158: 0x3166, 0x159: 0x3477, 0x15a: 0x46f9, 0x15b: 0x478a, 0x15c: 0x317f, 0x15d: 0x3490,
+	0x15e: 0x318e, 0x15f: 0x349f, 0x160: 0x46fe, 0x161: 0x478f, 0x162: 0x31a7, 0x163: 0x34bd,
+	0x164: 0x3198, 0x165: 0x34ae, 0x168: 0x4708, 0x169: 0x4799,
+	0x16a: 0x470d, 0x16b: 0x479e, 0x16c: 0x31c5, 0x16d: 0x34db, 0x16e: 0x31cf, 0x16f: 0x34e5,
+	0x170: 0x31d4, 0x171: 0x34ea, 0x172: 0x31f2, 0x173: 0x3508, 0x174: 0x3215, 0x175: 0x352b,
+	0x176: 0x323d, 0x177: 0x3558, 0x178: 0x3251, 0x179: 0x3260, 0x17a: 0x3580, 0x17b: 0x326a,
+	0x17c: 0x358a, 0x17d: 0x326f, 0x17e: 0x358f, 0x17f: 0xa000,
+	// Block 0x6, offset 0x180
+	0x184: 0x8100, 0x185: 0x8100,
+	0x186: 0x8100,
+	0x18d: 0x2f8b, 0x18e: 0x3297, 0x18f: 0x3099, 0x190: 0x33a5, 0x191: 0x3143,
+	0x192: 0x3454, 0x193: 0x31d9, 0x194: 0x34ef, 0x195: 0x39d2, 0x196: 0x3b61, 0x197: 0x39cb,
+	0x198: 0x3b5a, 0x199: 0x39d9, 0x19a: 0x3b68, 0x19b: 0x39c4, 0x19c: 0x3b53,
+	0x19e: 0x38b3, 0x19f: 0x3a42, 0x1a0: 0x38ac, 0x1a1: 0x3a3b, 0x1a2: 0x35b6, 0x1a3: 0x35c8,
+	0x1a6: 0x3044, 0x1a7: 0x3350, 0x1a8: 0x30c1, 0x1a9: 0x33d2,
+	0x1aa: 0x46ef, 0x1ab: 0x4780, 0x1ac: 0x3993, 0x1ad: 0x3b22, 0x1ae: 0x35da, 0x1af: 0x35e0,
+	0x1b0: 0x33c8, 0x1b4: 0x302b, 0x1b5: 0x3337,
+	0x1b8: 0x30fd, 0x1b9: 0x340e, 0x1ba: 0x38ba, 0x1bb: 0x3a49,
+	0x1bc: 0x35b0, 0x1bd: 0x35c2, 0x1be: 0x35bc, 0x1bf: 0x35ce,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x2f90, 0x1c1: 0x329c, 0x1c2: 0x2f95, 0x1c3: 0x32a1, 0x1c4: 0x300d, 0x1c5: 0x3319,
+	0x1c6: 0x3012, 0x1c7: 0x331e, 0x1c8: 0x309e, 0x1c9: 0x33aa, 0x1ca: 0x30a3, 0x1cb: 0x33af,
+	0x1cc: 0x3148, 0x1cd: 0x3459, 0x1ce: 0x314d, 0x1cf: 0x345e, 0x1d0: 0x316b, 0x1d1: 0x347c,
+	0x1d2: 0x3170, 0x1d3: 0x3481, 0x1d4: 0x31de, 0x1d5: 0x34f4, 0x1d6: 0x31e3, 0x1d7: 0x34f9,
+	0x1d8: 0x3189, 0x1d9: 0x349a, 0x1da: 0x31a2, 0x1db: 0x34b8,
+	0x1de: 0x305d, 0x1df: 0x3369,
+	0x1e6: 0x4695, 0x1e7: 0x4726, 0x1e8: 0x46bd, 0x1e9: 0x474e,
+	0x1ea: 0x3962, 0x1eb: 0x3af1, 0x1ec: 0x393f, 0x1ed: 0x3ace, 0x1ee: 0x46db, 0x1ef: 0x476c,
+	0x1f0: 0x395b, 0x1f1: 0x3aea, 0x1f2: 0x3247, 0x1f3: 0x3562,
+	// Block 0x8, offset 0x200
+	0x200: 0x9932, 0x201: 0x9932, 0x202: 0x9932, 0x203: 0x9932, 0x204: 0x9932, 0x205: 0x8132,
+	0x206: 0x9932, 0x207: 0x9932, 0x208: 0x9932, 0x209: 0x9932, 0x20a: 0x9932, 0x20b: 0x9932,
+	0x20c: 0x9932, 0x20d: 0x8132, 0x20e: 0x8132, 0x20f: 0x9932, 0x210: 0x8132, 0x211: 0x9932,
+	0x212: 0x8132, 0x213: 0x9932, 0x214: 0x9932, 0x215: 0x8133, 0x216: 0x812d, 0x217: 0x812d,
+	0x218: 0x812d, 0x219: 0x812d, 0x21a: 0x8133, 0x21b: 0x992b, 0x21c: 0x812d, 0x21d: 0x812d,
+	0x21e: 0x812d, 0x21f: 0x812d, 0x220: 0x812d, 0x221: 0x8129, 0x222: 0x8129, 0x223: 0x992d,
+	0x224: 0x992d, 0x225: 0x992d, 0x226: 0x992d, 0x227: 0x9929, 0x228: 0x9929, 0x229: 0x812d,
+	0x22a: 0x812d, 0x22b: 0x812d, 0x22c: 0x812d, 0x22d: 0x992d, 0x22e: 0x992d, 0x22f: 0x812d,
+	0x230: 0x992d, 0x231: 0x992d, 0x232: 0x812d, 0x233: 0x812d, 0x234: 0x8101, 0x235: 0x8101,
+	0x236: 0x8101, 0x237: 0x8101, 0x238: 0x9901, 0x239: 0x812d, 0x23a: 0x812d, 0x23b: 0x812d,
+	0x23c: 0x812d, 0x23d: 0x8132, 0x23e: 0x8132, 0x23f: 0x8132,
+	// Block 0x9, offset 0x240
+	0x240: 0x49b1, 0x241: 0x49b6, 0x242: 0x9932, 0x243: 0x49bb, 0x244: 0x4a74, 0x245: 0x9936,
+	0x246: 0x8132, 0x247: 0x812d, 0x248: 0x812d, 0x249: 0x812d, 0x24a: 0x8132, 0x24b: 0x8132,
+	0x24c: 0x8132, 0x24d: 0x812d, 0x24e: 0x812d, 0x250: 0x8132, 0x251: 0x8132,
+	0x252: 0x8132, 0x253: 0x812d, 0x254: 0x812d, 0x255: 0x812d, 0x256: 0x812d, 0x257: 0x8132,
+	0x258: 0x8133, 0x259: 0x812d, 0x25a: 0x812d, 0x25b: 0x8132, 0x25c: 0x8134, 0x25d: 0x8135,
+	0x25e: 0x8135, 0x25f: 0x8134, 0x260: 0x8135, 0x261: 0x8135, 0x262: 0x8134, 0x263: 0x8132,
+	0x264: 0x8132, 0x265: 0x8132, 0x266: 0x8132, 0x267: 0x8132, 0x268: 0x8132, 0x269: 0x8132,
+	0x26a: 0x8132, 0x26b: 0x8132, 0x26c: 0x8132, 0x26d: 0x8132, 0x26e: 0x8132, 0x26f: 0x8132,
+	0x274: 0x0170,
+	0x27a: 0x8100,
+	0x27e: 0x0037,
+	// Block 0xa, offset 0x280
+	0x284: 0x8100, 0x285: 0x35a4,
+	0x286: 0x35ec, 0x287: 0x00ce, 0x288: 0x360a, 0x289: 0x3616, 0x28a: 0x3628,
+	0x28c: 0x3646, 0x28e: 0x3658, 0x28f: 0x3676, 0x290: 0x3e0b, 0x291: 0xa000,
+	0x295: 0xa000, 0x297: 0xa000,
+	0x299: 0xa000,
+	0x29f: 0xa000, 0x2a1: 0xa000,
+	0x2a5: 0xa000, 0x2a9: 0xa000,
+	0x2aa: 0x363a, 0x2ab: 0x366a, 0x2ac: 0x4801, 0x2ad: 0x369a, 0x2ae: 0x482b, 0x2af: 0x36ac,
+	0x2b0: 0x3e73, 0x2b1: 0xa000, 0x2b5: 0xa000,
+	0x2b7: 0xa000, 0x2b9: 0xa000,
+	0x2bf: 0xa000,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x3724, 0x2c1: 0x3730, 0x2c3: 0x371e,
+	0x2c6: 0xa000, 0x2c7: 0x370c,
+	0x2cc: 0x3760, 0x2cd: 0x3748, 0x2ce: 0x3772, 0x2d0: 0xa000,
+	0x2d3: 0xa000, 0x2d5: 0xa000, 0x2d6: 0xa000, 0x2d7: 0xa000,
+	0x2d8: 0xa000, 0x2d9: 0x3754, 0x2da: 0xa000,
+	0x2de: 0xa000, 0x2e3: 0xa000,
+	0x2e7: 0xa000,
+	0x2eb: 0xa000, 0x2ed: 0xa000,
+	0x2f0: 0xa000, 0x2f3: 0xa000, 0x2f5: 0xa000,
+	0x2f6: 0xa000, 0x2f7: 0xa000, 0x2f8: 0xa000, 0x2f9: 0x37d8, 0x2fa: 0xa000,
+	0x2fe: 0xa000,
+	// Block 0xc, offset 0x300
+	0x301: 0x3736, 0x302: 0x37ba,
+	0x310: 0x3712, 0x311: 0x3796,
+	0x312: 0x3718, 0x313: 0x379c, 0x316: 0x372a, 0x317: 0x37ae,
+	0x318: 0xa000, 0x319: 0xa000, 0x31a: 0x382c, 0x31b: 0x3832, 0x31c: 0x373c, 0x31d: 0x37c0,
+	0x31e: 0x3742, 0x31f: 0x37c6, 0x322: 0x374e, 0x323: 0x37d2,
+	0x324: 0x375a, 0x325: 0x37de, 0x326: 0x3766, 0x327: 0x37ea, 0x328: 0xa000, 0x329: 0xa000,
+	0x32a: 0x3838, 0x32b: 0x383e, 0x32c: 0x3790, 0x32d: 0x3814, 0x32e: 0x376c, 0x32f: 0x37f0,
+	0x330: 0x3778, 0x331: 0x37fc, 0x332: 0x377e, 0x333: 0x3802, 0x334: 0x3784, 0x335: 0x3808,
+	0x338: 0x378a, 0x339: 0x380e,
+	// Block 0xd, offset 0x340
+	0x351: 0x812d,
+	0x352: 0x8132, 0x353: 0x8132, 0x354: 0x8132, 0x355: 0x8132, 0x356: 0x812d, 0x357: 0x8132,
+	0x358: 0x8132, 0x359: 0x8132, 0x35a: 0x812e, 0x35b: 0x812d, 0x35c: 0x8132, 0x35d: 0x8132,
+	0x35e: 0x8132, 0x35f: 0x8132, 0x360: 0x8132, 0x361: 0x8132, 0x362: 0x812d, 0x363: 0x812d,
+	0x364: 0x812d, 0x365: 0x812d, 0x366: 0x812d, 0x367: 0x812d, 0x368: 0x8132, 0x369: 0x8132,
+	0x36a: 0x812d, 0x36b: 0x8132, 0x36c: 0x8132, 0x36d: 0x812e, 0x36e: 0x8131, 0x36f: 0x8132,
+	0x370: 0x8105, 0x371: 0x8106, 0x372: 0x8107, 0x373: 0x8108, 0x374: 0x8109, 0x375: 0x810a,
+	0x376: 0x810b, 0x377: 0x810c, 0x378: 0x810d, 0x379: 0x810e, 0x37a: 0x810e, 0x37b: 0x810f,
+	0x37c: 0x8110, 0x37d: 0x8111, 0x37f: 0x8112,
+	// Block 0xe, offset 0x380
+	0x388: 0xa000, 0x38a: 0xa000, 0x38b: 0x8116,
+	0x38c: 0x8117, 0x38d: 0x8118, 0x38e: 0x8119, 0x38f: 0x811a, 0x390: 0x811b, 0x391: 0x811c,
+	0x392: 0x811d, 0x393: 0x9932, 0x394: 0x9932, 0x395: 0x992d, 0x396: 0x812d, 0x397: 0x8132,
+	0x398: 0x8132, 0x399: 0x8132, 0x39a: 0x8132, 0x39b: 0x8132, 0x39c: 0x812d, 0x39d: 0x8132,
+	0x39e: 0x8132, 0x39f: 0x812d,
+	0x3b0: 0x811e,
+	// Block 0xf, offset 0x3c0
+	0x3d3: 0x812d, 0x3d4: 0x8132, 0x3d5: 0x8132, 0x3d6: 0x8132, 0x3d7: 0x8132,
+	0x3d8: 0x8132, 0x3d9: 0x8132, 0x3da: 0x8132, 0x3db: 0x8132, 0x3dc: 0x8132, 0x3dd: 0x8132,
+	0x3de: 0x8132, 0x3df: 0x8132, 0x3e0: 0x8132, 0x3e1: 0x8132, 0x3e3: 0x812d,
+	0x3e4: 0x8132, 0x3e5: 0x8132, 0x3e6: 0x812d, 0x3e7: 0x8132, 0x3e8: 0x8132, 0x3e9: 0x812d,
+	0x3ea: 0x8132, 0x3eb: 0x8132, 0x3ec: 0x8132, 0x3ed: 0x812d, 0x3ee: 0x812d, 0x3ef: 0x812d,
+	0x3f0: 0x8116, 0x3f1: 0x8117, 0x3f2: 0x8118, 0x3f3: 0x8132, 0x3f4: 0x8132, 0x3f5: 0x8132,
+	0x3f6: 0x812d, 0x3f7: 0x8132, 0x3f8: 0x8132, 0x3f9: 0x812d, 0x3fa: 0x812d, 0x3fb: 0x8132,
+	0x3fc: 0x8132, 0x3fd: 0x8132, 0x3fe: 0x8132, 0x3ff: 0x8132,
+	// Block 0x10, offset 0x400
+	0x405: 0xa000,
+	0x406: 0x2d29, 0x407: 0xa000, 0x408: 0x2d31, 0x409: 0xa000, 0x40a: 0x2d39, 0x40b: 0xa000,
+	0x40c: 0x2d41, 0x40d: 0xa000, 0x40e: 0x2d49, 0x411: 0xa000,
+	0x412: 0x2d51,
+	0x434: 0x8102, 0x435: 0x9900,
+	0x43a: 0xa000, 0x43b: 0x2d59,
+	0x43c: 0xa000, 0x43d: 0x2d61, 0x43e: 0xa000, 0x43f: 0xa000,
+	// Block 0x11, offset 0x440
+	0x440: 0x8132, 0x441: 0x8132, 0x442: 0x812d, 0x443: 0x8132, 0x444: 0x8132, 0x445: 0x8132,
+	0x446: 0x8132, 0x447: 0x8132, 0x448: 0x8132, 0x449: 0x8132, 0x44a: 0x812d, 0x44b: 0x8132,
+	0x44c: 0x8132, 0x44d: 0x8135, 0x44e: 0x812a, 0x44f: 0x812d, 0x450: 0x8129, 0x451: 0x8132,
+	0x452: 0x8132, 0x453: 0x8132, 0x454: 0x8132, 0x455: 0x8132, 0x456: 0x8132, 0x457: 0x8132,
+	0x458: 0x8132, 0x459: 0x8132, 0x45a: 0x8132, 0x45b: 0x8132, 0x45c: 0x8132, 0x45d: 0x8132,
+	0x45e: 0x8132, 0x45f: 0x8132, 0x460: 0x8132, 0x461: 0x8132, 0x462: 0x8132, 0x463: 0x8132,
+	0x464: 0x8132, 0x465: 0x8132, 0x466: 0x8132, 0x467: 0x8132, 0x468: 0x8132, 0x469: 0x8132,
+	0x46a: 0x8132, 0x46b: 0x8132, 0x46c: 0x8132, 0x46d: 0x8132, 0x46e: 0x8132, 0x46f: 0x8132,
+	0x470: 0x8132, 0x471: 0x8132, 0x472: 0x8132, 0x473: 0x8132, 0x474: 0x8132, 0x475: 0x8132,
+	0x476: 0x8133, 0x477: 0x8131, 0x478: 0x8131, 0x479: 0x812d, 0x47b: 0x8132,
+	0x47c: 0x8134, 0x47d: 0x812d, 0x47e: 0x8132, 0x47f: 0x812d,
+	// Block 0x12, offset 0x480
+	0x480: 0x2f9a, 0x481: 0x32a6, 0x482: 0x2fa4, 0x483: 0x32b0, 0x484: 0x2fa9, 0x485: 0x32b5,
+	0x486: 0x2fae, 0x487: 0x32ba, 0x488: 0x38cf, 0x489: 0x3a5e, 0x48a: 0x2fc7, 0x48b: 0x32d3,
+	0x48c: 0x2fd1, 0x48d: 0x32dd, 0x48e: 0x2fe0, 0x48f: 0x32ec, 0x490: 0x2fd6, 0x491: 0x32e2,
+	0x492: 0x2fdb, 0x493: 0x32e7, 0x494: 0x38f2, 0x495: 0x3a81, 0x496: 0x38f9, 0x497: 0x3a88,
+	0x498: 0x301c, 0x499: 0x3328, 0x49a: 0x3021, 0x49b: 0x332d, 0x49c: 0x3907, 0x49d: 0x3a96,
+	0x49e: 0x3026, 0x49f: 0x3332, 0x4a0: 0x3035, 0x4a1: 0x3341, 0x4a2: 0x3053, 0x4a3: 0x335f,
+	0x4a4: 0x3062, 0x4a5: 0x336e, 0x4a6: 0x3058, 0x4a7: 0x3364, 0x4a8: 0x3067, 0x4a9: 0x3373,
+	0x4aa: 0x306c, 0x4ab: 0x3378, 0x4ac: 0x30b2, 0x4ad: 0x33be, 0x4ae: 0x390e, 0x4af: 0x3a9d,
+	0x4b0: 0x30bc, 0x4b1: 0x33cd, 0x4b2: 0x30c6, 0x4b3: 0x33d7, 0x4b4: 0x30d0, 0x4b5: 0x33e1,
+	0x4b6: 0x46c7, 0x4b7: 0x4758, 0x4b8: 0x3915, 0x4b9: 0x3aa4, 0x4ba: 0x30e9, 0x4bb: 0x33fa,
+	0x4bc: 0x30e4, 0x4bd: 0x33f5, 0x4be: 0x30ee, 0x4bf: 0x33ff,
+	// Block 0x13, offset 0x4c0
+	0x4c0: 0x30f3, 0x4c1: 0x3404, 0x4c2: 0x30f8, 0x4c3: 0x3409, 0x4c4: 0x310c, 0x4c5: 0x341d,
+	0x4c6: 0x3116, 0x4c7: 0x3427, 0x4c8: 0x3125, 0x4c9: 0x3436, 0x4ca: 0x3120, 0x4cb: 0x3431,
+	0x4cc: 0x3938, 0x4cd: 0x3ac7, 0x4ce: 0x3946, 0x4cf: 0x3ad5, 0x4d0: 0x394d, 0x4d1: 0x3adc,
+	0x4d2: 0x3954, 0x4d3: 0x3ae3, 0x4d4: 0x3152, 0x4d5: 0x3463, 0x4d6: 0x3157, 0x4d7: 0x3468,
+	0x4d8: 0x3161, 0x4d9: 0x3472, 0x4da: 0x46f4, 0x4db: 0x4785, 0x4dc: 0x399a, 0x4dd: 0x3b29,
+	0x4de: 0x317a, 0x4df: 0x348b, 0x4e0: 0x3184, 0x4e1: 0x3495, 0x4e2: 0x4703, 0x4e3: 0x4794,
+	0x4e4: 0x39a1, 0x4e5: 0x3b30, 0x4e6: 0x39a8, 0x4e7: 0x3b37, 0x4e8: 0x39af, 0x4e9: 0x3b3e,
+	0x4ea: 0x3193, 0x4eb: 0x34a4, 0x4ec: 0x319d, 0x4ed: 0x34b3, 0x4ee: 0x31b1, 0x4ef: 0x34c7,
+	0x4f0: 0x31ac, 0x4f1: 0x34c2, 0x4f2: 0x31ed, 0x4f3: 0x3503, 0x4f4: 0x31fc, 0x4f5: 0x3512,
+	0x4f6: 0x31f7, 0x4f7: 0x350d, 0x4f8: 0x39b6, 0x4f9: 0x3b45, 0x4fa: 0x39bd, 0x4fb: 0x3b4c,
+	0x4fc: 0x3201, 0x4fd: 0x3517, 0x4fe: 0x3206, 0x4ff: 0x351c,
+	// Block 0x14, offset 0x500
+	0x500: 0x320b, 0x501: 0x3521, 0x502: 0x3210, 0x503: 0x3526, 0x504: 0x321f, 0x505: 0x3535,
+	0x506: 0x321a, 0x507: 0x3530, 0x508: 0x3224, 0x509: 0x353f, 0x50a: 0x3229, 0x50b: 0x3544,
+	0x50c: 0x322e, 0x50d: 0x3549, 0x50e: 0x324c, 0x50f: 0x3567, 0x510: 0x3265, 0x511: 0x3585,
+	0x512: 0x3274, 0x513: 0x3594, 0x514: 0x3279, 0x515: 0x3599, 0x516: 0x337d, 0x517: 0x34a9,
+	0x518: 0x353a, 0x519: 0x3576, 0x51b: 0x35d4,
+	0x520: 0x46a4, 0x521: 0x4735, 0x522: 0x2f86, 0x523: 0x3292,
+	0x524: 0x387b, 0x525: 0x3a0a, 0x526: 0x3874, 0x527: 0x3a03, 0x528: 0x3889, 0x529: 0x3a18,
+	0x52a: 0x3882, 0x52b: 0x3a11, 0x52c: 0x38c1, 0x52d: 0x3a50, 0x52e: 0x3897, 0x52f: 0x3a26,
+	0x530: 0x3890, 0x531: 0x3a1f, 0x532: 0x38a5, 0x533: 0x3a34, 0x534: 0x389e, 0x535: 0x3a2d,
+	0x536: 0x38c8, 0x537: 0x3a57, 0x538: 0x46b8, 0x539: 0x4749, 0x53a: 0x3003, 0x53b: 0x330f,
+	0x53c: 0x2fef, 0x53d: 0x32fb, 0x53e: 0x38dd, 0x53f: 0x3a6c,
+	// Block 0x15, offset 0x540
+	0x540: 0x38d6, 0x541: 0x3a65, 0x542: 0x38eb, 0x543: 0x3a7a, 0x544: 0x38e4, 0x545: 0x3a73,
+	0x546: 0x3900, 0x547: 0x3a8f, 0x548: 0x3094, 0x549: 0x33a0, 0x54a: 0x30a8, 0x54b: 0x33b4,
+	0x54c: 0x46ea, 0x54d: 0x477b, 0x54e: 0x3139, 0x54f: 0x344a, 0x550: 0x3923, 0x551: 0x3ab2,
+	0x552: 0x391c, 0x553: 0x3aab, 0x554: 0x3931, 0x555: 0x3ac0, 0x556: 0x392a, 0x557: 0x3ab9,
+	0x558: 0x398c, 0x559: 0x3b1b, 0x55a: 0x3970, 0x55b: 0x3aff, 0x55c: 0x3969, 0x55d: 0x3af8,
+	0x55e: 0x397e, 0x55f: 0x3b0d, 0x560: 0x3977, 0x561: 0x3b06, 0x562: 0x3985, 0x563: 0x3b14,
+	0x564: 0x31e8, 0x565: 0x34fe, 0x566: 0x31ca, 0x567: 0x34e0, 0x568: 0x39e7, 0x569: 0x3b76,
+	0x56a: 0x39e0, 0x56b: 0x3b6f, 0x56c: 0x39f5, 0x56d: 0x3b84, 0x56e: 0x39ee, 0x56f: 0x3b7d,
+	0x570: 0x39fc, 0x571: 0x3b8b, 0x572: 0x3233, 0x573: 0x354e, 0x574: 0x325b, 0x575: 0x357b,
+	0x576: 0x3256, 0x577: 0x3571, 0x578: 0x3242, 0x579: 0x355d,
+	// Block 0x16, offset 0x580
+	0x580: 0x4807, 0x581: 0x480d, 0x582: 0x4921, 0x583: 0x4939, 0x584: 0x4929, 0x585: 0x4941,
+	0x586: 0x4931, 0x587: 0x4949, 0x588: 0x47ad, 0x589: 0x47b3, 0x58a: 0x4891, 0x58b: 0x48a9,
+	0x58c: 0x4899, 0x58d: 0x48b1, 0x58e: 0x48a1, 0x58f: 0x48b9, 0x590: 0x4819, 0x591: 0x481f,
+	0x592: 0x3dbb, 0x593: 0x3dcb, 0x594: 0x3dc3, 0x595: 0x3dd3,
+	0x598: 0x47b9, 0x599: 0x47bf, 0x59a: 0x3ceb, 0x59b: 0x3cfb, 0x59c: 0x3cf3, 0x59d: 0x3d03,
+	0x5a0: 0x4831, 0x5a1: 0x4837, 0x5a2: 0x4951, 0x5a3: 0x4969,
+	0x5a4: 0x4959, 0x5a5: 0x4971, 0x5a6: 0x4961, 0x5a7: 0x4979, 0x5a8: 0x47c5, 0x5a9: 0x47cb,
+	0x5aa: 0x48c1, 0x5ab: 0x48d9, 0x5ac: 0x48c9, 0x5ad: 0x48e1, 0x5ae: 0x48d1, 0x5af: 0x48e9,
+	0x5b0: 0x4849, 0x5b1: 0x484f, 0x5b2: 0x3e1b, 0x5b3: 0x3e33, 0x5b4: 0x3e23, 0x5b5: 0x3e3b,
+	0x5b6: 0x3e2b, 0x5b7: 0x3e43, 0x5b8: 0x47d1, 0x5b9: 0x47d7, 0x5ba: 0x3d1b, 0x5bb: 0x3d33,
+	0x5bc: 0x3d23, 0x5bd: 0x3d3b, 0x5be: 0x3d2b, 0x5bf: 0x3d43,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x4855, 0x5c1: 0x485b, 0x5c2: 0x3e4b, 0x5c3: 0x3e5b, 0x5c4: 0x3e53, 0x5c5: 0x3e63,
+	0x5c8: 0x47dd, 0x5c9: 0x47e3, 0x5ca: 0x3d4b, 0x5cb: 0x3d5b,
+	0x5cc: 0x3d53, 0x5cd: 0x3d63, 0x5d0: 0x4867, 0x5d1: 0x486d,
+	0x5d2: 0x3e83, 0x5d3: 0x3e9b, 0x5d4: 0x3e8b, 0x5d5: 0x3ea3, 0x5d6: 0x3e93, 0x5d7: 0x3eab,
+	0x5d9: 0x47e9, 0x5db: 0x3d6b, 0x5dd: 0x3d73,
+	0x5df: 0x3d7b, 0x5e0: 0x487f, 0x5e1: 0x4885, 0x5e2: 0x4981, 0x5e3: 0x4999,
+	0x5e4: 0x4989, 0x5e5: 0x49a1, 0x5e6: 0x4991, 0x5e7: 0x49a9, 0x5e8: 0x47ef, 0x5e9: 0x47f5,
+	0x5ea: 0x48f1, 0x5eb: 0x4909, 0x5ec: 0x48f9, 0x5ed: 0x4911, 0x5ee: 0x4901, 0x5ef: 0x4919,
+	0x5f0: 0x47fb, 0x5f1: 0x4321, 0x5f2: 0x3694, 0x5f3: 0x4327, 0x5f4: 0x4825, 0x5f5: 0x432d,
+	0x5f6: 0x36a6, 0x5f7: 0x4333, 0x5f8: 0x36c4, 0x5f9: 0x4339, 0x5fa: 0x36dc, 0x5fb: 0x433f,
+	0x5fc: 0x4873, 0x5fd: 0x4345,
+	// Block 0x18, offset 0x600
+	0x600: 0x3da3, 0x601: 0x3dab, 0x602: 0x4187, 0x603: 0x41a5, 0x604: 0x4191, 0x605: 0x41af,
+	0x606: 0x419b, 0x607: 0x41b9, 0x608: 0x3cdb, 0x609: 0x3ce3, 0x60a: 0x40d3, 0x60b: 0x40f1,
+	0x60c: 0x40dd, 0x60d: 0x40fb, 0x60e: 0x40e7, 0x60f: 0x4105, 0x610: 0x3deb, 0x611: 0x3df3,
+	0x612: 0x41c3, 0x613: 0x41e1, 0x614: 0x41cd, 0x615: 0x41eb, 0x616: 0x41d7, 0x617: 0x41f5,
+	0x618: 0x3d0b, 0x619: 0x3d13, 0x61a: 0x410f, 0x61b: 0x412d, 0x61c: 0x4119, 0x61d: 0x4137,
+	0x61e: 0x4123, 0x61f: 0x4141, 0x620: 0x3ec3, 0x621: 0x3ecb, 0x622: 0x41ff, 0x623: 0x421d,
+	0x624: 0x4209, 0x625: 0x4227, 0x626: 0x4213, 0x627: 0x4231, 0x628: 0x3d83, 0x629: 0x3d8b,
+	0x62a: 0x414b, 0x62b: 0x4169, 0x62c: 0x4155, 0x62d: 0x4173, 0x62e: 0x415f, 0x62f: 0x417d,
+	0x630: 0x3688, 0x631: 0x3682, 0x632: 0x3d93, 0x633: 0x368e, 0x634: 0x3d9b,
+	0x636: 0x4813, 0x637: 0x3db3, 0x638: 0x35f8, 0x639: 0x35f2, 0x63a: 0x35e6, 0x63b: 0x42f1,
+	0x63c: 0x35fe, 0x63d: 0x8100, 0x63e: 0x01d3, 0x63f: 0xa100,
+	// Block 0x19, offset 0x640
+	0x640: 0x8100, 0x641: 0x35aa, 0x642: 0x3ddb, 0x643: 0x36a0, 0x644: 0x3de3,
+	0x646: 0x483d, 0x647: 0x3dfb, 0x648: 0x3604, 0x649: 0x42f7, 0x64a: 0x3610, 0x64b: 0x42fd,
+	0x64c: 0x361c, 0x64d: 0x3b92, 0x64e: 0x3b99, 0x64f: 0x3ba0, 0x650: 0x36b8, 0x651: 0x36b2,
+	0x652: 0x3e03, 0x653: 0x44e7, 0x656: 0x36be, 0x657: 0x3e13,
+	0x658: 0x3634, 0x659: 0x362e, 0x65a: 0x3622, 0x65b: 0x4303, 0x65d: 0x3ba7,
+	0x65e: 0x3bae, 0x65f: 0x3bb5, 0x660: 0x36ee, 0x661: 0x36e8, 0x662: 0x3e6b, 0x663: 0x44ef,
+	0x664: 0x36d0, 0x665: 0x36d6, 0x666: 0x36f4, 0x667: 0x3e7b, 0x668: 0x3664, 0x669: 0x365e,
+	0x66a: 0x3652, 0x66b: 0x430f, 0x66c: 0x364c, 0x66d: 0x359e, 0x66e: 0x42eb, 0x66f: 0x0081,
+	0x672: 0x3eb3, 0x673: 0x36fa, 0x674: 0x3ebb,
+	0x676: 0x488b, 0x677: 0x3ed3, 0x678: 0x3640, 0x679: 0x4309, 0x67a: 0x3670, 0x67b: 0x431b,
+	0x67c: 0x367c, 0x67d: 0x4259, 0x67e: 0xa100,
+	// Block 0x1a, offset 0x680
+	0x681: 0x3c09, 0x683: 0xa000, 0x684: 0x3c10, 0x685: 0xa000,
+	0x687: 0x3c17, 0x688: 0xa000, 0x689: 0x3c1e,
+	0x68d: 0xa000,
+	0x6a0: 0x2f68, 0x6a1: 0xa000, 0x6a2: 0x3c2c,
+	0x6a4: 0xa000, 0x6a5: 0xa000,
+	0x6ad: 0x3c25, 0x6ae: 0x2f63, 0x6af: 0x2f6d,
+	0x6b0: 0x3c33, 0x6b1: 0x3c3a, 0x6b2: 0xa000, 0x6b3: 0xa000, 0x6b4: 0x3c41, 0x6b5: 0x3c48,
+	0x6b6: 0xa000, 0x6b7: 0xa000, 0x6b8: 0x3c4f, 0x6b9: 0x3c56, 0x6ba: 0xa000, 0x6bb: 0xa000,
+	0x6bc: 0xa000, 0x6bd: 0xa000,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x3c5d, 0x6c1: 0x3c64, 0x6c2: 0xa000, 0x6c3: 0xa000, 0x6c4: 0x3c79, 0x6c5: 0x3c80,
+	0x6c6: 0xa000, 0x6c7: 0xa000, 0x6c8: 0x3c87, 0x6c9: 0x3c8e,
+	0x6d1: 0xa000,
+	0x6d2: 0xa000,
+	0x6e2: 0xa000,
+	0x6e8: 0xa000, 0x6e9: 0xa000,
+	0x6eb: 0xa000, 0x6ec: 0x3ca3, 0x6ed: 0x3caa, 0x6ee: 0x3cb1, 0x6ef: 0x3cb8,
+	0x6f2: 0xa000, 0x6f3: 0xa000, 0x6f4: 0xa000, 0x6f5: 0xa000,
+	// Block 0x1c, offset 0x700
+	0x706: 0xa000, 0x70b: 0xa000,
+	0x70c: 0x3f0b, 0x70d: 0xa000, 0x70e: 0x3f13, 0x70f: 0xa000, 0x710: 0x3f1b, 0x711: 0xa000,
+	0x712: 0x3f23, 0x713: 0xa000, 0x714: 0x3f2b, 0x715: 0xa000, 0x716: 0x3f33, 0x717: 0xa000,
+	0x718: 0x3f3b, 0x719: 0xa000, 0x71a: 0x3f43, 0x71b: 0xa000, 0x71c: 0x3f4b, 0x71d: 0xa000,
+	0x71e: 0x3f53, 0x71f: 0xa000, 0x720: 0x3f5b, 0x721: 0xa000, 0x722: 0x3f63,
+	0x724: 0xa000, 0x725: 0x3f6b, 0x726: 0xa000, 0x727: 0x3f73, 0x728: 0xa000, 0x729: 0x3f7b,
+	0x72f: 0xa000,
+	0x730: 0x3f83, 0x731: 0x3f8b, 0x732: 0xa000, 0x733: 0x3f93, 0x734: 0x3f9b, 0x735: 0xa000,
+	0x736: 0x3fa3, 0x737: 0x3fab, 0x738: 0xa000, 0x739: 0x3fb3, 0x73a: 0x3fbb, 0x73b: 0xa000,
+	0x73c: 0x3fc3, 0x73d: 0x3fcb,
+	// Block 0x1d, offset 0x740
+	0x754: 0x3f03,
+	0x759: 0x9903, 0x75a: 0x9903, 0x75b: 0x8100, 0x75c: 0x8100, 0x75d: 0xa000,
+	0x75e: 0x3fd3,
+	0x766: 0xa000,
+	0x76b: 0xa000, 0x76c: 0x3fe3, 0x76d: 0xa000, 0x76e: 0x3feb, 0x76f: 0xa000,
+	0x770: 0x3ff3, 0x771: 0xa000, 0x772: 0x3ffb, 0x773: 0xa000, 0x774: 0x4003, 0x775: 0xa000,
+	0x776: 0x400b, 0x777: 0xa000, 0x778: 0x4013, 0x779: 0xa000, 0x77a: 0x401b, 0x77b: 0xa000,
+	0x77c: 0x4023, 0x77d: 0xa000, 0x77e: 0x402b, 0x77f: 0xa000,
+	// Block 0x1e, offset 0x780
+	0x780: 0x4033, 0x781: 0xa000, 0x782: 0x403b, 0x784: 0xa000, 0x785: 0x4043,
+	0x786: 0xa000, 0x787: 0x404b, 0x788: 0xa000, 0x789: 0x4053,
+	0x78f: 0xa000, 0x790: 0x405b, 0x791: 0x4063,
+	0x792: 0xa000, 0x793: 0x406b, 0x794: 0x4073, 0x795: 0xa000, 0x796: 0x407b, 0x797: 0x4083,
+	0x798: 0xa000, 0x799: 0x408b, 0x79a: 0x4093, 0x79b: 0xa000, 0x79c: 0x409b, 0x79d: 0x40a3,
+	0x7af: 0xa000,
+	0x7b0: 0xa000, 0x7b1: 0xa000, 0x7b2: 0xa000, 0x7b4: 0x3fdb,
+	0x7b7: 0x40ab, 0x7b8: 0x40b3, 0x7b9: 0x40bb, 0x7ba: 0x40c3,
+	0x7bd: 0xa000, 0x7be: 0x40cb,
+	// Block 0x1f, offset 0x7c0
+	0x7c0: 0x1377, 0x7c1: 0x0cfb, 0x7c2: 0x13d3, 0x7c3: 0x139f, 0x7c4: 0x0e57, 0x7c5: 0x06eb,
+	0x7c6: 0x08df, 0x7c7: 0x162b, 0x7c8: 0x162b, 0x7c9: 0x0a0b, 0x7ca: 0x145f, 0x7cb: 0x0943,
+	0x7cc: 0x0a07, 0x7cd: 0x0bef, 0x7ce: 0x0fcf, 0x7cf: 0x115f, 0x7d0: 0x1297, 0x7d1: 0x12d3,
+	0x7d2: 0x1307, 0x7d3: 0x141b, 0x7d4: 0x0d73, 0x7d5: 0x0dff, 0x7d6: 0x0eab, 0x7d7: 0x0f43,
+	0x7d8: 0x125f, 0x7d9: 0x1447, 0x7da: 0x1573, 0x7db: 0x070f, 0x7dc: 0x08b3, 0x7dd: 0x0d87,
+	0x7de: 0x0ecf, 0x7df: 0x1293, 0x7e0: 0x15c3, 0x7e1: 0x0ab3, 0x7e2: 0x0e77, 0x7e3: 0x1283,
+	0x7e4: 0x1317, 0x7e5: 0x0c23, 0x7e6: 0x11bb, 0x7e7: 0x12df, 0x7e8: 0x0b1f, 0x7e9: 0x0d0f,
+	0x7ea: 0x0e17, 0x7eb: 0x0f1b, 0x7ec: 0x1427, 0x7ed: 0x074f, 0x7ee: 0x07e7, 0x7ef: 0x0853,
+	0x7f0: 0x0c8b, 0x7f1: 0x0d7f, 0x7f2: 0x0ecb, 0x7f3: 0x0fef, 0x7f4: 0x1177, 0x7f5: 0x128b,
+	0x7f6: 0x12a3, 0x7f7: 0x13c7, 0x7f8: 0x14ef, 0x7f9: 0x15a3, 0x7fa: 0x15bf, 0x7fb: 0x102b,
+	0x7fc: 0x106b, 0x7fd: 0x1123, 0x7fe: 0x1243, 0x7ff: 0x147b,
+	// Block 0x20, offset 0x800
+	0x800: 0x15cb, 0x801: 0x134b, 0x802: 0x09c7, 0x803: 0x0b3b, 0x804: 0x10db, 0x805: 0x119b,
+	0x806: 0x0eff, 0x807: 0x1033, 0x808: 0x1397, 0x809: 0x14e7, 0x80a: 0x09c3, 0x80b: 0x0a8f,
+	0x80c: 0x0d77, 0x80d: 0x0e2b, 0x80e: 0x0e5f, 0x80f: 0x1113, 0x810: 0x113b, 0x811: 0x14a7,
+	0x812: 0x084f, 0x813: 0x11a7, 0x814: 0x07f3, 0x815: 0x07ef, 0x816: 0x1097, 0x817: 0x1127,
+	0x818: 0x125b, 0x819: 0x14af, 0x81a: 0x1367, 0x81b: 0x0c27, 0x81c: 0x0d73, 0x81d: 0x1357,
+	0x81e: 0x06f7, 0x81f: 0x0a63, 0x820: 0x0b93, 0x821: 0x0f2f, 0x822: 0x0faf, 0x823: 0x0873,
+	0x824: 0x103b, 0x825: 0x075f, 0x826: 0x0b77, 0x827: 0x06d7, 0x828: 0x0deb, 0x829: 0x0ca3,
+	0x82a: 0x110f, 0x82b: 0x08c7, 0x82c: 0x09b3, 0x82d: 0x0ffb, 0x82e: 0x1263, 0x82f: 0x133b,
+	0x830: 0x0db7, 0x831: 0x13f7, 0x832: 0x0de3, 0x833: 0x0c37, 0x834: 0x121b, 0x835: 0x0c57,
+	0x836: 0x0fab, 0x837: 0x072b, 0x838: 0x07a7, 0x839: 0x07eb, 0x83a: 0x0d53, 0x83b: 0x10fb,
+	0x83c: 0x11f3, 0x83d: 0x1347, 0x83e: 0x145b, 0x83f: 0x085b,
+	// Block 0x21, offset 0x840
+	0x840: 0x090f, 0x841: 0x0a17, 0x842: 0x0b2f, 0x843: 0x0cbf, 0x844: 0x0e7b, 0x845: 0x103f,
+	0x846: 0x1497, 0x847: 0x157b, 0x848: 0x15cf, 0x849: 0x15e7, 0x84a: 0x0837, 0x84b: 0x0cf3,
+	0x84c: 0x0da3, 0x84d: 0x13eb, 0x84e: 0x0afb, 0x84f: 0x0bd7, 0x850: 0x0bf3, 0x851: 0x0c83,
+	0x852: 0x0e6b, 0x853: 0x0eb7, 0x854: 0x0f67, 0x855: 0x108b, 0x856: 0x112f, 0x857: 0x1193,
+	0x858: 0x13db, 0x859: 0x126b, 0x85a: 0x1403, 0x85b: 0x147f, 0x85c: 0x080f, 0x85d: 0x083b,
+	0x85e: 0x0923, 0x85f: 0x0ea7, 0x860: 0x12f3, 0x861: 0x133b, 0x862: 0x0b1b, 0x863: 0x0b8b,
+	0x864: 0x0c4f, 0x865: 0x0daf, 0x866: 0x10d7, 0x867: 0x0f23, 0x868: 0x073b, 0x869: 0x097f,
+	0x86a: 0x0a63, 0x86b: 0x0ac7, 0x86c: 0x0b97, 0x86d: 0x0f3f, 0x86e: 0x0f5b, 0x86f: 0x116b,
+	0x870: 0x118b, 0x871: 0x1463, 0x872: 0x14e3, 0x873: 0x14f3, 0x874: 0x152f, 0x875: 0x0753,
+	0x876: 0x107f, 0x877: 0x144f, 0x878: 0x14cb, 0x879: 0x0baf, 0x87a: 0x0717, 0x87b: 0x0777,
+	0x87c: 0x0a67, 0x87d: 0x0a87, 0x87e: 0x0caf, 0x87f: 0x0d73,
+	// Block 0x22, offset 0x880
+	0x880: 0x0ec3, 0x881: 0x0fcb, 0x882: 0x1277, 0x883: 0x1417, 0x884: 0x1623, 0x885: 0x0ce3,
+	0x886: 0x14a3, 0x887: 0x0833, 0x888: 0x0d2f, 0x889: 0x0d3b, 0x88a: 0x0e0f, 0x88b: 0x0e47,
+	0x88c: 0x0f4b, 0x88d: 0x0fa7, 0x88e: 0x1027, 0x88f: 0x110b, 0x890: 0x153b, 0x891: 0x07af,
+	0x892: 0x0c03, 0x893: 0x14b3, 0x894: 0x0767, 0x895: 0x0aab, 0x896: 0x0e2f, 0x897: 0x13df,
+	0x898: 0x0b67, 0x899: 0x0bb7, 0x89a: 0x0d43, 0x89b: 0x0f2f, 0x89c: 0x14bb, 0x89d: 0x0817,
+	0x89e: 0x08ff, 0x89f: 0x0a97, 0x8a0: 0x0cd3, 0x8a1: 0x0d1f, 0x8a2: 0x0d5f, 0x8a3: 0x0df3,
+	0x8a4: 0x0f47, 0x8a5: 0x0fbb, 0x8a6: 0x1157, 0x8a7: 0x12f7, 0x8a8: 0x1303, 0x8a9: 0x1457,
+	0x8aa: 0x14d7, 0x8ab: 0x0883, 0x8ac: 0x0e4b, 0x8ad: 0x0903, 0x8ae: 0x0ec7, 0x8af: 0x0f6b,
+	0x8b0: 0x1287, 0x8b1: 0x14bf, 0x8b2: 0x15ab, 0x8b3: 0x15d3, 0x8b4: 0x0d37, 0x8b5: 0x0e27,
+	0x8b6: 0x11c3, 0x8b7: 0x10b7, 0x8b8: 0x10c3, 0x8b9: 0x10e7, 0x8ba: 0x0f17, 0x8bb: 0x0e9f,
+	0x8bc: 0x1363, 0x8bd: 0x0733, 0x8be: 0x122b, 0x8bf: 0x081b,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x080b, 0x8c1: 0x0b0b, 0x8c2: 0x0c2b, 0x8c3: 0x10f3, 0x8c4: 0x0a53, 0x8c5: 0x0e03,
+	0x8c6: 0x0cef, 0x8c7: 0x13e7, 0x8c8: 0x12e7, 0x8c9: 0x14ab, 0x8ca: 0x1323, 0x8cb: 0x0b27,
+	0x8cc: 0x0787, 0x8cd: 0x095b, 0x8d0: 0x09af,
+	0x8d2: 0x0cdf, 0x8d5: 0x07f7, 0x8d6: 0x0f1f, 0x8d7: 0x0fe3,
+	0x8d8: 0x1047, 0x8d9: 0x1063, 0x8da: 0x1067, 0x8db: 0x107b, 0x8dc: 0x14fb, 0x8dd: 0x10eb,
+	0x8de: 0x116f, 0x8e0: 0x128f, 0x8e2: 0x1353,
+	0x8e5: 0x1407, 0x8e6: 0x1433,
+	0x8ea: 0x154f, 0x8eb: 0x1553, 0x8ec: 0x1557, 0x8ed: 0x15bb, 0x8ee: 0x142b, 0x8ef: 0x14c7,
+	0x8f0: 0x0757, 0x8f1: 0x077b, 0x8f2: 0x078f, 0x8f3: 0x084b, 0x8f4: 0x0857, 0x8f5: 0x0897,
+	0x8f6: 0x094b, 0x8f7: 0x0967, 0x8f8: 0x096f, 0x8f9: 0x09ab, 0x8fa: 0x09b7, 0x8fb: 0x0a93,
+	0x8fc: 0x0a9b, 0x8fd: 0x0ba3, 0x8fe: 0x0bcb, 0x8ff: 0x0bd3,
+	// Block 0x24, offset 0x900
+	0x900: 0x0beb, 0x901: 0x0c97, 0x902: 0x0cc7, 0x903: 0x0ce7, 0x904: 0x0d57, 0x905: 0x0e1b,
+	0x906: 0x0e37, 0x907: 0x0e67, 0x908: 0x0ebb, 0x909: 0x0edb, 0x90a: 0x0f4f, 0x90b: 0x102f,
+	0x90c: 0x104b, 0x90d: 0x1053, 0x90e: 0x104f, 0x90f: 0x1057, 0x910: 0x105b, 0x911: 0x105f,
+	0x912: 0x1073, 0x913: 0x1077, 0x914: 0x109b, 0x915: 0x10af, 0x916: 0x10cb, 0x917: 0x112f,
+	0x918: 0x1137, 0x919: 0x113f, 0x91a: 0x1153, 0x91b: 0x117b, 0x91c: 0x11cb, 0x91d: 0x11ff,
+	0x91e: 0x11ff, 0x91f: 0x1267, 0x920: 0x130f, 0x921: 0x1327, 0x922: 0x135b, 0x923: 0x135f,
+	0x924: 0x13a3, 0x925: 0x13a7, 0x926: 0x13ff, 0x927: 0x1407, 0x928: 0x14db, 0x929: 0x151f,
+	0x92a: 0x1537, 0x92b: 0x0b9b, 0x92c: 0x171e, 0x92d: 0x11e3,
+	0x930: 0x06df, 0x931: 0x07e3, 0x932: 0x07a3, 0x933: 0x074b, 0x934: 0x078b, 0x935: 0x07b7,
+	0x936: 0x0847, 0x937: 0x0863, 0x938: 0x094b, 0x939: 0x0937, 0x93a: 0x0947, 0x93b: 0x0963,
+	0x93c: 0x09af, 0x93d: 0x09bf, 0x93e: 0x0a03, 0x93f: 0x0a0f,
+	// Block 0x25, offset 0x940
+	0x940: 0x0a2b, 0x941: 0x0a3b, 0x942: 0x0b23, 0x943: 0x0b2b, 0x944: 0x0b5b, 0x945: 0x0b7b,
+	0x946: 0x0bab, 0x947: 0x0bc3, 0x948: 0x0bb3, 0x949: 0x0bd3, 0x94a: 0x0bc7, 0x94b: 0x0beb,
+	0x94c: 0x0c07, 0x94d: 0x0c5f, 0x94e: 0x0c6b, 0x94f: 0x0c73, 0x950: 0x0c9b, 0x951: 0x0cdf,
+	0x952: 0x0d0f, 0x953: 0x0d13, 0x954: 0x0d27, 0x955: 0x0da7, 0x956: 0x0db7, 0x957: 0x0e0f,
+	0x958: 0x0e5b, 0x959: 0x0e53, 0x95a: 0x0e67, 0x95b: 0x0e83, 0x95c: 0x0ebb, 0x95d: 0x1013,
+	0x95e: 0x0edf, 0x95f: 0x0f13, 0x960: 0x0f1f, 0x961: 0x0f5f, 0x962: 0x0f7b, 0x963: 0x0f9f,
+	0x964: 0x0fc3, 0x965: 0x0fc7, 0x966: 0x0fe3, 0x967: 0x0fe7, 0x968: 0x0ff7, 0x969: 0x100b,
+	0x96a: 0x1007, 0x96b: 0x1037, 0x96c: 0x10b3, 0x96d: 0x10cb, 0x96e: 0x10e3, 0x96f: 0x111b,
+	0x970: 0x112f, 0x971: 0x114b, 0x972: 0x117b, 0x973: 0x122f, 0x974: 0x1257, 0x975: 0x12cb,
+	0x976: 0x1313, 0x977: 0x131f, 0x978: 0x1327, 0x979: 0x133f, 0x97a: 0x1353, 0x97b: 0x1343,
+	0x97c: 0x135b, 0x97d: 0x1357, 0x97e: 0x134f, 0x97f: 0x135f,
+	// Block 0x26, offset 0x980
+	0x980: 0x136b, 0x981: 0x13a7, 0x982: 0x13e3, 0x983: 0x1413, 0x984: 0x144b, 0x985: 0x146b,
+	0x986: 0x14b7, 0x987: 0x14db, 0x988: 0x14fb, 0x989: 0x150f, 0x98a: 0x151f, 0x98b: 0x152b,
+	0x98c: 0x1537, 0x98d: 0x158b, 0x98e: 0x162b, 0x98f: 0x16b5, 0x990: 0x16b0, 0x991: 0x16e2,
+	0x992: 0x0607, 0x993: 0x062f, 0x994: 0x0633, 0x995: 0x1764, 0x996: 0x1791, 0x997: 0x1809,
+	0x998: 0x1617, 0x999: 0x1627,
+	// Block 0x27, offset 0x9c0
+	0x9c0: 0x06fb, 0x9c1: 0x06f3, 0x9c2: 0x0703, 0x9c3: 0x1647, 0x9c4: 0x0747, 0x9c5: 0x0757,
+	0x9c6: 0x075b, 0x9c7: 0x0763, 0x9c8: 0x076b, 0x9c9: 0x076f, 0x9ca: 0x077b, 0x9cb: 0x0773,
+	0x9cc: 0x05b3, 0x9cd: 0x165b, 0x9ce: 0x078f, 0x9cf: 0x0793, 0x9d0: 0x0797, 0x9d1: 0x07b3,
+	0x9d2: 0x164c, 0x9d3: 0x05b7, 0x9d4: 0x079f, 0x9d5: 0x07bf, 0x9d6: 0x1656, 0x9d7: 0x07cf,
+	0x9d8: 0x07d7, 0x9d9: 0x0737, 0x9da: 0x07df, 0x9db: 0x07e3, 0x9dc: 0x1831, 0x9dd: 0x07ff,
+	0x9de: 0x0807, 0x9df: 0x05bf, 0x9e0: 0x081f, 0x9e1: 0x0823, 0x9e2: 0x082b, 0x9e3: 0x082f,
+	0x9e4: 0x05c3, 0x9e5: 0x0847, 0x9e6: 0x084b, 0x9e7: 0x0857, 0x9e8: 0x0863, 0x9e9: 0x0867,
+	0x9ea: 0x086b, 0x9eb: 0x0873, 0x9ec: 0x0893, 0x9ed: 0x0897, 0x9ee: 0x089f, 0x9ef: 0x08af,
+	0x9f0: 0x08b7, 0x9f1: 0x08bb, 0x9f2: 0x08bb, 0x9f3: 0x08bb, 0x9f4: 0x166a, 0x9f5: 0x0e93,
+	0x9f6: 0x08cf, 0x9f7: 0x08d7, 0x9f8: 0x166f, 0x9f9: 0x08e3, 0x9fa: 0x08eb, 0x9fb: 0x08f3,
+	0x9fc: 0x091b, 0x9fd: 0x0907, 0x9fe: 0x0913, 0x9ff: 0x0917,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x091f, 0xa01: 0x0927, 0xa02: 0x092b, 0xa03: 0x0933, 0xa04: 0x093b, 0xa05: 0x093f,
+	0xa06: 0x093f, 0xa07: 0x0947, 0xa08: 0x094f, 0xa09: 0x0953, 0xa0a: 0x095f, 0xa0b: 0x0983,
+	0xa0c: 0x0967, 0xa0d: 0x0987, 0xa0e: 0x096b, 0xa0f: 0x0973, 0xa10: 0x080b, 0xa11: 0x09cf,
+	0xa12: 0x0997, 0xa13: 0x099b, 0xa14: 0x099f, 0xa15: 0x0993, 0xa16: 0x09a7, 0xa17: 0x09a3,
+	0xa18: 0x09bb, 0xa19: 0x1674, 0xa1a: 0x09d7, 0xa1b: 0x09db, 0xa1c: 0x09e3, 0xa1d: 0x09ef,
+	0xa1e: 0x09f7, 0xa1f: 0x0a13, 0xa20: 0x1679, 0xa21: 0x167e, 0xa22: 0x0a1f, 0xa23: 0x0a23,
+	0xa24: 0x0a27, 0xa25: 0x0a1b, 0xa26: 0x0a2f, 0xa27: 0x05c7, 0xa28: 0x05cb, 0xa29: 0x0a37,
+	0xa2a: 0x0a3f, 0xa2b: 0x0a3f, 0xa2c: 0x1683, 0xa2d: 0x0a5b, 0xa2e: 0x0a5f, 0xa2f: 0x0a63,
+	0xa30: 0x0a6b, 0xa31: 0x1688, 0xa32: 0x0a73, 0xa33: 0x0a77, 0xa34: 0x0b4f, 0xa35: 0x0a7f,
+	0xa36: 0x05cf, 0xa37: 0x0a8b, 0xa38: 0x0a9b, 0xa39: 0x0aa7, 0xa3a: 0x0aa3, 0xa3b: 0x1692,
+	0xa3c: 0x0aaf, 0xa3d: 0x1697, 0xa3e: 0x0abb, 0xa3f: 0x0ab7,
+	// Block 0x29, offset 0xa40
+	0xa40: 0x0abf, 0xa41: 0x0acf, 0xa42: 0x0ad3, 0xa43: 0x05d3, 0xa44: 0x0ae3, 0xa45: 0x0aeb,
+	0xa46: 0x0aef, 0xa47: 0x0af3, 0xa48: 0x05d7, 0xa49: 0x169c, 0xa4a: 0x05db, 0xa4b: 0x0b0f,
+	0xa4c: 0x0b13, 0xa4d: 0x0b17, 0xa4e: 0x0b1f, 0xa4f: 0x1863, 0xa50: 0x0b37, 0xa51: 0x16a6,
+	0xa52: 0x16a6, 0xa53: 0x11d7, 0xa54: 0x0b47, 0xa55: 0x0b47, 0xa56: 0x05df, 0xa57: 0x16c9,
+	0xa58: 0x179b, 0xa59: 0x0b57, 0xa5a: 0x0b5f, 0xa5b: 0x05e3, 0xa5c: 0x0b73, 0xa5d: 0x0b83,
+	0xa5e: 0x0b87, 0xa5f: 0x0b8f, 0xa60: 0x0b9f, 0xa61: 0x05eb, 0xa62: 0x05e7, 0xa63: 0x0ba3,
+	0xa64: 0x16ab, 0xa65: 0x0ba7, 0xa66: 0x0bbb, 0xa67: 0x0bbf, 0xa68: 0x0bc3, 0xa69: 0x0bbf,
+	0xa6a: 0x0bcf, 0xa6b: 0x0bd3, 0xa6c: 0x0be3, 0xa6d: 0x0bdb, 0xa6e: 0x0bdf, 0xa6f: 0x0be7,
+	0xa70: 0x0beb, 0xa71: 0x0bef, 0xa72: 0x0bfb, 0xa73: 0x0bff, 0xa74: 0x0c17, 0xa75: 0x0c1f,
+	0xa76: 0x0c2f, 0xa77: 0x0c43, 0xa78: 0x16ba, 0xa79: 0x0c3f, 0xa7a: 0x0c33, 0xa7b: 0x0c4b,
+	0xa7c: 0x0c53, 0xa7d: 0x0c67, 0xa7e: 0x16bf, 0xa7f: 0x0c6f,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0x0c63, 0xa81: 0x0c5b, 0xa82: 0x05ef, 0xa83: 0x0c77, 0xa84: 0x0c7f, 0xa85: 0x0c87,
+	0xa86: 0x0c7b, 0xa87: 0x05f3, 0xa88: 0x0c97, 0xa89: 0x0c9f, 0xa8a: 0x16c4, 0xa8b: 0x0ccb,
+	0xa8c: 0x0cff, 0xa8d: 0x0cdb, 0xa8e: 0x05ff, 0xa8f: 0x0ce7, 0xa90: 0x05fb, 0xa91: 0x05f7,
+	0xa92: 0x07c3, 0xa93: 0x07c7, 0xa94: 0x0d03, 0xa95: 0x0ceb, 0xa96: 0x11ab, 0xa97: 0x0663,
+	0xa98: 0x0d0f, 0xa99: 0x0d13, 0xa9a: 0x0d17, 0xa9b: 0x0d2b, 0xa9c: 0x0d23, 0xa9d: 0x16dd,
+	0xa9e: 0x0603, 0xa9f: 0x0d3f, 0xaa0: 0x0d33, 0xaa1: 0x0d4f, 0xaa2: 0x0d57, 0xaa3: 0x16e7,
+	0xaa4: 0x0d5b, 0xaa5: 0x0d47, 0xaa6: 0x0d63, 0xaa7: 0x0607, 0xaa8: 0x0d67, 0xaa9: 0x0d6b,
+	0xaaa: 0x0d6f, 0xaab: 0x0d7b, 0xaac: 0x16ec, 0xaad: 0x0d83, 0xaae: 0x060b, 0xaaf: 0x0d8f,
+	0xab0: 0x16f1, 0xab1: 0x0d93, 0xab2: 0x060f, 0xab3: 0x0d9f, 0xab4: 0x0dab, 0xab5: 0x0db7,
+	0xab6: 0x0dbb, 0xab7: 0x16f6, 0xab8: 0x168d, 0xab9: 0x16fb, 0xaba: 0x0ddb, 0xabb: 0x1700,
+	0xabc: 0x0de7, 0xabd: 0x0def, 0xabe: 0x0ddf, 0xabf: 0x0dfb,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0x0e0b, 0xac1: 0x0e1b, 0xac2: 0x0e0f, 0xac3: 0x0e13, 0xac4: 0x0e1f, 0xac5: 0x0e23,
+	0xac6: 0x1705, 0xac7: 0x0e07, 0xac8: 0x0e3b, 0xac9: 0x0e3f, 0xaca: 0x0613, 0xacb: 0x0e53,
+	0xacc: 0x0e4f, 0xacd: 0x170a, 0xace: 0x0e33, 0xacf: 0x0e6f, 0xad0: 0x170f, 0xad1: 0x1714,
+	0xad2: 0x0e73, 0xad3: 0x0e87, 0xad4: 0x0e83, 0xad5: 0x0e7f, 0xad6: 0x0617, 0xad7: 0x0e8b,
+	0xad8: 0x0e9b, 0xad9: 0x0e97, 0xada: 0x0ea3, 0xadb: 0x1651, 0xadc: 0x0eb3, 0xadd: 0x1719,
+	0xade: 0x0ebf, 0xadf: 0x1723, 0xae0: 0x0ed3, 0xae1: 0x0edf, 0xae2: 0x0ef3, 0xae3: 0x1728,
+	0xae4: 0x0f07, 0xae5: 0x0f0b, 0xae6: 0x172d, 0xae7: 0x1732, 0xae8: 0x0f27, 0xae9: 0x0f37,
+	0xaea: 0x061b, 0xaeb: 0x0f3b, 0xaec: 0x061f, 0xaed: 0x061f, 0xaee: 0x0f53, 0xaef: 0x0f57,
+	0xaf0: 0x0f5f, 0xaf1: 0x0f63, 0xaf2: 0x0f6f, 0xaf3: 0x0623, 0xaf4: 0x0f87, 0xaf5: 0x1737,
+	0xaf6: 0x0fa3, 0xaf7: 0x173c, 0xaf8: 0x0faf, 0xaf9: 0x16a1, 0xafa: 0x0fbf, 0xafb: 0x1741,
+	0xafc: 0x1746, 0xafd: 0x174b, 0xafe: 0x0627, 0xaff: 0x062b,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x0ff7, 0xb01: 0x1755, 0xb02: 0x1750, 0xb03: 0x175a, 0xb04: 0x175f, 0xb05: 0x0fff,
+	0xb06: 0x1003, 0xb07: 0x1003, 0xb08: 0x100b, 0xb09: 0x0633, 0xb0a: 0x100f, 0xb0b: 0x0637,
+	0xb0c: 0x063b, 0xb0d: 0x1769, 0xb0e: 0x1023, 0xb0f: 0x102b, 0xb10: 0x1037, 0xb11: 0x063f,
+	0xb12: 0x176e, 0xb13: 0x105b, 0xb14: 0x1773, 0xb15: 0x1778, 0xb16: 0x107b, 0xb17: 0x1093,
+	0xb18: 0x0643, 0xb19: 0x109b, 0xb1a: 0x109f, 0xb1b: 0x10a3, 0xb1c: 0x177d, 0xb1d: 0x1782,
+	0xb1e: 0x1782, 0xb1f: 0x10bb, 0xb20: 0x0647, 0xb21: 0x1787, 0xb22: 0x10cf, 0xb23: 0x10d3,
+	0xb24: 0x064b, 0xb25: 0x178c, 0xb26: 0x10ef, 0xb27: 0x064f, 0xb28: 0x10ff, 0xb29: 0x10f7,
+	0xb2a: 0x1107, 0xb2b: 0x1796, 0xb2c: 0x111f, 0xb2d: 0x0653, 0xb2e: 0x112b, 0xb2f: 0x1133,
+	0xb30: 0x1143, 0xb31: 0x0657, 0xb32: 0x17a0, 0xb33: 0x17a5, 0xb34: 0x065b, 0xb35: 0x17aa,
+	0xb36: 0x115b, 0xb37: 0x17af, 0xb38: 0x1167, 0xb39: 0x1173, 0xb3a: 0x117b, 0xb3b: 0x17b4,
+	0xb3c: 0x17b9, 0xb3d: 0x118f, 0xb3e: 0x17be, 0xb3f: 0x1197,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x16ce, 0xb41: 0x065f, 0xb42: 0x11af, 0xb43: 0x11b3, 0xb44: 0x0667, 0xb45: 0x11b7,
+	0xb46: 0x0a33, 0xb47: 0x17c3, 0xb48: 0x17c8, 0xb49: 0x16d3, 0xb4a: 0x16d8, 0xb4b: 0x11d7,
+	0xb4c: 0x11db, 0xb4d: 0x13f3, 0xb4e: 0x066b, 0xb4f: 0x1207, 0xb50: 0x1203, 0xb51: 0x120b,
+	0xb52: 0x083f, 0xb53: 0x120f, 0xb54: 0x1213, 0xb55: 0x1217, 0xb56: 0x121f, 0xb57: 0x17cd,
+	0xb58: 0x121b, 0xb59: 0x1223, 0xb5a: 0x1237, 0xb5b: 0x123b, 0xb5c: 0x1227, 0xb5d: 0x123f,
+	0xb5e: 0x1253, 0xb5f: 0x1267, 0xb60: 0x1233, 0xb61: 0x1247, 0xb62: 0x124b, 0xb63: 0x124f,
+	0xb64: 0x17d2, 0xb65: 0x17dc, 0xb66: 0x17d7, 0xb67: 0x066f, 0xb68: 0x126f, 0xb69: 0x1273,
+	0xb6a: 0x127b, 0xb6b: 0x17f0, 0xb6c: 0x127f, 0xb6d: 0x17e1, 0xb6e: 0x0673, 0xb6f: 0x0677,
+	0xb70: 0x17e6, 0xb71: 0x17eb, 0xb72: 0x067b, 0xb73: 0x129f, 0xb74: 0x12a3, 0xb75: 0x12a7,
+	0xb76: 0x12ab, 0xb77: 0x12b7, 0xb78: 0x12b3, 0xb79: 0x12bf, 0xb7a: 0x12bb, 0xb7b: 0x12cb,
+	0xb7c: 0x12c3, 0xb7d: 0x12c7, 0xb7e: 0x12cf, 0xb7f: 0x067f,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x12d7, 0xb81: 0x12db, 0xb82: 0x0683, 0xb83: 0x12eb, 0xb84: 0x12ef, 0xb85: 0x17f5,
+	0xb86: 0x12fb, 0xb87: 0x12ff, 0xb88: 0x0687, 0xb89: 0x130b, 0xb8a: 0x05bb, 0xb8b: 0x17fa,
+	0xb8c: 0x17ff, 0xb8d: 0x068b, 0xb8e: 0x068f, 0xb8f: 0x1337, 0xb90: 0x134f, 0xb91: 0x136b,
+	0xb92: 0x137b, 0xb93: 0x1804, 0xb94: 0x138f, 0xb95: 0x1393, 0xb96: 0x13ab, 0xb97: 0x13b7,
+	0xb98: 0x180e, 0xb99: 0x1660, 0xb9a: 0x13c3, 0xb9b: 0x13bf, 0xb9c: 0x13cb, 0xb9d: 0x1665,
+	0xb9e: 0x13d7, 0xb9f: 0x13e3, 0xba0: 0x1813, 0xba1: 0x1818, 0xba2: 0x1423, 0xba3: 0x142f,
+	0xba4: 0x1437, 0xba5: 0x181d, 0xba6: 0x143b, 0xba7: 0x1467, 0xba8: 0x1473, 0xba9: 0x1477,
+	0xbaa: 0x146f, 0xbab: 0x1483, 0xbac: 0x1487, 0xbad: 0x1822, 0xbae: 0x1493, 0xbaf: 0x0693,
+	0xbb0: 0x149b, 0xbb1: 0x1827, 0xbb2: 0x0697, 0xbb3: 0x14d3, 0xbb4: 0x0ac3, 0xbb5: 0x14eb,
+	0xbb6: 0x182c, 0xbb7: 0x1836, 0xbb8: 0x069b, 0xbb9: 0x069f, 0xbba: 0x1513, 0xbbb: 0x183b,
+	0xbbc: 0x06a3, 0xbbd: 0x1840, 0xbbe: 0x152b, 0xbbf: 0x152b,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x1533, 0xbc1: 0x1845, 0xbc2: 0x154b, 0xbc3: 0x06a7, 0xbc4: 0x155b, 0xbc5: 0x1567,
+	0xbc6: 0x156f, 0xbc7: 0x1577, 0xbc8: 0x06ab, 0xbc9: 0x184a, 0xbca: 0x158b, 0xbcb: 0x15a7,
+	0xbcc: 0x15b3, 0xbcd: 0x06af, 0xbce: 0x06b3, 0xbcf: 0x15b7, 0xbd0: 0x184f, 0xbd1: 0x06b7,
+	0xbd2: 0x1854, 0xbd3: 0x1859, 0xbd4: 0x185e, 0xbd5: 0x15db, 0xbd6: 0x06bb, 0xbd7: 0x15ef,
+	0xbd8: 0x15f7, 0xbd9: 0x15fb, 0xbda: 0x1603, 0xbdb: 0x160b, 0xbdc: 0x1613, 0xbdd: 0x1868,
+}
+
+// nfcIndex: 22 blocks, 1408 entries, 1408 bytes
+// Block 0 is the zero block.
+var nfcIndex = [1408]uint8{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x2e, 0xc3: 0x01, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x2f, 0xc7: 0x04,
+	0xc8: 0x05, 0xca: 0x30, 0xcb: 0x31, 0xcc: 0x06, 0xcd: 0x07, 0xce: 0x08, 0xcf: 0x32,
+	0xd0: 0x09, 0xd1: 0x33, 0xd2: 0x34, 0xd3: 0x0a, 0xd6: 0x0b, 0xd7: 0x35,
+	0xd8: 0x36, 0xd9: 0x0c, 0xdb: 0x37, 0xdc: 0x38, 0xdd: 0x39, 0xdf: 0x3a,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05,
+	0xea: 0x06, 0xeb: 0x07, 0xec: 0x08, 0xed: 0x09, 0xef: 0x0a,
+	0xf0: 0x13,
+	// Block 0x4, offset 0x100
+	0x120: 0x3b, 0x121: 0x3c, 0x123: 0x0d, 0x124: 0x3d, 0x125: 0x3e, 0x126: 0x3f, 0x127: 0x40,
+	0x128: 0x41, 0x129: 0x42, 0x12a: 0x43, 0x12b: 0x44, 0x12c: 0x3f, 0x12d: 0x45, 0x12e: 0x46, 0x12f: 0x47,
+	0x131: 0x48, 0x132: 0x49, 0x133: 0x4a, 0x134: 0x4b, 0x135: 0x4c, 0x137: 0x4d,
+	0x138: 0x4e, 0x139: 0x4f, 0x13a: 0x50, 0x13b: 0x51, 0x13c: 0x52, 0x13d: 0x53, 0x13e: 0x54, 0x13f: 0x55,
+	// Block 0x5, offset 0x140
+	0x140: 0x56, 0x142: 0x57, 0x144: 0x58, 0x145: 0x59, 0x146: 0x5a, 0x147: 0x5b,
+	0x14d: 0x5c,
+	0x15c: 0x5d, 0x15f: 0x5e,
+	0x162: 0x5f, 0x164: 0x60,
+	0x168: 0x61, 0x169: 0x62, 0x16a: 0x63, 0x16c: 0x0e, 0x16d: 0x64, 0x16e: 0x65, 0x16f: 0x66,
+	0x170: 0x67, 0x173: 0x68, 0x177: 0x0f,
+	0x178: 0x10, 0x179: 0x11, 0x17a: 0x12, 0x17b: 0x13, 0x17c: 0x14, 0x17d: 0x15, 0x17e: 0x16, 0x17f: 0x17,
+	// Block 0x6, offset 0x180
+	0x180: 0x69, 0x183: 0x6a, 0x184: 0x6b, 0x186: 0x6c, 0x187: 0x6d,
+	0x188: 0x6e, 0x189: 0x18, 0x18a: 0x19, 0x18b: 0x6f, 0x18c: 0x70,
+	0x1ab: 0x71,
+	0x1b3: 0x72, 0x1b5: 0x73, 0x1b7: 0x74,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x75, 0x1c1: 0x1a, 0x1c2: 0x1b, 0x1c3: 0x1c, 0x1c4: 0x76, 0x1c5: 0x77,
+	0x1c9: 0x78, 0x1cc: 0x79, 0x1cd: 0x7a,
+	// Block 0x8, offset 0x200
+	0x219: 0x7b, 0x21a: 0x7c, 0x21b: 0x7d,
+	0x220: 0x7e, 0x223: 0x7f, 0x224: 0x80, 0x225: 0x81, 0x226: 0x82, 0x227: 0x83,
+	0x22a: 0x84, 0x22b: 0x85, 0x22f: 0x86,
+	0x230: 0x87, 0x231: 0x88, 0x232: 0x89, 0x233: 0x8a, 0x234: 0x8b, 0x235: 0x8c, 0x236: 0x8d, 0x237: 0x87,
+	0x238: 0x88, 0x239: 0x89, 0x23a: 0x8a, 0x23b: 0x8b, 0x23c: 0x8c, 0x23d: 0x8d, 0x23e: 0x87, 0x23f: 0x88,
+	// Block 0x9, offset 0x240
+	0x240: 0x89, 0x241: 0x8a, 0x242: 0x8b, 0x243: 0x8c, 0x244: 0x8d, 0x245: 0x87, 0x246: 0x88, 0x247: 0x89,
+	0x248: 0x8a, 0x249: 0x8b, 0x24a: 0x8c, 0x24b: 0x8d, 0x24c: 0x87, 0x24d: 0x88, 0x24e: 0x89, 0x24f: 0x8a,
+	0x250: 0x8b, 0x251: 0x8c, 0x252: 0x8d, 0x253: 0x87, 0x254: 0x88, 0x255: 0x89, 0x256: 0x8a, 0x257: 0x8b,
+	0x258: 0x8c, 0x259: 0x8d, 0x25a: 0x87, 0x25b: 0x88, 0x25c: 0x89, 0x25d: 0x8a, 0x25e: 0x8b, 0x25f: 0x8c,
+	0x260: 0x8d, 0x261: 0x87, 0x262: 0x88, 0x263: 0x89, 0x264: 0x8a, 0x265: 0x8b, 0x266: 0x8c, 0x267: 0x8d,
+	0x268: 0x87, 0x269: 0x88, 0x26a: 0x89, 0x26b: 0x8a, 0x26c: 0x8b, 0x26d: 0x8c, 0x26e: 0x8d, 0x26f: 0x87,
+	0x270: 0x88, 0x271: 0x89, 0x272: 0x8a, 0x273: 0x8b, 0x274: 0x8c, 0x275: 0x8d, 0x276: 0x87, 0x277: 0x88,
+	0x278: 0x89, 0x279: 0x8a, 0x27a: 0x8b, 0x27b: 0x8c, 0x27c: 0x8d, 0x27d: 0x87, 0x27e: 0x88, 0x27f: 0x89,
+	// Block 0xa, offset 0x280
+	0x280: 0x8a, 0x281: 0x8b, 0x282: 0x8c, 0x283: 0x8d, 0x284: 0x87, 0x285: 0x88, 0x286: 0x89, 0x287: 0x8a,
+	0x288: 0x8b, 0x289: 0x8c, 0x28a: 0x8d, 0x28b: 0x87, 0x28c: 0x88, 0x28d: 0x89, 0x28e: 0x8a, 0x28f: 0x8b,
+	0x290: 0x8c, 0x291: 0x8d, 0x292: 0x87, 0x293: 0x88, 0x294: 0x89, 0x295: 0x8a, 0x296: 0x8b, 0x297: 0x8c,
+	0x298: 0x8d, 0x299: 0x87, 0x29a: 0x88, 0x29b: 0x89, 0x29c: 0x8a, 0x29d: 0x8b, 0x29e: 0x8c, 0x29f: 0x8d,
+	0x2a0: 0x87, 0x2a1: 0x88, 0x2a2: 0x89, 0x2a3: 0x8a, 0x2a4: 0x8b, 0x2a5: 0x8c, 0x2a6: 0x8d, 0x2a7: 0x87,
+	0x2a8: 0x88, 0x2a9: 0x89, 0x2aa: 0x8a, 0x2ab: 0x8b, 0x2ac: 0x8c, 0x2ad: 0x8d, 0x2ae: 0x87, 0x2af: 0x88,
+	0x2b0: 0x89, 0x2b1: 0x8a, 0x2b2: 0x8b, 0x2b3: 0x8c, 0x2b4: 0x8d, 0x2b5: 0x87, 0x2b6: 0x88, 0x2b7: 0x89,
+	0x2b8: 0x8a, 0x2b9: 0x8b, 0x2ba: 0x8c, 0x2bb: 0x8d, 0x2bc: 0x87, 0x2bd: 0x88, 0x2be: 0x89, 0x2bf: 0x8a,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0x8b, 0x2c1: 0x8c, 0x2c2: 0x8d, 0x2c3: 0x87, 0x2c4: 0x88, 0x2c5: 0x89, 0x2c6: 0x8a, 0x2c7: 0x8b,
+	0x2c8: 0x8c, 0x2c9: 0x8d, 0x2ca: 0x87, 0x2cb: 0x88, 0x2cc: 0x89, 0x2cd: 0x8a, 0x2ce: 0x8b, 0x2cf: 0x8c,
+	0x2d0: 0x8d, 0x2d1: 0x87, 0x2d2: 0x88, 0x2d3: 0x89, 0x2d4: 0x8a, 0x2d5: 0x8b, 0x2d6: 0x8c, 0x2d7: 0x8d,
+	0x2d8: 0x87, 0x2d9: 0x88, 0x2da: 0x89, 0x2db: 0x8a, 0x2dc: 0x8b, 0x2dd: 0x8c, 0x2de: 0x8e,
+	// Block 0xc, offset 0x300
+	0x324: 0x1d, 0x325: 0x1e, 0x326: 0x1f, 0x327: 0x20,
+	0x328: 0x21, 0x329: 0x22, 0x32a: 0x23, 0x32b: 0x24, 0x32c: 0x8f, 0x32d: 0x90, 0x32e: 0x91,
+	0x331: 0x92, 0x332: 0x93, 0x333: 0x94, 0x334: 0x95,
+	0x338: 0x96, 0x339: 0x97, 0x33a: 0x98, 0x33b: 0x99, 0x33e: 0x9a, 0x33f: 0x9b,
+	// Block 0xd, offset 0x340
+	0x347: 0x9c,
+	0x34b: 0x9d, 0x34d: 0x9e,
+	0x368: 0x9f, 0x36b: 0xa0,
+	0x374: 0xa1,
+	0x37d: 0xa2,
+	// Block 0xe, offset 0x380
+	0x381: 0xa3, 0x382: 0xa4, 0x384: 0xa5, 0x385: 0x82, 0x387: 0xa6,
+	0x388: 0xa7, 0x38b: 0xa8, 0x38c: 0xa9, 0x38d: 0xaa,
+	0x391: 0xab, 0x392: 0xac, 0x393: 0xad, 0x396: 0xae, 0x397: 0xaf,
+	0x398: 0x73, 0x39a: 0xb0, 0x39c: 0xb1,
+	0x3a0: 0xb2, 0x3a7: 0xb3,
+	0x3a8: 0xb4, 0x3a9: 0xb5, 0x3aa: 0xb6,
+	0x3b0: 0x73, 0x3b5: 0xb7, 0x3b6: 0xb8,
+	// Block 0xf, offset 0x3c0
+	0x3eb: 0xb9, 0x3ec: 0xba,
+	// Block 0x10, offset 0x400
+	0x432: 0xbb,
+	// Block 0x11, offset 0x440
+	0x445: 0xbc, 0x446: 0xbd, 0x447: 0xbe,
+	0x449: 0xbf,
+	// Block 0x12, offset 0x480
+	0x480: 0xc0, 0x484: 0xba,
+	0x48b: 0xc1,
+	0x4a3: 0xc2, 0x4a5: 0xc3,
+	// Block 0x13, offset 0x4c0
+	0x4c8: 0xc4,
+	// Block 0x14, offset 0x500
+	0x520: 0x25, 0x521: 0x26, 0x522: 0x27, 0x523: 0x28, 0x524: 0x29, 0x525: 0x2a, 0x526: 0x2b, 0x527: 0x2c,
+	0x528: 0x2d,
+	// Block 0x15, offset 0x540
+	0x550: 0x0b, 0x551: 0x0c, 0x556: 0x0d,
+	0x55b: 0x0e, 0x55d: 0x0f, 0x55e: 0x10, 0x55f: 0x11,
+	0x56f: 0x12,
+}
+
+// nfcSparseOffset: 151 entries, 302 bytes
+var nfcSparseOffset = []uint16{0x0, 0x5, 0x9, 0xb, 0xd, 0x18, 0x28, 0x2a, 0x2f, 0x3a, 0x49, 0x56, 0x5e, 0x63, 0x68, 0x6a, 0x72, 0x79, 0x7c, 0x84, 0x88, 0x8c, 0x8e, 0x90, 0x99, 0x9d, 0xa4, 0xa9, 0xac, 0xb6, 0xb9, 0xc0, 0xc8, 0xcb, 0xcd, 0xd0, 0xd2, 0xd7, 0xe8, 0xf4, 0xf6, 0xfc, 0xfe, 0x100, 0x102, 0x104, 0x106, 0x108, 0x10b, 0x10e, 0x110, 0x113, 0x116, 0x11a, 0x11f, 0x128, 0x12a, 0x12d, 0x12f, 0x13a, 0x13e, 0x14c, 0x14f, 0x155, 0x15b, 0x166, 0x16a, 0x16c, 0x16e, 0x170, 0x172, 0x174, 0x17a, 0x17e, 0x180, 0x182, 0x18a, 0x18e, 0x191, 0x193, 0x195, 0x197, 0x19a, 0x19c, 0x19e, 0x1a0, 0x1a2, 0x1a8, 0x1ab, 0x1ad, 0x1b4, 0x1ba, 0x1c0, 0x1c8, 0x1ce, 0x1d4, 0x1da, 0x1de, 0x1ec, 0x1f5, 0x1f8, 0x1fb, 0x1fd, 0x200, 0x202, 0x206, 0x20b, 0x20d, 0x20f, 0x214, 0x21a, 0x21c, 0x21e, 0x220, 0x226, 0x229, 0x22b, 0x231, 0x234, 0x23c, 0x243, 0x246, 0x249, 0x24b, 0x24e, 0x256, 0x25a, 0x261, 0x264, 0x26a, 0x26c, 0x26f, 0x271, 0x274, 0x276, 0x278, 0x27a, 0x27c, 0x27f, 0x281, 0x283, 0x285, 0x287, 0x294, 0x29e, 0x2a0, 0x2a2, 0x2a8, 0x2aa, 0x2ac, 0x2af}
+
+// nfcSparseValues: 689 entries, 2756 bytes
+var nfcSparseValues = [689]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0000, lo: 0x04},
+	{value: 0xa100, lo: 0xa8, hi: 0xa8},
+	{value: 0x8100, lo: 0xaf, hi: 0xaf},
+	{value: 0x8100, lo: 0xb4, hi: 0xb4},
+	{value: 0x8100, lo: 0xb8, hi: 0xb8},
+	// Block 0x1, offset 0x5
+	{value: 0x0091, lo: 0x03},
+	{value: 0x46e5, lo: 0xa0, hi: 0xa1},
+	{value: 0x4717, lo: 0xaf, hi: 0xb0},
+	{value: 0xa000, lo: 0xb7, hi: 0xb7},
+	// Block 0x2, offset 0x9
+	{value: 0x0000, lo: 0x01},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	// Block 0x3, offset 0xb
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0x98, hi: 0x9d},
+	// Block 0x4, offset 0xd
+	{value: 0x0006, lo: 0x0a},
+	{value: 0xa000, lo: 0x81, hi: 0x81},
+	{value: 0xa000, lo: 0x85, hi: 0x85},
+	{value: 0xa000, lo: 0x89, hi: 0x89},
+	{value: 0x4843, lo: 0x8a, hi: 0x8a},
+	{value: 0x4861, lo: 0x8b, hi: 0x8b},
+	{value: 0x36ca, lo: 0x8c, hi: 0x8c},
+	{value: 0x36e2, lo: 0x8d, hi: 0x8d},
+	{value: 0x4879, lo: 0x8e, hi: 0x8e},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x3700, lo: 0x93, hi: 0x94},
+	// Block 0x5, offset 0x18
+	{value: 0x0000, lo: 0x0f},
+	{value: 0xa000, lo: 0x83, hi: 0x83},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0xa000, lo: 0x8b, hi: 0x8b},
+	{value: 0xa000, lo: 0x8d, hi: 0x8d},
+	{value: 0x37a8, lo: 0x90, hi: 0x90},
+	{value: 0x37b4, lo: 0x91, hi: 0x91},
+	{value: 0x37a2, lo: 0x93, hi: 0x93},
+	{value: 0xa000, lo: 0x96, hi: 0x96},
+	{value: 0x381a, lo: 0x97, hi: 0x97},
+	{value: 0x37e4, lo: 0x9c, hi: 0x9c},
+	{value: 0x37cc, lo: 0x9d, hi: 0x9d},
+	{value: 0x37f6, lo: 0x9e, hi: 0x9e},
+	{value: 0xa000, lo: 0xb4, hi: 0xb5},
+	{value: 0x3820, lo: 0xb6, hi: 0xb6},
+	{value: 0x3826, lo: 0xb7, hi: 0xb7},
+	// Block 0x6, offset 0x28
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x83, hi: 0x87},
+	// Block 0x7, offset 0x2a
+	{value: 0x0001, lo: 0x04},
+	{value: 0x8113, lo: 0x81, hi: 0x82},
+	{value: 0x8132, lo: 0x84, hi: 0x84},
+	{value: 0x812d, lo: 0x85, hi: 0x85},
+	{value: 0x810d, lo: 0x87, hi: 0x87},
+	// Block 0x8, offset 0x2f
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x8132, lo: 0x90, hi: 0x97},
+	{value: 0x8119, lo: 0x98, hi: 0x98},
+	{value: 0x811a, lo: 0x99, hi: 0x99},
+	{value: 0x811b, lo: 0x9a, hi: 0x9a},
+	{value: 0x3844, lo: 0xa2, hi: 0xa2},
+	{value: 0x384a, lo: 0xa3, hi: 0xa3},
+	{value: 0x3856, lo: 0xa4, hi: 0xa4},
+	{value: 0x3850, lo: 0xa5, hi: 0xa5},
+	{value: 0x385c, lo: 0xa6, hi: 0xa6},
+	{value: 0xa000, lo: 0xa7, hi: 0xa7},
+	// Block 0x9, offset 0x3a
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x386e, lo: 0x80, hi: 0x80},
+	{value: 0xa000, lo: 0x81, hi: 0x81},
+	{value: 0x3862, lo: 0x82, hi: 0x82},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x3868, lo: 0x93, hi: 0x93},
+	{value: 0xa000, lo: 0x95, hi: 0x95},
+	{value: 0x8132, lo: 0x96, hi: 0x9c},
+	{value: 0x8132, lo: 0x9f, hi: 0xa2},
+	{value: 0x812d, lo: 0xa3, hi: 0xa3},
+	{value: 0x8132, lo: 0xa4, hi: 0xa4},
+	{value: 0x8132, lo: 0xa7, hi: 0xa8},
+	{value: 0x812d, lo: 0xaa, hi: 0xaa},
+	{value: 0x8132, lo: 0xab, hi: 0xac},
+	{value: 0x812d, lo: 0xad, hi: 0xad},
+	// Block 0xa, offset 0x49
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x811f, lo: 0x91, hi: 0x91},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	{value: 0x812d, lo: 0xb1, hi: 0xb1},
+	{value: 0x8132, lo: 0xb2, hi: 0xb3},
+	{value: 0x812d, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb5, hi: 0xb6},
+	{value: 0x812d, lo: 0xb7, hi: 0xb9},
+	{value: 0x8132, lo: 0xba, hi: 0xba},
+	{value: 0x812d, lo: 0xbb, hi: 0xbc},
+	{value: 0x8132, lo: 0xbd, hi: 0xbd},
+	{value: 0x812d, lo: 0xbe, hi: 0xbe},
+	{value: 0x8132, lo: 0xbf, hi: 0xbf},
+	// Block 0xb, offset 0x56
+	{value: 0x0005, lo: 0x07},
+	{value: 0x8132, lo: 0x80, hi: 0x80},
+	{value: 0x8132, lo: 0x81, hi: 0x81},
+	{value: 0x812d, lo: 0x82, hi: 0x83},
+	{value: 0x812d, lo: 0x84, hi: 0x85},
+	{value: 0x812d, lo: 0x86, hi: 0x87},
+	{value: 0x812d, lo: 0x88, hi: 0x89},
+	{value: 0x8132, lo: 0x8a, hi: 0x8a},
+	// Block 0xc, offset 0x5e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0xab, hi: 0xb1},
+	{value: 0x812d, lo: 0xb2, hi: 0xb2},
+	{value: 0x8132, lo: 0xb3, hi: 0xb3},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0xd, offset 0x63
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0x96, hi: 0x99},
+	{value: 0x8132, lo: 0x9b, hi: 0xa3},
+	{value: 0x8132, lo: 0xa5, hi: 0xa7},
+	{value: 0x8132, lo: 0xa9, hi: 0xad},
+	// Block 0xe, offset 0x68
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x99, hi: 0x9b},
+	// Block 0xf, offset 0x6a
+	{value: 0x0000, lo: 0x07},
+	{value: 0xa000, lo: 0xa8, hi: 0xa8},
+	{value: 0x3edb, lo: 0xa9, hi: 0xa9},
+	{value: 0xa000, lo: 0xb0, hi: 0xb0},
+	{value: 0x3ee3, lo: 0xb1, hi: 0xb1},
+	{value: 0xa000, lo: 0xb3, hi: 0xb3},
+	{value: 0x3eeb, lo: 0xb4, hi: 0xb4},
+	{value: 0x9902, lo: 0xbc, hi: 0xbc},
+	// Block 0x10, offset 0x72
+	{value: 0x0008, lo: 0x06},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x8132, lo: 0x91, hi: 0x91},
+	{value: 0x812d, lo: 0x92, hi: 0x92},
+	{value: 0x8132, lo: 0x93, hi: 0x93},
+	{value: 0x8132, lo: 0x94, hi: 0x94},
+	{value: 0x451f, lo: 0x98, hi: 0x9f},
+	// Block 0x11, offset 0x79
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x12, offset 0x7c
+	{value: 0x0008, lo: 0x07},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2ca1, lo: 0x8b, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	{value: 0x455f, lo: 0x9c, hi: 0x9d},
+	{value: 0x456f, lo: 0x9f, hi: 0x9f},
+	{value: 0x8132, lo: 0xbe, hi: 0xbe},
+	// Block 0x13, offset 0x84
+	{value: 0x0000, lo: 0x03},
+	{value: 0x4597, lo: 0xb3, hi: 0xb3},
+	{value: 0x459f, lo: 0xb6, hi: 0xb6},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	// Block 0x14, offset 0x88
+	{value: 0x0008, lo: 0x03},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x4577, lo: 0x99, hi: 0x9b},
+	{value: 0x458f, lo: 0x9e, hi: 0x9e},
+	// Block 0x15, offset 0x8c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	// Block 0x16, offset 0x8e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	// Block 0x17, offset 0x90
+	{value: 0x0000, lo: 0x08},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2cb9, lo: 0x88, hi: 0x88},
+	{value: 0x2cb1, lo: 0x8b, hi: 0x8b},
+	{value: 0x2cc1, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x96, hi: 0x97},
+	{value: 0x45a7, lo: 0x9c, hi: 0x9c},
+	{value: 0x45af, lo: 0x9d, hi: 0x9d},
+	// Block 0x18, offset 0x99
+	{value: 0x0000, lo: 0x03},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x2cc9, lo: 0x94, hi: 0x94},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x19, offset 0x9d
+	{value: 0x0000, lo: 0x06},
+	{value: 0xa000, lo: 0x86, hi: 0x87},
+	{value: 0x2cd1, lo: 0x8a, hi: 0x8a},
+	{value: 0x2ce1, lo: 0x8b, hi: 0x8b},
+	{value: 0x2cd9, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	// Block 0x1a, offset 0xa4
+	{value: 0x1801, lo: 0x04},
+	{value: 0xa000, lo: 0x86, hi: 0x86},
+	{value: 0x3ef3, lo: 0x88, hi: 0x88},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x8120, lo: 0x95, hi: 0x96},
+	// Block 0x1b, offset 0xa9
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	{value: 0xa000, lo: 0xbf, hi: 0xbf},
+	// Block 0x1c, offset 0xac
+	{value: 0x0000, lo: 0x09},
+	{value: 0x2ce9, lo: 0x80, hi: 0x80},
+	{value: 0x9900, lo: 0x82, hi: 0x82},
+	{value: 0xa000, lo: 0x86, hi: 0x86},
+	{value: 0x2cf1, lo: 0x87, hi: 0x87},
+	{value: 0x2cf9, lo: 0x88, hi: 0x88},
+	{value: 0x2f53, lo: 0x8a, hi: 0x8a},
+	{value: 0x2ddb, lo: 0x8b, hi: 0x8b},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x95, hi: 0x96},
+	// Block 0x1d, offset 0xb6
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xbb, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x1e, offset 0xb9
+	{value: 0x0000, lo: 0x06},
+	{value: 0xa000, lo: 0x86, hi: 0x87},
+	{value: 0x2d01, lo: 0x8a, hi: 0x8a},
+	{value: 0x2d11, lo: 0x8b, hi: 0x8b},
+	{value: 0x2d09, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	// Block 0x1f, offset 0xc0
+	{value: 0x6be7, lo: 0x07},
+	{value: 0x9904, lo: 0x8a, hi: 0x8a},
+	{value: 0x9900, lo: 0x8f, hi: 0x8f},
+	{value: 0xa000, lo: 0x99, hi: 0x99},
+	{value: 0x3efb, lo: 0x9a, hi: 0x9a},
+	{value: 0x2f5b, lo: 0x9c, hi: 0x9c},
+	{value: 0x2de6, lo: 0x9d, hi: 0x9d},
+	{value: 0x2d19, lo: 0x9e, hi: 0x9f},
+	// Block 0x20, offset 0xc8
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8122, lo: 0xb8, hi: 0xb9},
+	{value: 0x8104, lo: 0xba, hi: 0xba},
+	// Block 0x21, offset 0xcb
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8123, lo: 0x88, hi: 0x8b},
+	// Block 0x22, offset 0xcd
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8124, lo: 0xb8, hi: 0xb9},
+	{value: 0x8104, lo: 0xba, hi: 0xba},
+	// Block 0x23, offset 0xd0
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8125, lo: 0x88, hi: 0x8b},
+	// Block 0x24, offset 0xd2
+	{value: 0x0000, lo: 0x04},
+	{value: 0x812d, lo: 0x98, hi: 0x99},
+	{value: 0x812d, lo: 0xb5, hi: 0xb5},
+	{value: 0x812d, lo: 0xb7, hi: 0xb7},
+	{value: 0x812b, lo: 0xb9, hi: 0xb9},
+	// Block 0x25, offset 0xd7
+	{value: 0x0000, lo: 0x10},
+	{value: 0x2647, lo: 0x83, hi: 0x83},
+	{value: 0x264e, lo: 0x8d, hi: 0x8d},
+	{value: 0x2655, lo: 0x92, hi: 0x92},
+	{value: 0x265c, lo: 0x97, hi: 0x97},
+	{value: 0x2663, lo: 0x9c, hi: 0x9c},
+	{value: 0x2640, lo: 0xa9, hi: 0xa9},
+	{value: 0x8126, lo: 0xb1, hi: 0xb1},
+	{value: 0x8127, lo: 0xb2, hi: 0xb2},
+	{value: 0x4a87, lo: 0xb3, hi: 0xb3},
+	{value: 0x8128, lo: 0xb4, hi: 0xb4},
+	{value: 0x4a90, lo: 0xb5, hi: 0xb5},
+	{value: 0x45b7, lo: 0xb6, hi: 0xb6},
+	{value: 0x8200, lo: 0xb7, hi: 0xb7},
+	{value: 0x45bf, lo: 0xb8, hi: 0xb8},
+	{value: 0x8200, lo: 0xb9, hi: 0xb9},
+	{value: 0x8127, lo: 0xba, hi: 0xbd},
+	// Block 0x26, offset 0xe8
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x8127, lo: 0x80, hi: 0x80},
+	{value: 0x4a99, lo: 0x81, hi: 0x81},
+	{value: 0x8132, lo: 0x82, hi: 0x83},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0x86, hi: 0x87},
+	{value: 0x2671, lo: 0x93, hi: 0x93},
+	{value: 0x2678, lo: 0x9d, hi: 0x9d},
+	{value: 0x267f, lo: 0xa2, hi: 0xa2},
+	{value: 0x2686, lo: 0xa7, hi: 0xa7},
+	{value: 0x268d, lo: 0xac, hi: 0xac},
+	{value: 0x266a, lo: 0xb9, hi: 0xb9},
+	// Block 0x27, offset 0xf4
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x86, hi: 0x86},
+	// Block 0x28, offset 0xf6
+	{value: 0x0000, lo: 0x05},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x2d21, lo: 0xa6, hi: 0xa6},
+	{value: 0x9900, lo: 0xae, hi: 0xae},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	{value: 0x8104, lo: 0xb9, hi: 0xba},
+	// Block 0x29, offset 0xfc
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x8d, hi: 0x8d},
+	// Block 0x2a, offset 0xfe
+	{value: 0x0000, lo: 0x01},
+	{value: 0xa000, lo: 0x80, hi: 0x92},
+	// Block 0x2b, offset 0x100
+	{value: 0x0000, lo: 0x01},
+	{value: 0xb900, lo: 0xa1, hi: 0xb5},
+	// Block 0x2c, offset 0x102
+	{value: 0x0000, lo: 0x01},
+	{value: 0x9900, lo: 0xa8, hi: 0xbf},
+	// Block 0x2d, offset 0x104
+	{value: 0x0000, lo: 0x01},
+	{value: 0x9900, lo: 0x80, hi: 0x82},
+	// Block 0x2e, offset 0x106
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x9d, hi: 0x9f},
+	// Block 0x2f, offset 0x108
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x94, hi: 0x94},
+	{value: 0x8104, lo: 0xb4, hi: 0xb4},
+	// Block 0x30, offset 0x10b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x92, hi: 0x92},
+	{value: 0x8132, lo: 0x9d, hi: 0x9d},
+	// Block 0x31, offset 0x10e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8131, lo: 0xa9, hi: 0xa9},
+	// Block 0x32, offset 0x110
+	{value: 0x0004, lo: 0x02},
+	{value: 0x812e, lo: 0xb9, hi: 0xba},
+	{value: 0x812d, lo: 0xbb, hi: 0xbb},
+	// Block 0x33, offset 0x113
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x97, hi: 0x97},
+	{value: 0x812d, lo: 0x98, hi: 0x98},
+	// Block 0x34, offset 0x116
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8104, lo: 0xa0, hi: 0xa0},
+	{value: 0x8132, lo: 0xb5, hi: 0xbc},
+	{value: 0x812d, lo: 0xbf, hi: 0xbf},
+	// Block 0x35, offset 0x11a
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0xb0, hi: 0xb4},
+	{value: 0x812d, lo: 0xb5, hi: 0xba},
+	{value: 0x8132, lo: 0xbb, hi: 0xbc},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0x36, offset 0x11f
+	{value: 0x0000, lo: 0x08},
+	{value: 0x2d69, lo: 0x80, hi: 0x80},
+	{value: 0x2d71, lo: 0x81, hi: 0x81},
+	{value: 0xa000, lo: 0x82, hi: 0x82},
+	{value: 0x2d79, lo: 0x83, hi: 0x83},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0xab, hi: 0xab},
+	{value: 0x812d, lo: 0xac, hi: 0xac},
+	{value: 0x8132, lo: 0xad, hi: 0xb3},
+	// Block 0x37, offset 0x128
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xaa, hi: 0xab},
+	// Block 0x38, offset 0x12a
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xa6, hi: 0xa6},
+	{value: 0x8104, lo: 0xb2, hi: 0xb3},
+	// Block 0x39, offset 0x12d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	// Block 0x3a, offset 0x12f
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x8132, lo: 0x90, hi: 0x92},
+	{value: 0x8101, lo: 0x94, hi: 0x94},
+	{value: 0x812d, lo: 0x95, hi: 0x99},
+	{value: 0x8132, lo: 0x9a, hi: 0x9b},
+	{value: 0x812d, lo: 0x9c, hi: 0x9f},
+	{value: 0x8132, lo: 0xa0, hi: 0xa0},
+	{value: 0x8101, lo: 0xa2, hi: 0xa8},
+	{value: 0x812d, lo: 0xad, hi: 0xad},
+	{value: 0x8132, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb8, hi: 0xb9},
+	// Block 0x3b, offset 0x13a
+	{value: 0x0004, lo: 0x03},
+	{value: 0x0433, lo: 0x80, hi: 0x81},
+	{value: 0x8100, lo: 0x97, hi: 0x97},
+	{value: 0x8100, lo: 0xbe, hi: 0xbe},
+	// Block 0x3c, offset 0x13e
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x8132, lo: 0x90, hi: 0x91},
+	{value: 0x8101, lo: 0x92, hi: 0x93},
+	{value: 0x8132, lo: 0x94, hi: 0x97},
+	{value: 0x8101, lo: 0x98, hi: 0x9a},
+	{value: 0x8132, lo: 0x9b, hi: 0x9c},
+	{value: 0x8132, lo: 0xa1, hi: 0xa1},
+	{value: 0x8101, lo: 0xa5, hi: 0xa6},
+	{value: 0x8132, lo: 0xa7, hi: 0xa7},
+	{value: 0x812d, lo: 0xa8, hi: 0xa8},
+	{value: 0x8132, lo: 0xa9, hi: 0xa9},
+	{value: 0x8101, lo: 0xaa, hi: 0xab},
+	{value: 0x812d, lo: 0xac, hi: 0xaf},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	// Block 0x3d, offset 0x14c
+	{value: 0x427e, lo: 0x02},
+	{value: 0x01b8, lo: 0xa6, hi: 0xa6},
+	{value: 0x0057, lo: 0xaa, hi: 0xab},
+	// Block 0x3e, offset 0x14f
+	{value: 0x0007, lo: 0x05},
+	{value: 0xa000, lo: 0x90, hi: 0x90},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0xa000, lo: 0x94, hi: 0x94},
+	{value: 0x3bbc, lo: 0x9a, hi: 0x9b},
+	{value: 0x3bca, lo: 0xae, hi: 0xae},
+	// Block 0x3f, offset 0x155
+	{value: 0x000e, lo: 0x05},
+	{value: 0x3bd1, lo: 0x8d, hi: 0x8e},
+	{value: 0x3bd8, lo: 0x8f, hi: 0x8f},
+	{value: 0xa000, lo: 0x90, hi: 0x90},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0xa000, lo: 0x94, hi: 0x94},
+	// Block 0x40, offset 0x15b
+	{value: 0x6405, lo: 0x0a},
+	{value: 0xa000, lo: 0x83, hi: 0x83},
+	{value: 0x3be6, lo: 0x84, hi: 0x84},
+	{value: 0xa000, lo: 0x88, hi: 0x88},
+	{value: 0x3bed, lo: 0x89, hi: 0x89},
+	{value: 0xa000, lo: 0x8b, hi: 0x8b},
+	{value: 0x3bf4, lo: 0x8c, hi: 0x8c},
+	{value: 0xa000, lo: 0xa3, hi: 0xa3},
+	{value: 0x3bfb, lo: 0xa4, hi: 0xa5},
+	{value: 0x3c02, lo: 0xa6, hi: 0xa6},
+	{value: 0xa000, lo: 0xbc, hi: 0xbc},
+	// Block 0x41, offset 0x166
+	{value: 0x0007, lo: 0x03},
+	{value: 0x3c6b, lo: 0xa0, hi: 0xa1},
+	{value: 0x3c95, lo: 0xa2, hi: 0xa3},
+	{value: 0x3cbf, lo: 0xaa, hi: 0xad},
+	// Block 0x42, offset 0x16a
+	{value: 0x0004, lo: 0x01},
+	{value: 0x048b, lo: 0xa9, hi: 0xaa},
+	// Block 0x43, offset 0x16c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x44e0, lo: 0x9c, hi: 0x9c},
+	// Block 0x44, offset 0x16e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xaf, hi: 0xb1},
+	// Block 0x45, offset 0x170
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x46, offset 0x172
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xa0, hi: 0xbf},
+	// Block 0x47, offset 0x174
+	{value: 0x0000, lo: 0x05},
+	{value: 0x812c, lo: 0xaa, hi: 0xaa},
+	{value: 0x8131, lo: 0xab, hi: 0xab},
+	{value: 0x8133, lo: 0xac, hi: 0xac},
+	{value: 0x812e, lo: 0xad, hi: 0xad},
+	{value: 0x812f, lo: 0xae, hi: 0xaf},
+	// Block 0x48, offset 0x17a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x4aa2, lo: 0xb3, hi: 0xb3},
+	{value: 0x4aa2, lo: 0xb5, hi: 0xb6},
+	{value: 0x4aa2, lo: 0xba, hi: 0xbf},
+	// Block 0x49, offset 0x17e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x4aa2, lo: 0x8f, hi: 0xa3},
+	// Block 0x4a, offset 0x180
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0xae, hi: 0xbe},
+	// Block 0x4b, offset 0x182
+	{value: 0x0000, lo: 0x07},
+	{value: 0x8100, lo: 0x84, hi: 0x84},
+	{value: 0x8100, lo: 0x87, hi: 0x87},
+	{value: 0x8100, lo: 0x90, hi: 0x90},
+	{value: 0x8100, lo: 0x9e, hi: 0x9e},
+	{value: 0x8100, lo: 0xa1, hi: 0xa1},
+	{value: 0x8100, lo: 0xb2, hi: 0xb2},
+	{value: 0x8100, lo: 0xbb, hi: 0xbb},
+	// Block 0x4c, offset 0x18a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8100, lo: 0x80, hi: 0x80},
+	{value: 0x8100, lo: 0x8b, hi: 0x8b},
+	{value: 0x8100, lo: 0x8e, hi: 0x8e},
+	// Block 0x4d, offset 0x18e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0xaf, hi: 0xaf},
+	{value: 0x8132, lo: 0xb4, hi: 0xbd},
+	// Block 0x4e, offset 0x191
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x9e, hi: 0x9f},
+	// Block 0x4f, offset 0x193
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb0, hi: 0xb1},
+	// Block 0x50, offset 0x195
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x86, hi: 0x86},
+	// Block 0x51, offset 0x197
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0xa0, hi: 0xb1},
+	// Block 0x52, offset 0x19a
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xab, hi: 0xad},
+	// Block 0x53, offset 0x19c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x93, hi: 0x93},
+	// Block 0x54, offset 0x19e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xb3, hi: 0xb3},
+	// Block 0x55, offset 0x1a0
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x80, hi: 0x80},
+	// Block 0x56, offset 0x1a2
+	{value: 0x0000, lo: 0x05},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	{value: 0x8132, lo: 0xb2, hi: 0xb3},
+	{value: 0x812d, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb7, hi: 0xb8},
+	{value: 0x8132, lo: 0xbe, hi: 0xbf},
+	// Block 0x57, offset 0x1a8
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x81, hi: 0x81},
+	{value: 0x8104, lo: 0xb6, hi: 0xb6},
+	// Block 0x58, offset 0x1ab
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xad, hi: 0xad},
+	// Block 0x59, offset 0x1ad
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe500, lo: 0x80, hi: 0x80},
+	{value: 0xc600, lo: 0x81, hi: 0x9b},
+	{value: 0xe500, lo: 0x9c, hi: 0x9c},
+	{value: 0xc600, lo: 0x9d, hi: 0xb7},
+	{value: 0xe500, lo: 0xb8, hi: 0xb8},
+	{value: 0xc600, lo: 0xb9, hi: 0xbf},
+	// Block 0x5a, offset 0x1b4
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x93},
+	{value: 0xe500, lo: 0x94, hi: 0x94},
+	{value: 0xc600, lo: 0x95, hi: 0xaf},
+	{value: 0xe500, lo: 0xb0, hi: 0xb0},
+	{value: 0xc600, lo: 0xb1, hi: 0xbf},
+	// Block 0x5b, offset 0x1ba
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x8b},
+	{value: 0xe500, lo: 0x8c, hi: 0x8c},
+	{value: 0xc600, lo: 0x8d, hi: 0xa7},
+	{value: 0xe500, lo: 0xa8, hi: 0xa8},
+	{value: 0xc600, lo: 0xa9, hi: 0xbf},
+	// Block 0x5c, offset 0x1c0
+	{value: 0x0000, lo: 0x07},
+	{value: 0xc600, lo: 0x80, hi: 0x83},
+	{value: 0xe500, lo: 0x84, hi: 0x84},
+	{value: 0xc600, lo: 0x85, hi: 0x9f},
+	{value: 0xe500, lo: 0xa0, hi: 0xa0},
+	{value: 0xc600, lo: 0xa1, hi: 0xbb},
+	{value: 0xe500, lo: 0xbc, hi: 0xbc},
+	{value: 0xc600, lo: 0xbd, hi: 0xbf},
+	// Block 0x5d, offset 0x1c8
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x97},
+	{value: 0xe500, lo: 0x98, hi: 0x98},
+	{value: 0xc600, lo: 0x99, hi: 0xb3},
+	{value: 0xe500, lo: 0xb4, hi: 0xb4},
+	{value: 0xc600, lo: 0xb5, hi: 0xbf},
+	// Block 0x5e, offset 0x1ce
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x8f},
+	{value: 0xe500, lo: 0x90, hi: 0x90},
+	{value: 0xc600, lo: 0x91, hi: 0xab},
+	{value: 0xe500, lo: 0xac, hi: 0xac},
+	{value: 0xc600, lo: 0xad, hi: 0xbf},
+	// Block 0x5f, offset 0x1d4
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x87},
+	{value: 0xe500, lo: 0x88, hi: 0x88},
+	{value: 0xc600, lo: 0x89, hi: 0xa3},
+	{value: 0xe500, lo: 0xa4, hi: 0xa4},
+	{value: 0xc600, lo: 0xa5, hi: 0xbf},
+	// Block 0x60, offset 0x1da
+	{value: 0x0000, lo: 0x03},
+	{value: 0xc600, lo: 0x80, hi: 0x87},
+	{value: 0xe500, lo: 0x88, hi: 0x88},
+	{value: 0xc600, lo: 0x89, hi: 0xa3},
+	// Block 0x61, offset 0x1de
+	{value: 0x0006, lo: 0x0d},
+	{value: 0x4393, lo: 0x9d, hi: 0x9d},
+	{value: 0x8115, lo: 0x9e, hi: 0x9e},
+	{value: 0x4405, lo: 0x9f, hi: 0x9f},
+	{value: 0x43f3, lo: 0xaa, hi: 0xab},
+	{value: 0x44f7, lo: 0xac, hi: 0xac},
+	{value: 0x44ff, lo: 0xad, hi: 0xad},
+	{value: 0x434b, lo: 0xae, hi: 0xb1},
+	{value: 0x4369, lo: 0xb2, hi: 0xb4},
+	{value: 0x4381, lo: 0xb5, hi: 0xb6},
+	{value: 0x438d, lo: 0xb8, hi: 0xb8},
+	{value: 0x4399, lo: 0xb9, hi: 0xbb},
+	{value: 0x43b1, lo: 0xbc, hi: 0xbc},
+	{value: 0x43b7, lo: 0xbe, hi: 0xbe},
+	// Block 0x62, offset 0x1ec
+	{value: 0x0006, lo: 0x08},
+	{value: 0x43bd, lo: 0x80, hi: 0x81},
+	{value: 0x43c9, lo: 0x83, hi: 0x84},
+	{value: 0x43db, lo: 0x86, hi: 0x89},
+	{value: 0x43ff, lo: 0x8a, hi: 0x8a},
+	{value: 0x437b, lo: 0x8b, hi: 0x8b},
+	{value: 0x4363, lo: 0x8c, hi: 0x8c},
+	{value: 0x43ab, lo: 0x8d, hi: 0x8d},
+	{value: 0x43d5, lo: 0x8e, hi: 0x8e},
+	// Block 0x63, offset 0x1f5
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8100, lo: 0xa4, hi: 0xa5},
+	{value: 0x8100, lo: 0xb0, hi: 0xb1},
+	// Block 0x64, offset 0x1f8
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8100, lo: 0x9b, hi: 0x9d},
+	{value: 0x8200, lo: 0x9e, hi: 0xa3},
+	// Block 0x65, offset 0x1fb
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0x90, hi: 0x90},
+	// Block 0x66, offset 0x1fd
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8100, lo: 0x99, hi: 0x99},
+	{value: 0x8200, lo: 0xb2, hi: 0xb4},
+	// Block 0x67, offset 0x200
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0xbc, hi: 0xbd},
+	// Block 0x68, offset 0x202
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8132, lo: 0xa0, hi: 0xa6},
+	{value: 0x812d, lo: 0xa7, hi: 0xad},
+	{value: 0x8132, lo: 0xae, hi: 0xaf},
+	// Block 0x69, offset 0x206
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8100, lo: 0x89, hi: 0x8c},
+	{value: 0x8100, lo: 0xb0, hi: 0xb2},
+	{value: 0x8100, lo: 0xb4, hi: 0xb4},
+	{value: 0x8100, lo: 0xb6, hi: 0xbf},
+	// Block 0x6a, offset 0x20b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0x81, hi: 0x8c},
+	// Block 0x6b, offset 0x20d
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0xb5, hi: 0xba},
+	// Block 0x6c, offset 0x20f
+	{value: 0x0000, lo: 0x04},
+	{value: 0x4aa2, lo: 0x9e, hi: 0x9f},
+	{value: 0x4aa2, lo: 0xa3, hi: 0xa3},
+	{value: 0x4aa2, lo: 0xa5, hi: 0xa6},
+	{value: 0x4aa2, lo: 0xaa, hi: 0xaf},
+	// Block 0x6d, offset 0x214
+	{value: 0x0000, lo: 0x05},
+	{value: 0x4aa2, lo: 0x82, hi: 0x87},
+	{value: 0x4aa2, lo: 0x8a, hi: 0x8f},
+	{value: 0x4aa2, lo: 0x92, hi: 0x97},
+	{value: 0x4aa2, lo: 0x9a, hi: 0x9c},
+	{value: 0x8100, lo: 0xa3, hi: 0xa3},
+	// Block 0x6e, offset 0x21a
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0x6f, offset 0x21c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xa0, hi: 0xa0},
+	// Block 0x70, offset 0x21e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb6, hi: 0xba},
+	// Block 0x71, offset 0x220
+	{value: 0x002c, lo: 0x05},
+	{value: 0x812d, lo: 0x8d, hi: 0x8d},
+	{value: 0x8132, lo: 0x8f, hi: 0x8f},
+	{value: 0x8132, lo: 0xb8, hi: 0xb8},
+	{value: 0x8101, lo: 0xb9, hi: 0xba},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x72, offset 0x226
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0xa5, hi: 0xa5},
+	{value: 0x812d, lo: 0xa6, hi: 0xa6},
+	// Block 0x73, offset 0x229
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xa4, hi: 0xa7},
+	// Block 0x74, offset 0x22b
+	{value: 0x0000, lo: 0x05},
+	{value: 0x812d, lo: 0x86, hi: 0x87},
+	{value: 0x8132, lo: 0x88, hi: 0x8a},
+	{value: 0x812d, lo: 0x8b, hi: 0x8b},
+	{value: 0x8132, lo: 0x8c, hi: 0x8c},
+	{value: 0x812d, lo: 0x8d, hi: 0x90},
+	// Block 0x75, offset 0x231
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x86, hi: 0x86},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x76, offset 0x234
+	{value: 0x17fe, lo: 0x07},
+	{value: 0xa000, lo: 0x99, hi: 0x99},
+	{value: 0x423b, lo: 0x9a, hi: 0x9a},
+	{value: 0xa000, lo: 0x9b, hi: 0x9b},
+	{value: 0x4245, lo: 0x9c, hi: 0x9c},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x424f, lo: 0xab, hi: 0xab},
+	{value: 0x8104, lo: 0xb9, hi: 0xba},
+	// Block 0x77, offset 0x23c
+	{value: 0x0000, lo: 0x06},
+	{value: 0x8132, lo: 0x80, hi: 0x82},
+	{value: 0x9900, lo: 0xa7, hi: 0xa7},
+	{value: 0x2d81, lo: 0xae, hi: 0xae},
+	{value: 0x2d8b, lo: 0xaf, hi: 0xaf},
+	{value: 0xa000, lo: 0xb1, hi: 0xb2},
+	{value: 0x8104, lo: 0xb3, hi: 0xb4},
+	// Block 0x78, offset 0x243
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x80, hi: 0x80},
+	{value: 0x8102, lo: 0x8a, hi: 0x8a},
+	// Block 0x79, offset 0x246
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb5, hi: 0xb5},
+	{value: 0x8102, lo: 0xb6, hi: 0xb6},
+	// Block 0x7a, offset 0x249
+	{value: 0x0002, lo: 0x01},
+	{value: 0x8102, lo: 0xa9, hi: 0xaa},
+	// Block 0x7b, offset 0x24b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbb, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x7c, offset 0x24e
+	{value: 0x0000, lo: 0x07},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2d95, lo: 0x8b, hi: 0x8b},
+	{value: 0x2d9f, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	{value: 0x8132, lo: 0xa6, hi: 0xac},
+	{value: 0x8132, lo: 0xb0, hi: 0xb4},
+	// Block 0x7d, offset 0x256
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8104, lo: 0x82, hi: 0x82},
+	{value: 0x8102, lo: 0x86, hi: 0x86},
+	{value: 0x8132, lo: 0x9e, hi: 0x9e},
+	// Block 0x7e, offset 0x25a
+	{value: 0x6b57, lo: 0x06},
+	{value: 0x9900, lo: 0xb0, hi: 0xb0},
+	{value: 0xa000, lo: 0xb9, hi: 0xb9},
+	{value: 0x9900, lo: 0xba, hi: 0xba},
+	{value: 0x2db3, lo: 0xbb, hi: 0xbb},
+	{value: 0x2da9, lo: 0xbc, hi: 0xbd},
+	{value: 0x2dbd, lo: 0xbe, hi: 0xbe},
+	// Block 0x7f, offset 0x261
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x82, hi: 0x82},
+	{value: 0x8102, lo: 0x83, hi: 0x83},
+	// Block 0x80, offset 0x264
+	{value: 0x0000, lo: 0x05},
+	{value: 0x9900, lo: 0xaf, hi: 0xaf},
+	{value: 0xa000, lo: 0xb8, hi: 0xb9},
+	{value: 0x2dc7, lo: 0xba, hi: 0xba},
+	{value: 0x2dd1, lo: 0xbb, hi: 0xbb},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x81, offset 0x26a
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0x80, hi: 0x80},
+	// Block 0x82, offset 0x26c
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb6, hi: 0xb6},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	// Block 0x83, offset 0x26f
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xab, hi: 0xab},
+	// Block 0x84, offset 0x271
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb9, hi: 0xb9},
+	{value: 0x8102, lo: 0xba, hi: 0xba},
+	// Block 0x85, offset 0x274
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xa0, hi: 0xa0},
+	// Block 0x86, offset 0x276
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xb4, hi: 0xb4},
+	// Block 0x87, offset 0x278
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x87, hi: 0x87},
+	// Block 0x88, offset 0x27a
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x99, hi: 0x99},
+	// Block 0x89, offset 0x27c
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0x82, hi: 0x82},
+	{value: 0x8104, lo: 0x84, hi: 0x85},
+	// Block 0x8a, offset 0x27f
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x97, hi: 0x97},
+	// Block 0x8b, offset 0x281
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8101, lo: 0xb0, hi: 0xb4},
+	// Block 0x8c, offset 0x283
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb0, hi: 0xb6},
+	// Block 0x8d, offset 0x285
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8101, lo: 0x9e, hi: 0x9e},
+	// Block 0x8e, offset 0x287
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x45cf, lo: 0x9e, hi: 0x9e},
+	{value: 0x45d9, lo: 0x9f, hi: 0x9f},
+	{value: 0x460d, lo: 0xa0, hi: 0xa0},
+	{value: 0x461b, lo: 0xa1, hi: 0xa1},
+	{value: 0x4629, lo: 0xa2, hi: 0xa2},
+	{value: 0x4637, lo: 0xa3, hi: 0xa3},
+	{value: 0x4645, lo: 0xa4, hi: 0xa4},
+	{value: 0x812b, lo: 0xa5, hi: 0xa6},
+	{value: 0x8101, lo: 0xa7, hi: 0xa9},
+	{value: 0x8130, lo: 0xad, hi: 0xad},
+	{value: 0x812b, lo: 0xae, hi: 0xb2},
+	{value: 0x812d, lo: 0xbb, hi: 0xbf},
+	// Block 0x8f, offset 0x294
+	{value: 0x0000, lo: 0x09},
+	{value: 0x812d, lo: 0x80, hi: 0x82},
+	{value: 0x8132, lo: 0x85, hi: 0x89},
+	{value: 0x812d, lo: 0x8a, hi: 0x8b},
+	{value: 0x8132, lo: 0xaa, hi: 0xad},
+	{value: 0x45e3, lo: 0xbb, hi: 0xbb},
+	{value: 0x45ed, lo: 0xbc, hi: 0xbc},
+	{value: 0x4653, lo: 0xbd, hi: 0xbd},
+	{value: 0x466f, lo: 0xbe, hi: 0xbe},
+	{value: 0x4661, lo: 0xbf, hi: 0xbf},
+	// Block 0x90, offset 0x29e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x467d, lo: 0x80, hi: 0x80},
+	// Block 0x91, offset 0x2a0
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x82, hi: 0x84},
+	// Block 0x92, offset 0x2a2
+	{value: 0x0000, lo: 0x05},
+	{value: 0x8132, lo: 0x80, hi: 0x86},
+	{value: 0x8132, lo: 0x88, hi: 0x98},
+	{value: 0x8132, lo: 0x9b, hi: 0xa1},
+	{value: 0x8132, lo: 0xa3, hi: 0xa4},
+	{value: 0x8132, lo: 0xa6, hi: 0xaa},
+	// Block 0x93, offset 0x2a8
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xac, hi: 0xaf},
+	// Block 0x94, offset 0x2aa
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x90, hi: 0x96},
+	// Block 0x95, offset 0x2ac
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x84, hi: 0x89},
+	{value: 0x8102, lo: 0x8a, hi: 0x8a},
+	// Block 0x96, offset 0x2af
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8100, lo: 0x93, hi: 0x93},
+}
+
+// lookup returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *nfkcTrie) lookup(s []byte) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return nfkcValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfkcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfkcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = nfkcIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *nfkcTrie) lookupUnsafe(s []byte) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return nfkcValues[c0]
+	}
+	i := nfkcIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = nfkcIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = nfkcIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// lookupString returns the trie value for the first UTF-8 encoding in s and
+// the width in bytes of this encoding. The size will be 0 if s does not
+// hold enough bytes to complete the encoding. len(s) must be greater than 0.
+func (t *nfkcTrie) lookupString(s string) (v uint16, sz int) {
+	c0 := s[0]
+	switch {
+	case c0 < 0x80: // is ASCII
+		return nfkcValues[c0], 1
+	case c0 < 0xC2:
+		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
+	case c0 < 0xE0: // 2-byte UTF-8
+		if len(s) < 2 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c1), 2
+	case c0 < 0xF0: // 3-byte UTF-8
+		if len(s) < 3 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfkcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c2), 3
+	case c0 < 0xF8: // 4-byte UTF-8
+		if len(s) < 4 {
+			return 0, 0
+		}
+		i := nfkcIndex[c0]
+		c1 := s[1]
+		if c1 < 0x80 || 0xC0 <= c1 {
+			return 0, 1 // Illegal UTF-8: not a continuation byte.
+		}
+		o := uint32(i)<<6 + uint32(c1)
+		i = nfkcIndex[o]
+		c2 := s[2]
+		if c2 < 0x80 || 0xC0 <= c2 {
+			return 0, 2 // Illegal UTF-8: not a continuation byte.
+		}
+		o = uint32(i)<<6 + uint32(c2)
+		i = nfkcIndex[o]
+		c3 := s[3]
+		if c3 < 0x80 || 0xC0 <= c3 {
+			return 0, 3 // Illegal UTF-8: not a continuation byte.
+		}
+		return t.lookupValue(uint32(i), c3), 4
+	}
+	// Illegal rune
+	return 0, 1
+}
+
+// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
+// s must start with a full and valid UTF-8 encoded rune.
+func (t *nfkcTrie) lookupStringUnsafe(s string) uint16 {
+	c0 := s[0]
+	if c0 < 0x80 { // is ASCII
+		return nfkcValues[c0]
+	}
+	i := nfkcIndex[c0]
+	if c0 < 0xE0 { // 2-byte UTF-8
+		return t.lookupValue(uint32(i), s[1])
+	}
+	i = nfkcIndex[uint32(i)<<6+uint32(s[1])]
+	if c0 < 0xF0 { // 3-byte UTF-8
+		return t.lookupValue(uint32(i), s[2])
+	}
+	i = nfkcIndex[uint32(i)<<6+uint32(s[2])]
+	if c0 < 0xF8 { // 4-byte UTF-8
+		return t.lookupValue(uint32(i), s[3])
+	}
+	return 0
+}
+
+// nfkcTrie. Total size: 18684 bytes (18.25 KiB). Checksum: 113e23c477adfabd.
+type nfkcTrie struct{}
+
+func newNfkcTrie(i int) *nfkcTrie {
+	return &nfkcTrie{}
+}
+
+// lookupValue determines the type of block n and looks up the value for b.
+func (t *nfkcTrie) lookupValue(n uint32, b byte) uint16 {
+	switch {
+	case n < 92:
+		return uint16(nfkcValues[n<<6+uint32(b)])
+	default:
+		n -= 92
+		return uint16(nfkcSparse.lookup(n, b))
+	}
+}
+
+// nfkcValues: 94 blocks, 6016 entries, 12032 bytes
+// The third block is the zero block.
+var nfkcValues = [6016]uint16{
+	// Block 0x0, offset 0x0
+	0x3c: 0xa000, 0x3d: 0xa000, 0x3e: 0xa000,
+	// Block 0x1, offset 0x40
+	0x41: 0xa000, 0x42: 0xa000, 0x43: 0xa000, 0x44: 0xa000, 0x45: 0xa000,
+	0x46: 0xa000, 0x47: 0xa000, 0x48: 0xa000, 0x49: 0xa000, 0x4a: 0xa000, 0x4b: 0xa000,
+	0x4c: 0xa000, 0x4d: 0xa000, 0x4e: 0xa000, 0x4f: 0xa000, 0x50: 0xa000,
+	0x52: 0xa000, 0x53: 0xa000, 0x54: 0xa000, 0x55: 0xa000, 0x56: 0xa000, 0x57: 0xa000,
+	0x58: 0xa000, 0x59: 0xa000, 0x5a: 0xa000,
+	0x61: 0xa000, 0x62: 0xa000, 0x63: 0xa000,
+	0x64: 0xa000, 0x65: 0xa000, 0x66: 0xa000, 0x67: 0xa000, 0x68: 0xa000, 0x69: 0xa000,
+	0x6a: 0xa000, 0x6b: 0xa000, 0x6c: 0xa000, 0x6d: 0xa000, 0x6e: 0xa000, 0x6f: 0xa000,
+	0x70: 0xa000, 0x72: 0xa000, 0x73: 0xa000, 0x74: 0xa000, 0x75: 0xa000,
+	0x76: 0xa000, 0x77: 0xa000, 0x78: 0xa000, 0x79: 0xa000, 0x7a: 0xa000,
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc0: 0x2f72, 0xc1: 0x2f77, 0xc2: 0x468b, 0xc3: 0x2f7c, 0xc4: 0x469a, 0xc5: 0x469f,
+	0xc6: 0xa000, 0xc7: 0x46a9, 0xc8: 0x2fe5, 0xc9: 0x2fea, 0xca: 0x46ae, 0xcb: 0x2ffe,
+	0xcc: 0x3071, 0xcd: 0x3076, 0xce: 0x307b, 0xcf: 0x46c2, 0xd1: 0x3107,
+	0xd2: 0x312a, 0xd3: 0x312f, 0xd4: 0x46cc, 0xd5: 0x46d1, 0xd6: 0x46e0,
+	0xd8: 0xa000, 0xd9: 0x31b6, 0xda: 0x31bb, 0xdb: 0x31c0, 0xdc: 0x4712, 0xdd: 0x3238,
+	0xe0: 0x327e, 0xe1: 0x3283, 0xe2: 0x471c, 0xe3: 0x3288,
+	0xe4: 0x472b, 0xe5: 0x4730, 0xe6: 0xa000, 0xe7: 0x473a, 0xe8: 0x32f1, 0xe9: 0x32f6,
+	0xea: 0x473f, 0xeb: 0x330a, 0xec: 0x3382, 0xed: 0x3387, 0xee: 0x338c, 0xef: 0x4753,
+	0xf1: 0x3418, 0xf2: 0x343b, 0xf3: 0x3440, 0xf4: 0x475d, 0xf5: 0x4762,
+	0xf6: 0x4771, 0xf8: 0xa000, 0xf9: 0x34cc, 0xfa: 0x34d1, 0xfb: 0x34d6,
+	0xfc: 0x47a3, 0xfd: 0x3553, 0xff: 0x356c,
+	// Block 0x4, offset 0x100
+	0x100: 0x2f81, 0x101: 0x328d, 0x102: 0x4690, 0x103: 0x4721, 0x104: 0x2f9f, 0x105: 0x32ab,
+	0x106: 0x2fb3, 0x107: 0x32bf, 0x108: 0x2fb8, 0x109: 0x32c4, 0x10a: 0x2fbd, 0x10b: 0x32c9,
+	0x10c: 0x2fc2, 0x10d: 0x32ce, 0x10e: 0x2fcc, 0x10f: 0x32d8,
+	0x112: 0x46b3, 0x113: 0x4744, 0x114: 0x2ff4, 0x115: 0x3300, 0x116: 0x2ff9, 0x117: 0x3305,
+	0x118: 0x3017, 0x119: 0x3323, 0x11a: 0x3008, 0x11b: 0x3314, 0x11c: 0x3030, 0x11d: 0x333c,
+	0x11e: 0x303a, 0x11f: 0x3346, 0x120: 0x303f, 0x121: 0x334b, 0x122: 0x3049, 0x123: 0x3355,
+	0x124: 0x304e, 0x125: 0x335a, 0x128: 0x3080, 0x129: 0x3391,
+	0x12a: 0x3085, 0x12b: 0x3396, 0x12c: 0x308a, 0x12d: 0x339b, 0x12e: 0x30ad, 0x12f: 0x33b9,
+	0x130: 0x308f, 0x132: 0x195d, 0x133: 0x19ea, 0x134: 0x30b7, 0x135: 0x33c3,
+	0x136: 0x30cb, 0x137: 0x33dc, 0x139: 0x30d5, 0x13a: 0x33e6, 0x13b: 0x30df,
+	0x13c: 0x33f0, 0x13d: 0x30da, 0x13e: 0x33eb, 0x13f: 0x1baf,
+	// Block 0x5, offset 0x140
+	0x140: 0x1c37, 0x143: 0x3102, 0x144: 0x3413, 0x145: 0x311b,
+	0x146: 0x342c, 0x147: 0x3111, 0x148: 0x3422, 0x149: 0x1c5f,
+	0x14c: 0x46d6, 0x14d: 0x4767, 0x14e: 0x3134, 0x14f: 0x3445, 0x150: 0x313e, 0x151: 0x344f,
+	0x154: 0x315c, 0x155: 0x346d, 0x156: 0x3175, 0x157: 0x3486,
+	0x158: 0x3166, 0x159: 0x3477, 0x15a: 0x46f9, 0x15b: 0x478a, 0x15c: 0x317f, 0x15d: 0x3490,
+	0x15e: 0x318e, 0x15f: 0x349f, 0x160: 0x46fe, 0x161: 0x478f, 0x162: 0x31a7, 0x163: 0x34bd,
+	0x164: 0x3198, 0x165: 0x34ae, 0x168: 0x4708, 0x169: 0x4799,
+	0x16a: 0x470d, 0x16b: 0x479e, 0x16c: 0x31c5, 0x16d: 0x34db, 0x16e: 0x31cf, 0x16f: 0x34e5,
+	0x170: 0x31d4, 0x171: 0x34ea, 0x172: 0x31f2, 0x173: 0x3508, 0x174: 0x3215, 0x175: 0x352b,
+	0x176: 0x323d, 0x177: 0x3558, 0x178: 0x3251, 0x179: 0x3260, 0x17a: 0x3580, 0x17b: 0x326a,
+	0x17c: 0x358a, 0x17d: 0x326f, 0x17e: 0x358f, 0x17f: 0x00a7,
+	// Block 0x6, offset 0x180
+	0x184: 0x2df1, 0x185: 0x2df7,
+	0x186: 0x2dfd, 0x187: 0x1972, 0x188: 0x1975, 0x189: 0x1a0b, 0x18a: 0x198a, 0x18b: 0x198d,
+	0x18c: 0x1a41, 0x18d: 0x2f8b, 0x18e: 0x3297, 0x18f: 0x3099, 0x190: 0x33a5, 0x191: 0x3143,
+	0x192: 0x3454, 0x193: 0x31d9, 0x194: 0x34ef, 0x195: 0x39d2, 0x196: 0x3b61, 0x197: 0x39cb,
+	0x198: 0x3b5a, 0x199: 0x39d9, 0x19a: 0x3b68, 0x19b: 0x39c4, 0x19c: 0x3b53,
+	0x19e: 0x38b3, 0x19f: 0x3a42, 0x1a0: 0x38ac, 0x1a1: 0x3a3b, 0x1a2: 0x35b6, 0x1a3: 0x35c8,
+	0x1a6: 0x3044, 0x1a7: 0x3350, 0x1a8: 0x30c1, 0x1a9: 0x33d2,
+	0x1aa: 0x46ef, 0x1ab: 0x4780, 0x1ac: 0x3993, 0x1ad: 0x3b22, 0x1ae: 0x35da, 0x1af: 0x35e0,
+	0x1b0: 0x33c8, 0x1b1: 0x1942, 0x1b2: 0x1945, 0x1b3: 0x19d2, 0x1b4: 0x302b, 0x1b5: 0x3337,
+	0x1b8: 0x30fd, 0x1b9: 0x340e, 0x1ba: 0x38ba, 0x1bb: 0x3a49,
+	0x1bc: 0x35b0, 0x1bd: 0x35c2, 0x1be: 0x35bc, 0x1bf: 0x35ce,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0x2f90, 0x1c1: 0x329c, 0x1c2: 0x2f95, 0x1c3: 0x32a1, 0x1c4: 0x300d, 0x1c5: 0x3319,
+	0x1c6: 0x3012, 0x1c7: 0x331e, 0x1c8: 0x309e, 0x1c9: 0x33aa, 0x1ca: 0x30a3, 0x1cb: 0x33af,
+	0x1cc: 0x3148, 0x1cd: 0x3459, 0x1ce: 0x314d, 0x1cf: 0x345e, 0x1d0: 0x316b, 0x1d1: 0x347c,
+	0x1d2: 0x3170, 0x1d3: 0x3481, 0x1d4: 0x31de, 0x1d5: 0x34f4, 0x1d6: 0x31e3, 0x1d7: 0x34f9,
+	0x1d8: 0x3189, 0x1d9: 0x349a, 0x1da: 0x31a2, 0x1db: 0x34b8,
+	0x1de: 0x305d, 0x1df: 0x3369,
+	0x1e6: 0x4695, 0x1e7: 0x4726, 0x1e8: 0x46bd, 0x1e9: 0x474e,
+	0x1ea: 0x3962, 0x1eb: 0x3af1, 0x1ec: 0x393f, 0x1ed: 0x3ace, 0x1ee: 0x46db, 0x1ef: 0x476c,
+	0x1f0: 0x395b, 0x1f1: 0x3aea, 0x1f2: 0x3247, 0x1f3: 0x3562,
+	// Block 0x8, offset 0x200
+	0x200: 0x9932, 0x201: 0x9932, 0x202: 0x9932, 0x203: 0x9932, 0x204: 0x9932, 0x205: 0x8132,
+	0x206: 0x9932, 0x207: 0x9932, 0x208: 0x9932, 0x209: 0x9932, 0x20a: 0x9932, 0x20b: 0x9932,
+	0x20c: 0x9932, 0x20d: 0x8132, 0x20e: 0x8132, 0x20f: 0x9932, 0x210: 0x8132, 0x211: 0x9932,
+	0x212: 0x8132, 0x213: 0x9932, 0x214: 0x9932, 0x215: 0x8133, 0x216: 0x812d, 0x217: 0x812d,
+	0x218: 0x812d, 0x219: 0x812d, 0x21a: 0x8133, 0x21b: 0x992b, 0x21c: 0x812d, 0x21d: 0x812d,
+	0x21e: 0x812d, 0x21f: 0x812d, 0x220: 0x812d, 0x221: 0x8129, 0x222: 0x8129, 0x223: 0x992d,
+	0x224: 0x992d, 0x225: 0x992d, 0x226: 0x992d, 0x227: 0x9929, 0x228: 0x9929, 0x229: 0x812d,
+	0x22a: 0x812d, 0x22b: 0x812d, 0x22c: 0x812d, 0x22d: 0x992d, 0x22e: 0x992d, 0x22f: 0x812d,
+	0x230: 0x992d, 0x231: 0x992d, 0x232: 0x812d, 0x233: 0x812d, 0x234: 0x8101, 0x235: 0x8101,
+	0x236: 0x8101, 0x237: 0x8101, 0x238: 0x9901, 0x239: 0x812d, 0x23a: 0x812d, 0x23b: 0x812d,
+	0x23c: 0x812d, 0x23d: 0x8132, 0x23e: 0x8132, 0x23f: 0x8132,
+	// Block 0x9, offset 0x240
+	0x240: 0x49b1, 0x241: 0x49b6, 0x242: 0x9932, 0x243: 0x49bb, 0x244: 0x4a74, 0x245: 0x9936,
+	0x246: 0x8132, 0x247: 0x812d, 0x248: 0x812d, 0x249: 0x812d, 0x24a: 0x8132, 0x24b: 0x8132,
+	0x24c: 0x8132, 0x24d: 0x812d, 0x24e: 0x812d, 0x250: 0x8132, 0x251: 0x8132,
+	0x252: 0x8132, 0x253: 0x812d, 0x254: 0x812d, 0x255: 0x812d, 0x256: 0x812d, 0x257: 0x8132,
+	0x258: 0x8133, 0x259: 0x812d, 0x25a: 0x812d, 0x25b: 0x8132, 0x25c: 0x8134, 0x25d: 0x8135,
+	0x25e: 0x8135, 0x25f: 0x8134, 0x260: 0x8135, 0x261: 0x8135, 0x262: 0x8134, 0x263: 0x8132,
+	0x264: 0x8132, 0x265: 0x8132, 0x266: 0x8132, 0x267: 0x8132, 0x268: 0x8132, 0x269: 0x8132,
+	0x26a: 0x8132, 0x26b: 0x8132, 0x26c: 0x8132, 0x26d: 0x8132, 0x26e: 0x8132, 0x26f: 0x8132,
+	0x274: 0x0170,
+	0x27a: 0x42a8,
+	0x27e: 0x0037,
+	// Block 0xa, offset 0x280
+	0x284: 0x425d, 0x285: 0x447e,
+	0x286: 0x35ec, 0x287: 0x00ce, 0x288: 0x360a, 0x289: 0x3616, 0x28a: 0x3628,
+	0x28c: 0x3646, 0x28e: 0x3658, 0x28f: 0x3676, 0x290: 0x3e0b, 0x291: 0xa000,
+	0x295: 0xa000, 0x297: 0xa000,
+	0x299: 0xa000,
+	0x29f: 0xa000, 0x2a1: 0xa000,
+	0x2a5: 0xa000, 0x2a9: 0xa000,
+	0x2aa: 0x363a, 0x2ab: 0x366a, 0x2ac: 0x4801, 0x2ad: 0x369a, 0x2ae: 0x482b, 0x2af: 0x36ac,
+	0x2b0: 0x3e73, 0x2b1: 0xa000, 0x2b5: 0xa000,
+	0x2b7: 0xa000, 0x2b9: 0xa000,
+	0x2bf: 0xa000,
+	// Block 0xb, offset 0x2c0
+	0x2c1: 0xa000, 0x2c5: 0xa000,
+	0x2c9: 0xa000, 0x2ca: 0x4843, 0x2cb: 0x4861,
+	0x2cc: 0x36ca, 0x2cd: 0x36e2, 0x2ce: 0x4879, 0x2d0: 0x01be, 0x2d1: 0x01d0,
+	0x2d2: 0x01ac, 0x2d3: 0x430f, 0x2d4: 0x4315, 0x2d5: 0x01fa, 0x2d6: 0x01e8,
+	0x2f0: 0x01d6, 0x2f1: 0x01eb, 0x2f2: 0x01ee, 0x2f4: 0x0188, 0x2f5: 0x01c7,
+	0x2f9: 0x01a6,
+	// Block 0xc, offset 0x300
+	0x300: 0x3724, 0x301: 0x3730, 0x303: 0x371e,
+	0x306: 0xa000, 0x307: 0x370c,
+	0x30c: 0x3760, 0x30d: 0x3748, 0x30e: 0x3772, 0x310: 0xa000,
+	0x313: 0xa000, 0x315: 0xa000, 0x316: 0xa000, 0x317: 0xa000,
+	0x318: 0xa000, 0x319: 0x3754, 0x31a: 0xa000,
+	0x31e: 0xa000, 0x323: 0xa000,
+	0x327: 0xa000,
+	0x32b: 0xa000, 0x32d: 0xa000,
+	0x330: 0xa000, 0x333: 0xa000, 0x335: 0xa000,
+	0x336: 0xa000, 0x337: 0xa000, 0x338: 0xa000, 0x339: 0x37d8, 0x33a: 0xa000,
+	0x33e: 0xa000,
+	// Block 0xd, offset 0x340
+	0x341: 0x3736, 0x342: 0x37ba,
+	0x350: 0x3712, 0x351: 0x3796,
+	0x352: 0x3718, 0x353: 0x379c, 0x356: 0x372a, 0x357: 0x37ae,
+	0x358: 0xa000, 0x359: 0xa000, 0x35a: 0x382c, 0x35b: 0x3832, 0x35c: 0x373c, 0x35d: 0x37c0,
+	0x35e: 0x3742, 0x35f: 0x37c6, 0x362: 0x374e, 0x363: 0x37d2,
+	0x364: 0x375a, 0x365: 0x37de, 0x366: 0x3766, 0x367: 0x37ea, 0x368: 0xa000, 0x369: 0xa000,
+	0x36a: 0x3838, 0x36b: 0x383e, 0x36c: 0x3790, 0x36d: 0x3814, 0x36e: 0x376c, 0x36f: 0x37f0,
+	0x370: 0x3778, 0x371: 0x37fc, 0x372: 0x377e, 0x373: 0x3802, 0x374: 0x3784, 0x375: 0x3808,
+	0x378: 0x378a, 0x379: 0x380e,
+	// Block 0xe, offset 0x380
+	0x387: 0x1d64,
+	0x391: 0x812d,
+	0x392: 0x8132, 0x393: 0x8132, 0x394: 0x8132, 0x395: 0x8132, 0x396: 0x812d, 0x397: 0x8132,
+	0x398: 0x8132, 0x399: 0x8132, 0x39a: 0x812e, 0x39b: 0x812d, 0x39c: 0x8132, 0x39d: 0x8132,
+	0x39e: 0x8132, 0x39f: 0x8132, 0x3a0: 0x8132, 0x3a1: 0x8132, 0x3a2: 0x812d, 0x3a3: 0x812d,
+	0x3a4: 0x812d, 0x3a5: 0x812d, 0x3a6: 0x812d, 0x3a7: 0x812d, 0x3a8: 0x8132, 0x3a9: 0x8132,
+	0x3aa: 0x812d, 0x3ab: 0x8132, 0x3ac: 0x8132, 0x3ad: 0x812e, 0x3ae: 0x8131, 0x3af: 0x8132,
+	0x3b0: 0x8105, 0x3b1: 0x8106, 0x3b2: 0x8107, 0x3b3: 0x8108, 0x3b4: 0x8109, 0x3b5: 0x810a,
+	0x3b6: 0x810b, 0x3b7: 0x810c, 0x3b8: 0x810d, 0x3b9: 0x810e, 0x3ba: 0x810e, 0x3bb: 0x810f,
+	0x3bc: 0x8110, 0x3bd: 0x8111, 0x3bf: 0x8112,
+	// Block 0xf, offset 0x3c0
+	0x3c8: 0xa000, 0x3ca: 0xa000, 0x3cb: 0x8116,
+	0x3cc: 0x8117, 0x3cd: 0x8118, 0x3ce: 0x8119, 0x3cf: 0x811a, 0x3d0: 0x811b, 0x3d1: 0x811c,
+	0x3d2: 0x811d, 0x3d3: 0x9932, 0x3d4: 0x9932, 0x3d5: 0x992d, 0x3d6: 0x812d, 0x3d7: 0x8132,
+	0x3d8: 0x8132, 0x3d9: 0x8132, 0x3da: 0x8132, 0x3db: 0x8132, 0x3dc: 0x812d, 0x3dd: 0x8132,
+	0x3de: 0x8132, 0x3df: 0x812d,
+	0x3f0: 0x811e, 0x3f5: 0x1d87,
+	0x3f6: 0x2016, 0x3f7: 0x2052, 0x3f8: 0x204d,
+	// Block 0x10, offset 0x400
+	0x413: 0x812d, 0x414: 0x8132, 0x415: 0x8132, 0x416: 0x8132, 0x417: 0x8132,
+	0x418: 0x8132, 0x419: 0x8132, 0x41a: 0x8132, 0x41b: 0x8132, 0x41c: 0x8132, 0x41d: 0x8132,
+	0x41e: 0x8132, 0x41f: 0x8132, 0x420: 0x8132, 0x421: 0x8132, 0x423: 0x812d,
+	0x424: 0x8132, 0x425: 0x8132, 0x426: 0x812d, 0x427: 0x8132, 0x428: 0x8132, 0x429: 0x812d,
+	0x42a: 0x8132, 0x42b: 0x8132, 0x42c: 0x8132, 0x42d: 0x812d, 0x42e: 0x812d, 0x42f: 0x812d,
+	0x430: 0x8116, 0x431: 0x8117, 0x432: 0x8118, 0x433: 0x8132, 0x434: 0x8132, 0x435: 0x8132,
+	0x436: 0x812d, 0x437: 0x8132, 0x438: 0x8132, 0x439: 0x812d, 0x43a: 0x812d, 0x43b: 0x8132,
+	0x43c: 0x8132, 0x43d: 0x8132, 0x43e: 0x8132, 0x43f: 0x8132,
+	// Block 0x11, offset 0x440
+	0x445: 0xa000,
+	0x446: 0x2d29, 0x447: 0xa000, 0x448: 0x2d31, 0x449: 0xa000, 0x44a: 0x2d39, 0x44b: 0xa000,
+	0x44c: 0x2d41, 0x44d: 0xa000, 0x44e: 0x2d49, 0x451: 0xa000,
+	0x452: 0x2d51,
+	0x474: 0x8102, 0x475: 0x9900,
+	0x47a: 0xa000, 0x47b: 0x2d59,
+	0x47c: 0xa000, 0x47d: 0x2d61, 0x47e: 0xa000, 0x47f: 0xa000,
+	// Block 0x12, offset 0x480
+	0x480: 0x0069, 0x481: 0x006b, 0x482: 0x006f, 0x483: 0x0083, 0x484: 0x00f5, 0x485: 0x00f8,
+	0x486: 0x0413, 0x487: 0x0085, 0x488: 0x0089, 0x489: 0x008b, 0x48a: 0x0104, 0x48b: 0x0107,
+	0x48c: 0x010a, 0x48d: 0x008f, 0x48f: 0x0097, 0x490: 0x009b, 0x491: 0x00e0,
+	0x492: 0x009f, 0x493: 0x00fe, 0x494: 0x0417, 0x495: 0x041b, 0x496: 0x00a1, 0x497: 0x00a9,
+	0x498: 0x00ab, 0x499: 0x0423, 0x49a: 0x012b, 0x49b: 0x00ad, 0x49c: 0x0427, 0x49d: 0x01be,
+	0x49e: 0x01c1, 0x49f: 0x01c4, 0x4a0: 0x01fa, 0x4a1: 0x01fd, 0x4a2: 0x0093, 0x4a3: 0x00a5,
+	0x4a4: 0x00ab, 0x4a5: 0x00ad, 0x4a6: 0x01be, 0x4a7: 0x01c1, 0x4a8: 0x01eb, 0x4a9: 0x01fa,
+	0x4aa: 0x01fd,
+	0x4b8: 0x020c,
+	// Block 0x13, offset 0x4c0
+	0x4db: 0x00fb, 0x4dc: 0x0087, 0x4dd: 0x0101,
+	0x4de: 0x00d4, 0x4df: 0x010a, 0x4e0: 0x008d, 0x4e1: 0x010d, 0x4e2: 0x0110, 0x4e3: 0x0116,
+	0x4e4: 0x011c, 0x4e5: 0x011f, 0x4e6: 0x0122, 0x4e7: 0x042b, 0x4e8: 0x016a, 0x4e9: 0x0128,
+	0x4ea: 0x042f, 0x4eb: 0x016d, 0x4ec: 0x0131, 0x4ed: 0x012e, 0x4ee: 0x0134, 0x4ef: 0x0137,
+	0x4f0: 0x013a, 0x4f1: 0x013d, 0x4f2: 0x0140, 0x4f3: 0x014c, 0x4f4: 0x014f, 0x4f5: 0x00ec,
+	0x4f6: 0x0152, 0x4f7: 0x0155, 0x4f8: 0x041f, 0x4f9: 0x0158, 0x4fa: 0x015b, 0x4fb: 0x00b5,
+	0x4fc: 0x015e, 0x4fd: 0x0161, 0x4fe: 0x0164, 0x4ff: 0x01d0,
+	// Block 0x14, offset 0x500
+	0x500: 0x8132, 0x501: 0x8132, 0x502: 0x812d, 0x503: 0x8132, 0x504: 0x8132, 0x505: 0x8132,
+	0x506: 0x8132, 0x507: 0x8132, 0x508: 0x8132, 0x509: 0x8132, 0x50a: 0x812d, 0x50b: 0x8132,
+	0x50c: 0x8132, 0x50d: 0x8135, 0x50e: 0x812a, 0x50f: 0x812d, 0x510: 0x8129, 0x511: 0x8132,
+	0x512: 0x8132, 0x513: 0x8132, 0x514: 0x8132, 0x515: 0x8132, 0x516: 0x8132, 0x517: 0x8132,
+	0x518: 0x8132, 0x519: 0x8132, 0x51a: 0x8132, 0x51b: 0x8132, 0x51c: 0x8132, 0x51d: 0x8132,
+	0x51e: 0x8132, 0x51f: 0x8132, 0x520: 0x8132, 0x521: 0x8132, 0x522: 0x8132, 0x523: 0x8132,
+	0x524: 0x8132, 0x525: 0x8132, 0x526: 0x8132, 0x527: 0x8132, 0x528: 0x8132, 0x529: 0x8132,
+	0x52a: 0x8132, 0x52b: 0x8132, 0x52c: 0x8132, 0x52d: 0x8132, 0x52e: 0x8132, 0x52f: 0x8132,
+	0x530: 0x8132, 0x531: 0x8132, 0x532: 0x8132, 0x533: 0x8132, 0x534: 0x8132, 0x535: 0x8132,
+	0x536: 0x8133, 0x537: 0x8131, 0x538: 0x8131, 0x539: 0x812d, 0x53b: 0x8132,
+	0x53c: 0x8134, 0x53d: 0x812d, 0x53e: 0x8132, 0x53f: 0x812d,
+	// Block 0x15, offset 0x540
+	0x540: 0x2f9a, 0x541: 0x32a6, 0x542: 0x2fa4, 0x543: 0x32b0, 0x544: 0x2fa9, 0x545: 0x32b5,
+	0x546: 0x2fae, 0x547: 0x32ba, 0x548: 0x38cf, 0x549: 0x3a5e, 0x54a: 0x2fc7, 0x54b: 0x32d3,
+	0x54c: 0x2fd1, 0x54d: 0x32dd, 0x54e: 0x2fe0, 0x54f: 0x32ec, 0x550: 0x2fd6, 0x551: 0x32e2,
+	0x552: 0x2fdb, 0x553: 0x32e7, 0x554: 0x38f2, 0x555: 0x3a81, 0x556: 0x38f9, 0x557: 0x3a88,
+	0x558: 0x301c, 0x559: 0x3328, 0x55a: 0x3021, 0x55b: 0x332d, 0x55c: 0x3907, 0x55d: 0x3a96,
+	0x55e: 0x3026, 0x55f: 0x3332, 0x560: 0x3035, 0x561: 0x3341, 0x562: 0x3053, 0x563: 0x335f,
+	0x564: 0x3062, 0x565: 0x336e, 0x566: 0x3058, 0x567: 0x3364, 0x568: 0x3067, 0x569: 0x3373,
+	0x56a: 0x306c, 0x56b: 0x3378, 0x56c: 0x30b2, 0x56d: 0x33be, 0x56e: 0x390e, 0x56f: 0x3a9d,
+	0x570: 0x30bc, 0x571: 0x33cd, 0x572: 0x30c6, 0x573: 0x33d7, 0x574: 0x30d0, 0x575: 0x33e1,
+	0x576: 0x46c7, 0x577: 0x4758, 0x578: 0x3915, 0x579: 0x3aa4, 0x57a: 0x30e9, 0x57b: 0x33fa,
+	0x57c: 0x30e4, 0x57d: 0x33f5, 0x57e: 0x30ee, 0x57f: 0x33ff,
+	// Block 0x16, offset 0x580
+	0x580: 0x30f3, 0x581: 0x3404, 0x582: 0x30f8, 0x583: 0x3409, 0x584: 0x310c, 0x585: 0x341d,
+	0x586: 0x3116, 0x587: 0x3427, 0x588: 0x3125, 0x589: 0x3436, 0x58a: 0x3120, 0x58b: 0x3431,
+	0x58c: 0x3938, 0x58d: 0x3ac7, 0x58e: 0x3946, 0x58f: 0x3ad5, 0x590: 0x394d, 0x591: 0x3adc,
+	0x592: 0x3954, 0x593: 0x3ae3, 0x594: 0x3152, 0x595: 0x3463, 0x596: 0x3157, 0x597: 0x3468,
+	0x598: 0x3161, 0x599: 0x3472, 0x59a: 0x46f4, 0x59b: 0x4785, 0x59c: 0x399a, 0x59d: 0x3b29,
+	0x59e: 0x317a, 0x59f: 0x348b, 0x5a0: 0x3184, 0x5a1: 0x3495, 0x5a2: 0x4703, 0x5a3: 0x4794,
+	0x5a4: 0x39a1, 0x5a5: 0x3b30, 0x5a6: 0x39a8, 0x5a7: 0x3b37, 0x5a8: 0x39af, 0x5a9: 0x3b3e,
+	0x5aa: 0x3193, 0x5ab: 0x34a4, 0x5ac: 0x319d, 0x5ad: 0x34b3, 0x5ae: 0x31b1, 0x5af: 0x34c7,
+	0x5b0: 0x31ac, 0x5b1: 0x34c2, 0x5b2: 0x31ed, 0x5b3: 0x3503, 0x5b4: 0x31fc, 0x5b5: 0x3512,
+	0x5b6: 0x31f7, 0x5b7: 0x350d, 0x5b8: 0x39b6, 0x5b9: 0x3b45, 0x5ba: 0x39bd, 0x5bb: 0x3b4c,
+	0x5bc: 0x3201, 0x5bd: 0x3517, 0x5be: 0x3206, 0x5bf: 0x351c,
+	// Block 0x17, offset 0x5c0
+	0x5c0: 0x320b, 0x5c1: 0x3521, 0x5c2: 0x3210, 0x5c3: 0x3526, 0x5c4: 0x321f, 0x5c5: 0x3535,
+	0x5c6: 0x321a, 0x5c7: 0x3530, 0x5c8: 0x3224, 0x5c9: 0x353f, 0x5ca: 0x3229, 0x5cb: 0x3544,
+	0x5cc: 0x322e, 0x5cd: 0x3549, 0x5ce: 0x324c, 0x5cf: 0x3567, 0x5d0: 0x3265, 0x5d1: 0x3585,
+	0x5d2: 0x3274, 0x5d3: 0x3594, 0x5d4: 0x3279, 0x5d5: 0x3599, 0x5d6: 0x337d, 0x5d7: 0x34a9,
+	0x5d8: 0x353a, 0x5d9: 0x3576, 0x5da: 0x1be3, 0x5db: 0x42da,
+	0x5e0: 0x46a4, 0x5e1: 0x4735, 0x5e2: 0x2f86, 0x5e3: 0x3292,
+	0x5e4: 0x387b, 0x5e5: 0x3a0a, 0x5e6: 0x3874, 0x5e7: 0x3a03, 0x5e8: 0x3889, 0x5e9: 0x3a18,
+	0x5ea: 0x3882, 0x5eb: 0x3a11, 0x5ec: 0x38c1, 0x5ed: 0x3a50, 0x5ee: 0x3897, 0x5ef: 0x3a26,
+	0x5f0: 0x3890, 0x5f1: 0x3a1f, 0x5f2: 0x38a5, 0x5f3: 0x3a34, 0x5f4: 0x389e, 0x5f5: 0x3a2d,
+	0x5f6: 0x38c8, 0x5f7: 0x3a57, 0x5f8: 0x46b8, 0x5f9: 0x4749, 0x5fa: 0x3003, 0x5fb: 0x330f,
+	0x5fc: 0x2fef, 0x5fd: 0x32fb, 0x5fe: 0x38dd, 0x5ff: 0x3a6c,
+	// Block 0x18, offset 0x600
+	0x600: 0x38d6, 0x601: 0x3a65, 0x602: 0x38eb, 0x603: 0x3a7a, 0x604: 0x38e4, 0x605: 0x3a73,
+	0x606: 0x3900, 0x607: 0x3a8f, 0x608: 0x3094, 0x609: 0x33a0, 0x60a: 0x30a8, 0x60b: 0x33b4,
+	0x60c: 0x46ea, 0x60d: 0x477b, 0x60e: 0x3139, 0x60f: 0x344a, 0x610: 0x3923, 0x611: 0x3ab2,
+	0x612: 0x391c, 0x613: 0x3aab, 0x614: 0x3931, 0x615: 0x3ac0, 0x616: 0x392a, 0x617: 0x3ab9,
+	0x618: 0x398c, 0x619: 0x3b1b, 0x61a: 0x3970, 0x61b: 0x3aff, 0x61c: 0x3969, 0x61d: 0x3af8,
+	0x61e: 0x397e, 0x61f: 0x3b0d, 0x620: 0x3977, 0x621: 0x3b06, 0x622: 0x3985, 0x623: 0x3b14,
+	0x624: 0x31e8, 0x625: 0x34fe, 0x626: 0x31ca, 0x627: 0x34e0, 0x628: 0x39e7, 0x629: 0x3b76,
+	0x62a: 0x39e0, 0x62b: 0x3b6f, 0x62c: 0x39f5, 0x62d: 0x3b84, 0x62e: 0x39ee, 0x62f: 0x3b7d,
+	0x630: 0x39fc, 0x631: 0x3b8b, 0x632: 0x3233, 0x633: 0x354e, 0x634: 0x325b, 0x635: 0x357b,
+	0x636: 0x3256, 0x637: 0x3571, 0x638: 0x3242, 0x639: 0x355d,
+	// Block 0x19, offset 0x640
+	0x640: 0x4807, 0x641: 0x480d, 0x642: 0x4921, 0x643: 0x4939, 0x644: 0x4929, 0x645: 0x4941,
+	0x646: 0x4931, 0x647: 0x4949, 0x648: 0x47ad, 0x649: 0x47b3, 0x64a: 0x4891, 0x64b: 0x48a9,
+	0x64c: 0x4899, 0x64d: 0x48b1, 0x64e: 0x48a1, 0x64f: 0x48b9, 0x650: 0x4819, 0x651: 0x481f,
+	0x652: 0x3dbb, 0x653: 0x3dcb, 0x654: 0x3dc3, 0x655: 0x3dd3,
+	0x658: 0x47b9, 0x659: 0x47bf, 0x65a: 0x3ceb, 0x65b: 0x3cfb, 0x65c: 0x3cf3, 0x65d: 0x3d03,
+	0x660: 0x4831, 0x661: 0x4837, 0x662: 0x4951, 0x663: 0x4969,
+	0x664: 0x4959, 0x665: 0x4971, 0x666: 0x4961, 0x667: 0x4979, 0x668: 0x47c5, 0x669: 0x47cb,
+	0x66a: 0x48c1, 0x66b: 0x48d9, 0x66c: 0x48c9, 0x66d: 0x48e1, 0x66e: 0x48d1, 0x66f: 0x48e9,
+	0x670: 0x4849, 0x671: 0x484f, 0x672: 0x3e1b, 0x673: 0x3e33, 0x674: 0x3e23, 0x675: 0x3e3b,
+	0x676: 0x3e2b, 0x677: 0x3e43, 0x678: 0x47d1, 0x679: 0x47d7, 0x67a: 0x3d1b, 0x67b: 0x3d33,
+	0x67c: 0x3d23, 0x67d: 0x3d3b, 0x67e: 0x3d2b, 0x67f: 0x3d43,
+	// Block 0x1a, offset 0x680
+	0x680: 0x4855, 0x681: 0x485b, 0x682: 0x3e4b, 0x683: 0x3e5b, 0x684: 0x3e53, 0x685: 0x3e63,
+	0x688: 0x47dd, 0x689: 0x47e3, 0x68a: 0x3d4b, 0x68b: 0x3d5b,
+	0x68c: 0x3d53, 0x68d: 0x3d63, 0x690: 0x4867, 0x691: 0x486d,
+	0x692: 0x3e83, 0x693: 0x3e9b, 0x694: 0x3e8b, 0x695: 0x3ea3, 0x696: 0x3e93, 0x697: 0x3eab,
+	0x699: 0x47e9, 0x69b: 0x3d6b, 0x69d: 0x3d73,
+	0x69f: 0x3d7b, 0x6a0: 0x487f, 0x6a1: 0x4885, 0x6a2: 0x4981, 0x6a3: 0x4999,
+	0x6a4: 0x4989, 0x6a5: 0x49a1, 0x6a6: 0x4991, 0x6a7: 0x49a9, 0x6a8: 0x47ef, 0x6a9: 0x47f5,
+	0x6aa: 0x48f1, 0x6ab: 0x4909, 0x6ac: 0x48f9, 0x6ad: 0x4911, 0x6ae: 0x4901, 0x6af: 0x4919,
+	0x6b0: 0x47fb, 0x6b1: 0x4321, 0x6b2: 0x3694, 0x6b3: 0x4327, 0x6b4: 0x4825, 0x6b5: 0x432d,
+	0x6b6: 0x36a6, 0x6b7: 0x4333, 0x6b8: 0x36c4, 0x6b9: 0x4339, 0x6ba: 0x36dc, 0x6bb: 0x433f,
+	0x6bc: 0x4873, 0x6bd: 0x4345,
+	// Block 0x1b, offset 0x6c0
+	0x6c0: 0x3da3, 0x6c1: 0x3dab, 0x6c2: 0x4187, 0x6c3: 0x41a5, 0x6c4: 0x4191, 0x6c5: 0x41af,
+	0x6c6: 0x419b, 0x6c7: 0x41b9, 0x6c8: 0x3cdb, 0x6c9: 0x3ce3, 0x6ca: 0x40d3, 0x6cb: 0x40f1,
+	0x6cc: 0x40dd, 0x6cd: 0x40fb, 0x6ce: 0x40e7, 0x6cf: 0x4105, 0x6d0: 0x3deb, 0x6d1: 0x3df3,
+	0x6d2: 0x41c3, 0x6d3: 0x41e1, 0x6d4: 0x41cd, 0x6d5: 0x41eb, 0x6d6: 0x41d7, 0x6d7: 0x41f5,
+	0x6d8: 0x3d0b, 0x6d9: 0x3d13, 0x6da: 0x410f, 0x6db: 0x412d, 0x6dc: 0x4119, 0x6dd: 0x4137,
+	0x6de: 0x4123, 0x6df: 0x4141, 0x6e0: 0x3ec3, 0x6e1: 0x3ecb, 0x6e2: 0x41ff, 0x6e3: 0x421d,
+	0x6e4: 0x4209, 0x6e5: 0x4227, 0x6e6: 0x4213, 0x6e7: 0x4231, 0x6e8: 0x3d83, 0x6e9: 0x3d8b,
+	0x6ea: 0x414b, 0x6eb: 0x4169, 0x6ec: 0x4155, 0x6ed: 0x4173, 0x6ee: 0x415f, 0x6ef: 0x417d,
+	0x6f0: 0x3688, 0x6f1: 0x3682, 0x6f2: 0x3d93, 0x6f3: 0x368e, 0x6f4: 0x3d9b,
+	0x6f6: 0x4813, 0x6f7: 0x3db3, 0x6f8: 0x35f8, 0x6f9: 0x35f2, 0x6fa: 0x35e6, 0x6fb: 0x42f1,
+	0x6fc: 0x35fe, 0x6fd: 0x428a, 0x6fe: 0x01d3, 0x6ff: 0x428a,
+	// Block 0x1c, offset 0x700
+	0x700: 0x42a3, 0x701: 0x4485, 0x702: 0x3ddb, 0x703: 0x36a0, 0x704: 0x3de3,
+	0x706: 0x483d, 0x707: 0x3dfb, 0x708: 0x3604, 0x709: 0x42f7, 0x70a: 0x3610, 0x70b: 0x42fd,
+	0x70c: 0x361c, 0x70d: 0x448c, 0x70e: 0x4493, 0x70f: 0x449a, 0x710: 0x36b8, 0x711: 0x36b2,
+	0x712: 0x3e03, 0x713: 0x44e7, 0x716: 0x36be, 0x717: 0x3e13,
+	0x718: 0x3634, 0x719: 0x362e, 0x71a: 0x3622, 0x71b: 0x4303, 0x71d: 0x44a1,
+	0x71e: 0x44a8, 0x71f: 0x44af, 0x720: 0x36ee, 0x721: 0x36e8, 0x722: 0x3e6b, 0x723: 0x44ef,
+	0x724: 0x36d0, 0x725: 0x36d6, 0x726: 0x36f4, 0x727: 0x3e7b, 0x728: 0x3664, 0x729: 0x365e,
+	0x72a: 0x3652, 0x72b: 0x430f, 0x72c: 0x364c, 0x72d: 0x4477, 0x72e: 0x447e, 0x72f: 0x0081,
+	0x732: 0x3eb3, 0x733: 0x36fa, 0x734: 0x3ebb,
+	0x736: 0x488b, 0x737: 0x3ed3, 0x738: 0x3640, 0x739: 0x4309, 0x73a: 0x3670, 0x73b: 0x431b,
+	0x73c: 0x367c, 0x73d: 0x425d, 0x73e: 0x428f,
+	// Block 0x1d, offset 0x740
+	0x740: 0x1bdb, 0x741: 0x1bdf, 0x742: 0x0047, 0x743: 0x1c57, 0x745: 0x1beb,
+	0x746: 0x1bef, 0x747: 0x00e9, 0x749: 0x1c5b, 0x74a: 0x008f, 0x74b: 0x0051,
+	0x74c: 0x0051, 0x74d: 0x0051, 0x74e: 0x0091, 0x74f: 0x00da, 0x750: 0x0053, 0x751: 0x0053,
+	0x752: 0x0059, 0x753: 0x0099, 0x755: 0x005d, 0x756: 0x1990,
+	0x759: 0x0061, 0x75a: 0x0063, 0x75b: 0x0065, 0x75c: 0x0065, 0x75d: 0x0065,
+	0x760: 0x19a2, 0x761: 0x1bcb, 0x762: 0x19ab,
+	0x764: 0x0075, 0x766: 0x01b8, 0x768: 0x0075,
+	0x76a: 0x0057, 0x76b: 0x42d5, 0x76c: 0x0045, 0x76d: 0x0047, 0x76f: 0x008b,
+	0x770: 0x004b, 0x771: 0x004d, 0x773: 0x005b, 0x774: 0x009f, 0x775: 0x0215,
+	0x776: 0x0218, 0x777: 0x021b, 0x778: 0x021e, 0x779: 0x0093, 0x77b: 0x1b9b,
+	0x77c: 0x01e8, 0x77d: 0x01c1, 0x77e: 0x0179, 0x77f: 0x01a0,
+	// Block 0x1e, offset 0x780
+	0x780: 0x0463, 0x785: 0x0049,
+	0x786: 0x0089, 0x787: 0x008b, 0x788: 0x0093, 0x789: 0x0095,
+	0x790: 0x2231, 0x791: 0x223d,
+	0x792: 0x22f1, 0x793: 0x2219, 0x794: 0x229d, 0x795: 0x2225, 0x796: 0x22a3, 0x797: 0x22bb,
+	0x798: 0x22c7, 0x799: 0x222b, 0x79a: 0x22cd, 0x79b: 0x2237, 0x79c: 0x22c1, 0x79d: 0x22d3,
+	0x79e: 0x22d9, 0x79f: 0x1cbf, 0x7a0: 0x0053, 0x7a1: 0x195a, 0x7a2: 0x1ba7, 0x7a3: 0x1963,
+	0x7a4: 0x006d, 0x7a5: 0x19ae, 0x7a6: 0x1bd3, 0x7a7: 0x1d4b, 0x7a8: 0x1966, 0x7a9: 0x0071,
+	0x7aa: 0x19ba, 0x7ab: 0x1bd7, 0x7ac: 0x0059, 0x7ad: 0x0047, 0x7ae: 0x0049, 0x7af: 0x005b,
+	0x7b0: 0x0093, 0x7b1: 0x19e7, 0x7b2: 0x1c1b, 0x7b3: 0x19f0, 0x7b4: 0x00ad, 0x7b5: 0x1a65,
+	0x7b6: 0x1c4f, 0x7b7: 0x1d5f, 0x7b8: 0x19f3, 0x7b9: 0x00b1, 0x7ba: 0x1a68, 0x7bb: 0x1c53,
+	0x7bc: 0x0099, 0x7bd: 0x0087, 0x7be: 0x0089, 0x7bf: 0x009b,
+	// Block 0x1f, offset 0x7c0
+	0x7c1: 0x3c09, 0x7c3: 0xa000, 0x7c4: 0x3c10, 0x7c5: 0xa000,
+	0x7c7: 0x3c17, 0x7c8: 0xa000, 0x7c9: 0x3c1e,
+	0x7cd: 0xa000,
+	0x7e0: 0x2f68, 0x7e1: 0xa000, 0x7e2: 0x3c2c,
+	0x7e4: 0xa000, 0x7e5: 0xa000,
+	0x7ed: 0x3c25, 0x7ee: 0x2f63, 0x7ef: 0x2f6d,
+	0x7f0: 0x3c33, 0x7f1: 0x3c3a, 0x7f2: 0xa000, 0x7f3: 0xa000, 0x7f4: 0x3c41, 0x7f5: 0x3c48,
+	0x7f6: 0xa000, 0x7f7: 0xa000, 0x7f8: 0x3c4f, 0x7f9: 0x3c56, 0x7fa: 0xa000, 0x7fb: 0xa000,
+	0x7fc: 0xa000, 0x7fd: 0xa000,
+	// Block 0x20, offset 0x800
+	0x800: 0x3c5d, 0x801: 0x3c64, 0x802: 0xa000, 0x803: 0xa000, 0x804: 0x3c79, 0x805: 0x3c80,
+	0x806: 0xa000, 0x807: 0xa000, 0x808: 0x3c87, 0x809: 0x3c8e,
+	0x811: 0xa000,
+	0x812: 0xa000,
+	0x822: 0xa000,
+	0x828: 0xa000, 0x829: 0xa000,
+	0x82b: 0xa000, 0x82c: 0x3ca3, 0x82d: 0x3caa, 0x82e: 0x3cb1, 0x82f: 0x3cb8,
+	0x832: 0xa000, 0x833: 0xa000, 0x834: 0xa000, 0x835: 0xa000,
+	// Block 0x21, offset 0x840
+	0x860: 0x0023, 0x861: 0x0025, 0x862: 0x0027, 0x863: 0x0029,
+	0x864: 0x002b, 0x865: 0x002d, 0x866: 0x002f, 0x867: 0x0031, 0x868: 0x0033, 0x869: 0x1882,
+	0x86a: 0x1885, 0x86b: 0x1888, 0x86c: 0x188b, 0x86d: 0x188e, 0x86e: 0x1891, 0x86f: 0x1894,
+	0x870: 0x1897, 0x871: 0x189a, 0x872: 0x189d, 0x873: 0x18a6, 0x874: 0x1a6b, 0x875: 0x1a6f,
+	0x876: 0x1a73, 0x877: 0x1a77, 0x878: 0x1a7b, 0x879: 0x1a7f, 0x87a: 0x1a83, 0x87b: 0x1a87,
+	0x87c: 0x1a8b, 0x87d: 0x1c83, 0x87e: 0x1c88, 0x87f: 0x1c8d,
+	// Block 0x22, offset 0x880
+	0x880: 0x1c92, 0x881: 0x1c97, 0x882: 0x1c9c, 0x883: 0x1ca1, 0x884: 0x1ca6, 0x885: 0x1cab,
+	0x886: 0x1cb0, 0x887: 0x1cb5, 0x888: 0x187f, 0x889: 0x18a3, 0x88a: 0x18c7, 0x88b: 0x18eb,
+	0x88c: 0x190f, 0x88d: 0x1918, 0x88e: 0x191e, 0x88f: 0x1924, 0x890: 0x192a, 0x891: 0x1b63,
+	0x892: 0x1b67, 0x893: 0x1b6b, 0x894: 0x1b6f, 0x895: 0x1b73, 0x896: 0x1b77, 0x897: 0x1b7b,
+	0x898: 0x1b7f, 0x899: 0x1b83, 0x89a: 0x1b87, 0x89b: 0x1b8b, 0x89c: 0x1af7, 0x89d: 0x1afb,
+	0x89e: 0x1aff, 0x89f: 0x1b03, 0x8a0: 0x1b07, 0x8a1: 0x1b0b, 0x8a2: 0x1b0f, 0x8a3: 0x1b13,
+	0x8a4: 0x1b17, 0x8a5: 0x1b1b, 0x8a6: 0x1b1f, 0x8a7: 0x1b23, 0x8a8: 0x1b27, 0x8a9: 0x1b2b,
+	0x8aa: 0x1b2f, 0x8ab: 0x1b33, 0x8ac: 0x1b37, 0x8ad: 0x1b3b, 0x8ae: 0x1b3f, 0x8af: 0x1b43,
+	0x8b0: 0x1b47, 0x8b1: 0x1b4b, 0x8b2: 0x1b4f, 0x8b3: 0x1b53, 0x8b4: 0x1b57, 0x8b5: 0x1b5b,
+	0x8b6: 0x0043, 0x8b7: 0x0045, 0x8b8: 0x0047, 0x8b9: 0x0049, 0x8ba: 0x004b, 0x8bb: 0x004d,
+	0x8bc: 0x004f, 0x8bd: 0x0051, 0x8be: 0x0053, 0x8bf: 0x0055,
+	// Block 0x23, offset 0x8c0
+	0x8c0: 0x06bf, 0x8c1: 0x06e3, 0x8c2: 0x06ef, 0x8c3: 0x06ff, 0x8c4: 0x0707, 0x8c5: 0x0713,
+	0x8c6: 0x071b, 0x8c7: 0x0723, 0x8c8: 0x072f, 0x8c9: 0x0783, 0x8ca: 0x079b, 0x8cb: 0x07ab,
+	0x8cc: 0x07bb, 0x8cd: 0x07cb, 0x8ce: 0x07db, 0x8cf: 0x07fb, 0x8d0: 0x07ff, 0x8d1: 0x0803,
+	0x8d2: 0x0837, 0x8d3: 0x085f, 0x8d4: 0x086f, 0x8d5: 0x0877, 0x8d6: 0x087b, 0x8d7: 0x0887,
+	0x8d8: 0x08a3, 0x8d9: 0x08a7, 0x8da: 0x08bf, 0x8db: 0x08c3, 0x8dc: 0x08cb, 0x8dd: 0x08db,
+	0x8de: 0x0977, 0x8df: 0x098b, 0x8e0: 0x09cb, 0x8e1: 0x09df, 0x8e2: 0x09e7, 0x8e3: 0x09eb,
+	0x8e4: 0x09fb, 0x8e5: 0x0a17, 0x8e6: 0x0a43, 0x8e7: 0x0a4f, 0x8e8: 0x0a6f, 0x8e9: 0x0a7b,
+	0x8ea: 0x0a7f, 0x8eb: 0x0a83, 0x8ec: 0x0a9b, 0x8ed: 0x0a9f, 0x8ee: 0x0acb, 0x8ef: 0x0ad7,
+	0x8f0: 0x0adf, 0x8f1: 0x0ae7, 0x8f2: 0x0af7, 0x8f3: 0x0aff, 0x8f4: 0x0b07, 0x8f5: 0x0b33,
+	0x8f6: 0x0b37, 0x8f7: 0x0b3f, 0x8f8: 0x0b43, 0x8f9: 0x0b4b, 0x8fa: 0x0b53, 0x8fb: 0x0b63,
+	0x8fc: 0x0b7f, 0x8fd: 0x0bf7, 0x8fe: 0x0c0b, 0x8ff: 0x0c0f,
+	// Block 0x24, offset 0x900
+	0x900: 0x0c8f, 0x901: 0x0c93, 0x902: 0x0ca7, 0x903: 0x0cab, 0x904: 0x0cb3, 0x905: 0x0cbb,
+	0x906: 0x0cc3, 0x907: 0x0ccf, 0x908: 0x0cf7, 0x909: 0x0d07, 0x90a: 0x0d1b, 0x90b: 0x0d8b,
+	0x90c: 0x0d97, 0x90d: 0x0da7, 0x90e: 0x0db3, 0x90f: 0x0dbf, 0x910: 0x0dc7, 0x911: 0x0dcb,
+	0x912: 0x0dcf, 0x913: 0x0dd3, 0x914: 0x0dd7, 0x915: 0x0e8f, 0x916: 0x0ed7, 0x917: 0x0ee3,
+	0x918: 0x0ee7, 0x919: 0x0eeb, 0x91a: 0x0eef, 0x91b: 0x0ef7, 0x91c: 0x0efb, 0x91d: 0x0f0f,
+	0x91e: 0x0f2b, 0x91f: 0x0f33, 0x920: 0x0f73, 0x921: 0x0f77, 0x922: 0x0f7f, 0x923: 0x0f83,
+	0x924: 0x0f8b, 0x925: 0x0f8f, 0x926: 0x0fb3, 0x927: 0x0fb7, 0x928: 0x0fd3, 0x929: 0x0fd7,
+	0x92a: 0x0fdb, 0x92b: 0x0fdf, 0x92c: 0x0ff3, 0x92d: 0x1017, 0x92e: 0x101b, 0x92f: 0x101f,
+	0x930: 0x1043, 0x931: 0x1083, 0x932: 0x1087, 0x933: 0x10a7, 0x934: 0x10b7, 0x935: 0x10bf,
+	0x936: 0x10df, 0x937: 0x1103, 0x938: 0x1147, 0x939: 0x114f, 0x93a: 0x1163, 0x93b: 0x116f,
+	0x93c: 0x1177, 0x93d: 0x117f, 0x93e: 0x1183, 0x93f: 0x1187,
+	// Block 0x25, offset 0x940
+	0x940: 0x119f, 0x941: 0x11a3, 0x942: 0x11bf, 0x943: 0x11c7, 0x944: 0x11cf, 0x945: 0x11d3,
+	0x946: 0x11df, 0x947: 0x11e7, 0x948: 0x11eb, 0x949: 0x11ef, 0x94a: 0x11f7, 0x94b: 0x11fb,
+	0x94c: 0x129b, 0x94d: 0x12af, 0x94e: 0x12e3, 0x94f: 0x12e7, 0x950: 0x12ef, 0x951: 0x131b,
+	0x952: 0x1323, 0x953: 0x132b, 0x954: 0x1333, 0x955: 0x136f, 0x956: 0x1373, 0x957: 0x137b,
+	0x958: 0x137f, 0x959: 0x1383, 0x95a: 0x13af, 0x95b: 0x13b3, 0x95c: 0x13bb, 0x95d: 0x13cf,
+	0x95e: 0x13d3, 0x95f: 0x13ef, 0x960: 0x13f7, 0x961: 0x13fb, 0x962: 0x141f, 0x963: 0x143f,
+	0x964: 0x1453, 0x965: 0x1457, 0x966: 0x145f, 0x967: 0x148b, 0x968: 0x148f, 0x969: 0x149f,
+	0x96a: 0x14c3, 0x96b: 0x14cf, 0x96c: 0x14df, 0x96d: 0x14f7, 0x96e: 0x14ff, 0x96f: 0x1503,
+	0x970: 0x1507, 0x971: 0x150b, 0x972: 0x1517, 0x973: 0x151b, 0x974: 0x1523, 0x975: 0x153f,
+	0x976: 0x1543, 0x977: 0x1547, 0x978: 0x155f, 0x979: 0x1563, 0x97a: 0x156b, 0x97b: 0x157f,
+	0x97c: 0x1583, 0x97d: 0x1587, 0x97e: 0x158f, 0x97f: 0x1593,
+	// Block 0x26, offset 0x980
+	0x986: 0xa000, 0x98b: 0xa000,
+	0x98c: 0x3f0b, 0x98d: 0xa000, 0x98e: 0x3f13, 0x98f: 0xa000, 0x990: 0x3f1b, 0x991: 0xa000,
+	0x992: 0x3f23, 0x993: 0xa000, 0x994: 0x3f2b, 0x995: 0xa000, 0x996: 0x3f33, 0x997: 0xa000,
+	0x998: 0x3f3b, 0x999: 0xa000, 0x99a: 0x3f43, 0x99b: 0xa000, 0x99c: 0x3f4b, 0x99d: 0xa000,
+	0x99e: 0x3f53, 0x99f: 0xa000, 0x9a0: 0x3f5b, 0x9a1: 0xa000, 0x9a2: 0x3f63,
+	0x9a4: 0xa000, 0x9a5: 0x3f6b, 0x9a6: 0xa000, 0x9a7: 0x3f73, 0x9a8: 0xa000, 0x9a9: 0x3f7b,
+	0x9af: 0xa000,
+	0x9b0: 0x3f83, 0x9b1: 0x3f8b, 0x9b2: 0xa000, 0x9b3: 0x3f93, 0x9b4: 0x3f9b, 0x9b5: 0xa000,
+	0x9b6: 0x3fa3, 0x9b7: 0x3fab, 0x9b8: 0xa000, 0x9b9: 0x3fb3, 0x9ba: 0x3fbb, 0x9bb: 0xa000,
+	0x9bc: 0x3fc3, 0x9bd: 0x3fcb,
+	// Block 0x27, offset 0x9c0
+	0x9d4: 0x3f03,
+	0x9d9: 0x9903, 0x9da: 0x9903, 0x9db: 0x42df, 0x9dc: 0x42e5, 0x9dd: 0xa000,
+	0x9de: 0x3fd3, 0x9df: 0x26b7,
+	0x9e6: 0xa000,
+	0x9eb: 0xa000, 0x9ec: 0x3fe3, 0x9ed: 0xa000, 0x9ee: 0x3feb, 0x9ef: 0xa000,
+	0x9f0: 0x3ff3, 0x9f1: 0xa000, 0x9f2: 0x3ffb, 0x9f3: 0xa000, 0x9f4: 0x4003, 0x9f5: 0xa000,
+	0x9f6: 0x400b, 0x9f7: 0xa000, 0x9f8: 0x4013, 0x9f9: 0xa000, 0x9fa: 0x401b, 0x9fb: 0xa000,
+	0x9fc: 0x4023, 0x9fd: 0xa000, 0x9fe: 0x402b, 0x9ff: 0xa000,
+	// Block 0x28, offset 0xa00
+	0xa00: 0x4033, 0xa01: 0xa000, 0xa02: 0x403b, 0xa04: 0xa000, 0xa05: 0x4043,
+	0xa06: 0xa000, 0xa07: 0x404b, 0xa08: 0xa000, 0xa09: 0x4053,
+	0xa0f: 0xa000, 0xa10: 0x405b, 0xa11: 0x4063,
+	0xa12: 0xa000, 0xa13: 0x406b, 0xa14: 0x4073, 0xa15: 0xa000, 0xa16: 0x407b, 0xa17: 0x4083,
+	0xa18: 0xa000, 0xa19: 0x408b, 0xa1a: 0x4093, 0xa1b: 0xa000, 0xa1c: 0x409b, 0xa1d: 0x40a3,
+	0xa2f: 0xa000,
+	0xa30: 0xa000, 0xa31: 0xa000, 0xa32: 0xa000, 0xa34: 0x3fdb,
+	0xa37: 0x40ab, 0xa38: 0x40b3, 0xa39: 0x40bb, 0xa3a: 0x40c3,
+	0xa3d: 0xa000, 0xa3e: 0x40cb, 0xa3f: 0x26cc,
+	// Block 0x29, offset 0xa40
+	0xa40: 0x0367, 0xa41: 0x032b, 0xa42: 0x032f, 0xa43: 0x0333, 0xa44: 0x037b, 0xa45: 0x0337,
+	0xa46: 0x033b, 0xa47: 0x033f, 0xa48: 0x0343, 0xa49: 0x0347, 0xa4a: 0x034b, 0xa4b: 0x034f,
+	0xa4c: 0x0353, 0xa4d: 0x0357, 0xa4e: 0x035b, 0xa4f: 0x49c0, 0xa50: 0x49c6, 0xa51: 0x49cc,
+	0xa52: 0x49d2, 0xa53: 0x49d8, 0xa54: 0x49de, 0xa55: 0x49e4, 0xa56: 0x49ea, 0xa57: 0x49f0,
+	0xa58: 0x49f6, 0xa59: 0x49fc, 0xa5a: 0x4a02, 0xa5b: 0x4a08, 0xa5c: 0x4a0e, 0xa5d: 0x4a14,
+	0xa5e: 0x4a1a, 0xa5f: 0x4a20, 0xa60: 0x4a26, 0xa61: 0x4a2c, 0xa62: 0x4a32, 0xa63: 0x4a38,
+	0xa64: 0x03c3, 0xa65: 0x035f, 0xa66: 0x0363, 0xa67: 0x03e7, 0xa68: 0x03eb, 0xa69: 0x03ef,
+	0xa6a: 0x03f3, 0xa6b: 0x03f7, 0xa6c: 0x03fb, 0xa6d: 0x03ff, 0xa6e: 0x036b, 0xa6f: 0x0403,
+	0xa70: 0x0407, 0xa71: 0x036f, 0xa72: 0x0373, 0xa73: 0x0377, 0xa74: 0x037f, 0xa75: 0x0383,
+	0xa76: 0x0387, 0xa77: 0x038b, 0xa78: 0x038f, 0xa79: 0x0393, 0xa7a: 0x0397, 0xa7b: 0x039b,
+	0xa7c: 0x039f, 0xa7d: 0x03a3, 0xa7e: 0x03a7, 0xa7f: 0x03ab,
+	// Block 0x2a, offset 0xa80
+	0xa80: 0x03af, 0xa81: 0x03b3, 0xa82: 0x040b, 0xa83: 0x040f, 0xa84: 0x03b7, 0xa85: 0x03bb,
+	0xa86: 0x03bf, 0xa87: 0x03c7, 0xa88: 0x03cb, 0xa89: 0x03cf, 0xa8a: 0x03d3, 0xa8b: 0x03d7,
+	0xa8c: 0x03db, 0xa8d: 0x03df, 0xa8e: 0x03e3,
+	0xa92: 0x06bf, 0xa93: 0x071b, 0xa94: 0x06cb, 0xa95: 0x097b, 0xa96: 0x06cf, 0xa97: 0x06e7,
+	0xa98: 0x06d3, 0xa99: 0x0f93, 0xa9a: 0x0707, 0xa9b: 0x06db, 0xa9c: 0x06c3, 0xa9d: 0x09ff,
+	0xa9e: 0x098f, 0xa9f: 0x072f,
+	// Block 0x2b, offset 0xac0
+	0xac0: 0x2057, 0xac1: 0x205d, 0xac2: 0x2063, 0xac3: 0x2069, 0xac4: 0x206f, 0xac5: 0x2075,
+	0xac6: 0x207b, 0xac7: 0x2081, 0xac8: 0x2087, 0xac9: 0x208d, 0xaca: 0x2093, 0xacb: 0x2099,
+	0xacc: 0x209f, 0xacd: 0x20a5, 0xace: 0x2729, 0xacf: 0x2732, 0xad0: 0x273b, 0xad1: 0x2744,
+	0xad2: 0x274d, 0xad3: 0x2756, 0xad4: 0x275f, 0xad5: 0x2768, 0xad6: 0x2771, 0xad7: 0x2783,
+	0xad8: 0x278c, 0xad9: 0x2795, 0xada: 0x279e, 0xadb: 0x27a7, 0xadc: 0x277a, 0xadd: 0x2baf,
+	0xade: 0x2af0, 0xae0: 0x20ab, 0xae1: 0x20c3, 0xae2: 0x20b7, 0xae3: 0x210b,
+	0xae4: 0x20c9, 0xae5: 0x20e7, 0xae6: 0x20b1, 0xae7: 0x20e1, 0xae8: 0x20bd, 0xae9: 0x20f3,
+	0xaea: 0x2123, 0xaeb: 0x2141, 0xaec: 0x213b, 0xaed: 0x212f, 0xaee: 0x217d, 0xaef: 0x2111,
+	0xaf0: 0x211d, 0xaf1: 0x2135, 0xaf2: 0x2129, 0xaf3: 0x2153, 0xaf4: 0x20ff, 0xaf5: 0x2147,
+	0xaf6: 0x2171, 0xaf7: 0x2159, 0xaf8: 0x20ed, 0xaf9: 0x20cf, 0xafa: 0x2105, 0xafb: 0x2117,
+	0xafc: 0x214d, 0xafd: 0x20d5, 0xafe: 0x2177, 0xaff: 0x20f9,
+	// Block 0x2c, offset 0xb00
+	0xb00: 0x215f, 0xb01: 0x20db, 0xb02: 0x2165, 0xb03: 0x216b, 0xb04: 0x092f, 0xb05: 0x0b03,
+	0xb06: 0x0ca7, 0xb07: 0x10c7,
+	0xb10: 0x1bc7, 0xb11: 0x18a9,
+	0xb12: 0x18ac, 0xb13: 0x18af, 0xb14: 0x18b2, 0xb15: 0x18b5, 0xb16: 0x18b8, 0xb17: 0x18bb,
+	0xb18: 0x18be, 0xb19: 0x18c1, 0xb1a: 0x18ca, 0xb1b: 0x18cd, 0xb1c: 0x18d0, 0xb1d: 0x18d3,
+	0xb1e: 0x18d6, 0xb1f: 0x18d9, 0xb20: 0x0313, 0xb21: 0x031b, 0xb22: 0x031f, 0xb23: 0x0327,
+	0xb24: 0x032b, 0xb25: 0x032f, 0xb26: 0x0337, 0xb27: 0x033f, 0xb28: 0x0343, 0xb29: 0x034b,
+	0xb2a: 0x034f, 0xb2b: 0x0353, 0xb2c: 0x0357, 0xb2d: 0x035b, 0xb2e: 0x2e1b, 0xb2f: 0x2e23,
+	0xb30: 0x2e2b, 0xb31: 0x2e33, 0xb32: 0x2e3b, 0xb33: 0x2e43, 0xb34: 0x2e4b, 0xb35: 0x2e53,
+	0xb36: 0x2e63, 0xb37: 0x2e6b, 0xb38: 0x2e73, 0xb39: 0x2e7b, 0xb3a: 0x2e83, 0xb3b: 0x2e8b,
+	0xb3c: 0x2ed6, 0xb3d: 0x2e9e, 0xb3e: 0x2e5b,
+	// Block 0x2d, offset 0xb40
+	0xb40: 0x06bf, 0xb41: 0x071b, 0xb42: 0x06cb, 0xb43: 0x097b, 0xb44: 0x071f, 0xb45: 0x07af,
+	0xb46: 0x06c7, 0xb47: 0x07ab, 0xb48: 0x070b, 0xb49: 0x0887, 0xb4a: 0x0d07, 0xb4b: 0x0e8f,
+	0xb4c: 0x0dd7, 0xb4d: 0x0d1b, 0xb4e: 0x145f, 0xb4f: 0x098b, 0xb50: 0x0ccf, 0xb51: 0x0d4b,
+	0xb52: 0x0d0b, 0xb53: 0x104b, 0xb54: 0x08fb, 0xb55: 0x0f03, 0xb56: 0x1387, 0xb57: 0x105f,
+	0xb58: 0x0843, 0xb59: 0x108f, 0xb5a: 0x0f9b, 0xb5b: 0x0a17, 0xb5c: 0x140f, 0xb5d: 0x077f,
+	0xb5e: 0x08ab, 0xb5f: 0x0df7, 0xb60: 0x1527, 0xb61: 0x0743, 0xb62: 0x07d3, 0xb63: 0x0d9b,
+	0xb64: 0x06cf, 0xb65: 0x06e7, 0xb66: 0x06d3, 0xb67: 0x0adb, 0xb68: 0x08ef, 0xb69: 0x087f,
+	0xb6a: 0x0a57, 0xb6b: 0x0a4b, 0xb6c: 0x0feb, 0xb6d: 0x073f, 0xb6e: 0x139b, 0xb6f: 0x089b,
+	0xb70: 0x09f3, 0xb71: 0x18dc, 0xb72: 0x18df, 0xb73: 0x18e2, 0xb74: 0x18e5, 0xb75: 0x18ee,
+	0xb76: 0x18f1, 0xb77: 0x18f4, 0xb78: 0x18f7, 0xb79: 0x18fa, 0xb7a: 0x18fd, 0xb7b: 0x1900,
+	0xb7c: 0x1903, 0xb7d: 0x1906, 0xb7e: 0x1909, 0xb7f: 0x1912,
+	// Block 0x2e, offset 0xb80
+	0xb80: 0x1cc9, 0xb81: 0x1cd8, 0xb82: 0x1ce7, 0xb83: 0x1cf6, 0xb84: 0x1d05, 0xb85: 0x1d14,
+	0xb86: 0x1d23, 0xb87: 0x1d32, 0xb88: 0x1d41, 0xb89: 0x218f, 0xb8a: 0x21a1, 0xb8b: 0x21b3,
+	0xb8c: 0x1954, 0xb8d: 0x1c07, 0xb8e: 0x19d5, 0xb8f: 0x1bab, 0xb90: 0x04cb, 0xb91: 0x04d3,
+	0xb92: 0x04db, 0xb93: 0x04e3, 0xb94: 0x04eb, 0xb95: 0x04ef, 0xb96: 0x04f3, 0xb97: 0x04f7,
+	0xb98: 0x04fb, 0xb99: 0x04ff, 0xb9a: 0x0503, 0xb9b: 0x0507, 0xb9c: 0x050b, 0xb9d: 0x050f,
+	0xb9e: 0x0513, 0xb9f: 0x0517, 0xba0: 0x051b, 0xba1: 0x0523, 0xba2: 0x0527, 0xba3: 0x052b,
+	0xba4: 0x052f, 0xba5: 0x0533, 0xba6: 0x0537, 0xba7: 0x053b, 0xba8: 0x053f, 0xba9: 0x0543,
+	0xbaa: 0x0547, 0xbab: 0x054b, 0xbac: 0x054f, 0xbad: 0x0553, 0xbae: 0x0557, 0xbaf: 0x055b,
+	0xbb0: 0x055f, 0xbb1: 0x0563, 0xbb2: 0x0567, 0xbb3: 0x056f, 0xbb4: 0x0577, 0xbb5: 0x057f,
+	0xbb6: 0x0583, 0xbb7: 0x0587, 0xbb8: 0x058b, 0xbb9: 0x058f, 0xbba: 0x0593, 0xbbb: 0x0597,
+	0xbbc: 0x059b, 0xbbd: 0x059f, 0xbbe: 0x05a3,
+	// Block 0x2f, offset 0xbc0
+	0xbc0: 0x2b0f, 0xbc1: 0x29ab, 0xbc2: 0x2b1f, 0xbc3: 0x2883, 0xbc4: 0x2ee7, 0xbc5: 0x288d,
+	0xbc6: 0x2897, 0xbc7: 0x2f2b, 0xbc8: 0x29b8, 0xbc9: 0x28a1, 0xbca: 0x28ab, 0xbcb: 0x28b5,
+	0xbcc: 0x29df, 0xbcd: 0x29ec, 0xbce: 0x29c5, 0xbcf: 0x29d2, 0xbd0: 0x2eac, 0xbd1: 0x29f9,
+	0xbd2: 0x2a06, 0xbd3: 0x2bc1, 0xbd4: 0x26be, 0xbd5: 0x2bd4, 0xbd6: 0x2be7, 0xbd7: 0x2b2f,
+	0xbd8: 0x2a13, 0xbd9: 0x2bfa, 0xbda: 0x2c0d, 0xbdb: 0x2a20, 0xbdc: 0x28bf, 0xbdd: 0x28c9,
+	0xbde: 0x2eba, 0xbdf: 0x2a2d, 0xbe0: 0x2b3f, 0xbe1: 0x2ef8, 0xbe2: 0x28d3, 0xbe3: 0x28dd,
+	0xbe4: 0x2a3a, 0xbe5: 0x28e7, 0xbe6: 0x28f1, 0xbe7: 0x26d3, 0xbe8: 0x26da, 0xbe9: 0x28fb,
+	0xbea: 0x2905, 0xbeb: 0x2c20, 0xbec: 0x2a47, 0xbed: 0x2b4f, 0xbee: 0x2c33, 0xbef: 0x2a54,
+	0xbf0: 0x2919, 0xbf1: 0x290f, 0xbf2: 0x2f3f, 0xbf3: 0x2a61, 0xbf4: 0x2c46, 0xbf5: 0x2923,
+	0xbf6: 0x2b5f, 0xbf7: 0x292d, 0xbf8: 0x2a7b, 0xbf9: 0x2937, 0xbfa: 0x2a88, 0xbfb: 0x2f09,
+	0xbfc: 0x2a6e, 0xbfd: 0x2b6f, 0xbfe: 0x2a95, 0xbff: 0x26e1,
+	// Block 0x30, offset 0xc00
+	0xc00: 0x2f1a, 0xc01: 0x2941, 0xc02: 0x294b, 0xc03: 0x2aa2, 0xc04: 0x2955, 0xc05: 0x295f,
+	0xc06: 0x2969, 0xc07: 0x2b7f, 0xc08: 0x2aaf, 0xc09: 0x26e8, 0xc0a: 0x2c59, 0xc0b: 0x2e93,
+	0xc0c: 0x2b8f, 0xc0d: 0x2abc, 0xc0e: 0x2ec8, 0xc0f: 0x2973, 0xc10: 0x297d, 0xc11: 0x2ac9,
+	0xc12: 0x26ef, 0xc13: 0x2ad6, 0xc14: 0x2b9f, 0xc15: 0x26f6, 0xc16: 0x2c6c, 0xc17: 0x2987,
+	0xc18: 0x1cba, 0xc19: 0x1cce, 0xc1a: 0x1cdd, 0xc1b: 0x1cec, 0xc1c: 0x1cfb, 0xc1d: 0x1d0a,
+	0xc1e: 0x1d19, 0xc1f: 0x1d28, 0xc20: 0x1d37, 0xc21: 0x1d46, 0xc22: 0x2195, 0xc23: 0x21a7,
+	0xc24: 0x21b9, 0xc25: 0x21c5, 0xc26: 0x21d1, 0xc27: 0x21dd, 0xc28: 0x21e9, 0xc29: 0x21f5,
+	0xc2a: 0x2201, 0xc2b: 0x220d, 0xc2c: 0x2249, 0xc2d: 0x2255, 0xc2e: 0x2261, 0xc2f: 0x226d,
+	0xc30: 0x2279, 0xc31: 0x1c17, 0xc32: 0x19c9, 0xc33: 0x1936, 0xc34: 0x1be7, 0xc35: 0x1a4a,
+	0xc36: 0x1a59, 0xc37: 0x19cf, 0xc38: 0x1bff, 0xc39: 0x1c03, 0xc3a: 0x1960, 0xc3b: 0x2704,
+	0xc3c: 0x2712, 0xc3d: 0x26fd, 0xc3e: 0x270b, 0xc3f: 0x2ae3,
+	// Block 0x31, offset 0xc40
+	0xc40: 0x1a4d, 0xc41: 0x1a35, 0xc42: 0x1c63, 0xc43: 0x1a1d, 0xc44: 0x19f6, 0xc45: 0x1969,
+	0xc46: 0x1978, 0xc47: 0x1948, 0xc48: 0x1bf3, 0xc49: 0x1d55, 0xc4a: 0x1a50, 0xc4b: 0x1a38,
+	0xc4c: 0x1c67, 0xc4d: 0x1c73, 0xc4e: 0x1a29, 0xc4f: 0x19ff, 0xc50: 0x1957, 0xc51: 0x1c1f,
+	0xc52: 0x1bb3, 0xc53: 0x1b9f, 0xc54: 0x1bcf, 0xc55: 0x1c77, 0xc56: 0x1a2c, 0xc57: 0x19cc,
+	0xc58: 0x1a02, 0xc59: 0x19e1, 0xc5a: 0x1a44, 0xc5b: 0x1c7b, 0xc5c: 0x1a2f, 0xc5d: 0x19c3,
+	0xc5e: 0x1a05, 0xc5f: 0x1c3f, 0xc60: 0x1bf7, 0xc61: 0x1a17, 0xc62: 0x1c27, 0xc63: 0x1c43,
+	0xc64: 0x1bfb, 0xc65: 0x1a1a, 0xc66: 0x1c2b, 0xc67: 0x22eb, 0xc68: 0x22ff, 0xc69: 0x1999,
+	0xc6a: 0x1c23, 0xc6b: 0x1bb7, 0xc6c: 0x1ba3, 0xc6d: 0x1c4b, 0xc6e: 0x2719, 0xc6f: 0x27b0,
+	0xc70: 0x1a5c, 0xc71: 0x1a47, 0xc72: 0x1c7f, 0xc73: 0x1a32, 0xc74: 0x1a53, 0xc75: 0x1a3b,
+	0xc76: 0x1c6b, 0xc77: 0x1a20, 0xc78: 0x19f9, 0xc79: 0x1984, 0xc7a: 0x1a56, 0xc7b: 0x1a3e,
+	0xc7c: 0x1c6f, 0xc7d: 0x1a23, 0xc7e: 0x19fc, 0xc7f: 0x1987,
+	// Block 0x32, offset 0xc80
+	0xc80: 0x1c2f, 0xc81: 0x1bbb, 0xc82: 0x1d50, 0xc83: 0x1939, 0xc84: 0x19bd, 0xc85: 0x19c0,
+	0xc86: 0x22f8, 0xc87: 0x1b97, 0xc88: 0x19c6, 0xc89: 0x194b, 0xc8a: 0x19e4, 0xc8b: 0x194e,
+	0xc8c: 0x19ed, 0xc8d: 0x196c, 0xc8e: 0x196f, 0xc8f: 0x1a08, 0xc90: 0x1a0e, 0xc91: 0x1a11,
+	0xc92: 0x1c33, 0xc93: 0x1a14, 0xc94: 0x1a26, 0xc95: 0x1c3b, 0xc96: 0x1c47, 0xc97: 0x1993,
+	0xc98: 0x1d5a, 0xc99: 0x1bbf, 0xc9a: 0x1996, 0xc9b: 0x1a5f, 0xc9c: 0x19a8, 0xc9d: 0x19b7,
+	0xc9e: 0x22e5, 0xc9f: 0x22df, 0xca0: 0x1cc4, 0xca1: 0x1cd3, 0xca2: 0x1ce2, 0xca3: 0x1cf1,
+	0xca4: 0x1d00, 0xca5: 0x1d0f, 0xca6: 0x1d1e, 0xca7: 0x1d2d, 0xca8: 0x1d3c, 0xca9: 0x2189,
+	0xcaa: 0x219b, 0xcab: 0x21ad, 0xcac: 0x21bf, 0xcad: 0x21cb, 0xcae: 0x21d7, 0xcaf: 0x21e3,
+	0xcb0: 0x21ef, 0xcb1: 0x21fb, 0xcb2: 0x2207, 0xcb3: 0x2243, 0xcb4: 0x224f, 0xcb5: 0x225b,
+	0xcb6: 0x2267, 0xcb7: 0x2273, 0xcb8: 0x227f, 0xcb9: 0x2285, 0xcba: 0x228b, 0xcbb: 0x2291,
+	0xcbc: 0x2297, 0xcbd: 0x22a9, 0xcbe: 0x22af, 0xcbf: 0x1c13,
+	// Block 0x33, offset 0xcc0
+	0xcc0: 0x1377, 0xcc1: 0x0cfb, 0xcc2: 0x13d3, 0xcc3: 0x139f, 0xcc4: 0x0e57, 0xcc5: 0x06eb,
+	0xcc6: 0x08df, 0xcc7: 0x162b, 0xcc8: 0x162b, 0xcc9: 0x0a0b, 0xcca: 0x145f, 0xccb: 0x0943,
+	0xccc: 0x0a07, 0xccd: 0x0bef, 0xcce: 0x0fcf, 0xccf: 0x115f, 0xcd0: 0x1297, 0xcd1: 0x12d3,
+	0xcd2: 0x1307, 0xcd3: 0x141b, 0xcd4: 0x0d73, 0xcd5: 0x0dff, 0xcd6: 0x0eab, 0xcd7: 0x0f43,
+	0xcd8: 0x125f, 0xcd9: 0x1447, 0xcda: 0x1573, 0xcdb: 0x070f, 0xcdc: 0x08b3, 0xcdd: 0x0d87,
+	0xcde: 0x0ecf, 0xcdf: 0x1293, 0xce0: 0x15c3, 0xce1: 0x0ab3, 0xce2: 0x0e77, 0xce3: 0x1283,
+	0xce4: 0x1317, 0xce5: 0x0c23, 0xce6: 0x11bb, 0xce7: 0x12df, 0xce8: 0x0b1f, 0xce9: 0x0d0f,
+	0xcea: 0x0e17, 0xceb: 0x0f1b, 0xcec: 0x1427, 0xced: 0x074f, 0xcee: 0x07e7, 0xcef: 0x0853,
+	0xcf0: 0x0c8b, 0xcf1: 0x0d7f, 0xcf2: 0x0ecb, 0xcf3: 0x0fef, 0xcf4: 0x1177, 0xcf5: 0x128b,
+	0xcf6: 0x12a3, 0xcf7: 0x13c7, 0xcf8: 0x14ef, 0xcf9: 0x15a3, 0xcfa: 0x15bf, 0xcfb: 0x102b,
+	0xcfc: 0x106b, 0xcfd: 0x1123, 0xcfe: 0x1243, 0xcff: 0x147b,
+	// Block 0x34, offset 0xd00
+	0xd00: 0x15cb, 0xd01: 0x134b, 0xd02: 0x09c7, 0xd03: 0x0b3b, 0xd04: 0x10db, 0xd05: 0x119b,
+	0xd06: 0x0eff, 0xd07: 0x1033, 0xd08: 0x1397, 0xd09: 0x14e7, 0xd0a: 0x09c3, 0xd0b: 0x0a8f,
+	0xd0c: 0x0d77, 0xd0d: 0x0e2b, 0xd0e: 0x0e5f, 0xd0f: 0x1113, 0xd10: 0x113b, 0xd11: 0x14a7,
+	0xd12: 0x084f, 0xd13: 0x11a7, 0xd14: 0x07f3, 0xd15: 0x07ef, 0xd16: 0x1097, 0xd17: 0x1127,
+	0xd18: 0x125b, 0xd19: 0x14af, 0xd1a: 0x1367, 0xd1b: 0x0c27, 0xd1c: 0x0d73, 0xd1d: 0x1357,
+	0xd1e: 0x06f7, 0xd1f: 0x0a63, 0xd20: 0x0b93, 0xd21: 0x0f2f, 0xd22: 0x0faf, 0xd23: 0x0873,
+	0xd24: 0x103b, 0xd25: 0x075f, 0xd26: 0x0b77, 0xd27: 0x06d7, 0xd28: 0x0deb, 0xd29: 0x0ca3,
+	0xd2a: 0x110f, 0xd2b: 0x08c7, 0xd2c: 0x09b3, 0xd2d: 0x0ffb, 0xd2e: 0x1263, 0xd2f: 0x133b,
+	0xd30: 0x0db7, 0xd31: 0x13f7, 0xd32: 0x0de3, 0xd33: 0x0c37, 0xd34: 0x121b, 0xd35: 0x0c57,
+	0xd36: 0x0fab, 0xd37: 0x072b, 0xd38: 0x07a7, 0xd39: 0x07eb, 0xd3a: 0x0d53, 0xd3b: 0x10fb,
+	0xd3c: 0x11f3, 0xd3d: 0x1347, 0xd3e: 0x145b, 0xd3f: 0x085b,
+	// Block 0x35, offset 0xd40
+	0xd40: 0x090f, 0xd41: 0x0a17, 0xd42: 0x0b2f, 0xd43: 0x0cbf, 0xd44: 0x0e7b, 0xd45: 0x103f,
+	0xd46: 0x1497, 0xd47: 0x157b, 0xd48: 0x15cf, 0xd49: 0x15e7, 0xd4a: 0x0837, 0xd4b: 0x0cf3,
+	0xd4c: 0x0da3, 0xd4d: 0x13eb, 0xd4e: 0x0afb, 0xd4f: 0x0bd7, 0xd50: 0x0bf3, 0xd51: 0x0c83,
+	0xd52: 0x0e6b, 0xd53: 0x0eb7, 0xd54: 0x0f67, 0xd55: 0x108b, 0xd56: 0x112f, 0xd57: 0x1193,
+	0xd58: 0x13db, 0xd59: 0x126b, 0xd5a: 0x1403, 0xd5b: 0x147f, 0xd5c: 0x080f, 0xd5d: 0x083b,
+	0xd5e: 0x0923, 0xd5f: 0x0ea7, 0xd60: 0x12f3, 0xd61: 0x133b, 0xd62: 0x0b1b, 0xd63: 0x0b8b,
+	0xd64: 0x0c4f, 0xd65: 0x0daf, 0xd66: 0x10d7, 0xd67: 0x0f23, 0xd68: 0x073b, 0xd69: 0x097f,
+	0xd6a: 0x0a63, 0xd6b: 0x0ac7, 0xd6c: 0x0b97, 0xd6d: 0x0f3f, 0xd6e: 0x0f5b, 0xd6f: 0x116b,
+	0xd70: 0x118b, 0xd71: 0x1463, 0xd72: 0x14e3, 0xd73: 0x14f3, 0xd74: 0x152f, 0xd75: 0x0753,
+	0xd76: 0x107f, 0xd77: 0x144f, 0xd78: 0x14cb, 0xd79: 0x0baf, 0xd7a: 0x0717, 0xd7b: 0x0777,
+	0xd7c: 0x0a67, 0xd7d: 0x0a87, 0xd7e: 0x0caf, 0xd7f: 0x0d73,
+	// Block 0x36, offset 0xd80
+	0xd80: 0x0ec3, 0xd81: 0x0fcb, 0xd82: 0x1277, 0xd83: 0x1417, 0xd84: 0x1623, 0xd85: 0x0ce3,
+	0xd86: 0x14a3, 0xd87: 0x0833, 0xd88: 0x0d2f, 0xd89: 0x0d3b, 0xd8a: 0x0e0f, 0xd8b: 0x0e47,
+	0xd8c: 0x0f4b, 0xd8d: 0x0fa7, 0xd8e: 0x1027, 0xd8f: 0x110b, 0xd90: 0x153b, 0xd91: 0x07af,
+	0xd92: 0x0c03, 0xd93: 0x14b3, 0xd94: 0x0767, 0xd95: 0x0aab, 0xd96: 0x0e2f, 0xd97: 0x13df,
+	0xd98: 0x0b67, 0xd99: 0x0bb7, 0xd9a: 0x0d43, 0xd9b: 0x0f2f, 0xd9c: 0x14bb, 0xd9d: 0x0817,
+	0xd9e: 0x08ff, 0xd9f: 0x0a97, 0xda0: 0x0cd3, 0xda1: 0x0d1f, 0xda2: 0x0d5f, 0xda3: 0x0df3,
+	0xda4: 0x0f47, 0xda5: 0x0fbb, 0xda6: 0x1157, 0xda7: 0x12f7, 0xda8: 0x1303, 0xda9: 0x1457,
+	0xdaa: 0x14d7, 0xdab: 0x0883, 0xdac: 0x0e4b, 0xdad: 0x0903, 0xdae: 0x0ec7, 0xdaf: 0x0f6b,
+	0xdb0: 0x1287, 0xdb1: 0x14bf, 0xdb2: 0x15ab, 0xdb3: 0x15d3, 0xdb4: 0x0d37, 0xdb5: 0x0e27,
+	0xdb6: 0x11c3, 0xdb7: 0x10b7, 0xdb8: 0x10c3, 0xdb9: 0x10e7, 0xdba: 0x0f17, 0xdbb: 0x0e9f,
+	0xdbc: 0x1363, 0xdbd: 0x0733, 0xdbe: 0x122b, 0xdbf: 0x081b,
+	// Block 0x37, offset 0xdc0
+	0xdc0: 0x080b, 0xdc1: 0x0b0b, 0xdc2: 0x0c2b, 0xdc3: 0x10f3, 0xdc4: 0x0a53, 0xdc5: 0x0e03,
+	0xdc6: 0x0cef, 0xdc7: 0x13e7, 0xdc8: 0x12e7, 0xdc9: 0x14ab, 0xdca: 0x1323, 0xdcb: 0x0b27,
+	0xdcc: 0x0787, 0xdcd: 0x095b, 0xdd0: 0x09af,
+	0xdd2: 0x0cdf, 0xdd5: 0x07f7, 0xdd6: 0x0f1f, 0xdd7: 0x0fe3,
+	0xdd8: 0x1047, 0xdd9: 0x1063, 0xdda: 0x1067, 0xddb: 0x107b, 0xddc: 0x14fb, 0xddd: 0x10eb,
+	0xdde: 0x116f, 0xde0: 0x128f, 0xde2: 0x1353,
+	0xde5: 0x1407, 0xde6: 0x1433,
+	0xdea: 0x154f, 0xdeb: 0x1553, 0xdec: 0x1557, 0xded: 0x15bb, 0xdee: 0x142b, 0xdef: 0x14c7,
+	0xdf0: 0x0757, 0xdf1: 0x077b, 0xdf2: 0x078f, 0xdf3: 0x084b, 0xdf4: 0x0857, 0xdf5: 0x0897,
+	0xdf6: 0x094b, 0xdf7: 0x0967, 0xdf8: 0x096f, 0xdf9: 0x09ab, 0xdfa: 0x09b7, 0xdfb: 0x0a93,
+	0xdfc: 0x0a9b, 0xdfd: 0x0ba3, 0xdfe: 0x0bcb, 0xdff: 0x0bd3,
+	// Block 0x38, offset 0xe00
+	0xe00: 0x0beb, 0xe01: 0x0c97, 0xe02: 0x0cc7, 0xe03: 0x0ce7, 0xe04: 0x0d57, 0xe05: 0x0e1b,
+	0xe06: 0x0e37, 0xe07: 0x0e67, 0xe08: 0x0ebb, 0xe09: 0x0edb, 0xe0a: 0x0f4f, 0xe0b: 0x102f,
+	0xe0c: 0x104b, 0xe0d: 0x1053, 0xe0e: 0x104f, 0xe0f: 0x1057, 0xe10: 0x105b, 0xe11: 0x105f,
+	0xe12: 0x1073, 0xe13: 0x1077, 0xe14: 0x109b, 0xe15: 0x10af, 0xe16: 0x10cb, 0xe17: 0x112f,
+	0xe18: 0x1137, 0xe19: 0x113f, 0xe1a: 0x1153, 0xe1b: 0x117b, 0xe1c: 0x11cb, 0xe1d: 0x11ff,
+	0xe1e: 0x11ff, 0xe1f: 0x1267, 0xe20: 0x130f, 0xe21: 0x1327, 0xe22: 0x135b, 0xe23: 0x135f,
+	0xe24: 0x13a3, 0xe25: 0x13a7, 0xe26: 0x13ff, 0xe27: 0x1407, 0xe28: 0x14db, 0xe29: 0x151f,
+	0xe2a: 0x1537, 0xe2b: 0x0b9b, 0xe2c: 0x171e, 0xe2d: 0x11e3,
+	0xe30: 0x06df, 0xe31: 0x07e3, 0xe32: 0x07a3, 0xe33: 0x074b, 0xe34: 0x078b, 0xe35: 0x07b7,
+	0xe36: 0x0847, 0xe37: 0x0863, 0xe38: 0x094b, 0xe39: 0x0937, 0xe3a: 0x0947, 0xe3b: 0x0963,
+	0xe3c: 0x09af, 0xe3d: 0x09bf, 0xe3e: 0x0a03, 0xe3f: 0x0a0f,
+	// Block 0x39, offset 0xe40
+	0xe40: 0x0a2b, 0xe41: 0x0a3b, 0xe42: 0x0b23, 0xe43: 0x0b2b, 0xe44: 0x0b5b, 0xe45: 0x0b7b,
+	0xe46: 0x0bab, 0xe47: 0x0bc3, 0xe48: 0x0bb3, 0xe49: 0x0bd3, 0xe4a: 0x0bc7, 0xe4b: 0x0beb,
+	0xe4c: 0x0c07, 0xe4d: 0x0c5f, 0xe4e: 0x0c6b, 0xe4f: 0x0c73, 0xe50: 0x0c9b, 0xe51: 0x0cdf,
+	0xe52: 0x0d0f, 0xe53: 0x0d13, 0xe54: 0x0d27, 0xe55: 0x0da7, 0xe56: 0x0db7, 0xe57: 0x0e0f,
+	0xe58: 0x0e5b, 0xe59: 0x0e53, 0xe5a: 0x0e67, 0xe5b: 0x0e83, 0xe5c: 0x0ebb, 0xe5d: 0x1013,
+	0xe5e: 0x0edf, 0xe5f: 0x0f13, 0xe60: 0x0f1f, 0xe61: 0x0f5f, 0xe62: 0x0f7b, 0xe63: 0x0f9f,
+	0xe64: 0x0fc3, 0xe65: 0x0fc7, 0xe66: 0x0fe3, 0xe67: 0x0fe7, 0xe68: 0x0ff7, 0xe69: 0x100b,
+	0xe6a: 0x1007, 0xe6b: 0x1037, 0xe6c: 0x10b3, 0xe6d: 0x10cb, 0xe6e: 0x10e3, 0xe6f: 0x111b,
+	0xe70: 0x112f, 0xe71: 0x114b, 0xe72: 0x117b, 0xe73: 0x122f, 0xe74: 0x1257, 0xe75: 0x12cb,
+	0xe76: 0x1313, 0xe77: 0x131f, 0xe78: 0x1327, 0xe79: 0x133f, 0xe7a: 0x1353, 0xe7b: 0x1343,
+	0xe7c: 0x135b, 0xe7d: 0x1357, 0xe7e: 0x134f, 0xe7f: 0x135f,
+	// Block 0x3a, offset 0xe80
+	0xe80: 0x136b, 0xe81: 0x13a7, 0xe82: 0x13e3, 0xe83: 0x1413, 0xe84: 0x144b, 0xe85: 0x146b,
+	0xe86: 0x14b7, 0xe87: 0x14db, 0xe88: 0x14fb, 0xe89: 0x150f, 0xe8a: 0x151f, 0xe8b: 0x152b,
+	0xe8c: 0x1537, 0xe8d: 0x158b, 0xe8e: 0x162b, 0xe8f: 0x16b5, 0xe90: 0x16b0, 0xe91: 0x16e2,
+	0xe92: 0x0607, 0xe93: 0x062f, 0xe94: 0x0633, 0xe95: 0x1764, 0xe96: 0x1791, 0xe97: 0x1809,
+	0xe98: 0x1617, 0xe99: 0x1627,
+	// Block 0x3b, offset 0xec0
+	0xec0: 0x19d8, 0xec1: 0x19db, 0xec2: 0x19de, 0xec3: 0x1c0b, 0xec4: 0x1c0f, 0xec5: 0x1a62,
+	0xec6: 0x1a62,
+	0xed3: 0x1d78, 0xed4: 0x1d69, 0xed5: 0x1d6e, 0xed6: 0x1d7d, 0xed7: 0x1d73,
+	0xedd: 0x4393,
+	0xede: 0x8115, 0xedf: 0x4405, 0xee0: 0x022d, 0xee1: 0x0215, 0xee2: 0x021e, 0xee3: 0x0221,
+	0xee4: 0x0224, 0xee5: 0x0227, 0xee6: 0x022a, 0xee7: 0x0230, 0xee8: 0x0233, 0xee9: 0x0017,
+	0xeea: 0x43f3, 0xeeb: 0x43f9, 0xeec: 0x44f7, 0xeed: 0x44ff, 0xeee: 0x434b, 0xeef: 0x4351,
+	0xef0: 0x4357, 0xef1: 0x435d, 0xef2: 0x4369, 0xef3: 0x436f, 0xef4: 0x4375, 0xef5: 0x4381,
+	0xef6: 0x4387, 0xef8: 0x438d, 0xef9: 0x4399, 0xefa: 0x439f, 0xefb: 0x43a5,
+	0xefc: 0x43b1, 0xefe: 0x43b7,
+	// Block 0x3c, offset 0xf00
+	0xf00: 0x43bd, 0xf01: 0x43c3, 0xf03: 0x43c9, 0xf04: 0x43cf,
+	0xf06: 0x43db, 0xf07: 0x43e1, 0xf08: 0x43e7, 0xf09: 0x43ed, 0xf0a: 0x43ff, 0xf0b: 0x437b,
+	0xf0c: 0x4363, 0xf0d: 0x43ab, 0xf0e: 0x43d5, 0xf0f: 0x1d82, 0xf10: 0x0299, 0xf11: 0x0299,
+	0xf12: 0x02a2, 0xf13: 0x02a2, 0xf14: 0x02a2, 0xf15: 0x02a2, 0xf16: 0x02a5, 0xf17: 0x02a5,
+	0xf18: 0x02a5, 0xf19: 0x02a5, 0xf1a: 0x02ab, 0xf1b: 0x02ab, 0xf1c: 0x02ab, 0xf1d: 0x02ab,
+	0xf1e: 0x029f, 0xf1f: 0x029f, 0xf20: 0x029f, 0xf21: 0x029f, 0xf22: 0x02a8, 0xf23: 0x02a8,
+	0xf24: 0x02a8, 0xf25: 0x02a8, 0xf26: 0x029c, 0xf27: 0x029c, 0xf28: 0x029c, 0xf29: 0x029c,
+	0xf2a: 0x02cf, 0xf2b: 0x02cf, 0xf2c: 0x02cf, 0xf2d: 0x02cf, 0xf2e: 0x02d2, 0xf2f: 0x02d2,
+	0xf30: 0x02d2, 0xf31: 0x02d2, 0xf32: 0x02b1, 0xf33: 0x02b1, 0xf34: 0x02b1, 0xf35: 0x02b1,
+	0xf36: 0x02ae, 0xf37: 0x02ae, 0xf38: 0x02ae, 0xf39: 0x02ae, 0xf3a: 0x02b4, 0xf3b: 0x02b4,
+	0xf3c: 0x02b4, 0xf3d: 0x02b4, 0xf3e: 0x02b7, 0xf3f: 0x02b7,
+	// Block 0x3d, offset 0xf40
+	0xf40: 0x02b7, 0xf41: 0x02b7, 0xf42: 0x02c0, 0xf43: 0x02c0, 0xf44: 0x02bd, 0xf45: 0x02bd,
+	0xf46: 0x02c3, 0xf47: 0x02c3, 0xf48: 0x02ba, 0xf49: 0x02ba, 0xf4a: 0x02c9, 0xf4b: 0x02c9,
+	0xf4c: 0x02c6, 0xf4d: 0x02c6, 0xf4e: 0x02d5, 0xf4f: 0x02d5, 0xf50: 0x02d5, 0xf51: 0x02d5,
+	0xf52: 0x02db, 0xf53: 0x02db, 0xf54: 0x02db, 0xf55: 0x02db, 0xf56: 0x02e1, 0xf57: 0x02e1,
+	0xf58: 0x02e1, 0xf59: 0x02e1, 0xf5a: 0x02de, 0xf5b: 0x02de, 0xf5c: 0x02de, 0xf5d: 0x02de,
+	0xf5e: 0x02e4, 0xf5f: 0x02e4, 0xf60: 0x02e7, 0xf61: 0x02e7, 0xf62: 0x02e7, 0xf63: 0x02e7,
+	0xf64: 0x4471, 0xf65: 0x4471, 0xf66: 0x02ed, 0xf67: 0x02ed, 0xf68: 0x02ed, 0xf69: 0x02ed,
+	0xf6a: 0x02ea, 0xf6b: 0x02ea, 0xf6c: 0x02ea, 0xf6d: 0x02ea, 0xf6e: 0x0308, 0xf6f: 0x0308,
+	0xf70: 0x446b, 0xf71: 0x446b,
+	// Block 0x3e, offset 0xf80
+	0xf93: 0x02d8, 0xf94: 0x02d8, 0xf95: 0x02d8, 0xf96: 0x02d8, 0xf97: 0x02f6,
+	0xf98: 0x02f6, 0xf99: 0x02f3, 0xf9a: 0x02f3, 0xf9b: 0x02f9, 0xf9c: 0x02f9, 0xf9d: 0x2052,
+	0xf9e: 0x02ff, 0xf9f: 0x02ff, 0xfa0: 0x02f0, 0xfa1: 0x02f0, 0xfa2: 0x02fc, 0xfa3: 0x02fc,
+	0xfa4: 0x0305, 0xfa5: 0x0305, 0xfa6: 0x0305, 0xfa7: 0x0305, 0xfa8: 0x028d, 0xfa9: 0x028d,
+	0xfaa: 0x25ad, 0xfab: 0x25ad, 0xfac: 0x261d, 0xfad: 0x261d, 0xfae: 0x25ec, 0xfaf: 0x25ec,
+	0xfb0: 0x2608, 0xfb1: 0x2608, 0xfb2: 0x2601, 0xfb3: 0x2601, 0xfb4: 0x260f, 0xfb5: 0x260f,
+	0xfb6: 0x2616, 0xfb7: 0x2616, 0xfb8: 0x2616, 0xfb9: 0x25f3, 0xfba: 0x25f3, 0xfbb: 0x25f3,
+	0xfbc: 0x0302, 0xfbd: 0x0302, 0xfbe: 0x0302, 0xfbf: 0x0302,
+	// Block 0x3f, offset 0xfc0
+	0xfc0: 0x25b4, 0xfc1: 0x25bb, 0xfc2: 0x25d7, 0xfc3: 0x25f3, 0xfc4: 0x25fa, 0xfc5: 0x1d8c,
+	0xfc6: 0x1d91, 0xfc7: 0x1d96, 0xfc8: 0x1da5, 0xfc9: 0x1db4, 0xfca: 0x1db9, 0xfcb: 0x1dbe,
+	0xfcc: 0x1dc3, 0xfcd: 0x1dc8, 0xfce: 0x1dd7, 0xfcf: 0x1de6, 0xfd0: 0x1deb, 0xfd1: 0x1df0,
+	0xfd2: 0x1dff, 0xfd3: 0x1e0e, 0xfd4: 0x1e13, 0xfd5: 0x1e18, 0xfd6: 0x1e1d, 0xfd7: 0x1e2c,
+	0xfd8: 0x1e31, 0xfd9: 0x1e40, 0xfda: 0x1e45, 0xfdb: 0x1e4a, 0xfdc: 0x1e59, 0xfdd: 0x1e5e,
+	0xfde: 0x1e63, 0xfdf: 0x1e6d, 0xfe0: 0x1ea9, 0xfe1: 0x1eb8, 0xfe2: 0x1ec7, 0xfe3: 0x1ecc,
+	0xfe4: 0x1ed1, 0xfe5: 0x1edb, 0xfe6: 0x1eea, 0xfe7: 0x1eef, 0xfe8: 0x1efe, 0xfe9: 0x1f03,
+	0xfea: 0x1f08, 0xfeb: 0x1f17, 0xfec: 0x1f1c, 0xfed: 0x1f2b, 0xfee: 0x1f30, 0xfef: 0x1f35,
+	0xff0: 0x1f3a, 0xff1: 0x1f3f, 0xff2: 0x1f44, 0xff3: 0x1f49, 0xff4: 0x1f4e, 0xff5: 0x1f53,
+	0xff6: 0x1f58, 0xff7: 0x1f5d, 0xff8: 0x1f62, 0xff9: 0x1f67, 0xffa: 0x1f6c, 0xffb: 0x1f71,
+	0xffc: 0x1f76, 0xffd: 0x1f7b, 0xffe: 0x1f80, 0xfff: 0x1f8a,
+	// Block 0x40, offset 0x1000
+	0x1000: 0x1f8f, 0x1001: 0x1f94, 0x1002: 0x1f99, 0x1003: 0x1fa3, 0x1004: 0x1fa8, 0x1005: 0x1fb2,
+	0x1006: 0x1fb7, 0x1007: 0x1fbc, 0x1008: 0x1fc1, 0x1009: 0x1fc6, 0x100a: 0x1fcb, 0x100b: 0x1fd0,
+	0x100c: 0x1fd5, 0x100d: 0x1fda, 0x100e: 0x1fe9, 0x100f: 0x1ff8, 0x1010: 0x1ffd, 0x1011: 0x2002,
+	0x1012: 0x2007, 0x1013: 0x200c, 0x1014: 0x2011, 0x1015: 0x201b, 0x1016: 0x2020, 0x1017: 0x2025,
+	0x1018: 0x2034, 0x1019: 0x2043, 0x101a: 0x2048, 0x101b: 0x4423, 0x101c: 0x4429, 0x101d: 0x445f,
+	0x101e: 0x44b6, 0x101f: 0x44bd, 0x1020: 0x44c4, 0x1021: 0x44cb, 0x1022: 0x44d2, 0x1023: 0x44d9,
+	0x1024: 0x25c9, 0x1025: 0x25d0, 0x1026: 0x25d7, 0x1027: 0x25de, 0x1028: 0x25f3, 0x1029: 0x25fa,
+	0x102a: 0x1d9b, 0x102b: 0x1da0, 0x102c: 0x1da5, 0x102d: 0x1daa, 0x102e: 0x1db4, 0x102f: 0x1db9,
+	0x1030: 0x1dcd, 0x1031: 0x1dd2, 0x1032: 0x1dd7, 0x1033: 0x1ddc, 0x1034: 0x1de6, 0x1035: 0x1deb,
+	0x1036: 0x1df5, 0x1037: 0x1dfa, 0x1038: 0x1dff, 0x1039: 0x1e04, 0x103a: 0x1e0e, 0x103b: 0x1e13,
+	0x103c: 0x1f3f, 0x103d: 0x1f44, 0x103e: 0x1f53, 0x103f: 0x1f58,
+	// Block 0x41, offset 0x1040
+	0x1040: 0x1f5d, 0x1041: 0x1f71, 0x1042: 0x1f76, 0x1043: 0x1f7b, 0x1044: 0x1f80, 0x1045: 0x1f99,
+	0x1046: 0x1fa3, 0x1047: 0x1fa8, 0x1048: 0x1fad, 0x1049: 0x1fc1, 0x104a: 0x1fdf, 0x104b: 0x1fe4,
+	0x104c: 0x1fe9, 0x104d: 0x1fee, 0x104e: 0x1ff8, 0x104f: 0x1ffd, 0x1050: 0x445f, 0x1051: 0x202a,
+	0x1052: 0x202f, 0x1053: 0x2034, 0x1054: 0x2039, 0x1055: 0x2043, 0x1056: 0x2048, 0x1057: 0x25b4,
+	0x1058: 0x25bb, 0x1059: 0x25c2, 0x105a: 0x25d7, 0x105b: 0x25e5, 0x105c: 0x1d8c, 0x105d: 0x1d91,
+	0x105e: 0x1d96, 0x105f: 0x1da5, 0x1060: 0x1daf, 0x1061: 0x1dbe, 0x1062: 0x1dc3, 0x1063: 0x1dc8,
+	0x1064: 0x1dd7, 0x1065: 0x1de1, 0x1066: 0x1dff, 0x1067: 0x1e18, 0x1068: 0x1e1d, 0x1069: 0x1e2c,
+	0x106a: 0x1e31, 0x106b: 0x1e40, 0x106c: 0x1e4a, 0x106d: 0x1e59, 0x106e: 0x1e5e, 0x106f: 0x1e63,
+	0x1070: 0x1e6d, 0x1071: 0x1ea9, 0x1072: 0x1eae, 0x1073: 0x1eb8, 0x1074: 0x1ec7, 0x1075: 0x1ecc,
+	0x1076: 0x1ed1, 0x1077: 0x1edb, 0x1078: 0x1eea, 0x1079: 0x1efe, 0x107a: 0x1f03, 0x107b: 0x1f08,
+	0x107c: 0x1f17, 0x107d: 0x1f1c, 0x107e: 0x1f2b, 0x107f: 0x1f30,
+	// Block 0x42, offset 0x1080
+	0x1080: 0x1f35, 0x1081: 0x1f3a, 0x1082: 0x1f49, 0x1083: 0x1f4e, 0x1084: 0x1f62, 0x1085: 0x1f67,
+	0x1086: 0x1f6c, 0x1087: 0x1f71, 0x1088: 0x1f76, 0x1089: 0x1f8a, 0x108a: 0x1f8f, 0x108b: 0x1f94,
+	0x108c: 0x1f99, 0x108d: 0x1f9e, 0x108e: 0x1fb2, 0x108f: 0x1fb7, 0x1090: 0x1fbc, 0x1091: 0x1fc1,
+	0x1092: 0x1fd0, 0x1093: 0x1fd5, 0x1094: 0x1fda, 0x1095: 0x1fe9, 0x1096: 0x1ff3, 0x1097: 0x2002,
+	0x1098: 0x2007, 0x1099: 0x4453, 0x109a: 0x201b, 0x109b: 0x2020, 0x109c: 0x2025, 0x109d: 0x2034,
+	0x109e: 0x203e, 0x109f: 0x25d7, 0x10a0: 0x25e5, 0x10a1: 0x1da5, 0x10a2: 0x1daf, 0x10a3: 0x1dd7,
+	0x10a4: 0x1de1, 0x10a5: 0x1dff, 0x10a6: 0x1e09, 0x10a7: 0x1e6d, 0x10a8: 0x1e72, 0x10a9: 0x1e95,
+	0x10aa: 0x1e9a, 0x10ab: 0x1f71, 0x10ac: 0x1f76, 0x10ad: 0x1f99, 0x10ae: 0x1fe9, 0x10af: 0x1ff3,
+	0x10b0: 0x2034, 0x10b1: 0x203e, 0x10b2: 0x4507, 0x10b3: 0x450f, 0x10b4: 0x4517, 0x10b5: 0x1ef4,
+	0x10b6: 0x1ef9, 0x10b7: 0x1f0d, 0x10b8: 0x1f12, 0x10b9: 0x1f21, 0x10ba: 0x1f26, 0x10bb: 0x1e77,
+	0x10bc: 0x1e7c, 0x10bd: 0x1e9f, 0x10be: 0x1ea4, 0x10bf: 0x1e36,
+	// Block 0x43, offset 0x10c0
+	0x10c0: 0x1e3b, 0x10c1: 0x1e22, 0x10c2: 0x1e27, 0x10c3: 0x1e4f, 0x10c4: 0x1e54, 0x10c5: 0x1ebd,
+	0x10c6: 0x1ec2, 0x10c7: 0x1ee0, 0x10c8: 0x1ee5, 0x10c9: 0x1e81, 0x10ca: 0x1e86, 0x10cb: 0x1e8b,
+	0x10cc: 0x1e95, 0x10cd: 0x1e90, 0x10ce: 0x1e68, 0x10cf: 0x1eb3, 0x10d0: 0x1ed6, 0x10d1: 0x1ef4,
+	0x10d2: 0x1ef9, 0x10d3: 0x1f0d, 0x10d4: 0x1f12, 0x10d5: 0x1f21, 0x10d6: 0x1f26, 0x10d7: 0x1e77,
+	0x10d8: 0x1e7c, 0x10d9: 0x1e9f, 0x10da: 0x1ea4, 0x10db: 0x1e36, 0x10dc: 0x1e3b, 0x10dd: 0x1e22,
+	0x10de: 0x1e27, 0x10df: 0x1e4f, 0x10e0: 0x1e54, 0x10e1: 0x1ebd, 0x10e2: 0x1ec2, 0x10e3: 0x1ee0,
+	0x10e4: 0x1ee5, 0x10e5: 0x1e81, 0x10e6: 0x1e86, 0x10e7: 0x1e8b, 0x10e8: 0x1e95, 0x10e9: 0x1e90,
+	0x10ea: 0x1e68, 0x10eb: 0x1eb3, 0x10ec: 0x1ed6, 0x10ed: 0x1e81, 0x10ee: 0x1e86, 0x10ef: 0x1e8b,
+	0x10f0: 0x1e95, 0x10f1: 0x1e72, 0x10f2: 0x1e9a, 0x10f3: 0x1eef, 0x10f4: 0x1e59, 0x10f5: 0x1e5e,
+	0x10f6: 0x1e63, 0x10f7: 0x1e81, 0x10f8: 0x1e86, 0x10f9: 0x1e8b, 0x10fa: 0x1eef, 0x10fb: 0x1efe,
+	0x10fc: 0x440b, 0x10fd: 0x440b,
+	// Block 0x44, offset 0x1100
+	0x1110: 0x2314, 0x1111: 0x2329,
+	0x1112: 0x2329, 0x1113: 0x2330, 0x1114: 0x2337, 0x1115: 0x234c, 0x1116: 0x2353, 0x1117: 0x235a,
+	0x1118: 0x237d, 0x1119: 0x237d, 0x111a: 0x23a0, 0x111b: 0x2399, 0x111c: 0x23b5, 0x111d: 0x23a7,
+	0x111e: 0x23ae, 0x111f: 0x23d1, 0x1120: 0x23d1, 0x1121: 0x23ca, 0x1122: 0x23d8, 0x1123: 0x23d8,
+	0x1124: 0x2402, 0x1125: 0x2402, 0x1126: 0x241e, 0x1127: 0x23e6, 0x1128: 0x23e6, 0x1129: 0x23df,
+	0x112a: 0x23f4, 0x112b: 0x23f4, 0x112c: 0x23fb, 0x112d: 0x23fb, 0x112e: 0x2425, 0x112f: 0x2433,
+	0x1130: 0x2433, 0x1131: 0x243a, 0x1132: 0x243a, 0x1133: 0x2441, 0x1134: 0x2448, 0x1135: 0x244f,
+	0x1136: 0x2456, 0x1137: 0x2456, 0x1138: 0x245d, 0x1139: 0x246b, 0x113a: 0x2479, 0x113b: 0x2472,
+	0x113c: 0x2480, 0x113d: 0x2480, 0x113e: 0x2495, 0x113f: 0x249c,
+	// Block 0x45, offset 0x1140
+	0x1140: 0x24cd, 0x1141: 0x24db, 0x1142: 0x24d4, 0x1143: 0x24b8, 0x1144: 0x24b8, 0x1145: 0x24e2,
+	0x1146: 0x24e2, 0x1147: 0x24e9, 0x1148: 0x24e9, 0x1149: 0x2513, 0x114a: 0x251a, 0x114b: 0x2521,
+	0x114c: 0x24f7, 0x114d: 0x2505, 0x114e: 0x2528, 0x114f: 0x252f,
+	0x1152: 0x24fe, 0x1153: 0x2583, 0x1154: 0x258a, 0x1155: 0x2560, 0x1156: 0x2567, 0x1157: 0x254b,
+	0x1158: 0x254b, 0x1159: 0x2552, 0x115a: 0x257c, 0x115b: 0x2575, 0x115c: 0x259f, 0x115d: 0x259f,
+	0x115e: 0x230d, 0x115f: 0x2322, 0x1160: 0x231b, 0x1161: 0x2345, 0x1162: 0x233e, 0x1163: 0x2368,
+	0x1164: 0x2361, 0x1165: 0x238b, 0x1166: 0x236f, 0x1167: 0x2384, 0x1168: 0x23bc, 0x1169: 0x2409,
+	0x116a: 0x23ed, 0x116b: 0x242c, 0x116c: 0x24c6, 0x116d: 0x24f0, 0x116e: 0x2598, 0x116f: 0x2591,
+	0x1170: 0x25a6, 0x1171: 0x253d, 0x1172: 0x24a3, 0x1173: 0x256e, 0x1174: 0x2495, 0x1175: 0x24cd,
+	0x1176: 0x2464, 0x1177: 0x24b1, 0x1178: 0x2544, 0x1179: 0x2536, 0x117a: 0x24bf, 0x117b: 0x24aa,
+	0x117c: 0x24bf, 0x117d: 0x2544, 0x117e: 0x2376, 0x117f: 0x2392,
+	// Block 0x46, offset 0x1180
+	0x1180: 0x250c, 0x1181: 0x2487, 0x1182: 0x2306, 0x1183: 0x24aa, 0x1184: 0x244f, 0x1185: 0x241e,
+	0x1186: 0x23c3, 0x1187: 0x2559,
+	0x11b0: 0x2417, 0x11b1: 0x248e, 0x11b2: 0x27c2, 0x11b3: 0x27b9, 0x11b4: 0x27ef, 0x11b5: 0x27dd,
+	0x11b6: 0x27cb, 0x11b7: 0x27e6, 0x11b8: 0x27f8, 0x11b9: 0x2410, 0x11ba: 0x2c7f, 0x11bb: 0x2aff,
+	0x11bc: 0x27d4,
+	// Block 0x47, offset 0x11c0
+	0x11d0: 0x0019, 0x11d1: 0x0483,
+	0x11d2: 0x0487, 0x11d3: 0x0035, 0x11d4: 0x0037, 0x11d5: 0x0003, 0x11d6: 0x003f, 0x11d7: 0x04bf,
+	0x11d8: 0x04c3, 0x11d9: 0x1b5f,
+	0x11e0: 0x8132, 0x11e1: 0x8132, 0x11e2: 0x8132, 0x11e3: 0x8132,
+	0x11e4: 0x8132, 0x11e5: 0x8132, 0x11e6: 0x8132, 0x11e7: 0x812d, 0x11e8: 0x812d, 0x11e9: 0x812d,
+	0x11ea: 0x812d, 0x11eb: 0x812d, 0x11ec: 0x812d, 0x11ed: 0x812d, 0x11ee: 0x8132, 0x11ef: 0x8132,
+	0x11f0: 0x1873, 0x11f1: 0x0443, 0x11f2: 0x043f, 0x11f3: 0x007f, 0x11f4: 0x007f, 0x11f5: 0x0011,
+	0x11f6: 0x0013, 0x11f7: 0x00b7, 0x11f8: 0x00bb, 0x11f9: 0x04b7, 0x11fa: 0x04bb, 0x11fb: 0x04ab,
+	0x11fc: 0x04af, 0x11fd: 0x0493, 0x11fe: 0x0497, 0x11ff: 0x048b,
+	// Block 0x48, offset 0x1200
+	0x1200: 0x048f, 0x1201: 0x049b, 0x1202: 0x049f, 0x1203: 0x04a3, 0x1204: 0x04a7,
+	0x1207: 0x0077, 0x1208: 0x007b, 0x1209: 0x426c, 0x120a: 0x426c, 0x120b: 0x426c,
+	0x120c: 0x426c, 0x120d: 0x007f, 0x120e: 0x007f, 0x120f: 0x007f, 0x1210: 0x0019, 0x1211: 0x0483,
+	0x1212: 0x001d, 0x1214: 0x0037, 0x1215: 0x0035, 0x1216: 0x003f, 0x1217: 0x0003,
+	0x1218: 0x0443, 0x1219: 0x0011, 0x121a: 0x0013, 0x121b: 0x00b7, 0x121c: 0x00bb, 0x121d: 0x04b7,
+	0x121e: 0x04bb, 0x121f: 0x0007, 0x1220: 0x000d, 0x1221: 0x0015, 0x1222: 0x0017, 0x1223: 0x001b,
+	0x1224: 0x0039, 0x1225: 0x003d, 0x1226: 0x003b, 0x1228: 0x0079, 0x1229: 0x0009,
+	0x122a: 0x000b, 0x122b: 0x0041,
+	0x1230: 0x42ad, 0x1231: 0x442f, 0x1232: 0x42b2, 0x1234: 0x42b7,
+	0x1236: 0x42bc, 0x1237: 0x4435, 0x1238: 0x42c1, 0x1239: 0x443b, 0x123a: 0x42c6, 0x123b: 0x4441,
+	0x123c: 0x42cb, 0x123d: 0x4447, 0x123e: 0x42d0, 0x123f: 0x444d,
+	// Block 0x49, offset 0x1240
+	0x1240: 0x0236, 0x1241: 0x4411, 0x1242: 0x4411, 0x1243: 0x4417, 0x1244: 0x4417, 0x1245: 0x4459,
+	0x1246: 0x4459, 0x1247: 0x441d, 0x1248: 0x441d, 0x1249: 0x4465, 0x124a: 0x4465, 0x124b: 0x4465,
+	0x124c: 0x4465, 0x124d: 0x0239, 0x124e: 0x0239, 0x124f: 0x023c, 0x1250: 0x023c, 0x1251: 0x023c,
+	0x1252: 0x023c, 0x1253: 0x023f, 0x1254: 0x023f, 0x1255: 0x0242, 0x1256: 0x0242, 0x1257: 0x0242,
+	0x1258: 0x0242, 0x1259: 0x0245, 0x125a: 0x0245, 0x125b: 0x0245, 0x125c: 0x0245, 0x125d: 0x0248,
+	0x125e: 0x0248, 0x125f: 0x0248, 0x1260: 0x0248, 0x1261: 0x024b, 0x1262: 0x024b, 0x1263: 0x024b,
+	0x1264: 0x024b, 0x1265: 0x024e, 0x1266: 0x024e, 0x1267: 0x024e, 0x1268: 0x024e, 0x1269: 0x0251,
+	0x126a: 0x0251, 0x126b: 0x0254, 0x126c: 0x0254, 0x126d: 0x0257, 0x126e: 0x0257, 0x126f: 0x025a,
+	0x1270: 0x025a, 0x1271: 0x025d, 0x1272: 0x025d, 0x1273: 0x025d, 0x1274: 0x025d, 0x1275: 0x0260,
+	0x1276: 0x0260, 0x1277: 0x0260, 0x1278: 0x0260, 0x1279: 0x0263, 0x127a: 0x0263, 0x127b: 0x0263,
+	0x127c: 0x0263, 0x127d: 0x0266, 0x127e: 0x0266, 0x127f: 0x0266,
+	// Block 0x4a, offset 0x1280
+	0x1280: 0x0266, 0x1281: 0x0269, 0x1282: 0x0269, 0x1283: 0x0269, 0x1284: 0x0269, 0x1285: 0x026c,
+	0x1286: 0x026c, 0x1287: 0x026c, 0x1288: 0x026c, 0x1289: 0x026f, 0x128a: 0x026f, 0x128b: 0x026f,
+	0x128c: 0x026f, 0x128d: 0x0272, 0x128e: 0x0272, 0x128f: 0x0272, 0x1290: 0x0272, 0x1291: 0x0275,
+	0x1292: 0x0275, 0x1293: 0x0275, 0x1294: 0x0275, 0x1295: 0x0278, 0x1296: 0x0278, 0x1297: 0x0278,
+	0x1298: 0x0278, 0x1299: 0x027b, 0x129a: 0x027b, 0x129b: 0x027b, 0x129c: 0x027b, 0x129d: 0x027e,
+	0x129e: 0x027e, 0x129f: 0x027e, 0x12a0: 0x027e, 0x12a1: 0x0281, 0x12a2: 0x0281, 0x12a3: 0x0281,
+	0x12a4: 0x0281, 0x12a5: 0x0284, 0x12a6: 0x0284, 0x12a7: 0x0284, 0x12a8: 0x0284, 0x12a9: 0x0287,
+	0x12aa: 0x0287, 0x12ab: 0x0287, 0x12ac: 0x0287, 0x12ad: 0x028a, 0x12ae: 0x028a, 0x12af: 0x028d,
+	0x12b0: 0x028d, 0x12b1: 0x0290, 0x12b2: 0x0290, 0x12b3: 0x0290, 0x12b4: 0x0290, 0x12b5: 0x2e03,
+	0x12b6: 0x2e03, 0x12b7: 0x2e0b, 0x12b8: 0x2e0b, 0x12b9: 0x2e13, 0x12ba: 0x2e13, 0x12bb: 0x1f85,
+	0x12bc: 0x1f85,
+	// Block 0x4b, offset 0x12c0
+	0x12c0: 0x0081, 0x12c1: 0x0083, 0x12c2: 0x0085, 0x12c3: 0x0087, 0x12c4: 0x0089, 0x12c5: 0x008b,
+	0x12c6: 0x008d, 0x12c7: 0x008f, 0x12c8: 0x0091, 0x12c9: 0x0093, 0x12ca: 0x0095, 0x12cb: 0x0097,
+	0x12cc: 0x0099, 0x12cd: 0x009b, 0x12ce: 0x009d, 0x12cf: 0x009f, 0x12d0: 0x00a1, 0x12d1: 0x00a3,
+	0x12d2: 0x00a5, 0x12d3: 0x00a7, 0x12d4: 0x00a9, 0x12d5: 0x00ab, 0x12d6: 0x00ad, 0x12d7: 0x00af,
+	0x12d8: 0x00b1, 0x12d9: 0x00b3, 0x12da: 0x00b5, 0x12db: 0x00b7, 0x12dc: 0x00b9, 0x12dd: 0x00bb,
+	0x12de: 0x00bd, 0x12df: 0x0477, 0x12e0: 0x047b, 0x12e1: 0x0487, 0x12e2: 0x049b, 0x12e3: 0x049f,
+	0x12e4: 0x0483, 0x12e5: 0x05ab, 0x12e6: 0x05a3, 0x12e7: 0x04c7, 0x12e8: 0x04cf, 0x12e9: 0x04d7,
+	0x12ea: 0x04df, 0x12eb: 0x04e7, 0x12ec: 0x056b, 0x12ed: 0x0573, 0x12ee: 0x057b, 0x12ef: 0x051f,
+	0x12f0: 0x05af, 0x12f1: 0x04cb, 0x12f2: 0x04d3, 0x12f3: 0x04db, 0x12f4: 0x04e3, 0x12f5: 0x04eb,
+	0x12f6: 0x04ef, 0x12f7: 0x04f3, 0x12f8: 0x04f7, 0x12f9: 0x04fb, 0x12fa: 0x04ff, 0x12fb: 0x0503,
+	0x12fc: 0x0507, 0x12fd: 0x050b, 0x12fe: 0x050f, 0x12ff: 0x0513,
+	// Block 0x4c, offset 0x1300
+	0x1300: 0x0517, 0x1301: 0x051b, 0x1302: 0x0523, 0x1303: 0x0527, 0x1304: 0x052b, 0x1305: 0x052f,
+	0x1306: 0x0533, 0x1307: 0x0537, 0x1308: 0x053b, 0x1309: 0x053f, 0x130a: 0x0543, 0x130b: 0x0547,
+	0x130c: 0x054b, 0x130d: 0x054f, 0x130e: 0x0553, 0x130f: 0x0557, 0x1310: 0x055b, 0x1311: 0x055f,
+	0x1312: 0x0563, 0x1313: 0x0567, 0x1314: 0x056f, 0x1315: 0x0577, 0x1316: 0x057f, 0x1317: 0x0583,
+	0x1318: 0x0587, 0x1319: 0x058b, 0x131a: 0x058f, 0x131b: 0x0593, 0x131c: 0x0597, 0x131d: 0x05a7,
+	0x131e: 0x4a7b, 0x131f: 0x4a81, 0x1320: 0x03c3, 0x1321: 0x0313, 0x1322: 0x0317, 0x1323: 0x4a3e,
+	0x1324: 0x031b, 0x1325: 0x4a44, 0x1326: 0x4a4a, 0x1327: 0x031f, 0x1328: 0x0323, 0x1329: 0x0327,
+	0x132a: 0x4a50, 0x132b: 0x4a56, 0x132c: 0x4a5c, 0x132d: 0x4a62, 0x132e: 0x4a68, 0x132f: 0x4a6e,
+	0x1330: 0x0367, 0x1331: 0x032b, 0x1332: 0x032f, 0x1333: 0x0333, 0x1334: 0x037b, 0x1335: 0x0337,
+	0x1336: 0x033b, 0x1337: 0x033f, 0x1338: 0x0343, 0x1339: 0x0347, 0x133a: 0x034b, 0x133b: 0x034f,
+	0x133c: 0x0353, 0x133d: 0x0357, 0x133e: 0x035b,
+	// Block 0x4d, offset 0x1340
+	0x1342: 0x49c0, 0x1343: 0x49c6, 0x1344: 0x49cc, 0x1345: 0x49d2,
+	0x1346: 0x49d8, 0x1347: 0x49de, 0x134a: 0x49e4, 0x134b: 0x49ea,
+	0x134c: 0x49f0, 0x134d: 0x49f6, 0x134e: 0x49fc, 0x134f: 0x4a02,
+	0x1352: 0x4a08, 0x1353: 0x4a0e, 0x1354: 0x4a14, 0x1355: 0x4a1a, 0x1356: 0x4a20, 0x1357: 0x4a26,
+	0x135a: 0x4a2c, 0x135b: 0x4a32, 0x135c: 0x4a38,
+	0x1360: 0x00bf, 0x1361: 0x00c2, 0x1362: 0x00cb, 0x1363: 0x4267,
+	0x1364: 0x00c8, 0x1365: 0x00c5, 0x1366: 0x0447, 0x1368: 0x046b, 0x1369: 0x044b,
+	0x136a: 0x044f, 0x136b: 0x0453, 0x136c: 0x0457, 0x136d: 0x046f, 0x136e: 0x0473,
+	// Block 0x4e, offset 0x1380
+	0x1380: 0x0063, 0x1381: 0x0065, 0x1382: 0x0067, 0x1383: 0x0069, 0x1384: 0x006b, 0x1385: 0x006d,
+	0x1386: 0x006f, 0x1387: 0x0071, 0x1388: 0x0073, 0x1389: 0x0075, 0x138a: 0x0083, 0x138b: 0x0085,
+	0x138c: 0x0087, 0x138d: 0x0089, 0x138e: 0x008b, 0x138f: 0x008d, 0x1390: 0x008f, 0x1391: 0x0091,
+	0x1392: 0x0093, 0x1393: 0x0095, 0x1394: 0x0097, 0x1395: 0x0099, 0x1396: 0x009b, 0x1397: 0x009d,
+	0x1398: 0x009f, 0x1399: 0x00a1, 0x139a: 0x00a3, 0x139b: 0x00a5, 0x139c: 0x00a7, 0x139d: 0x00a9,
+	0x139e: 0x00ab, 0x139f: 0x00ad, 0x13a0: 0x00af, 0x13a1: 0x00b1, 0x13a2: 0x00b3, 0x13a3: 0x00b5,
+	0x13a4: 0x00dd, 0x13a5: 0x00f2, 0x13a8: 0x0173, 0x13a9: 0x0176,
+	0x13aa: 0x0179, 0x13ab: 0x017c, 0x13ac: 0x017f, 0x13ad: 0x0182, 0x13ae: 0x0185, 0x13af: 0x0188,
+	0x13b0: 0x018b, 0x13b1: 0x018e, 0x13b2: 0x0191, 0x13b3: 0x0194, 0x13b4: 0x0197, 0x13b5: 0x019a,
+	0x13b6: 0x019d, 0x13b7: 0x01a0, 0x13b8: 0x01a3, 0x13b9: 0x0188, 0x13ba: 0x01a6, 0x13bb: 0x01a9,
+	0x13bc: 0x01ac, 0x13bd: 0x01af, 0x13be: 0x01b2, 0x13bf: 0x01b5,
+	// Block 0x4f, offset 0x13c0
+	0x13c0: 0x01fd, 0x13c1: 0x0200, 0x13c2: 0x0203, 0x13c3: 0x045b, 0x13c4: 0x01c7, 0x13c5: 0x01d0,
+	0x13c6: 0x01d6, 0x13c7: 0x01fa, 0x13c8: 0x01eb, 0x13c9: 0x01e8, 0x13ca: 0x0206, 0x13cb: 0x0209,
+	0x13ce: 0x0021, 0x13cf: 0x0023, 0x13d0: 0x0025, 0x13d1: 0x0027,
+	0x13d2: 0x0029, 0x13d3: 0x002b, 0x13d4: 0x002d, 0x13d5: 0x002f, 0x13d6: 0x0031, 0x13d7: 0x0033,
+	0x13d8: 0x0021, 0x13d9: 0x0023, 0x13da: 0x0025, 0x13db: 0x0027, 0x13dc: 0x0029, 0x13dd: 0x002b,
+	0x13de: 0x002d, 0x13df: 0x002f, 0x13e0: 0x0031, 0x13e1: 0x0033, 0x13e2: 0x0021, 0x13e3: 0x0023,
+	0x13e4: 0x0025, 0x13e5: 0x0027, 0x13e6: 0x0029, 0x13e7: 0x002b, 0x13e8: 0x002d, 0x13e9: 0x002f,
+	0x13ea: 0x0031, 0x13eb: 0x0033, 0x13ec: 0x0021, 0x13ed: 0x0023, 0x13ee: 0x0025, 0x13ef: 0x0027,
+	0x13f0: 0x0029, 0x13f1: 0x002b, 0x13f2: 0x002d, 0x13f3: 0x002f, 0x13f4: 0x0031, 0x13f5: 0x0033,
+	0x13f6: 0x0021, 0x13f7: 0x0023, 0x13f8: 0x0025, 0x13f9: 0x0027, 0x13fa: 0x0029, 0x13fb: 0x002b,
+	0x13fc: 0x002d, 0x13fd: 0x002f, 0x13fe: 0x0031, 0x13ff: 0x0033,
+	// Block 0x50, offset 0x1400
+	0x1400: 0x0239, 0x1401: 0x023c, 0x1402: 0x0248, 0x1403: 0x0251, 0x1405: 0x028a,
+	0x1406: 0x025a, 0x1407: 0x024b, 0x1408: 0x0269, 0x1409: 0x0290, 0x140a: 0x027b, 0x140b: 0x027e,
+	0x140c: 0x0281, 0x140d: 0x0284, 0x140e: 0x025d, 0x140f: 0x026f, 0x1410: 0x0275, 0x1411: 0x0263,
+	0x1412: 0x0278, 0x1413: 0x0257, 0x1414: 0x0260, 0x1415: 0x0242, 0x1416: 0x0245, 0x1417: 0x024e,
+	0x1418: 0x0254, 0x1419: 0x0266, 0x141a: 0x026c, 0x141b: 0x0272, 0x141c: 0x0293, 0x141d: 0x02e4,
+	0x141e: 0x02cc, 0x141f: 0x0296, 0x1421: 0x023c, 0x1422: 0x0248,
+	0x1424: 0x0287, 0x1427: 0x024b, 0x1429: 0x0290,
+	0x142a: 0x027b, 0x142b: 0x027e, 0x142c: 0x0281, 0x142d: 0x0284, 0x142e: 0x025d, 0x142f: 0x026f,
+	0x1430: 0x0275, 0x1431: 0x0263, 0x1432: 0x0278, 0x1434: 0x0260, 0x1435: 0x0242,
+	0x1436: 0x0245, 0x1437: 0x024e, 0x1439: 0x0266, 0x143b: 0x0272,
+	// Block 0x51, offset 0x1440
+	0x1442: 0x0248,
+	0x1447: 0x024b, 0x1449: 0x0290, 0x144b: 0x027e,
+	0x144d: 0x0284, 0x144e: 0x025d, 0x144f: 0x026f, 0x1451: 0x0263,
+	0x1452: 0x0278, 0x1454: 0x0260, 0x1457: 0x024e,
+	0x1459: 0x0266, 0x145b: 0x0272, 0x145d: 0x02e4,
+	0x145f: 0x0296, 0x1461: 0x023c, 0x1462: 0x0248,
+	0x1464: 0x0287, 0x1467: 0x024b, 0x1468: 0x0269, 0x1469: 0x0290,
+	0x146a: 0x027b, 0x146c: 0x0281, 0x146d: 0x0284, 0x146e: 0x025d, 0x146f: 0x026f,
+	0x1470: 0x0275, 0x1471: 0x0263, 0x1472: 0x0278, 0x1474: 0x0260, 0x1475: 0x0242,
+	0x1476: 0x0245, 0x1477: 0x024e, 0x1479: 0x0266, 0x147a: 0x026c, 0x147b: 0x0272,
+	0x147c: 0x0293, 0x147e: 0x02cc,
+	// Block 0x52, offset 0x1480
+	0x1480: 0x0239, 0x1481: 0x023c, 0x1482: 0x0248, 0x1483: 0x0251, 0x1484: 0x0287, 0x1485: 0x028a,
+	0x1486: 0x025a, 0x1487: 0x024b, 0x1488: 0x0269, 0x1489: 0x0290, 0x148b: 0x027e,
+	0x148c: 0x0281, 0x148d: 0x0284, 0x148e: 0x025d, 0x148f: 0x026f, 0x1490: 0x0275, 0x1491: 0x0263,
+	0x1492: 0x0278, 0x1493: 0x0257, 0x1494: 0x0260, 0x1495: 0x0242, 0x1496: 0x0245, 0x1497: 0x024e,
+	0x1498: 0x0254, 0x1499: 0x0266, 0x149a: 0x026c, 0x149b: 0x0272,
+	0x14a1: 0x023c, 0x14a2: 0x0248, 0x14a3: 0x0251,
+	0x14a5: 0x028a, 0x14a6: 0x025a, 0x14a7: 0x024b, 0x14a8: 0x0269, 0x14a9: 0x0290,
+	0x14ab: 0x027e, 0x14ac: 0x0281, 0x14ad: 0x0284, 0x14ae: 0x025d, 0x14af: 0x026f,
+	0x14b0: 0x0275, 0x14b1: 0x0263, 0x14b2: 0x0278, 0x14b3: 0x0257, 0x14b4: 0x0260, 0x14b5: 0x0242,
+	0x14b6: 0x0245, 0x14b7: 0x024e, 0x14b8: 0x0254, 0x14b9: 0x0266, 0x14ba: 0x026c, 0x14bb: 0x0272,
+	// Block 0x53, offset 0x14c0
+	0x14c0: 0x1879, 0x14c1: 0x1876, 0x14c2: 0x187c, 0x14c3: 0x18a0, 0x14c4: 0x18c4, 0x14c5: 0x18e8,
+	0x14c6: 0x190c, 0x14c7: 0x1915, 0x14c8: 0x191b, 0x14c9: 0x1921, 0x14ca: 0x1927,
+	0x14d0: 0x1a8f, 0x14d1: 0x1a93,
+	0x14d2: 0x1a97, 0x14d3: 0x1a9b, 0x14d4: 0x1a9f, 0x14d5: 0x1aa3, 0x14d6: 0x1aa7, 0x14d7: 0x1aab,
+	0x14d8: 0x1aaf, 0x14d9: 0x1ab3, 0x14da: 0x1ab7, 0x14db: 0x1abb, 0x14dc: 0x1abf, 0x14dd: 0x1ac3,
+	0x14de: 0x1ac7, 0x14df: 0x1acb, 0x14e0: 0x1acf, 0x14e1: 0x1ad3, 0x14e2: 0x1ad7, 0x14e3: 0x1adb,
+	0x14e4: 0x1adf, 0x14e5: 0x1ae3, 0x14e6: 0x1ae7, 0x14e7: 0x1aeb, 0x14e8: 0x1aef, 0x14e9: 0x1af3,
+	0x14ea: 0x2721, 0x14eb: 0x0047, 0x14ec: 0x0065, 0x14ed: 0x193c, 0x14ee: 0x19b4,
+	0x14f0: 0x0043, 0x14f1: 0x0045, 0x14f2: 0x0047, 0x14f3: 0x0049, 0x14f4: 0x004b, 0x14f5: 0x004d,
+	0x14f6: 0x004f, 0x14f7: 0x0051, 0x14f8: 0x0053, 0x14f9: 0x0055, 0x14fa: 0x0057, 0x14fb: 0x0059,
+	0x14fc: 0x005b, 0x14fd: 0x005d, 0x14fe: 0x005f, 0x14ff: 0x0061,
+	// Block 0x54, offset 0x1500
+	0x1500: 0x26b0, 0x1501: 0x26c5, 0x1502: 0x0503,
+	0x1510: 0x0c0f, 0x1511: 0x0a47,
+	0x1512: 0x08d3, 0x1513: 0x45c7, 0x1514: 0x071b, 0x1515: 0x09ef, 0x1516: 0x132f, 0x1517: 0x09ff,
+	0x1518: 0x0727, 0x1519: 0x0cd7, 0x151a: 0x0eaf, 0x151b: 0x0caf, 0x151c: 0x0827, 0x151d: 0x0b6b,
+	0x151e: 0x07bf, 0x151f: 0x0cb7, 0x1520: 0x0813, 0x1521: 0x1117, 0x1522: 0x0f83, 0x1523: 0x138b,
+	0x1524: 0x09d3, 0x1525: 0x090b, 0x1526: 0x0e63, 0x1527: 0x0c1b, 0x1528: 0x0c47, 0x1529: 0x06bf,
+	0x152a: 0x06cb, 0x152b: 0x140b, 0x152c: 0x0adb, 0x152d: 0x06e7, 0x152e: 0x08ef, 0x152f: 0x0c3b,
+	0x1530: 0x13b3, 0x1531: 0x0c13, 0x1532: 0x106f, 0x1533: 0x10ab, 0x1534: 0x08f7, 0x1535: 0x0e43,
+	0x1536: 0x0d0b, 0x1537: 0x0d07, 0x1538: 0x0f97, 0x1539: 0x082b, 0x153a: 0x0957, 0x153b: 0x1443,
+	// Block 0x55, offset 0x1540
+	0x1540: 0x06fb, 0x1541: 0x06f3, 0x1542: 0x0703, 0x1543: 0x1647, 0x1544: 0x0747, 0x1545: 0x0757,
+	0x1546: 0x075b, 0x1547: 0x0763, 0x1548: 0x076b, 0x1549: 0x076f, 0x154a: 0x077b, 0x154b: 0x0773,
+	0x154c: 0x05b3, 0x154d: 0x165b, 0x154e: 0x078f, 0x154f: 0x0793, 0x1550: 0x0797, 0x1551: 0x07b3,
+	0x1552: 0x164c, 0x1553: 0x05b7, 0x1554: 0x079f, 0x1555: 0x07bf, 0x1556: 0x1656, 0x1557: 0x07cf,
+	0x1558: 0x07d7, 0x1559: 0x0737, 0x155a: 0x07df, 0x155b: 0x07e3, 0x155c: 0x1831, 0x155d: 0x07ff,
+	0x155e: 0x0807, 0x155f: 0x05bf, 0x1560: 0x081f, 0x1561: 0x0823, 0x1562: 0x082b, 0x1563: 0x082f,
+	0x1564: 0x05c3, 0x1565: 0x0847, 0x1566: 0x084b, 0x1567: 0x0857, 0x1568: 0x0863, 0x1569: 0x0867,
+	0x156a: 0x086b, 0x156b: 0x0873, 0x156c: 0x0893, 0x156d: 0x0897, 0x156e: 0x089f, 0x156f: 0x08af,
+	0x1570: 0x08b7, 0x1571: 0x08bb, 0x1572: 0x08bb, 0x1573: 0x08bb, 0x1574: 0x166a, 0x1575: 0x0e93,
+	0x1576: 0x08cf, 0x1577: 0x08d7, 0x1578: 0x166f, 0x1579: 0x08e3, 0x157a: 0x08eb, 0x157b: 0x08f3,
+	0x157c: 0x091b, 0x157d: 0x0907, 0x157e: 0x0913, 0x157f: 0x0917,
+	// Block 0x56, offset 0x1580
+	0x1580: 0x091f, 0x1581: 0x0927, 0x1582: 0x092b, 0x1583: 0x0933, 0x1584: 0x093b, 0x1585: 0x093f,
+	0x1586: 0x093f, 0x1587: 0x0947, 0x1588: 0x094f, 0x1589: 0x0953, 0x158a: 0x095f, 0x158b: 0x0983,
+	0x158c: 0x0967, 0x158d: 0x0987, 0x158e: 0x096b, 0x158f: 0x0973, 0x1590: 0x080b, 0x1591: 0x09cf,
+	0x1592: 0x0997, 0x1593: 0x099b, 0x1594: 0x099f, 0x1595: 0x0993, 0x1596: 0x09a7, 0x1597: 0x09a3,
+	0x1598: 0x09bb, 0x1599: 0x1674, 0x159a: 0x09d7, 0x159b: 0x09db, 0x159c: 0x09e3, 0x159d: 0x09ef,
+	0x159e: 0x09f7, 0x159f: 0x0a13, 0x15a0: 0x1679, 0x15a1: 0x167e, 0x15a2: 0x0a1f, 0x15a3: 0x0a23,
+	0x15a4: 0x0a27, 0x15a5: 0x0a1b, 0x15a6: 0x0a2f, 0x15a7: 0x05c7, 0x15a8: 0x05cb, 0x15a9: 0x0a37,
+	0x15aa: 0x0a3f, 0x15ab: 0x0a3f, 0x15ac: 0x1683, 0x15ad: 0x0a5b, 0x15ae: 0x0a5f, 0x15af: 0x0a63,
+	0x15b0: 0x0a6b, 0x15b1: 0x1688, 0x15b2: 0x0a73, 0x15b3: 0x0a77, 0x15b4: 0x0b4f, 0x15b5: 0x0a7f,
+	0x15b6: 0x05cf, 0x15b7: 0x0a8b, 0x15b8: 0x0a9b, 0x15b9: 0x0aa7, 0x15ba: 0x0aa3, 0x15bb: 0x1692,
+	0x15bc: 0x0aaf, 0x15bd: 0x1697, 0x15be: 0x0abb, 0x15bf: 0x0ab7,
+	// Block 0x57, offset 0x15c0
+	0x15c0: 0x0abf, 0x15c1: 0x0acf, 0x15c2: 0x0ad3, 0x15c3: 0x05d3, 0x15c4: 0x0ae3, 0x15c5: 0x0aeb,
+	0x15c6: 0x0aef, 0x15c7: 0x0af3, 0x15c8: 0x05d7, 0x15c9: 0x169c, 0x15ca: 0x05db, 0x15cb: 0x0b0f,
+	0x15cc: 0x0b13, 0x15cd: 0x0b17, 0x15ce: 0x0b1f, 0x15cf: 0x1863, 0x15d0: 0x0b37, 0x15d1: 0x16a6,
+	0x15d2: 0x16a6, 0x15d3: 0x11d7, 0x15d4: 0x0b47, 0x15d5: 0x0b47, 0x15d6: 0x05df, 0x15d7: 0x16c9,
+	0x15d8: 0x179b, 0x15d9: 0x0b57, 0x15da: 0x0b5f, 0x15db: 0x05e3, 0x15dc: 0x0b73, 0x15dd: 0x0b83,
+	0x15de: 0x0b87, 0x15df: 0x0b8f, 0x15e0: 0x0b9f, 0x15e1: 0x05eb, 0x15e2: 0x05e7, 0x15e3: 0x0ba3,
+	0x15e4: 0x16ab, 0x15e5: 0x0ba7, 0x15e6: 0x0bbb, 0x15e7: 0x0bbf, 0x15e8: 0x0bc3, 0x15e9: 0x0bbf,
+	0x15ea: 0x0bcf, 0x15eb: 0x0bd3, 0x15ec: 0x0be3, 0x15ed: 0x0bdb, 0x15ee: 0x0bdf, 0x15ef: 0x0be7,
+	0x15f0: 0x0beb, 0x15f1: 0x0bef, 0x15f2: 0x0bfb, 0x15f3: 0x0bff, 0x15f4: 0x0c17, 0x15f5: 0x0c1f,
+	0x15f6: 0x0c2f, 0x15f7: 0x0c43, 0x15f8: 0x16ba, 0x15f9: 0x0c3f, 0x15fa: 0x0c33, 0x15fb: 0x0c4b,
+	0x15fc: 0x0c53, 0x15fd: 0x0c67, 0x15fe: 0x16bf, 0x15ff: 0x0c6f,
+	// Block 0x58, offset 0x1600
+	0x1600: 0x0c63, 0x1601: 0x0c5b, 0x1602: 0x05ef, 0x1603: 0x0c77, 0x1604: 0x0c7f, 0x1605: 0x0c87,
+	0x1606: 0x0c7b, 0x1607: 0x05f3, 0x1608: 0x0c97, 0x1609: 0x0c9f, 0x160a: 0x16c4, 0x160b: 0x0ccb,
+	0x160c: 0x0cff, 0x160d: 0x0cdb, 0x160e: 0x05ff, 0x160f: 0x0ce7, 0x1610: 0x05fb, 0x1611: 0x05f7,
+	0x1612: 0x07c3, 0x1613: 0x07c7, 0x1614: 0x0d03, 0x1615: 0x0ceb, 0x1616: 0x11ab, 0x1617: 0x0663,
+	0x1618: 0x0d0f, 0x1619: 0x0d13, 0x161a: 0x0d17, 0x161b: 0x0d2b, 0x161c: 0x0d23, 0x161d: 0x16dd,
+	0x161e: 0x0603, 0x161f: 0x0d3f, 0x1620: 0x0d33, 0x1621: 0x0d4f, 0x1622: 0x0d57, 0x1623: 0x16e7,
+	0x1624: 0x0d5b, 0x1625: 0x0d47, 0x1626: 0x0d63, 0x1627: 0x0607, 0x1628: 0x0d67, 0x1629: 0x0d6b,
+	0x162a: 0x0d6f, 0x162b: 0x0d7b, 0x162c: 0x16ec, 0x162d: 0x0d83, 0x162e: 0x060b, 0x162f: 0x0d8f,
+	0x1630: 0x16f1, 0x1631: 0x0d93, 0x1632: 0x060f, 0x1633: 0x0d9f, 0x1634: 0x0dab, 0x1635: 0x0db7,
+	0x1636: 0x0dbb, 0x1637: 0x16f6, 0x1638: 0x168d, 0x1639: 0x16fb, 0x163a: 0x0ddb, 0x163b: 0x1700,
+	0x163c: 0x0de7, 0x163d: 0x0def, 0x163e: 0x0ddf, 0x163f: 0x0dfb,
+	// Block 0x59, offset 0x1640
+	0x1640: 0x0e0b, 0x1641: 0x0e1b, 0x1642: 0x0e0f, 0x1643: 0x0e13, 0x1644: 0x0e1f, 0x1645: 0x0e23,
+	0x1646: 0x1705, 0x1647: 0x0e07, 0x1648: 0x0e3b, 0x1649: 0x0e3f, 0x164a: 0x0613, 0x164b: 0x0e53,
+	0x164c: 0x0e4f, 0x164d: 0x170a, 0x164e: 0x0e33, 0x164f: 0x0e6f, 0x1650: 0x170f, 0x1651: 0x1714,
+	0x1652: 0x0e73, 0x1653: 0x0e87, 0x1654: 0x0e83, 0x1655: 0x0e7f, 0x1656: 0x0617, 0x1657: 0x0e8b,
+	0x1658: 0x0e9b, 0x1659: 0x0e97, 0x165a: 0x0ea3, 0x165b: 0x1651, 0x165c: 0x0eb3, 0x165d: 0x1719,
+	0x165e: 0x0ebf, 0x165f: 0x1723, 0x1660: 0x0ed3, 0x1661: 0x0edf, 0x1662: 0x0ef3, 0x1663: 0x1728,
+	0x1664: 0x0f07, 0x1665: 0x0f0b, 0x1666: 0x172d, 0x1667: 0x1732, 0x1668: 0x0f27, 0x1669: 0x0f37,
+	0x166a: 0x061b, 0x166b: 0x0f3b, 0x166c: 0x061f, 0x166d: 0x061f, 0x166e: 0x0f53, 0x166f: 0x0f57,
+	0x1670: 0x0f5f, 0x1671: 0x0f63, 0x1672: 0x0f6f, 0x1673: 0x0623, 0x1674: 0x0f87, 0x1675: 0x1737,
+	0x1676: 0x0fa3, 0x1677: 0x173c, 0x1678: 0x0faf, 0x1679: 0x16a1, 0x167a: 0x0fbf, 0x167b: 0x1741,
+	0x167c: 0x1746, 0x167d: 0x174b, 0x167e: 0x0627, 0x167f: 0x062b,
+	// Block 0x5a, offset 0x1680
+	0x1680: 0x0ff7, 0x1681: 0x1755, 0x1682: 0x1750, 0x1683: 0x175a, 0x1684: 0x175f, 0x1685: 0x0fff,
+	0x1686: 0x1003, 0x1687: 0x1003, 0x1688: 0x100b, 0x1689: 0x0633, 0x168a: 0x100f, 0x168b: 0x0637,
+	0x168c: 0x063b, 0x168d: 0x1769, 0x168e: 0x1023, 0x168f: 0x102b, 0x1690: 0x1037, 0x1691: 0x063f,
+	0x1692: 0x176e, 0x1693: 0x105b, 0x1694: 0x1773, 0x1695: 0x1778, 0x1696: 0x107b, 0x1697: 0x1093,
+	0x1698: 0x0643, 0x1699: 0x109b, 0x169a: 0x109f, 0x169b: 0x10a3, 0x169c: 0x177d, 0x169d: 0x1782,
+	0x169e: 0x1782, 0x169f: 0x10bb, 0x16a0: 0x0647, 0x16a1: 0x1787, 0x16a2: 0x10cf, 0x16a3: 0x10d3,
+	0x16a4: 0x064b, 0x16a5: 0x178c, 0x16a6: 0x10ef, 0x16a7: 0x064f, 0x16a8: 0x10ff, 0x16a9: 0x10f7,
+	0x16aa: 0x1107, 0x16ab: 0x1796, 0x16ac: 0x111f, 0x16ad: 0x0653, 0x16ae: 0x112b, 0x16af: 0x1133,
+	0x16b0: 0x1143, 0x16b1: 0x0657, 0x16b2: 0x17a0, 0x16b3: 0x17a5, 0x16b4: 0x065b, 0x16b5: 0x17aa,
+	0x16b6: 0x115b, 0x16b7: 0x17af, 0x16b8: 0x1167, 0x16b9: 0x1173, 0x16ba: 0x117b, 0x16bb: 0x17b4,
+	0x16bc: 0x17b9, 0x16bd: 0x118f, 0x16be: 0x17be, 0x16bf: 0x1197,
+	// Block 0x5b, offset 0x16c0
+	0x16c0: 0x16ce, 0x16c1: 0x065f, 0x16c2: 0x11af, 0x16c3: 0x11b3, 0x16c4: 0x0667, 0x16c5: 0x11b7,
+	0x16c6: 0x0a33, 0x16c7: 0x17c3, 0x16c8: 0x17c8, 0x16c9: 0x16d3, 0x16ca: 0x16d8, 0x16cb: 0x11d7,
+	0x16cc: 0x11db, 0x16cd: 0x13f3, 0x16ce: 0x066b, 0x16cf: 0x1207, 0x16d0: 0x1203, 0x16d1: 0x120b,
+	0x16d2: 0x083f, 0x16d3: 0x120f, 0x16d4: 0x1213, 0x16d5: 0x1217, 0x16d6: 0x121f, 0x16d7: 0x17cd,
+	0x16d8: 0x121b, 0x16d9: 0x1223, 0x16da: 0x1237, 0x16db: 0x123b, 0x16dc: 0x1227, 0x16dd: 0x123f,
+	0x16de: 0x1253, 0x16df: 0x1267, 0x16e0: 0x1233, 0x16e1: 0x1247, 0x16e2: 0x124b, 0x16e3: 0x124f,
+	0x16e4: 0x17d2, 0x16e5: 0x17dc, 0x16e6: 0x17d7, 0x16e7: 0x066f, 0x16e8: 0x126f, 0x16e9: 0x1273,
+	0x16ea: 0x127b, 0x16eb: 0x17f0, 0x16ec: 0x127f, 0x16ed: 0x17e1, 0x16ee: 0x0673, 0x16ef: 0x0677,
+	0x16f0: 0x17e6, 0x16f1: 0x17eb, 0x16f2: 0x067b, 0x16f3: 0x129f, 0x16f4: 0x12a3, 0x16f5: 0x12a7,
+	0x16f6: 0x12ab, 0x16f7: 0x12b7, 0x16f8: 0x12b3, 0x16f9: 0x12bf, 0x16fa: 0x12bb, 0x16fb: 0x12cb,
+	0x16fc: 0x12c3, 0x16fd: 0x12c7, 0x16fe: 0x12cf, 0x16ff: 0x067f,
+	// Block 0x5c, offset 0x1700
+	0x1700: 0x12d7, 0x1701: 0x12db, 0x1702: 0x0683, 0x1703: 0x12eb, 0x1704: 0x12ef, 0x1705: 0x17f5,
+	0x1706: 0x12fb, 0x1707: 0x12ff, 0x1708: 0x0687, 0x1709: 0x130b, 0x170a: 0x05bb, 0x170b: 0x17fa,
+	0x170c: 0x17ff, 0x170d: 0x068b, 0x170e: 0x068f, 0x170f: 0x1337, 0x1710: 0x134f, 0x1711: 0x136b,
+	0x1712: 0x137b, 0x1713: 0x1804, 0x1714: 0x138f, 0x1715: 0x1393, 0x1716: 0x13ab, 0x1717: 0x13b7,
+	0x1718: 0x180e, 0x1719: 0x1660, 0x171a: 0x13c3, 0x171b: 0x13bf, 0x171c: 0x13cb, 0x171d: 0x1665,
+	0x171e: 0x13d7, 0x171f: 0x13e3, 0x1720: 0x1813, 0x1721: 0x1818, 0x1722: 0x1423, 0x1723: 0x142f,
+	0x1724: 0x1437, 0x1725: 0x181d, 0x1726: 0x143b, 0x1727: 0x1467, 0x1728: 0x1473, 0x1729: 0x1477,
+	0x172a: 0x146f, 0x172b: 0x1483, 0x172c: 0x1487, 0x172d: 0x1822, 0x172e: 0x1493, 0x172f: 0x0693,
+	0x1730: 0x149b, 0x1731: 0x1827, 0x1732: 0x0697, 0x1733: 0x14d3, 0x1734: 0x0ac3, 0x1735: 0x14eb,
+	0x1736: 0x182c, 0x1737: 0x1836, 0x1738: 0x069b, 0x1739: 0x069f, 0x173a: 0x1513, 0x173b: 0x183b,
+	0x173c: 0x06a3, 0x173d: 0x1840, 0x173e: 0x152b, 0x173f: 0x152b,
+	// Block 0x5d, offset 0x1740
+	0x1740: 0x1533, 0x1741: 0x1845, 0x1742: 0x154b, 0x1743: 0x06a7, 0x1744: 0x155b, 0x1745: 0x1567,
+	0x1746: 0x156f, 0x1747: 0x1577, 0x1748: 0x06ab, 0x1749: 0x184a, 0x174a: 0x158b, 0x174b: 0x15a7,
+	0x174c: 0x15b3, 0x174d: 0x06af, 0x174e: 0x06b3, 0x174f: 0x15b7, 0x1750: 0x184f, 0x1751: 0x06b7,
+	0x1752: 0x1854, 0x1753: 0x1859, 0x1754: 0x185e, 0x1755: 0x15db, 0x1756: 0x06bb, 0x1757: 0x15ef,
+	0x1758: 0x15f7, 0x1759: 0x15fb, 0x175a: 0x1603, 0x175b: 0x160b, 0x175c: 0x1613, 0x175d: 0x1868,
+}
+
+// nfkcIndex: 22 blocks, 1408 entries, 2816 bytes
+// Block 0 is the zero block.
+var nfkcIndex = [1408]uint16{
+	// Block 0x0, offset 0x0
+	// Block 0x1, offset 0x40
+	// Block 0x2, offset 0x80
+	// Block 0x3, offset 0xc0
+	0xc2: 0x5c, 0xc3: 0x01, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x5d, 0xc7: 0x04,
+	0xc8: 0x05, 0xca: 0x5e, 0xcb: 0x5f, 0xcc: 0x06, 0xcd: 0x07, 0xce: 0x08, 0xcf: 0x09,
+	0xd0: 0x0a, 0xd1: 0x60, 0xd2: 0x61, 0xd3: 0x0b, 0xd6: 0x0c, 0xd7: 0x62,
+	0xd8: 0x63, 0xd9: 0x0d, 0xdb: 0x64, 0xdc: 0x65, 0xdd: 0x66, 0xdf: 0x67,
+	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05,
+	0xea: 0x06, 0xeb: 0x07, 0xec: 0x08, 0xed: 0x09, 0xef: 0x0a,
+	0xf0: 0x13,
+	// Block 0x4, offset 0x100
+	0x120: 0x68, 0x121: 0x69, 0x123: 0x0e, 0x124: 0x6a, 0x125: 0x6b, 0x126: 0x6c, 0x127: 0x6d,
+	0x128: 0x6e, 0x129: 0x6f, 0x12a: 0x70, 0x12b: 0x71, 0x12c: 0x6c, 0x12d: 0x72, 0x12e: 0x73, 0x12f: 0x74,
+	0x131: 0x75, 0x132: 0x76, 0x133: 0x77, 0x134: 0x78, 0x135: 0x79, 0x137: 0x7a,
+	0x138: 0x7b, 0x139: 0x7c, 0x13a: 0x7d, 0x13b: 0x7e, 0x13c: 0x7f, 0x13d: 0x80, 0x13e: 0x81, 0x13f: 0x82,
+	// Block 0x5, offset 0x140
+	0x140: 0x83, 0x142: 0x84, 0x143: 0x85, 0x144: 0x86, 0x145: 0x87, 0x146: 0x88, 0x147: 0x89,
+	0x14d: 0x8a,
+	0x15c: 0x8b, 0x15f: 0x8c,
+	0x162: 0x8d, 0x164: 0x8e,
+	0x168: 0x8f, 0x169: 0x90, 0x16a: 0x91, 0x16c: 0x0f, 0x16d: 0x92, 0x16e: 0x93, 0x16f: 0x94,
+	0x170: 0x95, 0x173: 0x96, 0x174: 0x97, 0x175: 0x10, 0x176: 0x11, 0x177: 0x12,
+	0x178: 0x13, 0x179: 0x14, 0x17a: 0x15, 0x17b: 0x16, 0x17c: 0x17, 0x17d: 0x18, 0x17e: 0x19, 0x17f: 0x1a,
+	// Block 0x6, offset 0x180
+	0x180: 0x98, 0x181: 0x99, 0x182: 0x9a, 0x183: 0x9b, 0x184: 0x1b, 0x185: 0x1c, 0x186: 0x9c, 0x187: 0x9d,
+	0x188: 0x9e, 0x189: 0x1d, 0x18a: 0x1e, 0x18b: 0x9f, 0x18c: 0xa0,
+	0x191: 0x1f, 0x192: 0x20, 0x193: 0xa1,
+	0x1a8: 0xa2, 0x1a9: 0xa3, 0x1ab: 0xa4,
+	0x1b1: 0xa5, 0x1b3: 0xa6, 0x1b5: 0xa7, 0x1b7: 0xa8,
+	0x1ba: 0xa9, 0x1bb: 0xaa, 0x1bc: 0x21, 0x1bd: 0x22, 0x1be: 0x23, 0x1bf: 0xab,
+	// Block 0x7, offset 0x1c0
+	0x1c0: 0xac, 0x1c1: 0x24, 0x1c2: 0x25, 0x1c3: 0x26, 0x1c4: 0xad, 0x1c5: 0x27, 0x1c6: 0x28,
+	0x1c8: 0x29, 0x1c9: 0x2a, 0x1ca: 0x2b, 0x1cb: 0x2c, 0x1cc: 0x2d, 0x1cd: 0x2e, 0x1ce: 0x2f, 0x1cf: 0x30,
+	// Block 0x8, offset 0x200
+	0x219: 0xae, 0x21a: 0xaf, 0x21b: 0xb0, 0x21d: 0xb1, 0x21f: 0xb2,
+	0x220: 0xb3, 0x223: 0xb4, 0x224: 0xb5, 0x225: 0xb6, 0x226: 0xb7, 0x227: 0xb8,
+	0x22a: 0xb9, 0x22b: 0xba, 0x22d: 0xbb, 0x22f: 0xbc,
+	0x230: 0xbd, 0x231: 0xbe, 0x232: 0xbf, 0x233: 0xc0, 0x234: 0xc1, 0x235: 0xc2, 0x236: 0xc3, 0x237: 0xbd,
+	0x238: 0xbe, 0x239: 0xbf, 0x23a: 0xc0, 0x23b: 0xc1, 0x23c: 0xc2, 0x23d: 0xc3, 0x23e: 0xbd, 0x23f: 0xbe,
+	// Block 0x9, offset 0x240
+	0x240: 0xbf, 0x241: 0xc0, 0x242: 0xc1, 0x243: 0xc2, 0x244: 0xc3, 0x245: 0xbd, 0x246: 0xbe, 0x247: 0xbf,
+	0x248: 0xc0, 0x249: 0xc1, 0x24a: 0xc2, 0x24b: 0xc3, 0x24c: 0xbd, 0x24d: 0xbe, 0x24e: 0xbf, 0x24f: 0xc0,
+	0x250: 0xc1, 0x251: 0xc2, 0x252: 0xc3, 0x253: 0xbd, 0x254: 0xbe, 0x255: 0xbf, 0x256: 0xc0, 0x257: 0xc1,
+	0x258: 0xc2, 0x259: 0xc3, 0x25a: 0xbd, 0x25b: 0xbe, 0x25c: 0xbf, 0x25d: 0xc0, 0x25e: 0xc1, 0x25f: 0xc2,
+	0x260: 0xc3, 0x261: 0xbd, 0x262: 0xbe, 0x263: 0xbf, 0x264: 0xc0, 0x265: 0xc1, 0x266: 0xc2, 0x267: 0xc3,
+	0x268: 0xbd, 0x269: 0xbe, 0x26a: 0xbf, 0x26b: 0xc0, 0x26c: 0xc1, 0x26d: 0xc2, 0x26e: 0xc3, 0x26f: 0xbd,
+	0x270: 0xbe, 0x271: 0xbf, 0x272: 0xc0, 0x273: 0xc1, 0x274: 0xc2, 0x275: 0xc3, 0x276: 0xbd, 0x277: 0xbe,
+	0x278: 0xbf, 0x279: 0xc0, 0x27a: 0xc1, 0x27b: 0xc2, 0x27c: 0xc3, 0x27d: 0xbd, 0x27e: 0xbe, 0x27f: 0xbf,
+	// Block 0xa, offset 0x280
+	0x280: 0xc0, 0x281: 0xc1, 0x282: 0xc2, 0x283: 0xc3, 0x284: 0xbd, 0x285: 0xbe, 0x286: 0xbf, 0x287: 0xc0,
+	0x288: 0xc1, 0x289: 0xc2, 0x28a: 0xc3, 0x28b: 0xbd, 0x28c: 0xbe, 0x28d: 0xbf, 0x28e: 0xc0, 0x28f: 0xc1,
+	0x290: 0xc2, 0x291: 0xc3, 0x292: 0xbd, 0x293: 0xbe, 0x294: 0xbf, 0x295: 0xc0, 0x296: 0xc1, 0x297: 0xc2,
+	0x298: 0xc3, 0x299: 0xbd, 0x29a: 0xbe, 0x29b: 0xbf, 0x29c: 0xc0, 0x29d: 0xc1, 0x29e: 0xc2, 0x29f: 0xc3,
+	0x2a0: 0xbd, 0x2a1: 0xbe, 0x2a2: 0xbf, 0x2a3: 0xc0, 0x2a4: 0xc1, 0x2a5: 0xc2, 0x2a6: 0xc3, 0x2a7: 0xbd,
+	0x2a8: 0xbe, 0x2a9: 0xbf, 0x2aa: 0xc0, 0x2ab: 0xc1, 0x2ac: 0xc2, 0x2ad: 0xc3, 0x2ae: 0xbd, 0x2af: 0xbe,
+	0x2b0: 0xbf, 0x2b1: 0xc0, 0x2b2: 0xc1, 0x2b3: 0xc2, 0x2b4: 0xc3, 0x2b5: 0xbd, 0x2b6: 0xbe, 0x2b7: 0xbf,
+	0x2b8: 0xc0, 0x2b9: 0xc1, 0x2ba: 0xc2, 0x2bb: 0xc3, 0x2bc: 0xbd, 0x2bd: 0xbe, 0x2be: 0xbf, 0x2bf: 0xc0,
+	// Block 0xb, offset 0x2c0
+	0x2c0: 0xc1, 0x2c1: 0xc2, 0x2c2: 0xc3, 0x2c3: 0xbd, 0x2c4: 0xbe, 0x2c5: 0xbf, 0x2c6: 0xc0, 0x2c7: 0xc1,
+	0x2c8: 0xc2, 0x2c9: 0xc3, 0x2ca: 0xbd, 0x2cb: 0xbe, 0x2cc: 0xbf, 0x2cd: 0xc0, 0x2ce: 0xc1, 0x2cf: 0xc2,
+	0x2d0: 0xc3, 0x2d1: 0xbd, 0x2d2: 0xbe, 0x2d3: 0xbf, 0x2d4: 0xc0, 0x2d5: 0xc1, 0x2d6: 0xc2, 0x2d7: 0xc3,
+	0x2d8: 0xbd, 0x2d9: 0xbe, 0x2da: 0xbf, 0x2db: 0xc0, 0x2dc: 0xc1, 0x2dd: 0xc2, 0x2de: 0xc4,
+	// Block 0xc, offset 0x300
+	0x324: 0x31, 0x325: 0x32, 0x326: 0x33, 0x327: 0x34,
+	0x328: 0x35, 0x329: 0x36, 0x32a: 0x37, 0x32b: 0x38, 0x32c: 0x39, 0x32d: 0x3a, 0x32e: 0x3b, 0x32f: 0x3c,
+	0x330: 0x3d, 0x331: 0x3e, 0x332: 0x3f, 0x333: 0x40, 0x334: 0x41, 0x335: 0x42, 0x336: 0x43, 0x337: 0x44,
+	0x338: 0x45, 0x339: 0x46, 0x33a: 0x47, 0x33b: 0x48, 0x33c: 0xc5, 0x33d: 0x49, 0x33e: 0x4a, 0x33f: 0x4b,
+	// Block 0xd, offset 0x340
+	0x347: 0xc6,
+	0x34b: 0xc7, 0x34d: 0xc8,
+	0x368: 0xc9, 0x36b: 0xca,
+	0x374: 0xcb,
+	0x37d: 0xcc,
+	// Block 0xe, offset 0x380
+	0x381: 0xcd, 0x382: 0xce, 0x384: 0xcf, 0x385: 0xb7, 0x387: 0xd0,
+	0x388: 0xd1, 0x38b: 0xd2, 0x38c: 0xd3, 0x38d: 0xd4,
+	0x391: 0xd5, 0x392: 0xd6, 0x393: 0xd7, 0x396: 0xd8, 0x397: 0xd9,
+	0x398: 0xda, 0x39a: 0xdb, 0x39c: 0xdc,
+	0x3a0: 0xdd, 0x3a7: 0xde,
+	0x3a8: 0xdf, 0x3a9: 0xe0, 0x3aa: 0xe1,
+	0x3b0: 0xda, 0x3b5: 0xe2, 0x3b6: 0xe3,
+	// Block 0xf, offset 0x3c0
+	0x3eb: 0xe4, 0x3ec: 0xe5,
+	// Block 0x10, offset 0x400
+	0x432: 0xe6,
+	// Block 0x11, offset 0x440
+	0x445: 0xe7, 0x446: 0xe8, 0x447: 0xe9,
+	0x449: 0xea,
+	0x450: 0xeb, 0x451: 0xec, 0x452: 0xed, 0x453: 0xee, 0x454: 0xef, 0x455: 0xf0, 0x456: 0xf1, 0x457: 0xf2,
+	0x458: 0xf3, 0x459: 0xf4, 0x45a: 0x4c, 0x45b: 0xf5, 0x45c: 0xf6, 0x45d: 0xf7, 0x45e: 0xf8, 0x45f: 0x4d,
+	// Block 0x12, offset 0x480
+	0x480: 0xf9, 0x484: 0xe5,
+	0x48b: 0xfa,
+	0x4a3: 0xfb, 0x4a5: 0xfc,
+	0x4b8: 0x4e, 0x4b9: 0x4f, 0x4ba: 0x50,
+	// Block 0x13, offset 0x4c0
+	0x4c4: 0x51, 0x4c5: 0xfd, 0x4c6: 0xfe,
+	0x4c8: 0x52, 0x4c9: 0xff,
+	// Block 0x14, offset 0x500
+	0x520: 0x53, 0x521: 0x54, 0x522: 0x55, 0x523: 0x56, 0x524: 0x57, 0x525: 0x58, 0x526: 0x59, 0x527: 0x5a,
+	0x528: 0x5b,
+	// Block 0x15, offset 0x540
+	0x550: 0x0b, 0x551: 0x0c, 0x556: 0x0d,
+	0x55b: 0x0e, 0x55d: 0x0f, 0x55e: 0x10, 0x55f: 0x11,
+	0x56f: 0x12,
+}
+
+// nfkcSparseOffset: 164 entries, 328 bytes
+var nfkcSparseOffset = []uint16{0x0, 0xe, 0x12, 0x1b, 0x25, 0x35, 0x37, 0x3c, 0x47, 0x56, 0x63, 0x6b, 0x70, 0x75, 0x77, 0x7f, 0x86, 0x89, 0x91, 0x95, 0x99, 0x9b, 0x9d, 0xa6, 0xaa, 0xb1, 0xb6, 0xb9, 0xc3, 0xc6, 0xcd, 0xd5, 0xd9, 0xdb, 0xdf, 0xe3, 0xe9, 0xfa, 0x106, 0x108, 0x10e, 0x110, 0x112, 0x114, 0x116, 0x118, 0x11a, 0x11c, 0x11f, 0x122, 0x124, 0x127, 0x12a, 0x12e, 0x133, 0x13c, 0x13e, 0x141, 0x143, 0x14e, 0x159, 0x167, 0x175, 0x185, 0x193, 0x19a, 0x1a0, 0x1af, 0x1b3, 0x1b5, 0x1b9, 0x1bb, 0x1be, 0x1c0, 0x1c3, 0x1c5, 0x1c8, 0x1ca, 0x1cc, 0x1ce, 0x1da, 0x1e4, 0x1ee, 0x1f1, 0x1f5, 0x1f7, 0x1f9, 0x1fb, 0x1fd, 0x200, 0x202, 0x204, 0x206, 0x208, 0x20e, 0x211, 0x215, 0x217, 0x21e, 0x224, 0x22a, 0x232, 0x238, 0x23e, 0x244, 0x248, 0x24a, 0x24c, 0x24e, 0x250, 0x256, 0x259, 0x25b, 0x261, 0x264, 0x26c, 0x273, 0x276, 0x279, 0x27b, 0x27e, 0x286, 0x28a, 0x291, 0x294, 0x29a, 0x29c, 0x29e, 0x2a1, 0x2a3, 0x2a6, 0x2a8, 0x2aa, 0x2ac, 0x2ae, 0x2b1, 0x2b3, 0x2b5, 0x2b7, 0x2b9, 0x2c6, 0x2d0, 0x2d2, 0x2d4, 0x2d8, 0x2dd, 0x2e9, 0x2ee, 0x2f7, 0x2fd, 0x302, 0x306, 0x30b, 0x30f, 0x31f, 0x32d, 0x33b, 0x349, 0x34f, 0x351, 0x353, 0x356, 0x361, 0x363}
+
+// nfkcSparseValues: 877 entries, 3508 bytes
+var nfkcSparseValues = [877]valueRange{
+	// Block 0x0, offset 0x0
+	{value: 0x0002, lo: 0x0d},
+	{value: 0x0001, lo: 0xa0, hi: 0xa0},
+	{value: 0x427b, lo: 0xa8, hi: 0xa8},
+	{value: 0x0083, lo: 0xaa, hi: 0xaa},
+	{value: 0x4267, lo: 0xaf, hi: 0xaf},
+	{value: 0x0025, lo: 0xb2, hi: 0xb3},
+	{value: 0x425d, lo: 0xb4, hi: 0xb4},
+	{value: 0x01dc, lo: 0xb5, hi: 0xb5},
+	{value: 0x4294, lo: 0xb8, hi: 0xb8},
+	{value: 0x0023, lo: 0xb9, hi: 0xb9},
+	{value: 0x009f, lo: 0xba, hi: 0xba},
+	{value: 0x221f, lo: 0xbc, hi: 0xbc},
+	{value: 0x2213, lo: 0xbd, hi: 0xbd},
+	{value: 0x22b5, lo: 0xbe, hi: 0xbe},
+	// Block 0x1, offset 0xe
+	{value: 0x0091, lo: 0x03},
+	{value: 0x46e5, lo: 0xa0, hi: 0xa1},
+	{value: 0x4717, lo: 0xaf, hi: 0xb0},
+	{value: 0xa000, lo: 0xb7, hi: 0xb7},
+	// Block 0x2, offset 0x12
+	{value: 0x0003, lo: 0x08},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x0091, lo: 0xb0, hi: 0xb0},
+	{value: 0x0119, lo: 0xb1, hi: 0xb1},
+	{value: 0x0095, lo: 0xb2, hi: 0xb2},
+	{value: 0x00a5, lo: 0xb3, hi: 0xb3},
+	{value: 0x0143, lo: 0xb4, hi: 0xb6},
+	{value: 0x00af, lo: 0xb7, hi: 0xb7},
+	{value: 0x00b3, lo: 0xb8, hi: 0xb8},
+	// Block 0x3, offset 0x1b
+	{value: 0x000a, lo: 0x09},
+	{value: 0x4271, lo: 0x98, hi: 0x98},
+	{value: 0x4276, lo: 0x99, hi: 0x9a},
+	{value: 0x4299, lo: 0x9b, hi: 0x9b},
+	{value: 0x4262, lo: 0x9c, hi: 0x9c},
+	{value: 0x4285, lo: 0x9d, hi: 0x9d},
+	{value: 0x0113, lo: 0xa0, hi: 0xa0},
+	{value: 0x0099, lo: 0xa1, hi: 0xa1},
+	{value: 0x00a7, lo: 0xa2, hi: 0xa3},
+	{value: 0x0167, lo: 0xa4, hi: 0xa4},
+	// Block 0x4, offset 0x25
+	{value: 0x0000, lo: 0x0f},
+	{value: 0xa000, lo: 0x83, hi: 0x83},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0xa000, lo: 0x8b, hi: 0x8b},
+	{value: 0xa000, lo: 0x8d, hi: 0x8d},
+	{value: 0x37a8, lo: 0x90, hi: 0x90},
+	{value: 0x37b4, lo: 0x91, hi: 0x91},
+	{value: 0x37a2, lo: 0x93, hi: 0x93},
+	{value: 0xa000, lo: 0x96, hi: 0x96},
+	{value: 0x381a, lo: 0x97, hi: 0x97},
+	{value: 0x37e4, lo: 0x9c, hi: 0x9c},
+	{value: 0x37cc, lo: 0x9d, hi: 0x9d},
+	{value: 0x37f6, lo: 0x9e, hi: 0x9e},
+	{value: 0xa000, lo: 0xb4, hi: 0xb5},
+	{value: 0x3820, lo: 0xb6, hi: 0xb6},
+	{value: 0x3826, lo: 0xb7, hi: 0xb7},
+	// Block 0x5, offset 0x35
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x83, hi: 0x87},
+	// Block 0x6, offset 0x37
+	{value: 0x0001, lo: 0x04},
+	{value: 0x8113, lo: 0x81, hi: 0x82},
+	{value: 0x8132, lo: 0x84, hi: 0x84},
+	{value: 0x812d, lo: 0x85, hi: 0x85},
+	{value: 0x810d, lo: 0x87, hi: 0x87},
+	// Block 0x7, offset 0x3c
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x8132, lo: 0x90, hi: 0x97},
+	{value: 0x8119, lo: 0x98, hi: 0x98},
+	{value: 0x811a, lo: 0x99, hi: 0x99},
+	{value: 0x811b, lo: 0x9a, hi: 0x9a},
+	{value: 0x3844, lo: 0xa2, hi: 0xa2},
+	{value: 0x384a, lo: 0xa3, hi: 0xa3},
+	{value: 0x3856, lo: 0xa4, hi: 0xa4},
+	{value: 0x3850, lo: 0xa5, hi: 0xa5},
+	{value: 0x385c, lo: 0xa6, hi: 0xa6},
+	{value: 0xa000, lo: 0xa7, hi: 0xa7},
+	// Block 0x8, offset 0x47
+	{value: 0x0000, lo: 0x0e},
+	{value: 0x386e, lo: 0x80, hi: 0x80},
+	{value: 0xa000, lo: 0x81, hi: 0x81},
+	{value: 0x3862, lo: 0x82, hi: 0x82},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x3868, lo: 0x93, hi: 0x93},
+	{value: 0xa000, lo: 0x95, hi: 0x95},
+	{value: 0x8132, lo: 0x96, hi: 0x9c},
+	{value: 0x8132, lo: 0x9f, hi: 0xa2},
+	{value: 0x812d, lo: 0xa3, hi: 0xa3},
+	{value: 0x8132, lo: 0xa4, hi: 0xa4},
+	{value: 0x8132, lo: 0xa7, hi: 0xa8},
+	{value: 0x812d, lo: 0xaa, hi: 0xaa},
+	{value: 0x8132, lo: 0xab, hi: 0xac},
+	{value: 0x812d, lo: 0xad, hi: 0xad},
+	// Block 0x9, offset 0x56
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x811f, lo: 0x91, hi: 0x91},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	{value: 0x812d, lo: 0xb1, hi: 0xb1},
+	{value: 0x8132, lo: 0xb2, hi: 0xb3},
+	{value: 0x812d, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb5, hi: 0xb6},
+	{value: 0x812d, lo: 0xb7, hi: 0xb9},
+	{value: 0x8132, lo: 0xba, hi: 0xba},
+	{value: 0x812d, lo: 0xbb, hi: 0xbc},
+	{value: 0x8132, lo: 0xbd, hi: 0xbd},
+	{value: 0x812d, lo: 0xbe, hi: 0xbe},
+	{value: 0x8132, lo: 0xbf, hi: 0xbf},
+	// Block 0xa, offset 0x63
+	{value: 0x0005, lo: 0x07},
+	{value: 0x8132, lo: 0x80, hi: 0x80},
+	{value: 0x8132, lo: 0x81, hi: 0x81},
+	{value: 0x812d, lo: 0x82, hi: 0x83},
+	{value: 0x812d, lo: 0x84, hi: 0x85},
+	{value: 0x812d, lo: 0x86, hi: 0x87},
+	{value: 0x812d, lo: 0x88, hi: 0x89},
+	{value: 0x8132, lo: 0x8a, hi: 0x8a},
+	// Block 0xb, offset 0x6b
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0xab, hi: 0xb1},
+	{value: 0x812d, lo: 0xb2, hi: 0xb2},
+	{value: 0x8132, lo: 0xb3, hi: 0xb3},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0xc, offset 0x70
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0x96, hi: 0x99},
+	{value: 0x8132, lo: 0x9b, hi: 0xa3},
+	{value: 0x8132, lo: 0xa5, hi: 0xa7},
+	{value: 0x8132, lo: 0xa9, hi: 0xad},
+	// Block 0xd, offset 0x75
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x99, hi: 0x9b},
+	// Block 0xe, offset 0x77
+	{value: 0x0000, lo: 0x07},
+	{value: 0xa000, lo: 0xa8, hi: 0xa8},
+	{value: 0x3edb, lo: 0xa9, hi: 0xa9},
+	{value: 0xa000, lo: 0xb0, hi: 0xb0},
+	{value: 0x3ee3, lo: 0xb1, hi: 0xb1},
+	{value: 0xa000, lo: 0xb3, hi: 0xb3},
+	{value: 0x3eeb, lo: 0xb4, hi: 0xb4},
+	{value: 0x9902, lo: 0xbc, hi: 0xbc},
+	// Block 0xf, offset 0x7f
+	{value: 0x0008, lo: 0x06},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x8132, lo: 0x91, hi: 0x91},
+	{value: 0x812d, lo: 0x92, hi: 0x92},
+	{value: 0x8132, lo: 0x93, hi: 0x93},
+	{value: 0x8132, lo: 0x94, hi: 0x94},
+	{value: 0x451f, lo: 0x98, hi: 0x9f},
+	// Block 0x10, offset 0x86
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x11, offset 0x89
+	{value: 0x0008, lo: 0x07},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2ca1, lo: 0x8b, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	{value: 0x455f, lo: 0x9c, hi: 0x9d},
+	{value: 0x456f, lo: 0x9f, hi: 0x9f},
+	{value: 0x8132, lo: 0xbe, hi: 0xbe},
+	// Block 0x12, offset 0x91
+	{value: 0x0000, lo: 0x03},
+	{value: 0x4597, lo: 0xb3, hi: 0xb3},
+	{value: 0x459f, lo: 0xb6, hi: 0xb6},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	// Block 0x13, offset 0x95
+	{value: 0x0008, lo: 0x03},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x4577, lo: 0x99, hi: 0x9b},
+	{value: 0x458f, lo: 0x9e, hi: 0x9e},
+	// Block 0x14, offset 0x99
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	// Block 0x15, offset 0x9b
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	// Block 0x16, offset 0x9d
+	{value: 0x0000, lo: 0x08},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2cb9, lo: 0x88, hi: 0x88},
+	{value: 0x2cb1, lo: 0x8b, hi: 0x8b},
+	{value: 0x2cc1, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x96, hi: 0x97},
+	{value: 0x45a7, lo: 0x9c, hi: 0x9c},
+	{value: 0x45af, lo: 0x9d, hi: 0x9d},
+	// Block 0x17, offset 0xa6
+	{value: 0x0000, lo: 0x03},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0x2cc9, lo: 0x94, hi: 0x94},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x18, offset 0xaa
+	{value: 0x0000, lo: 0x06},
+	{value: 0xa000, lo: 0x86, hi: 0x87},
+	{value: 0x2cd1, lo: 0x8a, hi: 0x8a},
+	{value: 0x2ce1, lo: 0x8b, hi: 0x8b},
+	{value: 0x2cd9, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	// Block 0x19, offset 0xb1
+	{value: 0x1801, lo: 0x04},
+	{value: 0xa000, lo: 0x86, hi: 0x86},
+	{value: 0x3ef3, lo: 0x88, hi: 0x88},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x8120, lo: 0x95, hi: 0x96},
+	// Block 0x1a, offset 0xb6
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbc, hi: 0xbc},
+	{value: 0xa000, lo: 0xbf, hi: 0xbf},
+	// Block 0x1b, offset 0xb9
+	{value: 0x0000, lo: 0x09},
+	{value: 0x2ce9, lo: 0x80, hi: 0x80},
+	{value: 0x9900, lo: 0x82, hi: 0x82},
+	{value: 0xa000, lo: 0x86, hi: 0x86},
+	{value: 0x2cf1, lo: 0x87, hi: 0x87},
+	{value: 0x2cf9, lo: 0x88, hi: 0x88},
+	{value: 0x2f53, lo: 0x8a, hi: 0x8a},
+	{value: 0x2ddb, lo: 0x8b, hi: 0x8b},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x95, hi: 0x96},
+	// Block 0x1c, offset 0xc3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xbb, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x1d, offset 0xc6
+	{value: 0x0000, lo: 0x06},
+	{value: 0xa000, lo: 0x86, hi: 0x87},
+	{value: 0x2d01, lo: 0x8a, hi: 0x8a},
+	{value: 0x2d11, lo: 0x8b, hi: 0x8b},
+	{value: 0x2d09, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	// Block 0x1e, offset 0xcd
+	{value: 0x6be7, lo: 0x07},
+	{value: 0x9904, lo: 0x8a, hi: 0x8a},
+	{value: 0x9900, lo: 0x8f, hi: 0x8f},
+	{value: 0xa000, lo: 0x99, hi: 0x99},
+	{value: 0x3efb, lo: 0x9a, hi: 0x9a},
+	{value: 0x2f5b, lo: 0x9c, hi: 0x9c},
+	{value: 0x2de6, lo: 0x9d, hi: 0x9d},
+	{value: 0x2d19, lo: 0x9e, hi: 0x9f},
+	// Block 0x1f, offset 0xd5
+	{value: 0x0000, lo: 0x03},
+	{value: 0x2624, lo: 0xb3, hi: 0xb3},
+	{value: 0x8122, lo: 0xb8, hi: 0xb9},
+	{value: 0x8104, lo: 0xba, hi: 0xba},
+	// Block 0x20, offset 0xd9
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8123, lo: 0x88, hi: 0x8b},
+	// Block 0x21, offset 0xdb
+	{value: 0x0000, lo: 0x03},
+	{value: 0x2639, lo: 0xb3, hi: 0xb3},
+	{value: 0x8124, lo: 0xb8, hi: 0xb9},
+	{value: 0x8104, lo: 0xba, hi: 0xba},
+	// Block 0x22, offset 0xdf
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8125, lo: 0x88, hi: 0x8b},
+	{value: 0x262b, lo: 0x9c, hi: 0x9c},
+	{value: 0x2632, lo: 0x9d, hi: 0x9d},
+	// Block 0x23, offset 0xe3
+	{value: 0x0000, lo: 0x05},
+	{value: 0x030b, lo: 0x8c, hi: 0x8c},
+	{value: 0x812d, lo: 0x98, hi: 0x99},
+	{value: 0x812d, lo: 0xb5, hi: 0xb5},
+	{value: 0x812d, lo: 0xb7, hi: 0xb7},
+	{value: 0x812b, lo: 0xb9, hi: 0xb9},
+	// Block 0x24, offset 0xe9
+	{value: 0x0000, lo: 0x10},
+	{value: 0x2647, lo: 0x83, hi: 0x83},
+	{value: 0x264e, lo: 0x8d, hi: 0x8d},
+	{value: 0x2655, lo: 0x92, hi: 0x92},
+	{value: 0x265c, lo: 0x97, hi: 0x97},
+	{value: 0x2663, lo: 0x9c, hi: 0x9c},
+	{value: 0x2640, lo: 0xa9, hi: 0xa9},
+	{value: 0x8126, lo: 0xb1, hi: 0xb1},
+	{value: 0x8127, lo: 0xb2, hi: 0xb2},
+	{value: 0x4a87, lo: 0xb3, hi: 0xb3},
+	{value: 0x8128, lo: 0xb4, hi: 0xb4},
+	{value: 0x4a90, lo: 0xb5, hi: 0xb5},
+	{value: 0x45b7, lo: 0xb6, hi: 0xb6},
+	{value: 0x45f7, lo: 0xb7, hi: 0xb7},
+	{value: 0x45bf, lo: 0xb8, hi: 0xb8},
+	{value: 0x4602, lo: 0xb9, hi: 0xb9},
+	{value: 0x8127, lo: 0xba, hi: 0xbd},
+	// Block 0x25, offset 0xfa
+	{value: 0x0000, lo: 0x0b},
+	{value: 0x8127, lo: 0x80, hi: 0x80},
+	{value: 0x4a99, lo: 0x81, hi: 0x81},
+	{value: 0x8132, lo: 0x82, hi: 0x83},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0x86, hi: 0x87},
+	{value: 0x2671, lo: 0x93, hi: 0x93},
+	{value: 0x2678, lo: 0x9d, hi: 0x9d},
+	{value: 0x267f, lo: 0xa2, hi: 0xa2},
+	{value: 0x2686, lo: 0xa7, hi: 0xa7},
+	{value: 0x268d, lo: 0xac, hi: 0xac},
+	{value: 0x266a, lo: 0xb9, hi: 0xb9},
+	// Block 0x26, offset 0x106
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x86, hi: 0x86},
+	// Block 0x27, offset 0x108
+	{value: 0x0000, lo: 0x05},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x2d21, lo: 0xa6, hi: 0xa6},
+	{value: 0x9900, lo: 0xae, hi: 0xae},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	{value: 0x8104, lo: 0xb9, hi: 0xba},
+	// Block 0x28, offset 0x10e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x8d, hi: 0x8d},
+	// Block 0x29, offset 0x110
+	{value: 0x0000, lo: 0x01},
+	{value: 0x030f, lo: 0xbc, hi: 0xbc},
+	// Block 0x2a, offset 0x112
+	{value: 0x0000, lo: 0x01},
+	{value: 0xa000, lo: 0x80, hi: 0x92},
+	// Block 0x2b, offset 0x114
+	{value: 0x0000, lo: 0x01},
+	{value: 0xb900, lo: 0xa1, hi: 0xb5},
+	// Block 0x2c, offset 0x116
+	{value: 0x0000, lo: 0x01},
+	{value: 0x9900, lo: 0xa8, hi: 0xbf},
+	// Block 0x2d, offset 0x118
+	{value: 0x0000, lo: 0x01},
+	{value: 0x9900, lo: 0x80, hi: 0x82},
+	// Block 0x2e, offset 0x11a
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x9d, hi: 0x9f},
+	// Block 0x2f, offset 0x11c
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x94, hi: 0x94},
+	{value: 0x8104, lo: 0xb4, hi: 0xb4},
+	// Block 0x30, offset 0x11f
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x92, hi: 0x92},
+	{value: 0x8132, lo: 0x9d, hi: 0x9d},
+	// Block 0x31, offset 0x122
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8131, lo: 0xa9, hi: 0xa9},
+	// Block 0x32, offset 0x124
+	{value: 0x0004, lo: 0x02},
+	{value: 0x812e, lo: 0xb9, hi: 0xba},
+	{value: 0x812d, lo: 0xbb, hi: 0xbb},
+	// Block 0x33, offset 0x127
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x97, hi: 0x97},
+	{value: 0x812d, lo: 0x98, hi: 0x98},
+	// Block 0x34, offset 0x12a
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8104, lo: 0xa0, hi: 0xa0},
+	{value: 0x8132, lo: 0xb5, hi: 0xbc},
+	{value: 0x812d, lo: 0xbf, hi: 0xbf},
+	// Block 0x35, offset 0x12e
+	{value: 0x0000, lo: 0x04},
+	{value: 0x8132, lo: 0xb0, hi: 0xb4},
+	{value: 0x812d, lo: 0xb5, hi: 0xba},
+	{value: 0x8132, lo: 0xbb, hi: 0xbc},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0x36, offset 0x133
+	{value: 0x0000, lo: 0x08},
+	{value: 0x2d69, lo: 0x80, hi: 0x80},
+	{value: 0x2d71, lo: 0x81, hi: 0x81},
+	{value: 0xa000, lo: 0x82, hi: 0x82},
+	{value: 0x2d79, lo: 0x83, hi: 0x83},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0xab, hi: 0xab},
+	{value: 0x812d, lo: 0xac, hi: 0xac},
+	{value: 0x8132, lo: 0xad, hi: 0xb3},
+	// Block 0x37, offset 0x13c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xaa, hi: 0xab},
+	// Block 0x38, offset 0x13e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xa6, hi: 0xa6},
+	{value: 0x8104, lo: 0xb2, hi: 0xb3},
+	// Block 0x39, offset 0x141
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	// Block 0x3a, offset 0x143
+	{value: 0x0000, lo: 0x0a},
+	{value: 0x8132, lo: 0x90, hi: 0x92},
+	{value: 0x8101, lo: 0x94, hi: 0x94},
+	{value: 0x812d, lo: 0x95, hi: 0x99},
+	{value: 0x8132, lo: 0x9a, hi: 0x9b},
+	{value: 0x812d, lo: 0x9c, hi: 0x9f},
+	{value: 0x8132, lo: 0xa0, hi: 0xa0},
+	{value: 0x8101, lo: 0xa2, hi: 0xa8},
+	{value: 0x812d, lo: 0xad, hi: 0xad},
+	{value: 0x8132, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb8, hi: 0xb9},
+	// Block 0x3b, offset 0x14e
+	{value: 0x0002, lo: 0x0a},
+	{value: 0x0043, lo: 0xac, hi: 0xac},
+	{value: 0x00d1, lo: 0xad, hi: 0xad},
+	{value: 0x0045, lo: 0xae, hi: 0xae},
+	{value: 0x0049, lo: 0xb0, hi: 0xb1},
+	{value: 0x00e6, lo: 0xb2, hi: 0xb2},
+	{value: 0x004f, lo: 0xb3, hi: 0xba},
+	{value: 0x005f, lo: 0xbc, hi: 0xbc},
+	{value: 0x00ef, lo: 0xbd, hi: 0xbd},
+	{value: 0x0061, lo: 0xbe, hi: 0xbe},
+	{value: 0x0065, lo: 0xbf, hi: 0xbf},
+	// Block 0x3c, offset 0x159
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x0001, lo: 0x80, hi: 0x8a},
+	{value: 0x043b, lo: 0x91, hi: 0x91},
+	{value: 0x429e, lo: 0x97, hi: 0x97},
+	{value: 0x001d, lo: 0xa4, hi: 0xa4},
+	{value: 0x1873, lo: 0xa5, hi: 0xa5},
+	{value: 0x1b5f, lo: 0xa6, hi: 0xa6},
+	{value: 0x0001, lo: 0xaf, hi: 0xaf},
+	{value: 0x2694, lo: 0xb3, hi: 0xb3},
+	{value: 0x2801, lo: 0xb4, hi: 0xb4},
+	{value: 0x269b, lo: 0xb6, hi: 0xb6},
+	{value: 0x280b, lo: 0xb7, hi: 0xb7},
+	{value: 0x186d, lo: 0xbc, hi: 0xbc},
+	{value: 0x426c, lo: 0xbe, hi: 0xbe},
+	// Block 0x3d, offset 0x167
+	{value: 0x0002, lo: 0x0d},
+	{value: 0x1933, lo: 0x87, hi: 0x87},
+	{value: 0x1930, lo: 0x88, hi: 0x88},
+	{value: 0x1870, lo: 0x89, hi: 0x89},
+	{value: 0x2991, lo: 0x97, hi: 0x97},
+	{value: 0x0001, lo: 0x9f, hi: 0x9f},
+	{value: 0x0021, lo: 0xb0, hi: 0xb0},
+	{value: 0x0093, lo: 0xb1, hi: 0xb1},
+	{value: 0x0029, lo: 0xb4, hi: 0xb9},
+	{value: 0x0017, lo: 0xba, hi: 0xba},
+	{value: 0x0467, lo: 0xbb, hi: 0xbb},
+	{value: 0x003b, lo: 0xbc, hi: 0xbc},
+	{value: 0x0011, lo: 0xbd, hi: 0xbe},
+	{value: 0x009d, lo: 0xbf, hi: 0xbf},
+	// Block 0x3e, offset 0x175
+	{value: 0x0002, lo: 0x0f},
+	{value: 0x0021, lo: 0x80, hi: 0x89},
+	{value: 0x0017, lo: 0x8a, hi: 0x8a},
+	{value: 0x0467, lo: 0x8b, hi: 0x8b},
+	{value: 0x003b, lo: 0x8c, hi: 0x8c},
+	{value: 0x0011, lo: 0x8d, hi: 0x8e},
+	{value: 0x0083, lo: 0x90, hi: 0x90},
+	{value: 0x008b, lo: 0x91, hi: 0x91},
+	{value: 0x009f, lo: 0x92, hi: 0x92},
+	{value: 0x00b1, lo: 0x93, hi: 0x93},
+	{value: 0x0104, lo: 0x94, hi: 0x94},
+	{value: 0x0091, lo: 0x95, hi: 0x95},
+	{value: 0x0097, lo: 0x96, hi: 0x99},
+	{value: 0x00a1, lo: 0x9a, hi: 0x9a},
+	{value: 0x00a7, lo: 0x9b, hi: 0x9c},
+	{value: 0x199c, lo: 0xa8, hi: 0xa8},
+	// Block 0x3f, offset 0x185
+	{value: 0x0000, lo: 0x0d},
+	{value: 0x8132, lo: 0x90, hi: 0x91},
+	{value: 0x8101, lo: 0x92, hi: 0x93},
+	{value: 0x8132, lo: 0x94, hi: 0x97},
+	{value: 0x8101, lo: 0x98, hi: 0x9a},
+	{value: 0x8132, lo: 0x9b, hi: 0x9c},
+	{value: 0x8132, lo: 0xa1, hi: 0xa1},
+	{value: 0x8101, lo: 0xa5, hi: 0xa6},
+	{value: 0x8132, lo: 0xa7, hi: 0xa7},
+	{value: 0x812d, lo: 0xa8, hi: 0xa8},
+	{value: 0x8132, lo: 0xa9, hi: 0xa9},
+	{value: 0x8101, lo: 0xaa, hi: 0xab},
+	{value: 0x812d, lo: 0xac, hi: 0xaf},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	// Block 0x40, offset 0x193
+	{value: 0x0007, lo: 0x06},
+	{value: 0x2183, lo: 0x89, hi: 0x89},
+	{value: 0xa000, lo: 0x90, hi: 0x90},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0xa000, lo: 0x94, hi: 0x94},
+	{value: 0x3bbc, lo: 0x9a, hi: 0x9b},
+	{value: 0x3bca, lo: 0xae, hi: 0xae},
+	// Block 0x41, offset 0x19a
+	{value: 0x000e, lo: 0x05},
+	{value: 0x3bd1, lo: 0x8d, hi: 0x8e},
+	{value: 0x3bd8, lo: 0x8f, hi: 0x8f},
+	{value: 0xa000, lo: 0x90, hi: 0x90},
+	{value: 0xa000, lo: 0x92, hi: 0x92},
+	{value: 0xa000, lo: 0x94, hi: 0x94},
+	// Block 0x42, offset 0x1a0
+	{value: 0x0173, lo: 0x0e},
+	{value: 0xa000, lo: 0x83, hi: 0x83},
+	{value: 0x3be6, lo: 0x84, hi: 0x84},
+	{value: 0xa000, lo: 0x88, hi: 0x88},
+	{value: 0x3bed, lo: 0x89, hi: 0x89},
+	{value: 0xa000, lo: 0x8b, hi: 0x8b},
+	{value: 0x3bf4, lo: 0x8c, hi: 0x8c},
+	{value: 0xa000, lo: 0xa3, hi: 0xa3},
+	{value: 0x3bfb, lo: 0xa4, hi: 0xa4},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x3c02, lo: 0xa6, hi: 0xa6},
+	{value: 0x26a2, lo: 0xac, hi: 0xad},
+	{value: 0x26a9, lo: 0xaf, hi: 0xaf},
+	{value: 0x281f, lo: 0xb0, hi: 0xb0},
+	{value: 0xa000, lo: 0xbc, hi: 0xbc},
+	// Block 0x43, offset 0x1af
+	{value: 0x0007, lo: 0x03},
+	{value: 0x3c6b, lo: 0xa0, hi: 0xa1},
+	{value: 0x3c95, lo: 0xa2, hi: 0xa3},
+	{value: 0x3cbf, lo: 0xaa, hi: 0xad},
+	// Block 0x44, offset 0x1b3
+	{value: 0x0004, lo: 0x01},
+	{value: 0x048b, lo: 0xa9, hi: 0xaa},
+	// Block 0x45, offset 0x1b5
+	{value: 0x0002, lo: 0x03},
+	{value: 0x0057, lo: 0x80, hi: 0x8f},
+	{value: 0x0083, lo: 0x90, hi: 0xa9},
+	{value: 0x0021, lo: 0xaa, hi: 0xaa},
+	// Block 0x46, offset 0x1b9
+	{value: 0x0000, lo: 0x01},
+	{value: 0x299e, lo: 0x8c, hi: 0x8c},
+	// Block 0x47, offset 0x1bb
+	{value: 0x0266, lo: 0x02},
+	{value: 0x1b8f, lo: 0xb4, hi: 0xb4},
+	{value: 0x192d, lo: 0xb5, hi: 0xb6},
+	// Block 0x48, offset 0x1be
+	{value: 0x0000, lo: 0x01},
+	{value: 0x44e0, lo: 0x9c, hi: 0x9c},
+	// Block 0x49, offset 0x1c0
+	{value: 0x0000, lo: 0x02},
+	{value: 0x0095, lo: 0xbc, hi: 0xbc},
+	{value: 0x006d, lo: 0xbd, hi: 0xbd},
+	// Block 0x4a, offset 0x1c3
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xaf, hi: 0xb1},
+	// Block 0x4b, offset 0x1c5
+	{value: 0x0000, lo: 0x02},
+	{value: 0x047f, lo: 0xaf, hi: 0xaf},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x4c, offset 0x1c8
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xa0, hi: 0xbf},
+	// Block 0x4d, offset 0x1ca
+	{value: 0x0000, lo: 0x01},
+	{value: 0x0dc3, lo: 0x9f, hi: 0x9f},
+	// Block 0x4e, offset 0x1cc
+	{value: 0x0000, lo: 0x01},
+	{value: 0x162f, lo: 0xb3, hi: 0xb3},
+	// Block 0x4f, offset 0x1ce
+	{value: 0x0004, lo: 0x0b},
+	{value: 0x1597, lo: 0x80, hi: 0x82},
+	{value: 0x15af, lo: 0x83, hi: 0x83},
+	{value: 0x15c7, lo: 0x84, hi: 0x85},
+	{value: 0x15d7, lo: 0x86, hi: 0x89},
+	{value: 0x15eb, lo: 0x8a, hi: 0x8c},
+	{value: 0x15ff, lo: 0x8d, hi: 0x8d},
+	{value: 0x1607, lo: 0x8e, hi: 0x8e},
+	{value: 0x160f, lo: 0x8f, hi: 0x90},
+	{value: 0x161b, lo: 0x91, hi: 0x93},
+	{value: 0x162b, lo: 0x94, hi: 0x94},
+	{value: 0x1633, lo: 0x95, hi: 0x95},
+	// Block 0x50, offset 0x1da
+	{value: 0x0004, lo: 0x09},
+	{value: 0x0001, lo: 0x80, hi: 0x80},
+	{value: 0x812c, lo: 0xaa, hi: 0xaa},
+	{value: 0x8131, lo: 0xab, hi: 0xab},
+	{value: 0x8133, lo: 0xac, hi: 0xac},
+	{value: 0x812e, lo: 0xad, hi: 0xad},
+	{value: 0x812f, lo: 0xae, hi: 0xae},
+	{value: 0x812f, lo: 0xaf, hi: 0xaf},
+	{value: 0x04b3, lo: 0xb6, hi: 0xb6},
+	{value: 0x0887, lo: 0xb8, hi: 0xba},
+	// Block 0x51, offset 0x1e4
+	{value: 0x0006, lo: 0x09},
+	{value: 0x0313, lo: 0xb1, hi: 0xb1},
+	{value: 0x0317, lo: 0xb2, hi: 0xb2},
+	{value: 0x4a3e, lo: 0xb3, hi: 0xb3},
+	{value: 0x031b, lo: 0xb4, hi: 0xb4},
+	{value: 0x4a44, lo: 0xb5, hi: 0xb6},
+	{value: 0x031f, lo: 0xb7, hi: 0xb7},
+	{value: 0x0323, lo: 0xb8, hi: 0xb8},
+	{value: 0x0327, lo: 0xb9, hi: 0xb9},
+	{value: 0x4a50, lo: 0xba, hi: 0xbf},
+	// Block 0x52, offset 0x1ee
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0xaf, hi: 0xaf},
+	{value: 0x8132, lo: 0xb4, hi: 0xbd},
+	// Block 0x53, offset 0x1f1
+	{value: 0x0000, lo: 0x03},
+	{value: 0x020f, lo: 0x9c, hi: 0x9c},
+	{value: 0x0212, lo: 0x9d, hi: 0x9d},
+	{value: 0x8132, lo: 0x9e, hi: 0x9f},
+	// Block 0x54, offset 0x1f5
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb0, hi: 0xb1},
+	// Block 0x55, offset 0x1f7
+	{value: 0x0000, lo: 0x01},
+	{value: 0x163b, lo: 0xb0, hi: 0xb0},
+	// Block 0x56, offset 0x1f9
+	{value: 0x000c, lo: 0x01},
+	{value: 0x00d7, lo: 0xb8, hi: 0xb9},
+	// Block 0x57, offset 0x1fb
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x86, hi: 0x86},
+	// Block 0x58, offset 0x1fd
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x84, hi: 0x84},
+	{value: 0x8132, lo: 0xa0, hi: 0xb1},
+	// Block 0x59, offset 0x200
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xab, hi: 0xad},
+	// Block 0x5a, offset 0x202
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x93, hi: 0x93},
+	// Block 0x5b, offset 0x204
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0xb3, hi: 0xb3},
+	// Block 0x5c, offset 0x206
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x80, hi: 0x80},
+	// Block 0x5d, offset 0x208
+	{value: 0x0000, lo: 0x05},
+	{value: 0x8132, lo: 0xb0, hi: 0xb0},
+	{value: 0x8132, lo: 0xb2, hi: 0xb3},
+	{value: 0x812d, lo: 0xb4, hi: 0xb4},
+	{value: 0x8132, lo: 0xb7, hi: 0xb8},
+	{value: 0x8132, lo: 0xbe, hi: 0xbf},
+	// Block 0x5e, offset 0x20e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x81, hi: 0x81},
+	{value: 0x8104, lo: 0xb6, hi: 0xb6},
+	// Block 0x5f, offset 0x211
+	{value: 0x0008, lo: 0x03},
+	{value: 0x1637, lo: 0x9c, hi: 0x9d},
+	{value: 0x0125, lo: 0x9e, hi: 0x9e},
+	{value: 0x1643, lo: 0x9f, hi: 0x9f},
+	// Block 0x60, offset 0x215
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xad, hi: 0xad},
+	// Block 0x61, offset 0x217
+	{value: 0x0000, lo: 0x06},
+	{value: 0xe500, lo: 0x80, hi: 0x80},
+	{value: 0xc600, lo: 0x81, hi: 0x9b},
+	{value: 0xe500, lo: 0x9c, hi: 0x9c},
+	{value: 0xc600, lo: 0x9d, hi: 0xb7},
+	{value: 0xe500, lo: 0xb8, hi: 0xb8},
+	{value: 0xc600, lo: 0xb9, hi: 0xbf},
+	// Block 0x62, offset 0x21e
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x93},
+	{value: 0xe500, lo: 0x94, hi: 0x94},
+	{value: 0xc600, lo: 0x95, hi: 0xaf},
+	{value: 0xe500, lo: 0xb0, hi: 0xb0},
+	{value: 0xc600, lo: 0xb1, hi: 0xbf},
+	// Block 0x63, offset 0x224
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x8b},
+	{value: 0xe500, lo: 0x8c, hi: 0x8c},
+	{value: 0xc600, lo: 0x8d, hi: 0xa7},
+	{value: 0xe500, lo: 0xa8, hi: 0xa8},
+	{value: 0xc600, lo: 0xa9, hi: 0xbf},
+	// Block 0x64, offset 0x22a
+	{value: 0x0000, lo: 0x07},
+	{value: 0xc600, lo: 0x80, hi: 0x83},
+	{value: 0xe500, lo: 0x84, hi: 0x84},
+	{value: 0xc600, lo: 0x85, hi: 0x9f},
+	{value: 0xe500, lo: 0xa0, hi: 0xa0},
+	{value: 0xc600, lo: 0xa1, hi: 0xbb},
+	{value: 0xe500, lo: 0xbc, hi: 0xbc},
+	{value: 0xc600, lo: 0xbd, hi: 0xbf},
+	// Block 0x65, offset 0x232
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x97},
+	{value: 0xe500, lo: 0x98, hi: 0x98},
+	{value: 0xc600, lo: 0x99, hi: 0xb3},
+	{value: 0xe500, lo: 0xb4, hi: 0xb4},
+	{value: 0xc600, lo: 0xb5, hi: 0xbf},
+	// Block 0x66, offset 0x238
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x8f},
+	{value: 0xe500, lo: 0x90, hi: 0x90},
+	{value: 0xc600, lo: 0x91, hi: 0xab},
+	{value: 0xe500, lo: 0xac, hi: 0xac},
+	{value: 0xc600, lo: 0xad, hi: 0xbf},
+	// Block 0x67, offset 0x23e
+	{value: 0x0000, lo: 0x05},
+	{value: 0xc600, lo: 0x80, hi: 0x87},
+	{value: 0xe500, lo: 0x88, hi: 0x88},
+	{value: 0xc600, lo: 0x89, hi: 0xa3},
+	{value: 0xe500, lo: 0xa4, hi: 0xa4},
+	{value: 0xc600, lo: 0xa5, hi: 0xbf},
+	// Block 0x68, offset 0x244
+	{value: 0x0000, lo: 0x03},
+	{value: 0xc600, lo: 0x80, hi: 0x87},
+	{value: 0xe500, lo: 0x88, hi: 0x88},
+	{value: 0xc600, lo: 0x89, hi: 0xa3},
+	// Block 0x69, offset 0x248
+	{value: 0x0002, lo: 0x01},
+	{value: 0x0003, lo: 0x81, hi: 0xbf},
+	// Block 0x6a, offset 0x24a
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xbd, hi: 0xbd},
+	// Block 0x6b, offset 0x24c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0xa0, hi: 0xa0},
+	// Block 0x6c, offset 0x24e
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb6, hi: 0xba},
+	// Block 0x6d, offset 0x250
+	{value: 0x002c, lo: 0x05},
+	{value: 0x812d, lo: 0x8d, hi: 0x8d},
+	{value: 0x8132, lo: 0x8f, hi: 0x8f},
+	{value: 0x8132, lo: 0xb8, hi: 0xb8},
+	{value: 0x8101, lo: 0xb9, hi: 0xba},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x6e, offset 0x256
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0xa5, hi: 0xa5},
+	{value: 0x812d, lo: 0xa6, hi: 0xa6},
+	// Block 0x6f, offset 0x259
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xa4, hi: 0xa7},
+	// Block 0x70, offset 0x25b
+	{value: 0x0000, lo: 0x05},
+	{value: 0x812d, lo: 0x86, hi: 0x87},
+	{value: 0x8132, lo: 0x88, hi: 0x8a},
+	{value: 0x812d, lo: 0x8b, hi: 0x8b},
+	{value: 0x8132, lo: 0x8c, hi: 0x8c},
+	{value: 0x812d, lo: 0x8d, hi: 0x90},
+	// Block 0x71, offset 0x261
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x86, hi: 0x86},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x72, offset 0x264
+	{value: 0x17fe, lo: 0x07},
+	{value: 0xa000, lo: 0x99, hi: 0x99},
+	{value: 0x423b, lo: 0x9a, hi: 0x9a},
+	{value: 0xa000, lo: 0x9b, hi: 0x9b},
+	{value: 0x4245, lo: 0x9c, hi: 0x9c},
+	{value: 0xa000, lo: 0xa5, hi: 0xa5},
+	{value: 0x424f, lo: 0xab, hi: 0xab},
+	{value: 0x8104, lo: 0xb9, hi: 0xba},
+	// Block 0x73, offset 0x26c
+	{value: 0x0000, lo: 0x06},
+	{value: 0x8132, lo: 0x80, hi: 0x82},
+	{value: 0x9900, lo: 0xa7, hi: 0xa7},
+	{value: 0x2d81, lo: 0xae, hi: 0xae},
+	{value: 0x2d8b, lo: 0xaf, hi: 0xaf},
+	{value: 0xa000, lo: 0xb1, hi: 0xb2},
+	{value: 0x8104, lo: 0xb3, hi: 0xb4},
+	// Block 0x74, offset 0x273
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x80, hi: 0x80},
+	{value: 0x8102, lo: 0x8a, hi: 0x8a},
+	// Block 0x75, offset 0x276
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb5, hi: 0xb5},
+	{value: 0x8102, lo: 0xb6, hi: 0xb6},
+	// Block 0x76, offset 0x279
+	{value: 0x0002, lo: 0x01},
+	{value: 0x8102, lo: 0xa9, hi: 0xaa},
+	// Block 0x77, offset 0x27b
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0xbb, hi: 0xbc},
+	{value: 0x9900, lo: 0xbe, hi: 0xbe},
+	// Block 0x78, offset 0x27e
+	{value: 0x0000, lo: 0x07},
+	{value: 0xa000, lo: 0x87, hi: 0x87},
+	{value: 0x2d95, lo: 0x8b, hi: 0x8b},
+	{value: 0x2d9f, lo: 0x8c, hi: 0x8c},
+	{value: 0x8104, lo: 0x8d, hi: 0x8d},
+	{value: 0x9900, lo: 0x97, hi: 0x97},
+	{value: 0x8132, lo: 0xa6, hi: 0xac},
+	{value: 0x8132, lo: 0xb0, hi: 0xb4},
+	// Block 0x79, offset 0x286
+	{value: 0x0000, lo: 0x03},
+	{value: 0x8104, lo: 0x82, hi: 0x82},
+	{value: 0x8102, lo: 0x86, hi: 0x86},
+	{value: 0x8132, lo: 0x9e, hi: 0x9e},
+	// Block 0x7a, offset 0x28a
+	{value: 0x6b57, lo: 0x06},
+	{value: 0x9900, lo: 0xb0, hi: 0xb0},
+	{value: 0xa000, lo: 0xb9, hi: 0xb9},
+	{value: 0x9900, lo: 0xba, hi: 0xba},
+	{value: 0x2db3, lo: 0xbb, hi: 0xbb},
+	{value: 0x2da9, lo: 0xbc, hi: 0xbd},
+	{value: 0x2dbd, lo: 0xbe, hi: 0xbe},
+	// Block 0x7b, offset 0x291
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0x82, hi: 0x82},
+	{value: 0x8102, lo: 0x83, hi: 0x83},
+	// Block 0x7c, offset 0x294
+	{value: 0x0000, lo: 0x05},
+	{value: 0x9900, lo: 0xaf, hi: 0xaf},
+	{value: 0xa000, lo: 0xb8, hi: 0xb9},
+	{value: 0x2dc7, lo: 0xba, hi: 0xba},
+	{value: 0x2dd1, lo: 0xbb, hi: 0xbb},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x7d, offset 0x29a
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8102, lo: 0x80, hi: 0x80},
+	// Block 0x7e, offset 0x29c
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xbf, hi: 0xbf},
+	// Block 0x7f, offset 0x29e
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb6, hi: 0xb6},
+	{value: 0x8102, lo: 0xb7, hi: 0xb7},
+	// Block 0x80, offset 0x2a1
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xab, hi: 0xab},
+	// Block 0x81, offset 0x2a3
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8104, lo: 0xb9, hi: 0xb9},
+	{value: 0x8102, lo: 0xba, hi: 0xba},
+	// Block 0x82, offset 0x2a6
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xa0, hi: 0xa0},
+	// Block 0x83, offset 0x2a8
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0xb4, hi: 0xb4},
+	// Block 0x84, offset 0x2aa
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x87, hi: 0x87},
+	// Block 0x85, offset 0x2ac
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x99, hi: 0x99},
+	// Block 0x86, offset 0x2ae
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8102, lo: 0x82, hi: 0x82},
+	{value: 0x8104, lo: 0x84, hi: 0x85},
+	// Block 0x87, offset 0x2b1
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8104, lo: 0x97, hi: 0x97},
+	// Block 0x88, offset 0x2b3
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8101, lo: 0xb0, hi: 0xb4},
+	// Block 0x89, offset 0x2b5
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xb0, hi: 0xb6},
+	// Block 0x8a, offset 0x2b7
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8101, lo: 0x9e, hi: 0x9e},
+	// Block 0x8b, offset 0x2b9
+	{value: 0x0000, lo: 0x0c},
+	{value: 0x45cf, lo: 0x9e, hi: 0x9e},
+	{value: 0x45d9, lo: 0x9f, hi: 0x9f},
+	{value: 0x460d, lo: 0xa0, hi: 0xa0},
+	{value: 0x461b, lo: 0xa1, hi: 0xa1},
+	{value: 0x4629, lo: 0xa2, hi: 0xa2},
+	{value: 0x4637, lo: 0xa3, hi: 0xa3},
+	{value: 0x4645, lo: 0xa4, hi: 0xa4},
+	{value: 0x812b, lo: 0xa5, hi: 0xa6},
+	{value: 0x8101, lo: 0xa7, hi: 0xa9},
+	{value: 0x8130, lo: 0xad, hi: 0xad},
+	{value: 0x812b, lo: 0xae, hi: 0xb2},
+	{value: 0x812d, lo: 0xbb, hi: 0xbf},
+	// Block 0x8c, offset 0x2c6
+	{value: 0x0000, lo: 0x09},
+	{value: 0x812d, lo: 0x80, hi: 0x82},
+	{value: 0x8132, lo: 0x85, hi: 0x89},
+	{value: 0x812d, lo: 0x8a, hi: 0x8b},
+	{value: 0x8132, lo: 0xaa, hi: 0xad},
+	{value: 0x45e3, lo: 0xbb, hi: 0xbb},
+	{value: 0x45ed, lo: 0xbc, hi: 0xbc},
+	{value: 0x4653, lo: 0xbd, hi: 0xbd},
+	{value: 0x466f, lo: 0xbe, hi: 0xbe},
+	{value: 0x4661, lo: 0xbf, hi: 0xbf},
+	// Block 0x8d, offset 0x2d0
+	{value: 0x0000, lo: 0x01},
+	{value: 0x467d, lo: 0x80, hi: 0x80},
+	// Block 0x8e, offset 0x2d2
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0x82, hi: 0x84},
+	// Block 0x8f, offset 0x2d4
+	{value: 0x0002, lo: 0x03},
+	{value: 0x0043, lo: 0x80, hi: 0x99},
+	{value: 0x0083, lo: 0x9a, hi: 0xb3},
+	{value: 0x0043, lo: 0xb4, hi: 0xbf},
+	// Block 0x90, offset 0x2d8
+	{value: 0x0002, lo: 0x04},
+	{value: 0x005b, lo: 0x80, hi: 0x8d},
+	{value: 0x0083, lo: 0x8e, hi: 0x94},
+	{value: 0x0093, lo: 0x96, hi: 0xa7},
+	{value: 0x0043, lo: 0xa8, hi: 0xbf},
+	// Block 0x91, offset 0x2dd
+	{value: 0x0002, lo: 0x0b},
+	{value: 0x0073, lo: 0x80, hi: 0x81},
+	{value: 0x0083, lo: 0x82, hi: 0x9b},
+	{value: 0x0043, lo: 0x9c, hi: 0x9c},
+	{value: 0x0047, lo: 0x9e, hi: 0x9f},
+	{value: 0x004f, lo: 0xa2, hi: 0xa2},
+	{value: 0x0055, lo: 0xa5, hi: 0xa6},
+	{value: 0x005d, lo: 0xa9, hi: 0xac},
+	{value: 0x0067, lo: 0xae, hi: 0xb5},
+	{value: 0x0083, lo: 0xb6, hi: 0xb9},
+	{value: 0x008d, lo: 0xbb, hi: 0xbb},
+	{value: 0x0091, lo: 0xbd, hi: 0xbf},
+	// Block 0x92, offset 0x2e9
+	{value: 0x0002, lo: 0x04},
+	{value: 0x0097, lo: 0x80, hi: 0x83},
+	{value: 0x00a1, lo: 0x85, hi: 0x8f},
+	{value: 0x0043, lo: 0x90, hi: 0xa9},
+	{value: 0x0083, lo: 0xaa, hi: 0xbf},
+	// Block 0x93, offset 0x2ee
+	{value: 0x0002, lo: 0x08},
+	{value: 0x00af, lo: 0x80, hi: 0x83},
+	{value: 0x0043, lo: 0x84, hi: 0x85},
+	{value: 0x0049, lo: 0x87, hi: 0x8a},
+	{value: 0x0055, lo: 0x8d, hi: 0x94},
+	{value: 0x0067, lo: 0x96, hi: 0x9c},
+	{value: 0x0083, lo: 0x9e, hi: 0xb7},
+	{value: 0x0043, lo: 0xb8, hi: 0xb9},
+	{value: 0x0049, lo: 0xbb, hi: 0xbe},
+	// Block 0x94, offset 0x2f7
+	{value: 0x0002, lo: 0x05},
+	{value: 0x0053, lo: 0x80, hi: 0x84},
+	{value: 0x005f, lo: 0x86, hi: 0x86},
+	{value: 0x0067, lo: 0x8a, hi: 0x90},
+	{value: 0x0083, lo: 0x92, hi: 0xab},
+	{value: 0x0043, lo: 0xac, hi: 0xbf},
+	// Block 0x95, offset 0x2fd
+	{value: 0x0002, lo: 0x04},
+	{value: 0x006b, lo: 0x80, hi: 0x85},
+	{value: 0x0083, lo: 0x86, hi: 0x9f},
+	{value: 0x0043, lo: 0xa0, hi: 0xb9},
+	{value: 0x0083, lo: 0xba, hi: 0xbf},
+	// Block 0x96, offset 0x302
+	{value: 0x0002, lo: 0x03},
+	{value: 0x008f, lo: 0x80, hi: 0x93},
+	{value: 0x0043, lo: 0x94, hi: 0xad},
+	{value: 0x0083, lo: 0xae, hi: 0xbf},
+	// Block 0x97, offset 0x306
+	{value: 0x0002, lo: 0x04},
+	{value: 0x00a7, lo: 0x80, hi: 0x87},
+	{value: 0x0043, lo: 0x88, hi: 0xa1},
+	{value: 0x0083, lo: 0xa2, hi: 0xbb},
+	{value: 0x0043, lo: 0xbc, hi: 0xbf},
+	// Block 0x98, offset 0x30b
+	{value: 0x0002, lo: 0x03},
+	{value: 0x004b, lo: 0x80, hi: 0x95},
+	{value: 0x0083, lo: 0x96, hi: 0xaf},
+	{value: 0x0043, lo: 0xb0, hi: 0xbf},
+	// Block 0x99, offset 0x30f
+	{value: 0x0003, lo: 0x0f},
+	{value: 0x01b8, lo: 0x80, hi: 0x80},
+	{value: 0x045f, lo: 0x81, hi: 0x81},
+	{value: 0x01bb, lo: 0x82, hi: 0x9a},
+	{value: 0x045b, lo: 0x9b, hi: 0x9b},
+	{value: 0x01c7, lo: 0x9c, hi: 0x9c},
+	{value: 0x01d0, lo: 0x9d, hi: 0x9d},
+	{value: 0x01d6, lo: 0x9e, hi: 0x9e},
+	{value: 0x01fa, lo: 0x9f, hi: 0x9f},
+	{value: 0x01eb, lo: 0xa0, hi: 0xa0},
+	{value: 0x01e8, lo: 0xa1, hi: 0xa1},
+	{value: 0x0173, lo: 0xa2, hi: 0xb2},
+	{value: 0x0188, lo: 0xb3, hi: 0xb3},
+	{value: 0x01a6, lo: 0xb4, hi: 0xba},
+	{value: 0x045f, lo: 0xbb, hi: 0xbb},
+	{value: 0x01bb, lo: 0xbc, hi: 0xbf},
+	// Block 0x9a, offset 0x31f
+	{value: 0x0003, lo: 0x0d},
+	{value: 0x01c7, lo: 0x80, hi: 0x94},
+	{value: 0x045b, lo: 0x95, hi: 0x95},
+	{value: 0x01c7, lo: 0x96, hi: 0x96},
+	{value: 0x01d0, lo: 0x97, hi: 0x97},
+	{value: 0x01d6, lo: 0x98, hi: 0x98},
+	{value: 0x01fa, lo: 0x99, hi: 0x99},
+	{value: 0x01eb, lo: 0x9a, hi: 0x9a},
+	{value: 0x01e8, lo: 0x9b, hi: 0x9b},
+	{value: 0x0173, lo: 0x9c, hi: 0xac},
+	{value: 0x0188, lo: 0xad, hi: 0xad},
+	{value: 0x01a6, lo: 0xae, hi: 0xb4},
+	{value: 0x045f, lo: 0xb5, hi: 0xb5},
+	{value: 0x01bb, lo: 0xb6, hi: 0xbf},
+	// Block 0x9b, offset 0x32d
+	{value: 0x0003, lo: 0x0d},
+	{value: 0x01d9, lo: 0x80, hi: 0x8e},
+	{value: 0x045b, lo: 0x8f, hi: 0x8f},
+	{value: 0x01c7, lo: 0x90, hi: 0x90},
+	{value: 0x01d0, lo: 0x91, hi: 0x91},
+	{value: 0x01d6, lo: 0x92, hi: 0x92},
+	{value: 0x01fa, lo: 0x93, hi: 0x93},
+	{value: 0x01eb, lo: 0x94, hi: 0x94},
+	{value: 0x01e8, lo: 0x95, hi: 0x95},
+	{value: 0x0173, lo: 0x96, hi: 0xa6},
+	{value: 0x0188, lo: 0xa7, hi: 0xa7},
+	{value: 0x01a6, lo: 0xa8, hi: 0xae},
+	{value: 0x045f, lo: 0xaf, hi: 0xaf},
+	{value: 0x01bb, lo: 0xb0, hi: 0xbf},
+	// Block 0x9c, offset 0x33b
+	{value: 0x0003, lo: 0x0d},
+	{value: 0x01eb, lo: 0x80, hi: 0x88},
+	{value: 0x045b, lo: 0x89, hi: 0x89},
+	{value: 0x01c7, lo: 0x8a, hi: 0x8a},
+	{value: 0x01d0, lo: 0x8b, hi: 0x8b},
+	{value: 0x01d6, lo: 0x8c, hi: 0x8c},
+	{value: 0x01fa, lo: 0x8d, hi: 0x8d},
+	{value: 0x01eb, lo: 0x8e, hi: 0x8e},
+	{value: 0x01e8, lo: 0x8f, hi: 0x8f},
+	{value: 0x0173, lo: 0x90, hi: 0xa0},
+	{value: 0x0188, lo: 0xa1, hi: 0xa1},
+	{value: 0x01a6, lo: 0xa2, hi: 0xa8},
+	{value: 0x045f, lo: 0xa9, hi: 0xa9},
+	{value: 0x01bb, lo: 0xaa, hi: 0xbf},
+	// Block 0x9d, offset 0x349
+	{value: 0x0000, lo: 0x05},
+	{value: 0x8132, lo: 0x80, hi: 0x86},
+	{value: 0x8132, lo: 0x88, hi: 0x98},
+	{value: 0x8132, lo: 0x9b, hi: 0xa1},
+	{value: 0x8132, lo: 0xa3, hi: 0xa4},
+	{value: 0x8132, lo: 0xa6, hi: 0xaa},
+	// Block 0x9e, offset 0x34f
+	{value: 0x0000, lo: 0x01},
+	{value: 0x8132, lo: 0xac, hi: 0xaf},
+	// Block 0x9f, offset 0x351
+	{value: 0x0000, lo: 0x01},
+	{value: 0x812d, lo: 0x90, hi: 0x96},
+	// Block 0xa0, offset 0x353
+	{value: 0x0000, lo: 0x02},
+	{value: 0x8132, lo: 0x84, hi: 0x89},
+	{value: 0x8102, lo: 0x8a, hi: 0x8a},
+	// Block 0xa1, offset 0x356
+	{value: 0x0002, lo: 0x0a},
+	{value: 0x0063, lo: 0x80, hi: 0x89},
+	{value: 0x1951, lo: 0x8a, hi: 0x8a},
+	{value: 0x1984, lo: 0x8b, hi: 0x8b},
+	{value: 0x199f, lo: 0x8c, hi: 0x8c},
+	{value: 0x19a5, lo: 0x8d, hi: 0x8d},
+	{value: 0x1bc3, lo: 0x8e, hi: 0x8e},
+	{value: 0x19b1, lo: 0x8f, hi: 0x8f},
+	{value: 0x197b, lo: 0xaa, hi: 0xaa},
+	{value: 0x197e, lo: 0xab, hi: 0xab},
+	{value: 0x1981, lo: 0xac, hi: 0xac},
+	// Block 0xa2, offset 0x361
+	{value: 0x0000, lo: 0x01},
+	{value: 0x193f, lo: 0x90, hi: 0x90},
+	// Block 0xa3, offset 0x363
+	{value: 0x0028, lo: 0x09},
+	{value: 0x2865, lo: 0x80, hi: 0x80},
+	{value: 0x2829, lo: 0x81, hi: 0x81},
+	{value: 0x2833, lo: 0x82, hi: 0x82},
+	{value: 0x2847, lo: 0x83, hi: 0x84},
+	{value: 0x2851, lo: 0x85, hi: 0x86},
+	{value: 0x283d, lo: 0x87, hi: 0x87},
+	{value: 0x285b, lo: 0x88, hi: 0x88},
+	{value: 0x0b6f, lo: 0x90, hi: 0x90},
+	{value: 0x08e7, lo: 0x91, hi: 0x91},
+}
+
+// recompMap: 7520 bytes (entries only)
+var recompMap map[uint32]rune
+var recompMapOnce sync.Once
+
+const recompMapPacked = "" +
+	"\x00A\x03\x00\x00\x00\x00\xc0" + // 0x00410300: 0x000000C0
+	"\x00A\x03\x01\x00\x00\x00\xc1" + // 0x00410301: 0x000000C1
+	"\x00A\x03\x02\x00\x00\x00\xc2" + // 0x00410302: 0x000000C2
+	"\x00A\x03\x03\x00\x00\x00\xc3" + // 0x00410303: 0x000000C3
+	"\x00A\x03\b\x00\x00\x00\xc4" + // 0x00410308: 0x000000C4
+	"\x00A\x03\n\x00\x00\x00\xc5" + // 0x0041030A: 0x000000C5
+	"\x00C\x03'\x00\x00\x00\xc7" + // 0x00430327: 0x000000C7
+	"\x00E\x03\x00\x00\x00\x00\xc8" + // 0x00450300: 0x000000C8
+	"\x00E\x03\x01\x00\x00\x00\xc9" + // 0x00450301: 0x000000C9
+	"\x00E\x03\x02\x00\x00\x00\xca" + // 0x00450302: 0x000000CA
+	"\x00E\x03\b\x00\x00\x00\xcb" + // 0x00450308: 0x000000CB
+	"\x00I\x03\x00\x00\x00\x00\xcc" + // 0x00490300: 0x000000CC
+	"\x00I\x03\x01\x00\x00\x00\xcd" + // 0x00490301: 0x000000CD
+	"\x00I\x03\x02\x00\x00\x00\xce" + // 0x00490302: 0x000000CE
+	"\x00I\x03\b\x00\x00\x00\xcf" + // 0x00490308: 0x000000CF
+	"\x00N\x03\x03\x00\x00\x00\xd1" + // 0x004E0303: 0x000000D1
+	"\x00O\x03\x00\x00\x00\x00\xd2" + // 0x004F0300: 0x000000D2
+	"\x00O\x03\x01\x00\x00\x00\xd3" + // 0x004F0301: 0x000000D3
+	"\x00O\x03\x02\x00\x00\x00\xd4" + // 0x004F0302: 0x000000D4
+	"\x00O\x03\x03\x00\x00\x00\xd5" + // 0x004F0303: 0x000000D5
+	"\x00O\x03\b\x00\x00\x00\xd6" + // 0x004F0308: 0x000000D6
+	"\x00U\x03\x00\x00\x00\x00\xd9" + // 0x00550300: 0x000000D9
+	"\x00U\x03\x01\x00\x00\x00\xda" + // 0x00550301: 0x000000DA
+	"\x00U\x03\x02\x00\x00\x00\xdb" + // 0x00550302: 0x000000DB
+	"\x00U\x03\b\x00\x00\x00\xdc" + // 0x00550308: 0x000000DC
+	"\x00Y\x03\x01\x00\x00\x00\xdd" + // 0x00590301: 0x000000DD
+	"\x00a\x03\x00\x00\x00\x00\xe0" + // 0x00610300: 0x000000E0
+	"\x00a\x03\x01\x00\x00\x00\xe1" + // 0x00610301: 0x000000E1
+	"\x00a\x03\x02\x00\x00\x00\xe2" + // 0x00610302: 0x000000E2
+	"\x00a\x03\x03\x00\x00\x00\xe3" + // 0x00610303: 0x000000E3
+	"\x00a\x03\b\x00\x00\x00\xe4" + // 0x00610308: 0x000000E4
+	"\x00a\x03\n\x00\x00\x00\xe5" + // 0x0061030A: 0x000000E5
+	"\x00c\x03'\x00\x00\x00\xe7" + // 0x00630327: 0x000000E7
+	"\x00e\x03\x00\x00\x00\x00\xe8" + // 0x00650300: 0x000000E8
+	"\x00e\x03\x01\x00\x00\x00\xe9" + // 0x00650301: 0x000000E9
+	"\x00e\x03\x02\x00\x00\x00\xea" + // 0x00650302: 0x000000EA
+	"\x00e\x03\b\x00\x00\x00\xeb" + // 0x00650308: 0x000000EB
+	"\x00i\x03\x00\x00\x00\x00\xec" + // 0x00690300: 0x000000EC
+	"\x00i\x03\x01\x00\x00\x00\xed" + // 0x00690301: 0x000000ED
+	"\x00i\x03\x02\x00\x00\x00\xee" + // 0x00690302: 0x000000EE
+	"\x00i\x03\b\x00\x00\x00\xef" + // 0x00690308: 0x000000EF
+	"\x00n\x03\x03\x00\x00\x00\xf1" + // 0x006E0303: 0x000000F1
+	"\x00o\x03\x00\x00\x00\x00\xf2" + // 0x006F0300: 0x000000F2
+	"\x00o\x03\x01\x00\x00\x00\xf3" + // 0x006F0301: 0x000000F3
+	"\x00o\x03\x02\x00\x00\x00\xf4" + // 0x006F0302: 0x000000F4
+	"\x00o\x03\x03\x00\x00\x00\xf5" + // 0x006F0303: 0x000000F5
+	"\x00o\x03\b\x00\x00\x00\xf6" + // 0x006F0308: 0x000000F6
+	"\x00u\x03\x00\x00\x00\x00\xf9" + // 0x00750300: 0x000000F9
+	"\x00u\x03\x01\x00\x00\x00\xfa" + // 0x00750301: 0x000000FA
+	"\x00u\x03\x02\x00\x00\x00\xfb" + // 0x00750302: 0x000000FB
+	"\x00u\x03\b\x00\x00\x00\xfc" + // 0x00750308: 0x000000FC
+	"\x00y\x03\x01\x00\x00\x00\xfd" + // 0x00790301: 0x000000FD
+	"\x00y\x03\b\x00\x00\x00\xff" + // 0x00790308: 0x000000FF
+	"\x00A\x03\x04\x00\x00\x01\x00" + // 0x00410304: 0x00000100
+	"\x00a\x03\x04\x00\x00\x01\x01" + // 0x00610304: 0x00000101
+	"\x00A\x03\x06\x00\x00\x01\x02" + // 0x00410306: 0x00000102
+	"\x00a\x03\x06\x00\x00\x01\x03" + // 0x00610306: 0x00000103
+	"\x00A\x03(\x00\x00\x01\x04" + // 0x00410328: 0x00000104
+	"\x00a\x03(\x00\x00\x01\x05" + // 0x00610328: 0x00000105
+	"\x00C\x03\x01\x00\x00\x01\x06" + // 0x00430301: 0x00000106
+	"\x00c\x03\x01\x00\x00\x01\a" + // 0x00630301: 0x00000107
+	"\x00C\x03\x02\x00\x00\x01\b" + // 0x00430302: 0x00000108
+	"\x00c\x03\x02\x00\x00\x01\t" + // 0x00630302: 0x00000109
+	"\x00C\x03\a\x00\x00\x01\n" + // 0x00430307: 0x0000010A
+	"\x00c\x03\a\x00\x00\x01\v" + // 0x00630307: 0x0000010B
+	"\x00C\x03\f\x00\x00\x01\f" + // 0x0043030C: 0x0000010C
+	"\x00c\x03\f\x00\x00\x01\r" + // 0x0063030C: 0x0000010D
+	"\x00D\x03\f\x00\x00\x01\x0e" + // 0x0044030C: 0x0000010E
+	"\x00d\x03\f\x00\x00\x01\x0f" + // 0x0064030C: 0x0000010F
+	"\x00E\x03\x04\x00\x00\x01\x12" + // 0x00450304: 0x00000112
+	"\x00e\x03\x04\x00\x00\x01\x13" + // 0x00650304: 0x00000113
+	"\x00E\x03\x06\x00\x00\x01\x14" + // 0x00450306: 0x00000114
+	"\x00e\x03\x06\x00\x00\x01\x15" + // 0x00650306: 0x00000115
+	"\x00E\x03\a\x00\x00\x01\x16" + // 0x00450307: 0x00000116
+	"\x00e\x03\a\x00\x00\x01\x17" + // 0x00650307: 0x00000117
+	"\x00E\x03(\x00\x00\x01\x18" + // 0x00450328: 0x00000118
+	"\x00e\x03(\x00\x00\x01\x19" + // 0x00650328: 0x00000119
+	"\x00E\x03\f\x00\x00\x01\x1a" + // 0x0045030C: 0x0000011A
+	"\x00e\x03\f\x00\x00\x01\x1b" + // 0x0065030C: 0x0000011B
+	"\x00G\x03\x02\x00\x00\x01\x1c" + // 0x00470302: 0x0000011C
+	"\x00g\x03\x02\x00\x00\x01\x1d" + // 0x00670302: 0x0000011D
+	"\x00G\x03\x06\x00\x00\x01\x1e" + // 0x00470306: 0x0000011E
+	"\x00g\x03\x06\x00\x00\x01\x1f" + // 0x00670306: 0x0000011F
+	"\x00G\x03\a\x00\x00\x01 " + // 0x00470307: 0x00000120
+	"\x00g\x03\a\x00\x00\x01!" + // 0x00670307: 0x00000121
+	"\x00G\x03'\x00\x00\x01\"" + // 0x00470327: 0x00000122
+	"\x00g\x03'\x00\x00\x01#" + // 0x00670327: 0x00000123
+	"\x00H\x03\x02\x00\x00\x01$" + // 0x00480302: 0x00000124
+	"\x00h\x03\x02\x00\x00\x01%" + // 0x00680302: 0x00000125
+	"\x00I\x03\x03\x00\x00\x01(" + // 0x00490303: 0x00000128
+	"\x00i\x03\x03\x00\x00\x01)" + // 0x00690303: 0x00000129
+	"\x00I\x03\x04\x00\x00\x01*" + // 0x00490304: 0x0000012A
+	"\x00i\x03\x04\x00\x00\x01+" + // 0x00690304: 0x0000012B
+	"\x00I\x03\x06\x00\x00\x01," + // 0x00490306: 0x0000012C
+	"\x00i\x03\x06\x00\x00\x01-" + // 0x00690306: 0x0000012D
+	"\x00I\x03(\x00\x00\x01." + // 0x00490328: 0x0000012E
+	"\x00i\x03(\x00\x00\x01/" + // 0x00690328: 0x0000012F
+	"\x00I\x03\a\x00\x00\x010" + // 0x00490307: 0x00000130
+	"\x00J\x03\x02\x00\x00\x014" + // 0x004A0302: 0x00000134
+	"\x00j\x03\x02\x00\x00\x015" + // 0x006A0302: 0x00000135
+	"\x00K\x03'\x00\x00\x016" + // 0x004B0327: 0x00000136
+	"\x00k\x03'\x00\x00\x017" + // 0x006B0327: 0x00000137
+	"\x00L\x03\x01\x00\x00\x019" + // 0x004C0301: 0x00000139
+	"\x00l\x03\x01\x00\x00\x01:" + // 0x006C0301: 0x0000013A
+	"\x00L\x03'\x00\x00\x01;" + // 0x004C0327: 0x0000013B
+	"\x00l\x03'\x00\x00\x01<" + // 0x006C0327: 0x0000013C
+	"\x00L\x03\f\x00\x00\x01=" + // 0x004C030C: 0x0000013D
+	"\x00l\x03\f\x00\x00\x01>" + // 0x006C030C: 0x0000013E
+	"\x00N\x03\x01\x00\x00\x01C" + // 0x004E0301: 0x00000143
+	"\x00n\x03\x01\x00\x00\x01D" + // 0x006E0301: 0x00000144
+	"\x00N\x03'\x00\x00\x01E" + // 0x004E0327: 0x00000145
+	"\x00n\x03'\x00\x00\x01F" + // 0x006E0327: 0x00000146
+	"\x00N\x03\f\x00\x00\x01G" + // 0x004E030C: 0x00000147
+	"\x00n\x03\f\x00\x00\x01H" + // 0x006E030C: 0x00000148
+	"\x00O\x03\x04\x00\x00\x01L" + // 0x004F0304: 0x0000014C
+	"\x00o\x03\x04\x00\x00\x01M" + // 0x006F0304: 0x0000014D
+	"\x00O\x03\x06\x00\x00\x01N" + // 0x004F0306: 0x0000014E
+	"\x00o\x03\x06\x00\x00\x01O" + // 0x006F0306: 0x0000014F
+	"\x00O\x03\v\x00\x00\x01P" + // 0x004F030B: 0x00000150
+	"\x00o\x03\v\x00\x00\x01Q" + // 0x006F030B: 0x00000151
+	"\x00R\x03\x01\x00\x00\x01T" + // 0x00520301: 0x00000154
+	"\x00r\x03\x01\x00\x00\x01U" + // 0x00720301: 0x00000155
+	"\x00R\x03'\x00\x00\x01V" + // 0x00520327: 0x00000156
+	"\x00r\x03'\x00\x00\x01W" + // 0x00720327: 0x00000157
+	"\x00R\x03\f\x00\x00\x01X" + // 0x0052030C: 0x00000158
+	"\x00r\x03\f\x00\x00\x01Y" + // 0x0072030C: 0x00000159
+	"\x00S\x03\x01\x00\x00\x01Z" + // 0x00530301: 0x0000015A
+	"\x00s\x03\x01\x00\x00\x01[" + // 0x00730301: 0x0000015B
+	"\x00S\x03\x02\x00\x00\x01\\" + // 0x00530302: 0x0000015C
+	"\x00s\x03\x02\x00\x00\x01]" + // 0x00730302: 0x0000015D
+	"\x00S\x03'\x00\x00\x01^" + // 0x00530327: 0x0000015E
+	"\x00s\x03'\x00\x00\x01_" + // 0x00730327: 0x0000015F
+	"\x00S\x03\f\x00\x00\x01`" + // 0x0053030C: 0x00000160
+	"\x00s\x03\f\x00\x00\x01a" + // 0x0073030C: 0x00000161
+	"\x00T\x03'\x00\x00\x01b" + // 0x00540327: 0x00000162
+	"\x00t\x03'\x00\x00\x01c" + // 0x00740327: 0x00000163
+	"\x00T\x03\f\x00\x00\x01d" + // 0x0054030C: 0x00000164
+	"\x00t\x03\f\x00\x00\x01e" + // 0x0074030C: 0x00000165
+	"\x00U\x03\x03\x00\x00\x01h" + // 0x00550303: 0x00000168
+	"\x00u\x03\x03\x00\x00\x01i" + // 0x00750303: 0x00000169
+	"\x00U\x03\x04\x00\x00\x01j" + // 0x00550304: 0x0000016A
+	"\x00u\x03\x04\x00\x00\x01k" + // 0x00750304: 0x0000016B
+	"\x00U\x03\x06\x00\x00\x01l" + // 0x00550306: 0x0000016C
+	"\x00u\x03\x06\x00\x00\x01m" + // 0x00750306: 0x0000016D
+	"\x00U\x03\n\x00\x00\x01n" + // 0x0055030A: 0x0000016E
+	"\x00u\x03\n\x00\x00\x01o" + // 0x0075030A: 0x0000016F
+	"\x00U\x03\v\x00\x00\x01p" + // 0x0055030B: 0x00000170
+	"\x00u\x03\v\x00\x00\x01q" + // 0x0075030B: 0x00000171
+	"\x00U\x03(\x00\x00\x01r" + // 0x00550328: 0x00000172
+	"\x00u\x03(\x00\x00\x01s" + // 0x00750328: 0x00000173
+	"\x00W\x03\x02\x00\x00\x01t" + // 0x00570302: 0x00000174
+	"\x00w\x03\x02\x00\x00\x01u" + // 0x00770302: 0x00000175
+	"\x00Y\x03\x02\x00\x00\x01v" + // 0x00590302: 0x00000176
+	"\x00y\x03\x02\x00\x00\x01w" + // 0x00790302: 0x00000177
+	"\x00Y\x03\b\x00\x00\x01x" + // 0x00590308: 0x00000178
+	"\x00Z\x03\x01\x00\x00\x01y" + // 0x005A0301: 0x00000179
+	"\x00z\x03\x01\x00\x00\x01z" + // 0x007A0301: 0x0000017A
+	"\x00Z\x03\a\x00\x00\x01{" + // 0x005A0307: 0x0000017B
+	"\x00z\x03\a\x00\x00\x01|" + // 0x007A0307: 0x0000017C
+	"\x00Z\x03\f\x00\x00\x01}" + // 0x005A030C: 0x0000017D
+	"\x00z\x03\f\x00\x00\x01~" + // 0x007A030C: 0x0000017E
+	"\x00O\x03\x1b\x00\x00\x01\xa0" + // 0x004F031B: 0x000001A0
+	"\x00o\x03\x1b\x00\x00\x01\xa1" + // 0x006F031B: 0x000001A1
+	"\x00U\x03\x1b\x00\x00\x01\xaf" + // 0x0055031B: 0x000001AF
+	"\x00u\x03\x1b\x00\x00\x01\xb0" + // 0x0075031B: 0x000001B0
+	"\x00A\x03\f\x00\x00\x01\xcd" + // 0x0041030C: 0x000001CD
+	"\x00a\x03\f\x00\x00\x01\xce" + // 0x0061030C: 0x000001CE
+	"\x00I\x03\f\x00\x00\x01\xcf" + // 0x0049030C: 0x000001CF
+	"\x00i\x03\f\x00\x00\x01\xd0" + // 0x0069030C: 0x000001D0
+	"\x00O\x03\f\x00\x00\x01\xd1" + // 0x004F030C: 0x000001D1
+	"\x00o\x03\f\x00\x00\x01\xd2" + // 0x006F030C: 0x000001D2
+	"\x00U\x03\f\x00\x00\x01\xd3" + // 0x0055030C: 0x000001D3
+	"\x00u\x03\f\x00\x00\x01\xd4" + // 0x0075030C: 0x000001D4
+	"\x00\xdc\x03\x04\x00\x00\x01\xd5" + // 0x00DC0304: 0x000001D5
+	"\x00\xfc\x03\x04\x00\x00\x01\xd6" + // 0x00FC0304: 0x000001D6
+	"\x00\xdc\x03\x01\x00\x00\x01\xd7" + // 0x00DC0301: 0x000001D7
+	"\x00\xfc\x03\x01\x00\x00\x01\xd8" + // 0x00FC0301: 0x000001D8
+	"\x00\xdc\x03\f\x00\x00\x01\xd9" + // 0x00DC030C: 0x000001D9
+	"\x00\xfc\x03\f\x00\x00\x01\xda" + // 0x00FC030C: 0x000001DA
+	"\x00\xdc\x03\x00\x00\x00\x01\xdb" + // 0x00DC0300: 0x000001DB
+	"\x00\xfc\x03\x00\x00\x00\x01\xdc" + // 0x00FC0300: 0x000001DC
+	"\x00\xc4\x03\x04\x00\x00\x01\xde" + // 0x00C40304: 0x000001DE
+	"\x00\xe4\x03\x04\x00\x00\x01\xdf" + // 0x00E40304: 0x000001DF
+	"\x02&\x03\x04\x00\x00\x01\xe0" + // 0x02260304: 0x000001E0
+	"\x02'\x03\x04\x00\x00\x01\xe1" + // 0x02270304: 0x000001E1
+	"\x00\xc6\x03\x04\x00\x00\x01\xe2" + // 0x00C60304: 0x000001E2
+	"\x00\xe6\x03\x04\x00\x00\x01\xe3" + // 0x00E60304: 0x000001E3
+	"\x00G\x03\f\x00\x00\x01\xe6" + // 0x0047030C: 0x000001E6
+	"\x00g\x03\f\x00\x00\x01\xe7" + // 0x0067030C: 0x000001E7
+	"\x00K\x03\f\x00\x00\x01\xe8" + // 0x004B030C: 0x000001E8
+	"\x00k\x03\f\x00\x00\x01\xe9" + // 0x006B030C: 0x000001E9
+	"\x00O\x03(\x00\x00\x01\xea" + // 0x004F0328: 0x000001EA
+	"\x00o\x03(\x00\x00\x01\xeb" + // 0x006F0328: 0x000001EB
+	"\x01\xea\x03\x04\x00\x00\x01\xec" + // 0x01EA0304: 0x000001EC
+	"\x01\xeb\x03\x04\x00\x00\x01\xed" + // 0x01EB0304: 0x000001ED
+	"\x01\xb7\x03\f\x00\x00\x01\xee" + // 0x01B7030C: 0x000001EE
+	"\x02\x92\x03\f\x00\x00\x01\xef" + // 0x0292030C: 0x000001EF
+	"\x00j\x03\f\x00\x00\x01\xf0" + // 0x006A030C: 0x000001F0
+	"\x00G\x03\x01\x00\x00\x01\xf4" + // 0x00470301: 0x000001F4
+	"\x00g\x03\x01\x00\x00\x01\xf5" + // 0x00670301: 0x000001F5
+	"\x00N\x03\x00\x00\x00\x01\xf8" + // 0x004E0300: 0x000001F8
+	"\x00n\x03\x00\x00\x00\x01\xf9" + // 0x006E0300: 0x000001F9
+	"\x00\xc5\x03\x01\x00\x00\x01\xfa" + // 0x00C50301: 0x000001FA
+	"\x00\xe5\x03\x01\x00\x00\x01\xfb" + // 0x00E50301: 0x000001FB
+	"\x00\xc6\x03\x01\x00\x00\x01\xfc" + // 0x00C60301: 0x000001FC
+	"\x00\xe6\x03\x01\x00\x00\x01\xfd" + // 0x00E60301: 0x000001FD
+	"\x00\xd8\x03\x01\x00\x00\x01\xfe" + // 0x00D80301: 0x000001FE
+	"\x00\xf8\x03\x01\x00\x00\x01\xff" + // 0x00F80301: 0x000001FF
+	"\x00A\x03\x0f\x00\x00\x02\x00" + // 0x0041030F: 0x00000200
+	"\x00a\x03\x0f\x00\x00\x02\x01" + // 0x0061030F: 0x00000201
+	"\x00A\x03\x11\x00\x00\x02\x02" + // 0x00410311: 0x00000202
+	"\x00a\x03\x11\x00\x00\x02\x03" + // 0x00610311: 0x00000203
+	"\x00E\x03\x0f\x00\x00\x02\x04" + // 0x0045030F: 0x00000204
+	"\x00e\x03\x0f\x00\x00\x02\x05" + // 0x0065030F: 0x00000205
+	"\x00E\x03\x11\x00\x00\x02\x06" + // 0x00450311: 0x00000206
+	"\x00e\x03\x11\x00\x00\x02\a" + // 0x00650311: 0x00000207
+	"\x00I\x03\x0f\x00\x00\x02\b" + // 0x0049030F: 0x00000208
+	"\x00i\x03\x0f\x00\x00\x02\t" + // 0x0069030F: 0x00000209
+	"\x00I\x03\x11\x00\x00\x02\n" + // 0x00490311: 0x0000020A
+	"\x00i\x03\x11\x00\x00\x02\v" + // 0x00690311: 0x0000020B
+	"\x00O\x03\x0f\x00\x00\x02\f" + // 0x004F030F: 0x0000020C
+	"\x00o\x03\x0f\x00\x00\x02\r" + // 0x006F030F: 0x0000020D
+	"\x00O\x03\x11\x00\x00\x02\x0e" + // 0x004F0311: 0x0000020E
+	"\x00o\x03\x11\x00\x00\x02\x0f" + // 0x006F0311: 0x0000020F
+	"\x00R\x03\x0f\x00\x00\x02\x10" + // 0x0052030F: 0x00000210
+	"\x00r\x03\x0f\x00\x00\x02\x11" + // 0x0072030F: 0x00000211
+	"\x00R\x03\x11\x00\x00\x02\x12" + // 0x00520311: 0x00000212
+	"\x00r\x03\x11\x00\x00\x02\x13" + // 0x00720311: 0x00000213
+	"\x00U\x03\x0f\x00\x00\x02\x14" + // 0x0055030F: 0x00000214
+	"\x00u\x03\x0f\x00\x00\x02\x15" + // 0x0075030F: 0x00000215
+	"\x00U\x03\x11\x00\x00\x02\x16" + // 0x00550311: 0x00000216
+	"\x00u\x03\x11\x00\x00\x02\x17" + // 0x00750311: 0x00000217
+	"\x00S\x03&\x00\x00\x02\x18" + // 0x00530326: 0x00000218
+	"\x00s\x03&\x00\x00\x02\x19" + // 0x00730326: 0x00000219
+	"\x00T\x03&\x00\x00\x02\x1a" + // 0x00540326: 0x0000021A
+	"\x00t\x03&\x00\x00\x02\x1b" + // 0x00740326: 0x0000021B
+	"\x00H\x03\f\x00\x00\x02\x1e" + // 0x0048030C: 0x0000021E
+	"\x00h\x03\f\x00\x00\x02\x1f" + // 0x0068030C: 0x0000021F
+	"\x00A\x03\a\x00\x00\x02&" + // 0x00410307: 0x00000226
+	"\x00a\x03\a\x00\x00\x02'" + // 0x00610307: 0x00000227
+	"\x00E\x03'\x00\x00\x02(" + // 0x00450327: 0x00000228
+	"\x00e\x03'\x00\x00\x02)" + // 0x00650327: 0x00000229
+	"\x00\xd6\x03\x04\x00\x00\x02*" + // 0x00D60304: 0x0000022A
+	"\x00\xf6\x03\x04\x00\x00\x02+" + // 0x00F60304: 0x0000022B
+	"\x00\xd5\x03\x04\x00\x00\x02," + // 0x00D50304: 0x0000022C
+	"\x00\xf5\x03\x04\x00\x00\x02-" + // 0x00F50304: 0x0000022D
+	"\x00O\x03\a\x00\x00\x02." + // 0x004F0307: 0x0000022E
+	"\x00o\x03\a\x00\x00\x02/" + // 0x006F0307: 0x0000022F
+	"\x02.\x03\x04\x00\x00\x020" + // 0x022E0304: 0x00000230
+	"\x02/\x03\x04\x00\x00\x021" + // 0x022F0304: 0x00000231
+	"\x00Y\x03\x04\x00\x00\x022" + // 0x00590304: 0x00000232
+	"\x00y\x03\x04\x00\x00\x023" + // 0x00790304: 0x00000233
+	"\x00\xa8\x03\x01\x00\x00\x03\x85" + // 0x00A80301: 0x00000385
+	"\x03\x91\x03\x01\x00\x00\x03\x86" + // 0x03910301: 0x00000386
+	"\x03\x95\x03\x01\x00\x00\x03\x88" + // 0x03950301: 0x00000388
+	"\x03\x97\x03\x01\x00\x00\x03\x89" + // 0x03970301: 0x00000389
+	"\x03\x99\x03\x01\x00\x00\x03\x8a" + // 0x03990301: 0x0000038A
+	"\x03\x9f\x03\x01\x00\x00\x03\x8c" + // 0x039F0301: 0x0000038C
+	"\x03\xa5\x03\x01\x00\x00\x03\x8e" + // 0x03A50301: 0x0000038E
+	"\x03\xa9\x03\x01\x00\x00\x03\x8f" + // 0x03A90301: 0x0000038F
+	"\x03\xca\x03\x01\x00\x00\x03\x90" + // 0x03CA0301: 0x00000390
+	"\x03\x99\x03\b\x00\x00\x03\xaa" + // 0x03990308: 0x000003AA
+	"\x03\xa5\x03\b\x00\x00\x03\xab" + // 0x03A50308: 0x000003AB
+	"\x03\xb1\x03\x01\x00\x00\x03\xac" + // 0x03B10301: 0x000003AC
+	"\x03\xb5\x03\x01\x00\x00\x03\xad" + // 0x03B50301: 0x000003AD
+	"\x03\xb7\x03\x01\x00\x00\x03\xae" + // 0x03B70301: 0x000003AE
+	"\x03\xb9\x03\x01\x00\x00\x03\xaf" + // 0x03B90301: 0x000003AF
+	"\x03\xcb\x03\x01\x00\x00\x03\xb0" + // 0x03CB0301: 0x000003B0
+	"\x03\xb9\x03\b\x00\x00\x03\xca" + // 0x03B90308: 0x000003CA
+	"\x03\xc5\x03\b\x00\x00\x03\xcb" + // 0x03C50308: 0x000003CB
+	"\x03\xbf\x03\x01\x00\x00\x03\xcc" + // 0x03BF0301: 0x000003CC
+	"\x03\xc5\x03\x01\x00\x00\x03\xcd" + // 0x03C50301: 0x000003CD
+	"\x03\xc9\x03\x01\x00\x00\x03\xce" + // 0x03C90301: 0x000003CE
+	"\x03\xd2\x03\x01\x00\x00\x03\xd3" + // 0x03D20301: 0x000003D3
+	"\x03\xd2\x03\b\x00\x00\x03\xd4" + // 0x03D20308: 0x000003D4
+	"\x04\x15\x03\x00\x00\x00\x04\x00" + // 0x04150300: 0x00000400
+	"\x04\x15\x03\b\x00\x00\x04\x01" + // 0x04150308: 0x00000401
+	"\x04\x13\x03\x01\x00\x00\x04\x03" + // 0x04130301: 0x00000403
+	"\x04\x06\x03\b\x00\x00\x04\a" + // 0x04060308: 0x00000407
+	"\x04\x1a\x03\x01\x00\x00\x04\f" + // 0x041A0301: 0x0000040C
+	"\x04\x18\x03\x00\x00\x00\x04\r" + // 0x04180300: 0x0000040D
+	"\x04#\x03\x06\x00\x00\x04\x0e" + // 0x04230306: 0x0000040E
+	"\x04\x18\x03\x06\x00\x00\x04\x19" + // 0x04180306: 0x00000419
+	"\x048\x03\x06\x00\x00\x049" + // 0x04380306: 0x00000439
+	"\x045\x03\x00\x00\x00\x04P" + // 0x04350300: 0x00000450
+	"\x045\x03\b\x00\x00\x04Q" + // 0x04350308: 0x00000451
+	"\x043\x03\x01\x00\x00\x04S" + // 0x04330301: 0x00000453
+	"\x04V\x03\b\x00\x00\x04W" + // 0x04560308: 0x00000457
+	"\x04:\x03\x01\x00\x00\x04\\" + // 0x043A0301: 0x0000045C
+	"\x048\x03\x00\x00\x00\x04]" + // 0x04380300: 0x0000045D
+	"\x04C\x03\x06\x00\x00\x04^" + // 0x04430306: 0x0000045E
+	"\x04t\x03\x0f\x00\x00\x04v" + // 0x0474030F: 0x00000476
+	"\x04u\x03\x0f\x00\x00\x04w" + // 0x0475030F: 0x00000477
+	"\x04\x16\x03\x06\x00\x00\x04\xc1" + // 0x04160306: 0x000004C1
+	"\x046\x03\x06\x00\x00\x04\xc2" + // 0x04360306: 0x000004C2
+	"\x04\x10\x03\x06\x00\x00\x04\xd0" + // 0x04100306: 0x000004D0
+	"\x040\x03\x06\x00\x00\x04\xd1" + // 0x04300306: 0x000004D1
+	"\x04\x10\x03\b\x00\x00\x04\xd2" + // 0x04100308: 0x000004D2
+	"\x040\x03\b\x00\x00\x04\xd3" + // 0x04300308: 0x000004D3
+	"\x04\x15\x03\x06\x00\x00\x04\xd6" + // 0x04150306: 0x000004D6
+	"\x045\x03\x06\x00\x00\x04\xd7" + // 0x04350306: 0x000004D7
+	"\x04\xd8\x03\b\x00\x00\x04\xda" + // 0x04D80308: 0x000004DA
+	"\x04\xd9\x03\b\x00\x00\x04\xdb" + // 0x04D90308: 0x000004DB
+	"\x04\x16\x03\b\x00\x00\x04\xdc" + // 0x04160308: 0x000004DC
+	"\x046\x03\b\x00\x00\x04\xdd" + // 0x04360308: 0x000004DD
+	"\x04\x17\x03\b\x00\x00\x04\xde" + // 0x04170308: 0x000004DE
+	"\x047\x03\b\x00\x00\x04\xdf" + // 0x04370308: 0x000004DF
+	"\x04\x18\x03\x04\x00\x00\x04\xe2" + // 0x04180304: 0x000004E2
+	"\x048\x03\x04\x00\x00\x04\xe3" + // 0x04380304: 0x000004E3
+	"\x04\x18\x03\b\x00\x00\x04\xe4" + // 0x04180308: 0x000004E4
+	"\x048\x03\b\x00\x00\x04\xe5" + // 0x04380308: 0x000004E5
+	"\x04\x1e\x03\b\x00\x00\x04\xe6" + // 0x041E0308: 0x000004E6
+	"\x04>\x03\b\x00\x00\x04\xe7" + // 0x043E0308: 0x000004E7
+	"\x04\xe8\x03\b\x00\x00\x04\xea" + // 0x04E80308: 0x000004EA
+	"\x04\xe9\x03\b\x00\x00\x04\xeb" + // 0x04E90308: 0x000004EB
+	"\x04-\x03\b\x00\x00\x04\xec" + // 0x042D0308: 0x000004EC
+	"\x04M\x03\b\x00\x00\x04\xed" + // 0x044D0308: 0x000004ED
+	"\x04#\x03\x04\x00\x00\x04\xee" + // 0x04230304: 0x000004EE
+	"\x04C\x03\x04\x00\x00\x04\xef" + // 0x04430304: 0x000004EF
+	"\x04#\x03\b\x00\x00\x04\xf0" + // 0x04230308: 0x000004F0
+	"\x04C\x03\b\x00\x00\x04\xf1" + // 0x04430308: 0x000004F1
+	"\x04#\x03\v\x00\x00\x04\xf2" + // 0x0423030B: 0x000004F2
+	"\x04C\x03\v\x00\x00\x04\xf3" + // 0x0443030B: 0x000004F3
+	"\x04'\x03\b\x00\x00\x04\xf4" + // 0x04270308: 0x000004F4
+	"\x04G\x03\b\x00\x00\x04\xf5" + // 0x04470308: 0x000004F5
+	"\x04+\x03\b\x00\x00\x04\xf8" + // 0x042B0308: 0x000004F8
+	"\x04K\x03\b\x00\x00\x04\xf9" + // 0x044B0308: 0x000004F9
+	"\x06'\x06S\x00\x00\x06\"" + // 0x06270653: 0x00000622
+	"\x06'\x06T\x00\x00\x06#" + // 0x06270654: 0x00000623
+	"\x06H\x06T\x00\x00\x06$" + // 0x06480654: 0x00000624
+	"\x06'\x06U\x00\x00\x06%" + // 0x06270655: 0x00000625
+	"\x06J\x06T\x00\x00\x06&" + // 0x064A0654: 0x00000626
+	"\x06\xd5\x06T\x00\x00\x06\xc0" + // 0x06D50654: 0x000006C0
+	"\x06\xc1\x06T\x00\x00\x06\xc2" + // 0x06C10654: 0x000006C2
+	"\x06\xd2\x06T\x00\x00\x06\xd3" + // 0x06D20654: 0x000006D3
+	"\t(\t<\x00\x00\t)" + // 0x0928093C: 0x00000929
+	"\t0\t<\x00\x00\t1" + // 0x0930093C: 0x00000931
+	"\t3\t<\x00\x00\t4" + // 0x0933093C: 0x00000934
+	"\t\xc7\t\xbe\x00\x00\t\xcb" + // 0x09C709BE: 0x000009CB
+	"\t\xc7\t\xd7\x00\x00\t\xcc" + // 0x09C709D7: 0x000009CC
+	"\vG\vV\x00\x00\vH" + // 0x0B470B56: 0x00000B48
+	"\vG\v>\x00\x00\vK" + // 0x0B470B3E: 0x00000B4B
+	"\vG\vW\x00\x00\vL" + // 0x0B470B57: 0x00000B4C
+	"\v\x92\v\xd7\x00\x00\v\x94" + // 0x0B920BD7: 0x00000B94
+	"\v\xc6\v\xbe\x00\x00\v\xca" + // 0x0BC60BBE: 0x00000BCA
+	"\v\xc7\v\xbe\x00\x00\v\xcb" + // 0x0BC70BBE: 0x00000BCB
+	"\v\xc6\v\xd7\x00\x00\v\xcc" + // 0x0BC60BD7: 0x00000BCC
+	"\fF\fV\x00\x00\fH" + // 0x0C460C56: 0x00000C48
+	"\f\xbf\f\xd5\x00\x00\f\xc0" + // 0x0CBF0CD5: 0x00000CC0
+	"\f\xc6\f\xd5\x00\x00\f\xc7" + // 0x0CC60CD5: 0x00000CC7
+	"\f\xc6\f\xd6\x00\x00\f\xc8" + // 0x0CC60CD6: 0x00000CC8
+	"\f\xc6\f\xc2\x00\x00\f\xca" + // 0x0CC60CC2: 0x00000CCA
+	"\f\xca\f\xd5\x00\x00\f\xcb" + // 0x0CCA0CD5: 0x00000CCB
+	"\rF\r>\x00\x00\rJ" + // 0x0D460D3E: 0x00000D4A
+	"\rG\r>\x00\x00\rK" + // 0x0D470D3E: 0x00000D4B
+	"\rF\rW\x00\x00\rL" + // 0x0D460D57: 0x00000D4C
+	"\r\xd9\r\xca\x00\x00\r\xda" + // 0x0DD90DCA: 0x00000DDA
+	"\r\xd9\r\xcf\x00\x00\r\xdc" + // 0x0DD90DCF: 0x00000DDC
+	"\r\xdc\r\xca\x00\x00\r\xdd" + // 0x0DDC0DCA: 0x00000DDD
+	"\r\xd9\r\xdf\x00\x00\r\xde" + // 0x0DD90DDF: 0x00000DDE
+	"\x10%\x10.\x00\x00\x10&" + // 0x1025102E: 0x00001026
+	"\x1b\x05\x1b5\x00\x00\x1b\x06" + // 0x1B051B35: 0x00001B06
+	"\x1b\a\x1b5\x00\x00\x1b\b" + // 0x1B071B35: 0x00001B08
+	"\x1b\t\x1b5\x00\x00\x1b\n" + // 0x1B091B35: 0x00001B0A
+	"\x1b\v\x1b5\x00\x00\x1b\f" + // 0x1B0B1B35: 0x00001B0C
+	"\x1b\r\x1b5\x00\x00\x1b\x0e" + // 0x1B0D1B35: 0x00001B0E
+	"\x1b\x11\x1b5\x00\x00\x1b\x12" + // 0x1B111B35: 0x00001B12
+	"\x1b:\x1b5\x00\x00\x1b;" + // 0x1B3A1B35: 0x00001B3B
+	"\x1b<\x1b5\x00\x00\x1b=" + // 0x1B3C1B35: 0x00001B3D
+	"\x1b>\x1b5\x00\x00\x1b@" + // 0x1B3E1B35: 0x00001B40
+	"\x1b?\x1b5\x00\x00\x1bA" + // 0x1B3F1B35: 0x00001B41
+	"\x1bB\x1b5\x00\x00\x1bC" + // 0x1B421B35: 0x00001B43
+	"\x00A\x03%\x00\x00\x1e\x00" + // 0x00410325: 0x00001E00
+	"\x00a\x03%\x00\x00\x1e\x01" + // 0x00610325: 0x00001E01
+	"\x00B\x03\a\x00\x00\x1e\x02" + // 0x00420307: 0x00001E02
+	"\x00b\x03\a\x00\x00\x1e\x03" + // 0x00620307: 0x00001E03
+	"\x00B\x03#\x00\x00\x1e\x04" + // 0x00420323: 0x00001E04
+	"\x00b\x03#\x00\x00\x1e\x05" + // 0x00620323: 0x00001E05
+	"\x00B\x031\x00\x00\x1e\x06" + // 0x00420331: 0x00001E06
+	"\x00b\x031\x00\x00\x1e\a" + // 0x00620331: 0x00001E07
+	"\x00\xc7\x03\x01\x00\x00\x1e\b" + // 0x00C70301: 0x00001E08
+	"\x00\xe7\x03\x01\x00\x00\x1e\t" + // 0x00E70301: 0x00001E09
+	"\x00D\x03\a\x00\x00\x1e\n" + // 0x00440307: 0x00001E0A
+	"\x00d\x03\a\x00\x00\x1e\v" + // 0x00640307: 0x00001E0B
+	"\x00D\x03#\x00\x00\x1e\f" + // 0x00440323: 0x00001E0C
+	"\x00d\x03#\x00\x00\x1e\r" + // 0x00640323: 0x00001E0D
+	"\x00D\x031\x00\x00\x1e\x0e" + // 0x00440331: 0x00001E0E
+	"\x00d\x031\x00\x00\x1e\x0f" + // 0x00640331: 0x00001E0F
+	"\x00D\x03'\x00\x00\x1e\x10" + // 0x00440327: 0x00001E10
+	"\x00d\x03'\x00\x00\x1e\x11" + // 0x00640327: 0x00001E11
+	"\x00D\x03-\x00\x00\x1e\x12" + // 0x0044032D: 0x00001E12
+	"\x00d\x03-\x00\x00\x1e\x13" + // 0x0064032D: 0x00001E13
+	"\x01\x12\x03\x00\x00\x00\x1e\x14" + // 0x01120300: 0x00001E14
+	"\x01\x13\x03\x00\x00\x00\x1e\x15" + // 0x01130300: 0x00001E15
+	"\x01\x12\x03\x01\x00\x00\x1e\x16" + // 0x01120301: 0x00001E16
+	"\x01\x13\x03\x01\x00\x00\x1e\x17" + // 0x01130301: 0x00001E17
+	"\x00E\x03-\x00\x00\x1e\x18" + // 0x0045032D: 0x00001E18
+	"\x00e\x03-\x00\x00\x1e\x19" + // 0x0065032D: 0x00001E19
+	"\x00E\x030\x00\x00\x1e\x1a" + // 0x00450330: 0x00001E1A
+	"\x00e\x030\x00\x00\x1e\x1b" + // 0x00650330: 0x00001E1B
+	"\x02(\x03\x06\x00\x00\x1e\x1c" + // 0x02280306: 0x00001E1C
+	"\x02)\x03\x06\x00\x00\x1e\x1d" + // 0x02290306: 0x00001E1D
+	"\x00F\x03\a\x00\x00\x1e\x1e" + // 0x00460307: 0x00001E1E
+	"\x00f\x03\a\x00\x00\x1e\x1f" + // 0x00660307: 0x00001E1F
+	"\x00G\x03\x04\x00\x00\x1e " + // 0x00470304: 0x00001E20
+	"\x00g\x03\x04\x00\x00\x1e!" + // 0x00670304: 0x00001E21
+	"\x00H\x03\a\x00\x00\x1e\"" + // 0x00480307: 0x00001E22
+	"\x00h\x03\a\x00\x00\x1e#" + // 0x00680307: 0x00001E23
+	"\x00H\x03#\x00\x00\x1e$" + // 0x00480323: 0x00001E24
+	"\x00h\x03#\x00\x00\x1e%" + // 0x00680323: 0x00001E25
+	"\x00H\x03\b\x00\x00\x1e&" + // 0x00480308: 0x00001E26
+	"\x00h\x03\b\x00\x00\x1e'" + // 0x00680308: 0x00001E27
+	"\x00H\x03'\x00\x00\x1e(" + // 0x00480327: 0x00001E28
+	"\x00h\x03'\x00\x00\x1e)" + // 0x00680327: 0x00001E29
+	"\x00H\x03.\x00\x00\x1e*" + // 0x0048032E: 0x00001E2A
+	"\x00h\x03.\x00\x00\x1e+" + // 0x0068032E: 0x00001E2B
+	"\x00I\x030\x00\x00\x1e," + // 0x00490330: 0x00001E2C
+	"\x00i\x030\x00\x00\x1e-" + // 0x00690330: 0x00001E2D
+	"\x00\xcf\x03\x01\x00\x00\x1e." + // 0x00CF0301: 0x00001E2E
+	"\x00\xef\x03\x01\x00\x00\x1e/" + // 0x00EF0301: 0x00001E2F
+	"\x00K\x03\x01\x00\x00\x1e0" + // 0x004B0301: 0x00001E30
+	"\x00k\x03\x01\x00\x00\x1e1" + // 0x006B0301: 0x00001E31
+	"\x00K\x03#\x00\x00\x1e2" + // 0x004B0323: 0x00001E32
+	"\x00k\x03#\x00\x00\x1e3" + // 0x006B0323: 0x00001E33
+	"\x00K\x031\x00\x00\x1e4" + // 0x004B0331: 0x00001E34
+	"\x00k\x031\x00\x00\x1e5" + // 0x006B0331: 0x00001E35
+	"\x00L\x03#\x00\x00\x1e6" + // 0x004C0323: 0x00001E36
+	"\x00l\x03#\x00\x00\x1e7" + // 0x006C0323: 0x00001E37
+	"\x1e6\x03\x04\x00\x00\x1e8" + // 0x1E360304: 0x00001E38
+	"\x1e7\x03\x04\x00\x00\x1e9" + // 0x1E370304: 0x00001E39
+	"\x00L\x031\x00\x00\x1e:" + // 0x004C0331: 0x00001E3A
+	"\x00l\x031\x00\x00\x1e;" + // 0x006C0331: 0x00001E3B
+	"\x00L\x03-\x00\x00\x1e<" + // 0x004C032D: 0x00001E3C
+	"\x00l\x03-\x00\x00\x1e=" + // 0x006C032D: 0x00001E3D
+	"\x00M\x03\x01\x00\x00\x1e>" + // 0x004D0301: 0x00001E3E
+	"\x00m\x03\x01\x00\x00\x1e?" + // 0x006D0301: 0x00001E3F
+	"\x00M\x03\a\x00\x00\x1e@" + // 0x004D0307: 0x00001E40
+	"\x00m\x03\a\x00\x00\x1eA" + // 0x006D0307: 0x00001E41
+	"\x00M\x03#\x00\x00\x1eB" + // 0x004D0323: 0x00001E42
+	"\x00m\x03#\x00\x00\x1eC" + // 0x006D0323: 0x00001E43
+	"\x00N\x03\a\x00\x00\x1eD" + // 0x004E0307: 0x00001E44
+	"\x00n\x03\a\x00\x00\x1eE" + // 0x006E0307: 0x00001E45
+	"\x00N\x03#\x00\x00\x1eF" + // 0x004E0323: 0x00001E46
+	"\x00n\x03#\x00\x00\x1eG" + // 0x006E0323: 0x00001E47
+	"\x00N\x031\x00\x00\x1eH" + // 0x004E0331: 0x00001E48
+	"\x00n\x031\x00\x00\x1eI" + // 0x006E0331: 0x00001E49
+	"\x00N\x03-\x00\x00\x1eJ" + // 0x004E032D: 0x00001E4A
+	"\x00n\x03-\x00\x00\x1eK" + // 0x006E032D: 0x00001E4B
+	"\x00\xd5\x03\x01\x00\x00\x1eL" + // 0x00D50301: 0x00001E4C
+	"\x00\xf5\x03\x01\x00\x00\x1eM" + // 0x00F50301: 0x00001E4D
+	"\x00\xd5\x03\b\x00\x00\x1eN" + // 0x00D50308: 0x00001E4E
+	"\x00\xf5\x03\b\x00\x00\x1eO" + // 0x00F50308: 0x00001E4F
+	"\x01L\x03\x00\x00\x00\x1eP" + // 0x014C0300: 0x00001E50
+	"\x01M\x03\x00\x00\x00\x1eQ" + // 0x014D0300: 0x00001E51
+	"\x01L\x03\x01\x00\x00\x1eR" + // 0x014C0301: 0x00001E52
+	"\x01M\x03\x01\x00\x00\x1eS" + // 0x014D0301: 0x00001E53
+	"\x00P\x03\x01\x00\x00\x1eT" + // 0x00500301: 0x00001E54
+	"\x00p\x03\x01\x00\x00\x1eU" + // 0x00700301: 0x00001E55
+	"\x00P\x03\a\x00\x00\x1eV" + // 0x00500307: 0x00001E56
+	"\x00p\x03\a\x00\x00\x1eW" + // 0x00700307: 0x00001E57
+	"\x00R\x03\a\x00\x00\x1eX" + // 0x00520307: 0x00001E58
+	"\x00r\x03\a\x00\x00\x1eY" + // 0x00720307: 0x00001E59
+	"\x00R\x03#\x00\x00\x1eZ" + // 0x00520323: 0x00001E5A
+	"\x00r\x03#\x00\x00\x1e[" + // 0x00720323: 0x00001E5B
+	"\x1eZ\x03\x04\x00\x00\x1e\\" + // 0x1E5A0304: 0x00001E5C
+	"\x1e[\x03\x04\x00\x00\x1e]" + // 0x1E5B0304: 0x00001E5D
+	"\x00R\x031\x00\x00\x1e^" + // 0x00520331: 0x00001E5E
+	"\x00r\x031\x00\x00\x1e_" + // 0x00720331: 0x00001E5F
+	"\x00S\x03\a\x00\x00\x1e`" + // 0x00530307: 0x00001E60
+	"\x00s\x03\a\x00\x00\x1ea" + // 0x00730307: 0x00001E61
+	"\x00S\x03#\x00\x00\x1eb" + // 0x00530323: 0x00001E62
+	"\x00s\x03#\x00\x00\x1ec" + // 0x00730323: 0x00001E63
+	"\x01Z\x03\a\x00\x00\x1ed" + // 0x015A0307: 0x00001E64
+	"\x01[\x03\a\x00\x00\x1ee" + // 0x015B0307: 0x00001E65
+	"\x01`\x03\a\x00\x00\x1ef" + // 0x01600307: 0x00001E66
+	"\x01a\x03\a\x00\x00\x1eg" + // 0x01610307: 0x00001E67
+	"\x1eb\x03\a\x00\x00\x1eh" + // 0x1E620307: 0x00001E68
+	"\x1ec\x03\a\x00\x00\x1ei" + // 0x1E630307: 0x00001E69
+	"\x00T\x03\a\x00\x00\x1ej" + // 0x00540307: 0x00001E6A
+	"\x00t\x03\a\x00\x00\x1ek" + // 0x00740307: 0x00001E6B
+	"\x00T\x03#\x00\x00\x1el" + // 0x00540323: 0x00001E6C
+	"\x00t\x03#\x00\x00\x1em" + // 0x00740323: 0x00001E6D
+	"\x00T\x031\x00\x00\x1en" + // 0x00540331: 0x00001E6E
+	"\x00t\x031\x00\x00\x1eo" + // 0x00740331: 0x00001E6F
+	"\x00T\x03-\x00\x00\x1ep" + // 0x0054032D: 0x00001E70
+	"\x00t\x03-\x00\x00\x1eq" + // 0x0074032D: 0x00001E71
+	"\x00U\x03$\x00\x00\x1er" + // 0x00550324: 0x00001E72
+	"\x00u\x03$\x00\x00\x1es" + // 0x00750324: 0x00001E73
+	"\x00U\x030\x00\x00\x1et" + // 0x00550330: 0x00001E74
+	"\x00u\x030\x00\x00\x1eu" + // 0x00750330: 0x00001E75
+	"\x00U\x03-\x00\x00\x1ev" + // 0x0055032D: 0x00001E76
+	"\x00u\x03-\x00\x00\x1ew" + // 0x0075032D: 0x00001E77
+	"\x01h\x03\x01\x00\x00\x1ex" + // 0x01680301: 0x00001E78
+	"\x01i\x03\x01\x00\x00\x1ey" + // 0x01690301: 0x00001E79
+	"\x01j\x03\b\x00\x00\x1ez" + // 0x016A0308: 0x00001E7A
+	"\x01k\x03\b\x00\x00\x1e{" + // 0x016B0308: 0x00001E7B
+	"\x00V\x03\x03\x00\x00\x1e|" + // 0x00560303: 0x00001E7C
+	"\x00v\x03\x03\x00\x00\x1e}" + // 0x00760303: 0x00001E7D
+	"\x00V\x03#\x00\x00\x1e~" + // 0x00560323: 0x00001E7E
+	"\x00v\x03#\x00\x00\x1e\u007f" + // 0x00760323: 0x00001E7F
+	"\x00W\x03\x00\x00\x00\x1e\x80" + // 0x00570300: 0x00001E80
+	"\x00w\x03\x00\x00\x00\x1e\x81" + // 0x00770300: 0x00001E81
+	"\x00W\x03\x01\x00\x00\x1e\x82" + // 0x00570301: 0x00001E82
+	"\x00w\x03\x01\x00\x00\x1e\x83" + // 0x00770301: 0x00001E83
+	"\x00W\x03\b\x00\x00\x1e\x84" + // 0x00570308: 0x00001E84
+	"\x00w\x03\b\x00\x00\x1e\x85" + // 0x00770308: 0x00001E85
+	"\x00W\x03\a\x00\x00\x1e\x86" + // 0x00570307: 0x00001E86
+	"\x00w\x03\a\x00\x00\x1e\x87" + // 0x00770307: 0x00001E87
+	"\x00W\x03#\x00\x00\x1e\x88" + // 0x00570323: 0x00001E88
+	"\x00w\x03#\x00\x00\x1e\x89" + // 0x00770323: 0x00001E89
+	"\x00X\x03\a\x00\x00\x1e\x8a" + // 0x00580307: 0x00001E8A
+	"\x00x\x03\a\x00\x00\x1e\x8b" + // 0x00780307: 0x00001E8B
+	"\x00X\x03\b\x00\x00\x1e\x8c" + // 0x00580308: 0x00001E8C
+	"\x00x\x03\b\x00\x00\x1e\x8d" + // 0x00780308: 0x00001E8D
+	"\x00Y\x03\a\x00\x00\x1e\x8e" + // 0x00590307: 0x00001E8E
+	"\x00y\x03\a\x00\x00\x1e\x8f" + // 0x00790307: 0x00001E8F
+	"\x00Z\x03\x02\x00\x00\x1e\x90" + // 0x005A0302: 0x00001E90
+	"\x00z\x03\x02\x00\x00\x1e\x91" + // 0x007A0302: 0x00001E91
+	"\x00Z\x03#\x00\x00\x1e\x92" + // 0x005A0323: 0x00001E92
+	"\x00z\x03#\x00\x00\x1e\x93" + // 0x007A0323: 0x00001E93
+	"\x00Z\x031\x00\x00\x1e\x94" + // 0x005A0331: 0x00001E94
+	"\x00z\x031\x00\x00\x1e\x95" + // 0x007A0331: 0x00001E95
+	"\x00h\x031\x00\x00\x1e\x96" + // 0x00680331: 0x00001E96
+	"\x00t\x03\b\x00\x00\x1e\x97" + // 0x00740308: 0x00001E97
+	"\x00w\x03\n\x00\x00\x1e\x98" + // 0x0077030A: 0x00001E98
+	"\x00y\x03\n\x00\x00\x1e\x99" + // 0x0079030A: 0x00001E99
+	"\x01\u007f\x03\a\x00\x00\x1e\x9b" + // 0x017F0307: 0x00001E9B
+	"\x00A\x03#\x00\x00\x1e\xa0" + // 0x00410323: 0x00001EA0
+	"\x00a\x03#\x00\x00\x1e\xa1" + // 0x00610323: 0x00001EA1
+	"\x00A\x03\t\x00\x00\x1e\xa2" + // 0x00410309: 0x00001EA2
+	"\x00a\x03\t\x00\x00\x1e\xa3" + // 0x00610309: 0x00001EA3
+	"\x00\xc2\x03\x01\x00\x00\x1e\xa4" + // 0x00C20301: 0x00001EA4
+	"\x00\xe2\x03\x01\x00\x00\x1e\xa5" + // 0x00E20301: 0x00001EA5
+	"\x00\xc2\x03\x00\x00\x00\x1e\xa6" + // 0x00C20300: 0x00001EA6
+	"\x00\xe2\x03\x00\x00\x00\x1e\xa7" + // 0x00E20300: 0x00001EA7
+	"\x00\xc2\x03\t\x00\x00\x1e\xa8" + // 0x00C20309: 0x00001EA8
+	"\x00\xe2\x03\t\x00\x00\x1e\xa9" + // 0x00E20309: 0x00001EA9
+	"\x00\xc2\x03\x03\x00\x00\x1e\xaa" + // 0x00C20303: 0x00001EAA
+	"\x00\xe2\x03\x03\x00\x00\x1e\xab" + // 0x00E20303: 0x00001EAB
+	"\x1e\xa0\x03\x02\x00\x00\x1e\xac" + // 0x1EA00302: 0x00001EAC
+	"\x1e\xa1\x03\x02\x00\x00\x1e\xad" + // 0x1EA10302: 0x00001EAD
+	"\x01\x02\x03\x01\x00\x00\x1e\xae" + // 0x01020301: 0x00001EAE
+	"\x01\x03\x03\x01\x00\x00\x1e\xaf" + // 0x01030301: 0x00001EAF
+	"\x01\x02\x03\x00\x00\x00\x1e\xb0" + // 0x01020300: 0x00001EB0
+	"\x01\x03\x03\x00\x00\x00\x1e\xb1" + // 0x01030300: 0x00001EB1
+	"\x01\x02\x03\t\x00\x00\x1e\xb2" + // 0x01020309: 0x00001EB2
+	"\x01\x03\x03\t\x00\x00\x1e\xb3" + // 0x01030309: 0x00001EB3
+	"\x01\x02\x03\x03\x00\x00\x1e\xb4" + // 0x01020303: 0x00001EB4
+	"\x01\x03\x03\x03\x00\x00\x1e\xb5" + // 0x01030303: 0x00001EB5
+	"\x1e\xa0\x03\x06\x00\x00\x1e\xb6" + // 0x1EA00306: 0x00001EB6
+	"\x1e\xa1\x03\x06\x00\x00\x1e\xb7" + // 0x1EA10306: 0x00001EB7
+	"\x00E\x03#\x00\x00\x1e\xb8" + // 0x00450323: 0x00001EB8
+	"\x00e\x03#\x00\x00\x1e\xb9" + // 0x00650323: 0x00001EB9
+	"\x00E\x03\t\x00\x00\x1e\xba" + // 0x00450309: 0x00001EBA
+	"\x00e\x03\t\x00\x00\x1e\xbb" + // 0x00650309: 0x00001EBB
+	"\x00E\x03\x03\x00\x00\x1e\xbc" + // 0x00450303: 0x00001EBC
+	"\x00e\x03\x03\x00\x00\x1e\xbd" + // 0x00650303: 0x00001EBD
+	"\x00\xca\x03\x01\x00\x00\x1e\xbe" + // 0x00CA0301: 0x00001EBE
+	"\x00\xea\x03\x01\x00\x00\x1e\xbf" + // 0x00EA0301: 0x00001EBF
+	"\x00\xca\x03\x00\x00\x00\x1e\xc0" + // 0x00CA0300: 0x00001EC0
+	"\x00\xea\x03\x00\x00\x00\x1e\xc1" + // 0x00EA0300: 0x00001EC1
+	"\x00\xca\x03\t\x00\x00\x1e\xc2" + // 0x00CA0309: 0x00001EC2
+	"\x00\xea\x03\t\x00\x00\x1e\xc3" + // 0x00EA0309: 0x00001EC3
+	"\x00\xca\x03\x03\x00\x00\x1e\xc4" + // 0x00CA0303: 0x00001EC4
+	"\x00\xea\x03\x03\x00\x00\x1e\xc5" + // 0x00EA0303: 0x00001EC5
+	"\x1e\xb8\x03\x02\x00\x00\x1e\xc6" + // 0x1EB80302: 0x00001EC6
+	"\x1e\xb9\x03\x02\x00\x00\x1e\xc7" + // 0x1EB90302: 0x00001EC7
+	"\x00I\x03\t\x00\x00\x1e\xc8" + // 0x00490309: 0x00001EC8
+	"\x00i\x03\t\x00\x00\x1e\xc9" + // 0x00690309: 0x00001EC9
+	"\x00I\x03#\x00\x00\x1e\xca" + // 0x00490323: 0x00001ECA
+	"\x00i\x03#\x00\x00\x1e\xcb" + // 0x00690323: 0x00001ECB
+	"\x00O\x03#\x00\x00\x1e\xcc" + // 0x004F0323: 0x00001ECC
+	"\x00o\x03#\x00\x00\x1e\xcd" + // 0x006F0323: 0x00001ECD
+	"\x00O\x03\t\x00\x00\x1e\xce" + // 0x004F0309: 0x00001ECE
+	"\x00o\x03\t\x00\x00\x1e\xcf" + // 0x006F0309: 0x00001ECF
+	"\x00\xd4\x03\x01\x00\x00\x1e\xd0" + // 0x00D40301: 0x00001ED0
+	"\x00\xf4\x03\x01\x00\x00\x1e\xd1" + // 0x00F40301: 0x00001ED1
+	"\x00\xd4\x03\x00\x00\x00\x1e\xd2" + // 0x00D40300: 0x00001ED2
+	"\x00\xf4\x03\x00\x00\x00\x1e\xd3" + // 0x00F40300: 0x00001ED3
+	"\x00\xd4\x03\t\x00\x00\x1e\xd4" + // 0x00D40309: 0x00001ED4
+	"\x00\xf4\x03\t\x00\x00\x1e\xd5" + // 0x00F40309: 0x00001ED5
+	"\x00\xd4\x03\x03\x00\x00\x1e\xd6" + // 0x00D40303: 0x00001ED6
+	"\x00\xf4\x03\x03\x00\x00\x1e\xd7" + // 0x00F40303: 0x00001ED7
+	"\x1e\xcc\x03\x02\x00\x00\x1e\xd8" + // 0x1ECC0302: 0x00001ED8
+	"\x1e\xcd\x03\x02\x00\x00\x1e\xd9" + // 0x1ECD0302: 0x00001ED9
+	"\x01\xa0\x03\x01\x00\x00\x1e\xda" + // 0x01A00301: 0x00001EDA
+	"\x01\xa1\x03\x01\x00\x00\x1e\xdb" + // 0x01A10301: 0x00001EDB
+	"\x01\xa0\x03\x00\x00\x00\x1e\xdc" + // 0x01A00300: 0x00001EDC
+	"\x01\xa1\x03\x00\x00\x00\x1e\xdd" + // 0x01A10300: 0x00001EDD
+	"\x01\xa0\x03\t\x00\x00\x1e\xde" + // 0x01A00309: 0x00001EDE
+	"\x01\xa1\x03\t\x00\x00\x1e\xdf" + // 0x01A10309: 0x00001EDF
+	"\x01\xa0\x03\x03\x00\x00\x1e\xe0" + // 0x01A00303: 0x00001EE0
+	"\x01\xa1\x03\x03\x00\x00\x1e\xe1" + // 0x01A10303: 0x00001EE1
+	"\x01\xa0\x03#\x00\x00\x1e\xe2" + // 0x01A00323: 0x00001EE2
+	"\x01\xa1\x03#\x00\x00\x1e\xe3" + // 0x01A10323: 0x00001EE3
+	"\x00U\x03#\x00\x00\x1e\xe4" + // 0x00550323: 0x00001EE4
+	"\x00u\x03#\x00\x00\x1e\xe5" + // 0x00750323: 0x00001EE5
+	"\x00U\x03\t\x00\x00\x1e\xe6" + // 0x00550309: 0x00001EE6
+	"\x00u\x03\t\x00\x00\x1e\xe7" + // 0x00750309: 0x00001EE7
+	"\x01\xaf\x03\x01\x00\x00\x1e\xe8" + // 0x01AF0301: 0x00001EE8
+	"\x01\xb0\x03\x01\x00\x00\x1e\xe9" + // 0x01B00301: 0x00001EE9
+	"\x01\xaf\x03\x00\x00\x00\x1e\xea" + // 0x01AF0300: 0x00001EEA
+	"\x01\xb0\x03\x00\x00\x00\x1e\xeb" + // 0x01B00300: 0x00001EEB
+	"\x01\xaf\x03\t\x00\x00\x1e\xec" + // 0x01AF0309: 0x00001EEC
+	"\x01\xb0\x03\t\x00\x00\x1e\xed" + // 0x01B00309: 0x00001EED
+	"\x01\xaf\x03\x03\x00\x00\x1e\xee" + // 0x01AF0303: 0x00001EEE
+	"\x01\xb0\x03\x03\x00\x00\x1e\xef" + // 0x01B00303: 0x00001EEF
+	"\x01\xaf\x03#\x00\x00\x1e\xf0" + // 0x01AF0323: 0x00001EF0
+	"\x01\xb0\x03#\x00\x00\x1e\xf1" + // 0x01B00323: 0x00001EF1
+	"\x00Y\x03\x00\x00\x00\x1e\xf2" + // 0x00590300: 0x00001EF2
+	"\x00y\x03\x00\x00\x00\x1e\xf3" + // 0x00790300: 0x00001EF3
+	"\x00Y\x03#\x00\x00\x1e\xf4" + // 0x00590323: 0x00001EF4
+	"\x00y\x03#\x00\x00\x1e\xf5" + // 0x00790323: 0x00001EF5
+	"\x00Y\x03\t\x00\x00\x1e\xf6" + // 0x00590309: 0x00001EF6
+	"\x00y\x03\t\x00\x00\x1e\xf7" + // 0x00790309: 0x00001EF7
+	"\x00Y\x03\x03\x00\x00\x1e\xf8" + // 0x00590303: 0x00001EF8
+	"\x00y\x03\x03\x00\x00\x1e\xf9" + // 0x00790303: 0x00001EF9
+	"\x03\xb1\x03\x13\x00\x00\x1f\x00" + // 0x03B10313: 0x00001F00
+	"\x03\xb1\x03\x14\x00\x00\x1f\x01" + // 0x03B10314: 0x00001F01
+	"\x1f\x00\x03\x00\x00\x00\x1f\x02" + // 0x1F000300: 0x00001F02
+	"\x1f\x01\x03\x00\x00\x00\x1f\x03" + // 0x1F010300: 0x00001F03
+	"\x1f\x00\x03\x01\x00\x00\x1f\x04" + // 0x1F000301: 0x00001F04
+	"\x1f\x01\x03\x01\x00\x00\x1f\x05" + // 0x1F010301: 0x00001F05
+	"\x1f\x00\x03B\x00\x00\x1f\x06" + // 0x1F000342: 0x00001F06
+	"\x1f\x01\x03B\x00\x00\x1f\a" + // 0x1F010342: 0x00001F07
+	"\x03\x91\x03\x13\x00\x00\x1f\b" + // 0x03910313: 0x00001F08
+	"\x03\x91\x03\x14\x00\x00\x1f\t" + // 0x03910314: 0x00001F09
+	"\x1f\b\x03\x00\x00\x00\x1f\n" + // 0x1F080300: 0x00001F0A
+	"\x1f\t\x03\x00\x00\x00\x1f\v" + // 0x1F090300: 0x00001F0B
+	"\x1f\b\x03\x01\x00\x00\x1f\f" + // 0x1F080301: 0x00001F0C
+	"\x1f\t\x03\x01\x00\x00\x1f\r" + // 0x1F090301: 0x00001F0D
+	"\x1f\b\x03B\x00\x00\x1f\x0e" + // 0x1F080342: 0x00001F0E
+	"\x1f\t\x03B\x00\x00\x1f\x0f" + // 0x1F090342: 0x00001F0F
+	"\x03\xb5\x03\x13\x00\x00\x1f\x10" + // 0x03B50313: 0x00001F10
+	"\x03\xb5\x03\x14\x00\x00\x1f\x11" + // 0x03B50314: 0x00001F11
+	"\x1f\x10\x03\x00\x00\x00\x1f\x12" + // 0x1F100300: 0x00001F12
+	"\x1f\x11\x03\x00\x00\x00\x1f\x13" + // 0x1F110300: 0x00001F13
+	"\x1f\x10\x03\x01\x00\x00\x1f\x14" + // 0x1F100301: 0x00001F14
+	"\x1f\x11\x03\x01\x00\x00\x1f\x15" + // 0x1F110301: 0x00001F15
+	"\x03\x95\x03\x13\x00\x00\x1f\x18" + // 0x03950313: 0x00001F18
+	"\x03\x95\x03\x14\x00\x00\x1f\x19" + // 0x03950314: 0x00001F19
+	"\x1f\x18\x03\x00\x00\x00\x1f\x1a" + // 0x1F180300: 0x00001F1A
+	"\x1f\x19\x03\x00\x00\x00\x1f\x1b" + // 0x1F190300: 0x00001F1B
+	"\x1f\x18\x03\x01\x00\x00\x1f\x1c" + // 0x1F180301: 0x00001F1C
+	"\x1f\x19\x03\x01\x00\x00\x1f\x1d" + // 0x1F190301: 0x00001F1D
+	"\x03\xb7\x03\x13\x00\x00\x1f " + // 0x03B70313: 0x00001F20
+	"\x03\xb7\x03\x14\x00\x00\x1f!" + // 0x03B70314: 0x00001F21
+	"\x1f \x03\x00\x00\x00\x1f\"" + // 0x1F200300: 0x00001F22
+	"\x1f!\x03\x00\x00\x00\x1f#" + // 0x1F210300: 0x00001F23
+	"\x1f \x03\x01\x00\x00\x1f$" + // 0x1F200301: 0x00001F24
+	"\x1f!\x03\x01\x00\x00\x1f%" + // 0x1F210301: 0x00001F25
+	"\x1f \x03B\x00\x00\x1f&" + // 0x1F200342: 0x00001F26
+	"\x1f!\x03B\x00\x00\x1f'" + // 0x1F210342: 0x00001F27
+	"\x03\x97\x03\x13\x00\x00\x1f(" + // 0x03970313: 0x00001F28
+	"\x03\x97\x03\x14\x00\x00\x1f)" + // 0x03970314: 0x00001F29
+	"\x1f(\x03\x00\x00\x00\x1f*" + // 0x1F280300: 0x00001F2A
+	"\x1f)\x03\x00\x00\x00\x1f+" + // 0x1F290300: 0x00001F2B
+	"\x1f(\x03\x01\x00\x00\x1f," + // 0x1F280301: 0x00001F2C
+	"\x1f)\x03\x01\x00\x00\x1f-" + // 0x1F290301: 0x00001F2D
+	"\x1f(\x03B\x00\x00\x1f." + // 0x1F280342: 0x00001F2E
+	"\x1f)\x03B\x00\x00\x1f/" + // 0x1F290342: 0x00001F2F
+	"\x03\xb9\x03\x13\x00\x00\x1f0" + // 0x03B90313: 0x00001F30
+	"\x03\xb9\x03\x14\x00\x00\x1f1" + // 0x03B90314: 0x00001F31
+	"\x1f0\x03\x00\x00\x00\x1f2" + // 0x1F300300: 0x00001F32
+	"\x1f1\x03\x00\x00\x00\x1f3" + // 0x1F310300: 0x00001F33
+	"\x1f0\x03\x01\x00\x00\x1f4" + // 0x1F300301: 0x00001F34
+	"\x1f1\x03\x01\x00\x00\x1f5" + // 0x1F310301: 0x00001F35
+	"\x1f0\x03B\x00\x00\x1f6" + // 0x1F300342: 0x00001F36
+	"\x1f1\x03B\x00\x00\x1f7" + // 0x1F310342: 0x00001F37
+	"\x03\x99\x03\x13\x00\x00\x1f8" + // 0x03990313: 0x00001F38
+	"\x03\x99\x03\x14\x00\x00\x1f9" + // 0x03990314: 0x00001F39
+	"\x1f8\x03\x00\x00\x00\x1f:" + // 0x1F380300: 0x00001F3A
+	"\x1f9\x03\x00\x00\x00\x1f;" + // 0x1F390300: 0x00001F3B
+	"\x1f8\x03\x01\x00\x00\x1f<" + // 0x1F380301: 0x00001F3C
+	"\x1f9\x03\x01\x00\x00\x1f=" + // 0x1F390301: 0x00001F3D
+	"\x1f8\x03B\x00\x00\x1f>" + // 0x1F380342: 0x00001F3E
+	"\x1f9\x03B\x00\x00\x1f?" + // 0x1F390342: 0x00001F3F
+	"\x03\xbf\x03\x13\x00\x00\x1f@" + // 0x03BF0313: 0x00001F40
+	"\x03\xbf\x03\x14\x00\x00\x1fA" + // 0x03BF0314: 0x00001F41
+	"\x1f@\x03\x00\x00\x00\x1fB" + // 0x1F400300: 0x00001F42
+	"\x1fA\x03\x00\x00\x00\x1fC" + // 0x1F410300: 0x00001F43
+	"\x1f@\x03\x01\x00\x00\x1fD" + // 0x1F400301: 0x00001F44
+	"\x1fA\x03\x01\x00\x00\x1fE" + // 0x1F410301: 0x00001F45
+	"\x03\x9f\x03\x13\x00\x00\x1fH" + // 0x039F0313: 0x00001F48
+	"\x03\x9f\x03\x14\x00\x00\x1fI" + // 0x039F0314: 0x00001F49
+	"\x1fH\x03\x00\x00\x00\x1fJ" + // 0x1F480300: 0x00001F4A
+	"\x1fI\x03\x00\x00\x00\x1fK" + // 0x1F490300: 0x00001F4B
+	"\x1fH\x03\x01\x00\x00\x1fL" + // 0x1F480301: 0x00001F4C
+	"\x1fI\x03\x01\x00\x00\x1fM" + // 0x1F490301: 0x00001F4D
+	"\x03\xc5\x03\x13\x00\x00\x1fP" + // 0x03C50313: 0x00001F50
+	"\x03\xc5\x03\x14\x00\x00\x1fQ" + // 0x03C50314: 0x00001F51
+	"\x1fP\x03\x00\x00\x00\x1fR" + // 0x1F500300: 0x00001F52
+	"\x1fQ\x03\x00\x00\x00\x1fS" + // 0x1F510300: 0x00001F53
+	"\x1fP\x03\x01\x00\x00\x1fT" + // 0x1F500301: 0x00001F54
+	"\x1fQ\x03\x01\x00\x00\x1fU" + // 0x1F510301: 0x00001F55
+	"\x1fP\x03B\x00\x00\x1fV" + // 0x1F500342: 0x00001F56
+	"\x1fQ\x03B\x00\x00\x1fW" + // 0x1F510342: 0x00001F57
+	"\x03\xa5\x03\x14\x00\x00\x1fY" + // 0x03A50314: 0x00001F59
+	"\x1fY\x03\x00\x00\x00\x1f[" + // 0x1F590300: 0x00001F5B
+	"\x1fY\x03\x01\x00\x00\x1f]" + // 0x1F590301: 0x00001F5D
+	"\x1fY\x03B\x00\x00\x1f_" + // 0x1F590342: 0x00001F5F
+	"\x03\xc9\x03\x13\x00\x00\x1f`" + // 0x03C90313: 0x00001F60
+	"\x03\xc9\x03\x14\x00\x00\x1fa" + // 0x03C90314: 0x00001F61
+	"\x1f`\x03\x00\x00\x00\x1fb" + // 0x1F600300: 0x00001F62
+	"\x1fa\x03\x00\x00\x00\x1fc" + // 0x1F610300: 0x00001F63
+	"\x1f`\x03\x01\x00\x00\x1fd" + // 0x1F600301: 0x00001F64
+	"\x1fa\x03\x01\x00\x00\x1fe" + // 0x1F610301: 0x00001F65
+	"\x1f`\x03B\x00\x00\x1ff" + // 0x1F600342: 0x00001F66
+	"\x1fa\x03B\x00\x00\x1fg" + // 0x1F610342: 0x00001F67
+	"\x03\xa9\x03\x13\x00\x00\x1fh" + // 0x03A90313: 0x00001F68
+	"\x03\xa9\x03\x14\x00\x00\x1fi" + // 0x03A90314: 0x00001F69
+	"\x1fh\x03\x00\x00\x00\x1fj" + // 0x1F680300: 0x00001F6A
+	"\x1fi\x03\x00\x00\x00\x1fk" + // 0x1F690300: 0x00001F6B
+	"\x1fh\x03\x01\x00\x00\x1fl" + // 0x1F680301: 0x00001F6C
+	"\x1fi\x03\x01\x00\x00\x1fm" + // 0x1F690301: 0x00001F6D
+	"\x1fh\x03B\x00\x00\x1fn" + // 0x1F680342: 0x00001F6E
+	"\x1fi\x03B\x00\x00\x1fo" + // 0x1F690342: 0x00001F6F
+	"\x03\xb1\x03\x00\x00\x00\x1fp" + // 0x03B10300: 0x00001F70
+	"\x03\xb5\x03\x00\x00\x00\x1fr" + // 0x03B50300: 0x00001F72
+	"\x03\xb7\x03\x00\x00\x00\x1ft" + // 0x03B70300: 0x00001F74
+	"\x03\xb9\x03\x00\x00\x00\x1fv" + // 0x03B90300: 0x00001F76
+	"\x03\xbf\x03\x00\x00\x00\x1fx" + // 0x03BF0300: 0x00001F78
+	"\x03\xc5\x03\x00\x00\x00\x1fz" + // 0x03C50300: 0x00001F7A
+	"\x03\xc9\x03\x00\x00\x00\x1f|" + // 0x03C90300: 0x00001F7C
+	"\x1f\x00\x03E\x00\x00\x1f\x80" + // 0x1F000345: 0x00001F80
+	"\x1f\x01\x03E\x00\x00\x1f\x81" + // 0x1F010345: 0x00001F81
+	"\x1f\x02\x03E\x00\x00\x1f\x82" + // 0x1F020345: 0x00001F82
+	"\x1f\x03\x03E\x00\x00\x1f\x83" + // 0x1F030345: 0x00001F83
+	"\x1f\x04\x03E\x00\x00\x1f\x84" + // 0x1F040345: 0x00001F84
+	"\x1f\x05\x03E\x00\x00\x1f\x85" + // 0x1F050345: 0x00001F85
+	"\x1f\x06\x03E\x00\x00\x1f\x86" + // 0x1F060345: 0x00001F86
+	"\x1f\a\x03E\x00\x00\x1f\x87" + // 0x1F070345: 0x00001F87
+	"\x1f\b\x03E\x00\x00\x1f\x88" + // 0x1F080345: 0x00001F88
+	"\x1f\t\x03E\x00\x00\x1f\x89" + // 0x1F090345: 0x00001F89
+	"\x1f\n\x03E\x00\x00\x1f\x8a" + // 0x1F0A0345: 0x00001F8A
+	"\x1f\v\x03E\x00\x00\x1f\x8b" + // 0x1F0B0345: 0x00001F8B
+	"\x1f\f\x03E\x00\x00\x1f\x8c" + // 0x1F0C0345: 0x00001F8C
+	"\x1f\r\x03E\x00\x00\x1f\x8d" + // 0x1F0D0345: 0x00001F8D
+	"\x1f\x0e\x03E\x00\x00\x1f\x8e" + // 0x1F0E0345: 0x00001F8E
+	"\x1f\x0f\x03E\x00\x00\x1f\x8f" + // 0x1F0F0345: 0x00001F8F
+	"\x1f \x03E\x00\x00\x1f\x90" + // 0x1F200345: 0x00001F90
+	"\x1f!\x03E\x00\x00\x1f\x91" + // 0x1F210345: 0x00001F91
+	"\x1f\"\x03E\x00\x00\x1f\x92" + // 0x1F220345: 0x00001F92
+	"\x1f#\x03E\x00\x00\x1f\x93" + // 0x1F230345: 0x00001F93
+	"\x1f$\x03E\x00\x00\x1f\x94" + // 0x1F240345: 0x00001F94
+	"\x1f%\x03E\x00\x00\x1f\x95" + // 0x1F250345: 0x00001F95
+	"\x1f&\x03E\x00\x00\x1f\x96" + // 0x1F260345: 0x00001F96
+	"\x1f'\x03E\x00\x00\x1f\x97" + // 0x1F270345: 0x00001F97
+	"\x1f(\x03E\x00\x00\x1f\x98" + // 0x1F280345: 0x00001F98
+	"\x1f)\x03E\x00\x00\x1f\x99" + // 0x1F290345: 0x00001F99
+	"\x1f*\x03E\x00\x00\x1f\x9a" + // 0x1F2A0345: 0x00001F9A
+	"\x1f+\x03E\x00\x00\x1f\x9b" + // 0x1F2B0345: 0x00001F9B
+	"\x1f,\x03E\x00\x00\x1f\x9c" + // 0x1F2C0345: 0x00001F9C
+	"\x1f-\x03E\x00\x00\x1f\x9d" + // 0x1F2D0345: 0x00001F9D
+	"\x1f.\x03E\x00\x00\x1f\x9e" + // 0x1F2E0345: 0x00001F9E
+	"\x1f/\x03E\x00\x00\x1f\x9f" + // 0x1F2F0345: 0x00001F9F
+	"\x1f`\x03E\x00\x00\x1f\xa0" + // 0x1F600345: 0x00001FA0
+	"\x1fa\x03E\x00\x00\x1f\xa1" + // 0x1F610345: 0x00001FA1
+	"\x1fb\x03E\x00\x00\x1f\xa2" + // 0x1F620345: 0x00001FA2
+	"\x1fc\x03E\x00\x00\x1f\xa3" + // 0x1F630345: 0x00001FA3
+	"\x1fd\x03E\x00\x00\x1f\xa4" + // 0x1F640345: 0x00001FA4
+	"\x1fe\x03E\x00\x00\x1f\xa5" + // 0x1F650345: 0x00001FA5
+	"\x1ff\x03E\x00\x00\x1f\xa6" + // 0x1F660345: 0x00001FA6
+	"\x1fg\x03E\x00\x00\x1f\xa7" + // 0x1F670345: 0x00001FA7
+	"\x1fh\x03E\x00\x00\x1f\xa8" + // 0x1F680345: 0x00001FA8
+	"\x1fi\x03E\x00\x00\x1f\xa9" + // 0x1F690345: 0x00001FA9
+	"\x1fj\x03E\x00\x00\x1f\xaa" + // 0x1F6A0345: 0x00001FAA
+	"\x1fk\x03E\x00\x00\x1f\xab" + // 0x1F6B0345: 0x00001FAB
+	"\x1fl\x03E\x00\x00\x1f\xac" + // 0x1F6C0345: 0x00001FAC
+	"\x1fm\x03E\x00\x00\x1f\xad" + // 0x1F6D0345: 0x00001FAD
+	"\x1fn\x03E\x00\x00\x1f\xae" + // 0x1F6E0345: 0x00001FAE
+	"\x1fo\x03E\x00\x00\x1f\xaf" + // 0x1F6F0345: 0x00001FAF
+	"\x03\xb1\x03\x06\x00\x00\x1f\xb0" + // 0x03B10306: 0x00001FB0
+	"\x03\xb1\x03\x04\x00\x00\x1f\xb1" + // 0x03B10304: 0x00001FB1
+	"\x1fp\x03E\x00\x00\x1f\xb2" + // 0x1F700345: 0x00001FB2
+	"\x03\xb1\x03E\x00\x00\x1f\xb3" + // 0x03B10345: 0x00001FB3
+	"\x03\xac\x03E\x00\x00\x1f\xb4" + // 0x03AC0345: 0x00001FB4
+	"\x03\xb1\x03B\x00\x00\x1f\xb6" + // 0x03B10342: 0x00001FB6
+	"\x1f\xb6\x03E\x00\x00\x1f\xb7" + // 0x1FB60345: 0x00001FB7
+	"\x03\x91\x03\x06\x00\x00\x1f\xb8" + // 0x03910306: 0x00001FB8
+	"\x03\x91\x03\x04\x00\x00\x1f\xb9" + // 0x03910304: 0x00001FB9
+	"\x03\x91\x03\x00\x00\x00\x1f\xba" + // 0x03910300: 0x00001FBA
+	"\x03\x91\x03E\x00\x00\x1f\xbc" + // 0x03910345: 0x00001FBC
+	"\x00\xa8\x03B\x00\x00\x1f\xc1" + // 0x00A80342: 0x00001FC1
+	"\x1ft\x03E\x00\x00\x1f\xc2" + // 0x1F740345: 0x00001FC2
+	"\x03\xb7\x03E\x00\x00\x1f\xc3" + // 0x03B70345: 0x00001FC3
+	"\x03\xae\x03E\x00\x00\x1f\xc4" + // 0x03AE0345: 0x00001FC4
+	"\x03\xb7\x03B\x00\x00\x1f\xc6" + // 0x03B70342: 0x00001FC6
+	"\x1f\xc6\x03E\x00\x00\x1f\xc7" + // 0x1FC60345: 0x00001FC7
+	"\x03\x95\x03\x00\x00\x00\x1f\xc8" + // 0x03950300: 0x00001FC8
+	"\x03\x97\x03\x00\x00\x00\x1f\xca" + // 0x03970300: 0x00001FCA
+	"\x03\x97\x03E\x00\x00\x1f\xcc" + // 0x03970345: 0x00001FCC
+	"\x1f\xbf\x03\x00\x00\x00\x1f\xcd" + // 0x1FBF0300: 0x00001FCD
+	"\x1f\xbf\x03\x01\x00\x00\x1f\xce" + // 0x1FBF0301: 0x00001FCE
+	"\x1f\xbf\x03B\x00\x00\x1f\xcf" + // 0x1FBF0342: 0x00001FCF
+	"\x03\xb9\x03\x06\x00\x00\x1f\xd0" + // 0x03B90306: 0x00001FD0
+	"\x03\xb9\x03\x04\x00\x00\x1f\xd1" + // 0x03B90304: 0x00001FD1
+	"\x03\xca\x03\x00\x00\x00\x1f\xd2" + // 0x03CA0300: 0x00001FD2
+	"\x03\xb9\x03B\x00\x00\x1f\xd6" + // 0x03B90342: 0x00001FD6
+	"\x03\xca\x03B\x00\x00\x1f\xd7" + // 0x03CA0342: 0x00001FD7
+	"\x03\x99\x03\x06\x00\x00\x1f\xd8" + // 0x03990306: 0x00001FD8
+	"\x03\x99\x03\x04\x00\x00\x1f\xd9" + // 0x03990304: 0x00001FD9
+	"\x03\x99\x03\x00\x00\x00\x1f\xda" + // 0x03990300: 0x00001FDA
+	"\x1f\xfe\x03\x00\x00\x00\x1f\xdd" + // 0x1FFE0300: 0x00001FDD
+	"\x1f\xfe\x03\x01\x00\x00\x1f\xde" + // 0x1FFE0301: 0x00001FDE
+	"\x1f\xfe\x03B\x00\x00\x1f\xdf" + // 0x1FFE0342: 0x00001FDF
+	"\x03\xc5\x03\x06\x00\x00\x1f\xe0" + // 0x03C50306: 0x00001FE0
+	"\x03\xc5\x03\x04\x00\x00\x1f\xe1" + // 0x03C50304: 0x00001FE1
+	"\x03\xcb\x03\x00\x00\x00\x1f\xe2" + // 0x03CB0300: 0x00001FE2
+	"\x03\xc1\x03\x13\x00\x00\x1f\xe4" + // 0x03C10313: 0x00001FE4
+	"\x03\xc1\x03\x14\x00\x00\x1f\xe5" + // 0x03C10314: 0x00001FE5
+	"\x03\xc5\x03B\x00\x00\x1f\xe6" + // 0x03C50342: 0x00001FE6
+	"\x03\xcb\x03B\x00\x00\x1f\xe7" + // 0x03CB0342: 0x00001FE7
+	"\x03\xa5\x03\x06\x00\x00\x1f\xe8" + // 0x03A50306: 0x00001FE8
+	"\x03\xa5\x03\x04\x00\x00\x1f\xe9" + // 0x03A50304: 0x00001FE9
+	"\x03\xa5\x03\x00\x00\x00\x1f\xea" + // 0x03A50300: 0x00001FEA
+	"\x03\xa1\x03\x14\x00\x00\x1f\xec" + // 0x03A10314: 0x00001FEC
+	"\x00\xa8\x03\x00\x00\x00\x1f\xed" + // 0x00A80300: 0x00001FED
+	"\x1f|\x03E\x00\x00\x1f\xf2" + // 0x1F7C0345: 0x00001FF2
+	"\x03\xc9\x03E\x00\x00\x1f\xf3" + // 0x03C90345: 0x00001FF3
+	"\x03\xce\x03E\x00\x00\x1f\xf4" + // 0x03CE0345: 0x00001FF4
+	"\x03\xc9\x03B\x00\x00\x1f\xf6" + // 0x03C90342: 0x00001FF6
+	"\x1f\xf6\x03E\x00\x00\x1f\xf7" + // 0x1FF60345: 0x00001FF7
+	"\x03\x9f\x03\x00\x00\x00\x1f\xf8" + // 0x039F0300: 0x00001FF8
+	"\x03\xa9\x03\x00\x00\x00\x1f\xfa" + // 0x03A90300: 0x00001FFA
+	"\x03\xa9\x03E\x00\x00\x1f\xfc" + // 0x03A90345: 0x00001FFC
+	"!\x90\x038\x00\x00!\x9a" + // 0x21900338: 0x0000219A
+	"!\x92\x038\x00\x00!\x9b" + // 0x21920338: 0x0000219B
+	"!\x94\x038\x00\x00!\xae" + // 0x21940338: 0x000021AE
+	"!\xd0\x038\x00\x00!\xcd" + // 0x21D00338: 0x000021CD
+	"!\xd4\x038\x00\x00!\xce" + // 0x21D40338: 0x000021CE
+	"!\xd2\x038\x00\x00!\xcf" + // 0x21D20338: 0x000021CF
+	"\"\x03\x038\x00\x00\"\x04" + // 0x22030338: 0x00002204
+	"\"\b\x038\x00\x00\"\t" + // 0x22080338: 0x00002209
+	"\"\v\x038\x00\x00\"\f" + // 0x220B0338: 0x0000220C
+	"\"#\x038\x00\x00\"$" + // 0x22230338: 0x00002224
+	"\"%\x038\x00\x00\"&" + // 0x22250338: 0x00002226
+	"\"<\x038\x00\x00\"A" + // 0x223C0338: 0x00002241
+	"\"C\x038\x00\x00\"D" + // 0x22430338: 0x00002244
+	"\"E\x038\x00\x00\"G" + // 0x22450338: 0x00002247
+	"\"H\x038\x00\x00\"I" + // 0x22480338: 0x00002249
+	"\x00=\x038\x00\x00\"`" + // 0x003D0338: 0x00002260
+	"\"a\x038\x00\x00\"b" + // 0x22610338: 0x00002262
+	"\"M\x038\x00\x00\"m" + // 0x224D0338: 0x0000226D
+	"\x00<\x038\x00\x00\"n" + // 0x003C0338: 0x0000226E
+	"\x00>\x038\x00\x00\"o" + // 0x003E0338: 0x0000226F
+	"\"d\x038\x00\x00\"p" + // 0x22640338: 0x00002270
+	"\"e\x038\x00\x00\"q" + // 0x22650338: 0x00002271
+	"\"r\x038\x00\x00\"t" + // 0x22720338: 0x00002274
+	"\"s\x038\x00\x00\"u" + // 0x22730338: 0x00002275
+	"\"v\x038\x00\x00\"x" + // 0x22760338: 0x00002278
+	"\"w\x038\x00\x00\"y" + // 0x22770338: 0x00002279
+	"\"z\x038\x00\x00\"\x80" + // 0x227A0338: 0x00002280
+	"\"{\x038\x00\x00\"\x81" + // 0x227B0338: 0x00002281
+	"\"\x82\x038\x00\x00\"\x84" + // 0x22820338: 0x00002284
+	"\"\x83\x038\x00\x00\"\x85" + // 0x22830338: 0x00002285
+	"\"\x86\x038\x00\x00\"\x88" + // 0x22860338: 0x00002288
+	"\"\x87\x038\x00\x00\"\x89" + // 0x22870338: 0x00002289
+	"\"\xa2\x038\x00\x00\"\xac" + // 0x22A20338: 0x000022AC
+	"\"\xa8\x038\x00\x00\"\xad" + // 0x22A80338: 0x000022AD
+	"\"\xa9\x038\x00\x00\"\xae" + // 0x22A90338: 0x000022AE
+	"\"\xab\x038\x00\x00\"\xaf" + // 0x22AB0338: 0x000022AF
+	"\"|\x038\x00\x00\"\xe0" + // 0x227C0338: 0x000022E0
+	"\"}\x038\x00\x00\"\xe1" + // 0x227D0338: 0x000022E1
+	"\"\x91\x038\x00\x00\"\xe2" + // 0x22910338: 0x000022E2
+	"\"\x92\x038\x00\x00\"\xe3" + // 0x22920338: 0x000022E3
+	"\"\xb2\x038\x00\x00\"\xea" + // 0x22B20338: 0x000022EA
+	"\"\xb3\x038\x00\x00\"\xeb" + // 0x22B30338: 0x000022EB
+	"\"\xb4\x038\x00\x00\"\xec" + // 0x22B40338: 0x000022EC
+	"\"\xb5\x038\x00\x00\"\xed" + // 0x22B50338: 0x000022ED
+	"0K0\x99\x00\x000L" + // 0x304B3099: 0x0000304C
+	"0M0\x99\x00\x000N" + // 0x304D3099: 0x0000304E
+	"0O0\x99\x00\x000P" + // 0x304F3099: 0x00003050
+	"0Q0\x99\x00\x000R" + // 0x30513099: 0x00003052
+	"0S0\x99\x00\x000T" + // 0x30533099: 0x00003054
+	"0U0\x99\x00\x000V" + // 0x30553099: 0x00003056
+	"0W0\x99\x00\x000X" + // 0x30573099: 0x00003058
+	"0Y0\x99\x00\x000Z" + // 0x30593099: 0x0000305A
+	"0[0\x99\x00\x000\\" + // 0x305B3099: 0x0000305C
+	"0]0\x99\x00\x000^" + // 0x305D3099: 0x0000305E
+	"0_0\x99\x00\x000`" + // 0x305F3099: 0x00003060
+	"0a0\x99\x00\x000b" + // 0x30613099: 0x00003062
+	"0d0\x99\x00\x000e" + // 0x30643099: 0x00003065
+	"0f0\x99\x00\x000g" + // 0x30663099: 0x00003067
+	"0h0\x99\x00\x000i" + // 0x30683099: 0x00003069
+	"0o0\x99\x00\x000p" + // 0x306F3099: 0x00003070
+	"0o0\x9a\x00\x000q" + // 0x306F309A: 0x00003071
+	"0r0\x99\x00\x000s" + // 0x30723099: 0x00003073
+	"0r0\x9a\x00\x000t" + // 0x3072309A: 0x00003074
+	"0u0\x99\x00\x000v" + // 0x30753099: 0x00003076
+	"0u0\x9a\x00\x000w" + // 0x3075309A: 0x00003077
+	"0x0\x99\x00\x000y" + // 0x30783099: 0x00003079
+	"0x0\x9a\x00\x000z" + // 0x3078309A: 0x0000307A
+	"0{0\x99\x00\x000|" + // 0x307B3099: 0x0000307C
+	"0{0\x9a\x00\x000}" + // 0x307B309A: 0x0000307D
+	"0F0\x99\x00\x000\x94" + // 0x30463099: 0x00003094
+	"0\x9d0\x99\x00\x000\x9e" + // 0x309D3099: 0x0000309E
+	"0\xab0\x99\x00\x000\xac" + // 0x30AB3099: 0x000030AC
+	"0\xad0\x99\x00\x000\xae" + // 0x30AD3099: 0x000030AE
+	"0\xaf0\x99\x00\x000\xb0" + // 0x30AF3099: 0x000030B0
+	"0\xb10\x99\x00\x000\xb2" + // 0x30B13099: 0x000030B2
+	"0\xb30\x99\x00\x000\xb4" + // 0x30B33099: 0x000030B4
+	"0\xb50\x99\x00\x000\xb6" + // 0x30B53099: 0x000030B6
+	"0\xb70\x99\x00\x000\xb8" + // 0x30B73099: 0x000030B8
+	"0\xb90\x99\x00\x000\xba" + // 0x30B93099: 0x000030BA
+	"0\xbb0\x99\x00\x000\xbc" + // 0x30BB3099: 0x000030BC
+	"0\xbd0\x99\x00\x000\xbe" + // 0x30BD3099: 0x000030BE
+	"0\xbf0\x99\x00\x000\xc0" + // 0x30BF3099: 0x000030C0
+	"0\xc10\x99\x00\x000\xc2" + // 0x30C13099: 0x000030C2
+	"0\xc40\x99\x00\x000\xc5" + // 0x30C43099: 0x000030C5
+	"0\xc60\x99\x00\x000\xc7" + // 0x30C63099: 0x000030C7
+	"0\xc80\x99\x00\x000\xc9" + // 0x30C83099: 0x000030C9
+	"0\xcf0\x99\x00\x000\xd0" + // 0x30CF3099: 0x000030D0
+	"0\xcf0\x9a\x00\x000\xd1" + // 0x30CF309A: 0x000030D1
+	"0\xd20\x99\x00\x000\xd3" + // 0x30D23099: 0x000030D3
+	"0\xd20\x9a\x00\x000\xd4" + // 0x30D2309A: 0x000030D4
+	"0\xd50\x99\x00\x000\xd6" + // 0x30D53099: 0x000030D6
+	"0\xd50\x9a\x00\x000\xd7" + // 0x30D5309A: 0x000030D7
+	"0\xd80\x99\x00\x000\xd9" + // 0x30D83099: 0x000030D9
+	"0\xd80\x9a\x00\x000\xda" + // 0x30D8309A: 0x000030DA
+	"0\xdb0\x99\x00\x000\xdc" + // 0x30DB3099: 0x000030DC
+	"0\xdb0\x9a\x00\x000\xdd" + // 0x30DB309A: 0x000030DD
+	"0\xa60\x99\x00\x000\xf4" + // 0x30A63099: 0x000030F4
+	"0\xef0\x99\x00\x000\xf7" + // 0x30EF3099: 0x000030F7
+	"0\xf00\x99\x00\x000\xf8" + // 0x30F03099: 0x000030F8
+	"0\xf10\x99\x00\x000\xf9" + // 0x30F13099: 0x000030F9
+	"0\xf20\x99\x00\x000\xfa" + // 0x30F23099: 0x000030FA
+	"0\xfd0\x99\x00\x000\xfe" + // 0x30FD3099: 0x000030FE
+	"\x10\x99\x10\xba\x00\x01\x10\x9a" + // 0x109910BA: 0x0001109A
+	"\x10\x9b\x10\xba\x00\x01\x10\x9c" + // 0x109B10BA: 0x0001109C
+	"\x10\xa5\x10\xba\x00\x01\x10\xab" + // 0x10A510BA: 0x000110AB
+	"\x111\x11'\x00\x01\x11." + // 0x11311127: 0x0001112E
+	"\x112\x11'\x00\x01\x11/" + // 0x11321127: 0x0001112F
+	"\x13G\x13>\x00\x01\x13K" + // 0x1347133E: 0x0001134B
+	"\x13G\x13W\x00\x01\x13L" + // 0x13471357: 0x0001134C
+	"\x14\xb9\x14\xba\x00\x01\x14\xbb" + // 0x14B914BA: 0x000114BB
+	"\x14\xb9\x14\xb0\x00\x01\x14\xbc" + // 0x14B914B0: 0x000114BC
+	"\x14\xb9\x14\xbd\x00\x01\x14\xbe" + // 0x14B914BD: 0x000114BE
+	"\x15\xb8\x15\xaf\x00\x01\x15\xba" + // 0x15B815AF: 0x000115BA
+	"\x15\xb9\x15\xaf\x00\x01\x15\xbb" + // 0x15B915AF: 0x000115BB
+	""
+	// Total size of tables: 55KB (55977 bytes)
diff --git a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
index a01274a8e87bf..942906929135c 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
@@ -4,6 +4,8 @@
 
 package norm
 
+import "sync"
+
 const (
 	// Version is the Unicode edition from which the tables are derived.
 	Version = "9.0.0"
@@ -6687,947 +6689,949 @@ var nfkcSparseValues = [875]valueRange{
 }
 
 // recompMap: 7520 bytes (entries only)
-var recompMap = map[uint32]rune{
-	0x00410300: 0x00C0,
-	0x00410301: 0x00C1,
-	0x00410302: 0x00C2,
-	0x00410303: 0x00C3,
-	0x00410308: 0x00C4,
-	0x0041030A: 0x00C5,
-	0x00430327: 0x00C7,
-	0x00450300: 0x00C8,
-	0x00450301: 0x00C9,
-	0x00450302: 0x00CA,
-	0x00450308: 0x00CB,
-	0x00490300: 0x00CC,
-	0x00490301: 0x00CD,
-	0x00490302: 0x00CE,
-	0x00490308: 0x00CF,
-	0x004E0303: 0x00D1,
-	0x004F0300: 0x00D2,
-	0x004F0301: 0x00D3,
-	0x004F0302: 0x00D4,
-	0x004F0303: 0x00D5,
-	0x004F0308: 0x00D6,
-	0x00550300: 0x00D9,
-	0x00550301: 0x00DA,
-	0x00550302: 0x00DB,
-	0x00550308: 0x00DC,
-	0x00590301: 0x00DD,
-	0x00610300: 0x00E0,
-	0x00610301: 0x00E1,
-	0x00610302: 0x00E2,
-	0x00610303: 0x00E3,
-	0x00610308: 0x00E4,
-	0x0061030A: 0x00E5,
-	0x00630327: 0x00E7,
-	0x00650300: 0x00E8,
-	0x00650301: 0x00E9,
-	0x00650302: 0x00EA,
-	0x00650308: 0x00EB,
-	0x00690300: 0x00EC,
-	0x00690301: 0x00ED,
-	0x00690302: 0x00EE,
-	0x00690308: 0x00EF,
-	0x006E0303: 0x00F1,
-	0x006F0300: 0x00F2,
-	0x006F0301: 0x00F3,
-	0x006F0302: 0x00F4,
-	0x006F0303: 0x00F5,
-	0x006F0308: 0x00F6,
-	0x00750300: 0x00F9,
-	0x00750301: 0x00FA,
-	0x00750302: 0x00FB,
-	0x00750308: 0x00FC,
-	0x00790301: 0x00FD,
-	0x00790308: 0x00FF,
-	0x00410304: 0x0100,
-	0x00610304: 0x0101,
-	0x00410306: 0x0102,
-	0x00610306: 0x0103,
-	0x00410328: 0x0104,
-	0x00610328: 0x0105,
-	0x00430301: 0x0106,
-	0x00630301: 0x0107,
-	0x00430302: 0x0108,
-	0x00630302: 0x0109,
-	0x00430307: 0x010A,
-	0x00630307: 0x010B,
-	0x0043030C: 0x010C,
-	0x0063030C: 0x010D,
-	0x0044030C: 0x010E,
-	0x0064030C: 0x010F,
-	0x00450304: 0x0112,
-	0x00650304: 0x0113,
-	0x00450306: 0x0114,
-	0x00650306: 0x0115,
-	0x00450307: 0x0116,
-	0x00650307: 0x0117,
-	0x00450328: 0x0118,
-	0x00650328: 0x0119,
-	0x0045030C: 0x011A,
-	0x0065030C: 0x011B,
-	0x00470302: 0x011C,
-	0x00670302: 0x011D,
-	0x00470306: 0x011E,
-	0x00670306: 0x011F,
-	0x00470307: 0x0120,
-	0x00670307: 0x0121,
-	0x00470327: 0x0122,
-	0x00670327: 0x0123,
-	0x00480302: 0x0124,
-	0x00680302: 0x0125,
-	0x00490303: 0x0128,
-	0x00690303: 0x0129,
-	0x00490304: 0x012A,
-	0x00690304: 0x012B,
-	0x00490306: 0x012C,
-	0x00690306: 0x012D,
-	0x00490328: 0x012E,
-	0x00690328: 0x012F,
-	0x00490307: 0x0130,
-	0x004A0302: 0x0134,
-	0x006A0302: 0x0135,
-	0x004B0327: 0x0136,
-	0x006B0327: 0x0137,
-	0x004C0301: 0x0139,
-	0x006C0301: 0x013A,
-	0x004C0327: 0x013B,
-	0x006C0327: 0x013C,
-	0x004C030C: 0x013D,
-	0x006C030C: 0x013E,
-	0x004E0301: 0x0143,
-	0x006E0301: 0x0144,
-	0x004E0327: 0x0145,
-	0x006E0327: 0x0146,
-	0x004E030C: 0x0147,
-	0x006E030C: 0x0148,
-	0x004F0304: 0x014C,
-	0x006F0304: 0x014D,
-	0x004F0306: 0x014E,
-	0x006F0306: 0x014F,
-	0x004F030B: 0x0150,
-	0x006F030B: 0x0151,
-	0x00520301: 0x0154,
-	0x00720301: 0x0155,
-	0x00520327: 0x0156,
-	0x00720327: 0x0157,
-	0x0052030C: 0x0158,
-	0x0072030C: 0x0159,
-	0x00530301: 0x015A,
-	0x00730301: 0x015B,
-	0x00530302: 0x015C,
-	0x00730302: 0x015D,
-	0x00530327: 0x015E,
-	0x00730327: 0x015F,
-	0x0053030C: 0x0160,
-	0x0073030C: 0x0161,
-	0x00540327: 0x0162,
-	0x00740327: 0x0163,
-	0x0054030C: 0x0164,
-	0x0074030C: 0x0165,
-	0x00550303: 0x0168,
-	0x00750303: 0x0169,
-	0x00550304: 0x016A,
-	0x00750304: 0x016B,
-	0x00550306: 0x016C,
-	0x00750306: 0x016D,
-	0x0055030A: 0x016E,
-	0x0075030A: 0x016F,
-	0x0055030B: 0x0170,
-	0x0075030B: 0x0171,
-	0x00550328: 0x0172,
-	0x00750328: 0x0173,
-	0x00570302: 0x0174,
-	0x00770302: 0x0175,
-	0x00590302: 0x0176,
-	0x00790302: 0x0177,
-	0x00590308: 0x0178,
-	0x005A0301: 0x0179,
-	0x007A0301: 0x017A,
-	0x005A0307: 0x017B,
-	0x007A0307: 0x017C,
-	0x005A030C: 0x017D,
-	0x007A030C: 0x017E,
-	0x004F031B: 0x01A0,
-	0x006F031B: 0x01A1,
-	0x0055031B: 0x01AF,
-	0x0075031B: 0x01B0,
-	0x0041030C: 0x01CD,
-	0x0061030C: 0x01CE,
-	0x0049030C: 0x01CF,
-	0x0069030C: 0x01D0,
-	0x004F030C: 0x01D1,
-	0x006F030C: 0x01D2,
-	0x0055030C: 0x01D3,
-	0x0075030C: 0x01D4,
-	0x00DC0304: 0x01D5,
-	0x00FC0304: 0x01D6,
-	0x00DC0301: 0x01D7,
-	0x00FC0301: 0x01D8,
-	0x00DC030C: 0x01D9,
-	0x00FC030C: 0x01DA,
-	0x00DC0300: 0x01DB,
-	0x00FC0300: 0x01DC,
-	0x00C40304: 0x01DE,
-	0x00E40304: 0x01DF,
-	0x02260304: 0x01E0,
-	0x02270304: 0x01E1,
-	0x00C60304: 0x01E2,
-	0x00E60304: 0x01E3,
-	0x0047030C: 0x01E6,
-	0x0067030C: 0x01E7,
-	0x004B030C: 0x01E8,
-	0x006B030C: 0x01E9,
-	0x004F0328: 0x01EA,
-	0x006F0328: 0x01EB,
-	0x01EA0304: 0x01EC,
-	0x01EB0304: 0x01ED,
-	0x01B7030C: 0x01EE,
-	0x0292030C: 0x01EF,
-	0x006A030C: 0x01F0,
-	0x00470301: 0x01F4,
-	0x00670301: 0x01F5,
-	0x004E0300: 0x01F8,
-	0x006E0300: 0x01F9,
-	0x00C50301: 0x01FA,
-	0x00E50301: 0x01FB,
-	0x00C60301: 0x01FC,
-	0x00E60301: 0x01FD,
-	0x00D80301: 0x01FE,
-	0x00F80301: 0x01FF,
-	0x0041030F: 0x0200,
-	0x0061030F: 0x0201,
-	0x00410311: 0x0202,
-	0x00610311: 0x0203,
-	0x0045030F: 0x0204,
-	0x0065030F: 0x0205,
-	0x00450311: 0x0206,
-	0x00650311: 0x0207,
-	0x0049030F: 0x0208,
-	0x0069030F: 0x0209,
-	0x00490311: 0x020A,
-	0x00690311: 0x020B,
-	0x004F030F: 0x020C,
-	0x006F030F: 0x020D,
-	0x004F0311: 0x020E,
-	0x006F0311: 0x020F,
-	0x0052030F: 0x0210,
-	0x0072030F: 0x0211,
-	0x00520311: 0x0212,
-	0x00720311: 0x0213,
-	0x0055030F: 0x0214,
-	0x0075030F: 0x0215,
-	0x00550311: 0x0216,
-	0x00750311: 0x0217,
-	0x00530326: 0x0218,
-	0x00730326: 0x0219,
-	0x00540326: 0x021A,
-	0x00740326: 0x021B,
-	0x0048030C: 0x021E,
-	0x0068030C: 0x021F,
-	0x00410307: 0x0226,
-	0x00610307: 0x0227,
-	0x00450327: 0x0228,
-	0x00650327: 0x0229,
-	0x00D60304: 0x022A,
-	0x00F60304: 0x022B,
-	0x00D50304: 0x022C,
-	0x00F50304: 0x022D,
-	0x004F0307: 0x022E,
-	0x006F0307: 0x022F,
-	0x022E0304: 0x0230,
-	0x022F0304: 0x0231,
-	0x00590304: 0x0232,
-	0x00790304: 0x0233,
-	0x00A80301: 0x0385,
-	0x03910301: 0x0386,
-	0x03950301: 0x0388,
-	0x03970301: 0x0389,
-	0x03990301: 0x038A,
-	0x039F0301: 0x038C,
-	0x03A50301: 0x038E,
-	0x03A90301: 0x038F,
-	0x03CA0301: 0x0390,
-	0x03990308: 0x03AA,
-	0x03A50308: 0x03AB,
-	0x03B10301: 0x03AC,
-	0x03B50301: 0x03AD,
-	0x03B70301: 0x03AE,
-	0x03B90301: 0x03AF,
-	0x03CB0301: 0x03B0,
-	0x03B90308: 0x03CA,
-	0x03C50308: 0x03CB,
-	0x03BF0301: 0x03CC,
-	0x03C50301: 0x03CD,
-	0x03C90301: 0x03CE,
-	0x03D20301: 0x03D3,
-	0x03D20308: 0x03D4,
-	0x04150300: 0x0400,
-	0x04150308: 0x0401,
-	0x04130301: 0x0403,
-	0x04060308: 0x0407,
-	0x041A0301: 0x040C,
-	0x04180300: 0x040D,
-	0x04230306: 0x040E,
-	0x04180306: 0x0419,
-	0x04380306: 0x0439,
-	0x04350300: 0x0450,
-	0x04350308: 0x0451,
-	0x04330301: 0x0453,
-	0x04560308: 0x0457,
-	0x043A0301: 0x045C,
-	0x04380300: 0x045D,
-	0x04430306: 0x045E,
-	0x0474030F: 0x0476,
-	0x0475030F: 0x0477,
-	0x04160306: 0x04C1,
-	0x04360306: 0x04C2,
-	0x04100306: 0x04D0,
-	0x04300306: 0x04D1,
-	0x04100308: 0x04D2,
-	0x04300308: 0x04D3,
-	0x04150306: 0x04D6,
-	0x04350306: 0x04D7,
-	0x04D80308: 0x04DA,
-	0x04D90308: 0x04DB,
-	0x04160308: 0x04DC,
-	0x04360308: 0x04DD,
-	0x04170308: 0x04DE,
-	0x04370308: 0x04DF,
-	0x04180304: 0x04E2,
-	0x04380304: 0x04E3,
-	0x04180308: 0x04E4,
-	0x04380308: 0x04E5,
-	0x041E0308: 0x04E6,
-	0x043E0308: 0x04E7,
-	0x04E80308: 0x04EA,
-	0x04E90308: 0x04EB,
-	0x042D0308: 0x04EC,
-	0x044D0308: 0x04ED,
-	0x04230304: 0x04EE,
-	0x04430304: 0x04EF,
-	0x04230308: 0x04F0,
-	0x04430308: 0x04F1,
-	0x0423030B: 0x04F2,
-	0x0443030B: 0x04F3,
-	0x04270308: 0x04F4,
-	0x04470308: 0x04F5,
-	0x042B0308: 0x04F8,
-	0x044B0308: 0x04F9,
-	0x06270653: 0x0622,
-	0x06270654: 0x0623,
-	0x06480654: 0x0624,
-	0x06270655: 0x0625,
-	0x064A0654: 0x0626,
-	0x06D50654: 0x06C0,
-	0x06C10654: 0x06C2,
-	0x06D20654: 0x06D3,
-	0x0928093C: 0x0929,
-	0x0930093C: 0x0931,
-	0x0933093C: 0x0934,
-	0x09C709BE: 0x09CB,
-	0x09C709D7: 0x09CC,
-	0x0B470B56: 0x0B48,
-	0x0B470B3E: 0x0B4B,
-	0x0B470B57: 0x0B4C,
-	0x0B920BD7: 0x0B94,
-	0x0BC60BBE: 0x0BCA,
-	0x0BC70BBE: 0x0BCB,
-	0x0BC60BD7: 0x0BCC,
-	0x0C460C56: 0x0C48,
-	0x0CBF0CD5: 0x0CC0,
-	0x0CC60CD5: 0x0CC7,
-	0x0CC60CD6: 0x0CC8,
-	0x0CC60CC2: 0x0CCA,
-	0x0CCA0CD5: 0x0CCB,
-	0x0D460D3E: 0x0D4A,
-	0x0D470D3E: 0x0D4B,
-	0x0D460D57: 0x0D4C,
-	0x0DD90DCA: 0x0DDA,
-	0x0DD90DCF: 0x0DDC,
-	0x0DDC0DCA: 0x0DDD,
-	0x0DD90DDF: 0x0DDE,
-	0x1025102E: 0x1026,
-	0x1B051B35: 0x1B06,
-	0x1B071B35: 0x1B08,
-	0x1B091B35: 0x1B0A,
-	0x1B0B1B35: 0x1B0C,
-	0x1B0D1B35: 0x1B0E,
-	0x1B111B35: 0x1B12,
-	0x1B3A1B35: 0x1B3B,
-	0x1B3C1B35: 0x1B3D,
-	0x1B3E1B35: 0x1B40,
-	0x1B3F1B35: 0x1B41,
-	0x1B421B35: 0x1B43,
-	0x00410325: 0x1E00,
-	0x00610325: 0x1E01,
-	0x00420307: 0x1E02,
-	0x00620307: 0x1E03,
-	0x00420323: 0x1E04,
-	0x00620323: 0x1E05,
-	0x00420331: 0x1E06,
-	0x00620331: 0x1E07,
-	0x00C70301: 0x1E08,
-	0x00E70301: 0x1E09,
-	0x00440307: 0x1E0A,
-	0x00640307: 0x1E0B,
-	0x00440323: 0x1E0C,
-	0x00640323: 0x1E0D,
-	0x00440331: 0x1E0E,
-	0x00640331: 0x1E0F,
-	0x00440327: 0x1E10,
-	0x00640327: 0x1E11,
-	0x0044032D: 0x1E12,
-	0x0064032D: 0x1E13,
-	0x01120300: 0x1E14,
-	0x01130300: 0x1E15,
-	0x01120301: 0x1E16,
-	0x01130301: 0x1E17,
-	0x0045032D: 0x1E18,
-	0x0065032D: 0x1E19,
-	0x00450330: 0x1E1A,
-	0x00650330: 0x1E1B,
-	0x02280306: 0x1E1C,
-	0x02290306: 0x1E1D,
-	0x00460307: 0x1E1E,
-	0x00660307: 0x1E1F,
-	0x00470304: 0x1E20,
-	0x00670304: 0x1E21,
-	0x00480307: 0x1E22,
-	0x00680307: 0x1E23,
-	0x00480323: 0x1E24,
-	0x00680323: 0x1E25,
-	0x00480308: 0x1E26,
-	0x00680308: 0x1E27,
-	0x00480327: 0x1E28,
-	0x00680327: 0x1E29,
-	0x0048032E: 0x1E2A,
-	0x0068032E: 0x1E2B,
-	0x00490330: 0x1E2C,
-	0x00690330: 0x1E2D,
-	0x00CF0301: 0x1E2E,
-	0x00EF0301: 0x1E2F,
-	0x004B0301: 0x1E30,
-	0x006B0301: 0x1E31,
-	0x004B0323: 0x1E32,
-	0x006B0323: 0x1E33,
-	0x004B0331: 0x1E34,
-	0x006B0331: 0x1E35,
-	0x004C0323: 0x1E36,
-	0x006C0323: 0x1E37,
-	0x1E360304: 0x1E38,
-	0x1E370304: 0x1E39,
-	0x004C0331: 0x1E3A,
-	0x006C0331: 0x1E3B,
-	0x004C032D: 0x1E3C,
-	0x006C032D: 0x1E3D,
-	0x004D0301: 0x1E3E,
-	0x006D0301: 0x1E3F,
-	0x004D0307: 0x1E40,
-	0x006D0307: 0x1E41,
-	0x004D0323: 0x1E42,
-	0x006D0323: 0x1E43,
-	0x004E0307: 0x1E44,
-	0x006E0307: 0x1E45,
-	0x004E0323: 0x1E46,
-	0x006E0323: 0x1E47,
-	0x004E0331: 0x1E48,
-	0x006E0331: 0x1E49,
-	0x004E032D: 0x1E4A,
-	0x006E032D: 0x1E4B,
-	0x00D50301: 0x1E4C,
-	0x00F50301: 0x1E4D,
-	0x00D50308: 0x1E4E,
-	0x00F50308: 0x1E4F,
-	0x014C0300: 0x1E50,
-	0x014D0300: 0x1E51,
-	0x014C0301: 0x1E52,
-	0x014D0301: 0x1E53,
-	0x00500301: 0x1E54,
-	0x00700301: 0x1E55,
-	0x00500307: 0x1E56,
-	0x00700307: 0x1E57,
-	0x00520307: 0x1E58,
-	0x00720307: 0x1E59,
-	0x00520323: 0x1E5A,
-	0x00720323: 0x1E5B,
-	0x1E5A0304: 0x1E5C,
-	0x1E5B0304: 0x1E5D,
-	0x00520331: 0x1E5E,
-	0x00720331: 0x1E5F,
-	0x00530307: 0x1E60,
-	0x00730307: 0x1E61,
-	0x00530323: 0x1E62,
-	0x00730323: 0x1E63,
-	0x015A0307: 0x1E64,
-	0x015B0307: 0x1E65,
-	0x01600307: 0x1E66,
-	0x01610307: 0x1E67,
-	0x1E620307: 0x1E68,
-	0x1E630307: 0x1E69,
-	0x00540307: 0x1E6A,
-	0x00740307: 0x1E6B,
-	0x00540323: 0x1E6C,
-	0x00740323: 0x1E6D,
-	0x00540331: 0x1E6E,
-	0x00740331: 0x1E6F,
-	0x0054032D: 0x1E70,
-	0x0074032D: 0x1E71,
-	0x00550324: 0x1E72,
-	0x00750324: 0x1E73,
-	0x00550330: 0x1E74,
-	0x00750330: 0x1E75,
-	0x0055032D: 0x1E76,
-	0x0075032D: 0x1E77,
-	0x01680301: 0x1E78,
-	0x01690301: 0x1E79,
-	0x016A0308: 0x1E7A,
-	0x016B0308: 0x1E7B,
-	0x00560303: 0x1E7C,
-	0x00760303: 0x1E7D,
-	0x00560323: 0x1E7E,
-	0x00760323: 0x1E7F,
-	0x00570300: 0x1E80,
-	0x00770300: 0x1E81,
-	0x00570301: 0x1E82,
-	0x00770301: 0x1E83,
-	0x00570308: 0x1E84,
-	0x00770308: 0x1E85,
-	0x00570307: 0x1E86,
-	0x00770307: 0x1E87,
-	0x00570323: 0x1E88,
-	0x00770323: 0x1E89,
-	0x00580307: 0x1E8A,
-	0x00780307: 0x1E8B,
-	0x00580308: 0x1E8C,
-	0x00780308: 0x1E8D,
-	0x00590307: 0x1E8E,
-	0x00790307: 0x1E8F,
-	0x005A0302: 0x1E90,
-	0x007A0302: 0x1E91,
-	0x005A0323: 0x1E92,
-	0x007A0323: 0x1E93,
-	0x005A0331: 0x1E94,
-	0x007A0331: 0x1E95,
-	0x00680331: 0x1E96,
-	0x00740308: 0x1E97,
-	0x0077030A: 0x1E98,
-	0x0079030A: 0x1E99,
-	0x017F0307: 0x1E9B,
-	0x00410323: 0x1EA0,
-	0x00610323: 0x1EA1,
-	0x00410309: 0x1EA2,
-	0x00610309: 0x1EA3,
-	0x00C20301: 0x1EA4,
-	0x00E20301: 0x1EA5,
-	0x00C20300: 0x1EA6,
-	0x00E20300: 0x1EA7,
-	0x00C20309: 0x1EA8,
-	0x00E20309: 0x1EA9,
-	0x00C20303: 0x1EAA,
-	0x00E20303: 0x1EAB,
-	0x1EA00302: 0x1EAC,
-	0x1EA10302: 0x1EAD,
-	0x01020301: 0x1EAE,
-	0x01030301: 0x1EAF,
-	0x01020300: 0x1EB0,
-	0x01030300: 0x1EB1,
-	0x01020309: 0x1EB2,
-	0x01030309: 0x1EB3,
-	0x01020303: 0x1EB4,
-	0x01030303: 0x1EB5,
-	0x1EA00306: 0x1EB6,
-	0x1EA10306: 0x1EB7,
-	0x00450323: 0x1EB8,
-	0x00650323: 0x1EB9,
-	0x00450309: 0x1EBA,
-	0x00650309: 0x1EBB,
-	0x00450303: 0x1EBC,
-	0x00650303: 0x1EBD,
-	0x00CA0301: 0x1EBE,
-	0x00EA0301: 0x1EBF,
-	0x00CA0300: 0x1EC0,
-	0x00EA0300: 0x1EC1,
-	0x00CA0309: 0x1EC2,
-	0x00EA0309: 0x1EC3,
-	0x00CA0303: 0x1EC4,
-	0x00EA0303: 0x1EC5,
-	0x1EB80302: 0x1EC6,
-	0x1EB90302: 0x1EC7,
-	0x00490309: 0x1EC8,
-	0x00690309: 0x1EC9,
-	0x00490323: 0x1ECA,
-	0x00690323: 0x1ECB,
-	0x004F0323: 0x1ECC,
-	0x006F0323: 0x1ECD,
-	0x004F0309: 0x1ECE,
-	0x006F0309: 0x1ECF,
-	0x00D40301: 0x1ED0,
-	0x00F40301: 0x1ED1,
-	0x00D40300: 0x1ED2,
-	0x00F40300: 0x1ED3,
-	0x00D40309: 0x1ED4,
-	0x00F40309: 0x1ED5,
-	0x00D40303: 0x1ED6,
-	0x00F40303: 0x1ED7,
-	0x1ECC0302: 0x1ED8,
-	0x1ECD0302: 0x1ED9,
-	0x01A00301: 0x1EDA,
-	0x01A10301: 0x1EDB,
-	0x01A00300: 0x1EDC,
-	0x01A10300: 0x1EDD,
-	0x01A00309: 0x1EDE,
-	0x01A10309: 0x1EDF,
-	0x01A00303: 0x1EE0,
-	0x01A10303: 0x1EE1,
-	0x01A00323: 0x1EE2,
-	0x01A10323: 0x1EE3,
-	0x00550323: 0x1EE4,
-	0x00750323: 0x1EE5,
-	0x00550309: 0x1EE6,
-	0x00750309: 0x1EE7,
-	0x01AF0301: 0x1EE8,
-	0x01B00301: 0x1EE9,
-	0x01AF0300: 0x1EEA,
-	0x01B00300: 0x1EEB,
-	0x01AF0309: 0x1EEC,
-	0x01B00309: 0x1EED,
-	0x01AF0303: 0x1EEE,
-	0x01B00303: 0x1EEF,
-	0x01AF0323: 0x1EF0,
-	0x01B00323: 0x1EF1,
-	0x00590300: 0x1EF2,
-	0x00790300: 0x1EF3,
-	0x00590323: 0x1EF4,
-	0x00790323: 0x1EF5,
-	0x00590309: 0x1EF6,
-	0x00790309: 0x1EF7,
-	0x00590303: 0x1EF8,
-	0x00790303: 0x1EF9,
-	0x03B10313: 0x1F00,
-	0x03B10314: 0x1F01,
-	0x1F000300: 0x1F02,
-	0x1F010300: 0x1F03,
-	0x1F000301: 0x1F04,
-	0x1F010301: 0x1F05,
-	0x1F000342: 0x1F06,
-	0x1F010342: 0x1F07,
-	0x03910313: 0x1F08,
-	0x03910314: 0x1F09,
-	0x1F080300: 0x1F0A,
-	0x1F090300: 0x1F0B,
-	0x1F080301: 0x1F0C,
-	0x1F090301: 0x1F0D,
-	0x1F080342: 0x1F0E,
-	0x1F090342: 0x1F0F,
-	0x03B50313: 0x1F10,
-	0x03B50314: 0x1F11,
-	0x1F100300: 0x1F12,
-	0x1F110300: 0x1F13,
-	0x1F100301: 0x1F14,
-	0x1F110301: 0x1F15,
-	0x03950313: 0x1F18,
-	0x03950314: 0x1F19,
-	0x1F180300: 0x1F1A,
-	0x1F190300: 0x1F1B,
-	0x1F180301: 0x1F1C,
-	0x1F190301: 0x1F1D,
-	0x03B70313: 0x1F20,
-	0x03B70314: 0x1F21,
-	0x1F200300: 0x1F22,
-	0x1F210300: 0x1F23,
-	0x1F200301: 0x1F24,
-	0x1F210301: 0x1F25,
-	0x1F200342: 0x1F26,
-	0x1F210342: 0x1F27,
-	0x03970313: 0x1F28,
-	0x03970314: 0x1F29,
-	0x1F280300: 0x1F2A,
-	0x1F290300: 0x1F2B,
-	0x1F280301: 0x1F2C,
-	0x1F290301: 0x1F2D,
-	0x1F280342: 0x1F2E,
-	0x1F290342: 0x1F2F,
-	0x03B90313: 0x1F30,
-	0x03B90314: 0x1F31,
-	0x1F300300: 0x1F32,
-	0x1F310300: 0x1F33,
-	0x1F300301: 0x1F34,
-	0x1F310301: 0x1F35,
-	0x1F300342: 0x1F36,
-	0x1F310342: 0x1F37,
-	0x03990313: 0x1F38,
-	0x03990314: 0x1F39,
-	0x1F380300: 0x1F3A,
-	0x1F390300: 0x1F3B,
-	0x1F380301: 0x1F3C,
-	0x1F390301: 0x1F3D,
-	0x1F380342: 0x1F3E,
-	0x1F390342: 0x1F3F,
-	0x03BF0313: 0x1F40,
-	0x03BF0314: 0x1F41,
-	0x1F400300: 0x1F42,
-	0x1F410300: 0x1F43,
-	0x1F400301: 0x1F44,
-	0x1F410301: 0x1F45,
-	0x039F0313: 0x1F48,
-	0x039F0314: 0x1F49,
-	0x1F480300: 0x1F4A,
-	0x1F490300: 0x1F4B,
-	0x1F480301: 0x1F4C,
-	0x1F490301: 0x1F4D,
-	0x03C50313: 0x1F50,
-	0x03C50314: 0x1F51,
-	0x1F500300: 0x1F52,
-	0x1F510300: 0x1F53,
-	0x1F500301: 0x1F54,
-	0x1F510301: 0x1F55,
-	0x1F500342: 0x1F56,
-	0x1F510342: 0x1F57,
-	0x03A50314: 0x1F59,
-	0x1F590300: 0x1F5B,
-	0x1F590301: 0x1F5D,
-	0x1F590342: 0x1F5F,
-	0x03C90313: 0x1F60,
-	0x03C90314: 0x1F61,
-	0x1F600300: 0x1F62,
-	0x1F610300: 0x1F63,
-	0x1F600301: 0x1F64,
-	0x1F610301: 0x1F65,
-	0x1F600342: 0x1F66,
-	0x1F610342: 0x1F67,
-	0x03A90313: 0x1F68,
-	0x03A90314: 0x1F69,
-	0x1F680300: 0x1F6A,
-	0x1F690300: 0x1F6B,
-	0x1F680301: 0x1F6C,
-	0x1F690301: 0x1F6D,
-	0x1F680342: 0x1F6E,
-	0x1F690342: 0x1F6F,
-	0x03B10300: 0x1F70,
-	0x03B50300: 0x1F72,
-	0x03B70300: 0x1F74,
-	0x03B90300: 0x1F76,
-	0x03BF0300: 0x1F78,
-	0x03C50300: 0x1F7A,
-	0x03C90300: 0x1F7C,
-	0x1F000345: 0x1F80,
-	0x1F010345: 0x1F81,
-	0x1F020345: 0x1F82,
-	0x1F030345: 0x1F83,
-	0x1F040345: 0x1F84,
-	0x1F050345: 0x1F85,
-	0x1F060345: 0x1F86,
-	0x1F070345: 0x1F87,
-	0x1F080345: 0x1F88,
-	0x1F090345: 0x1F89,
-	0x1F0A0345: 0x1F8A,
-	0x1F0B0345: 0x1F8B,
-	0x1F0C0345: 0x1F8C,
-	0x1F0D0345: 0x1F8D,
-	0x1F0E0345: 0x1F8E,
-	0x1F0F0345: 0x1F8F,
-	0x1F200345: 0x1F90,
-	0x1F210345: 0x1F91,
-	0x1F220345: 0x1F92,
-	0x1F230345: 0x1F93,
-	0x1F240345: 0x1F94,
-	0x1F250345: 0x1F95,
-	0x1F260345: 0x1F96,
-	0x1F270345: 0x1F97,
-	0x1F280345: 0x1F98,
-	0x1F290345: 0x1F99,
-	0x1F2A0345: 0x1F9A,
-	0x1F2B0345: 0x1F9B,
-	0x1F2C0345: 0x1F9C,
-	0x1F2D0345: 0x1F9D,
-	0x1F2E0345: 0x1F9E,
-	0x1F2F0345: 0x1F9F,
-	0x1F600345: 0x1FA0,
-	0x1F610345: 0x1FA1,
-	0x1F620345: 0x1FA2,
-	0x1F630345: 0x1FA3,
-	0x1F640345: 0x1FA4,
-	0x1F650345: 0x1FA5,
-	0x1F660345: 0x1FA6,
-	0x1F670345: 0x1FA7,
-	0x1F680345: 0x1FA8,
-	0x1F690345: 0x1FA9,
-	0x1F6A0345: 0x1FAA,
-	0x1F6B0345: 0x1FAB,
-	0x1F6C0345: 0x1FAC,
-	0x1F6D0345: 0x1FAD,
-	0x1F6E0345: 0x1FAE,
-	0x1F6F0345: 0x1FAF,
-	0x03B10306: 0x1FB0,
-	0x03B10304: 0x1FB1,
-	0x1F700345: 0x1FB2,
-	0x03B10345: 0x1FB3,
-	0x03AC0345: 0x1FB4,
-	0x03B10342: 0x1FB6,
-	0x1FB60345: 0x1FB7,
-	0x03910306: 0x1FB8,
-	0x03910304: 0x1FB9,
-	0x03910300: 0x1FBA,
-	0x03910345: 0x1FBC,
-	0x00A80342: 0x1FC1,
-	0x1F740345: 0x1FC2,
-	0x03B70345: 0x1FC3,
-	0x03AE0345: 0x1FC4,
-	0x03B70342: 0x1FC6,
-	0x1FC60345: 0x1FC7,
-	0x03950300: 0x1FC8,
-	0x03970300: 0x1FCA,
-	0x03970345: 0x1FCC,
-	0x1FBF0300: 0x1FCD,
-	0x1FBF0301: 0x1FCE,
-	0x1FBF0342: 0x1FCF,
-	0x03B90306: 0x1FD0,
-	0x03B90304: 0x1FD1,
-	0x03CA0300: 0x1FD2,
-	0x03B90342: 0x1FD6,
-	0x03CA0342: 0x1FD7,
-	0x03990306: 0x1FD8,
-	0x03990304: 0x1FD9,
-	0x03990300: 0x1FDA,
-	0x1FFE0300: 0x1FDD,
-	0x1FFE0301: 0x1FDE,
-	0x1FFE0342: 0x1FDF,
-	0x03C50306: 0x1FE0,
-	0x03C50304: 0x1FE1,
-	0x03CB0300: 0x1FE2,
-	0x03C10313: 0x1FE4,
-	0x03C10314: 0x1FE5,
-	0x03C50342: 0x1FE6,
-	0x03CB0342: 0x1FE7,
-	0x03A50306: 0x1FE8,
-	0x03A50304: 0x1FE9,
-	0x03A50300: 0x1FEA,
-	0x03A10314: 0x1FEC,
-	0x00A80300: 0x1FED,
-	0x1F7C0345: 0x1FF2,
-	0x03C90345: 0x1FF3,
-	0x03CE0345: 0x1FF4,
-	0x03C90342: 0x1FF6,
-	0x1FF60345: 0x1FF7,
-	0x039F0300: 0x1FF8,
-	0x03A90300: 0x1FFA,
-	0x03A90345: 0x1FFC,
-	0x21900338: 0x219A,
-	0x21920338: 0x219B,
-	0x21940338: 0x21AE,
-	0x21D00338: 0x21CD,
-	0x21D40338: 0x21CE,
-	0x21D20338: 0x21CF,
-	0x22030338: 0x2204,
-	0x22080338: 0x2209,
-	0x220B0338: 0x220C,
-	0x22230338: 0x2224,
-	0x22250338: 0x2226,
-	0x223C0338: 0x2241,
-	0x22430338: 0x2244,
-	0x22450338: 0x2247,
-	0x22480338: 0x2249,
-	0x003D0338: 0x2260,
-	0x22610338: 0x2262,
-	0x224D0338: 0x226D,
-	0x003C0338: 0x226E,
-	0x003E0338: 0x226F,
-	0x22640338: 0x2270,
-	0x22650338: 0x2271,
-	0x22720338: 0x2274,
-	0x22730338: 0x2275,
-	0x22760338: 0x2278,
-	0x22770338: 0x2279,
-	0x227A0338: 0x2280,
-	0x227B0338: 0x2281,
-	0x22820338: 0x2284,
-	0x22830338: 0x2285,
-	0x22860338: 0x2288,
-	0x22870338: 0x2289,
-	0x22A20338: 0x22AC,
-	0x22A80338: 0x22AD,
-	0x22A90338: 0x22AE,
-	0x22AB0338: 0x22AF,
-	0x227C0338: 0x22E0,
-	0x227D0338: 0x22E1,
-	0x22910338: 0x22E2,
-	0x22920338: 0x22E3,
-	0x22B20338: 0x22EA,
-	0x22B30338: 0x22EB,
-	0x22B40338: 0x22EC,
-	0x22B50338: 0x22ED,
-	0x304B3099: 0x304C,
-	0x304D3099: 0x304E,
-	0x304F3099: 0x3050,
-	0x30513099: 0x3052,
-	0x30533099: 0x3054,
-	0x30553099: 0x3056,
-	0x30573099: 0x3058,
-	0x30593099: 0x305A,
-	0x305B3099: 0x305C,
-	0x305D3099: 0x305E,
-	0x305F3099: 0x3060,
-	0x30613099: 0x3062,
-	0x30643099: 0x3065,
-	0x30663099: 0x3067,
-	0x30683099: 0x3069,
-	0x306F3099: 0x3070,
-	0x306F309A: 0x3071,
-	0x30723099: 0x3073,
-	0x3072309A: 0x3074,
-	0x30753099: 0x3076,
-	0x3075309A: 0x3077,
-	0x30783099: 0x3079,
-	0x3078309A: 0x307A,
-	0x307B3099: 0x307C,
-	0x307B309A: 0x307D,
-	0x30463099: 0x3094,
-	0x309D3099: 0x309E,
-	0x30AB3099: 0x30AC,
-	0x30AD3099: 0x30AE,
-	0x30AF3099: 0x30B0,
-	0x30B13099: 0x30B2,
-	0x30B33099: 0x30B4,
-	0x30B53099: 0x30B6,
-	0x30B73099: 0x30B8,
-	0x30B93099: 0x30BA,
-	0x30BB3099: 0x30BC,
-	0x30BD3099: 0x30BE,
-	0x30BF3099: 0x30C0,
-	0x30C13099: 0x30C2,
-	0x30C43099: 0x30C5,
-	0x30C63099: 0x30C7,
-	0x30C83099: 0x30C9,
-	0x30CF3099: 0x30D0,
-	0x30CF309A: 0x30D1,
-	0x30D23099: 0x30D3,
-	0x30D2309A: 0x30D4,
-	0x30D53099: 0x30D6,
-	0x30D5309A: 0x30D7,
-	0x30D83099: 0x30D9,
-	0x30D8309A: 0x30DA,
-	0x30DB3099: 0x30DC,
-	0x30DB309A: 0x30DD,
-	0x30A63099: 0x30F4,
-	0x30EF3099: 0x30F7,
-	0x30F03099: 0x30F8,
-	0x30F13099: 0x30F9,
-	0x30F23099: 0x30FA,
-	0x30FD3099: 0x30FE,
-	0x109910BA: 0x1109A,
-	0x109B10BA: 0x1109C,
-	0x10A510BA: 0x110AB,
-	0x11311127: 0x1112E,
-	0x11321127: 0x1112F,
-	0x1347133E: 0x1134B,
-	0x13471357: 0x1134C,
-	0x14B914BA: 0x114BB,
-	0x14B914B0: 0x114BC,
-	0x14B914BD: 0x114BE,
-	0x15B815AF: 0x115BA,
-	0x15B915AF: 0x115BB,
-}
+var recompMap map[uint32]rune
+var recompMapOnce sync.Once
 
-// Total size of tables: 53KB (54006 bytes)
+const recompMapPacked = "" +
+	"\x00A\x03\x00\x00\x00\x00\xc0" + // 0x00410300: 0x000000C0
+	"\x00A\x03\x01\x00\x00\x00\xc1" + // 0x00410301: 0x000000C1
+	"\x00A\x03\x02\x00\x00\x00\xc2" + // 0x00410302: 0x000000C2
+	"\x00A\x03\x03\x00\x00\x00\xc3" + // 0x00410303: 0x000000C3
+	"\x00A\x03\b\x00\x00\x00\xc4" + // 0x00410308: 0x000000C4
+	"\x00A\x03\n\x00\x00\x00\xc5" + // 0x0041030A: 0x000000C5
+	"\x00C\x03'\x00\x00\x00\xc7" + // 0x00430327: 0x000000C7
+	"\x00E\x03\x00\x00\x00\x00\xc8" + // 0x00450300: 0x000000C8
+	"\x00E\x03\x01\x00\x00\x00\xc9" + // 0x00450301: 0x000000C9
+	"\x00E\x03\x02\x00\x00\x00\xca" + // 0x00450302: 0x000000CA
+	"\x00E\x03\b\x00\x00\x00\xcb" + // 0x00450308: 0x000000CB
+	"\x00I\x03\x00\x00\x00\x00\xcc" + // 0x00490300: 0x000000CC
+	"\x00I\x03\x01\x00\x00\x00\xcd" + // 0x00490301: 0x000000CD
+	"\x00I\x03\x02\x00\x00\x00\xce" + // 0x00490302: 0x000000CE
+	"\x00I\x03\b\x00\x00\x00\xcf" + // 0x00490308: 0x000000CF
+	"\x00N\x03\x03\x00\x00\x00\xd1" + // 0x004E0303: 0x000000D1
+	"\x00O\x03\x00\x00\x00\x00\xd2" + // 0x004F0300: 0x000000D2
+	"\x00O\x03\x01\x00\x00\x00\xd3" + // 0x004F0301: 0x000000D3
+	"\x00O\x03\x02\x00\x00\x00\xd4" + // 0x004F0302: 0x000000D4
+	"\x00O\x03\x03\x00\x00\x00\xd5" + // 0x004F0303: 0x000000D5
+	"\x00O\x03\b\x00\x00\x00\xd6" + // 0x004F0308: 0x000000D6
+	"\x00U\x03\x00\x00\x00\x00\xd9" + // 0x00550300: 0x000000D9
+	"\x00U\x03\x01\x00\x00\x00\xda" + // 0x00550301: 0x000000DA
+	"\x00U\x03\x02\x00\x00\x00\xdb" + // 0x00550302: 0x000000DB
+	"\x00U\x03\b\x00\x00\x00\xdc" + // 0x00550308: 0x000000DC
+	"\x00Y\x03\x01\x00\x00\x00\xdd" + // 0x00590301: 0x000000DD
+	"\x00a\x03\x00\x00\x00\x00\xe0" + // 0x00610300: 0x000000E0
+	"\x00a\x03\x01\x00\x00\x00\xe1" + // 0x00610301: 0x000000E1
+	"\x00a\x03\x02\x00\x00\x00\xe2" + // 0x00610302: 0x000000E2
+	"\x00a\x03\x03\x00\x00\x00\xe3" + // 0x00610303: 0x000000E3
+	"\x00a\x03\b\x00\x00\x00\xe4" + // 0x00610308: 0x000000E4
+	"\x00a\x03\n\x00\x00\x00\xe5" + // 0x0061030A: 0x000000E5
+	"\x00c\x03'\x00\x00\x00\xe7" + // 0x00630327: 0x000000E7
+	"\x00e\x03\x00\x00\x00\x00\xe8" + // 0x00650300: 0x000000E8
+	"\x00e\x03\x01\x00\x00\x00\xe9" + // 0x00650301: 0x000000E9
+	"\x00e\x03\x02\x00\x00\x00\xea" + // 0x00650302: 0x000000EA
+	"\x00e\x03\b\x00\x00\x00\xeb" + // 0x00650308: 0x000000EB
+	"\x00i\x03\x00\x00\x00\x00\xec" + // 0x00690300: 0x000000EC
+	"\x00i\x03\x01\x00\x00\x00\xed" + // 0x00690301: 0x000000ED
+	"\x00i\x03\x02\x00\x00\x00\xee" + // 0x00690302: 0x000000EE
+	"\x00i\x03\b\x00\x00\x00\xef" + // 0x00690308: 0x000000EF
+	"\x00n\x03\x03\x00\x00\x00\xf1" + // 0x006E0303: 0x000000F1
+	"\x00o\x03\x00\x00\x00\x00\xf2" + // 0x006F0300: 0x000000F2
+	"\x00o\x03\x01\x00\x00\x00\xf3" + // 0x006F0301: 0x000000F3
+	"\x00o\x03\x02\x00\x00\x00\xf4" + // 0x006F0302: 0x000000F4
+	"\x00o\x03\x03\x00\x00\x00\xf5" + // 0x006F0303: 0x000000F5
+	"\x00o\x03\b\x00\x00\x00\xf6" + // 0x006F0308: 0x000000F6
+	"\x00u\x03\x00\x00\x00\x00\xf9" + // 0x00750300: 0x000000F9
+	"\x00u\x03\x01\x00\x00\x00\xfa" + // 0x00750301: 0x000000FA
+	"\x00u\x03\x02\x00\x00\x00\xfb" + // 0x00750302: 0x000000FB
+	"\x00u\x03\b\x00\x00\x00\xfc" + // 0x00750308: 0x000000FC
+	"\x00y\x03\x01\x00\x00\x00\xfd" + // 0x00790301: 0x000000FD
+	"\x00y\x03\b\x00\x00\x00\xff" + // 0x00790308: 0x000000FF
+	"\x00A\x03\x04\x00\x00\x01\x00" + // 0x00410304: 0x00000100
+	"\x00a\x03\x04\x00\x00\x01\x01" + // 0x00610304: 0x00000101
+	"\x00A\x03\x06\x00\x00\x01\x02" + // 0x00410306: 0x00000102
+	"\x00a\x03\x06\x00\x00\x01\x03" + // 0x00610306: 0x00000103
+	"\x00A\x03(\x00\x00\x01\x04" + // 0x00410328: 0x00000104
+	"\x00a\x03(\x00\x00\x01\x05" + // 0x00610328: 0x00000105
+	"\x00C\x03\x01\x00\x00\x01\x06" + // 0x00430301: 0x00000106
+	"\x00c\x03\x01\x00\x00\x01\a" + // 0x00630301: 0x00000107
+	"\x00C\x03\x02\x00\x00\x01\b" + // 0x00430302: 0x00000108
+	"\x00c\x03\x02\x00\x00\x01\t" + // 0x00630302: 0x00000109
+	"\x00C\x03\a\x00\x00\x01\n" + // 0x00430307: 0x0000010A
+	"\x00c\x03\a\x00\x00\x01\v" + // 0x00630307: 0x0000010B
+	"\x00C\x03\f\x00\x00\x01\f" + // 0x0043030C: 0x0000010C
+	"\x00c\x03\f\x00\x00\x01\r" + // 0x0063030C: 0x0000010D
+	"\x00D\x03\f\x00\x00\x01\x0e" + // 0x0044030C: 0x0000010E
+	"\x00d\x03\f\x00\x00\x01\x0f" + // 0x0064030C: 0x0000010F
+	"\x00E\x03\x04\x00\x00\x01\x12" + // 0x00450304: 0x00000112
+	"\x00e\x03\x04\x00\x00\x01\x13" + // 0x00650304: 0x00000113
+	"\x00E\x03\x06\x00\x00\x01\x14" + // 0x00450306: 0x00000114
+	"\x00e\x03\x06\x00\x00\x01\x15" + // 0x00650306: 0x00000115
+	"\x00E\x03\a\x00\x00\x01\x16" + // 0x00450307: 0x00000116
+	"\x00e\x03\a\x00\x00\x01\x17" + // 0x00650307: 0x00000117
+	"\x00E\x03(\x00\x00\x01\x18" + // 0x00450328: 0x00000118
+	"\x00e\x03(\x00\x00\x01\x19" + // 0x00650328: 0x00000119
+	"\x00E\x03\f\x00\x00\x01\x1a" + // 0x0045030C: 0x0000011A
+	"\x00e\x03\f\x00\x00\x01\x1b" + // 0x0065030C: 0x0000011B
+	"\x00G\x03\x02\x00\x00\x01\x1c" + // 0x00470302: 0x0000011C
+	"\x00g\x03\x02\x00\x00\x01\x1d" + // 0x00670302: 0x0000011D
+	"\x00G\x03\x06\x00\x00\x01\x1e" + // 0x00470306: 0x0000011E
+	"\x00g\x03\x06\x00\x00\x01\x1f" + // 0x00670306: 0x0000011F
+	"\x00G\x03\a\x00\x00\x01 " + // 0x00470307: 0x00000120
+	"\x00g\x03\a\x00\x00\x01!" + // 0x00670307: 0x00000121
+	"\x00G\x03'\x00\x00\x01\"" + // 0x00470327: 0x00000122
+	"\x00g\x03'\x00\x00\x01#" + // 0x00670327: 0x00000123
+	"\x00H\x03\x02\x00\x00\x01$" + // 0x00480302: 0x00000124
+	"\x00h\x03\x02\x00\x00\x01%" + // 0x00680302: 0x00000125
+	"\x00I\x03\x03\x00\x00\x01(" + // 0x00490303: 0x00000128
+	"\x00i\x03\x03\x00\x00\x01)" + // 0x00690303: 0x00000129
+	"\x00I\x03\x04\x00\x00\x01*" + // 0x00490304: 0x0000012A
+	"\x00i\x03\x04\x00\x00\x01+" + // 0x00690304: 0x0000012B
+	"\x00I\x03\x06\x00\x00\x01," + // 0x00490306: 0x0000012C
+	"\x00i\x03\x06\x00\x00\x01-" + // 0x00690306: 0x0000012D
+	"\x00I\x03(\x00\x00\x01." + // 0x00490328: 0x0000012E
+	"\x00i\x03(\x00\x00\x01/" + // 0x00690328: 0x0000012F
+	"\x00I\x03\a\x00\x00\x010" + // 0x00490307: 0x00000130
+	"\x00J\x03\x02\x00\x00\x014" + // 0x004A0302: 0x00000134
+	"\x00j\x03\x02\x00\x00\x015" + // 0x006A0302: 0x00000135
+	"\x00K\x03'\x00\x00\x016" + // 0x004B0327: 0x00000136
+	"\x00k\x03'\x00\x00\x017" + // 0x006B0327: 0x00000137
+	"\x00L\x03\x01\x00\x00\x019" + // 0x004C0301: 0x00000139
+	"\x00l\x03\x01\x00\x00\x01:" + // 0x006C0301: 0x0000013A
+	"\x00L\x03'\x00\x00\x01;" + // 0x004C0327: 0x0000013B
+	"\x00l\x03'\x00\x00\x01<" + // 0x006C0327: 0x0000013C
+	"\x00L\x03\f\x00\x00\x01=" + // 0x004C030C: 0x0000013D
+	"\x00l\x03\f\x00\x00\x01>" + // 0x006C030C: 0x0000013E
+	"\x00N\x03\x01\x00\x00\x01C" + // 0x004E0301: 0x00000143
+	"\x00n\x03\x01\x00\x00\x01D" + // 0x006E0301: 0x00000144
+	"\x00N\x03'\x00\x00\x01E" + // 0x004E0327: 0x00000145
+	"\x00n\x03'\x00\x00\x01F" + // 0x006E0327: 0x00000146
+	"\x00N\x03\f\x00\x00\x01G" + // 0x004E030C: 0x00000147
+	"\x00n\x03\f\x00\x00\x01H" + // 0x006E030C: 0x00000148
+	"\x00O\x03\x04\x00\x00\x01L" + // 0x004F0304: 0x0000014C
+	"\x00o\x03\x04\x00\x00\x01M" + // 0x006F0304: 0x0000014D
+	"\x00O\x03\x06\x00\x00\x01N" + // 0x004F0306: 0x0000014E
+	"\x00o\x03\x06\x00\x00\x01O" + // 0x006F0306: 0x0000014F
+	"\x00O\x03\v\x00\x00\x01P" + // 0x004F030B: 0x00000150
+	"\x00o\x03\v\x00\x00\x01Q" + // 0x006F030B: 0x00000151
+	"\x00R\x03\x01\x00\x00\x01T" + // 0x00520301: 0x00000154
+	"\x00r\x03\x01\x00\x00\x01U" + // 0x00720301: 0x00000155
+	"\x00R\x03'\x00\x00\x01V" + // 0x00520327: 0x00000156
+	"\x00r\x03'\x00\x00\x01W" + // 0x00720327: 0x00000157
+	"\x00R\x03\f\x00\x00\x01X" + // 0x0052030C: 0x00000158
+	"\x00r\x03\f\x00\x00\x01Y" + // 0x0072030C: 0x00000159
+	"\x00S\x03\x01\x00\x00\x01Z" + // 0x00530301: 0x0000015A
+	"\x00s\x03\x01\x00\x00\x01[" + // 0x00730301: 0x0000015B
+	"\x00S\x03\x02\x00\x00\x01\\" + // 0x00530302: 0x0000015C
+	"\x00s\x03\x02\x00\x00\x01]" + // 0x00730302: 0x0000015D
+	"\x00S\x03'\x00\x00\x01^" + // 0x00530327: 0x0000015E
+	"\x00s\x03'\x00\x00\x01_" + // 0x00730327: 0x0000015F
+	"\x00S\x03\f\x00\x00\x01`" + // 0x0053030C: 0x00000160
+	"\x00s\x03\f\x00\x00\x01a" + // 0x0073030C: 0x00000161
+	"\x00T\x03'\x00\x00\x01b" + // 0x00540327: 0x00000162
+	"\x00t\x03'\x00\x00\x01c" + // 0x00740327: 0x00000163
+	"\x00T\x03\f\x00\x00\x01d" + // 0x0054030C: 0x00000164
+	"\x00t\x03\f\x00\x00\x01e" + // 0x0074030C: 0x00000165
+	"\x00U\x03\x03\x00\x00\x01h" + // 0x00550303: 0x00000168
+	"\x00u\x03\x03\x00\x00\x01i" + // 0x00750303: 0x00000169
+	"\x00U\x03\x04\x00\x00\x01j" + // 0x00550304: 0x0000016A
+	"\x00u\x03\x04\x00\x00\x01k" + // 0x00750304: 0x0000016B
+	"\x00U\x03\x06\x00\x00\x01l" + // 0x00550306: 0x0000016C
+	"\x00u\x03\x06\x00\x00\x01m" + // 0x00750306: 0x0000016D
+	"\x00U\x03\n\x00\x00\x01n" + // 0x0055030A: 0x0000016E
+	"\x00u\x03\n\x00\x00\x01o" + // 0x0075030A: 0x0000016F
+	"\x00U\x03\v\x00\x00\x01p" + // 0x0055030B: 0x00000170
+	"\x00u\x03\v\x00\x00\x01q" + // 0x0075030B: 0x00000171
+	"\x00U\x03(\x00\x00\x01r" + // 0x00550328: 0x00000172
+	"\x00u\x03(\x00\x00\x01s" + // 0x00750328: 0x00000173
+	"\x00W\x03\x02\x00\x00\x01t" + // 0x00570302: 0x00000174
+	"\x00w\x03\x02\x00\x00\x01u" + // 0x00770302: 0x00000175
+	"\x00Y\x03\x02\x00\x00\x01v" + // 0x00590302: 0x00000176
+	"\x00y\x03\x02\x00\x00\x01w" + // 0x00790302: 0x00000177
+	"\x00Y\x03\b\x00\x00\x01x" + // 0x00590308: 0x00000178
+	"\x00Z\x03\x01\x00\x00\x01y" + // 0x005A0301: 0x00000179
+	"\x00z\x03\x01\x00\x00\x01z" + // 0x007A0301: 0x0000017A
+	"\x00Z\x03\a\x00\x00\x01{" + // 0x005A0307: 0x0000017B
+	"\x00z\x03\a\x00\x00\x01|" + // 0x007A0307: 0x0000017C
+	"\x00Z\x03\f\x00\x00\x01}" + // 0x005A030C: 0x0000017D
+	"\x00z\x03\f\x00\x00\x01~" + // 0x007A030C: 0x0000017E
+	"\x00O\x03\x1b\x00\x00\x01\xa0" + // 0x004F031B: 0x000001A0
+	"\x00o\x03\x1b\x00\x00\x01\xa1" + // 0x006F031B: 0x000001A1
+	"\x00U\x03\x1b\x00\x00\x01\xaf" + // 0x0055031B: 0x000001AF
+	"\x00u\x03\x1b\x00\x00\x01\xb0" + // 0x0075031B: 0x000001B0
+	"\x00A\x03\f\x00\x00\x01\xcd" + // 0x0041030C: 0x000001CD
+	"\x00a\x03\f\x00\x00\x01\xce" + // 0x0061030C: 0x000001CE
+	"\x00I\x03\f\x00\x00\x01\xcf" + // 0x0049030C: 0x000001CF
+	"\x00i\x03\f\x00\x00\x01\xd0" + // 0x0069030C: 0x000001D0
+	"\x00O\x03\f\x00\x00\x01\xd1" + // 0x004F030C: 0x000001D1
+	"\x00o\x03\f\x00\x00\x01\xd2" + // 0x006F030C: 0x000001D2
+	"\x00U\x03\f\x00\x00\x01\xd3" + // 0x0055030C: 0x000001D3
+	"\x00u\x03\f\x00\x00\x01\xd4" + // 0x0075030C: 0x000001D4
+	"\x00\xdc\x03\x04\x00\x00\x01\xd5" + // 0x00DC0304: 0x000001D5
+	"\x00\xfc\x03\x04\x00\x00\x01\xd6" + // 0x00FC0304: 0x000001D6
+	"\x00\xdc\x03\x01\x00\x00\x01\xd7" + // 0x00DC0301: 0x000001D7
+	"\x00\xfc\x03\x01\x00\x00\x01\xd8" + // 0x00FC0301: 0x000001D8
+	"\x00\xdc\x03\f\x00\x00\x01\xd9" + // 0x00DC030C: 0x000001D9
+	"\x00\xfc\x03\f\x00\x00\x01\xda" + // 0x00FC030C: 0x000001DA
+	"\x00\xdc\x03\x00\x00\x00\x01\xdb" + // 0x00DC0300: 0x000001DB
+	"\x00\xfc\x03\x00\x00\x00\x01\xdc" + // 0x00FC0300: 0x000001DC
+	"\x00\xc4\x03\x04\x00\x00\x01\xde" + // 0x00C40304: 0x000001DE
+	"\x00\xe4\x03\x04\x00\x00\x01\xdf" + // 0x00E40304: 0x000001DF
+	"\x02&\x03\x04\x00\x00\x01\xe0" + // 0x02260304: 0x000001E0
+	"\x02'\x03\x04\x00\x00\x01\xe1" + // 0x02270304: 0x000001E1
+	"\x00\xc6\x03\x04\x00\x00\x01\xe2" + // 0x00C60304: 0x000001E2
+	"\x00\xe6\x03\x04\x00\x00\x01\xe3" + // 0x00E60304: 0x000001E3
+	"\x00G\x03\f\x00\x00\x01\xe6" + // 0x0047030C: 0x000001E6
+	"\x00g\x03\f\x00\x00\x01\xe7" + // 0x0067030C: 0x000001E7
+	"\x00K\x03\f\x00\x00\x01\xe8" + // 0x004B030C: 0x000001E8
+	"\x00k\x03\f\x00\x00\x01\xe9" + // 0x006B030C: 0x000001E9
+	"\x00O\x03(\x00\x00\x01\xea" + // 0x004F0328: 0x000001EA
+	"\x00o\x03(\x00\x00\x01\xeb" + // 0x006F0328: 0x000001EB
+	"\x01\xea\x03\x04\x00\x00\x01\xec" + // 0x01EA0304: 0x000001EC
+	"\x01\xeb\x03\x04\x00\x00\x01\xed" + // 0x01EB0304: 0x000001ED
+	"\x01\xb7\x03\f\x00\x00\x01\xee" + // 0x01B7030C: 0x000001EE
+	"\x02\x92\x03\f\x00\x00\x01\xef" + // 0x0292030C: 0x000001EF
+	"\x00j\x03\f\x00\x00\x01\xf0" + // 0x006A030C: 0x000001F0
+	"\x00G\x03\x01\x00\x00\x01\xf4" + // 0x00470301: 0x000001F4
+	"\x00g\x03\x01\x00\x00\x01\xf5" + // 0x00670301: 0x000001F5
+	"\x00N\x03\x00\x00\x00\x01\xf8" + // 0x004E0300: 0x000001F8
+	"\x00n\x03\x00\x00\x00\x01\xf9" + // 0x006E0300: 0x000001F9
+	"\x00\xc5\x03\x01\x00\x00\x01\xfa" + // 0x00C50301: 0x000001FA
+	"\x00\xe5\x03\x01\x00\x00\x01\xfb" + // 0x00E50301: 0x000001FB
+	"\x00\xc6\x03\x01\x00\x00\x01\xfc" + // 0x00C60301: 0x000001FC
+	"\x00\xe6\x03\x01\x00\x00\x01\xfd" + // 0x00E60301: 0x000001FD
+	"\x00\xd8\x03\x01\x00\x00\x01\xfe" + // 0x00D80301: 0x000001FE
+	"\x00\xf8\x03\x01\x00\x00\x01\xff" + // 0x00F80301: 0x000001FF
+	"\x00A\x03\x0f\x00\x00\x02\x00" + // 0x0041030F: 0x00000200
+	"\x00a\x03\x0f\x00\x00\x02\x01" + // 0x0061030F: 0x00000201
+	"\x00A\x03\x11\x00\x00\x02\x02" + // 0x00410311: 0x00000202
+	"\x00a\x03\x11\x00\x00\x02\x03" + // 0x00610311: 0x00000203
+	"\x00E\x03\x0f\x00\x00\x02\x04" + // 0x0045030F: 0x00000204
+	"\x00e\x03\x0f\x00\x00\x02\x05" + // 0x0065030F: 0x00000205
+	"\x00E\x03\x11\x00\x00\x02\x06" + // 0x00450311: 0x00000206
+	"\x00e\x03\x11\x00\x00\x02\a" + // 0x00650311: 0x00000207
+	"\x00I\x03\x0f\x00\x00\x02\b" + // 0x0049030F: 0x00000208
+	"\x00i\x03\x0f\x00\x00\x02\t" + // 0x0069030F: 0x00000209
+	"\x00I\x03\x11\x00\x00\x02\n" + // 0x00490311: 0x0000020A
+	"\x00i\x03\x11\x00\x00\x02\v" + // 0x00690311: 0x0000020B
+	"\x00O\x03\x0f\x00\x00\x02\f" + // 0x004F030F: 0x0000020C
+	"\x00o\x03\x0f\x00\x00\x02\r" + // 0x006F030F: 0x0000020D
+	"\x00O\x03\x11\x00\x00\x02\x0e" + // 0x004F0311: 0x0000020E
+	"\x00o\x03\x11\x00\x00\x02\x0f" + // 0x006F0311: 0x0000020F
+	"\x00R\x03\x0f\x00\x00\x02\x10" + // 0x0052030F: 0x00000210
+	"\x00r\x03\x0f\x00\x00\x02\x11" + // 0x0072030F: 0x00000211
+	"\x00R\x03\x11\x00\x00\x02\x12" + // 0x00520311: 0x00000212
+	"\x00r\x03\x11\x00\x00\x02\x13" + // 0x00720311: 0x00000213
+	"\x00U\x03\x0f\x00\x00\x02\x14" + // 0x0055030F: 0x00000214
+	"\x00u\x03\x0f\x00\x00\x02\x15" + // 0x0075030F: 0x00000215
+	"\x00U\x03\x11\x00\x00\x02\x16" + // 0x00550311: 0x00000216
+	"\x00u\x03\x11\x00\x00\x02\x17" + // 0x00750311: 0x00000217
+	"\x00S\x03&\x00\x00\x02\x18" + // 0x00530326: 0x00000218
+	"\x00s\x03&\x00\x00\x02\x19" + // 0x00730326: 0x00000219
+	"\x00T\x03&\x00\x00\x02\x1a" + // 0x00540326: 0x0000021A
+	"\x00t\x03&\x00\x00\x02\x1b" + // 0x00740326: 0x0000021B
+	"\x00H\x03\f\x00\x00\x02\x1e" + // 0x0048030C: 0x0000021E
+	"\x00h\x03\f\x00\x00\x02\x1f" + // 0x0068030C: 0x0000021F
+	"\x00A\x03\a\x00\x00\x02&" + // 0x00410307: 0x00000226
+	"\x00a\x03\a\x00\x00\x02'" + // 0x00610307: 0x00000227
+	"\x00E\x03'\x00\x00\x02(" + // 0x00450327: 0x00000228
+	"\x00e\x03'\x00\x00\x02)" + // 0x00650327: 0x00000229
+	"\x00\xd6\x03\x04\x00\x00\x02*" + // 0x00D60304: 0x0000022A
+	"\x00\xf6\x03\x04\x00\x00\x02+" + // 0x00F60304: 0x0000022B
+	"\x00\xd5\x03\x04\x00\x00\x02," + // 0x00D50304: 0x0000022C
+	"\x00\xf5\x03\x04\x00\x00\x02-" + // 0x00F50304: 0x0000022D
+	"\x00O\x03\a\x00\x00\x02." + // 0x004F0307: 0x0000022E
+	"\x00o\x03\a\x00\x00\x02/" + // 0x006F0307: 0x0000022F
+	"\x02.\x03\x04\x00\x00\x020" + // 0x022E0304: 0x00000230
+	"\x02/\x03\x04\x00\x00\x021" + // 0x022F0304: 0x00000231
+	"\x00Y\x03\x04\x00\x00\x022" + // 0x00590304: 0x00000232
+	"\x00y\x03\x04\x00\x00\x023" + // 0x00790304: 0x00000233
+	"\x00\xa8\x03\x01\x00\x00\x03\x85" + // 0x00A80301: 0x00000385
+	"\x03\x91\x03\x01\x00\x00\x03\x86" + // 0x03910301: 0x00000386
+	"\x03\x95\x03\x01\x00\x00\x03\x88" + // 0x03950301: 0x00000388
+	"\x03\x97\x03\x01\x00\x00\x03\x89" + // 0x03970301: 0x00000389
+	"\x03\x99\x03\x01\x00\x00\x03\x8a" + // 0x03990301: 0x0000038A
+	"\x03\x9f\x03\x01\x00\x00\x03\x8c" + // 0x039F0301: 0x0000038C
+	"\x03\xa5\x03\x01\x00\x00\x03\x8e" + // 0x03A50301: 0x0000038E
+	"\x03\xa9\x03\x01\x00\x00\x03\x8f" + // 0x03A90301: 0x0000038F
+	"\x03\xca\x03\x01\x00\x00\x03\x90" + // 0x03CA0301: 0x00000390
+	"\x03\x99\x03\b\x00\x00\x03\xaa" + // 0x03990308: 0x000003AA
+	"\x03\xa5\x03\b\x00\x00\x03\xab" + // 0x03A50308: 0x000003AB
+	"\x03\xb1\x03\x01\x00\x00\x03\xac" + // 0x03B10301: 0x000003AC
+	"\x03\xb5\x03\x01\x00\x00\x03\xad" + // 0x03B50301: 0x000003AD
+	"\x03\xb7\x03\x01\x00\x00\x03\xae" + // 0x03B70301: 0x000003AE
+	"\x03\xb9\x03\x01\x00\x00\x03\xaf" + // 0x03B90301: 0x000003AF
+	"\x03\xcb\x03\x01\x00\x00\x03\xb0" + // 0x03CB0301: 0x000003B0
+	"\x03\xb9\x03\b\x00\x00\x03\xca" + // 0x03B90308: 0x000003CA
+	"\x03\xc5\x03\b\x00\x00\x03\xcb" + // 0x03C50308: 0x000003CB
+	"\x03\xbf\x03\x01\x00\x00\x03\xcc" + // 0x03BF0301: 0x000003CC
+	"\x03\xc5\x03\x01\x00\x00\x03\xcd" + // 0x03C50301: 0x000003CD
+	"\x03\xc9\x03\x01\x00\x00\x03\xce" + // 0x03C90301: 0x000003CE
+	"\x03\xd2\x03\x01\x00\x00\x03\xd3" + // 0x03D20301: 0x000003D3
+	"\x03\xd2\x03\b\x00\x00\x03\xd4" + // 0x03D20308: 0x000003D4
+	"\x04\x15\x03\x00\x00\x00\x04\x00" + // 0x04150300: 0x00000400
+	"\x04\x15\x03\b\x00\x00\x04\x01" + // 0x04150308: 0x00000401
+	"\x04\x13\x03\x01\x00\x00\x04\x03" + // 0x04130301: 0x00000403
+	"\x04\x06\x03\b\x00\x00\x04\a" + // 0x04060308: 0x00000407
+	"\x04\x1a\x03\x01\x00\x00\x04\f" + // 0x041A0301: 0x0000040C
+	"\x04\x18\x03\x00\x00\x00\x04\r" + // 0x04180300: 0x0000040D
+	"\x04#\x03\x06\x00\x00\x04\x0e" + // 0x04230306: 0x0000040E
+	"\x04\x18\x03\x06\x00\x00\x04\x19" + // 0x04180306: 0x00000419
+	"\x048\x03\x06\x00\x00\x049" + // 0x04380306: 0x00000439
+	"\x045\x03\x00\x00\x00\x04P" + // 0x04350300: 0x00000450
+	"\x045\x03\b\x00\x00\x04Q" + // 0x04350308: 0x00000451
+	"\x043\x03\x01\x00\x00\x04S" + // 0x04330301: 0x00000453
+	"\x04V\x03\b\x00\x00\x04W" + // 0x04560308: 0x00000457
+	"\x04:\x03\x01\x00\x00\x04\\" + // 0x043A0301: 0x0000045C
+	"\x048\x03\x00\x00\x00\x04]" + // 0x04380300: 0x0000045D
+	"\x04C\x03\x06\x00\x00\x04^" + // 0x04430306: 0x0000045E
+	"\x04t\x03\x0f\x00\x00\x04v" + // 0x0474030F: 0x00000476
+	"\x04u\x03\x0f\x00\x00\x04w" + // 0x0475030F: 0x00000477
+	"\x04\x16\x03\x06\x00\x00\x04\xc1" + // 0x04160306: 0x000004C1
+	"\x046\x03\x06\x00\x00\x04\xc2" + // 0x04360306: 0x000004C2
+	"\x04\x10\x03\x06\x00\x00\x04\xd0" + // 0x04100306: 0x000004D0
+	"\x040\x03\x06\x00\x00\x04\xd1" + // 0x04300306: 0x000004D1
+	"\x04\x10\x03\b\x00\x00\x04\xd2" + // 0x04100308: 0x000004D2
+	"\x040\x03\b\x00\x00\x04\xd3" + // 0x04300308: 0x000004D3
+	"\x04\x15\x03\x06\x00\x00\x04\xd6" + // 0x04150306: 0x000004D6
+	"\x045\x03\x06\x00\x00\x04\xd7" + // 0x04350306: 0x000004D7
+	"\x04\xd8\x03\b\x00\x00\x04\xda" + // 0x04D80308: 0x000004DA
+	"\x04\xd9\x03\b\x00\x00\x04\xdb" + // 0x04D90308: 0x000004DB
+	"\x04\x16\x03\b\x00\x00\x04\xdc" + // 0x04160308: 0x000004DC
+	"\x046\x03\b\x00\x00\x04\xdd" + // 0x04360308: 0x000004DD
+	"\x04\x17\x03\b\x00\x00\x04\xde" + // 0x04170308: 0x000004DE
+	"\x047\x03\b\x00\x00\x04\xdf" + // 0x04370308: 0x000004DF
+	"\x04\x18\x03\x04\x00\x00\x04\xe2" + // 0x04180304: 0x000004E2
+	"\x048\x03\x04\x00\x00\x04\xe3" + // 0x04380304: 0x000004E3
+	"\x04\x18\x03\b\x00\x00\x04\xe4" + // 0x04180308: 0x000004E4
+	"\x048\x03\b\x00\x00\x04\xe5" + // 0x04380308: 0x000004E5
+	"\x04\x1e\x03\b\x00\x00\x04\xe6" + // 0x041E0308: 0x000004E6
+	"\x04>\x03\b\x00\x00\x04\xe7" + // 0x043E0308: 0x000004E7
+	"\x04\xe8\x03\b\x00\x00\x04\xea" + // 0x04E80308: 0x000004EA
+	"\x04\xe9\x03\b\x00\x00\x04\xeb" + // 0x04E90308: 0x000004EB
+	"\x04-\x03\b\x00\x00\x04\xec" + // 0x042D0308: 0x000004EC
+	"\x04M\x03\b\x00\x00\x04\xed" + // 0x044D0308: 0x000004ED
+	"\x04#\x03\x04\x00\x00\x04\xee" + // 0x04230304: 0x000004EE
+	"\x04C\x03\x04\x00\x00\x04\xef" + // 0x04430304: 0x000004EF
+	"\x04#\x03\b\x00\x00\x04\xf0" + // 0x04230308: 0x000004F0
+	"\x04C\x03\b\x00\x00\x04\xf1" + // 0x04430308: 0x000004F1
+	"\x04#\x03\v\x00\x00\x04\xf2" + // 0x0423030B: 0x000004F2
+	"\x04C\x03\v\x00\x00\x04\xf3" + // 0x0443030B: 0x000004F3
+	"\x04'\x03\b\x00\x00\x04\xf4" + // 0x04270308: 0x000004F4
+	"\x04G\x03\b\x00\x00\x04\xf5" + // 0x04470308: 0x000004F5
+	"\x04+\x03\b\x00\x00\x04\xf8" + // 0x042B0308: 0x000004F8
+	"\x04K\x03\b\x00\x00\x04\xf9" + // 0x044B0308: 0x000004F9
+	"\x06'\x06S\x00\x00\x06\"" + // 0x06270653: 0x00000622
+	"\x06'\x06T\x00\x00\x06#" + // 0x06270654: 0x00000623
+	"\x06H\x06T\x00\x00\x06$" + // 0x06480654: 0x00000624
+	"\x06'\x06U\x00\x00\x06%" + // 0x06270655: 0x00000625
+	"\x06J\x06T\x00\x00\x06&" + // 0x064A0654: 0x00000626
+	"\x06\xd5\x06T\x00\x00\x06\xc0" + // 0x06D50654: 0x000006C0
+	"\x06\xc1\x06T\x00\x00\x06\xc2" + // 0x06C10654: 0x000006C2
+	"\x06\xd2\x06T\x00\x00\x06\xd3" + // 0x06D20654: 0x000006D3
+	"\t(\t<\x00\x00\t)" + // 0x0928093C: 0x00000929
+	"\t0\t<\x00\x00\t1" + // 0x0930093C: 0x00000931
+	"\t3\t<\x00\x00\t4" + // 0x0933093C: 0x00000934
+	"\t\xc7\t\xbe\x00\x00\t\xcb" + // 0x09C709BE: 0x000009CB
+	"\t\xc7\t\xd7\x00\x00\t\xcc" + // 0x09C709D7: 0x000009CC
+	"\vG\vV\x00\x00\vH" + // 0x0B470B56: 0x00000B48
+	"\vG\v>\x00\x00\vK" + // 0x0B470B3E: 0x00000B4B
+	"\vG\vW\x00\x00\vL" + // 0x0B470B57: 0x00000B4C
+	"\v\x92\v\xd7\x00\x00\v\x94" + // 0x0B920BD7: 0x00000B94
+	"\v\xc6\v\xbe\x00\x00\v\xca" + // 0x0BC60BBE: 0x00000BCA
+	"\v\xc7\v\xbe\x00\x00\v\xcb" + // 0x0BC70BBE: 0x00000BCB
+	"\v\xc6\v\xd7\x00\x00\v\xcc" + // 0x0BC60BD7: 0x00000BCC
+	"\fF\fV\x00\x00\fH" + // 0x0C460C56: 0x00000C48
+	"\f\xbf\f\xd5\x00\x00\f\xc0" + // 0x0CBF0CD5: 0x00000CC0
+	"\f\xc6\f\xd5\x00\x00\f\xc7" + // 0x0CC60CD5: 0x00000CC7
+	"\f\xc6\f\xd6\x00\x00\f\xc8" + // 0x0CC60CD6: 0x00000CC8
+	"\f\xc6\f\xc2\x00\x00\f\xca" + // 0x0CC60CC2: 0x00000CCA
+	"\f\xca\f\xd5\x00\x00\f\xcb" + // 0x0CCA0CD5: 0x00000CCB
+	"\rF\r>\x00\x00\rJ" + // 0x0D460D3E: 0x00000D4A
+	"\rG\r>\x00\x00\rK" + // 0x0D470D3E: 0x00000D4B
+	"\rF\rW\x00\x00\rL" + // 0x0D460D57: 0x00000D4C
+	"\r\xd9\r\xca\x00\x00\r\xda" + // 0x0DD90DCA: 0x00000DDA
+	"\r\xd9\r\xcf\x00\x00\r\xdc" + // 0x0DD90DCF: 0x00000DDC
+	"\r\xdc\r\xca\x00\x00\r\xdd" + // 0x0DDC0DCA: 0x00000DDD
+	"\r\xd9\r\xdf\x00\x00\r\xde" + // 0x0DD90DDF: 0x00000DDE
+	"\x10%\x10.\x00\x00\x10&" + // 0x1025102E: 0x00001026
+	"\x1b\x05\x1b5\x00\x00\x1b\x06" + // 0x1B051B35: 0x00001B06
+	"\x1b\a\x1b5\x00\x00\x1b\b" + // 0x1B071B35: 0x00001B08
+	"\x1b\t\x1b5\x00\x00\x1b\n" + // 0x1B091B35: 0x00001B0A
+	"\x1b\v\x1b5\x00\x00\x1b\f" + // 0x1B0B1B35: 0x00001B0C
+	"\x1b\r\x1b5\x00\x00\x1b\x0e" + // 0x1B0D1B35: 0x00001B0E
+	"\x1b\x11\x1b5\x00\x00\x1b\x12" + // 0x1B111B35: 0x00001B12
+	"\x1b:\x1b5\x00\x00\x1b;" + // 0x1B3A1B35: 0x00001B3B
+	"\x1b<\x1b5\x00\x00\x1b=" + // 0x1B3C1B35: 0x00001B3D
+	"\x1b>\x1b5\x00\x00\x1b@" + // 0x1B3E1B35: 0x00001B40
+	"\x1b?\x1b5\x00\x00\x1bA" + // 0x1B3F1B35: 0x00001B41
+	"\x1bB\x1b5\x00\x00\x1bC" + // 0x1B421B35: 0x00001B43
+	"\x00A\x03%\x00\x00\x1e\x00" + // 0x00410325: 0x00001E00
+	"\x00a\x03%\x00\x00\x1e\x01" + // 0x00610325: 0x00001E01
+	"\x00B\x03\a\x00\x00\x1e\x02" + // 0x00420307: 0x00001E02
+	"\x00b\x03\a\x00\x00\x1e\x03" + // 0x00620307: 0x00001E03
+	"\x00B\x03#\x00\x00\x1e\x04" + // 0x00420323: 0x00001E04
+	"\x00b\x03#\x00\x00\x1e\x05" + // 0x00620323: 0x00001E05
+	"\x00B\x031\x00\x00\x1e\x06" + // 0x00420331: 0x00001E06
+	"\x00b\x031\x00\x00\x1e\a" + // 0x00620331: 0x00001E07
+	"\x00\xc7\x03\x01\x00\x00\x1e\b" + // 0x00C70301: 0x00001E08
+	"\x00\xe7\x03\x01\x00\x00\x1e\t" + // 0x00E70301: 0x00001E09
+	"\x00D\x03\a\x00\x00\x1e\n" + // 0x00440307: 0x00001E0A
+	"\x00d\x03\a\x00\x00\x1e\v" + // 0x00640307: 0x00001E0B
+	"\x00D\x03#\x00\x00\x1e\f" + // 0x00440323: 0x00001E0C
+	"\x00d\x03#\x00\x00\x1e\r" + // 0x00640323: 0x00001E0D
+	"\x00D\x031\x00\x00\x1e\x0e" + // 0x00440331: 0x00001E0E
+	"\x00d\x031\x00\x00\x1e\x0f" + // 0x00640331: 0x00001E0F
+	"\x00D\x03'\x00\x00\x1e\x10" + // 0x00440327: 0x00001E10
+	"\x00d\x03'\x00\x00\x1e\x11" + // 0x00640327: 0x00001E11
+	"\x00D\x03-\x00\x00\x1e\x12" + // 0x0044032D: 0x00001E12
+	"\x00d\x03-\x00\x00\x1e\x13" + // 0x0064032D: 0x00001E13
+	"\x01\x12\x03\x00\x00\x00\x1e\x14" + // 0x01120300: 0x00001E14
+	"\x01\x13\x03\x00\x00\x00\x1e\x15" + // 0x01130300: 0x00001E15
+	"\x01\x12\x03\x01\x00\x00\x1e\x16" + // 0x01120301: 0x00001E16
+	"\x01\x13\x03\x01\x00\x00\x1e\x17" + // 0x01130301: 0x00001E17
+	"\x00E\x03-\x00\x00\x1e\x18" + // 0x0045032D: 0x00001E18
+	"\x00e\x03-\x00\x00\x1e\x19" + // 0x0065032D: 0x00001E19
+	"\x00E\x030\x00\x00\x1e\x1a" + // 0x00450330: 0x00001E1A
+	"\x00e\x030\x00\x00\x1e\x1b" + // 0x00650330: 0x00001E1B
+	"\x02(\x03\x06\x00\x00\x1e\x1c" + // 0x02280306: 0x00001E1C
+	"\x02)\x03\x06\x00\x00\x1e\x1d" + // 0x02290306: 0x00001E1D
+	"\x00F\x03\a\x00\x00\x1e\x1e" + // 0x00460307: 0x00001E1E
+	"\x00f\x03\a\x00\x00\x1e\x1f" + // 0x00660307: 0x00001E1F
+	"\x00G\x03\x04\x00\x00\x1e " + // 0x00470304: 0x00001E20
+	"\x00g\x03\x04\x00\x00\x1e!" + // 0x00670304: 0x00001E21
+	"\x00H\x03\a\x00\x00\x1e\"" + // 0x00480307: 0x00001E22
+	"\x00h\x03\a\x00\x00\x1e#" + // 0x00680307: 0x00001E23
+	"\x00H\x03#\x00\x00\x1e$" + // 0x00480323: 0x00001E24
+	"\x00h\x03#\x00\x00\x1e%" + // 0x00680323: 0x00001E25
+	"\x00H\x03\b\x00\x00\x1e&" + // 0x00480308: 0x00001E26
+	"\x00h\x03\b\x00\x00\x1e'" + // 0x00680308: 0x00001E27
+	"\x00H\x03'\x00\x00\x1e(" + // 0x00480327: 0x00001E28
+	"\x00h\x03'\x00\x00\x1e)" + // 0x00680327: 0x00001E29
+	"\x00H\x03.\x00\x00\x1e*" + // 0x0048032E: 0x00001E2A
+	"\x00h\x03.\x00\x00\x1e+" + // 0x0068032E: 0x00001E2B
+	"\x00I\x030\x00\x00\x1e," + // 0x00490330: 0x00001E2C
+	"\x00i\x030\x00\x00\x1e-" + // 0x00690330: 0x00001E2D
+	"\x00\xcf\x03\x01\x00\x00\x1e." + // 0x00CF0301: 0x00001E2E
+	"\x00\xef\x03\x01\x00\x00\x1e/" + // 0x00EF0301: 0x00001E2F
+	"\x00K\x03\x01\x00\x00\x1e0" + // 0x004B0301: 0x00001E30
+	"\x00k\x03\x01\x00\x00\x1e1" + // 0x006B0301: 0x00001E31
+	"\x00K\x03#\x00\x00\x1e2" + // 0x004B0323: 0x00001E32
+	"\x00k\x03#\x00\x00\x1e3" + // 0x006B0323: 0x00001E33
+	"\x00K\x031\x00\x00\x1e4" + // 0x004B0331: 0x00001E34
+	"\x00k\x031\x00\x00\x1e5" + // 0x006B0331: 0x00001E35
+	"\x00L\x03#\x00\x00\x1e6" + // 0x004C0323: 0x00001E36
+	"\x00l\x03#\x00\x00\x1e7" + // 0x006C0323: 0x00001E37
+	"\x1e6\x03\x04\x00\x00\x1e8" + // 0x1E360304: 0x00001E38
+	"\x1e7\x03\x04\x00\x00\x1e9" + // 0x1E370304: 0x00001E39
+	"\x00L\x031\x00\x00\x1e:" + // 0x004C0331: 0x00001E3A
+	"\x00l\x031\x00\x00\x1e;" + // 0x006C0331: 0x00001E3B
+	"\x00L\x03-\x00\x00\x1e<" + // 0x004C032D: 0x00001E3C
+	"\x00l\x03-\x00\x00\x1e=" + // 0x006C032D: 0x00001E3D
+	"\x00M\x03\x01\x00\x00\x1e>" + // 0x004D0301: 0x00001E3E
+	"\x00m\x03\x01\x00\x00\x1e?" + // 0x006D0301: 0x00001E3F
+	"\x00M\x03\a\x00\x00\x1e@" + // 0x004D0307: 0x00001E40
+	"\x00m\x03\a\x00\x00\x1eA" + // 0x006D0307: 0x00001E41
+	"\x00M\x03#\x00\x00\x1eB" + // 0x004D0323: 0x00001E42
+	"\x00m\x03#\x00\x00\x1eC" + // 0x006D0323: 0x00001E43
+	"\x00N\x03\a\x00\x00\x1eD" + // 0x004E0307: 0x00001E44
+	"\x00n\x03\a\x00\x00\x1eE" + // 0x006E0307: 0x00001E45
+	"\x00N\x03#\x00\x00\x1eF" + // 0x004E0323: 0x00001E46
+	"\x00n\x03#\x00\x00\x1eG" + // 0x006E0323: 0x00001E47
+	"\x00N\x031\x00\x00\x1eH" + // 0x004E0331: 0x00001E48
+	"\x00n\x031\x00\x00\x1eI" + // 0x006E0331: 0x00001E49
+	"\x00N\x03-\x00\x00\x1eJ" + // 0x004E032D: 0x00001E4A
+	"\x00n\x03-\x00\x00\x1eK" + // 0x006E032D: 0x00001E4B
+	"\x00\xd5\x03\x01\x00\x00\x1eL" + // 0x00D50301: 0x00001E4C
+	"\x00\xf5\x03\x01\x00\x00\x1eM" + // 0x00F50301: 0x00001E4D
+	"\x00\xd5\x03\b\x00\x00\x1eN" + // 0x00D50308: 0x00001E4E
+	"\x00\xf5\x03\b\x00\x00\x1eO" + // 0x00F50308: 0x00001E4F
+	"\x01L\x03\x00\x00\x00\x1eP" + // 0x014C0300: 0x00001E50
+	"\x01M\x03\x00\x00\x00\x1eQ" + // 0x014D0300: 0x00001E51
+	"\x01L\x03\x01\x00\x00\x1eR" + // 0x014C0301: 0x00001E52
+	"\x01M\x03\x01\x00\x00\x1eS" + // 0x014D0301: 0x00001E53
+	"\x00P\x03\x01\x00\x00\x1eT" + // 0x00500301: 0x00001E54
+	"\x00p\x03\x01\x00\x00\x1eU" + // 0x00700301: 0x00001E55
+	"\x00P\x03\a\x00\x00\x1eV" + // 0x00500307: 0x00001E56
+	"\x00p\x03\a\x00\x00\x1eW" + // 0x00700307: 0x00001E57
+	"\x00R\x03\a\x00\x00\x1eX" + // 0x00520307: 0x00001E58
+	"\x00r\x03\a\x00\x00\x1eY" + // 0x00720307: 0x00001E59
+	"\x00R\x03#\x00\x00\x1eZ" + // 0x00520323: 0x00001E5A
+	"\x00r\x03#\x00\x00\x1e[" + // 0x00720323: 0x00001E5B
+	"\x1eZ\x03\x04\x00\x00\x1e\\" + // 0x1E5A0304: 0x00001E5C
+	"\x1e[\x03\x04\x00\x00\x1e]" + // 0x1E5B0304: 0x00001E5D
+	"\x00R\x031\x00\x00\x1e^" + // 0x00520331: 0x00001E5E
+	"\x00r\x031\x00\x00\x1e_" + // 0x00720331: 0x00001E5F
+	"\x00S\x03\a\x00\x00\x1e`" + // 0x00530307: 0x00001E60
+	"\x00s\x03\a\x00\x00\x1ea" + // 0x00730307: 0x00001E61
+	"\x00S\x03#\x00\x00\x1eb" + // 0x00530323: 0x00001E62
+	"\x00s\x03#\x00\x00\x1ec" + // 0x00730323: 0x00001E63
+	"\x01Z\x03\a\x00\x00\x1ed" + // 0x015A0307: 0x00001E64
+	"\x01[\x03\a\x00\x00\x1ee" + // 0x015B0307: 0x00001E65
+	"\x01`\x03\a\x00\x00\x1ef" + // 0x01600307: 0x00001E66
+	"\x01a\x03\a\x00\x00\x1eg" + // 0x01610307: 0x00001E67
+	"\x1eb\x03\a\x00\x00\x1eh" + // 0x1E620307: 0x00001E68
+	"\x1ec\x03\a\x00\x00\x1ei" + // 0x1E630307: 0x00001E69
+	"\x00T\x03\a\x00\x00\x1ej" + // 0x00540307: 0x00001E6A
+	"\x00t\x03\a\x00\x00\x1ek" + // 0x00740307: 0x00001E6B
+	"\x00T\x03#\x00\x00\x1el" + // 0x00540323: 0x00001E6C
+	"\x00t\x03#\x00\x00\x1em" + // 0x00740323: 0x00001E6D
+	"\x00T\x031\x00\x00\x1en" + // 0x00540331: 0x00001E6E
+	"\x00t\x031\x00\x00\x1eo" + // 0x00740331: 0x00001E6F
+	"\x00T\x03-\x00\x00\x1ep" + // 0x0054032D: 0x00001E70
+	"\x00t\x03-\x00\x00\x1eq" + // 0x0074032D: 0x00001E71
+	"\x00U\x03$\x00\x00\x1er" + // 0x00550324: 0x00001E72
+	"\x00u\x03$\x00\x00\x1es" + // 0x00750324: 0x00001E73
+	"\x00U\x030\x00\x00\x1et" + // 0x00550330: 0x00001E74
+	"\x00u\x030\x00\x00\x1eu" + // 0x00750330: 0x00001E75
+	"\x00U\x03-\x00\x00\x1ev" + // 0x0055032D: 0x00001E76
+	"\x00u\x03-\x00\x00\x1ew" + // 0x0075032D: 0x00001E77
+	"\x01h\x03\x01\x00\x00\x1ex" + // 0x01680301: 0x00001E78
+	"\x01i\x03\x01\x00\x00\x1ey" + // 0x01690301: 0x00001E79
+	"\x01j\x03\b\x00\x00\x1ez" + // 0x016A0308: 0x00001E7A
+	"\x01k\x03\b\x00\x00\x1e{" + // 0x016B0308: 0x00001E7B
+	"\x00V\x03\x03\x00\x00\x1e|" + // 0x00560303: 0x00001E7C
+	"\x00v\x03\x03\x00\x00\x1e}" + // 0x00760303: 0x00001E7D
+	"\x00V\x03#\x00\x00\x1e~" + // 0x00560323: 0x00001E7E
+	"\x00v\x03#\x00\x00\x1e\u007f" + // 0x00760323: 0x00001E7F
+	"\x00W\x03\x00\x00\x00\x1e\x80" + // 0x00570300: 0x00001E80
+	"\x00w\x03\x00\x00\x00\x1e\x81" + // 0x00770300: 0x00001E81
+	"\x00W\x03\x01\x00\x00\x1e\x82" + // 0x00570301: 0x00001E82
+	"\x00w\x03\x01\x00\x00\x1e\x83" + // 0x00770301: 0x00001E83
+	"\x00W\x03\b\x00\x00\x1e\x84" + // 0x00570308: 0x00001E84
+	"\x00w\x03\b\x00\x00\x1e\x85" + // 0x00770308: 0x00001E85
+	"\x00W\x03\a\x00\x00\x1e\x86" + // 0x00570307: 0x00001E86
+	"\x00w\x03\a\x00\x00\x1e\x87" + // 0x00770307: 0x00001E87
+	"\x00W\x03#\x00\x00\x1e\x88" + // 0x00570323: 0x00001E88
+	"\x00w\x03#\x00\x00\x1e\x89" + // 0x00770323: 0x00001E89
+	"\x00X\x03\a\x00\x00\x1e\x8a" + // 0x00580307: 0x00001E8A
+	"\x00x\x03\a\x00\x00\x1e\x8b" + // 0x00780307: 0x00001E8B
+	"\x00X\x03\b\x00\x00\x1e\x8c" + // 0x00580308: 0x00001E8C
+	"\x00x\x03\b\x00\x00\x1e\x8d" + // 0x00780308: 0x00001E8D
+	"\x00Y\x03\a\x00\x00\x1e\x8e" + // 0x00590307: 0x00001E8E
+	"\x00y\x03\a\x00\x00\x1e\x8f" + // 0x00790307: 0x00001E8F
+	"\x00Z\x03\x02\x00\x00\x1e\x90" + // 0x005A0302: 0x00001E90
+	"\x00z\x03\x02\x00\x00\x1e\x91" + // 0x007A0302: 0x00001E91
+	"\x00Z\x03#\x00\x00\x1e\x92" + // 0x005A0323: 0x00001E92
+	"\x00z\x03#\x00\x00\x1e\x93" + // 0x007A0323: 0x00001E93
+	"\x00Z\x031\x00\x00\x1e\x94" + // 0x005A0331: 0x00001E94
+	"\x00z\x031\x00\x00\x1e\x95" + // 0x007A0331: 0x00001E95
+	"\x00h\x031\x00\x00\x1e\x96" + // 0x00680331: 0x00001E96
+	"\x00t\x03\b\x00\x00\x1e\x97" + // 0x00740308: 0x00001E97
+	"\x00w\x03\n\x00\x00\x1e\x98" + // 0x0077030A: 0x00001E98
+	"\x00y\x03\n\x00\x00\x1e\x99" + // 0x0079030A: 0x00001E99
+	"\x01\u007f\x03\a\x00\x00\x1e\x9b" + // 0x017F0307: 0x00001E9B
+	"\x00A\x03#\x00\x00\x1e\xa0" + // 0x00410323: 0x00001EA0
+	"\x00a\x03#\x00\x00\x1e\xa1" + // 0x00610323: 0x00001EA1
+	"\x00A\x03\t\x00\x00\x1e\xa2" + // 0x00410309: 0x00001EA2
+	"\x00a\x03\t\x00\x00\x1e\xa3" + // 0x00610309: 0x00001EA3
+	"\x00\xc2\x03\x01\x00\x00\x1e\xa4" + // 0x00C20301: 0x00001EA4
+	"\x00\xe2\x03\x01\x00\x00\x1e\xa5" + // 0x00E20301: 0x00001EA5
+	"\x00\xc2\x03\x00\x00\x00\x1e\xa6" + // 0x00C20300: 0x00001EA6
+	"\x00\xe2\x03\x00\x00\x00\x1e\xa7" + // 0x00E20300: 0x00001EA7
+	"\x00\xc2\x03\t\x00\x00\x1e\xa8" + // 0x00C20309: 0x00001EA8
+	"\x00\xe2\x03\t\x00\x00\x1e\xa9" + // 0x00E20309: 0x00001EA9
+	"\x00\xc2\x03\x03\x00\x00\x1e\xaa" + // 0x00C20303: 0x00001EAA
+	"\x00\xe2\x03\x03\x00\x00\x1e\xab" + // 0x00E20303: 0x00001EAB
+	"\x1e\xa0\x03\x02\x00\x00\x1e\xac" + // 0x1EA00302: 0x00001EAC
+	"\x1e\xa1\x03\x02\x00\x00\x1e\xad" + // 0x1EA10302: 0x00001EAD
+	"\x01\x02\x03\x01\x00\x00\x1e\xae" + // 0x01020301: 0x00001EAE
+	"\x01\x03\x03\x01\x00\x00\x1e\xaf" + // 0x01030301: 0x00001EAF
+	"\x01\x02\x03\x00\x00\x00\x1e\xb0" + // 0x01020300: 0x00001EB0
+	"\x01\x03\x03\x00\x00\x00\x1e\xb1" + // 0x01030300: 0x00001EB1
+	"\x01\x02\x03\t\x00\x00\x1e\xb2" + // 0x01020309: 0x00001EB2
+	"\x01\x03\x03\t\x00\x00\x1e\xb3" + // 0x01030309: 0x00001EB3
+	"\x01\x02\x03\x03\x00\x00\x1e\xb4" + // 0x01020303: 0x00001EB4
+	"\x01\x03\x03\x03\x00\x00\x1e\xb5" + // 0x01030303: 0x00001EB5
+	"\x1e\xa0\x03\x06\x00\x00\x1e\xb6" + // 0x1EA00306: 0x00001EB6
+	"\x1e\xa1\x03\x06\x00\x00\x1e\xb7" + // 0x1EA10306: 0x00001EB7
+	"\x00E\x03#\x00\x00\x1e\xb8" + // 0x00450323: 0x00001EB8
+	"\x00e\x03#\x00\x00\x1e\xb9" + // 0x00650323: 0x00001EB9
+	"\x00E\x03\t\x00\x00\x1e\xba" + // 0x00450309: 0x00001EBA
+	"\x00e\x03\t\x00\x00\x1e\xbb" + // 0x00650309: 0x00001EBB
+	"\x00E\x03\x03\x00\x00\x1e\xbc" + // 0x00450303: 0x00001EBC
+	"\x00e\x03\x03\x00\x00\x1e\xbd" + // 0x00650303: 0x00001EBD
+	"\x00\xca\x03\x01\x00\x00\x1e\xbe" + // 0x00CA0301: 0x00001EBE
+	"\x00\xea\x03\x01\x00\x00\x1e\xbf" + // 0x00EA0301: 0x00001EBF
+	"\x00\xca\x03\x00\x00\x00\x1e\xc0" + // 0x00CA0300: 0x00001EC0
+	"\x00\xea\x03\x00\x00\x00\x1e\xc1" + // 0x00EA0300: 0x00001EC1
+	"\x00\xca\x03\t\x00\x00\x1e\xc2" + // 0x00CA0309: 0x00001EC2
+	"\x00\xea\x03\t\x00\x00\x1e\xc3" + // 0x00EA0309: 0x00001EC3
+	"\x00\xca\x03\x03\x00\x00\x1e\xc4" + // 0x00CA0303: 0x00001EC4
+	"\x00\xea\x03\x03\x00\x00\x1e\xc5" + // 0x00EA0303: 0x00001EC5
+	"\x1e\xb8\x03\x02\x00\x00\x1e\xc6" + // 0x1EB80302: 0x00001EC6
+	"\x1e\xb9\x03\x02\x00\x00\x1e\xc7" + // 0x1EB90302: 0x00001EC7
+	"\x00I\x03\t\x00\x00\x1e\xc8" + // 0x00490309: 0x00001EC8
+	"\x00i\x03\t\x00\x00\x1e\xc9" + // 0x00690309: 0x00001EC9
+	"\x00I\x03#\x00\x00\x1e\xca" + // 0x00490323: 0x00001ECA
+	"\x00i\x03#\x00\x00\x1e\xcb" + // 0x00690323: 0x00001ECB
+	"\x00O\x03#\x00\x00\x1e\xcc" + // 0x004F0323: 0x00001ECC
+	"\x00o\x03#\x00\x00\x1e\xcd" + // 0x006F0323: 0x00001ECD
+	"\x00O\x03\t\x00\x00\x1e\xce" + // 0x004F0309: 0x00001ECE
+	"\x00o\x03\t\x00\x00\x1e\xcf" + // 0x006F0309: 0x00001ECF
+	"\x00\xd4\x03\x01\x00\x00\x1e\xd0" + // 0x00D40301: 0x00001ED0
+	"\x00\xf4\x03\x01\x00\x00\x1e\xd1" + // 0x00F40301: 0x00001ED1
+	"\x00\xd4\x03\x00\x00\x00\x1e\xd2" + // 0x00D40300: 0x00001ED2
+	"\x00\xf4\x03\x00\x00\x00\x1e\xd3" + // 0x00F40300: 0x00001ED3
+	"\x00\xd4\x03\t\x00\x00\x1e\xd4" + // 0x00D40309: 0x00001ED4
+	"\x00\xf4\x03\t\x00\x00\x1e\xd5" + // 0x00F40309: 0x00001ED5
+	"\x00\xd4\x03\x03\x00\x00\x1e\xd6" + // 0x00D40303: 0x00001ED6
+	"\x00\xf4\x03\x03\x00\x00\x1e\xd7" + // 0x00F40303: 0x00001ED7
+	"\x1e\xcc\x03\x02\x00\x00\x1e\xd8" + // 0x1ECC0302: 0x00001ED8
+	"\x1e\xcd\x03\x02\x00\x00\x1e\xd9" + // 0x1ECD0302: 0x00001ED9
+	"\x01\xa0\x03\x01\x00\x00\x1e\xda" + // 0x01A00301: 0x00001EDA
+	"\x01\xa1\x03\x01\x00\x00\x1e\xdb" + // 0x01A10301: 0x00001EDB
+	"\x01\xa0\x03\x00\x00\x00\x1e\xdc" + // 0x01A00300: 0x00001EDC
+	"\x01\xa1\x03\x00\x00\x00\x1e\xdd" + // 0x01A10300: 0x00001EDD
+	"\x01\xa0\x03\t\x00\x00\x1e\xde" + // 0x01A00309: 0x00001EDE
+	"\x01\xa1\x03\t\x00\x00\x1e\xdf" + // 0x01A10309: 0x00001EDF
+	"\x01\xa0\x03\x03\x00\x00\x1e\xe0" + // 0x01A00303: 0x00001EE0
+	"\x01\xa1\x03\x03\x00\x00\x1e\xe1" + // 0x01A10303: 0x00001EE1
+	"\x01\xa0\x03#\x00\x00\x1e\xe2" + // 0x01A00323: 0x00001EE2
+	"\x01\xa1\x03#\x00\x00\x1e\xe3" + // 0x01A10323: 0x00001EE3
+	"\x00U\x03#\x00\x00\x1e\xe4" + // 0x00550323: 0x00001EE4
+	"\x00u\x03#\x00\x00\x1e\xe5" + // 0x00750323: 0x00001EE5
+	"\x00U\x03\t\x00\x00\x1e\xe6" + // 0x00550309: 0x00001EE6
+	"\x00u\x03\t\x00\x00\x1e\xe7" + // 0x00750309: 0x00001EE7
+	"\x01\xaf\x03\x01\x00\x00\x1e\xe8" + // 0x01AF0301: 0x00001EE8
+	"\x01\xb0\x03\x01\x00\x00\x1e\xe9" + // 0x01B00301: 0x00001EE9
+	"\x01\xaf\x03\x00\x00\x00\x1e\xea" + // 0x01AF0300: 0x00001EEA
+	"\x01\xb0\x03\x00\x00\x00\x1e\xeb" + // 0x01B00300: 0x00001EEB
+	"\x01\xaf\x03\t\x00\x00\x1e\xec" + // 0x01AF0309: 0x00001EEC
+	"\x01\xb0\x03\t\x00\x00\x1e\xed" + // 0x01B00309: 0x00001EED
+	"\x01\xaf\x03\x03\x00\x00\x1e\xee" + // 0x01AF0303: 0x00001EEE
+	"\x01\xb0\x03\x03\x00\x00\x1e\xef" + // 0x01B00303: 0x00001EEF
+	"\x01\xaf\x03#\x00\x00\x1e\xf0" + // 0x01AF0323: 0x00001EF0
+	"\x01\xb0\x03#\x00\x00\x1e\xf1" + // 0x01B00323: 0x00001EF1
+	"\x00Y\x03\x00\x00\x00\x1e\xf2" + // 0x00590300: 0x00001EF2
+	"\x00y\x03\x00\x00\x00\x1e\xf3" + // 0x00790300: 0x00001EF3
+	"\x00Y\x03#\x00\x00\x1e\xf4" + // 0x00590323: 0x00001EF4
+	"\x00y\x03#\x00\x00\x1e\xf5" + // 0x00790323: 0x00001EF5
+	"\x00Y\x03\t\x00\x00\x1e\xf6" + // 0x00590309: 0x00001EF6
+	"\x00y\x03\t\x00\x00\x1e\xf7" + // 0x00790309: 0x00001EF7
+	"\x00Y\x03\x03\x00\x00\x1e\xf8" + // 0x00590303: 0x00001EF8
+	"\x00y\x03\x03\x00\x00\x1e\xf9" + // 0x00790303: 0x00001EF9
+	"\x03\xb1\x03\x13\x00\x00\x1f\x00" + // 0x03B10313: 0x00001F00
+	"\x03\xb1\x03\x14\x00\x00\x1f\x01" + // 0x03B10314: 0x00001F01
+	"\x1f\x00\x03\x00\x00\x00\x1f\x02" + // 0x1F000300: 0x00001F02
+	"\x1f\x01\x03\x00\x00\x00\x1f\x03" + // 0x1F010300: 0x00001F03
+	"\x1f\x00\x03\x01\x00\x00\x1f\x04" + // 0x1F000301: 0x00001F04
+	"\x1f\x01\x03\x01\x00\x00\x1f\x05" + // 0x1F010301: 0x00001F05
+	"\x1f\x00\x03B\x00\x00\x1f\x06" + // 0x1F000342: 0x00001F06
+	"\x1f\x01\x03B\x00\x00\x1f\a" + // 0x1F010342: 0x00001F07
+	"\x03\x91\x03\x13\x00\x00\x1f\b" + // 0x03910313: 0x00001F08
+	"\x03\x91\x03\x14\x00\x00\x1f\t" + // 0x03910314: 0x00001F09
+	"\x1f\b\x03\x00\x00\x00\x1f\n" + // 0x1F080300: 0x00001F0A
+	"\x1f\t\x03\x00\x00\x00\x1f\v" + // 0x1F090300: 0x00001F0B
+	"\x1f\b\x03\x01\x00\x00\x1f\f" + // 0x1F080301: 0x00001F0C
+	"\x1f\t\x03\x01\x00\x00\x1f\r" + // 0x1F090301: 0x00001F0D
+	"\x1f\b\x03B\x00\x00\x1f\x0e" + // 0x1F080342: 0x00001F0E
+	"\x1f\t\x03B\x00\x00\x1f\x0f" + // 0x1F090342: 0x00001F0F
+	"\x03\xb5\x03\x13\x00\x00\x1f\x10" + // 0x03B50313: 0x00001F10
+	"\x03\xb5\x03\x14\x00\x00\x1f\x11" + // 0x03B50314: 0x00001F11
+	"\x1f\x10\x03\x00\x00\x00\x1f\x12" + // 0x1F100300: 0x00001F12
+	"\x1f\x11\x03\x00\x00\x00\x1f\x13" + // 0x1F110300: 0x00001F13
+	"\x1f\x10\x03\x01\x00\x00\x1f\x14" + // 0x1F100301: 0x00001F14
+	"\x1f\x11\x03\x01\x00\x00\x1f\x15" + // 0x1F110301: 0x00001F15
+	"\x03\x95\x03\x13\x00\x00\x1f\x18" + // 0x03950313: 0x00001F18
+	"\x03\x95\x03\x14\x00\x00\x1f\x19" + // 0x03950314: 0x00001F19
+	"\x1f\x18\x03\x00\x00\x00\x1f\x1a" + // 0x1F180300: 0x00001F1A
+	"\x1f\x19\x03\x00\x00\x00\x1f\x1b" + // 0x1F190300: 0x00001F1B
+	"\x1f\x18\x03\x01\x00\x00\x1f\x1c" + // 0x1F180301: 0x00001F1C
+	"\x1f\x19\x03\x01\x00\x00\x1f\x1d" + // 0x1F190301: 0x00001F1D
+	"\x03\xb7\x03\x13\x00\x00\x1f " + // 0x03B70313: 0x00001F20
+	"\x03\xb7\x03\x14\x00\x00\x1f!" + // 0x03B70314: 0x00001F21
+	"\x1f \x03\x00\x00\x00\x1f\"" + // 0x1F200300: 0x00001F22
+	"\x1f!\x03\x00\x00\x00\x1f#" + // 0x1F210300: 0x00001F23
+	"\x1f \x03\x01\x00\x00\x1f$" + // 0x1F200301: 0x00001F24
+	"\x1f!\x03\x01\x00\x00\x1f%" + // 0x1F210301: 0x00001F25
+	"\x1f \x03B\x00\x00\x1f&" + // 0x1F200342: 0x00001F26
+	"\x1f!\x03B\x00\x00\x1f'" + // 0x1F210342: 0x00001F27
+	"\x03\x97\x03\x13\x00\x00\x1f(" + // 0x03970313: 0x00001F28
+	"\x03\x97\x03\x14\x00\x00\x1f)" + // 0x03970314: 0x00001F29
+	"\x1f(\x03\x00\x00\x00\x1f*" + // 0x1F280300: 0x00001F2A
+	"\x1f)\x03\x00\x00\x00\x1f+" + // 0x1F290300: 0x00001F2B
+	"\x1f(\x03\x01\x00\x00\x1f," + // 0x1F280301: 0x00001F2C
+	"\x1f)\x03\x01\x00\x00\x1f-" + // 0x1F290301: 0x00001F2D
+	"\x1f(\x03B\x00\x00\x1f." + // 0x1F280342: 0x00001F2E
+	"\x1f)\x03B\x00\x00\x1f/" + // 0x1F290342: 0x00001F2F
+	"\x03\xb9\x03\x13\x00\x00\x1f0" + // 0x03B90313: 0x00001F30
+	"\x03\xb9\x03\x14\x00\x00\x1f1" + // 0x03B90314: 0x00001F31
+	"\x1f0\x03\x00\x00\x00\x1f2" + // 0x1F300300: 0x00001F32
+	"\x1f1\x03\x00\x00\x00\x1f3" + // 0x1F310300: 0x00001F33
+	"\x1f0\x03\x01\x00\x00\x1f4" + // 0x1F300301: 0x00001F34
+	"\x1f1\x03\x01\x00\x00\x1f5" + // 0x1F310301: 0x00001F35
+	"\x1f0\x03B\x00\x00\x1f6" + // 0x1F300342: 0x00001F36
+	"\x1f1\x03B\x00\x00\x1f7" + // 0x1F310342: 0x00001F37
+	"\x03\x99\x03\x13\x00\x00\x1f8" + // 0x03990313: 0x00001F38
+	"\x03\x99\x03\x14\x00\x00\x1f9" + // 0x03990314: 0x00001F39
+	"\x1f8\x03\x00\x00\x00\x1f:" + // 0x1F380300: 0x00001F3A
+	"\x1f9\x03\x00\x00\x00\x1f;" + // 0x1F390300: 0x00001F3B
+	"\x1f8\x03\x01\x00\x00\x1f<" + // 0x1F380301: 0x00001F3C
+	"\x1f9\x03\x01\x00\x00\x1f=" + // 0x1F390301: 0x00001F3D
+	"\x1f8\x03B\x00\x00\x1f>" + // 0x1F380342: 0x00001F3E
+	"\x1f9\x03B\x00\x00\x1f?" + // 0x1F390342: 0x00001F3F
+	"\x03\xbf\x03\x13\x00\x00\x1f@" + // 0x03BF0313: 0x00001F40
+	"\x03\xbf\x03\x14\x00\x00\x1fA" + // 0x03BF0314: 0x00001F41
+	"\x1f@\x03\x00\x00\x00\x1fB" + // 0x1F400300: 0x00001F42
+	"\x1fA\x03\x00\x00\x00\x1fC" + // 0x1F410300: 0x00001F43
+	"\x1f@\x03\x01\x00\x00\x1fD" + // 0x1F400301: 0x00001F44
+	"\x1fA\x03\x01\x00\x00\x1fE" + // 0x1F410301: 0x00001F45
+	"\x03\x9f\x03\x13\x00\x00\x1fH" + // 0x039F0313: 0x00001F48
+	"\x03\x9f\x03\x14\x00\x00\x1fI" + // 0x039F0314: 0x00001F49
+	"\x1fH\x03\x00\x00\x00\x1fJ" + // 0x1F480300: 0x00001F4A
+	"\x1fI\x03\x00\x00\x00\x1fK" + // 0x1F490300: 0x00001F4B
+	"\x1fH\x03\x01\x00\x00\x1fL" + // 0x1F480301: 0x00001F4C
+	"\x1fI\x03\x01\x00\x00\x1fM" + // 0x1F490301: 0x00001F4D
+	"\x03\xc5\x03\x13\x00\x00\x1fP" + // 0x03C50313: 0x00001F50
+	"\x03\xc5\x03\x14\x00\x00\x1fQ" + // 0x03C50314: 0x00001F51
+	"\x1fP\x03\x00\x00\x00\x1fR" + // 0x1F500300: 0x00001F52
+	"\x1fQ\x03\x00\x00\x00\x1fS" + // 0x1F510300: 0x00001F53
+	"\x1fP\x03\x01\x00\x00\x1fT" + // 0x1F500301: 0x00001F54
+	"\x1fQ\x03\x01\x00\x00\x1fU" + // 0x1F510301: 0x00001F55
+	"\x1fP\x03B\x00\x00\x1fV" + // 0x1F500342: 0x00001F56
+	"\x1fQ\x03B\x00\x00\x1fW" + // 0x1F510342: 0x00001F57
+	"\x03\xa5\x03\x14\x00\x00\x1fY" + // 0x03A50314: 0x00001F59
+	"\x1fY\x03\x00\x00\x00\x1f[" + // 0x1F590300: 0x00001F5B
+	"\x1fY\x03\x01\x00\x00\x1f]" + // 0x1F590301: 0x00001F5D
+	"\x1fY\x03B\x00\x00\x1f_" + // 0x1F590342: 0x00001F5F
+	"\x03\xc9\x03\x13\x00\x00\x1f`" + // 0x03C90313: 0x00001F60
+	"\x03\xc9\x03\x14\x00\x00\x1fa" + // 0x03C90314: 0x00001F61
+	"\x1f`\x03\x00\x00\x00\x1fb" + // 0x1F600300: 0x00001F62
+	"\x1fa\x03\x00\x00\x00\x1fc" + // 0x1F610300: 0x00001F63
+	"\x1f`\x03\x01\x00\x00\x1fd" + // 0x1F600301: 0x00001F64
+	"\x1fa\x03\x01\x00\x00\x1fe" + // 0x1F610301: 0x00001F65
+	"\x1f`\x03B\x00\x00\x1ff" + // 0x1F600342: 0x00001F66
+	"\x1fa\x03B\x00\x00\x1fg" + // 0x1F610342: 0x00001F67
+	"\x03\xa9\x03\x13\x00\x00\x1fh" + // 0x03A90313: 0x00001F68
+	"\x03\xa9\x03\x14\x00\x00\x1fi" + // 0x03A90314: 0x00001F69
+	"\x1fh\x03\x00\x00\x00\x1fj" + // 0x1F680300: 0x00001F6A
+	"\x1fi\x03\x00\x00\x00\x1fk" + // 0x1F690300: 0x00001F6B
+	"\x1fh\x03\x01\x00\x00\x1fl" + // 0x1F680301: 0x00001F6C
+	"\x1fi\x03\x01\x00\x00\x1fm" + // 0x1F690301: 0x00001F6D
+	"\x1fh\x03B\x00\x00\x1fn" + // 0x1F680342: 0x00001F6E
+	"\x1fi\x03B\x00\x00\x1fo" + // 0x1F690342: 0x00001F6F
+	"\x03\xb1\x03\x00\x00\x00\x1fp" + // 0x03B10300: 0x00001F70
+	"\x03\xb5\x03\x00\x00\x00\x1fr" + // 0x03B50300: 0x00001F72
+	"\x03\xb7\x03\x00\x00\x00\x1ft" + // 0x03B70300: 0x00001F74
+	"\x03\xb9\x03\x00\x00\x00\x1fv" + // 0x03B90300: 0x00001F76
+	"\x03\xbf\x03\x00\x00\x00\x1fx" + // 0x03BF0300: 0x00001F78
+	"\x03\xc5\x03\x00\x00\x00\x1fz" + // 0x03C50300: 0x00001F7A
+	"\x03\xc9\x03\x00\x00\x00\x1f|" + // 0x03C90300: 0x00001F7C
+	"\x1f\x00\x03E\x00\x00\x1f\x80" + // 0x1F000345: 0x00001F80
+	"\x1f\x01\x03E\x00\x00\x1f\x81" + // 0x1F010345: 0x00001F81
+	"\x1f\x02\x03E\x00\x00\x1f\x82" + // 0x1F020345: 0x00001F82
+	"\x1f\x03\x03E\x00\x00\x1f\x83" + // 0x1F030345: 0x00001F83
+	"\x1f\x04\x03E\x00\x00\x1f\x84" + // 0x1F040345: 0x00001F84
+	"\x1f\x05\x03E\x00\x00\x1f\x85" + // 0x1F050345: 0x00001F85
+	"\x1f\x06\x03E\x00\x00\x1f\x86" + // 0x1F060345: 0x00001F86
+	"\x1f\a\x03E\x00\x00\x1f\x87" + // 0x1F070345: 0x00001F87
+	"\x1f\b\x03E\x00\x00\x1f\x88" + // 0x1F080345: 0x00001F88
+	"\x1f\t\x03E\x00\x00\x1f\x89" + // 0x1F090345: 0x00001F89
+	"\x1f\n\x03E\x00\x00\x1f\x8a" + // 0x1F0A0345: 0x00001F8A
+	"\x1f\v\x03E\x00\x00\x1f\x8b" + // 0x1F0B0345: 0x00001F8B
+	"\x1f\f\x03E\x00\x00\x1f\x8c" + // 0x1F0C0345: 0x00001F8C
+	"\x1f\r\x03E\x00\x00\x1f\x8d" + // 0x1F0D0345: 0x00001F8D
+	"\x1f\x0e\x03E\x00\x00\x1f\x8e" + // 0x1F0E0345: 0x00001F8E
+	"\x1f\x0f\x03E\x00\x00\x1f\x8f" + // 0x1F0F0345: 0x00001F8F
+	"\x1f \x03E\x00\x00\x1f\x90" + // 0x1F200345: 0x00001F90
+	"\x1f!\x03E\x00\x00\x1f\x91" + // 0x1F210345: 0x00001F91
+	"\x1f\"\x03E\x00\x00\x1f\x92" + // 0x1F220345: 0x00001F92
+	"\x1f#\x03E\x00\x00\x1f\x93" + // 0x1F230345: 0x00001F93
+	"\x1f$\x03E\x00\x00\x1f\x94" + // 0x1F240345: 0x00001F94
+	"\x1f%\x03E\x00\x00\x1f\x95" + // 0x1F250345: 0x00001F95
+	"\x1f&\x03E\x00\x00\x1f\x96" + // 0x1F260345: 0x00001F96
+	"\x1f'\x03E\x00\x00\x1f\x97" + // 0x1F270345: 0x00001F97
+	"\x1f(\x03E\x00\x00\x1f\x98" + // 0x1F280345: 0x00001F98
+	"\x1f)\x03E\x00\x00\x1f\x99" + // 0x1F290345: 0x00001F99
+	"\x1f*\x03E\x00\x00\x1f\x9a" + // 0x1F2A0345: 0x00001F9A
+	"\x1f+\x03E\x00\x00\x1f\x9b" + // 0x1F2B0345: 0x00001F9B
+	"\x1f,\x03E\x00\x00\x1f\x9c" + // 0x1F2C0345: 0x00001F9C
+	"\x1f-\x03E\x00\x00\x1f\x9d" + // 0x1F2D0345: 0x00001F9D
+	"\x1f.\x03E\x00\x00\x1f\x9e" + // 0x1F2E0345: 0x00001F9E
+	"\x1f/\x03E\x00\x00\x1f\x9f" + // 0x1F2F0345: 0x00001F9F
+	"\x1f`\x03E\x00\x00\x1f\xa0" + // 0x1F600345: 0x00001FA0
+	"\x1fa\x03E\x00\x00\x1f\xa1" + // 0x1F610345: 0x00001FA1
+	"\x1fb\x03E\x00\x00\x1f\xa2" + // 0x1F620345: 0x00001FA2
+	"\x1fc\x03E\x00\x00\x1f\xa3" + // 0x1F630345: 0x00001FA3
+	"\x1fd\x03E\x00\x00\x1f\xa4" + // 0x1F640345: 0x00001FA4
+	"\x1fe\x03E\x00\x00\x1f\xa5" + // 0x1F650345: 0x00001FA5
+	"\x1ff\x03E\x00\x00\x1f\xa6" + // 0x1F660345: 0x00001FA6
+	"\x1fg\x03E\x00\x00\x1f\xa7" + // 0x1F670345: 0x00001FA7
+	"\x1fh\x03E\x00\x00\x1f\xa8" + // 0x1F680345: 0x00001FA8
+	"\x1fi\x03E\x00\x00\x1f\xa9" + // 0x1F690345: 0x00001FA9
+	"\x1fj\x03E\x00\x00\x1f\xaa" + // 0x1F6A0345: 0x00001FAA
+	"\x1fk\x03E\x00\x00\x1f\xab" + // 0x1F6B0345: 0x00001FAB
+	"\x1fl\x03E\x00\x00\x1f\xac" + // 0x1F6C0345: 0x00001FAC
+	"\x1fm\x03E\x00\x00\x1f\xad" + // 0x1F6D0345: 0x00001FAD
+	"\x1fn\x03E\x00\x00\x1f\xae" + // 0x1F6E0345: 0x00001FAE
+	"\x1fo\x03E\x00\x00\x1f\xaf" + // 0x1F6F0345: 0x00001FAF
+	"\x03\xb1\x03\x06\x00\x00\x1f\xb0" + // 0x03B10306: 0x00001FB0
+	"\x03\xb1\x03\x04\x00\x00\x1f\xb1" + // 0x03B10304: 0x00001FB1
+	"\x1fp\x03E\x00\x00\x1f\xb2" + // 0x1F700345: 0x00001FB2
+	"\x03\xb1\x03E\x00\x00\x1f\xb3" + // 0x03B10345: 0x00001FB3
+	"\x03\xac\x03E\x00\x00\x1f\xb4" + // 0x03AC0345: 0x00001FB4
+	"\x03\xb1\x03B\x00\x00\x1f\xb6" + // 0x03B10342: 0x00001FB6
+	"\x1f\xb6\x03E\x00\x00\x1f\xb7" + // 0x1FB60345: 0x00001FB7
+	"\x03\x91\x03\x06\x00\x00\x1f\xb8" + // 0x03910306: 0x00001FB8
+	"\x03\x91\x03\x04\x00\x00\x1f\xb9" + // 0x03910304: 0x00001FB9
+	"\x03\x91\x03\x00\x00\x00\x1f\xba" + // 0x03910300: 0x00001FBA
+	"\x03\x91\x03E\x00\x00\x1f\xbc" + // 0x03910345: 0x00001FBC
+	"\x00\xa8\x03B\x00\x00\x1f\xc1" + // 0x00A80342: 0x00001FC1
+	"\x1ft\x03E\x00\x00\x1f\xc2" + // 0x1F740345: 0x00001FC2
+	"\x03\xb7\x03E\x00\x00\x1f\xc3" + // 0x03B70345: 0x00001FC3
+	"\x03\xae\x03E\x00\x00\x1f\xc4" + // 0x03AE0345: 0x00001FC4
+	"\x03\xb7\x03B\x00\x00\x1f\xc6" + // 0x03B70342: 0x00001FC6
+	"\x1f\xc6\x03E\x00\x00\x1f\xc7" + // 0x1FC60345: 0x00001FC7
+	"\x03\x95\x03\x00\x00\x00\x1f\xc8" + // 0x03950300: 0x00001FC8
+	"\x03\x97\x03\x00\x00\x00\x1f\xca" + // 0x03970300: 0x00001FCA
+	"\x03\x97\x03E\x00\x00\x1f\xcc" + // 0x03970345: 0x00001FCC
+	"\x1f\xbf\x03\x00\x00\x00\x1f\xcd" + // 0x1FBF0300: 0x00001FCD
+	"\x1f\xbf\x03\x01\x00\x00\x1f\xce" + // 0x1FBF0301: 0x00001FCE
+	"\x1f\xbf\x03B\x00\x00\x1f\xcf" + // 0x1FBF0342: 0x00001FCF
+	"\x03\xb9\x03\x06\x00\x00\x1f\xd0" + // 0x03B90306: 0x00001FD0
+	"\x03\xb9\x03\x04\x00\x00\x1f\xd1" + // 0x03B90304: 0x00001FD1
+	"\x03\xca\x03\x00\x00\x00\x1f\xd2" + // 0x03CA0300: 0x00001FD2
+	"\x03\xb9\x03B\x00\x00\x1f\xd6" + // 0x03B90342: 0x00001FD6
+	"\x03\xca\x03B\x00\x00\x1f\xd7" + // 0x03CA0342: 0x00001FD7
+	"\x03\x99\x03\x06\x00\x00\x1f\xd8" + // 0x03990306: 0x00001FD8
+	"\x03\x99\x03\x04\x00\x00\x1f\xd9" + // 0x03990304: 0x00001FD9
+	"\x03\x99\x03\x00\x00\x00\x1f\xda" + // 0x03990300: 0x00001FDA
+	"\x1f\xfe\x03\x00\x00\x00\x1f\xdd" + // 0x1FFE0300: 0x00001FDD
+	"\x1f\xfe\x03\x01\x00\x00\x1f\xde" + // 0x1FFE0301: 0x00001FDE
+	"\x1f\xfe\x03B\x00\x00\x1f\xdf" + // 0x1FFE0342: 0x00001FDF
+	"\x03\xc5\x03\x06\x00\x00\x1f\xe0" + // 0x03C50306: 0x00001FE0
+	"\x03\xc5\x03\x04\x00\x00\x1f\xe1" + // 0x03C50304: 0x00001FE1
+	"\x03\xcb\x03\x00\x00\x00\x1f\xe2" + // 0x03CB0300: 0x00001FE2
+	"\x03\xc1\x03\x13\x00\x00\x1f\xe4" + // 0x03C10313: 0x00001FE4
+	"\x03\xc1\x03\x14\x00\x00\x1f\xe5" + // 0x03C10314: 0x00001FE5
+	"\x03\xc5\x03B\x00\x00\x1f\xe6" + // 0x03C50342: 0x00001FE6
+	"\x03\xcb\x03B\x00\x00\x1f\xe7" + // 0x03CB0342: 0x00001FE7
+	"\x03\xa5\x03\x06\x00\x00\x1f\xe8" + // 0x03A50306: 0x00001FE8
+	"\x03\xa5\x03\x04\x00\x00\x1f\xe9" + // 0x03A50304: 0x00001FE9
+	"\x03\xa5\x03\x00\x00\x00\x1f\xea" + // 0x03A50300: 0x00001FEA
+	"\x03\xa1\x03\x14\x00\x00\x1f\xec" + // 0x03A10314: 0x00001FEC
+	"\x00\xa8\x03\x00\x00\x00\x1f\xed" + // 0x00A80300: 0x00001FED
+	"\x1f|\x03E\x00\x00\x1f\xf2" + // 0x1F7C0345: 0x00001FF2
+	"\x03\xc9\x03E\x00\x00\x1f\xf3" + // 0x03C90345: 0x00001FF3
+	"\x03\xce\x03E\x00\x00\x1f\xf4" + // 0x03CE0345: 0x00001FF4
+	"\x03\xc9\x03B\x00\x00\x1f\xf6" + // 0x03C90342: 0x00001FF6
+	"\x1f\xf6\x03E\x00\x00\x1f\xf7" + // 0x1FF60345: 0x00001FF7
+	"\x03\x9f\x03\x00\x00\x00\x1f\xf8" + // 0x039F0300: 0x00001FF8
+	"\x03\xa9\x03\x00\x00\x00\x1f\xfa" + // 0x03A90300: 0x00001FFA
+	"\x03\xa9\x03E\x00\x00\x1f\xfc" + // 0x03A90345: 0x00001FFC
+	"!\x90\x038\x00\x00!\x9a" + // 0x21900338: 0x0000219A
+	"!\x92\x038\x00\x00!\x9b" + // 0x21920338: 0x0000219B
+	"!\x94\x038\x00\x00!\xae" + // 0x21940338: 0x000021AE
+	"!\xd0\x038\x00\x00!\xcd" + // 0x21D00338: 0x000021CD
+	"!\xd4\x038\x00\x00!\xce" + // 0x21D40338: 0x000021CE
+	"!\xd2\x038\x00\x00!\xcf" + // 0x21D20338: 0x000021CF
+	"\"\x03\x038\x00\x00\"\x04" + // 0x22030338: 0x00002204
+	"\"\b\x038\x00\x00\"\t" + // 0x22080338: 0x00002209
+	"\"\v\x038\x00\x00\"\f" + // 0x220B0338: 0x0000220C
+	"\"#\x038\x00\x00\"$" + // 0x22230338: 0x00002224
+	"\"%\x038\x00\x00\"&" + // 0x22250338: 0x00002226
+	"\"<\x038\x00\x00\"A" + // 0x223C0338: 0x00002241
+	"\"C\x038\x00\x00\"D" + // 0x22430338: 0x00002244
+	"\"E\x038\x00\x00\"G" + // 0x22450338: 0x00002247
+	"\"H\x038\x00\x00\"I" + // 0x22480338: 0x00002249
+	"\x00=\x038\x00\x00\"`" + // 0x003D0338: 0x00002260
+	"\"a\x038\x00\x00\"b" + // 0x22610338: 0x00002262
+	"\"M\x038\x00\x00\"m" + // 0x224D0338: 0x0000226D
+	"\x00<\x038\x00\x00\"n" + // 0x003C0338: 0x0000226E
+	"\x00>\x038\x00\x00\"o" + // 0x003E0338: 0x0000226F
+	"\"d\x038\x00\x00\"p" + // 0x22640338: 0x00002270
+	"\"e\x038\x00\x00\"q" + // 0x22650338: 0x00002271
+	"\"r\x038\x00\x00\"t" + // 0x22720338: 0x00002274
+	"\"s\x038\x00\x00\"u" + // 0x22730338: 0x00002275
+	"\"v\x038\x00\x00\"x" + // 0x22760338: 0x00002278
+	"\"w\x038\x00\x00\"y" + // 0x22770338: 0x00002279
+	"\"z\x038\x00\x00\"\x80" + // 0x227A0338: 0x00002280
+	"\"{\x038\x00\x00\"\x81" + // 0x227B0338: 0x00002281
+	"\"\x82\x038\x00\x00\"\x84" + // 0x22820338: 0x00002284
+	"\"\x83\x038\x00\x00\"\x85" + // 0x22830338: 0x00002285
+	"\"\x86\x038\x00\x00\"\x88" + // 0x22860338: 0x00002288
+	"\"\x87\x038\x00\x00\"\x89" + // 0x22870338: 0x00002289
+	"\"\xa2\x038\x00\x00\"\xac" + // 0x22A20338: 0x000022AC
+	"\"\xa8\x038\x00\x00\"\xad" + // 0x22A80338: 0x000022AD
+	"\"\xa9\x038\x00\x00\"\xae" + // 0x22A90338: 0x000022AE
+	"\"\xab\x038\x00\x00\"\xaf" + // 0x22AB0338: 0x000022AF
+	"\"|\x038\x00\x00\"\xe0" + // 0x227C0338: 0x000022E0
+	"\"}\x038\x00\x00\"\xe1" + // 0x227D0338: 0x000022E1
+	"\"\x91\x038\x00\x00\"\xe2" + // 0x22910338: 0x000022E2
+	"\"\x92\x038\x00\x00\"\xe3" + // 0x22920338: 0x000022E3
+	"\"\xb2\x038\x00\x00\"\xea" + // 0x22B20338: 0x000022EA
+	"\"\xb3\x038\x00\x00\"\xeb" + // 0x22B30338: 0x000022EB
+	"\"\xb4\x038\x00\x00\"\xec" + // 0x22B40338: 0x000022EC
+	"\"\xb5\x038\x00\x00\"\xed" + // 0x22B50338: 0x000022ED
+	"0K0\x99\x00\x000L" + // 0x304B3099: 0x0000304C
+	"0M0\x99\x00\x000N" + // 0x304D3099: 0x0000304E
+	"0O0\x99\x00\x000P" + // 0x304F3099: 0x00003050
+	"0Q0\x99\x00\x000R" + // 0x30513099: 0x00003052
+	"0S0\x99\x00\x000T" + // 0x30533099: 0x00003054
+	"0U0\x99\x00\x000V" + // 0x30553099: 0x00003056
+	"0W0\x99\x00\x000X" + // 0x30573099: 0x00003058
+	"0Y0\x99\x00\x000Z" + // 0x30593099: 0x0000305A
+	"0[0\x99\x00\x000\\" + // 0x305B3099: 0x0000305C
+	"0]0\x99\x00\x000^" + // 0x305D3099: 0x0000305E
+	"0_0\x99\x00\x000`" + // 0x305F3099: 0x00003060
+	"0a0\x99\x00\x000b" + // 0x30613099: 0x00003062
+	"0d0\x99\x00\x000e" + // 0x30643099: 0x00003065
+	"0f0\x99\x00\x000g" + // 0x30663099: 0x00003067
+	"0h0\x99\x00\x000i" + // 0x30683099: 0x00003069
+	"0o0\x99\x00\x000p" + // 0x306F3099: 0x00003070
+	"0o0\x9a\x00\x000q" + // 0x306F309A: 0x00003071
+	"0r0\x99\x00\x000s" + // 0x30723099: 0x00003073
+	"0r0\x9a\x00\x000t" + // 0x3072309A: 0x00003074
+	"0u0\x99\x00\x000v" + // 0x30753099: 0x00003076
+	"0u0\x9a\x00\x000w" + // 0x3075309A: 0x00003077
+	"0x0\x99\x00\x000y" + // 0x30783099: 0x00003079
+	"0x0\x9a\x00\x000z" + // 0x3078309A: 0x0000307A
+	"0{0\x99\x00\x000|" + // 0x307B3099: 0x0000307C
+	"0{0\x9a\x00\x000}" + // 0x307B309A: 0x0000307D
+	"0F0\x99\x00\x000\x94" + // 0x30463099: 0x00003094
+	"0\x9d0\x99\x00\x000\x9e" + // 0x309D3099: 0x0000309E
+	"0\xab0\x99\x00\x000\xac" + // 0x30AB3099: 0x000030AC
+	"0\xad0\x99\x00\x000\xae" + // 0x30AD3099: 0x000030AE
+	"0\xaf0\x99\x00\x000\xb0" + // 0x30AF3099: 0x000030B0
+	"0\xb10\x99\x00\x000\xb2" + // 0x30B13099: 0x000030B2
+	"0\xb30\x99\x00\x000\xb4" + // 0x30B33099: 0x000030B4
+	"0\xb50\x99\x00\x000\xb6" + // 0x30B53099: 0x000030B6
+	"0\xb70\x99\x00\x000\xb8" + // 0x30B73099: 0x000030B8
+	"0\xb90\x99\x00\x000\xba" + // 0x30B93099: 0x000030BA
+	"0\xbb0\x99\x00\x000\xbc" + // 0x30BB3099: 0x000030BC
+	"0\xbd0\x99\x00\x000\xbe" + // 0x30BD3099: 0x000030BE
+	"0\xbf0\x99\x00\x000\xc0" + // 0x30BF3099: 0x000030C0
+	"0\xc10\x99\x00\x000\xc2" + // 0x30C13099: 0x000030C2
+	"0\xc40\x99\x00\x000\xc5" + // 0x30C43099: 0x000030C5
+	"0\xc60\x99\x00\x000\xc7" + // 0x30C63099: 0x000030C7
+	"0\xc80\x99\x00\x000\xc9" + // 0x30C83099: 0x000030C9
+	"0\xcf0\x99\x00\x000\xd0" + // 0x30CF3099: 0x000030D0
+	"0\xcf0\x9a\x00\x000\xd1" + // 0x30CF309A: 0x000030D1
+	"0\xd20\x99\x00\x000\xd3" + // 0x30D23099: 0x000030D3
+	"0\xd20\x9a\x00\x000\xd4" + // 0x30D2309A: 0x000030D4
+	"0\xd50\x99\x00\x000\xd6" + // 0x30D53099: 0x000030D6
+	"0\xd50\x9a\x00\x000\xd7" + // 0x30D5309A: 0x000030D7
+	"0\xd80\x99\x00\x000\xd9" + // 0x30D83099: 0x000030D9
+	"0\xd80\x9a\x00\x000\xda" + // 0x30D8309A: 0x000030DA
+	"0\xdb0\x99\x00\x000\xdc" + // 0x30DB3099: 0x000030DC
+	"0\xdb0\x9a\x00\x000\xdd" + // 0x30DB309A: 0x000030DD
+	"0\xa60\x99\x00\x000\xf4" + // 0x30A63099: 0x000030F4
+	"0\xef0\x99\x00\x000\xf7" + // 0x30EF3099: 0x000030F7
+	"0\xf00\x99\x00\x000\xf8" + // 0x30F03099: 0x000030F8
+	"0\xf10\x99\x00\x000\xf9" + // 0x30F13099: 0x000030F9
+	"0\xf20\x99\x00\x000\xfa" + // 0x30F23099: 0x000030FA
+	"0\xfd0\x99\x00\x000\xfe" + // 0x30FD3099: 0x000030FE
+	"\x10\x99\x10\xba\x00\x01\x10\x9a" + // 0x109910BA: 0x0001109A
+	"\x10\x9b\x10\xba\x00\x01\x10\x9c" + // 0x109B10BA: 0x0001109C
+	"\x10\xa5\x10\xba\x00\x01\x10\xab" + // 0x10A510BA: 0x000110AB
+	"\x111\x11'\x00\x01\x11." + // 0x11311127: 0x0001112E
+	"\x112\x11'\x00\x01\x11/" + // 0x11321127: 0x0001112F
+	"\x13G\x13>\x00\x01\x13K" + // 0x1347133E: 0x0001134B
+	"\x13G\x13W\x00\x01\x13L" + // 0x13471357: 0x0001134C
+	"\x14\xb9\x14\xba\x00\x01\x14\xbb" + // 0x14B914BA: 0x000114BB
+	"\x14\xb9\x14\xb0\x00\x01\x14\xbc" + // 0x14B914B0: 0x000114BC
+	"\x14\xb9\x14\xbd\x00\x01\x14\xbe" + // 0x14B914BD: 0x000114BE
+	"\x15\xb8\x15\xaf\x00\x01\x15\xba" + // 0x15B815AF: 0x000115BA
+	"\x15\xb9\x15\xaf\x00\x01\x15\xbb" + // 0x15B915AF: 0x000115BB
+	""
+	// Total size of tables: 53KB (54006 bytes)
diff --git a/vendor/golang.org/x/text/unicode/norm/transform.go b/vendor/golang.org/x/text/unicode/norm/transform.go
index 9f47efbaf65fe..a1d366ae48720 100644
--- a/vendor/golang.org/x/text/unicode/norm/transform.go
+++ b/vendor/golang.org/x/text/unicode/norm/transform.go
@@ -18,7 +18,6 @@ func (Form) Reset() {}
 // Users should either catch ErrShortDst and allow dst to grow or have dst be at
 // least of size MaxTransformChunkSize to be guaranteed of progress.
 func (f Form) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
-	n := 0
 	// Cap the maximum number of src bytes to check.
 	b := src
 	eof := atEOF
@@ -27,13 +26,14 @@ func (f Form) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error)
 		eof = false
 		b = b[:ns]
 	}
-	i, ok := formTable[f].quickSpan(inputBytes(b), n, len(b), eof)
-	n += copy(dst[n:], b[n:i])
+	i, ok := formTable[f].quickSpan(inputBytes(b), 0, len(b), eof)
+	n := copy(dst, b[:i])
 	if !ok {
 		nDst, nSrc, err = f.transform(dst[n:], src[n:], atEOF)
 		return nDst + n, nSrc + n, err
 	}
-	if n < len(src) && !atEOF {
+
+	if err == nil && n < len(src) && !atEOF {
 		err = transform.ErrShortSrc
 	}
 	return n, n, err
@@ -79,7 +79,7 @@ func (f Form) transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error)
 		nSrc += n
 		nDst += n
 		if ok {
-			if n < rb.nsrc && !atEOF {
+			if err == nil && n < rb.nsrc && !atEOF {
 				err = transform.ErrShortSrc
 			}
 			return nDst, nSrc, err
diff --git a/vendor/golang.org/x/time/go.mod b/vendor/golang.org/x/time/go.mod
new file mode 100644
index 0000000000000..46ac9176a927b
--- /dev/null
+++ b/vendor/golang.org/x/time/go.mod
@@ -0,0 +1 @@
+module golang.org/x/time
diff --git a/vendor/golang.org/x/time/rate/rate.go b/vendor/golang.org/x/time/rate/rate.go
index 7228d97e96370..a98fe77827afb 100644
--- a/vendor/golang.org/x/time/rate/rate.go
+++ b/vendor/golang.org/x/time/rate/rate.go
@@ -6,6 +6,7 @@
 package rate
 
 import (
+	"context"
 	"fmt"
 	"math"
 	"sync"
@@ -52,10 +53,9 @@ func Every(interval time.Duration) Limit {
 //
 // The methods AllowN, ReserveN, and WaitN consume n tokens.
 type Limiter struct {
-	limit Limit
-	burst int
-
 	mu     sync.Mutex
+	limit  Limit
+	burst  int
 	tokens float64
 	// last is the last time the limiter's tokens field was updated
 	last time.Time
@@ -75,6 +75,8 @@ func (lim *Limiter) Limit() Limit {
 // Burst values allow more events to happen at once.
 // A zero Burst allows no events, unless limit == Inf.
 func (lim *Limiter) Burst() int {
+	lim.mu.Lock()
+	defer lim.mu.Unlock()
 	return lim.burst
 }
 
@@ -195,7 +197,7 @@ func (lim *Limiter) Reserve() *Reservation {
 
 // ReserveN returns a Reservation that indicates how long the caller must wait before n events happen.
 // The Limiter takes this Reservation into account when allowing future events.
-// ReserveN returns false if n exceeds the Limiter's burst size.
+// The returned Reservation’s OK() method returns false if n exceeds the Limiter's burst size.
 // Usage example:
 //   r := lim.ReserveN(time.Now(), 1)
 //   if !r.OK() {
@@ -212,19 +214,8 @@ func (lim *Limiter) ReserveN(now time.Time, n int) *Reservation {
 	return &r
 }
 
-// contextContext is a temporary(?) copy of the context.Context type
-// to support both Go 1.6 using golang.org/x/net/context and Go 1.7+
-// with the built-in context package. If people ever stop using Go 1.6
-// we can remove this.
-type contextContext interface {
-	Deadline() (deadline time.Time, ok bool)
-	Done() <-chan struct{}
-	Err() error
-	Value(key interface{}) interface{}
-}
-
 // Wait is shorthand for WaitN(ctx, 1).
-func (lim *Limiter) wait(ctx contextContext) (err error) {
+func (lim *Limiter) Wait(ctx context.Context) (err error) {
 	return lim.WaitN(ctx, 1)
 }
 
@@ -232,9 +223,14 @@ func (lim *Limiter) wait(ctx contextContext) (err error) {
 // It returns an error if n exceeds the Limiter's burst size, the Context is
 // canceled, or the expected wait time exceeds the Context's Deadline.
 // The burst limit is ignored if the rate limit is Inf.
-func (lim *Limiter) waitN(ctx contextContext, n int) (err error) {
-	if n > lim.burst && lim.limit != Inf {
-		return fmt.Errorf("rate: Wait(n=%d) exceeds limiter's burst %d", n, lim.burst)
+func (lim *Limiter) WaitN(ctx context.Context, n int) (err error) {
+	lim.mu.Lock()
+	burst := lim.burst
+	limit := lim.limit
+	lim.mu.Unlock()
+
+	if n > burst && limit != Inf {
+		return fmt.Errorf("rate: Wait(n=%d) exceeds limiter's burst %d", n, burst)
 	}
 	// Check if ctx is already cancelled
 	select {
@@ -291,6 +287,23 @@ func (lim *Limiter) SetLimitAt(now time.Time, newLimit Limit) {
 	lim.limit = newLimit
 }
 
+// SetBurst is shorthand for SetBurstAt(time.Now(), newBurst).
+func (lim *Limiter) SetBurst(newBurst int) {
+	lim.SetBurstAt(time.Now(), newBurst)
+}
+
+// SetBurstAt sets a new burst size for the limiter.
+func (lim *Limiter) SetBurstAt(now time.Time, newBurst int) {
+	lim.mu.Lock()
+	defer lim.mu.Unlock()
+
+	now, _, tokens := lim.advance(now)
+
+	lim.last = now
+	lim.tokens = tokens
+	lim.burst = newBurst
+}
+
 // reserveN is a helper method for AllowN, ReserveN, and WaitN.
 // maxFutureReserve specifies the maximum reservation wait duration allowed.
 // reserveN returns Reservation, not *Reservation, to avoid allocation in AllowN and WaitN.
@@ -347,6 +360,7 @@ func (lim *Limiter) reserveN(now time.Time, n int, maxFutureReserve time.Duratio
 
 // advance calculates and returns an updated state for lim resulting from the passage of time.
 // lim is not changed.
+// advance requires that lim.mu is held.
 func (lim *Limiter) advance(now time.Time) (newNow time.Time, newLast time.Time, newTokens float64) {
 	last := lim.last
 	if now.Before(last) {
@@ -380,5 +394,9 @@ func (limit Limit) durationFromTokens(tokens float64) time.Duration {
 // tokensFromDuration is a unit conversion function from a time duration to the number of tokens
 // which could be accumulated during that duration at a rate of limit tokens per second.
 func (limit Limit) tokensFromDuration(d time.Duration) float64 {
-	return d.Seconds() * float64(limit)
+	// Split the integer and fractional parts ourself to minimize rounding errors.
+	// See golang.org/issues/34861.
+	sec := float64(d/time.Second) * float64(limit)
+	nsec := float64(d%time.Second) * float64(limit)
+	return sec + nsec/1e9
 }
diff --git a/vendor/golang.org/x/time/rate/rate_go16.go b/vendor/golang.org/x/time/rate/rate_go16.go
deleted file mode 100644
index 6bab1850f881e..0000000000000
--- a/vendor/golang.org/x/time/rate/rate_go16.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.7
-
-package rate
-
-import "golang.org/x/net/context"
-
-// Wait is shorthand for WaitN(ctx, 1).
-func (lim *Limiter) Wait(ctx context.Context) (err error) {
-	return lim.waitN(ctx, 1)
-}
-
-// WaitN blocks until lim permits n events to happen.
-// It returns an error if n exceeds the Limiter's burst size, the Context is
-// canceled, or the expected wait time exceeds the Context's Deadline.
-func (lim *Limiter) WaitN(ctx context.Context, n int) (err error) {
-	return lim.waitN(ctx, n)
-}
diff --git a/vendor/golang.org/x/time/rate/rate_go17.go b/vendor/golang.org/x/time/rate/rate_go17.go
deleted file mode 100644
index f90d85f51e706..0000000000000
--- a/vendor/golang.org/x/time/rate/rate_go17.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.7
-
-package rate
-
-import "context"
-
-// Wait is shorthand for WaitN(ctx, 1).
-func (lim *Limiter) Wait(ctx context.Context) (err error) {
-	return lim.waitN(ctx, 1)
-}
-
-// WaitN blocks until lim permits n events to happen.
-// It returns an error if n exceeds the Limiter's burst size, the Context is
-// canceled, or the expected wait time exceeds the Context's Deadline.
-func (lim *Limiter) WaitN(ctx context.Context, n int) (err error) {
-	return lim.waitN(ctx, n)
-}
diff --git a/vendor/google.golang.org/api/README.md b/vendor/google.golang.org/api/README.md
index 9df50a7ab0a43..cd938c19fd91d 100644
--- a/vendor/google.golang.org/api/README.md
+++ b/vendor/google.golang.org/api/README.md
@@ -29,9 +29,9 @@ func main() {
 * For a longer tutorial, see the [Getting Started guide](https://github.com/google/google-api-go-client/blob/master/GettingStarted.md).
 * For examples, see the [examples directory](https://github.com/google/google-api-go-client/tree/master/examples).
 * For support, use the [golang-nuts](https://groups.google.com/group/golang-nuts) mailing list.
+* The code review instance may be found [here](https://code-review.googlesource.com).
 
 ## Status
-[![Build Status](https://travis-ci.org/google/google-api-go-client.png)](https://travis-ci.org/google/google-api-go-client)
 [![GoDoc](https://godoc.org/google.golang.org/api?status.svg)](https://godoc.org/google.golang.org/api)
 
 These are auto-generated Go libraries from the Google Discovery Service's JSON description files of the available "new style" Google APIs.
@@ -43,7 +43,7 @@ These client libraries are officially supported by Google.  However, the librari
 
 If you're working with Google Cloud Platform APIs such as Datastore or Pub/Sub,
 consider using the
-[Cloud Client Libraries for Go](https://github.com/GoogleCloudPlatform/google-cloud-go)
+[Cloud Client Libraries for Go](https://github.com/googleapis/google-cloud-go)
 instead. These are the new and
 idiomatic Go libraries targeted specifically at Google Cloud Platform Services.
 
@@ -71,7 +71,7 @@ Some credentials types require you to specify scopes, and service entry points m
 
 ```go
 import (
-        "golang.org/x/net/context"
+        "context"
         "golang.org/x/oauth2/google"
         "google.golang.org/api/compute/v1"
 )
diff --git a/vendor/google.golang.org/api/go.mod b/vendor/google.golang.org/api/go.mod
new file mode 100644
index 0000000000000..63abbca79db7d
--- /dev/null
+++ b/vendor/google.golang.org/api/go.mod
@@ -0,0 +1,23 @@
+module google.golang.org/api
+
+go 1.9
+
+require (
+	cloud.google.com/go v0.38.0 // indirect
+	github.com/golang/protobuf v1.3.1 // indirect
+	github.com/google/go-cmp v0.3.0
+	github.com/googleapis/gax-go/v2 v2.0.5
+	github.com/hashicorp/golang-lru v0.5.1 // indirect
+	go.opencensus.io v0.21.0
+	golang.org/x/lint v0.0.0-20190409202823-959b441ac422
+	golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c // indirect
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+	golang.org/x/sync v0.0.0-20190423024810-112230192c58
+	golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b
+	golang.org/x/text v0.3.2 // indirect
+	golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c
+	google.golang.org/appengine v1.5.0
+	google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873
+	google.golang.org/grpc v1.20.1
+	honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a
+)
diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go
index c16b7b629be34..69b8659fddbd1 100644
--- a/vendor/google.golang.org/api/internal/creds.go
+++ b/vendor/google.golang.org/api/internal/creds.go
@@ -1,4 +1,4 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2017 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,28 +15,88 @@
 package internal
 
 import (
+	"context"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 
-	"golang.org/x/net/context"
+	"golang.org/x/oauth2"
+
 	"golang.org/x/oauth2/google"
 )
 
 // Creds returns credential information obtained from DialSettings, or if none, then
 // it returns default credential information.
-func Creds(ctx context.Context, ds *DialSettings) (*google.DefaultCredentials, error) {
+func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) {
 	if ds.Credentials != nil {
 		return ds.Credentials, nil
 	}
+	if ds.CredentialsJSON != nil {
+		return credentialsFromJSON(ctx, ds.CredentialsJSON, ds.Endpoint, ds.Scopes, ds.Audiences)
+	}
 	if ds.CredentialsFile != "" {
 		data, err := ioutil.ReadFile(ds.CredentialsFile)
 		if err != nil {
 			return nil, fmt.Errorf("cannot read credentials file: %v", err)
 		}
-		return google.CredentialsFromJSON(ctx, data, ds.Scopes...)
+		return credentialsFromJSON(ctx, data, ds.Endpoint, ds.Scopes, ds.Audiences)
 	}
 	if ds.TokenSource != nil {
-		return &google.DefaultCredentials{TokenSource: ds.TokenSource}, nil
+		return &google.Credentials{TokenSource: ds.TokenSource}, nil
+	}
+	cred, err := google.FindDefaultCredentials(ctx, ds.Scopes...)
+	if err != nil {
+		return nil, err
+	}
+	if len(cred.JSON) > 0 {
+		return credentialsFromJSON(ctx, cred.JSON, ds.Endpoint, ds.Scopes, ds.Audiences)
+	}
+	// For GAE and GCE, the JSON is empty so return the default credentials directly.
+	return cred, nil
+}
+
+// JSON key file type.
+const (
+	serviceAccountKey = "service_account"
+)
+
+// credentialsFromJSON returns a google.Credentials based on the input.
+//
+// - If the JSON is a service account and no scopes provided, returns self-signed JWT auth flow
+// - Otherwise, returns OAuth 2.0 flow.
+func credentialsFromJSON(ctx context.Context, data []byte, endpoint string, scopes []string, audiences []string) (*google.Credentials, error) {
+	cred, err := google.CredentialsFromJSON(ctx, data, scopes...)
+	if err != nil {
+		return nil, err
+	}
+	if len(data) > 0 && len(scopes) == 0 {
+		var f struct {
+			Type string `json:"type"`
+			// The rest JSON fields are omitted because they are not used.
+		}
+		if err := json.Unmarshal(cred.JSON, &f); err != nil {
+			return nil, err
+		}
+		if f.Type == serviceAccountKey {
+			ts, err := selfSignedJWTTokenSource(data, endpoint, audiences)
+			if err != nil {
+				return nil, err
+			}
+			cred.TokenSource = ts
+		}
+	}
+	return cred, err
+}
+
+func selfSignedJWTTokenSource(data []byte, endpoint string, audiences []string) (oauth2.TokenSource, error) {
+	// Use the API endpoint as the default audience
+	audience := endpoint
+	if len(audiences) > 0 {
+		// TODO(shinfan): Update golang oauth to support multiple audiences.
+		if len(audiences) > 1 {
+			return nil, fmt.Errorf("multiple audiences support is not implemented")
+		}
+		audience = audiences[0]
 	}
-	return google.FindDefaultCredentials(ctx, ds.Scopes...)
+	return google.JWTAccessTokenSourceFromJSON(data, audience)
 }
diff --git a/vendor/google.golang.org/api/internal/pool.go b/vendor/google.golang.org/api/internal/pool.go
index 4150feb6bb095..a4426dcb700fd 100644
--- a/vendor/google.golang.org/api/internal/pool.go
+++ b/vendor/google.golang.org/api/internal/pool.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@ package internal
 
 import (
 	"errors"
+
 	"google.golang.org/grpc/naming"
 )
 
@@ -37,7 +38,7 @@ func NewPoolResolver(size int, o *DialSettings) *PoolResolver {
 // provided to NewPoolResolver.
 func (r *PoolResolver) Resolve(target string) (naming.Watcher, error) {
 	if r.dialOpt.Endpoint == "" {
-		return nil, errors.New("No endpoint configured")
+		return nil, errors.New("no endpoint configured")
 	}
 	addrs := make([]*naming.Update, 0, r.poolSize)
 	for i := 0; i < r.poolSize; i++ {
@@ -54,6 +55,7 @@ func (r *PoolResolver) Next() ([]*naming.Update, error) {
 	return <-r.ch, nil
 }
 
+// Close releases resources associated with the pool and causes Next to unblock.
 func (r *PoolResolver) Close() {
 	close(r.ch)
 }
diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go
index 34dfa5a8219f4..062301c65fd5c 100644
--- a/vendor/google.golang.org/api/internal/settings.go
+++ b/vendor/google.golang.org/api/internal/settings.go
@@ -1,4 +1,4 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2017 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -30,14 +30,21 @@ type DialSettings struct {
 	Endpoint        string
 	Scopes          []string
 	TokenSource     oauth2.TokenSource
-	Credentials     *google.DefaultCredentials
+	Credentials     *google.Credentials
 	CredentialsFile string // if set, Token Source is ignored.
+	CredentialsJSON []byte
 	UserAgent       string
 	APIKey          string
+	Audiences       []string
 	HTTPClient      *http.Client
 	GRPCDialOpts    []grpc.DialOption
 	GRPCConn        *grpc.ClientConn
 	NoAuth          bool
+
+	// Google API system parameters. For more information please read:
+	// https://cloud.google.com/apis/docs/system-parameters
+	QuotaProject  string
+	RequestReason string
 }
 
 // Validate reports an error if ds is invalid.
@@ -49,7 +56,27 @@ func (ds *DialSettings) Validate() error {
 	// Credentials should not appear with other options.
 	// We currently allow TokenSource and CredentialsFile to coexist.
 	// TODO(jba): make TokenSource & CredentialsFile an error (breaking change).
-	if ds.Credentials != nil && (ds.APIKey != "" || ds.TokenSource != nil || ds.CredentialsFile != "") {
+	nCreds := 0
+	if ds.Credentials != nil {
+		nCreds++
+	}
+	if ds.CredentialsJSON != nil {
+		nCreds++
+	}
+	if ds.CredentialsFile != "" {
+		nCreds++
+	}
+	if ds.APIKey != "" {
+		nCreds++
+	}
+	if ds.TokenSource != nil {
+		nCreds++
+	}
+	if len(ds.Scopes) > 0 && len(ds.Audiences) > 0 {
+		return errors.New("WithScopes is incompatible with WithAudience")
+	}
+	// Accept only one form of credentials, except we allow TokenSource and CredentialsFile for backwards compatibility.
+	if nCreds > 1 && !(nCreds == 2 && ds.TokenSource != nil && ds.CredentialsFile != "") {
 		return errors.New("multiple credential options provided")
 	}
 	if ds.HTTPClient != nil && ds.GRPCConn != nil {
@@ -58,5 +85,12 @@ func (ds *DialSettings) Validate() error {
 	if ds.HTTPClient != nil && ds.GRPCDialOpts != nil {
 		return errors.New("WithHTTPClient is incompatible with gRPC dial options")
 	}
+	if ds.HTTPClient != nil && ds.QuotaProject != "" {
+		return errors.New("WithHTTPClient is incompatible with QuotaProject")
+	}
+	if ds.HTTPClient != nil && ds.RequestReason != "" {
+		return errors.New("WithHTTPClient is incompatible with RequestReason")
+	}
+
 	return nil
 }
diff --git a/vendor/google.golang.org/api/iterator/iterator.go b/vendor/google.golang.org/api/iterator/iterator.go
index e34e52073492d..3c8ea7732af28 100644
--- a/vendor/google.golang.org/api/iterator/iterator.go
+++ b/vendor/google.golang.org/api/iterator/iterator.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/vendor/google.golang.org/api/option/credentials_go19.go b/vendor/google.golang.org/api/option/credentials_go19.go
index c08c1149d2894..0636a8294547a 100644
--- a/vendor/google.golang.org/api/option/credentials_go19.go
+++ b/vendor/google.golang.org/api/option/credentials_go19.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@ func (w *withCreds) Apply(o *internal.DialSettings) {
 	o.Credentials = (*google.Credentials)(w)
 }
 
+// WithCredentials returns a ClientOption that authenticates API calls.
 func WithCredentials(creds *google.Credentials) ClientOption {
 	return (*withCreds)(creds)
 }
diff --git a/vendor/google.golang.org/api/option/credentials_notgo19.go b/vendor/google.golang.org/api/option/credentials_notgo19.go
index 90d2290010224..74d3a4b5b918c 100644
--- a/vendor/google.golang.org/api/option/credentials_notgo19.go
+++ b/vendor/google.golang.org/api/option/credentials_notgo19.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/vendor/google.golang.org/api/option/option.go b/vendor/google.golang.org/api/option/option.go
index ffbee329511ca..0a1c2dba9e382 100644
--- a/vendor/google.golang.org/api/option/option.go
+++ b/vendor/google.golang.org/api/option/option.go
@@ -1,4 +1,4 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2017 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -61,6 +61,20 @@ func WithServiceAccountFile(filename string) ClientOption {
 	return WithCredentialsFile(filename)
 }
 
+// WithCredentialsJSON returns a ClientOption that authenticates
+// API calls with the given service account or refresh token JSON
+// credentials.
+func WithCredentialsJSON(p []byte) ClientOption {
+	return withCredentialsJSON(p)
+}
+
+type withCredentialsJSON []byte
+
+func (w withCredentialsJSON) Apply(o *internal.DialSettings) {
+	o.CredentialsJSON = make([]byte, len(w))
+	copy(o.CredentialsJSON, w)
+}
+
 // WithEndpoint returns a ClientOption that overrides the default endpoint
 // to be used for a service.
 func WithEndpoint(url string) ClientOption {
@@ -82,9 +96,8 @@ func WithScopes(scope ...string) ClientOption {
 type withScopes []string
 
 func (w withScopes) Apply(o *internal.DialSettings) {
-	s := make([]string, len(w))
-	copy(s, w)
-	o.Scopes = s
+	o.Scopes = make([]string, len(w))
+	copy(o.Scopes, w)
 }
 
 // WithUserAgent returns a ClientOption that sets the User-Agent.
@@ -153,6 +166,9 @@ func (w withGRPCConnectionPool) Apply(o *internal.DialSettings) {
 
 // WithAPIKey returns a ClientOption that specifies an API key to be used
 // as the basis for authentication.
+//
+// API Keys can only be used for JSON-over-HTTP APIs, including those under
+// the import path google.golang.org/api/....
 func WithAPIKey(apiKey string) ClientOption {
 	return withAPIKey(apiKey)
 }
@@ -161,6 +177,19 @@ type withAPIKey string
 
 func (w withAPIKey) Apply(o *internal.DialSettings) { o.APIKey = string(w) }
 
+// WithAudiences returns a ClientOption that specifies an audience to be used
+// as the audience field ("aud") for the JWT token authentication.
+func WithAudiences(audience ...string) ClientOption {
+	return withAudiences(audience)
+}
+
+type withAudiences []string
+
+func (w withAudiences) Apply(o *internal.DialSettings) {
+	o.Audiences = make([]string, len(w))
+	copy(o.Audiences, w)
+}
+
 // WithoutAuthentication returns a ClientOption that specifies that no
 // authentication should be used. It is suitable only for testing and for
 // accessing public resources, like public Google Cloud Storage buckets.
@@ -173,3 +202,34 @@ func WithoutAuthentication() ClientOption {
 type withoutAuthentication struct{}
 
 func (w withoutAuthentication) Apply(o *internal.DialSettings) { o.NoAuth = true }
+
+// WithQuotaProject returns a ClientOption that specifies the project used
+// for quota and billing purposes.
+//
+// For more information please read:
+// https://cloud.google.com/apis/docs/system-parameters
+func WithQuotaProject(quotaProject string) ClientOption {
+	return withQuotaProject(quotaProject)
+}
+
+type withQuotaProject string
+
+func (w withQuotaProject) Apply(o *internal.DialSettings) {
+	o.QuotaProject = string(w)
+}
+
+// WithRequestReason returns a ClientOption that specifies a reason for
+// making the request, which is intended to be recorded in audit logging.
+// An example reason would be a support-case ticket number.
+//
+// For more information please read:
+// https://cloud.google.com/apis/docs/system-parameters
+func WithRequestReason(requestReason string) ClientOption {
+	return withRequestReason(requestReason)
+}
+
+type withRequestReason string
+
+func (w withRequestReason) Apply(o *internal.DialSettings) {
+	o.RequestReason = string(w)
+}
diff --git a/vendor/google.golang.org/api/support/bundler/bundler.go b/vendor/google.golang.org/api/support/bundler/bundler.go
index 8d8fb7f0471cf..c553271190871 100644
--- a/vendor/google.golang.org/api/support/bundler/bundler.go
+++ b/vendor/google.golang.org/api/support/bundler/bundler.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -22,13 +22,13 @@
 package bundler
 
 import (
+	"context"
 	"errors"
 	"math"
 	"reflect"
 	"sync"
 	"time"
 
-	"golang.org/x/net/context"
 	"golang.org/x/sync/semaphore"
 )
 
diff --git a/vendor/google.golang.org/api/transport/dial.go b/vendor/google.golang.org/api/transport/dial.go
index c4c37191bf0f2..1fb7cf905d921 100644
--- a/vendor/google.golang.org/api/transport/dial.go
+++ b/vendor/google.golang.org/api/transport/dial.go
@@ -1,4 +1,4 @@
-// Copyright 2015 Google Inc. All Rights Reserved.
+// Copyright 2015 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,15 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package transport supports network connections to HTTP and GRPC servers.
-// This package is not intended for use by end developers. Use the
-// google.golang.org/api/option package to configure API clients.
 package transport
 
 import (
+	"context"
 	"net/http"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 
 	"google.golang.org/api/option"
diff --git a/vendor/google.golang.org/api/transport/doc.go b/vendor/google.golang.org/api/transport/doc.go
new file mode 100644
index 0000000000000..4915036c35982
--- /dev/null
+++ b/vendor/google.golang.org/api/transport/doc.go
@@ -0,0 +1,21 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package transport provides utility methods for creating authenticated
+// transports to Google's HTTP and gRPC APIs. It is intended to be used in
+// conjunction with google.golang.org/api/option.
+//
+// This package is not intended for use by end developers. Use the
+// google.golang.org/api/option package to configure API clients.
+package transport
diff --git a/vendor/google.golang.org/api/transport/go19.go b/vendor/google.golang.org/api/transport/go19.go
index 0177e5600cf90..3e89f932871b1 100644
--- a/vendor/google.golang.org/api/transport/go19.go
+++ b/vendor/google.golang.org/api/transport/go19.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,7 +17,8 @@
 package transport
 
 import (
-	"golang.org/x/net/context"
+	"context"
+
 	"golang.org/x/oauth2/google"
 	"google.golang.org/api/internal"
 	"google.golang.org/api/option"
diff --git a/vendor/google.golang.org/api/transport/grpc/dial.go b/vendor/google.golang.org/api/transport/grpc/dial.go
index 2b8ed6b0b8081..b850246ce2f94 100644
--- a/vendor/google.golang.org/api/transport/grpc/dial.go
+++ b/vendor/google.golang.org/api/transport/grpc/dial.go
@@ -1,4 +1,4 @@
-// Copyright 2015 Google Inc. All Rights Reserved.
+// Copyright 2015 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,25 +12,37 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package transport/grpc supports network connections to GRPC servers.
+// Package grpc supports network connections to GRPC servers.
 // This package is not intended for use by end developers. Use the
 // google.golang.org/api/option package to configure API clients.
 package grpc
 
 import (
+	"context"
 	"errors"
+	"log"
+	"os"
+	"strings"
 
-	"golang.org/x/net/context"
+	"go.opencensus.io/plugin/ocgrpc"
+	"golang.org/x/oauth2"
 	"google.golang.org/api/internal"
 	"google.golang.org/api/option"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
+	grpcgoogle "google.golang.org/grpc/credentials/google"
 	"google.golang.org/grpc/credentials/oauth"
+
+	// Install grpclb, which is required for direct path.
+	_ "google.golang.org/grpc/balancer/grpclb"
 )
 
 // Set at init time by dial_appengine.go. If nil, we're not on App Engine.
 var appengineDialerHook func(context.Context) grpc.DialOption
 
+// Set at init time by dial_socketopt.go. If nil, socketopt is not supported.
+var timeoutDialerOption grpc.DialOption
+
 // Dial returns a GRPC connection for use communicating with a Google cloud
 // service, configured with the given ClientOptions.
 func Dial(ctx context.Context, opts ...option.ClientOption) (*grpc.ClientConn, error) {
@@ -62,19 +74,47 @@ func dial(ctx context.Context, insecure bool, opts []option.ClientOption) (*grpc
 	if insecure {
 		grpcOpts = []grpc.DialOption{grpc.WithInsecure()}
 	} else if !o.NoAuth {
+		if o.APIKey != "" {
+			log.Print("API keys are not supported for gRPC APIs. Remove the WithAPIKey option from your client-creating call.")
+		}
 		creds, err := internal.Creds(ctx, &o)
 		if err != nil {
 			return nil, err
 		}
-		grpcOpts = []grpc.DialOption{
-			grpc.WithPerRPCCredentials(oauth.TokenSource{creds.TokenSource}),
-			grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")),
+		// Attempt Direct Path only if:
+		// * The endpoint is a host:port (or dns:///host:port).
+		// * Credentials are obtained via GCE metadata server, using the default
+		//   service account.
+		// * Opted in via GOOGLE_CLOUD_ENABLE_DIRECT_PATH environment variable.
+		//   For example, GOOGLE_CLOUD_ENABLE_DIRECT_PATH=spanner,pubsub
+		if isDirectPathEnabled(o.Endpoint) && isTokenSourceDirectPathCompatible(creds.TokenSource) {
+			if !strings.HasPrefix(o.Endpoint, "dns:///") {
+				o.Endpoint = "dns:///" + o.Endpoint
+			}
+			grpcOpts = []grpc.DialOption{
+				grpc.WithCredentialsBundle(
+					grpcgoogle.NewComputeEngineCredentials(),
+				),
+			}
+			// TODO(cbro): add support for system parameters (quota project, request reason) via chained interceptor.
+		} else {
+			grpcOpts = []grpc.DialOption{
+				grpc.WithPerRPCCredentials(grpcTokenSource{
+					TokenSource:   oauth.TokenSource{creds.TokenSource},
+					quotaProject:  o.QuotaProject,
+					requestReason: o.RequestReason,
+				}),
+				grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")),
+			}
 		}
 	}
+
 	if appengineDialerHook != nil {
 		// Use the Socket API on App Engine.
+		// appengine dialer will override socketopt dialer
 		grpcOpts = append(grpcOpts, appengineDialerHook(ctx))
 	}
+
 	// Add tracing, but before the other options, so that clients can override the
 	// gRPC stats handler.
 	// This assumes that gRPC options are processed in order, left to right.
@@ -83,5 +123,87 @@ func dial(ctx context.Context, insecure bool, opts []option.ClientOption) (*grpc
 	if o.UserAgent != "" {
 		grpcOpts = append(grpcOpts, grpc.WithUserAgent(o.UserAgent))
 	}
+
+	// TODO(weiranf): This socketopt dialer will be used by default at some
+	// point when isDirectPathEnabled will default to true, we guard it by
+	// the Directpath env var for now once we can introspect user defined
+	// dialer (https://github.com/grpc/grpc-go/issues/2795).
+	if timeoutDialerOption != nil && isDirectPathEnabled(o.Endpoint) {
+		grpcOpts = append(grpcOpts, timeoutDialerOption)
+	}
+
 	return grpc.DialContext(ctx, o.Endpoint, grpcOpts...)
 }
+
+func addOCStatsHandler(opts []grpc.DialOption) []grpc.DialOption {
+	return append(opts, grpc.WithStatsHandler(&ocgrpc.ClientHandler{}))
+}
+
+// grpcTokenSource supplies PerRPCCredentials from an oauth.TokenSource.
+type grpcTokenSource struct {
+	oauth.TokenSource
+
+	// Additional metadata attached as headers.
+	quotaProject  string
+	requestReason string
+}
+
+// GetRequestMetadata gets the request metadata as a map from a grpcTokenSource.
+func (ts grpcTokenSource) GetRequestMetadata(ctx context.Context, uri ...string) (
+	map[string]string, error) {
+	metadata, err := ts.TokenSource.GetRequestMetadata(ctx, uri...)
+	if err != nil {
+		return nil, err
+	}
+
+	// Attach system parameter
+	if ts.quotaProject != "" {
+		metadata["X-goog-user-project"] = ts.quotaProject
+	}
+	if ts.requestReason != "" {
+		metadata["X-goog-request-reason"] = ts.requestReason
+	}
+	return metadata, nil
+}
+
+func isTokenSourceDirectPathCompatible(ts oauth2.TokenSource) bool {
+	if ts == nil {
+		return false
+	}
+	tok, err := ts.Token()
+	if err != nil {
+		return false
+	}
+	if tok == nil {
+		return false
+	}
+	if source, _ := tok.Extra("oauth2.google.tokenSource").(string); source != "compute-metadata" {
+		return false
+	}
+	if acct, _ := tok.Extra("oauth2.google.serviceAccount").(string); acct != "default" {
+		return false
+	}
+	return true
+}
+
+func isDirectPathEnabled(endpoint string) bool {
+	// Only host:port is supported, not other schemes (e.g., "tcp://" or "unix://").
+	// Also don't try direct path if the user has chosen an alternate name resolver
+	// (i.e., via ":///" prefix).
+	//
+	// TODO(cbro): once gRPC has introspectible options, check the user hasn't
+	// provided a custom dialer in gRPC options.
+	if strings.Contains(endpoint, "://") && !strings.HasPrefix(endpoint, "dns:///") {
+		return false
+	}
+
+	// Only try direct path if the user has opted in via the environment variable.
+	whitelist := strings.Split(os.Getenv("GOOGLE_CLOUD_ENABLE_DIRECT_PATH"), ",")
+	for _, api := range whitelist {
+		// Ignore empty string since an empty env variable splits into [""]
+		if api != "" && strings.Contains(endpoint, api) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/google.golang.org/api/transport/grpc/dial_appengine.go b/vendor/google.golang.org/api/transport/grpc/dial_appengine.go
index a40cef2506ad0..87819d4e10f1b 100644
--- a/vendor/google.golang.org/api/transport/grpc/dial_appengine.go
+++ b/vendor/google.golang.org/api/transport/grpc/dial_appengine.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,10 +17,10 @@
 package grpc
 
 import (
+	"context"
 	"net"
 	"time"
 
-	"golang.org/x/net/context"
 	"google.golang.org/appengine"
 	"google.golang.org/appengine/socket"
 	"google.golang.org/grpc"
diff --git a/vendor/google.golang.org/api/transport/grpc/dial_socketopt.go b/vendor/google.golang.org/api/transport/grpc/dial_socketopt.go
new file mode 100644
index 0000000000000..2b1d9e99b1b5d
--- /dev/null
+++ b/vendor/google.golang.org/api/transport/grpc/dial_socketopt.go
@@ -0,0 +1,59 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build go1.11,linux
+
+package grpc
+
+import (
+	"context"
+	"net"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+	"google.golang.org/grpc"
+)
+
+const (
+	// defaultTCPUserTimeout is the default TCP_USER_TIMEOUT socket option. By
+	// default is 20 seconds.
+	tcpUserTimeoutMilliseconds = 20000
+)
+
+func init() {
+	// timeoutDialerOption is a grpc.DialOption that contains dialer with
+	// socket option TCP_USER_TIMEOUT. This dialer requires go versions 1.11+.
+	timeoutDialerOption = grpc.WithContextDialer(dialTCPUserTimeout)
+}
+
+func dialTCPUserTimeout(ctx context.Context, addr string) (net.Conn, error) {
+	control := func(network, address string, c syscall.RawConn) error {
+		var syscallErr error
+		controlErr := c.Control(func(fd uintptr) {
+			syscallErr = syscall.SetsockoptInt(
+				int(fd), syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT, tcpUserTimeoutMilliseconds)
+		})
+		if syscallErr != nil {
+			return syscallErr
+		}
+		if controlErr != nil {
+			return controlErr
+		}
+		return nil
+	}
+	d := &net.Dialer{
+		Control: control,
+	}
+	return d.DialContext(ctx, "tcp", addr)
+}
diff --git a/vendor/google.golang.org/api/transport/grpc/go18.go b/vendor/google.golang.org/api/transport/grpc/go18.go
deleted file mode 100644
index a4b4a994535d7..0000000000000
--- a/vendor/google.golang.org/api/transport/grpc/go18.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2018 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build go1.8
-
-package grpc
-
-import (
-	"go.opencensus.io/plugin/ocgrpc"
-	"google.golang.org/grpc"
-)
-
-func addOCStatsHandler(opts []grpc.DialOption) []grpc.DialOption {
-	return append(opts, grpc.WithStatsHandler(&ocgrpc.ClientHandler{}))
-}
diff --git a/vendor/google.golang.org/api/transport/grpc/not_go18.go b/vendor/google.golang.org/api/transport/grpc/not_go18.go
deleted file mode 100644
index f509d8636c5b8..0000000000000
--- a/vendor/google.golang.org/api/transport/grpc/not_go18.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2018 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build !go1.8
-
-package grpc
-
-import "google.golang.org/grpc"
-
-func addOCStatsHandler(opts []grpc.DialOption) []grpc.DialOption { return opts }
diff --git a/vendor/google.golang.org/api/transport/http/dial.go b/vendor/google.golang.org/api/transport/http/dial.go
index df34c6810d253..c0d8bf20b0223 100644
--- a/vendor/google.golang.org/api/transport/http/dial.go
+++ b/vendor/google.golang.org/api/transport/http/dial.go
@@ -1,4 +1,4 @@
-// Copyright 2015 Google Inc. All Rights Reserved.
+// Copyright 2015 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,73 +12,109 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package transport/http supports network connections to HTTP servers.
+// Package http supports network connections to HTTP servers.
 // This package is not intended for use by end developers. Use the
 // google.golang.org/api/option package to configure API clients.
 package http
 
 import (
+	"context"
 	"errors"
 	"net/http"
 
-	"golang.org/x/net/context"
+	"go.opencensus.io/plugin/ochttp"
 	"golang.org/x/oauth2"
 	"google.golang.org/api/googleapi/transport"
 	"google.golang.org/api/internal"
 	"google.golang.org/api/option"
+	"google.golang.org/api/transport/http/internal/propagation"
 )
 
 // NewClient returns an HTTP client for use communicating with a Google cloud
 // service, configured with the given ClientOptions. It also returns the endpoint
 // for the service as specified in the options.
 func NewClient(ctx context.Context, opts ...option.ClientOption) (*http.Client, string, error) {
-	var o internal.DialSettings
-	for _, opt := range opts {
-		opt.Apply(&o)
+	settings, err := newSettings(opts)
+	if err != nil {
+		return nil, "", err
 	}
-	if err := o.Validate(); err != nil {
+	// TODO(cbro): consider injecting the User-Agent even if an explicit HTTP client is provided?
+	if settings.HTTPClient != nil {
+		return settings.HTTPClient, settings.Endpoint, nil
+	}
+	trans, err := newTransport(ctx, defaultBaseTransport(ctx), settings)
+	if err != nil {
 		return nil, "", err
 	}
-	if o.GRPCConn != nil {
-		return nil, "", errors.New("unsupported gRPC connection specified")
+	return &http.Client{Transport: trans}, settings.Endpoint, nil
+}
+
+// NewTransport creates an http.RoundTripper for use communicating with a Google
+// cloud service, configured with the given ClientOptions. Its RoundTrip method delegates to base.
+func NewTransport(ctx context.Context, base http.RoundTripper, opts ...option.ClientOption) (http.RoundTripper, error) {
+	settings, err := newSettings(opts)
+	if err != nil {
+		return nil, err
 	}
-	// TODO(cbro): consider injecting the User-Agent even if an explicit HTTP client is provided?
-	if o.HTTPClient != nil {
-		return o.HTTPClient, o.Endpoint, nil
+	if settings.HTTPClient != nil {
+		return nil, errors.New("transport/http: WithHTTPClient passed to NewTransport")
 	}
-	trans := baseTransport(ctx)
-	trans = userAgentTransport{
-		base:      trans,
-		userAgent: o.UserAgent,
+	return newTransport(ctx, base, settings)
+}
+
+func newTransport(ctx context.Context, base http.RoundTripper, settings *internal.DialSettings) (http.RoundTripper, error) {
+	trans := base
+	trans = parameterTransport{
+		base:          trans,
+		userAgent:     settings.UserAgent,
+		quotaProject:  settings.QuotaProject,
+		requestReason: settings.RequestReason,
 	}
 	trans = addOCTransport(trans)
 	switch {
-	case o.NoAuth:
+	case settings.NoAuth:
 		// Do nothing.
-	case o.APIKey != "":
+	case settings.APIKey != "":
 		trans = &transport.APIKey{
 			Transport: trans,
-			Key:       o.APIKey,
+			Key:       settings.APIKey,
 		}
 	default:
-		creds, err := internal.Creds(ctx, &o)
+		creds, err := internal.Creds(ctx, settings)
 		if err != nil {
-			return nil, "", err
+			return nil, err
 		}
 		trans = &oauth2.Transport{
 			Base:   trans,
 			Source: creds.TokenSource,
 		}
 	}
-	return &http.Client{Transport: trans}, o.Endpoint, nil
+	return trans, nil
 }
 
-type userAgentTransport struct {
-	userAgent string
-	base      http.RoundTripper
+func newSettings(opts []option.ClientOption) (*internal.DialSettings, error) {
+	var o internal.DialSettings
+	for _, opt := range opts {
+		opt.Apply(&o)
+	}
+	if err := o.Validate(); err != nil {
+		return nil, err
+	}
+	if o.GRPCConn != nil {
+		return nil, errors.New("unsupported gRPC connection specified")
+	}
+	return &o, nil
+}
+
+type parameterTransport struct {
+	userAgent     string
+	quotaProject  string
+	requestReason string
+
+	base http.RoundTripper
 }
 
-func (t userAgentTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+func (t parameterTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	rt := t.base
 	if rt == nil {
 		return nil, errors.New("transport: no Transport specified")
@@ -92,18 +128,34 @@ func (t userAgentTransport) RoundTrip(req *http.Request) (*http.Response, error)
 		newReq.Header[k] = vv
 	}
 	// TODO(cbro): append to existing User-Agent header?
-	newReq.Header["User-Agent"] = []string{t.userAgent}
+	newReq.Header.Set("User-Agent", t.userAgent)
+
+	// Attach system parameters into the header
+	if t.quotaProject != "" {
+		newReq.Header.Set("X-Goog-User-Project", t.quotaProject)
+	}
+	if t.requestReason != "" {
+		newReq.Header.Set("X-Goog-Request-Reason", t.requestReason)
+	}
+
 	return rt.RoundTrip(&newReq)
 }
 
 // Set at init time by dial_appengine.go. If nil, we're not on App Engine.
 var appengineUrlfetchHook func(context.Context) http.RoundTripper
 
-// baseTransport returns the base HTTP transport.
+// defaultBaseTransport returns the base HTTP transport.
 // On App Engine, this is urlfetch.Transport, otherwise it's http.DefaultTransport.
-func baseTransport(ctx context.Context) http.RoundTripper {
+func defaultBaseTransport(ctx context.Context) http.RoundTripper {
 	if appengineUrlfetchHook != nil {
 		return appengineUrlfetchHook(ctx)
 	}
 	return http.DefaultTransport
 }
+
+func addOCTransport(trans http.RoundTripper) http.RoundTripper {
+	return &ochttp.Transport{
+		Base:        trans,
+		Propagation: &propagation.HTTPFormat{},
+	}
+}
diff --git a/vendor/google.golang.org/api/transport/http/dial_appengine.go b/vendor/google.golang.org/api/transport/http/dial_appengine.go
index 0cdef74ac131c..04c81413c5198 100644
--- a/vendor/google.golang.org/api/transport/http/dial_appengine.go
+++ b/vendor/google.golang.org/api/transport/http/dial_appengine.go
@@ -1,4 +1,4 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2016 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,9 +17,9 @@
 package http
 
 import (
+	"context"
 	"net/http"
 
-	"golang.org/x/net/context"
 	"google.golang.org/appengine/urlfetch"
 )
 
diff --git a/vendor/google.golang.org/api/transport/http/go18.go b/vendor/google.golang.org/api/transport/http/go18.go
deleted file mode 100644
index 1d4bb8e7fb489..0000000000000
--- a/vendor/google.golang.org/api/transport/http/go18.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2018 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build go1.8
-
-package http
-
-import (
-	"net/http"
-
-	"go.opencensus.io/exporter/stackdriver/propagation"
-	"go.opencensus.io/plugin/ochttp"
-)
-
-func addOCTransport(trans http.RoundTripper) http.RoundTripper {
-	return &ochttp.Transport{
-		Base:        trans,
-		Propagation: &propagation.HTTPFormat{},
-	}
-}
diff --git a/vendor/google.golang.org/api/transport/http/internal/propagation/http.go b/vendor/google.golang.org/api/transport/http/internal/propagation/http.go
new file mode 100644
index 0000000000000..24b4f0d291561
--- /dev/null
+++ b/vendor/google.golang.org/api/transport/http/internal/propagation/http.go
@@ -0,0 +1,96 @@
+// Copyright 2018 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build go1.8
+
+// Package propagation implements X-Cloud-Trace-Context header propagation used
+// by Google Cloud products.
+package propagation
+
+import (
+	"encoding/binary"
+	"encoding/hex"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"go.opencensus.io/trace"
+	"go.opencensus.io/trace/propagation"
+)
+
+const (
+	httpHeaderMaxSize = 200
+	httpHeader        = `X-Cloud-Trace-Context`
+)
+
+var _ propagation.HTTPFormat = (*HTTPFormat)(nil)
+
+// HTTPFormat implements propagation.HTTPFormat to propagate
+// traces in HTTP headers for Google Cloud Platform and Stackdriver Trace.
+type HTTPFormat struct{}
+
+// SpanContextFromRequest extracts a Stackdriver Trace span context from incoming requests.
+func (f *HTTPFormat) SpanContextFromRequest(req *http.Request) (sc trace.SpanContext, ok bool) {
+	h := req.Header.Get(httpHeader)
+	// See https://cloud.google.com/trace/docs/faq for the header HTTPFormat.
+	// Return if the header is empty or missing, or if the header is unreasonably
+	// large, to avoid making unnecessary copies of a large string.
+	if h == "" || len(h) > httpHeaderMaxSize {
+		return trace.SpanContext{}, false
+	}
+
+	// Parse the trace id field.
+	slash := strings.Index(h, `/`)
+	if slash == -1 {
+		return trace.SpanContext{}, false
+	}
+	tid, h := h[:slash], h[slash+1:]
+
+	buf, err := hex.DecodeString(tid)
+	if err != nil {
+		return trace.SpanContext{}, false
+	}
+	copy(sc.TraceID[:], buf)
+
+	// Parse the span id field.
+	spanstr := h
+	semicolon := strings.Index(h, `;`)
+	if semicolon != -1 {
+		spanstr, h = h[:semicolon], h[semicolon+1:]
+	}
+	sid, err := strconv.ParseUint(spanstr, 10, 64)
+	if err != nil {
+		return trace.SpanContext{}, false
+	}
+	binary.BigEndian.PutUint64(sc.SpanID[:], sid)
+
+	// Parse the options field, options field is optional.
+	if !strings.HasPrefix(h, "o=") {
+		return sc, true
+	}
+	o, err := strconv.ParseUint(h[2:], 10, 64)
+	if err != nil {
+		return trace.SpanContext{}, false
+	}
+	sc.TraceOptions = trace.TraceOptions(o)
+	return sc, true
+}
+
+// SpanContextToRequest modifies the given request to include a Stackdriver Trace header.
+func (f *HTTPFormat) SpanContextToRequest(sc trace.SpanContext, req *http.Request) {
+	sid := binary.BigEndian.Uint64(sc.SpanID[:])
+	header := fmt.Sprintf("%s/%d;o=%d", hex.EncodeToString(sc.TraceID[:]), sid, int64(sc.TraceOptions))
+	req.Header.Set(httpHeader, header)
+}
diff --git a/vendor/google.golang.org/api/transport/http/not_go18.go b/vendor/google.golang.org/api/transport/http/not_go18.go
deleted file mode 100644
index 628a21a84d69d..0000000000000
--- a/vendor/google.golang.org/api/transport/http/not_go18.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2018 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build !go1.8
-
-package http
-
-import "net/http"
-
-func addOCTransport(trans http.RoundTripper) http.RoundTripper { return trans }
diff --git a/vendor/google.golang.org/api/transport/not_go19.go b/vendor/google.golang.org/api/transport/not_go19.go
index 4489bc9b6e4c4..0cb6275944216 100644
--- a/vendor/google.golang.org/api/transport/not_go19.go
+++ b/vendor/google.golang.org/api/transport/not_go19.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,7 +17,8 @@
 package transport
 
 import (
-	"golang.org/x/net/context"
+	"context"
+
 	"golang.org/x/oauth2/google"
 	"google.golang.org/api/internal"
 	"google.golang.org/api/option"
diff --git a/vendor/google.golang.org/genproto/README.md b/vendor/google.golang.org/genproto/README.md
index 51d0bae5f71f5..8b8e4ef8c8e53 100644
--- a/vendor/google.golang.org/genproto/README.md
+++ b/vendor/google.golang.org/genproto/README.md
@@ -1,9 +1,12 @@
 Go generated proto packages
 ===========================
 
-[![Build Status](https://travis-ci.org/google/go-genproto.svg?branch=master)](https://travis-ci.org/google/go-genproto)
 [![GoDoc](https://godoc.org/google.golang.org/genproto?status.svg)](https://godoc.org/google.golang.org/genproto)
 
+```
+go get google.golang.org/genproto/...
+```
+
 > **IMPORTANT** This repository is currently experimental. The structure
 > of the contained packages is subject to change. Please see the original
 > source repositories (listed below) to find out the status of the each
diff --git a/vendor/google.golang.org/genproto/go.mod b/vendor/google.golang.org/genproto/go.mod
new file mode 100644
index 0000000000000..c947b4a5e462c
--- /dev/null
+++ b/vendor/google.golang.org/genproto/go.mod
@@ -0,0 +1,11 @@
+module google.golang.org/genproto
+
+go 1.11
+
+require (
+	github.com/golang/protobuf v1.3.3
+	golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3
+	golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135
+	google.golang.org/grpc v1.27.0
+	honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc
+)
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go
index c5a54b3d7ad1a..4f3526e1db4ca 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go
@@ -1,12 +1,15 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/api/annotations.proto
 
-package annotations // import "google.golang.org/genproto/googleapis/api/annotations"
+package annotations
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import descriptor "github.com/golang/protobuf/protoc-gen-go/descriptor"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	descriptor "github.com/golang/protobuf/protoc-gen-go/descriptor"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -17,7 +20,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 var E_Http = &proto.ExtensionDesc{
 	ExtendedType:  (*descriptor.MethodOptions)(nil),
@@ -33,10 +36,10 @@ func init() {
 }
 
 func init() {
-	proto.RegisterFile("google/api/annotations.proto", fileDescriptor_annotations_7782c41cc734273a)
+	proto.RegisterFile("google/api/annotations.proto", fileDescriptor_c591c5aa9fb79aab)
 }
 
-var fileDescriptor_annotations_7782c41cc734273a = []byte{
+var fileDescriptor_c591c5aa9fb79aab = []byte{
 	// 208 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x49, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0x4f, 0x2c, 0xc8, 0xd4, 0x4f, 0xcc, 0xcb, 0xcb, 0x2f, 0x49, 0x2c, 0xc9, 0xcc,
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go
new file mode 100644
index 0000000000000..9757593e92270
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go
@@ -0,0 +1,81 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: google/api/client.proto
+
+package annotations
+
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	descriptor "github.com/golang/protobuf/protoc-gen-go/descriptor"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+var E_MethodSignature = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.MethodOptions)(nil),
+	ExtensionType: ([]string)(nil),
+	Field:         1051,
+	Name:          "google.api.method_signature",
+	Tag:           "bytes,1051,rep,name=method_signature",
+	Filename:      "google/api/client.proto",
+}
+
+var E_DefaultHost = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.ServiceOptions)(nil),
+	ExtensionType: (*string)(nil),
+	Field:         1049,
+	Name:          "google.api.default_host",
+	Tag:           "bytes,1049,opt,name=default_host",
+	Filename:      "google/api/client.proto",
+}
+
+var E_OauthScopes = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.ServiceOptions)(nil),
+	ExtensionType: (*string)(nil),
+	Field:         1050,
+	Name:          "google.api.oauth_scopes",
+	Tag:           "bytes,1050,opt,name=oauth_scopes",
+	Filename:      "google/api/client.proto",
+}
+
+func init() {
+	proto.RegisterExtension(E_MethodSignature)
+	proto.RegisterExtension(E_DefaultHost)
+	proto.RegisterExtension(E_OauthScopes)
+}
+
+func init() {
+	proto.RegisterFile("google/api/client.proto", fileDescriptor_78f2c6f7c3a942c1)
+}
+
+var fileDescriptor_78f2c6f7c3a942c1 = []byte{
+	// 262 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x90, 0x3f, 0x4f, 0xc3, 0x30,
+	0x10, 0xc5, 0x55, 0x40, 0xa8, 0x75, 0x11, 0xa0, 0x2c, 0x20, 0x06, 0xc8, 0xd8, 0xc9, 0x1e, 0xd8,
+	0xca, 0xd4, 0x76, 0xe0, 0x8f, 0x84, 0x88, 0x9a, 0x8d, 0x25, 0x72, 0x9d, 0xab, 0x63, 0x29, 0xf5,
+	0x59, 0xf6, 0x85, 0xef, 0x02, 0x6c, 0x7c, 0x52, 0x54, 0xc7, 0x11, 0x48, 0x0c, 0x6c, 0x27, 0xbd,
+	0xf7, 0xfb, 0x9d, 0xf4, 0xd8, 0x85, 0x46, 0xd4, 0x2d, 0x08, 0xe9, 0x8c, 0x50, 0xad, 0x01, 0x4b,
+	0xdc, 0x79, 0x24, 0xcc, 0x58, 0x1f, 0x70, 0xe9, 0xcc, 0x55, 0x9e, 0x4a, 0x31, 0xd9, 0x74, 0x5b,
+	0x51, 0x43, 0x50, 0xde, 0x38, 0x42, 0xdf, 0xb7, 0xe7, 0x4f, 0xec, 0x7c, 0x07, 0xd4, 0x60, 0x5d,
+	0x05, 0xa3, 0xad, 0xa4, 0xce, 0x43, 0x76, 0xcd, 0x93, 0x62, 0xc0, 0xf8, 0x73, 0xac, 0xbc, 0x38,
+	0x32, 0x68, 0xc3, 0xe5, 0xe7, 0x38, 0x3f, 0x9c, 0x4d, 0xd6, 0x67, 0x3d, 0x58, 0x0e, 0xdc, 0x7c,
+	0xc5, 0x4e, 0x6a, 0xd8, 0xca, 0xae, 0xa5, 0xaa, 0xc1, 0x40, 0xd9, 0xcd, 0x1f, 0x4f, 0x09, 0xfe,
+	0xcd, 0x28, 0x18, 0x44, 0xef, 0xe3, 0x7c, 0x34, 0x9b, 0xac, 0xa7, 0x89, 0x7a, 0xc0, 0x40, 0x7b,
+	0x09, 0xca, 0x8e, 0x9a, 0x2a, 0x28, 0x74, 0x10, 0xfe, 0x97, 0x7c, 0x24, 0x49, 0xa4, 0xca, 0x08,
+	0x2d, 0x0d, 0x3b, 0x55, 0xb8, 0xe3, 0x3f, 0x4b, 0x2c, 0xa7, 0xab, 0xb8, 0x51, 0xb1, 0x97, 0x14,
+	0xa3, 0xd7, 0x45, 0x8a, 0x34, 0xb6, 0xd2, 0x6a, 0x8e, 0x5e, 0x0b, 0x0d, 0x36, 0xbe, 0x10, 0x7d,
+	0x24, 0x9d, 0x09, 0x71, 0x5c, 0x69, 0x2d, 0x92, 0x8c, 0xbf, 0xee, 0x7e, 0xdd, 0x5f, 0x07, 0x47,
+	0xf7, 0x8b, 0xe2, 0x71, 0x73, 0x1c, 0xa1, 0xdb, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0xcc, 0xc2,
+	0xcf, 0x71, 0x90, 0x01, 0x00, 0x00,
+}
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
new file mode 100644
index 0000000000000..6e67a93febe73
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
@@ -0,0 +1,124 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: google/api/field_behavior.proto
+
+package annotations
+
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	descriptor "github.com/golang/protobuf/protoc-gen-go/descriptor"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// An indicator of the behavior of a given field (for example, that a field
+// is required in requests, or given as output but ignored as input).
+// This **does not** change the behavior in protocol buffers itself; it only
+// denotes the behavior and may affect how API tooling handles the field.
+//
+// Note: This enum **may** receive new values in the future.
+type FieldBehavior int32
+
+const (
+	// Conventional default for enums. Do not use this.
+	FieldBehavior_FIELD_BEHAVIOR_UNSPECIFIED FieldBehavior = 0
+	// Specifically denotes a field as optional.
+	// While all fields in protocol buffers are optional, this may be specified
+	// for emphasis if appropriate.
+	FieldBehavior_OPTIONAL FieldBehavior = 1
+	// Denotes a field as required.
+	// This indicates that the field **must** be provided as part of the request,
+	// and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
+	FieldBehavior_REQUIRED FieldBehavior = 2
+	// Denotes a field as output only.
+	// This indicates that the field is provided in responses, but including the
+	// field in a request does nothing (the server *must* ignore it and
+	// *must not* throw an error as a result of the field's presence).
+	FieldBehavior_OUTPUT_ONLY FieldBehavior = 3
+	// Denotes a field as input only.
+	// This indicates that the field is provided in requests, and the
+	// corresponding field is not included in output.
+	FieldBehavior_INPUT_ONLY FieldBehavior = 4
+	// Denotes a field as immutable.
+	// This indicates that the field may be set once in a request to create a
+	// resource, but may not be changed thereafter.
+	FieldBehavior_IMMUTABLE FieldBehavior = 5
+)
+
+var FieldBehavior_name = map[int32]string{
+	0: "FIELD_BEHAVIOR_UNSPECIFIED",
+	1: "OPTIONAL",
+	2: "REQUIRED",
+	3: "OUTPUT_ONLY",
+	4: "INPUT_ONLY",
+	5: "IMMUTABLE",
+}
+
+var FieldBehavior_value = map[string]int32{
+	"FIELD_BEHAVIOR_UNSPECIFIED": 0,
+	"OPTIONAL":                   1,
+	"REQUIRED":                   2,
+	"OUTPUT_ONLY":                3,
+	"INPUT_ONLY":                 4,
+	"IMMUTABLE":                  5,
+}
+
+func (x FieldBehavior) String() string {
+	return proto.EnumName(FieldBehavior_name, int32(x))
+}
+
+func (FieldBehavior) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_4648f18fd5079967, []int{0}
+}
+
+var E_FieldBehavior = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
+	ExtensionType: ([]FieldBehavior)(nil),
+	Field:         1052,
+	Name:          "google.api.field_behavior",
+	Tag:           "varint,1052,rep,name=field_behavior,enum=google.api.FieldBehavior",
+	Filename:      "google/api/field_behavior.proto",
+}
+
+func init() {
+	proto.RegisterEnum("google.api.FieldBehavior", FieldBehavior_name, FieldBehavior_value)
+	proto.RegisterExtension(E_FieldBehavior)
+}
+
+func init() {
+	proto.RegisterFile("google/api/field_behavior.proto", fileDescriptor_4648f18fd5079967)
+}
+
+var fileDescriptor_4648f18fd5079967 = []byte{
+	// 303 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x54, 0x90, 0x4f, 0x4f, 0xb3, 0x30,
+	0x1c, 0xc7, 0x9f, 0xfd, 0x79, 0xcc, 0xac, 0x0e, 0x49, 0x4f, 0xba, 0x44, 0xdd, 0xd1, 0x78, 0x28,
+	0x89, 0xde, 0xf4, 0x04, 0xae, 0xd3, 0x26, 0x8c, 0x56, 0x04, 0x13, 0xbd, 0x60, 0xb7, 0xb1, 0xda,
+	0x64, 0xd2, 0x06, 0xd0, 0x8b, 0x6f, 0xc5, 0x93, 0xaf, 0xd4, 0xd0, 0x31, 0x85, 0x5b, 0xbf, 0xf9,
+	0x7d, 0xfa, 0xeb, 0xe7, 0x5b, 0x70, 0x2a, 0x94, 0x12, 0xeb, 0xd4, 0xe1, 0x5a, 0x3a, 0x2b, 0x99,
+	0xae, 0x97, 0xc9, 0x3c, 0x7d, 0xe5, 0x1f, 0x52, 0xe5, 0x48, 0xe7, 0xaa, 0x54, 0x10, 0x6c, 0x00,
+	0xc4, 0xb5, 0x1c, 0x8d, 0x6b, 0xd8, 0x4c, 0xe6, 0xef, 0x2b, 0x67, 0x99, 0x16, 0x8b, 0x5c, 0xea,
+	0x72, 0x4b, 0x9f, 0x7f, 0x82, 0xe1, 0xb4, 0xda, 0xe2, 0xd5, 0x4b, 0xe0, 0x09, 0x18, 0x4d, 0x09,
+	0xf6, 0x27, 0x89, 0x87, 0xef, 0xdc, 0x47, 0x42, 0xc3, 0x24, 0x0e, 0x1e, 0x18, 0xbe, 0x21, 0x53,
+	0x82, 0x27, 0xf6, 0x3f, 0xb8, 0x0f, 0x06, 0x94, 0x45, 0x84, 0x06, 0xae, 0x6f, 0x77, 0xaa, 0x14,
+	0xe2, 0xfb, 0x98, 0x84, 0x78, 0x62, 0x77, 0xe1, 0x01, 0xd8, 0xa3, 0x71, 0xc4, 0xe2, 0x28, 0xa1,
+	0x81, 0xff, 0x64, 0xf7, 0xa0, 0x05, 0x00, 0x09, 0x7e, 0x73, 0x1f, 0x0e, 0xc1, 0x2e, 0x99, 0xcd,
+	0xe2, 0xc8, 0xf5, 0x7c, 0x6c, 0xff, 0xbf, 0x7a, 0x01, 0x56, 0xbb, 0x02, 0x3c, 0x46, 0xb5, 0xfd,
+	0xd6, 0x18, 0x19, 0x3b, 0xaa, 0x4b, 0xa9, 0xb2, 0xe2, 0xf0, 0x6b, 0x30, 0xee, 0x9d, 0x59, 0x17,
+	0x47, 0xe8, 0xaf, 0x23, 0x6a, 0xe9, 0x87, 0xc3, 0x55, 0x33, 0x7a, 0x1a, 0x58, 0x0b, 0xf5, 0xd6,
+	0xc0, 0x3d, 0xd8, 0xe2, 0x59, 0xf5, 0x0c, 0xeb, 0x3c, 0xbb, 0x35, 0x21, 0xd4, 0x9a, 0x67, 0x02,
+	0xa9, 0x5c, 0x38, 0x22, 0xcd, 0x8c, 0x84, 0xb3, 0x19, 0x71, 0x2d, 0x0b, 0xf3, 0xe9, 0x3c, 0xcb,
+	0x54, 0xc9, 0x8d, 0xcf, 0x75, 0xe3, 0xfc, 0xdd, 0xed, 0xdf, 0xba, 0x8c, 0xcc, 0x77, 0xcc, 0xa5,
+	0xcb, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xfc, 0x94, 0x57, 0x94, 0xa8, 0x01, 0x00, 0x00,
+}
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
index e32d3b4f30e71..6ed6f3c91764f 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
@@ -1,11 +1,14 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/api/http.proto
 
-package annotations // import "google.golang.org/genproto/googleapis/api/annotations"
+package annotations
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,7 +19,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // Defines the HTTP configuration for an API service. It contains a list of
 // [HttpRule][google.api.HttpRule], each specifying the mapping of an RPC method
@@ -25,14 +28,14 @@ type Http struct {
 	// A list of HTTP configuration rules that apply to individual API methods.
 	//
 	// **NOTE:** All service configuration rules follow "last one wins" order.
-	Rules []*HttpRule `protobuf:"bytes,1,rep,name=rules" json:"rules,omitempty"`
-	// When set to true, URL path parmeters will be fully URI-decoded except in
+	Rules []*HttpRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
+	// When set to true, URL path parameters will be fully URI-decoded except in
 	// cases of single segment matches in reserved expansion, where "%2F" will be
 	// left encoded.
 	//
 	// The default behavior is to not decode RFC 6570 reserved characters in multi
 	// segment matches.
-	FullyDecodeReservedExpansion bool     `protobuf:"varint,2,opt,name=fully_decode_reserved_expansion,json=fullyDecodeReservedExpansion" json:"fully_decode_reserved_expansion,omitempty"`
+	FullyDecodeReservedExpansion bool     `protobuf:"varint,2,opt,name=fully_decode_reserved_expansion,json=fullyDecodeReservedExpansion,proto3" json:"fully_decode_reserved_expansion,omitempty"`
 	XXX_NoUnkeyedLiteral         struct{} `json:"-"`
 	XXX_unrecognized             []byte   `json:"-"`
 	XXX_sizecache                int32    `json:"-"`
@@ -42,16 +45,17 @@ func (m *Http) Reset()         { *m = Http{} }
 func (m *Http) String() string { return proto.CompactTextString(m) }
 func (*Http) ProtoMessage()    {}
 func (*Http) Descriptor() ([]byte, []int) {
-	return fileDescriptor_http_9c97bbd8b94894d4, []int{0}
+	return fileDescriptor_ff9994be407cdcc9, []int{0}
 }
+
 func (m *Http) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Http.Unmarshal(m, b)
 }
 func (m *Http) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Http.Marshal(b, m, deterministic)
 }
-func (dst *Http) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Http.Merge(dst, src)
+func (m *Http) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Http.Merge(m, src)
 }
 func (m *Http) XXX_Size() int {
 	return xxx_messageInfo_Http.Size(m)
@@ -76,94 +80,94 @@ func (m *Http) GetFullyDecodeReservedExpansion() bool {
 	return false
 }
 
-// `HttpRule` defines the mapping of an RPC method to one or more HTTP
-// REST API methods. The mapping specifies how different portions of the RPC
-// request message are mapped to URL path, URL query parameters, and
-// HTTP request body. The mapping is typically specified as an
-// `google.api.http` annotation on the RPC method,
-// see "google/api/annotations.proto" for details.
+// # gRPC Transcoding
+//
+// gRPC Transcoding is a feature for mapping between a gRPC method and one or
+// more HTTP REST endpoints. It allows developers to build a single API service
+// that supports both gRPC APIs and REST APIs. Many systems, including [Google
+// APIs](https://github.com/googleapis/googleapis),
+// [Cloud Endpoints](https://cloud.google.com/endpoints), [gRPC
+// Gateway](https://github.com/grpc-ecosystem/grpc-gateway),
+// and [Envoy](https://github.com/envoyproxy/envoy) proxy support this feature
+// and use it for large scale production services.
 //
-// The mapping consists of a field specifying the path template and
-// method kind.  The path template can refer to fields in the request
-// message, as in the example below which describes a REST GET
-// operation on a resource collection of messages:
+// `HttpRule` defines the schema of the gRPC/REST mapping. The mapping specifies
+// how different portions of the gRPC request message are mapped to the URL
+// path, URL query parameters, and HTTP request body. It also controls how the
+// gRPC response message is mapped to the HTTP response body. `HttpRule` is
+// typically specified as an `google.api.http` annotation on the gRPC method.
 //
+// Each mapping specifies a URL path template and an HTTP method. The path
+// template may refer to one or more fields in the gRPC request message, as long
+// as each field is a non-repeated field with a primitive (non-message) type.
+// The path template controls how fields of the request message are mapped to
+// the URL path.
+//
+// Example:
 //
 //     service Messaging {
 //       rpc GetMessage(GetMessageRequest) returns (Message) {
-//         option (google.api.http).get = "/v1/messages/{message_id}/{sub.subfield}";
+//         option (google.api.http) = {
+//             get: "/v1/{name=messages/*}"
+//         };
 //       }
 //     }
 //     message GetMessageRequest {
-//       message SubMessage {
-//         string subfield = 1;
-//       }
-//       string message_id = 1; // mapped to the URL
-//       SubMessage sub = 2;    // `sub.subfield` is url-mapped
+//       string name = 1; // Mapped to URL path.
 //     }
 //     message Message {
-//       string text = 1; // content of the resource
+//       string text = 1; // The resource content.
 //     }
 //
-// The same http annotation can alternatively be expressed inside the
-// `GRPC API Configuration` YAML file.
-//
-//     http:
-//       rules:
-//         - selector: <proto_package_name>.Messaging.GetMessage
-//           get: /v1/messages/{message_id}/{sub.subfield}
+// This enables an HTTP REST to gRPC mapping as below:
 //
-// This definition enables an automatic, bidrectional mapping of HTTP
-// JSON to RPC. Example:
-//
-// HTTP | RPC
+// HTTP | gRPC
 // -----|-----
-// `GET /v1/messages/123456/foo`  | `GetMessage(message_id: "123456" sub: SubMessage(subfield: "foo"))`
-//
-// In general, not only fields but also field paths can be referenced
-// from a path pattern. Fields mapped to the path pattern cannot be
-// repeated and must have a primitive (non-message) type.
-//
-// Any fields in the request message which are not bound by the path
-// pattern automatically become (optional) HTTP query
-// parameters. Assume the following definition of the request message:
+// `GET /v1/messages/123456`  | `GetMessage(name: "messages/123456")`
 //
+// Any fields in the request message which are not bound by the path template
+// automatically become HTTP query parameters if there is no HTTP request body.
+// For example:
 //
 //     service Messaging {
 //       rpc GetMessage(GetMessageRequest) returns (Message) {
-//         option (google.api.http).get = "/v1/messages/{message_id}";
+//         option (google.api.http) = {
+//             get:"/v1/messages/{message_id}"
+//         };
 //       }
 //     }
 //     message GetMessageRequest {
 //       message SubMessage {
 //         string subfield = 1;
 //       }
-//       string message_id = 1; // mapped to the URL
-//       int64 revision = 2;    // becomes a parameter
-//       SubMessage sub = 3;    // `sub.subfield` becomes a parameter
+//       string message_id = 1; // Mapped to URL path.
+//       int64 revision = 2;    // Mapped to URL query parameter `revision`.
+//       SubMessage sub = 3;    // Mapped to URL query parameter `sub.subfield`.
 //     }
 //
-//
 // This enables a HTTP JSON to RPC mapping as below:
 //
-// HTTP | RPC
+// HTTP | gRPC
 // -----|-----
-// `GET /v1/messages/123456?revision=2&sub.subfield=foo` | `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield: "foo"))`
-//
-// Note that fields which are mapped to HTTP parameters must have a
-// primitive type or a repeated primitive type. Message types are not
-// allowed. In the case of a repeated type, the parameter can be
-// repeated in the URL, as in `...?param=A&param=B`.
-//
-// For HTTP method kinds which allow a request body, the `body` field
+// `GET /v1/messages/123456?revision=2&sub.subfield=foo` |
+// `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield:
+// "foo"))`
+//
+// Note that fields which are mapped to URL query parameters must have a
+// primitive type or a repeated primitive type or a non-repeated message type.
+// In the case of a repeated type, the parameter can be repeated in the URL
+// as `...?param=A&param=B`. In the case of a message type, each field of the
+// message is mapped to a separate parameter, such as
+// `...?foo.a=A&foo.b=B&foo.c=C`.
+//
+// For HTTP methods that allow a request body, the `body` field
 // specifies the mapping. Consider a REST update method on the
 // message resource collection:
 //
-//
 //     service Messaging {
 //       rpc UpdateMessage(UpdateMessageRequest) returns (Message) {
 //         option (google.api.http) = {
-//           put: "/v1/messages/{message_id}"
+//           patch: "/v1/messages/{message_id}"
 //           body: "message"
 //         };
 //       }
@@ -173,14 +177,14 @@ func (m *Http) GetFullyDecodeReservedExpansion() bool {
 //       Message message = 2;   // mapped to the body
 //     }
 //
-//
 // The following HTTP JSON to RPC mapping is enabled, where the
 // representation of the JSON in the request body is determined by
 // protos JSON encoding:
 //
-// HTTP | RPC
+// HTTP | gRPC
 // -----|-----
-// `PUT /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id: "123456" message { text: "Hi!" })`
+// `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
+// "123456" message { text: "Hi!" })`
 //
 // The special name `*` can be used in the body mapping to define that
 // every field not bound by the path template should be mapped to the
@@ -190,7 +194,7 @@ func (m *Http) GetFullyDecodeReservedExpansion() bool {
 //     service Messaging {
 //       rpc UpdateMessage(Message) returns (Message) {
 //         option (google.api.http) = {
-//           put: "/v1/messages/{message_id}"
+//           patch: "/v1/messages/{message_id}"
 //           body: "*"
 //         };
 //       }
@@ -203,13 +207,14 @@ func (m *Http) GetFullyDecodeReservedExpansion() bool {
 //
 // The following HTTP JSON to RPC mapping is enabled:
 //
-// HTTP | RPC
+// HTTP | gRPC
 // -----|-----
-// `PUT /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id: "123456" text: "Hi!")`
+// `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
+// "123456" text: "Hi!")`
 //
 // Note that when using `*` in the body mapping, it is not possible to
 // have HTTP parameters, as all fields not bound by the path end in
-// the body. This makes this option more rarely used in practice of
+// the body. This makes this option more rarely used in practice when
 // defining REST APIs. The common usage of `*` is in custom methods
 // which don't use the URL at all for transferring data.
 //
@@ -231,32 +236,31 @@ func (m *Http) GetFullyDecodeReservedExpansion() bool {
 //       string user_id = 2;
 //     }
 //
+// This enables the following two alternative HTTP JSON to RPC mappings:
 //
-// This enables the following two alternative HTTP JSON to RPC
-// mappings:
-//
-// HTTP | RPC
+// HTTP | gRPC
 // -----|-----
 // `GET /v1/messages/123456` | `GetMessage(message_id: "123456")`
-// `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id: "123456")`
-//
-// # Rules for HTTP mapping
-//
-// The rules for mapping HTTP path, query parameters, and body fields
-// to the request message are as follows:
-//
-// 1. The `body` field specifies either `*` or a field path, or is
-//    omitted. If omitted, it indicates there is no HTTP request body.
-// 2. Leaf fields (recursive expansion of nested messages in the
-//    request) can be classified into three types:
-//     (a) Matched in the URL template.
-//     (b) Covered by body (if body is `*`, everything except (a) fields;
-//         else everything under the body field)
-//     (c) All other fields.
-// 3. URL query parameters found in the HTTP request are mapped to (c) fields.
-// 4. Any body sent with an HTTP request can contain only (b) fields.
-//
-// The syntax of the path template is as follows:
+// `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id:
+// "123456")`
+//
+// ## Rules for HTTP mapping
+//
+// 1. Leaf request fields (recursive expansion nested messages in the request
+//    message) are classified into three categories:
+//    - Fields referred by the path template. They are passed via the URL path.
+//    - Fields referred by the [HttpRule.body][google.api.HttpRule.body]. They are passed via the HTTP
+//      request body.
+//    - All other fields are passed via the URL query parameters, and the
+//      parameter name is the field path in the request message. A repeated
+//      field can be represented as multiple query parameters under the same
+//      name.
+//  2. If [HttpRule.body][google.api.HttpRule.body] is "*", there is no URL query parameter, all fields
+//     are passed via URL path and HTTP request body.
+//  3. If [HttpRule.body][google.api.HttpRule.body] is omitted, there is no HTTP request body, all
+//     fields are passed via URL path and URL query parameters.
+//
+// ### Path template syntax
 //
 //     Template = "/" Segments [ Verb ] ;
 //     Segments = Segment { "/" Segment } ;
@@ -265,39 +269,91 @@ func (m *Http) GetFullyDecodeReservedExpansion() bool {
 //     FieldPath = IDENT { "." IDENT } ;
 //     Verb     = ":" LITERAL ;
 //
-// The syntax `*` matches a single path segment. The syntax `**` matches zero
-// or more path segments, which must be the last part of the path except the
-// `Verb`. The syntax `LITERAL` matches literal text in the path.
+// The syntax `*` matches a single URL path segment. The syntax `**` matches
+// zero or more URL path segments, which must be the last part of the URL path
+// except the `Verb`.
 //
 // The syntax `Variable` matches part of the URL path as specified by its
 // template. A variable template must not contain other variables. If a variable
 // matches a single path segment, its template may be omitted, e.g. `{var}`
 // is equivalent to `{var=*}`.
 //
+// The syntax `LITERAL` matches literal text in the URL path. If the `LITERAL`
+// contains any reserved character, such characters should be percent-encoded
+// before the matching.
+//
 // If a variable contains exactly one path segment, such as `"{var}"` or
-// `"{var=*}"`, when such a variable is expanded into a URL path, all characters
-// except `[-_.~0-9a-zA-Z]` are percent-encoded. Such variables show up in the
-// Discovery Document as `{var}`.
-//
-// If a variable contains one or more path segments, such as `"{var=foo/*}"`
-// or `"{var=**}"`, when such a variable is expanded into a URL path, all
-// characters except `[-_.~/0-9a-zA-Z]` are percent-encoded. Such variables
-// show up in the Discovery Document as `{+var}`.
-//
-// NOTE: While the single segment variable matches the semantics of
-// [RFC 6570](https://tools.ietf.org/html/rfc6570) Section 3.2.2
-// Simple String Expansion, the multi segment variable **does not** match
-// RFC 6570 Reserved Expansion. The reason is that the Reserved Expansion
+// `"{var=*}"`, when such a variable is expanded into a URL path on the client
+// side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The
+// server side does the reverse decoding. Such variables show up in the
+// [Discovery
+// Document](https://developers.google.com/discovery/v1/reference/apis) as
+// `{var}`.
+//
+// If a variable contains multiple path segments, such as `"{var=foo/*}"`
+// or `"{var=**}"`, when such a variable is expanded into a URL path on the
+// client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded.
+// The server side does the reverse decoding, except "%2F" and "%2f" are left
+// unchanged. Such variables show up in the
+// [Discovery
+// Document](https://developers.google.com/discovery/v1/reference/apis) as
+// `{+var}`.
+//
+// ## Using gRPC API Service Configuration
+//
+// gRPC API Service Configuration (service config) is a configuration language
+// for configuring a gRPC service to become a user-facing product. The
+// service config is simply the YAML representation of the `google.api.Service`
+// proto message.
+//
+// As an alternative to annotating your proto file, you can configure gRPC
+// transcoding in your service config YAML files. You do this by specifying a
+// `HttpRule` that maps the gRPC method to a REST endpoint, achieving the same
+// effect as the proto annotation. This can be particularly useful if you
+// have a proto that is reused in multiple services. Note that any transcoding
+// specified in the service config will override any matching transcoding
+// configuration in the proto.
+//
+// Example:
+//
+//     http:
+//       rules:
+//         # Selects a gRPC method and applies HttpRule to it.
+//         - selector: example.v1.Messaging.GetMessage
+//           get: /v1/messages/{message_id}/{sub.subfield}
+//
+// ## Special notes
+//
+// When gRPC Transcoding is used to map a gRPC to JSON REST endpoints, the
+// proto to JSON conversion must follow the [proto3
+// specification](https://developers.google.com/protocol-buffers/docs/proto3#json).
+//
+// While the single segment variable follows the semantics of
+// [RFC 6570](https://tools.ietf.org/html/rfc6570) Section 3.2.2 Simple String
+// Expansion, the multi segment variable **does not** follow RFC 6570 Section
+// 3.2.3 Reserved Expansion. The reason is that the Reserved Expansion
 // does not expand special characters like `?` and `#`, which would lead
-// to invalid URLs.
+// to invalid URLs. As the result, gRPC Transcoding uses a custom encoding
+// for multi segment variables.
 //
-// NOTE: the field paths in variables and in the `body` must not refer to
-// repeated fields or map fields.
+// The path variables **must not** refer to any repeated or mapped field,
+// because client libraries are not capable of handling such variable expansion.
+//
+// The path variables **must not** capture the leading "/" character. The reason
+// is that the most common use case "{var}" does not capture the leading "/"
+// character. For consistency, all path variables must share the same behavior.
+//
+// Repeated message fields must not be mapped to URL query parameters, because
+// no client library can support such complicated mapping.
+//
+// If an API needs to use a JSON array for request or response body, it can map
+// the request or response body to a repeated field. However, some gRPC
+// Transcoding implementations may not support this feature.
 type HttpRule struct {
-	// Selects methods to which this rule applies.
+	// Selects a method to which this rule applies.
 	//
 	// Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
-	Selector string `protobuf:"bytes,1,opt,name=selector" json:"selector,omitempty"`
+	Selector string `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"`
 	// Determines the URL pattern is matched by this rules. This pattern can be
 	// used with any of the {get|put|post|delete|patch} methods. A custom method
 	// can be defined using the 'custom' field.
@@ -310,15 +366,24 @@ type HttpRule struct {
 	//	*HttpRule_Patch
 	//	*HttpRule_Custom
 	Pattern isHttpRule_Pattern `protobuf_oneof:"pattern"`
-	// The name of the request field whose value is mapped to the HTTP body, or
-	// `*` for mapping all fields not captured by the path pattern to the HTTP
-	// body. NOTE: the referred field must not be a repeated field and must be
-	// present at the top-level of request message type.
-	Body string `protobuf:"bytes,7,opt,name=body" json:"body,omitempty"`
+	// The name of the request field whose value is mapped to the HTTP request
+	// body, or `*` for mapping all request fields not captured by the path
+	// pattern to the HTTP body, or omitted for not having any HTTP request body.
+	//
+	// NOTE: the referred field must be present at the top-level of the request
+	// message type.
+	Body string `protobuf:"bytes,7,opt,name=body,proto3" json:"body,omitempty"`
+	// Optional. The name of the response field whose value is mapped to the HTTP
+	// response body. When omitted, the entire response message will be used
+	// as the HTTP response body.
+	//
+	// NOTE: The referred field must be present at the top-level of the response
+	// message type.
+	ResponseBody string `protobuf:"bytes,12,opt,name=response_body,json=responseBody,proto3" json:"response_body,omitempty"`
 	// Additional HTTP bindings for the selector. Nested bindings must
 	// not contain an `additional_bindings` field themselves (that is,
 	// the nesting may only be one level deep).
-	AdditionalBindings   []*HttpRule `protobuf:"bytes,11,rep,name=additional_bindings,json=additionalBindings" json:"additional_bindings,omitempty"`
+	AdditionalBindings   []*HttpRule `protobuf:"bytes,11,rep,name=additional_bindings,json=additionalBindings,proto3" json:"additional_bindings,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
 	XXX_unrecognized     []byte      `json:"-"`
 	XXX_sizecache        int32       `json:"-"`
@@ -328,16 +393,17 @@ func (m *HttpRule) Reset()         { *m = HttpRule{} }
 func (m *HttpRule) String() string { return proto.CompactTextString(m) }
 func (*HttpRule) ProtoMessage()    {}
 func (*HttpRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_http_9c97bbd8b94894d4, []int{1}
+	return fileDescriptor_ff9994be407cdcc9, []int{1}
 }
+
 func (m *HttpRule) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_HttpRule.Unmarshal(m, b)
 }
 func (m *HttpRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_HttpRule.Marshal(b, m, deterministic)
 }
-func (dst *HttpRule) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_HttpRule.Merge(dst, src)
+func (m *HttpRule) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HttpRule.Merge(m, src)
 }
 func (m *HttpRule) XXX_Size() int {
 	return xxx_messageInfo_HttpRule.Size(m)
@@ -348,34 +414,51 @@ func (m *HttpRule) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_HttpRule proto.InternalMessageInfo
 
+func (m *HttpRule) GetSelector() string {
+	if m != nil {
+		return m.Selector
+	}
+	return ""
+}
+
 type isHttpRule_Pattern interface {
 	isHttpRule_Pattern()
 }
 
 type HttpRule_Get struct {
-	Get string `protobuf:"bytes,2,opt,name=get,oneof"`
+	Get string `protobuf:"bytes,2,opt,name=get,proto3,oneof"`
 }
+
 type HttpRule_Put struct {
-	Put string `protobuf:"bytes,3,opt,name=put,oneof"`
+	Put string `protobuf:"bytes,3,opt,name=put,proto3,oneof"`
 }
+
 type HttpRule_Post struct {
-	Post string `protobuf:"bytes,4,opt,name=post,oneof"`
+	Post string `protobuf:"bytes,4,opt,name=post,proto3,oneof"`
 }
+
 type HttpRule_Delete struct {
-	Delete string `protobuf:"bytes,5,opt,name=delete,oneof"`
+	Delete string `protobuf:"bytes,5,opt,name=delete,proto3,oneof"`
 }
+
 type HttpRule_Patch struct {
-	Patch string `protobuf:"bytes,6,opt,name=patch,oneof"`
+	Patch string `protobuf:"bytes,6,opt,name=patch,proto3,oneof"`
 }
+
 type HttpRule_Custom struct {
-	Custom *CustomHttpPattern `protobuf:"bytes,8,opt,name=custom,oneof"`
+	Custom *CustomHttpPattern `protobuf:"bytes,8,opt,name=custom,proto3,oneof"`
 }
 
-func (*HttpRule_Get) isHttpRule_Pattern()    {}
-func (*HttpRule_Put) isHttpRule_Pattern()    {}
-func (*HttpRule_Post) isHttpRule_Pattern()   {}
+func (*HttpRule_Get) isHttpRule_Pattern() {}
+
+func (*HttpRule_Put) isHttpRule_Pattern() {}
+
+func (*HttpRule_Post) isHttpRule_Pattern() {}
+
 func (*HttpRule_Delete) isHttpRule_Pattern() {}
-func (*HttpRule_Patch) isHttpRule_Pattern()  {}
+
+func (*HttpRule_Patch) isHttpRule_Pattern() {}
+
 func (*HttpRule_Custom) isHttpRule_Pattern() {}
 
 func (m *HttpRule) GetPattern() isHttpRule_Pattern {
@@ -385,13 +468,6 @@ func (m *HttpRule) GetPattern() isHttpRule_Pattern {
 	return nil
 }
 
-func (m *HttpRule) GetSelector() string {
-	if m != nil {
-		return m.Selector
-	}
-	return ""
-}
-
 func (m *HttpRule) GetGet() string {
 	if x, ok := m.GetPattern().(*HttpRule_Get); ok {
 		return x.Get
@@ -441,6 +517,13 @@ func (m *HttpRule) GetBody() string {
 	return ""
 }
 
+func (m *HttpRule) GetResponseBody() string {
+	if m != nil {
+		return m.ResponseBody
+	}
+	return ""
+}
+
 func (m *HttpRule) GetAdditionalBindings() []*HttpRule {
 	if m != nil {
 		return m.AdditionalBindings
@@ -448,9 +531,9 @@ func (m *HttpRule) GetAdditionalBindings() []*HttpRule {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*HttpRule) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _HttpRule_OneofMarshaler, _HttpRule_OneofUnmarshaler, _HttpRule_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*HttpRule) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*HttpRule_Get)(nil),
 		(*HttpRule_Put)(nil),
 		(*HttpRule_Post)(nil),
@@ -460,130 +543,12 @@ func (*HttpRule) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) erro
 	}
 }
 
-func _HttpRule_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*HttpRule)
-	// pattern
-	switch x := m.Pattern.(type) {
-	case *HttpRule_Get:
-		b.EncodeVarint(2<<3 | proto.WireBytes)
-		b.EncodeStringBytes(x.Get)
-	case *HttpRule_Put:
-		b.EncodeVarint(3<<3 | proto.WireBytes)
-		b.EncodeStringBytes(x.Put)
-	case *HttpRule_Post:
-		b.EncodeVarint(4<<3 | proto.WireBytes)
-		b.EncodeStringBytes(x.Post)
-	case *HttpRule_Delete:
-		b.EncodeVarint(5<<3 | proto.WireBytes)
-		b.EncodeStringBytes(x.Delete)
-	case *HttpRule_Patch:
-		b.EncodeVarint(6<<3 | proto.WireBytes)
-		b.EncodeStringBytes(x.Patch)
-	case *HttpRule_Custom:
-		b.EncodeVarint(8<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.Custom); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("HttpRule.Pattern has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _HttpRule_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*HttpRule)
-	switch tag {
-	case 2: // pattern.get
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Pattern = &HttpRule_Get{x}
-		return true, err
-	case 3: // pattern.put
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Pattern = &HttpRule_Put{x}
-		return true, err
-	case 4: // pattern.post
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Pattern = &HttpRule_Post{x}
-		return true, err
-	case 5: // pattern.delete
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Pattern = &HttpRule_Delete{x}
-		return true, err
-	case 6: // pattern.patch
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Pattern = &HttpRule_Patch{x}
-		return true, err
-	case 8: // pattern.custom
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(CustomHttpPattern)
-		err := b.DecodeMessage(msg)
-		m.Pattern = &HttpRule_Custom{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _HttpRule_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*HttpRule)
-	// pattern
-	switch x := m.Pattern.(type) {
-	case *HttpRule_Get:
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(len(x.Get)))
-		n += len(x.Get)
-	case *HttpRule_Put:
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(len(x.Put)))
-		n += len(x.Put)
-	case *HttpRule_Post:
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(len(x.Post)))
-		n += len(x.Post)
-	case *HttpRule_Delete:
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(len(x.Delete)))
-		n += len(x.Delete)
-	case *HttpRule_Patch:
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(len(x.Patch)))
-		n += len(x.Patch)
-	case *HttpRule_Custom:
-		s := proto.Size(x.Custom)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // A custom pattern is used for defining custom HTTP verb.
 type CustomHttpPattern struct {
 	// The name of this custom HTTP verb.
-	Kind string `protobuf:"bytes,1,opt,name=kind" json:"kind,omitempty"`
+	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
 	// The path matched by this custom verb.
-	Path                 string   `protobuf:"bytes,2,opt,name=path" json:"path,omitempty"`
+	Path                 string   `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -593,16 +558,17 @@ func (m *CustomHttpPattern) Reset()         { *m = CustomHttpPattern{} }
 func (m *CustomHttpPattern) String() string { return proto.CompactTextString(m) }
 func (*CustomHttpPattern) ProtoMessage()    {}
 func (*CustomHttpPattern) Descriptor() ([]byte, []int) {
-	return fileDescriptor_http_9c97bbd8b94894d4, []int{2}
+	return fileDescriptor_ff9994be407cdcc9, []int{2}
 }
+
 func (m *CustomHttpPattern) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_CustomHttpPattern.Unmarshal(m, b)
 }
 func (m *CustomHttpPattern) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_CustomHttpPattern.Marshal(b, m, deterministic)
 }
-func (dst *CustomHttpPattern) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CustomHttpPattern.Merge(dst, src)
+func (m *CustomHttpPattern) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CustomHttpPattern.Merge(m, src)
 }
 func (m *CustomHttpPattern) XXX_Size() int {
 	return xxx_messageInfo_CustomHttpPattern.Size(m)
@@ -633,34 +599,37 @@ func init() {
 	proto.RegisterType((*CustomHttpPattern)(nil), "google.api.CustomHttpPattern")
 }
 
-func init() { proto.RegisterFile("google/api/http.proto", fileDescriptor_http_9c97bbd8b94894d4) }
-
-var fileDescriptor_http_9c97bbd8b94894d4 = []byte{
-	// 401 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x92, 0x41, 0xab, 0x13, 0x31,
-	0x10, 0xc7, 0xdd, 0x76, 0xdb, 0xd7, 0x4e, 0x41, 0x30, 0x3e, 0x25, 0x88, 0x62, 0xe9, 0xa9, 0x78,
-	0xd8, 0xc2, 0xf3, 0xe0, 0xe1, 0x9d, 0x5e, 0xb5, 0xf8, 0xbc, 0x95, 0x3d, 0x7a, 0x29, 0xe9, 0x66,
-	0x4c, 0xa3, 0x79, 0x49, 0xd8, 0xcc, 0x8a, 0xfd, 0x3a, 0x7e, 0x07, 0xbf, 0x9b, 0x47, 0x49, 0x36,
-	0xb5, 0x05, 0xc1, 0xdb, 0xfc, 0xff, 0xf3, 0xcb, 0xcc, 0x64, 0x18, 0x78, 0xa6, 0x9c, 0x53, 0x06,
-	0x57, 0xc2, 0xeb, 0xd5, 0x81, 0xc8, 0x57, 0xbe, 0x75, 0xe4, 0x18, 0xf4, 0x76, 0x25, 0xbc, 0x5e,
-	0x1c, 0xa1, 0xbc, 0x27, 0xf2, 0xec, 0x0d, 0x8c, 0xda, 0xce, 0x60, 0xe0, 0xc5, 0x7c, 0xb8, 0x9c,
-	0xdd, 0x5c, 0x57, 0x67, 0xa6, 0x8a, 0x40, 0xdd, 0x19, 0xac, 0x7b, 0x84, 0x6d, 0xe0, 0xf5, 0x97,
-	0xce, 0x98, 0xe3, 0x4e, 0x62, 0xe3, 0x24, 0xee, 0x5a, 0x0c, 0xd8, 0x7e, 0x47, 0xb9, 0xc3, 0x1f,
-	0x5e, 0xd8, 0xa0, 0x9d, 0xe5, 0x83, 0x79, 0xb1, 0x9c, 0xd4, 0x2f, 0x13, 0xf6, 0x21, 0x51, 0x75,
-	0x86, 0x36, 0x27, 0x66, 0xf1, 0x6b, 0x00, 0x93, 0x53, 0x69, 0xf6, 0x02, 0x26, 0x01, 0x0d, 0x36,
-	0xe4, 0x5a, 0x5e, 0xcc, 0x8b, 0xe5, 0xb4, 0xfe, 0xab, 0x19, 0x83, 0xa1, 0x42, 0x4a, 0x35, 0xa7,
-	0xf7, 0x8f, 0xea, 0x28, 0xa2, 0xe7, 0x3b, 0xe2, 0xc3, 0x93, 0xe7, 0x3b, 0x62, 0xd7, 0x50, 0x7a,
-	0x17, 0x88, 0x97, 0xd9, 0x4c, 0x8a, 0x71, 0x18, 0x4b, 0x34, 0x48, 0xc8, 0x47, 0xd9, 0xcf, 0x9a,
-	0x3d, 0x87, 0x91, 0x17, 0xd4, 0x1c, 0xf8, 0x38, 0x27, 0x7a, 0xc9, 0xde, 0xc1, 0xb8, 0xe9, 0x02,
-	0xb9, 0x07, 0x3e, 0x99, 0x17, 0xcb, 0xd9, 0xcd, 0xab, 0xcb, 0x65, 0xbc, 0x4f, 0x99, 0x38, 0xf7,
-	0x56, 0x10, 0x61, 0x6b, 0x63, 0xc1, 0x1e, 0x67, 0x0c, 0xca, 0xbd, 0x93, 0x47, 0x7e, 0x95, 0x3e,
-	0x90, 0x62, 0xb6, 0x81, 0xa7, 0x42, 0x4a, 0x4d, 0xda, 0x59, 0x61, 0x76, 0x7b, 0x6d, 0xa5, 0xb6,
-	0x2a, 0xf0, 0xd9, 0x7f, 0xd6, 0xcc, 0xce, 0x0f, 0xd6, 0x99, 0x5f, 0x4f, 0xe1, 0xca, 0xf7, 0xfd,
-	0x16, 0xb7, 0xf0, 0xe4, 0x9f, 0x21, 0x62, 0xeb, 0x6f, 0xda, 0xca, 0xbc, 0xbb, 0x14, 0x47, 0xcf,
-	0x0b, 0x3a, 0xf4, 0x8b, 0xab, 0x53, 0xbc, 0xfe, 0x0a, 0x8f, 0x1b, 0xf7, 0x70, 0xd1, 0x76, 0x3d,
-	0x4d, 0x65, 0xe2, 0x61, 0x6c, 0x8b, 0xcf, 0x77, 0x39, 0xa1, 0x9c, 0x11, 0x56, 0x55, 0xae, 0x55,
-	0x2b, 0x85, 0x36, 0x9d, 0xcd, 0xaa, 0x4f, 0x09, 0xaf, 0x43, 0x3a, 0x28, 0x61, 0xad, 0x23, 0x11,
-	0xc7, 0x0c, 0xb7, 0x17, 0xf1, 0xef, 0xa2, 0xf8, 0x39, 0x28, 0x3f, 0xde, 0x6d, 0x3f, 0xed, 0xc7,
-	0xe9, 0xdd, 0xdb, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x73, 0x2c, 0xed, 0xfb, 0x87, 0x02, 0x00,
-	0x00,
+func init() {
+	proto.RegisterFile("google/api/http.proto", fileDescriptor_ff9994be407cdcc9)
+}
+
+var fileDescriptor_ff9994be407cdcc9 = []byte{
+	// 419 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x92, 0xc1, 0x8e, 0xd3, 0x30,
+	0x10, 0x86, 0x49, 0x9b, 0x76, 0xdb, 0xe9, 0x82, 0x84, 0x59, 0x90, 0x85, 0x40, 0x54, 0xe5, 0x52,
+	0x71, 0x48, 0xa5, 0xe5, 0xc0, 0x61, 0x4f, 0x1b, 0xa8, 0x58, 0x6e, 0x55, 0x8e, 0x5c, 0x22, 0x37,
+	0x1e, 0x52, 0x83, 0xd7, 0xb6, 0xe2, 0x09, 0xa2, 0xaf, 0xc3, 0x63, 0xf1, 0x24, 0x1c, 0x91, 0x9d,
+	0x84, 0x56, 0x42, 0xe2, 0x36, 0xf3, 0xff, 0x9f, 0xa7, 0x7f, 0x27, 0x03, 0x4f, 0x6b, 0x6b, 0x6b,
+	0x8d, 0x1b, 0xe1, 0xd4, 0xe6, 0x40, 0xe4, 0x32, 0xd7, 0x58, 0xb2, 0x0c, 0x3a, 0x39, 0x13, 0x4e,
+	0xad, 0x8e, 0x90, 0xde, 0x11, 0x39, 0xf6, 0x06, 0x26, 0x4d, 0xab, 0xd1, 0xf3, 0x64, 0x39, 0x5e,
+	0x2f, 0xae, 0xaf, 0xb2, 0x13, 0x93, 0x05, 0xa0, 0x68, 0x35, 0x16, 0x1d, 0xc2, 0xb6, 0xf0, 0xea,
+	0x4b, 0xab, 0xf5, 0xb1, 0x94, 0x58, 0x59, 0x89, 0x65, 0x83, 0x1e, 0x9b, 0xef, 0x28, 0x4b, 0xfc,
+	0xe1, 0x84, 0xf1, 0xca, 0x1a, 0x3e, 0x5a, 0x26, 0xeb, 0x59, 0xf1, 0x22, 0x62, 0x1f, 0x22, 0x55,
+	0xf4, 0xd0, 0x76, 0x60, 0x56, 0xbf, 0x46, 0x30, 0x1b, 0x46, 0xb3, 0xe7, 0x30, 0xf3, 0xa8, 0xb1,
+	0x22, 0xdb, 0xf0, 0x64, 0x99, 0xac, 0xe7, 0xc5, 0xdf, 0x9e, 0x31, 0x18, 0xd7, 0x48, 0x71, 0xe6,
+	0xfc, 0xee, 0x41, 0x11, 0x9a, 0xa0, 0xb9, 0x96, 0xf8, 0x78, 0xd0, 0x5c, 0x4b, 0xec, 0x0a, 0x52,
+	0x67, 0x3d, 0xf1, 0xb4, 0x17, 0x63, 0xc7, 0x38, 0x4c, 0x25, 0x6a, 0x24, 0xe4, 0x93, 0x5e, 0xef,
+	0x7b, 0xf6, 0x0c, 0x26, 0x4e, 0x50, 0x75, 0xe0, 0xd3, 0xde, 0xe8, 0x5a, 0xf6, 0x0e, 0xa6, 0x55,
+	0xeb, 0xc9, 0xde, 0xf3, 0xd9, 0x32, 0x59, 0x2f, 0xae, 0x5f, 0x9e, 0x2f, 0xe3, 0x7d, 0x74, 0x42,
+	0xee, 0x9d, 0x20, 0xc2, 0xc6, 0x84, 0x81, 0x1d, 0xce, 0x18, 0xa4, 0x7b, 0x2b, 0x8f, 0xfc, 0x22,
+	0xfe, 0x81, 0x58, 0xb3, 0xd7, 0xf0, 0xb0, 0x41, 0xef, 0xac, 0xf1, 0x58, 0x46, 0xf3, 0x32, 0x9a,
+	0x97, 0x83, 0x98, 0x07, 0x68, 0x0b, 0x4f, 0x84, 0x94, 0x8a, 0x94, 0x35, 0x42, 0x97, 0x7b, 0x65,
+	0xa4, 0x32, 0xb5, 0xe7, 0x8b, 0xff, 0x7c, 0x0b, 0x76, 0x7a, 0x90, 0xf7, 0x7c, 0x3e, 0x87, 0x0b,
+	0xd7, 0x85, 0x5a, 0xdd, 0xc0, 0xe3, 0x7f, 0x92, 0x86, 0x7c, 0xdf, 0x94, 0x91, 0xfd, 0x82, 0x63,
+	0x1d, 0x34, 0x27, 0xe8, 0xd0, 0x6d, 0xb7, 0x88, 0x75, 0xfe, 0x15, 0x1e, 0x55, 0xf6, 0xfe, 0xec,
+	0x67, 0xf3, 0x79, 0x1c, 0x13, 0xae, 0x67, 0x97, 0x7c, 0xbe, 0xed, 0x8d, 0xda, 0x6a, 0x61, 0xea,
+	0xcc, 0x36, 0xf5, 0xa6, 0x46, 0x13, 0x6f, 0x6b, 0xd3, 0x59, 0xc2, 0x29, 0x1f, 0xaf, 0x4e, 0x18,
+	0x63, 0x49, 0x84, 0x98, 0xfe, 0xe6, 0xac, 0xfe, 0x9d, 0x24, 0x3f, 0x47, 0xe9, 0xc7, 0xdb, 0xdd,
+	0xa7, 0xfd, 0x34, 0xbe, 0x7b, 0xfb, 0x27, 0x00, 0x00, 0xff, 0xff, 0xae, 0xde, 0xa1, 0xd0, 0xac,
+	0x02, 0x00, 0x00,
 }
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go
new file mode 100644
index 0000000000000..d1d8eb54a3e2c
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go
@@ -0,0 +1,443 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: google/api/resource.proto
+
+package annotations
+
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	descriptor "github.com/golang/protobuf/protoc-gen-go/descriptor"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// A description of the historical or future-looking state of the
+// resource pattern.
+type ResourceDescriptor_History int32
+
+const (
+	// The "unset" value.
+	ResourceDescriptor_HISTORY_UNSPECIFIED ResourceDescriptor_History = 0
+	// The resource originally had one pattern and launched as such, and
+	// additional patterns were added later.
+	ResourceDescriptor_ORIGINALLY_SINGLE_PATTERN ResourceDescriptor_History = 1
+	// The resource has one pattern, but the API owner expects to add more
+	// later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents
+	// that from being necessary once there are multiple patterns.)
+	ResourceDescriptor_FUTURE_MULTI_PATTERN ResourceDescriptor_History = 2
+)
+
+var ResourceDescriptor_History_name = map[int32]string{
+	0: "HISTORY_UNSPECIFIED",
+	1: "ORIGINALLY_SINGLE_PATTERN",
+	2: "FUTURE_MULTI_PATTERN",
+}
+
+var ResourceDescriptor_History_value = map[string]int32{
+	"HISTORY_UNSPECIFIED":       0,
+	"ORIGINALLY_SINGLE_PATTERN": 1,
+	"FUTURE_MULTI_PATTERN":      2,
+}
+
+func (x ResourceDescriptor_History) String() string {
+	return proto.EnumName(ResourceDescriptor_History_name, int32(x))
+}
+
+func (ResourceDescriptor_History) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_465e9122405d1bb5, []int{0, 0}
+}
+
+// A simple descriptor of a resource type.
+//
+// ResourceDescriptor annotates a resource message (either by means of a
+// protobuf annotation or use in the service config), and associates the
+// resource's schema, the resource type, and the pattern of the resource name.
+//
+// Example:
+//
+//     message Topic {
+//       // Indicates this message defines a resource schema.
+//       // Declares the resource type in the format of {service}/{kind}.
+//       // For Kubernetes resources, the format is {api group}/{kind}.
+//       option (google.api.resource) = {
+//         type: "pubsub.googleapis.com/Topic"
+//         name_descriptor: {
+//           pattern: "projects/{project}/topics/{topic}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Project"
+//           parent_name_extractor: "projects/{project}"
+//         }
+//       };
+//     }
+//
+// The ResourceDescriptor Yaml config will look like:
+//
+//    resources:
+//    - type: "pubsub.googleapis.com/Topic"
+//      name_descriptor:
+//        - pattern: "projects/{project}/topics/{topic}"
+//          parent_type: "cloudresourcemanager.googleapis.com/Project"
+//          parent_name_extractor: "projects/{project}"
+//
+// Sometimes, resources have multiple patterns, typically because they can
+// live under multiple parents.
+//
+// Example:
+//
+//     message LogEntry {
+//       option (google.api.resource) = {
+//         type: "logging.googleapis.com/LogEntry"
+//         name_descriptor: {
+//           pattern: "projects/{project}/logs/{log}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Project"
+//           parent_name_extractor: "projects/{project}"
+//         }
+//         name_descriptor: {
+//           pattern: "folders/{folder}/logs/{log}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+//           parent_name_extractor: "folders/{folder}"
+//         }
+//         name_descriptor: {
+//           pattern: "organizations/{organization}/logs/{log}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Organization"
+//           parent_name_extractor: "organizations/{organization}"
+//         }
+//         name_descriptor: {
+//           pattern: "billingAccounts/{billing_account}/logs/{log}"
+//           parent_type: "billing.googleapis.com/BillingAccount"
+//           parent_name_extractor: "billingAccounts/{billing_account}"
+//         }
+//       };
+//     }
+//
+// The ResourceDescriptor Yaml config will look like:
+//
+//     resources:
+//     - type: 'logging.googleapis.com/LogEntry'
+//       name_descriptor:
+//         - pattern: "projects/{project}/logs/{log}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Project"
+//           parent_name_extractor: "projects/{project}"
+//         - pattern: "folders/{folder}/logs/{log}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+//           parent_name_extractor: "folders/{folder}"
+//         - pattern: "organizations/{organization}/logs/{log}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Organization"
+//           parent_name_extractor: "organizations/{organization}"
+//         - pattern: "billingAccounts/{billing_account}/logs/{log}"
+//           parent_type: "billing.googleapis.com/BillingAccount"
+//           parent_name_extractor: "billingAccounts/{billing_account}"
+//
+// For flexible resources, the resource name doesn't contain parent names, but
+// the resource itself has parents for policy evaluation.
+//
+// Example:
+//
+//     message Shelf {
+//       option (google.api.resource) = {
+//         type: "library.googleapis.com/Shelf"
+//         name_descriptor: {
+//           pattern: "shelves/{shelf}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Project"
+//         }
+//         name_descriptor: {
+//           pattern: "shelves/{shelf}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+//         }
+//       };
+//     }
+//
+// The ResourceDescriptor Yaml config will look like:
+//
+//     resources:
+//     - type: 'library.googleapis.com/Shelf'
+//       name_descriptor:
+//         - pattern: "shelves/{shelf}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Project"
+//         - pattern: "shelves/{shelf}"
+//           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+type ResourceDescriptor struct {
+	// The resource type. It must be in the format of
+	// {service_name}/{resource_type_kind}. The `resource_type_kind` must be
+	// singular and must not include version numbers.
+	//
+	// Example: `storage.googleapis.com/Bucket`
+	//
+	// The value of the resource_type_kind must follow the regular expression
+	// /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and
+	// should use PascalCase (UpperCamelCase). The maximum number of
+	// characters allowed for the `resource_type_kind` is 100.
+	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	// Optional. The relative resource name pattern associated with this resource
+	// type. The DNS prefix of the full resource name shouldn't be specified here.
+	//
+	// The path pattern must follow the syntax, which aligns with HTTP binding
+	// syntax:
+	//
+	//     Template = Segment { "/" Segment } ;
+	//     Segment = LITERAL | Variable ;
+	//     Variable = "{" LITERAL "}" ;
+	//
+	// Examples:
+	//
+	//     - "projects/{project}/topics/{topic}"
+	//     - "projects/{project}/knowledgeBases/{knowledge_base}"
+	//
+	// The components in braces correspond to the IDs for each resource in the
+	// hierarchy. It is expected that, if multiple patterns are provided,
+	// the same component name (e.g. "project") refers to IDs of the same
+	// type of resource.
+	Pattern []string `protobuf:"bytes,2,rep,name=pattern,proto3" json:"pattern,omitempty"`
+	// Optional. The field on the resource that designates the resource name
+	// field. If omitted, this is assumed to be "name".
+	NameField string `protobuf:"bytes,3,opt,name=name_field,json=nameField,proto3" json:"name_field,omitempty"`
+	// Optional. The historical or future-looking state of the resource pattern.
+	//
+	// Example:
+	//
+	//     // The InspectTemplate message originally only supported resource
+	//     // names with organization, and project was added later.
+	//     message InspectTemplate {
+	//       option (google.api.resource) = {
+	//         type: "dlp.googleapis.com/InspectTemplate"
+	//         pattern:
+	//         "organizations/{organization}/inspectTemplates/{inspect_template}"
+	//         pattern: "projects/{project}/inspectTemplates/{inspect_template}"
+	//         history: ORIGINALLY_SINGLE_PATTERN
+	//       };
+	//     }
+	History ResourceDescriptor_History `protobuf:"varint,4,opt,name=history,proto3,enum=google.api.ResourceDescriptor_History" json:"history,omitempty"`
+	// The plural name used in the resource name, such as 'projects' for
+	// the name of 'projects/{project}'. It is the same concept of the `plural`
+	// field in k8s CRD spec
+	// https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+	Plural string `protobuf:"bytes,5,opt,name=plural,proto3" json:"plural,omitempty"`
+	// The same concept of the `singular` field in k8s CRD spec
+	// https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+	// Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+	Singular             string   `protobuf:"bytes,6,opt,name=singular,proto3" json:"singular,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ResourceDescriptor) Reset()         { *m = ResourceDescriptor{} }
+func (m *ResourceDescriptor) String() string { return proto.CompactTextString(m) }
+func (*ResourceDescriptor) ProtoMessage()    {}
+func (*ResourceDescriptor) Descriptor() ([]byte, []int) {
+	return fileDescriptor_465e9122405d1bb5, []int{0}
+}
+
+func (m *ResourceDescriptor) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ResourceDescriptor.Unmarshal(m, b)
+}
+func (m *ResourceDescriptor) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ResourceDescriptor.Marshal(b, m, deterministic)
+}
+func (m *ResourceDescriptor) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResourceDescriptor.Merge(m, src)
+}
+func (m *ResourceDescriptor) XXX_Size() int {
+	return xxx_messageInfo_ResourceDescriptor.Size(m)
+}
+func (m *ResourceDescriptor) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResourceDescriptor.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ResourceDescriptor proto.InternalMessageInfo
+
+func (m *ResourceDescriptor) GetType() string {
+	if m != nil {
+		return m.Type
+	}
+	return ""
+}
+
+func (m *ResourceDescriptor) GetPattern() []string {
+	if m != nil {
+		return m.Pattern
+	}
+	return nil
+}
+
+func (m *ResourceDescriptor) GetNameField() string {
+	if m != nil {
+		return m.NameField
+	}
+	return ""
+}
+
+func (m *ResourceDescriptor) GetHistory() ResourceDescriptor_History {
+	if m != nil {
+		return m.History
+	}
+	return ResourceDescriptor_HISTORY_UNSPECIFIED
+}
+
+func (m *ResourceDescriptor) GetPlural() string {
+	if m != nil {
+		return m.Plural
+	}
+	return ""
+}
+
+func (m *ResourceDescriptor) GetSingular() string {
+	if m != nil {
+		return m.Singular
+	}
+	return ""
+}
+
+// Defines a proto annotation that describes a string field that refers to
+// an API resource.
+type ResourceReference struct {
+	// The resource type that the annotated field references.
+	//
+	// Example:
+	//
+	//     message Subscription {
+	//       string topic = 2 [(google.api.resource_reference) = {
+	//         type: "pubsub.googleapis.com/Topic"
+	//       }];
+	//     }
+	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	// The resource type of a child collection that the annotated field
+	// references. This is useful for annotating the `parent` field that
+	// doesn't have a fixed resource type.
+	//
+	// Example:
+	//
+	//   message ListLogEntriesRequest {
+	//     string parent = 1 [(google.api.resource_reference) = {
+	//       child_type: "logging.googleapis.com/LogEntry"
+	//     };
+	//   }
+	ChildType            string   `protobuf:"bytes,2,opt,name=child_type,json=childType,proto3" json:"child_type,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ResourceReference) Reset()         { *m = ResourceReference{} }
+func (m *ResourceReference) String() string { return proto.CompactTextString(m) }
+func (*ResourceReference) ProtoMessage()    {}
+func (*ResourceReference) Descriptor() ([]byte, []int) {
+	return fileDescriptor_465e9122405d1bb5, []int{1}
+}
+
+func (m *ResourceReference) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ResourceReference.Unmarshal(m, b)
+}
+func (m *ResourceReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ResourceReference.Marshal(b, m, deterministic)
+}
+func (m *ResourceReference) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResourceReference.Merge(m, src)
+}
+func (m *ResourceReference) XXX_Size() int {
+	return xxx_messageInfo_ResourceReference.Size(m)
+}
+func (m *ResourceReference) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResourceReference.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ResourceReference proto.InternalMessageInfo
+
+func (m *ResourceReference) GetType() string {
+	if m != nil {
+		return m.Type
+	}
+	return ""
+}
+
+func (m *ResourceReference) GetChildType() string {
+	if m != nil {
+		return m.ChildType
+	}
+	return ""
+}
+
+var E_ResourceReference = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.FieldOptions)(nil),
+	ExtensionType: (*ResourceReference)(nil),
+	Field:         1055,
+	Name:          "google.api.resource_reference",
+	Tag:           "bytes,1055,opt,name=resource_reference",
+	Filename:      "google/api/resource.proto",
+}
+
+var E_ResourceDefinition = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.FileOptions)(nil),
+	ExtensionType: ([]*ResourceDescriptor)(nil),
+	Field:         1053,
+	Name:          "google.api.resource_definition",
+	Tag:           "bytes,1053,rep,name=resource_definition",
+	Filename:      "google/api/resource.proto",
+}
+
+var E_Resource = &proto.ExtensionDesc{
+	ExtendedType:  (*descriptor.MessageOptions)(nil),
+	ExtensionType: (*ResourceDescriptor)(nil),
+	Field:         1053,
+	Name:          "google.api.resource",
+	Tag:           "bytes,1053,opt,name=resource",
+	Filename:      "google/api/resource.proto",
+}
+
+func init() {
+	proto.RegisterEnum("google.api.ResourceDescriptor_History", ResourceDescriptor_History_name, ResourceDescriptor_History_value)
+	proto.RegisterType((*ResourceDescriptor)(nil), "google.api.ResourceDescriptor")
+	proto.RegisterType((*ResourceReference)(nil), "google.api.ResourceReference")
+	proto.RegisterExtension(E_ResourceReference)
+	proto.RegisterExtension(E_ResourceDefinition)
+	proto.RegisterExtension(E_Resource)
+}
+
+func init() {
+	proto.RegisterFile("google/api/resource.proto", fileDescriptor_465e9122405d1bb5)
+}
+
+var fileDescriptor_465e9122405d1bb5 = []byte{
+	// 490 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x53, 0xcd, 0x6e, 0xd3, 0x4c,
+	0x14, 0xfd, 0x9c, 0xe4, 0xcb, 0xcf, 0xad, 0xa8, 0xda, 0x29, 0x02, 0xb7, 0x22, 0x60, 0x65, 0x81,
+	0xb2, 0xb2, 0xa5, 0xb0, 0x0b, 0x1b, 0x52, 0xe2, 0xa4, 0x96, 0xd2, 0xc4, 0x9a, 0x38, 0x8b, 0x02,
+	0x92, 0x35, 0x75, 0x26, 0xee, 0x48, 0xee, 0xcc, 0x68, 0xec, 0x2c, 0xf2, 0x30, 0x08, 0x89, 0x67,
+	0xe0, 0xe1, 0x58, 0xa2, 0x8c, 0x7f, 0x88, 0x68, 0x84, 0xd8, 0xcd, 0xbd, 0xe7, 0xde, 0x73, 0x8e,
+	0xcf, 0x95, 0xe1, 0x32, 0x16, 0x22, 0x4e, 0xa8, 0x43, 0x24, 0x73, 0x14, 0x4d, 0xc5, 0x56, 0x45,
+	0xd4, 0x96, 0x4a, 0x64, 0x02, 0x41, 0x0e, 0xd9, 0x44, 0xb2, 0x2b, 0xab, 0x18, 0xd3, 0xc8, 0xfd,
+	0x76, 0xe3, 0xac, 0x69, 0x1a, 0x29, 0x26, 0x33, 0xa1, 0xf2, 0xe9, 0xde, 0x8f, 0x1a, 0x20, 0x5c,
+	0x10, 0x8c, 0x2b, 0x10, 0x21, 0x68, 0x64, 0x3b, 0x49, 0x4d, 0xc3, 0x32, 0xfa, 0x1d, 0xac, 0xdf,
+	0xc8, 0x84, 0x96, 0x24, 0x59, 0x46, 0x15, 0x37, 0x6b, 0x56, 0xbd, 0xdf, 0xc1, 0x65, 0x89, 0xba,
+	0x00, 0x9c, 0x3c, 0xd2, 0x70, 0xc3, 0x68, 0xb2, 0x36, 0xeb, 0x7a, 0xa7, 0xb3, 0xef, 0x4c, 0xf6,
+	0x0d, 0xf4, 0x01, 0x5a, 0x0f, 0x2c, 0xcd, 0x84, 0xda, 0x99, 0x0d, 0xcb, 0xe8, 0x9f, 0x0e, 0xde,
+	0xda, 0xbf, 0x3d, 0xda, 0x4f, 0xd5, 0xed, 0x9b, 0x7c, 0x1a, 0x97, 0x6b, 0xe8, 0x05, 0x34, 0x65,
+	0xb2, 0x55, 0x24, 0x31, 0xff, 0xd7, 0xe4, 0x45, 0x85, 0xae, 0xa0, 0x9d, 0x32, 0x1e, 0x6f, 0x13,
+	0xa2, 0xcc, 0xa6, 0x46, 0xaa, 0xba, 0xf7, 0x19, 0x5a, 0x05, 0x0f, 0x7a, 0x09, 0x17, 0x37, 0xde,
+	0x32, 0x58, 0xe0, 0xbb, 0x70, 0x35, 0x5f, 0xfa, 0xee, 0x47, 0x6f, 0xe2, 0xb9, 0xe3, 0xb3, 0xff,
+	0x50, 0x17, 0x2e, 0x17, 0xd8, 0x9b, 0x7a, 0xf3, 0xd1, 0x6c, 0x76, 0x17, 0x2e, 0xbd, 0xf9, 0x74,
+	0xe6, 0x86, 0xfe, 0x28, 0x08, 0x5c, 0x3c, 0x3f, 0x33, 0x90, 0x09, 0xcf, 0x27, 0xab, 0x60, 0x85,
+	0xdd, 0xf0, 0x76, 0x35, 0x0b, 0xbc, 0x0a, 0xa9, 0xf5, 0x26, 0x70, 0x5e, 0xfa, 0xc6, 0x74, 0x43,
+	0x15, 0xe5, 0x11, 0x3d, 0x1a, 0x5a, 0x17, 0x20, 0x7a, 0x60, 0xc9, 0x3a, 0xd4, 0x48, 0x2d, 0x8f,
+	0x46, 0x77, 0x82, 0x9d, 0xa4, 0xc3, 0x04, 0x50, 0x79, 0xbe, 0x50, 0x55, 0x44, 0xdd, 0x32, 0x9f,
+	0xf2, 0x6e, 0xb6, 0x0e, 0x72, 0x21, 0x33, 0x26, 0x78, 0x6a, 0x7e, 0x6b, 0x5b, 0x46, 0xff, 0x64,
+	0xd0, 0x3d, 0x96, 0x62, 0xe5, 0x06, 0x9f, 0xab, 0x3f, 0x5b, 0x43, 0x0e, 0x17, 0x95, 0xda, 0x9a,
+	0x6e, 0x18, 0x67, 0x7b, 0x42, 0xf4, 0xea, 0x88, 0x5c, 0x42, 0x4b, 0xb5, 0xaf, 0x6d, 0xab, 0xde,
+	0x3f, 0x19, 0xbc, 0xfe, 0xfb, 0xcd, 0x70, 0xf5, 0x1d, 0xe3, 0x8a, 0x78, 0xf8, 0x05, 0xda, 0x65,
+	0x17, 0xbd, 0x79, 0x22, 0x72, 0x4b, 0xd3, 0x94, 0xc4, 0x87, 0x3a, 0xc6, 0x3f, 0xe8, 0x54, 0x8c,
+	0xd7, 0x1c, 0x4e, 0x23, 0xf1, 0x78, 0x30, 0x7e, 0xfd, 0xac, 0x9c, 0xf7, 0xf7, 0x1a, 0xbe, 0xf1,
+	0x69, 0x54, 0x80, 0xb1, 0x48, 0x08, 0x8f, 0x6d, 0xa1, 0x62, 0x27, 0xa6, 0x5c, 0x3b, 0x70, 0x72,
+	0x88, 0x48, 0x96, 0xea, 0xbf, 0x88, 0x70, 0x2e, 0x32, 0xa2, 0xad, 0xbc, 0x3f, 0x78, 0xff, 0x34,
+	0x8c, 0xef, 0xb5, 0xc6, 0x74, 0xe4, 0x7b, 0xf7, 0x4d, 0xbd, 0xf7, 0xee, 0x57, 0x00, 0x00, 0x00,
+	0xff, 0xff, 0x75, 0x12, 0x53, 0xef, 0x7c, 0x03, 0x00, 0x00,
+}
diff --git a/vendor/google.golang.org/genproto/googleapis/api/distribution/distribution.pb.go b/vendor/google.golang.org/genproto/googleapis/api/distribution/distribution.pb.go
index 2933b14174139..31b6392c4ba1e 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/distribution/distribution.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/distribution/distribution.pb.go
@@ -1,14 +1,16 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/api/distribution.proto
 
-package distribution // import "google.golang.org/genproto/googleapis/api/distribution"
+package distribution
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/golang/protobuf/ptypes/any"
-import _ "github.com/golang/protobuf/ptypes/timestamp"
-import _ "google.golang.org/genproto/googleapis/api/annotations"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	any "github.com/golang/protobuf/ptypes/any"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -19,31 +21,32 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
-// Distribution contains summary statistics for a population of values and,
-// optionally, a histogram representing the distribution of those values across
-// a specified set of histogram buckets.
+// `Distribution` contains summary statistics for a population of values. It
+// optionally contains a histogram representing the distribution of those values
+// across a set of buckets.
 //
 // The summary statistics are the count, mean, sum of the squared deviation from
 // the mean, the minimum, and the maximum of the set of population of values.
-//
 // The histogram is based on a sequence of buckets and gives a count of values
-// that fall into each bucket.  The boundaries of the buckets are given either
-// explicitly or by specifying parameters for a method of computing them
-// (buckets of fixed width or buckets of exponentially increasing width).
+// that fall into each bucket. The boundaries of the buckets are given either
+// explicitly or by formulas for buckets of fixed or exponentially increasing
+// widths.
 //
 // Although it is not forbidden, it is generally a bad idea to include
 // non-finite values (infinities or NaNs) in the population of values, as this
 // will render the `mean` and `sum_of_squared_deviation` fields meaningless.
 type Distribution struct {
-	// The number of values in the population. Must be non-negative.
-	Count int64 `protobuf:"varint,1,opt,name=count" json:"count,omitempty"`
+	// The number of values in the population. Must be non-negative. This value
+	// must equal the sum of the values in `bucket_counts` if a histogram is
+	// provided.
+	Count int64 `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
 	// The arithmetic mean of the values in the population. If `count` is zero
 	// then this field must be zero.
-	Mean float64 `protobuf:"fixed64,2,opt,name=mean" json:"mean,omitempty"`
+	Mean float64 `protobuf:"fixed64,2,opt,name=mean,proto3" json:"mean,omitempty"`
 	// The sum of squared deviations from the mean of the values in the
-	// population.  For values x_i this is:
+	// population. For values x_i this is:
 	//
 	//     Sum[i=1..n]((x_i - mean)^2)
 	//
@@ -51,44 +54,51 @@ type Distribution struct {
 	// describes Welford's method for accumulating this sum in one pass.
 	//
 	// If `count` is zero then this field must be zero.
-	SumOfSquaredDeviation float64 `protobuf:"fixed64,3,opt,name=sum_of_squared_deviation,json=sumOfSquaredDeviation" json:"sum_of_squared_deviation,omitempty"`
+	SumOfSquaredDeviation float64 `protobuf:"fixed64,3,opt,name=sum_of_squared_deviation,json=sumOfSquaredDeviation,proto3" json:"sum_of_squared_deviation,omitempty"`
 	// If specified, contains the range of the population values. The field
 	// must not be present if the `count` is zero.
-	Range *Distribution_Range `protobuf:"bytes,4,opt,name=range" json:"range,omitempty"`
-	// Defines the histogram bucket boundaries.
-	BucketOptions *Distribution_BucketOptions `protobuf:"bytes,6,opt,name=bucket_options,json=bucketOptions" json:"bucket_options,omitempty"`
-	// If `bucket_options` is given, then the sum of the values in `bucket_counts`
-	// must equal the value in `count`.  If `bucket_options` is not given, no
-	// `bucket_counts` fields may be given.
+	Range *Distribution_Range `protobuf:"bytes,4,opt,name=range,proto3" json:"range,omitempty"`
+	// Defines the histogram bucket boundaries. If the distribution does not
+	// contain a histogram, then omit this field.
+	BucketOptions *Distribution_BucketOptions `protobuf:"bytes,6,opt,name=bucket_options,json=bucketOptions,proto3" json:"bucket_options,omitempty"`
+	// The number of values in each bucket of the histogram, as described in
+	// `bucket_options`. If the distribution does not have a histogram, then omit
+	// this field. If there is a histogram, then the sum of the values in
+	// `bucket_counts` must equal the value in the `count` field of the
+	// distribution.
 	//
-	// Bucket counts are given in order under the numbering scheme described
-	// above (the underflow bucket has number 0; the finite buckets, if any,
-	// have numbers 1 through N-2; the overflow bucket has number N-1).
+	// If present, `bucket_counts` should contain N values, where N is the number
+	// of buckets specified in `bucket_options`. If you supply fewer than N
+	// values, the remaining values are assumed to be 0.
 	//
-	// The size of `bucket_counts` must be no greater than N as defined in
-	// `bucket_options`.
-	//
-	// Any suffix of trailing zero bucket_count fields may be omitted.
-	BucketCounts         []int64  `protobuf:"varint,7,rep,packed,name=bucket_counts,json=bucketCounts" json:"bucket_counts,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	// The order of the values in `bucket_counts` follows the bucket numbering
+	// schemes described for the three bucket types. The first value must be the
+	// count for the underflow bucket (number 0). The next N-2 values are the
+	// counts for the finite buckets (number 1 through N-2). The N'th value in
+	// `bucket_counts` is the count for the overflow bucket (number N-1).
+	BucketCounts []int64 `protobuf:"varint,7,rep,packed,name=bucket_counts,json=bucketCounts,proto3" json:"bucket_counts,omitempty"`
+	// Must be in increasing order of `value` field.
+	Exemplars            []*Distribution_Exemplar `protobuf:"bytes,10,rep,name=exemplars,proto3" json:"exemplars,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
+	XXX_unrecognized     []byte                   `json:"-"`
+	XXX_sizecache        int32                    `json:"-"`
 }
 
 func (m *Distribution) Reset()         { *m = Distribution{} }
 func (m *Distribution) String() string { return proto.CompactTextString(m) }
 func (*Distribution) ProtoMessage()    {}
 func (*Distribution) Descriptor() ([]byte, []int) {
-	return fileDescriptor_distribution_a959d81fb1d059d0, []int{0}
+	return fileDescriptor_0835ee0fd90bf943, []int{0}
 }
+
 func (m *Distribution) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Distribution.Unmarshal(m, b)
 }
 func (m *Distribution) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Distribution.Marshal(b, m, deterministic)
 }
-func (dst *Distribution) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Distribution.Merge(dst, src)
+func (m *Distribution) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Distribution.Merge(m, src)
 }
 func (m *Distribution) XXX_Size() int {
 	return xxx_messageInfo_Distribution.Size(m)
@@ -141,12 +151,19 @@ func (m *Distribution) GetBucketCounts() []int64 {
 	return nil
 }
 
+func (m *Distribution) GetExemplars() []*Distribution_Exemplar {
+	if m != nil {
+		return m.Exemplars
+	}
+	return nil
+}
+
 // The range of the population values.
 type Distribution_Range struct {
 	// The minimum of the population values.
-	Min float64 `protobuf:"fixed64,1,opt,name=min" json:"min,omitempty"`
+	Min float64 `protobuf:"fixed64,1,opt,name=min,proto3" json:"min,omitempty"`
 	// The maximum of the population values.
-	Max                  float64  `protobuf:"fixed64,2,opt,name=max" json:"max,omitempty"`
+	Max                  float64  `protobuf:"fixed64,2,opt,name=max,proto3" json:"max,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -156,16 +173,17 @@ func (m *Distribution_Range) Reset()         { *m = Distribution_Range{} }
 func (m *Distribution_Range) String() string { return proto.CompactTextString(m) }
 func (*Distribution_Range) ProtoMessage()    {}
 func (*Distribution_Range) Descriptor() ([]byte, []int) {
-	return fileDescriptor_distribution_a959d81fb1d059d0, []int{0, 0}
+	return fileDescriptor_0835ee0fd90bf943, []int{0, 0}
 }
+
 func (m *Distribution_Range) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Distribution_Range.Unmarshal(m, b)
 }
 func (m *Distribution_Range) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Distribution_Range.Marshal(b, m, deterministic)
 }
-func (dst *Distribution_Range) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Distribution_Range.Merge(dst, src)
+func (m *Distribution_Range) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Distribution_Range.Merge(m, src)
 }
 func (m *Distribution_Range) XXX_Size() int {
 	return xxx_messageInfo_Distribution_Range.Size(m)
@@ -190,29 +208,21 @@ func (m *Distribution_Range) GetMax() float64 {
 	return 0
 }
 
-// A Distribution may optionally contain a histogram of the values in the
-// population.  The histogram is given in `bucket_counts` as counts of values
-// that fall into one of a sequence of non-overlapping buckets.  The sequence
-// of buckets is described by `bucket_options`.
-//
-// A bucket specifies an inclusive lower bound and exclusive upper bound for
-// the values that are counted for that bucket.  The upper bound of a bucket
-// is strictly greater than the lower bound.
-//
-// The sequence of N buckets for a Distribution consists of an underflow
-// bucket (number 0), zero or more finite buckets (number 1 through N - 2) and
-// an overflow bucket (number N - 1).  The buckets are contiguous:  the lower
-// bound of bucket i (i > 0) is the same as the upper bound of bucket i - 1.
-// The buckets span the whole range of finite values: lower bound of the
-// underflow bucket is -infinity and the upper bound of the overflow bucket is
-// +infinity.  The finite buckets are so-called because both bounds are
-// finite.
-//
-// `BucketOptions` describes bucket boundaries in one of three ways.  Two
-// describe the boundaries by giving parameters for a formula to generate
-// boundaries and one gives the bucket boundaries explicitly.
+// `BucketOptions` describes the bucket boundaries used to create a histogram
+// for the distribution. The buckets can be in a linear sequence, an
+// exponential sequence, or each bucket can be specified explicitly.
+// `BucketOptions` does not include the number of values in each bucket.
 //
-// If `bucket_boundaries` is not given, then no `bucket_counts` may be given.
+// A bucket has an inclusive lower bound and exclusive upper bound for the
+// values that are counted for that bucket. The upper bound of a bucket must
+// be strictly greater than the lower bound. The sequence of N buckets for a
+// distribution consists of an underflow bucket (number 0), zero or more
+// finite buckets (number 1 through N - 2) and an overflow bucket (number N -
+// 1). The buckets are contiguous: the lower bound of bucket i (i > 0) is the
+// same as the upper bound of bucket i - 1. The buckets span the whole range
+// of finite values: lower bound of the underflow bucket is -infinity and the
+// upper bound of the overflow bucket is +infinity. The finite buckets are
+// so-called because both bounds are finite.
 type Distribution_BucketOptions struct {
 	// Exactly one of these three fields must be set.
 	//
@@ -230,16 +240,17 @@ func (m *Distribution_BucketOptions) Reset()         { *m = Distribution_BucketO
 func (m *Distribution_BucketOptions) String() string { return proto.CompactTextString(m) }
 func (*Distribution_BucketOptions) ProtoMessage()    {}
 func (*Distribution_BucketOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_distribution_a959d81fb1d059d0, []int{0, 1}
+	return fileDescriptor_0835ee0fd90bf943, []int{0, 1}
 }
+
 func (m *Distribution_BucketOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Distribution_BucketOptions.Unmarshal(m, b)
 }
 func (m *Distribution_BucketOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Distribution_BucketOptions.Marshal(b, m, deterministic)
 }
-func (dst *Distribution_BucketOptions) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Distribution_BucketOptions.Merge(dst, src)
+func (m *Distribution_BucketOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Distribution_BucketOptions.Merge(m, src)
 }
 func (m *Distribution_BucketOptions) XXX_Size() int {
 	return xxx_messageInfo_Distribution_BucketOptions.Size(m)
@@ -255,18 +266,22 @@ type isDistribution_BucketOptions_Options interface {
 }
 
 type Distribution_BucketOptions_LinearBuckets struct {
-	LinearBuckets *Distribution_BucketOptions_Linear `protobuf:"bytes,1,opt,name=linear_buckets,json=linearBuckets,oneof"`
+	LinearBuckets *Distribution_BucketOptions_Linear `protobuf:"bytes,1,opt,name=linear_buckets,json=linearBuckets,proto3,oneof"`
 }
+
 type Distribution_BucketOptions_ExponentialBuckets struct {
-	ExponentialBuckets *Distribution_BucketOptions_Exponential `protobuf:"bytes,2,opt,name=exponential_buckets,json=exponentialBuckets,oneof"`
+	ExponentialBuckets *Distribution_BucketOptions_Exponential `protobuf:"bytes,2,opt,name=exponential_buckets,json=exponentialBuckets,proto3,oneof"`
 }
+
 type Distribution_BucketOptions_ExplicitBuckets struct {
-	ExplicitBuckets *Distribution_BucketOptions_Explicit `protobuf:"bytes,3,opt,name=explicit_buckets,json=explicitBuckets,oneof"`
+	ExplicitBuckets *Distribution_BucketOptions_Explicit `protobuf:"bytes,3,opt,name=explicit_buckets,json=explicitBuckets,proto3,oneof"`
 }
 
-func (*Distribution_BucketOptions_LinearBuckets) isDistribution_BucketOptions_Options()      {}
+func (*Distribution_BucketOptions_LinearBuckets) isDistribution_BucketOptions_Options() {}
+
 func (*Distribution_BucketOptions_ExponentialBuckets) isDistribution_BucketOptions_Options() {}
-func (*Distribution_BucketOptions_ExplicitBuckets) isDistribution_BucketOptions_Options()    {}
+
+func (*Distribution_BucketOptions_ExplicitBuckets) isDistribution_BucketOptions_Options() {}
 
 func (m *Distribution_BucketOptions) GetOptions() isDistribution_BucketOptions_Options {
 	if m != nil {
@@ -296,115 +311,31 @@ func (m *Distribution_BucketOptions) GetExplicitBuckets() *Distribution_BucketOp
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Distribution_BucketOptions) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _Distribution_BucketOptions_OneofMarshaler, _Distribution_BucketOptions_OneofUnmarshaler, _Distribution_BucketOptions_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Distribution_BucketOptions) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*Distribution_BucketOptions_LinearBuckets)(nil),
 		(*Distribution_BucketOptions_ExponentialBuckets)(nil),
 		(*Distribution_BucketOptions_ExplicitBuckets)(nil),
 	}
 }
 
-func _Distribution_BucketOptions_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*Distribution_BucketOptions)
-	// options
-	switch x := m.Options.(type) {
-	case *Distribution_BucketOptions_LinearBuckets:
-		b.EncodeVarint(1<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.LinearBuckets); err != nil {
-			return err
-		}
-	case *Distribution_BucketOptions_ExponentialBuckets:
-		b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.ExponentialBuckets); err != nil {
-			return err
-		}
-	case *Distribution_BucketOptions_ExplicitBuckets:
-		b.EncodeVarint(3<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.ExplicitBuckets); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("Distribution_BucketOptions.Options has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _Distribution_BucketOptions_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*Distribution_BucketOptions)
-	switch tag {
-	case 1: // options.linear_buckets
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Distribution_BucketOptions_Linear)
-		err := b.DecodeMessage(msg)
-		m.Options = &Distribution_BucketOptions_LinearBuckets{msg}
-		return true, err
-	case 2: // options.exponential_buckets
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Distribution_BucketOptions_Exponential)
-		err := b.DecodeMessage(msg)
-		m.Options = &Distribution_BucketOptions_ExponentialBuckets{msg}
-		return true, err
-	case 3: // options.explicit_buckets
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(Distribution_BucketOptions_Explicit)
-		err := b.DecodeMessage(msg)
-		m.Options = &Distribution_BucketOptions_ExplicitBuckets{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _Distribution_BucketOptions_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*Distribution_BucketOptions)
-	// options
-	switch x := m.Options.(type) {
-	case *Distribution_BucketOptions_LinearBuckets:
-		s := proto.Size(x.LinearBuckets)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Distribution_BucketOptions_ExponentialBuckets:
-		s := proto.Size(x.ExponentialBuckets)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *Distribution_BucketOptions_ExplicitBuckets:
-		s := proto.Size(x.ExplicitBuckets)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
-// Specify a sequence of buckets that all have the same width (except
-// overflow and underflow).  Each bucket represents a constant absolute
-// uncertainty on the specific value in the bucket.
+// Specifies a linear sequence of buckets that all have the same width
+// (except overflow and underflow). Each bucket represents a constant
+// absolute uncertainty on the specific value in the bucket.
 //
-// Defines `num_finite_buckets + 2` (= N) buckets with these boundaries for
-// bucket `i`:
+// There are `num_finite_buckets + 2` (= N) buckets. Bucket `i` has the
+// following boundaries:
 //
 //    Upper bound (0 <= i < N-1):     offset + (width * i).
 //    Lower bound (1 <= i < N):       offset + (width * (i - 1)).
 type Distribution_BucketOptions_Linear struct {
 	// Must be greater than 0.
-	NumFiniteBuckets int32 `protobuf:"varint,1,opt,name=num_finite_buckets,json=numFiniteBuckets" json:"num_finite_buckets,omitempty"`
+	NumFiniteBuckets int32 `protobuf:"varint,1,opt,name=num_finite_buckets,json=numFiniteBuckets,proto3" json:"num_finite_buckets,omitempty"`
 	// Must be greater than 0.
-	Width float64 `protobuf:"fixed64,2,opt,name=width" json:"width,omitempty"`
+	Width float64 `protobuf:"fixed64,2,opt,name=width,proto3" json:"width,omitempty"`
 	// Lower bound of the first bucket.
-	Offset               float64  `protobuf:"fixed64,3,opt,name=offset" json:"offset,omitempty"`
+	Offset               float64  `protobuf:"fixed64,3,opt,name=offset,proto3" json:"offset,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -414,16 +345,17 @@ func (m *Distribution_BucketOptions_Linear) Reset()         { *m = Distribution_
 func (m *Distribution_BucketOptions_Linear) String() string { return proto.CompactTextString(m) }
 func (*Distribution_BucketOptions_Linear) ProtoMessage()    {}
 func (*Distribution_BucketOptions_Linear) Descriptor() ([]byte, []int) {
-	return fileDescriptor_distribution_a959d81fb1d059d0, []int{0, 1, 0}
+	return fileDescriptor_0835ee0fd90bf943, []int{0, 1, 0}
 }
+
 func (m *Distribution_BucketOptions_Linear) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Distribution_BucketOptions_Linear.Unmarshal(m, b)
 }
 func (m *Distribution_BucketOptions_Linear) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Distribution_BucketOptions_Linear.Marshal(b, m, deterministic)
 }
-func (dst *Distribution_BucketOptions_Linear) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Distribution_BucketOptions_Linear.Merge(dst, src)
+func (m *Distribution_BucketOptions_Linear) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Distribution_BucketOptions_Linear.Merge(m, src)
 }
 func (m *Distribution_BucketOptions_Linear) XXX_Size() int {
 	return xxx_messageInfo_Distribution_BucketOptions_Linear.Size(m)
@@ -455,22 +387,22 @@ func (m *Distribution_BucketOptions_Linear) GetOffset() float64 {
 	return 0
 }
 
-// Specify a sequence of buckets that have a width that is proportional to
-// the value of the lower bound.  Each bucket represents a constant relative
-// uncertainty on a specific value in the bucket.
+// Specifies an exponential sequence of buckets that have a width that is
+// proportional to the value of the lower bound. Each bucket represents a
+// constant relative uncertainty on a specific value in the bucket.
 //
-// Defines `num_finite_buckets + 2` (= N) buckets with these boundaries for
-// bucket i:
+// There are `num_finite_buckets + 2` (= N) buckets. Bucket `i` has the
+// following boundaries:
 //
 //    Upper bound (0 <= i < N-1):     scale * (growth_factor ^ i).
 //    Lower bound (1 <= i < N):       scale * (growth_factor ^ (i - 1)).
 type Distribution_BucketOptions_Exponential struct {
 	// Must be greater than 0.
-	NumFiniteBuckets int32 `protobuf:"varint,1,opt,name=num_finite_buckets,json=numFiniteBuckets" json:"num_finite_buckets,omitempty"`
+	NumFiniteBuckets int32 `protobuf:"varint,1,opt,name=num_finite_buckets,json=numFiniteBuckets,proto3" json:"num_finite_buckets,omitempty"`
 	// Must be greater than 1.
-	GrowthFactor float64 `protobuf:"fixed64,2,opt,name=growth_factor,json=growthFactor" json:"growth_factor,omitempty"`
+	GrowthFactor float64 `protobuf:"fixed64,2,opt,name=growth_factor,json=growthFactor,proto3" json:"growth_factor,omitempty"`
 	// Must be greater than 0.
-	Scale                float64  `protobuf:"fixed64,3,opt,name=scale" json:"scale,omitempty"`
+	Scale                float64  `protobuf:"fixed64,3,opt,name=scale,proto3" json:"scale,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -482,16 +414,17 @@ func (m *Distribution_BucketOptions_Exponential) Reset() {
 func (m *Distribution_BucketOptions_Exponential) String() string { return proto.CompactTextString(m) }
 func (*Distribution_BucketOptions_Exponential) ProtoMessage()    {}
 func (*Distribution_BucketOptions_Exponential) Descriptor() ([]byte, []int) {
-	return fileDescriptor_distribution_a959d81fb1d059d0, []int{0, 1, 1}
+	return fileDescriptor_0835ee0fd90bf943, []int{0, 1, 1}
 }
+
 func (m *Distribution_BucketOptions_Exponential) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Distribution_BucketOptions_Exponential.Unmarshal(m, b)
 }
 func (m *Distribution_BucketOptions_Exponential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Distribution_BucketOptions_Exponential.Marshal(b, m, deterministic)
 }
-func (dst *Distribution_BucketOptions_Exponential) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Distribution_BucketOptions_Exponential.Merge(dst, src)
+func (m *Distribution_BucketOptions_Exponential) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Distribution_BucketOptions_Exponential.Merge(m, src)
 }
 func (m *Distribution_BucketOptions_Exponential) XXX_Size() int {
 	return xxx_messageInfo_Distribution_BucketOptions_Exponential.Size(m)
@@ -523,20 +456,20 @@ func (m *Distribution_BucketOptions_Exponential) GetScale() float64 {
 	return 0
 }
 
-// A set of buckets with arbitrary widths.
+// Specifies a set of buckets with arbitrary widths.
 //
-// Defines `size(bounds) + 1` (= N) buckets with these boundaries for
-// bucket i:
+// There are `size(bounds) + 1` (= N) buckets. Bucket `i` has the following
+// boundaries:
 //
 //    Upper bound (0 <= i < N-1):     bounds[i]
 //    Lower bound (1 <= i < N);       bounds[i - 1]
 //
-// There must be at least one element in `bounds`.  If `bounds` has only one
-// element, there are no finite buckets, and that single element is the
-// common boundary of the overflow and underflow buckets.
+// The `bounds` field must contain at least one element. If `bounds` has
+// only one element, then there are no finite buckets, and that single
+// element is the common boundary of the overflow and underflow buckets.
 type Distribution_BucketOptions_Explicit struct {
 	// The values must be monotonically increasing.
-	Bounds               []float64 `protobuf:"fixed64,1,rep,packed,name=bounds" json:"bounds,omitempty"`
+	Bounds               []float64 `protobuf:"fixed64,1,rep,packed,name=bounds,proto3" json:"bounds,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
 	XXX_unrecognized     []byte    `json:"-"`
 	XXX_sizecache        int32     `json:"-"`
@@ -546,16 +479,17 @@ func (m *Distribution_BucketOptions_Explicit) Reset()         { *m = Distributio
 func (m *Distribution_BucketOptions_Explicit) String() string { return proto.CompactTextString(m) }
 func (*Distribution_BucketOptions_Explicit) ProtoMessage()    {}
 func (*Distribution_BucketOptions_Explicit) Descriptor() ([]byte, []int) {
-	return fileDescriptor_distribution_a959d81fb1d059d0, []int{0, 1, 2}
+	return fileDescriptor_0835ee0fd90bf943, []int{0, 1, 2}
 }
+
 func (m *Distribution_BucketOptions_Explicit) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Distribution_BucketOptions_Explicit.Unmarshal(m, b)
 }
 func (m *Distribution_BucketOptions_Explicit) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Distribution_BucketOptions_Explicit.Marshal(b, m, deterministic)
 }
-func (dst *Distribution_BucketOptions_Explicit) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Distribution_BucketOptions_Explicit.Merge(dst, src)
+func (m *Distribution_BucketOptions_Explicit) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Distribution_BucketOptions_Explicit.Merge(m, src)
 }
 func (m *Distribution_BucketOptions_Explicit) XXX_Size() int {
 	return xxx_messageInfo_Distribution_BucketOptions_Explicit.Size(m)
@@ -573,6 +507,80 @@ func (m *Distribution_BucketOptions_Explicit) GetBounds() []float64 {
 	return nil
 }
 
+// Exemplars are example points that may be used to annotate aggregated
+// distribution values. They are metadata that gives information about a
+// particular value added to a Distribution bucket, such as a trace ID that
+// was active when a value was added. They may contain further information,
+// such as a example values and timestamps, origin, etc.
+type Distribution_Exemplar struct {
+	// Value of the exemplar point. This value determines to which bucket the
+	// exemplar belongs.
+	Value float64 `protobuf:"fixed64,1,opt,name=value,proto3" json:"value,omitempty"`
+	// The observation (sampling) time of the above value.
+	Timestamp *timestamp.Timestamp `protobuf:"bytes,2,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	// Contextual information about the example value. Examples are:
+	//
+	//   Trace: type.googleapis.com/google.monitoring.v3.SpanContext
+	//
+	//   Literal string: type.googleapis.com/google.protobuf.StringValue
+	//
+	//   Labels dropped during aggregation:
+	//     type.googleapis.com/google.monitoring.v3.DroppedLabels
+	//
+	// There may be only a single attachment of any given message type in a
+	// single exemplar, and this is enforced by the system.
+	Attachments          []*any.Any `protobuf:"bytes,3,rep,name=attachments,proto3" json:"attachments,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
+	XXX_unrecognized     []byte     `json:"-"`
+	XXX_sizecache        int32      `json:"-"`
+}
+
+func (m *Distribution_Exemplar) Reset()         { *m = Distribution_Exemplar{} }
+func (m *Distribution_Exemplar) String() string { return proto.CompactTextString(m) }
+func (*Distribution_Exemplar) ProtoMessage()    {}
+func (*Distribution_Exemplar) Descriptor() ([]byte, []int) {
+	return fileDescriptor_0835ee0fd90bf943, []int{0, 2}
+}
+
+func (m *Distribution_Exemplar) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Distribution_Exemplar.Unmarshal(m, b)
+}
+func (m *Distribution_Exemplar) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Distribution_Exemplar.Marshal(b, m, deterministic)
+}
+func (m *Distribution_Exemplar) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Distribution_Exemplar.Merge(m, src)
+}
+func (m *Distribution_Exemplar) XXX_Size() int {
+	return xxx_messageInfo_Distribution_Exemplar.Size(m)
+}
+func (m *Distribution_Exemplar) XXX_DiscardUnknown() {
+	xxx_messageInfo_Distribution_Exemplar.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Distribution_Exemplar proto.InternalMessageInfo
+
+func (m *Distribution_Exemplar) GetValue() float64 {
+	if m != nil {
+		return m.Value
+	}
+	return 0
+}
+
+func (m *Distribution_Exemplar) GetTimestamp() *timestamp.Timestamp {
+	if m != nil {
+		return m.Timestamp
+	}
+	return nil
+}
+
+func (m *Distribution_Exemplar) GetAttachments() []*any.Any {
+	if m != nil {
+		return m.Attachments
+	}
+	return nil
+}
+
 func init() {
 	proto.RegisterType((*Distribution)(nil), "google.api.Distribution")
 	proto.RegisterType((*Distribution_Range)(nil), "google.api.Distribution.Range")
@@ -580,46 +588,53 @@ func init() {
 	proto.RegisterType((*Distribution_BucketOptions_Linear)(nil), "google.api.Distribution.BucketOptions.Linear")
 	proto.RegisterType((*Distribution_BucketOptions_Exponential)(nil), "google.api.Distribution.BucketOptions.Exponential")
 	proto.RegisterType((*Distribution_BucketOptions_Explicit)(nil), "google.api.Distribution.BucketOptions.Explicit")
+	proto.RegisterType((*Distribution_Exemplar)(nil), "google.api.Distribution.Exemplar")
 }
 
 func init() {
-	proto.RegisterFile("google/api/distribution.proto", fileDescriptor_distribution_a959d81fb1d059d0)
-}
-
-var fileDescriptor_distribution_a959d81fb1d059d0 = []byte{
-	// 544 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0x5d, 0x6f, 0xd3, 0x30,
-	0x14, 0x5d, 0x96, 0xb5, 0x85, 0xdb, 0x0f, 0x8a, 0x19, 0x28, 0x44, 0x7c, 0x54, 0x9b, 0x84, 0x2a,
-	0x01, 0x89, 0x54, 0x90, 0x78, 0xe0, 0xad, 0x1b, 0x53, 0x1f, 0x40, 0x9b, 0x8c, 0xc4, 0x03, 0x42,
-	0x8a, 0x9c, 0xc4, 0xc9, 0x0c, 0x89, 0x1d, 0x62, 0x67, 0x2b, 0xef, 0xfc, 0x29, 0xfe, 0x1d, 0x8a,
-	0xed, 0x6e, 0x19, 0x08, 0xa9, 0xbc, 0xf9, 0xde, 0x73, 0x7c, 0xce, 0xb9, 0x57, 0x71, 0xe0, 0x71,
-	0x2e, 0x44, 0x5e, 0xd0, 0x90, 0x54, 0x2c, 0x4c, 0x99, 0x54, 0x35, 0x8b, 0x1b, 0xc5, 0x04, 0x0f,
-	0xaa, 0x5a, 0x28, 0x81, 0xc0, 0xc0, 0x01, 0xa9, 0x98, 0xff, 0xa8, 0x43, 0x25, 0x9c, 0x0b, 0x45,
-	0x5a, 0xa2, 0x34, 0x4c, 0xff, 0xa1, 0x45, 0x75, 0x15, 0x37, 0x59, 0x48, 0xf8, 0x0f, 0x0b, 0x3d,
-	0xfd, 0x13, 0x52, 0xac, 0xa4, 0x52, 0x91, 0xb2, 0x32, 0x84, 0x83, 0x9f, 0x03, 0x18, 0x1d, 0x77,
-	0xcc, 0xd1, 0x3e, 0xf4, 0x12, 0xd1, 0x70, 0xe5, 0x39, 0x33, 0x67, 0xee, 0x62, 0x53, 0x20, 0x04,
-	0x7b, 0x25, 0x25, 0xdc, 0xdb, 0x9d, 0x39, 0x73, 0x07, 0xeb, 0x33, 0x7a, 0x03, 0x9e, 0x6c, 0xca,
-	0x48, 0x64, 0x91, 0xfc, 0xde, 0x90, 0x9a, 0xa6, 0x51, 0x4a, 0x2f, 0x98, 0x4e, 0xe6, 0xb9, 0x9a,
-	0x77, 0x5f, 0x36, 0xe5, 0x69, 0xf6, 0xd1, 0xa0, 0xc7, 0x1b, 0x10, 0xbd, 0x86, 0x5e, 0x4d, 0x78,
-	0x4e, 0xbd, 0xbd, 0x99, 0x33, 0x1f, 0x2e, 0x9e, 0x04, 0xd7, 0x93, 0x06, 0xdd, 0x2c, 0x01, 0x6e,
-	0x59, 0xd8, 0x90, 0xd1, 0x07, 0x98, 0xc4, 0x4d, 0xf2, 0x8d, 0xaa, 0x48, 0x54, 0x7a, 0x7a, 0xaf,
-	0xaf, 0xaf, 0x3f, 0xfb, 0xe7, 0xf5, 0xa5, 0xa6, 0x9f, 0x1a, 0x36, 0x1e, 0xc7, 0xdd, 0x12, 0x1d,
-	0x82, 0x6d, 0x44, 0x7a, 0x42, 0xe9, 0x0d, 0x66, 0xee, 0xdc, 0xc5, 0x23, 0xd3, 0x3c, 0xd2, 0x3d,
-	0xff, 0x39, 0xf4, 0x74, 0x06, 0x34, 0x05, 0xb7, 0x64, 0x5c, 0xef, 0xc4, 0xc1, 0xed, 0x51, 0x77,
-	0xc8, 0xda, 0x2e, 0xa4, 0x3d, 0xfa, 0xbf, 0xf6, 0x60, 0x7c, 0xc3, 0x12, 0x7d, 0x82, 0x49, 0xc1,
-	0x38, 0x25, 0x75, 0x64, 0x54, 0xa5, 0x16, 0x18, 0x2e, 0x5e, 0x6e, 0x17, 0x39, 0x78, 0xaf, 0x2f,
-	0xaf, 0x76, 0xf0, 0xd8, 0xc8, 0x18, 0x54, 0x22, 0x0a, 0xf7, 0xe8, 0xba, 0x12, 0x9c, 0x72, 0xc5,
-	0x48, 0x71, 0x25, 0xbe, 0xab, 0xc5, 0x17, 0x5b, 0x8a, 0xbf, 0xbb, 0x56, 0x58, 0xed, 0x60, 0xd4,
-	0x11, 0xdc, 0xd8, 0x7c, 0x81, 0x29, 0x5d, 0x57, 0x05, 0x4b, 0x98, 0xba, 0xf2, 0x70, 0xb5, 0x47,
-	0xb8, 0xbd, 0x87, 0xbe, 0xbe, 0xda, 0xc1, 0x77, 0x36, 0x52, 0x56, 0xdd, 0x4f, 0xa1, 0x6f, 0xe6,
-	0x43, 0x2f, 0x00, 0xf1, 0xa6, 0x8c, 0x32, 0xc6, 0x99, 0xa2, 0x37, 0x56, 0xd5, 0xc3, 0x53, 0xde,
-	0x94, 0x27, 0x1a, 0xd8, 0xa4, 0xda, 0x87, 0xde, 0x25, 0x4b, 0xd5, 0xb9, 0x5d, 0xbd, 0x29, 0xd0,
-	0x03, 0xe8, 0x8b, 0x2c, 0x93, 0x54, 0xd9, 0x4f, 0xcf, 0x56, 0xfe, 0x05, 0x0c, 0x3b, 0x83, 0xfe,
-	0xa7, 0xd5, 0x21, 0x8c, 0xf3, 0x5a, 0x5c, 0xaa, 0xf3, 0x28, 0x23, 0x89, 0x12, 0xb5, 0xb5, 0x1c,
-	0x99, 0xe6, 0x89, 0xee, 0xb5, 0x79, 0x64, 0x42, 0x0a, 0x6a, 0x8d, 0x4d, 0xe1, 0x1f, 0xc0, 0xad,
-	0xcd, 0xf0, 0x6d, 0xb6, 0x58, 0x34, 0x3c, 0x6d, 0x8d, 0xdc, 0x36, 0x9b, 0xa9, 0x96, 0xb7, 0x61,
-	0x60, 0x3f, 0xe5, 0xe5, 0x57, 0x98, 0x24, 0xa2, 0xec, 0x6c, 0x75, 0x79, 0xb7, 0xbb, 0xd6, 0xb3,
-	0xf6, 0xad, 0x9e, 0x39, 0x9f, 0x8f, 0x2c, 0x21, 0x17, 0x05, 0xe1, 0x79, 0x20, 0xea, 0x3c, 0xcc,
-	0x29, 0xd7, 0x2f, 0x39, 0x34, 0x10, 0xa9, 0x98, 0xfc, 0xeb, 0x8f, 0xf2, 0xb6, 0x5b, 0xc4, 0x7d,
-	0xcd, 0x7f, 0xf5, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x88, 0x8e, 0xc5, 0x4b, 0x80, 0x04, 0x00, 0x00,
+	proto.RegisterFile("google/api/distribution.proto", fileDescriptor_0835ee0fd90bf943)
+}
+
+var fileDescriptor_0835ee0fd90bf943 = []byte{
+	// 631 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xed, 0x6a, 0xd4, 0x40,
+	0x14, 0x6d, 0x9a, 0xdd, 0x6d, 0x7b, 0xb7, 0x5b, 0xeb, 0x58, 0x25, 0x06, 0xd4, 0xb5, 0x05, 0x59,
+	0x50, 0xb3, 0xb0, 0x8a, 0x0a, 0xfe, 0x90, 0x6e, 0x3f, 0xac, 0xa0, 0xb4, 0x8c, 0xe2, 0x0f, 0x11,
+	0xc2, 0x6c, 0x76, 0x92, 0x0e, 0x26, 0x33, 0x69, 0x32, 0x69, 0xb7, 0xaf, 0xe1, 0x23, 0xf8, 0x16,
+	0xbe, 0x8a, 0x4f, 0x23, 0xf3, 0x91, 0x6e, 0x6a, 0x29, 0xd4, 0x7f, 0xb9, 0xf7, 0x9c, 0x7b, 0xce,
+	0xbd, 0x73, 0x67, 0x02, 0x0f, 0x12, 0x21, 0x92, 0x94, 0x0e, 0x49, 0xce, 0x86, 0x53, 0x56, 0xca,
+	0x82, 0x4d, 0x2a, 0xc9, 0x04, 0x0f, 0xf2, 0x42, 0x48, 0x81, 0xc0, 0xc0, 0x01, 0xc9, 0x99, 0x7f,
+	0xdf, 0x52, 0x35, 0x32, 0xa9, 0xe2, 0x21, 0xe1, 0xe7, 0x86, 0xe6, 0x3f, 0xfa, 0x17, 0x92, 0x2c,
+	0xa3, 0xa5, 0x24, 0x59, 0x6e, 0x08, 0x9b, 0x7f, 0x96, 0x61, 0x75, 0xb7, 0x21, 0x8f, 0x36, 0xa0,
+	0x1d, 0x89, 0x8a, 0x4b, 0xcf, 0xe9, 0x3b, 0x03, 0x17, 0x9b, 0x00, 0x21, 0x68, 0x65, 0x94, 0x70,
+	0x6f, 0xb1, 0xef, 0x0c, 0x1c, 0xac, 0xbf, 0xd1, 0x6b, 0xf0, 0xca, 0x2a, 0x0b, 0x45, 0x1c, 0x96,
+	0x27, 0x15, 0x29, 0xe8, 0x34, 0x9c, 0xd2, 0x53, 0x46, 0x94, 0x8a, 0xe7, 0x6a, 0xde, 0xdd, 0xb2,
+	0xca, 0x0e, 0xe3, 0xcf, 0x06, 0xdd, 0xad, 0x41, 0xf4, 0x12, 0xda, 0x05, 0xe1, 0x09, 0xf5, 0x5a,
+	0x7d, 0x67, 0xd0, 0x1d, 0x3d, 0x0c, 0xe6, 0xb3, 0x04, 0xcd, 0x5e, 0x02, 0xac, 0x58, 0xd8, 0x90,
+	0xd1, 0x27, 0x58, 0x9b, 0x54, 0xd1, 0x0f, 0x2a, 0x43, 0x91, 0x2b, 0xb4, 0xf4, 0x3a, 0xba, 0xfc,
+	0xc9, 0xb5, 0xe5, 0x63, 0x4d, 0x3f, 0x34, 0x6c, 0xdc, 0x9b, 0x34, 0x43, 0xb4, 0x05, 0x36, 0x11,
+	0xea, 0x09, 0x4b, 0x6f, 0xa9, 0xef, 0x0e, 0x5c, 0xbc, 0x6a, 0x92, 0x3b, 0x3a, 0x87, 0xde, 0xc1,
+	0x0a, 0x9d, 0xd1, 0x2c, 0x4f, 0x49, 0x51, 0x7a, 0xd0, 0x77, 0x07, 0xdd, 0xd1, 0xe3, 0x6b, 0xed,
+	0xf6, 0x2c, 0x13, 0xcf, 0x6b, 0xfc, 0xa7, 0xd0, 0xd6, 0x43, 0xa0, 0x75, 0x70, 0x33, 0xc6, 0xf5,
+	0xa1, 0x3a, 0x58, 0x7d, 0xea, 0x0c, 0x99, 0xd9, 0x13, 0x55, 0x9f, 0xfe, 0xef, 0x16, 0xf4, 0x2e,
+	0xf5, 0x8c, 0xbe, 0xc2, 0x5a, 0xca, 0x38, 0x25, 0x45, 0x68, 0xda, 0x2a, 0xb5, 0x40, 0x77, 0xf4,
+	0xfc, 0x66, 0x33, 0x07, 0x1f, 0x75, 0xf1, 0xc1, 0x02, 0xee, 0x19, 0x19, 0x83, 0x96, 0x88, 0xc2,
+	0x1d, 0x3a, 0xcb, 0x05, 0xa7, 0x5c, 0x32, 0x92, 0x5e, 0x88, 0x2f, 0x6a, 0xf1, 0xd1, 0x0d, 0xc5,
+	0xf7, 0xe6, 0x0a, 0x07, 0x0b, 0x18, 0x35, 0x04, 0x6b, 0x9b, 0xef, 0xb0, 0x4e, 0x67, 0x79, 0xca,
+	0x22, 0x26, 0x2f, 0x3c, 0x5c, 0xed, 0x31, 0xbc, 0xb9, 0x87, 0x2e, 0x3f, 0x58, 0xc0, 0xb7, 0x6a,
+	0x29, 0xab, 0xee, 0x4f, 0xa1, 0x63, 0xe6, 0x43, 0xcf, 0x00, 0xf1, 0x2a, 0x0b, 0x63, 0xc6, 0x99,
+	0xa4, 0x97, 0x8e, 0xaa, 0x8d, 0xd7, 0x79, 0x95, 0xed, 0x6b, 0xa0, 0xee, 0x6a, 0x03, 0xda, 0x67,
+	0x6c, 0x2a, 0x8f, 0xed, 0xd1, 0x9b, 0x00, 0xdd, 0x83, 0x8e, 0x88, 0xe3, 0x92, 0x4a, 0x7b, 0x77,
+	0x6d, 0xe4, 0x9f, 0x42, 0xb7, 0x31, 0xe8, 0x7f, 0x5a, 0x6d, 0x41, 0x2f, 0x29, 0xc4, 0x99, 0x3c,
+	0x0e, 0x63, 0x12, 0x49, 0x51, 0x58, 0xcb, 0x55, 0x93, 0xdc, 0xd7, 0x39, 0xd5, 0x4f, 0x19, 0x91,
+	0x94, 0x5a, 0x63, 0x13, 0xf8, 0x9b, 0xb0, 0x5c, 0x0f, 0xaf, 0x7a, 0x9b, 0x88, 0x8a, 0x4f, 0x95,
+	0x91, 0xab, 0x7a, 0x33, 0xd1, 0x78, 0x05, 0x96, 0xec, 0x5b, 0xf0, 0x7f, 0x3a, 0x8a, 0x6f, 0xae,
+	0x9d, 0x52, 0x3c, 0x25, 0x69, 0x45, 0xed, 0x75, 0x33, 0x01, 0x7a, 0x03, 0x2b, 0x17, 0xaf, 0xdf,
+	0xae, 0xda, 0xaf, 0xd7, 0x50, 0xff, 0x1f, 0x82, 0x2f, 0x35, 0x03, 0xcf, 0xc9, 0xe8, 0x15, 0x74,
+	0x89, 0x94, 0x24, 0x3a, 0xce, 0x28, 0xd7, 0x2b, 0x54, 0x0f, 0x61, 0xe3, 0x4a, 0xed, 0x36, 0x3f,
+	0xc7, 0x4d, 0xe2, 0xf8, 0x04, 0xd6, 0x22, 0x91, 0x35, 0x56, 0x3d, 0xbe, 0xdd, 0xdc, 0xf5, 0x91,
+	0x2a, 0x3c, 0x72, 0xbe, 0xed, 0x58, 0x42, 0x22, 0x52, 0xc2, 0x93, 0x40, 0x14, 0xc9, 0x30, 0xa1,
+	0x5c, 0xcb, 0x0e, 0x0d, 0x44, 0x72, 0x56, 0x5e, 0xf9, 0x13, 0xbe, 0x6d, 0x06, 0xbf, 0x16, 0x5b,
+	0xef, 0xb7, 0x8f, 0x3e, 0x4c, 0x3a, 0xba, 0xec, 0xc5, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x89,
+	0xf1, 0xc2, 0x23, 0x3f, 0x05, 0x00, 0x00,
 }
diff --git a/vendor/google.golang.org/genproto/googleapis/api/label/label.pb.go b/vendor/google.golang.org/genproto/googleapis/api/label/label.pb.go
index 33c652f6f893f..41500e31810af 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/label/label.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/label/label.pb.go
@@ -1,11 +1,14 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/api/label.proto
 
-package label // import "google.golang.org/genproto/googleapis/api/label"
+package label
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,7 +19,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // Value types that can be used as label values.
 type LabelDescriptor_ValueType int32
@@ -35,6 +38,7 @@ var LabelDescriptor_ValueType_name = map[int32]string{
 	1: "BOOL",
 	2: "INT64",
 }
+
 var LabelDescriptor_ValueType_value = map[string]int32{
 	"STRING": 0,
 	"BOOL":   1,
@@ -44,18 +48,19 @@ var LabelDescriptor_ValueType_value = map[string]int32{
 func (x LabelDescriptor_ValueType) String() string {
 	return proto.EnumName(LabelDescriptor_ValueType_name, int32(x))
 }
+
 func (LabelDescriptor_ValueType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_label_1d347e5545d4fc31, []int{0, 0}
+	return fileDescriptor_f372a463e25ba151, []int{0, 0}
 }
 
 // A description of a label.
 type LabelDescriptor struct {
 	// The label key.
-	Key string `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
+	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
 	// The type of data that can be assigned to the label.
-	ValueType LabelDescriptor_ValueType `protobuf:"varint,2,opt,name=value_type,json=valueType,enum=google.api.LabelDescriptor_ValueType" json:"value_type,omitempty"`
+	ValueType LabelDescriptor_ValueType `protobuf:"varint,2,opt,name=value_type,json=valueType,proto3,enum=google.api.LabelDescriptor_ValueType" json:"value_type,omitempty"`
 	// A human-readable description for the label.
-	Description          string   `protobuf:"bytes,3,opt,name=description" json:"description,omitempty"`
+	Description          string   `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -65,16 +70,17 @@ func (m *LabelDescriptor) Reset()         { *m = LabelDescriptor{} }
 func (m *LabelDescriptor) String() string { return proto.CompactTextString(m) }
 func (*LabelDescriptor) ProtoMessage()    {}
 func (*LabelDescriptor) Descriptor() ([]byte, []int) {
-	return fileDescriptor_label_1d347e5545d4fc31, []int{0}
+	return fileDescriptor_f372a463e25ba151, []int{0}
 }
+
 func (m *LabelDescriptor) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_LabelDescriptor.Unmarshal(m, b)
 }
 func (m *LabelDescriptor) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_LabelDescriptor.Marshal(b, m, deterministic)
 }
-func (dst *LabelDescriptor) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LabelDescriptor.Merge(dst, src)
+func (m *LabelDescriptor) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LabelDescriptor.Merge(m, src)
 }
 func (m *LabelDescriptor) XXX_Size() int {
 	return xxx_messageInfo_LabelDescriptor.Size(m)
@@ -107,13 +113,15 @@ func (m *LabelDescriptor) GetDescription() string {
 }
 
 func init() {
-	proto.RegisterType((*LabelDescriptor)(nil), "google.api.LabelDescriptor")
 	proto.RegisterEnum("google.api.LabelDescriptor_ValueType", LabelDescriptor_ValueType_name, LabelDescriptor_ValueType_value)
+	proto.RegisterType((*LabelDescriptor)(nil), "google.api.LabelDescriptor")
 }
 
-func init() { proto.RegisterFile("google/api/label.proto", fileDescriptor_label_1d347e5545d4fc31) }
+func init() {
+	proto.RegisterFile("google/api/label.proto", fileDescriptor_f372a463e25ba151)
+}
 
-var fileDescriptor_label_1d347e5545d4fc31 = []byte{
+var fileDescriptor_f372a463e25ba151 = []byte{
 	// 252 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4b, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0x4f, 0x2c, 0xc8, 0xd4, 0xcf, 0x49, 0x4c, 0x4a, 0xcd, 0xd1, 0x2b, 0x28, 0xca,
diff --git a/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go
new file mode 100644
index 0000000000000..92aec35273639
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go
@@ -0,0 +1,115 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: google/api/launch_stage.proto
+
+package api
+
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// The launch stage as defined by [Google Cloud Platform
+// Launch Stages](http://cloud.google.com/terms/launch-stages).
+type LaunchStage int32
+
+const (
+	// Do not use this default value.
+	LaunchStage_LAUNCH_STAGE_UNSPECIFIED LaunchStage = 0
+	// Early Access features are limited to a closed group of testers. To use
+	// these features, you must sign up in advance and sign a Trusted Tester
+	// agreement (which includes confidentiality provisions). These features may
+	// be unstable, changed in backward-incompatible ways, and are not
+	// guaranteed to be released.
+	LaunchStage_EARLY_ACCESS LaunchStage = 1
+	// Alpha is a limited availability test for releases before they are cleared
+	// for widespread use. By Alpha, all significant design issues are resolved
+	// and we are in the process of verifying functionality. Alpha customers
+	// need to apply for access, agree to applicable terms, and have their
+	// projects whitelisted. Alpha releases don’t have to be feature complete,
+	// no SLAs are provided, and there are no technical support obligations, but
+	// they will be far enough along that customers can actually use them in
+	// test environments or for limited-use tests -- just like they would in
+	// normal production cases.
+	LaunchStage_ALPHA LaunchStage = 2
+	// Beta is the point at which we are ready to open a release for any
+	// customer to use. There are no SLA or technical support obligations in a
+	// Beta release. Products will be complete from a feature perspective, but
+	// may have some open outstanding issues. Beta releases are suitable for
+	// limited production use cases.
+	LaunchStage_BETA LaunchStage = 3
+	// GA features are open to all developers and are considered stable and
+	// fully qualified for production use.
+	LaunchStage_GA LaunchStage = 4
+	// Deprecated features are scheduled to be shut down and removed. For more
+	// information, see the “Deprecation Policy” section of our [Terms of
+	// Service](https://cloud.google.com/terms/)
+	// and the [Google Cloud Platform Subject to the Deprecation
+	// Policy](https://cloud.google.com/terms/deprecation) documentation.
+	LaunchStage_DEPRECATED LaunchStage = 5
+)
+
+var LaunchStage_name = map[int32]string{
+	0: "LAUNCH_STAGE_UNSPECIFIED",
+	1: "EARLY_ACCESS",
+	2: "ALPHA",
+	3: "BETA",
+	4: "GA",
+	5: "DEPRECATED",
+}
+
+var LaunchStage_value = map[string]int32{
+	"LAUNCH_STAGE_UNSPECIFIED": 0,
+	"EARLY_ACCESS":             1,
+	"ALPHA":                    2,
+	"BETA":                     3,
+	"GA":                       4,
+	"DEPRECATED":               5,
+}
+
+func (x LaunchStage) String() string {
+	return proto.EnumName(LaunchStage_name, int32(x))
+}
+
+func (LaunchStage) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_6b5f68b6c1cefff8, []int{0}
+}
+
+func init() {
+	proto.RegisterEnum("google.api.LaunchStage", LaunchStage_name, LaunchStage_value)
+}
+
+func init() {
+	proto.RegisterFile("google/api/launch_stage.proto", fileDescriptor_6b5f68b6c1cefff8)
+}
+
+var fileDescriptor_6b5f68b6c1cefff8 = []byte{
+	// 225 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x4c, 0x8f, 0xc1, 0x4a, 0xc3, 0x40,
+	0x14, 0x45, 0x6d, 0x4c, 0x8b, 0x3e, 0xa5, 0x3c, 0x66, 0xe5, 0x42, 0x7f, 0x40, 0x30, 0x59, 0xb8,
+	0x74, 0xf5, 0x32, 0x79, 0xa6, 0x81, 0x50, 0x86, 0x4e, 0xba, 0xb0, 0x9b, 0x30, 0x96, 0x30, 0x8e,
+	0xc4, 0xcc, 0xd0, 0xd6, 0x1f, 0xf2, 0x4b, 0x25, 0x89, 0x60, 0xd7, 0xe7, 0xc0, 0x3d, 0x17, 0x1e,
+	0xac, 0xf7, 0xb6, 0x6b, 0x53, 0x13, 0x5c, 0xda, 0x99, 0xef, 0x7e, 0xff, 0xd1, 0x1c, 0x4f, 0xc6,
+	0xb6, 0x49, 0x38, 0xf8, 0x93, 0x17, 0x30, 0xe1, 0xc4, 0x04, 0xf7, 0xf8, 0x09, 0x37, 0xd5, 0x68,
+	0xe8, 0x41, 0x10, 0xf7, 0x70, 0x57, 0xd1, 0x76, 0x2d, 0x57, 0x8d, 0xae, 0xa9, 0xe0, 0x66, 0xbb,
+	0xd6, 0x8a, 0x65, 0xf9, 0x5a, 0x72, 0x8e, 0x17, 0x02, 0xe1, 0x96, 0x69, 0x53, 0xbd, 0x35, 0x24,
+	0x25, 0x6b, 0x8d, 0x33, 0x71, 0x0d, 0x73, 0xaa, 0xd4, 0x8a, 0x30, 0x12, 0x57, 0x10, 0x67, 0x5c,
+	0x13, 0x5e, 0x8a, 0x05, 0x44, 0x05, 0x61, 0x2c, 0x96, 0x00, 0x39, 0xab, 0x0d, 0x4b, 0xaa, 0x39,
+	0xc7, 0x79, 0xb6, 0x83, 0xe5, 0xde, 0x7f, 0x25, 0xff, 0xeb, 0x19, 0x9e, 0x6d, 0xab, 0xa1, 0x4d,
+	0xcd, 0x76, 0x4f, 0x7f, 0xdc, 0xfa, 0xce, 0xf4, 0x36, 0xf1, 0x07, 0x9b, 0xda, 0xb6, 0x1f, 0xcb,
+	0xd3, 0x09, 0x99, 0xe0, 0x8e, 0xc3, 0xb7, 0x17, 0x13, 0xdc, 0x4f, 0x14, 0x17, 0xa4, 0xca, 0xf7,
+	0xc5, 0x28, 0x3c, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0x8e, 0xd5, 0x39, 0x1a, 0xfb, 0x00, 0x00,
+	0x00,
+}
diff --git a/vendor/google.golang.org/genproto/googleapis/api/metric/metric.pb.go b/vendor/google.golang.org/genproto/googleapis/api/metric/metric.pb.go
index 775f179d3fcb9..7e90ebc16b74b 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/metric/metric.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/metric/metric.pb.go
@@ -1,12 +1,17 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/api/metric.proto
 
-package metric // import "google.golang.org/genproto/googleapis/api/metric"
+package metric
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import label "google.golang.org/genproto/googleapis/api/label"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	duration "github.com/golang/protobuf/ptypes/duration"
+	api "google.golang.org/genproto/googleapis/api"
+	label "google.golang.org/genproto/googleapis/api/label"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -17,7 +22,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // The kind of measurement. It describes how the data is reported.
 type MetricDescriptor_MetricKind int32
@@ -43,6 +48,7 @@ var MetricDescriptor_MetricKind_name = map[int32]string{
 	2: "DELTA",
 	3: "CUMULATIVE",
 }
+
 var MetricDescriptor_MetricKind_value = map[string]int32{
 	"METRIC_KIND_UNSPECIFIED": 0,
 	"GAUGE":                   1,
@@ -53,8 +59,9 @@ var MetricDescriptor_MetricKind_value = map[string]int32{
 func (x MetricDescriptor_MetricKind) String() string {
 	return proto.EnumName(MetricDescriptor_MetricKind_name, int32(x))
 }
+
 func (MetricDescriptor_MetricKind) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_metric_14b8b448d25edd31, []int{0, 0}
+	return fileDescriptor_927eaac1a24f8abb, []int{0, 0}
 }
 
 // The value type of a metric.
@@ -88,60 +95,74 @@ var MetricDescriptor_ValueType_name = map[int32]string{
 	5: "DISTRIBUTION",
 	6: "MONEY",
 }
+
 var MetricDescriptor_ValueType_value = map[string]int32{
 	"VALUE_TYPE_UNSPECIFIED": 0,
-	"BOOL":         1,
-	"INT64":        2,
-	"DOUBLE":       3,
-	"STRING":       4,
-	"DISTRIBUTION": 5,
-	"MONEY":        6,
+	"BOOL":                   1,
+	"INT64":                  2,
+	"DOUBLE":                 3,
+	"STRING":                 4,
+	"DISTRIBUTION":           5,
+	"MONEY":                  6,
 }
 
 func (x MetricDescriptor_ValueType) String() string {
 	return proto.EnumName(MetricDescriptor_ValueType_name, int32(x))
 }
+
 func (MetricDescriptor_ValueType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_metric_14b8b448d25edd31, []int{0, 1}
+	return fileDescriptor_927eaac1a24f8abb, []int{0, 1}
 }
 
 // Defines a metric type and its schema. Once a metric descriptor is created,
 // deleting or altering it stops data collection and makes the metric type's
 // existing data unusable.
 type MetricDescriptor struct {
-	// The resource name of the metric descriptor. Depending on the
-	// implementation, the name typically includes: (1) the parent resource name
-	// that defines the scope of the metric type or of its data; and (2) the
-	// metric's URL-encoded type, which also appears in the `type` field of this
-	// descriptor. For example, following is the resource name of a custom
-	// metric within the GCP project `my-project-id`:
-	//
-	//     "projects/my-project-id/metricDescriptors/custom.googleapis.com%2Finvoice%2Fpaid%2Famount"
-	Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	// The resource name of the metric descriptor.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// The metric type, including its DNS name prefix. The type is not
-	// URL-encoded.  All user-defined custom metric types have the DNS name
-	// `custom.googleapis.com`.  Metric types should use a natural hierarchical
-	// grouping. For example:
+	// URL-encoded.  All user-defined metric types have the DNS name
+	// `custom.googleapis.com` or `external.googleapis.com`.  Metric types should
+	// use a natural hierarchical grouping. For example:
 	//
 	//     "custom.googleapis.com/invoice/paid/amount"
+	//     "external.googleapis.com/prometheus/up"
 	//     "appengine.googleapis.com/http/server/response_latencies"
-	Type string `protobuf:"bytes,8,opt,name=type" json:"type,omitempty"`
+	Type string `protobuf:"bytes,8,opt,name=type,proto3" json:"type,omitempty"`
 	// The set of labels that can be used to describe a specific
 	// instance of this metric type. For example, the
 	// `appengine.googleapis.com/http/server/response_latencies` metric
 	// type has a label for the HTTP response code, `response_code`, so
 	// you can look at latencies for successful responses or just
 	// for responses that failed.
-	Labels []*label.LabelDescriptor `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty"`
+	Labels []*label.LabelDescriptor `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty"`
 	// Whether the metric records instantaneous values, changes to a value, etc.
 	// Some combinations of `metric_kind` and `value_type` might not be supported.
-	MetricKind MetricDescriptor_MetricKind `protobuf:"varint,3,opt,name=metric_kind,json=metricKind,enum=google.api.MetricDescriptor_MetricKind" json:"metric_kind,omitempty"`
+	MetricKind MetricDescriptor_MetricKind `protobuf:"varint,3,opt,name=metric_kind,json=metricKind,proto3,enum=google.api.MetricDescriptor_MetricKind" json:"metric_kind,omitempty"`
 	// Whether the measurement is an integer, a floating-point number, etc.
 	// Some combinations of `metric_kind` and `value_type` might not be supported.
-	ValueType MetricDescriptor_ValueType `protobuf:"varint,4,opt,name=value_type,json=valueType,enum=google.api.MetricDescriptor_ValueType" json:"value_type,omitempty"`
-	// The unit in which the metric value is reported. It is only applicable
-	// if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The
-	// supported units are a subset of [The Unified Code for Units of
+	ValueType MetricDescriptor_ValueType `protobuf:"varint,4,opt,name=value_type,json=valueType,proto3,enum=google.api.MetricDescriptor_ValueType" json:"value_type,omitempty"`
+	// The units in which the metric value is reported. It is only applicable
+	// if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit`
+	// defines the representation of the stored metric values.
+	//
+	// Different systems may scale the values to be more easily displayed (so a
+	// value of `0.02KBy` _might_ be displayed as `20By`, and a value of
+	// `3523KBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is
+	// `KBy`, then the value of the metric is always in thousands of bytes, no
+	// matter how it may be displayed..
+	//
+	// If you want a custom metric to record the exact number of CPU-seconds used
+	// by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is
+	// `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005
+	// CPU-seconds, then the value is written as `12005`.
+	//
+	// Alternatively, if you want a custome metric to record data in a more
+	// granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is
+	// `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`),
+	// or use `Kis{CPU}` and write `11.723` (which is `12005/1024`).
+	//
+	// The supported units are a subset of [The Unified Code for Units of
 	// Measure](http://unitsofmeasure.org/ucum.html) standard:
 	//
 	// **Basic units (UNIT)**
@@ -155,41 +176,46 @@ type MetricDescriptor struct {
 	//
 	// **Prefixes (PREFIX)**
 	//
-	// * `k`     kilo    (10**3)
-	// * `M`     mega    (10**6)
-	// * `G`     giga    (10**9)
-	// * `T`     tera    (10**12)
-	// * `P`     peta    (10**15)
-	// * `E`     exa     (10**18)
-	// * `Z`     zetta   (10**21)
-	// * `Y`     yotta   (10**24)
-	// * `m`     milli   (10**-3)
-	// * `u`     micro   (10**-6)
-	// * `n`     nano    (10**-9)
-	// * `p`     pico    (10**-12)
-	// * `f`     femto   (10**-15)
-	// * `a`     atto    (10**-18)
-	// * `z`     zepto   (10**-21)
-	// * `y`     yocto   (10**-24)
-	// * `Ki`    kibi    (2**10)
-	// * `Mi`    mebi    (2**20)
-	// * `Gi`    gibi    (2**30)
-	// * `Ti`    tebi    (2**40)
+	// * `k`     kilo    (10^3)
+	// * `M`     mega    (10^6)
+	// * `G`     giga    (10^9)
+	// * `T`     tera    (10^12)
+	// * `P`     peta    (10^15)
+	// * `E`     exa     (10^18)
+	// * `Z`     zetta   (10^21)
+	// * `Y`     yotta   (10^24)
 	//
-	// **Grammar**
+	// * `m`     milli   (10^-3)
+	// * `u`     micro   (10^-6)
+	// * `n`     nano    (10^-9)
+	// * `p`     pico    (10^-12)
+	// * `f`     femto   (10^-15)
+	// * `a`     atto    (10^-18)
+	// * `z`     zepto   (10^-21)
+	// * `y`     yocto   (10^-24)
 	//
-	// The grammar includes the dimensionless unit `1`, such as `1/s`.
+	// * `Ki`    kibi    (2^10)
+	// * `Mi`    mebi    (2^20)
+	// * `Gi`    gibi    (2^30)
+	// * `Ti`    tebi    (2^40)
+	// * `Pi`    pebi    (2^50)
+	//
+	// **Grammar**
 	//
 	// The grammar also includes these connectors:
 	//
-	// * `/`    division (as an infix operator, e.g. `1/s`).
-	// * `.`    multiplication (as an infix operator, e.g. `GBy.d`)
+	// * `/`    division or ratio (as an infix operator). For examples,
+	//          `kBy/{email}` or `MiBy/10ms` (although you should almost never
+	//          have `/s` in a metric `unit`; rates should always be computed at
+	//          query time from the underlying cumulative or delta value).
+	// * `.`    multiplication or composition (as an infix operator). For
+	//          examples, `GBy.d` or `k{watt}.h`.
 	//
 	// The grammar for a unit is as follows:
 	//
 	//     Expression = Component { "." Component } { "/" Component } ;
 	//
-	//     Component = [ PREFIX ] UNIT [ Annotation ]
+	//     Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ]
 	//               | Annotation
 	//               | "1"
 	//               ;
@@ -198,36 +224,58 @@ type MetricDescriptor struct {
 	//
 	// Notes:
 	//
-	// * `Annotation` is just a comment if it follows a `UNIT` and is
-	//    equivalent to `1` if it is used alone. For examples,
-	//    `{requests}/s == 1/s`, `By{transmitted}/s == By/s`.
+	// * `Annotation` is just a comment if it follows a `UNIT`. If the annotation
+	//    is used alone, then the unit is equivalent to `1`. For examples,
+	//    `{request}/s == 1/s`, `By{transmitted}/s == By/s`.
 	// * `NAME` is a sequence of non-blank printable ASCII characters not
-	//    containing '{' or '}'.
-	Unit string `protobuf:"bytes,5,opt,name=unit" json:"unit,omitempty"`
+	//    containing `{` or `}`.
+	// * `1` represents a unitary [dimensionless
+	//    unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such
+	//    as in `1/s`. It is typically used when none of the basic units are
+	//    appropriate. For example, "new users per day" can be represented as
+	//    `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new
+	//    users). Alternatively, "thousands of page views per day" would be
+	//    represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric
+	//    value of `5.3` would mean "5300 page views per day").
+	// * `%` represents dimensionless value of 1/100, and annotates values giving
+	//    a percentage (so the metric values are typically in the range of 0..100,
+	//    and a metric value `3` means "3 percent").
+	// * `10^2.%` indicates a metric contains a ratio, typically in the range
+	//    0..1, that will be multiplied by 100 and displayed as a percentage
+	//    (so a metric value `0.03` means "3 percent").
+	//
+	Unit string `protobuf:"bytes,5,opt,name=unit,proto3" json:"unit,omitempty"`
 	// A detailed description of the metric, which can be used in documentation.
-	Description string `protobuf:"bytes,6,opt,name=description" json:"description,omitempty"`
+	Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
 	// A concise name for the metric, which can be displayed in user interfaces.
 	// Use sentence case without an ending period, for example "Request count".
-	DisplayName          string   `protobuf:"bytes,7,opt,name=display_name,json=displayName" json:"display_name,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	// This field is optional but it is recommended to be set for any metrics
+	// associated with user-visible concepts, such as Quota.
+	DisplayName string `protobuf:"bytes,7,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
+	// Optional. Metadata which can be used to guide usage of the metric.
+	Metadata *MetricDescriptor_MetricDescriptorMetadata `protobuf:"bytes,10,opt,name=metadata,proto3" json:"metadata,omitempty"`
+	// Optional. The launch stage of the metric definition.
+	LaunchStage          api.LaunchStage `protobuf:"varint,12,opt,name=launch_stage,json=launchStage,proto3,enum=google.api.LaunchStage" json:"launch_stage,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
 }
 
 func (m *MetricDescriptor) Reset()         { *m = MetricDescriptor{} }
 func (m *MetricDescriptor) String() string { return proto.CompactTextString(m) }
 func (*MetricDescriptor) ProtoMessage()    {}
 func (*MetricDescriptor) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metric_14b8b448d25edd31, []int{0}
+	return fileDescriptor_927eaac1a24f8abb, []int{0}
 }
+
 func (m *MetricDescriptor) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_MetricDescriptor.Unmarshal(m, b)
 }
 func (m *MetricDescriptor) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_MetricDescriptor.Marshal(b, m, deterministic)
 }
-func (dst *MetricDescriptor) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_MetricDescriptor.Merge(dst, src)
+func (m *MetricDescriptor) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MetricDescriptor.Merge(m, src)
 }
 func (m *MetricDescriptor) XXX_Size() int {
 	return xxx_messageInfo_MetricDescriptor.Size(m)
@@ -294,15 +342,97 @@ func (m *MetricDescriptor) GetDisplayName() string {
 	return ""
 }
 
+func (m *MetricDescriptor) GetMetadata() *MetricDescriptor_MetricDescriptorMetadata {
+	if m != nil {
+		return m.Metadata
+	}
+	return nil
+}
+
+func (m *MetricDescriptor) GetLaunchStage() api.LaunchStage {
+	if m != nil {
+		return m.LaunchStage
+	}
+	return api.LaunchStage_LAUNCH_STAGE_UNSPECIFIED
+}
+
+// Additional annotations that can be used to guide the usage of a metric.
+type MetricDescriptor_MetricDescriptorMetadata struct {
+	// Deprecated. Please use the MetricDescriptor.launch_stage instead.
+	// The launch stage of the metric definition.
+	LaunchStage api.LaunchStage `protobuf:"varint,1,opt,name=launch_stage,json=launchStage,proto3,enum=google.api.LaunchStage" json:"launch_stage,omitempty"` // Deprecated: Do not use.
+	// The sampling period of metric data points. For metrics which are written
+	// periodically, consecutive data points are stored at this time interval,
+	// excluding data loss due to errors. Metrics with a higher granularity have
+	// a smaller sampling period.
+	SamplePeriod *duration.Duration `protobuf:"bytes,2,opt,name=sample_period,json=samplePeriod,proto3" json:"sample_period,omitempty"`
+	// The delay of data points caused by ingestion. Data points older than this
+	// age are guaranteed to be ingested and available to be read, excluding
+	// data loss due to errors.
+	IngestDelay          *duration.Duration `protobuf:"bytes,3,opt,name=ingest_delay,json=ingestDelay,proto3" json:"ingest_delay,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
+	XXX_unrecognized     []byte             `json:"-"`
+	XXX_sizecache        int32              `json:"-"`
+}
+
+func (m *MetricDescriptor_MetricDescriptorMetadata) Reset() {
+	*m = MetricDescriptor_MetricDescriptorMetadata{}
+}
+func (m *MetricDescriptor_MetricDescriptorMetadata) String() string { return proto.CompactTextString(m) }
+func (*MetricDescriptor_MetricDescriptorMetadata) ProtoMessage()    {}
+func (*MetricDescriptor_MetricDescriptorMetadata) Descriptor() ([]byte, []int) {
+	return fileDescriptor_927eaac1a24f8abb, []int{0, 0}
+}
+
+func (m *MetricDescriptor_MetricDescriptorMetadata) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_MetricDescriptor_MetricDescriptorMetadata.Unmarshal(m, b)
+}
+func (m *MetricDescriptor_MetricDescriptorMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_MetricDescriptor_MetricDescriptorMetadata.Marshal(b, m, deterministic)
+}
+func (m *MetricDescriptor_MetricDescriptorMetadata) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MetricDescriptor_MetricDescriptorMetadata.Merge(m, src)
+}
+func (m *MetricDescriptor_MetricDescriptorMetadata) XXX_Size() int {
+	return xxx_messageInfo_MetricDescriptor_MetricDescriptorMetadata.Size(m)
+}
+func (m *MetricDescriptor_MetricDescriptorMetadata) XXX_DiscardUnknown() {
+	xxx_messageInfo_MetricDescriptor_MetricDescriptorMetadata.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MetricDescriptor_MetricDescriptorMetadata proto.InternalMessageInfo
+
+// Deprecated: Do not use.
+func (m *MetricDescriptor_MetricDescriptorMetadata) GetLaunchStage() api.LaunchStage {
+	if m != nil {
+		return m.LaunchStage
+	}
+	return api.LaunchStage_LAUNCH_STAGE_UNSPECIFIED
+}
+
+func (m *MetricDescriptor_MetricDescriptorMetadata) GetSamplePeriod() *duration.Duration {
+	if m != nil {
+		return m.SamplePeriod
+	}
+	return nil
+}
+
+func (m *MetricDescriptor_MetricDescriptorMetadata) GetIngestDelay() *duration.Duration {
+	if m != nil {
+		return m.IngestDelay
+	}
+	return nil
+}
+
 // A specific metric, identified by specifying values for all of the
 // labels of a [`MetricDescriptor`][google.api.MetricDescriptor].
 type Metric struct {
 	// An existing metric type, see [google.api.MetricDescriptor][google.api.MetricDescriptor].
 	// For example, `custom.googleapis.com/invoice/paid/amount`.
-	Type string `protobuf:"bytes,3,opt,name=type" json:"type,omitempty"`
+	Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"`
 	// The set of label values that uniquely identify this metric. All
 	// labels listed in the `MetricDescriptor` must be assigned values.
-	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
+	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
 	XXX_unrecognized     []byte            `json:"-"`
 	XXX_sizecache        int32             `json:"-"`
@@ -312,16 +442,17 @@ func (m *Metric) Reset()         { *m = Metric{} }
 func (m *Metric) String() string { return proto.CompactTextString(m) }
 func (*Metric) ProtoMessage()    {}
 func (*Metric) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metric_14b8b448d25edd31, []int{1}
+	return fileDescriptor_927eaac1a24f8abb, []int{1}
 }
+
 func (m *Metric) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Metric.Unmarshal(m, b)
 }
 func (m *Metric) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Metric.Marshal(b, m, deterministic)
 }
-func (dst *Metric) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Metric.Merge(dst, src)
+func (m *Metric) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Metric.Merge(m, src)
 }
 func (m *Metric) XXX_Size() int {
 	return xxx_messageInfo_Metric.Size(m)
@@ -347,47 +478,60 @@ func (m *Metric) GetLabels() map[string]string {
 }
 
 func init() {
+	proto.RegisterEnum("google.api.MetricDescriptor_MetricKind", MetricDescriptor_MetricKind_name, MetricDescriptor_MetricKind_value)
+	proto.RegisterEnum("google.api.MetricDescriptor_ValueType", MetricDescriptor_ValueType_name, MetricDescriptor_ValueType_value)
 	proto.RegisterType((*MetricDescriptor)(nil), "google.api.MetricDescriptor")
+	proto.RegisterType((*MetricDescriptor_MetricDescriptorMetadata)(nil), "google.api.MetricDescriptor.MetricDescriptorMetadata")
 	proto.RegisterType((*Metric)(nil), "google.api.Metric")
 	proto.RegisterMapType((map[string]string)(nil), "google.api.Metric.LabelsEntry")
-	proto.RegisterEnum("google.api.MetricDescriptor_MetricKind", MetricDescriptor_MetricKind_name, MetricDescriptor_MetricKind_value)
-	proto.RegisterEnum("google.api.MetricDescriptor_ValueType", MetricDescriptor_ValueType_name, MetricDescriptor_ValueType_value)
 }
 
-func init() { proto.RegisterFile("google/api/metric.proto", fileDescriptor_metric_14b8b448d25edd31) }
-
-var fileDescriptor_metric_14b8b448d25edd31 = []byte{
-	// 506 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x53, 0x4d, 0x6f, 0xda, 0x40,
-	0x10, 0xad, 0x3f, 0x70, 0xc3, 0x10, 0xa1, 0xd5, 0xaa, 0x4a, 0x2c, 0x22, 0x55, 0x94, 0x43, 0xcb,
-	0x09, 0xa4, 0xa4, 0x4a, 0xbf, 0x4e, 0x80, 0xb7, 0xd4, 0x8a, 0xb1, 0x91, 0x63, 0x23, 0xa5, 0x17,
-	0xcb, 0x81, 0x95, 0x65, 0xc5, 0xd8, 0xae, 0x71, 0x22, 0xf9, 0x57, 0xf4, 0x17, 0xf4, 0xd2, 0x5f,
-	0x5a, 0xed, 0xae, 0x03, 0x16, 0x95, 0x72, 0xe2, 0xed, 0x9b, 0x37, 0x6f, 0x67, 0x96, 0x67, 0x38,
-	0x8f, 0xb2, 0x2c, 0x4a, 0xe8, 0x38, 0xcc, 0xe3, 0xf1, 0x96, 0x96, 0x45, 0xbc, 0x1e, 0xe5, 0x45,
-	0x56, 0x66, 0x18, 0x44, 0x61, 0x14, 0xe6, 0x71, 0xef, 0xac, 0x21, 0x4a, 0xc2, 0x7b, 0x9a, 0x08,
-	0xcd, 0xe0, 0x8f, 0x0a, 0x68, 0xc1, 0x9b, 0x0c, 0xba, 0x5b, 0x17, 0x71, 0x5e, 0x66, 0x05, 0xc6,
-	0xa0, 0xa6, 0xe1, 0x96, 0xea, 0x52, 0x5f, 0x1a, 0xb6, 0x5d, 0x8e, 0x19, 0x57, 0x56, 0x39, 0xd5,
-	0x4f, 0x04, 0xc7, 0x30, 0xbe, 0x02, 0x8d, 0x7b, 0xed, 0x74, 0xb9, 0xaf, 0x0c, 0x3b, 0x97, 0x17,
-	0xa3, 0xc3, 0x8d, 0x23, 0x8b, 0x55, 0x0e, 0xa6, 0x6e, 0x2d, 0xc5, 0x3f, 0xa0, 0x23, 0xa6, 0x0c,
-	0x1e, 0xe2, 0x74, 0xa3, 0x2b, 0x7d, 0x69, 0xd8, 0xbd, 0xfc, 0xd0, 0xec, 0x3c, 0x9e, 0xa7, 0x26,
-	0x6e, 0xe2, 0x74, 0xe3, 0xc2, 0x76, 0x8f, 0x31, 0x01, 0x78, 0x0a, 0x93, 0x47, 0x1a, 0xf0, 0xc1,
-	0x54, 0x6e, 0xf4, 0xfe, 0x45, 0xa3, 0x15, 0x93, 0x7b, 0x55, 0x4e, 0xdd, 0xf6, 0xd3, 0x33, 0x64,
-	0x9b, 0x3d, 0xa6, 0x71, 0xa9, 0xb7, 0xc4, 0x66, 0x0c, 0xe3, 0x3e, 0x74, 0x36, 0x75, 0x5b, 0x9c,
-	0xa5, 0xba, 0xc6, 0x4b, 0x4d, 0x0a, 0xbf, 0x83, 0xd3, 0x4d, 0xbc, 0xcb, 0x93, 0xb0, 0x0a, 0xf8,
-	0x5b, 0xbd, 0xae, 0x25, 0x82, 0xb3, 0xc3, 0x2d, 0x1d, 0x38, 0x00, 0x87, 0xc9, 0xf1, 0x05, 0x9c,
-	0x2f, 0x88, 0xe7, 0x9a, 0xb3, 0xe0, 0xc6, 0xb4, 0x8d, 0xc0, 0xb7, 0x6f, 0x97, 0x64, 0x66, 0x7e,
-	0x37, 0x89, 0x81, 0x5e, 0xe1, 0x36, 0xb4, 0xe6, 0x13, 0x7f, 0x4e, 0x90, 0xc4, 0xa0, 0x41, 0x2c,
-	0x6f, 0x82, 0x64, 0xdc, 0x05, 0x98, 0xf9, 0x0b, 0xdf, 0x9a, 0x78, 0xe6, 0x8a, 0x20, 0x65, 0xf0,
-	0x0b, 0xda, 0xfb, 0x0d, 0x70, 0x0f, 0xce, 0x56, 0x13, 0xcb, 0x27, 0x81, 0x77, 0xb7, 0x24, 0x47,
-	0x76, 0x27, 0xa0, 0x4e, 0x1d, 0xc7, 0x12, 0x6e, 0xa6, 0xed, 0x5d, 0x7f, 0x44, 0x32, 0x06, 0xd0,
-	0x0c, 0xc7, 0x9f, 0x5a, 0x04, 0x29, 0x0c, 0xdf, 0x7a, 0xae, 0x69, 0xcf, 0x91, 0x8a, 0x11, 0x9c,
-	0x1a, 0x26, 0x3b, 0x4d, 0x7d, 0xcf, 0x74, 0x6c, 0xd4, 0x62, 0x4d, 0x0b, 0xc7, 0x26, 0x77, 0x48,
-	0x1b, 0xfc, 0x96, 0x40, 0x13, 0x4b, 0xec, 0x13, 0xa0, 0x34, 0x12, 0x70, 0x7d, 0x94, 0x80, 0xb7,
-	0xff, 0x3f, 0xbf, 0x08, 0xc2, 0x8e, 0xa4, 0x65, 0x51, 0x3d, 0x87, 0xa0, 0xf7, 0x05, 0x3a, 0x0d,
-	0x1a, 0x23, 0x50, 0x1e, 0x68, 0x55, 0xe7, 0x8d, 0x41, 0xfc, 0x06, 0x5a, 0xfc, 0x1f, 0xd2, 0x65,
-	0xce, 0x89, 0xc3, 0x57, 0xf9, 0xb3, 0x34, 0x0d, 0xa0, 0xbb, 0xce, 0xb6, 0x8d, 0x7b, 0xa6, 0x1d,
-	0x71, 0xd1, 0x92, 0x05, 0x7a, 0x29, 0xfd, 0xfc, 0x54, 0x97, 0xa2, 0x2c, 0x09, 0xd3, 0x68, 0x94,
-	0x15, 0xd1, 0x38, 0xa2, 0x29, 0x8f, 0xfb, 0x58, 0x94, 0xc2, 0x3c, 0xde, 0x35, 0x3e, 0x97, 0x6f,
-	0xe2, 0xe7, 0xaf, 0xac, 0xce, 0x27, 0x4b, 0xf3, 0x5e, 0xe3, 0xd2, 0xab, 0x7f, 0x01, 0x00, 0x00,
-	0xff, 0xff, 0x18, 0x04, 0x05, 0x82, 0x58, 0x03, 0x00, 0x00,
+func init() {
+	proto.RegisterFile("google/api/metric.proto", fileDescriptor_927eaac1a24f8abb)
+}
+
+var fileDescriptor_927eaac1a24f8abb = []byte{
+	// 661 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xdd, 0x6e, 0xd3, 0x30,
+	0x14, 0x26, 0xe9, 0xcf, 0xd6, 0x93, 0x32, 0x45, 0x16, 0xda, 0x42, 0x27, 0xa6, 0xd2, 0x0b, 0xe8,
+	0x55, 0x2b, 0x6d, 0x30, 0x60, 0xa0, 0x49, 0xed, 0x12, 0x4a, 0xb4, 0x36, 0x2d, 0x59, 0x32, 0x69,
+	0xdc, 0x44, 0x5e, 0x63, 0x42, 0xb4, 0x34, 0x09, 0x49, 0x3a, 0xa9, 0x4f, 0xc0, 0x25, 0xef, 0xc0,
+	0x53, 0xf1, 0x38, 0xc8, 0x76, 0xda, 0x66, 0x45, 0x54, 0x5c, 0xe5, 0xf8, 0xfb, 0xbe, 0xf3, 0xd9,
+	0xc7, 0x3e, 0x27, 0x70, 0xe0, 0x45, 0x91, 0x17, 0x90, 0x2e, 0x8e, 0xfd, 0xee, 0x8c, 0x64, 0x89,
+	0x3f, 0xed, 0xc4, 0x49, 0x94, 0x45, 0x08, 0x38, 0xd1, 0xc1, 0xb1, 0xdf, 0xd8, 0x2f, 0x88, 0x02,
+	0x7c, 0x4b, 0x02, 0xae, 0x69, 0x3c, 0x7b, 0x80, 0xcf, 0xc3, 0xe9, 0x37, 0x27, 0xcd, 0xb0, 0x47,
+	0x72, 0xfa, 0x28, 0xa7, 0xd9, 0xea, 0x76, 0xfe, 0xb5, 0xeb, 0xce, 0x13, 0x9c, 0xf9, 0x51, 0xc8,
+	0xf9, 0xd6, 0x8f, 0x1d, 0x90, 0x47, 0x6c, 0x4f, 0x95, 0xa4, 0xd3, 0xc4, 0x8f, 0xb3, 0x28, 0x41,
+	0x08, 0xca, 0x21, 0x9e, 0x11, 0x45, 0x68, 0x0a, 0xed, 0x9a, 0xc9, 0x62, 0x8a, 0x65, 0x8b, 0x98,
+	0x28, 0xbb, 0x1c, 0xa3, 0x31, 0x3a, 0x81, 0x2a, 0x3b, 0x4a, 0xaa, 0x88, 0xcd, 0x52, 0x5b, 0x3a,
+	0x3e, 0xec, 0xac, 0x0f, 0xdc, 0x19, 0x52, 0x66, 0x6d, 0x6a, 0xe6, 0x52, 0xf4, 0x09, 0x24, 0x5e,
+	0xa4, 0x73, 0xe7, 0x87, 0xae, 0x52, 0x6a, 0x0a, 0xed, 0xbd, 0xe3, 0x97, 0xc5, 0xcc, 0xcd, 0xf3,
+	0xe4, 0xc0, 0xa5, 0x1f, 0xba, 0x26, 0xcc, 0x56, 0x31, 0xd2, 0x00, 0xee, 0x71, 0x30, 0x27, 0x0e,
+	0x3b, 0x58, 0x99, 0x19, 0xbd, 0xd8, 0x6a, 0x74, 0x4d, 0xe5, 0xd6, 0x22, 0x26, 0x66, 0xed, 0x7e,
+	0x19, 0xd2, 0xca, 0xe6, 0xa1, 0x9f, 0x29, 0x15, 0x5e, 0x19, 0x8d, 0x51, 0x13, 0x24, 0x37, 0x4f,
+	0xf3, 0xa3, 0x50, 0xa9, 0x32, 0xaa, 0x08, 0xa1, 0xe7, 0x50, 0x77, 0xfd, 0x34, 0x0e, 0xf0, 0xc2,
+	0x61, 0x77, 0xb5, 0x93, 0x4b, 0x38, 0x66, 0xd0, 0x2b, 0xfb, 0x0c, 0xbb, 0x33, 0x92, 0x61, 0x17,
+	0x67, 0x58, 0x81, 0xa6, 0xd0, 0x96, 0x8e, 0x5f, 0xff, 0x47, 0x99, 0x6b, 0x60, 0x94, 0x27, 0x9b,
+	0x2b, 0x1b, 0x74, 0x06, 0xf5, 0xe2, 0x23, 0x2b, 0x75, 0x56, 0xf4, 0xc1, 0xc3, 0x7b, 0xa7, 0xfc,
+	0x15, 0xa5, 0x4d, 0x29, 0x58, 0x2f, 0x1a, 0xbf, 0x05, 0x50, 0xfe, 0xb5, 0x05, 0x3a, 0xdf, 0x30,
+	0x16, 0xb6, 0x1a, 0xf7, 0x45, 0x45, 0x78, 0x60, 0x8e, 0xce, 0xe1, 0x71, 0x8a, 0x67, 0x71, 0x40,
+	0x9c, 0x98, 0x24, 0x7e, 0xe4, 0x2a, 0x22, 0x2b, 0xf8, 0xe9, 0xd2, 0x60, 0xd9, 0x7f, 0x1d, 0x35,
+	0xef, 0x3f, 0xb3, 0xce, 0xf5, 0x13, 0x26, 0x47, 0x1f, 0xa0, 0xee, 0x87, 0x1e, 0x49, 0x33, 0xc7,
+	0x25, 0x01, 0x5e, 0xb0, 0xb6, 0xd8, 0x9a, 0x2e, 0x71, 0xb9, 0x4a, 0xd5, 0xad, 0x31, 0xc0, 0xba,
+	0x47, 0xd0, 0x21, 0x1c, 0x8c, 0x34, 0xcb, 0xd4, 0x2f, 0x9c, 0x4b, 0xdd, 0x50, 0x1d, 0xdb, 0xb8,
+	0x9a, 0x68, 0x17, 0xfa, 0x47, 0x5d, 0x53, 0xe5, 0x47, 0xa8, 0x06, 0x95, 0x41, 0xcf, 0x1e, 0x68,
+	0xb2, 0x40, 0x43, 0x55, 0x1b, 0x5a, 0x3d, 0x59, 0x44, 0x7b, 0x00, 0x17, 0xf6, 0xc8, 0x1e, 0xf6,
+	0x2c, 0xfd, 0x5a, 0x93, 0x4b, 0xad, 0xef, 0x50, 0x5b, 0xf5, 0x0a, 0x6a, 0xc0, 0xfe, 0x75, 0x6f,
+	0x68, 0x6b, 0x8e, 0x75, 0x33, 0xd1, 0x36, 0xec, 0x76, 0xa1, 0xdc, 0x1f, 0x8f, 0x87, 0xdc, 0x4d,
+	0x37, 0xac, 0xd3, 0x57, 0xb2, 0x88, 0x00, 0xaa, 0xea, 0xd8, 0xee, 0x0f, 0x35, 0xb9, 0x44, 0xe3,
+	0x2b, 0xcb, 0xd4, 0x8d, 0x81, 0x5c, 0x46, 0x32, 0xd4, 0x55, 0x9d, 0xae, 0xfa, 0xb6, 0xa5, 0x8f,
+	0x0d, 0xb9, 0x42, 0x93, 0x46, 0x63, 0x43, 0xbb, 0x91, 0xab, 0xad, 0x9f, 0x02, 0x54, 0x79, 0x11,
+	0xab, 0x59, 0x2b, 0x15, 0x66, 0xed, 0x74, 0x63, 0xd6, 0x8e, 0xfe, 0x6e, 0x25, 0x3e, 0x72, 0xa9,
+	0x16, 0x66, 0xc9, 0x62, 0x39, 0x6e, 0x8d, 0x77, 0x20, 0x15, 0x60, 0x24, 0x43, 0xe9, 0x8e, 0x2c,
+	0xf2, 0xc9, 0xa6, 0x21, 0x7a, 0x02, 0x15, 0x36, 0x0b, 0xec, 0xc5, 0x6a, 0x26, 0x5f, 0x9c, 0x89,
+	0x6f, 0x85, 0xbe, 0x03, 0x7b, 0xd3, 0x68, 0x56, 0xd8, 0xa7, 0x2f, 0xf1, 0x8d, 0x26, 0xf4, 0x35,
+	0x26, 0xc2, 0x97, 0x37, 0x39, 0xe5, 0x45, 0x01, 0x0e, 0xbd, 0x4e, 0x94, 0x78, 0x5d, 0x8f, 0x84,
+	0xec, 0xad, 0xba, 0x9c, 0xc2, 0xb1, 0x9f, 0x16, 0xfe, 0x6b, 0xef, 0xf9, 0xe7, 0x97, 0x58, 0x1e,
+	0xf4, 0x26, 0xfa, 0x6d, 0x95, 0x49, 0x4f, 0xfe, 0x04, 0x00, 0x00, 0xff, 0xff, 0x7b, 0x9a, 0x6a,
+	0xfb, 0x01, 0x05, 0x00, 0x00,
 }
diff --git a/vendor/google.golang.org/genproto/googleapis/api/monitoredres/monitored_resource.pb.go b/vendor/google.golang.org/genproto/googleapis/api/monitoredres/monitored_resource.pb.go
index bc6ec8fc7b881..d2ffbd4e0a139 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/monitoredres/monitored_resource.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/monitoredres/monitored_resource.pb.go
@@ -1,12 +1,17 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/api/monitored_resource.proto
 
-package monitoredres // import "google.golang.org/genproto/googleapis/api/monitoredres"
+package monitoredres
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import label "google.golang.org/genproto/googleapis/api/label"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	_struct "github.com/golang/protobuf/ptypes/struct"
+	api "google.golang.org/genproto/googleapis/api"
+	label "google.golang.org/genproto/googleapis/api/label"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -17,7 +22,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // An object that describes the schema of a [MonitoredResource][google.api.MonitoredResource] object using a
 // type name and a set of labels.  For example, the monitored resource
@@ -35,42 +40,45 @@ type MonitoredResourceDescriptor struct {
 	// {project_id} is a project ID that provides API-specific context for
 	// accessing the type.  APIs that do not use project information can use the
 	// resource name format `"monitoredResourceDescriptors/{type}"`.
-	Name string `protobuf:"bytes,5,opt,name=name" json:"name,omitempty"`
+	Name string `protobuf:"bytes,5,opt,name=name,proto3" json:"name,omitempty"`
 	// Required. The monitored resource type. For example, the type
 	// `"cloudsql_database"` represents databases in Google Cloud SQL.
 	// The maximum length of this value is 256 characters.
-	Type string `protobuf:"bytes,1,opt,name=type" json:"type,omitempty"`
+	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
 	// Optional. A concise name for the monitored resource type that might be
 	// displayed in user interfaces. It should be a Title Cased Noun Phrase,
 	// without any article or other determiners. For example,
 	// `"Google Cloud SQL Database"`.
-	DisplayName string `protobuf:"bytes,2,opt,name=display_name,json=displayName" json:"display_name,omitempty"`
+	DisplayName string `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
 	// Optional. A detailed description of the monitored resource type that might
 	// be used in documentation.
-	Description string `protobuf:"bytes,3,opt,name=description" json:"description,omitempty"`
+	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
 	// Required. A set of labels used to describe instances of this monitored
 	// resource type. For example, an individual Google Cloud SQL database is
 	// identified by values for the labels `"database_id"` and `"zone"`.
-	Labels               []*label.LabelDescriptor `protobuf:"bytes,4,rep,name=labels" json:"labels,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
-	XXX_unrecognized     []byte                   `json:"-"`
-	XXX_sizecache        int32                    `json:"-"`
+	Labels []*label.LabelDescriptor `protobuf:"bytes,4,rep,name=labels,proto3" json:"labels,omitempty"`
+	// Optional. The launch stage of the monitored resource definition.
+	LaunchStage          api.LaunchStage `protobuf:"varint,7,opt,name=launch_stage,json=launchStage,proto3,enum=google.api.LaunchStage" json:"launch_stage,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
 }
 
 func (m *MonitoredResourceDescriptor) Reset()         { *m = MonitoredResourceDescriptor{} }
 func (m *MonitoredResourceDescriptor) String() string { return proto.CompactTextString(m) }
 func (*MonitoredResourceDescriptor) ProtoMessage()    {}
 func (*MonitoredResourceDescriptor) Descriptor() ([]byte, []int) {
-	return fileDescriptor_monitored_resource_c7b4d8e4dff11cf8, []int{0}
+	return fileDescriptor_6cd8bd738b08f2bf, []int{0}
 }
+
 func (m *MonitoredResourceDescriptor) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_MonitoredResourceDescriptor.Unmarshal(m, b)
 }
 func (m *MonitoredResourceDescriptor) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_MonitoredResourceDescriptor.Marshal(b, m, deterministic)
 }
-func (dst *MonitoredResourceDescriptor) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_MonitoredResourceDescriptor.Merge(dst, src)
+func (m *MonitoredResourceDescriptor) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MonitoredResourceDescriptor.Merge(m, src)
 }
 func (m *MonitoredResourceDescriptor) XXX_Size() int {
 	return xxx_messageInfo_MonitoredResourceDescriptor.Size(m)
@@ -116,6 +124,13 @@ func (m *MonitoredResourceDescriptor) GetLabels() []*label.LabelDescriptor {
 	return nil
 }
 
+func (m *MonitoredResourceDescriptor) GetLaunchStage() api.LaunchStage {
+	if m != nil {
+		return m.LaunchStage
+	}
+	return api.LaunchStage_LAUNCH_STAGE_UNSPECIFIED
+}
+
 // An object representing a resource that can be used for monitoring, logging,
 // billing, or other purposes. Examples include virtual machine instances,
 // databases, and storage devices such as disks. The `type` field identifies a
@@ -132,12 +147,12 @@ func (m *MonitoredResourceDescriptor) GetLabels() []*label.LabelDescriptor {
 type MonitoredResource struct {
 	// Required. The monitored resource type. This field must match
 	// the `type` field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object. For
-	// example, the type of a Cloud SQL database is `"cloudsql_database"`.
-	Type string `protobuf:"bytes,1,opt,name=type" json:"type,omitempty"`
+	// example, the type of a Compute Engine VM instance is `gce_instance`.
+	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
 	// Required. Values for all of the labels listed in the associated monitored
-	// resource descriptor. For example, Cloud SQL databases use the labels
-	// `"database_id"` and `"zone"`.
-	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
+	// resource descriptor. For example, Compute Engine VM instances use the
+	// labels `"project_id"`, `"instance_id"`, and `"zone"`.
+	Labels               map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
 	XXX_unrecognized     []byte            `json:"-"`
 	XXX_sizecache        int32             `json:"-"`
@@ -147,16 +162,17 @@ func (m *MonitoredResource) Reset()         { *m = MonitoredResource{} }
 func (m *MonitoredResource) String() string { return proto.CompactTextString(m) }
 func (*MonitoredResource) ProtoMessage()    {}
 func (*MonitoredResource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_monitored_resource_c7b4d8e4dff11cf8, []int{1}
+	return fileDescriptor_6cd8bd738b08f2bf, []int{1}
 }
+
 func (m *MonitoredResource) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_MonitoredResource.Unmarshal(m, b)
 }
 func (m *MonitoredResource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_MonitoredResource.Marshal(b, m, deterministic)
 }
-func (dst *MonitoredResource) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_MonitoredResource.Merge(dst, src)
+func (m *MonitoredResource) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MonitoredResource.Merge(m, src)
 }
 func (m *MonitoredResource) XXX_Size() int {
 	return xxx_messageInfo_MonitoredResource.Size(m)
@@ -181,37 +197,110 @@ func (m *MonitoredResource) GetLabels() map[string]string {
 	return nil
 }
 
+// Auxiliary metadata for a [MonitoredResource][google.api.MonitoredResource] object.
+// [MonitoredResource][google.api.MonitoredResource] objects contain the minimum set of information to
+// uniquely identify a monitored resource instance. There is some other useful
+// auxiliary metadata. Monitoring and Logging use an ingestion
+// pipeline to extract metadata for cloud resources of all types, and store
+// the metadata in this message.
+type MonitoredResourceMetadata struct {
+	// Output only. Values for predefined system metadata labels.
+	// System labels are a kind of metadata extracted by Google, including
+	// "machine_image", "vpc", "subnet_id",
+	// "security_group", "name", etc.
+	// System label values can be only strings, Boolean values, or a list of
+	// strings. For example:
+	//
+	//     { "name": "my-test-instance",
+	//       "security_group": ["a", "b", "c"],
+	//       "spot_instance": false }
+	SystemLabels *_struct.Struct `protobuf:"bytes,1,opt,name=system_labels,json=systemLabels,proto3" json:"system_labels,omitempty"`
+	// Output only. A map of user-defined metadata labels.
+	UserLabels           map[string]string `protobuf:"bytes,2,rep,name=user_labels,json=userLabels,proto3" json:"user_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *MonitoredResourceMetadata) Reset()         { *m = MonitoredResourceMetadata{} }
+func (m *MonitoredResourceMetadata) String() string { return proto.CompactTextString(m) }
+func (*MonitoredResourceMetadata) ProtoMessage()    {}
+func (*MonitoredResourceMetadata) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6cd8bd738b08f2bf, []int{2}
+}
+
+func (m *MonitoredResourceMetadata) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_MonitoredResourceMetadata.Unmarshal(m, b)
+}
+func (m *MonitoredResourceMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_MonitoredResourceMetadata.Marshal(b, m, deterministic)
+}
+func (m *MonitoredResourceMetadata) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MonitoredResourceMetadata.Merge(m, src)
+}
+func (m *MonitoredResourceMetadata) XXX_Size() int {
+	return xxx_messageInfo_MonitoredResourceMetadata.Size(m)
+}
+func (m *MonitoredResourceMetadata) XXX_DiscardUnknown() {
+	xxx_messageInfo_MonitoredResourceMetadata.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MonitoredResourceMetadata proto.InternalMessageInfo
+
+func (m *MonitoredResourceMetadata) GetSystemLabels() *_struct.Struct {
+	if m != nil {
+		return m.SystemLabels
+	}
+	return nil
+}
+
+func (m *MonitoredResourceMetadata) GetUserLabels() map[string]string {
+	if m != nil {
+		return m.UserLabels
+	}
+	return nil
+}
+
 func init() {
 	proto.RegisterType((*MonitoredResourceDescriptor)(nil), "google.api.MonitoredResourceDescriptor")
 	proto.RegisterType((*MonitoredResource)(nil), "google.api.MonitoredResource")
 	proto.RegisterMapType((map[string]string)(nil), "google.api.MonitoredResource.LabelsEntry")
+	proto.RegisterType((*MonitoredResourceMetadata)(nil), "google.api.MonitoredResourceMetadata")
+	proto.RegisterMapType((map[string]string)(nil), "google.api.MonitoredResourceMetadata.UserLabelsEntry")
 }
 
 func init() {
-	proto.RegisterFile("google/api/monitored_resource.proto", fileDescriptor_monitored_resource_c7b4d8e4dff11cf8)
-}
-
-var fileDescriptor_monitored_resource_c7b4d8e4dff11cf8 = []byte{
-	// 321 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x51, 0x4b, 0x4b, 0x3b, 0x31,
-	0x10, 0x27, 0xdb, 0x07, 0xfc, 0x67, 0xff, 0x88, 0x06, 0x29, 0x4b, 0x7b, 0xa9, 0xf5, 0x52, 0x2f,
-	0xbb, 0x60, 0x2f, 0x3e, 0x4e, 0xad, 0x8a, 0x08, 0x2a, 0xa5, 0x47, 0x2f, 0x25, 0x6d, 0xc3, 0x12,
-	0xdc, 0x66, 0x42, 0xb2, 0x15, 0xf6, 0xeb, 0x08, 0x7e, 0x0e, 0xbf, 0x96, 0x47, 0xc9, 0xa3, 0x76,
-	0xa5, 0xde, 0x26, 0xbf, 0xf9, 0x3d, 0x66, 0x32, 0x70, 0x9a, 0x23, 0xe6, 0x05, 0xcf, 0x98, 0x12,
-	0xd9, 0x1a, 0xa5, 0x28, 0x51, 0xf3, 0xd5, 0x5c, 0x73, 0x83, 0x1b, 0xbd, 0xe4, 0xa9, 0xd2, 0x58,
-	0x22, 0x05, 0x4f, 0x4a, 0x99, 0x12, 0xdd, 0x4e, 0x4d, 0x50, 0xb0, 0x05, 0x2f, 0x3c, 0x67, 0xf0,
-	0x49, 0xa0, 0xf7, 0xb4, 0x35, 0x98, 0x05, 0xfd, 0x2d, 0x37, 0x4b, 0x2d, 0x54, 0x89, 0x9a, 0x52,
-	0x68, 0x4a, 0xb6, 0xe6, 0x49, 0xab, 0x4f, 0x86, 0xff, 0x66, 0xae, 0xb6, 0x58, 0x59, 0x29, 0x9e,
-	0x10, 0x8f, 0xd9, 0x9a, 0x9e, 0xc0, 0xff, 0x95, 0x30, 0xaa, 0x60, 0xd5, 0xdc, 0xf1, 0x23, 0xd7,
-	0x8b, 0x03, 0xf6, 0x6c, 0x65, 0x7d, 0x88, 0x57, 0xc1, 0x58, 0xa0, 0x4c, 0x1a, 0x81, 0xb1, 0x83,
-	0xe8, 0x08, 0xda, 0x6e, 0x36, 0x93, 0x34, 0xfb, 0x8d, 0x61, 0x7c, 0xde, 0x4b, 0x77, 0x1b, 0xa4,
-	0x8f, 0xb6, 0xb3, 0x9b, 0x6c, 0x16, 0xa8, 0x83, 0x0f, 0x02, 0x47, 0x7b, 0x1b, 0xfc, 0x39, 0xe3,
-	0xf8, 0xc7, 0x3e, 0x72, 0xf6, 0x67, 0x75, 0xfb, 0x3d, 0x0b, 0x1f, 0x68, 0xee, 0x64, 0xa9, 0xab,
-	0x6d, 0x58, 0xf7, 0x12, 0xe2, 0x1a, 0x4c, 0x0f, 0xa1, 0xf1, 0xca, 0xab, 0x10, 0x62, 0x4b, 0x7a,
-	0x0c, 0xad, 0x37, 0x56, 0x6c, 0xb6, 0x1f, 0xe0, 0x1f, 0x57, 0xd1, 0x05, 0x99, 0x54, 0x70, 0xb0,
-	0xc4, 0x75, 0x2d, 0x72, 0xd2, 0xd9, 0xcb, 0x9c, 0xda, 0x9b, 0x4c, 0xc9, 0xcb, 0x4d, 0x60, 0xe5,
-	0x58, 0x30, 0x99, 0xa7, 0xa8, 0xf3, 0x2c, 0xe7, 0xd2, 0x5d, 0x2c, 0xf3, 0x2d, 0xa6, 0x84, 0xf9,
-	0x7d, 0x7d, 0xcd, 0xcd, 0x75, 0xfd, 0xf1, 0x45, 0xc8, 0x7b, 0xd4, 0xbc, 0x1f, 0x4f, 0x1f, 0x16,
-	0x6d, 0xa7, 0x1c, 0x7d, 0x07, 0x00, 0x00, 0xff, 0xff, 0xf8, 0xfb, 0xfb, 0x11, 0x36, 0x02, 0x00,
-	0x00,
+	proto.RegisterFile("google/api/monitored_resource.proto", fileDescriptor_6cd8bd738b08f2bf)
+}
+
+var fileDescriptor_6cd8bd738b08f2bf = []byte{
+	// 448 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x53, 0x4d, 0x8b, 0xd4, 0x40,
+	0x10, 0xa5, 0x67, 0x66, 0x57, 0xac, 0x8c, 0xab, 0x36, 0xb2, 0xc6, 0xac, 0x42, 0x1c, 0x2f, 0xe3,
+	0x25, 0x81, 0x5d, 0x04, 0x5d, 0xf5, 0xb0, 0xab, 0x22, 0x82, 0x2b, 0x43, 0x16, 0x3d, 0x78, 0x09,
+	0x3d, 0x49, 0x1b, 0x83, 0x49, 0x3a, 0x74, 0x77, 0x84, 0xfc, 0x1d, 0xc1, 0xff, 0xe7, 0x51, 0xf0,
+	0x22, 0xfd, 0x91, 0x49, 0x62, 0x44, 0xf0, 0x56, 0xf5, 0xde, 0xab, 0xaa, 0xf7, 0xd2, 0x04, 0x1e,
+	0x64, 0x8c, 0x65, 0x05, 0x0d, 0x49, 0x9d, 0x87, 0x25, 0xab, 0x72, 0xc9, 0x38, 0x4d, 0x63, 0x4e,
+	0x05, 0x6b, 0x78, 0x42, 0x83, 0x9a, 0x33, 0xc9, 0x30, 0x18, 0x51, 0x40, 0xea, 0xdc, 0x3b, 0x1c,
+	0x0c, 0x14, 0x64, 0x4b, 0x0b, 0xa3, 0xf1, 0xee, 0x8d, 0xf0, 0xa6, 0x4a, 0x3e, 0xc7, 0x42, 0x92,
+	0xcc, 0xae, 0xf0, 0xee, 0x5a, 0x5a, 0x77, 0xdb, 0xe6, 0x53, 0x28, 0x24, 0x6f, 0x12, 0x69, 0xd8,
+	0xd5, 0x2f, 0x04, 0x47, 0x17, 0xdd, 0xf5, 0xc8, 0x1e, 0x7f, 0x49, 0x45, 0xc2, 0xf3, 0x5a, 0x32,
+	0x8e, 0x31, 0x2c, 0x2a, 0x52, 0x52, 0x77, 0xcf, 0x47, 0xeb, 0xab, 0x91, 0xae, 0x15, 0x26, 0xdb,
+	0x9a, 0xba, 0xc8, 0x60, 0xaa, 0xc6, 0xf7, 0x61, 0x99, 0xe6, 0xa2, 0x2e, 0x48, 0x1b, 0x6b, 0xfd,
+	0x4c, 0x73, 0x8e, 0xc5, 0xde, 0xa9, 0x31, 0x1f, 0x9c, 0xd4, 0x2e, 0xce, 0x59, 0xe5, 0xce, 0xad,
+	0xa2, 0x87, 0xf0, 0x09, 0xec, 0xeb, 0x60, 0xc2, 0x5d, 0xf8, 0xf3, 0xb5, 0x73, 0x7c, 0x14, 0xf4,
+	0xf1, 0x83, 0xb7, 0x8a, 0xe9, 0x9d, 0x45, 0x56, 0x8a, 0x4f, 0x61, 0x39, 0x4c, 0xed, 0x5e, 0xf1,
+	0xd1, 0xfa, 0xe0, 0xf8, 0xf6, 0x78, 0x54, 0xf1, 0x97, 0x8a, 0x8e, 0x9c, 0xa2, 0x6f, 0x56, 0xdf,
+	0x11, 0xdc, 0x9c, 0xa4, 0xff, 0x6b, 0xbe, 0xb3, 0x9d, 0xb5, 0x99, 0xb6, 0xf6, 0x70, 0xb8, 0x7f,
+	0xb2, 0xc2, 0x98, 0x15, 0xaf, 0x2a, 0xc9, 0xdb, 0xce, 0xa8, 0xf7, 0x04, 0x9c, 0x01, 0x8c, 0x6f,
+	0xc0, 0xfc, 0x0b, 0x6d, 0xed, 0x11, 0x55, 0xe2, 0x5b, 0xb0, 0xf7, 0x95, 0x14, 0x4d, 0xf7, 0xf1,
+	0x4c, 0x73, 0x3a, 0x7b, 0x8c, 0x56, 0x3f, 0x10, 0xdc, 0x99, 0x1c, 0xb9, 0xa0, 0x92, 0xa4, 0x44,
+	0x12, 0xfc, 0x0c, 0xae, 0x89, 0x56, 0x48, 0x5a, 0xc6, 0xd6, 0xa2, 0xda, 0xe9, 0xf4, 0x9f, 0xa0,
+	0x7b, 0xf9, 0xe0, 0x52, 0xbf, 0x7c, 0xb4, 0x34, 0x6a, 0x63, 0x06, 0x7f, 0x00, 0xa7, 0x11, 0x94,
+	0xc7, 0xa3, 0x78, 0x8f, 0xfe, 0x19, 0xaf, 0xbb, 0x1c, 0xbc, 0x17, 0x94, 0x0f, 0xa3, 0x42, 0xb3,
+	0x03, 0xbc, 0xe7, 0x70, 0xfd, 0x0f, 0xfa, 0x7f, 0x22, 0x9f, 0xb7, 0x70, 0x90, 0xb0, 0x72, 0x60,
+	0xe3, 0xfc, 0x70, 0xe2, 0x63, 0xa3, 0x82, 0x6d, 0xd0, 0xc7, 0x17, 0x56, 0x95, 0xb1, 0x82, 0x54,
+	0x59, 0xc0, 0x78, 0x16, 0x66, 0xb4, 0xd2, 0xb1, 0x43, 0x43, 0x91, 0x3a, 0x17, 0xe3, 0x3f, 0x8d,
+	0x53, 0xf1, 0x74, 0xd8, 0xfc, 0x44, 0xe8, 0xdb, 0x6c, 0xf1, 0xfa, 0x6c, 0xf3, 0x66, 0xbb, 0xaf,
+	0x27, 0x4f, 0x7e, 0x07, 0x00, 0x00, 0xff, 0xff, 0x4b, 0xa6, 0xca, 0xf1, 0xa2, 0x03, 0x00, 0x00,
 }
diff --git a/vendor/google.golang.org/genproto/googleapis/logging/type/http_request.pb.go b/vendor/google.golang.org/genproto/googleapis/logging/type/http_request.pb.go
index fb1d2cd47be79..b4a6ba8fabe55 100644
--- a/vendor/google.golang.org/genproto/googleapis/logging/type/http_request.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/logging/type/http_request.pb.go
@@ -1,13 +1,16 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/logging/type/http_request.proto
 
-package ltype // import "google.golang.org/genproto/googleapis/logging/type"
+package ltype
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import duration "github.com/golang/protobuf/ptypes/duration"
-import _ "google.golang.org/genproto/googleapis/api/annotations"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	duration "github.com/golang/protobuf/ptypes/duration"
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -18,56 +21,58 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // A common proto for logging HTTP requests. Only contains semantics
 // defined by the HTTP specification. Product-specific logging
 // information MUST be defined in a separate message.
 type HttpRequest struct {
 	// The request method. Examples: `"GET"`, `"HEAD"`, `"PUT"`, `"POST"`.
-	RequestMethod string `protobuf:"bytes,1,opt,name=request_method,json=requestMethod" json:"request_method,omitempty"`
+	RequestMethod string `protobuf:"bytes,1,opt,name=request_method,json=requestMethod,proto3" json:"request_method,omitempty"`
 	// The scheme (http, https), the host name, the path and the query
 	// portion of the URL that was requested.
 	// Example: `"http://example.com/some/info?color=red"`.
-	RequestUrl string `protobuf:"bytes,2,opt,name=request_url,json=requestUrl" json:"request_url,omitempty"`
+	RequestUrl string `protobuf:"bytes,2,opt,name=request_url,json=requestUrl,proto3" json:"request_url,omitempty"`
 	// The size of the HTTP request message in bytes, including the request
 	// headers and the request body.
-	RequestSize int64 `protobuf:"varint,3,opt,name=request_size,json=requestSize" json:"request_size,omitempty"`
+	RequestSize int64 `protobuf:"varint,3,opt,name=request_size,json=requestSize,proto3" json:"request_size,omitempty"`
 	// The response code indicating the status of response.
 	// Examples: 200, 404.
-	Status int32 `protobuf:"varint,4,opt,name=status" json:"status,omitempty"`
+	Status int32 `protobuf:"varint,4,opt,name=status,proto3" json:"status,omitempty"`
 	// The size of the HTTP response message sent back to the client, in bytes,
 	// including the response headers and the response body.
-	ResponseSize int64 `protobuf:"varint,5,opt,name=response_size,json=responseSize" json:"response_size,omitempty"`
+	ResponseSize int64 `protobuf:"varint,5,opt,name=response_size,json=responseSize,proto3" json:"response_size,omitempty"`
 	// The user agent sent by the client. Example:
-	// `"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461; .NET CLR 1.0.3705)"`.
-	UserAgent string `protobuf:"bytes,6,opt,name=user_agent,json=userAgent" json:"user_agent,omitempty"`
+	// `"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461; .NET
+	// CLR 1.0.3705)"`.
+	UserAgent string `protobuf:"bytes,6,opt,name=user_agent,json=userAgent,proto3" json:"user_agent,omitempty"`
 	// The IP address (IPv4 or IPv6) of the client that issued the HTTP
 	// request. Examples: `"192.168.1.1"`, `"FE80::0202:B3FF:FE1E:8329"`.
-	RemoteIp string `protobuf:"bytes,7,opt,name=remote_ip,json=remoteIp" json:"remote_ip,omitempty"`
+	RemoteIp string `protobuf:"bytes,7,opt,name=remote_ip,json=remoteIp,proto3" json:"remote_ip,omitempty"`
 	// The IP address (IPv4 or IPv6) of the origin server that the request was
 	// sent to.
-	ServerIp string `protobuf:"bytes,13,opt,name=server_ip,json=serverIp" json:"server_ip,omitempty"`
+	ServerIp string `protobuf:"bytes,13,opt,name=server_ip,json=serverIp,proto3" json:"server_ip,omitempty"`
 	// The referer URL of the request, as defined in
-	// [HTTP/1.1 Header Field Definitions](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).
-	Referer string `protobuf:"bytes,8,opt,name=referer" json:"referer,omitempty"`
+	// [HTTP/1.1 Header Field
+	// Definitions](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).
+	Referer string `protobuf:"bytes,8,opt,name=referer,proto3" json:"referer,omitempty"`
 	// The request processing latency on the server, from the time the request was
 	// received until the response was sent.
-	Latency *duration.Duration `protobuf:"bytes,14,opt,name=latency" json:"latency,omitempty"`
+	Latency *duration.Duration `protobuf:"bytes,14,opt,name=latency,proto3" json:"latency,omitempty"`
 	// Whether or not a cache lookup was attempted.
-	CacheLookup bool `protobuf:"varint,11,opt,name=cache_lookup,json=cacheLookup" json:"cache_lookup,omitempty"`
+	CacheLookup bool `protobuf:"varint,11,opt,name=cache_lookup,json=cacheLookup,proto3" json:"cache_lookup,omitempty"`
 	// Whether or not an entity was served from cache
 	// (with or without validation).
-	CacheHit bool `protobuf:"varint,9,opt,name=cache_hit,json=cacheHit" json:"cache_hit,omitempty"`
+	CacheHit bool `protobuf:"varint,9,opt,name=cache_hit,json=cacheHit,proto3" json:"cache_hit,omitempty"`
 	// Whether or not the response was validated with the origin server before
 	// being served from cache. This field is only meaningful if `cache_hit` is
 	// True.
-	CacheValidatedWithOriginServer bool `protobuf:"varint,10,opt,name=cache_validated_with_origin_server,json=cacheValidatedWithOriginServer" json:"cache_validated_with_origin_server,omitempty"`
+	CacheValidatedWithOriginServer bool `protobuf:"varint,10,opt,name=cache_validated_with_origin_server,json=cacheValidatedWithOriginServer,proto3" json:"cache_validated_with_origin_server,omitempty"`
 	// The number of HTTP response bytes inserted into cache. Set only when a
 	// cache fill was attempted.
-	CacheFillBytes int64 `protobuf:"varint,12,opt,name=cache_fill_bytes,json=cacheFillBytes" json:"cache_fill_bytes,omitempty"`
+	CacheFillBytes int64 `protobuf:"varint,12,opt,name=cache_fill_bytes,json=cacheFillBytes,proto3" json:"cache_fill_bytes,omitempty"`
 	// Protocol used for the request. Examples: "HTTP/1.1", "HTTP/2", "websocket"
-	Protocol             string   `protobuf:"bytes,15,opt,name=protocol" json:"protocol,omitempty"`
+	Protocol             string   `protobuf:"bytes,15,opt,name=protocol,proto3" json:"protocol,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -77,16 +82,17 @@ func (m *HttpRequest) Reset()         { *m = HttpRequest{} }
 func (m *HttpRequest) String() string { return proto.CompactTextString(m) }
 func (*HttpRequest) ProtoMessage()    {}
 func (*HttpRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_http_request_512b09169cdf78ff, []int{0}
+	return fileDescriptor_ea45f4ec7ed7b641, []int{0}
 }
+
 func (m *HttpRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_HttpRequest.Unmarshal(m, b)
 }
 func (m *HttpRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_HttpRequest.Marshal(b, m, deterministic)
 }
-func (dst *HttpRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_HttpRequest.Merge(dst, src)
+func (m *HttpRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HttpRequest.Merge(m, src)
 }
 func (m *HttpRequest) XXX_Size() int {
 	return xxx_messageInfo_HttpRequest.Size(m)
@@ -207,10 +213,10 @@ func init() {
 }
 
 func init() {
-	proto.RegisterFile("google/logging/type/http_request.proto", fileDescriptor_http_request_512b09169cdf78ff)
+	proto.RegisterFile("google/logging/type/http_request.proto", fileDescriptor_ea45f4ec7ed7b641)
 }
 
-var fileDescriptor_http_request_512b09169cdf78ff = []byte{
+var fileDescriptor_ea45f4ec7ed7b641 = []byte{
 	// 511 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0x5b, 0x6b, 0x14, 0x31,
 	0x18, 0x86, 0x99, 0x1e, 0xf6, 0x90, 0x3d, 0x58, 0x22, 0x68, 0xba, 0x6a, 0x5d, 0x2b, 0xca, 0x5c,
@@ -219,29 +225,29 @@ var fileDescriptor_http_request_512b09169cdf78ff = []byte{
 	0xfe, 0x2a, 0xc9, 0x97, 0x0c, 0x28, 0xf4, 0x66, 0x21, 0xef, 0xf3, 0xbc, 0x49, 0xf6, 0x9b, 0x90,
 	0xa7, 0xa5, 0x94, 0xa5, 0x80, 0x54, 0xc8, 0xb2, 0xe4, 0x75, 0x99, 0xda, 0xad, 0x82, 0xb4, 0xb2,
 	0x56, 0xe5, 0x1a, 0xbe, 0x37, 0x60, 0x6c, 0xa2, 0xb4, 0xb4, 0x92, 0xde, 0xf6, 0x5e, 0x12, 0xbc,
-	0xc4, 0x79, 0x93, 0xfb, 0xa1, 0x5c, 0x28, 0x9e, 0x16, 0x75, 0x2d, 0x6d, 0x61, 0xb9, 0xac, 0x8d,
-	0xaf, 0x4c, 0x8e, 0x02, 0xc5, 0xd5, 0xa2, 0x59, 0xa7, 0xab, 0x46, 0xa3, 0xe0, 0xf9, 0xf1, 0xef,
-	0x3d, 0x32, 0x38, 0xb5, 0x56, 0x65, 0xfe, 0x20, 0xfa, 0x84, 0x8c, 0xc3, 0x99, 0xf9, 0x06, 0x6c,
-	0x25, 0x57, 0x2c, 0x9a, 0x46, 0x71, 0x3f, 0x1b, 0x85, 0xf4, 0x3d, 0x86, 0xf4, 0x21, 0x19, 0xb4,
-	0x5a, 0xa3, 0x05, 0xdb, 0x41, 0x87, 0x84, 0xe8, 0x93, 0x16, 0xf4, 0x11, 0x19, 0xb6, 0x82, 0xe1,
-	0xd7, 0xc0, 0x76, 0xa7, 0x51, 0xbc, 0x9b, 0xb5, 0xa5, 0x4b, 0x7e, 0x0d, 0xf4, 0x0e, 0xe9, 0x18,
-	0x5b, 0xd8, 0xc6, 0xb0, 0xbd, 0x69, 0x14, 0xef, 0x67, 0x61, 0x45, 0x1f, 0x93, 0x91, 0x06, 0xa3,
-	0x64, 0x6d, 0xc0, 0x77, 0xf7, 0xb1, 0x3b, 0x6c, 0x43, 0x2c, 0x3f, 0x20, 0xa4, 0x31, 0xa0, 0xf3,
-	0xa2, 0x84, 0xda, 0xb2, 0x0e, 0x9e, 0xdf, 0x77, 0xc9, 0x4b, 0x17, 0xd0, 0x7b, 0xa4, 0xaf, 0x61,
-	0x23, 0x2d, 0xe4, 0x5c, 0xb1, 0x2e, 0xd2, 0x9e, 0x0f, 0xce, 0x94, 0x83, 0x06, 0xf4, 0x15, 0x68,
-	0x07, 0x47, 0x1e, 0xfa, 0xe0, 0x4c, 0x51, 0x46, 0xba, 0x1a, 0xd6, 0xa0, 0x41, 0xb3, 0x1e, 0xa2,
-	0x76, 0x49, 0x4f, 0x48, 0x57, 0x14, 0x16, 0xea, 0xe5, 0x96, 0x8d, 0xa7, 0x51, 0x3c, 0x78, 0x76,
-	0x98, 0x84, 0xef, 0xd1, 0x0e, 0x37, 0x79, 0x1d, 0x86, 0x9b, 0xb5, 0xa6, 0x9b, 0xc3, 0xb2, 0x58,
-	0x56, 0x90, 0x0b, 0x29, 0xbf, 0x35, 0x8a, 0x0d, 0xa6, 0x51, 0xdc, 0xcb, 0x06, 0x98, 0x9d, 0x63,
-	0xe4, 0xae, 0xe3, 0x95, 0x8a, 0x5b, 0xd6, 0x47, 0xde, 0xc3, 0xe0, 0x94, 0x5b, 0xfa, 0x8e, 0x1c,
-	0x7b, 0x78, 0x55, 0x08, 0xbe, 0x2a, 0x2c, 0xac, 0xf2, 0x1f, 0xdc, 0x56, 0xb9, 0xd4, 0xbc, 0xe4,
-	0x75, 0xee, 0xaf, 0xcd, 0x08, 0xb6, 0x8e, 0xd0, 0xfc, 0xdc, 0x8a, 0x5f, 0xb8, 0xad, 0x3e, 0xa0,
-	0x76, 0x89, 0x16, 0x8d, 0xc9, 0x81, 0xdf, 0x6b, 0xcd, 0x85, 0xc8, 0x17, 0x5b, 0x0b, 0x86, 0x0d,
-	0x71, 0xb6, 0x63, 0xcc, 0xdf, 0x70, 0x21, 0x66, 0x2e, 0xa5, 0x13, 0xd2, 0xc3, 0xff, 0xb4, 0x94,
-	0x82, 0xdd, 0xf2, 0x03, 0x6a, 0xd7, 0xb3, 0x9f, 0x11, 0xb9, 0xbb, 0x94, 0x9b, 0xe4, 0x86, 0xb7,
-	0x38, 0x3b, 0xf8, 0xe7, 0x29, 0x5d, 0xb8, 0xc2, 0x45, 0xf4, 0xf5, 0x79, 0x10, 0x4b, 0x29, 0x8a,
-	0xba, 0x4c, 0xa4, 0x2e, 0xd3, 0x12, 0x6a, 0xdc, 0x2e, 0xf5, 0xa8, 0x50, 0xdc, 0xfc, 0xf7, 0xf6,
-	0x5f, 0x08, 0xf7, 0xfb, 0x6b, 0xe7, 0xf0, 0xad, 0xaf, 0xbe, 0x12, 0xb2, 0x59, 0x25, 0xe7, 0xe1,
-	0xa4, 0x8f, 0x5b, 0x05, 0x7f, 0x5a, 0x36, 0x47, 0x36, 0x0f, 0x6c, 0xee, 0xd8, 0xa2, 0x83, 0x9b,
-	0x9f, 0xfc, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x7d, 0xa3, 0x36, 0xbb, 0x57, 0x03, 0x00, 0x00,
+	0xc4, 0x79, 0x93, 0xa3, 0x50, 0x46, 0x65, 0xd1, 0xac, 0xd3, 0x55, 0xa3, 0x0b, 0xcb, 0x65, 0xed,
+	0x4b, 0x93, 0xfb, 0x81, 0x17, 0x8a, 0xa7, 0x45, 0x5d, 0x4b, 0x8b, 0xd0, 0x78, 0x7a, 0xfc, 0x7b,
+	0x8f, 0x0c, 0x4e, 0xad, 0x55, 0x99, 0x3f, 0x88, 0x3e, 0x21, 0xe3, 0x70, 0x66, 0xbe, 0x01, 0x5b,
+	0xc9, 0x15, 0x8b, 0xa6, 0x51, 0xdc, 0xcf, 0x46, 0x21, 0x7d, 0x8f, 0x21, 0x7d, 0x48, 0x06, 0xad,
+	0xd6, 0x68, 0xc1, 0x76, 0xd0, 0x21, 0x21, 0xfa, 0xa4, 0x05, 0x7d, 0x44, 0x86, 0xad, 0x60, 0xf8,
+	0x35, 0xb0, 0xdd, 0x69, 0x14, 0xef, 0x66, 0x6d, 0xe9, 0x92, 0x5f, 0x03, 0xbd, 0x43, 0x3a, 0xc6,
+	0x16, 0xb6, 0x31, 0x6c, 0x6f, 0x1a, 0xc5, 0xfb, 0x59, 0x58, 0xd1, 0xc7, 0x64, 0xa4, 0xc1, 0x28,
+	0x59, 0x1b, 0xf0, 0xdd, 0x7d, 0xec, 0x0e, 0xdb, 0x10, 0xcb, 0x0f, 0x08, 0x69, 0x0c, 0xe8, 0xbc,
+	0x28, 0xa1, 0xb6, 0xac, 0x83, 0xe7, 0xf7, 0x5d, 0xf2, 0xd2, 0x05, 0xf4, 0x1e, 0xe9, 0x6b, 0xd8,
+	0x48, 0x0b, 0x39, 0x57, 0xac, 0x8b, 0xb4, 0xe7, 0x83, 0x33, 0xe5, 0xa0, 0x01, 0x7d, 0x05, 0xda,
+	0xc1, 0x91, 0x87, 0x3e, 0x38, 0x53, 0x94, 0x91, 0xae, 0x86, 0x35, 0x68, 0xd0, 0xac, 0x87, 0xa8,
+	0x5d, 0xd2, 0x13, 0xd2, 0x15, 0x85, 0x85, 0x7a, 0xb9, 0x65, 0xe3, 0x69, 0x14, 0x0f, 0x9e, 0x1d,
+	0x26, 0xe1, 0x7b, 0xb4, 0xa3, 0x4f, 0x5e, 0x87, 0xd1, 0x67, 0xad, 0xe9, 0xe6, 0xb0, 0x2c, 0x96,
+	0x15, 0xe4, 0x42, 0xca, 0x6f, 0x8d, 0x62, 0x83, 0x69, 0x14, 0xf7, 0xb2, 0x01, 0x66, 0xe7, 0x18,
+	0xb9, 0xeb, 0x78, 0xa5, 0xe2, 0x96, 0xf5, 0x91, 0xf7, 0x30, 0x38, 0xe5, 0x96, 0xbe, 0x23, 0xc7,
+	0x1e, 0x5e, 0x15, 0x82, 0xaf, 0x0a, 0x0b, 0xab, 0xfc, 0x07, 0xb7, 0x55, 0x2e, 0x35, 0x2f, 0x79,
+	0x9d, 0xfb, 0x6b, 0x33, 0x82, 0xad, 0x23, 0x34, 0x3f, 0xb7, 0xe2, 0x17, 0x6e, 0xab, 0x0f, 0xa8,
+	0x5d, 0xa2, 0x45, 0x63, 0x72, 0xe0, 0xf7, 0x5a, 0x73, 0x21, 0xf2, 0xc5, 0xd6, 0x82, 0x61, 0x43,
+	0x9c, 0xed, 0x18, 0xf3, 0x37, 0x5c, 0x88, 0x99, 0x4b, 0xe9, 0x84, 0xf4, 0xf0, 0x3f, 0x2d, 0xa5,
+	0x60, 0xb7, 0xfc, 0x80, 0xda, 0xf5, 0xec, 0x67, 0x44, 0xee, 0x2e, 0xe5, 0x26, 0xb9, 0xe1, 0x2d,
+	0xce, 0x0e, 0xfe, 0x79, 0x4a, 0x17, 0xae, 0x70, 0x11, 0x7d, 0x7d, 0x1e, 0xc4, 0x52, 0x8a, 0xa2,
+	0x2e, 0x13, 0xa9, 0xcb, 0xb4, 0x84, 0x1a, 0xb7, 0x4b, 0x3d, 0x2a, 0x14, 0x37, 0xff, 0xbd, 0xfd,
+	0x17, 0xc2, 0xfd, 0xfe, 0xda, 0x39, 0x7c, 0xeb, 0xab, 0xaf, 0x84, 0x6c, 0x56, 0xc9, 0x79, 0x38,
+	0xe9, 0xe3, 0x56, 0xc1, 0x9f, 0x96, 0xcd, 0x91, 0xcd, 0x03, 0x9b, 0x3b, 0xb6, 0xe8, 0xe0, 0xe6,
+	0x27, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x43, 0x25, 0x30, 0x14, 0x57, 0x03, 0x00, 0x00,
 }
diff --git a/vendor/google.golang.org/genproto/googleapis/logging/type/log_severity.pb.go b/vendor/google.golang.org/genproto/googleapis/logging/type/log_severity.pb.go
index 374f5028131ad..727ff367fd58b 100644
--- a/vendor/google.golang.org/genproto/googleapis/logging/type/log_severity.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/logging/type/log_severity.pb.go
@@ -1,12 +1,15 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/logging/type/log_severity.proto
 
-package ltype // import "google.golang.org/genproto/googleapis/logging/type"
+package ltype
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "google.golang.org/genproto/googleapis/api/annotations"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -17,7 +20,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // The severity of the event described in a log entry, expressed as one of the
 // standard severity levels listed below.  For your reference, the levels are
@@ -69,6 +72,7 @@ var LogSeverity_name = map[int32]string{
 	700: "ALERT",
 	800: "EMERGENCY",
 }
+
 var LogSeverity_value = map[string]int32{
 	"DEFAULT":   0,
 	"DEBUG":     100,
@@ -84,8 +88,9 @@ var LogSeverity_value = map[string]int32{
 func (x LogSeverity) String() string {
 	return proto.EnumName(LogSeverity_name, int32(x))
 }
+
 func (LogSeverity) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_log_severity_6ec6ee905a000c23, []int{0}
+	return fileDescriptor_80f950dcc0b66556, []int{0}
 }
 
 func init() {
@@ -93,10 +98,10 @@ func init() {
 }
 
 func init() {
-	proto.RegisterFile("google/logging/type/log_severity.proto", fileDescriptor_log_severity_6ec6ee905a000c23)
+	proto.RegisterFile("google/logging/type/log_severity.proto", fileDescriptor_80f950dcc0b66556)
 }
 
-var fileDescriptor_log_severity_6ec6ee905a000c23 = []byte{
+var fileDescriptor_80f950dcc0b66556 = []byte{
 	// 309 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x4b, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0xcf, 0xc9, 0x4f, 0x4f, 0xcf, 0xcc, 0x4b, 0xd7, 0x2f, 0xa9, 0x2c, 0x00, 0x73,
diff --git a/vendor/google.golang.org/genproto/googleapis/logging/v2/log_entry.pb.go b/vendor/google.golang.org/genproto/googleapis/logging/v2/log_entry.pb.go
index bdda1ec5d00b3..8c6b46875881c 100644
--- a/vendor/google.golang.org/genproto/googleapis/logging/v2/log_entry.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/logging/v2/log_entry.pb.go
@@ -1,17 +1,21 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/logging/v2/log_entry.proto
 
-package logging // import "google.golang.org/genproto/googleapis/logging/v2"
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import any "github.com/golang/protobuf/ptypes/any"
-import _struct "github.com/golang/protobuf/ptypes/struct"
-import timestamp "github.com/golang/protobuf/ptypes/timestamp"
-import _ "google.golang.org/genproto/googleapis/api/annotations"
-import monitoredres "google.golang.org/genproto/googleapis/api/monitoredres"
-import _type "google.golang.org/genproto/googleapis/logging/type"
+package logging
+
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	any "github.com/golang/protobuf/ptypes/any"
+	_struct "github.com/golang/protobuf/ptypes/struct"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	monitoredres "google.golang.org/genproto/googleapis/api/monitoredres"
+	_type "google.golang.org/genproto/googleapis/logging/type"
+	_ "google.golang.org/genproto/googleapis/rpc/status"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -22,9 +26,11 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // An individual entry in a log.
+//
+//
 type LogEntry struct {
 	// Required. The resource name of the log to which this log entry belongs:
 	//
@@ -33,9 +39,9 @@ type LogEntry struct {
 	//     "billingAccounts/[BILLING_ACCOUNT_ID]/logs/[LOG_ID]"
 	//     "folders/[FOLDER_ID]/logs/[LOG_ID]"
 	//
-	//  A project number may optionally be used in place of PROJECT_ID. The
-	//  project number is translated to its corresponding PROJECT_ID internally
-	//  and the `log_name` field will contain PROJECT_ID in queries and exports.
+	// A project number may optionally be used in place of PROJECT_ID. The project
+	// number is translated to its corresponding PROJECT_ID internally and the
+	// `log_name` field will contain PROJECT_ID in queries and exports.
 	//
 	// `[LOG_ID]` must be URL-encoded within `log_name`. Example:
 	// `"organizations/1234567890/logs/cloudresourcemanager.googleapis.com%2Factivity"`.
@@ -48,12 +54,13 @@ type LogEntry struct {
 	// forward-slash is removed. Listing the log entry will not show the leading
 	// slash and filtering for a log name with a leading slash will never return
 	// any results.
-	LogName string `protobuf:"bytes,12,opt,name=log_name,json=logName" json:"log_name,omitempty"`
-	// Required. The monitored resource associated with this log entry.
-	// Example: a log entry that reports a database error would be
-	// associated with the monitored resource designating the particular
-	// database that reported the error.
-	Resource *monitoredres.MonitoredResource `protobuf:"bytes,8,opt,name=resource" json:"resource,omitempty"`
+	LogName string `protobuf:"bytes,12,opt,name=log_name,json=logName,proto3" json:"log_name,omitempty"`
+	// Required. The monitored resource that produced this log entry.
+	//
+	// Example: a log entry that reports a database error would be associated with
+	// the monitored resource designating the particular database that reported
+	// the error.
+	Resource *monitoredres.MonitoredResource `protobuf:"bytes,8,opt,name=resource,proto3" json:"resource,omitempty"`
 	// Optional. The log entry payload, which can be one of multiple types.
 	//
 	// Types that are valid to be assigned to Payload:
@@ -61,51 +68,77 @@ type LogEntry struct {
 	//	*LogEntry_TextPayload
 	//	*LogEntry_JsonPayload
 	Payload isLogEntry_Payload `protobuf_oneof:"payload"`
-	// Optional. The time the event described by the log entry occurred.
-	// This time is used to compute the log entry's age and to enforce
-	// the logs retention period. If this field is omitted in a new log
-	// entry, then Stackdriver Logging assigns it the current time.
+	// Optional. The time the event described by the log entry occurred.  This
+	// time is used to compute the log entry's age and to enforce the logs
+	// retention period. If this field is omitted in a new log entry, then Logging
+	// assigns it the current time.  Timestamps have nanosecond accuracy, but
+	// trailing zeros in the fractional seconds might be omitted when the
+	// timestamp is displayed.
 	//
-	// Incoming log entries should have timestamps that are no more than
-	// the [logs retention period](/logging/quota-policy) in the past,
-	// and no more than 24 hours in the future.
-	// See the `entries.write` API method for more information.
-	Timestamp *timestamp.Timestamp `protobuf:"bytes,9,opt,name=timestamp" json:"timestamp,omitempty"`
-	// Output only. The time the log entry was received by Stackdriver Logging.
-	ReceiveTimestamp *timestamp.Timestamp `protobuf:"bytes,24,opt,name=receive_timestamp,json=receiveTimestamp" json:"receive_timestamp,omitempty"`
+	// Incoming log entries should have timestamps that are no more than the [logs
+	// retention period](/logging/quotas) in the past, and no more than 24 hours
+	// in the future. Log entries outside those time boundaries will not be
+	// available when calling `entries.list`, but those log entries can still be
+	// [exported with LogSinks](/logging/docs/api/tasks/exporting-logs).
+	Timestamp *timestamp.Timestamp `protobuf:"bytes,9,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	// Output only. The time the log entry was received by Logging.
+	ReceiveTimestamp *timestamp.Timestamp `protobuf:"bytes,24,opt,name=receive_timestamp,json=receiveTimestamp,proto3" json:"receive_timestamp,omitempty"`
 	// Optional. The severity of the log entry. The default value is
 	// `LogSeverity.DEFAULT`.
-	Severity _type.LogSeverity `protobuf:"varint,10,opt,name=severity,enum=google.logging.type.LogSeverity" json:"severity,omitempty"`
+	Severity _type.LogSeverity `protobuf:"varint,10,opt,name=severity,proto3,enum=google.logging.type.LogSeverity" json:"severity,omitempty"`
 	// Optional. A unique identifier for the log entry. If you provide a value,
-	// then Stackdriver Logging considers other log entries in the same project,
-	// with the same `timestamp`, and with the same `insert_id` to be duplicates
-	// which can be removed.  If omitted in new log entries, then Stackdriver
-	// Logging assigns its own unique identifier. The `insert_id` is also used
-	// to order log entries that have the same `timestamp` value.
-	InsertId string `protobuf:"bytes,4,opt,name=insert_id,json=insertId" json:"insert_id,omitempty"`
-	// Optional. Information about the HTTP request associated with this
-	// log entry, if applicable.
-	HttpRequest *_type.HttpRequest `protobuf:"bytes,7,opt,name=http_request,json=httpRequest" json:"http_request,omitempty"`
+	// then Logging considers other log entries in the same project, with the same
+	// `timestamp`, and with the same `insert_id` to be duplicates which are
+	// removed in a single query result. However, there are no guarantees of
+	// de-duplication in the export of logs.
+	//
+	// If the `insert_id` is omitted when writing a log entry, the Logging API
+	//  assigns its own unique identifier in this field.
+	//
+	// In queries, the `insert_id` is also used to order log entries that have
+	// the same `log_name` and `timestamp` values.
+	InsertId string `protobuf:"bytes,4,opt,name=insert_id,json=insertId,proto3" json:"insert_id,omitempty"`
+	// Optional. Information about the HTTP request associated with this log
+	// entry, if applicable.
+	HttpRequest *_type.HttpRequest `protobuf:"bytes,7,opt,name=http_request,json=httpRequest,proto3" json:"http_request,omitempty"`
 	// Optional. A set of user-defined (key, value) data that provides additional
 	// information about the log entry.
-	Labels map[string]string `protobuf:"bytes,11,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
+	Labels map[string]string `protobuf:"bytes,11,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// Deprecated. Output only. Additional metadata about the monitored resource.
+	//
+	// Only `k8s_container`, `k8s_pod`, and `k8s_node` MonitoredResources have
+	// this field populated for GKE versions older than 1.12.6. For GKE versions
+	// 1.12.6 and above, the `metadata` field has been deprecated. The Kubernetes
+	// pod labels that used to be in `metadata.userLabels` will now be present in
+	// the `labels` field with a key prefix of `k8s-pod/`. The Stackdriver system
+	// labels that were present in the `metadata.systemLabels` field will no
+	// longer be available in the LogEntry.
+	Metadata *monitoredres.MonitoredResourceMetadata `protobuf:"bytes,25,opt,name=metadata,proto3" json:"metadata,omitempty"` // Deprecated: Do not use.
 	// Optional. Information about an operation associated with the log entry, if
 	// applicable.
-	Operation *LogEntryOperation `protobuf:"bytes,15,opt,name=operation" json:"operation,omitempty"`
+	Operation *LogEntryOperation `protobuf:"bytes,15,opt,name=operation,proto3" json:"operation,omitempty"`
 	// Optional. Resource name of the trace associated with the log entry, if any.
 	// If it contains a relative resource name, the name is assumed to be relative
 	// to `//tracing.googleapis.com`. Example:
 	// `projects/my-projectid/traces/06796866738c859f2f19b7cfb3214824`
-	Trace string `protobuf:"bytes,22,opt,name=trace" json:"trace,omitempty"`
-	// Optional. Id of the span within the trace associated with the log entry.
-	// e.g. "0000000000000042"
-	// For Stackdriver trace spans, this is the same format that the Stackdriver
-	// trace API uses.
-	// The ID is a 16-character hexadecimal encoding of an 8-byte array.
-	SpanId string `protobuf:"bytes,27,opt,name=span_id,json=spanId" json:"span_id,omitempty"`
+	Trace string `protobuf:"bytes,22,opt,name=trace,proto3" json:"trace,omitempty"`
+	// Optional. The span ID within the trace associated with the log entry.
+	//
+	// For Trace spans, this is the same format that the Trace API v2 uses: a
+	// 16-character hexadecimal encoding of an 8-byte array, such as
+	// <code>"000000000000004a"</code>.
+	SpanId string `protobuf:"bytes,27,opt,name=span_id,json=spanId,proto3" json:"span_id,omitempty"`
+	// Optional. The sampling decision of the trace associated with the log entry.
+	//
+	// True means that the trace resource name in the `trace` field was sampled
+	// for storage in a trace backend. False means that the trace was not sampled
+	// for storage when this log entry was written, or the sampling decision was
+	// unknown at the time. A non-sampled `trace` value is still useful as a
+	// request correlation identifier. The default is False.
+	TraceSampled bool `protobuf:"varint,30,opt,name=trace_sampled,json=traceSampled,proto3" json:"trace_sampled,omitempty"`
 	// Optional. Source code location information associated with the log entry,
 	// if any.
-	SourceLocation       *LogEntrySourceLocation `protobuf:"bytes,23,opt,name=source_location,json=sourceLocation" json:"source_location,omitempty"`
+	SourceLocation       *LogEntrySourceLocation `protobuf:"bytes,23,opt,name=source_location,json=sourceLocation,proto3" json:"source_location,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
 	XXX_unrecognized     []byte                  `json:"-"`
 	XXX_sizecache        int32                   `json:"-"`
@@ -115,16 +148,17 @@ func (m *LogEntry) Reset()         { *m = LogEntry{} }
 func (m *LogEntry) String() string { return proto.CompactTextString(m) }
 func (*LogEntry) ProtoMessage()    {}
 func (*LogEntry) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_entry_186c4d608b380092, []int{0}
+	return fileDescriptor_8ba2017251165146, []int{0}
 }
+
 func (m *LogEntry) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_LogEntry.Unmarshal(m, b)
 }
 func (m *LogEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_LogEntry.Marshal(b, m, deterministic)
 }
-func (dst *LogEntry) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogEntry.Merge(dst, src)
+func (m *LogEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogEntry.Merge(m, src)
 }
 func (m *LogEntry) XXX_Size() int {
 	return xxx_messageInfo_LogEntry.Size(m)
@@ -135,41 +169,45 @@ func (m *LogEntry) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_LogEntry proto.InternalMessageInfo
 
+func (m *LogEntry) GetLogName() string {
+	if m != nil {
+		return m.LogName
+	}
+	return ""
+}
+
+func (m *LogEntry) GetResource() *monitoredres.MonitoredResource {
+	if m != nil {
+		return m.Resource
+	}
+	return nil
+}
+
 type isLogEntry_Payload interface {
 	isLogEntry_Payload()
 }
 
 type LogEntry_ProtoPayload struct {
-	ProtoPayload *any.Any `protobuf:"bytes,2,opt,name=proto_payload,json=protoPayload,oneof"`
+	ProtoPayload *any.Any `protobuf:"bytes,2,opt,name=proto_payload,json=protoPayload,proto3,oneof"`
 }
+
 type LogEntry_TextPayload struct {
-	TextPayload string `protobuf:"bytes,3,opt,name=text_payload,json=textPayload,oneof"`
+	TextPayload string `protobuf:"bytes,3,opt,name=text_payload,json=textPayload,proto3,oneof"`
 }
+
 type LogEntry_JsonPayload struct {
-	JsonPayload *_struct.Struct `protobuf:"bytes,6,opt,name=json_payload,json=jsonPayload,oneof"`
+	JsonPayload *_struct.Struct `protobuf:"bytes,6,opt,name=json_payload,json=jsonPayload,proto3,oneof"`
 }
 
 func (*LogEntry_ProtoPayload) isLogEntry_Payload() {}
-func (*LogEntry_TextPayload) isLogEntry_Payload()  {}
-func (*LogEntry_JsonPayload) isLogEntry_Payload()  {}
 
-func (m *LogEntry) GetPayload() isLogEntry_Payload {
-	if m != nil {
-		return m.Payload
-	}
-	return nil
-}
+func (*LogEntry_TextPayload) isLogEntry_Payload() {}
 
-func (m *LogEntry) GetLogName() string {
-	if m != nil {
-		return m.LogName
-	}
-	return ""
-}
+func (*LogEntry_JsonPayload) isLogEntry_Payload() {}
 
-func (m *LogEntry) GetResource() *monitoredres.MonitoredResource {
+func (m *LogEntry) GetPayload() isLogEntry_Payload {
 	if m != nil {
-		return m.Resource
+		return m.Payload
 	}
 	return nil
 }
@@ -237,6 +275,14 @@ func (m *LogEntry) GetLabels() map[string]string {
 	return nil
 }
 
+// Deprecated: Do not use.
+func (m *LogEntry) GetMetadata() *monitoredres.MonitoredResourceMetadata {
+	if m != nil {
+		return m.Metadata
+	}
+	return nil
+}
+
 func (m *LogEntry) GetOperation() *LogEntryOperation {
 	if m != nil {
 		return m.Operation
@@ -258,6 +304,13 @@ func (m *LogEntry) GetSpanId() string {
 	return ""
 }
 
+func (m *LogEntry) GetTraceSampled() bool {
+	if m != nil {
+		return m.TraceSampled
+	}
+	return false
+}
+
 func (m *LogEntry) GetSourceLocation() *LogEntrySourceLocation {
 	if m != nil {
 		return m.SourceLocation
@@ -265,109 +318,29 @@ func (m *LogEntry) GetSourceLocation() *LogEntrySourceLocation {
 	return nil
 }
 
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*LogEntry) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _LogEntry_OneofMarshaler, _LogEntry_OneofUnmarshaler, _LogEntry_OneofSizer, []interface{}{
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*LogEntry) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
 		(*LogEntry_ProtoPayload)(nil),
 		(*LogEntry_TextPayload)(nil),
 		(*LogEntry_JsonPayload)(nil),
 	}
 }
 
-func _LogEntry_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*LogEntry)
-	// payload
-	switch x := m.Payload.(type) {
-	case *LogEntry_ProtoPayload:
-		b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.ProtoPayload); err != nil {
-			return err
-		}
-	case *LogEntry_TextPayload:
-		b.EncodeVarint(3<<3 | proto.WireBytes)
-		b.EncodeStringBytes(x.TextPayload)
-	case *LogEntry_JsonPayload:
-		b.EncodeVarint(6<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.JsonPayload); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("LogEntry.Payload has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _LogEntry_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*LogEntry)
-	switch tag {
-	case 2: // payload.proto_payload
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(any.Any)
-		err := b.DecodeMessage(msg)
-		m.Payload = &LogEntry_ProtoPayload{msg}
-		return true, err
-	case 3: // payload.text_payload
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		x, err := b.DecodeStringBytes()
-		m.Payload = &LogEntry_TextPayload{x}
-		return true, err
-	case 6: // payload.json_payload
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(_struct.Struct)
-		err := b.DecodeMessage(msg)
-		m.Payload = &LogEntry_JsonPayload{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _LogEntry_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*LogEntry)
-	// payload
-	switch x := m.Payload.(type) {
-	case *LogEntry_ProtoPayload:
-		s := proto.Size(x.ProtoPayload)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *LogEntry_TextPayload:
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(len(x.TextPayload)))
-		n += len(x.TextPayload)
-	case *LogEntry_JsonPayload:
-		s := proto.Size(x.JsonPayload)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
 // Additional information about a potentially long-running operation with which
 // a log entry is associated.
 type LogEntryOperation struct {
-	// Optional. An arbitrary operation identifier. Log entries with the
-	// same identifier are assumed to be part of the same operation.
-	Id string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
-	// Optional. An arbitrary producer identifier. The combination of
-	// `id` and `producer` must be globally unique.  Examples for `producer`:
+	// Optional. An arbitrary operation identifier. Log entries with the same
+	// identifier are assumed to be part of the same operation.
+	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	// Optional. An arbitrary producer identifier. The combination of `id` and
+	// `producer` must be globally unique. Examples for `producer`:
 	// `"MyDivision.MyBigCompany.com"`, `"github.com/MyProject/MyApplication"`.
-	Producer string `protobuf:"bytes,2,opt,name=producer" json:"producer,omitempty"`
+	Producer string `protobuf:"bytes,2,opt,name=producer,proto3" json:"producer,omitempty"`
 	// Optional. Set this to True if this is the first log entry in the operation.
-	First bool `protobuf:"varint,3,opt,name=first" json:"first,omitempty"`
+	First bool `protobuf:"varint,3,opt,name=first,proto3" json:"first,omitempty"`
 	// Optional. Set this to True if this is the last log entry in the operation.
-	Last                 bool     `protobuf:"varint,4,opt,name=last" json:"last,omitempty"`
+	Last                 bool     `protobuf:"varint,4,opt,name=last,proto3" json:"last,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -377,16 +350,17 @@ func (m *LogEntryOperation) Reset()         { *m = LogEntryOperation{} }
 func (m *LogEntryOperation) String() string { return proto.CompactTextString(m) }
 func (*LogEntryOperation) ProtoMessage()    {}
 func (*LogEntryOperation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_entry_186c4d608b380092, []int{1}
+	return fileDescriptor_8ba2017251165146, []int{1}
 }
+
 func (m *LogEntryOperation) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_LogEntryOperation.Unmarshal(m, b)
 }
 func (m *LogEntryOperation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_LogEntryOperation.Marshal(b, m, deterministic)
 }
-func (dst *LogEntryOperation) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogEntryOperation.Merge(dst, src)
+func (m *LogEntryOperation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogEntryOperation.Merge(m, src)
 }
 func (m *LogEntryOperation) XXX_Size() int {
 	return xxx_messageInfo_LogEntryOperation.Size(m)
@@ -430,17 +404,17 @@ func (m *LogEntryOperation) GetLast() bool {
 type LogEntrySourceLocation struct {
 	// Optional. Source file name. Depending on the runtime environment, this
 	// might be a simple name or a fully-qualified name.
-	File string `protobuf:"bytes,1,opt,name=file" json:"file,omitempty"`
+	File string `protobuf:"bytes,1,opt,name=file,proto3" json:"file,omitempty"`
 	// Optional. Line within the source file. 1-based; 0 indicates no line number
 	// available.
-	Line int64 `protobuf:"varint,2,opt,name=line" json:"line,omitempty"`
+	Line int64 `protobuf:"varint,2,opt,name=line,proto3" json:"line,omitempty"`
 	// Optional. Human-readable name of the function or method being invoked, with
 	// optional context such as the class or package name. This information may be
 	// used in contexts such as the logs viewer, where a file and line number are
 	// less meaningful. The format can vary by language. For example:
 	// `qual.if.ied.Class.method` (Java), `dir/package.func` (Go), `function`
 	// (Python).
-	Function             string   `protobuf:"bytes,3,opt,name=function" json:"function,omitempty"`
+	Function             string   `protobuf:"bytes,3,opt,name=function,proto3" json:"function,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -450,16 +424,17 @@ func (m *LogEntrySourceLocation) Reset()         { *m = LogEntrySourceLocation{}
 func (m *LogEntrySourceLocation) String() string { return proto.CompactTextString(m) }
 func (*LogEntrySourceLocation) ProtoMessage()    {}
 func (*LogEntrySourceLocation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_entry_186c4d608b380092, []int{2}
+	return fileDescriptor_8ba2017251165146, []int{2}
 }
+
 func (m *LogEntrySourceLocation) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_LogEntrySourceLocation.Unmarshal(m, b)
 }
 func (m *LogEntrySourceLocation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_LogEntrySourceLocation.Marshal(b, m, deterministic)
 }
-func (dst *LogEntrySourceLocation) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogEntrySourceLocation.Merge(dst, src)
+func (m *LogEntrySourceLocation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogEntrySourceLocation.Merge(m, src)
 }
 func (m *LogEntrySourceLocation) XXX_Size() int {
 	return xxx_messageInfo_LogEntrySourceLocation.Size(m)
@@ -499,55 +474,65 @@ func init() {
 }
 
 func init() {
-	proto.RegisterFile("google/logging/v2/log_entry.proto", fileDescriptor_log_entry_186c4d608b380092)
-}
-
-var fileDescriptor_log_entry_186c4d608b380092 = []byte{
-	// 729 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xcd, 0x6e, 0xdb, 0x46,
-	0x10, 0x36, 0x25, 0x57, 0xa2, 0x56, 0xf2, 0xdf, 0xc2, 0xb5, 0x68, 0xd9, 0x45, 0x55, 0xbb, 0x68,
-	0xd5, 0x0b, 0x05, 0xa8, 0x17, 0xbb, 0x36, 0x50, 0x54, 0x46, 0x61, 0x1b, 0x50, 0x5b, 0x63, 0x5d,
-	0xf8, 0x10, 0x08, 0x10, 0xd6, 0xe4, 0x8a, 0xde, 0x84, 0xda, 0x65, 0x96, 0x4b, 0x21, 0x7a, 0x94,
-	0xbc, 0x42, 0x1e, 0x25, 0x6f, 0x93, 0x5b, 0x8e, 0xc1, 0x0e, 0x97, 0x92, 0x22, 0x19, 0xce, 0x6d,
-	0x66, 0xe7, 0xfb, 0xe6, 0x9b, 0x19, 0xce, 0x10, 0xfd, 0x14, 0x49, 0x19, 0xc5, 0xac, 0x1b, 0xcb,
-	0x28, 0xe2, 0x22, 0xea, 0x4e, 0x7b, 0xc6, 0x1c, 0x31, 0xa1, 0xd5, 0xcc, 0x4f, 0x94, 0xd4, 0x12,
-	0xef, 0xe5, 0x10, 0xdf, 0x42, 0xfc, 0x69, 0xaf, 0x75, 0x6c, 0x59, 0x34, 0xe1, 0x5d, 0x2a, 0x84,
-	0xd4, 0x54, 0x73, 0x29, 0xd2, 0x9c, 0xd0, 0x3a, 0x5d, 0x8a, 0x4e, 0xa4, 0xe0, 0x5a, 0x2a, 0x16,
-	0x8e, 0x14, 0x4b, 0x65, 0xa6, 0x02, 0x66, 0x41, 0xbf, 0xac, 0x08, 0xeb, 0x59, 0xc2, 0xba, 0x4f,
-	0x5a, 0x27, 0x23, 0xc5, 0xde, 0x66, 0x2c, 0xd5, 0x2f, 0xe1, 0x4c, 0x89, 0x29, 0x9b, 0x32, 0xc5,
-	0xb5, 0xad, 0xb2, 0x75, 0x68, 0x71, 0xe0, 0x3d, 0x66, 0xe3, 0x2e, 0x15, 0x45, 0xe8, 0x78, 0x35,
-	0x94, 0x6a, 0x95, 0x05, 0x85, 0xc0, 0x8f, 0xab, 0x51, 0xcd, 0x27, 0x2c, 0xd5, 0x74, 0x92, 0xe4,
-	0x80, 0x93, 0x4f, 0x15, 0xe4, 0x0e, 0x64, 0xf4, 0xb7, 0x19, 0x09, 0x3e, 0x44, 0xae, 0x11, 0x17,
-	0x74, 0xc2, 0xbc, 0x46, 0xdb, 0xe9, 0xd4, 0x48, 0x35, 0x96, 0xd1, 0xbf, 0x74, 0xc2, 0xf0, 0x39,
-	0x72, 0x8b, 0x1e, 0x3d, 0xb7, 0xed, 0x74, 0xea, 0xbd, 0x1f, 0x7c, 0x3b, 0x3a, 0x9a, 0x70, 0xff,
-	0x9f, 0x62, 0x12, 0xc4, 0x82, 0xc8, 0x1c, 0x8e, 0x2f, 0xd0, 0x16, 0x68, 0x8d, 0x12, 0x3a, 0x8b,
-	0x25, 0x0d, 0xbd, 0x12, 0xf0, 0xf7, 0x0b, 0x7e, 0x51, 0x9b, 0xff, 0x97, 0x98, 0xdd, 0x6c, 0x90,
-	0x06, 0xf8, 0x77, 0x39, 0x16, 0x9f, 0xa2, 0x86, 0x66, 0xef, 0xf4, 0x9c, 0x5b, 0x36, 0x65, 0xdd,
-	0x6c, 0x90, 0xba, 0x79, 0x2d, 0x40, 0x97, 0xa8, 0xf1, 0x3a, 0x95, 0x62, 0x0e, 0xaa, 0x80, 0x40,
-	0x73, 0x4d, 0xe0, 0x1e, 0x46, 0x63, 0xd8, 0x06, 0x5e, 0xb0, 0xcf, 0x50, 0x6d, 0x3e, 0x15, 0xaf,
-	0x06, 0xd4, 0xd6, 0x1a, 0xf5, 0xff, 0x02, 0x41, 0x16, 0x60, 0x7c, 0x8d, 0xf6, 0x14, 0x0b, 0x18,
-	0x9f, 0xb2, 0xd1, 0x22, 0x83, 0xf7, 0xcd, 0x0c, 0xbb, 0x96, 0x34, 0x7f, 0xc1, 0x97, 0xc8, 0x2d,
-	0xbe, 0xb8, 0x87, 0xda, 0x4e, 0x67, 0xbb, 0xd7, 0xf6, 0x57, 0x16, 0xd3, 0xac, 0x86, 0x3f, 0x90,
-	0xd1, 0xbd, 0xc5, 0x91, 0x39, 0x03, 0x1f, 0xa1, 0x1a, 0x17, 0x29, 0x53, 0x7a, 0xc4, 0x43, 0x6f,
-	0x13, 0xbe, 0x9b, 0x9b, 0x3f, 0xdc, 0x86, 0xf8, 0x0a, 0x35, 0x96, 0x17, 0xcf, 0xab, 0x42, 0x79,
-	0xcf, 0xa7, 0xbf, 0xd1, 0x3a, 0x21, 0x39, 0x8e, 0xd4, 0x9f, 0x16, 0x0e, 0xfe, 0x13, 0x55, 0x62,
-	0xfa, 0xc8, 0xe2, 0xd4, 0xab, 0xb7, 0xcb, 0x9d, 0x7a, 0xef, 0x57, 0x7f, 0xed, 0x6c, 0xfc, 0x62,
-	0x8b, 0xfc, 0x01, 0x20, 0xc1, 0x26, 0x96, 0x86, 0xfb, 0xa8, 0x26, 0x13, 0xa6, 0xe0, 0x92, 0xbc,
-	0x1d, 0x28, 0xe1, 0xe7, 0x17, 0x72, 0xfc, 0x57, 0x60, 0xc9, 0x82, 0x86, 0xf7, 0xd1, 0x77, 0x5a,
-	0xd1, 0x80, 0x79, 0x07, 0xd0, 0x62, 0xee, 0xe0, 0x26, 0xaa, 0xa6, 0x09, 0x15, 0xa6, 0xf5, 0x23,
-	0x78, 0xaf, 0x18, 0xf7, 0x36, 0xc4, 0x04, 0xed, 0xe4, 0x0b, 0x38, 0x8a, 0x65, 0x90, 0x0b, 0x37,
-	0x41, 0xf8, 0xb7, 0x17, 0x84, 0xef, 0x81, 0x31, 0xb0, 0x04, 0xb2, 0x9d, 0x7e, 0xe5, 0xb7, 0xce,
-	0x51, 0x7d, 0xa9, 0x3b, 0xbc, 0x8b, 0xca, 0x6f, 0xd8, 0xcc, 0x73, 0x40, 0xd7, 0x98, 0xa6, 0xc6,
-	0x29, 0x8d, 0x33, 0x06, 0x3b, 0x5e, 0x23, 0xb9, 0xf3, 0x47, 0xe9, 0xcc, 0xe9, 0xd7, 0x50, 0xd5,
-	0xae, 0xe7, 0x09, 0x47, 0x7b, 0x6b, 0x8d, 0xe2, 0x6d, 0x54, 0xe2, 0xa1, 0x4d, 0x55, 0xe2, 0x21,
-	0x6e, 0x21, 0x37, 0x51, 0x32, 0xcc, 0x02, 0xa6, 0x6c, 0xb2, 0xb9, 0x6f, 0x54, 0xc6, 0x5c, 0xa5,
-	0x1a, 0xae, 0xc1, 0x25, 0xb9, 0x83, 0x31, 0xda, 0x8c, 0x69, 0xaa, 0x61, 0x03, 0x5c, 0x02, 0xf6,
-	0xc9, 0x10, 0x1d, 0x3c, 0xdf, 0x9a, 0x41, 0x8f, 0x79, 0xcc, 0xac, 0x22, 0xd8, 0x90, 0x81, 0x8b,
-	0xbc, 0xf8, 0x32, 0x01, 0xdb, 0xd4, 0x31, 0xce, 0x44, 0x00, 0xf3, 0x2b, 0xe7, 0x75, 0x14, 0x7e,
-	0xff, 0xbd, 0x83, 0xbe, 0x0f, 0xe4, 0x64, 0x7d, 0x9e, 0xfd, 0xad, 0x42, 0xf5, 0x0e, 0x8e, 0xd9,
-	0x79, 0x75, 0x66, 0x31, 0x91, 0x8c, 0xa9, 0x88, 0x7c, 0xa9, 0xa2, 0x6e, 0xc4, 0x04, 0x1c, 0x47,
-	0x37, 0x0f, 0xd1, 0x84, 0xa7, 0x4b, 0x7f, 0xea, 0x0b, 0x6b, 0x7e, 0x76, 0x9c, 0x0f, 0xa5, 0xe6,
-	0x75, 0xce, 0xbe, 0x8a, 0x65, 0x16, 0x9a, 0x8f, 0x05, 0x3a, 0x0f, 0xbd, 0x8f, 0x45, 0x64, 0x08,
-	0x91, 0xa1, 0x8d, 0x0c, 0x1f, 0x7a, 0x8f, 0x15, 0xc8, 0xfd, 0xfb, 0x97, 0x00, 0x00, 0x00, 0xff,
-	0xff, 0x80, 0x53, 0xd3, 0xff, 0x04, 0x06, 0x00, 0x00,
+	proto.RegisterFile("google/logging/v2/log_entry.proto", fileDescriptor_8ba2017251165146)
+}
+
+var fileDescriptor_8ba2017251165146 = []byte{
+	// 885 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0xdd, 0x6e, 0xdb, 0x36,
+	0x14, 0xae, 0xec, 0x2e, 0x91, 0x69, 0x27, 0x6d, 0x88, 0xae, 0x56, 0x9c, 0x75, 0xf3, 0xd2, 0x6d,
+	0xf5, 0x80, 0x41, 0x02, 0xbc, 0x9b, 0xf4, 0x07, 0x18, 0xe2, 0xa2, 0x68, 0x0a, 0xb8, 0x5b, 0xc1,
+	0x0c, 0xbd, 0x18, 0x02, 0x08, 0x8c, 0x44, 0xab, 0xec, 0x24, 0x52, 0x23, 0x29, 0x63, 0x5e, 0xd0,
+	0x07, 0xd9, 0xc5, 0x5e, 0x60, 0x6f, 0xb0, 0x8b, 0xbd, 0xc0, 0x1e, 0x65, 0x4f, 0xb0, 0xcb, 0x81,
+	0x3f, 0x92, 0x1d, 0xbb, 0x70, 0xef, 0xce, 0xcf, 0xf7, 0x9d, 0xf3, 0xe9, 0xf0, 0x90, 0x02, 0x9f,
+	0x67, 0x9c, 0x67, 0x39, 0x89, 0x72, 0x9e, 0x65, 0x94, 0x65, 0xd1, 0x7c, 0xac, 0xcd, 0x98, 0x30,
+	0x25, 0x16, 0x61, 0x29, 0xb8, 0xe2, 0xf0, 0xc0, 0x42, 0x42, 0x07, 0x09, 0xe7, 0xe3, 0xc1, 0x7d,
+	0xc7, 0xc2, 0x25, 0x8d, 0x0a, 0xce, 0xa8, 0xe2, 0x82, 0xa4, 0xb1, 0x20, 0x92, 0x57, 0x22, 0x21,
+	0x96, 0x37, 0x38, 0x5c, 0x01, 0xad, 0xa5, 0xbe, 0x5a, 0xeb, 0xaa, 0x16, 0x25, 0x89, 0xde, 0x28,
+	0x55, 0xc6, 0x82, 0xfc, 0x52, 0x11, 0xa9, 0xb6, 0xe1, 0xb4, 0x3e, 0x49, 0xe6, 0x44, 0x50, 0xb5,
+	0x58, 0x6b, 0x65, 0xbc, 0xcb, 0x6a, 0x16, 0x61, 0x56, 0xa7, 0x3e, 0x59, 0x4f, 0x49, 0x25, 0xaa,
+	0xa4, 0x6e, 0xf0, 0xd9, 0x7a, 0x56, 0xd1, 0x82, 0x48, 0x85, 0x8b, 0xd2, 0x01, 0xfa, 0x0e, 0x20,
+	0xca, 0x24, 0x92, 0x0a, 0xab, 0x4a, 0xae, 0xd5, 0xd5, 0x5f, 0x87, 0x19, 0xe3, 0x0a, 0x2b, 0xca,
+	0x99, 0xcb, 0x1e, 0xff, 0xd1, 0x01, 0xfe, 0x94, 0x67, 0xcf, 0xf4, 0x18, 0xe1, 0x21, 0xf0, 0xb5,
+	0x66, 0x86, 0x0b, 0x12, 0xf4, 0x86, 0xde, 0xa8, 0x83, 0x76, 0x73, 0x9e, 0x7d, 0x8f, 0x0b, 0x02,
+	0x1f, 0x02, 0xbf, 0x1e, 0x4d, 0xe0, 0x0f, 0xbd, 0x51, 0x77, 0x7c, 0x2f, 0x74, 0xe3, 0xc6, 0x25,
+	0x0d, 0x5f, 0xd6, 0xb3, 0x45, 0x0e, 0x84, 0x1a, 0x38, 0x7c, 0x0c, 0xf6, 0x4c, 0xaf, 0xb8, 0xc4,
+	0x8b, 0x9c, 0xe3, 0x34, 0x68, 0x19, 0xfe, 0x9d, 0x9a, 0x5f, 0x7f, 0x52, 0x78, 0xca, 0x16, 0x67,
+	0x37, 0x50, 0xcf, 0xf8, 0xaf, 0x2c, 0x16, 0xde, 0x07, 0x3d, 0x45, 0x7e, 0x55, 0x0d, 0xb7, 0xad,
+	0x65, 0x9d, 0xdd, 0x40, 0x5d, 0x1d, 0xad, 0x41, 0x4f, 0x40, 0xef, 0xad, 0xe4, 0xac, 0x01, 0xed,
+	0x98, 0x06, 0xfd, 0x8d, 0x06, 0xe7, 0x66, 0xa2, 0x9a, 0xad, 0xe1, 0x35, 0xfb, 0x04, 0x74, 0x9a,
+	0x61, 0x06, 0x1d, 0x43, 0x1d, 0x6c, 0x50, 0x7f, 0xac, 0x11, 0x68, 0x09, 0x86, 0xcf, 0xc1, 0x81,
+	0x20, 0x09, 0xa1, 0x73, 0x12, 0x2f, 0x2b, 0x04, 0x1f, 0xac, 0x70, 0xdb, 0x91, 0x9a, 0x08, 0x7c,
+	0x02, 0xfc, 0x7a, 0x51, 0x02, 0x30, 0xf4, 0x46, 0xfb, 0xe3, 0x61, 0xb8, 0xb6, 0xcc, 0x7a, 0xa3,
+	0xc2, 0x29, 0xcf, 0xce, 0x1d, 0x0e, 0x35, 0x0c, 0x78, 0x04, 0x3a, 0x94, 0x49, 0x22, 0x54, 0x4c,
+	0xd3, 0xe0, 0xa6, 0x39, 0x37, 0xdf, 0x06, 0x5e, 0xa4, 0xf0, 0x29, 0xe8, 0xad, 0xee, 0x6b, 0xb0,
+	0x6b, 0xe4, 0xbd, 0xbf, 0xfc, 0x99, 0x52, 0x25, 0xb2, 0x38, 0xd4, 0x7d, 0xb3, 0x74, 0xe0, 0x77,
+	0x60, 0x27, 0xc7, 0x97, 0x24, 0x97, 0x41, 0x77, 0xd8, 0x1e, 0x75, 0xc7, 0x0f, 0xc2, 0x8d, 0xab,
+	0x16, 0xd6, 0x5b, 0x14, 0x4e, 0x0d, 0xd2, 0xd8, 0xc8, 0xd1, 0xe0, 0x33, 0xe0, 0x17, 0x44, 0xe1,
+	0x14, 0x2b, 0x1c, 0x1c, 0x1a, 0x05, 0x5f, 0x6e, 0x5d, 0x9f, 0x97, 0x0e, 0x3c, 0x69, 0x05, 0x1e,
+	0x6a, 0xa8, 0x70, 0x02, 0x3a, 0xbc, 0x24, 0xc2, 0x6c, 0x70, 0x70, 0xcb, 0xd4, 0xf9, 0x62, 0x8b,
+	0x94, 0x1f, 0x6a, 0x2c, 0x5a, 0xd2, 0xe0, 0x1d, 0xf0, 0x91, 0x12, 0x38, 0x21, 0xc1, 0x5d, 0x33,
+	0x29, 0xeb, 0xc0, 0x3e, 0xd8, 0x95, 0x25, 0x66, 0x7a, 0x82, 0x47, 0x26, 0xbe, 0xa3, 0xdd, 0x17,
+	0x7a, 0x01, 0xf7, 0x0c, 0x22, 0x96, 0xb8, 0x28, 0x73, 0x92, 0x06, 0x9f, 0x0e, 0xbd, 0x91, 0x8f,
+	0x7a, 0x26, 0x78, 0x6e, 0x63, 0x10, 0x81, 0x5b, 0x56, 0x77, 0x9c, 0xf3, 0xc4, 0xaa, 0xeb, 0x1b,
+	0x75, 0x5f, 0x6f, 0x51, 0x77, 0x6e, 0x18, 0x53, 0x47, 0x40, 0xfb, 0xf2, 0x9a, 0x3f, 0x78, 0x08,
+	0xba, 0x2b, 0x93, 0x84, 0xb7, 0x41, 0xfb, 0x67, 0xb2, 0x08, 0x3c, 0x23, 0x4e, 0x9b, 0xfa, 0x43,
+	0xe6, 0x38, 0xaf, 0x88, 0xb9, 0x4f, 0x1d, 0x64, 0x9d, 0x47, 0xad, 0x13, 0xef, 0xd1, 0xdf, 0xde,
+	0xbf, 0xa7, 0x7f, 0x79, 0x60, 0x50, 0x37, 0xb5, 0x1a, 0x70, 0x49, 0x65, 0x98, 0xf0, 0x22, 0x9a,
+	0xf2, 0x0c, 0xde, 0x2b, 0x05, 0x7f, 0x4b, 0x12, 0x25, 0xa3, 0x2b, 0x67, 0xbd, 0xd3, 0xef, 0x95,
+	0x8c, 0xae, 0x72, 0x9e, 0xbd, 0x83, 0x0f, 0xb8, 0xc8, 0x30, 0xa3, 0xbf, 0xd9, 0xb7, 0x22, 0xba,
+	0x5a, 0x75, 0xaf, 0x01, 0x8f, 0x66, 0x3c, 0x4f, 0x89, 0x90, 0xd1, 0x95, 0x35, 0xae, 0x25, 0xbf,
+	0xb9, 0xa4, 0x79, 0x4e, 0x59, 0x76, 0x9a, 0x24, 0xbc, 0x62, 0xba, 0x97, 0x0b, 0xc4, 0xd8, 0x46,
+	0x56, 0xd1, 0x83, 0xe6, 0xed, 0x99, 0x74, 0xc0, 0xae, 0xbb, 0xca, 0xc7, 0x14, 0x1c, 0x6c, 0x9c,
+	0x26, 0xdc, 0x07, 0x2d, 0x9a, 0xba, 0x51, 0xb4, 0x68, 0x0a, 0x07, 0xc0, 0x2f, 0x05, 0x4f, 0xab,
+	0x84, 0x08, 0x37, 0x8c, 0xc6, 0xd7, 0x53, 0x9a, 0x51, 0x21, 0x95, 0x79, 0x39, 0x7c, 0x64, 0x1d,
+	0x08, 0xc1, 0xcd, 0x1c, 0x4b, 0x65, 0x6e, 0x8b, 0x8f, 0x8c, 0x7d, 0x7c, 0x01, 0xee, 0xbe, 0xff,
+	0x68, 0x34, 0x7a, 0x46, 0x73, 0xe2, 0x3a, 0x1a, 0xdb, 0x54, 0xa0, 0xcc, 0x0e, 0xbf, 0x8d, 0x8c,
+	0xad, 0x75, 0xcc, 0x2a, 0x96, 0x98, 0xf3, 0x6f, 0x5b, 0x1d, 0xb5, 0x3f, 0xf9, 0xdd, 0x03, 0x1f,
+	0x27, 0xbc, 0xd8, 0xdc, 0x87, 0xc9, 0x5e, 0xdd, 0xf5, 0x95, 0x79, 0xf8, 0xbc, 0x9f, 0x4e, 0x1c,
+	0x26, 0xe3, 0x39, 0x66, 0x59, 0xc8, 0x45, 0x16, 0x65, 0x84, 0x99, 0x87, 0x24, 0x5a, 0x1e, 0xe5,
+	0xca, 0x9f, 0xf0, 0xb1, 0x33, 0xff, 0xf3, 0xbc, 0x3f, 0x5b, 0xfd, 0xe7, 0x96, 0xfd, 0x34, 0xe7,
+	0x55, 0xaa, 0x97, 0xcd, 0xf4, 0x79, 0x3d, 0xfe, 0xa7, 0xce, 0x5c, 0x98, 0xcc, 0x85, 0xcb, 0x5c,
+	0xbc, 0x1e, 0x5f, 0xee, 0x98, 0xda, 0xdf, 0xfe, 0x1f, 0x00, 0x00, 0xff, 0xff, 0x01, 0xe7, 0x02,
+	0x55, 0x64, 0x07, 0x00, 0x00,
 }
diff --git a/vendor/google.golang.org/genproto/googleapis/logging/v2/logging.pb.go b/vendor/google.golang.org/genproto/googleapis/logging/v2/logging.pb.go
index a94f1f8de3e87..2b0d3dfe502dc 100644
--- a/vendor/google.golang.org/genproto/googleapis/logging/v2/logging.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/logging/v2/logging.pb.go
@@ -1,21 +1,23 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/logging/v2/logging.proto
 
-package logging // import "google.golang.org/genproto/googleapis/logging/v2"
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import _ "github.com/golang/protobuf/ptypes/duration"
-import empty "github.com/golang/protobuf/ptypes/empty"
-import _ "github.com/golang/protobuf/ptypes/timestamp"
-import _ "google.golang.org/genproto/googleapis/api/annotations"
-import monitoredres "google.golang.org/genproto/googleapis/api/monitoredres"
-import status "google.golang.org/genproto/googleapis/rpc/status"
+package logging
 
 import (
-	context "golang.org/x/net/context"
+	context "context"
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	_ "github.com/golang/protobuf/ptypes/duration"
+	empty "github.com/golang/protobuf/ptypes/empty"
+	_ "github.com/golang/protobuf/ptypes/timestamp"
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	monitoredres "google.golang.org/genproto/googleapis/api/monitoredres"
+	status "google.golang.org/genproto/googleapis/rpc/status"
 	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status1 "google.golang.org/grpc/status"
 )
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -27,7 +29,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // The parameters to DeleteLog.
 type DeleteLogRequest struct {
@@ -43,7 +45,7 @@ type DeleteLogRequest struct {
 	// `"organizations/1234567890/logs/cloudresourcemanager.googleapis.com%2Factivity"`.
 	// For more information about log names, see
 	// [LogEntry][google.logging.v2.LogEntry].
-	LogName              string   `protobuf:"bytes,1,opt,name=log_name,json=logName" json:"log_name,omitempty"`
+	LogName              string   `protobuf:"bytes,1,opt,name=log_name,json=logName,proto3" json:"log_name,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -53,16 +55,17 @@ func (m *DeleteLogRequest) Reset()         { *m = DeleteLogRequest{} }
 func (m *DeleteLogRequest) String() string { return proto.CompactTextString(m) }
 func (*DeleteLogRequest) ProtoMessage()    {}
 func (*DeleteLogRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{0}
+	return fileDescriptor_6a8ba408154557e4, []int{0}
 }
+
 func (m *DeleteLogRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DeleteLogRequest.Unmarshal(m, b)
 }
 func (m *DeleteLogRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DeleteLogRequest.Marshal(b, m, deterministic)
 }
-func (dst *DeleteLogRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DeleteLogRequest.Merge(dst, src)
+func (m *DeleteLogRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteLogRequest.Merge(m, src)
 }
 func (m *DeleteLogRequest) XXX_Size() int {
 	return xxx_messageInfo_DeleteLogRequest.Size(m)
@@ -90,12 +93,16 @@ type WriteLogEntriesRequest struct {
 	//     "billingAccounts/[BILLING_ACCOUNT_ID]/logs/[LOG_ID]"
 	//     "folders/[FOLDER_ID]/logs/[LOG_ID]"
 	//
-	// `[LOG_ID]` must be URL-encoded. For example,
-	// `"projects/my-project-id/logs/syslog"` or
-	// `"organizations/1234567890/logs/cloudresourcemanager.googleapis.com%2Factivity"`.
-	// For more information about log names, see
-	// [LogEntry][google.logging.v2.LogEntry].
-	LogName string `protobuf:"bytes,1,opt,name=log_name,json=logName" json:"log_name,omitempty"`
+	// `[LOG_ID]` must be URL-encoded. For example:
+	//
+	//     "projects/my-project-id/logs/syslog"
+	//     "organizations/1234567890/logs/cloudresourcemanager.googleapis.com%2Factivity"
+	//
+	// The permission <code>logging.logEntries.create</code> is needed on each
+	// project, organization, billing account, or folder that is receiving
+	// new log entries, whether the resource is specified in
+	// <code>logName</code> or in an individual log entry.
+	LogName string `protobuf:"bytes,1,opt,name=log_name,json=logName,proto3" json:"log_name,omitempty"`
 	// Optional. A default monitored resource object that is assigned to all log
 	// entries in `entries` that do not specify a value for `resource`. Example:
 	//
@@ -104,17 +111,18 @@ type WriteLogEntriesRequest struct {
 	//         "zone": "us-central1-a", "instance_id": "00000000000000000000" }}
 	//
 	// See [LogEntry][google.logging.v2.LogEntry].
-	Resource *monitoredres.MonitoredResource `protobuf:"bytes,2,opt,name=resource" json:"resource,omitempty"`
+	Resource *monitoredres.MonitoredResource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
 	// Optional. Default labels that are added to the `labels` field of all log
 	// entries in `entries`. If a log entry already has a label with the same key
 	// as a label in this parameter, then the log entry's label is not changed.
 	// See [LogEntry][google.logging.v2.LogEntry].
-	Labels map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
-	// Required. The log entries to send to Stackdriver Logging. The order of log
+	Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// Required. The log entries to send to Logging. The order of log
 	// entries in this list does not matter. Values supplied in this method's
 	// `log_name`, `resource`, and `labels` fields are copied into those log
 	// entries in this list that do not include values for their corresponding
-	// fields. For more information, see the [LogEntry][google.logging.v2.LogEntry] type.
+	// fields. For more information, see the
+	// [LogEntry][google.logging.v2.LogEntry] type.
 	//
 	// If the `timestamp` or `insert_id` fields are missing in log entries, then
 	// this method supplies the current time or a unique identifier, respectively.
@@ -124,20 +132,25 @@ type WriteLogEntriesRequest struct {
 	//
 	// Log entries with timestamps that are more than the
 	// [logs retention period](/logging/quota-policy) in the past or more than
-	// 24 hours in the future might be discarded. Discarding does not return
-	// an error.
+	// 24 hours in the future will not be available when calling `entries.list`.
+	// However, those log entries can still be
+	// [exported with LogSinks](/logging/docs/api/tasks/exporting-logs).
 	//
 	// To improve throughput and to avoid exceeding the
 	// [quota limit](/logging/quota-policy) for calls to `entries.write`,
 	// you should try to include several log entries in this list,
 	// rather than calling this method for each individual log entry.
-	Entries []*LogEntry `protobuf:"bytes,4,rep,name=entries" json:"entries,omitempty"`
+	Entries []*LogEntry `protobuf:"bytes,4,rep,name=entries,proto3" json:"entries,omitempty"`
 	// Optional. Whether valid entries should be written even if some other
 	// entries fail due to INVALID_ARGUMENT or PERMISSION_DENIED errors. If any
 	// entry is not written, then the response status is the error associated
 	// with one of the failed entries and the response includes error details
 	// keyed by the entries' zero-based index in the `entries.write` method.
-	PartialSuccess       bool     `protobuf:"varint,5,opt,name=partial_success,json=partialSuccess" json:"partial_success,omitempty"`
+	PartialSuccess bool `protobuf:"varint,5,opt,name=partial_success,json=partialSuccess,proto3" json:"partial_success,omitempty"`
+	// Optional. If true, the request should expect normal response, but the
+	// entries won't be persisted nor exported. Useful for checking whether the
+	// logging API endpoints are working properly before sending valuable data.
+	DryRun               bool     `protobuf:"varint,6,opt,name=dry_run,json=dryRun,proto3" json:"dry_run,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -147,16 +160,17 @@ func (m *WriteLogEntriesRequest) Reset()         { *m = WriteLogEntriesRequest{}
 func (m *WriteLogEntriesRequest) String() string { return proto.CompactTextString(m) }
 func (*WriteLogEntriesRequest) ProtoMessage()    {}
 func (*WriteLogEntriesRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{1}
+	return fileDescriptor_6a8ba408154557e4, []int{1}
 }
+
 func (m *WriteLogEntriesRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_WriteLogEntriesRequest.Unmarshal(m, b)
 }
 func (m *WriteLogEntriesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_WriteLogEntriesRequest.Marshal(b, m, deterministic)
 }
-func (dst *WriteLogEntriesRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_WriteLogEntriesRequest.Merge(dst, src)
+func (m *WriteLogEntriesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WriteLogEntriesRequest.Merge(m, src)
 }
 func (m *WriteLogEntriesRequest) XXX_Size() int {
 	return xxx_messageInfo_WriteLogEntriesRequest.Size(m)
@@ -202,6 +216,13 @@ func (m *WriteLogEntriesRequest) GetPartialSuccess() bool {
 	return false
 }
 
+func (m *WriteLogEntriesRequest) GetDryRun() bool {
+	if m != nil {
+		return m.DryRun
+	}
+	return false
+}
+
 // Result returned from WriteLogEntries.
 // empty
 type WriteLogEntriesResponse struct {
@@ -214,16 +235,17 @@ func (m *WriteLogEntriesResponse) Reset()         { *m = WriteLogEntriesResponse
 func (m *WriteLogEntriesResponse) String() string { return proto.CompactTextString(m) }
 func (*WriteLogEntriesResponse) ProtoMessage()    {}
 func (*WriteLogEntriesResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{2}
+	return fileDescriptor_6a8ba408154557e4, []int{2}
 }
+
 func (m *WriteLogEntriesResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_WriteLogEntriesResponse.Unmarshal(m, b)
 }
 func (m *WriteLogEntriesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_WriteLogEntriesResponse.Marshal(b, m, deterministic)
 }
-func (dst *WriteLogEntriesResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_WriteLogEntriesResponse.Merge(dst, src)
+func (m *WriteLogEntriesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WriteLogEntriesResponse.Merge(m, src)
 }
 func (m *WriteLogEntriesResponse) XXX_Size() int {
 	return xxx_messageInfo_WriteLogEntriesResponse.Size(m)
@@ -242,7 +264,7 @@ type WriteLogEntriesPartialErrors struct {
 	//
 	// Failed requests for which no entries are written will not include
 	// per-entry errors.
-	LogEntryErrors       map[int32]*status.Status `protobuf:"bytes,1,rep,name=log_entry_errors,json=logEntryErrors" json:"log_entry_errors,omitempty" protobuf_key:"varint,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
+	LogEntryErrors       map[int32]*status.Status `protobuf:"bytes,1,rep,name=log_entry_errors,json=logEntryErrors,proto3" json:"log_entry_errors,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
 	XXX_unrecognized     []byte                   `json:"-"`
 	XXX_sizecache        int32                    `json:"-"`
@@ -252,16 +274,17 @@ func (m *WriteLogEntriesPartialErrors) Reset()         { *m = WriteLogEntriesPar
 func (m *WriteLogEntriesPartialErrors) String() string { return proto.CompactTextString(m) }
 func (*WriteLogEntriesPartialErrors) ProtoMessage()    {}
 func (*WriteLogEntriesPartialErrors) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{3}
+	return fileDescriptor_6a8ba408154557e4, []int{3}
 }
+
 func (m *WriteLogEntriesPartialErrors) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_WriteLogEntriesPartialErrors.Unmarshal(m, b)
 }
 func (m *WriteLogEntriesPartialErrors) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_WriteLogEntriesPartialErrors.Marshal(b, m, deterministic)
 }
-func (dst *WriteLogEntriesPartialErrors) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_WriteLogEntriesPartialErrors.Merge(dst, src)
+func (m *WriteLogEntriesPartialErrors) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WriteLogEntriesPartialErrors.Merge(m, src)
 }
 func (m *WriteLogEntriesPartialErrors) XXX_Size() int {
 	return xxx_messageInfo_WriteLogEntriesPartialErrors.Size(m)
@@ -283,10 +306,8 @@ func (m *WriteLogEntriesPartialErrors) GetLogEntryErrors() map[int32]*status.Sta
 type ListLogEntriesRequest struct {
 	// Deprecated. Use `resource_names` instead.  One or more project identifiers
 	// or project numbers from which to retrieve log entries.  Example:
-	// `"my-project-1A"`. If present, these project identifiers are converted to
-	// resource name format and added to the list of resources in
-	// `resource_names`.
-	ProjectIds []string `protobuf:"bytes,1,rep,name=project_ids,json=projectIds" json:"project_ids,omitempty"`
+	// `"my-project-1A"`.
+	ProjectIds []string `protobuf:"bytes,1,rep,name=project_ids,json=projectIds,proto3" json:"project_ids,omitempty"` // Deprecated: Do not use.
 	// Required. Names of one or more parent resources from which to
 	// retrieve log entries:
 	//
@@ -295,32 +316,33 @@ type ListLogEntriesRequest struct {
 	//     "billingAccounts/[BILLING_ACCOUNT_ID]"
 	//     "folders/[FOLDER_ID]"
 	//
+	//
 	// Projects listed in the `project_ids` field are added to this list.
-	ResourceNames []string `protobuf:"bytes,8,rep,name=resource_names,json=resourceNames" json:"resource_names,omitempty"`
+	ResourceNames []string `protobuf:"bytes,8,rep,name=resource_names,json=resourceNames,proto3" json:"resource_names,omitempty"`
 	// Optional. A filter that chooses which log entries to return.  See [Advanced
-	// Logs Filters](/logging/docs/view/advanced_filters).  Only log entries that
+	// Logs Queries](/logging/docs/view/advanced-queries).  Only log entries that
 	// match the filter are returned.  An empty filter matches all log entries in
 	// the resources listed in `resource_names`. Referencing a parent resource
 	// that is not listed in `resource_names` will cause the filter to return no
 	// results.
 	// The maximum length of the filter is 20000 characters.
-	Filter string `protobuf:"bytes,2,opt,name=filter" json:"filter,omitempty"`
+	Filter string `protobuf:"bytes,2,opt,name=filter,proto3" json:"filter,omitempty"`
 	// Optional. How the results should be sorted.  Presently, the only permitted
 	// values are `"timestamp asc"` (default) and `"timestamp desc"`. The first
 	// option returns entries in order of increasing values of
 	// `LogEntry.timestamp` (oldest first), and the second option returns entries
 	// in order of decreasing timestamps (newest first).  Entries with equal
 	// timestamps are returned in order of their `insert_id` values.
-	OrderBy string `protobuf:"bytes,3,opt,name=order_by,json=orderBy" json:"order_by,omitempty"`
+	OrderBy string `protobuf:"bytes,3,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
 	// Optional. The maximum number of results to return from this request.
 	// Non-positive values are ignored.  The presence of `next_page_token` in the
 	// response indicates that more results might be available.
-	PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize" json:"page_size,omitempty"`
+	PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
 	// Optional. If present, then retrieve the next batch of results from the
 	// preceding call to this method.  `page_token` must be the value of
 	// `next_page_token` from the previous response.  The values of other method
 	// parameters should be identical to those in the previous call.
-	PageToken            string   `protobuf:"bytes,5,opt,name=page_token,json=pageToken" json:"page_token,omitempty"`
+	PageToken            string   `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -330,16 +352,17 @@ func (m *ListLogEntriesRequest) Reset()         { *m = ListLogEntriesRequest{} }
 func (m *ListLogEntriesRequest) String() string { return proto.CompactTextString(m) }
 func (*ListLogEntriesRequest) ProtoMessage()    {}
 func (*ListLogEntriesRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{4}
+	return fileDescriptor_6a8ba408154557e4, []int{4}
 }
+
 func (m *ListLogEntriesRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListLogEntriesRequest.Unmarshal(m, b)
 }
 func (m *ListLogEntriesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListLogEntriesRequest.Marshal(b, m, deterministic)
 }
-func (dst *ListLogEntriesRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListLogEntriesRequest.Merge(dst, src)
+func (m *ListLogEntriesRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListLogEntriesRequest.Merge(m, src)
 }
 func (m *ListLogEntriesRequest) XXX_Size() int {
 	return xxx_messageInfo_ListLogEntriesRequest.Size(m)
@@ -350,6 +373,7 @@ func (m *ListLogEntriesRequest) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_ListLogEntriesRequest proto.InternalMessageInfo
 
+// Deprecated: Do not use.
 func (m *ListLogEntriesRequest) GetProjectIds() []string {
 	if m != nil {
 		return m.ProjectIds
@@ -397,7 +421,7 @@ type ListLogEntriesResponse struct {
 	// A list of log entries.  If `entries` is empty, `nextPageToken` may still be
 	// returned, indicating that more entries may exist.  See `nextPageToken` for
 	// more information.
-	Entries []*LogEntry `protobuf:"bytes,1,rep,name=entries" json:"entries,omitempty"`
+	Entries []*LogEntry `protobuf:"bytes,1,rep,name=entries,proto3" json:"entries,omitempty"`
 	// If there might be more results than those appearing in this response, then
 	// `nextPageToken` is included.  To get the next set of results, call this
 	// method again using the value of `nextPageToken` as `pageToken`.
@@ -408,7 +432,7 @@ type ListLogEntriesResponse struct {
 	// value for `page_token` to continue the search.  Alternatively, consider
 	// speeding up the search by changing your filter to specify a single log name
 	// or resource type, or to narrow the time range of the search.
-	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken" json:"next_page_token,omitempty"`
+	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -418,16 +442,17 @@ func (m *ListLogEntriesResponse) Reset()         { *m = ListLogEntriesResponse{}
 func (m *ListLogEntriesResponse) String() string { return proto.CompactTextString(m) }
 func (*ListLogEntriesResponse) ProtoMessage()    {}
 func (*ListLogEntriesResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{5}
+	return fileDescriptor_6a8ba408154557e4, []int{5}
 }
+
 func (m *ListLogEntriesResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListLogEntriesResponse.Unmarshal(m, b)
 }
 func (m *ListLogEntriesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListLogEntriesResponse.Marshal(b, m, deterministic)
 }
-func (dst *ListLogEntriesResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListLogEntriesResponse.Merge(dst, src)
+func (m *ListLogEntriesResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListLogEntriesResponse.Merge(m, src)
 }
 func (m *ListLogEntriesResponse) XXX_Size() int {
 	return xxx_messageInfo_ListLogEntriesResponse.Size(m)
@@ -457,12 +482,12 @@ type ListMonitoredResourceDescriptorsRequest struct {
 	// Optional. The maximum number of results to return from this request.
 	// Non-positive values are ignored.  The presence of `nextPageToken` in the
 	// response indicates that more results might be available.
-	PageSize int32 `protobuf:"varint,1,opt,name=page_size,json=pageSize" json:"page_size,omitempty"`
+	PageSize int32 `protobuf:"varint,1,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
 	// Optional. If present, then retrieve the next batch of results from the
 	// preceding call to this method.  `pageToken` must be the value of
 	// `nextPageToken` from the previous response.  The values of other method
 	// parameters should be identical to those in the previous call.
-	PageToken            string   `protobuf:"bytes,2,opt,name=page_token,json=pageToken" json:"page_token,omitempty"`
+	PageToken            string   `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -474,16 +499,17 @@ func (m *ListMonitoredResourceDescriptorsRequest) Reset() {
 func (m *ListMonitoredResourceDescriptorsRequest) String() string { return proto.CompactTextString(m) }
 func (*ListMonitoredResourceDescriptorsRequest) ProtoMessage()    {}
 func (*ListMonitoredResourceDescriptorsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{6}
+	return fileDescriptor_6a8ba408154557e4, []int{6}
 }
+
 func (m *ListMonitoredResourceDescriptorsRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListMonitoredResourceDescriptorsRequest.Unmarshal(m, b)
 }
 func (m *ListMonitoredResourceDescriptorsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListMonitoredResourceDescriptorsRequest.Marshal(b, m, deterministic)
 }
-func (dst *ListMonitoredResourceDescriptorsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListMonitoredResourceDescriptorsRequest.Merge(dst, src)
+func (m *ListMonitoredResourceDescriptorsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListMonitoredResourceDescriptorsRequest.Merge(m, src)
 }
 func (m *ListMonitoredResourceDescriptorsRequest) XXX_Size() int {
 	return xxx_messageInfo_ListMonitoredResourceDescriptorsRequest.Size(m)
@@ -511,11 +537,11 @@ func (m *ListMonitoredResourceDescriptorsRequest) GetPageToken() string {
 // Result returned from ListMonitoredResourceDescriptors.
 type ListMonitoredResourceDescriptorsResponse struct {
 	// A list of resource descriptors.
-	ResourceDescriptors []*monitoredres.MonitoredResourceDescriptor `protobuf:"bytes,1,rep,name=resource_descriptors,json=resourceDescriptors" json:"resource_descriptors,omitempty"`
+	ResourceDescriptors []*monitoredres.MonitoredResourceDescriptor `protobuf:"bytes,1,rep,name=resource_descriptors,json=resourceDescriptors,proto3" json:"resource_descriptors,omitempty"`
 	// If there might be more results than those appearing in this response, then
 	// `nextPageToken` is included.  To get the next set of results, call this
 	// method again using the value of `nextPageToken` as `pageToken`.
-	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken" json:"next_page_token,omitempty"`
+	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -527,16 +553,17 @@ func (m *ListMonitoredResourceDescriptorsResponse) Reset() {
 func (m *ListMonitoredResourceDescriptorsResponse) String() string { return proto.CompactTextString(m) }
 func (*ListMonitoredResourceDescriptorsResponse) ProtoMessage()    {}
 func (*ListMonitoredResourceDescriptorsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{7}
+	return fileDescriptor_6a8ba408154557e4, []int{7}
 }
+
 func (m *ListMonitoredResourceDescriptorsResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListMonitoredResourceDescriptorsResponse.Unmarshal(m, b)
 }
 func (m *ListMonitoredResourceDescriptorsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListMonitoredResourceDescriptorsResponse.Marshal(b, m, deterministic)
 }
-func (dst *ListMonitoredResourceDescriptorsResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListMonitoredResourceDescriptorsResponse.Merge(dst, src)
+func (m *ListMonitoredResourceDescriptorsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListMonitoredResourceDescriptorsResponse.Merge(m, src)
 }
 func (m *ListMonitoredResourceDescriptorsResponse) XXX_Size() int {
 	return xxx_messageInfo_ListMonitoredResourceDescriptorsResponse.Size(m)
@@ -569,16 +596,16 @@ type ListLogsRequest struct {
 	//     "organizations/[ORGANIZATION_ID]"
 	//     "billingAccounts/[BILLING_ACCOUNT_ID]"
 	//     "folders/[FOLDER_ID]"
-	Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"`
+	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
 	// Optional. The maximum number of results to return from this request.
 	// Non-positive values are ignored.  The presence of `nextPageToken` in the
 	// response indicates that more results might be available.
-	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize" json:"page_size,omitempty"`
+	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
 	// Optional. If present, then retrieve the next batch of results from the
 	// preceding call to this method.  `pageToken` must be the value of
 	// `nextPageToken` from the previous response.  The values of other method
 	// parameters should be identical to those in the previous call.
-	PageToken            string   `protobuf:"bytes,3,opt,name=page_token,json=pageToken" json:"page_token,omitempty"`
+	PageToken            string   `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -588,16 +615,17 @@ func (m *ListLogsRequest) Reset()         { *m = ListLogsRequest{} }
 func (m *ListLogsRequest) String() string { return proto.CompactTextString(m) }
 func (*ListLogsRequest) ProtoMessage()    {}
 func (*ListLogsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{8}
+	return fileDescriptor_6a8ba408154557e4, []int{8}
 }
+
 func (m *ListLogsRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListLogsRequest.Unmarshal(m, b)
 }
 func (m *ListLogsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListLogsRequest.Marshal(b, m, deterministic)
 }
-func (dst *ListLogsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListLogsRequest.Merge(dst, src)
+func (m *ListLogsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListLogsRequest.Merge(m, src)
 }
 func (m *ListLogsRequest) XXX_Size() int {
 	return xxx_messageInfo_ListLogsRequest.Size(m)
@@ -632,13 +660,13 @@ func (m *ListLogsRequest) GetPageToken() string {
 // Result returned from ListLogs.
 type ListLogsResponse struct {
 	// A list of log names. For example,
-	// `"projects/my-project/syslog"` or
-	// `"organizations/123/cloudresourcemanager.googleapis.com%2Factivity"`.
-	LogNames []string `protobuf:"bytes,3,rep,name=log_names,json=logNames" json:"log_names,omitempty"`
+	// `"projects/my-project/logs/syslog"` or
+	// `"organizations/123/logs/cloudresourcemanager.googleapis.com%2Factivity"`.
+	LogNames []string `protobuf:"bytes,3,rep,name=log_names,json=logNames,proto3" json:"log_names,omitempty"`
 	// If there might be more results than those appearing in this response, then
 	// `nextPageToken` is included.  To get the next set of results, call this
 	// method again using the value of `nextPageToken` as `pageToken`.
-	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken" json:"next_page_token,omitempty"`
+	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -648,16 +676,17 @@ func (m *ListLogsResponse) Reset()         { *m = ListLogsResponse{} }
 func (m *ListLogsResponse) String() string { return proto.CompactTextString(m) }
 func (*ListLogsResponse) ProtoMessage()    {}
 func (*ListLogsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_968d0a5616b17899, []int{9}
+	return fileDescriptor_6a8ba408154557e4, []int{9}
 }
+
 func (m *ListLogsResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListLogsResponse.Unmarshal(m, b)
 }
 func (m *ListLogsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListLogsResponse.Marshal(b, m, deterministic)
 }
-func (dst *ListLogsResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListLogsResponse.Merge(dst, src)
+func (m *ListLogsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListLogsResponse.Merge(m, src)
 }
 func (m *ListLogsResponse) XXX_Size() int {
 	return xxx_messageInfo_ListLogsResponse.Size(m)
@@ -697,37 +726,126 @@ func init() {
 	proto.RegisterType((*ListLogsResponse)(nil), "google.logging.v2.ListLogsResponse")
 }
 
+func init() {
+	proto.RegisterFile("google/logging/v2/logging.proto", fileDescriptor_6a8ba408154557e4)
+}
+
+var fileDescriptor_6a8ba408154557e4 = []byte{
+	// 1297 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x41, 0x6f, 0x1b, 0x45,
+	0x14, 0xd6, 0xd8, 0x6d, 0x62, 0x4f, 0x68, 0x92, 0x4e, 0x9b, 0xc4, 0x71, 0xd2, 0xc6, 0x75, 0xd4,
+	0xc6, 0xb5, 0xd2, 0x5d, 0xc9, 0xa8, 0xa2, 0x75, 0xa9, 0x90, 0xd3, 0x56, 0xa8, 0x52, 0x8a, 0xc2,
+	0x06, 0x5a, 0x29, 0xaa, 0x64, 0x6d, 0x76, 0x27, 0xdb, 0xa1, 0xbb, 0x3b, 0xcb, 0xcc, 0x6c, 0x82,
+	0x8b, 0x7a, 0xe1, 0x80, 0xb8, 0x70, 0xea, 0x01, 0xce, 0x70, 0x82, 0x03, 0x07, 0x0e, 0xfc, 0x03,
+	0x24, 0xd4, 0x23, 0xdc, 0x22, 0x21, 0xf5, 0xd0, 0x1f, 0xc0, 0x09, 0xa1, 0x9e, 0xd0, 0xce, 0xce,
+	0xae, 0xd7, 0x6b, 0x27, 0x31, 0xdc, 0xbc, 0xef, 0xfb, 0xe6, 0xcd, 0xfb, 0xde, 0xbc, 0xf9, 0x26,
+	0x81, 0x2b, 0x0e, 0xa5, 0x8e, 0x8b, 0x75, 0x97, 0x3a, 0x0e, 0xf1, 0x1d, 0x7d, 0xbf, 0x95, 0xfc,
+	0xd4, 0x02, 0x46, 0x05, 0x45, 0x67, 0x63, 0x82, 0x96, 0x44, 0xf7, 0x5b, 0xd5, 0x65, 0xb5, 0xc6,
+	0x0c, 0x88, 0x6e, 0xfa, 0x3e, 0x15, 0xa6, 0x20, 0xd4, 0xe7, 0xf1, 0x82, 0xea, 0x42, 0x06, 0xb5,
+	0x5c, 0x82, 0x7d, 0xa1, 0x80, 0x95, 0x0c, 0xb0, 0x47, 0xb0, 0x6b, 0x77, 0x77, 0xf1, 0x13, 0x73,
+	0x9f, 0x50, 0xa6, 0x08, 0xab, 0x19, 0x82, 0x47, 0x7d, 0x22, 0x28, 0xc3, 0x76, 0x97, 0x61, 0x4e,
+	0x43, 0x66, 0x61, 0x45, 0x5a, 0xcc, 0x90, 0x72, 0xd0, 0xa5, 0x91, 0x5a, 0xba, 0xd8, 0x17, 0xac,
+	0xa7, 0x28, 0x57, 0x8e, 0x94, 0xdb, 0xb5, 0xa8, 0xbf, 0x47, 0x94, 0xea, 0xea, 0x45, 0xc5, 0x93,
+	0x5f, 0xbb, 0xe1, 0x9e, 0x6e, 0x87, 0x4c, 0xaa, 0x54, 0xf8, 0x52, 0x1e, 0xc7, 0x5e, 0x20, 0x7a,
+	0x39, 0xa1, 0x29, 0x28, 0x88, 0x87, 0xb9, 0x30, 0xbd, 0x20, 0xd7, 0x22, 0x16, 0x58, 0x3a, 0x17,
+	0xa6, 0x08, 0x55, 0xef, 0xea, 0x1f, 0xc2, 0xd9, 0xbb, 0xd8, 0xc5, 0x02, 0x6f, 0x52, 0xc7, 0xc0,
+	0x9f, 0x86, 0x98, 0x0b, 0x74, 0x1b, 0x96, 0x22, 0x15, 0xbe, 0xe9, 0xe1, 0x0a, 0xa8, 0x81, 0x46,
+	0x79, 0xa3, 0xfe, 0xaa, 0x53, 0x78, 0xd3, 0x59, 0x46, 0xd5, 0xe4, 0x4c, 0xe2, 0x74, 0x66, 0x40,
+	0xb8, 0x66, 0x51, 0x4f, 0x8f, 0x16, 0x4f, 0xba, 0xd4, 0xf9, 0xc0, 0xf4, 0x70, 0xfd, 0x9b, 0x22,
+	0x9c, 0x7f, 0xc4, 0x88, 0x4c, 0x79, 0xcf, 0x17, 0x8c, 0x60, 0x9e, 0x64, 0x6e, 0x0f, 0x65, 0x5e,
+	0x79, 0xd3, 0x59, 0x86, 0xe3, 0xa4, 0x45, 0x37, 0x61, 0x29, 0xe9, 0x7e, 0xa5, 0x50, 0x03, 0x8d,
+	0xa9, 0xd6, 0x05, 0xc5, 0xd7, 0xcc, 0x80, 0x68, 0x0f, 0x92, 0xe3, 0x33, 0x14, 0xc9, 0x48, 0xe9,
+	0xe8, 0x01, 0x9c, 0x70, 0xcd, 0x5d, 0xec, 0xf2, 0x4a, 0xb1, 0x56, 0x6c, 0x4c, 0xb5, 0xae, 0x6b,
+	0x43, 0x23, 0xa6, 0x8d, 0xae, 0x58, 0xdb, 0x94, 0xeb, 0xa2, 0x60, 0xcf, 0x50, 0x49, 0x50, 0x1b,
+	0x4e, 0xe2, 0x98, 0x55, 0x39, 0x25, 0xf3, 0x2d, 0x8d, 0xc8, 0xa7, 0x52, 0xf5, 0x36, 0x8a, 0xaf,
+	0x3a, 0x05, 0x23, 0x59, 0x80, 0xd6, 0xe0, 0x4c, 0x60, 0x32, 0x41, 0x4c, 0xb7, 0xcb, 0x43, 0xcb,
+	0xc2, 0x9c, 0x57, 0x4e, 0xd7, 0x40, 0xa3, 0x64, 0x4c, 0xab, 0xf0, 0x76, 0x1c, 0x45, 0x0b, 0x70,
+	0xd2, 0x66, 0xbd, 0x2e, 0x0b, 0xfd, 0xca, 0x84, 0x24, 0x4c, 0xd8, 0xac, 0x67, 0x84, 0x7e, 0xf5,
+	0x26, 0x9c, 0xca, 0x14, 0x85, 0x66, 0x61, 0xf1, 0x29, 0xee, 0xc5, 0xdd, 0x34, 0xa2, 0x9f, 0xe8,
+	0x3c, 0x3c, 0xbd, 0x6f, 0xba, 0x61, 0xdc, 0xa5, 0xb2, 0x11, 0x7f, 0xb4, 0x0b, 0x37, 0x40, 0x7d,
+	0x11, 0x2e, 0x0c, 0xc9, 0xe4, 0x01, 0xf5, 0x39, 0xae, 0xbf, 0x06, 0x70, 0x39, 0x87, 0x6d, 0xc5,
+	0x05, 0xdd, 0x63, 0x8c, 0x32, 0x8e, 0x3c, 0x38, 0x9b, 0x8e, 0x76, 0x17, 0xcb, 0x58, 0x05, 0x48,
+	0xf5, 0x77, 0x4e, 0xee, 0xe6, 0x40, 0xaa, 0xb4, 0x35, 0xf1, 0x67, 0xdc, 0xdb, 0x69, 0x77, 0x20,
+	0x58, 0xfd, 0x18, 0x9e, 0x1b, 0x41, 0xcb, 0xaa, 0x3d, 0x1d, 0xab, 0x6d, 0x64, 0xd5, 0x4e, 0xb5,
+	0x50, 0x52, 0x0c, 0x0b, 0x2c, 0x6d, 0x5b, 0x4e, 0x7a, 0xb6, 0x03, 0x7f, 0x03, 0x38, 0xb7, 0x49,
+	0xb8, 0x18, 0x1e, 0xcd, 0x55, 0x38, 0x15, 0x30, 0xfa, 0x09, 0xb6, 0x44, 0x97, 0xd8, 0xb1, 0xb4,
+	0xf2, 0x46, 0xa1, 0x02, 0x0c, 0xa8, 0xc2, 0xf7, 0x6d, 0x8e, 0xee, 0xc3, 0xe9, 0x64, 0xa8, 0xe4,
+	0x10, 0xf3, 0x4a, 0x49, 0xf2, 0xc6, 0xb9, 0x1f, 0x67, 0x92, 0x95, 0xd1, 0x34, 0x73, 0x34, 0x0f,
+	0x27, 0xf6, 0x88, 0x2b, 0x30, 0x53, 0xc7, 0xa4, 0xbe, 0xd0, 0x22, 0x2c, 0x51, 0x66, 0x63, 0xd6,
+	0xdd, 0xed, 0x55, 0x8a, 0x12, 0x99, 0x94, 0xdf, 0x1b, 0x3d, 0xb4, 0x04, 0xcb, 0x81, 0xe9, 0xe0,
+	0x2e, 0x27, 0xcf, 0x70, 0xe5, 0x94, 0x6c, 0x41, 0x29, 0x0a, 0x6c, 0x93, 0x67, 0x18, 0x5d, 0x80,
+	0x50, 0x82, 0x82, 0x3e, 0xc5, 0xbe, 0x9c, 0xa9, 0xb2, 0x21, 0xe9, 0x1f, 0x45, 0x81, 0xfa, 0x01,
+	0x9c, 0xcf, 0xeb, 0x8e, 0x4f, 0x1e, 0x5d, 0xef, 0x4f, 0x33, 0x38, 0x71, 0x9a, 0xfb, 0x83, 0x7c,
+	0x05, 0xce, 0xf8, 0xf8, 0x33, 0xd1, 0xcd, 0x6c, 0x1a, 0x0b, 0x39, 0x13, 0x85, 0xb7, 0xd2, 0x8d,
+	0x31, 0x5c, 0x8b, 0x36, 0x1e, 0xba, 0x9e, 0x77, 0x31, 0xb7, 0x18, 0x09, 0x04, 0x65, 0xe9, 0x11,
+	0x0c, 0xe8, 0x03, 0xc7, 0xea, 0x2b, 0xe4, 0xf5, 0xfd, 0x04, 0x60, 0xe3, 0xe4, 0x7d, 0x94, 0xe4,
+	0x1d, 0x78, 0x3e, 0x3d, 0x46, 0xbb, 0x8f, 0x2b, 0xfd, 0x6b, 0xc7, 0xda, 0x4a, 0x3f, 0x9f, 0x71,
+	0x8e, 0x0d, 0xef, 0x31, 0x76, 0x5f, 0xbe, 0x04, 0x70, 0x46, 0x9d, 0x48, 0xda, 0x80, 0x77, 0xe0,
+	0x44, 0x60, 0x32, 0xec, 0x8b, 0x8c, 0x39, 0x1e, 0x3b, 0x53, 0x8a, 0x3e, 0xd8, 0xb9, 0xc2, 0xb1,
+	0x9d, 0x2b, 0xe6, 0x3b, 0xf7, 0x08, 0xce, 0xf6, 0xeb, 0x50, 0x0d, 0x5a, 0x82, 0xe5, 0xc4, 0xa7,
+	0x63, 0xcf, 0x2c, 0x1b, 0x25, 0xe5, 0xc3, 0x63, 0x2b, 0x6c, 0xfd, 0x09, 0xe1, 0xec, 0x66, 0x5c,
+	0xfb, 0x36, 0x66, 0xfb, 0xc4, 0xc2, 0x0f, 0x5b, 0xe8, 0x45, 0x01, 0x96, 0xd3, 0x07, 0x07, 0xad,
+	0x8e, 0x18, 0xb5, 0xfc, 0x73, 0x54, 0x9d, 0x4f, 0x48, 0xc9, 0xeb, 0xa6, 0xdd, 0x8b, 0x9e, 0xbe,
+	0xfa, 0x6f, 0xe0, 0xb0, 0x93, 0x3e, 0x27, 0x5f, 0xfc, 0xf1, 0xfa, 0x45, 0xe1, 0x17, 0xd0, 0xac,
+	0x45, 0x0f, 0xec, 0xe7, 0x49, 0xf4, 0xb6, 0xba, 0xbb, 0x5c, 0x6f, 0x46, 0xaf, 0x2e, 0xd7, 0x9b,
+	0xcf, 0x77, 0x96, 0x9a, 0x8b, 0x83, 0x9c, 0x66, 0x06, 0x5c, 0x6b, 0x5e, 0x1e, 0x04, 0x29, 0x73,
+	0x4c, 0x9f, 0x3c, 0x8b, 0xff, 0xde, 0xc8, 0x10, 0x2f, 0x35, 0x57, 0x06, 0x89, 0x7b, 0xd4, 0xb5,
+	0x31, 0xcb, 0x52, 0xae, 0x36, 0xd7, 0x06, 0x29, 0xbb, 0xc4, 0x75, 0x89, 0xef, 0x74, 0x2c, 0x8b,
+	0x86, 0x7e, 0xb6, 0x26, 0xf4, 0x03, 0x80, 0x33, 0x39, 0xcb, 0x44, 0x57, 0xc7, 0x7e, 0xa4, 0xaa,
+	0xcd, 0x71, 0xa8, 0xca, 0xe8, 0xdf, 0x3b, 0xec, 0xd4, 0x92, 0x8a, 0xd6, 0x93, 0x01, 0x5e, 0x8f,
+	0x5f, 0xb6, 0x75, 0x75, 0xb9, 0x65, 0x33, 0xe7, 0xeb, 0x67, 0xa3, 0xf2, 0x55, 0xa8, 0x7d, 0x10,
+	0xe5, 0x6b, 0x83, 0x26, 0xfa, 0x1e, 0xc0, 0xe9, 0x41, 0x2b, 0x41, 0x8d, 0x51, 0x8e, 0x31, 0xca,
+	0x65, 0xab, 0x57, 0xc7, 0x60, 0xaa, 0x42, 0xdf, 0x3d, 0xec, 0x5c, 0x1c, 0x34, 0xdb, 0xf5, 0xd8,
+	0x22, 0xd7, 0x13, 0x7f, 0x94, 0x65, 0xce, 0xd5, 0x67, 0xb3, 0x65, 0xba, 0x84, 0x8b, 0xa8, 0xca,
+	0x5f, 0x01, 0xac, 0x9d, 0xe4, 0x07, 0xa8, 0x7d, 0x44, 0x35, 0x63, 0x98, 0x55, 0xf5, 0xd6, 0xff,
+	0x5a, 0xab, 0xb4, 0x35, 0x64, 0xe9, 0x75, 0x24, 0xa7, 0xd5, 0x3b, 0xae, 0xc4, 0xaf, 0x0a, 0xb0,
+	0x94, 0x5c, 0x4f, 0x54, 0x3f, 0xba, 0x7b, 0x69, 0x5d, 0xab, 0xc7, 0x72, 0xd4, 0xfe, 0x3f, 0x83,
+	0xc3, 0x8e, 0xf2, 0x0e, 0x59, 0xc9, 0x77, 0x00, 0xcd, 0xc9, 0x59, 0x8d, 0x63, 0xd1, 0x95, 0x78,
+	0x2e, 0x87, 0x73, 0xe7, 0x22, 0x5a, 0xce, 0x02, 0xfd, 0xfb, 0xa4, 0xf0, 0x55, 0x74, 0x29, 0x8b,
+	0xe7, 0xae, 0x8b, 0x22, 0x5d, 0x40, 0x4b, 0x59, 0x52, 0x7a, 0x55, 0x14, 0x7c, 0x19, 0xad, 0x66,
+	0xe1, 0xa1, 0x6b, 0x12, 0xd3, 0xaa, 0x5f, 0x17, 0x5e, 0x76, 0xe6, 0x47, 0x9b, 0xe1, 0xef, 0x9d,
+	0xbf, 0xc0, 0x13, 0x21, 0x02, 0xde, 0xd6, 0xf5, 0x83, 0x83, 0x83, 0xbc, 0x55, 0x9a, 0xa1, 0x78,
+	0xa2, 0x5b, 0x2e, 0x0d, 0xed, 0x6b, 0x81, 0x6b, 0x8a, 0x3d, 0xca, 0xbc, 0xf5, 0xff, 0x46, 0xd7,
+	0x18, 0x36, 0xed, 0x6b, 0xd4, 0x77, 0x7b, 0x27, 0x2e, 0x4c, 0x2a, 0x34, 0x6d, 0x8f, 0xf8, 0x63,
+	0xb3, 0xa3, 0xfc, 0x63, 0x93, 0xe5, 0x5d, 0xdc, 0xf8, 0x16, 0xc0, 0x39, 0x8b, 0x7a, 0xc3, 0xe7,
+	0xbd, 0xf1, 0x96, 0xb2, 0xdd, 0xad, 0xc8, 0x30, 0xb7, 0xc0, 0xce, 0x0d, 0x45, 0x71, 0xa8, 0x6b,
+	0xfa, 0x8e, 0x46, 0x99, 0xa3, 0x3b, 0xd8, 0x97, 0x76, 0xaa, 0xf7, 0xf7, 0xc9, 0xfc, 0x8b, 0x72,
+	0x4b, 0xfd, 0xfc, 0x07, 0x80, 0x1f, 0x0b, 0x0b, 0xef, 0xc7, 0xab, 0xef, 0x44, 0x1d, 0xd1, 0x54,
+	0x6a, 0xed, 0x61, 0xeb, 0x65, 0x82, 0x3c, 0x96, 0xc8, 0x63, 0x85, 0x3c, 0x7e, 0xd8, 0xda, 0x9d,
+	0x90, 0xb9, 0xdf, 0xfe, 0x37, 0x00, 0x00, 0xff, 0xff, 0xa4, 0xad, 0x1e, 0x98, 0xec, 0x0d, 0x00,
+	0x00,
+}
+
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
-var _ grpc.ClientConn
+var _ grpc.ClientConnInterface
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-const _ = grpc.SupportPackageIsVersion4
+const _ = grpc.SupportPackageIsVersion6
 
 // LoggingServiceV2Client is the client API for LoggingServiceV2 service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type LoggingServiceV2Client interface {
-	// Deletes all the log entries in a log.
-	// The log reappears if it receives new entries.
-	// Log entries written shortly before the delete operation might not be
-	// deleted.
+	// Deletes all the log entries in a log. The log reappears if it receives new
+	// entries. Log entries written shortly before the delete operation might not
+	// be deleted. Entries received after the delete operation with a timestamp
+	// before the operation will be deleted.
 	DeleteLog(ctx context.Context, in *DeleteLogRequest, opts ...grpc.CallOption) (*empty.Empty, error)
-	// ## Log entry resources
-	//
-	// Writes log entries to Stackdriver Logging. This API method is the
-	// only way to send log entries to Stackdriver Logging. This method
-	// is used, directly or indirectly, by the Stackdriver Logging agent
-	// (fluentd) and all logging libraries configured to use Stackdriver
-	// Logging.
+	// Writes log entries to Logging. This API method is the
+	// only way to send log entries to Logging. This method
+	// is used, directly or indirectly, by the Logging agent
+	// (fluentd) and all logging libraries configured to use Logging.
+	// A single request may contain log entries for a maximum of 1000
+	// different resources (projects, organizations, billing accounts or
+	// folders)
 	WriteLogEntries(ctx context.Context, in *WriteLogEntriesRequest, opts ...grpc.CallOption) (*WriteLogEntriesResponse, error)
-	// Lists log entries.  Use this method to retrieve log entries from
-	// Stackdriver Logging.  For ways to export log entries, see
-	// [Exporting Logs](/logging/docs/export).
+	// Lists log entries.  Use this method to retrieve log entries that originated
+	// from a project/folder/organization/billing account.  For ways to export log
+	// entries, see [Exporting Logs](/logging/docs/export).
 	ListLogEntries(ctx context.Context, in *ListLogEntriesRequest, opts ...grpc.CallOption) (*ListLogEntriesResponse, error)
-	// Lists the descriptors for monitored resource types used by Stackdriver
-	// Logging.
+	// Lists the descriptors for monitored resource types used by Logging.
 	ListMonitoredResourceDescriptors(ctx context.Context, in *ListMonitoredResourceDescriptorsRequest, opts ...grpc.CallOption) (*ListMonitoredResourceDescriptorsResponse, error)
 	// Lists the logs in projects, organizations, folders, or billing accounts.
 	// Only logs that have entries are listed.
@@ -735,10 +853,10 @@ type LoggingServiceV2Client interface {
 }
 
 type loggingServiceV2Client struct {
-	cc *grpc.ClientConn
+	cc grpc.ClientConnInterface
 }
 
-func NewLoggingServiceV2Client(cc *grpc.ClientConn) LoggingServiceV2Client {
+func NewLoggingServiceV2Client(cc grpc.ClientConnInterface) LoggingServiceV2Client {
 	return &loggingServiceV2Client{cc}
 }
 
@@ -787,34 +905,52 @@ func (c *loggingServiceV2Client) ListLogs(ctx context.Context, in *ListLogsReque
 	return out, nil
 }
 
-// Server API for LoggingServiceV2 service
-
+// LoggingServiceV2Server is the server API for LoggingServiceV2 service.
 type LoggingServiceV2Server interface {
-	// Deletes all the log entries in a log.
-	// The log reappears if it receives new entries.
-	// Log entries written shortly before the delete operation might not be
-	// deleted.
+	// Deletes all the log entries in a log. The log reappears if it receives new
+	// entries. Log entries written shortly before the delete operation might not
+	// be deleted. Entries received after the delete operation with a timestamp
+	// before the operation will be deleted.
 	DeleteLog(context.Context, *DeleteLogRequest) (*empty.Empty, error)
-	// ## Log entry resources
-	//
-	// Writes log entries to Stackdriver Logging. This API method is the
-	// only way to send log entries to Stackdriver Logging. This method
-	// is used, directly or indirectly, by the Stackdriver Logging agent
-	// (fluentd) and all logging libraries configured to use Stackdriver
-	// Logging.
+	// Writes log entries to Logging. This API method is the
+	// only way to send log entries to Logging. This method
+	// is used, directly or indirectly, by the Logging agent
+	// (fluentd) and all logging libraries configured to use Logging.
+	// A single request may contain log entries for a maximum of 1000
+	// different resources (projects, organizations, billing accounts or
+	// folders)
 	WriteLogEntries(context.Context, *WriteLogEntriesRequest) (*WriteLogEntriesResponse, error)
-	// Lists log entries.  Use this method to retrieve log entries from
-	// Stackdriver Logging.  For ways to export log entries, see
-	// [Exporting Logs](/logging/docs/export).
+	// Lists log entries.  Use this method to retrieve log entries that originated
+	// from a project/folder/organization/billing account.  For ways to export log
+	// entries, see [Exporting Logs](/logging/docs/export).
 	ListLogEntries(context.Context, *ListLogEntriesRequest) (*ListLogEntriesResponse, error)
-	// Lists the descriptors for monitored resource types used by Stackdriver
-	// Logging.
+	// Lists the descriptors for monitored resource types used by Logging.
 	ListMonitoredResourceDescriptors(context.Context, *ListMonitoredResourceDescriptorsRequest) (*ListMonitoredResourceDescriptorsResponse, error)
 	// Lists the logs in projects, organizations, folders, or billing accounts.
 	// Only logs that have entries are listed.
 	ListLogs(context.Context, *ListLogsRequest) (*ListLogsResponse, error)
 }
 
+// UnimplementedLoggingServiceV2Server can be embedded to have forward compatible implementations.
+type UnimplementedLoggingServiceV2Server struct {
+}
+
+func (*UnimplementedLoggingServiceV2Server) DeleteLog(ctx context.Context, req *DeleteLogRequest) (*empty.Empty, error) {
+	return nil, status1.Errorf(codes.Unimplemented, "method DeleteLog not implemented")
+}
+func (*UnimplementedLoggingServiceV2Server) WriteLogEntries(ctx context.Context, req *WriteLogEntriesRequest) (*WriteLogEntriesResponse, error) {
+	return nil, status1.Errorf(codes.Unimplemented, "method WriteLogEntries not implemented")
+}
+func (*UnimplementedLoggingServiceV2Server) ListLogEntries(ctx context.Context, req *ListLogEntriesRequest) (*ListLogEntriesResponse, error) {
+	return nil, status1.Errorf(codes.Unimplemented, "method ListLogEntries not implemented")
+}
+func (*UnimplementedLoggingServiceV2Server) ListMonitoredResourceDescriptors(ctx context.Context, req *ListMonitoredResourceDescriptorsRequest) (*ListMonitoredResourceDescriptorsResponse, error) {
+	return nil, status1.Errorf(codes.Unimplemented, "method ListMonitoredResourceDescriptors not implemented")
+}
+func (*UnimplementedLoggingServiceV2Server) ListLogs(ctx context.Context, req *ListLogsRequest) (*ListLogsResponse, error) {
+	return nil, status1.Errorf(codes.Unimplemented, "method ListLogs not implemented")
+}
+
 func RegisterLoggingServiceV2Server(s *grpc.Server, srv LoggingServiceV2Server) {
 	s.RegisterService(&_LoggingServiceV2_serviceDesc, srv)
 }
@@ -937,73 +1073,3 @@ var _LoggingServiceV2_serviceDesc = grpc.ServiceDesc{
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "google/logging/v2/logging.proto",
 }
-
-func init() {
-	proto.RegisterFile("google/logging/v2/logging.proto", fileDescriptor_logging_968d0a5616b17899)
-}
-
-var fileDescriptor_logging_968d0a5616b17899 = []byte{
-	// 991 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0xcd, 0x6e, 0xdb, 0x46,
-	0x10, 0xc6, 0x4a, 0xb1, 0x23, 0x8d, 0x1a, 0x5b, 0xd9, 0xc4, 0xb2, 0x22, 0xd9, 0xb5, 0x4a, 0x23,
-	0xb5, 0x22, 0x20, 0x24, 0xca, 0x22, 0x40, 0xe2, 0x20, 0x17, 0x27, 0x46, 0x51, 0xc0, 0x29, 0x0c,
-	0xba, 0x75, 0x80, 0xc0, 0x80, 0x40, 0x49, 0x1b, 0x62, 0x1b, 0x8a, 0xcb, 0xee, 0xae, 0xe4, 0x2a,
-	0x41, 0x2e, 0x39, 0xf4, 0x05, 0x7a, 0xe9, 0x33, 0xf4, 0xd0, 0xb7, 0xe8, 0xa5, 0x87, 0x5e, 0x8a,
-	0x02, 0x7d, 0x80, 0x3c, 0x44, 0x8f, 0x05, 0x77, 0x97, 0x32, 0xf5, 0x13, 0x59, 0xee, 0x4d, 0x3b,
-	0xf3, 0xed, 0xcc, 0x7c, 0xc3, 0x6f, 0x66, 0x05, 0x3b, 0x01, 0x63, 0x41, 0x48, 0x9c, 0x90, 0x05,
-	0x01, 0x8d, 0x02, 0x67, 0xe8, 0xa6, 0x3f, 0xed, 0x98, 0x33, 0xc9, 0xf0, 0x4d, 0x0d, 0xb0, 0x53,
-	0xeb, 0xd0, 0xad, 0x6d, 0x99, 0x3b, 0x7e, 0x4c, 0x1d, 0x3f, 0x8a, 0x98, 0xf4, 0x25, 0x65, 0x91,
-	0xd0, 0x17, 0x6a, 0xbb, 0x19, 0x6f, 0x9f, 0x45, 0x54, 0x32, 0x4e, 0x7a, 0x6d, 0x4e, 0x04, 0x1b,
-	0xf0, 0x2e, 0x31, 0xa0, 0xcf, 0xe6, 0xa6, 0x6d, 0x93, 0x48, 0xf2, 0x91, 0x81, 0x7c, 0x6a, 0x20,
-	0xea, 0xd4, 0x19, 0xbc, 0x72, 0x7a, 0x03, 0xae, 0x12, 0x19, 0x7f, 0x7d, 0xda, 0x4f, 0xfa, 0xb1,
-	0x4c, 0x2f, 0xef, 0x4c, 0x3b, 0x25, 0xed, 0x13, 0x21, 0xfd, 0x7e, 0x6c, 0x00, 0x9b, 0x06, 0xc0,
-	0xe3, 0xae, 0x23, 0xa4, 0x2f, 0x07, 0xa6, 0x7c, 0xeb, 0x3e, 0x94, 0x9f, 0x91, 0x90, 0x48, 0x72,
-	0xc4, 0x02, 0x8f, 0xfc, 0x30, 0x20, 0x42, 0xe2, 0x3b, 0x50, 0x48, 0xaa, 0x8b, 0xfc, 0x3e, 0xa9,
-	0xa2, 0x06, 0x6a, 0x16, 0xbd, 0xeb, 0x21, 0x0b, 0xbe, 0xf1, 0xfb, 0xc4, 0xfa, 0x27, 0x07, 0x95,
-	0x17, 0x9c, 0x2a, 0xf8, 0x61, 0x24, 0x39, 0x25, 0xe2, 0xf2, 0x5b, 0xf8, 0x11, 0x14, 0xd2, 0x86,
-	0x54, 0x73, 0x0d, 0xd4, 0x2c, 0xb9, 0xdb, 0xb6, 0xe9, 0xb3, 0x1f, 0x53, 0xfb, 0x79, 0xda, 0x36,
-	0xcf, 0x80, 0xbc, 0x31, 0x1c, 0x3f, 0x87, 0xd5, 0xd0, 0xef, 0x90, 0x50, 0x54, 0xf3, 0x8d, 0x7c,
-	0xb3, 0xe4, 0x3e, 0xb0, 0x67, 0x3e, 0x90, 0x3d, 0xbf, 0x20, 0xfb, 0x48, 0xdd, 0x4b, 0x8c, 0x23,
-	0xcf, 0x04, 0xc1, 0x0f, 0xe0, 0x3a, 0xd1, 0xa8, 0xea, 0x35, 0x15, 0xaf, 0x3e, 0x27, 0x9e, 0x09,
-	0x35, 0xf2, 0x52, 0x2c, 0xde, 0x83, 0xf5, 0xd8, 0xe7, 0x92, 0xfa, 0x61, 0x5b, 0x0c, 0xba, 0x5d,
-	0x22, 0x44, 0x75, 0xa5, 0x81, 0x9a, 0x05, 0x6f, 0xcd, 0x98, 0x4f, 0xb4, 0xb5, 0xf6, 0x08, 0x4a,
-	0x99, 0xb4, 0xb8, 0x0c, 0xf9, 0xd7, 0x64, 0x64, 0xda, 0x91, 0xfc, 0xc4, 0xb7, 0x61, 0x65, 0xe8,
-	0x87, 0x03, 0xdd, 0x87, 0xa2, 0xa7, 0x0f, 0xfb, 0xb9, 0x87, 0xc8, 0xba, 0x03, 0x9b, 0x33, 0x44,
-	0x44, 0xcc, 0x22, 0x41, 0xac, 0x0f, 0x08, 0xb6, 0xa6, 0x7c, 0xc7, 0x3a, 0xef, 0x21, 0xe7, 0x8c,
-	0x0b, 0xdc, 0x87, 0xf2, 0x58, 0x4f, 0x6d, 0xa2, 0x6c, 0x55, 0xa4, 0xf8, 0x3d, 0xbd, 0xbc, 0x5f,
-	0x13, 0xa1, 0xc6, 0xe4, 0xf5, 0x51, 0xf7, 0x61, 0x2d, 0x9c, 0x30, 0xd6, 0xbe, 0x83, 0x5b, 0x73,
-	0x60, 0x59, 0xb6, 0x2b, 0x9a, 0x6d, 0x33, 0xcb, 0xb6, 0xe4, 0xe2, 0xb4, 0x18, 0x1e, 0x77, 0xed,
-	0x13, 0x25, 0xc3, 0x6c, 0x07, 0xfe, 0x44, 0xb0, 0x71, 0x44, 0x85, 0x9c, 0xd5, 0xd6, 0x0e, 0x94,
-	0x62, 0xce, 0xbe, 0x27, 0x5d, 0xd9, 0xa6, 0x3d, 0x4d, 0xad, 0xe8, 0x81, 0x31, 0x7d, 0xdd, 0x13,
-	0xf8, 0x2e, 0xac, 0xa5, 0x92, 0x51, 0x0a, 0x14, 0xd5, 0x82, 0xc2, 0xdc, 0x48, 0xad, 0x89, 0x0e,
-	0x05, 0xae, 0xc0, 0xea, 0x2b, 0x1a, 0x4a, 0xc2, 0x4d, 0xfb, 0xcd, 0x29, 0xd1, 0x2e, 0xe3, 0x3d,
-	0xc2, 0xdb, 0x9d, 0x51, 0x35, 0xaf, 0xb5, 0xab, 0xce, 0x07, 0x23, 0x5c, 0x87, 0x62, 0xec, 0x07,
-	0xa4, 0x2d, 0xe8, 0x1b, 0x52, 0xbd, 0xa6, 0xa8, 0x15, 0x12, 0xc3, 0x09, 0x7d, 0x43, 0xf0, 0x36,
-	0x80, 0x72, 0x4a, 0xf6, 0x9a, 0x44, 0x4a, 0x12, 0x45, 0x4f, 0xc1, 0xbf, 0x4d, 0x0c, 0xd6, 0x39,
-	0x54, 0xa6, 0xf9, 0xe8, 0x2f, 0x9a, 0xd5, 0x21, 0xba, 0x82, 0x0e, 0x3f, 0x87, 0xf5, 0x88, 0xfc,
-	0x28, 0xdb, 0x99, 0xa4, 0x9a, 0xc8, 0x8d, 0xc4, 0x7c, 0x3c, 0x4e, 0x4c, 0x60, 0x2f, 0x49, 0x3c,
-	0x33, 0x58, 0xcf, 0x88, 0xe8, 0x72, 0x1a, 0x4b, 0xc6, 0xc7, 0xad, 0x9d, 0xe0, 0x87, 0x16, 0xf2,
-	0xcb, 0x4d, 0xf3, 0xfb, 0x0d, 0x41, 0xf3, 0xf2, 0x3c, 0x86, 0xf2, 0x4b, 0xb8, 0x3d, 0xfe, 0x44,
-	0xbd, 0x0b, 0xbf, 0xe1, 0xbf, 0xb7, 0x70, 0x21, 0x5c, 0xc4, 0xf3, 0x6e, 0xf1, 0xd9, 0x1c, 0x57,
-	0xe8, 0xcb, 0xba, 0xf9, 0x20, 0x63, 0xfe, 0x15, 0x58, 0x8d, 0x7d, 0x4e, 0x22, 0x69, 0xa6, 0xd4,
-	0x9c, 0x26, 0xfb, 0x92, 0x5b, 0xd8, 0x97, 0xfc, 0x74, 0x5f, 0x5e, 0x40, 0xf9, 0x22, 0x8d, 0xa1,
-	0x5f, 0x87, 0x62, 0xba, 0x1e, 0xf5, 0x2e, 0x2b, 0x7a, 0x05, 0xb3, 0x1f, 0x97, 0xae, 0xdf, 0xfd,
-	0x7b, 0x05, 0xca, 0x47, 0x5a, 0x20, 0x27, 0x84, 0x0f, 0x69, 0x97, 0x9c, 0xba, 0xf8, 0x1c, 0x8a,
-	0xe3, 0x15, 0x8e, 0x77, 0xe7, 0xe8, 0x68, 0x7a, 0xc1, 0xd7, 0x2a, 0x29, 0x28, 0x7d, 0x2f, 0xec,
-	0xc3, 0xe4, 0x31, 0xb1, 0xee, 0xbf, 0xff, 0xeb, 0xc3, 0xcf, 0xb9, 0xbd, 0xd6, 0x5d, 0x67, 0xe8,
-	0x76, 0x88, 0xf4, 0xbf, 0x70, 0xde, 0xa6, 0x35, 0x3f, 0x31, 0xc3, 0x26, 0x9c, 0x56, 0xf2, 0x74,
-	0x09, 0xa7, 0xf5, 0x0e, 0xff, 0x84, 0x60, 0x7d, 0x6a, 0x97, 0xe0, 0x7b, 0x4b, 0xef, 0xe7, 0x5a,
-	0x6b, 0x19, 0xa8, 0xd9, 0x80, 0x5b, 0xaa, 0xb2, 0x8a, 0x75, 0x33, 0x79, 0x3a, 0xcd, 0x34, 0xec,
-	0x9f, 0x27, 0xe0, 0x7d, 0xd4, 0xc2, 0xef, 0x11, 0xac, 0x4d, 0x0e, 0x1a, 0x6e, 0xce, 0x9b, 0xa7,
-	0x79, 0xbb, 0xa5, 0x76, 0x6f, 0x09, 0xa4, 0xa9, 0xa2, 0xae, 0xaa, 0xd8, 0xb0, 0xca, 0xd9, 0x2a,
-	0x42, 0x2a, 0x64, 0x52, 0xc4, 0xef, 0x08, 0x1a, 0x97, 0x0d, 0x03, 0xde, 0xff, 0x48, 0xb2, 0x25,
-	0x26, 0xb5, 0xf6, 0xf8, 0x7f, 0xdd, 0x35, 0xa5, 0x37, 0x55, 0xe9, 0x16, 0x6e, 0x24, 0xa5, 0xf7,
-	0x17, 0x95, 0xc8, 0xa1, 0x90, 0x8a, 0x17, 0x5b, 0x1f, 0xef, 0xcd, 0xb8, 0xac, 0xdd, 0x85, 0x18,
-	0x93, 0x7e, 0x5b, 0xa5, 0xdf, 0xc4, 0x1b, 0x49, 0xfa, 0xb7, 0x7a, 0xc4, 0x9e, 0xb4, 0x9c, 0xd6,
-	0x3b, 0x25, 0xa6, 0x83, 0x5f, 0x10, 0x6c, 0x74, 0x59, 0x7f, 0x36, 0xd2, 0xc1, 0x27, 0x46, 0xee,
-	0xc7, 0x89, 0x52, 0x8f, 0xd1, 0xcb, 0x87, 0x06, 0x12, 0xb0, 0xd0, 0x8f, 0x02, 0x9b, 0xf1, 0xc0,
-	0x09, 0x48, 0xa4, 0x74, 0xec, 0x68, 0x97, 0x1f, 0x53, 0x91, 0xf9, 0xa3, 0xf5, 0xd8, 0xfc, 0xfc,
-	0x17, 0xa1, 0x5f, 0x73, 0x9b, 0x5f, 0xe9, 0xdb, 0x4f, 0x43, 0x36, 0xe8, 0xd9, 0x26, 0xb4, 0x7d,
-	0xea, 0xfe, 0x91, 0x7a, 0xce, 0x94, 0xe7, 0xcc, 0x78, 0xce, 0x4e, 0xdd, 0xce, 0xaa, 0x8a, 0xfd,
-	0xe5, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xfd, 0x96, 0xc5, 0x3e, 0x3a, 0x0a, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_config.pb.go b/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_config.pb.go
index 7360c461e1be6..23af06e849c44 100644
--- a/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_config.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_config.pb.go
@@ -1,19 +1,22 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/logging/v2/logging_config.proto
 
-package logging // import "google.golang.org/genproto/googleapis/logging/v2"
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import empty "github.com/golang/protobuf/ptypes/empty"
-import timestamp "github.com/golang/protobuf/ptypes/timestamp"
-import _ "google.golang.org/genproto/googleapis/api/annotations"
-import field_mask "google.golang.org/genproto/protobuf/field_mask"
+package logging
 
 import (
-	context "golang.org/x/net/context"
+	context "context"
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	_ "github.com/golang/protobuf/ptypes/duration"
+	empty "github.com/golang/protobuf/ptypes/empty"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	field_mask "google.golang.org/genproto/protobuf/field_mask"
 	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
 )
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -25,9 +28,9 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
-// Available log entry formats. Log entries can be written to Stackdriver
+// Available log entry formats. Log entries can be written to
 // Logging in either format and can be exported in either format.
 // Version 2 is the preferred format.
 type LogSink_VersionFormat int32
@@ -46,31 +49,33 @@ var LogSink_VersionFormat_name = map[int32]string{
 	1: "V2",
 	2: "V1",
 }
+
 var LogSink_VersionFormat_value = map[string]int32{
 	"VERSION_FORMAT_UNSPECIFIED": 0,
-	"V2": 1,
-	"V1": 2,
+	"V2":                         1,
+	"V1":                         2,
 }
 
 func (x LogSink_VersionFormat) String() string {
 	return proto.EnumName(LogSink_VersionFormat_name, int32(x))
 }
+
 func (LogSink_VersionFormat) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{0, 0}
+	return fileDescriptor_775871f9b2cdbeb8, []int{0, 0}
 }
 
 // Describes a sink used to export log entries to one of the following
 // destinations in any project: a Cloud Storage bucket, a BigQuery dataset, or a
-// Cloud Pub/Sub topic.  A logs filter controls which log entries are
-// exported. The sink must be created within a project, organization, billing
-// account, or folder.
+// Cloud Pub/Sub topic. A logs filter controls which log entries are exported.
+// The sink must be created within a project, organization, billing account, or
+// folder.
 type LogSink struct {
 	// Required. The client-assigned sink identifier, unique within the
-	// project. Example: `"my-syslog-errors-to-pubsub"`.  Sink identifiers are
+	// project. Example: `"my-syslog-errors-to-pubsub"`. Sink identifiers are
 	// limited to 100 characters and can include only the following characters:
 	// upper and lower-case alphanumeric characters, underscores, hyphens, and
-	// periods.
-	Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	// periods. First character has to be alphanumeric.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// Required. The export destination:
 	//
 	//     "storage.googleapis.com/[GCS_BUCKET]"
@@ -79,34 +84,39 @@ type LogSink struct {
 	//
 	// The sink's `writer_identity`, set when the sink is created, must
 	// have permission to write to the destination or else the log
-	// entries are not exported.  For more information, see
-	// [Exporting Logs With Sinks](/logging/docs/api/tasks/exporting-logs).
-	Destination string `protobuf:"bytes,3,opt,name=destination" json:"destination,omitempty"`
-	// Optional.
-	// An [advanced logs filter](/logging/docs/view/advanced_filters).  The only
+	// entries are not exported. For more information, see
+	// [Exporting Logs with Sinks](/logging/docs/api/tasks/exporting-logs).
+	Destination string `protobuf:"bytes,3,opt,name=destination,proto3" json:"destination,omitempty"`
+	// Optional. An [advanced logs filter](/logging/docs/view/advanced-queries). The only
 	// exported log entries are those that are in the resource owning the sink and
-	// that match the filter.  For example:
+	// that match the filter. For example:
 	//
 	//     logName="projects/[PROJECT_ID]/logs/[LOG_ID]" AND severity>=ERROR
-	Filter string `protobuf:"bytes,5,opt,name=filter" json:"filter,omitempty"`
+	Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"`
+	// Optional. A description of this sink.
+	// The maximum length of the description is 8000 characters.
+	Description string `protobuf:"bytes,18,opt,name=description,proto3" json:"description,omitempty"`
+	// Optional. If set to True, then this sink is disabled and it does not
+	// export any log entries.
+	Disabled bool `protobuf:"varint,19,opt,name=disabled,proto3" json:"disabled,omitempty"`
 	// Deprecated. The log entry format to use for this sink's exported log
-	// entries.  The v2 format is used by default and cannot be changed.
-	OutputVersionFormat LogSink_VersionFormat `protobuf:"varint,6,opt,name=output_version_format,json=outputVersionFormat,enum=google.logging.v2.LogSink_VersionFormat" json:"output_version_format,omitempty"`
+	// entries. The v2 format is used by default and cannot be changed.
+	OutputVersionFormat LogSink_VersionFormat `protobuf:"varint,6,opt,name=output_version_format,json=outputVersionFormat,proto3,enum=google.logging.v2.LogSink_VersionFormat" json:"output_version_format,omitempty"` // Deprecated: Do not use.
 	// Output only. An IAM identity&mdash;a service account or group&mdash;under
-	// which Stackdriver Logging writes the exported log entries to the sink's
-	// destination.  This field is set by
-	// [sinks.create](/logging/docs/api/reference/rest/v2/projects.sinks/create)
+	// which Logging writes the exported log entries to the sink's destination.
+	// This field is set by
+	// [sinks.create][google.logging.v2.ConfigServiceV2.CreateSink]
 	// and
-	// [sinks.update](/logging/docs/api/reference/rest/v2/projects.sinks/update),
-	// based on the setting of `unique_writer_identity` in those methods.
+	// [sinks.update][google.logging.v2.ConfigServiceV2.UpdateSink]
+	// based on the value of `unique_writer_identity` in those methods.
 	//
 	// Until you grant this identity write-access to the destination, log entry
 	// exports from this sink will fail. For more information,
-	// see [Granting access for a
-	// resource](/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource).
+	// see [Granting Access for a
+	// Resource](/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource).
 	// Consult the destination service's documentation to determine the
 	// appropriate IAM roles to assign to the identity.
-	WriterIdentity string `protobuf:"bytes,8,opt,name=writer_identity,json=writerIdentity" json:"writer_identity,omitempty"`
+	WriterIdentity string `protobuf:"bytes,8,opt,name=writer_identity,json=writerIdentity,proto3" json:"writer_identity,omitempty"`
 	// Optional. This field applies only to sinks owned by organizations and
 	// folders. If the field is false, the default, only the logs owned by the
 	// sink's parent resource are available for export. If the field is true, then
@@ -120,11 +130,24 @@ type LogSink struct {
 	//
 	//     logName:("projects/test-project1/" OR "projects/test-project2/") AND
 	//     resource.type=gce_instance
-	IncludeChildren bool `protobuf:"varint,9,opt,name=include_children,json=includeChildren" json:"include_children,omitempty"`
-	// Deprecated. This field is ignored when creating or updating sinks.
-	StartTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=start_time,json=startTime" json:"start_time,omitempty"`
-	// Deprecated. This field is ignored when creating or updating sinks.
-	EndTime              *timestamp.Timestamp `protobuf:"bytes,11,opt,name=end_time,json=endTime" json:"end_time,omitempty"`
+	IncludeChildren bool `protobuf:"varint,9,opt,name=include_children,json=includeChildren,proto3" json:"include_children,omitempty"`
+	// Optional. Destination dependent options.
+	//
+	// Types that are valid to be assigned to Options:
+	//	*LogSink_BigqueryOptions
+	Options isLogSink_Options `protobuf_oneof:"options"`
+	// Output only. The creation timestamp of the sink.
+	//
+	// This field may not be present for older sinks.
+	CreateTime *timestamp.Timestamp `protobuf:"bytes,13,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
+	// Output only. The last update timestamp of the sink.
+	//
+	// This field may not be present for older sinks.
+	UpdateTime *timestamp.Timestamp `protobuf:"bytes,14,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
+	// Do not use. This field is ignored.
+	StartTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"` // Deprecated: Do not use.
+	// Do not use. This field is ignored.
+	EndTime              *timestamp.Timestamp `protobuf:"bytes,11,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"` // Deprecated: Do not use.
 	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
 	XXX_unrecognized     []byte               `json:"-"`
 	XXX_sizecache        int32                `json:"-"`
@@ -134,16 +157,17 @@ func (m *LogSink) Reset()         { *m = LogSink{} }
 func (m *LogSink) String() string { return proto.CompactTextString(m) }
 func (*LogSink) ProtoMessage()    {}
 func (*LogSink) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{0}
+	return fileDescriptor_775871f9b2cdbeb8, []int{0}
 }
+
 func (m *LogSink) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_LogSink.Unmarshal(m, b)
 }
 func (m *LogSink) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_LogSink.Marshal(b, m, deterministic)
 }
-func (dst *LogSink) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogSink.Merge(dst, src)
+func (m *LogSink) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogSink.Merge(m, src)
 }
 func (m *LogSink) XXX_Size() int {
 	return xxx_messageInfo_LogSink.Size(m)
@@ -175,6 +199,21 @@ func (m *LogSink) GetFilter() string {
 	return ""
 }
 
+func (m *LogSink) GetDescription() string {
+	if m != nil {
+		return m.Description
+	}
+	return ""
+}
+
+func (m *LogSink) GetDisabled() bool {
+	if m != nil {
+		return m.Disabled
+	}
+	return false
+}
+
+// Deprecated: Do not use.
 func (m *LogSink) GetOutputVersionFormat() LogSink_VersionFormat {
 	if m != nil {
 		return m.OutputVersionFormat
@@ -196,6 +235,45 @@ func (m *LogSink) GetIncludeChildren() bool {
 	return false
 }
 
+type isLogSink_Options interface {
+	isLogSink_Options()
+}
+
+type LogSink_BigqueryOptions struct {
+	BigqueryOptions *BigQueryOptions `protobuf:"bytes,12,opt,name=bigquery_options,json=bigqueryOptions,proto3,oneof"`
+}
+
+func (*LogSink_BigqueryOptions) isLogSink_Options() {}
+
+func (m *LogSink) GetOptions() isLogSink_Options {
+	if m != nil {
+		return m.Options
+	}
+	return nil
+}
+
+func (m *LogSink) GetBigqueryOptions() *BigQueryOptions {
+	if x, ok := m.GetOptions().(*LogSink_BigqueryOptions); ok {
+		return x.BigqueryOptions
+	}
+	return nil
+}
+
+func (m *LogSink) GetCreateTime() *timestamp.Timestamp {
+	if m != nil {
+		return m.CreateTime
+	}
+	return nil
+}
+
+func (m *LogSink) GetUpdateTime() *timestamp.Timestamp {
+	if m != nil {
+		return m.UpdateTime
+	}
+	return nil
+}
+
+// Deprecated: Do not use.
 func (m *LogSink) GetStartTime() *timestamp.Timestamp {
 	if m != nil {
 		return m.StartTime
@@ -203,6 +281,7 @@ func (m *LogSink) GetStartTime() *timestamp.Timestamp {
 	return nil
 }
 
+// Deprecated: Do not use.
 func (m *LogSink) GetEndTime() *timestamp.Timestamp {
 	if m != nil {
 		return m.EndTime
@@ -210,6 +289,74 @@ func (m *LogSink) GetEndTime() *timestamp.Timestamp {
 	return nil
 }
 
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*LogSink) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*LogSink_BigqueryOptions)(nil),
+	}
+}
+
+// Options that change functionality of a sink exporting data to BigQuery.
+type BigQueryOptions struct {
+	// Optional. Whether to use [BigQuery's partition
+	// tables](/bigquery/docs/partitioned-tables). By default, Logging
+	// creates dated tables based on the log entries' timestamps, e.g.
+	// syslog_20170523. With partitioned tables the date suffix is no longer
+	// present and [special query
+	// syntax](/bigquery/docs/querying-partitioned-tables) has to be used instead.
+	// In both cases, tables are sharded based on UTC timezone.
+	UsePartitionedTables bool `protobuf:"varint,1,opt,name=use_partitioned_tables,json=usePartitionedTables,proto3" json:"use_partitioned_tables,omitempty"`
+	// Output only. True if new timestamp column based partitioning is in use,
+	// false if legacy ingestion-time partitioning is in use.
+	// All new sinks will have this field set true and will use timestamp column
+	// based partitioning. If use_partitioned_tables is false, this value has no
+	// meaning and will be false. Legacy sinks using partitioned tables will have
+	// this field set to false.
+	UsesTimestampColumnPartitioning bool     `protobuf:"varint,3,opt,name=uses_timestamp_column_partitioning,json=usesTimestampColumnPartitioning,proto3" json:"uses_timestamp_column_partitioning,omitempty"`
+	XXX_NoUnkeyedLiteral            struct{} `json:"-"`
+	XXX_unrecognized                []byte   `json:"-"`
+	XXX_sizecache                   int32    `json:"-"`
+}
+
+func (m *BigQueryOptions) Reset()         { *m = BigQueryOptions{} }
+func (m *BigQueryOptions) String() string { return proto.CompactTextString(m) }
+func (*BigQueryOptions) ProtoMessage()    {}
+func (*BigQueryOptions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_775871f9b2cdbeb8, []int{1}
+}
+
+func (m *BigQueryOptions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_BigQueryOptions.Unmarshal(m, b)
+}
+func (m *BigQueryOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_BigQueryOptions.Marshal(b, m, deterministic)
+}
+func (m *BigQueryOptions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_BigQueryOptions.Merge(m, src)
+}
+func (m *BigQueryOptions) XXX_Size() int {
+	return xxx_messageInfo_BigQueryOptions.Size(m)
+}
+func (m *BigQueryOptions) XXX_DiscardUnknown() {
+	xxx_messageInfo_BigQueryOptions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_BigQueryOptions proto.InternalMessageInfo
+
+func (m *BigQueryOptions) GetUsePartitionedTables() bool {
+	if m != nil {
+		return m.UsePartitionedTables
+	}
+	return false
+}
+
+func (m *BigQueryOptions) GetUsesTimestampColumnPartitioning() bool {
+	if m != nil {
+		return m.UsesTimestampColumnPartitioning
+	}
+	return false
+}
+
 // The parameters to `ListSinks`.
 type ListSinksRequest struct {
 	// Required. The parent resource whose sinks are to be listed:
@@ -218,16 +365,16 @@ type ListSinksRequest struct {
 	//     "organizations/[ORGANIZATION_ID]"
 	//     "billingAccounts/[BILLING_ACCOUNT_ID]"
 	//     "folders/[FOLDER_ID]"
-	Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"`
+	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
 	// Optional. If present, then retrieve the next batch of results from the
-	// preceding call to this method.  `pageToken` must be the value of
-	// `nextPageToken` from the previous response.  The values of other method
+	// preceding call to this method. `pageToken` must be the value of
+	// `nextPageToken` from the previous response. The values of other method
 	// parameters should be identical to those in the previous call.
-	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken" json:"page_token,omitempty"`
+	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
 	// Optional. The maximum number of results to return from this request.
-	// Non-positive values are ignored.  The presence of `nextPageToken` in the
+	// Non-positive values are ignored. The presence of `nextPageToken` in the
 	// response indicates that more results might be available.
-	PageSize             int32    `protobuf:"varint,3,opt,name=page_size,json=pageSize" json:"page_size,omitempty"`
+	PageSize             int32    `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -237,16 +384,17 @@ func (m *ListSinksRequest) Reset()         { *m = ListSinksRequest{} }
 func (m *ListSinksRequest) String() string { return proto.CompactTextString(m) }
 func (*ListSinksRequest) ProtoMessage()    {}
 func (*ListSinksRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{1}
+	return fileDescriptor_775871f9b2cdbeb8, []int{2}
 }
+
 func (m *ListSinksRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListSinksRequest.Unmarshal(m, b)
 }
 func (m *ListSinksRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListSinksRequest.Marshal(b, m, deterministic)
 }
-func (dst *ListSinksRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListSinksRequest.Merge(dst, src)
+func (m *ListSinksRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListSinksRequest.Merge(m, src)
 }
 func (m *ListSinksRequest) XXX_Size() int {
 	return xxx_messageInfo_ListSinksRequest.Size(m)
@@ -281,11 +429,11 @@ func (m *ListSinksRequest) GetPageSize() int32 {
 // Result returned from `ListSinks`.
 type ListSinksResponse struct {
 	// A list of sinks.
-	Sinks []*LogSink `protobuf:"bytes,1,rep,name=sinks" json:"sinks,omitempty"`
+	Sinks []*LogSink `protobuf:"bytes,1,rep,name=sinks,proto3" json:"sinks,omitempty"`
 	// If there might be more results than appear in this response, then
-	// `nextPageToken` is included.  To get the next set of results, call the same
+	// `nextPageToken` is included. To get the next set of results, call the same
 	// method again using the value of `nextPageToken` as `pageToken`.
-	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken" json:"next_page_token,omitempty"`
+	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -295,16 +443,17 @@ func (m *ListSinksResponse) Reset()         { *m = ListSinksResponse{} }
 func (m *ListSinksResponse) String() string { return proto.CompactTextString(m) }
 func (*ListSinksResponse) ProtoMessage()    {}
 func (*ListSinksResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{2}
+	return fileDescriptor_775871f9b2cdbeb8, []int{3}
 }
+
 func (m *ListSinksResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListSinksResponse.Unmarshal(m, b)
 }
 func (m *ListSinksResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListSinksResponse.Marshal(b, m, deterministic)
 }
-func (dst *ListSinksResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListSinksResponse.Merge(dst, src)
+func (m *ListSinksResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListSinksResponse.Merge(m, src)
 }
 func (m *ListSinksResponse) XXX_Size() int {
 	return xxx_messageInfo_ListSinksResponse.Size(m)
@@ -339,7 +488,7 @@ type GetSinkRequest struct {
 	//     "folders/[FOLDER_ID]/sinks/[SINK_ID]"
 	//
 	// Example: `"projects/my-project-id/sinks/my-sink-id"`.
-	SinkName             string   `protobuf:"bytes,1,opt,name=sink_name,json=sinkName" json:"sink_name,omitempty"`
+	SinkName             string   `protobuf:"bytes,1,opt,name=sink_name,json=sinkName,proto3" json:"sink_name,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -349,16 +498,17 @@ func (m *GetSinkRequest) Reset()         { *m = GetSinkRequest{} }
 func (m *GetSinkRequest) String() string { return proto.CompactTextString(m) }
 func (*GetSinkRequest) ProtoMessage()    {}
 func (*GetSinkRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{3}
+	return fileDescriptor_775871f9b2cdbeb8, []int{4}
 }
+
 func (m *GetSinkRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_GetSinkRequest.Unmarshal(m, b)
 }
 func (m *GetSinkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_GetSinkRequest.Marshal(b, m, deterministic)
 }
-func (dst *GetSinkRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSinkRequest.Merge(dst, src)
+func (m *GetSinkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetSinkRequest.Merge(m, src)
 }
 func (m *GetSinkRequest) XXX_Size() int {
 	return xxx_messageInfo_GetSinkRequest.Size(m)
@@ -386,22 +536,22 @@ type CreateSinkRequest struct {
 	//     "folders/[FOLDER_ID]"
 	//
 	// Examples: `"projects/my-logging-project"`, `"organizations/123456789"`.
-	Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"`
+	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
 	// Required. The new sink, whose `name` parameter is a sink identifier that
 	// is not already in use.
-	Sink *LogSink `protobuf:"bytes,2,opt,name=sink" json:"sink,omitempty"`
+	Sink *LogSink `protobuf:"bytes,2,opt,name=sink,proto3" json:"sink,omitempty"`
 	// Optional. Determines the kind of IAM identity returned as `writer_identity`
-	// in the new sink.  If this value is omitted or set to false, and if the
+	// in the new sink. If this value is omitted or set to false, and if the
 	// sink's parent is a project, then the value returned as `writer_identity` is
-	// the same group or service account used by Stackdriver Logging before the
-	// addition of writer identities to this API. The sink's destination must be
-	// in the same project as the sink itself.
+	// the same group or service account used by Logging before the addition of
+	// writer identities to this API. The sink's destination must be in the same
+	// project as the sink itself.
 	//
 	// If this field is set to true, or if the sink is owned by a non-project
 	// resource such as an organization, then the value of `writer_identity` will
-	// be a unique service account used only for exports from the new sink.  For
+	// be a unique service account used only for exports from the new sink. For
 	// more information, see `writer_identity` in [LogSink][google.logging.v2.LogSink].
-	UniqueWriterIdentity bool     `protobuf:"varint,3,opt,name=unique_writer_identity,json=uniqueWriterIdentity" json:"unique_writer_identity,omitempty"`
+	UniqueWriterIdentity bool     `protobuf:"varint,3,opt,name=unique_writer_identity,json=uniqueWriterIdentity,proto3" json:"unique_writer_identity,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -411,16 +561,17 @@ func (m *CreateSinkRequest) Reset()         { *m = CreateSinkRequest{} }
 func (m *CreateSinkRequest) String() string { return proto.CompactTextString(m) }
 func (*CreateSinkRequest) ProtoMessage()    {}
 func (*CreateSinkRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{4}
+	return fileDescriptor_775871f9b2cdbeb8, []int{5}
 }
+
 func (m *CreateSinkRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_CreateSinkRequest.Unmarshal(m, b)
 }
 func (m *CreateSinkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_CreateSinkRequest.Marshal(b, m, deterministic)
 }
-func (dst *CreateSinkRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CreateSinkRequest.Merge(dst, src)
+func (m *CreateSinkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateSinkRequest.Merge(m, src)
 }
 func (m *CreateSinkRequest) XXX_Size() int {
 	return xxx_messageInfo_CreateSinkRequest.Size(m)
@@ -463,13 +614,12 @@ type UpdateSinkRequest struct {
 	//     "folders/[FOLDER_ID]/sinks/[SINK_ID]"
 	//
 	// Example: `"projects/my-project-id/sinks/my-sink-id"`.
-	SinkName string `protobuf:"bytes,1,opt,name=sink_name,json=sinkName" json:"sink_name,omitempty"`
+	SinkName string `protobuf:"bytes,1,opt,name=sink_name,json=sinkName,proto3" json:"sink_name,omitempty"`
 	// Required. The updated sink, whose name is the same identifier that appears
 	// as part of `sink_name`.
-	Sink *LogSink `protobuf:"bytes,2,opt,name=sink" json:"sink,omitempty"`
-	// Optional. See
-	// [sinks.create](/logging/docs/api/reference/rest/v2/projects.sinks/create)
-	// for a description of this field.  When updating a sink, the effect of this
+	Sink *LogSink `protobuf:"bytes,2,opt,name=sink,proto3" json:"sink,omitempty"`
+	// Optional. See [sinks.create][google.logging.v2.ConfigServiceV2.CreateSink]
+	// for a description of this field. When updating a sink, the effect of this
 	// field on the value of `writer_identity` in the updated sink depends on both
 	// the old and new values of this field:
 	//
@@ -479,10 +629,10 @@ type UpdateSinkRequest struct {
 	//     `writer_identity` is changed to a unique service account.
 	// +   It is an error if the old value is true and the new value is
 	//     set to false or defaulted to false.
-	UniqueWriterIdentity bool `protobuf:"varint,3,opt,name=unique_writer_identity,json=uniqueWriterIdentity" json:"unique_writer_identity,omitempty"`
+	UniqueWriterIdentity bool `protobuf:"varint,3,opt,name=unique_writer_identity,json=uniqueWriterIdentity,proto3" json:"unique_writer_identity,omitempty"`
 	// Optional. Field mask that specifies the fields in `sink` that need
 	// an update. A sink field will be overwritten if, and only if, it is
-	// in the update mask.  `name` and output only fields cannot be updated.
+	// in the update mask. `name` and output only fields cannot be updated.
 	//
 	// An empty updateMask is temporarily treated as using the following mask
 	// for backwards compatibility purposes:
@@ -491,10 +641,10 @@ type UpdateSinkRequest struct {
 	// empty updateMask will be an error.
 	//
 	// For a detailed `FieldMask` definition, see
-	// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
+	// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.FieldMask
 	//
 	// Example: `updateMask=filter`.
-	UpdateMask           *field_mask.FieldMask `protobuf:"bytes,4,opt,name=update_mask,json=updateMask" json:"update_mask,omitempty"`
+	UpdateMask           *field_mask.FieldMask `protobuf:"bytes,4,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
 	XXX_unrecognized     []byte                `json:"-"`
 	XXX_sizecache        int32                 `json:"-"`
@@ -504,16 +654,17 @@ func (m *UpdateSinkRequest) Reset()         { *m = UpdateSinkRequest{} }
 func (m *UpdateSinkRequest) String() string { return proto.CompactTextString(m) }
 func (*UpdateSinkRequest) ProtoMessage()    {}
 func (*UpdateSinkRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{5}
+	return fileDescriptor_775871f9b2cdbeb8, []int{6}
 }
+
 func (m *UpdateSinkRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_UpdateSinkRequest.Unmarshal(m, b)
 }
 func (m *UpdateSinkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_UpdateSinkRequest.Marshal(b, m, deterministic)
 }
-func (dst *UpdateSinkRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_UpdateSinkRequest.Merge(dst, src)
+func (m *UpdateSinkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateSinkRequest.Merge(m, src)
 }
 func (m *UpdateSinkRequest) XXX_Size() int {
 	return xxx_messageInfo_UpdateSinkRequest.Size(m)
@@ -563,7 +714,7 @@ type DeleteSinkRequest struct {
 	//     "folders/[FOLDER_ID]/sinks/[SINK_ID]"
 	//
 	// Example: `"projects/my-project-id/sinks/my-sink-id"`.
-	SinkName             string   `protobuf:"bytes,1,opt,name=sink_name,json=sinkName" json:"sink_name,omitempty"`
+	SinkName             string   `protobuf:"bytes,1,opt,name=sink_name,json=sinkName,proto3" json:"sink_name,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -573,16 +724,17 @@ func (m *DeleteSinkRequest) Reset()         { *m = DeleteSinkRequest{} }
 func (m *DeleteSinkRequest) String() string { return proto.CompactTextString(m) }
 func (*DeleteSinkRequest) ProtoMessage()    {}
 func (*DeleteSinkRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{6}
+	return fileDescriptor_775871f9b2cdbeb8, []int{7}
 }
+
 func (m *DeleteSinkRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DeleteSinkRequest.Unmarshal(m, b)
 }
 func (m *DeleteSinkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DeleteSinkRequest.Marshal(b, m, deterministic)
 }
-func (dst *DeleteSinkRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DeleteSinkRequest.Merge(dst, src)
+func (m *DeleteSinkRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteSinkRequest.Merge(m, src)
 }
 func (m *DeleteSinkRequest) XXX_Size() int {
 	return xxx_messageInfo_DeleteSinkRequest.Size(m)
@@ -600,53 +752,62 @@ func (m *DeleteSinkRequest) GetSinkName() string {
 	return ""
 }
 
-// Specifies a set of log entries that are not to be stored in Stackdriver
-// Logging. If your project receives a large volume of logs, you might be able
-// to use exclusions to reduce your chargeable logs. Exclusions are processed
-// after log sinks, so you can export log entries before they are excluded.
-// Audit log entries and log entries from Amazon Web Services are never
-// excluded.
+// Specifies a set of log entries that are not to be stored in
+// Logging. If your GCP resource receives a large volume of logs, you can
+// use exclusions to reduce your chargeable logs. Exclusions are
+// processed after log sinks, so you can export log entries before they are
+// excluded. Note that organization-level and folder-level exclusions don't
+// apply to child resources, and that you can't exclude audit log entries.
 type LogExclusion struct {
 	// Required. A client-assigned identifier, such as
 	// `"load-balancer-exclusion"`. Identifiers are limited to 100 characters and
 	// can include only letters, digits, underscores, hyphens, and periods.
-	Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	// First character has to be alphanumeric.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// Optional. A description of this exclusion.
-	Description string `protobuf:"bytes,2,opt,name=description" json:"description,omitempty"`
-	// Required.
-	// An [advanced logs filter](/logging/docs/view/advanced_filters)
+	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	// Required. An [advanced logs filter](/logging/docs/view/advanced-queries)
 	// that matches the log entries to be excluded. By using the
-	// [sample function](/logging/docs/view/advanced_filters#sample),
+	// [sample function](/logging/docs/view/advanced-queries#sample),
 	// you can exclude less than 100% of the matching log entries.
-	// For example, the following filter matches 99% of low-severity log
-	// entries from load balancers:
+	// For example, the following query matches 99% of low-severity log
+	// entries from Google Cloud Storage buckets:
 	//
-	//     "resource.type=http_load_balancer severity<ERROR sample(insertId, 0.99)"
-	Filter string `protobuf:"bytes,3,opt,name=filter" json:"filter,omitempty"`
+	// `"resource.type=gcs_bucket severity<ERROR sample(insertId, 0.99)"`
+	Filter string `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"`
 	// Optional. If set to True, then this exclusion is disabled and it does not
-	// exclude any log entries. You can use
-	// [exclusions.patch](/logging/docs/alpha-exclusion/docs/reference/v2/rest/v2/projects.exclusions/patch)
-	// to change the value of this field.
-	Disabled             bool     `protobuf:"varint,4,opt,name=disabled" json:"disabled,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	// exclude any log entries. You can [update an
+	// exclusion][google.logging.v2.ConfigServiceV2.UpdateExclusion] to change the
+	// value of this field.
+	Disabled bool `protobuf:"varint,4,opt,name=disabled,proto3" json:"disabled,omitempty"`
+	// Output only. The creation timestamp of the exclusion.
+	//
+	// This field may not be present for older exclusions.
+	CreateTime *timestamp.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
+	// Output only. The last update timestamp of the exclusion.
+	//
+	// This field may not be present for older exclusions.
+	UpdateTime           *timestamp.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
+	XXX_unrecognized     []byte               `json:"-"`
+	XXX_sizecache        int32                `json:"-"`
 }
 
 func (m *LogExclusion) Reset()         { *m = LogExclusion{} }
 func (m *LogExclusion) String() string { return proto.CompactTextString(m) }
 func (*LogExclusion) ProtoMessage()    {}
 func (*LogExclusion) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{7}
+	return fileDescriptor_775871f9b2cdbeb8, []int{8}
 }
+
 func (m *LogExclusion) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_LogExclusion.Unmarshal(m, b)
 }
 func (m *LogExclusion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_LogExclusion.Marshal(b, m, deterministic)
 }
-func (dst *LogExclusion) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogExclusion.Merge(dst, src)
+func (m *LogExclusion) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogExclusion.Merge(m, src)
 }
 func (m *LogExclusion) XXX_Size() int {
 	return xxx_messageInfo_LogExclusion.Size(m)
@@ -685,6 +846,20 @@ func (m *LogExclusion) GetDisabled() bool {
 	return false
 }
 
+func (m *LogExclusion) GetCreateTime() *timestamp.Timestamp {
+	if m != nil {
+		return m.CreateTime
+	}
+	return nil
+}
+
+func (m *LogExclusion) GetUpdateTime() *timestamp.Timestamp {
+	if m != nil {
+		return m.UpdateTime
+	}
+	return nil
+}
+
 // The parameters to `ListExclusions`.
 type ListExclusionsRequest struct {
 	// Required. The parent resource whose exclusions are to be listed.
@@ -693,16 +868,16 @@ type ListExclusionsRequest struct {
 	//     "organizations/[ORGANIZATION_ID]"
 	//     "billingAccounts/[BILLING_ACCOUNT_ID]"
 	//     "folders/[FOLDER_ID]"
-	Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"`
+	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
 	// Optional. If present, then retrieve the next batch of results from the
-	// preceding call to this method.  `pageToken` must be the value of
-	// `nextPageToken` from the previous response.  The values of other method
+	// preceding call to this method. `pageToken` must be the value of
+	// `nextPageToken` from the previous response. The values of other method
 	// parameters should be identical to those in the previous call.
-	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken" json:"page_token,omitempty"`
+	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
 	// Optional. The maximum number of results to return from this request.
-	// Non-positive values are ignored.  The presence of `nextPageToken` in the
+	// Non-positive values are ignored. The presence of `nextPageToken` in the
 	// response indicates that more results might be available.
-	PageSize             int32    `protobuf:"varint,3,opt,name=page_size,json=pageSize" json:"page_size,omitempty"`
+	PageSize             int32    `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -712,16 +887,17 @@ func (m *ListExclusionsRequest) Reset()         { *m = ListExclusionsRequest{} }
 func (m *ListExclusionsRequest) String() string { return proto.CompactTextString(m) }
 func (*ListExclusionsRequest) ProtoMessage()    {}
 func (*ListExclusionsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{8}
+	return fileDescriptor_775871f9b2cdbeb8, []int{9}
 }
+
 func (m *ListExclusionsRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListExclusionsRequest.Unmarshal(m, b)
 }
 func (m *ListExclusionsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListExclusionsRequest.Marshal(b, m, deterministic)
 }
-func (dst *ListExclusionsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListExclusionsRequest.Merge(dst, src)
+func (m *ListExclusionsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListExclusionsRequest.Merge(m, src)
 }
 func (m *ListExclusionsRequest) XXX_Size() int {
 	return xxx_messageInfo_ListExclusionsRequest.Size(m)
@@ -756,11 +932,11 @@ func (m *ListExclusionsRequest) GetPageSize() int32 {
 // Result returned from `ListExclusions`.
 type ListExclusionsResponse struct {
 	// A list of exclusions.
-	Exclusions []*LogExclusion `protobuf:"bytes,1,rep,name=exclusions" json:"exclusions,omitempty"`
+	Exclusions []*LogExclusion `protobuf:"bytes,1,rep,name=exclusions,proto3" json:"exclusions,omitempty"`
 	// If there might be more results than appear in this response, then
-	// `nextPageToken` is included.  To get the next set of results, call the same
+	// `nextPageToken` is included. To get the next set of results, call the same
 	// method again using the value of `nextPageToken` as `pageToken`.
-	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken" json:"next_page_token,omitempty"`
+	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -770,16 +946,17 @@ func (m *ListExclusionsResponse) Reset()         { *m = ListExclusionsResponse{}
 func (m *ListExclusionsResponse) String() string { return proto.CompactTextString(m) }
 func (*ListExclusionsResponse) ProtoMessage()    {}
 func (*ListExclusionsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{9}
+	return fileDescriptor_775871f9b2cdbeb8, []int{10}
 }
+
 func (m *ListExclusionsResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListExclusionsResponse.Unmarshal(m, b)
 }
 func (m *ListExclusionsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListExclusionsResponse.Marshal(b, m, deterministic)
 }
-func (dst *ListExclusionsResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListExclusionsResponse.Merge(dst, src)
+func (m *ListExclusionsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListExclusionsResponse.Merge(m, src)
 }
 func (m *ListExclusionsResponse) XXX_Size() int {
 	return xxx_messageInfo_ListExclusionsResponse.Size(m)
@@ -814,7 +991,7 @@ type GetExclusionRequest struct {
 	//     "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
 	//
 	// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
-	Name                 string   `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -824,16 +1001,17 @@ func (m *GetExclusionRequest) Reset()         { *m = GetExclusionRequest{} }
 func (m *GetExclusionRequest) String() string { return proto.CompactTextString(m) }
 func (*GetExclusionRequest) ProtoMessage()    {}
 func (*GetExclusionRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{10}
+	return fileDescriptor_775871f9b2cdbeb8, []int{11}
 }
+
 func (m *GetExclusionRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_GetExclusionRequest.Unmarshal(m, b)
 }
 func (m *GetExclusionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_GetExclusionRequest.Marshal(b, m, deterministic)
 }
-func (dst *GetExclusionRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetExclusionRequest.Merge(dst, src)
+func (m *GetExclusionRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetExclusionRequest.Merge(m, src)
 }
 func (m *GetExclusionRequest) XXX_Size() int {
 	return xxx_messageInfo_GetExclusionRequest.Size(m)
@@ -861,10 +1039,10 @@ type CreateExclusionRequest struct {
 	//     "folders/[FOLDER_ID]"
 	//
 	// Examples: `"projects/my-logging-project"`, `"organizations/123456789"`.
-	Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"`
+	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
 	// Required. The new exclusion, whose `name` parameter is an exclusion name
 	// that is not already used in the parent resource.
-	Exclusion            *LogExclusion `protobuf:"bytes,2,opt,name=exclusion" json:"exclusion,omitempty"`
+	Exclusion            *LogExclusion `protobuf:"bytes,2,opt,name=exclusion,proto3" json:"exclusion,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
 	XXX_unrecognized     []byte        `json:"-"`
 	XXX_sizecache        int32         `json:"-"`
@@ -874,16 +1052,17 @@ func (m *CreateExclusionRequest) Reset()         { *m = CreateExclusionRequest{}
 func (m *CreateExclusionRequest) String() string { return proto.CompactTextString(m) }
 func (*CreateExclusionRequest) ProtoMessage()    {}
 func (*CreateExclusionRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{11}
+	return fileDescriptor_775871f9b2cdbeb8, []int{12}
 }
+
 func (m *CreateExclusionRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_CreateExclusionRequest.Unmarshal(m, b)
 }
 func (m *CreateExclusionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_CreateExclusionRequest.Marshal(b, m, deterministic)
 }
-func (dst *CreateExclusionRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CreateExclusionRequest.Merge(dst, src)
+func (m *CreateExclusionRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateExclusionRequest.Merge(m, src)
 }
 func (m *CreateExclusionRequest) XXX_Size() int {
 	return xxx_messageInfo_CreateExclusionRequest.Size(m)
@@ -918,18 +1097,18 @@ type UpdateExclusionRequest struct {
 	//     "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
 	//
 	// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
-	Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// Required. New values for the existing exclusion. Only the fields specified
 	// in `update_mask` are relevant.
-	Exclusion *LogExclusion `protobuf:"bytes,2,opt,name=exclusion" json:"exclusion,omitempty"`
-	// Required. A nonempty list of fields to change in the existing exclusion.
+	Exclusion *LogExclusion `protobuf:"bytes,2,opt,name=exclusion,proto3" json:"exclusion,omitempty"`
+	// Required. A non-empty list of fields to change in the existing exclusion.
 	// New values for the fields are taken from the corresponding fields in the
 	// [LogExclusion][google.logging.v2.LogExclusion] included in this request. Fields not mentioned in
 	// `update_mask` are not changed and are ignored in the request.
 	//
 	// For example, to change the filter and description of an exclusion,
 	// specify an `update_mask` of `"filter,description"`.
-	UpdateMask           *field_mask.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask" json:"update_mask,omitempty"`
+	UpdateMask           *field_mask.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
 	XXX_unrecognized     []byte                `json:"-"`
 	XXX_sizecache        int32                 `json:"-"`
@@ -939,16 +1118,17 @@ func (m *UpdateExclusionRequest) Reset()         { *m = UpdateExclusionRequest{}
 func (m *UpdateExclusionRequest) String() string { return proto.CompactTextString(m) }
 func (*UpdateExclusionRequest) ProtoMessage()    {}
 func (*UpdateExclusionRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{12}
+	return fileDescriptor_775871f9b2cdbeb8, []int{13}
 }
+
 func (m *UpdateExclusionRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_UpdateExclusionRequest.Unmarshal(m, b)
 }
 func (m *UpdateExclusionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_UpdateExclusionRequest.Marshal(b, m, deterministic)
 }
-func (dst *UpdateExclusionRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_UpdateExclusionRequest.Merge(dst, src)
+func (m *UpdateExclusionRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateExclusionRequest.Merge(m, src)
 }
 func (m *UpdateExclusionRequest) XXX_Size() int {
 	return xxx_messageInfo_UpdateExclusionRequest.Size(m)
@@ -990,7 +1170,7 @@ type DeleteExclusionRequest struct {
 	//     "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
 	//
 	// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
-	Name                 string   `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -1000,16 +1180,17 @@ func (m *DeleteExclusionRequest) Reset()         { *m = DeleteExclusionRequest{}
 func (m *DeleteExclusionRequest) String() string { return proto.CompactTextString(m) }
 func (*DeleteExclusionRequest) ProtoMessage()    {}
 func (*DeleteExclusionRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_config_e3432177b05142c4, []int{13}
+	return fileDescriptor_775871f9b2cdbeb8, []int{14}
 }
+
 func (m *DeleteExclusionRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DeleteExclusionRequest.Unmarshal(m, b)
 }
 func (m *DeleteExclusionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DeleteExclusionRequest.Marshal(b, m, deterministic)
 }
-func (dst *DeleteExclusionRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DeleteExclusionRequest.Merge(dst, src)
+func (m *DeleteExclusionRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteExclusionRequest.Merge(m, src)
 }
 func (m *DeleteExclusionRequest) XXX_Size() int {
 	return xxx_messageInfo_DeleteExclusionRequest.Size(m)
@@ -1027,8 +1208,249 @@ func (m *DeleteExclusionRequest) GetName() string {
 	return ""
 }
 
+// The parameters to
+// [GetCmekSettings][google.logging.v2.ConfigServiceV2.GetCmekSettings].
+//
+// See [Enabling CMEK for Logs Router](/logging/docs/routing/managed-encryption)
+// for more information.
+type GetCmekSettingsRequest struct {
+	// Required. The resource for which to retrieve CMEK settings.
+	//
+	//     "projects/[PROJECT_ID]/cmekSettings"
+	//     "organizations/[ORGANIZATION_ID]/cmekSettings"
+	//     "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
+	//     "folders/[FOLDER_ID]/cmekSettings"
+	//
+	// Example: `"organizations/12345/cmekSettings"`.
+	//
+	// Note: CMEK for the Logs Router can currently only be configured for GCP
+	// organizations. Once configured, it applies to all projects and folders in
+	// the GCP organization.
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetCmekSettingsRequest) Reset()         { *m = GetCmekSettingsRequest{} }
+func (m *GetCmekSettingsRequest) String() string { return proto.CompactTextString(m) }
+func (*GetCmekSettingsRequest) ProtoMessage()    {}
+func (*GetCmekSettingsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_775871f9b2cdbeb8, []int{15}
+}
+
+func (m *GetCmekSettingsRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GetCmekSettingsRequest.Unmarshal(m, b)
+}
+func (m *GetCmekSettingsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GetCmekSettingsRequest.Marshal(b, m, deterministic)
+}
+func (m *GetCmekSettingsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetCmekSettingsRequest.Merge(m, src)
+}
+func (m *GetCmekSettingsRequest) XXX_Size() int {
+	return xxx_messageInfo_GetCmekSettingsRequest.Size(m)
+}
+func (m *GetCmekSettingsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetCmekSettingsRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetCmekSettingsRequest proto.InternalMessageInfo
+
+func (m *GetCmekSettingsRequest) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+// The parameters to
+// [UpdateCmekSettings][google.logging.v2.ConfigServiceV2.UpdateCmekSettings].
+//
+// See [Enabling CMEK for Logs Router](/logging/docs/routing/managed-encryption)
+// for more information.
+type UpdateCmekSettingsRequest struct {
+	// Required. The resource name for the CMEK settings to update.
+	//
+	//     "projects/[PROJECT_ID]/cmekSettings"
+	//     "organizations/[ORGANIZATION_ID]/cmekSettings"
+	//     "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
+	//     "folders/[FOLDER_ID]/cmekSettings"
+	//
+	// Example: `"organizations/12345/cmekSettings"`.
+	//
+	// Note: CMEK for the Logs Router can currently only be configured for GCP
+	// organizations. Once configured, it applies to all projects and folders in
+	// the GCP organization.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Required. The CMEK settings to update.
+	//
+	// See [Enabling CMEK for Logs
+	// Router](/logging/docs/routing/managed-encryption) for more information.
+	CmekSettings *CmekSettings `protobuf:"bytes,2,opt,name=cmek_settings,json=cmekSettings,proto3" json:"cmek_settings,omitempty"`
+	// Optional. Field mask identifying which fields from `cmek_settings` should
+	// be updated. A field will be overwritten if and only if it is in the update
+	// mask. Output only fields cannot be updated.
+	//
+	// See [FieldMask][google.protobuf.FieldMask] for more information.
+	//
+	// Example: `"updateMask=kmsKeyName"`
+	UpdateMask           *field_mask.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
+	XXX_unrecognized     []byte                `json:"-"`
+	XXX_sizecache        int32                 `json:"-"`
+}
+
+func (m *UpdateCmekSettingsRequest) Reset()         { *m = UpdateCmekSettingsRequest{} }
+func (m *UpdateCmekSettingsRequest) String() string { return proto.CompactTextString(m) }
+func (*UpdateCmekSettingsRequest) ProtoMessage()    {}
+func (*UpdateCmekSettingsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_775871f9b2cdbeb8, []int{16}
+}
+
+func (m *UpdateCmekSettingsRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_UpdateCmekSettingsRequest.Unmarshal(m, b)
+}
+func (m *UpdateCmekSettingsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_UpdateCmekSettingsRequest.Marshal(b, m, deterministic)
+}
+func (m *UpdateCmekSettingsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateCmekSettingsRequest.Merge(m, src)
+}
+func (m *UpdateCmekSettingsRequest) XXX_Size() int {
+	return xxx_messageInfo_UpdateCmekSettingsRequest.Size(m)
+}
+func (m *UpdateCmekSettingsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateCmekSettingsRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateCmekSettingsRequest proto.InternalMessageInfo
+
+func (m *UpdateCmekSettingsRequest) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *UpdateCmekSettingsRequest) GetCmekSettings() *CmekSettings {
+	if m != nil {
+		return m.CmekSettings
+	}
+	return nil
+}
+
+func (m *UpdateCmekSettingsRequest) GetUpdateMask() *field_mask.FieldMask {
+	if m != nil {
+		return m.UpdateMask
+	}
+	return nil
+}
+
+// Describes the customer-managed encryption key (CMEK) settings associated with
+// a project, folder, organization, billing account, or flexible resource.
+//
+// Note: CMEK for the Logs Router can currently only be configured for GCP
+// organizations. Once configured, it applies to all projects and folders in the
+// GCP organization.
+//
+// See [Enabling CMEK for Logs Router](/logging/docs/routing/managed-encryption)
+// for more information.
+type CmekSettings struct {
+	// Output Only. The resource name of the CMEK settings.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// The resource name for the configured Cloud KMS key.
+	//
+	// KMS key name format:
+	//     "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]"
+	//
+	// For example:
+	//     `"projects/my-project-id/locations/my-region/keyRings/key-ring-name/cryptoKeys/key-name"`
+	//
+	//
+	//
+	// To enable CMEK for the Logs Router, set this field to a valid
+	// `kms_key_name` for which the associated service account has the required
+	// `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key.
+	//
+	// The Cloud KMS key used by the Log Router can be updated by changing the
+	// `kms_key_name` to a new valid key name. Encryption operations that are in
+	// progress will be completed with the key that was in use when they started.
+	// Decryption operations will be completed using the key that was used at the
+	// time of encryption unless access to that key has been revoked.
+	//
+	// To disable CMEK for the Logs Router, set this field to an empty string.
+	//
+	// See [Enabling CMEK for Logs
+	// Router](/logging/docs/routing/managed-encryption) for more information.
+	KmsKeyName string `protobuf:"bytes,2,opt,name=kms_key_name,json=kmsKeyName,proto3" json:"kms_key_name,omitempty"`
+	// Output Only. The service account that will be used by the Logs Router to
+	// access your Cloud KMS key.
+	//
+	// Before enabling CMEK for Logs Router, you must first assign the role
+	// `roles/cloudkms.cryptoKeyEncrypterDecrypter` to the service account that
+	// the Logs Router will use to access your Cloud KMS key. Use
+	// [GetCmekSettings][google.logging.v2.ConfigServiceV2.GetCmekSettings] to
+	// obtain the service account ID.
+	//
+	// See [Enabling CMEK for Logs
+	// Router](/logging/docs/routing/managed-encryption) for more information.
+	ServiceAccountId     string   `protobuf:"bytes,3,opt,name=service_account_id,json=serviceAccountId,proto3" json:"service_account_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CmekSettings) Reset()         { *m = CmekSettings{} }
+func (m *CmekSettings) String() string { return proto.CompactTextString(m) }
+func (*CmekSettings) ProtoMessage()    {}
+func (*CmekSettings) Descriptor() ([]byte, []int) {
+	return fileDescriptor_775871f9b2cdbeb8, []int{17}
+}
+
+func (m *CmekSettings) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CmekSettings.Unmarshal(m, b)
+}
+func (m *CmekSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CmekSettings.Marshal(b, m, deterministic)
+}
+func (m *CmekSettings) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CmekSettings.Merge(m, src)
+}
+func (m *CmekSettings) XXX_Size() int {
+	return xxx_messageInfo_CmekSettings.Size(m)
+}
+func (m *CmekSettings) XXX_DiscardUnknown() {
+	xxx_messageInfo_CmekSettings.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CmekSettings proto.InternalMessageInfo
+
+func (m *CmekSettings) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *CmekSettings) GetKmsKeyName() string {
+	if m != nil {
+		return m.KmsKeyName
+	}
+	return ""
+}
+
+func (m *CmekSettings) GetServiceAccountId() string {
+	if m != nil {
+		return m.ServiceAccountId
+	}
+	return ""
+}
+
 func init() {
+	proto.RegisterEnum("google.logging.v2.LogSink_VersionFormat", LogSink_VersionFormat_name, LogSink_VersionFormat_value)
 	proto.RegisterType((*LogSink)(nil), "google.logging.v2.LogSink")
+	proto.RegisterType((*BigQueryOptions)(nil), "google.logging.v2.BigQueryOptions")
 	proto.RegisterType((*ListSinksRequest)(nil), "google.logging.v2.ListSinksRequest")
 	proto.RegisterType((*ListSinksResponse)(nil), "google.logging.v2.ListSinksResponse")
 	proto.RegisterType((*GetSinkRequest)(nil), "google.logging.v2.GetSinkRequest")
@@ -1042,16 +1464,162 @@ func init() {
 	proto.RegisterType((*CreateExclusionRequest)(nil), "google.logging.v2.CreateExclusionRequest")
 	proto.RegisterType((*UpdateExclusionRequest)(nil), "google.logging.v2.UpdateExclusionRequest")
 	proto.RegisterType((*DeleteExclusionRequest)(nil), "google.logging.v2.DeleteExclusionRequest")
-	proto.RegisterEnum("google.logging.v2.LogSink_VersionFormat", LogSink_VersionFormat_name, LogSink_VersionFormat_value)
+	proto.RegisterType((*GetCmekSettingsRequest)(nil), "google.logging.v2.GetCmekSettingsRequest")
+	proto.RegisterType((*UpdateCmekSettingsRequest)(nil), "google.logging.v2.UpdateCmekSettingsRequest")
+	proto.RegisterType((*CmekSettings)(nil), "google.logging.v2.CmekSettings")
+}
+
+func init() {
+	proto.RegisterFile("google/logging/v2/logging_config.proto", fileDescriptor_775871f9b2cdbeb8)
+}
+
+var fileDescriptor_775871f9b2cdbeb8 = []byte{
+	// 2164 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x59, 0x4f, 0x6c, 0x1c, 0x57,
+	0x19, 0xef, 0x9b, 0x75, 0xfc, 0xe7, 0xd9, 0xf1, 0xda, 0x2f, 0x64, 0xbb, 0x9d, 0x34, 0xb1, 0x3b,
+	0x09, 0xa9, 0xbd, 0xb8, 0x3b, 0x74, 0x52, 0xa1, 0x60, 0x13, 0xb5, 0x6b, 0xc7, 0x49, 0x2d, 0xd2,
+	0xc4, 0xac, 0x13, 0x23, 0x59, 0x91, 0x86, 0xf1, 0xee, 0xf3, 0xe4, 0xb1, 0xb3, 0x33, 0x9b, 0x99,
+	0x59, 0xa7, 0x8e, 0xe5, 0x03, 0x5c, 0xb9, 0x80, 0x10, 0x87, 0x0a, 0x29, 0x70, 0x41, 0x20, 0x10,
+	0x97, 0x5e, 0xa8, 0x04, 0x07, 0x84, 0xc4, 0xa5, 0x87, 0x0a, 0xe8, 0xcd, 0x42, 0xd0, 0x03, 0x1c,
+	0xe8, 0x8d, 0x13, 0xa8, 0x08, 0x09, 0xcd, 0x7b, 0x6f, 0x66, 0xde, 0xcc, 0xce, 0xee, 0x8e, 0xa9,
+	0xd5, 0x53, 0x66, 0xdf, 0xf7, 0xfb, 0xbe, 0xf9, 0xde, 0x6f, 0xbe, 0xf7, 0xfb, 0xbe, 0xe7, 0xc0,
+	0xab, 0xa6, 0xe3, 0x98, 0x16, 0x56, 0x2d, 0xc7, 0x34, 0x89, 0x6d, 0xaa, 0xfb, 0x5a, 0xf8, 0xa8,
+	0x37, 0x1c, 0x7b, 0x8f, 0x98, 0xd5, 0x8e, 0xeb, 0xf8, 0x0e, 0x9a, 0x65, 0xb8, 0x2a, 0x37, 0x56,
+	0xf7, 0x35, 0xf9, 0x79, 0xee, 0x6a, 0x74, 0x88, 0xda, 0xb0, 0x08, 0xb6, 0x7d, 0x86, 0x95, 0xe7,
+	0x04, 0xc3, 0x1e, 0xc1, 0x56, 0x53, 0xdf, 0xc5, 0x8f, 0x8c, 0x7d, 0xe2, 0xb8, 0x1c, 0xf0, 0x82,
+	0x00, 0x70, 0xb1, 0xe7, 0x74, 0xdd, 0x06, 0xe6, 0xa6, 0x4b, 0xdc, 0x44, 0x7f, 0xed, 0x76, 0xf7,
+	0xd4, 0x66, 0xd7, 0x35, 0x7c, 0xe2, 0xd8, 0xdc, 0x7e, 0x21, 0x6d, 0xc7, 0xed, 0x8e, 0x7f, 0xc0,
+	0x8d, 0xf3, 0x69, 0x23, 0x7b, 0x7b, 0xdb, 0xf0, 0x5a, 0xa9, 0xd4, 0x22, 0x84, 0x4f, 0xda, 0xd8,
+	0xf3, 0x8d, 0x76, 0x87, 0x03, 0x5e, 0x14, 0x52, 0x33, 0x6c, 0xdb, 0xf1, 0xe9, 0xcb, 0x3d, 0x66,
+	0x55, 0xde, 0x1d, 0x83, 0x63, 0x77, 0x1c, 0x73, 0x8b, 0xd8, 0x2d, 0x84, 0xe0, 0x88, 0x6d, 0xb4,
+	0x71, 0x19, 0xcc, 0x83, 0x85, 0x89, 0x3a, 0x7d, 0x46, 0x0b, 0x70, 0xb2, 0x89, 0x3d, 0x9f, 0xd8,
+	0xd4, 0xab, 0x5c, 0x08, 0x4c, 0xab, 0xa3, 0x9f, 0xd4, 0x0a, 0x10, 0x54, 0xea, 0xa2, 0x09, 0x95,
+	0xe0, 0xe8, 0x1e, 0xb1, 0x7c, 0xec, 0x96, 0xcf, 0x50, 0x7f, 0xfe, 0x0b, 0xcd, 0xd3, 0x08, 0x0d,
+	0x97, 0x74, 0x68, 0x04, 0x44, 0x8d, 0xe2, 0x12, 0x92, 0xe1, 0x78, 0x93, 0x78, 0xc6, 0xae, 0x85,
+	0x9b, 0xe5, 0x73, 0xf3, 0x60, 0x61, 0xbc, 0x1e, 0xfd, 0x46, 0xdf, 0x80, 0xe7, 0x9d, 0xae, 0xdf,
+	0xe9, 0xfa, 0xfa, 0x3e, 0x76, 0x3d, 0xe2, 0xd8, 0xfa, 0x9e, 0xe3, 0xb6, 0x0d, 0xbf, 0x3c, 0x3a,
+	0x0f, 0x16, 0xa6, 0xb5, 0x85, 0x6a, 0xcf, 0x57, 0xac, 0xf2, 0xed, 0x54, 0xb7, 0x99, 0xc3, 0x2d,
+	0x8a, 0x5f, 0x95, 0xca, 0xa0, 0x7e, 0x8e, 0x85, 0x4a, 0x18, 0xd0, 0x12, 0x2c, 0x3e, 0x71, 0x89,
+	0x8f, 0x5d, 0x9d, 0x34, 0xb1, 0xed, 0x13, 0xff, 0xa0, 0x3c, 0x4e, 0x77, 0x59, 0xf8, 0xa8, 0x56,
+	0xa8, 0x4f, 0x33, 0xdb, 0x06, 0x37, 0xa1, 0x45, 0x38, 0x43, 0xec, 0x86, 0xd5, 0x6d, 0x62, 0xbd,
+	0xf1, 0x88, 0x58, 0x4d, 0x17, 0xdb, 0xe5, 0x09, 0x9a, 0x73, 0x91, 0xaf, 0xaf, 0xf1, 0x65, 0x74,
+	0x0f, 0xce, 0xec, 0x12, 0xf3, 0x71, 0x17, 0xbb, 0x07, 0xba, 0x43, 0x77, 0xea, 0x95, 0xa7, 0xe6,
+	0xc1, 0xc2, 0xa4, 0xa6, 0x64, 0x64, 0xbd, 0x4a, 0xcc, 0xaf, 0x05, 0xd0, 0x7b, 0x0c, 0xf9, 0xe6,
+	0x73, 0xf5, 0x62, 0xe8, 0xcd, 0x97, 0xd0, 0x1b, 0x70, 0xb2, 0xe1, 0x62, 0xc3, 0xc7, 0x7a, 0xf0,
+	0x8d, 0xcb, 0x67, 0x69, 0x2c, 0x39, 0x8c, 0x15, 0x16, 0x40, 0xf5, 0x7e, 0x58, 0x00, 0x6c, 0x07,
+	0x90, 0xf9, 0x04, 0xab, 0x41, 0x84, 0x6e, 0xa7, 0x19, 0x45, 0x98, 0xce, 0x19, 0x81, 0xf9, 0xd0,
+	0x08, 0x37, 0x20, 0xf4, 0x7c, 0xc3, 0xf5, 0x59, 0x00, 0x38, 0x34, 0x40, 0x40, 0xfb, 0x04, 0xf5,
+	0xa0, 0xee, 0x5f, 0x86, 0xe3, 0xd8, 0x6e, 0x32, 0xe7, 0xc9, 0x5c, 0xce, 0x63, 0xd8, 0x6e, 0x06,
+	0x2b, 0xca, 0xeb, 0xf0, 0x6c, 0xf2, 0xc3, 0x5d, 0x82, 0xf2, 0xf6, 0x7a, 0x7d, 0x6b, 0xe3, 0xde,
+	0x5d, 0xfd, 0xd6, 0xbd, 0xfa, 0x5b, 0xb5, 0xfb, 0xfa, 0x83, 0xbb, 0x5b, 0x9b, 0xeb, 0x6b, 0x1b,
+	0xb7, 0x36, 0xd6, 0x6f, 0xce, 0x3c, 0x87, 0x46, 0xa1, 0xb4, 0xad, 0xcd, 0x00, 0xfa, 0xef, 0xab,
+	0x33, 0xd2, 0xf2, 0x6f, 0xc0, 0xc7, 0xb5, 0xf7, 0x00, 0xbc, 0x10, 0x92, 0xce, 0xde, 0x6b, 0x74,
+	0x88, 0x57, 0x6d, 0x38, 0x6d, 0x95, 0x1e, 0x81, 0xb9, 0x8e, 0xeb, 0x7c, 0x13, 0x37, 0x7c, 0x4f,
+	0x3d, 0xe4, 0x4f, 0x47, 0xaa, 0x47, 0xec, 0x96, 0xa7, 0x1e, 0x06, 0xff, 0x1c, 0xa1, 0x45, 0xc7,
+	0x35, 0x0d, 0x9b, 0x3c, 0x65, 0x87, 0x48, 0x3d, 0x14, 0x7f, 0xa6, 0xa0, 0x17, 0xf7, 0x1c, 0xab,
+	0x89, 0x5d, 0x4f, 0x3d, 0x64, 0x0f, 0x29, 0x73, 0x75, 0x97, 0x58, 0x16, 0xb1, 0xcd, 0x5a, 0xa3,
+	0xe1, 0x74, 0xed, 0xe0, 0x8d, 0x7c, 0x41, 0x37, 0xd8, 0x4a, 0x12, 0xbf, 0x3a, 0x01, 0xc7, 0x78,
+	0x15, 0x29, 0xef, 0x00, 0x58, 0x4c, 0xd5, 0x0b, 0x7a, 0x0d, 0x96, 0xba, 0x1e, 0xd6, 0x3b, 0x86,
+	0xeb, 0x93, 0x60, 0x05, 0x37, 0x75, 0x3f, 0x38, 0x42, 0x1e, 0x3d, 0xce, 0xe3, 0xf5, 0xcf, 0x75,
+	0x3d, 0xbc, 0x19, 0x1b, 0xef, 0x53, 0x1b, 0xda, 0x84, 0x4a, 0xd7, 0xc3, 0x9e, 0x1e, 0x89, 0x86,
+	0xde, 0x70, 0xac, 0x6e, 0xdb, 0x8e, 0xe3, 0x10, 0xdb, 0xa4, 0xa7, 0x7e, 0x9c, 0xd5, 0xc2, 0x5c,
+	0x00, 0x8f, 0xbe, 0xd0, 0x1a, 0x05, 0x6f, 0x0a, 0x58, 0xe5, 0x3b, 0x00, 0xce, 0xdc, 0x21, 0x9e,
+	0x1f, 0xd0, 0xe9, 0xd5, 0xf1, 0xe3, 0x2e, 0xf6, 0x7c, 0xb4, 0x02, 0x47, 0x3b, 0x86, 0x8b, 0x6d,
+	0x9f, 0x69, 0xcb, 0xea, 0xe5, 0x8f, 0x6a, 0xd2, 0x27, 0xb5, 0x8b, 0x68, 0xd0, 0xb7, 0xa8, 0x73,
+	0x17, 0x74, 0x11, 0xc2, 0x8e, 0x61, 0x62, 0xdd, 0x77, 0x5a, 0xd8, 0x2e, 0x4b, 0x54, 0x3f, 0x26,
+	0x82, 0x95, 0xfb, 0xc1, 0x02, 0xba, 0x00, 0xe9, 0x0f, 0xdd, 0x23, 0x4f, 0x31, 0xcd, 0xf4, 0x4c,
+	0x7d, 0x3c, 0x58, 0xd8, 0x22, 0x4f, 0xb1, 0xd2, 0x86, 0xb3, 0x42, 0x32, 0x5e, 0xc7, 0xb1, 0x3d,
+	0x8c, 0xbe, 0x08, 0xcf, 0x50, 0x66, 0xcb, 0x60, 0xbe, 0x20, 0x56, 0x60, 0xaf, 0x86, 0xd4, 0x19,
+	0x10, 0x5d, 0x85, 0x45, 0x1b, 0xbf, 0xed, 0xeb, 0x3d, 0x79, 0x9c, 0x0d, 0x96, 0x37, 0xc3, 0x5c,
+	0x94, 0x3a, 0x9c, 0xbe, 0x8d, 0xe9, 0xdb, 0xc2, 0x9d, 0xbf, 0x01, 0x27, 0x82, 0x10, 0x7a, 0x2c,
+	0xac, 0xe1, 0xe6, 0x07, 0x16, 0x62, 0x7d, 0x3c, 0xf0, 0xba, 0x6b, 0xb4, 0xb1, 0xf2, 0x6b, 0x00,
+	0x67, 0xd7, 0xe8, 0x11, 0x16, 0xe3, 0x7e, 0x2a, 0x46, 0xaf, 0xc1, 0x91, 0x20, 0x3c, 0xdd, 0xc3,
+	0xc0, 0xfd, 0x07, 0xdf, 0x5c, 0xaa, 0x53, 0x30, 0x2d, 0x30, 0x9b, 0x3c, 0xee, 0x62, 0x3d, 0x2d,
+	0x97, 0x05, 0x5e, 0x60, 0xd4, 0xfa, 0xf5, 0x84, 0x5e, 0x2a, 0xff, 0x05, 0x70, 0xf6, 0x01, 0x95,
+	0x8f, 0x53, 0x65, 0xe5, 0x33, 0xdc, 0x02, 0x5a, 0x89, 0x44, 0x33, 0x68, 0xbb, 0xe5, 0x91, 0x3e,
+	0xb2, 0x75, 0x2b, 0xe8, 0xcc, 0x6f, 0x19, 0x5e, 0x2b, 0xd4, 0xcb, 0xe0, 0x59, 0x79, 0x00, 0x67,
+	0x6f, 0x62, 0x0b, 0x9f, 0xf2, 0xf6, 0x95, 0xbf, 0x14, 0xe0, 0xd4, 0x1d, 0xc7, 0x5c, 0x7f, 0xbb,
+	0x61, 0x75, 0x03, 0x49, 0xcc, 0xec, 0xdd, 0xa9, 0xce, 0x2b, 0xf5, 0x76, 0xde, 0xb8, 0x67, 0x17,
+	0x12, 0x3d, 0x5b, 0xec, 0xc8, 0x23, 0xa9, 0x8e, 0xbc, 0x92, 0xec, 0x42, 0x67, 0x86, 0xa9, 0x78,
+	0xa2, 0x01, 0xad, 0x24, 0x1b, 0xd0, 0xe8, 0x70, 0xe7, 0xb8, 0xf7, 0x2c, 0xff, 0x03, 0x7c, 0x5c,
+	0xfb, 0x3b, 0x80, 0xf3, 0x7d, 0x28, 0x8a, 0xc9, 0x58, 0xcc, 0x50, 0x71, 0x1c, 0x5a, 0x3d, 0xf5,
+	0x30, 0x7a, 0x3e, 0x42, 0xd7, 0x06, 0xea, 0x79, 0x1f, 0xa7, 0x97, 0x7b, 0x94, 0xbd, 0x0f, 0xf0,
+	0xfa, 0x70, 0x8d, 0xcf, 0xf6, 0x54, 0x7e, 0x00, 0xe0, 0xf9, 0x40, 0xb9, 0xa2, 0x4d, 0x79, 0x71,
+	0xf1, 0x24, 0x4f, 0xfe, 0x02, 0xad, 0x1c, 0x05, 0x0d, 0xa5, 0xe5, 0x54, 0x04, 0xf5, 0x5b, 0x00,
+	0x96, 0xd2, 0x79, 0x71, 0x59, 0x7d, 0x1d, 0xc2, 0x78, 0x33, 0x5c, 0x5b, 0xe7, 0xb2, 0x0f, 0x66,
+	0x9c, 0x93, 0xe0, 0x92, 0x5b, 0x65, 0xb7, 0xe0, 0xb9, 0xdb, 0x38, 0xce, 0x20, 0x24, 0xe6, 0x2b,
+	0xe2, 0x11, 0x08, 0x69, 0x19, 0x5e, 0x2d, 0xec, 0xb0, 0x04, 0x3d, 0xb5, 0xc4, 0x64, 0xb6, 0x27,
+	0xf0, 0xa7, 0x67, 0xfc, 0x06, 0x9c, 0x88, 0xf6, 0xc9, 0x25, 0x6b, 0x28, 0x33, 0xb1, 0x87, 0xf2,
+	0x67, 0x00, 0x4b, 0x4c, 0x44, 0x4f, 0x77, 0xd3, 0x68, 0xf5, 0xe4, 0x79, 0x31, 0x3d, 0x8d, 0xdd,
+	0x84, 0x99, 0x92, 0xca, 0x63, 0x61, 0x98, 0x3c, 0xb2, 0x00, 0xa2, 0x46, 0x6e, 0xc3, 0x12, 0xd3,
+	0xc8, 0x53, 0xfe, 0xa4, 0x4b, 0xb0, 0x74, 0x1b, 0xfb, 0x6b, 0x6d, 0xdc, 0xda, 0xc2, 0xbe, 0x4f,
+	0x6c, 0x33, 0x3a, 0x43, 0x19, 0x6a, 0xa9, 0xbc, 0x0b, 0xe0, 0x0b, 0x8c, 0xe4, 0x9c, 0x1e, 0xe8,
+	0x26, 0x3c, 0xdb, 0x68, 0xe3, 0x96, 0xee, 0x71, 0xec, 0x00, 0x06, 0x13, 0x21, 0xa7, 0x1a, 0xc2,
+	0xaf, 0x74, 0x7b, 0x29, 0x9c, 0xa8, 0xbd, 0xb8, 0x70, 0x4a, 0x0c, 0xdd, 0xa7, 0x0d, 0x4c, 0xb5,
+	0xda, 0x9e, 0xde, 0xc2, 0x07, 0xac, 0xe1, 0xb0, 0x33, 0x05, 0x5b, 0x6d, 0xef, 0xab, 0xf8, 0x80,
+	0x36, 0xd3, 0x25, 0x88, 0x3c, 0xec, 0xee, 0x93, 0x06, 0x0e, 0x75, 0x49, 0x27, 0x4d, 0xde, 0x12,
+	0x66, 0xb8, 0x85, 0x4b, 0xd8, 0x46, 0x53, 0x7b, 0x36, 0x07, 0x8b, 0x6b, 0xf4, 0x26, 0xbd, 0xc5,
+	0x4c, 0xdb, 0x1a, 0xfa, 0xae, 0x04, 0x27, 0xa2, 0x41, 0x0b, 0x5d, 0xce, 0xaa, 0xa1, 0xd4, 0x4c,
+	0x28, 0x5f, 0x19, 0x0c, 0x62, 0xa2, 0xa2, 0xfc, 0x0a, 0x1c, 0xd7, 0xf8, 0x29, 0xfa, 0xf6, 0x87,
+	0x7f, 0xfb, 0xbe, 0xf4, 0x53, 0x80, 0x4a, 0xc1, 0x95, 0xfe, 0x90, 0xad, 0xdd, 0xa8, 0xa8, 0x15,
+	0x3e, 0x27, 0xef, 0xcc, 0xa1, 0x8b, 0xa2, 0x25, 0xea, 0x01, 0x11, 0xe0, 0x0a, 0x52, 0x44, 0x40,
+	0x52, 0xf9, 0x23, 0xd4, 0x25, 0xf4, 0xa2, 0x88, 0x0a, 0xa5, 0x3e, 0xb2, 0x5f, 0x45, 0x57, 0x44,
+	0x7b, 0x5a, 0xe1, 0x43, 0x1c, 0x7a, 0x26, 0xc1, 0x31, 0x3e, 0x0c, 0xa2, 0x97, 0x32, 0xf6, 0x9a,
+	0x1c, 0x14, 0xe5, 0x01, 0x23, 0x8c, 0xf2, 0x21, 0x38, 0xae, 0xc5, 0x13, 0x03, 0xe5, 0xe1, 0xb7,
+	0x00, 0x5d, 0xa0, 0x69, 0x44, 0xcb, 0x01, 0x15, 0xfc, 0xc6, 0x50, 0x39, 0x8a, 0xf6, 0x1a, 0x9b,
+	0x63, 0x3e, 0x62, 0xd4, 0x22, 0x7a, 0x39, 0x85, 0x4a, 0x91, 0x12, 0x43, 0x2f, 0xa3, 0x97, 0x52,
+	0xd0, 0x88, 0x99, 0x18, 0xf4, 0x05, 0xb4, 0x98, 0x02, 0xf5, 0xd0, 0x13, 0x81, 0xd1, 0x2f, 0x24,
+	0x08, 0xe3, 0xc1, 0x16, 0x65, 0xd5, 0x43, 0xcf, 0xdc, 0x3b, 0x90, 0xa6, 0x63, 0x70, 0x5c, 0x9b,
+	0x64, 0x9f, 0x65, 0x29, 0x78, 0x0b, 0x25, 0xea, 0xf7, 0x40, 0xe9, 0x53, 0x30, 0xcb, 0x74, 0x28,
+	0xdc, 0xf9, 0xbc, 0x32, 0xb8, 0x6c, 0x38, 0xac, 0xa2, 0xe4, 0x28, 0x1e, 0x8e, 0xbd, 0xa2, 0x0c,
+	0x2c, 0x21, 0x8e, 0x5a, 0x52, 0x72, 0x15, 0x12, 0x43, 0xa3, 0x1f, 0x8d, 0x40, 0x18, 0x0f, 0xd2,
+	0x99, 0x6c, 0xf5, 0xcc, 0xd9, 0x03, 0xd9, 0xfa, 0xa0, 0x70, 0x5c, 0x93, 0xa3, 0x0f, 0x45, 0x09,
+	0x5b, 0x12, 0x84, 0xe8, 0xb8, 0x36, 0x9d, 0x34, 0x52, 0x36, 0xdf, 0x29, 0xc8, 0x83, 0xca, 0x2e,
+	0xe4, 0x4a, 0xce, 0x51, 0x7c, 0x1c, 0xab, 0xca, 0x79, 0x4b, 0x90, 0x3b, 0x2c, 0xca, 0xc3, 0x0b,
+	0x91, 0x43, 0x5f, 0x95, 0xf3, 0x97, 0x63, 0x98, 0xba, 0x76, 0x82, 0xd4, 0xb5, 0x93, 0xa6, 0xae,
+	0xe5, 0x4f, 0x5d, 0x3b, 0x69, 0xea, 0xe8, 0xc7, 0x12, 0x84, 0xf1, 0x5d, 0x23, 0xb3, 0x42, 0x7a,
+	0xae, 0x22, 0x72, 0xa9, 0xa7, 0xd1, 0xac, 0xb7, 0x3b, 0xfe, 0x41, 0xb6, 0xe4, 0x54, 0x06, 0x4b,
+	0x4e, 0x25, 0x97, 0xe4, 0x54, 0xf2, 0x4b, 0x4e, 0x25, 0x8f, 0xe4, 0x54, 0x4e, 0x20, 0x39, 0xef,
+	0x49, 0x70, 0x3a, 0x39, 0xbd, 0xa2, 0x85, 0x3e, 0x6d, 0xa8, 0x67, 0xf0, 0x96, 0x17, 0x73, 0x20,
+	0x79, 0xd7, 0xfa, 0x43, 0xaa, 0x6b, 0x45, 0x6a, 0x2d, 0x8a, 0x50, 0x3c, 0xf9, 0xa6, 0x3b, 0x93,
+	0xa8, 0x41, 0x02, 0x2a, 0x54, 0xeb, 0x7e, 0x12, 0x24, 0x40, 0x43, 0xb5, 0xee, 0x55, 0x20, 0x01,
+	0x14, 0xaa, 0x75, 0x7f, 0x01, 0x12, 0x86, 0xf3, 0x9f, 0x49, 0x70, 0x4a, 0x9c, 0xba, 0xd1, 0xd5,
+	0xec, 0x9e, 0x96, 0x9e, 0xe1, 0xe4, 0x61, 0x03, 0xa5, 0xf2, 0x01, 0x38, 0xae, 0x8d, 0xf4, 0x36,
+	0xb6, 0xa8, 0xc0, 0x84, 0x1b, 0x92, 0xd0, 0xd8, 0xd2, 0x05, 0x96, 0x44, 0x85, 0x54, 0x65, 0x16,
+	0x58, 0x12, 0x1a, 0x52, 0x95, 0x2a, 0xb0, 0x24, 0x28, 0xa4, 0xaa, 0x4f, 0x81, 0x25, 0xc0, 0xe8,
+	0x9f, 0x12, 0x2c, 0xa6, 0xae, 0x12, 0x68, 0xb1, 0x6f, 0x77, 0x3b, 0x39, 0x61, 0xdf, 0x93, 0x8e,
+	0x6b, 0x33, 0xbc, 0xcf, 0x45, 0x6f, 0xa6, 0xe4, 0xfd, 0x0b, 0x28, 0x83, 0xea, 0x6c, 0x39, 0x1e,
+	0xdb, 0x77, 0x54, 0x25, 0x47, 0xc9, 0x89, 0x0e, 0xaf, 0x29, 0x79, 0xab, 0x4f, 0xf4, 0xaa, 0x2a,
+	0xc3, 0x0b, 0x51, 0xc4, 0x7f, 0x49, 0xc9, 0x5f, 0x93, 0x82, 0x1f, 0xfa, 0x8f, 0x04, 0x8b, 0xa9,
+	0x2b, 0x52, 0x26, 0xe7, 0xd9, 0xd7, 0xa8, 0xe1, 0x9c, 0xff, 0x50, 0x3a, 0xae, 0xc9, 0xb4, 0x17,
+	0x46, 0xef, 0x14, 0xbb, 0x25, 0x67, 0x5f, 0x1b, 0x54, 0xba, 0x09, 0xf6, 0xb5, 0x1c, 0x55, 0x9c,
+	0x60, 0x5f, 0xcb, 0x5b, 0xd0, 0x09, 0xf6, 0xb5, 0xe1, 0xb5, 0x9d, 0x60, 0x5f, 0xcb, 0x5f, 0xe6,
+	0x22, 0xfb, 0x3f, 0x91, 0x60, 0x31, 0x75, 0x85, 0xcb, 0x64, 0x3f, 0xfb, 0x9a, 0xd7, 0xb7, 0x09,
+	0xa5, 0x95, 0xa1, 0x32, 0x58, 0x19, 0x2a, 0xb9, 0x94, 0xa1, 0x92, 0x5f, 0x19, 0x2a, 0x79, 0x94,
+	0xa1, 0x72, 0x02, 0x65, 0xf8, 0x25, 0x80, 0xc5, 0xd4, 0x95, 0x34, 0x93, 0xa7, 0xec, 0x6b, 0xab,
+	0x3c, 0xec, 0x66, 0xa9, 0xdc, 0xa5, 0x44, 0xbd, 0x99, 0x52, 0xd0, 0x23, 0x55, 0xbc, 0x70, 0x0e,
+	0xd4, 0xc6, 0x24, 0x14, 0xfd, 0x11, 0x40, 0xd4, 0x7b, 0x27, 0x46, 0x4b, 0x7d, 0x0f, 0xd6, 0xff,
+	0x95, 0xb5, 0x45, 0xb3, 0xde, 0xd3, 0x06, 0x65, 0xbd, 0x9c, 0xbc, 0x6a, 0xef, 0x5c, 0xd7, 0xf2,
+	0x6e, 0x22, 0xe5, 0x29, 0xff, 0x15, 0xbc, 0x5f, 0x2b, 0x65, 0xff, 0x05, 0xe1, 0x4f, 0xb5, 0xdf,
+	0x81, 0x47, 0xbe, 0xdf, 0xf1, 0x96, 0x55, 0xf5, 0xc9, 0x93, 0x27, 0xe9, 0xbf, 0x2f, 0x18, 0x5d,
+	0xff, 0x91, 0xda, 0xb0, 0x9c, 0x6e, 0xf3, 0x95, 0x8e, 0x65, 0xf8, 0x7b, 0x8e, 0xdb, 0x5e, 0x3a,
+	0x19, 0xbc, 0xea, 0x62, 0xa3, 0xf9, 0x8a, 0x63, 0x5b, 0x07, 0x43, 0x1d, 0xc3, 0x0c, 0x8d, 0x66,
+	0x9b, 0xd8, 0xb9, 0xd1, 0x41, 0xfc, 0xd5, 0x67, 0x00, 0x9e, 0x6f, 0x38, 0xed, 0x5e, 0xda, 0x57,
+	0xd1, 0x1d, 0xf6, 0xcc, 0xae, 0xef, 0x9b, 0xc1, 0x69, 0xdb, 0x04, 0x3b, 0xd7, 0x39, 0xd0, 0x74,
+	0x2c, 0xc3, 0x36, 0xab, 0x8e, 0x6b, 0xaa, 0x26, 0xb6, 0xe9, 0x59, 0x54, 0xe3, 0x97, 0x09, 0xff,
+	0xa1, 0xbe, 0xc2, 0x1f, 0xff, 0x0d, 0xc0, 0xcf, 0xa5, 0xe7, 0x6f, 0x33, 0xef, 0xb5, 0x60, 0xa7,
+	0x55, 0xfe, 0x82, 0xea, 0xb6, 0xf6, 0x7e, 0x68, 0x79, 0x48, 0x2d, 0x0f, 0xb9, 0xe5, 0xe1, 0xb6,
+	0xb6, 0x3b, 0x4a, 0x63, 0x5f, 0xfb, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa6, 0x1f, 0x6c, 0xab,
+	0xab, 0x1f, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
-var _ grpc.ClientConn
+var _ grpc.ClientConnInterface
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-const _ = grpc.SupportPackageIsVersion4
+const _ = grpc.SupportPackageIsVersion6
 
 // ConfigServiceV2Client is the client API for ConfigServiceV2 service.
 //
@@ -1061,13 +1629,14 @@ type ConfigServiceV2Client interface {
 	ListSinks(ctx context.Context, in *ListSinksRequest, opts ...grpc.CallOption) (*ListSinksResponse, error)
 	// Gets a sink.
 	GetSink(ctx context.Context, in *GetSinkRequest, opts ...grpc.CallOption) (*LogSink, error)
-	// Creates a sink that exports specified log entries to a destination.  The
+	// Creates a sink that exports specified log entries to a destination. The
 	// export of newly-ingested log entries begins immediately, unless the sink's
-	// `writer_identity` is not permitted to write to the destination.  A sink can
+	// `writer_identity` is not permitted to write to the destination. A sink can
 	// export log entries only from the resource owning the sink.
 	CreateSink(ctx context.Context, in *CreateSinkRequest, opts ...grpc.CallOption) (*LogSink, error)
-	// Updates a sink.  This method replaces the following fields in the existing
+	// Updates a sink. This method replaces the following fields in the existing
 	// sink with values from the new sink: `destination`, and `filter`.
+	//
 	// The updated sink might also have a new `writer_identity`; see the
 	// `unique_writer_identity` field.
 	UpdateSink(ctx context.Context, in *UpdateSinkRequest, opts ...grpc.CallOption) (*LogSink, error)
@@ -1086,13 +1655,37 @@ type ConfigServiceV2Client interface {
 	UpdateExclusion(ctx context.Context, in *UpdateExclusionRequest, opts ...grpc.CallOption) (*LogExclusion, error)
 	// Deletes an exclusion.
 	DeleteExclusion(ctx context.Context, in *DeleteExclusionRequest, opts ...grpc.CallOption) (*empty.Empty, error)
+	// Gets the Logs Router CMEK settings for the given resource.
+	//
+	// Note: CMEK for the Logs Router can currently only be configured for GCP
+	// organizations. Once configured, it applies to all projects and folders in
+	// the GCP organization.
+	//
+	// See [Enabling CMEK for Logs
+	// Router](/logging/docs/routing/managed-encryption) for more information.
+	GetCmekSettings(ctx context.Context, in *GetCmekSettingsRequest, opts ...grpc.CallOption) (*CmekSettings, error)
+	// Updates the Logs Router CMEK settings for the given resource.
+	//
+	// Note: CMEK for the Logs Router can currently only be configured for GCP
+	// organizations. Once configured, it applies to all projects and folders in
+	// the GCP organization.
+	//
+	// [UpdateCmekSettings][google.logging.v2.ConfigServiceV2.UpdateCmekSettings]
+	// will fail if 1) `kms_key_name` is invalid, or 2) the associated service
+	// account does not have the required
+	// `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key, or
+	// 3) access to the key is disabled.
+	//
+	// See [Enabling CMEK for Logs
+	// Router](/logging/docs/routing/managed-encryption) for more information.
+	UpdateCmekSettings(ctx context.Context, in *UpdateCmekSettingsRequest, opts ...grpc.CallOption) (*CmekSettings, error)
 }
 
 type configServiceV2Client struct {
-	cc *grpc.ClientConn
+	cc grpc.ClientConnInterface
 }
 
-func NewConfigServiceV2Client(cc *grpc.ClientConn) ConfigServiceV2Client {
+func NewConfigServiceV2Client(cc grpc.ClientConnInterface) ConfigServiceV2Client {
 	return &configServiceV2Client{cc}
 }
 
@@ -1186,20 +1779,38 @@ func (c *configServiceV2Client) DeleteExclusion(ctx context.Context, in *DeleteE
 	return out, nil
 }
 
-// Server API for ConfigServiceV2 service
+func (c *configServiceV2Client) GetCmekSettings(ctx context.Context, in *GetCmekSettingsRequest, opts ...grpc.CallOption) (*CmekSettings, error) {
+	out := new(CmekSettings)
+	err := c.cc.Invoke(ctx, "/google.logging.v2.ConfigServiceV2/GetCmekSettings", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *configServiceV2Client) UpdateCmekSettings(ctx context.Context, in *UpdateCmekSettingsRequest, opts ...grpc.CallOption) (*CmekSettings, error) {
+	out := new(CmekSettings)
+	err := c.cc.Invoke(ctx, "/google.logging.v2.ConfigServiceV2/UpdateCmekSettings", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
 
+// ConfigServiceV2Server is the server API for ConfigServiceV2 service.
 type ConfigServiceV2Server interface {
 	// Lists sinks.
 	ListSinks(context.Context, *ListSinksRequest) (*ListSinksResponse, error)
 	// Gets a sink.
 	GetSink(context.Context, *GetSinkRequest) (*LogSink, error)
-	// Creates a sink that exports specified log entries to a destination.  The
+	// Creates a sink that exports specified log entries to a destination. The
 	// export of newly-ingested log entries begins immediately, unless the sink's
-	// `writer_identity` is not permitted to write to the destination.  A sink can
+	// `writer_identity` is not permitted to write to the destination. A sink can
 	// export log entries only from the resource owning the sink.
 	CreateSink(context.Context, *CreateSinkRequest) (*LogSink, error)
-	// Updates a sink.  This method replaces the following fields in the existing
+	// Updates a sink. This method replaces the following fields in the existing
 	// sink with values from the new sink: `destination`, and `filter`.
+	//
 	// The updated sink might also have a new `writer_identity`; see the
 	// `unique_writer_identity` field.
 	UpdateSink(context.Context, *UpdateSinkRequest) (*LogSink, error)
@@ -1218,6 +1829,71 @@ type ConfigServiceV2Server interface {
 	UpdateExclusion(context.Context, *UpdateExclusionRequest) (*LogExclusion, error)
 	// Deletes an exclusion.
 	DeleteExclusion(context.Context, *DeleteExclusionRequest) (*empty.Empty, error)
+	// Gets the Logs Router CMEK settings for the given resource.
+	//
+	// Note: CMEK for the Logs Router can currently only be configured for GCP
+	// organizations. Once configured, it applies to all projects and folders in
+	// the GCP organization.
+	//
+	// See [Enabling CMEK for Logs
+	// Router](/logging/docs/routing/managed-encryption) for more information.
+	GetCmekSettings(context.Context, *GetCmekSettingsRequest) (*CmekSettings, error)
+	// Updates the Logs Router CMEK settings for the given resource.
+	//
+	// Note: CMEK for the Logs Router can currently only be configured for GCP
+	// organizations. Once configured, it applies to all projects and folders in
+	// the GCP organization.
+	//
+	// [UpdateCmekSettings][google.logging.v2.ConfigServiceV2.UpdateCmekSettings]
+	// will fail if 1) `kms_key_name` is invalid, or 2) the associated service
+	// account does not have the required
+	// `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key, or
+	// 3) access to the key is disabled.
+	//
+	// See [Enabling CMEK for Logs
+	// Router](/logging/docs/routing/managed-encryption) for more information.
+	UpdateCmekSettings(context.Context, *UpdateCmekSettingsRequest) (*CmekSettings, error)
+}
+
+// UnimplementedConfigServiceV2Server can be embedded to have forward compatible implementations.
+type UnimplementedConfigServiceV2Server struct {
+}
+
+func (*UnimplementedConfigServiceV2Server) ListSinks(ctx context.Context, req *ListSinksRequest) (*ListSinksResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListSinks not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) GetSink(ctx context.Context, req *GetSinkRequest) (*LogSink, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetSink not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) CreateSink(ctx context.Context, req *CreateSinkRequest) (*LogSink, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateSink not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) UpdateSink(ctx context.Context, req *UpdateSinkRequest) (*LogSink, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateSink not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) DeleteSink(ctx context.Context, req *DeleteSinkRequest) (*empty.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteSink not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) ListExclusions(ctx context.Context, req *ListExclusionsRequest) (*ListExclusionsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListExclusions not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) GetExclusion(ctx context.Context, req *GetExclusionRequest) (*LogExclusion, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetExclusion not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) CreateExclusion(ctx context.Context, req *CreateExclusionRequest) (*LogExclusion, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateExclusion not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) UpdateExclusion(ctx context.Context, req *UpdateExclusionRequest) (*LogExclusion, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateExclusion not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) DeleteExclusion(ctx context.Context, req *DeleteExclusionRequest) (*empty.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteExclusion not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) GetCmekSettings(ctx context.Context, req *GetCmekSettingsRequest) (*CmekSettings, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetCmekSettings not implemented")
+}
+func (*UnimplementedConfigServiceV2Server) UpdateCmekSettings(ctx context.Context, req *UpdateCmekSettingsRequest) (*CmekSettings, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateCmekSettings not implemented")
 }
 
 func RegisterConfigServiceV2Server(s *grpc.Server, srv ConfigServiceV2Server) {
@@ -1404,6 +2080,42 @@ func _ConfigServiceV2_DeleteExclusion_Handler(srv interface{}, ctx context.Conte
 	return interceptor(ctx, in, info, handler)
 }
 
+func _ConfigServiceV2_GetCmekSettings_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetCmekSettingsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ConfigServiceV2Server).GetCmekSettings(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.logging.v2.ConfigServiceV2/GetCmekSettings",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ConfigServiceV2Server).GetCmekSettings(ctx, req.(*GetCmekSettingsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ConfigServiceV2_UpdateCmekSettings_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateCmekSettingsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ConfigServiceV2Server).UpdateCmekSettings(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.logging.v2.ConfigServiceV2/UpdateCmekSettings",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ConfigServiceV2Server).UpdateCmekSettings(ctx, req.(*UpdateCmekSettingsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _ConfigServiceV2_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "google.logging.v2.ConfigServiceV2",
 	HandlerType: (*ConfigServiceV2Server)(nil),
@@ -1448,85 +2160,15 @@ var _ConfigServiceV2_serviceDesc = grpc.ServiceDesc{
 			MethodName: "DeleteExclusion",
 			Handler:    _ConfigServiceV2_DeleteExclusion_Handler,
 		},
+		{
+			MethodName: "GetCmekSettings",
+			Handler:    _ConfigServiceV2_GetCmekSettings_Handler,
+		},
+		{
+			MethodName: "UpdateCmekSettings",
+			Handler:    _ConfigServiceV2_UpdateCmekSettings_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "google/logging/v2/logging_config.proto",
 }
-
-func init() {
-	proto.RegisterFile("google/logging/v2/logging_config.proto", fileDescriptor_logging_config_e3432177b05142c4)
-}
-
-var fileDescriptor_logging_config_e3432177b05142c4 = []byte{
-	// 1118 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x5d, 0x6f, 0xdb, 0xd4,
-	0x1b, 0xff, 0x3b, 0xe9, 0x4b, 0xf2, 0x74, 0x6b, 0xda, 0xb3, 0x7f, 0x83, 0xe5, 0xb2, 0x2e, 0xb8,
-	0x53, 0x49, 0x2b, 0x70, 0x46, 0x00, 0x09, 0x36, 0x4d, 0x13, 0xeb, 0xda, 0xaa, 0x52, 0xd7, 0x55,
-	0x6e, 0x17, 0x24, 0x54, 0xc9, 0x72, 0xe3, 0x13, 0x73, 0x54, 0xc7, 0xf6, 0xec, 0x93, 0xd2, 0x0e,
-	0x26, 0x01, 0x97, 0x48, 0x5c, 0x20, 0xee, 0xb9, 0x46, 0x7c, 0x06, 0x3e, 0x01, 0xb7, 0xfb, 0x0a,
-	0x7c, 0x08, 0x2e, 0xd1, 0x79, 0x49, 0xe2, 0x38, 0x8e, 0x9b, 0x09, 0xc1, 0x55, 0xcf, 0x79, 0x5e,
-	0xce, 0xef, 0xf7, 0x3c, 0xe7, 0x39, 0xbf, 0x3a, 0xb0, 0xe1, 0x06, 0x81, 0xeb, 0xe1, 0x86, 0x17,
-	0xb8, 0x2e, 0xf1, 0xdd, 0xc6, 0x45, 0xb3, 0xbf, 0xb4, 0xda, 0x81, 0xdf, 0x21, 0xae, 0x11, 0x46,
-	0x01, 0x0d, 0xd0, 0xb2, 0x88, 0x33, 0xa4, 0xd3, 0xb8, 0x68, 0x6a, 0x6f, 0xcb, 0x54, 0x3b, 0x24,
-	0x0d, 0xdb, 0xf7, 0x03, 0x6a, 0x53, 0x12, 0xf8, 0xb1, 0x48, 0xd0, 0x56, 0xa5, 0x97, 0xef, 0xce,
-	0x7a, 0x9d, 0x06, 0xee, 0x86, 0xf4, 0x4a, 0x3a, 0x6b, 0x69, 0x67, 0x87, 0x60, 0xcf, 0xb1, 0xba,
-	0x76, 0x7c, 0x2e, 0x23, 0xee, 0xa4, 0x23, 0x28, 0xe9, 0xe2, 0x98, 0xda, 0xdd, 0x50, 0x04, 0xe8,
-	0xbf, 0x17, 0x61, 0xfe, 0x20, 0x70, 0x8f, 0x89, 0x7f, 0x8e, 0x10, 0xcc, 0xf8, 0x76, 0x17, 0xab,
-	0x4a, 0x4d, 0xa9, 0x97, 0x4d, 0xbe, 0x46, 0x35, 0x58, 0x70, 0x70, 0x4c, 0x89, 0xcf, 0x59, 0xa9,
-	0x45, 0xee, 0x4a, 0x9a, 0x50, 0x15, 0xe6, 0x3a, 0xc4, 0xa3, 0x38, 0x52, 0x67, 0xb9, 0x53, 0xee,
-	0xd0, 0x29, 0xac, 0x04, 0x3d, 0x1a, 0xf6, 0xa8, 0x75, 0x81, 0xa3, 0x98, 0x04, 0xbe, 0xd5, 0x09,
-	0xa2, 0xae, 0x4d, 0xd5, 0xb9, 0x9a, 0x52, 0x5f, 0x6c, 0xd6, 0x8d, 0xb1, 0x56, 0x18, 0x92, 0x88,
-	0xd1, 0x12, 0x09, 0xbb, 0x3c, 0xde, 0xbc, 0x25, 0x8e, 0x19, 0x31, 0xa2, 0x77, 0xa1, 0xf2, 0x55,
-	0x44, 0x28, 0x8e, 0x2c, 0xe2, 0x60, 0x9f, 0x12, 0x7a, 0xa5, 0x96, 0x38, 0xfc, 0xa2, 0x30, 0xef,
-	0x4b, 0x2b, 0xda, 0x84, 0x25, 0xe2, 0xb7, 0xbd, 0x9e, 0x83, 0xad, 0xf6, 0x97, 0xc4, 0x73, 0x22,
-	0xec, 0xab, 0xe5, 0x9a, 0x52, 0x2f, 0x99, 0x15, 0x69, 0xdf, 0x96, 0x66, 0xf4, 0x29, 0x40, 0x4c,
-	0xed, 0x88, 0x5a, 0xac, 0x49, 0x2a, 0xd4, 0x94, 0xfa, 0x42, 0x53, 0xeb, 0xd3, 0xec, 0x77, 0xd0,
-	0x38, 0xe9, 0x77, 0xd0, 0x2c, 0xf3, 0x68, 0xb6, 0x47, 0x1f, 0x43, 0x09, 0xfb, 0x8e, 0x48, 0x5c,
-	0xb8, 0x36, 0x71, 0x1e, 0xfb, 0x0e, 0xdb, 0xe9, 0x8f, 0xe0, 0xe6, 0x68, 0x59, 0x6b, 0xa0, 0xb5,
-	0x76, 0xcc, 0xe3, 0xfd, 0x67, 0x87, 0xd6, 0xee, 0x33, 0xf3, 0xe9, 0x67, 0x27, 0xd6, 0xf3, 0xc3,
-	0xe3, 0xa3, 0x9d, 0xed, 0xfd, 0xdd, 0xfd, 0x9d, 0x27, 0x4b, 0xff, 0x43, 0x73, 0x50, 0x68, 0x35,
-	0x97, 0x14, 0xfe, 0xf7, 0x83, 0xa5, 0x82, 0xde, 0x81, 0xa5, 0x03, 0x12, 0x53, 0xd6, 0xb5, 0xd8,
-	0xc4, 0x2f, 0x7a, 0x38, 0xa6, 0xec, 0x42, 0x42, 0x3b, 0xc2, 0x3e, 0x95, 0x17, 0x29, 0x77, 0xe8,
-	0x36, 0x40, 0x68, 0xbb, 0xd8, 0xa2, 0xc1, 0x39, 0xf6, 0xd5, 0x02, 0xf7, 0x95, 0x99, 0xe5, 0x84,
-	0x19, 0xd0, 0x2a, 0xf0, 0x8d, 0x15, 0x93, 0x97, 0x98, 0xdf, 0xf3, 0xac, 0x59, 0x62, 0x86, 0x63,
-	0xf2, 0x12, 0xeb, 0x5d, 0x58, 0x4e, 0xe0, 0xc4, 0x61, 0xe0, 0xc7, 0x18, 0xdd, 0x83, 0xd9, 0x98,
-	0x19, 0x54, 0xa5, 0x56, 0x4c, 0x56, 0x3c, 0x7e, 0xa3, 0xa6, 0x08, 0x44, 0x1b, 0x50, 0xf1, 0xf1,
-	0x25, 0xb5, 0xc6, 0x78, 0xdc, 0x64, 0xe6, 0xa3, 0x3e, 0x17, 0xfd, 0x7d, 0x58, 0xdc, 0xc3, 0x1c,
-	0xad, 0x5f, 0xd4, 0x2a, 0x94, 0xd9, 0x11, 0x56, 0x62, 0x40, 0x4b, 0xcc, 0x70, 0x68, 0x77, 0xb1,
-	0xfe, 0x93, 0x02, 0xcb, 0xdb, 0x11, 0xb6, 0x29, 0x4e, 0xa6, 0x4c, 0xea, 0x83, 0x01, 0x33, 0x2c,
-	0x93, 0x23, 0xe7, 0xb3, 0xe6, 0x71, 0xe8, 0x23, 0xa8, 0xf6, 0x7c, 0xf2, 0xa2, 0x87, 0xad, 0xf4,
-	0xc4, 0x15, 0xf9, 0x1c, 0xfd, 0x5f, 0x78, 0x3f, 0x1f, 0x99, 0x3b, 0xfd, 0xb5, 0x02, 0xcb, 0xcf,
-	0x43, 0x27, 0xc5, 0x29, 0xaf, 0x8c, 0xff, 0x86, 0x18, 0x7a, 0x00, 0x0b, 0x3d, 0xce, 0x8b, 0xeb,
-	0x84, 0x3a, 0x33, 0x61, 0x5a, 0x77, 0x99, 0x94, 0x3c, 0xb5, 0xe3, 0x73, 0x13, 0x44, 0x38, 0x5b,
-	0xeb, 0xf7, 0x60, 0xf9, 0x09, 0xf6, 0xf0, 0xf4, 0x45, 0xe9, 0x97, 0x70, 0xe3, 0x20, 0x70, 0x77,
-	0x2e, 0xdb, 0x5e, 0x8f, 0xcd, 0x79, 0x8e, 0xc8, 0xb4, 0x23, 0x12, 0x72, 0x91, 0x29, 0x0c, 0x44,
-	0xa6, 0x6f, 0x4a, 0x88, 0x4c, 0x71, 0x44, 0x64, 0x34, 0x28, 0x39, 0x24, 0xb6, 0xcf, 0x3c, 0xec,
-	0xf0, 0x4a, 0x4a, 0xe6, 0x60, 0xaf, 0x9f, 0xc3, 0x0a, 0x9b, 0xd9, 0x01, 0xf4, 0xbf, 0xfa, 0x40,
-	0xbe, 0x53, 0xa0, 0x9a, 0x46, 0x93, 0xcf, 0xe4, 0x11, 0x00, 0x1e, 0x58, 0xe5, 0x5b, 0xb9, 0x93,
-	0x7d, 0xb9, 0x83, 0x6c, 0x33, 0x91, 0x32, 0xf5, 0xab, 0xd9, 0x84, 0x5b, 0x7b, 0x78, 0xc8, 0xa0,
-	0x5f, 0x6e, 0x46, 0xc7, 0xf5, 0x00, 0xaa, 0xe2, 0xc1, 0x8c, 0x45, 0x4f, 0x6a, 0xce, 0x43, 0x28,
-	0x0f, 0x28, 0xc9, 0x09, 0xbd, 0xb6, 0x88, 0x61, 0x86, 0xfe, 0xab, 0x02, 0x55, 0xf1, 0x1c, 0xa6,
-	0xe1, 0xf7, 0x0f, 0xd1, 0xd2, 0x33, 0x5e, 0x7c, 0xa3, 0x19, 0x7f, 0x0f, 0xaa, 0x62, 0xc6, 0xa7,
-	0x61, 0xda, 0xfc, 0x16, 0xa0, 0xb2, 0xcd, 0xff, 0xc5, 0x1f, 0xe3, 0xe8, 0x82, 0xb4, 0x71, 0xab,
-	0x89, 0x2e, 0xa0, 0x3c, 0x50, 0x4b, 0xb4, 0x9e, 0xc5, 0x3b, 0xa5, 0xd9, 0xda, 0xdd, 0xfc, 0x20,
-	0x31, 0x49, 0xfa, 0xda, 0xf7, 0xaf, 0xff, 0xfc, 0xb9, 0xa0, 0xa2, 0x2a, 0xfb, 0xbe, 0xf8, 0x5a,
-	0x5c, 0xcc, 0xc3, 0xad, 0xc6, 0xd6, 0xab, 0x86, 0x90, 0xd7, 0x2e, 0xcc, 0x4b, 0xd9, 0x44, 0xef,
-	0x64, 0x1c, 0x38, 0x2a, 0xa9, 0x5a, 0x8e, 0xc0, 0xe8, 0xeb, 0x1c, 0xe9, 0x36, 0x5a, 0xe5, 0x48,
-	0x83, 0xd7, 0xcd, 0xc0, 0x04, 0x56, 0x63, 0xeb, 0x15, 0xa2, 0x00, 0x43, 0xd5, 0x45, 0x59, 0x25,
-	0x8c, 0x89, 0x72, 0x2e, 0xe8, 0x5d, 0x0e, 0xba, 0xa6, 0x4f, 0x28, 0xef, 0xbe, 0x50, 0xbd, 0x2b,
-	0x80, 0xa1, 0xae, 0x66, 0xa2, 0x8e, 0xc9, 0x6e, 0x2e, 0xea, 0x26, 0x47, 0x5d, 0xd7, 0xf2, 0x4a,
-	0x95, 0xd0, 0x01, 0xc0, 0x50, 0xfd, 0x32, 0xa1, 0xc7, 0xc4, 0x51, 0xab, 0x8e, 0x4d, 0xdd, 0x0e,
-	0xfb, 0x82, 0xeb, 0x77, 0x78, 0x2b, 0xb7, 0xc3, 0x3f, 0x28, 0xb0, 0x38, 0xaa, 0x2a, 0xa8, 0x3e,
-	0x61, 0x52, 0xc6, 0x64, 0x4e, 0xdb, 0x9c, 0x22, 0x52, 0x0e, 0xd6, 0xe8, 0x75, 0x27, 0x3b, 0x9f,
-	0x90, 0xa1, 0x6f, 0xe0, 0x46, 0x52, 0x5e, 0xd0, 0x46, 0xf6, 0x88, 0xa5, 0x5f, 0x8d, 0x76, 0xdd,
-	0xc3, 0x4d, 0xa1, 0x0f, 0xba, 0x30, 0x84, 0x66, 0xad, 0xf8, 0x51, 0x81, 0x4a, 0x4a, 0xb2, 0xd0,
-	0xe6, 0xc4, 0x91, 0x7b, 0x73, 0x12, 0x06, 0x27, 0x51, 0xd7, 0xf3, 0x5a, 0x70, 0x3f, 0x21, 0x31,
-	0x8c, 0x4f, 0x4a, 0xd0, 0x32, 0xf9, 0x64, 0x8b, 0xde, 0xd4, 0x7c, 0x9a, 0x79, 0x4d, 0x49, 0xf2,
-	0xb9, 0x82, 0x4a, 0x4a, 0xb5, 0x32, 0xe9, 0x64, 0x2b, 0xdb, 0x94, 0x53, 0x9a, 0xcd, 0xe2, 0xf1,
-	0x2f, 0x0a, 0xac, 0xb4, 0x83, 0xee, 0x38, 0xda, 0x63, 0x74, 0x20, 0xd6, 0x42, 0x20, 0x8f, 0xd8,
-	0xd9, 0x47, 0xca, 0x17, 0x9f, 0xc8, 0x40, 0x37, 0xf0, 0x6c, 0xdf, 0x35, 0x82, 0xc8, 0x6d, 0xb8,
-	0xd8, 0xe7, 0xc8, 0x0d, 0xe1, 0xb2, 0x43, 0x12, 0x27, 0x7e, 0x4b, 0x3d, 0x90, 0xcb, 0xbf, 0x14,
-	0xe5, 0xb7, 0xc2, 0x5b, 0x7b, 0x22, 0x7b, 0xdb, 0x0b, 0x7a, 0x8e, 0x21, 0x01, 0x8c, 0x56, 0xf3,
-	0x8f, 0xbe, 0xe7, 0x94, 0x7b, 0x4e, 0xa5, 0xe7, 0xb4, 0xd5, 0x3c, 0x9b, 0xe3, 0x67, 0x7f, 0xf8,
-	0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0x67, 0x9c, 0x61, 0x2f, 0xa6, 0x0d, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_metrics.pb.go b/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_metrics.pb.go
index e76a8760a2b10..f6034293e30bf 100644
--- a/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_metrics.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_metrics.pb.go
@@ -1,20 +1,24 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/logging/v2/logging_metrics.proto
 
-package logging // import "google.golang.org/genproto/googleapis/logging/v2"
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import empty "github.com/golang/protobuf/ptypes/empty"
-import _ "google.golang.org/genproto/googleapis/api/annotations"
-import distribution "google.golang.org/genproto/googleapis/api/distribution"
-import metric "google.golang.org/genproto/googleapis/api/metric"
-import _ "google.golang.org/genproto/protobuf/field_mask"
+package logging
 
 import (
-	context "golang.org/x/net/context"
+	context "context"
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	_ "github.com/golang/protobuf/ptypes/duration"
+	empty "github.com/golang/protobuf/ptypes/empty"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	distribution "google.golang.org/genproto/googleapis/api/distribution"
+	metric "google.golang.org/genproto/googleapis/api/metric"
+	_ "google.golang.org/genproto/protobuf/field_mask"
 	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
 )
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -26,15 +30,15 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
-// Stackdriver Logging API version.
+// Logging API version.
 type LogMetric_ApiVersion int32
 
 const (
-	// Stackdriver Logging API v2.
+	// Logging API v2.
 	LogMetric_V2 LogMetric_ApiVersion = 0
-	// Stackdriver Logging API v1.
+	// Logging API v1.
 	LogMetric_V1 LogMetric_ApiVersion = 1
 )
 
@@ -42,6 +46,7 @@ var LogMetric_ApiVersion_name = map[int32]string{
 	0: "V2",
 	1: "V1",
 }
+
 var LogMetric_ApiVersion_value = map[string]int32{
 	"V2": 0,
 	"V1": 1,
@@ -50,12 +55,13 @@ var LogMetric_ApiVersion_value = map[string]int32{
 func (x LogMetric_ApiVersion) String() string {
 	return proto.EnumName(LogMetric_ApiVersion_name, int32(x))
 }
+
 func (LogMetric_ApiVersion) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_logging_metrics_ec8e3ff261e4c5c2, []int{0, 0}
+	return fileDescriptor_25f112b6cac96ff1, []int{0, 0}
 }
 
-// Describes a logs-based metric.  The value of the metric is the
-// number of log entries that match a logs filter in a given time interval.
+// Describes a logs-based metric. The value of the metric is the number of log
+// entries that match a logs filter in a given time interval.
 //
 // Logs-based metric can also be used to extract values from logs and create a
 // a distribution of the values. The distribution records the statistics of the
@@ -65,21 +71,20 @@ type LogMetric struct {
 	// Required. The client-assigned metric identifier.
 	// Examples: `"error_count"`, `"nginx/requests"`.
 	//
-	// Metric identifiers are limited to 100 characters and can include
-	// only the following characters: `A-Z`, `a-z`, `0-9`, and the
-	// special characters `_-.,+!*',()%/`.  The forward-slash character
-	// (`/`) denotes a hierarchy of name pieces, and it cannot be the
-	// first character of the name.
+	// Metric identifiers are limited to 100 characters and can include only the
+	// following characters: `A-Z`, `a-z`, `0-9`, and the special characters
+	// `_-.,+!*',()%/`. The forward-slash character (`/`) denotes a hierarchy of
+	// name pieces, and it cannot be the first character of the name.
 	//
 	// The metric identifier in this field must not be
 	// [URL-encoded](https://en.wikipedia.org/wiki/Percent-encoding).
-	// However, when the metric identifier appears as the `[METRIC_ID]`
-	// part of a `metric_name` API parameter, then the metric identifier
-	// must be URL-encoded. Example:
-	// `"projects/my-project/metrics/nginx%2Frequests"`.
-	Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	// However, when the metric identifier appears as the `[METRIC_ID]` part of a
+	// `metric_name` API parameter, then the metric identifier must be
+	// URL-encoded. Example: `"projects/my-project/metrics/nginx%2Frequests"`.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// Optional. A description of this metric, which is used in documentation.
-	Description string `protobuf:"bytes,2,opt,name=description" json:"description,omitempty"`
+	// The maximum length of the description is 8000 characters.
+	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
 	// Required. An [advanced logs filter](/logging/docs/view/advanced_filters)
 	// which is used to match log entries.
 	// Example:
@@ -87,7 +92,7 @@ type LogMetric struct {
 	//     "resource.type=gae_app AND severity>=ERROR"
 	//
 	// The maximum length of the filter is 20000 characters.
-	Filter string `protobuf:"bytes,3,opt,name=filter" json:"filter,omitempty"`
+	Filter string `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"`
 	// Optional. The metric descriptor associated with the logs-based metric.
 	// If unspecified, it uses a default metric descriptor with a DELTA metric
 	// kind, INT64 value type, with no labels and a unit of "1". Such a metric
@@ -109,7 +114,7 @@ type LogMetric struct {
 	// be updated once initially configured. New labels can be added in the
 	// `metric_descriptor`, but existing labels cannot be modified except for
 	// their description.
-	MetricDescriptor *metric.MetricDescriptor `protobuf:"bytes,5,opt,name=metric_descriptor,json=metricDescriptor" json:"metric_descriptor,omitempty"`
+	MetricDescriptor *metric.MetricDescriptor `protobuf:"bytes,5,opt,name=metric_descriptor,json=metricDescriptor,proto3" json:"metric_descriptor,omitempty"`
 	// Optional. A `value_extractor` is required when using a distribution
 	// logs-based metric to extract the values to record from a log entry.
 	// Two functions are supported for value extraction: `EXTRACT(field)` or
@@ -129,7 +134,7 @@ type LogMetric struct {
 	// distribution.
 	//
 	// Example: `REGEXP_EXTRACT(jsonPayload.request, ".*quantity=(\d+).*")`
-	ValueExtractor string `protobuf:"bytes,6,opt,name=value_extractor,json=valueExtractor" json:"value_extractor,omitempty"`
+	ValueExtractor string `protobuf:"bytes,6,opt,name=value_extractor,json=valueExtractor,proto3" json:"value_extractor,omitempty"`
 	// Optional. A map from a label key string to an extractor expression which is
 	// used to extract data from a log entry field and assign as the label value.
 	// Each label key specified in the LabelDescriptor must have an associated
@@ -144,14 +149,22 @@ type LogMetric struct {
 	//
 	// Note that there are upper bounds on the maximum number of labels and the
 	// number of active time series that are allowed in a project.
-	LabelExtractors map[string]string `protobuf:"bytes,7,rep,name=label_extractors,json=labelExtractors" json:"label_extractors,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
+	LabelExtractors map[string]string `protobuf:"bytes,7,rep,name=label_extractors,json=labelExtractors,proto3" json:"label_extractors,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Optional. The `bucket_options` are required when the logs-based metric is
 	// using a DISTRIBUTION value type and it describes the bucket boundaries
 	// used to create a histogram of the extracted values.
-	BucketOptions *distribution.Distribution_BucketOptions `protobuf:"bytes,8,opt,name=bucket_options,json=bucketOptions" json:"bucket_options,omitempty"`
+	BucketOptions *distribution.Distribution_BucketOptions `protobuf:"bytes,8,opt,name=bucket_options,json=bucketOptions,proto3" json:"bucket_options,omitempty"`
+	// Output only. The creation timestamp of the metric.
+	//
+	// This field may not be present for older metrics.
+	CreateTime *timestamp.Timestamp `protobuf:"bytes,9,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
+	// Output only. The last update timestamp of the metric.
+	//
+	// This field may not be present for older metrics.
+	UpdateTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
 	// Deprecated. The API version that created or updated this metric.
 	// The v2 format is used by default and cannot be changed.
-	Version              LogMetric_ApiVersion `protobuf:"varint,4,opt,name=version,enum=google.logging.v2.LogMetric_ApiVersion" json:"version,omitempty"`
+	Version              LogMetric_ApiVersion `protobuf:"varint,4,opt,name=version,proto3,enum=google.logging.v2.LogMetric_ApiVersion" json:"version,omitempty"` // Deprecated: Do not use.
 	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
 	XXX_unrecognized     []byte               `json:"-"`
 	XXX_sizecache        int32                `json:"-"`
@@ -161,16 +174,17 @@ func (m *LogMetric) Reset()         { *m = LogMetric{} }
 func (m *LogMetric) String() string { return proto.CompactTextString(m) }
 func (*LogMetric) ProtoMessage()    {}
 func (*LogMetric) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_metrics_ec8e3ff261e4c5c2, []int{0}
+	return fileDescriptor_25f112b6cac96ff1, []int{0}
 }
+
 func (m *LogMetric) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_LogMetric.Unmarshal(m, b)
 }
 func (m *LogMetric) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_LogMetric.Marshal(b, m, deterministic)
 }
-func (dst *LogMetric) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogMetric.Merge(dst, src)
+func (m *LogMetric) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LogMetric.Merge(m, src)
 }
 func (m *LogMetric) XXX_Size() int {
 	return xxx_messageInfo_LogMetric.Size(m)
@@ -230,6 +244,21 @@ func (m *LogMetric) GetBucketOptions() *distribution.Distribution_BucketOptions
 	return nil
 }
 
+func (m *LogMetric) GetCreateTime() *timestamp.Timestamp {
+	if m != nil {
+		return m.CreateTime
+	}
+	return nil
+}
+
+func (m *LogMetric) GetUpdateTime() *timestamp.Timestamp {
+	if m != nil {
+		return m.UpdateTime
+	}
+	return nil
+}
+
+// Deprecated: Do not use.
 func (m *LogMetric) GetVersion() LogMetric_ApiVersion {
 	if m != nil {
 		return m.Version
@@ -242,16 +271,16 @@ type ListLogMetricsRequest struct {
 	// Required. The name of the project containing the metrics:
 	//
 	//     "projects/[PROJECT_ID]"
-	Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"`
+	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
 	// Optional. If present, then retrieve the next batch of results from the
-	// preceding call to this method.  `pageToken` must be the value of
-	// `nextPageToken` from the previous response.  The values of other method
+	// preceding call to this method. `pageToken` must be the value of
+	// `nextPageToken` from the previous response. The values of other method
 	// parameters should be identical to those in the previous call.
-	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken" json:"page_token,omitempty"`
+	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
 	// Optional. The maximum number of results to return from this request.
-	// Non-positive values are ignored.  The presence of `nextPageToken` in the
+	// Non-positive values are ignored. The presence of `nextPageToken` in the
 	// response indicates that more results might be available.
-	PageSize             int32    `protobuf:"varint,3,opt,name=page_size,json=pageSize" json:"page_size,omitempty"`
+	PageSize             int32    `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -261,16 +290,17 @@ func (m *ListLogMetricsRequest) Reset()         { *m = ListLogMetricsRequest{} }
 func (m *ListLogMetricsRequest) String() string { return proto.CompactTextString(m) }
 func (*ListLogMetricsRequest) ProtoMessage()    {}
 func (*ListLogMetricsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_metrics_ec8e3ff261e4c5c2, []int{1}
+	return fileDescriptor_25f112b6cac96ff1, []int{1}
 }
+
 func (m *ListLogMetricsRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListLogMetricsRequest.Unmarshal(m, b)
 }
 func (m *ListLogMetricsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListLogMetricsRequest.Marshal(b, m, deterministic)
 }
-func (dst *ListLogMetricsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListLogMetricsRequest.Merge(dst, src)
+func (m *ListLogMetricsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListLogMetricsRequest.Merge(m, src)
 }
 func (m *ListLogMetricsRequest) XXX_Size() int {
 	return xxx_messageInfo_ListLogMetricsRequest.Size(m)
@@ -305,11 +335,11 @@ func (m *ListLogMetricsRequest) GetPageSize() int32 {
 // Result returned from ListLogMetrics.
 type ListLogMetricsResponse struct {
 	// A list of logs-based metrics.
-	Metrics []*LogMetric `protobuf:"bytes,1,rep,name=metrics" json:"metrics,omitempty"`
+	Metrics []*LogMetric `protobuf:"bytes,1,rep,name=metrics,proto3" json:"metrics,omitempty"`
 	// If there might be more results than appear in this response, then
-	// `nextPageToken` is included.  To get the next set of results, call this
+	// `nextPageToken` is included. To get the next set of results, call this
 	// method again using the value of `nextPageToken` as `pageToken`.
-	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken" json:"next_page_token,omitempty"`
+	NextPageToken        string   `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -319,16 +349,17 @@ func (m *ListLogMetricsResponse) Reset()         { *m = ListLogMetricsResponse{}
 func (m *ListLogMetricsResponse) String() string { return proto.CompactTextString(m) }
 func (*ListLogMetricsResponse) ProtoMessage()    {}
 func (*ListLogMetricsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_metrics_ec8e3ff261e4c5c2, []int{2}
+	return fileDescriptor_25f112b6cac96ff1, []int{2}
 }
+
 func (m *ListLogMetricsResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListLogMetricsResponse.Unmarshal(m, b)
 }
 func (m *ListLogMetricsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListLogMetricsResponse.Marshal(b, m, deterministic)
 }
-func (dst *ListLogMetricsResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListLogMetricsResponse.Merge(dst, src)
+func (m *ListLogMetricsResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListLogMetricsResponse.Merge(m, src)
 }
 func (m *ListLogMetricsResponse) XXX_Size() int {
 	return xxx_messageInfo_ListLogMetricsResponse.Size(m)
@@ -355,10 +386,10 @@ func (m *ListLogMetricsResponse) GetNextPageToken() string {
 
 // The parameters to GetLogMetric.
 type GetLogMetricRequest struct {
-	// The resource name of the desired metric:
+	// Required. The resource name of the desired metric:
 	//
 	//     "projects/[PROJECT_ID]/metrics/[METRIC_ID]"
-	MetricName           string   `protobuf:"bytes,1,opt,name=metric_name,json=metricName" json:"metric_name,omitempty"`
+	MetricName           string   `protobuf:"bytes,1,opt,name=metric_name,json=metricName,proto3" json:"metric_name,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -368,16 +399,17 @@ func (m *GetLogMetricRequest) Reset()         { *m = GetLogMetricRequest{} }
 func (m *GetLogMetricRequest) String() string { return proto.CompactTextString(m) }
 func (*GetLogMetricRequest) ProtoMessage()    {}
 func (*GetLogMetricRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_metrics_ec8e3ff261e4c5c2, []int{3}
+	return fileDescriptor_25f112b6cac96ff1, []int{3}
 }
+
 func (m *GetLogMetricRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_GetLogMetricRequest.Unmarshal(m, b)
 }
 func (m *GetLogMetricRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_GetLogMetricRequest.Marshal(b, m, deterministic)
 }
-func (dst *GetLogMetricRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetLogMetricRequest.Merge(dst, src)
+func (m *GetLogMetricRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetLogMetricRequest.Merge(m, src)
 }
 func (m *GetLogMetricRequest) XXX_Size() int {
 	return xxx_messageInfo_GetLogMetricRequest.Size(m)
@@ -397,15 +429,15 @@ func (m *GetLogMetricRequest) GetMetricName() string {
 
 // The parameters to CreateLogMetric.
 type CreateLogMetricRequest struct {
-	// The resource name of the project in which to create the metric:
+	// Required. The resource name of the project in which to create the metric:
 	//
 	//     "projects/[PROJECT_ID]"
 	//
 	// The new metric must be provided in the request.
-	Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"`
-	// The new logs-based metric, which must not have an identifier that
+	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
+	// Required. The new logs-based metric, which must not have an identifier that
 	// already exists.
-	Metric               *LogMetric `protobuf:"bytes,2,opt,name=metric" json:"metric,omitempty"`
+	Metric               *LogMetric `protobuf:"bytes,2,opt,name=metric,proto3" json:"metric,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
 	XXX_unrecognized     []byte     `json:"-"`
 	XXX_sizecache        int32      `json:"-"`
@@ -415,16 +447,17 @@ func (m *CreateLogMetricRequest) Reset()         { *m = CreateLogMetricRequest{}
 func (m *CreateLogMetricRequest) String() string { return proto.CompactTextString(m) }
 func (*CreateLogMetricRequest) ProtoMessage()    {}
 func (*CreateLogMetricRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_metrics_ec8e3ff261e4c5c2, []int{4}
+	return fileDescriptor_25f112b6cac96ff1, []int{4}
 }
+
 func (m *CreateLogMetricRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_CreateLogMetricRequest.Unmarshal(m, b)
 }
 func (m *CreateLogMetricRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_CreateLogMetricRequest.Marshal(b, m, deterministic)
 }
-func (dst *CreateLogMetricRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CreateLogMetricRequest.Merge(dst, src)
+func (m *CreateLogMetricRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateLogMetricRequest.Merge(m, src)
 }
 func (m *CreateLogMetricRequest) XXX_Size() int {
 	return xxx_messageInfo_CreateLogMetricRequest.Size(m)
@@ -451,16 +484,16 @@ func (m *CreateLogMetricRequest) GetMetric() *LogMetric {
 
 // The parameters to UpdateLogMetric.
 type UpdateLogMetricRequest struct {
-	// The resource name of the metric to update:
+	// Required. The resource name of the metric to update:
 	//
 	//     "projects/[PROJECT_ID]/metrics/[METRIC_ID]"
 	//
 	// The updated metric must be provided in the request and it's
 	// `name` field must be the same as `[METRIC_ID]` If the metric
 	// does not exist in `[PROJECT_ID]`, then a new metric is created.
-	MetricName string `protobuf:"bytes,1,opt,name=metric_name,json=metricName" json:"metric_name,omitempty"`
-	// The updated metric.
-	Metric               *LogMetric `protobuf:"bytes,2,opt,name=metric" json:"metric,omitempty"`
+	MetricName string `protobuf:"bytes,1,opt,name=metric_name,json=metricName,proto3" json:"metric_name,omitempty"`
+	// Required. The updated metric.
+	Metric               *LogMetric `protobuf:"bytes,2,opt,name=metric,proto3" json:"metric,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
 	XXX_unrecognized     []byte     `json:"-"`
 	XXX_sizecache        int32      `json:"-"`
@@ -470,16 +503,17 @@ func (m *UpdateLogMetricRequest) Reset()         { *m = UpdateLogMetricRequest{}
 func (m *UpdateLogMetricRequest) String() string { return proto.CompactTextString(m) }
 func (*UpdateLogMetricRequest) ProtoMessage()    {}
 func (*UpdateLogMetricRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_metrics_ec8e3ff261e4c5c2, []int{5}
+	return fileDescriptor_25f112b6cac96ff1, []int{5}
 }
+
 func (m *UpdateLogMetricRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_UpdateLogMetricRequest.Unmarshal(m, b)
 }
 func (m *UpdateLogMetricRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_UpdateLogMetricRequest.Marshal(b, m, deterministic)
 }
-func (dst *UpdateLogMetricRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_UpdateLogMetricRequest.Merge(dst, src)
+func (m *UpdateLogMetricRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateLogMetricRequest.Merge(m, src)
 }
 func (m *UpdateLogMetricRequest) XXX_Size() int {
 	return xxx_messageInfo_UpdateLogMetricRequest.Size(m)
@@ -506,10 +540,10 @@ func (m *UpdateLogMetricRequest) GetMetric() *LogMetric {
 
 // The parameters to DeleteLogMetric.
 type DeleteLogMetricRequest struct {
-	// The resource name of the metric to delete:
+	// Required. The resource name of the metric to delete:
 	//
 	//     "projects/[PROJECT_ID]/metrics/[METRIC_ID]"
-	MetricName           string   `protobuf:"bytes,1,opt,name=metric_name,json=metricName" json:"metric_name,omitempty"`
+	MetricName           string   `protobuf:"bytes,1,opt,name=metric_name,json=metricName,proto3" json:"metric_name,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -519,16 +553,17 @@ func (m *DeleteLogMetricRequest) Reset()         { *m = DeleteLogMetricRequest{}
 func (m *DeleteLogMetricRequest) String() string { return proto.CompactTextString(m) }
 func (*DeleteLogMetricRequest) ProtoMessage()    {}
 func (*DeleteLogMetricRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_logging_metrics_ec8e3ff261e4c5c2, []int{6}
+	return fileDescriptor_25f112b6cac96ff1, []int{6}
 }
+
 func (m *DeleteLogMetricRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DeleteLogMetricRequest.Unmarshal(m, b)
 }
 func (m *DeleteLogMetricRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DeleteLogMetricRequest.Marshal(b, m, deterministic)
 }
-func (dst *DeleteLogMetricRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DeleteLogMetricRequest.Merge(dst, src)
+func (m *DeleteLogMetricRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteLogMetricRequest.Merge(m, src)
 }
 func (m *DeleteLogMetricRequest) XXX_Size() int {
 	return xxx_messageInfo_DeleteLogMetricRequest.Size(m)
@@ -547,6 +582,7 @@ func (m *DeleteLogMetricRequest) GetMetricName() string {
 }
 
 func init() {
+	proto.RegisterEnum("google.logging.v2.LogMetric_ApiVersion", LogMetric_ApiVersion_name, LogMetric_ApiVersion_value)
 	proto.RegisterType((*LogMetric)(nil), "google.logging.v2.LogMetric")
 	proto.RegisterMapType((map[string]string)(nil), "google.logging.v2.LogMetric.LabelExtractorsEntry")
 	proto.RegisterType((*ListLogMetricsRequest)(nil), "google.logging.v2.ListLogMetricsRequest")
@@ -555,16 +591,93 @@ func init() {
 	proto.RegisterType((*CreateLogMetricRequest)(nil), "google.logging.v2.CreateLogMetricRequest")
 	proto.RegisterType((*UpdateLogMetricRequest)(nil), "google.logging.v2.UpdateLogMetricRequest")
 	proto.RegisterType((*DeleteLogMetricRequest)(nil), "google.logging.v2.DeleteLogMetricRequest")
-	proto.RegisterEnum("google.logging.v2.LogMetric_ApiVersion", LogMetric_ApiVersion_name, LogMetric_ApiVersion_value)
+}
+
+func init() {
+	proto.RegisterFile("google/logging/v2/logging_metrics.proto", fileDescriptor_25f112b6cac96ff1)
+}
+
+var fileDescriptor_25f112b6cac96ff1 = []byte{
+	// 1119 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x41, 0x6f, 0x1b, 0x45,
+	0x14, 0x66, 0x9d, 0xc6, 0x6d, 0x5e, 0x68, 0xec, 0x4e, 0x5b, 0xd7, 0xb8, 0x09, 0x31, 0x46, 0x24,
+	0x6e, 0x68, 0x76, 0x5b, 0x57, 0x42, 0x25, 0xa5, 0x42, 0x76, 0x13, 0x22, 0xd4, 0x14, 0xa2, 0x6d,
+	0xc9, 0x01, 0x05, 0x99, 0xf1, 0x7a, 0xb2, 0x59, 0xb2, 0xbb, 0xb3, 0xcc, 0x8e, 0x9d, 0xa4, 0x51,
+	0x2e, 0xdc, 0xb9, 0x84, 0x03, 0x87, 0x1e, 0xe0, 0x86, 0xc4, 0x81, 0x1f, 0xd2, 0x23, 0xdc, 0x72,
+	0xea, 0x01, 0x71, 0xe0, 0xc4, 0x11, 0x71, 0x42, 0x3b, 0x33, 0xeb, 0x6c, 0x37, 0xab, 0xd8, 0x08,
+	0xf5, 0x94, 0x99, 0xf7, 0xbe, 0xf7, 0xde, 0x37, 0xef, 0x7d, 0x2f, 0x6b, 0x98, 0xb7, 0x29, 0xb5,
+	0x5d, 0x62, 0xb8, 0xd4, 0xb6, 0x1d, 0xdf, 0x36, 0xfa, 0x8d, 0xf8, 0xd8, 0xf6, 0x08, 0x67, 0x8e,
+	0x15, 0xea, 0x01, 0xa3, 0x9c, 0xa2, 0x4b, 0x12, 0xa8, 0x2b, 0xaf, 0xde, 0x6f, 0x54, 0xae, 0xa9,
+	0x58, 0x1c, 0x38, 0x86, 0xe5, 0x3a, 0xc4, 0xe7, 0x12, 0x5b, 0x99, 0x49, 0x38, 0xba, 0x4e, 0xc8,
+	0x99, 0xd3, 0xe9, 0x71, 0x87, 0xfa, 0xca, 0x3d, 0x9b, 0x70, 0x6f, 0x39, 0xc4, 0xed, 0xb6, 0x3b,
+	0x64, 0x1b, 0xf7, 0x1d, 0xca, 0x14, 0x20, 0x99, 0x58, 0xb2, 0x50, 0x8e, 0x37, 0x12, 0x0e, 0x46,
+	0x42, 0xda, 0x63, 0x16, 0x51, 0xae, 0x37, 0x95, 0x4b, 0xdc, 0x3a, 0xbd, 0x2d, 0xa3, 0xdb, 0x63,
+	0x38, 0x51, 0xf4, 0x7a, 0xda, 0x4f, 0xbc, 0x80, 0xef, 0x2b, 0x67, 0x35, 0xed, 0x94, 0xb4, 0x3c,
+	0x1c, 0xee, 0xa4, 0x38, 0x0f, 0x10, 0xdc, 0xf1, 0x48, 0xc8, 0xb1, 0x17, 0x28, 0xc0, 0x74, 0x82,
+	0x1a, 0xf6, 0x7d, 0xca, 0x45, 0x71, 0xd5, 0xbd, 0xda, 0x1f, 0xe3, 0x30, 0xb1, 0x46, 0xed, 0x47,
+	0xe2, 0x31, 0x08, 0xc1, 0x39, 0x1f, 0x7b, 0xa4, 0xac, 0x55, 0xb5, 0xfa, 0x84, 0x29, 0xce, 0xa8,
+	0x0a, 0x93, 0x5d, 0x12, 0x5a, 0xcc, 0x09, 0xa2, 0xb8, 0x72, 0x4e, 0xb8, 0x92, 0x26, 0x54, 0x82,
+	0xfc, 0x96, 0xe3, 0x72, 0xc2, 0xca, 0x63, 0xc2, 0xa9, 0x6e, 0xe8, 0x63, 0xb8, 0x24, 0x9b, 0xd4,
+	0x8e, 0xd1, 0x94, 0x95, 0xc7, 0xab, 0x5a, 0x7d, 0xb2, 0x31, 0xad, 0xab, 0xa9, 0xe1, 0xc0, 0xd1,
+	0x65, 0xf1, 0xe5, 0x01, 0xc6, 0x2c, 0x7a, 0x29, 0x0b, 0x9a, 0x87, 0x42, 0x1f, 0xbb, 0x3d, 0xd2,
+	0x26, 0x7b, 0x9c, 0x61, 0x2b, 0x4a, 0x94, 0x17, 0xb5, 0xa6, 0x84, 0x79, 0x25, 0xb6, 0xa2, 0x4d,
+	0x28, 0xba, 0xb8, 0x43, 0xdc, 0x13, 0x60, 0x58, 0x3e, 0x5f, 0x1d, 0xab, 0x4f, 0x36, 0x6e, 0xeb,
+	0xa7, 0x84, 0xa2, 0x0f, 0x5e, 0xae, 0xaf, 0x45, 0x41, 0x83, 0x34, 0xe1, 0x8a, 0xcf, 0xd9, 0xbe,
+	0x59, 0x70, 0x5f, 0xb6, 0xa2, 0x47, 0x30, 0xd5, 0xe9, 0x59, 0x3b, 0x84, 0xb7, 0xa9, 0x78, 0x7a,
+	0x58, 0xbe, 0x20, 0x9e, 0x33, 0x97, 0x7c, 0xce, 0x72, 0x52, 0x58, 0x2d, 0x01, 0xff, 0x54, 0xa2,
+	0xcd, 0x8b, 0x9d, 0xe4, 0x15, 0xdd, 0x83, 0x49, 0x8b, 0x11, 0xcc, 0x49, 0x3b, 0x1a, 0x5a, 0x79,
+	0x42, 0xe4, 0xaa, 0xc4, 0xb9, 0xe2, 0x89, 0xea, 0x4f, 0xe2, 0x89, 0x9a, 0x20, 0xe1, 0x91, 0x21,
+	0x0a, 0xee, 0x05, 0xdd, 0x41, 0x30, 0x0c, 0x0f, 0x96, 0x70, 0x11, 0xbc, 0x02, 0xe7, 0xfb, 0x84,
+	0x85, 0xd1, 0x40, 0xcf, 0x55, 0xb5, 0xfa, 0x54, 0x63, 0xfe, 0xcc, 0xee, 0x34, 0x03, 0x67, 0x43,
+	0xc2, 0x5b, 0xb9, 0xb2, 0x66, 0xc6, 0xb1, 0x95, 0x16, 0x5c, 0xc9, 0x6a, 0x1c, 0x2a, 0xc2, 0xd8,
+	0x0e, 0xd9, 0x57, 0x32, 0x8a, 0x8e, 0xe8, 0x0a, 0x8c, 0x8b, 0x49, 0x29, 0xfd, 0xc8, 0xcb, 0x52,
+	0xee, 0xae, 0x56, 0x9b, 0x06, 0x38, 0x49, 0x8f, 0xf2, 0x90, 0xdb, 0x68, 0x14, 0x5f, 0x13, 0x7f,
+	0x6f, 0x17, 0xb5, 0xa5, 0xd5, 0x3f, 0x9b, 0xcb, 0x30, 0x13, 0x93, 0x92, 0x1c, 0x71, 0xe0, 0x84,
+	0xba, 0x45, 0x3d, 0x43, 0xa9, 0xf6, 0xed, 0x80, 0xd1, 0xaf, 0x88, 0xc5, 0x43, 0xe3, 0x40, 0x9d,
+	0x0e, 0xd5, 0x76, 0x86, 0xc6, 0x81, 0x3c, 0x1c, 0xd6, 0x7e, 0xd4, 0xe0, 0xea, 0x9a, 0x13, 0xf2,
+	0xc1, 0xa3, 0x42, 0x93, 0x7c, 0xdd, 0x23, 0x21, 0x47, 0x0f, 0x21, 0x1f, 0x60, 0x46, 0x7c, 0x2e,
+	0xf9, 0xb6, 0xee, 0xbc, 0x68, 0xe6, 0xfe, 0x69, 0x2e, 0xc2, 0xbb, 0x96, 0x4b, 0x7b, 0xdd, 0x78,
+	0x9b, 0x3d, 0xec, 0x63, 0x9b, 0xb0, 0x34, 0x85, 0x75, 0x59, 0xd0, 0x54, 0x29, 0xd0, 0x0c, 0x40,
+	0x80, 0x6d, 0xd2, 0xe6, 0x74, 0x87, 0xc4, 0xcb, 0x32, 0x11, 0x59, 0x9e, 0x44, 0x06, 0x74, 0x1d,
+	0xc4, 0xa5, 0x1d, 0x3a, 0x4f, 0x89, 0xd8, 0x96, 0x71, 0xf3, 0x42, 0x64, 0x78, 0xec, 0x3c, 0x25,
+	0xb5, 0x3d, 0x28, 0xa5, 0x19, 0x86, 0x01, 0xf5, 0x43, 0x82, 0xde, 0x83, 0xf3, 0xea, 0x41, 0x65,
+	0x4d, 0x88, 0x79, 0xfa, 0xac, 0x71, 0x99, 0x31, 0x18, 0xcd, 0x41, 0xc1, 0x27, 0x7b, 0xbc, 0x7d,
+	0x8a, 0xd2, 0xc5, 0xc8, 0xbc, 0x1e, 0xd3, 0xaa, 0x7d, 0x01, 0x97, 0x57, 0xc9, 0x49, 0xe1, 0xb8,
+	0x33, 0x1f, 0xc1, 0xa4, 0x5a, 0xe0, 0x93, 0xff, 0x0a, 0xad, 0x77, 0x44, 0x7b, 0x66, 0x87, 0x0c,
+	0xc5, 0x04, 0x19, 0xf9, 0x09, 0xf6, 0x48, 0xed, 0x48, 0x83, 0xd2, 0x03, 0xa1, 0xdc, 0x53, 0x25,
+	0xee, 0xa7, 0x9a, 0x3f, 0x62, 0xf6, 0xb8, 0xdd, 0xef, 0x43, 0x5e, 0xd6, 0x11, 0xef, 0x1a, 0xd2,
+	0x97, 0xd6, 0xd8, 0x8b, 0x66, 0xce, 0x54, 0x01, 0xb5, 0x67, 0x1a, 0x94, 0x3e, 0x13, 0x1b, 0xf1,
+	0xaa, 0xde, 0xfd, 0x7f, 0xd8, 0x7d, 0x09, 0xa5, 0x65, 0xe2, 0x92, 0x57, 0x47, 0xae, 0xf1, 0xcb,
+	0x05, 0x28, 0x2a, 0x9d, 0x3d, 0x26, 0xac, 0xef, 0x58, 0x64, 0xa3, 0x81, 0xbe, 0xd7, 0x60, 0xea,
+	0x65, 0x0d, 0xa2, 0x7a, 0x16, 0xe9, 0xac, 0x45, 0xaa, 0xdc, 0x18, 0x01, 0x29, 0x05, 0x5d, 0xbb,
+	0x75, 0xdc, 0x54, 0x23, 0xfc, 0xe6, 0xb7, 0xdf, 0xbf, 0xcb, 0xbd, 0x85, 0x66, 0xa3, 0x0f, 0xfc,
+	0x81, 0x34, 0xdd, 0x1f, 0xec, 0xf3, 0xc2, 0x60, 0x91, 0xd1, 0x91, 0x06, 0xaf, 0x27, 0x35, 0x8a,
+	0xe6, 0x32, 0xaa, 0x65, 0x88, 0xb8, 0x72, 0x66, 0xd3, 0x6b, 0x1f, 0x1c, 0x37, 0x93, 0xed, 0x14,
+	0x6c, 0xea, 0x68, 0x4e, 0xb0, 0x49, 0xd8, 0x13, 0x94, 0x06, 0xff, 0x5a, 0x16, 0x0e, 0xd1, 0x33,
+	0x0d, 0x0a, 0x29, 0x61, 0xa3, 0xac, 0x2e, 0x64, 0x8b, 0x7f, 0x08, 0xb5, 0x0f, 0x8f, 0x9b, 0x17,
+	0x65, 0x43, 0x6e, 0xca, 0x92, 0x82, 0xdc, 0x8d, 0xda, 0xb0, 0x56, 0x2d, 0x29, 0x0d, 0xa1, 0x9f,
+	0x34, 0x28, 0xa4, 0x14, 0x9e, 0xc9, 0x2e, 0x7b, 0x0b, 0x86, 0xb0, 0x7b, 0x78, 0xdc, 0x44, 0x89,
+	0x06, 0x25, 0x29, 0xde, 0xaa, 0x8c, 0xd8, 0xbf, 0x01, 0xd3, 0x23, 0x0d, 0x0a, 0x29, 0xb9, 0x67,
+	0x32, 0xcd, 0x5e, 0x89, 0x4a, 0xe9, 0xd4, 0x57, 0x6f, 0x25, 0xfa, 0x0d, 0x95, 0x3d, 0xdc, 0x85,
+	0x11, 0xc9, 0x55, 0xbe, 0xcd, 0x3d, 0x6f, 0x96, 0xb2, 0xf7, 0xe9, 0xd7, 0xe6, 0x5f, 0xda, 0x36,
+	0xe7, 0x41, 0xb8, 0x64, 0x18, 0xbb, 0xbb, 0xbb, 0xe9, 0x6d, 0xc3, 0x3d, 0xbe, 0x6d, 0x88, 0xaf,
+	0xc7, 0x62, 0xe0, 0x62, 0xbe, 0x45, 0x99, 0x77, 0xf3, 0xbf, 0xc1, 0x75, 0x46, 0x70, 0x77, 0x91,
+	0xfa, 0xee, 0xfe, 0xd0, 0xc0, 0x98, 0x21, 0xee, 0x7a, 0x8e, 0x3f, 0x32, 0x3a, 0xca, 0x3f, 0x32,
+	0x78, 0x97, 0x39, 0x9c, 0xb4, 0x7e, 0xd0, 0xe0, 0xaa, 0x45, 0xbd, 0xd3, 0x63, 0x69, 0x5d, 0x5e,
+	0x93, 0x67, 0xb5, 0xe5, 0xeb, 0xd1, 0x14, 0xd6, 0xb5, 0xcf, 0xef, 0x2a, 0xa4, 0x4d, 0x5d, 0xec,
+	0xdb, 0x3a, 0x65, 0xb6, 0x61, 0x13, 0x5f, 0xcc, 0xc8, 0x38, 0x29, 0x97, 0xf8, 0x85, 0x7f, 0x4f,
+	0x1d, 0xff, 0xd6, 0xb4, 0x9f, 0x73, 0xd7, 0x56, 0x65, 0xf4, 0x83, 0xa8, 0x31, 0xba, 0xaa, 0xa0,
+	0x6f, 0x34, 0x9e, 0xc7, 0x9e, 0x4d, 0xe1, 0xd9, 0x54, 0x9e, 0xcd, 0x8d, 0x46, 0x27, 0x2f, 0x72,
+	0xdf, 0xf9, 0x37, 0x00, 0x00, 0xff, 0xff, 0xa4, 0x2c, 0x81, 0x5b, 0x3c, 0x0c, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
-var _ grpc.ClientConn
+var _ grpc.ClientConnInterface
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-const _ = grpc.SupportPackageIsVersion4
+const _ = grpc.SupportPackageIsVersion6
 
 // MetricsServiceV2Client is the client API for MetricsServiceV2 service.
 //
@@ -583,10 +696,10 @@ type MetricsServiceV2Client interface {
 }
 
 type metricsServiceV2Client struct {
-	cc *grpc.ClientConn
+	cc grpc.ClientConnInterface
 }
 
-func NewMetricsServiceV2Client(cc *grpc.ClientConn) MetricsServiceV2Client {
+func NewMetricsServiceV2Client(cc grpc.ClientConnInterface) MetricsServiceV2Client {
 	return &metricsServiceV2Client{cc}
 }
 
@@ -635,8 +748,7 @@ func (c *metricsServiceV2Client) DeleteLogMetric(ctx context.Context, in *Delete
 	return out, nil
 }
 
-// Server API for MetricsServiceV2 service
-
+// MetricsServiceV2Server is the server API for MetricsServiceV2 service.
 type MetricsServiceV2Server interface {
 	// Lists logs-based metrics.
 	ListLogMetrics(context.Context, *ListLogMetricsRequest) (*ListLogMetricsResponse, error)
@@ -650,6 +762,26 @@ type MetricsServiceV2Server interface {
 	DeleteLogMetric(context.Context, *DeleteLogMetricRequest) (*empty.Empty, error)
 }
 
+// UnimplementedMetricsServiceV2Server can be embedded to have forward compatible implementations.
+type UnimplementedMetricsServiceV2Server struct {
+}
+
+func (*UnimplementedMetricsServiceV2Server) ListLogMetrics(ctx context.Context, req *ListLogMetricsRequest) (*ListLogMetricsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListLogMetrics not implemented")
+}
+func (*UnimplementedMetricsServiceV2Server) GetLogMetric(ctx context.Context, req *GetLogMetricRequest) (*LogMetric, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetLogMetric not implemented")
+}
+func (*UnimplementedMetricsServiceV2Server) CreateLogMetric(ctx context.Context, req *CreateLogMetricRequest) (*LogMetric, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateLogMetric not implemented")
+}
+func (*UnimplementedMetricsServiceV2Server) UpdateLogMetric(ctx context.Context, req *UpdateLogMetricRequest) (*LogMetric, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateLogMetric not implemented")
+}
+func (*UnimplementedMetricsServiceV2Server) DeleteLogMetric(ctx context.Context, req *DeleteLogMetricRequest) (*empty.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteLogMetric not implemented")
+}
+
 func RegisterMetricsServiceV2Server(s *grpc.Server, srv MetricsServiceV2Server) {
 	s.RegisterService(&_MetricsServiceV2_serviceDesc, srv)
 }
@@ -772,64 +904,3 @@ var _MetricsServiceV2_serviceDesc = grpc.ServiceDesc{
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "google/logging/v2/logging_metrics.proto",
 }
-
-func init() {
-	proto.RegisterFile("google/logging/v2/logging_metrics.proto", fileDescriptor_logging_metrics_ec8e3ff261e4c5c2)
-}
-
-var fileDescriptor_logging_metrics_ec8e3ff261e4c5c2 = []byte{
-	// 846 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0xc1, 0x6e, 0xdb, 0x46,
-	0x10, 0xed, 0xca, 0xb6, 0x1c, 0x8f, 0x1b, 0x4b, 0xd9, 0x24, 0x8a, 0xa0, 0x38, 0x88, 0xca, 0x83,
-	0xa5, 0xf8, 0x40, 0x36, 0x6c, 0x61, 0xa4, 0x29, 0x7a, 0x88, 0x62, 0x23, 0x28, 0xa0, 0xb4, 0x06,
-	0xd3, 0xea, 0x50, 0x08, 0x20, 0x28, 0x69, 0x44, 0x6c, 0x45, 0x71, 0x59, 0xee, 0x4a, 0xb0, 0x53,
-	0xe4, 0x52, 0xe4, 0x56, 0xa0, 0x87, 0xf6, 0x03, 0x72, 0xef, 0xa7, 0xf4, 0xda, 0x7e, 0x42, 0x3f,
-	0xa2, 0xc7, 0x82, 0xcb, 0xa5, 0xcc, 0x48, 0x8c, 0x65, 0xf8, 0xe4, 0xdd, 0x79, 0x33, 0xfb, 0xde,
-	0xcc, 0x3c, 0x59, 0x82, 0x96, 0xcf, 0xb9, 0x1f, 0xa0, 0x15, 0x70, 0xdf, 0x67, 0xa1, 0x6f, 0xcd,
-	0xed, 0xec, 0xe8, 0x4e, 0x51, 0xc6, 0x6c, 0x28, 0xcc, 0x28, 0xe6, 0x92, 0xd3, 0x5b, 0x69, 0xa2,
-	0xa9, 0x51, 0x73, 0x6e, 0x37, 0xf6, 0x75, 0xad, 0x17, 0x31, 0xcb, 0x0b, 0x43, 0x2e, 0x3d, 0xc9,
-	0x78, 0xa8, 0x0b, 0x1a, 0x0f, 0x72, 0xe8, 0x88, 0x09, 0x19, 0xb3, 0xc1, 0x2c, 0xc1, 0x35, 0x7c,
-	0x2f, 0x07, 0xa7, 0x4c, 0x1a, 0xb8, 0xaf, 0x01, 0x75, 0x1b, 0xcc, 0xc6, 0x16, 0x4e, 0x23, 0x79,
-	0xae, 0xc1, 0xe6, 0x32, 0x38, 0x66, 0x18, 0x8c, 0xdc, 0xa9, 0x27, 0x26, 0x69, 0x86, 0xf1, 0x6e,
-	0x13, 0x76, 0xba, 0xdc, 0x7f, 0xa9, 0x9e, 0xa4, 0x14, 0x36, 0x43, 0x6f, 0x8a, 0x75, 0xd2, 0x24,
-	0xed, 0x1d, 0x47, 0x9d, 0x69, 0x13, 0x76, 0x47, 0x28, 0x86, 0x31, 0x8b, 0x12, 0x39, 0xf5, 0x92,
-	0x82, 0xf2, 0x21, 0x5a, 0x83, 0xf2, 0x98, 0x05, 0x12, 0xe3, 0xfa, 0x86, 0x02, 0xf5, 0x8d, 0x7e,
-	0x0d, 0xb7, 0x52, 0xa9, 0x6e, 0x96, 0xcd, 0xe3, 0xfa, 0x56, 0x93, 0xb4, 0x77, 0xed, 0x7d, 0x53,
-	0xcf, 0xc7, 0x8b, 0x98, 0x99, 0x92, 0x1f, 0x2f, 0x72, 0x9c, 0xea, 0x74, 0x29, 0x42, 0x5b, 0x50,
-	0x99, 0x7b, 0xc1, 0x0c, 0x5d, 0x3c, 0x93, 0xb1, 0x37, 0x4c, 0x1e, 0x2a, 0x2b, 0xae, 0x3d, 0x15,
-	0x3e, 0xc9, 0xa2, 0xb4, 0x0f, 0xd5, 0xc0, 0x1b, 0x60, 0x70, 0x91, 0x28, 0xea, 0xdb, 0xcd, 0x8d,
-	0xf6, 0xae, 0xfd, 0xd8, 0x5c, 0x59, 0x89, 0xb9, 0xe8, 0xdc, 0xec, 0x26, 0x45, 0x8b, 0x67, 0xc4,
-	0x49, 0x28, 0xe3, 0x73, 0xa7, 0x12, 0xbc, 0x1f, 0xa5, 0x2f, 0x61, 0x6f, 0x30, 0x1b, 0x4e, 0x50,
-	0xba, 0x5c, 0xb5, 0x2e, 0xea, 0x37, 0x54, 0x3b, 0x07, 0xf9, 0x76, 0x8e, 0xf3, 0xdb, 0xeb, 0xa8,
-	0xf4, 0x6f, 0xd3, 0x6c, 0xe7, 0xe6, 0x20, 0x7f, 0xa5, 0xcf, 0x60, 0x7b, 0x8e, 0xb1, 0x48, 0xc6,
-	0xba, 0xd9, 0x24, 0xed, 0x3d, 0xbb, 0x75, 0xa9, 0xc6, 0x67, 0x11, 0xeb, 0xa5, 0xe9, 0x4e, 0x56,
-	0xd7, 0xe8, 0xc0, 0x9d, 0x22, 0xe9, 0xb4, 0x0a, 0x1b, 0x13, 0x3c, 0xd7, 0x8b, 0x4c, 0x8e, 0xf4,
-	0x0e, 0x6c, 0xa9, 0x59, 0xe9, 0x0d, 0xa6, 0x97, 0xa7, 0xa5, 0x27, 0xc4, 0xd8, 0x07, 0xb8, 0x78,
-	0x9a, 0x96, 0xa1, 0xd4, 0xb3, 0xab, 0x1f, 0xa9, 0xbf, 0x8f, 0xab, 0xc4, 0x98, 0xc0, 0xdd, 0x2e,
-	0x13, 0x72, 0x21, 0x43, 0x38, 0xf8, 0xd3, 0x0c, 0x85, 0x4c, 0xd6, 0x1e, 0x79, 0x31, 0x86, 0x52,
-	0xb3, 0xe8, 0x1b, 0x7d, 0x00, 0x10, 0x79, 0x3e, 0xba, 0x92, 0x4f, 0x30, 0xf3, 0xcb, 0x4e, 0x12,
-	0xf9, 0x2e, 0x09, 0xd0, 0xfb, 0xa0, 0x2e, 0xae, 0x60, 0xaf, 0x51, 0x19, 0x66, 0xcb, 0xb9, 0x91,
-	0x04, 0x5e, 0xb1, 0xd7, 0x68, 0x9c, 0x41, 0x6d, 0x99, 0x4c, 0x44, 0x3c, 0x14, 0x48, 0x8f, 0x60,
-	0x5b, 0x7f, 0xc2, 0xea, 0x44, 0xed, 0x73, 0xff, 0xb2, 0x59, 0x39, 0x59, 0x32, 0x3d, 0x80, 0x4a,
-	0x88, 0x67, 0xd2, 0x5d, 0x91, 0x74, 0x33, 0x09, 0x9f, 0x66, 0xb2, 0x8c, 0x23, 0xb8, 0xfd, 0x02,
-	0x2f, 0x88, 0xb3, 0x26, 0x1f, 0xc2, 0xae, 0xf6, 0x70, 0xee, 0x83, 0x01, 0x69, 0xe8, 0x1b, 0x6f,
-	0x8a, 0xc6, 0x18, 0x6a, 0xcf, 0x63, 0xf4, 0x24, 0xae, 0x94, 0x7e, 0x68, 0x3e, 0x9f, 0x43, 0x39,
-	0xad, 0x57, 0x42, 0xd6, 0x35, 0xa2, 0x73, 0x0d, 0x0e, 0xb5, 0xef, 0xa3, 0x51, 0x11, 0xcf, 0x3a,
-	0x89, 0xd7, 0x24, 0xfc, 0x02, 0x6a, 0xc7, 0x18, 0xe0, 0x35, 0x08, 0xed, 0x7f, 0xb6, 0xa0, 0xaa,
-	0xf7, 0xf7, 0x0a, 0xe3, 0x39, 0x1b, 0x62, 0xcf, 0xa6, 0xbf, 0x11, 0xd8, 0x7b, 0x7f, 0xb7, 0xb4,
-	0x5d, 0x24, 0xa4, 0xc8, 0x6b, 0x8d, 0x47, 0x57, 0xc8, 0x4c, 0x8d, 0x62, 0xb4, 0x7e, 0xf9, 0xfb,
-	0xdf, 0x3f, 0x4a, 0x9f, 0xd0, 0x87, 0xc9, 0x3f, 0xe7, 0x9f, 0xd3, 0x99, 0x7f, 0x15, 0xc5, 0xfc,
-	0x47, 0x1c, 0x4a, 0x61, 0x1d, 0xbe, 0xb1, 0x32, 0x67, 0xbc, 0x25, 0xf0, 0x71, 0x7e, 0xe5, 0xf4,
-	0xa0, 0x80, 0xa4, 0xc0, 0x13, 0x8d, 0x4b, 0xe7, 0x67, 0x98, 0x8a, 0xbf, 0x4d, 0x0f, 0x14, 0x7f,
-	0x6e, 0x50, 0x39, 0x11, 0x99, 0x06, 0xeb, 0xf0, 0x0d, 0xfd, 0x95, 0x40, 0x65, 0xc9, 0x41, 0xb4,
-	0xa8, 0xdd, 0x62, 0x97, 0xad, 0x11, 0x63, 0x29, 0x31, 0x8f, 0x8c, 0x75, 0xc3, 0x78, 0xaa, 0xb7,
-	0x4e, 0x7f, 0x27, 0x50, 0x59, 0xf2, 0x59, 0xa1, 0x9a, 0x62, 0x2f, 0xae, 0x51, 0x73, 0xa4, 0xd4,
-	0x7c, 0xda, 0xb8, 0xe2, 0x68, 0x16, 0xa2, 0xde, 0x12, 0xa8, 0x2c, 0x79, 0xb1, 0x50, 0x54, 0xb1,
-	0x5f, 0x1b, 0xb5, 0x2c, 0x35, 0xfb, 0x1a, 0x34, 0x4f, 0x92, 0xef, 0xc8, 0x6c, 0x53, 0x87, 0x57,
-	0x94, 0xd3, 0x79, 0x47, 0xe0, 0xee, 0x90, 0x4f, 0x57, 0x89, 0x3b, 0xb7, 0xbb, 0xe9, 0x59, 0x7b,
-	0xf1, 0x34, 0xe1, 0x39, 0x25, 0x3f, 0x3c, 0xd1, 0x99, 0x3e, 0x0f, 0xbc, 0xd0, 0x37, 0x79, 0xec,
-	0x5b, 0x3e, 0x86, 0x4a, 0x85, 0x95, 0x42, 0x5e, 0xc4, 0x44, 0xee, 0xc7, 0xc4, 0x97, 0xfa, 0xf8,
-	0x1f, 0x21, 0x7f, 0x96, 0xee, 0xbd, 0x48, 0xab, 0x9f, 0x07, 0x7c, 0x36, 0x32, 0x35, 0x83, 0xd9,
-	0xb3, 0xff, 0xca, 0x90, 0xbe, 0x42, 0xfa, 0x1a, 0xe9, 0xf7, 0xec, 0x41, 0x59, 0xbd, 0xfd, 0xd9,
-	0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf7, 0xb9, 0xb3, 0xe4, 0xa7, 0x08, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
index fb104e6dfb8c9..c988461b639aa 100644
--- a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
@@ -1,12 +1,15 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/rpc/status.proto
 
-package status // import "google.golang.org/genproto/googleapis/rpc/status"
+package status
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-import any "github.com/golang/protobuf/ptypes/any"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+	any "github.com/golang/protobuf/ptypes/any"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -17,70 +20,25 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
-// The `Status` type defines a logical error model that is suitable for different
-// programming environments, including REST APIs and RPC APIs. It is used by
-// [gRPC](https://github.com/grpc). The error model is designed to be:
-//
-// - Simple to use and understand for most users
-// - Flexible enough to meet unexpected needs
-//
-// # Overview
-//
-// The `Status` message contains three pieces of data: error code, error message,
-// and error details. The error code should be an enum value of
-// [google.rpc.Code][google.rpc.Code], but it may accept additional error codes if needed.  The
-// error message should be a developer-facing English message that helps
-// developers *understand* and *resolve* the error. If a localized user-facing
-// error message is needed, put the localized message in the error details or
-// localize it in the client. The optional error details may contain arbitrary
-// information about the error. There is a predefined set of error detail types
-// in the package `google.rpc` that can be used for common error conditions.
-//
-// # Language mapping
-//
-// The `Status` message is the logical representation of the error model, but it
-// is not necessarily the actual wire format. When the `Status` message is
-// exposed in different client libraries and different wire protocols, it can be
-// mapped differently. For example, it will likely be mapped to some exceptions
-// in Java, but more likely mapped to some error codes in C.
-//
-// # Other uses
-//
-// The error model and the `Status` message can be used in a variety of
-// environments, either with or without APIs, to provide a
-// consistent developer experience across different environments.
+// The `Status` type defines a logical error model that is suitable for
+// different programming environments, including REST APIs and RPC APIs. It is
+// used by [gRPC](https://github.com/grpc). Each `Status` message contains
+// three pieces of data: error code, error message, and error details.
 //
-// Example uses of this error model include:
-//
-// - Partial errors. If a service needs to return partial errors to the client,
-//     it may embed the `Status` in the normal response to indicate the partial
-//     errors.
-//
-// - Workflow errors. A typical workflow has multiple steps. Each step may
-//     have a `Status` message for error reporting.
-//
-// - Batch operations. If a client uses batch request and batch response, the
-//     `Status` message should be used directly inside batch response, one for
-//     each error sub-response.
-//
-// - Asynchronous operations. If an API call embeds asynchronous operation
-//     results in its response, the status of those operations should be
-//     represented directly using the `Status` message.
-//
-// - Logging. If some API errors are stored in logs, the message `Status` could
-//     be used directly after any stripping needed for security/privacy reasons.
+// You can find out more about this error model and how to work with it in the
+// [API Design Guide](https://cloud.google.com/apis/design/errors).
 type Status struct {
 	// The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
-	Code int32 `protobuf:"varint,1,opt,name=code" json:"code,omitempty"`
+	Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
 	// A developer-facing error message, which should be in English. Any
 	// user-facing error message should be localized and sent in the
 	// [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
-	Message string `protobuf:"bytes,2,opt,name=message" json:"message,omitempty"`
+	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
 	// A list of messages that carry the error details.  There is a common set of
 	// message types for APIs to use.
-	Details              []*any.Any `protobuf:"bytes,3,rep,name=details" json:"details,omitempty"`
+	Details              []*any.Any `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
 	XXX_unrecognized     []byte     `json:"-"`
 	XXX_sizecache        int32      `json:"-"`
@@ -90,16 +48,17 @@ func (m *Status) Reset()         { *m = Status{} }
 func (m *Status) String() string { return proto.CompactTextString(m) }
 func (*Status) ProtoMessage()    {}
 func (*Status) Descriptor() ([]byte, []int) {
-	return fileDescriptor_status_c656c685916bdf47, []int{0}
+	return fileDescriptor_24d244abaf643bfe, []int{0}
 }
+
 func (m *Status) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Status.Unmarshal(m, b)
 }
 func (m *Status) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Status.Marshal(b, m, deterministic)
 }
-func (dst *Status) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Status.Merge(dst, src)
+func (m *Status) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Status.Merge(m, src)
 }
 func (m *Status) XXX_Size() int {
 	return xxx_messageInfo_Status.Size(m)
@@ -135,10 +94,12 @@ func init() {
 	proto.RegisterType((*Status)(nil), "google.rpc.Status")
 }
 
-func init() { proto.RegisterFile("google/rpc/status.proto", fileDescriptor_status_c656c685916bdf47) }
+func init() {
+	proto.RegisterFile("google/rpc/status.proto", fileDescriptor_24d244abaf643bfe)
+}
 
-var fileDescriptor_status_c656c685916bdf47 = []byte{
-	// 209 bytes of a gzipped FileDescriptorProto
+var fileDescriptor_24d244abaf643bfe = []byte{
+	// 212 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4f, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0x2f, 0x2a, 0x48, 0xd6, 0x2f, 0x2e, 0x49, 0x2c, 0x29, 0x2d, 0xd6, 0x2b, 0x28,
 	0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x82, 0x48, 0xe8, 0x15, 0x15, 0x24, 0x4b, 0x49, 0x42, 0x15, 0x81,
@@ -147,10 +108,10 @@ var fileDescriptor_status_c656c685916bdf47 = []byte{
 	0xc0, 0x6c, 0x21, 0x09, 0x2e, 0xf6, 0xdc, 0xd4, 0xe2, 0xe2, 0xc4, 0xf4, 0x54, 0x09, 0x26, 0x05,
 	0x46, 0x0d, 0xce, 0x20, 0x18, 0x57, 0x48, 0x8f, 0x8b, 0x3d, 0x25, 0xb5, 0x24, 0x31, 0x33, 0xa7,
 	0x58, 0x82, 0x59, 0x81, 0x59, 0x83, 0xdb, 0x48, 0x44, 0x0f, 0x6a, 0x21, 0xcc, 0x12, 0x3d, 0xc7,
-	0xbc, 0xca, 0x20, 0x98, 0x22, 0xa7, 0x38, 0x2e, 0xbe, 0xe4, 0xfc, 0x5c, 0x3d, 0x84, 0xa3, 0x9c,
+	0xbc, 0xca, 0x20, 0x98, 0x22, 0xa7, 0x44, 0x2e, 0xbe, 0xe4, 0xfc, 0x5c, 0x3d, 0x84, 0xa3, 0x9c,
 	0xb8, 0x21, 0xf6, 0x06, 0x80, 0x94, 0x07, 0x30, 0x46, 0x99, 0x43, 0xa5, 0xd2, 0xf3, 0x73, 0x12,
 	0xf3, 0xd2, 0xf5, 0xf2, 0x8b, 0xd2, 0xf5, 0xd3, 0x53, 0xf3, 0xc0, 0x86, 0xe9, 0x43, 0xa4, 0x12,
-	0x0b, 0x32, 0x8b, 0x91, 0xfc, 0x69, 0x0d, 0xa1, 0x16, 0x31, 0x31, 0x07, 0x05, 0x38, 0x27, 0xb1,
-	0x81, 0x55, 0x1a, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, 0xa4, 0x53, 0xf0, 0x7c, 0x10, 0x01, 0x00,
-	0x00,
+	0x0b, 0x32, 0x8b, 0x91, 0xfc, 0x69, 0x0d, 0xa1, 0x7e, 0x30, 0x32, 0x2e, 0x62, 0x62, 0x0e, 0x0a,
+	0x70, 0x4e, 0x62, 0x03, 0x2b, 0x36, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0xb9, 0x28, 0x45, 0xb1,
+	0x13, 0x01, 0x00, 0x00,
 }
diff --git a/vendor/google.golang.org/genproto/protobuf/field_mask/field_mask.pb.go b/vendor/google.golang.org/genproto/protobuf/field_mask/field_mask.pb.go
index ace751f68d1d1..44fb5e63038b9 100644
--- a/vendor/google.golang.org/genproto/protobuf/field_mask/field_mask.pb.go
+++ b/vendor/google.golang.org/genproto/protobuf/field_mask/field_mask.pb.go
@@ -1,11 +1,14 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: google/protobuf/field_mask.proto
 
-package field_mask // import "google.golang.org/genproto/protobuf/field_mask"
+package field_mask
 
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+)
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -16,7 +19,7 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 // `FieldMask` represents a set of symbolic field paths, for example:
 //
@@ -86,57 +89,49 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
 // describe the updated values, the API ignores the values of all
 // fields not covered by the mask.
 //
-// If a repeated field is specified for an update operation, the existing
-// repeated values in the target resource will be overwritten by the new values.
-// Note that a repeated field is only allowed in the last position of a `paths`
-// string.
+// If a repeated field is specified for an update operation, new values will
+// be appended to the existing repeated field in the target resource. Note that
+// a repeated field is only allowed in the last position of a `paths` string.
 //
 // If a sub-message is specified in the last position of the field mask for an
-// update operation, then the existing sub-message in the target resource is
-// overwritten. Given the target message:
+// update operation, then new value will be merged into the existing sub-message
+// in the target resource.
+//
+// For example, given the target message:
 //
 //     f {
 //       b {
-//         d : 1
-//         x : 2
+//         d: 1
+//         x: 2
 //       }
-//       c : 1
+//       c: [1]
 //     }
 //
 // And an update message:
 //
 //     f {
 //       b {
-//         d : 10
+//         d: 10
 //       }
+//       c: [2]
 //     }
 //
 // then if the field mask is:
 //
-//  paths: "f.b"
+//  paths: ["f.b", "f.c"]
 //
 // then the result will be:
 //
 //     f {
 //       b {
-//         d : 10
+//         d: 10
+//         x: 2
 //       }
-//       c : 1
+//       c: [1, 2]
 //     }
 //
-// However, if the update mask was:
-//
-//  paths: "f.b.d"
-//
-// then the result would be:
-//
-//     f {
-//       b {
-//         d : 10
-//         x : 2
-//       }
-//       c : 1
-//     }
+// An implementation may provide options to override this default behavior for
+// repeated and message fields.
 //
 // In order to reset a field's value to the default, the field must
 // be in the mask and set to the default value in the provided resource.
@@ -224,10 +219,10 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
 //
 // The implementation of any API method which has a FieldMask type field in the
 // request should verify the included field paths, and return an
-// `INVALID_ARGUMENT` error if any path is duplicated or unmappable.
+// `INVALID_ARGUMENT` error if any path is unmappable.
 type FieldMask struct {
 	// The set of field mask paths.
-	Paths                []string `protobuf:"bytes,1,rep,name=paths" json:"paths,omitempty"`
+	Paths                []string `protobuf:"bytes,1,rep,name=paths,proto3" json:"paths,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -237,16 +232,17 @@ func (m *FieldMask) Reset()         { *m = FieldMask{} }
 func (m *FieldMask) String() string { return proto.CompactTextString(m) }
 func (*FieldMask) ProtoMessage()    {}
 func (*FieldMask) Descriptor() ([]byte, []int) {
-	return fileDescriptor_field_mask_56ec45e1ddac5c77, []int{0}
+	return fileDescriptor_5158202634f0da48, []int{0}
 }
+
 func (m *FieldMask) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_FieldMask.Unmarshal(m, b)
 }
 func (m *FieldMask) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_FieldMask.Marshal(b, m, deterministic)
 }
-func (dst *FieldMask) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_FieldMask.Merge(dst, src)
+func (m *FieldMask) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FieldMask.Merge(m, src)
 }
 func (m *FieldMask) XXX_Size() int {
 	return xxx_messageInfo_FieldMask.Size(m)
@@ -269,20 +265,20 @@ func init() {
 }
 
 func init() {
-	proto.RegisterFile("google/protobuf/field_mask.proto", fileDescriptor_field_mask_56ec45e1ddac5c77)
+	proto.RegisterFile("google/protobuf/field_mask.proto", fileDescriptor_5158202634f0da48)
 }
 
-var fileDescriptor_field_mask_56ec45e1ddac5c77 = []byte{
-	// 171 bytes of a gzipped FileDescriptorProto
+var fileDescriptor_5158202634f0da48 = []byte{
+	// 175 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x48, 0xcf, 0xcf, 0x4f,
 	0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0xcb, 0x4c, 0xcd,
 	0x49, 0x89, 0xcf, 0x4d, 0x2c, 0xce, 0xd6, 0x03, 0x8b, 0x09, 0xf1, 0x43, 0x54, 0xe8, 0xc1, 0x54,
 	0x28, 0x29, 0x72, 0x71, 0xba, 0x81, 0x14, 0xf9, 0x26, 0x16, 0x67, 0x0b, 0x89, 0x70, 0xb1, 0x16,
-	0x24, 0x96, 0x64, 0x14, 0x4b, 0x30, 0x2a, 0x30, 0x6b, 0x70, 0x06, 0x41, 0x38, 0x4e, 0x9d, 0x8c,
+	0x24, 0x96, 0x64, 0x14, 0x4b, 0x30, 0x2a, 0x30, 0x6b, 0x70, 0x06, 0x41, 0x38, 0x4e, 0x3d, 0x8c,
 	0x5c, 0xc2, 0xc9, 0xf9, 0xb9, 0x7a, 0x68, 0x5a, 0x9d, 0xf8, 0xe0, 0x1a, 0x03, 0x40, 0x42, 0x01,
 	0x8c, 0x51, 0x96, 0x50, 0x25, 0xe9, 0xf9, 0x39, 0x89, 0x79, 0xe9, 0x7a, 0xf9, 0x45, 0xe9, 0xfa,
-	0xe9, 0xa9, 0x79, 0x60, 0x0d, 0xd8, 0xdc, 0x64, 0x8d, 0x60, 0x2e, 0x62, 0x62, 0x76, 0x0f, 0x70,
-	0x5a, 0xc5, 0x24, 0xe7, 0x0e, 0x31, 0x21, 0x00, 0xaa, 0x5a, 0x2f, 0x3c, 0x35, 0x27, 0xc7, 0x3b,
-	0x2f, 0xbf, 0x3c, 0x2f, 0xa4, 0xb2, 0x20, 0xb5, 0x38, 0x89, 0x0d, 0x6c, 0x8c, 0x31, 0x20, 0x00,
-	0x00, 0xff, 0xff, 0x5a, 0xdb, 0x3a, 0xc0, 0xea, 0x00, 0x00, 0x00,
+	0xe9, 0xa9, 0x79, 0x60, 0x0d, 0xd8, 0xdc, 0x64, 0x8d, 0x60, 0xfe, 0x60, 0x64, 0x5c, 0xc4, 0xc4,
+	0xec, 0x1e, 0xe0, 0xb4, 0x8a, 0x49, 0xce, 0x1d, 0x62, 0x48, 0x00, 0x54, 0x83, 0x5e, 0x78, 0x6a,
+	0x4e, 0x8e, 0x77, 0x5e, 0x7e, 0x79, 0x5e, 0x48, 0x65, 0x41, 0x6a, 0x71, 0x12, 0x1b, 0xd8, 0x24,
+	0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0xfd, 0xda, 0xb7, 0xa8, 0xed, 0x00, 0x00, 0x00,
 }
diff --git a/vendor/google.golang.org/grpc/README.md b/vendor/google.golang.org/grpc/README.md
index 789adfd653625..afbc43db5105e 100644
--- a/vendor/google.golang.org/grpc/README.md
+++ b/vendor/google.golang.org/grpc/README.md
@@ -1,45 +1,121 @@
 # gRPC-Go
 
-[![Build Status](https://travis-ci.org/grpc/grpc-go.svg)](https://travis-ci.org/grpc/grpc-go) [![GoDoc](https://godoc.org/google.golang.org/grpc?status.svg)](https://godoc.org/google.golang.org/grpc) [![GoReportCard](https://goreportcard.com/badge/grpc/grpc-go)](https://goreportcard.com/report/github.com/grpc/grpc-go)
+[![Build Status](https://travis-ci.org/grpc/grpc-go.svg)](https://travis-ci.org/grpc/grpc-go)
+[![GoDoc](https://godoc.org/google.golang.org/grpc?status.svg)](https://godoc.org/google.golang.org/grpc)
+[![GoReportCard](https://goreportcard.com/badge/grpc/grpc-go)](https://goreportcard.com/report/github.com/grpc/grpc-go)
 
-The Go implementation of [gRPC](https://grpc.io/): A high performance, open source, general RPC framework that puts mobile and HTTP/2 first. For more information see the [gRPC Quick Start: Go](https://grpc.io/docs/quickstart/go.html) guide.
+The Go implementation of [gRPC](https://grpc.io/): A high performance, open
+source, general RPC framework that puts mobile and HTTP/2 first. For more
+information see the [gRPC Quick Start:
+Go](https://grpc.io/docs/quickstart/go.html) guide.
 
 Installation
 ------------
 
-To install this package, you need to install Go and setup your Go workspace on your computer. The simplest way to install the library is to run:
+To install this package, you need to install Go and setup your Go workspace on
+your computer. The simplest way to install the library is to run:
 
 ```
 $ go get -u google.golang.org/grpc
 ```
 
-Prerequisites
--------------
+With Go module support (Go 1.11+), simply `import "google.golang.org/grpc"` in
+your source code and `go [build|run|test]` will automatically download the
+necessary dependencies ([Go modules
+ref](https://github.com/golang/go/wiki/Modules)).
 
-This requires Go 1.6 or later. Go 1.7 will be required soon.
+If you are trying to access grpc-go from within China, please see the
+[FAQ](#FAQ) below.
 
-Constraints
------------
-The grpc package should only depend on standard Go packages and a small number of exceptions. If your contribution introduces new dependencies which are NOT in the [list](http://godoc.org/google.golang.org/grpc?imports), you need a discussion with gRPC-Go authors and consultants.
+Prerequisites
+-------------
+gRPC-Go requires Go 1.9 or later.
 
 Documentation
 -------------
-See [API documentation](https://godoc.org/google.golang.org/grpc) for package and API descriptions and find examples in the [examples directory](examples/).
+- See [godoc](https://godoc.org/google.golang.org/grpc) for package and API
+  descriptions.
+- Documentation on specific topics can be found in the [Documentation
+  directory](Documentation/).
+- Examples can be found in the [examples directory](examples/).
 
 Performance
 -----------
-See the current benchmarks for some of the languages supported in [this dashboard](https://performance-dot-grpc-testing.appspot.com/explore?dashboard=5652536396611584&widget=490377658&container=1286539696).
+Performance benchmark data for grpc-go and other languages is maintained in
+[this
+dashboard](https://performance-dot-grpc-testing.appspot.com/explore?dashboard=5652536396611584&widget=490377658&container=1286539696).
 
 Status
 ------
-General Availability [Google Cloud Platform Launch Stages](https://cloud.google.com/terms/launch-stages).
+General Availability [Google Cloud Platform Launch
+Stages](https://cloud.google.com/terms/launch-stages).
 
 FAQ
 ---
 
+#### I/O Timeout Errors
+
+The `golang.org` domain may be blocked from some countries.  `go get` usually
+produces an error like the following when this happens:
+
+```
+$ go get -u google.golang.org/grpc
+package google.golang.org/grpc: unrecognized import path "google.golang.org/grpc" (https fetch: Get https://google.golang.org/grpc?go-get=1: dial tcp 216.239.37.1:443: i/o timeout)
+```
+
+To build Go code, there are several options:
+
+- Set up a VPN and access google.golang.org through that.
+
+- Without Go module support: `git clone` the repo manually:
+
+  ```
+  git clone https://github.com/grpc/grpc-go.git $GOPATH/src/google.golang.org/grpc
+  ```
+
+  You will need to do the same for all of grpc's dependencies in `golang.org`,
+  e.g. `golang.org/x/net`.
+
+- With Go module support: it is possible to use the `replace` feature of `go
+  mod` to create aliases for golang.org packages.  In your project's directory:
+
+  ```
+  go mod edit -replace=google.golang.org/grpc=github.com/grpc/grpc-go@latest
+  go mod tidy
+  go mod vendor
+  go build -mod=vendor
+  ```
+
+  Again, this will need to be done for all transitive dependencies hosted on
+  golang.org as well.  Please refer to [this
+  issue](https://github.com/golang/go/issues/28652) in the golang repo regarding
+  this concern.
+
 #### Compiling error, undefined: grpc.SupportPackageIsVersion
 
 Please update proto package, gRPC package and rebuild the proto files:
  - `go get -u github.com/golang/protobuf/{proto,protoc-gen-go}`
  - `go get -u google.golang.org/grpc`
  - `protoc --go_out=plugins=grpc:. *.proto`
+
+#### How to turn on logging
+
+The default logger is controlled by the environment variables. Turn everything
+on by setting:
+
+```
+GRPC_GO_LOG_VERBOSITY_LEVEL=99 GRPC_GO_LOG_SEVERITY_LEVEL=info
+```
+
+#### The RPC failed with error `"code = Unavailable desc = transport is closing"`
+
+This error means the connection the RPC is using was closed, and there are many
+possible reasons, including:
+ 1. mis-configured transport credentials, connection failed on handshaking
+ 1. bytes disrupted, possibly by a proxy in between
+ 1. server shutdown
+
+It can be tricky to debug this because the error happens on the client side but
+the root cause of the connection being closed is on the server side. Turn on
+logging on __both client and server__, and see if there are any transport
+errors.
diff --git a/vendor/google.golang.org/grpc/attributes/attributes.go b/vendor/google.golang.org/grpc/attributes/attributes.go
new file mode 100644
index 0000000000000..68ffc6201375f
--- /dev/null
+++ b/vendor/google.golang.org/grpc/attributes/attributes.go
@@ -0,0 +1,70 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package attributes defines a generic key/value store used in various gRPC
+// components.
+//
+// All APIs in this package are EXPERIMENTAL.
+package attributes
+
+import "fmt"
+
+// Attributes is an immutable struct for storing and retrieving generic
+// key/value pairs.  Keys must be hashable, and users should define their own
+// types for keys.
+type Attributes struct {
+	m map[interface{}]interface{}
+}
+
+// New returns a new Attributes containing all key/value pairs in kvs.  If the
+// same key appears multiple times, the last value overwrites all previous
+// values for that key.  Panics if len(kvs) is not even.
+func New(kvs ...interface{}) *Attributes {
+	if len(kvs)%2 != 0 {
+		panic(fmt.Sprintf("attributes.New called with unexpected input: len(kvs) = %v", len(kvs)))
+	}
+	a := &Attributes{m: make(map[interface{}]interface{}, len(kvs)/2)}
+	for i := 0; i < len(kvs)/2; i++ {
+		a.m[kvs[i*2]] = kvs[i*2+1]
+	}
+	return a
+}
+
+// WithValues returns a new Attributes containing all key/value pairs in a and
+// kvs.  Panics if len(kvs) is not even.  If the same key appears multiple
+// times, the last value overwrites all previous values for that key.  To
+// remove an existing key, use a nil value.
+func (a *Attributes) WithValues(kvs ...interface{}) *Attributes {
+	if len(kvs)%2 != 0 {
+		panic(fmt.Sprintf("attributes.New called with unexpected input: len(kvs) = %v", len(kvs)))
+	}
+	n := &Attributes{m: make(map[interface{}]interface{}, len(a.m)+len(kvs)/2)}
+	for k, v := range a.m {
+		n.m[k] = v
+	}
+	for i := 0; i < len(kvs)/2; i++ {
+		n.m[kvs[i*2]] = kvs[i*2+1]
+	}
+	return n
+}
+
+// Value returns the value associated with these attributes for key, or nil if
+// no value is associated with key.
+func (a *Attributes) Value(key interface{}) interface{} {
+	return a.m[key]
+}
diff --git a/vendor/google.golang.org/grpc/backoff.go b/vendor/google.golang.org/grpc/backoff.go
index c40facce51030..ff7c3ee6f4824 100644
--- a/vendor/google.golang.org/grpc/backoff.go
+++ b/vendor/google.golang.org/grpc/backoff.go
@@ -16,81 +16,43 @@
  *
  */
 
+// See internal/backoff package for the backoff implementation. This file is
+// kept for the exported types and API backward compatibility.
+
 package grpc
 
 import (
-	"math/rand"
 	"time"
+
+	"google.golang.org/grpc/backoff"
 )
 
 // DefaultBackoffConfig uses values specified for backoff in
 // https://github.com/grpc/grpc/blob/master/doc/connection-backoff.md.
-var DefaultBackoffConfig = BackoffConfig{
-	MaxDelay:  120 * time.Second,
-	baseDelay: 1.0 * time.Second,
-	factor:    1.6,
-	jitter:    0.2,
-}
-
-// backoffStrategy defines the methodology for backing off after a grpc
-// connection failure.
 //
-// This is unexported until the gRPC project decides whether or not to allow
-// alternative backoff strategies. Once a decision is made, this type and its
-// method may be exported.
-type backoffStrategy interface {
-	// backoff returns the amount of time to wait before the next retry given
-	// the number of consecutive failures.
-	backoff(retries int) time.Duration
+// Deprecated: use ConnectParams instead. Will be supported throughout 1.x.
+var DefaultBackoffConfig = BackoffConfig{
+	MaxDelay: 120 * time.Second,
 }
 
 // BackoffConfig defines the parameters for the default gRPC backoff strategy.
+//
+// Deprecated: use ConnectParams instead. Will be supported throughout 1.x.
 type BackoffConfig struct {
 	// MaxDelay is the upper bound of backoff delay.
 	MaxDelay time.Duration
-
-	// TODO(stevvooe): The following fields are not exported, as allowing
-	// changes would violate the current gRPC specification for backoff. If
-	// gRPC decides to allow more interesting backoff strategies, these fields
-	// may be opened up in the future.
-
-	// baseDelay is the amount of time to wait before retrying after the first
-	// failure.
-	baseDelay time.Duration
-
-	// factor is applied to the backoff after each retry.
-	factor float64
-
-	// jitter provides a range to randomize backoff delays.
-	jitter float64
-}
-
-func setDefaults(bc *BackoffConfig) {
-	md := bc.MaxDelay
-	*bc = DefaultBackoffConfig
-
-	if md > 0 {
-		bc.MaxDelay = md
-	}
 }
 
-func (bc BackoffConfig) backoff(retries int) time.Duration {
-	if retries == 0 {
-		return bc.baseDelay
-	}
-	backoff, max := float64(bc.baseDelay), float64(bc.MaxDelay)
-	for backoff < max && retries > 0 {
-		backoff *= bc.factor
-		retries--
-	}
-	if backoff > max {
-		backoff = max
-	}
-	// Randomize backoff delays so that if a cluster of requests start at
-	// the same time, they won't operate in lockstep.
-	backoff *= 1 + bc.jitter*(rand.Float64()*2-1)
-	if backoff < 0 {
-		return 0
-	}
-	return time.Duration(backoff)
+// ConnectParams defines the parameters for connecting and retrying. Users are
+// encouraged to use this instead of the BackoffConfig type defined above. See
+// here for more details:
+// https://github.com/grpc/grpc/blob/master/doc/connection-backoff.md.
+//
+// This API is EXPERIMENTAL.
+type ConnectParams struct {
+	// Backoff specifies the configuration options for connection backoff.
+	Backoff backoff.Config
+	// MinConnectTimeout is the minimum amount of time we are willing to give a
+	// connection to complete.
+	MinConnectTimeout time.Duration
 }
diff --git a/vendor/google.golang.org/grpc/backoff/backoff.go b/vendor/google.golang.org/grpc/backoff/backoff.go
new file mode 100644
index 0000000000000..0787d0b50ce94
--- /dev/null
+++ b/vendor/google.golang.org/grpc/backoff/backoff.go
@@ -0,0 +1,52 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package backoff provides configuration options for backoff.
+//
+// More details can be found at:
+// https://github.com/grpc/grpc/blob/master/doc/connection-backoff.md.
+//
+// All APIs in this package are experimental.
+package backoff
+
+import "time"
+
+// Config defines the configuration options for backoff.
+type Config struct {
+	// BaseDelay is the amount of time to backoff after the first failure.
+	BaseDelay time.Duration
+	// Multiplier is the factor with which to multiply backoffs after a
+	// failed retry. Should ideally be greater than 1.
+	Multiplier float64
+	// Jitter is the factor with which backoffs are randomized.
+	Jitter float64
+	// MaxDelay is the upper bound of backoff delay.
+	MaxDelay time.Duration
+}
+
+// DefaultConfig is a backoff configuration with the default values specfied
+// at https://github.com/grpc/grpc/blob/master/doc/connection-backoff.md.
+//
+// This should be useful for callers who want to configure backoff with
+// non-default values only for a subset of the options.
+var DefaultConfig = Config{
+	BaseDelay:  1.0 * time.Second,
+	Multiplier: 1.6,
+	Jitter:     0.2,
+	MaxDelay:   120 * time.Second,
+}
diff --git a/vendor/google.golang.org/grpc/balancer.go b/vendor/google.golang.org/grpc/balancer.go
index e1730166cde61..a8eb0f4760919 100644
--- a/vendor/google.golang.org/grpc/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer.go
@@ -19,11 +19,10 @@
 package grpc
 
 import (
-	"fmt"
+	"context"
 	"net"
 	"sync"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/grpclog"
@@ -44,7 +43,7 @@ type Address struct {
 
 // BalancerConfig specifies the configurations for Balancer.
 //
-// Deprecated: please use package balancer.
+// Deprecated: please use package balancer.  May be removed in a future 1.x release.
 type BalancerConfig struct {
 	// DialCreds is the transport credential the Balancer implementation can
 	// use to dial to a remote load balancer server. The Balancer implementations
@@ -58,7 +57,7 @@ type BalancerConfig struct {
 
 // BalancerGetOptions configures a Get call.
 //
-// Deprecated: please use package balancer.
+// Deprecated: please use package balancer.  May be removed in a future 1.x release.
 type BalancerGetOptions struct {
 	// BlockingWait specifies whether Get should block when there is no
 	// connected address.
@@ -67,7 +66,7 @@ type BalancerGetOptions struct {
 
 // Balancer chooses network addresses for RPCs.
 //
-// Deprecated: please use package balancer.
+// Deprecated: please use package balancer.  May be removed in a future 1.x release.
 type Balancer interface {
 	// Start does the initialization work to bootstrap a Balancer. For example,
 	// this function may start the name resolution and watch the updates. It will
@@ -118,30 +117,10 @@ type Balancer interface {
 	Close() error
 }
 
-// downErr implements net.Error. It is constructed by gRPC internals and passed to the down
-// call of Balancer.
-type downErr struct {
-	timeout   bool
-	temporary bool
-	desc      string
-}
-
-func (e downErr) Error() string   { return e.desc }
-func (e downErr) Timeout() bool   { return e.timeout }
-func (e downErr) Temporary() bool { return e.temporary }
-
-func downErrorf(timeout, temporary bool, format string, a ...interface{}) downErr {
-	return downErr{
-		timeout:   timeout,
-		temporary: temporary,
-		desc:      fmt.Sprintf(format, a...),
-	}
-}
-
 // RoundRobin returns a Balancer that selects addresses round-robin. It uses r to watch
 // the name resolution updates and updates the addresses available correspondingly.
 //
-// Deprecated: please use package balancer/roundrobin.
+// Deprecated: please use package balancer/roundrobin. May be removed in a future 1.x release.
 func RoundRobin(r naming.Resolver) Balancer {
 	return &roundRobin{r: r}
 }
@@ -410,7 +389,3 @@ func (rr *roundRobin) Close() error {
 type pickFirst struct {
 	*roundRobin
 }
-
-func pickFirstBalancerV1(r naming.Resolver) Balancer {
-	return &pickFirst{&roundRobin{r: r}}
-}
diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go
index 63b8d71371ed5..9258858ed755b 100644
--- a/vendor/google.golang.org/grpc/balancer/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/balancer.go
@@ -21,14 +21,18 @@
 package balancer
 
 import (
+	"context"
+	"encoding/json"
 	"errors"
 	"net"
 	"strings"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/resolver"
+	"google.golang.org/grpc/serviceconfig"
 )
 
 var (
@@ -37,7 +41,10 @@ var (
 )
 
 // Register registers the balancer builder to the balancer map. b.Name
-// (lowercased) will be used as the name registered with this builder.
+// (lowercased) will be used as the name registered with this builder.  If the
+// Builder implements ConfigParser, ParseConfig will be called when new service
+// configs are received by the resolver, and the result will be provided to the
+// Balancer in UpdateClientConnState.
 //
 // NOTE: this function must only be called during initialization time (i.e. in
 // an init() function), and is not thread-safe. If multiple Balancers are
@@ -46,8 +53,20 @@ func Register(b Builder) {
 	m[strings.ToLower(b.Name())] = b
 }
 
+// unregisterForTesting deletes the balancer with the given name from the
+// balancer map.
+//
+// This function is not thread-safe.
+func unregisterForTesting(name string) {
+	delete(m, name)
+}
+
+func init() {
+	internal.BalancerUnregister = unregisterForTesting
+}
+
 // Get returns the resolver builder registered with the given name.
-// Note that the compare is done in a case-insenstive fashion.
+// Note that the compare is done in a case-insensitive fashion.
 // If no builder is register with the name, nil will be returned.
 func Get(name string) Builder {
 	if b, ok := m[strings.ToLower(name)]; ok {
@@ -88,7 +107,24 @@ type SubConn interface {
 }
 
 // NewSubConnOptions contains options to create new SubConn.
-type NewSubConnOptions struct{}
+type NewSubConnOptions struct {
+	// CredsBundle is the credentials bundle that will be used in the created
+	// SubConn. If it's nil, the original creds from grpc DialOptions will be
+	// used.
+	CredsBundle credentials.Bundle
+	// HealthCheckEnabled indicates whether health check service should be
+	// enabled on this SubConn
+	HealthCheckEnabled bool
+}
+
+// State contains the balancer's state relevant to the gRPC ClientConn.
+type State struct {
+	// State contains the connectivity state of the balancer, which is used to
+	// determine the state of the ClientConn.
+	ConnectivityState connectivity.State
+	// Picker is used to choose connections (SubConns) for RPCs.
+	Picker V2Picker
+}
 
 // ClientConn represents a gRPC ClientConn.
 //
@@ -105,17 +141,28 @@ type ClientConn interface {
 	// The SubConn will be shutdown.
 	RemoveSubConn(SubConn)
 
-	// UpdateBalancerState is called by balancer to nofity gRPC that some internal
+	// UpdateBalancerState is called by balancer to notify gRPC that some internal
 	// state in balancer has changed.
 	//
 	// gRPC will update the connectivity state of the ClientConn, and will call pick
 	// on the new picker to pick new SubConn.
+	//
+	// Deprecated: use UpdateState instead
 	UpdateBalancerState(s connectivity.State, p Picker)
 
+	// UpdateState notifies gRPC that the balancer's internal state has
+	// changed.
+	//
+	// gRPC will update the connectivity state of the ClientConn, and will call pick
+	// on the new picker to pick new SubConns.
+	UpdateState(State)
+
 	// ResolveNow is called by balancer to notify gRPC to do a name resolving.
-	ResolveNow(resolver.ResolveNowOption)
+	ResolveNow(resolver.ResolveNowOptions)
 
 	// Target returns the dial target for this ClientConn.
+	//
+	// Deprecated: Use the Target field in the BuildOptions instead.
 	Target() string
 }
 
@@ -125,12 +172,18 @@ type BuildOptions struct {
 	// use to dial to a remote load balancer server. The Balancer implementations
 	// can ignore this if it does not need to talk to another party securely.
 	DialCreds credentials.TransportCredentials
+	// CredsBundle is the credentials bundle that the Balancer can use.
+	CredsBundle credentials.Bundle
 	// Dialer is the custom dialer the Balancer implementation can use to dial
 	// to a remote load balancer server. The Balancer implementations
 	// can ignore this if it doesn't need to talk to remote balancer.
 	Dialer func(context.Context, string) (net.Conn, error)
 	// ChannelzParentID is the entity parent's channelz unique identification number.
 	ChannelzParentID int64
+	// Target contains the parsed address info of the dial target. It is the same resolver.Target as
+	// passed to the resolver.
+	// See the documentation for the resolver.Target type for details about what it contains.
+	Target resolver.Target
 }
 
 // Builder creates a balancer.
@@ -142,17 +195,39 @@ type Builder interface {
 	Name() string
 }
 
-// PickOptions contains addition information for the Pick operation.
-type PickOptions struct{}
+// ConfigParser parses load balancer configs.
+type ConfigParser interface {
+	// ParseConfig parses the JSON load balancer config provided into an
+	// internal form or returns an error if the config is invalid.  For future
+	// compatibility reasons, unknown fields in the config should be ignored.
+	ParseConfig(LoadBalancingConfigJSON json.RawMessage) (serviceconfig.LoadBalancingConfig, error)
+}
+
+// PickInfo contains additional information for the Pick operation.
+type PickInfo struct {
+	// FullMethodName is the method name that NewClientStream() is called
+	// with. The canonical format is /service/Method.
+	FullMethodName string
+	// Ctx is the RPC's context, and may contain relevant RPC-level information
+	// like the outgoing header metadata.
+	Ctx context.Context
+}
 
 // DoneInfo contains additional information for done.
 type DoneInfo struct {
 	// Err is the rpc error the RPC finished with. It could be nil.
 	Err error
+	// Trailer contains the metadata from the RPC's trailer, if present.
+	Trailer metadata.MD
 	// BytesSent indicates if any bytes have been sent to the server.
 	BytesSent bool
 	// BytesReceived indicates if any byte has been received from the server.
 	BytesReceived bool
+	// ServerLoad is the load received from server. It's usually sent as part of
+	// trailing metadata.
+	//
+	// The only supported type now is *orca_v1.LoadReport.
+	ServerLoad interface{}
 }
 
 var (
@@ -161,7 +236,7 @@ var (
 	ErrNoSubConnAvailable = errors.New("no SubConn is available")
 	// ErrTransientFailure indicates all SubConns are in TransientFailure.
 	// WaitForReady RPCs will block, non-WaitForReady RPCs will fail.
-	ErrTransientFailure = errors.New("all SubConns are in TransientFailure")
+	ErrTransientFailure = TransientFailureError(errors.New("all SubConns are in TransientFailure"))
 )
 
 // Picker is used by gRPC to pick a SubConn to send an RPC.
@@ -169,6 +244,8 @@ var (
 // internal state has changed.
 //
 // The pickers used by gRPC can be updated by ClientConn.UpdateBalancerState().
+//
+// Deprecated: use V2Picker instead
 type Picker interface {
 	// Pick returns the SubConn to be used to send the RPC.
 	// The returned SubConn must be one returned by NewSubConn().
@@ -182,22 +259,83 @@ type Picker interface {
 	//
 	// If a SubConn is returned:
 	// - If it is READY, gRPC will send the RPC on it;
-	// - If it is not ready, or becomes not ready after it's returned, gRPC will block
-	//   until UpdateBalancerState() is called and will call pick on the new picker.
+	// - If it is not ready, or becomes not ready after it's returned, gRPC will
+	//   block until UpdateBalancerState() is called and will call pick on the
+	//   new picker. The done function returned from Pick(), if not nil, will be
+	//   called with nil error, no bytes sent and no bytes received.
 	//
 	// If the returned error is not nil:
 	// - If the error is ErrNoSubConnAvailable, gRPC will block until UpdateBalancerState()
-	// - If the error is ErrTransientFailure:
+	// - If the error is ErrTransientFailure or implements IsTransientFailure()
+	//   bool, returning true:
 	//   - If the RPC is wait-for-ready, gRPC will block until UpdateBalancerState()
 	//     is called to pick again;
 	//   - Otherwise, RPC will fail with unavailable error.
 	// - Else (error is other non-nil error):
-	//   - The RPC will fail with unavailable error.
+	//   - The RPC will fail with the error's status code, or Unknown if it is
+	//     not a status error.
+	//
+	// The returned done() function will be called once the rpc has finished,
+	// with the final status of that RPC.  If the SubConn returned is not a
+	// valid SubConn type, done may not be called.  done may be nil if balancer
+	// doesn't care about the RPC status.
+	Pick(ctx context.Context, info PickInfo) (conn SubConn, done func(DoneInfo), err error)
+}
+
+// PickResult contains information related to a connection chosen for an RPC.
+type PickResult struct {
+	// SubConn is the connection to use for this pick, if its state is Ready.
+	// If the state is not Ready, gRPC will block the RPC until a new Picker is
+	// provided by the balancer (using ClientConn.UpdateState).  The SubConn
+	// must be one returned by ClientConn.NewSubConn.
+	SubConn SubConn
+
+	// Done is called when the RPC is completed.  If the SubConn is not ready,
+	// this will be called with a nil parameter.  If the SubConn is not a valid
+	// type, Done may not be called.  May be nil if the balancer does not wish
+	// to be notified when the RPC completes.
+	Done func(DoneInfo)
+}
+
+type transientFailureError struct {
+	error
+}
+
+func (e *transientFailureError) IsTransientFailure() bool { return true }
+
+// TransientFailureError wraps err in an error implementing
+// IsTransientFailure() bool, returning true.
+func TransientFailureError(err error) error {
+	return &transientFailureError{error: err}
+}
+
+// V2Picker is used by gRPC to pick a SubConn to send an RPC.
+// Balancer is expected to generate a new picker from its snapshot every time its
+// internal state has changed.
+//
+// The pickers used by gRPC can be updated by ClientConn.UpdateBalancerState().
+type V2Picker interface {
+	// Pick returns the connection to use for this RPC and related information.
+	//
+	// Pick should not block.  If the balancer needs to do I/O or any blocking
+	// or time-consuming work to service this call, it should return
+	// ErrNoSubConnAvailable, and the Pick call will be repeated by gRPC when
+	// the Picker is updated (using ClientConn.UpdateState).
 	//
-	// The returned done() function will be called once the rpc has finished, with the
-	// final status of that RPC.
-	// done may be nil if balancer doesn't care about the RPC status.
-	Pick(ctx context.Context, opts PickOptions) (conn SubConn, done func(DoneInfo), err error)
+	// If an error is returned:
+	//
+	// - If the error is ErrNoSubConnAvailable, gRPC will block until a new
+	//   Picker is provided by the balancer (using ClientConn.UpdateState).
+	//
+	// - If the error implements IsTransientFailure() bool, returning true,
+	//   wait for ready RPCs will wait, but non-wait for ready RPCs will be
+	//   terminated with this error's Error() string and status code
+	//   Unavailable.
+	//
+	// - Any other errors terminate all RPCs with the code and message
+	//   provided.  If the error is not a status error, it will be converted by
+	//   gRPC to a status error with code Unknown.
+	Pick(info PickInfo) (PickResult, error)
 }
 
 // Balancer takes input from gRPC, manages SubConns, and collects and aggregates
@@ -215,14 +353,102 @@ type Balancer interface {
 	// that back to gRPC.
 	// Balancer should also generate and update Pickers when its internal state has
 	// been changed by the new state.
+	//
+	// Deprecated: if V2Balancer is implemented by the Balancer,
+	// UpdateSubConnState will be called instead.
 	HandleSubConnStateChange(sc SubConn, state connectivity.State)
 	// HandleResolvedAddrs is called by gRPC to send updated resolved addresses to
 	// balancers.
 	// Balancer can create new SubConn or remove SubConn with the addresses.
 	// An empty address slice and a non-nil error will be passed if the resolver returns
 	// non-nil error to gRPC.
+	//
+	// Deprecated: if V2Balancer is implemented by the Balancer,
+	// UpdateClientConnState will be called instead.
 	HandleResolvedAddrs([]resolver.Address, error)
 	// Close closes the balancer. The balancer is not required to call
 	// ClientConn.RemoveSubConn for its existing SubConns.
 	Close()
 }
+
+// SubConnState describes the state of a SubConn.
+type SubConnState struct {
+	// ConnectivityState is the connectivity state of the SubConn.
+	ConnectivityState connectivity.State
+	// ConnectionError is set if the ConnectivityState is TransientFailure,
+	// describing the reason the SubConn failed.  Otherwise, it is nil.
+	ConnectionError error
+}
+
+// ClientConnState describes the state of a ClientConn relevant to the
+// balancer.
+type ClientConnState struct {
+	ResolverState resolver.State
+	// The parsed load balancing configuration returned by the builder's
+	// ParseConfig method, if implemented.
+	BalancerConfig serviceconfig.LoadBalancingConfig
+}
+
+// ErrBadResolverState may be returned by UpdateClientConnState to indicate a
+// problem with the provided name resolver data.
+var ErrBadResolverState = errors.New("bad resolver state")
+
+// V2Balancer is defined for documentation purposes.  If a Balancer also
+// implements V2Balancer, its UpdateClientConnState method will be called
+// instead of HandleResolvedAddrs and its UpdateSubConnState will be called
+// instead of HandleSubConnStateChange.
+type V2Balancer interface {
+	// UpdateClientConnState is called by gRPC when the state of the ClientConn
+	// changes.  If the error returned is ErrBadResolverState, the ClientConn
+	// will begin calling ResolveNow on the active name resolver with
+	// exponential backoff until a subsequent call to UpdateClientConnState
+	// returns a nil error.  Any other errors are currently ignored.
+	UpdateClientConnState(ClientConnState) error
+	// ResolverError is called by gRPC when the name resolver reports an error.
+	ResolverError(error)
+	// UpdateSubConnState is called by gRPC when the state of a SubConn
+	// changes.
+	UpdateSubConnState(SubConn, SubConnState)
+	// Close closes the balancer. The balancer is not required to call
+	// ClientConn.RemoveSubConn for its existing SubConns.
+	Close()
+}
+
+// ConnectivityStateEvaluator takes the connectivity states of multiple SubConns
+// and returns one aggregated connectivity state.
+//
+// It's not thread safe.
+type ConnectivityStateEvaluator struct {
+	numReady      uint64 // Number of addrConns in ready state.
+	numConnecting uint64 // Number of addrConns in connecting state.
+}
+
+// RecordTransition records state change happening in subConn and based on that
+// it evaluates what aggregated state should be.
+//
+//  - If at least one SubConn in Ready, the aggregated state is Ready;
+//  - Else if at least one SubConn in Connecting, the aggregated state is Connecting;
+//  - Else the aggregated state is TransientFailure.
+//
+// Idle and Shutdown are not considered.
+func (cse *ConnectivityStateEvaluator) RecordTransition(oldState, newState connectivity.State) connectivity.State {
+	// Update counters.
+	for idx, state := range []connectivity.State{oldState, newState} {
+		updateVal := 2*uint64(idx) - 1 // -1 for oldState and +1 for new.
+		switch state {
+		case connectivity.Ready:
+			cse.numReady += updateVal
+		case connectivity.Connecting:
+			cse.numConnecting += updateVal
+		}
+	}
+
+	// Evaluate.
+	if cse.numReady > 0 {
+		return connectivity.Ready
+	}
+	if cse.numConnecting > 0 {
+		return connectivity.Connecting
+	}
+	return connectivity.TransientFailure
+}
diff --git a/vendor/google.golang.org/grpc/balancer/base/balancer.go b/vendor/google.golang.org/grpc/balancer/base/balancer.go
index 23d13511bb2f4..d7d72918ad69e 100644
--- a/vendor/google.golang.org/grpc/balancer/base/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/base/balancer.go
@@ -19,7 +19,10 @@
 package base
 
 import (
-	"golang.org/x/net/context"
+	"context"
+	"errors"
+	"fmt"
+
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/grpclog"
@@ -27,54 +30,102 @@ import (
 )
 
 type baseBuilder struct {
-	name          string
-	pickerBuilder PickerBuilder
+	name            string
+	pickerBuilder   PickerBuilder
+	v2PickerBuilder V2PickerBuilder
+	config          Config
 }
 
 func (bb *baseBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) balancer.Balancer {
-	return &baseBalancer{
-		cc:            cc,
-		pickerBuilder: bb.pickerBuilder,
+	bal := &baseBalancer{
+		cc:              cc,
+		pickerBuilder:   bb.pickerBuilder,
+		v2PickerBuilder: bb.v2PickerBuilder,
 
 		subConns: make(map[resolver.Address]balancer.SubConn),
 		scStates: make(map[balancer.SubConn]connectivity.State),
-		csEvltr:  &connectivityStateEvaluator{},
-		// Initialize picker to a picker that always return
-		// ErrNoSubConnAvailable, because when state of a SubConn changes, we
-		// may call UpdateBalancerState with this picker.
-		picker: NewErrPicker(balancer.ErrNoSubConnAvailable),
+		csEvltr:  &balancer.ConnectivityStateEvaluator{},
+		config:   bb.config,
+	}
+	// Initialize picker to a picker that always returns
+	// ErrNoSubConnAvailable, because when state of a SubConn changes, we
+	// may call UpdateState with this picker.
+	if bb.pickerBuilder != nil {
+		bal.picker = NewErrPicker(balancer.ErrNoSubConnAvailable)
+	} else {
+		bal.v2Picker = NewErrPickerV2(balancer.ErrNoSubConnAvailable)
 	}
+	return bal
 }
 
 func (bb *baseBuilder) Name() string {
 	return bb.name
 }
 
+var _ balancer.V2Balancer = (*baseBalancer)(nil) // Assert that we implement V2Balancer
+
 type baseBalancer struct {
-	cc            balancer.ClientConn
-	pickerBuilder PickerBuilder
+	cc              balancer.ClientConn
+	pickerBuilder   PickerBuilder
+	v2PickerBuilder V2PickerBuilder
 
-	csEvltr *connectivityStateEvaluator
+	csEvltr *balancer.ConnectivityStateEvaluator
 	state   connectivity.State
 
 	subConns map[resolver.Address]balancer.SubConn
 	scStates map[balancer.SubConn]connectivity.State
 	picker   balancer.Picker
+	v2Picker balancer.V2Picker
+	config   Config
+
+	resolverErr error // the last error reported by the resolver; cleared on successful resolution
+	connErr     error // the last connection error; cleared upon leaving TransientFailure
 }
 
 func (b *baseBalancer) HandleResolvedAddrs(addrs []resolver.Address, err error) {
-	if err != nil {
-		grpclog.Infof("base.baseBalancer: HandleResolvedAddrs called with error %v", err)
+	panic("not implemented")
+}
+
+func (b *baseBalancer) ResolverError(err error) {
+	b.resolverErr = err
+	if len(b.subConns) == 0 {
+		b.state = connectivity.TransientFailure
+	}
+	if b.state != connectivity.TransientFailure {
+		// The picker will not change since the balancer does not currently
+		// report an error.
 		return
 	}
-	grpclog.Infoln("base.baseBalancer: got new resolved addresses: ", addrs)
+	b.regeneratePicker()
+	if b.picker != nil {
+		b.cc.UpdateBalancerState(b.state, b.picker)
+	} else {
+		b.cc.UpdateState(balancer.State{
+			ConnectivityState: b.state,
+			Picker:            b.v2Picker,
+		})
+	}
+}
+
+func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
+	// TODO: handle s.ResolverState.Err (log if not nil) once implemented.
+	// TODO: handle s.ResolverState.ServiceConfig?
+	if grpclog.V(2) {
+		grpclog.Infoln("base.baseBalancer: got new ClientConn state: ", s)
+	}
+	if len(s.ResolverState.Addresses) == 0 {
+		b.ResolverError(errors.New("produced zero addresses"))
+		return balancer.ErrBadResolverState
+	}
+	// Successful resolution; clear resolver error and ensure we return nil.
+	b.resolverErr = nil
 	// addrsSet is the set converted from addrs, it's used for quick lookup of an address.
 	addrsSet := make(map[resolver.Address]struct{})
-	for _, a := range addrs {
+	for _, a := range s.ResolverState.Addresses {
 		addrsSet[a] = struct{}{}
 		if _, ok := b.subConns[a]; !ok {
 			// a is a new address (not existing in b.subConns).
-			sc, err := b.cc.NewSubConn([]resolver.Address{a}, balancer.NewSubConnOptions{})
+			sc, err := b.cc.NewSubConn([]resolver.Address{a}, balancer.NewSubConnOptions{HealthCheckEnabled: b.config.HealthCheck})
 			if err != nil {
 				grpclog.Warningf("base.baseBalancer: failed to create new SubConn: %v", err)
 				continue
@@ -93,33 +144,73 @@ func (b *baseBalancer) HandleResolvedAddrs(addrs []resolver.Address, err error)
 			// The entry will be deleted in HandleSubConnStateChange.
 		}
 	}
+	return nil
+}
+
+// mergeErrors builds an error from the last connection error and the last
+// resolver error.  Must only be called if b.state is TransientFailure.
+func (b *baseBalancer) mergeErrors() error {
+	// connErr must always be non-nil unless there are no SubConns, in which
+	// case resolverErr must be non-nil.
+	if b.connErr == nil {
+		return fmt.Errorf("last resolver error: %v", b.resolverErr)
+	}
+	if b.resolverErr == nil {
+		return fmt.Errorf("last connection error: %v", b.connErr)
+	}
+	return fmt.Errorf("last connection error: %v; last resolver error: %v", b.connErr, b.resolverErr)
 }
 
 // regeneratePicker takes a snapshot of the balancer, and generates a picker
 // from it. The picker is
-//  - errPicker with ErrTransientFailure if the balancer is in TransientFailure,
+//  - errPicker if the balancer is in TransientFailure,
 //  - built by the pickerBuilder with all READY SubConns otherwise.
 func (b *baseBalancer) regeneratePicker() {
 	if b.state == connectivity.TransientFailure {
-		b.picker = NewErrPicker(balancer.ErrTransientFailure)
+		if b.pickerBuilder != nil {
+			b.picker = NewErrPicker(balancer.ErrTransientFailure)
+		} else {
+			b.v2Picker = NewErrPickerV2(balancer.TransientFailureError(b.mergeErrors()))
+		}
 		return
 	}
-	readySCs := make(map[resolver.Address]balancer.SubConn)
+	if b.pickerBuilder != nil {
+		readySCs := make(map[resolver.Address]balancer.SubConn)
 
-	// Filter out all ready SCs from full subConn map.
-	for addr, sc := range b.subConns {
-		if st, ok := b.scStates[sc]; ok && st == connectivity.Ready {
-			readySCs[addr] = sc
+		// Filter out all ready SCs from full subConn map.
+		for addr, sc := range b.subConns {
+			if st, ok := b.scStates[sc]; ok && st == connectivity.Ready {
+				readySCs[addr] = sc
+			}
 		}
+		b.picker = b.pickerBuilder.Build(readySCs)
+	} else {
+		readySCs := make(map[balancer.SubConn]SubConnInfo)
+
+		// Filter out all ready SCs from full subConn map.
+		for addr, sc := range b.subConns {
+			if st, ok := b.scStates[sc]; ok && st == connectivity.Ready {
+				readySCs[sc] = SubConnInfo{Address: addr}
+			}
+		}
+		b.v2Picker = b.v2PickerBuilder.Build(PickerBuildInfo{ReadySCs: readySCs})
 	}
-	b.picker = b.pickerBuilder.Build(readySCs)
 }
 
 func (b *baseBalancer) HandleSubConnStateChange(sc balancer.SubConn, s connectivity.State) {
-	grpclog.Infof("base.baseBalancer: handle SubConn state change: %p, %v", sc, s)
+	panic("not implemented")
+}
+
+func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+	s := state.ConnectivityState
+	if grpclog.V(2) {
+		grpclog.Infof("base.baseBalancer: handle SubConn state change: %p, %v", sc, s)
+	}
 	oldS, ok := b.scStates[sc]
 	if !ok {
-		grpclog.Infof("base.baseBalancer: got state changes for an unknown SubConn: %p, %v", sc, s)
+		if grpclog.V(2) {
+			grpclog.Infof("base.baseBalancer: got state changes for an unknown SubConn: %p, %v", sc, s)
+		}
 		return
 	}
 	b.scStates[sc] = s
@@ -133,7 +224,10 @@ func (b *baseBalancer) HandleSubConnStateChange(sc balancer.SubConn, s connectiv
 	}
 
 	oldAggrState := b.state
-	b.state = b.csEvltr.recordTransition(oldS, s)
+	b.state = b.csEvltr.RecordTransition(oldS, s)
+
+	// Set or clear the last connection error accordingly.
+	b.connErr = state.ConnectionError
 
 	// Regenerate picker when one of the following happens:
 	//  - this sc became ready from not-ready
@@ -145,7 +239,11 @@ func (b *baseBalancer) HandleSubConnStateChange(sc balancer.SubConn, s connectiv
 		b.regeneratePicker()
 	}
 
-	b.cc.UpdateBalancerState(b.state, b.picker)
+	if b.picker != nil {
+		b.cc.UpdateBalancerState(b.state, b.picker)
+	} else {
+		b.cc.UpdateState(balancer.State{ConnectivityState: b.state, Picker: b.v2Picker})
+	}
 }
 
 // Close is a nop because base balancer doesn't have internal state to clean up,
@@ -162,47 +260,19 @@ type errPicker struct {
 	err error // Pick() always returns this err.
 }
 
-func (p *errPicker) Pick(ctx context.Context, opts balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) {
+func (p *errPicker) Pick(context.Context, balancer.PickInfo) (balancer.SubConn, func(balancer.DoneInfo), error) {
 	return nil, nil, p.err
 }
 
-// connectivityStateEvaluator gets updated by addrConns when their
-// states transition, based on which it evaluates the state of
-// ClientConn.
-type connectivityStateEvaluator struct {
-	numReady            uint64 // Number of addrConns in ready state.
-	numConnecting       uint64 // Number of addrConns in connecting state.
-	numTransientFailure uint64 // Number of addrConns in transientFailure.
-}
-
-// recordTransition records state change happening in every subConn and based on
-// that it evaluates what aggregated state should be.
-// It can only transition between Ready, Connecting and TransientFailure. Other states,
-// Idle and Shutdown are transitioned into by ClientConn; in the beginning of the connection
-// before any subConn is created ClientConn is in idle state. In the end when ClientConn
-// closes it is in Shutdown state.
-//
-// recordTransition should only be called synchronously from the same goroutine.
-func (cse *connectivityStateEvaluator) recordTransition(oldState, newState connectivity.State) connectivity.State {
-	// Update counters.
-	for idx, state := range []connectivity.State{oldState, newState} {
-		updateVal := 2*uint64(idx) - 1 // -1 for oldState and +1 for new.
-		switch state {
-		case connectivity.Ready:
-			cse.numReady += updateVal
-		case connectivity.Connecting:
-			cse.numConnecting += updateVal
-		case connectivity.TransientFailure:
-			cse.numTransientFailure += updateVal
-		}
-	}
+// NewErrPickerV2 returns a V2Picker that always returns err on Pick().
+func NewErrPickerV2(err error) balancer.V2Picker {
+	return &errPickerV2{err: err}
+}
 
-	// Evaluate.
-	if cse.numReady > 0 {
-		return connectivity.Ready
-	}
-	if cse.numConnecting > 0 {
-		return connectivity.Connecting
-	}
-	return connectivity.TransientFailure
+type errPickerV2 struct {
+	err error // Pick() always returns this err.
+}
+
+func (p *errPickerV2) Pick(info balancer.PickInfo) (balancer.PickResult, error) {
+	return balancer.PickResult{}, p.err
 }
diff --git a/vendor/google.golang.org/grpc/balancer/base/base.go b/vendor/google.golang.org/grpc/balancer/base/base.go
index 012ace2f2f78e..4192918b9e287 100644
--- a/vendor/google.golang.org/grpc/balancer/base/base.go
+++ b/vendor/google.golang.org/grpc/balancer/base/base.go
@@ -42,11 +42,52 @@ type PickerBuilder interface {
 	Build(readySCs map[resolver.Address]balancer.SubConn) balancer.Picker
 }
 
+// V2PickerBuilder creates balancer.V2Picker.
+type V2PickerBuilder interface {
+	// Build returns a picker that will be used by gRPC to pick a SubConn.
+	Build(info PickerBuildInfo) balancer.V2Picker
+}
+
+// PickerBuildInfo contains information needed by the picker builder to
+// construct a picker.
+type PickerBuildInfo struct {
+	// ReadySCs is a map from all ready SubConns to the Addresses used to
+	// create them.
+	ReadySCs map[balancer.SubConn]SubConnInfo
+}
+
+// SubConnInfo contains information about a SubConn created by the base
+// balancer.
+type SubConnInfo struct {
+	Address resolver.Address // the address used to create this SubConn
+}
+
 // NewBalancerBuilder returns a balancer builder. The balancers
 // built by this builder will use the picker builder to build pickers.
 func NewBalancerBuilder(name string, pb PickerBuilder) balancer.Builder {
+	return NewBalancerBuilderWithConfig(name, pb, Config{})
+}
+
+// Config contains the config info about the base balancer builder.
+type Config struct {
+	// HealthCheck indicates whether health checking should be enabled for this specific balancer.
+	HealthCheck bool
+}
+
+// NewBalancerBuilderWithConfig returns a base balancer builder configured by the provided config.
+func NewBalancerBuilderWithConfig(name string, pb PickerBuilder, config Config) balancer.Builder {
 	return &baseBuilder{
 		name:          name,
 		pickerBuilder: pb,
+		config:        config,
+	}
+}
+
+// NewBalancerBuilderV2 returns a base balancer builder configured by the provided config.
+func NewBalancerBuilderV2(name string, pb V2PickerBuilder, config Config) balancer.Builder {
+	return &baseBuilder{
+		name:            name,
+		v2PickerBuilder: pb,
+		config:          config,
 	}
 }
diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go
new file mode 100644
index 0000000000000..930f90ca57f71
--- /dev/null
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go
@@ -0,0 +1,772 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: grpc/lb/v1/load_balancer.proto
+
+package grpc_lb_v1
+
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	duration "github.com/golang/protobuf/ptypes/duration"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type LoadBalanceRequest struct {
+	// Types that are valid to be assigned to LoadBalanceRequestType:
+	//	*LoadBalanceRequest_InitialRequest
+	//	*LoadBalanceRequest_ClientStats
+	LoadBalanceRequestType isLoadBalanceRequest_LoadBalanceRequestType `protobuf_oneof:"load_balance_request_type"`
+	XXX_NoUnkeyedLiteral   struct{}                                    `json:"-"`
+	XXX_unrecognized       []byte                                      `json:"-"`
+	XXX_sizecache          int32                                       `json:"-"`
+}
+
+func (m *LoadBalanceRequest) Reset()         { *m = LoadBalanceRequest{} }
+func (m *LoadBalanceRequest) String() string { return proto.CompactTextString(m) }
+func (*LoadBalanceRequest) ProtoMessage()    {}
+func (*LoadBalanceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{0}
+}
+
+func (m *LoadBalanceRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_LoadBalanceRequest.Unmarshal(m, b)
+}
+func (m *LoadBalanceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_LoadBalanceRequest.Marshal(b, m, deterministic)
+}
+func (m *LoadBalanceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LoadBalanceRequest.Merge(m, src)
+}
+func (m *LoadBalanceRequest) XXX_Size() int {
+	return xxx_messageInfo_LoadBalanceRequest.Size(m)
+}
+func (m *LoadBalanceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_LoadBalanceRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LoadBalanceRequest proto.InternalMessageInfo
+
+type isLoadBalanceRequest_LoadBalanceRequestType interface {
+	isLoadBalanceRequest_LoadBalanceRequestType()
+}
+
+type LoadBalanceRequest_InitialRequest struct {
+	InitialRequest *InitialLoadBalanceRequest `protobuf:"bytes,1,opt,name=initial_request,json=initialRequest,proto3,oneof"`
+}
+
+type LoadBalanceRequest_ClientStats struct {
+	ClientStats *ClientStats `protobuf:"bytes,2,opt,name=client_stats,json=clientStats,proto3,oneof"`
+}
+
+func (*LoadBalanceRequest_InitialRequest) isLoadBalanceRequest_LoadBalanceRequestType() {}
+
+func (*LoadBalanceRequest_ClientStats) isLoadBalanceRequest_LoadBalanceRequestType() {}
+
+func (m *LoadBalanceRequest) GetLoadBalanceRequestType() isLoadBalanceRequest_LoadBalanceRequestType {
+	if m != nil {
+		return m.LoadBalanceRequestType
+	}
+	return nil
+}
+
+func (m *LoadBalanceRequest) GetInitialRequest() *InitialLoadBalanceRequest {
+	if x, ok := m.GetLoadBalanceRequestType().(*LoadBalanceRequest_InitialRequest); ok {
+		return x.InitialRequest
+	}
+	return nil
+}
+
+func (m *LoadBalanceRequest) GetClientStats() *ClientStats {
+	if x, ok := m.GetLoadBalanceRequestType().(*LoadBalanceRequest_ClientStats); ok {
+		return x.ClientStats
+	}
+	return nil
+}
+
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*LoadBalanceRequest) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*LoadBalanceRequest_InitialRequest)(nil),
+		(*LoadBalanceRequest_ClientStats)(nil),
+	}
+}
+
+type InitialLoadBalanceRequest struct {
+	// The name of the load balanced service (e.g., service.googleapis.com). Its
+	// length should be less than 256 bytes.
+	// The name might include a port number. How to handle the port number is up
+	// to the balancer.
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *InitialLoadBalanceRequest) Reset()         { *m = InitialLoadBalanceRequest{} }
+func (m *InitialLoadBalanceRequest) String() string { return proto.CompactTextString(m) }
+func (*InitialLoadBalanceRequest) ProtoMessage()    {}
+func (*InitialLoadBalanceRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{1}
+}
+
+func (m *InitialLoadBalanceRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_InitialLoadBalanceRequest.Unmarshal(m, b)
+}
+func (m *InitialLoadBalanceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_InitialLoadBalanceRequest.Marshal(b, m, deterministic)
+}
+func (m *InitialLoadBalanceRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_InitialLoadBalanceRequest.Merge(m, src)
+}
+func (m *InitialLoadBalanceRequest) XXX_Size() int {
+	return xxx_messageInfo_InitialLoadBalanceRequest.Size(m)
+}
+func (m *InitialLoadBalanceRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_InitialLoadBalanceRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_InitialLoadBalanceRequest proto.InternalMessageInfo
+
+func (m *InitialLoadBalanceRequest) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+// Contains the number of calls finished for a particular load balance token.
+type ClientStatsPerToken struct {
+	// See Server.load_balance_token.
+	LoadBalanceToken string `protobuf:"bytes,1,opt,name=load_balance_token,json=loadBalanceToken,proto3" json:"load_balance_token,omitempty"`
+	// The total number of RPCs that finished associated with the token.
+	NumCalls             int64    `protobuf:"varint,2,opt,name=num_calls,json=numCalls,proto3" json:"num_calls,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ClientStatsPerToken) Reset()         { *m = ClientStatsPerToken{} }
+func (m *ClientStatsPerToken) String() string { return proto.CompactTextString(m) }
+func (*ClientStatsPerToken) ProtoMessage()    {}
+func (*ClientStatsPerToken) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{2}
+}
+
+func (m *ClientStatsPerToken) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ClientStatsPerToken.Unmarshal(m, b)
+}
+func (m *ClientStatsPerToken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ClientStatsPerToken.Marshal(b, m, deterministic)
+}
+func (m *ClientStatsPerToken) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ClientStatsPerToken.Merge(m, src)
+}
+func (m *ClientStatsPerToken) XXX_Size() int {
+	return xxx_messageInfo_ClientStatsPerToken.Size(m)
+}
+func (m *ClientStatsPerToken) XXX_DiscardUnknown() {
+	xxx_messageInfo_ClientStatsPerToken.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ClientStatsPerToken proto.InternalMessageInfo
+
+func (m *ClientStatsPerToken) GetLoadBalanceToken() string {
+	if m != nil {
+		return m.LoadBalanceToken
+	}
+	return ""
+}
+
+func (m *ClientStatsPerToken) GetNumCalls() int64 {
+	if m != nil {
+		return m.NumCalls
+	}
+	return 0
+}
+
+// Contains client level statistics that are useful to load balancing. Each
+// count except the timestamp should be reset to zero after reporting the stats.
+type ClientStats struct {
+	// The timestamp of generating the report.
+	Timestamp *timestamp.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	// The total number of RPCs that started.
+	NumCallsStarted int64 `protobuf:"varint,2,opt,name=num_calls_started,json=numCallsStarted,proto3" json:"num_calls_started,omitempty"`
+	// The total number of RPCs that finished.
+	NumCallsFinished int64 `protobuf:"varint,3,opt,name=num_calls_finished,json=numCallsFinished,proto3" json:"num_calls_finished,omitempty"`
+	// The total number of RPCs that failed to reach a server except dropped RPCs.
+	NumCallsFinishedWithClientFailedToSend int64 `protobuf:"varint,6,opt,name=num_calls_finished_with_client_failed_to_send,json=numCallsFinishedWithClientFailedToSend,proto3" json:"num_calls_finished_with_client_failed_to_send,omitempty"`
+	// The total number of RPCs that finished and are known to have been received
+	// by a server.
+	NumCallsFinishedKnownReceived int64 `protobuf:"varint,7,opt,name=num_calls_finished_known_received,json=numCallsFinishedKnownReceived,proto3" json:"num_calls_finished_known_received,omitempty"`
+	// The list of dropped calls.
+	CallsFinishedWithDrop []*ClientStatsPerToken `protobuf:"bytes,8,rep,name=calls_finished_with_drop,json=callsFinishedWithDrop,proto3" json:"calls_finished_with_drop,omitempty"`
+	XXX_NoUnkeyedLiteral  struct{}               `json:"-"`
+	XXX_unrecognized      []byte                 `json:"-"`
+	XXX_sizecache         int32                  `json:"-"`
+}
+
+func (m *ClientStats) Reset()         { *m = ClientStats{} }
+func (m *ClientStats) String() string { return proto.CompactTextString(m) }
+func (*ClientStats) ProtoMessage()    {}
+func (*ClientStats) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{3}
+}
+
+func (m *ClientStats) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ClientStats.Unmarshal(m, b)
+}
+func (m *ClientStats) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ClientStats.Marshal(b, m, deterministic)
+}
+func (m *ClientStats) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ClientStats.Merge(m, src)
+}
+func (m *ClientStats) XXX_Size() int {
+	return xxx_messageInfo_ClientStats.Size(m)
+}
+func (m *ClientStats) XXX_DiscardUnknown() {
+	xxx_messageInfo_ClientStats.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ClientStats proto.InternalMessageInfo
+
+func (m *ClientStats) GetTimestamp() *timestamp.Timestamp {
+	if m != nil {
+		return m.Timestamp
+	}
+	return nil
+}
+
+func (m *ClientStats) GetNumCallsStarted() int64 {
+	if m != nil {
+		return m.NumCallsStarted
+	}
+	return 0
+}
+
+func (m *ClientStats) GetNumCallsFinished() int64 {
+	if m != nil {
+		return m.NumCallsFinished
+	}
+	return 0
+}
+
+func (m *ClientStats) GetNumCallsFinishedWithClientFailedToSend() int64 {
+	if m != nil {
+		return m.NumCallsFinishedWithClientFailedToSend
+	}
+	return 0
+}
+
+func (m *ClientStats) GetNumCallsFinishedKnownReceived() int64 {
+	if m != nil {
+		return m.NumCallsFinishedKnownReceived
+	}
+	return 0
+}
+
+func (m *ClientStats) GetCallsFinishedWithDrop() []*ClientStatsPerToken {
+	if m != nil {
+		return m.CallsFinishedWithDrop
+	}
+	return nil
+}
+
+type LoadBalanceResponse struct {
+	// Types that are valid to be assigned to LoadBalanceResponseType:
+	//	*LoadBalanceResponse_InitialResponse
+	//	*LoadBalanceResponse_ServerList
+	//	*LoadBalanceResponse_FallbackResponse
+	LoadBalanceResponseType isLoadBalanceResponse_LoadBalanceResponseType `protobuf_oneof:"load_balance_response_type"`
+	XXX_NoUnkeyedLiteral    struct{}                                      `json:"-"`
+	XXX_unrecognized        []byte                                        `json:"-"`
+	XXX_sizecache           int32                                         `json:"-"`
+}
+
+func (m *LoadBalanceResponse) Reset()         { *m = LoadBalanceResponse{} }
+func (m *LoadBalanceResponse) String() string { return proto.CompactTextString(m) }
+func (*LoadBalanceResponse) ProtoMessage()    {}
+func (*LoadBalanceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{4}
+}
+
+func (m *LoadBalanceResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_LoadBalanceResponse.Unmarshal(m, b)
+}
+func (m *LoadBalanceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_LoadBalanceResponse.Marshal(b, m, deterministic)
+}
+func (m *LoadBalanceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LoadBalanceResponse.Merge(m, src)
+}
+func (m *LoadBalanceResponse) XXX_Size() int {
+	return xxx_messageInfo_LoadBalanceResponse.Size(m)
+}
+func (m *LoadBalanceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_LoadBalanceResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LoadBalanceResponse proto.InternalMessageInfo
+
+type isLoadBalanceResponse_LoadBalanceResponseType interface {
+	isLoadBalanceResponse_LoadBalanceResponseType()
+}
+
+type LoadBalanceResponse_InitialResponse struct {
+	InitialResponse *InitialLoadBalanceResponse `protobuf:"bytes,1,opt,name=initial_response,json=initialResponse,proto3,oneof"`
+}
+
+type LoadBalanceResponse_ServerList struct {
+	ServerList *ServerList `protobuf:"bytes,2,opt,name=server_list,json=serverList,proto3,oneof"`
+}
+
+type LoadBalanceResponse_FallbackResponse struct {
+	FallbackResponse *FallbackResponse `protobuf:"bytes,3,opt,name=fallback_response,json=fallbackResponse,proto3,oneof"`
+}
+
+func (*LoadBalanceResponse_InitialResponse) isLoadBalanceResponse_LoadBalanceResponseType() {}
+
+func (*LoadBalanceResponse_ServerList) isLoadBalanceResponse_LoadBalanceResponseType() {}
+
+func (*LoadBalanceResponse_FallbackResponse) isLoadBalanceResponse_LoadBalanceResponseType() {}
+
+func (m *LoadBalanceResponse) GetLoadBalanceResponseType() isLoadBalanceResponse_LoadBalanceResponseType {
+	if m != nil {
+		return m.LoadBalanceResponseType
+	}
+	return nil
+}
+
+func (m *LoadBalanceResponse) GetInitialResponse() *InitialLoadBalanceResponse {
+	if x, ok := m.GetLoadBalanceResponseType().(*LoadBalanceResponse_InitialResponse); ok {
+		return x.InitialResponse
+	}
+	return nil
+}
+
+func (m *LoadBalanceResponse) GetServerList() *ServerList {
+	if x, ok := m.GetLoadBalanceResponseType().(*LoadBalanceResponse_ServerList); ok {
+		return x.ServerList
+	}
+	return nil
+}
+
+func (m *LoadBalanceResponse) GetFallbackResponse() *FallbackResponse {
+	if x, ok := m.GetLoadBalanceResponseType().(*LoadBalanceResponse_FallbackResponse); ok {
+		return x.FallbackResponse
+	}
+	return nil
+}
+
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*LoadBalanceResponse) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*LoadBalanceResponse_InitialResponse)(nil),
+		(*LoadBalanceResponse_ServerList)(nil),
+		(*LoadBalanceResponse_FallbackResponse)(nil),
+	}
+}
+
+type FallbackResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *FallbackResponse) Reset()         { *m = FallbackResponse{} }
+func (m *FallbackResponse) String() string { return proto.CompactTextString(m) }
+func (*FallbackResponse) ProtoMessage()    {}
+func (*FallbackResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{5}
+}
+
+func (m *FallbackResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_FallbackResponse.Unmarshal(m, b)
+}
+func (m *FallbackResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_FallbackResponse.Marshal(b, m, deterministic)
+}
+func (m *FallbackResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_FallbackResponse.Merge(m, src)
+}
+func (m *FallbackResponse) XXX_Size() int {
+	return xxx_messageInfo_FallbackResponse.Size(m)
+}
+func (m *FallbackResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_FallbackResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_FallbackResponse proto.InternalMessageInfo
+
+type InitialLoadBalanceResponse struct {
+	// This is an application layer redirect that indicates the client should use
+	// the specified server for load balancing. When this field is non-empty in
+	// the response, the client should open a separate connection to the
+	// load_balancer_delegate and call the BalanceLoad method. Its length should
+	// be less than 64 bytes.
+	LoadBalancerDelegate string `protobuf:"bytes,1,opt,name=load_balancer_delegate,json=loadBalancerDelegate,proto3" json:"load_balancer_delegate,omitempty"`
+	// This interval defines how often the client should send the client stats
+	// to the load balancer. Stats should only be reported when the duration is
+	// positive.
+	ClientStatsReportInterval *duration.Duration `protobuf:"bytes,2,opt,name=client_stats_report_interval,json=clientStatsReportInterval,proto3" json:"client_stats_report_interval,omitempty"`
+	XXX_NoUnkeyedLiteral      struct{}           `json:"-"`
+	XXX_unrecognized          []byte             `json:"-"`
+	XXX_sizecache             int32              `json:"-"`
+}
+
+func (m *InitialLoadBalanceResponse) Reset()         { *m = InitialLoadBalanceResponse{} }
+func (m *InitialLoadBalanceResponse) String() string { return proto.CompactTextString(m) }
+func (*InitialLoadBalanceResponse) ProtoMessage()    {}
+func (*InitialLoadBalanceResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{6}
+}
+
+func (m *InitialLoadBalanceResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_InitialLoadBalanceResponse.Unmarshal(m, b)
+}
+func (m *InitialLoadBalanceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_InitialLoadBalanceResponse.Marshal(b, m, deterministic)
+}
+func (m *InitialLoadBalanceResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_InitialLoadBalanceResponse.Merge(m, src)
+}
+func (m *InitialLoadBalanceResponse) XXX_Size() int {
+	return xxx_messageInfo_InitialLoadBalanceResponse.Size(m)
+}
+func (m *InitialLoadBalanceResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_InitialLoadBalanceResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_InitialLoadBalanceResponse proto.InternalMessageInfo
+
+func (m *InitialLoadBalanceResponse) GetLoadBalancerDelegate() string {
+	if m != nil {
+		return m.LoadBalancerDelegate
+	}
+	return ""
+}
+
+func (m *InitialLoadBalanceResponse) GetClientStatsReportInterval() *duration.Duration {
+	if m != nil {
+		return m.ClientStatsReportInterval
+	}
+	return nil
+}
+
+type ServerList struct {
+	// Contains a list of servers selected by the load balancer. The list will
+	// be updated when server resolutions change or as needed to balance load
+	// across more servers. The client should consume the server list in order
+	// unless instructed otherwise via the client_config.
+	Servers              []*Server `protobuf:"bytes,1,rep,name=servers,proto3" json:"servers,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *ServerList) Reset()         { *m = ServerList{} }
+func (m *ServerList) String() string { return proto.CompactTextString(m) }
+func (*ServerList) ProtoMessage()    {}
+func (*ServerList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{7}
+}
+
+func (m *ServerList) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ServerList.Unmarshal(m, b)
+}
+func (m *ServerList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ServerList.Marshal(b, m, deterministic)
+}
+func (m *ServerList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServerList.Merge(m, src)
+}
+func (m *ServerList) XXX_Size() int {
+	return xxx_messageInfo_ServerList.Size(m)
+}
+func (m *ServerList) XXX_DiscardUnknown() {
+	xxx_messageInfo_ServerList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ServerList proto.InternalMessageInfo
+
+func (m *ServerList) GetServers() []*Server {
+	if m != nil {
+		return m.Servers
+	}
+	return nil
+}
+
+// Contains server information. When the drop field is not true, use the other
+// fields.
+type Server struct {
+	// A resolved address for the server, serialized in network-byte-order. It may
+	// either be an IPv4 or IPv6 address.
+	IpAddress []byte `protobuf:"bytes,1,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"`
+	// A resolved port number for the server.
+	Port int32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
+	// An opaque but printable token for load reporting. The client must include
+	// the token of the picked server into the initial metadata when it starts a
+	// call to that server. The token is used by the server to verify the request
+	// and to allow the server to report load to the gRPC LB system. The token is
+	// also used in client stats for reporting dropped calls.
+	//
+	// Its length can be variable but must be less than 50 bytes.
+	LoadBalanceToken string `protobuf:"bytes,3,opt,name=load_balance_token,json=loadBalanceToken,proto3" json:"load_balance_token,omitempty"`
+	// Indicates whether this particular request should be dropped by the client.
+	// If the request is dropped, there will be a corresponding entry in
+	// ClientStats.calls_finished_with_drop.
+	Drop                 bool     `protobuf:"varint,4,opt,name=drop,proto3" json:"drop,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Server) Reset()         { *m = Server{} }
+func (m *Server) String() string { return proto.CompactTextString(m) }
+func (*Server) ProtoMessage()    {}
+func (*Server) Descriptor() ([]byte, []int) {
+	return fileDescriptor_7cd3f6d792743fdf, []int{8}
+}
+
+func (m *Server) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Server.Unmarshal(m, b)
+}
+func (m *Server) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Server.Marshal(b, m, deterministic)
+}
+func (m *Server) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Server.Merge(m, src)
+}
+func (m *Server) XXX_Size() int {
+	return xxx_messageInfo_Server.Size(m)
+}
+func (m *Server) XXX_DiscardUnknown() {
+	xxx_messageInfo_Server.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Server proto.InternalMessageInfo
+
+func (m *Server) GetIpAddress() []byte {
+	if m != nil {
+		return m.IpAddress
+	}
+	return nil
+}
+
+func (m *Server) GetPort() int32 {
+	if m != nil {
+		return m.Port
+	}
+	return 0
+}
+
+func (m *Server) GetLoadBalanceToken() string {
+	if m != nil {
+		return m.LoadBalanceToken
+	}
+	return ""
+}
+
+func (m *Server) GetDrop() bool {
+	if m != nil {
+		return m.Drop
+	}
+	return false
+}
+
+func init() {
+	proto.RegisterType((*LoadBalanceRequest)(nil), "grpc.lb.v1.LoadBalanceRequest")
+	proto.RegisterType((*InitialLoadBalanceRequest)(nil), "grpc.lb.v1.InitialLoadBalanceRequest")
+	proto.RegisterType((*ClientStatsPerToken)(nil), "grpc.lb.v1.ClientStatsPerToken")
+	proto.RegisterType((*ClientStats)(nil), "grpc.lb.v1.ClientStats")
+	proto.RegisterType((*LoadBalanceResponse)(nil), "grpc.lb.v1.LoadBalanceResponse")
+	proto.RegisterType((*FallbackResponse)(nil), "grpc.lb.v1.FallbackResponse")
+	proto.RegisterType((*InitialLoadBalanceResponse)(nil), "grpc.lb.v1.InitialLoadBalanceResponse")
+	proto.RegisterType((*ServerList)(nil), "grpc.lb.v1.ServerList")
+	proto.RegisterType((*Server)(nil), "grpc.lb.v1.Server")
+}
+
+func init() { proto.RegisterFile("grpc/lb/v1/load_balancer.proto", fileDescriptor_7cd3f6d792743fdf) }
+
+var fileDescriptor_7cd3f6d792743fdf = []byte{
+	// 785 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0xdd, 0x6e, 0xdb, 0x36,
+	0x14, 0x8e, 0x6a, 0x27, 0x75, 0x8e, 0xb3, 0xc5, 0x61, 0xb7, 0x4e, 0x71, 0xd3, 0x24, 0x13, 0xb0,
+	0x22, 0x18, 0x3a, 0x79, 0xc9, 0x76, 0xb1, 0x01, 0xbb, 0xd8, 0xdc, 0x20, 0x48, 0xd3, 0x5e, 0x04,
+	0x74, 0x80, 0x0e, 0x05, 0x06, 0x8e, 0x92, 0x68, 0x87, 0x08, 0x4d, 0x6a, 0x14, 0xed, 0x62, 0xd7,
+	0x7b, 0x81, 0x3d, 0xc9, 0xb0, 0x57, 0xd8, 0x9b, 0x0d, 0x22, 0x29, 0x4b, 0xb1, 0x63, 0xf4, 0x4a,
+	0xe4, 0x39, 0x1f, 0xbf, 0xf3, 0x7f, 0x04, 0x87, 0x13, 0x9d, 0xa7, 0x03, 0x91, 0x0c, 0xe6, 0xa7,
+	0x03, 0xa1, 0x68, 0x46, 0x12, 0x2a, 0xa8, 0x4c, 0x99, 0x8e, 0x73, 0xad, 0x8c, 0x42, 0x50, 0xea,
+	0x63, 0x91, 0xc4, 0xf3, 0xd3, 0xfe, 0xe1, 0x44, 0xa9, 0x89, 0x60, 0x03, 0xab, 0x49, 0x66, 0xe3,
+	0x41, 0x36, 0xd3, 0xd4, 0x70, 0x25, 0x1d, 0xb6, 0x7f, 0xb4, 0xac, 0x37, 0x7c, 0xca, 0x0a, 0x43,
+	0xa7, 0xb9, 0x03, 0x44, 0xff, 0x05, 0x80, 0xde, 0x2a, 0x9a, 0x0d, 0x9d, 0x0d, 0xcc, 0xfe, 0x98,
+	0xb1, 0xc2, 0xa0, 0x6b, 0xd8, 0xe5, 0x92, 0x1b, 0x4e, 0x05, 0xd1, 0x4e, 0x14, 0x06, 0xc7, 0xc1,
+	0x49, 0xf7, 0xec, 0xab, 0xb8, 0xb6, 0x1e, 0xbf, 0x76, 0x90, 0xd5, 0xf7, 0x97, 0x1b, 0xf8, 0x53,
+	0xff, 0xbe, 0x62, 0xfc, 0x09, 0x76, 0x52, 0xc1, 0x99, 0x34, 0xa4, 0x30, 0xd4, 0x14, 0xe1, 0x23,
+	0x4b, 0xf7, 0x45, 0x93, 0xee, 0x95, 0xd5, 0x8f, 0x4a, 0xf5, 0xe5, 0x06, 0xee, 0xa6, 0xf5, 0x75,
+	0xf8, 0x0c, 0xf6, 0x9b, 0xa9, 0xa8, 0x9c, 0x22, 0xe6, 0xcf, 0x9c, 0x45, 0x03, 0xd8, 0x5f, 0xeb,
+	0x09, 0x42, 0xd0, 0x96, 0x74, 0xca, 0xac, 0xfb, 0xdb, 0xd8, 0x9e, 0xa3, 0xdf, 0xe1, 0x49, 0xc3,
+	0xd6, 0x35, 0xd3, 0x37, 0xea, 0x8e, 0x49, 0xf4, 0x12, 0xd0, 0x3d, 0x23, 0xa6, 0x94, 0xfa, 0x87,
+	0x3d, 0x51, 0x53, 0x3b, 0xf4, 0x33, 0xd8, 0x96, 0xb3, 0x29, 0x49, 0xa9, 0x10, 0x2e, 0x9a, 0x16,
+	0xee, 0xc8, 0xd9, 0xf4, 0x55, 0x79, 0x8f, 0xfe, 0x6d, 0x41, 0xb7, 0x61, 0x02, 0xfd, 0x00, 0xdb,
+	0x8b, 0xcc, 0xfb, 0x4c, 0xf6, 0x63, 0x57, 0x9b, 0xb8, 0xaa, 0x4d, 0x7c, 0x53, 0x21, 0x70, 0x0d,
+	0x46, 0x5f, 0xc3, 0xde, 0xc2, 0x4c, 0x99, 0x3a, 0x6d, 0x58, 0xe6, 0xcd, 0xed, 0x56, 0xe6, 0x46,
+	0x4e, 0x5c, 0x06, 0x50, 0x63, 0xc7, 0x5c, 0xf2, 0xe2, 0x96, 0x65, 0x61, 0xcb, 0x82, 0x7b, 0x15,
+	0xf8, 0xc2, 0xcb, 0xd1, 0x6f, 0xf0, 0xcd, 0x2a, 0x9a, 0x7c, 0xe0, 0xe6, 0x96, 0xf8, 0x4a, 0x8d,
+	0x29, 0x17, 0x2c, 0x23, 0x46, 0x91, 0x82, 0xc9, 0x2c, 0xdc, 0xb2, 0x44, 0x2f, 0x96, 0x89, 0xde,
+	0x71, 0x73, 0xeb, 0x62, 0xbd, 0xb0, 0xf8, 0x1b, 0x35, 0x62, 0x32, 0x43, 0x97, 0xf0, 0xe5, 0x03,
+	0xf4, 0x77, 0x52, 0x7d, 0x90, 0x44, 0xb3, 0x94, 0xf1, 0x39, 0xcb, 0xc2, 0xc7, 0x96, 0xf2, 0xf9,
+	0x32, 0xe5, 0x9b, 0x12, 0x85, 0x3d, 0x08, 0xfd, 0x0a, 0xe1, 0x43, 0x4e, 0x66, 0x5a, 0xe5, 0x61,
+	0xe7, 0xb8, 0x75, 0xd2, 0x3d, 0x3b, 0x5a, 0xd3, 0x46, 0x55, 0x69, 0xf1, 0xe7, 0xe9, 0xb2, 0xc7,
+	0xe7, 0x5a, 0xe5, 0x57, 0xed, 0x4e, 0xbb, 0xb7, 0x79, 0xd5, 0xee, 0x6c, 0xf6, 0xb6, 0xa2, 0xbf,
+	0x1f, 0xc1, 0x93, 0x7b, 0xfd, 0x53, 0xe4, 0x4a, 0x16, 0x0c, 0x8d, 0xa0, 0x57, 0x8f, 0x82, 0x93,
+	0xf9, 0x0a, 0xbe, 0xf8, 0xd8, 0x2c, 0x38, 0xf4, 0xe5, 0x06, 0xde, 0x5d, 0x0c, 0x83, 0x27, 0xfd,
+	0x11, 0xba, 0x05, 0xd3, 0x73, 0xa6, 0x89, 0xe0, 0x85, 0xf1, 0xc3, 0xf0, 0xb4, 0xc9, 0x37, 0xb2,
+	0xea, 0xb7, 0xdc, 0x0e, 0x13, 0x14, 0x8b, 0x1b, 0x7a, 0x03, 0x7b, 0x63, 0x2a, 0x44, 0x42, 0xd3,
+	0xbb, 0xda, 0xa1, 0x96, 0x25, 0x38, 0x68, 0x12, 0x5c, 0x78, 0x50, 0xc3, 0x8d, 0xde, 0x78, 0x49,
+	0x36, 0x3c, 0x80, 0xfe, 0xd2, 0x5c, 0x39, 0x85, 0x1b, 0x2c, 0x04, 0xbd, 0x65, 0x96, 0xe8, 0x9f,
+	0x00, 0xfa, 0xeb, 0x63, 0x45, 0xdf, 0xc3, 0xd3, 0x7b, 0x3b, 0x8b, 0x64, 0x4c, 0xb0, 0x09, 0x35,
+	0xd5, 0x00, 0x7e, 0xd6, 0x98, 0x23, 0x7d, 0xee, 0x75, 0xe8, 0x3d, 0x1c, 0x34, 0x97, 0x03, 0xd1,
+	0x2c, 0x57, 0xda, 0x10, 0x2e, 0x0d, 0xd3, 0x73, 0x2a, 0x7c, 0x7e, 0xf6, 0x57, 0x26, 0xe6, 0xdc,
+	0x6f, 0x3b, 0xbc, 0xdf, 0x58, 0x16, 0xd8, 0x3e, 0x7e, 0xed, 0xdf, 0x46, 0x3f, 0x03, 0xd4, 0xb9,
+	0x44, 0x2f, 0xe1, 0xb1, 0xcb, 0x65, 0x11, 0x06, 0xb6, 0x75, 0xd0, 0x6a, 0xd2, 0x71, 0x05, 0xb9,
+	0x6a, 0x77, 0x5a, 0xbd, 0x76, 0xf4, 0x57, 0x00, 0x5b, 0x4e, 0x83, 0x9e, 0x03, 0xf0, 0x9c, 0xd0,
+	0x2c, 0xd3, 0xac, 0x28, 0x6c, 0x48, 0x3b, 0x78, 0x9b, 0xe7, 0xbf, 0x38, 0x41, 0xb9, 0x6c, 0x4a,
+	0xdb, 0xd6, 0xdf, 0x4d, 0x6c, 0xcf, 0x6b, 0xb6, 0x4a, 0x6b, 0xcd, 0x56, 0x41, 0xd0, 0xb6, 0x7d,
+	0xdd, 0x3e, 0x0e, 0x4e, 0x3a, 0xd8, 0x9e, 0x5d, 0x7f, 0x9e, 0x25, 0xb0, 0xd3, 0x48, 0xb8, 0x46,
+	0x18, 0xba, 0xfe, 0x5c, 0x8a, 0xd1, 0x61, 0x33, 0x8e, 0xd5, 0x3d, 0xd8, 0x3f, 0x5a, 0xab, 0x77,
+	0x95, 0x3b, 0x09, 0xbe, 0x0d, 0x86, 0xef, 0xe0, 0x13, 0xae, 0x1a, 0xc0, 0xe1, 0x5e, 0xd3, 0xe4,
+	0x75, 0x99, 0xf6, 0xeb, 0xe0, 0xfd, 0xa9, 0x2f, 0xc3, 0x44, 0x09, 0x2a, 0x27, 0xb1, 0xd2, 0x93,
+	0x81, 0xfd, 0x65, 0x55, 0x35, 0xb7, 0x37, 0x91, 0xd8, 0x0f, 0x11, 0x09, 0x99, 0x9f, 0x26, 0x5b,
+	0xb6, 0x64, 0xdf, 0xfd, 0x1f, 0x00, 0x00, 0xff, 0xff, 0x09, 0x7b, 0x39, 0x1e, 0xdc, 0x06, 0x00,
+	0x00,
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// LoadBalancerClient is the client API for LoadBalancer service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type LoadBalancerClient interface {
+	// Bidirectional rpc to get a list of servers.
+	BalanceLoad(ctx context.Context, opts ...grpc.CallOption) (LoadBalancer_BalanceLoadClient, error)
+}
+
+type loadBalancerClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewLoadBalancerClient(cc *grpc.ClientConn) LoadBalancerClient {
+	return &loadBalancerClient{cc}
+}
+
+func (c *loadBalancerClient) BalanceLoad(ctx context.Context, opts ...grpc.CallOption) (LoadBalancer_BalanceLoadClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_LoadBalancer_serviceDesc.Streams[0], "/grpc.lb.v1.LoadBalancer/BalanceLoad", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &loadBalancerBalanceLoadClient{stream}
+	return x, nil
+}
+
+type LoadBalancer_BalanceLoadClient interface {
+	Send(*LoadBalanceRequest) error
+	Recv() (*LoadBalanceResponse, error)
+	grpc.ClientStream
+}
+
+type loadBalancerBalanceLoadClient struct {
+	grpc.ClientStream
+}
+
+func (x *loadBalancerBalanceLoadClient) Send(m *LoadBalanceRequest) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *loadBalancerBalanceLoadClient) Recv() (*LoadBalanceResponse, error) {
+	m := new(LoadBalanceResponse)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// LoadBalancerServer is the server API for LoadBalancer service.
+type LoadBalancerServer interface {
+	// Bidirectional rpc to get a list of servers.
+	BalanceLoad(LoadBalancer_BalanceLoadServer) error
+}
+
+// UnimplementedLoadBalancerServer can be embedded to have forward compatible implementations.
+type UnimplementedLoadBalancerServer struct {
+}
+
+func (*UnimplementedLoadBalancerServer) BalanceLoad(srv LoadBalancer_BalanceLoadServer) error {
+	return status.Errorf(codes.Unimplemented, "method BalanceLoad not implemented")
+}
+
+func RegisterLoadBalancerServer(s *grpc.Server, srv LoadBalancerServer) {
+	s.RegisterService(&_LoadBalancer_serviceDesc, srv)
+}
+
+func _LoadBalancer_BalanceLoad_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(LoadBalancerServer).BalanceLoad(&loadBalancerBalanceLoadServer{stream})
+}
+
+type LoadBalancer_BalanceLoadServer interface {
+	Send(*LoadBalanceResponse) error
+	Recv() (*LoadBalanceRequest, error)
+	grpc.ServerStream
+}
+
+type loadBalancerBalanceLoadServer struct {
+	grpc.ServerStream
+}
+
+func (x *loadBalancerBalanceLoadServer) Send(m *LoadBalanceResponse) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *loadBalancerBalanceLoadServer) Recv() (*LoadBalanceRequest, error) {
+	m := new(LoadBalanceRequest)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+var _LoadBalancer_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "grpc.lb.v1.LoadBalancer",
+	HandlerType: (*LoadBalancerServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "BalanceLoad",
+			Handler:       _LoadBalancer_BalanceLoad_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "grpc/lb/v1/load_balancer.proto",
+}
diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb.go
new file mode 100644
index 0000000000000..219ca7235b489
--- /dev/null
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb.go
@@ -0,0 +1,488 @@
+/*
+ *
+ * Copyright 2016 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+//go:generate ./regenerate.sh
+
+// Package grpclb defines a grpclb balancer.
+//
+// To install grpclb balancer, import this package as:
+//    import _ "google.golang.org/grpc/balancer/grpclb"
+package grpclb
+
+import (
+	"context"
+	"errors"
+	"sync"
+	"time"
+
+	durationpb "github.com/golang/protobuf/ptypes/duration"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/balancer"
+	lbpb "google.golang.org/grpc/balancer/grpclb/grpc_lb_v1"
+	"google.golang.org/grpc/connectivity"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/internal/backoff"
+	"google.golang.org/grpc/internal/resolver/dns"
+	"google.golang.org/grpc/resolver"
+)
+
+const (
+	lbTokenKey             = "lb-token"
+	defaultFallbackTimeout = 10 * time.Second
+	grpclbName             = "grpclb"
+)
+
+var errServerTerminatedConnection = errors.New("grpclb: failed to recv server list: server terminated connection")
+
+func convertDuration(d *durationpb.Duration) time.Duration {
+	if d == nil {
+		return 0
+	}
+	return time.Duration(d.Seconds)*time.Second + time.Duration(d.Nanos)*time.Nanosecond
+}
+
+// Client API for LoadBalancer service.
+// Mostly copied from generated pb.go file.
+// To avoid circular dependency.
+type loadBalancerClient struct {
+	cc *grpc.ClientConn
+}
+
+func (c *loadBalancerClient) BalanceLoad(ctx context.Context, opts ...grpc.CallOption) (*balanceLoadClientStream, error) {
+	desc := &grpc.StreamDesc{
+		StreamName:    "BalanceLoad",
+		ServerStreams: true,
+		ClientStreams: true,
+	}
+	stream, err := c.cc.NewStream(ctx, desc, "/grpc.lb.v1.LoadBalancer/BalanceLoad", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &balanceLoadClientStream{stream}
+	return x, nil
+}
+
+type balanceLoadClientStream struct {
+	grpc.ClientStream
+}
+
+func (x *balanceLoadClientStream) Send(m *lbpb.LoadBalanceRequest) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *balanceLoadClientStream) Recv() (*lbpb.LoadBalanceResponse, error) {
+	m := new(lbpb.LoadBalanceResponse)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func init() {
+	balancer.Register(newLBBuilder())
+	dns.EnableSRVLookups = true
+}
+
+// newLBBuilder creates a builder for grpclb.
+func newLBBuilder() balancer.Builder {
+	return newLBBuilderWithFallbackTimeout(defaultFallbackTimeout)
+}
+
+// newLBBuilderWithFallbackTimeout creates a grpclb builder with the given
+// fallbackTimeout. If no response is received from the remote balancer within
+// fallbackTimeout, the backend addresses from the resolved address list will be
+// used.
+//
+// Only call this function when a non-default fallback timeout is needed.
+func newLBBuilderWithFallbackTimeout(fallbackTimeout time.Duration) balancer.Builder {
+	return &lbBuilder{
+		fallbackTimeout: fallbackTimeout,
+	}
+}
+
+type lbBuilder struct {
+	fallbackTimeout time.Duration
+}
+
+func (b *lbBuilder) Name() string {
+	return grpclbName
+}
+
+func (b *lbBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) balancer.Balancer {
+	// This generates a manual resolver builder with a fixed scheme. This
+	// scheme will be used to dial to remote LB, so we can send filtered
+	// address updates to remote LB ClientConn using this manual resolver.
+	r := &lbManualResolver{scheme: "grpclb-internal", ccb: cc}
+
+	lb := &lbBalancer{
+		cc:              newLBCacheClientConn(cc),
+		target:          opt.Target.Endpoint,
+		opt:             opt,
+		fallbackTimeout: b.fallbackTimeout,
+		doneCh:          make(chan struct{}),
+
+		manualResolver: r,
+		subConns:       make(map[resolver.Address]balancer.SubConn),
+		scStates:       make(map[balancer.SubConn]connectivity.State),
+		picker:         &errPicker{err: balancer.ErrNoSubConnAvailable},
+		clientStats:    newRPCStats(),
+		backoff:        backoff.DefaultExponential, // TODO: make backoff configurable.
+	}
+
+	var err error
+	if opt.CredsBundle != nil {
+		lb.grpclbClientConnCreds, err = opt.CredsBundle.NewWithMode(internal.CredsBundleModeBalancer)
+		if err != nil {
+			grpclog.Warningf("lbBalancer: client connection creds NewWithMode failed: %v", err)
+		}
+		lb.grpclbBackendCreds, err = opt.CredsBundle.NewWithMode(internal.CredsBundleModeBackendFromBalancer)
+		if err != nil {
+			grpclog.Warningf("lbBalancer: backend creds NewWithMode failed: %v", err)
+		}
+	}
+
+	return lb
+}
+
+var _ balancer.V2Balancer = (*lbBalancer)(nil) // Assert that we implement V2Balancer
+
+type lbBalancer struct {
+	cc     *lbCacheClientConn
+	target string
+	opt    balancer.BuildOptions
+
+	usePickFirst bool
+
+	// grpclbClientConnCreds is the creds bundle to be used to connect to grpclb
+	// servers. If it's nil, use the TransportCredentials from BuildOptions
+	// instead.
+	grpclbClientConnCreds credentials.Bundle
+	// grpclbBackendCreds is the creds bundle to be used for addresses that are
+	// returned by grpclb server. If it's nil, don't set anything when creating
+	// SubConns.
+	grpclbBackendCreds credentials.Bundle
+
+	fallbackTimeout time.Duration
+	doneCh          chan struct{}
+
+	// manualResolver is used in the remote LB ClientConn inside grpclb. When
+	// resolved address updates are received by grpclb, filtered updates will be
+	// send to remote LB ClientConn through this resolver.
+	manualResolver *lbManualResolver
+	// The ClientConn to talk to the remote balancer.
+	ccRemoteLB *remoteBalancerCCWrapper
+	// backoff for calling remote balancer.
+	backoff backoff.Strategy
+
+	// Support client side load reporting. Each picker gets a reference to this,
+	// and will update its content.
+	clientStats *rpcStats
+
+	mu sync.Mutex // guards everything following.
+	// The full server list including drops, used to check if the newly received
+	// serverList contains anything new. Each generate picker will also have
+	// reference to this list to do the first layer pick.
+	fullServerList []*lbpb.Server
+	// Backend addresses. It's kept so the addresses are available when
+	// switching between round_robin and pickfirst.
+	backendAddrs []resolver.Address
+	// All backends addresses, with metadata set to nil. This list contains all
+	// backend addresses in the same order and with the same duplicates as in
+	// serverlist. When generating picker, a SubConn slice with the same order
+	// but with only READY SCs will be gerenated.
+	backendAddrsWithoutMetadata []resolver.Address
+	// Roundrobin functionalities.
+	state    connectivity.State
+	subConns map[resolver.Address]balancer.SubConn   // Used to new/remove SubConn.
+	scStates map[balancer.SubConn]connectivity.State // Used to filter READY SubConns.
+	picker   balancer.V2Picker
+	// Support fallback to resolved backend addresses if there's no response
+	// from remote balancer within fallbackTimeout.
+	remoteBalancerConnected bool
+	serverListReceived      bool
+	inFallback              bool
+	// resolvedBackendAddrs is resolvedAddrs minus remote balancers. It's set
+	// when resolved address updates are received, and read in the goroutine
+	// handling fallback.
+	resolvedBackendAddrs []resolver.Address
+}
+
+// regeneratePicker takes a snapshot of the balancer, and generates a picker from
+// it. The picker
+//  - always returns ErrTransientFailure if the balancer is in TransientFailure,
+//  - does two layer roundrobin pick otherwise.
+// Caller must hold lb.mu.
+func (lb *lbBalancer) regeneratePicker(resetDrop bool) {
+	if lb.state == connectivity.TransientFailure {
+		lb.picker = &errPicker{err: balancer.ErrTransientFailure}
+		return
+	}
+
+	if lb.state == connectivity.Connecting {
+		lb.picker = &errPicker{err: balancer.ErrNoSubConnAvailable}
+		return
+	}
+
+	var readySCs []balancer.SubConn
+	if lb.usePickFirst {
+		for _, sc := range lb.subConns {
+			readySCs = append(readySCs, sc)
+			break
+		}
+	} else {
+		for _, a := range lb.backendAddrsWithoutMetadata {
+			if sc, ok := lb.subConns[a]; ok {
+				if st, ok := lb.scStates[sc]; ok && st == connectivity.Ready {
+					readySCs = append(readySCs, sc)
+				}
+			}
+		}
+	}
+
+	if len(readySCs) <= 0 {
+		// If there's no ready SubConns, always re-pick. This is to avoid drops
+		// unless at least one SubConn is ready. Otherwise we may drop more
+		// often than want because of drops + re-picks(which become re-drops).
+		//
+		// This doesn't seem to be necessary after the connecting check above.
+		// Kept for safety.
+		lb.picker = &errPicker{err: balancer.ErrNoSubConnAvailable}
+		return
+	}
+	if lb.inFallback {
+		lb.picker = newRRPicker(readySCs)
+		return
+	}
+	if resetDrop {
+		lb.picker = newLBPicker(lb.fullServerList, readySCs, lb.clientStats)
+		return
+	}
+	prevLBPicker, ok := lb.picker.(*lbPicker)
+	if !ok {
+		lb.picker = newLBPicker(lb.fullServerList, readySCs, lb.clientStats)
+		return
+	}
+	prevLBPicker.updateReadySCs(readySCs)
+}
+
+// aggregateSubConnStats calculate the aggregated state of SubConns in
+// lb.SubConns. These SubConns are subconns in use (when switching between
+// fallback and grpclb). lb.scState contains states for all SubConns, including
+// those in cache (SubConns are cached for 10 seconds after remove).
+//
+// The aggregated state is:
+//  - If at least one SubConn in Ready, the aggregated state is Ready;
+//  - Else if at least one SubConn in Connecting, the aggregated state is Connecting;
+//  - Else the aggregated state is TransientFailure.
+func (lb *lbBalancer) aggregateSubConnStates() connectivity.State {
+	var numConnecting uint64
+
+	for _, sc := range lb.subConns {
+		if state, ok := lb.scStates[sc]; ok {
+			switch state {
+			case connectivity.Ready:
+				return connectivity.Ready
+			case connectivity.Connecting:
+				numConnecting++
+			}
+		}
+	}
+	if numConnecting > 0 {
+		return connectivity.Connecting
+	}
+	return connectivity.TransientFailure
+}
+
+func (lb *lbBalancer) HandleSubConnStateChange(sc balancer.SubConn, s connectivity.State) {
+	panic("not used")
+}
+
+func (lb *lbBalancer) UpdateSubConnState(sc balancer.SubConn, scs balancer.SubConnState) {
+	s := scs.ConnectivityState
+	if grpclog.V(2) {
+		grpclog.Infof("lbBalancer: handle SubConn state change: %p, %v", sc, s)
+	}
+	lb.mu.Lock()
+	defer lb.mu.Unlock()
+
+	oldS, ok := lb.scStates[sc]
+	if !ok {
+		if grpclog.V(2) {
+			grpclog.Infof("lbBalancer: got state changes for an unknown SubConn: %p, %v", sc, s)
+		}
+		return
+	}
+	lb.scStates[sc] = s
+	switch s {
+	case connectivity.Idle:
+		sc.Connect()
+	case connectivity.Shutdown:
+		// When an address was removed by resolver, b called RemoveSubConn but
+		// kept the sc's state in scStates. Remove state for this sc here.
+		delete(lb.scStates, sc)
+	}
+	// Force regenerate picker if
+	//  - this sc became ready from not-ready
+	//  - this sc became not-ready from ready
+	lb.updateStateAndPicker((oldS == connectivity.Ready) != (s == connectivity.Ready), false)
+
+	// Enter fallback when the aggregated state is not Ready and the connection
+	// to remote balancer is lost.
+	if lb.state != connectivity.Ready {
+		if !lb.inFallback && !lb.remoteBalancerConnected {
+			// Enter fallback.
+			lb.refreshSubConns(lb.resolvedBackendAddrs, true, lb.usePickFirst)
+		}
+	}
+}
+
+// updateStateAndPicker re-calculate the aggregated state, and regenerate picker
+// if overall state is changed.
+//
+// If forceRegeneratePicker is true, picker will be regenerated.
+func (lb *lbBalancer) updateStateAndPicker(forceRegeneratePicker bool, resetDrop bool) {
+	oldAggrState := lb.state
+	lb.state = lb.aggregateSubConnStates()
+	// Regenerate picker when one of the following happens:
+	//  - caller wants to regenerate
+	//  - the aggregated state changed
+	if forceRegeneratePicker || (lb.state != oldAggrState) {
+		lb.regeneratePicker(resetDrop)
+	}
+
+	lb.cc.UpdateState(balancer.State{ConnectivityState: lb.state, Picker: lb.picker})
+}
+
+// fallbackToBackendsAfter blocks for fallbackTimeout and falls back to use
+// resolved backends (backends received from resolver, not from remote balancer)
+// if no connection to remote balancers was successful.
+func (lb *lbBalancer) fallbackToBackendsAfter(fallbackTimeout time.Duration) {
+	timer := time.NewTimer(fallbackTimeout)
+	defer timer.Stop()
+	select {
+	case <-timer.C:
+	case <-lb.doneCh:
+		return
+	}
+	lb.mu.Lock()
+	if lb.inFallback || lb.serverListReceived {
+		lb.mu.Unlock()
+		return
+	}
+	// Enter fallback.
+	lb.refreshSubConns(lb.resolvedBackendAddrs, true, lb.usePickFirst)
+	lb.mu.Unlock()
+}
+
+// HandleResolvedAddrs sends the updated remoteLB addresses to remoteLB
+// clientConn. The remoteLB clientConn will handle creating/removing remoteLB
+// connections.
+func (lb *lbBalancer) HandleResolvedAddrs(addrs []resolver.Address, err error) {
+	panic("not used")
+}
+
+func (lb *lbBalancer) handleServiceConfig(gc *grpclbServiceConfig) {
+	lb.mu.Lock()
+	defer lb.mu.Unlock()
+
+	newUsePickFirst := childIsPickFirst(gc)
+	if lb.usePickFirst == newUsePickFirst {
+		return
+	}
+	if grpclog.V(2) {
+		grpclog.Infof("lbBalancer: switching mode, new usePickFirst: %+v", newUsePickFirst)
+	}
+	lb.refreshSubConns(lb.backendAddrs, lb.inFallback, newUsePickFirst)
+}
+
+func (lb *lbBalancer) ResolverError(error) {
+	// Ignore resolver errors.  GRPCLB is not selected unless the resolver
+	// works at least once.
+}
+
+func (lb *lbBalancer) UpdateClientConnState(ccs balancer.ClientConnState) error {
+	if grpclog.V(2) {
+		grpclog.Infof("lbBalancer: UpdateClientConnState: %+v", ccs)
+	}
+	gc, _ := ccs.BalancerConfig.(*grpclbServiceConfig)
+	lb.handleServiceConfig(gc)
+
+	addrs := ccs.ResolverState.Addresses
+	if len(addrs) == 0 {
+		// There should be at least one address, either grpclb server or
+		// fallback. Empty address is not valid.
+		return balancer.ErrBadResolverState
+	}
+
+	var remoteBalancerAddrs, backendAddrs []resolver.Address
+	for _, a := range addrs {
+		if a.Type == resolver.GRPCLB {
+			a.Type = resolver.Backend
+			remoteBalancerAddrs = append(remoteBalancerAddrs, a)
+		} else {
+			backendAddrs = append(backendAddrs, a)
+		}
+	}
+
+	if len(remoteBalancerAddrs) == 0 {
+		if lb.ccRemoteLB != nil {
+			lb.ccRemoteLB.close()
+			lb.ccRemoteLB = nil
+		}
+	} else if lb.ccRemoteLB == nil {
+		// First time receiving resolved addresses, create a cc to remote
+		// balancers.
+		lb.newRemoteBalancerCCWrapper()
+		// Start the fallback goroutine.
+		go lb.fallbackToBackendsAfter(lb.fallbackTimeout)
+	}
+
+	if lb.ccRemoteLB != nil {
+		// cc to remote balancers uses lb.manualResolver. Send the updated remote
+		// balancer addresses to it through manualResolver.
+		lb.manualResolver.UpdateState(resolver.State{Addresses: remoteBalancerAddrs})
+	}
+
+	lb.mu.Lock()
+	lb.resolvedBackendAddrs = backendAddrs
+	if len(remoteBalancerAddrs) == 0 || lb.inFallback {
+		// If there's no remote balancer address in ClientConn update, grpclb
+		// enters fallback mode immediately.
+		//
+		// If a new update is received while grpclb is in fallback, update the
+		// list of backends being used to the new fallback backends.
+		lb.refreshSubConns(lb.resolvedBackendAddrs, true, lb.usePickFirst)
+	}
+	lb.mu.Unlock()
+	return nil
+}
+
+func (lb *lbBalancer) Close() {
+	select {
+	case <-lb.doneCh:
+		return
+	default:
+	}
+	close(lb.doneCh)
+	if lb.ccRemoteLB != nil {
+		lb.ccRemoteLB.close()
+	}
+	lb.cc.close()
+}
diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_config.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_config.go
new file mode 100644
index 0000000000000..aac3719631b41
--- /dev/null
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_config.go
@@ -0,0 +1,66 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpclb
+
+import (
+	"encoding/json"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/balancer/roundrobin"
+	"google.golang.org/grpc/serviceconfig"
+)
+
+const (
+	roundRobinName = roundrobin.Name
+	pickFirstName  = grpc.PickFirstBalancerName
+)
+
+type grpclbServiceConfig struct {
+	serviceconfig.LoadBalancingConfig
+	ChildPolicy *[]map[string]json.RawMessage
+}
+
+func (b *lbBuilder) ParseConfig(lbConfig json.RawMessage) (serviceconfig.LoadBalancingConfig, error) {
+	ret := &grpclbServiceConfig{}
+	if err := json.Unmarshal(lbConfig, ret); err != nil {
+		return nil, err
+	}
+	return ret, nil
+}
+
+func childIsPickFirst(sc *grpclbServiceConfig) bool {
+	if sc == nil {
+		return false
+	}
+	childConfigs := sc.ChildPolicy
+	if childConfigs == nil {
+		return false
+	}
+	for _, childC := range *childConfigs {
+		// If round_robin exists before pick_first, return false
+		if _, ok := childC[roundRobinName]; ok {
+			return false
+		}
+		// If pick_first is before round_robin, return true
+		if _, ok := childC[pickFirstName]; ok {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_picker.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_picker.go
new file mode 100644
index 0000000000000..39bc5cc71e819
--- /dev/null
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_picker.go
@@ -0,0 +1,202 @@
+/*
+ *
+ * Copyright 2017 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpclb
+
+import (
+	"sync"
+	"sync/atomic"
+
+	"google.golang.org/grpc/balancer"
+	lbpb "google.golang.org/grpc/balancer/grpclb/grpc_lb_v1"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/internal/grpcrand"
+	"google.golang.org/grpc/status"
+)
+
+// rpcStats is same as lbpb.ClientStats, except that numCallsDropped is a map
+// instead of a slice.
+type rpcStats struct {
+	// Only access the following fields atomically.
+	numCallsStarted                        int64
+	numCallsFinished                       int64
+	numCallsFinishedWithClientFailedToSend int64
+	numCallsFinishedKnownReceived          int64
+
+	mu sync.Mutex
+	// map load_balance_token -> num_calls_dropped
+	numCallsDropped map[string]int64
+}
+
+func newRPCStats() *rpcStats {
+	return &rpcStats{
+		numCallsDropped: make(map[string]int64),
+	}
+}
+
+func isZeroStats(stats *lbpb.ClientStats) bool {
+	return len(stats.CallsFinishedWithDrop) == 0 &&
+		stats.NumCallsStarted == 0 &&
+		stats.NumCallsFinished == 0 &&
+		stats.NumCallsFinishedWithClientFailedToSend == 0 &&
+		stats.NumCallsFinishedKnownReceived == 0
+}
+
+// toClientStats converts rpcStats to lbpb.ClientStats, and clears rpcStats.
+func (s *rpcStats) toClientStats() *lbpb.ClientStats {
+	stats := &lbpb.ClientStats{
+		NumCallsStarted:                        atomic.SwapInt64(&s.numCallsStarted, 0),
+		NumCallsFinished:                       atomic.SwapInt64(&s.numCallsFinished, 0),
+		NumCallsFinishedWithClientFailedToSend: atomic.SwapInt64(&s.numCallsFinishedWithClientFailedToSend, 0),
+		NumCallsFinishedKnownReceived:          atomic.SwapInt64(&s.numCallsFinishedKnownReceived, 0),
+	}
+	s.mu.Lock()
+	dropped := s.numCallsDropped
+	s.numCallsDropped = make(map[string]int64)
+	s.mu.Unlock()
+	for token, count := range dropped {
+		stats.CallsFinishedWithDrop = append(stats.CallsFinishedWithDrop, &lbpb.ClientStatsPerToken{
+			LoadBalanceToken: token,
+			NumCalls:         count,
+		})
+	}
+	return stats
+}
+
+func (s *rpcStats) drop(token string) {
+	atomic.AddInt64(&s.numCallsStarted, 1)
+	s.mu.Lock()
+	s.numCallsDropped[token]++
+	s.mu.Unlock()
+	atomic.AddInt64(&s.numCallsFinished, 1)
+}
+
+func (s *rpcStats) failedToSend() {
+	atomic.AddInt64(&s.numCallsStarted, 1)
+	atomic.AddInt64(&s.numCallsFinishedWithClientFailedToSend, 1)
+	atomic.AddInt64(&s.numCallsFinished, 1)
+}
+
+func (s *rpcStats) knownReceived() {
+	atomic.AddInt64(&s.numCallsStarted, 1)
+	atomic.AddInt64(&s.numCallsFinishedKnownReceived, 1)
+	atomic.AddInt64(&s.numCallsFinished, 1)
+}
+
+type errPicker struct {
+	// Pick always returns this err.
+	err error
+}
+
+func (p *errPicker) Pick(balancer.PickInfo) (balancer.PickResult, error) {
+	return balancer.PickResult{}, p.err
+}
+
+// rrPicker does roundrobin on subConns. It's typically used when there's no
+// response from remote balancer, and grpclb falls back to the resolved
+// backends.
+//
+// It guaranteed that len(subConns) > 0.
+type rrPicker struct {
+	mu           sync.Mutex
+	subConns     []balancer.SubConn // The subConns that were READY when taking the snapshot.
+	subConnsNext int
+}
+
+func newRRPicker(readySCs []balancer.SubConn) *rrPicker {
+	return &rrPicker{
+		subConns:     readySCs,
+		subConnsNext: grpcrand.Intn(len(readySCs)),
+	}
+}
+
+func (p *rrPicker) Pick(balancer.PickInfo) (balancer.PickResult, error) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	sc := p.subConns[p.subConnsNext]
+	p.subConnsNext = (p.subConnsNext + 1) % len(p.subConns)
+	return balancer.PickResult{SubConn: sc}, nil
+}
+
+// lbPicker does two layers of picks:
+//
+// First layer: roundrobin on all servers in serverList, including drops and backends.
+// - If it picks a drop, the RPC will fail as being dropped.
+// - If it picks a backend, do a second layer pick to pick the real backend.
+//
+// Second layer: roundrobin on all READY backends.
+//
+// It's guaranteed that len(serverList) > 0.
+type lbPicker struct {
+	mu             sync.Mutex
+	serverList     []*lbpb.Server
+	serverListNext int
+	subConns       []balancer.SubConn // The subConns that were READY when taking the snapshot.
+	subConnsNext   int
+
+	stats *rpcStats
+}
+
+func newLBPicker(serverList []*lbpb.Server, readySCs []balancer.SubConn, stats *rpcStats) *lbPicker {
+	return &lbPicker{
+		serverList:   serverList,
+		subConns:     readySCs,
+		subConnsNext: grpcrand.Intn(len(readySCs)),
+		stats:        stats,
+	}
+}
+
+func (p *lbPicker) Pick(balancer.PickInfo) (balancer.PickResult, error) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	// Layer one roundrobin on serverList.
+	s := p.serverList[p.serverListNext]
+	p.serverListNext = (p.serverListNext + 1) % len(p.serverList)
+
+	// If it's a drop, return an error and fail the RPC.
+	if s.Drop {
+		p.stats.drop(s.LoadBalanceToken)
+		return balancer.PickResult{}, status.Errorf(codes.Unavailable, "request dropped by grpclb")
+	}
+
+	// If not a drop but there's no ready subConns.
+	if len(p.subConns) <= 0 {
+		return balancer.PickResult{}, balancer.ErrNoSubConnAvailable
+	}
+
+	// Return the next ready subConn in the list, also collect rpc stats.
+	sc := p.subConns[p.subConnsNext]
+	p.subConnsNext = (p.subConnsNext + 1) % len(p.subConns)
+	done := func(info balancer.DoneInfo) {
+		if !info.BytesSent {
+			p.stats.failedToSend()
+		} else if info.BytesReceived {
+			p.stats.knownReceived()
+		}
+	}
+	return balancer.PickResult{SubConn: sc, Done: done}, nil
+}
+
+func (p *lbPicker) updateReadySCs(readySCs []balancer.SubConn) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	p.subConns = readySCs
+	p.subConnsNext = p.subConnsNext % len(readySCs)
+}
diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go
new file mode 100644
index 0000000000000..e70ce75007edf
--- /dev/null
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go
@@ -0,0 +1,407 @@
+/*
+ *
+ * Copyright 2017 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpclb
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	timestamppb "github.com/golang/protobuf/ptypes/timestamp"
+	"github.com/google/go-cmp/cmp"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/balancer"
+	lbpb "google.golang.org/grpc/balancer/grpclb/grpc_lb_v1"
+	"google.golang.org/grpc/connectivity"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal/backoff"
+	"google.golang.org/grpc/internal/channelz"
+	"google.golang.org/grpc/keepalive"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/resolver"
+)
+
+// processServerList updates balaner's internal state, create/remove SubConns
+// and regenerates picker using the received serverList.
+func (lb *lbBalancer) processServerList(l *lbpb.ServerList) {
+	if grpclog.V(2) {
+		grpclog.Infof("lbBalancer: processing server list: %+v", l)
+	}
+	lb.mu.Lock()
+	defer lb.mu.Unlock()
+
+	// Set serverListReceived to true so fallback will not take effect if it has
+	// not hit timeout.
+	lb.serverListReceived = true
+
+	// If the new server list == old server list, do nothing.
+	if cmp.Equal(lb.fullServerList, l.Servers, cmp.Comparer(proto.Equal)) {
+		if grpclog.V(2) {
+			grpclog.Infof("lbBalancer: new serverlist same as the previous one, ignoring")
+		}
+		return
+	}
+	lb.fullServerList = l.Servers
+
+	var backendAddrs []resolver.Address
+	for i, s := range l.Servers {
+		if s.Drop {
+			continue
+		}
+
+		md := metadata.Pairs(lbTokenKey, s.LoadBalanceToken)
+		ip := net.IP(s.IpAddress)
+		ipStr := ip.String()
+		if ip.To4() == nil {
+			// Add square brackets to ipv6 addresses, otherwise net.Dial() and
+			// net.SplitHostPort() will return too many colons error.
+			ipStr = fmt.Sprintf("[%s]", ipStr)
+		}
+		addr := resolver.Address{
+			Addr:     fmt.Sprintf("%s:%d", ipStr, s.Port),
+			Metadata: &md,
+		}
+		if grpclog.V(2) {
+			grpclog.Infof("lbBalancer: server list entry[%d]: ipStr:|%s|, port:|%d|, load balancer token:|%v|",
+				i, ipStr, s.Port, s.LoadBalanceToken)
+		}
+		backendAddrs = append(backendAddrs, addr)
+	}
+
+	// Call refreshSubConns to create/remove SubConns.  If we are in fallback,
+	// this is also exiting fallback.
+	lb.refreshSubConns(backendAddrs, false, lb.usePickFirst)
+}
+
+// refreshSubConns creates/removes SubConns with backendAddrs, and refreshes
+// balancer state and picker.
+//
+// Caller must hold lb.mu.
+func (lb *lbBalancer) refreshSubConns(backendAddrs []resolver.Address, fallback bool, pickFirst bool) {
+	opts := balancer.NewSubConnOptions{}
+	if !fallback {
+		opts.CredsBundle = lb.grpclbBackendCreds
+	}
+
+	lb.backendAddrs = backendAddrs
+	lb.backendAddrsWithoutMetadata = nil
+
+	fallbackModeChanged := lb.inFallback != fallback
+	lb.inFallback = fallback
+	if fallbackModeChanged && lb.inFallback {
+		// Clear previous received list when entering fallback, so if the server
+		// comes back and sends the same list again, the new addresses will be
+		// used.
+		lb.fullServerList = nil
+	}
+
+	balancingPolicyChanged := lb.usePickFirst != pickFirst
+	oldUsePickFirst := lb.usePickFirst
+	lb.usePickFirst = pickFirst
+
+	if fallbackModeChanged || balancingPolicyChanged {
+		// Remove all SubConns when switching balancing policy or switching
+		// fallback mode.
+		//
+		// For fallback mode switching with pickfirst, we want to recreate the
+		// SubConn because the creds could be different.
+		for a, sc := range lb.subConns {
+			if oldUsePickFirst {
+				// If old SubConn were created for pickfirst, bypass cache and
+				// remove directly.
+				lb.cc.cc.RemoveSubConn(sc)
+			} else {
+				lb.cc.RemoveSubConn(sc)
+			}
+			delete(lb.subConns, a)
+		}
+	}
+
+	if lb.usePickFirst {
+		var sc balancer.SubConn
+		for _, sc = range lb.subConns {
+			break
+		}
+		if sc != nil {
+			sc.UpdateAddresses(backendAddrs)
+			sc.Connect()
+			return
+		}
+		// This bypasses the cc wrapper with SubConn cache.
+		sc, err := lb.cc.cc.NewSubConn(backendAddrs, opts)
+		if err != nil {
+			grpclog.Warningf("grpclb: failed to create new SubConn: %v", err)
+			return
+		}
+		sc.Connect()
+		lb.subConns[backendAddrs[0]] = sc
+		lb.scStates[sc] = connectivity.Idle
+		return
+	}
+
+	// addrsSet is the set converted from backendAddrsWithoutMetadata, it's used to quick
+	// lookup for an address.
+	addrsSet := make(map[resolver.Address]struct{})
+	// Create new SubConns.
+	for _, addr := range backendAddrs {
+		addrWithoutMD := addr
+		addrWithoutMD.Metadata = nil
+		addrsSet[addrWithoutMD] = struct{}{}
+		lb.backendAddrsWithoutMetadata = append(lb.backendAddrsWithoutMetadata, addrWithoutMD)
+
+		if _, ok := lb.subConns[addrWithoutMD]; !ok {
+			// Use addrWithMD to create the SubConn.
+			sc, err := lb.cc.NewSubConn([]resolver.Address{addr}, opts)
+			if err != nil {
+				grpclog.Warningf("grpclb: failed to create new SubConn: %v", err)
+				continue
+			}
+			lb.subConns[addrWithoutMD] = sc // Use the addr without MD as key for the map.
+			if _, ok := lb.scStates[sc]; !ok {
+				// Only set state of new sc to IDLE. The state could already be
+				// READY for cached SubConns.
+				lb.scStates[sc] = connectivity.Idle
+			}
+			sc.Connect()
+		}
+	}
+
+	for a, sc := range lb.subConns {
+		// a was removed by resolver.
+		if _, ok := addrsSet[a]; !ok {
+			lb.cc.RemoveSubConn(sc)
+			delete(lb.subConns, a)
+			// Keep the state of this sc in b.scStates until sc's state becomes Shutdown.
+			// The entry will be deleted in HandleSubConnStateChange.
+		}
+	}
+
+	// Regenerate and update picker after refreshing subconns because with
+	// cache, even if SubConn was newed/removed, there might be no state
+	// changes (the subconn will be kept in cache, not actually
+	// newed/removed).
+	lb.updateStateAndPicker(true, true)
+}
+
+type remoteBalancerCCWrapper struct {
+	cc      *grpc.ClientConn
+	lb      *lbBalancer
+	backoff backoff.Strategy
+	done    chan struct{}
+
+	// waitgroup to wait for all goroutines to exit.
+	wg sync.WaitGroup
+}
+
+func (lb *lbBalancer) newRemoteBalancerCCWrapper() {
+	var dopts []grpc.DialOption
+	if creds := lb.opt.DialCreds; creds != nil {
+		dopts = append(dopts, grpc.WithTransportCredentials(creds))
+	} else if bundle := lb.grpclbClientConnCreds; bundle != nil {
+		dopts = append(dopts, grpc.WithCredentialsBundle(bundle))
+	} else {
+		dopts = append(dopts, grpc.WithInsecure())
+	}
+	if lb.opt.Dialer != nil {
+		dopts = append(dopts, grpc.WithContextDialer(lb.opt.Dialer))
+	}
+	// Explicitly set pickfirst as the balancer.
+	dopts = append(dopts, grpc.WithDefaultServiceConfig(`{"loadBalancingPolicy":"pick_first"}`))
+	dopts = append(dopts, grpc.WithResolvers(lb.manualResolver))
+	if channelz.IsOn() {
+		dopts = append(dopts, grpc.WithChannelzParentID(lb.opt.ChannelzParentID))
+	}
+
+	// Enable Keepalive for grpclb client.
+	dopts = append(dopts, grpc.WithKeepaliveParams(keepalive.ClientParameters{
+		Time:                20 * time.Second,
+		Timeout:             10 * time.Second,
+		PermitWithoutStream: true,
+	}))
+
+	// The dial target is not important.
+	//
+	// The grpclb server addresses will set field ServerName, and creds will
+	// receive ServerName as authority.
+	cc, err := grpc.DialContext(context.Background(), lb.manualResolver.Scheme()+":///grpclb.subClientConn", dopts...)
+	if err != nil {
+		grpclog.Fatalf("failed to dial: %v", err)
+	}
+	ccw := &remoteBalancerCCWrapper{
+		cc:      cc,
+		lb:      lb,
+		backoff: lb.backoff,
+		done:    make(chan struct{}),
+	}
+	lb.ccRemoteLB = ccw
+	ccw.wg.Add(1)
+	go ccw.watchRemoteBalancer()
+}
+
+// close closed the ClientConn to remote balancer, and waits until all
+// goroutines to finish.
+func (ccw *remoteBalancerCCWrapper) close() {
+	close(ccw.done)
+	ccw.cc.Close()
+	ccw.wg.Wait()
+}
+
+func (ccw *remoteBalancerCCWrapper) readServerList(s *balanceLoadClientStream) error {
+	for {
+		reply, err := s.Recv()
+		if err != nil {
+			if err == io.EOF {
+				return errServerTerminatedConnection
+			}
+			return fmt.Errorf("grpclb: failed to recv server list: %v", err)
+		}
+		if serverList := reply.GetServerList(); serverList != nil {
+			ccw.lb.processServerList(serverList)
+		}
+	}
+}
+
+func (ccw *remoteBalancerCCWrapper) sendLoadReport(s *balanceLoadClientStream, interval time.Duration) {
+	ticker := time.NewTicker(interval)
+	defer ticker.Stop()
+	lastZero := false
+	for {
+		select {
+		case <-ticker.C:
+		case <-s.Context().Done():
+			return
+		}
+		stats := ccw.lb.clientStats.toClientStats()
+		zero := isZeroStats(stats)
+		if zero && lastZero {
+			// Quash redundant empty load reports.
+			continue
+		}
+		lastZero = zero
+		t := time.Now()
+		stats.Timestamp = &timestamppb.Timestamp{
+			Seconds: t.Unix(),
+			Nanos:   int32(t.Nanosecond()),
+		}
+		if err := s.Send(&lbpb.LoadBalanceRequest{
+			LoadBalanceRequestType: &lbpb.LoadBalanceRequest_ClientStats{
+				ClientStats: stats,
+			},
+		}); err != nil {
+			return
+		}
+	}
+}
+
+func (ccw *remoteBalancerCCWrapper) callRemoteBalancer() (backoff bool, _ error) {
+	lbClient := &loadBalancerClient{cc: ccw.cc}
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	stream, err := lbClient.BalanceLoad(ctx, grpc.WaitForReady(true))
+	if err != nil {
+		return true, fmt.Errorf("grpclb: failed to perform RPC to the remote balancer %v", err)
+	}
+	ccw.lb.mu.Lock()
+	ccw.lb.remoteBalancerConnected = true
+	ccw.lb.mu.Unlock()
+
+	// grpclb handshake on the stream.
+	initReq := &lbpb.LoadBalanceRequest{
+		LoadBalanceRequestType: &lbpb.LoadBalanceRequest_InitialRequest{
+			InitialRequest: &lbpb.InitialLoadBalanceRequest{
+				Name: ccw.lb.target,
+			},
+		},
+	}
+	if err := stream.Send(initReq); err != nil {
+		return true, fmt.Errorf("grpclb: failed to send init request: %v", err)
+	}
+	reply, err := stream.Recv()
+	if err != nil {
+		return true, fmt.Errorf("grpclb: failed to recv init response: %v", err)
+	}
+	initResp := reply.GetInitialResponse()
+	if initResp == nil {
+		return true, fmt.Errorf("grpclb: reply from remote balancer did not include initial response")
+	}
+	if initResp.LoadBalancerDelegate != "" {
+		return true, fmt.Errorf("grpclb: Delegation is not supported")
+	}
+
+	ccw.wg.Add(1)
+	go func() {
+		defer ccw.wg.Done()
+		if d := convertDuration(initResp.ClientStatsReportInterval); d > 0 {
+			ccw.sendLoadReport(stream, d)
+		}
+	}()
+	// No backoff if init req/resp handshake was successful.
+	return false, ccw.readServerList(stream)
+}
+
+func (ccw *remoteBalancerCCWrapper) watchRemoteBalancer() {
+	defer ccw.wg.Done()
+	var retryCount int
+	for {
+		doBackoff, err := ccw.callRemoteBalancer()
+		select {
+		case <-ccw.done:
+			return
+		default:
+			if err != nil {
+				if err == errServerTerminatedConnection {
+					grpclog.Info(err)
+				} else {
+					grpclog.Warning(err)
+				}
+			}
+		}
+		// Trigger a re-resolve when the stream errors.
+		ccw.lb.cc.cc.ResolveNow(resolver.ResolveNowOptions{})
+
+		ccw.lb.mu.Lock()
+		ccw.lb.remoteBalancerConnected = false
+		ccw.lb.fullServerList = nil
+		// Enter fallback when connection to remote balancer is lost, and the
+		// aggregated state is not Ready.
+		if !ccw.lb.inFallback && ccw.lb.state != connectivity.Ready {
+			// Entering fallback.
+			ccw.lb.refreshSubConns(ccw.lb.resolvedBackendAddrs, true, ccw.lb.usePickFirst)
+		}
+		ccw.lb.mu.Unlock()
+
+		if !doBackoff {
+			retryCount = 0
+			continue
+		}
+
+		timer := time.NewTimer(ccw.backoff.Backoff(retryCount)) // Copy backoff
+		select {
+		case <-timer.C:
+		case <-ccw.done:
+			timer.Stop()
+			return
+		}
+		retryCount++
+	}
+}
diff --git a/vendor/google.golang.org/grpc/grpclb_util.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_util.go
similarity index 92%
rename from vendor/google.golang.org/grpc/grpclb_util.go
rename to vendor/google.golang.org/grpc/balancer/grpclb/grpclb_util.go
index 063ba9d859081..636725e5416d5 100644
--- a/vendor/google.golang.org/grpc/grpclb_util.go
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_util.go
@@ -16,7 +16,7 @@
  *
  */
 
-package grpc
+package grpclb
 
 import (
 	"fmt"
@@ -24,7 +24,6 @@ import (
 	"time"
 
 	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/resolver"
 )
 
@@ -67,7 +66,7 @@ type lbManualResolver struct {
 	ccb balancer.ClientConn
 }
 
-func (r *lbManualResolver) Build(_ resolver.Target, cc resolver.ClientConn, _ resolver.BuildOption) (resolver.Resolver, error) {
+func (r *lbManualResolver) Build(_ resolver.Target, cc resolver.ClientConn, _ resolver.BuildOptions) (resolver.Resolver, error) {
 	r.ccr = cc
 	return r, nil
 }
@@ -77,21 +76,16 @@ func (r *lbManualResolver) Scheme() string {
 }
 
 // ResolveNow calls resolveNow on the parent ClientConn.
-func (r *lbManualResolver) ResolveNow(o resolver.ResolveNowOption) {
+func (r *lbManualResolver) ResolveNow(o resolver.ResolveNowOptions) {
 	r.ccb.ResolveNow(o)
 }
 
 // Close is a noop for Resolver.
 func (*lbManualResolver) Close() {}
 
-// NewAddress calls cc.NewAddress.
-func (r *lbManualResolver) NewAddress(addrs []resolver.Address) {
-	r.ccr.NewAddress(addrs)
-}
-
-// NewServiceConfig calls cc.NewServiceConfig.
-func (r *lbManualResolver) NewServiceConfig(sc string) {
-	r.ccr.NewServiceConfig(sc)
+// UpdateState calls cc.UpdateState.
+func (r *lbManualResolver) UpdateState(s resolver.State) {
+	r.ccr.UpdateState(s)
 }
 
 const subConnCacheTime = time.Second * 10
@@ -178,13 +172,13 @@ func (ccc *lbCacheClientConn) RemoveSubConn(sc balancer.SubConn) {
 
 	timer := time.AfterFunc(ccc.timeout, func() {
 		ccc.mu.Lock()
+		defer ccc.mu.Unlock()
 		if entry.abortDeleting {
 			return
 		}
 		ccc.cc.RemoveSubConn(sc)
 		delete(ccc.subConnToAddr, sc)
 		delete(ccc.subConnCache, addr)
-		ccc.mu.Unlock()
 	})
 	entry.cancel = func() {
 		if !timer.Stop() {
@@ -200,8 +194,8 @@ func (ccc *lbCacheClientConn) RemoveSubConn(sc balancer.SubConn) {
 	}
 }
 
-func (ccc *lbCacheClientConn) UpdateBalancerState(s connectivity.State, p balancer.Picker) {
-	ccc.cc.UpdateBalancerState(s, p)
+func (ccc *lbCacheClientConn) UpdateState(s balancer.State) {
+	ccc.cc.UpdateState(s)
 }
 
 func (ccc *lbCacheClientConn) close() {
diff --git a/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go b/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go
index 2eda0a1c2107c..d4d645501c14c 100644
--- a/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go
+++ b/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go
@@ -24,11 +24,10 @@ package roundrobin
 import (
 	"sync"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/balancer/base"
 	"google.golang.org/grpc/grpclog"
-	"google.golang.org/grpc/resolver"
+	"google.golang.org/grpc/internal/grpcrand"
 )
 
 // Name is the name of round_robin balancer.
@@ -36,7 +35,7 @@ const Name = "round_robin"
 
 // newBuilder creates a new roundrobin balancer builder.
 func newBuilder() balancer.Builder {
-	return base.NewBalancerBuilder(Name, &rrPickerBuilder{})
+	return base.NewBalancerBuilderV2(Name, &rrPickerBuilder{}, base.Config{HealthCheck: true})
 }
 
 func init() {
@@ -45,14 +44,21 @@ func init() {
 
 type rrPickerBuilder struct{}
 
-func (*rrPickerBuilder) Build(readySCs map[resolver.Address]balancer.SubConn) balancer.Picker {
-	grpclog.Infof("roundrobinPicker: newPicker called with readySCs: %v", readySCs)
+func (*rrPickerBuilder) Build(info base.PickerBuildInfo) balancer.V2Picker {
+	grpclog.Infof("roundrobinPicker: newPicker called with info: %v", info)
+	if len(info.ReadySCs) == 0 {
+		return base.NewErrPickerV2(balancer.ErrNoSubConnAvailable)
+	}
 	var scs []balancer.SubConn
-	for _, sc := range readySCs {
+	for sc := range info.ReadySCs {
 		scs = append(scs, sc)
 	}
 	return &rrPicker{
 		subConns: scs,
+		// Start at a random index, as the same RR balancer rebuilds a new
+		// picker when SubConn states change, and we don't want to apply excess
+		// load to the first server in the list.
+		next: grpcrand.Intn(len(scs)),
 	}
 }
 
@@ -66,14 +72,10 @@ type rrPicker struct {
 	next int
 }
 
-func (p *rrPicker) Pick(ctx context.Context, opts balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) {
-	if len(p.subConns) <= 0 {
-		return nil, nil, balancer.ErrNoSubConnAvailable
-	}
-
+func (p *rrPicker) Pick(balancer.PickInfo) (balancer.PickResult, error) {
 	p.mu.Lock()
 	sc := p.subConns[p.next]
 	p.next = (p.next + 1) % len(p.subConns)
 	p.mu.Unlock()
-	return sc, nil, nil
+	return balancer.PickResult{SubConn: sc}, nil
 }
diff --git a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
index c23f81706fba2..824f28e740a9d 100644
--- a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
+++ b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
@@ -25,6 +25,8 @@ import (
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal/buffer"
+	"google.golang.org/grpc/internal/grpcsync"
 	"google.golang.org/grpc/resolver"
 )
 
@@ -32,71 +34,17 @@ import (
 type scStateUpdate struct {
 	sc    balancer.SubConn
 	state connectivity.State
-}
-
-// scStateUpdateBuffer is an unbounded channel for scStateChangeTuple.
-// TODO make a general purpose buffer that uses interface{}.
-type scStateUpdateBuffer struct {
-	c       chan *scStateUpdate
-	mu      sync.Mutex
-	backlog []*scStateUpdate
-}
-
-func newSCStateUpdateBuffer() *scStateUpdateBuffer {
-	return &scStateUpdateBuffer{
-		c: make(chan *scStateUpdate, 1),
-	}
-}
-
-func (b *scStateUpdateBuffer) put(t *scStateUpdate) {
-	b.mu.Lock()
-	defer b.mu.Unlock()
-	if len(b.backlog) == 0 {
-		select {
-		case b.c <- t:
-			return
-		default:
-		}
-	}
-	b.backlog = append(b.backlog, t)
-}
-
-func (b *scStateUpdateBuffer) load() {
-	b.mu.Lock()
-	defer b.mu.Unlock()
-	if len(b.backlog) > 0 {
-		select {
-		case b.c <- b.backlog[0]:
-			b.backlog[0] = nil
-			b.backlog = b.backlog[1:]
-		default:
-		}
-	}
-}
-
-// get returns the channel that the scStateUpdate will be sent to.
-//
-// Upon receiving, the caller should call load to send another
-// scStateChangeTuple onto the channel if there is any.
-func (b *scStateUpdateBuffer) get() <-chan *scStateUpdate {
-	return b.c
-}
-
-// resolverUpdate contains the new resolved addresses or error if there's
-// any.
-type resolverUpdate struct {
-	addrs []resolver.Address
 	err   error
 }
 
 // ccBalancerWrapper is a wrapper on top of cc for balancers.
 // It implements balancer.ClientConn interface.
 type ccBalancerWrapper struct {
-	cc               *ClientConn
-	balancer         balancer.Balancer
-	stateChangeQueue *scStateUpdateBuffer
-	resolverUpdateCh chan *resolverUpdate
-	done             chan struct{}
+	cc         *ClientConn
+	balancerMu sync.Mutex // synchronizes calls to the balancer
+	balancer   balancer.Balancer
+	scBuffer   *buffer.Unbounded
+	done       *grpcsync.Event
 
 	mu       sync.Mutex
 	subConns map[*acBalancerWrapper]struct{}
@@ -104,11 +52,10 @@ type ccBalancerWrapper struct {
 
 func newCCBalancerWrapper(cc *ClientConn, b balancer.Builder, bopts balancer.BuildOptions) *ccBalancerWrapper {
 	ccb := &ccBalancerWrapper{
-		cc:               cc,
-		stateChangeQueue: newSCStateUpdateBuffer(),
-		resolverUpdateCh: make(chan *resolverUpdate, 1),
-		done:             make(chan struct{}),
-		subConns:         make(map[*acBalancerWrapper]struct{}),
+		cc:       cc,
+		scBuffer: buffer.NewUnbounded(),
+		done:     grpcsync.NewEvent(),
+		subConns: make(map[*acBalancerWrapper]struct{}),
 	}
 	go ccb.watcher()
 	ccb.balancer = b.Build(ccb, bopts)
@@ -120,28 +67,23 @@ func newCCBalancerWrapper(cc *ClientConn, b balancer.Builder, bopts balancer.Bui
 func (ccb *ccBalancerWrapper) watcher() {
 	for {
 		select {
-		case t := <-ccb.stateChangeQueue.get():
-			ccb.stateChangeQueue.load()
-			select {
-			case <-ccb.done:
-				ccb.balancer.Close()
-				return
-			default:
+		case t := <-ccb.scBuffer.Get():
+			ccb.scBuffer.Load()
+			if ccb.done.HasFired() {
+				break
 			}
-			ccb.balancer.HandleSubConnStateChange(t.sc, t.state)
-		case t := <-ccb.resolverUpdateCh:
-			select {
-			case <-ccb.done:
-				ccb.balancer.Close()
-				return
-			default:
+			ccb.balancerMu.Lock()
+			su := t.(*scStateUpdate)
+			if ub, ok := ccb.balancer.(balancer.V2Balancer); ok {
+				ub.UpdateSubConnState(su.sc, balancer.SubConnState{ConnectivityState: su.state, ConnectionError: su.err})
+			} else {
+				ccb.balancer.HandleSubConnStateChange(su.sc, su.state)
 			}
-			ccb.balancer.HandleResolvedAddrs(t.addrs, t.err)
-		case <-ccb.done:
+			ccb.balancerMu.Unlock()
+		case <-ccb.done.Done():
 		}
 
-		select {
-		case <-ccb.done:
+		if ccb.done.HasFired() {
 			ccb.balancer.Close()
 			ccb.mu.Lock()
 			scs := ccb.subConns
@@ -150,17 +92,17 @@ func (ccb *ccBalancerWrapper) watcher() {
 			for acbw := range scs {
 				ccb.cc.removeAddrConn(acbw.getAddrConn(), errConnDrain)
 			}
+			ccb.UpdateState(balancer.State{ConnectivityState: connectivity.Connecting, Picker: nil})
 			return
-		default:
 		}
 	}
 }
 
 func (ccb *ccBalancerWrapper) close() {
-	close(ccb.done)
+	ccb.done.Fire()
 }
 
-func (ccb *ccBalancerWrapper) handleSubConnStateChange(sc balancer.SubConn, s connectivity.State) {
+func (ccb *ccBalancerWrapper) handleSubConnStateChange(sc balancer.SubConn, s connectivity.State, err error) {
 	// When updating addresses for a SubConn, if the address in use is not in
 	// the new addresses, the old ac will be tearDown() and a new ac will be
 	// created. tearDown() generates a state change with Shutdown state, we
@@ -171,20 +113,28 @@ func (ccb *ccBalancerWrapper) handleSubConnStateChange(sc balancer.SubConn, s co
 	if sc == nil {
 		return
 	}
-	ccb.stateChangeQueue.put(&scStateUpdate{
+	ccb.scBuffer.Put(&scStateUpdate{
 		sc:    sc,
 		state: s,
+		err:   err,
 	})
 }
 
-func (ccb *ccBalancerWrapper) handleResolvedAddrs(addrs []resolver.Address, err error) {
-	select {
-	case <-ccb.resolverUpdateCh:
-	default:
+func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnState) error {
+	ccb.balancerMu.Lock()
+	defer ccb.balancerMu.Unlock()
+	if ub, ok := ccb.balancer.(balancer.V2Balancer); ok {
+		return ub.UpdateClientConnState(*ccs)
 	}
-	ccb.resolverUpdateCh <- &resolverUpdate{
-		addrs: addrs,
-		err:   err,
+	ccb.balancer.HandleResolvedAddrs(ccs.ResolverState.Addresses, nil)
+	return nil
+}
+
+func (ccb *ccBalancerWrapper) resolverError(err error) {
+	if ub, ok := ccb.balancer.(balancer.V2Balancer); ok {
+		ccb.balancerMu.Lock()
+		ub.ResolverError(err)
+		ccb.balancerMu.Unlock()
 	}
 }
 
@@ -197,7 +147,7 @@ func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer
 	if ccb.subConns == nil {
 		return nil, fmt.Errorf("grpc: ClientConn balancer wrapper was closed")
 	}
-	ac, err := ccb.cc.newAddrConn(addrs)
+	ac, err := ccb.cc.newAddrConn(addrs, opts)
 	if err != nil {
 		return nil, err
 	}
@@ -229,11 +179,31 @@ func (ccb *ccBalancerWrapper) UpdateBalancerState(s connectivity.State, p balanc
 	if ccb.subConns == nil {
 		return
 	}
-	ccb.cc.csMgr.updateState(s)
+	// Update picker before updating state.  Even though the ordering here does
+	// not matter, it can lead to multiple calls of Pick in the common start-up
+	// case where we wait for ready and then perform an RPC.  If the picker is
+	// updated later, we could call the "connecting" picker when the state is
+	// updated, and then call the "ready" picker after the picker gets updated.
 	ccb.cc.blockingpicker.updatePicker(p)
+	ccb.cc.csMgr.updateState(s)
+}
+
+func (ccb *ccBalancerWrapper) UpdateState(s balancer.State) {
+	ccb.mu.Lock()
+	defer ccb.mu.Unlock()
+	if ccb.subConns == nil {
+		return
+	}
+	// Update picker before updating state.  Even though the ordering here does
+	// not matter, it can lead to multiple calls of Pick in the common start-up
+	// case where we wait for ready and then perform an RPC.  If the picker is
+	// updated later, we could call the "connecting" picker when the state is
+	// updated, and then call the "ready" picker after the picker gets updated.
+	ccb.cc.blockingpicker.updatePickerV2(s.Picker)
+	ccb.cc.csMgr.updateState(s.ConnectivityState)
 }
 
-func (ccb *ccBalancerWrapper) ResolveNow(o resolver.ResolveNowOption) {
+func (ccb *ccBalancerWrapper) ResolveNow(o resolver.ResolveNowOptions) {
 	ccb.cc.resolveNow(o)
 }
 
@@ -257,6 +227,7 @@ func (acbw *acBalancerWrapper) UpdateAddresses(addrs []resolver.Address) {
 	}
 	if !acbw.ac.tryUpdateAddrs(addrs) {
 		cc := acbw.ac.cc
+		opts := acbw.ac.scopts
 		acbw.ac.mu.Lock()
 		// Set old ac.acbw to nil so the Shutdown state update will be ignored
 		// by balancer.
@@ -272,7 +243,7 @@ func (acbw *acBalancerWrapper) UpdateAddresses(addrs []resolver.Address) {
 			return
 		}
 
-		ac, err := cc.newAddrConn(addrs)
+		ac, err := cc.newAddrConn(addrs, opts)
 		if err != nil {
 			grpclog.Warningf("acBalancerWrapper: UpdateAddresses: failed to newAddrConn: %v", err)
 			return
diff --git a/vendor/google.golang.org/grpc/balancer_v1_wrapper.go b/vendor/google.golang.org/grpc/balancer_v1_wrapper.go
index b7abc6b745792..db04b08b84292 100644
--- a/vendor/google.golang.org/grpc/balancer_v1_wrapper.go
+++ b/vendor/google.golang.org/grpc/balancer_v1_wrapper.go
@@ -19,16 +19,12 @@
 package grpc
 
 import (
-	"strings"
 	"sync"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/resolver"
-	"google.golang.org/grpc/status"
 )
 
 type balancerWrapperBuilder struct {
@@ -36,13 +32,7 @@ type balancerWrapperBuilder struct {
 }
 
 func (bwb *balancerWrapperBuilder) Build(cc balancer.ClientConn, opts balancer.BuildOptions) balancer.Balancer {
-	targetAddr := cc.Target()
-	targetSplitted := strings.Split(targetAddr, ":///")
-	if len(targetSplitted) >= 2 {
-		targetAddr = targetSplitted[1]
-	}
-
-	bwb.b.Start(targetAddr, BalancerConfig{
+	bwb.b.Start(opts.Target.Endpoint, BalancerConfig{
 		DialCreds: opts.DialCreds,
 		Dialer:    opts.Dialer,
 	})
@@ -51,14 +41,14 @@ func (bwb *balancerWrapperBuilder) Build(cc balancer.ClientConn, opts balancer.B
 		balancer:   bwb.b,
 		pickfirst:  pickfirst,
 		cc:         cc,
-		targetAddr: targetAddr,
+		targetAddr: opts.Target.Endpoint,
 		startCh:    make(chan struct{}),
 		conns:      make(map[resolver.Address]balancer.SubConn),
 		connSt:     make(map[balancer.SubConn]*scState),
-		csEvltr:    &connectivityStateEvaluator{},
+		csEvltr:    &balancer.ConnectivityStateEvaluator{},
 		state:      connectivity.Idle,
 	}
-	cc.UpdateBalancerState(connectivity.Idle, bw)
+	cc.UpdateState(balancer.State{ConnectivityState: connectivity.Idle, Picker: bw})
 	go bw.lbWatcher()
 	return bw
 }
@@ -80,10 +70,6 @@ type balancerWrapper struct {
 	cc         balancer.ClientConn
 	targetAddr string // Target without the scheme.
 
-	// To aggregate the connectivity state.
-	csEvltr *connectivityStateEvaluator
-	state   connectivity.State
-
 	mu     sync.Mutex
 	conns  map[resolver.Address]balancer.SubConn
 	connSt map[balancer.SubConn]*scState
@@ -92,6 +78,10 @@ type balancerWrapper struct {
 	// - NewSubConn is created, cc wants to notify balancer of state changes;
 	// - Build hasn't return, cc doesn't have access to balancer.
 	startCh chan struct{}
+
+	// To aggregate the connectivity state.
+	csEvltr *balancer.ConnectivityStateEvaluator
+	state   connectivity.State
 }
 
 // lbWatcher watches the Notify channel of the balancer and manages
@@ -122,7 +112,7 @@ func (bw *balancerWrapper) lbWatcher() {
 	}
 
 	for addrs := range notifyCh {
-		grpclog.Infof("balancerWrapper: got update addr from Notify: %v\n", addrs)
+		grpclog.Infof("balancerWrapper: got update addr from Notify: %v", addrs)
 		if bw.pickfirst {
 			var (
 				oldA  resolver.Address
@@ -248,11 +238,11 @@ func (bw *balancerWrapper) HandleSubConnStateChange(sc balancer.SubConn, s conne
 			scSt.down(errConnClosing)
 		}
 	}
-	sa := bw.csEvltr.recordTransition(oldS, s)
+	sa := bw.csEvltr.RecordTransition(oldS, s)
 	if bw.state != sa {
 		bw.state = sa
 	}
-	bw.cc.UpdateBalancerState(bw.state, bw)
+	bw.cc.UpdateState(balancer.State{ConnectivityState: bw.state, Picker: bw})
 	if s == connectivity.Shutdown {
 		// Remove state for this sc.
 		delete(bw.connSt, sc)
@@ -283,90 +273,62 @@ func (bw *balancerWrapper) Close() {
 }
 
 // The picker is the balancerWrapper itself.
-// Pick should never return ErrNoSubConnAvailable.
 // It either blocks or returns error, consistent with v1 balancer Get().
-func (bw *balancerWrapper) Pick(ctx context.Context, opts balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) {
+func (bw *balancerWrapper) Pick(info balancer.PickInfo) (result balancer.PickResult, err error) {
 	failfast := true // Default failfast is true.
-	if ss, ok := rpcInfoFromContext(ctx); ok {
+	if ss, ok := rpcInfoFromContext(info.Ctx); ok {
 		failfast = ss.failfast
 	}
-	a, p, err := bw.balancer.Get(ctx, BalancerGetOptions{BlockingWait: !failfast})
+	a, p, err := bw.balancer.Get(info.Ctx, BalancerGetOptions{BlockingWait: !failfast})
 	if err != nil {
-		return nil, nil, err
+		return balancer.PickResult{}, toRPCErr(err)
 	}
-	var done func(balancer.DoneInfo)
 	if p != nil {
-		done = func(i balancer.DoneInfo) { p() }
+		result.Done = func(balancer.DoneInfo) { p() }
+		defer func() {
+			if err != nil {
+				p()
+			}
+		}()
 	}
-	var sc balancer.SubConn
+
 	bw.mu.Lock()
 	defer bw.mu.Unlock()
 	if bw.pickfirst {
 		// Get the first sc in conns.
-		for _, sc = range bw.conns {
-			break
-		}
-	} else {
-		var ok bool
-		sc, ok = bw.conns[resolver.Address{
-			Addr:       a.Addr,
-			Type:       resolver.Backend,
-			ServerName: "",
-			Metadata:   a.Metadata,
-		}]
-		if !ok && failfast {
-			return nil, nil, status.Errorf(codes.Unavailable, "there is no connection available")
-		}
-		if s, ok := bw.connSt[sc]; failfast && (!ok || s.s != connectivity.Ready) {
-			// If the returned sc is not ready and RPC is failfast,
-			// return error, and this RPC will fail.
-			return nil, nil, status.Errorf(codes.Unavailable, "there is no connection available")
+		for _, result.SubConn = range bw.conns {
+			return result, nil
 		}
+		return balancer.PickResult{}, balancer.ErrNoSubConnAvailable
 	}
-
-	return sc, done, nil
-}
-
-// connectivityStateEvaluator gets updated by addrConns when their
-// states transition, based on which it evaluates the state of
-// ClientConn.
-type connectivityStateEvaluator struct {
-	mu                  sync.Mutex
-	numReady            uint64 // Number of addrConns in ready state.
-	numConnecting       uint64 // Number of addrConns in connecting state.
-	numTransientFailure uint64 // Number of addrConns in transientFailure.
-}
-
-// recordTransition records state change happening in every subConn and based on
-// that it evaluates what aggregated state should be.
-// It can only transition between Ready, Connecting and TransientFailure. Other states,
-// Idle and Shutdown are transitioned into by ClientConn; in the beginning of the connection
-// before any subConn is created ClientConn is in idle state. In the end when ClientConn
-// closes it is in Shutdown state.
-// TODO Note that in later releases, a ClientConn with no activity will be put into an Idle state.
-func (cse *connectivityStateEvaluator) recordTransition(oldState, newState connectivity.State) connectivity.State {
-	cse.mu.Lock()
-	defer cse.mu.Unlock()
-
-	// Update counters.
-	for idx, state := range []connectivity.State{oldState, newState} {
-		updateVal := 2*uint64(idx) - 1 // -1 for oldState and +1 for new.
-		switch state {
-		case connectivity.Ready:
-			cse.numReady += updateVal
-		case connectivity.Connecting:
-			cse.numConnecting += updateVal
-		case connectivity.TransientFailure:
-			cse.numTransientFailure += updateVal
-		}
+	var ok1 bool
+	result.SubConn, ok1 = bw.conns[resolver.Address{
+		Addr:       a.Addr,
+		Type:       resolver.Backend,
+		ServerName: "",
+		Metadata:   a.Metadata,
+	}]
+	s, ok2 := bw.connSt[result.SubConn]
+	if !ok1 || !ok2 {
+		// This can only happen due to a race where Get() returned an address
+		// that was subsequently removed by Notify.  In this case we should
+		// retry always.
+		return balancer.PickResult{}, balancer.ErrNoSubConnAvailable
 	}
-
-	// Evaluate.
-	if cse.numReady > 0 {
-		return connectivity.Ready
-	}
-	if cse.numConnecting > 0 {
-		return connectivity.Connecting
+	switch s.s {
+	case connectivity.Ready, connectivity.Idle:
+		return result, nil
+	case connectivity.Shutdown, connectivity.TransientFailure:
+		// If the returned sc has been shut down or is in transient failure,
+		// return error, and this RPC will fail or wait for another picker (if
+		// non-failfast).
+		return balancer.PickResult{}, balancer.ErrTransientFailure
+	default:
+		// For other states (connecting or unknown), the v1 balancer would
+		// traditionally wait until ready and then issue the RPC.  Returning
+		// ErrNoSubConnAvailable will be a slight improvement in that it will
+		// allow the balancer to choose another address in case others are
+		// connected.
+		return balancer.PickResult{}, balancer.ErrNoSubConnAvailable
 	}
-	return connectivity.TransientFailure
 }
diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
new file mode 100644
index 0000000000000..f393bb66187e8
--- /dev/null
+++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
@@ -0,0 +1,900 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: grpc/binarylog/grpc_binarylog_v1/binarylog.proto
+
+package grpc_binarylog_v1 // import "google.golang.org/grpc/binarylog/grpc_binarylog_v1"
+
+import proto "github.com/golang/protobuf/proto"
+import fmt "fmt"
+import math "math"
+import duration "github.com/golang/protobuf/ptypes/duration"
+import timestamp "github.com/golang/protobuf/ptypes/timestamp"
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+
+// Enumerates the type of event
+// Note the terminology is different from the RPC semantics
+// definition, but the same meaning is expressed here.
+type GrpcLogEntry_EventType int32
+
+const (
+	GrpcLogEntry_EVENT_TYPE_UNKNOWN GrpcLogEntry_EventType = 0
+	// Header sent from client to server
+	GrpcLogEntry_EVENT_TYPE_CLIENT_HEADER GrpcLogEntry_EventType = 1
+	// Header sent from server to client
+	GrpcLogEntry_EVENT_TYPE_SERVER_HEADER GrpcLogEntry_EventType = 2
+	// Message sent from client to server
+	GrpcLogEntry_EVENT_TYPE_CLIENT_MESSAGE GrpcLogEntry_EventType = 3
+	// Message sent from server to client
+	GrpcLogEntry_EVENT_TYPE_SERVER_MESSAGE GrpcLogEntry_EventType = 4
+	// A signal that client is done sending
+	GrpcLogEntry_EVENT_TYPE_CLIENT_HALF_CLOSE GrpcLogEntry_EventType = 5
+	// Trailer indicates the end of the RPC.
+	// On client side, this event means a trailer was either received
+	// from the network or the gRPC library locally generated a status
+	// to inform the application about a failure.
+	// On server side, this event means the server application requested
+	// to send a trailer. Note: EVENT_TYPE_CANCEL may still arrive after
+	// this due to races on server side.
+	GrpcLogEntry_EVENT_TYPE_SERVER_TRAILER GrpcLogEntry_EventType = 6
+	// A signal that the RPC is cancelled. On client side, this
+	// indicates the client application requests a cancellation.
+	// On server side, this indicates that cancellation was detected.
+	// Note: This marks the end of the RPC. Events may arrive after
+	// this due to races. For example, on client side a trailer
+	// may arrive even though the application requested to cancel the RPC.
+	GrpcLogEntry_EVENT_TYPE_CANCEL GrpcLogEntry_EventType = 7
+)
+
+var GrpcLogEntry_EventType_name = map[int32]string{
+	0: "EVENT_TYPE_UNKNOWN",
+	1: "EVENT_TYPE_CLIENT_HEADER",
+	2: "EVENT_TYPE_SERVER_HEADER",
+	3: "EVENT_TYPE_CLIENT_MESSAGE",
+	4: "EVENT_TYPE_SERVER_MESSAGE",
+	5: "EVENT_TYPE_CLIENT_HALF_CLOSE",
+	6: "EVENT_TYPE_SERVER_TRAILER",
+	7: "EVENT_TYPE_CANCEL",
+}
+var GrpcLogEntry_EventType_value = map[string]int32{
+	"EVENT_TYPE_UNKNOWN":           0,
+	"EVENT_TYPE_CLIENT_HEADER":     1,
+	"EVENT_TYPE_SERVER_HEADER":     2,
+	"EVENT_TYPE_CLIENT_MESSAGE":    3,
+	"EVENT_TYPE_SERVER_MESSAGE":    4,
+	"EVENT_TYPE_CLIENT_HALF_CLOSE": 5,
+	"EVENT_TYPE_SERVER_TRAILER":    6,
+	"EVENT_TYPE_CANCEL":            7,
+}
+
+func (x GrpcLogEntry_EventType) String() string {
+	return proto.EnumName(GrpcLogEntry_EventType_name, int32(x))
+}
+func (GrpcLogEntry_EventType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{0, 0}
+}
+
+// Enumerates the entity that generates the log entry
+type GrpcLogEntry_Logger int32
+
+const (
+	GrpcLogEntry_LOGGER_UNKNOWN GrpcLogEntry_Logger = 0
+	GrpcLogEntry_LOGGER_CLIENT  GrpcLogEntry_Logger = 1
+	GrpcLogEntry_LOGGER_SERVER  GrpcLogEntry_Logger = 2
+)
+
+var GrpcLogEntry_Logger_name = map[int32]string{
+	0: "LOGGER_UNKNOWN",
+	1: "LOGGER_CLIENT",
+	2: "LOGGER_SERVER",
+}
+var GrpcLogEntry_Logger_value = map[string]int32{
+	"LOGGER_UNKNOWN": 0,
+	"LOGGER_CLIENT":  1,
+	"LOGGER_SERVER":  2,
+}
+
+func (x GrpcLogEntry_Logger) String() string {
+	return proto.EnumName(GrpcLogEntry_Logger_name, int32(x))
+}
+func (GrpcLogEntry_Logger) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{0, 1}
+}
+
+type Address_Type int32
+
+const (
+	Address_TYPE_UNKNOWN Address_Type = 0
+	// address is in 1.2.3.4 form
+	Address_TYPE_IPV4 Address_Type = 1
+	// address is in IPv6 canonical form (RFC5952 section 4)
+	// The scope is NOT included in the address string.
+	Address_TYPE_IPV6 Address_Type = 2
+	// address is UDS string
+	Address_TYPE_UNIX Address_Type = 3
+)
+
+var Address_Type_name = map[int32]string{
+	0: "TYPE_UNKNOWN",
+	1: "TYPE_IPV4",
+	2: "TYPE_IPV6",
+	3: "TYPE_UNIX",
+}
+var Address_Type_value = map[string]int32{
+	"TYPE_UNKNOWN": 0,
+	"TYPE_IPV4":    1,
+	"TYPE_IPV6":    2,
+	"TYPE_UNIX":    3,
+}
+
+func (x Address_Type) String() string {
+	return proto.EnumName(Address_Type_name, int32(x))
+}
+func (Address_Type) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{7, 0}
+}
+
+// Log entry we store in binary logs
+type GrpcLogEntry struct {
+	// The timestamp of the binary log message
+	Timestamp *timestamp.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	// Uniquely identifies a call. The value must not be 0 in order to disambiguate
+	// from an unset value.
+	// Each call may have several log entries, they will all have the same call_id.
+	// Nothing is guaranteed about their value other than they are unique across
+	// different RPCs in the same gRPC process.
+	CallId uint64 `protobuf:"varint,2,opt,name=call_id,json=callId,proto3" json:"call_id,omitempty"`
+	// The entry sequence id for this call. The first GrpcLogEntry has a
+	// value of 1, to disambiguate from an unset value. The purpose of
+	// this field is to detect missing entries in environments where
+	// durability or ordering is not guaranteed.
+	SequenceIdWithinCall uint64                 `protobuf:"varint,3,opt,name=sequence_id_within_call,json=sequenceIdWithinCall,proto3" json:"sequence_id_within_call,omitempty"`
+	Type                 GrpcLogEntry_EventType `protobuf:"varint,4,opt,name=type,proto3,enum=grpc.binarylog.v1.GrpcLogEntry_EventType" json:"type,omitempty"`
+	Logger               GrpcLogEntry_Logger    `protobuf:"varint,5,opt,name=logger,proto3,enum=grpc.binarylog.v1.GrpcLogEntry_Logger" json:"logger,omitempty"`
+	// The logger uses one of the following fields to record the payload,
+	// according to the type of the log entry.
+	//
+	// Types that are valid to be assigned to Payload:
+	//	*GrpcLogEntry_ClientHeader
+	//	*GrpcLogEntry_ServerHeader
+	//	*GrpcLogEntry_Message
+	//	*GrpcLogEntry_Trailer
+	Payload isGrpcLogEntry_Payload `protobuf_oneof:"payload"`
+	// true if payload does not represent the full message or metadata.
+	PayloadTruncated bool `protobuf:"varint,10,opt,name=payload_truncated,json=payloadTruncated,proto3" json:"payload_truncated,omitempty"`
+	// Peer address information, will only be recorded on the first
+	// incoming event. On client side, peer is logged on
+	// EVENT_TYPE_SERVER_HEADER normally or EVENT_TYPE_SERVER_TRAILER in
+	// the case of trailers-only. On server side, peer is always
+	// logged on EVENT_TYPE_CLIENT_HEADER.
+	Peer                 *Address `protobuf:"bytes,11,opt,name=peer,proto3" json:"peer,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GrpcLogEntry) Reset()         { *m = GrpcLogEntry{} }
+func (m *GrpcLogEntry) String() string { return proto.CompactTextString(m) }
+func (*GrpcLogEntry) ProtoMessage()    {}
+func (*GrpcLogEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{0}
+}
+func (m *GrpcLogEntry) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GrpcLogEntry.Unmarshal(m, b)
+}
+func (m *GrpcLogEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GrpcLogEntry.Marshal(b, m, deterministic)
+}
+func (dst *GrpcLogEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GrpcLogEntry.Merge(dst, src)
+}
+func (m *GrpcLogEntry) XXX_Size() int {
+	return xxx_messageInfo_GrpcLogEntry.Size(m)
+}
+func (m *GrpcLogEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_GrpcLogEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GrpcLogEntry proto.InternalMessageInfo
+
+func (m *GrpcLogEntry) GetTimestamp() *timestamp.Timestamp {
+	if m != nil {
+		return m.Timestamp
+	}
+	return nil
+}
+
+func (m *GrpcLogEntry) GetCallId() uint64 {
+	if m != nil {
+		return m.CallId
+	}
+	return 0
+}
+
+func (m *GrpcLogEntry) GetSequenceIdWithinCall() uint64 {
+	if m != nil {
+		return m.SequenceIdWithinCall
+	}
+	return 0
+}
+
+func (m *GrpcLogEntry) GetType() GrpcLogEntry_EventType {
+	if m != nil {
+		return m.Type
+	}
+	return GrpcLogEntry_EVENT_TYPE_UNKNOWN
+}
+
+func (m *GrpcLogEntry) GetLogger() GrpcLogEntry_Logger {
+	if m != nil {
+		return m.Logger
+	}
+	return GrpcLogEntry_LOGGER_UNKNOWN
+}
+
+type isGrpcLogEntry_Payload interface {
+	isGrpcLogEntry_Payload()
+}
+
+type GrpcLogEntry_ClientHeader struct {
+	ClientHeader *ClientHeader `protobuf:"bytes,6,opt,name=client_header,json=clientHeader,proto3,oneof"`
+}
+
+type GrpcLogEntry_ServerHeader struct {
+	ServerHeader *ServerHeader `protobuf:"bytes,7,opt,name=server_header,json=serverHeader,proto3,oneof"`
+}
+
+type GrpcLogEntry_Message struct {
+	Message *Message `protobuf:"bytes,8,opt,name=message,proto3,oneof"`
+}
+
+type GrpcLogEntry_Trailer struct {
+	Trailer *Trailer `protobuf:"bytes,9,opt,name=trailer,proto3,oneof"`
+}
+
+func (*GrpcLogEntry_ClientHeader) isGrpcLogEntry_Payload() {}
+
+func (*GrpcLogEntry_ServerHeader) isGrpcLogEntry_Payload() {}
+
+func (*GrpcLogEntry_Message) isGrpcLogEntry_Payload() {}
+
+func (*GrpcLogEntry_Trailer) isGrpcLogEntry_Payload() {}
+
+func (m *GrpcLogEntry) GetPayload() isGrpcLogEntry_Payload {
+	if m != nil {
+		return m.Payload
+	}
+	return nil
+}
+
+func (m *GrpcLogEntry) GetClientHeader() *ClientHeader {
+	if x, ok := m.GetPayload().(*GrpcLogEntry_ClientHeader); ok {
+		return x.ClientHeader
+	}
+	return nil
+}
+
+func (m *GrpcLogEntry) GetServerHeader() *ServerHeader {
+	if x, ok := m.GetPayload().(*GrpcLogEntry_ServerHeader); ok {
+		return x.ServerHeader
+	}
+	return nil
+}
+
+func (m *GrpcLogEntry) GetMessage() *Message {
+	if x, ok := m.GetPayload().(*GrpcLogEntry_Message); ok {
+		return x.Message
+	}
+	return nil
+}
+
+func (m *GrpcLogEntry) GetTrailer() *Trailer {
+	if x, ok := m.GetPayload().(*GrpcLogEntry_Trailer); ok {
+		return x.Trailer
+	}
+	return nil
+}
+
+func (m *GrpcLogEntry) GetPayloadTruncated() bool {
+	if m != nil {
+		return m.PayloadTruncated
+	}
+	return false
+}
+
+func (m *GrpcLogEntry) GetPeer() *Address {
+	if m != nil {
+		return m.Peer
+	}
+	return nil
+}
+
+// XXX_OneofFuncs is for the internal use of the proto package.
+func (*GrpcLogEntry) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
+	return _GrpcLogEntry_OneofMarshaler, _GrpcLogEntry_OneofUnmarshaler, _GrpcLogEntry_OneofSizer, []interface{}{
+		(*GrpcLogEntry_ClientHeader)(nil),
+		(*GrpcLogEntry_ServerHeader)(nil),
+		(*GrpcLogEntry_Message)(nil),
+		(*GrpcLogEntry_Trailer)(nil),
+	}
+}
+
+func _GrpcLogEntry_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
+	m := msg.(*GrpcLogEntry)
+	// payload
+	switch x := m.Payload.(type) {
+	case *GrpcLogEntry_ClientHeader:
+		b.EncodeVarint(6<<3 | proto.WireBytes)
+		if err := b.EncodeMessage(x.ClientHeader); err != nil {
+			return err
+		}
+	case *GrpcLogEntry_ServerHeader:
+		b.EncodeVarint(7<<3 | proto.WireBytes)
+		if err := b.EncodeMessage(x.ServerHeader); err != nil {
+			return err
+		}
+	case *GrpcLogEntry_Message:
+		b.EncodeVarint(8<<3 | proto.WireBytes)
+		if err := b.EncodeMessage(x.Message); err != nil {
+			return err
+		}
+	case *GrpcLogEntry_Trailer:
+		b.EncodeVarint(9<<3 | proto.WireBytes)
+		if err := b.EncodeMessage(x.Trailer); err != nil {
+			return err
+		}
+	case nil:
+	default:
+		return fmt.Errorf("GrpcLogEntry.Payload has unexpected type %T", x)
+	}
+	return nil
+}
+
+func _GrpcLogEntry_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
+	m := msg.(*GrpcLogEntry)
+	switch tag {
+	case 6: // payload.client_header
+		if wire != proto.WireBytes {
+			return true, proto.ErrInternalBadWireType
+		}
+		msg := new(ClientHeader)
+		err := b.DecodeMessage(msg)
+		m.Payload = &GrpcLogEntry_ClientHeader{msg}
+		return true, err
+	case 7: // payload.server_header
+		if wire != proto.WireBytes {
+			return true, proto.ErrInternalBadWireType
+		}
+		msg := new(ServerHeader)
+		err := b.DecodeMessage(msg)
+		m.Payload = &GrpcLogEntry_ServerHeader{msg}
+		return true, err
+	case 8: // payload.message
+		if wire != proto.WireBytes {
+			return true, proto.ErrInternalBadWireType
+		}
+		msg := new(Message)
+		err := b.DecodeMessage(msg)
+		m.Payload = &GrpcLogEntry_Message{msg}
+		return true, err
+	case 9: // payload.trailer
+		if wire != proto.WireBytes {
+			return true, proto.ErrInternalBadWireType
+		}
+		msg := new(Trailer)
+		err := b.DecodeMessage(msg)
+		m.Payload = &GrpcLogEntry_Trailer{msg}
+		return true, err
+	default:
+		return false, nil
+	}
+}
+
+func _GrpcLogEntry_OneofSizer(msg proto.Message) (n int) {
+	m := msg.(*GrpcLogEntry)
+	// payload
+	switch x := m.Payload.(type) {
+	case *GrpcLogEntry_ClientHeader:
+		s := proto.Size(x.ClientHeader)
+		n += 1 // tag and wire
+		n += proto.SizeVarint(uint64(s))
+		n += s
+	case *GrpcLogEntry_ServerHeader:
+		s := proto.Size(x.ServerHeader)
+		n += 1 // tag and wire
+		n += proto.SizeVarint(uint64(s))
+		n += s
+	case *GrpcLogEntry_Message:
+		s := proto.Size(x.Message)
+		n += 1 // tag and wire
+		n += proto.SizeVarint(uint64(s))
+		n += s
+	case *GrpcLogEntry_Trailer:
+		s := proto.Size(x.Trailer)
+		n += 1 // tag and wire
+		n += proto.SizeVarint(uint64(s))
+		n += s
+	case nil:
+	default:
+		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
+	}
+	return n
+}
+
+type ClientHeader struct {
+	// This contains only the metadata from the application.
+	Metadata *Metadata `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
+	// The name of the RPC method, which looks something like:
+	// /<service>/<method>
+	// Note the leading "/" character.
+	MethodName string `protobuf:"bytes,2,opt,name=method_name,json=methodName,proto3" json:"method_name,omitempty"`
+	// A single process may be used to run multiple virtual
+	// servers with different identities.
+	// The authority is the name of such a server identitiy.
+	// It is typically a portion of the URI in the form of
+	// <host> or <host>:<port> .
+	Authority string `protobuf:"bytes,3,opt,name=authority,proto3" json:"authority,omitempty"`
+	// the RPC timeout
+	Timeout              *duration.Duration `protobuf:"bytes,4,opt,name=timeout,proto3" json:"timeout,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
+	XXX_unrecognized     []byte             `json:"-"`
+	XXX_sizecache        int32              `json:"-"`
+}
+
+func (m *ClientHeader) Reset()         { *m = ClientHeader{} }
+func (m *ClientHeader) String() string { return proto.CompactTextString(m) }
+func (*ClientHeader) ProtoMessage()    {}
+func (*ClientHeader) Descriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{1}
+}
+func (m *ClientHeader) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ClientHeader.Unmarshal(m, b)
+}
+func (m *ClientHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ClientHeader.Marshal(b, m, deterministic)
+}
+func (dst *ClientHeader) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ClientHeader.Merge(dst, src)
+}
+func (m *ClientHeader) XXX_Size() int {
+	return xxx_messageInfo_ClientHeader.Size(m)
+}
+func (m *ClientHeader) XXX_DiscardUnknown() {
+	xxx_messageInfo_ClientHeader.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ClientHeader proto.InternalMessageInfo
+
+func (m *ClientHeader) GetMetadata() *Metadata {
+	if m != nil {
+		return m.Metadata
+	}
+	return nil
+}
+
+func (m *ClientHeader) GetMethodName() string {
+	if m != nil {
+		return m.MethodName
+	}
+	return ""
+}
+
+func (m *ClientHeader) GetAuthority() string {
+	if m != nil {
+		return m.Authority
+	}
+	return ""
+}
+
+func (m *ClientHeader) GetTimeout() *duration.Duration {
+	if m != nil {
+		return m.Timeout
+	}
+	return nil
+}
+
+type ServerHeader struct {
+	// This contains only the metadata from the application.
+	Metadata             *Metadata `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *ServerHeader) Reset()         { *m = ServerHeader{} }
+func (m *ServerHeader) String() string { return proto.CompactTextString(m) }
+func (*ServerHeader) ProtoMessage()    {}
+func (*ServerHeader) Descriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{2}
+}
+func (m *ServerHeader) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ServerHeader.Unmarshal(m, b)
+}
+func (m *ServerHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ServerHeader.Marshal(b, m, deterministic)
+}
+func (dst *ServerHeader) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServerHeader.Merge(dst, src)
+}
+func (m *ServerHeader) XXX_Size() int {
+	return xxx_messageInfo_ServerHeader.Size(m)
+}
+func (m *ServerHeader) XXX_DiscardUnknown() {
+	xxx_messageInfo_ServerHeader.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ServerHeader proto.InternalMessageInfo
+
+func (m *ServerHeader) GetMetadata() *Metadata {
+	if m != nil {
+		return m.Metadata
+	}
+	return nil
+}
+
+type Trailer struct {
+	// This contains only the metadata from the application.
+	Metadata *Metadata `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
+	// The gRPC status code.
+	StatusCode uint32 `protobuf:"varint,2,opt,name=status_code,json=statusCode,proto3" json:"status_code,omitempty"`
+	// An original status message before any transport specific
+	// encoding.
+	StatusMessage string `protobuf:"bytes,3,opt,name=status_message,json=statusMessage,proto3" json:"status_message,omitempty"`
+	// The value of the 'grpc-status-details-bin' metadata key. If
+	// present, this is always an encoded 'google.rpc.Status' message.
+	StatusDetails        []byte   `protobuf:"bytes,4,opt,name=status_details,json=statusDetails,proto3" json:"status_details,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Trailer) Reset()         { *m = Trailer{} }
+func (m *Trailer) String() string { return proto.CompactTextString(m) }
+func (*Trailer) ProtoMessage()    {}
+func (*Trailer) Descriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{3}
+}
+func (m *Trailer) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Trailer.Unmarshal(m, b)
+}
+func (m *Trailer) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Trailer.Marshal(b, m, deterministic)
+}
+func (dst *Trailer) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Trailer.Merge(dst, src)
+}
+func (m *Trailer) XXX_Size() int {
+	return xxx_messageInfo_Trailer.Size(m)
+}
+func (m *Trailer) XXX_DiscardUnknown() {
+	xxx_messageInfo_Trailer.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Trailer proto.InternalMessageInfo
+
+func (m *Trailer) GetMetadata() *Metadata {
+	if m != nil {
+		return m.Metadata
+	}
+	return nil
+}
+
+func (m *Trailer) GetStatusCode() uint32 {
+	if m != nil {
+		return m.StatusCode
+	}
+	return 0
+}
+
+func (m *Trailer) GetStatusMessage() string {
+	if m != nil {
+		return m.StatusMessage
+	}
+	return ""
+}
+
+func (m *Trailer) GetStatusDetails() []byte {
+	if m != nil {
+		return m.StatusDetails
+	}
+	return nil
+}
+
+// Message payload, used by CLIENT_MESSAGE and SERVER_MESSAGE
+type Message struct {
+	// Length of the message. It may not be the same as the length of the
+	// data field, as the logging payload can be truncated or omitted.
+	Length uint32 `protobuf:"varint,1,opt,name=length,proto3" json:"length,omitempty"`
+	// May be truncated or omitted.
+	Data                 []byte   `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Message) Reset()         { *m = Message{} }
+func (m *Message) String() string { return proto.CompactTextString(m) }
+func (*Message) ProtoMessage()    {}
+func (*Message) Descriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{4}
+}
+func (m *Message) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Message.Unmarshal(m, b)
+}
+func (m *Message) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Message.Marshal(b, m, deterministic)
+}
+func (dst *Message) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Message.Merge(dst, src)
+}
+func (m *Message) XXX_Size() int {
+	return xxx_messageInfo_Message.Size(m)
+}
+func (m *Message) XXX_DiscardUnknown() {
+	xxx_messageInfo_Message.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Message proto.InternalMessageInfo
+
+func (m *Message) GetLength() uint32 {
+	if m != nil {
+		return m.Length
+	}
+	return 0
+}
+
+func (m *Message) GetData() []byte {
+	if m != nil {
+		return m.Data
+	}
+	return nil
+}
+
+// A list of metadata pairs, used in the payload of client header,
+// server header, and server trailer.
+// Implementations may omit some entries to honor the header limits
+// of GRPC_BINARY_LOG_CONFIG.
+//
+// Header keys added by gRPC are omitted. To be more specific,
+// implementations will not log the following entries, and this is
+// not to be treated as a truncation:
+// - entries handled by grpc that are not user visible, such as those
+//   that begin with 'grpc-' (with exception of grpc-trace-bin)
+//   or keys like 'lb-token'
+// - transport specific entries, including but not limited to:
+//   ':path', ':authority', 'content-encoding', 'user-agent', 'te', etc
+// - entries added for call credentials
+//
+// Implementations must always log grpc-trace-bin if it is present.
+// Practically speaking it will only be visible on server side because
+// grpc-trace-bin is managed by low level client side mechanisms
+// inaccessible from the application level. On server side, the
+// header is just a normal metadata key.
+// The pair will not count towards the size limit.
+type Metadata struct {
+	Entry                []*MetadataEntry `protobuf:"bytes,1,rep,name=entry,proto3" json:"entry,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
+	XXX_unrecognized     []byte           `json:"-"`
+	XXX_sizecache        int32            `json:"-"`
+}
+
+func (m *Metadata) Reset()         { *m = Metadata{} }
+func (m *Metadata) String() string { return proto.CompactTextString(m) }
+func (*Metadata) ProtoMessage()    {}
+func (*Metadata) Descriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{5}
+}
+func (m *Metadata) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Metadata.Unmarshal(m, b)
+}
+func (m *Metadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Metadata.Marshal(b, m, deterministic)
+}
+func (dst *Metadata) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Metadata.Merge(dst, src)
+}
+func (m *Metadata) XXX_Size() int {
+	return xxx_messageInfo_Metadata.Size(m)
+}
+func (m *Metadata) XXX_DiscardUnknown() {
+	xxx_messageInfo_Metadata.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Metadata proto.InternalMessageInfo
+
+func (m *Metadata) GetEntry() []*MetadataEntry {
+	if m != nil {
+		return m.Entry
+	}
+	return nil
+}
+
+// A metadata key value pair
+type MetadataEntry struct {
+	Key                  string   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	Value                []byte   `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *MetadataEntry) Reset()         { *m = MetadataEntry{} }
+func (m *MetadataEntry) String() string { return proto.CompactTextString(m) }
+func (*MetadataEntry) ProtoMessage()    {}
+func (*MetadataEntry) Descriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{6}
+}
+func (m *MetadataEntry) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_MetadataEntry.Unmarshal(m, b)
+}
+func (m *MetadataEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_MetadataEntry.Marshal(b, m, deterministic)
+}
+func (dst *MetadataEntry) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MetadataEntry.Merge(dst, src)
+}
+func (m *MetadataEntry) XXX_Size() int {
+	return xxx_messageInfo_MetadataEntry.Size(m)
+}
+func (m *MetadataEntry) XXX_DiscardUnknown() {
+	xxx_messageInfo_MetadataEntry.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MetadataEntry proto.InternalMessageInfo
+
+func (m *MetadataEntry) GetKey() string {
+	if m != nil {
+		return m.Key
+	}
+	return ""
+}
+
+func (m *MetadataEntry) GetValue() []byte {
+	if m != nil {
+		return m.Value
+	}
+	return nil
+}
+
+// Address information
+type Address struct {
+	Type    Address_Type `protobuf:"varint,1,opt,name=type,proto3,enum=grpc.binarylog.v1.Address_Type" json:"type,omitempty"`
+	Address string       `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"`
+	// only for TYPE_IPV4 and TYPE_IPV6
+	IpPort               uint32   `protobuf:"varint,3,opt,name=ip_port,json=ipPort,proto3" json:"ip_port,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Address) Reset()         { *m = Address{} }
+func (m *Address) String() string { return proto.CompactTextString(m) }
+func (*Address) ProtoMessage()    {}
+func (*Address) Descriptor() ([]byte, []int) {
+	return fileDescriptor_binarylog_264c8c9c551ce911, []int{7}
+}
+func (m *Address) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Address.Unmarshal(m, b)
+}
+func (m *Address) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Address.Marshal(b, m, deterministic)
+}
+func (dst *Address) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Address.Merge(dst, src)
+}
+func (m *Address) XXX_Size() int {
+	return xxx_messageInfo_Address.Size(m)
+}
+func (m *Address) XXX_DiscardUnknown() {
+	xxx_messageInfo_Address.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Address proto.InternalMessageInfo
+
+func (m *Address) GetType() Address_Type {
+	if m != nil {
+		return m.Type
+	}
+	return Address_TYPE_UNKNOWN
+}
+
+func (m *Address) GetAddress() string {
+	if m != nil {
+		return m.Address
+	}
+	return ""
+}
+
+func (m *Address) GetIpPort() uint32 {
+	if m != nil {
+		return m.IpPort
+	}
+	return 0
+}
+
+func init() {
+	proto.RegisterType((*GrpcLogEntry)(nil), "grpc.binarylog.v1.GrpcLogEntry")
+	proto.RegisterType((*ClientHeader)(nil), "grpc.binarylog.v1.ClientHeader")
+	proto.RegisterType((*ServerHeader)(nil), "grpc.binarylog.v1.ServerHeader")
+	proto.RegisterType((*Trailer)(nil), "grpc.binarylog.v1.Trailer")
+	proto.RegisterType((*Message)(nil), "grpc.binarylog.v1.Message")
+	proto.RegisterType((*Metadata)(nil), "grpc.binarylog.v1.Metadata")
+	proto.RegisterType((*MetadataEntry)(nil), "grpc.binarylog.v1.MetadataEntry")
+	proto.RegisterType((*Address)(nil), "grpc.binarylog.v1.Address")
+	proto.RegisterEnum("grpc.binarylog.v1.GrpcLogEntry_EventType", GrpcLogEntry_EventType_name, GrpcLogEntry_EventType_value)
+	proto.RegisterEnum("grpc.binarylog.v1.GrpcLogEntry_Logger", GrpcLogEntry_Logger_name, GrpcLogEntry_Logger_value)
+	proto.RegisterEnum("grpc.binarylog.v1.Address_Type", Address_Type_name, Address_Type_value)
+}
+
+func init() {
+	proto.RegisterFile("grpc/binarylog/grpc_binarylog_v1/binarylog.proto", fileDescriptor_binarylog_264c8c9c551ce911)
+}
+
+var fileDescriptor_binarylog_264c8c9c551ce911 = []byte{
+	// 900 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x51, 0x6f, 0xe3, 0x44,
+	0x10, 0x3e, 0x37, 0x69, 0xdc, 0x4c, 0x92, 0xca, 0x5d, 0x95, 0x3b, 0x5f, 0x29, 0x34, 0xb2, 0x04,
+	0x0a, 0x42, 0x72, 0xb9, 0x94, 0xeb, 0xf1, 0x02, 0x52, 0x92, 0xfa, 0xd2, 0x88, 0x5c, 0x1a, 0x6d,
+	0x72, 0x3d, 0x40, 0x48, 0xd6, 0x36, 0x5e, 0x1c, 0x0b, 0xc7, 0x6b, 0xd6, 0x9b, 0xa0, 0xfc, 0x2c,
+	0xde, 0x90, 0xee, 0x77, 0xf1, 0x8e, 0xbc, 0x6b, 0x27, 0xa6, 0x69, 0x0f, 0x09, 0xde, 0x3c, 0xdf,
+	0x7c, 0xf3, 0xcd, 0xee, 0x78, 0x66, 0x16, 0xbe, 0xf2, 0x79, 0x3c, 0x3b, 0xbf, 0x0b, 0x22, 0xc2,
+	0xd7, 0x21, 0xf3, 0xcf, 0x53, 0xd3, 0xdd, 0x98, 0xee, 0xea, 0xc5, 0xd6, 0x67, 0xc7, 0x9c, 0x09,
+	0x86, 0x8e, 0x52, 0x8a, 0xbd, 0x45, 0x57, 0x2f, 0x4e, 0x3e, 0xf5, 0x19, 0xf3, 0x43, 0x7a, 0x2e,
+	0x09, 0x77, 0xcb, 0x5f, 0xce, 0xbd, 0x25, 0x27, 0x22, 0x60, 0x91, 0x0a, 0x39, 0x39, 0xbb, 0xef,
+	0x17, 0xc1, 0x82, 0x26, 0x82, 0x2c, 0x62, 0x45, 0xb0, 0xde, 0xeb, 0x50, 0xef, 0xf3, 0x78, 0x36,
+	0x64, 0xbe, 0x13, 0x09, 0xbe, 0x46, 0xdf, 0x40, 0x75, 0xc3, 0x31, 0xb5, 0xa6, 0xd6, 0xaa, 0xb5,
+	0x4f, 0x6c, 0xa5, 0x62, 0xe7, 0x2a, 0xf6, 0x34, 0x67, 0xe0, 0x2d, 0x19, 0x3d, 0x03, 0x7d, 0x46,
+	0xc2, 0xd0, 0x0d, 0x3c, 0x73, 0xaf, 0xa9, 0xb5, 0xca, 0xb8, 0x92, 0x9a, 0x03, 0x0f, 0xbd, 0x84,
+	0x67, 0x09, 0xfd, 0x6d, 0x49, 0xa3, 0x19, 0x75, 0x03, 0xcf, 0xfd, 0x3d, 0x10, 0xf3, 0x20, 0x72,
+	0x53, 0xa7, 0x59, 0x92, 0xc4, 0xe3, 0xdc, 0x3d, 0xf0, 0xde, 0x49, 0x67, 0x8f, 0x84, 0x21, 0xfa,
+	0x16, 0xca, 0x62, 0x1d, 0x53, 0xb3, 0xdc, 0xd4, 0x5a, 0x87, 0xed, 0x2f, 0xec, 0x9d, 0xdb, 0xdb,
+	0xc5, 0x83, 0xdb, 0xce, 0x8a, 0x46, 0x62, 0xba, 0x8e, 0x29, 0x96, 0x61, 0xe8, 0x3b, 0xa8, 0x84,
+	0xcc, 0xf7, 0x29, 0x37, 0xf7, 0xa5, 0xc0, 0xe7, 0xff, 0x26, 0x30, 0x94, 0x6c, 0x9c, 0x45, 0xa1,
+	0xd7, 0xd0, 0x98, 0x85, 0x01, 0x8d, 0x84, 0x3b, 0xa7, 0xc4, 0xa3, 0xdc, 0xac, 0xc8, 0x62, 0x9c,
+	0x3d, 0x20, 0xd3, 0x93, 0xbc, 0x6b, 0x49, 0xbb, 0x7e, 0x82, 0xeb, 0xb3, 0x82, 0x9d, 0xea, 0x24,
+	0x94, 0xaf, 0x28, 0xcf, 0x75, 0xf4, 0x47, 0x75, 0x26, 0x92, 0xb7, 0xd5, 0x49, 0x0a, 0x36, 0xba,
+	0x04, 0x7d, 0x41, 0x93, 0x84, 0xf8, 0xd4, 0x3c, 0xc8, 0x7f, 0xcb, 0x8e, 0xc2, 0x1b, 0xc5, 0xb8,
+	0x7e, 0x82, 0x73, 0x72, 0x1a, 0x27, 0x38, 0x09, 0x42, 0xca, 0xcd, 0xea, 0xa3, 0x71, 0x53, 0xc5,
+	0x48, 0xe3, 0x32, 0x32, 0xfa, 0x12, 0x8e, 0x62, 0xb2, 0x0e, 0x19, 0xf1, 0x5c, 0xc1, 0x97, 0xd1,
+	0x8c, 0x08, 0xea, 0x99, 0xd0, 0xd4, 0x5a, 0x07, 0xd8, 0xc8, 0x1c, 0xd3, 0x1c, 0x47, 0x36, 0x94,
+	0x63, 0x4a, 0xb9, 0x59, 0x7b, 0x34, 0x43, 0xc7, 0xf3, 0x38, 0x4d, 0x12, 0x2c, 0x79, 0xd6, 0x5f,
+	0x1a, 0x54, 0x37, 0x3f, 0x0c, 0x3d, 0x05, 0xe4, 0xdc, 0x3a, 0xa3, 0xa9, 0x3b, 0xfd, 0x71, 0xec,
+	0xb8, 0x6f, 0x47, 0xdf, 0x8f, 0x6e, 0xde, 0x8d, 0x8c, 0x27, 0xe8, 0x14, 0xcc, 0x02, 0xde, 0x1b,
+	0x0e, 0xd2, 0xef, 0x6b, 0xa7, 0x73, 0xe5, 0x60, 0x43, 0xbb, 0xe7, 0x9d, 0x38, 0xf8, 0xd6, 0xc1,
+	0xb9, 0x77, 0x0f, 0x7d, 0x02, 0xcf, 0x77, 0x63, 0xdf, 0x38, 0x93, 0x49, 0xa7, 0xef, 0x18, 0xa5,
+	0x7b, 0xee, 0x2c, 0x38, 0x77, 0x97, 0x51, 0x13, 0x4e, 0x1f, 0xc8, 0xdc, 0x19, 0xbe, 0x76, 0x7b,
+	0xc3, 0x9b, 0x89, 0x63, 0xec, 0x3f, 0x2c, 0x30, 0xc5, 0x9d, 0xc1, 0xd0, 0xc1, 0x46, 0x05, 0x7d,
+	0x04, 0x47, 0x45, 0x81, 0xce, 0xa8, 0xe7, 0x0c, 0x0d, 0xdd, 0xea, 0x42, 0x45, 0xb5, 0x19, 0x42,
+	0x70, 0x38, 0xbc, 0xe9, 0xf7, 0x1d, 0x5c, 0xb8, 0xef, 0x11, 0x34, 0x32, 0x4c, 0x65, 0x34, 0xb4,
+	0x02, 0xa4, 0x52, 0x18, 0x7b, 0xdd, 0x2a, 0xe8, 0x59, 0xfd, 0xad, 0xf7, 0x1a, 0xd4, 0x8b, 0xcd,
+	0x87, 0x5e, 0xc1, 0xc1, 0x82, 0x0a, 0xe2, 0x11, 0x41, 0xb2, 0xe1, 0xfd, 0xf8, 0xc1, 0x2e, 0x51,
+	0x14, 0xbc, 0x21, 0xa3, 0x33, 0xa8, 0x2d, 0xa8, 0x98, 0x33, 0xcf, 0x8d, 0xc8, 0x82, 0xca, 0x01,
+	0xae, 0x62, 0x50, 0xd0, 0x88, 0x2c, 0x28, 0x3a, 0x85, 0x2a, 0x59, 0x8a, 0x39, 0xe3, 0x81, 0x58,
+	0xcb, 0xb1, 0xad, 0xe2, 0x2d, 0x80, 0x2e, 0x40, 0x4f, 0x17, 0x01, 0x5b, 0x0a, 0x39, 0xae, 0xb5,
+	0xf6, 0xf3, 0x9d, 0x9d, 0x71, 0x95, 0x6d, 0x26, 0x9c, 0x33, 0xad, 0x3e, 0xd4, 0x8b, 0x1d, 0xff,
+	0x9f, 0x0f, 0x6f, 0xfd, 0xa1, 0x81, 0x9e, 0x75, 0xf0, 0xff, 0xaa, 0x40, 0x22, 0x88, 0x58, 0x26,
+	0xee, 0x8c, 0x79, 0xaa, 0x02, 0x0d, 0x0c, 0x0a, 0xea, 0x31, 0x8f, 0xa2, 0xcf, 0xe0, 0x30, 0x23,
+	0xe4, 0x73, 0xa8, 0xca, 0xd0, 0x50, 0x68, 0x36, 0x7a, 0x05, 0x9a, 0x47, 0x05, 0x09, 0xc2, 0x44,
+	0x56, 0xa4, 0x9e, 0xd3, 0xae, 0x14, 0x68, 0xbd, 0x04, 0x3d, 0x8f, 0x78, 0x0a, 0x95, 0x90, 0x46,
+	0xbe, 0x98, 0xcb, 0x03, 0x37, 0x70, 0x66, 0x21, 0x04, 0x65, 0x79, 0x8d, 0x3d, 0x19, 0x2f, 0xbf,
+	0xad, 0x2e, 0x1c, 0xe4, 0x67, 0x47, 0x97, 0xb0, 0x4f, 0xd3, 0xcd, 0x65, 0x6a, 0xcd, 0x52, 0xab,
+	0xd6, 0x6e, 0x7e, 0xe0, 0x9e, 0x72, 0xc3, 0x61, 0x45, 0xb7, 0x5e, 0x41, 0xe3, 0x1f, 0x38, 0x32,
+	0xa0, 0xf4, 0x2b, 0x5d, 0xcb, 0xec, 0x55, 0x9c, 0x7e, 0xa2, 0x63, 0xd8, 0x5f, 0x91, 0x70, 0x49,
+	0xb3, 0xdc, 0xca, 0xb0, 0xfe, 0xd4, 0x40, 0xcf, 0xe6, 0x18, 0x5d, 0x64, 0xdb, 0x59, 0x93, 0xcb,
+	0xf5, 0xec, 0xf1, 0x89, 0xb7, 0x0b, 0x3b, 0xd9, 0x04, 0x9d, 0x28, 0x34, 0xeb, 0xb0, 0xdc, 0x4c,
+	0x1f, 0x8f, 0x20, 0x76, 0x63, 0xc6, 0x85, 0xac, 0x6a, 0x03, 0x57, 0x82, 0x78, 0xcc, 0xb8, 0xb0,
+	0x1c, 0x28, 0xcb, 0x1d, 0x61, 0x40, 0xfd, 0xde, 0x76, 0x68, 0x40, 0x55, 0x22, 0x83, 0xf1, 0xed,
+	0xd7, 0x86, 0x56, 0x34, 0x2f, 0x8d, 0xbd, 0x8d, 0xf9, 0x76, 0x34, 0xf8, 0xc1, 0x28, 0x75, 0x7f,
+	0x86, 0xe3, 0x80, 0xed, 0x1e, 0xb2, 0x7b, 0xd8, 0x95, 0xd6, 0x90, 0xf9, 0xe3, 0xb4, 0x51, 0xc7,
+	0xda, 0x4f, 0xed, 0xac, 0x71, 0x7d, 0x16, 0x92, 0xc8, 0xb7, 0x19, 0x57, 0x4f, 0xf3, 0x87, 0x5e,
+	0xea, 0xbb, 0x8a, 0xec, 0xf2, 0x8b, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xe7, 0xf6, 0x4b, 0x50,
+	0xd4, 0x07, 0x00, 0x00,
+}
diff --git a/vendor/google.golang.org/grpc/call.go b/vendor/google.golang.org/grpc/call.go
index f73b7d5528f54..9e20e4d385f9d 100644
--- a/vendor/google.golang.org/grpc/call.go
+++ b/vendor/google.golang.org/grpc/call.go
@@ -19,7 +19,7 @@
 package grpc
 
 import (
-	"golang.org/x/net/context"
+	"context"
 )
 
 // Invoke sends the RPC request on the wire and returns after response is
@@ -40,7 +40,7 @@ func (cc *ClientConn) Invoke(ctx context.Context, method string, args, reply int
 func combine(o1 []CallOption, o2 []CallOption) []CallOption {
 	// we don't use append because o1 could have extra capacity whose
 	// elements would be overwritten, which could cause inadvertent
-	// sharing (and race connditions) between concurrent calls
+	// sharing (and race conditions) between concurrent calls
 	if len(o1) == 0 {
 		return o2
 	} else if len(o2) == 0 {
@@ -63,31 +63,12 @@ func Invoke(ctx context.Context, method string, args, reply interface{}, cc *Cli
 var unaryStreamDesc = &StreamDesc{ServerStreams: false, ClientStreams: false}
 
 func invoke(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error {
-	// TODO: implement retries in clientStream and make this simply
-	// newClientStream, SendMsg, RecvMsg.
-	firstAttempt := true
-	for {
-		csInt, err := newClientStream(ctx, unaryStreamDesc, cc, method, opts...)
-		if err != nil {
-			return err
-		}
-		cs := csInt.(*clientStream)
-		if err := cs.SendMsg(req); err != nil {
-			if !cs.c.failFast && cs.attempt.s.Unprocessed() && firstAttempt {
-				// TODO: Add a field to header for grpc-transparent-retry-attempts
-				firstAttempt = false
-				continue
-			}
-			return err
-		}
-		if err := cs.RecvMsg(reply); err != nil {
-			if !cs.c.failFast && cs.attempt.s.Unprocessed() && firstAttempt {
-				// TODO: Add a field to header for grpc-transparent-retry-attempts
-				firstAttempt = false
-				continue
-			}
-			return err
-		}
-		return nil
+	cs, err := newClientStream(ctx, unaryStreamDesc, cc, method, opts...)
+	if err != nil {
+		return err
 	}
+	if err := cs.SendMsg(req); err != nil {
+		return err
+	}
+	return cs.RecvMsg(reply)
 }
diff --git a/vendor/google.golang.org/grpc/channelz/funcs.go b/vendor/google.golang.org/grpc/channelz/funcs.go
deleted file mode 100644
index 586a0336b473e..0000000000000
--- a/vendor/google.golang.org/grpc/channelz/funcs.go
+++ /dev/null
@@ -1,573 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-// Package channelz defines APIs for enabling channelz service, entry
-// registration/deletion, and accessing channelz data. It also defines channelz
-// metric struct formats.
-//
-// All APIs in this package are experimental.
-package channelz
-
-import (
-	"sort"
-	"sync"
-	"sync/atomic"
-
-	"google.golang.org/grpc/grpclog"
-)
-
-var (
-	db    dbWrapper
-	idGen idGenerator
-	// EntryPerPage defines the number of channelz entries to be shown on a web page.
-	EntryPerPage = 50
-	curState     int32
-)
-
-// TurnOn turns on channelz data collection.
-func TurnOn() {
-	if !IsOn() {
-		NewChannelzStorage()
-		atomic.StoreInt32(&curState, 1)
-	}
-}
-
-// IsOn returns whether channelz data collection is on.
-func IsOn() bool {
-	return atomic.CompareAndSwapInt32(&curState, 1, 1)
-}
-
-// dbWarpper wraps around a reference to internal channelz data storage, and
-// provide synchronized functionality to set and get the reference.
-type dbWrapper struct {
-	mu sync.RWMutex
-	DB *channelMap
-}
-
-func (d *dbWrapper) set(db *channelMap) {
-	d.mu.Lock()
-	d.DB = db
-	d.mu.Unlock()
-}
-
-func (d *dbWrapper) get() *channelMap {
-	d.mu.RLock()
-	defer d.mu.RUnlock()
-	return d.DB
-}
-
-// NewChannelzStorage initializes channelz data storage and id generator.
-//
-// Note: This function is exported for testing purpose only. User should not call
-// it in most cases.
-func NewChannelzStorage() {
-	db.set(&channelMap{
-		topLevelChannels: make(map[int64]struct{}),
-		channels:         make(map[int64]*channel),
-		listenSockets:    make(map[int64]*listenSocket),
-		normalSockets:    make(map[int64]*normalSocket),
-		servers:          make(map[int64]*server),
-		subChannels:      make(map[int64]*subChannel),
-	})
-	idGen.reset()
-}
-
-// GetTopChannels returns a slice of top channel's ChannelMetric, along with a
-// boolean indicating whether there's more top channels to be queried for.
-//
-// The arg id specifies that only top channel with id at or above it will be included
-// in the result. The returned slice is up to a length of EntryPerPage, and is
-// sorted in ascending id order.
-func GetTopChannels(id int64) ([]*ChannelMetric, bool) {
-	return db.get().GetTopChannels(id)
-}
-
-// GetServers returns a slice of server's ServerMetric, along with a
-// boolean indicating whether there's more servers to be queried for.
-//
-// The arg id specifies that only server with id at or above it will be included
-// in the result. The returned slice is up to a length of EntryPerPage, and is
-// sorted in ascending id order.
-func GetServers(id int64) ([]*ServerMetric, bool) {
-	return db.get().GetServers(id)
-}
-
-// GetServerSockets returns a slice of server's (identified by id) normal socket's
-// SocketMetric, along with a boolean indicating whether there's more sockets to
-// be queried for.
-//
-// The arg startID specifies that only sockets with id at or above it will be
-// included in the result. The returned slice is up to a length of EntryPerPage,
-// and is sorted in ascending id order.
-func GetServerSockets(id int64, startID int64) ([]*SocketMetric, bool) {
-	return db.get().GetServerSockets(id, startID)
-}
-
-// GetChannel returns the ChannelMetric for the channel (identified by id).
-func GetChannel(id int64) *ChannelMetric {
-	return db.get().GetChannel(id)
-}
-
-// GetSubChannel returns the SubChannelMetric for the subchannel (identified by id).
-func GetSubChannel(id int64) *SubChannelMetric {
-	return db.get().GetSubChannel(id)
-}
-
-// GetSocket returns the SocketInternalMetric for the socket (identified by id).
-func GetSocket(id int64) *SocketMetric {
-	return db.get().GetSocket(id)
-}
-
-// RegisterChannel registers the given channel c in channelz database with ref
-// as its reference name, and add it to the child list of its parent (identified
-// by pid). pid = 0 means no parent. It returns the unique channelz tracking id
-// assigned to this channel.
-func RegisterChannel(c Channel, pid int64, ref string) int64 {
-	id := idGen.genID()
-	cn := &channel{
-		refName:     ref,
-		c:           c,
-		subChans:    make(map[int64]string),
-		nestedChans: make(map[int64]string),
-		id:          id,
-		pid:         pid,
-	}
-	if pid == 0 {
-		db.get().addChannel(id, cn, true, pid, ref)
-	} else {
-		db.get().addChannel(id, cn, false, pid, ref)
-	}
-	return id
-}
-
-// RegisterSubChannel registers the given channel c in channelz database with ref
-// as its reference name, and add it to the child list of its parent (identified
-// by pid). It returns the unique channelz tracking id assigned to this subchannel.
-func RegisterSubChannel(c Channel, pid int64, ref string) int64 {
-	if pid == 0 {
-		grpclog.Error("a SubChannel's parent id cannot be 0")
-		return 0
-	}
-	id := idGen.genID()
-	sc := &subChannel{
-		refName: ref,
-		c:       c,
-		sockets: make(map[int64]string),
-		id:      id,
-		pid:     pid,
-	}
-	db.get().addSubChannel(id, sc, pid, ref)
-	return id
-}
-
-// RegisterServer registers the given server s in channelz database. It returns
-// the unique channelz tracking id assigned to this server.
-func RegisterServer(s Server, ref string) int64 {
-	id := idGen.genID()
-	svr := &server{
-		refName:       ref,
-		s:             s,
-		sockets:       make(map[int64]string),
-		listenSockets: make(map[int64]string),
-		id:            id,
-	}
-	db.get().addServer(id, svr)
-	return id
-}
-
-// RegisterListenSocket registers the given listen socket s in channelz database
-// with ref as its reference name, and add it to the child list of its parent
-// (identified by pid). It returns the unique channelz tracking id assigned to
-// this listen socket.
-func RegisterListenSocket(s Socket, pid int64, ref string) int64 {
-	if pid == 0 {
-		grpclog.Error("a ListenSocket's parent id cannot be 0")
-		return 0
-	}
-	id := idGen.genID()
-	ls := &listenSocket{refName: ref, s: s, id: id, pid: pid}
-	db.get().addListenSocket(id, ls, pid, ref)
-	return id
-}
-
-// RegisterNormalSocket registers the given normal socket s in channelz database
-// with ref as its reference name, and add it to the child list of its parent
-// (identified by pid). It returns the unique channelz tracking id assigned to
-// this normal socket.
-func RegisterNormalSocket(s Socket, pid int64, ref string) int64 {
-	if pid == 0 {
-		grpclog.Error("a NormalSocket's parent id cannot be 0")
-		return 0
-	}
-	id := idGen.genID()
-	ns := &normalSocket{refName: ref, s: s, id: id, pid: pid}
-	db.get().addNormalSocket(id, ns, pid, ref)
-	return id
-}
-
-// RemoveEntry removes an entry with unique channelz trakcing id to be id from
-// channelz database.
-func RemoveEntry(id int64) {
-	db.get().removeEntry(id)
-}
-
-// channelMap is the storage data structure for channelz.
-// Methods of channelMap can be divided in two two categories with respect to locking.
-// 1. Methods acquire the global lock.
-// 2. Methods that can only be called when global lock is held.
-// A second type of method need always to be called inside a first type of method.
-type channelMap struct {
-	mu               sync.RWMutex
-	topLevelChannels map[int64]struct{}
-	servers          map[int64]*server
-	channels         map[int64]*channel
-	subChannels      map[int64]*subChannel
-	listenSockets    map[int64]*listenSocket
-	normalSockets    map[int64]*normalSocket
-}
-
-func (c *channelMap) addServer(id int64, s *server) {
-	c.mu.Lock()
-	s.cm = c
-	c.servers[id] = s
-	c.mu.Unlock()
-}
-
-func (c *channelMap) addChannel(id int64, cn *channel, isTopChannel bool, pid int64, ref string) {
-	c.mu.Lock()
-	cn.cm = c
-	c.channels[id] = cn
-	if isTopChannel {
-		c.topLevelChannels[id] = struct{}{}
-	} else {
-		c.findEntry(pid).addChild(id, cn)
-	}
-	c.mu.Unlock()
-}
-
-func (c *channelMap) addSubChannel(id int64, sc *subChannel, pid int64, ref string) {
-	c.mu.Lock()
-	sc.cm = c
-	c.subChannels[id] = sc
-	c.findEntry(pid).addChild(id, sc)
-	c.mu.Unlock()
-}
-
-func (c *channelMap) addListenSocket(id int64, ls *listenSocket, pid int64, ref string) {
-	c.mu.Lock()
-	ls.cm = c
-	c.listenSockets[id] = ls
-	c.findEntry(pid).addChild(id, ls)
-	c.mu.Unlock()
-}
-
-func (c *channelMap) addNormalSocket(id int64, ns *normalSocket, pid int64, ref string) {
-	c.mu.Lock()
-	ns.cm = c
-	c.normalSockets[id] = ns
-	c.findEntry(pid).addChild(id, ns)
-	c.mu.Unlock()
-}
-
-// removeEntry triggers the removal of an entry, which may not indeed delete the
-// entry, if it has to wait on the deletion of its children, or may lead to a chain
-// of entry deletion. For example, deleting the last socket of a gracefully shutting
-// down server will lead to the server being also deleted.
-func (c *channelMap) removeEntry(id int64) {
-	c.mu.Lock()
-	c.findEntry(id).triggerDelete()
-	c.mu.Unlock()
-}
-
-// c.mu must be held by the caller.
-func (c *channelMap) findEntry(id int64) entry {
-	var v entry
-	var ok bool
-	if v, ok = c.channels[id]; ok {
-		return v
-	}
-	if v, ok = c.subChannels[id]; ok {
-		return v
-	}
-	if v, ok = c.servers[id]; ok {
-		return v
-	}
-	if v, ok = c.listenSockets[id]; ok {
-		return v
-	}
-	if v, ok = c.normalSockets[id]; ok {
-		return v
-	}
-	return &dummyEntry{idNotFound: id}
-}
-
-// c.mu must be held by the caller
-// deleteEntry simply deletes an entry from the channelMap. Before calling this
-// method, caller must check this entry is ready to be deleted, i.e removeEntry()
-// has been called on it, and no children still exist.
-// Conditionals are ordered by the expected frequency of deletion of each entity
-// type, in order to optimize performance.
-func (c *channelMap) deleteEntry(id int64) {
-	var ok bool
-	if _, ok = c.normalSockets[id]; ok {
-		delete(c.normalSockets, id)
-		return
-	}
-	if _, ok = c.subChannels[id]; ok {
-		delete(c.subChannels, id)
-		return
-	}
-	if _, ok = c.channels[id]; ok {
-		delete(c.channels, id)
-		delete(c.topLevelChannels, id)
-		return
-	}
-	if _, ok = c.listenSockets[id]; ok {
-		delete(c.listenSockets, id)
-		return
-	}
-	if _, ok = c.servers[id]; ok {
-		delete(c.servers, id)
-		return
-	}
-}
-
-type int64Slice []int64
-
-func (s int64Slice) Len() int           { return len(s) }
-func (s int64Slice) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
-func (s int64Slice) Less(i, j int) bool { return s[i] < s[j] }
-
-func copyMap(m map[int64]string) map[int64]string {
-	n := make(map[int64]string)
-	for k, v := range m {
-		n[k] = v
-	}
-	return n
-}
-
-func min(a, b int) int {
-	if a < b {
-		return a
-	}
-	return b
-}
-
-func (c *channelMap) GetTopChannels(id int64) ([]*ChannelMetric, bool) {
-	c.mu.RLock()
-	l := len(c.topLevelChannels)
-	ids := make([]int64, 0, l)
-	cns := make([]*channel, 0, min(l, EntryPerPage))
-
-	for k := range c.topLevelChannels {
-		ids = append(ids, k)
-	}
-	sort.Sort(int64Slice(ids))
-	idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id })
-	count := 0
-	var end bool
-	var t []*ChannelMetric
-	for i, v := range ids[idx:] {
-		if count == EntryPerPage {
-			break
-		}
-		if cn, ok := c.channels[v]; ok {
-			cns = append(cns, cn)
-			t = append(t, &ChannelMetric{
-				NestedChans: copyMap(cn.nestedChans),
-				SubChans:    copyMap(cn.subChans),
-			})
-			count++
-		}
-		if i == len(ids[idx:])-1 {
-			end = true
-			break
-		}
-	}
-	c.mu.RUnlock()
-	if count == 0 {
-		end = true
-	}
-
-	for i, cn := range cns {
-		t[i].ChannelData = cn.c.ChannelzMetric()
-		t[i].ID = cn.id
-		t[i].RefName = cn.refName
-	}
-	return t, end
-}
-
-func (c *channelMap) GetServers(id int64) ([]*ServerMetric, bool) {
-	c.mu.RLock()
-	l := len(c.servers)
-	ids := make([]int64, 0, l)
-	ss := make([]*server, 0, min(l, EntryPerPage))
-	for k := range c.servers {
-		ids = append(ids, k)
-	}
-	sort.Sort(int64Slice(ids))
-	idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id })
-	count := 0
-	var end bool
-	var s []*ServerMetric
-	for i, v := range ids[idx:] {
-		if count == EntryPerPage {
-			break
-		}
-		if svr, ok := c.servers[v]; ok {
-			ss = append(ss, svr)
-			s = append(s, &ServerMetric{
-				ListenSockets: copyMap(svr.listenSockets),
-			})
-			count++
-		}
-		if i == len(ids[idx:])-1 {
-			end = true
-			break
-		}
-	}
-	c.mu.RUnlock()
-	if count == 0 {
-		end = true
-	}
-
-	for i, svr := range ss {
-		s[i].ServerData = svr.s.ChannelzMetric()
-		s[i].ID = svr.id
-		s[i].RefName = svr.refName
-	}
-	return s, end
-}
-
-func (c *channelMap) GetServerSockets(id int64, startID int64) ([]*SocketMetric, bool) {
-	var svr *server
-	var ok bool
-	c.mu.RLock()
-	if svr, ok = c.servers[id]; !ok {
-		// server with id doesn't exist.
-		c.mu.RUnlock()
-		return nil, true
-	}
-	svrskts := svr.sockets
-	l := len(svrskts)
-	ids := make([]int64, 0, l)
-	sks := make([]*normalSocket, 0, min(l, EntryPerPage))
-	for k := range svrskts {
-		ids = append(ids, k)
-	}
-	sort.Sort((int64Slice(ids)))
-	idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id })
-	count := 0
-	var end bool
-	for i, v := range ids[idx:] {
-		if count == EntryPerPage {
-			break
-		}
-		if ns, ok := c.normalSockets[v]; ok {
-			sks = append(sks, ns)
-			count++
-		}
-		if i == len(ids[idx:])-1 {
-			end = true
-			break
-		}
-	}
-	c.mu.RUnlock()
-	if count == 0 {
-		end = true
-	}
-	var s []*SocketMetric
-	for _, ns := range sks {
-		sm := &SocketMetric{}
-		sm.SocketData = ns.s.ChannelzMetric()
-		sm.ID = ns.id
-		sm.RefName = ns.refName
-		s = append(s, sm)
-	}
-	return s, end
-}
-
-func (c *channelMap) GetChannel(id int64) *ChannelMetric {
-	cm := &ChannelMetric{}
-	var cn *channel
-	var ok bool
-	c.mu.RLock()
-	if cn, ok = c.channels[id]; !ok {
-		// channel with id doesn't exist.
-		c.mu.RUnlock()
-		return nil
-	}
-	cm.NestedChans = copyMap(cn.nestedChans)
-	cm.SubChans = copyMap(cn.subChans)
-	c.mu.RUnlock()
-	cm.ChannelData = cn.c.ChannelzMetric()
-	cm.ID = cn.id
-	cm.RefName = cn.refName
-	return cm
-}
-
-func (c *channelMap) GetSubChannel(id int64) *SubChannelMetric {
-	cm := &SubChannelMetric{}
-	var sc *subChannel
-	var ok bool
-	c.mu.RLock()
-	if sc, ok = c.subChannels[id]; !ok {
-		// subchannel with id doesn't exist.
-		c.mu.RUnlock()
-		return nil
-	}
-	cm.Sockets = copyMap(sc.sockets)
-	c.mu.RUnlock()
-	cm.ChannelData = sc.c.ChannelzMetric()
-	cm.ID = sc.id
-	cm.RefName = sc.refName
-	return cm
-}
-
-func (c *channelMap) GetSocket(id int64) *SocketMetric {
-	sm := &SocketMetric{}
-	c.mu.RLock()
-	if ls, ok := c.listenSockets[id]; ok {
-		c.mu.RUnlock()
-		sm.SocketData = ls.s.ChannelzMetric()
-		sm.ID = ls.id
-		sm.RefName = ls.refName
-		return sm
-	}
-	if ns, ok := c.normalSockets[id]; ok {
-		c.mu.RUnlock()
-		sm.SocketData = ns.s.ChannelzMetric()
-		sm.ID = ns.id
-		sm.RefName = ns.refName
-		return sm
-	}
-	c.mu.RUnlock()
-	return nil
-}
-
-type idGenerator struct {
-	id int64
-}
-
-func (i *idGenerator) reset() {
-	atomic.StoreInt64(&i.id, 0)
-}
-
-func (i *idGenerator) genID() int64 {
-	return atomic.AddInt64(&i.id, 1)
-}
diff --git a/vendor/google.golang.org/grpc/channelz/types.go b/vendor/google.golang.org/grpc/channelz/types.go
deleted file mode 100644
index 153d75340e419..0000000000000
--- a/vendor/google.golang.org/grpc/channelz/types.go
+++ /dev/null
@@ -1,418 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package channelz
-
-import (
-	"net"
-	"time"
-
-	"google.golang.org/grpc/connectivity"
-	"google.golang.org/grpc/grpclog"
-)
-
-// entry represents a node in the channelz database.
-type entry interface {
-	// addChild adds a child e, whose channelz id is id to child list
-	addChild(id int64, e entry)
-	// deleteChild deletes a child with channelz id to be id from child list
-	deleteChild(id int64)
-	// triggerDelete tries to delete self from channelz database. However, if child
-	// list is not empty, then deletion from the database is on hold until the last
-	// child is deleted from database.
-	triggerDelete()
-	// deleteSelfIfReady check whether triggerDelete() has been called before, and whether child
-	// list is now empty. If both conditions are met, then delete self from database.
-	deleteSelfIfReady()
-}
-
-// dummyEntry is a fake entry to handle entry not found case.
-type dummyEntry struct {
-	idNotFound int64
-}
-
-func (d *dummyEntry) addChild(id int64, e entry) {
-	// Note: It is possible for a normal program to reach here under race condition.
-	// For example, there could be a race between ClientConn.Close() info being propagated
-	// to addrConn and http2Client. ClientConn.Close() cancel the context and result
-	// in http2Client to error. The error info is then caught by transport monitor
-	// and before addrConn.tearDown() is called in side ClientConn.Close(). Therefore,
-	// the addrConn will create a new transport. And when registering the new transport in
-	// channelz, its parent addrConn could have already been torn down and deleted
-	// from channelz tracking, and thus reach the code here.
-	grpclog.Infof("attempt to add child of type %T with id %d to a parent (id=%d) that doesn't currently exist", e, id, d.idNotFound)
-}
-
-func (d *dummyEntry) deleteChild(id int64) {
-	// It is possible for a normal program to reach here under race condition.
-	// Refer to the example described in addChild().
-	grpclog.Infof("attempt to delete child with id %d from a parent (id=%d) that doesn't currently exist", id, d.idNotFound)
-}
-
-func (d *dummyEntry) triggerDelete() {
-	grpclog.Warningf("attempt to delete an entry (id=%d) that doesn't currently exist", d.idNotFound)
-}
-
-func (*dummyEntry) deleteSelfIfReady() {
-	// code should not reach here. deleteSelfIfReady is always called on an existing entry.
-}
-
-// ChannelMetric defines the info channelz provides for a specific Channel, which
-// includes ChannelInternalMetric and channelz-specific data, such as channelz id,
-// child list, etc.
-type ChannelMetric struct {
-	// ID is the channelz id of this channel.
-	ID int64
-	// RefName is the human readable reference string of this channel.
-	RefName string
-	// ChannelData contains channel internal metric reported by the channel through
-	// ChannelzMetric().
-	ChannelData *ChannelInternalMetric
-	// NestedChans tracks the nested channel type children of this channel in the format of
-	// a map from nested channel channelz id to corresponding reference string.
-	NestedChans map[int64]string
-	// SubChans tracks the subchannel type children of this channel in the format of a
-	// map from subchannel channelz id to corresponding reference string.
-	SubChans map[int64]string
-	// Sockets tracks the socket type children of this channel in the format of a map
-	// from socket channelz id to corresponding reference string.
-	// Note current grpc implementation doesn't allow channel having sockets directly,
-	// therefore, this is field is unused.
-	Sockets map[int64]string
-}
-
-// SubChannelMetric defines the info channelz provides for a specific SubChannel,
-// which includes ChannelInternalMetric and channelz-specific data, such as
-// channelz id, child list, etc.
-type SubChannelMetric struct {
-	// ID is the channelz id of this subchannel.
-	ID int64
-	// RefName is the human readable reference string of this subchannel.
-	RefName string
-	// ChannelData contains subchannel internal metric reported by the subchannel
-	// through ChannelzMetric().
-	ChannelData *ChannelInternalMetric
-	// NestedChans tracks the nested channel type children of this subchannel in the format of
-	// a map from nested channel channelz id to corresponding reference string.
-	// Note current grpc implementation doesn't allow subchannel to have nested channels
-	// as children, therefore, this field is unused.
-	NestedChans map[int64]string
-	// SubChans tracks the subchannel type children of this subchannel in the format of a
-	// map from subchannel channelz id to corresponding reference string.
-	// Note current grpc implementation doesn't allow subchannel to have subchannels
-	// as children, therefore, this field is unused.
-	SubChans map[int64]string
-	// Sockets tracks the socket type children of this subchannel in the format of a map
-	// from socket channelz id to corresponding reference string.
-	Sockets map[int64]string
-}
-
-// ChannelInternalMetric defines the struct that the implementor of Channel interface
-// should return from ChannelzMetric().
-type ChannelInternalMetric struct {
-	// current connectivity state of the channel.
-	State connectivity.State
-	// The target this channel originally tried to connect to.  May be absent
-	Target string
-	// The number of calls started on the channel.
-	CallsStarted int64
-	// The number of calls that have completed with an OK status.
-	CallsSucceeded int64
-	// The number of calls that have a completed with a non-OK status.
-	CallsFailed int64
-	// The last time a call was started on the channel.
-	LastCallStartedTimestamp time.Time
-	//TODO: trace
-}
-
-// Channel is the interface that should be satisfied in order to be tracked by
-// channelz as Channel or SubChannel.
-type Channel interface {
-	ChannelzMetric() *ChannelInternalMetric
-}
-
-type channel struct {
-	refName     string
-	c           Channel
-	closeCalled bool
-	nestedChans map[int64]string
-	subChans    map[int64]string
-	id          int64
-	pid         int64
-	cm          *channelMap
-}
-
-func (c *channel) addChild(id int64, e entry) {
-	switch v := e.(type) {
-	case *subChannel:
-		c.subChans[id] = v.refName
-	case *channel:
-		c.nestedChans[id] = v.refName
-	default:
-		grpclog.Errorf("cannot add a child (id = %d) of type %T to a channel", id, e)
-	}
-}
-
-func (c *channel) deleteChild(id int64) {
-	delete(c.subChans, id)
-	delete(c.nestedChans, id)
-	c.deleteSelfIfReady()
-}
-
-func (c *channel) triggerDelete() {
-	c.closeCalled = true
-	c.deleteSelfIfReady()
-}
-
-func (c *channel) deleteSelfIfReady() {
-	if !c.closeCalled || len(c.subChans)+len(c.nestedChans) != 0 {
-		return
-	}
-	c.cm.deleteEntry(c.id)
-	// not top channel
-	if c.pid != 0 {
-		c.cm.findEntry(c.pid).deleteChild(c.id)
-	}
-}
-
-type subChannel struct {
-	refName     string
-	c           Channel
-	closeCalled bool
-	sockets     map[int64]string
-	id          int64
-	pid         int64
-	cm          *channelMap
-}
-
-func (sc *subChannel) addChild(id int64, e entry) {
-	if v, ok := e.(*normalSocket); ok {
-		sc.sockets[id] = v.refName
-	} else {
-		grpclog.Errorf("cannot add a child (id = %d) of type %T to a subChannel", id, e)
-	}
-}
-
-func (sc *subChannel) deleteChild(id int64) {
-	delete(sc.sockets, id)
-	sc.deleteSelfIfReady()
-}
-
-func (sc *subChannel) triggerDelete() {
-	sc.closeCalled = true
-	sc.deleteSelfIfReady()
-}
-
-func (sc *subChannel) deleteSelfIfReady() {
-	if !sc.closeCalled || len(sc.sockets) != 0 {
-		return
-	}
-	sc.cm.deleteEntry(sc.id)
-	sc.cm.findEntry(sc.pid).deleteChild(sc.id)
-}
-
-// SocketMetric defines the info channelz provides for a specific Socket, which
-// includes SocketInternalMetric and channelz-specific data, such as channelz id, etc.
-type SocketMetric struct {
-	// ID is the channelz id of this socket.
-	ID int64
-	// RefName is the human readable reference string of this socket.
-	RefName string
-	// SocketData contains socket internal metric reported by the socket through
-	// ChannelzMetric().
-	SocketData *SocketInternalMetric
-}
-
-// SocketInternalMetric defines the struct that the implementor of Socket interface
-// should return from ChannelzMetric().
-type SocketInternalMetric struct {
-	// The number of streams that have been started.
-	StreamsStarted int64
-	// The number of streams that have ended successfully:
-	// On client side, receiving frame with eos bit set.
-	// On server side, sending frame with eos bit set.
-	StreamsSucceeded int64
-	// The number of streams that have ended unsuccessfully:
-	// On client side, termination without receiving frame with eos bit set.
-	// On server side, termination without sending frame with eos bit set.
-	StreamsFailed int64
-	// The number of messages successfully sent on this socket.
-	MessagesSent     int64
-	MessagesReceived int64
-	// The number of keep alives sent.  This is typically implemented with HTTP/2
-	// ping messages.
-	KeepAlivesSent int64
-	// The last time a stream was created by this endpoint.  Usually unset for
-	// servers.
-	LastLocalStreamCreatedTimestamp time.Time
-	// The last time a stream was created by the remote endpoint.  Usually unset
-	// for clients.
-	LastRemoteStreamCreatedTimestamp time.Time
-	// The last time a message was sent by this endpoint.
-	LastMessageSentTimestamp time.Time
-	// The last time a message was received by this endpoint.
-	LastMessageReceivedTimestamp time.Time
-	// The amount of window, granted to the local endpoint by the remote endpoint.
-	// This may be slightly out of date due to network latency.  This does NOT
-	// include stream level or TCP level flow control info.
-	LocalFlowControlWindow int64
-	// The amount of window, granted to the remote endpoint by the local endpoint.
-	// This may be slightly out of date due to network latency.  This does NOT
-	// include stream level or TCP level flow control info.
-	RemoteFlowControlWindow int64
-	// The locally bound address.
-	LocalAddr net.Addr
-	// The remote bound address.  May be absent.
-	RemoteAddr net.Addr
-	// Optional, represents the name of the remote endpoint, if different than
-	// the original target name.
-	RemoteName string
-	//TODO: socket options
-	//TODO: Security
-}
-
-// Socket is the interface that should be satisfied in order to be tracked by
-// channelz as Socket.
-type Socket interface {
-	ChannelzMetric() *SocketInternalMetric
-}
-
-type listenSocket struct {
-	refName string
-	s       Socket
-	id      int64
-	pid     int64
-	cm      *channelMap
-}
-
-func (ls *listenSocket) addChild(id int64, e entry) {
-	grpclog.Errorf("cannot add a child (id = %d) of type %T to a listen socket", id, e)
-}
-
-func (ls *listenSocket) deleteChild(id int64) {
-	grpclog.Errorf("cannot delete a child (id = %d) from a listen socket", id)
-}
-
-func (ls *listenSocket) triggerDelete() {
-	ls.cm.deleteEntry(ls.id)
-	ls.cm.findEntry(ls.pid).deleteChild(ls.id)
-}
-
-func (ls *listenSocket) deleteSelfIfReady() {
-	grpclog.Errorf("cannot call deleteSelfIfReady on a listen socket")
-}
-
-type normalSocket struct {
-	refName string
-	s       Socket
-	id      int64
-	pid     int64
-	cm      *channelMap
-}
-
-func (ns *normalSocket) addChild(id int64, e entry) {
-	grpclog.Errorf("cannot add a child (id = %d) of type %T to a normal socket", id, e)
-}
-
-func (ns *normalSocket) deleteChild(id int64) {
-	grpclog.Errorf("cannot delete a child (id = %d) from a normal socket", id)
-}
-
-func (ns *normalSocket) triggerDelete() {
-	ns.cm.deleteEntry(ns.id)
-	ns.cm.findEntry(ns.pid).deleteChild(ns.id)
-}
-
-func (ns *normalSocket) deleteSelfIfReady() {
-	grpclog.Errorf("cannot call deleteSelfIfReady on a normal socket")
-}
-
-// ServerMetric defines the info channelz provides for a specific Server, which
-// includes ServerInternalMetric and channelz-specific data, such as channelz id,
-// child list, etc.
-type ServerMetric struct {
-	// ID is the channelz id of this server.
-	ID int64
-	// RefName is the human readable reference string of this server.
-	RefName string
-	// ServerData contains server internal metric reported by the server through
-	// ChannelzMetric().
-	ServerData *ServerInternalMetric
-	// ListenSockets tracks the listener socket type children of this server in the
-	// format of a map from socket channelz id to corresponding reference string.
-	ListenSockets map[int64]string
-}
-
-// ServerInternalMetric defines the struct that the implementor of Server interface
-// should return from ChannelzMetric().
-type ServerInternalMetric struct {
-	// The number of incoming calls started on the server.
-	CallsStarted int64
-	// The number of incoming calls that have completed with an OK status.
-	CallsSucceeded int64
-	// The number of incoming calls that have a completed with a non-OK status.
-	CallsFailed int64
-	// The last time a call was started on the server.
-	LastCallStartedTimestamp time.Time
-	//TODO: trace
-}
-
-// Server is the interface to be satisfied in order to be tracked by channelz as
-// Server.
-type Server interface {
-	ChannelzMetric() *ServerInternalMetric
-}
-
-type server struct {
-	refName       string
-	s             Server
-	closeCalled   bool
-	sockets       map[int64]string
-	listenSockets map[int64]string
-	id            int64
-	cm            *channelMap
-}
-
-func (s *server) addChild(id int64, e entry) {
-	switch v := e.(type) {
-	case *normalSocket:
-		s.sockets[id] = v.refName
-	case *listenSocket:
-		s.listenSockets[id] = v.refName
-	default:
-		grpclog.Errorf("cannot add a child (id = %d) of type %T to a server", id, e)
-	}
-}
-
-func (s *server) deleteChild(id int64) {
-	delete(s.sockets, id)
-	delete(s.listenSockets, id)
-	s.deleteSelfIfReady()
-}
-
-func (s *server) triggerDelete() {
-	s.closeCalled = true
-	s.deleteSelfIfReady()
-}
-
-func (s *server) deleteSelfIfReady() {
-	if !s.closeCalled || len(s.sockets)+len(s.listenSockets) != 0 {
-		return
-	}
-	s.cm.deleteEntry(s.id)
-}
diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go
index e8d95b43b74e9..f58740b25078a 100644
--- a/vendor/google.golang.org/grpc/clientconn.go
+++ b/vendor/google.golang.org/grpc/clientconn.go
@@ -19,6 +19,7 @@
 package grpc
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"math"
@@ -26,29 +27,34 @@ import (
 	"reflect"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
-	"golang.org/x/net/context"
-	"golang.org/x/net/trace"
 	"google.golang.org/grpc/balancer"
-	_ "google.golang.org/grpc/balancer/roundrobin" // To register roundrobin.
-	"google.golang.org/grpc/channelz"
+	"google.golang.org/grpc/balancer/base"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal/backoff"
+	"google.golang.org/grpc/internal/channelz"
+	"google.golang.org/grpc/internal/grpcsync"
+	"google.golang.org/grpc/internal/transport"
 	"google.golang.org/grpc/keepalive"
 	"google.golang.org/grpc/resolver"
-	_ "google.golang.org/grpc/resolver/dns"         // To register dns resolver.
-	_ "google.golang.org/grpc/resolver/passthrough" // To register passthrough resolver.
-	"google.golang.org/grpc/stats"
+	"google.golang.org/grpc/serviceconfig"
 	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/transport"
+
+	_ "google.golang.org/grpc/balancer/roundrobin"           // To register roundrobin.
+	_ "google.golang.org/grpc/internal/resolver/dns"         // To register dns resolver.
+	_ "google.golang.org/grpc/internal/resolver/passthrough" // To register passthrough resolver.
 )
 
 const (
 	// minimum time to give a connection to complete
 	minConnectTimeout = 20 * time.Second
+	// must match grpclbName in grpclb/grpclb.go
+	grpclbName = "grpclb"
 )
 
 var (
@@ -62,15 +68,11 @@ var (
 	errConnDrain = errors.New("grpc: the connection is drained")
 	// errConnClosing indicates that the connection is closing.
 	errConnClosing = errors.New("grpc: the connection is closing")
-	// errConnUnavailable indicates that the connection is unavailable.
-	errConnUnavailable = errors.New("grpc: the connection is unavailable")
 	// errBalancerClosed indicates that the balancer is closed.
 	errBalancerClosed = errors.New("grpc: balancer is closed")
-	// We use an accessor so that minConnectTimeout can be
-	// atomically read and updated while testing.
-	getMinConnectTimeout = func() time.Duration {
-		return minConnectTimeout
-	}
+	// invalidDefaultServiceConfigErrPrefix is used to prefix the json parsing error for the default
+	// service config.
+	invalidDefaultServiceConfigErrPrefix = "grpc: the provided default service config is invalid"
 )
 
 // The following errors are returned from Dial and DialContext
@@ -79,353 +81,26 @@ var (
 	// being set for ClientConn. Users should either set one or explicitly
 	// call WithInsecure DialOption to disable security.
 	errNoTransportSecurity = errors.New("grpc: no transport security set (use grpc.WithInsecure() explicitly or set credentials)")
+	// errTransportCredsAndBundle indicates that creds bundle is used together
+	// with other individual Transport Credentials.
+	errTransportCredsAndBundle = errors.New("grpc: credentials.Bundle may not be used with individual TransportCredentials")
 	// errTransportCredentialsMissing indicates that users want to transmit security
-	// information (e.g., oauth2 token) which requires secure connection on an insecure
+	// information (e.g., OAuth2 token) which requires secure connection on an insecure
 	// connection.
 	errTransportCredentialsMissing = errors.New("grpc: the credentials require transport level security (use grpc.WithTransportCredentials() to set)")
 	// errCredentialsConflict indicates that grpc.WithTransportCredentials()
 	// and grpc.WithInsecure() are both called for a connection.
 	errCredentialsConflict = errors.New("grpc: transport credentials are set for an insecure connection (grpc.WithTransportCredentials() and grpc.WithInsecure() are both called)")
-	// errNetworkIO indicates that the connection is down due to some network I/O error.
-	errNetworkIO = errors.New("grpc: failed with network I/O error")
 )
 
-// dialOptions configure a Dial call. dialOptions are set by the DialOption
-// values passed to Dial.
-type dialOptions struct {
-	unaryInt    UnaryClientInterceptor
-	streamInt   StreamClientInterceptor
-	cp          Compressor
-	dc          Decompressor
-	bs          backoffStrategy
-	block       bool
-	insecure    bool
-	timeout     time.Duration
-	scChan      <-chan ServiceConfig
-	copts       transport.ConnectOptions
-	callOptions []CallOption
-	// This is used by v1 balancer dial option WithBalancer to support v1
-	// balancer, and also by WithBalancerName dial option.
-	balancerBuilder balancer.Builder
-	// This is to support grpclb.
-	resolverBuilder      resolver.Builder
-	waitForHandshake     bool
-	channelzParentID     int64
-	disableServiceConfig bool
-}
-
 const (
 	defaultClientMaxReceiveMessageSize = 1024 * 1024 * 4
 	defaultClientMaxSendMessageSize    = math.MaxInt32
+	// http2IOBufSize specifies the buffer size for sending frames.
+	defaultWriteBufSize = 32 * 1024
+	defaultReadBufSize  = 32 * 1024
 )
 
-// RegisterChannelz turns on channelz service.
-// This is an EXPERIMENTAL API.
-func RegisterChannelz() {
-	channelz.TurnOn()
-}
-
-// DialOption configures how we set up the connection.
-type DialOption func(*dialOptions)
-
-// WithWaitForHandshake blocks until the initial settings frame is received from the
-// server before assigning RPCs to the connection.
-// Experimental API.
-func WithWaitForHandshake() DialOption {
-	return func(o *dialOptions) {
-		o.waitForHandshake = true
-	}
-}
-
-// WithWriteBufferSize lets you set the size of write buffer, this determines how much data can be batched
-// before doing a write on the wire.
-func WithWriteBufferSize(s int) DialOption {
-	return func(o *dialOptions) {
-		o.copts.WriteBufferSize = s
-	}
-}
-
-// WithReadBufferSize lets you set the size of read buffer, this determines how much data can be read at most
-// for each read syscall.
-func WithReadBufferSize(s int) DialOption {
-	return func(o *dialOptions) {
-		o.copts.ReadBufferSize = s
-	}
-}
-
-// WithInitialWindowSize returns a DialOption which sets the value for initial window size on a stream.
-// The lower bound for window size is 64K and any value smaller than that will be ignored.
-func WithInitialWindowSize(s int32) DialOption {
-	return func(o *dialOptions) {
-		o.copts.InitialWindowSize = s
-	}
-}
-
-// WithInitialConnWindowSize returns a DialOption which sets the value for initial window size on a connection.
-// The lower bound for window size is 64K and any value smaller than that will be ignored.
-func WithInitialConnWindowSize(s int32) DialOption {
-	return func(o *dialOptions) {
-		o.copts.InitialConnWindowSize = s
-	}
-}
-
-// WithMaxMsgSize returns a DialOption which sets the maximum message size the client can receive.
-//
-// Deprecated: use WithDefaultCallOptions(MaxCallRecvMsgSize(s)) instead.
-func WithMaxMsgSize(s int) DialOption {
-	return WithDefaultCallOptions(MaxCallRecvMsgSize(s))
-}
-
-// WithDefaultCallOptions returns a DialOption which sets the default CallOptions for calls over the connection.
-func WithDefaultCallOptions(cos ...CallOption) DialOption {
-	return func(o *dialOptions) {
-		o.callOptions = append(o.callOptions, cos...)
-	}
-}
-
-// WithCodec returns a DialOption which sets a codec for message marshaling and unmarshaling.
-//
-// Deprecated: use WithDefaultCallOptions(CallCustomCodec(c)) instead.
-func WithCodec(c Codec) DialOption {
-	return WithDefaultCallOptions(CallCustomCodec(c))
-}
-
-// WithCompressor returns a DialOption which sets a Compressor to use for
-// message compression. It has lower priority than the compressor set by
-// the UseCompressor CallOption.
-//
-// Deprecated: use UseCompressor instead.
-func WithCompressor(cp Compressor) DialOption {
-	return func(o *dialOptions) {
-		o.cp = cp
-	}
-}
-
-// WithDecompressor returns a DialOption which sets a Decompressor to use for
-// incoming message decompression.  If incoming response messages are encoded
-// using the decompressor's Type(), it will be used.  Otherwise, the message
-// encoding will be used to look up the compressor registered via
-// encoding.RegisterCompressor, which will then be used to decompress the
-// message.  If no compressor is registered for the encoding, an Unimplemented
-// status error will be returned.
-//
-// Deprecated: use encoding.RegisterCompressor instead.
-func WithDecompressor(dc Decompressor) DialOption {
-	return func(o *dialOptions) {
-		o.dc = dc
-	}
-}
-
-// WithBalancer returns a DialOption which sets a load balancer with the v1 API.
-// Name resolver will be ignored if this DialOption is specified.
-//
-// Deprecated: use the new balancer APIs in balancer package and WithBalancerName.
-func WithBalancer(b Balancer) DialOption {
-	return func(o *dialOptions) {
-		o.balancerBuilder = &balancerWrapperBuilder{
-			b: b,
-		}
-	}
-}
-
-// WithBalancerName sets the balancer that the ClientConn will be initialized
-// with. Balancer registered with balancerName will be used. This function
-// panics if no balancer was registered by balancerName.
-//
-// The balancer cannot be overridden by balancer option specified by service
-// config.
-//
-// This is an EXPERIMENTAL API.
-func WithBalancerName(balancerName string) DialOption {
-	builder := balancer.Get(balancerName)
-	if builder == nil {
-		panic(fmt.Sprintf("grpc.WithBalancerName: no balancer is registered for name %v", balancerName))
-	}
-	return func(o *dialOptions) {
-		o.balancerBuilder = builder
-	}
-}
-
-// withResolverBuilder is only for grpclb.
-func withResolverBuilder(b resolver.Builder) DialOption {
-	return func(o *dialOptions) {
-		o.resolverBuilder = b
-	}
-}
-
-// WithServiceConfig returns a DialOption which has a channel to read the service configuration.
-//
-// Deprecated: service config should be received through name resolver, as specified here.
-// https://github.com/grpc/grpc/blob/master/doc/service_config.md
-func WithServiceConfig(c <-chan ServiceConfig) DialOption {
-	return func(o *dialOptions) {
-		o.scChan = c
-	}
-}
-
-// WithBackoffMaxDelay configures the dialer to use the provided maximum delay
-// when backing off after failed connection attempts.
-func WithBackoffMaxDelay(md time.Duration) DialOption {
-	return WithBackoffConfig(BackoffConfig{MaxDelay: md})
-}
-
-// WithBackoffConfig configures the dialer to use the provided backoff
-// parameters after connection failures.
-//
-// Use WithBackoffMaxDelay until more parameters on BackoffConfig are opened up
-// for use.
-func WithBackoffConfig(b BackoffConfig) DialOption {
-	// Set defaults to ensure that provided BackoffConfig is valid and
-	// unexported fields get default values.
-	setDefaults(&b)
-	return withBackoff(b)
-}
-
-// withBackoff sets the backoff strategy used for connectRetryNum after a
-// failed connection attempt.
-//
-// This can be exported if arbitrary backoff strategies are allowed by gRPC.
-func withBackoff(bs backoffStrategy) DialOption {
-	return func(o *dialOptions) {
-		o.bs = bs
-	}
-}
-
-// WithBlock returns a DialOption which makes caller of Dial blocks until the underlying
-// connection is up. Without this, Dial returns immediately and connecting the server
-// happens in background.
-func WithBlock() DialOption {
-	return func(o *dialOptions) {
-		o.block = true
-	}
-}
-
-// WithInsecure returns a DialOption which disables transport security for this ClientConn.
-// Note that transport security is required unless WithInsecure is set.
-func WithInsecure() DialOption {
-	return func(o *dialOptions) {
-		o.insecure = true
-	}
-}
-
-// WithTransportCredentials returns a DialOption which configures a
-// connection level security credentials (e.g., TLS/SSL).
-func WithTransportCredentials(creds credentials.TransportCredentials) DialOption {
-	return func(o *dialOptions) {
-		o.copts.TransportCredentials = creds
-	}
-}
-
-// WithPerRPCCredentials returns a DialOption which sets
-// credentials and places auth state on each outbound RPC.
-func WithPerRPCCredentials(creds credentials.PerRPCCredentials) DialOption {
-	return func(o *dialOptions) {
-		o.copts.PerRPCCredentials = append(o.copts.PerRPCCredentials, creds)
-	}
-}
-
-// WithTimeout returns a DialOption that configures a timeout for dialing a ClientConn
-// initially. This is valid if and only if WithBlock() is present.
-//
-// Deprecated: use DialContext and context.WithTimeout instead.
-func WithTimeout(d time.Duration) DialOption {
-	return func(o *dialOptions) {
-		o.timeout = d
-	}
-}
-
-func withContextDialer(f func(context.Context, string) (net.Conn, error)) DialOption {
-	return func(o *dialOptions) {
-		o.copts.Dialer = f
-	}
-}
-
-// WithDialer returns a DialOption that specifies a function to use for dialing network addresses.
-// If FailOnNonTempDialError() is set to true, and an error is returned by f, gRPC checks the error's
-// Temporary() method to decide if it should try to reconnect to the network address.
-func WithDialer(f func(string, time.Duration) (net.Conn, error)) DialOption {
-	return withContextDialer(
-		func(ctx context.Context, addr string) (net.Conn, error) {
-			if deadline, ok := ctx.Deadline(); ok {
-				return f(addr, deadline.Sub(time.Now()))
-			}
-			return f(addr, 0)
-		})
-}
-
-// WithStatsHandler returns a DialOption that specifies the stats handler
-// for all the RPCs and underlying network connections in this ClientConn.
-func WithStatsHandler(h stats.Handler) DialOption {
-	return func(o *dialOptions) {
-		o.copts.StatsHandler = h
-	}
-}
-
-// FailOnNonTempDialError returns a DialOption that specifies if gRPC fails on non-temporary dial errors.
-// If f is true, and dialer returns a non-temporary error, gRPC will fail the connection to the network
-// address and won't try to reconnect.
-// The default value of FailOnNonTempDialError is false.
-// This is an EXPERIMENTAL API.
-func FailOnNonTempDialError(f bool) DialOption {
-	return func(o *dialOptions) {
-		o.copts.FailOnNonTempDialError = f
-	}
-}
-
-// WithUserAgent returns a DialOption that specifies a user agent string for all the RPCs.
-func WithUserAgent(s string) DialOption {
-	return func(o *dialOptions) {
-		o.copts.UserAgent = s
-	}
-}
-
-// WithKeepaliveParams returns a DialOption that specifies keepalive parameters for the client transport.
-func WithKeepaliveParams(kp keepalive.ClientParameters) DialOption {
-	return func(o *dialOptions) {
-		o.copts.KeepaliveParams = kp
-	}
-}
-
-// WithUnaryInterceptor returns a DialOption that specifies the interceptor for unary RPCs.
-func WithUnaryInterceptor(f UnaryClientInterceptor) DialOption {
-	return func(o *dialOptions) {
-		o.unaryInt = f
-	}
-}
-
-// WithStreamInterceptor returns a DialOption that specifies the interceptor for streaming RPCs.
-func WithStreamInterceptor(f StreamClientInterceptor) DialOption {
-	return func(o *dialOptions) {
-		o.streamInt = f
-	}
-}
-
-// WithAuthority returns a DialOption that specifies the value to be used as
-// the :authority pseudo-header. This value only works with WithInsecure and
-// has no effect if TransportCredentials are present.
-func WithAuthority(a string) DialOption {
-	return func(o *dialOptions) {
-		o.copts.Authority = a
-	}
-}
-
-// WithChannelzParentID returns a DialOption that specifies the channelz ID of current ClientConn's
-// parent. This function is used in nested channel creation (e.g. grpclb dial).
-func WithChannelzParentID(id int64) DialOption {
-	return func(o *dialOptions) {
-		o.channelzParentID = id
-	}
-}
-
-// WithDisableServiceConfig returns a DialOption that causes grpc to ignore any
-// service config provided by the resolver and provides a hint to the resolver
-// to not fetch service configs.
-func WithDisableServiceConfig() DialOption {
-	return func(o *dialOptions) {
-		o.disableServiceConfig = true
-	}
-}
-
 // Dial creates a client connection to the given target.
 func Dial(target string, opts ...DialOption) (*ClientConn, error) {
 	return DialContext(context.Background(), target, opts...)
@@ -449,32 +124,60 @@ func Dial(target string, opts ...DialOption) (*ClientConn, error) {
 // e.g. to use dns resolver, a "dns:///" prefix should be applied to the target.
 func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *ClientConn, err error) {
 	cc := &ClientConn{
-		target: target,
-		csMgr:  &connectivityStateManager{},
-		conns:  make(map[*addrConn]struct{}),
-
-		blockingpicker: newPickerWrapper(),
-	}
+		target:            target,
+		csMgr:             &connectivityStateManager{},
+		conns:             make(map[*addrConn]struct{}),
+		dopts:             defaultDialOptions(),
+		blockingpicker:    newPickerWrapper(),
+		czData:            new(channelzData),
+		firstResolveEvent: grpcsync.NewEvent(),
+	}
+	cc.retryThrottler.Store((*retryThrottler)(nil))
 	cc.ctx, cc.cancel = context.WithCancel(context.Background())
 
 	for _, opt := range opts {
-		opt(&cc.dopts)
+		opt.apply(&cc.dopts)
 	}
 
+	chainUnaryClientInterceptors(cc)
+	chainStreamClientInterceptors(cc)
+
+	defer func() {
+		if err != nil {
+			cc.Close()
+		}
+	}()
+
 	if channelz.IsOn() {
 		if cc.dopts.channelzParentID != 0 {
-			cc.channelzID = channelz.RegisterChannel(cc, cc.dopts.channelzParentID, target)
+			cc.channelzID = channelz.RegisterChannel(&channelzChannel{cc}, cc.dopts.channelzParentID, target)
+			channelz.AddTraceEvent(cc.channelzID, &channelz.TraceEventDesc{
+				Desc:     "Channel Created",
+				Severity: channelz.CtINFO,
+				Parent: &channelz.TraceEventDesc{
+					Desc:     fmt.Sprintf("Nested Channel(id:%d) created", cc.channelzID),
+					Severity: channelz.CtINFO,
+				},
+			})
 		} else {
-			cc.channelzID = channelz.RegisterChannel(cc, 0, target)
+			cc.channelzID = channelz.RegisterChannel(&channelzChannel{cc}, 0, target)
+			channelz.AddTraceEvent(cc.channelzID, &channelz.TraceEventDesc{
+				Desc:     "Channel Created",
+				Severity: channelz.CtINFO,
+			})
 		}
+		cc.csMgr.channelzID = cc.channelzID
 	}
 
 	if !cc.dopts.insecure {
-		if cc.dopts.copts.TransportCredentials == nil {
+		if cc.dopts.copts.TransportCredentials == nil && cc.dopts.copts.CredsBundle == nil {
 			return nil, errNoTransportSecurity
 		}
+		if cc.dopts.copts.TransportCredentials != nil && cc.dopts.copts.CredsBundle != nil {
+			return nil, errTransportCredsAndBundle
+		}
 	} else {
-		if cc.dopts.copts.TransportCredentials != nil {
+		if cc.dopts.copts.TransportCredentials != nil || cc.dopts.copts.CredsBundle != nil {
 			return nil, errCredentialsConflict
 		}
 		for _, cd := range cc.dopts.copts.PerRPCCredentials {
@@ -484,13 +187,20 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		}
 	}
 
+	if cc.dopts.defaultServiceConfigRawJSON != nil {
+		scpr := parseServiceConfig(*cc.dopts.defaultServiceConfigRawJSON)
+		if scpr.Err != nil {
+			return nil, fmt.Errorf("%s: %v", invalidDefaultServiceConfigErrPrefix, scpr.Err)
+		}
+		cc.dopts.defaultServiceConfig, _ = scpr.Config.(*ServiceConfig)
+	}
 	cc.mkp = cc.dopts.copts.KeepaliveParams
 
 	if cc.dopts.copts.Dialer == nil {
 		cc.dopts.copts.Dialer = newProxyDialer(
 			func(ctx context.Context, addr string) (net.Conn, error) {
 				network, addr := parseDialTarget(addr)
-				return dialContext(ctx, network, addr)
+				return (&net.Dialer{}).DialContext(ctx, network, addr)
 			},
 		)
 	}
@@ -506,17 +216,12 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		ctx, cancel = context.WithTimeout(ctx, cc.dopts.timeout)
 		defer cancel()
 	}
-
 	defer func() {
 		select {
 		case <-ctx.Done():
 			conn, err = nil, ctx.Err()
 		default:
 		}
-
-		if err != nil {
-			cc.Close()
-		}
 	}()
 
 	scSet := false
@@ -525,39 +230,40 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		select {
 		case sc, ok := <-cc.dopts.scChan:
 			if ok {
-				cc.sc = sc
+				cc.sc = &sc
 				scSet = true
 			}
 		default:
 		}
 	}
 	if cc.dopts.bs == nil {
-		cc.dopts.bs = DefaultBackoffConfig
-	}
-	if cc.dopts.resolverBuilder == nil {
-		// Only try to parse target when resolver builder is not already set.
-		cc.parsedTarget = parseTarget(cc.target)
-		grpclog.Infof("parsed scheme: %q", cc.parsedTarget.Scheme)
-		cc.dopts.resolverBuilder = resolver.Get(cc.parsedTarget.Scheme)
-		if cc.dopts.resolverBuilder == nil {
-			// If resolver builder is still nil, the parse target's scheme is
-			// not registered. Fallback to default resolver and set Endpoint to
-			// the original unparsed target.
-			grpclog.Infof("scheme %q not registered, fallback to default scheme", cc.parsedTarget.Scheme)
-			cc.parsedTarget = resolver.Target{
-				Scheme:   resolver.GetDefaultScheme(),
-				Endpoint: target,
-			}
-			cc.dopts.resolverBuilder = resolver.Get(cc.parsedTarget.Scheme)
+		cc.dopts.bs = backoff.DefaultExponential
+	}
+
+	// Determine the resolver to use.
+	cc.parsedTarget = parseTarget(cc.target)
+	grpclog.Infof("parsed scheme: %q", cc.parsedTarget.Scheme)
+	resolverBuilder := cc.getResolver(cc.parsedTarget.Scheme)
+	if resolverBuilder == nil {
+		// If resolver builder is still nil, the parsed target's scheme is
+		// not registered. Fallback to default resolver and set Endpoint to
+		// the original target.
+		grpclog.Infof("scheme %q not registered, fallback to default scheme", cc.parsedTarget.Scheme)
+		cc.parsedTarget = resolver.Target{
+			Scheme:   resolver.GetDefaultScheme(),
+			Endpoint: target,
+		}
+		resolverBuilder = cc.getResolver(cc.parsedTarget.Scheme)
+		if resolverBuilder == nil {
+			return nil, fmt.Errorf("could not get resolver for default scheme: %q", cc.parsedTarget.Scheme)
 		}
-	} else {
-		cc.parsedTarget = resolver.Target{Endpoint: target}
 	}
+
 	creds := cc.dopts.copts.TransportCredentials
 	if creds != nil && creds.Info().ServerName != "" {
 		cc.authority = creds.Info().ServerName
-	} else if cc.dopts.insecure && cc.dopts.copts.Authority != "" {
-		cc.authority = cc.dopts.copts.Authority
+	} else if cc.dopts.insecure && cc.dopts.authority != "" {
+		cc.authority = cc.dopts.authority
 	} else {
 		// Use endpoint from "scheme://authority/endpoint" as the default
 		// authority for ClientConn.
@@ -569,7 +275,7 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		select {
 		case sc, ok := <-cc.dopts.scChan:
 			if ok {
-				cc.sc = sc
+				cc.sc = &sc
 			}
 		case <-ctx.Done():
 			return nil, ctx.Err()
@@ -585,23 +291,20 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	}
 	cc.balancerBuildOpts = balancer.BuildOptions{
 		DialCreds:        credsClone,
+		CredsBundle:      cc.dopts.copts.CredsBundle,
 		Dialer:           cc.dopts.copts.Dialer,
 		ChannelzParentID: cc.channelzID,
+		Target:           cc.parsedTarget,
 	}
 
 	// Build the resolver.
-	cc.resolverWrapper, err = newCCResolverWrapper(cc)
+	rWrapper, err := newCCResolverWrapper(cc, resolverBuilder)
 	if err != nil {
 		return nil, fmt.Errorf("failed to build resolver: %v", err)
 	}
-	// Start the resolver wrapper goroutine after resolverWrapper is created.
-	//
-	// If the goroutine is started before resolverWrapper is ready, the
-	// following may happen: The goroutine sends updates to cc. cc forwards
-	// those to balancer. Balancer creates new addrConn. addrConn fails to
-	// connect, and calls resolveNow(). resolveNow() tries to use the non-ready
-	// resolverWrapper.
-	cc.resolverWrapper.start()
+	cc.mu.Lock()
+	cc.resolverWrapper = rWrapper
+	cc.mu.Unlock()
 
 	// A blocking dial blocks until the clientConn is ready.
 	if cc.dopts.block {
@@ -609,6 +312,15 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 			s := cc.GetState()
 			if s == connectivity.Ready {
 				break
+			} else if cc.dopts.copts.FailOnNonTempDialError && s == connectivity.TransientFailure {
+				if err = cc.blockingpicker.connectionError(); err != nil {
+					terr, ok := err.(interface {
+						Temporary() bool
+					})
+					if ok && !terr.Temporary() {
+						return nil, err
+					}
+				}
 			}
 			if !cc.WaitForStateChange(ctx, s) {
 				// ctx got timeout or canceled.
@@ -620,12 +332,75 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	return cc, nil
 }
 
+// chainUnaryClientInterceptors chains all unary client interceptors into one.
+func chainUnaryClientInterceptors(cc *ClientConn) {
+	interceptors := cc.dopts.chainUnaryInts
+	// Prepend dopts.unaryInt to the chaining interceptors if it exists, since unaryInt will
+	// be executed before any other chained interceptors.
+	if cc.dopts.unaryInt != nil {
+		interceptors = append([]UnaryClientInterceptor{cc.dopts.unaryInt}, interceptors...)
+	}
+	var chainedInt UnaryClientInterceptor
+	if len(interceptors) == 0 {
+		chainedInt = nil
+	} else if len(interceptors) == 1 {
+		chainedInt = interceptors[0]
+	} else {
+		chainedInt = func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error {
+			return interceptors[0](ctx, method, req, reply, cc, getChainUnaryInvoker(interceptors, 0, invoker), opts...)
+		}
+	}
+	cc.dopts.unaryInt = chainedInt
+}
+
+// getChainUnaryInvoker recursively generate the chained unary invoker.
+func getChainUnaryInvoker(interceptors []UnaryClientInterceptor, curr int, finalInvoker UnaryInvoker) UnaryInvoker {
+	if curr == len(interceptors)-1 {
+		return finalInvoker
+	}
+	return func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+		return interceptors[curr+1](ctx, method, req, reply, cc, getChainUnaryInvoker(interceptors, curr+1, finalInvoker), opts...)
+	}
+}
+
+// chainStreamClientInterceptors chains all stream client interceptors into one.
+func chainStreamClientInterceptors(cc *ClientConn) {
+	interceptors := cc.dopts.chainStreamInts
+	// Prepend dopts.streamInt to the chaining interceptors if it exists, since streamInt will
+	// be executed before any other chained interceptors.
+	if cc.dopts.streamInt != nil {
+		interceptors = append([]StreamClientInterceptor{cc.dopts.streamInt}, interceptors...)
+	}
+	var chainedInt StreamClientInterceptor
+	if len(interceptors) == 0 {
+		chainedInt = nil
+	} else if len(interceptors) == 1 {
+		chainedInt = interceptors[0]
+	} else {
+		chainedInt = func(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, streamer Streamer, opts ...CallOption) (ClientStream, error) {
+			return interceptors[0](ctx, desc, cc, method, getChainStreamer(interceptors, 0, streamer), opts...)
+		}
+	}
+	cc.dopts.streamInt = chainedInt
+}
+
+// getChainStreamer recursively generate the chained client stream constructor.
+func getChainStreamer(interceptors []StreamClientInterceptor, curr int, finalStreamer Streamer) Streamer {
+	if curr == len(interceptors)-1 {
+		return finalStreamer
+	}
+	return func(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (ClientStream, error) {
+		return interceptors[curr+1](ctx, desc, cc, method, getChainStreamer(interceptors, curr+1, finalStreamer), opts...)
+	}
+}
+
 // connectivityStateManager keeps the connectivity.State of ClientConn.
 // This struct will eventually be exported so the balancers can access it.
 type connectivityStateManager struct {
 	mu         sync.Mutex
 	state      connectivity.State
 	notifyChan chan struct{}
+	channelzID int64
 }
 
 // updateState updates the connectivity.State of ClientConn.
@@ -641,6 +416,12 @@ func (csm *connectivityStateManager) updateState(state connectivity.State) {
 		return
 	}
 	csm.state = state
+	if channelz.IsOn() {
+		channelz.AddTraceEvent(csm.channelzID, &channelz.TraceEventDesc{
+			Desc:     fmt.Sprintf("Channel Connectivity change to %v", state),
+			Severity: channelz.CtINFO,
+		})
+	}
 	if csm.notifyChan != nil {
 		// There are other goroutines waiting on this channel.
 		close(csm.notifyChan)
@@ -663,7 +444,32 @@ func (csm *connectivityStateManager) getNotifyChan() <-chan struct{} {
 	return csm.notifyChan
 }
 
-// ClientConn represents a client connection to an RPC server.
+// ClientConnInterface defines the functions clients need to perform unary and
+// streaming RPCs.  It is implemented by *ClientConn, and is only intended to
+// be referenced by generated code.
+type ClientConnInterface interface {
+	// Invoke performs a unary RPC and returns after the response is received
+	// into reply.
+	Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...CallOption) error
+	// NewStream begins a streaming RPC.
+	NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error)
+}
+
+// Assert *ClientConn implements ClientConnInterface.
+var _ ClientConnInterface = (*ClientConn)(nil)
+
+// ClientConn represents a virtual connection to a conceptual endpoint, to
+// perform RPCs.
+//
+// A ClientConn is free to have zero or more actual connections to the endpoint
+// based on configuration, load, etc. It is also free to determine which actual
+// endpoints to use and may change it every RPC, permitting client-side load
+// balancing.
+//
+// A ClientConn encapsulates a range of functionality including name
+// resolution, TCP connection establishment (with retries and backoff) and TLS
+// handshakes. It also handles errors on established connections by
+// re-resolving the name and reconnecting.
 type ClientConn struct {
 	ctx    context.Context
 	cancel context.CancelFunc
@@ -675,26 +481,22 @@ type ClientConn struct {
 	csMgr        *connectivityStateManager
 
 	balancerBuildOpts balancer.BuildOptions
-	resolverWrapper   *ccResolverWrapper
 	blockingpicker    *pickerWrapper
 
-	mu    sync.RWMutex
-	sc    ServiceConfig
-	scRaw string
-	conns map[*addrConn]struct{}
+	mu              sync.RWMutex
+	resolverWrapper *ccResolverWrapper
+	sc              *ServiceConfig
+	conns           map[*addrConn]struct{}
 	// Keepalive parameter can be updated if a GoAway is received.
 	mkp             keepalive.ClientParameters
 	curBalancerName string
-	preBalancerName string // previous balancer name.
-	curAddresses    []resolver.Address
 	balancerWrapper *ccBalancerWrapper
+	retryThrottler  atomic.Value
 
-	channelzID          int64 // channelz unique identification number
-	czmu                sync.RWMutex
-	callsStarted        int64
-	callsSucceeded      int64
-	callsFailed         int64
-	lastCallStartedTime time.Time
+	firstResolveEvent *grpcsync.Event
+
+	channelzID int64 // channelz unique identification number
+	czData     *channelzData
 }
 
 // WaitForStateChange waits until the connectivity.State of ClientConn changes from sourceState or
@@ -728,9 +530,8 @@ func (cc *ClientConn) scWatcher() {
 			}
 			cc.mu.Lock()
 			// TODO: load balance policy runtime change is ignored.
-			// We may revist this decision in the future.
-			cc.sc = sc
-			cc.scRaw = ""
+			// We may revisit this decision in the future.
+			cc.sc = &sc
 			cc.mu.Unlock()
 		case <-cc.ctx.Done():
 			return
@@ -738,58 +539,123 @@ func (cc *ClientConn) scWatcher() {
 	}
 }
 
-func (cc *ClientConn) handleResolvedAddrs(addrs []resolver.Address, err error) {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-	if cc.conns == nil {
-		// cc was closed.
-		return
+// waitForResolvedAddrs blocks until the resolver has provided addresses or the
+// context expires.  Returns nil unless the context expires first; otherwise
+// returns a status error based on the context.
+func (cc *ClientConn) waitForResolvedAddrs(ctx context.Context) error {
+	// This is on the RPC path, so we use a fast path to avoid the
+	// more-expensive "select" below after the resolver has returned once.
+	if cc.firstResolveEvent.HasFired() {
+		return nil
 	}
+	select {
+	case <-cc.firstResolveEvent.Done():
+		return nil
+	case <-ctx.Done():
+		return status.FromContextError(ctx.Err()).Err()
+	case <-cc.ctx.Done():
+		return ErrClientConnClosing
+	}
+}
+
+var emptyServiceConfig *ServiceConfig
+
+func init() {
+	cfg := parseServiceConfig("{}")
+	if cfg.Err != nil {
+		panic(fmt.Sprintf("impossible error parsing empty service config: %v", cfg.Err))
+	}
+	emptyServiceConfig = cfg.Config.(*ServiceConfig)
+}
 
-	if reflect.DeepEqual(cc.curAddresses, addrs) {
+func (cc *ClientConn) maybeApplyDefaultServiceConfig(addrs []resolver.Address) {
+	if cc.sc != nil {
+		cc.applyServiceConfigAndBalancer(cc.sc, addrs)
 		return
 	}
+	if cc.dopts.defaultServiceConfig != nil {
+		cc.applyServiceConfigAndBalancer(cc.dopts.defaultServiceConfig, addrs)
+	} else {
+		cc.applyServiceConfigAndBalancer(emptyServiceConfig, addrs)
+	}
+}
+
+func (cc *ClientConn) updateResolverState(s resolver.State, err error) error {
+	defer cc.firstResolveEvent.Fire()
+	cc.mu.Lock()
+	// Check if the ClientConn is already closed. Some fields (e.g.
+	// balancerWrapper) are set to nil when closing the ClientConn, and could
+	// cause nil pointer panic if we don't have this check.
+	if cc.conns == nil {
+		cc.mu.Unlock()
+		return nil
+	}
 
-	cc.curAddresses = addrs
+	if err != nil {
+		// May need to apply the initial service config in case the resolver
+		// doesn't support service configs, or doesn't provide a service config
+		// with the new addresses.
+		cc.maybeApplyDefaultServiceConfig(nil)
 
-	if cc.dopts.balancerBuilder == nil {
-		// Only look at balancer types and switch balancer if balancer dial
-		// option is not set.
-		var isGRPCLB bool
-		for _, a := range addrs {
-			if a.Type == resolver.GRPCLB {
-				isGRPCLB = true
-				break
-			}
+		if cc.balancerWrapper != nil {
+			cc.balancerWrapper.resolverError(err)
 		}
-		var newBalancerName string
-		if isGRPCLB {
-			newBalancerName = grpclbName
+
+		// No addresses are valid with err set; return early.
+		cc.mu.Unlock()
+		return balancer.ErrBadResolverState
+	}
+
+	var ret error
+	if cc.dopts.disableServiceConfig || s.ServiceConfig == nil {
+		cc.maybeApplyDefaultServiceConfig(s.Addresses)
+		// TODO: do we need to apply a failing LB policy if there is no
+		// default, per the error handling design?
+	} else {
+		if sc, ok := s.ServiceConfig.Config.(*ServiceConfig); s.ServiceConfig.Err == nil && ok {
+			cc.applyServiceConfigAndBalancer(sc, s.Addresses)
 		} else {
-			// Address list doesn't contain grpclb address. Try to pick a
-			// non-grpclb balancer.
-			newBalancerName = cc.curBalancerName
-			// If current balancer is grpclb, switch to the previous one.
-			if newBalancerName == grpclbName {
-				newBalancerName = cc.preBalancerName
-			}
-			// The following could be true in two cases:
-			// - the first time handling resolved addresses
-			//   (curBalancerName="")
-			// - the first time handling non-grpclb addresses
-			//   (curBalancerName="grpclb", preBalancerName="")
-			if newBalancerName == "" {
-				newBalancerName = PickFirstBalancerName
+			ret = balancer.ErrBadResolverState
+			if cc.balancerWrapper == nil {
+				var err error
+				if s.ServiceConfig.Err != nil {
+					err = status.Errorf(codes.Unavailable, "error parsing service config: %v", s.ServiceConfig.Err)
+				} else {
+					err = status.Errorf(codes.Unavailable, "illegal service config type: %T", s.ServiceConfig.Config)
+				}
+				cc.blockingpicker.updatePicker(base.NewErrPicker(err))
+				cc.csMgr.updateState(connectivity.TransientFailure)
+				cc.mu.Unlock()
+				return ret
 			}
 		}
-		cc.switchBalancer(newBalancerName)
-	} else if cc.balancerWrapper == nil {
-		// Balancer dial option was set, and this is the first time handling
-		// resolved addresses. Build a balancer with dopts.balancerBuilder.
-		cc.balancerWrapper = newCCBalancerWrapper(cc, cc.dopts.balancerBuilder, cc.balancerBuildOpts)
 	}
 
-	cc.balancerWrapper.handleResolvedAddrs(addrs, nil)
+	var balCfg serviceconfig.LoadBalancingConfig
+	if cc.dopts.balancerBuilder == nil && cc.sc != nil && cc.sc.lbConfig != nil {
+		balCfg = cc.sc.lbConfig.cfg
+	}
+
+	cbn := cc.curBalancerName
+	bw := cc.balancerWrapper
+	cc.mu.Unlock()
+	if cbn != grpclbName {
+		// Filter any grpclb addresses since we don't have the grpclb balancer.
+		for i := 0; i < len(s.Addresses); {
+			if s.Addresses[i].Type == resolver.GRPCLB {
+				copy(s.Addresses[i:], s.Addresses[i+1:])
+				s.Addresses = s.Addresses[:len(s.Addresses)-1]
+				continue
+			}
+			i++
+		}
+	}
+	uccsErr := bw.updateClientConnState(&balancer.ClientConnState{ResolverState: s, BalancerConfig: balCfg})
+	if ret == nil {
+		ret = uccsErr // prefer ErrBadResolver state since any other error is
+		// currently meaningless to the caller.
+	}
+	return ret
 }
 
 // switchBalancer starts the switching from current balancer to the balancer
@@ -801,11 +667,7 @@ func (cc *ClientConn) handleResolvedAddrs(addrs []resolver.Address, err error) {
 //
 // Caller must hold cc.mu.
 func (cc *ClientConn) switchBalancer(name string) {
-	if cc.conns == nil {
-		return
-	}
-
-	if strings.ToLower(cc.curBalancerName) == strings.ToLower(name) {
+	if strings.EqualFold(cc.curBalancerName, name) {
 		return
 	}
 
@@ -814,25 +676,34 @@ func (cc *ClientConn) switchBalancer(name string) {
 		grpclog.Infoln("ignoring balancer switching: Balancer DialOption used instead")
 		return
 	}
-	// TODO(bar switching) change this to two steps: drain and close.
-	// Keep track of sc in wrapper.
 	if cc.balancerWrapper != nil {
 		cc.balancerWrapper.close()
 	}
-	// Clear all stickiness state.
-	cc.blockingpicker.clearStickinessState()
 
 	builder := balancer.Get(name)
+	if channelz.IsOn() {
+		if builder == nil {
+			channelz.AddTraceEvent(cc.channelzID, &channelz.TraceEventDesc{
+				Desc:     fmt.Sprintf("Channel switches to new LB policy %q due to fallback from invalid balancer name", PickFirstBalancerName),
+				Severity: channelz.CtWarning,
+			})
+		} else {
+			channelz.AddTraceEvent(cc.channelzID, &channelz.TraceEventDesc{
+				Desc:     fmt.Sprintf("Channel switches to new LB policy %q", name),
+				Severity: channelz.CtINFO,
+			})
+		}
+	}
 	if builder == nil {
 		grpclog.Infof("failed to get balancer builder for: %v, using pick_first instead", name)
 		builder = newPickfirstBuilder()
 	}
-	cc.preBalancerName = cc.curBalancerName
+
 	cc.curBalancerName = builder.Name()
 	cc.balancerWrapper = newCCBalancerWrapper(cc, builder, cc.balancerBuildOpts)
 }
 
-func (cc *ClientConn) handleSubConnStateChange(sc balancer.SubConn, s connectivity.State) {
+func (cc *ClientConn) handleSubConnStateChange(sc balancer.SubConn, s connectivity.State, err error) {
 	cc.mu.Lock()
 	if cc.conns == nil {
 		cc.mu.Unlock()
@@ -840,18 +711,21 @@ func (cc *ClientConn) handleSubConnStateChange(sc balancer.SubConn, s connectivi
 	}
 	// TODO(bar switching) send updates to all balancer wrappers when balancer
 	// gracefully switching is supported.
-	cc.balancerWrapper.handleSubConnStateChange(sc, s)
+	cc.balancerWrapper.handleSubConnStateChange(sc, s, err)
 	cc.mu.Unlock()
 }
 
 // newAddrConn creates an addrConn for addrs and adds it to cc.conns.
 //
 // Caller needs to make sure len(addrs) > 0.
-func (cc *ClientConn) newAddrConn(addrs []resolver.Address) (*addrConn, error) {
+func (cc *ClientConn) newAddrConn(addrs []resolver.Address, opts balancer.NewSubConnOptions) (*addrConn, error) {
 	ac := &addrConn{
-		cc:    cc,
-		addrs: addrs,
-		dopts: cc.dopts,
+		cc:           cc,
+		addrs:        addrs,
+		scopts:       opts,
+		dopts:        cc.dopts,
+		czData:       new(channelzData),
+		resetBackoff: make(chan struct{}),
 	}
 	ac.ctx, ac.cancel = context.WithCancel(cc.ctx)
 	// Track ac in cc. This needs to be done before any getTransport(...) is called.
@@ -862,6 +736,14 @@ func (cc *ClientConn) newAddrConn(addrs []resolver.Address) (*addrConn, error) {
 	}
 	if channelz.IsOn() {
 		ac.channelzID = channelz.RegisterSubChannel(ac, cc.channelzID, "")
+		channelz.AddTraceEvent(ac.channelzID, &channelz.TraceEventDesc{
+			Desc:     "Subchannel Created",
+			Severity: channelz.CtINFO,
+			Parent: &channelz.TraceEventDesc{
+				Desc:     fmt.Sprintf("Subchannel(id:%d) created", ac.channelzID),
+				Severity: channelz.CtINFO,
+			},
+		})
 	}
 	cc.conns[ac] = struct{}{}
 	cc.mu.Unlock()
@@ -881,47 +763,39 @@ func (cc *ClientConn) removeAddrConn(ac *addrConn, err error) {
 	ac.tearDown(err)
 }
 
-// ChannelzMetric returns ChannelInternalMetric of current ClientConn.
-// This is an EXPERIMENTAL API.
-func (cc *ClientConn) ChannelzMetric() *channelz.ChannelInternalMetric {
-	state := cc.GetState()
-	cc.czmu.RLock()
-	defer cc.czmu.RUnlock()
+func (cc *ClientConn) channelzMetric() *channelz.ChannelInternalMetric {
 	return &channelz.ChannelInternalMetric{
-		State:                    state,
+		State:                    cc.GetState(),
 		Target:                   cc.target,
-		CallsStarted:             cc.callsStarted,
-		CallsSucceeded:           cc.callsSucceeded,
-		CallsFailed:              cc.callsFailed,
-		LastCallStartedTimestamp: cc.lastCallStartedTime,
+		CallsStarted:             atomic.LoadInt64(&cc.czData.callsStarted),
+		CallsSucceeded:           atomic.LoadInt64(&cc.czData.callsSucceeded),
+		CallsFailed:              atomic.LoadInt64(&cc.czData.callsFailed),
+		LastCallStartedTimestamp: time.Unix(0, atomic.LoadInt64(&cc.czData.lastCallStartedTime)),
 	}
 }
 
+// Target returns the target string of the ClientConn.
+// This is an EXPERIMENTAL API.
+func (cc *ClientConn) Target() string {
+	return cc.target
+}
+
 func (cc *ClientConn) incrCallsStarted() {
-	cc.czmu.Lock()
-	cc.callsStarted++
-	// TODO(yuxuanli): will make this a time.Time pointer improve performance?
-	cc.lastCallStartedTime = time.Now()
-	cc.czmu.Unlock()
+	atomic.AddInt64(&cc.czData.callsStarted, 1)
+	atomic.StoreInt64(&cc.czData.lastCallStartedTime, time.Now().UnixNano())
 }
 
 func (cc *ClientConn) incrCallsSucceeded() {
-	cc.czmu.Lock()
-	cc.callsSucceeded++
-	cc.czmu.Unlock()
+	atomic.AddInt64(&cc.czData.callsSucceeded, 1)
 }
 
 func (cc *ClientConn) incrCallsFailed() {
-	cc.czmu.Lock()
-	cc.callsFailed++
-	cc.czmu.Unlock()
+	atomic.AddInt64(&cc.czData.callsFailed, 1)
 }
 
-// connect starts to creating transport and also starts the transport monitor
-// goroutine for this ac.
+// connect starts creating a transport.
 // It does nothing if the ac is not IDLE.
 // TODO(bar) Move this to the addrConn section.
-// This was part of resetAddrConn, keep it here to make the diff look clean.
 func (ac *addrConn) connect() error {
 	ac.mu.Lock()
 	if ac.state == connectivity.Shutdown {
@@ -932,28 +806,28 @@ func (ac *addrConn) connect() error {
 		ac.mu.Unlock()
 		return nil
 	}
-	ac.state = connectivity.Connecting
-	ac.cc.handleSubConnStateChange(ac.acbw, ac.state)
+	// Update connectivity state within the lock to prevent subsequent or
+	// concurrent calls from resetting the transport more than once.
+	ac.updateConnectivityState(connectivity.Connecting, nil)
 	ac.mu.Unlock()
 
 	// Start a goroutine connecting to the server asynchronously.
-	go func() {
-		if err := ac.resetTransport(); err != nil {
-			grpclog.Warningf("Failed to dial %s: %v; please retry.", ac.addrs[0].Addr, err)
-			if err != errConnClosing {
-				// Keep this ac in cc.conns, to get the reason it's torn down.
-				ac.tearDown(err)
-			}
-			return
-		}
-		ac.transportMonitor()
-	}()
+	go ac.resetTransport()
 	return nil
 }
 
 // tryUpdateAddrs tries to update ac.addrs with the new addresses list.
 //
-// It checks whether current connected address of ac is in the new addrs list.
+// If ac is Connecting, it returns false. The caller should tear down the ac and
+// create a new one. Note that the backoff will be reset when this happens.
+//
+// If ac is TransientFailure, it updates ac.addrs and returns true. The updated
+// addresses will be picked up by retry in the next iteration after backoff.
+//
+// If ac is Shutdown or Idle, it updates ac.addrs and returns true.
+//
+// If ac is Ready, it checks whether current connected address of ac is in the
+// new addrs list.
 //  - If true, it updates ac.addrs and returns true. The ac will keep using
 //    the existing connection.
 //  - If false, it does nothing and returns false.
@@ -961,11 +835,18 @@ func (ac *addrConn) tryUpdateAddrs(addrs []resolver.Address) bool {
 	ac.mu.Lock()
 	defer ac.mu.Unlock()
 	grpclog.Infof("addrConn: tryUpdateAddrs curAddr: %v, addrs: %v", ac.curAddr, addrs)
-	if ac.state == connectivity.Shutdown {
+	if ac.state == connectivity.Shutdown ||
+		ac.state == connectivity.TransientFailure ||
+		ac.state == connectivity.Idle {
 		ac.addrs = addrs
 		return true
 	}
 
+	if ac.state == connectivity.Connecting {
+		return false
+	}
+
+	// ac.state is Ready, try to find the connected address.
 	var curAddrFound bool
 	for _, a := range addrs {
 		if reflect.DeepEqual(ac.curAddr, a) {
@@ -976,7 +857,6 @@ func (ac *addrConn) tryUpdateAddrs(addrs []resolver.Address) bool {
 	grpclog.Infof("addrConn: tryUpdateAddrs curAddrFound: %v", curAddrFound)
 	if curAddrFound {
 		ac.addrs = addrs
-		ac.reconnectIdx = 0 // Start reconnecting from beginning in the new list.
 	}
 
 	return curAddrFound
@@ -993,6 +873,9 @@ func (cc *ClientConn) GetMethodConfig(method string) MethodConfig {
 	// TODO: Avoid the locking here.
 	cc.mu.RLock()
 	defer cc.mu.RUnlock()
+	if cc.sc == nil {
+		return MethodConfig{}
+	}
 	m, ok := cc.sc.Methods[method]
 	if !ok {
 		i := strings.LastIndex(method, "/")
@@ -1001,66 +884,105 @@ func (cc *ClientConn) GetMethodConfig(method string) MethodConfig {
 	return m
 }
 
-func (cc *ClientConn) getTransport(ctx context.Context, failfast bool) (transport.ClientTransport, func(balancer.DoneInfo), error) {
-	t, done, err := cc.blockingpicker.pick(ctx, failfast, balancer.PickOptions{})
+func (cc *ClientConn) healthCheckConfig() *healthCheckConfig {
+	cc.mu.RLock()
+	defer cc.mu.RUnlock()
+	if cc.sc == nil {
+		return nil
+	}
+	return cc.sc.healthCheckConfig
+}
+
+func (cc *ClientConn) getTransport(ctx context.Context, failfast bool, method string) (transport.ClientTransport, func(balancer.DoneInfo), error) {
+	t, done, err := cc.blockingpicker.pick(ctx, failfast, balancer.PickInfo{
+		Ctx:            ctx,
+		FullMethodName: method,
+	})
 	if err != nil {
 		return nil, nil, toRPCErr(err)
 	}
 	return t, done, nil
 }
 
-// handleServiceConfig parses the service config string in JSON format to Go native
-// struct ServiceConfig, and store both the struct and the JSON string in ClientConn.
-func (cc *ClientConn) handleServiceConfig(js string) error {
-	if cc.dopts.disableServiceConfig {
-		return nil
-	}
-	sc, err := parseServiceConfig(js)
-	if err != nil {
-		return err
+func (cc *ClientConn) applyServiceConfigAndBalancer(sc *ServiceConfig, addrs []resolver.Address) {
+	if sc == nil {
+		// should never reach here.
+		return
 	}
-	cc.mu.Lock()
-	cc.scRaw = js
 	cc.sc = sc
-	if sc.LB != nil && *sc.LB != grpclbName { // "grpclb" is not a valid balancer option in service config.
-		if cc.curBalancerName == grpclbName {
-			// If current balancer is grpclb, there's at least one grpclb
-			// balancer address in the resolved list. Don't switch the balancer,
-			// but change the previous balancer name, so if a new resolved
-			// address list doesn't contain grpclb address, balancer will be
-			// switched to *sc.LB.
-			cc.preBalancerName = *sc.LB
-		} else {
-			cc.switchBalancer(*sc.LB)
-			cc.balancerWrapper.handleResolvedAddrs(cc.curAddresses, nil)
+
+	if cc.sc.retryThrottling != nil {
+		newThrottler := &retryThrottler{
+			tokens: cc.sc.retryThrottling.MaxTokens,
+			max:    cc.sc.retryThrottling.MaxTokens,
+			thresh: cc.sc.retryThrottling.MaxTokens / 2,
+			ratio:  cc.sc.retryThrottling.TokenRatio,
 		}
+		cc.retryThrottler.Store(newThrottler)
+	} else {
+		cc.retryThrottler.Store((*retryThrottler)(nil))
 	}
 
-	if envConfigStickinessOn {
-		var newStickinessMDKey string
-		if sc.stickinessMetadataKey != nil && *sc.stickinessMetadataKey != "" {
-			newStickinessMDKey = *sc.stickinessMetadataKey
+	if cc.dopts.balancerBuilder == nil {
+		// Only look at balancer types and switch balancer if balancer dial
+		// option is not set.
+		var newBalancerName string
+		if cc.sc != nil && cc.sc.lbConfig != nil {
+			newBalancerName = cc.sc.lbConfig.name
+		} else {
+			var isGRPCLB bool
+			for _, a := range addrs {
+				if a.Type == resolver.GRPCLB {
+					isGRPCLB = true
+					break
+				}
+			}
+			if isGRPCLB {
+				newBalancerName = grpclbName
+			} else if cc.sc != nil && cc.sc.LB != nil {
+				newBalancerName = *cc.sc.LB
+			} else {
+				newBalancerName = PickFirstBalancerName
+			}
 		}
-		// newStickinessMDKey is "" if one of the following happens:
-		// - stickinessMetadataKey is set to ""
-		// - stickinessMetadataKey field doesn't exist in service config
-		cc.blockingpicker.updateStickinessMDKey(strings.ToLower(newStickinessMDKey))
+		cc.switchBalancer(newBalancerName)
+	} else if cc.balancerWrapper == nil {
+		// Balancer dial option was set, and this is the first time handling
+		// resolved addresses. Build a balancer with dopts.balancerBuilder.
+		cc.curBalancerName = cc.dopts.balancerBuilder.Name()
+		cc.balancerWrapper = newCCBalancerWrapper(cc, cc.dopts.balancerBuilder, cc.balancerBuildOpts)
 	}
-
-	cc.mu.Unlock()
-	return nil
 }
 
-func (cc *ClientConn) resolveNow(o resolver.ResolveNowOption) {
-	cc.mu.Lock()
+func (cc *ClientConn) resolveNow(o resolver.ResolveNowOptions) {
+	cc.mu.RLock()
 	r := cc.resolverWrapper
-	cc.mu.Unlock()
+	cc.mu.RUnlock()
 	if r == nil {
 		return
 	}
 	go r.resolveNow(o)
 }
 
+// ResetConnectBackoff wakes up all subchannels in transient failure and causes
+// them to attempt another connection immediately.  It also resets the backoff
+// times used for subsequent attempts regardless of the current state.
+//
+// In general, this function should not be used.  Typical service or network
+// outages result in a reasonable client reconnection strategy by default.
+// However, if a previously unavailable network becomes available, this may be
+// used to trigger an immediate reconnect.
+//
+// This API is EXPERIMENTAL.
+func (cc *ClientConn) ResetConnectBackoff() {
+	cc.mu.Lock()
+	conns := cc.conns
+	cc.mu.Unlock()
+	for ac := range conns {
+		ac.resetConnectBackoff()
+	}
+}
+
 // Close tears down the ClientConn and all underlying connections.
 func (cc *ClientConn) Close() error {
 	defer cc.cancel()
@@ -1093,6 +1015,19 @@ func (cc *ClientConn) Close() error {
 		ac.tearDown(ErrClientConnClosing)
 	}
 	if channelz.IsOn() {
+		ted := &channelz.TraceEventDesc{
+			Desc:     "Channel Deleted",
+			Severity: channelz.CtINFO,
+		}
+		if cc.dopts.channelzParentID != 0 {
+			ted.Parent = &channelz.TraceEventDesc{
+				Desc:     fmt.Sprintf("Nested channel(id:%d) deleted", cc.channelzID),
+				Severity: channelz.CtINFO,
+			}
+		}
+		channelz.AddTraceEvent(cc.channelzID, ted)
+		// TraceEvent needs to be called before RemoveEntry, as TraceEvent may add trace reference to
+		// the entity being deleted, and thus prevent it from being deleted right away.
 		channelz.RemoveEntry(cc.channelzID)
 	}
 	return nil
@@ -1104,37 +1039,45 @@ type addrConn struct {
 	cancel context.CancelFunc
 
 	cc     *ClientConn
-	addrs  []resolver.Address
 	dopts  dialOptions
-	events trace.EventLog
 	acbw   balancer.SubConn
+	scopts balancer.NewSubConnOptions
 
-	mu           sync.Mutex
-	curAddr      resolver.Address
-	reconnectIdx int // The index in addrs list to start reconnecting from.
-	state        connectivity.State
-	// ready is closed and becomes nil when a new transport is up or failed
-	// due to timeout.
-	ready     chan struct{}
-	transport transport.ClientTransport
-
-	// The reason this addrConn is torn down.
-	tearDownErr error
-
-	connectRetryNum int
-	// backoffDeadline is the time until which resetTransport needs to
-	// wait before increasing connectRetryNum count.
-	backoffDeadline time.Time
-	// connectDeadline is the time by which all connection
-	// negotiations must complete.
-	connectDeadline time.Time
-
-	channelzID          int64 // channelz unique identification number
-	czmu                sync.RWMutex
-	callsStarted        int64
-	callsSucceeded      int64
-	callsFailed         int64
-	lastCallStartedTime time.Time
+	// transport is set when there's a viable transport (note: ac state may not be READY as LB channel
+	// health checking may require server to report healthy to set ac to READY), and is reset
+	// to nil when the current transport should no longer be used to create a stream (e.g. after GoAway
+	// is received, transport is closed, ac has been torn down).
+	transport transport.ClientTransport // The current transport.
+
+	mu      sync.Mutex
+	curAddr resolver.Address   // The current address.
+	addrs   []resolver.Address // All addresses that the resolver resolved to.
+
+	// Use updateConnectivityState for updating addrConn's connectivity state.
+	state connectivity.State
+
+	backoffIdx   int // Needs to be stateful for resetConnectBackoff.
+	resetBackoff chan struct{}
+
+	channelzID int64 // channelz unique identification number.
+	czData     *channelzData
+}
+
+// Note: this requires a lock on ac.mu.
+func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error) {
+	if ac.state == s {
+		return
+	}
+
+	updateMsg := fmt.Sprintf("Subchannel Connectivity change to %v", s)
+	ac.state = s
+	if channelz.IsOn() {
+		channelz.AddTraceEvent(ac.channelzID, &channelz.TraceEventDesc{
+			Desc:     updateMsg,
+			Severity: channelz.CtINFO,
+		})
+	}
+	ac.cc.handleSubConnStateChange(ac.acbw, s, lastErr)
 }
 
 // adjustParams updates parameters used to create transports upon
@@ -1151,329 +1094,317 @@ func (ac *addrConn) adjustParams(r transport.GoAwayReason) {
 	}
 }
 
-// printf records an event in ac's event log, unless ac has been closed.
-// REQUIRES ac.mu is held.
-func (ac *addrConn) printf(format string, a ...interface{}) {
-	if ac.events != nil {
-		ac.events.Printf(format, a...)
-	}
-}
-
-// errorf records an error in ac's event log, unless ac has been closed.
-// REQUIRES ac.mu is held.
-func (ac *addrConn) errorf(format string, a ...interface{}) {
-	if ac.events != nil {
-		ac.events.Errorf(format, a...)
-	}
-}
+func (ac *addrConn) resetTransport() {
+	for i := 0; ; i++ {
+		if i > 0 {
+			ac.cc.resolveNow(resolver.ResolveNowOptions{})
+		}
 
-// resetTransport recreates a transport to the address for ac.  The old
-// transport will close itself on error or when the clientconn is closed.
-// The created transport must receive initial settings frame from the server.
-// In case that doesn't happen, transportMonitor will kill the newly created
-// transport after connectDeadline has expired.
-// In case there was an error on the transport before the settings frame was
-// received, resetTransport resumes connecting to backends after the one that
-// was previously connected to. In case end of the list is reached, resetTransport
-// backs off until the original deadline.
-// If the DialOption WithWaitForHandshake was set, resetTrasport returns
-// successfully only after server settings are received.
-//
-// TODO(bar) make sure all state transitions are valid.
-func (ac *addrConn) resetTransport() error {
-	ac.mu.Lock()
-	if ac.state == connectivity.Shutdown {
-		ac.mu.Unlock()
-		return errConnClosing
-	}
-	if ac.ready != nil {
-		close(ac.ready)
-		ac.ready = nil
-	}
-	ac.transport = nil
-	ridx := ac.reconnectIdx
-	ac.mu.Unlock()
-	ac.cc.mu.RLock()
-	ac.dopts.copts.KeepaliveParams = ac.cc.mkp
-	ac.cc.mu.RUnlock()
-	var backoffDeadline, connectDeadline time.Time
-	for connectRetryNum := 0; ; connectRetryNum++ {
 		ac.mu.Lock()
-		if ac.backoffDeadline.IsZero() {
-			// This means either a successful HTTP2 connection was established
-			// or this is the first time this addrConn is trying to establish a
-			// connection.
-			backoffFor := ac.dopts.bs.backoff(connectRetryNum) // time.Duration.
-			// This will be the duration that dial gets to finish.
-			dialDuration := getMinConnectTimeout()
-			if backoffFor > dialDuration {
-				// Give dial more time as we keep failing to connect.
-				dialDuration = backoffFor
-			}
-			start := time.Now()
-			backoffDeadline = start.Add(backoffFor)
-			connectDeadline = start.Add(dialDuration)
-			ridx = 0 // Start connecting from the beginning.
-		} else {
-			// Continue trying to connect with the same deadlines.
-			connectRetryNum = ac.connectRetryNum
-			backoffDeadline = ac.backoffDeadline
-			connectDeadline = ac.connectDeadline
-			ac.backoffDeadline = time.Time{}
-			ac.connectDeadline = time.Time{}
-			ac.connectRetryNum = 0
-		}
 		if ac.state == connectivity.Shutdown {
 			ac.mu.Unlock()
-			return errConnClosing
-		}
-		ac.printf("connecting")
-		if ac.state != connectivity.Connecting {
-			ac.state = connectivity.Connecting
-			ac.cc.handleSubConnStateChange(ac.acbw, ac.state)
-		}
-		// copy ac.addrs in case of race
-		addrsIter := make([]resolver.Address, len(ac.addrs))
-		copy(addrsIter, ac.addrs)
-		copts := ac.dopts.copts
-		ac.mu.Unlock()
-		connected, err := ac.createTransport(connectRetryNum, ridx, backoffDeadline, connectDeadline, addrsIter, copts)
-		if err != nil {
-			return err
-		}
-		if connected {
-			return nil
+			return
 		}
-	}
-}
 
-// createTransport creates a connection to one of the backends in addrs.
-// It returns true if a connection was established.
-func (ac *addrConn) createTransport(connectRetryNum, ridx int, backoffDeadline, connectDeadline time.Time, addrs []resolver.Address, copts transport.ConnectOptions) (bool, error) {
-	for i := ridx; i < len(addrs); i++ {
-		addr := addrs[i]
-		target := transport.TargetInfo{
-			Addr:      addr.Addr,
-			Metadata:  addr.Metadata,
-			Authority: ac.cc.authority,
+		addrs := ac.addrs
+		backoffFor := ac.dopts.bs.Backoff(ac.backoffIdx)
+		// This will be the duration that dial gets to finish.
+		dialDuration := minConnectTimeout
+		if ac.dopts.minConnectTimeout != nil {
+			dialDuration = ac.dopts.minConnectTimeout()
 		}
-		done := make(chan struct{})
-		onPrefaceReceipt := func() {
-			ac.mu.Lock()
-			close(done)
-			if !ac.backoffDeadline.IsZero() {
-				// If we haven't already started reconnecting to
-				// other backends.
-				// Note, this can happen when writer notices an error
-				// and triggers resetTransport while at the same time
-				// reader receives the preface and invokes this closure.
-				ac.backoffDeadline = time.Time{}
-				ac.connectDeadline = time.Time{}
-				ac.connectRetryNum = 0
-			}
-			ac.mu.Unlock()
-		}
-		// Do not cancel in the success path because of
-		// this issue in Go1.6: https://github.com/golang/go/issues/15078.
-		connectCtx, cancel := context.WithDeadline(ac.ctx, connectDeadline)
-		if channelz.IsOn() {
-			copts.ChannelzParentID = ac.channelzID
+
+		if dialDuration < backoffFor {
+			// Give dial more time as we keep failing to connect.
+			dialDuration = backoffFor
 		}
-		newTr, err := transport.NewClientTransport(connectCtx, ac.cc.ctx, target, copts, onPrefaceReceipt)
+		// We can potentially spend all the time trying the first address, and
+		// if the server accepts the connection and then hangs, the following
+		// addresses will never be tried.
+		//
+		// The spec doesn't mention what should be done for multiple addresses.
+		// https://github.com/grpc/grpc/blob/master/doc/connection-backoff.md#proposed-backoff-algorithm
+		connectDeadline := time.Now().Add(dialDuration)
+
+		ac.updateConnectivityState(connectivity.Connecting, nil)
+		ac.transport = nil
+		ac.mu.Unlock()
+
+		newTr, addr, reconnect, err := ac.tryAllAddrs(addrs, connectDeadline)
 		if err != nil {
-			cancel()
-			ac.cc.blockingpicker.updateConnectionError(err)
+			// After exhausting all addresses, the addrConn enters
+			// TRANSIENT_FAILURE.
 			ac.mu.Lock()
 			if ac.state == connectivity.Shutdown {
-				// ac.tearDown(...) has been invoked.
 				ac.mu.Unlock()
-				return false, errConnClosing
+				return
 			}
+			ac.updateConnectivityState(connectivity.TransientFailure, err)
+
+			// Backoff.
+			b := ac.resetBackoff
 			ac.mu.Unlock()
-			grpclog.Warningf("grpc: addrConn.createTransport failed to connect to %v. Err :%v. Reconnecting...", addr, err)
-			continue
-		}
-		if ac.dopts.waitForHandshake {
+
+			timer := time.NewTimer(backoffFor)
 			select {
-			case <-done:
-			case <-connectCtx.Done():
-				// Didn't receive server preface, must kill this new transport now.
-				grpclog.Warningf("grpc: addrConn.createTransport failed to receive server preface before deadline.")
-				newTr.Close()
-				break
+			case <-timer.C:
+				ac.mu.Lock()
+				ac.backoffIdx++
+				ac.mu.Unlock()
+			case <-b:
+				timer.Stop()
 			case <-ac.ctx.Done():
+				timer.Stop()
+				return
 			}
+			continue
 		}
+
 		ac.mu.Lock()
 		if ac.state == connectivity.Shutdown {
 			ac.mu.Unlock()
-			// ac.tearDonn(...) has been invoked.
 			newTr.Close()
-			return false, errConnClosing
+			return
 		}
-		ac.printf("ready")
-		ac.state = connectivity.Ready
-		ac.cc.handleSubConnStateChange(ac.acbw, ac.state)
-		ac.transport = newTr
 		ac.curAddr = addr
-		if ac.ready != nil {
-			close(ac.ready)
-			ac.ready = nil
-		}
-		select {
-		case <-done:
-			// If the server has responded back with preface already,
-			// don't set the reconnect parameters.
-		default:
-			ac.connectRetryNum = connectRetryNum
-			ac.backoffDeadline = backoffDeadline
-			ac.connectDeadline = connectDeadline
-			ac.reconnectIdx = i + 1 // Start reconnecting from the next backend in the list.
-		}
-		ac.mu.Unlock()
-		return true, nil
-	}
-	ac.mu.Lock()
-	if ac.state == connectivity.Shutdown {
+		ac.transport = newTr
+		ac.backoffIdx = 0
+
+		hctx, hcancel := context.WithCancel(ac.ctx)
+		ac.startHealthCheck(hctx)
 		ac.mu.Unlock()
-		return false, errConnClosing
-	}
-	ac.state = connectivity.TransientFailure
-	ac.cc.handleSubConnStateChange(ac.acbw, ac.state)
-	ac.cc.resolveNow(resolver.ResolveNowOption{})
-	if ac.ready != nil {
-		close(ac.ready)
-		ac.ready = nil
-	}
-	ac.mu.Unlock()
-	timer := time.NewTimer(backoffDeadline.Sub(time.Now()))
-	select {
-	case <-timer.C:
-	case <-ac.ctx.Done():
-		timer.Stop()
-		return false, ac.ctx.Err()
-	}
-	return false, nil
-}
 
-// Run in a goroutine to track the error in transport and create the
-// new transport if an error happens. It returns when the channel is closing.
-func (ac *addrConn) transportMonitor() {
-	for {
-		var timer *time.Timer
-		var cdeadline <-chan time.Time
+		// Block until the created transport is down. And when this happens,
+		// we restart from the top of the addr list.
+		<-reconnect.Done()
+		hcancel()
+		// restart connecting - the top of the loop will set state to
+		// CONNECTING.  This is against the current connectivity semantics doc,
+		// however it allows for graceful behavior for RPCs not yet dispatched
+		// - unfortunate timing would otherwise lead to the RPC failing even
+		// though the TRANSIENT_FAILURE state (called for by the doc) would be
+		// instantaneous.
+		//
+		// Ideally we should transition to Idle here and block until there is
+		// RPC activity that leads to the balancer requesting a reconnect of
+		// the associated SubConn.
+	}
+}
+
+// tryAllAddrs tries to creates a connection to the addresses, and stop when at the
+// first successful one. It returns the transport, the address and a Event in
+// the successful case. The Event fires when the returned transport disconnects.
+func (ac *addrConn) tryAllAddrs(addrs []resolver.Address, connectDeadline time.Time) (transport.ClientTransport, resolver.Address, *grpcsync.Event, error) {
+	var firstConnErr error
+	for _, addr := range addrs {
 		ac.mu.Lock()
-		t := ac.transport
-		if !ac.connectDeadline.IsZero() {
-			timer = time.NewTimer(ac.connectDeadline.Sub(time.Now()))
-			cdeadline = timer.C
-		}
-		ac.mu.Unlock()
-		// Block until we receive a goaway or an error occurs.
-		select {
-		case <-t.GoAway():
-			done := t.Error()
-			cleanup := t.Close
-			// Since this transport will be orphaned (won't have a transportMonitor)
-			// we need to launch a goroutine to keep track of clientConn.Close()
-			// happening since it might not be noticed by any other goroutine for a while.
-			go func() {
-				<-done
-				cleanup()
-			}()
-		case <-t.Error():
-			// In case this is triggered because clientConn.Close()
-			// was called, we want to immeditately close the transport
-			// since no other goroutine might notice it for a while.
-			t.Close()
-		case <-cdeadline:
-			ac.mu.Lock()
-			// This implies that client received server preface.
-			if ac.backoffDeadline.IsZero() {
-				ac.mu.Unlock()
-				continue
-			}
+		if ac.state == connectivity.Shutdown {
 			ac.mu.Unlock()
-			timer = nil
-			// No server preface received until deadline.
-			// Kill the connection.
-			grpclog.Warningf("grpc: addrConn.transportMonitor didn't get server preface after waiting. Closing the new transport now.")
-			t.Close()
+			return nil, resolver.Address{}, nil, errConnClosing
 		}
-		if timer != nil {
-			timer.Stop()
+
+		ac.cc.mu.RLock()
+		ac.dopts.copts.KeepaliveParams = ac.cc.mkp
+		ac.cc.mu.RUnlock()
+
+		copts := ac.dopts.copts
+		if ac.scopts.CredsBundle != nil {
+			copts.CredsBundle = ac.scopts.CredsBundle
 		}
-		// If a GoAway happened, regardless of error, adjust our keepalive
-		// parameters as appropriate.
-		select {
-		case <-t.GoAway():
-			ac.adjustParams(t.GetGoAwayReason())
-		default:
+		ac.mu.Unlock()
+
+		if channelz.IsOn() {
+			channelz.AddTraceEvent(ac.channelzID, &channelz.TraceEventDesc{
+				Desc:     fmt.Sprintf("Subchannel picks a new address %q to connect", addr.Addr),
+				Severity: channelz.CtINFO,
+			})
 		}
-		ac.mu.Lock()
-		if ac.state == connectivity.Shutdown {
-			ac.mu.Unlock()
-			return
+
+		newTr, reconnect, err := ac.createTransport(addr, copts, connectDeadline)
+		if err == nil {
+			return newTr, addr, reconnect, nil
 		}
-		// Set connectivity state to TransientFailure before calling
-		// resetTransport. Transition READY->CONNECTING is not valid.
-		ac.state = connectivity.TransientFailure
-		ac.cc.handleSubConnStateChange(ac.acbw, ac.state)
-		ac.cc.resolveNow(resolver.ResolveNowOption{})
-		ac.curAddr = resolver.Address{}
-		ac.mu.Unlock()
-		if err := ac.resetTransport(); err != nil {
-			ac.mu.Lock()
-			ac.printf("transport exiting: %v", err)
-			ac.mu.Unlock()
-			grpclog.Warningf("grpc: addrConn.transportMonitor exits due to: %v", err)
-			if err != errConnClosing {
-				// Keep this ac in cc.conns, to get the reason it's torn down.
-				ac.tearDown(err)
-			}
-			return
+		if firstConnErr == nil {
+			firstConnErr = err
 		}
+		ac.cc.blockingpicker.updateConnectionError(err)
 	}
+
+	// Couldn't connect to any address.
+	return nil, resolver.Address{}, nil, firstConnErr
 }
 
-// wait blocks until i) the new transport is up or ii) ctx is done or iii) ac is closed or
-// iv) transport is in connectivity.TransientFailure and there is a balancer/failfast is true.
-func (ac *addrConn) wait(ctx context.Context, hasBalancer, failfast bool) (transport.ClientTransport, error) {
-	for {
+// createTransport creates a connection to addr. It returns the transport and a
+// Event in the successful case. The Event fires when the returned transport
+// disconnects.
+func (ac *addrConn) createTransport(addr resolver.Address, copts transport.ConnectOptions, connectDeadline time.Time) (transport.ClientTransport, *grpcsync.Event, error) {
+	prefaceReceived := make(chan struct{})
+	onCloseCalled := make(chan struct{})
+	reconnect := grpcsync.NewEvent()
+
+	authority := ac.cc.authority
+	// addr.ServerName takes precedent over ClientConn authority, if present.
+	if addr.ServerName != "" {
+		authority = addr.ServerName
+	}
+
+	target := transport.TargetInfo{
+		Addr:      addr.Addr,
+		Metadata:  addr.Metadata,
+		Authority: authority,
+	}
+
+	once := sync.Once{}
+	onGoAway := func(r transport.GoAwayReason) {
 		ac.mu.Lock()
-		switch {
-		case ac.state == connectivity.Shutdown:
-			if failfast || !hasBalancer {
-				// RPC is failfast or balancer is nil. This RPC should fail with ac.tearDownErr.
-				err := ac.tearDownErr
-				ac.mu.Unlock()
-				return nil, err
+		ac.adjustParams(r)
+		once.Do(func() {
+			if ac.state == connectivity.Ready {
+				// Prevent this SubConn from being used for new RPCs by setting its
+				// state to Connecting.
+				//
+				// TODO: this should be Idle when grpc-go properly supports it.
+				ac.updateConnectivityState(connectivity.Connecting, nil)
 			}
-			ac.mu.Unlock()
-			return nil, errConnClosing
-		case ac.state == connectivity.Ready:
-			ct := ac.transport
-			ac.mu.Unlock()
-			return ct, nil
-		case ac.state == connectivity.TransientFailure:
-			if failfast || hasBalancer {
-				ac.mu.Unlock()
-				return nil, errConnUnavailable
+		})
+		ac.mu.Unlock()
+		reconnect.Fire()
+	}
+
+	onClose := func() {
+		ac.mu.Lock()
+		once.Do(func() {
+			if ac.state == connectivity.Ready {
+				// Prevent this SubConn from being used for new RPCs by setting its
+				// state to Connecting.
+				//
+				// TODO: this should be Idle when grpc-go properly supports it.
+				ac.updateConnectivityState(connectivity.Connecting, nil)
 			}
+		})
+		ac.mu.Unlock()
+		close(onCloseCalled)
+		reconnect.Fire()
+	}
+
+	onPrefaceReceipt := func() {
+		close(prefaceReceived)
+	}
+
+	connectCtx, cancel := context.WithDeadline(ac.ctx, connectDeadline)
+	defer cancel()
+	if channelz.IsOn() {
+		copts.ChannelzParentID = ac.channelzID
+	}
+
+	newTr, err := transport.NewClientTransport(connectCtx, ac.cc.ctx, target, copts, onPrefaceReceipt, onGoAway, onClose)
+	if err != nil {
+		// newTr is either nil, or closed.
+		grpclog.Warningf("grpc: addrConn.createTransport failed to connect to %v. Err :%v. Reconnecting...", addr, err)
+		return nil, nil, err
+	}
+
+	select {
+	case <-time.After(time.Until(connectDeadline)):
+		// We didn't get the preface in time.
+		newTr.Close()
+		grpclog.Warningf("grpc: addrConn.createTransport failed to connect to %v: didn't receive server preface in time. Reconnecting...", addr)
+		return nil, nil, errors.New("timed out waiting for server handshake")
+	case <-prefaceReceived:
+		// We got the preface - huzzah! things are good.
+	case <-onCloseCalled:
+		// The transport has already closed - noop.
+		return nil, nil, errors.New("connection closed")
+		// TODO(deklerk) this should bail on ac.ctx.Done(). Add a test and fix.
+	}
+	return newTr, reconnect, nil
+}
+
+// startHealthCheck starts the health checking stream (RPC) to watch the health
+// stats of this connection if health checking is requested and configured.
+//
+// LB channel health checking is enabled when all requirements below are met:
+// 1. it is not disabled by the user with the WithDisableHealthCheck DialOption
+// 2. internal.HealthCheckFunc is set by importing the grpc/healthcheck package
+// 3. a service config with non-empty healthCheckConfig field is provided
+// 4. the load balancer requests it
+//
+// It sets addrConn to READY if the health checking stream is not started.
+//
+// Caller must hold ac.mu.
+func (ac *addrConn) startHealthCheck(ctx context.Context) {
+	var healthcheckManagingState bool
+	defer func() {
+		if !healthcheckManagingState {
+			ac.updateConnectivityState(connectivity.Ready, nil)
 		}
-		ready := ac.ready
-		if ready == nil {
-			ready = make(chan struct{})
-			ac.ready = ready
+	}()
+
+	if ac.cc.dopts.disableHealthCheck {
+		return
+	}
+	healthCheckConfig := ac.cc.healthCheckConfig()
+	if healthCheckConfig == nil {
+		return
+	}
+	if !ac.scopts.HealthCheckEnabled {
+		return
+	}
+	healthCheckFunc := ac.cc.dopts.healthCheckFunc
+	if healthCheckFunc == nil {
+		// The health package is not imported to set health check function.
+		//
+		// TODO: add a link to the health check doc in the error message.
+		grpclog.Error("Health check is requested but health check function is not set.")
+		return
+	}
+
+	healthcheckManagingState = true
+
+	// Set up the health check helper functions.
+	currentTr := ac.transport
+	newStream := func(method string) (interface{}, error) {
+		ac.mu.Lock()
+		if ac.transport != currentTr {
+			ac.mu.Unlock()
+			return nil, status.Error(codes.Canceled, "the provided transport is no longer valid to use")
 		}
 		ac.mu.Unlock()
-		select {
-		case <-ctx.Done():
-			return nil, toRPCErr(ctx.Err())
-		// Wait until the new transport is ready or failed.
-		case <-ready:
+		return newNonRetryClientStream(ctx, &StreamDesc{ServerStreams: true}, method, currentTr, ac)
+	}
+	setConnectivityState := func(s connectivity.State, lastErr error) {
+		ac.mu.Lock()
+		defer ac.mu.Unlock()
+		if ac.transport != currentTr {
+			return
 		}
+		ac.updateConnectivityState(s, lastErr)
 	}
+	// Start the health checking stream.
+	go func() {
+		err := ac.cc.dopts.healthCheckFunc(ctx, newStream, setConnectivityState, healthCheckConfig.ServiceName)
+		if err != nil {
+			if status.Code(err) == codes.Unimplemented {
+				if channelz.IsOn() {
+					channelz.AddTraceEvent(ac.channelzID, &channelz.TraceEventDesc{
+						Desc:     "Subchannel health check is unimplemented at server side, thus health check is disabled",
+						Severity: channelz.CtError,
+					})
+				}
+				grpclog.Error("Subchannel health check is unimplemented at server side, thus health check is disabled")
+			} else {
+				grpclog.Errorf("HealthCheckFunc exits with unexpected error %v", err)
+			}
+		}
+	}()
+}
+
+func (ac *addrConn) resetConnectBackoff() {
+	ac.mu.Lock()
+	close(ac.resetBackoff)
+	ac.backoffIdx = 0
+	ac.resetBackoff = make(chan struct{})
+	ac.mu.Unlock()
 }
 
 // getReadyTransport returns the transport if ac's state is READY.
@@ -1481,7 +1412,7 @@ func (ac *addrConn) wait(ctx context.Context, hasBalancer, failfast bool) (trans
 // If ac's state is IDLE, it will trigger ac to connect.
 func (ac *addrConn) getReadyTransport() (transport.ClientTransport, bool) {
 	ac.mu.Lock()
-	if ac.state == connectivity.Ready {
+	if ac.state == connectivity.Ready && ac.transport != nil {
 		t := ac.transport
 		ac.mu.Unlock()
 		return t, true
@@ -1504,34 +1435,42 @@ func (ac *addrConn) getReadyTransport() (transport.ClientTransport, bool) {
 // tight loop.
 // tearDown doesn't remove ac from ac.cc.conns.
 func (ac *addrConn) tearDown(err error) {
-	ac.cancel()
 	ac.mu.Lock()
-	defer ac.mu.Unlock()
 	if ac.state == connectivity.Shutdown {
+		ac.mu.Unlock()
 		return
 	}
+	curTr := ac.transport
+	ac.transport = nil
+	// We have to set the state to Shutdown before anything else to prevent races
+	// between setting the state and logic that waits on context cancellation / etc.
+	ac.updateConnectivityState(connectivity.Shutdown, nil)
+	ac.cancel()
 	ac.curAddr = resolver.Address{}
-	if err == errConnDrain && ac.transport != nil {
+	if err == errConnDrain && curTr != nil {
 		// GracefulClose(...) may be executed multiple times when
 		// i) receiving multiple GoAway frames from the server; or
 		// ii) there are concurrent name resolver/Balancer triggered
 		// address removal and GoAway.
-		ac.transport.GracefulClose()
-	}
-	ac.state = connectivity.Shutdown
-	ac.tearDownErr = err
-	ac.cc.handleSubConnStateChange(ac.acbw, ac.state)
-	if ac.events != nil {
-		ac.events.Finish()
-		ac.events = nil
-	}
-	if ac.ready != nil {
-		close(ac.ready)
-		ac.ready = nil
+		// We have to unlock and re-lock here because GracefulClose => Close => onClose, which requires locking ac.mu.
+		ac.mu.Unlock()
+		curTr.GracefulClose()
+		ac.mu.Lock()
 	}
 	if channelz.IsOn() {
+		channelz.AddTraceEvent(ac.channelzID, &channelz.TraceEventDesc{
+			Desc:     "Subchannel Deleted",
+			Severity: channelz.CtINFO,
+			Parent: &channelz.TraceEventDesc{
+				Desc:     fmt.Sprintf("Subchanel(id:%d) deleted", ac.channelzID),
+				Severity: channelz.CtINFO,
+			},
+		})
+		// TraceEvent needs to be called before RemoveEntry, as TraceEvent may add trace reference to
+		// the entity being deleted, and thus prevent it from being deleted right away.
 		channelz.RemoveEntry(ac.channelzID)
 	}
+	ac.mu.Unlock()
 }
 
 func (ac *addrConn) getState() connectivity.State {
@@ -1540,47 +1479,76 @@ func (ac *addrConn) getState() connectivity.State {
 	return ac.state
 }
 
-func (ac *addrConn) getCurAddr() (ret resolver.Address) {
-	ac.mu.Lock()
-	ret = ac.curAddr
-	ac.mu.Unlock()
-	return
-}
-
 func (ac *addrConn) ChannelzMetric() *channelz.ChannelInternalMetric {
 	ac.mu.Lock()
 	addr := ac.curAddr.Addr
 	ac.mu.Unlock()
-	state := ac.getState()
-	ac.czmu.RLock()
-	defer ac.czmu.RUnlock()
 	return &channelz.ChannelInternalMetric{
-		State:                    state,
+		State:                    ac.getState(),
 		Target:                   addr,
-		CallsStarted:             ac.callsStarted,
-		CallsSucceeded:           ac.callsSucceeded,
-		CallsFailed:              ac.callsFailed,
-		LastCallStartedTimestamp: ac.lastCallStartedTime,
+		CallsStarted:             atomic.LoadInt64(&ac.czData.callsStarted),
+		CallsSucceeded:           atomic.LoadInt64(&ac.czData.callsSucceeded),
+		CallsFailed:              atomic.LoadInt64(&ac.czData.callsFailed),
+		LastCallStartedTimestamp: time.Unix(0, atomic.LoadInt64(&ac.czData.lastCallStartedTime)),
 	}
 }
 
 func (ac *addrConn) incrCallsStarted() {
-	ac.czmu.Lock()
-	ac.callsStarted++
-	ac.lastCallStartedTime = time.Now()
-	ac.czmu.Unlock()
+	atomic.AddInt64(&ac.czData.callsStarted, 1)
+	atomic.StoreInt64(&ac.czData.lastCallStartedTime, time.Now().UnixNano())
 }
 
 func (ac *addrConn) incrCallsSucceeded() {
-	ac.czmu.Lock()
-	ac.callsSucceeded++
-	ac.czmu.Unlock()
+	atomic.AddInt64(&ac.czData.callsSucceeded, 1)
 }
 
 func (ac *addrConn) incrCallsFailed() {
-	ac.czmu.Lock()
-	ac.callsFailed++
-	ac.czmu.Unlock()
+	atomic.AddInt64(&ac.czData.callsFailed, 1)
+}
+
+type retryThrottler struct {
+	max    float64
+	thresh float64
+	ratio  float64
+
+	mu     sync.Mutex
+	tokens float64 // TODO(dfawley): replace with atomic and remove lock.
+}
+
+// throttle subtracts a retry token from the pool and returns whether a retry
+// should be throttled (disallowed) based upon the retry throttling policy in
+// the service config.
+func (rt *retryThrottler) throttle() bool {
+	if rt == nil {
+		return false
+	}
+	rt.mu.Lock()
+	defer rt.mu.Unlock()
+	rt.tokens--
+	if rt.tokens < 0 {
+		rt.tokens = 0
+	}
+	return rt.tokens <= rt.thresh
+}
+
+func (rt *retryThrottler) successfulRPC() {
+	if rt == nil {
+		return
+	}
+	rt.mu.Lock()
+	defer rt.mu.Unlock()
+	rt.tokens += rt.ratio
+	if rt.tokens > rt.max {
+		rt.tokens = rt.max
+	}
+}
+
+type channelzChannel struct {
+	cc *ClientConn
+}
+
+func (c *channelzChannel) ChannelzMetric() *channelz.ChannelInternalMetric {
+	return c.cc.channelzMetric()
 }
 
 // ErrClientConnTimeout indicates that the ClientConn cannot establish the
@@ -1589,3 +1557,12 @@ func (ac *addrConn) incrCallsFailed() {
 // Deprecated: This error is never returned by grpc and should not be
 // referenced by users.
 var ErrClientConnTimeout = errors.New("grpc: timed out when dialing")
+
+func (cc *ClientConn) getResolver(scheme string) resolver.Builder {
+	for _, rb := range cc.dopts.resolvers {
+		if cc.parsedTarget.Scheme == rb.Scheme() {
+			return rb
+		}
+	}
+	return resolver.Get(cc.parsedTarget.Scheme)
+}
diff --git a/vendor/google.golang.org/grpc/codes/codes.go b/vendor/google.golang.org/grpc/codes/codes.go
index a8280ae660dfa..02738839dd98f 100644
--- a/vendor/google.golang.org/grpc/codes/codes.go
+++ b/vendor/google.golang.org/grpc/codes/codes.go
@@ -22,6 +22,7 @@ package codes // import "google.golang.org/grpc/codes"
 
 import (
 	"fmt"
+	"strconv"
 )
 
 // A Code is an unsigned 32-bit error code as defined in the gRPC spec.
@@ -131,7 +132,8 @@ const (
 
 	// Unavailable indicates the service is currently unavailable.
 	// This is a most likely a transient condition and may be corrected
-	// by retrying with a backoff.
+	// by retrying with a backoff. Note that it is not always safe to retry
+	// non-idempotent operations.
 	//
 	// See litmus test above for deciding between FailedPrecondition,
 	// Aborted, and Unavailable.
@@ -143,6 +145,8 @@ const (
 	// Unauthenticated indicates the request does not have valid
 	// authentication credentials for the operation.
 	Unauthenticated Code = 16
+
+	_maxCode = 17
 )
 
 var strToCode = map[string]Code{
@@ -176,6 +180,16 @@ func (c *Code) UnmarshalJSON(b []byte) error {
 	if c == nil {
 		return fmt.Errorf("nil receiver passed to UnmarshalJSON")
 	}
+
+	if ci, err := strconv.ParseUint(string(b), 10, 32); err == nil {
+		if ci >= _maxCode {
+			return fmt.Errorf("invalid code: %q", ci)
+		}
+
+		*c = Code(ci)
+		return nil
+	}
+
 	if jc, ok := strToCode[string(b)]; ok {
 		*c = jc
 		return nil
diff --git a/vendor/google.golang.org/grpc/connectivity/connectivity.go b/vendor/google.golang.org/grpc/connectivity/connectivity.go
index 568ef5dc68baa..34ec36fbf6d9c 100644
--- a/vendor/google.golang.org/grpc/connectivity/connectivity.go
+++ b/vendor/google.golang.org/grpc/connectivity/connectivity.go
@@ -22,7 +22,8 @@
 package connectivity
 
 import (
-	"golang.org/x/net/context"
+	"context"
+
 	"google.golang.org/grpc/grpclog"
 )
 
@@ -51,7 +52,7 @@ func (s State) String() string {
 const (
 	// Idle indicates the ClientConn is idle.
 	Idle State = iota
-	// Connecting indicates the ClienConn is connecting.
+	// Connecting indicates the ClientConn is connecting.
 	Connecting
 	// Ready indicates the ClientConn is ready for work.
 	Ready
diff --git a/vendor/google.golang.org/grpc/credentials/alts/alts.go b/vendor/google.golang.org/grpc/credentials/alts/alts.go
new file mode 100644
index 0000000000000..72c7f0b23feba
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/alts.go
@@ -0,0 +1,330 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package alts implements the ALTS credential support by gRPC library, which
+// encapsulates all the state needed by a client to authenticate with a server
+// using ALTS and make various assertions, e.g., about the client's identity,
+// role, or whether it is authorized to make a particular call.
+// This package is experimental.
+package alts
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+	"time"
+
+	"google.golang.org/grpc/credentials"
+	core "google.golang.org/grpc/credentials/alts/internal"
+	"google.golang.org/grpc/credentials/alts/internal/handshaker"
+	"google.golang.org/grpc/credentials/alts/internal/handshaker/service"
+	altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
+	"google.golang.org/grpc/grpclog"
+)
+
+const (
+	// hypervisorHandshakerServiceAddress represents the default ALTS gRPC
+	// handshaker service address in the hypervisor.
+	hypervisorHandshakerServiceAddress = "metadata.google.internal:8080"
+	// defaultTimeout specifies the server handshake timeout.
+	defaultTimeout = 30.0 * time.Second
+	// The following constants specify the minimum and maximum acceptable
+	// protocol versions.
+	protocolVersionMaxMajor = 2
+	protocolVersionMaxMinor = 1
+	protocolVersionMinMajor = 2
+	protocolVersionMinMinor = 1
+)
+
+var (
+	once          sync.Once
+	maxRPCVersion = &altspb.RpcProtocolVersions_Version{
+		Major: protocolVersionMaxMajor,
+		Minor: protocolVersionMaxMinor,
+	}
+	minRPCVersion = &altspb.RpcProtocolVersions_Version{
+		Major: protocolVersionMinMajor,
+		Minor: protocolVersionMinMinor,
+	}
+	// ErrUntrustedPlatform is returned from ClientHandshake and
+	// ServerHandshake is running on a platform where the trustworthiness of
+	// the handshaker service is not guaranteed.
+	ErrUntrustedPlatform = errors.New("ALTS: untrusted platform. ALTS is only supported on GCP")
+)
+
+// AuthInfo exposes security information from the ALTS handshake to the
+// application. This interface is to be implemented by ALTS. Users should not
+// need a brand new implementation of this interface. For situations like
+// testing, any new implementation should embed this interface. This allows
+// ALTS to add new methods to this interface.
+type AuthInfo interface {
+	// ApplicationProtocol returns application protocol negotiated for the
+	// ALTS connection.
+	ApplicationProtocol() string
+	// RecordProtocol returns the record protocol negotiated for the ALTS
+	// connection.
+	RecordProtocol() string
+	// SecurityLevel returns the security level of the created ALTS secure
+	// channel.
+	SecurityLevel() altspb.SecurityLevel
+	// PeerServiceAccount returns the peer service account.
+	PeerServiceAccount() string
+	// LocalServiceAccount returns the local service account.
+	LocalServiceAccount() string
+	// PeerRPCVersions returns the RPC version supported by the peer.
+	PeerRPCVersions() *altspb.RpcProtocolVersions
+}
+
+// ClientOptions contains the client-side options of an ALTS channel. These
+// options will be passed to the underlying ALTS handshaker.
+type ClientOptions struct {
+	// TargetServiceAccounts contains a list of expected target service
+	// accounts.
+	TargetServiceAccounts []string
+	// HandshakerServiceAddress represents the ALTS handshaker gRPC service
+	// address to connect to.
+	HandshakerServiceAddress string
+}
+
+// DefaultClientOptions creates a new ClientOptions object with the default
+// values.
+func DefaultClientOptions() *ClientOptions {
+	return &ClientOptions{
+		HandshakerServiceAddress: hypervisorHandshakerServiceAddress,
+	}
+}
+
+// ServerOptions contains the server-side options of an ALTS channel. These
+// options will be passed to the underlying ALTS handshaker.
+type ServerOptions struct {
+	// HandshakerServiceAddress represents the ALTS handshaker gRPC service
+	// address to connect to.
+	HandshakerServiceAddress string
+}
+
+// DefaultServerOptions creates a new ServerOptions object with the default
+// values.
+func DefaultServerOptions() *ServerOptions {
+	return &ServerOptions{
+		HandshakerServiceAddress: hypervisorHandshakerServiceAddress,
+	}
+}
+
+// altsTC is the credentials required for authenticating a connection using ALTS.
+// It implements credentials.TransportCredentials interface.
+type altsTC struct {
+	info      *credentials.ProtocolInfo
+	side      core.Side
+	accounts  []string
+	hsAddress string
+}
+
+// NewClientCreds constructs a client-side ALTS TransportCredentials object.
+func NewClientCreds(opts *ClientOptions) credentials.TransportCredentials {
+	return newALTS(core.ClientSide, opts.TargetServiceAccounts, opts.HandshakerServiceAddress)
+}
+
+// NewServerCreds constructs a server-side ALTS TransportCredentials object.
+func NewServerCreds(opts *ServerOptions) credentials.TransportCredentials {
+	return newALTS(core.ServerSide, nil, opts.HandshakerServiceAddress)
+}
+
+func newALTS(side core.Side, accounts []string, hsAddress string) credentials.TransportCredentials {
+	once.Do(func() {
+		vmOnGCP = isRunningOnGCP()
+	})
+
+	if hsAddress == "" {
+		hsAddress = hypervisorHandshakerServiceAddress
+	}
+	return &altsTC{
+		info: &credentials.ProtocolInfo{
+			SecurityProtocol: "alts",
+			SecurityVersion:  "1.0",
+		},
+		side:      side,
+		accounts:  accounts,
+		hsAddress: hsAddress,
+	}
+}
+
+// ClientHandshake implements the client side handshake protocol.
+func (g *altsTC) ClientHandshake(ctx context.Context, addr string, rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) {
+	if !vmOnGCP {
+		return nil, nil, ErrUntrustedPlatform
+	}
+
+	// Connecting to ALTS handshaker service.
+	hsConn, err := service.Dial(g.hsAddress)
+	if err != nil {
+		return nil, nil, err
+	}
+	// Do not close hsConn since it is shared with other handshakes.
+
+	// Possible context leak:
+	// The cancel function for the child context we create will only be
+	// called a non-nil error is returned.
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithCancel(ctx)
+	defer func() {
+		if err != nil {
+			cancel()
+		}
+	}()
+
+	opts := handshaker.DefaultClientHandshakerOptions()
+	opts.TargetName = addr
+	opts.TargetServiceAccounts = g.accounts
+	opts.RPCVersions = &altspb.RpcProtocolVersions{
+		MaxRpcVersion: maxRPCVersion,
+		MinRpcVersion: minRPCVersion,
+	}
+	chs, err := handshaker.NewClientHandshaker(ctx, hsConn, rawConn, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+	defer func() {
+		if err != nil {
+			chs.Close()
+		}
+	}()
+	secConn, authInfo, err := chs.ClientHandshake(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+	altsAuthInfo, ok := authInfo.(AuthInfo)
+	if !ok {
+		return nil, nil, errors.New("client-side auth info is not of type alts.AuthInfo")
+	}
+	match, _ := checkRPCVersions(opts.RPCVersions, altsAuthInfo.PeerRPCVersions())
+	if !match {
+		return nil, nil, fmt.Errorf("server-side RPC versions are not compatible with this client, local versions: %v, peer versions: %v", opts.RPCVersions, altsAuthInfo.PeerRPCVersions())
+	}
+	return secConn, authInfo, nil
+}
+
+// ServerHandshake implements the server side ALTS handshaker.
+func (g *altsTC) ServerHandshake(rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) {
+	if !vmOnGCP {
+		return nil, nil, ErrUntrustedPlatform
+	}
+	// Connecting to ALTS handshaker service.
+	hsConn, err := service.Dial(g.hsAddress)
+	if err != nil {
+		return nil, nil, err
+	}
+	// Do not close hsConn since it's shared with other handshakes.
+
+	ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
+	defer cancel()
+	opts := handshaker.DefaultServerHandshakerOptions()
+	opts.RPCVersions = &altspb.RpcProtocolVersions{
+		MaxRpcVersion: maxRPCVersion,
+		MinRpcVersion: minRPCVersion,
+	}
+	shs, err := handshaker.NewServerHandshaker(ctx, hsConn, rawConn, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+	defer func() {
+		if err != nil {
+			shs.Close()
+		}
+	}()
+	secConn, authInfo, err := shs.ServerHandshake(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+	altsAuthInfo, ok := authInfo.(AuthInfo)
+	if !ok {
+		return nil, nil, errors.New("server-side auth info is not of type alts.AuthInfo")
+	}
+	match, _ := checkRPCVersions(opts.RPCVersions, altsAuthInfo.PeerRPCVersions())
+	if !match {
+		return nil, nil, fmt.Errorf("client-side RPC versions is not compatible with this server, local versions: %v, peer versions: %v", opts.RPCVersions, altsAuthInfo.PeerRPCVersions())
+	}
+	return secConn, authInfo, nil
+}
+
+func (g *altsTC) Info() credentials.ProtocolInfo {
+	return *g.info
+}
+
+func (g *altsTC) Clone() credentials.TransportCredentials {
+	info := *g.info
+	var accounts []string
+	if g.accounts != nil {
+		accounts = make([]string, len(g.accounts))
+		copy(accounts, g.accounts)
+	}
+	return &altsTC{
+		info:      &info,
+		side:      g.side,
+		hsAddress: g.hsAddress,
+		accounts:  accounts,
+	}
+}
+
+func (g *altsTC) OverrideServerName(serverNameOverride string) error {
+	g.info.ServerName = serverNameOverride
+	return nil
+}
+
+// compareRPCVersion returns 0 if v1 == v2, 1 if v1 > v2 and -1 if v1 < v2.
+func compareRPCVersions(v1, v2 *altspb.RpcProtocolVersions_Version) int {
+	switch {
+	case v1.GetMajor() > v2.GetMajor(),
+		v1.GetMajor() == v2.GetMajor() && v1.GetMinor() > v2.GetMinor():
+		return 1
+	case v1.GetMajor() < v2.GetMajor(),
+		v1.GetMajor() == v2.GetMajor() && v1.GetMinor() < v2.GetMinor():
+		return -1
+	}
+	return 0
+}
+
+// checkRPCVersions performs a version check between local and peer rpc protocol
+// versions. This function returns true if the check passes which means both
+// parties agreed on a common rpc protocol to use, and false otherwise. The
+// function also returns the highest common RPC protocol version both parties
+// agreed on.
+func checkRPCVersions(local, peer *altspb.RpcProtocolVersions) (bool, *altspb.RpcProtocolVersions_Version) {
+	if local == nil || peer == nil {
+		grpclog.Error("invalid checkRPCVersions argument, either local or peer is nil.")
+		return false, nil
+	}
+
+	// maxCommonVersion is MIN(local.max, peer.max).
+	maxCommonVersion := local.GetMaxRpcVersion()
+	if compareRPCVersions(local.GetMaxRpcVersion(), peer.GetMaxRpcVersion()) > 0 {
+		maxCommonVersion = peer.GetMaxRpcVersion()
+	}
+
+	// minCommonVersion is MAX(local.min, peer.min).
+	minCommonVersion := peer.GetMinRpcVersion()
+	if compareRPCVersions(local.GetMinRpcVersion(), peer.GetMinRpcVersion()) > 0 {
+		minCommonVersion = local.GetMinRpcVersion()
+	}
+
+	if compareRPCVersions(maxCommonVersion, minCommonVersion) < 0 {
+		return false, nil
+	}
+	return true, maxCommonVersion
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/authinfo/authinfo.go b/vendor/google.golang.org/grpc/credentials/alts/internal/authinfo/authinfo.go
new file mode 100644
index 0000000000000..9c53d6b53fb83
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/authinfo/authinfo.go
@@ -0,0 +1,89 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package authinfo provide authentication information returned by handshakers.
+package authinfo
+
+import (
+	"google.golang.org/grpc/credentials"
+	altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
+)
+
+var _ credentials.AuthInfo = (*altsAuthInfo)(nil)
+
+// altsAuthInfo exposes security information from the ALTS handshake to the
+// application. altsAuthInfo is immutable and implements credentials.AuthInfo.
+type altsAuthInfo struct {
+	p *altspb.AltsContext
+	credentials.CommonAuthInfo
+}
+
+// New returns a new altsAuthInfo object given handshaker results.
+func New(result *altspb.HandshakerResult) credentials.AuthInfo {
+	return newAuthInfo(result)
+}
+
+func newAuthInfo(result *altspb.HandshakerResult) *altsAuthInfo {
+	return &altsAuthInfo{
+		p: &altspb.AltsContext{
+			ApplicationProtocol: result.GetApplicationProtocol(),
+			RecordProtocol:      result.GetRecordProtocol(),
+			// TODO: assign security level from result.
+			SecurityLevel:       altspb.SecurityLevel_INTEGRITY_AND_PRIVACY,
+			PeerServiceAccount:  result.GetPeerIdentity().GetServiceAccount(),
+			LocalServiceAccount: result.GetLocalIdentity().GetServiceAccount(),
+			PeerRpcVersions:     result.GetPeerRpcVersions(),
+		},
+		CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity},
+	}
+}
+
+// AuthType identifies the context as providing ALTS authentication information.
+func (s *altsAuthInfo) AuthType() string {
+	return "alts"
+}
+
+// ApplicationProtocol returns the context's application protocol.
+func (s *altsAuthInfo) ApplicationProtocol() string {
+	return s.p.GetApplicationProtocol()
+}
+
+// RecordProtocol returns the context's record protocol.
+func (s *altsAuthInfo) RecordProtocol() string {
+	return s.p.GetRecordProtocol()
+}
+
+// SecurityLevel returns the context's security level.
+func (s *altsAuthInfo) SecurityLevel() altspb.SecurityLevel {
+	return s.p.GetSecurityLevel()
+}
+
+// PeerServiceAccount returns the context's peer service account.
+func (s *altsAuthInfo) PeerServiceAccount() string {
+	return s.p.GetPeerServiceAccount()
+}
+
+// LocalServiceAccount returns the context's local service account.
+func (s *altsAuthInfo) LocalServiceAccount() string {
+	return s.p.GetLocalServiceAccount()
+}
+
+// PeerRPCVersions returns the context's peer RPC versions.
+func (s *altsAuthInfo) PeerRPCVersions() *altspb.RpcProtocolVersions {
+	return s.p.GetPeerRpcVersions()
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/common.go b/vendor/google.golang.org/grpc/credentials/alts/internal/common.go
new file mode 100644
index 0000000000000..33fba81239ad1
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/common.go
@@ -0,0 +1,69 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+//go:generate ./regenerate.sh
+
+// Package internal contains common core functionality for ALTS.
+package internal
+
+import (
+	"context"
+	"net"
+
+	"google.golang.org/grpc/credentials"
+)
+
+const (
+	// ClientSide identifies the client in this communication.
+	ClientSide Side = iota
+	// ServerSide identifies the server in this communication.
+	ServerSide
+)
+
+// PeerNotRespondingError is returned when a peer server is not responding
+// after a channel has been established. It is treated as a temporary connection
+// error and re-connection to the server should be attempted.
+var PeerNotRespondingError = &peerNotRespondingError{}
+
+// Side identifies the party's role: client or server.
+type Side int
+
+type peerNotRespondingError struct{}
+
+// Return an error message for the purpose of logging.
+func (e *peerNotRespondingError) Error() string {
+	return "peer server is not responding and re-connection should be attempted."
+}
+
+// Temporary indicates if this connection error is temporary or fatal.
+func (e *peerNotRespondingError) Temporary() bool {
+	return true
+}
+
+// Handshaker defines a ALTS handshaker interface.
+type Handshaker interface {
+	// ClientHandshake starts and completes a client-side handshaking and
+	// returns a secure connection and corresponding auth information.
+	ClientHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error)
+	// ServerHandshake starts and completes a server-side handshaking and
+	// returns a secure connection and corresponding auth information.
+	ServerHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error)
+	// Close terminates the Handshaker. It should be called when the caller
+	// obtains the secure connection.
+	Close()
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aeadrekey.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aeadrekey.go
new file mode 100644
index 0000000000000..43726e877b8b3
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aeadrekey.go
@@ -0,0 +1,131 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/binary"
+	"fmt"
+	"strconv"
+)
+
+// rekeyAEAD holds the necessary information for an AEAD based on
+// AES-GCM that performs nonce-based key derivation and XORs the
+// nonce with a random mask.
+type rekeyAEAD struct {
+	kdfKey     []byte
+	kdfCounter []byte
+	nonceMask  []byte
+	nonceBuf   []byte
+	gcmAEAD    cipher.AEAD
+}
+
+// KeySizeError signals that the given key does not have the correct size.
+type KeySizeError int
+
+func (k KeySizeError) Error() string {
+	return "alts/conn: invalid key size " + strconv.Itoa(int(k))
+}
+
+// newRekeyAEAD creates a new instance of aes128gcm with rekeying.
+// The key argument should be 44 bytes, the first 32 bytes are used as a key
+// for HKDF-expand and the remainining 12 bytes are used as a random mask for
+// the counter.
+func newRekeyAEAD(key []byte) (*rekeyAEAD, error) {
+	k := len(key)
+	if k != kdfKeyLen+nonceLen {
+		return nil, KeySizeError(k)
+	}
+	return &rekeyAEAD{
+		kdfKey:     key[:kdfKeyLen],
+		kdfCounter: make([]byte, kdfCounterLen),
+		nonceMask:  key[kdfKeyLen:],
+		nonceBuf:   make([]byte, nonceLen),
+		gcmAEAD:    nil,
+	}, nil
+}
+
+// Seal rekeys if nonce[2:8] is different than in the last call, masks the nonce,
+// and calls Seal for aes128gcm.
+func (s *rekeyAEAD) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if err := s.rekeyIfRequired(nonce); err != nil {
+		panic(fmt.Sprintf("Rekeying failed with: %s", err.Error()))
+	}
+	maskNonce(s.nonceBuf, nonce, s.nonceMask)
+	return s.gcmAEAD.Seal(dst, s.nonceBuf, plaintext, additionalData)
+}
+
+// Open rekeys if nonce[2:8] is different than in the last call, masks the nonce,
+// and calls Open for aes128gcm.
+func (s *rekeyAEAD) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if err := s.rekeyIfRequired(nonce); err != nil {
+		return nil, err
+	}
+	maskNonce(s.nonceBuf, nonce, s.nonceMask)
+	return s.gcmAEAD.Open(dst, s.nonceBuf, ciphertext, additionalData)
+}
+
+// rekeyIfRequired creates a new aes128gcm AEAD if the existing AEAD is nil
+// or cannot be used with given nonce.
+func (s *rekeyAEAD) rekeyIfRequired(nonce []byte) error {
+	newKdfCounter := nonce[kdfCounterOffset : kdfCounterOffset+kdfCounterLen]
+	if s.gcmAEAD != nil && bytes.Equal(newKdfCounter, s.kdfCounter) {
+		return nil
+	}
+	copy(s.kdfCounter, newKdfCounter)
+	a, err := aes.NewCipher(hkdfExpand(s.kdfKey, s.kdfCounter))
+	if err != nil {
+		return err
+	}
+	s.gcmAEAD, err = cipher.NewGCM(a)
+	return err
+}
+
+// maskNonce XORs the given nonce with the mask and stores the result in dst.
+func maskNonce(dst, nonce, mask []byte) {
+	nonce1 := binary.LittleEndian.Uint64(nonce[:sizeUint64])
+	nonce2 := binary.LittleEndian.Uint32(nonce[sizeUint64:])
+	mask1 := binary.LittleEndian.Uint64(mask[:sizeUint64])
+	mask2 := binary.LittleEndian.Uint32(mask[sizeUint64:])
+	binary.LittleEndian.PutUint64(dst[:sizeUint64], nonce1^mask1)
+	binary.LittleEndian.PutUint32(dst[sizeUint64:], nonce2^mask2)
+}
+
+// NonceSize returns the required nonce size.
+func (s *rekeyAEAD) NonceSize() int {
+	return s.gcmAEAD.NonceSize()
+}
+
+// Overhead returns the ciphertext overhead.
+func (s *rekeyAEAD) Overhead() int {
+	return s.gcmAEAD.Overhead()
+}
+
+// hkdfExpand computes the first 16 bytes of the HKDF-expand function
+// defined in RFC5869.
+func hkdfExpand(key, info []byte) []byte {
+	mac := hmac.New(sha256.New, key)
+	mac.Write(info)
+	mac.Write([]byte{0x01}[:])
+	return mac.Sum(nil)[:aeadKeyLen]
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcm.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcm.go
new file mode 100644
index 0000000000000..04e0adb6c9086
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcm.go
@@ -0,0 +1,105 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+
+	core "google.golang.org/grpc/credentials/alts/internal"
+)
+
+const (
+	// Overflow length n in bytes, never encrypt more than 2^(n*8) frames (in
+	// each direction).
+	overflowLenAES128GCM = 5
+)
+
+// aes128gcm is the struct that holds necessary information for ALTS record.
+// The counter value is NOT included in the payload during the encryption and
+// decryption operations.
+type aes128gcm struct {
+	// inCounter is used in ALTS record to check that incoming counters are
+	// as expected, since ALTS record guarantees that messages are unwrapped
+	// in the same order that the peer wrapped them.
+	inCounter  Counter
+	outCounter Counter
+	aead       cipher.AEAD
+}
+
+// NewAES128GCM creates an instance that uses aes128gcm for ALTS record.
+func NewAES128GCM(side core.Side, key []byte) (ALTSRecordCrypto, error) {
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	a, err := cipher.NewGCM(c)
+	if err != nil {
+		return nil, err
+	}
+	return &aes128gcm{
+		inCounter:  NewInCounter(side, overflowLenAES128GCM),
+		outCounter: NewOutCounter(side, overflowLenAES128GCM),
+		aead:       a,
+	}, nil
+}
+
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
+// the ciphertext that will not be encrypted but will be authenticated. If dst
+// has enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext do not
+// overlap.
+func (s *aes128gcm) Encrypt(dst, plaintext []byte) ([]byte, error) {
+	// If we need to allocate an output buffer, we want to include space for
+	// GCM tag to avoid forcing ALTS record to reallocate as well.
+	dlen := len(dst)
+	dst, out := SliceForAppend(dst, len(plaintext)+GcmTagSize)
+	seq, err := s.outCounter.Value()
+	if err != nil {
+		return nil, err
+	}
+	data := out[:len(plaintext)]
+	copy(data, plaintext) // data may alias plaintext
+
+	// Seal appends the ciphertext and the tag to its first argument and
+	// returns the updated slice. However, SliceForAppend above ensures that
+	// dst has enough capacity to avoid a reallocation and copy due to the
+	// append.
+	dst = s.aead.Seal(dst[:dlen], seq, data, nil)
+	s.outCounter.Inc()
+	return dst, nil
+}
+
+func (s *aes128gcm) EncryptionOverhead() int {
+	return GcmTagSize
+}
+
+func (s *aes128gcm) Decrypt(dst, ciphertext []byte) ([]byte, error) {
+	seq, err := s.inCounter.Value()
+	if err != nil {
+		return nil, err
+	}
+	// If dst is equal to ciphertext[:0], ciphertext storage is reused.
+	plaintext, err := s.aead.Open(dst, seq, ciphertext, nil)
+	if err != nil {
+		return nil, ErrAuth
+	}
+	s.inCounter.Inc()
+	return plaintext, nil
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcmrekey.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcmrekey.go
new file mode 100644
index 0000000000000..6a9035ea254f8
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcmrekey.go
@@ -0,0 +1,116 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"crypto/cipher"
+
+	core "google.golang.org/grpc/credentials/alts/internal"
+)
+
+const (
+	// Overflow length n in bytes, never encrypt more than 2^(n*8) frames (in
+	// each direction).
+	overflowLenAES128GCMRekey = 8
+	nonceLen                  = 12
+	aeadKeyLen                = 16
+	kdfKeyLen                 = 32
+	kdfCounterOffset          = 2
+	kdfCounterLen             = 6
+	sizeUint64                = 8
+)
+
+// aes128gcmRekey is the struct that holds necessary information for ALTS record.
+// The counter value is NOT included in the payload during the encryption and
+// decryption operations.
+type aes128gcmRekey struct {
+	// inCounter is used in ALTS record to check that incoming counters are
+	// as expected, since ALTS record guarantees that messages are unwrapped
+	// in the same order that the peer wrapped them.
+	inCounter  Counter
+	outCounter Counter
+	inAEAD     cipher.AEAD
+	outAEAD    cipher.AEAD
+}
+
+// NewAES128GCMRekey creates an instance that uses aes128gcm with rekeying
+// for ALTS record. The key argument should be 44 bytes, the first 32 bytes
+// are used as a key for HKDF-expand and the remainining 12 bytes are used
+// as a random mask for the counter.
+func NewAES128GCMRekey(side core.Side, key []byte) (ALTSRecordCrypto, error) {
+	inCounter := NewInCounter(side, overflowLenAES128GCMRekey)
+	outCounter := NewOutCounter(side, overflowLenAES128GCMRekey)
+	inAEAD, err := newRekeyAEAD(key)
+	if err != nil {
+		return nil, err
+	}
+	outAEAD, err := newRekeyAEAD(key)
+	if err != nil {
+		return nil, err
+	}
+	return &aes128gcmRekey{
+		inCounter,
+		outCounter,
+		inAEAD,
+		outAEAD,
+	}, nil
+}
+
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
+// the ciphertext that will not be encrypted but will be authenticated. If dst
+// has enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext do not
+// overlap.
+func (s *aes128gcmRekey) Encrypt(dst, plaintext []byte) ([]byte, error) {
+	// If we need to allocate an output buffer, we want to include space for
+	// GCM tag to avoid forcing ALTS record to reallocate as well.
+	dlen := len(dst)
+	dst, out := SliceForAppend(dst, len(plaintext)+GcmTagSize)
+	seq, err := s.outCounter.Value()
+	if err != nil {
+		return nil, err
+	}
+	data := out[:len(plaintext)]
+	copy(data, plaintext) // data may alias plaintext
+
+	// Seal appends the ciphertext and the tag to its first argument and
+	// returns the updated slice. However, SliceForAppend above ensures that
+	// dst has enough capacity to avoid a reallocation and copy due to the
+	// append.
+	dst = s.outAEAD.Seal(dst[:dlen], seq, data, nil)
+	s.outCounter.Inc()
+	return dst, nil
+}
+
+func (s *aes128gcmRekey) EncryptionOverhead() int {
+	return GcmTagSize
+}
+
+func (s *aes128gcmRekey) Decrypt(dst, ciphertext []byte) ([]byte, error) {
+	seq, err := s.inCounter.Value()
+	if err != nil {
+		return nil, err
+	}
+	plaintext, err := s.inAEAD.Open(dst, seq, ciphertext, nil)
+	if err != nil {
+		return nil, ErrAuth
+	}
+	s.inCounter.Inc()
+	return plaintext, nil
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/common.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/common.go
new file mode 100644
index 0000000000000..1795d0c9e3728
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/common.go
@@ -0,0 +1,70 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+)
+
+const (
+	// GcmTagSize is the GCM tag size is the difference in length between
+	// plaintext and ciphertext. From crypto/cipher/gcm.go in Go crypto
+	// library.
+	GcmTagSize = 16
+)
+
+// ErrAuth occurs on authentication failure.
+var ErrAuth = errors.New("message authentication failed")
+
+// SliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func SliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return head, tail
+}
+
+// ParseFramedMsg parse the provided buffer and returns a frame of the format
+// msgLength+msg and any remaining bytes in that buffer.
+func ParseFramedMsg(b []byte, maxLen uint32) ([]byte, []byte, error) {
+	// If the size field is not complete, return the provided buffer as
+	// remaining buffer.
+	if len(b) < MsgLenFieldSize {
+		return nil, b, nil
+	}
+	msgLenField := b[:MsgLenFieldSize]
+	length := binary.LittleEndian.Uint32(msgLenField)
+	if length > maxLen {
+		return nil, nil, fmt.Errorf("received the frame length %d larger than the limit %d", length, maxLen)
+	}
+	if len(b) < int(length)+4 { // account for the first 4 msg length bytes.
+		// Frame is not complete yet.
+		return nil, b, nil
+	}
+	return b[:MsgLenFieldSize+length], b[MsgLenFieldSize+length:], nil
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/counter.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/counter.go
new file mode 100644
index 0000000000000..9f00aca0b614f
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/counter.go
@@ -0,0 +1,62 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import (
+	"errors"
+)
+
+const counterLen = 12
+
+var (
+	errInvalidCounter = errors.New("invalid counter")
+)
+
+// Counter is a 96-bit, little-endian counter.
+type Counter struct {
+	value       [counterLen]byte
+	invalid     bool
+	overflowLen int
+}
+
+// Value returns the current value of the counter as a byte slice.
+func (c *Counter) Value() ([]byte, error) {
+	if c.invalid {
+		return nil, errInvalidCounter
+	}
+	return c.value[:], nil
+}
+
+// Inc increments the counter and checks for overflow.
+func (c *Counter) Inc() {
+	// If the counter is already invalid, there is no need to increase it.
+	if c.invalid {
+		return
+	}
+	i := 0
+	for ; i < c.overflowLen; i++ {
+		c.value[i]++
+		if c.value[i] != 0 {
+			break
+		}
+	}
+	if i == c.overflowLen {
+		c.invalid = true
+	}
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go
new file mode 100644
index 0000000000000..fd5a53d9a7aae
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go
@@ -0,0 +1,271 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package conn contains an implementation of a secure channel created by gRPC
+// handshakers.
+package conn
+
+import (
+	"encoding/binary"
+	"fmt"
+	"math"
+	"net"
+
+	core "google.golang.org/grpc/credentials/alts/internal"
+)
+
+// ALTSRecordCrypto is the interface for gRPC ALTS record protocol.
+type ALTSRecordCrypto interface {
+	// Encrypt encrypts the plaintext and computes the tag (if any) of dst
+	// and plaintext, dst and plaintext do not overlap.
+	Encrypt(dst, plaintext []byte) ([]byte, error)
+	// EncryptionOverhead returns the tag size (if any) in bytes.
+	EncryptionOverhead() int
+	// Decrypt decrypts ciphertext and verify the tag (if any). dst and
+	// ciphertext may alias exactly or not at all. To reuse ciphertext's
+	// storage for the decrypted output, use ciphertext[:0] as dst.
+	Decrypt(dst, ciphertext []byte) ([]byte, error)
+}
+
+// ALTSRecordFunc is a function type for factory functions that create
+// ALTSRecordCrypto instances.
+type ALTSRecordFunc func(s core.Side, keyData []byte) (ALTSRecordCrypto, error)
+
+const (
+	// MsgLenFieldSize is the byte size of the frame length field of a
+	// framed message.
+	MsgLenFieldSize = 4
+	// The byte size of the message type field of a framed message.
+	msgTypeFieldSize = 4
+	// The bytes size limit for a ALTS record message.
+	altsRecordLengthLimit = 1024 * 1024 // 1 MiB
+	// The default bytes size of a ALTS record message.
+	altsRecordDefaultLength = 4 * 1024 // 4KiB
+	// Message type value included in ALTS record framing.
+	altsRecordMsgType = uint32(0x06)
+	// The initial write buffer size.
+	altsWriteBufferInitialSize = 32 * 1024 // 32KiB
+	// The maximum write buffer size. This *must* be multiple of
+	// altsRecordDefaultLength.
+	altsWriteBufferMaxSize = 512 * 1024 // 512KiB
+)
+
+var (
+	protocols = make(map[string]ALTSRecordFunc)
+)
+
+// RegisterProtocol register a ALTS record encryption protocol.
+func RegisterProtocol(protocol string, f ALTSRecordFunc) error {
+	if _, ok := protocols[protocol]; ok {
+		return fmt.Errorf("protocol %v is already registered", protocol)
+	}
+	protocols[protocol] = f
+	return nil
+}
+
+// conn represents a secured connection. It implements the net.Conn interface.
+type conn struct {
+	net.Conn
+	crypto ALTSRecordCrypto
+	// buf holds data that has been read from the connection and decrypted,
+	// but has not yet been returned by Read.
+	buf                []byte
+	payloadLengthLimit int
+	// protected holds data read from the network but have not yet been
+	// decrypted. This data might not compose a complete frame.
+	protected []byte
+	// writeBuf is a buffer used to contain encrypted frames before being
+	// written to the network.
+	writeBuf []byte
+	// nextFrame stores the next frame (in protected buffer) info.
+	nextFrame []byte
+	// overhead is the calculated overhead of each frame.
+	overhead int
+}
+
+// NewConn creates a new secure channel instance given the other party role and
+// handshaking result.
+func NewConn(c net.Conn, side core.Side, recordProtocol string, key []byte, protected []byte) (net.Conn, error) {
+	newCrypto := protocols[recordProtocol]
+	if newCrypto == nil {
+		return nil, fmt.Errorf("negotiated unknown next_protocol %q", recordProtocol)
+	}
+	crypto, err := newCrypto(side, key)
+	if err != nil {
+		return nil, fmt.Errorf("protocol %q: %v", recordProtocol, err)
+	}
+	overhead := MsgLenFieldSize + msgTypeFieldSize + crypto.EncryptionOverhead()
+	payloadLengthLimit := altsRecordDefaultLength - overhead
+	if protected == nil {
+		// We pre-allocate protected to be of size
+		// 2*altsRecordDefaultLength-1 during initialization. We only
+		// read from the network into protected when protected does not
+		// contain a complete frame, which is at most
+		// altsRecordDefaultLength-1 (bytes). And we read at most
+		// altsRecordDefaultLength (bytes) data into protected at one
+		// time. Therefore, 2*altsRecordDefaultLength-1 is large enough
+		// to buffer data read from the network.
+		protected = make([]byte, 0, 2*altsRecordDefaultLength-1)
+	}
+
+	altsConn := &conn{
+		Conn:               c,
+		crypto:             crypto,
+		payloadLengthLimit: payloadLengthLimit,
+		protected:          protected,
+		writeBuf:           make([]byte, altsWriteBufferInitialSize),
+		nextFrame:          protected,
+		overhead:           overhead,
+	}
+	return altsConn, nil
+}
+
+// Read reads and decrypts a frame from the underlying connection, and copies the
+// decrypted payload into b. If the size of the payload is greater than len(b),
+// Read retains the remaining bytes in an internal buffer, and subsequent calls
+// to Read will read from this buffer until it is exhausted.
+func (p *conn) Read(b []byte) (n int, err error) {
+	if len(p.buf) == 0 {
+		var framedMsg []byte
+		framedMsg, p.nextFrame, err = ParseFramedMsg(p.nextFrame, altsRecordLengthLimit)
+		if err != nil {
+			return n, err
+		}
+		// Check whether the next frame to be decrypted has been
+		// completely received yet.
+		if len(framedMsg) == 0 {
+			copy(p.protected, p.nextFrame)
+			p.protected = p.protected[:len(p.nextFrame)]
+			// Always copy next incomplete frame to the beginning of
+			// the protected buffer and reset nextFrame to it.
+			p.nextFrame = p.protected
+		}
+		// Check whether a complete frame has been received yet.
+		for len(framedMsg) == 0 {
+			if len(p.protected) == cap(p.protected) {
+				tmp := make([]byte, len(p.protected), cap(p.protected)+altsRecordDefaultLength)
+				copy(tmp, p.protected)
+				p.protected = tmp
+			}
+			n, err = p.Conn.Read(p.protected[len(p.protected):min(cap(p.protected), len(p.protected)+altsRecordDefaultLength)])
+			if err != nil {
+				return 0, err
+			}
+			p.protected = p.protected[:len(p.protected)+n]
+			framedMsg, p.nextFrame, err = ParseFramedMsg(p.protected, altsRecordLengthLimit)
+			if err != nil {
+				return 0, err
+			}
+		}
+		// Now we have a complete frame, decrypted it.
+		msg := framedMsg[MsgLenFieldSize:]
+		msgType := binary.LittleEndian.Uint32(msg[:msgTypeFieldSize])
+		if msgType&0xff != altsRecordMsgType {
+			return 0, fmt.Errorf("received frame with incorrect message type %v, expected lower byte %v",
+				msgType, altsRecordMsgType)
+		}
+		ciphertext := msg[msgTypeFieldSize:]
+
+		// Decrypt requires that if the dst and ciphertext alias, they
+		// must alias exactly. Code here used to use msg[:0], but msg
+		// starts MsgLenFieldSize+msgTypeFieldSize bytes earlier than
+		// ciphertext, so they alias inexactly. Using ciphertext[:0]
+		// arranges the appropriate aliasing without needing to copy
+		// ciphertext or use a separate destination buffer. For more info
+		// check: https://golang.org/pkg/crypto/cipher/#AEAD.
+		p.buf, err = p.crypto.Decrypt(ciphertext[:0], ciphertext)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	n = copy(b, p.buf)
+	p.buf = p.buf[n:]
+	return n, nil
+}
+
+// Write encrypts, frames, and writes bytes from b to the underlying connection.
+func (p *conn) Write(b []byte) (n int, err error) {
+	n = len(b)
+	// Calculate the output buffer size with framing and encryption overhead.
+	numOfFrames := int(math.Ceil(float64(len(b)) / float64(p.payloadLengthLimit)))
+	size := len(b) + numOfFrames*p.overhead
+	// If writeBuf is too small, increase its size up to the maximum size.
+	partialBSize := len(b)
+	if size > altsWriteBufferMaxSize {
+		size = altsWriteBufferMaxSize
+		const numOfFramesInMaxWriteBuf = altsWriteBufferMaxSize / altsRecordDefaultLength
+		partialBSize = numOfFramesInMaxWriteBuf * p.payloadLengthLimit
+	}
+	if len(p.writeBuf) < size {
+		p.writeBuf = make([]byte, size)
+	}
+
+	for partialBStart := 0; partialBStart < len(b); partialBStart += partialBSize {
+		partialBEnd := partialBStart + partialBSize
+		if partialBEnd > len(b) {
+			partialBEnd = len(b)
+		}
+		partialB := b[partialBStart:partialBEnd]
+		writeBufIndex := 0
+		for len(partialB) > 0 {
+			payloadLen := len(partialB)
+			if payloadLen > p.payloadLengthLimit {
+				payloadLen = p.payloadLengthLimit
+			}
+			buf := partialB[:payloadLen]
+			partialB = partialB[payloadLen:]
+
+			// Write buffer contains: length, type, payload, and tag
+			// if any.
+
+			// 1. Fill in type field.
+			msg := p.writeBuf[writeBufIndex+MsgLenFieldSize:]
+			binary.LittleEndian.PutUint32(msg, altsRecordMsgType)
+
+			// 2. Encrypt the payload and create a tag if any.
+			msg, err = p.crypto.Encrypt(msg[:msgTypeFieldSize], buf)
+			if err != nil {
+				return n, err
+			}
+
+			// 3. Fill in the size field.
+			binary.LittleEndian.PutUint32(p.writeBuf[writeBufIndex:], uint32(len(msg)))
+
+			// 4. Increase writeBufIndex.
+			writeBufIndex += len(buf) + p.overhead
+		}
+		nn, err := p.Conn.Write(p.writeBuf[:writeBufIndex])
+		if err != nil {
+			// We need to calculate the actual data size that was
+			// written. This means we need to remove header,
+			// encryption overheads, and any partially-written
+			// frame data.
+			numOfWrittenFrames := int(math.Floor(float64(nn) / float64(altsRecordDefaultLength)))
+			return partialBStart + numOfWrittenFrames*p.payloadLengthLimit, err
+		}
+	}
+	return n, nil
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/utils.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/utils.go
new file mode 100644
index 0000000000000..84821fa254394
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/utils.go
@@ -0,0 +1,63 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package conn
+
+import core "google.golang.org/grpc/credentials/alts/internal"
+
+// NewOutCounter returns an outgoing counter initialized to the starting sequence
+// number for the client/server side of a connection.
+func NewOutCounter(s core.Side, overflowLen int) (c Counter) {
+	c.overflowLen = overflowLen
+	if s == core.ServerSide {
+		// Server counters in ALTS record have the little-endian high bit
+		// set.
+		c.value[counterLen-1] = 0x80
+	}
+	return
+}
+
+// NewInCounter returns an incoming counter initialized to the starting sequence
+// number for the client/server side of a connection. This is used in ALTS record
+// to check that incoming counters are as expected, since ALTS record guarantees
+// that messages are unwrapped in the same order that the peer wrapped them.
+func NewInCounter(s core.Side, overflowLen int) (c Counter) {
+	c.overflowLen = overflowLen
+	if s == core.ClientSide {
+		// Server counters in ALTS record have the little-endian high bit
+		// set.
+		c.value[counterLen-1] = 0x80
+	}
+	return
+}
+
+// CounterFromValue creates a new counter given an initial value.
+func CounterFromValue(value []byte, overflowLen int) (c Counter) {
+	c.overflowLen = overflowLen
+	copy(c.value[:], value)
+	return
+}
+
+// CounterSide returns the connection side (client/server) a sequence counter is
+// associated with.
+func CounterSide(c []byte) core.Side {
+	if c[counterLen-1]&0x80 == 0x80 {
+		return core.ServerSide
+	}
+	return core.ClientSide
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go
new file mode 100644
index 0000000000000..8bc7ceee0aff2
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go
@@ -0,0 +1,375 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package handshaker provides ALTS handshaking functionality for GCP.
+package handshaker
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+
+	grpc "google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	core "google.golang.org/grpc/credentials/alts/internal"
+	"google.golang.org/grpc/credentials/alts/internal/authinfo"
+	"google.golang.org/grpc/credentials/alts/internal/conn"
+	altsgrpc "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
+	altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
+)
+
+const (
+	// The maximum byte size of receive frames.
+	frameLimit              = 64 * 1024 // 64 KB
+	rekeyRecordProtocolName = "ALTSRP_GCM_AES128_REKEY"
+	// maxPendingHandshakes represents the maximum number of concurrent
+	// handshakes.
+	maxPendingHandshakes = 100
+)
+
+var (
+	hsProtocol      = altspb.HandshakeProtocol_ALTS
+	appProtocols    = []string{"grpc"}
+	recordProtocols = []string{rekeyRecordProtocolName}
+	keyLength       = map[string]int{
+		rekeyRecordProtocolName: 44,
+	}
+	altsRecordFuncs = map[string]conn.ALTSRecordFunc{
+		// ALTS handshaker protocols.
+		rekeyRecordProtocolName: func(s core.Side, keyData []byte) (conn.ALTSRecordCrypto, error) {
+			return conn.NewAES128GCMRekey(s, keyData)
+		},
+	}
+	// control number of concurrent created (but not closed) handshakers.
+	mu                   sync.Mutex
+	concurrentHandshakes = int64(0)
+	// errDropped occurs when maxPendingHandshakes is reached.
+	errDropped = errors.New("maximum number of concurrent ALTS handshakes is reached")
+	// errOutOfBound occurs when the handshake service returns a consumed
+	// bytes value larger than the buffer that was passed to it originally.
+	errOutOfBound = errors.New("handshaker service consumed bytes value is out-of-bound")
+)
+
+func init() {
+	for protocol, f := range altsRecordFuncs {
+		if err := conn.RegisterProtocol(protocol, f); err != nil {
+			panic(err)
+		}
+	}
+}
+
+func acquire() bool {
+	mu.Lock()
+	// If we need n to be configurable, we can pass it as an argument.
+	n := int64(1)
+	success := maxPendingHandshakes-concurrentHandshakes >= n
+	if success {
+		concurrentHandshakes += n
+	}
+	mu.Unlock()
+	return success
+}
+
+func release() {
+	mu.Lock()
+	// If we need n to be configurable, we can pass it as an argument.
+	n := int64(1)
+	concurrentHandshakes -= n
+	if concurrentHandshakes < 0 {
+		mu.Unlock()
+		panic("bad release")
+	}
+	mu.Unlock()
+}
+
+// ClientHandshakerOptions contains the client handshaker options that can
+// provided by the caller.
+type ClientHandshakerOptions struct {
+	// ClientIdentity is the handshaker client local identity.
+	ClientIdentity *altspb.Identity
+	// TargetName is the server service account name for secure name
+	// checking.
+	TargetName string
+	// TargetServiceAccounts contains a list of expected target service
+	// accounts. One of these accounts should match one of the accounts in
+	// the handshaker results. Otherwise, the handshake fails.
+	TargetServiceAccounts []string
+	// RPCVersions specifies the gRPC versions accepted by the client.
+	RPCVersions *altspb.RpcProtocolVersions
+}
+
+// ServerHandshakerOptions contains the server handshaker options that can
+// provided by the caller.
+type ServerHandshakerOptions struct {
+	// RPCVersions specifies the gRPC versions accepted by the server.
+	RPCVersions *altspb.RpcProtocolVersions
+}
+
+// DefaultClientHandshakerOptions returns the default client handshaker options.
+func DefaultClientHandshakerOptions() *ClientHandshakerOptions {
+	return &ClientHandshakerOptions{}
+}
+
+// DefaultServerHandshakerOptions returns the default client handshaker options.
+func DefaultServerHandshakerOptions() *ServerHandshakerOptions {
+	return &ServerHandshakerOptions{}
+}
+
+// TODO: add support for future local and remote endpoint in both client options
+//       and server options (server options struct does not exist now. When
+//       caller can provide endpoints, it should be created.
+
+// altsHandshaker is used to complete a ALTS handshaking between client and
+// server. This handshaker talks to the ALTS handshaker service in the metadata
+// server.
+type altsHandshaker struct {
+	// RPC stream used to access the ALTS Handshaker service.
+	stream altsgrpc.HandshakerService_DoHandshakeClient
+	// the connection to the peer.
+	conn net.Conn
+	// client handshake options.
+	clientOpts *ClientHandshakerOptions
+	// server handshake options.
+	serverOpts *ServerHandshakerOptions
+	// defines the side doing the handshake, client or server.
+	side core.Side
+}
+
+// NewClientHandshaker creates a ALTS handshaker for GCP which contains an RPC
+// stub created using the passed conn and used to talk to the ALTS Handshaker
+// service in the metadata server.
+func NewClientHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, opts *ClientHandshakerOptions) (core.Handshaker, error) {
+	stream, err := altsgrpc.NewHandshakerServiceClient(conn).DoHandshake(ctx, grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	return &altsHandshaker{
+		stream:     stream,
+		conn:       c,
+		clientOpts: opts,
+		side:       core.ClientSide,
+	}, nil
+}
+
+// NewServerHandshaker creates a ALTS handshaker for GCP which contains an RPC
+// stub created using the passed conn and used to talk to the ALTS Handshaker
+// service in the metadata server.
+func NewServerHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, opts *ServerHandshakerOptions) (core.Handshaker, error) {
+	stream, err := altsgrpc.NewHandshakerServiceClient(conn).DoHandshake(ctx, grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	return &altsHandshaker{
+		stream:     stream,
+		conn:       c,
+		serverOpts: opts,
+		side:       core.ServerSide,
+	}, nil
+}
+
+// ClientHandshake starts and completes a client ALTS handshaking for GCP. Once
+// done, ClientHandshake returns a secure connection.
+func (h *altsHandshaker) ClientHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error) {
+	if !acquire() {
+		return nil, nil, errDropped
+	}
+	defer release()
+
+	if h.side != core.ClientSide {
+		return nil, nil, errors.New("only handshakers created using NewClientHandshaker can perform a client handshaker")
+	}
+
+	// Create target identities from service account list.
+	targetIdentities := make([]*altspb.Identity, 0, len(h.clientOpts.TargetServiceAccounts))
+	for _, account := range h.clientOpts.TargetServiceAccounts {
+		targetIdentities = append(targetIdentities, &altspb.Identity{
+			IdentityOneof: &altspb.Identity_ServiceAccount{
+				ServiceAccount: account,
+			},
+		})
+	}
+	req := &altspb.HandshakerReq{
+		ReqOneof: &altspb.HandshakerReq_ClientStart{
+			ClientStart: &altspb.StartClientHandshakeReq{
+				HandshakeSecurityProtocol: hsProtocol,
+				ApplicationProtocols:      appProtocols,
+				RecordProtocols:           recordProtocols,
+				TargetIdentities:          targetIdentities,
+				LocalIdentity:             h.clientOpts.ClientIdentity,
+				TargetName:                h.clientOpts.TargetName,
+				RpcVersions:               h.clientOpts.RPCVersions,
+			},
+		},
+	}
+
+	conn, result, err := h.doHandshake(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	authInfo := authinfo.New(result)
+	return conn, authInfo, nil
+}
+
+// ServerHandshake starts and completes a server ALTS handshaking for GCP. Once
+// done, ServerHandshake returns a secure connection.
+func (h *altsHandshaker) ServerHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error) {
+	if !acquire() {
+		return nil, nil, errDropped
+	}
+	defer release()
+
+	if h.side != core.ServerSide {
+		return nil, nil, errors.New("only handshakers created using NewServerHandshaker can perform a server handshaker")
+	}
+
+	p := make([]byte, frameLimit)
+	n, err := h.conn.Read(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Prepare server parameters.
+	// TODO: currently only ALTS parameters are provided. Might need to use
+	//       more options in the future.
+	params := make(map[int32]*altspb.ServerHandshakeParameters)
+	params[int32(altspb.HandshakeProtocol_ALTS)] = &altspb.ServerHandshakeParameters{
+		RecordProtocols: recordProtocols,
+	}
+	req := &altspb.HandshakerReq{
+		ReqOneof: &altspb.HandshakerReq_ServerStart{
+			ServerStart: &altspb.StartServerHandshakeReq{
+				ApplicationProtocols: appProtocols,
+				HandshakeParameters:  params,
+				InBytes:              p[:n],
+				RpcVersions:          h.serverOpts.RPCVersions,
+			},
+		},
+	}
+
+	conn, result, err := h.doHandshake(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	authInfo := authinfo.New(result)
+	return conn, authInfo, nil
+}
+
+func (h *altsHandshaker) doHandshake(req *altspb.HandshakerReq) (net.Conn, *altspb.HandshakerResult, error) {
+	resp, err := h.accessHandshakerService(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	// Check of the returned status is an error.
+	if resp.GetStatus() != nil {
+		if got, want := resp.GetStatus().Code, uint32(codes.OK); got != want {
+			return nil, nil, fmt.Errorf("%v", resp.GetStatus().Details)
+		}
+	}
+
+	var extra []byte
+	if req.GetServerStart() != nil {
+		if resp.GetBytesConsumed() > uint32(len(req.GetServerStart().GetInBytes())) {
+			return nil, nil, errOutOfBound
+		}
+		extra = req.GetServerStart().GetInBytes()[resp.GetBytesConsumed():]
+	}
+	result, extra, err := h.processUntilDone(resp, extra)
+	if err != nil {
+		return nil, nil, err
+	}
+	// The handshaker returns a 128 bytes key. It should be truncated based
+	// on the returned record protocol.
+	keyLen, ok := keyLength[result.RecordProtocol]
+	if !ok {
+		return nil, nil, fmt.Errorf("unknown resulted record protocol %v", result.RecordProtocol)
+	}
+	sc, err := conn.NewConn(h.conn, h.side, result.GetRecordProtocol(), result.KeyData[:keyLen], extra)
+	if err != nil {
+		return nil, nil, err
+	}
+	return sc, result, nil
+}
+
+func (h *altsHandshaker) accessHandshakerService(req *altspb.HandshakerReq) (*altspb.HandshakerResp, error) {
+	if err := h.stream.Send(req); err != nil {
+		return nil, err
+	}
+	resp, err := h.stream.Recv()
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// processUntilDone processes the handshake until the handshaker service returns
+// the results. Handshaker service takes care of frame parsing, so we read
+// whatever received from the network and send it to the handshaker service.
+func (h *altsHandshaker) processUntilDone(resp *altspb.HandshakerResp, extra []byte) (*altspb.HandshakerResult, []byte, error) {
+	for {
+		if len(resp.OutFrames) > 0 {
+			if _, err := h.conn.Write(resp.OutFrames); err != nil {
+				return nil, nil, err
+			}
+		}
+		if resp.Result != nil {
+			return resp.Result, extra, nil
+		}
+		buf := make([]byte, frameLimit)
+		n, err := h.conn.Read(buf)
+		if err != nil && err != io.EOF {
+			return nil, nil, err
+		}
+		// If there is nothing to send to the handshaker service, and
+		// nothing is received from the peer, then we are stuck.
+		// This covers the case when the peer is not responding. Note
+		// that handshaker service connection issues are caught in
+		// accessHandshakerService before we even get here.
+		if len(resp.OutFrames) == 0 && n == 0 {
+			return nil, nil, core.PeerNotRespondingError
+		}
+		// Append extra bytes from the previous interaction with the
+		// handshaker service with the current buffer read from conn.
+		p := append(extra, buf[:n]...)
+		// From here on, p and extra point to the same slice.
+		resp, err = h.accessHandshakerService(&altspb.HandshakerReq{
+			ReqOneof: &altspb.HandshakerReq_Next{
+				Next: &altspb.NextHandshakeMessageReq{
+					InBytes: p,
+				},
+			},
+		})
+		if err != nil {
+			return nil, nil, err
+		}
+		// Set extra based on handshaker service response.
+		if resp.GetBytesConsumed() > uint32(len(p)) {
+			return nil, nil, errOutOfBound
+		}
+		extra = p[resp.GetBytesConsumed():]
+	}
+}
+
+// Close terminates the Handshaker. It should be called when the caller obtains
+// the secure connection.
+func (h *altsHandshaker) Close() {
+	h.stream.CloseSend()
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go
new file mode 100644
index 0000000000000..0c7b568354d28
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go
@@ -0,0 +1,54 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package service manages connections between the VM application and the ALTS
+// handshaker service.
+package service
+
+import (
+	"sync"
+
+	grpc "google.golang.org/grpc"
+)
+
+var (
+	// hsConn represents a connection to hypervisor handshaker service.
+	hsConn *grpc.ClientConn
+	mu     sync.Mutex
+	// hsDialer will be reassigned in tests.
+	hsDialer = grpc.Dial
+)
+
+// Dial dials the handshake service in the hypervisor. If a connection has
+// already been established, this function returns it. Otherwise, a new
+// connection is created.
+func Dial(hsAddress string) (*grpc.ClientConn, error) {
+	mu.Lock()
+	defer mu.Unlock()
+
+	if hsConn == nil {
+		// Create a new connection to the handshaker service. Note that
+		// this connection stays open until the application is closed.
+		var err error
+		hsConn, err = hsDialer(hsAddress, grpc.WithInsecure())
+		if err != nil {
+			return nil, err
+		}
+	}
+	return hsConn, nil
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go
new file mode 100644
index 0000000000000..38c4832dfd4b0
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go
@@ -0,0 +1,152 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: grpc/gcp/altscontext.proto
+
+package grpc_gcp
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type AltsContext struct {
+	// The application protocol negotiated for this connection.
+	ApplicationProtocol string `protobuf:"bytes,1,opt,name=application_protocol,json=applicationProtocol,proto3" json:"application_protocol,omitempty"`
+	// The record protocol negotiated for this connection.
+	RecordProtocol string `protobuf:"bytes,2,opt,name=record_protocol,json=recordProtocol,proto3" json:"record_protocol,omitempty"`
+	// The security level of the created secure channel.
+	SecurityLevel SecurityLevel `protobuf:"varint,3,opt,name=security_level,json=securityLevel,proto3,enum=grpc.gcp.SecurityLevel" json:"security_level,omitempty"`
+	// The peer service account.
+	PeerServiceAccount string `protobuf:"bytes,4,opt,name=peer_service_account,json=peerServiceAccount,proto3" json:"peer_service_account,omitempty"`
+	// The local service account.
+	LocalServiceAccount string `protobuf:"bytes,5,opt,name=local_service_account,json=localServiceAccount,proto3" json:"local_service_account,omitempty"`
+	// The RPC protocol versions supported by the peer.
+	PeerRpcVersions *RpcProtocolVersions `protobuf:"bytes,6,opt,name=peer_rpc_versions,json=peerRpcVersions,proto3" json:"peer_rpc_versions,omitempty"`
+	// Additional attributes of the peer.
+	PeerAttributes       map[string]string `protobuf:"bytes,7,rep,name=peer_attributes,json=peerAttributes,proto3" json:"peer_attributes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *AltsContext) Reset()         { *m = AltsContext{} }
+func (m *AltsContext) String() string { return proto.CompactTextString(m) }
+func (*AltsContext) ProtoMessage()    {}
+func (*AltsContext) Descriptor() ([]byte, []int) {
+	return fileDescriptor_6647a41e53a575a3, []int{0}
+}
+
+func (m *AltsContext) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_AltsContext.Unmarshal(m, b)
+}
+func (m *AltsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_AltsContext.Marshal(b, m, deterministic)
+}
+func (m *AltsContext) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AltsContext.Merge(m, src)
+}
+func (m *AltsContext) XXX_Size() int {
+	return xxx_messageInfo_AltsContext.Size(m)
+}
+func (m *AltsContext) XXX_DiscardUnknown() {
+	xxx_messageInfo_AltsContext.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AltsContext proto.InternalMessageInfo
+
+func (m *AltsContext) GetApplicationProtocol() string {
+	if m != nil {
+		return m.ApplicationProtocol
+	}
+	return ""
+}
+
+func (m *AltsContext) GetRecordProtocol() string {
+	if m != nil {
+		return m.RecordProtocol
+	}
+	return ""
+}
+
+func (m *AltsContext) GetSecurityLevel() SecurityLevel {
+	if m != nil {
+		return m.SecurityLevel
+	}
+	return SecurityLevel_SECURITY_NONE
+}
+
+func (m *AltsContext) GetPeerServiceAccount() string {
+	if m != nil {
+		return m.PeerServiceAccount
+	}
+	return ""
+}
+
+func (m *AltsContext) GetLocalServiceAccount() string {
+	if m != nil {
+		return m.LocalServiceAccount
+	}
+	return ""
+}
+
+func (m *AltsContext) GetPeerRpcVersions() *RpcProtocolVersions {
+	if m != nil {
+		return m.PeerRpcVersions
+	}
+	return nil
+}
+
+func (m *AltsContext) GetPeerAttributes() map[string]string {
+	if m != nil {
+		return m.PeerAttributes
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterType((*AltsContext)(nil), "grpc.gcp.AltsContext")
+	proto.RegisterMapType((map[string]string)(nil), "grpc.gcp.AltsContext.PeerAttributesEntry")
+}
+
+func init() { proto.RegisterFile("grpc/gcp/altscontext.proto", fileDescriptor_6647a41e53a575a3) }
+
+var fileDescriptor_6647a41e53a575a3 = []byte{
+	// 411 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0x4d, 0x6f, 0x13, 0x31,
+	0x10, 0x86, 0xb5, 0x0d, 0x2d, 0xe0, 0x88, 0xb4, 0xb8, 0xa9, 0x58, 0x45, 0x42, 0x8a, 0xb8, 0xb0,
+	0x5c, 0x76, 0x21, 0x5c, 0x10, 0x07, 0x50, 0x8a, 0x38, 0x20, 0x71, 0x88, 0xb6, 0x12, 0x07, 0x2e,
+	0x2b, 0x77, 0x3a, 0xb2, 0x2c, 0x5c, 0x8f, 0x35, 0x76, 0x22, 0xf2, 0xb3, 0xf9, 0x07, 0x68, 0xed,
+	0xcd, 0x07, 0x1f, 0xb7, 0x9d, 0x79, 0x9f, 0x19, 0xbf, 0xb3, 0x33, 0x62, 0xa6, 0xd9, 0x43, 0xa3,
+	0xc1, 0x37, 0xca, 0xc6, 0x00, 0xe4, 0x22, 0xfe, 0x8c, 0xb5, 0x67, 0x8a, 0x24, 0x1f, 0xf5, 0x5a,
+	0xad, 0xc1, 0xcf, 0xaa, 0x3d, 0x15, 0x59, 0xb9, 0xe0, 0x89, 0x63, 0x17, 0x10, 0xd6, 0x6c, 0xe2,
+	0xb6, 0x03, 0xba, 0xbf, 0x27, 0x97, 0x6b, 0x5e, 0xfc, 0x1a, 0x89, 0xf1, 0xd2, 0xc6, 0xf0, 0x29,
+	0x77, 0x92, 0x6f, 0xc4, 0x54, 0x79, 0x6f, 0x0d, 0xa8, 0x68, 0xc8, 0x75, 0x09, 0x02, 0xb2, 0x65,
+	0x31, 0x2f, 0xaa, 0xc7, 0xed, 0xe5, 0x91, 0xb6, 0x1a, 0x24, 0xf9, 0x52, 0x9c, 0x33, 0x02, 0xf1,
+	0xdd, 0x81, 0x3e, 0x49, 0xf4, 0x24, 0xa7, 0xf7, 0xe0, 0x07, 0x31, 0xd9, 0x9b, 0xb0, 0xb8, 0x41,
+	0x5b, 0x8e, 0xe6, 0x45, 0x35, 0x59, 0x3c, 0xab, 0x77, 0xc6, 0xeb, 0x9b, 0x41, 0xff, 0xda, 0xcb,
+	0xed, 0x93, 0x70, 0x1c, 0xca, 0xd7, 0x62, 0xea, 0x11, 0xb9, 0x0b, 0xc8, 0x1b, 0x03, 0xd8, 0x29,
+	0x00, 0x5a, 0xbb, 0x58, 0x3e, 0x48, 0xaf, 0xc9, 0x5e, 0xbb, 0xc9, 0xd2, 0x32, 0x2b, 0x72, 0x21,
+	0xae, 0x2c, 0x81, 0xb2, 0xff, 0x94, 0x9c, 0xe6, 0x71, 0x92, 0xf8, 0x57, 0xcd, 0x17, 0xf1, 0x34,
+	0xbd, 0xc2, 0x1e, 0xba, 0x0d, 0x72, 0x30, 0xe4, 0x42, 0x79, 0x36, 0x2f, 0xaa, 0xf1, 0xe2, 0xf9,
+	0xc1, 0x68, 0xeb, 0x61, 0x37, 0xd7, 0xb7, 0x01, 0x6a, 0xcf, 0xfb, 0xba, 0xd6, 0xc3, 0x2e, 0x21,
+	0x5b, 0x91, 0x52, 0x9d, 0x8a, 0x91, 0xcd, 0xed, 0x3a, 0x62, 0x28, 0x1f, 0xce, 0x47, 0xd5, 0x78,
+	0xf1, 0xea, 0xd0, 0xe8, 0xe8, 0xe7, 0xd7, 0x2b, 0x44, 0x5e, 0xee, 0xd9, 0xcf, 0x2e, 0xf2, 0xb6,
+	0x9d, 0xf8, 0x3f, 0x92, 0xb3, 0xa5, 0xb8, 0xfc, 0x0f, 0x26, 0x2f, 0xc4, 0xe8, 0x07, 0x6e, 0x87,
+	0x35, 0xf5, 0x9f, 0x72, 0x2a, 0x4e, 0x37, 0xca, 0xae, 0x71, 0x58, 0x46, 0x0e, 0xde, 0x9f, 0xbc,
+	0x2b, 0xae, 0xad, 0xb8, 0x32, 0x94, 0x1d, 0xf4, 0x47, 0x54, 0x1b, 0x17, 0x91, 0x9d, 0xb2, 0xd7,
+	0x17, 0x47, 0x66, 0xd2, 0x74, 0xab, 0xe2, 0xfb, 0x47, 0x4d, 0xa4, 0x2d, 0xd6, 0x9a, 0xac, 0x72,
+	0xba, 0x26, 0xd6, 0x4d, 0x3a, 0x2e, 0x60, 0xbc, 0x43, 0x17, 0x8d, 0xb2, 0x21, 0x9d, 0x62, 0xb3,
+	0xeb, 0xd2, 0xa4, 0x2b, 0x48, 0x50, 0xa7, 0xc1, 0xdf, 0x9e, 0xa5, 0xf8, 0xed, 0xef, 0x00, 0x00,
+	0x00, 0xff, 0xff, 0x9b, 0x8c, 0xe4, 0x6a, 0xba, 0x02, 0x00, 0x00,
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go
new file mode 100644
index 0000000000000..4d1fc4c4d8da8
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go
@@ -0,0 +1,1105 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: grpc/gcp/handshaker.proto
+
+package grpc_gcp
+
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type HandshakeProtocol int32
+
+const (
+	// Default value.
+	HandshakeProtocol_HANDSHAKE_PROTOCOL_UNSPECIFIED HandshakeProtocol = 0
+	// TLS handshake protocol.
+	HandshakeProtocol_TLS HandshakeProtocol = 1
+	// Application Layer Transport Security handshake protocol.
+	HandshakeProtocol_ALTS HandshakeProtocol = 2
+)
+
+var HandshakeProtocol_name = map[int32]string{
+	0: "HANDSHAKE_PROTOCOL_UNSPECIFIED",
+	1: "TLS",
+	2: "ALTS",
+}
+
+var HandshakeProtocol_value = map[string]int32{
+	"HANDSHAKE_PROTOCOL_UNSPECIFIED": 0,
+	"TLS":                            1,
+	"ALTS":                           2,
+}
+
+func (x HandshakeProtocol) String() string {
+	return proto.EnumName(HandshakeProtocol_name, int32(x))
+}
+
+func (HandshakeProtocol) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{0}
+}
+
+type NetworkProtocol int32
+
+const (
+	NetworkProtocol_NETWORK_PROTOCOL_UNSPECIFIED NetworkProtocol = 0
+	NetworkProtocol_TCP                          NetworkProtocol = 1
+	NetworkProtocol_UDP                          NetworkProtocol = 2
+)
+
+var NetworkProtocol_name = map[int32]string{
+	0: "NETWORK_PROTOCOL_UNSPECIFIED",
+	1: "TCP",
+	2: "UDP",
+}
+
+var NetworkProtocol_value = map[string]int32{
+	"NETWORK_PROTOCOL_UNSPECIFIED": 0,
+	"TCP":                          1,
+	"UDP":                          2,
+}
+
+func (x NetworkProtocol) String() string {
+	return proto.EnumName(NetworkProtocol_name, int32(x))
+}
+
+func (NetworkProtocol) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{1}
+}
+
+type Endpoint struct {
+	// IP address. It should contain an IPv4 or IPv6 string literal, e.g.
+	// "192.168.0.1" or "2001:db8::1".
+	IpAddress string `protobuf:"bytes,1,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"`
+	// Port number.
+	Port int32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
+	// Network protocol (e.g., TCP, UDP) associated with this endpoint.
+	Protocol             NetworkProtocol `protobuf:"varint,3,opt,name=protocol,proto3,enum=grpc.gcp.NetworkProtocol" json:"protocol,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *Endpoint) Reset()         { *m = Endpoint{} }
+func (m *Endpoint) String() string { return proto.CompactTextString(m) }
+func (*Endpoint) ProtoMessage()    {}
+func (*Endpoint) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{0}
+}
+
+func (m *Endpoint) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Endpoint.Unmarshal(m, b)
+}
+func (m *Endpoint) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Endpoint.Marshal(b, m, deterministic)
+}
+func (m *Endpoint) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Endpoint.Merge(m, src)
+}
+func (m *Endpoint) XXX_Size() int {
+	return xxx_messageInfo_Endpoint.Size(m)
+}
+func (m *Endpoint) XXX_DiscardUnknown() {
+	xxx_messageInfo_Endpoint.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Endpoint proto.InternalMessageInfo
+
+func (m *Endpoint) GetIpAddress() string {
+	if m != nil {
+		return m.IpAddress
+	}
+	return ""
+}
+
+func (m *Endpoint) GetPort() int32 {
+	if m != nil {
+		return m.Port
+	}
+	return 0
+}
+
+func (m *Endpoint) GetProtocol() NetworkProtocol {
+	if m != nil {
+		return m.Protocol
+	}
+	return NetworkProtocol_NETWORK_PROTOCOL_UNSPECIFIED
+}
+
+type Identity struct {
+	// Types that are valid to be assigned to IdentityOneof:
+	//	*Identity_ServiceAccount
+	//	*Identity_Hostname
+	IdentityOneof isIdentity_IdentityOneof `protobuf_oneof:"identity_oneof"`
+	// Additional attributes of the identity.
+	Attributes           map[string]string `protobuf:"bytes,3,rep,name=attributes,proto3" json:"attributes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Identity) Reset()         { *m = Identity{} }
+func (m *Identity) String() string { return proto.CompactTextString(m) }
+func (*Identity) ProtoMessage()    {}
+func (*Identity) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{1}
+}
+
+func (m *Identity) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Identity.Unmarshal(m, b)
+}
+func (m *Identity) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Identity.Marshal(b, m, deterministic)
+}
+func (m *Identity) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Identity.Merge(m, src)
+}
+func (m *Identity) XXX_Size() int {
+	return xxx_messageInfo_Identity.Size(m)
+}
+func (m *Identity) XXX_DiscardUnknown() {
+	xxx_messageInfo_Identity.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Identity proto.InternalMessageInfo
+
+type isIdentity_IdentityOneof interface {
+	isIdentity_IdentityOneof()
+}
+
+type Identity_ServiceAccount struct {
+	ServiceAccount string `protobuf:"bytes,1,opt,name=service_account,json=serviceAccount,proto3,oneof"`
+}
+
+type Identity_Hostname struct {
+	Hostname string `protobuf:"bytes,2,opt,name=hostname,proto3,oneof"`
+}
+
+func (*Identity_ServiceAccount) isIdentity_IdentityOneof() {}
+
+func (*Identity_Hostname) isIdentity_IdentityOneof() {}
+
+func (m *Identity) GetIdentityOneof() isIdentity_IdentityOneof {
+	if m != nil {
+		return m.IdentityOneof
+	}
+	return nil
+}
+
+func (m *Identity) GetServiceAccount() string {
+	if x, ok := m.GetIdentityOneof().(*Identity_ServiceAccount); ok {
+		return x.ServiceAccount
+	}
+	return ""
+}
+
+func (m *Identity) GetHostname() string {
+	if x, ok := m.GetIdentityOneof().(*Identity_Hostname); ok {
+		return x.Hostname
+	}
+	return ""
+}
+
+func (m *Identity) GetAttributes() map[string]string {
+	if m != nil {
+		return m.Attributes
+	}
+	return nil
+}
+
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*Identity) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*Identity_ServiceAccount)(nil),
+		(*Identity_Hostname)(nil),
+	}
+}
+
+type StartClientHandshakeReq struct {
+	// Handshake security protocol requested by the client.
+	HandshakeSecurityProtocol HandshakeProtocol `protobuf:"varint,1,opt,name=handshake_security_protocol,json=handshakeSecurityProtocol,proto3,enum=grpc.gcp.HandshakeProtocol" json:"handshake_security_protocol,omitempty"`
+	// The application protocols supported by the client, e.g., "h2" (for http2),
+	// "grpc".
+	ApplicationProtocols []string `protobuf:"bytes,2,rep,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"`
+	// The record protocols supported by the client, e.g.,
+	// "ALTSRP_GCM_AES128".
+	RecordProtocols []string `protobuf:"bytes,3,rep,name=record_protocols,json=recordProtocols,proto3" json:"record_protocols,omitempty"`
+	// (Optional) Describes which server identities are acceptable by the client.
+	// If target identities are provided and none of them matches the peer
+	// identity of the server, handshake will fail.
+	TargetIdentities []*Identity `protobuf:"bytes,4,rep,name=target_identities,json=targetIdentities,proto3" json:"target_identities,omitempty"`
+	// (Optional) Application may specify a local identity. Otherwise, the
+	// handshaker chooses a default local identity.
+	LocalIdentity *Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// (Optional) Local endpoint information of the connection to the server,
+	// such as local IP address, port number, and network protocol.
+	LocalEndpoint *Endpoint `protobuf:"bytes,6,opt,name=local_endpoint,json=localEndpoint,proto3" json:"local_endpoint,omitempty"`
+	// (Optional) Endpoint information of the remote server, such as IP address,
+	// port number, and network protocol.
+	RemoteEndpoint *Endpoint `protobuf:"bytes,7,opt,name=remote_endpoint,json=remoteEndpoint,proto3" json:"remote_endpoint,omitempty"`
+	// (Optional) If target name is provided, a secure naming check is performed
+	// to verify that the peer authenticated identity is indeed authorized to run
+	// the target name.
+	TargetName string `protobuf:"bytes,8,opt,name=target_name,json=targetName,proto3" json:"target_name,omitempty"`
+	// (Optional) RPC protocol versions supported by the client.
+	RpcVersions *RpcProtocolVersions `protobuf:"bytes,9,opt,name=rpc_versions,json=rpcVersions,proto3" json:"rpc_versions,omitempty"`
+	// (Optional) Maximum frame size supported by the client.
+	MaxFrameSize         uint32   `protobuf:"varint,10,opt,name=max_frame_size,json=maxFrameSize,proto3" json:"max_frame_size,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StartClientHandshakeReq) Reset()         { *m = StartClientHandshakeReq{} }
+func (m *StartClientHandshakeReq) String() string { return proto.CompactTextString(m) }
+func (*StartClientHandshakeReq) ProtoMessage()    {}
+func (*StartClientHandshakeReq) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{2}
+}
+
+func (m *StartClientHandshakeReq) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_StartClientHandshakeReq.Unmarshal(m, b)
+}
+func (m *StartClientHandshakeReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_StartClientHandshakeReq.Marshal(b, m, deterministic)
+}
+func (m *StartClientHandshakeReq) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StartClientHandshakeReq.Merge(m, src)
+}
+func (m *StartClientHandshakeReq) XXX_Size() int {
+	return xxx_messageInfo_StartClientHandshakeReq.Size(m)
+}
+func (m *StartClientHandshakeReq) XXX_DiscardUnknown() {
+	xxx_messageInfo_StartClientHandshakeReq.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_StartClientHandshakeReq proto.InternalMessageInfo
+
+func (m *StartClientHandshakeReq) GetHandshakeSecurityProtocol() HandshakeProtocol {
+	if m != nil {
+		return m.HandshakeSecurityProtocol
+	}
+	return HandshakeProtocol_HANDSHAKE_PROTOCOL_UNSPECIFIED
+}
+
+func (m *StartClientHandshakeReq) GetApplicationProtocols() []string {
+	if m != nil {
+		return m.ApplicationProtocols
+	}
+	return nil
+}
+
+func (m *StartClientHandshakeReq) GetRecordProtocols() []string {
+	if m != nil {
+		return m.RecordProtocols
+	}
+	return nil
+}
+
+func (m *StartClientHandshakeReq) GetTargetIdentities() []*Identity {
+	if m != nil {
+		return m.TargetIdentities
+	}
+	return nil
+}
+
+func (m *StartClientHandshakeReq) GetLocalIdentity() *Identity {
+	if m != nil {
+		return m.LocalIdentity
+	}
+	return nil
+}
+
+func (m *StartClientHandshakeReq) GetLocalEndpoint() *Endpoint {
+	if m != nil {
+		return m.LocalEndpoint
+	}
+	return nil
+}
+
+func (m *StartClientHandshakeReq) GetRemoteEndpoint() *Endpoint {
+	if m != nil {
+		return m.RemoteEndpoint
+	}
+	return nil
+}
+
+func (m *StartClientHandshakeReq) GetTargetName() string {
+	if m != nil {
+		return m.TargetName
+	}
+	return ""
+}
+
+func (m *StartClientHandshakeReq) GetRpcVersions() *RpcProtocolVersions {
+	if m != nil {
+		return m.RpcVersions
+	}
+	return nil
+}
+
+func (m *StartClientHandshakeReq) GetMaxFrameSize() uint32 {
+	if m != nil {
+		return m.MaxFrameSize
+	}
+	return 0
+}
+
+type ServerHandshakeParameters struct {
+	// The record protocols supported by the server, e.g.,
+	// "ALTSRP_GCM_AES128".
+	RecordProtocols []string `protobuf:"bytes,1,rep,name=record_protocols,json=recordProtocols,proto3" json:"record_protocols,omitempty"`
+	// (Optional) A list of local identities supported by the server, if
+	// specified. Otherwise, the handshaker chooses a default local identity.
+	LocalIdentities      []*Identity `protobuf:"bytes,2,rep,name=local_identities,json=localIdentities,proto3" json:"local_identities,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *ServerHandshakeParameters) Reset()         { *m = ServerHandshakeParameters{} }
+func (m *ServerHandshakeParameters) String() string { return proto.CompactTextString(m) }
+func (*ServerHandshakeParameters) ProtoMessage()    {}
+func (*ServerHandshakeParameters) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{3}
+}
+
+func (m *ServerHandshakeParameters) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ServerHandshakeParameters.Unmarshal(m, b)
+}
+func (m *ServerHandshakeParameters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ServerHandshakeParameters.Marshal(b, m, deterministic)
+}
+func (m *ServerHandshakeParameters) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ServerHandshakeParameters.Merge(m, src)
+}
+func (m *ServerHandshakeParameters) XXX_Size() int {
+	return xxx_messageInfo_ServerHandshakeParameters.Size(m)
+}
+func (m *ServerHandshakeParameters) XXX_DiscardUnknown() {
+	xxx_messageInfo_ServerHandshakeParameters.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ServerHandshakeParameters proto.InternalMessageInfo
+
+func (m *ServerHandshakeParameters) GetRecordProtocols() []string {
+	if m != nil {
+		return m.RecordProtocols
+	}
+	return nil
+}
+
+func (m *ServerHandshakeParameters) GetLocalIdentities() []*Identity {
+	if m != nil {
+		return m.LocalIdentities
+	}
+	return nil
+}
+
+type StartServerHandshakeReq struct {
+	// The application protocols supported by the server, e.g., "h2" (for http2),
+	// "grpc".
+	ApplicationProtocols []string `protobuf:"bytes,1,rep,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"`
+	// Handshake parameters (record protocols and local identities supported by
+	// the server) mapped by the handshake protocol. Each handshake security
+	// protocol (e.g., TLS or ALTS) has its own set of record protocols and local
+	// identities. Since protobuf does not support enum as key to the map, the key
+	// to handshake_parameters is the integer value of HandshakeProtocol enum.
+	HandshakeParameters map[int32]*ServerHandshakeParameters `protobuf:"bytes,2,rep,name=handshake_parameters,json=handshakeParameters,proto3" json:"handshake_parameters,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// Bytes in out_frames returned from the peer's HandshakerResp. It is possible
+	// that the peer's out_frames are split into multiple HandshakReq messages.
+	InBytes []byte `protobuf:"bytes,3,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+	// (Optional) Local endpoint information of the connection to the client,
+	// such as local IP address, port number, and network protocol.
+	LocalEndpoint *Endpoint `protobuf:"bytes,4,opt,name=local_endpoint,json=localEndpoint,proto3" json:"local_endpoint,omitempty"`
+	// (Optional) Endpoint information of the remote client, such as IP address,
+	// port number, and network protocol.
+	RemoteEndpoint *Endpoint `protobuf:"bytes,5,opt,name=remote_endpoint,json=remoteEndpoint,proto3" json:"remote_endpoint,omitempty"`
+	// (Optional) RPC protocol versions supported by the server.
+	RpcVersions *RpcProtocolVersions `protobuf:"bytes,6,opt,name=rpc_versions,json=rpcVersions,proto3" json:"rpc_versions,omitempty"`
+	// (Optional) Maximum frame size supported by the server.
+	MaxFrameSize         uint32   `protobuf:"varint,7,opt,name=max_frame_size,json=maxFrameSize,proto3" json:"max_frame_size,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *StartServerHandshakeReq) Reset()         { *m = StartServerHandshakeReq{} }
+func (m *StartServerHandshakeReq) String() string { return proto.CompactTextString(m) }
+func (*StartServerHandshakeReq) ProtoMessage()    {}
+func (*StartServerHandshakeReq) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{4}
+}
+
+func (m *StartServerHandshakeReq) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_StartServerHandshakeReq.Unmarshal(m, b)
+}
+func (m *StartServerHandshakeReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_StartServerHandshakeReq.Marshal(b, m, deterministic)
+}
+func (m *StartServerHandshakeReq) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_StartServerHandshakeReq.Merge(m, src)
+}
+func (m *StartServerHandshakeReq) XXX_Size() int {
+	return xxx_messageInfo_StartServerHandshakeReq.Size(m)
+}
+func (m *StartServerHandshakeReq) XXX_DiscardUnknown() {
+	xxx_messageInfo_StartServerHandshakeReq.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_StartServerHandshakeReq proto.InternalMessageInfo
+
+func (m *StartServerHandshakeReq) GetApplicationProtocols() []string {
+	if m != nil {
+		return m.ApplicationProtocols
+	}
+	return nil
+}
+
+func (m *StartServerHandshakeReq) GetHandshakeParameters() map[int32]*ServerHandshakeParameters {
+	if m != nil {
+		return m.HandshakeParameters
+	}
+	return nil
+}
+
+func (m *StartServerHandshakeReq) GetInBytes() []byte {
+	if m != nil {
+		return m.InBytes
+	}
+	return nil
+}
+
+func (m *StartServerHandshakeReq) GetLocalEndpoint() *Endpoint {
+	if m != nil {
+		return m.LocalEndpoint
+	}
+	return nil
+}
+
+func (m *StartServerHandshakeReq) GetRemoteEndpoint() *Endpoint {
+	if m != nil {
+		return m.RemoteEndpoint
+	}
+	return nil
+}
+
+func (m *StartServerHandshakeReq) GetRpcVersions() *RpcProtocolVersions {
+	if m != nil {
+		return m.RpcVersions
+	}
+	return nil
+}
+
+func (m *StartServerHandshakeReq) GetMaxFrameSize() uint32 {
+	if m != nil {
+		return m.MaxFrameSize
+	}
+	return 0
+}
+
+type NextHandshakeMessageReq struct {
+	// Bytes in out_frames returned from the peer's HandshakerResp. It is possible
+	// that the peer's out_frames are split into multiple NextHandshakerMessageReq
+	// messages.
+	InBytes              []byte   `protobuf:"bytes,1,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *NextHandshakeMessageReq) Reset()         { *m = NextHandshakeMessageReq{} }
+func (m *NextHandshakeMessageReq) String() string { return proto.CompactTextString(m) }
+func (*NextHandshakeMessageReq) ProtoMessage()    {}
+func (*NextHandshakeMessageReq) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{5}
+}
+
+func (m *NextHandshakeMessageReq) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_NextHandshakeMessageReq.Unmarshal(m, b)
+}
+func (m *NextHandshakeMessageReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_NextHandshakeMessageReq.Marshal(b, m, deterministic)
+}
+func (m *NextHandshakeMessageReq) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NextHandshakeMessageReq.Merge(m, src)
+}
+func (m *NextHandshakeMessageReq) XXX_Size() int {
+	return xxx_messageInfo_NextHandshakeMessageReq.Size(m)
+}
+func (m *NextHandshakeMessageReq) XXX_DiscardUnknown() {
+	xxx_messageInfo_NextHandshakeMessageReq.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NextHandshakeMessageReq proto.InternalMessageInfo
+
+func (m *NextHandshakeMessageReq) GetInBytes() []byte {
+	if m != nil {
+		return m.InBytes
+	}
+	return nil
+}
+
+type HandshakerReq struct {
+	// Types that are valid to be assigned to ReqOneof:
+	//	*HandshakerReq_ClientStart
+	//	*HandshakerReq_ServerStart
+	//	*HandshakerReq_Next
+	ReqOneof             isHandshakerReq_ReqOneof `protobuf_oneof:"req_oneof"`
+	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
+	XXX_unrecognized     []byte                   `json:"-"`
+	XXX_sizecache        int32                    `json:"-"`
+}
+
+func (m *HandshakerReq) Reset()         { *m = HandshakerReq{} }
+func (m *HandshakerReq) String() string { return proto.CompactTextString(m) }
+func (*HandshakerReq) ProtoMessage()    {}
+func (*HandshakerReq) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{6}
+}
+
+func (m *HandshakerReq) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_HandshakerReq.Unmarshal(m, b)
+}
+func (m *HandshakerReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_HandshakerReq.Marshal(b, m, deterministic)
+}
+func (m *HandshakerReq) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HandshakerReq.Merge(m, src)
+}
+func (m *HandshakerReq) XXX_Size() int {
+	return xxx_messageInfo_HandshakerReq.Size(m)
+}
+func (m *HandshakerReq) XXX_DiscardUnknown() {
+	xxx_messageInfo_HandshakerReq.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HandshakerReq proto.InternalMessageInfo
+
+type isHandshakerReq_ReqOneof interface {
+	isHandshakerReq_ReqOneof()
+}
+
+type HandshakerReq_ClientStart struct {
+	ClientStart *StartClientHandshakeReq `protobuf:"bytes,1,opt,name=client_start,json=clientStart,proto3,oneof"`
+}
+
+type HandshakerReq_ServerStart struct {
+	ServerStart *StartServerHandshakeReq `protobuf:"bytes,2,opt,name=server_start,json=serverStart,proto3,oneof"`
+}
+
+type HandshakerReq_Next struct {
+	Next *NextHandshakeMessageReq `protobuf:"bytes,3,opt,name=next,proto3,oneof"`
+}
+
+func (*HandshakerReq_ClientStart) isHandshakerReq_ReqOneof() {}
+
+func (*HandshakerReq_ServerStart) isHandshakerReq_ReqOneof() {}
+
+func (*HandshakerReq_Next) isHandshakerReq_ReqOneof() {}
+
+func (m *HandshakerReq) GetReqOneof() isHandshakerReq_ReqOneof {
+	if m != nil {
+		return m.ReqOneof
+	}
+	return nil
+}
+
+func (m *HandshakerReq) GetClientStart() *StartClientHandshakeReq {
+	if x, ok := m.GetReqOneof().(*HandshakerReq_ClientStart); ok {
+		return x.ClientStart
+	}
+	return nil
+}
+
+func (m *HandshakerReq) GetServerStart() *StartServerHandshakeReq {
+	if x, ok := m.GetReqOneof().(*HandshakerReq_ServerStart); ok {
+		return x.ServerStart
+	}
+	return nil
+}
+
+func (m *HandshakerReq) GetNext() *NextHandshakeMessageReq {
+	if x, ok := m.GetReqOneof().(*HandshakerReq_Next); ok {
+		return x.Next
+	}
+	return nil
+}
+
+// XXX_OneofWrappers is for the internal use of the proto package.
+func (*HandshakerReq) XXX_OneofWrappers() []interface{} {
+	return []interface{}{
+		(*HandshakerReq_ClientStart)(nil),
+		(*HandshakerReq_ServerStart)(nil),
+		(*HandshakerReq_Next)(nil),
+	}
+}
+
+type HandshakerResult struct {
+	// The application protocol negotiated for this connection.
+	ApplicationProtocol string `protobuf:"bytes,1,opt,name=application_protocol,json=applicationProtocol,proto3" json:"application_protocol,omitempty"`
+	// The record protocol negotiated for this connection.
+	RecordProtocol string `protobuf:"bytes,2,opt,name=record_protocol,json=recordProtocol,proto3" json:"record_protocol,omitempty"`
+	// Cryptographic key data. The key data may be more than the key length
+	// required for the record protocol, thus the client of the handshaker
+	// service needs to truncate the key data into the right key length.
+	KeyData []byte `protobuf:"bytes,3,opt,name=key_data,json=keyData,proto3" json:"key_data,omitempty"`
+	// The authenticated identity of the peer.
+	PeerIdentity *Identity `protobuf:"bytes,4,opt,name=peer_identity,json=peerIdentity,proto3" json:"peer_identity,omitempty"`
+	// The local identity used in the handshake.
+	LocalIdentity *Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// Indicate whether the handshaker service client should keep the channel
+	// between the handshaker service open, e.g., in order to handle
+	// post-handshake messages in the future.
+	KeepChannelOpen bool `protobuf:"varint,6,opt,name=keep_channel_open,json=keepChannelOpen,proto3" json:"keep_channel_open,omitempty"`
+	// The RPC protocol versions supported by the peer.
+	PeerRpcVersions *RpcProtocolVersions `protobuf:"bytes,7,opt,name=peer_rpc_versions,json=peerRpcVersions,proto3" json:"peer_rpc_versions,omitempty"`
+	// The maximum frame size of the peer.
+	MaxFrameSize         uint32   `protobuf:"varint,8,opt,name=max_frame_size,json=maxFrameSize,proto3" json:"max_frame_size,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *HandshakerResult) Reset()         { *m = HandshakerResult{} }
+func (m *HandshakerResult) String() string { return proto.CompactTextString(m) }
+func (*HandshakerResult) ProtoMessage()    {}
+func (*HandshakerResult) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{7}
+}
+
+func (m *HandshakerResult) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_HandshakerResult.Unmarshal(m, b)
+}
+func (m *HandshakerResult) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_HandshakerResult.Marshal(b, m, deterministic)
+}
+func (m *HandshakerResult) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HandshakerResult.Merge(m, src)
+}
+func (m *HandshakerResult) XXX_Size() int {
+	return xxx_messageInfo_HandshakerResult.Size(m)
+}
+func (m *HandshakerResult) XXX_DiscardUnknown() {
+	xxx_messageInfo_HandshakerResult.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HandshakerResult proto.InternalMessageInfo
+
+func (m *HandshakerResult) GetApplicationProtocol() string {
+	if m != nil {
+		return m.ApplicationProtocol
+	}
+	return ""
+}
+
+func (m *HandshakerResult) GetRecordProtocol() string {
+	if m != nil {
+		return m.RecordProtocol
+	}
+	return ""
+}
+
+func (m *HandshakerResult) GetKeyData() []byte {
+	if m != nil {
+		return m.KeyData
+	}
+	return nil
+}
+
+func (m *HandshakerResult) GetPeerIdentity() *Identity {
+	if m != nil {
+		return m.PeerIdentity
+	}
+	return nil
+}
+
+func (m *HandshakerResult) GetLocalIdentity() *Identity {
+	if m != nil {
+		return m.LocalIdentity
+	}
+	return nil
+}
+
+func (m *HandshakerResult) GetKeepChannelOpen() bool {
+	if m != nil {
+		return m.KeepChannelOpen
+	}
+	return false
+}
+
+func (m *HandshakerResult) GetPeerRpcVersions() *RpcProtocolVersions {
+	if m != nil {
+		return m.PeerRpcVersions
+	}
+	return nil
+}
+
+func (m *HandshakerResult) GetMaxFrameSize() uint32 {
+	if m != nil {
+		return m.MaxFrameSize
+	}
+	return 0
+}
+
+type HandshakerStatus struct {
+	// The status code. This could be the gRPC status code.
+	Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
+	// The status details.
+	Details              string   `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *HandshakerStatus) Reset()         { *m = HandshakerStatus{} }
+func (m *HandshakerStatus) String() string { return proto.CompactTextString(m) }
+func (*HandshakerStatus) ProtoMessage()    {}
+func (*HandshakerStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{8}
+}
+
+func (m *HandshakerStatus) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_HandshakerStatus.Unmarshal(m, b)
+}
+func (m *HandshakerStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_HandshakerStatus.Marshal(b, m, deterministic)
+}
+func (m *HandshakerStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HandshakerStatus.Merge(m, src)
+}
+func (m *HandshakerStatus) XXX_Size() int {
+	return xxx_messageInfo_HandshakerStatus.Size(m)
+}
+func (m *HandshakerStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_HandshakerStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HandshakerStatus proto.InternalMessageInfo
+
+func (m *HandshakerStatus) GetCode() uint32 {
+	if m != nil {
+		return m.Code
+	}
+	return 0
+}
+
+func (m *HandshakerStatus) GetDetails() string {
+	if m != nil {
+		return m.Details
+	}
+	return ""
+}
+
+type HandshakerResp struct {
+	// Frames to be given to the peer for the NextHandshakeMessageReq. May be
+	// empty if no out_frames have to be sent to the peer or if in_bytes in the
+	// HandshakerReq are incomplete. All the non-empty out frames must be sent to
+	// the peer even if the handshaker status is not OK as these frames may
+	// contain the alert frames.
+	OutFrames []byte `protobuf:"bytes,1,opt,name=out_frames,json=outFrames,proto3" json:"out_frames,omitempty"`
+	// Number of bytes in the in_bytes consumed by the handshaker. It is possible
+	// that part of in_bytes in HandshakerReq was unrelated to the handshake
+	// process.
+	BytesConsumed uint32 `protobuf:"varint,2,opt,name=bytes_consumed,json=bytesConsumed,proto3" json:"bytes_consumed,omitempty"`
+	// This is set iff the handshake was successful. out_frames may still be set
+	// to frames that needs to be forwarded to the peer.
+	Result *HandshakerResult `protobuf:"bytes,3,opt,name=result,proto3" json:"result,omitempty"`
+	// Status of the handshaker.
+	Status               *HandshakerStatus `protobuf:"bytes,4,opt,name=status,proto3" json:"status,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *HandshakerResp) Reset()         { *m = HandshakerResp{} }
+func (m *HandshakerResp) String() string { return proto.CompactTextString(m) }
+func (*HandshakerResp) ProtoMessage()    {}
+func (*HandshakerResp) Descriptor() ([]byte, []int) {
+	return fileDescriptor_54c074f40c7c7e99, []int{9}
+}
+
+func (m *HandshakerResp) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_HandshakerResp.Unmarshal(m, b)
+}
+func (m *HandshakerResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_HandshakerResp.Marshal(b, m, deterministic)
+}
+func (m *HandshakerResp) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HandshakerResp.Merge(m, src)
+}
+func (m *HandshakerResp) XXX_Size() int {
+	return xxx_messageInfo_HandshakerResp.Size(m)
+}
+func (m *HandshakerResp) XXX_DiscardUnknown() {
+	xxx_messageInfo_HandshakerResp.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HandshakerResp proto.InternalMessageInfo
+
+func (m *HandshakerResp) GetOutFrames() []byte {
+	if m != nil {
+		return m.OutFrames
+	}
+	return nil
+}
+
+func (m *HandshakerResp) GetBytesConsumed() uint32 {
+	if m != nil {
+		return m.BytesConsumed
+	}
+	return 0
+}
+
+func (m *HandshakerResp) GetResult() *HandshakerResult {
+	if m != nil {
+		return m.Result
+	}
+	return nil
+}
+
+func (m *HandshakerResp) GetStatus() *HandshakerStatus {
+	if m != nil {
+		return m.Status
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterEnum("grpc.gcp.HandshakeProtocol", HandshakeProtocol_name, HandshakeProtocol_value)
+	proto.RegisterEnum("grpc.gcp.NetworkProtocol", NetworkProtocol_name, NetworkProtocol_value)
+	proto.RegisterType((*Endpoint)(nil), "grpc.gcp.Endpoint")
+	proto.RegisterType((*Identity)(nil), "grpc.gcp.Identity")
+	proto.RegisterMapType((map[string]string)(nil), "grpc.gcp.Identity.AttributesEntry")
+	proto.RegisterType((*StartClientHandshakeReq)(nil), "grpc.gcp.StartClientHandshakeReq")
+	proto.RegisterType((*ServerHandshakeParameters)(nil), "grpc.gcp.ServerHandshakeParameters")
+	proto.RegisterType((*StartServerHandshakeReq)(nil), "grpc.gcp.StartServerHandshakeReq")
+	proto.RegisterMapType((map[int32]*ServerHandshakeParameters)(nil), "grpc.gcp.StartServerHandshakeReq.HandshakeParametersEntry")
+	proto.RegisterType((*NextHandshakeMessageReq)(nil), "grpc.gcp.NextHandshakeMessageReq")
+	proto.RegisterType((*HandshakerReq)(nil), "grpc.gcp.HandshakerReq")
+	proto.RegisterType((*HandshakerResult)(nil), "grpc.gcp.HandshakerResult")
+	proto.RegisterType((*HandshakerStatus)(nil), "grpc.gcp.HandshakerStatus")
+	proto.RegisterType((*HandshakerResp)(nil), "grpc.gcp.HandshakerResp")
+}
+
+func init() { proto.RegisterFile("grpc/gcp/handshaker.proto", fileDescriptor_54c074f40c7c7e99) }
+
+var fileDescriptor_54c074f40c7c7e99 = []byte{
+	// 1203 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xdd, 0x6e, 0x1b, 0x45,
+	0x14, 0xce, 0xda, 0x4e, 0xe2, 0x1c, 0xc7, 0x3f, 0x99, 0xa6, 0xea, 0x26, 0x6d, 0xc1, 0x18, 0x10,
+	0x6e, 0x2f, 0x6c, 0x70, 0x41, 0xa5, 0x45, 0x55, 0x6b, 0x3b, 0x8e, 0x1c, 0x5a, 0x1c, 0x6b, 0x9d,
+	0x82, 0x44, 0x2f, 0x56, 0xd3, 0xf5, 0xd4, 0x59, 0x79, 0x3d, 0xb3, 0x9d, 0x19, 0x87, 0xb8, 0xf7,
+	0xbc, 0x04, 0xf7, 0xbc, 0x06, 0x2f, 0xc1, 0x33, 0x20, 0xf1, 0x18, 0x68, 0x67, 0x7f, 0x6d, 0xaf,
+	0xab, 0x22, 0xb8, 0xdb, 0x39, 0xf3, 0x7d, 0x67, 0xce, 0x9c, 0xf3, 0x9d, 0xb3, 0x03, 0x47, 0x13,
+	0xee, 0x5a, 0xcd, 0x89, 0xe5, 0x36, 0x2f, 0x31, 0x1d, 0x8b, 0x4b, 0x3c, 0x25, 0xbc, 0xe1, 0x72,
+	0x26, 0x19, 0xca, 0x7b, 0x5b, 0x8d, 0x89, 0xe5, 0x1e, 0xd7, 0x23, 0x90, 0xe4, 0x98, 0x0a, 0x97,
+	0x71, 0x69, 0x0a, 0x62, 0xcd, 0xb9, 0x2d, 0x17, 0xa6, 0xc5, 0x66, 0x33, 0x46, 0x7d, 0x4e, 0x4d,
+	0x42, 0xbe, 0x47, 0xc7, 0x2e, 0xb3, 0xa9, 0x44, 0x77, 0x01, 0x6c, 0xd7, 0xc4, 0xe3, 0x31, 0x27,
+	0x42, 0xe8, 0x5a, 0x55, 0xab, 0xef, 0x19, 0x7b, 0xb6, 0xdb, 0xf6, 0x0d, 0x08, 0x41, 0xce, 0x73,
+	0xa4, 0x67, 0xaa, 0x5a, 0x7d, 0xdb, 0x50, 0xdf, 0xe8, 0x1b, 0xc8, 0x2b, 0x3f, 0x16, 0x73, 0xf4,
+	0x6c, 0x55, 0xab, 0x97, 0x5a, 0x47, 0x8d, 0x30, 0x8a, 0xc6, 0x80, 0xc8, 0x5f, 0x18, 0x9f, 0x0e,
+	0x03, 0x80, 0x11, 0x41, 0x6b, 0x7f, 0x6b, 0x90, 0x3f, 0x1b, 0x13, 0x2a, 0x6d, 0xb9, 0x40, 0xf7,
+	0xa0, 0x2c, 0x08, 0xbf, 0xb2, 0x2d, 0x62, 0x62, 0xcb, 0x62, 0x73, 0x2a, 0xfd, 0xb3, 0xfb, 0x5b,
+	0x46, 0x29, 0xd8, 0x68, 0xfb, 0x76, 0x74, 0x07, 0xf2, 0x97, 0x4c, 0x48, 0x8a, 0x67, 0x44, 0x85,
+	0xe1, 0x61, 0x22, 0x0b, 0xea, 0x00, 0x60, 0x29, 0xb9, 0xfd, 0x7a, 0x2e, 0x89, 0xd0, 0xb3, 0xd5,
+	0x6c, 0xbd, 0xd0, 0xaa, 0xc5, 0xe1, 0x84, 0x07, 0x36, 0xda, 0x11, 0xa8, 0x47, 0x25, 0x5f, 0x18,
+	0x09, 0xd6, 0xf1, 0x13, 0x28, 0xaf, 0x6c, 0xa3, 0x0a, 0x64, 0xa7, 0x64, 0x11, 0xe4, 0xc3, 0xfb,
+	0x44, 0x87, 0xb0, 0x7d, 0x85, 0x9d, 0x79, 0x10, 0x83, 0xe1, 0x2f, 0x1e, 0x67, 0xbe, 0xd5, 0x3a,
+	0x15, 0x28, 0xd9, 0xc1, 0x31, 0x26, 0xa3, 0x84, 0xbd, 0xa9, 0xfd, 0x99, 0x83, 0x5b, 0x23, 0x89,
+	0xb9, 0xec, 0x3a, 0x36, 0xa1, 0xb2, 0x1f, 0x16, 0xcd, 0x20, 0x6f, 0xd1, 0x2b, 0xb8, 0x1d, 0x15,
+	0x31, 0xae, 0x4f, 0x94, 0x50, 0x4d, 0x25, 0xf4, 0x76, 0x7c, 0x83, 0x88, 0x1c, 0xa5, 0xf4, 0x28,
+	0xe2, 0x8f, 0x02, 0x7a, 0xb8, 0x85, 0x1e, 0xc0, 0x4d, 0xec, 0xba, 0x8e, 0x6d, 0x61, 0x69, 0x33,
+	0x1a, 0x79, 0x15, 0x7a, 0xa6, 0x9a, 0xad, 0xef, 0x19, 0x87, 0x89, 0xcd, 0x90, 0x23, 0xd0, 0x3d,
+	0xa8, 0x70, 0x62, 0x31, 0x3e, 0x4e, 0xe0, 0xb3, 0x0a, 0x5f, 0xf6, 0xed, 0x31, 0xf4, 0x29, 0x1c,
+	0x48, 0xcc, 0x27, 0x44, 0x9a, 0xc1, 0x8d, 0x6d, 0x22, 0xf4, 0x9c, 0x4a, 0x3a, 0x5a, 0x4f, 0xba,
+	0x51, 0xf1, 0xc1, 0x67, 0x11, 0x16, 0x3d, 0x82, 0x92, 0xc3, 0x2c, 0xec, 0x84, 0xfc, 0x85, 0xbe,
+	0x5d, 0xd5, 0x36, 0xb0, 0x8b, 0x0a, 0x19, 0x49, 0x26, 0xa2, 0x92, 0x40, 0xbb, 0xfa, 0xce, 0x2a,
+	0x35, 0x54, 0x75, 0x40, 0x8d, 0x44, 0xfe, 0x1d, 0x94, 0x39, 0x99, 0x31, 0x49, 0x62, 0xee, 0xee,
+	0x46, 0x6e, 0xc9, 0x87, 0x46, 0xe4, 0x8f, 0xa1, 0x10, 0xdc, 0x59, 0x49, 0x30, 0xaf, 0xca, 0x0f,
+	0xbe, 0x69, 0xe0, 0x49, 0xf0, 0x19, 0xec, 0x73, 0xd7, 0x32, 0xaf, 0x08, 0x17, 0x36, 0xa3, 0x42,
+	0xdf, 0x53, 0xae, 0xef, 0xc6, 0xae, 0x0d, 0xd7, 0x0a, 0x53, 0xf8, 0x63, 0x00, 0x32, 0x0a, 0xdc,
+	0xb5, 0xc2, 0x05, 0xfa, 0x0c, 0x4a, 0x33, 0x7c, 0x6d, 0xbe, 0xe1, 0x78, 0x46, 0x4c, 0x61, 0xbf,
+	0x23, 0x3a, 0x54, 0xb5, 0x7a, 0xd1, 0xd8, 0x9f, 0xe1, 0xeb, 0x53, 0xcf, 0x38, 0xb2, 0xdf, 0x91,
+	0xda, 0xaf, 0x1a, 0x1c, 0x8d, 0x08, 0xbf, 0x22, 0x3c, 0xd6, 0x04, 0xf6, 0x76, 0x25, 0xe1, 0xe9,
+	0x55, 0xd4, 0xd2, 0xab, 0xf8, 0x04, 0x2a, 0x4b, 0x45, 0xf0, 0x8a, 0x98, 0xd9, 0x58, 0xc4, 0x72,
+	0xb2, 0x0c, 0x36, 0x11, 0xb5, 0xdf, 0x43, 0x75, 0xaf, 0x04, 0xe3, 0xa9, 0x7b, 0xa3, 0x00, 0xb5,
+	0xf7, 0x08, 0x70, 0x06, 0x87, 0x71, 0x4b, 0xb8, 0xd1, 0x95, 0x82, 0x98, 0x1e, 0xc7, 0x31, 0x6d,
+	0x38, 0xb5, 0x91, 0x92, 0x0f, 0xbf, 0xcb, 0x6f, 0x5c, 0xa6, 0x64, 0xea, 0x08, 0xf2, 0x36, 0x35,
+	0x5f, 0x2f, 0xfc, 0x81, 0xa1, 0xd5, 0xf7, 0x8d, 0x5d, 0x9b, 0x76, 0xbc, 0x65, 0x8a, 0xc6, 0x72,
+	0xff, 0x41, 0x63, 0xdb, 0x1f, 0xac, 0xb1, 0x55, 0x09, 0xed, 0xfc, 0x0f, 0x12, 0xda, 0x5d, 0x97,
+	0xd0, 0xf1, 0x14, 0xf4, 0x4d, 0xb9, 0x4a, 0x8e, 0xbc, 0x6d, 0x7f, 0xe4, 0x3d, 0x4a, 0x8e, 0xbc,
+	0x42, 0xeb, 0xd3, 0x44, 0x21, 0x36, 0xc9, 0x30, 0x31, 0x17, 0x6b, 0x5f, 0xc3, 0xad, 0x01, 0xb9,
+	0x8e, 0xa7, 0xdf, 0x0f, 0x44, 0x08, 0x3c, 0x51, 0x32, 0x49, 0x96, 0x40, 0x5b, 0x2a, 0x41, 0xed,
+	0x2f, 0x0d, 0x8a, 0x11, 0x85, 0x7b, 0xe0, 0x53, 0xd8, 0xb7, 0xd4, 0x1c, 0x35, 0x85, 0x57, 0x7f,
+	0x45, 0x28, 0xb4, 0x3e, 0x59, 0x91, 0xc5, 0xfa, 0xa8, 0xed, 0x6f, 0x19, 0x05, 0x9f, 0xa8, 0x00,
+	0x9e, 0x1f, 0xa1, 0xe2, 0x0e, 0xfc, 0x64, 0x52, 0xfd, 0xac, 0xcb, 0xcb, 0xf3, 0xe3, 0x13, 0x7d,
+	0x3f, 0x0f, 0x21, 0x47, 0xc9, 0xb5, 0x54, 0xda, 0x59, 0xe2, 0x6f, 0xb8, 0x6d, 0x7f, 0xcb, 0x50,
+	0x84, 0x4e, 0x01, 0xf6, 0x38, 0x79, 0x1b, 0xfc, 0x23, 0x7e, 0xcb, 0x42, 0x25, 0x79, 0x4f, 0x31,
+	0x77, 0x24, 0xfa, 0x0a, 0x0e, 0xd3, 0xda, 0x27, 0xf8, 0x0f, 0xdd, 0x48, 0xe9, 0x1e, 0xf4, 0x05,
+	0x94, 0x57, 0xfa, 0x3e, 0xf8, 0x43, 0x95, 0x96, 0xdb, 0xde, 0xcb, 0xf9, 0x94, 0x2c, 0xcc, 0x31,
+	0x96, 0x38, 0x94, 0xfd, 0x94, 0x2c, 0x4e, 0xb0, 0xc4, 0xe8, 0x21, 0x14, 0x5d, 0x42, 0x78, 0x3c,
+	0x94, 0x73, 0x1b, 0x87, 0xf2, 0xbe, 0x07, 0x5c, 0x9f, 0xc9, 0xff, 0x7e, 0x9c, 0xdf, 0x87, 0x83,
+	0x29, 0x21, 0xae, 0x69, 0x5d, 0x62, 0x4a, 0x89, 0x63, 0x32, 0x97, 0x50, 0xa5, 0xfb, 0xbc, 0x51,
+	0xf6, 0x36, 0xba, 0xbe, 0xfd, 0xdc, 0x25, 0x14, 0x9d, 0xc1, 0x81, 0x8a, 0x6f, 0xa9, 0x47, 0x76,
+	0x3f, 0xa4, 0x47, 0xca, 0x1e, 0xcf, 0x78, 0x6f, 0x9f, 0xe4, 0x53, 0x46, 0xed, 0xb3, 0x64, 0x6d,
+	0x46, 0x12, 0xcb, 0xb9, 0x7a, 0x0a, 0x59, 0x6c, 0x4c, 0x54, 0x2d, 0x8a, 0x86, 0xfa, 0x46, 0x3a,
+	0xec, 0x8e, 0x89, 0xc4, 0xb6, 0xfa, 0xc3, 0x7a, 0x49, 0x0f, 0x97, 0xb5, 0x3f, 0x34, 0x28, 0x2d,
+	0x95, 0xd7, 0xf5, 0x9e, 0x5a, 0x6c, 0x2e, 0xfd, 0xa3, 0x43, 0xd9, 0xef, 0xb1, 0xb9, 0x54, 0xc7,
+	0x0a, 0xf4, 0x39, 0x94, 0x54, 0x43, 0x98, 0x16, 0xa3, 0x62, 0x3e, 0x23, 0x63, 0xe5, 0xb2, 0x68,
+	0x14, 0x95, 0xb5, 0x1b, 0x18, 0x51, 0x0b, 0x76, 0xb8, 0x12, 0x4b, 0xa0, 0xbf, 0xe3, 0x94, 0xa7,
+	0x42, 0x20, 0x27, 0x23, 0x40, 0x7a, 0x1c, 0xa1, 0x2e, 0x11, 0x14, 0x36, 0x95, 0xe3, 0x5f, 0xd3,
+	0x08, 0x90, 0xf7, 0xbf, 0x87, 0x83, 0xb5, 0xa7, 0x07, 0xaa, 0xc1, 0x47, 0xfd, 0xf6, 0xe0, 0x64,
+	0xd4, 0x6f, 0x3f, 0xef, 0x99, 0x43, 0xe3, 0xfc, 0xe2, 0xbc, 0x7b, 0xfe, 0xc2, 0x7c, 0x39, 0x18,
+	0x0d, 0x7b, 0xdd, 0xb3, 0xd3, 0xb3, 0xde, 0x49, 0x65, 0x0b, 0xed, 0x42, 0xf6, 0xe2, 0xc5, 0xa8,
+	0xa2, 0xa1, 0x3c, 0xe4, 0xda, 0x2f, 0x2e, 0x46, 0x95, 0xcc, 0xfd, 0x1e, 0x94, 0x57, 0xde, 0x85,
+	0xa8, 0x0a, 0x77, 0x06, 0xbd, 0x8b, 0x9f, 0xce, 0x8d, 0xe7, 0xef, 0xf3, 0xd3, 0x1d, 0x56, 0x34,
+	0xef, 0xe3, 0xe5, 0xc9, 0xb0, 0x92, 0x69, 0xbd, 0x4a, 0x84, 0xc4, 0x47, 0xfe, 0x2b, 0x11, 0x9d,
+	0x42, 0xe1, 0x84, 0x45, 0x66, 0x74, 0x2b, 0x3d, 0x1d, 0x6f, 0x8f, 0xf5, 0x0d, 0x79, 0x72, 0x6b,
+	0x5b, 0x75, 0xed, 0x4b, 0xad, 0x33, 0x85, 0x9b, 0x36, 0xf3, 0x31, 0xd8, 0x91, 0xa2, 0x61, 0x53,
+	0x49, 0x38, 0xc5, 0x4e, 0xa7, 0x1c, 0xc3, 0x55, 0xf4, 0x43, 0xed, 0xe7, 0xa7, 0x13, 0xc6, 0x26,
+	0x0e, 0x69, 0x4c, 0x98, 0x83, 0xe9, 0xa4, 0xc1, 0xf8, 0xa4, 0xa9, 0x1e, 0xdf, 0x16, 0x27, 0x4a,
+	0xde, 0xd8, 0x11, 0x4d, 0xcf, 0x49, 0x33, 0x74, 0xd2, 0x54, 0xbd, 0xa9, 0x40, 0xe6, 0xc4, 0x72,
+	0x5f, 0xef, 0xa8, 0xf5, 0x83, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0xc1, 0xf9, 0x9d, 0xf2, 0xd9,
+	0x0b, 0x00, 0x00,
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// HandshakerServiceClient is the client API for HandshakerService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type HandshakerServiceClient interface {
+	// Handshaker service accepts a stream of handshaker request, returning a
+	// stream of handshaker response. Client is expected to send exactly one
+	// message with either client_start or server_start followed by one or more
+	// messages with next. Each time client sends a request, the handshaker
+	// service expects to respond. Client does not have to wait for service's
+	// response before sending next request.
+	DoHandshake(ctx context.Context, opts ...grpc.CallOption) (HandshakerService_DoHandshakeClient, error)
+}
+
+type handshakerServiceClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewHandshakerServiceClient(cc *grpc.ClientConn) HandshakerServiceClient {
+	return &handshakerServiceClient{cc}
+}
+
+func (c *handshakerServiceClient) DoHandshake(ctx context.Context, opts ...grpc.CallOption) (HandshakerService_DoHandshakeClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_HandshakerService_serviceDesc.Streams[0], "/grpc.gcp.HandshakerService/DoHandshake", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &handshakerServiceDoHandshakeClient{stream}
+	return x, nil
+}
+
+type HandshakerService_DoHandshakeClient interface {
+	Send(*HandshakerReq) error
+	Recv() (*HandshakerResp, error)
+	grpc.ClientStream
+}
+
+type handshakerServiceDoHandshakeClient struct {
+	grpc.ClientStream
+}
+
+func (x *handshakerServiceDoHandshakeClient) Send(m *HandshakerReq) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *handshakerServiceDoHandshakeClient) Recv() (*HandshakerResp, error) {
+	m := new(HandshakerResp)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// HandshakerServiceServer is the server API for HandshakerService service.
+type HandshakerServiceServer interface {
+	// Handshaker service accepts a stream of handshaker request, returning a
+	// stream of handshaker response. Client is expected to send exactly one
+	// message with either client_start or server_start followed by one or more
+	// messages with next. Each time client sends a request, the handshaker
+	// service expects to respond. Client does not have to wait for service's
+	// response before sending next request.
+	DoHandshake(HandshakerService_DoHandshakeServer) error
+}
+
+// UnimplementedHandshakerServiceServer can be embedded to have forward compatible implementations.
+type UnimplementedHandshakerServiceServer struct {
+}
+
+func (*UnimplementedHandshakerServiceServer) DoHandshake(srv HandshakerService_DoHandshakeServer) error {
+	return status.Errorf(codes.Unimplemented, "method DoHandshake not implemented")
+}
+
+func RegisterHandshakerServiceServer(s *grpc.Server, srv HandshakerServiceServer) {
+	s.RegisterService(&_HandshakerService_serviceDesc, srv)
+}
+
+func _HandshakerService_DoHandshake_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(HandshakerServiceServer).DoHandshake(&handshakerServiceDoHandshakeServer{stream})
+}
+
+type HandshakerService_DoHandshakeServer interface {
+	Send(*HandshakerResp) error
+	Recv() (*HandshakerReq, error)
+	grpc.ServerStream
+}
+
+type handshakerServiceDoHandshakeServer struct {
+	grpc.ServerStream
+}
+
+func (x *handshakerServiceDoHandshakeServer) Send(m *HandshakerResp) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *handshakerServiceDoHandshakeServer) Recv() (*HandshakerReq, error) {
+	m := new(HandshakerReq)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+var _HandshakerService_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "grpc.gcp.HandshakerService",
+	HandlerType: (*HandshakerServiceServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "DoHandshake",
+			Handler:       _HandshakerService_DoHandshake_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "grpc/gcp/handshaker.proto",
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go
new file mode 100644
index 0000000000000..992805165db6e
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go
@@ -0,0 +1,184 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: grpc/gcp/transport_security_common.proto
+
+package grpc_gcp
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// The security level of the created channel. The list is sorted in increasing
+// level of security. This order must always be maintained.
+type SecurityLevel int32
+
+const (
+	SecurityLevel_SECURITY_NONE         SecurityLevel = 0
+	SecurityLevel_INTEGRITY_ONLY        SecurityLevel = 1
+	SecurityLevel_INTEGRITY_AND_PRIVACY SecurityLevel = 2
+)
+
+var SecurityLevel_name = map[int32]string{
+	0: "SECURITY_NONE",
+	1: "INTEGRITY_ONLY",
+	2: "INTEGRITY_AND_PRIVACY",
+}
+
+var SecurityLevel_value = map[string]int32{
+	"SECURITY_NONE":         0,
+	"INTEGRITY_ONLY":        1,
+	"INTEGRITY_AND_PRIVACY": 2,
+}
+
+func (x SecurityLevel) String() string {
+	return proto.EnumName(SecurityLevel_name, int32(x))
+}
+
+func (SecurityLevel) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_b97e31e3cc23582a, []int{0}
+}
+
+// Max and min supported RPC protocol versions.
+type RpcProtocolVersions struct {
+	// Maximum supported RPC version.
+	MaxRpcVersion *RpcProtocolVersions_Version `protobuf:"bytes,1,opt,name=max_rpc_version,json=maxRpcVersion,proto3" json:"max_rpc_version,omitempty"`
+	// Minimum supported RPC version.
+	MinRpcVersion        *RpcProtocolVersions_Version `protobuf:"bytes,2,opt,name=min_rpc_version,json=minRpcVersion,proto3" json:"min_rpc_version,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                     `json:"-"`
+	XXX_unrecognized     []byte                       `json:"-"`
+	XXX_sizecache        int32                        `json:"-"`
+}
+
+func (m *RpcProtocolVersions) Reset()         { *m = RpcProtocolVersions{} }
+func (m *RpcProtocolVersions) String() string { return proto.CompactTextString(m) }
+func (*RpcProtocolVersions) ProtoMessage()    {}
+func (*RpcProtocolVersions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b97e31e3cc23582a, []int{0}
+}
+
+func (m *RpcProtocolVersions) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_RpcProtocolVersions.Unmarshal(m, b)
+}
+func (m *RpcProtocolVersions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_RpcProtocolVersions.Marshal(b, m, deterministic)
+}
+func (m *RpcProtocolVersions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RpcProtocolVersions.Merge(m, src)
+}
+func (m *RpcProtocolVersions) XXX_Size() int {
+	return xxx_messageInfo_RpcProtocolVersions.Size(m)
+}
+func (m *RpcProtocolVersions) XXX_DiscardUnknown() {
+	xxx_messageInfo_RpcProtocolVersions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RpcProtocolVersions proto.InternalMessageInfo
+
+func (m *RpcProtocolVersions) GetMaxRpcVersion() *RpcProtocolVersions_Version {
+	if m != nil {
+		return m.MaxRpcVersion
+	}
+	return nil
+}
+
+func (m *RpcProtocolVersions) GetMinRpcVersion() *RpcProtocolVersions_Version {
+	if m != nil {
+		return m.MinRpcVersion
+	}
+	return nil
+}
+
+// RPC version contains a major version and a minor version.
+type RpcProtocolVersions_Version struct {
+	Major                uint32   `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"`
+	Minor                uint32   `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *RpcProtocolVersions_Version) Reset()         { *m = RpcProtocolVersions_Version{} }
+func (m *RpcProtocolVersions_Version) String() string { return proto.CompactTextString(m) }
+func (*RpcProtocolVersions_Version) ProtoMessage()    {}
+func (*RpcProtocolVersions_Version) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b97e31e3cc23582a, []int{0, 0}
+}
+
+func (m *RpcProtocolVersions_Version) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_RpcProtocolVersions_Version.Unmarshal(m, b)
+}
+func (m *RpcProtocolVersions_Version) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_RpcProtocolVersions_Version.Marshal(b, m, deterministic)
+}
+func (m *RpcProtocolVersions_Version) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RpcProtocolVersions_Version.Merge(m, src)
+}
+func (m *RpcProtocolVersions_Version) XXX_Size() int {
+	return xxx_messageInfo_RpcProtocolVersions_Version.Size(m)
+}
+func (m *RpcProtocolVersions_Version) XXX_DiscardUnknown() {
+	xxx_messageInfo_RpcProtocolVersions_Version.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RpcProtocolVersions_Version proto.InternalMessageInfo
+
+func (m *RpcProtocolVersions_Version) GetMajor() uint32 {
+	if m != nil {
+		return m.Major
+	}
+	return 0
+}
+
+func (m *RpcProtocolVersions_Version) GetMinor() uint32 {
+	if m != nil {
+		return m.Minor
+	}
+	return 0
+}
+
+func init() {
+	proto.RegisterEnum("grpc.gcp.SecurityLevel", SecurityLevel_name, SecurityLevel_value)
+	proto.RegisterType((*RpcProtocolVersions)(nil), "grpc.gcp.RpcProtocolVersions")
+	proto.RegisterType((*RpcProtocolVersions_Version)(nil), "grpc.gcp.RpcProtocolVersions.Version")
+}
+
+func init() {
+	proto.RegisterFile("grpc/gcp/transport_security_common.proto", fileDescriptor_b97e31e3cc23582a)
+}
+
+var fileDescriptor_b97e31e3cc23582a = []byte{
+	// 323 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x91, 0x41, 0x4b, 0x3b, 0x31,
+	0x10, 0xc5, 0xff, 0x5b, 0xf8, 0xab, 0x44, 0x56, 0xeb, 0x6a, 0x41, 0xc5, 0x83, 0x08, 0x42, 0xf1,
+	0x90, 0x05, 0xc5, 0xb3, 0xb4, 0xb5, 0x48, 0xa1, 0x6e, 0xeb, 0xb6, 0x16, 0xea, 0x25, 0xc4, 0x18,
+	0x42, 0x24, 0x9b, 0x09, 0xb3, 0xb1, 0xd4, 0xaf, 0xec, 0xa7, 0x90, 0x4d, 0xbb, 0x14, 0xc1, 0x8b,
+	0xb7, 0xbc, 0xc7, 0xcc, 0x6f, 0x32, 0xf3, 0x48, 0x5b, 0xa1, 0x13, 0xa9, 0x12, 0x2e, 0xf5, 0xc8,
+	0x6d, 0xe9, 0x00, 0x3d, 0x2b, 0xa5, 0xf8, 0x40, 0xed, 0x3f, 0x99, 0x80, 0xa2, 0x00, 0x4b, 0x1d,
+	0x82, 0x87, 0x64, 0xa7, 0xaa, 0xa4, 0x4a, 0xb8, 0x8b, 0xaf, 0x88, 0x1c, 0xe6, 0x4e, 0x8c, 0x2b,
+	0x5b, 0x80, 0x99, 0x49, 0x2c, 0x35, 0xd8, 0x32, 0x79, 0x24, 0xfb, 0x05, 0x5f, 0x32, 0x74, 0x82,
+	0x2d, 0x56, 0xde, 0x71, 0x74, 0x1e, 0xb5, 0x77, 0xaf, 0x2f, 0x69, 0xdd, 0x4b, 0x7f, 0xe9, 0xa3,
+	0xeb, 0x47, 0x1e, 0x17, 0x7c, 0x99, 0x3b, 0xb1, 0x96, 0x01, 0xa7, 0xed, 0x0f, 0x5c, 0xe3, 0x6f,
+	0x38, 0x6d, 0x37, 0xb8, 0xd3, 0x5b, 0xb2, 0x5d, 0x93, 0x8f, 0xc8, 0xff, 0x82, 0xbf, 0x03, 0x86,
+	0xef, 0xc5, 0xf9, 0x4a, 0x04, 0x57, 0x5b, 0xc0, 0x30, 0xa5, 0x72, 0x2b, 0x71, 0xf5, 0x44, 0xe2,
+	0xc9, 0xfa, 0x1e, 0x43, 0xb9, 0x90, 0x26, 0x39, 0x20, 0xf1, 0xa4, 0xdf, 0x7b, 0xce, 0x07, 0xd3,
+	0x39, 0xcb, 0x46, 0x59, 0xbf, 0xf9, 0x2f, 0x49, 0xc8, 0xde, 0x20, 0x9b, 0xf6, 0x1f, 0x82, 0x37,
+	0xca, 0x86, 0xf3, 0x66, 0x94, 0x9c, 0x90, 0xd6, 0xc6, 0xeb, 0x64, 0xf7, 0x6c, 0x9c, 0x0f, 0x66,
+	0x9d, 0xde, 0xbc, 0xd9, 0xe8, 0x2e, 0x49, 0x4b, 0xc3, 0x6a, 0x07, 0x6e, 0x7c, 0x49, 0xb5, 0xf5,
+	0x12, 0x2d, 0x37, 0xdd, 0xb3, 0x69, 0x9d, 0x41, 0x3d, 0xb2, 0x17, 0x12, 0x08, 0x2b, 0x8e, 0xa3,
+	0x97, 0x3b, 0x05, 0xa0, 0x8c, 0xa4, 0x0a, 0x0c, 0xb7, 0x8a, 0x02, 0xaa, 0x34, 0xc4, 0x27, 0x50,
+	0xbe, 0x49, 0xeb, 0x35, 0x37, 0x65, 0x5a, 0x11, 0xd3, 0x9a, 0x98, 0x86, 0xe8, 0x42, 0x11, 0x53,
+	0xc2, 0xbd, 0x6e, 0x05, 0x7d, 0xf3, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x31, 0x14, 0xb4, 0x11, 0xf6,
+	0x01, 0x00, 0x00,
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/utils.go b/vendor/google.golang.org/grpc/credentials/alts/utils.go
new file mode 100644
index 0000000000000..e46280ad5f58e
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/alts/utils.go
@@ -0,0 +1,163 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package alts
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"os"
+	"os/exec"
+	"regexp"
+	"runtime"
+	"strings"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/peer"
+	"google.golang.org/grpc/status"
+)
+
+const (
+	linuxProductNameFile     = "/sys/class/dmi/id/product_name"
+	windowsCheckCommand      = "powershell.exe"
+	windowsCheckCommandArgs  = "Get-WmiObject -Class Win32_BIOS"
+	powershellOutputFilter   = "Manufacturer"
+	windowsManufacturerRegex = ":(.*)"
+)
+
+type platformError string
+
+func (k platformError) Error() string {
+	return fmt.Sprintf("%s is not supported", string(k))
+}
+
+var (
+	// The following two variables will be reassigned in tests.
+	runningOS          = runtime.GOOS
+	manufacturerReader = func() (io.Reader, error) {
+		switch runningOS {
+		case "linux":
+			return os.Open(linuxProductNameFile)
+		case "windows":
+			cmd := exec.Command(windowsCheckCommand, windowsCheckCommandArgs)
+			out, err := cmd.Output()
+			if err != nil {
+				return nil, err
+			}
+
+			for _, line := range strings.Split(strings.TrimSuffix(string(out), "\n"), "\n") {
+				if strings.HasPrefix(line, powershellOutputFilter) {
+					re := regexp.MustCompile(windowsManufacturerRegex)
+					name := re.FindString(line)
+					name = strings.TrimLeft(name, ":")
+					return strings.NewReader(name), nil
+				}
+			}
+
+			return nil, errors.New("cannot determine the machine's manufacturer")
+		default:
+			return nil, platformError(runningOS)
+		}
+	}
+	vmOnGCP bool
+)
+
+// isRunningOnGCP checks whether the local system, without doing a network request is
+// running on GCP.
+func isRunningOnGCP() bool {
+	manufacturer, err := readManufacturer()
+	if os.IsNotExist(err) {
+		return false
+	}
+	if err != nil {
+		log.Fatalf("failure to read manufacturer information: %v", err)
+	}
+	name := string(manufacturer)
+	switch runningOS {
+	case "linux":
+		name = strings.TrimSpace(name)
+		return name == "Google" || name == "Google Compute Engine"
+	case "windows":
+		name = strings.Replace(name, " ", "", -1)
+		name = strings.Replace(name, "\n", "", -1)
+		name = strings.Replace(name, "\r", "", -1)
+		return name == "Google"
+	default:
+		log.Fatal(platformError(runningOS))
+	}
+	return false
+}
+
+func readManufacturer() ([]byte, error) {
+	reader, err := manufacturerReader()
+	if err != nil {
+		return nil, err
+	}
+	if reader == nil {
+		return nil, errors.New("got nil reader")
+	}
+	manufacturer, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return nil, fmt.Errorf("failed reading %v: %v", linuxProductNameFile, err)
+	}
+	return manufacturer, nil
+}
+
+// AuthInfoFromContext extracts the alts.AuthInfo object from the given context,
+// if it exists. This API should be used by gRPC server RPC handlers to get
+// information about the communicating peer. For client-side, use grpc.Peer()
+// CallOption.
+func AuthInfoFromContext(ctx context.Context) (AuthInfo, error) {
+	p, ok := peer.FromContext(ctx)
+	if !ok {
+		return nil, errors.New("no Peer found in Context")
+	}
+	return AuthInfoFromPeer(p)
+}
+
+// AuthInfoFromPeer extracts the alts.AuthInfo object from the given peer, if it
+// exists. This API should be used by gRPC clients after obtaining a peer object
+// using the grpc.Peer() CallOption.
+func AuthInfoFromPeer(p *peer.Peer) (AuthInfo, error) {
+	altsAuthInfo, ok := p.AuthInfo.(AuthInfo)
+	if !ok {
+		return nil, errors.New("no alts.AuthInfo found in Peer")
+	}
+	return altsAuthInfo, nil
+}
+
+// ClientAuthorizationCheck checks whether the client is authorized to access
+// the requested resources based on the given expected client service accounts.
+// This API should be used by gRPC server RPC handlers. This API should not be
+// used by clients.
+func ClientAuthorizationCheck(ctx context.Context, expectedServiceAccounts []string) error {
+	authInfo, err := AuthInfoFromContext(ctx)
+	if err != nil {
+		return status.Newf(codes.PermissionDenied, "The context is not an ALTS-compatible context: %v", err).Err()
+	}
+	for _, sa := range expectedServiceAccounts {
+		if authInfo.PeerServiceAccount() == sa {
+			return nil
+		}
+	}
+	return status.Newf(codes.PermissionDenied, "Client %v is not authorized", authInfo.PeerServiceAccount()).Err()
+}
diff --git a/vendor/google.golang.org/grpc/credentials/credentials.go b/vendor/google.golang.org/grpc/credentials/credentials.go
index 3351bf0ee5f87..845ce5d216181 100644
--- a/vendor/google.golang.org/grpc/credentials/credentials.go
+++ b/vendor/google.golang.org/grpc/credentials/credentials.go
@@ -23,20 +23,15 @@
 package credentials // import "google.golang.org/grpc/credentials"
 
 import (
-	"crypto/tls"
-	"crypto/x509"
+	"context"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
-	"strings"
 
-	"golang.org/x/net/context"
+	"github.com/golang/protobuf/proto"
+	"google.golang.org/grpc/internal"
 )
 
-// alpnProtoStr are the specified application level protocols for gRPC.
-var alpnProtoStr = []string{"h2"}
-
 // PerRPCCredentials defines the common interface for the credentials which need to
 // attach security information to every RPC (e.g., oauth2).
 type PerRPCCredentials interface {
@@ -46,7 +41,8 @@ type PerRPCCredentials interface {
 	// context. If a status code is returned, it will be used as the status
 	// for the RPC. uri is the URI of the entry point for the request.
 	// When supported by the underlying implementation, ctx can be used for
-	// timeout and cancellation.
+	// timeout and cancellation. Additionally, RequestInfo data will be
+	// available via ctx to this call.
 	// TODO(zhaoq): Define the set of the qualified keys instead of leaving
 	// it as an arbitrary string.
 	GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
@@ -55,6 +51,48 @@ type PerRPCCredentials interface {
 	RequireTransportSecurity() bool
 }
 
+// SecurityLevel defines the protection level on an established connection.
+//
+// This API is experimental.
+type SecurityLevel int
+
+const (
+	// NoSecurity indicates a connection is insecure.
+	// The zero SecurityLevel value is invalid for backward compatibility.
+	NoSecurity SecurityLevel = iota + 1
+	// IntegrityOnly indicates a connection only provides integrity protection.
+	IntegrityOnly
+	// PrivacyAndIntegrity indicates a connection provides both privacy and integrity protection.
+	PrivacyAndIntegrity
+)
+
+// String returns SecurityLevel in a string format.
+func (s SecurityLevel) String() string {
+	switch s {
+	case NoSecurity:
+		return "NoSecurity"
+	case IntegrityOnly:
+		return "IntegrityOnly"
+	case PrivacyAndIntegrity:
+		return "PrivacyAndIntegrity"
+	}
+	return fmt.Sprintf("invalid SecurityLevel: %v", int(s))
+}
+
+// CommonAuthInfo contains authenticated information common to AuthInfo implementations.
+// It should be embedded in a struct implementing AuthInfo to provide additional information
+// about the credentials.
+//
+// This API is experimental.
+type CommonAuthInfo struct {
+	SecurityLevel SecurityLevel
+}
+
+// GetCommonAuthInfo returns the pointer to CommonAuthInfo struct.
+func (c *CommonAuthInfo) GetCommonAuthInfo() *CommonAuthInfo {
+	return c
+}
+
 // ProtocolInfo provides information regarding the gRPC wire protocol version,
 // security protocol, security protocol version in use, server name, etc.
 type ProtocolInfo struct {
@@ -69,6 +107,8 @@ type ProtocolInfo struct {
 }
 
 // AuthInfo defines the common interface for the auth information the users are interested in.
+// A struct that implements AuthInfo should embed CommonAuthInfo by including additional
+// information about the credentials in it.
 type AuthInfo interface {
 	AuthType() string
 }
@@ -83,7 +123,8 @@ type TransportCredentials interface {
 	// ClientHandshake does the authentication handshake specified by the corresponding
 	// authentication protocol on rawConn for clients. It returns the authenticated
 	// connection and the corresponding auth information about the connection.
-	// Implementations must use the provided context to implement timely cancellation.
+	// The auth information should embed CommonAuthInfo to return additional information about
+	// the credentials. Implementations must use the provided context to implement timely cancellation.
 	// gRPC will try to reconnect if the error returned is a temporary error
 	// (io.EOF, context.DeadlineExceeded or err.Temporary() == true).
 	// If the returned error is a wrapper error, implementations should make sure that
@@ -93,7 +134,8 @@ type TransportCredentials interface {
 	ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error)
 	// ServerHandshake does the authentication handshake for servers. It returns
 	// the authenticated connection and the corresponding auth information about
-	// the connection.
+	// the connection. The auth information should embed CommonAuthInfo to return additional information
+	// about the credentials.
 	//
 	// If the returned net.Conn is closed, it MUST close the net.Conn provided.
 	ServerHandshake(net.Conn) (net.Conn, AuthInfo, error)
@@ -107,114 +149,103 @@ type TransportCredentials interface {
 	OverrideServerName(string) error
 }
 
-// TLSInfo contains the auth information for a TLS authenticated connection.
-// It implements the AuthInfo interface.
-type TLSInfo struct {
-	State tls.ConnectionState
-}
-
-// AuthType returns the type of TLSInfo as a string.
-func (t TLSInfo) AuthType() string {
-	return "tls"
-}
-
-// tlsCreds is the credentials required for authenticating a connection using TLS.
-type tlsCreds struct {
-	// TLS configuration
-	config *tls.Config
-}
-
-func (c tlsCreds) Info() ProtocolInfo {
-	return ProtocolInfo{
-		SecurityProtocol: "tls",
-		SecurityVersion:  "1.2",
-		ServerName:       c.config.ServerName,
+// Bundle is a combination of TransportCredentials and PerRPCCredentials.
+//
+// It also contains a mode switching method, so it can be used as a combination
+// of different credential policies.
+//
+// Bundle cannot be used together with individual TransportCredentials.
+// PerRPCCredentials from Bundle will be appended to other PerRPCCredentials.
+//
+// This API is experimental.
+type Bundle interface {
+	TransportCredentials() TransportCredentials
+	PerRPCCredentials() PerRPCCredentials
+	// NewWithMode should make a copy of Bundle, and switch mode. Modifying the
+	// existing Bundle may cause races.
+	//
+	// NewWithMode returns nil if the requested mode is not supported.
+	NewWithMode(mode string) (Bundle, error)
+}
+
+// RequestInfo contains request data attached to the context passed to GetRequestMetadata calls.
+//
+// This API is experimental.
+type RequestInfo struct {
+	// The method passed to Invoke or NewStream for this RPC. (For proto methods, this has the format "/some.Service/Method")
+	Method string
+	// AuthInfo contains the information from a security handshake (TransportCredentials.ClientHandshake, TransportCredentials.ServerHandshake)
+	AuthInfo AuthInfo
+}
+
+// requestInfoKey is a struct to be used as the key when attaching a RequestInfo to a context object.
+type requestInfoKey struct{}
+
+// RequestInfoFromContext extracts the RequestInfo from the context if it exists.
+//
+// This API is experimental.
+func RequestInfoFromContext(ctx context.Context) (ri RequestInfo, ok bool) {
+	ri, ok = ctx.Value(requestInfoKey{}).(RequestInfo)
+	return
+}
+
+// CheckSecurityLevel checks if a connection's security level is greater than or equal to the specified one.
+// It returns success if 1) the condition is satisified or 2) AuthInfo struct does not implement GetCommonAuthInfo() method
+// or 3) CommonAuthInfo.SecurityLevel has an invalid zero value. For 2) and 3), it is for the purpose of backward-compatibility.
+//
+// This API is experimental.
+func CheckSecurityLevel(ctx context.Context, level SecurityLevel) error {
+	type internalInfo interface {
+		GetCommonAuthInfo() *CommonAuthInfo
 	}
-}
-
-func (c *tlsCreds) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (_ net.Conn, _ AuthInfo, err error) {
-	// use local cfg to avoid clobbering ServerName if using multiple endpoints
-	cfg := cloneTLSConfig(c.config)
-	if cfg.ServerName == "" {
-		colonPos := strings.LastIndex(authority, ":")
-		if colonPos == -1 {
-			colonPos = len(authority)
-		}
-		cfg.ServerName = authority[:colonPos]
+	ri, _ := RequestInfoFromContext(ctx)
+	if ri.AuthInfo == nil {
+		return errors.New("unable to obtain SecurityLevel from context")
 	}
-	conn := tls.Client(rawConn, cfg)
-	errChannel := make(chan error, 1)
-	go func() {
-		errChannel <- conn.Handshake()
-	}()
-	select {
-	case err := <-errChannel:
-		if err != nil {
-			return nil, nil, err
+	if ci, ok := ri.AuthInfo.(internalInfo); ok {
+		// CommonAuthInfo.SecurityLevel has an invalid value.
+		if ci.GetCommonAuthInfo().SecurityLevel == 0 {
+			return nil
+		}
+		if ci.GetCommonAuthInfo().SecurityLevel < level {
+			return fmt.Errorf("requires SecurityLevel %v; connection has %v", level, ci.GetCommonAuthInfo().SecurityLevel)
 		}
-	case <-ctx.Done():
-		return nil, nil, ctx.Err()
-	}
-	return conn, TLSInfo{conn.ConnectionState()}, nil
-}
-
-func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error) {
-	conn := tls.Server(rawConn, c.config)
-	if err := conn.Handshake(); err != nil {
-		return nil, nil, err
 	}
-	return conn, TLSInfo{conn.ConnectionState()}, nil
-}
-
-func (c *tlsCreds) Clone() TransportCredentials {
-	return NewTLS(c.config)
-}
-
-func (c *tlsCreds) OverrideServerName(serverNameOverride string) error {
-	c.config.ServerName = serverNameOverride
+	// The condition is satisfied or AuthInfo struct does not implement GetCommonAuthInfo() method.
 	return nil
 }
 
-// NewTLS uses c to construct a TransportCredentials based on TLS.
-func NewTLS(c *tls.Config) TransportCredentials {
-	tc := &tlsCreds{cloneTLSConfig(c)}
-	tc.config.NextProtos = alpnProtoStr
-	return tc
-}
-
-// NewClientTLSFromCert constructs TLS credentials from the input certificate for client.
-// serverNameOverride is for testing only. If set to a non empty string,
-// it will override the virtual host name of authority (e.g. :authority header field) in requests.
-func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials {
-	return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp})
-}
-
-// NewClientTLSFromFile constructs TLS credentials from the input certificate file for client.
-// serverNameOverride is for testing only. If set to a non empty string,
-// it will override the virtual host name of authority (e.g. :authority header field) in requests.
-func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error) {
-	b, err := ioutil.ReadFile(certFile)
-	if err != nil {
-		return nil, err
+func init() {
+	internal.NewRequestInfoContext = func(ctx context.Context, ri RequestInfo) context.Context {
+		return context.WithValue(ctx, requestInfoKey{}, ri)
 	}
-	cp := x509.NewCertPool()
-	if !cp.AppendCertsFromPEM(b) {
-		return nil, fmt.Errorf("credentials: failed to append certificates")
-	}
-	return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp}), nil
-}
-
-// NewServerTLSFromCert constructs TLS credentials from the input certificate for server.
-func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials {
-	return NewTLS(&tls.Config{Certificates: []tls.Certificate{*cert}})
 }
 
-// NewServerTLSFromFile constructs TLS credentials from the input certificate file and key
-// file for server.
-func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error) {
-	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
-	if err != nil {
-		return nil, err
-	}
-	return NewTLS(&tls.Config{Certificates: []tls.Certificate{cert}}), nil
+// ChannelzSecurityInfo defines the interface that security protocols should implement
+// in order to provide security info to channelz.
+//
+// This API is experimental.
+type ChannelzSecurityInfo interface {
+	GetSecurityValue() ChannelzSecurityValue
+}
+
+// ChannelzSecurityValue defines the interface that GetSecurityValue() return value
+// should satisfy. This interface should only be satisfied by *TLSChannelzSecurityValue
+// and *OtherChannelzSecurityValue.
+//
+// This API is experimental.
+type ChannelzSecurityValue interface {
+	isChannelzSecurityValue()
+}
+
+// OtherChannelzSecurityValue defines the struct that non-TLS protocol should return
+// from GetSecurityValue(), which contains protocol specific security info. Note
+// the Value field will be sent to users of channelz requesting channel info, and
+// thus sensitive info should better be avoided.
+//
+// This API is experimental.
+type OtherChannelzSecurityValue struct {
+	ChannelzSecurityValue
+	Name  string
+	Value proto.Message
 }
diff --git a/vendor/google.golang.org/grpc/credentials/credentials_util_go17.go b/vendor/google.golang.org/grpc/credentials/credentials_util_go17.go
deleted file mode 100644
index 60409aac0fbc6..0000000000000
--- a/vendor/google.golang.org/grpc/credentials/credentials_util_go17.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// +build go1.7
-// +build !go1.8
-
-/*
- *
- * Copyright 2016 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package credentials
-
-import (
-	"crypto/tls"
-)
-
-// cloneTLSConfig returns a shallow clone of the exported
-// fields of cfg, ignoring the unexported sync.Once, which
-// contains a mutex and must not be copied.
-//
-// If cfg is nil, a new zero tls.Config is returned.
-func cloneTLSConfig(cfg *tls.Config) *tls.Config {
-	if cfg == nil {
-		return &tls.Config{}
-	}
-	return &tls.Config{
-		Rand:                        cfg.Rand,
-		Time:                        cfg.Time,
-		Certificates:                cfg.Certificates,
-		NameToCertificate:           cfg.NameToCertificate,
-		GetCertificate:              cfg.GetCertificate,
-		RootCAs:                     cfg.RootCAs,
-		NextProtos:                  cfg.NextProtos,
-		ServerName:                  cfg.ServerName,
-		ClientAuth:                  cfg.ClientAuth,
-		ClientCAs:                   cfg.ClientCAs,
-		InsecureSkipVerify:          cfg.InsecureSkipVerify,
-		CipherSuites:                cfg.CipherSuites,
-		PreferServerCipherSuites:    cfg.PreferServerCipherSuites,
-		SessionTicketsDisabled:      cfg.SessionTicketsDisabled,
-		SessionTicketKey:            cfg.SessionTicketKey,
-		ClientSessionCache:          cfg.ClientSessionCache,
-		MinVersion:                  cfg.MinVersion,
-		MaxVersion:                  cfg.MaxVersion,
-		CurvePreferences:            cfg.CurvePreferences,
-		DynamicRecordSizingDisabled: cfg.DynamicRecordSizingDisabled,
-		Renegotiation:               cfg.Renegotiation,
-	}
-}
diff --git a/vendor/google.golang.org/grpc/credentials/credentials_util_go18.go b/vendor/google.golang.org/grpc/credentials/credentials_util_go18.go
deleted file mode 100644
index 93f0e1d8de23a..0000000000000
--- a/vendor/google.golang.org/grpc/credentials/credentials_util_go18.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// +build go1.8
-
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package credentials
-
-import (
-	"crypto/tls"
-)
-
-// cloneTLSConfig returns a shallow clone of the exported
-// fields of cfg, ignoring the unexported sync.Once, which
-// contains a mutex and must not be copied.
-//
-// If cfg is nil, a new zero tls.Config is returned.
-func cloneTLSConfig(cfg *tls.Config) *tls.Config {
-	if cfg == nil {
-		return &tls.Config{}
-	}
-
-	return cfg.Clone()
-}
diff --git a/vendor/google.golang.org/grpc/credentials/credentials_util_pre_go17.go b/vendor/google.golang.org/grpc/credentials/credentials_util_pre_go17.go
deleted file mode 100644
index d6bbcc9fdd95d..0000000000000
--- a/vendor/google.golang.org/grpc/credentials/credentials_util_pre_go17.go
+++ /dev/null
@@ -1,57 +0,0 @@
-// +build !go1.7
-
-/*
- *
- * Copyright 2016 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package credentials
-
-import (
-	"crypto/tls"
-)
-
-// cloneTLSConfig returns a shallow clone of the exported
-// fields of cfg, ignoring the unexported sync.Once, which
-// contains a mutex and must not be copied.
-//
-// If cfg is nil, a new zero tls.Config is returned.
-func cloneTLSConfig(cfg *tls.Config) *tls.Config {
-	if cfg == nil {
-		return &tls.Config{}
-	}
-	return &tls.Config{
-		Rand:                     cfg.Rand,
-		Time:                     cfg.Time,
-		Certificates:             cfg.Certificates,
-		NameToCertificate:        cfg.NameToCertificate,
-		GetCertificate:           cfg.GetCertificate,
-		RootCAs:                  cfg.RootCAs,
-		NextProtos:               cfg.NextProtos,
-		ServerName:               cfg.ServerName,
-		ClientAuth:               cfg.ClientAuth,
-		ClientCAs:                cfg.ClientCAs,
-		InsecureSkipVerify:       cfg.InsecureSkipVerify,
-		CipherSuites:             cfg.CipherSuites,
-		PreferServerCipherSuites: cfg.PreferServerCipherSuites,
-		SessionTicketsDisabled:   cfg.SessionTicketsDisabled,
-		SessionTicketKey:         cfg.SessionTicketKey,
-		ClientSessionCache:       cfg.ClientSessionCache,
-		MinVersion:               cfg.MinVersion,
-		MaxVersion:               cfg.MaxVersion,
-		CurvePreferences:         cfg.CurvePreferences,
-	}
-}
diff --git a/vendor/google.golang.org/grpc/credentials/go12.go b/vendor/google.golang.org/grpc/credentials/go12.go
new file mode 100644
index 0000000000000..ccbf35b331258
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/go12.go
@@ -0,0 +1,30 @@
+// +build go1.12
+
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package credentials
+
+import "crypto/tls"
+
+// This init function adds cipher suite constants only defined in Go 1.12.
+func init() {
+	cipherSuiteLookup[tls.TLS_AES_128_GCM_SHA256] = "TLS_AES_128_GCM_SHA256"
+	cipherSuiteLookup[tls.TLS_AES_256_GCM_SHA384] = "TLS_AES_256_GCM_SHA384"
+	cipherSuiteLookup[tls.TLS_CHACHA20_POLY1305_SHA256] = "TLS_CHACHA20_POLY1305_SHA256"
+}
diff --git a/vendor/google.golang.org/grpc/credentials/google/google.go b/vendor/google.golang.org/grpc/credentials/google/google.go
new file mode 100644
index 0000000000000..04b349abcfb6f
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/google/google.go
@@ -0,0 +1,125 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package google defines credentials for google cloud services.
+package google
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/alts"
+	"google.golang.org/grpc/credentials/oauth"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal"
+)
+
+const tokenRequestTimeout = 30 * time.Second
+
+// NewDefaultCredentials returns a credentials bundle that is configured to work
+// with google services.
+//
+// This API is experimental.
+func NewDefaultCredentials() credentials.Bundle {
+	c := &creds{
+		newPerRPCCreds: func() credentials.PerRPCCredentials {
+			ctx, cancel := context.WithTimeout(context.Background(), tokenRequestTimeout)
+			defer cancel()
+			perRPCCreds, err := oauth.NewApplicationDefault(ctx)
+			if err != nil {
+				grpclog.Warningf("google default creds: failed to create application oauth: %v", err)
+			}
+			return perRPCCreds
+		},
+	}
+	bundle, err := c.NewWithMode(internal.CredsBundleModeFallback)
+	if err != nil {
+		grpclog.Warningf("google default creds: failed to create new creds: %v", err)
+	}
+	return bundle
+}
+
+// NewComputeEngineCredentials returns a credentials bundle that is configured to work
+// with google services. This API must only be used when running on GCE. Authentication configured
+// by this API represents the GCE VM's default service account.
+//
+// This API is experimental.
+func NewComputeEngineCredentials() credentials.Bundle {
+	c := &creds{
+		newPerRPCCreds: func() credentials.PerRPCCredentials {
+			return oauth.NewComputeEngine()
+		},
+	}
+	bundle, err := c.NewWithMode(internal.CredsBundleModeFallback)
+	if err != nil {
+		grpclog.Warningf("compute engine creds: failed to create new creds: %v", err)
+	}
+	return bundle
+}
+
+// creds implements credentials.Bundle.
+type creds struct {
+	// Supported modes are defined in internal/internal.go.
+	mode string
+	// The transport credentials associated with this bundle.
+	transportCreds credentials.TransportCredentials
+	// The per RPC credentials associated with this bundle.
+	perRPCCreds credentials.PerRPCCredentials
+	// Creates new per RPC credentials
+	newPerRPCCreds func() credentials.PerRPCCredentials
+}
+
+func (c *creds) TransportCredentials() credentials.TransportCredentials {
+	return c.transportCreds
+}
+
+func (c *creds) PerRPCCredentials() credentials.PerRPCCredentials {
+	if c == nil {
+		return nil
+	}
+	return c.perRPCCreds
+}
+
+// NewWithMode should make a copy of Bundle, and switch mode. Modifying the
+// existing Bundle may cause races.
+func (c *creds) NewWithMode(mode string) (credentials.Bundle, error) {
+	newCreds := &creds{
+		mode:           mode,
+		newPerRPCCreds: c.newPerRPCCreds,
+	}
+
+	// Create transport credentials.
+	switch mode {
+	case internal.CredsBundleModeFallback:
+		newCreds.transportCreds = credentials.NewTLS(nil)
+	case internal.CredsBundleModeBackendFromBalancer, internal.CredsBundleModeBalancer:
+		// Only the clients can use google default credentials, so we only need
+		// to create new ALTS client creds here.
+		newCreds.transportCreds = alts.NewClientCreds(alts.DefaultClientOptions())
+	default:
+		return nil, fmt.Errorf("unsupported mode: %v", mode)
+	}
+
+	if mode == internal.CredsBundleModeFallback || mode == internal.CredsBundleModeBackendFromBalancer {
+		newCreds.perRPCCreds = newCreds.newPerRPCCreds()
+	}
+
+	return newCreds, nil
+}
diff --git a/vendor/google.golang.org/grpc/credentials/internal/syscallconn.go b/vendor/google.golang.org/grpc/credentials/internal/syscallconn.go
new file mode 100644
index 0000000000000..2f4472becc7c9
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/internal/syscallconn.go
@@ -0,0 +1,61 @@
+// +build !appengine
+
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package internal contains credentials-internal code.
+package internal
+
+import (
+	"net"
+	"syscall"
+)
+
+type sysConn = syscall.Conn
+
+// syscallConn keeps reference of rawConn to support syscall.Conn for channelz.
+// SyscallConn() (the method in interface syscall.Conn) is explicitly
+// implemented on this type,
+//
+// Interface syscall.Conn is implemented by most net.Conn implementations (e.g.
+// TCPConn, UnixConn), but is not part of net.Conn interface. So wrapper conns
+// that embed net.Conn don't implement syscall.Conn. (Side note: tls.Conn
+// doesn't embed net.Conn, so even if syscall.Conn is part of net.Conn, it won't
+// help here).
+type syscallConn struct {
+	net.Conn
+	// sysConn is a type alias of syscall.Conn. It's necessary because the name
+	// `Conn` collides with `net.Conn`.
+	sysConn
+}
+
+// WrapSyscallConn tries to wrap rawConn and newConn into a net.Conn that
+// implements syscall.Conn. rawConn will be used to support syscall, and newConn
+// will be used for read/write.
+//
+// This function returns newConn if rawConn doesn't implement syscall.Conn.
+func WrapSyscallConn(rawConn, newConn net.Conn) net.Conn {
+	sysConn, ok := rawConn.(syscall.Conn)
+	if !ok {
+		return newConn
+	}
+	return &syscallConn{
+		Conn:    newConn,
+		sysConn: sysConn,
+	}
+}
diff --git a/vendor/google.golang.org/grpc/credentials/internal/syscallconn_appengine.go b/vendor/google.golang.org/grpc/credentials/internal/syscallconn_appengine.go
new file mode 100644
index 0000000000000..d4346e9eabe6f
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/internal/syscallconn_appengine.go
@@ -0,0 +1,30 @@
+// +build appengine
+
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package internal
+
+import (
+	"net"
+)
+
+// WrapSyscallConn returns newConn on appengine.
+func WrapSyscallConn(rawConn, newConn net.Conn) net.Conn {
+	return newConn
+}
diff --git a/vendor/google.golang.org/grpc/credentials/oauth/oauth.go b/vendor/google.golang.org/grpc/credentials/oauth/oauth.go
index f6d597a14fe60..899e3372ce3c6 100644
--- a/vendor/google.golang.org/grpc/credentials/oauth/oauth.go
+++ b/vendor/google.golang.org/grpc/credentials/oauth/oauth.go
@@ -20,11 +20,11 @@
 package oauth
 
 import (
+	"context"
 	"fmt"
 	"io/ioutil"
 	"sync"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 	"golang.org/x/oauth2/jwt"
@@ -42,6 +42,9 @@ func (ts TokenSource) GetRequestMetadata(ctx context.Context, uri ...string) (ma
 	if err != nil {
 		return nil, err
 	}
+	if err = credentials.CheckSecurityLevel(ctx, credentials.PrivacyAndIntegrity); err != nil {
+		return nil, fmt.Errorf("unable to transfer TokenSource PerRPCCredentials: %v", err)
+	}
 	return map[string]string{
 		"authorization": token.Type() + " " + token.AccessToken,
 	}, nil
@@ -79,6 +82,9 @@ func (j jwtAccess) GetRequestMetadata(ctx context.Context, uri ...string) (map[s
 	if err != nil {
 		return nil, err
 	}
+	if err = credentials.CheckSecurityLevel(ctx, credentials.PrivacyAndIntegrity); err != nil {
+		return nil, fmt.Errorf("unable to transfer jwtAccess PerRPCCredentials: %v", err)
+	}
 	return map[string]string{
 		"authorization": token.Type() + " " + token.AccessToken,
 	}, nil
@@ -99,6 +105,9 @@ func NewOauthAccess(token *oauth2.Token) credentials.PerRPCCredentials {
 }
 
 func (oa oauthAccess) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
+	if err := credentials.CheckSecurityLevel(ctx, credentials.PrivacyAndIntegrity); err != nil {
+		return nil, fmt.Errorf("unable to transfer oauthAccess PerRPCCredentials: %v", err)
+	}
 	return map[string]string{
 		"authorization": oa.token.Type() + " " + oa.token.AccessToken,
 	}, nil
@@ -133,6 +142,9 @@ func (s *serviceAccount) GetRequestMetadata(ctx context.Context, uri ...string)
 			return nil, err
 		}
 	}
+	if err := credentials.CheckSecurityLevel(ctx, credentials.PrivacyAndIntegrity); err != nil {
+		return nil, fmt.Errorf("unable to transfer serviceAccount PerRPCCredentials: %v", err)
+	}
 	return map[string]string{
 		"authorization": s.t.Type() + " " + s.t.AccessToken,
 	}, nil
diff --git a/vendor/google.golang.org/grpc/credentials/tls.go b/vendor/google.golang.org/grpc/credentials/tls.go
new file mode 100644
index 0000000000000..28b4f6232de4b
--- /dev/null
+++ b/vendor/google.golang.org/grpc/credentials/tls.go
@@ -0,0 +1,225 @@
+/*
+ *
+ * Copyright 2014 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package credentials
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+	"net"
+
+	"google.golang.org/grpc/credentials/internal"
+)
+
+// TLSInfo contains the auth information for a TLS authenticated connection.
+// It implements the AuthInfo interface.
+type TLSInfo struct {
+	State tls.ConnectionState
+	CommonAuthInfo
+}
+
+// AuthType returns the type of TLSInfo as a string.
+func (t TLSInfo) AuthType() string {
+	return "tls"
+}
+
+// GetSecurityValue returns security info requested by channelz.
+func (t TLSInfo) GetSecurityValue() ChannelzSecurityValue {
+	v := &TLSChannelzSecurityValue{
+		StandardName: cipherSuiteLookup[t.State.CipherSuite],
+	}
+	// Currently there's no way to get LocalCertificate info from tls package.
+	if len(t.State.PeerCertificates) > 0 {
+		v.RemoteCertificate = t.State.PeerCertificates[0].Raw
+	}
+	return v
+}
+
+// tlsCreds is the credentials required for authenticating a connection using TLS.
+type tlsCreds struct {
+	// TLS configuration
+	config *tls.Config
+}
+
+func (c tlsCreds) Info() ProtocolInfo {
+	return ProtocolInfo{
+		SecurityProtocol: "tls",
+		SecurityVersion:  "1.2",
+		ServerName:       c.config.ServerName,
+	}
+}
+
+func (c *tlsCreds) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (_ net.Conn, _ AuthInfo, err error) {
+	// use local cfg to avoid clobbering ServerName if using multiple endpoints
+	cfg := cloneTLSConfig(c.config)
+	if cfg.ServerName == "" {
+		serverName, _, err := net.SplitHostPort(authority)
+		if err != nil {
+			// If the authority had no host port or if the authority cannot be parsed, use it as-is.
+			serverName = authority
+		}
+		cfg.ServerName = serverName
+	}
+	conn := tls.Client(rawConn, cfg)
+	errChannel := make(chan error, 1)
+	go func() {
+		errChannel <- conn.Handshake()
+		close(errChannel)
+	}()
+	select {
+	case err := <-errChannel:
+		if err != nil {
+			conn.Close()
+			return nil, nil, err
+		}
+	case <-ctx.Done():
+		conn.Close()
+		return nil, nil, ctx.Err()
+	}
+	return internal.WrapSyscallConn(rawConn, conn), TLSInfo{conn.ConnectionState(), CommonAuthInfo{PrivacyAndIntegrity}}, nil
+}
+
+func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error) {
+	conn := tls.Server(rawConn, c.config)
+	if err := conn.Handshake(); err != nil {
+		conn.Close()
+		return nil, nil, err
+	}
+	return internal.WrapSyscallConn(rawConn, conn), TLSInfo{conn.ConnectionState(), CommonAuthInfo{PrivacyAndIntegrity}}, nil
+}
+
+func (c *tlsCreds) Clone() TransportCredentials {
+	return NewTLS(c.config)
+}
+
+func (c *tlsCreds) OverrideServerName(serverNameOverride string) error {
+	c.config.ServerName = serverNameOverride
+	return nil
+}
+
+const alpnProtoStrH2 = "h2"
+
+func appendH2ToNextProtos(ps []string) []string {
+	for _, p := range ps {
+		if p == alpnProtoStrH2 {
+			return ps
+		}
+	}
+	ret := make([]string, 0, len(ps)+1)
+	ret = append(ret, ps...)
+	return append(ret, alpnProtoStrH2)
+}
+
+// NewTLS uses c to construct a TransportCredentials based on TLS.
+func NewTLS(c *tls.Config) TransportCredentials {
+	tc := &tlsCreds{cloneTLSConfig(c)}
+	tc.config.NextProtos = appendH2ToNextProtos(tc.config.NextProtos)
+	return tc
+}
+
+// NewClientTLSFromCert constructs TLS credentials from the input certificate for client.
+// serverNameOverride is for testing only. If set to a non empty string,
+// it will override the virtual host name of authority (e.g. :authority header field) in requests.
+func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials {
+	return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp})
+}
+
+// NewClientTLSFromFile constructs TLS credentials from the input certificate file for client.
+// serverNameOverride is for testing only. If set to a non empty string,
+// it will override the virtual host name of authority (e.g. :authority header field) in requests.
+func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error) {
+	b, err := ioutil.ReadFile(certFile)
+	if err != nil {
+		return nil, err
+	}
+	cp := x509.NewCertPool()
+	if !cp.AppendCertsFromPEM(b) {
+		return nil, fmt.Errorf("credentials: failed to append certificates")
+	}
+	return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp}), nil
+}
+
+// NewServerTLSFromCert constructs TLS credentials from the input certificate for server.
+func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials {
+	return NewTLS(&tls.Config{Certificates: []tls.Certificate{*cert}})
+}
+
+// NewServerTLSFromFile constructs TLS credentials from the input certificate file and key
+// file for server.
+func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error) {
+	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
+	if err != nil {
+		return nil, err
+	}
+	return NewTLS(&tls.Config{Certificates: []tls.Certificate{cert}}), nil
+}
+
+// TLSChannelzSecurityValue defines the struct that TLS protocol should return
+// from GetSecurityValue(), containing security info like cipher and certificate used.
+//
+// This API is EXPERIMENTAL.
+type TLSChannelzSecurityValue struct {
+	ChannelzSecurityValue
+	StandardName      string
+	LocalCertificate  []byte
+	RemoteCertificate []byte
+}
+
+var cipherSuiteLookup = map[uint16]string{
+	tls.TLS_RSA_WITH_RC4_128_SHA:                "TLS_RSA_WITH_RC4_128_SHA",
+	tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA:           "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+	tls.TLS_RSA_WITH_AES_128_CBC_SHA:            "TLS_RSA_WITH_AES_128_CBC_SHA",
+	tls.TLS_RSA_WITH_AES_256_CBC_SHA:            "TLS_RSA_WITH_AES_256_CBC_SHA",
+	tls.TLS_RSA_WITH_AES_128_GCM_SHA256:         "TLS_RSA_WITH_AES_128_GCM_SHA256",
+	tls.TLS_RSA_WITH_AES_256_GCM_SHA384:         "TLS_RSA_WITH_AES_256_GCM_SHA384",
+	tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+	tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+	tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA:          "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+	tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:     "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:   "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:   "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+	tls.TLS_FALLBACK_SCSV:                       "TLS_FALLBACK_SCSV",
+	tls.TLS_RSA_WITH_AES_128_CBC_SHA256:         "TLS_RSA_WITH_AES_128_CBC_SHA256",
+	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:   "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:  "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+}
+
+// cloneTLSConfig returns a shallow clone of the exported
+// fields of cfg, ignoring the unexported sync.Once, which
+// contains a mutex and must not be copied.
+//
+// If cfg is nil, a new zero tls.Config is returned.
+//
+// TODO: inline this function if possible.
+func cloneTLSConfig(cfg *tls.Config) *tls.Config {
+	if cfg == nil {
+		return &tls.Config{}
+	}
+
+	return cfg.Clone()
+}
diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go
new file mode 100644
index 0000000000000..63f5ae21df1d3
--- /dev/null
+++ b/vendor/google.golang.org/grpc/dialoptions.go
@@ -0,0 +1,594 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpc
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"time"
+
+	"google.golang.org/grpc/backoff"
+	"google.golang.org/grpc/balancer"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal"
+	internalbackoff "google.golang.org/grpc/internal/backoff"
+	"google.golang.org/grpc/internal/envconfig"
+	"google.golang.org/grpc/internal/transport"
+	"google.golang.org/grpc/keepalive"
+	"google.golang.org/grpc/resolver"
+	"google.golang.org/grpc/stats"
+)
+
+// dialOptions configure a Dial call. dialOptions are set by the DialOption
+// values passed to Dial.
+type dialOptions struct {
+	unaryInt  UnaryClientInterceptor
+	streamInt StreamClientInterceptor
+
+	chainUnaryInts  []UnaryClientInterceptor
+	chainStreamInts []StreamClientInterceptor
+
+	cp          Compressor
+	dc          Decompressor
+	bs          internalbackoff.Strategy
+	block       bool
+	insecure    bool
+	timeout     time.Duration
+	scChan      <-chan ServiceConfig
+	authority   string
+	copts       transport.ConnectOptions
+	callOptions []CallOption
+	// This is used by v1 balancer dial option WithBalancer to support v1
+	// balancer, and also by WithBalancerName dial option.
+	balancerBuilder             balancer.Builder
+	channelzParentID            int64
+	disableServiceConfig        bool
+	disableRetry                bool
+	disableHealthCheck          bool
+	healthCheckFunc             internal.HealthChecker
+	minConnectTimeout           func() time.Duration
+	defaultServiceConfig        *ServiceConfig // defaultServiceConfig is parsed from defaultServiceConfigRawJSON.
+	defaultServiceConfigRawJSON *string
+	// This is used by ccResolverWrapper to backoff between successive calls to
+	// resolver.ResolveNow(). The user will have no need to configure this, but
+	// we need to be able to configure this in tests.
+	resolveNowBackoff func(int) time.Duration
+	resolvers         []resolver.Builder
+}
+
+// DialOption configures how we set up the connection.
+type DialOption interface {
+	apply(*dialOptions)
+}
+
+// EmptyDialOption does not alter the dial configuration. It can be embedded in
+// another structure to build custom dial options.
+//
+// This API is EXPERIMENTAL.
+type EmptyDialOption struct{}
+
+func (EmptyDialOption) apply(*dialOptions) {}
+
+// funcDialOption wraps a function that modifies dialOptions into an
+// implementation of the DialOption interface.
+type funcDialOption struct {
+	f func(*dialOptions)
+}
+
+func (fdo *funcDialOption) apply(do *dialOptions) {
+	fdo.f(do)
+}
+
+func newFuncDialOption(f func(*dialOptions)) *funcDialOption {
+	return &funcDialOption{
+		f: f,
+	}
+}
+
+// WithWriteBufferSize determines how much data can be batched before doing a
+// write on the wire. The corresponding memory allocation for this buffer will
+// be twice the size to keep syscalls low. The default value for this buffer is
+// 32KB.
+//
+// Zero will disable the write buffer such that each write will be on underlying
+// connection. Note: A Send call may not directly translate to a write.
+func WithWriteBufferSize(s int) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.WriteBufferSize = s
+	})
+}
+
+// WithReadBufferSize lets you set the size of read buffer, this determines how
+// much data can be read at most for each read syscall.
+//
+// The default value for this buffer is 32KB. Zero will disable read buffer for
+// a connection so data framer can access the underlying conn directly.
+func WithReadBufferSize(s int) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.ReadBufferSize = s
+	})
+}
+
+// WithInitialWindowSize returns a DialOption which sets the value for initial
+// window size on a stream. The lower bound for window size is 64K and any value
+// smaller than that will be ignored.
+func WithInitialWindowSize(s int32) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.InitialWindowSize = s
+	})
+}
+
+// WithInitialConnWindowSize returns a DialOption which sets the value for
+// initial window size on a connection. The lower bound for window size is 64K
+// and any value smaller than that will be ignored.
+func WithInitialConnWindowSize(s int32) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.InitialConnWindowSize = s
+	})
+}
+
+// WithMaxMsgSize returns a DialOption which sets the maximum message size the
+// client can receive.
+//
+// Deprecated: use WithDefaultCallOptions(MaxCallRecvMsgSize(s)) instead.  Will
+// be supported throughout 1.x.
+func WithMaxMsgSize(s int) DialOption {
+	return WithDefaultCallOptions(MaxCallRecvMsgSize(s))
+}
+
+// WithDefaultCallOptions returns a DialOption which sets the default
+// CallOptions for calls over the connection.
+func WithDefaultCallOptions(cos ...CallOption) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.callOptions = append(o.callOptions, cos...)
+	})
+}
+
+// WithCodec returns a DialOption which sets a codec for message marshaling and
+// unmarshaling.
+//
+// Deprecated: use WithDefaultCallOptions(ForceCodec(_)) instead.  Will be
+// supported throughout 1.x.
+func WithCodec(c Codec) DialOption {
+	return WithDefaultCallOptions(CallCustomCodec(c))
+}
+
+// WithCompressor returns a DialOption which sets a Compressor to use for
+// message compression. It has lower priority than the compressor set by the
+// UseCompressor CallOption.
+//
+// Deprecated: use UseCompressor instead.  Will be supported throughout 1.x.
+func WithCompressor(cp Compressor) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.cp = cp
+	})
+}
+
+// WithDecompressor returns a DialOption which sets a Decompressor to use for
+// incoming message decompression.  If incoming response messages are encoded
+// using the decompressor's Type(), it will be used.  Otherwise, the message
+// encoding will be used to look up the compressor registered via
+// encoding.RegisterCompressor, which will then be used to decompress the
+// message.  If no compressor is registered for the encoding, an Unimplemented
+// status error will be returned.
+//
+// Deprecated: use encoding.RegisterCompressor instead.  Will be supported
+// throughout 1.x.
+func WithDecompressor(dc Decompressor) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.dc = dc
+	})
+}
+
+// WithBalancer returns a DialOption which sets a load balancer with the v1 API.
+// Name resolver will be ignored if this DialOption is specified.
+//
+// Deprecated: use the new balancer APIs in balancer package and
+// WithBalancerName.  Will be removed in a future 1.x release.
+func WithBalancer(b Balancer) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.balancerBuilder = &balancerWrapperBuilder{
+			b: b,
+		}
+	})
+}
+
+// WithBalancerName sets the balancer that the ClientConn will be initialized
+// with. Balancer registered with balancerName will be used. This function
+// panics if no balancer was registered by balancerName.
+//
+// The balancer cannot be overridden by balancer option specified by service
+// config.
+//
+// Deprecated: use WithDefaultServiceConfig and WithDisableServiceConfig
+// instead.  Will be removed in a future 1.x release.
+func WithBalancerName(balancerName string) DialOption {
+	builder := balancer.Get(balancerName)
+	if builder == nil {
+		panic(fmt.Sprintf("grpc.WithBalancerName: no balancer is registered for name %v", balancerName))
+	}
+	return newFuncDialOption(func(o *dialOptions) {
+		o.balancerBuilder = builder
+	})
+}
+
+// WithServiceConfig returns a DialOption which has a channel to read the
+// service configuration.
+//
+// Deprecated: service config should be received through name resolver or via
+// WithDefaultServiceConfig, as specified at
+// https://github.com/grpc/grpc/blob/master/doc/service_config.md.  Will be
+// removed in a future 1.x release.
+func WithServiceConfig(c <-chan ServiceConfig) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.scChan = c
+	})
+}
+
+// WithConnectParams configures the dialer to use the provided ConnectParams.
+//
+// The backoff configuration specified as part of the ConnectParams overrides
+// all defaults specified in
+// https://github.com/grpc/grpc/blob/master/doc/connection-backoff.md. Consider
+// using the backoff.DefaultConfig as a base, in cases where you want to
+// override only a subset of the backoff configuration.
+//
+// This API is EXPERIMENTAL.
+func WithConnectParams(p ConnectParams) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.bs = internalbackoff.Exponential{Config: p.Backoff}
+		o.minConnectTimeout = func() time.Duration {
+			return p.MinConnectTimeout
+		}
+	})
+}
+
+// WithBackoffMaxDelay configures the dialer to use the provided maximum delay
+// when backing off after failed connection attempts.
+//
+// Deprecated: use WithConnectParams instead. Will be supported throughout 1.x.
+func WithBackoffMaxDelay(md time.Duration) DialOption {
+	return WithBackoffConfig(BackoffConfig{MaxDelay: md})
+}
+
+// WithBackoffConfig configures the dialer to use the provided backoff
+// parameters after connection failures.
+//
+// Deprecated: use WithConnectParams instead. Will be supported throughout 1.x.
+func WithBackoffConfig(b BackoffConfig) DialOption {
+	bc := backoff.DefaultConfig
+	bc.MaxDelay = b.MaxDelay
+	return withBackoff(internalbackoff.Exponential{Config: bc})
+}
+
+// withBackoff sets the backoff strategy used for connectRetryNum after a failed
+// connection attempt.
+//
+// This can be exported if arbitrary backoff strategies are allowed by gRPC.
+func withBackoff(bs internalbackoff.Strategy) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.bs = bs
+	})
+}
+
+// WithBlock returns a DialOption which makes caller of Dial blocks until the
+// underlying connection is up. Without this, Dial returns immediately and
+// connecting the server happens in background.
+func WithBlock() DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.block = true
+	})
+}
+
+// WithInsecure returns a DialOption which disables transport security for this
+// ClientConn. Note that transport security is required unless WithInsecure is
+// set.
+func WithInsecure() DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.insecure = true
+	})
+}
+
+// WithTransportCredentials returns a DialOption which configures a connection
+// level security credentials (e.g., TLS/SSL). This should not be used together
+// with WithCredentialsBundle.
+func WithTransportCredentials(creds credentials.TransportCredentials) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.TransportCredentials = creds
+	})
+}
+
+// WithPerRPCCredentials returns a DialOption which sets credentials and places
+// auth state on each outbound RPC.
+func WithPerRPCCredentials(creds credentials.PerRPCCredentials) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.PerRPCCredentials = append(o.copts.PerRPCCredentials, creds)
+	})
+}
+
+// WithCredentialsBundle returns a DialOption to set a credentials bundle for
+// the ClientConn.WithCreds. This should not be used together with
+// WithTransportCredentials.
+//
+// This API is experimental.
+func WithCredentialsBundle(b credentials.Bundle) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.CredsBundle = b
+	})
+}
+
+// WithTimeout returns a DialOption that configures a timeout for dialing a
+// ClientConn initially. This is valid if and only if WithBlock() is present.
+//
+// Deprecated: use DialContext instead of Dial and context.WithTimeout
+// instead.  Will be supported throughout 1.x.
+func WithTimeout(d time.Duration) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.timeout = d
+	})
+}
+
+// WithContextDialer returns a DialOption that sets a dialer to create
+// connections. If FailOnNonTempDialError() is set to true, and an error is
+// returned by f, gRPC checks the error's Temporary() method to decide if it
+// should try to reconnect to the network address.
+func WithContextDialer(f func(context.Context, string) (net.Conn, error)) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.Dialer = f
+	})
+}
+
+func init() {
+	internal.WithHealthCheckFunc = withHealthCheckFunc
+}
+
+// WithDialer returns a DialOption that specifies a function to use for dialing
+// network addresses. If FailOnNonTempDialError() is set to true, and an error
+// is returned by f, gRPC checks the error's Temporary() method to decide if it
+// should try to reconnect to the network address.
+//
+// Deprecated: use WithContextDialer instead.  Will be supported throughout
+// 1.x.
+func WithDialer(f func(string, time.Duration) (net.Conn, error)) DialOption {
+	return WithContextDialer(
+		func(ctx context.Context, addr string) (net.Conn, error) {
+			if deadline, ok := ctx.Deadline(); ok {
+				return f(addr, time.Until(deadline))
+			}
+			return f(addr, 0)
+		})
+}
+
+// WithStatsHandler returns a DialOption that specifies the stats handler for
+// all the RPCs and underlying network connections in this ClientConn.
+func WithStatsHandler(h stats.Handler) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.StatsHandler = h
+	})
+}
+
+// FailOnNonTempDialError returns a DialOption that specifies if gRPC fails on
+// non-temporary dial errors. If f is true, and dialer returns a non-temporary
+// error, gRPC will fail the connection to the network address and won't try to
+// reconnect. The default value of FailOnNonTempDialError is false.
+//
+// FailOnNonTempDialError only affects the initial dial, and does not do
+// anything useful unless you are also using WithBlock().
+//
+// This is an EXPERIMENTAL API.
+func FailOnNonTempDialError(f bool) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.FailOnNonTempDialError = f
+	})
+}
+
+// WithUserAgent returns a DialOption that specifies a user agent string for all
+// the RPCs.
+func WithUserAgent(s string) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.UserAgent = s
+	})
+}
+
+// WithKeepaliveParams returns a DialOption that specifies keepalive parameters
+// for the client transport.
+func WithKeepaliveParams(kp keepalive.ClientParameters) DialOption {
+	if kp.Time < internal.KeepaliveMinPingTime {
+		grpclog.Warningf("Adjusting keepalive ping interval to minimum period of %v", internal.KeepaliveMinPingTime)
+		kp.Time = internal.KeepaliveMinPingTime
+	}
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.KeepaliveParams = kp
+	})
+}
+
+// WithUnaryInterceptor returns a DialOption that specifies the interceptor for
+// unary RPCs.
+func WithUnaryInterceptor(f UnaryClientInterceptor) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.unaryInt = f
+	})
+}
+
+// WithChainUnaryInterceptor returns a DialOption that specifies the chained
+// interceptor for unary RPCs. The first interceptor will be the outer most,
+// while the last interceptor will be the inner most wrapper around the real call.
+// All interceptors added by this method will be chained, and the interceptor
+// defined by WithUnaryInterceptor will always be prepended to the chain.
+func WithChainUnaryInterceptor(interceptors ...UnaryClientInterceptor) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.chainUnaryInts = append(o.chainUnaryInts, interceptors...)
+	})
+}
+
+// WithStreamInterceptor returns a DialOption that specifies the interceptor for
+// streaming RPCs.
+func WithStreamInterceptor(f StreamClientInterceptor) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.streamInt = f
+	})
+}
+
+// WithChainStreamInterceptor returns a DialOption that specifies the chained
+// interceptor for unary RPCs. The first interceptor will be the outer most,
+// while the last interceptor will be the inner most wrapper around the real call.
+// All interceptors added by this method will be chained, and the interceptor
+// defined by WithStreamInterceptor will always be prepended to the chain.
+func WithChainStreamInterceptor(interceptors ...StreamClientInterceptor) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.chainStreamInts = append(o.chainStreamInts, interceptors...)
+	})
+}
+
+// WithAuthority returns a DialOption that specifies the value to be used as the
+// :authority pseudo-header. This value only works with WithInsecure and has no
+// effect if TransportCredentials are present.
+func WithAuthority(a string) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.authority = a
+	})
+}
+
+// WithChannelzParentID returns a DialOption that specifies the channelz ID of
+// current ClientConn's parent. This function is used in nested channel creation
+// (e.g. grpclb dial).
+//
+// This API is EXPERIMENTAL.
+func WithChannelzParentID(id int64) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.channelzParentID = id
+	})
+}
+
+// WithDisableServiceConfig returns a DialOption that causes gRPC to ignore any
+// service config provided by the resolver and provides a hint to the resolver
+// to not fetch service configs.
+//
+// Note that this dial option only disables service config from resolver. If
+// default service config is provided, gRPC will use the default service config.
+func WithDisableServiceConfig() DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.disableServiceConfig = true
+	})
+}
+
+// WithDefaultServiceConfig returns a DialOption that configures the default
+// service config, which will be used in cases where:
+//
+// 1. WithDisableServiceConfig is also used.
+// 2. Resolver does not return a service config or if the resolver returns an
+//    invalid service config.
+//
+// This API is EXPERIMENTAL.
+func WithDefaultServiceConfig(s string) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.defaultServiceConfigRawJSON = &s
+	})
+}
+
+// WithDisableRetry returns a DialOption that disables retries, even if the
+// service config enables them.  This does not impact transparent retries, which
+// will happen automatically if no data is written to the wire or if the RPC is
+// unprocessed by the remote server.
+//
+// Retry support is currently disabled by default, but will be enabled by
+// default in the future.  Until then, it may be enabled by setting the
+// environment variable "GRPC_GO_RETRY" to "on".
+//
+// This API is EXPERIMENTAL.
+func WithDisableRetry() DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.disableRetry = true
+	})
+}
+
+// WithMaxHeaderListSize returns a DialOption that specifies the maximum
+// (uncompressed) size of header list that the client is prepared to accept.
+func WithMaxHeaderListSize(s uint32) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.MaxHeaderListSize = &s
+	})
+}
+
+// WithDisableHealthCheck disables the LB channel health checking for all
+// SubConns of this ClientConn.
+//
+// This API is EXPERIMENTAL.
+func WithDisableHealthCheck() DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.disableHealthCheck = true
+	})
+}
+
+// withHealthCheckFunc replaces the default health check function with the
+// provided one. It makes tests easier to change the health check function.
+//
+// For testing purpose only.
+func withHealthCheckFunc(f internal.HealthChecker) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.healthCheckFunc = f
+	})
+}
+
+func defaultDialOptions() dialOptions {
+	return dialOptions{
+		disableRetry:    !envconfig.Retry,
+		healthCheckFunc: internal.HealthCheckFunc,
+		copts: transport.ConnectOptions{
+			WriteBufferSize: defaultWriteBufSize,
+			ReadBufferSize:  defaultReadBufSize,
+		},
+		resolveNowBackoff: internalbackoff.DefaultExponential.Backoff,
+	}
+}
+
+// withGetMinConnectDeadline specifies the function that clientconn uses to
+// get minConnectDeadline. This can be used to make connection attempts happen
+// faster/slower.
+//
+// For testing purpose only.
+func withMinConnectDeadline(f func() time.Duration) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.minConnectTimeout = f
+	})
+}
+
+// withResolveNowBackoff specifies the function that clientconn uses to backoff
+// between successive calls to resolver.ResolveNow().
+//
+// For testing purpose only.
+func withResolveNowBackoff(f func(int) time.Duration) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.resolveNowBackoff = f
+	})
+}
+
+// WithResolvers allows a list of resolver implementations to be registered
+// locally with the ClientConn without needing to be globally registered via
+// resolver.Register.  They will be matched against the scheme used for the
+// current Dial only, and will take precedence over the global registry.
+//
+// This API is EXPERIMENTAL.
+func WithResolvers(rs ...resolver.Builder) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.resolvers = append(o.resolvers, rs...)
+	})
+}
diff --git a/vendor/google.golang.org/grpc/encoding/encoding.go b/vendor/google.golang.org/grpc/encoding/encoding.go
index ade8b7cec73a0..195e8448b6466 100644
--- a/vendor/google.golang.org/grpc/encoding/encoding.go
+++ b/vendor/google.golang.org/grpc/encoding/encoding.go
@@ -46,6 +46,10 @@ type Compressor interface {
 	// coding header.  The result must be static; the result cannot change
 	// between calls.
 	Name() string
+	// EXPERIMENTAL: if a Compressor implements
+	// DecompressedSize(compressedBytes []byte) int, gRPC will call it
+	// to determine the size of the buffer allocated for the result of decompression.
+	// Return -1 to indicate unknown size.
 }
 
 var registeredCompressor = make(map[string]Compressor)
@@ -102,10 +106,10 @@ func RegisterCodec(codec Codec) {
 	if codec == nil {
 		panic("cannot register a nil Codec")
 	}
-	contentSubtype := strings.ToLower(codec.Name())
-	if contentSubtype == "" {
-		panic("cannot register Codec with empty string result for String()")
+	if codec.Name() == "" {
+		panic("cannot register Codec with empty string result for Name()")
 	}
+	contentSubtype := strings.ToLower(codec.Name())
 	registeredCodecs[contentSubtype] = codec
 }
 
diff --git a/vendor/google.golang.org/grpc/envconfig.go b/vendor/google.golang.org/grpc/envconfig.go
deleted file mode 100644
index d50178e5171b8..0000000000000
--- a/vendor/google.golang.org/grpc/envconfig.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpc
-
-import (
-	"os"
-	"strings"
-)
-
-const (
-	envConfigPrefix        = "GRPC_GO_"
-	envConfigStickinessStr = envConfigPrefix + "STICKINESS"
-)
-
-var (
-	envConfigStickinessOn bool
-)
-
-func init() {
-	envConfigStickinessOn = strings.EqualFold(os.Getenv(envConfigStickinessStr), "on")
-}
diff --git a/vendor/google.golang.org/grpc/go.mod b/vendor/google.golang.org/grpc/go.mod
new file mode 100644
index 0000000000000..2378361302f83
--- /dev/null
+++ b/vendor/google.golang.org/grpc/go.mod
@@ -0,0 +1,16 @@
+module google.golang.org/grpc
+
+go 1.11
+
+require (
+	github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473
+	github.com/envoyproxy/protoc-gen-validate v0.1.0
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
+	github.com/golang/mock v1.1.1
+	github.com/golang/protobuf v1.3.2
+	github.com/google/go-cmp v0.2.0
+	golang.org/x/net v0.0.0-20190311183353-d8887717615a
+	golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be
+	golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a
+	google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55
+)
diff --git a/vendor/google.golang.org/grpc/go16.go b/vendor/google.golang.org/grpc/go16.go
deleted file mode 100644
index 535ee9356f34f..0000000000000
--- a/vendor/google.golang.org/grpc/go16.go
+++ /dev/null
@@ -1,70 +0,0 @@
-// +build go1.6,!go1.7
-
-/*
- *
- * Copyright 2016 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpc
-
-import (
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-
-	"golang.org/x/net/context"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/transport"
-)
-
-// dialContext connects to the address on the named network.
-func dialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	return (&net.Dialer{Cancel: ctx.Done()}).Dial(network, address)
-}
-
-func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) error {
-	req.Cancel = ctx.Done()
-	if err := req.Write(conn); err != nil {
-		return fmt.Errorf("failed to write the HTTP request: %v", err)
-	}
-	return nil
-}
-
-// toRPCErr converts an error into an error from the status package.
-func toRPCErr(err error) error {
-	if err == nil || err == io.EOF {
-		return err
-	}
-	if _, ok := status.FromError(err); ok {
-		return err
-	}
-	switch e := err.(type) {
-	case transport.StreamError:
-		return status.Error(e.Code, e.Desc)
-	case transport.ConnectionError:
-		return status.Error(codes.Unavailable, e.Desc)
-	default:
-		switch err {
-		case context.DeadlineExceeded:
-			return status.Error(codes.DeadlineExceeded, err.Error())
-		case context.Canceled:
-			return status.Error(codes.Canceled, err.Error())
-		}
-	}
-	return status.Error(codes.Unknown, err.Error())
-}
diff --git a/vendor/google.golang.org/grpc/go17.go b/vendor/google.golang.org/grpc/go17.go
deleted file mode 100644
index ec676a93c396f..0000000000000
--- a/vendor/google.golang.org/grpc/go17.go
+++ /dev/null
@@ -1,71 +0,0 @@
-// +build go1.7
-
-/*
- *
- * Copyright 2016 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpc
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-
-	netctx "golang.org/x/net/context"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/transport"
-)
-
-// dialContext connects to the address on the named network.
-func dialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	return (&net.Dialer{}).DialContext(ctx, network, address)
-}
-
-func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) error {
-	req = req.WithContext(ctx)
-	if err := req.Write(conn); err != nil {
-		return fmt.Errorf("failed to write the HTTP request: %v", err)
-	}
-	return nil
-}
-
-// toRPCErr converts an error into an error from the status package.
-func toRPCErr(err error) error {
-	if err == nil || err == io.EOF {
-		return err
-	}
-	if _, ok := status.FromError(err); ok {
-		return err
-	}
-	switch e := err.(type) {
-	case transport.StreamError:
-		return status.Error(e.Code, e.Desc)
-	case transport.ConnectionError:
-		return status.Error(codes.Unavailable, e.Desc)
-	default:
-		switch err {
-		case context.DeadlineExceeded, netctx.DeadlineExceeded:
-			return status.Error(codes.DeadlineExceeded, err.Error())
-		case context.Canceled, netctx.Canceled:
-			return status.Error(codes.Canceled, err.Error())
-		}
-	}
-	return status.Error(codes.Unknown, err.Error())
-}
diff --git a/vendor/google.golang.org/grpc/grpclb.go b/vendor/google.golang.org/grpc/grpclb.go
deleted file mode 100644
index bc2b44525582f..0000000000000
--- a/vendor/google.golang.org/grpc/grpclb.go
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- *
- * Copyright 2016 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpc
-
-import (
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"golang.org/x/net/context"
-	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/connectivity"
-	lbpb "google.golang.org/grpc/grpclb/grpc_lb_v1/messages"
-	"google.golang.org/grpc/grpclog"
-	"google.golang.org/grpc/resolver"
-)
-
-const (
-	lbTokeyKey             = "lb-token"
-	defaultFallbackTimeout = 10 * time.Second
-	grpclbName             = "grpclb"
-)
-
-func convertDuration(d *lbpb.Duration) time.Duration {
-	if d == nil {
-		return 0
-	}
-	return time.Duration(d.Seconds)*time.Second + time.Duration(d.Nanos)*time.Nanosecond
-}
-
-// Client API for LoadBalancer service.
-// Mostly copied from generated pb.go file.
-// To avoid circular dependency.
-type loadBalancerClient struct {
-	cc *ClientConn
-}
-
-func (c *loadBalancerClient) BalanceLoad(ctx context.Context, opts ...CallOption) (*balanceLoadClientStream, error) {
-	desc := &StreamDesc{
-		StreamName:    "BalanceLoad",
-		ServerStreams: true,
-		ClientStreams: true,
-	}
-	stream, err := c.cc.NewStream(ctx, desc, "/grpc.lb.v1.LoadBalancer/BalanceLoad", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &balanceLoadClientStream{stream}
-	return x, nil
-}
-
-type balanceLoadClientStream struct {
-	ClientStream
-}
-
-func (x *balanceLoadClientStream) Send(m *lbpb.LoadBalanceRequest) error {
-	return x.ClientStream.SendMsg(m)
-}
-
-func (x *balanceLoadClientStream) Recv() (*lbpb.LoadBalanceResponse, error) {
-	m := new(lbpb.LoadBalanceResponse)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-func init() {
-	balancer.Register(newLBBuilder())
-}
-
-// newLBBuilder creates a builder for grpclb.
-func newLBBuilder() balancer.Builder {
-	return NewLBBuilderWithFallbackTimeout(defaultFallbackTimeout)
-}
-
-// NewLBBuilderWithFallbackTimeout creates a grpclb builder with the given
-// fallbackTimeout. If no response is received from the remote balancer within
-// fallbackTimeout, the backend addresses from the resolved address list will be
-// used.
-//
-// Only call this function when a non-default fallback timeout is needed.
-func NewLBBuilderWithFallbackTimeout(fallbackTimeout time.Duration) balancer.Builder {
-	return &lbBuilder{
-		fallbackTimeout: fallbackTimeout,
-	}
-}
-
-type lbBuilder struct {
-	fallbackTimeout time.Duration
-}
-
-func (b *lbBuilder) Name() string {
-	return grpclbName
-}
-
-func (b *lbBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) balancer.Balancer {
-	// This generates a manual resolver builder with a random scheme. This
-	// scheme will be used to dial to remote LB, so we can send filtered address
-	// updates to remote LB ClientConn using this manual resolver.
-	scheme := "grpclb_internal_" + strconv.FormatInt(time.Now().UnixNano(), 36)
-	r := &lbManualResolver{scheme: scheme, ccb: cc}
-
-	var target string
-	targetSplitted := strings.Split(cc.Target(), ":///")
-	if len(targetSplitted) < 2 {
-		target = cc.Target()
-	} else {
-		target = targetSplitted[1]
-	}
-
-	lb := &lbBalancer{
-		cc:              newLBCacheClientConn(cc),
-		target:          target,
-		opt:             opt,
-		fallbackTimeout: b.fallbackTimeout,
-		doneCh:          make(chan struct{}),
-
-		manualResolver: r,
-		csEvltr:        &connectivityStateEvaluator{},
-		subConns:       make(map[resolver.Address]balancer.SubConn),
-		scStates:       make(map[balancer.SubConn]connectivity.State),
-		picker:         &errPicker{err: balancer.ErrNoSubConnAvailable},
-		clientStats:    &rpcStats{},
-	}
-
-	return lb
-}
-
-type lbBalancer struct {
-	cc              *lbCacheClientConn
-	target          string
-	opt             balancer.BuildOptions
-	fallbackTimeout time.Duration
-	doneCh          chan struct{}
-
-	// manualResolver is used in the remote LB ClientConn inside grpclb. When
-	// resolved address updates are received by grpclb, filtered updates will be
-	// send to remote LB ClientConn through this resolver.
-	manualResolver *lbManualResolver
-	// The ClientConn to talk to the remote balancer.
-	ccRemoteLB *ClientConn
-
-	// Support client side load reporting. Each picker gets a reference to this,
-	// and will update its content.
-	clientStats *rpcStats
-
-	mu sync.Mutex // guards everything following.
-	// The full server list including drops, used to check if the newly received
-	// serverList contains anything new. Each generate picker will also have
-	// reference to this list to do the first layer pick.
-	fullServerList []*lbpb.Server
-	// All backends addresses, with metadata set to nil. This list contains all
-	// backend addresses in the same order and with the same duplicates as in
-	// serverlist. When generating picker, a SubConn slice with the same order
-	// but with only READY SCs will be gerenated.
-	backendAddrs []resolver.Address
-	// Roundrobin functionalities.
-	csEvltr  *connectivityStateEvaluator
-	state    connectivity.State
-	subConns map[resolver.Address]balancer.SubConn   // Used to new/remove SubConn.
-	scStates map[balancer.SubConn]connectivity.State // Used to filter READY SubConns.
-	picker   balancer.Picker
-	// Support fallback to resolved backend addresses if there's no response
-	// from remote balancer within fallbackTimeout.
-	fallbackTimerExpired bool
-	serverListReceived   bool
-	// resolvedBackendAddrs is resolvedAddrs minus remote balancers. It's set
-	// when resolved address updates are received, and read in the goroutine
-	// handling fallback.
-	resolvedBackendAddrs []resolver.Address
-}
-
-// regeneratePicker takes a snapshot of the balancer, and generates a picker from
-// it. The picker
-//  - always returns ErrTransientFailure if the balancer is in TransientFailure,
-//  - does two layer roundrobin pick otherwise.
-// Caller must hold lb.mu.
-func (lb *lbBalancer) regeneratePicker() {
-	if lb.state == connectivity.TransientFailure {
-		lb.picker = &errPicker{err: balancer.ErrTransientFailure}
-		return
-	}
-	var readySCs []balancer.SubConn
-	for _, a := range lb.backendAddrs {
-		if sc, ok := lb.subConns[a]; ok {
-			if st, ok := lb.scStates[sc]; ok && st == connectivity.Ready {
-				readySCs = append(readySCs, sc)
-			}
-		}
-	}
-
-	if len(lb.fullServerList) <= 0 {
-		if len(readySCs) <= 0 {
-			lb.picker = &errPicker{err: balancer.ErrNoSubConnAvailable}
-			return
-		}
-		lb.picker = &rrPicker{subConns: readySCs}
-		return
-	}
-	lb.picker = &lbPicker{
-		serverList: lb.fullServerList,
-		subConns:   readySCs,
-		stats:      lb.clientStats,
-	}
-}
-
-func (lb *lbBalancer) HandleSubConnStateChange(sc balancer.SubConn, s connectivity.State) {
-	grpclog.Infof("lbBalancer: handle SubConn state change: %p, %v", sc, s)
-	lb.mu.Lock()
-	defer lb.mu.Unlock()
-
-	oldS, ok := lb.scStates[sc]
-	if !ok {
-		grpclog.Infof("lbBalancer: got state changes for an unknown SubConn: %p, %v", sc, s)
-		return
-	}
-	lb.scStates[sc] = s
-	switch s {
-	case connectivity.Idle:
-		sc.Connect()
-	case connectivity.Shutdown:
-		// When an address was removed by resolver, b called RemoveSubConn but
-		// kept the sc's state in scStates. Remove state for this sc here.
-		delete(lb.scStates, sc)
-	}
-
-	oldAggrState := lb.state
-	lb.state = lb.csEvltr.recordTransition(oldS, s)
-
-	// Regenerate picker when one of the following happens:
-	//  - this sc became ready from not-ready
-	//  - this sc became not-ready from ready
-	//  - the aggregated state of balancer became TransientFailure from non-TransientFailure
-	//  - the aggregated state of balancer became non-TransientFailure from TransientFailure
-	if (oldS == connectivity.Ready) != (s == connectivity.Ready) ||
-		(lb.state == connectivity.TransientFailure) != (oldAggrState == connectivity.TransientFailure) {
-		lb.regeneratePicker()
-	}
-
-	lb.cc.UpdateBalancerState(lb.state, lb.picker)
-}
-
-// fallbackToBackendsAfter blocks for fallbackTimeout and falls back to use
-// resolved backends (backends received from resolver, not from remote balancer)
-// if no connection to remote balancers was successful.
-func (lb *lbBalancer) fallbackToBackendsAfter(fallbackTimeout time.Duration) {
-	timer := time.NewTimer(fallbackTimeout)
-	defer timer.Stop()
-	select {
-	case <-timer.C:
-	case <-lb.doneCh:
-		return
-	}
-	lb.mu.Lock()
-	if lb.serverListReceived {
-		lb.mu.Unlock()
-		return
-	}
-	lb.fallbackTimerExpired = true
-	lb.refreshSubConns(lb.resolvedBackendAddrs)
-	lb.mu.Unlock()
-}
-
-// HandleResolvedAddrs sends the updated remoteLB addresses to remoteLB
-// clientConn. The remoteLB clientConn will handle creating/removing remoteLB
-// connections.
-func (lb *lbBalancer) HandleResolvedAddrs(addrs []resolver.Address, err error) {
-	grpclog.Infof("lbBalancer: handleResolvedResult: %+v", addrs)
-	if len(addrs) <= 0 {
-		return
-	}
-
-	var remoteBalancerAddrs, backendAddrs []resolver.Address
-	for _, a := range addrs {
-		if a.Type == resolver.GRPCLB {
-			remoteBalancerAddrs = append(remoteBalancerAddrs, a)
-		} else {
-			backendAddrs = append(backendAddrs, a)
-		}
-	}
-
-	if lb.ccRemoteLB == nil {
-		if len(remoteBalancerAddrs) <= 0 {
-			grpclog.Errorf("grpclb: no remote balancer address is available, should never happen")
-			return
-		}
-		// First time receiving resolved addresses, create a cc to remote
-		// balancers.
-		lb.dialRemoteLB(remoteBalancerAddrs[0].ServerName)
-		// Start the fallback goroutine.
-		go lb.fallbackToBackendsAfter(lb.fallbackTimeout)
-	}
-
-	// cc to remote balancers uses lb.manualResolver. Send the updated remote
-	// balancer addresses to it through manualResolver.
-	lb.manualResolver.NewAddress(remoteBalancerAddrs)
-
-	lb.mu.Lock()
-	lb.resolvedBackendAddrs = backendAddrs
-	// If serverListReceived is true, connection to remote balancer was
-	// successful and there's no need to do fallback anymore.
-	// If fallbackTimerExpired is false, fallback hasn't happened yet.
-	if !lb.serverListReceived && lb.fallbackTimerExpired {
-		// This means we received a new list of resolved backends, and we are
-		// still in fallback mode. Need to update the list of backends we are
-		// using to the new list of backends.
-		lb.refreshSubConns(lb.resolvedBackendAddrs)
-	}
-	lb.mu.Unlock()
-}
-
-func (lb *lbBalancer) Close() {
-	select {
-	case <-lb.doneCh:
-		return
-	default:
-	}
-	close(lb.doneCh)
-	if lb.ccRemoteLB != nil {
-		lb.ccRemoteLB.Close()
-	}
-	lb.cc.close()
-}
diff --git a/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/messages/messages.pb.go b/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/messages/messages.pb.go
deleted file mode 100644
index b3b32b48e86fe..0000000000000
--- a/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/messages/messages.pb.go
+++ /dev/null
@@ -1,799 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: grpc_lb_v1/messages/messages.proto
-
-package messages // import "google.golang.org/grpc/grpclb/grpc_lb_v1/messages"
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type Duration struct {
-	// Signed seconds of the span of time. Must be from -315,576,000,000
-	// to +315,576,000,000 inclusive.
-	Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"`
-	// Signed fractions of a second at nanosecond resolution of the span
-	// of time. Durations less than one second are represented with a 0
-	// `seconds` field and a positive or negative `nanos` field. For durations
-	// of one second or more, a non-zero value for the `nanos` field must be
-	// of the same sign as the `seconds` field. Must be from -999,999,999
-	// to +999,999,999 inclusive.
-	Nanos                int32    `protobuf:"varint,2,opt,name=nanos" json:"nanos,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Duration) Reset()         { *m = Duration{} }
-func (m *Duration) String() string { return proto.CompactTextString(m) }
-func (*Duration) ProtoMessage()    {}
-func (*Duration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{0}
-}
-func (m *Duration) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Duration.Unmarshal(m, b)
-}
-func (m *Duration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Duration.Marshal(b, m, deterministic)
-}
-func (dst *Duration) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Duration.Merge(dst, src)
-}
-func (m *Duration) XXX_Size() int {
-	return xxx_messageInfo_Duration.Size(m)
-}
-func (m *Duration) XXX_DiscardUnknown() {
-	xxx_messageInfo_Duration.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Duration proto.InternalMessageInfo
-
-func (m *Duration) GetSeconds() int64 {
-	if m != nil {
-		return m.Seconds
-	}
-	return 0
-}
-
-func (m *Duration) GetNanos() int32 {
-	if m != nil {
-		return m.Nanos
-	}
-	return 0
-}
-
-type Timestamp struct {
-	// Represents seconds of UTC time since Unix epoch
-	// 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
-	// 9999-12-31T23:59:59Z inclusive.
-	Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"`
-	// Non-negative fractions of a second at nanosecond resolution. Negative
-	// second values with fractions must still have non-negative nanos values
-	// that count forward in time. Must be from 0 to 999,999,999
-	// inclusive.
-	Nanos                int32    `protobuf:"varint,2,opt,name=nanos" json:"nanos,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Timestamp) Reset()         { *m = Timestamp{} }
-func (m *Timestamp) String() string { return proto.CompactTextString(m) }
-func (*Timestamp) ProtoMessage()    {}
-func (*Timestamp) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{1}
-}
-func (m *Timestamp) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Timestamp.Unmarshal(m, b)
-}
-func (m *Timestamp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Timestamp.Marshal(b, m, deterministic)
-}
-func (dst *Timestamp) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Timestamp.Merge(dst, src)
-}
-func (m *Timestamp) XXX_Size() int {
-	return xxx_messageInfo_Timestamp.Size(m)
-}
-func (m *Timestamp) XXX_DiscardUnknown() {
-	xxx_messageInfo_Timestamp.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Timestamp proto.InternalMessageInfo
-
-func (m *Timestamp) GetSeconds() int64 {
-	if m != nil {
-		return m.Seconds
-	}
-	return 0
-}
-
-func (m *Timestamp) GetNanos() int32 {
-	if m != nil {
-		return m.Nanos
-	}
-	return 0
-}
-
-type LoadBalanceRequest struct {
-	// Types that are valid to be assigned to LoadBalanceRequestType:
-	//	*LoadBalanceRequest_InitialRequest
-	//	*LoadBalanceRequest_ClientStats
-	LoadBalanceRequestType isLoadBalanceRequest_LoadBalanceRequestType `protobuf_oneof:"load_balance_request_type"`
-	XXX_NoUnkeyedLiteral   struct{}                                    `json:"-"`
-	XXX_unrecognized       []byte                                      `json:"-"`
-	XXX_sizecache          int32                                       `json:"-"`
-}
-
-func (m *LoadBalanceRequest) Reset()         { *m = LoadBalanceRequest{} }
-func (m *LoadBalanceRequest) String() string { return proto.CompactTextString(m) }
-func (*LoadBalanceRequest) ProtoMessage()    {}
-func (*LoadBalanceRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{2}
-}
-func (m *LoadBalanceRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LoadBalanceRequest.Unmarshal(m, b)
-}
-func (m *LoadBalanceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LoadBalanceRequest.Marshal(b, m, deterministic)
-}
-func (dst *LoadBalanceRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LoadBalanceRequest.Merge(dst, src)
-}
-func (m *LoadBalanceRequest) XXX_Size() int {
-	return xxx_messageInfo_LoadBalanceRequest.Size(m)
-}
-func (m *LoadBalanceRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_LoadBalanceRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LoadBalanceRequest proto.InternalMessageInfo
-
-type isLoadBalanceRequest_LoadBalanceRequestType interface {
-	isLoadBalanceRequest_LoadBalanceRequestType()
-}
-
-type LoadBalanceRequest_InitialRequest struct {
-	InitialRequest *InitialLoadBalanceRequest `protobuf:"bytes,1,opt,name=initial_request,json=initialRequest,oneof"`
-}
-type LoadBalanceRequest_ClientStats struct {
-	ClientStats *ClientStats `protobuf:"bytes,2,opt,name=client_stats,json=clientStats,oneof"`
-}
-
-func (*LoadBalanceRequest_InitialRequest) isLoadBalanceRequest_LoadBalanceRequestType() {}
-func (*LoadBalanceRequest_ClientStats) isLoadBalanceRequest_LoadBalanceRequestType()    {}
-
-func (m *LoadBalanceRequest) GetLoadBalanceRequestType() isLoadBalanceRequest_LoadBalanceRequestType {
-	if m != nil {
-		return m.LoadBalanceRequestType
-	}
-	return nil
-}
-
-func (m *LoadBalanceRequest) GetInitialRequest() *InitialLoadBalanceRequest {
-	if x, ok := m.GetLoadBalanceRequestType().(*LoadBalanceRequest_InitialRequest); ok {
-		return x.InitialRequest
-	}
-	return nil
-}
-
-func (m *LoadBalanceRequest) GetClientStats() *ClientStats {
-	if x, ok := m.GetLoadBalanceRequestType().(*LoadBalanceRequest_ClientStats); ok {
-		return x.ClientStats
-	}
-	return nil
-}
-
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*LoadBalanceRequest) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _LoadBalanceRequest_OneofMarshaler, _LoadBalanceRequest_OneofUnmarshaler, _LoadBalanceRequest_OneofSizer, []interface{}{
-		(*LoadBalanceRequest_InitialRequest)(nil),
-		(*LoadBalanceRequest_ClientStats)(nil),
-	}
-}
-
-func _LoadBalanceRequest_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*LoadBalanceRequest)
-	// load_balance_request_type
-	switch x := m.LoadBalanceRequestType.(type) {
-	case *LoadBalanceRequest_InitialRequest:
-		b.EncodeVarint(1<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.InitialRequest); err != nil {
-			return err
-		}
-	case *LoadBalanceRequest_ClientStats:
-		b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.ClientStats); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("LoadBalanceRequest.LoadBalanceRequestType has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _LoadBalanceRequest_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*LoadBalanceRequest)
-	switch tag {
-	case 1: // load_balance_request_type.initial_request
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(InitialLoadBalanceRequest)
-		err := b.DecodeMessage(msg)
-		m.LoadBalanceRequestType = &LoadBalanceRequest_InitialRequest{msg}
-		return true, err
-	case 2: // load_balance_request_type.client_stats
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(ClientStats)
-		err := b.DecodeMessage(msg)
-		m.LoadBalanceRequestType = &LoadBalanceRequest_ClientStats{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _LoadBalanceRequest_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*LoadBalanceRequest)
-	// load_balance_request_type
-	switch x := m.LoadBalanceRequestType.(type) {
-	case *LoadBalanceRequest_InitialRequest:
-		s := proto.Size(x.InitialRequest)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *LoadBalanceRequest_ClientStats:
-		s := proto.Size(x.ClientStats)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
-type InitialLoadBalanceRequest struct {
-	// Name of load balanced service (IE, balancer.service.com)
-	// length should be less than 256 bytes.
-	Name                 string   `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *InitialLoadBalanceRequest) Reset()         { *m = InitialLoadBalanceRequest{} }
-func (m *InitialLoadBalanceRequest) String() string { return proto.CompactTextString(m) }
-func (*InitialLoadBalanceRequest) ProtoMessage()    {}
-func (*InitialLoadBalanceRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{3}
-}
-func (m *InitialLoadBalanceRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_InitialLoadBalanceRequest.Unmarshal(m, b)
-}
-func (m *InitialLoadBalanceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_InitialLoadBalanceRequest.Marshal(b, m, deterministic)
-}
-func (dst *InitialLoadBalanceRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_InitialLoadBalanceRequest.Merge(dst, src)
-}
-func (m *InitialLoadBalanceRequest) XXX_Size() int {
-	return xxx_messageInfo_InitialLoadBalanceRequest.Size(m)
-}
-func (m *InitialLoadBalanceRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_InitialLoadBalanceRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_InitialLoadBalanceRequest proto.InternalMessageInfo
-
-func (m *InitialLoadBalanceRequest) GetName() string {
-	if m != nil {
-		return m.Name
-	}
-	return ""
-}
-
-// Contains client level statistics that are useful to load balancing. Each
-// count except the timestamp should be reset to zero after reporting the stats.
-type ClientStats struct {
-	// The timestamp of generating the report.
-	Timestamp *Timestamp `protobuf:"bytes,1,opt,name=timestamp" json:"timestamp,omitempty"`
-	// The total number of RPCs that started.
-	NumCallsStarted int64 `protobuf:"varint,2,opt,name=num_calls_started,json=numCallsStarted" json:"num_calls_started,omitempty"`
-	// The total number of RPCs that finished.
-	NumCallsFinished int64 `protobuf:"varint,3,opt,name=num_calls_finished,json=numCallsFinished" json:"num_calls_finished,omitempty"`
-	// The total number of RPCs that were dropped by the client because of rate
-	// limiting.
-	NumCallsFinishedWithDropForRateLimiting int64 `protobuf:"varint,4,opt,name=num_calls_finished_with_drop_for_rate_limiting,json=numCallsFinishedWithDropForRateLimiting" json:"num_calls_finished_with_drop_for_rate_limiting,omitempty"`
-	// The total number of RPCs that were dropped by the client because of load
-	// balancing.
-	NumCallsFinishedWithDropForLoadBalancing int64 `protobuf:"varint,5,opt,name=num_calls_finished_with_drop_for_load_balancing,json=numCallsFinishedWithDropForLoadBalancing" json:"num_calls_finished_with_drop_for_load_balancing,omitempty"`
-	// The total number of RPCs that failed to reach a server except dropped RPCs.
-	NumCallsFinishedWithClientFailedToSend int64 `protobuf:"varint,6,opt,name=num_calls_finished_with_client_failed_to_send,json=numCallsFinishedWithClientFailedToSend" json:"num_calls_finished_with_client_failed_to_send,omitempty"`
-	// The total number of RPCs that finished and are known to have been received
-	// by a server.
-	NumCallsFinishedKnownReceived int64    `protobuf:"varint,7,opt,name=num_calls_finished_known_received,json=numCallsFinishedKnownReceived" json:"num_calls_finished_known_received,omitempty"`
-	XXX_NoUnkeyedLiteral          struct{} `json:"-"`
-	XXX_unrecognized              []byte   `json:"-"`
-	XXX_sizecache                 int32    `json:"-"`
-}
-
-func (m *ClientStats) Reset()         { *m = ClientStats{} }
-func (m *ClientStats) String() string { return proto.CompactTextString(m) }
-func (*ClientStats) ProtoMessage()    {}
-func (*ClientStats) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{4}
-}
-func (m *ClientStats) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ClientStats.Unmarshal(m, b)
-}
-func (m *ClientStats) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ClientStats.Marshal(b, m, deterministic)
-}
-func (dst *ClientStats) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ClientStats.Merge(dst, src)
-}
-func (m *ClientStats) XXX_Size() int {
-	return xxx_messageInfo_ClientStats.Size(m)
-}
-func (m *ClientStats) XXX_DiscardUnknown() {
-	xxx_messageInfo_ClientStats.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ClientStats proto.InternalMessageInfo
-
-func (m *ClientStats) GetTimestamp() *Timestamp {
-	if m != nil {
-		return m.Timestamp
-	}
-	return nil
-}
-
-func (m *ClientStats) GetNumCallsStarted() int64 {
-	if m != nil {
-		return m.NumCallsStarted
-	}
-	return 0
-}
-
-func (m *ClientStats) GetNumCallsFinished() int64 {
-	if m != nil {
-		return m.NumCallsFinished
-	}
-	return 0
-}
-
-func (m *ClientStats) GetNumCallsFinishedWithDropForRateLimiting() int64 {
-	if m != nil {
-		return m.NumCallsFinishedWithDropForRateLimiting
-	}
-	return 0
-}
-
-func (m *ClientStats) GetNumCallsFinishedWithDropForLoadBalancing() int64 {
-	if m != nil {
-		return m.NumCallsFinishedWithDropForLoadBalancing
-	}
-	return 0
-}
-
-func (m *ClientStats) GetNumCallsFinishedWithClientFailedToSend() int64 {
-	if m != nil {
-		return m.NumCallsFinishedWithClientFailedToSend
-	}
-	return 0
-}
-
-func (m *ClientStats) GetNumCallsFinishedKnownReceived() int64 {
-	if m != nil {
-		return m.NumCallsFinishedKnownReceived
-	}
-	return 0
-}
-
-type LoadBalanceResponse struct {
-	// Types that are valid to be assigned to LoadBalanceResponseType:
-	//	*LoadBalanceResponse_InitialResponse
-	//	*LoadBalanceResponse_ServerList
-	LoadBalanceResponseType isLoadBalanceResponse_LoadBalanceResponseType `protobuf_oneof:"load_balance_response_type"`
-	XXX_NoUnkeyedLiteral    struct{}                                      `json:"-"`
-	XXX_unrecognized        []byte                                        `json:"-"`
-	XXX_sizecache           int32                                         `json:"-"`
-}
-
-func (m *LoadBalanceResponse) Reset()         { *m = LoadBalanceResponse{} }
-func (m *LoadBalanceResponse) String() string { return proto.CompactTextString(m) }
-func (*LoadBalanceResponse) ProtoMessage()    {}
-func (*LoadBalanceResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{5}
-}
-func (m *LoadBalanceResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LoadBalanceResponse.Unmarshal(m, b)
-}
-func (m *LoadBalanceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LoadBalanceResponse.Marshal(b, m, deterministic)
-}
-func (dst *LoadBalanceResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LoadBalanceResponse.Merge(dst, src)
-}
-func (m *LoadBalanceResponse) XXX_Size() int {
-	return xxx_messageInfo_LoadBalanceResponse.Size(m)
-}
-func (m *LoadBalanceResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_LoadBalanceResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LoadBalanceResponse proto.InternalMessageInfo
-
-type isLoadBalanceResponse_LoadBalanceResponseType interface {
-	isLoadBalanceResponse_LoadBalanceResponseType()
-}
-
-type LoadBalanceResponse_InitialResponse struct {
-	InitialResponse *InitialLoadBalanceResponse `protobuf:"bytes,1,opt,name=initial_response,json=initialResponse,oneof"`
-}
-type LoadBalanceResponse_ServerList struct {
-	ServerList *ServerList `protobuf:"bytes,2,opt,name=server_list,json=serverList,oneof"`
-}
-
-func (*LoadBalanceResponse_InitialResponse) isLoadBalanceResponse_LoadBalanceResponseType() {}
-func (*LoadBalanceResponse_ServerList) isLoadBalanceResponse_LoadBalanceResponseType()      {}
-
-func (m *LoadBalanceResponse) GetLoadBalanceResponseType() isLoadBalanceResponse_LoadBalanceResponseType {
-	if m != nil {
-		return m.LoadBalanceResponseType
-	}
-	return nil
-}
-
-func (m *LoadBalanceResponse) GetInitialResponse() *InitialLoadBalanceResponse {
-	if x, ok := m.GetLoadBalanceResponseType().(*LoadBalanceResponse_InitialResponse); ok {
-		return x.InitialResponse
-	}
-	return nil
-}
-
-func (m *LoadBalanceResponse) GetServerList() *ServerList {
-	if x, ok := m.GetLoadBalanceResponseType().(*LoadBalanceResponse_ServerList); ok {
-		return x.ServerList
-	}
-	return nil
-}
-
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*LoadBalanceResponse) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
-	return _LoadBalanceResponse_OneofMarshaler, _LoadBalanceResponse_OneofUnmarshaler, _LoadBalanceResponse_OneofSizer, []interface{}{
-		(*LoadBalanceResponse_InitialResponse)(nil),
-		(*LoadBalanceResponse_ServerList)(nil),
-	}
-}
-
-func _LoadBalanceResponse_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
-	m := msg.(*LoadBalanceResponse)
-	// load_balance_response_type
-	switch x := m.LoadBalanceResponseType.(type) {
-	case *LoadBalanceResponse_InitialResponse:
-		b.EncodeVarint(1<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.InitialResponse); err != nil {
-			return err
-		}
-	case *LoadBalanceResponse_ServerList:
-		b.EncodeVarint(2<<3 | proto.WireBytes)
-		if err := b.EncodeMessage(x.ServerList); err != nil {
-			return err
-		}
-	case nil:
-	default:
-		return fmt.Errorf("LoadBalanceResponse.LoadBalanceResponseType has unexpected type %T", x)
-	}
-	return nil
-}
-
-func _LoadBalanceResponse_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
-	m := msg.(*LoadBalanceResponse)
-	switch tag {
-	case 1: // load_balance_response_type.initial_response
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(InitialLoadBalanceResponse)
-		err := b.DecodeMessage(msg)
-		m.LoadBalanceResponseType = &LoadBalanceResponse_InitialResponse{msg}
-		return true, err
-	case 2: // load_balance_response_type.server_list
-		if wire != proto.WireBytes {
-			return true, proto.ErrInternalBadWireType
-		}
-		msg := new(ServerList)
-		err := b.DecodeMessage(msg)
-		m.LoadBalanceResponseType = &LoadBalanceResponse_ServerList{msg}
-		return true, err
-	default:
-		return false, nil
-	}
-}
-
-func _LoadBalanceResponse_OneofSizer(msg proto.Message) (n int) {
-	m := msg.(*LoadBalanceResponse)
-	// load_balance_response_type
-	switch x := m.LoadBalanceResponseType.(type) {
-	case *LoadBalanceResponse_InitialResponse:
-		s := proto.Size(x.InitialResponse)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case *LoadBalanceResponse_ServerList:
-		s := proto.Size(x.ServerList)
-		n += 1 // tag and wire
-		n += proto.SizeVarint(uint64(s))
-		n += s
-	case nil:
-	default:
-		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
-	}
-	return n
-}
-
-type InitialLoadBalanceResponse struct {
-	// This is an application layer redirect that indicates the client should use
-	// the specified server for load balancing. When this field is non-empty in
-	// the response, the client should open a separate connection to the
-	// load_balancer_delegate and call the BalanceLoad method. Its length should
-	// be less than 64 bytes.
-	LoadBalancerDelegate string `protobuf:"bytes,1,opt,name=load_balancer_delegate,json=loadBalancerDelegate" json:"load_balancer_delegate,omitempty"`
-	// This interval defines how often the client should send the client stats
-	// to the load balancer. Stats should only be reported when the duration is
-	// positive.
-	ClientStatsReportInterval *Duration `protobuf:"bytes,2,opt,name=client_stats_report_interval,json=clientStatsReportInterval" json:"client_stats_report_interval,omitempty"`
-	XXX_NoUnkeyedLiteral      struct{}  `json:"-"`
-	XXX_unrecognized          []byte    `json:"-"`
-	XXX_sizecache             int32     `json:"-"`
-}
-
-func (m *InitialLoadBalanceResponse) Reset()         { *m = InitialLoadBalanceResponse{} }
-func (m *InitialLoadBalanceResponse) String() string { return proto.CompactTextString(m) }
-func (*InitialLoadBalanceResponse) ProtoMessage()    {}
-func (*InitialLoadBalanceResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{6}
-}
-func (m *InitialLoadBalanceResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_InitialLoadBalanceResponse.Unmarshal(m, b)
-}
-func (m *InitialLoadBalanceResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_InitialLoadBalanceResponse.Marshal(b, m, deterministic)
-}
-func (dst *InitialLoadBalanceResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_InitialLoadBalanceResponse.Merge(dst, src)
-}
-func (m *InitialLoadBalanceResponse) XXX_Size() int {
-	return xxx_messageInfo_InitialLoadBalanceResponse.Size(m)
-}
-func (m *InitialLoadBalanceResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_InitialLoadBalanceResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_InitialLoadBalanceResponse proto.InternalMessageInfo
-
-func (m *InitialLoadBalanceResponse) GetLoadBalancerDelegate() string {
-	if m != nil {
-		return m.LoadBalancerDelegate
-	}
-	return ""
-}
-
-func (m *InitialLoadBalanceResponse) GetClientStatsReportInterval() *Duration {
-	if m != nil {
-		return m.ClientStatsReportInterval
-	}
-	return nil
-}
-
-type ServerList struct {
-	// Contains a list of servers selected by the load balancer. The list will
-	// be updated when server resolutions change or as needed to balance load
-	// across more servers. The client should consume the server list in order
-	// unless instructed otherwise via the client_config.
-	Servers              []*Server `protobuf:"bytes,1,rep,name=servers" json:"servers,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
-	XXX_unrecognized     []byte    `json:"-"`
-	XXX_sizecache        int32     `json:"-"`
-}
-
-func (m *ServerList) Reset()         { *m = ServerList{} }
-func (m *ServerList) String() string { return proto.CompactTextString(m) }
-func (*ServerList) ProtoMessage()    {}
-func (*ServerList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{7}
-}
-func (m *ServerList) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ServerList.Unmarshal(m, b)
-}
-func (m *ServerList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ServerList.Marshal(b, m, deterministic)
-}
-func (dst *ServerList) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ServerList.Merge(dst, src)
-}
-func (m *ServerList) XXX_Size() int {
-	return xxx_messageInfo_ServerList.Size(m)
-}
-func (m *ServerList) XXX_DiscardUnknown() {
-	xxx_messageInfo_ServerList.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ServerList proto.InternalMessageInfo
-
-func (m *ServerList) GetServers() []*Server {
-	if m != nil {
-		return m.Servers
-	}
-	return nil
-}
-
-// Contains server information. When none of the [drop_for_*] fields are true,
-// use the other fields. When drop_for_rate_limiting is true, ignore all other
-// fields. Use drop_for_load_balancing only when it is true and
-// drop_for_rate_limiting is false.
-type Server struct {
-	// A resolved address for the server, serialized in network-byte-order. It may
-	// either be an IPv4 or IPv6 address.
-	IpAddress []byte `protobuf:"bytes,1,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"`
-	// A resolved port number for the server.
-	Port int32 `protobuf:"varint,2,opt,name=port" json:"port,omitempty"`
-	// An opaque but printable token given to the frontend for each pick. All
-	// frontend requests for that pick must include the token in its initial
-	// metadata. The token is used by the backend to verify the request and to
-	// allow the backend to report load to the gRPC LB system.
-	//
-	// Its length is variable but less than 50 bytes.
-	LoadBalanceToken string `protobuf:"bytes,3,opt,name=load_balance_token,json=loadBalanceToken" json:"load_balance_token,omitempty"`
-	// Indicates whether this particular request should be dropped by the client
-	// for rate limiting.
-	DropForRateLimiting bool `protobuf:"varint,4,opt,name=drop_for_rate_limiting,json=dropForRateLimiting" json:"drop_for_rate_limiting,omitempty"`
-	// Indicates whether this particular request should be dropped by the client
-	// for load balancing.
-	DropForLoadBalancing bool     `protobuf:"varint,5,opt,name=drop_for_load_balancing,json=dropForLoadBalancing" json:"drop_for_load_balancing,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Server) Reset()         { *m = Server{} }
-func (m *Server) String() string { return proto.CompactTextString(m) }
-func (*Server) ProtoMessage()    {}
-func (*Server) Descriptor() ([]byte, []int) {
-	return fileDescriptor_messages_b81c731f0e83edbd, []int{8}
-}
-func (m *Server) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Server.Unmarshal(m, b)
-}
-func (m *Server) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Server.Marshal(b, m, deterministic)
-}
-func (dst *Server) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Server.Merge(dst, src)
-}
-func (m *Server) XXX_Size() int {
-	return xxx_messageInfo_Server.Size(m)
-}
-func (m *Server) XXX_DiscardUnknown() {
-	xxx_messageInfo_Server.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Server proto.InternalMessageInfo
-
-func (m *Server) GetIpAddress() []byte {
-	if m != nil {
-		return m.IpAddress
-	}
-	return nil
-}
-
-func (m *Server) GetPort() int32 {
-	if m != nil {
-		return m.Port
-	}
-	return 0
-}
-
-func (m *Server) GetLoadBalanceToken() string {
-	if m != nil {
-		return m.LoadBalanceToken
-	}
-	return ""
-}
-
-func (m *Server) GetDropForRateLimiting() bool {
-	if m != nil {
-		return m.DropForRateLimiting
-	}
-	return false
-}
-
-func (m *Server) GetDropForLoadBalancing() bool {
-	if m != nil {
-		return m.DropForLoadBalancing
-	}
-	return false
-}
-
-func init() {
-	proto.RegisterType((*Duration)(nil), "grpc.lb.v1.Duration")
-	proto.RegisterType((*Timestamp)(nil), "grpc.lb.v1.Timestamp")
-	proto.RegisterType((*LoadBalanceRequest)(nil), "grpc.lb.v1.LoadBalanceRequest")
-	proto.RegisterType((*InitialLoadBalanceRequest)(nil), "grpc.lb.v1.InitialLoadBalanceRequest")
-	proto.RegisterType((*ClientStats)(nil), "grpc.lb.v1.ClientStats")
-	proto.RegisterType((*LoadBalanceResponse)(nil), "grpc.lb.v1.LoadBalanceResponse")
-	proto.RegisterType((*InitialLoadBalanceResponse)(nil), "grpc.lb.v1.InitialLoadBalanceResponse")
-	proto.RegisterType((*ServerList)(nil), "grpc.lb.v1.ServerList")
-	proto.RegisterType((*Server)(nil), "grpc.lb.v1.Server")
-}
-
-func init() {
-	proto.RegisterFile("grpc_lb_v1/messages/messages.proto", fileDescriptor_messages_b81c731f0e83edbd)
-}
-
-var fileDescriptor_messages_b81c731f0e83edbd = []byte{
-	// 731 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x55, 0xdd, 0x4e, 0x1b, 0x39,
-	0x14, 0x26, 0x9b, 0x00, 0xc9, 0x09, 0x5a, 0xb2, 0x26, 0x0b, 0x81, 0x05, 0x89, 0x1d, 0x69, 0xd9,
-	0x68, 0xc5, 0x4e, 0x04, 0xd9, 0xbd, 0xe8, 0xcf, 0x45, 0x1b, 0x10, 0x0a, 0x2d, 0x17, 0x95, 0x43,
-	0x55, 0xa9, 0x52, 0x65, 0x39, 0x19, 0x33, 0x58, 0x38, 0xf6, 0xd4, 0x76, 0x82, 0xfa, 0x08, 0x7d,
-	0x94, 0x3e, 0x46, 0xd5, 0x67, 0xe8, 0xfb, 0x54, 0xe3, 0x99, 0xc9, 0x0c, 0x10, 0x40, 0xbd, 0x89,
-	0xec, 0xe3, 0xef, 0x7c, 0xdf, 0xf1, 0x89, 0xbf, 0x33, 0xe0, 0x85, 0x3a, 0x1a, 0x11, 0x31, 0x24,
-	0xd3, 0x83, 0xce, 0x98, 0x19, 0x43, 0x43, 0x66, 0x66, 0x0b, 0x3f, 0xd2, 0xca, 0x2a, 0x04, 0x31,
-	0xc6, 0x17, 0x43, 0x7f, 0x7a, 0xe0, 0x3d, 0x85, 0xea, 0xf1, 0x44, 0x53, 0xcb, 0x95, 0x44, 0x2d,
-	0x58, 0x36, 0x6c, 0xa4, 0x64, 0x60, 0x5a, 0xa5, 0xdd, 0x52, 0xbb, 0x8c, 0xb3, 0x2d, 0x6a, 0xc2,
-	0xa2, 0xa4, 0x52, 0x99, 0xd6, 0x2f, 0xbb, 0xa5, 0xf6, 0x22, 0x4e, 0x36, 0xde, 0x33, 0xa8, 0x9d,
-	0xf3, 0x31, 0x33, 0x96, 0x8e, 0xa3, 0x9f, 0x4e, 0xfe, 0x5a, 0x02, 0x74, 0xa6, 0x68, 0xd0, 0xa3,
-	0x82, 0xca, 0x11, 0xc3, 0xec, 0xe3, 0x84, 0x19, 0x8b, 0xde, 0xc0, 0x2a, 0x97, 0xdc, 0x72, 0x2a,
-	0x88, 0x4e, 0x42, 0x8e, 0xae, 0x7e, 0xf8, 0x97, 0x9f, 0x57, 0xed, 0x9f, 0x26, 0x90, 0xbb, 0xf9,
-	0xfd, 0x05, 0xfc, 0x6b, 0x9a, 0x9f, 0x31, 0x3e, 0x87, 0x95, 0x91, 0xe0, 0x4c, 0x5a, 0x62, 0x2c,
-	0xb5, 0x49, 0x15, 0xf5, 0xc3, 0x8d, 0x22, 0xdd, 0x91, 0x3b, 0x1f, 0xc4, 0xc7, 0xfd, 0x05, 0x5c,
-	0x1f, 0xe5, 0xdb, 0xde, 0x1f, 0xb0, 0x29, 0x14, 0x0d, 0xc8, 0x30, 0x91, 0xc9, 0x8a, 0x22, 0xf6,
-	0x53, 0xc4, 0xbc, 0x0e, 0x6c, 0xde, 0x5b, 0x09, 0x42, 0x50, 0x91, 0x74, 0xcc, 0x5c, 0xf9, 0x35,
-	0xec, 0xd6, 0xde, 0xe7, 0x0a, 0xd4, 0x0b, 0x62, 0xa8, 0x0b, 0x35, 0x9b, 0x75, 0x30, 0xbd, 0xe7,
-	0xef, 0xc5, 0xc2, 0x66, 0xed, 0xc5, 0x39, 0x0e, 0xfd, 0x03, 0xbf, 0xc9, 0xc9, 0x98, 0x8c, 0xa8,
-	0x10, 0x26, 0xbe, 0x93, 0xb6, 0x2c, 0x70, 0xb7, 0x2a, 0xe3, 0x55, 0x39, 0x19, 0x1f, 0xc5, 0xf1,
-	0x41, 0x12, 0x46, 0xfb, 0x80, 0x72, 0xec, 0x05, 0x97, 0xdc, 0x5c, 0xb2, 0xa0, 0x55, 0x76, 0xe0,
-	0x46, 0x06, 0x3e, 0x49, 0xe3, 0x88, 0x80, 0x7f, 0x17, 0x4d, 0xae, 0xb9, 0xbd, 0x24, 0x81, 0x56,
-	0x11, 0xb9, 0x50, 0x9a, 0x68, 0x6a, 0x19, 0x11, 0x7c, 0xcc, 0x2d, 0x97, 0x61, 0xab, 0xe2, 0x98,
-	0xfe, 0xbe, 0xcd, 0xf4, 0x8e, 0xdb, 0xcb, 0x63, 0xad, 0xa2, 0x13, 0xa5, 0x31, 0xb5, 0xec, 0x2c,
-	0x85, 0x23, 0x0a, 0x9d, 0x47, 0x05, 0x0a, 0xed, 0x8e, 0x15, 0x16, 0x9d, 0x42, 0xfb, 0x01, 0x85,
-	0xbc, 0xf7, 0xb1, 0xc4, 0x07, 0xf8, 0xf7, 0x3e, 0x89, 0xf4, 0x19, 0x5c, 0x50, 0x2e, 0x58, 0x40,
-	0xac, 0x22, 0x86, 0xc9, 0xa0, 0xb5, 0xe4, 0x04, 0xf6, 0xe6, 0x09, 0x24, 0x7f, 0xd5, 0x89, 0xc3,
-	0x9f, 0xab, 0x01, 0x93, 0x01, 0xea, 0xc3, 0x9f, 0x73, 0xe8, 0xaf, 0xa4, 0xba, 0x96, 0x44, 0xb3,
-	0x11, 0xe3, 0x53, 0x16, 0xb4, 0x96, 0x1d, 0xe5, 0xce, 0x6d, 0xca, 0xd7, 0x31, 0x0a, 0xa7, 0x20,
-	0xef, 0x5b, 0x09, 0xd6, 0x6e, 0x3c, 0x1b, 0x13, 0x29, 0x69, 0x18, 0x1a, 0x40, 0x23, 0x77, 0x40,
-	0x12, 0x4b, 0x9f, 0xc6, 0xde, 0x63, 0x16, 0x48, 0xd0, 0xfd, 0x05, 0xbc, 0x3a, 0xf3, 0x40, 0x4a,
-	0xfa, 0x04, 0xea, 0x86, 0xe9, 0x29, 0xd3, 0x44, 0x70, 0x63, 0x53, 0x0f, 0xac, 0x17, 0xf9, 0x06,
-	0xee, 0xf8, 0x8c, 0x3b, 0x0f, 0x81, 0x99, 0xed, 0x7a, 0xdb, 0xb0, 0x75, 0xcb, 0x01, 0x09, 0x67,
-	0x62, 0x81, 0x2f, 0x25, 0xd8, 0xba, 0xbf, 0x14, 0xf4, 0x1f, 0xac, 0x17, 0x93, 0x35, 0x09, 0x98,
-	0x60, 0x21, 0xb5, 0x99, 0x2d, 0x9a, 0x22, 0x4f, 0xd2, 0xc7, 0xe9, 0x19, 0x7a, 0x0b, 0xdb, 0x45,
-	0xcb, 0x12, 0xcd, 0x22, 0xa5, 0x2d, 0xe1, 0xd2, 0x32, 0x3d, 0xa5, 0x22, 0x2d, 0xbf, 0x59, 0x2c,
-	0x3f, 0x1b, 0x62, 0x78, 0xb3, 0xe0, 0x5e, 0xec, 0xf2, 0x4e, 0xd3, 0x34, 0xef, 0x05, 0x40, 0x7e,
-	0x4b, 0xb4, 0x1f, 0x0f, 0xac, 0x78, 0x17, 0x0f, 0xac, 0x72, 0xbb, 0x7e, 0x88, 0xee, 0xb6, 0x03,
-	0x67, 0x90, 0x57, 0x95, 0x6a, 0xb9, 0x51, 0xf1, 0xbe, 0x97, 0x60, 0x29, 0x39, 0x41, 0x3b, 0x00,
-	0x3c, 0x22, 0x34, 0x08, 0x34, 0x33, 0xc9, 0xc8, 0x5b, 0xc1, 0x35, 0x1e, 0xbd, 0x4c, 0x02, 0xb1,
-	0xfb, 0x63, 0xed, 0x74, 0xe6, 0xb9, 0x75, 0x6c, 0xc6, 0x1b, 0x9d, 0xb4, 0xea, 0x8a, 0x49, 0x67,
-	0xc6, 0x1a, 0x6e, 0x14, 0x1a, 0x71, 0x1e, 0xc7, 0x51, 0x17, 0xd6, 0x1f, 0x30, 0x5d, 0x15, 0xaf,
-	0x05, 0x73, 0x0c, 0xf6, 0x3f, 0x6c, 0x3c, 0x64, 0xa4, 0x2a, 0x6e, 0x06, 0x73, 0x4c, 0xd3, 0xeb,
-	0xbe, 0x3f, 0x08, 0x95, 0x0a, 0x05, 0xf3, 0x43, 0x25, 0xa8, 0x0c, 0x7d, 0xa5, 0xc3, 0x4e, 0xdc,
-	0x0d, 0xf7, 0x23, 0x86, 0x9d, 0x39, 0x5f, 0x95, 0xe1, 0x92, 0xfb, 0x9a, 0x74, 0x7f, 0x04, 0x00,
-	0x00, 0xff, 0xff, 0x8e, 0xd0, 0x70, 0xb7, 0x73, 0x06, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/messages/messages.proto b/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/messages/messages.proto
deleted file mode 100644
index 42d99c109fe67..0000000000000
--- a/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/messages/messages.proto
+++ /dev/null
@@ -1,155 +0,0 @@
-// Copyright 2016 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package grpc.lb.v1;
-option go_package = "google.golang.org/grpc/grpclb/grpc_lb_v1/messages";
-
-message Duration {
-  // Signed seconds of the span of time. Must be from -315,576,000,000
-  // to +315,576,000,000 inclusive.
-  int64 seconds = 1;
-
-  // Signed fractions of a second at nanosecond resolution of the span
-  // of time. Durations less than one second are represented with a 0
-  // `seconds` field and a positive or negative `nanos` field. For durations
-  // of one second or more, a non-zero value for the `nanos` field must be
-  // of the same sign as the `seconds` field. Must be from -999,999,999
-  // to +999,999,999 inclusive.
-  int32 nanos = 2;
-}
-
-message Timestamp {
-  // Represents seconds of UTC time since Unix epoch
-  // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
-  // 9999-12-31T23:59:59Z inclusive.
-  int64 seconds = 1;
-
-  // Non-negative fractions of a second at nanosecond resolution. Negative
-  // second values with fractions must still have non-negative nanos values
-  // that count forward in time. Must be from 0 to 999,999,999
-  // inclusive.
-  int32 nanos = 2;
-}
-
-message LoadBalanceRequest {
-  oneof load_balance_request_type {
-    // This message should be sent on the first request to the load balancer.
-    InitialLoadBalanceRequest initial_request = 1;
-
-    // The client stats should be periodically reported to the load balancer
-    // based on the duration defined in the InitialLoadBalanceResponse.
-    ClientStats client_stats = 2;
-  }
-}
-
-message InitialLoadBalanceRequest {
-  // Name of load balanced service (IE, balancer.service.com)
-  // length should be less than 256 bytes.
-  string name = 1;
-}
-
-// Contains client level statistics that are useful to load balancing. Each
-// count except the timestamp should be reset to zero after reporting the stats.
-message ClientStats {
-  // The timestamp of generating the report.
-  Timestamp timestamp = 1;
-
-  // The total number of RPCs that started.
-  int64 num_calls_started = 2;
-
-  // The total number of RPCs that finished.
-  int64 num_calls_finished = 3;
-
-  // The total number of RPCs that were dropped by the client because of rate
-  // limiting.
-  int64 num_calls_finished_with_drop_for_rate_limiting = 4;
-
-  // The total number of RPCs that were dropped by the client because of load
-  // balancing.
-  int64 num_calls_finished_with_drop_for_load_balancing = 5;
-
-  // The total number of RPCs that failed to reach a server except dropped RPCs.
-  int64 num_calls_finished_with_client_failed_to_send = 6;
-
-  // The total number of RPCs that finished and are known to have been received
-  // by a server.
-  int64 num_calls_finished_known_received = 7;
-}
-
-message LoadBalanceResponse {
-  oneof load_balance_response_type {
-    // This message should be sent on the first response to the client.
-    InitialLoadBalanceResponse initial_response = 1;
-
-    // Contains the list of servers selected by the load balancer. The client
-    // should send requests to these servers in the specified order.
-    ServerList server_list = 2;
-  }
-}
-
-message InitialLoadBalanceResponse {
-  // This is an application layer redirect that indicates the client should use
-  // the specified server for load balancing. When this field is non-empty in
-  // the response, the client should open a separate connection to the
-  // load_balancer_delegate and call the BalanceLoad method. Its length should
-  // be less than 64 bytes.
-  string load_balancer_delegate = 1;
-
-  // This interval defines how often the client should send the client stats
-  // to the load balancer. Stats should only be reported when the duration is
-  // positive.
-  Duration client_stats_report_interval = 2;
-}
-
-message ServerList {
-  // Contains a list of servers selected by the load balancer. The list will
-  // be updated when server resolutions change or as needed to balance load
-  // across more servers. The client should consume the server list in order
-  // unless instructed otherwise via the client_config.
-  repeated Server servers = 1;
-
-  // Was google.protobuf.Duration expiration_interval.
-  reserved 3;
-}
-
-// Contains server information. When none of the [drop_for_*] fields are true,
-// use the other fields. When drop_for_rate_limiting is true, ignore all other
-// fields. Use drop_for_load_balancing only when it is true and
-// drop_for_rate_limiting is false.
-message Server {
-  // A resolved address for the server, serialized in network-byte-order. It may
-  // either be an IPv4 or IPv6 address.
-  bytes ip_address = 1;
-
-  // A resolved port number for the server.
-  int32 port = 2;
-
-  // An opaque but printable token given to the frontend for each pick. All
-  // frontend requests for that pick must include the token in its initial
-  // metadata. The token is used by the backend to verify the request and to
-  // allow the backend to report load to the gRPC LB system.
-  //
-  // Its length is variable but less than 50 bytes.
-  string load_balance_token = 3;
-
-  // Indicates whether this particular request should be dropped by the client
-  // for rate limiting.
-  bool drop_for_rate_limiting = 4;
-
-  // Indicates whether this particular request should be dropped by the client
-  // for load balancing.
-  bool drop_for_load_balancing = 5;
-}
diff --git a/vendor/google.golang.org/grpc/grpclb_picker.go b/vendor/google.golang.org/grpc/grpclb_picker.go
deleted file mode 100644
index 872c7ccea0e81..0000000000000
--- a/vendor/google.golang.org/grpc/grpclb_picker.go
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpc
-
-import (
-	"sync"
-	"sync/atomic"
-
-	"golang.org/x/net/context"
-	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/codes"
-	lbpb "google.golang.org/grpc/grpclb/grpc_lb_v1/messages"
-	"google.golang.org/grpc/status"
-)
-
-type rpcStats struct {
-	NumCallsStarted                          int64
-	NumCallsFinished                         int64
-	NumCallsFinishedWithDropForRateLimiting  int64
-	NumCallsFinishedWithDropForLoadBalancing int64
-	NumCallsFinishedWithClientFailedToSend   int64
-	NumCallsFinishedKnownReceived            int64
-}
-
-// toClientStats converts rpcStats to lbpb.ClientStats, and clears rpcStats.
-func (s *rpcStats) toClientStats() *lbpb.ClientStats {
-	stats := &lbpb.ClientStats{
-		NumCallsStarted:                          atomic.SwapInt64(&s.NumCallsStarted, 0),
-		NumCallsFinished:                         atomic.SwapInt64(&s.NumCallsFinished, 0),
-		NumCallsFinishedWithDropForRateLimiting:  atomic.SwapInt64(&s.NumCallsFinishedWithDropForRateLimiting, 0),
-		NumCallsFinishedWithDropForLoadBalancing: atomic.SwapInt64(&s.NumCallsFinishedWithDropForLoadBalancing, 0),
-		NumCallsFinishedWithClientFailedToSend:   atomic.SwapInt64(&s.NumCallsFinishedWithClientFailedToSend, 0),
-		NumCallsFinishedKnownReceived:            atomic.SwapInt64(&s.NumCallsFinishedKnownReceived, 0),
-	}
-	return stats
-}
-
-func (s *rpcStats) dropForRateLimiting() {
-	atomic.AddInt64(&s.NumCallsStarted, 1)
-	atomic.AddInt64(&s.NumCallsFinishedWithDropForRateLimiting, 1)
-	atomic.AddInt64(&s.NumCallsFinished, 1)
-}
-
-func (s *rpcStats) dropForLoadBalancing() {
-	atomic.AddInt64(&s.NumCallsStarted, 1)
-	atomic.AddInt64(&s.NumCallsFinishedWithDropForLoadBalancing, 1)
-	atomic.AddInt64(&s.NumCallsFinished, 1)
-}
-
-func (s *rpcStats) failedToSend() {
-	atomic.AddInt64(&s.NumCallsStarted, 1)
-	atomic.AddInt64(&s.NumCallsFinishedWithClientFailedToSend, 1)
-	atomic.AddInt64(&s.NumCallsFinished, 1)
-}
-
-func (s *rpcStats) knownReceived() {
-	atomic.AddInt64(&s.NumCallsStarted, 1)
-	atomic.AddInt64(&s.NumCallsFinishedKnownReceived, 1)
-	atomic.AddInt64(&s.NumCallsFinished, 1)
-}
-
-type errPicker struct {
-	// Pick always returns this err.
-	err error
-}
-
-func (p *errPicker) Pick(ctx context.Context, opts balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) {
-	return nil, nil, p.err
-}
-
-// rrPicker does roundrobin on subConns. It's typically used when there's no
-// response from remote balancer, and grpclb falls back to the resolved
-// backends.
-//
-// It guaranteed that len(subConns) > 0.
-type rrPicker struct {
-	mu           sync.Mutex
-	subConns     []balancer.SubConn // The subConns that were READY when taking the snapshot.
-	subConnsNext int
-}
-
-func (p *rrPicker) Pick(ctx context.Context, opts balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-	sc := p.subConns[p.subConnsNext]
-	p.subConnsNext = (p.subConnsNext + 1) % len(p.subConns)
-	return sc, nil, nil
-}
-
-// lbPicker does two layers of picks:
-//
-// First layer: roundrobin on all servers in serverList, including drops and backends.
-// - If it picks a drop, the RPC will fail as being dropped.
-// - If it picks a backend, do a second layer pick to pick the real backend.
-//
-// Second layer: roundrobin on all READY backends.
-//
-// It's guaranteed that len(serverList) > 0.
-type lbPicker struct {
-	mu             sync.Mutex
-	serverList     []*lbpb.Server
-	serverListNext int
-	subConns       []balancer.SubConn // The subConns that were READY when taking the snapshot.
-	subConnsNext   int
-
-	stats *rpcStats
-}
-
-func (p *lbPicker) Pick(ctx context.Context, opts balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-
-	// Layer one roundrobin on serverList.
-	s := p.serverList[p.serverListNext]
-	p.serverListNext = (p.serverListNext + 1) % len(p.serverList)
-
-	// If it's a drop, return an error and fail the RPC.
-	if s.DropForRateLimiting {
-		p.stats.dropForRateLimiting()
-		return nil, nil, status.Errorf(codes.Unavailable, "request dropped by grpclb")
-	}
-	if s.DropForLoadBalancing {
-		p.stats.dropForLoadBalancing()
-		return nil, nil, status.Errorf(codes.Unavailable, "request dropped by grpclb")
-	}
-
-	// If not a drop but there's no ready subConns.
-	if len(p.subConns) <= 0 {
-		return nil, nil, balancer.ErrNoSubConnAvailable
-	}
-
-	// Return the next ready subConn in the list, also collect rpc stats.
-	sc := p.subConns[p.subConnsNext]
-	p.subConnsNext = (p.subConnsNext + 1) % len(p.subConns)
-	done := func(info balancer.DoneInfo) {
-		if !info.BytesSent {
-			p.stats.failedToSend()
-		} else if info.BytesReceived {
-			p.stats.knownReceived()
-		}
-	}
-	return sc, done, nil
-}
diff --git a/vendor/google.golang.org/grpc/grpclb_remote_balancer.go b/vendor/google.golang.org/grpc/grpclb_remote_balancer.go
deleted file mode 100644
index b8dd4f18ce52e..0000000000000
--- a/vendor/google.golang.org/grpc/grpclb_remote_balancer.go
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpc
-
-import (
-	"fmt"
-	"net"
-	"reflect"
-	"time"
-
-	"golang.org/x/net/context"
-	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/channelz"
-
-	"google.golang.org/grpc/connectivity"
-	lbpb "google.golang.org/grpc/grpclb/grpc_lb_v1/messages"
-	"google.golang.org/grpc/grpclog"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/resolver"
-)
-
-// processServerList updates balaner's internal state, create/remove SubConns
-// and regenerates picker using the received serverList.
-func (lb *lbBalancer) processServerList(l *lbpb.ServerList) {
-	grpclog.Infof("lbBalancer: processing server list: %+v", l)
-	lb.mu.Lock()
-	defer lb.mu.Unlock()
-
-	// Set serverListReceived to true so fallback will not take effect if it has
-	// not hit timeout.
-	lb.serverListReceived = true
-
-	// If the new server list == old server list, do nothing.
-	if reflect.DeepEqual(lb.fullServerList, l.Servers) {
-		grpclog.Infof("lbBalancer: new serverlist same as the previous one, ignoring")
-		return
-	}
-	lb.fullServerList = l.Servers
-
-	var backendAddrs []resolver.Address
-	for _, s := range l.Servers {
-		if s.DropForLoadBalancing || s.DropForRateLimiting {
-			continue
-		}
-
-		md := metadata.Pairs(lbTokeyKey, s.LoadBalanceToken)
-		ip := net.IP(s.IpAddress)
-		ipStr := ip.String()
-		if ip.To4() == nil {
-			// Add square brackets to ipv6 addresses, otherwise net.Dial() and
-			// net.SplitHostPort() will return too many colons error.
-			ipStr = fmt.Sprintf("[%s]", ipStr)
-		}
-		addr := resolver.Address{
-			Addr:     fmt.Sprintf("%s:%d", ipStr, s.Port),
-			Metadata: &md,
-		}
-
-		backendAddrs = append(backendAddrs, addr)
-	}
-
-	// Call refreshSubConns to create/remove SubConns.
-	lb.refreshSubConns(backendAddrs)
-	// Regenerate and update picker no matter if there's update on backends (if
-	// any SubConn will be newed/removed). Because since the full serverList was
-	// different, there might be updates in drops or pick weights(different
-	// number of duplicates). We need to update picker with the fulllist.
-	//
-	// Now with cache, even if SubConn was newed/removed, there might be no
-	// state changes.
-	lb.regeneratePicker()
-	lb.cc.UpdateBalancerState(lb.state, lb.picker)
-}
-
-// refreshSubConns creates/removes SubConns with backendAddrs. It returns a bool
-// indicating whether the backendAddrs are different from the cached
-// backendAddrs (whether any SubConn was newed/removed).
-// Caller must hold lb.mu.
-func (lb *lbBalancer) refreshSubConns(backendAddrs []resolver.Address) bool {
-	lb.backendAddrs = nil
-	var backendsUpdated bool
-	// addrsSet is the set converted from backendAddrs, it's used to quick
-	// lookup for an address.
-	addrsSet := make(map[resolver.Address]struct{})
-	// Create new SubConns.
-	for _, addr := range backendAddrs {
-		addrWithoutMD := addr
-		addrWithoutMD.Metadata = nil
-		addrsSet[addrWithoutMD] = struct{}{}
-		lb.backendAddrs = append(lb.backendAddrs, addrWithoutMD)
-
-		if _, ok := lb.subConns[addrWithoutMD]; !ok {
-			backendsUpdated = true
-
-			// Use addrWithMD to create the SubConn.
-			sc, err := lb.cc.NewSubConn([]resolver.Address{addr}, balancer.NewSubConnOptions{})
-			if err != nil {
-				grpclog.Warningf("roundrobinBalancer: failed to create new SubConn: %v", err)
-				continue
-			}
-			lb.subConns[addrWithoutMD] = sc // Use the addr without MD as key for the map.
-			if _, ok := lb.scStates[sc]; !ok {
-				// Only set state of new sc to IDLE. The state could already be
-				// READY for cached SubConns.
-				lb.scStates[sc] = connectivity.Idle
-			}
-			sc.Connect()
-		}
-	}
-
-	for a, sc := range lb.subConns {
-		// a was removed by resolver.
-		if _, ok := addrsSet[a]; !ok {
-			backendsUpdated = true
-
-			lb.cc.RemoveSubConn(sc)
-			delete(lb.subConns, a)
-			// Keep the state of this sc in b.scStates until sc's state becomes Shutdown.
-			// The entry will be deleted in HandleSubConnStateChange.
-		}
-	}
-
-	return backendsUpdated
-}
-
-func (lb *lbBalancer) readServerList(s *balanceLoadClientStream) error {
-	for {
-		reply, err := s.Recv()
-		if err != nil {
-			return fmt.Errorf("grpclb: failed to recv server list: %v", err)
-		}
-		if serverList := reply.GetServerList(); serverList != nil {
-			lb.processServerList(serverList)
-		}
-	}
-}
-
-func (lb *lbBalancer) sendLoadReport(s *balanceLoadClientStream, interval time.Duration) {
-	ticker := time.NewTicker(interval)
-	defer ticker.Stop()
-	for {
-		select {
-		case <-ticker.C:
-		case <-s.Context().Done():
-			return
-		}
-		stats := lb.clientStats.toClientStats()
-		t := time.Now()
-		stats.Timestamp = &lbpb.Timestamp{
-			Seconds: t.Unix(),
-			Nanos:   int32(t.Nanosecond()),
-		}
-		if err := s.Send(&lbpb.LoadBalanceRequest{
-			LoadBalanceRequestType: &lbpb.LoadBalanceRequest_ClientStats{
-				ClientStats: stats,
-			},
-		}); err != nil {
-			return
-		}
-	}
-}
-
-func (lb *lbBalancer) callRemoteBalancer() error {
-	lbClient := &loadBalancerClient{cc: lb.ccRemoteLB}
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-	stream, err := lbClient.BalanceLoad(ctx, FailFast(false))
-	if err != nil {
-		return fmt.Errorf("grpclb: failed to perform RPC to the remote balancer %v", err)
-	}
-
-	// grpclb handshake on the stream.
-	initReq := &lbpb.LoadBalanceRequest{
-		LoadBalanceRequestType: &lbpb.LoadBalanceRequest_InitialRequest{
-			InitialRequest: &lbpb.InitialLoadBalanceRequest{
-				Name: lb.target,
-			},
-		},
-	}
-	if err := stream.Send(initReq); err != nil {
-		return fmt.Errorf("grpclb: failed to send init request: %v", err)
-	}
-	reply, err := stream.Recv()
-	if err != nil {
-		return fmt.Errorf("grpclb: failed to recv init response: %v", err)
-	}
-	initResp := reply.GetInitialResponse()
-	if initResp == nil {
-		return fmt.Errorf("grpclb: reply from remote balancer did not include initial response")
-	}
-	if initResp.LoadBalancerDelegate != "" {
-		return fmt.Errorf("grpclb: Delegation is not supported")
-	}
-
-	go func() {
-		if d := convertDuration(initResp.ClientStatsReportInterval); d > 0 {
-			lb.sendLoadReport(stream, d)
-		}
-	}()
-	return lb.readServerList(stream)
-}
-
-func (lb *lbBalancer) watchRemoteBalancer() {
-	for {
-		err := lb.callRemoteBalancer()
-		select {
-		case <-lb.doneCh:
-			return
-		default:
-			if err != nil {
-				grpclog.Error(err)
-			}
-		}
-
-	}
-}
-
-func (lb *lbBalancer) dialRemoteLB(remoteLBName string) {
-	var dopts []DialOption
-	if creds := lb.opt.DialCreds; creds != nil {
-		if err := creds.OverrideServerName(remoteLBName); err == nil {
-			dopts = append(dopts, WithTransportCredentials(creds))
-		} else {
-			grpclog.Warningf("grpclb: failed to override the server name in the credentials: %v, using Insecure", err)
-			dopts = append(dopts, WithInsecure())
-		}
-	} else {
-		dopts = append(dopts, WithInsecure())
-	}
-	if lb.opt.Dialer != nil {
-		// WithDialer takes a different type of function, so we instead use a
-		// special DialOption here.
-		dopts = append(dopts, withContextDialer(lb.opt.Dialer))
-	}
-	// Explicitly set pickfirst as the balancer.
-	dopts = append(dopts, WithBalancerName(PickFirstBalancerName))
-	dopts = append(dopts, withResolverBuilder(lb.manualResolver))
-	if channelz.IsOn() {
-		dopts = append(dopts, WithChannelzParentID(lb.opt.ChannelzParentID))
-	}
-
-	// DialContext using manualResolver.Scheme, which is a random scheme generated
-	// when init grpclb. The target name is not important.
-	cc, err := DialContext(context.Background(), "grpclb:///grpclb.server", dopts...)
-	if err != nil {
-		grpclog.Fatalf("failed to dial: %v", err)
-	}
-	lb.ccRemoteLB = cc
-	go lb.watchRemoteBalancer()
-}
diff --git a/vendor/google.golang.org/grpc/grpclog/grpclog.go b/vendor/google.golang.org/grpc/grpclog/grpclog.go
index 1fabb11e1bab1..874ea6d98a603 100644
--- a/vendor/google.golang.org/grpc/grpclog/grpclog.go
+++ b/vendor/google.golang.org/grpc/grpclog/grpclog.go
@@ -18,7 +18,7 @@
 
 // Package grpclog defines logging for grpc.
 //
-// All logs in transport package only go to verbose level 2.
+// All logs in transport and grpclb packages only go to verbose level 2.
 // All logs in other packages in grpc are logged in spite of the verbosity level.
 //
 // In the default logger,
@@ -89,7 +89,7 @@ func Fatal(args ...interface{}) {
 }
 
 // Fatalf logs to the FATAL log. Arguments are handled in the manner of fmt.Printf.
-// It calles os.Exit() with exit code 1.
+// It calls os.Exit() with exit code 1.
 func Fatalf(format string, args ...interface{}) {
 	logger.Fatalf(format, args...)
 	// Make sure fatal logs will exit.
diff --git a/vendor/google.golang.org/grpc/health/client.go b/vendor/google.golang.org/grpc/health/client.go
new file mode 100644
index 0000000000000..b5bee48380240
--- /dev/null
+++ b/vendor/google.golang.org/grpc/health/client.go
@@ -0,0 +1,117 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package health
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"time"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/connectivity"
+	healthpb "google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/internal/backoff"
+	"google.golang.org/grpc/status"
+)
+
+var (
+	backoffStrategy = backoff.DefaultExponential
+	backoffFunc     = func(ctx context.Context, retries int) bool {
+		d := backoffStrategy.Backoff(retries)
+		timer := time.NewTimer(d)
+		select {
+		case <-timer.C:
+			return true
+		case <-ctx.Done():
+			timer.Stop()
+			return false
+		}
+	}
+)
+
+func init() {
+	internal.HealthCheckFunc = clientHealthCheck
+}
+
+const healthCheckMethod = "/grpc.health.v1.Health/Watch"
+
+// This function implements the protocol defined at:
+// https://github.com/grpc/grpc/blob/master/doc/health-checking.md
+func clientHealthCheck(ctx context.Context, newStream func(string) (interface{}, error), setConnectivityState func(connectivity.State, error), service string) error {
+	tryCnt := 0
+
+retryConnection:
+	for {
+		// Backs off if the connection has failed in some way without receiving a message in the previous retry.
+		if tryCnt > 0 && !backoffFunc(ctx, tryCnt-1) {
+			return nil
+		}
+		tryCnt++
+
+		if ctx.Err() != nil {
+			return nil
+		}
+		setConnectivityState(connectivity.Connecting, nil)
+		rawS, err := newStream(healthCheckMethod)
+		if err != nil {
+			continue retryConnection
+		}
+
+		s, ok := rawS.(grpc.ClientStream)
+		// Ideally, this should never happen. But if it happens, the server is marked as healthy for LBing purposes.
+		if !ok {
+			setConnectivityState(connectivity.Ready, nil)
+			return fmt.Errorf("newStream returned %v (type %T); want grpc.ClientStream", rawS, rawS)
+		}
+
+		if err = s.SendMsg(&healthpb.HealthCheckRequest{Service: service}); err != nil && err != io.EOF {
+			// Stream should have been closed, so we can safely continue to create a new stream.
+			continue retryConnection
+		}
+		s.CloseSend()
+
+		resp := new(healthpb.HealthCheckResponse)
+		for {
+			err = s.RecvMsg(resp)
+
+			// Reports healthy for the LBing purposes if health check is not implemented in the server.
+			if status.Code(err) == codes.Unimplemented {
+				setConnectivityState(connectivity.Ready, nil)
+				return err
+			}
+
+			// Reports unhealthy if server's Watch method gives an error other than UNIMPLEMENTED.
+			if err != nil {
+				setConnectivityState(connectivity.TransientFailure, fmt.Errorf("connection active but received health check RPC error: %v", err))
+				continue retryConnection
+			}
+
+			// As a message has been received, removes the need for backoff for the next retry by resetting the try count.
+			tryCnt = 0
+			if resp.Status == healthpb.HealthCheckResponse_SERVING {
+				setConnectivityState(connectivity.Ready, nil)
+			} else {
+				setConnectivityState(connectivity.TransientFailure, fmt.Errorf("connection active but health check failed. status=%s", resp.Status))
+			}
+		}
+	}
+}
diff --git a/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go b/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
index e5906de7d43e5..c99e27ae5b628 100644
--- a/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
+++ b/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
@@ -1,15 +1,16 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
-// source: grpc_health_v1/health.proto
+// source: grpc/health/v1/health.proto
 
-package grpc_health_v1 // import "google.golang.org/grpc/health/grpc_health_v1"
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
+package grpc_health_v1
 
 import (
-	context "golang.org/x/net/context"
+	context "context"
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
 	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	math "math"
 )
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -21,36 +22,41 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 type HealthCheckResponse_ServingStatus int32
 
 const (
-	HealthCheckResponse_UNKNOWN     HealthCheckResponse_ServingStatus = 0
-	HealthCheckResponse_SERVING     HealthCheckResponse_ServingStatus = 1
-	HealthCheckResponse_NOT_SERVING HealthCheckResponse_ServingStatus = 2
+	HealthCheckResponse_UNKNOWN         HealthCheckResponse_ServingStatus = 0
+	HealthCheckResponse_SERVING         HealthCheckResponse_ServingStatus = 1
+	HealthCheckResponse_NOT_SERVING     HealthCheckResponse_ServingStatus = 2
+	HealthCheckResponse_SERVICE_UNKNOWN HealthCheckResponse_ServingStatus = 3
 )
 
 var HealthCheckResponse_ServingStatus_name = map[int32]string{
 	0: "UNKNOWN",
 	1: "SERVING",
 	2: "NOT_SERVING",
+	3: "SERVICE_UNKNOWN",
 }
+
 var HealthCheckResponse_ServingStatus_value = map[string]int32{
-	"UNKNOWN":     0,
-	"SERVING":     1,
-	"NOT_SERVING": 2,
+	"UNKNOWN":         0,
+	"SERVING":         1,
+	"NOT_SERVING":     2,
+	"SERVICE_UNKNOWN": 3,
 }
 
 func (x HealthCheckResponse_ServingStatus) String() string {
 	return proto.EnumName(HealthCheckResponse_ServingStatus_name, int32(x))
 }
+
 func (HealthCheckResponse_ServingStatus) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_health_8e5b8a3074428511, []int{1, 0}
+	return fileDescriptor_e265fd9d4e077217, []int{1, 0}
 }
 
 type HealthCheckRequest struct {
-	Service              string   `protobuf:"bytes,1,opt,name=service" json:"service,omitempty"`
+	Service              string   `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -60,16 +66,17 @@ func (m *HealthCheckRequest) Reset()         { *m = HealthCheckRequest{} }
 func (m *HealthCheckRequest) String() string { return proto.CompactTextString(m) }
 func (*HealthCheckRequest) ProtoMessage()    {}
 func (*HealthCheckRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_health_8e5b8a3074428511, []int{0}
+	return fileDescriptor_e265fd9d4e077217, []int{0}
 }
+
 func (m *HealthCheckRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_HealthCheckRequest.Unmarshal(m, b)
 }
 func (m *HealthCheckRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_HealthCheckRequest.Marshal(b, m, deterministic)
 }
-func (dst *HealthCheckRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_HealthCheckRequest.Merge(dst, src)
+func (m *HealthCheckRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HealthCheckRequest.Merge(m, src)
 }
 func (m *HealthCheckRequest) XXX_Size() int {
 	return xxx_messageInfo_HealthCheckRequest.Size(m)
@@ -88,7 +95,7 @@ func (m *HealthCheckRequest) GetService() string {
 }
 
 type HealthCheckResponse struct {
-	Status               HealthCheckResponse_ServingStatus `protobuf:"varint,1,opt,name=status,enum=grpc.health.v1.HealthCheckResponse_ServingStatus" json:"status,omitempty"`
+	Status               HealthCheckResponse_ServingStatus `protobuf:"varint,1,opt,name=status,proto3,enum=grpc.health.v1.HealthCheckResponse_ServingStatus" json:"status,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
 	XXX_unrecognized     []byte                            `json:"-"`
 	XXX_sizecache        int32                             `json:"-"`
@@ -98,16 +105,17 @@ func (m *HealthCheckResponse) Reset()         { *m = HealthCheckResponse{} }
 func (m *HealthCheckResponse) String() string { return proto.CompactTextString(m) }
 func (*HealthCheckResponse) ProtoMessage()    {}
 func (*HealthCheckResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_health_8e5b8a3074428511, []int{1}
+	return fileDescriptor_e265fd9d4e077217, []int{1}
 }
+
 func (m *HealthCheckResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_HealthCheckResponse.Unmarshal(m, b)
 }
 func (m *HealthCheckResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_HealthCheckResponse.Marshal(b, m, deterministic)
 }
-func (dst *HealthCheckResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_HealthCheckResponse.Merge(dst, src)
+func (m *HealthCheckResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HealthCheckResponse.Merge(m, src)
 }
 func (m *HealthCheckResponse) XXX_Size() int {
 	return xxx_messageInfo_HealthCheckResponse.Size(m)
@@ -126,9 +134,34 @@ func (m *HealthCheckResponse) GetStatus() HealthCheckResponse_ServingStatus {
 }
 
 func init() {
+	proto.RegisterEnum("grpc.health.v1.HealthCheckResponse_ServingStatus", HealthCheckResponse_ServingStatus_name, HealthCheckResponse_ServingStatus_value)
 	proto.RegisterType((*HealthCheckRequest)(nil), "grpc.health.v1.HealthCheckRequest")
 	proto.RegisterType((*HealthCheckResponse)(nil), "grpc.health.v1.HealthCheckResponse")
-	proto.RegisterEnum("grpc.health.v1.HealthCheckResponse_ServingStatus", HealthCheckResponse_ServingStatus_name, HealthCheckResponse_ServingStatus_value)
+}
+
+func init() { proto.RegisterFile("grpc/health/v1/health.proto", fileDescriptor_e265fd9d4e077217) }
+
+var fileDescriptor_e265fd9d4e077217 = []byte{
+	// 297 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4e, 0x2f, 0x2a, 0x48,
+	0xd6, 0xcf, 0x48, 0x4d, 0xcc, 0x29, 0xc9, 0xd0, 0x2f, 0x33, 0x84, 0xb2, 0xf4, 0x0a, 0x8a, 0xf2,
+	0x4b, 0xf2, 0x85, 0xf8, 0x40, 0x92, 0x7a, 0x50, 0xa1, 0x32, 0x43, 0x25, 0x3d, 0x2e, 0x21, 0x0f,
+	0x30, 0xc7, 0x39, 0x23, 0x35, 0x39, 0x3b, 0x28, 0xb5, 0xb0, 0x34, 0xb5, 0xb8, 0x44, 0x48, 0x82,
+	0x8b, 0xbd, 0x38, 0xb5, 0xa8, 0x2c, 0x33, 0x39, 0x55, 0x82, 0x51, 0x81, 0x51, 0x83, 0x33, 0x08,
+	0xc6, 0x55, 0xda, 0xc8, 0xc8, 0x25, 0x8c, 0xa2, 0xa1, 0xb8, 0x20, 0x3f, 0xaf, 0x38, 0x55, 0xc8,
+	0x93, 0x8b, 0xad, 0xb8, 0x24, 0xb1, 0xa4, 0xb4, 0x18, 0xac, 0x81, 0xcf, 0xc8, 0x50, 0x0f, 0xd5,
+	0x22, 0x3d, 0x2c, 0x9a, 0xf4, 0x82, 0x41, 0x86, 0xe6, 0xa5, 0x07, 0x83, 0x35, 0x06, 0x41, 0x0d,
+	0x50, 0xf2, 0xe7, 0xe2, 0x45, 0x91, 0x10, 0xe2, 0xe6, 0x62, 0x0f, 0xf5, 0xf3, 0xf6, 0xf3, 0x0f,
+	0xf7, 0x13, 0x60, 0x00, 0x71, 0x82, 0x5d, 0x83, 0xc2, 0x3c, 0xfd, 0xdc, 0x05, 0x18, 0x85, 0xf8,
+	0xb9, 0xb8, 0xfd, 0xfc, 0x43, 0xe2, 0x61, 0x02, 0x4c, 0x42, 0xc2, 0x5c, 0xfc, 0x60, 0x8e, 0xb3,
+	0x6b, 0x3c, 0x4c, 0x0b, 0xb3, 0xd1, 0x3a, 0x46, 0x2e, 0x36, 0x88, 0xf5, 0x42, 0x01, 0x5c, 0xac,
+	0x60, 0x27, 0x08, 0x29, 0xe1, 0x75, 0x1f, 0x38, 0x14, 0xa4, 0x94, 0x89, 0xf0, 0x83, 0x50, 0x10,
+	0x17, 0x6b, 0x78, 0x62, 0x49, 0x72, 0x06, 0xd5, 0x4c, 0x34, 0x60, 0x74, 0x4a, 0xe4, 0x12, 0xcc,
+	0xcc, 0x47, 0x53, 0xea, 0xc4, 0x0d, 0x51, 0x1b, 0x00, 0x8a, 0xc6, 0x00, 0xc6, 0x28, 0x9d, 0xf4,
+	0xfc, 0xfc, 0xf4, 0x9c, 0x54, 0xbd, 0xf4, 0xfc, 0x9c, 0xc4, 0xbc, 0x74, 0xbd, 0xfc, 0xa2, 0x74,
+	0x7d, 0xe4, 0x78, 0x07, 0xb1, 0xe3, 0x21, 0xec, 0xf8, 0x32, 0xc3, 0x55, 0x4c, 0x7c, 0xee, 0x20,
+	0xd3, 0x20, 0x46, 0xe8, 0x85, 0x19, 0x26, 0xb1, 0x81, 0x93, 0x83, 0x31, 0x20, 0x00, 0x00, 0xff,
+	0xff, 0x12, 0x7d, 0x96, 0xcb, 0x2d, 0x02, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -139,10 +172,29 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Health service
-
+// HealthClient is the client API for Health service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type HealthClient interface {
+	// If the requested service is unknown, the call will fail with status
+	// NOT_FOUND.
 	Check(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (*HealthCheckResponse, error)
+	// Performs a watch for the serving status of the requested service.
+	// The server will immediately send back a message indicating the current
+	// serving status.  It will then subsequently send a new message whenever
+	// the service's serving status changes.
+	//
+	// If the requested service is unknown when the call is received, the
+	// server will send a message setting the serving status to
+	// SERVICE_UNKNOWN but will *not* terminate the call.  If at some
+	// future point, the serving status of the service becomes known, the
+	// server will send a new message with the service's serving status.
+	//
+	// If the call terminates with status UNIMPLEMENTED, then clients
+	// should assume this method is not supported and should not retry the
+	// call.  If the call terminates with any other status (including OK),
+	// clients should retry the call with appropriate exponential backoff.
+	Watch(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (Health_WatchClient, error)
 }
 
 type healthClient struct {
@@ -155,17 +207,77 @@ func NewHealthClient(cc *grpc.ClientConn) HealthClient {
 
 func (c *healthClient) Check(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (*HealthCheckResponse, error) {
 	out := new(HealthCheckResponse)
-	err := grpc.Invoke(ctx, "/grpc.health.v1.Health/Check", in, out, c.cc, opts...)
+	err := c.cc.Invoke(ctx, "/grpc.health.v1.Health/Check", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Health service
+func (c *healthClient) Watch(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (Health_WatchClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_Health_serviceDesc.Streams[0], "/grpc.health.v1.Health/Watch", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &healthWatchClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type Health_WatchClient interface {
+	Recv() (*HealthCheckResponse, error)
+	grpc.ClientStream
+}
 
+type healthWatchClient struct {
+	grpc.ClientStream
+}
+
+func (x *healthWatchClient) Recv() (*HealthCheckResponse, error) {
+	m := new(HealthCheckResponse)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// HealthServer is the server API for Health service.
 type HealthServer interface {
+	// If the requested service is unknown, the call will fail with status
+	// NOT_FOUND.
 	Check(context.Context, *HealthCheckRequest) (*HealthCheckResponse, error)
+	// Performs a watch for the serving status of the requested service.
+	// The server will immediately send back a message indicating the current
+	// serving status.  It will then subsequently send a new message whenever
+	// the service's serving status changes.
+	//
+	// If the requested service is unknown when the call is received, the
+	// server will send a message setting the serving status to
+	// SERVICE_UNKNOWN but will *not* terminate the call.  If at some
+	// future point, the serving status of the service becomes known, the
+	// server will send a new message with the service's serving status.
+	//
+	// If the call terminates with status UNIMPLEMENTED, then clients
+	// should assume this method is not supported and should not retry the
+	// call.  If the call terminates with any other status (including OK),
+	// clients should retry the call with appropriate exponential backoff.
+	Watch(*HealthCheckRequest, Health_WatchServer) error
+}
+
+// UnimplementedHealthServer can be embedded to have forward compatible implementations.
+type UnimplementedHealthServer struct {
+}
+
+func (*UnimplementedHealthServer) Check(ctx context.Context, req *HealthCheckRequest) (*HealthCheckResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Check not implemented")
+}
+func (*UnimplementedHealthServer) Watch(req *HealthCheckRequest, srv Health_WatchServer) error {
+	return status.Errorf(codes.Unimplemented, "method Watch not implemented")
 }
 
 func RegisterHealthServer(s *grpc.Server, srv HealthServer) {
@@ -190,6 +302,27 @@ func _Health_Check_Handler(srv interface{}, ctx context.Context, dec func(interf
 	return interceptor(ctx, in, info, handler)
 }
 
+func _Health_Watch_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(HealthCheckRequest)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(HealthServer).Watch(m, &healthWatchServer{stream})
+}
+
+type Health_WatchServer interface {
+	Send(*HealthCheckResponse) error
+	grpc.ServerStream
+}
+
+type healthWatchServer struct {
+	grpc.ServerStream
+}
+
+func (x *healthWatchServer) Send(m *HealthCheckResponse) error {
+	return x.ServerStream.SendMsg(m)
+}
+
 var _Health_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "grpc.health.v1.Health",
 	HandlerType: (*HealthServer)(nil),
@@ -199,29 +332,12 @@ var _Health_serviceDesc = grpc.ServiceDesc{
 			Handler:    _Health_Check_Handler,
 		},
 	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "grpc_health_v1/health.proto",
-}
-
-func init() { proto.RegisterFile("grpc_health_v1/health.proto", fileDescriptor_health_8e5b8a3074428511) }
-
-var fileDescriptor_health_8e5b8a3074428511 = []byte{
-	// 269 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4e, 0x2f, 0x2a, 0x48,
-	0x8e, 0xcf, 0x48, 0x4d, 0xcc, 0x29, 0xc9, 0x88, 0x2f, 0x33, 0xd4, 0x87, 0xb0, 0xf4, 0x0a, 0x8a,
-	0xf2, 0x4b, 0xf2, 0x85, 0xf8, 0x40, 0x92, 0x7a, 0x50, 0xa1, 0x32, 0x43, 0x25, 0x3d, 0x2e, 0x21,
-	0x0f, 0x30, 0xc7, 0x39, 0x23, 0x35, 0x39, 0x3b, 0x28, 0xb5, 0xb0, 0x34, 0xb5, 0xb8, 0x44, 0x48,
-	0x82, 0x8b, 0xbd, 0x38, 0xb5, 0xa8, 0x2c, 0x33, 0x39, 0x55, 0x82, 0x51, 0x81, 0x51, 0x83, 0x33,
-	0x08, 0xc6, 0x55, 0x9a, 0xc3, 0xc8, 0x25, 0x8c, 0xa2, 0xa1, 0xb8, 0x20, 0x3f, 0xaf, 0x38, 0x55,
-	0xc8, 0x93, 0x8b, 0xad, 0xb8, 0x24, 0xb1, 0xa4, 0xb4, 0x18, 0xac, 0x81, 0xcf, 0xc8, 0x50, 0x0f,
-	0xd5, 0x22, 0x3d, 0x2c, 0x9a, 0xf4, 0x82, 0x41, 0x86, 0xe6, 0xa5, 0x07, 0x83, 0x35, 0x06, 0x41,
-	0x0d, 0x50, 0xb2, 0xe2, 0xe2, 0x45, 0x91, 0x10, 0xe2, 0xe6, 0x62, 0x0f, 0xf5, 0xf3, 0xf6, 0xf3,
-	0x0f, 0xf7, 0x13, 0x60, 0x00, 0x71, 0x82, 0x5d, 0x83, 0xc2, 0x3c, 0xfd, 0xdc, 0x05, 0x18, 0x85,
-	0xf8, 0xb9, 0xb8, 0xfd, 0xfc, 0x43, 0xe2, 0x61, 0x02, 0x4c, 0x46, 0x51, 0x5c, 0x6c, 0x10, 0x8b,
-	0x84, 0x02, 0xb8, 0x58, 0xc1, 0x96, 0x09, 0x29, 0xe1, 0x75, 0x09, 0xd8, 0xbf, 0x52, 0xca, 0x44,
-	0xb8, 0xd6, 0x29, 0x91, 0x4b, 0x30, 0x33, 0x1f, 0x4d, 0xa1, 0x13, 0x37, 0x44, 0x65, 0x00, 0x28,
-	0x70, 0x03, 0x18, 0xa3, 0x74, 0xd2, 0xf3, 0xf3, 0xd3, 0x73, 0x52, 0xf5, 0xd2, 0xf3, 0x73, 0x12,
-	0xf3, 0xd2, 0xf5, 0xf2, 0x8b, 0xd2, 0xf5, 0x41, 0x1a, 0xa0, 0x71, 0xa0, 0x8f, 0x1a, 0x33, 0xab,
-	0x98, 0xf8, 0xdc, 0x41, 0xa6, 0x41, 0x8c, 0xd0, 0x0b, 0x33, 0x4c, 0x62, 0x03, 0x47, 0x92, 0x31,
-	0x20, 0x00, 0x00, 0xff, 0xff, 0xb7, 0x70, 0xc4, 0xa7, 0xc3, 0x01, 0x00, 0x00,
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "Watch",
+			Handler:       _Health_Watch_Handler,
+			ServerStreams: true,
+		},
+	},
+	Metadata: "grpc/health/v1/health.proto",
 }
diff --git a/vendor/google.golang.org/grpc/health/grpc_health_v1/health.proto b/vendor/google.golang.org/grpc/health/grpc_health_v1/health.proto
deleted file mode 100644
index bcc02f8ac8327..0000000000000
--- a/vendor/google.golang.org/grpc/health/grpc_health_v1/health.proto
+++ /dev/null
@@ -1,44 +0,0 @@
-// Copyright 2015, gRPC Authors
-// All rights reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// The canonical version of this proto can be found at
-// https://github.com/grpc/grpc-proto/blob/master/grpc/health/v1/health.proto
-
-syntax = "proto3";
-
-package grpc.health.v1;
-
-option csharp_namespace = "Grpc.Health.V1";
-option go_package = "google.golang.org/grpc/health/grpc_health_v1";
-option java_multiple_files = true;
-option java_outer_classname = "HealthProto";
-option java_package = "io.grpc.health.v1";
-
-message HealthCheckRequest {
-  string service = 1;
-}
-
-message HealthCheckResponse {
-  enum ServingStatus {
-    UNKNOWN = 0;
-    SERVING = 1;
-    NOT_SERVING = 2;
-  }
-  ServingStatus status = 1;
-}
-
-service Health {
-  rpc Check(HealthCheckRequest) returns (HealthCheckResponse);
-}
diff --git a/vendor/google.golang.org/grpc/health/health.go b/vendor/google.golang.org/grpc/health/health.go
deleted file mode 100644
index de7f9ba79e2fa..0000000000000
--- a/vendor/google.golang.org/grpc/health/health.go
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-//go:generate protoc --go_out=plugins=grpc,paths=source_relative:. grpc_health_v1/health.proto
-
-// Package health provides some utility functions to health-check a server. The implementation
-// is based on protobuf. Users need to write their own implementations if other IDLs are used.
-package health
-
-import (
-	"sync"
-
-	"golang.org/x/net/context"
-	"google.golang.org/grpc/codes"
-	healthpb "google.golang.org/grpc/health/grpc_health_v1"
-	"google.golang.org/grpc/status"
-)
-
-// Server implements `service Health`.
-type Server struct {
-	mu sync.Mutex
-	// statusMap stores the serving status of the services this Server monitors.
-	statusMap map[string]healthpb.HealthCheckResponse_ServingStatus
-}
-
-// NewServer returns a new Server.
-func NewServer() *Server {
-	return &Server{
-		statusMap: make(map[string]healthpb.HealthCheckResponse_ServingStatus),
-	}
-}
-
-// Check implements `service Health`.
-func (s *Server) Check(ctx context.Context, in *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	if in.Service == "" {
-		// check the server overall health status.
-		return &healthpb.HealthCheckResponse{
-			Status: healthpb.HealthCheckResponse_SERVING,
-		}, nil
-	}
-	if status, ok := s.statusMap[in.Service]; ok {
-		return &healthpb.HealthCheckResponse{
-			Status: status,
-		}, nil
-	}
-	return nil, status.Error(codes.NotFound, "unknown service")
-}
-
-// SetServingStatus is called when need to reset the serving status of a service
-// or insert a new service entry into the statusMap.
-func (s *Server) SetServingStatus(service string, status healthpb.HealthCheckResponse_ServingStatus) {
-	s.mu.Lock()
-	s.statusMap[service] = status
-	s.mu.Unlock()
-}
diff --git a/vendor/google.golang.org/grpc/health/server.go b/vendor/google.golang.org/grpc/health/server.go
new file mode 100644
index 0000000000000..2262607f88288
--- /dev/null
+++ b/vendor/google.golang.org/grpc/health/server.go
@@ -0,0 +1,165 @@
+/*
+ *
+ * Copyright 2017 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+//go:generate ./regenerate.sh
+
+// Package health provides a service that exposes server's health and it must be
+// imported to enable support for client-side health checks.
+package health
+
+import (
+	"context"
+	"sync"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+	healthgrpc "google.golang.org/grpc/health/grpc_health_v1"
+	healthpb "google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/status"
+)
+
+// Server implements `service Health`.
+type Server struct {
+	mu sync.RWMutex
+	// If shutdown is true, it's expected all serving status is NOT_SERVING, and
+	// will stay in NOT_SERVING.
+	shutdown bool
+	// statusMap stores the serving status of the services this Server monitors.
+	statusMap map[string]healthpb.HealthCheckResponse_ServingStatus
+	updates   map[string]map[healthgrpc.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus
+}
+
+// NewServer returns a new Server.
+func NewServer() *Server {
+	return &Server{
+		statusMap: map[string]healthpb.HealthCheckResponse_ServingStatus{"": healthpb.HealthCheckResponse_SERVING},
+		updates:   make(map[string]map[healthgrpc.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus),
+	}
+}
+
+// Check implements `service Health`.
+func (s *Server) Check(ctx context.Context, in *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	if servingStatus, ok := s.statusMap[in.Service]; ok {
+		return &healthpb.HealthCheckResponse{
+			Status: servingStatus,
+		}, nil
+	}
+	return nil, status.Error(codes.NotFound, "unknown service")
+}
+
+// Watch implements `service Health`.
+func (s *Server) Watch(in *healthpb.HealthCheckRequest, stream healthgrpc.Health_WatchServer) error {
+	service := in.Service
+	// update channel is used for getting service status updates.
+	update := make(chan healthpb.HealthCheckResponse_ServingStatus, 1)
+	s.mu.Lock()
+	// Puts the initial status to the channel.
+	if servingStatus, ok := s.statusMap[service]; ok {
+		update <- servingStatus
+	} else {
+		update <- healthpb.HealthCheckResponse_SERVICE_UNKNOWN
+	}
+
+	// Registers the update channel to the correct place in the updates map.
+	if _, ok := s.updates[service]; !ok {
+		s.updates[service] = make(map[healthgrpc.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus)
+	}
+	s.updates[service][stream] = update
+	defer func() {
+		s.mu.Lock()
+		delete(s.updates[service], stream)
+		s.mu.Unlock()
+	}()
+	s.mu.Unlock()
+
+	var lastSentStatus healthpb.HealthCheckResponse_ServingStatus = -1
+	for {
+		select {
+		// Status updated. Sends the up-to-date status to the client.
+		case servingStatus := <-update:
+			if lastSentStatus == servingStatus {
+				continue
+			}
+			lastSentStatus = servingStatus
+			err := stream.Send(&healthpb.HealthCheckResponse{Status: servingStatus})
+			if err != nil {
+				return status.Error(codes.Canceled, "Stream has ended.")
+			}
+		// Context done. Removes the update channel from the updates map.
+		case <-stream.Context().Done():
+			return status.Error(codes.Canceled, "Stream has ended.")
+		}
+	}
+}
+
+// SetServingStatus is called when need to reset the serving status of a service
+// or insert a new service entry into the statusMap.
+func (s *Server) SetServingStatus(service string, servingStatus healthpb.HealthCheckResponse_ServingStatus) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if s.shutdown {
+		grpclog.Infof("health: status changing for %s to %v is ignored because health service is shutdown", service, servingStatus)
+		return
+	}
+
+	s.setServingStatusLocked(service, servingStatus)
+}
+
+func (s *Server) setServingStatusLocked(service string, servingStatus healthpb.HealthCheckResponse_ServingStatus) {
+	s.statusMap[service] = servingStatus
+	for _, update := range s.updates[service] {
+		// Clears previous updates, that are not sent to the client, from the channel.
+		// This can happen if the client is not reading and the server gets flow control limited.
+		select {
+		case <-update:
+		default:
+		}
+		// Puts the most recent update to the channel.
+		update <- servingStatus
+	}
+}
+
+// Shutdown sets all serving status to NOT_SERVING, and configures the server to
+// ignore all future status changes.
+//
+// This changes serving status for all services. To set status for a particular
+// services, call SetServingStatus().
+func (s *Server) Shutdown() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.shutdown = true
+	for service := range s.statusMap {
+		s.setServingStatusLocked(service, healthpb.HealthCheckResponse_NOT_SERVING)
+	}
+}
+
+// Resume sets all serving status to SERVING, and configures the server to
+// accept all future status changes.
+//
+// This changes serving status for all services. To set status for a particular
+// services, call SetServingStatus().
+func (s *Server) Resume() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.shutdown = false
+	for service := range s.statusMap {
+		s.setServingStatusLocked(service, healthpb.HealthCheckResponse_SERVING)
+	}
+}
diff --git a/vendor/google.golang.org/grpc/interceptor.go b/vendor/google.golang.org/grpc/interceptor.go
index 1f6ef678035b4..8b7350022ad73 100644
--- a/vendor/google.golang.org/grpc/interceptor.go
+++ b/vendor/google.golang.org/grpc/interceptor.go
@@ -19,7 +19,7 @@
 package grpc
 
 import (
-	"golang.org/x/net/context"
+	"context"
 )
 
 // UnaryInvoker is called by UnaryClientInterceptor to complete RPCs.
diff --git a/vendor/google.golang.org/grpc/internal/backoff/backoff.go b/vendor/google.golang.org/grpc/internal/backoff/backoff.go
new file mode 100644
index 0000000000000..5fc0ee3da53bc
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/backoff/backoff.go
@@ -0,0 +1,73 @@
+/*
+ *
+ * Copyright 2017 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package backoff implement the backoff strategy for gRPC.
+//
+// This is kept in internal until the gRPC project decides whether or not to
+// allow alternative backoff strategies.
+package backoff
+
+import (
+	"time"
+
+	grpcbackoff "google.golang.org/grpc/backoff"
+	"google.golang.org/grpc/internal/grpcrand"
+)
+
+// Strategy defines the methodology for backing off after a grpc connection
+// failure.
+type Strategy interface {
+	// Backoff returns the amount of time to wait before the next retry given
+	// the number of consecutive failures.
+	Backoff(retries int) time.Duration
+}
+
+// DefaultExponential is an exponential backoff implementation using the
+// default values for all the configurable knobs defined in
+// https://github.com/grpc/grpc/blob/master/doc/connection-backoff.md.
+var DefaultExponential = Exponential{Config: grpcbackoff.DefaultConfig}
+
+// Exponential implements exponential backoff algorithm as defined in
+// https://github.com/grpc/grpc/blob/master/doc/connection-backoff.md.
+type Exponential struct {
+	// Config contains all options to configure the backoff algorithm.
+	Config grpcbackoff.Config
+}
+
+// Backoff returns the amount of time to wait before the next retry given the
+// number of retries.
+func (bc Exponential) Backoff(retries int) time.Duration {
+	if retries == 0 {
+		return bc.Config.BaseDelay
+	}
+	backoff, max := float64(bc.Config.BaseDelay), float64(bc.Config.MaxDelay)
+	for backoff < max && retries > 0 {
+		backoff *= bc.Config.Multiplier
+		retries--
+	}
+	if backoff > max {
+		backoff = max
+	}
+	// Randomize backoff delays so that if a cluster of requests start at
+	// the same time, they won't operate in lockstep.
+	backoff *= 1 + bc.Config.Jitter*(grpcrand.Float64()*2-1)
+	if backoff < 0 {
+		return 0
+	}
+	return time.Duration(backoff)
+}
diff --git a/vendor/google.golang.org/grpc/internal/balancerload/load.go b/vendor/google.golang.org/grpc/internal/balancerload/load.go
new file mode 100644
index 0000000000000..3a905d96657e1
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/balancerload/load.go
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Package balancerload defines APIs to parse server loads in trailers. The
+// parsed loads are sent to balancers in DoneInfo.
+package balancerload
+
+import (
+	"google.golang.org/grpc/metadata"
+)
+
+// Parser converts loads from metadata into a concrete type.
+type Parser interface {
+	// Parse parses loads from metadata.
+	Parse(md metadata.MD) interface{}
+}
+
+var parser Parser
+
+// SetParser sets the load parser.
+//
+// Not mutex-protected, should be called before any gRPC functions.
+func SetParser(lr Parser) {
+	parser = lr
+}
+
+// Parse calls parser.Read().
+func Parse(md metadata.MD) interface{} {
+	if parser == nil {
+		return nil
+	}
+	return parser.Parse(md)
+}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go b/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
new file mode 100644
index 0000000000000..8b1051674917c
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
@@ -0,0 +1,167 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package binarylog implementation binary logging as defined in
+// https://github.com/grpc/proposal/blob/master/A16-binary-logging.md.
+package binarylog
+
+import (
+	"fmt"
+	"os"
+
+	"google.golang.org/grpc/grpclog"
+)
+
+// Logger is the global binary logger. It can be used to get binary logger for
+// each method.
+type Logger interface {
+	getMethodLogger(methodName string) *MethodLogger
+}
+
+// binLogger is the global binary logger for the binary. One of this should be
+// built at init time from the configuration (environment variable or flags).
+//
+// It is used to get a methodLogger for each individual method.
+var binLogger Logger
+
+// SetLogger sets the binarg logger.
+//
+// Only call this at init time.
+func SetLogger(l Logger) {
+	binLogger = l
+}
+
+// GetMethodLogger returns the methodLogger for the given methodName.
+//
+// methodName should be in the format of "/service/method".
+//
+// Each methodLogger returned by this method is a new instance. This is to
+// generate sequence id within the call.
+func GetMethodLogger(methodName string) *MethodLogger {
+	if binLogger == nil {
+		return nil
+	}
+	return binLogger.getMethodLogger(methodName)
+}
+
+func init() {
+	const envStr = "GRPC_BINARY_LOG_FILTER"
+	configStr := os.Getenv(envStr)
+	binLogger = NewLoggerFromConfigString(configStr)
+}
+
+type methodLoggerConfig struct {
+	// Max length of header and message.
+	hdr, msg uint64
+}
+
+type logger struct {
+	all      *methodLoggerConfig
+	services map[string]*methodLoggerConfig
+	methods  map[string]*methodLoggerConfig
+
+	blacklist map[string]struct{}
+}
+
+// newEmptyLogger creates an empty logger. The map fields need to be filled in
+// using the set* functions.
+func newEmptyLogger() *logger {
+	return &logger{}
+}
+
+// Set method logger for "*".
+func (l *logger) setDefaultMethodLogger(ml *methodLoggerConfig) error {
+	if l.all != nil {
+		return fmt.Errorf("conflicting global rules found")
+	}
+	l.all = ml
+	return nil
+}
+
+// Set method logger for "service/*".
+//
+// New methodLogger with same service overrides the old one.
+func (l *logger) setServiceMethodLogger(service string, ml *methodLoggerConfig) error {
+	if _, ok := l.services[service]; ok {
+		return fmt.Errorf("conflicting service rules for service %v found", service)
+	}
+	if l.services == nil {
+		l.services = make(map[string]*methodLoggerConfig)
+	}
+	l.services[service] = ml
+	return nil
+}
+
+// Set method logger for "service/method".
+//
+// New methodLogger with same method overrides the old one.
+func (l *logger) setMethodMethodLogger(method string, ml *methodLoggerConfig) error {
+	if _, ok := l.blacklist[method]; ok {
+		return fmt.Errorf("conflicting blacklist rules for method %v found", method)
+	}
+	if _, ok := l.methods[method]; ok {
+		return fmt.Errorf("conflicting method rules for method %v found", method)
+	}
+	if l.methods == nil {
+		l.methods = make(map[string]*methodLoggerConfig)
+	}
+	l.methods[method] = ml
+	return nil
+}
+
+// Set blacklist method for "-service/method".
+func (l *logger) setBlacklist(method string) error {
+	if _, ok := l.blacklist[method]; ok {
+		return fmt.Errorf("conflicting blacklist rules for method %v found", method)
+	}
+	if _, ok := l.methods[method]; ok {
+		return fmt.Errorf("conflicting method rules for method %v found", method)
+	}
+	if l.blacklist == nil {
+		l.blacklist = make(map[string]struct{})
+	}
+	l.blacklist[method] = struct{}{}
+	return nil
+}
+
+// getMethodLogger returns the methodLogger for the given methodName.
+//
+// methodName should be in the format of "/service/method".
+//
+// Each methodLogger returned by this method is a new instance. This is to
+// generate sequence id within the call.
+func (l *logger) getMethodLogger(methodName string) *MethodLogger {
+	s, m, err := parseMethodName(methodName)
+	if err != nil {
+		grpclog.Infof("binarylogging: failed to parse %q: %v", methodName, err)
+		return nil
+	}
+	if ml, ok := l.methods[s+"/"+m]; ok {
+		return newMethodLogger(ml.hdr, ml.msg)
+	}
+	if _, ok := l.blacklist[s+"/"+m]; ok {
+		return nil
+	}
+	if ml, ok := l.services[s]; ok {
+		return newMethodLogger(ml.hdr, ml.msg)
+	}
+	if l.all == nil {
+		return nil
+	}
+	return newMethodLogger(l.all.hdr, l.all.msg)
+}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/binarylog_testutil.go b/vendor/google.golang.org/grpc/internal/binarylog/binarylog_testutil.go
new file mode 100644
index 0000000000000..1ee00a39ac7c7
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/binarylog/binarylog_testutil.go
@@ -0,0 +1,42 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// This file contains exported variables/functions that are exported for testing
+// only.
+//
+// An ideal way for this would be to put those in a *_test.go but in binarylog
+// package. But this doesn't work with staticcheck with go module. Error was:
+// "MdToMetadataProto not declared by package binarylog". This could be caused
+// by the way staticcheck looks for files for a certain package, which doesn't
+// support *_test.go files.
+//
+// Move those to binary_test.go when staticcheck is fixed.
+
+package binarylog
+
+var (
+	// AllLogger is a logger that logs all headers/messages for all RPCs. It's
+	// for testing only.
+	AllLogger = NewLoggerFromConfigString("*")
+	// MdToMetadataProto converts metadata to a binary logging proto message.
+	// It's for testing only.
+	MdToMetadataProto = mdToMetadataProto
+	// AddrToProto converts an address to a binary logging proto message. It's
+	// for testing only.
+	AddrToProto = addrToProto
+)
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/env_config.go b/vendor/google.golang.org/grpc/internal/binarylog/env_config.go
new file mode 100644
index 0000000000000..be30d0e65e702
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/binarylog/env_config.go
@@ -0,0 +1,210 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package binarylog
+
+import (
+	"errors"
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"google.golang.org/grpc/grpclog"
+)
+
+// NewLoggerFromConfigString reads the string and build a logger. It can be used
+// to build a new logger and assign it to binarylog.Logger.
+//
+// Example filter config strings:
+//  - "" Nothing will be logged
+//  - "*" All headers and messages will be fully logged.
+//  - "*{h}" Only headers will be logged.
+//  - "*{m:256}" Only the first 256 bytes of each message will be logged.
+//  - "Foo/*" Logs every method in service Foo
+//  - "Foo/*,-Foo/Bar" Logs every method in service Foo except method /Foo/Bar
+//  - "Foo/*,Foo/Bar{m:256}" Logs the first 256 bytes of each message in method
+//    /Foo/Bar, logs all headers and messages in every other method in service
+//    Foo.
+//
+// If two configs exist for one certain method or service, the one specified
+// later overrides the previous config.
+func NewLoggerFromConfigString(s string) Logger {
+	if s == "" {
+		return nil
+	}
+	l := newEmptyLogger()
+	methods := strings.Split(s, ",")
+	for _, method := range methods {
+		if err := l.fillMethodLoggerWithConfigString(method); err != nil {
+			grpclog.Warningf("failed to parse binary log config: %v", err)
+			return nil
+		}
+	}
+	return l
+}
+
+// fillMethodLoggerWithConfigString parses config, creates methodLogger and adds
+// it to the right map in the logger.
+func (l *logger) fillMethodLoggerWithConfigString(config string) error {
+	// "" is invalid.
+	if config == "" {
+		return errors.New("empty string is not a valid method binary logging config")
+	}
+
+	// "-service/method", blacklist, no * or {} allowed.
+	if config[0] == '-' {
+		s, m, suffix, err := parseMethodConfigAndSuffix(config[1:])
+		if err != nil {
+			return fmt.Errorf("invalid config: %q, %v", config, err)
+		}
+		if m == "*" {
+			return fmt.Errorf("invalid config: %q, %v", config, "* not allowed in blacklist config")
+		}
+		if suffix != "" {
+			return fmt.Errorf("invalid config: %q, %v", config, "header/message limit not allowed in blacklist config")
+		}
+		if err := l.setBlacklist(s + "/" + m); err != nil {
+			return fmt.Errorf("invalid config: %v", err)
+		}
+		return nil
+	}
+
+	// "*{h:256;m:256}"
+	if config[0] == '*' {
+		hdr, msg, err := parseHeaderMessageLengthConfig(config[1:])
+		if err != nil {
+			return fmt.Errorf("invalid config: %q, %v", config, err)
+		}
+		if err := l.setDefaultMethodLogger(&methodLoggerConfig{hdr: hdr, msg: msg}); err != nil {
+			return fmt.Errorf("invalid config: %v", err)
+		}
+		return nil
+	}
+
+	s, m, suffix, err := parseMethodConfigAndSuffix(config)
+	if err != nil {
+		return fmt.Errorf("invalid config: %q, %v", config, err)
+	}
+	hdr, msg, err := parseHeaderMessageLengthConfig(suffix)
+	if err != nil {
+		return fmt.Errorf("invalid header/message length config: %q, %v", suffix, err)
+	}
+	if m == "*" {
+		if err := l.setServiceMethodLogger(s, &methodLoggerConfig{hdr: hdr, msg: msg}); err != nil {
+			return fmt.Errorf("invalid config: %v", err)
+		}
+	} else {
+		if err := l.setMethodMethodLogger(s+"/"+m, &methodLoggerConfig{hdr: hdr, msg: msg}); err != nil {
+			return fmt.Errorf("invalid config: %v", err)
+		}
+	}
+	return nil
+}
+
+const (
+	// TODO: this const is only used by env_config now. But could be useful for
+	// other config. Move to binarylog.go if necessary.
+	maxUInt = ^uint64(0)
+
+	// For "p.s/m" plus any suffix. Suffix will be parsed again. See test for
+	// expected output.
+	longMethodConfigRegexpStr = `^([\w./]+)/((?:\w+)|[*])(.+)?$`
+
+	// For suffix from above, "{h:123,m:123}". See test for expected output.
+	optionalLengthRegexpStr      = `(?::(\d+))?` // Optional ":123".
+	headerConfigRegexpStr        = `^{h` + optionalLengthRegexpStr + `}$`
+	messageConfigRegexpStr       = `^{m` + optionalLengthRegexpStr + `}$`
+	headerMessageConfigRegexpStr = `^{h` + optionalLengthRegexpStr + `;m` + optionalLengthRegexpStr + `}$`
+)
+
+var (
+	longMethodConfigRegexp    = regexp.MustCompile(longMethodConfigRegexpStr)
+	headerConfigRegexp        = regexp.MustCompile(headerConfigRegexpStr)
+	messageConfigRegexp       = regexp.MustCompile(messageConfigRegexpStr)
+	headerMessageConfigRegexp = regexp.MustCompile(headerMessageConfigRegexpStr)
+)
+
+// Turn "service/method{h;m}" into "service", "method", "{h;m}".
+func parseMethodConfigAndSuffix(c string) (service, method, suffix string, _ error) {
+	// Regexp result:
+	//
+	// in:  "p.s/m{h:123,m:123}",
+	// out: []string{"p.s/m{h:123,m:123}", "p.s", "m", "{h:123,m:123}"},
+	match := longMethodConfigRegexp.FindStringSubmatch(c)
+	if match == nil {
+		return "", "", "", fmt.Errorf("%q contains invalid substring", c)
+	}
+	service = match[1]
+	method = match[2]
+	suffix = match[3]
+	return
+}
+
+// Turn "{h:123;m:345}" into 123, 345.
+//
+// Return maxUInt if length is unspecified.
+func parseHeaderMessageLengthConfig(c string) (hdrLenStr, msgLenStr uint64, err error) {
+	if c == "" {
+		return maxUInt, maxUInt, nil
+	}
+	// Header config only.
+	if match := headerConfigRegexp.FindStringSubmatch(c); match != nil {
+		if s := match[1]; s != "" {
+			hdrLenStr, err = strconv.ParseUint(s, 10, 64)
+			if err != nil {
+				return 0, 0, fmt.Errorf("failed to convert %q to uint", s)
+			}
+			return hdrLenStr, 0, nil
+		}
+		return maxUInt, 0, nil
+	}
+
+	// Message config only.
+	if match := messageConfigRegexp.FindStringSubmatch(c); match != nil {
+		if s := match[1]; s != "" {
+			msgLenStr, err = strconv.ParseUint(s, 10, 64)
+			if err != nil {
+				return 0, 0, fmt.Errorf("failed to convert %q to uint", s)
+			}
+			return 0, msgLenStr, nil
+		}
+		return 0, maxUInt, nil
+	}
+
+	// Header and message config both.
+	if match := headerMessageConfigRegexp.FindStringSubmatch(c); match != nil {
+		// Both hdr and msg are specified, but one or two of them might be empty.
+		hdrLenStr = maxUInt
+		msgLenStr = maxUInt
+		if s := match[1]; s != "" {
+			hdrLenStr, err = strconv.ParseUint(s, 10, 64)
+			if err != nil {
+				return 0, 0, fmt.Errorf("failed to convert %q to uint", s)
+			}
+		}
+		if s := match[2]; s != "" {
+			msgLenStr, err = strconv.ParseUint(s, 10, 64)
+			if err != nil {
+				return 0, 0, fmt.Errorf("failed to convert %q to uint", s)
+			}
+		}
+		return hdrLenStr, msgLenStr, nil
+	}
+	return 0, 0, fmt.Errorf("%q contains invalid substring", c)
+}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
new file mode 100644
index 0000000000000..160f6e8616f5b
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
@@ -0,0 +1,423 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package binarylog
+
+import (
+	"net"
+	"strings"
+	"sync/atomic"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/golang/protobuf/ptypes"
+	pb "google.golang.org/grpc/binarylog/grpc_binarylog_v1"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+)
+
+type callIDGenerator struct {
+	id uint64
+}
+
+func (g *callIDGenerator) next() uint64 {
+	id := atomic.AddUint64(&g.id, 1)
+	return id
+}
+
+// reset is for testing only, and doesn't need to be thread safe.
+func (g *callIDGenerator) reset() {
+	g.id = 0
+}
+
+var idGen callIDGenerator
+
+// MethodLogger is the sub-logger for each method.
+type MethodLogger struct {
+	headerMaxLen, messageMaxLen uint64
+
+	callID          uint64
+	idWithinCallGen *callIDGenerator
+
+	sink Sink // TODO(blog): make this plugable.
+}
+
+func newMethodLogger(h, m uint64) *MethodLogger {
+	return &MethodLogger{
+		headerMaxLen:  h,
+		messageMaxLen: m,
+
+		callID:          idGen.next(),
+		idWithinCallGen: &callIDGenerator{},
+
+		sink: defaultSink, // TODO(blog): make it plugable.
+	}
+}
+
+// Log creates a proto binary log entry, and logs it to the sink.
+func (ml *MethodLogger) Log(c LogEntryConfig) {
+	m := c.toProto()
+	timestamp, _ := ptypes.TimestampProto(time.Now())
+	m.Timestamp = timestamp
+	m.CallId = ml.callID
+	m.SequenceIdWithinCall = ml.idWithinCallGen.next()
+
+	switch pay := m.Payload.(type) {
+	case *pb.GrpcLogEntry_ClientHeader:
+		m.PayloadTruncated = ml.truncateMetadata(pay.ClientHeader.GetMetadata())
+	case *pb.GrpcLogEntry_ServerHeader:
+		m.PayloadTruncated = ml.truncateMetadata(pay.ServerHeader.GetMetadata())
+	case *pb.GrpcLogEntry_Message:
+		m.PayloadTruncated = ml.truncateMessage(pay.Message)
+	}
+
+	ml.sink.Write(m)
+}
+
+func (ml *MethodLogger) truncateMetadata(mdPb *pb.Metadata) (truncated bool) {
+	if ml.headerMaxLen == maxUInt {
+		return false
+	}
+	var (
+		bytesLimit = ml.headerMaxLen
+		index      int
+	)
+	// At the end of the loop, index will be the first entry where the total
+	// size is greater than the limit:
+	//
+	// len(entry[:index]) <= ml.hdr && len(entry[:index+1]) > ml.hdr.
+	for ; index < len(mdPb.Entry); index++ {
+		entry := mdPb.Entry[index]
+		if entry.Key == "grpc-trace-bin" {
+			// "grpc-trace-bin" is a special key. It's kept in the log entry,
+			// but not counted towards the size limit.
+			continue
+		}
+		currentEntryLen := uint64(len(entry.Value))
+		if currentEntryLen > bytesLimit {
+			break
+		}
+		bytesLimit -= currentEntryLen
+	}
+	truncated = index < len(mdPb.Entry)
+	mdPb.Entry = mdPb.Entry[:index]
+	return truncated
+}
+
+func (ml *MethodLogger) truncateMessage(msgPb *pb.Message) (truncated bool) {
+	if ml.messageMaxLen == maxUInt {
+		return false
+	}
+	if ml.messageMaxLen >= uint64(len(msgPb.Data)) {
+		return false
+	}
+	msgPb.Data = msgPb.Data[:ml.messageMaxLen]
+	return true
+}
+
+// LogEntryConfig represents the configuration for binary log entry.
+type LogEntryConfig interface {
+	toProto() *pb.GrpcLogEntry
+}
+
+// ClientHeader configs the binary log entry to be a ClientHeader entry.
+type ClientHeader struct {
+	OnClientSide bool
+	Header       metadata.MD
+	MethodName   string
+	Authority    string
+	Timeout      time.Duration
+	// PeerAddr is required only when it's on server side.
+	PeerAddr net.Addr
+}
+
+func (c *ClientHeader) toProto() *pb.GrpcLogEntry {
+	// This function doesn't need to set all the fields (e.g. seq ID). The Log
+	// function will set the fields when necessary.
+	clientHeader := &pb.ClientHeader{
+		Metadata:   mdToMetadataProto(c.Header),
+		MethodName: c.MethodName,
+		Authority:  c.Authority,
+	}
+	if c.Timeout > 0 {
+		clientHeader.Timeout = ptypes.DurationProto(c.Timeout)
+	}
+	ret := &pb.GrpcLogEntry{
+		Type: pb.GrpcLogEntry_EVENT_TYPE_CLIENT_HEADER,
+		Payload: &pb.GrpcLogEntry_ClientHeader{
+			ClientHeader: clientHeader,
+		},
+	}
+	if c.OnClientSide {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_CLIENT
+	} else {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_SERVER
+	}
+	if c.PeerAddr != nil {
+		ret.Peer = addrToProto(c.PeerAddr)
+	}
+	return ret
+}
+
+// ServerHeader configs the binary log entry to be a ServerHeader entry.
+type ServerHeader struct {
+	OnClientSide bool
+	Header       metadata.MD
+	// PeerAddr is required only when it's on client side.
+	PeerAddr net.Addr
+}
+
+func (c *ServerHeader) toProto() *pb.GrpcLogEntry {
+	ret := &pb.GrpcLogEntry{
+		Type: pb.GrpcLogEntry_EVENT_TYPE_SERVER_HEADER,
+		Payload: &pb.GrpcLogEntry_ServerHeader{
+			ServerHeader: &pb.ServerHeader{
+				Metadata: mdToMetadataProto(c.Header),
+			},
+		},
+	}
+	if c.OnClientSide {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_CLIENT
+	} else {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_SERVER
+	}
+	if c.PeerAddr != nil {
+		ret.Peer = addrToProto(c.PeerAddr)
+	}
+	return ret
+}
+
+// ClientMessage configs the binary log entry to be a ClientMessage entry.
+type ClientMessage struct {
+	OnClientSide bool
+	// Message can be a proto.Message or []byte. Other messages formats are not
+	// supported.
+	Message interface{}
+}
+
+func (c *ClientMessage) toProto() *pb.GrpcLogEntry {
+	var (
+		data []byte
+		err  error
+	)
+	if m, ok := c.Message.(proto.Message); ok {
+		data, err = proto.Marshal(m)
+		if err != nil {
+			grpclog.Infof("binarylogging: failed to marshal proto message: %v", err)
+		}
+	} else if b, ok := c.Message.([]byte); ok {
+		data = b
+	} else {
+		grpclog.Infof("binarylogging: message to log is neither proto.message nor []byte")
+	}
+	ret := &pb.GrpcLogEntry{
+		Type: pb.GrpcLogEntry_EVENT_TYPE_CLIENT_MESSAGE,
+		Payload: &pb.GrpcLogEntry_Message{
+			Message: &pb.Message{
+				Length: uint32(len(data)),
+				Data:   data,
+			},
+		},
+	}
+	if c.OnClientSide {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_CLIENT
+	} else {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_SERVER
+	}
+	return ret
+}
+
+// ServerMessage configs the binary log entry to be a ServerMessage entry.
+type ServerMessage struct {
+	OnClientSide bool
+	// Message can be a proto.Message or []byte. Other messages formats are not
+	// supported.
+	Message interface{}
+}
+
+func (c *ServerMessage) toProto() *pb.GrpcLogEntry {
+	var (
+		data []byte
+		err  error
+	)
+	if m, ok := c.Message.(proto.Message); ok {
+		data, err = proto.Marshal(m)
+		if err != nil {
+			grpclog.Infof("binarylogging: failed to marshal proto message: %v", err)
+		}
+	} else if b, ok := c.Message.([]byte); ok {
+		data = b
+	} else {
+		grpclog.Infof("binarylogging: message to log is neither proto.message nor []byte")
+	}
+	ret := &pb.GrpcLogEntry{
+		Type: pb.GrpcLogEntry_EVENT_TYPE_SERVER_MESSAGE,
+		Payload: &pb.GrpcLogEntry_Message{
+			Message: &pb.Message{
+				Length: uint32(len(data)),
+				Data:   data,
+			},
+		},
+	}
+	if c.OnClientSide {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_CLIENT
+	} else {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_SERVER
+	}
+	return ret
+}
+
+// ClientHalfClose configs the binary log entry to be a ClientHalfClose entry.
+type ClientHalfClose struct {
+	OnClientSide bool
+}
+
+func (c *ClientHalfClose) toProto() *pb.GrpcLogEntry {
+	ret := &pb.GrpcLogEntry{
+		Type:    pb.GrpcLogEntry_EVENT_TYPE_CLIENT_HALF_CLOSE,
+		Payload: nil, // No payload here.
+	}
+	if c.OnClientSide {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_CLIENT
+	} else {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_SERVER
+	}
+	return ret
+}
+
+// ServerTrailer configs the binary log entry to be a ServerTrailer entry.
+type ServerTrailer struct {
+	OnClientSide bool
+	Trailer      metadata.MD
+	// Err is the status error.
+	Err error
+	// PeerAddr is required only when it's on client side and the RPC is trailer
+	// only.
+	PeerAddr net.Addr
+}
+
+func (c *ServerTrailer) toProto() *pb.GrpcLogEntry {
+	st, ok := status.FromError(c.Err)
+	if !ok {
+		grpclog.Info("binarylogging: error in trailer is not a status error")
+	}
+	var (
+		detailsBytes []byte
+		err          error
+	)
+	stProto := st.Proto()
+	if stProto != nil && len(stProto.Details) != 0 {
+		detailsBytes, err = proto.Marshal(stProto)
+		if err != nil {
+			grpclog.Infof("binarylogging: failed to marshal status proto: %v", err)
+		}
+	}
+	ret := &pb.GrpcLogEntry{
+		Type: pb.GrpcLogEntry_EVENT_TYPE_SERVER_TRAILER,
+		Payload: &pb.GrpcLogEntry_Trailer{
+			Trailer: &pb.Trailer{
+				Metadata:      mdToMetadataProto(c.Trailer),
+				StatusCode:    uint32(st.Code()),
+				StatusMessage: st.Message(),
+				StatusDetails: detailsBytes,
+			},
+		},
+	}
+	if c.OnClientSide {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_CLIENT
+	} else {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_SERVER
+	}
+	if c.PeerAddr != nil {
+		ret.Peer = addrToProto(c.PeerAddr)
+	}
+	return ret
+}
+
+// Cancel configs the binary log entry to be a Cancel entry.
+type Cancel struct {
+	OnClientSide bool
+}
+
+func (c *Cancel) toProto() *pb.GrpcLogEntry {
+	ret := &pb.GrpcLogEntry{
+		Type:    pb.GrpcLogEntry_EVENT_TYPE_CANCEL,
+		Payload: nil,
+	}
+	if c.OnClientSide {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_CLIENT
+	} else {
+		ret.Logger = pb.GrpcLogEntry_LOGGER_SERVER
+	}
+	return ret
+}
+
+// metadataKeyOmit returns whether the metadata entry with this key should be
+// omitted.
+func metadataKeyOmit(key string) bool {
+	switch key {
+	case "lb-token", ":path", ":authority", "content-encoding", "content-type", "user-agent", "te":
+		return true
+	case "grpc-trace-bin": // grpc-trace-bin is special because it's visiable to users.
+		return false
+	}
+	return strings.HasPrefix(key, "grpc-")
+}
+
+func mdToMetadataProto(md metadata.MD) *pb.Metadata {
+	ret := &pb.Metadata{}
+	for k, vv := range md {
+		if metadataKeyOmit(k) {
+			continue
+		}
+		for _, v := range vv {
+			ret.Entry = append(ret.Entry,
+				&pb.MetadataEntry{
+					Key:   k,
+					Value: []byte(v),
+				},
+			)
+		}
+	}
+	return ret
+}
+
+func addrToProto(addr net.Addr) *pb.Address {
+	ret := &pb.Address{}
+	switch a := addr.(type) {
+	case *net.TCPAddr:
+		if a.IP.To4() != nil {
+			ret.Type = pb.Address_TYPE_IPV4
+		} else if a.IP.To16() != nil {
+			ret.Type = pb.Address_TYPE_IPV6
+		} else {
+			ret.Type = pb.Address_TYPE_UNKNOWN
+			// Do not set address and port fields.
+			break
+		}
+		ret.Address = a.IP.String()
+		ret.IpPort = uint32(a.Port)
+	case *net.UnixAddr:
+		ret.Type = pb.Address_TYPE_UNIX
+		ret.Address = a.String()
+	default:
+		ret.Type = pb.Address_TYPE_UNKNOWN
+	}
+	return ret
+}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/sink.go b/vendor/google.golang.org/grpc/internal/binarylog/sink.go
new file mode 100644
index 0000000000000..a2e7c346dd036
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/binarylog/sink.go
@@ -0,0 +1,162 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package binarylog
+
+import (
+	"bufio"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"sync"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	pb "google.golang.org/grpc/binarylog/grpc_binarylog_v1"
+	"google.golang.org/grpc/grpclog"
+)
+
+var (
+	defaultSink Sink = &noopSink{} // TODO(blog): change this default (file in /tmp).
+)
+
+// SetDefaultSink sets the sink where binary logs will be written to.
+//
+// Not thread safe. Only set during initialization.
+func SetDefaultSink(s Sink) {
+	if defaultSink != nil {
+		defaultSink.Close()
+	}
+	defaultSink = s
+}
+
+// Sink writes log entry into the binary log sink.
+type Sink interface {
+	// Write will be called to write the log entry into the sink.
+	//
+	// It should be thread-safe so it can be called in parallel.
+	Write(*pb.GrpcLogEntry) error
+	// Close will be called when the Sink is replaced by a new Sink.
+	Close() error
+}
+
+type noopSink struct{}
+
+func (ns *noopSink) Write(*pb.GrpcLogEntry) error { return nil }
+func (ns *noopSink) Close() error                 { return nil }
+
+// newWriterSink creates a binary log sink with the given writer.
+//
+// Write() marshals the proto message and writes it to the given writer. Each
+// message is prefixed with a 4 byte big endian unsigned integer as the length.
+//
+// No buffer is done, Close() doesn't try to close the writer.
+func newWriterSink(w io.Writer) *writerSink {
+	return &writerSink{out: w}
+}
+
+type writerSink struct {
+	out io.Writer
+}
+
+func (ws *writerSink) Write(e *pb.GrpcLogEntry) error {
+	b, err := proto.Marshal(e)
+	if err != nil {
+		grpclog.Infof("binary logging: failed to marshal proto message: %v", err)
+	}
+	hdr := make([]byte, 4)
+	binary.BigEndian.PutUint32(hdr, uint32(len(b)))
+	if _, err := ws.out.Write(hdr); err != nil {
+		return err
+	}
+	if _, err := ws.out.Write(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (ws *writerSink) Close() error { return nil }
+
+type bufWriteCloserSink struct {
+	mu     sync.Mutex
+	closer io.Closer
+	out    *writerSink   // out is built on buf.
+	buf    *bufio.Writer // buf is kept for flush.
+
+	writeStartOnce sync.Once
+	writeTicker    *time.Ticker
+}
+
+func (fs *bufWriteCloserSink) Write(e *pb.GrpcLogEntry) error {
+	// Start the write loop when Write is called.
+	fs.writeStartOnce.Do(fs.startFlushGoroutine)
+	fs.mu.Lock()
+	if err := fs.out.Write(e); err != nil {
+		fs.mu.Unlock()
+		return err
+	}
+	fs.mu.Unlock()
+	return nil
+}
+
+const (
+	bufFlushDuration = 60 * time.Second
+)
+
+func (fs *bufWriteCloserSink) startFlushGoroutine() {
+	fs.writeTicker = time.NewTicker(bufFlushDuration)
+	go func() {
+		for range fs.writeTicker.C {
+			fs.mu.Lock()
+			fs.buf.Flush()
+			fs.mu.Unlock()
+		}
+	}()
+}
+
+func (fs *bufWriteCloserSink) Close() error {
+	if fs.writeTicker != nil {
+		fs.writeTicker.Stop()
+	}
+	fs.mu.Lock()
+	fs.buf.Flush()
+	fs.closer.Close()
+	fs.out.Close()
+	fs.mu.Unlock()
+	return nil
+}
+
+func newBufWriteCloserSink(o io.WriteCloser) Sink {
+	bufW := bufio.NewWriter(o)
+	return &bufWriteCloserSink{
+		closer: o,
+		out:    newWriterSink(bufW),
+		buf:    bufW,
+	}
+}
+
+// NewTempFileSink creates a temp file and returns a Sink that writes to this
+// file.
+func NewTempFileSink() (Sink, error) {
+	tempFile, err := ioutil.TempFile("/tmp", "grpcgo_binarylog_*.txt")
+	if err != nil {
+		return nil, fmt.Errorf("failed to create temp file: %v", err)
+	}
+	return newBufWriteCloserSink(tempFile), nil
+}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/util.go b/vendor/google.golang.org/grpc/internal/binarylog/util.go
new file mode 100644
index 0000000000000..15dc7803d8bff
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/binarylog/util.go
@@ -0,0 +1,41 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package binarylog
+
+import (
+	"errors"
+	"strings"
+)
+
+// parseMethodName splits service and method from the input. It expects format
+// "/service/method".
+//
+// TODO: move to internal/grpcutil.
+func parseMethodName(methodName string) (service, method string, _ error) {
+	if !strings.HasPrefix(methodName, "/") {
+		return "", "", errors.New("invalid method name: should start with /")
+	}
+	methodName = methodName[1:]
+
+	pos := strings.LastIndex(methodName, "/")
+	if pos < 0 {
+		return "", "", errors.New("invalid method name: suffix /method is missing")
+	}
+	return methodName[:pos], methodName[pos+1:], nil
+}
diff --git a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
new file mode 100644
index 0000000000000..9f6a0c1200db2
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package buffer provides an implementation of an unbounded buffer.
+package buffer
+
+import "sync"
+
+// Unbounded is an implementation of an unbounded buffer which does not use
+// extra goroutines. This is typically used for passing updates from one entity
+// to another within gRPC.
+//
+// All methods on this type are thread-safe and don't block on anything except
+// the underlying mutex used for synchronization.
+//
+// Unbounded supports values of any type to be stored in it by using a channel
+// of `interface{}`. This means that a call to Put() incurs an extra memory
+// allocation, and also that users need a type assertion while reading. For
+// performance critical code paths, using Unbounded is strongly discouraged and
+// defining a new type specific implementation of this buffer is preferred. See
+// internal/transport/transport.go for an example of this.
+type Unbounded struct {
+	c       chan interface{}
+	mu      sync.Mutex
+	backlog []interface{}
+}
+
+// NewUnbounded returns a new instance of Unbounded.
+func NewUnbounded() *Unbounded {
+	return &Unbounded{c: make(chan interface{}, 1)}
+}
+
+// Put adds t to the unbounded buffer.
+func (b *Unbounded) Put(t interface{}) {
+	b.mu.Lock()
+	if len(b.backlog) == 0 {
+		select {
+		case b.c <- t:
+			b.mu.Unlock()
+			return
+		default:
+		}
+	}
+	b.backlog = append(b.backlog, t)
+	b.mu.Unlock()
+}
+
+// Load sends the earliest buffered data, if any, onto the read channel
+// returned by Get(). Users are expected to call this every time they read a
+// value from the read channel.
+func (b *Unbounded) Load() {
+	b.mu.Lock()
+	if len(b.backlog) > 0 {
+		select {
+		case b.c <- b.backlog[0]:
+			b.backlog[0] = nil
+			b.backlog = b.backlog[1:]
+		default:
+		}
+	}
+	b.mu.Unlock()
+}
+
+// Get returns a read channel on which values added to the buffer, via Put(),
+// are sent on.
+//
+// Upon reading a value from this channel, users are expected to call Load() to
+// send the next buffered value onto the channel if there is any.
+func (b *Unbounded) Get() <-chan interface{} {
+	return b.c
+}
diff --git a/vendor/google.golang.org/grpc/internal/channelz/funcs.go b/vendor/google.golang.org/grpc/internal/channelz/funcs.go
new file mode 100644
index 0000000000000..f0744f9937e94
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/channelz/funcs.go
@@ -0,0 +1,727 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package channelz defines APIs for enabling channelz service, entry
+// registration/deletion, and accessing channelz data. It also defines channelz
+// metric struct formats.
+//
+// All APIs in this package are experimental.
+package channelz
+
+import (
+	"fmt"
+	"sort"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"google.golang.org/grpc/grpclog"
+)
+
+const (
+	defaultMaxTraceEntry int32 = 30
+)
+
+var (
+	db    dbWrapper
+	idGen idGenerator
+	// EntryPerPage defines the number of channelz entries to be shown on a web page.
+	EntryPerPage  = int64(50)
+	curState      int32
+	maxTraceEntry = defaultMaxTraceEntry
+)
+
+// TurnOn turns on channelz data collection.
+func TurnOn() {
+	if !IsOn() {
+		NewChannelzStorage()
+		atomic.StoreInt32(&curState, 1)
+	}
+}
+
+// IsOn returns whether channelz data collection is on.
+func IsOn() bool {
+	return atomic.CompareAndSwapInt32(&curState, 1, 1)
+}
+
+// SetMaxTraceEntry sets maximum number of trace entry per entity (i.e. channel/subchannel).
+// Setting it to 0 will disable channel tracing.
+func SetMaxTraceEntry(i int32) {
+	atomic.StoreInt32(&maxTraceEntry, i)
+}
+
+// ResetMaxTraceEntryToDefault resets the maximum number of trace entry per entity to default.
+func ResetMaxTraceEntryToDefault() {
+	atomic.StoreInt32(&maxTraceEntry, defaultMaxTraceEntry)
+}
+
+func getMaxTraceEntry() int {
+	i := atomic.LoadInt32(&maxTraceEntry)
+	return int(i)
+}
+
+// dbWarpper wraps around a reference to internal channelz data storage, and
+// provide synchronized functionality to set and get the reference.
+type dbWrapper struct {
+	mu sync.RWMutex
+	DB *channelMap
+}
+
+func (d *dbWrapper) set(db *channelMap) {
+	d.mu.Lock()
+	d.DB = db
+	d.mu.Unlock()
+}
+
+func (d *dbWrapper) get() *channelMap {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+	return d.DB
+}
+
+// NewChannelzStorage initializes channelz data storage and id generator.
+//
+// This function returns a cleanup function to wait for all channelz state to be reset by the
+// grpc goroutines when those entities get closed. By using this cleanup function, we make sure tests
+// don't mess up each other, i.e. lingering goroutine from previous test doing entity removal happen
+// to remove some entity just register by the new test, since the id space is the same.
+//
+// Note: This function is exported for testing purpose only. User should not call
+// it in most cases.
+func NewChannelzStorage() (cleanup func() error) {
+	db.set(&channelMap{
+		topLevelChannels: make(map[int64]struct{}),
+		channels:         make(map[int64]*channel),
+		listenSockets:    make(map[int64]*listenSocket),
+		normalSockets:    make(map[int64]*normalSocket),
+		servers:          make(map[int64]*server),
+		subChannels:      make(map[int64]*subChannel),
+	})
+	idGen.reset()
+	return func() error {
+		var err error
+		cm := db.get()
+		if cm == nil {
+			return nil
+		}
+		for i := 0; i < 1000; i++ {
+			cm.mu.Lock()
+			if len(cm.topLevelChannels) == 0 && len(cm.servers) == 0 && len(cm.channels) == 0 && len(cm.subChannels) == 0 && len(cm.listenSockets) == 0 && len(cm.normalSockets) == 0 {
+				cm.mu.Unlock()
+				// all things stored in the channelz map have been cleared.
+				return nil
+			}
+			cm.mu.Unlock()
+			time.Sleep(10 * time.Millisecond)
+		}
+
+		cm.mu.Lock()
+		err = fmt.Errorf("after 10s the channelz map has not been cleaned up yet, topchannels: %d, servers: %d, channels: %d, subchannels: %d, listen sockets: %d, normal sockets: %d", len(cm.topLevelChannels), len(cm.servers), len(cm.channels), len(cm.subChannels), len(cm.listenSockets), len(cm.normalSockets))
+		cm.mu.Unlock()
+		return err
+	}
+}
+
+// GetTopChannels returns a slice of top channel's ChannelMetric, along with a
+// boolean indicating whether there's more top channels to be queried for.
+//
+// The arg id specifies that only top channel with id at or above it will be included
+// in the result. The returned slice is up to a length of the arg maxResults or
+// EntryPerPage if maxResults is zero, and is sorted in ascending id order.
+func GetTopChannels(id int64, maxResults int64) ([]*ChannelMetric, bool) {
+	return db.get().GetTopChannels(id, maxResults)
+}
+
+// GetServers returns a slice of server's ServerMetric, along with a
+// boolean indicating whether there's more servers to be queried for.
+//
+// The arg id specifies that only server with id at or above it will be included
+// in the result. The returned slice is up to a length of the arg maxResults or
+// EntryPerPage if maxResults is zero, and is sorted in ascending id order.
+func GetServers(id int64, maxResults int64) ([]*ServerMetric, bool) {
+	return db.get().GetServers(id, maxResults)
+}
+
+// GetServerSockets returns a slice of server's (identified by id) normal socket's
+// SocketMetric, along with a boolean indicating whether there's more sockets to
+// be queried for.
+//
+// The arg startID specifies that only sockets with id at or above it will be
+// included in the result. The returned slice is up to a length of the arg maxResults
+// or EntryPerPage if maxResults is zero, and is sorted in ascending id order.
+func GetServerSockets(id int64, startID int64, maxResults int64) ([]*SocketMetric, bool) {
+	return db.get().GetServerSockets(id, startID, maxResults)
+}
+
+// GetChannel returns the ChannelMetric for the channel (identified by id).
+func GetChannel(id int64) *ChannelMetric {
+	return db.get().GetChannel(id)
+}
+
+// GetSubChannel returns the SubChannelMetric for the subchannel (identified by id).
+func GetSubChannel(id int64) *SubChannelMetric {
+	return db.get().GetSubChannel(id)
+}
+
+// GetSocket returns the SocketInternalMetric for the socket (identified by id).
+func GetSocket(id int64) *SocketMetric {
+	return db.get().GetSocket(id)
+}
+
+// GetServer returns the ServerMetric for the server (identified by id).
+func GetServer(id int64) *ServerMetric {
+	return db.get().GetServer(id)
+}
+
+// RegisterChannel registers the given channel c in channelz database with ref
+// as its reference name, and add it to the child list of its parent (identified
+// by pid). pid = 0 means no parent. It returns the unique channelz tracking id
+// assigned to this channel.
+func RegisterChannel(c Channel, pid int64, ref string) int64 {
+	id := idGen.genID()
+	cn := &channel{
+		refName:     ref,
+		c:           c,
+		subChans:    make(map[int64]string),
+		nestedChans: make(map[int64]string),
+		id:          id,
+		pid:         pid,
+		trace:       &channelTrace{createdTime: time.Now(), events: make([]*TraceEvent, 0, getMaxTraceEntry())},
+	}
+	if pid == 0 {
+		db.get().addChannel(id, cn, true, pid, ref)
+	} else {
+		db.get().addChannel(id, cn, false, pid, ref)
+	}
+	return id
+}
+
+// RegisterSubChannel registers the given channel c in channelz database with ref
+// as its reference name, and add it to the child list of its parent (identified
+// by pid). It returns the unique channelz tracking id assigned to this subchannel.
+func RegisterSubChannel(c Channel, pid int64, ref string) int64 {
+	if pid == 0 {
+		grpclog.Error("a SubChannel's parent id cannot be 0")
+		return 0
+	}
+	id := idGen.genID()
+	sc := &subChannel{
+		refName: ref,
+		c:       c,
+		sockets: make(map[int64]string),
+		id:      id,
+		pid:     pid,
+		trace:   &channelTrace{createdTime: time.Now(), events: make([]*TraceEvent, 0, getMaxTraceEntry())},
+	}
+	db.get().addSubChannel(id, sc, pid, ref)
+	return id
+}
+
+// RegisterServer registers the given server s in channelz database. It returns
+// the unique channelz tracking id assigned to this server.
+func RegisterServer(s Server, ref string) int64 {
+	id := idGen.genID()
+	svr := &server{
+		refName:       ref,
+		s:             s,
+		sockets:       make(map[int64]string),
+		listenSockets: make(map[int64]string),
+		id:            id,
+	}
+	db.get().addServer(id, svr)
+	return id
+}
+
+// RegisterListenSocket registers the given listen socket s in channelz database
+// with ref as its reference name, and add it to the child list of its parent
+// (identified by pid). It returns the unique channelz tracking id assigned to
+// this listen socket.
+func RegisterListenSocket(s Socket, pid int64, ref string) int64 {
+	if pid == 0 {
+		grpclog.Error("a ListenSocket's parent id cannot be 0")
+		return 0
+	}
+	id := idGen.genID()
+	ls := &listenSocket{refName: ref, s: s, id: id, pid: pid}
+	db.get().addListenSocket(id, ls, pid, ref)
+	return id
+}
+
+// RegisterNormalSocket registers the given normal socket s in channelz database
+// with ref as its reference name, and add it to the child list of its parent
+// (identified by pid). It returns the unique channelz tracking id assigned to
+// this normal socket.
+func RegisterNormalSocket(s Socket, pid int64, ref string) int64 {
+	if pid == 0 {
+		grpclog.Error("a NormalSocket's parent id cannot be 0")
+		return 0
+	}
+	id := idGen.genID()
+	ns := &normalSocket{refName: ref, s: s, id: id, pid: pid}
+	db.get().addNormalSocket(id, ns, pid, ref)
+	return id
+}
+
+// RemoveEntry removes an entry with unique channelz trakcing id to be id from
+// channelz database.
+func RemoveEntry(id int64) {
+	db.get().removeEntry(id)
+}
+
+// TraceEventDesc is what the caller of AddTraceEvent should provide to describe the event to be added
+// to the channel trace.
+// The Parent field is optional. It is used for event that will be recorded in the entity's parent
+// trace also.
+type TraceEventDesc struct {
+	Desc     string
+	Severity Severity
+	Parent   *TraceEventDesc
+}
+
+// AddTraceEvent adds trace related to the entity with specified id, using the provided TraceEventDesc.
+func AddTraceEvent(id int64, desc *TraceEventDesc) {
+	if getMaxTraceEntry() == 0 {
+		return
+	}
+	db.get().traceEvent(id, desc)
+}
+
+// channelMap is the storage data structure for channelz.
+// Methods of channelMap can be divided in two two categories with respect to locking.
+// 1. Methods acquire the global lock.
+// 2. Methods that can only be called when global lock is held.
+// A second type of method need always to be called inside a first type of method.
+type channelMap struct {
+	mu               sync.RWMutex
+	topLevelChannels map[int64]struct{}
+	servers          map[int64]*server
+	channels         map[int64]*channel
+	subChannels      map[int64]*subChannel
+	listenSockets    map[int64]*listenSocket
+	normalSockets    map[int64]*normalSocket
+}
+
+func (c *channelMap) addServer(id int64, s *server) {
+	c.mu.Lock()
+	s.cm = c
+	c.servers[id] = s
+	c.mu.Unlock()
+}
+
+func (c *channelMap) addChannel(id int64, cn *channel, isTopChannel bool, pid int64, ref string) {
+	c.mu.Lock()
+	cn.cm = c
+	cn.trace.cm = c
+	c.channels[id] = cn
+	if isTopChannel {
+		c.topLevelChannels[id] = struct{}{}
+	} else {
+		c.findEntry(pid).addChild(id, cn)
+	}
+	c.mu.Unlock()
+}
+
+func (c *channelMap) addSubChannel(id int64, sc *subChannel, pid int64, ref string) {
+	c.mu.Lock()
+	sc.cm = c
+	sc.trace.cm = c
+	c.subChannels[id] = sc
+	c.findEntry(pid).addChild(id, sc)
+	c.mu.Unlock()
+}
+
+func (c *channelMap) addListenSocket(id int64, ls *listenSocket, pid int64, ref string) {
+	c.mu.Lock()
+	ls.cm = c
+	c.listenSockets[id] = ls
+	c.findEntry(pid).addChild(id, ls)
+	c.mu.Unlock()
+}
+
+func (c *channelMap) addNormalSocket(id int64, ns *normalSocket, pid int64, ref string) {
+	c.mu.Lock()
+	ns.cm = c
+	c.normalSockets[id] = ns
+	c.findEntry(pid).addChild(id, ns)
+	c.mu.Unlock()
+}
+
+// removeEntry triggers the removal of an entry, which may not indeed delete the entry, if it has to
+// wait on the deletion of its children and until no other entity's channel trace references it.
+// It may lead to a chain of entry deletion. For example, deleting the last socket of a gracefully
+// shutting down server will lead to the server being also deleted.
+func (c *channelMap) removeEntry(id int64) {
+	c.mu.Lock()
+	c.findEntry(id).triggerDelete()
+	c.mu.Unlock()
+}
+
+// c.mu must be held by the caller
+func (c *channelMap) decrTraceRefCount(id int64) {
+	e := c.findEntry(id)
+	if v, ok := e.(tracedChannel); ok {
+		v.decrTraceRefCount()
+		e.deleteSelfIfReady()
+	}
+}
+
+// c.mu must be held by the caller.
+func (c *channelMap) findEntry(id int64) entry {
+	var v entry
+	var ok bool
+	if v, ok = c.channels[id]; ok {
+		return v
+	}
+	if v, ok = c.subChannels[id]; ok {
+		return v
+	}
+	if v, ok = c.servers[id]; ok {
+		return v
+	}
+	if v, ok = c.listenSockets[id]; ok {
+		return v
+	}
+	if v, ok = c.normalSockets[id]; ok {
+		return v
+	}
+	return &dummyEntry{idNotFound: id}
+}
+
+// c.mu must be held by the caller
+// deleteEntry simply deletes an entry from the channelMap. Before calling this
+// method, caller must check this entry is ready to be deleted, i.e removeEntry()
+// has been called on it, and no children still exist.
+// Conditionals are ordered by the expected frequency of deletion of each entity
+// type, in order to optimize performance.
+func (c *channelMap) deleteEntry(id int64) {
+	var ok bool
+	if _, ok = c.normalSockets[id]; ok {
+		delete(c.normalSockets, id)
+		return
+	}
+	if _, ok = c.subChannels[id]; ok {
+		delete(c.subChannels, id)
+		return
+	}
+	if _, ok = c.channels[id]; ok {
+		delete(c.channels, id)
+		delete(c.topLevelChannels, id)
+		return
+	}
+	if _, ok = c.listenSockets[id]; ok {
+		delete(c.listenSockets, id)
+		return
+	}
+	if _, ok = c.servers[id]; ok {
+		delete(c.servers, id)
+		return
+	}
+}
+
+func (c *channelMap) traceEvent(id int64, desc *TraceEventDesc) {
+	c.mu.Lock()
+	child := c.findEntry(id)
+	childTC, ok := child.(tracedChannel)
+	if !ok {
+		c.mu.Unlock()
+		return
+	}
+	childTC.getChannelTrace().append(&TraceEvent{Desc: desc.Desc, Severity: desc.Severity, Timestamp: time.Now()})
+	if desc.Parent != nil {
+		parent := c.findEntry(child.getParentID())
+		var chanType RefChannelType
+		switch child.(type) {
+		case *channel:
+			chanType = RefChannel
+		case *subChannel:
+			chanType = RefSubChannel
+		}
+		if parentTC, ok := parent.(tracedChannel); ok {
+			parentTC.getChannelTrace().append(&TraceEvent{
+				Desc:      desc.Parent.Desc,
+				Severity:  desc.Parent.Severity,
+				Timestamp: time.Now(),
+				RefID:     id,
+				RefName:   childTC.getRefName(),
+				RefType:   chanType,
+			})
+			childTC.incrTraceRefCount()
+		}
+	}
+	c.mu.Unlock()
+}
+
+type int64Slice []int64
+
+func (s int64Slice) Len() int           { return len(s) }
+func (s int64Slice) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
+func (s int64Slice) Less(i, j int) bool { return s[i] < s[j] }
+
+func copyMap(m map[int64]string) map[int64]string {
+	n := make(map[int64]string)
+	for k, v := range m {
+		n[k] = v
+	}
+	return n
+}
+
+func min(a, b int64) int64 {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+func (c *channelMap) GetTopChannels(id int64, maxResults int64) ([]*ChannelMetric, bool) {
+	if maxResults <= 0 {
+		maxResults = EntryPerPage
+	}
+	c.mu.RLock()
+	l := int64(len(c.topLevelChannels))
+	ids := make([]int64, 0, l)
+	cns := make([]*channel, 0, min(l, maxResults))
+
+	for k := range c.topLevelChannels {
+		ids = append(ids, k)
+	}
+	sort.Sort(int64Slice(ids))
+	idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id })
+	count := int64(0)
+	var end bool
+	var t []*ChannelMetric
+	for i, v := range ids[idx:] {
+		if count == maxResults {
+			break
+		}
+		if cn, ok := c.channels[v]; ok {
+			cns = append(cns, cn)
+			t = append(t, &ChannelMetric{
+				NestedChans: copyMap(cn.nestedChans),
+				SubChans:    copyMap(cn.subChans),
+			})
+			count++
+		}
+		if i == len(ids[idx:])-1 {
+			end = true
+			break
+		}
+	}
+	c.mu.RUnlock()
+	if count == 0 {
+		end = true
+	}
+
+	for i, cn := range cns {
+		t[i].ChannelData = cn.c.ChannelzMetric()
+		t[i].ID = cn.id
+		t[i].RefName = cn.refName
+		t[i].Trace = cn.trace.dumpData()
+	}
+	return t, end
+}
+
+func (c *channelMap) GetServers(id, maxResults int64) ([]*ServerMetric, bool) {
+	if maxResults <= 0 {
+		maxResults = EntryPerPage
+	}
+	c.mu.RLock()
+	l := int64(len(c.servers))
+	ids := make([]int64, 0, l)
+	ss := make([]*server, 0, min(l, maxResults))
+	for k := range c.servers {
+		ids = append(ids, k)
+	}
+	sort.Sort(int64Slice(ids))
+	idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id })
+	count := int64(0)
+	var end bool
+	var s []*ServerMetric
+	for i, v := range ids[idx:] {
+		if count == maxResults {
+			break
+		}
+		if svr, ok := c.servers[v]; ok {
+			ss = append(ss, svr)
+			s = append(s, &ServerMetric{
+				ListenSockets: copyMap(svr.listenSockets),
+			})
+			count++
+		}
+		if i == len(ids[idx:])-1 {
+			end = true
+			break
+		}
+	}
+	c.mu.RUnlock()
+	if count == 0 {
+		end = true
+	}
+
+	for i, svr := range ss {
+		s[i].ServerData = svr.s.ChannelzMetric()
+		s[i].ID = svr.id
+		s[i].RefName = svr.refName
+	}
+	return s, end
+}
+
+func (c *channelMap) GetServerSockets(id int64, startID int64, maxResults int64) ([]*SocketMetric, bool) {
+	if maxResults <= 0 {
+		maxResults = EntryPerPage
+	}
+	var svr *server
+	var ok bool
+	c.mu.RLock()
+	if svr, ok = c.servers[id]; !ok {
+		// server with id doesn't exist.
+		c.mu.RUnlock()
+		return nil, true
+	}
+	svrskts := svr.sockets
+	l := int64(len(svrskts))
+	ids := make([]int64, 0, l)
+	sks := make([]*normalSocket, 0, min(l, maxResults))
+	for k := range svrskts {
+		ids = append(ids, k)
+	}
+	sort.Sort(int64Slice(ids))
+	idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= startID })
+	count := int64(0)
+	var end bool
+	for i, v := range ids[idx:] {
+		if count == maxResults {
+			break
+		}
+		if ns, ok := c.normalSockets[v]; ok {
+			sks = append(sks, ns)
+			count++
+		}
+		if i == len(ids[idx:])-1 {
+			end = true
+			break
+		}
+	}
+	c.mu.RUnlock()
+	if count == 0 {
+		end = true
+	}
+	var s []*SocketMetric
+	for _, ns := range sks {
+		sm := &SocketMetric{}
+		sm.SocketData = ns.s.ChannelzMetric()
+		sm.ID = ns.id
+		sm.RefName = ns.refName
+		s = append(s, sm)
+	}
+	return s, end
+}
+
+func (c *channelMap) GetChannel(id int64) *ChannelMetric {
+	cm := &ChannelMetric{}
+	var cn *channel
+	var ok bool
+	c.mu.RLock()
+	if cn, ok = c.channels[id]; !ok {
+		// channel with id doesn't exist.
+		c.mu.RUnlock()
+		return nil
+	}
+	cm.NestedChans = copyMap(cn.nestedChans)
+	cm.SubChans = copyMap(cn.subChans)
+	// cn.c can be set to &dummyChannel{} when deleteSelfFromMap is called. Save a copy of cn.c when
+	// holding the lock to prevent potential data race.
+	chanCopy := cn.c
+	c.mu.RUnlock()
+	cm.ChannelData = chanCopy.ChannelzMetric()
+	cm.ID = cn.id
+	cm.RefName = cn.refName
+	cm.Trace = cn.trace.dumpData()
+	return cm
+}
+
+func (c *channelMap) GetSubChannel(id int64) *SubChannelMetric {
+	cm := &SubChannelMetric{}
+	var sc *subChannel
+	var ok bool
+	c.mu.RLock()
+	if sc, ok = c.subChannels[id]; !ok {
+		// subchannel with id doesn't exist.
+		c.mu.RUnlock()
+		return nil
+	}
+	cm.Sockets = copyMap(sc.sockets)
+	// sc.c can be set to &dummyChannel{} when deleteSelfFromMap is called. Save a copy of sc.c when
+	// holding the lock to prevent potential data race.
+	chanCopy := sc.c
+	c.mu.RUnlock()
+	cm.ChannelData = chanCopy.ChannelzMetric()
+	cm.ID = sc.id
+	cm.RefName = sc.refName
+	cm.Trace = sc.trace.dumpData()
+	return cm
+}
+
+func (c *channelMap) GetSocket(id int64) *SocketMetric {
+	sm := &SocketMetric{}
+	c.mu.RLock()
+	if ls, ok := c.listenSockets[id]; ok {
+		c.mu.RUnlock()
+		sm.SocketData = ls.s.ChannelzMetric()
+		sm.ID = ls.id
+		sm.RefName = ls.refName
+		return sm
+	}
+	if ns, ok := c.normalSockets[id]; ok {
+		c.mu.RUnlock()
+		sm.SocketData = ns.s.ChannelzMetric()
+		sm.ID = ns.id
+		sm.RefName = ns.refName
+		return sm
+	}
+	c.mu.RUnlock()
+	return nil
+}
+
+func (c *channelMap) GetServer(id int64) *ServerMetric {
+	sm := &ServerMetric{}
+	var svr *server
+	var ok bool
+	c.mu.RLock()
+	if svr, ok = c.servers[id]; !ok {
+		c.mu.RUnlock()
+		return nil
+	}
+	sm.ListenSockets = copyMap(svr.listenSockets)
+	c.mu.RUnlock()
+	sm.ID = svr.id
+	sm.RefName = svr.refName
+	sm.ServerData = svr.s.ChannelzMetric()
+	return sm
+}
+
+type idGenerator struct {
+	id int64
+}
+
+func (i *idGenerator) reset() {
+	atomic.StoreInt64(&i.id, 0)
+}
+
+func (i *idGenerator) genID() int64 {
+	return atomic.AddInt64(&i.id, 1)
+}
diff --git a/vendor/google.golang.org/grpc/internal/channelz/types.go b/vendor/google.golang.org/grpc/internal/channelz/types.go
new file mode 100644
index 0000000000000..17c2274cb3de5
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/channelz/types.go
@@ -0,0 +1,702 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package channelz
+
+import (
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"google.golang.org/grpc/connectivity"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+)
+
+// entry represents a node in the channelz database.
+type entry interface {
+	// addChild adds a child e, whose channelz id is id to child list
+	addChild(id int64, e entry)
+	// deleteChild deletes a child with channelz id to be id from child list
+	deleteChild(id int64)
+	// triggerDelete tries to delete self from channelz database. However, if child
+	// list is not empty, then deletion from the database is on hold until the last
+	// child is deleted from database.
+	triggerDelete()
+	// deleteSelfIfReady check whether triggerDelete() has been called before, and whether child
+	// list is now empty. If both conditions are met, then delete self from database.
+	deleteSelfIfReady()
+	// getParentID returns parent ID of the entry. 0 value parent ID means no parent.
+	getParentID() int64
+}
+
+// dummyEntry is a fake entry to handle entry not found case.
+type dummyEntry struct {
+	idNotFound int64
+}
+
+func (d *dummyEntry) addChild(id int64, e entry) {
+	// Note: It is possible for a normal program to reach here under race condition.
+	// For example, there could be a race between ClientConn.Close() info being propagated
+	// to addrConn and http2Client. ClientConn.Close() cancel the context and result
+	// in http2Client to error. The error info is then caught by transport monitor
+	// and before addrConn.tearDown() is called in side ClientConn.Close(). Therefore,
+	// the addrConn will create a new transport. And when registering the new transport in
+	// channelz, its parent addrConn could have already been torn down and deleted
+	// from channelz tracking, and thus reach the code here.
+	grpclog.Infof("attempt to add child of type %T with id %d to a parent (id=%d) that doesn't currently exist", e, id, d.idNotFound)
+}
+
+func (d *dummyEntry) deleteChild(id int64) {
+	// It is possible for a normal program to reach here under race condition.
+	// Refer to the example described in addChild().
+	grpclog.Infof("attempt to delete child with id %d from a parent (id=%d) that doesn't currently exist", id, d.idNotFound)
+}
+
+func (d *dummyEntry) triggerDelete() {
+	grpclog.Warningf("attempt to delete an entry (id=%d) that doesn't currently exist", d.idNotFound)
+}
+
+func (*dummyEntry) deleteSelfIfReady() {
+	// code should not reach here. deleteSelfIfReady is always called on an existing entry.
+}
+
+func (*dummyEntry) getParentID() int64 {
+	return 0
+}
+
+// ChannelMetric defines the info channelz provides for a specific Channel, which
+// includes ChannelInternalMetric and channelz-specific data, such as channelz id,
+// child list, etc.
+type ChannelMetric struct {
+	// ID is the channelz id of this channel.
+	ID int64
+	// RefName is the human readable reference string of this channel.
+	RefName string
+	// ChannelData contains channel internal metric reported by the channel through
+	// ChannelzMetric().
+	ChannelData *ChannelInternalMetric
+	// NestedChans tracks the nested channel type children of this channel in the format of
+	// a map from nested channel channelz id to corresponding reference string.
+	NestedChans map[int64]string
+	// SubChans tracks the subchannel type children of this channel in the format of a
+	// map from subchannel channelz id to corresponding reference string.
+	SubChans map[int64]string
+	// Sockets tracks the socket type children of this channel in the format of a map
+	// from socket channelz id to corresponding reference string.
+	// Note current grpc implementation doesn't allow channel having sockets directly,
+	// therefore, this is field is unused.
+	Sockets map[int64]string
+	// Trace contains the most recent traced events.
+	Trace *ChannelTrace
+}
+
+// SubChannelMetric defines the info channelz provides for a specific SubChannel,
+// which includes ChannelInternalMetric and channelz-specific data, such as
+// channelz id, child list, etc.
+type SubChannelMetric struct {
+	// ID is the channelz id of this subchannel.
+	ID int64
+	// RefName is the human readable reference string of this subchannel.
+	RefName string
+	// ChannelData contains subchannel internal metric reported by the subchannel
+	// through ChannelzMetric().
+	ChannelData *ChannelInternalMetric
+	// NestedChans tracks the nested channel type children of this subchannel in the format of
+	// a map from nested channel channelz id to corresponding reference string.
+	// Note current grpc implementation doesn't allow subchannel to have nested channels
+	// as children, therefore, this field is unused.
+	NestedChans map[int64]string
+	// SubChans tracks the subchannel type children of this subchannel in the format of a
+	// map from subchannel channelz id to corresponding reference string.
+	// Note current grpc implementation doesn't allow subchannel to have subchannels
+	// as children, therefore, this field is unused.
+	SubChans map[int64]string
+	// Sockets tracks the socket type children of this subchannel in the format of a map
+	// from socket channelz id to corresponding reference string.
+	Sockets map[int64]string
+	// Trace contains the most recent traced events.
+	Trace *ChannelTrace
+}
+
+// ChannelInternalMetric defines the struct that the implementor of Channel interface
+// should return from ChannelzMetric().
+type ChannelInternalMetric struct {
+	// current connectivity state of the channel.
+	State connectivity.State
+	// The target this channel originally tried to connect to.  May be absent
+	Target string
+	// The number of calls started on the channel.
+	CallsStarted int64
+	// The number of calls that have completed with an OK status.
+	CallsSucceeded int64
+	// The number of calls that have a completed with a non-OK status.
+	CallsFailed int64
+	// The last time a call was started on the channel.
+	LastCallStartedTimestamp time.Time
+}
+
+// ChannelTrace stores traced events on a channel/subchannel and related info.
+type ChannelTrace struct {
+	// EventNum is the number of events that ever got traced (i.e. including those that have been deleted)
+	EventNum int64
+	// CreationTime is the creation time of the trace.
+	CreationTime time.Time
+	// Events stores the most recent trace events (up to $maxTraceEntry, newer event will overwrite the
+	// oldest one)
+	Events []*TraceEvent
+}
+
+// TraceEvent represent a single trace event
+type TraceEvent struct {
+	// Desc is a simple description of the trace event.
+	Desc string
+	// Severity states the severity of this trace event.
+	Severity Severity
+	// Timestamp is the event time.
+	Timestamp time.Time
+	// RefID is the id of the entity that gets referenced in the event. RefID is 0 if no other entity is
+	// involved in this event.
+	// e.g. SubChannel (id: 4[]) Created. --> RefID = 4, RefName = "" (inside [])
+	RefID int64
+	// RefName is the reference name for the entity that gets referenced in the event.
+	RefName string
+	// RefType indicates the referenced entity type, i.e Channel or SubChannel.
+	RefType RefChannelType
+}
+
+// Channel is the interface that should be satisfied in order to be tracked by
+// channelz as Channel or SubChannel.
+type Channel interface {
+	ChannelzMetric() *ChannelInternalMetric
+}
+
+type dummyChannel struct{}
+
+func (d *dummyChannel) ChannelzMetric() *ChannelInternalMetric {
+	return &ChannelInternalMetric{}
+}
+
+type channel struct {
+	refName     string
+	c           Channel
+	closeCalled bool
+	nestedChans map[int64]string
+	subChans    map[int64]string
+	id          int64
+	pid         int64
+	cm          *channelMap
+	trace       *channelTrace
+	// traceRefCount is the number of trace events that reference this channel.
+	// Non-zero traceRefCount means the trace of this channel cannot be deleted.
+	traceRefCount int32
+}
+
+func (c *channel) addChild(id int64, e entry) {
+	switch v := e.(type) {
+	case *subChannel:
+		c.subChans[id] = v.refName
+	case *channel:
+		c.nestedChans[id] = v.refName
+	default:
+		grpclog.Errorf("cannot add a child (id = %d) of type %T to a channel", id, e)
+	}
+}
+
+func (c *channel) deleteChild(id int64) {
+	delete(c.subChans, id)
+	delete(c.nestedChans, id)
+	c.deleteSelfIfReady()
+}
+
+func (c *channel) triggerDelete() {
+	c.closeCalled = true
+	c.deleteSelfIfReady()
+}
+
+func (c *channel) getParentID() int64 {
+	return c.pid
+}
+
+// deleteSelfFromTree tries to delete the channel from the channelz entry relation tree, which means
+// deleting the channel reference from its parent's child list.
+//
+// In order for a channel to be deleted from the tree, it must meet the criteria that, removal of the
+// corresponding grpc object has been invoked, and the channel does not have any children left.
+//
+// The returned boolean value indicates whether the channel has been successfully deleted from tree.
+func (c *channel) deleteSelfFromTree() (deleted bool) {
+	if !c.closeCalled || len(c.subChans)+len(c.nestedChans) != 0 {
+		return false
+	}
+	// not top channel
+	if c.pid != 0 {
+		c.cm.findEntry(c.pid).deleteChild(c.id)
+	}
+	return true
+}
+
+// deleteSelfFromMap checks whether it is valid to delete the channel from the map, which means
+// deleting the channel from channelz's tracking entirely. Users can no longer use id to query the
+// channel, and its memory will be garbage collected.
+//
+// The trace reference count of the channel must be 0 in order to be deleted from the map. This is
+// specified in the channel tracing gRFC that as long as some other trace has reference to an entity,
+// the trace of the referenced entity must not be deleted. In order to release the resource allocated
+// by grpc, the reference to the grpc object is reset to a dummy object.
+//
+// deleteSelfFromMap must be called after deleteSelfFromTree returns true.
+//
+// It returns a bool to indicate whether the channel can be safely deleted from map.
+func (c *channel) deleteSelfFromMap() (delete bool) {
+	if c.getTraceRefCount() != 0 {
+		c.c = &dummyChannel{}
+		return false
+	}
+	return true
+}
+
+// deleteSelfIfReady tries to delete the channel itself from the channelz database.
+// The delete process includes two steps:
+// 1. delete the channel from the entry relation tree, i.e. delete the channel reference from its
+//    parent's child list.
+// 2. delete the channel from the map, i.e. delete the channel entirely from channelz. Lookup by id
+//    will return entry not found error.
+func (c *channel) deleteSelfIfReady() {
+	if !c.deleteSelfFromTree() {
+		return
+	}
+	if !c.deleteSelfFromMap() {
+		return
+	}
+	c.cm.deleteEntry(c.id)
+	c.trace.clear()
+}
+
+func (c *channel) getChannelTrace() *channelTrace {
+	return c.trace
+}
+
+func (c *channel) incrTraceRefCount() {
+	atomic.AddInt32(&c.traceRefCount, 1)
+}
+
+func (c *channel) decrTraceRefCount() {
+	atomic.AddInt32(&c.traceRefCount, -1)
+}
+
+func (c *channel) getTraceRefCount() int {
+	i := atomic.LoadInt32(&c.traceRefCount)
+	return int(i)
+}
+
+func (c *channel) getRefName() string {
+	return c.refName
+}
+
+type subChannel struct {
+	refName       string
+	c             Channel
+	closeCalled   bool
+	sockets       map[int64]string
+	id            int64
+	pid           int64
+	cm            *channelMap
+	trace         *channelTrace
+	traceRefCount int32
+}
+
+func (sc *subChannel) addChild(id int64, e entry) {
+	if v, ok := e.(*normalSocket); ok {
+		sc.sockets[id] = v.refName
+	} else {
+		grpclog.Errorf("cannot add a child (id = %d) of type %T to a subChannel", id, e)
+	}
+}
+
+func (sc *subChannel) deleteChild(id int64) {
+	delete(sc.sockets, id)
+	sc.deleteSelfIfReady()
+}
+
+func (sc *subChannel) triggerDelete() {
+	sc.closeCalled = true
+	sc.deleteSelfIfReady()
+}
+
+func (sc *subChannel) getParentID() int64 {
+	return sc.pid
+}
+
+// deleteSelfFromTree tries to delete the subchannel from the channelz entry relation tree, which
+// means deleting the subchannel reference from its parent's child list.
+//
+// In order for a subchannel to be deleted from the tree, it must meet the criteria that, removal of
+// the corresponding grpc object has been invoked, and the subchannel does not have any children left.
+//
+// The returned boolean value indicates whether the channel has been successfully deleted from tree.
+func (sc *subChannel) deleteSelfFromTree() (deleted bool) {
+	if !sc.closeCalled || len(sc.sockets) != 0 {
+		return false
+	}
+	sc.cm.findEntry(sc.pid).deleteChild(sc.id)
+	return true
+}
+
+// deleteSelfFromMap checks whether it is valid to delete the subchannel from the map, which means
+// deleting the subchannel from channelz's tracking entirely. Users can no longer use id to query
+// the subchannel, and its memory will be garbage collected.
+//
+// The trace reference count of the subchannel must be 0 in order to be deleted from the map. This is
+// specified in the channel tracing gRFC that as long as some other trace has reference to an entity,
+// the trace of the referenced entity must not be deleted. In order to release the resource allocated
+// by grpc, the reference to the grpc object is reset to a dummy object.
+//
+// deleteSelfFromMap must be called after deleteSelfFromTree returns true.
+//
+// It returns a bool to indicate whether the channel can be safely deleted from map.
+func (sc *subChannel) deleteSelfFromMap() (delete bool) {
+	if sc.getTraceRefCount() != 0 {
+		// free the grpc struct (i.e. addrConn)
+		sc.c = &dummyChannel{}
+		return false
+	}
+	return true
+}
+
+// deleteSelfIfReady tries to delete the subchannel itself from the channelz database.
+// The delete process includes two steps:
+// 1. delete the subchannel from the entry relation tree, i.e. delete the subchannel reference from
+//    its parent's child list.
+// 2. delete the subchannel from the map, i.e. delete the subchannel entirely from channelz. Lookup
+//    by id will return entry not found error.
+func (sc *subChannel) deleteSelfIfReady() {
+	if !sc.deleteSelfFromTree() {
+		return
+	}
+	if !sc.deleteSelfFromMap() {
+		return
+	}
+	sc.cm.deleteEntry(sc.id)
+	sc.trace.clear()
+}
+
+func (sc *subChannel) getChannelTrace() *channelTrace {
+	return sc.trace
+}
+
+func (sc *subChannel) incrTraceRefCount() {
+	atomic.AddInt32(&sc.traceRefCount, 1)
+}
+
+func (sc *subChannel) decrTraceRefCount() {
+	atomic.AddInt32(&sc.traceRefCount, -1)
+}
+
+func (sc *subChannel) getTraceRefCount() int {
+	i := atomic.LoadInt32(&sc.traceRefCount)
+	return int(i)
+}
+
+func (sc *subChannel) getRefName() string {
+	return sc.refName
+}
+
+// SocketMetric defines the info channelz provides for a specific Socket, which
+// includes SocketInternalMetric and channelz-specific data, such as channelz id, etc.
+type SocketMetric struct {
+	// ID is the channelz id of this socket.
+	ID int64
+	// RefName is the human readable reference string of this socket.
+	RefName string
+	// SocketData contains socket internal metric reported by the socket through
+	// ChannelzMetric().
+	SocketData *SocketInternalMetric
+}
+
+// SocketInternalMetric defines the struct that the implementor of Socket interface
+// should return from ChannelzMetric().
+type SocketInternalMetric struct {
+	// The number of streams that have been started.
+	StreamsStarted int64
+	// The number of streams that have ended successfully:
+	// On client side, receiving frame with eos bit set.
+	// On server side, sending frame with eos bit set.
+	StreamsSucceeded int64
+	// The number of streams that have ended unsuccessfully:
+	// On client side, termination without receiving frame with eos bit set.
+	// On server side, termination without sending frame with eos bit set.
+	StreamsFailed int64
+	// The number of messages successfully sent on this socket.
+	MessagesSent     int64
+	MessagesReceived int64
+	// The number of keep alives sent.  This is typically implemented with HTTP/2
+	// ping messages.
+	KeepAlivesSent int64
+	// The last time a stream was created by this endpoint.  Usually unset for
+	// servers.
+	LastLocalStreamCreatedTimestamp time.Time
+	// The last time a stream was created by the remote endpoint.  Usually unset
+	// for clients.
+	LastRemoteStreamCreatedTimestamp time.Time
+	// The last time a message was sent by this endpoint.
+	LastMessageSentTimestamp time.Time
+	// The last time a message was received by this endpoint.
+	LastMessageReceivedTimestamp time.Time
+	// The amount of window, granted to the local endpoint by the remote endpoint.
+	// This may be slightly out of date due to network latency.  This does NOT
+	// include stream level or TCP level flow control info.
+	LocalFlowControlWindow int64
+	// The amount of window, granted to the remote endpoint by the local endpoint.
+	// This may be slightly out of date due to network latency.  This does NOT
+	// include stream level or TCP level flow control info.
+	RemoteFlowControlWindow int64
+	// The locally bound address.
+	LocalAddr net.Addr
+	// The remote bound address.  May be absent.
+	RemoteAddr net.Addr
+	// Optional, represents the name of the remote endpoint, if different than
+	// the original target name.
+	RemoteName    string
+	SocketOptions *SocketOptionData
+	Security      credentials.ChannelzSecurityValue
+}
+
+// Socket is the interface that should be satisfied in order to be tracked by
+// channelz as Socket.
+type Socket interface {
+	ChannelzMetric() *SocketInternalMetric
+}
+
+type listenSocket struct {
+	refName string
+	s       Socket
+	id      int64
+	pid     int64
+	cm      *channelMap
+}
+
+func (ls *listenSocket) addChild(id int64, e entry) {
+	grpclog.Errorf("cannot add a child (id = %d) of type %T to a listen socket", id, e)
+}
+
+func (ls *listenSocket) deleteChild(id int64) {
+	grpclog.Errorf("cannot delete a child (id = %d) from a listen socket", id)
+}
+
+func (ls *listenSocket) triggerDelete() {
+	ls.cm.deleteEntry(ls.id)
+	ls.cm.findEntry(ls.pid).deleteChild(ls.id)
+}
+
+func (ls *listenSocket) deleteSelfIfReady() {
+	grpclog.Errorf("cannot call deleteSelfIfReady on a listen socket")
+}
+
+func (ls *listenSocket) getParentID() int64 {
+	return ls.pid
+}
+
+type normalSocket struct {
+	refName string
+	s       Socket
+	id      int64
+	pid     int64
+	cm      *channelMap
+}
+
+func (ns *normalSocket) addChild(id int64, e entry) {
+	grpclog.Errorf("cannot add a child (id = %d) of type %T to a normal socket", id, e)
+}
+
+func (ns *normalSocket) deleteChild(id int64) {
+	grpclog.Errorf("cannot delete a child (id = %d) from a normal socket", id)
+}
+
+func (ns *normalSocket) triggerDelete() {
+	ns.cm.deleteEntry(ns.id)
+	ns.cm.findEntry(ns.pid).deleteChild(ns.id)
+}
+
+func (ns *normalSocket) deleteSelfIfReady() {
+	grpclog.Errorf("cannot call deleteSelfIfReady on a normal socket")
+}
+
+func (ns *normalSocket) getParentID() int64 {
+	return ns.pid
+}
+
+// ServerMetric defines the info channelz provides for a specific Server, which
+// includes ServerInternalMetric and channelz-specific data, such as channelz id,
+// child list, etc.
+type ServerMetric struct {
+	// ID is the channelz id of this server.
+	ID int64
+	// RefName is the human readable reference string of this server.
+	RefName string
+	// ServerData contains server internal metric reported by the server through
+	// ChannelzMetric().
+	ServerData *ServerInternalMetric
+	// ListenSockets tracks the listener socket type children of this server in the
+	// format of a map from socket channelz id to corresponding reference string.
+	ListenSockets map[int64]string
+}
+
+// ServerInternalMetric defines the struct that the implementor of Server interface
+// should return from ChannelzMetric().
+type ServerInternalMetric struct {
+	// The number of incoming calls started on the server.
+	CallsStarted int64
+	// The number of incoming calls that have completed with an OK status.
+	CallsSucceeded int64
+	// The number of incoming calls that have a completed with a non-OK status.
+	CallsFailed int64
+	// The last time a call was started on the server.
+	LastCallStartedTimestamp time.Time
+}
+
+// Server is the interface to be satisfied in order to be tracked by channelz as
+// Server.
+type Server interface {
+	ChannelzMetric() *ServerInternalMetric
+}
+
+type server struct {
+	refName       string
+	s             Server
+	closeCalled   bool
+	sockets       map[int64]string
+	listenSockets map[int64]string
+	id            int64
+	cm            *channelMap
+}
+
+func (s *server) addChild(id int64, e entry) {
+	switch v := e.(type) {
+	case *normalSocket:
+		s.sockets[id] = v.refName
+	case *listenSocket:
+		s.listenSockets[id] = v.refName
+	default:
+		grpclog.Errorf("cannot add a child (id = %d) of type %T to a server", id, e)
+	}
+}
+
+func (s *server) deleteChild(id int64) {
+	delete(s.sockets, id)
+	delete(s.listenSockets, id)
+	s.deleteSelfIfReady()
+}
+
+func (s *server) triggerDelete() {
+	s.closeCalled = true
+	s.deleteSelfIfReady()
+}
+
+func (s *server) deleteSelfIfReady() {
+	if !s.closeCalled || len(s.sockets)+len(s.listenSockets) != 0 {
+		return
+	}
+	s.cm.deleteEntry(s.id)
+}
+
+func (s *server) getParentID() int64 {
+	return 0
+}
+
+type tracedChannel interface {
+	getChannelTrace() *channelTrace
+	incrTraceRefCount()
+	decrTraceRefCount()
+	getRefName() string
+}
+
+type channelTrace struct {
+	cm          *channelMap
+	createdTime time.Time
+	eventCount  int64
+	mu          sync.Mutex
+	events      []*TraceEvent
+}
+
+func (c *channelTrace) append(e *TraceEvent) {
+	c.mu.Lock()
+	if len(c.events) == getMaxTraceEntry() {
+		del := c.events[0]
+		c.events = c.events[1:]
+		if del.RefID != 0 {
+			// start recursive cleanup in a goroutine to not block the call originated from grpc.
+			go func() {
+				// need to acquire c.cm.mu lock to call the unlocked attemptCleanup func.
+				c.cm.mu.Lock()
+				c.cm.decrTraceRefCount(del.RefID)
+				c.cm.mu.Unlock()
+			}()
+		}
+	}
+	e.Timestamp = time.Now()
+	c.events = append(c.events, e)
+	c.eventCount++
+	c.mu.Unlock()
+}
+
+func (c *channelTrace) clear() {
+	c.mu.Lock()
+	for _, e := range c.events {
+		if e.RefID != 0 {
+			// caller should have already held the c.cm.mu lock.
+			c.cm.decrTraceRefCount(e.RefID)
+		}
+	}
+	c.mu.Unlock()
+}
+
+// Severity is the severity level of a trace event.
+// The canonical enumeration of all valid values is here:
+// https://github.com/grpc/grpc-proto/blob/9b13d199cc0d4703c7ea26c9c330ba695866eb23/grpc/channelz/v1/channelz.proto#L126.
+type Severity int
+
+const (
+	// CtUNKNOWN indicates unknown severity of a trace event.
+	CtUNKNOWN Severity = iota
+	// CtINFO indicates info level severity of a trace event.
+	CtINFO
+	// CtWarning indicates warning level severity of a trace event.
+	CtWarning
+	// CtError indicates error level severity of a trace event.
+	CtError
+)
+
+// RefChannelType is the type of the entity being referenced in a trace event.
+type RefChannelType int
+
+const (
+	// RefChannel indicates the referenced entity is a Channel.
+	RefChannel RefChannelType = iota
+	// RefSubChannel indicates the referenced entity is a SubChannel.
+	RefSubChannel
+)
+
+func (c *channelTrace) dumpData() *ChannelTrace {
+	c.mu.Lock()
+	ct := &ChannelTrace{EventNum: c.eventCount, CreationTime: c.createdTime}
+	ct.Events = c.events[:len(c.events)]
+	c.mu.Unlock()
+	return ct
+}
diff --git a/vendor/google.golang.org/grpc/internal/channelz/types_linux.go b/vendor/google.golang.org/grpc/internal/channelz/types_linux.go
new file mode 100644
index 0000000000000..692dd61817788
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/channelz/types_linux.go
@@ -0,0 +1,53 @@
+// +build !appengine
+
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package channelz
+
+import (
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+// SocketOptionData defines the struct to hold socket option data, and related
+// getter function to obtain info from fd.
+type SocketOptionData struct {
+	Linger      *unix.Linger
+	RecvTimeout *unix.Timeval
+	SendTimeout *unix.Timeval
+	TCPInfo     *unix.TCPInfo
+}
+
+// Getsockopt defines the function to get socket options requested by channelz.
+// It is to be passed to syscall.RawConn.Control().
+func (s *SocketOptionData) Getsockopt(fd uintptr) {
+	if v, err := unix.GetsockoptLinger(int(fd), syscall.SOL_SOCKET, syscall.SO_LINGER); err == nil {
+		s.Linger = v
+	}
+	if v, err := unix.GetsockoptTimeval(int(fd), syscall.SOL_SOCKET, syscall.SO_RCVTIMEO); err == nil {
+		s.RecvTimeout = v
+	}
+	if v, err := unix.GetsockoptTimeval(int(fd), syscall.SOL_SOCKET, syscall.SO_SNDTIMEO); err == nil {
+		s.SendTimeout = v
+	}
+	if v, err := unix.GetsockoptTCPInfo(int(fd), syscall.SOL_TCP, syscall.TCP_INFO); err == nil {
+		s.TCPInfo = v
+	}
+}
diff --git a/vendor/google.golang.org/grpc/internal/channelz/types_nonlinux.go b/vendor/google.golang.org/grpc/internal/channelz/types_nonlinux.go
new file mode 100644
index 0000000000000..79edbefc43318
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/channelz/types_nonlinux.go
@@ -0,0 +1,44 @@
+// +build !linux appengine
+
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package channelz
+
+import (
+	"sync"
+
+	"google.golang.org/grpc/grpclog"
+)
+
+var once sync.Once
+
+// SocketOptionData defines the struct to hold socket option data, and related
+// getter function to obtain info from fd.
+// Windows OS doesn't support Socket Option
+type SocketOptionData struct {
+}
+
+// Getsockopt defines the function to get socket options requested by channelz.
+// It is to be passed to syscall.RawConn.Control().
+// Windows OS doesn't support Socket Option
+func (s *SocketOptionData) Getsockopt(fd uintptr) {
+	once.Do(func() {
+		grpclog.Warningln("Channelz: socket options are not supported on non-linux os and appengine.")
+	})
+}
diff --git a/vendor/google.golang.org/grpc/internal/channelz/util_linux.go b/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
new file mode 100644
index 0000000000000..fdf409d55de3b
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
@@ -0,0 +1,39 @@
+// +build linux,!appengine
+
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package channelz
+
+import (
+	"syscall"
+)
+
+// GetSocketOption gets the socket option info of the conn.
+func GetSocketOption(socket interface{}) *SocketOptionData {
+	c, ok := socket.(syscall.Conn)
+	if !ok {
+		return nil
+	}
+	data := &SocketOptionData{}
+	if rawConn, err := c.SyscallConn(); err == nil {
+		rawConn.Control(data.Getsockopt)
+		return data
+	}
+	return nil
+}
diff --git a/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go b/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
new file mode 100644
index 0000000000000..8864a08111642
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
@@ -0,0 +1,26 @@
+// +build !linux appengine
+
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package channelz
+
+// GetSocketOption gets the socket option info of the conn.
+func GetSocketOption(c interface{}) *SocketOptionData {
+	return nil
+}
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
new file mode 100644
index 0000000000000..ae6c8972fd79a
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
@@ -0,0 +1,38 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package envconfig contains grpc settings configured by environment variables.
+package envconfig
+
+import (
+	"os"
+	"strings"
+)
+
+const (
+	prefix          = "GRPC_GO_"
+	retryStr        = prefix + "RETRY"
+	txtErrIgnoreStr = prefix + "IGNORE_TXT_ERRORS"
+)
+
+var (
+	// Retry is set if retry is explicitly enabled via "GRPC_GO_RETRY=on".
+	Retry = strings.EqualFold(os.Getenv(retryStr), "on")
+	// TXTErrIgnore is set if TXT errors should be ignored ("GRPC_GO_IGNORE_TXT_ERRORS" is not "false").
+	TXTErrIgnore = !strings.EqualFold(os.Getenv(retryStr), "false")
+)
diff --git a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
new file mode 100644
index 0000000000000..200b115ca209e
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
@@ -0,0 +1,56 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package grpcrand implements math/rand functions in a concurrent-safe way
+// with a global random source, independent of math/rand's global source.
+package grpcrand
+
+import (
+	"math/rand"
+	"sync"
+	"time"
+)
+
+var (
+	r  = rand.New(rand.NewSource(time.Now().UnixNano()))
+	mu sync.Mutex
+)
+
+// Int63n implements rand.Int63n on the grpcrand global source.
+func Int63n(n int64) int64 {
+	mu.Lock()
+	res := r.Int63n(n)
+	mu.Unlock()
+	return res
+}
+
+// Intn implements rand.Intn on the grpcrand global source.
+func Intn(n int) int {
+	mu.Lock()
+	res := r.Intn(n)
+	mu.Unlock()
+	return res
+}
+
+// Float64 implements rand.Float64 on the grpcrand global source.
+func Float64() float64 {
+	mu.Lock()
+	res := r.Float64()
+	mu.Unlock()
+	return res
+}
diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/event.go b/vendor/google.golang.org/grpc/internal/grpcsync/event.go
new file mode 100644
index 0000000000000..fbe697c37684c
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/grpcsync/event.go
@@ -0,0 +1,61 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package grpcsync implements additional synchronization primitives built upon
+// the sync package.
+package grpcsync
+
+import (
+	"sync"
+	"sync/atomic"
+)
+
+// Event represents a one-time event that may occur in the future.
+type Event struct {
+	fired int32
+	c     chan struct{}
+	o     sync.Once
+}
+
+// Fire causes e to complete.  It is safe to call multiple times, and
+// concurrently.  It returns true iff this call to Fire caused the signaling
+// channel returned by Done to close.
+func (e *Event) Fire() bool {
+	ret := false
+	e.o.Do(func() {
+		atomic.StoreInt32(&e.fired, 1)
+		close(e.c)
+		ret = true
+	})
+	return ret
+}
+
+// Done returns a channel that will be closed when Fire is called.
+func (e *Event) Done() <-chan struct{} {
+	return e.c
+}
+
+// HasFired returns true if Fire has been called.
+func (e *Event) HasFired() bool {
+	return atomic.LoadInt32(&e.fired) == 1
+}
+
+// NewEvent returns a new, ready-to-use Event.
+func NewEvent() *Event {
+	return &Event{c: make(chan struct{})}
+}
diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go
index 53f1775201ce3..0912f0bf4c311 100644
--- a/vendor/google.golang.org/grpc/internal/internal.go
+++ b/vendor/google.golang.org/grpc/internal/internal.go
@@ -15,13 +15,58 @@
  *
  */
 
-// Package internal contains gRPC-internal code for testing, to avoid polluting
-// the godoc of the top-level grpc package.
+// Package internal contains gRPC-internal code, to avoid polluting
+// the godoc of the top-level grpc package.  It must not import any grpc
+// symbols to avoid circular dependencies.
 package internal
 
-// TestingUseHandlerImpl enables the http.Handler-based server implementation.
-// It must be called before Serve and requires TLS credentials.
+import (
+	"context"
+	"time"
+
+	"google.golang.org/grpc/connectivity"
+)
+
+var (
+	// WithHealthCheckFunc is set by dialoptions.go
+	WithHealthCheckFunc interface{} // func (HealthChecker) DialOption
+	// HealthCheckFunc is used to provide client-side LB channel health checking
+	HealthCheckFunc HealthChecker
+	// BalancerUnregister is exported by package balancer to unregister a balancer.
+	BalancerUnregister func(name string)
+	// KeepaliveMinPingTime is the minimum ping interval.  This must be 10s by
+	// default, but tests may wish to set it lower for convenience.
+	KeepaliveMinPingTime = 10 * time.Second
+	// StatusRawProto is exported by status/status.go. This func returns a
+	// pointer to the wrapped Status proto for a given status.Status without a
+	// call to proto.Clone(). The returned Status proto should not be mutated by
+	// the caller.
+	StatusRawProto interface{} // func (*status.Status) *spb.Status
+	// NewRequestInfoContext creates a new context based on the argument context attaching
+	// the passed in RequestInfo to the new context.
+	NewRequestInfoContext interface{} // func(context.Context, credentials.RequestInfo) context.Context
+	// ParseServiceConfigForTesting is for creating a fake
+	// ClientConn for resolver testing only
+	ParseServiceConfigForTesting interface{} // func(string) *serviceconfig.ParseResult
+)
+
+// HealthChecker defines the signature of the client-side LB channel health checking function.
 //
-// The provided grpcServer must be of type *grpc.Server. It is untyped
-// for circular dependency reasons.
-var TestingUseHandlerImpl func(grpcServer interface{})
+// The implementation is expected to create a health checking RPC stream by
+// calling newStream(), watch for the health status of serviceName, and report
+// it's health back by calling setConnectivityState().
+//
+// The health checking protocol is defined at:
+// https://github.com/grpc/grpc/blob/master/doc/health-checking.md
+type HealthChecker func(ctx context.Context, newStream func(string) (interface{}, error), setConnectivityState func(connectivity.State, error), serviceName string) error
+
+const (
+	// CredsBundleModeFallback switches GoogleDefaultCreds to fallback mode.
+	CredsBundleModeFallback = "fallback"
+	// CredsBundleModeBalancer switches GoogleDefaultCreds to grpclb balancer
+	// mode.
+	CredsBundleModeBalancer = "balancer"
+	// CredsBundleModeBackendFromBalancer switches GoogleDefaultCreds to mode
+	// that supports backend returned by grpclb balancer.
+	CredsBundleModeBackendFromBalancer = "backend-from-balancer"
+)
diff --git a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
new file mode 100644
index 0000000000000..c368db62ea11f
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
@@ -0,0 +1,441 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package dns implements a dns resolver to be installed as the default resolver
+// in grpc.
+package dns
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal/envconfig"
+	"google.golang.org/grpc/internal/grpcrand"
+	"google.golang.org/grpc/resolver"
+	"google.golang.org/grpc/serviceconfig"
+)
+
+// EnableSRVLookups controls whether the DNS resolver attempts to fetch gRPCLB
+// addresses from SRV records.  Must not be changed after init time.
+var EnableSRVLookups = false
+
+func init() {
+	resolver.Register(NewBuilder())
+}
+
+const (
+	defaultPort       = "443"
+	defaultDNSSvrPort = "53"
+	golang            = "GO"
+	// txtPrefix is the prefix string to be prepended to the host name for txt record lookup.
+	txtPrefix = "_grpc_config."
+	// In DNS, service config is encoded in a TXT record via the mechanism
+	// described in RFC-1464 using the attribute name grpc_config.
+	txtAttribute = "grpc_config="
+)
+
+var (
+	errMissingAddr = errors.New("dns resolver: missing address")
+
+	// Addresses ending with a colon that is supposed to be the separator
+	// between host and port is not allowed.  E.g. "::" is a valid address as
+	// it is an IPv6 address (host only) and "[::]:" is invalid as it ends with
+	// a colon as the host and port separator
+	errEndsWithColon = errors.New("dns resolver: missing port after port-separator colon")
+)
+
+var (
+	defaultResolver netResolver = net.DefaultResolver
+	// To prevent excessive re-resolution, we enforce a rate limit on DNS
+	// resolution requests.
+	minDNSResRate = 30 * time.Second
+)
+
+var customAuthorityDialler = func(authority string) func(ctx context.Context, network, address string) (net.Conn, error) {
+	return func(ctx context.Context, network, address string) (net.Conn, error) {
+		var dialer net.Dialer
+		return dialer.DialContext(ctx, network, authority)
+	}
+}
+
+var customAuthorityResolver = func(authority string) (netResolver, error) {
+	host, port, err := parseTarget(authority, defaultDNSSvrPort)
+	if err != nil {
+		return nil, err
+	}
+
+	authorityWithPort := net.JoinHostPort(host, port)
+
+	return &net.Resolver{
+		PreferGo: true,
+		Dial:     customAuthorityDialler(authorityWithPort),
+	}, nil
+}
+
+// NewBuilder creates a dnsBuilder which is used to factory DNS resolvers.
+func NewBuilder() resolver.Builder {
+	return &dnsBuilder{}
+}
+
+type dnsBuilder struct{}
+
+// Build creates and starts a DNS resolver that watches the name resolution of the target.
+func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) {
+	host, port, err := parseTarget(target.Endpoint, defaultPort)
+	if err != nil {
+		return nil, err
+	}
+
+	// IP address.
+	if ipAddr, ok := formatIP(host); ok {
+		addr := []resolver.Address{{Addr: ipAddr + ":" + port}}
+		cc.UpdateState(resolver.State{Addresses: addr})
+		return deadResolver{}, nil
+	}
+
+	// DNS address (non-IP).
+	ctx, cancel := context.WithCancel(context.Background())
+	d := &dnsResolver{
+		host:                 host,
+		port:                 port,
+		ctx:                  ctx,
+		cancel:               cancel,
+		cc:                   cc,
+		rn:                   make(chan struct{}, 1),
+		disableServiceConfig: opts.DisableServiceConfig,
+	}
+
+	if target.Authority == "" {
+		d.resolver = defaultResolver
+	} else {
+		d.resolver, err = customAuthorityResolver(target.Authority)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	d.wg.Add(1)
+	go d.watcher()
+	d.ResolveNow(resolver.ResolveNowOptions{})
+	return d, nil
+}
+
+// Scheme returns the naming scheme of this resolver builder, which is "dns".
+func (b *dnsBuilder) Scheme() string {
+	return "dns"
+}
+
+type netResolver interface {
+	LookupHost(ctx context.Context, host string) (addrs []string, err error)
+	LookupSRV(ctx context.Context, service, proto, name string) (cname string, addrs []*net.SRV, err error)
+	LookupTXT(ctx context.Context, name string) (txts []string, err error)
+}
+
+// deadResolver is a resolver that does nothing.
+type deadResolver struct{}
+
+func (deadResolver) ResolveNow(resolver.ResolveNowOptions) {}
+
+func (deadResolver) Close() {}
+
+// dnsResolver watches for the name resolution update for a non-IP target.
+type dnsResolver struct {
+	host     string
+	port     string
+	resolver netResolver
+	ctx      context.Context
+	cancel   context.CancelFunc
+	cc       resolver.ClientConn
+	// rn channel is used by ResolveNow() to force an immediate resolution of the target.
+	rn chan struct{}
+	// wg is used to enforce Close() to return after the watcher() goroutine has finished.
+	// Otherwise, data race will be possible. [Race Example] in dns_resolver_test we
+	// replace the real lookup functions with mocked ones to facilitate testing.
+	// If Close() doesn't wait for watcher() goroutine finishes, race detector sometimes
+	// will warns lookup (READ the lookup function pointers) inside watcher() goroutine
+	// has data race with replaceNetFunc (WRITE the lookup function pointers).
+	wg                   sync.WaitGroup
+	disableServiceConfig bool
+}
+
+// ResolveNow invoke an immediate resolution of the target that this dnsResolver watches.
+func (d *dnsResolver) ResolveNow(resolver.ResolveNowOptions) {
+	select {
+	case d.rn <- struct{}{}:
+	default:
+	}
+}
+
+// Close closes the dnsResolver.
+func (d *dnsResolver) Close() {
+	d.cancel()
+	d.wg.Wait()
+}
+
+func (d *dnsResolver) watcher() {
+	defer d.wg.Done()
+	for {
+		select {
+		case <-d.ctx.Done():
+			return
+		case <-d.rn:
+		}
+
+		state, err := d.lookup()
+		if err != nil {
+			d.cc.ReportError(err)
+		} else {
+			d.cc.UpdateState(*state)
+		}
+
+		// Sleep to prevent excessive re-resolutions. Incoming resolution requests
+		// will be queued in d.rn.
+		t := time.NewTimer(minDNSResRate)
+		select {
+		case <-t.C:
+		case <-d.ctx.Done():
+			t.Stop()
+			return
+		}
+	}
+}
+
+func (d *dnsResolver) lookupSRV() ([]resolver.Address, error) {
+	if !EnableSRVLookups {
+		return nil, nil
+	}
+	var newAddrs []resolver.Address
+	_, srvs, err := d.resolver.LookupSRV(d.ctx, "grpclb", "tcp", d.host)
+	if err != nil {
+		err = handleDNSError(err, "SRV") // may become nil
+		return nil, err
+	}
+	for _, s := range srvs {
+		lbAddrs, err := d.resolver.LookupHost(d.ctx, s.Target)
+		if err != nil {
+			err = handleDNSError(err, "A") // may become nil
+			if err == nil {
+				// If there are other SRV records, look them up and ignore this
+				// one that does not exist.
+				continue
+			}
+			return nil, err
+		}
+		for _, a := range lbAddrs {
+			ip, ok := formatIP(a)
+			if !ok {
+				return nil, fmt.Errorf("dns: error parsing A record IP address %v", a)
+			}
+			addr := ip + ":" + strconv.Itoa(int(s.Port))
+			newAddrs = append(newAddrs, resolver.Address{Addr: addr, Type: resolver.GRPCLB, ServerName: s.Target})
+		}
+	}
+	return newAddrs, nil
+}
+
+var filterError = func(err error) error {
+	if dnsErr, ok := err.(*net.DNSError); ok && !dnsErr.IsTimeout && !dnsErr.IsTemporary {
+		// Timeouts and temporary errors should be communicated to gRPC to
+		// attempt another DNS query (with backoff).  Other errors should be
+		// suppressed (they may represent the absence of a TXT record).
+		return nil
+	}
+	return err
+}
+
+func handleDNSError(err error, lookupType string) error {
+	err = filterError(err)
+	if err != nil {
+		err = fmt.Errorf("dns: %v record lookup error: %v", lookupType, err)
+		grpclog.Infoln(err)
+	}
+	return err
+}
+
+func (d *dnsResolver) lookupTXT() *serviceconfig.ParseResult {
+	ss, err := d.resolver.LookupTXT(d.ctx, txtPrefix+d.host)
+	if err != nil {
+		if envconfig.TXTErrIgnore {
+			return nil
+		}
+		if err = handleDNSError(err, "TXT"); err != nil {
+			return &serviceconfig.ParseResult{Err: err}
+		}
+		return nil
+	}
+	var res string
+	for _, s := range ss {
+		res += s
+	}
+
+	// TXT record must have "grpc_config=" attribute in order to be used as service config.
+	if !strings.HasPrefix(res, txtAttribute) {
+		grpclog.Warningf("dns: TXT record %v missing %v attribute", res, txtAttribute)
+		// This is not an error; it is the equivalent of not having a service config.
+		return nil
+	}
+	sc := canaryingSC(strings.TrimPrefix(res, txtAttribute))
+	return d.cc.ParseServiceConfig(sc)
+}
+
+func (d *dnsResolver) lookupHost() ([]resolver.Address, error) {
+	var newAddrs []resolver.Address
+	addrs, err := d.resolver.LookupHost(d.ctx, d.host)
+	if err != nil {
+		err = handleDNSError(err, "A")
+		return nil, err
+	}
+	for _, a := range addrs {
+		ip, ok := formatIP(a)
+		if !ok {
+			return nil, fmt.Errorf("dns: error parsing A record IP address %v", a)
+		}
+		addr := ip + ":" + d.port
+		newAddrs = append(newAddrs, resolver.Address{Addr: addr})
+	}
+	return newAddrs, nil
+}
+
+func (d *dnsResolver) lookup() (*resolver.State, error) {
+	srv, srvErr := d.lookupSRV()
+	addrs, hostErr := d.lookupHost()
+	if hostErr != nil && (srvErr != nil || len(srv) == 0) {
+		return nil, hostErr
+	}
+	state := &resolver.State{
+		Addresses: append(addrs, srv...),
+	}
+	if !d.disableServiceConfig {
+		state.ServiceConfig = d.lookupTXT()
+	}
+	return state, nil
+}
+
+// formatIP returns ok = false if addr is not a valid textual representation of an IP address.
+// If addr is an IPv4 address, return the addr and ok = true.
+// If addr is an IPv6 address, return the addr enclosed in square brackets and ok = true.
+func formatIP(addr string) (addrIP string, ok bool) {
+	ip := net.ParseIP(addr)
+	if ip == nil {
+		return "", false
+	}
+	if ip.To4() != nil {
+		return addr, true
+	}
+	return "[" + addr + "]", true
+}
+
+// parseTarget takes the user input target string and default port, returns formatted host and port info.
+// If target doesn't specify a port, set the port to be the defaultPort.
+// If target is in IPv6 format and host-name is enclosed in square brackets, brackets
+// are stripped when setting the host.
+// examples:
+// target: "www.google.com" defaultPort: "443" returns host: "www.google.com", port: "443"
+// target: "ipv4-host:80" defaultPort: "443" returns host: "ipv4-host", port: "80"
+// target: "[ipv6-host]" defaultPort: "443" returns host: "ipv6-host", port: "443"
+// target: ":80" defaultPort: "443" returns host: "localhost", port: "80"
+func parseTarget(target, defaultPort string) (host, port string, err error) {
+	if target == "" {
+		return "", "", errMissingAddr
+	}
+	if ip := net.ParseIP(target); ip != nil {
+		// target is an IPv4 or IPv6(without brackets) address
+		return target, defaultPort, nil
+	}
+	if host, port, err = net.SplitHostPort(target); err == nil {
+		if port == "" {
+			// If the port field is empty (target ends with colon), e.g. "[::1]:", this is an error.
+			return "", "", errEndsWithColon
+		}
+		// target has port, i.e ipv4-host:port, [ipv6-host]:port, host-name:port
+		if host == "" {
+			// Keep consistent with net.Dial(): If the host is empty, as in ":80", the local system is assumed.
+			host = "localhost"
+		}
+		return host, port, nil
+	}
+	if host, port, err = net.SplitHostPort(target + ":" + defaultPort); err == nil {
+		// target doesn't have port
+		return host, port, nil
+	}
+	return "", "", fmt.Errorf("invalid target address %v, error info: %v", target, err)
+}
+
+type rawChoice struct {
+	ClientLanguage *[]string        `json:"clientLanguage,omitempty"`
+	Percentage     *int             `json:"percentage,omitempty"`
+	ClientHostName *[]string        `json:"clientHostName,omitempty"`
+	ServiceConfig  *json.RawMessage `json:"serviceConfig,omitempty"`
+}
+
+func containsString(a *[]string, b string) bool {
+	if a == nil {
+		return true
+	}
+	for _, c := range *a {
+		if c == b {
+			return true
+		}
+	}
+	return false
+}
+
+func chosenByPercentage(a *int) bool {
+	if a == nil {
+		return true
+	}
+	return grpcrand.Intn(100)+1 <= *a
+}
+
+func canaryingSC(js string) string {
+	if js == "" {
+		return ""
+	}
+	var rcs []rawChoice
+	err := json.Unmarshal([]byte(js), &rcs)
+	if err != nil {
+		grpclog.Warningf("dns: error parsing service config json: %v", err)
+		return ""
+	}
+	cliHostname, err := os.Hostname()
+	if err != nil {
+		grpclog.Warningf("dns: error getting client hostname: %v", err)
+		return ""
+	}
+	var sc string
+	for _, c := range rcs {
+		if !containsString(c.ClientLanguage, golang) ||
+			!chosenByPercentage(c.Percentage) ||
+			!containsString(c.ClientHostName, cliHostname) ||
+			c.ServiceConfig == nil {
+			continue
+		}
+		sc = string(*c.ServiceConfig)
+		break
+	}
+	return sc
+}
diff --git a/vendor/google.golang.org/grpc/internal/resolver/dns/go113.go b/vendor/google.golang.org/grpc/internal/resolver/dns/go113.go
new file mode 100644
index 0000000000000..8783a8cf82144
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/resolver/dns/go113.go
@@ -0,0 +1,33 @@
+// +build go1.13
+
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package dns
+
+import "net"
+
+func init() {
+	filterError = func(err error) error {
+		if dnsErr, ok := err.(*net.DNSError); ok && dnsErr.IsNotFound {
+			// The name does not exist; not an error.
+			return nil
+		}
+		return err
+	}
+}
diff --git a/vendor/google.golang.org/grpc/resolver/passthrough/passthrough.go b/vendor/google.golang.org/grpc/internal/resolver/passthrough/passthrough.go
similarity index 88%
rename from vendor/google.golang.org/grpc/resolver/passthrough/passthrough.go
rename to vendor/google.golang.org/grpc/internal/resolver/passthrough/passthrough.go
index b76010d74d140..520d9229e1ed7 100644
--- a/vendor/google.golang.org/grpc/resolver/passthrough/passthrough.go
+++ b/vendor/google.golang.org/grpc/internal/resolver/passthrough/passthrough.go
@@ -26,7 +26,7 @@ const scheme = "passthrough"
 
 type passthroughBuilder struct{}
 
-func (*passthroughBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOption) (resolver.Resolver, error) {
+func (*passthroughBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) {
 	r := &passthroughResolver{
 		target: target,
 		cc:     cc,
@@ -45,10 +45,10 @@ type passthroughResolver struct {
 }
 
 func (r *passthroughResolver) start() {
-	r.cc.NewAddress([]resolver.Address{{Addr: r.target.Endpoint}})
+	r.cc.UpdateState(resolver.State{Addresses: []resolver.Address{{Addr: r.target.Endpoint}}})
 }
 
-func (*passthroughResolver) ResolveNow(o resolver.ResolveNowOption) {}
+func (*passthroughResolver) ResolveNow(o resolver.ResolveNowOptions) {}
 
 func (*passthroughResolver) Close() {}
 
diff --git a/vendor/google.golang.org/grpc/internal/syscall/syscall_linux.go b/vendor/google.golang.org/grpc/internal/syscall/syscall_linux.go
new file mode 100644
index 0000000000000..43281a3e078db
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/syscall/syscall_linux.go
@@ -0,0 +1,114 @@
+// +build !appengine
+
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package syscall provides functionalities that grpc uses to get low-level operating system
+// stats/info.
+package syscall
+
+import (
+	"fmt"
+	"net"
+	"syscall"
+	"time"
+
+	"golang.org/x/sys/unix"
+	"google.golang.org/grpc/grpclog"
+)
+
+// GetCPUTime returns the how much CPU time has passed since the start of this process.
+func GetCPUTime() int64 {
+	var ts unix.Timespec
+	if err := unix.ClockGettime(unix.CLOCK_PROCESS_CPUTIME_ID, &ts); err != nil {
+		grpclog.Fatal(err)
+	}
+	return ts.Nano()
+}
+
+// Rusage is an alias for syscall.Rusage under linux non-appengine environment.
+type Rusage syscall.Rusage
+
+// GetRusage returns the resource usage of current process.
+func GetRusage() (rusage *Rusage) {
+	rusage = new(Rusage)
+	syscall.Getrusage(syscall.RUSAGE_SELF, (*syscall.Rusage)(rusage))
+	return
+}
+
+// CPUTimeDiff returns the differences of user CPU time and system CPU time used
+// between two Rusage structs.
+func CPUTimeDiff(first *Rusage, latest *Rusage) (float64, float64) {
+	f := (*syscall.Rusage)(first)
+	l := (*syscall.Rusage)(latest)
+	var (
+		utimeDiffs  = l.Utime.Sec - f.Utime.Sec
+		utimeDiffus = l.Utime.Usec - f.Utime.Usec
+		stimeDiffs  = l.Stime.Sec - f.Stime.Sec
+		stimeDiffus = l.Stime.Usec - f.Stime.Usec
+	)
+
+	uTimeElapsed := float64(utimeDiffs) + float64(utimeDiffus)*1.0e-6
+	sTimeElapsed := float64(stimeDiffs) + float64(stimeDiffus)*1.0e-6
+
+	return uTimeElapsed, sTimeElapsed
+}
+
+// SetTCPUserTimeout sets the TCP user timeout on a connection's socket
+func SetTCPUserTimeout(conn net.Conn, timeout time.Duration) error {
+	tcpconn, ok := conn.(*net.TCPConn)
+	if !ok {
+		// not a TCP connection. exit early
+		return nil
+	}
+	rawConn, err := tcpconn.SyscallConn()
+	if err != nil {
+		return fmt.Errorf("error getting raw connection: %v", err)
+	}
+	err = rawConn.Control(func(fd uintptr) {
+		err = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT, int(timeout/time.Millisecond))
+	})
+	if err != nil {
+		return fmt.Errorf("error setting option on socket: %v", err)
+	}
+
+	return nil
+}
+
+// GetTCPUserTimeout gets the TCP user timeout on a connection's socket
+func GetTCPUserTimeout(conn net.Conn) (opt int, err error) {
+	tcpconn, ok := conn.(*net.TCPConn)
+	if !ok {
+		err = fmt.Errorf("conn is not *net.TCPConn. got %T", conn)
+		return
+	}
+	rawConn, err := tcpconn.SyscallConn()
+	if err != nil {
+		err = fmt.Errorf("error getting raw connection: %v", err)
+		return
+	}
+	err = rawConn.Control(func(fd uintptr) {
+		opt, err = syscall.GetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT)
+	})
+	if err != nil {
+		err = fmt.Errorf("error getting option on socket: %v", err)
+		return
+	}
+
+	return
+}
diff --git a/vendor/google.golang.org/grpc/internal/syscall/syscall_nonlinux.go b/vendor/google.golang.org/grpc/internal/syscall/syscall_nonlinux.go
new file mode 100644
index 0000000000000..d3fd9dab33317
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/syscall/syscall_nonlinux.go
@@ -0,0 +1,73 @@
+// +build !linux appengine
+
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package syscall
+
+import (
+	"net"
+	"sync"
+	"time"
+
+	"google.golang.org/grpc/grpclog"
+)
+
+var once sync.Once
+
+func log() {
+	once.Do(func() {
+		grpclog.Info("CPU time info is unavailable on non-linux or appengine environment.")
+	})
+}
+
+// GetCPUTime returns the how much CPU time has passed since the start of this process.
+// It always returns 0 under non-linux or appengine environment.
+func GetCPUTime() int64 {
+	log()
+	return 0
+}
+
+// Rusage is an empty struct under non-linux or appengine environment.
+type Rusage struct{}
+
+// GetRusage is a no-op function under non-linux or appengine environment.
+func GetRusage() (rusage *Rusage) {
+	log()
+	return nil
+}
+
+// CPUTimeDiff returns the differences of user CPU time and system CPU time used
+// between two Rusage structs. It a no-op function for non-linux or appengine environment.
+func CPUTimeDiff(first *Rusage, latest *Rusage) (float64, float64) {
+	log()
+	return 0, 0
+}
+
+// SetTCPUserTimeout is a no-op function under non-linux or appengine environments
+func SetTCPUserTimeout(conn net.Conn, timeout time.Duration) error {
+	log()
+	return nil
+}
+
+// GetTCPUserTimeout is a no-op function under non-linux or appengine environments
+// a negative return value indicates the operation is not supported
+func GetTCPUserTimeout(conn net.Conn) (int, error) {
+	log()
+	return -1, nil
+}
diff --git a/vendor/google.golang.org/grpc/transport/bdp_estimator.go b/vendor/google.golang.org/grpc/internal/transport/bdp_estimator.go
similarity index 94%
rename from vendor/google.golang.org/grpc/transport/bdp_estimator.go
rename to vendor/google.golang.org/grpc/internal/transport/bdp_estimator.go
index 63cd2627c87aa..070680edbac12 100644
--- a/vendor/google.golang.org/grpc/transport/bdp_estimator.go
+++ b/vendor/google.golang.org/grpc/internal/transport/bdp_estimator.go
@@ -24,9 +24,10 @@ import (
 )
 
 const (
-	// bdpLimit is the maximum value the flow control windows
-	// will be increased to.
-	bdpLimit = (1 << 20) * 4
+	// bdpLimit is the maximum value the flow control windows will be increased
+	// to.  TCP typically limits this to 4MB, but some systems go up to 16MB.
+	// Since this is only a limit, it is safe to make it optimistic.
+	bdpLimit = (1 << 20) * 16
 	// alpha is a constant factor used to keep a moving average
 	// of RTTs.
 	alpha = 0.9
diff --git a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
new file mode 100644
index 0000000000000..ddee20b6bef2b
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
@@ -0,0 +1,926 @@
+/*
+ *
+ * Copyright 2014 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package transport
+
+import (
+	"bytes"
+	"fmt"
+	"runtime"
+	"sync"
+	"sync/atomic"
+
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/hpack"
+)
+
+var updateHeaderTblSize = func(e *hpack.Encoder, v uint32) {
+	e.SetMaxDynamicTableSizeLimit(v)
+}
+
+type itemNode struct {
+	it   interface{}
+	next *itemNode
+}
+
+type itemList struct {
+	head *itemNode
+	tail *itemNode
+}
+
+func (il *itemList) enqueue(i interface{}) {
+	n := &itemNode{it: i}
+	if il.tail == nil {
+		il.head, il.tail = n, n
+		return
+	}
+	il.tail.next = n
+	il.tail = n
+}
+
+// peek returns the first item in the list without removing it from the
+// list.
+func (il *itemList) peek() interface{} {
+	return il.head.it
+}
+
+func (il *itemList) dequeue() interface{} {
+	if il.head == nil {
+		return nil
+	}
+	i := il.head.it
+	il.head = il.head.next
+	if il.head == nil {
+		il.tail = nil
+	}
+	return i
+}
+
+func (il *itemList) dequeueAll() *itemNode {
+	h := il.head
+	il.head, il.tail = nil, nil
+	return h
+}
+
+func (il *itemList) isEmpty() bool {
+	return il.head == nil
+}
+
+// The following defines various control items which could flow through
+// the control buffer of transport. They represent different aspects of
+// control tasks, e.g., flow control, settings, streaming resetting, etc.
+
+// maxQueuedTransportResponseFrames is the most queued "transport response"
+// frames we will buffer before preventing new reads from occurring on the
+// transport.  These are control frames sent in response to client requests,
+// such as RST_STREAM due to bad headers or settings acks.
+const maxQueuedTransportResponseFrames = 50
+
+type cbItem interface {
+	isTransportResponseFrame() bool
+}
+
+// registerStream is used to register an incoming stream with loopy writer.
+type registerStream struct {
+	streamID uint32
+	wq       *writeQuota
+}
+
+func (*registerStream) isTransportResponseFrame() bool { return false }
+
+// headerFrame is also used to register stream on the client-side.
+type headerFrame struct {
+	streamID   uint32
+	hf         []hpack.HeaderField
+	endStream  bool               // Valid on server side.
+	initStream func(uint32) error // Used only on the client side.
+	onWrite    func()
+	wq         *writeQuota    // write quota for the stream created.
+	cleanup    *cleanupStream // Valid on the server side.
+	onOrphaned func(error)    // Valid on client-side
+}
+
+func (h *headerFrame) isTransportResponseFrame() bool {
+	return h.cleanup != nil && h.cleanup.rst // Results in a RST_STREAM
+}
+
+type cleanupStream struct {
+	streamID uint32
+	rst      bool
+	rstCode  http2.ErrCode
+	onWrite  func()
+}
+
+func (c *cleanupStream) isTransportResponseFrame() bool { return c.rst } // Results in a RST_STREAM
+
+type dataFrame struct {
+	streamID  uint32
+	endStream bool
+	h         []byte
+	d         []byte
+	// onEachWrite is called every time
+	// a part of d is written out.
+	onEachWrite func()
+}
+
+func (*dataFrame) isTransportResponseFrame() bool { return false }
+
+type incomingWindowUpdate struct {
+	streamID  uint32
+	increment uint32
+}
+
+func (*incomingWindowUpdate) isTransportResponseFrame() bool { return false }
+
+type outgoingWindowUpdate struct {
+	streamID  uint32
+	increment uint32
+}
+
+func (*outgoingWindowUpdate) isTransportResponseFrame() bool {
+	return false // window updates are throttled by thresholds
+}
+
+type incomingSettings struct {
+	ss []http2.Setting
+}
+
+func (*incomingSettings) isTransportResponseFrame() bool { return true } // Results in a settings ACK
+
+type outgoingSettings struct {
+	ss []http2.Setting
+}
+
+func (*outgoingSettings) isTransportResponseFrame() bool { return false }
+
+type incomingGoAway struct {
+}
+
+func (*incomingGoAway) isTransportResponseFrame() bool { return false }
+
+type goAway struct {
+	code      http2.ErrCode
+	debugData []byte
+	headsUp   bool
+	closeConn bool
+}
+
+func (*goAway) isTransportResponseFrame() bool { return false }
+
+type ping struct {
+	ack  bool
+	data [8]byte
+}
+
+func (*ping) isTransportResponseFrame() bool { return true }
+
+type outFlowControlSizeRequest struct {
+	resp chan uint32
+}
+
+func (*outFlowControlSizeRequest) isTransportResponseFrame() bool { return false }
+
+type outStreamState int
+
+const (
+	active outStreamState = iota
+	empty
+	waitingOnStreamQuota
+)
+
+type outStream struct {
+	id               uint32
+	state            outStreamState
+	itl              *itemList
+	bytesOutStanding int
+	wq               *writeQuota
+
+	next *outStream
+	prev *outStream
+}
+
+func (s *outStream) deleteSelf() {
+	if s.prev != nil {
+		s.prev.next = s.next
+	}
+	if s.next != nil {
+		s.next.prev = s.prev
+	}
+	s.next, s.prev = nil, nil
+}
+
+type outStreamList struct {
+	// Following are sentinel objects that mark the
+	// beginning and end of the list. They do not
+	// contain any item lists. All valid objects are
+	// inserted in between them.
+	// This is needed so that an outStream object can
+	// deleteSelf() in O(1) time without knowing which
+	// list it belongs to.
+	head *outStream
+	tail *outStream
+}
+
+func newOutStreamList() *outStreamList {
+	head, tail := new(outStream), new(outStream)
+	head.next = tail
+	tail.prev = head
+	return &outStreamList{
+		head: head,
+		tail: tail,
+	}
+}
+
+func (l *outStreamList) enqueue(s *outStream) {
+	e := l.tail.prev
+	e.next = s
+	s.prev = e
+	s.next = l.tail
+	l.tail.prev = s
+}
+
+// remove from the beginning of the list.
+func (l *outStreamList) dequeue() *outStream {
+	b := l.head.next
+	if b == l.tail {
+		return nil
+	}
+	b.deleteSelf()
+	return b
+}
+
+// controlBuffer is a way to pass information to loopy.
+// Information is passed as specific struct types called control frames.
+// A control frame not only represents data, messages or headers to be sent out
+// but can also be used to instruct loopy to update its internal state.
+// It shouldn't be confused with an HTTP2 frame, although some of the control frames
+// like dataFrame and headerFrame do go out on wire as HTTP2 frames.
+type controlBuffer struct {
+	ch              chan struct{}
+	done            <-chan struct{}
+	mu              sync.Mutex
+	consumerWaiting bool
+	list            *itemList
+	err             error
+
+	// transportResponseFrames counts the number of queued items that represent
+	// the response of an action initiated by the peer.  trfChan is created
+	// when transportResponseFrames >= maxQueuedTransportResponseFrames and is
+	// closed and nilled when transportResponseFrames drops below the
+	// threshold.  Both fields are protected by mu.
+	transportResponseFrames int
+	trfChan                 atomic.Value // *chan struct{}
+}
+
+func newControlBuffer(done <-chan struct{}) *controlBuffer {
+	return &controlBuffer{
+		ch:   make(chan struct{}, 1),
+		list: &itemList{},
+		done: done,
+	}
+}
+
+// throttle blocks if there are too many incomingSettings/cleanupStreams in the
+// controlbuf.
+func (c *controlBuffer) throttle() {
+	ch, _ := c.trfChan.Load().(*chan struct{})
+	if ch != nil {
+		select {
+		case <-*ch:
+		case <-c.done:
+		}
+	}
+}
+
+func (c *controlBuffer) put(it cbItem) error {
+	_, err := c.executeAndPut(nil, it)
+	return err
+}
+
+func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it cbItem) (bool, error) {
+	var wakeUp bool
+	c.mu.Lock()
+	if c.err != nil {
+		c.mu.Unlock()
+		return false, c.err
+	}
+	if f != nil {
+		if !f(it) { // f wasn't successful
+			c.mu.Unlock()
+			return false, nil
+		}
+	}
+	if c.consumerWaiting {
+		wakeUp = true
+		c.consumerWaiting = false
+	}
+	c.list.enqueue(it)
+	if it.isTransportResponseFrame() {
+		c.transportResponseFrames++
+		if c.transportResponseFrames == maxQueuedTransportResponseFrames {
+			// We are adding the frame that puts us over the threshold; create
+			// a throttling channel.
+			ch := make(chan struct{})
+			c.trfChan.Store(&ch)
+		}
+	}
+	c.mu.Unlock()
+	if wakeUp {
+		select {
+		case c.ch <- struct{}{}:
+		default:
+		}
+	}
+	return true, nil
+}
+
+// Note argument f should never be nil.
+func (c *controlBuffer) execute(f func(it interface{}) bool, it interface{}) (bool, error) {
+	c.mu.Lock()
+	if c.err != nil {
+		c.mu.Unlock()
+		return false, c.err
+	}
+	if !f(it) { // f wasn't successful
+		c.mu.Unlock()
+		return false, nil
+	}
+	c.mu.Unlock()
+	return true, nil
+}
+
+func (c *controlBuffer) get(block bool) (interface{}, error) {
+	for {
+		c.mu.Lock()
+		if c.err != nil {
+			c.mu.Unlock()
+			return nil, c.err
+		}
+		if !c.list.isEmpty() {
+			h := c.list.dequeue().(cbItem)
+			if h.isTransportResponseFrame() {
+				if c.transportResponseFrames == maxQueuedTransportResponseFrames {
+					// We are removing the frame that put us over the
+					// threshold; close and clear the throttling channel.
+					ch := c.trfChan.Load().(*chan struct{})
+					close(*ch)
+					c.trfChan.Store((*chan struct{})(nil))
+				}
+				c.transportResponseFrames--
+			}
+			c.mu.Unlock()
+			return h, nil
+		}
+		if !block {
+			c.mu.Unlock()
+			return nil, nil
+		}
+		c.consumerWaiting = true
+		c.mu.Unlock()
+		select {
+		case <-c.ch:
+		case <-c.done:
+			c.finish()
+			return nil, ErrConnClosing
+		}
+	}
+}
+
+func (c *controlBuffer) finish() {
+	c.mu.Lock()
+	if c.err != nil {
+		c.mu.Unlock()
+		return
+	}
+	c.err = ErrConnClosing
+	// There may be headers for streams in the control buffer.
+	// These streams need to be cleaned out since the transport
+	// is still not aware of these yet.
+	for head := c.list.dequeueAll(); head != nil; head = head.next {
+		hdr, ok := head.it.(*headerFrame)
+		if !ok {
+			continue
+		}
+		if hdr.onOrphaned != nil { // It will be nil on the server-side.
+			hdr.onOrphaned(ErrConnClosing)
+		}
+	}
+	c.mu.Unlock()
+}
+
+type side int
+
+const (
+	clientSide side = iota
+	serverSide
+)
+
+// Loopy receives frames from the control buffer.
+// Each frame is handled individually; most of the work done by loopy goes
+// into handling data frames. Loopy maintains a queue of active streams, and each
+// stream maintains a queue of data frames; as loopy receives data frames
+// it gets added to the queue of the relevant stream.
+// Loopy goes over this list of active streams by processing one node every iteration,
+// thereby closely resemebling to a round-robin scheduling over all streams. While
+// processing a stream, loopy writes out data bytes from this stream capped by the min
+// of http2MaxFrameLen, connection-level flow control and stream-level flow control.
+type loopyWriter struct {
+	side      side
+	cbuf      *controlBuffer
+	sendQuota uint32
+	oiws      uint32 // outbound initial window size.
+	// estdStreams is map of all established streams that are not cleaned-up yet.
+	// On client-side, this is all streams whose headers were sent out.
+	// On server-side, this is all streams whose headers were received.
+	estdStreams map[uint32]*outStream // Established streams.
+	// activeStreams is a linked-list of all streams that have data to send and some
+	// stream-level flow control quota.
+	// Each of these streams internally have a list of data items(and perhaps trailers
+	// on the server-side) to be sent out.
+	activeStreams *outStreamList
+	framer        *framer
+	hBuf          *bytes.Buffer  // The buffer for HPACK encoding.
+	hEnc          *hpack.Encoder // HPACK encoder.
+	bdpEst        *bdpEstimator
+	draining      bool
+
+	// Side-specific handlers
+	ssGoAwayHandler func(*goAway) (bool, error)
+}
+
+func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator) *loopyWriter {
+	var buf bytes.Buffer
+	l := &loopyWriter{
+		side:          s,
+		cbuf:          cbuf,
+		sendQuota:     defaultWindowSize,
+		oiws:          defaultWindowSize,
+		estdStreams:   make(map[uint32]*outStream),
+		activeStreams: newOutStreamList(),
+		framer:        fr,
+		hBuf:          &buf,
+		hEnc:          hpack.NewEncoder(&buf),
+		bdpEst:        bdpEst,
+	}
+	return l
+}
+
+const minBatchSize = 1000
+
+// run should be run in a separate goroutine.
+// It reads control frames from controlBuf and processes them by:
+// 1. Updating loopy's internal state, or/and
+// 2. Writing out HTTP2 frames on the wire.
+//
+// Loopy keeps all active streams with data to send in a linked-list.
+// All streams in the activeStreams linked-list must have both:
+// 1. Data to send, and
+// 2. Stream level flow control quota available.
+//
+// In each iteration of run loop, other than processing the incoming control
+// frame, loopy calls processData, which processes one node from the activeStreams linked-list.
+// This results in writing of HTTP2 frames into an underlying write buffer.
+// When there's no more control frames to read from controlBuf, loopy flushes the write buffer.
+// As an optimization, to increase the batch size for each flush, loopy yields the processor, once
+// if the batch size is too low to give stream goroutines a chance to fill it up.
+func (l *loopyWriter) run() (err error) {
+	defer func() {
+		if err == ErrConnClosing {
+			// Don't log ErrConnClosing as error since it happens
+			// 1. When the connection is closed by some other known issue.
+			// 2. User closed the connection.
+			// 3. A graceful close of connection.
+			infof("transport: loopyWriter.run returning. %v", err)
+			err = nil
+		}
+	}()
+	for {
+		it, err := l.cbuf.get(true)
+		if err != nil {
+			return err
+		}
+		if err = l.handle(it); err != nil {
+			return err
+		}
+		if _, err = l.processData(); err != nil {
+			return err
+		}
+		gosched := true
+	hasdata:
+		for {
+			it, err := l.cbuf.get(false)
+			if err != nil {
+				return err
+			}
+			if it != nil {
+				if err = l.handle(it); err != nil {
+					return err
+				}
+				if _, err = l.processData(); err != nil {
+					return err
+				}
+				continue hasdata
+			}
+			isEmpty, err := l.processData()
+			if err != nil {
+				return err
+			}
+			if !isEmpty {
+				continue hasdata
+			}
+			if gosched {
+				gosched = false
+				if l.framer.writer.offset < minBatchSize {
+					runtime.Gosched()
+					continue hasdata
+				}
+			}
+			l.framer.writer.Flush()
+			break hasdata
+
+		}
+	}
+}
+
+func (l *loopyWriter) outgoingWindowUpdateHandler(w *outgoingWindowUpdate) error {
+	return l.framer.fr.WriteWindowUpdate(w.streamID, w.increment)
+}
+
+func (l *loopyWriter) incomingWindowUpdateHandler(w *incomingWindowUpdate) error {
+	// Otherwise update the quota.
+	if w.streamID == 0 {
+		l.sendQuota += w.increment
+		return nil
+	}
+	// Find the stream and update it.
+	if str, ok := l.estdStreams[w.streamID]; ok {
+		str.bytesOutStanding -= int(w.increment)
+		if strQuota := int(l.oiws) - str.bytesOutStanding; strQuota > 0 && str.state == waitingOnStreamQuota {
+			str.state = active
+			l.activeStreams.enqueue(str)
+			return nil
+		}
+	}
+	return nil
+}
+
+func (l *loopyWriter) outgoingSettingsHandler(s *outgoingSettings) error {
+	return l.framer.fr.WriteSettings(s.ss...)
+}
+
+func (l *loopyWriter) incomingSettingsHandler(s *incomingSettings) error {
+	if err := l.applySettings(s.ss); err != nil {
+		return err
+	}
+	return l.framer.fr.WriteSettingsAck()
+}
+
+func (l *loopyWriter) registerStreamHandler(h *registerStream) error {
+	str := &outStream{
+		id:    h.streamID,
+		state: empty,
+		itl:   &itemList{},
+		wq:    h.wq,
+	}
+	l.estdStreams[h.streamID] = str
+	return nil
+}
+
+func (l *loopyWriter) headerHandler(h *headerFrame) error {
+	if l.side == serverSide {
+		str, ok := l.estdStreams[h.streamID]
+		if !ok {
+			warningf("transport: loopy doesn't recognize the stream: %d", h.streamID)
+			return nil
+		}
+		// Case 1.A: Server is responding back with headers.
+		if !h.endStream {
+			return l.writeHeader(h.streamID, h.endStream, h.hf, h.onWrite)
+		}
+		// else:  Case 1.B: Server wants to close stream.
+
+		if str.state != empty { // either active or waiting on stream quota.
+			// add it str's list of items.
+			str.itl.enqueue(h)
+			return nil
+		}
+		if err := l.writeHeader(h.streamID, h.endStream, h.hf, h.onWrite); err != nil {
+			return err
+		}
+		return l.cleanupStreamHandler(h.cleanup)
+	}
+	// Case 2: Client wants to originate stream.
+	str := &outStream{
+		id:    h.streamID,
+		state: empty,
+		itl:   &itemList{},
+		wq:    h.wq,
+	}
+	str.itl.enqueue(h)
+	return l.originateStream(str)
+}
+
+func (l *loopyWriter) originateStream(str *outStream) error {
+	hdr := str.itl.dequeue().(*headerFrame)
+	if err := hdr.initStream(str.id); err != nil {
+		if err == ErrConnClosing {
+			return err
+		}
+		// Other errors(errStreamDrain) need not close transport.
+		return nil
+	}
+	if err := l.writeHeader(str.id, hdr.endStream, hdr.hf, hdr.onWrite); err != nil {
+		return err
+	}
+	l.estdStreams[str.id] = str
+	return nil
+}
+
+func (l *loopyWriter) writeHeader(streamID uint32, endStream bool, hf []hpack.HeaderField, onWrite func()) error {
+	if onWrite != nil {
+		onWrite()
+	}
+	l.hBuf.Reset()
+	for _, f := range hf {
+		if err := l.hEnc.WriteField(f); err != nil {
+			warningf("transport: loopyWriter.writeHeader encountered error while encoding headers:", err)
+		}
+	}
+	var (
+		err               error
+		endHeaders, first bool
+	)
+	first = true
+	for !endHeaders {
+		size := l.hBuf.Len()
+		if size > http2MaxFrameLen {
+			size = http2MaxFrameLen
+		} else {
+			endHeaders = true
+		}
+		if first {
+			first = false
+			err = l.framer.fr.WriteHeaders(http2.HeadersFrameParam{
+				StreamID:      streamID,
+				BlockFragment: l.hBuf.Next(size),
+				EndStream:     endStream,
+				EndHeaders:    endHeaders,
+			})
+		} else {
+			err = l.framer.fr.WriteContinuation(
+				streamID,
+				endHeaders,
+				l.hBuf.Next(size),
+			)
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (l *loopyWriter) preprocessData(df *dataFrame) error {
+	str, ok := l.estdStreams[df.streamID]
+	if !ok {
+		return nil
+	}
+	// If we got data for a stream it means that
+	// stream was originated and the headers were sent out.
+	str.itl.enqueue(df)
+	if str.state == empty {
+		str.state = active
+		l.activeStreams.enqueue(str)
+	}
+	return nil
+}
+
+func (l *loopyWriter) pingHandler(p *ping) error {
+	if !p.ack {
+		l.bdpEst.timesnap(p.data)
+	}
+	return l.framer.fr.WritePing(p.ack, p.data)
+
+}
+
+func (l *loopyWriter) outFlowControlSizeRequestHandler(o *outFlowControlSizeRequest) error {
+	o.resp <- l.sendQuota
+	return nil
+}
+
+func (l *loopyWriter) cleanupStreamHandler(c *cleanupStream) error {
+	c.onWrite()
+	if str, ok := l.estdStreams[c.streamID]; ok {
+		// On the server side it could be a trailers-only response or
+		// a RST_STREAM before stream initialization thus the stream might
+		// not be established yet.
+		delete(l.estdStreams, c.streamID)
+		str.deleteSelf()
+	}
+	if c.rst { // If RST_STREAM needs to be sent.
+		if err := l.framer.fr.WriteRSTStream(c.streamID, c.rstCode); err != nil {
+			return err
+		}
+	}
+	if l.side == clientSide && l.draining && len(l.estdStreams) == 0 {
+		return ErrConnClosing
+	}
+	return nil
+}
+
+func (l *loopyWriter) incomingGoAwayHandler(*incomingGoAway) error {
+	if l.side == clientSide {
+		l.draining = true
+		if len(l.estdStreams) == 0 {
+			return ErrConnClosing
+		}
+	}
+	return nil
+}
+
+func (l *loopyWriter) goAwayHandler(g *goAway) error {
+	// Handling of outgoing GoAway is very specific to side.
+	if l.ssGoAwayHandler != nil {
+		draining, err := l.ssGoAwayHandler(g)
+		if err != nil {
+			return err
+		}
+		l.draining = draining
+	}
+	return nil
+}
+
+func (l *loopyWriter) handle(i interface{}) error {
+	switch i := i.(type) {
+	case *incomingWindowUpdate:
+		return l.incomingWindowUpdateHandler(i)
+	case *outgoingWindowUpdate:
+		return l.outgoingWindowUpdateHandler(i)
+	case *incomingSettings:
+		return l.incomingSettingsHandler(i)
+	case *outgoingSettings:
+		return l.outgoingSettingsHandler(i)
+	case *headerFrame:
+		return l.headerHandler(i)
+	case *registerStream:
+		return l.registerStreamHandler(i)
+	case *cleanupStream:
+		return l.cleanupStreamHandler(i)
+	case *incomingGoAway:
+		return l.incomingGoAwayHandler(i)
+	case *dataFrame:
+		return l.preprocessData(i)
+	case *ping:
+		return l.pingHandler(i)
+	case *goAway:
+		return l.goAwayHandler(i)
+	case *outFlowControlSizeRequest:
+		return l.outFlowControlSizeRequestHandler(i)
+	default:
+		return fmt.Errorf("transport: unknown control message type %T", i)
+	}
+}
+
+func (l *loopyWriter) applySettings(ss []http2.Setting) error {
+	for _, s := range ss {
+		switch s.ID {
+		case http2.SettingInitialWindowSize:
+			o := l.oiws
+			l.oiws = s.Val
+			if o < l.oiws {
+				// If the new limit is greater make all depleted streams active.
+				for _, stream := range l.estdStreams {
+					if stream.state == waitingOnStreamQuota {
+						stream.state = active
+						l.activeStreams.enqueue(stream)
+					}
+				}
+			}
+		case http2.SettingHeaderTableSize:
+			updateHeaderTblSize(l.hEnc, s.Val)
+		}
+	}
+	return nil
+}
+
+// processData removes the first stream from active streams, writes out at most 16KB
+// of its data and then puts it at the end of activeStreams if there's still more data
+// to be sent and stream has some stream-level flow control.
+func (l *loopyWriter) processData() (bool, error) {
+	if l.sendQuota == 0 {
+		return true, nil
+	}
+	str := l.activeStreams.dequeue() // Remove the first stream.
+	if str == nil {
+		return true, nil
+	}
+	dataItem := str.itl.peek().(*dataFrame) // Peek at the first data item this stream.
+	// A data item is represented by a dataFrame, since it later translates into
+	// multiple HTTP2 data frames.
+	// Every dataFrame has two buffers; h that keeps grpc-message header and d that is acutal data.
+	// As an optimization to keep wire traffic low, data from d is copied to h to make as big as the
+	// maximum possilbe HTTP2 frame size.
+
+	if len(dataItem.h) == 0 && len(dataItem.d) == 0 { // Empty data frame
+		// Client sends out empty data frame with endStream = true
+		if err := l.framer.fr.WriteData(dataItem.streamID, dataItem.endStream, nil); err != nil {
+			return false, err
+		}
+		str.itl.dequeue() // remove the empty data item from stream
+		if str.itl.isEmpty() {
+			str.state = empty
+		} else if trailer, ok := str.itl.peek().(*headerFrame); ok { // the next item is trailers.
+			if err := l.writeHeader(trailer.streamID, trailer.endStream, trailer.hf, trailer.onWrite); err != nil {
+				return false, err
+			}
+			if err := l.cleanupStreamHandler(trailer.cleanup); err != nil {
+				return false, nil
+			}
+		} else {
+			l.activeStreams.enqueue(str)
+		}
+		return false, nil
+	}
+	var (
+		idx int
+		buf []byte
+	)
+	if len(dataItem.h) != 0 { // data header has not been written out yet.
+		buf = dataItem.h
+	} else {
+		idx = 1
+		buf = dataItem.d
+	}
+	size := http2MaxFrameLen
+	if len(buf) < size {
+		size = len(buf)
+	}
+	if strQuota := int(l.oiws) - str.bytesOutStanding; strQuota <= 0 { // stream-level flow control.
+		str.state = waitingOnStreamQuota
+		return false, nil
+	} else if strQuota < size {
+		size = strQuota
+	}
+
+	if l.sendQuota < uint32(size) { // connection-level flow control.
+		size = int(l.sendQuota)
+	}
+	// Now that outgoing flow controls are checked we can replenish str's write quota
+	str.wq.replenish(size)
+	var endStream bool
+	// If this is the last data message on this stream and all of it can be written in this iteration.
+	if dataItem.endStream && size == len(buf) {
+		// buf contains either data or it contains header but data is empty.
+		if idx == 1 || len(dataItem.d) == 0 {
+			endStream = true
+		}
+	}
+	if dataItem.onEachWrite != nil {
+		dataItem.onEachWrite()
+	}
+	if err := l.framer.fr.WriteData(dataItem.streamID, endStream, buf[:size]); err != nil {
+		return false, err
+	}
+	buf = buf[size:]
+	str.bytesOutStanding += size
+	l.sendQuota -= uint32(size)
+	if idx == 0 {
+		dataItem.h = buf
+	} else {
+		dataItem.d = buf
+	}
+
+	if len(dataItem.h) == 0 && len(dataItem.d) == 0 { // All the data from that message was written out.
+		str.itl.dequeue()
+	}
+	if str.itl.isEmpty() {
+		str.state = empty
+	} else if trailer, ok := str.itl.peek().(*headerFrame); ok { // The next item is trailers.
+		if err := l.writeHeader(trailer.streamID, trailer.endStream, trailer.hf, trailer.onWrite); err != nil {
+			return false, err
+		}
+		if err := l.cleanupStreamHandler(trailer.cleanup); err != nil {
+			return false, err
+		}
+	} else if int(l.oiws)-str.bytesOutStanding <= 0 { // Ran out of stream quota.
+		str.state = waitingOnStreamQuota
+	} else { // Otherwise add it back to the list of active streams.
+		l.activeStreams.enqueue(str)
+	}
+	return false, nil
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/defaults.go b/vendor/google.golang.org/grpc/internal/transport/defaults.go
new file mode 100644
index 0000000000000..9fa306b2e07a2
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/defaults.go
@@ -0,0 +1,49 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package transport
+
+import (
+	"math"
+	"time"
+)
+
+const (
+	// The default value of flow control window size in HTTP2 spec.
+	defaultWindowSize = 65535
+	// The initial window size for flow control.
+	initialWindowSize             = defaultWindowSize // for an RPC
+	infinity                      = time.Duration(math.MaxInt64)
+	defaultClientKeepaliveTime    = infinity
+	defaultClientKeepaliveTimeout = 20 * time.Second
+	defaultMaxStreamsClient       = 100
+	defaultMaxConnectionIdle      = infinity
+	defaultMaxConnectionAge       = infinity
+	defaultMaxConnectionAgeGrace  = infinity
+	defaultServerKeepaliveTime    = 2 * time.Hour
+	defaultServerKeepaliveTimeout = 20 * time.Second
+	defaultKeepalivePolicyMinTime = 5 * time.Minute
+	// max window limit set by HTTP2 Specs.
+	maxWindowSize = math.MaxInt32
+	// defaultWriteQuota is the default value for number of data
+	// bytes that each stream can schedule before some of it being
+	// flushed out.
+	defaultWriteQuota              = 64 * 1024
+	defaultClientMaxHeaderListSize = uint32(16 << 20)
+	defaultServerMaxHeaderListSize = uint32(16 << 20)
+)
diff --git a/vendor/google.golang.org/grpc/transport/flowcontrol.go b/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go
similarity index 84%
rename from vendor/google.golang.org/grpc/transport/flowcontrol.go
rename to vendor/google.golang.org/grpc/internal/transport/flowcontrol.go
index 378f5c4502c07..f262edd8ecda3 100644
--- a/vendor/google.golang.org/grpc/transport/flowcontrol.go
+++ b/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go
@@ -23,30 +23,6 @@ import (
 	"math"
 	"sync"
 	"sync/atomic"
-	"time"
-)
-
-const (
-	// The default value of flow control window size in HTTP2 spec.
-	defaultWindowSize = 65535
-	// The initial window size for flow control.
-	initialWindowSize             = defaultWindowSize // for an RPC
-	infinity                      = time.Duration(math.MaxInt64)
-	defaultClientKeepaliveTime    = infinity
-	defaultClientKeepaliveTimeout = 20 * time.Second
-	defaultMaxStreamsClient       = 100
-	defaultMaxConnectionIdle      = infinity
-	defaultMaxConnectionAge       = infinity
-	defaultMaxConnectionAgeGrace  = infinity
-	defaultServerKeepaliveTime    = 2 * time.Hour
-	defaultServerKeepaliveTimeout = 20 * time.Second
-	defaultKeepalivePolicyMinTime = 5 * time.Minute
-	// max window limit set by HTTP2 Specs.
-	maxWindowSize = math.MaxInt32
-	// defaultWriteQuota is the default value for number of data
-	// bytes that each stream can schedule before some of it being
-	// flushed out.
-	defaultWriteQuota = 64 * 1024
 )
 
 // writeQuota is a soft limit on the amount of data a stream can
@@ -58,14 +34,20 @@ type writeQuota struct {
 	ch chan struct{}
 	// done is triggered in error case.
 	done <-chan struct{}
+	// replenish is called by loopyWriter to give quota back to.
+	// It is implemented as a field so that it can be updated
+	// by tests.
+	replenish func(n int)
 }
 
 func newWriteQuota(sz int32, done <-chan struct{}) *writeQuota {
-	return &writeQuota{
+	w := &writeQuota{
 		quota: sz,
 		ch:    make(chan struct{}, 1),
 		done:  done,
 	}
+	w.replenish = w.realReplenish
+	return w
 }
 
 func (w *writeQuota) get(sz int32) error {
@@ -83,7 +65,7 @@ func (w *writeQuota) get(sz int32) error {
 	}
 }
 
-func (w *writeQuota) replenish(n int) {
+func (w *writeQuota) realReplenish(n int) {
 	sz := int32(n)
 	a := atomic.AddInt32(&w.quota, sz)
 	b := a - sz
@@ -167,6 +149,7 @@ func (f *inFlow) maybeAdjust(n uint32) uint32 {
 		n = uint32(math.MaxInt32)
 	}
 	f.mu.Lock()
+	defer f.mu.Unlock()
 	// estSenderQuota is the receiver's view of the maximum number of bytes the sender
 	// can send without a window update.
 	estSenderQuota := int32(f.limit - (f.pendingData + f.pendingUpdate))
@@ -187,10 +170,8 @@ func (f *inFlow) maybeAdjust(n uint32) uint32 {
 			// is padded; We will fallback on the current available window(at least a 1/4th of the limit).
 			f.delta = n
 		}
-		f.mu.Unlock()
 		return f.delta
 	}
-	f.mu.Unlock()
 	return 0
 }
 
diff --git a/vendor/google.golang.org/grpc/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
similarity index 89%
rename from vendor/google.golang.org/grpc/transport/handler_server.go
rename to vendor/google.golang.org/grpc/internal/transport/handler_server.go
index f71b74821749b..c3c32dafe9e5a 100644
--- a/vendor/google.golang.org/grpc/transport/handler_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
@@ -24,6 +24,8 @@
 package transport
 
 import (
+	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -34,7 +36,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
 	"golang.org/x/net/http2"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
@@ -63,9 +64,6 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats sta
 	if _, ok := w.(http.Flusher); !ok {
 		return nil, errors.New("gRPC requires a ResponseWriter supporting http.Flusher")
 	}
-	if _, ok := w.(http.CloseNotifier); !ok {
-		return nil, errors.New("gRPC requires a ResponseWriter supporting http.CloseNotifier")
-	}
 
 	st := &serverHandlerTransport{
 		rw:             w,
@@ -80,7 +78,7 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats sta
 	if v := r.Header.Get("grpc-timeout"); v != "" {
 		to, err := decodeTimeout(v)
 		if err != nil {
-			return nil, streamErrorf(codes.Internal, "malformed time-out: %v", err)
+			return nil, status.Errorf(codes.Internal, "malformed time-out: %v", err)
 		}
 		st.timeoutSet = true
 		st.timeout = to
@@ -98,7 +96,7 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats sta
 		for _, v := range vv {
 			v, err := decodeMetadataHeader(k, v)
 			if err != nil {
-				return nil, streamErrorf(codes.Internal, "malformed binary metadata: %v", err)
+				return nil, status.Errorf(codes.Internal, "malformed binary metadata: %v", err)
 			}
 			metakv = append(metakv, k, v)
 		}
@@ -176,17 +174,11 @@ func (a strAddr) String() string { return string(a) }
 
 // do runs fn in the ServeHTTP goroutine.
 func (ht *serverHandlerTransport) do(fn func()) error {
-	// Avoid a panic writing to closed channel. Imperfect but maybe good enough.
 	select {
 	case <-ht.closedCh:
 		return ErrConnClosing
-	default:
-		select {
-		case ht.writes <- fn:
-			return nil
-		case <-ht.closedCh:
-			return ErrConnClosing
-		}
+	case ht.writes <- fn:
+		return nil
 	}
 }
 
@@ -235,11 +227,12 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro
 
 	if err == nil { // transport has not been closed
 		if ht.stats != nil {
-			ht.stats.HandleRPC(s.Context(), &stats.OutTrailer{})
+			ht.stats.HandleRPC(s.Context(), &stats.OutTrailer{
+				Trailer: s.trailer.Copy(),
+			})
 		}
-		ht.Close()
-		close(ht.writes)
 	}
+	ht.Close()
 	return err
 }
 
@@ -274,9 +267,7 @@ func (ht *serverHandlerTransport) Write(s *Stream, hdr []byte, data []byte, opts
 		ht.writeCommonHeaders(s)
 		ht.rw.Write(hdr)
 		ht.rw.Write(data)
-		if !opts.Delay {
-			ht.rw.(http.Flusher).Flush()
-		}
+		ht.rw.(http.Flusher).Flush()
 	})
 }
 
@@ -300,7 +291,9 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error {
 
 	if err == nil {
 		if ht.stats != nil {
-			ht.stats.HandleRPC(s.Context(), &stats.OutHeader{})
+			ht.stats.HandleRPC(s.Context(), &stats.OutHeader{
+				Header: md.Copy(),
+			})
 		}
 	}
 	return err
@@ -309,7 +302,7 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error {
 func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), traceCtx func(context.Context, string) context.Context) {
 	// With this transport type there will be exactly 1 stream: this HTTP request.
 
-	ctx := contextFromRequest(ht.req)
+	ctx := ht.req.Context()
 	var cancel context.CancelFunc
 	if ht.timeoutSet {
 		ctx, cancel = context.WithTimeout(ctx, ht.timeout)
@@ -317,22 +310,16 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), trace
 		ctx, cancel = context.WithCancel(ctx)
 	}
 
-	// requestOver is closed when either the request's context is done
-	// or the status has been written via WriteStatus.
+	// requestOver is closed when the status has been written via WriteStatus.
 	requestOver := make(chan struct{})
-
-	// clientGone receives a single value if peer is gone, either
-	// because the underlying connection is dead or because the
-	// peer sends an http2 RST_STREAM.
-	clientGone := ht.rw.(http.CloseNotifier).CloseNotify()
 	go func() {
 		select {
 		case <-requestOver:
-			return
 		case <-ht.closedCh:
-		case <-clientGone:
+		case <-ht.req.Context().Done():
 		}
 		cancel()
+		ht.Close()
 	}()
 
 	req := ht.req
@@ -351,7 +338,7 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), trace
 		Addr: ht.RemoteAddr(),
 	}
 	if req.TLS != nil {
-		pr.AuthInfo = credentials.TLSInfo{State: *req.TLS}
+		pr.AuthInfo = credentials.TLSInfo{State: *req.TLS, CommonAuthInfo: credentials.CommonAuthInfo{credentials.PrivacyAndIntegrity}}
 	}
 	ctx = metadata.NewIncomingContext(ctx, ht.headerMD)
 	s.ctx = peer.NewContext(ctx, pr)
@@ -365,7 +352,7 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), trace
 		ht.stats.HandleRPC(s.ctx, inHeader)
 	}
 	s.trReader = &transportReader{
-		reader:        &recvBufferReader{ctx: s.ctx, ctxDone: s.ctx.Done(), recv: s.buf},
+		reader:        &recvBufferReader{ctx: s.ctx, ctxDone: s.ctx.Done(), recv: s.buf, freeBuffer: func(*bytes.Buffer) {}},
 		windowHandler: func(int) {},
 	}
 
@@ -379,7 +366,7 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), trace
 		for buf := make([]byte, readSize); ; {
 			n, err := req.Body.Read(buf)
 			if n > 0 {
-				s.buf.put(recvMsg{data: buf[:n:n]})
+				s.buf.put(recvMsg{buffer: bytes.NewBuffer(buf[:n:n])})
 				buf = buf[n:]
 			}
 			if err != nil {
@@ -409,10 +396,7 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), trace
 func (ht *serverHandlerTransport) runStream() {
 	for {
 		select {
-		case fn, ok := <-ht.writes:
-			if !ok {
-				return
-			}
+		case fn := <-ht.writes:
 			fn()
 		case <-ht.closedCh:
 			return
@@ -434,18 +418,18 @@ func (ht *serverHandlerTransport) Drain() {
 //   * io.EOF
 //   * io.ErrUnexpectedEOF
 //   * of type transport.ConnectionError
-//   * of type transport.StreamError
+//   * an error from the status package
 func mapRecvMsgError(err error) error {
 	if err == io.EOF || err == io.ErrUnexpectedEOF {
 		return err
 	}
 	if se, ok := err.(http2.StreamError); ok {
 		if code, ok := http2ErrConvTab[se.Code]; ok {
-			return StreamError{
-				Code: code,
-				Desc: se.Error(),
-			}
+			return status.Error(code, se.Error())
 		}
 	}
+	if strings.Contains(err.Error(), "body closed by handler") {
+		return status.Error(codes.Canceled, err.Error())
+	}
 	return connectionErrorf(true, err, err.Error())
 }
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
new file mode 100644
index 0000000000000..2d6feeb1be973
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -0,0 +1,1454 @@
+/*
+ *
+ * Copyright 2014 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package transport
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"math"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/hpack"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/internal/channelz"
+	"google.golang.org/grpc/internal/syscall"
+	"google.golang.org/grpc/keepalive"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/peer"
+	"google.golang.org/grpc/stats"
+	"google.golang.org/grpc/status"
+)
+
+// clientConnectionCounter counts the number of connections a client has
+// initiated (equal to the number of http2Clients created). Must be accessed
+// atomically.
+var clientConnectionCounter uint64
+
+// http2Client implements the ClientTransport interface with HTTP2.
+type http2Client struct {
+	lastRead   int64 // Keep this field 64-bit aligned. Accessed atomically.
+	ctx        context.Context
+	cancel     context.CancelFunc
+	ctxDone    <-chan struct{} // Cache the ctx.Done() chan.
+	userAgent  string
+	md         interface{}
+	conn       net.Conn // underlying communication channel
+	loopy      *loopyWriter
+	remoteAddr net.Addr
+	localAddr  net.Addr
+	authInfo   credentials.AuthInfo // auth info about the connection
+
+	readerDone chan struct{} // sync point to enable testing.
+	writerDone chan struct{} // sync point to enable testing.
+	// goAway is closed to notify the upper layer (i.e., addrConn.transportMonitor)
+	// that the server sent GoAway on this transport.
+	goAway chan struct{}
+
+	framer *framer
+	// controlBuf delivers all the control related tasks (e.g., window
+	// updates, reset streams, and various settings) to the controller.
+	controlBuf *controlBuffer
+	fc         *trInFlow
+	// The scheme used: https if TLS is on, http otherwise.
+	scheme string
+
+	isSecure bool
+
+	perRPCCreds []credentials.PerRPCCredentials
+
+	kp               keepalive.ClientParameters
+	keepaliveEnabled bool
+
+	statsHandler stats.Handler
+
+	initialWindowSize int32
+
+	// configured by peer through SETTINGS_MAX_HEADER_LIST_SIZE
+	maxSendHeaderListSize *uint32
+
+	bdpEst *bdpEstimator
+	// onPrefaceReceipt is a callback that client transport calls upon
+	// receiving server preface to signal that a succefull HTTP2
+	// connection was established.
+	onPrefaceReceipt func()
+
+	maxConcurrentStreams  uint32
+	streamQuota           int64
+	streamsQuotaAvailable chan struct{}
+	waitingStreams        uint32
+	nextID                uint32
+
+	mu            sync.Mutex // guard the following variables
+	state         transportState
+	activeStreams map[uint32]*Stream
+	// prevGoAway ID records the Last-Stream-ID in the previous GOAway frame.
+	prevGoAwayID uint32
+	// goAwayReason records the http2.ErrCode and debug data received with the
+	// GoAway frame.
+	goAwayReason GoAwayReason
+	// A condition variable used to signal when the keepalive goroutine should
+	// go dormant. The condition for dormancy is based on the number of active
+	// streams and the `PermitWithoutStream` keepalive client parameter. And
+	// since the number of active streams is guarded by the above mutex, we use
+	// the same for this condition variable as well.
+	kpDormancyCond *sync.Cond
+	// A boolean to track whether the keepalive goroutine is dormant or not.
+	// This is checked before attempting to signal the above condition
+	// variable.
+	kpDormant bool
+
+	// Fields below are for channelz metric collection.
+	channelzID int64 // channelz unique identification number
+	czData     *channelzData
+
+	onGoAway func(GoAwayReason)
+	onClose  func()
+
+	bufferPool *bufferPool
+
+	connectionID uint64
+}
+
+func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error), addr string) (net.Conn, error) {
+	if fn != nil {
+		return fn(ctx, addr)
+	}
+	return (&net.Dialer{}).DialContext(ctx, "tcp", addr)
+}
+
+func isTemporary(err error) bool {
+	switch err := err.(type) {
+	case interface {
+		Temporary() bool
+	}:
+		return err.Temporary()
+	case interface {
+		Timeout() bool
+	}:
+		// Timeouts may be resolved upon retry, and are thus treated as
+		// temporary.
+		return err.Timeout()
+	}
+	return true
+}
+
+// newHTTP2Client constructs a connected ClientTransport to addr based on HTTP2
+// and starts to receive messages on it. Non-nil error returns if construction
+// fails.
+func newHTTP2Client(connectCtx, ctx context.Context, addr TargetInfo, opts ConnectOptions, onPrefaceReceipt func(), onGoAway func(GoAwayReason), onClose func()) (_ *http2Client, err error) {
+	scheme := "http"
+	ctx, cancel := context.WithCancel(ctx)
+	defer func() {
+		if err != nil {
+			cancel()
+		}
+	}()
+
+	conn, err := dial(connectCtx, opts.Dialer, addr.Addr)
+	if err != nil {
+		if opts.FailOnNonTempDialError {
+			return nil, connectionErrorf(isTemporary(err), err, "transport: error while dialing: %v", err)
+		}
+		return nil, connectionErrorf(true, err, "transport: Error while dialing %v", err)
+	}
+	// Any further errors will close the underlying connection
+	defer func(conn net.Conn) {
+		if err != nil {
+			conn.Close()
+		}
+	}(conn)
+	kp := opts.KeepaliveParams
+	// Validate keepalive parameters.
+	if kp.Time == 0 {
+		kp.Time = defaultClientKeepaliveTime
+	}
+	if kp.Timeout == 0 {
+		kp.Timeout = defaultClientKeepaliveTimeout
+	}
+	keepaliveEnabled := false
+	if kp.Time != infinity {
+		if err = syscall.SetTCPUserTimeout(conn, kp.Timeout); err != nil {
+			return nil, connectionErrorf(false, err, "transport: failed to set TCP_USER_TIMEOUT: %v", err)
+		}
+		keepaliveEnabled = true
+	}
+	var (
+		isSecure bool
+		authInfo credentials.AuthInfo
+	)
+	transportCreds := opts.TransportCredentials
+	perRPCCreds := opts.PerRPCCredentials
+
+	if b := opts.CredsBundle; b != nil {
+		if t := b.TransportCredentials(); t != nil {
+			transportCreds = t
+		}
+		if t := b.PerRPCCredentials(); t != nil {
+			perRPCCreds = append(perRPCCreds, t)
+		}
+	}
+	if transportCreds != nil {
+		scheme = "https"
+		conn, authInfo, err = transportCreds.ClientHandshake(connectCtx, addr.Authority, conn)
+		if err != nil {
+			return nil, connectionErrorf(isTemporary(err), err, "transport: authentication handshake failed: %v", err)
+		}
+		isSecure = true
+	}
+	dynamicWindow := true
+	icwz := int32(initialWindowSize)
+	if opts.InitialConnWindowSize >= defaultWindowSize {
+		icwz = opts.InitialConnWindowSize
+		dynamicWindow = false
+	}
+	writeBufSize := opts.WriteBufferSize
+	readBufSize := opts.ReadBufferSize
+	maxHeaderListSize := defaultClientMaxHeaderListSize
+	if opts.MaxHeaderListSize != nil {
+		maxHeaderListSize = *opts.MaxHeaderListSize
+	}
+	t := &http2Client{
+		ctx:                   ctx,
+		ctxDone:               ctx.Done(), // Cache Done chan.
+		cancel:                cancel,
+		userAgent:             opts.UserAgent,
+		md:                    addr.Metadata,
+		conn:                  conn,
+		remoteAddr:            conn.RemoteAddr(),
+		localAddr:             conn.LocalAddr(),
+		authInfo:              authInfo,
+		readerDone:            make(chan struct{}),
+		writerDone:            make(chan struct{}),
+		goAway:                make(chan struct{}),
+		framer:                newFramer(conn, writeBufSize, readBufSize, maxHeaderListSize),
+		fc:                    &trInFlow{limit: uint32(icwz)},
+		scheme:                scheme,
+		activeStreams:         make(map[uint32]*Stream),
+		isSecure:              isSecure,
+		perRPCCreds:           perRPCCreds,
+		kp:                    kp,
+		statsHandler:          opts.StatsHandler,
+		initialWindowSize:     initialWindowSize,
+		onPrefaceReceipt:      onPrefaceReceipt,
+		nextID:                1,
+		maxConcurrentStreams:  defaultMaxStreamsClient,
+		streamQuota:           defaultMaxStreamsClient,
+		streamsQuotaAvailable: make(chan struct{}, 1),
+		czData:                new(channelzData),
+		onGoAway:              onGoAway,
+		onClose:               onClose,
+		keepaliveEnabled:      keepaliveEnabled,
+		bufferPool:            newBufferPool(),
+	}
+	t.controlBuf = newControlBuffer(t.ctxDone)
+	if opts.InitialWindowSize >= defaultWindowSize {
+		t.initialWindowSize = opts.InitialWindowSize
+		dynamicWindow = false
+	}
+	if dynamicWindow {
+		t.bdpEst = &bdpEstimator{
+			bdp:               initialWindowSize,
+			updateFlowControl: t.updateFlowControl,
+		}
+	}
+	if t.statsHandler != nil {
+		t.ctx = t.statsHandler.TagConn(t.ctx, &stats.ConnTagInfo{
+			RemoteAddr: t.remoteAddr,
+			LocalAddr:  t.localAddr,
+		})
+		connBegin := &stats.ConnBegin{
+			Client: true,
+		}
+		t.statsHandler.HandleConn(t.ctx, connBegin)
+	}
+	if channelz.IsOn() {
+		t.channelzID = channelz.RegisterNormalSocket(t, opts.ChannelzParentID, fmt.Sprintf("%s -> %s", t.localAddr, t.remoteAddr))
+	}
+	if t.keepaliveEnabled {
+		t.kpDormancyCond = sync.NewCond(&t.mu)
+		go t.keepalive()
+	}
+	// Start the reader goroutine for incoming message. Each transport has
+	// a dedicated goroutine which reads HTTP2 frame from network. Then it
+	// dispatches the frame to the corresponding stream entity.
+	go t.reader()
+
+	// Send connection preface to server.
+	n, err := t.conn.Write(clientPreface)
+	if err != nil {
+		t.Close()
+		return nil, connectionErrorf(true, err, "transport: failed to write client preface: %v", err)
+	}
+	if n != len(clientPreface) {
+		t.Close()
+		return nil, connectionErrorf(true, err, "transport: preface mismatch, wrote %d bytes; want %d", n, len(clientPreface))
+	}
+	var ss []http2.Setting
+
+	if t.initialWindowSize != defaultWindowSize {
+		ss = append(ss, http2.Setting{
+			ID:  http2.SettingInitialWindowSize,
+			Val: uint32(t.initialWindowSize),
+		})
+	}
+	if opts.MaxHeaderListSize != nil {
+		ss = append(ss, http2.Setting{
+			ID:  http2.SettingMaxHeaderListSize,
+			Val: *opts.MaxHeaderListSize,
+		})
+	}
+	err = t.framer.fr.WriteSettings(ss...)
+	if err != nil {
+		t.Close()
+		return nil, connectionErrorf(true, err, "transport: failed to write initial settings frame: %v", err)
+	}
+	// Adjust the connection flow control window if needed.
+	if delta := uint32(icwz - defaultWindowSize); delta > 0 {
+		if err := t.framer.fr.WriteWindowUpdate(0, delta); err != nil {
+			t.Close()
+			return nil, connectionErrorf(true, err, "transport: failed to write window update: %v", err)
+		}
+	}
+
+	t.connectionID = atomic.AddUint64(&clientConnectionCounter, 1)
+
+	if err := t.framer.writer.Flush(); err != nil {
+		return nil, err
+	}
+	go func() {
+		t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst)
+		err := t.loopy.run()
+		if err != nil {
+			errorf("transport: loopyWriter.run returning. Err: %v", err)
+		}
+		// If it's a connection error, let reader goroutine handle it
+		// since there might be data in the buffers.
+		if _, ok := err.(net.Error); !ok {
+			t.conn.Close()
+		}
+		close(t.writerDone)
+	}()
+	return t, nil
+}
+
+func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *Stream {
+	// TODO(zhaoq): Handle uint32 overflow of Stream.id.
+	s := &Stream{
+		ct:             t,
+		done:           make(chan struct{}),
+		method:         callHdr.Method,
+		sendCompress:   callHdr.SendCompress,
+		buf:            newRecvBuffer(),
+		headerChan:     make(chan struct{}),
+		contentSubtype: callHdr.ContentSubtype,
+	}
+	s.wq = newWriteQuota(defaultWriteQuota, s.done)
+	s.requestRead = func(n int) {
+		t.adjustWindow(s, uint32(n))
+	}
+	// The client side stream context should have exactly the same life cycle with the user provided context.
+	// That means, s.ctx should be read-only. And s.ctx is done iff ctx is done.
+	// So we use the original context here instead of creating a copy.
+	s.ctx = ctx
+	s.trReader = &transportReader{
+		reader: &recvBufferReader{
+			ctx:     s.ctx,
+			ctxDone: s.ctx.Done(),
+			recv:    s.buf,
+			closeStream: func(err error) {
+				t.CloseStream(s, err)
+			},
+			freeBuffer: t.bufferPool.put,
+		},
+		windowHandler: func(n int) {
+			t.updateWindow(s, uint32(n))
+		},
+	}
+	return s
+}
+
+func (t *http2Client) getPeer() *peer.Peer {
+	return &peer.Peer{
+		Addr:     t.remoteAddr,
+		AuthInfo: t.authInfo,
+	}
+}
+
+func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) ([]hpack.HeaderField, error) {
+	aud := t.createAudience(callHdr)
+	ri := credentials.RequestInfo{
+		Method:   callHdr.Method,
+		AuthInfo: t.authInfo,
+	}
+	ctxWithRequestInfo := internal.NewRequestInfoContext.(func(context.Context, credentials.RequestInfo) context.Context)(ctx, ri)
+	authData, err := t.getTrAuthData(ctxWithRequestInfo, aud)
+	if err != nil {
+		return nil, err
+	}
+	callAuthData, err := t.getCallAuthData(ctxWithRequestInfo, aud, callHdr)
+	if err != nil {
+		return nil, err
+	}
+	// TODO(mmukhi): Benchmark if the performance gets better if count the metadata and other header fields
+	// first and create a slice of that exact size.
+	// Make the slice of certain predictable size to reduce allocations made by append.
+	hfLen := 7 // :method, :scheme, :path, :authority, content-type, user-agent, te
+	hfLen += len(authData) + len(callAuthData)
+	headerFields := make([]hpack.HeaderField, 0, hfLen)
+	headerFields = append(headerFields, hpack.HeaderField{Name: ":method", Value: "POST"})
+	headerFields = append(headerFields, hpack.HeaderField{Name: ":scheme", Value: t.scheme})
+	headerFields = append(headerFields, hpack.HeaderField{Name: ":path", Value: callHdr.Method})
+	headerFields = append(headerFields, hpack.HeaderField{Name: ":authority", Value: callHdr.Host})
+	headerFields = append(headerFields, hpack.HeaderField{Name: "content-type", Value: contentType(callHdr.ContentSubtype)})
+	headerFields = append(headerFields, hpack.HeaderField{Name: "user-agent", Value: t.userAgent})
+	headerFields = append(headerFields, hpack.HeaderField{Name: "te", Value: "trailers"})
+	if callHdr.PreviousAttempts > 0 {
+		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-previous-rpc-attempts", Value: strconv.Itoa(callHdr.PreviousAttempts)})
+	}
+
+	if callHdr.SendCompress != "" {
+		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-encoding", Value: callHdr.SendCompress})
+		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-accept-encoding", Value: callHdr.SendCompress})
+	}
+	if dl, ok := ctx.Deadline(); ok {
+		// Send out timeout regardless its value. The server can detect timeout context by itself.
+		// TODO(mmukhi): Perhaps this field should be updated when actually writing out to the wire.
+		timeout := time.Until(dl)
+		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-timeout", Value: encodeTimeout(timeout)})
+	}
+	for k, v := range authData {
+		headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
+	}
+	for k, v := range callAuthData {
+		headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
+	}
+	if b := stats.OutgoingTags(ctx); b != nil {
+		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-tags-bin", Value: encodeBinHeader(b)})
+	}
+	if b := stats.OutgoingTrace(ctx); b != nil {
+		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-trace-bin", Value: encodeBinHeader(b)})
+	}
+
+	if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok {
+		var k string
+		for k, vv := range md {
+			// HTTP doesn't allow you to set pseudoheaders after non pseudoheaders were set.
+			if isReservedHeader(k) {
+				continue
+			}
+			for _, v := range vv {
+				headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
+			}
+		}
+		for _, vv := range added {
+			for i, v := range vv {
+				if i%2 == 0 {
+					k = v
+					continue
+				}
+				// HTTP doesn't allow you to set pseudoheaders after non pseudoheaders were set.
+				if isReservedHeader(k) {
+					continue
+				}
+				headerFields = append(headerFields, hpack.HeaderField{Name: strings.ToLower(k), Value: encodeMetadataHeader(k, v)})
+			}
+		}
+	}
+	if md, ok := t.md.(*metadata.MD); ok {
+		for k, vv := range *md {
+			if isReservedHeader(k) {
+				continue
+			}
+			for _, v := range vv {
+				headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
+			}
+		}
+	}
+	return headerFields, nil
+}
+
+func (t *http2Client) createAudience(callHdr *CallHdr) string {
+	// Create an audience string only if needed.
+	if len(t.perRPCCreds) == 0 && callHdr.Creds == nil {
+		return ""
+	}
+	// Construct URI required to get auth request metadata.
+	// Omit port if it is the default one.
+	host := strings.TrimSuffix(callHdr.Host, ":443")
+	pos := strings.LastIndex(callHdr.Method, "/")
+	if pos == -1 {
+		pos = len(callHdr.Method)
+	}
+	return "https://" + host + callHdr.Method[:pos]
+}
+
+func (t *http2Client) getTrAuthData(ctx context.Context, audience string) (map[string]string, error) {
+	if len(t.perRPCCreds) == 0 {
+		return nil, nil
+	}
+	authData := map[string]string{}
+	for _, c := range t.perRPCCreds {
+		data, err := c.GetRequestMetadata(ctx, audience)
+		if err != nil {
+			if _, ok := status.FromError(err); ok {
+				return nil, err
+			}
+
+			return nil, status.Errorf(codes.Unauthenticated, "transport: %v", err)
+		}
+		for k, v := range data {
+			// Capital header names are illegal in HTTP/2.
+			k = strings.ToLower(k)
+			authData[k] = v
+		}
+	}
+	return authData, nil
+}
+
+func (t *http2Client) getCallAuthData(ctx context.Context, audience string, callHdr *CallHdr) (map[string]string, error) {
+	var callAuthData map[string]string
+	// Check if credentials.PerRPCCredentials were provided via call options.
+	// Note: if these credentials are provided both via dial options and call
+	// options, then both sets of credentials will be applied.
+	if callCreds := callHdr.Creds; callCreds != nil {
+		if !t.isSecure && callCreds.RequireTransportSecurity() {
+			return nil, status.Error(codes.Unauthenticated, "transport: cannot send secure credentials on an insecure connection")
+		}
+		data, err := callCreds.GetRequestMetadata(ctx, audience)
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "transport: %v", err)
+		}
+		callAuthData = make(map[string]string, len(data))
+		for k, v := range data {
+			// Capital header names are illegal in HTTP/2
+			k = strings.ToLower(k)
+			callAuthData[k] = v
+		}
+	}
+	return callAuthData, nil
+}
+
+// NewStream creates a stream and registers it into the transport as "active"
+// streams.
+func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Stream, err error) {
+	ctx = peer.NewContext(ctx, t.getPeer())
+	headerFields, err := t.createHeaderFields(ctx, callHdr)
+	if err != nil {
+		return nil, err
+	}
+	s := t.newStream(ctx, callHdr)
+	cleanup := func(err error) {
+		if s.swapState(streamDone) == streamDone {
+			// If it was already done, return.
+			return
+		}
+		// The stream was unprocessed by the server.
+		atomic.StoreUint32(&s.unprocessed, 1)
+		s.write(recvMsg{err: err})
+		close(s.done)
+		// If headerChan isn't closed, then close it.
+		if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
+			close(s.headerChan)
+		}
+	}
+	hdr := &headerFrame{
+		hf:        headerFields,
+		endStream: false,
+		initStream: func(id uint32) error {
+			t.mu.Lock()
+			if state := t.state; state != reachable {
+				t.mu.Unlock()
+				// Do a quick cleanup.
+				err := error(errStreamDrain)
+				if state == closing {
+					err = ErrConnClosing
+				}
+				cleanup(err)
+				return err
+			}
+			t.activeStreams[id] = s
+			if channelz.IsOn() {
+				atomic.AddInt64(&t.czData.streamsStarted, 1)
+				atomic.StoreInt64(&t.czData.lastStreamCreatedTime, time.Now().UnixNano())
+			}
+			// If the keepalive goroutine has gone dormant, wake it up.
+			if t.kpDormant {
+				t.kpDormancyCond.Signal()
+			}
+			t.mu.Unlock()
+			return nil
+		},
+		onOrphaned: cleanup,
+		wq:         s.wq,
+	}
+	firstTry := true
+	var ch chan struct{}
+	checkForStreamQuota := func(it interface{}) bool {
+		if t.streamQuota <= 0 { // Can go negative if server decreases it.
+			if firstTry {
+				t.waitingStreams++
+			}
+			ch = t.streamsQuotaAvailable
+			return false
+		}
+		if !firstTry {
+			t.waitingStreams--
+		}
+		t.streamQuota--
+		h := it.(*headerFrame)
+		h.streamID = t.nextID
+		t.nextID += 2
+		s.id = h.streamID
+		s.fc = &inFlow{limit: uint32(t.initialWindowSize)}
+		if t.streamQuota > 0 && t.waitingStreams > 0 {
+			select {
+			case t.streamsQuotaAvailable <- struct{}{}:
+			default:
+			}
+		}
+		return true
+	}
+	var hdrListSizeErr error
+	checkForHeaderListSize := func(it interface{}) bool {
+		if t.maxSendHeaderListSize == nil {
+			return true
+		}
+		hdrFrame := it.(*headerFrame)
+		var sz int64
+		for _, f := range hdrFrame.hf {
+			if sz += int64(f.Size()); sz > int64(*t.maxSendHeaderListSize) {
+				hdrListSizeErr = status.Errorf(codes.Internal, "header list size to send violates the maximum size (%d bytes) set by server", *t.maxSendHeaderListSize)
+				return false
+			}
+		}
+		return true
+	}
+	for {
+		success, err := t.controlBuf.executeAndPut(func(it interface{}) bool {
+			if !checkForStreamQuota(it) {
+				return false
+			}
+			if !checkForHeaderListSize(it) {
+				return false
+			}
+			return true
+		}, hdr)
+		if err != nil {
+			return nil, err
+		}
+		if success {
+			break
+		}
+		if hdrListSizeErr != nil {
+			return nil, hdrListSizeErr
+		}
+		firstTry = false
+		select {
+		case <-ch:
+		case <-s.ctx.Done():
+			return nil, ContextErr(s.ctx.Err())
+		case <-t.goAway:
+			return nil, errStreamDrain
+		case <-t.ctx.Done():
+			return nil, ErrConnClosing
+		}
+	}
+	if t.statsHandler != nil {
+		header, _, _ := metadata.FromOutgoingContextRaw(ctx)
+		outHeader := &stats.OutHeader{
+			Client:      true,
+			FullMethod:  callHdr.Method,
+			RemoteAddr:  t.remoteAddr,
+			LocalAddr:   t.localAddr,
+			Compression: callHdr.SendCompress,
+			Header:      header.Copy(),
+		}
+		t.statsHandler.HandleRPC(s.ctx, outHeader)
+	}
+	return s, nil
+}
+
+// CloseStream clears the footprint of a stream when the stream is not needed any more.
+// This must not be executed in reader's goroutine.
+func (t *http2Client) CloseStream(s *Stream, err error) {
+	var (
+		rst     bool
+		rstCode http2.ErrCode
+	)
+	if err != nil {
+		rst = true
+		rstCode = http2.ErrCodeCancel
+	}
+	t.closeStream(s, err, rst, rstCode, status.Convert(err), nil, false)
+}
+
+func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2.ErrCode, st *status.Status, mdata map[string][]string, eosReceived bool) {
+	// Set stream status to done.
+	if s.swapState(streamDone) == streamDone {
+		// If it was already done, return.  If multiple closeStream calls
+		// happen simultaneously, wait for the first to finish.
+		<-s.done
+		return
+	}
+	// status and trailers can be updated here without any synchronization because the stream goroutine will
+	// only read it after it sees an io.EOF error from read or write and we'll write those errors
+	// only after updating this.
+	s.status = st
+	if len(mdata) > 0 {
+		s.trailer = mdata
+	}
+	if err != nil {
+		// This will unblock reads eventually.
+		s.write(recvMsg{err: err})
+	}
+	// If headerChan isn't closed, then close it.
+	if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
+		s.noHeaders = true
+		close(s.headerChan)
+	}
+	cleanup := &cleanupStream{
+		streamID: s.id,
+		onWrite: func() {
+			t.mu.Lock()
+			if t.activeStreams != nil {
+				delete(t.activeStreams, s.id)
+			}
+			t.mu.Unlock()
+			if channelz.IsOn() {
+				if eosReceived {
+					atomic.AddInt64(&t.czData.streamsSucceeded, 1)
+				} else {
+					atomic.AddInt64(&t.czData.streamsFailed, 1)
+				}
+			}
+		},
+		rst:     rst,
+		rstCode: rstCode,
+	}
+	addBackStreamQuota := func(interface{}) bool {
+		t.streamQuota++
+		if t.streamQuota > 0 && t.waitingStreams > 0 {
+			select {
+			case t.streamsQuotaAvailable <- struct{}{}:
+			default:
+			}
+		}
+		return true
+	}
+	t.controlBuf.executeAndPut(addBackStreamQuota, cleanup)
+	// This will unblock write.
+	close(s.done)
+}
+
+// Close kicks off the shutdown process of the transport. This should be called
+// only once on a transport. Once it is called, the transport should not be
+// accessed any more.
+//
+// This method blocks until the addrConn that initiated this transport is
+// re-connected. This happens because t.onClose() begins reconnect logic at the
+// addrConn level and blocks until the addrConn is successfully connected.
+func (t *http2Client) Close() error {
+	t.mu.Lock()
+	// Make sure we only Close once.
+	if t.state == closing {
+		t.mu.Unlock()
+		return nil
+	}
+	// Call t.onClose before setting the state to closing to prevent the client
+	// from attempting to create new streams ASAP.
+	t.onClose()
+	t.state = closing
+	streams := t.activeStreams
+	t.activeStreams = nil
+	if t.kpDormant {
+		// If the keepalive goroutine is blocked on this condition variable, we
+		// should unblock it so that the goroutine eventually exits.
+		t.kpDormancyCond.Signal()
+	}
+	t.mu.Unlock()
+	t.controlBuf.finish()
+	t.cancel()
+	err := t.conn.Close()
+	if channelz.IsOn() {
+		channelz.RemoveEntry(t.channelzID)
+	}
+	// Notify all active streams.
+	for _, s := range streams {
+		t.closeStream(s, ErrConnClosing, false, http2.ErrCodeNo, status.New(codes.Unavailable, ErrConnClosing.Desc), nil, false)
+	}
+	if t.statsHandler != nil {
+		connEnd := &stats.ConnEnd{
+			Client: true,
+		}
+		t.statsHandler.HandleConn(t.ctx, connEnd)
+	}
+	return err
+}
+
+// GracefulClose sets the state to draining, which prevents new streams from
+// being created and causes the transport to be closed when the last active
+// stream is closed.  If there are no active streams, the transport is closed
+// immediately.  This does nothing if the transport is already draining or
+// closing.
+func (t *http2Client) GracefulClose() {
+	t.mu.Lock()
+	// Make sure we move to draining only from active.
+	if t.state == draining || t.state == closing {
+		t.mu.Unlock()
+		return
+	}
+	t.state = draining
+	active := len(t.activeStreams)
+	t.mu.Unlock()
+	if active == 0 {
+		t.Close()
+		return
+	}
+	t.controlBuf.put(&incomingGoAway{})
+}
+
+// Write formats the data into HTTP2 data frame(s) and sends it out. The caller
+// should proceed only if Write returns nil.
+func (t *http2Client) Write(s *Stream, hdr []byte, data []byte, opts *Options) error {
+	if opts.Last {
+		// If it's the last message, update stream state.
+		if !s.compareAndSwapState(streamActive, streamWriteDone) {
+			return errStreamDone
+		}
+	} else if s.getState() != streamActive {
+		return errStreamDone
+	}
+	df := &dataFrame{
+		streamID:  s.id,
+		endStream: opts.Last,
+	}
+	if hdr != nil || data != nil { // If it's not an empty data frame.
+		// Add some data to grpc message header so that we can equally
+		// distribute bytes across frames.
+		emptyLen := http2MaxFrameLen - len(hdr)
+		if emptyLen > len(data) {
+			emptyLen = len(data)
+		}
+		hdr = append(hdr, data[:emptyLen]...)
+		data = data[emptyLen:]
+		df.h, df.d = hdr, data
+		// TODO(mmukhi): The above logic in this if can be moved to loopyWriter's data handler.
+		if err := s.wq.get(int32(len(hdr) + len(data))); err != nil {
+			return err
+		}
+	}
+	return t.controlBuf.put(df)
+}
+
+func (t *http2Client) getStream(f http2.Frame) *Stream {
+	t.mu.Lock()
+	s := t.activeStreams[f.Header().StreamID]
+	t.mu.Unlock()
+	return s
+}
+
+// adjustWindow sends out extra window update over the initial window size
+// of stream if the application is requesting data larger in size than
+// the window.
+func (t *http2Client) adjustWindow(s *Stream, n uint32) {
+	if w := s.fc.maybeAdjust(n); w > 0 {
+		t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w})
+	}
+}
+
+// updateWindow adjusts the inbound quota for the stream.
+// Window updates will be sent out when the cumulative quota
+// exceeds the corresponding threshold.
+func (t *http2Client) updateWindow(s *Stream, n uint32) {
+	if w := s.fc.onRead(n); w > 0 {
+		t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w})
+	}
+}
+
+// updateFlowControl updates the incoming flow control windows
+// for the transport and the stream based on the current bdp
+// estimation.
+func (t *http2Client) updateFlowControl(n uint32) {
+	t.mu.Lock()
+	for _, s := range t.activeStreams {
+		s.fc.newLimit(n)
+	}
+	t.mu.Unlock()
+	updateIWS := func(interface{}) bool {
+		t.initialWindowSize = int32(n)
+		return true
+	}
+	t.controlBuf.executeAndPut(updateIWS, &outgoingWindowUpdate{streamID: 0, increment: t.fc.newLimit(n)})
+	t.controlBuf.put(&outgoingSettings{
+		ss: []http2.Setting{
+			{
+				ID:  http2.SettingInitialWindowSize,
+				Val: n,
+			},
+		},
+	})
+}
+
+func (t *http2Client) handleData(f *http2.DataFrame) {
+	size := f.Header().Length
+	var sendBDPPing bool
+	if t.bdpEst != nil {
+		sendBDPPing = t.bdpEst.add(size)
+	}
+	// Decouple connection's flow control from application's read.
+	// An update on connection's flow control should not depend on
+	// whether user application has read the data or not. Such a
+	// restriction is already imposed on the stream's flow control,
+	// and therefore the sender will be blocked anyways.
+	// Decoupling the connection flow control will prevent other
+	// active(fast) streams from starving in presence of slow or
+	// inactive streams.
+	//
+	if w := t.fc.onData(size); w > 0 {
+		t.controlBuf.put(&outgoingWindowUpdate{
+			streamID:  0,
+			increment: w,
+		})
+	}
+	if sendBDPPing {
+		// Avoid excessive ping detection (e.g. in an L7 proxy)
+		// by sending a window update prior to the BDP ping.
+
+		if w := t.fc.reset(); w > 0 {
+			t.controlBuf.put(&outgoingWindowUpdate{
+				streamID:  0,
+				increment: w,
+			})
+		}
+
+		t.controlBuf.put(bdpPing)
+	}
+	// Select the right stream to dispatch.
+	s := t.getStream(f)
+	if s == nil {
+		return
+	}
+	if size > 0 {
+		if err := s.fc.onData(size); err != nil {
+			t.closeStream(s, io.EOF, true, http2.ErrCodeFlowControl, status.New(codes.Internal, err.Error()), nil, false)
+			return
+		}
+		if f.Header().Flags.Has(http2.FlagDataPadded) {
+			if w := s.fc.onRead(size - uint32(len(f.Data()))); w > 0 {
+				t.controlBuf.put(&outgoingWindowUpdate{s.id, w})
+			}
+		}
+		// TODO(bradfitz, zhaoq): A copy is required here because there is no
+		// guarantee f.Data() is consumed before the arrival of next frame.
+		// Can this copy be eliminated?
+		if len(f.Data()) > 0 {
+			buffer := t.bufferPool.get()
+			buffer.Reset()
+			buffer.Write(f.Data())
+			s.write(recvMsg{buffer: buffer})
+		}
+	}
+	// The server has closed the stream without sending trailers.  Record that
+	// the read direction is closed, and set the status appropriately.
+	if f.FrameHeader.Flags.Has(http2.FlagDataEndStream) {
+		t.closeStream(s, io.EOF, false, http2.ErrCodeNo, status.New(codes.Internal, "server closed the stream without sending trailers"), nil, true)
+	}
+}
+
+func (t *http2Client) handleRSTStream(f *http2.RSTStreamFrame) {
+	s := t.getStream(f)
+	if s == nil {
+		return
+	}
+	if f.ErrCode == http2.ErrCodeRefusedStream {
+		// The stream was unprocessed by the server.
+		atomic.StoreUint32(&s.unprocessed, 1)
+	}
+	statusCode, ok := http2ErrConvTab[f.ErrCode]
+	if !ok {
+		warningf("transport: http2Client.handleRSTStream found no mapped gRPC status for the received http2 error %v", f.ErrCode)
+		statusCode = codes.Unknown
+	}
+	if statusCode == codes.Canceled {
+		if d, ok := s.ctx.Deadline(); ok && !d.After(time.Now()) {
+			// Our deadline was already exceeded, and that was likely the cause
+			// of this cancelation.  Alter the status code accordingly.
+			statusCode = codes.DeadlineExceeded
+		}
+	}
+	t.closeStream(s, io.EOF, false, http2.ErrCodeNo, status.Newf(statusCode, "stream terminated by RST_STREAM with error code: %v", f.ErrCode), nil, false)
+}
+
+func (t *http2Client) handleSettings(f *http2.SettingsFrame, isFirst bool) {
+	if f.IsAck() {
+		return
+	}
+	var maxStreams *uint32
+	var ss []http2.Setting
+	var updateFuncs []func()
+	f.ForeachSetting(func(s http2.Setting) error {
+		switch s.ID {
+		case http2.SettingMaxConcurrentStreams:
+			maxStreams = new(uint32)
+			*maxStreams = s.Val
+		case http2.SettingMaxHeaderListSize:
+			updateFuncs = append(updateFuncs, func() {
+				t.maxSendHeaderListSize = new(uint32)
+				*t.maxSendHeaderListSize = s.Val
+			})
+		default:
+			ss = append(ss, s)
+		}
+		return nil
+	})
+	if isFirst && maxStreams == nil {
+		maxStreams = new(uint32)
+		*maxStreams = math.MaxUint32
+	}
+	sf := &incomingSettings{
+		ss: ss,
+	}
+	if maxStreams != nil {
+		updateStreamQuota := func() {
+			delta := int64(*maxStreams) - int64(t.maxConcurrentStreams)
+			t.maxConcurrentStreams = *maxStreams
+			t.streamQuota += delta
+			if delta > 0 && t.waitingStreams > 0 {
+				close(t.streamsQuotaAvailable) // wake all of them up.
+				t.streamsQuotaAvailable = make(chan struct{}, 1)
+			}
+		}
+		updateFuncs = append(updateFuncs, updateStreamQuota)
+	}
+	t.controlBuf.executeAndPut(func(interface{}) bool {
+		for _, f := range updateFuncs {
+			f()
+		}
+		return true
+	}, sf)
+}
+
+func (t *http2Client) handlePing(f *http2.PingFrame) {
+	if f.IsAck() {
+		// Maybe it's a BDP ping.
+		if t.bdpEst != nil {
+			t.bdpEst.calculate(f.Data)
+		}
+		return
+	}
+	pingAck := &ping{ack: true}
+	copy(pingAck.data[:], f.Data[:])
+	t.controlBuf.put(pingAck)
+}
+
+func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) {
+	t.mu.Lock()
+	if t.state == closing {
+		t.mu.Unlock()
+		return
+	}
+	if f.ErrCode == http2.ErrCodeEnhanceYourCalm {
+		infof("Client received GoAway with http2.ErrCodeEnhanceYourCalm.")
+	}
+	id := f.LastStreamID
+	if id > 0 && id%2 != 1 {
+		t.mu.Unlock()
+		t.Close()
+		return
+	}
+	// A client can receive multiple GoAways from the server (see
+	// https://github.com/grpc/grpc-go/issues/1387).  The idea is that the first
+	// GoAway will be sent with an ID of MaxInt32 and the second GoAway will be
+	// sent after an RTT delay with the ID of the last stream the server will
+	// process.
+	//
+	// Therefore, when we get the first GoAway we don't necessarily close any
+	// streams. While in case of second GoAway we close all streams created after
+	// the GoAwayId. This way streams that were in-flight while the GoAway from
+	// server was being sent don't get killed.
+	select {
+	case <-t.goAway: // t.goAway has been closed (i.e.,multiple GoAways).
+		// If there are multiple GoAways the first one should always have an ID greater than the following ones.
+		if id > t.prevGoAwayID {
+			t.mu.Unlock()
+			t.Close()
+			return
+		}
+	default:
+		t.setGoAwayReason(f)
+		close(t.goAway)
+		t.controlBuf.put(&incomingGoAway{})
+		// Notify the clientconn about the GOAWAY before we set the state to
+		// draining, to allow the client to stop attempting to create streams
+		// before disallowing new streams on this connection.
+		t.onGoAway(t.goAwayReason)
+		t.state = draining
+	}
+	// All streams with IDs greater than the GoAwayId
+	// and smaller than the previous GoAway ID should be killed.
+	upperLimit := t.prevGoAwayID
+	if upperLimit == 0 { // This is the first GoAway Frame.
+		upperLimit = math.MaxUint32 // Kill all streams after the GoAway ID.
+	}
+	for streamID, stream := range t.activeStreams {
+		if streamID > id && streamID <= upperLimit {
+			// The stream was unprocessed by the server.
+			atomic.StoreUint32(&stream.unprocessed, 1)
+			t.closeStream(stream, errStreamDrain, false, http2.ErrCodeNo, statusGoAway, nil, false)
+		}
+	}
+	t.prevGoAwayID = id
+	active := len(t.activeStreams)
+	t.mu.Unlock()
+	if active == 0 {
+		t.Close()
+	}
+}
+
+// setGoAwayReason sets the value of t.goAwayReason based
+// on the GoAway frame received.
+// It expects a lock on transport's mutext to be held by
+// the caller.
+func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) {
+	t.goAwayReason = GoAwayNoReason
+	switch f.ErrCode {
+	case http2.ErrCodeEnhanceYourCalm:
+		if string(f.DebugData()) == "too_many_pings" {
+			t.goAwayReason = GoAwayTooManyPings
+		}
+	}
+}
+
+func (t *http2Client) GetGoAwayReason() GoAwayReason {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	return t.goAwayReason
+}
+
+func (t *http2Client) handleWindowUpdate(f *http2.WindowUpdateFrame) {
+	t.controlBuf.put(&incomingWindowUpdate{
+		streamID:  f.Header().StreamID,
+		increment: f.Increment,
+	})
+}
+
+// operateHeaders takes action on the decoded headers.
+func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
+	s := t.getStream(frame)
+	if s == nil {
+		return
+	}
+	endStream := frame.StreamEnded()
+	atomic.StoreUint32(&s.bytesReceived, 1)
+	initialHeader := atomic.LoadUint32(&s.headerChanClosed) == 0
+
+	if !initialHeader && !endStream {
+		// As specified by gRPC over HTTP2, a HEADERS frame (and associated CONTINUATION frames) can only appear at the start or end of a stream. Therefore, second HEADERS frame must have EOS bit set.
+		st := status.New(codes.Internal, "a HEADERS frame cannot appear in the middle of a stream")
+		t.closeStream(s, st.Err(), true, http2.ErrCodeProtocol, st, nil, false)
+		return
+	}
+
+	state := &decodeState{}
+	// Initialize isGRPC value to be !initialHeader, since if a gRPC Response-Headers has already been received, then it means that the peer is speaking gRPC and we are in gRPC mode.
+	state.data.isGRPC = !initialHeader
+	if err := state.decodeHeader(frame); err != nil {
+		t.closeStream(s, err, true, http2.ErrCodeProtocol, status.Convert(err), nil, endStream)
+		return
+	}
+
+	isHeader := false
+	defer func() {
+		if t.statsHandler != nil {
+			if isHeader {
+				inHeader := &stats.InHeader{
+					Client:     true,
+					WireLength: int(frame.Header().Length),
+					Header:     s.header.Copy(),
+				}
+				t.statsHandler.HandleRPC(s.ctx, inHeader)
+			} else {
+				inTrailer := &stats.InTrailer{
+					Client:     true,
+					WireLength: int(frame.Header().Length),
+					Trailer:    s.trailer.Copy(),
+				}
+				t.statsHandler.HandleRPC(s.ctx, inTrailer)
+			}
+		}
+	}()
+
+	// If headerChan hasn't been closed yet
+	if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
+		s.headerValid = true
+		if !endStream {
+			// HEADERS frame block carries a Response-Headers.
+			isHeader = true
+			// These values can be set without any synchronization because
+			// stream goroutine will read it only after seeing a closed
+			// headerChan which we'll close after setting this.
+			s.recvCompress = state.data.encoding
+			if len(state.data.mdata) > 0 {
+				s.header = state.data.mdata
+			}
+		} else {
+			// HEADERS frame block carries a Trailers-Only.
+			s.noHeaders = true
+		}
+		close(s.headerChan)
+	}
+
+	if !endStream {
+		return
+	}
+
+	// if client received END_STREAM from server while stream was still active, send RST_STREAM
+	rst := s.getState() == streamActive
+	t.closeStream(s, io.EOF, rst, http2.ErrCodeNo, state.status(), state.data.mdata, true)
+}
+
+// reader runs as a separate goroutine in charge of reading data from network
+// connection.
+//
+// TODO(zhaoq): currently one reader per transport. Investigate whether this is
+// optimal.
+// TODO(zhaoq): Check the validity of the incoming frame sequence.
+func (t *http2Client) reader() {
+	defer close(t.readerDone)
+	// Check the validity of server preface.
+	frame, err := t.framer.fr.ReadFrame()
+	if err != nil {
+		t.Close() // this kicks off resetTransport, so must be last before return
+		return
+	}
+	t.conn.SetReadDeadline(time.Time{}) // reset deadline once we get the settings frame (we didn't time out, yay!)
+	if t.keepaliveEnabled {
+		atomic.StoreInt64(&t.lastRead, time.Now().UnixNano())
+	}
+	sf, ok := frame.(*http2.SettingsFrame)
+	if !ok {
+		t.Close() // this kicks off resetTransport, so must be last before return
+		return
+	}
+	t.onPrefaceReceipt()
+	t.handleSettings(sf, true)
+
+	// loop to keep reading incoming messages on this transport.
+	for {
+		t.controlBuf.throttle()
+		frame, err := t.framer.fr.ReadFrame()
+		if t.keepaliveEnabled {
+			atomic.StoreInt64(&t.lastRead, time.Now().UnixNano())
+		}
+		if err != nil {
+			// Abort an active stream if the http2.Framer returns a
+			// http2.StreamError. This can happen only if the server's response
+			// is malformed http2.
+			if se, ok := err.(http2.StreamError); ok {
+				t.mu.Lock()
+				s := t.activeStreams[se.StreamID]
+				t.mu.Unlock()
+				if s != nil {
+					// use error detail to provide better err message
+					code := http2ErrConvTab[se.Code]
+					msg := t.framer.fr.ErrorDetail().Error()
+					t.closeStream(s, status.Error(code, msg), true, http2.ErrCodeProtocol, status.New(code, msg), nil, false)
+				}
+				continue
+			} else {
+				// Transport error.
+				t.Close()
+				return
+			}
+		}
+		switch frame := frame.(type) {
+		case *http2.MetaHeadersFrame:
+			t.operateHeaders(frame)
+		case *http2.DataFrame:
+			t.handleData(frame)
+		case *http2.RSTStreamFrame:
+			t.handleRSTStream(frame)
+		case *http2.SettingsFrame:
+			t.handleSettings(frame, false)
+		case *http2.PingFrame:
+			t.handlePing(frame)
+		case *http2.GoAwayFrame:
+			t.handleGoAway(frame)
+		case *http2.WindowUpdateFrame:
+			t.handleWindowUpdate(frame)
+		default:
+			errorf("transport: http2Client.reader got unhandled frame type %v.", frame)
+		}
+	}
+}
+
+func minTime(a, b time.Duration) time.Duration {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+// keepalive running in a separate goroutune makes sure the connection is alive by sending pings.
+func (t *http2Client) keepalive() {
+	p := &ping{data: [8]byte{}}
+	// True iff a ping has been sent, and no data has been received since then.
+	outstandingPing := false
+	// Amount of time remaining before which we should receive an ACK for the
+	// last sent ping.
+	timeoutLeft := time.Duration(0)
+	// Records the last value of t.lastRead before we go block on the timer.
+	// This is required to check for read activity since then.
+	prevNano := time.Now().UnixNano()
+	timer := time.NewTimer(t.kp.Time)
+	for {
+		select {
+		case <-timer.C:
+			lastRead := atomic.LoadInt64(&t.lastRead)
+			if lastRead > prevNano {
+				// There has been read activity since the last time we were here.
+				outstandingPing = false
+				// Next timer should fire at kp.Time seconds from lastRead time.
+				timer.Reset(time.Duration(lastRead) + t.kp.Time - time.Duration(time.Now().UnixNano()))
+				prevNano = lastRead
+				continue
+			}
+			if outstandingPing && timeoutLeft <= 0 {
+				t.Close()
+				return
+			}
+			t.mu.Lock()
+			if t.state == closing {
+				// If the transport is closing, we should exit from the
+				// keepalive goroutine here. If not, we could have a race
+				// between the call to Signal() from Close() and the call to
+				// Wait() here, whereby the keepalive goroutine ends up
+				// blocking on the condition variable which will never be
+				// signalled again.
+				t.mu.Unlock()
+				return
+			}
+			if len(t.activeStreams) < 1 && !t.kp.PermitWithoutStream {
+				// If a ping was sent out previously (because there were active
+				// streams at that point) which wasn't acked and its timeout
+				// hadn't fired, but we got here and are about to go dormant,
+				// we should make sure that we unconditionally send a ping once
+				// we awaken.
+				outstandingPing = false
+				t.kpDormant = true
+				t.kpDormancyCond.Wait()
+			}
+			t.kpDormant = false
+			t.mu.Unlock()
+
+			// We get here either because we were dormant and a new stream was
+			// created which unblocked the Wait() call, or because the
+			// keepalive timer expired. In both cases, we need to send a ping.
+			if !outstandingPing {
+				if channelz.IsOn() {
+					atomic.AddInt64(&t.czData.kpCount, 1)
+				}
+				t.controlBuf.put(p)
+				timeoutLeft = t.kp.Timeout
+				outstandingPing = true
+			}
+			// The amount of time to sleep here is the minimum of kp.Time and
+			// timeoutLeft. This will ensure that we wait only for kp.Time
+			// before sending out the next ping (for cases where the ping is
+			// acked).
+			sleepDuration := minTime(t.kp.Time, timeoutLeft)
+			timeoutLeft -= sleepDuration
+			timer.Reset(sleepDuration)
+		case <-t.ctx.Done():
+			if !timer.Stop() {
+				<-timer.C
+			}
+			return
+		}
+	}
+}
+
+func (t *http2Client) Error() <-chan struct{} {
+	return t.ctx.Done()
+}
+
+func (t *http2Client) GoAway() <-chan struct{} {
+	return t.goAway
+}
+
+func (t *http2Client) ChannelzMetric() *channelz.SocketInternalMetric {
+	s := channelz.SocketInternalMetric{
+		StreamsStarted:                  atomic.LoadInt64(&t.czData.streamsStarted),
+		StreamsSucceeded:                atomic.LoadInt64(&t.czData.streamsSucceeded),
+		StreamsFailed:                   atomic.LoadInt64(&t.czData.streamsFailed),
+		MessagesSent:                    atomic.LoadInt64(&t.czData.msgSent),
+		MessagesReceived:                atomic.LoadInt64(&t.czData.msgRecv),
+		KeepAlivesSent:                  atomic.LoadInt64(&t.czData.kpCount),
+		LastLocalStreamCreatedTimestamp: time.Unix(0, atomic.LoadInt64(&t.czData.lastStreamCreatedTime)),
+		LastMessageSentTimestamp:        time.Unix(0, atomic.LoadInt64(&t.czData.lastMsgSentTime)),
+		LastMessageReceivedTimestamp:    time.Unix(0, atomic.LoadInt64(&t.czData.lastMsgRecvTime)),
+		LocalFlowControlWindow:          int64(t.fc.getSize()),
+		SocketOptions:                   channelz.GetSocketOption(t.conn),
+		LocalAddr:                       t.localAddr,
+		RemoteAddr:                      t.remoteAddr,
+		// RemoteName :
+	}
+	if au, ok := t.authInfo.(credentials.ChannelzSecurityInfo); ok {
+		s.Security = au.GetSecurityValue()
+	}
+	s.RemoteFlowControlWindow = t.getOutFlowWindow()
+	return &s
+}
+
+func (t *http2Client) RemoteAddr() net.Addr { return t.remoteAddr }
+
+func (t *http2Client) IncrMsgSent() {
+	atomic.AddInt64(&t.czData.msgSent, 1)
+	atomic.StoreInt64(&t.czData.lastMsgSentTime, time.Now().UnixNano())
+}
+
+func (t *http2Client) IncrMsgRecv() {
+	atomic.AddInt64(&t.czData.msgRecv, 1)
+	atomic.StoreInt64(&t.czData.lastMsgRecvTime, time.Now().UnixNano())
+}
+
+func (t *http2Client) getOutFlowWindow() int64 {
+	resp := make(chan uint32, 1)
+	timer := time.NewTimer(time.Second)
+	defer timer.Stop()
+	t.controlBuf.put(&outFlowControlSizeRequest{resp})
+	select {
+	case sz := <-resp:
+		return int64(sz)
+	case <-t.ctxDone:
+		return -1
+	case <-timer.C:
+		return -2
+	}
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
new file mode 100644
index 0000000000000..8b04b0392a0a6
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -0,0 +1,1253 @@
+/*
+ *
+ * Copyright 2014 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package transport
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"net"
+	"strconv"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/hpack"
+
+	spb "google.golang.org/genproto/googleapis/rpc/status"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/internal/channelz"
+	"google.golang.org/grpc/internal/grpcrand"
+	"google.golang.org/grpc/keepalive"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/peer"
+	"google.golang.org/grpc/stats"
+	"google.golang.org/grpc/status"
+	"google.golang.org/grpc/tap"
+)
+
+var (
+	// ErrIllegalHeaderWrite indicates that setting header is illegal because of
+	// the stream's state.
+	ErrIllegalHeaderWrite = errors.New("transport: the stream is done or WriteHeader was already called")
+	// ErrHeaderListSizeLimitViolation indicates that the header list size is larger
+	// than the limit set by peer.
+	ErrHeaderListSizeLimitViolation = errors.New("transport: trying to send header list size larger than the limit set by peer")
+	// statusRawProto is a function to get to the raw status proto wrapped in a
+	// status.Status without a proto.Clone().
+	statusRawProto = internal.StatusRawProto.(func(*status.Status) *spb.Status)
+)
+
+// serverConnectionCounter counts the number of connections a server has seen
+// (equal to the number of http2Servers created). Must be accessed atomically.
+var serverConnectionCounter uint64
+
+// http2Server implements the ServerTransport interface with HTTP2.
+type http2Server struct {
+	lastRead    int64 // Keep this field 64-bit aligned. Accessed atomically.
+	ctx         context.Context
+	done        chan struct{}
+	conn        net.Conn
+	loopy       *loopyWriter
+	readerDone  chan struct{} // sync point to enable testing.
+	writerDone  chan struct{} // sync point to enable testing.
+	remoteAddr  net.Addr
+	localAddr   net.Addr
+	maxStreamID uint32               // max stream ID ever seen
+	authInfo    credentials.AuthInfo // auth info about the connection
+	inTapHandle tap.ServerInHandle
+	framer      *framer
+	// The max number of concurrent streams.
+	maxStreams uint32
+	// controlBuf delivers all the control related tasks (e.g., window
+	// updates, reset streams, and various settings) to the controller.
+	controlBuf *controlBuffer
+	fc         *trInFlow
+	stats      stats.Handler
+	// Keepalive and max-age parameters for the server.
+	kp keepalive.ServerParameters
+	// Keepalive enforcement policy.
+	kep keepalive.EnforcementPolicy
+	// The time instance last ping was received.
+	lastPingAt time.Time
+	// Number of times the client has violated keepalive ping policy so far.
+	pingStrikes uint8
+	// Flag to signify that number of ping strikes should be reset to 0.
+	// This is set whenever data or header frames are sent.
+	// 1 means yes.
+	resetPingStrikes      uint32 // Accessed atomically.
+	initialWindowSize     int32
+	bdpEst                *bdpEstimator
+	maxSendHeaderListSize *uint32
+
+	mu sync.Mutex // guard the following
+
+	// drainChan is initialized when drain(...) is called the first time.
+	// After which the server writes out the first GoAway(with ID 2^31-1) frame.
+	// Then an independent goroutine will be launched to later send the second GoAway.
+	// During this time we don't want to write another first GoAway(with ID 2^31 -1) frame.
+	// Thus call to drain(...) will be a no-op if drainChan is already initialized since draining is
+	// already underway.
+	drainChan     chan struct{}
+	state         transportState
+	activeStreams map[uint32]*Stream
+	// idle is the time instant when the connection went idle.
+	// This is either the beginning of the connection or when the number of
+	// RPCs go down to 0.
+	// When the connection is busy, this value is set to 0.
+	idle time.Time
+
+	// Fields below are for channelz metric collection.
+	channelzID int64 // channelz unique identification number
+	czData     *channelzData
+	bufferPool *bufferPool
+
+	connectionID uint64
+}
+
+// newHTTP2Server constructs a ServerTransport based on HTTP2. ConnectionError is
+// returned if something goes wrong.
+func newHTTP2Server(conn net.Conn, config *ServerConfig) (_ ServerTransport, err error) {
+	writeBufSize := config.WriteBufferSize
+	readBufSize := config.ReadBufferSize
+	maxHeaderListSize := defaultServerMaxHeaderListSize
+	if config.MaxHeaderListSize != nil {
+		maxHeaderListSize = *config.MaxHeaderListSize
+	}
+	framer := newFramer(conn, writeBufSize, readBufSize, maxHeaderListSize)
+	// Send initial settings as connection preface to client.
+	isettings := []http2.Setting{{
+		ID:  http2.SettingMaxFrameSize,
+		Val: http2MaxFrameLen,
+	}}
+	// TODO(zhaoq): Have a better way to signal "no limit" because 0 is
+	// permitted in the HTTP2 spec.
+	maxStreams := config.MaxStreams
+	if maxStreams == 0 {
+		maxStreams = math.MaxUint32
+	} else {
+		isettings = append(isettings, http2.Setting{
+			ID:  http2.SettingMaxConcurrentStreams,
+			Val: maxStreams,
+		})
+	}
+	dynamicWindow := true
+	iwz := int32(initialWindowSize)
+	if config.InitialWindowSize >= defaultWindowSize {
+		iwz = config.InitialWindowSize
+		dynamicWindow = false
+	}
+	icwz := int32(initialWindowSize)
+	if config.InitialConnWindowSize >= defaultWindowSize {
+		icwz = config.InitialConnWindowSize
+		dynamicWindow = false
+	}
+	if iwz != defaultWindowSize {
+		isettings = append(isettings, http2.Setting{
+			ID:  http2.SettingInitialWindowSize,
+			Val: uint32(iwz)})
+	}
+	if config.MaxHeaderListSize != nil {
+		isettings = append(isettings, http2.Setting{
+			ID:  http2.SettingMaxHeaderListSize,
+			Val: *config.MaxHeaderListSize,
+		})
+	}
+	if config.HeaderTableSize != nil {
+		isettings = append(isettings, http2.Setting{
+			ID:  http2.SettingHeaderTableSize,
+			Val: *config.HeaderTableSize,
+		})
+	}
+	if err := framer.fr.WriteSettings(isettings...); err != nil {
+		return nil, connectionErrorf(false, err, "transport: %v", err)
+	}
+	// Adjust the connection flow control window if needed.
+	if delta := uint32(icwz - defaultWindowSize); delta > 0 {
+		if err := framer.fr.WriteWindowUpdate(0, delta); err != nil {
+			return nil, connectionErrorf(false, err, "transport: %v", err)
+		}
+	}
+	kp := config.KeepaliveParams
+	if kp.MaxConnectionIdle == 0 {
+		kp.MaxConnectionIdle = defaultMaxConnectionIdle
+	}
+	if kp.MaxConnectionAge == 0 {
+		kp.MaxConnectionAge = defaultMaxConnectionAge
+	}
+	// Add a jitter to MaxConnectionAge.
+	kp.MaxConnectionAge += getJitter(kp.MaxConnectionAge)
+	if kp.MaxConnectionAgeGrace == 0 {
+		kp.MaxConnectionAgeGrace = defaultMaxConnectionAgeGrace
+	}
+	if kp.Time == 0 {
+		kp.Time = defaultServerKeepaliveTime
+	}
+	if kp.Timeout == 0 {
+		kp.Timeout = defaultServerKeepaliveTimeout
+	}
+	kep := config.KeepalivePolicy
+	if kep.MinTime == 0 {
+		kep.MinTime = defaultKeepalivePolicyMinTime
+	}
+	done := make(chan struct{})
+	t := &http2Server{
+		ctx:               context.Background(),
+		done:              done,
+		conn:              conn,
+		remoteAddr:        conn.RemoteAddr(),
+		localAddr:         conn.LocalAddr(),
+		authInfo:          config.AuthInfo,
+		framer:            framer,
+		readerDone:        make(chan struct{}),
+		writerDone:        make(chan struct{}),
+		maxStreams:        maxStreams,
+		inTapHandle:       config.InTapHandle,
+		fc:                &trInFlow{limit: uint32(icwz)},
+		state:             reachable,
+		activeStreams:     make(map[uint32]*Stream),
+		stats:             config.StatsHandler,
+		kp:                kp,
+		idle:              time.Now(),
+		kep:               kep,
+		initialWindowSize: iwz,
+		czData:            new(channelzData),
+		bufferPool:        newBufferPool(),
+	}
+	t.controlBuf = newControlBuffer(t.done)
+	if dynamicWindow {
+		t.bdpEst = &bdpEstimator{
+			bdp:               initialWindowSize,
+			updateFlowControl: t.updateFlowControl,
+		}
+	}
+	if t.stats != nil {
+		t.ctx = t.stats.TagConn(t.ctx, &stats.ConnTagInfo{
+			RemoteAddr: t.remoteAddr,
+			LocalAddr:  t.localAddr,
+		})
+		connBegin := &stats.ConnBegin{}
+		t.stats.HandleConn(t.ctx, connBegin)
+	}
+	if channelz.IsOn() {
+		t.channelzID = channelz.RegisterNormalSocket(t, config.ChannelzParentID, fmt.Sprintf("%s -> %s", t.remoteAddr, t.localAddr))
+	}
+
+	t.connectionID = atomic.AddUint64(&serverConnectionCounter, 1)
+
+	t.framer.writer.Flush()
+
+	defer func() {
+		if err != nil {
+			t.Close()
+		}
+	}()
+
+	// Check the validity of client preface.
+	preface := make([]byte, len(clientPreface))
+	if _, err := io.ReadFull(t.conn, preface); err != nil {
+		return nil, connectionErrorf(false, err, "transport: http2Server.HandleStreams failed to receive the preface from client: %v", err)
+	}
+	if !bytes.Equal(preface, clientPreface) {
+		return nil, connectionErrorf(false, nil, "transport: http2Server.HandleStreams received bogus greeting from client: %q", preface)
+	}
+
+	frame, err := t.framer.fr.ReadFrame()
+	if err == io.EOF || err == io.ErrUnexpectedEOF {
+		return nil, err
+	}
+	if err != nil {
+		return nil, connectionErrorf(false, err, "transport: http2Server.HandleStreams failed to read initial settings frame: %v", err)
+	}
+	atomic.StoreInt64(&t.lastRead, time.Now().UnixNano())
+	sf, ok := frame.(*http2.SettingsFrame)
+	if !ok {
+		return nil, connectionErrorf(false, nil, "transport: http2Server.HandleStreams saw invalid preface type %T from client", frame)
+	}
+	t.handleSettings(sf)
+
+	go func() {
+		t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst)
+		t.loopy.ssGoAwayHandler = t.outgoingGoAwayHandler
+		if err := t.loopy.run(); err != nil {
+			errorf("transport: loopyWriter.run returning. Err: %v", err)
+		}
+		t.conn.Close()
+		close(t.writerDone)
+	}()
+	go t.keepalive()
+	return t, nil
+}
+
+// operateHeader takes action on the decoded headers.
+func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream), traceCtx func(context.Context, string) context.Context) (fatal bool) {
+	streamID := frame.Header().StreamID
+	state := &decodeState{
+		serverSide: true,
+	}
+	if err := state.decodeHeader(frame); err != nil {
+		if se, ok := status.FromError(err); ok {
+			t.controlBuf.put(&cleanupStream{
+				streamID: streamID,
+				rst:      true,
+				rstCode:  statusCodeConvTab[se.Code()],
+				onWrite:  func() {},
+			})
+		}
+		return false
+	}
+
+	buf := newRecvBuffer()
+	s := &Stream{
+		id:             streamID,
+		st:             t,
+		buf:            buf,
+		fc:             &inFlow{limit: uint32(t.initialWindowSize)},
+		recvCompress:   state.data.encoding,
+		method:         state.data.method,
+		contentSubtype: state.data.contentSubtype,
+	}
+	if frame.StreamEnded() {
+		// s is just created by the caller. No lock needed.
+		s.state = streamReadDone
+	}
+	if state.data.timeoutSet {
+		s.ctx, s.cancel = context.WithTimeout(t.ctx, state.data.timeout)
+	} else {
+		s.ctx, s.cancel = context.WithCancel(t.ctx)
+	}
+	pr := &peer.Peer{
+		Addr: t.remoteAddr,
+	}
+	// Attach Auth info if there is any.
+	if t.authInfo != nil {
+		pr.AuthInfo = t.authInfo
+	}
+	s.ctx = peer.NewContext(s.ctx, pr)
+	// Attach the received metadata to the context.
+	if len(state.data.mdata) > 0 {
+		s.ctx = metadata.NewIncomingContext(s.ctx, state.data.mdata)
+	}
+	if state.data.statsTags != nil {
+		s.ctx = stats.SetIncomingTags(s.ctx, state.data.statsTags)
+	}
+	if state.data.statsTrace != nil {
+		s.ctx = stats.SetIncomingTrace(s.ctx, state.data.statsTrace)
+	}
+	if t.inTapHandle != nil {
+		var err error
+		info := &tap.Info{
+			FullMethodName: state.data.method,
+		}
+		s.ctx, err = t.inTapHandle(s.ctx, info)
+		if err != nil {
+			warningf("transport: http2Server.operateHeaders got an error from InTapHandle: %v", err)
+			t.controlBuf.put(&cleanupStream{
+				streamID: s.id,
+				rst:      true,
+				rstCode:  http2.ErrCodeRefusedStream,
+				onWrite:  func() {},
+			})
+			s.cancel()
+			return false
+		}
+	}
+	t.mu.Lock()
+	if t.state != reachable {
+		t.mu.Unlock()
+		s.cancel()
+		return false
+	}
+	if uint32(len(t.activeStreams)) >= t.maxStreams {
+		t.mu.Unlock()
+		t.controlBuf.put(&cleanupStream{
+			streamID: streamID,
+			rst:      true,
+			rstCode:  http2.ErrCodeRefusedStream,
+			onWrite:  func() {},
+		})
+		s.cancel()
+		return false
+	}
+	if streamID%2 != 1 || streamID <= t.maxStreamID {
+		t.mu.Unlock()
+		// illegal gRPC stream id.
+		errorf("transport: http2Server.HandleStreams received an illegal stream id: %v", streamID)
+		s.cancel()
+		return true
+	}
+	t.maxStreamID = streamID
+	t.activeStreams[streamID] = s
+	if len(t.activeStreams) == 1 {
+		t.idle = time.Time{}
+	}
+	t.mu.Unlock()
+	if channelz.IsOn() {
+		atomic.AddInt64(&t.czData.streamsStarted, 1)
+		atomic.StoreInt64(&t.czData.lastStreamCreatedTime, time.Now().UnixNano())
+	}
+	s.requestRead = func(n int) {
+		t.adjustWindow(s, uint32(n))
+	}
+	s.ctx = traceCtx(s.ctx, s.method)
+	if t.stats != nil {
+		s.ctx = t.stats.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
+		inHeader := &stats.InHeader{
+			FullMethod:  s.method,
+			RemoteAddr:  t.remoteAddr,
+			LocalAddr:   t.localAddr,
+			Compression: s.recvCompress,
+			WireLength:  int(frame.Header().Length),
+			Header:      metadata.MD(state.data.mdata).Copy(),
+		}
+		t.stats.HandleRPC(s.ctx, inHeader)
+	}
+	s.ctxDone = s.ctx.Done()
+	s.wq = newWriteQuota(defaultWriteQuota, s.ctxDone)
+	s.trReader = &transportReader{
+		reader: &recvBufferReader{
+			ctx:        s.ctx,
+			ctxDone:    s.ctxDone,
+			recv:       s.buf,
+			freeBuffer: t.bufferPool.put,
+		},
+		windowHandler: func(n int) {
+			t.updateWindow(s, uint32(n))
+		},
+	}
+	// Register the stream with loopy.
+	t.controlBuf.put(&registerStream{
+		streamID: s.id,
+		wq:       s.wq,
+	})
+	handle(s)
+	return false
+}
+
+// HandleStreams receives incoming streams using the given handler. This is
+// typically run in a separate goroutine.
+// traceCtx attaches trace to ctx and returns the new context.
+func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.Context, string) context.Context) {
+	defer close(t.readerDone)
+	for {
+		t.controlBuf.throttle()
+		frame, err := t.framer.fr.ReadFrame()
+		atomic.StoreInt64(&t.lastRead, time.Now().UnixNano())
+		if err != nil {
+			if se, ok := err.(http2.StreamError); ok {
+				warningf("transport: http2Server.HandleStreams encountered http2.StreamError: %v", se)
+				t.mu.Lock()
+				s := t.activeStreams[se.StreamID]
+				t.mu.Unlock()
+				if s != nil {
+					t.closeStream(s, true, se.Code, false)
+				} else {
+					t.controlBuf.put(&cleanupStream{
+						streamID: se.StreamID,
+						rst:      true,
+						rstCode:  se.Code,
+						onWrite:  func() {},
+					})
+				}
+				continue
+			}
+			if err == io.EOF || err == io.ErrUnexpectedEOF {
+				t.Close()
+				return
+			}
+			warningf("transport: http2Server.HandleStreams failed to read frame: %v", err)
+			t.Close()
+			return
+		}
+		switch frame := frame.(type) {
+		case *http2.MetaHeadersFrame:
+			if t.operateHeaders(frame, handle, traceCtx) {
+				t.Close()
+				break
+			}
+		case *http2.DataFrame:
+			t.handleData(frame)
+		case *http2.RSTStreamFrame:
+			t.handleRSTStream(frame)
+		case *http2.SettingsFrame:
+			t.handleSettings(frame)
+		case *http2.PingFrame:
+			t.handlePing(frame)
+		case *http2.WindowUpdateFrame:
+			t.handleWindowUpdate(frame)
+		case *http2.GoAwayFrame:
+			// TODO: Handle GoAway from the client appropriately.
+		default:
+			errorf("transport: http2Server.HandleStreams found unhandled frame type %v.", frame)
+		}
+	}
+}
+
+func (t *http2Server) getStream(f http2.Frame) (*Stream, bool) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	if t.activeStreams == nil {
+		// The transport is closing.
+		return nil, false
+	}
+	s, ok := t.activeStreams[f.Header().StreamID]
+	if !ok {
+		// The stream is already done.
+		return nil, false
+	}
+	return s, true
+}
+
+// adjustWindow sends out extra window update over the initial window size
+// of stream if the application is requesting data larger in size than
+// the window.
+func (t *http2Server) adjustWindow(s *Stream, n uint32) {
+	if w := s.fc.maybeAdjust(n); w > 0 {
+		t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w})
+	}
+
+}
+
+// updateWindow adjusts the inbound quota for the stream and the transport.
+// Window updates will deliver to the controller for sending when
+// the cumulative quota exceeds the corresponding threshold.
+func (t *http2Server) updateWindow(s *Stream, n uint32) {
+	if w := s.fc.onRead(n); w > 0 {
+		t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id,
+			increment: w,
+		})
+	}
+}
+
+// updateFlowControl updates the incoming flow control windows
+// for the transport and the stream based on the current bdp
+// estimation.
+func (t *http2Server) updateFlowControl(n uint32) {
+	t.mu.Lock()
+	for _, s := range t.activeStreams {
+		s.fc.newLimit(n)
+	}
+	t.initialWindowSize = int32(n)
+	t.mu.Unlock()
+	t.controlBuf.put(&outgoingWindowUpdate{
+		streamID:  0,
+		increment: t.fc.newLimit(n),
+	})
+	t.controlBuf.put(&outgoingSettings{
+		ss: []http2.Setting{
+			{
+				ID:  http2.SettingInitialWindowSize,
+				Val: n,
+			},
+		},
+	})
+
+}
+
+func (t *http2Server) handleData(f *http2.DataFrame) {
+	size := f.Header().Length
+	var sendBDPPing bool
+	if t.bdpEst != nil {
+		sendBDPPing = t.bdpEst.add(size)
+	}
+	// Decouple connection's flow control from application's read.
+	// An update on connection's flow control should not depend on
+	// whether user application has read the data or not. Such a
+	// restriction is already imposed on the stream's flow control,
+	// and therefore the sender will be blocked anyways.
+	// Decoupling the connection flow control will prevent other
+	// active(fast) streams from starving in presence of slow or
+	// inactive streams.
+	if w := t.fc.onData(size); w > 0 {
+		t.controlBuf.put(&outgoingWindowUpdate{
+			streamID:  0,
+			increment: w,
+		})
+	}
+	if sendBDPPing {
+		// Avoid excessive ping detection (e.g. in an L7 proxy)
+		// by sending a window update prior to the BDP ping.
+		if w := t.fc.reset(); w > 0 {
+			t.controlBuf.put(&outgoingWindowUpdate{
+				streamID:  0,
+				increment: w,
+			})
+		}
+		t.controlBuf.put(bdpPing)
+	}
+	// Select the right stream to dispatch.
+	s, ok := t.getStream(f)
+	if !ok {
+		return
+	}
+	if size > 0 {
+		if err := s.fc.onData(size); err != nil {
+			t.closeStream(s, true, http2.ErrCodeFlowControl, false)
+			return
+		}
+		if f.Header().Flags.Has(http2.FlagDataPadded) {
+			if w := s.fc.onRead(size - uint32(len(f.Data()))); w > 0 {
+				t.controlBuf.put(&outgoingWindowUpdate{s.id, w})
+			}
+		}
+		// TODO(bradfitz, zhaoq): A copy is required here because there is no
+		// guarantee f.Data() is consumed before the arrival of next frame.
+		// Can this copy be eliminated?
+		if len(f.Data()) > 0 {
+			buffer := t.bufferPool.get()
+			buffer.Reset()
+			buffer.Write(f.Data())
+			s.write(recvMsg{buffer: buffer})
+		}
+	}
+	if f.Header().Flags.Has(http2.FlagDataEndStream) {
+		// Received the end of stream from the client.
+		s.compareAndSwapState(streamActive, streamReadDone)
+		s.write(recvMsg{err: io.EOF})
+	}
+}
+
+func (t *http2Server) handleRSTStream(f *http2.RSTStreamFrame) {
+	// If the stream is not deleted from the transport's active streams map, then do a regular close stream.
+	if s, ok := t.getStream(f); ok {
+		t.closeStream(s, false, 0, false)
+		return
+	}
+	// If the stream is already deleted from the active streams map, then put a cleanupStream item into controlbuf to delete the stream from loopy writer's established streams map.
+	t.controlBuf.put(&cleanupStream{
+		streamID: f.Header().StreamID,
+		rst:      false,
+		rstCode:  0,
+		onWrite:  func() {},
+	})
+}
+
+func (t *http2Server) handleSettings(f *http2.SettingsFrame) {
+	if f.IsAck() {
+		return
+	}
+	var ss []http2.Setting
+	var updateFuncs []func()
+	f.ForeachSetting(func(s http2.Setting) error {
+		switch s.ID {
+		case http2.SettingMaxHeaderListSize:
+			updateFuncs = append(updateFuncs, func() {
+				t.maxSendHeaderListSize = new(uint32)
+				*t.maxSendHeaderListSize = s.Val
+			})
+		default:
+			ss = append(ss, s)
+		}
+		return nil
+	})
+	t.controlBuf.executeAndPut(func(interface{}) bool {
+		for _, f := range updateFuncs {
+			f()
+		}
+		return true
+	}, &incomingSettings{
+		ss: ss,
+	})
+}
+
+const (
+	maxPingStrikes     = 2
+	defaultPingTimeout = 2 * time.Hour
+)
+
+func (t *http2Server) handlePing(f *http2.PingFrame) {
+	if f.IsAck() {
+		if f.Data == goAwayPing.data && t.drainChan != nil {
+			close(t.drainChan)
+			return
+		}
+		// Maybe it's a BDP ping.
+		if t.bdpEst != nil {
+			t.bdpEst.calculate(f.Data)
+		}
+		return
+	}
+	pingAck := &ping{ack: true}
+	copy(pingAck.data[:], f.Data[:])
+	t.controlBuf.put(pingAck)
+
+	now := time.Now()
+	defer func() {
+		t.lastPingAt = now
+	}()
+	// A reset ping strikes means that we don't need to check for policy
+	// violation for this ping and the pingStrikes counter should be set
+	// to 0.
+	if atomic.CompareAndSwapUint32(&t.resetPingStrikes, 1, 0) {
+		t.pingStrikes = 0
+		return
+	}
+	t.mu.Lock()
+	ns := len(t.activeStreams)
+	t.mu.Unlock()
+	if ns < 1 && !t.kep.PermitWithoutStream {
+		// Keepalive shouldn't be active thus, this new ping should
+		// have come after at least defaultPingTimeout.
+		if t.lastPingAt.Add(defaultPingTimeout).After(now) {
+			t.pingStrikes++
+		}
+	} else {
+		// Check if keepalive policy is respected.
+		if t.lastPingAt.Add(t.kep.MinTime).After(now) {
+			t.pingStrikes++
+		}
+	}
+
+	if t.pingStrikes > maxPingStrikes {
+		// Send goaway and close the connection.
+		errorf("transport: Got too many pings from the client, closing the connection.")
+		t.controlBuf.put(&goAway{code: http2.ErrCodeEnhanceYourCalm, debugData: []byte("too_many_pings"), closeConn: true})
+	}
+}
+
+func (t *http2Server) handleWindowUpdate(f *http2.WindowUpdateFrame) {
+	t.controlBuf.put(&incomingWindowUpdate{
+		streamID:  f.Header().StreamID,
+		increment: f.Increment,
+	})
+}
+
+func appendHeaderFieldsFromMD(headerFields []hpack.HeaderField, md metadata.MD) []hpack.HeaderField {
+	for k, vv := range md {
+		if isReservedHeader(k) {
+			// Clients don't tolerate reading restricted headers after some non restricted ones were sent.
+			continue
+		}
+		for _, v := range vv {
+			headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
+		}
+	}
+	return headerFields
+}
+
+func (t *http2Server) checkForHeaderListSize(it interface{}) bool {
+	if t.maxSendHeaderListSize == nil {
+		return true
+	}
+	hdrFrame := it.(*headerFrame)
+	var sz int64
+	for _, f := range hdrFrame.hf {
+		if sz += int64(f.Size()); sz > int64(*t.maxSendHeaderListSize) {
+			errorf("header list size to send violates the maximum size (%d bytes) set by client", *t.maxSendHeaderListSize)
+			return false
+		}
+	}
+	return true
+}
+
+// WriteHeader sends the header metadata md back to the client.
+func (t *http2Server) WriteHeader(s *Stream, md metadata.MD) error {
+	if s.updateHeaderSent() || s.getState() == streamDone {
+		return ErrIllegalHeaderWrite
+	}
+	s.hdrMu.Lock()
+	if md.Len() > 0 {
+		if s.header.Len() > 0 {
+			s.header = metadata.Join(s.header, md)
+		} else {
+			s.header = md
+		}
+	}
+	if err := t.writeHeaderLocked(s); err != nil {
+		s.hdrMu.Unlock()
+		return err
+	}
+	s.hdrMu.Unlock()
+	return nil
+}
+
+func (t *http2Server) setResetPingStrikes() {
+	atomic.StoreUint32(&t.resetPingStrikes, 1)
+}
+
+func (t *http2Server) writeHeaderLocked(s *Stream) error {
+	// TODO(mmukhi): Benchmark if the performance gets better if count the metadata and other header fields
+	// first and create a slice of that exact size.
+	headerFields := make([]hpack.HeaderField, 0, 2) // at least :status, content-type will be there if none else.
+	headerFields = append(headerFields, hpack.HeaderField{Name: ":status", Value: "200"})
+	headerFields = append(headerFields, hpack.HeaderField{Name: "content-type", Value: contentType(s.contentSubtype)})
+	if s.sendCompress != "" {
+		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-encoding", Value: s.sendCompress})
+	}
+	headerFields = appendHeaderFieldsFromMD(headerFields, s.header)
+	success, err := t.controlBuf.executeAndPut(t.checkForHeaderListSize, &headerFrame{
+		streamID:  s.id,
+		hf:        headerFields,
+		endStream: false,
+		onWrite:   t.setResetPingStrikes,
+	})
+	if !success {
+		if err != nil {
+			return err
+		}
+		t.closeStream(s, true, http2.ErrCodeInternal, false)
+		return ErrHeaderListSizeLimitViolation
+	}
+	if t.stats != nil {
+		// Note: WireLength is not set in outHeader.
+		// TODO(mmukhi): Revisit this later, if needed.
+		outHeader := &stats.OutHeader{
+			Header: s.header.Copy(),
+		}
+		t.stats.HandleRPC(s.Context(), outHeader)
+	}
+	return nil
+}
+
+// WriteStatus sends stream status to the client and terminates the stream.
+// There is no further I/O operations being able to perform on this stream.
+// TODO(zhaoq): Now it indicates the end of entire stream. Revisit if early
+// OK is adopted.
+func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error {
+	if s.getState() == streamDone {
+		return nil
+	}
+	s.hdrMu.Lock()
+	// TODO(mmukhi): Benchmark if the performance gets better if count the metadata and other header fields
+	// first and create a slice of that exact size.
+	headerFields := make([]hpack.HeaderField, 0, 2) // grpc-status and grpc-message will be there if none else.
+	if !s.updateHeaderSent() {                      // No headers have been sent.
+		if len(s.header) > 0 { // Send a separate header frame.
+			if err := t.writeHeaderLocked(s); err != nil {
+				s.hdrMu.Unlock()
+				return err
+			}
+		} else { // Send a trailer only response.
+			headerFields = append(headerFields, hpack.HeaderField{Name: ":status", Value: "200"})
+			headerFields = append(headerFields, hpack.HeaderField{Name: "content-type", Value: contentType(s.contentSubtype)})
+		}
+	}
+	headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status", Value: strconv.Itoa(int(st.Code()))})
+	headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(st.Message())})
+
+	if p := statusRawProto(st); p != nil && len(p.Details) > 0 {
+		stBytes, err := proto.Marshal(p)
+		if err != nil {
+			// TODO: return error instead, when callers are able to handle it.
+			grpclog.Errorf("transport: failed to marshal rpc status: %v, error: %v", p, err)
+		} else {
+			headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status-details-bin", Value: encodeBinHeader(stBytes)})
+		}
+	}
+
+	// Attach the trailer metadata.
+	headerFields = appendHeaderFieldsFromMD(headerFields, s.trailer)
+	trailingHeader := &headerFrame{
+		streamID:  s.id,
+		hf:        headerFields,
+		endStream: true,
+		onWrite:   t.setResetPingStrikes,
+	}
+	s.hdrMu.Unlock()
+	success, err := t.controlBuf.execute(t.checkForHeaderListSize, trailingHeader)
+	if !success {
+		if err != nil {
+			return err
+		}
+		t.closeStream(s, true, http2.ErrCodeInternal, false)
+		return ErrHeaderListSizeLimitViolation
+	}
+	// Send a RST_STREAM after the trailers if the client has not already half-closed.
+	rst := s.getState() == streamActive
+	t.finishStream(s, rst, http2.ErrCodeNo, trailingHeader, true)
+	if t.stats != nil {
+		t.stats.HandleRPC(s.Context(), &stats.OutTrailer{
+			Trailer: s.trailer.Copy(),
+		})
+	}
+	return nil
+}
+
+// Write converts the data into HTTP2 data frame and sends it out. Non-nil error
+// is returns if it fails (e.g., framing error, transport error).
+func (t *http2Server) Write(s *Stream, hdr []byte, data []byte, opts *Options) error {
+	if !s.isHeaderSent() { // Headers haven't been written yet.
+		if err := t.WriteHeader(s, nil); err != nil {
+			if _, ok := err.(ConnectionError); ok {
+				return err
+			}
+			// TODO(mmukhi, dfawley): Make sure this is the right code to return.
+			return status.Errorf(codes.Internal, "transport: %v", err)
+		}
+	} else {
+		// Writing headers checks for this condition.
+		if s.getState() == streamDone {
+			// TODO(mmukhi, dfawley): Should the server write also return io.EOF?
+			s.cancel()
+			select {
+			case <-t.done:
+				return ErrConnClosing
+			default:
+			}
+			return ContextErr(s.ctx.Err())
+		}
+	}
+	// Add some data to header frame so that we can equally distribute bytes across frames.
+	emptyLen := http2MaxFrameLen - len(hdr)
+	if emptyLen > len(data) {
+		emptyLen = len(data)
+	}
+	hdr = append(hdr, data[:emptyLen]...)
+	data = data[emptyLen:]
+	df := &dataFrame{
+		streamID:    s.id,
+		h:           hdr,
+		d:           data,
+		onEachWrite: t.setResetPingStrikes,
+	}
+	if err := s.wq.get(int32(len(hdr) + len(data))); err != nil {
+		select {
+		case <-t.done:
+			return ErrConnClosing
+		default:
+		}
+		return ContextErr(s.ctx.Err())
+	}
+	return t.controlBuf.put(df)
+}
+
+// keepalive running in a separate goroutine does the following:
+// 1. Gracefully closes an idle connection after a duration of keepalive.MaxConnectionIdle.
+// 2. Gracefully closes any connection after a duration of keepalive.MaxConnectionAge.
+// 3. Forcibly closes a connection after an additive period of keepalive.MaxConnectionAgeGrace over keepalive.MaxConnectionAge.
+// 4. Makes sure a connection is alive by sending pings with a frequency of keepalive.Time and closes a non-responsive connection
+// after an additional duration of keepalive.Timeout.
+func (t *http2Server) keepalive() {
+	p := &ping{}
+	// True iff a ping has been sent, and no data has been received since then.
+	outstandingPing := false
+	// Amount of time remaining before which we should receive an ACK for the
+	// last sent ping.
+	kpTimeoutLeft := time.Duration(0)
+	// Records the last value of t.lastRead before we go block on the timer.
+	// This is required to check for read activity since then.
+	prevNano := time.Now().UnixNano()
+	// Initialize the different timers to their default values.
+	idleTimer := time.NewTimer(t.kp.MaxConnectionIdle)
+	ageTimer := time.NewTimer(t.kp.MaxConnectionAge)
+	kpTimer := time.NewTimer(t.kp.Time)
+	defer func() {
+		// We need to drain the underlying channel in these timers after a call
+		// to Stop(), only if we are interested in resetting them. Clearly we
+		// are not interested in resetting them here.
+		idleTimer.Stop()
+		ageTimer.Stop()
+		kpTimer.Stop()
+	}()
+
+	for {
+		select {
+		case <-idleTimer.C:
+			t.mu.Lock()
+			idle := t.idle
+			if idle.IsZero() { // The connection is non-idle.
+				t.mu.Unlock()
+				idleTimer.Reset(t.kp.MaxConnectionIdle)
+				continue
+			}
+			val := t.kp.MaxConnectionIdle - time.Since(idle)
+			t.mu.Unlock()
+			if val <= 0 {
+				// The connection has been idle for a duration of keepalive.MaxConnectionIdle or more.
+				// Gracefully close the connection.
+				t.drain(http2.ErrCodeNo, []byte{})
+				return
+			}
+			idleTimer.Reset(val)
+		case <-ageTimer.C:
+			t.drain(http2.ErrCodeNo, []byte{})
+			ageTimer.Reset(t.kp.MaxConnectionAgeGrace)
+			select {
+			case <-ageTimer.C:
+				// Close the connection after grace period.
+				infof("transport: closing server transport due to maximum connection age.")
+				t.Close()
+			case <-t.done:
+			}
+			return
+		case <-kpTimer.C:
+			lastRead := atomic.LoadInt64(&t.lastRead)
+			if lastRead > prevNano {
+				// There has been read activity since the last time we were
+				// here. Setup the timer to fire at kp.Time seconds from
+				// lastRead time and continue.
+				outstandingPing = false
+				kpTimer.Reset(time.Duration(lastRead) + t.kp.Time - time.Duration(time.Now().UnixNano()))
+				prevNano = lastRead
+				continue
+			}
+			if outstandingPing && kpTimeoutLeft <= 0 {
+				infof("transport: closing server transport due to idleness.")
+				t.Close()
+				return
+			}
+			if !outstandingPing {
+				if channelz.IsOn() {
+					atomic.AddInt64(&t.czData.kpCount, 1)
+				}
+				t.controlBuf.put(p)
+				kpTimeoutLeft = t.kp.Timeout
+				outstandingPing = true
+			}
+			// The amount of time to sleep here is the minimum of kp.Time and
+			// timeoutLeft. This will ensure that we wait only for kp.Time
+			// before sending out the next ping (for cases where the ping is
+			// acked).
+			sleepDuration := minTime(t.kp.Time, kpTimeoutLeft)
+			kpTimeoutLeft -= sleepDuration
+			kpTimer.Reset(sleepDuration)
+		case <-t.done:
+			return
+		}
+	}
+}
+
+// Close starts shutting down the http2Server transport.
+// TODO(zhaoq): Now the destruction is not blocked on any pending streams. This
+// could cause some resource issue. Revisit this later.
+func (t *http2Server) Close() error {
+	t.mu.Lock()
+	if t.state == closing {
+		t.mu.Unlock()
+		return errors.New("transport: Close() was already called")
+	}
+	t.state = closing
+	streams := t.activeStreams
+	t.activeStreams = nil
+	t.mu.Unlock()
+	t.controlBuf.finish()
+	close(t.done)
+	err := t.conn.Close()
+	if channelz.IsOn() {
+		channelz.RemoveEntry(t.channelzID)
+	}
+	// Cancel all active streams.
+	for _, s := range streams {
+		s.cancel()
+	}
+	if t.stats != nil {
+		connEnd := &stats.ConnEnd{}
+		t.stats.HandleConn(t.ctx, connEnd)
+	}
+	return err
+}
+
+// deleteStream deletes the stream s from transport's active streams.
+func (t *http2Server) deleteStream(s *Stream, eosReceived bool) {
+	// In case stream sending and receiving are invoked in separate
+	// goroutines (e.g., bi-directional streaming), cancel needs to be
+	// called to interrupt the potential blocking on other goroutines.
+	s.cancel()
+
+	t.mu.Lock()
+	if _, ok := t.activeStreams[s.id]; ok {
+		delete(t.activeStreams, s.id)
+		if len(t.activeStreams) == 0 {
+			t.idle = time.Now()
+		}
+	}
+	t.mu.Unlock()
+
+	if channelz.IsOn() {
+		if eosReceived {
+			atomic.AddInt64(&t.czData.streamsSucceeded, 1)
+		} else {
+			atomic.AddInt64(&t.czData.streamsFailed, 1)
+		}
+	}
+}
+
+// finishStream closes the stream and puts the trailing headerFrame into controlbuf.
+func (t *http2Server) finishStream(s *Stream, rst bool, rstCode http2.ErrCode, hdr *headerFrame, eosReceived bool) {
+	oldState := s.swapState(streamDone)
+	if oldState == streamDone {
+		// If the stream was already done, return.
+		return
+	}
+
+	hdr.cleanup = &cleanupStream{
+		streamID: s.id,
+		rst:      rst,
+		rstCode:  rstCode,
+		onWrite: func() {
+			t.deleteStream(s, eosReceived)
+		},
+	}
+	t.controlBuf.put(hdr)
+}
+
+// closeStream clears the footprint of a stream when the stream is not needed any more.
+func (t *http2Server) closeStream(s *Stream, rst bool, rstCode http2.ErrCode, eosReceived bool) {
+	s.swapState(streamDone)
+	t.deleteStream(s, eosReceived)
+
+	t.controlBuf.put(&cleanupStream{
+		streamID: s.id,
+		rst:      rst,
+		rstCode:  rstCode,
+		onWrite:  func() {},
+	})
+}
+
+func (t *http2Server) RemoteAddr() net.Addr {
+	return t.remoteAddr
+}
+
+func (t *http2Server) Drain() {
+	t.drain(http2.ErrCodeNo, []byte{})
+}
+
+func (t *http2Server) drain(code http2.ErrCode, debugData []byte) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	if t.drainChan != nil {
+		return
+	}
+	t.drainChan = make(chan struct{})
+	t.controlBuf.put(&goAway{code: code, debugData: debugData, headsUp: true})
+}
+
+var goAwayPing = &ping{data: [8]byte{1, 6, 1, 8, 0, 3, 3, 9}}
+
+// Handles outgoing GoAway and returns true if loopy needs to put itself
+// in draining mode.
+func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) {
+	t.mu.Lock()
+	if t.state == closing { // TODO(mmukhi): This seems unnecessary.
+		t.mu.Unlock()
+		// The transport is closing.
+		return false, ErrConnClosing
+	}
+	sid := t.maxStreamID
+	if !g.headsUp {
+		// Stop accepting more streams now.
+		t.state = draining
+		if len(t.activeStreams) == 0 {
+			g.closeConn = true
+		}
+		t.mu.Unlock()
+		if err := t.framer.fr.WriteGoAway(sid, g.code, g.debugData); err != nil {
+			return false, err
+		}
+		if g.closeConn {
+			// Abruptly close the connection following the GoAway (via
+			// loopywriter).  But flush out what's inside the buffer first.
+			t.framer.writer.Flush()
+			return false, fmt.Errorf("transport: Connection closing")
+		}
+		return true, nil
+	}
+	t.mu.Unlock()
+	// For a graceful close, send out a GoAway with stream ID of MaxUInt32,
+	// Follow that with a ping and wait for the ack to come back or a timer
+	// to expire. During this time accept new streams since they might have
+	// originated before the GoAway reaches the client.
+	// After getting the ack or timer expiration send out another GoAway this
+	// time with an ID of the max stream server intends to process.
+	if err := t.framer.fr.WriteGoAway(math.MaxUint32, http2.ErrCodeNo, []byte{}); err != nil {
+		return false, err
+	}
+	if err := t.framer.fr.WritePing(false, goAwayPing.data); err != nil {
+		return false, err
+	}
+	go func() {
+		timer := time.NewTimer(time.Minute)
+		defer timer.Stop()
+		select {
+		case <-t.drainChan:
+		case <-timer.C:
+		case <-t.done:
+			return
+		}
+		t.controlBuf.put(&goAway{code: g.code, debugData: g.debugData})
+	}()
+	return false, nil
+}
+
+func (t *http2Server) ChannelzMetric() *channelz.SocketInternalMetric {
+	s := channelz.SocketInternalMetric{
+		StreamsStarted:                   atomic.LoadInt64(&t.czData.streamsStarted),
+		StreamsSucceeded:                 atomic.LoadInt64(&t.czData.streamsSucceeded),
+		StreamsFailed:                    atomic.LoadInt64(&t.czData.streamsFailed),
+		MessagesSent:                     atomic.LoadInt64(&t.czData.msgSent),
+		MessagesReceived:                 atomic.LoadInt64(&t.czData.msgRecv),
+		KeepAlivesSent:                   atomic.LoadInt64(&t.czData.kpCount),
+		LastRemoteStreamCreatedTimestamp: time.Unix(0, atomic.LoadInt64(&t.czData.lastStreamCreatedTime)),
+		LastMessageSentTimestamp:         time.Unix(0, atomic.LoadInt64(&t.czData.lastMsgSentTime)),
+		LastMessageReceivedTimestamp:     time.Unix(0, atomic.LoadInt64(&t.czData.lastMsgRecvTime)),
+		LocalFlowControlWindow:           int64(t.fc.getSize()),
+		SocketOptions:                    channelz.GetSocketOption(t.conn),
+		LocalAddr:                        t.localAddr,
+		RemoteAddr:                       t.remoteAddr,
+		// RemoteName :
+	}
+	if au, ok := t.authInfo.(credentials.ChannelzSecurityInfo); ok {
+		s.Security = au.GetSecurityValue()
+	}
+	s.RemoteFlowControlWindow = t.getOutFlowWindow()
+	return &s
+}
+
+func (t *http2Server) IncrMsgSent() {
+	atomic.AddInt64(&t.czData.msgSent, 1)
+	atomic.StoreInt64(&t.czData.lastMsgSentTime, time.Now().UnixNano())
+}
+
+func (t *http2Server) IncrMsgRecv() {
+	atomic.AddInt64(&t.czData.msgRecv, 1)
+	atomic.StoreInt64(&t.czData.lastMsgRecvTime, time.Now().UnixNano())
+}
+
+func (t *http2Server) getOutFlowWindow() int64 {
+	resp := make(chan uint32, 1)
+	timer := time.NewTimer(time.Second)
+	defer timer.Stop()
+	t.controlBuf.put(&outFlowControlSizeRequest{resp})
+	select {
+	case sz := <-resp:
+		return int64(sz)
+	case <-t.done:
+		return -1
+	case <-timer.C:
+		return -2
+	}
+}
+
+func getJitter(v time.Duration) time.Duration {
+	if v == infinity {
+		return 0
+	}
+	// Generate a jitter between +/- 10% of the value.
+	r := int64(v / 10)
+	j := grpcrand.Int63n(2*r) - r
+	return time.Duration(j)
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go
new file mode 100644
index 0000000000000..8f5f3349d9063
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go
@@ -0,0 +1,677 @@
+/*
+ *
+ * Copyright 2014 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package transport
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"math"
+	"net"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+	"unicode/utf8"
+
+	"github.com/golang/protobuf/proto"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/hpack"
+	spb "google.golang.org/genproto/googleapis/rpc/status"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+const (
+	// http2MaxFrameLen specifies the max length of a HTTP2 frame.
+	http2MaxFrameLen = 16384 // 16KB frame
+	// http://http2.github.io/http2-spec/#SettingValues
+	http2InitHeaderTableSize = 4096
+	// baseContentType is the base content-type for gRPC.  This is a valid
+	// content-type on it's own, but can also include a content-subtype such as
+	// "proto" as a suffix after "+" or ";".  See
+	// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests
+	// for more details.
+	baseContentType = "application/grpc"
+)
+
+var (
+	clientPreface   = []byte(http2.ClientPreface)
+	http2ErrConvTab = map[http2.ErrCode]codes.Code{
+		http2.ErrCodeNo:                 codes.Internal,
+		http2.ErrCodeProtocol:           codes.Internal,
+		http2.ErrCodeInternal:           codes.Internal,
+		http2.ErrCodeFlowControl:        codes.ResourceExhausted,
+		http2.ErrCodeSettingsTimeout:    codes.Internal,
+		http2.ErrCodeStreamClosed:       codes.Internal,
+		http2.ErrCodeFrameSize:          codes.Internal,
+		http2.ErrCodeRefusedStream:      codes.Unavailable,
+		http2.ErrCodeCancel:             codes.Canceled,
+		http2.ErrCodeCompression:        codes.Internal,
+		http2.ErrCodeConnect:            codes.Internal,
+		http2.ErrCodeEnhanceYourCalm:    codes.ResourceExhausted,
+		http2.ErrCodeInadequateSecurity: codes.PermissionDenied,
+		http2.ErrCodeHTTP11Required:     codes.Internal,
+	}
+	statusCodeConvTab = map[codes.Code]http2.ErrCode{
+		codes.Internal:          http2.ErrCodeInternal,
+		codes.Canceled:          http2.ErrCodeCancel,
+		codes.Unavailable:       http2.ErrCodeRefusedStream,
+		codes.ResourceExhausted: http2.ErrCodeEnhanceYourCalm,
+		codes.PermissionDenied:  http2.ErrCodeInadequateSecurity,
+	}
+	// HTTPStatusConvTab is the HTTP status code to gRPC error code conversion table.
+	HTTPStatusConvTab = map[int]codes.Code{
+		// 400 Bad Request - INTERNAL.
+		http.StatusBadRequest: codes.Internal,
+		// 401 Unauthorized  - UNAUTHENTICATED.
+		http.StatusUnauthorized: codes.Unauthenticated,
+		// 403 Forbidden - PERMISSION_DENIED.
+		http.StatusForbidden: codes.PermissionDenied,
+		// 404 Not Found - UNIMPLEMENTED.
+		http.StatusNotFound: codes.Unimplemented,
+		// 429 Too Many Requests - UNAVAILABLE.
+		http.StatusTooManyRequests: codes.Unavailable,
+		// 502 Bad Gateway - UNAVAILABLE.
+		http.StatusBadGateway: codes.Unavailable,
+		// 503 Service Unavailable - UNAVAILABLE.
+		http.StatusServiceUnavailable: codes.Unavailable,
+		// 504 Gateway timeout - UNAVAILABLE.
+		http.StatusGatewayTimeout: codes.Unavailable,
+	}
+)
+
+type parsedHeaderData struct {
+	encoding string
+	// statusGen caches the stream status received from the trailer the server
+	// sent.  Client side only.  Do not access directly.  After all trailers are
+	// parsed, use the status method to retrieve the status.
+	statusGen *status.Status
+	// rawStatusCode and rawStatusMsg are set from the raw trailer fields and are not
+	// intended for direct access outside of parsing.
+	rawStatusCode *int
+	rawStatusMsg  string
+	httpStatus    *int
+	// Server side only fields.
+	timeoutSet bool
+	timeout    time.Duration
+	method     string
+	// key-value metadata map from the peer.
+	mdata          map[string][]string
+	statsTags      []byte
+	statsTrace     []byte
+	contentSubtype string
+
+	// isGRPC field indicates whether the peer is speaking gRPC (otherwise HTTP).
+	//
+	// We are in gRPC mode (peer speaking gRPC) if:
+	// 	* We are client side and have already received a HEADER frame that indicates gRPC peer.
+	//  * The header contains valid  a content-type, i.e. a string starts with "application/grpc"
+	// And we should handle error specific to gRPC.
+	//
+	// Otherwise (i.e. a content-type string starts without "application/grpc", or does not exist), we
+	// are in HTTP fallback mode, and should handle error specific to HTTP.
+	isGRPC         bool
+	grpcErr        error
+	httpErr        error
+	contentTypeErr string
+}
+
+// decodeState configures decoding criteria and records the decoded data.
+type decodeState struct {
+	// whether decoding on server side or not
+	serverSide bool
+
+	// Records the states during HPACK decoding. It will be filled with info parsed from HTTP HEADERS
+	// frame once decodeHeader function has been invoked and returned.
+	data parsedHeaderData
+}
+
+// isReservedHeader checks whether hdr belongs to HTTP2 headers
+// reserved by gRPC protocol. Any other headers are classified as the
+// user-specified metadata.
+func isReservedHeader(hdr string) bool {
+	if hdr != "" && hdr[0] == ':' {
+		return true
+	}
+	switch hdr {
+	case "content-type",
+		"user-agent",
+		"grpc-message-type",
+		"grpc-encoding",
+		"grpc-message",
+		"grpc-status",
+		"grpc-timeout",
+		"grpc-status-details-bin",
+		// Intentionally exclude grpc-previous-rpc-attempts and
+		// grpc-retry-pushback-ms, which are "reserved", but their API
+		// intentionally works via metadata.
+		"te":
+		return true
+	default:
+		return false
+	}
+}
+
+// isWhitelistedHeader checks whether hdr should be propagated into metadata
+// visible to users, even though it is classified as "reserved", above.
+func isWhitelistedHeader(hdr string) bool {
+	switch hdr {
+	case ":authority", "user-agent":
+		return true
+	default:
+		return false
+	}
+}
+
+// contentSubtype returns the content-subtype for the given content-type.  The
+// given content-type must be a valid content-type that starts with
+// "application/grpc". A content-subtype will follow "application/grpc" after a
+// "+" or ";". See
+// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for
+// more details.
+//
+// If contentType is not a valid content-type for gRPC, the boolean
+// will be false, otherwise true. If content-type == "application/grpc",
+// "application/grpc+", or "application/grpc;", the boolean will be true,
+// but no content-subtype will be returned.
+//
+// contentType is assumed to be lowercase already.
+func contentSubtype(contentType string) (string, bool) {
+	if contentType == baseContentType {
+		return "", true
+	}
+	if !strings.HasPrefix(contentType, baseContentType) {
+		return "", false
+	}
+	// guaranteed since != baseContentType and has baseContentType prefix
+	switch contentType[len(baseContentType)] {
+	case '+', ';':
+		// this will return true for "application/grpc+" or "application/grpc;"
+		// which the previous validContentType function tested to be valid, so we
+		// just say that no content-subtype is specified in this case
+		return contentType[len(baseContentType)+1:], true
+	default:
+		return "", false
+	}
+}
+
+// contentSubtype is assumed to be lowercase
+func contentType(contentSubtype string) string {
+	if contentSubtype == "" {
+		return baseContentType
+	}
+	return baseContentType + "+" + contentSubtype
+}
+
+func (d *decodeState) status() *status.Status {
+	if d.data.statusGen == nil {
+		// No status-details were provided; generate status using code/msg.
+		d.data.statusGen = status.New(codes.Code(int32(*(d.data.rawStatusCode))), d.data.rawStatusMsg)
+	}
+	return d.data.statusGen
+}
+
+const binHdrSuffix = "-bin"
+
+func encodeBinHeader(v []byte) string {
+	return base64.RawStdEncoding.EncodeToString(v)
+}
+
+func decodeBinHeader(v string) ([]byte, error) {
+	if len(v)%4 == 0 {
+		// Input was padded, or padding was not necessary.
+		return base64.StdEncoding.DecodeString(v)
+	}
+	return base64.RawStdEncoding.DecodeString(v)
+}
+
+func encodeMetadataHeader(k, v string) string {
+	if strings.HasSuffix(k, binHdrSuffix) {
+		return encodeBinHeader(([]byte)(v))
+	}
+	return v
+}
+
+func decodeMetadataHeader(k, v string) (string, error) {
+	if strings.HasSuffix(k, binHdrSuffix) {
+		b, err := decodeBinHeader(v)
+		return string(b), err
+	}
+	return v, nil
+}
+
+func (d *decodeState) decodeHeader(frame *http2.MetaHeadersFrame) error {
+	// frame.Truncated is set to true when framer detects that the current header
+	// list size hits MaxHeaderListSize limit.
+	if frame.Truncated {
+		return status.Error(codes.Internal, "peer header list size exceeded limit")
+	}
+
+	for _, hf := range frame.Fields {
+		d.processHeaderField(hf)
+	}
+
+	if d.data.isGRPC {
+		if d.data.grpcErr != nil {
+			return d.data.grpcErr
+		}
+		if d.serverSide {
+			return nil
+		}
+		if d.data.rawStatusCode == nil && d.data.statusGen == nil {
+			// gRPC status doesn't exist.
+			// Set rawStatusCode to be unknown and return nil error.
+			// So that, if the stream has ended this Unknown status
+			// will be propagated to the user.
+			// Otherwise, it will be ignored. In which case, status from
+			// a later trailer, that has StreamEnded flag set, is propagated.
+			code := int(codes.Unknown)
+			d.data.rawStatusCode = &code
+		}
+		return nil
+	}
+
+	// HTTP fallback mode
+	if d.data.httpErr != nil {
+		return d.data.httpErr
+	}
+
+	var (
+		code = codes.Internal // when header does not include HTTP status, return INTERNAL
+		ok   bool
+	)
+
+	if d.data.httpStatus != nil {
+		code, ok = HTTPStatusConvTab[*(d.data.httpStatus)]
+		if !ok {
+			code = codes.Unknown
+		}
+	}
+
+	return status.Error(code, d.constructHTTPErrMsg())
+}
+
+// constructErrMsg constructs error message to be returned in HTTP fallback mode.
+// Format: HTTP status code and its corresponding message + content-type error message.
+func (d *decodeState) constructHTTPErrMsg() string {
+	var errMsgs []string
+
+	if d.data.httpStatus == nil {
+		errMsgs = append(errMsgs, "malformed header: missing HTTP status")
+	} else {
+		errMsgs = append(errMsgs, fmt.Sprintf("%s: HTTP status code %d", http.StatusText(*(d.data.httpStatus)), *d.data.httpStatus))
+	}
+
+	if d.data.contentTypeErr == "" {
+		errMsgs = append(errMsgs, "transport: missing content-type field")
+	} else {
+		errMsgs = append(errMsgs, d.data.contentTypeErr)
+	}
+
+	return strings.Join(errMsgs, "; ")
+}
+
+func (d *decodeState) addMetadata(k, v string) {
+	if d.data.mdata == nil {
+		d.data.mdata = make(map[string][]string)
+	}
+	d.data.mdata[k] = append(d.data.mdata[k], v)
+}
+
+func (d *decodeState) processHeaderField(f hpack.HeaderField) {
+	switch f.Name {
+	case "content-type":
+		contentSubtype, validContentType := contentSubtype(f.Value)
+		if !validContentType {
+			d.data.contentTypeErr = fmt.Sprintf("transport: received the unexpected content-type %q", f.Value)
+			return
+		}
+		d.data.contentSubtype = contentSubtype
+		// TODO: do we want to propagate the whole content-type in the metadata,
+		// or come up with a way to just propagate the content-subtype if it was set?
+		// ie {"content-type": "application/grpc+proto"} or {"content-subtype": "proto"}
+		// in the metadata?
+		d.addMetadata(f.Name, f.Value)
+		d.data.isGRPC = true
+	case "grpc-encoding":
+		d.data.encoding = f.Value
+	case "grpc-status":
+		code, err := strconv.Atoi(f.Value)
+		if err != nil {
+			d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-status: %v", err)
+			return
+		}
+		d.data.rawStatusCode = &code
+	case "grpc-message":
+		d.data.rawStatusMsg = decodeGrpcMessage(f.Value)
+	case "grpc-status-details-bin":
+		v, err := decodeBinHeader(f.Value)
+		if err != nil {
+			d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-status-details-bin: %v", err)
+			return
+		}
+		s := &spb.Status{}
+		if err := proto.Unmarshal(v, s); err != nil {
+			d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-status-details-bin: %v", err)
+			return
+		}
+		d.data.statusGen = status.FromProto(s)
+	case "grpc-timeout":
+		d.data.timeoutSet = true
+		var err error
+		if d.data.timeout, err = decodeTimeout(f.Value); err != nil {
+			d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed time-out: %v", err)
+		}
+	case ":path":
+		d.data.method = f.Value
+	case ":status":
+		code, err := strconv.Atoi(f.Value)
+		if err != nil {
+			d.data.httpErr = status.Errorf(codes.Internal, "transport: malformed http-status: %v", err)
+			return
+		}
+		d.data.httpStatus = &code
+	case "grpc-tags-bin":
+		v, err := decodeBinHeader(f.Value)
+		if err != nil {
+			d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-tags-bin: %v", err)
+			return
+		}
+		d.data.statsTags = v
+		d.addMetadata(f.Name, string(v))
+	case "grpc-trace-bin":
+		v, err := decodeBinHeader(f.Value)
+		if err != nil {
+			d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-trace-bin: %v", err)
+			return
+		}
+		d.data.statsTrace = v
+		d.addMetadata(f.Name, string(v))
+	default:
+		if isReservedHeader(f.Name) && !isWhitelistedHeader(f.Name) {
+			break
+		}
+		v, err := decodeMetadataHeader(f.Name, f.Value)
+		if err != nil {
+			errorf("Failed to decode metadata header (%q, %q): %v", f.Name, f.Value, err)
+			return
+		}
+		d.addMetadata(f.Name, v)
+	}
+}
+
+type timeoutUnit uint8
+
+const (
+	hour        timeoutUnit = 'H'
+	minute      timeoutUnit = 'M'
+	second      timeoutUnit = 'S'
+	millisecond timeoutUnit = 'm'
+	microsecond timeoutUnit = 'u'
+	nanosecond  timeoutUnit = 'n'
+)
+
+func timeoutUnitToDuration(u timeoutUnit) (d time.Duration, ok bool) {
+	switch u {
+	case hour:
+		return time.Hour, true
+	case minute:
+		return time.Minute, true
+	case second:
+		return time.Second, true
+	case millisecond:
+		return time.Millisecond, true
+	case microsecond:
+		return time.Microsecond, true
+	case nanosecond:
+		return time.Nanosecond, true
+	default:
+	}
+	return
+}
+
+const maxTimeoutValue int64 = 100000000 - 1
+
+// div does integer division and round-up the result. Note that this is
+// equivalent to (d+r-1)/r but has less chance to overflow.
+func div(d, r time.Duration) int64 {
+	if m := d % r; m > 0 {
+		return int64(d/r + 1)
+	}
+	return int64(d / r)
+}
+
+// TODO(zhaoq): It is the simplistic and not bandwidth efficient. Improve it.
+func encodeTimeout(t time.Duration) string {
+	if t <= 0 {
+		return "0n"
+	}
+	if d := div(t, time.Nanosecond); d <= maxTimeoutValue {
+		return strconv.FormatInt(d, 10) + "n"
+	}
+	if d := div(t, time.Microsecond); d <= maxTimeoutValue {
+		return strconv.FormatInt(d, 10) + "u"
+	}
+	if d := div(t, time.Millisecond); d <= maxTimeoutValue {
+		return strconv.FormatInt(d, 10) + "m"
+	}
+	if d := div(t, time.Second); d <= maxTimeoutValue {
+		return strconv.FormatInt(d, 10) + "S"
+	}
+	if d := div(t, time.Minute); d <= maxTimeoutValue {
+		return strconv.FormatInt(d, 10) + "M"
+	}
+	// Note that maxTimeoutValue * time.Hour > MaxInt64.
+	return strconv.FormatInt(div(t, time.Hour), 10) + "H"
+}
+
+func decodeTimeout(s string) (time.Duration, error) {
+	size := len(s)
+	if size < 2 {
+		return 0, fmt.Errorf("transport: timeout string is too short: %q", s)
+	}
+	if size > 9 {
+		// Spec allows for 8 digits plus the unit.
+		return 0, fmt.Errorf("transport: timeout string is too long: %q", s)
+	}
+	unit := timeoutUnit(s[size-1])
+	d, ok := timeoutUnitToDuration(unit)
+	if !ok {
+		return 0, fmt.Errorf("transport: timeout unit is not recognized: %q", s)
+	}
+	t, err := strconv.ParseInt(s[:size-1], 10, 64)
+	if err != nil {
+		return 0, err
+	}
+	const maxHours = math.MaxInt64 / int64(time.Hour)
+	if d == time.Hour && t > maxHours {
+		// This timeout would overflow math.MaxInt64; clamp it.
+		return time.Duration(math.MaxInt64), nil
+	}
+	return d * time.Duration(t), nil
+}
+
+const (
+	spaceByte   = ' '
+	tildeByte   = '~'
+	percentByte = '%'
+)
+
+// encodeGrpcMessage is used to encode status code in header field
+// "grpc-message". It does percent encoding and also replaces invalid utf-8
+// characters with Unicode replacement character.
+//
+// It checks to see if each individual byte in msg is an allowable byte, and
+// then either percent encoding or passing it through. When percent encoding,
+// the byte is converted into hexadecimal notation with a '%' prepended.
+func encodeGrpcMessage(msg string) string {
+	if msg == "" {
+		return ""
+	}
+	lenMsg := len(msg)
+	for i := 0; i < lenMsg; i++ {
+		c := msg[i]
+		if !(c >= spaceByte && c <= tildeByte && c != percentByte) {
+			return encodeGrpcMessageUnchecked(msg)
+		}
+	}
+	return msg
+}
+
+func encodeGrpcMessageUnchecked(msg string) string {
+	var buf bytes.Buffer
+	for len(msg) > 0 {
+		r, size := utf8.DecodeRuneInString(msg)
+		for _, b := range []byte(string(r)) {
+			if size > 1 {
+				// If size > 1, r is not ascii. Always do percent encoding.
+				buf.WriteString(fmt.Sprintf("%%%02X", b))
+				continue
+			}
+
+			// The for loop is necessary even if size == 1. r could be
+			// utf8.RuneError.
+			//
+			// fmt.Sprintf("%%%02X", utf8.RuneError) gives "%FFFD".
+			if b >= spaceByte && b <= tildeByte && b != percentByte {
+				buf.WriteByte(b)
+			} else {
+				buf.WriteString(fmt.Sprintf("%%%02X", b))
+			}
+		}
+		msg = msg[size:]
+	}
+	return buf.String()
+}
+
+// decodeGrpcMessage decodes the msg encoded by encodeGrpcMessage.
+func decodeGrpcMessage(msg string) string {
+	if msg == "" {
+		return ""
+	}
+	lenMsg := len(msg)
+	for i := 0; i < lenMsg; i++ {
+		if msg[i] == percentByte && i+2 < lenMsg {
+			return decodeGrpcMessageUnchecked(msg)
+		}
+	}
+	return msg
+}
+
+func decodeGrpcMessageUnchecked(msg string) string {
+	var buf bytes.Buffer
+	lenMsg := len(msg)
+	for i := 0; i < lenMsg; i++ {
+		c := msg[i]
+		if c == percentByte && i+2 < lenMsg {
+			parsed, err := strconv.ParseUint(msg[i+1:i+3], 16, 8)
+			if err != nil {
+				buf.WriteByte(c)
+			} else {
+				buf.WriteByte(byte(parsed))
+				i += 2
+			}
+		} else {
+			buf.WriteByte(c)
+		}
+	}
+	return buf.String()
+}
+
+type bufWriter struct {
+	buf       []byte
+	offset    int
+	batchSize int
+	conn      net.Conn
+	err       error
+
+	onFlush func()
+}
+
+func newBufWriter(conn net.Conn, batchSize int) *bufWriter {
+	return &bufWriter{
+		buf:       make([]byte, batchSize*2),
+		batchSize: batchSize,
+		conn:      conn,
+	}
+}
+
+func (w *bufWriter) Write(b []byte) (n int, err error) {
+	if w.err != nil {
+		return 0, w.err
+	}
+	if w.batchSize == 0 { // Buffer has been disabled.
+		return w.conn.Write(b)
+	}
+	for len(b) > 0 {
+		nn := copy(w.buf[w.offset:], b)
+		b = b[nn:]
+		w.offset += nn
+		n += nn
+		if w.offset >= w.batchSize {
+			err = w.Flush()
+		}
+	}
+	return n, err
+}
+
+func (w *bufWriter) Flush() error {
+	if w.err != nil {
+		return w.err
+	}
+	if w.offset == 0 {
+		return nil
+	}
+	if w.onFlush != nil {
+		w.onFlush()
+	}
+	_, w.err = w.conn.Write(w.buf[:w.offset])
+	w.offset = 0
+	return w.err
+}
+
+type framer struct {
+	writer *bufWriter
+	fr     *http2.Framer
+}
+
+func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderListSize uint32) *framer {
+	if writeBufferSize < 0 {
+		writeBufferSize = 0
+	}
+	var r io.Reader = conn
+	if readBufferSize > 0 {
+		r = bufio.NewReaderSize(r, readBufferSize)
+	}
+	w := newBufWriter(conn, writeBufferSize)
+	f := &framer{
+		writer: w,
+		fr:     http2.NewFramer(w, r),
+	}
+	f.fr.SetMaxReadFrameSize(http2MaxFrameLen)
+	// Opt-in to Frame reuse API on framer to reduce garbage.
+	// Frames aren't safe to read from after a subsequent call to ReadFrame.
+	f.fr.SetReuseFrames()
+	f.fr.MaxHeaderListSize = maxHeaderListSize
+	f.fr.ReadMetaHeaders = hpack.NewDecoder(http2InitHeaderTableSize, nil)
+	return f
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/log.go b/vendor/google.golang.org/grpc/internal/transport/log.go
new file mode 100644
index 0000000000000..879df80c4de7f
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/log.go
@@ -0,0 +1,44 @@
+/*
+ *
+ * Copyright 2017 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// This file contains wrappers for grpclog functions.
+// The transport package only logs to verbose level 2 by default.
+
+package transport
+
+import "google.golang.org/grpc/grpclog"
+
+const logLevel = 2
+
+func infof(format string, args ...interface{}) {
+	if grpclog.V(logLevel) {
+		grpclog.Infof(format, args...)
+	}
+}
+
+func warningf(format string, args ...interface{}) {
+	if grpclog.V(logLevel) {
+		grpclog.Warningf(format, args...)
+	}
+}
+
+func errorf(format string, args ...interface{}) {
+	if grpclog.V(logLevel) {
+		grpclog.Errorf(format, args...)
+	}
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go
new file mode 100644
index 0000000000000..a30da9eb324f5
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -0,0 +1,808 @@
+/*
+ *
+ * Copyright 2014 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package transport defines and implements message oriented communication
+// channel to complete various transactions (e.g., an RPC).  It is meant for
+// grpc-internal usage and is not intended to be imported directly by users.
+package transport
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+	"sync/atomic"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/keepalive"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/stats"
+	"google.golang.org/grpc/status"
+	"google.golang.org/grpc/tap"
+)
+
+type bufferPool struct {
+	pool sync.Pool
+}
+
+func newBufferPool() *bufferPool {
+	return &bufferPool{
+		pool: sync.Pool{
+			New: func() interface{} {
+				return new(bytes.Buffer)
+			},
+		},
+	}
+}
+
+func (p *bufferPool) get() *bytes.Buffer {
+	return p.pool.Get().(*bytes.Buffer)
+}
+
+func (p *bufferPool) put(b *bytes.Buffer) {
+	p.pool.Put(b)
+}
+
+// recvMsg represents the received msg from the transport. All transport
+// protocol specific info has been removed.
+type recvMsg struct {
+	buffer *bytes.Buffer
+	// nil: received some data
+	// io.EOF: stream is completed. data is nil.
+	// other non-nil error: transport failure. data is nil.
+	err error
+}
+
+// recvBuffer is an unbounded channel of recvMsg structs.
+//
+// Note: recvBuffer differs from buffer.Unbounded only in the fact that it
+// holds a channel of recvMsg structs instead of objects implementing "item"
+// interface. recvBuffer is written to much more often and using strict recvMsg
+// structs helps avoid allocation in "recvBuffer.put"
+type recvBuffer struct {
+	c       chan recvMsg
+	mu      sync.Mutex
+	backlog []recvMsg
+	err     error
+}
+
+func newRecvBuffer() *recvBuffer {
+	b := &recvBuffer{
+		c: make(chan recvMsg, 1),
+	}
+	return b
+}
+
+func (b *recvBuffer) put(r recvMsg) {
+	b.mu.Lock()
+	if b.err != nil {
+		b.mu.Unlock()
+		// An error had occurred earlier, don't accept more
+		// data or errors.
+		return
+	}
+	b.err = r.err
+	if len(b.backlog) == 0 {
+		select {
+		case b.c <- r:
+			b.mu.Unlock()
+			return
+		default:
+		}
+	}
+	b.backlog = append(b.backlog, r)
+	b.mu.Unlock()
+}
+
+func (b *recvBuffer) load() {
+	b.mu.Lock()
+	if len(b.backlog) > 0 {
+		select {
+		case b.c <- b.backlog[0]:
+			b.backlog[0] = recvMsg{}
+			b.backlog = b.backlog[1:]
+		default:
+		}
+	}
+	b.mu.Unlock()
+}
+
+// get returns the channel that receives a recvMsg in the buffer.
+//
+// Upon receipt of a recvMsg, the caller should call load to send another
+// recvMsg onto the channel if there is any.
+func (b *recvBuffer) get() <-chan recvMsg {
+	return b.c
+}
+
+// recvBufferReader implements io.Reader interface to read the data from
+// recvBuffer.
+type recvBufferReader struct {
+	closeStream func(error) // Closes the client transport stream with the given error and nil trailer metadata.
+	ctx         context.Context
+	ctxDone     <-chan struct{} // cache of ctx.Done() (for performance).
+	recv        *recvBuffer
+	last        *bytes.Buffer // Stores the remaining data in the previous calls.
+	err         error
+	freeBuffer  func(*bytes.Buffer)
+}
+
+// Read reads the next len(p) bytes from last. If last is drained, it tries to
+// read additional data from recv. It blocks if there no additional data available
+// in recv. If Read returns any non-nil error, it will continue to return that error.
+func (r *recvBufferReader) Read(p []byte) (n int, err error) {
+	if r.err != nil {
+		return 0, r.err
+	}
+	if r.last != nil {
+		// Read remaining data left in last call.
+		copied, _ := r.last.Read(p)
+		if r.last.Len() == 0 {
+			r.freeBuffer(r.last)
+			r.last = nil
+		}
+		return copied, nil
+	}
+	if r.closeStream != nil {
+		n, r.err = r.readClient(p)
+	} else {
+		n, r.err = r.read(p)
+	}
+	return n, r.err
+}
+
+func (r *recvBufferReader) read(p []byte) (n int, err error) {
+	select {
+	case <-r.ctxDone:
+		return 0, ContextErr(r.ctx.Err())
+	case m := <-r.recv.get():
+		return r.readAdditional(m, p)
+	}
+}
+
+func (r *recvBufferReader) readClient(p []byte) (n int, err error) {
+	// If the context is canceled, then closes the stream with nil metadata.
+	// closeStream writes its error parameter to r.recv as a recvMsg.
+	// r.readAdditional acts on that message and returns the necessary error.
+	select {
+	case <-r.ctxDone:
+		// Note that this adds the ctx error to the end of recv buffer, and
+		// reads from the head. This will delay the error until recv buffer is
+		// empty, thus will delay ctx cancellation in Recv().
+		//
+		// It's done this way to fix a race between ctx cancel and trailer. The
+		// race was, stream.Recv() may return ctx error if ctxDone wins the
+		// race, but stream.Trailer() may return a non-nil md because the stream
+		// was not marked as done when trailer is received. This closeStream
+		// call will mark stream as done, thus fix the race.
+		//
+		// TODO: delaying ctx error seems like a unnecessary side effect. What
+		// we really want is to mark the stream as done, and return ctx error
+		// faster.
+		r.closeStream(ContextErr(r.ctx.Err()))
+		m := <-r.recv.get()
+		return r.readAdditional(m, p)
+	case m := <-r.recv.get():
+		return r.readAdditional(m, p)
+	}
+}
+
+func (r *recvBufferReader) readAdditional(m recvMsg, p []byte) (n int, err error) {
+	r.recv.load()
+	if m.err != nil {
+		return 0, m.err
+	}
+	copied, _ := m.buffer.Read(p)
+	if m.buffer.Len() == 0 {
+		r.freeBuffer(m.buffer)
+		r.last = nil
+	} else {
+		r.last = m.buffer
+	}
+	return copied, nil
+}
+
+type streamState uint32
+
+const (
+	streamActive    streamState = iota
+	streamWriteDone             // EndStream sent
+	streamReadDone              // EndStream received
+	streamDone                  // the entire stream is finished.
+)
+
+// Stream represents an RPC in the transport layer.
+type Stream struct {
+	id           uint32
+	st           ServerTransport    // nil for client side Stream
+	ct           *http2Client       // nil for server side Stream
+	ctx          context.Context    // the associated context of the stream
+	cancel       context.CancelFunc // always nil for client side Stream
+	done         chan struct{}      // closed at the end of stream to unblock writers. On the client side.
+	ctxDone      <-chan struct{}    // same as done chan but for server side. Cache of ctx.Done() (for performance)
+	method       string             // the associated RPC method of the stream
+	recvCompress string
+	sendCompress string
+	buf          *recvBuffer
+	trReader     io.Reader
+	fc           *inFlow
+	wq           *writeQuota
+
+	// Callback to state application's intentions to read data. This
+	// is used to adjust flow control, if needed.
+	requestRead func(int)
+
+	headerChan       chan struct{} // closed to indicate the end of header metadata.
+	headerChanClosed uint32        // set when headerChan is closed. Used to avoid closing headerChan multiple times.
+	// headerValid indicates whether a valid header was received.  Only
+	// meaningful after headerChan is closed (always call waitOnHeader() before
+	// reading its value).  Not valid on server side.
+	headerValid bool
+
+	// hdrMu protects header and trailer metadata on the server-side.
+	hdrMu sync.Mutex
+	// On client side, header keeps the received header metadata.
+	//
+	// On server side, header keeps the header set by SetHeader(). The complete
+	// header will merged into this after t.WriteHeader() is called.
+	header  metadata.MD
+	trailer metadata.MD // the key-value map of trailer metadata.
+
+	noHeaders bool // set if the client never received headers (set only after the stream is done).
+
+	// On the server-side, headerSent is atomically set to 1 when the headers are sent out.
+	headerSent uint32
+
+	state streamState
+
+	// On client-side it is the status error received from the server.
+	// On server-side it is unused.
+	status *status.Status
+
+	bytesReceived uint32 // indicates whether any bytes have been received on this stream
+	unprocessed   uint32 // set if the server sends a refused stream or GOAWAY including this stream
+
+	// contentSubtype is the content-subtype for requests.
+	// this must be lowercase or the behavior is undefined.
+	contentSubtype string
+}
+
+// isHeaderSent is only valid on the server-side.
+func (s *Stream) isHeaderSent() bool {
+	return atomic.LoadUint32(&s.headerSent) == 1
+}
+
+// updateHeaderSent updates headerSent and returns true
+// if it was alreay set. It is valid only on server-side.
+func (s *Stream) updateHeaderSent() bool {
+	return atomic.SwapUint32(&s.headerSent, 1) == 1
+}
+
+func (s *Stream) swapState(st streamState) streamState {
+	return streamState(atomic.SwapUint32((*uint32)(&s.state), uint32(st)))
+}
+
+func (s *Stream) compareAndSwapState(oldState, newState streamState) bool {
+	return atomic.CompareAndSwapUint32((*uint32)(&s.state), uint32(oldState), uint32(newState))
+}
+
+func (s *Stream) getState() streamState {
+	return streamState(atomic.LoadUint32((*uint32)(&s.state)))
+}
+
+func (s *Stream) waitOnHeader() {
+	if s.headerChan == nil {
+		// On the server headerChan is always nil since a stream originates
+		// only after having received headers.
+		return
+	}
+	select {
+	case <-s.ctx.Done():
+		// Close the stream to prevent headers/trailers from changing after
+		// this function returns.
+		s.ct.CloseStream(s, ContextErr(s.ctx.Err()))
+		// headerChan could possibly not be closed yet if closeStream raced
+		// with operateHeaders; wait until it is closed explicitly here.
+		<-s.headerChan
+	case <-s.headerChan:
+	}
+}
+
+// RecvCompress returns the compression algorithm applied to the inbound
+// message. It is empty string if there is no compression applied.
+func (s *Stream) RecvCompress() string {
+	s.waitOnHeader()
+	return s.recvCompress
+}
+
+// SetSendCompress sets the compression algorithm to the stream.
+func (s *Stream) SetSendCompress(str string) {
+	s.sendCompress = str
+}
+
+// Done returns a channel which is closed when it receives the final status
+// from the server.
+func (s *Stream) Done() <-chan struct{} {
+	return s.done
+}
+
+// Header returns the header metadata of the stream.
+//
+// On client side, it acquires the key-value pairs of header metadata once it is
+// available. It blocks until i) the metadata is ready or ii) there is no header
+// metadata or iii) the stream is canceled/expired.
+//
+// On server side, it returns the out header after t.WriteHeader is called.  It
+// does not block and must not be called until after WriteHeader.
+func (s *Stream) Header() (metadata.MD, error) {
+	if s.headerChan == nil {
+		// On server side, return the header in stream. It will be the out
+		// header after t.WriteHeader is called.
+		return s.header.Copy(), nil
+	}
+	s.waitOnHeader()
+	if !s.headerValid {
+		return nil, s.status.Err()
+	}
+	return s.header.Copy(), nil
+}
+
+// TrailersOnly blocks until a header or trailers-only frame is received and
+// then returns true if the stream was trailers-only.  If the stream ends
+// before headers are received, returns true, nil.  Client-side only.
+func (s *Stream) TrailersOnly() bool {
+	s.waitOnHeader()
+	return s.noHeaders
+}
+
+// Trailer returns the cached trailer metedata. Note that if it is not called
+// after the entire stream is done, it could return an empty MD. Client
+// side only.
+// It can be safely read only after stream has ended that is either read
+// or write have returned io.EOF.
+func (s *Stream) Trailer() metadata.MD {
+	c := s.trailer.Copy()
+	return c
+}
+
+// ContentSubtype returns the content-subtype for a request. For example, a
+// content-subtype of "proto" will result in a content-type of
+// "application/grpc+proto". This will always be lowercase.  See
+// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for
+// more details.
+func (s *Stream) ContentSubtype() string {
+	return s.contentSubtype
+}
+
+// Context returns the context of the stream.
+func (s *Stream) Context() context.Context {
+	return s.ctx
+}
+
+// Method returns the method for the stream.
+func (s *Stream) Method() string {
+	return s.method
+}
+
+// Status returns the status received from the server.
+// Status can be read safely only after the stream has ended,
+// that is, after Done() is closed.
+func (s *Stream) Status() *status.Status {
+	return s.status
+}
+
+// SetHeader sets the header metadata. This can be called multiple times.
+// Server side only.
+// This should not be called in parallel to other data writes.
+func (s *Stream) SetHeader(md metadata.MD) error {
+	if md.Len() == 0 {
+		return nil
+	}
+	if s.isHeaderSent() || s.getState() == streamDone {
+		return ErrIllegalHeaderWrite
+	}
+	s.hdrMu.Lock()
+	s.header = metadata.Join(s.header, md)
+	s.hdrMu.Unlock()
+	return nil
+}
+
+// SendHeader sends the given header metadata. The given metadata is
+// combined with any metadata set by previous calls to SetHeader and
+// then written to the transport stream.
+func (s *Stream) SendHeader(md metadata.MD) error {
+	return s.st.WriteHeader(s, md)
+}
+
+// SetTrailer sets the trailer metadata which will be sent with the RPC status
+// by the server. This can be called multiple times. Server side only.
+// This should not be called parallel to other data writes.
+func (s *Stream) SetTrailer(md metadata.MD) error {
+	if md.Len() == 0 {
+		return nil
+	}
+	if s.getState() == streamDone {
+		return ErrIllegalHeaderWrite
+	}
+	s.hdrMu.Lock()
+	s.trailer = metadata.Join(s.trailer, md)
+	s.hdrMu.Unlock()
+	return nil
+}
+
+func (s *Stream) write(m recvMsg) {
+	s.buf.put(m)
+}
+
+// Read reads all p bytes from the wire for this stream.
+func (s *Stream) Read(p []byte) (n int, err error) {
+	// Don't request a read if there was an error earlier
+	if er := s.trReader.(*transportReader).er; er != nil {
+		return 0, er
+	}
+	s.requestRead(len(p))
+	return io.ReadFull(s.trReader, p)
+}
+
+// tranportReader reads all the data available for this Stream from the transport and
+// passes them into the decoder, which converts them into a gRPC message stream.
+// The error is io.EOF when the stream is done or another non-nil error if
+// the stream broke.
+type transportReader struct {
+	reader io.Reader
+	// The handler to control the window update procedure for both this
+	// particular stream and the associated transport.
+	windowHandler func(int)
+	er            error
+}
+
+func (t *transportReader) Read(p []byte) (n int, err error) {
+	n, err = t.reader.Read(p)
+	if err != nil {
+		t.er = err
+		return
+	}
+	t.windowHandler(n)
+	return
+}
+
+// BytesReceived indicates whether any bytes have been received on this stream.
+func (s *Stream) BytesReceived() bool {
+	return atomic.LoadUint32(&s.bytesReceived) == 1
+}
+
+// Unprocessed indicates whether the server did not process this stream --
+// i.e. it sent a refused stream or GOAWAY including this stream ID.
+func (s *Stream) Unprocessed() bool {
+	return atomic.LoadUint32(&s.unprocessed) == 1
+}
+
+// GoString is implemented by Stream so context.String() won't
+// race when printing %#v.
+func (s *Stream) GoString() string {
+	return fmt.Sprintf("<stream: %p, %v>", s, s.method)
+}
+
+// state of transport
+type transportState int
+
+const (
+	reachable transportState = iota
+	closing
+	draining
+)
+
+// ServerConfig consists of all the configurations to establish a server transport.
+type ServerConfig struct {
+	MaxStreams            uint32
+	AuthInfo              credentials.AuthInfo
+	InTapHandle           tap.ServerInHandle
+	StatsHandler          stats.Handler
+	KeepaliveParams       keepalive.ServerParameters
+	KeepalivePolicy       keepalive.EnforcementPolicy
+	InitialWindowSize     int32
+	InitialConnWindowSize int32
+	WriteBufferSize       int
+	ReadBufferSize        int
+	ChannelzParentID      int64
+	MaxHeaderListSize     *uint32
+	HeaderTableSize       *uint32
+}
+
+// NewServerTransport creates a ServerTransport with conn or non-nil error
+// if it fails.
+func NewServerTransport(protocol string, conn net.Conn, config *ServerConfig) (ServerTransport, error) {
+	return newHTTP2Server(conn, config)
+}
+
+// ConnectOptions covers all relevant options for communicating with the server.
+type ConnectOptions struct {
+	// UserAgent is the application user agent.
+	UserAgent string
+	// Dialer specifies how to dial a network address.
+	Dialer func(context.Context, string) (net.Conn, error)
+	// FailOnNonTempDialError specifies if gRPC fails on non-temporary dial errors.
+	FailOnNonTempDialError bool
+	// PerRPCCredentials stores the PerRPCCredentials required to issue RPCs.
+	PerRPCCredentials []credentials.PerRPCCredentials
+	// TransportCredentials stores the Authenticator required to setup a client
+	// connection. Only one of TransportCredentials and CredsBundle is non-nil.
+	TransportCredentials credentials.TransportCredentials
+	// CredsBundle is the credentials bundle to be used. Only one of
+	// TransportCredentials and CredsBundle is non-nil.
+	CredsBundle credentials.Bundle
+	// KeepaliveParams stores the keepalive parameters.
+	KeepaliveParams keepalive.ClientParameters
+	// StatsHandler stores the handler for stats.
+	StatsHandler stats.Handler
+	// InitialWindowSize sets the initial window size for a stream.
+	InitialWindowSize int32
+	// InitialConnWindowSize sets the initial window size for a connection.
+	InitialConnWindowSize int32
+	// WriteBufferSize sets the size of write buffer which in turn determines how much data can be batched before it's written on the wire.
+	WriteBufferSize int
+	// ReadBufferSize sets the size of read buffer, which in turn determines how much data can be read at most for one read syscall.
+	ReadBufferSize int
+	// ChannelzParentID sets the addrConn id which initiate the creation of this client transport.
+	ChannelzParentID int64
+	// MaxHeaderListSize sets the max (uncompressed) size of header list that is prepared to be received.
+	MaxHeaderListSize *uint32
+}
+
+// TargetInfo contains the information of the target such as network address and metadata.
+type TargetInfo struct {
+	Addr      string
+	Metadata  interface{}
+	Authority string
+}
+
+// NewClientTransport establishes the transport with the required ConnectOptions
+// and returns it to the caller.
+func NewClientTransport(connectCtx, ctx context.Context, target TargetInfo, opts ConnectOptions, onPrefaceReceipt func(), onGoAway func(GoAwayReason), onClose func()) (ClientTransport, error) {
+	return newHTTP2Client(connectCtx, ctx, target, opts, onPrefaceReceipt, onGoAway, onClose)
+}
+
+// Options provides additional hints and information for message
+// transmission.
+type Options struct {
+	// Last indicates whether this write is the last piece for
+	// this stream.
+	Last bool
+}
+
+// CallHdr carries the information of a particular RPC.
+type CallHdr struct {
+	// Host specifies the peer's host.
+	Host string
+
+	// Method specifies the operation to perform.
+	Method string
+
+	// SendCompress specifies the compression algorithm applied on
+	// outbound message.
+	SendCompress string
+
+	// Creds specifies credentials.PerRPCCredentials for a call.
+	Creds credentials.PerRPCCredentials
+
+	// ContentSubtype specifies the content-subtype for a request. For example, a
+	// content-subtype of "proto" will result in a content-type of
+	// "application/grpc+proto". The value of ContentSubtype must be all
+	// lowercase, otherwise the behavior is undefined. See
+	// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests
+	// for more details.
+	ContentSubtype string
+
+	PreviousAttempts int // value of grpc-previous-rpc-attempts header to set
+}
+
+// ClientTransport is the common interface for all gRPC client-side transport
+// implementations.
+type ClientTransport interface {
+	// Close tears down this transport. Once it returns, the transport
+	// should not be accessed any more. The caller must make sure this
+	// is called only once.
+	Close() error
+
+	// GracefulClose starts to tear down the transport: the transport will stop
+	// accepting new RPCs and NewStream will return error. Once all streams are
+	// finished, the transport will close.
+	//
+	// It does not block.
+	GracefulClose()
+
+	// Write sends the data for the given stream. A nil stream indicates
+	// the write is to be performed on the transport as a whole.
+	Write(s *Stream, hdr []byte, data []byte, opts *Options) error
+
+	// NewStream creates a Stream for an RPC.
+	NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, error)
+
+	// CloseStream clears the footprint of a stream when the stream is
+	// not needed any more. The err indicates the error incurred when
+	// CloseStream is called. Must be called when a stream is finished
+	// unless the associated transport is closing.
+	CloseStream(stream *Stream, err error)
+
+	// Error returns a channel that is closed when some I/O error
+	// happens. Typically the caller should have a goroutine to monitor
+	// this in order to take action (e.g., close the current transport
+	// and create a new one) in error case. It should not return nil
+	// once the transport is initiated.
+	Error() <-chan struct{}
+
+	// GoAway returns a channel that is closed when ClientTransport
+	// receives the draining signal from the server (e.g., GOAWAY frame in
+	// HTTP/2).
+	GoAway() <-chan struct{}
+
+	// GetGoAwayReason returns the reason why GoAway frame was received.
+	GetGoAwayReason() GoAwayReason
+
+	// RemoteAddr returns the remote network address.
+	RemoteAddr() net.Addr
+
+	// IncrMsgSent increments the number of message sent through this transport.
+	IncrMsgSent()
+
+	// IncrMsgRecv increments the number of message received through this transport.
+	IncrMsgRecv()
+}
+
+// ServerTransport is the common interface for all gRPC server-side transport
+// implementations.
+//
+// Methods may be called concurrently from multiple goroutines, but
+// Write methods for a given Stream will be called serially.
+type ServerTransport interface {
+	// HandleStreams receives incoming streams using the given handler.
+	HandleStreams(func(*Stream), func(context.Context, string) context.Context)
+
+	// WriteHeader sends the header metadata for the given stream.
+	// WriteHeader may not be called on all streams.
+	WriteHeader(s *Stream, md metadata.MD) error
+
+	// Write sends the data for the given stream.
+	// Write may not be called on all streams.
+	Write(s *Stream, hdr []byte, data []byte, opts *Options) error
+
+	// WriteStatus sends the status of a stream to the client.  WriteStatus is
+	// the final call made on a stream and always occurs.
+	WriteStatus(s *Stream, st *status.Status) error
+
+	// Close tears down the transport. Once it is called, the transport
+	// should not be accessed any more. All the pending streams and their
+	// handlers will be terminated asynchronously.
+	Close() error
+
+	// RemoteAddr returns the remote network address.
+	RemoteAddr() net.Addr
+
+	// Drain notifies the client this ServerTransport stops accepting new RPCs.
+	Drain()
+
+	// IncrMsgSent increments the number of message sent through this transport.
+	IncrMsgSent()
+
+	// IncrMsgRecv increments the number of message received through this transport.
+	IncrMsgRecv()
+}
+
+// connectionErrorf creates an ConnectionError with the specified error description.
+func connectionErrorf(temp bool, e error, format string, a ...interface{}) ConnectionError {
+	return ConnectionError{
+		Desc: fmt.Sprintf(format, a...),
+		temp: temp,
+		err:  e,
+	}
+}
+
+// ConnectionError is an error that results in the termination of the
+// entire connection and the retry of all the active streams.
+type ConnectionError struct {
+	Desc string
+	temp bool
+	err  error
+}
+
+func (e ConnectionError) Error() string {
+	return fmt.Sprintf("connection error: desc = %q", e.Desc)
+}
+
+// Temporary indicates if this connection error is temporary or fatal.
+func (e ConnectionError) Temporary() bool {
+	return e.temp
+}
+
+// Origin returns the original error of this connection error.
+func (e ConnectionError) Origin() error {
+	// Never return nil error here.
+	// If the original error is nil, return itself.
+	if e.err == nil {
+		return e
+	}
+	return e.err
+}
+
+var (
+	// ErrConnClosing indicates that the transport is closing.
+	ErrConnClosing = connectionErrorf(true, nil, "transport is closing")
+	// errStreamDrain indicates that the stream is rejected because the
+	// connection is draining. This could be caused by goaway or balancer
+	// removing the address.
+	errStreamDrain = status.Error(codes.Unavailable, "the connection is draining")
+	// errStreamDone is returned from write at the client side to indiacte application
+	// layer of an error.
+	errStreamDone = errors.New("the stream is done")
+	// StatusGoAway indicates that the server sent a GOAWAY that included this
+	// stream's ID in unprocessed RPCs.
+	statusGoAway = status.New(codes.Unavailable, "the stream is rejected because server is draining the connection")
+)
+
+// GoAwayReason contains the reason for the GoAway frame received.
+type GoAwayReason uint8
+
+const (
+	// GoAwayInvalid indicates that no GoAway frame is received.
+	GoAwayInvalid GoAwayReason = 0
+	// GoAwayNoReason is the default value when GoAway frame is received.
+	GoAwayNoReason GoAwayReason = 1
+	// GoAwayTooManyPings indicates that a GoAway frame with
+	// ErrCodeEnhanceYourCalm was received and that the debug data said
+	// "too_many_pings".
+	GoAwayTooManyPings GoAwayReason = 2
+)
+
+// channelzData is used to store channelz related data for http2Client and http2Server.
+// These fields cannot be embedded in the original structs (e.g. http2Client), since to do atomic
+// operation on int64 variable on 32-bit machine, user is responsible to enforce memory alignment.
+// Here, by grouping those int64 fields inside a struct, we are enforcing the alignment.
+type channelzData struct {
+	kpCount int64
+	// The number of streams that have started, including already finished ones.
+	streamsStarted int64
+	// Client side: The number of streams that have ended successfully by receiving
+	// EoS bit set frame from server.
+	// Server side: The number of streams that have ended successfully by sending
+	// frame with EoS bit set.
+	streamsSucceeded int64
+	streamsFailed    int64
+	// lastStreamCreatedTime stores the timestamp that the last stream gets created. It is of int64 type
+	// instead of time.Time since it's more costly to atomically update time.Time variable than int64
+	// variable. The same goes for lastMsgSentTime and lastMsgRecvTime.
+	lastStreamCreatedTime int64
+	msgSent               int64
+	msgRecv               int64
+	lastMsgSentTime       int64
+	lastMsgRecvTime       int64
+}
+
+// ContextErr converts the error from context package into a status error.
+func ContextErr(err error) error {
+	switch err {
+	case context.DeadlineExceeded:
+		return status.Error(codes.DeadlineExceeded, err.Error())
+	case context.Canceled:
+		return status.Error(codes.Canceled, err.Error())
+	}
+	return status.Errorf(codes.Internal, "Unexpected error from context packet: %v", err)
+}
diff --git a/vendor/google.golang.org/grpc/keepalive/keepalive.go b/vendor/google.golang.org/grpc/keepalive/keepalive.go
index f8adc7e6d4fa1..34d31b5e7d311 100644
--- a/vendor/google.golang.org/grpc/keepalive/keepalive.go
+++ b/vendor/google.golang.org/grpc/keepalive/keepalive.go
@@ -16,7 +16,8 @@
  *
  */
 
-// Package keepalive defines configurable parameters for point-to-point healthcheck.
+// Package keepalive defines configurable parameters for point-to-point
+// healthcheck.
 package keepalive
 
 import (
@@ -24,42 +25,61 @@ import (
 )
 
 // ClientParameters is used to set keepalive parameters on the client-side.
-// These configure how the client will actively probe to notice when a connection is broken
-// and send pings so intermediaries will be aware of the liveness of the connection.
-// Make sure these parameters are set in coordination with the keepalive policy on the server,
-// as incompatible settings can result in closing of connection.
+// These configure how the client will actively probe to notice when a
+// connection is broken and send pings so intermediaries will be aware of the
+// liveness of the connection. Make sure these parameters are set in
+// coordination with the keepalive policy on the server, as incompatible
+// settings can result in closing of connection.
 type ClientParameters struct {
-	// After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.
+	// After a duration of this time if the client doesn't see any activity it
+	// pings the server to see if the transport is still alive.
+	// If set below 10s, a minimum value of 10s will be used instead.
 	Time time.Duration // The current default value is infinity.
-	// After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that
-	// the connection is closed.
+	// After having pinged for keepalive check, the client waits for a duration
+	// of Timeout and if no activity is seen even after that the connection is
+	// closed.
 	Timeout time.Duration // The current default value is 20 seconds.
-	// If true, client runs keepalive checks even with no active RPCs.
+	// If true, client sends keepalive pings even with no active RPCs. If false,
+	// when there are no active RPCs, Time and Timeout will be ignored and no
+	// keepalive pings will be sent.
 	PermitWithoutStream bool // false by default.
 }
 
-// ServerParameters is used to set keepalive and max-age parameters on the server-side.
+// ServerParameters is used to set keepalive and max-age parameters on the
+// server-side.
 type ServerParameters struct {
-	// MaxConnectionIdle is a duration for the amount of time after which an idle connection would be closed by sending a GoAway.
-	// Idleness duration is defined since the most recent time the number of outstanding RPCs became zero or the connection establishment.
+	// MaxConnectionIdle is a duration for the amount of time after which an
+	// idle connection would be closed by sending a GoAway. Idleness duration is
+	// defined since the most recent time the number of outstanding RPCs became
+	// zero or the connection establishment.
 	MaxConnectionIdle time.Duration // The current default value is infinity.
-	// MaxConnectionAge is a duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway.
-	// A random jitter of +/-10% will be added to MaxConnectionAge to spread out connection storms.
+	// MaxConnectionAge is a duration for the maximum amount of time a
+	// connection may exist before it will be closed by sending a GoAway. A
+	// random jitter of +/-10% will be added to MaxConnectionAge to spread out
+	// connection storms.
 	MaxConnectionAge time.Duration // The current default value is infinity.
-	// MaxConnectinoAgeGrace is an additive period after MaxConnectionAge after which the connection will be forcibly closed.
+	// MaxConnectionAgeGrace is an additive period after MaxConnectionAge after
+	// which the connection will be forcibly closed.
 	MaxConnectionAgeGrace time.Duration // The current default value is infinity.
-	// After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive.
+	// After a duration of this time if the server doesn't see any activity it
+	// pings the client to see if the transport is still alive.
+	// If set below 1s, a minimum value of 1s will be used instead.
 	Time time.Duration // The current default value is 2 hours.
-	// After having pinged for keepalive check, the server waits for a duration of Timeout and if no activity is seen even after that
-	// the connection is closed.
+	// After having pinged for keepalive check, the server waits for a duration
+	// of Timeout and if no activity is seen even after that the connection is
+	// closed.
 	Timeout time.Duration // The current default value is 20 seconds.
 }
 
-// EnforcementPolicy is used to set keepalive enforcement policy on the server-side.
-// Server will close connection with a client that violates this policy.
+// EnforcementPolicy is used to set keepalive enforcement policy on the
+// server-side. Server will close connection with a client that violates this
+// policy.
 type EnforcementPolicy struct {
-	// MinTime is the minimum amount of time a client should wait before sending a keepalive ping.
+	// MinTime is the minimum amount of time a client should wait before sending
+	// a keepalive ping.
 	MinTime time.Duration // The current default value is 5 minutes.
-	// If true, server expects keepalive pings even when there are no active streams(RPCs).
+	// If true, server allows keepalive pings even when there are no active
+	// streams(RPCs). If false, and client sends ping when there are no active
+	// streams, server will send GOAWAY and close the connection.
 	PermitWithoutStream bool // false by default.
 }
diff --git a/vendor/google.golang.org/grpc/metadata/metadata.go b/vendor/google.golang.org/grpc/metadata/metadata.go
index bd2eaf408376c..cf6d1b94781ca 100644
--- a/vendor/google.golang.org/grpc/metadata/metadata.go
+++ b/vendor/google.golang.org/grpc/metadata/metadata.go
@@ -22,10 +22,9 @@
 package metadata // import "google.golang.org/grpc/metadata"
 
 import (
+	"context"
 	"fmt"
 	"strings"
-
-	"golang.org/x/net/context"
 )
 
 // DecodeKeyValue returns k, v, nil.
diff --git a/vendor/google.golang.org/grpc/naming/dns_resolver.go b/vendor/google.golang.org/grpc/naming/dns_resolver.go
index 0f8a908ea9c1f..c9f79dc533624 100644
--- a/vendor/google.golang.org/grpc/naming/dns_resolver.go
+++ b/vendor/google.golang.org/grpc/naming/dns_resolver.go
@@ -19,13 +19,13 @@
 package naming
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net"
 	"strconv"
 	"time"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/grpclog"
 )
 
@@ -37,6 +37,9 @@ const (
 var (
 	errMissingAddr  = errors.New("missing address")
 	errWatcherClose = errors.New("watcher has been closed")
+
+	lookupHost = net.DefaultResolver.LookupHost
+	lookupSRV  = net.DefaultResolver.LookupSRV
 )
 
 // NewDNSResolverWithFreq creates a DNS Resolver that can resolve DNS names, and
@@ -73,8 +76,8 @@ func formatIP(addr string) (addrIP string, ok bool) {
 
 // parseTarget takes the user input target string, returns formatted host and port info.
 // If target doesn't specify a port, set the port to be the defaultPort.
-// If target is in IPv6 format and host-name is enclosed in sqarue brackets, brackets
-// are strippd when setting the host.
+// If target is in IPv6 format and host-name is enclosed in square brackets, brackets
+// are stripped when setting the host.
 // examples:
 // target: "www.google.com" returns host: "www.google.com", port: "443"
 // target: "ipv4-host:80" returns host: "ipv4-host", port: "80"
@@ -218,7 +221,7 @@ func (w *dnsWatcher) lookupSRV() map[string]*Update {
 	for _, s := range srvs {
 		lbAddrs, err := lookupHost(w.ctx, s.Target)
 		if err != nil {
-			grpclog.Warningf("grpc: failed load banlacer address dns lookup due to %v.\n", err)
+			grpclog.Warningf("grpc: failed load balancer address dns lookup due to %v.\n", err)
 			continue
 		}
 		for _, a := range lbAddrs {
diff --git a/vendor/google.golang.org/grpc/naming/go17.go b/vendor/google.golang.org/grpc/naming/go17.go
deleted file mode 100644
index 57b65d7b88981..0000000000000
--- a/vendor/google.golang.org/grpc/naming/go17.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// +build go1.6,!go1.8
-
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package naming
-
-import (
-	"net"
-
-	"golang.org/x/net/context"
-)
-
-var (
-	lookupHost = func(ctx context.Context, host string) ([]string, error) { return net.LookupHost(host) }
-	lookupSRV  = func(ctx context.Context, service, proto, name string) (string, []*net.SRV, error) {
-		return net.LookupSRV(service, proto, name)
-	}
-)
diff --git a/vendor/google.golang.org/grpc/naming/go18.go b/vendor/google.golang.org/grpc/naming/go18.go
deleted file mode 100644
index b5a0f842748fc..0000000000000
--- a/vendor/google.golang.org/grpc/naming/go18.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// +build go1.8
-
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package naming
-
-import "net"
-
-var (
-	lookupHost = net.DefaultResolver.LookupHost
-	lookupSRV  = net.DefaultResolver.LookupSRV
-)
diff --git a/vendor/google.golang.org/grpc/naming/naming.go b/vendor/google.golang.org/grpc/naming/naming.go
index 8cc39e93758f4..f4c1c8b689474 100644
--- a/vendor/google.golang.org/grpc/naming/naming.go
+++ b/vendor/google.golang.org/grpc/naming/naming.go
@@ -17,9 +17,8 @@
  */
 
 // Package naming defines the naming API and related data structures for gRPC.
-// The interface is EXPERIMENTAL and may be suject to change.
 //
-// Deprecated: please use package resolver.
+// This package is deprecated: please use package resolver instead.
 package naming
 
 // Operation defines the corresponding operations for a name resolution change.
diff --git a/vendor/google.golang.org/grpc/peer/peer.go b/vendor/google.golang.org/grpc/peer/peer.go
index 317b8b9d09a58..e01d219ffbc58 100644
--- a/vendor/google.golang.org/grpc/peer/peer.go
+++ b/vendor/google.golang.org/grpc/peer/peer.go
@@ -21,9 +21,9 @@
 package peer
 
 import (
+	"context"
 	"net"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/credentials"
 )
 
diff --git a/vendor/google.golang.org/grpc/picker_wrapper.go b/vendor/google.golang.org/grpc/picker_wrapper.go
index 0a984e6c8af06..00447894f07b3 100644
--- a/vendor/google.golang.org/grpc/picker_wrapper.go
+++ b/vendor/google.golang.org/grpc/picker_wrapper.go
@@ -19,91 +19,91 @@
 package grpc
 
 import (
+	"context"
+	"fmt"
 	"io"
 	"sync"
-	"sync/atomic"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/channelz"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/grpclog"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/resolver"
+	"google.golang.org/grpc/internal/channelz"
+	"google.golang.org/grpc/internal/transport"
 	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/transport"
 )
 
+// v2PickerWrapper wraps a balancer.Picker while providing the
+// balancer.V2Picker API.  It requires a pickerWrapper to generate errors
+// including the latest connectionError.  To be deleted when balancer.Picker is
+// updated to the balancer.V2Picker API.
+type v2PickerWrapper struct {
+	picker  balancer.Picker
+	connErr *connErr
+}
+
+func (v *v2PickerWrapper) Pick(info balancer.PickInfo) (balancer.PickResult, error) {
+	sc, done, err := v.picker.Pick(info.Ctx, info)
+	if err != nil {
+		if err == balancer.ErrTransientFailure {
+			return balancer.PickResult{}, balancer.TransientFailureError(fmt.Errorf("%v, latest connection error: %v", err, v.connErr.connectionError()))
+		}
+		return balancer.PickResult{}, err
+	}
+	return balancer.PickResult{SubConn: sc, Done: done}, nil
+}
+
 // pickerWrapper is a wrapper of balancer.Picker. It blocks on certain pick
 // actions and unblock when there's a picker update.
 type pickerWrapper struct {
 	mu         sync.Mutex
 	done       bool
 	blockingCh chan struct{}
-	picker     balancer.Picker
+	picker     balancer.V2Picker
 
-	// The latest connection happened.
-	connErrMu sync.Mutex
-	connErr   error
-
-	stickinessMDKey atomic.Value
-	stickiness      *stickyStore
+	// The latest connection error.  TODO: remove when V1 picker is deprecated;
+	// balancer should be responsible for providing the error.
+	*connErr
 }
 
-func newPickerWrapper() *pickerWrapper {
-	bp := &pickerWrapper{
-		blockingCh: make(chan struct{}),
-		stickiness: newStickyStore(),
-	}
-	return bp
+type connErr struct {
+	mu  sync.Mutex
+	err error
 }
 
-func (bp *pickerWrapper) updateConnectionError(err error) {
-	bp.connErrMu.Lock()
-	bp.connErr = err
-	bp.connErrMu.Unlock()
+func (c *connErr) updateConnectionError(err error) {
+	c.mu.Lock()
+	c.err = err
+	c.mu.Unlock()
 }
 
-func (bp *pickerWrapper) connectionError() error {
-	bp.connErrMu.Lock()
-	err := bp.connErr
-	bp.connErrMu.Unlock()
+func (c *connErr) connectionError() error {
+	c.mu.Lock()
+	err := c.err
+	c.mu.Unlock()
 	return err
 }
 
-func (bp *pickerWrapper) updateStickinessMDKey(newKey string) {
-	// No need to check ok because mdKey == "" if ok == false.
-	if oldKey, _ := bp.stickinessMDKey.Load().(string); oldKey != newKey {
-		bp.stickinessMDKey.Store(newKey)
-		bp.stickiness.reset(newKey)
-	}
-}
-
-func (bp *pickerWrapper) getStickinessMDKey() string {
-	// No need to check ok because mdKey == "" if ok == false.
-	mdKey, _ := bp.stickinessMDKey.Load().(string)
-	return mdKey
+func newPickerWrapper() *pickerWrapper {
+	return &pickerWrapper{blockingCh: make(chan struct{}), connErr: &connErr{}}
 }
 
-func (bp *pickerWrapper) clearStickinessState() {
-	if oldKey := bp.getStickinessMDKey(); oldKey != "" {
-		// There's no need to reset store if mdKey was "".
-		bp.stickiness.reset(oldKey)
-	}
+// updatePicker is called by UpdateBalancerState. It unblocks all blocked pick.
+func (pw *pickerWrapper) updatePicker(p balancer.Picker) {
+	pw.updatePickerV2(&v2PickerWrapper{picker: p, connErr: pw.connErr})
 }
 
 // updatePicker is called by UpdateBalancerState. It unblocks all blocked pick.
-func (bp *pickerWrapper) updatePicker(p balancer.Picker) {
-	bp.mu.Lock()
-	if bp.done {
-		bp.mu.Unlock()
+func (pw *pickerWrapper) updatePickerV2(p balancer.V2Picker) {
+	pw.mu.Lock()
+	if pw.done {
+		pw.mu.Unlock()
 		return
 	}
-	bp.picker = p
-	// bp.blockingCh should never be nil.
-	close(bp.blockingCh)
-	bp.blockingCh = make(chan struct{})
-	bp.mu.Unlock()
+	pw.picker = p
+	// pw.blockingCh should never be nil.
+	close(pw.blockingCh)
+	pw.blockingCh = make(chan struct{})
+	pw.mu.Unlock()
 }
 
 func doneChannelzWrapper(acw *acBalancerWrapper, done func(balancer.DoneInfo)) func(balancer.DoneInfo) {
@@ -130,90 +130,85 @@ func doneChannelzWrapper(acw *acBalancerWrapper, done func(balancer.DoneInfo)) f
 // - the current picker returns other errors and failfast is false.
 // - the subConn returned by the current picker is not READY
 // When one of these situations happens, pick blocks until the picker gets updated.
-func (bp *pickerWrapper) pick(ctx context.Context, failfast bool, opts balancer.PickOptions) (transport.ClientTransport, func(balancer.DoneInfo), error) {
-
-	mdKey := bp.getStickinessMDKey()
-	stickyKey, isSticky := stickyKeyFromContext(ctx, mdKey)
-
-	// Potential race here: if stickinessMDKey is updated after the above two
-	// lines, and this pick is a sticky pick, the following put could add an
-	// entry to sticky store with an outdated sticky key.
-	//
-	// The solution: keep the current md key in sticky store, and at the
-	// beginning of each get/put, check the mdkey against store.curMDKey.
-	//  - Cons: one more string comparing for each get/put.
-	//  - Pros: the string matching happens inside get/put, so the overhead for
-	//  non-sticky RPCs will be minimal.
-
-	if isSticky {
-		if t, ok := bp.stickiness.get(mdKey, stickyKey); ok {
-			// Done function returned is always nil.
-			return t, nil, nil
-		}
-	}
-
-	var (
-		p  balancer.Picker
-		ch chan struct{}
-	)
+func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.PickInfo) (transport.ClientTransport, func(balancer.DoneInfo), error) {
+	var ch chan struct{}
 
+	var lastPickErr error
 	for {
-		bp.mu.Lock()
-		if bp.done {
-			bp.mu.Unlock()
+		pw.mu.Lock()
+		if pw.done {
+			pw.mu.Unlock()
 			return nil, nil, ErrClientConnClosing
 		}
 
-		if bp.picker == nil {
-			ch = bp.blockingCh
+		if pw.picker == nil {
+			ch = pw.blockingCh
 		}
-		if ch == bp.blockingCh {
+		if ch == pw.blockingCh {
 			// This could happen when either:
-			// - bp.picker is nil (the previous if condition), or
+			// - pw.picker is nil (the previous if condition), or
 			// - has called pick on the current picker.
-			bp.mu.Unlock()
+			pw.mu.Unlock()
 			select {
 			case <-ctx.Done():
-				return nil, nil, ctx.Err()
+				var errStr string
+				if lastPickErr != nil {
+					errStr = "latest balancer error: " + lastPickErr.Error()
+				} else if connectionErr := pw.connectionError(); connectionErr != nil {
+					errStr = "latest connection error: " + connectionErr.Error()
+				} else {
+					errStr = ctx.Err().Error()
+				}
+				switch ctx.Err() {
+				case context.DeadlineExceeded:
+					return nil, nil, status.Error(codes.DeadlineExceeded, errStr)
+				case context.Canceled:
+					return nil, nil, status.Error(codes.Canceled, errStr)
+				}
 			case <-ch:
 			}
 			continue
 		}
 
-		ch = bp.blockingCh
-		p = bp.picker
-		bp.mu.Unlock()
+		ch = pw.blockingCh
+		p := pw.picker
+		pw.mu.Unlock()
 
-		subConn, done, err := p.Pick(ctx, opts)
+		pickResult, err := p.Pick(info)
 
 		if err != nil {
-			switch err {
-			case balancer.ErrNoSubConnAvailable:
+			if err == balancer.ErrNoSubConnAvailable {
 				continue
-			case balancer.ErrTransientFailure:
+			}
+			if tfe, ok := err.(interface{ IsTransientFailure() bool }); ok && tfe.IsTransientFailure() {
 				if !failfast {
+					lastPickErr = err
 					continue
 				}
-				return nil, nil, status.Errorf(codes.Unavailable, "%v, latest connection error: %v", err, bp.connectionError())
-			default:
-				// err is some other error.
-				return nil, nil, toRPCErr(err)
+				return nil, nil, status.Error(codes.Unavailable, err.Error())
+			}
+			if _, ok := status.FromError(err); ok {
+				return nil, nil, err
 			}
+			// err is some other error.
+			return nil, nil, status.Error(codes.Unknown, err.Error())
 		}
 
-		acw, ok := subConn.(*acBalancerWrapper)
+		acw, ok := pickResult.SubConn.(*acBalancerWrapper)
 		if !ok {
-			grpclog.Infof("subconn returned from pick is not *acBalancerWrapper")
+			grpclog.Error("subconn returned from pick is not *acBalancerWrapper")
 			continue
 		}
 		if t, ok := acw.getAddrConn().getReadyTransport(); ok {
-			if isSticky {
-				bp.stickiness.put(mdKey, stickyKey, acw)
-			}
 			if channelz.IsOn() {
-				return t, doneChannelzWrapper(acw, done), nil
+				return t, doneChannelzWrapper(acw, pickResult.Done), nil
 			}
-			return t, done, nil
+			return t, pickResult.Done, nil
+		}
+		if pickResult.Done != nil {
+			// Calling done with nil error, no bytes sent and no bytes received.
+			// DoneInfo with default value works.
+			pickResult.Done(balancer.DoneInfo{})
 		}
 		grpclog.Infof("blockingPicker: the picked transport is not ready, loop back to repick")
 		// If ok == false, ac.state is not READY.
@@ -223,109 +218,12 @@ func (bp *pickerWrapper) pick(ctx context.Context, failfast bool, opts balancer.
 	}
 }
 
-func (bp *pickerWrapper) close() {
-	bp.mu.Lock()
-	defer bp.mu.Unlock()
-	if bp.done {
-		return
-	}
-	bp.done = true
-	close(bp.blockingCh)
-}
-
-type stickyStoreEntry struct {
-	acw  *acBalancerWrapper
-	addr resolver.Address
-}
-
-type stickyStore struct {
-	mu sync.Mutex
-	// curMDKey is check before every get/put to avoid races. The operation will
-	// abort immediately when the given mdKey is different from the curMDKey.
-	curMDKey string
-	store    map[string]*stickyStoreEntry
-}
-
-func newStickyStore() *stickyStore {
-	return &stickyStore{
-		store: make(map[string]*stickyStoreEntry),
-	}
-}
-
-// reset clears the map in stickyStore, and set the currentMDKey to newMDKey.
-func (ss *stickyStore) reset(newMDKey string) {
-	ss.mu.Lock()
-	ss.curMDKey = newMDKey
-	ss.store = make(map[string]*stickyStoreEntry)
-	ss.mu.Unlock()
-}
-
-// stickyKey is the key to look up in store. mdKey will be checked against
-// curMDKey to avoid races.
-func (ss *stickyStore) put(mdKey, stickyKey string, acw *acBalancerWrapper) {
-	ss.mu.Lock()
-	defer ss.mu.Unlock()
-	if mdKey != ss.curMDKey {
+func (pw *pickerWrapper) close() {
+	pw.mu.Lock()
+	defer pw.mu.Unlock()
+	if pw.done {
 		return
 	}
-	// TODO(stickiness): limit the total number of entries.
-	ss.store[stickyKey] = &stickyStoreEntry{
-		acw:  acw,
-		addr: acw.getAddrConn().getCurAddr(),
-	}
-}
-
-// stickyKey is the key to look up in store. mdKey will be checked against
-// curMDKey to avoid races.
-func (ss *stickyStore) get(mdKey, stickyKey string) (transport.ClientTransport, bool) {
-	ss.mu.Lock()
-	defer ss.mu.Unlock()
-	if mdKey != ss.curMDKey {
-		return nil, false
-	}
-	entry, ok := ss.store[stickyKey]
-	if !ok {
-		return nil, false
-	}
-	ac := entry.acw.getAddrConn()
-	if ac.getCurAddr() != entry.addr {
-		delete(ss.store, stickyKey)
-		return nil, false
-	}
-	t, ok := ac.getReadyTransport()
-	if !ok {
-		delete(ss.store, stickyKey)
-		return nil, false
-	}
-	return t, true
-}
-
-// Get one value from metadata in ctx with key stickinessMDKey.
-//
-// It returns "", false if stickinessMDKey is an empty string.
-func stickyKeyFromContext(ctx context.Context, stickinessMDKey string) (string, bool) {
-	if stickinessMDKey == "" {
-		return "", false
-	}
-
-	md, added, ok := metadata.FromOutgoingContextRaw(ctx)
-	if !ok {
-		return "", false
-	}
-
-	if vv, ok := md[stickinessMDKey]; ok {
-		if len(vv) > 0 {
-			return vv[0], true
-		}
-	}
-
-	for _, ss := range added {
-		for i := 0; i < len(ss)-1; i += 2 {
-			if ss[i] == stickinessMDKey {
-				return ss[i+1], true
-			}
-		}
-	}
-
-	return "", false
+	pw.done = true
+	close(pw.blockingCh)
 }
diff --git a/vendor/google.golang.org/grpc/pickfirst.go b/vendor/google.golang.org/grpc/pickfirst.go
index bf659d49d2f17..c43dac9ad842b 100644
--- a/vendor/google.golang.org/grpc/pickfirst.go
+++ b/vendor/google.golang.org/grpc/pickfirst.go
@@ -19,11 +19,14 @@
 package grpc
 
 import (
-	"golang.org/x/net/context"
+	"errors"
+
 	"google.golang.org/grpc/balancer"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/resolver"
+	"google.golang.org/grpc/status"
 )
 
 // PickFirstBalancerName is the name of the pick_first balancer.
@@ -44,47 +47,98 @@ func (*pickfirstBuilder) Name() string {
 }
 
 type pickfirstBalancer struct {
-	cc balancer.ClientConn
-	sc balancer.SubConn
+	state connectivity.State
+	cc    balancer.ClientConn
+	sc    balancer.SubConn
 }
 
+var _ balancer.V2Balancer = &pickfirstBalancer{} // Assert we implement v2
+
 func (b *pickfirstBalancer) HandleResolvedAddrs(addrs []resolver.Address, err error) {
 	if err != nil {
-		grpclog.Infof("pickfirstBalancer: HandleResolvedAddrs called with error %v", err)
+		b.ResolverError(err)
 		return
 	}
+	b.UpdateClientConnState(balancer.ClientConnState{ResolverState: resolver.State{Addresses: addrs}}) // Ignore error
+}
+
+func (b *pickfirstBalancer) HandleSubConnStateChange(sc balancer.SubConn, s connectivity.State) {
+	b.UpdateSubConnState(sc, balancer.SubConnState{ConnectivityState: s})
+}
+
+func (b *pickfirstBalancer) ResolverError(err error) {
+	switch b.state {
+	case connectivity.TransientFailure, connectivity.Idle, connectivity.Connecting:
+		// Set a failing picker if we don't have a good picker.
+		b.cc.UpdateState(balancer.State{ConnectivityState: connectivity.TransientFailure,
+			Picker: &picker{err: status.Errorf(codes.Unavailable, "name resolver error: %v", err)}},
+		)
+	}
+	if grpclog.V(2) {
+		grpclog.Infof("pickfirstBalancer: ResolverError called with error %v", err)
+	}
+}
+
+func (b *pickfirstBalancer) UpdateClientConnState(cs balancer.ClientConnState) error {
+	if len(cs.ResolverState.Addresses) == 0 {
+		b.ResolverError(errors.New("produced zero addresses"))
+		return balancer.ErrBadResolverState
+	}
 	if b.sc == nil {
-		b.sc, err = b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{})
+		var err error
+		b.sc, err = b.cc.NewSubConn(cs.ResolverState.Addresses, balancer.NewSubConnOptions{})
 		if err != nil {
-			grpclog.Errorf("pickfirstBalancer: failed to NewSubConn: %v", err)
-			return
+			if grpclog.V(2) {
+				grpclog.Errorf("pickfirstBalancer: failed to NewSubConn: %v", err)
+			}
+			b.state = connectivity.TransientFailure
+			b.cc.UpdateState(balancer.State{ConnectivityState: connectivity.TransientFailure,
+				Picker: &picker{err: status.Errorf(codes.Unavailable, "error creating connection: %v", err)}},
+			)
+			return balancer.ErrBadResolverState
 		}
-		b.cc.UpdateBalancerState(connectivity.Idle, &picker{sc: b.sc})
+		b.state = connectivity.Idle
+		b.cc.UpdateState(balancer.State{ConnectivityState: connectivity.Idle, Picker: &picker{result: balancer.PickResult{SubConn: b.sc}}})
 		b.sc.Connect()
 	} else {
-		b.sc.UpdateAddresses(addrs)
+		b.sc.UpdateAddresses(cs.ResolverState.Addresses)
 		b.sc.Connect()
 	}
+	return nil
 }
 
-func (b *pickfirstBalancer) HandleSubConnStateChange(sc balancer.SubConn, s connectivity.State) {
-	grpclog.Infof("pickfirstBalancer: HandleSubConnStateChange: %p, %v", sc, s)
+func (b *pickfirstBalancer) UpdateSubConnState(sc balancer.SubConn, s balancer.SubConnState) {
+	if grpclog.V(2) {
+		grpclog.Infof("pickfirstBalancer: HandleSubConnStateChange: %p, %v", sc, s)
+	}
 	if b.sc != sc {
-		grpclog.Infof("pickfirstBalancer: ignored state change because sc is not recognized")
+		if grpclog.V(2) {
+			grpclog.Infof("pickfirstBalancer: ignored state change because sc is not recognized")
+		}
 		return
 	}
-	if s == connectivity.Shutdown {
+	b.state = s.ConnectivityState
+	if s.ConnectivityState == connectivity.Shutdown {
 		b.sc = nil
 		return
 	}
 
-	switch s {
+	switch s.ConnectivityState {
 	case connectivity.Ready, connectivity.Idle:
-		b.cc.UpdateBalancerState(s, &picker{sc: sc})
+		b.cc.UpdateState(balancer.State{ConnectivityState: s.ConnectivityState, Picker: &picker{result: balancer.PickResult{SubConn: sc}}})
 	case connectivity.Connecting:
-		b.cc.UpdateBalancerState(s, &picker{err: balancer.ErrNoSubConnAvailable})
+		b.cc.UpdateState(balancer.State{ConnectivityState: s.ConnectivityState, Picker: &picker{err: balancer.ErrNoSubConnAvailable}})
 	case connectivity.TransientFailure:
-		b.cc.UpdateBalancerState(s, &picker{err: balancer.ErrTransientFailure})
+		err := balancer.ErrTransientFailure
+		// TODO: this can be unconditional after the V1 API is removed, as
+		// SubConnState will always contain a connection error.
+		if s.ConnectionError != nil {
+			err = balancer.TransientFailureError(s.ConnectionError)
+		}
+		b.cc.UpdateState(balancer.State{
+			ConnectivityState: s.ConnectivityState,
+			Picker:            &picker{err: err},
+		})
 	}
 }
 
@@ -92,15 +146,12 @@ func (b *pickfirstBalancer) Close() {
 }
 
 type picker struct {
-	err error
-	sc  balancer.SubConn
+	result balancer.PickResult
+	err    error
 }
 
-func (p *picker) Pick(ctx context.Context, opts balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) {
-	if p.err != nil {
-		return nil, nil, p.err
-	}
-	return p.sc, nil, nil
+func (p *picker) Pick(info balancer.PickInfo) (balancer.PickResult, error) {
+	return p.result, p.err
 }
 
 func init() {
diff --git a/vendor/google.golang.org/grpc/preloader.go b/vendor/google.golang.org/grpc/preloader.go
new file mode 100644
index 0000000000000..76acbbcc93b91
--- /dev/null
+++ b/vendor/google.golang.org/grpc/preloader.go
@@ -0,0 +1,64 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpc
+
+import (
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// PreparedMsg is responsible for creating a Marshalled and Compressed object.
+//
+// This API is EXPERIMENTAL.
+type PreparedMsg struct {
+	// Struct for preparing msg before sending them
+	encodedData []byte
+	hdr         []byte
+	payload     []byte
+}
+
+// Encode marshalls and compresses the message using the codec and compressor for the stream.
+func (p *PreparedMsg) Encode(s Stream, msg interface{}) error {
+	ctx := s.Context()
+	rpcInfo, ok := rpcInfoFromContext(ctx)
+	if !ok {
+		return status.Errorf(codes.Internal, "grpc: unable to get rpcInfo")
+	}
+
+	// check if the context has the relevant information to prepareMsg
+	if rpcInfo.preloaderInfo == nil {
+		return status.Errorf(codes.Internal, "grpc: rpcInfo.preloaderInfo is nil")
+	}
+	if rpcInfo.preloaderInfo.codec == nil {
+		return status.Errorf(codes.Internal, "grpc: rpcInfo.preloaderInfo.codec is nil")
+	}
+
+	// prepare the msg
+	data, err := encode(rpcInfo.preloaderInfo.codec, msg)
+	if err != nil {
+		return err
+	}
+	p.encodedData = data
+	compData, err := compress(data, rpcInfo.preloaderInfo.cp, rpcInfo.preloaderInfo.comp)
+	if err != nil {
+		return err
+	}
+	p.hdr, p.payload = msgHeader(data, compData)
+	return nil
+}
diff --git a/vendor/google.golang.org/grpc/proxy.go b/vendor/google.golang.org/grpc/proxy.go
index 2d40236e21806..f8f69bfb70fd9 100644
--- a/vendor/google.golang.org/grpc/proxy.go
+++ b/vendor/google.golang.org/grpc/proxy.go
@@ -20,6 +20,8 @@ package grpc
 
 import (
 	"bufio"
+	"context"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"io"
@@ -27,10 +29,10 @@ import (
 	"net/http"
 	"net/http/httputil"
 	"net/url"
-
-	"golang.org/x/net/context"
 )
 
+const proxyAuthHeaderKey = "Proxy-Authorization"
+
 var (
 	// errDisabled indicates that proxy is disabled for the address.
 	errDisabled = errors.New("proxy is disabled for the address")
@@ -38,7 +40,7 @@ var (
 	httpProxyFromEnvironment = http.ProxyFromEnvironment
 )
 
-func mapAddress(ctx context.Context, address string) (string, error) {
+func mapAddress(ctx context.Context, address string) (*url.URL, error) {
 	req := &http.Request{
 		URL: &url.URL{
 			Scheme: "https",
@@ -47,12 +49,12 @@ func mapAddress(ctx context.Context, address string) (string, error) {
 	}
 	url, err := httpProxyFromEnvironment(req)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	if url == nil {
-		return "", errDisabled
+		return nil, errDisabled
 	}
-	return url.Host, nil
+	return url, nil
 }
 
 // To read a response from a net.Conn, http.ReadResponse() takes a bufio.Reader.
@@ -69,18 +71,28 @@ func (c *bufConn) Read(b []byte) (int, error) {
 	return c.r.Read(b)
 }
 
-func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, addr string) (_ net.Conn, err error) {
+func basicAuth(username, password string) string {
+	auth := username + ":" + password
+	return base64.StdEncoding.EncodeToString([]byte(auth))
+}
+
+func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, backendAddr string, proxyURL *url.URL) (_ net.Conn, err error) {
 	defer func() {
 		if err != nil {
 			conn.Close()
 		}
 	}()
 
-	req := (&http.Request{
+	req := &http.Request{
 		Method: http.MethodConnect,
-		URL:    &url.URL{Host: addr},
+		URL:    &url.URL{Host: backendAddr},
 		Header: map[string][]string{"User-Agent": {grpcUA}},
-	})
+	}
+	if t := proxyURL.User; t != nil {
+		u := t.Username()
+		p, _ := t.Password()
+		req.Header.Add(proxyAuthHeaderKey, "Basic "+basicAuth(u, p))
+	}
 
 	if err := sendHTTPRequest(ctx, req, conn); err != nil {
 		return nil, fmt.Errorf("failed to write the HTTP request: %v", err)
@@ -108,23 +120,33 @@ func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, addr string) (_
 // provided dialer, does HTTP CONNECT handshake and returns the connection.
 func newProxyDialer(dialer func(context.Context, string) (net.Conn, error)) func(context.Context, string) (net.Conn, error) {
 	return func(ctx context.Context, addr string) (conn net.Conn, err error) {
-		var skipHandshake bool
-		newAddr, err := mapAddress(ctx, addr)
+		var newAddr string
+		proxyURL, err := mapAddress(ctx, addr)
 		if err != nil {
 			if err != errDisabled {
 				return nil, err
 			}
-			skipHandshake = true
 			newAddr = addr
+		} else {
+			newAddr = proxyURL.Host
 		}
 
 		conn, err = dialer(ctx, newAddr)
 		if err != nil {
 			return
 		}
-		if !skipHandshake {
-			conn, err = doHTTPConnectHandshake(ctx, conn, addr)
+		if proxyURL != nil {
+			// proxy is disabled if proxyURL is nil.
+			conn, err = doHTTPConnectHandshake(ctx, conn, addr, proxyURL)
 		}
 		return
 	}
 }
+
+func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) error {
+	req = req.WithContext(ctx)
+	if err := req.Write(conn); err != nil {
+		return fmt.Errorf("failed to write the HTTP request: %v", err)
+	}
+	return nil
+}
diff --git a/vendor/google.golang.org/grpc/resolver/dns/dns_resolver.go b/vendor/google.golang.org/grpc/resolver/dns/dns_resolver.go
deleted file mode 100644
index c1cabfc995fd6..0000000000000
--- a/vendor/google.golang.org/grpc/resolver/dns/dns_resolver.go
+++ /dev/null
@@ -1,379 +0,0 @@
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-// Package dns implements a dns resolver to be installed as the default resolver
-// in grpc.
-package dns
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"math/rand"
-	"net"
-	"os"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"golang.org/x/net/context"
-	"google.golang.org/grpc/grpclog"
-	"google.golang.org/grpc/resolver"
-)
-
-func init() {
-	resolver.Register(NewBuilder())
-}
-
-const (
-	defaultPort = "443"
-	defaultFreq = time.Minute * 30
-	golang      = "GO"
-	// In DNS, service config is encoded in a TXT record via the mechanism
-	// described in RFC-1464 using the attribute name grpc_config.
-	txtAttribute = "grpc_config="
-)
-
-var (
-	errMissingAddr = errors.New("missing address")
-	randomGen      = rand.New(rand.NewSource(time.Now().UnixNano()))
-)
-
-// NewBuilder creates a dnsBuilder which is used to factory DNS resolvers.
-func NewBuilder() resolver.Builder {
-	return &dnsBuilder{freq: defaultFreq}
-}
-
-type dnsBuilder struct {
-	// frequency of polling the DNS server.
-	freq time.Duration
-}
-
-// Build creates and starts a DNS resolver that watches the name resolution of the target.
-func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOption) (resolver.Resolver, error) {
-	host, port, err := parseTarget(target.Endpoint)
-	if err != nil {
-		return nil, err
-	}
-
-	// IP address.
-	if net.ParseIP(host) != nil {
-		host, _ = formatIP(host)
-		addr := []resolver.Address{{Addr: host + ":" + port}}
-		i := &ipResolver{
-			cc: cc,
-			ip: addr,
-			rn: make(chan struct{}, 1),
-			q:  make(chan struct{}),
-		}
-		cc.NewAddress(addr)
-		go i.watcher()
-		return i, nil
-	}
-
-	// DNS address (non-IP).
-	ctx, cancel := context.WithCancel(context.Background())
-	d := &dnsResolver{
-		freq:                 b.freq,
-		host:                 host,
-		port:                 port,
-		ctx:                  ctx,
-		cancel:               cancel,
-		cc:                   cc,
-		t:                    time.NewTimer(0),
-		rn:                   make(chan struct{}, 1),
-		disableServiceConfig: opts.DisableServiceConfig,
-	}
-
-	d.wg.Add(1)
-	go d.watcher()
-	return d, nil
-}
-
-// Scheme returns the naming scheme of this resolver builder, which is "dns".
-func (b *dnsBuilder) Scheme() string {
-	return "dns"
-}
-
-// ipResolver watches for the name resolution update for an IP address.
-type ipResolver struct {
-	cc resolver.ClientConn
-	ip []resolver.Address
-	// rn channel is used by ResolveNow() to force an immediate resolution of the target.
-	rn chan struct{}
-	q  chan struct{}
-}
-
-// ResolveNow resend the address it stores, no resolution is needed.
-func (i *ipResolver) ResolveNow(opt resolver.ResolveNowOption) {
-	select {
-	case i.rn <- struct{}{}:
-	default:
-	}
-}
-
-// Close closes the ipResolver.
-func (i *ipResolver) Close() {
-	close(i.q)
-}
-
-func (i *ipResolver) watcher() {
-	for {
-		select {
-		case <-i.rn:
-			i.cc.NewAddress(i.ip)
-		case <-i.q:
-			return
-		}
-	}
-}
-
-// dnsResolver watches for the name resolution update for a non-IP target.
-type dnsResolver struct {
-	freq   time.Duration
-	host   string
-	port   string
-	ctx    context.Context
-	cancel context.CancelFunc
-	cc     resolver.ClientConn
-	// rn channel is used by ResolveNow() to force an immediate resolution of the target.
-	rn chan struct{}
-	t  *time.Timer
-	// wg is used to enforce Close() to return after the watcher() goroutine has finished.
-	// Otherwise, data race will be possible. [Race Example] in dns_resolver_test we
-	// replace the real lookup functions with mocked ones to facilitate testing.
-	// If Close() doesn't wait for watcher() goroutine finishes, race detector sometimes
-	// will warns lookup (READ the lookup function pointers) inside watcher() goroutine
-	// has data race with replaceNetFunc (WRITE the lookup function pointers).
-	wg                   sync.WaitGroup
-	disableServiceConfig bool
-}
-
-// ResolveNow invoke an immediate resolution of the target that this dnsResolver watches.
-func (d *dnsResolver) ResolveNow(opt resolver.ResolveNowOption) {
-	select {
-	case d.rn <- struct{}{}:
-	default:
-	}
-}
-
-// Close closes the dnsResolver.
-func (d *dnsResolver) Close() {
-	d.cancel()
-	d.wg.Wait()
-	d.t.Stop()
-}
-
-func (d *dnsResolver) watcher() {
-	defer d.wg.Done()
-	for {
-		select {
-		case <-d.ctx.Done():
-			return
-		case <-d.t.C:
-		case <-d.rn:
-		}
-		result, sc := d.lookup()
-		// Next lookup should happen after an interval defined by d.freq.
-		d.t.Reset(d.freq)
-		d.cc.NewServiceConfig(sc)
-		d.cc.NewAddress(result)
-	}
-}
-
-func (d *dnsResolver) lookupSRV() []resolver.Address {
-	var newAddrs []resolver.Address
-	_, srvs, err := lookupSRV(d.ctx, "grpclb", "tcp", d.host)
-	if err != nil {
-		grpclog.Infof("grpc: failed dns SRV record lookup due to %v.\n", err)
-		return nil
-	}
-	for _, s := range srvs {
-		lbAddrs, err := lookupHost(d.ctx, s.Target)
-		if err != nil {
-			grpclog.Infof("grpc: failed load balancer address dns lookup due to %v.\n", err)
-			continue
-		}
-		for _, a := range lbAddrs {
-			a, ok := formatIP(a)
-			if !ok {
-				grpclog.Errorf("grpc: failed IP parsing due to %v.\n", err)
-				continue
-			}
-			addr := a + ":" + strconv.Itoa(int(s.Port))
-			newAddrs = append(newAddrs, resolver.Address{Addr: addr, Type: resolver.GRPCLB, ServerName: s.Target})
-		}
-	}
-	return newAddrs
-}
-
-func (d *dnsResolver) lookupTXT() string {
-	ss, err := lookupTXT(d.ctx, d.host)
-	if err != nil {
-		grpclog.Infof("grpc: failed dns TXT record lookup due to %v.\n", err)
-		return ""
-	}
-	var res string
-	for _, s := range ss {
-		res += s
-	}
-
-	// TXT record must have "grpc_config=" attribute in order to be used as service config.
-	if !strings.HasPrefix(res, txtAttribute) {
-		grpclog.Warningf("grpc: TXT record %v missing %v attribute", res, txtAttribute)
-		return ""
-	}
-	return strings.TrimPrefix(res, txtAttribute)
-}
-
-func (d *dnsResolver) lookupHost() []resolver.Address {
-	var newAddrs []resolver.Address
-	addrs, err := lookupHost(d.ctx, d.host)
-	if err != nil {
-		grpclog.Warningf("grpc: failed dns A record lookup due to %v.\n", err)
-		return nil
-	}
-	for _, a := range addrs {
-		a, ok := formatIP(a)
-		if !ok {
-			grpclog.Errorf("grpc: failed IP parsing due to %v.\n", err)
-			continue
-		}
-		addr := a + ":" + d.port
-		newAddrs = append(newAddrs, resolver.Address{Addr: addr})
-	}
-	return newAddrs
-}
-
-func (d *dnsResolver) lookup() ([]resolver.Address, string) {
-	newAddrs := d.lookupSRV()
-	// Support fallback to non-balancer address.
-	newAddrs = append(newAddrs, d.lookupHost()...)
-	if d.disableServiceConfig {
-		return newAddrs, ""
-	}
-	sc := d.lookupTXT()
-	return newAddrs, canaryingSC(sc)
-}
-
-// formatIP returns ok = false if addr is not a valid textual representation of an IP address.
-// If addr is an IPv4 address, return the addr and ok = true.
-// If addr is an IPv6 address, return the addr enclosed in square brackets and ok = true.
-func formatIP(addr string) (addrIP string, ok bool) {
-	ip := net.ParseIP(addr)
-	if ip == nil {
-		return "", false
-	}
-	if ip.To4() != nil {
-		return addr, true
-	}
-	return "[" + addr + "]", true
-}
-
-// parseTarget takes the user input target string, returns formatted host and port info.
-// If target doesn't specify a port, set the port to be the defaultPort.
-// If target is in IPv6 format and host-name is enclosed in sqarue brackets, brackets
-// are strippd when setting the host.
-// examples:
-// target: "www.google.com" returns host: "www.google.com", port: "443"
-// target: "ipv4-host:80" returns host: "ipv4-host", port: "80"
-// target: "[ipv6-host]" returns host: "ipv6-host", port: "443"
-// target: ":80" returns host: "localhost", port: "80"
-// target: ":" returns host: "localhost", port: "443"
-func parseTarget(target string) (host, port string, err error) {
-	if target == "" {
-		return "", "", errMissingAddr
-	}
-	if ip := net.ParseIP(target); ip != nil {
-		// target is an IPv4 or IPv6(without brackets) address
-		return target, defaultPort, nil
-	}
-	if host, port, err = net.SplitHostPort(target); err == nil {
-		// target has port, i.e ipv4-host:port, [ipv6-host]:port, host-name:port
-		if host == "" {
-			// Keep consistent with net.Dial(): If the host is empty, as in ":80", the local system is assumed.
-			host = "localhost"
-		}
-		if port == "" {
-			// If the port field is empty(target ends with colon), e.g. "[::1]:", defaultPort is used.
-			port = defaultPort
-		}
-		return host, port, nil
-	}
-	if host, port, err = net.SplitHostPort(target + ":" + defaultPort); err == nil {
-		// target doesn't have port
-		return host, port, nil
-	}
-	return "", "", fmt.Errorf("invalid target address %v, error info: %v", target, err)
-}
-
-type rawChoice struct {
-	ClientLanguage *[]string        `json:"clientLanguage,omitempty"`
-	Percentage     *int             `json:"percentage,omitempty"`
-	ClientHostName *[]string        `json:"clientHostName,omitempty"`
-	ServiceConfig  *json.RawMessage `json:"serviceConfig,omitempty"`
-}
-
-func containsString(a *[]string, b string) bool {
-	if a == nil {
-		return true
-	}
-	for _, c := range *a {
-		if c == b {
-			return true
-		}
-	}
-	return false
-}
-
-func chosenByPercentage(a *int) bool {
-	if a == nil {
-		return true
-	}
-	return randomGen.Intn(100)+1 <= *a
-}
-
-func canaryingSC(js string) string {
-	if js == "" {
-		return ""
-	}
-	var rcs []rawChoice
-	err := json.Unmarshal([]byte(js), &rcs)
-	if err != nil {
-		grpclog.Warningf("grpc: failed to parse service config json string due to %v.\n", err)
-		return ""
-	}
-	cliHostname, err := os.Hostname()
-	if err != nil {
-		grpclog.Warningf("grpc: failed to get client hostname due to %v.\n", err)
-		return ""
-	}
-	var sc string
-	for _, c := range rcs {
-		if !containsString(c.ClientLanguage, golang) ||
-			!chosenByPercentage(c.Percentage) ||
-			!containsString(c.ClientHostName, cliHostname) ||
-			c.ServiceConfig == nil {
-			continue
-		}
-		sc = string(*c.ServiceConfig)
-		break
-	}
-	return sc
-}
diff --git a/vendor/google.golang.org/grpc/resolver/dns/go17.go b/vendor/google.golang.org/grpc/resolver/dns/go17.go
deleted file mode 100644
index b466bc8f6d456..0000000000000
--- a/vendor/google.golang.org/grpc/resolver/dns/go17.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// +build go1.6, !go1.8
-
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package dns
-
-import (
-	"net"
-
-	"golang.org/x/net/context"
-)
-
-var (
-	lookupHost = func(ctx context.Context, host string) ([]string, error) { return net.LookupHost(host) }
-	lookupSRV  = func(ctx context.Context, service, proto, name string) (string, []*net.SRV, error) {
-		return net.LookupSRV(service, proto, name)
-	}
-	lookupTXT = func(ctx context.Context, name string) ([]string, error) { return net.LookupTXT(name) }
-)
diff --git a/vendor/google.golang.org/grpc/resolver/dns/go18.go b/vendor/google.golang.org/grpc/resolver/dns/go18.go
deleted file mode 100644
index fa34f14cad48f..0000000000000
--- a/vendor/google.golang.org/grpc/resolver/dns/go18.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// +build go1.8
-
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package dns
-
-import "net"
-
-var (
-	lookupHost = net.DefaultResolver.LookupHost
-	lookupSRV  = net.DefaultResolver.LookupSRV
-	lookupTXT  = net.DefaultResolver.LookupTXT
-)
diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go
index 506afac88aea2..fe14b2fb98266 100644
--- a/vendor/google.golang.org/grpc/resolver/resolver.go
+++ b/vendor/google.golang.org/grpc/resolver/resolver.go
@@ -20,6 +20,15 @@
 // All APIs in this package are experimental.
 package resolver
 
+import (
+	"context"
+	"net"
+
+	"google.golang.org/grpc/attributes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/serviceconfig"
+)
+
 var (
 	// m is a map from scheme to resolver builder.
 	m = make(map[string]Builder)
@@ -49,8 +58,12 @@ func Get(scheme string) Builder {
 	return nil
 }
 
-// SetDefaultScheme sets the default scheme that will be used.
-// The default default scheme is "passthrough".
+// SetDefaultScheme sets the default scheme that will be used. The default
+// default scheme is "passthrough".
+//
+// NOTE: this function must only be called during initialization time (i.e. in
+// an init() function), and is not thread-safe. The scheme set last overrides
+// previously set values.
 func SetDefaultScheme(scheme string) {
 	defaultScheme = scheme
 }
@@ -61,12 +74,18 @@ func GetDefaultScheme() string {
 }
 
 // AddressType indicates the address type returned by name resolution.
+//
+// Deprecated: use Attributes in Address instead.
 type AddressType uint8
 
 const (
 	// Backend indicates the address is for a backend server.
+	//
+	// Deprecated: use Attributes in Address instead.
 	Backend AddressType = iota
 	// GRPCLB indicates the address is for a grpclb load balancer.
+	//
+	// Deprecated: use Attributes in Address instead.
 	GRPCLB
 )
 
@@ -75,23 +94,75 @@ const (
 type Address struct {
 	// Addr is the server address on which a connection will be established.
 	Addr string
-	// Type is the type of this address.
-	Type AddressType
+
 	// ServerName is the name of this address.
+	// If non-empty, the ServerName is used as the transport certification authority for
+	// the address, instead of the hostname from the Dial target string. In most cases,
+	// this should not be set.
 	//
-	// e.g. if Type is GRPCLB, ServerName should be the name of the remote load
+	// If Type is GRPCLB, ServerName should be the name of the remote load
 	// balancer, not the name of the backend.
+	//
+	// WARNING: ServerName must only be populated with trusted values. It
+	// is insecure to populate it with data from untrusted inputs since untrusted
+	// values could be used to bypass the authority checks performed by TLS.
 	ServerName string
+
+	// Attributes contains arbitrary data about this address intended for
+	// consumption by the load balancing policy.
+	Attributes *attributes.Attributes
+
+	// Type is the type of this address.
+	//
+	// Deprecated: use Attributes instead.
+	Type AddressType
+
 	// Metadata is the information associated with Addr, which may be used
 	// to make load balancing decision.
+	//
+	// Deprecated: use Attributes instead.
 	Metadata interface{}
 }
 
-// BuildOption includes additional information for the builder to create
+// BuildOptions includes additional information for the builder to create
 // the resolver.
-type BuildOption struct {
-	// DisableServiceConfig indicates whether resolver should fetch service config data.
+type BuildOptions struct {
+	// DisableServiceConfig indicates whether a resolver implementation should
+	// fetch service config data.
 	DisableServiceConfig bool
+	// DialCreds is the transport credentials used by the ClientConn for
+	// communicating with the target gRPC service (set via
+	// WithTransportCredentials). In cases where a name resolution service
+	// requires the same credentials, the resolver may use this field. In most
+	// cases though, it is not appropriate, and this field may be ignored.
+	DialCreds credentials.TransportCredentials
+	// CredsBundle is the credentials bundle used by the ClientConn for
+	// communicating with the target gRPC service (set via
+	// WithCredentialsBundle). In cases where a name resolution service
+	// requires the same credentials, the resolver may use this field. In most
+	// cases though, it is not appropriate, and this field may be ignored.
+	CredsBundle credentials.Bundle
+	// Dialer is the custom dialer used by the ClientConn for dialling the
+	// target gRPC service (set via WithDialer). In cases where a name
+	// resolution service requires the same dialer, the resolver may use this
+	// field. In most cases though, it is not appropriate, and this field may
+	// be ignored.
+	Dialer func(context.Context, string) (net.Conn, error)
+}
+
+// State contains the current Resolver state relevant to the ClientConn.
+type State struct {
+	// Addresses is the latest set of resolved addresses for the target.
+	Addresses []Address
+
+	// ServiceConfig contains the result from parsing the latest service
+	// config.  If it is nil, it indicates no service config is present or the
+	// resolver does not provide service configs.
+	ServiceConfig *serviceconfig.ParseResult
+
+	// Attributes contains arbitrary data about the resolver intended for
+	// consumption by the load balancing policy.
+	Attributes *attributes.Attributes
 }
 
 // ClientConn contains the callbacks for resolver to notify any updates
@@ -102,17 +173,45 @@ type BuildOption struct {
 // testing, the new implementation should embed this interface. This allows
 // gRPC to add new methods to this interface.
 type ClientConn interface {
+	// UpdateState updates the state of the ClientConn appropriately.
+	UpdateState(State)
+	// ReportError notifies the ClientConn that the Resolver encountered an
+	// error.  The ClientConn will notify the load balancer and begin calling
+	// ResolveNow on the Resolver with exponential backoff.
+	ReportError(error)
 	// NewAddress is called by resolver to notify ClientConn a new list
 	// of resolved addresses.
 	// The address list should be the complete list of resolved addresses.
+	//
+	// Deprecated: Use UpdateState instead.
 	NewAddress(addresses []Address)
 	// NewServiceConfig is called by resolver to notify ClientConn a new
 	// service config. The service config should be provided as a json string.
+	//
+	// Deprecated: Use UpdateState instead.
 	NewServiceConfig(serviceConfig string)
+	// ParseServiceConfig parses the provided service config and returns an
+	// object that provides the parsed config.
+	ParseServiceConfig(serviceConfigJSON string) *serviceconfig.ParseResult
 }
 
 // Target represents a target for gRPC, as specified in:
 // https://github.com/grpc/grpc/blob/master/doc/naming.md.
+// It is parsed from the target string that gets passed into Dial or DialContext by the user. And
+// grpc passes it to the resolver and the balancer.
+//
+// If the target follows the naming spec, and the parsed scheme is registered with grpc, we will
+// parse the target string according to the spec. e.g. "dns://some_authority/foo.bar" will be parsed
+// into &Target{Scheme: "dns", Authority: "some_authority", Endpoint: "foo.bar"}
+//
+// If the target does not contain a scheme, we will apply the default scheme, and set the Target to
+// be the full target string. e.g. "foo.bar" will be parsed into
+// &Target{Scheme: resolver.GetDefaultScheme(), Endpoint: "foo.bar"}.
+//
+// If the parsed scheme is not registered (i.e. no corresponding resolver available to resolve the
+// endpoint), we set the Scheme to be the default scheme, and set the Endpoint to be the full target
+// string. e.g. target string "unknown_scheme://authority/endpoint" will be parsed into
+// &Target{Scheme: resolver.GetDefaultScheme(), Endpoint: "unknown_scheme://authority/endpoint"}.
 type Target struct {
 	Scheme    string
 	Authority string
@@ -125,14 +224,14 @@ type Builder interface {
 	//
 	// gRPC dial calls Build synchronously, and fails if the returned error is
 	// not nil.
-	Build(target Target, cc ClientConn, opts BuildOption) (Resolver, error)
+	Build(target Target, cc ClientConn, opts BuildOptions) (Resolver, error)
 	// Scheme returns the scheme supported by this resolver.
 	// Scheme is defined at https://github.com/grpc/grpc/blob/master/doc/naming.md.
 	Scheme() string
 }
 
-// ResolveNowOption includes additional information for ResolveNow.
-type ResolveNowOption struct{}
+// ResolveNowOptions includes additional information for ResolveNow.
+type ResolveNowOptions struct{}
 
 // Resolver watches for the updates on the specified target.
 // Updates include address updates and service config updates.
@@ -141,7 +240,7 @@ type Resolver interface {
 	// again. It's just a hint, resolver can ignore this if it's not necessary.
 	//
 	// It could be called multiple times concurrently.
-	ResolveNow(ResolveNowOption)
+	ResolveNow(ResolveNowOptions)
 	// Close closes the resolver.
 	Close()
 }
diff --git a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
index 1b493db2e6ce9..3eaf724cd6d05 100644
--- a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
+++ b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
@@ -21,23 +21,33 @@ package grpc
 import (
 	"fmt"
 	"strings"
+	"sync"
+	"time"
 
+	"google.golang.org/grpc/balancer"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal/channelz"
+	"google.golang.org/grpc/internal/grpcsync"
 	"google.golang.org/grpc/resolver"
+	"google.golang.org/grpc/serviceconfig"
 )
 
 // ccResolverWrapper is a wrapper on top of cc for resolvers.
-// It implements resolver.ClientConnection interface.
+// It implements resolver.ClientConn interface.
 type ccResolverWrapper struct {
-	cc       *ClientConn
-	resolver resolver.Resolver
-	addrCh   chan []resolver.Address
-	scCh     chan string
-	done     chan struct{}
+	cc         *ClientConn
+	resolverMu sync.Mutex
+	resolver   resolver.Resolver
+	done       *grpcsync.Event
+	curState   resolver.State
+
+	pollingMu sync.Mutex
+	polling   chan struct{}
 }
 
 // split2 returns the values from strings.SplitN(s, sep, 2).
-// If sep is not found, it returns ("", s, false) instead.
+// If sep is not found, it returns ("", "", false) instead.
 func split2(s, sep string) (string, string, bool) {
 	spl := strings.SplitN(s, sep, 2)
 	if len(spl) < 2 {
@@ -64,95 +74,190 @@ func parseTarget(target string) (ret resolver.Target) {
 	return ret
 }
 
-// newCCResolverWrapper parses cc.target for scheme and gets the resolver
-// builder for this scheme. It then builds the resolver and starts the
-// monitoring goroutine for it.
-//
-// If withResolverBuilder dial option is set, the specified resolver will be
-// used instead.
-func newCCResolverWrapper(cc *ClientConn) (*ccResolverWrapper, error) {
-	rb := cc.dopts.resolverBuilder
-	if rb == nil {
-		return nil, fmt.Errorf("could not get resolver for scheme: %q", cc.parsedTarget.Scheme)
+// newCCResolverWrapper uses the resolver.Builder to build a Resolver and
+// returns a ccResolverWrapper object which wraps the newly built resolver.
+func newCCResolverWrapper(cc *ClientConn, rb resolver.Builder) (*ccResolverWrapper, error) {
+	ccr := &ccResolverWrapper{
+		cc:   cc,
+		done: grpcsync.NewEvent(),
 	}
 
-	ccr := &ccResolverWrapper{
-		cc:     cc,
-		addrCh: make(chan []resolver.Address, 1),
-		scCh:   make(chan string, 1),
-		done:   make(chan struct{}),
+	var credsClone credentials.TransportCredentials
+	if creds := cc.dopts.copts.TransportCredentials; creds != nil {
+		credsClone = creds.Clone()
+	}
+	rbo := resolver.BuildOptions{
+		DisableServiceConfig: cc.dopts.disableServiceConfig,
+		DialCreds:            credsClone,
+		CredsBundle:          cc.dopts.copts.CredsBundle,
+		Dialer:               cc.dopts.copts.Dialer,
 	}
 
 	var err error
-	ccr.resolver, err = rb.Build(cc.parsedTarget, ccr, resolver.BuildOption{DisableServiceConfig: cc.dopts.disableServiceConfig})
+	// We need to hold the lock here while we assign to the ccr.resolver field
+	// to guard against a data race caused by the following code path,
+	// rb.Build-->ccr.ReportError-->ccr.poll-->ccr.resolveNow, would end up
+	// accessing ccr.resolver which is being assigned here.
+	ccr.resolverMu.Lock()
+	defer ccr.resolverMu.Unlock()
+	ccr.resolver, err = rb.Build(cc.parsedTarget, ccr, rbo)
 	if err != nil {
 		return nil, err
 	}
 	return ccr, nil
 }
 
-func (ccr *ccResolverWrapper) start() {
-	go ccr.watcher()
+func (ccr *ccResolverWrapper) resolveNow(o resolver.ResolveNowOptions) {
+	ccr.resolverMu.Lock()
+	if !ccr.done.HasFired() {
+		ccr.resolver.ResolveNow(o)
+	}
+	ccr.resolverMu.Unlock()
 }
 
-// watcher processes address updates and service config updates sequentially.
-// Otherwise, we need to resolve possible races between address and service
-// config (e.g. they specify different balancer types).
-func (ccr *ccResolverWrapper) watcher() {
-	for {
-		select {
-		case <-ccr.done:
-			return
-		default:
-		}
+func (ccr *ccResolverWrapper) close() {
+	ccr.resolverMu.Lock()
+	ccr.resolver.Close()
+	ccr.done.Fire()
+	ccr.resolverMu.Unlock()
+}
 
-		select {
-		case addrs := <-ccr.addrCh:
+// poll begins or ends asynchronous polling of the resolver based on whether
+// err is ErrBadResolverState.
+func (ccr *ccResolverWrapper) poll(err error) {
+	ccr.pollingMu.Lock()
+	defer ccr.pollingMu.Unlock()
+	if err != balancer.ErrBadResolverState {
+		// stop polling
+		if ccr.polling != nil {
+			close(ccr.polling)
+			ccr.polling = nil
+		}
+		return
+	}
+	if ccr.polling != nil {
+		// already polling
+		return
+	}
+	p := make(chan struct{})
+	ccr.polling = p
+	go func() {
+		for i := 0; ; i++ {
+			ccr.resolveNow(resolver.ResolveNowOptions{})
+			t := time.NewTimer(ccr.cc.dopts.resolveNowBackoff(i))
 			select {
-			case <-ccr.done:
+			case <-p:
+				t.Stop()
 				return
-			default:
-			}
-			grpclog.Infof("ccResolverWrapper: sending new addresses to cc: %v", addrs)
-			ccr.cc.handleResolvedAddrs(addrs, nil)
-		case sc := <-ccr.scCh:
-			select {
-			case <-ccr.done:
+			case <-ccr.done.Done():
+				// Resolver has been closed.
+				t.Stop()
 				return
-			default:
+			case <-t.C:
+				select {
+				case <-p:
+					return
+				default:
+				}
+				// Timer expired; re-resolve.
 			}
-			grpclog.Infof("ccResolverWrapper: got new service config: %v", sc)
-			ccr.cc.handleServiceConfig(sc)
-		case <-ccr.done:
-			return
 		}
-	}
+	}()
 }
 
-func (ccr *ccResolverWrapper) resolveNow(o resolver.ResolveNowOption) {
-	ccr.resolver.ResolveNow(o)
+func (ccr *ccResolverWrapper) UpdateState(s resolver.State) {
+	if ccr.done.HasFired() {
+		return
+	}
+	grpclog.Infof("ccResolverWrapper: sending update to cc: %v", s)
+	if channelz.IsOn() {
+		ccr.addChannelzTraceEvent(s)
+	}
+	ccr.curState = s
+	ccr.poll(ccr.cc.updateResolverState(ccr.curState, nil))
 }
 
-func (ccr *ccResolverWrapper) close() {
-	ccr.resolver.Close()
-	close(ccr.done)
+func (ccr *ccResolverWrapper) ReportError(err error) {
+	if ccr.done.HasFired() {
+		return
+	}
+	grpclog.Warningf("ccResolverWrapper: reporting error to cc: %v", err)
+	if channelz.IsOn() {
+		channelz.AddTraceEvent(ccr.cc.channelzID, &channelz.TraceEventDesc{
+			Desc:     fmt.Sprintf("Resolver reported error: %v", err),
+			Severity: channelz.CtWarning,
+		})
+	}
+	ccr.poll(ccr.cc.updateResolverState(resolver.State{}, err))
 }
 
-// NewAddress is called by the resolver implemenetion to send addresses to gRPC.
+// NewAddress is called by the resolver implementation to send addresses to gRPC.
 func (ccr *ccResolverWrapper) NewAddress(addrs []resolver.Address) {
-	select {
-	case <-ccr.addrCh:
-	default:
+	if ccr.done.HasFired() {
+		return
+	}
+	grpclog.Infof("ccResolverWrapper: sending new addresses to cc: %v", addrs)
+	if channelz.IsOn() {
+		ccr.addChannelzTraceEvent(resolver.State{Addresses: addrs, ServiceConfig: ccr.curState.ServiceConfig})
 	}
-	ccr.addrCh <- addrs
+	ccr.curState.Addresses = addrs
+	ccr.poll(ccr.cc.updateResolverState(ccr.curState, nil))
 }
 
-// NewServiceConfig is called by the resolver implemenetion to send service
-// configs to gPRC.
+// NewServiceConfig is called by the resolver implementation to send service
+// configs to gRPC.
 func (ccr *ccResolverWrapper) NewServiceConfig(sc string) {
-	select {
-	case <-ccr.scCh:
-	default:
+	if ccr.done.HasFired() {
+		return
+	}
+	grpclog.Infof("ccResolverWrapper: got new service config: %v", sc)
+	if ccr.cc.dopts.disableServiceConfig {
+		grpclog.Infof("Service config lookups disabled; ignoring config")
+		return
+	}
+	scpr := parseServiceConfig(sc)
+	if scpr.Err != nil {
+		grpclog.Warningf("ccResolverWrapper: error parsing service config: %v", scpr.Err)
+		if channelz.IsOn() {
+			channelz.AddTraceEvent(ccr.cc.channelzID, &channelz.TraceEventDesc{
+				Desc:     fmt.Sprintf("Error parsing service config: %v", scpr.Err),
+				Severity: channelz.CtWarning,
+			})
+		}
+		ccr.poll(balancer.ErrBadResolverState)
+		return
+	}
+	if channelz.IsOn() {
+		ccr.addChannelzTraceEvent(resolver.State{Addresses: ccr.curState.Addresses, ServiceConfig: scpr})
+	}
+	ccr.curState.ServiceConfig = scpr
+	ccr.poll(ccr.cc.updateResolverState(ccr.curState, nil))
+}
+
+func (ccr *ccResolverWrapper) ParseServiceConfig(scJSON string) *serviceconfig.ParseResult {
+	return parseServiceConfig(scJSON)
+}
+
+func (ccr *ccResolverWrapper) addChannelzTraceEvent(s resolver.State) {
+	var updates []string
+	var oldSC, newSC *ServiceConfig
+	var oldOK, newOK bool
+	if ccr.curState.ServiceConfig != nil {
+		oldSC, oldOK = ccr.curState.ServiceConfig.Config.(*ServiceConfig)
+	}
+	if s.ServiceConfig != nil {
+		newSC, newOK = s.ServiceConfig.Config.(*ServiceConfig)
+	}
+	if oldOK != newOK || (oldOK && newOK && oldSC.rawJSONString != newSC.rawJSONString) {
+		updates = append(updates, "service config updated")
+	}
+	if len(ccr.curState.Addresses) > 0 && len(s.Addresses) == 0 {
+		updates = append(updates, "resolver returned an empty address list")
+	} else if len(ccr.curState.Addresses) == 0 && len(s.Addresses) > 0 {
+		updates = append(updates, "resolver returned new addresses")
 	}
-	ccr.scCh <- sc
+	channelz.AddTraceEvent(ccr.cc.channelzID, &channelz.TraceEventDesc{
+		Desc:     fmt.Sprintf("Resolver state updated: %+v (%v)", s, strings.Join(updates, "; ")),
+		Severity: channelz.CtINFO,
+	})
 }
diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go
index 69ef3c0b5959a..d3a4adc5ee685 100644
--- a/vendor/google.golang.org/grpc/rpc_util.go
+++ b/vendor/google.golang.org/grpc/rpc_util.go
@@ -21,6 +21,7 @@ package grpc
 import (
 	"bytes"
 	"compress/gzip"
+	"context"
 	"encoding/binary"
 	"fmt"
 	"io"
@@ -31,16 +32,15 @@ import (
 	"sync"
 	"time"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/encoding"
 	"google.golang.org/grpc/encoding/proto"
+	"google.golang.org/grpc/internal/transport"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/stats"
 	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/transport"
 )
 
 // Compressor defines the interface gRPC uses to compress a message.
@@ -155,17 +155,20 @@ func (d *gzipDecompressor) Type() string {
 type callInfo struct {
 	compressorType        string
 	failFast              bool
-	stream                *clientStream
-	traceInfo             traceInfo // in trace.go
+	stream                ClientStream
 	maxReceiveMessageSize *int
 	maxSendMessageSize    *int
 	creds                 credentials.PerRPCCredentials
 	contentSubtype        string
 	codec                 baseCodec
+	maxRetryRPCBufferSize int
 }
 
 func defaultCallInfo() *callInfo {
-	return &callInfo{failFast: true}
+	return &callInfo{
+		failFast:              true,
+		maxRetryRPCBufferSize: 256 * 1024, // 256KB
+	}
 }
 
 // CallOption configures a Call before it starts or extracts information from
@@ -250,8 +253,8 @@ func (o PeerCallOption) after(c *callInfo) {
 	}
 }
 
-// FailFast configures the action to take when an RPC is attempted on broken
-// connections or unreachable servers.  If failFast is true, the RPC will fail
+// WaitForReady configures the action to take when an RPC is attempted on broken
+// connections or unreachable servers. If waitForReady is false, the RPC will fail
 // immediately. Otherwise, the RPC client will block the call until a
 // connection is available (or the call is canceled or times out) and will
 // retry the call if it fails due to a transient error.  gRPC will not retry if
@@ -259,7 +262,14 @@ func (o PeerCallOption) after(c *callInfo) {
 // the data.  Please refer to
 // https://github.com/grpc/grpc/blob/master/doc/wait-for-ready.md.
 //
-// By default, RPCs are "Fail Fast".
+// By default, RPCs don't "wait for ready".
+func WaitForReady(waitForReady bool) CallOption {
+	return FailFastCallOption{FailFast: !waitForReady}
+}
+
+// FailFast is the opposite of WaitForReady.
+//
+// Deprecated: use WaitForReady.
 func FailFast(failFast bool) CallOption {
 	return FailFastCallOption{FailFast: failFast}
 }
@@ -360,13 +370,13 @@ func (o CompressorCallOption) after(c *callInfo) {}
 // https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for
 // more details.
 //
-// If CallCustomCodec is not also used, the content-subtype will be used to
-// look up the Codec to use in the registry controlled by RegisterCodec. See
-// the documentation on RegisterCodec for details on registration. The lookup
-// of content-subtype is case-insensitive. If no such Codec is found, the call
+// If ForceCodec is not also used, the content-subtype will be used to look up
+// the Codec to use in the registry controlled by RegisterCodec. See the
+// documentation on RegisterCodec for details on registration. The lookup of
+// content-subtype is case-insensitive. If no such Codec is found, the call
 // will result in an error with code codes.Internal.
 //
-// If CallCustomCodec is also used, that Codec will be used for all request and
+// If ForceCodec is also used, that Codec will be used for all request and
 // response messages, with the content-subtype set to the given contentSubtype
 // here for requests.
 func CallContentSubtype(contentSubtype string) CallOption {
@@ -386,7 +396,7 @@ func (o ContentSubtypeCallOption) before(c *callInfo) error {
 }
 func (o ContentSubtypeCallOption) after(c *callInfo) {}
 
-// CallCustomCodec returns a CallOption that will set the given Codec to be
+// ForceCodec returns a CallOption that will set the given Codec to be
 // used for all request and response messages for a call. The result of calling
 // String() will be used as the content-subtype in a case-insensitive manner.
 //
@@ -398,12 +408,37 @@ func (o ContentSubtypeCallOption) after(c *callInfo) {}
 //
 // This function is provided for advanced users; prefer to use only
 // CallContentSubtype to select a registered codec instead.
+//
+// This is an EXPERIMENTAL API.
+func ForceCodec(codec encoding.Codec) CallOption {
+	return ForceCodecCallOption{Codec: codec}
+}
+
+// ForceCodecCallOption is a CallOption that indicates the codec used for
+// marshaling messages.
+//
+// This is an EXPERIMENTAL API.
+type ForceCodecCallOption struct {
+	Codec encoding.Codec
+}
+
+func (o ForceCodecCallOption) before(c *callInfo) error {
+	c.codec = o.Codec
+	return nil
+}
+func (o ForceCodecCallOption) after(c *callInfo) {}
+
+// CallCustomCodec behaves like ForceCodec, but accepts a grpc.Codec instead of
+// an encoding.Codec.
+//
+// Deprecated: use ForceCodec instead.
 func CallCustomCodec(codec Codec) CallOption {
 	return CustomCodecCallOption{Codec: codec}
 }
 
 // CustomCodecCallOption is a CallOption that indicates the codec used for
 // marshaling messages.
+//
 // This is an EXPERIMENTAL API.
 type CustomCodecCallOption struct {
 	Codec Codec
@@ -415,12 +450,33 @@ func (o CustomCodecCallOption) before(c *callInfo) error {
 }
 func (o CustomCodecCallOption) after(c *callInfo) {}
 
+// MaxRetryRPCBufferSize returns a CallOption that limits the amount of memory
+// used for buffering this RPC's requests for retry purposes.
+//
+// This API is EXPERIMENTAL.
+func MaxRetryRPCBufferSize(bytes int) CallOption {
+	return MaxRetryRPCBufferSizeCallOption{bytes}
+}
+
+// MaxRetryRPCBufferSizeCallOption is a CallOption indicating the amount of
+// memory to be used for caching this RPC for retry purposes.
+// This is an EXPERIMENTAL API.
+type MaxRetryRPCBufferSizeCallOption struct {
+	MaxRetryRPCBufferSize int
+}
+
+func (o MaxRetryRPCBufferSizeCallOption) before(c *callInfo) error {
+	c.maxRetryRPCBufferSize = o.MaxRetryRPCBufferSize
+	return nil
+}
+func (o MaxRetryRPCBufferSizeCallOption) after(c *callInfo) {}
+
 // The format of the payload: compressed or not?
 type payloadFormat uint8
 
 const (
-	compressionNone payloadFormat = iota // no compression
-	compressionMade
+	compressionNone payloadFormat = 0 // no compression
+	compressionMade payloadFormat = 1 // compressed
 )
 
 // parser reads complete gRPC messages from the underlying reader.
@@ -444,7 +500,7 @@ type parser struct {
 //   * io.EOF, when no messages remain
 //   * io.ErrUnexpectedEOF
 //   * of type transport.ConnectionError
-//   * of type transport.StreamError
+//   * an error from the status package
 // No other error values or types must be returned, which also means
 // that the underlying io.Reader must not return an incompatible
 // error.
@@ -477,65 +533,85 @@ func (p *parser) recvMsg(maxReceiveMessageSize int) (pf payloadFormat, msg []byt
 	return pf, msg, nil
 }
 
-// encode serializes msg and returns a buffer of message header and a buffer of msg.
-// If msg is nil, it generates the message header and an empty msg buffer.
-// TODO(ddyihai): eliminate extra Compressor parameter.
-func encode(c baseCodec, msg interface{}, cp Compressor, outPayload *stats.OutPayload, compressor encoding.Compressor) ([]byte, []byte, error) {
-	var (
-		b    []byte
-		cbuf *bytes.Buffer
-	)
-	const (
-		payloadLen = 1
-		sizeLen    = 4
-	)
-	if msg != nil {
-		var err error
-		b, err = c.Marshal(msg)
+// encode serializes msg and returns a buffer containing the message, or an
+// error if it is too large to be transmitted by grpc.  If msg is nil, it
+// generates an empty message.
+func encode(c baseCodec, msg interface{}) ([]byte, error) {
+	if msg == nil { // NOTE: typed nils will not be caught by this check
+		return nil, nil
+	}
+	b, err := c.Marshal(msg)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "grpc: error while marshaling: %v", err.Error())
+	}
+	if uint(len(b)) > math.MaxUint32 {
+		return nil, status.Errorf(codes.ResourceExhausted, "grpc: message too large (%d bytes)", len(b))
+	}
+	return b, nil
+}
+
+// compress returns the input bytes compressed by compressor or cp.  If both
+// compressors are nil, returns nil.
+//
+// TODO(dfawley): eliminate cp parameter by wrapping Compressor in an encoding.Compressor.
+func compress(in []byte, cp Compressor, compressor encoding.Compressor) ([]byte, error) {
+	if compressor == nil && cp == nil {
+		return nil, nil
+	}
+	wrapErr := func(err error) error {
+		return status.Errorf(codes.Internal, "grpc: error while compressing: %v", err.Error())
+	}
+	cbuf := &bytes.Buffer{}
+	if compressor != nil {
+		z, err := compressor.Compress(cbuf)
 		if err != nil {
-			return nil, nil, status.Errorf(codes.Internal, "grpc: error while marshaling: %v", err.Error())
+			return nil, wrapErr(err)
 		}
-		if outPayload != nil {
-			outPayload.Payload = msg
-			// TODO truncate large payload.
-			outPayload.Data = b
-			outPayload.Length = len(b)
+		if _, err := z.Write(in); err != nil {
+			return nil, wrapErr(err)
 		}
-		if compressor != nil || cp != nil {
-			cbuf = new(bytes.Buffer)
-			// Has compressor, check Compressor is set by UseCompressor first.
-			if compressor != nil {
-				z, _ := compressor.Compress(cbuf)
-				if _, err := z.Write(b); err != nil {
-					return nil, nil, status.Errorf(codes.Internal, "grpc: error while compressing: %v", err.Error())
-				}
-				z.Close()
-			} else {
-				// If Compressor is not set by UseCompressor, use default Compressor
-				if err := cp.Do(cbuf, b); err != nil {
-					return nil, nil, status.Errorf(codes.Internal, "grpc: error while compressing: %v", err.Error())
-				}
-			}
-			b = cbuf.Bytes()
+		if err := z.Close(); err != nil {
+			return nil, wrapErr(err)
+		}
+	} else {
+		if err := cp.Do(cbuf, in); err != nil {
+			return nil, wrapErr(err)
 		}
 	}
-	if uint(len(b)) > math.MaxUint32 {
-		return nil, nil, status.Errorf(codes.ResourceExhausted, "grpc: message too large (%d bytes)", len(b))
-	}
+	return cbuf.Bytes(), nil
+}
 
-	bufHeader := make([]byte, payloadLen+sizeLen)
-	if compressor != nil || cp != nil {
-		bufHeader[0] = byte(compressionMade)
+const (
+	payloadLen = 1
+	sizeLen    = 4
+	headerLen  = payloadLen + sizeLen
+)
+
+// msgHeader returns a 5-byte header for the message being transmitted and the
+// payload, which is compData if non-nil or data otherwise.
+func msgHeader(data, compData []byte) (hdr []byte, payload []byte) {
+	hdr = make([]byte, headerLen)
+	if compData != nil {
+		hdr[0] = byte(compressionMade)
+		data = compData
 	} else {
-		bufHeader[0] = byte(compressionNone)
+		hdr[0] = byte(compressionNone)
 	}
 
-	// Write length of b into buf
-	binary.BigEndian.PutUint32(bufHeader[payloadLen:], uint32(len(b)))
-	if outPayload != nil {
-		outPayload.WireLength = payloadLen + sizeLen + len(b)
+	// Write length of payload into buf
+	binary.BigEndian.PutUint32(hdr[payloadLen:], uint32(len(data)))
+	return hdr, data
+}
+
+func outPayload(client bool, msg interface{}, data, payload []byte, t time.Time) *stats.OutPayload {
+	return &stats.OutPayload{
+		Client:     client,
+		Payload:    msg,
+		Data:       data,
+		Length:     len(data),
+		WireLength: len(payload) + headerLen,
+		SentTime:   t,
 	}
-	return bufHeader, b, nil
 }
 
 func checkRecvPayload(pf payloadFormat, recvCompress string, haveCompressor bool) *status.Status {
@@ -554,67 +630,121 @@ func checkRecvPayload(pf payloadFormat, recvCompress string, haveCompressor bool
 	return nil
 }
 
-// For the two compressor parameters, both should not be set, but if they are,
-// dc takes precedence over compressor.
-// TODO(dfawley): wrap the old compressor/decompressor using the new API?
-func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m interface{}, maxReceiveMessageSize int, inPayload *stats.InPayload, compressor encoding.Compressor) error {
+type payloadInfo struct {
+	wireLength        int // The compressed length got from wire.
+	uncompressedBytes []byte
+}
+
+func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) ([]byte, error) {
 	pf, d, err := p.recvMsg(maxReceiveMessageSize)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	if inPayload != nil {
-		inPayload.WireLength = len(d)
+	if payInfo != nil {
+		payInfo.wireLength = len(d)
 	}
 
 	if st := checkRecvPayload(pf, s.RecvCompress(), compressor != nil || dc != nil); st != nil {
-		return st.Err()
+		return nil, st.Err()
 	}
 
+	var size int
 	if pf == compressionMade {
 		// To match legacy behavior, if the decompressor is set by WithDecompressor or RPCDecompressor,
 		// use this decompressor as the default.
 		if dc != nil {
 			d, err = dc.Do(bytes.NewReader(d))
-			if err != nil {
-				return status.Errorf(codes.Internal, "grpc: failed to decompress the received message %v", err)
-			}
+			size = len(d)
 		} else {
-			dcReader, err := compressor.Decompress(bytes.NewReader(d))
-			if err != nil {
-				return status.Errorf(codes.Internal, "grpc: failed to decompress the received message %v", err)
-			}
-			d, err = ioutil.ReadAll(dcReader)
-			if err != nil {
-				return status.Errorf(codes.Internal, "grpc: failed to decompress the received message %v", err)
-			}
+			d, size, err = decompress(compressor, d, maxReceiveMessageSize)
 		}
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "grpc: failed to decompress the received message %v", err)
+		}
+	} else {
+		size = len(d)
 	}
-	if len(d) > maxReceiveMessageSize {
+	if size > maxReceiveMessageSize {
 		// TODO: Revisit the error code. Currently keep it consistent with java
 		// implementation.
-		return status.Errorf(codes.ResourceExhausted, "grpc: received message larger than max (%d vs. %d)", len(d), maxReceiveMessageSize)
+		return nil, status.Errorf(codes.ResourceExhausted, "grpc: received message larger than max (%d vs. %d)", size, maxReceiveMessageSize)
+	}
+	return d, nil
+}
+
+// Using compressor, decompress d, returning data and size.
+// Optionally, if data will be over maxReceiveMessageSize, just return the size.
+func decompress(compressor encoding.Compressor, d []byte, maxReceiveMessageSize int) ([]byte, int, error) {
+	dcReader, err := compressor.Decompress(bytes.NewReader(d))
+	if err != nil {
+		return nil, 0, err
+	}
+	if sizer, ok := compressor.(interface {
+		DecompressedSize(compressedBytes []byte) int
+	}); ok {
+		if size := sizer.DecompressedSize(d); size >= 0 {
+			if size > maxReceiveMessageSize {
+				return nil, size, nil
+			}
+			// size is used as an estimate to size the buffer, but we
+			// will read more data if available.
+			// +MinRead so ReadFrom will not reallocate if size is correct.
+			buf := bytes.NewBuffer(make([]byte, 0, size+bytes.MinRead))
+			bytesRead, err := buf.ReadFrom(io.LimitReader(dcReader, int64(maxReceiveMessageSize)+1))
+			return buf.Bytes(), int(bytesRead), err
+		}
+	}
+	// Read from LimitReader with limit max+1. So if the underlying
+	// reader is over limit, the result will be bigger than max.
+	d, err = ioutil.ReadAll(io.LimitReader(dcReader, int64(maxReceiveMessageSize)+1))
+	return d, len(d), err
+}
+
+// For the two compressor parameters, both should not be set, but if they are,
+// dc takes precedence over compressor.
+// TODO(dfawley): wrap the old compressor/decompressor using the new API?
+func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m interface{}, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) error {
+	d, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor)
+	if err != nil {
+		return err
 	}
 	if err := c.Unmarshal(d, m); err != nil {
 		return status.Errorf(codes.Internal, "grpc: failed to unmarshal the received message %v", err)
 	}
-	if inPayload != nil {
-		inPayload.RecvTime = time.Now()
-		inPayload.Payload = m
-		// TODO truncate large payload.
-		inPayload.Data = d
-		inPayload.Length = len(d)
+	if payInfo != nil {
+		payInfo.uncompressedBytes = d
 	}
 	return nil
 }
 
+// Information about RPC
 type rpcInfo struct {
-	failfast bool
+	failfast      bool
+	preloaderInfo *compressorInfo
+}
+
+// Information about Preloader
+// Responsible for storing codec, and compressors
+// If stream (s) has  context s.Context which stores rpcInfo that has non nil
+// pointers to codec, and compressors, then we can use preparedMsg for Async message prep
+// and reuse marshalled bytes
+type compressorInfo struct {
+	codec baseCodec
+	cp    Compressor
+	comp  encoding.Compressor
 }
 
 type rpcInfoContextKey struct{}
 
-func newContextWithRPCInfo(ctx context.Context, failfast bool) context.Context {
-	return context.WithValue(ctx, rpcInfoContextKey{}, &rpcInfo{failfast: failfast})
+func newContextWithRPCInfo(ctx context.Context, failfast bool, codec baseCodec, cp Compressor, comp encoding.Compressor) context.Context {
+	return context.WithValue(ctx, rpcInfoContextKey{}, &rpcInfo{
+		failfast: failfast,
+		preloaderInfo: &compressorInfo{
+			codec: codec,
+			cp:    cp,
+			comp:  comp,
+		},
+	})
 }
 
 func rpcInfoFromContext(ctx context.Context) (s *rpcInfo, ok bool) {
@@ -625,23 +755,17 @@ func rpcInfoFromContext(ctx context.Context) (s *rpcInfo, ok bool) {
 // Code returns the error code for err if it was produced by the rpc system.
 // Otherwise, it returns codes.Unknown.
 //
-// Deprecated: use status.FromError and Code method instead.
+// Deprecated: use status.Code instead.
 func Code(err error) codes.Code {
-	if s, ok := status.FromError(err); ok {
-		return s.Code()
-	}
-	return codes.Unknown
+	return status.Code(err)
 }
 
 // ErrorDesc returns the error description of err if it was produced by the rpc system.
 // Otherwise, it returns err.Error() or empty string when err is nil.
 //
-// Deprecated: use status.FromError and Message method instead.
+// Deprecated: use status.Convert and Message method instead.
 func ErrorDesc(err error) string {
-	if s, ok := status.FromError(err); ok {
-		return s.Message()
-	}
-	return err.Error()
+	return status.Convert(err).Message()
 }
 
 // Errorf returns an error containing an error code and a description;
@@ -652,6 +776,31 @@ func Errorf(c codes.Code, format string, a ...interface{}) error {
 	return status.Errorf(c, format, a...)
 }
 
+// toRPCErr converts an error into an error from the status package.
+func toRPCErr(err error) error {
+	if err == nil || err == io.EOF {
+		return err
+	}
+	if err == io.ErrUnexpectedEOF {
+		return status.Error(codes.Internal, err.Error())
+	}
+	if _, ok := status.FromError(err); ok {
+		return err
+	}
+	switch e := err.(type) {
+	case transport.ConnectionError:
+		return status.Error(codes.Unavailable, e.Desc)
+	default:
+		switch err {
+		case context.DeadlineExceeded:
+			return status.Error(codes.DeadlineExceeded, err.Error())
+		case context.Canceled:
+			return status.Error(codes.Canceled, err.Error())
+		}
+	}
+	return status.Error(codes.Unknown, err.Error())
+}
+
 // setCallInfoCodec should only be called after CallOptions have been applied.
 func setCallInfoCodec(c *callInfo) error {
 	if c.codec != nil {
@@ -707,9 +856,22 @@ func parseDialTarget(target string) (net string, addr string) {
 	return net, target
 }
 
+// channelzData is used to store channelz related data for ClientConn, addrConn and Server.
+// These fields cannot be embedded in the original structs (e.g. ClientConn), since to do atomic
+// operation on int64 variable on 32-bit machine, user is responsible to enforce memory alignment.
+// Here, by grouping those int64 fields inside a struct, we are enforcing the alignment.
+type channelzData struct {
+	callsStarted   int64
+	callsFailed    int64
+	callsSucceeded int64
+	// lastCallStartedTime stores the timestamp that last call starts. It is of int64 type instead of
+	// time.Time since it's more costly to atomically update time.Time variable than int64 variable.
+	lastCallStartedTime int64
+}
+
 // The SupportPackageIsVersion variables are referenced from generated protocol
 // buffer files to ensure compatibility with the gRPC version used.  The latest
-// support package version is 5.
+// support package version is 6.
 //
 // Older versions are kept for compatibility. They may be removed if
 // compatibility cannot be maintained.
@@ -719,9 +881,7 @@ const (
 	SupportPackageIsVersion3 = true
 	SupportPackageIsVersion4 = true
 	SupportPackageIsVersion5 = true
+	SupportPackageIsVersion6 = true
 )
 
-// Version is the current grpc version.
-const Version = "1.12.0"
-
 const grpcUA = "grpc-go/" + Version
diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go
index 4969331cb3d40..0d75cb109a09a 100644
--- a/vendor/google.golang.org/grpc/server.go
+++ b/vendor/google.golang.org/grpc/server.go
@@ -19,7 +19,7 @@
 package grpc
 
 import (
-	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -30,27 +30,26 @@ import (
 	"runtime"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
-	"io/ioutil"
-
-	"golang.org/x/net/context"
-	"golang.org/x/net/http2"
 	"golang.org/x/net/trace"
 
-	"google.golang.org/grpc/channelz"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/encoding"
 	"google.golang.org/grpc/encoding/proto"
 	"google.golang.org/grpc/grpclog"
-	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/internal/binarylog"
+	"google.golang.org/grpc/internal/channelz"
+	"google.golang.org/grpc/internal/grpcsync"
+	"google.golang.org/grpc/internal/transport"
 	"google.golang.org/grpc/keepalive"
 	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/stats"
 	"google.golang.org/grpc/status"
 	"google.golang.org/grpc/tap"
-	"google.golang.org/grpc/transport"
 )
 
 const (
@@ -58,6 +57,8 @@ const (
 	defaultServerMaxSendMessageSize    = math.MaxInt32
 )
 
+var statusOK = status.New(codes.OK, "")
+
 type methodHandler func(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor UnaryServerInterceptor) (interface{}, error)
 
 // MethodDesc represents an RPC service's method specification.
@@ -88,33 +89,27 @@ type service struct {
 
 // Server is a gRPC server to serve RPC requests.
 type Server struct {
-	opts options
+	opts serverOptions
 
 	mu     sync.Mutex // guards following
 	lis    map[net.Listener]bool
-	conns  map[io.Closer]bool
+	conns  map[transport.ServerTransport]bool
 	serve  bool
 	drain  bool
 	cv     *sync.Cond          // signaled when connections close for GracefulStop
 	m      map[string]*service // service name -> service info
 	events trace.EventLog
 
-	quit               chan struct{}
-	done               chan struct{}
-	quitOnce           sync.Once
-	doneOnce           sync.Once
+	quit               *grpcsync.Event
+	done               *grpcsync.Event
 	channelzRemoveOnce sync.Once
 	serveWG            sync.WaitGroup // counts active Serve goroutines for GracefulStop
 
-	channelzID          int64 // channelz unique identification number
-	czmu                sync.RWMutex
-	callsStarted        int64
-	callsFailed         int64
-	callsSucceeded      int64
-	lastCallStartedTime time.Time
+	channelzID int64 // channelz unique identification number
+	czData     *channelzData
 }
 
-type options struct {
+type serverOptions struct {
 	creds                 credentials.TransportCredentials
 	codec                 baseCodec
 	cp                    Compressor
@@ -126,7 +121,6 @@ type options struct {
 	maxConcurrentStreams  uint32
 	maxReceiveMessageSize int
 	maxSendMessageSize    int
-	useHandlerImpl        bool // use http.Handler-based server
 	unknownStreamDesc     *StreamDesc
 	keepaliveParams       keepalive.ServerParameters
 	keepalivePolicy       keepalive.EnforcementPolicy
@@ -135,70 +129,111 @@ type options struct {
 	writeBufferSize       int
 	readBufferSize        int
 	connectionTimeout     time.Duration
+	maxHeaderListSize     *uint32
+	headerTableSize       *uint32
 }
 
-var defaultServerOptions = options{
+var defaultServerOptions = serverOptions{
 	maxReceiveMessageSize: defaultServerMaxReceiveMessageSize,
 	maxSendMessageSize:    defaultServerMaxSendMessageSize,
 	connectionTimeout:     120 * time.Second,
+	writeBufferSize:       defaultWriteBufSize,
+	readBufferSize:        defaultReadBufSize,
 }
 
 // A ServerOption sets options such as credentials, codec and keepalive parameters, etc.
-type ServerOption func(*options)
+type ServerOption interface {
+	apply(*serverOptions)
+}
+
+// EmptyServerOption does not alter the server configuration. It can be embedded
+// in another structure to build custom server options.
+//
+// This API is EXPERIMENTAL.
+type EmptyServerOption struct{}
+
+func (EmptyServerOption) apply(*serverOptions) {}
+
+// funcServerOption wraps a function that modifies serverOptions into an
+// implementation of the ServerOption interface.
+type funcServerOption struct {
+	f func(*serverOptions)
+}
+
+func (fdo *funcServerOption) apply(do *serverOptions) {
+	fdo.f(do)
+}
+
+func newFuncServerOption(f func(*serverOptions)) *funcServerOption {
+	return &funcServerOption{
+		f: f,
+	}
+}
 
-// WriteBufferSize lets you set the size of write buffer, this determines how much data can be batched
-// before doing a write on the wire.
+// WriteBufferSize determines how much data can be batched before doing a write on the wire.
+// The corresponding memory allocation for this buffer will be twice the size to keep syscalls low.
+// The default value for this buffer is 32KB.
+// Zero will disable the write buffer such that each write will be on underlying connection.
+// Note: A Send call may not directly translate to a write.
 func WriteBufferSize(s int) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.writeBufferSize = s
-	}
+	})
 }
 
 // ReadBufferSize lets you set the size of read buffer, this determines how much data can be read at most
 // for one read syscall.
+// The default value for this buffer is 32KB.
+// Zero will disable read buffer for a connection so data framer can access the underlying
+// conn directly.
 func ReadBufferSize(s int) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.readBufferSize = s
-	}
+	})
 }
 
 // InitialWindowSize returns a ServerOption that sets window size for stream.
 // The lower bound for window size is 64K and any value smaller than that will be ignored.
 func InitialWindowSize(s int32) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.initialWindowSize = s
-	}
+	})
 }
 
 // InitialConnWindowSize returns a ServerOption that sets window size for a connection.
 // The lower bound for window size is 64K and any value smaller than that will be ignored.
 func InitialConnWindowSize(s int32) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.initialConnWindowSize = s
-	}
+	})
 }
 
 // KeepaliveParams returns a ServerOption that sets keepalive and max-age parameters for the server.
 func KeepaliveParams(kp keepalive.ServerParameters) ServerOption {
-	return func(o *options) {
-		o.keepaliveParams = kp
+	if kp.Time > 0 && kp.Time < time.Second {
+		grpclog.Warning("Adjusting keepalive ping interval to minimum period of 1s")
+		kp.Time = time.Second
 	}
+
+	return newFuncServerOption(func(o *serverOptions) {
+		o.keepaliveParams = kp
+	})
 }
 
 // KeepaliveEnforcementPolicy returns a ServerOption that sets keepalive enforcement policy for the server.
 func KeepaliveEnforcementPolicy(kep keepalive.EnforcementPolicy) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.keepalivePolicy = kep
-	}
+	})
 }
 
 // CustomCodec returns a ServerOption that sets a codec for message marshaling and unmarshaling.
 //
 // This will override any lookups by content-subtype for Codecs registered with RegisterCodec.
 func CustomCodec(codec Codec) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.codec = codec
-	}
+	})
 }
 
 // RPCCompressor returns a ServerOption that sets a compressor for outbound
@@ -209,9 +244,9 @@ func CustomCodec(codec Codec) ServerOption {
 //
 // Deprecated: use encoding.RegisterCompressor instead.
 func RPCCompressor(cp Compressor) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.cp = cp
-	}
+	})
 }
 
 // RPCDecompressor returns a ServerOption that sets a decompressor for inbound
@@ -220,9 +255,9 @@ func RPCCompressor(cp Compressor) ServerOption {
 //
 // Deprecated: use encoding.RegisterCompressor instead.
 func RPCDecompressor(dc Decompressor) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.dc = dc
-	}
+	})
 }
 
 // MaxMsgSize returns a ServerOption to set the max message size in bytes the server can receive.
@@ -236,83 +271,83 @@ func MaxMsgSize(m int) ServerOption {
 // MaxRecvMsgSize returns a ServerOption to set the max message size in bytes the server can receive.
 // If this is not set, gRPC uses the default 4MB.
 func MaxRecvMsgSize(m int) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.maxReceiveMessageSize = m
-	}
+	})
 }
 
 // MaxSendMsgSize returns a ServerOption to set the max message size in bytes the server can send.
-// If this is not set, gRPC uses the default 4MB.
+// If this is not set, gRPC uses the default `math.MaxInt32`.
 func MaxSendMsgSize(m int) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.maxSendMessageSize = m
-	}
+	})
 }
 
 // MaxConcurrentStreams returns a ServerOption that will apply a limit on the number
 // of concurrent streams to each ServerTransport.
 func MaxConcurrentStreams(n uint32) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.maxConcurrentStreams = n
-	}
+	})
 }
 
 // Creds returns a ServerOption that sets credentials for server connections.
 func Creds(c credentials.TransportCredentials) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.creds = c
-	}
+	})
 }
 
 // UnaryInterceptor returns a ServerOption that sets the UnaryServerInterceptor for the
 // server. Only one unary interceptor can be installed. The construction of multiple
 // interceptors (e.g., chaining) can be implemented at the caller.
 func UnaryInterceptor(i UnaryServerInterceptor) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		if o.unaryInt != nil {
 			panic("The unary server interceptor was already set and may not be reset.")
 		}
 		o.unaryInt = i
-	}
+	})
 }
 
 // StreamInterceptor returns a ServerOption that sets the StreamServerInterceptor for the
 // server. Only one stream interceptor can be installed.
 func StreamInterceptor(i StreamServerInterceptor) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		if o.streamInt != nil {
 			panic("The stream server interceptor was already set and may not be reset.")
 		}
 		o.streamInt = i
-	}
+	})
 }
 
 // InTapHandle returns a ServerOption that sets the tap handle for all the server
 // transport to be created. Only one can be installed.
 func InTapHandle(h tap.ServerInHandle) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		if o.inTapHandle != nil {
 			panic("The tap handle was already set and may not be reset.")
 		}
 		o.inTapHandle = h
-	}
+	})
 }
 
 // StatsHandler returns a ServerOption that sets the stats handler for the server.
 func StatsHandler(h stats.Handler) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.statsHandler = h
-	}
+	})
 }
 
 // UnknownServiceHandler returns a ServerOption that allows for adding a custom
 // unknown service handler. The provided method is a bidi-streaming RPC service
 // handler that will be invoked instead of returning the "unimplemented" gRPC
 // error whenever a request is received for an unregistered service or method.
-// The handling function has full access to the Context of the request and the
-// stream, and the invocation bypasses interceptors.
+// The handling function and stream interceptor (if set) have full access to
+// the ServerStream, including its Context.
 func UnknownServiceHandler(streamHandler StreamHandler) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.unknownStreamDesc = &StreamDesc{
 			StreamName: "unknown_service_handler",
 			Handler:    streamHandler,
@@ -320,7 +355,7 @@ func UnknownServiceHandler(streamHandler StreamHandler) ServerOption {
 			ClientStreams: true,
 			ServerStreams: true,
 		}
-	}
+	})
 }
 
 // ConnectionTimeout returns a ServerOption that sets the timeout for
@@ -330,9 +365,27 @@ func UnknownServiceHandler(streamHandler StreamHandler) ServerOption {
 //
 // This API is EXPERIMENTAL.
 func ConnectionTimeout(d time.Duration) ServerOption {
-	return func(o *options) {
+	return newFuncServerOption(func(o *serverOptions) {
 		o.connectionTimeout = d
-	}
+	})
+}
+
+// MaxHeaderListSize returns a ServerOption that sets the max (uncompressed) size
+// of header list that the server is prepared to accept.
+func MaxHeaderListSize(s uint32) ServerOption {
+	return newFuncServerOption(func(o *serverOptions) {
+		o.maxHeaderListSize = &s
+	})
+}
+
+// HeaderTableSize returns a ServerOption that sets the size of dynamic
+// header table for stream.
+//
+// This API is EXPERIMENTAL.
+func HeaderTableSize(s uint32) ServerOption {
+	return newFuncServerOption(func(o *serverOptions) {
+		o.headerTableSize = &s
+	})
 }
 
 // NewServer creates a gRPC server which has no service registered and has not
@@ -340,15 +393,16 @@ func ConnectionTimeout(d time.Duration) ServerOption {
 func NewServer(opt ...ServerOption) *Server {
 	opts := defaultServerOptions
 	for _, o := range opt {
-		o(&opts)
+		o.apply(&opts)
 	}
 	s := &Server{
-		lis:   make(map[net.Listener]bool),
-		opts:  opts,
-		conns: make(map[io.Closer]bool),
-		m:     make(map[string]*service),
-		quit:  make(chan struct{}),
-		done:  make(chan struct{}),
+		lis:    make(map[net.Listener]bool),
+		opts:   opts,
+		conns:  make(map[transport.ServerTransport]bool),
+		m:      make(map[string]*service),
+		quit:   grpcsync.NewEvent(),
+		done:   grpcsync.NewEvent(),
+		czData: new(channelzData),
 	}
 	s.cv = sync.NewCond(&s.mu)
 	if EnableTracing {
@@ -357,7 +411,7 @@ func NewServer(opt ...ServerOption) *Server {
 	}
 
 	if channelz.IsOn() {
-		s.channelzID = channelz.RegisterServer(s, "")
+		s.channelzID = channelz.RegisterServer(&channelzServer{s}, "")
 	}
 	return s
 }
@@ -481,7 +535,8 @@ type listenSocket struct {
 
 func (l *listenSocket) ChannelzMetric() *channelz.SocketInternalMetric {
 	return &channelz.SocketInternalMetric{
-		LocalAddr: l.Listener.Addr(),
+		SocketOptions: channelz.GetSocketOption(l.Listener),
+		LocalAddr:     l.Listener.Addr(),
 	}
 }
 
@@ -513,11 +568,9 @@ func (s *Server) Serve(lis net.Listener) error {
 	s.serveWG.Add(1)
 	defer func() {
 		s.serveWG.Done()
-		select {
-		// Stop or GracefulStop called; block until done and return nil.
-		case <-s.quit:
-			<-s.done
-		default:
+		if s.quit.HasFired() {
+			// Stop or GracefulStop called; block until done and return nil.
+			<-s.done.Done()
 		}
 	}()
 
@@ -525,7 +578,7 @@ func (s *Server) Serve(lis net.Listener) error {
 	s.lis[ls] = true
 
 	if channelz.IsOn() {
-		ls.channelzID = channelz.RegisterListenSocket(ls, s.channelzID, "")
+		ls.channelzID = channelz.RegisterListenSocket(ls, s.channelzID, lis.Addr().String())
 	}
 	s.mu.Unlock()
 
@@ -560,7 +613,7 @@ func (s *Server) Serve(lis net.Listener) error {
 				timer := time.NewTimer(tempDelay)
 				select {
 				case <-timer.C:
-				case <-s.quit:
+				case <-s.quit.Done():
 					timer.Stop()
 					return nil
 				}
@@ -570,10 +623,8 @@ func (s *Server) Serve(lis net.Listener) error {
 			s.printf("done serving; Accept = %v", err)
 			s.mu.Unlock()
 
-			select {
-			case <-s.quit:
+			if s.quit.HasFired() {
 				return nil
-			default:
 			}
 			return err
 		}
@@ -594,50 +645,39 @@ func (s *Server) Serve(lis net.Listener) error {
 // handleRawConn forks a goroutine to handle a just-accepted connection that
 // has not had any I/O performed on it yet.
 func (s *Server) handleRawConn(rawConn net.Conn) {
+	if s.quit.HasFired() {
+		rawConn.Close()
+		return
+	}
 	rawConn.SetDeadline(time.Now().Add(s.opts.connectionTimeout))
 	conn, authInfo, err := s.useTransportAuthenticator(rawConn)
 	if err != nil {
-		s.mu.Lock()
-		s.errorf("ServerHandshake(%q) failed: %v", rawConn.RemoteAddr(), err)
-		s.mu.Unlock()
-		grpclog.Warningf("grpc: Server.Serve failed to complete security handshake from %q: %v", rawConn.RemoteAddr(), err)
-		// If serverHandshake returns ErrConnDispatched, keep rawConn open.
+		// ErrConnDispatched means that the connection was dispatched away from
+		// gRPC; those connections should be left open.
 		if err != credentials.ErrConnDispatched {
+			s.mu.Lock()
+			s.errorf("ServerHandshake(%q) failed: %v", rawConn.RemoteAddr(), err)
+			s.mu.Unlock()
+			grpclog.Warningf("grpc: Server.Serve failed to complete security handshake from %q: %v", rawConn.RemoteAddr(), err)
 			rawConn.Close()
 		}
 		rawConn.SetDeadline(time.Time{})
 		return
 	}
 
-	s.mu.Lock()
-	if s.conns == nil {
-		s.mu.Unlock()
-		conn.Close()
+	// Finish handshaking (HTTP2)
+	st := s.newHTTP2Transport(conn, authInfo)
+	if st == nil {
 		return
 	}
-	s.mu.Unlock()
-
-	var serve func()
-	c := conn.(io.Closer)
-	if s.opts.useHandlerImpl {
-		serve = func() { s.serveUsingHandler(conn) }
-	} else {
-		// Finish handshaking (HTTP2)
-		st := s.newHTTP2Transport(conn, authInfo)
-		if st == nil {
-			return
-		}
-		c = st
-		serve = func() { s.serveStreams(st) }
-	}
 
 	rawConn.SetDeadline(time.Time{})
-	if !s.addConn(c) {
+	if !s.addConn(st) {
 		return
 	}
 	go func() {
-		serve()
-		s.removeConn(c)
+		s.serveStreams(st)
+		s.removeConn(st)
 	}()
 }
 
@@ -656,6 +696,8 @@ func (s *Server) newHTTP2Transport(c net.Conn, authInfo credentials.AuthInfo) tr
 		WriteBufferSize:       s.opts.writeBufferSize,
 		ReadBufferSize:        s.opts.readBufferSize,
 		ChannelzParentID:      s.channelzID,
+		MaxHeaderListSize:     s.opts.maxHeaderListSize,
+		HeaderTableSize:       s.opts.headerTableSize,
 	}
 	st, err := transport.NewServerTransport("http2", c, config)
 	if err != nil {
@@ -691,27 +733,6 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 
 var _ http.Handler = (*Server)(nil)
 
-// serveUsingHandler is called from handleRawConn when s is configured
-// to handle requests via the http.Handler interface. It sets up a
-// net/http.Server to handle the just-accepted conn. The http.Server
-// is configured to route all incoming requests (all HTTP/2 streams)
-// to ServeHTTP, which creates a new ServerTransport for each stream.
-// serveUsingHandler blocks until conn closes.
-//
-// This codepath is only used when Server.TestingUseHandlerImpl has
-// been configured. This lets the end2end tests exercise the ServeHTTP
-// method as one of the environment types.
-//
-// conn is the *tls.Conn that's already been authenticated.
-func (s *Server) serveUsingHandler(conn net.Conn) {
-	h2s := &http2.Server{
-		MaxConcurrentStreams: s.opts.maxConcurrentStreams,
-	}
-	h2s.ServeConn(conn, &http2.ServeConnOpts{
-		Handler: s,
-	})
-}
-
 // ServeHTTP implements the Go standard library's http.Handler
 // interface by responding to the gRPC request r, by looking up
 // the requested gRPC method in the gRPC server s.
@@ -752,6 +773,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 // traceInfo returns a traceInfo and associates it with stream, if tracing is enabled.
 // If tracing is not enabled, it returns nil.
 func (s *Server) traceInfo(st transport.ServerTransport, stream *transport.Stream) (trInfo *traceInfo) {
+	if !EnableTracing {
+		return nil
+	}
 	tr, ok := trace.FromContext(stream.Context())
 	if !ok {
 		return nil
@@ -759,135 +783,166 @@ func (s *Server) traceInfo(st transport.ServerTransport, stream *transport.Strea
 
 	trInfo = &traceInfo{
 		tr: tr,
+		firstLine: firstLine{
+			client:     false,
+			remoteAddr: st.RemoteAddr(),
+		},
 	}
-	trInfo.firstLine.client = false
-	trInfo.firstLine.remoteAddr = st.RemoteAddr()
-
 	if dl, ok := stream.Context().Deadline(); ok {
-		trInfo.firstLine.deadline = dl.Sub(time.Now())
+		trInfo.firstLine.deadline = time.Until(dl)
 	}
 	return trInfo
 }
 
-func (s *Server) addConn(c io.Closer) bool {
+func (s *Server) addConn(st transport.ServerTransport) bool {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	if s.conns == nil {
-		c.Close()
+		st.Close()
 		return false
 	}
 	if s.drain {
 		// Transport added after we drained our existing conns: drain it
 		// immediately.
-		c.(transport.ServerTransport).Drain()
+		st.Drain()
 	}
-	s.conns[c] = true
+	s.conns[st] = true
 	return true
 }
 
-func (s *Server) removeConn(c io.Closer) {
+func (s *Server) removeConn(st transport.ServerTransport) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	if s.conns != nil {
-		delete(s.conns, c)
+		delete(s.conns, st)
 		s.cv.Broadcast()
 	}
 }
 
-// ChannelzMetric returns ServerInternalMetric of current server.
-// This is an EXPERIMENTAL API.
-func (s *Server) ChannelzMetric() *channelz.ServerInternalMetric {
-	s.czmu.RLock()
-	defer s.czmu.RUnlock()
+func (s *Server) channelzMetric() *channelz.ServerInternalMetric {
 	return &channelz.ServerInternalMetric{
-		CallsStarted:             s.callsStarted,
-		CallsSucceeded:           s.callsSucceeded,
-		CallsFailed:              s.callsFailed,
-		LastCallStartedTimestamp: s.lastCallStartedTime,
+		CallsStarted:             atomic.LoadInt64(&s.czData.callsStarted),
+		CallsSucceeded:           atomic.LoadInt64(&s.czData.callsSucceeded),
+		CallsFailed:              atomic.LoadInt64(&s.czData.callsFailed),
+		LastCallStartedTimestamp: time.Unix(0, atomic.LoadInt64(&s.czData.lastCallStartedTime)),
 	}
 }
 
 func (s *Server) incrCallsStarted() {
-	s.czmu.Lock()
-	s.callsStarted++
-	s.lastCallStartedTime = time.Now()
-	s.czmu.Unlock()
+	atomic.AddInt64(&s.czData.callsStarted, 1)
+	atomic.StoreInt64(&s.czData.lastCallStartedTime, time.Now().UnixNano())
 }
 
 func (s *Server) incrCallsSucceeded() {
-	s.czmu.Lock()
-	s.callsSucceeded++
-	s.czmu.Unlock()
+	atomic.AddInt64(&s.czData.callsSucceeded, 1)
 }
 
 func (s *Server) incrCallsFailed() {
-	s.czmu.Lock()
-	s.callsFailed++
-	s.czmu.Unlock()
+	atomic.AddInt64(&s.czData.callsFailed, 1)
 }
 
 func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Stream, msg interface{}, cp Compressor, opts *transport.Options, comp encoding.Compressor) error {
-	var (
-		outPayload *stats.OutPayload
-	)
-	if s.opts.statsHandler != nil {
-		outPayload = &stats.OutPayload{}
-	}
-	hdr, data, err := encode(s.getCodec(stream.ContentSubtype()), msg, cp, outPayload, comp)
+	data, err := encode(s.getCodec(stream.ContentSubtype()), msg)
 	if err != nil {
 		grpclog.Errorln("grpc: server failed to encode response: ", err)
 		return err
 	}
-	if len(data) > s.opts.maxSendMessageSize {
-		return status.Errorf(codes.ResourceExhausted, "grpc: trying to send message larger than max (%d vs. %d)", len(data), s.opts.maxSendMessageSize)
+	compData, err := compress(data, cp, comp)
+	if err != nil {
+		grpclog.Errorln("grpc: server failed to compress response: ", err)
+		return err
+	}
+	hdr, payload := msgHeader(data, compData)
+	// TODO(dfawley): should we be checking len(data) instead?
+	if len(payload) > s.opts.maxSendMessageSize {
+		return status.Errorf(codes.ResourceExhausted, "grpc: trying to send message larger than max (%d vs. %d)", len(payload), s.opts.maxSendMessageSize)
 	}
-	err = t.Write(stream, hdr, data, opts)
-	if err == nil && outPayload != nil {
-		outPayload.SentTime = time.Now()
-		s.opts.statsHandler.HandleRPC(stream.Context(), outPayload)
+	err = t.Write(stream, hdr, payload, opts)
+	if err == nil && s.opts.statsHandler != nil {
+		s.opts.statsHandler.HandleRPC(stream.Context(), outPayload(false, msg, data, payload, time.Now()))
 	}
 	return err
 }
 
 func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.Stream, srv *service, md *MethodDesc, trInfo *traceInfo) (err error) {
-	if channelz.IsOn() {
-		s.incrCallsStarted()
-		defer func() {
-			if err != nil && err != io.EOF {
-				s.incrCallsFailed()
-			} else {
-				s.incrCallsSucceeded()
-			}
-		}()
-	}
 	sh := s.opts.statsHandler
-	if sh != nil {
-		beginTime := time.Now()
-		begin := &stats.Begin{
-			BeginTime: beginTime,
+	if sh != nil || trInfo != nil || channelz.IsOn() {
+		if channelz.IsOn() {
+			s.incrCallsStarted()
 		}
-		sh.HandleRPC(stream.Context(), begin)
-		defer func() {
-			end := &stats.End{
+		var statsBegin *stats.Begin
+		if sh != nil {
+			beginTime := time.Now()
+			statsBegin = &stats.Begin{
 				BeginTime: beginTime,
-				EndTime:   time.Now(),
 			}
-			if err != nil && err != io.EOF {
-				end.Error = toRPCErr(err)
+			sh.HandleRPC(stream.Context(), statsBegin)
+		}
+		if trInfo != nil {
+			trInfo.tr.LazyLog(&trInfo.firstLine, false)
+		}
+		// The deferred error handling for tracing, stats handler and channelz are
+		// combined into one function to reduce stack usage -- a defer takes ~56-64
+		// bytes on the stack, so overflowing the stack will require a stack
+		// re-allocation, which is expensive.
+		//
+		// To maintain behavior similar to separate deferred statements, statements
+		// should be executed in the reverse order. That is, tracing first, stats
+		// handler second, and channelz last. Note that panics *within* defers will
+		// lead to different behavior, but that's an acceptable compromise; that
+		// would be undefined behavior territory anyway.
+		defer func() {
+			if trInfo != nil {
+				if err != nil && err != io.EOF {
+					trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					trInfo.tr.SetError()
+				}
+				trInfo.tr.Finish()
+			}
+
+			if sh != nil {
+				end := &stats.End{
+					BeginTime: statsBegin.BeginTime,
+					EndTime:   time.Now(),
+				}
+				if err != nil && err != io.EOF {
+					end.Error = toRPCErr(err)
+				}
+				sh.HandleRPC(stream.Context(), end)
+			}
+
+			if channelz.IsOn() {
+				if err != nil && err != io.EOF {
+					s.incrCallsFailed()
+				} else {
+					s.incrCallsSucceeded()
+				}
 			}
-			sh.HandleRPC(stream.Context(), end)
 		}()
 	}
-	if trInfo != nil {
-		defer trInfo.tr.Finish()
-		trInfo.firstLine.client = false
-		trInfo.tr.LazyLog(&trInfo.firstLine, false)
-		defer func() {
-			if err != nil && err != io.EOF {
-				trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-				trInfo.tr.SetError()
+
+	binlog := binarylog.GetMethodLogger(stream.Method())
+	if binlog != nil {
+		ctx := stream.Context()
+		md, _ := metadata.FromIncomingContext(ctx)
+		logEntry := &binarylog.ClientHeader{
+			Header:     md,
+			MethodName: stream.Method(),
+			PeerAddr:   nil,
+		}
+		if deadline, ok := ctx.Deadline(); ok {
+			logEntry.Timeout = time.Until(deadline)
+			if logEntry.Timeout < 0 {
+				logEntry.Timeout = 0
 			}
-		}()
+		}
+		if a := md[":authority"]; len(a) > 0 {
+			logEntry.Authority = a[0]
+		}
+		if peer, ok := peer.FromContext(ctx); ok {
+			logEntry.PeerAddr = peer.Addr
+		}
+		binlog.Log(logEntry)
 	}
 
 	// comp and cp are used for compression.  decomp and dc are used for
@@ -926,81 +981,39 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		}
 	}
 
-	p := &parser{r: stream}
-	pf, req, err := p.recvMsg(s.opts.maxReceiveMessageSize)
-	if err == io.EOF {
-		// The entire stream is done (for unary RPC only).
-		return err
-	}
-	if err == io.ErrUnexpectedEOF {
-		err = status.Errorf(codes.Internal, io.ErrUnexpectedEOF.Error())
+	var payInfo *payloadInfo
+	if sh != nil || binlog != nil {
+		payInfo = &payloadInfo{}
 	}
+	d, err := recvAndDecompress(&parser{r: stream}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp)
 	if err != nil {
 		if st, ok := status.FromError(err); ok {
 			if e := t.WriteStatus(stream, st); e != nil {
 				grpclog.Warningf("grpc: Server.processUnaryRPC failed to write status %v", e)
 			}
-		} else {
-			switch st := err.(type) {
-			case transport.ConnectionError:
-				// Nothing to do here.
-			case transport.StreamError:
-				if e := t.WriteStatus(stream, status.New(st.Code, st.Desc)); e != nil {
-					grpclog.Warningf("grpc: Server.processUnaryRPC failed to write status %v", e)
-				}
-			default:
-				panic(fmt.Sprintf("grpc: Unexpected error (%T) from recvMsg: %v", st, st))
-			}
 		}
 		return err
 	}
 	if channelz.IsOn() {
 		t.IncrMsgRecv()
 	}
-	if st := checkRecvPayload(pf, stream.RecvCompress(), dc != nil || decomp != nil); st != nil {
-		if e := t.WriteStatus(stream, st); e != nil {
-			grpclog.Warningf("grpc: Server.processUnaryRPC failed to write status %v", e)
-		}
-		return st.Err()
-	}
-	var inPayload *stats.InPayload
-	if sh != nil {
-		inPayload = &stats.InPayload{
-			RecvTime: time.Now(),
-		}
-	}
 	df := func(v interface{}) error {
-		if inPayload != nil {
-			inPayload.WireLength = len(req)
-		}
-		if pf == compressionMade {
-			var err error
-			if dc != nil {
-				req, err = dc.Do(bytes.NewReader(req))
-				if err != nil {
-					return status.Errorf(codes.Internal, err.Error())
-				}
-			} else {
-				tmp, _ := decomp.Decompress(bytes.NewReader(req))
-				req, err = ioutil.ReadAll(tmp)
-				if err != nil {
-					return status.Errorf(codes.Internal, "grpc: failed to decompress the received message %v", err)
-				}
-			}
-		}
-		if len(req) > s.opts.maxReceiveMessageSize {
-			// TODO: Revisit the error code. Currently keep it consistent with
-			// java implementation.
-			return status.Errorf(codes.ResourceExhausted, "grpc: received message larger than max (%d vs. %d)", len(req), s.opts.maxReceiveMessageSize)
-		}
-		if err := s.getCodec(stream.ContentSubtype()).Unmarshal(req, v); err != nil {
+		if err := s.getCodec(stream.ContentSubtype()).Unmarshal(d, v); err != nil {
 			return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err)
 		}
-		if inPayload != nil {
-			inPayload.Payload = v
-			inPayload.Data = req
-			inPayload.Length = len(req)
-			sh.HandleRPC(stream.Context(), inPayload)
+		if sh != nil {
+			sh.HandleRPC(stream.Context(), &stats.InPayload{
+				RecvTime:   time.Now(),
+				Payload:    v,
+				WireLength: payInfo.wireLength,
+				Data:       d,
+				Length:     len(d),
+			})
+		}
+		if binlog != nil {
+			binlog.Log(&binarylog.ClientMessage{
+				Message: d,
+			})
 		}
 		if trInfo != nil {
 			trInfo.tr.LazyLog(&payload{sent: false, msg: v}, true)
@@ -1023,15 +1036,25 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		if e := t.WriteStatus(stream, appStatus); e != nil {
 			grpclog.Warningf("grpc: Server.processUnaryRPC failed to write status: %v", e)
 		}
+		if binlog != nil {
+			if h, _ := stream.Header(); h.Len() > 0 {
+				// Only log serverHeader if there was header. Otherwise it can
+				// be trailer only.
+				binlog.Log(&binarylog.ServerHeader{
+					Header: h,
+				})
+			}
+			binlog.Log(&binarylog.ServerTrailer{
+				Trailer: stream.Trailer(),
+				Err:     appErr,
+			})
+		}
 		return appErr
 	}
 	if trInfo != nil {
 		trInfo.tr.LazyLog(stringer("OK"), false)
 	}
-	opts := &transport.Options{
-		Last:  true,
-		Delay: false,
-	}
+	opts := &transport.Options{Last: true}
 
 	if err := s.sendResponse(t, stream, reply, cp, opts, comp); err != nil {
 		if err == io.EOF {
@@ -1046,16 +1069,31 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			switch st := err.(type) {
 			case transport.ConnectionError:
 				// Nothing to do here.
-			case transport.StreamError:
-				if e := t.WriteStatus(stream, status.New(st.Code, st.Desc)); e != nil {
-					grpclog.Warningf("grpc: Server.processUnaryRPC failed to write status %v", e)
-				}
 			default:
 				panic(fmt.Sprintf("grpc: Unexpected error (%T) from sendResponse: %v", st, st))
 			}
 		}
+		if binlog != nil {
+			h, _ := stream.Header()
+			binlog.Log(&binarylog.ServerHeader{
+				Header: h,
+			})
+			binlog.Log(&binarylog.ServerTrailer{
+				Trailer: stream.Trailer(),
+				Err:     appErr,
+			})
+		}
 		return err
 	}
+	if binlog != nil {
+		h, _ := stream.Header()
+		binlog.Log(&binarylog.ServerHeader{
+			Header: h,
+		})
+		binlog.Log(&binarylog.ServerMessage{
+			Message: reply,
+		})
+	}
 	if channelz.IsOn() {
 		t.IncrMsgSent()
 	}
@@ -1065,51 +1103,100 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	// TODO: Should we be logging if writing status failed here, like above?
 	// Should the logging be in WriteStatus?  Should we ignore the WriteStatus
 	// error or allow the stats handler to see it?
-	return t.WriteStatus(stream, status.New(codes.OK, ""))
+	err = t.WriteStatus(stream, statusOK)
+	if binlog != nil {
+		binlog.Log(&binarylog.ServerTrailer{
+			Trailer: stream.Trailer(),
+			Err:     appErr,
+		})
+	}
+	return err
 }
 
 func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transport.Stream, srv *service, sd *StreamDesc, trInfo *traceInfo) (err error) {
 	if channelz.IsOn() {
 		s.incrCallsStarted()
-		defer func() {
-			if err != nil && err != io.EOF {
-				s.incrCallsFailed()
-			} else {
-				s.incrCallsSucceeded()
-			}
-		}()
 	}
 	sh := s.opts.statsHandler
+	var statsBegin *stats.Begin
 	if sh != nil {
 		beginTime := time.Now()
-		begin := &stats.Begin{
+		statsBegin = &stats.Begin{
 			BeginTime: beginTime,
 		}
-		sh.HandleRPC(stream.Context(), begin)
-		defer func() {
-			end := &stats.End{
-				BeginTime: beginTime,
-				EndTime:   time.Now(),
-			}
-			if err != nil && err != io.EOF {
-				end.Error = toRPCErr(err)
-			}
-			sh.HandleRPC(stream.Context(), end)
-		}()
+		sh.HandleRPC(stream.Context(), statsBegin)
 	}
 	ctx := NewContextWithServerTransportStream(stream.Context(), stream)
 	ss := &serverStream{
-		ctx:   ctx,
-		t:     t,
-		s:     stream,
-		p:     &parser{r: stream},
-		codec: s.getCodec(stream.ContentSubtype()),
+		ctx:                   ctx,
+		t:                     t,
+		s:                     stream,
+		p:                     &parser{r: stream},
+		codec:                 s.getCodec(stream.ContentSubtype()),
 		maxReceiveMessageSize: s.opts.maxReceiveMessageSize,
 		maxSendMessageSize:    s.opts.maxSendMessageSize,
 		trInfo:                trInfo,
 		statsHandler:          sh,
 	}
 
+	if sh != nil || trInfo != nil || channelz.IsOn() {
+		// See comment in processUnaryRPC on defers.
+		defer func() {
+			if trInfo != nil {
+				ss.mu.Lock()
+				if err != nil && err != io.EOF {
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.SetError()
+				}
+				ss.trInfo.tr.Finish()
+				ss.trInfo.tr = nil
+				ss.mu.Unlock()
+			}
+
+			if sh != nil {
+				end := &stats.End{
+					BeginTime: statsBegin.BeginTime,
+					EndTime:   time.Now(),
+				}
+				if err != nil && err != io.EOF {
+					end.Error = toRPCErr(err)
+				}
+				sh.HandleRPC(stream.Context(), end)
+			}
+
+			if channelz.IsOn() {
+				if err != nil && err != io.EOF {
+					s.incrCallsFailed()
+				} else {
+					s.incrCallsSucceeded()
+				}
+			}
+		}()
+	}
+
+	ss.binlog = binarylog.GetMethodLogger(stream.Method())
+	if ss.binlog != nil {
+		md, _ := metadata.FromIncomingContext(ctx)
+		logEntry := &binarylog.ClientHeader{
+			Header:     md,
+			MethodName: stream.Method(),
+			PeerAddr:   nil,
+		}
+		if deadline, ok := ctx.Deadline(); ok {
+			logEntry.Timeout = time.Until(deadline)
+			if logEntry.Timeout < 0 {
+				logEntry.Timeout = 0
+			}
+		}
+		if a := md[":authority"]; len(a) > 0 {
+			logEntry.Authority = a[0]
+		}
+		if peer, ok := peer.FromContext(ss.Context()); ok {
+			logEntry.PeerAddr = peer.Addr
+		}
+		ss.binlog.Log(logEntry)
+	}
+
 	// If dc is set and matches the stream's compression, use it.  Otherwise, try
 	// to find a matching registered compressor for decomp.
 	if rc := stream.RecvCompress(); s.opts.dc != nil && s.opts.dc.Type() == rc {
@@ -1140,16 +1227,6 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 
 	if trInfo != nil {
 		trInfo.tr.LazyLog(&trInfo.firstLine, false)
-		defer func() {
-			ss.mu.Lock()
-			if err != nil && err != io.EOF {
-				ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-				ss.trInfo.tr.SetError()
-			}
-			ss.trInfo.tr.Finish()
-			ss.trInfo.tr = nil
-			ss.mu.Unlock()
-		}()
 	}
 	var appErr error
 	var server interface{}
@@ -1169,12 +1246,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 	if appErr != nil {
 		appStatus, ok := status.FromError(appErr)
 		if !ok {
-			switch err := appErr.(type) {
-			case transport.StreamError:
-				appStatus = status.New(err.Code, err.Desc)
-			default:
-				appStatus = status.New(codes.Unknown, appErr.Error())
-			}
+			appStatus = status.New(codes.Unknown, appErr.Error())
 			appErr = appStatus.Err()
 		}
 		if trInfo != nil {
@@ -1184,6 +1256,12 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			ss.mu.Unlock()
 		}
 		t.WriteStatus(ss.s, appStatus)
+		if ss.binlog != nil {
+			ss.binlog.Log(&binarylog.ServerTrailer{
+				Trailer: ss.s.Trailer(),
+				Err:     appErr,
+			})
+		}
 		// TODO: Should we log an error from WriteStatus here and below?
 		return appErr
 	}
@@ -1192,7 +1270,14 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 		ss.trInfo.tr.LazyLog(stringer("OK"), false)
 		ss.mu.Unlock()
 	}
-	return t.WriteStatus(ss.s, status.New(codes.OK, ""))
+	err = t.WriteStatus(ss.s, statusOK)
+	if ss.binlog != nil {
+		ss.binlog.Log(&binarylog.ServerTrailer{
+			Trailer: ss.s.Trailer(),
+			Err:     appErr,
+		})
+	}
+	return err
 }
 
 func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream, trInfo *traceInfo) {
@@ -1221,47 +1306,33 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str
 	}
 	service := sm[:pos]
 	method := sm[pos+1:]
-	srv, ok := s.m[service]
-	if !ok {
-		if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil {
-			s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo)
+
+	srv, knownService := s.m[service]
+	if knownService {
+		if md, ok := srv.md[method]; ok {
+			s.processUnaryRPC(t, stream, srv, md, trInfo)
 			return
 		}
-		if trInfo != nil {
-			trInfo.tr.LazyLog(&fmtStringer{"Unknown service %v", []interface{}{service}}, true)
-			trInfo.tr.SetError()
-		}
-		errDesc := fmt.Sprintf("unknown service %v", service)
-		if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil {
-			if trInfo != nil {
-				trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-				trInfo.tr.SetError()
-			}
-			grpclog.Warningf("grpc: Server.handleStream failed to write status: %v", err)
-		}
-		if trInfo != nil {
-			trInfo.tr.Finish()
+		if sd, ok := srv.sd[method]; ok {
+			s.processStreamingRPC(t, stream, srv, sd, trInfo)
+			return
 		}
-		return
 	}
-	// Unary RPC or Streaming RPC?
-	if md, ok := srv.md[method]; ok {
-		s.processUnaryRPC(t, stream, srv, md, trInfo)
+	// Unknown service, or known server unknown method.
+	if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil {
+		s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo)
 		return
 	}
-	if sd, ok := srv.sd[method]; ok {
-		s.processStreamingRPC(t, stream, srv, sd, trInfo)
-		return
+	var errDesc string
+	if !knownService {
+		errDesc = fmt.Sprintf("unknown service %v", service)
+	} else {
+		errDesc = fmt.Sprintf("unknown method %v for service %v", method, service)
 	}
 	if trInfo != nil {
-		trInfo.tr.LazyLog(&fmtStringer{"Unknown method %v", []interface{}{method}}, true)
+		trInfo.tr.LazyPrintf("%s", errDesc)
 		trInfo.tr.SetError()
 	}
-	if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil {
-		s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo)
-		return
-	}
-	errDesc := fmt.Sprintf("unknown method %v", method)
 	if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil {
 		if trInfo != nil {
 			trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
@@ -1316,15 +1387,11 @@ func ServerTransportStreamFromContext(ctx context.Context) ServerTransportStream
 // pending RPCs on the client side will get notified by connection
 // errors.
 func (s *Server) Stop() {
-	s.quitOnce.Do(func() {
-		close(s.quit)
-	})
+	s.quit.Fire()
 
 	defer func() {
 		s.serveWG.Wait()
-		s.doneOnce.Do(func() {
-			close(s.done)
-		})
+		s.done.Fire()
 	}()
 
 	s.channelzRemoveOnce.Do(func() {
@@ -1361,15 +1428,8 @@ func (s *Server) Stop() {
 // accepting new connections and RPCs and blocks until all the pending RPCs are
 // finished.
 func (s *Server) GracefulStop() {
-	s.quitOnce.Do(func() {
-		close(s.quit)
-	})
-
-	defer func() {
-		s.doneOnce.Do(func() {
-			close(s.done)
-		})
-	}()
+	s.quit.Fire()
+	defer s.done.Fire()
 
 	s.channelzRemoveOnce.Do(func() {
 		if channelz.IsOn() {
@@ -1387,8 +1447,8 @@ func (s *Server) GracefulStop() {
 	}
 	s.lis = nil
 	if !s.drain {
-		for c := range s.conns {
-			c.(transport.ServerTransport).Drain()
+		for st := range s.conns {
+			st.Drain()
 		}
 		s.drain = true
 	}
@@ -1410,12 +1470,6 @@ func (s *Server) GracefulStop() {
 	s.mu.Unlock()
 }
 
-func init() {
-	internal.TestingUseHandlerImpl = func(arg interface{}) {
-		arg.(*Server).opts.useHandlerImpl = true
-	}
-}
-
 // contentSubtype must be lowercase
 // cannot return nil
 func (s *Server) getCodec(contentSubtype string) baseCodec {
@@ -1484,3 +1538,11 @@ func Method(ctx context.Context) (string, bool) {
 	}
 	return s.Method(), true
 }
+
+type channelzServer struct {
+	s *Server
+}
+
+func (c *channelzServer) ChannelzMetric() *channelz.ServerInternalMetric {
+	return c.s.channelzMetric()
+}
diff --git a/vendor/google.golang.org/grpc/service_config.go b/vendor/google.golang.org/grpc/service_config.go
index 015631d8d38a8..5a80a575a5eb2 100644
--- a/vendor/google.golang.org/grpc/service_config.go
+++ b/vendor/google.golang.org/grpc/service_config.go
@@ -25,7 +25,11 @@ import (
 	"strings"
 	"time"
 
+	"google.golang.org/grpc/balancer"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/serviceconfig"
 )
 
 const maxInt = int(^uint(0) >> 1)
@@ -56,6 +60,13 @@ type MethodConfig struct {
 	// MaxRespSize is the maximum allowed payload size for an individual response in a
 	// stream (server->client) in bytes.
 	MaxRespSize *int
+	// RetryPolicy configures retry options for the method.
+	retryPolicy *retryPolicy
+}
+
+type lbConfig struct {
+	name string
+	cfg  serviceconfig.LoadBalancingConfig
 }
 
 // ServiceConfig is provided by the service provider and contains parameters for how
@@ -65,16 +76,107 @@ type MethodConfig struct {
 // through name resolver, as specified here
 // https://github.com/grpc/grpc/blob/master/doc/service_config.md
 type ServiceConfig struct {
-	// LB is the load balancer the service providers recommends. The balancer specified
-	// via grpc.WithBalancer will override this.
+	serviceconfig.Config
+
+	// LB is the load balancer the service providers recommends. The balancer
+	// specified via grpc.WithBalancer will override this.  This is deprecated;
+	// lbConfigs is preferred.  If lbConfig and LB are both present, lbConfig
+	// will be used.
 	LB *string
-	// Methods contains a map for the methods in this service.
-	// If there is an exact match for a method (i.e. /service/method) in the map, use the corresponding MethodConfig.
-	// If there's no exact match, look for the default config for the service (/service/) and use the corresponding MethodConfig if it exists.
-	// Otherwise, the method has no MethodConfig to use.
+
+	// lbConfig is the service config's load balancing configuration.  If
+	// lbConfig and LB are both present, lbConfig will be used.
+	lbConfig *lbConfig
+
+	// Methods contains a map for the methods in this service.  If there is an
+	// exact match for a method (i.e. /service/method) in the map, use the
+	// corresponding MethodConfig.  If there's no exact match, look for the
+	// default config for the service (/service/) and use the corresponding
+	// MethodConfig if it exists.  Otherwise, the method has no MethodConfig to
+	// use.
 	Methods map[string]MethodConfig
 
-	stickinessMetadataKey *string
+	// If a retryThrottlingPolicy is provided, gRPC will automatically throttle
+	// retry attempts and hedged RPCs when the client’s ratio of failures to
+	// successes exceeds a threshold.
+	//
+	// For each server name, the gRPC client will maintain a token_count which is
+	// initially set to maxTokens, and can take values between 0 and maxTokens.
+	//
+	// Every outgoing RPC (regardless of service or method invoked) will change
+	// token_count as follows:
+	//
+	//   - Every failed RPC will decrement the token_count by 1.
+	//   - Every successful RPC will increment the token_count by tokenRatio.
+	//
+	// If token_count is less than or equal to maxTokens / 2, then RPCs will not
+	// be retried and hedged RPCs will not be sent.
+	retryThrottling *retryThrottlingPolicy
+	// healthCheckConfig must be set as one of the requirement to enable LB channel
+	// health check.
+	healthCheckConfig *healthCheckConfig
+	// rawJSONString stores service config json string that get parsed into
+	// this service config struct.
+	rawJSONString string
+}
+
+// healthCheckConfig defines the go-native version of the LB channel health check config.
+type healthCheckConfig struct {
+	// serviceName is the service name to use in the health-checking request.
+	ServiceName string
+}
+
+// retryPolicy defines the go-native version of the retry policy defined by the
+// service config here:
+// https://github.com/grpc/proposal/blob/master/A6-client-retries.md#integration-with-service-config
+type retryPolicy struct {
+	// MaxAttempts is the maximum number of attempts, including the original RPC.
+	//
+	// This field is required and must be two or greater.
+	maxAttempts int
+
+	// Exponential backoff parameters. The initial retry attempt will occur at
+	// random(0, initialBackoff). In general, the nth attempt will occur at
+	// random(0,
+	//   min(initialBackoff*backoffMultiplier**(n-1), maxBackoff)).
+	//
+	// These fields are required and must be greater than zero.
+	initialBackoff    time.Duration
+	maxBackoff        time.Duration
+	backoffMultiplier float64
+
+	// The set of status codes which may be retried.
+	//
+	// Status codes are specified as strings, e.g., "UNAVAILABLE".
+	//
+	// This field is required and must be non-empty.
+	// Note: a set is used to store this for easy lookup.
+	retryableStatusCodes map[codes.Code]bool
+}
+
+type jsonRetryPolicy struct {
+	MaxAttempts          int
+	InitialBackoff       string
+	MaxBackoff           string
+	BackoffMultiplier    float64
+	RetryableStatusCodes []codes.Code
+}
+
+// retryThrottlingPolicy defines the go-native version of the retry throttling
+// policy defined by the service config here:
+// https://github.com/grpc/proposal/blob/master/A6-client-retries.md#integration-with-service-config
+type retryThrottlingPolicy struct {
+	// The number of tokens starts at maxTokens. The token_count will always be
+	// between 0 and maxTokens.
+	//
+	// This field is required and must be greater than zero.
+	MaxTokens float64
+	// The amount of tokens to add on each successful RPC. Typically this will
+	// be some number between 0 and 1, e.g., 0.1.
+	//
+	// This field is required and must be greater than zero. Up to 3 decimal
+	// places are supported.
+	TokenRatio float64
 }
 
 func parseDuration(s *string) (*time.Duration, error) {
@@ -144,32 +246,80 @@ type jsonMC struct {
 	Timeout                 *string
 	MaxRequestMessageBytes  *int64
 	MaxResponseMessageBytes *int64
+	RetryPolicy             *jsonRetryPolicy
 }
 
+type loadBalancingConfig map[string]json.RawMessage
+
 // TODO(lyuxuan): delete this struct after cleaning up old service config implementation.
 type jsonSC struct {
-	LoadBalancingPolicy   *string
-	StickinessMetadataKey *string
-	MethodConfig          *[]jsonMC
+	LoadBalancingPolicy *string
+	LoadBalancingConfig *[]loadBalancingConfig
+	MethodConfig        *[]jsonMC
+	RetryThrottling     *retryThrottlingPolicy
+	HealthCheckConfig   *healthCheckConfig
 }
 
-func parseServiceConfig(js string) (ServiceConfig, error) {
+func init() {
+	internal.ParseServiceConfigForTesting = parseServiceConfig
+}
+func parseServiceConfig(js string) *serviceconfig.ParseResult {
+	if len(js) == 0 {
+		return &serviceconfig.ParseResult{Err: fmt.Errorf("no JSON service config provided")}
+	}
 	var rsc jsonSC
 	err := json.Unmarshal([]byte(js), &rsc)
 	if err != nil {
 		grpclog.Warningf("grpc: parseServiceConfig error unmarshaling %s due to %v", js, err)
-		return ServiceConfig{}, err
+		return &serviceconfig.ParseResult{Err: err}
 	}
 	sc := ServiceConfig{
-		LB:      rsc.LoadBalancingPolicy,
-		Methods: make(map[string]MethodConfig),
-
-		stickinessMetadataKey: rsc.StickinessMetadataKey,
+		LB:                rsc.LoadBalancingPolicy,
+		Methods:           make(map[string]MethodConfig),
+		retryThrottling:   rsc.RetryThrottling,
+		healthCheckConfig: rsc.HealthCheckConfig,
+		rawJSONString:     js,
 	}
-	if rsc.MethodConfig == nil {
-		return sc, nil
+	if rsc.LoadBalancingConfig != nil {
+		for i, lbcfg := range *rsc.LoadBalancingConfig {
+			if len(lbcfg) != 1 {
+				err := fmt.Errorf("invalid loadBalancingConfig: entry %v does not contain exactly 1 policy/config pair: %q", i, lbcfg)
+				grpclog.Warningf(err.Error())
+				return &serviceconfig.ParseResult{Err: err}
+			}
+			var name string
+			var jsonCfg json.RawMessage
+			for name, jsonCfg = range lbcfg {
+			}
+			builder := balancer.Get(name)
+			if builder == nil {
+				continue
+			}
+			sc.lbConfig = &lbConfig{name: name}
+			if parser, ok := builder.(balancer.ConfigParser); ok {
+				var err error
+				sc.lbConfig.cfg, err = parser.ParseConfig(jsonCfg)
+				if err != nil {
+					return &serviceconfig.ParseResult{Err: fmt.Errorf("error parsing loadBalancingConfig for policy %q: %v", name, err)}
+				}
+			} else if string(jsonCfg) != "{}" {
+				grpclog.Warningf("non-empty balancer configuration %q, but balancer does not implement ParseConfig", string(jsonCfg))
+			}
+			break
+		}
+		if sc.lbConfig == nil {
+			// We had a loadBalancingConfig field but did not encounter a
+			// supported policy.  The config is considered invalid in this
+			// case.
+			err := fmt.Errorf("invalid loadBalancingConfig: no supported policies found")
+			grpclog.Warningf(err.Error())
+			return &serviceconfig.ParseResult{Err: err}
+		}
 	}
 
+	if rsc.MethodConfig == nil {
+		return &serviceconfig.ParseResult{Config: &sc}
+	}
 	for _, m := range *rsc.MethodConfig {
 		if m.Name == nil {
 			continue
@@ -177,13 +327,17 @@ func parseServiceConfig(js string) (ServiceConfig, error) {
 		d, err := parseDuration(m.Timeout)
 		if err != nil {
 			grpclog.Warningf("grpc: parseServiceConfig error unmarshaling %s due to %v", js, err)
-			return ServiceConfig{}, err
+			return &serviceconfig.ParseResult{Err: err}
 		}
 
 		mc := MethodConfig{
 			WaitForReady: m.WaitForReady,
 			Timeout:      d,
 		}
+		if mc.retryPolicy, err = convertRetryPolicy(m.RetryPolicy); err != nil {
+			grpclog.Warningf("grpc: parseServiceConfig error unmarshaling %s due to %v", js, err)
+			return &serviceconfig.ParseResult{Err: err}
+		}
 		if m.MaxRequestMessageBytes != nil {
 			if *m.MaxRequestMessageBytes > int64(maxInt) {
 				mc.MaxReqSize = newInt(maxInt)
@@ -205,7 +359,54 @@ func parseServiceConfig(js string) (ServiceConfig, error) {
 		}
 	}
 
-	return sc, nil
+	if sc.retryThrottling != nil {
+		if mt := sc.retryThrottling.MaxTokens; mt <= 0 || mt > 1000 {
+			return &serviceconfig.ParseResult{Err: fmt.Errorf("invalid retry throttling config: maxTokens (%v) out of range (0, 1000]", mt)}
+		}
+		if tr := sc.retryThrottling.TokenRatio; tr <= 0 {
+			return &serviceconfig.ParseResult{Err: fmt.Errorf("invalid retry throttling config: tokenRatio (%v) may not be negative", tr)}
+		}
+	}
+	return &serviceconfig.ParseResult{Config: &sc}
+}
+
+func convertRetryPolicy(jrp *jsonRetryPolicy) (p *retryPolicy, err error) {
+	if jrp == nil {
+		return nil, nil
+	}
+	ib, err := parseDuration(&jrp.InitialBackoff)
+	if err != nil {
+		return nil, err
+	}
+	mb, err := parseDuration(&jrp.MaxBackoff)
+	if err != nil {
+		return nil, err
+	}
+
+	if jrp.MaxAttempts <= 1 ||
+		*ib <= 0 ||
+		*mb <= 0 ||
+		jrp.BackoffMultiplier <= 0 ||
+		len(jrp.RetryableStatusCodes) == 0 {
+		grpclog.Warningf("grpc: ignoring retry policy %v due to illegal configuration", jrp)
+		return nil, nil
+	}
+
+	rp := &retryPolicy{
+		maxAttempts:          jrp.MaxAttempts,
+		initialBackoff:       *ib,
+		maxBackoff:           *mb,
+		backoffMultiplier:    jrp.BackoffMultiplier,
+		retryableStatusCodes: make(map[codes.Code]bool),
+	}
+	if rp.maxAttempts > 5 {
+		// TODO(retry): Make the max maxAttempts configurable.
+		rp.maxAttempts = 5
+	}
+	for _, code := range jrp.RetryableStatusCodes {
+		rp.retryableStatusCodes[code] = true
+	}
+	return rp, nil
 }
 
 func min(a, b *int) *int {
diff --git a/vendor/google.golang.org/grpc/serviceconfig/serviceconfig.go b/vendor/google.golang.org/grpc/serviceconfig/serviceconfig.go
new file mode 100644
index 0000000000000..187c304421cf6
--- /dev/null
+++ b/vendor/google.golang.org/grpc/serviceconfig/serviceconfig.go
@@ -0,0 +1,41 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package serviceconfig defines types and methods for operating on gRPC
+// service configs.
+//
+// This package is EXPERIMENTAL.
+package serviceconfig
+
+// Config represents an opaque data structure holding a service config.
+type Config interface {
+	isServiceConfig()
+}
+
+// LoadBalancingConfig represents an opaque data structure holding a load
+// balancing config.
+type LoadBalancingConfig interface {
+	isLoadBalancingConfig()
+}
+
+// ParseResult contains a service config or an error.  Exactly one must be
+// non-nil.
+type ParseResult struct {
+	Config Config
+	Err    error
+}
diff --git a/vendor/google.golang.org/grpc/stats/handlers.go b/vendor/google.golang.org/grpc/stats/handlers.go
index 05b384c693186..dc03731e45efa 100644
--- a/vendor/google.golang.org/grpc/stats/handlers.go
+++ b/vendor/google.golang.org/grpc/stats/handlers.go
@@ -19,9 +19,8 @@
 package stats
 
 import (
+	"context"
 	"net"
-
-	"golang.org/x/net/context"
 )
 
 // ConnTagInfo defines the relevant information needed by connection context tagger.
diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go
index 3f13190a0ac6c..9e22c393f1688 100644
--- a/vendor/google.golang.org/grpc/stats/stats.go
+++ b/vendor/google.golang.org/grpc/stats/stats.go
@@ -24,10 +24,11 @@
 package stats // import "google.golang.org/grpc/stats"
 
 import (
+	"context"
 	"net"
 	"time"
 
-	"golang.org/x/net/context"
+	"google.golang.org/grpc/metadata"
 )
 
 // RPCStats contains stats information about RPCs.
@@ -90,6 +91,8 @@ type InHeader struct {
 	LocalAddr net.Addr
 	// Compression is the compression algorithm used for the RPC.
 	Compression string
+	// Header contains the header metadata received.
+	Header metadata.MD
 }
 
 // IsClient indicates if the stats information is from client side.
@@ -103,6 +106,9 @@ type InTrailer struct {
 	Client bool
 	// WireLength is the wire length of trailer.
 	WireLength int
+	// Trailer contains the trailer metadata received from the server. This
+	// field is only valid if this InTrailer is from the client side.
+	Trailer metadata.MD
 }
 
 // IsClient indicates if the stats information is from client side.
@@ -145,6 +151,8 @@ type OutHeader struct {
 	LocalAddr net.Addr
 	// Compression is the compression algorithm used for the RPC.
 	Compression string
+	// Header contains the header metadata sent.
+	Header metadata.MD
 }
 
 // IsClient indicates if this stats information is from client side.
@@ -158,6 +166,9 @@ type OutTrailer struct {
 	Client bool
 	// WireLength is the wire length of trailer.
 	WireLength int
+	// Trailer contains the trailer metadata sent to the client. This
+	// field is only valid if this OutTrailer is from the server side.
+	Trailer metadata.MD
 }
 
 // IsClient indicates if this stats information is from client side.
@@ -173,6 +184,10 @@ type End struct {
 	BeginTime time.Time
 	// EndTime is the time when the RPC ends.
 	EndTime time.Time
+	// Trailer contains the trailer metadata received from the server. This
+	// field is only valid if this End is from the client side.
+	// Deprecated: use Trailer in InTrailer instead.
+	Trailer metadata.MD
 	// Error is the error the RPC ended with. It is an error generated from
 	// status.Status and can be converted back to status.Status using
 	// status.FromError if non-nil.
diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go
index 9c61b094508fe..a1348e9b16bd6 100644
--- a/vendor/google.golang.org/grpc/status/status.go
+++ b/vendor/google.golang.org/grpc/status/status.go
@@ -28,6 +28,7 @@
 package status
 
 import (
+	"context"
 	"errors"
 	"fmt"
 
@@ -35,8 +36,15 @@ import (
 	"github.com/golang/protobuf/ptypes"
 	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/internal"
 )
 
+func init() {
+	internal.StatusRawProto = statusRawProto
+}
+
+func statusRawProto(s *Status) *spb.Status { return s.s }
+
 // statusError is an alias of a status proto.  It implements error and Status,
 // and a nil statusError should never be returned by this package.
 type statusError spb.Status
@@ -50,6 +58,17 @@ func (se *statusError) GRPCStatus() *Status {
 	return &Status{s: (*spb.Status)(se)}
 }
 
+// Is implements future error.Is functionality.
+// A statusError is equivalent if the code and message are identical.
+func (se *statusError) Is(target error) bool {
+	tse, ok := target.(*statusError)
+	if !ok {
+		return false
+	}
+
+	return proto.Equal((*spb.Status)(se), (*spb.Status)(tse))
+}
+
 // Status represents an RPC status code, message, and details.  It is immutable
 // and should be created with New, Newf, or FromProto.
 type Status struct {
@@ -124,9 +143,11 @@ func FromProto(s *spb.Status) *Status {
 // Status is returned with codes.Unknown and the original error message.
 func FromError(err error) (s *Status, ok bool) {
 	if err == nil {
-		return &Status{s: &spb.Status{Code: int32(codes.OK)}}, true
+		return nil, true
 	}
-	if se, ok := err.(interface{ GRPCStatus() *Status }); ok {
+	if se, ok := err.(interface {
+		GRPCStatus() *Status
+	}); ok {
 		return se.GRPCStatus(), true
 	}
 	return New(codes.Unknown, err.Error()), false
@@ -182,8 +203,26 @@ func Code(err error) codes.Code {
 	if err == nil {
 		return codes.OK
 	}
-	if se, ok := err.(interface{ GRPCStatus() *Status }); ok {
+	if se, ok := err.(interface {
+		GRPCStatus() *Status
+	}); ok {
 		return se.GRPCStatus().Code()
 	}
 	return codes.Unknown
 }
+
+// FromContextError converts a context error into a Status.  It returns a
+// Status with codes.OK if err is nil, or a Status with codes.Unknown if err is
+// non-nil and not a context error.
+func FromContextError(err error) *Status {
+	switch err {
+	case nil:
+		return nil
+	case context.DeadlineExceeded:
+		return New(codes.DeadlineExceeded, err.Error())
+	case context.Canceled:
+		return New(codes.Canceled, err.Error())
+	default:
+		return New(codes.Unknown, err.Error())
+	}
+}
diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go
index 82921a15a3a50..bb99940e36fe2 100644
--- a/vendor/google.golang.org/grpc/stream.go
+++ b/vendor/google.golang.org/grpc/stream.go
@@ -19,21 +19,28 @@
 package grpc
 
 import (
+	"context"
 	"errors"
 	"io"
+	"math"
+	"strconv"
 	"sync"
 	"time"
 
-	"golang.org/x/net/context"
 	"golang.org/x/net/trace"
 	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/channelz"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/encoding"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/internal/balancerload"
+	"google.golang.org/grpc/internal/binarylog"
+	"google.golang.org/grpc/internal/channelz"
+	"google.golang.org/grpc/internal/grpcrand"
+	"google.golang.org/grpc/internal/transport"
 	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/stats"
 	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/transport"
 )
 
 // StreamHandler defines the handler called by gRPC server to complete the
@@ -55,31 +62,20 @@ type StreamDesc struct {
 
 // Stream defines the common interface a client or server stream has to satisfy.
 //
-// All errors returned from Stream are compatible with the status package.
+// Deprecated: See ClientStream and ServerStream documentation instead.
 type Stream interface {
-	// Context returns the context for this stream.
+	// Deprecated: See ClientStream and ServerStream documentation instead.
 	Context() context.Context
-	// SendMsg blocks until it sends m, the stream is done or the stream
-	// breaks.
-	// On error, it aborts the stream and returns an RPC status on client
-	// side. On server side, it simply returns the error to the caller.
-	// SendMsg is called by generated code. Also Users can call SendMsg
-	// directly when it is really needed in their use cases.
-	// It's safe to have a goroutine calling SendMsg and another goroutine calling
-	// recvMsg on the same stream at the same time.
-	// But it is not safe to call SendMsg on the same stream in different goroutines.
+	// Deprecated: See ClientStream and ServerStream documentation instead.
 	SendMsg(m interface{}) error
-	// RecvMsg blocks until it receives a message or the stream is
-	// done. On client side, it returns io.EOF when the stream is done. On
-	// any other error, it aborts the stream and returns an RPC status. On
-	// server side, it simply returns the error to the caller.
-	// It's safe to have a goroutine calling SendMsg and another goroutine calling
-	// recvMsg on the same stream at the same time.
-	// But it is not safe to call RecvMsg on the same stream in different goroutines.
+	// Deprecated: See ClientStream and ServerStream documentation instead.
 	RecvMsg(m interface{}) error
 }
 
-// ClientStream defines the interface a client stream has to satisfy.
+// ClientStream defines the client-side behavior of a streaming RPC.
+//
+// All errors returned from ClientStream methods are compatible with the
+// status package.
 type ClientStream interface {
 	// Header returns the header metadata received from the server if there
 	// is any. It blocks if the metadata is not ready to read.
@@ -89,19 +85,60 @@ type ClientStream interface {
 	// stream.Recv has returned a non-nil error (including io.EOF).
 	Trailer() metadata.MD
 	// CloseSend closes the send direction of the stream. It closes the stream
-	// when non-nil error is met.
+	// when non-nil error is met. It is also not safe to call CloseSend
+	// concurrently with SendMsg.
 	CloseSend() error
-	// Stream.SendMsg() may return a non-nil error when something wrong happens sending
-	// the request. The returned error indicates the status of this sending, not the final
-	// status of the RPC.
+	// Context returns the context for this stream.
+	//
+	// It should not be called until after Header or RecvMsg has returned. Once
+	// called, subsequent client-side retries are disabled.
+	Context() context.Context
+	// SendMsg is generally called by generated code. On error, SendMsg aborts
+	// the stream. If the error was generated by the client, the status is
+	// returned directly; otherwise, io.EOF is returned and the status of
+	// the stream may be discovered using RecvMsg.
+	//
+	// SendMsg blocks until:
+	//   - There is sufficient flow control to schedule m with the transport, or
+	//   - The stream is done, or
+	//   - The stream breaks.
 	//
-	// Always call Stream.RecvMsg() to drain the stream and get the final
-	// status, otherwise there could be leaked resources.
-	Stream
+	// SendMsg does not wait until the message is received by the server. An
+	// untimely stream closure may result in lost messages. To ensure delivery,
+	// users should ensure the RPC completed successfully using RecvMsg.
+	//
+	// It is safe to have a goroutine calling SendMsg and another goroutine
+	// calling RecvMsg on the same stream at the same time, but it is not safe
+	// to call SendMsg on the same stream in different goroutines. It is also
+	// not safe to call CloseSend concurrently with SendMsg.
+	SendMsg(m interface{}) error
+	// RecvMsg blocks until it receives a message into m or the stream is
+	// done. It returns io.EOF when the stream completes successfully. On
+	// any other error, the stream is aborted and the error contains the RPC
+	// status.
+	//
+	// It is safe to have a goroutine calling SendMsg and another goroutine
+	// calling RecvMsg on the same stream at the same time, but it is not
+	// safe to call RecvMsg on the same stream in different goroutines.
+	RecvMsg(m interface{}) error
 }
 
 // NewStream creates a new Stream for the client side. This is typically
-// called by generated code.
+// called by generated code. ctx is used for the lifetime of the stream.
+//
+// To ensure resources are not leaked due to the stream returned, one of the following
+// actions must be performed:
+//
+//      1. Call Close on the ClientConn.
+//      2. Cancel the context provided.
+//      3. Call RecvMsg until a non-nil error is returned. A protobuf-generated
+//         client-streaming RPC, for instance, might use the helper function
+//         CloseAndRecv (note that CloseSend does not Recv, therefore is not
+//         guaranteed to release all resources).
+//      4. Receive a non-nil, non-io.EOF error from Header or SendMsg.
+//
+// If none of the above happen, a goroutine and a context will be leaked, and grpc
+// will not call the optionally-configured stats handler with a stats.End message.
 func (cc *ClientConn) NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error) {
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
@@ -113,10 +150,7 @@ func (cc *ClientConn) NewStream(ctx context.Context, desc *StreamDesc, method st
 	return newClientStream(ctx, desc, cc, method, opts...)
 }
 
-// NewClientStream creates a new Stream for the client side. This is typically
-// called by generated code.
-//
-// DEPRECATED: Use ClientConn.NewStream instead.
+// NewClientStream is a wrapper for ClientConn.NewStream.
 func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (ClientStream, error) {
 	return cc.NewStream(ctx, desc, method, opts...)
 }
@@ -131,6 +165,11 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 		}()
 	}
 	c := defaultCallInfo()
+	// Provide an opportunity for the first RPC to see the first service config
+	// provided by the resolver.
+	if err := cc.waitForResolvedAddrs(ctx); err != nil {
+		return nil, err
+	}
 	mc := cc.GetMethodConfig(method)
 	if mc.WaitForReady != nil {
 		c.failFast = !*mc.WaitForReady
@@ -165,13 +204,8 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 	}
 
 	callHdr := &transport.CallHdr{
-		Host:   cc.authority,
-		Method: method,
-		// If it's not client streaming, we should already have the request to be sent,
-		// so we don't flush the header.
-		// If it's client streaming, the user may never send a request or send it any
-		// time soon, so we ask the transport to flush the header.
-		Flush:          desc.ClientStreams,
+		Host:           cc.authority,
+		Method:         method,
 		ContentSubtype: c.contentSubtype,
 	}
 
@@ -196,26 +230,21 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 	if c.creds != nil {
 		callHdr.Creds = c.creds
 	}
-	var trInfo traceInfo
+	var trInfo *traceInfo
 	if EnableTracing {
-		trInfo.tr = trace.New("grpc.Sent."+methodFamily(method), method)
-		trInfo.firstLine.client = true
+		trInfo = &traceInfo{
+			tr: trace.New("grpc.Sent."+methodFamily(method), method),
+			firstLine: firstLine{
+				client: true,
+			},
+		}
 		if deadline, ok := ctx.Deadline(); ok {
-			trInfo.firstLine.deadline = deadline.Sub(time.Now())
+			trInfo.firstLine.deadline = time.Until(deadline)
 		}
 		trInfo.tr.LazyLog(&trInfo.firstLine, false)
 		ctx = trace.NewContext(ctx, trInfo.tr)
-		defer func() {
-			if err != nil {
-				// Need to call tr.finish() if error is returned.
-				// Because tr will not be returned to caller.
-				trInfo.tr.LazyPrintf("RPC: [%v]", err)
-				trInfo.tr.SetError()
-				trInfo.tr.Finish()
-			}
-		}()
 	}
-	ctx = newContextWithRPCInfo(ctx, c.failFast)
+	ctx = newContextWithRPCInfo(ctx, c.failFast, c.codec, cp, comp)
 	sh := cc.dopts.copts.StatsHandler
 	var beginTime time.Time
 	if sh != nil {
@@ -227,80 +256,59 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 			FailFast:  c.failFast,
 		}
 		sh.HandleRPC(ctx, begin)
-		defer func() {
-			if err != nil {
-				// Only handle end stats if err != nil.
-				end := &stats.End{
-					Client:    true,
-					Error:     err,
-					BeginTime: beginTime,
-					EndTime:   time.Now(),
-				}
-				sh.HandleRPC(ctx, end)
-			}
-		}()
 	}
 
-	var (
-		t    transport.ClientTransport
-		s    *transport.Stream
-		done func(balancer.DoneInfo)
-	)
-	for {
-		// Check to make sure the context has expired.  This will prevent us from
-		// looping forever if an error occurs for wait-for-ready RPCs where no data
-		// is sent on the wire.
-		select {
-		case <-ctx.Done():
-			return nil, toRPCErr(ctx.Err())
-		default:
-		}
+	cs := &clientStream{
+		callHdr:      callHdr,
+		ctx:          ctx,
+		methodConfig: &mc,
+		opts:         opts,
+		callInfo:     c,
+		cc:           cc,
+		desc:         desc,
+		codec:        c.codec,
+		cp:           cp,
+		comp:         comp,
+		cancel:       cancel,
+		beginTime:    beginTime,
+		firstAttempt: true,
+	}
+	if !cc.dopts.disableRetry {
+		cs.retryThrottler = cc.retryThrottler.Load().(*retryThrottler)
+	}
+	cs.binlog = binarylog.GetMethodLogger(method)
 
-		t, done, err = cc.getTransport(ctx, c.failFast)
-		if err != nil {
-			return nil, err
-		}
+	cs.callInfo.stream = cs
+	// Only this initial attempt has stats/tracing.
+	// TODO(dfawley): move to newAttempt when per-attempt stats are implemented.
+	if err := cs.newAttemptLocked(sh, trInfo); err != nil {
+		cs.finish(err)
+		return nil, err
+	}
 
-		s, err = t.NewStream(ctx, callHdr)
-		if err != nil {
-			if done != nil {
-				done(balancer.DoneInfo{Err: err})
-				done = nil
-			}
-			// In the event of any error from NewStream, we never attempted to write
-			// anything to the wire, so we can retry indefinitely for non-fail-fast
-			// RPCs.
-			if !c.failFast {
-				continue
+	op := func(a *csAttempt) error { return a.newStream() }
+	if err := cs.withRetry(op, func() { cs.bufferForRetryLocked(0, op) }); err != nil {
+		cs.finish(err)
+		return nil, err
+	}
+
+	if cs.binlog != nil {
+		md, _ := metadata.FromOutgoingContext(ctx)
+		logEntry := &binarylog.ClientHeader{
+			OnClientSide: true,
+			Header:       md,
+			MethodName:   method,
+			Authority:    cs.cc.authority,
+		}
+		if deadline, ok := ctx.Deadline(); ok {
+			logEntry.Timeout = time.Until(deadline)
+			if logEntry.Timeout < 0 {
+				logEntry.Timeout = 0
 			}
-			return nil, toRPCErr(err)
 		}
-		break
+		cs.binlog.Log(logEntry)
 	}
 
-	cs := &clientStream{
-		opts:   opts,
-		c:      c,
-		cc:     cc,
-		desc:   desc,
-		codec:  c.codec,
-		cp:     cp,
-		comp:   comp,
-		cancel: cancel,
-		attempt: &csAttempt{
-			t:            t,
-			s:            s,
-			p:            &parser{r: s},
-			done:         done,
-			dc:           cc.dopts.dc,
-			ctx:          ctx,
-			trInfo:       trInfo,
-			statsHandler: sh,
-			beginTime:    beginTime,
-		},
-	}
-	cs.c.stream = cs
-	cs.attempt.cs = cs
 	if desc != unaryStreamDesc {
 		// Listen on cc and stream contexts to cleanup when the user closes the
 		// ClientConn or cancels the stream context.  In all other cases, an error
@@ -319,12 +327,59 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 	return cs, nil
 }
 
+// newAttemptLocked creates a new attempt with a transport.
+// If it succeeds, then it replaces clientStream's attempt with this new attempt.
+func (cs *clientStream) newAttemptLocked(sh stats.Handler, trInfo *traceInfo) (retErr error) {
+	newAttempt := &csAttempt{
+		cs:           cs,
+		dc:           cs.cc.dopts.dc,
+		statsHandler: sh,
+		trInfo:       trInfo,
+	}
+	defer func() {
+		if retErr != nil {
+			// This attempt is not set in the clientStream, so it's finish won't
+			// be called. Call it here for stats and trace in case they are not
+			// nil.
+			newAttempt.finish(retErr)
+		}
+	}()
+
+	if err := cs.ctx.Err(); err != nil {
+		return toRPCErr(err)
+	}
+	t, done, err := cs.cc.getTransport(cs.ctx, cs.callInfo.failFast, cs.callHdr.Method)
+	if err != nil {
+		return err
+	}
+	if trInfo != nil {
+		trInfo.firstLine.SetRemoteAddr(t.RemoteAddr())
+	}
+	newAttempt.t = t
+	newAttempt.done = done
+	cs.attempt = newAttempt
+	return nil
+}
+
+func (a *csAttempt) newStream() error {
+	cs := a.cs
+	cs.callHdr.PreviousAttempts = cs.numRetries
+	s, err := a.t.NewStream(cs.ctx, cs.callHdr)
+	if err != nil {
+		return toRPCErr(err)
+	}
+	cs.attempt.s = s
+	cs.attempt.p = &parser{r: s}
+	return nil
+}
+
 // clientStream implements a client side Stream.
 type clientStream struct {
-	opts []CallOption
-	c    *callInfo
-	cc   *ClientConn
-	desc *StreamDesc
+	callHdr  *transport.CallHdr
+	opts     []CallOption
+	callInfo *callInfo
+	cc       *ClientConn
+	desc     *StreamDesc
 
 	codec baseCodec
 	cp    Compressor
@@ -332,13 +387,41 @@ type clientStream struct {
 
 	cancel context.CancelFunc // cancels all attempts
 
-	sentLast bool // sent an end stream
+	sentLast  bool // sent an end stream
+	beginTime time.Time
+
+	methodConfig *MethodConfig
+
+	ctx context.Context // the application's context, wrapped by stats/tracing
 
-	mu       sync.Mutex // guards finished
-	finished bool       // TODO: replace with atomic cmpxchg or sync.Once?
+	retryThrottler *retryThrottler // The throttler active when the RPC began.
 
-	attempt *csAttempt // the active client stream attempt
+	binlog *binarylog.MethodLogger // Binary logger, can be nil.
+	// serverHeaderBinlogged is a boolean for whether server header has been
+	// logged. Server header will be logged when the first time one of those
+	// happens: stream.Header(), stream.Recv().
+	//
+	// It's only read and used by Recv() and Header(), so it doesn't need to be
+	// synchronized.
+	serverHeaderBinlogged bool
+
+	mu                      sync.Mutex
+	firstAttempt            bool // if true, transparent retry is valid
+	numRetries              int  // exclusive of transparent retry attempt(s)
+	numRetriesSincePushback int  // retries since pushback; to reset backoff
+	finished                bool // TODO: replace with atomic cmpxchg or sync.Once?
+	// attempt is the active client stream attempt.
+	// The only place where it is written is the newAttemptLocked method and this method never writes nil.
+	// So, attempt can be nil only inside newClientStream function when clientStream is first created.
+	// One of the first things done after clientStream's creation, is to call newAttemptLocked which either
+	// assigns a non nil value to the attempt or returns an error. If an error is returned from newAttemptLocked,
+	// then newClientStream calls finish on the clientStream and returns. So, finish method is the only
+	// place where we need to check if the attempt is nil.
+	attempt *csAttempt
 	// TODO(hedging): hedging will have multiple attempts simultaneously.
+	committed  bool                       // active attempt committed for retry?
+	buffer     []func(a *csAttempt) error // operations to replay on retry
+	bufferSize int                        // current size of buffer
 }
 
 // csAttempt implements a single transport stream attempt within a
@@ -350,53 +433,358 @@ type csAttempt struct {
 	p    *parser
 	done func(balancer.DoneInfo)
 
+	finished  bool
 	dc        Decompressor
 	decomp    encoding.Compressor
 	decompSet bool
 
-	ctx context.Context // the application's context, wrapped by stats/tracing
-
 	mu sync.Mutex // guards trInfo.tr
+	// trInfo may be nil (if EnableTracing is false).
 	// trInfo.tr is set when created (if EnableTracing is true),
 	// and cleared when the finish method is called.
-	trInfo traceInfo
+	trInfo *traceInfo
 
 	statsHandler stats.Handler
-	beginTime    time.Time
+}
+
+func (cs *clientStream) commitAttemptLocked() {
+	cs.committed = true
+	cs.buffer = nil
+}
+
+func (cs *clientStream) commitAttempt() {
+	cs.mu.Lock()
+	cs.commitAttemptLocked()
+	cs.mu.Unlock()
+}
+
+// shouldRetry returns nil if the RPC should be retried; otherwise it returns
+// the error that should be returned by the operation.
+func (cs *clientStream) shouldRetry(err error) error {
+	if cs.attempt.s == nil && !cs.callInfo.failFast {
+		// In the event of any error from NewStream (attempt.s == nil), we
+		// never attempted to write anything to the wire, so we can retry
+		// indefinitely for non-fail-fast RPCs.
+		return nil
+	}
+	if cs.finished || cs.committed {
+		// RPC is finished or committed; cannot retry.
+		return err
+	}
+	// Wait for the trailers.
+	if cs.attempt.s != nil {
+		<-cs.attempt.s.Done()
+	}
+	if cs.firstAttempt && (cs.attempt.s == nil || cs.attempt.s.Unprocessed()) {
+		// First attempt, stream unprocessed: transparently retry.
+		cs.firstAttempt = false
+		return nil
+	}
+	cs.firstAttempt = false
+	if cs.cc.dopts.disableRetry {
+		return err
+	}
+
+	pushback := 0
+	hasPushback := false
+	if cs.attempt.s != nil {
+		if !cs.attempt.s.TrailersOnly() {
+			return err
+		}
+
+		// TODO(retry): Move down if the spec changes to not check server pushback
+		// before considering this a failure for throttling.
+		sps := cs.attempt.s.Trailer()["grpc-retry-pushback-ms"]
+		if len(sps) == 1 {
+			var e error
+			if pushback, e = strconv.Atoi(sps[0]); e != nil || pushback < 0 {
+				grpclog.Infof("Server retry pushback specified to abort (%q).", sps[0])
+				cs.retryThrottler.throttle() // This counts as a failure for throttling.
+				return err
+			}
+			hasPushback = true
+		} else if len(sps) > 1 {
+			grpclog.Warningf("Server retry pushback specified multiple values (%q); not retrying.", sps)
+			cs.retryThrottler.throttle() // This counts as a failure for throttling.
+			return err
+		}
+	}
+
+	var code codes.Code
+	if cs.attempt.s != nil {
+		code = cs.attempt.s.Status().Code()
+	} else {
+		code = status.Convert(err).Code()
+	}
+
+	rp := cs.methodConfig.retryPolicy
+	if rp == nil || !rp.retryableStatusCodes[code] {
+		return err
+	}
+
+	// Note: the ordering here is important; we count this as a failure
+	// only if the code matched a retryable code.
+	if cs.retryThrottler.throttle() {
+		return err
+	}
+	if cs.numRetries+1 >= rp.maxAttempts {
+		return err
+	}
+
+	var dur time.Duration
+	if hasPushback {
+		dur = time.Millisecond * time.Duration(pushback)
+		cs.numRetriesSincePushback = 0
+	} else {
+		fact := math.Pow(rp.backoffMultiplier, float64(cs.numRetriesSincePushback))
+		cur := float64(rp.initialBackoff) * fact
+		if max := float64(rp.maxBackoff); cur > max {
+			cur = max
+		}
+		dur = time.Duration(grpcrand.Int63n(int64(cur)))
+		cs.numRetriesSincePushback++
+	}
+
+	// TODO(dfawley): we could eagerly fail here if dur puts us past the
+	// deadline, but unsure if it is worth doing.
+	t := time.NewTimer(dur)
+	select {
+	case <-t.C:
+		cs.numRetries++
+		return nil
+	case <-cs.ctx.Done():
+		t.Stop()
+		return status.FromContextError(cs.ctx.Err()).Err()
+	}
+}
+
+// Returns nil if a retry was performed and succeeded; error otherwise.
+func (cs *clientStream) retryLocked(lastErr error) error {
+	for {
+		cs.attempt.finish(lastErr)
+		if err := cs.shouldRetry(lastErr); err != nil {
+			cs.commitAttemptLocked()
+			return err
+		}
+		if err := cs.newAttemptLocked(nil, nil); err != nil {
+			return err
+		}
+		if lastErr = cs.replayBufferLocked(); lastErr == nil {
+			return nil
+		}
+	}
 }
 
 func (cs *clientStream) Context() context.Context {
-	// TODO(retry): commit the current attempt (the context has peer-aware data).
-	return cs.attempt.context()
+	cs.commitAttempt()
+	// No need to lock before using attempt, since we know it is committed and
+	// cannot change.
+	return cs.attempt.s.Context()
+}
+
+func (cs *clientStream) withRetry(op func(a *csAttempt) error, onSuccess func()) error {
+	cs.mu.Lock()
+	for {
+		if cs.committed {
+			cs.mu.Unlock()
+			return op(cs.attempt)
+		}
+		a := cs.attempt
+		cs.mu.Unlock()
+		err := op(a)
+		cs.mu.Lock()
+		if a != cs.attempt {
+			// We started another attempt already.
+			continue
+		}
+		if err == io.EOF {
+			<-a.s.Done()
+		}
+		if err == nil || (err == io.EOF && a.s.Status().Code() == codes.OK) {
+			onSuccess()
+			cs.mu.Unlock()
+			return err
+		}
+		if err := cs.retryLocked(err); err != nil {
+			cs.mu.Unlock()
+			return err
+		}
+	}
 }
 
 func (cs *clientStream) Header() (metadata.MD, error) {
-	m, err := cs.attempt.header()
+	var m metadata.MD
+	err := cs.withRetry(func(a *csAttempt) error {
+		var err error
+		m, err = a.s.Header()
+		return toRPCErr(err)
+	}, cs.commitAttemptLocked)
 	if err != nil {
-		// TODO(retry): maybe retry on error or commit attempt on success.
-		err = toRPCErr(err)
 		cs.finish(err)
+		return nil, err
+	}
+	if cs.binlog != nil && !cs.serverHeaderBinlogged {
+		// Only log if binary log is on and header has not been logged.
+		logEntry := &binarylog.ServerHeader{
+			OnClientSide: true,
+			Header:       m,
+			PeerAddr:     nil,
+		}
+		if peer, ok := peer.FromContext(cs.Context()); ok {
+			logEntry.PeerAddr = peer.Addr
+		}
+		cs.binlog.Log(logEntry)
+		cs.serverHeaderBinlogged = true
 	}
 	return m, err
 }
 
 func (cs *clientStream) Trailer() metadata.MD {
-	// TODO(retry): on error, maybe retry (trailers-only).
-	return cs.attempt.trailer()
+	// On RPC failure, we never need to retry, because usage requires that
+	// RecvMsg() returned a non-nil error before calling this function is valid.
+	// We would have retried earlier if necessary.
+	//
+	// Commit the attempt anyway, just in case users are not following those
+	// directions -- it will prevent races and should not meaningfully impact
+	// performance.
+	cs.commitAttempt()
+	if cs.attempt.s == nil {
+		return nil
+	}
+	return cs.attempt.s.Trailer()
+}
+
+func (cs *clientStream) replayBufferLocked() error {
+	a := cs.attempt
+	for _, f := range cs.buffer {
+		if err := f(a); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (cs *clientStream) bufferForRetryLocked(sz int, op func(a *csAttempt) error) {
+	// Note: we still will buffer if retry is disabled (for transparent retries).
+	if cs.committed {
+		return
+	}
+	cs.bufferSize += sz
+	if cs.bufferSize > cs.callInfo.maxRetryRPCBufferSize {
+		cs.commitAttemptLocked()
+		return
+	}
+	cs.buffer = append(cs.buffer, op)
 }
 
 func (cs *clientStream) SendMsg(m interface{}) (err error) {
-	// TODO(retry): buffer message for replaying if not committed.
-	return cs.attempt.sendMsg(m)
+	defer func() {
+		if err != nil && err != io.EOF {
+			// Call finish on the client stream for errors generated by this SendMsg
+			// call, as these indicate problems created by this client.  (Transport
+			// errors are converted to an io.EOF error in csAttempt.sendMsg; the real
+			// error will be returned from RecvMsg eventually in that case, or be
+			// retried.)
+			cs.finish(err)
+		}
+	}()
+	if cs.sentLast {
+		return status.Errorf(codes.Internal, "SendMsg called after CloseSend")
+	}
+	if !cs.desc.ClientStreams {
+		cs.sentLast = true
+	}
+
+	// load hdr, payload, data
+	hdr, payload, data, err := prepareMsg(m, cs.codec, cs.cp, cs.comp)
+	if err != nil {
+		return err
+	}
+
+	// TODO(dfawley): should we be checking len(data) instead?
+	if len(payload) > *cs.callInfo.maxSendMessageSize {
+		return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", len(payload), *cs.callInfo.maxSendMessageSize)
+	}
+	msgBytes := data // Store the pointer before setting to nil. For binary logging.
+	op := func(a *csAttempt) error {
+		err := a.sendMsg(m, hdr, payload, data)
+		// nil out the message and uncomp when replaying; they are only needed for
+		// stats which is disabled for subsequent attempts.
+		m, data = nil, nil
+		return err
+	}
+	err = cs.withRetry(op, func() { cs.bufferForRetryLocked(len(hdr)+len(payload), op) })
+	if cs.binlog != nil && err == nil {
+		cs.binlog.Log(&binarylog.ClientMessage{
+			OnClientSide: true,
+			Message:      msgBytes,
+		})
+	}
+	return
 }
 
-func (cs *clientStream) RecvMsg(m interface{}) (err error) {
-	// TODO(retry): maybe retry on error or commit attempt on success.
-	return cs.attempt.recvMsg(m)
+func (cs *clientStream) RecvMsg(m interface{}) error {
+	if cs.binlog != nil && !cs.serverHeaderBinlogged {
+		// Call Header() to binary log header if it's not already logged.
+		cs.Header()
+	}
+	var recvInfo *payloadInfo
+	if cs.binlog != nil {
+		recvInfo = &payloadInfo{}
+	}
+	err := cs.withRetry(func(a *csAttempt) error {
+		return a.recvMsg(m, recvInfo)
+	}, cs.commitAttemptLocked)
+	if cs.binlog != nil && err == nil {
+		cs.binlog.Log(&binarylog.ServerMessage{
+			OnClientSide: true,
+			Message:      recvInfo.uncompressedBytes,
+		})
+	}
+	if err != nil || !cs.desc.ServerStreams {
+		// err != nil or non-server-streaming indicates end of stream.
+		cs.finish(err)
+
+		if cs.binlog != nil {
+			// finish will not log Trailer. Log Trailer here.
+			logEntry := &binarylog.ServerTrailer{
+				OnClientSide: true,
+				Trailer:      cs.Trailer(),
+				Err:          err,
+			}
+			if logEntry.Err == io.EOF {
+				logEntry.Err = nil
+			}
+			if peer, ok := peer.FromContext(cs.Context()); ok {
+				logEntry.PeerAddr = peer.Addr
+			}
+			cs.binlog.Log(logEntry)
+		}
+	}
+	return err
 }
 
 func (cs *clientStream) CloseSend() error {
-	cs.attempt.closeSend()
+	if cs.sentLast {
+		// TODO: return an error and finish the stream instead, due to API misuse?
+		return nil
+	}
+	cs.sentLast = true
+	op := func(a *csAttempt) error {
+		a.t.Write(a.s, nil, nil, &transport.Options{Last: true})
+		// Always return nil; io.EOF is the only error that might make sense
+		// instead, but there is no need to signal the client to call RecvMsg
+		// as the only use left for the stream after CloseSend is to call
+		// RecvMsg.  This also matches historical behavior.
+		return nil
+	}
+	cs.withRetry(op, func() { cs.bufferForRetryLocked(0, op) })
+	if cs.binlog != nil {
+		cs.binlog.Log(&binarylog.ClientHalfClose{
+			OnClientSide: true,
+		})
+	}
+	// We never returned an error here for reasons.
 	return nil
 }
 
@@ -411,7 +799,21 @@ func (cs *clientStream) finish(err error) {
 		return
 	}
 	cs.finished = true
+	cs.commitAttemptLocked()
 	cs.mu.Unlock()
+	// For binary logging. only log cancel in finish (could be caused by RPC ctx
+	// canceled or ClientConn closed). Trailer will be logged in RecvMsg.
+	//
+	// Only one of cancel or trailer needs to be logged. In the cases where
+	// users don't call RecvMsg, users must have already canceled the RPC.
+	if cs.binlog != nil && status.Code(err) == codes.Canceled {
+		cs.binlog.Log(&binarylog.Cancel{
+			OnClientSide: true,
+		})
+	}
+	if err == nil {
+		cs.retryThrottler.successfulRPC()
+	}
 	if channelz.IsOn() {
 		if err != nil {
 			cs.cc.incrCallsFailed()
@@ -419,97 +821,51 @@ func (cs *clientStream) finish(err error) {
 			cs.cc.incrCallsSucceeded()
 		}
 	}
-	// TODO(retry): commit current attempt if necessary.
-	cs.attempt.finish(err)
-	for _, o := range cs.opts {
-		o.after(cs.c)
+	if cs.attempt != nil {
+		cs.attempt.finish(err)
+		// after functions all rely upon having a stream.
+		if cs.attempt.s != nil {
+			for _, o := range cs.opts {
+				o.after(cs.callInfo)
+			}
+		}
 	}
 	cs.cancel()
 }
 
-func (a *csAttempt) context() context.Context {
-	return a.s.Context()
-}
-
-func (a *csAttempt) header() (metadata.MD, error) {
-	return a.s.Header()
-}
-
-func (a *csAttempt) trailer() metadata.MD {
-	return a.s.Trailer()
-}
-
-func (a *csAttempt) sendMsg(m interface{}) (err error) {
-	// TODO Investigate how to signal the stats handling party.
-	// generate error stats if err != nil && err != io.EOF?
+func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
 	cs := a.cs
-	defer func() {
-		// For non-client-streaming RPCs, we return nil instead of EOF on success
-		// because the generated code requires it.  finish is not called; RecvMsg()
-		// will call it with the stream's status independently.
-		if err == io.EOF && !cs.desc.ClientStreams {
-			err = nil
-		}
-		if err != nil && err != io.EOF {
-			// Call finish on the client stream for errors generated by this SendMsg
-			// call, as these indicate problems created by this client.  (Transport
-			// errors are converted to an io.EOF error below; the real error will be
-			// returned from RecvMsg eventually in that case, or be retried.)
-			cs.finish(err)
-		}
-	}()
-	// TODO: Check cs.sentLast and error if we already ended the stream.
-	if EnableTracing {
+	if a.trInfo != nil {
 		a.mu.Lock()
 		if a.trInfo.tr != nil {
 			a.trInfo.tr.LazyLog(&payload{sent: true, msg: m}, true)
 		}
 		a.mu.Unlock()
 	}
-	var outPayload *stats.OutPayload
-	if a.statsHandler != nil {
-		outPayload = &stats.OutPayload{
-			Client: true,
+	if err := a.t.Write(a.s, hdr, payld, &transport.Options{Last: !cs.desc.ClientStreams}); err != nil {
+		if !cs.desc.ClientStreams {
+			// For non-client-streaming RPCs, we return nil instead of EOF on error
+			// because the generated code requires it.  finish is not called; RecvMsg()
+			// will call it with the stream's status independently.
+			return nil
 		}
+		return io.EOF
 	}
-	hdr, data, err := encode(cs.codec, m, cs.cp, outPayload, cs.comp)
-	if err != nil {
-		return err
-	}
-	if len(data) > *cs.c.maxSendMessageSize {
-		return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", len(data), *cs.c.maxSendMessageSize)
-	}
-	if !cs.desc.ClientStreams {
-		cs.sentLast = true
+	if a.statsHandler != nil {
+		a.statsHandler.HandleRPC(cs.ctx, outPayload(true, m, data, payld, time.Now()))
 	}
-	err = a.t.Write(a.s, hdr, data, &transport.Options{Last: !cs.desc.ClientStreams})
-	if err == nil {
-		if outPayload != nil {
-			outPayload.SentTime = time.Now()
-			a.statsHandler.HandleRPC(a.ctx, outPayload)
-		}
-		if channelz.IsOn() {
-			a.t.IncrMsgSent()
-		}
-		return nil
+	if channelz.IsOn() {
+		a.t.IncrMsgSent()
 	}
-	return io.EOF
+	return nil
 }
 
-func (a *csAttempt) recvMsg(m interface{}) (err error) {
+func (a *csAttempt) recvMsg(m interface{}, payInfo *payloadInfo) (err error) {
 	cs := a.cs
-	defer func() {
-		if err != nil || !cs.desc.ServerStreams {
-			// err != nil or non-server-streaming indicates end of stream.
-			cs.finish(err)
-		}
-	}()
-	var inPayload *stats.InPayload
-	if a.statsHandler != nil {
-		inPayload = &stats.InPayload{
-			Client: true,
-		}
+	if a.statsHandler != nil && payInfo == nil {
+		payInfo = &payloadInfo{}
 	}
+
 	if !a.decompSet {
 		// Block until we receive headers containing received message encoding.
 		if ct := a.s.RecvCompress(); ct != "" && ct != encoding.Identity {
@@ -526,7 +882,7 @@ func (a *csAttempt) recvMsg(m interface{}) (err error) {
 		// Only initialize this state once per stream.
 		a.decompSet = true
 	}
-	err = recv(a.p, cs.codec, a.s, a.dc, m, *cs.c.maxReceiveMessageSize, inPayload, a.decomp)
+	err = recv(a.p, cs.codec, a.s, a.dc, m, *cs.callInfo.maxReceiveMessageSize, payInfo, a.decomp)
 	if err != nil {
 		if err == io.EOF {
 			if statusErr := a.s.Status().Err(); statusErr != nil {
@@ -536,15 +892,23 @@ func (a *csAttempt) recvMsg(m interface{}) (err error) {
 		}
 		return toRPCErr(err)
 	}
-	if EnableTracing {
+	if a.trInfo != nil {
 		a.mu.Lock()
 		if a.trInfo.tr != nil {
 			a.trInfo.tr.LazyLog(&payload{sent: false, msg: m}, true)
 		}
 		a.mu.Unlock()
 	}
-	if inPayload != nil {
-		a.statsHandler.HandleRPC(a.ctx, inPayload)
+	if a.statsHandler != nil {
+		a.statsHandler.HandleRPC(cs.ctx, &stats.InPayload{
+			Client:   true,
+			RecvTime: time.Now(),
+			Payload:  m,
+			// TODO truncate large payload.
+			Data:       payInfo.uncompressedBytes,
+			WireLength: payInfo.wireLength,
+			Length:     len(payInfo.uncompressedBytes),
+		})
 	}
 	if channelz.IsOn() {
 		a.t.IncrMsgRecv()
@@ -553,10 +917,9 @@ func (a *csAttempt) recvMsg(m interface{}) (err error) {
 		// Subsequent messages should be received by subsequent RecvMsg calls.
 		return nil
 	}
-
 	// Special handling for non-server-stream rpcs.
 	// This recv expects EOF or errors, so we don't collect inPayload.
-	err = recv(a.p, cs.codec, a.s, a.dc, m, *cs.c.maxReceiveMessageSize, nil, a.decomp)
+	err = recv(a.p, cs.codec, a.s, a.dc, m, *cs.callInfo.maxReceiveMessageSize, nil, a.decomp)
 	if err == nil {
 		return toRPCErr(errors.New("grpc: client streaming protocol violation: get <nil>, want <EOF>"))
 	}
@@ -566,39 +929,47 @@ func (a *csAttempt) recvMsg(m interface{}) (err error) {
 	return toRPCErr(err)
 }
 
-func (a *csAttempt) closeSend() {
-	cs := a.cs
-	if cs.sentLast {
-		return
-	}
-	cs.sentLast = true
-	cs.attempt.t.Write(cs.attempt.s, nil, nil, &transport.Options{Last: true})
-	// We ignore errors from Write.  Any error it would return would also be
-	// returned by a subsequent RecvMsg call, and the user is supposed to always
-	// finish the stream by calling RecvMsg until it returns err != nil.
-}
-
 func (a *csAttempt) finish(err error) {
 	a.mu.Lock()
-	a.t.CloseStream(a.s, err)
+	if a.finished {
+		a.mu.Unlock()
+		return
+	}
+	a.finished = true
+	if err == io.EOF {
+		// Ending a stream with EOF indicates a success.
+		err = nil
+	}
+	var tr metadata.MD
+	if a.s != nil {
+		a.t.CloseStream(a.s, err)
+		tr = a.s.Trailer()
+	}
 
 	if a.done != nil {
+		br := false
+		if a.s != nil {
+			br = a.s.BytesReceived()
+		}
 		a.done(balancer.DoneInfo{
 			Err:           err,
-			BytesSent:     true,
-			BytesReceived: a.s.BytesReceived(),
+			Trailer:       tr,
+			BytesSent:     a.s != nil,
+			BytesReceived: br,
+			ServerLoad:    balancerload.Parse(tr),
 		})
 	}
 	if a.statsHandler != nil {
 		end := &stats.End{
 			Client:    true,
-			BeginTime: a.beginTime,
+			BeginTime: a.cs.beginTime,
 			EndTime:   time.Now(),
+			Trailer:   tr,
 			Error:     err,
 		}
-		a.statsHandler.HandleRPC(a.ctx, end)
+		a.statsHandler.HandleRPC(a.cs.ctx, end)
 	}
-	if a.trInfo.tr != nil {
+	if a.trInfo != nil && a.trInfo.tr != nil {
 		if err == nil {
 			a.trInfo.tr.LazyPrintf("RPC: [OK]")
 		} else {
@@ -611,7 +982,299 @@ func (a *csAttempt) finish(err error) {
 	a.mu.Unlock()
 }
 
-// ServerStream defines the interface a server stream has to satisfy.
+// newClientStream creates a ClientStream with the specified transport, on the
+// given addrConn.
+//
+// It's expected that the given transport is either the same one in addrConn, or
+// is already closed. To avoid race, transport is specified separately, instead
+// of using ac.transpot.
+//
+// Main difference between this and ClientConn.NewStream:
+// - no retry
+// - no service config (or wait for service config)
+// - no tracing or stats
+func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method string, t transport.ClientTransport, ac *addrConn, opts ...CallOption) (_ ClientStream, err error) {
+	if t == nil {
+		// TODO: return RPC error here?
+		return nil, errors.New("transport provided is nil")
+	}
+	// defaultCallInfo contains unnecessary info(i.e. failfast, maxRetryRPCBufferSize), so we just initialize an empty struct.
+	c := &callInfo{}
+
+	// Possible context leak:
+	// The cancel function for the child context we create will only be called
+	// when RecvMsg returns a non-nil error, if the ClientConn is closed, or if
+	// an error is generated by SendMsg.
+	// https://github.com/grpc/grpc-go/issues/1818.
+	ctx, cancel := context.WithCancel(ctx)
+	defer func() {
+		if err != nil {
+			cancel()
+		}
+	}()
+
+	for _, o := range opts {
+		if err := o.before(c); err != nil {
+			return nil, toRPCErr(err)
+		}
+	}
+	c.maxReceiveMessageSize = getMaxSize(nil, c.maxReceiveMessageSize, defaultClientMaxReceiveMessageSize)
+	c.maxSendMessageSize = getMaxSize(nil, c.maxSendMessageSize, defaultServerMaxSendMessageSize)
+	if err := setCallInfoCodec(c); err != nil {
+		return nil, err
+	}
+
+	callHdr := &transport.CallHdr{
+		Host:           ac.cc.authority,
+		Method:         method,
+		ContentSubtype: c.contentSubtype,
+	}
+
+	// Set our outgoing compression according to the UseCompressor CallOption, if
+	// set.  In that case, also find the compressor from the encoding package.
+	// Otherwise, use the compressor configured by the WithCompressor DialOption,
+	// if set.
+	var cp Compressor
+	var comp encoding.Compressor
+	if ct := c.compressorType; ct != "" {
+		callHdr.SendCompress = ct
+		if ct != encoding.Identity {
+			comp = encoding.GetCompressor(ct)
+			if comp == nil {
+				return nil, status.Errorf(codes.Internal, "grpc: Compressor is not installed for requested grpc-encoding %q", ct)
+			}
+		}
+	} else if ac.cc.dopts.cp != nil {
+		callHdr.SendCompress = ac.cc.dopts.cp.Type()
+		cp = ac.cc.dopts.cp
+	}
+	if c.creds != nil {
+		callHdr.Creds = c.creds
+	}
+
+	// Use a special addrConnStream to avoid retry.
+	as := &addrConnStream{
+		callHdr:  callHdr,
+		ac:       ac,
+		ctx:      ctx,
+		cancel:   cancel,
+		opts:     opts,
+		callInfo: c,
+		desc:     desc,
+		codec:    c.codec,
+		cp:       cp,
+		comp:     comp,
+		t:        t,
+	}
+
+	as.callInfo.stream = as
+	s, err := as.t.NewStream(as.ctx, as.callHdr)
+	if err != nil {
+		err = toRPCErr(err)
+		return nil, err
+	}
+	as.s = s
+	as.p = &parser{r: s}
+	ac.incrCallsStarted()
+	if desc != unaryStreamDesc {
+		// Listen on cc and stream contexts to cleanup when the user closes the
+		// ClientConn or cancels the stream context.  In all other cases, an error
+		// should already be injected into the recv buffer by the transport, which
+		// the client will eventually receive, and then we will cancel the stream's
+		// context in clientStream.finish.
+		go func() {
+			select {
+			case <-ac.ctx.Done():
+				as.finish(status.Error(codes.Canceled, "grpc: the SubConn is closing"))
+			case <-ctx.Done():
+				as.finish(toRPCErr(ctx.Err()))
+			}
+		}()
+	}
+	return as, nil
+}
+
+type addrConnStream struct {
+	s         *transport.Stream
+	ac        *addrConn
+	callHdr   *transport.CallHdr
+	cancel    context.CancelFunc
+	opts      []CallOption
+	callInfo  *callInfo
+	t         transport.ClientTransport
+	ctx       context.Context
+	sentLast  bool
+	desc      *StreamDesc
+	codec     baseCodec
+	cp        Compressor
+	comp      encoding.Compressor
+	decompSet bool
+	dc        Decompressor
+	decomp    encoding.Compressor
+	p         *parser
+	mu        sync.Mutex
+	finished  bool
+}
+
+func (as *addrConnStream) Header() (metadata.MD, error) {
+	m, err := as.s.Header()
+	if err != nil {
+		as.finish(toRPCErr(err))
+	}
+	return m, err
+}
+
+func (as *addrConnStream) Trailer() metadata.MD {
+	return as.s.Trailer()
+}
+
+func (as *addrConnStream) CloseSend() error {
+	if as.sentLast {
+		// TODO: return an error and finish the stream instead, due to API misuse?
+		return nil
+	}
+	as.sentLast = true
+
+	as.t.Write(as.s, nil, nil, &transport.Options{Last: true})
+	// Always return nil; io.EOF is the only error that might make sense
+	// instead, but there is no need to signal the client to call RecvMsg
+	// as the only use left for the stream after CloseSend is to call
+	// RecvMsg.  This also matches historical behavior.
+	return nil
+}
+
+func (as *addrConnStream) Context() context.Context {
+	return as.s.Context()
+}
+
+func (as *addrConnStream) SendMsg(m interface{}) (err error) {
+	defer func() {
+		if err != nil && err != io.EOF {
+			// Call finish on the client stream for errors generated by this SendMsg
+			// call, as these indicate problems created by this client.  (Transport
+			// errors are converted to an io.EOF error in csAttempt.sendMsg; the real
+			// error will be returned from RecvMsg eventually in that case, or be
+			// retried.)
+			as.finish(err)
+		}
+	}()
+	if as.sentLast {
+		return status.Errorf(codes.Internal, "SendMsg called after CloseSend")
+	}
+	if !as.desc.ClientStreams {
+		as.sentLast = true
+	}
+
+	// load hdr, payload, data
+	hdr, payld, _, err := prepareMsg(m, as.codec, as.cp, as.comp)
+	if err != nil {
+		return err
+	}
+
+	// TODO(dfawley): should we be checking len(data) instead?
+	if len(payld) > *as.callInfo.maxSendMessageSize {
+		return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", len(payld), *as.callInfo.maxSendMessageSize)
+	}
+
+	if err := as.t.Write(as.s, hdr, payld, &transport.Options{Last: !as.desc.ClientStreams}); err != nil {
+		if !as.desc.ClientStreams {
+			// For non-client-streaming RPCs, we return nil instead of EOF on error
+			// because the generated code requires it.  finish is not called; RecvMsg()
+			// will call it with the stream's status independently.
+			return nil
+		}
+		return io.EOF
+	}
+
+	if channelz.IsOn() {
+		as.t.IncrMsgSent()
+	}
+	return nil
+}
+
+func (as *addrConnStream) RecvMsg(m interface{}) (err error) {
+	defer func() {
+		if err != nil || !as.desc.ServerStreams {
+			// err != nil or non-server-streaming indicates end of stream.
+			as.finish(err)
+		}
+	}()
+
+	if !as.decompSet {
+		// Block until we receive headers containing received message encoding.
+		if ct := as.s.RecvCompress(); ct != "" && ct != encoding.Identity {
+			if as.dc == nil || as.dc.Type() != ct {
+				// No configured decompressor, or it does not match the incoming
+				// message encoding; attempt to find a registered compressor that does.
+				as.dc = nil
+				as.decomp = encoding.GetCompressor(ct)
+			}
+		} else {
+			// No compression is used; disable our decompressor.
+			as.dc = nil
+		}
+		// Only initialize this state once per stream.
+		as.decompSet = true
+	}
+	err = recv(as.p, as.codec, as.s, as.dc, m, *as.callInfo.maxReceiveMessageSize, nil, as.decomp)
+	if err != nil {
+		if err == io.EOF {
+			if statusErr := as.s.Status().Err(); statusErr != nil {
+				return statusErr
+			}
+			return io.EOF // indicates successful end of stream.
+		}
+		return toRPCErr(err)
+	}
+
+	if channelz.IsOn() {
+		as.t.IncrMsgRecv()
+	}
+	if as.desc.ServerStreams {
+		// Subsequent messages should be received by subsequent RecvMsg calls.
+		return nil
+	}
+
+	// Special handling for non-server-stream rpcs.
+	// This recv expects EOF or errors, so we don't collect inPayload.
+	err = recv(as.p, as.codec, as.s, as.dc, m, *as.callInfo.maxReceiveMessageSize, nil, as.decomp)
+	if err == nil {
+		return toRPCErr(errors.New("grpc: client streaming protocol violation: get <nil>, want <EOF>"))
+	}
+	if err == io.EOF {
+		return as.s.Status().Err() // non-server streaming Recv returns nil on success
+	}
+	return toRPCErr(err)
+}
+
+func (as *addrConnStream) finish(err error) {
+	as.mu.Lock()
+	if as.finished {
+		as.mu.Unlock()
+		return
+	}
+	as.finished = true
+	if err == io.EOF {
+		// Ending a stream with EOF indicates a success.
+		err = nil
+	}
+	if as.s != nil {
+		as.t.CloseStream(as.s, err)
+	}
+
+	if err != nil {
+		as.ac.incrCallsFailed()
+	} else {
+		as.ac.incrCallsSucceeded()
+	}
+	as.cancel()
+	as.mu.Unlock()
+}
+
+// ServerStream defines the server-side behavior of a streaming RPC.
+//
+// All errors returned from ServerStream methods are compatible with the
+// status package.
 type ServerStream interface {
 	// SetHeader sets the header metadata. It may be called multiple times.
 	// When call multiple times, all the provided metadata will be merged.
@@ -627,7 +1290,32 @@ type ServerStream interface {
 	// SetTrailer sets the trailer metadata which will be sent with the RPC status.
 	// When called more than once, all the provided metadata will be merged.
 	SetTrailer(metadata.MD)
-	Stream
+	// Context returns the context for this stream.
+	Context() context.Context
+	// SendMsg sends a message. On error, SendMsg aborts the stream and the
+	// error is returned directly.
+	//
+	// SendMsg blocks until:
+	//   - There is sufficient flow control to schedule m with the transport, or
+	//   - The stream is done, or
+	//   - The stream breaks.
+	//
+	// SendMsg does not wait until the message is received by the client. An
+	// untimely stream closure may result in lost messages.
+	//
+	// It is safe to have a goroutine calling SendMsg and another goroutine
+	// calling RecvMsg on the same stream at the same time, but it is not safe
+	// to call SendMsg on the same stream in different goroutines.
+	SendMsg(m interface{}) error
+	// RecvMsg blocks until it receives a message into m or the stream is
+	// done. It returns io.EOF when the client has performed a CloseSend. On
+	// any non-EOF error, the stream is aborted and the error contains the
+	// RPC status.
+	//
+	// It is safe to have a goroutine calling SendMsg and another goroutine
+	// calling RecvMsg on the same stream at the same time, but it is not
+	// safe to call RecvMsg on the same stream in different goroutines.
+	RecvMsg(m interface{}) error
 }
 
 // serverStream implements a server side Stream.
@@ -649,6 +1337,15 @@ type serverStream struct {
 
 	statsHandler stats.Handler
 
+	binlog *binarylog.MethodLogger
+	// serverHeaderBinlogged indicates whether server header has been logged. It
+	// will happen when one of the following two happens: stream.SendHeader(),
+	// stream.Send().
+	//
+	// It's only checked in send and sendHeader, doesn't need to be
+	// synchronized.
+	serverHeaderBinlogged bool
+
 	mu sync.Mutex // protects trInfo.tr after the service handler runs.
 }
 
@@ -664,7 +1361,15 @@ func (ss *serverStream) SetHeader(md metadata.MD) error {
 }
 
 func (ss *serverStream) SendHeader(md metadata.MD) error {
-	return ss.t.WriteHeader(ss.s, md)
+	err := ss.t.WriteHeader(ss.s, md)
+	if ss.binlog != nil && !ss.serverHeaderBinlogged {
+		h, _ := ss.s.Header()
+		ss.binlog.Log(&binarylog.ServerHeader{
+			Header: h,
+		})
+		ss.serverHeaderBinlogged = true
+	}
+	return err
 }
 
 func (ss *serverStream) SetTrailer(md metadata.MD) {
@@ -691,28 +1396,45 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 		if err != nil && err != io.EOF {
 			st, _ := status.FromError(toRPCErr(err))
 			ss.t.WriteStatus(ss.s, st)
+			// Non-user specified status was sent out. This should be an error
+			// case (as a server side Cancel maybe).
+			//
+			// This is not handled specifically now. User will return a final
+			// status from the service handler, we will log that error instead.
+			// This behavior is similar to an interceptor.
 		}
 		if channelz.IsOn() && err == nil {
 			ss.t.IncrMsgSent()
 		}
 	}()
-	var outPayload *stats.OutPayload
-	if ss.statsHandler != nil {
-		outPayload = &stats.OutPayload{}
-	}
-	hdr, data, err := encode(ss.codec, m, ss.cp, outPayload, ss.comp)
+
+	// load hdr, payload, data
+	hdr, payload, data, err := prepareMsg(m, ss.codec, ss.cp, ss.comp)
 	if err != nil {
 		return err
 	}
-	if len(data) > ss.maxSendMessageSize {
-		return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", len(data), ss.maxSendMessageSize)
+
+	// TODO(dfawley): should we be checking len(data) instead?
+	if len(payload) > ss.maxSendMessageSize {
+		return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", len(payload), ss.maxSendMessageSize)
 	}
-	if err := ss.t.Write(ss.s, hdr, data, &transport.Options{Last: false}); err != nil {
+	if err := ss.t.Write(ss.s, hdr, payload, &transport.Options{Last: false}); err != nil {
 		return toRPCErr(err)
 	}
-	if outPayload != nil {
-		outPayload.SentTime = time.Now()
-		ss.statsHandler.HandleRPC(ss.s.Context(), outPayload)
+	if ss.binlog != nil {
+		if !ss.serverHeaderBinlogged {
+			h, _ := ss.s.Header()
+			ss.binlog.Log(&binarylog.ServerHeader{
+				Header: h,
+			})
+			ss.serverHeaderBinlogged = true
+		}
+		ss.binlog.Log(&binarylog.ServerMessage{
+			Message: data,
+		})
+	}
+	if ss.statsHandler != nil {
+		ss.statsHandler.HandleRPC(ss.s.Context(), outPayload(false, m, data, payload, time.Now()))
 	}
 	return nil
 }
@@ -734,17 +1456,26 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 		if err != nil && err != io.EOF {
 			st, _ := status.FromError(toRPCErr(err))
 			ss.t.WriteStatus(ss.s, st)
+			// Non-user specified status was sent out. This should be an error
+			// case (as a server side Cancel maybe).
+			//
+			// This is not handled specifically now. User will return a final
+			// status from the service handler, we will log that error instead.
+			// This behavior is similar to an interceptor.
 		}
 		if channelz.IsOn() && err == nil {
 			ss.t.IncrMsgRecv()
 		}
 	}()
-	var inPayload *stats.InPayload
-	if ss.statsHandler != nil {
-		inPayload = &stats.InPayload{}
+	var payInfo *payloadInfo
+	if ss.statsHandler != nil || ss.binlog != nil {
+		payInfo = &payloadInfo{}
 	}
-	if err := recv(ss.p, ss.codec, ss.s, ss.dc, m, ss.maxReceiveMessageSize, inPayload, ss.decomp); err != nil {
+	if err := recv(ss.p, ss.codec, ss.s, ss.dc, m, ss.maxReceiveMessageSize, payInfo, ss.decomp); err != nil {
 		if err == io.EOF {
+			if ss.binlog != nil {
+				ss.binlog.Log(&binarylog.ClientHalfClose{})
+			}
 			return err
 		}
 		if err == io.ErrUnexpectedEOF {
@@ -752,8 +1483,20 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 		}
 		return toRPCErr(err)
 	}
-	if inPayload != nil {
-		ss.statsHandler.HandleRPC(ss.s.Context(), inPayload)
+	if ss.statsHandler != nil {
+		ss.statsHandler.HandleRPC(ss.s.Context(), &stats.InPayload{
+			RecvTime: time.Now(),
+			Payload:  m,
+			// TODO truncate large payload.
+			Data:       payInfo.uncompressedBytes,
+			WireLength: payInfo.wireLength,
+			Length:     len(payInfo.uncompressedBytes),
+		})
+	}
+	if ss.binlog != nil {
+		ss.binlog.Log(&binarylog.ClientMessage{
+			Message: payInfo.uncompressedBytes,
+		})
 	}
 	return nil
 }
@@ -763,3 +1506,24 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 func MethodFromServerStream(stream ServerStream) (string, bool) {
 	return Method(stream.Context())
 }
+
+// prepareMsg returns the hdr, payload and data
+// using the compressors passed or using the
+// passed preparedmsg
+func prepareMsg(m interface{}, codec baseCodec, cp Compressor, comp encoding.Compressor) (hdr, payload, data []byte, err error) {
+	if preparedMsg, ok := m.(*PreparedMsg); ok {
+		return preparedMsg.hdr, preparedMsg.payload, preparedMsg.encodedData, nil
+	}
+	// The input interface is not a prepared msg.
+	// Marshal and Compress the data at this point
+	data, err = encode(codec, m)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	compData, err := compress(data, cp, comp)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	hdr, payload = msgHeader(data, compData)
+	return hdr, payload, data, nil
+}
diff --git a/vendor/google.golang.org/grpc/tap/tap.go b/vendor/google.golang.org/grpc/tap/tap.go
index 22b8fb50dea5e..584360f681b81 100644
--- a/vendor/google.golang.org/grpc/tap/tap.go
+++ b/vendor/google.golang.org/grpc/tap/tap.go
@@ -21,7 +21,7 @@
 package tap
 
 import (
-	"golang.org/x/net/context"
+	"context"
 )
 
 // Info defines the relevant information needed by the handles.
diff --git a/vendor/google.golang.org/grpc/trace.go b/vendor/google.golang.org/grpc/trace.go
index c1c96dedcb757..07a2d26b3e77d 100644
--- a/vendor/google.golang.org/grpc/trace.go
+++ b/vendor/google.golang.org/grpc/trace.go
@@ -24,6 +24,7 @@ import (
 	"io"
 	"net"
 	"strings"
+	"sync"
 	"time"
 
 	"golang.org/x/net/trace"
@@ -40,9 +41,6 @@ func methodFamily(m string) string {
 	if i := strings.Index(m, "/"); i >= 0 {
 		m = m[:i] // remove everything from second slash
 	}
-	if i := strings.LastIndex(m, "."); i >= 0 {
-		m = m[i+1:] // cut down to last dotted component
-	}
 	return m
 }
 
@@ -53,13 +51,25 @@ type traceInfo struct {
 }
 
 // firstLine is the first line of an RPC trace.
+// It may be mutated after construction; remoteAddr specifically may change
+// during client-side use.
 type firstLine struct {
+	mu         sync.Mutex
 	client     bool // whether this is a client (outgoing) RPC
 	remoteAddr net.Addr
 	deadline   time.Duration // may be zero
 }
 
+func (f *firstLine) SetRemoteAddr(addr net.Addr) {
+	f.mu.Lock()
+	f.remoteAddr = addr
+	f.mu.Unlock()
+}
+
 func (f *firstLine) String() string {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
 	var line bytes.Buffer
 	io.WriteString(&line, "RPC: ")
 	if f.client {
diff --git a/vendor/google.golang.org/grpc/transport/controlbuf.go b/vendor/google.golang.org/grpc/transport/controlbuf.go
deleted file mode 100644
index e147cd51bf197..0000000000000
--- a/vendor/google.golang.org/grpc/transport/controlbuf.go
+++ /dev/null
@@ -1,769 +0,0 @@
-/*
- *
- * Copyright 2014 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package transport
-
-import (
-	"bytes"
-	"fmt"
-	"runtime"
-	"sync"
-
-	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/hpack"
-)
-
-type itemNode struct {
-	it   interface{}
-	next *itemNode
-}
-
-type itemList struct {
-	head *itemNode
-	tail *itemNode
-}
-
-func (il *itemList) enqueue(i interface{}) {
-	n := &itemNode{it: i}
-	if il.tail == nil {
-		il.head, il.tail = n, n
-		return
-	}
-	il.tail.next = n
-	il.tail = n
-}
-
-// peek returns the first item in the list without removing it from the
-// list.
-func (il *itemList) peek() interface{} {
-	return il.head.it
-}
-
-func (il *itemList) dequeue() interface{} {
-	if il.head == nil {
-		return nil
-	}
-	i := il.head.it
-	il.head = il.head.next
-	if il.head == nil {
-		il.tail = nil
-	}
-	return i
-}
-
-func (il *itemList) dequeueAll() *itemNode {
-	h := il.head
-	il.head, il.tail = nil, nil
-	return h
-}
-
-func (il *itemList) isEmpty() bool {
-	return il.head == nil
-}
-
-// The following defines various control items which could flow through
-// the control buffer of transport. They represent different aspects of
-// control tasks, e.g., flow control, settings, streaming resetting, etc.
-
-type headerFrame struct {
-	streamID   uint32
-	hf         []hpack.HeaderField
-	endStream  bool                       // Valid on server side.
-	initStream func(uint32) (bool, error) // Used only on the client side.
-	onWrite    func()
-	wq         *writeQuota    // write quota for the stream created.
-	cleanup    *cleanupStream // Valid on the server side.
-	onOrphaned func(error)    // Valid on client-side
-}
-
-type cleanupStream struct {
-	streamID uint32
-	idPtr    *uint32
-	rst      bool
-	rstCode  http2.ErrCode
-	onWrite  func()
-}
-
-type dataFrame struct {
-	streamID  uint32
-	endStream bool
-	h         []byte
-	d         []byte
-	// onEachWrite is called every time
-	// a part of d is written out.
-	onEachWrite func()
-}
-
-type incomingWindowUpdate struct {
-	streamID  uint32
-	increment uint32
-}
-
-type outgoingWindowUpdate struct {
-	streamID  uint32
-	increment uint32
-}
-
-type incomingSettings struct {
-	ss []http2.Setting
-}
-
-type outgoingSettings struct {
-	ss []http2.Setting
-}
-
-type settingsAck struct {
-}
-
-type incomingGoAway struct {
-}
-
-type goAway struct {
-	code      http2.ErrCode
-	debugData []byte
-	headsUp   bool
-	closeConn bool
-}
-
-type ping struct {
-	ack  bool
-	data [8]byte
-}
-
-type outFlowControlSizeRequest struct {
-	resp chan uint32
-}
-
-type outStreamState int
-
-const (
-	active outStreamState = iota
-	empty
-	waitingOnStreamQuota
-)
-
-type outStream struct {
-	id               uint32
-	state            outStreamState
-	itl              *itemList
-	bytesOutStanding int
-	wq               *writeQuota
-
-	next *outStream
-	prev *outStream
-}
-
-func (s *outStream) deleteSelf() {
-	if s.prev != nil {
-		s.prev.next = s.next
-	}
-	if s.next != nil {
-		s.next.prev = s.prev
-	}
-	s.next, s.prev = nil, nil
-}
-
-type outStreamList struct {
-	// Following are sentinel objects that mark the
-	// beginning and end of the list. They do not
-	// contain any item lists. All valid objects are
-	// inserted in between them.
-	// This is needed so that an outStream object can
-	// deleteSelf() in O(1) time without knowing which
-	// list it belongs to.
-	head *outStream
-	tail *outStream
-}
-
-func newOutStreamList() *outStreamList {
-	head, tail := new(outStream), new(outStream)
-	head.next = tail
-	tail.prev = head
-	return &outStreamList{
-		head: head,
-		tail: tail,
-	}
-}
-
-func (l *outStreamList) enqueue(s *outStream) {
-	e := l.tail.prev
-	e.next = s
-	s.prev = e
-	s.next = l.tail
-	l.tail.prev = s
-}
-
-// remove from the beginning of the list.
-func (l *outStreamList) dequeue() *outStream {
-	b := l.head.next
-	if b == l.tail {
-		return nil
-	}
-	b.deleteSelf()
-	return b
-}
-
-type controlBuffer struct {
-	ch              chan struct{}
-	done            <-chan struct{}
-	mu              sync.Mutex
-	consumerWaiting bool
-	list            *itemList
-	err             error
-}
-
-func newControlBuffer(done <-chan struct{}) *controlBuffer {
-	return &controlBuffer{
-		ch:   make(chan struct{}, 1),
-		list: &itemList{},
-		done: done,
-	}
-}
-
-func (c *controlBuffer) put(it interface{}) error {
-	_, err := c.executeAndPut(nil, it)
-	return err
-}
-
-func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it interface{}) (bool, error) {
-	var wakeUp bool
-	c.mu.Lock()
-	if c.err != nil {
-		c.mu.Unlock()
-		return false, c.err
-	}
-	if f != nil {
-		if !f(it) { // f wasn't successful
-			c.mu.Unlock()
-			return false, nil
-		}
-	}
-	if c.consumerWaiting {
-		wakeUp = true
-		c.consumerWaiting = false
-	}
-	c.list.enqueue(it)
-	c.mu.Unlock()
-	if wakeUp {
-		select {
-		case c.ch <- struct{}{}:
-		default:
-		}
-	}
-	return true, nil
-}
-
-func (c *controlBuffer) get(block bool) (interface{}, error) {
-	for {
-		c.mu.Lock()
-		if c.err != nil {
-			c.mu.Unlock()
-			return nil, c.err
-		}
-		if !c.list.isEmpty() {
-			h := c.list.dequeue()
-			c.mu.Unlock()
-			return h, nil
-		}
-		if !block {
-			c.mu.Unlock()
-			return nil, nil
-		}
-		c.consumerWaiting = true
-		c.mu.Unlock()
-		select {
-		case <-c.ch:
-		case <-c.done:
-			c.finish()
-			return nil, ErrConnClosing
-		}
-	}
-}
-
-func (c *controlBuffer) finish() {
-	c.mu.Lock()
-	if c.err != nil {
-		c.mu.Unlock()
-		return
-	}
-	c.err = ErrConnClosing
-	// There may be headers for streams in the control buffer.
-	// These streams need to be cleaned out since the transport
-	// is still not aware of these yet.
-	for head := c.list.dequeueAll(); head != nil; head = head.next {
-		hdr, ok := head.it.(*headerFrame)
-		if !ok {
-			continue
-		}
-		if hdr.onOrphaned != nil { // It will be nil on the server-side.
-			hdr.onOrphaned(ErrConnClosing)
-		}
-	}
-	c.mu.Unlock()
-}
-
-type side int
-
-const (
-	clientSide side = iota
-	serverSide
-)
-
-type loopyWriter struct {
-	side          side
-	cbuf          *controlBuffer
-	sendQuota     uint32
-	oiws          uint32                // outbound initial window size.
-	estdStreams   map[uint32]*outStream // Established streams.
-	activeStreams *outStreamList        // Streams that are sending data.
-	framer        *framer
-	hBuf          *bytes.Buffer  // The buffer for HPACK encoding.
-	hEnc          *hpack.Encoder // HPACK encoder.
-	bdpEst        *bdpEstimator
-	draining      bool
-
-	// Side-specific handlers
-	ssGoAwayHandler func(*goAway) (bool, error)
-}
-
-func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator) *loopyWriter {
-	var buf bytes.Buffer
-	l := &loopyWriter{
-		side:          s,
-		cbuf:          cbuf,
-		sendQuota:     defaultWindowSize,
-		oiws:          defaultWindowSize,
-		estdStreams:   make(map[uint32]*outStream),
-		activeStreams: newOutStreamList(),
-		framer:        fr,
-		hBuf:          &buf,
-		hEnc:          hpack.NewEncoder(&buf),
-		bdpEst:        bdpEst,
-	}
-	return l
-}
-
-const minBatchSize = 1000
-
-// run should be run in a separate goroutine.
-func (l *loopyWriter) run() {
-	var (
-		it      interface{}
-		err     error
-		isEmpty bool
-	)
-	defer func() {
-		errorf("transport: loopyWriter.run returning. Err: %v", err)
-	}()
-	for {
-		it, err = l.cbuf.get(true)
-		if err != nil {
-			return
-		}
-		if err = l.handle(it); err != nil {
-			return
-		}
-		if _, err = l.processData(); err != nil {
-			return
-		}
-		gosched := true
-	hasdata:
-		for {
-			it, err = l.cbuf.get(false)
-			if err != nil {
-				return
-			}
-			if it != nil {
-				if err = l.handle(it); err != nil {
-					return
-				}
-				if _, err = l.processData(); err != nil {
-					return
-				}
-				continue hasdata
-			}
-			if isEmpty, err = l.processData(); err != nil {
-				return
-			}
-			if !isEmpty {
-				continue hasdata
-			}
-			if gosched {
-				gosched = false
-				if l.framer.writer.offset < minBatchSize {
-					runtime.Gosched()
-					continue hasdata
-				}
-			}
-			l.framer.writer.Flush()
-			break hasdata
-
-		}
-	}
-}
-
-func (l *loopyWriter) outgoingWindowUpdateHandler(w *outgoingWindowUpdate) error {
-	return l.framer.fr.WriteWindowUpdate(w.streamID, w.increment)
-}
-
-func (l *loopyWriter) incomingWindowUpdateHandler(w *incomingWindowUpdate) error {
-	// Otherwise update the quota.
-	if w.streamID == 0 {
-		l.sendQuota += w.increment
-		return nil
-	}
-	// Find the stream and update it.
-	if str, ok := l.estdStreams[w.streamID]; ok {
-		str.bytesOutStanding -= int(w.increment)
-		if strQuota := int(l.oiws) - str.bytesOutStanding; strQuota > 0 && str.state == waitingOnStreamQuota {
-			str.state = active
-			l.activeStreams.enqueue(str)
-			return nil
-		}
-	}
-	return nil
-}
-
-func (l *loopyWriter) outgoingSettingsHandler(s *outgoingSettings) error {
-	return l.framer.fr.WriteSettings(s.ss...)
-}
-
-func (l *loopyWriter) incomingSettingsHandler(s *incomingSettings) error {
-	if err := l.applySettings(s.ss); err != nil {
-		return err
-	}
-	return l.framer.fr.WriteSettingsAck()
-}
-
-func (l *loopyWriter) headerHandler(h *headerFrame) error {
-	if l.side == serverSide {
-		if h.endStream { // Case 1.A: Server wants to close stream.
-			// Make sure it's not a trailers only response.
-			if str, ok := l.estdStreams[h.streamID]; ok {
-				if str.state != empty { // either active or waiting on stream quota.
-					// add it str's list of items.
-					str.itl.enqueue(h)
-					return nil
-				}
-			}
-			if err := l.writeHeader(h.streamID, h.endStream, h.hf, h.onWrite); err != nil {
-				return err
-			}
-			return l.cleanupStreamHandler(h.cleanup)
-		}
-		// Case 1.B: Server is responding back with headers.
-		str := &outStream{
-			state: empty,
-			itl:   &itemList{},
-			wq:    h.wq,
-		}
-		l.estdStreams[h.streamID] = str
-		return l.writeHeader(h.streamID, h.endStream, h.hf, h.onWrite)
-	}
-	// Case 2: Client wants to originate stream.
-	str := &outStream{
-		id:    h.streamID,
-		state: empty,
-		itl:   &itemList{},
-		wq:    h.wq,
-	}
-	str.itl.enqueue(h)
-	return l.originateStream(str)
-}
-
-func (l *loopyWriter) originateStream(str *outStream) error {
-	hdr := str.itl.dequeue().(*headerFrame)
-	sendPing, err := hdr.initStream(str.id)
-	if err != nil {
-		if err == ErrConnClosing {
-			return err
-		}
-		// Other errors(errStreamDrain) need not close transport.
-		return nil
-	}
-	if err = l.writeHeader(str.id, hdr.endStream, hdr.hf, hdr.onWrite); err != nil {
-		return err
-	}
-	l.estdStreams[str.id] = str
-	if sendPing {
-		return l.pingHandler(&ping{data: [8]byte{}})
-	}
-	return nil
-}
-
-func (l *loopyWriter) writeHeader(streamID uint32, endStream bool, hf []hpack.HeaderField, onWrite func()) error {
-	if onWrite != nil {
-		onWrite()
-	}
-	l.hBuf.Reset()
-	for _, f := range hf {
-		if err := l.hEnc.WriteField(f); err != nil {
-			warningf("transport: loopyWriter.writeHeader encountered error while encoding headers:", err)
-		}
-	}
-	var (
-		err               error
-		endHeaders, first bool
-	)
-	first = true
-	for !endHeaders {
-		size := l.hBuf.Len()
-		if size > http2MaxFrameLen {
-			size = http2MaxFrameLen
-		} else {
-			endHeaders = true
-		}
-		if first {
-			first = false
-			err = l.framer.fr.WriteHeaders(http2.HeadersFrameParam{
-				StreamID:      streamID,
-				BlockFragment: l.hBuf.Next(size),
-				EndStream:     endStream,
-				EndHeaders:    endHeaders,
-			})
-		} else {
-			err = l.framer.fr.WriteContinuation(
-				streamID,
-				endHeaders,
-				l.hBuf.Next(size),
-			)
-		}
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (l *loopyWriter) preprocessData(df *dataFrame) error {
-	str, ok := l.estdStreams[df.streamID]
-	if !ok {
-		return nil
-	}
-	// If we got data for a stream it means that
-	// stream was originated and the headers were sent out.
-	str.itl.enqueue(df)
-	if str.state == empty {
-		str.state = active
-		l.activeStreams.enqueue(str)
-	}
-	return nil
-}
-
-func (l *loopyWriter) pingHandler(p *ping) error {
-	if !p.ack {
-		l.bdpEst.timesnap(p.data)
-	}
-	return l.framer.fr.WritePing(p.ack, p.data)
-
-}
-
-func (l *loopyWriter) outFlowControlSizeRequestHandler(o *outFlowControlSizeRequest) error {
-	o.resp <- l.sendQuota
-	return nil
-}
-
-func (l *loopyWriter) cleanupStreamHandler(c *cleanupStream) error {
-	c.onWrite()
-	if str, ok := l.estdStreams[c.streamID]; ok {
-		// On the server side it could be a trailers-only response or
-		// a RST_STREAM before stream initialization thus the stream might
-		// not be established yet.
-		delete(l.estdStreams, c.streamID)
-		str.deleteSelf()
-	}
-	if c.rst { // If RST_STREAM needs to be sent.
-		if err := l.framer.fr.WriteRSTStream(c.streamID, c.rstCode); err != nil {
-			return err
-		}
-	}
-	if l.side == clientSide && l.draining && len(l.estdStreams) == 0 {
-		return ErrConnClosing
-	}
-	return nil
-}
-
-func (l *loopyWriter) incomingGoAwayHandler(*incomingGoAway) error {
-	if l.side == clientSide {
-		l.draining = true
-		if len(l.estdStreams) == 0 {
-			return ErrConnClosing
-		}
-	}
-	return nil
-}
-
-func (l *loopyWriter) goAwayHandler(g *goAway) error {
-	// Handling of outgoing GoAway is very specific to side.
-	if l.ssGoAwayHandler != nil {
-		draining, err := l.ssGoAwayHandler(g)
-		if err != nil {
-			return err
-		}
-		l.draining = draining
-	}
-	return nil
-}
-
-func (l *loopyWriter) handle(i interface{}) error {
-	switch i := i.(type) {
-	case *incomingWindowUpdate:
-		return l.incomingWindowUpdateHandler(i)
-	case *outgoingWindowUpdate:
-		return l.outgoingWindowUpdateHandler(i)
-	case *incomingSettings:
-		return l.incomingSettingsHandler(i)
-	case *outgoingSettings:
-		return l.outgoingSettingsHandler(i)
-	case *headerFrame:
-		return l.headerHandler(i)
-	case *cleanupStream:
-		return l.cleanupStreamHandler(i)
-	case *incomingGoAway:
-		return l.incomingGoAwayHandler(i)
-	case *dataFrame:
-		return l.preprocessData(i)
-	case *ping:
-		return l.pingHandler(i)
-	case *goAway:
-		return l.goAwayHandler(i)
-	case *outFlowControlSizeRequest:
-		return l.outFlowControlSizeRequestHandler(i)
-	default:
-		return fmt.Errorf("transport: unknown control message type %T", i)
-	}
-}
-
-func (l *loopyWriter) applySettings(ss []http2.Setting) error {
-	for _, s := range ss {
-		switch s.ID {
-		case http2.SettingInitialWindowSize:
-			o := l.oiws
-			l.oiws = s.Val
-			if o < l.oiws {
-				// If the new limit is greater make all depleted streams active.
-				for _, stream := range l.estdStreams {
-					if stream.state == waitingOnStreamQuota {
-						stream.state = active
-						l.activeStreams.enqueue(stream)
-					}
-				}
-			}
-		}
-	}
-	return nil
-}
-
-func (l *loopyWriter) processData() (bool, error) {
-	if l.sendQuota == 0 {
-		return true, nil
-	}
-	str := l.activeStreams.dequeue()
-	if str == nil {
-		return true, nil
-	}
-	dataItem := str.itl.peek().(*dataFrame)
-	if len(dataItem.h) == 0 && len(dataItem.d) == 0 {
-		// Client sends out empty data frame with endStream = true
-		if err := l.framer.fr.WriteData(dataItem.streamID, dataItem.endStream, nil); err != nil {
-			return false, err
-		}
-		str.itl.dequeue()
-		if str.itl.isEmpty() {
-			str.state = empty
-		} else if trailer, ok := str.itl.peek().(*headerFrame); ok { // the next item is trailers.
-			if err := l.writeHeader(trailer.streamID, trailer.endStream, trailer.hf, trailer.onWrite); err != nil {
-				return false, err
-			}
-			if err := l.cleanupStreamHandler(trailer.cleanup); err != nil {
-				return false, nil
-			}
-		} else {
-			l.activeStreams.enqueue(str)
-		}
-		return false, nil
-	}
-	var (
-		idx int
-		buf []byte
-	)
-	if len(dataItem.h) != 0 { // data header has not been written out yet.
-		buf = dataItem.h
-	} else {
-		idx = 1
-		buf = dataItem.d
-	}
-	size := http2MaxFrameLen
-	if len(buf) < size {
-		size = len(buf)
-	}
-	if strQuota := int(l.oiws) - str.bytesOutStanding; strQuota <= 0 {
-		str.state = waitingOnStreamQuota
-		return false, nil
-	} else if strQuota < size {
-		size = strQuota
-	}
-
-	if l.sendQuota < uint32(size) {
-		size = int(l.sendQuota)
-	}
-	// Now that outgoing flow controls are checked we can replenish str's write quota
-	str.wq.replenish(size)
-	var endStream bool
-	// This last data message on this stream and all
-	// of it can be written in this go.
-	if dataItem.endStream && size == len(buf) {
-		// buf contains either data or it contains header but data is empty.
-		if idx == 1 || len(dataItem.d) == 0 {
-			endStream = true
-		}
-	}
-	if dataItem.onEachWrite != nil {
-		dataItem.onEachWrite()
-	}
-	if err := l.framer.fr.WriteData(dataItem.streamID, endStream, buf[:size]); err != nil {
-		return false, err
-	}
-	buf = buf[size:]
-	str.bytesOutStanding += size
-	l.sendQuota -= uint32(size)
-	if idx == 0 {
-		dataItem.h = buf
-	} else {
-		dataItem.d = buf
-	}
-
-	if len(dataItem.h) == 0 && len(dataItem.d) == 0 { // All the data from that message was written out.
-		str.itl.dequeue()
-	}
-	if str.itl.isEmpty() {
-		str.state = empty
-	} else if trailer, ok := str.itl.peek().(*headerFrame); ok { // The next item is trailers.
-		if err := l.writeHeader(trailer.streamID, trailer.endStream, trailer.hf, trailer.onWrite); err != nil {
-			return false, err
-		}
-		if err := l.cleanupStreamHandler(trailer.cleanup); err != nil {
-			return false, err
-		}
-	} else if int(l.oiws)-str.bytesOutStanding <= 0 { // Ran out of stream quota.
-		str.state = waitingOnStreamQuota
-	} else { // Otherwise add it back to the list of active streams.
-		l.activeStreams.enqueue(str)
-	}
-	return false, nil
-}
diff --git a/vendor/google.golang.org/grpc/transport/go16.go b/vendor/google.golang.org/grpc/transport/go16.go
deleted file mode 100644
index 5babcf9b87706..0000000000000
--- a/vendor/google.golang.org/grpc/transport/go16.go
+++ /dev/null
@@ -1,51 +0,0 @@
-// +build go1.6,!go1.7
-
-/*
- *
- * Copyright 2016 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package transport
-
-import (
-	"net"
-	"net/http"
-
-	"google.golang.org/grpc/codes"
-
-	"golang.org/x/net/context"
-)
-
-// dialContext connects to the address on the named network.
-func dialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	return (&net.Dialer{Cancel: ctx.Done()}).Dial(network, address)
-}
-
-// ContextErr converts the error from context package into a StreamError.
-func ContextErr(err error) StreamError {
-	switch err {
-	case context.DeadlineExceeded:
-		return streamErrorf(codes.DeadlineExceeded, "%v", err)
-	case context.Canceled:
-		return streamErrorf(codes.Canceled, "%v", err)
-	}
-	return streamErrorf(codes.Internal, "Unexpected error from context packet: %v", err)
-}
-
-// contextFromRequest returns a background context.
-func contextFromRequest(r *http.Request) context.Context {
-	return context.Background()
-}
diff --git a/vendor/google.golang.org/grpc/transport/go17.go b/vendor/google.golang.org/grpc/transport/go17.go
deleted file mode 100644
index b7fa6bdb9ca29..0000000000000
--- a/vendor/google.golang.org/grpc/transport/go17.go
+++ /dev/null
@@ -1,52 +0,0 @@
-// +build go1.7
-
-/*
- *
- * Copyright 2016 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package transport
-
-import (
-	"context"
-	"net"
-	"net/http"
-
-	"google.golang.org/grpc/codes"
-
-	netctx "golang.org/x/net/context"
-)
-
-// dialContext connects to the address on the named network.
-func dialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	return (&net.Dialer{}).DialContext(ctx, network, address)
-}
-
-// ContextErr converts the error from context package into a StreamError.
-func ContextErr(err error) StreamError {
-	switch err {
-	case context.DeadlineExceeded, netctx.DeadlineExceeded:
-		return streamErrorf(codes.DeadlineExceeded, "%v", err)
-	case context.Canceled, netctx.Canceled:
-		return streamErrorf(codes.Canceled, "%v", err)
-	}
-	return streamErrorf(codes.Internal, "Unexpected error from context packet: %v", err)
-}
-
-// contextFromRequest returns a context from the HTTP Request.
-func contextFromRequest(r *http.Request) context.Context {
-	return r.Context()
-}
diff --git a/vendor/google.golang.org/grpc/transport/http2_client.go b/vendor/google.golang.org/grpc/transport/http2_client.go
deleted file mode 100644
index 1fdabd954ef0f..0000000000000
--- a/vendor/google.golang.org/grpc/transport/http2_client.go
+++ /dev/null
@@ -1,1284 +0,0 @@
-/*
- *
- * Copyright 2014 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package transport
-
-import (
-	"io"
-	"math"
-	"net"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"golang.org/x/net/context"
-	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/hpack"
-
-	"google.golang.org/grpc/channelz"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/credentials"
-	"google.golang.org/grpc/keepalive"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/peer"
-	"google.golang.org/grpc/stats"
-	"google.golang.org/grpc/status"
-)
-
-// http2Client implements the ClientTransport interface with HTTP2.
-type http2Client struct {
-	ctx        context.Context
-	cancel     context.CancelFunc
-	ctxDone    <-chan struct{} // Cache the ctx.Done() chan.
-	userAgent  string
-	md         interface{}
-	conn       net.Conn // underlying communication channel
-	loopy      *loopyWriter
-	remoteAddr net.Addr
-	localAddr  net.Addr
-	authInfo   credentials.AuthInfo // auth info about the connection
-
-	readerDone chan struct{} // sync point to enable testing.
-	writerDone chan struct{} // sync point to enable testing.
-	// goAway is closed to notify the upper layer (i.e., addrConn.transportMonitor)
-	// that the server sent GoAway on this transport.
-	goAway chan struct{}
-	// awakenKeepalive is used to wake up keepalive when after it has gone dormant.
-	awakenKeepalive chan struct{}
-
-	framer *framer
-	// controlBuf delivers all the control related tasks (e.g., window
-	// updates, reset streams, and various settings) to the controller.
-	controlBuf *controlBuffer
-	fc         *trInFlow
-	// The scheme used: https if TLS is on, http otherwise.
-	scheme string
-
-	isSecure bool
-
-	creds []credentials.PerRPCCredentials
-
-	// Boolean to keep track of reading activity on transport.
-	// 1 is true and 0 is false.
-	activity uint32 // Accessed atomically.
-	kp       keepalive.ClientParameters
-
-	statsHandler stats.Handler
-
-	initialWindowSize int32
-
-	bdpEst *bdpEstimator
-	// onSuccess is a callback that client transport calls upon
-	// receiving server preface to signal that a succefull HTTP2
-	// connection was established.
-	onSuccess func()
-
-	maxConcurrentStreams  uint32
-	streamQuota           int64
-	streamsQuotaAvailable chan struct{}
-	waitingStreams        uint32
-	nextID                uint32
-
-	mu            sync.Mutex // guard the following variables
-	state         transportState
-	activeStreams map[uint32]*Stream
-	// prevGoAway ID records the Last-Stream-ID in the previous GOAway frame.
-	prevGoAwayID uint32
-	// goAwayReason records the http2.ErrCode and debug data received with the
-	// GoAway frame.
-	goAwayReason GoAwayReason
-
-	// Fields below are for channelz metric collection.
-	channelzID int64 // channelz unique identification number
-	czmu       sync.RWMutex
-	kpCount    int64
-	// The number of streams that have started, including already finished ones.
-	streamsStarted int64
-	// The number of streams that have ended successfully by receiving EoS bit set
-	// frame from server.
-	streamsSucceeded  int64
-	streamsFailed     int64
-	lastStreamCreated time.Time
-	msgSent           int64
-	msgRecv           int64
-	lastMsgSent       time.Time
-	lastMsgRecv       time.Time
-}
-
-func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error), addr string) (net.Conn, error) {
-	if fn != nil {
-		return fn(ctx, addr)
-	}
-	return dialContext(ctx, "tcp", addr)
-}
-
-func isTemporary(err error) bool {
-	switch err := err.(type) {
-	case interface {
-		Temporary() bool
-	}:
-		return err.Temporary()
-	case interface {
-		Timeout() bool
-	}:
-		// Timeouts may be resolved upon retry, and are thus treated as
-		// temporary.
-		return err.Timeout()
-	}
-	return true
-}
-
-// newHTTP2Client constructs a connected ClientTransport to addr based on HTTP2
-// and starts to receive messages on it. Non-nil error returns if construction
-// fails.
-func newHTTP2Client(connectCtx, ctx context.Context, addr TargetInfo, opts ConnectOptions, onSuccess func()) (_ ClientTransport, err error) {
-	scheme := "http"
-	ctx, cancel := context.WithCancel(ctx)
-	defer func() {
-		if err != nil {
-			cancel()
-		}
-	}()
-
-	conn, err := dial(connectCtx, opts.Dialer, addr.Addr)
-	if err != nil {
-		if opts.FailOnNonTempDialError {
-			return nil, connectionErrorf(isTemporary(err), err, "transport: error while dialing: %v", err)
-		}
-		return nil, connectionErrorf(true, err, "transport: Error while dialing %v", err)
-	}
-	// Any further errors will close the underlying connection
-	defer func(conn net.Conn) {
-		if err != nil {
-			conn.Close()
-		}
-	}(conn)
-	var (
-		isSecure bool
-		authInfo credentials.AuthInfo
-	)
-	if creds := opts.TransportCredentials; creds != nil {
-		scheme = "https"
-		conn, authInfo, err = creds.ClientHandshake(connectCtx, addr.Authority, conn)
-		if err != nil {
-			return nil, connectionErrorf(isTemporary(err), err, "transport: authentication handshake failed: %v", err)
-		}
-		isSecure = true
-	}
-	kp := opts.KeepaliveParams
-	// Validate keepalive parameters.
-	if kp.Time == 0 {
-		kp.Time = defaultClientKeepaliveTime
-	}
-	if kp.Timeout == 0 {
-		kp.Timeout = defaultClientKeepaliveTimeout
-	}
-	dynamicWindow := true
-	icwz := int32(initialWindowSize)
-	if opts.InitialConnWindowSize >= defaultWindowSize {
-		icwz = opts.InitialConnWindowSize
-		dynamicWindow = false
-	}
-	writeBufSize := defaultWriteBufSize
-	if opts.WriteBufferSize > 0 {
-		writeBufSize = opts.WriteBufferSize
-	}
-	readBufSize := defaultReadBufSize
-	if opts.ReadBufferSize > 0 {
-		readBufSize = opts.ReadBufferSize
-	}
-	t := &http2Client{
-		ctx:                   ctx,
-		ctxDone:               ctx.Done(), // Cache Done chan.
-		cancel:                cancel,
-		userAgent:             opts.UserAgent,
-		md:                    addr.Metadata,
-		conn:                  conn,
-		remoteAddr:            conn.RemoteAddr(),
-		localAddr:             conn.LocalAddr(),
-		authInfo:              authInfo,
-		readerDone:            make(chan struct{}),
-		writerDone:            make(chan struct{}),
-		goAway:                make(chan struct{}),
-		awakenKeepalive:       make(chan struct{}, 1),
-		framer:                newFramer(conn, writeBufSize, readBufSize),
-		fc:                    &trInFlow{limit: uint32(icwz)},
-		scheme:                scheme,
-		activeStreams:         make(map[uint32]*Stream),
-		isSecure:              isSecure,
-		creds:                 opts.PerRPCCredentials,
-		kp:                    kp,
-		statsHandler:          opts.StatsHandler,
-		initialWindowSize:     initialWindowSize,
-		onSuccess:             onSuccess,
-		nextID:                1,
-		maxConcurrentStreams:  defaultMaxStreamsClient,
-		streamQuota:           defaultMaxStreamsClient,
-		streamsQuotaAvailable: make(chan struct{}, 1),
-	}
-	t.controlBuf = newControlBuffer(t.ctxDone)
-	if opts.InitialWindowSize >= defaultWindowSize {
-		t.initialWindowSize = opts.InitialWindowSize
-		dynamicWindow = false
-	}
-	if dynamicWindow {
-		t.bdpEst = &bdpEstimator{
-			bdp:               initialWindowSize,
-			updateFlowControl: t.updateFlowControl,
-		}
-	}
-	// Make sure awakenKeepalive can't be written upon.
-	// keepalive routine will make it writable, if need be.
-	t.awakenKeepalive <- struct{}{}
-	if t.statsHandler != nil {
-		t.ctx = t.statsHandler.TagConn(t.ctx, &stats.ConnTagInfo{
-			RemoteAddr: t.remoteAddr,
-			LocalAddr:  t.localAddr,
-		})
-		connBegin := &stats.ConnBegin{
-			Client: true,
-		}
-		t.statsHandler.HandleConn(t.ctx, connBegin)
-	}
-	if channelz.IsOn() {
-		t.channelzID = channelz.RegisterNormalSocket(t, opts.ChannelzParentID, "")
-	}
-	// Start the reader goroutine for incoming message. Each transport has
-	// a dedicated goroutine which reads HTTP2 frame from network. Then it
-	// dispatches the frame to the corresponding stream entity.
-	go t.reader()
-	// Send connection preface to server.
-	n, err := t.conn.Write(clientPreface)
-	if err != nil {
-		t.Close()
-		return nil, connectionErrorf(true, err, "transport: failed to write client preface: %v", err)
-	}
-	if n != len(clientPreface) {
-		t.Close()
-		return nil, connectionErrorf(true, err, "transport: preface mismatch, wrote %d bytes; want %d", n, len(clientPreface))
-	}
-	if t.initialWindowSize != defaultWindowSize {
-		err = t.framer.fr.WriteSettings(http2.Setting{
-			ID:  http2.SettingInitialWindowSize,
-			Val: uint32(t.initialWindowSize),
-		})
-	} else {
-		err = t.framer.fr.WriteSettings()
-	}
-	if err != nil {
-		t.Close()
-		return nil, connectionErrorf(true, err, "transport: failed to write initial settings frame: %v", err)
-	}
-	// Adjust the connection flow control window if needed.
-	if delta := uint32(icwz - defaultWindowSize); delta > 0 {
-		if err := t.framer.fr.WriteWindowUpdate(0, delta); err != nil {
-			t.Close()
-			return nil, connectionErrorf(true, err, "transport: failed to write window update: %v", err)
-		}
-	}
-	t.framer.writer.Flush()
-	go func() {
-		t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst)
-		t.loopy.run()
-		t.conn.Close()
-		close(t.writerDone)
-	}()
-	if t.kp.Time != infinity {
-		go t.keepalive()
-	}
-	return t, nil
-}
-
-func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *Stream {
-	// TODO(zhaoq): Handle uint32 overflow of Stream.id.
-	s := &Stream{
-		done:           make(chan struct{}),
-		method:         callHdr.Method,
-		sendCompress:   callHdr.SendCompress,
-		buf:            newRecvBuffer(),
-		headerChan:     make(chan struct{}),
-		contentSubtype: callHdr.ContentSubtype,
-	}
-	s.wq = newWriteQuota(defaultWriteQuota, s.done)
-	s.requestRead = func(n int) {
-		t.adjustWindow(s, uint32(n))
-	}
-	// The client side stream context should have exactly the same life cycle with the user provided context.
-	// That means, s.ctx should be read-only. And s.ctx is done iff ctx is done.
-	// So we use the original context here instead of creating a copy.
-	s.ctx = ctx
-	s.trReader = &transportReader{
-		reader: &recvBufferReader{
-			ctx:     s.ctx,
-			ctxDone: s.ctx.Done(),
-			recv:    s.buf,
-		},
-		windowHandler: func(n int) {
-			t.updateWindow(s, uint32(n))
-		},
-	}
-	return s
-}
-
-func (t *http2Client) getPeer() *peer.Peer {
-	pr := &peer.Peer{
-		Addr: t.remoteAddr,
-	}
-	// Attach Auth info if there is any.
-	if t.authInfo != nil {
-		pr.AuthInfo = t.authInfo
-	}
-	return pr
-}
-
-func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) ([]hpack.HeaderField, error) {
-	aud := t.createAudience(callHdr)
-	authData, err := t.getTrAuthData(ctx, aud)
-	if err != nil {
-		return nil, err
-	}
-	callAuthData, err := t.getCallAuthData(ctx, aud, callHdr)
-	if err != nil {
-		return nil, err
-	}
-	// TODO(mmukhi): Benchmark if the performance gets better if count the metadata and other header fields
-	// first and create a slice of that exact size.
-	// Make the slice of certain predictable size to reduce allocations made by append.
-	hfLen := 7 // :method, :scheme, :path, :authority, content-type, user-agent, te
-	hfLen += len(authData) + len(callAuthData)
-	headerFields := make([]hpack.HeaderField, 0, hfLen)
-	headerFields = append(headerFields, hpack.HeaderField{Name: ":method", Value: "POST"})
-	headerFields = append(headerFields, hpack.HeaderField{Name: ":scheme", Value: t.scheme})
-	headerFields = append(headerFields, hpack.HeaderField{Name: ":path", Value: callHdr.Method})
-	headerFields = append(headerFields, hpack.HeaderField{Name: ":authority", Value: callHdr.Host})
-	headerFields = append(headerFields, hpack.HeaderField{Name: "content-type", Value: contentType(callHdr.ContentSubtype)})
-	headerFields = append(headerFields, hpack.HeaderField{Name: "user-agent", Value: t.userAgent})
-	headerFields = append(headerFields, hpack.HeaderField{Name: "te", Value: "trailers"})
-
-	if callHdr.SendCompress != "" {
-		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-encoding", Value: callHdr.SendCompress})
-	}
-	if dl, ok := ctx.Deadline(); ok {
-		// Send out timeout regardless its value. The server can detect timeout context by itself.
-		// TODO(mmukhi): Perhaps this field should be updated when actually writing out to the wire.
-		timeout := dl.Sub(time.Now())
-		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-timeout", Value: encodeTimeout(timeout)})
-	}
-	for k, v := range authData {
-		headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
-	}
-	for k, v := range callAuthData {
-		headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
-	}
-	if b := stats.OutgoingTags(ctx); b != nil {
-		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-tags-bin", Value: encodeBinHeader(b)})
-	}
-	if b := stats.OutgoingTrace(ctx); b != nil {
-		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-trace-bin", Value: encodeBinHeader(b)})
-	}
-
-	if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok {
-		var k string
-		for _, vv := range added {
-			for i, v := range vv {
-				if i%2 == 0 {
-					k = v
-					continue
-				}
-				// HTTP doesn't allow you to set pseudoheaders after non pseudoheaders were set.
-				if isReservedHeader(k) {
-					continue
-				}
-				headerFields = append(headerFields, hpack.HeaderField{Name: strings.ToLower(k), Value: encodeMetadataHeader(k, v)})
-			}
-		}
-		for k, vv := range md {
-			// HTTP doesn't allow you to set pseudoheaders after non pseudoheaders were set.
-			if isReservedHeader(k) {
-				continue
-			}
-			for _, v := range vv {
-				headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
-			}
-		}
-	}
-	if md, ok := t.md.(*metadata.MD); ok {
-		for k, vv := range *md {
-			if isReservedHeader(k) {
-				continue
-			}
-			for _, v := range vv {
-				headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
-			}
-		}
-	}
-	return headerFields, nil
-}
-
-func (t *http2Client) createAudience(callHdr *CallHdr) string {
-	// Create an audience string only if needed.
-	if len(t.creds) == 0 && callHdr.Creds == nil {
-		return ""
-	}
-	// Construct URI required to get auth request metadata.
-	// Omit port if it is the default one.
-	host := strings.TrimSuffix(callHdr.Host, ":443")
-	pos := strings.LastIndex(callHdr.Method, "/")
-	if pos == -1 {
-		pos = len(callHdr.Method)
-	}
-	return "https://" + host + callHdr.Method[:pos]
-}
-
-func (t *http2Client) getTrAuthData(ctx context.Context, audience string) (map[string]string, error) {
-	authData := map[string]string{}
-	for _, c := range t.creds {
-		data, err := c.GetRequestMetadata(ctx, audience)
-		if err != nil {
-			if _, ok := status.FromError(err); ok {
-				return nil, err
-			}
-
-			return nil, streamErrorf(codes.Unauthenticated, "transport: %v", err)
-		}
-		for k, v := range data {
-			// Capital header names are illegal in HTTP/2.
-			k = strings.ToLower(k)
-			authData[k] = v
-		}
-	}
-	return authData, nil
-}
-
-func (t *http2Client) getCallAuthData(ctx context.Context, audience string, callHdr *CallHdr) (map[string]string, error) {
-	callAuthData := map[string]string{}
-	// Check if credentials.PerRPCCredentials were provided via call options.
-	// Note: if these credentials are provided both via dial options and call
-	// options, then both sets of credentials will be applied.
-	if callCreds := callHdr.Creds; callCreds != nil {
-		if !t.isSecure && callCreds.RequireTransportSecurity() {
-			return nil, streamErrorf(codes.Unauthenticated, "transport: cannot send secure credentials on an insecure connection")
-		}
-		data, err := callCreds.GetRequestMetadata(ctx, audience)
-		if err != nil {
-			return nil, streamErrorf(codes.Internal, "transport: %v", err)
-		}
-		for k, v := range data {
-			// Capital header names are illegal in HTTP/2
-			k = strings.ToLower(k)
-			callAuthData[k] = v
-		}
-	}
-	return callAuthData, nil
-}
-
-// NewStream creates a stream and registers it into the transport as "active"
-// streams.
-func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Stream, err error) {
-	ctx = peer.NewContext(ctx, t.getPeer())
-	headerFields, err := t.createHeaderFields(ctx, callHdr)
-	if err != nil {
-		return nil, err
-	}
-	s := t.newStream(ctx, callHdr)
-	cleanup := func(err error) {
-		if s.swapState(streamDone) == streamDone {
-			// If it was already done, return.
-			return
-		}
-		// The stream was unprocessed by the server.
-		atomic.StoreUint32(&s.unprocessed, 1)
-		s.write(recvMsg{err: err})
-		close(s.done)
-		// If headerChan isn't closed, then close it.
-		if atomic.SwapUint32(&s.headerDone, 1) == 0 {
-			close(s.headerChan)
-		}
-
-	}
-	hdr := &headerFrame{
-		hf:        headerFields,
-		endStream: false,
-		initStream: func(id uint32) (bool, error) {
-			t.mu.Lock()
-			if state := t.state; state != reachable {
-				t.mu.Unlock()
-				// Do a quick cleanup.
-				err := error(errStreamDrain)
-				if state == closing {
-					err = ErrConnClosing
-				}
-				cleanup(err)
-				return false, err
-			}
-			t.activeStreams[id] = s
-			if channelz.IsOn() {
-				t.czmu.Lock()
-				t.streamsStarted++
-				t.lastStreamCreated = time.Now()
-				t.czmu.Unlock()
-			}
-			var sendPing bool
-			// If the number of active streams change from 0 to 1, then check if keepalive
-			// has gone dormant. If so, wake it up.
-			if len(t.activeStreams) == 1 {
-				select {
-				case t.awakenKeepalive <- struct{}{}:
-					sendPing = true
-					// Fill the awakenKeepalive channel again as this channel must be
-					// kept non-writable except at the point that the keepalive()
-					// goroutine is waiting either to be awaken or shutdown.
-					t.awakenKeepalive <- struct{}{}
-				default:
-				}
-			}
-			t.mu.Unlock()
-			return sendPing, nil
-		},
-		onOrphaned: cleanup,
-		wq:         s.wq,
-	}
-	firstTry := true
-	var ch chan struct{}
-	checkForStreamQuota := func(it interface{}) bool {
-		if t.streamQuota <= 0 { // Can go negative if server decreases it.
-			if firstTry {
-				t.waitingStreams++
-			}
-			ch = t.streamsQuotaAvailable
-			return false
-		}
-		if !firstTry {
-			t.waitingStreams--
-		}
-		t.streamQuota--
-		h := it.(*headerFrame)
-		h.streamID = t.nextID
-		t.nextID += 2
-		s.id = h.streamID
-		s.fc = &inFlow{limit: uint32(t.initialWindowSize)}
-		if t.streamQuota > 0 && t.waitingStreams > 0 {
-			select {
-			case t.streamsQuotaAvailable <- struct{}{}:
-			default:
-			}
-		}
-		return true
-	}
-	for {
-		success, err := t.controlBuf.executeAndPut(checkForStreamQuota, hdr)
-		if err != nil {
-			return nil, err
-		}
-		if success {
-			break
-		}
-		firstTry = false
-		select {
-		case <-ch:
-		case <-s.ctx.Done():
-			return nil, ContextErr(s.ctx.Err())
-		case <-t.goAway:
-			return nil, errStreamDrain
-		case <-t.ctx.Done():
-			return nil, ErrConnClosing
-		}
-	}
-	if t.statsHandler != nil {
-		outHeader := &stats.OutHeader{
-			Client:      true,
-			FullMethod:  callHdr.Method,
-			RemoteAddr:  t.remoteAddr,
-			LocalAddr:   t.localAddr,
-			Compression: callHdr.SendCompress,
-		}
-		t.statsHandler.HandleRPC(s.ctx, outHeader)
-	}
-	return s, nil
-}
-
-// CloseStream clears the footprint of a stream when the stream is not needed any more.
-// This must not be executed in reader's goroutine.
-func (t *http2Client) CloseStream(s *Stream, err error) {
-	var (
-		rst     bool
-		rstCode http2.ErrCode
-	)
-	if err != nil {
-		rst = true
-		rstCode = http2.ErrCodeCancel
-	}
-	t.closeStream(s, err, rst, rstCode, nil, nil, false)
-}
-
-func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2.ErrCode, st *status.Status, mdata map[string][]string, eosReceived bool) {
-	// Set stream status to done.
-	if s.swapState(streamDone) == streamDone {
-		// If it was already done, return.
-		return
-	}
-	// status and trailers can be updated here without any synchronization because the stream goroutine will
-	// only read it after it sees an io.EOF error from read or write and we'll write those errors
-	// only after updating this.
-	s.status = st
-	if len(mdata) > 0 {
-		s.trailer = mdata
-	}
-	if err != nil {
-		// This will unblock reads eventually.
-		s.write(recvMsg{err: err})
-	}
-	// This will unblock write.
-	close(s.done)
-	// If headerChan isn't closed, then close it.
-	if atomic.SwapUint32(&s.headerDone, 1) == 0 {
-		close(s.headerChan)
-	}
-	cleanup := &cleanupStream{
-		streamID: s.id,
-		onWrite: func() {
-			t.mu.Lock()
-			if t.activeStreams != nil {
-				delete(t.activeStreams, s.id)
-			}
-			t.mu.Unlock()
-			if channelz.IsOn() {
-				t.czmu.Lock()
-				if eosReceived {
-					t.streamsSucceeded++
-				} else {
-					t.streamsFailed++
-				}
-				t.czmu.Unlock()
-			}
-		},
-		rst:     rst,
-		rstCode: rstCode,
-	}
-	addBackStreamQuota := func(interface{}) bool {
-		t.streamQuota++
-		if t.streamQuota > 0 && t.waitingStreams > 0 {
-			select {
-			case t.streamsQuotaAvailable <- struct{}{}:
-			default:
-			}
-		}
-		return true
-	}
-	t.controlBuf.executeAndPut(addBackStreamQuota, cleanup)
-}
-
-// Close kicks off the shutdown process of the transport. This should be called
-// only once on a transport. Once it is called, the transport should not be
-// accessed any more.
-func (t *http2Client) Close() error {
-	t.mu.Lock()
-	// Make sure we only Close once.
-	if t.state == closing {
-		t.mu.Unlock()
-		return nil
-	}
-	t.state = closing
-	streams := t.activeStreams
-	t.activeStreams = nil
-	t.mu.Unlock()
-	t.controlBuf.finish()
-	t.cancel()
-	err := t.conn.Close()
-	if channelz.IsOn() {
-		channelz.RemoveEntry(t.channelzID)
-	}
-	// Notify all active streams.
-	for _, s := range streams {
-		t.closeStream(s, ErrConnClosing, false, http2.ErrCodeNo, nil, nil, false)
-	}
-	if t.statsHandler != nil {
-		connEnd := &stats.ConnEnd{
-			Client: true,
-		}
-		t.statsHandler.HandleConn(t.ctx, connEnd)
-	}
-	return err
-}
-
-// GracefulClose sets the state to draining, which prevents new streams from
-// being created and causes the transport to be closed when the last active
-// stream is closed.  If there are no active streams, the transport is closed
-// immediately.  This does nothing if the transport is already draining or
-// closing.
-func (t *http2Client) GracefulClose() error {
-	t.mu.Lock()
-	// Make sure we move to draining only from active.
-	if t.state == draining || t.state == closing {
-		t.mu.Unlock()
-		return nil
-	}
-	t.state = draining
-	active := len(t.activeStreams)
-	t.mu.Unlock()
-	if active == 0 {
-		return t.Close()
-	}
-	return nil
-}
-
-// Write formats the data into HTTP2 data frame(s) and sends it out. The caller
-// should proceed only if Write returns nil.
-func (t *http2Client) Write(s *Stream, hdr []byte, data []byte, opts *Options) error {
-	if opts.Last {
-		// If it's the last message, update stream state.
-		if !s.compareAndSwapState(streamActive, streamWriteDone) {
-			return errStreamDone
-		}
-	} else if s.getState() != streamActive {
-		return errStreamDone
-	}
-	df := &dataFrame{
-		streamID:  s.id,
-		endStream: opts.Last,
-	}
-	if hdr != nil || data != nil { // If it's not an empty data frame.
-		// Add some data to grpc message header so that we can equally
-		// distribute bytes across frames.
-		emptyLen := http2MaxFrameLen - len(hdr)
-		if emptyLen > len(data) {
-			emptyLen = len(data)
-		}
-		hdr = append(hdr, data[:emptyLen]...)
-		data = data[emptyLen:]
-		df.h, df.d = hdr, data
-		// TODO(mmukhi): The above logic in this if can be moved to loopyWriter's data handler.
-		if err := s.wq.get(int32(len(hdr) + len(data))); err != nil {
-			return err
-		}
-	}
-	return t.controlBuf.put(df)
-}
-
-func (t *http2Client) getStream(f http2.Frame) (*Stream, bool) {
-	t.mu.Lock()
-	defer t.mu.Unlock()
-	s, ok := t.activeStreams[f.Header().StreamID]
-	return s, ok
-}
-
-// adjustWindow sends out extra window update over the initial window size
-// of stream if the application is requesting data larger in size than
-// the window.
-func (t *http2Client) adjustWindow(s *Stream, n uint32) {
-	if w := s.fc.maybeAdjust(n); w > 0 {
-		t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w})
-	}
-}
-
-// updateWindow adjusts the inbound quota for the stream.
-// Window updates will be sent out when the cumulative quota
-// exceeds the corresponding threshold.
-func (t *http2Client) updateWindow(s *Stream, n uint32) {
-	if w := s.fc.onRead(n); w > 0 {
-		t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w})
-	}
-}
-
-// updateFlowControl updates the incoming flow control windows
-// for the transport and the stream based on the current bdp
-// estimation.
-func (t *http2Client) updateFlowControl(n uint32) {
-	t.mu.Lock()
-	for _, s := range t.activeStreams {
-		s.fc.newLimit(n)
-	}
-	t.mu.Unlock()
-	updateIWS := func(interface{}) bool {
-		t.initialWindowSize = int32(n)
-		return true
-	}
-	t.controlBuf.executeAndPut(updateIWS, &outgoingWindowUpdate{streamID: 0, increment: t.fc.newLimit(n)})
-	t.controlBuf.put(&outgoingSettings{
-		ss: []http2.Setting{
-			{
-				ID:  http2.SettingInitialWindowSize,
-				Val: n,
-			},
-		},
-	})
-}
-
-func (t *http2Client) handleData(f *http2.DataFrame) {
-	size := f.Header().Length
-	var sendBDPPing bool
-	if t.bdpEst != nil {
-		sendBDPPing = t.bdpEst.add(size)
-	}
-	// Decouple connection's flow control from application's read.
-	// An update on connection's flow control should not depend on
-	// whether user application has read the data or not. Such a
-	// restriction is already imposed on the stream's flow control,
-	// and therefore the sender will be blocked anyways.
-	// Decoupling the connection flow control will prevent other
-	// active(fast) streams from starving in presence of slow or
-	// inactive streams.
-	//
-	if w := t.fc.onData(size); w > 0 {
-		t.controlBuf.put(&outgoingWindowUpdate{
-			streamID:  0,
-			increment: w,
-		})
-	}
-	if sendBDPPing {
-		// Avoid excessive ping detection (e.g. in an L7 proxy)
-		// by sending a window update prior to the BDP ping.
-
-		if w := t.fc.reset(); w > 0 {
-			t.controlBuf.put(&outgoingWindowUpdate{
-				streamID:  0,
-				increment: w,
-			})
-		}
-
-		t.controlBuf.put(bdpPing)
-	}
-	// Select the right stream to dispatch.
-	s, ok := t.getStream(f)
-	if !ok {
-		return
-	}
-	if size > 0 {
-		if err := s.fc.onData(size); err != nil {
-			t.closeStream(s, io.EOF, true, http2.ErrCodeFlowControl, status.New(codes.Internal, err.Error()), nil, false)
-			return
-		}
-		if f.Header().Flags.Has(http2.FlagDataPadded) {
-			if w := s.fc.onRead(size - uint32(len(f.Data()))); w > 0 {
-				t.controlBuf.put(&outgoingWindowUpdate{s.id, w})
-			}
-		}
-		// TODO(bradfitz, zhaoq): A copy is required here because there is no
-		// guarantee f.Data() is consumed before the arrival of next frame.
-		// Can this copy be eliminated?
-		if len(f.Data()) > 0 {
-			data := make([]byte, len(f.Data()))
-			copy(data, f.Data())
-			s.write(recvMsg{data: data})
-		}
-	}
-	// The server has closed the stream without sending trailers.  Record that
-	// the read direction is closed, and set the status appropriately.
-	if f.FrameHeader.Flags.Has(http2.FlagDataEndStream) {
-		t.closeStream(s, io.EOF, false, http2.ErrCodeNo, status.New(codes.Internal, "server closed the stream without sending trailers"), nil, true)
-	}
-}
-
-func (t *http2Client) handleRSTStream(f *http2.RSTStreamFrame) {
-	s, ok := t.getStream(f)
-	if !ok {
-		return
-	}
-	if f.ErrCode == http2.ErrCodeRefusedStream {
-		// The stream was unprocessed by the server.
-		atomic.StoreUint32(&s.unprocessed, 1)
-	}
-	statusCode, ok := http2ErrConvTab[f.ErrCode]
-	if !ok {
-		warningf("transport: http2Client.handleRSTStream found no mapped gRPC status for the received http2 error %v", f.ErrCode)
-		statusCode = codes.Unknown
-	}
-	t.closeStream(s, io.EOF, false, http2.ErrCodeNo, status.Newf(statusCode, "stream terminated by RST_STREAM with error code: %v", f.ErrCode), nil, false)
-}
-
-func (t *http2Client) handleSettings(f *http2.SettingsFrame, isFirst bool) {
-	if f.IsAck() {
-		return
-	}
-	var maxStreams *uint32
-	var ss []http2.Setting
-	f.ForeachSetting(func(s http2.Setting) error {
-		if s.ID == http2.SettingMaxConcurrentStreams {
-			maxStreams = new(uint32)
-			*maxStreams = s.Val
-			return nil
-		}
-		ss = append(ss, s)
-		return nil
-	})
-	if isFirst && maxStreams == nil {
-		maxStreams = new(uint32)
-		*maxStreams = math.MaxUint32
-	}
-	sf := &incomingSettings{
-		ss: ss,
-	}
-	if maxStreams == nil {
-		t.controlBuf.put(sf)
-		return
-	}
-	updateStreamQuota := func(interface{}) bool {
-		delta := int64(*maxStreams) - int64(t.maxConcurrentStreams)
-		t.maxConcurrentStreams = *maxStreams
-		t.streamQuota += delta
-		if delta > 0 && t.waitingStreams > 0 {
-			close(t.streamsQuotaAvailable) // wake all of them up.
-			t.streamsQuotaAvailable = make(chan struct{}, 1)
-		}
-		return true
-	}
-	t.controlBuf.executeAndPut(updateStreamQuota, sf)
-}
-
-func (t *http2Client) handlePing(f *http2.PingFrame) {
-	if f.IsAck() {
-		// Maybe it's a BDP ping.
-		if t.bdpEst != nil {
-			t.bdpEst.calculate(f.Data)
-		}
-		return
-	}
-	pingAck := &ping{ack: true}
-	copy(pingAck.data[:], f.Data[:])
-	t.controlBuf.put(pingAck)
-}
-
-func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) {
-	t.mu.Lock()
-	if t.state == closing {
-		t.mu.Unlock()
-		return
-	}
-	if f.ErrCode == http2.ErrCodeEnhanceYourCalm {
-		infof("Client received GoAway with http2.ErrCodeEnhanceYourCalm.")
-	}
-	id := f.LastStreamID
-	if id > 0 && id%2 != 1 {
-		t.mu.Unlock()
-		t.Close()
-		return
-	}
-	// A client can receive multiple GoAways from the server (see
-	// https://github.com/grpc/grpc-go/issues/1387).  The idea is that the first
-	// GoAway will be sent with an ID of MaxInt32 and the second GoAway will be
-	// sent after an RTT delay with the ID of the last stream the server will
-	// process.
-	//
-	// Therefore, when we get the first GoAway we don't necessarily close any
-	// streams. While in case of second GoAway we close all streams created after
-	// the GoAwayId. This way streams that were in-flight while the GoAway from
-	// server was being sent don't get killed.
-	select {
-	case <-t.goAway: // t.goAway has been closed (i.e.,multiple GoAways).
-		// If there are multiple GoAways the first one should always have an ID greater than the following ones.
-		if id > t.prevGoAwayID {
-			t.mu.Unlock()
-			t.Close()
-			return
-		}
-	default:
-		t.setGoAwayReason(f)
-		close(t.goAway)
-		t.state = draining
-		t.controlBuf.put(&incomingGoAway{})
-	}
-	// All streams with IDs greater than the GoAwayId
-	// and smaller than the previous GoAway ID should be killed.
-	upperLimit := t.prevGoAwayID
-	if upperLimit == 0 { // This is the first GoAway Frame.
-		upperLimit = math.MaxUint32 // Kill all streams after the GoAway ID.
-	}
-	for streamID, stream := range t.activeStreams {
-		if streamID > id && streamID <= upperLimit {
-			// The stream was unprocessed by the server.
-			atomic.StoreUint32(&stream.unprocessed, 1)
-			t.closeStream(stream, errStreamDrain, false, http2.ErrCodeNo, statusGoAway, nil, false)
-		}
-	}
-	t.prevGoAwayID = id
-	active := len(t.activeStreams)
-	t.mu.Unlock()
-	if active == 0 {
-		t.Close()
-	}
-}
-
-// setGoAwayReason sets the value of t.goAwayReason based
-// on the GoAway frame received.
-// It expects a lock on transport's mutext to be held by
-// the caller.
-func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) {
-	t.goAwayReason = GoAwayNoReason
-	switch f.ErrCode {
-	case http2.ErrCodeEnhanceYourCalm:
-		if string(f.DebugData()) == "too_many_pings" {
-			t.goAwayReason = GoAwayTooManyPings
-		}
-	}
-}
-
-func (t *http2Client) GetGoAwayReason() GoAwayReason {
-	t.mu.Lock()
-	defer t.mu.Unlock()
-	return t.goAwayReason
-}
-
-func (t *http2Client) handleWindowUpdate(f *http2.WindowUpdateFrame) {
-	t.controlBuf.put(&incomingWindowUpdate{
-		streamID:  f.Header().StreamID,
-		increment: f.Increment,
-	})
-}
-
-// operateHeaders takes action on the decoded headers.
-func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
-	s, ok := t.getStream(frame)
-	if !ok {
-		return
-	}
-	atomic.StoreUint32(&s.bytesReceived, 1)
-	var state decodeState
-	if err := state.decodeResponseHeader(frame); err != nil {
-		t.closeStream(s, err, true, http2.ErrCodeProtocol, nil, nil, false)
-		// Something wrong. Stops reading even when there is remaining.
-		return
-	}
-
-	endStream := frame.StreamEnded()
-	var isHeader bool
-	defer func() {
-		if t.statsHandler != nil {
-			if isHeader {
-				inHeader := &stats.InHeader{
-					Client:     true,
-					WireLength: int(frame.Header().Length),
-				}
-				t.statsHandler.HandleRPC(s.ctx, inHeader)
-			} else {
-				inTrailer := &stats.InTrailer{
-					Client:     true,
-					WireLength: int(frame.Header().Length),
-				}
-				t.statsHandler.HandleRPC(s.ctx, inTrailer)
-			}
-		}
-	}()
-	// If headers haven't been received yet.
-	if atomic.SwapUint32(&s.headerDone, 1) == 0 {
-		if !endStream {
-			// Headers frame is not actually a trailers-only frame.
-			isHeader = true
-			// These values can be set without any synchronization because
-			// stream goroutine will read it only after seeing a closed
-			// headerChan which we'll close after setting this.
-			s.recvCompress = state.encoding
-			if len(state.mdata) > 0 {
-				s.header = state.mdata
-			}
-		}
-		close(s.headerChan)
-	}
-	if !endStream {
-		return
-	}
-	t.closeStream(s, io.EOF, false, http2.ErrCodeNo, state.status(), state.mdata, true)
-}
-
-// reader runs as a separate goroutine in charge of reading data from network
-// connection.
-//
-// TODO(zhaoq): currently one reader per transport. Investigate whether this is
-// optimal.
-// TODO(zhaoq): Check the validity of the incoming frame sequence.
-func (t *http2Client) reader() {
-	defer close(t.readerDone)
-	// Check the validity of server preface.
-	frame, err := t.framer.fr.ReadFrame()
-	if err != nil {
-		t.Close()
-		return
-	}
-	atomic.CompareAndSwapUint32(&t.activity, 0, 1)
-	sf, ok := frame.(*http2.SettingsFrame)
-	if !ok {
-		t.Close()
-		return
-	}
-	t.onSuccess()
-	t.handleSettings(sf, true)
-
-	// loop to keep reading incoming messages on this transport.
-	for {
-		frame, err := t.framer.fr.ReadFrame()
-		atomic.CompareAndSwapUint32(&t.activity, 0, 1)
-		if err != nil {
-			// Abort an active stream if the http2.Framer returns a
-			// http2.StreamError. This can happen only if the server's response
-			// is malformed http2.
-			if se, ok := err.(http2.StreamError); ok {
-				t.mu.Lock()
-				s := t.activeStreams[se.StreamID]
-				t.mu.Unlock()
-				if s != nil {
-					// use error detail to provide better err message
-					t.closeStream(s, streamErrorf(http2ErrConvTab[se.Code], "%v", t.framer.fr.ErrorDetail()), true, http2.ErrCodeProtocol, nil, nil, false)
-				}
-				continue
-			} else {
-				// Transport error.
-				t.Close()
-				return
-			}
-		}
-		switch frame := frame.(type) {
-		case *http2.MetaHeadersFrame:
-			t.operateHeaders(frame)
-		case *http2.DataFrame:
-			t.handleData(frame)
-		case *http2.RSTStreamFrame:
-			t.handleRSTStream(frame)
-		case *http2.SettingsFrame:
-			t.handleSettings(frame, false)
-		case *http2.PingFrame:
-			t.handlePing(frame)
-		case *http2.GoAwayFrame:
-			t.handleGoAway(frame)
-		case *http2.WindowUpdateFrame:
-			t.handleWindowUpdate(frame)
-		default:
-			errorf("transport: http2Client.reader got unhandled frame type %v.", frame)
-		}
-	}
-}
-
-// keepalive running in a separate goroutune makes sure the connection is alive by sending pings.
-func (t *http2Client) keepalive() {
-	p := &ping{data: [8]byte{}}
-	timer := time.NewTimer(t.kp.Time)
-	for {
-		select {
-		case <-timer.C:
-			if atomic.CompareAndSwapUint32(&t.activity, 1, 0) {
-				timer.Reset(t.kp.Time)
-				continue
-			}
-			// Check if keepalive should go dormant.
-			t.mu.Lock()
-			if len(t.activeStreams) < 1 && !t.kp.PermitWithoutStream {
-				// Make awakenKeepalive writable.
-				<-t.awakenKeepalive
-				t.mu.Unlock()
-				select {
-				case <-t.awakenKeepalive:
-					// If the control gets here a ping has been sent
-					// need to reset the timer with keepalive.Timeout.
-				case <-t.ctx.Done():
-					return
-				}
-			} else {
-				t.mu.Unlock()
-				if channelz.IsOn() {
-					t.czmu.Lock()
-					t.kpCount++
-					t.czmu.Unlock()
-				}
-				// Send ping.
-				t.controlBuf.put(p)
-			}
-
-			// By the time control gets here a ping has been sent one way or the other.
-			timer.Reset(t.kp.Timeout)
-			select {
-			case <-timer.C:
-				if atomic.CompareAndSwapUint32(&t.activity, 1, 0) {
-					timer.Reset(t.kp.Time)
-					continue
-				}
-				t.Close()
-				return
-			case <-t.ctx.Done():
-				if !timer.Stop() {
-					<-timer.C
-				}
-				return
-			}
-		case <-t.ctx.Done():
-			if !timer.Stop() {
-				<-timer.C
-			}
-			return
-		}
-	}
-}
-
-func (t *http2Client) Error() <-chan struct{} {
-	return t.ctx.Done()
-}
-
-func (t *http2Client) GoAway() <-chan struct{} {
-	return t.goAway
-}
-
-func (t *http2Client) ChannelzMetric() *channelz.SocketInternalMetric {
-	t.czmu.RLock()
-	s := channelz.SocketInternalMetric{
-		StreamsStarted:                  t.streamsStarted,
-		StreamsSucceeded:                t.streamsSucceeded,
-		StreamsFailed:                   t.streamsFailed,
-		MessagesSent:                    t.msgSent,
-		MessagesReceived:                t.msgRecv,
-		KeepAlivesSent:                  t.kpCount,
-		LastLocalStreamCreatedTimestamp: t.lastStreamCreated,
-		LastMessageSentTimestamp:        t.lastMsgSent,
-		LastMessageReceivedTimestamp:    t.lastMsgRecv,
-		LocalFlowControlWindow:          int64(t.fc.getSize()),
-		//socket options
-		LocalAddr:  t.localAddr,
-		RemoteAddr: t.remoteAddr,
-		// Security
-		// RemoteName :
-	}
-	t.czmu.RUnlock()
-	s.RemoteFlowControlWindow = t.getOutFlowWindow()
-	return &s
-}
-
-func (t *http2Client) IncrMsgSent() {
-	t.czmu.Lock()
-	t.msgSent++
-	t.lastMsgSent = time.Now()
-	t.czmu.Unlock()
-}
-
-func (t *http2Client) IncrMsgRecv() {
-	t.czmu.Lock()
-	t.msgRecv++
-	t.lastMsgRecv = time.Now()
-	t.czmu.Unlock()
-}
-
-func (t *http2Client) getOutFlowWindow() int64 {
-	resp := make(chan uint32, 1)
-	timer := time.NewTimer(time.Second)
-	defer timer.Stop()
-	t.controlBuf.put(&outFlowControlSizeRequest{resp})
-	select {
-	case sz := <-resp:
-		return int64(sz)
-	case <-t.ctxDone:
-		return -1
-	case <-timer.C:
-		return -2
-	}
-}
diff --git a/vendor/google.golang.org/grpc/transport/http2_server.go b/vendor/google.golang.org/grpc/transport/http2_server.go
deleted file mode 100644
index 8b93e222e9ecb..0000000000000
--- a/vendor/google.golang.org/grpc/transport/http2_server.go
+++ /dev/null
@@ -1,1136 +0,0 @@
-/*
- *
- * Copyright 2014 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package transport
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"math"
-	"math/rand"
-	"net"
-	"strconv"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
-	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/hpack"
-
-	"google.golang.org/grpc/channelz"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/credentials"
-	"google.golang.org/grpc/keepalive"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/peer"
-	"google.golang.org/grpc/stats"
-	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/tap"
-)
-
-// ErrIllegalHeaderWrite indicates that setting header is illegal because of
-// the stream's state.
-var ErrIllegalHeaderWrite = errors.New("transport: the stream is done or WriteHeader was already called")
-
-// http2Server implements the ServerTransport interface with HTTP2.
-type http2Server struct {
-	ctx         context.Context
-	ctxDone     <-chan struct{} // Cache the context.Done() chan
-	cancel      context.CancelFunc
-	conn        net.Conn
-	loopy       *loopyWriter
-	readerDone  chan struct{} // sync point to enable testing.
-	writerDone  chan struct{} // sync point to enable testing.
-	remoteAddr  net.Addr
-	localAddr   net.Addr
-	maxStreamID uint32               // max stream ID ever seen
-	authInfo    credentials.AuthInfo // auth info about the connection
-	inTapHandle tap.ServerInHandle
-	framer      *framer
-	// The max number of concurrent streams.
-	maxStreams uint32
-	// controlBuf delivers all the control related tasks (e.g., window
-	// updates, reset streams, and various settings) to the controller.
-	controlBuf *controlBuffer
-	fc         *trInFlow
-	stats      stats.Handler
-	// Flag to keep track of reading activity on transport.
-	// 1 is true and 0 is false.
-	activity uint32 // Accessed atomically.
-	// Keepalive and max-age parameters for the server.
-	kp keepalive.ServerParameters
-
-	// Keepalive enforcement policy.
-	kep keepalive.EnforcementPolicy
-	// The time instance last ping was received.
-	lastPingAt time.Time
-	// Number of times the client has violated keepalive ping policy so far.
-	pingStrikes uint8
-	// Flag to signify that number of ping strikes should be reset to 0.
-	// This is set whenever data or header frames are sent.
-	// 1 means yes.
-	resetPingStrikes  uint32 // Accessed atomically.
-	initialWindowSize int32
-	bdpEst            *bdpEstimator
-
-	mu sync.Mutex // guard the following
-
-	// drainChan is initialized when drain(...) is called the first time.
-	// After which the server writes out the first GoAway(with ID 2^31-1) frame.
-	// Then an independent goroutine will be launched to later send the second GoAway.
-	// During this time we don't want to write another first GoAway(with ID 2^31 -1) frame.
-	// Thus call to drain(...) will be a no-op if drainChan is already initialized since draining is
-	// already underway.
-	drainChan     chan struct{}
-	state         transportState
-	activeStreams map[uint32]*Stream
-	// idle is the time instant when the connection went idle.
-	// This is either the beginning of the connection or when the number of
-	// RPCs go down to 0.
-	// When the connection is busy, this value is set to 0.
-	idle time.Time
-
-	// Fields below are for channelz metric collection.
-	channelzID int64 // channelz unique identification number
-	czmu       sync.RWMutex
-	kpCount    int64
-	// The number of streams that have started, including already finished ones.
-	streamsStarted int64
-	// The number of streams that have ended successfully by sending frame with
-	// EoS bit set.
-	streamsSucceeded  int64
-	streamsFailed     int64
-	lastStreamCreated time.Time
-	msgSent           int64
-	msgRecv           int64
-	lastMsgSent       time.Time
-	lastMsgRecv       time.Time
-}
-
-// newHTTP2Server constructs a ServerTransport based on HTTP2. ConnectionError is
-// returned if something goes wrong.
-func newHTTP2Server(conn net.Conn, config *ServerConfig) (_ ServerTransport, err error) {
-	writeBufSize := defaultWriteBufSize
-	if config.WriteBufferSize > 0 {
-		writeBufSize = config.WriteBufferSize
-	}
-	readBufSize := defaultReadBufSize
-	if config.ReadBufferSize > 0 {
-		readBufSize = config.ReadBufferSize
-	}
-	framer := newFramer(conn, writeBufSize, readBufSize)
-	// Send initial settings as connection preface to client.
-	var isettings []http2.Setting
-	// TODO(zhaoq): Have a better way to signal "no limit" because 0 is
-	// permitted in the HTTP2 spec.
-	maxStreams := config.MaxStreams
-	if maxStreams == 0 {
-		maxStreams = math.MaxUint32
-	} else {
-		isettings = append(isettings, http2.Setting{
-			ID:  http2.SettingMaxConcurrentStreams,
-			Val: maxStreams,
-		})
-	}
-	dynamicWindow := true
-	iwz := int32(initialWindowSize)
-	if config.InitialWindowSize >= defaultWindowSize {
-		iwz = config.InitialWindowSize
-		dynamicWindow = false
-	}
-	icwz := int32(initialWindowSize)
-	if config.InitialConnWindowSize >= defaultWindowSize {
-		icwz = config.InitialConnWindowSize
-		dynamicWindow = false
-	}
-	if iwz != defaultWindowSize {
-		isettings = append(isettings, http2.Setting{
-			ID:  http2.SettingInitialWindowSize,
-			Val: uint32(iwz)})
-	}
-	if err := framer.fr.WriteSettings(isettings...); err != nil {
-		return nil, connectionErrorf(false, err, "transport: %v", err)
-	}
-	// Adjust the connection flow control window if needed.
-	if delta := uint32(icwz - defaultWindowSize); delta > 0 {
-		if err := framer.fr.WriteWindowUpdate(0, delta); err != nil {
-			return nil, connectionErrorf(false, err, "transport: %v", err)
-		}
-	}
-	kp := config.KeepaliveParams
-	if kp.MaxConnectionIdle == 0 {
-		kp.MaxConnectionIdle = defaultMaxConnectionIdle
-	}
-	if kp.MaxConnectionAge == 0 {
-		kp.MaxConnectionAge = defaultMaxConnectionAge
-	}
-	// Add a jitter to MaxConnectionAge.
-	kp.MaxConnectionAge += getJitter(kp.MaxConnectionAge)
-	if kp.MaxConnectionAgeGrace == 0 {
-		kp.MaxConnectionAgeGrace = defaultMaxConnectionAgeGrace
-	}
-	if kp.Time == 0 {
-		kp.Time = defaultServerKeepaliveTime
-	}
-	if kp.Timeout == 0 {
-		kp.Timeout = defaultServerKeepaliveTimeout
-	}
-	kep := config.KeepalivePolicy
-	if kep.MinTime == 0 {
-		kep.MinTime = defaultKeepalivePolicyMinTime
-	}
-	ctx, cancel := context.WithCancel(context.Background())
-	t := &http2Server{
-		ctx:               ctx,
-		cancel:            cancel,
-		ctxDone:           ctx.Done(),
-		conn:              conn,
-		remoteAddr:        conn.RemoteAddr(),
-		localAddr:         conn.LocalAddr(),
-		authInfo:          config.AuthInfo,
-		framer:            framer,
-		readerDone:        make(chan struct{}),
-		writerDone:        make(chan struct{}),
-		maxStreams:        maxStreams,
-		inTapHandle:       config.InTapHandle,
-		fc:                &trInFlow{limit: uint32(icwz)},
-		state:             reachable,
-		activeStreams:     make(map[uint32]*Stream),
-		stats:             config.StatsHandler,
-		kp:                kp,
-		idle:              time.Now(),
-		kep:               kep,
-		initialWindowSize: iwz,
-	}
-	t.controlBuf = newControlBuffer(t.ctxDone)
-	if dynamicWindow {
-		t.bdpEst = &bdpEstimator{
-			bdp:               initialWindowSize,
-			updateFlowControl: t.updateFlowControl,
-		}
-	}
-	if t.stats != nil {
-		t.ctx = t.stats.TagConn(t.ctx, &stats.ConnTagInfo{
-			RemoteAddr: t.remoteAddr,
-			LocalAddr:  t.localAddr,
-		})
-		connBegin := &stats.ConnBegin{}
-		t.stats.HandleConn(t.ctx, connBegin)
-	}
-	if channelz.IsOn() {
-		t.channelzID = channelz.RegisterNormalSocket(t, config.ChannelzParentID, "")
-	}
-	t.framer.writer.Flush()
-
-	defer func() {
-		if err != nil {
-			t.Close()
-		}
-	}()
-
-	// Check the validity of client preface.
-	preface := make([]byte, len(clientPreface))
-	if _, err := io.ReadFull(t.conn, preface); err != nil {
-		return nil, connectionErrorf(false, err, "transport: http2Server.HandleStreams failed to receive the preface from client: %v", err)
-	}
-	if !bytes.Equal(preface, clientPreface) {
-		return nil, connectionErrorf(false, nil, "transport: http2Server.HandleStreams received bogus greeting from client: %q", preface)
-	}
-
-	frame, err := t.framer.fr.ReadFrame()
-	if err == io.EOF || err == io.ErrUnexpectedEOF {
-		return nil, err
-	}
-	if err != nil {
-		return nil, connectionErrorf(false, err, "transport: http2Server.HandleStreams failed to read initial settings frame: %v", err)
-	}
-	atomic.StoreUint32(&t.activity, 1)
-	sf, ok := frame.(*http2.SettingsFrame)
-	if !ok {
-		return nil, connectionErrorf(false, nil, "transport: http2Server.HandleStreams saw invalid preface type %T from client", frame)
-	}
-	t.handleSettings(sf)
-
-	go func() {
-		t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst)
-		t.loopy.ssGoAwayHandler = t.outgoingGoAwayHandler
-		t.loopy.run()
-		t.conn.Close()
-		close(t.writerDone)
-	}()
-	go t.keepalive()
-	return t, nil
-}
-
-// operateHeader takes action on the decoded headers.
-func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream), traceCtx func(context.Context, string) context.Context) (close bool) {
-	streamID := frame.Header().StreamID
-	var state decodeState
-	for _, hf := range frame.Fields {
-		if err := state.processHeaderField(hf); err != nil {
-			if se, ok := err.(StreamError); ok {
-				t.controlBuf.put(&cleanupStream{
-					streamID: streamID,
-					rst:      true,
-					rstCode:  statusCodeConvTab[se.Code],
-					onWrite:  func() {},
-				})
-			}
-			return
-		}
-	}
-
-	buf := newRecvBuffer()
-	s := &Stream{
-		id:             streamID,
-		st:             t,
-		buf:            buf,
-		fc:             &inFlow{limit: uint32(t.initialWindowSize)},
-		recvCompress:   state.encoding,
-		method:         state.method,
-		contentSubtype: state.contentSubtype,
-	}
-	if frame.StreamEnded() {
-		// s is just created by the caller. No lock needed.
-		s.state = streamReadDone
-	}
-	if state.timeoutSet {
-		s.ctx, s.cancel = context.WithTimeout(t.ctx, state.timeout)
-	} else {
-		s.ctx, s.cancel = context.WithCancel(t.ctx)
-	}
-	pr := &peer.Peer{
-		Addr: t.remoteAddr,
-	}
-	// Attach Auth info if there is any.
-	if t.authInfo != nil {
-		pr.AuthInfo = t.authInfo
-	}
-	s.ctx = peer.NewContext(s.ctx, pr)
-	// Attach the received metadata to the context.
-	if len(state.mdata) > 0 {
-		s.ctx = metadata.NewIncomingContext(s.ctx, state.mdata)
-	}
-	if state.statsTags != nil {
-		s.ctx = stats.SetIncomingTags(s.ctx, state.statsTags)
-	}
-	if state.statsTrace != nil {
-		s.ctx = stats.SetIncomingTrace(s.ctx, state.statsTrace)
-	}
-	if t.inTapHandle != nil {
-		var err error
-		info := &tap.Info{
-			FullMethodName: state.method,
-		}
-		s.ctx, err = t.inTapHandle(s.ctx, info)
-		if err != nil {
-			warningf("transport: http2Server.operateHeaders got an error from InTapHandle: %v", err)
-			t.controlBuf.put(&cleanupStream{
-				streamID: s.id,
-				rst:      true,
-				rstCode:  http2.ErrCodeRefusedStream,
-				onWrite:  func() {},
-			})
-			return
-		}
-	}
-	t.mu.Lock()
-	if t.state != reachable {
-		t.mu.Unlock()
-		return
-	}
-	if uint32(len(t.activeStreams)) >= t.maxStreams {
-		t.mu.Unlock()
-		t.controlBuf.put(&cleanupStream{
-			streamID: streamID,
-			rst:      true,
-			rstCode:  http2.ErrCodeRefusedStream,
-			onWrite:  func() {},
-		})
-		return
-	}
-	if streamID%2 != 1 || streamID <= t.maxStreamID {
-		t.mu.Unlock()
-		// illegal gRPC stream id.
-		errorf("transport: http2Server.HandleStreams received an illegal stream id: %v", streamID)
-		return true
-	}
-	t.maxStreamID = streamID
-	t.activeStreams[streamID] = s
-	if len(t.activeStreams) == 1 {
-		t.idle = time.Time{}
-	}
-	t.mu.Unlock()
-	if channelz.IsOn() {
-		t.czmu.Lock()
-		t.streamsStarted++
-		t.lastStreamCreated = time.Now()
-		t.czmu.Unlock()
-	}
-	s.requestRead = func(n int) {
-		t.adjustWindow(s, uint32(n))
-	}
-	s.ctx = traceCtx(s.ctx, s.method)
-	if t.stats != nil {
-		s.ctx = t.stats.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
-		inHeader := &stats.InHeader{
-			FullMethod:  s.method,
-			RemoteAddr:  t.remoteAddr,
-			LocalAddr:   t.localAddr,
-			Compression: s.recvCompress,
-			WireLength:  int(frame.Header().Length),
-		}
-		t.stats.HandleRPC(s.ctx, inHeader)
-	}
-	s.ctxDone = s.ctx.Done()
-	s.wq = newWriteQuota(defaultWriteQuota, s.ctxDone)
-	s.trReader = &transportReader{
-		reader: &recvBufferReader{
-			ctx:     s.ctx,
-			ctxDone: s.ctxDone,
-			recv:    s.buf,
-		},
-		windowHandler: func(n int) {
-			t.updateWindow(s, uint32(n))
-		},
-	}
-	handle(s)
-	return
-}
-
-// HandleStreams receives incoming streams using the given handler. This is
-// typically run in a separate goroutine.
-// traceCtx attaches trace to ctx and returns the new context.
-func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.Context, string) context.Context) {
-	defer close(t.readerDone)
-	for {
-		frame, err := t.framer.fr.ReadFrame()
-		atomic.StoreUint32(&t.activity, 1)
-		if err != nil {
-			if se, ok := err.(http2.StreamError); ok {
-				warningf("transport: http2Server.HandleStreams encountered http2.StreamError: %v", se)
-				t.mu.Lock()
-				s := t.activeStreams[se.StreamID]
-				t.mu.Unlock()
-				if s != nil {
-					t.closeStream(s, true, se.Code, nil, false)
-				} else {
-					t.controlBuf.put(&cleanupStream{
-						streamID: se.StreamID,
-						rst:      true,
-						rstCode:  se.Code,
-						onWrite:  func() {},
-					})
-				}
-				continue
-			}
-			if err == io.EOF || err == io.ErrUnexpectedEOF {
-				t.Close()
-				return
-			}
-			warningf("transport: http2Server.HandleStreams failed to read frame: %v", err)
-			t.Close()
-			return
-		}
-		switch frame := frame.(type) {
-		case *http2.MetaHeadersFrame:
-			if t.operateHeaders(frame, handle, traceCtx) {
-				t.Close()
-				break
-			}
-		case *http2.DataFrame:
-			t.handleData(frame)
-		case *http2.RSTStreamFrame:
-			t.handleRSTStream(frame)
-		case *http2.SettingsFrame:
-			t.handleSettings(frame)
-		case *http2.PingFrame:
-			t.handlePing(frame)
-		case *http2.WindowUpdateFrame:
-			t.handleWindowUpdate(frame)
-		case *http2.GoAwayFrame:
-			// TODO: Handle GoAway from the client appropriately.
-		default:
-			errorf("transport: http2Server.HandleStreams found unhandled frame type %v.", frame)
-		}
-	}
-}
-
-func (t *http2Server) getStream(f http2.Frame) (*Stream, bool) {
-	t.mu.Lock()
-	defer t.mu.Unlock()
-	if t.activeStreams == nil {
-		// The transport is closing.
-		return nil, false
-	}
-	s, ok := t.activeStreams[f.Header().StreamID]
-	if !ok {
-		// The stream is already done.
-		return nil, false
-	}
-	return s, true
-}
-
-// adjustWindow sends out extra window update over the initial window size
-// of stream if the application is requesting data larger in size than
-// the window.
-func (t *http2Server) adjustWindow(s *Stream, n uint32) {
-	if w := s.fc.maybeAdjust(n); w > 0 {
-		t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w})
-	}
-
-}
-
-// updateWindow adjusts the inbound quota for the stream and the transport.
-// Window updates will deliver to the controller for sending when
-// the cumulative quota exceeds the corresponding threshold.
-func (t *http2Server) updateWindow(s *Stream, n uint32) {
-	if w := s.fc.onRead(n); w > 0 {
-		t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id,
-			increment: w,
-		})
-	}
-}
-
-// updateFlowControl updates the incoming flow control windows
-// for the transport and the stream based on the current bdp
-// estimation.
-func (t *http2Server) updateFlowControl(n uint32) {
-	t.mu.Lock()
-	for _, s := range t.activeStreams {
-		s.fc.newLimit(n)
-	}
-	t.initialWindowSize = int32(n)
-	t.mu.Unlock()
-	t.controlBuf.put(&outgoingWindowUpdate{
-		streamID:  0,
-		increment: t.fc.newLimit(n),
-	})
-	t.controlBuf.put(&outgoingSettings{
-		ss: []http2.Setting{
-			{
-				ID:  http2.SettingInitialWindowSize,
-				Val: n,
-			},
-		},
-	})
-
-}
-
-func (t *http2Server) handleData(f *http2.DataFrame) {
-	size := f.Header().Length
-	var sendBDPPing bool
-	if t.bdpEst != nil {
-		sendBDPPing = t.bdpEst.add(size)
-	}
-	// Decouple connection's flow control from application's read.
-	// An update on connection's flow control should not depend on
-	// whether user application has read the data or not. Such a
-	// restriction is already imposed on the stream's flow control,
-	// and therefore the sender will be blocked anyways.
-	// Decoupling the connection flow control will prevent other
-	// active(fast) streams from starving in presence of slow or
-	// inactive streams.
-	if w := t.fc.onData(size); w > 0 {
-		t.controlBuf.put(&outgoingWindowUpdate{
-			streamID:  0,
-			increment: w,
-		})
-	}
-	if sendBDPPing {
-		// Avoid excessive ping detection (e.g. in an L7 proxy)
-		// by sending a window update prior to the BDP ping.
-		if w := t.fc.reset(); w > 0 {
-			t.controlBuf.put(&outgoingWindowUpdate{
-				streamID:  0,
-				increment: w,
-			})
-		}
-		t.controlBuf.put(bdpPing)
-	}
-	// Select the right stream to dispatch.
-	s, ok := t.getStream(f)
-	if !ok {
-		return
-	}
-	if size > 0 {
-		if err := s.fc.onData(size); err != nil {
-			t.closeStream(s, true, http2.ErrCodeFlowControl, nil, false)
-			return
-		}
-		if f.Header().Flags.Has(http2.FlagDataPadded) {
-			if w := s.fc.onRead(size - uint32(len(f.Data()))); w > 0 {
-				t.controlBuf.put(&outgoingWindowUpdate{s.id, w})
-			}
-		}
-		// TODO(bradfitz, zhaoq): A copy is required here because there is no
-		// guarantee f.Data() is consumed before the arrival of next frame.
-		// Can this copy be eliminated?
-		if len(f.Data()) > 0 {
-			data := make([]byte, len(f.Data()))
-			copy(data, f.Data())
-			s.write(recvMsg{data: data})
-		}
-	}
-	if f.Header().Flags.Has(http2.FlagDataEndStream) {
-		// Received the end of stream from the client.
-		s.compareAndSwapState(streamActive, streamReadDone)
-		s.write(recvMsg{err: io.EOF})
-	}
-}
-
-func (t *http2Server) handleRSTStream(f *http2.RSTStreamFrame) {
-	s, ok := t.getStream(f)
-	if !ok {
-		return
-	}
-	t.closeStream(s, false, 0, nil, false)
-}
-
-func (t *http2Server) handleSettings(f *http2.SettingsFrame) {
-	if f.IsAck() {
-		return
-	}
-	var ss []http2.Setting
-	f.ForeachSetting(func(s http2.Setting) error {
-		ss = append(ss, s)
-		return nil
-	})
-	t.controlBuf.put(&incomingSettings{
-		ss: ss,
-	})
-}
-
-const (
-	maxPingStrikes     = 2
-	defaultPingTimeout = 2 * time.Hour
-)
-
-func (t *http2Server) handlePing(f *http2.PingFrame) {
-	if f.IsAck() {
-		if f.Data == goAwayPing.data && t.drainChan != nil {
-			close(t.drainChan)
-			return
-		}
-		// Maybe it's a BDP ping.
-		if t.bdpEst != nil {
-			t.bdpEst.calculate(f.Data)
-		}
-		return
-	}
-	pingAck := &ping{ack: true}
-	copy(pingAck.data[:], f.Data[:])
-	t.controlBuf.put(pingAck)
-
-	now := time.Now()
-	defer func() {
-		t.lastPingAt = now
-	}()
-	// A reset ping strikes means that we don't need to check for policy
-	// violation for this ping and the pingStrikes counter should be set
-	// to 0.
-	if atomic.CompareAndSwapUint32(&t.resetPingStrikes, 1, 0) {
-		t.pingStrikes = 0
-		return
-	}
-	t.mu.Lock()
-	ns := len(t.activeStreams)
-	t.mu.Unlock()
-	if ns < 1 && !t.kep.PermitWithoutStream {
-		// Keepalive shouldn't be active thus, this new ping should
-		// have come after at least defaultPingTimeout.
-		if t.lastPingAt.Add(defaultPingTimeout).After(now) {
-			t.pingStrikes++
-		}
-	} else {
-		// Check if keepalive policy is respected.
-		if t.lastPingAt.Add(t.kep.MinTime).After(now) {
-			t.pingStrikes++
-		}
-	}
-
-	if t.pingStrikes > maxPingStrikes {
-		// Send goaway and close the connection.
-		errorf("transport: Got too many pings from the client, closing the connection.")
-		t.controlBuf.put(&goAway{code: http2.ErrCodeEnhanceYourCalm, debugData: []byte("too_many_pings"), closeConn: true})
-	}
-}
-
-func (t *http2Server) handleWindowUpdate(f *http2.WindowUpdateFrame) {
-	t.controlBuf.put(&incomingWindowUpdate{
-		streamID:  f.Header().StreamID,
-		increment: f.Increment,
-	})
-}
-
-// WriteHeader sends the header metedata md back to the client.
-func (t *http2Server) WriteHeader(s *Stream, md metadata.MD) error {
-	if s.headerOk || s.getState() == streamDone {
-		return ErrIllegalHeaderWrite
-	}
-	s.headerOk = true
-	if md.Len() > 0 {
-		if s.header.Len() > 0 {
-			s.header = metadata.Join(s.header, md)
-		} else {
-			s.header = md
-		}
-	}
-	md = s.header
-	// TODO(mmukhi): Benchmark if the performance gets better if count the metadata and other header fields
-	// first and create a slice of that exact size.
-	headerFields := make([]hpack.HeaderField, 0, 2) // at least :status, content-type will be there if none else.
-	headerFields = append(headerFields, hpack.HeaderField{Name: ":status", Value: "200"})
-	headerFields = append(headerFields, hpack.HeaderField{Name: "content-type", Value: contentType(s.contentSubtype)})
-	if s.sendCompress != "" {
-		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-encoding", Value: s.sendCompress})
-	}
-	for k, vv := range md {
-		if isReservedHeader(k) {
-			// Clients don't tolerate reading restricted headers after some non restricted ones were sent.
-			continue
-		}
-		for _, v := range vv {
-			headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
-		}
-	}
-	t.controlBuf.put(&headerFrame{
-		streamID:  s.id,
-		hf:        headerFields,
-		endStream: false,
-		onWrite: func() {
-			atomic.StoreUint32(&t.resetPingStrikes, 1)
-		},
-		wq: s.wq,
-	})
-	if t.stats != nil {
-		// Note: WireLength is not set in outHeader.
-		// TODO(mmukhi): Revisit this later, if needed.
-		outHeader := &stats.OutHeader{}
-		t.stats.HandleRPC(s.Context(), outHeader)
-	}
-	return nil
-}
-
-// WriteStatus sends stream status to the client and terminates the stream.
-// There is no further I/O operations being able to perform on this stream.
-// TODO(zhaoq): Now it indicates the end of entire stream. Revisit if early
-// OK is adopted.
-func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error {
-	if !s.headerOk && s.header.Len() > 0 {
-		if err := t.WriteHeader(s, nil); err != nil {
-			return err
-		}
-	} else {
-		if s.getState() == streamDone {
-			return nil
-		}
-	}
-	// TODO(mmukhi): Benchmark if the performance gets better if count the metadata and other header fields
-	// first and create a slice of that exact size.
-	headerFields := make([]hpack.HeaderField, 0, 2) // grpc-status and grpc-message will be there if none else.
-	if !s.headerOk {
-		headerFields = append(headerFields, hpack.HeaderField{Name: ":status", Value: "200"})
-		headerFields = append(headerFields, hpack.HeaderField{Name: "content-type", Value: contentType(s.contentSubtype)})
-	}
-	headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status", Value: strconv.Itoa(int(st.Code()))})
-	headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(st.Message())})
-
-	if p := st.Proto(); p != nil && len(p.Details) > 0 {
-		stBytes, err := proto.Marshal(p)
-		if err != nil {
-			// TODO: return error instead, when callers are able to handle it.
-			panic(err)
-		}
-
-		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status-details-bin", Value: encodeBinHeader(stBytes)})
-	}
-
-	// Attach the trailer metadata.
-	for k, vv := range s.trailer {
-		// Clients don't tolerate reading restricted headers after some non restricted ones were sent.
-		if isReservedHeader(k) {
-			continue
-		}
-		for _, v := range vv {
-			headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)})
-		}
-	}
-	trailer := &headerFrame{
-		streamID:  s.id,
-		hf:        headerFields,
-		endStream: true,
-		onWrite: func() {
-			atomic.StoreUint32(&t.resetPingStrikes, 1)
-		},
-	}
-	t.closeStream(s, false, 0, trailer, true)
-	if t.stats != nil {
-		t.stats.HandleRPC(s.Context(), &stats.OutTrailer{})
-	}
-	return nil
-}
-
-// Write converts the data into HTTP2 data frame and sends it out. Non-nil error
-// is returns if it fails (e.g., framing error, transport error).
-func (t *http2Server) Write(s *Stream, hdr []byte, data []byte, opts *Options) error {
-	if !s.headerOk { // Headers haven't been written yet.
-		if err := t.WriteHeader(s, nil); err != nil {
-			// TODO(mmukhi, dfawley): Make sure this is the right code to return.
-			return streamErrorf(codes.Internal, "transport: %v", err)
-		}
-	} else {
-		// Writing headers checks for this condition.
-		if s.getState() == streamDone {
-			// TODO(mmukhi, dfawley): Should the server write also return io.EOF?
-			s.cancel()
-			select {
-			case <-t.ctx.Done():
-				return ErrConnClosing
-			default:
-			}
-			return ContextErr(s.ctx.Err())
-		}
-	}
-	// Add some data to header frame so that we can equally distribute bytes across frames.
-	emptyLen := http2MaxFrameLen - len(hdr)
-	if emptyLen > len(data) {
-		emptyLen = len(data)
-	}
-	hdr = append(hdr, data[:emptyLen]...)
-	data = data[emptyLen:]
-	df := &dataFrame{
-		streamID: s.id,
-		h:        hdr,
-		d:        data,
-		onEachWrite: func() {
-			atomic.StoreUint32(&t.resetPingStrikes, 1)
-		},
-	}
-	if err := s.wq.get(int32(len(hdr) + len(data))); err != nil {
-		select {
-		case <-t.ctx.Done():
-			return ErrConnClosing
-		default:
-		}
-		return ContextErr(s.ctx.Err())
-	}
-	return t.controlBuf.put(df)
-}
-
-// keepalive running in a separate goroutine does the following:
-// 1. Gracefully closes an idle connection after a duration of keepalive.MaxConnectionIdle.
-// 2. Gracefully closes any connection after a duration of keepalive.MaxConnectionAge.
-// 3. Forcibly closes a connection after an additive period of keepalive.MaxConnectionAgeGrace over keepalive.MaxConnectionAge.
-// 4. Makes sure a connection is alive by sending pings with a frequency of keepalive.Time and closes a non-responsive connection
-// after an additional duration of keepalive.Timeout.
-func (t *http2Server) keepalive() {
-	p := &ping{}
-	var pingSent bool
-	maxIdle := time.NewTimer(t.kp.MaxConnectionIdle)
-	maxAge := time.NewTimer(t.kp.MaxConnectionAge)
-	keepalive := time.NewTimer(t.kp.Time)
-	// NOTE: All exit paths of this function should reset their
-	// respective timers. A failure to do so will cause the
-	// following clean-up to deadlock and eventually leak.
-	defer func() {
-		if !maxIdle.Stop() {
-			<-maxIdle.C
-		}
-		if !maxAge.Stop() {
-			<-maxAge.C
-		}
-		if !keepalive.Stop() {
-			<-keepalive.C
-		}
-	}()
-	for {
-		select {
-		case <-maxIdle.C:
-			t.mu.Lock()
-			idle := t.idle
-			if idle.IsZero() { // The connection is non-idle.
-				t.mu.Unlock()
-				maxIdle.Reset(t.kp.MaxConnectionIdle)
-				continue
-			}
-			val := t.kp.MaxConnectionIdle - time.Since(idle)
-			t.mu.Unlock()
-			if val <= 0 {
-				// The connection has been idle for a duration of keepalive.MaxConnectionIdle or more.
-				// Gracefully close the connection.
-				t.drain(http2.ErrCodeNo, []byte{})
-				// Resetting the timer so that the clean-up doesn't deadlock.
-				maxIdle.Reset(infinity)
-				return
-			}
-			maxIdle.Reset(val)
-		case <-maxAge.C:
-			t.drain(http2.ErrCodeNo, []byte{})
-			maxAge.Reset(t.kp.MaxConnectionAgeGrace)
-			select {
-			case <-maxAge.C:
-				// Close the connection after grace period.
-				t.Close()
-				// Resetting the timer so that the clean-up doesn't deadlock.
-				maxAge.Reset(infinity)
-			case <-t.ctx.Done():
-			}
-			return
-		case <-keepalive.C:
-			if atomic.CompareAndSwapUint32(&t.activity, 1, 0) {
-				pingSent = false
-				keepalive.Reset(t.kp.Time)
-				continue
-			}
-			if pingSent {
-				t.Close()
-				// Resetting the timer so that the clean-up doesn't deadlock.
-				keepalive.Reset(infinity)
-				return
-			}
-			pingSent = true
-			if channelz.IsOn() {
-				t.czmu.Lock()
-				t.kpCount++
-				t.czmu.Unlock()
-			}
-			t.controlBuf.put(p)
-			keepalive.Reset(t.kp.Timeout)
-		case <-t.ctx.Done():
-			return
-		}
-	}
-}
-
-// Close starts shutting down the http2Server transport.
-// TODO(zhaoq): Now the destruction is not blocked on any pending streams. This
-// could cause some resource issue. Revisit this later.
-func (t *http2Server) Close() error {
-	t.mu.Lock()
-	if t.state == closing {
-		t.mu.Unlock()
-		return errors.New("transport: Close() was already called")
-	}
-	t.state = closing
-	streams := t.activeStreams
-	t.activeStreams = nil
-	t.mu.Unlock()
-	t.controlBuf.finish()
-	t.cancel()
-	err := t.conn.Close()
-	if channelz.IsOn() {
-		channelz.RemoveEntry(t.channelzID)
-	}
-	// Cancel all active streams.
-	for _, s := range streams {
-		s.cancel()
-	}
-	if t.stats != nil {
-		connEnd := &stats.ConnEnd{}
-		t.stats.HandleConn(t.ctx, connEnd)
-	}
-	return err
-}
-
-// closeStream clears the footprint of a stream when the stream is not needed
-// any more.
-func (t *http2Server) closeStream(s *Stream, rst bool, rstCode http2.ErrCode, hdr *headerFrame, eosReceived bool) {
-	if s.swapState(streamDone) == streamDone {
-		// If the stream was already done, return.
-		return
-	}
-	// In case stream sending and receiving are invoked in separate
-	// goroutines (e.g., bi-directional streaming), cancel needs to be
-	// called to interrupt the potential blocking on other goroutines.
-	s.cancel()
-	cleanup := &cleanupStream{
-		streamID: s.id,
-		rst:      rst,
-		rstCode:  rstCode,
-		onWrite: func() {
-			t.mu.Lock()
-			if t.activeStreams != nil {
-				delete(t.activeStreams, s.id)
-				if len(t.activeStreams) == 0 {
-					t.idle = time.Now()
-				}
-			}
-			t.mu.Unlock()
-			if channelz.IsOn() {
-				t.czmu.Lock()
-				if eosReceived {
-					t.streamsSucceeded++
-				} else {
-					t.streamsFailed++
-				}
-				t.czmu.Unlock()
-			}
-		},
-	}
-	if hdr != nil {
-		hdr.cleanup = cleanup
-		t.controlBuf.put(hdr)
-	} else {
-		t.controlBuf.put(cleanup)
-	}
-}
-
-func (t *http2Server) RemoteAddr() net.Addr {
-	return t.remoteAddr
-}
-
-func (t *http2Server) Drain() {
-	t.drain(http2.ErrCodeNo, []byte{})
-}
-
-func (t *http2Server) drain(code http2.ErrCode, debugData []byte) {
-	t.mu.Lock()
-	defer t.mu.Unlock()
-	if t.drainChan != nil {
-		return
-	}
-	t.drainChan = make(chan struct{})
-	t.controlBuf.put(&goAway{code: code, debugData: debugData, headsUp: true})
-}
-
-var goAwayPing = &ping{data: [8]byte{1, 6, 1, 8, 0, 3, 3, 9}}
-
-// Handles outgoing GoAway and returns true if loopy needs to put itself
-// in draining mode.
-func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) {
-	t.mu.Lock()
-	if t.state == closing { // TODO(mmukhi): This seems unnecessary.
-		t.mu.Unlock()
-		// The transport is closing.
-		return false, ErrConnClosing
-	}
-	sid := t.maxStreamID
-	if !g.headsUp {
-		// Stop accepting more streams now.
-		t.state = draining
-		if len(t.activeStreams) == 0 {
-			g.closeConn = true
-		}
-		t.mu.Unlock()
-		if err := t.framer.fr.WriteGoAway(sid, g.code, g.debugData); err != nil {
-			return false, err
-		}
-		if g.closeConn {
-			// Abruptly close the connection following the GoAway (via
-			// loopywriter).  But flush out what's inside the buffer first.
-			t.framer.writer.Flush()
-			return false, fmt.Errorf("transport: Connection closing")
-		}
-		return true, nil
-	}
-	t.mu.Unlock()
-	// For a graceful close, send out a GoAway with stream ID of MaxUInt32,
-	// Follow that with a ping and wait for the ack to come back or a timer
-	// to expire. During this time accept new streams since they might have
-	// originated before the GoAway reaches the client.
-	// After getting the ack or timer expiration send out another GoAway this
-	// time with an ID of the max stream server intends to process.
-	if err := t.framer.fr.WriteGoAway(math.MaxUint32, http2.ErrCodeNo, []byte{}); err != nil {
-		return false, err
-	}
-	if err := t.framer.fr.WritePing(false, goAwayPing.data); err != nil {
-		return false, err
-	}
-	go func() {
-		timer := time.NewTimer(time.Minute)
-		defer timer.Stop()
-		select {
-		case <-t.drainChan:
-		case <-timer.C:
-		case <-t.ctx.Done():
-			return
-		}
-		t.controlBuf.put(&goAway{code: g.code, debugData: g.debugData})
-	}()
-	return false, nil
-}
-
-func (t *http2Server) ChannelzMetric() *channelz.SocketInternalMetric {
-	t.czmu.RLock()
-	s := channelz.SocketInternalMetric{
-		StreamsStarted:                   t.streamsStarted,
-		StreamsSucceeded:                 t.streamsSucceeded,
-		StreamsFailed:                    t.streamsFailed,
-		MessagesSent:                     t.msgSent,
-		MessagesReceived:                 t.msgRecv,
-		KeepAlivesSent:                   t.kpCount,
-		LastRemoteStreamCreatedTimestamp: t.lastStreamCreated,
-		LastMessageSentTimestamp:         t.lastMsgSent,
-		LastMessageReceivedTimestamp:     t.lastMsgRecv,
-		LocalFlowControlWindow:           int64(t.fc.getSize()),
-		//socket options
-		LocalAddr:  t.localAddr,
-		RemoteAddr: t.remoteAddr,
-		// Security
-		// RemoteName :
-	}
-	t.czmu.RUnlock()
-	s.RemoteFlowControlWindow = t.getOutFlowWindow()
-	return &s
-}
-
-func (t *http2Server) IncrMsgSent() {
-	t.czmu.Lock()
-	t.msgSent++
-	t.lastMsgSent = time.Now()
-	t.czmu.Unlock()
-}
-
-func (t *http2Server) IncrMsgRecv() {
-	t.czmu.Lock()
-	t.msgRecv++
-	t.lastMsgRecv = time.Now()
-	t.czmu.Unlock()
-}
-
-func (t *http2Server) getOutFlowWindow() int64 {
-	resp := make(chan uint32)
-	timer := time.NewTimer(time.Second)
-	defer timer.Stop()
-	t.controlBuf.put(&outFlowControlSizeRequest{resp})
-	select {
-	case sz := <-resp:
-		return int64(sz)
-	case <-t.ctxDone:
-		return -1
-	case <-timer.C:
-		return -2
-	}
-}
-
-var rgen = rand.New(rand.NewSource(time.Now().UnixNano()))
-
-func getJitter(v time.Duration) time.Duration {
-	if v == infinity {
-		return 0
-	}
-	// Generate a jitter between +/- 10% of the value.
-	r := int64(v / 10)
-	j := rgen.Int63n(2*r) - r
-	return time.Duration(j)
-}
diff --git a/vendor/google.golang.org/grpc/transport/http_util.go b/vendor/google.golang.org/grpc/transport/http_util.go
deleted file mode 100644
index a355866089c66..0000000000000
--- a/vendor/google.golang.org/grpc/transport/http_util.go
+++ /dev/null
@@ -1,574 +0,0 @@
-/*
- *
- * Copyright 2014 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package transport
-
-import (
-	"bufio"
-	"bytes"
-	"encoding/base64"
-	"fmt"
-	"net"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/hpack"
-	spb "google.golang.org/genproto/googleapis/rpc/status"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-)
-
-const (
-	// http2MaxFrameLen specifies the max length of a HTTP2 frame.
-	http2MaxFrameLen = 16384 // 16KB frame
-	// http://http2.github.io/http2-spec/#SettingValues
-	http2InitHeaderTableSize = 4096
-	// http2IOBufSize specifies the buffer size for sending frames.
-	defaultWriteBufSize = 32 * 1024
-	defaultReadBufSize  = 32 * 1024
-	// baseContentType is the base content-type for gRPC.  This is a valid
-	// content-type on it's own, but can also include a content-subtype such as
-	// "proto" as a suffix after "+" or ";".  See
-	// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests
-	// for more details.
-	baseContentType = "application/grpc"
-)
-
-var (
-	clientPreface   = []byte(http2.ClientPreface)
-	http2ErrConvTab = map[http2.ErrCode]codes.Code{
-		http2.ErrCodeNo:                 codes.Internal,
-		http2.ErrCodeProtocol:           codes.Internal,
-		http2.ErrCodeInternal:           codes.Internal,
-		http2.ErrCodeFlowControl:        codes.ResourceExhausted,
-		http2.ErrCodeSettingsTimeout:    codes.Internal,
-		http2.ErrCodeStreamClosed:       codes.Internal,
-		http2.ErrCodeFrameSize:          codes.Internal,
-		http2.ErrCodeRefusedStream:      codes.Unavailable,
-		http2.ErrCodeCancel:             codes.Canceled,
-		http2.ErrCodeCompression:        codes.Internal,
-		http2.ErrCodeConnect:            codes.Internal,
-		http2.ErrCodeEnhanceYourCalm:    codes.ResourceExhausted,
-		http2.ErrCodeInadequateSecurity: codes.PermissionDenied,
-		http2.ErrCodeHTTP11Required:     codes.Internal,
-	}
-	statusCodeConvTab = map[codes.Code]http2.ErrCode{
-		codes.Internal:          http2.ErrCodeInternal,
-		codes.Canceled:          http2.ErrCodeCancel,
-		codes.Unavailable:       http2.ErrCodeRefusedStream,
-		codes.ResourceExhausted: http2.ErrCodeEnhanceYourCalm,
-		codes.PermissionDenied:  http2.ErrCodeInadequateSecurity,
-	}
-	httpStatusConvTab = map[int]codes.Code{
-		// 400 Bad Request - INTERNAL.
-		http.StatusBadRequest: codes.Internal,
-		// 401 Unauthorized  - UNAUTHENTICATED.
-		http.StatusUnauthorized: codes.Unauthenticated,
-		// 403 Forbidden - PERMISSION_DENIED.
-		http.StatusForbidden: codes.PermissionDenied,
-		// 404 Not Found - UNIMPLEMENTED.
-		http.StatusNotFound: codes.Unimplemented,
-		// 429 Too Many Requests - UNAVAILABLE.
-		http.StatusTooManyRequests: codes.Unavailable,
-		// 502 Bad Gateway - UNAVAILABLE.
-		http.StatusBadGateway: codes.Unavailable,
-		// 503 Service Unavailable - UNAVAILABLE.
-		http.StatusServiceUnavailable: codes.Unavailable,
-		// 504 Gateway timeout - UNAVAILABLE.
-		http.StatusGatewayTimeout: codes.Unavailable,
-	}
-)
-
-// Records the states during HPACK decoding. Must be reset once the
-// decoding of the entire headers are finished.
-type decodeState struct {
-	encoding string
-	// statusGen caches the stream status received from the trailer the server
-	// sent.  Client side only.  Do not access directly.  After all trailers are
-	// parsed, use the status method to retrieve the status.
-	statusGen *status.Status
-	// rawStatusCode and rawStatusMsg are set from the raw trailer fields and are not
-	// intended for direct access outside of parsing.
-	rawStatusCode *int
-	rawStatusMsg  string
-	httpStatus    *int
-	// Server side only fields.
-	timeoutSet bool
-	timeout    time.Duration
-	method     string
-	// key-value metadata map from the peer.
-	mdata          map[string][]string
-	statsTags      []byte
-	statsTrace     []byte
-	contentSubtype string
-}
-
-// isReservedHeader checks whether hdr belongs to HTTP2 headers
-// reserved by gRPC protocol. Any other headers are classified as the
-// user-specified metadata.
-func isReservedHeader(hdr string) bool {
-	if hdr != "" && hdr[0] == ':' {
-		return true
-	}
-	switch hdr {
-	case "content-type",
-		"user-agent",
-		"grpc-message-type",
-		"grpc-encoding",
-		"grpc-message",
-		"grpc-status",
-		"grpc-timeout",
-		"grpc-status-details-bin",
-		"te":
-		return true
-	default:
-		return false
-	}
-}
-
-// isWhitelistedHeader checks whether hdr should be propagated
-// into metadata visible to users.
-func isWhitelistedHeader(hdr string) bool {
-	switch hdr {
-	case ":authority", "user-agent":
-		return true
-	default:
-		return false
-	}
-}
-
-// contentSubtype returns the content-subtype for the given content-type.  The
-// given content-type must be a valid content-type that starts with
-// "application/grpc". A content-subtype will follow "application/grpc" after a
-// "+" or ";". See
-// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for
-// more details.
-//
-// If contentType is not a valid content-type for gRPC, the boolean
-// will be false, otherwise true. If content-type == "application/grpc",
-// "application/grpc+", or "application/grpc;", the boolean will be true,
-// but no content-subtype will be returned.
-//
-// contentType is assumed to be lowercase already.
-func contentSubtype(contentType string) (string, bool) {
-	if contentType == baseContentType {
-		return "", true
-	}
-	if !strings.HasPrefix(contentType, baseContentType) {
-		return "", false
-	}
-	// guaranteed since != baseContentType and has baseContentType prefix
-	switch contentType[len(baseContentType)] {
-	case '+', ';':
-		// this will return true for "application/grpc+" or "application/grpc;"
-		// which the previous validContentType function tested to be valid, so we
-		// just say that no content-subtype is specified in this case
-		return contentType[len(baseContentType)+1:], true
-	default:
-		return "", false
-	}
-}
-
-// contentSubtype is assumed to be lowercase
-func contentType(contentSubtype string) string {
-	if contentSubtype == "" {
-		return baseContentType
-	}
-	return baseContentType + "+" + contentSubtype
-}
-
-func (d *decodeState) status() *status.Status {
-	if d.statusGen == nil {
-		// No status-details were provided; generate status using code/msg.
-		d.statusGen = status.New(codes.Code(int32(*(d.rawStatusCode))), d.rawStatusMsg)
-	}
-	return d.statusGen
-}
-
-const binHdrSuffix = "-bin"
-
-func encodeBinHeader(v []byte) string {
-	return base64.RawStdEncoding.EncodeToString(v)
-}
-
-func decodeBinHeader(v string) ([]byte, error) {
-	if len(v)%4 == 0 {
-		// Input was padded, or padding was not necessary.
-		return base64.StdEncoding.DecodeString(v)
-	}
-	return base64.RawStdEncoding.DecodeString(v)
-}
-
-func encodeMetadataHeader(k, v string) string {
-	if strings.HasSuffix(k, binHdrSuffix) {
-		return encodeBinHeader(([]byte)(v))
-	}
-	return v
-}
-
-func decodeMetadataHeader(k, v string) (string, error) {
-	if strings.HasSuffix(k, binHdrSuffix) {
-		b, err := decodeBinHeader(v)
-		return string(b), err
-	}
-	return v, nil
-}
-
-func (d *decodeState) decodeResponseHeader(frame *http2.MetaHeadersFrame) error {
-	for _, hf := range frame.Fields {
-		if err := d.processHeaderField(hf); err != nil {
-			return err
-		}
-	}
-
-	// If grpc status exists, no need to check further.
-	if d.rawStatusCode != nil || d.statusGen != nil {
-		return nil
-	}
-
-	// If grpc status doesn't exist and http status doesn't exist,
-	// then it's a malformed header.
-	if d.httpStatus == nil {
-		return streamErrorf(codes.Internal, "malformed header: doesn't contain status(gRPC or HTTP)")
-	}
-
-	if *(d.httpStatus) != http.StatusOK {
-		code, ok := httpStatusConvTab[*(d.httpStatus)]
-		if !ok {
-			code = codes.Unknown
-		}
-		return streamErrorf(code, http.StatusText(*(d.httpStatus)))
-	}
-
-	// gRPC status doesn't exist and http status is OK.
-	// Set rawStatusCode to be unknown and return nil error.
-	// So that, if the stream has ended this Unknown status
-	// will be propagated to the user.
-	// Otherwise, it will be ignored. In which case, status from
-	// a later trailer, that has StreamEnded flag set, is propagated.
-	code := int(codes.Unknown)
-	d.rawStatusCode = &code
-	return nil
-
-}
-
-func (d *decodeState) addMetadata(k, v string) {
-	if d.mdata == nil {
-		d.mdata = make(map[string][]string)
-	}
-	d.mdata[k] = append(d.mdata[k], v)
-}
-
-func (d *decodeState) processHeaderField(f hpack.HeaderField) error {
-	switch f.Name {
-	case "content-type":
-		contentSubtype, validContentType := contentSubtype(f.Value)
-		if !validContentType {
-			return streamErrorf(codes.Internal, "transport: received the unexpected content-type %q", f.Value)
-		}
-		d.contentSubtype = contentSubtype
-		// TODO: do we want to propagate the whole content-type in the metadata,
-		// or come up with a way to just propagate the content-subtype if it was set?
-		// ie {"content-type": "application/grpc+proto"} or {"content-subtype": "proto"}
-		// in the metadata?
-		d.addMetadata(f.Name, f.Value)
-	case "grpc-encoding":
-		d.encoding = f.Value
-	case "grpc-status":
-		code, err := strconv.Atoi(f.Value)
-		if err != nil {
-			return streamErrorf(codes.Internal, "transport: malformed grpc-status: %v", err)
-		}
-		d.rawStatusCode = &code
-	case "grpc-message":
-		d.rawStatusMsg = decodeGrpcMessage(f.Value)
-	case "grpc-status-details-bin":
-		v, err := decodeBinHeader(f.Value)
-		if err != nil {
-			return streamErrorf(codes.Internal, "transport: malformed grpc-status-details-bin: %v", err)
-		}
-		s := &spb.Status{}
-		if err := proto.Unmarshal(v, s); err != nil {
-			return streamErrorf(codes.Internal, "transport: malformed grpc-status-details-bin: %v", err)
-		}
-		d.statusGen = status.FromProto(s)
-	case "grpc-timeout":
-		d.timeoutSet = true
-		var err error
-		if d.timeout, err = decodeTimeout(f.Value); err != nil {
-			return streamErrorf(codes.Internal, "transport: malformed time-out: %v", err)
-		}
-	case ":path":
-		d.method = f.Value
-	case ":status":
-		code, err := strconv.Atoi(f.Value)
-		if err != nil {
-			return streamErrorf(codes.Internal, "transport: malformed http-status: %v", err)
-		}
-		d.httpStatus = &code
-	case "grpc-tags-bin":
-		v, err := decodeBinHeader(f.Value)
-		if err != nil {
-			return streamErrorf(codes.Internal, "transport: malformed grpc-tags-bin: %v", err)
-		}
-		d.statsTags = v
-		d.addMetadata(f.Name, string(v))
-	case "grpc-trace-bin":
-		v, err := decodeBinHeader(f.Value)
-		if err != nil {
-			return streamErrorf(codes.Internal, "transport: malformed grpc-trace-bin: %v", err)
-		}
-		d.statsTrace = v
-		d.addMetadata(f.Name, string(v))
-	default:
-		if isReservedHeader(f.Name) && !isWhitelistedHeader(f.Name) {
-			break
-		}
-		v, err := decodeMetadataHeader(f.Name, f.Value)
-		if err != nil {
-			errorf("Failed to decode metadata header (%q, %q): %v", f.Name, f.Value, err)
-			return nil
-		}
-		d.addMetadata(f.Name, v)
-	}
-	return nil
-}
-
-type timeoutUnit uint8
-
-const (
-	hour        timeoutUnit = 'H'
-	minute      timeoutUnit = 'M'
-	second      timeoutUnit = 'S'
-	millisecond timeoutUnit = 'm'
-	microsecond timeoutUnit = 'u'
-	nanosecond  timeoutUnit = 'n'
-)
-
-func timeoutUnitToDuration(u timeoutUnit) (d time.Duration, ok bool) {
-	switch u {
-	case hour:
-		return time.Hour, true
-	case minute:
-		return time.Minute, true
-	case second:
-		return time.Second, true
-	case millisecond:
-		return time.Millisecond, true
-	case microsecond:
-		return time.Microsecond, true
-	case nanosecond:
-		return time.Nanosecond, true
-	default:
-	}
-	return
-}
-
-const maxTimeoutValue int64 = 100000000 - 1
-
-// div does integer division and round-up the result. Note that this is
-// equivalent to (d+r-1)/r but has less chance to overflow.
-func div(d, r time.Duration) int64 {
-	if m := d % r; m > 0 {
-		return int64(d/r + 1)
-	}
-	return int64(d / r)
-}
-
-// TODO(zhaoq): It is the simplistic and not bandwidth efficient. Improve it.
-func encodeTimeout(t time.Duration) string {
-	if t <= 0 {
-		return "0n"
-	}
-	if d := div(t, time.Nanosecond); d <= maxTimeoutValue {
-		return strconv.FormatInt(d, 10) + "n"
-	}
-	if d := div(t, time.Microsecond); d <= maxTimeoutValue {
-		return strconv.FormatInt(d, 10) + "u"
-	}
-	if d := div(t, time.Millisecond); d <= maxTimeoutValue {
-		return strconv.FormatInt(d, 10) + "m"
-	}
-	if d := div(t, time.Second); d <= maxTimeoutValue {
-		return strconv.FormatInt(d, 10) + "S"
-	}
-	if d := div(t, time.Minute); d <= maxTimeoutValue {
-		return strconv.FormatInt(d, 10) + "M"
-	}
-	// Note that maxTimeoutValue * time.Hour > MaxInt64.
-	return strconv.FormatInt(div(t, time.Hour), 10) + "H"
-}
-
-func decodeTimeout(s string) (time.Duration, error) {
-	size := len(s)
-	if size < 2 {
-		return 0, fmt.Errorf("transport: timeout string is too short: %q", s)
-	}
-	unit := timeoutUnit(s[size-1])
-	d, ok := timeoutUnitToDuration(unit)
-	if !ok {
-		return 0, fmt.Errorf("transport: timeout unit is not recognized: %q", s)
-	}
-	t, err := strconv.ParseInt(s[:size-1], 10, 64)
-	if err != nil {
-		return 0, err
-	}
-	return d * time.Duration(t), nil
-}
-
-const (
-	spaceByte   = ' '
-	tildaByte   = '~'
-	percentByte = '%'
-)
-
-// encodeGrpcMessage is used to encode status code in header field
-// "grpc-message".
-// It checks to see if each individual byte in msg is an
-// allowable byte, and then either percent encoding or passing it through.
-// When percent encoding, the byte is converted into hexadecimal notation
-// with a '%' prepended.
-func encodeGrpcMessage(msg string) string {
-	if msg == "" {
-		return ""
-	}
-	lenMsg := len(msg)
-	for i := 0; i < lenMsg; i++ {
-		c := msg[i]
-		if !(c >= spaceByte && c < tildaByte && c != percentByte) {
-			return encodeGrpcMessageUnchecked(msg)
-		}
-	}
-	return msg
-}
-
-func encodeGrpcMessageUnchecked(msg string) string {
-	var buf bytes.Buffer
-	lenMsg := len(msg)
-	for i := 0; i < lenMsg; i++ {
-		c := msg[i]
-		if c >= spaceByte && c < tildaByte && c != percentByte {
-			buf.WriteByte(c)
-		} else {
-			buf.WriteString(fmt.Sprintf("%%%02X", c))
-		}
-	}
-	return buf.String()
-}
-
-// decodeGrpcMessage decodes the msg encoded by encodeGrpcMessage.
-func decodeGrpcMessage(msg string) string {
-	if msg == "" {
-		return ""
-	}
-	lenMsg := len(msg)
-	for i := 0; i < lenMsg; i++ {
-		if msg[i] == percentByte && i+2 < lenMsg {
-			return decodeGrpcMessageUnchecked(msg)
-		}
-	}
-	return msg
-}
-
-func decodeGrpcMessageUnchecked(msg string) string {
-	var buf bytes.Buffer
-	lenMsg := len(msg)
-	for i := 0; i < lenMsg; i++ {
-		c := msg[i]
-		if c == percentByte && i+2 < lenMsg {
-			parsed, err := strconv.ParseUint(msg[i+1:i+3], 16, 8)
-			if err != nil {
-				buf.WriteByte(c)
-			} else {
-				buf.WriteByte(byte(parsed))
-				i += 2
-			}
-		} else {
-			buf.WriteByte(c)
-		}
-	}
-	return buf.String()
-}
-
-type bufWriter struct {
-	buf       []byte
-	offset    int
-	batchSize int
-	conn      net.Conn
-	err       error
-
-	onFlush func()
-}
-
-func newBufWriter(conn net.Conn, batchSize int) *bufWriter {
-	return &bufWriter{
-		buf:       make([]byte, batchSize*2),
-		batchSize: batchSize,
-		conn:      conn,
-	}
-}
-
-func (w *bufWriter) Write(b []byte) (n int, err error) {
-	if w.err != nil {
-		return 0, w.err
-	}
-	n = copy(w.buf[w.offset:], b)
-	w.offset += n
-	if w.offset >= w.batchSize {
-		err = w.Flush()
-	}
-	return n, err
-}
-
-func (w *bufWriter) Flush() error {
-	if w.err != nil {
-		return w.err
-	}
-	if w.offset == 0 {
-		return nil
-	}
-	if w.onFlush != nil {
-		w.onFlush()
-	}
-	_, w.err = w.conn.Write(w.buf[:w.offset])
-	w.offset = 0
-	return w.err
-}
-
-type framer struct {
-	writer *bufWriter
-	fr     *http2.Framer
-}
-
-func newFramer(conn net.Conn, writeBufferSize, readBufferSize int) *framer {
-	r := bufio.NewReaderSize(conn, readBufferSize)
-	w := newBufWriter(conn, writeBufferSize)
-	f := &framer{
-		writer: w,
-		fr:     http2.NewFramer(w, r),
-	}
-	// Opt-in to Frame reuse API on framer to reduce garbage.
-	// Frames aren't safe to read from after a subsequent call to ReadFrame.
-	f.fr.SetReuseFrames()
-	f.fr.ReadMetaHeaders = hpack.NewDecoder(http2InitHeaderTableSize, nil)
-	return f
-}
diff --git a/vendor/google.golang.org/grpc/transport/log.go b/vendor/google.golang.org/grpc/transport/log.go
deleted file mode 100644
index ac8e358c5c8c9..0000000000000
--- a/vendor/google.golang.org/grpc/transport/log.go
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-// This file contains wrappers for grpclog functions.
-// The transport package only logs to verbose level 2 by default.
-
-package transport
-
-import "google.golang.org/grpc/grpclog"
-
-const logLevel = 2
-
-func infof(format string, args ...interface{}) {
-	if grpclog.V(logLevel) {
-		grpclog.Infof(format, args...)
-	}
-}
-
-func warningf(format string, args ...interface{}) {
-	if grpclog.V(logLevel) {
-		grpclog.Warningf(format, args...)
-	}
-}
-
-func errorf(format string, args ...interface{}) {
-	if grpclog.V(logLevel) {
-		grpclog.Errorf(format, args...)
-	}
-}
-
-func fatalf(format string, args ...interface{}) {
-	if grpclog.V(logLevel) {
-		grpclog.Fatalf(format, args...)
-	}
-}
diff --git a/vendor/google.golang.org/grpc/transport/transport.go b/vendor/google.golang.org/grpc/transport/transport.go
deleted file mode 100644
index 2f643a3d042ad..0000000000000
--- a/vendor/google.golang.org/grpc/transport/transport.go
+++ /dev/null
@@ -1,683 +0,0 @@
-/*
- *
- * Copyright 2014 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-// Package transport defines and implements message oriented communication
-// channel to complete various transactions (e.g., an RPC).  It is meant for
-// grpc-internal usage and is not intended to be imported directly by users.
-package transport // externally used as import "google.golang.org/grpc/transport"
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"sync"
-	"sync/atomic"
-
-	"golang.org/x/net/context"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/credentials"
-	"google.golang.org/grpc/keepalive"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/stats"
-	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/tap"
-)
-
-// recvMsg represents the received msg from the transport. All transport
-// protocol specific info has been removed.
-type recvMsg struct {
-	data []byte
-	// nil: received some data
-	// io.EOF: stream is completed. data is nil.
-	// other non-nil error: transport failure. data is nil.
-	err error
-}
-
-// recvBuffer is an unbounded channel of recvMsg structs.
-// Note recvBuffer differs from controlBuffer only in that recvBuffer
-// holds a channel of only recvMsg structs instead of objects implementing "item" interface.
-// recvBuffer is written to much more often than
-// controlBuffer and using strict recvMsg structs helps avoid allocation in "recvBuffer.put"
-type recvBuffer struct {
-	c       chan recvMsg
-	mu      sync.Mutex
-	backlog []recvMsg
-	err     error
-}
-
-func newRecvBuffer() *recvBuffer {
-	b := &recvBuffer{
-		c: make(chan recvMsg, 1),
-	}
-	return b
-}
-
-func (b *recvBuffer) put(r recvMsg) {
-	b.mu.Lock()
-	if b.err != nil {
-		b.mu.Unlock()
-		// An error had occurred earlier, don't accept more
-		// data or errors.
-		return
-	}
-	b.err = r.err
-	if len(b.backlog) == 0 {
-		select {
-		case b.c <- r:
-			b.mu.Unlock()
-			return
-		default:
-		}
-	}
-	b.backlog = append(b.backlog, r)
-	b.mu.Unlock()
-}
-
-func (b *recvBuffer) load() {
-	b.mu.Lock()
-	if len(b.backlog) > 0 {
-		select {
-		case b.c <- b.backlog[0]:
-			b.backlog[0] = recvMsg{}
-			b.backlog = b.backlog[1:]
-		default:
-		}
-	}
-	b.mu.Unlock()
-}
-
-// get returns the channel that receives a recvMsg in the buffer.
-//
-// Upon receipt of a recvMsg, the caller should call load to send another
-// recvMsg onto the channel if there is any.
-func (b *recvBuffer) get() <-chan recvMsg {
-	return b.c
-}
-
-//
-// recvBufferReader implements io.Reader interface to read the data from
-// recvBuffer.
-type recvBufferReader struct {
-	ctx     context.Context
-	ctxDone <-chan struct{} // cache of ctx.Done() (for performance).
-	recv    *recvBuffer
-	last    []byte // Stores the remaining data in the previous calls.
-	err     error
-}
-
-// Read reads the next len(p) bytes from last. If last is drained, it tries to
-// read additional data from recv. It blocks if there no additional data available
-// in recv. If Read returns any non-nil error, it will continue to return that error.
-func (r *recvBufferReader) Read(p []byte) (n int, err error) {
-	if r.err != nil {
-		return 0, r.err
-	}
-	n, r.err = r.read(p)
-	return n, r.err
-}
-
-func (r *recvBufferReader) read(p []byte) (n int, err error) {
-	if r.last != nil && len(r.last) > 0 {
-		// Read remaining data left in last call.
-		copied := copy(p, r.last)
-		r.last = r.last[copied:]
-		return copied, nil
-	}
-	select {
-	case <-r.ctxDone:
-		return 0, ContextErr(r.ctx.Err())
-	case m := <-r.recv.get():
-		r.recv.load()
-		if m.err != nil {
-			return 0, m.err
-		}
-		copied := copy(p, m.data)
-		r.last = m.data[copied:]
-		return copied, nil
-	}
-}
-
-type streamState uint32
-
-const (
-	streamActive    streamState = iota
-	streamWriteDone             // EndStream sent
-	streamReadDone              // EndStream received
-	streamDone                  // the entire stream is finished.
-)
-
-// Stream represents an RPC in the transport layer.
-type Stream struct {
-	id           uint32
-	st           ServerTransport    // nil for client side Stream
-	ctx          context.Context    // the associated context of the stream
-	cancel       context.CancelFunc // always nil for client side Stream
-	done         chan struct{}      // closed at the end of stream to unblock writers. On the client side.
-	ctxDone      <-chan struct{}    // same as done chan but for server side. Cache of ctx.Done() (for performance)
-	method       string             // the associated RPC method of the stream
-	recvCompress string
-	sendCompress string
-	buf          *recvBuffer
-	trReader     io.Reader
-	fc           *inFlow
-	recvQuota    uint32
-	wq           *writeQuota
-
-	// Callback to state application's intentions to read data. This
-	// is used to adjust flow control, if needed.
-	requestRead func(int)
-
-	headerChan chan struct{} // closed to indicate the end of header metadata.
-	headerDone uint32        // set when headerChan is closed. Used to avoid closing headerChan multiple times.
-	header     metadata.MD   // the received header metadata.
-	trailer    metadata.MD   // the key-value map of trailer metadata.
-
-	headerOk bool // becomes true from the first header is about to send
-	state    streamState
-
-	status *status.Status // the status error received from the server
-
-	bytesReceived uint32 // indicates whether any bytes have been received on this stream
-	unprocessed   uint32 // set if the server sends a refused stream or GOAWAY including this stream
-
-	// contentSubtype is the content-subtype for requests.
-	// this must be lowercase or the behavior is undefined.
-	contentSubtype string
-}
-
-func (s *Stream) swapState(st streamState) streamState {
-	return streamState(atomic.SwapUint32((*uint32)(&s.state), uint32(st)))
-}
-
-func (s *Stream) compareAndSwapState(oldState, newState streamState) bool {
-	return atomic.CompareAndSwapUint32((*uint32)(&s.state), uint32(oldState), uint32(newState))
-}
-
-func (s *Stream) getState() streamState {
-	return streamState(atomic.LoadUint32((*uint32)(&s.state)))
-}
-
-func (s *Stream) waitOnHeader() error {
-	if s.headerChan == nil {
-		// On the server headerChan is always nil since a stream originates
-		// only after having received headers.
-		return nil
-	}
-	select {
-	case <-s.ctx.Done():
-		return ContextErr(s.ctx.Err())
-	case <-s.headerChan:
-		return nil
-	}
-}
-
-// RecvCompress returns the compression algorithm applied to the inbound
-// message. It is empty string if there is no compression applied.
-func (s *Stream) RecvCompress() string {
-	if err := s.waitOnHeader(); err != nil {
-		return ""
-	}
-	return s.recvCompress
-}
-
-// SetSendCompress sets the compression algorithm to the stream.
-func (s *Stream) SetSendCompress(str string) {
-	s.sendCompress = str
-}
-
-// Done returns a chanel which is closed when it receives the final status
-// from the server.
-func (s *Stream) Done() <-chan struct{} {
-	return s.done
-}
-
-// Header acquires the key-value pairs of header metadata once it
-// is available. It blocks until i) the metadata is ready or ii) there is no
-// header metadata or iii) the stream is canceled/expired.
-func (s *Stream) Header() (metadata.MD, error) {
-	err := s.waitOnHeader()
-	// Even if the stream is closed, header is returned if available.
-	select {
-	case <-s.headerChan:
-		if s.header == nil {
-			return nil, nil
-		}
-		return s.header.Copy(), nil
-	default:
-	}
-	return nil, err
-}
-
-// Trailer returns the cached trailer metedata. Note that if it is not called
-// after the entire stream is done, it could return an empty MD. Client
-// side only.
-// It can be safely read only after stream has ended that is either read
-// or write have returned io.EOF.
-func (s *Stream) Trailer() metadata.MD {
-	c := s.trailer.Copy()
-	return c
-}
-
-// ServerTransport returns the underlying ServerTransport for the stream.
-// The client side stream always returns nil.
-func (s *Stream) ServerTransport() ServerTransport {
-	return s.st
-}
-
-// ContentSubtype returns the content-subtype for a request. For example, a
-// content-subtype of "proto" will result in a content-type of
-// "application/grpc+proto". This will always be lowercase.  See
-// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for
-// more details.
-func (s *Stream) ContentSubtype() string {
-	return s.contentSubtype
-}
-
-// Context returns the context of the stream.
-func (s *Stream) Context() context.Context {
-	return s.ctx
-}
-
-// Method returns the method for the stream.
-func (s *Stream) Method() string {
-	return s.method
-}
-
-// Status returns the status received from the server.
-// Status can be read safely only after the stream has ended,
-// that is, read or write has returned io.EOF.
-func (s *Stream) Status() *status.Status {
-	return s.status
-}
-
-// SetHeader sets the header metadata. This can be called multiple times.
-// Server side only.
-// This should not be called in parallel to other data writes.
-func (s *Stream) SetHeader(md metadata.MD) error {
-	if md.Len() == 0 {
-		return nil
-	}
-	if s.headerOk || atomic.LoadUint32((*uint32)(&s.state)) == uint32(streamDone) {
-		return ErrIllegalHeaderWrite
-	}
-	s.header = metadata.Join(s.header, md)
-	return nil
-}
-
-// SendHeader sends the given header metadata. The given metadata is
-// combined with any metadata set by previous calls to SetHeader and
-// then written to the transport stream.
-func (s *Stream) SendHeader(md metadata.MD) error {
-	t := s.ServerTransport()
-	return t.WriteHeader(s, md)
-}
-
-// SetTrailer sets the trailer metadata which will be sent with the RPC status
-// by the server. This can be called multiple times. Server side only.
-// This should not be called parallel to other data writes.
-func (s *Stream) SetTrailer(md metadata.MD) error {
-	if md.Len() == 0 {
-		return nil
-	}
-	s.trailer = metadata.Join(s.trailer, md)
-	return nil
-}
-
-func (s *Stream) write(m recvMsg) {
-	s.buf.put(m)
-}
-
-// Read reads all p bytes from the wire for this stream.
-func (s *Stream) Read(p []byte) (n int, err error) {
-	// Don't request a read if there was an error earlier
-	if er := s.trReader.(*transportReader).er; er != nil {
-		return 0, er
-	}
-	s.requestRead(len(p))
-	return io.ReadFull(s.trReader, p)
-}
-
-// tranportReader reads all the data available for this Stream from the transport and
-// passes them into the decoder, which converts them into a gRPC message stream.
-// The error is io.EOF when the stream is done or another non-nil error if
-// the stream broke.
-type transportReader struct {
-	reader io.Reader
-	// The handler to control the window update procedure for both this
-	// particular stream and the associated transport.
-	windowHandler func(int)
-	er            error
-}
-
-func (t *transportReader) Read(p []byte) (n int, err error) {
-	n, err = t.reader.Read(p)
-	if err != nil {
-		t.er = err
-		return
-	}
-	t.windowHandler(n)
-	return
-}
-
-// BytesReceived indicates whether any bytes have been received on this stream.
-func (s *Stream) BytesReceived() bool {
-	return atomic.LoadUint32(&s.bytesReceived) == 1
-}
-
-// Unprocessed indicates whether the server did not process this stream --
-// i.e. it sent a refused stream or GOAWAY including this stream ID.
-func (s *Stream) Unprocessed() bool {
-	return atomic.LoadUint32(&s.unprocessed) == 1
-}
-
-// GoString is implemented by Stream so context.String() won't
-// race when printing %#v.
-func (s *Stream) GoString() string {
-	return fmt.Sprintf("<stream: %p, %v>", s, s.method)
-}
-
-// state of transport
-type transportState int
-
-const (
-	reachable transportState = iota
-	closing
-	draining
-)
-
-// ServerConfig consists of all the configurations to establish a server transport.
-type ServerConfig struct {
-	MaxStreams            uint32
-	AuthInfo              credentials.AuthInfo
-	InTapHandle           tap.ServerInHandle
-	StatsHandler          stats.Handler
-	KeepaliveParams       keepalive.ServerParameters
-	KeepalivePolicy       keepalive.EnforcementPolicy
-	InitialWindowSize     int32
-	InitialConnWindowSize int32
-	WriteBufferSize       int
-	ReadBufferSize        int
-	ChannelzParentID      int64
-}
-
-// NewServerTransport creates a ServerTransport with conn or non-nil error
-// if it fails.
-func NewServerTransport(protocol string, conn net.Conn, config *ServerConfig) (ServerTransport, error) {
-	return newHTTP2Server(conn, config)
-}
-
-// ConnectOptions covers all relevant options for communicating with the server.
-type ConnectOptions struct {
-	// UserAgent is the application user agent.
-	UserAgent string
-	// Authority is the :authority pseudo-header to use. This field has no effect if
-	// TransportCredentials is set.
-	Authority string
-	// Dialer specifies how to dial a network address.
-	Dialer func(context.Context, string) (net.Conn, error)
-	// FailOnNonTempDialError specifies if gRPC fails on non-temporary dial errors.
-	FailOnNonTempDialError bool
-	// PerRPCCredentials stores the PerRPCCredentials required to issue RPCs.
-	PerRPCCredentials []credentials.PerRPCCredentials
-	// TransportCredentials stores the Authenticator required to setup a client connection.
-	TransportCredentials credentials.TransportCredentials
-	// KeepaliveParams stores the keepalive parameters.
-	KeepaliveParams keepalive.ClientParameters
-	// StatsHandler stores the handler for stats.
-	StatsHandler stats.Handler
-	// InitialWindowSize sets the initial window size for a stream.
-	InitialWindowSize int32
-	// InitialConnWindowSize sets the initial window size for a connection.
-	InitialConnWindowSize int32
-	// WriteBufferSize sets the size of write buffer which in turn determines how much data can be batched before it's written on the wire.
-	WriteBufferSize int
-	// ReadBufferSize sets the size of read buffer, which in turn determines how much data can be read at most for one read syscall.
-	ReadBufferSize int
-	// ChannelzParentID sets the addrConn id which initiate the creation of this client transport.
-	ChannelzParentID int64
-}
-
-// TargetInfo contains the information of the target such as network address and metadata.
-type TargetInfo struct {
-	Addr      string
-	Metadata  interface{}
-	Authority string
-}
-
-// NewClientTransport establishes the transport with the required ConnectOptions
-// and returns it to the caller.
-func NewClientTransport(connectCtx, ctx context.Context, target TargetInfo, opts ConnectOptions, onSuccess func()) (ClientTransport, error) {
-	return newHTTP2Client(connectCtx, ctx, target, opts, onSuccess)
-}
-
-// Options provides additional hints and information for message
-// transmission.
-type Options struct {
-	// Last indicates whether this write is the last piece for
-	// this stream.
-	Last bool
-
-	// Delay is a hint to the transport implementation for whether
-	// the data could be buffered for a batching write. The
-	// transport implementation may ignore the hint.
-	Delay bool
-}
-
-// CallHdr carries the information of a particular RPC.
-type CallHdr struct {
-	// Host specifies the peer's host.
-	Host string
-
-	// Method specifies the operation to perform.
-	Method string
-
-	// SendCompress specifies the compression algorithm applied on
-	// outbound message.
-	SendCompress string
-
-	// Creds specifies credentials.PerRPCCredentials for a call.
-	Creds credentials.PerRPCCredentials
-
-	// Flush indicates whether a new stream command should be sent
-	// to the peer without waiting for the first data. This is
-	// only a hint.
-	// If it's true, the transport may modify the flush decision
-	// for performance purposes.
-	// If it's false, new stream will never be flushed.
-	Flush bool
-
-	// ContentSubtype specifies the content-subtype for a request. For example, a
-	// content-subtype of "proto" will result in a content-type of
-	// "application/grpc+proto". The value of ContentSubtype must be all
-	// lowercase, otherwise the behavior is undefined. See
-	// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests
-	// for more details.
-	ContentSubtype string
-}
-
-// ClientTransport is the common interface for all gRPC client-side transport
-// implementations.
-type ClientTransport interface {
-	// Close tears down this transport. Once it returns, the transport
-	// should not be accessed any more. The caller must make sure this
-	// is called only once.
-	Close() error
-
-	// GracefulClose starts to tear down the transport. It stops accepting
-	// new RPCs and wait the completion of the pending RPCs.
-	GracefulClose() error
-
-	// Write sends the data for the given stream. A nil stream indicates
-	// the write is to be performed on the transport as a whole.
-	Write(s *Stream, hdr []byte, data []byte, opts *Options) error
-
-	// NewStream creates a Stream for an RPC.
-	NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, error)
-
-	// CloseStream clears the footprint of a stream when the stream is
-	// not needed any more. The err indicates the error incurred when
-	// CloseStream is called. Must be called when a stream is finished
-	// unless the associated transport is closing.
-	CloseStream(stream *Stream, err error)
-
-	// Error returns a channel that is closed when some I/O error
-	// happens. Typically the caller should have a goroutine to monitor
-	// this in order to take action (e.g., close the current transport
-	// and create a new one) in error case. It should not return nil
-	// once the transport is initiated.
-	Error() <-chan struct{}
-
-	// GoAway returns a channel that is closed when ClientTransport
-	// receives the draining signal from the server (e.g., GOAWAY frame in
-	// HTTP/2).
-	GoAway() <-chan struct{}
-
-	// GetGoAwayReason returns the reason why GoAway frame was received.
-	GetGoAwayReason() GoAwayReason
-
-	// IncrMsgSent increments the number of message sent through this transport.
-	IncrMsgSent()
-
-	// IncrMsgRecv increments the number of message received through this transport.
-	IncrMsgRecv()
-}
-
-// ServerTransport is the common interface for all gRPC server-side transport
-// implementations.
-//
-// Methods may be called concurrently from multiple goroutines, but
-// Write methods for a given Stream will be called serially.
-type ServerTransport interface {
-	// HandleStreams receives incoming streams using the given handler.
-	HandleStreams(func(*Stream), func(context.Context, string) context.Context)
-
-	// WriteHeader sends the header metadata for the given stream.
-	// WriteHeader may not be called on all streams.
-	WriteHeader(s *Stream, md metadata.MD) error
-
-	// Write sends the data for the given stream.
-	// Write may not be called on all streams.
-	Write(s *Stream, hdr []byte, data []byte, opts *Options) error
-
-	// WriteStatus sends the status of a stream to the client.  WriteStatus is
-	// the final call made on a stream and always occurs.
-	WriteStatus(s *Stream, st *status.Status) error
-
-	// Close tears down the transport. Once it is called, the transport
-	// should not be accessed any more. All the pending streams and their
-	// handlers will be terminated asynchronously.
-	Close() error
-
-	// RemoteAddr returns the remote network address.
-	RemoteAddr() net.Addr
-
-	// Drain notifies the client this ServerTransport stops accepting new RPCs.
-	Drain()
-
-	// IncrMsgSent increments the number of message sent through this transport.
-	IncrMsgSent()
-
-	// IncrMsgRecv increments the number of message received through this transport.
-	IncrMsgRecv()
-}
-
-// streamErrorf creates an StreamError with the specified error code and description.
-func streamErrorf(c codes.Code, format string, a ...interface{}) StreamError {
-	return StreamError{
-		Code: c,
-		Desc: fmt.Sprintf(format, a...),
-	}
-}
-
-// connectionErrorf creates an ConnectionError with the specified error description.
-func connectionErrorf(temp bool, e error, format string, a ...interface{}) ConnectionError {
-	return ConnectionError{
-		Desc: fmt.Sprintf(format, a...),
-		temp: temp,
-		err:  e,
-	}
-}
-
-// ConnectionError is an error that results in the termination of the
-// entire connection and the retry of all the active streams.
-type ConnectionError struct {
-	Desc string
-	temp bool
-	err  error
-}
-
-func (e ConnectionError) Error() string {
-	return fmt.Sprintf("connection error: desc = %q", e.Desc)
-}
-
-// Temporary indicates if this connection error is temporary or fatal.
-func (e ConnectionError) Temporary() bool {
-	return e.temp
-}
-
-// Origin returns the original error of this connection error.
-func (e ConnectionError) Origin() error {
-	// Never return nil error here.
-	// If the original error is nil, return itself.
-	if e.err == nil {
-		return e
-	}
-	return e.err
-}
-
-var (
-	// ErrConnClosing indicates that the transport is closing.
-	ErrConnClosing = connectionErrorf(true, nil, "transport is closing")
-	// errStreamDrain indicates that the stream is rejected because the
-	// connection is draining. This could be caused by goaway or balancer
-	// removing the address.
-	errStreamDrain = streamErrorf(codes.Unavailable, "the connection is draining")
-	// errStreamDone is returned from write at the client side to indiacte application
-	// layer of an error.
-	errStreamDone = errors.New("the stream is done")
-	// StatusGoAway indicates that the server sent a GOAWAY that included this
-	// stream's ID in unprocessed RPCs.
-	statusGoAway = status.New(codes.Unavailable, "the stream is rejected because server is draining the connection")
-)
-
-// TODO: See if we can replace StreamError with status package errors.
-
-// StreamError is an error that only affects one stream within a connection.
-type StreamError struct {
-	Code codes.Code
-	Desc string
-}
-
-func (e StreamError) Error() string {
-	return fmt.Sprintf("stream error: code = %s desc = %q", e.Code, e.Desc)
-}
-
-// GoAwayReason contains the reason for the GoAway frame received.
-type GoAwayReason uint8
-
-const (
-	// GoAwayInvalid indicates that no GoAway frame is received.
-	GoAwayInvalid GoAwayReason = 0
-	// GoAwayNoReason is the default value when GoAway frame is received.
-	GoAwayNoReason GoAwayReason = 1
-	// GoAwayTooManyPings indicates that a GoAway frame with
-	// ErrCodeEnhanceYourCalm was received and that the debug data said
-	// "too_many_pings".
-	GoAwayTooManyPings GoAwayReason = 2
-)
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
new file mode 100644
index 0000000000000..1a831b159ab2a
--- /dev/null
+++ b/vendor/google.golang.org/grpc/version.go
@@ -0,0 +1,22 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpc
+
+// Version is the current grpc version.
+const Version = "1.27.1"
diff --git a/vendor/gotest.tools/README.md b/vendor/gotest.tools/README.md
deleted file mode 100644
index f5df2043157f6..0000000000000
--- a/vendor/gotest.tools/README.md
+++ /dev/null
@@ -1,31 +0,0 @@
-# gotest.tools
-
-A collection of packages to augment `testing` and support common patterns.
-
-[![GoDoc](https://godoc.org/gotest.tools?status.svg)](https://godoc.org/gotest.tools)
-[![CircleCI](https://circleci.com/gh/gotestyourself/gotestyourself/tree/master.svg?style=shield)](https://circleci.com/gh/gotestyourself/gotestyourself/tree/master)
-[![Go Reportcard](https://goreportcard.com/badge/gotest.tools)](https://goreportcard.com/report/gotest.tools)
-
-
-## Packages
-
-* [assert](http://godoc.org/gotest.tools/assert) -
-  compare values and fail the test when a comparison fails
-* [env](http://godoc.org/gotest.tools/env) -
-  test code which uses environment variables
-* [fs](http://godoc.org/gotest.tools/fs) -
-  create temporary files and compare a filesystem tree to an expected value
-* [golden](http://godoc.org/gotest.tools/golden) -
-  compare large multi-line strings against values frozen in golden files
-* [icmd](http://godoc.org/gotest.tools/icmd) -
-  execute binaries and test the output
-* [poll](http://godoc.org/gotest.tools/poll) -
-  test asynchronous code by polling until a desired state is reached
-* [skip](http://godoc.org/gotest.tools/skip) -
-  skip a test and print the source code of the condition used to skip the test
-
-## Related
-
-* [gotest.tools/gotestsum](https://github.com/gotestyourself/gotestsum) - go test runner with custom output
-* [maxbrunsfeld/counterfeiter](https://github.com/maxbrunsfeld/counterfeiter) - generate fakes for interfaces
-* [jonboulle/clockwork](https://github.com/jonboulle/clockwork) - a fake clock for testing code that uses `time`
diff --git a/vendor/gotest.tools/assert/assert.go b/vendor/gotest.tools/assert/assert.go
deleted file mode 100644
index 05d6635436f78..0000000000000
--- a/vendor/gotest.tools/assert/assert.go
+++ /dev/null
@@ -1,311 +0,0 @@
-/*Package assert provides assertions for comparing expected values to actual
-values. When an assertion fails a helpful error message is printed.
-
-Assert and Check
-
-Assert() and Check() both accept a Comparison, and fail the test when the
-comparison fails. The one difference is that Assert() will end the test execution
-immediately (using t.FailNow()) whereas Check() will fail the test (using t.Fail()),
-return the value of the comparison, then proceed with the rest of the test case.
-
-Example usage
-
-The example below shows assert used with some common types.
-
-
-	import (
-	    "testing"
-
-	    "gotest.tools/assert"
-	    is "gotest.tools/assert/cmp"
-	)
-
-	func TestEverything(t *testing.T) {
-	    // booleans
-	    assert.Assert(t, ok)
-	    assert.Assert(t, !missing)
-
-	    // primitives
-	    assert.Equal(t, count, 1)
-	    assert.Equal(t, msg, "the message")
-	    assert.Assert(t, total != 10) // NotEqual
-
-	    // errors
-	    assert.NilError(t, closer.Close())
-	    assert.Error(t, err, "the exact error message")
-	    assert.ErrorContains(t, err, "includes this")
-	    assert.ErrorType(t, err, os.IsNotExist)
-
-	    // complex types
-	    assert.DeepEqual(t, result, myStruct{Name: "title"})
-	    assert.Assert(t, is.Len(items, 3))
-	    assert.Assert(t, len(sequence) != 0) // NotEmpty
-	    assert.Assert(t, is.Contains(mapping, "key"))
-
-	    // pointers and interface
-	    assert.Assert(t, is.Nil(ref))
-	    assert.Assert(t, ref != nil) // NotNil
-	}
-
-Comparisons
-
-Package https://godoc.org/gotest.tools/assert/cmp provides
-many common comparisons. Additional comparisons can be written to compare
-values in other ways. See the example Assert (CustomComparison).
-
-Automated migration from testify
-
-gty-migrate-from-testify is a binary which can update source code which uses
-testify assertions to use the assertions provided by this package.
-
-See http://bit.do/cmd-gty-migrate-from-testify.
-
-
-*/
-package assert // import "gotest.tools/assert"
-
-import (
-	"fmt"
-	"go/ast"
-	"go/token"
-
-	gocmp "github.com/google/go-cmp/cmp"
-	"gotest.tools/assert/cmp"
-	"gotest.tools/internal/format"
-	"gotest.tools/internal/source"
-)
-
-// BoolOrComparison can be a bool, or cmp.Comparison. See Assert() for usage.
-type BoolOrComparison interface{}
-
-// TestingT is the subset of testing.T used by the assert package.
-type TestingT interface {
-	FailNow()
-	Fail()
-	Log(args ...interface{})
-}
-
-type helperT interface {
-	Helper()
-}
-
-const failureMessage = "assertion failed: "
-
-// nolint: gocyclo
-func assert(
-	t TestingT,
-	failer func(),
-	argSelector argSelector,
-	comparison BoolOrComparison,
-	msgAndArgs ...interface{},
-) bool {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	var success bool
-	switch check := comparison.(type) {
-	case bool:
-		if check {
-			return true
-		}
-		logFailureFromBool(t, msgAndArgs...)
-
-	// Undocumented legacy comparison without Result type
-	case func() (success bool, message string):
-		success = runCompareFunc(t, check, msgAndArgs...)
-
-	case nil:
-		return true
-
-	case error:
-		msg := "error is not nil: "
-		t.Log(format.WithCustomMessage(failureMessage+msg+check.Error(), msgAndArgs...))
-
-	case cmp.Comparison:
-		success = runComparison(t, argSelector, check, msgAndArgs...)
-
-	case func() cmp.Result:
-		success = runComparison(t, argSelector, check, msgAndArgs...)
-
-	default:
-		t.Log(fmt.Sprintf("invalid Comparison: %v (%T)", check, check))
-	}
-
-	if success {
-		return true
-	}
-	failer()
-	return false
-}
-
-func runCompareFunc(
-	t TestingT,
-	f func() (success bool, message string),
-	msgAndArgs ...interface{},
-) bool {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	if success, message := f(); !success {
-		t.Log(format.WithCustomMessage(failureMessage+message, msgAndArgs...))
-		return false
-	}
-	return true
-}
-
-func logFailureFromBool(t TestingT, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	const stackIndex = 3 // Assert()/Check(), assert(), formatFailureFromBool()
-	const comparisonArgPos = 1
-	args, err := source.CallExprArgs(stackIndex)
-	if err != nil {
-		t.Log(err.Error())
-		return
-	}
-
-	msg, err := boolFailureMessage(args[comparisonArgPos])
-	if err != nil {
-		t.Log(err.Error())
-		msg = "expression is false"
-	}
-
-	t.Log(format.WithCustomMessage(failureMessage+msg, msgAndArgs...))
-}
-
-func boolFailureMessage(expr ast.Expr) (string, error) {
-	if binaryExpr, ok := expr.(*ast.BinaryExpr); ok && binaryExpr.Op == token.NEQ {
-		x, err := source.FormatNode(binaryExpr.X)
-		if err != nil {
-			return "", err
-		}
-		y, err := source.FormatNode(binaryExpr.Y)
-		if err != nil {
-			return "", err
-		}
-		return x + " is " + y, nil
-	}
-
-	if unaryExpr, ok := expr.(*ast.UnaryExpr); ok && unaryExpr.Op == token.NOT {
-		x, err := source.FormatNode(unaryExpr.X)
-		if err != nil {
-			return "", err
-		}
-		return x + " is true", nil
-	}
-
-	formatted, err := source.FormatNode(expr)
-	if err != nil {
-		return "", err
-	}
-	return "expression is false: " + formatted, nil
-}
-
-// Assert performs a comparison. If the comparison fails the test is marked as
-// failed, a failure message is logged, and execution is stopped immediately.
-//
-// The comparison argument may be one of three types: bool, cmp.Comparison or
-// error.
-// When called with a bool the failure message will contain the literal source
-// code of the expression.
-// When called with a cmp.Comparison the comparison is responsible for producing
-// a helpful failure message.
-// When called with an error a nil value is considered success. A non-nil error
-// is a failure, and Error() is used as the failure message.
-func Assert(t TestingT, comparison BoolOrComparison, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	assert(t, t.FailNow, argsFromComparisonCall, comparison, msgAndArgs...)
-}
-
-// Check performs a comparison. If the comparison fails the test is marked as
-// failed, a failure message is logged, and Check returns false. Otherwise returns
-// true.
-//
-// See Assert for details about the comparison arg and failure messages.
-func Check(t TestingT, comparison BoolOrComparison, msgAndArgs ...interface{}) bool {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	return assert(t, t.Fail, argsFromComparisonCall, comparison, msgAndArgs...)
-}
-
-// NilError fails the test immediately if err is not nil.
-// This is equivalent to Assert(t, err)
-func NilError(t TestingT, err error, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	assert(t, t.FailNow, argsAfterT, err, msgAndArgs...)
-}
-
-// Equal uses the == operator to assert two values are equal and fails the test
-// if they are not equal.
-//
-// If the comparison fails Equal will use the variable names for x and y as part
-// of the failure message to identify the actual and expected values.
-//
-// If either x or y are a multi-line string the failure message will include a
-// unified diff of the two values. If the values only differ by whitespace
-// the unified diff will be augmented by replacing whitespace characters with
-// visible characters to identify the whitespace difference.
-//
-// This is equivalent to Assert(t, cmp.Equal(x, y)).
-func Equal(t TestingT, x, y interface{}, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	assert(t, t.FailNow, argsAfterT, cmp.Equal(x, y), msgAndArgs...)
-}
-
-// DeepEqual uses google/go-cmp (http://bit.do/go-cmp) to assert two values are
-// equal and fails the test if they are not equal.
-//
-// Package https://godoc.org/gotest.tools/assert/opt provides some additional
-// commonly used Options.
-//
-// This is equivalent to Assert(t, cmp.DeepEqual(x, y)).
-func DeepEqual(t TestingT, x, y interface{}, opts ...gocmp.Option) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	assert(t, t.FailNow, argsAfterT, cmp.DeepEqual(x, y, opts...))
-}
-
-// Error fails the test if err is nil, or the error message is not the expected
-// message.
-// Equivalent to Assert(t, cmp.Error(err, message)).
-func Error(t TestingT, err error, message string, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	assert(t, t.FailNow, argsAfterT, cmp.Error(err, message), msgAndArgs...)
-}
-
-// ErrorContains fails the test if err is nil, or the error message does not
-// contain the expected substring.
-// Equivalent to Assert(t, cmp.ErrorContains(err, substring)).
-func ErrorContains(t TestingT, err error, substring string, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	assert(t, t.FailNow, argsAfterT, cmp.ErrorContains(err, substring), msgAndArgs...)
-}
-
-// ErrorType fails the test if err is nil, or err is not the expected type.
-//
-// Expected can be one of:
-// a func(error) bool which returns true if the error is the expected type,
-// an instance of (or a pointer to) a struct of the expected type,
-// a pointer to an interface the error is expected to implement,
-// a reflect.Type of the expected struct or interface.
-//
-// Equivalent to Assert(t, cmp.ErrorType(err, expected)).
-func ErrorType(t TestingT, err error, expected interface{}, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	assert(t, t.FailNow, argsAfterT, cmp.ErrorType(err, expected), msgAndArgs...)
-}
diff --git a/vendor/gotest.tools/assert/cmp/result.go b/vendor/gotest.tools/assert/cmp/result.go
deleted file mode 100644
index 7c3c37dd721a7..0000000000000
--- a/vendor/gotest.tools/assert/cmp/result.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package cmp
-
-import (
-	"bytes"
-	"fmt"
-	"go/ast"
-	"text/template"
-
-	"gotest.tools/internal/source"
-)
-
-// Result of a Comparison.
-type Result interface {
-	Success() bool
-}
-
-type result struct {
-	success bool
-	message string
-}
-
-func (r result) Success() bool {
-	return r.success
-}
-
-func (r result) FailureMessage() string {
-	return r.message
-}
-
-// ResultSuccess is a constant which is returned by a ComparisonWithResult to
-// indicate success.
-var ResultSuccess = result{success: true}
-
-// ResultFailure returns a failed Result with a failure message.
-func ResultFailure(message string) Result {
-	return result{message: message}
-}
-
-// ResultFromError returns ResultSuccess if err is nil. Otherwise ResultFailure
-// is returned with the error message as the failure message.
-func ResultFromError(err error) Result {
-	if err == nil {
-		return ResultSuccess
-	}
-	return ResultFailure(err.Error())
-}
-
-type templatedResult struct {
-	success  bool
-	template string
-	data     map[string]interface{}
-}
-
-func (r templatedResult) Success() bool {
-	return r.success
-}
-
-func (r templatedResult) FailureMessage(args []ast.Expr) string {
-	msg, err := renderMessage(r, args)
-	if err != nil {
-		return fmt.Sprintf("failed to render failure message: %s", err)
-	}
-	return msg
-}
-
-// ResultFailureTemplate returns a Result with a template string and data which
-// can be used to format a failure message. The template may access data from .Data,
-// the comparison args with the callArg function, and the formatNode function may
-// be used to format the call args.
-func ResultFailureTemplate(template string, data map[string]interface{}) Result {
-	return templatedResult{template: template, data: data}
-}
-
-func renderMessage(result templatedResult, args []ast.Expr) (string, error) {
-	tmpl := template.New("failure").Funcs(template.FuncMap{
-		"formatNode": source.FormatNode,
-		"callArg": func(index int) ast.Expr {
-			if index >= len(args) {
-				return nil
-			}
-			return args[index]
-		},
-	})
-	var err error
-	tmpl, err = tmpl.Parse(result.template)
-	if err != nil {
-		return "", err
-	}
-	buf := new(bytes.Buffer)
-	err = tmpl.Execute(buf, map[string]interface{}{
-		"Data": result.data,
-	})
-	return buf.String(), err
-}
diff --git a/vendor/gotest.tools/assert/result.go b/vendor/gotest.tools/assert/result.go
deleted file mode 100644
index 3900264d0bfa1..0000000000000
--- a/vendor/gotest.tools/assert/result.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package assert
-
-import (
-	"fmt"
-	"go/ast"
-
-	"gotest.tools/assert/cmp"
-	"gotest.tools/internal/format"
-	"gotest.tools/internal/source"
-)
-
-func runComparison(
-	t TestingT,
-	argSelector argSelector,
-	f cmp.Comparison,
-	msgAndArgs ...interface{},
-) bool {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	result := f()
-	if result.Success() {
-		return true
-	}
-
-	var message string
-	switch typed := result.(type) {
-	case resultWithComparisonArgs:
-		const stackIndex = 3 // Assert/Check, assert, runComparison
-		args, err := source.CallExprArgs(stackIndex)
-		if err != nil {
-			t.Log(err.Error())
-		}
-		message = typed.FailureMessage(filterPrintableExpr(argSelector(args)))
-	case resultBasic:
-		message = typed.FailureMessage()
-	default:
-		message = fmt.Sprintf("comparison returned invalid Result type: %T", result)
-	}
-
-	t.Log(format.WithCustomMessage(failureMessage+message, msgAndArgs...))
-	return false
-}
-
-type resultWithComparisonArgs interface {
-	FailureMessage(args []ast.Expr) string
-}
-
-type resultBasic interface {
-	FailureMessage() string
-}
-
-// filterPrintableExpr filters the ast.Expr slice to only include Expr that are
-// easy to read when printed and contain relevant information to an assertion.
-//
-// Ident and SelectorExpr are included because they print nicely and the variable
-// names may provide additional context to their values.
-// BasicLit and CompositeLit are excluded because their source is equivalent to
-// their value, which is already available.
-// Other types are ignored for now, but could be added if they are relevant.
-func filterPrintableExpr(args []ast.Expr) []ast.Expr {
-	result := make([]ast.Expr, len(args))
-	for i, arg := range args {
-		if isShortPrintableExpr(arg) {
-			result[i] = arg
-			continue
-		}
-
-		if starExpr, ok := arg.(*ast.StarExpr); ok {
-			result[i] = starExpr.X
-			continue
-		}
-		result[i] = nil
-	}
-	return result
-}
-
-func isShortPrintableExpr(expr ast.Expr) bool {
-	switch expr.(type) {
-	case *ast.Ident, *ast.SelectorExpr, *ast.IndexExpr, *ast.SliceExpr:
-		return true
-	case *ast.BinaryExpr, *ast.UnaryExpr:
-		return true
-	default:
-		// CallExpr, ParenExpr, TypeAssertExpr, KeyValueExpr, StarExpr
-		return false
-	}
-}
-
-type argSelector func([]ast.Expr) []ast.Expr
-
-func argsAfterT(args []ast.Expr) []ast.Expr {
-	if len(args) < 1 {
-		return nil
-	}
-	return args[1:]
-}
-
-func argsFromComparisonCall(args []ast.Expr) []ast.Expr {
-	if len(args) < 1 {
-		return nil
-	}
-	if callExpr, ok := args[1].(*ast.CallExpr); ok {
-		return callExpr.Args
-	}
-	return nil
-}
diff --git a/vendor/gotest.tools/env/env.go b/vendor/gotest.tools/env/env.go
deleted file mode 100644
index ed0f189916133..0000000000000
--- a/vendor/gotest.tools/env/env.go
+++ /dev/null
@@ -1,111 +0,0 @@
-/*Package env provides functions to test code that read environment variables
-or the current working directory.
-*/
-package env // import "gotest.tools/env"
-
-import (
-	"os"
-	"strings"
-
-	"gotest.tools/assert"
-	"gotest.tools/x/subtest"
-)
-
-type helperT interface {
-	Helper()
-}
-
-// Patch changes the value of an environment variable, and returns a
-// function which will reset the the value of that variable back to the
-// previous state.
-func Patch(t assert.TestingT, key, value string) func() {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	oldValue, ok := os.LookupEnv(key)
-	assert.NilError(t, os.Setenv(key, value))
-	cleanup := func() {
-		if ht, ok := t.(helperT); ok {
-			ht.Helper()
-		}
-		if !ok {
-			assert.NilError(t, os.Unsetenv(key))
-			return
-		}
-		assert.NilError(t, os.Setenv(key, oldValue))
-	}
-	if tc, ok := t.(subtest.TestContext); ok {
-		tc.AddCleanup(cleanup)
-	}
-	return cleanup
-}
-
-// PatchAll sets the environment to env, and returns a function which will
-// reset the environment back to the previous state.
-func PatchAll(t assert.TestingT, env map[string]string) func() {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	oldEnv := os.Environ()
-	os.Clearenv()
-
-	for key, value := range env {
-		assert.NilError(t, os.Setenv(key, value), "setenv %s=%s", key, value)
-	}
-	cleanup := func() {
-		if ht, ok := t.(helperT); ok {
-			ht.Helper()
-		}
-		os.Clearenv()
-		for key, oldVal := range ToMap(oldEnv) {
-			assert.NilError(t, os.Setenv(key, oldVal), "setenv %s=%s", key, oldVal)
-		}
-	}
-	if tc, ok := t.(subtest.TestContext); ok {
-		tc.AddCleanup(cleanup)
-	}
-	return cleanup
-}
-
-// ToMap takes a list of strings in the format returned by os.Environ() and
-// returns a mapping of keys to values.
-func ToMap(env []string) map[string]string {
-	result := map[string]string{}
-	for _, raw := range env {
-		key, value := getParts(raw)
-		result[key] = value
-	}
-	return result
-}
-
-func getParts(raw string) (string, string) {
-	// Environment variables on windows can begin with =
-	// http://blogs.msdn.com/b/oldnewthing/archive/2010/05/06/10008132.aspx
-	parts := strings.SplitN(raw[1:], "=", 2)
-	key := raw[:1] + parts[0]
-	if len(parts) == 1 {
-		return key, ""
-	}
-	return key, parts[1]
-}
-
-// ChangeWorkingDir to the directory, and return a function which restores the
-// previous working directory.
-func ChangeWorkingDir(t assert.TestingT, dir string) func() {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	cwd, err := os.Getwd()
-	assert.NilError(t, err)
-	assert.NilError(t, os.Chdir(dir))
-	cleanup := func() {
-		if ht, ok := t.(helperT); ok {
-			ht.Helper()
-		}
-		assert.NilError(t, os.Chdir(cwd))
-	}
-	if tc, ok := t.(subtest.TestContext); ok {
-		tc.AddCleanup(cleanup)
-	}
-	return cleanup
-}
diff --git a/vendor/gotest.tools/fs/file.go b/vendor/gotest.tools/fs/file.go
deleted file mode 100644
index 8bf0188d2f0cd..0000000000000
--- a/vendor/gotest.tools/fs/file.go
+++ /dev/null
@@ -1,106 +0,0 @@
-/*Package fs provides tools for creating temporary files, and testing the
-contents and structure of a directory.
-*/
-package fs // import "gotest.tools/fs"
-
-import (
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"gotest.tools/assert"
-	"gotest.tools/x/subtest"
-)
-
-// Path objects return their filesystem path. Path may be implemented by a
-// real filesystem object (such as File and Dir) or by a type which updates
-// entries in a Manifest.
-type Path interface {
-	Path() string
-	Remove()
-}
-
-var (
-	_ Path = &Dir{}
-	_ Path = &File{}
-)
-
-// File is a temporary file on the filesystem
-type File struct {
-	path string
-}
-
-type helperT interface {
-	Helper()
-}
-
-// NewFile creates a new file in a temporary directory using prefix as part of
-// the filename. The PathOps are applied to the before returning the File.
-func NewFile(t assert.TestingT, prefix string, ops ...PathOp) *File {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	tempfile, err := ioutil.TempFile("", prefix+"-")
-	assert.NilError(t, err)
-	file := &File{path: tempfile.Name()}
-	assert.NilError(t, tempfile.Close())
-
-	for _, op := range ops {
-		assert.NilError(t, op(file))
-	}
-	if tc, ok := t.(subtest.TestContext); ok {
-		tc.AddCleanup(file.Remove)
-	}
-	return file
-}
-
-// Path returns the full path to the file
-func (f *File) Path() string {
-	return f.path
-}
-
-// Remove the file
-func (f *File) Remove() {
-	// nolint: errcheck
-	os.Remove(f.path)
-}
-
-// Dir is a temporary directory
-type Dir struct {
-	path string
-}
-
-// NewDir returns a new temporary directory using prefix as part of the directory
-// name. The PathOps are applied before returning the Dir.
-func NewDir(t assert.TestingT, prefix string, ops ...PathOp) *Dir {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	path, err := ioutil.TempDir("", prefix+"-")
-	assert.NilError(t, err)
-	dir := &Dir{path: path}
-
-	for _, op := range ops {
-		assert.NilError(t, op(dir))
-	}
-	if tc, ok := t.(subtest.TestContext); ok {
-		tc.AddCleanup(dir.Remove)
-	}
-	return dir
-}
-
-// Path returns the full path to the directory
-func (d *Dir) Path() string {
-	return d.path
-}
-
-// Remove the directory
-func (d *Dir) Remove() {
-	// nolint: errcheck
-	os.RemoveAll(d.path)
-}
-
-// Join returns a new path with this directory as the base of the path
-func (d *Dir) Join(parts ...string) string {
-	return filepath.Join(append([]string{d.Path()}, parts...)...)
-}
diff --git a/vendor/gotest.tools/fs/manifest.go b/vendor/gotest.tools/fs/manifest.go
deleted file mode 100644
index 00976ef19c9b9..0000000000000
--- a/vendor/gotest.tools/fs/manifest.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package fs
-
-import (
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"github.com/pkg/errors"
-	"gotest.tools/assert"
-)
-
-// Manifest stores the expected structure and properties of files and directories
-// in a filesystem.
-type Manifest struct {
-	root *directory
-}
-
-type resource struct {
-	mode os.FileMode
-	uid  uint32
-	gid  uint32
-}
-
-type file struct {
-	resource
-	content io.ReadCloser
-}
-
-func (f *file) Type() string {
-	return "file"
-}
-
-type symlink struct {
-	resource
-	target string
-}
-
-func (f *symlink) Type() string {
-	return "symlink"
-}
-
-type directory struct {
-	resource
-	items map[string]dirEntry
-}
-
-func (f *directory) Type() string {
-	return "directory"
-}
-
-type dirEntry interface {
-	Type() string
-}
-
-// ManifestFromDir creates a Manifest by reading the directory at path. The
-// manifest stores the structure and properties of files in the directory.
-// ManifestFromDir can be used with Equal to compare two directories.
-func ManifestFromDir(t assert.TestingT, path string) Manifest {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-
-	manifest, err := manifestFromDir(path)
-	assert.NilError(t, err)
-	return manifest
-}
-
-func manifestFromDir(path string) (Manifest, error) {
-	info, err := os.Stat(path)
-	switch {
-	case err != nil:
-		return Manifest{}, err
-	case !info.IsDir():
-		return Manifest{}, errors.Errorf("path %s must be a directory", path)
-	}
-
-	directory, err := newDirectory(path, info)
-	return Manifest{root: directory}, err
-}
-
-func newDirectory(path string, info os.FileInfo) (*directory, error) {
-	items := make(map[string]dirEntry)
-	children, err := ioutil.ReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-	for _, child := range children {
-		fullPath := filepath.Join(path, child.Name())
-		items[child.Name()], err = getTypedResource(fullPath, child)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return &directory{
-		resource: newResourceFromInfo(info),
-		items:    items,
-	}, nil
-}
-
-func getTypedResource(path string, info os.FileInfo) (dirEntry, error) {
-	switch {
-	case info.IsDir():
-		return newDirectory(path, info)
-	case info.Mode()&os.ModeSymlink != 0:
-		return newSymlink(path, info)
-	// TODO: devices, pipes?
-	default:
-		return newFile(path, info)
-	}
-}
-
-func newSymlink(path string, info os.FileInfo) (*symlink, error) {
-	target, err := os.Readlink(path)
-	return &symlink{
-		resource: newResourceFromInfo(info),
-		target:   target,
-	}, err
-}
-
-func newFile(path string, info os.FileInfo) (*file, error) {
-	// TODO: defer file opening to reduce number of open FDs?
-	readCloser, err := os.Open(path)
-	return &file{
-		resource: newResourceFromInfo(info),
-		content:  readCloser,
-	}, err
-}
diff --git a/vendor/gotest.tools/fs/ops.go b/vendor/gotest.tools/fs/ops.go
deleted file mode 100644
index ec9d11c1100be..0000000000000
--- a/vendor/gotest.tools/fs/ops.go
+++ /dev/null
@@ -1,237 +0,0 @@
-package fs
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/pkg/errors"
-)
-
-const defaultFileMode = 0644
-
-// PathOp is a function which accepts a Path and performs an operation on that
-// path. When called with real filesystem objects (File or Dir) a PathOp modifies
-// the filesystem at the path. When used with a Manifest object a PathOp updates
-// the manifest to expect a value.
-type PathOp func(path Path) error
-
-type manifestResource interface {
-	SetMode(mode os.FileMode)
-	SetUID(uid uint32)
-	SetGID(gid uint32)
-}
-
-type manifestFile interface {
-	manifestResource
-	SetContent(content io.ReadCloser)
-}
-
-type manifestDirectory interface {
-	manifestResource
-	AddSymlink(path, target string) error
-	AddFile(path string, ops ...PathOp) error
-	AddDirectory(path string, ops ...PathOp) error
-}
-
-// WithContent writes content to a file at Path
-func WithContent(content string) PathOp {
-	return func(path Path) error {
-		if m, ok := path.(manifestFile); ok {
-			m.SetContent(ioutil.NopCloser(strings.NewReader(content)))
-			return nil
-		}
-		return ioutil.WriteFile(path.Path(), []byte(content), defaultFileMode)
-	}
-}
-
-// WithBytes write bytes to a file at Path
-func WithBytes(raw []byte) PathOp {
-	return func(path Path) error {
-		if m, ok := path.(manifestFile); ok {
-			m.SetContent(ioutil.NopCloser(bytes.NewReader(raw)))
-			return nil
-		}
-		return ioutil.WriteFile(path.Path(), raw, defaultFileMode)
-	}
-}
-
-// AsUser changes ownership of the file system object at Path
-func AsUser(uid, gid int) PathOp {
-	return func(path Path) error {
-		if m, ok := path.(manifestResource); ok {
-			m.SetUID(uint32(uid))
-			m.SetGID(uint32(gid))
-			return nil
-		}
-		return os.Chown(path.Path(), uid, gid)
-	}
-}
-
-// WithFile creates a file in the directory at path with content
-func WithFile(filename, content string, ops ...PathOp) PathOp {
-	return func(path Path) error {
-		if m, ok := path.(manifestDirectory); ok {
-			ops = append([]PathOp{WithContent(content), WithMode(defaultFileMode)}, ops...)
-			return m.AddFile(filename, ops...)
-		}
-
-		fullpath := filepath.Join(path.Path(), filepath.FromSlash(filename))
-		if err := createFile(fullpath, content); err != nil {
-			return err
-		}
-		return applyPathOps(&File{path: fullpath}, ops)
-	}
-}
-
-func createFile(fullpath string, content string) error {
-	return ioutil.WriteFile(fullpath, []byte(content), defaultFileMode)
-}
-
-// WithFiles creates all the files in the directory at path with their content
-func WithFiles(files map[string]string) PathOp {
-	return func(path Path) error {
-		if m, ok := path.(manifestDirectory); ok {
-			for filename, content := range files {
-				// TODO: remove duplication with WithFile
-				if err := m.AddFile(filename, WithContent(content), WithMode(defaultFileMode)); err != nil {
-					return err
-				}
-			}
-			return nil
-		}
-
-		for filename, content := range files {
-			fullpath := filepath.Join(path.Path(), filepath.FromSlash(filename))
-			if err := createFile(fullpath, content); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-}
-
-// FromDir copies the directory tree from the source path into the new Dir
-func FromDir(source string) PathOp {
-	return func(path Path) error {
-		if _, ok := path.(manifestDirectory); ok {
-			return errors.New("use manifest.FromDir")
-		}
-		return copyDirectory(source, path.Path())
-	}
-}
-
-// WithDir creates a subdirectory in the directory at path. Additional PathOp
-// can be used to modify the subdirectory
-func WithDir(name string, ops ...PathOp) PathOp {
-	const defaultMode = 0755
-	return func(path Path) error {
-		if m, ok := path.(manifestDirectory); ok {
-			ops = append([]PathOp{WithMode(defaultMode)}, ops...)
-			return m.AddDirectory(name, ops...)
-		}
-
-		fullpath := filepath.Join(path.Path(), filepath.FromSlash(name))
-		err := os.MkdirAll(fullpath, defaultMode)
-		if err != nil {
-			return err
-		}
-		return applyPathOps(&Dir{path: fullpath}, ops)
-	}
-}
-
-func applyPathOps(path Path, ops []PathOp) error {
-	for _, op := range ops {
-		if err := op(path); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// WithMode sets the file mode on the directory or file at path
-func WithMode(mode os.FileMode) PathOp {
-	return func(path Path) error {
-		if m, ok := path.(manifestResource); ok {
-			m.SetMode(mode)
-			return nil
-		}
-		return os.Chmod(path.Path(), mode)
-	}
-}
-
-func copyDirectory(source, dest string) error {
-	entries, err := ioutil.ReadDir(source)
-	if err != nil {
-		return err
-	}
-	for _, entry := range entries {
-		sourcePath := filepath.Join(source, entry.Name())
-		destPath := filepath.Join(dest, entry.Name())
-		if entry.IsDir() {
-			if err := os.Mkdir(destPath, 0755); err != nil {
-				return err
-			}
-			if err := copyDirectory(sourcePath, destPath); err != nil {
-				return err
-			}
-			continue
-		}
-		// TODO: handle symlinks
-		if err := copyFile(sourcePath, destPath); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func copyFile(source, dest string) error {
-	content, err := ioutil.ReadFile(source)
-	if err != nil {
-		return err
-	}
-	return ioutil.WriteFile(dest, content, 0644)
-}
-
-// WithSymlink creates a symlink in the directory which links to target.
-// Target must be a path relative to the directory.
-//
-// Note: the argument order is the inverse of os.Symlink to be consistent with
-// the other functions in this package.
-func WithSymlink(path, target string) PathOp {
-	return func(root Path) error {
-		if v, ok := root.(manifestDirectory); ok {
-			return v.AddSymlink(path, target)
-		}
-		return os.Symlink(filepath.Join(root.Path(), target), filepath.Join(root.Path(), path))
-	}
-}
-
-// WithHardlink creates a link in the directory which links to target.
-// Target must be a path relative to the directory.
-//
-// Note: the argument order is the inverse of os.Link to be consistent with
-// the other functions in this package.
-func WithHardlink(path, target string) PathOp {
-	return func(root Path) error {
-		if _, ok := root.(manifestDirectory); ok {
-			return errors.New("WithHardlink yet implemented for manifests")
-		}
-		return os.Link(filepath.Join(root.Path(), target), filepath.Join(root.Path(), path))
-	}
-}
-
-// WithTimestamps sets the access and modification times of the file system object
-// at path.
-func WithTimestamps(atime, mtime time.Time) PathOp {
-	return func(root Path) error {
-		if _, ok := root.(manifestDirectory); ok {
-			return errors.New("WithTimestamp yet implemented for manifests")
-		}
-		return os.Chtimes(root.Path(), atime, mtime)
-	}
-}
diff --git a/vendor/gotest.tools/fs/path.go b/vendor/gotest.tools/fs/path.go
deleted file mode 100644
index baf777f0dfcc4..0000000000000
--- a/vendor/gotest.tools/fs/path.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package fs
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-	"os"
-
-	"gotest.tools/assert"
-)
-
-// resourcePath is an adaptor for resources so they can be used as a Path
-// with PathOps.
-type resourcePath struct{}
-
-func (p *resourcePath) Path() string {
-	return "manifest: not a filesystem path"
-}
-
-func (p *resourcePath) Remove() {}
-
-type filePath struct {
-	resourcePath
-	file *file
-}
-
-func (p *filePath) SetContent(content io.ReadCloser) {
-	p.file.content = content
-}
-
-func (p *filePath) SetUID(uid uint32) {
-	p.file.uid = uid
-}
-
-func (p *filePath) SetGID(gid uint32) {
-	p.file.gid = gid
-}
-
-type directoryPath struct {
-	resourcePath
-	directory *directory
-}
-
-func (p *directoryPath) SetUID(uid uint32) {
-	p.directory.uid = uid
-}
-
-func (p *directoryPath) SetGID(gid uint32) {
-	p.directory.gid = gid
-}
-
-func (p *directoryPath) AddSymlink(path, target string) error {
-	p.directory.items[path] = &symlink{
-		resource: newResource(defaultSymlinkMode),
-		target:   target,
-	}
-	return nil
-}
-
-func (p *directoryPath) AddFile(path string, ops ...PathOp) error {
-	newFile := &file{resource: newResource(0)}
-	p.directory.items[path] = newFile
-	exp := &filePath{file: newFile}
-	return applyPathOps(exp, ops)
-}
-
-func (p *directoryPath) AddDirectory(path string, ops ...PathOp) error {
-	newDir := newDirectoryWithDefaults()
-	p.directory.items[path] = newDir
-	exp := &directoryPath{directory: newDir}
-	return applyPathOps(exp, ops)
-}
-
-// Expected returns a Manifest with a directory structured created by ops. The
-// PathOp operations are applied to the manifest as expectations of the
-// filesystem structure and properties.
-func Expected(t assert.TestingT, ops ...PathOp) Manifest {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-
-	newDir := newDirectoryWithDefaults()
-	e := &directoryPath{directory: newDir}
-	assert.NilError(t, applyPathOps(e, ops))
-	return Manifest{root: newDir}
-}
-
-func newDirectoryWithDefaults() *directory {
-	return &directory{
-		resource: newResource(defaultRootDirMode),
-		items:    make(map[string]dirEntry),
-	}
-}
-
-func newResource(mode os.FileMode) resource {
-	return resource{
-		mode: mode,
-		uid:  currentUID(),
-		gid:  currentGID(),
-	}
-}
-
-func currentUID() uint32 {
-	return normalizeID(os.Getuid())
-}
-
-func currentGID() uint32 {
-	return normalizeID(os.Getgid())
-}
-
-func normalizeID(id int) uint32 {
-	// ids will be -1 on windows
-	if id < 0 {
-		return 0
-	}
-	return uint32(id)
-}
-
-var anyFileContent = ioutil.NopCloser(bytes.NewReader(nil))
-
-// MatchAnyFileContent is a PathOp that updates a Manifest so that the file
-// at path may contain any content.
-func MatchAnyFileContent(path Path) error {
-	if m, ok := path.(*filePath); ok {
-		m.SetContent(anyFileContent)
-	}
-	return nil
-}
-
-const anyFile = "*"
-
-// MatchExtraFiles is a PathOp that updates a Manifest to allow a directory
-// to contain unspecified files.
-func MatchExtraFiles(path Path) error {
-	if m, ok := path.(*directoryPath); ok {
-		m.AddFile(anyFile)
-	}
-	return nil
-}
-
-// anyFileMode is represented by uint32_max
-const anyFileMode os.FileMode = 4294967295
-
-// MatchAnyFileMode is a PathOp that updates a Manifest so that the resource at path
-// will match any file mode.
-func MatchAnyFileMode(path Path) error {
-	if m, ok := path.(manifestResource); ok {
-		m.SetMode(anyFileMode)
-	}
-	return nil
-}
diff --git a/vendor/gotest.tools/fs/report.go b/vendor/gotest.tools/fs/report.go
deleted file mode 100644
index 4de85a6ef7318..0000000000000
--- a/vendor/gotest.tools/fs/report.go
+++ /dev/null
@@ -1,215 +0,0 @@
-package fs
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"sort"
-	"strings"
-
-	"gotest.tools/assert/cmp"
-	"gotest.tools/internal/format"
-)
-
-// Equal compares a directory to the expected structured described by a manifest
-// and returns success if they match. If they do not match the failure message
-// will contain all the differences between the directory structure and the
-// expected structure defined by the Manifest.
-//
-// Equal is a cmp.Comparison which can be used with assert.Assert().
-func Equal(path string, expected Manifest) cmp.Comparison {
-	return func() cmp.Result {
-		actual, err := manifestFromDir(path)
-		if err != nil {
-			return cmp.ResultFromError(err)
-		}
-		failures := eqDirectory(string(os.PathSeparator), expected.root, actual.root)
-		if len(failures) == 0 {
-			return cmp.ResultSuccess
-		}
-		msg := fmt.Sprintf("directory %s does not match expected:\n", path)
-		return cmp.ResultFailure(msg + formatFailures(failures))
-	}
-}
-
-type failure struct {
-	path     string
-	problems []problem
-}
-
-type problem string
-
-func notEqual(property string, x, y interface{}) problem {
-	return problem(fmt.Sprintf("%s: expected %s got %s", property, x, y))
-}
-
-func errProblem(reason string, err error) problem {
-	return problem(fmt.Sprintf("%s: %s", reason, err))
-}
-
-func existenceProblem(filename, reason string, args ...interface{}) problem {
-	return problem(filename + ": " + fmt.Sprintf(reason, args...))
-}
-
-func eqResource(x, y resource) []problem {
-	var p []problem
-	if x.uid != y.uid {
-		p = append(p, notEqual("uid", x.uid, y.uid))
-	}
-	if x.gid != y.gid {
-		p = append(p, notEqual("gid", x.gid, y.gid))
-	}
-	if x.mode != anyFileMode && x.mode != y.mode {
-		p = append(p, notEqual("mode", x.mode, y.mode))
-	}
-	return p
-}
-
-func eqFile(x, y *file) []problem {
-	p := eqResource(x.resource, y.resource)
-
-	switch {
-	case x.content == nil:
-		p = append(p, existenceProblem("content", "expected content is nil"))
-		return p
-	case x.content == anyFileContent:
-		return p
-	case y.content == nil:
-		p = append(p, existenceProblem("content", "actual content is nil"))
-		return p
-	}
-
-	xContent, xErr := ioutil.ReadAll(x.content)
-	defer x.content.Close()
-	yContent, yErr := ioutil.ReadAll(y.content)
-	defer y.content.Close()
-
-	if xErr != nil {
-		p = append(p, errProblem("failed to read expected content", xErr))
-	}
-	if yErr != nil {
-		p = append(p, errProblem("failed to read actual content", xErr))
-	}
-	if xErr != nil || yErr != nil {
-		return p
-	}
-
-	if !bytes.Equal(xContent, yContent) {
-		p = append(p, diffContent(xContent, yContent))
-	}
-	return p
-}
-
-func diffContent(x, y []byte) problem {
-	diff := format.UnifiedDiff(format.DiffConfig{
-		A:    string(x),
-		B:    string(y),
-		From: "expected",
-		To:   "actual",
-	})
-	// Remove the trailing newline in the diff. A trailing newline is always
-	// added to a problem by formatFailures.
-	diff = strings.TrimSuffix(diff, "\n")
-	return problem("content:\n" + indent(diff, "    "))
-}
-
-func indent(s, prefix string) string {
-	buf := new(bytes.Buffer)
-	lines := strings.SplitAfter(s, "\n")
-	for _, line := range lines {
-		buf.WriteString(prefix + line)
-	}
-	return buf.String()
-}
-
-func eqSymlink(x, y *symlink) []problem {
-	p := eqResource(x.resource, y.resource)
-	if x.target != y.target {
-		p = append(p, notEqual("target", x.target, y.target))
-	}
-	return p
-}
-
-func eqDirectory(path string, x, y *directory) []failure {
-	p := eqResource(x.resource, y.resource)
-	var f []failure
-
-	for _, name := range sortedKeys(x.items) {
-		if name == anyFile {
-			continue
-		}
-		xEntry := x.items[name]
-		yEntry, ok := y.items[name]
-		if !ok {
-			p = append(p, existenceProblem(name, "expected %s to exist", xEntry.Type()))
-			continue
-		}
-
-		if xEntry.Type() != yEntry.Type() {
-			p = append(p, notEqual(name, xEntry.Type(), yEntry.Type()))
-			continue
-		}
-
-		f = append(f, eqEntry(filepath.Join(path, name), xEntry, yEntry)...)
-	}
-
-	if _, ok := x.items[anyFile]; !ok {
-		for _, name := range sortedKeys(y.items) {
-			if _, ok := x.items[name]; !ok {
-				yEntry := y.items[name]
-				p = append(p, existenceProblem(name, "unexpected %s", yEntry.Type()))
-			}
-		}
-	}
-
-	if len(p) > 0 {
-		f = append(f, failure{path: path, problems: p})
-	}
-	return f
-}
-
-func sortedKeys(items map[string]dirEntry) []string {
-	var keys []string
-	for key := range items {
-		keys = append(keys, key)
-	}
-	sort.Strings(keys)
-	return keys
-}
-
-// eqEntry assumes x and y to be the same type
-func eqEntry(path string, x, y dirEntry) []failure {
-	resp := func(problems []problem) []failure {
-		if len(problems) == 0 {
-			return nil
-		}
-		return []failure{{path: path, problems: problems}}
-	}
-
-	switch typed := x.(type) {
-	case *file:
-		return resp(eqFile(typed, y.(*file)))
-	case *symlink:
-		return resp(eqSymlink(typed, y.(*symlink)))
-	case *directory:
-		return eqDirectory(path, typed, y.(*directory))
-	}
-	return nil
-}
-
-func formatFailures(failures []failure) string {
-	sort.Slice(failures, func(i, j int) bool {
-		return failures[i].path < failures[j].path
-	})
-
-	buf := new(bytes.Buffer)
-	for _, failure := range failures {
-		buf.WriteString(failure.path + "\n")
-		for _, problem := range failure.problems {
-			buf.WriteString("  " + string(problem) + "\n")
-		}
-	}
-	return buf.String()
-}
diff --git a/vendor/gotest.tools/icmd/ops.go b/vendor/gotest.tools/icmd/ops.go
deleted file mode 100644
index 02b1d840235e8..0000000000000
--- a/vendor/gotest.tools/icmd/ops.go
+++ /dev/null
@@ -1,4 +0,0 @@
-package icmd
-
-// CmdOp is an operation which modified a Cmd structure used to execute commands
-type CmdOp func(*Cmd)
diff --git a/vendor/gotest.tools/internal/format/format.go b/vendor/gotest.tools/internal/format/format.go
deleted file mode 100644
index 8f6494f99421d..0000000000000
--- a/vendor/gotest.tools/internal/format/format.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package format // import "gotest.tools/internal/format"
-
-import "fmt"
-
-// Message accepts a msgAndArgs varargs and formats it using fmt.Sprintf
-func Message(msgAndArgs ...interface{}) string {
-	switch len(msgAndArgs) {
-	case 0:
-		return ""
-	case 1:
-		return fmt.Sprintf("%v", msgAndArgs[0])
-	default:
-		return fmt.Sprintf(msgAndArgs[0].(string), msgAndArgs[1:]...)
-	}
-}
-
-// WithCustomMessage accepts one or two messages and formats them appropriately
-func WithCustomMessage(source string, msgAndArgs ...interface{}) string {
-	custom := Message(msgAndArgs...)
-	switch {
-	case custom == "":
-		return source
-	case source == "":
-		return custom
-	}
-	return fmt.Sprintf("%s: %s", source, custom)
-}
diff --git a/vendor/gotest.tools/internal/source/source.go b/vendor/gotest.tools/internal/source/source.go
deleted file mode 100644
index a05933cc3380e..0000000000000
--- a/vendor/gotest.tools/internal/source/source.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package source // import "gotest.tools/internal/source"
-
-import (
-	"bytes"
-	"fmt"
-	"go/ast"
-	"go/format"
-	"go/parser"
-	"go/token"
-	"os"
-	"runtime"
-	"strconv"
-	"strings"
-
-	"github.com/pkg/errors"
-)
-
-const baseStackIndex = 1
-
-// FormattedCallExprArg returns the argument from an ast.CallExpr at the
-// index in the call stack. The argument is formatted using FormatNode.
-func FormattedCallExprArg(stackIndex int, argPos int) (string, error) {
-	args, err := CallExprArgs(stackIndex + 1)
-	if err != nil {
-		return "", err
-	}
-	return FormatNode(args[argPos])
-}
-
-func getNodeAtLine(filename string, lineNum int) (ast.Node, error) {
-	fileset := token.NewFileSet()
-	astFile, err := parser.ParseFile(fileset, filename, nil, parser.AllErrors)
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to parse source file: %s", filename)
-	}
-
-	node := scanToLine(fileset, astFile, lineNum)
-	if node == nil {
-		return nil, errors.Errorf(
-			"failed to find an expression on line %d in %s", lineNum, filename)
-	}
-	return node, nil
-}
-
-func scanToLine(fileset *token.FileSet, node ast.Node, lineNum int) ast.Node {
-	v := &scanToLineVisitor{lineNum: lineNum, fileset: fileset}
-	ast.Walk(v, node)
-	return v.matchedNode
-}
-
-type scanToLineVisitor struct {
-	lineNum     int
-	matchedNode ast.Node
-	fileset     *token.FileSet
-}
-
-func (v *scanToLineVisitor) Visit(node ast.Node) ast.Visitor {
-	if node == nil || v.matchedNode != nil {
-		return nil
-	}
-	if v.nodePosition(node).Line == v.lineNum {
-		v.matchedNode = node
-		return nil
-	}
-	return v
-}
-
-// In golang 1.9 the line number changed from being the line where the statement
-// ended to the line where the statement began.
-func (v *scanToLineVisitor) nodePosition(node ast.Node) token.Position {
-	if goVersionBefore19 {
-		return v.fileset.Position(node.End())
-	}
-	return v.fileset.Position(node.Pos())
-}
-
-var goVersionBefore19 = isGOVersionBefore19()
-
-func isGOVersionBefore19() bool {
-	version := runtime.Version()
-	// not a release version
-	if !strings.HasPrefix(version, "go") {
-		return false
-	}
-	version = strings.TrimPrefix(version, "go")
-	parts := strings.Split(version, ".")
-	if len(parts) < 2 {
-		return false
-	}
-	minor, err := strconv.ParseInt(parts[1], 10, 32)
-	return err == nil && parts[0] == "1" && minor < 9
-}
-
-func getCallExprArgs(node ast.Node) ([]ast.Expr, error) {
-	visitor := &callExprVisitor{}
-	ast.Walk(visitor, node)
-	if visitor.expr == nil {
-		return nil, errors.New("failed to find call expression")
-	}
-	return visitor.expr.Args, nil
-}
-
-type callExprVisitor struct {
-	expr *ast.CallExpr
-}
-
-func (v *callExprVisitor) Visit(node ast.Node) ast.Visitor {
-	if v.expr != nil || node == nil {
-		return nil
-	}
-	debug("visit (%T): %s", node, debugFormatNode{node})
-
-	if callExpr, ok := node.(*ast.CallExpr); ok {
-		v.expr = callExpr
-		return nil
-	}
-	return v
-}
-
-// FormatNode using go/format.Node and return the result as a string
-func FormatNode(node ast.Node) (string, error) {
-	buf := new(bytes.Buffer)
-	err := format.Node(buf, token.NewFileSet(), node)
-	return buf.String(), err
-}
-
-// CallExprArgs returns the ast.Expr slice for the args of an ast.CallExpr at
-// the index in the call stack.
-func CallExprArgs(stackIndex int) ([]ast.Expr, error) {
-	_, filename, lineNum, ok := runtime.Caller(baseStackIndex + stackIndex)
-	if !ok {
-		return nil, errors.New("failed to get call stack")
-	}
-	debug("call stack position: %s:%d", filename, lineNum)
-
-	node, err := getNodeAtLine(filename, lineNum)
-	if err != nil {
-		return nil, err
-	}
-	debug("found node (%T): %s", node, debugFormatNode{node})
-
-	return getCallExprArgs(node)
-}
-
-var debugEnabled = os.Getenv("GOTESTYOURSELF_DEBUG") != ""
-
-func debug(format string, args ...interface{}) {
-	if debugEnabled {
-		fmt.Fprintf(os.Stderr, "DEBUG: "+format+"\n", args...)
-	}
-}
-
-type debugFormatNode struct {
-	ast.Node
-}
-
-func (n debugFormatNode) String() string {
-	out, err := FormatNode(n.Node)
-	if err != nil {
-		return fmt.Sprintf("failed to format %s: %s", n.Node, err)
-	}
-	return out
-}
diff --git a/vendor/gotest.tools/skip/skip.go b/vendor/gotest.tools/skip/skip.go
deleted file mode 100644
index 4bfc9a11c2da1..0000000000000
--- a/vendor/gotest.tools/skip/skip.go
+++ /dev/null
@@ -1,71 +0,0 @@
-/*Package skip provides functions for skipping a test and printing the source code
-of the condition used to skip the test.
-*/
-package skip // import "gotest.tools/skip"
-
-import (
-	"fmt"
-	"path"
-	"reflect"
-	"runtime"
-	"strings"
-
-	"gotest.tools/internal/format"
-	"gotest.tools/internal/source"
-)
-
-type skipT interface {
-	Skip(args ...interface{})
-	Log(args ...interface{})
-}
-
-type helperT interface {
-	Helper()
-}
-
-// BoolOrCheckFunc can be a bool or func() bool, other types will panic
-type BoolOrCheckFunc interface{}
-
-// If the condition expression evaluates to true, or the condition function returns
-// true, skip the test.
-// The skip message will contain the source code of the expression.
-// Extra message text can be passed as a format string with args
-func If(t skipT, condition BoolOrCheckFunc, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	switch check := condition.(type) {
-	case bool:
-		ifCondition(t, check, msgAndArgs...)
-	case func() bool:
-		if check() {
-			t.Skip(format.WithCustomMessage(getFunctionName(check), msgAndArgs...))
-		}
-	default:
-		panic(fmt.Sprintf("invalid type for condition arg: %T", check))
-	}
-}
-
-func getFunctionName(function func() bool) string {
-	funcPath := runtime.FuncForPC(reflect.ValueOf(function).Pointer()).Name()
-	return strings.SplitN(path.Base(funcPath), ".", 2)[1]
-}
-
-func ifCondition(t skipT, condition bool, msgAndArgs ...interface{}) {
-	if ht, ok := t.(helperT); ok {
-		ht.Helper()
-	}
-	if !condition {
-		return
-	}
-	const (
-		stackIndex = 2
-		argPos     = 1
-	)
-	source, err := source.FormattedCallExprArg(stackIndex, argPos)
-	if err != nil {
-		t.Log(err.Error())
-		t.Skip(format.Message(msgAndArgs...))
-	}
-	t.Skip(format.WithCustomMessage(source, msgAndArgs...))
-}
diff --git a/vendor/gotest.tools/v3/LICENSE b/vendor/gotest.tools/v3/LICENSE
new file mode 100644
index 0000000000000..aeaa2fac3dcb3
--- /dev/null
+++ b/vendor/gotest.tools/v3/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2018 gotest.tools authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/vendor/gotest.tools/v3/README.md b/vendor/gotest.tools/v3/README.md
new file mode 100644
index 0000000000000..b63e8c08b15d2
--- /dev/null
+++ b/vendor/gotest.tools/v3/README.md
@@ -0,0 +1,50 @@
+# gotest.tools
+
+A collection of packages to augment `testing` and support common patterns.
+
+[![GoDoc](https://godoc.org/gotest.tools?status.svg)](https://pkg.go.dev/gotest.tools/v3/?tab=subdirectories)
+[![CircleCI](https://circleci.com/gh/gotestyourself/gotest.tools/tree/master.svg?style=shield)](https://circleci.com/gh/gotestyourself/gotest.tools/tree/master)
+[![Go Reportcard](https://goreportcard.com/badge/gotest.tools)](https://goreportcard.com/report/gotest.tools)
+
+## Usage
+
+With Go modules enabled (go1.11+)
+
+```
+$ go get gotest.tools/v3
+```
+
+```
+import "gotest.tools/v3/assert"
+```
+
+To use `gotest.tools` with an older version of Go that does not understand Go
+module paths pin to version `v2.3.0`.
+
+
+## Packages
+
+* [assert](http://pkg.go.dev/gotest.tools/v3/assert) -
+  compare values and fail the test when a comparison fails
+* [env](http://pkg.go.dev/gotest.tools/v3/env) -
+  test code which uses environment variables
+* [fs](http://pkg.go.dev/gotest.tools/v3/fs) -
+  create temporary files and compare a filesystem tree to an expected value
+* [golden](http://pkg.go.dev/gotest.tools/v3/golden) -
+  compare large multi-line strings against values frozen in golden files
+* [icmd](http://pkg.go.dev/gotest.tools/v3/icmd) -
+  execute binaries and test the output
+* [poll](http://pkg.go.dev/gotest.tools/v3/poll) -
+  test asynchronous code by polling until a desired state is reached
+* [skip](http://pkg.go.dev/gotest.tools/v3/skip) -
+  skip a test and print the source code of the condition used to skip the test
+
+## Related
+
+* [gotest.tools/gotestsum](https://github.com/gotestyourself/gotestsum) - go test runner with custom output
+* [maxbrunsfeld/counterfeiter](https://github.com/maxbrunsfeld/counterfeiter) - generate fakes for interfaces
+* [jonboulle/clockwork](https://github.com/jonboulle/clockwork) - a fake clock for testing code that uses `time`
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md).
diff --git a/vendor/gotest.tools/v3/assert/assert.go b/vendor/gotest.tools/v3/assert/assert.go
new file mode 100644
index 0000000000000..f3f805dde9c98
--- /dev/null
+++ b/vendor/gotest.tools/v3/assert/assert.go
@@ -0,0 +1,219 @@
+/*Package assert provides assertions for comparing expected values to actual
+values. When an assertion fails a helpful error message is printed.
+
+Assert and Check
+
+Assert() and Check() both accept a Comparison, and fail the test when the
+comparison fails. The one difference is that Assert() will end the test execution
+immediately (using t.FailNow()) whereas Check() will fail the test (using t.Fail()),
+return the value of the comparison, then proceed with the rest of the test case.
+
+Example usage
+
+The example below shows assert used with some common types.
+
+
+	import (
+	    "testing"
+
+	    "gotest.tools/assert"
+	    is "gotest.tools/assert/cmp"
+	)
+
+	func TestEverything(t *testing.T) {
+	    // booleans
+	    assert.Assert(t, ok)
+	    assert.Assert(t, !missing)
+
+	    // primitives
+	    assert.Equal(t, count, 1)
+	    assert.Equal(t, msg, "the message")
+	    assert.Assert(t, total != 10) // NotEqual
+
+	    // errors
+	    assert.NilError(t, closer.Close())
+	    assert.Error(t, err, "the exact error message")
+	    assert.ErrorContains(t, err, "includes this")
+	    assert.ErrorType(t, err, os.IsNotExist)
+
+	    // complex types
+	    assert.DeepEqual(t, result, myStruct{Name: "title"})
+	    assert.Assert(t, is.Len(items, 3))
+	    assert.Assert(t, len(sequence) != 0) // NotEmpty
+	    assert.Assert(t, is.Contains(mapping, "key"))
+
+	    // pointers and interface
+	    assert.Assert(t, is.Nil(ref))
+	    assert.Assert(t, ref != nil) // NotNil
+	}
+
+Comparisons
+
+Package http://pkg.go.dev/gotest.tools/v3/assert/cmp provides
+many common comparisons. Additional comparisons can be written to compare
+values in other ways. See the example Assert (CustomComparison).
+
+Automated migration from testify
+
+gty-migrate-from-testify is a command which translates Go source code from
+testify assertions to the assertions provided by this package.
+
+See http://pkg.go.dev/gotest.tools/v3/assert/cmd/gty-migrate-from-testify.
+
+
+*/
+package assert // import "gotest.tools/v3/assert"
+
+import (
+	gocmp "github.com/google/go-cmp/cmp"
+	"gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/internal/assert"
+)
+
+// BoolOrComparison can be a bool, or cmp.Comparison. See Assert() for usage.
+type BoolOrComparison interface{}
+
+// TestingT is the subset of testing.T used by the assert package.
+type TestingT interface {
+	FailNow()
+	Fail()
+	Log(args ...interface{})
+}
+
+type helperT interface {
+	Helper()
+}
+
+// Assert performs a comparison. If the comparison fails, the test is marked as
+// failed, a failure message is logged, and execution is stopped immediately.
+//
+// The comparison argument may be one of three types:
+//   bool
+// True is success. False is a failure.
+// The failure message will contain the literal source code of the expression.
+//   cmp.Comparison
+// Uses cmp.Result.Success() to check for success of failure.
+// The comparison is responsible for producing a helpful failure message.
+// http://pkg.go.dev/gotest.tools/v3/assert/cmp provides many common comparisons.
+//   error
+// A nil value is considered success.
+// A non-nil error is a failure, err.Error() is used as the failure message.
+func Assert(t TestingT, comparison BoolOrComparison, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !assert.Eval(t, assert.ArgsFromComparisonCall, comparison, msgAndArgs...) {
+		t.FailNow()
+	}
+}
+
+// Check performs a comparison. If the comparison fails the test is marked as
+// failed, a failure message is logged, and Check returns false. Otherwise returns
+// true.
+//
+// See Assert for details about the comparison arg and failure messages.
+func Check(t TestingT, comparison BoolOrComparison, msgAndArgs ...interface{}) bool {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !assert.Eval(t, assert.ArgsFromComparisonCall, comparison, msgAndArgs...) {
+		t.Fail()
+		return false
+	}
+	return true
+}
+
+// NilError fails the test immediately if err is not nil.
+// This is equivalent to Assert(t, err)
+func NilError(t TestingT, err error, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !assert.Eval(t, assert.ArgsAfterT, err, msgAndArgs...) {
+		t.FailNow()
+	}
+}
+
+// Equal uses the == operator to assert two values are equal and fails the test
+// if they are not equal.
+//
+// If the comparison fails Equal will use the variable names for x and y as part
+// of the failure message to identify the actual and expected values.
+//
+// If either x or y are a multi-line string the failure message will include a
+// unified diff of the two values. If the values only differ by whitespace
+// the unified diff will be augmented by replacing whitespace characters with
+// visible characters to identify the whitespace difference.
+//
+// This is equivalent to Assert(t, cmp.Equal(x, y)).
+func Equal(t TestingT, x, y interface{}, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !assert.Eval(t, assert.ArgsAfterT, cmp.Equal(x, y), msgAndArgs...) {
+		t.FailNow()
+	}
+}
+
+// DeepEqual uses google/go-cmp (https://godoc.org/github.com/google/go-cmp/cmp)
+// to assert two values are equal and fails the test if they are not equal.
+//
+// Package http://pkg.go.dev/gotest.tools/v3/assert/opt provides some additional
+// commonly used Options.
+//
+// This is equivalent to Assert(t, cmp.DeepEqual(x, y)).
+func DeepEqual(t TestingT, x, y interface{}, opts ...gocmp.Option) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !assert.Eval(t, assert.ArgsAfterT, cmp.DeepEqual(x, y, opts...)) {
+		t.FailNow()
+	}
+}
+
+// Error fails the test if err is nil, or the error message is not the expected
+// message.
+// Equivalent to Assert(t, cmp.Error(err, message)).
+func Error(t TestingT, err error, message string, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !assert.Eval(t, assert.ArgsAfterT, cmp.Error(err, message), msgAndArgs...) {
+		t.FailNow()
+	}
+}
+
+// ErrorContains fails the test if err is nil, or the error message does not
+// contain the expected substring.
+// Equivalent to Assert(t, cmp.ErrorContains(err, substring)).
+func ErrorContains(t TestingT, err error, substring string, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !assert.Eval(t, assert.ArgsAfterT, cmp.ErrorContains(err, substring), msgAndArgs...) {
+		t.FailNow()
+	}
+}
+
+// ErrorType fails the test if err is nil, or err is not the expected type.
+// Equivalent to Assert(t, cmp.ErrorType(err, expected)).
+//
+// Expected can be one of:
+//   func(error) bool
+// Function should return true if the error is the expected type.
+//   type struct{}, type &struct{}
+// A struct or a pointer to a struct.
+// Fails if the error is not of the same type as expected.
+//   type &interface{}
+// A pointer to an interface type.
+// Fails if err does not implement the interface.
+//   reflect.Type
+// Fails if err does not implement the reflect.Type
+func ErrorType(t TestingT, err error, expected interface{}, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !assert.Eval(t, assert.ArgsAfterT, cmp.ErrorType(err, expected), msgAndArgs...) {
+		t.FailNow()
+	}
+}
diff --git a/vendor/gotest.tools/assert/cmp/compare.go b/vendor/gotest.tools/v3/assert/cmp/compare.go
similarity index 80%
rename from vendor/gotest.tools/assert/cmp/compare.go
rename to vendor/gotest.tools/v3/assert/cmp/compare.go
index ae03749e203b6..3c0e05ab5fe93 100644
--- a/vendor/gotest.tools/assert/cmp/compare.go
+++ b/vendor/gotest.tools/v3/assert/cmp/compare.go
@@ -1,13 +1,14 @@
 /*Package cmp provides Comparisons for Assert and Check*/
-package cmp // import "gotest.tools/assert/cmp"
+package cmp // import "gotest.tools/v3/assert/cmp"
 
 import (
 	"fmt"
 	"reflect"
+	"regexp"
 	"strings"
 
 	"github.com/google/go-cmp/cmp"
-	"gotest.tools/internal/format"
+	"gotest.tools/v3/internal/format"
 )
 
 // Comparison is a function which compares values and returns ResultSuccess if
@@ -15,11 +16,12 @@ import (
 // Result will contain a message about why it failed.
 type Comparison func() Result
 
-// DeepEqual compares two values using google/go-cmp (http://bit.do/go-cmp)
+// DeepEqual compares two values using google/go-cmp
+// (https://godoc.org/github.com/google/go-cmp/cmp)
 // and succeeds if the values are equal.
 //
 // The comparison can be customized using comparison Options.
-// Package https://godoc.org/gotest.tools/assert/opt provides some additional
+// Package http://pkg.go.dev/gotest.tools/v3/assert/opt provides some additional
 // commonly used Options.
 func DeepEqual(x, y interface{}, opts ...cmp.Option) Comparison {
 	return func() (result Result) {
@@ -58,6 +60,39 @@ func toResult(success bool, msg string) Result {
 	return ResultFailure(msg)
 }
 
+// RegexOrPattern may be either a *regexp.Regexp or a string that is a valid
+// regexp pattern.
+type RegexOrPattern interface{}
+
+// Regexp succeeds if value v matches regular expression re.
+//
+// Example:
+//   assert.Assert(t, cmp.Regexp("^[0-9a-f]{32}$", str))
+//   r := regexp.MustCompile("^[0-9a-f]{32}$")
+//   assert.Assert(t, cmp.Regexp(r, str))
+func Regexp(re RegexOrPattern, v string) Comparison {
+	match := func(re *regexp.Regexp) Result {
+		return toResult(
+			re.MatchString(v),
+			fmt.Sprintf("value %q does not match regexp %q", v, re.String()))
+	}
+
+	return func() Result {
+		switch regex := re.(type) {
+		case *regexp.Regexp:
+			return match(regex)
+		case string:
+			re, err := regexp.Compile(regex)
+			if err != nil {
+				return ResultFailure(err.Error())
+			}
+			return match(re)
+		default:
+			return ResultFailure(fmt.Sprintf("invalid type %T for regex pattern", regex))
+		}
+	}
+}
+
 // Equal succeeds if x == y. See assert.Equal for full documentation.
 func Equal(x, y interface{}) Comparison {
 	return func() Result {
@@ -69,10 +104,10 @@ func Equal(x, y interface{}) Comparison {
 			return multiLineDiffResult(diff)
 		}
 		return ResultFailureTemplate(`
-			{{- .Data.x}} (
+			{{- printf "%v" .Data.x}} (
 				{{- with callArg 0 }}{{ formatNode . }} {{end -}}
 				{{- printf "%T" .Data.x -}}
-			) != {{ .Data.y}} (
+			) != {{ printf "%v" .Data.y}} (
 				{{- with callArg 1 }}{{ formatNode . }} {{end -}}
 				{{- printf "%T" .Data.y -}}
 			)`,
@@ -186,7 +221,7 @@ func Error(err error, message string) Comparison {
 			return ResultFailure("expected an error, got nil")
 		case err.Error() != message:
 			return ResultFailure(fmt.Sprintf(
-				"expected error %q, got %+v", message, err))
+				"expected error %q, got %s", message, formatErrorMessage(err)))
 		}
 		return ResultSuccess
 	}
@@ -201,12 +236,24 @@ func ErrorContains(err error, substring string) Comparison {
 			return ResultFailure("expected an error, got nil")
 		case !strings.Contains(err.Error(), substring):
 			return ResultFailure(fmt.Sprintf(
-				"expected error to contain %q, got %+v", substring, err))
+				"expected error to contain %q, got %s", substring, formatErrorMessage(err)))
 		}
 		return ResultSuccess
 	}
 }
 
+type causer interface {
+	Cause() error
+}
+
+func formatErrorMessage(err error) string {
+	if _, ok := err.(causer); ok {
+		return fmt.Sprintf("%q\n%+v", err, err)
+	}
+	// This error was not wrapped with github.com/pkg/errors
+	return fmt.Sprintf("%q", err)
+}
+
 // Nil succeeds if obj is a nil interface, pointer, or function.
 //
 // Use NilError() for comparing errors. Use Len(obj, 0) for comparing slices,
@@ -239,10 +286,16 @@ func isNil(obj interface{}, msgFunc func(reflect.Value) string) Comparison {
 // ErrorType succeeds if err is not nil and is of the expected type.
 //
 // Expected can be one of:
-// a func(error) bool which returns true if the error is the expected type,
-// an instance of (or a pointer to) a struct of the expected type,
-// a pointer to an interface the error is expected to implement,
-// a reflect.Type of the expected struct or interface.
+//   func(error) bool
+// Function should return true if the error is the expected type.
+//   type struct{}, type &struct{}
+// A struct or a pointer to a struct.
+// Fails if the error is not of the same type as expected.
+//   type &interface{}
+// A pointer to an interface type.
+// Fails if err does not implement the interface.
+//   reflect.Type
+// Fails if err does not implement the reflect.Type
 func ErrorType(err error, expected interface{}) Comparison {
 	return func() Result {
 		switch expectedType := expected.(type) {
diff --git a/vendor/gotest.tools/v3/assert/cmp/result.go b/vendor/gotest.tools/v3/assert/cmp/result.go
new file mode 100644
index 0000000000000..3b48d9bf0c0c3
--- /dev/null
+++ b/vendor/gotest.tools/v3/assert/cmp/result.go
@@ -0,0 +1,99 @@
+package cmp
+
+import (
+	"bytes"
+	"fmt"
+	"go/ast"
+	"text/template"
+
+	"gotest.tools/v3/internal/source"
+)
+
+// A Result of a Comparison.
+type Result interface {
+	Success() bool
+}
+
+// StringResult is an implementation of Result that reports the error message
+// string verbatim and does not provide any templating or formatting of the
+// message.
+type StringResult struct {
+	success bool
+	message string
+}
+
+// Success returns true if the comparison was successful.
+func (r StringResult) Success() bool {
+	return r.success
+}
+
+// FailureMessage returns the message used to provide additional information
+// about the failure.
+func (r StringResult) FailureMessage() string {
+	return r.message
+}
+
+// ResultSuccess is a constant which is returned by a ComparisonWithResult to
+// indicate success.
+var ResultSuccess = StringResult{success: true}
+
+// ResultFailure returns a failed Result with a failure message.
+func ResultFailure(message string) StringResult {
+	return StringResult{message: message}
+}
+
+// ResultFromError returns ResultSuccess if err is nil. Otherwise ResultFailure
+// is returned with the error message as the failure message.
+func ResultFromError(err error) Result {
+	if err == nil {
+		return ResultSuccess
+	}
+	return ResultFailure(err.Error())
+}
+
+type templatedResult struct {
+	template string
+	data     map[string]interface{}
+}
+
+func (r templatedResult) Success() bool {
+	return false
+}
+
+func (r templatedResult) FailureMessage(args []ast.Expr) string {
+	msg, err := renderMessage(r, args)
+	if err != nil {
+		return fmt.Sprintf("failed to render failure message: %s", err)
+	}
+	return msg
+}
+
+// ResultFailureTemplate returns a Result with a template string and data which
+// can be used to format a failure message. The template may access data from .Data,
+// the comparison args with the callArg function, and the formatNode function may
+// be used to format the call args.
+func ResultFailureTemplate(template string, data map[string]interface{}) Result {
+	return templatedResult{template: template, data: data}
+}
+
+func renderMessage(result templatedResult, args []ast.Expr) (string, error) {
+	tmpl := template.New("failure").Funcs(template.FuncMap{
+		"formatNode": source.FormatNode,
+		"callArg": func(index int) ast.Expr {
+			if index >= len(args) {
+				return nil
+			}
+			return args[index]
+		},
+	})
+	var err error
+	tmpl, err = tmpl.Parse(result.template)
+	if err != nil {
+		return "", err
+	}
+	buf := new(bytes.Buffer)
+	err = tmpl.Execute(buf, map[string]interface{}{
+		"Data": result.data,
+	})
+	return buf.String(), err
+}
diff --git a/vendor/gotest.tools/v3/env/env.go b/vendor/gotest.tools/v3/env/env.go
new file mode 100644
index 0000000000000..7a71acd0d7f41
--- /dev/null
+++ b/vendor/gotest.tools/v3/env/env.go
@@ -0,0 +1,118 @@
+/*Package env provides functions to test code that read environment variables
+or the current working directory.
+*/
+package env // import "gotest.tools/v3/env"
+
+import (
+	"os"
+	"strings"
+
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/internal/cleanup"
+)
+
+type helperT interface {
+	Helper()
+}
+
+// Patch changes the value of an environment variable, and returns a
+// function which will reset the the value of that variable back to the
+// previous state.
+//
+// When used with Go 1.14+ the unpatch function will be called automatically
+// when the test ends, unless the TEST_NOCLEANUP env var is set to true.
+func Patch(t assert.TestingT, key, value string) func() {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	oldValue, envVarExists := os.LookupEnv(key)
+	assert.NilError(t, os.Setenv(key, value))
+	clean := func() {
+		if ht, ok := t.(helperT); ok {
+			ht.Helper()
+		}
+		if !envVarExists {
+			assert.NilError(t, os.Unsetenv(key))
+			return
+		}
+		assert.NilError(t, os.Setenv(key, oldValue))
+	}
+	cleanup.Cleanup(t, clean)
+	return clean
+}
+
+// PatchAll sets the environment to env, and returns a function which will
+// reset the environment back to the previous state.
+//
+// When used with Go 1.14+ the unpatch function will be called automatically
+// when the test ends, unless the TEST_NOCLEANUP env var is set to true.
+func PatchAll(t assert.TestingT, env map[string]string) func() {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	oldEnv := os.Environ()
+	os.Clearenv()
+
+	for key, value := range env {
+		assert.NilError(t, os.Setenv(key, value), "setenv %s=%s", key, value)
+	}
+	clean := func() {
+		if ht, ok := t.(helperT); ok {
+			ht.Helper()
+		}
+		os.Clearenv()
+		for key, oldVal := range ToMap(oldEnv) {
+			assert.NilError(t, os.Setenv(key, oldVal), "setenv %s=%s", key, oldVal)
+		}
+	}
+	cleanup.Cleanup(t, clean)
+	return clean
+}
+
+// ToMap takes a list of strings in the format returned by os.Environ() and
+// returns a mapping of keys to values.
+func ToMap(env []string) map[string]string {
+	result := map[string]string{}
+	for _, raw := range env {
+		key, value := getParts(raw)
+		result[key] = value
+	}
+	return result
+}
+
+func getParts(raw string) (string, string) {
+	if raw == "" {
+		return "", ""
+	}
+	// Environment variables on windows can begin with =
+	// http://blogs.msdn.com/b/oldnewthing/archive/2010/05/06/10008132.aspx
+	parts := strings.SplitN(raw[1:], "=", 2)
+	key := raw[:1] + parts[0]
+	if len(parts) == 1 {
+		return key, ""
+	}
+	return key, parts[1]
+}
+
+// ChangeWorkingDir to the directory, and return a function which restores the
+// previous working directory.
+//
+// When used with Go 1.14+ the previous working directory will be restored
+// automatically when the test ends, unless the TEST_NOCLEANUP env var is set to
+// true.
+func ChangeWorkingDir(t assert.TestingT, dir string) func() {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	cwd, err := os.Getwd()
+	assert.NilError(t, err)
+	assert.NilError(t, os.Chdir(dir))
+	clean := func() {
+		if ht, ok := t.(helperT); ok {
+			ht.Helper()
+		}
+		assert.NilError(t, os.Chdir(cwd))
+	}
+	cleanup.Cleanup(t, clean)
+	return clean
+}
diff --git a/vendor/gotest.tools/v3/fs/file.go b/vendor/gotest.tools/v3/fs/file.go
new file mode 100644
index 0000000000000..de5f4ec120a5c
--- /dev/null
+++ b/vendor/gotest.tools/v3/fs/file.go
@@ -0,0 +1,115 @@
+/*Package fs provides tools for creating temporary files, and testing the
+contents and structure of a directory.
+*/
+package fs // import "gotest.tools/v3/fs"
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/internal/cleanup"
+)
+
+// Path objects return their filesystem path. Path may be implemented by a
+// real filesystem object (such as File and Dir) or by a type which updates
+// entries in a Manifest.
+type Path interface {
+	Path() string
+	Remove()
+}
+
+var (
+	_ Path = &Dir{}
+	_ Path = &File{}
+)
+
+// File is a temporary file on the filesystem
+type File struct {
+	path string
+}
+
+type helperT interface {
+	Helper()
+}
+
+// NewFile creates a new file in a temporary directory using prefix as part of
+// the filename. The PathOps are applied to the before returning the File.
+//
+// When used with Go 1.14+ the file will be automatically removed when the test
+// ends, unless the TEST_NOCLEANUP env var is set to true.
+func NewFile(t assert.TestingT, prefix string, ops ...PathOp) *File {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	tempfile, err := ioutil.TempFile("", cleanPrefix(prefix)+"-")
+	assert.NilError(t, err)
+
+	file := &File{path: tempfile.Name()}
+	cleanup.Cleanup(t, file.Remove)
+
+	assert.NilError(t, tempfile.Close())
+	assert.NilError(t, applyPathOps(file, ops))
+	return file
+}
+
+func cleanPrefix(prefix string) string {
+	// windows requires both / and \ are replaced
+	if runtime.GOOS == "windows" {
+		prefix = strings.Replace(prefix, string(os.PathSeparator), "-", -1)
+	}
+	return strings.Replace(prefix, "/", "-", -1)
+}
+
+// Path returns the full path to the file
+func (f *File) Path() string {
+	return f.path
+}
+
+// Remove the file
+func (f *File) Remove() {
+	// nolint: errcheck
+	os.Remove(f.path)
+}
+
+// Dir is a temporary directory
+type Dir struct {
+	path string
+}
+
+// NewDir returns a new temporary directory using prefix as part of the directory
+// name. The PathOps are applied before returning the Dir.
+//
+// When used with Go 1.14+ the directory will be automatically removed when the test
+// ends, unless the TEST_NOCLEANUP env var is set to true.
+func NewDir(t assert.TestingT, prefix string, ops ...PathOp) *Dir {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	path, err := ioutil.TempDir("", cleanPrefix(prefix)+"-")
+	assert.NilError(t, err)
+	dir := &Dir{path: path}
+	cleanup.Cleanup(t, dir.Remove)
+
+	assert.NilError(t, applyPathOps(dir, ops))
+	return dir
+}
+
+// Path returns the full path to the directory
+func (d *Dir) Path() string {
+	return d.path
+}
+
+// Remove the directory
+func (d *Dir) Remove() {
+	// nolint: errcheck
+	os.RemoveAll(d.path)
+}
+
+// Join returns a new path with this directory as the base of the path
+func (d *Dir) Join(parts ...string) string {
+	return filepath.Join(append([]string{d.Path()}, parts...)...)
+}
diff --git a/vendor/gotest.tools/v3/fs/manifest.go b/vendor/gotest.tools/v3/fs/manifest.go
new file mode 100644
index 0000000000000..d396756376b30
--- /dev/null
+++ b/vendor/gotest.tools/v3/fs/manifest.go
@@ -0,0 +1,139 @@
+package fs
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
+)
+
+// Manifest stores the expected structure and properties of files and directories
+// in a filesystem.
+type Manifest struct {
+	root *directory
+}
+
+type resource struct {
+	mode os.FileMode
+	uid  uint32
+	gid  uint32
+}
+
+type file struct {
+	resource
+	content             io.ReadCloser
+	ignoreCariageReturn bool
+	compareContentFunc  func(b []byte) CompareResult
+}
+
+func (f *file) Type() string {
+	return "file"
+}
+
+type symlink struct {
+	resource
+	target string
+}
+
+func (f *symlink) Type() string {
+	return "symlink"
+}
+
+type directory struct {
+	resource
+	items         map[string]dirEntry
+	filepathGlobs map[string]*filePath
+}
+
+func (f *directory) Type() string {
+	return "directory"
+}
+
+type dirEntry interface {
+	Type() string
+}
+
+// ManifestFromDir creates a Manifest by reading the directory at path. The
+// manifest stores the structure and properties of files in the directory.
+// ManifestFromDir can be used with Equal to compare two directories.
+func ManifestFromDir(t assert.TestingT, path string) Manifest {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+
+	manifest, err := manifestFromDir(path)
+	assert.NilError(t, err)
+	return manifest
+}
+
+func manifestFromDir(path string) (Manifest, error) {
+	info, err := os.Stat(path)
+	switch {
+	case err != nil:
+		return Manifest{}, err
+	case !info.IsDir():
+		return Manifest{}, errors.Errorf("path %s must be a directory", path)
+	}
+
+	directory, err := newDirectory(path, info)
+	return Manifest{root: directory}, err
+}
+
+func newDirectory(path string, info os.FileInfo) (*directory, error) {
+	items := make(map[string]dirEntry)
+	children, err := ioutil.ReadDir(path)
+	if err != nil {
+		return nil, err
+	}
+	for _, child := range children {
+		fullPath := filepath.Join(path, child.Name())
+		items[child.Name()], err = getTypedResource(fullPath, child)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &directory{
+		resource:      newResourceFromInfo(info),
+		items:         items,
+		filepathGlobs: make(map[string]*filePath),
+	}, nil
+}
+
+func getTypedResource(path string, info os.FileInfo) (dirEntry, error) {
+	switch {
+	case info.IsDir():
+		return newDirectory(path, info)
+	case info.Mode()&os.ModeSymlink != 0:
+		return newSymlink(path, info)
+	// TODO: devices, pipes?
+	default:
+		return newFile(path, info)
+	}
+}
+
+func newSymlink(path string, info os.FileInfo) (*symlink, error) {
+	target, err := os.Readlink(path)
+	if err != nil {
+		return nil, err
+	}
+	return &symlink{
+		resource: newResourceFromInfo(info),
+		target:   target,
+	}, err
+}
+
+func newFile(path string, info os.FileInfo) (*file, error) {
+	// TODO: defer file opening to reduce number of open FDs?
+	readCloser, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	return &file{
+		resource: newResourceFromInfo(info),
+		content:  readCloser,
+	}, err
+}
diff --git a/vendor/gotest.tools/fs/manifest_unix.go b/vendor/gotest.tools/v3/fs/manifest_unix.go
similarity index 100%
rename from vendor/gotest.tools/fs/manifest_unix.go
rename to vendor/gotest.tools/v3/fs/manifest_unix.go
diff --git a/vendor/gotest.tools/fs/manifest_windows.go b/vendor/gotest.tools/v3/fs/manifest_windows.go
similarity index 100%
rename from vendor/gotest.tools/fs/manifest_windows.go
rename to vendor/gotest.tools/v3/fs/manifest_windows.go
diff --git a/vendor/gotest.tools/v3/fs/ops.go b/vendor/gotest.tools/v3/fs/ops.go
new file mode 100644
index 0000000000000..4589623fa99a3
--- /dev/null
+++ b/vendor/gotest.tools/v3/fs/ops.go
@@ -0,0 +1,275 @@
+package fs
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/pkg/errors"
+	"gotest.tools/v3/assert"
+)
+
+const defaultFileMode = 0644
+
+// PathOp is a function which accepts a Path and performs an operation on that
+// path. When called with real filesystem objects (File or Dir) a PathOp modifies
+// the filesystem at the path. When used with a Manifest object a PathOp updates
+// the manifest to expect a value.
+type PathOp func(path Path) error
+
+type manifestResource interface {
+	SetMode(mode os.FileMode)
+	SetUID(uid uint32)
+	SetGID(gid uint32)
+}
+
+type manifestFile interface {
+	manifestResource
+	SetContent(content io.ReadCloser)
+}
+
+type manifestDirectory interface {
+	manifestResource
+	AddSymlink(path, target string) error
+	AddFile(path string, ops ...PathOp) error
+	AddDirectory(path string, ops ...PathOp) error
+}
+
+// WithContent writes content to a file at Path
+func WithContent(content string) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(manifestFile); ok {
+			m.SetContent(ioutil.NopCloser(strings.NewReader(content)))
+			return nil
+		}
+		return ioutil.WriteFile(path.Path(), []byte(content), defaultFileMode)
+	}
+}
+
+// WithBytes write bytes to a file at Path
+func WithBytes(raw []byte) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(manifestFile); ok {
+			m.SetContent(ioutil.NopCloser(bytes.NewReader(raw)))
+			return nil
+		}
+		return ioutil.WriteFile(path.Path(), raw, defaultFileMode)
+	}
+}
+
+// WithReaderContent copies the reader contents to the file at Path
+func WithReaderContent(r io.Reader) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(manifestFile); ok {
+			m.SetContent(ioutil.NopCloser(r))
+			return nil
+		}
+		f, err := os.OpenFile(path.Path(), os.O_WRONLY, defaultFileMode)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+		_, err = io.Copy(f, r)
+		return err
+	}
+}
+
+// AsUser changes ownership of the file system object at Path
+func AsUser(uid, gid int) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(manifestResource); ok {
+			m.SetUID(uint32(uid))
+			m.SetGID(uint32(gid))
+			return nil
+		}
+		return os.Chown(path.Path(), uid, gid)
+	}
+}
+
+// WithFile creates a file in the directory at path with content
+func WithFile(filename, content string, ops ...PathOp) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(manifestDirectory); ok {
+			ops = append([]PathOp{WithContent(content), WithMode(defaultFileMode)}, ops...)
+			return m.AddFile(filename, ops...)
+		}
+
+		fullpath := filepath.Join(path.Path(), filepath.FromSlash(filename))
+		if err := createFile(fullpath, content); err != nil {
+			return err
+		}
+		return applyPathOps(&File{path: fullpath}, ops)
+	}
+}
+
+func createFile(fullpath string, content string) error {
+	return ioutil.WriteFile(fullpath, []byte(content), defaultFileMode)
+}
+
+// WithFiles creates all the files in the directory at path with their content
+func WithFiles(files map[string]string) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(manifestDirectory); ok {
+			for filename, content := range files {
+				// TODO: remove duplication with WithFile
+				if err := m.AddFile(filename, WithContent(content), WithMode(defaultFileMode)); err != nil {
+					return err
+				}
+			}
+			return nil
+		}
+
+		for filename, content := range files {
+			fullpath := filepath.Join(path.Path(), filepath.FromSlash(filename))
+			if err := createFile(fullpath, content); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
+
+// FromDir copies the directory tree from the source path into the new Dir
+func FromDir(source string) PathOp {
+	return func(path Path) error {
+		if _, ok := path.(manifestDirectory); ok {
+			return errors.New("use manifest.FromDir")
+		}
+		return copyDirectory(source, path.Path())
+	}
+}
+
+// WithDir creates a subdirectory in the directory at path. Additional PathOp
+// can be used to modify the subdirectory
+func WithDir(name string, ops ...PathOp) PathOp {
+	const defaultMode = 0755
+	return func(path Path) error {
+		if m, ok := path.(manifestDirectory); ok {
+			ops = append([]PathOp{WithMode(defaultMode)}, ops...)
+			return m.AddDirectory(name, ops...)
+		}
+
+		fullpath := filepath.Join(path.Path(), filepath.FromSlash(name))
+		err := os.MkdirAll(fullpath, defaultMode)
+		if err != nil {
+			return err
+		}
+		return applyPathOps(&Dir{path: fullpath}, ops)
+	}
+}
+
+// Apply the PathOps to the File
+func Apply(t assert.TestingT, path Path, ops ...PathOp) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	assert.NilError(t, applyPathOps(path, ops))
+}
+
+func applyPathOps(path Path, ops []PathOp) error {
+	for _, op := range ops {
+		if err := op(path); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// WithMode sets the file mode on the directory or file at path
+func WithMode(mode os.FileMode) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(manifestResource); ok {
+			m.SetMode(mode)
+			return nil
+		}
+		return os.Chmod(path.Path(), mode)
+	}
+}
+
+func copyDirectory(source, dest string) error {
+	entries, err := ioutil.ReadDir(source)
+	if err != nil {
+		return err
+	}
+	for _, entry := range entries {
+		sourcePath := filepath.Join(source, entry.Name())
+		destPath := filepath.Join(dest, entry.Name())
+		switch {
+		case entry.IsDir():
+			if err := os.Mkdir(destPath, 0755); err != nil {
+				return err
+			}
+			if err := copyDirectory(sourcePath, destPath); err != nil {
+				return err
+			}
+		case entry.Mode()&os.ModeSymlink != 0:
+			if err := copySymLink(sourcePath, destPath); err != nil {
+				return err
+			}
+		default:
+			if err := copyFile(sourcePath, destPath); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func copySymLink(source, dest string) error {
+	link, err := os.Readlink(source)
+	if err != nil {
+		return err
+	}
+	return os.Symlink(link, dest)
+}
+
+func copyFile(source, dest string) error {
+	content, err := ioutil.ReadFile(source)
+	if err != nil {
+		return err
+	}
+	return ioutil.WriteFile(dest, content, 0644)
+}
+
+// WithSymlink creates a symlink in the directory which links to target.
+// Target must be a path relative to the directory.
+//
+// Note: the argument order is the inverse of os.Symlink to be consistent with
+// the other functions in this package.
+func WithSymlink(path, target string) PathOp {
+	return func(root Path) error {
+		if v, ok := root.(manifestDirectory); ok {
+			return v.AddSymlink(path, target)
+		}
+		return os.Symlink(filepath.Join(root.Path(), target), filepath.Join(root.Path(), path))
+	}
+}
+
+// WithHardlink creates a link in the directory which links to target.
+// Target must be a path relative to the directory.
+//
+// Note: the argument order is the inverse of os.Link to be consistent with
+// the other functions in this package.
+func WithHardlink(path, target string) PathOp {
+	return func(root Path) error {
+		if _, ok := root.(manifestDirectory); ok {
+			return errors.New("WithHardlink not implemented for manifests")
+		}
+		return os.Link(filepath.Join(root.Path(), target), filepath.Join(root.Path(), path))
+	}
+}
+
+// WithTimestamps sets the access and modification times of the file system object
+// at path.
+func WithTimestamps(atime, mtime time.Time) PathOp {
+	return func(root Path) error {
+		if _, ok := root.(manifestDirectory); ok {
+			return errors.New("WithTimestamp not implemented for manifests")
+		}
+		return os.Chtimes(root.Path(), atime, mtime)
+	}
+}
diff --git a/vendor/gotest.tools/v3/fs/path.go b/vendor/gotest.tools/v3/fs/path.go
new file mode 100644
index 0000000000000..c301b9048963c
--- /dev/null
+++ b/vendor/gotest.tools/v3/fs/path.go
@@ -0,0 +1,199 @@
+package fs
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"os"
+
+	"gotest.tools/v3/assert"
+)
+
+// resourcePath is an adaptor for resources so they can be used as a Path
+// with PathOps.
+type resourcePath struct{}
+
+func (p *resourcePath) Path() string {
+	return "manifest: not a filesystem path"
+}
+
+func (p *resourcePath) Remove() {}
+
+type filePath struct {
+	resourcePath
+	file *file
+}
+
+func (p *filePath) SetContent(content io.ReadCloser) {
+	p.file.content = content
+}
+
+func (p *filePath) SetUID(uid uint32) {
+	p.file.uid = uid
+}
+
+func (p *filePath) SetGID(gid uint32) {
+	p.file.gid = gid
+}
+
+type directoryPath struct {
+	resourcePath
+	directory *directory
+}
+
+func (p *directoryPath) SetUID(uid uint32) {
+	p.directory.uid = uid
+}
+
+func (p *directoryPath) SetGID(gid uint32) {
+	p.directory.gid = gid
+}
+
+func (p *directoryPath) AddSymlink(path, target string) error {
+	p.directory.items[path] = &symlink{
+		resource: newResource(defaultSymlinkMode),
+		target:   target,
+	}
+	return nil
+}
+
+func (p *directoryPath) AddFile(path string, ops ...PathOp) error {
+	newFile := &file{resource: newResource(0)}
+	p.directory.items[path] = newFile
+	exp := &filePath{file: newFile}
+	return applyPathOps(exp, ops)
+}
+
+func (p *directoryPath) AddGlobFiles(glob string, ops ...PathOp) error {
+	newFile := &file{resource: newResource(0)}
+	newFilePath := &filePath{file: newFile}
+	p.directory.filepathGlobs[glob] = newFilePath
+	return applyPathOps(newFilePath, ops)
+}
+
+func (p *directoryPath) AddDirectory(path string, ops ...PathOp) error {
+	newDir := newDirectoryWithDefaults()
+	p.directory.items[path] = newDir
+	exp := &directoryPath{directory: newDir}
+	return applyPathOps(exp, ops)
+}
+
+// Expected returns a Manifest with a directory structured created by ops. The
+// PathOp operations are applied to the manifest as expectations of the
+// filesystem structure and properties.
+func Expected(t assert.TestingT, ops ...PathOp) Manifest {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+
+	newDir := newDirectoryWithDefaults()
+	e := &directoryPath{directory: newDir}
+	assert.NilError(t, applyPathOps(e, ops))
+	return Manifest{root: newDir}
+}
+
+func newDirectoryWithDefaults() *directory {
+	return &directory{
+		resource:      newResource(defaultRootDirMode),
+		items:         make(map[string]dirEntry),
+		filepathGlobs: make(map[string]*filePath),
+	}
+}
+
+func newResource(mode os.FileMode) resource {
+	return resource{
+		mode: mode,
+		uid:  currentUID(),
+		gid:  currentGID(),
+	}
+}
+
+func currentUID() uint32 {
+	return normalizeID(os.Getuid())
+}
+
+func currentGID() uint32 {
+	return normalizeID(os.Getgid())
+}
+
+func normalizeID(id int) uint32 {
+	// ids will be -1 on windows
+	if id < 0 {
+		return 0
+	}
+	return uint32(id)
+}
+
+var anyFileContent = ioutil.NopCloser(bytes.NewReader(nil))
+
+// MatchAnyFileContent is a PathOp that updates a Manifest so that the file
+// at path may contain any content.
+func MatchAnyFileContent(path Path) error {
+	if m, ok := path.(*filePath); ok {
+		m.SetContent(anyFileContent)
+	}
+	return nil
+}
+
+// MatchContentIgnoreCarriageReturn is a PathOp that ignores cariage return
+// discrepancies.
+func MatchContentIgnoreCarriageReturn(path Path) error {
+	if m, ok := path.(*filePath); ok {
+		m.file.ignoreCariageReturn = true
+	}
+	return nil
+}
+
+const anyFile = "*"
+
+// MatchExtraFiles is a PathOp that updates a Manifest to allow a directory
+// to contain unspecified files.
+func MatchExtraFiles(path Path) error {
+	if m, ok := path.(*directoryPath); ok {
+		return m.AddFile(anyFile)
+	}
+	return nil
+}
+
+// CompareResult is the result of comparison.
+//
+// See gotest.tools/assert/cmp.StringResult for a convenient implementation of
+// this interface.
+type CompareResult interface {
+	Success() bool
+	FailureMessage() string
+}
+
+// MatchFileContent is a PathOp that updates a Manifest to use the provided
+// function to determine if a file's content matches the expectation.
+func MatchFileContent(f func([]byte) CompareResult) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(*filePath); ok {
+			m.file.compareContentFunc = f
+		}
+		return nil
+	}
+}
+
+// MatchFilesWithGlob is a PathOp that updates a Manifest to match files using
+// glob pattern, and check them using the ops.
+func MatchFilesWithGlob(glob string, ops ...PathOp) PathOp {
+	return func(path Path) error {
+		if m, ok := path.(*directoryPath); ok {
+			return m.AddGlobFiles(glob, ops...)
+		}
+		return nil
+	}
+}
+
+// anyFileMode is represented by uint32_max
+const anyFileMode os.FileMode = 4294967295
+
+// MatchAnyFileMode is a PathOp that updates a Manifest so that the resource at path
+// will match any file mode.
+func MatchAnyFileMode(path Path) error {
+	if m, ok := path.(manifestResource); ok {
+		m.SetMode(anyFileMode)
+	}
+	return nil
+}
diff --git a/vendor/gotest.tools/v3/fs/report.go b/vendor/gotest.tools/v3/fs/report.go
new file mode 100644
index 0000000000000..0b2d73d977891
--- /dev/null
+++ b/vendor/gotest.tools/v3/fs/report.go
@@ -0,0 +1,277 @@
+package fs
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sort"
+	"strings"
+
+	"gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/internal/format"
+)
+
+// Equal compares a directory to the expected structured described by a manifest
+// and returns success if they match. If they do not match the failure message
+// will contain all the differences between the directory structure and the
+// expected structure defined by the Manifest.
+//
+// Equal is a cmp.Comparison which can be used with assert.Assert().
+func Equal(path string, expected Manifest) cmp.Comparison {
+	return func() cmp.Result {
+		actual, err := manifestFromDir(path)
+		if err != nil {
+			return cmp.ResultFromError(err)
+		}
+		failures := eqDirectory(string(os.PathSeparator), expected.root, actual.root)
+		if len(failures) == 0 {
+			return cmp.ResultSuccess
+		}
+		msg := fmt.Sprintf("directory %s does not match expected:\n", path)
+		return cmp.ResultFailure(msg + formatFailures(failures))
+	}
+}
+
+type failure struct {
+	path     string
+	problems []problem
+}
+
+type problem string
+
+func notEqual(property string, x, y interface{}) problem {
+	return problem(fmt.Sprintf("%s: expected %s got %s", property, x, y))
+}
+
+func errProblem(reason string, err error) problem {
+	return problem(fmt.Sprintf("%s: %s", reason, err))
+}
+
+func existenceProblem(filename, reason string, args ...interface{}) problem {
+	return problem(filename + ": " + fmt.Sprintf(reason, args...))
+}
+
+func eqResource(x, y resource) []problem {
+	var p []problem
+	if x.uid != y.uid {
+		p = append(p, notEqual("uid", x.uid, y.uid))
+	}
+	if x.gid != y.gid {
+		p = append(p, notEqual("gid", x.gid, y.gid))
+	}
+	if x.mode != anyFileMode && x.mode != y.mode {
+		p = append(p, notEqual("mode", x.mode, y.mode))
+	}
+	return p
+}
+
+func removeCarriageReturn(in []byte) []byte {
+	return bytes.Replace(in, []byte("\r\n"), []byte("\n"), -1)
+}
+
+// nolint: gocyclo
+func eqFile(x, y *file) []problem {
+	p := eqResource(x.resource, y.resource)
+
+	switch {
+	case x.content == nil:
+		p = append(p, existenceProblem("content", "expected content is nil"))
+		return p
+	case x.content == anyFileContent:
+		return p
+	case y.content == nil:
+		p = append(p, existenceProblem("content", "actual content is nil"))
+		return p
+	}
+
+	xContent, xErr := ioutil.ReadAll(x.content)
+	defer x.content.Close()
+	yContent, yErr := ioutil.ReadAll(y.content)
+	defer y.content.Close()
+
+	if xErr != nil {
+		p = append(p, errProblem("failed to read expected content", xErr))
+	}
+	if yErr != nil {
+		p = append(p, errProblem("failed to read actual content", xErr))
+	}
+	if xErr != nil || yErr != nil {
+		return p
+	}
+
+	if x.compareContentFunc != nil {
+		r := x.compareContentFunc(yContent)
+		if !r.Success() {
+			p = append(p, existenceProblem("content", r.FailureMessage()))
+		}
+		return p
+	}
+
+	if x.ignoreCariageReturn || y.ignoreCariageReturn {
+		xContent = removeCarriageReturn(xContent)
+		yContent = removeCarriageReturn(yContent)
+	}
+
+	if !bytes.Equal(xContent, yContent) {
+		p = append(p, diffContent(xContent, yContent))
+	}
+	return p
+}
+
+func diffContent(x, y []byte) problem {
+	diff := format.UnifiedDiff(format.DiffConfig{
+		A:    string(x),
+		B:    string(y),
+		From: "expected",
+		To:   "actual",
+	})
+	// Remove the trailing newline in the diff. A trailing newline is always
+	// added to a problem by formatFailures.
+	diff = strings.TrimSuffix(diff, "\n")
+	return problem("content:\n" + indent(diff, "    "))
+}
+
+func indent(s, prefix string) string {
+	buf := new(bytes.Buffer)
+	lines := strings.SplitAfter(s, "\n")
+	for _, line := range lines {
+		buf.WriteString(prefix + line)
+	}
+	return buf.String()
+}
+
+func eqSymlink(x, y *symlink) []problem {
+	p := eqResource(x.resource, y.resource)
+	xTarget := x.target
+	yTarget := y.target
+	if runtime.GOOS == "windows" {
+		xTarget = strings.ToLower(xTarget)
+		yTarget = strings.ToLower(yTarget)
+	}
+	if xTarget != yTarget {
+		p = append(p, notEqual("target", x.target, y.target))
+	}
+	return p
+}
+
+func eqDirectory(path string, x, y *directory) []failure {
+	p := eqResource(x.resource, y.resource)
+	var f []failure // nolint: prealloc
+	matchedFiles := make(map[string]bool)
+
+	for _, name := range sortedKeys(x.items) {
+		if name == anyFile {
+			continue
+		}
+		matchedFiles[name] = true
+		xEntry := x.items[name]
+		yEntry, ok := y.items[name]
+		if !ok {
+			p = append(p, existenceProblem(name, "expected %s to exist", xEntry.Type()))
+			continue
+		}
+
+		if xEntry.Type() != yEntry.Type() {
+			p = append(p, notEqual(name, xEntry.Type(), yEntry.Type()))
+			continue
+		}
+
+		f = append(f, eqEntry(filepath.Join(path, name), xEntry, yEntry)...)
+	}
+
+	if len(x.filepathGlobs) != 0 {
+		for _, name := range sortedKeys(y.items) {
+			m := matchGlob(name, y.items[name], x.filepathGlobs)
+			matchedFiles[name] = m.match
+			f = append(f, m.failures...)
+		}
+	}
+
+	if _, ok := x.items[anyFile]; ok {
+		return maybeAppendFailure(f, path, p)
+	}
+	for _, name := range sortedKeys(y.items) {
+		if !matchedFiles[name] {
+			p = append(p, existenceProblem(name, "unexpected %s", y.items[name].Type()))
+		}
+	}
+	return maybeAppendFailure(f, path, p)
+}
+
+func maybeAppendFailure(failures []failure, path string, problems []problem) []failure {
+	if len(problems) > 0 {
+		return append(failures, failure{path: path, problems: problems})
+	}
+	return failures
+}
+
+func sortedKeys(items map[string]dirEntry) []string {
+	keys := make([]string, 0, len(items))
+	for key := range items {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+	return keys
+}
+
+// eqEntry assumes x and y to be the same type
+func eqEntry(path string, x, y dirEntry) []failure {
+	resp := func(problems []problem) []failure {
+		if len(problems) == 0 {
+			return nil
+		}
+		return []failure{{path: path, problems: problems}}
+	}
+
+	switch typed := x.(type) {
+	case *file:
+		return resp(eqFile(typed, y.(*file)))
+	case *symlink:
+		return resp(eqSymlink(typed, y.(*symlink)))
+	case *directory:
+		return eqDirectory(path, typed, y.(*directory))
+	}
+	return nil
+}
+
+type globMatch struct {
+	match    bool
+	failures []failure
+}
+
+func matchGlob(name string, yEntry dirEntry, globs map[string]*filePath) globMatch {
+	m := globMatch{}
+
+	for glob, expectedFile := range globs {
+		ok, err := filepath.Match(glob, name)
+		if err != nil {
+			p := errProblem("failed to match glob pattern", err)
+			f := failure{path: name, problems: []problem{p}}
+			m.failures = append(m.failures, f)
+		}
+		if ok {
+			m.match = true
+			m.failures = eqEntry(name, expectedFile.file, yEntry)
+			return m
+		}
+	}
+	return m
+}
+
+func formatFailures(failures []failure) string {
+	sort.Slice(failures, func(i, j int) bool {
+		return failures[i].path < failures[j].path
+	})
+
+	buf := new(bytes.Buffer)
+	for _, failure := range failures {
+		buf.WriteString(failure.path + "\n")
+		for _, problem := range failure.problems {
+			buf.WriteString("  " + string(problem) + "\n")
+		}
+	}
+	return buf.String()
+}
diff --git a/vendor/gotest.tools/v3/go.mod b/vendor/gotest.tools/v3/go.mod
new file mode 100644
index 0000000000000..3e281891b78ba
--- /dev/null
+++ b/vendor/gotest.tools/v3/go.mod
@@ -0,0 +1,10 @@
+module gotest.tools/v3
+
+require (
+	github.com/google/go-cmp v0.4.0
+	github.com/pkg/errors v0.8.1
+	github.com/spf13/pflag v1.0.3
+	golang.org/x/tools v0.0.0-20190624222133-a101b041ded4
+)
+
+go 1.11
diff --git a/vendor/gotest.tools/icmd/command.go b/vendor/gotest.tools/v3/icmd/command.go
similarity index 93%
rename from vendor/gotest.tools/icmd/command.go
rename to vendor/gotest.tools/v3/icmd/command.go
index 901895991a956..3f0c64893a2d0 100644
--- a/vendor/gotest.tools/icmd/command.go
+++ b/vendor/gotest.tools/v3/icmd/command.go
@@ -1,18 +1,19 @@
 /*Package icmd executes binaries and provides convenient assertions for testing the results.
  */
-package icmd // import "gotest.tools/icmd"
+package icmd // import "gotest.tools/v3/icmd"
 
 import (
 	"bytes"
 	"fmt"
 	"io"
+	"os"
 	"os/exec"
 	"strings"
 	"sync"
 	"time"
 
-	"gotest.tools/assert"
-	"gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
 )
 
 type helperT interface {
@@ -132,18 +133,21 @@ func (r *Result) String() string {
 	if r.Timeout {
 		timeout = " (timeout)"
 	}
+	var errString string
+	if r.Error != nil {
+		errString = "\nError:    " + r.Error.Error()
+	}
 
 	return fmt.Sprintf(`
 Command:  %s
-ExitCode: %d%s
-Error:    %v
+ExitCode: %d%s%s
 Stdout:   %v
 Stderr:   %v
 `,
 		strings.Join(r.Cmd.Args, " "),
 		r.ExitCode,
 		timeout,
-		r.Error,
+		errString,
 		r.Stdout(),
 		r.Stderr())
 }
@@ -188,12 +192,13 @@ func (r *Result) setExitError(err error) {
 // Cmd contains the arguments and options for a process to run as part of a test
 // suite.
 type Cmd struct {
-	Command []string
-	Timeout time.Duration
-	Stdin   io.Reader
-	Stdout  io.Writer
-	Dir     string
-	Env     []string
+	Command    []string
+	Timeout    time.Duration
+	Stdin      io.Reader
+	Stdout     io.Writer
+	Dir        string
+	Env        []string
+	ExtraFiles []*os.File
 }
 
 // Command create a simple Cmd with the specified command and arguments
@@ -249,6 +254,8 @@ func buildCmd(cmd Cmd) *Result {
 		execCmd.Stdout = outBuffer
 	}
 	execCmd.Stderr = errBuffer
+	execCmd.ExtraFiles = cmd.ExtraFiles
+
 	return &Result{
 		Cmd:       execCmd,
 		outBuffer: outBuffer,
diff --git a/vendor/gotest.tools/icmd/exitcode.go b/vendor/gotest.tools/v3/icmd/exitcode.go
similarity index 100%
rename from vendor/gotest.tools/icmd/exitcode.go
rename to vendor/gotest.tools/v3/icmd/exitcode.go
diff --git a/vendor/gotest.tools/v3/icmd/ops.go b/vendor/gotest.tools/v3/icmd/ops.go
new file mode 100644
index 0000000000000..35c3958d52bb3
--- /dev/null
+++ b/vendor/gotest.tools/v3/icmd/ops.go
@@ -0,0 +1,46 @@
+package icmd
+
+import (
+	"io"
+	"os"
+	"time"
+)
+
+// CmdOp is an operation which modified a Cmd structure used to execute commands
+type CmdOp func(*Cmd)
+
+// WithTimeout sets the timeout duration of the command
+func WithTimeout(timeout time.Duration) CmdOp {
+	return func(c *Cmd) {
+		c.Timeout = timeout
+	}
+}
+
+// WithEnv sets the environment variable of the command.
+// Each arguments are in the form of KEY=VALUE
+func WithEnv(env ...string) CmdOp {
+	return func(c *Cmd) {
+		c.Env = env
+	}
+}
+
+// Dir sets the working directory of the command
+func Dir(path string) CmdOp {
+	return func(c *Cmd) {
+		c.Dir = path
+	}
+}
+
+// WithStdin sets the standard input of the command to the specified reader
+func WithStdin(r io.Reader) CmdOp {
+	return func(c *Cmd) {
+		c.Stdin = r
+	}
+}
+
+// WithExtraFile adds a file descriptor to the command
+func WithExtraFile(f *os.File) CmdOp {
+	return func(c *Cmd) {
+		c.ExtraFiles = append(c.ExtraFiles, f)
+	}
+}
diff --git a/vendor/gotest.tools/v3/internal/assert/assert.go b/vendor/gotest.tools/v3/internal/assert/assert.go
new file mode 100644
index 0000000000000..8dc01f4b5e080
--- /dev/null
+++ b/vendor/gotest.tools/v3/internal/assert/assert.go
@@ -0,0 +1,143 @@
+package assert
+
+import (
+	"fmt"
+	"go/ast"
+	"go/token"
+	"reflect"
+
+	"gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/internal/format"
+	"gotest.tools/v3/internal/source"
+)
+
+// LogT is the subset of testing.T used by the assert package.
+type LogT interface {
+	Log(args ...interface{})
+}
+
+type helperT interface {
+	Helper()
+}
+
+const failureMessage = "assertion failed: "
+
+// Eval the comparison and print a failure messages if the comparison has failed.
+// nolint: gocyclo
+func Eval(
+	t LogT,
+	argSelector argSelector,
+	comparison interface{},
+	msgAndArgs ...interface{},
+) bool {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	var success bool
+	switch check := comparison.(type) {
+	case bool:
+		if check {
+			return true
+		}
+		logFailureFromBool(t, msgAndArgs...)
+
+	// Undocumented legacy comparison without Result type
+	case func() (success bool, message string):
+		success = runCompareFunc(t, check, msgAndArgs...)
+
+	case nil:
+		return true
+
+	case error:
+		msg := failureMsgFromError(check)
+		t.Log(format.WithCustomMessage(failureMessage+msg, msgAndArgs...))
+
+	case cmp.Comparison:
+		success = RunComparison(t, argSelector, check, msgAndArgs...)
+
+	case func() cmp.Result:
+		success = RunComparison(t, argSelector, check, msgAndArgs...)
+
+	default:
+		t.Log(fmt.Sprintf("invalid Comparison: %v (%T)", check, check))
+	}
+	return success
+}
+
+func runCompareFunc(
+	t LogT,
+	f func() (success bool, message string),
+	msgAndArgs ...interface{},
+) bool {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if success, message := f(); !success {
+		t.Log(format.WithCustomMessage(failureMessage+message, msgAndArgs...))
+		return false
+	}
+	return true
+}
+
+func logFailureFromBool(t LogT, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	const stackIndex = 3 // Assert()/Check(), assert(), logFailureFromBool()
+	args, err := source.CallExprArgs(stackIndex)
+	if err != nil {
+		t.Log(err.Error())
+		return
+	}
+
+	const comparisonArgIndex = 1 // Assert(t, comparison)
+	if len(args) <= comparisonArgIndex {
+		t.Log(failureMessage + "but assert failed to find the expression to print")
+		return
+	}
+
+	msg, err := boolFailureMessage(args[comparisonArgIndex])
+	if err != nil {
+		t.Log(err.Error())
+		msg = "expression is false"
+	}
+
+	t.Log(format.WithCustomMessage(failureMessage+msg, msgAndArgs...))
+}
+
+func failureMsgFromError(err error) string {
+	// Handle errors with non-nil types
+	v := reflect.ValueOf(err)
+	if v.Kind() == reflect.Ptr && v.IsNil() {
+		return fmt.Sprintf("error is not nil: error has type %T", err)
+	}
+	return "error is not nil: " + err.Error()
+}
+
+func boolFailureMessage(expr ast.Expr) (string, error) {
+	if binaryExpr, ok := expr.(*ast.BinaryExpr); ok && binaryExpr.Op == token.NEQ {
+		x, err := source.FormatNode(binaryExpr.X)
+		if err != nil {
+			return "", err
+		}
+		y, err := source.FormatNode(binaryExpr.Y)
+		if err != nil {
+			return "", err
+		}
+		return x + " is " + y, nil
+	}
+
+	if unaryExpr, ok := expr.(*ast.UnaryExpr); ok && unaryExpr.Op == token.NOT {
+		x, err := source.FormatNode(unaryExpr.X)
+		if err != nil {
+			return "", err
+		}
+		return x + " is true", nil
+	}
+
+	formatted, err := source.FormatNode(expr)
+	if err != nil {
+		return "", err
+	}
+	return "expression is false: " + formatted, nil
+}
diff --git a/vendor/gotest.tools/v3/internal/assert/result.go b/vendor/gotest.tools/v3/internal/assert/result.go
new file mode 100644
index 0000000000000..20cd54129ed3f
--- /dev/null
+++ b/vendor/gotest.tools/v3/internal/assert/result.go
@@ -0,0 +1,125 @@
+package assert
+
+import (
+	"fmt"
+	"go/ast"
+
+	"gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/internal/format"
+	"gotest.tools/v3/internal/source"
+)
+
+// RunComparison and return Comparison.Success. If the comparison fails a messages
+// will be printed using t.Log.
+func RunComparison(
+	t LogT,
+	argSelector argSelector,
+	f cmp.Comparison,
+	msgAndArgs ...interface{},
+) bool {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	result := f()
+	if result.Success() {
+		return true
+	}
+
+	var message string
+	switch typed := result.(type) {
+	case resultWithComparisonArgs:
+		const stackIndex = 3 // Assert/Check, assert, RunComparison
+		args, err := source.CallExprArgs(stackIndex)
+		if err != nil {
+			t.Log(err.Error())
+		}
+		message = typed.FailureMessage(filterPrintableExpr(argSelector(args)))
+	case resultBasic:
+		message = typed.FailureMessage()
+	default:
+		message = fmt.Sprintf("comparison returned invalid Result type: %T", result)
+	}
+
+	t.Log(format.WithCustomMessage(failureMessage+message, msgAndArgs...))
+	return false
+}
+
+type resultWithComparisonArgs interface {
+	FailureMessage(args []ast.Expr) string
+}
+
+type resultBasic interface {
+	FailureMessage() string
+}
+
+// filterPrintableExpr filters the ast.Expr slice to only include Expr that are
+// easy to read when printed and contain relevant information to an assertion.
+//
+// Ident and SelectorExpr are included because they print nicely and the variable
+// names may provide additional context to their values.
+// BasicLit and CompositeLit are excluded because their source is equivalent to
+// their value, which is already available.
+// Other types are ignored for now, but could be added if they are relevant.
+func filterPrintableExpr(args []ast.Expr) []ast.Expr {
+	result := make([]ast.Expr, len(args))
+	for i, arg := range args {
+		if isShortPrintableExpr(arg) {
+			result[i] = arg
+			continue
+		}
+
+		if starExpr, ok := arg.(*ast.StarExpr); ok {
+			result[i] = starExpr.X
+			continue
+		}
+	}
+	return result
+}
+
+func isShortPrintableExpr(expr ast.Expr) bool {
+	switch expr.(type) {
+	case *ast.Ident, *ast.SelectorExpr, *ast.IndexExpr, *ast.SliceExpr:
+		return true
+	case *ast.BinaryExpr, *ast.UnaryExpr:
+		return true
+	default:
+		// CallExpr, ParenExpr, TypeAssertExpr, KeyValueExpr, StarExpr
+		return false
+	}
+}
+
+type argSelector func([]ast.Expr) []ast.Expr
+
+// ArgsAfterT selects args starting at position 1. Used when the caller has a
+// testing.T as the first argument, and the args to select should follow it.
+func ArgsAfterT(args []ast.Expr) []ast.Expr {
+	if len(args) < 1 {
+		return nil
+	}
+	return args[1:]
+}
+
+// ArgsFromComparisonCall selects args from the CallExpression at position 1.
+// Used when the caller has a testing.T as the first argument, and the args to
+// select are passed to the cmp.Comparison at position 1.
+func ArgsFromComparisonCall(args []ast.Expr) []ast.Expr {
+	if len(args) <= 1 {
+		return nil
+	}
+	if callExpr, ok := args[1].(*ast.CallExpr); ok {
+		return callExpr.Args
+	}
+	return nil
+}
+
+// ArgsAtZeroIndex selects args from the CallExpression at position 1.
+// Used when the caller accepts a single cmp.Comparison argument.
+func ArgsAtZeroIndex(args []ast.Expr) []ast.Expr {
+	if len(args) == 0 {
+		return nil
+	}
+	if callExpr, ok := args[0].(*ast.CallExpr); ok {
+		return callExpr.Args
+	}
+	return nil
+}
diff --git a/vendor/gotest.tools/v3/internal/cleanup/cleanup.go b/vendor/gotest.tools/v3/internal/cleanup/cleanup.go
new file mode 100644
index 0000000000000..58206e57fa5e2
--- /dev/null
+++ b/vendor/gotest.tools/v3/internal/cleanup/cleanup.go
@@ -0,0 +1,48 @@
+/*Package cleanup handles migration to and support for the Go 1.14+
+testing.TB.Cleanup() function.
+*/
+package cleanup
+
+import (
+	"os"
+	"strings"
+)
+
+type cleanupT interface {
+	Cleanup(f func())
+}
+
+// implemented by gotest.tools/x/subtest.TestContext
+type addCleanupT interface {
+	AddCleanup(f func())
+}
+
+type logT interface {
+	Log(...interface{})
+}
+
+type helperT interface {
+	Helper()
+}
+
+var noCleanup = strings.ToLower(os.Getenv("TEST_NOCLEANUP")) == "true"
+
+// Cleanup registers f as a cleanup function on t if any mechanisms are available.
+//
+// Skips registering f if TEST_NOCLEANUP is set to true.
+func Cleanup(t logT, f func()) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if noCleanup {
+		t.Log("skipping cleanup because TEST_NOCLEANUP was enabled.")
+		return
+	}
+	if ct, ok := t.(cleanupT); ok {
+		ct.Cleanup(f)
+		return
+	}
+	if tc, ok := t.(addCleanupT); ok {
+		tc.AddCleanup(f)
+	}
+}
diff --git a/vendor/gotest.tools/internal/difflib/LICENSE b/vendor/gotest.tools/v3/internal/difflib/LICENSE
similarity index 100%
rename from vendor/gotest.tools/internal/difflib/LICENSE
rename to vendor/gotest.tools/v3/internal/difflib/LICENSE
diff --git a/vendor/gotest.tools/internal/difflib/difflib.go b/vendor/gotest.tools/v3/internal/difflib/difflib.go
similarity index 93%
rename from vendor/gotest.tools/internal/difflib/difflib.go
rename to vendor/gotest.tools/v3/internal/difflib/difflib.go
index 5efa99c1d4615..9bf506b6be0e1 100644
--- a/vendor/gotest.tools/internal/difflib/difflib.go
+++ b/vendor/gotest.tools/v3/internal/difflib/difflib.go
@@ -1,10 +1,10 @@
-/* Package difflib is a partial port of Python difflib module.
+/*Package difflib is a partial port of Python difflib module.
 
 Original source: https://github.com/pmezard/go-difflib
 
 This file is trimmed to only the parts used by this repository.
 */
-package difflib // import "gotest.tools/internal/difflib"
+package difflib // import "gotest.tools/v3/internal/difflib"
 
 func min(a, b int) int {
 	if a < b {
@@ -20,12 +20,14 @@ func max(a, b int) int {
 	return b
 }
 
+// Match stores line numbers of size of match
 type Match struct {
 	A    int
 	B    int
 	Size int
 }
 
+// OpCode identifies the type of diff
 type OpCode struct {
 	Tag byte
 	I1  int
@@ -73,19 +75,20 @@ type SequenceMatcher struct {
 	opCodes        []OpCode
 }
 
+// NewMatcher returns a new SequenceMatcher
 func NewMatcher(a, b []string) *SequenceMatcher {
 	m := SequenceMatcher{autoJunk: true}
 	m.SetSeqs(a, b)
 	return &m
 }
 
-// Set two sequences to be compared.
+// SetSeqs sets two sequences to be compared.
 func (m *SequenceMatcher) SetSeqs(a, b []string) {
 	m.SetSeq1(a)
 	m.SetSeq2(b)
 }
 
-// Set the first sequence to be compared. The second sequence to be compared is
+// SetSeq1 sets the first sequence to be compared. The second sequence to be compared is
 // not changed.
 //
 // SequenceMatcher computes and caches detailed information about the second
@@ -103,7 +106,7 @@ func (m *SequenceMatcher) SetSeq1(a []string) {
 	m.opCodes = nil
 }
 
-// Set the second sequence to be compared. The first sequence to be compared is
+// SetSeq2 sets the second sequence to be compared. The first sequence to be compared is
 // not changed.
 func (m *SequenceMatcher) SetSeq2(b []string) {
 	if &b == &m.b {
@@ -129,12 +132,12 @@ func (m *SequenceMatcher) chainB() {
 	m.bJunk = map[string]struct{}{}
 	if m.IsJunk != nil {
 		junk := m.bJunk
-		for s, _ := range b2j {
+		for s := range b2j {
 			if m.IsJunk(s) {
 				junk[s] = struct{}{}
 			}
 		}
-		for s, _ := range junk {
+		for s := range junk {
 			delete(b2j, s)
 		}
 	}
@@ -149,7 +152,7 @@ func (m *SequenceMatcher) chainB() {
 				popular[s] = struct{}{}
 			}
 		}
-		for s, _ := range popular {
+		for s := range popular {
 			delete(b2j, s)
 		}
 	}
@@ -259,7 +262,7 @@ func (m *SequenceMatcher) findLongestMatch(alo, ahi, blo, bhi int) Match {
 	return Match{A: besti, B: bestj, Size: bestsize}
 }
 
-// Return list of triples describing matching subsequences.
+// GetMatchingBlocks returns a list of triples describing matching subsequences.
 //
 // Each triple is of the form (i, j, n), and means that
 // a[i:i+n] == b[j:j+n].  The triples are monotonically increasing in
@@ -323,7 +326,7 @@ func (m *SequenceMatcher) GetMatchingBlocks() []Match {
 	return m.matchingBlocks
 }
 
-// Return list of 5-tuples describing how to turn a into b.
+// GetOpCodes returns a list of 5-tuples describing how to turn a into b.
 //
 // Each tuple is of the form (tag, i1, i2, j1, j2).  The first tuple
 // has i1 == j1 == 0, and remaining tuples have i1 == the i2 from the
@@ -374,7 +377,7 @@ func (m *SequenceMatcher) GetOpCodes() []OpCode {
 	return m.opCodes
 }
 
-// Isolate change clusters by eliminating ranges with no changes.
+// GetGroupedOpCodes isolates change clusters by eliminating ranges with no changes.
 //
 // Return a generator of groups with up to n lines of context.
 // Each group is in the same format as returned by GetOpCodes().
@@ -384,7 +387,7 @@ func (m *SequenceMatcher) GetGroupedOpCodes(n int) [][]OpCode {
 	}
 	codes := m.GetOpCodes()
 	if len(codes) == 0 {
-		codes = []OpCode{OpCode{'e', 0, 1, 0, 1}}
+		codes = []OpCode{{'e', 0, 1, 0, 1}}
 	}
 	// Fixup leading and trailing groups if they show no changes.
 	if codes[0].Tag == 'e' {
diff --git a/vendor/gotest.tools/internal/format/diff.go b/vendor/gotest.tools/v3/internal/format/diff.go
similarity index 99%
rename from vendor/gotest.tools/internal/format/diff.go
rename to vendor/gotest.tools/v3/internal/format/diff.go
index c938c97bec147..9897d4b9d9e5d 100644
--- a/vendor/gotest.tools/internal/format/diff.go
+++ b/vendor/gotest.tools/v3/internal/format/diff.go
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"unicode"
 
-	"gotest.tools/internal/difflib"
+	"gotest.tools/v3/internal/difflib"
 )
 
 const (
diff --git a/vendor/gotest.tools/v3/internal/format/format.go b/vendor/gotest.tools/v3/internal/format/format.go
new file mode 100644
index 0000000000000..5097e4bd6eb5d
--- /dev/null
+++ b/vendor/gotest.tools/v3/internal/format/format.go
@@ -0,0 +1,27 @@
+package format // import "gotest.tools/v3/internal/format"
+
+import "fmt"
+
+// Message accepts a msgAndArgs varargs and formats it using fmt.Sprintf
+func Message(msgAndArgs ...interface{}) string {
+	switch len(msgAndArgs) {
+	case 0:
+		return ""
+	case 1:
+		return fmt.Sprintf("%v", msgAndArgs[0])
+	default:
+		return fmt.Sprintf(msgAndArgs[0].(string), msgAndArgs[1:]...)
+	}
+}
+
+// WithCustomMessage accepts one or two messages and formats them appropriately
+func WithCustomMessage(source string, msgAndArgs ...interface{}) string {
+	custom := Message(msgAndArgs...)
+	switch {
+	case custom == "":
+		return source
+	case source == "":
+		return custom
+	}
+	return fmt.Sprintf("%s: %s", source, custom)
+}
diff --git a/vendor/gotest.tools/v3/internal/source/defers.go b/vendor/gotest.tools/v3/internal/source/defers.go
new file mode 100644
index 0000000000000..66cfafbb648ac
--- /dev/null
+++ b/vendor/gotest.tools/v3/internal/source/defers.go
@@ -0,0 +1,53 @@
+package source
+
+import (
+	"go/ast"
+	"go/token"
+
+	"github.com/pkg/errors"
+)
+
+func scanToDeferLine(fileset *token.FileSet, node ast.Node, lineNum int) ast.Node {
+	var matchedNode ast.Node
+	ast.Inspect(node, func(node ast.Node) bool {
+		switch {
+		case node == nil || matchedNode != nil:
+			return false
+		case fileset.Position(node.End()).Line == lineNum:
+			if funcLit, ok := node.(*ast.FuncLit); ok {
+				matchedNode = funcLit
+				return false
+			}
+		}
+		return true
+	})
+	debug("defer line node: %s", debugFormatNode{matchedNode})
+	return matchedNode
+}
+
+func guessDefer(node ast.Node) (ast.Node, error) {
+	defers := collectDefers(node)
+	switch len(defers) {
+	case 0:
+		return nil, errors.New("failed to expression in defer")
+	case 1:
+		return defers[0].Call, nil
+	default:
+		return nil, errors.Errorf(
+			"ambiguous call expression: multiple (%d) defers in call block",
+			len(defers))
+	}
+}
+
+func collectDefers(node ast.Node) []*ast.DeferStmt {
+	var defers []*ast.DeferStmt
+	ast.Inspect(node, func(node ast.Node) bool {
+		if d, ok := node.(*ast.DeferStmt); ok {
+			defers = append(defers, d)
+			debug("defer: %s", debugFormatNode{d})
+			return false
+		}
+		return true
+	})
+	return defers
+}
diff --git a/vendor/gotest.tools/v3/internal/source/source.go b/vendor/gotest.tools/v3/internal/source/source.go
new file mode 100644
index 0000000000000..c2eef03373752
--- /dev/null
+++ b/vendor/gotest.tools/v3/internal/source/source.go
@@ -0,0 +1,181 @@
+package source // import "gotest.tools/v3/internal/source"
+
+import (
+	"bytes"
+	"fmt"
+	"go/ast"
+	"go/format"
+	"go/parser"
+	"go/token"
+	"os"
+	"runtime"
+	"strconv"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+const baseStackIndex = 1
+
+// FormattedCallExprArg returns the argument from an ast.CallExpr at the
+// index in the call stack. The argument is formatted using FormatNode.
+func FormattedCallExprArg(stackIndex int, argPos int) (string, error) {
+	args, err := CallExprArgs(stackIndex + 1)
+	if err != nil {
+		return "", err
+	}
+	if argPos >= len(args) {
+		return "", errors.New("failed to find expression")
+	}
+	return FormatNode(args[argPos])
+}
+
+// CallExprArgs returns the ast.Expr slice for the args of an ast.CallExpr at
+// the index in the call stack.
+func CallExprArgs(stackIndex int) ([]ast.Expr, error) {
+	_, filename, lineNum, ok := runtime.Caller(baseStackIndex + stackIndex)
+	if !ok {
+		return nil, errors.New("failed to get call stack")
+	}
+	debug("call stack position: %s:%d", filename, lineNum)
+
+	node, err := getNodeAtLine(filename, lineNum)
+	if err != nil {
+		return nil, err
+	}
+	debug("found node: %s", debugFormatNode{node})
+
+	return getCallExprArgs(node)
+}
+
+func getNodeAtLine(filename string, lineNum int) (ast.Node, error) {
+	fileset := token.NewFileSet()
+	astFile, err := parser.ParseFile(fileset, filename, nil, parser.AllErrors)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to parse source file: %s", filename)
+	}
+
+	if node := scanToLine(fileset, astFile, lineNum); node != nil {
+		return node, nil
+	}
+	if node := scanToDeferLine(fileset, astFile, lineNum); node != nil {
+		node, err := guessDefer(node)
+		if err != nil || node != nil {
+			return node, err
+		}
+	}
+	return nil, errors.Errorf(
+		"failed to find an expression on line %d in %s", lineNum, filename)
+}
+
+func scanToLine(fileset *token.FileSet, node ast.Node, lineNum int) ast.Node {
+	var matchedNode ast.Node
+	ast.Inspect(node, func(node ast.Node) bool {
+		switch {
+		case node == nil || matchedNode != nil:
+			return false
+		case nodePosition(fileset, node).Line == lineNum:
+			matchedNode = node
+			return false
+		}
+		return true
+	})
+	return matchedNode
+}
+
+// In golang 1.9 the line number changed from being the line where the statement
+// ended to the line where the statement began.
+func nodePosition(fileset *token.FileSet, node ast.Node) token.Position {
+	if goVersionBefore19 {
+		return fileset.Position(node.End())
+	}
+	return fileset.Position(node.Pos())
+}
+
+// GoVersionLessThan returns true if runtime.Version() is semantically less than
+// version major.minor. Returns false if a release version can not be parsed from
+// runtime.Version().
+func GoVersionLessThan(major, minor int64) bool {
+	version := runtime.Version()
+	// not a release version
+	if !strings.HasPrefix(version, "go") {
+		return false
+	}
+	version = strings.TrimPrefix(version, "go")
+	parts := strings.Split(version, ".")
+	if len(parts) < 2 {
+		return false
+	}
+	rMajor, err := strconv.ParseInt(parts[0], 10, 32)
+	if err != nil {
+		return false
+	}
+	if rMajor != major {
+		return rMajor < major
+	}
+	rMinor, err := strconv.ParseInt(parts[1], 10, 32)
+	if err != nil {
+		return false
+	}
+	return rMinor < minor
+}
+
+var goVersionBefore19 = GoVersionLessThan(1, 9)
+
+func getCallExprArgs(node ast.Node) ([]ast.Expr, error) {
+	visitor := &callExprVisitor{}
+	ast.Walk(visitor, node)
+	if visitor.expr == nil {
+		return nil, errors.New("failed to find call expression")
+	}
+	debug("callExpr: %s", debugFormatNode{visitor.expr})
+	return visitor.expr.Args, nil
+}
+
+type callExprVisitor struct {
+	expr *ast.CallExpr
+}
+
+func (v *callExprVisitor) Visit(node ast.Node) ast.Visitor {
+	if v.expr != nil || node == nil {
+		return nil
+	}
+	debug("visit: %s", debugFormatNode{node})
+
+	switch typed := node.(type) {
+	case *ast.CallExpr:
+		v.expr = typed
+		return nil
+	case *ast.DeferStmt:
+		ast.Walk(v, typed.Call.Fun)
+		return nil
+	}
+	return v
+}
+
+// FormatNode using go/format.Node and return the result as a string
+func FormatNode(node ast.Node) (string, error) {
+	buf := new(bytes.Buffer)
+	err := format.Node(buf, token.NewFileSet(), node)
+	return buf.String(), err
+}
+
+var debugEnabled = os.Getenv("GOTESTTOOLS_DEBUG") != ""
+
+func debug(format string, args ...interface{}) {
+	if debugEnabled {
+		fmt.Fprintf(os.Stderr, "DEBUG: "+format+"\n", args...)
+	}
+}
+
+type debugFormatNode struct {
+	ast.Node
+}
+
+func (n debugFormatNode) String() string {
+	out, err := FormatNode(n.Node)
+	if err != nil {
+		return fmt.Sprintf("failed to format %s: %s", n.Node, err)
+	}
+	return fmt.Sprintf("(%T) %s", n.Node, out)
+}
diff --git a/vendor/gotest.tools/v3/poll/check.go b/vendor/gotest.tools/v3/poll/check.go
new file mode 100644
index 0000000000000..060b0998906b2
--- /dev/null
+++ b/vendor/gotest.tools/v3/poll/check.go
@@ -0,0 +1,39 @@
+package poll
+
+import (
+	"net"
+	"os"
+)
+
+// Check is a function which will be used as check for the WaitOn method.
+type Check func(t LogT) Result
+
+// FileExists looks on filesystem and check that path exists.
+func FileExists(path string) Check {
+	return func(t LogT) Result {
+		_, err := os.Stat(path)
+		if os.IsNotExist(err) {
+			t.Logf("waiting on file %s to exist", path)
+			return Continue("file %s does not exist", path)
+		}
+		if err != nil {
+			return Error(err)
+		}
+
+		return Success()
+	}
+}
+
+// Connection try to open a connection to the address on the
+// named network. See net.Dial for a description of the network and
+// address parameters.
+func Connection(network, address string) Check {
+	return func(t LogT) Result {
+		_, err := net.Dial(network, address)
+		if err != nil {
+			t.Logf("waiting on socket %s://%s to be available...", network, address)
+			return Continue("socket %s://%s not available", network, address)
+		}
+		return Success()
+	}
+}
diff --git a/vendor/gotest.tools/poll/poll.go b/vendor/gotest.tools/v3/poll/poll.go
similarity index 79%
rename from vendor/gotest.tools/poll/poll.go
rename to vendor/gotest.tools/v3/poll/poll.go
index 3e3dd7f58a37d..29c5b40e187fd 100644
--- a/vendor/gotest.tools/poll/poll.go
+++ b/vendor/gotest.tools/v3/poll/poll.go
@@ -1,10 +1,14 @@
 /*Package poll provides tools for testing asynchronous code.
  */
-package poll // import "gotest.tools/poll"
+package poll // import "gotest.tools/v3/poll"
 
 import (
 	"fmt"
+	"strings"
 	"time"
+
+	"gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/internal/assert"
 )
 
 // TestingT is the subset of testing.T used by WaitOn
@@ -104,7 +108,7 @@ func Error(err error) Result {
 // WaitOn a condition or until a timeout. Poll by calling check and exit when
 // check returns a done Result. To fail a test and exit polling with an error
 // return a error result.
-func WaitOn(t TestingT, check func(t LogT) Result, pollOps ...SettingOp) {
+func WaitOn(t TestingT, check Check, pollOps ...SettingOp) {
 	if ht, ok := t.(helperT); ok {
 		ht.Helper()
 	}
@@ -138,3 +142,30 @@ func WaitOn(t TestingT, check func(t LogT) Result, pollOps ...SettingOp) {
 		}
 	}
 }
+
+// Compare values using the cmp.Comparison. If the comparison fails return a
+// result which indicates to WaitOn that it should continue waiting.
+// If the comparison is successful then WaitOn stops polling.
+func Compare(compare cmp.Comparison) Result {
+	buf := new(logBuffer)
+	if assert.RunComparison(buf, assert.ArgsAtZeroIndex, compare) {
+		return Success()
+	}
+	return Continue(buf.String())
+}
+
+type logBuffer struct {
+	log [][]interface{}
+}
+
+func (c *logBuffer) Log(args ...interface{}) {
+	c.log = append(c.log, args)
+}
+
+func (c *logBuffer) String() string {
+	b := new(strings.Builder)
+	for _, item := range c.log {
+		b.WriteString(fmt.Sprint(item...) + " ")
+	}
+	return b.String()
+}
diff --git a/vendor/gotest.tools/v3/skip/skip.go b/vendor/gotest.tools/v3/skip/skip.go
new file mode 100644
index 0000000000000..cb899f78b177d
--- /dev/null
+++ b/vendor/gotest.tools/v3/skip/skip.go
@@ -0,0 +1,89 @@
+/*Package skip provides functions for skipping a test and printing the source code
+of the condition used to skip the test.
+*/
+package skip // import "gotest.tools/v3/skip"
+
+import (
+	"fmt"
+	"path"
+	"reflect"
+	"runtime"
+	"strings"
+
+	"gotest.tools/v3/internal/format"
+	"gotest.tools/v3/internal/source"
+)
+
+type skipT interface {
+	Skip(args ...interface{})
+	Log(args ...interface{})
+}
+
+// Result of skip function
+type Result interface {
+	Skip() bool
+	Message() string
+}
+
+type helperT interface {
+	Helper()
+}
+
+// BoolOrCheckFunc can be a bool, func() bool, or func() Result. Other types will panic
+type BoolOrCheckFunc interface{}
+
+// If the condition expression evaluates to true, skip the test.
+//
+// The condition argument may be one of three types: bool, func() bool, or
+// func() SkipResult.
+// When called with a bool, the test will be skip if the condition evaluates to true.
+// When called with a func() bool, the test will be skip if the function returns true.
+// When called with a func() Result, the test will be skip if the Skip method
+// of the result returns true.
+// The skip message will contain the source code of the expression.
+// Extra message text can be passed as a format string with args.
+func If(t skipT, condition BoolOrCheckFunc, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	switch check := condition.(type) {
+	case bool:
+		ifCondition(t, check, msgAndArgs...)
+	case func() bool:
+		if check() {
+			t.Skip(format.WithCustomMessage(getFunctionName(check), msgAndArgs...))
+		}
+	case func() Result:
+		result := check()
+		if result.Skip() {
+			msg := getFunctionName(check) + ": " + result.Message()
+			t.Skip(format.WithCustomMessage(msg, msgAndArgs...))
+		}
+	default:
+		panic(fmt.Sprintf("invalid type for condition arg: %T", check))
+	}
+}
+
+func getFunctionName(function interface{}) string {
+	funcPath := runtime.FuncForPC(reflect.ValueOf(function).Pointer()).Name()
+	return strings.SplitN(path.Base(funcPath), ".", 2)[1]
+}
+
+func ifCondition(t skipT, condition bool, msgAndArgs ...interface{}) {
+	if ht, ok := t.(helperT); ok {
+		ht.Helper()
+	}
+	if !condition {
+		return
+	}
+	const (
+		stackIndex = 2
+		argPos     = 1
+	)
+	source, err := source.FormattedCallExprArg(stackIndex, argPos)
+	if err != nil {
+		t.Log(err.Error())
+		t.Skip(format.Message(msgAndArgs...))
+	}
+	t.Skip(format.WithCustomMessage(source, msgAndArgs...))
+}
diff --git a/vendor/gotest.tools/x/subtest/context.go b/vendor/gotest.tools/x/subtest/context.go
deleted file mode 100644
index 878bdebf14d89..0000000000000
--- a/vendor/gotest.tools/x/subtest/context.go
+++ /dev/null
@@ -1,81 +0,0 @@
-/*Package subtest provides a TestContext to subtests which handles cleanup, and
-provides a testing.TB, and context.Context.
-
-This package was inspired by github.com/frankban/quicktest.
-*/
-package subtest // import "gotest.tools/x/subtest"
-
-import (
-	"context"
-	"testing"
-)
-
-type testcase struct {
-	testing.TB
-	ctx          context.Context
-	cleanupFuncs []cleanupFunc
-}
-
-type cleanupFunc func()
-
-func (tc *testcase) Ctx() context.Context {
-	if tc.ctx == nil {
-		var cancel func()
-		tc.ctx, cancel = context.WithCancel(context.Background())
-		tc.AddCleanup(cancel)
-	}
-	return tc.ctx
-}
-
-// Cleanup runs all cleanup functions. Functions are run in the opposite order
-// in which they were added. Cleanup is called automatically before Run exits.
-func (tc *testcase) Cleanup() {
-	for _, f := range tc.cleanupFuncs {
-		// Defer all cleanup functions so they all run even if one calls
-		// t.FailNow() or panics. Deferring them also runs them in reverse order.
-		defer f()
-	}
-	tc.cleanupFuncs = nil
-}
-
-func (tc *testcase) AddCleanup(f func()) {
-	tc.cleanupFuncs = append(tc.cleanupFuncs, f)
-}
-
-func (tc *testcase) Parallel() {
-	tp, ok := tc.TB.(parallel)
-	if !ok {
-		panic("Parallel called with a testing.B")
-	}
-	tp.Parallel()
-}
-
-type parallel interface {
-	Parallel()
-}
-
-// Run a subtest. When subtest exits, every cleanup function added with
-// TestContext.AddCleanup will be run.
-func Run(t *testing.T, name string, subtest func(t TestContext)) bool {
-	return t.Run(name, func(t *testing.T) {
-		tc := &testcase{TB: t}
-		defer tc.Cleanup()
-		subtest(tc)
-	})
-}
-
-// TestContext provides a testing.TB and a context.Context for a test case.
-type TestContext interface {
-	testing.TB
-	// AddCleanup function which will be run when before Run returns.
-	AddCleanup(f func())
-	// Ctx returns a context for the test case. Multiple calls from the same subtest
-	// will return the same context. The context is cancelled when Run
-	// returns.
-	Ctx() context.Context
-	// Parallel calls t.Parallel on the testing.TB. Panics if testing.TB does
-	// not implement Parallel.
-	Parallel()
-}
-
-var _ TestContext = &testcase{}
diff --git a/volume/drivers/extpoint.go b/volume/drivers/extpoint.go
index b2131c20ef068..3878736cbbb44 100644
--- a/volume/drivers/extpoint.go
+++ b/volume/drivers/extpoint.go
@@ -8,10 +8,10 @@ import (
 	"sync"
 
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/pkg/locker"
 	getter "github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/volume"
+	"github.com/moby/locker"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -21,7 +21,7 @@ const extName = "VolumeDriver"
 // volumeDriver defines the available functions that volume plugins must implement.
 // This interface is only defined to generate the proxy objects.
 // It's not intended to be public or reused.
-// nolint: deadcode
+//nolint: deadcode
 type volumeDriver interface {
 	// Create a volume with the given name
 	Create(name string, opts map[string]string) (err error)
diff --git a/volume/local/local.go b/volume/local/local.go
index 7190de9ed60e0..29e3cc9a546f2 100644
--- a/volume/local/local.go
+++ b/volume/local/local.go
@@ -6,7 +6,6 @@ package local // import "github.com/docker/docker/volume/local"
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -16,9 +15,10 @@ import (
 	"github.com/docker/docker/daemon/names"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/quota"
 	"github.com/docker/docker/volume"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // VolumeDataPathName is the name of the directory where the volume data is stored.
@@ -49,7 +49,7 @@ type activeMount struct {
 func New(scope string, rootIdentity idtools.Identity) (*Root, error) {
 	rootDirectory := filepath.Join(scope, volumesPathName)
 
-	if err := idtools.MkdirAllAndChown(rootDirectory, 0700, rootIdentity); err != nil {
+	if err := idtools.MkdirAllAndChown(rootDirectory, 0701, idtools.CurrentIdentity()); err != nil {
 		return nil, err
 	}
 
@@ -60,11 +60,15 @@ func New(scope string, rootIdentity idtools.Identity) (*Root, error) {
 		rootIdentity: rootIdentity,
 	}
 
-	dirs, err := ioutil.ReadDir(rootDirectory)
+	dirs, err := os.ReadDir(rootDirectory)
 	if err != nil {
 		return nil, err
 	}
 
+	if r.quotaCtl, err = quota.NewControl(rootDirectory); err != nil {
+		logrus.Debugf("No quota support for local volumes in %s: %v", rootDirectory, err)
+	}
+
 	for _, d := range dirs {
 		if !d.IsDir() {
 			continue
@@ -75,10 +79,11 @@ func New(scope string, rootIdentity idtools.Identity) (*Root, error) {
 			driverName: r.Name(),
 			name:       name,
 			path:       r.DataPath(name),
+			quotaCtl:   r.quotaCtl,
 		}
 		r.volumes[name] = v
 		optsFilePath := filepath.Join(rootDirectory, name, "opts.json")
-		if b, err := ioutil.ReadFile(optsFilePath); err == nil {
+		if b, err := os.ReadFile(optsFilePath); err == nil {
 			opts := optsConfig{}
 			if err := json.Unmarshal(b, &opts); err != nil {
 				return nil, errors.Wrapf(err, "error while unmarshaling volume options for volume: %s", name)
@@ -88,9 +93,9 @@ func New(scope string, rootIdentity idtools.Identity) (*Root, error) {
 			if !reflect.DeepEqual(opts, optsConfig{}) {
 				v.opts = &opts
 			}
-
-			// unmount anything that may still be mounted (for example, from an unclean shutdown)
-			mount.Unmount(v.path)
+			// unmount anything that may still be mounted (for example, from an
+			// unclean shutdown). This is a no-op on windows
+			unmount(v.path)
 		}
 	}
 
@@ -104,6 +109,7 @@ type Root struct {
 	m            sync.Mutex
 	scope        string
 	path         string
+	quotaCtl     *quota.Control
 	volumes      map[string]*localVolume
 	rootIdentity idtools.Identity
 }
@@ -146,8 +152,15 @@ func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error
 	}
 
 	path := r.DataPath(name)
+	volRoot := filepath.Dir(path)
+	// Root dir does not need to be accessed by the remapped root
+	if err := idtools.MkdirAllAndChown(volRoot, 0701, idtools.CurrentIdentity()); err != nil {
+		return nil, errors.Wrapf(errdefs.System(err), "error while creating volume root path '%s'", volRoot)
+	}
+
+	// Remapped root does need access to the data path
 	if err := idtools.MkdirAllAndChown(path, 0755, r.rootIdentity); err != nil {
-		return nil, errors.Wrapf(errdefs.System(err), "error while creating volume path '%s'", path)
+		return nil, errors.Wrapf(errdefs.System(err), "error while creating volume data path '%s'", path)
 	}
 
 	var err error
@@ -161,6 +174,7 @@ func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error
 		driverName: r.Name(),
 		name:       name,
 		path:       path,
+		quotaCtl:   r.quotaCtl,
 	}
 
 	if len(opts) != 0 {
@@ -172,7 +186,7 @@ func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error
 		if err != nil {
 			return nil, err
 		}
-		if err = ioutil.WriteFile(filepath.Join(filepath.Dir(path), "opts.json"), b, 600); err != nil {
+		if err = os.WriteFile(filepath.Join(filepath.Dir(path), "opts.json"), b, 0600); err != nil {
 			return nil, errdefs.System(errors.Wrap(err, "error while persisting volume options"))
 		}
 	}
@@ -248,20 +262,12 @@ func (r *Root) Scope() string {
 	return volume.LocalScope
 }
 
-type validationError string
-
-func (e validationError) Error() string {
-	return string(e)
-}
-
-func (e validationError) InvalidParameter() {}
-
 func (r *Root) validateName(name string) error {
 	if len(name) == 1 {
-		return validationError("volume name is too short, names should be at least two alphanumeric characters")
+		return errdefs.InvalidParameter(errors.New("volume name is too short, names should be at least two alphanumeric characters"))
 	}
 	if !volumeNameRegex.MatchString(name) {
-		return validationError(fmt.Sprintf("%q includes invalid characters for a local volume name, only %q are allowed. If you intended to pass a host directory, use absolute path", name, names.RestrictedNameChars))
+		return errdefs.InvalidParameter(errors.Errorf("%q includes invalid characters for a local volume name, only %q are allowed. If you intended to pass a host directory, use absolute path", name, names.RestrictedNameChars))
 	}
 	return nil
 }
@@ -280,6 +286,8 @@ type localVolume struct {
 	opts *optsConfig
 	// active refcounts the active mounts
 	active activeMount
+	// reference to Root instances quotaCtl
+	quotaCtl *quota.Control
 }
 
 // Name returns the name of the given Volume.
@@ -307,7 +315,7 @@ func (v *localVolume) CachedPath() string {
 func (v *localVolume) Mount(id string) (string, error) {
 	v.m.Lock()
 	defer v.m.Unlock()
-	if v.opts != nil {
+	if v.needsMount() {
 		if !v.active.mounted {
 			if err := v.mount(); err != nil {
 				return "", errdefs.System(err)
@@ -316,6 +324,9 @@ func (v *localVolume) Mount(id string) (string, error) {
 		}
 		v.active.count++
 	}
+	if err := v.postMount(); err != nil {
+		return "", err
+	}
 	return v.path, nil
 }
 
@@ -329,7 +340,7 @@ func (v *localVolume) Unmount(id string) error {
 	// Essentially docker doesn't care if this fails, it will send an error, but
 	// ultimately there's nothing that can be done. If we don't decrement the count
 	// this volume can never be removed until a daemon restart occurs.
-	if v.opts != nil {
+	if v.needsMount() {
 		v.active.count--
 	}
 
@@ -340,27 +351,6 @@ func (v *localVolume) Unmount(id string) error {
 	return v.unmount()
 }
 
-func (v *localVolume) unmount() error {
-	if v.opts != nil {
-		if err := mount.Unmount(v.path); err != nil {
-			if mounted, mErr := mount.Mounted(v.path); mounted || mErr != nil {
-				return errdefs.System(errors.Wrapf(err, "error while unmounting volume path '%s'", v.path))
-			}
-		}
-		v.active.mounted = false
-	}
-	return nil
-}
-
-func validateOpts(opts map[string]string) error {
-	for opt := range opts {
-		if !validOpts[opt] {
-			return validationError(fmt.Sprintf("invalid option key: %q", opt))
-		}
-	}
-	return nil
-}
-
 func (v *localVolume) Status() map[string]interface{} {
 	return nil
 }
diff --git a/volume/local/local_linux_test.go b/volume/local/local_linux_test.go
new file mode 100644
index 0000000000000..c66ecc9095605
--- /dev/null
+++ b/volume/local/local_linux_test.go
@@ -0,0 +1,97 @@
+//go:build linux
+// +build linux
+
+package local // import "github.com/docker/docker/volume/local"
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/quota"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+)
+
+const quotaSize = 1024 * 1024
+const quotaSizeLiteral = "1M"
+
+func TestQuota(t *testing.T) {
+	if msg, ok := quota.CanTestQuota(); !ok {
+		t.Skip(msg)
+	}
+
+	// get sparse xfs test image
+	imageFileName, err := quota.PrepareQuotaTestImage(t)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(imageFileName)
+
+	t.Run("testVolWithQuota", quota.WrapMountTest(imageFileName, true, testVolWithQuota))
+	t.Run("testVolQuotaUnsupported", quota.WrapMountTest(imageFileName, false, testVolQuotaUnsupported))
+}
+
+func testVolWithQuota(t *testing.T, mountPoint, backingFsDev, testDir string) {
+	r, err := New(testDir, idtools.Identity{UID: os.Geteuid(), GID: os.Getegid()})
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Assert(t, r.quotaCtl != nil)
+
+	vol, err := r.Create("testing", map[string]string{"size": quotaSizeLiteral})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	dir, err := vol.Mount("1234")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := vol.Unmount("1234"); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	testfile := filepath.Join(dir, "testfile")
+
+	// test writing file smaller than quota
+	assert.NilError(t, os.WriteFile(testfile, make([]byte, quotaSize/2), 0644))
+	assert.NilError(t, os.Remove(testfile))
+
+	// test writing fiel larger than quota
+	err = os.WriteFile(testfile, make([]byte, quotaSize+1), 0644)
+	assert.ErrorContains(t, err, "")
+	if _, err := os.Stat(testfile); err == nil {
+		assert.NilError(t, os.Remove(testfile))
+	}
+}
+
+func testVolQuotaUnsupported(t *testing.T, mountPoint, backingFsDev, testDir string) {
+	r, err := New(testDir, idtools.Identity{UID: os.Geteuid(), GID: os.Getegid()})
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Assert(t, is.Nil(r.quotaCtl))
+
+	_, err = r.Create("testing", map[string]string{"size": quotaSizeLiteral})
+	assert.ErrorContains(t, err, "no quota support")
+
+	vol, err := r.Create("testing", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// this could happen if someone moves volumes from storage with
+	// quota support to some place without
+	lv, ok := vol.(*localVolume)
+	assert.Assert(t, ok)
+	lv.opts = &optsConfig{
+		Quota: quota.Quota{Size: quotaSize},
+	}
+
+	_, err = vol.Mount("1234")
+	assert.ErrorContains(t, err, "no quota support")
+}
diff --git a/volume/local/local_test.go b/volume/local/local_test.go
index 51df1a7edfcec..180ad09380b54 100644
--- a/volume/local/local_test.go
+++ b/volume/local/local_test.go
@@ -1,7 +1,6 @@
 package local // import "github.com/docker/docker/volume/local"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -10,8 +9,8 @@ import (
 	"testing"
 
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
-	"gotest.tools/skip"
+	"github.com/moby/sys/mountinfo"
+	"gotest.tools/v3/skip"
 )
 
 func TestGetAddress(t *testing.T) {
@@ -32,7 +31,7 @@ func TestGetAddress(t *testing.T) {
 
 func TestRemove(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows", "FIXME: investigate why this test fails on CI")
-	rootDir, err := ioutil.TempDir("", "local-volume-test")
+	rootDir, err := os.MkdirTemp("", "local-volume-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -74,7 +73,7 @@ func TestRemove(t *testing.T) {
 }
 
 func TestInitializeWithVolumes(t *testing.T) {
-	rootDir, err := ioutil.TempDir("", "local-volume-test")
+	rootDir, err := os.MkdirTemp("", "local-volume-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -106,7 +105,7 @@ func TestInitializeWithVolumes(t *testing.T) {
 }
 
 func TestCreate(t *testing.T) {
-	rootDir, err := ioutil.TempDir("", "local-volume-test")
+	rootDir, err := os.MkdirTemp("", "local-volume-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -149,7 +148,7 @@ func TestCreate(t *testing.T) {
 		}
 	}
 
-	r, err = New(rootDir, idtools.Identity{UID: os.Geteuid(), GID: os.Getegid()})
+	_, err = New(rootDir, idtools.Identity{UID: os.Geteuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -180,7 +179,7 @@ func TestValidateName(t *testing.T) {
 func TestCreateWithOpts(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows")
 	skip.If(t, os.Getuid() != 0, "requires mounts")
-	rootDir, err := ioutil.TempDir("", "local-volume-test")
+	rootDir, err := os.MkdirTemp("", "local-volume-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -211,7 +210,7 @@ func TestCreateWithOpts(t *testing.T) {
 		}
 	}()
 
-	mountInfos, err := mount.GetMounts(mount.SingleEntryFilter(dir))
+	mountInfos, err := mountinfo.GetMounts(mountinfo.SingleEntryFilter(dir))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -221,17 +220,17 @@ func TestCreateWithOpts(t *testing.T) {
 
 	info := mountInfos[0]
 	t.Logf("%+v", info)
-	if info.Fstype != "tmpfs" {
-		t.Fatalf("expected tmpfs mount, got %q", info.Fstype)
+	if info.FSType != "tmpfs" {
+		t.Fatalf("expected tmpfs mount, got %q", info.FSType)
 	}
 	if info.Source != "tmpfs" {
 		t.Fatalf("expected tmpfs mount, got %q", info.Source)
 	}
-	if !strings.Contains(info.VfsOpts, "uid=1000") {
-		t.Fatalf("expected mount info to have uid=1000: %q", info.VfsOpts)
+	if !strings.Contains(info.VFSOptions, "uid=1000") {
+		t.Fatalf("expected mount info to have uid=1000: %q", info.VFSOptions)
 	}
-	if !strings.Contains(info.VfsOpts, "size=1024k") {
-		t.Fatalf("expected mount info to have size=1024k: %q", info.VfsOpts)
+	if !strings.Contains(info.VFSOptions, "size=1024k") {
+		t.Fatalf("expected mount info to have size=1024k: %q", info.VFSOptions)
 	}
 
 	if v.active.count != 1 {
@@ -253,7 +252,7 @@ func TestCreateWithOpts(t *testing.T) {
 		t.Fatalf("Expected active mount count to be 1, got %d", v.active.count)
 	}
 
-	mounted, err := mount.Mounted(v.path)
+	mounted, err := mountinfo.Mounted(v.path)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -277,7 +276,7 @@ func TestCreateWithOpts(t *testing.T) {
 }
 
 func TestRelaodNoOpts(t *testing.T) {
-	rootDir, err := ioutil.TempDir("", "volume-test-reload-no-opts")
+	rootDir, err := os.MkdirTemp("", "volume-test-reload-no-opts")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -295,7 +294,7 @@ func TestRelaodNoOpts(t *testing.T) {
 		t.Fatal(err)
 	}
 	// make sure a file with `null` (.e.g. empty opts map from older daemon) is ok
-	if err := ioutil.WriteFile(filepath.Join(rootDir, "test2"), []byte("null"), 600); err != nil {
+	if err := os.WriteFile(filepath.Join(rootDir, "test2"), []byte("null"), 0600); err != nil {
 		t.Fatal(err)
 	}
 
@@ -303,7 +302,7 @@ func TestRelaodNoOpts(t *testing.T) {
 		t.Fatal(err)
 	}
 	// make sure an empty opts file doesn't break us too
-	if err := ioutil.WriteFile(filepath.Join(rootDir, "test3"), nil, 600); err != nil {
+	if err := os.WriteFile(filepath.Join(rootDir, "test3"), nil, 0600); err != nil {
 		t.Fatal(err)
 	}
 
diff --git a/volume/local/local_unix.go b/volume/local/local_unix.go
index b1c68b931b101..4fdd18254490d 100644
--- a/volume/local/local_unix.go
+++ b/volume/local/local_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 // Package local provides the default implementation for volumes. It
@@ -14,18 +15,27 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/quota"
+	units "github.com/docker/go-units"
+	"github.com/moby/sys/mount"
+	"github.com/moby/sys/mountinfo"
 	"github.com/pkg/errors"
-
-	"github.com/docker/docker/pkg/mount"
 )
 
 var (
 	oldVfsDir = filepath.Join("vfs", "dir")
 
-	validOpts = map[string]bool{
-		"type":   true, // specify the filesystem type for mount, e.g. nfs
-		"o":      true, // generic mount options
-		"device": true, // device to mount from
+	validOpts = map[string]struct{}{
+		"type":   {}, // specify the filesystem type for mount, e.g. nfs
+		"o":      {}, // generic mount options
+		"device": {}, // device to mount from
+		"size":   {}, // quota size limit
+	}
+	mandatoryOpts = map[string][]string{
+		"device": {"type"},
+		"type":   {"device"},
+		"o":      {"device", "type"},
 	}
 )
 
@@ -33,10 +43,11 @@ type optsConfig struct {
 	MountType   string
 	MountOpts   string
 	MountDevice string
+	Quota       quota.Quota
 }
 
 func (o *optsConfig) String() string {
-	return fmt.Sprintf("type='%s' device='%s' o='%s'", o.MountType, o.MountDevice, o.MountOpts)
+	return fmt.Sprintf("type='%s' device='%s' o='%s' size='%d'", o.MountType, o.MountDevice, o.MountOpts, o.Quota.Size)
 }
 
 // scopedPath verifies that the path where the volume is located
@@ -59,34 +70,109 @@ func setOpts(v *localVolume, opts map[string]string) error {
 	if len(opts) == 0 {
 		return nil
 	}
-	if err := validateOpts(opts); err != nil {
+	err := validateOpts(opts)
+	if err != nil {
 		return err
 	}
-
 	v.opts = &optsConfig{
 		MountType:   opts["type"],
 		MountOpts:   opts["o"],
 		MountDevice: opts["device"],
 	}
+	if val, ok := opts["size"]; ok {
+		size, err := units.RAMInBytes(val)
+		if err != nil {
+			return err
+		}
+		if size > 0 && v.quotaCtl == nil {
+			return errdefs.InvalidParameter(errors.Errorf("quota size requested but no quota support"))
+		}
+		v.opts.Quota.Size = uint64(size)
+	}
 	return nil
 }
 
+func validateOpts(opts map[string]string) error {
+	if len(opts) == 0 {
+		return nil
+	}
+	for opt := range opts {
+		if _, ok := validOpts[opt]; !ok {
+			return errdefs.InvalidParameter(errors.Errorf("invalid option: %q", opt))
+		}
+	}
+	for opt, reqopts := range mandatoryOpts {
+		if _, ok := opts[opt]; ok {
+			for _, reqopt := range reqopts {
+				if _, ok := opts[reqopt]; !ok {
+					return errdefs.InvalidParameter(errors.Errorf("missing required option: %q", reqopt))
+				}
+			}
+		}
+	}
+	return nil
+}
+
+func unmount(path string) {
+	_ = mount.Unmount(path)
+}
+
+func (v *localVolume) needsMount() bool {
+	if v.opts == nil {
+		return false
+	}
+	if v.opts.MountDevice != "" || v.opts.MountType != "" {
+		return true
+	}
+	return false
+}
+
 func (v *localVolume) mount() error {
 	if v.opts.MountDevice == "" {
 		return fmt.Errorf("missing device in volume options")
 	}
 	mountOpts := v.opts.MountOpts
-	if v.opts.MountType == "nfs" {
+	switch v.opts.MountType {
+	case "nfs", "cifs":
 		if addrValue := getAddress(v.opts.MountOpts); addrValue != "" && net.ParseIP(addrValue).To4() == nil {
 			ipAddr, err := net.ResolveIPAddr("ip", addrValue)
 			if err != nil {
-				return errors.Wrapf(err, "error resolving passed in nfs address")
+				return errors.Wrapf(err, "error resolving passed in network volume address")
 			}
 			mountOpts = strings.Replace(mountOpts, "addr="+addrValue, "addr="+ipAddr.String(), 1)
 		}
 	}
 	err := mount.Mount(v.opts.MountDevice, v.path, v.opts.MountType, mountOpts)
-	return errors.Wrapf(err, "error while mounting volume with options: %s", v.opts)
+	return errors.Wrap(err, "failed to mount local volume")
+}
+
+func (v *localVolume) postMount() error {
+	if v.opts == nil {
+		return nil
+	}
+	if v.opts.Quota.Size > 0 {
+		if v.quotaCtl != nil {
+			err := v.quotaCtl.SetQuota(v.path, v.opts.Quota)
+			if err != nil {
+				return err
+			}
+		} else {
+			return fmt.Errorf("size quota requested for volume but no quota support")
+		}
+	}
+	return nil
+}
+
+func (v *localVolume) unmount() error {
+	if v.needsMount() {
+		if err := mount.Unmount(v.path); err != nil {
+			if mounted, mErr := mountinfo.Mounted(v.path); mounted || mErr != nil {
+				return errdefs.System(err)
+			}
+		}
+		v.active.mounted = false
+	}
+	return nil
 }
 
 func (v *localVolume) CreatedAt() (time.Time, error) {
diff --git a/volume/local/local_windows.go b/volume/local/local_windows.go
index d96fc0f594bbc..9fc2092720a13 100644
--- a/volume/local/local_windows.go
+++ b/volume/local/local_windows.go
@@ -4,18 +4,18 @@
 package local // import "github.com/docker/docker/volume/local"
 
 import (
-	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"syscall"
 	"time"
+
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
 )
 
 type optsConfig struct{}
 
-var validOpts map[string]bool
-
 // scopedPath verifies that the path where the volume is located
 // is under Docker's root and the valid local paths.
 func (r *Root) scopedPath(realPath string) bool {
@@ -27,14 +27,27 @@ func (r *Root) scopedPath(realPath string) bool {
 
 func setOpts(v *localVolume, opts map[string]string) error {
 	if len(opts) > 0 {
-		return fmt.Errorf("options are not supported on this platform")
+		return errdefs.InvalidParameter(errors.New("options are not supported on this platform"))
 	}
 	return nil
 }
 
+func (v *localVolume) needsMount() bool {
+	return false
+}
+
 func (v *localVolume) mount() error {
 	return nil
 }
+func (v *localVolume) unmount() error {
+	return nil
+}
+
+func unmount(_ string) {}
+
+func (v *localVolume) postMount() error {
+	return nil
+}
 
 func (v *localVolume) CreatedAt() (time.Time, error) {
 	fileInfo, err := os.Stat(v.path)
diff --git a/volume/mounts/lcow_parser.go b/volume/mounts/lcow_parser.go
index bafb7b07f84cb..2dbd2d164b196 100644
--- a/volume/mounts/lcow_parser.go
+++ b/volume/mounts/lcow_parser.go
@@ -2,18 +2,46 @@ package mounts // import "github.com/docker/docker/volume/mounts"
 
 import (
 	"errors"
+	"fmt"
 	"path"
+	"regexp"
+	"strings"
 
 	"github.com/docker/docker/api/types/mount"
 )
 
-var lcowSpecificValidators mountValidator = func(m *mount.Mount) error {
+// NewLCOWParser creates a parser with Linux Containers on Windows semantics.
+func NewLCOWParser() Parser {
+	return &lcowParser{
+		windowsParser{
+			fi: defaultFileInfoProvider{},
+		},
+	}
+}
+
+// rxLCOWDestination is the regex expression for the mount destination for LCOW
+//
+// Destination (aka container path):
+//    -  Variation on hostdir but can be a drive followed by colon as well
+//    -  If a path, must be absolute. Can include spaces
+//    -  Drive cannot be c: (explicitly checked in code, not RegEx)
+const rxLCOWDestination = `(?P<destination>/(?:[^\\/:*?"<>\r\n]+[/]?)*)`
+
+var (
+	lcowMountDestinationRegex = regexp.MustCompile(`^` + rxLCOWDestination + `$`)
+	lcowSplitRawSpec          = regexp.MustCompile(`^` + rxSource + rxLCOWDestination + rxMode + `$`)
+)
+
+var lcowValidators mountValidator = func(m *mount.Mount) error {
 	if path.Clean(m.Target) == "/" {
 		return ErrVolumeTargetIsRoot
 	}
 	if m.Type == mount.TypeNamedPipe {
 		return errors.New("Linux containers on Windows do not support named pipe mounts")
 	}
+	if !lcowMountDestinationRegex.MatchString(strings.ToLower(m.Target)) {
+		return fmt.Errorf("invalid mount path: '%s'", m.Target)
+	}
 	return nil
 }
 
@@ -22,13 +50,17 @@ type lcowParser struct {
 }
 
 func (p *lcowParser) ValidateMountConfig(mnt *mount.Mount) error {
-	return p.validateMountConfigReg(mnt, rxLCOWDestination, lcowSpecificValidators)
+	return p.validateMountConfigReg(mnt, lcowValidators)
 }
 
 func (p *lcowParser) ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
-	return p.parseMountRaw(raw, volumeDriver, rxLCOWDestination, false, lcowSpecificValidators)
+	arr, err := p.splitRawSpec(raw, lcowSplitRawSpec)
+	if err != nil {
+		return nil, err
+	}
+	return p.parseMount(arr, raw, volumeDriver, false, lcowValidators)
 }
 
 func (p *lcowParser) ParseMountSpec(cfg mount.Mount) (*MountPoint, error) {
-	return p.parseMountSpec(cfg, rxLCOWDestination, false, lcowSpecificValidators)
+	return p.parseMountSpec(cfg, false, lcowValidators)
 }
diff --git a/volume/mounts/lcow_parser_test.go b/volume/mounts/lcow_parser_test.go
new file mode 100644
index 0000000000000..c62309b143dc3
--- /dev/null
+++ b/volume/mounts/lcow_parser_test.go
@@ -0,0 +1,152 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+	"gotest.tools/v3/assert"
+)
+
+func TestLCOWParseMountRaw(t *testing.T) {
+	valid := []string{
+		`/foo`,
+		`/foo/`,
+		`/foo bar`,
+		`c:\:/foo`,
+		`c:\windows\:/foo`,
+		`c:\windows:/s p a c e`,
+		`c:\windows:/s p a c e:RW`,
+		`c:\program files:/s p a c e i n h o s t d i r`,
+		`0123456789name:/foo`,
+		`MiXeDcAsEnAmE:/foo`,
+		`name:/foo`,
+		`name:/foo:rW`,
+		`name:/foo:RW`,
+		`name:/foo:RO`,
+		`c:/:/forward/slashes/are/good/too`,
+		`c:/:/including with/spaces:ro`,
+		`/Program Files (x86)`, // With capitals and brackets
+	}
+
+	invalid := map[string]string{
+		``:                                   "invalid volume specification: ",
+		`.`:                                  "invalid volume specification: ",
+		`c:`:                                 "invalid volume specification: ",
+		`c:\`:                                "invalid volume specification: ",
+		`../`:                                "invalid volume specification: ",
+		`c:\:../`:                            "invalid volume specification: ",
+		`c:\:/foo:xyzzy`:                     "invalid volume specification: ",
+		`/`:                                  "destination can't be '/'",
+		`/..`:                                "destination can't be '/'",
+		`c:\notexist:/foo`:                   `source path does not exist: c:\notexist`,
+		`c:\windows\system32\ntdll.dll:/foo`: `source path must be a directory`,
+		`name<:/foo`:                         `invalid volume specification`,
+		`name>:/foo`:                         `invalid volume specification`,
+		`name::/foo`:                         `invalid volume specification`,
+		`name":/foo`:                         `invalid volume specification`,
+		`name\:/foo`:                         `invalid volume specification`,
+		`name*:/foo`:                         `invalid volume specification`,
+		`name|:/foo`:                         `invalid volume specification`,
+		`name?:/foo`:                         `invalid volume specification`,
+		`name/:/foo`:                         `invalid volume specification`,
+		`/foo:rw`:                            `invalid volume specification`,
+		`/foo:ro`:                            `invalid volume specification`,
+		`con:/foo`:                           `cannot be a reserved word for Windows filenames`,
+		`PRN:/foo`:                           `cannot be a reserved word for Windows filenames`,
+		`aUx:/foo`:                           `cannot be a reserved word for Windows filenames`,
+		`nul:/foo`:                           `cannot be a reserved word for Windows filenames`,
+		`com1:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`com2:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`com3:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`com4:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`com5:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`com6:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`com7:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`com8:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`com9:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt1:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt2:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt3:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt4:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt5:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt6:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt7:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt8:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt9:/foo`:                          `cannot be a reserved word for Windows filenames`,
+		`\\.\pipe\foo:/foo`:                  `Linux containers on Windows do not support named pipe mounts`,
+	}
+
+	parser := NewLCOWParser()
+	if p, ok := parser.(*lcowParser); ok {
+		p.fi = mockFiProvider{}
+	}
+
+	for _, path := range valid {
+		if _, err := parser.ParseMountRaw(path, "local"); err != nil {
+			t.Errorf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
+		}
+	}
+
+	for path, expectedError := range invalid {
+		if mp, err := parser.ParseMountRaw(path, "local"); err == nil {
+			t.Errorf("ParseMountRaw(`%q`) should have failed validation. Err '%v' - MP: %v", path, err, mp)
+		} else {
+			if !strings.Contains(err.Error(), expectedError) {
+				t.Errorf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
+			}
+		}
+	}
+}
+
+func TestLCOWParseMountRawSplit(t *testing.T) {
+	cases := []struct {
+		bind      string
+		driver    string
+		expType   mount.Type
+		expDest   string
+		expSource string
+		expName   string
+		expDriver string
+		expRW     bool
+		fail      bool
+	}{
+		{`c:\:/foo`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", true, false},
+		{`c:\:/foo:ro`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", false, false},
+		{`c:\:/foo:rw`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", true, false},
+		{`c:\:/foo:foo`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", false, true},
+		{`name:/foo:rw`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", true, false},
+		{`name:/foo`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", true, false},
+		{`name:/foo:ro`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", false, false},
+		{`name:/`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
+		{`driver/name:/`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
+		{`\\.\pipe\foo:\\.\pipe\bar`, "local", mount.TypeNamedPipe, `\\.\pipe\bar`, `\\.\pipe\foo`, "", "", true, true},
+		{`\\.\pipe\foo:/data`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
+		{`c:\foo\bar:\\.\pipe\foo`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
+	}
+
+	parser := NewLCOWParser()
+	if p, ok := parser.(*lcowParser); ok {
+		p.fi = mockFiProvider{}
+	}
+
+	for i, c := range cases {
+		c := c
+		t.Run(fmt.Sprintf("%d_%s", i, c.bind), func(t *testing.T) {
+			m, err := parser.ParseMountRaw(c.bind, c.driver)
+			if c.fail {
+				assert.ErrorContains(t, err, "", "expected an error")
+				return
+			}
+
+			assert.NilError(t, err)
+			assert.Equal(t, m.Destination, c.expDest)
+			assert.Equal(t, m.Source, c.expSource)
+			assert.Equal(t, m.Name, c.expName)
+			assert.Equal(t, m.Driver, c.expDriver)
+			assert.Equal(t, m.RW, c.expRW)
+			assert.Equal(t, m.Type, c.expType)
+		})
+	}
+}
diff --git a/volume/mounts/linux_parser.go b/volume/mounts/linux_parser.go
index 8e436aec0ef89..e9d7a9c5de2dd 100644
--- a/volume/mounts/linux_parser.go
+++ b/volume/mounts/linux_parser.go
@@ -12,7 +12,15 @@ import (
 	"github.com/docker/docker/volume"
 )
 
+// NewLinuxParser creates a parser with Linux semantics.
+func NewLinuxParser() Parser {
+	return &linuxParser{
+		fi: defaultFileInfoProvider{},
+	}
+}
+
 type linuxParser struct {
+	fi fileInfoProvider
 }
 
 func linuxSplitRawSpec(raw string) ([]string, error) {
@@ -82,7 +90,10 @@ func (p *linuxParser) validateMountConfigImpl(mnt *mount.Mount, validateBindSour
 		}
 
 		if validateBindSourceExists {
-			exists, _, _ := currentFileInfoProvider.fileInfo(mnt.Source)
+			exists, _, err := p.fi.fileInfo(mnt.Source)
+			if err != nil {
+				return &errMountConfig{mnt, err}
+			}
 			if !exists {
 				return &errMountConfig{mnt, errBindSourceDoesNotExist(mnt.Source)}
 			}
@@ -97,6 +108,9 @@ func (p *linuxParser) validateMountConfigImpl(mnt *mount.Mount, validateBindSour
 			return &errMountConfig{mnt, fmt.Errorf("must not set ReadOnly mode when using anonymous volumes")}
 		}
 	case mount.TypeTmpfs:
+		if mnt.BindOptions != nil {
+			return &errMountConfig{mnt, errExtraField("BindOptions")}
+		}
 		if len(mnt.Source) != 0 {
 			return &errMountConfig{mnt, errExtraField("Source")}
 		}
@@ -109,12 +123,6 @@ func (p *linuxParser) validateMountConfigImpl(mnt *mount.Mount, validateBindSour
 	return nil
 }
 
-// read-write modes
-var rwModes = map[string]bool{
-	"rw": true,
-	"ro": true,
-}
-
 // label modes
 var linuxLabelModes = map[string]bool{
 	"Z": true,
@@ -292,7 +300,7 @@ func (p *linuxParser) parseMountSpec(cfg mount.Mount, validateBindSourceExists b
 	switch cfg.Type {
 	case mount.TypeVolume:
 		if cfg.Source == "" {
-			mp.Name = stringid.GenerateNonCryptoID()
+			mp.Name = stringid.GenerateRandomID()
 		} else {
 			mp.Name = cfg.Source
 		}
diff --git a/volume/mounts/linux_parser_test.go b/volume/mounts/linux_parser_test.go
new file mode 100644
index 0000000000000..bcfca72b25724
--- /dev/null
+++ b/volume/mounts/linux_parser_test.go
@@ -0,0 +1,221 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+	"gotest.tools/v3/assert"
+)
+
+func TestLinuxParseMountRaw(t *testing.T) {
+	valid := []string{
+		"/home",
+		"/home:/home",
+		"/home:/something/else",
+		"/with space",
+		"/home:/with space",
+		"relative:/absolute-path",
+		"hostPath:/containerPath:ro",
+		"/hostPath:/containerPath:rw",
+		"/rw:/ro",
+		"/hostPath:/containerPath:shared",
+		"/hostPath:/containerPath:rshared",
+		"/hostPath:/containerPath:slave",
+		"/hostPath:/containerPath:rslave",
+		"/hostPath:/containerPath:private",
+		"/hostPath:/containerPath:rprivate",
+		"/hostPath:/containerPath:ro,shared",
+		"/hostPath:/containerPath:ro,slave",
+		"/hostPath:/containerPath:ro,private",
+		"/hostPath:/containerPath:ro,z,shared",
+		"/hostPath:/containerPath:ro,Z,slave",
+		"/hostPath:/containerPath:Z,ro,slave",
+		"/hostPath:/containerPath:slave,Z,ro",
+		"/hostPath:/containerPath:Z,slave,ro",
+		"/hostPath:/containerPath:slave,ro,Z",
+		"/hostPath:/containerPath:rslave,ro,Z",
+		"/hostPath:/containerPath:ro,rshared,Z",
+		"/hostPath:/containerPath:ro,Z,rprivate",
+	}
+
+	invalid := map[string]string{
+		"":                                "invalid volume specification",
+		"./":                              "mount path must be absolute",
+		"../":                             "mount path must be absolute",
+		"/:../":                           "mount path must be absolute",
+		"/:path":                          "mount path must be absolute",
+		":":                               "invalid volume specification",
+		"/tmp:":                           "invalid volume specification",
+		":test":                           "invalid volume specification",
+		":/test":                          "invalid volume specification",
+		"tmp:":                            "invalid volume specification",
+		":test:":                          "invalid volume specification",
+		"::":                              "invalid volume specification",
+		":::":                             "invalid volume specification",
+		"/tmp:::":                         "invalid volume specification",
+		":/tmp::":                         "invalid volume specification",
+		"/path:rw":                        "invalid volume specification",
+		"/path:ro":                        "invalid volume specification",
+		"/rw:rw":                          "invalid volume specification",
+		"path:ro":                         "invalid volume specification",
+		"/path:/path:sw":                  `invalid mode`,
+		"/path:/path:rwz":                 `invalid mode`,
+		"/path:/path:ro,rshared,rslave":   `invalid mode`,
+		"/path:/path:ro,z,rshared,rslave": `invalid mode`,
+		"/path:shared":                    "invalid volume specification",
+		"/path:slave":                     "invalid volume specification",
+		"/path:private":                   "invalid volume specification",
+		"name:/absolute-path:shared":      "invalid volume specification",
+		"name:/absolute-path:rshared":     "invalid volume specification",
+		"name:/absolute-path:slave":       "invalid volume specification",
+		"name:/absolute-path:rslave":      "invalid volume specification",
+		"name:/absolute-path:private":     "invalid volume specification",
+		"name:/absolute-path:rprivate":    "invalid volume specification",
+	}
+
+	parser := NewLinuxParser()
+	if p, ok := parser.(*linuxParser); ok {
+		p.fi = mockFiProvider{}
+	}
+
+	for _, path := range valid {
+		if _, err := parser.ParseMountRaw(path, "local"); err != nil {
+			t.Errorf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
+		}
+	}
+
+	for path, expectedError := range invalid {
+		if mp, err := parser.ParseMountRaw(path, "local"); err == nil {
+			t.Errorf("ParseMountRaw(`%q`) should have failed validation. Err '%v' - MP: %v", path, err, mp)
+		} else {
+			if !strings.Contains(err.Error(), expectedError) {
+				t.Errorf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
+			}
+		}
+	}
+}
+
+func TestLinuxParseMountRawSplit(t *testing.T) {
+	cases := []struct {
+		bind      string
+		driver    string
+		expType   mount.Type
+		expDest   string
+		expSource string
+		expName   string
+		expDriver string
+		expRW     bool
+		fail      bool
+	}{
+		{"/tmp:/tmp1", "", mount.TypeBind, "/tmp1", "/tmp", "", "", true, false},
+		{"/tmp:/tmp2:ro", "", mount.TypeBind, "/tmp2", "/tmp", "", "", false, false},
+		{"/tmp:/tmp3:rw", "", mount.TypeBind, "/tmp3", "/tmp", "", "", true, false},
+		{"/tmp:/tmp4:foo", "", mount.TypeBind, "", "", "", "", false, true},
+		{"name:/named1", "", mount.TypeVolume, "/named1", "", "name", "", true, false},
+		{"name:/named2", "external", mount.TypeVolume, "/named2", "", "name", "external", true, false},
+		{"name:/named3:ro", "local", mount.TypeVolume, "/named3", "", "name", "local", false, false},
+		{"local/name:/tmp:rw", "", mount.TypeVolume, "/tmp", "", "local/name", "", true, false},
+		{"/tmp:tmp", "", mount.TypeBind, "", "", "", "", true, true},
+	}
+
+	parser := NewLinuxParser()
+	if p, ok := parser.(*linuxParser); ok {
+		p.fi = mockFiProvider{}
+	}
+
+	for i, c := range cases {
+		c := c
+		t.Run(fmt.Sprintf("%d_%s", i, c.bind), func(t *testing.T) {
+			m, err := parser.ParseMountRaw(c.bind, c.driver)
+			if c.fail {
+				assert.ErrorContains(t, err, "", "expected an error")
+				return
+			}
+
+			assert.NilError(t, err)
+			assert.Equal(t, m.Destination, c.expDest)
+			assert.Equal(t, m.Source, c.expSource)
+			assert.Equal(t, m.Name, c.expName)
+			assert.Equal(t, m.Driver, c.expDriver)
+			assert.Equal(t, m.RW, c.expRW)
+			assert.Equal(t, m.Type, c.expType)
+		})
+	}
+}
+
+// TestLinuxParseMountSpecBindWithFileinfoError makes sure that the parser returns
+// the error produced by the fileinfo provider.
+//
+// Some extra context for the future in case of changes and possible wtf are we
+// testing this for:
+//
+// Currently this "fileInfoProvider" returns (bool, bool, error)
+// The 1st bool is "does this path exist"
+// The 2nd bool is "is this path a dir"
+// Then of course the error is an error.
+//
+// The issue is the parser was ignoring the error and only looking at the
+// "does this path exist" boolean, which is always false if there is an error.
+// Then the error returned to the caller was a (slightly, maybe) friendlier
+// error string than what comes from `os.Stat`
+// So ...the caller was always getting an error saying the path doesn't exist
+// even if it does exist but got some other error (like a permission error).
+// This is confusing to users.
+func TestLinuxParseMountSpecBindWithFileinfoError(t *testing.T) {
+	parser := NewLinuxParser()
+	testErr := fmt.Errorf("some crazy error")
+	if pr, ok := parser.(*linuxParser); ok {
+		pr.fi = &mockFiProviderWithError{err: testErr}
+	}
+
+	_, err := parser.ParseMountSpec(mount.Mount{
+		Type:   mount.TypeBind,
+		Source: `/bananas`,
+		Target: `/bananas`,
+	})
+	assert.ErrorContains(t, err, testErr.Error())
+}
+
+func TestConvertTmpfsOptions(t *testing.T) {
+	type testCase struct {
+		opt                  mount.TmpfsOptions
+		readOnly             bool
+		expectedSubstrings   []string
+		unexpectedSubstrings []string
+	}
+	cases := []testCase{
+		{
+			opt:                  mount.TmpfsOptions{SizeBytes: 1024 * 1024, Mode: 0700},
+			readOnly:             false,
+			expectedSubstrings:   []string{"size=1m", "mode=700"},
+			unexpectedSubstrings: []string{"ro"},
+		},
+		{
+			opt:                  mount.TmpfsOptions{},
+			readOnly:             true,
+			expectedSubstrings:   []string{"ro"},
+			unexpectedSubstrings: []string{},
+		},
+	}
+	p := NewLinuxParser()
+	for _, c := range cases {
+		data, err := p.ConvertTmpfsOptions(&c.opt, c.readOnly)
+		if err != nil {
+			t.Fatalf("could not convert %+v (readOnly: %v) to string: %v",
+				c.opt, c.readOnly, err)
+		}
+		t.Logf("data=%q", data)
+		for _, s := range c.expectedSubstrings {
+			if !strings.Contains(data, s) {
+				t.Fatalf("expected substring: %s, got %v (case=%+v)", s, data, c)
+			}
+		}
+		for _, s := range c.unexpectedSubstrings {
+			if strings.Contains(data, s) {
+				t.Fatalf("unexpected substring: %s, got %v (case=%+v)", s, data, c)
+			}
+		}
+	}
+}
diff --git a/volume/mounts/mounts.go b/volume/mounts/mounts.go
index 63a1406814698..c441e51ed9018 100644
--- a/volume/mounts/mounts.go
+++ b/volume/mounts/mounts.go
@@ -113,7 +113,7 @@ func (m *MountPoint) Setup(mountLabel string, rootIDs idtools.Identity, checkFun
 			return
 		}
 		err = label.Relabel(sourcePath, mountLabel, label.IsShared(m.Mode))
-		if err == syscall.ENOTSUP {
+		if errors.Is(err, syscall.ENOTSUP) {
 			err = nil
 		}
 		if err != nil {
@@ -125,7 +125,7 @@ func (m *MountPoint) Setup(mountLabel string, rootIDs idtools.Identity, checkFun
 	if m.Volume != nil {
 		id := m.ID
 		if id == "" {
-			id = stringid.GenerateNonCryptoID()
+			id = stringid.GenerateRandomID()
 		}
 		path, err := m.Volume.Mount(id)
 		if err != nil {
diff --git a/volume/mounts/parser.go b/volume/mounts/parser.go
index 73681750ea754..58107f490c387 100644
--- a/volume/mounts/parser.go
+++ b/volume/mounts/parser.go
@@ -7,17 +7,16 @@ import (
 	"github.com/docker/docker/api/types/mount"
 )
 
-const (
-	// OSLinux is the same as runtime.GOOS on linux
-	OSLinux = "linux"
-	// OSWindows is the same as runtime.GOOS on windows
-	OSWindows = "windows"
-)
-
 // ErrVolumeTargetIsRoot is returned when the target destination is root.
 // It's used by both LCOW and Linux parsers.
 var ErrVolumeTargetIsRoot = errors.New("invalid specification: destination can't be '/'")
 
+// read-write modes
+var rwModes = map[string]bool{
+	"rw": true,
+	"ro": true,
+}
+
 // Parser represents a platform specific parser for mount expressions
 type Parser interface {
 	ParseMountRaw(raw, volumeDriver string) (*MountPoint, error)
@@ -34,14 +33,10 @@ type Parser interface {
 	ValidateMountConfig(mt *mount.Mount) error
 }
 
-// NewParser creates a parser for a given container OS, depending on the current host OS (linux on a windows host will resolve to an lcowParser)
-func NewParser(containerOS string) Parser {
-	switch containerOS {
-	case OSWindows:
-		return &windowsParser{}
-	}
-	if runtime.GOOS == OSWindows {
-		return &lcowParser{}
+// NewParser creates a parser for the current host OS
+func NewParser() Parser {
+	if runtime.GOOS == "windows" {
+		return NewWindowsParser()
 	}
-	return &linuxParser{}
+	return NewLinuxParser()
 }
diff --git a/volume/mounts/parser_test.go b/volume/mounts/parser_test.go
index 27257d62bd66a..201dd629ded78 100644
--- a/volume/mounts/parser_test.go
+++ b/volume/mounts/parser_test.go
@@ -1,62 +1,12 @@
 package mounts // import "github.com/docker/docker/volume/mounts"
 
 import (
-	"io/ioutil"
 	"os"
-	"runtime"
-	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types/mount"
 )
 
-type parseMountRawTestSet struct {
-	valid   []string
-	invalid map[string]string
-}
-
-func TestConvertTmpfsOptions(t *testing.T) {
-	type testCase struct {
-		opt                  mount.TmpfsOptions
-		readOnly             bool
-		expectedSubstrings   []string
-		unexpectedSubstrings []string
-	}
-	cases := []testCase{
-		{
-			opt:                  mount.TmpfsOptions{SizeBytes: 1024 * 1024, Mode: 0700},
-			readOnly:             false,
-			expectedSubstrings:   []string{"size=1m", "mode=700"},
-			unexpectedSubstrings: []string{"ro"},
-		},
-		{
-			opt:                  mount.TmpfsOptions{},
-			readOnly:             true,
-			expectedSubstrings:   []string{"ro"},
-			unexpectedSubstrings: []string{},
-		},
-	}
-	p := &linuxParser{}
-	for _, c := range cases {
-		data, err := p.ConvertTmpfsOptions(&c.opt, c.readOnly)
-		if err != nil {
-			t.Fatalf("could not convert %+v (readOnly: %v) to string: %v",
-				c.opt, c.readOnly, err)
-		}
-		t.Logf("data=%q", data)
-		for _, s := range c.expectedSubstrings {
-			if !strings.Contains(data, s) {
-				t.Fatalf("expected substring: %s, got %v (case=%+v)", s, data, c)
-			}
-		}
-		for _, s := range c.unexpectedSubstrings {
-			if strings.Contains(data, s) {
-				t.Fatalf("unexpected substring: %s, got %v (case=%+v)", s, data, c)
-			}
-		}
-	}
-}
-
 type mockFiProvider struct{}
 
 func (mockFiProvider) fileInfo(path string) (exists, isDir bool, err error) {
@@ -81,365 +31,25 @@ func (mockFiProvider) fileInfo(path string) (exists, isDir bool, err error) {
 	return false, false, nil
 }
 
-func TestParseMountRaw(t *testing.T) {
-
-	previousProvider := currentFileInfoProvider
-	defer func() { currentFileInfoProvider = previousProvider }()
-	currentFileInfoProvider = mockFiProvider{}
-	windowsSet := parseMountRawTestSet{
-		valid: []string{
-			`d:\`,
-			`d:`,
-			`d:\path`,
-			`d:\path with space`,
-			`c:\:d:\`,
-			`c:\windows\:d:`,
-			`c:\windows:d:\s p a c e`,
-			`c:\windows:d:\s p a c e:RW`,
-			`c:\program files:d:\s p a c e i n h o s t d i r`,
-			`0123456789name:d:`,
-			`MiXeDcAsEnAmE:d:`,
-			`name:D:`,
-			`name:D::rW`,
-			`name:D::RW`,
-			`name:D::RO`,
-			`c:/:d:/forward/slashes/are/good/too`,
-			`c:/:d:/including with/spaces:ro`,
-			`c:\Windows`,                // With capital
-			`c:\Program Files (x86)`,    // With capitals and brackets
-			`\\?\c:\windows\:d:`,        // Long path handling (source)
-			`c:\windows\:\\?\d:\`,       // Long path handling (target)
-			`\\.\pipe\foo:\\.\pipe\foo`, // named pipe
-			`//./pipe/foo://./pipe/foo`, // named pipe forward slashes
-		},
-		invalid: map[string]string{
-			``:                                 "invalid volume specification: ",
-			`.`:                                "invalid volume specification: ",
-			`..\`:                              "invalid volume specification: ",
-			`c:\:..\`:                          "invalid volume specification: ",
-			`c:\:d:\:xyzzy`:                    "invalid volume specification: ",
-			`c:`:                               "cannot be `c:`",
-			`c:\`:                              "cannot be `c:`",
-			`c:\notexist:d:`:                   `source path does not exist: c:\notexist`,
-			`c:\windows\system32\ntdll.dll:d:`: `source path must be a directory`,
-			`name<:d:`:                         `invalid volume specification`,
-			`name>:d:`:                         `invalid volume specification`,
-			`name::d:`:                         `invalid volume specification`,
-			`name":d:`:                         `invalid volume specification`,
-			`name\:d:`:                         `invalid volume specification`,
-			`name*:d:`:                         `invalid volume specification`,
-			`name|:d:`:                         `invalid volume specification`,
-			`name?:d:`:                         `invalid volume specification`,
-			`name/:d:`:                         `invalid volume specification`,
-			`d:\pathandmode:rw`:                `invalid volume specification`,
-			`d:\pathandmode:ro`:                `invalid volume specification`,
-			`con:d:`:                           `cannot be a reserved word for Windows filenames`,
-			`PRN:d:`:                           `cannot be a reserved word for Windows filenames`,
-			`aUx:d:`:                           `cannot be a reserved word for Windows filenames`,
-			`nul:d:`:                           `cannot be a reserved word for Windows filenames`,
-			`com1:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com2:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com3:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com4:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com5:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com6:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com7:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com8:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com9:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt1:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt2:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt3:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt4:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt5:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt6:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt7:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt8:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt9:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`c:\windows\system32\ntdll.dll`:    `Only directories can be mapped on this platform`,
-			`\\.\pipe\foo:c:\pipe`:             `'c:\pipe' is not a valid pipe path`,
-		},
-	}
-	lcowSet := parseMountRawTestSet{
-		valid: []string{
-			`/foo`,
-			`/foo/`,
-			`/foo bar`,
-			`c:\:/foo`,
-			`c:\windows\:/foo`,
-			`c:\windows:/s p a c e`,
-			`c:\windows:/s p a c e:RW`,
-			`c:\program files:/s p a c e i n h o s t d i r`,
-			`0123456789name:/foo`,
-			`MiXeDcAsEnAmE:/foo`,
-			`name:/foo`,
-			`name:/foo:rW`,
-			`name:/foo:RW`,
-			`name:/foo:RO`,
-			`c:/:/forward/slashes/are/good/too`,
-			`c:/:/including with/spaces:ro`,
-			`/Program Files (x86)`, // With capitals and brackets
-		},
-		invalid: map[string]string{
-			``:                                   "invalid volume specification: ",
-			`.`:                                  "invalid volume specification: ",
-			`c:`:                                 "invalid volume specification: ",
-			`c:\`:                                "invalid volume specification: ",
-			`../`:                                "invalid volume specification: ",
-			`c:\:../`:                            "invalid volume specification: ",
-			`c:\:/foo:xyzzy`:                     "invalid volume specification: ",
-			`/`:                                  "destination can't be '/'",
-			`/..`:                                "destination can't be '/'",
-			`c:\notexist:/foo`:                   `source path does not exist: c:\notexist`,
-			`c:\windows\system32\ntdll.dll:/foo`: `source path must be a directory`,
-			`name<:/foo`:                         `invalid volume specification`,
-			`name>:/foo`:                         `invalid volume specification`,
-			`name::/foo`:                         `invalid volume specification`,
-			`name":/foo`:                         `invalid volume specification`,
-			`name\:/foo`:                         `invalid volume specification`,
-			`name*:/foo`:                         `invalid volume specification`,
-			`name|:/foo`:                         `invalid volume specification`,
-			`name?:/foo`:                         `invalid volume specification`,
-			`name/:/foo`:                         `invalid volume specification`,
-			`/foo:rw`:                            `invalid volume specification`,
-			`/foo:ro`:                            `invalid volume specification`,
-			`con:/foo`:                           `cannot be a reserved word for Windows filenames`,
-			`PRN:/foo`:                           `cannot be a reserved word for Windows filenames`,
-			`aUx:/foo`:                           `cannot be a reserved word for Windows filenames`,
-			`nul:/foo`:                           `cannot be a reserved word for Windows filenames`,
-			`com1:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`com2:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`com3:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`com4:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`com5:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`com6:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`com7:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`com8:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`com9:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt1:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt2:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt3:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt4:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt5:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt6:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt7:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt8:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt9:/foo`:                          `cannot be a reserved word for Windows filenames`,
-			`\\.\pipe\foo:/foo`:                  `Linux containers on Windows do not support named pipe mounts`,
-		},
-	}
-	linuxSet := parseMountRawTestSet{
-		valid: []string{
-			"/home",
-			"/home:/home",
-			"/home:/something/else",
-			"/with space",
-			"/home:/with space",
-			"relative:/absolute-path",
-			"hostPath:/containerPath:ro",
-			"/hostPath:/containerPath:rw",
-			"/rw:/ro",
-			"/hostPath:/containerPath:shared",
-			"/hostPath:/containerPath:rshared",
-			"/hostPath:/containerPath:slave",
-			"/hostPath:/containerPath:rslave",
-			"/hostPath:/containerPath:private",
-			"/hostPath:/containerPath:rprivate",
-			"/hostPath:/containerPath:ro,shared",
-			"/hostPath:/containerPath:ro,slave",
-			"/hostPath:/containerPath:ro,private",
-			"/hostPath:/containerPath:ro,z,shared",
-			"/hostPath:/containerPath:ro,Z,slave",
-			"/hostPath:/containerPath:Z,ro,slave",
-			"/hostPath:/containerPath:slave,Z,ro",
-			"/hostPath:/containerPath:Z,slave,ro",
-			"/hostPath:/containerPath:slave,ro,Z",
-			"/hostPath:/containerPath:rslave,ro,Z",
-			"/hostPath:/containerPath:ro,rshared,Z",
-			"/hostPath:/containerPath:ro,Z,rprivate",
-		},
-		invalid: map[string]string{
-			"":                                "invalid volume specification",
-			"./":                              "mount path must be absolute",
-			"../":                             "mount path must be absolute",
-			"/:../":                           "mount path must be absolute",
-			"/:path":                          "mount path must be absolute",
-			":":                               "invalid volume specification",
-			"/tmp:":                           "invalid volume specification",
-			":test":                           "invalid volume specification",
-			":/test":                          "invalid volume specification",
-			"tmp:":                            "invalid volume specification",
-			":test:":                          "invalid volume specification",
-			"::":                              "invalid volume specification",
-			":::":                             "invalid volume specification",
-			"/tmp:::":                         "invalid volume specification",
-			":/tmp::":                         "invalid volume specification",
-			"/path:rw":                        "invalid volume specification",
-			"/path:ro":                        "invalid volume specification",
-			"/rw:rw":                          "invalid volume specification",
-			"path:ro":                         "invalid volume specification",
-			"/path:/path:sw":                  `invalid mode`,
-			"/path:/path:rwz":                 `invalid mode`,
-			"/path:/path:ro,rshared,rslave":   `invalid mode`,
-			"/path:/path:ro,z,rshared,rslave": `invalid mode`,
-			"/path:shared":                    "invalid volume specification",
-			"/path:slave":                     "invalid volume specification",
-			"/path:private":                   "invalid volume specification",
-			"name:/absolute-path:shared":      "invalid volume specification",
-			"name:/absolute-path:rshared":     "invalid volume specification",
-			"name:/absolute-path:slave":       "invalid volume specification",
-			"name:/absolute-path:rslave":      "invalid volume specification",
-			"name:/absolute-path:private":     "invalid volume specification",
-			"name:/absolute-path:rprivate":    "invalid volume specification",
-		},
-	}
-
-	linParser := &linuxParser{}
-	winParser := &windowsParser{}
-	lcowParser := &lcowParser{}
-	tester := func(parser Parser, set parseMountRawTestSet) {
-
-		for _, path := range set.valid {
-
-			if _, err := parser.ParseMountRaw(path, "local"); err != nil {
-				t.Errorf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
-			}
-		}
-
-		for path, expectedError := range set.invalid {
-			if mp, err := parser.ParseMountRaw(path, "local"); err == nil {
-				t.Errorf("ParseMountRaw(`%q`) should have failed validation. Err '%v' - MP: %v", path, err, mp)
-			} else {
-				if !strings.Contains(err.Error(), expectedError) {
-					t.Errorf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
-				}
-			}
-		}
-	}
-	tester(linParser, linuxSet)
-	tester(winParser, windowsSet)
-	tester(lcowParser, lcowSet)
-
-}
-
-// testParseMountRaw is a structure used by TestParseMountRawSplit for
-// specifying test cases for the ParseMountRaw() function.
-type testParseMountRaw struct {
-	bind      string
-	driver    string
-	expType   mount.Type
-	expDest   string
-	expSource string
-	expName   string
-	expDriver string
-	expRW     bool
-	fail      bool
-}
-
-func TestParseMountRawSplit(t *testing.T) {
-	previousProvider := currentFileInfoProvider
-	defer func() { currentFileInfoProvider = previousProvider }()
-	currentFileInfoProvider = mockFiProvider{}
-	windowsCases := []testParseMountRaw{
-		{`c:\:d:`, "local", mount.TypeBind, `d:`, `c:\`, ``, "", true, false},
-		{`c:\:d:\`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", true, false},
-		{`c:\:d:\:ro`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", false, false},
-		{`c:\:d:\:rw`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", true, false},
-		{`c:\:d:\:foo`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", false, true},
-		{`name:d::rw`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", true, false},
-		{`name:d:`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", true, false},
-		{`name:d::ro`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", false, false},
-		{`name:c:`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
-		{`driver/name:c:`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
-		{`\\.\pipe\foo:\\.\pipe\bar`, "local", mount.TypeNamedPipe, `\\.\pipe\bar`, `\\.\pipe\foo`, "", "", true, false},
-		{`\\.\pipe\foo:c:\foo\bar`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
-		{`c:\foo\bar:\\.\pipe\foo`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
-	}
-	lcowCases := []testParseMountRaw{
-		{`c:\:/foo`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", true, false},
-		{`c:\:/foo:ro`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", false, false},
-		{`c:\:/foo:rw`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", true, false},
-		{`c:\:/foo:foo`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", false, true},
-		{`name:/foo:rw`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", true, false},
-		{`name:/foo`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", true, false},
-		{`name:/foo:ro`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", false, false},
-		{`name:/`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
-		{`driver/name:/`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
-		{`\\.\pipe\foo:\\.\pipe\bar`, "local", mount.TypeNamedPipe, `\\.\pipe\bar`, `\\.\pipe\foo`, "", "", true, true},
-		{`\\.\pipe\foo:/data`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
-		{`c:\foo\bar:\\.\pipe\foo`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
-	}
-	linuxCases := []testParseMountRaw{
-		{"/tmp:/tmp1", "", mount.TypeBind, "/tmp1", "/tmp", "", "", true, false},
-		{"/tmp:/tmp2:ro", "", mount.TypeBind, "/tmp2", "/tmp", "", "", false, false},
-		{"/tmp:/tmp3:rw", "", mount.TypeBind, "/tmp3", "/tmp", "", "", true, false},
-		{"/tmp:/tmp4:foo", "", mount.TypeBind, "", "", "", "", false, true},
-		{"name:/named1", "", mount.TypeVolume, "/named1", "", "name", "", true, false},
-		{"name:/named2", "external", mount.TypeVolume, "/named2", "", "name", "external", true, false},
-		{"name:/named3:ro", "local", mount.TypeVolume, "/named3", "", "name", "local", false, false},
-		{"local/name:/tmp:rw", "", mount.TypeVolume, "/tmp", "", "local/name", "", true, false},
-		{"/tmp:tmp", "", mount.TypeBind, "", "", "", "", true, true},
-	}
-	linParser := &linuxParser{}
-	winParser := &windowsParser{}
-	lcowParser := &lcowParser{}
-	tester := func(parser Parser, cases []testParseMountRaw) {
-		for i, c := range cases {
-			t.Logf("case %d", i)
-			m, err := parser.ParseMountRaw(c.bind, c.driver)
-			if c.fail {
-				if err == nil {
-					t.Errorf("Expected error, was nil, for spec %s\n", c.bind)
-				}
-				continue
-			}
-
-			if m == nil || err != nil {
-				t.Errorf("ParseMountRaw failed for spec '%s', driver '%s', error '%v'", c.bind, c.driver, err.Error())
-				continue
-			}
-
-			if m.Destination != c.expDest {
-				t.Errorf("Expected destination '%s, was %s', for spec '%s'", c.expDest, m.Destination, c.bind)
-			}
-
-			if m.Source != c.expSource {
-				t.Errorf("Expected source '%s', was '%s', for spec '%s'", c.expSource, m.Source, c.bind)
-			}
+// always returns the configured error
+// this is used to test error handling
+type mockFiProviderWithError struct{ err error }
 
-			if m.Name != c.expName {
-				t.Errorf("Expected name '%s', was '%s' for spec '%s'", c.expName, m.Name, c.bind)
-			}
-
-			if m.Driver != c.expDriver {
-				t.Errorf("Expected driver '%s', was '%s', for spec '%s'", c.expDriver, m.Driver, c.bind)
-			}
-
-			if m.RW != c.expRW {
-				t.Errorf("Expected RW '%v', was '%v' for spec '%s'", c.expRW, m.RW, c.bind)
-			}
-			if m.Type != c.expType {
-				t.Fatalf("Expected type '%s', was '%s', for spec '%s'", c.expType, m.Type, c.bind)
-			}
-		}
-	}
-
-	tester(linParser, linuxCases)
-	tester(winParser, windowsCases)
-	tester(lcowParser, lcowCases)
+func (m mockFiProviderWithError) fileInfo(path string) (bool, bool, error) {
+	return false, false, m.err
 }
 
 func TestParseMountSpec(t *testing.T) {
-	type c struct {
-		input    mount.Mount
-		expected MountPoint
-	}
-	testDir, err := ioutil.TempDir("", "test-mount-config")
+	testDir, err := os.MkdirTemp("", "test-mount-config")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(testDir)
-	parser := NewParser(runtime.GOOS)
-	cases := []c{
+	parser := NewParser()
+	cases := []struct {
+		input    mount.Mount
+		expected MountPoint
+	}{
 		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath, ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, Propagation: parser.DefaultPropagationMode()}},
 		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, RW: true, Propagation: parser.DefaultPropagationMode()}},
 		{mount.Mount{Type: mount.TypeBind, Source: testDir + string(os.PathSeparator), Target: testDestinationPath, ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, Propagation: parser.DefaultPropagationMode()}},
@@ -477,4 +87,5 @@ func TestParseMountSpec(t *testing.T) {
 			t.Errorf("Expected mount copy data to match. Expected: '%v', Actual: '%v'", c.expected.CopyData, mp.CopyData)
 		}
 	}
+
 }
diff --git a/volume/mounts/validate_test.go b/volume/mounts/validate_test.go
index 4f838560435ae..9a7f9ae1c55f1 100644
--- a/volume/mounts/validate_test.go
+++ b/volume/mounts/validate_test.go
@@ -2,7 +2,6 @@ package mounts // import "github.com/docker/docker/volume/mounts"
 
 import (
 	"errors"
-	"io/ioutil"
 	"os"
 	"runtime"
 	"strings"
@@ -12,7 +11,7 @@ import (
 )
 
 func TestValidateMount(t *testing.T) {
-	testDir, err := ioutil.TempDir("", "test-validate-mount")
+	testDir, err := os.MkdirTemp("", "test-validate-mount")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -48,7 +47,7 @@ func TestValidateMount(t *testing.T) {
 		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: "/foo"}, nil},
 		{mount.Mount{Type: "invalid", Target: "/foo"}, errors.New("mount type unknown")},
 	}
-	parser := NewParser(runtime.GOOS)
+	parser := NewParser()
 	for i, x := range cases {
 		err := parser.ValidateMountConfig(&x.input)
 		if err == nil && x.expected == nil {
@@ -59,7 +58,7 @@ func TestValidateMount(t *testing.T) {
 		}
 	}
 	if runtime.GOOS == "windows" {
-		parser = &lcowParser{}
+		parser = NewLCOWParser()
 		for i, x := range lcowCases {
 			err := parser.ValidateMountConfig(&x.input)
 			if err == nil && x.expected == nil {
diff --git a/volume/mounts/validate_unix_test.go b/volume/mounts/validate_unix_test.go
index a31937145135d..4c46b95cd30ac 100644
--- a/volume/mounts/validate_unix_test.go
+++ b/volume/mounts/validate_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package mounts // import "github.com/docker/docker/volume/mounts"
diff --git a/volume/mounts/volume_unix.go b/volume/mounts/volume_unix.go
index c6d51e07101d2..92eadce51891e 100644
--- a/volume/mounts/volume_unix.go
+++ b/volume/mounts/volume_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd || darwin
 // +build linux freebsd darwin
 
 package mounts // import "github.com/docker/docker/volume/mounts"
@@ -12,7 +13,3 @@ func (p *linuxParser) HasResource(m *MountPoint, absolutePath string) bool {
 	relPath, err := filepath.Rel(m.Destination, absolutePath)
 	return err == nil && relPath != ".." && !strings.HasPrefix(relPath, fmt.Sprintf("..%c", filepath.Separator))
 }
-
-func (p *windowsParser) HasResource(m *MountPoint, absolutePath string) bool {
-	return false
-}
diff --git a/volume/mounts/volume_windows.go b/volume/mounts/volume_windows.go
index 773e7db88ae23..d91f6cee3a747 100644
--- a/volume/mounts/volume_windows.go
+++ b/volume/mounts/volume_windows.go
@@ -1,8 +1,5 @@
 package mounts // import "github.com/docker/docker/volume/mounts"
 
-func (p *windowsParser) HasResource(m *MountPoint, absolutePath string) bool {
-	return false
-}
 func (p *linuxParser) HasResource(m *MountPoint, absolutePath string) bool {
 	return false
 }
diff --git a/volume/mounts/windows_parser.go b/volume/mounts/windows_parser.go
index ac610440436af..99db17dc88365 100644
--- a/volume/mounts/windows_parser.go
+++ b/volume/mounts/windows_parser.go
@@ -12,7 +12,15 @@ import (
 	"github.com/docker/docker/pkg/stringid"
 )
 
+// NewWindowsParser creates a parser with Windows semantics.
+func NewWindowsParser() Parser {
+	return &windowsParser{
+		fi: defaultFileInfoProvider{},
+	}
+}
+
 type windowsParser struct {
+	fi fileInfoProvider
 }
 
 const (
@@ -39,7 +47,7 @@ const (
 	rxName = `[^\\/:*?"<>|\r\n]+`
 
 	// RXReservedNames are reserved names not possible on Windows
-	rxReservedNames = `(con)|(prn)|(nul)|(aux)|(com[1-9])|(lpt[1-9])`
+	rxReservedNames = `(con|prn|nul|aux|com[1-9]|lpt[1-9])`
 
 	// rxPipe is a named path pipe (starts with `\\.\pipe\`, possibly with / instead of \)
 	rxPipe = `[/\\]{2}.[/\\]pipe[/\\][^:*?"<>|\r\n]+`
@@ -63,12 +71,6 @@ const (
 	// rxDestination is the regex expression for the mount destination
 	rxDestination = `(?P<destination>((?:\\\\\?\\)?([a-z]):((?:[\\/][^\\/:*?"<>\r\n]+)*[\\/]?))|(` + rxPipe + `))`
 
-	rxLCOWDestination = `(?P<destination>/(?:[^\\/:*?"<>\r\n]+[/]?)*)`
-	// Destination (aka container path):
-	//    -  Variation on hostdir but can be a drive followed by colon as well
-	//    -  If a path, must be absolute. Can include spaces
-	//    -  Drive cannot be c: (explicitly checked in code, not RegEx)
-
 	// rxMode is the regex expression for the mode of the mount
 	// Mode (optional):
 	//    -  Hopefully self explanatory in comparison to above regex's.
@@ -76,13 +78,18 @@ const (
 	rxMode = `(:(?P<mode>(?i)ro|rw))?`
 )
 
-type mountValidator func(mnt *mount.Mount) error
+var (
+	volumeNameRegexp          = regexp.MustCompile(`^` + rxName + `$`)
+	reservedNameRegexp        = regexp.MustCompile(`^` + rxReservedNames + `$`)
+	hostDirRegexp             = regexp.MustCompile(`^` + rxHostDir + `$`)
+	mountDestinationRegexp    = regexp.MustCompile(`^` + rxDestination + `$`)
+	windowsSplitRawSpecRegexp = regexp.MustCompile(`^` + rxSource + rxDestination + rxMode + `$`)
+)
 
-func windowsSplitRawSpec(raw, destRegex string) ([]string, error) {
-	specExp := regexp.MustCompile(`^` + rxSource + destRegex + rxMode + `$`)
-	match := specExp.FindStringSubmatch(strings.ToLower(raw))
+type mountValidator func(mnt *mount.Mount) error
 
-	// Must have something back
+func (p *windowsParser) splitRawSpec(raw string, splitRegexp *regexp.Regexp) ([]string, error) {
+	match := splitRegexp.FindStringSubmatch(strings.ToLower(raw))
 	if len(match) == 0 {
 		return nil, errInvalidSpec(raw)
 	}
@@ -90,7 +97,7 @@ func windowsSplitRawSpec(raw, destRegex string) ([]string, error) {
 	var split []string
 	matchgroups := make(map[string]string)
 	// Pull out the sub expressions from the named capture groups
-	for i, name := range specExp.SubexpNames() {
+	for i, name := range splitRegexp.SubexpNames() {
 		matchgroups[name] = strings.ToLower(match[i])
 	}
 	if source, exists := matchgroups["source"]; exists {
@@ -113,16 +120,12 @@ func windowsSplitRawSpec(raw, destRegex string) ([]string, error) {
 	// situation where the user intention was to map a file into a container through
 	// a local volume, but this is not supported by the platform.
 	if matchgroups["source"] == "" && matchgroups["destination"] != "" {
-		volExp := regexp.MustCompile(`^` + rxName + `$`)
-		reservedNameExp := regexp.MustCompile(`^` + rxReservedNames + `$`)
-
-		if volExp.MatchString(matchgroups["destination"]) {
-			if reservedNameExp.MatchString(matchgroups["destination"]) {
+		if volumeNameRegexp.MatchString(matchgroups["destination"]) {
+			if reservedNameRegexp.MatchString(matchgroups["destination"]) {
 				return nil, fmt.Errorf("volume name %q cannot be a reserved word for Windows filenames", matchgroups["destination"])
 			}
 		} else {
-
-			exists, isDir, _ := currentFileInfoProvider.fileInfo(matchgroups["destination"])
+			exists, isDir, _ := p.fi.fileInfo(matchgroups["destination"])
 			if exists && !isDir {
 				return nil, fmt.Errorf("file '%s' cannot be mapped. Only directories can be mapped on this platform", matchgroups["destination"])
 
@@ -136,8 +139,10 @@ func windowsValidMountMode(mode string) bool {
 	if mode == "" {
 		return true
 	}
+	// TODO should windows mounts produce an error if any mode was provided (they're a no-op on windows)
 	return rwModes[strings.ToLower(mode)]
 }
+
 func windowsValidateNotRoot(p string) error {
 	p = strings.ToLower(strings.Replace(p, `/`, `\`, -1))
 	if p == "c:" || p == `c:\` {
@@ -146,18 +151,18 @@ func windowsValidateNotRoot(p string) error {
 	return nil
 }
 
-var windowsSpecificValidators mountValidator = func(mnt *mount.Mount) error {
-	return windowsValidateNotRoot(mnt.Target)
-}
-
-func windowsValidateRegex(p, r string) error {
-	if regexp.MustCompile(`^` + r + `$`).MatchString(strings.ToLower(p)) {
-		return nil
+var windowsValidators mountValidator = func(m *mount.Mount) error {
+	if err := windowsValidateNotRoot(m.Target); err != nil {
+		return err
 	}
-	return fmt.Errorf("invalid mount path: '%s'", p)
+	if !mountDestinationRegexp.MatchString(strings.ToLower(m.Target)) {
+		return fmt.Errorf("invalid mount path: '%s'", m.Target)
+	}
+	return nil
 }
+
 func windowsValidateAbsolute(p string) error {
-	if err := windowsValidateRegex(p, rxDestination); err != nil {
+	if !mountDestinationRegexp.MatchString(strings.ToLower(p)) {
 		return fmt.Errorf("invalid mount path: '%s' mount path must be absolute", p)
 	}
 	return nil
@@ -166,7 +171,7 @@ func windowsValidateAbsolute(p string) error {
 func windowsDetectMountType(p string) mount.Type {
 	if strings.HasPrefix(p, `\\.\pipe\`) {
 		return mount.TypeNamedPipe
-	} else if regexp.MustCompile(`^` + rxHostDir + `$`).MatchString(p) {
+	} else if hostDirRegexp.MatchString(p) {
 		return mount.TypeBind
 	} else {
 		return mount.TypeVolume
@@ -177,20 +182,18 @@ func (p *windowsParser) ReadWrite(mode string) bool {
 	return strings.ToLower(mode) != "ro"
 }
 
-// IsVolumeNameValid checks a volume name in a platform specific manner.
+// ValidateVolumeName checks a volume name in a platform specific manner.
 func (p *windowsParser) ValidateVolumeName(name string) error {
-	nameExp := regexp.MustCompile(`^` + rxName + `$`)
-	if !nameExp.MatchString(name) {
+	if !volumeNameRegexp.MatchString(name) {
 		return errors.New("invalid volume name")
 	}
-	nameExp = regexp.MustCompile(`^` + rxReservedNames + `$`)
-	if nameExp.MatchString(name) {
+	if reservedNameRegexp.MatchString(name) {
 		return fmt.Errorf("volume name %q cannot be a reserved word for Windows filenames", name)
 	}
 	return nil
 }
 func (p *windowsParser) ValidateMountConfig(mnt *mount.Mount) error {
-	return p.validateMountConfigReg(mnt, rxDestination, windowsSpecificValidators)
+	return p.validateMountConfigReg(mnt, windowsValidators)
 }
 
 type fileInfoProvider interface {
@@ -211,22 +214,15 @@ func (defaultFileInfoProvider) fileInfo(path string) (exist, isDir bool, err err
 	return true, fi.IsDir(), nil
 }
 
-var currentFileInfoProvider fileInfoProvider = defaultFileInfoProvider{}
-
-func (p *windowsParser) validateMountConfigReg(mnt *mount.Mount, destRegex string, additionalValidators ...mountValidator) error {
-
+func (p *windowsParser) validateMountConfigReg(mnt *mount.Mount, additionalValidators ...mountValidator) error {
+	if len(mnt.Target) == 0 {
+		return &errMountConfig{mnt, errMissingField("Target")}
+	}
 	for _, v := range additionalValidators {
 		if err := v(mnt); err != nil {
 			return &errMountConfig{mnt, err}
 		}
 	}
-	if len(mnt.Target) == 0 {
-		return &errMountConfig{mnt, errMissingField("Target")}
-	}
-
-	if err := windowsValidateRegex(mnt.Target, destRegex); err != nil {
-		return &errMountConfig{mnt, err}
-	}
 
 	switch mnt.Type {
 	case mount.TypeBind:
@@ -247,7 +243,7 @@ func (p *windowsParser) validateMountConfigReg(mnt *mount.Mount, destRegex strin
 			return &errMountConfig{mnt, err}
 		}
 
-		exists, isdir, err := currentFileInfoProvider.fileInfo(mnt.Source)
+		exists, isdir, err := p.fi.fileInfo(mnt.Source)
 		if err != nil {
 			return &errMountConfig{mnt, err}
 		}
@@ -297,16 +293,16 @@ func (p *windowsParser) validateMountConfigReg(mnt *mount.Mount, destRegex strin
 	}
 	return nil
 }
-func (p *windowsParser) ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
-	return p.parseMountRaw(raw, volumeDriver, rxDestination, true, windowsSpecificValidators)
-}
 
-func (p *windowsParser) parseMountRaw(raw, volumeDriver, destRegex string, convertTargetToBackslash bool, additionalValidators ...mountValidator) (*MountPoint, error) {
-	arr, err := windowsSplitRawSpec(raw, destRegex)
+func (p *windowsParser) ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
+	arr, err := p.splitRawSpec(raw, windowsSplitRawSpecRegexp)
 	if err != nil {
 		return nil, err
 	}
+	return p.parseMount(arr, raw, volumeDriver, true, windowsValidators)
+}
 
+func (p *windowsParser) parseMount(arr []string, raw, volumeDriver string, convertTargetToBackslash bool, additionalValidators ...mountValidator) (*MountPoint, error) {
 	var spec mount.Mount
 	var mode string
 	switch len(arr) {
@@ -355,7 +351,7 @@ func (p *windowsParser) parseMountRaw(raw, volumeDriver, destRegex string, conve
 		spec.VolumeOptions.NoCopy = !copyData
 	}
 
-	mp, err := p.parseMountSpec(spec, destRegex, convertTargetToBackslash, additionalValidators...)
+	mp, err := p.parseMountSpec(spec, convertTargetToBackslash, additionalValidators...)
 	if mp != nil {
 		mp.Mode = mode
 	}
@@ -366,10 +362,11 @@ func (p *windowsParser) parseMountRaw(raw, volumeDriver, destRegex string, conve
 }
 
 func (p *windowsParser) ParseMountSpec(cfg mount.Mount) (*MountPoint, error) {
-	return p.parseMountSpec(cfg, rxDestination, true, windowsSpecificValidators)
+	return p.parseMountSpec(cfg, true, windowsValidators)
 }
-func (p *windowsParser) parseMountSpec(cfg mount.Mount, destRegex string, convertTargetToBackslash bool, additionalValidators ...mountValidator) (*MountPoint, error) {
-	if err := p.validateMountConfigReg(&cfg, destRegex, additionalValidators...); err != nil {
+
+func (p *windowsParser) parseMountSpec(cfg mount.Mount, convertTargetToBackslash bool, additionalValidators ...mountValidator) (*MountPoint, error) {
+	if err := p.validateMountConfigReg(&cfg, additionalValidators...); err != nil {
 		return nil, err
 	}
 	mp := &MountPoint{
@@ -385,7 +382,7 @@ func (p *windowsParser) parseMountSpec(cfg mount.Mount, destRegex string, conver
 	switch cfg.Type {
 	case mount.TypeVolume:
 		if cfg.Source == "" {
-			mp.Name = stringid.GenerateNonCryptoID()
+			mp.Name = stringid.GenerateRandomID()
 		} else {
 			mp.Name = cfg.Source
 		}
@@ -438,19 +435,25 @@ func (p *windowsParser) ParseVolumesFrom(spec string) (string, string, error) {
 }
 
 func (p *windowsParser) DefaultPropagationMode() mount.Propagation {
-	return mount.Propagation("")
+	return ""
 }
 
 func (p *windowsParser) ConvertTmpfsOptions(opt *mount.TmpfsOptions, readOnly bool) (string, error) {
 	return "", fmt.Errorf("%s does not support tmpfs", runtime.GOOS)
 }
+
 func (p *windowsParser) DefaultCopyMode() bool {
 	return false
 }
+
 func (p *windowsParser) IsBackwardCompatible(m *MountPoint) bool {
 	return false
 }
 
 func (p *windowsParser) ValidateTmpfsMountDestination(dest string) error {
-	return errors.New("Platform does not support tmpfs")
+	return errors.New("platform does not support tmpfs")
+}
+
+func (p *windowsParser) HasResource(m *MountPoint, absolutePath string) bool {
+	return false
 }
diff --git a/volume/mounts/windows_parser_test.go b/volume/mounts/windows_parser_test.go
new file mode 100644
index 0000000000000..cd63be11b26de
--- /dev/null
+++ b/volume/mounts/windows_parser_test.go
@@ -0,0 +1,192 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+	"gotest.tools/v3/assert"
+)
+
+func TestWindowsParseMountRaw(t *testing.T) {
+	valid := []string{
+		`d:\`,
+		`d:`,
+		`d:\path`,
+		`d:\path with space`,
+		`c:\:d:\`,
+		`c:\windows\:d:`,
+		`c:\windows:d:\s p a c e`,
+		`c:\windows:d:\s p a c e:RW`,
+		`c:\program files:d:\s p a c e i n h o s t d i r`,
+		`0123456789name:d:`,
+		`MiXeDcAsEnAmE:d:`,
+		`test-aux-volume:d:`, // includes reserved word, but is not one itself
+		`name:D:`,
+		`name:D::rW`,
+		`name:D::RW`,
+		`name:D::RO`,
+		`c:/:d:/forward/slashes/are/good/too`,
+		`c:/:d:/including with/spaces:ro`,
+		`c:\Windows`,                // With capital
+		`c:\Program Files (x86)`,    // With capitals and brackets
+		`\\?\c:\windows\:d:`,        // Long path handling (source)
+		`c:\windows\:\\?\d:\`,       // Long path handling (target)
+		`\\.\pipe\foo:\\.\pipe\foo`, // named pipe
+		`//./pipe/foo://./pipe/foo`, // named pipe forward slashes
+	}
+
+	invalid := map[string]string{
+		``:                                 "invalid volume specification: ",
+		`.`:                                "invalid volume specification: ",
+		`..\`:                              "invalid volume specification: ",
+		`c:\:..\`:                          "invalid volume specification: ",
+		`c:\:d:\:xyzzy`:                    "invalid volume specification: ",
+		`c:`:                               "cannot be `c:`",
+		`c:\`:                              "cannot be `c:`",
+		`c:\notexist:d:`:                   `source path does not exist: c:\notexist`,
+		`c:\windows\system32\ntdll.dll:d:`: `source path must be a directory`,
+		`name<:d:`:                         `invalid volume specification`,
+		`name>:d:`:                         `invalid volume specification`,
+		`name::d:`:                         `invalid volume specification`,
+		`name":d:`:                         `invalid volume specification`,
+		`name\:d:`:                         `invalid volume specification`,
+		`name*:d:`:                         `invalid volume specification`,
+		`name|:d:`:                         `invalid volume specification`,
+		`name?:d:`:                         `invalid volume specification`,
+		`name/:d:`:                         `invalid volume specification`,
+		`d:\pathandmode:rw`:                `invalid volume specification`,
+		`d:\pathandmode:ro`:                `invalid volume specification`,
+		`con:d:`:                           `cannot be a reserved word for Windows filenames`,
+		`PRN:d:`:                           `cannot be a reserved word for Windows filenames`,
+		`aUx:d:`:                           `cannot be a reserved word for Windows filenames`,
+		`nul:d:`:                           `cannot be a reserved word for Windows filenames`,
+		`com1:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`com2:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`com3:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`com4:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`com5:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`com6:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`com7:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`com8:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`com9:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt1:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt2:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt3:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt4:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt5:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt6:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt7:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt8:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`lpt9:d:`:                          `cannot be a reserved word for Windows filenames`,
+		`c:\windows\system32\ntdll.dll`:    `Only directories can be mapped on this platform`,
+		`\\.\pipe\foo:c:\pipe`:             `'c:\pipe' is not a valid pipe path`,
+	}
+
+	parser := NewWindowsParser()
+	if p, ok := parser.(*windowsParser); ok {
+		p.fi = mockFiProvider{}
+	}
+
+	for _, path := range valid {
+		if _, err := parser.ParseMountRaw(path, "local"); err != nil {
+			t.Errorf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
+		}
+	}
+
+	for path, expectedError := range invalid {
+		if mp, err := parser.ParseMountRaw(path, "local"); err == nil {
+			t.Errorf("ParseMountRaw(`%q`) should have failed validation. Err '%v' - MP: %v", path, err, mp)
+		} else {
+			if !strings.Contains(err.Error(), expectedError) {
+				t.Errorf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
+			}
+		}
+	}
+}
+
+func TestWindowsParseMountRawSplit(t *testing.T) {
+	cases := []struct {
+		bind      string
+		driver    string
+		expType   mount.Type
+		expDest   string
+		expSource string
+		expName   string
+		expDriver string
+		expRW     bool
+		fail      bool
+	}{
+		{`c:\:d:`, "local", mount.TypeBind, `d:`, `c:\`, ``, "", true, false},
+		{`c:\:d:\`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", true, false},
+		{`c:\:d:\:ro`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", false, false},
+		{`c:\:d:\:rw`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", true, false},
+		{`c:\:d:\:foo`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", false, true},
+		{`name:d::rw`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", true, false},
+		{`name:d:`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", true, false},
+		{`name:d::ro`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", false, false},
+		{`name:c:`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
+		{`driver/name:c:`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
+		{`\\.\pipe\foo:\\.\pipe\bar`, "local", mount.TypeNamedPipe, `\\.\pipe\bar`, `\\.\pipe\foo`, "", "", true, false},
+		{`\\.\pipe\foo:c:\foo\bar`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
+		{`c:\foo\bar:\\.\pipe\foo`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
+	}
+
+	parser := NewWindowsParser()
+	if p, ok := parser.(*windowsParser); ok {
+		p.fi = mockFiProvider{}
+	}
+
+	for i, c := range cases {
+		c := c
+		t.Run(fmt.Sprintf("%d_%s", i, c.bind), func(t *testing.T) {
+			m, err := parser.ParseMountRaw(c.bind, c.driver)
+			if c.fail {
+				assert.ErrorContains(t, err, "", "expected an error")
+				return
+			}
+
+			assert.NilError(t, err)
+			assert.Equal(t, m.Destination, c.expDest)
+			assert.Equal(t, m.Source, c.expSource)
+			assert.Equal(t, m.Name, c.expName)
+			assert.Equal(t, m.Driver, c.expDriver)
+			assert.Equal(t, m.RW, c.expRW)
+			assert.Equal(t, m.Type, c.expType)
+		})
+	}
+}
+
+// TestWindowsParseMountSpecBindWithFileinfoError makes sure that the parser returns
+// the error produced by the fileinfo provider.
+//
+// Some extra context for the future in case of changes and possible wtf are we
+// testing this for:
+//
+// Currently this "fileInfoProvider" returns (bool, bool, error)
+// The 1st bool is "does this path exist"
+// The 2nd bool is "is this path a dir"
+// Then of course the error is an error.
+//
+// The issue is the parser was ignoring the error and only looking at the
+// "does this path exist" boolean, which is always false if there is an error.
+// Then the error returned to the caller was a (slightly, maybe) friendlier
+// error string than what comes from `os.Stat`
+// So ...the caller was always getting an error saying the path doesn't exist
+// even if it does exist but got some other error (like a permission error).
+// This is confusing to users.
+func TestWindowsParseMountSpecBindWithFileinfoError(t *testing.T) {
+	parser := NewWindowsParser()
+	testErr := fmt.Errorf("some crazy error")
+	if pr, ok := parser.(*windowsParser); ok {
+		pr.fi = &mockFiProviderWithError{err: testErr}
+	}
+
+	_, err := parser.ParseMountSpec(mount.Mount{
+		Type:   mount.TypeBind,
+		Source: `c:\bananas`,
+		Target: `c:\bananas`,
+	})
+	assert.ErrorContains(t, err, testErr.Error())
+}
diff --git a/volume/service/db_test.go b/volume/service/db_test.go
index 8b6295adfd5c5..002aba5668a17 100644
--- a/volume/service/db_test.go
+++ b/volume/service/db_test.go
@@ -1,21 +1,20 @@
 package service // import "github.com/docker/docker/volume/service"
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
 
 	bolt "go.etcd.io/bbolt"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestSetGetMeta(t *testing.T) {
 	t.Parallel()
 
-	dir, err := ioutil.TempDir("", "test-set-get")
+	dir, err := os.MkdirTemp("", "test-set-get")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
 
diff --git a/volume/service/default_driver.go b/volume/service/default_driver.go
index b5986ab7176c1..7a4c7e7026908 100644
--- a/volume/service/default_driver.go
+++ b/volume/service/default_driver.go
@@ -1,3 +1,4 @@
+//go:build linux || windows
 // +build linux windows
 
 package service // import "github.com/docker/docker/volume/service"
diff --git a/volume/service/default_driver_stubs.go b/volume/service/default_driver_stubs.go
index 0539b1369b692..b60cf768bb99f 100644
--- a/volume/service/default_driver_stubs.go
+++ b/volume/service/default_driver_stubs.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package service // import "github.com/docker/docker/volume/service"
diff --git a/volume/service/restore_test.go b/volume/service/restore_test.go
index 95420d9586a55..e943e55f620dd 100644
--- a/volume/service/restore_test.go
+++ b/volume/service/restore_test.go
@@ -2,7 +2,6 @@ package service // import "github.com/docker/docker/volume/service"
 
 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"testing"
 
@@ -10,13 +9,13 @@ import (
 	volumedrivers "github.com/docker/docker/volume/drivers"
 	"github.com/docker/docker/volume/service/opts"
 	volumetestutils "github.com/docker/docker/volume/testutils"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )
 
 func TestRestore(t *testing.T) {
 	t.Parallel()
 
-	dir, err := ioutil.TempDir("", "test-restore")
+	dir, err := os.MkdirTemp("", "test-restore")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
 
diff --git a/volume/service/service.go b/volume/service/service.go
index ebb5e205e90ca..43d963c177931 100644
--- a/volume/service/service.go
+++ b/volume/service/service.go
@@ -2,6 +2,7 @@ package service // import "github.com/docker/docker/volume/service"
 
 import (
 	"context"
+	"strconv"
 	"sync/atomic"
 
 	"github.com/docker/docker/api/types"
@@ -16,32 +17,37 @@ import (
 	"github.com/docker/docker/volume/service/opts"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/singleflight"
 )
 
 type ds interface {
 	GetDriverList() []string
 }
 
-type volumeEventLogger interface {
+// VolumeEventLogger interface provides methods to log volume-related events
+type VolumeEventLogger interface {
+	// LogVolumeEvent generates an event related to a volume.
 	LogVolumeEvent(volumeID, action string, attributes map[string]string)
 }
 
 // VolumesService manages access to volumes
+// This is used as the main access point for volumes to higher level services and the API.
 type VolumesService struct {
 	vs           *VolumeStore
 	ds           ds
 	pruneRunning int32
-	eventLogger  volumeEventLogger
+	eventLogger  VolumeEventLogger
+	usage        singleflight.Group
 }
 
 // NewVolumeService creates a new volume service
-func NewVolumeService(root string, pg plugingetter.PluginGetter, rootIDs idtools.Identity, logger volumeEventLogger) (*VolumesService, error) {
+func NewVolumeService(root string, pg plugingetter.PluginGetter, rootIDs idtools.Identity, logger VolumeEventLogger) (*VolumesService, error) {
 	ds := drivers.NewStore(pg)
 	if err := setupDefaultDriver(ds, root, rootIDs); err != nil {
 		return nil, err
 	}
 
-	vs, err := NewStore(root, ds)
+	vs, err := NewStore(root, ds, WithEventLogger(logger))
 	if err != nil {
 		return nil, err
 	}
@@ -54,21 +60,26 @@ func (s *VolumesService) GetDriverList() []string {
 }
 
 // Create creates a volume
+// If the caller is creating this volume to be consumed immediately, it is
+// expected that the caller specifies a reference ID.
+// This reference ID will protect this volume from removal.
+//
+// A good example for a reference ID is a container's ID.
+// When whatever is going to reference this volume is removed the caller should defeference the volume by calling `Release`.
 func (s *VolumesService) Create(ctx context.Context, name, driverName string, opts ...opts.CreateOption) (*types.Volume, error) {
 	if name == "" {
-		name = stringid.GenerateNonCryptoID()
+		name = stringid.GenerateRandomID()
 	}
 	v, err := s.vs.Create(ctx, name, driverName, opts...)
 	if err != nil {
 		return nil, err
 	}
 
-	s.eventLogger.LogVolumeEvent(v.Name(), "create", map[string]string{"driver": v.DriverName()})
 	apiV := volumeToAPIType(v)
 	return &apiV, nil
 }
 
-// Get gets a volume
+// Get returns details about a volume
 func (s *VolumesService) Get(ctx context.Context, name string, getOpts ...opts.GetOption) (*types.Volume, error) {
 	v, err := s.vs.Get(ctx, name, getOpts...)
 	if err != nil {
@@ -88,6 +99,14 @@ func (s *VolumesService) Get(ctx context.Context, name string, getOpts ...opts.G
 }
 
 // Mount mounts the volume
+// Callers should specify a uniqe reference for each Mount/Unmount pair.
+//
+// Example:
+// ```go
+// mountID := "randomString"
+// s.Mount(ctx, vol, mountID)
+// s.Unmount(ctx, vol, mountID)
+// ```
 func (s *VolumesService) Mount(ctx context.Context, vol *types.Volume, ref string) (string, error) {
 	v, err := s.vs.Get(ctx, vol.Name, opts.WithGetDriver(vol.Driver))
 	if err != nil {
@@ -101,6 +120,10 @@ func (s *VolumesService) Mount(ctx context.Context, vol *types.Volume, ref strin
 
 // Unmount unmounts the volume.
 // Note that depending on the implementation, the volume may still be mounted due to other resources using it.
+//
+// The reference specified here should be the same reference specified during `Mount` and should be
+// unique for each mount/unmount pair.
+// See `Mount` documentation for an example.
 func (s *VolumesService) Unmount(ctx context.Context, vol *types.Volume, ref string) error {
 	v, err := s.vs.Get(ctx, vol.Name, opts.WithGetDriver(vol.Driver))
 	if err != nil {
@@ -118,6 +141,7 @@ func (s *VolumesService) Release(ctx context.Context, name string, ref string) e
 }
 
 // Remove removes a volume
+// An error is returned if the volume is still referenced.
 func (s *VolumesService) Remove(ctx context.Context, name string, rmOpts ...opts.RemoveOption) error {
 	var cfg opts.RemoveConfig
 	for _, o := range rmOpts {
@@ -140,10 +164,6 @@ func (s *VolumesService) Remove(ctx context.Context, name string, rmOpts ...opts
 	} else if IsNotExist(err) && cfg.PurgeOnError {
 		err = nil
 	}
-
-	if err == nil {
-		s.eventLogger.LogVolumeEvent(v.Name(), "destroy", map[string]string{"driver": v.DriverName()})
-	}
 	return err
 }
 
@@ -164,14 +184,25 @@ var acceptedListFilters = map[string]bool{
 // volumes with mount options are not really local even if they are using the
 // local driver.
 func (s *VolumesService) LocalVolumesSize(ctx context.Context) ([]*types.Volume, error) {
-	ls, _, err := s.vs.Find(ctx, And(ByDriver(volume.DefaultDriverName), CustomFilter(func(v volume.Volume) bool {
-		dv, ok := v.(volume.DetailedVolume)
-		return ok && len(dv.Options()) == 0
-	})))
-	if err != nil {
-		return nil, err
+	ch := s.usage.DoChan("LocalVolumesSize", func() (interface{}, error) {
+		ls, _, err := s.vs.Find(ctx, And(ByDriver(volume.DefaultDriverName), CustomFilter(func(v volume.Volume) bool {
+			dv, ok := v.(volume.DetailedVolume)
+			return ok && len(dv.Options()) == 0
+		})))
+		if err != nil {
+			return nil, err
+		}
+		return s.volumesToAPI(ctx, ls, calcSize(true)), nil
+	})
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case res := <-ch:
+		if res.Err != nil {
+			return nil, res.Err
+		}
+		return res.Val.([]*types.Volume), nil
 	}
-	return s.volumesToAPI(ctx, ls, calcSize(true)), nil
 }
 
 // Prune removes (local) volumes which match the past in filter arguments.
@@ -218,6 +249,9 @@ func (s *VolumesService) Prune(ctx context.Context, filter filters.Args) (*types
 		rep.SpaceReclaimed += uint64(vSize)
 		rep.VolumesDeleted = append(rep.VolumesDeleted, v.Name())
 	}
+	s.eventLogger.LogVolumeEvent("", "prune", map[string]string{
+		"reclaimed": strconv.FormatInt(int64(rep.SpaceReclaimed), 10),
+	})
 	return rep, nil
 }
 
diff --git a/volume/service/service_linux_test.go b/volume/service/service_linux_test.go
index e009cd1325cba..d29aabe856dc7 100644
--- a/volume/service/service_linux_test.go
+++ b/volume/service/service_linux_test.go
@@ -2,7 +2,6 @@ package service
 
 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -13,20 +12,20 @@ import (
 	"github.com/docker/docker/volume/local"
 	"github.com/docker/docker/volume/service/opts"
 	"github.com/docker/docker/volume/testutils"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestLocalVolumeSize(t *testing.T) {
 	t.Parallel()
 
 	ds := volumedrivers.NewStore(nil)
-	dir, err := ioutil.TempDir("", t.Name())
-	assert.Assert(t, err)
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
 
 	l, err := local.New(dir, idtools.Identity{UID: os.Getuid(), GID: os.Getegid()})
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, ds.Register(l, volume.DefaultDriverName))
 	assert.Assert(t, ds.Register(testutils.NewFakeDriver("fake"), "fake"))
 
@@ -35,20 +34,20 @@ func TestLocalVolumeSize(t *testing.T) {
 
 	ctx := context.Background()
 	v1, err := service.Create(ctx, "test1", volume.DefaultDriverName, opts.WithCreateReference("foo"))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	v2, err := service.Create(ctx, "test2", volume.DefaultDriverName)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	_, err = service.Create(ctx, "test3", "fake")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	data := make([]byte, 1024)
-	err = ioutil.WriteFile(filepath.Join(v1.Mountpoint, "data"), data, 0644)
-	assert.Assert(t, err)
-	err = ioutil.WriteFile(filepath.Join(v2.Mountpoint, "data"), data[:1], 0644)
-	assert.Assert(t, err)
+	err = os.WriteFile(filepath.Join(v1.Mountpoint, "data"), data, 0644)
+	assert.NilError(t, err)
+	err = os.WriteFile(filepath.Join(v2.Mountpoint, "data"), data[:1], 0644)
+	assert.NilError(t, err)
 
 	ls, err := service.LocalVolumesSize(ctx)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(ls, 2))
 
 	for _, v := range ls {
diff --git a/volume/service/service_test.go b/volume/service/service_test.go
index 870d19f8a0abe..289315d090206 100644
--- a/volume/service/service_test.go
+++ b/volume/service/service_test.go
@@ -2,7 +2,6 @@ package service
 
 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"testing"
 
@@ -12,8 +11,8 @@ import (
 	volumedrivers "github.com/docker/docker/volume/drivers"
 	"github.com/docker/docker/volume/service/opts"
 	"github.com/docker/docker/volume/testutils"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestServiceCreate(t *testing.T) {
@@ -31,10 +30,10 @@ func TestServiceCreate(t *testing.T) {
 	assert.Assert(t, errdefs.IsNotFound(err), err)
 
 	v, err := service.Create(ctx, "v1", "d1")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	vCopy, err := service.Create(ctx, "v1", "d1")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.DeepEqual(v, vCopy))
 
 	_, err = service.Create(ctx, "v1", "d2")
@@ -43,9 +42,9 @@ func TestServiceCreate(t *testing.T) {
 
 	assert.Assert(t, service.Remove(ctx, "v1"))
 	_, err = service.Create(ctx, "v1", "d2")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	_, err = service.Create(ctx, "v1", "d2")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 }
 
@@ -62,45 +61,45 @@ func TestServiceList(t *testing.T) {
 	ctx := context.Background()
 
 	_, err := service.Create(ctx, "v1", "d1")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	_, err = service.Create(ctx, "v2", "d1")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	_, err = service.Create(ctx, "v3", "d2")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	ls, _, err := service.List(ctx, filters.NewArgs(filters.Arg("driver", "d1")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 2))
 
 	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("driver", "d2")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 1))
 
 	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("driver", "notexist")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 0))
 
 	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "true")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 3))
 	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "false")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 0))
 
 	_, err = service.Get(ctx, "v1", opts.WithGetReference("foo"))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "true")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 2))
 	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "false")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 1))
 
 	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "false"), filters.Arg("driver", "d2")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 0))
 	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "true"), filters.Arg("driver", "d2")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Check(t, is.Len(ls, 1))
 }
 
@@ -115,7 +114,7 @@ func TestServiceRemove(t *testing.T) {
 	ctx := context.Background()
 
 	_, err := service.Create(ctx, "test", "d1")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	assert.Assert(t, service.Remove(ctx, "test"))
 	assert.Assert(t, service.Remove(ctx, "test", opts.WithPurgeOnError(true)))
@@ -136,25 +135,25 @@ func TestServiceGet(t *testing.T) {
 	assert.Check(t, v == nil)
 
 	created, err := service.Create(ctx, "test", "d1")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, created != nil)
 
 	v, err = service.Get(ctx, "test")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.DeepEqual(created, v))
 
 	v, err = service.Get(ctx, "test", opts.WithGetResolveStatus)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(v.Status, 1), v.Status)
 
-	v, err = service.Get(ctx, "test", opts.WithGetDriver("notarealdriver"))
+	_, err = service.Get(ctx, "test", opts.WithGetDriver("notarealdriver"))
 	assert.Assert(t, errdefs.IsConflict(err), err)
 	v, err = service.Get(ctx, "test", opts.WithGetDriver("d1"))
 	assert.Assert(t, err == nil)
 	assert.Assert(t, is.DeepEqual(created, v))
 
 	assert.Assert(t, ds.Register(testutils.NewFakeDriver("d2"), "d2"))
-	v, err = service.Get(ctx, "test", opts.WithGetDriver("d2"))
+	_, err = service.Get(ctx, "test", opts.WithGetDriver("d2"))
 	assert.Assert(t, errdefs.IsConflict(err), err)
 }
 
@@ -170,16 +169,16 @@ func TestServicePrune(t *testing.T) {
 	ctx := context.Background()
 
 	_, err := service.Create(ctx, "test", volume.DefaultDriverName)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	_, err = service.Create(ctx, "test2", "other")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	pr, err := service.Prune(ctx, filters.NewArgs(filters.Arg("label", "banana")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(pr.VolumesDeleted, 0))
 
 	pr, err = service.Prune(ctx, filters.NewArgs())
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
 	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test"))
 
@@ -187,48 +186,48 @@ func TestServicePrune(t *testing.T) {
 	assert.Assert(t, IsNotExist(err), err)
 
 	v, err := service.Get(ctx, "test2")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Equal(v.Driver, "other"))
 
 	_, err = service.Create(ctx, "test", volume.DefaultDriverName)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	pr, err = service.Prune(ctx, filters.NewArgs(filters.Arg("label!", "banana")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
 	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test"))
 	v, err = service.Get(ctx, "test2")
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Equal(v.Driver, "other"))
 
 	_, err = service.Create(ctx, "test", volume.DefaultDriverName, opts.WithCreateLabels(map[string]string{"banana": ""}))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	pr, err = service.Prune(ctx, filters.NewArgs(filters.Arg("label!", "banana")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(pr.VolumesDeleted, 0))
 
 	_, err = service.Create(ctx, "test3", volume.DefaultDriverName, opts.WithCreateLabels(map[string]string{"banana": "split"}))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	pr, err = service.Prune(ctx, filters.NewArgs(filters.Arg("label!", "banana=split")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
 	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test"))
 
 	pr, err = service.Prune(ctx, filters.NewArgs(filters.Arg("label", "banana=split")))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
 	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test3"))
 
 	v, err = service.Create(ctx, "test", volume.DefaultDriverName, opts.WithCreateReference(t.Name()))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 
 	pr, err = service.Prune(ctx, filters.NewArgs())
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(pr.VolumesDeleted, 0))
 	assert.Assert(t, service.Release(ctx, v.Name, t.Name()))
 
 	pr, err = service.Prune(ctx, filters.NewArgs())
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
 	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test"))
 }
@@ -236,11 +235,11 @@ func TestServicePrune(t *testing.T) {
 func newTestService(t *testing.T, ds *volumedrivers.Store) (*VolumesService, func()) {
 	t.Helper()
 
-	dir, err := ioutil.TempDir("", t.Name())
-	assert.Assert(t, err)
+	dir, err := os.MkdirTemp("", t.Name())
+	assert.NilError(t, err)
 
 	store, err := NewStore(dir, ds)
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	s := &VolumesService{vs: store, eventLogger: dummyEventLogger{}}
 	return s, func() {
 		assert.Check(t, s.Shutdown())
diff --git a/volume/service/store.go b/volume/service/store.go
index 69a6c7bec98df..04e7792ef2120 100644
--- a/volume/service/store.go
+++ b/volume/service/store.go
@@ -6,18 +6,16 @@ import (
 	"net"
 	"os"
 	"path/filepath"
-	"runtime"
 	"sync"
 	"time"
 
-	"github.com/pkg/errors"
-
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/volume"
 	"github.com/docker/docker/volume/drivers"
 	volumemounts "github.com/docker/docker/volume/mounts"
 	"github.com/docker/docker/volume/service/opts"
+	"github.com/moby/locker"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	bolt "go.etcd.io/bbolt"
 )
@@ -69,8 +67,11 @@ func (v volumeWrapper) CachedPath() string {
 	return v.Volume.Path()
 }
 
+// StoreOpt sets options for a VolumeStore
+type StoreOpt func(store *VolumeStore) error
+
 // NewStore creates a new volume store at the given path
-func NewStore(rootPath string, drivers *drivers.Store) (*VolumeStore, error) {
+func NewStore(rootPath string, drivers *drivers.Store, opts ...StoreOpt) (*VolumeStore, error) {
 	vs := &VolumeStore{
 		locks:   &locker.Locker{},
 		names:   make(map[string]volume.Volume),
@@ -80,6 +81,12 @@ func NewStore(rootPath string, drivers *drivers.Store) (*VolumeStore, error) {
 		drivers: drivers,
 	}
 
+	for _, o := range opts {
+		if err := o(vs); err != nil {
+			return nil, err
+		}
+	}
+
 	if rootPath != "" {
 		// initialize metadata store
 		volPath := filepath.Join(rootPath, volumeDataDir)
@@ -109,6 +116,14 @@ func NewStore(rootPath string, drivers *drivers.Store) (*VolumeStore, error) {
 	return vs, nil
 }
 
+// WithEventLogger configures the VolumeStore with the given VolumeEventLogger
+func WithEventLogger(logger VolumeEventLogger) StoreOpt {
+	return func(store *VolumeStore) error {
+		store.eventLogger = logger
+		return nil
+	}
+}
+
 func (s *VolumeStore) getNamed(name string) (volume.Volume, bool) {
 	s.globalLock.RLock()
 	v, exists := s.names[name]
@@ -182,7 +197,7 @@ func (s *VolumeStore) purge(ctx context.Context, name string) error {
 	return nil
 }
 
-// VolumeStore is a struct that stores the list of volumes available and keeps track of their usage counts
+// VolumeStore is responsible for storing and reference counting volumes.
 type VolumeStore struct {
 	// locks ensures that only one action is being performed on a particular volume at a time without locking the entire store
 	// since actions on volumes can be quite slow, this ensures the store is free to handle requests for other volumes.
@@ -199,7 +214,9 @@ type VolumeStore struct {
 	labels map[string]map[string]string
 	// options stores volume options for each volume
 	options map[string]map[string]string
-	db      *bolt.DB
+
+	db          *bolt.DB
+	eventLogger VolumeEventLogger
 }
 
 func filterByDriver(names []string) filterFunc {
@@ -465,7 +482,7 @@ func (s *VolumeStore) Create(ctx context.Context, name, driverName string, creat
 	default:
 	}
 
-	v, err := s.create(ctx, name, driverName, cfg.Options, cfg.Labels)
+	v, created, err := s.create(ctx, name, driverName, cfg.Options, cfg.Labels)
 	if err != nil {
 		if _, ok := err.(*OpErr); ok {
 			return nil, err
@@ -473,6 +490,9 @@ func (s *VolumeStore) Create(ctx context.Context, name, driverName string, creat
 		return nil, &OpErr{Err: err, Name: name, Op: "create"}
 	}
 
+	if created && s.eventLogger != nil {
+		s.eventLogger.LogVolumeEvent(v.Name(), "create", map[string]string{"driver": v.DriverName()})
+	}
 	s.setNamed(v, cfg.Reference)
 	return v, nil
 }
@@ -553,27 +573,26 @@ func volumeExists(ctx context.Context, store *drivers.Store, v volume.Volume) (b
 //  for the given volume name, an error is returned after checking if the reference is stale.
 // If the reference is stale, it will be purged and this create can continue.
 // It is expected that callers of this function hold any necessary locks.
-func (s *VolumeStore) create(ctx context.Context, name, driverName string, opts, labels map[string]string) (volume.Volume, error) {
+func (s *VolumeStore) create(ctx context.Context, name, driverName string, opts, labels map[string]string) (volume.Volume, bool, error) {
 	// Validate the name in a platform-specific manner
 
 	// volume name validation is specific to the host os and not on container image
-	// windows/lcow should have an equivalent volumename validation logic so we create a parser for current host OS
-	parser := volumemounts.NewParser(runtime.GOOS)
+	parser := volumemounts.NewParser()
 	err := parser.ValidateVolumeName(name)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 
 	v, err := s.checkConflict(ctx, name, driverName)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 
 	if v != nil {
 		// there is an existing volume, if we already have this stored locally, return it.
 		// TODO: there could be some inconsistent details such as labels here
 		if vv, _ := s.getNamed(v.Name()); vv != nil {
-			return vv, nil
+			return vv, false, nil
 		}
 	}
 
@@ -581,7 +600,7 @@ func (s *VolumeStore) create(ctx context.Context, name, driverName string, opts,
 	if driverName == "" {
 		v, _ = s.getVolume(ctx, name, "")
 		if v != nil {
-			return v, nil
+			return v, false, nil
 		}
 	}
 
@@ -590,7 +609,7 @@ func (s *VolumeStore) create(ctx context.Context, name, driverName string, opts,
 	}
 	vd, err := s.drivers.CreateDriver(driverName)
 	if err != nil {
-		return nil, &OpErr{Op: "create", Name: name, Err: err}
+		return nil, false, &OpErr{Op: "create", Name: name, Err: err}
 	}
 
 	logrus.Debugf("Registering new volume reference: driver %q, name %q", vd.Name(), name)
@@ -600,7 +619,7 @@ func (s *VolumeStore) create(ctx context.Context, name, driverName string, opts,
 			if _, err := s.drivers.ReleaseDriver(driverName); err != nil {
 				logrus.WithError(err).WithField("driver", driverName).Error("Error releasing reference to volume driver")
 			}
-			return nil, err
+			return nil, false, err
 		}
 	}
 
@@ -618,9 +637,9 @@ func (s *VolumeStore) create(ctx context.Context, name, driverName string, opts,
 	}
 
 	if err := s.setMeta(name, metadata); err != nil {
-		return nil, err
+		return nil, true, err
 	}
-	return volumeWrapper{v, labels, vd.Scope(), opts}, nil
+	return volumeWrapper{v, labels, vd.Scope(), opts}, true, nil
 }
 
 // Get looks if a volume with the given name exists and returns it if so
@@ -743,8 +762,8 @@ func lookupVolume(ctx context.Context, store *drivers.Store, driverName, volumeN
 	}
 	v, err := vd.Get(volumeName)
 	if err != nil {
-		err = errors.Cause(err)
-		if _, ok := err.(net.Error); ok {
+		var nErr net.Error
+		if errors.As(err, &nErr) {
 			if v != nil {
 				volumeName = v.Name()
 				driverName = v.DriverName()
@@ -803,6 +822,9 @@ func (s *VolumeStore) Remove(ctx context.Context, v volume.Volume, rmOpts ...opt
 			err = e
 		}
 	}
+	if err == nil && s.eventLogger != nil {
+		s.eventLogger.LogVolumeEvent(v.Name(), "destroy", map[string]string{"driver": v.DriverName()})
+	}
 	return err
 }
 
diff --git a/volume/service/store_test.go b/volume/service/store_test.go
index 53345f318bb51..97c521717d77c 100644
--- a/volume/service/store_test.go
+++ b/volume/service/store_test.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"strings"
@@ -15,8 +14,8 @@ import (
 	"github.com/docker/docker/volume/service/opts"
 	volumetestutils "github.com/docker/docker/volume/testutils"
 	"github.com/google/go-cmp/cmp"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestCreate(t *testing.T) {
@@ -87,7 +86,7 @@ func TestRemove(t *testing.T) {
 func TestList(t *testing.T) {
 	t.Parallel()
 
-	dir, err := ioutil.TempDir("", "test-list")
+	dir, err := os.MkdirTemp("", "test-list")
 	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
 
@@ -179,12 +178,12 @@ func TestFindByReferenced(t *testing.T) {
 	}
 
 	dangling, _, err := s.Find(ctx, ByReferenced(false))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, len(dangling) == 1)
 	assert.Check(t, dangling[0].Name() == "fake2")
 
 	used, _, err := s.Find(ctx, ByReferenced(true))
-	assert.Assert(t, err)
+	assert.NilError(t, err)
 	assert.Assert(t, len(used) == 1)
 	assert.Check(t, used[0].Name() == "fake1")
 }
@@ -369,7 +368,7 @@ func setupTest(t *testing.T) (*VolumeStore, func()) {
 	t.Helper()
 
 	dirName := strings.Replace(t.Name(), string(os.PathSeparator), "_", -1)
-	dir, err := ioutil.TempDir("", dirName)
+	dir, err := os.MkdirTemp("", dirName)
 	assert.NilError(t, err)
 
 	cleanup := func() {
diff --git a/volume/service/store_unix.go b/volume/service/store_unix.go
index 4ccc4b999914f..75a7a61809ce9 100644
--- a/volume/service/store_unix.go
+++ b/volume/service/store_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || freebsd || darwin
 // +build linux freebsd darwin
 
 package service // import "github.com/docker/docker/volume/service"